From c1e2e57dd99549bde421214c35ce01dd55105a38 Mon Sep 17 00:00:00 2001
From: jiaoqingbo <1178404354@qq.com>
Date: Fri, 3 Feb 2023 05:41:22 +0000
Subject: [PATCH 001/760] [KYUUBI #4222] Use hiveTableCatalog to
 updateTableStats instead of sessionCatalog

fix #4222

- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4237 from jiaoqingbo/kyuubi4222.

Closes #4237

7677d69f [jiaoqingbo] code review
538d436a [jiaoqingbo] [Kyuubi #4222] Use hiveTableCatalog to updateTableStats instead of sessionCatalog

Authored-by: jiaoqingbo <1178404354@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../connector/hive/write/HiveBatchWrite.scala | 22 +++++++++++++++----
 .../connector/hive/write/HiveWrite.scala      |  2 ++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
index ba89ec715..c4e473ff2 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
@@ -33,11 +33,13 @@ import org.apache.spark.sql.execution.datasources.v2.FileBatchWrite
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hive, toSQLValue, HiveExternalCatalog}
 import org.apache.spark.sql.types.StringType
 
-import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorException
+import org.apache.kyuubi.spark.connector.hive.{HiveTableCatalog, KyuubiHiveConnectorException}
 import org.apache.kyuubi.spark.connector.hive.write.HiveWriteHelper.getPartitionSpec
 
 class HiveBatchWrite(
+    sparkSession: SparkSession,
     table: CatalogTable,
+    hiveTableCatalog: HiveTableCatalog,
     tmpLocation: Option[Path],
     partition: Map[String, Option[String]],
     partitionColumnNames: Seq[String],
@@ -66,10 +68,22 @@ class HiveBatchWrite(
       deleteExternalTmpPath(hadoopConf)
     }
 
-    val sparkSession = SparkSession.active
     // un-cache this table.
-    CommandUtils.uncacheTableOrView(sparkSession, table.identifier.quotedString)
-    CommandUtils.updateTableStats(sparkSession, table)
+    hiveTableCatalog.catalog.invalidateCachedTable(table.identifier)
+
+    val catalog = hiveTableCatalog.catalog
+    if (sparkSession.sessionState.conf.autoSizeUpdateEnabled) {
+      val newTable = catalog.getTableMetadata(table.identifier)
+      val newSize = CommandUtils.calculateTotalSize(sparkSession, newTable)
+      val newStats = CatalogStatistics(sizeInBytes = newSize)
+      catalog.alterTableStats(table.identifier, Some(newStats))
+    } else if (table.stats.nonEmpty) {
+      catalog.alterTableStats(table.identifier, None)
+    } else {
+      // In other cases, we still need to invalidate the table relation cache.
+      catalog.refreshTable(table.identifier)
+    }
+
   }
 
   override def abort(messages: Array[WriterCommitMessage]): Unit = {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
index 50ab2b5ed..486a7aa22 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
@@ -102,7 +102,9 @@ case class HiveWrite(
     committer.setupJob(job)
 
     new HiveBatchWrite(
+      sparkSession,
       table,
+      hiveTableCatalog,
       Some(tmpLocation),
       partition,
       partitionColumnNames,

From eb1b11cd171fd4475cd2168e1d2d573232e16bd9 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 3 Feb 2023 05:48:02 +0000
Subject: [PATCH 002/760] [KYUUBI #4152] Enhance LDAP authentication

### _Why are the changes needed?_

This PR proposes to enhance the LDAP support, which mainly referring the code introduced in HIVE-14713.

Currently, Kyuubi has very limited LDAP support, and the implementation is from the early Hive codebase. Hive enhanced the LDAP support in later versions, considering the Hive ecosystem is quite mature, I think we'd better to porting this functionality and keep the same behavior w/ Hive first, and we can improve it if meet certain requirements/issues in the future.

Basically, this PR introduces the following configurations

```
kyuubi.authentication.ldap.url (since 1.0.0)
kyuubi.authentication.ldap.domain (since 1.0.0)
kyuubi.authentication.ldap.guidKey (since 1.2.0)
kyuubi.authentication.ldap.base.dn (since 1.0.0 deprecated)
kyuubi.authentication.ldap.baseDN
kyuubi.authentication.ldap.groupMembershipKey
kyuubi.authentication.ldap.userMembershipKey
kyuubi.authentication.ldap.groupClassKey
kyuubi.authentication.ldap.groupDNPattern
kyuubi.authentication.ldap.userDNPattern
kyuubi.authentication.ldap.groupFilter
kyuubi.authentication.ldap.userFilter
kyuubi.authentication.ldap.customLDAPQuery
kyuubi.authentication.ldap.binddn
kyuubi.authentication.ldap.bindpw
```

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

This PR ports all LDAP-related UT&IT from Hive codebase

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4152 from pan3793/ldap.

Closes #4152

d251c959 [Cheng Pan] nit
6d14f44b [Cheng Pan] nit
6b3d116c [Cheng Pan] nit
ab47d822 [Cheng Pan] nit
a56e8702 [Cheng Pan] nit
4624619a [Cheng Pan] nit
b82c0c05 [Cheng Pan] LDAP test password uses alphanumeric
86a01cca [Cheng Pan] Enhance LDAP authentication

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .gitignore                                    |   7 +-
 LICENSE-binary                                |   2 +
 dev/dependencyList                            |   2 +
 docs/deployment/settings.md                   |  38 +-
 kyuubi-common/pom.xml                         |  11 +
 .../scala/org/apache/kyuubi/Logging.scala     |  12 +
 .../org/apache/kyuubi/config/KyuubiConf.scala | 108 +++-
 .../apache/kyuubi/service/ServiceUtils.scala  |  24 +
 .../LdapAuthenticationProviderImpl.scala      |  99 ++--
 .../ldap/ChainFilterFactory.scala             |  44 ++
 .../ldap/CustomQueryFilterFactory.scala       |  77 +++
 .../authentication/ldap/DirSearch.scala       |  73 +++
 .../ldap/DirSearchFactory.scala               |  39 ++
 .../service/authentication/ldap/Filter.scala  |  37 ++
 .../authentication/ldap/FilterFactory.scala   |  34 ++
 .../ldap/GroupFilterFactory.scala             | 108 ++++
 .../authentication/ldap/LdapSearch.scala      | 126 +++++
 .../ldap/LdapSearchFactory.scala              |  56 ++
 .../authentication/ldap/LdapUtils.scala       | 199 +++++++
 .../service/authentication/ldap/Query.scala   | 136 +++++
 .../authentication/ldap/QueryFactory.scala    | 145 ++++++
 .../ldap/SearchResultHandler.scala            | 148 ++++++
 .../ldap/UserFilterFactory.scala              |  46 ++
 .../ldap/UserSearchFilterFactory.scala        |  53 ++
 .../test/resources/ldap/ad.example.com.ldif   | 150 ++++++
 .../src/test/resources/ldap/example.com.ldif  | 113 ++++
 .../test/resources/ldap/microsoft.schema.ldif |  62 +++
 .../authentication/LdapAtnProviderSuite.scala | 493 ++++++++++++++++++
 .../LdapAuthenticationProviderImplSuite.scala | 368 +++++++++++--
 .../authentication/WithLdapServer.scala       |  24 +-
 .../ldap/ChainFilterSuite.scala               |  88 ++++
 .../ldap/CustomQueryFilterSuite.scala         |  69 +++
 .../ldap/GroupFilterSuite.scala               | 161 ++++++
 .../ldap/LdapAuthenticationTestCase.scala     | 117 +++++
 .../authentication/ldap/LdapSearchSuite.scala | 298 +++++++++++
 .../authentication/ldap/LdapTestUtils.scala   | 116 +++++
 .../authentication/ldap/LdapUtilsSuite.scala  |  88 ++++
 .../ldap/QueryFactorySuite.scala              |  97 ++++
 .../authentication/ldap/QuerySuite.scala      |  54 ++
 .../ldap/SearchResultHandlerSuite.scala       | 203 ++++++++
 .../authentication/ldap/UserFilterSuite.scala |  60 +++
 .../ldap/UserSearchFilterSuite.scala          |  79 +++
 .../apache/kyuubi/RestClientTestHelper.scala  |   2 +-
 ...biOperationKerberosAndPlainAuthSuite.scala |   5 +-
 ...nThriftHttpKerberosAndPlainAuthSuite.scala |   2 +-
 licenses-binary/LICENSE-antlr.txt             |   8 +
 licenses-binary/LICENSE-antlr4.txt            |  26 +
 pom.xml                                       |   6 +
 48 files changed, 4209 insertions(+), 104 deletions(-)
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearch.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearchFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Filter.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/FilterFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearch.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Query.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandler.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterFactory.scala
 create mode 100644 kyuubi-common/src/test/resources/ldap/ad.example.com.ldif
 create mode 100644 kyuubi-common/src/test/resources/ldap/example.com.ldif
 create mode 100644 kyuubi-common/src/test/resources/ldap/microsoft.schema.ldif
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAtnProviderSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapTestUtils.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtilsSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactorySuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QuerySuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandlerSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterSuite.scala
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterSuite.scala
 create mode 100644 licenses-binary/LICENSE-antlr.txt
 create mode 100644 licenses-binary/LICENSE-antlr4.txt

diff --git a/.gitignore b/.gitignore
index d2c1ba3b7..bbdd246c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,11 +32,7 @@
 .ensime_lucene
 .generated-mima*
 .vscode/
-# The star is required for further !/.idea/ to work, see https://git-scm.com/docs/gitignore
-/.idea/*
-# Icon for JetBrains Toolbox
-!/.idea/icon.png
-!/.idea/vcs.xml
+.idea/
 .idea_modules/
 .project
 .pydevproject
@@ -59,7 +55,6 @@ hs_err_pid*
 spark-warehouse/
 metastore_db
 derby.log
-ldap
 **/dependency-reduced-pom.xml
 metrics/report.json
 metrics/.report.json.crc
diff --git a/LICENSE-binary b/LICENSE-binary
index 017dd53f8..92daf62ab 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -322,7 +322,9 @@ org.apache.zookeeper:zookeeper
 
 BSD
 ------------
+org.antlr:antlr-runtime
 org.antlr:antlr4-runtime
+org.antlr:ST4
 jline:jline
 com.thoughtworks.paranamer:paranamer
 dk.brics.automaton:automaton
diff --git a/dev/dependencyList b/dev/dependencyList
index 9b8064e42..10933b9fa 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -16,8 +16,10 @@
 #
 
 HikariCP/4.0.3//HikariCP-4.0.3.jar
+ST4/4.3.4//ST4-4.3.4.jar
 animal-sniffer-annotations/1.21//animal-sniffer-annotations-1.21.jar
 annotations/4.1.1.4//annotations-4.1.1.4.jar
+antlr-runtime/3.5.3//antlr-runtime-3.5.3.jar
 antlr4-runtime/4.9.3//antlr4-runtime-4.9.3.jar
 aopalliance-repackaged/2.6.1//aopalliance-repackaged-2.6.1.jar
 automaton/1.11-8//automaton-1.11-8.jar
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index f8beaa83b..26147ff8a 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -132,20 +132,30 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Authentication
 
-|                   Key                   |      Default      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  Type  | Since |
-|-----------------------------------------|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------|
-| kyuubi.authentication                   | NONE              | A comma-separated list of client authentication types.<ul> <li>NOSASL: raw transport.</li> <li>NONE: no authentication check.</li> <li>KERBEROS: Kerberos/GSSAPI authentication.</li> <li>CUSTOM: User-defined authentication.</li> <li>JDBC: JDBC query authentication.</li> <li>LDAP: Lightweight Directory Access Protocol authentication.</li></ul>The following tree describes the catalog of each option.<ul>  <li><code>NOSASL</code></li>  <li>SASL    <ul>      <li>SASL/PLAIN</li>        <ul>          <li><code>NONE</code></li>          <li><code>LDAP</code></li>          <li><code>JDBC</code></li>          <li><code>CUSTOM</code></li>        </ul>      <li>SASL/GSSAPI        <ul>          <li><code>KERBEROS</code></li>        </ul>      </li>    </ul>  </li></ul> Note that: for SASL authentication, KERBEROS and PLAIN auth types are supported at the same time, and only the first specified PLAIN auth type is valid. | seq    | 1.0.0 |
-| kyuubi.authentication.custom.class      | &lt;undefined&gt; | User-defined authentication implementation of org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.3.0 |
-| kyuubi.authentication.jdbc.driver.class | &lt;undefined&gt; | Driver class name for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.6.0 |
-| kyuubi.authentication.jdbc.password     | &lt;undefined&gt; | Database password for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.6.0 |
-| kyuubi.authentication.jdbc.query        | &lt;undefined&gt; | Query SQL template with placeholders for JDBC Authentication Provider to execute. Authentication passes if the result set is not empty.The SQL statement must start with the `SELECT` clause. Available placeholders are `${user}` and `${password}`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string | 1.6.0 |
-| kyuubi.authentication.jdbc.url          | &lt;undefined&gt; | JDBC URL for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string | 1.6.0 |
-| kyuubi.authentication.jdbc.user         | &lt;undefined&gt; | Database user for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string | 1.6.0 |
-| kyuubi.authentication.ldap.base.dn      | &lt;undefined&gt; | LDAP base DN.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string | 1.0.0 |
-| kyuubi.authentication.ldap.domain       | &lt;undefined&gt; | LDAP domain.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string | 1.0.0 |
-| kyuubi.authentication.ldap.guidKey      | uid               | LDAP attribute name whose values are unique in this LDAP server.For example:uid or cn.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string | 1.2.0 |
-| kyuubi.authentication.ldap.url          | &lt;undefined&gt; | SPACE character separated LDAP connection URL(s).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string | 1.0.0 |
-| kyuubi.authentication.sasl.qop          | auth              | Sasl QOP enable higher levels of protection for Kyuubi communication with clients.<ul> <li>auth - authentication only (default)</li> <li>auth-int - authentication plus integrity protection</li> <li>auth-conf - authentication plus integrity and confidentiality protection. This is applicable only if Kyuubi is configured to use Kerberos authentication.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string | 1.0.0 |
+|                      Key                      |      Default      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  Type  | Since |
+|-----------------------------------------------|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------|
+| kyuubi.authentication                         | NONE              | A comma-separated list of client authentication types.<ul> <li>NOSASL: raw transport.</li> <li>NONE: no authentication check.</li> <li>KERBEROS: Kerberos/GSSAPI authentication.</li> <li>CUSTOM: User-defined authentication.</li> <li>JDBC: JDBC query authentication.</li> <li>LDAP: Lightweight Directory Access Protocol authentication.</li></ul>The following tree describes the catalog of each option.<ul>  <li><code>NOSASL</code></li>  <li>SASL    <ul>      <li>SASL/PLAIN</li>        <ul>          <li><code>NONE</code></li>          <li><code>LDAP</code></li>          <li><code>JDBC</code></li>          <li><code>CUSTOM</code></li>        </ul>      <li>SASL/GSSAPI        <ul>          <li><code>KERBEROS</code></li>        </ul>      </li>    </ul>  </li></ul> Note that: for SASL authentication, KERBEROS and PLAIN auth types are supported at the same time, and only the first specified PLAIN auth type is valid. | seq    | 1.0.0 |
+| kyuubi.authentication.custom.class            | &lt;undefined&gt; | User-defined authentication implementation of org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.3.0 |
+| kyuubi.authentication.jdbc.driver.class       | &lt;undefined&gt; | Driver class name for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.6.0 |
+| kyuubi.authentication.jdbc.password           | &lt;undefined&gt; | Database password for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.6.0 |
+| kyuubi.authentication.jdbc.query              | &lt;undefined&gt; | Query SQL template with placeholders for JDBC Authentication Provider to execute. Authentication passes if the result set is not empty.The SQL statement must start with the `SELECT` clause. Available placeholders are `${user}` and `${password}`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string | 1.6.0 |
+| kyuubi.authentication.jdbc.url                | &lt;undefined&gt; | JDBC URL for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string | 1.6.0 |
+| kyuubi.authentication.jdbc.user               | &lt;undefined&gt; | Database user for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string | 1.6.0 |
+| kyuubi.authentication.ldap.baseDN             | &lt;undefined&gt; | LDAP base DN.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string | 1.7.0 |
+| kyuubi.authentication.ldap.binddn             | &lt;undefined&gt; | The user with which to bind to the LDAP server, and search for the full domain name of the user being authenticated. This should be the full domain name of the user, and should have search access across all users in the LDAP tree. If not specified, then the user being authenticated will be used as the bind user. For example: CN=bindUser,CN=Users,DC=subdomain,DC=domain,DC=com                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string | 1.7.0 |
+| kyuubi.authentication.ldap.bindpw             | &lt;undefined&gt; | The password for the bind user, to be used to search for the full name of the user being authenticated. If the username is specified, this parameter must also be specified.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string | 1.7.0 |
+| kyuubi.authentication.ldap.customLDAPQuery    | &lt;undefined&gt; | A full LDAP query that LDAP Atn provider uses to execute against LDAP Server. If this query returns a null resultset, the LDAP Provider fails the Authentication request, succeeds if the user is part of the resultset.For example: `(&(objectClass=group)(objectClass=top)(instanceType=4)(cn=Domain*))`, `(&(objectClass=person)(|(sAMAccountName=admin)(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com))))`                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string | 1.7.0 |
+| kyuubi.authentication.ldap.domain             | &lt;undefined&gt; | LDAP domain.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string | 1.0.0 |
+| kyuubi.authentication.ldap.groupClassKey      | groupOfNames      | LDAP attribute name on the group entry that is to be used in LDAP group searches. For example: group, groupOfNames or groupOfUniqueNames.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string | 1.7.0 |
+| kyuubi.authentication.ldap.groupDNPattern     | &lt;undefined&gt; | COLON-separated list of patterns to use to find DNs for group entities in this directory. Use %s where the actual group name is to be substituted for. For example: CN=%s,CN=Groups,DC=subdomain,DC=domain,DC=com.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string | 1.7.0 |
+| kyuubi.authentication.ldap.groupFilter                           || COMMA-separated list of LDAP Group names (short name not full DNs). For example: HiveAdmins,HadoopAdmins,Administrators                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | seq    | 1.7.0 |
+| kyuubi.authentication.ldap.groupMembershipKey | member            | LDAP attribute name on the group object that contains the list of distinguished names for the user, group, and contact objects that are members of the group. For example: member, uniqueMember or memberUid                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string | 1.7.0 |
+| kyuubi.authentication.ldap.guidKey            | uid               | LDAP attribute name whose values are unique in this LDAP server. For example: uid or CN.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string | 1.2.0 |
+| kyuubi.authentication.ldap.url                | &lt;undefined&gt; | SPACE character separated LDAP connection URL(s).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string | 1.0.0 |
+| kyuubi.authentication.ldap.userDNPattern      | &lt;undefined&gt; | COLON-separated list of patterns to use to find DNs for users in this directory. Use %s where the actual group name is to be substituted for. For example: CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string | 1.7.0 |
+| kyuubi.authentication.ldap.userFilter                            || COMMA-separated list of LDAP usernames (just short names, not full DNs). For example: hiveuser,impalauser,hiveadmin,hadoopadmin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq    | 1.7.0 |
+| kyuubi.authentication.ldap.userMembershipKey  | &lt;undefined&gt; | LDAP attribute name on the user object that contains groups of which the user is a direct member, except for the primary group, which is represented by the primaryGroupId. For example: memberOf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string | 1.7.0 |
+| kyuubi.authentication.sasl.qop                | auth              | Sasl QOP enable higher levels of protection for Kyuubi communication with clients.<ul> <li>auth - authentication only (default)</li> <li>auth-int - authentication plus integrity protection</li> <li>auth-conf - authentication plus integrity and confidentiality protection. This is applicable only if Kyuubi is configured to use Kerberos authentication.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string | 1.0.0 |
 
 ### Backend
 
diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index 26cdc271d..61ae4c0e7 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -88,6 +88,11 @@
             <scope>runtime</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.antlr</groupId>
+            <artifactId>ST4</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
@@ -141,6 +146,12 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.scalatestplus</groupId>
+            <artifactId>mockito-4-6_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>failureaccess</artifactId>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
index 4944b9fcc..d70df0952 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
@@ -54,12 +54,24 @@ trait Logging {
     }
   }
 
+  def debug(message: => Any, t: Throwable): Unit = {
+    if (logger.isDebugEnabled) {
+      logger.debug(message.toString, t)
+    }
+  }
+
   def info(message: => Any): Unit = {
     if (logger.isInfoEnabled) {
       logger.info(message.toString)
     }
   }
 
+  def info(message: => Any, t: Throwable): Unit = {
+    if (logger.isInfoEnabled) {
+      logger.info(message.toString, t)
+    }
+  }
+
   def warn(message: => Any): Unit = {
     if (logger.isWarnEnabled) {
       logger.warn(message.toString)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index f9d9bcda6..e4c48218a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -783,10 +783,11 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
-  val AUTHENTICATION_LDAP_BASEDN: OptionalConfigEntry[String] =
-    buildConf("kyuubi.authentication.ldap.base.dn")
+  val AUTHENTICATION_LDAP_BASE_DN: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.baseDN")
+      .withAlternative("kyuubi.authentication.ldap.base.dn")
       .doc("LDAP base DN.")
-      .version("1.0.0")
+      .version("1.7.0")
       .stringConf
       .createOptional
 
@@ -797,14 +798,109 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
-  val AUTHENTICATION_LDAP_GUIDKEY: ConfigEntry[String] =
+  val AUTHENTICATION_LDAP_GROUP_DN_PATTERN: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.groupDNPattern")
+      .doc("COLON-separated list of patterns to use to find DNs for group entities in " +
+        "this directory. Use %s where the actual group name is to be substituted for. " +
+        "For example: CN=%s,CN=Groups,DC=subdomain,DC=domain,DC=com.")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_LDAP_USER_DN_PATTERN: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.userDNPattern")
+      .doc("COLON-separated list of patterns to use to find DNs for users in this directory. " +
+        "Use %s where the actual group name is to be substituted for. " +
+        "For example: CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com.")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_LDAP_GROUP_FILTER: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.authentication.ldap.groupFilter")
+      .doc("COMMA-separated list of LDAP Group names (short name not full DNs). " +
+        "For example: HiveAdmins,HadoopAdmins,Administrators")
+      .version("1.7.0")
+      .stringConf
+      .toSequence()
+      .createWithDefault(Nil)
+
+  val AUTHENTICATION_LDAP_USER_FILTER: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.authentication.ldap.userFilter")
+      .doc("COMMA-separated list of LDAP usernames (just short names, not full DNs). " +
+        "For example: hiveuser,impalauser,hiveadmin,hadoopadmin")
+      .version("1.7.0")
+      .stringConf
+      .toSequence()
+      .createWithDefault(Nil)
+
+  val AUTHENTICATION_LDAP_GUID_KEY: ConfigEntry[String] =
     buildConf("kyuubi.authentication.ldap.guidKey")
-      .doc("LDAP attribute name whose values are unique in this LDAP server." +
-        "For example:uid or cn.")
+      .doc("LDAP attribute name whose values are unique in this LDAP server. " +
+        "For example: uid or CN.")
       .version("1.2.0")
       .stringConf
       .createWithDefault("uid")
 
+  val AUTHENTICATION_LDAP_GROUP_MEMBERSHIP_KEY: ConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.groupMembershipKey")
+      .doc("LDAP attribute name on the group object that contains the list of distinguished " +
+        "names for the user, group, and contact objects that are members of the group. " +
+        "For example: member, uniqueMember or memberUid")
+      .version("1.7.0")
+      .stringConf
+      .createWithDefault("member")
+
+  val AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.userMembershipKey")
+      .doc("LDAP attribute name on the user object that contains groups of which the user is " +
+        "a direct member, except for the primary group, which is represented by the " +
+        "primaryGroupId. For example: memberOf")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_LDAP_GROUP_CLASS_KEY: ConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.groupClassKey")
+      .doc("LDAP attribute name on the group entry that is to be used in LDAP group searches. " +
+        "For example: group, groupOfNames or groupOfUniqueNames.")
+      .version("1.7.0")
+      .stringConf
+      .createWithDefault("groupOfNames")
+
+  val AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.customLDAPQuery")
+      .doc("A full LDAP query that LDAP Atn provider uses to execute against LDAP Server. " +
+        "If this query returns a null resultset, the LDAP Provider fails the Authentication " +
+        "request, succeeds if the user is part of the resultset." +
+        "For example: `(&(objectClass=group)(objectClass=top)(instanceType=4)(cn=Domain*))`, " +
+        "`(&(objectClass=person)(|(sAMAccountName=admin)" +
+        "(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)" +
+        "(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com))))`")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_LDAP_BIND_USER: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.binddn")
+      .doc("The user with which to bind to the LDAP server, and search for the full domain name " +
+        "of the user being authenticated. This should be the full domain name of the user, and " +
+        "should have search access across all users in the LDAP tree. If not specified, then " +
+        "the user being authenticated will be used as the bind user. " +
+        "For example: CN=bindUser,CN=Users,DC=subdomain,DC=domain,DC=com")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_LDAP_BIND_PASSWORD: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.ldap.bindpw")
+      .doc("The password for the bind user, to be used to search for the full name of the " +
+        "user being authenticated. If the username is specified, this parameter must also be " +
+        "specified.")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
+
   val AUTHENTICATION_JDBC_DRIVER: OptionalConfigEntry[String] =
     buildConf("kyuubi.authentication.jdbc.driver.class")
       .doc("Driver class name for JDBC Authentication Provider.")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/ServiceUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/ServiceUtils.scala
index d481aea77..955144af8 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/ServiceUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/ServiceUtils.scala
@@ -17,6 +17,10 @@
 
 package org.apache.kyuubi.service
 
+import java.io.{Closeable, IOException}
+
+import org.slf4j.Logger
+
 object ServiceUtils {
 
   /**
@@ -49,4 +53,24 @@ object ServiceUtils {
       userName.substring(0, indexOfDomainMatch)
     }
   }
+
+  /**
+   * Close the Closeable objects and <b>ignore</b> any [[IOException]] or
+   * null pointers. Must only be used for cleanup in exception handlers.
+   *
+   * @param log        the log to record problems to at debug level. Can be null.
+   * @param closeables the objects to close
+   */
+  def cleanup(log: Logger, closeables: Closeable*): Unit = {
+    closeables.filter(_ != null).foreach { c =>
+      try {
+        c.close()
+      } catch {
+        case e: IOException =>
+          if (log != null && log.isDebugEnabled) {
+            log.debug(s"Exception in closing $c", e)
+          }
+      }
+    }
+  }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
index b5e08def5..06d08f3e4 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
@@ -17,17 +17,25 @@
 
 package org.apache.kyuubi.service.authentication
 
-import javax.naming.{Context, NamingException}
-import javax.naming.directory.InitialDirContext
+import javax.naming.NamingException
 import javax.security.sasl.AuthenticationException
 
 import org.apache.commons.lang3.StringUtils
 
+import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.service.ServiceUtils
+import org.apache.kyuubi.service.authentication.LdapAuthenticationProviderImpl.FILTER_FACTORIES
+import org.apache.kyuubi.service.authentication.ldap._
 
-class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticationProvider {
+class LdapAuthenticationProviderImpl(
+    conf: KyuubiConf,
+    searchFactory: DirSearchFactory = new LdapSearchFactory)
+  extends PasswdAuthenticationProvider with Logging {
+
+  private val filterOpt: Option[Filter] = FILTER_FACTORIES
+    .map { f => f.getInstance(conf) }
+    .collectFirst { case Some(f: Filter) => f }
 
   /**
    * The authenticate method is called by the Kyuubi Server authentication layer
@@ -41,47 +49,72 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
    * @throws AuthenticationException When a user is found to be invalid by the implementation
    */
   override def authenticate(user: String, password: String): Unit = {
+
+    val (usedBind, bindUser, bindPassword) = (
+      conf.get(KyuubiConf.AUTHENTICATION_LDAP_BIND_USER),
+      conf.get(KyuubiConf.AUTHENTICATION_LDAP_BIND_PASSWORD)) match {
+      case (Some(_bindUser), Some(_bindPw)) => (true, _bindUser, _bindPw)
+      case _ =>
+        // If no bind user or bind password was specified,
+        // we assume the user we are authenticating has the ability to search
+        // the LDAP tree, so we use it as the "binding" account.
+        // This is the way it worked before bind users were allowed in the LDAP authenticator,
+        // so we keep existing systems working.
+        (false, user, password)
+    }
+
+    var search: DirSearch = null
+    try {
+      search = createDirSearch(bindUser, bindPassword)
+      applyFilter(search, user)
+      if (usedBind) {
+        // If we used the bind user, then we need to authenticate again,
+        // this time using the full user name we got during the bind process.
+        createDirSearch(search.findUserDn(user), password)
+      }
+    } catch {
+      case e: NamingException =>
+        throw new AuthenticationException(
+          s"Unable to find the user in the LDAP tree. ${e.getMessage}")
+    } finally {
+      ServiceUtils.cleanup(logger, search)
+    }
+  }
+
+  @throws[AuthenticationException]
+  private def createDirSearch(user: String, password: String): DirSearch = {
     if (StringUtils.isBlank(user)) {
       throw new AuthenticationException(s"Error validating LDAP user, user is null" +
         s" or contains blank space")
     }
 
-    if (StringUtils.isBlank(password)) {
+    if (StringUtils.isBlank(password) || password.getBytes()(0) == 0) {
       throw new AuthenticationException(s"Error validating LDAP user, password is null" +
         s" or contains blank space")
     }
 
-    val env = new java.util.Hashtable[String, Any]()
-    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory")
-    env.put(Context.SECURITY_AUTHENTICATION, "simple")
-
-    conf.get(AUTHENTICATION_LDAP_URL).foreach(env.put(Context.PROVIDER_URL, _))
-
-    val domain = conf.get(AUTHENTICATION_LDAP_DOMAIN)
-    val u =
-      if (!hasDomain(user) && domain.nonEmpty) {
-        user + "@" + domain.get
-      } else {
-        user
+    val principals = LdapUtils.createCandidatePrincipals(conf, user)
+    val iterator = principals.iterator
+    while (iterator.hasNext) {
+      val principal = iterator.next
+      try {
+        return searchFactory.getInstance(conf, principal, password)
+      } catch {
+        case ex: AuthenticationException => if (iterator.isEmpty) throw ex
       }
-
-    val guidKey = conf.get(AUTHENTICATION_LDAP_GUIDKEY)
-    val bindDn = conf.get(AUTHENTICATION_LDAP_BASEDN) match {
-      case Some(dn) => guidKey + "=" + u + "," + dn
-      case _ => u
     }
+    throw new AuthenticationException(s"No candidate principals for $user was found.")
+  }
 
-    env.put(Context.SECURITY_PRINCIPAL, bindDn)
-    env.put(Context.SECURITY_CREDENTIALS, password)
-
-    try {
-      val ctx = new InitialDirContext(env)
-      ctx.close()
-    } catch {
-      case e: NamingException =>
-        throw new AuthenticationException(s"Error validating LDAP user: $bindDn", e)
-    }
+  @throws[AuthenticationException]
+  private def applyFilter(client: DirSearch, user: String): Unit = filterOpt.foreach { filter =>
+    val username = if (LdapUtils.hasDomain(user)) LdapUtils.extractUserName(user) else user
+    filter.apply(client, username)
   }
+}
 
-  private def hasDomain(userName: String): Boolean = ServiceUtils.indexOfDomainMatch(userName) > 0
+object LdapAuthenticationProviderImpl {
+  val FILTER_FACTORIES: Array[FilterFactory] = Array[FilterFactory](
+    CustomQueryFilterFactory,
+    new ChainFilterFactory(UserSearchFilterFactory, UserFilterFactory, GroupFilterFactory))
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterFactory.scala
new file mode 100644
index 000000000..a5badb15d
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterFactory.scala
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * A factory that produces a [[Filter]] that is implemented as a chain of other filters.
+ * The chain of filters are created as a result of [[ChainFilterFactory#getInstance]] method call.
+ * The resulting object filters out all users that don't pass all chained filters.
+ * The filters will be applied in the order they are mentioned in the factory constructor.
+ */
+
+class ChainFilterFactory(chainedFactories: FilterFactory*) extends FilterFactory {
+  override def getInstance(conf: KyuubiConf): Option[Filter] = {
+    val maybeFilters = chainedFactories.map(_.getInstance(conf))
+    val filters = maybeFilters.flatten
+    if (filters.isEmpty) None else Some(new ChainFilter(filters))
+  }
+}
+
+class ChainFilter(chainedFilters: Seq[Filter]) extends Filter {
+  @throws[AuthenticationException]
+  override def apply(client: DirSearch, user: String): Unit = {
+    chainedFilters.foreach(_.apply(client, user))
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterFactory.scala
new file mode 100644
index 000000000..d10e6523b
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterFactory.scala
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.NamingException
+import javax.security.sasl.AuthenticationException
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * A factory for a [[Filter]] based on a custom query.
+ * <br>
+ * The produced filter object filters out all users that are not found in the search result
+ * of the query provided in Kyuubi configuration.
+ *
+ * @see [[KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY]]
+ */
+object CustomQueryFilterFactory extends FilterFactory {
+  override def getInstance(conf: KyuubiConf): Option[Filter] =
+    conf.get(KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY)
+      .map { customQuery => new CustomQueryFilter(customQuery) }
+}
+class CustomQueryFilter(query: String) extends Filter with Logging {
+  @throws[AuthenticationException]
+  override def apply(client: DirSearch, user: String): Unit = {
+    var resultList: Array[String] = null
+    try {
+      resultList = client.executeCustomQuery(query)
+    } catch {
+      case e: NamingException =>
+        throw new AuthenticationException(s"LDAP Authentication failed for $user", e)
+    }
+    if (resultList != null) {
+      resultList.foreach { matchedDn =>
+        val shortUserName = LdapUtils.getShortName(matchedDn)
+        info(s"<queried user=$shortUserName,user=$user>")
+        if (shortUserName.equalsIgnoreCase(user) || matchedDn.equalsIgnoreCase(user)) {
+          info("Authentication succeeded based on result set from LDAP query")
+          return
+        }
+      }
+      // try a generic user search
+      if (query.contains("%s")) {
+        val userSearchQuery = query.replace("%s", user)
+        info("Trying with generic user search in ldap:" + userSearchQuery)
+        try resultList = client.executeCustomQuery(userSearchQuery)
+        catch {
+          case e: NamingException =>
+            throw new AuthenticationException("LDAP Authentication failed for user", e)
+        }
+        if (resultList != null && resultList.length == 1) {
+          info("Authentication succeeded based on result from custom user search query")
+          return
+        }
+      }
+    }
+    info("Authentication failed based on result set from custom LDAP query")
+    throw new AuthenticationException(
+      "Authentication failed: LDAP query from property returned no data")
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearch.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearch.scala
new file mode 100644
index 000000000..c1c4d5060
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearch.scala
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import java.io.Closeable
+import javax.naming.NamingException
+
+/**
+ * The object used for executing queries on the Directory Service.
+ */
+trait DirSearch extends Closeable {
+
+  /**
+   * Finds user's distinguished name.
+   *
+   * @param user username
+   * @return DN for the specified username
+   */
+  @throws[NamingException]
+  def findUserDn(user: String): String
+
+  /**
+   * Finds group's distinguished name.
+   *
+   * @param group group name or unique identifier
+   * @return DN for the specified group name
+   */
+  @throws[NamingException]
+  def findGroupDn(group: String): String
+
+  /**
+   * Verifies that specified user is a member of specified group.
+   *
+   * @param user    user id or distinguished name
+   * @param groupDn group's DN
+   * @return true if the user is a member of the group, false - otherwise.
+   */
+  @throws[NamingException]
+  def isUserMemberOfGroup(user: String, groupDn: String): Boolean
+
+  /**
+   * Finds groups that contain the specified user.
+   *
+   * @param userDn user's distinguished name
+   * @return list of groups
+   */
+  @throws[NamingException]
+  def findGroupsForUser(userDn: String): Array[String]
+
+  /**
+   * Executes an arbitrary query.
+   *
+   * @param query any query
+   * @return list of names in the namespace
+   */
+  @throws[NamingException]
+  def executeCustomQuery(query: String): Array[String]
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearchFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearchFactory.scala
new file mode 100644
index 000000000..2046632d8
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/DirSearchFactory.scala
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * A factory for [[DirSearch]].
+ */
+trait DirSearchFactory {
+
+  /**
+   * Returns an instance of [[DirSearch]].
+   *
+   * @param conf     Kyuubi configuration
+   * @param user     username
+   * @param password user password
+   * @return instance of [[DirSearch]]
+   */
+  @throws[AuthenticationException]
+  def getInstance(conf: KyuubiConf, user: String, password: String): DirSearch
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Filter.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Filter.scala
new file mode 100644
index 000000000..e57eddb0d
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Filter.scala
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+/**
+ * The object that filters LDAP users.
+ * <br>
+ * The assumption is that this user was already authenticated by a previous bind operation.
+ */
+trait Filter {
+
+  /**
+   * Applies this filter to the authenticated user.
+   *
+   * @param client LDAP client that will be used for execution of LDAP queries.
+   * @param user   username
+   */
+  @throws[AuthenticationException]
+  def apply(client: DirSearch, user: String): Unit
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/FilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/FilterFactory.scala
new file mode 100644
index 000000000..d85104684
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/FilterFactory.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * Factory for the filter.
+ */
+trait FilterFactory {
+
+  /**
+   * Returns an instance of the corresponding filter.
+   *
+   * @param conf Kyuubi configurations used to configure the filter.
+   * @return Some(filter) or None if this filter doesn't support provided set of properties
+   */
+  def getInstance(conf: KyuubiConf): Option[Filter]
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala
new file mode 100644
index 000000000..fd1c907ec
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.NamingException
+import javax.security.sasl.AuthenticationException
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.KyuubiConf
+
+object GroupFilterFactory extends FilterFactory {
+  override def getInstance(conf: KyuubiConf): Option[Filter] = {
+    val groupFilter = conf.get(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER)
+    if (groupFilter.isEmpty) {
+      None
+    } else if (conf.get(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY).isDefined) {
+      Some(new UserMembershipKeyFilter(groupFilter))
+    } else {
+      Some(new GroupMembershipKeyFilter(groupFilter))
+    }
+  }
+}
+
+class GroupMembershipKeyFilter(groupFilter: Seq[String]) extends Filter with Logging {
+
+  @throws[AuthenticationException]
+  override def apply(ldap: DirSearch, user: String): Unit = {
+    info(s"Authenticating user '$user' using ${classOf[GroupMembershipKeyFilter].getSimpleName})")
+
+    var memberOf: Array[String] = null
+    try {
+      val userDn = ldap.findUserDn(user)
+      // Workaround for magic things on Mockito:
+      // unmatched invocation returns an empty list if the method return type is JList,
+      // but null if the method return type is Array
+      memberOf = Option(ldap.findGroupsForUser(userDn)).getOrElse(Array.empty)
+      debug(s"User $userDn member of: ${memberOf.mkString(",")}")
+    } catch {
+      case e: NamingException =>
+        throw new AuthenticationException("LDAP Authentication failed for user", e)
+    }
+    memberOf.foreach { groupDn =>
+      val shortName = LdapUtils.getShortName(groupDn)
+      if (groupFilter.exists(shortName.equalsIgnoreCase)) {
+        debug(s"GroupMembershipKeyFilter passes: user '$user' is a member of '$groupDn' group")
+        info("Authentication succeeded based on group membership")
+        return
+      }
+    }
+    info("Authentication failed based on user membership")
+    throw new AuthenticationException(
+      "Authentication failed: User not a member of specified list")
+  }
+}
+
+class UserMembershipKeyFilter(groupFilter: Seq[String]) extends Filter with Logging {
+  @throws[AuthenticationException]
+  override def apply(ldap: DirSearch, user: String): Unit = {
+    info(s"Authenticating user '$user' using $classOf[UserMembershipKeyFilter].getSimpleName")
+    val groupDns = new ArrayBuffer[String]
+    groupFilter.foreach { groupId =>
+      try {
+        val groupDn = ldap.findGroupDn(groupId)
+        groupDns += groupDn
+      } catch {
+        case e: NamingException =>
+          warn("Cannot find DN for group", e)
+          debug(s"Cannot find DN for group $groupId", e)
+      }
+    }
+    if (groupDns.isEmpty) {
+      debug(s"No DN(s) has been found for any of group(s): ${groupFilter.mkString(",")}")
+      throw new AuthenticationException("No DN(s) has been found for any of specified group(s)")
+    }
+    groupDns.foreach { groupDn =>
+      try {
+        if (ldap.isUserMemberOfGroup(user, groupDn)) {
+          debug(s"UserMembershipKeyFilter passes: user '$user' is a member of '$groupDn' group")
+          info("Authentication succeeded based on user membership")
+          return
+        }
+      } catch {
+        case e: NamingException =>
+          warn("Cannot match user and group", e)
+          debug(s"Cannot match user '$user' and group '$groupDn'", e)
+      }
+    }
+    throw new AuthenticationException(
+      s"Authentication failed: User '$user' is not a member of listed groups")
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearch.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearch.scala
new file mode 100644
index 000000000..09dca1d5c
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearch.scala
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.{NamingEnumeration, NamingException}
+import javax.naming.directory.{DirContext, SearchResult}
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * Implements search for LDAP.
+ * @param conf Kyuubi configuration
+ * @param ctx  Directory service that will be used for the queries.
+ */
+class LdapSearch(conf: KyuubiConf, ctx: DirContext) extends DirSearch with Logging {
+
+  final private val baseDn = conf.get(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN).orNull
+  final private val groupBases: Array[String] =
+    LdapUtils.patternsToBaseDns(
+      LdapUtils.parseDnPatterns(conf, KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN))
+  final private val userPatterns: Array[String] =
+    LdapUtils.parseDnPatterns(conf, KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN)
+  final private val userBases: Array[String] = LdapUtils.patternsToBaseDns(userPatterns)
+  final private val queries: QueryFactory = new QueryFactory(conf)
+
+  /**
+   * Closes this search object and releases any system resources associated
+   * with it. If the search object is already closed then invoking this
+   * method has no effect.
+   */
+  override def close(): Unit = {
+    try ctx.close()
+    catch {
+      case e: NamingException =>
+        warn("Exception when closing LDAP context:", e)
+    }
+  }
+
+  @throws[NamingException]
+  override def findUserDn(user: String): String = {
+    var allLdapNames: Array[String] = null
+    if (LdapUtils.isDn(user)) {
+      val userBaseDn: String = LdapUtils.extractBaseDn(user)
+      val userRdn: String = LdapUtils.extractFirstRdn(user)
+      allLdapNames = execute(Array(userBaseDn), queries.findUserDnByRdn(userRdn)).getAllLdapNames
+    } else {
+      allLdapNames = findDnByPattern(userPatterns, user)
+      if (allLdapNames.isEmpty) {
+        allLdapNames = execute(userBases, queries.findUserDnByName(user)).getAllLdapNames
+      }
+    }
+    if (allLdapNames.length == 1) allLdapNames.head
+    else {
+      info(s"Expected exactly one user result for the user: $user, " +
+        s"but got ${allLdapNames.length}. Returning null")
+      debug("Matched users: $allLdapNames")
+      null
+    }
+  }
+
+  @throws[NamingException]
+  private def findDnByPattern(patterns: Seq[String], name: String): Array[String] = {
+    for (pattern <- patterns) {
+      val baseDnFromPattern: String = LdapUtils.extractBaseDn(pattern)
+      val rdn = LdapUtils.extractFirstRdn(pattern).replaceAll("%s", name)
+      val names = execute(Array(baseDnFromPattern), queries.findDnByPattern(rdn)).getAllLdapNames
+      if (!names.isEmpty) return names
+    }
+    Array.empty
+  }
+
+  @throws[NamingException]
+  override def findGroupDn(group: String): String =
+    execute(groupBases, queries.findGroupDnById(group)).getSingleLdapName
+
+  @throws[NamingException]
+  override def isUserMemberOfGroup(user: String, groupDn: String): Boolean = {
+    val userId = LdapUtils.extractUserName(user)
+    execute(userBases, queries.isUserMemberOfGroup(userId, groupDn)).hasSingleResult
+  }
+
+  @throws[NamingException]
+  override def findGroupsForUser(userDn: String): Array[String] = {
+    val userName = LdapUtils.extractUserName(userDn)
+    execute(groupBases, queries.findGroupsForUser(userName, userDn)).getAllLdapNames
+  }
+
+  @throws[NamingException]
+  override def executeCustomQuery(query: String): Array[String] =
+    execute(Array(baseDn), queries.customQuery(query)).getAllLdapNamesAndAttributes
+
+  private def execute(baseDns: Array[String], query: Query): SearchResultHandler = {
+    val searchResults = new ArrayBuffer[NamingEnumeration[SearchResult]]
+    debug(s"Executing a query: '${query.filter}' with base DNs ${baseDns.mkString(",")}")
+    baseDns.foreach { baseDn =>
+      try {
+        val searchResult = ctx.search(baseDn, query.filter, query.controls)
+        if (searchResult != null) searchResults += searchResult
+      } catch {
+        case ex: NamingException =>
+          debug(
+            s"Exception happened for query '${query.filter}' with base DN '$baseDn'",
+            ex)
+      }
+    }
+    new SearchResultHandler(searchResults.toArray)
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchFactory.scala
new file mode 100644
index 000000000..e3649d359
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchFactory.scala
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import java.util
+import javax.naming.{Context, NamingException}
+import javax.naming.directory.{DirContext, InitialDirContext}
+import javax.security.sasl.AuthenticationException
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.KyuubiConf
+
+class LdapSearchFactory extends DirSearchFactory with Logging {
+  @throws[AuthenticationException]
+  override def getInstance(conf: KyuubiConf, principal: String, password: String): DirSearch = {
+    try {
+      val ctx = createDirContext(conf, principal, password)
+      new LdapSearch(conf, ctx)
+    } catch {
+      case e: NamingException =>
+        debug(s"Could not connect to the LDAP Server: Authentication failed for $principal")
+        throw new AuthenticationException(s"Error validating LDAP user: $principal", e)
+    }
+  }
+
+  @throws[NamingException]
+  private def createDirContext(
+      conf: KyuubiConf,
+      principal: String,
+      password: String): DirContext = {
+    val ldapUrl = conf.get(KyuubiConf.AUTHENTICATION_LDAP_URL)
+    val env = new util.Hashtable[String, AnyRef]
+    ldapUrl.foreach(env.put(Context.PROVIDER_URL, _))
+    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory")
+    env.put(Context.SECURITY_AUTHENTICATION, "simple")
+    env.put(Context.SECURITY_PRINCIPAL, principal)
+    env.put(Context.SECURITY_CREDENTIALS, password)
+    debug(s"Connecting using principal $principal to ldap server: ${ldapUrl.orNull}")
+    new InitialDirContext(env)
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala
new file mode 100644
index 000000000..a48f9f48f
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala
@@ -0,0 +1,199 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.{KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.service.ServiceUtils
+
+/**
+ * Static utility methods related to LDAP authentication module.
+ */
+object LdapUtils extends Logging {
+
+  /**
+   * Extracts a base DN from the provided distinguished name.
+   * <br>
+   * <b>Example:</b>
+   * <br>
+   * "ou=CORP,dc=mycompany,dc=com" is the base DN for "cn=user1,ou=CORP,dc=mycompany,dc=com"
+   *
+   * @param dn distinguished name
+   * @return base DN
+   */
+  def extractBaseDn(dn: String): String = {
+    val indexOfFirstDelimiter = dn.indexOf(",")
+    if (indexOfFirstDelimiter > -1) {
+      return dn.substring(indexOfFirstDelimiter + 1)
+    }
+    null
+  }
+
+  /**
+   * Extracts the first Relative Distinguished Name (RDN).
+   * <br>
+   * <b>Example:</b>
+   * <br>
+   * For DN "cn=user1,ou=CORP,dc=mycompany,dc=com" this method will return "cn=user1"
+   *
+   * @param dn distinguished name
+   * @return first RDN
+   */
+  def extractFirstRdn(dn: String): String = dn.substring(0, dn.indexOf(","))
+
+  /**
+   * Extracts username from user DN.
+   * <br>
+   * <b>Examples:</b>
+   * <pre>
+   * LdapUtils.extractUserName("UserName")                        = "UserName"
+   * LdapUtils.extractUserName("UserName@mycorp.com")             = "UserName"
+   * LdapUtils.extractUserName("cn=UserName,dc=mycompany,dc=com") = "UserName"
+   * </pre>
+   */
+  def extractUserName(userDn: String): String = {
+    if (!isDn(userDn) && !hasDomain(userDn)) {
+      return userDn
+    }
+    val domainIdx: Int = ServiceUtils.indexOfDomainMatch(userDn)
+    if (domainIdx > 0) {
+      return userDn.substring(0, domainIdx)
+    }
+    if (userDn.contains("=")) {
+      return userDn.substring(userDn.indexOf("=") + 1, userDn.indexOf(","))
+    }
+    userDn
+  }
+
+  /**
+   * Gets value part of the first attribute in the provided RDN.
+   * <br>
+   * <b>Example:</b>
+   * <br>
+   * For RDN "cn=user1,ou=CORP" this method will return "user1"
+   *
+   * @param rdn Relative Distinguished Name
+   * @return value part of the first attribute
+   */
+  def getShortName(rdn: String): String = rdn.split(",")(0).split("=")(1)
+
+  /**
+   * Check for a domain part in the provided username.
+   * <br>
+   * <b>Example:</b>
+   * <br>
+   * <pre>
+   * LdapUtils.hasDomain("user1@mycorp.com") = true
+   * LdapUtils.hasDomain("user1")            = false
+   * </pre>
+   *
+   * @param userName username
+   * @return true if `userName`` contains `@<domain>` part
+   */
+  def hasDomain(userName: String): Boolean = {
+    ServiceUtils.indexOfDomainMatch(userName) > 0
+  }
+
+  /**
+   * Detects DN names.
+   * <br>
+   * <b>Example:</b>
+   * <br>
+   * <pre>
+   * LdapUtils.isDn("cn=UserName,dc=mycompany,dc=com") = true
+   * LdapUtils.isDn("user1")                           = false
+   * </pre>
+   *
+   * @param name name to be checked
+   * @return true if the provided name is a distinguished name
+   */
+  def isDn(name: String): Boolean = {
+    name.contains("=")
+  }
+
+  /**
+   * Reads and parses DN patterns from Kyuubi configuration.
+   * <br>
+   * If no patterns are provided in the configuration, then the base DN will be used.
+   *
+   * @param conf Kyuubi configuration
+   * @param confKey  configuration key to be read
+   * @return a list of DN patterns
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_BASE_DN]]
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_GUID_KEY]]
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN]]
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN]]
+   */
+  def parseDnPatterns(conf: KyuubiConf, confKey: OptionalConfigEntry[String]): Array[String] = {
+    val result = new ArrayBuffer[String]
+    conf.get(confKey).map { patternsString =>
+      patternsString.split(":").foreach { pattern =>
+        if (pattern.contains(",") && pattern.contains("=")) {
+          result += pattern
+        } else {
+          warn(s"Unexpected format for $confKey, ignoring $pattern")
+        }
+      }
+    }.getOrElse {
+      val guidAttr = conf.get(KyuubiConf.AUTHENTICATION_LDAP_GUID_KEY)
+      conf.get(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN).foreach { defaultBaseDn =>
+        result += s"$guidAttr=%s,$defaultBaseDn"
+      }
+    }
+    result.toArray
+  }
+
+  private def patternToBaseDn(pattern: String): String =
+    if (pattern.contains("=%s")) pattern.split(",", 2)(1) else pattern
+
+  /**
+   * Converts a collection of Distinguished Name patterns to a collection of base DNs.
+   *
+   * @param patterns Distinguished Name patterns
+   * @return a list of base DNs
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN]]
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN]]
+   */
+  def patternsToBaseDns(patterns: Array[String]): Array[String] = {
+    patterns.map(patternToBaseDn)
+  }
+
+  /**
+   * Creates a list of principals to be used for user authentication.
+   *
+   * @param conf Kyuubi configuration
+   * @param user username
+   * @return a list of user's principals
+   */
+  def createCandidatePrincipals(conf: KyuubiConf, user: String): Array[String] = {
+    if (hasDomain(user) || isDn(user)) {
+      return Array(user)
+    }
+    conf.get(KyuubiConf.AUTHENTICATION_LDAP_DOMAIN).map { ldapDomain =>
+      Array(user + "@" + ldapDomain)
+    }.getOrElse {
+      val userPatterns = parseDnPatterns(conf, KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN)
+      if (userPatterns.isEmpty) {
+        return Array(user)
+      }
+      userPatterns.map(_.replaceAll("%s", user))
+    }
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Query.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Query.scala
new file mode 100644
index 000000000..ce9a7d472
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/Query.scala
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import java.util
+import javax.naming.directory.SearchControls
+
+import org.stringtemplate.v4.ST
+
+/**
+ * The object that encompasses all components of a Directory Service search query.
+ *
+ * @see [[LdapSearch]]
+ */
+object Query {
+
+  /**
+   * Creates Query Builder.
+   *
+   * @return query builder.
+   */
+  def builder: Query.QueryBuilder = new Query.QueryBuilder
+
+  /**
+   * A builder of the [[Query]].
+   */
+  final class QueryBuilder {
+    private var filterTemplate: ST = _
+    private val controls: SearchControls = {
+      val _controls = new SearchControls
+      _controls.setSearchScope(SearchControls.SUBTREE_SCOPE)
+      _controls.setReturningAttributes(new Array[String](0))
+      _controls
+    }
+    private val returningAttributes: util.List[String] = new util.ArrayList[String]
+
+    /**
+     * Sets search filter template.
+     *
+     * @param filterTemplate search filter template
+     * @return the current instance of the builder
+     */
+    def filter(filterTemplate: String): Query.QueryBuilder = {
+      this.filterTemplate = new ST(filterTemplate)
+      this
+    }
+
+    /**
+     * Sets mapping between names in the search filter template and actual values.
+     *
+     * @param key   marker in the search filter template.
+     * @param value actual value
+     * @return the current instance of the builder
+     */
+    def map(key: String, value: String): Query.QueryBuilder = {
+      filterTemplate.add(key, value)
+      this
+    }
+
+    /**
+     * Sets mapping between names in the search filter template and actual values.
+     *
+     * @param key    marker in the search filter template.
+     * @param values array of values
+     * @return the current instance of the builder
+     */
+    def map(key: String, values: Array[String]): Query.QueryBuilder = {
+      filterTemplate.add(key, values)
+      this
+    }
+
+    /**
+     * Sets attribute that should be returned in results for the query.
+     *
+     * @param attributeName attribute name
+     * @return the current instance of the builder
+     */
+    def returnAttribute(attributeName: String): Query.QueryBuilder = {
+      returningAttributes.add(attributeName)
+      this
+    }
+
+    /**
+     * Sets the maximum number of entries to be returned as a result of the search.
+     * <br>
+     * 0 indicates no limit: all entries will be returned.
+     *
+     * @param limit The maximum number of entries that will be returned.
+     * @return the current instance of the builder
+     */
+    def limit(limit: Int): Query.QueryBuilder = {
+      controls.setCountLimit(limit)
+      this
+    }
+
+    private def validate(): Unit = {
+      require(filterTemplate != null, "filter is required for LDAP search query")
+    }
+
+    private def createFilter: String = filterTemplate.render
+
+    private def updateControls(): Unit = {
+      if (!returningAttributes.isEmpty) controls.setReturningAttributes(
+        returningAttributes.toArray(new Array[String](returningAttributes.size)))
+    }
+
+    /**
+     * Builds an instance of [[Query]].
+     *
+     * @return configured directory service query
+     */
+    def build: Query = {
+      validate()
+      val filter: String = createFilter
+      updateControls()
+      new Query(filter, controls)
+    }
+  }
+}
+
+case class Query(filter: String, controls: SearchControls)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactory.scala
new file mode 100644
index 000000000..849006e38
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactory.scala
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * A factory for common types of directory service search queries.
+ */
+final class QueryFactory(conf: KyuubiConf) {
+  private val USER_OBJECT_CLASSES = Array("person", "user", "inetOrgPerson")
+
+  private val guidAttr = conf.get(KyuubiConf.AUTHENTICATION_LDAP_GUID_KEY)
+  private val groupClassAttr = conf.get(KyuubiConf.AUTHENTICATION_LDAP_GROUP_CLASS_KEY)
+  private val groupMembershipAttr = conf.get(KyuubiConf.AUTHENTICATION_LDAP_GROUP_MEMBERSHIP_KEY)
+  private val userMembershipAttrOpt = conf.get(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY)
+
+  /**
+   * Returns a query for finding Group DN based on group unique ID.
+   *
+   * @param groupId group unique identifier
+   * @return an instance of [[Query]]
+   */
+  def findGroupDnById(groupId: String): Query = Query.builder
+    .filter("(&(objectClass=<groupClassAttr>)(<guidAttr>=<groupID>))")
+    .map("guidAttr", guidAttr)
+    .map("groupClassAttr", groupClassAttr)
+    .map("groupID", groupId).limit(2)
+    .build
+
+  /**
+   * Returns a query for finding user DN based on user RDN.
+   *
+   * @param userRdn user RDN
+   * @return an instance of [[Query]]
+   */
+  def findUserDnByRdn(userRdn: String): Query = Query.builder
+    .filter("(&(|<classes:{ class |(objectClass=<class>)}>)(<userRdn>))")
+    .limit(2)
+    .map("classes", USER_OBJECT_CLASSES)
+    .map("userRdn", userRdn).build
+
+  /**
+   * Returns a query for finding user DN based on DN pattern.
+   * <br>
+   * Name of this method was derived from the original implementation of LDAP authentication.
+   * This method should be replaced by [[QueryFactory.findUserDnByRdn]].
+   *
+   * @param rdn user RDN
+   * @return an instance of [[Query]]
+   */
+  def findDnByPattern(rdn: String): Query = Query.builder
+    .filter("(<rdn>)")
+    .map("rdn", rdn)
+    .limit(2)
+    .build
+
+  /**
+   * Returns a query for finding user DN based on user unique name.
+   *
+   * @param userName user unique name (uid or sAMAccountName)
+   * @return an instance of [[Query]]
+   */
+  def findUserDnByName(userName: String): Query = Query.builder
+    .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" +
+      "(|(uid=<userName>)(sAMAccountName=<userName>)))")
+    .map("classes", USER_OBJECT_CLASSES)
+    .map("userName", userName)
+    .limit(2)
+    .build
+
+  /**
+   * Returns a query for finding groups to which the user belongs.
+   *
+   * @param userName username
+   * @param userDn   user DN
+   * @return an instance of [[Query]]
+   */
+  def findGroupsForUser(userName: String, userDn: String): Query = Query.builder
+    .filter("(&(objectClass=<groupClassAttr>)" +
+      "(|(<groupMembershipAttr>=<userDn>)(<groupMembershipAttr>=<userName>)))")
+    .map("groupClassAttr", groupClassAttr)
+    .map("groupMembershipAttr", groupMembershipAttr)
+    .map("userName", userName)
+    .map("userDn", userDn)
+    .build
+
+  /**
+   * Returns a query for checking whether specified user is a member of specified group.
+   *
+   * The query requires [[KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY]]
+   * configuration property to be set.
+   *
+   * @param userId  user unique identifier
+   * @param groupDn group DN
+   * @return an instance of [[Query]]
+   * @see [[KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY]]
+   */
+  def isUserMemberOfGroup(userId: String, groupDn: String): Query = {
+    require(
+      userMembershipAttrOpt.isDefined,
+      s"${KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY.key} is not configured.")
+
+    Query.builder
+      .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" +
+        "(<userMembershipAttr>=<groupDn>)(<guidAttr>=<userId>))")
+      .map("classes", USER_OBJECT_CLASSES)
+      .map("guidAttr", guidAttr)
+      .map("userMembershipAttr", userMembershipAttrOpt.get)
+      .map("userId", userId)
+      .map("groupDn", groupDn)
+      .limit(2)
+      .build
+  }
+
+  /**
+   * Returns a query object created for the custom filter.
+   * <br>
+   * This query is configured to return a group membership attribute as part of the search result.
+   *
+   * @param searchFilter custom search filter
+   * @return an instance of [[Query]]
+   */
+  def customQuery(searchFilter: String): Query = {
+    val builder = Query.builder
+    builder.filter(searchFilter)
+    builder.returnAttribute(groupMembershipAttr)
+    builder.build
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandler.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandler.scala
new file mode 100644
index 000000000..52d5b6a90
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandler.scala
@@ -0,0 +1,148 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.{NamingEnumeration, NamingException}
+import javax.naming.directory.SearchResult
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.kyuubi.Logging
+
+/**
+ * The object that handles Directory Service search results.
+ * In most cases it converts search results into a list of names in the namespace.
+ */
+object SearchResultHandler {
+
+  /**
+   * An interface used by [[SearchResultHandler]] for processing records of
+   * a [[SearchResult]] on a per-record basis.
+   * <br>
+   * Implementations of this interface perform the actual work of processing each record,
+   * but don't need to worry about exception handling, closing underlying data structures,
+   * and combining results from several search requests.
+   *
+   * @see SearchResultHandler
+   */
+  trait RecordProcessor extends (SearchResult => Boolean) {
+
+    /**
+     * Implementations must implement this method to process each record in [[SearchResult]].
+     *
+     * @param record the [[SearchResult]] to precess
+     * @return true to continue processing, false to stop iterating
+     *         over search results
+     */
+    @throws[NamingException]
+    override def apply(record: SearchResult): Boolean
+  }
+}
+
+/**
+ * Constructs a search result handler object for the provided search results.
+ *
+ * @param searchResults directory service search results
+ */
+class SearchResultHandler(val searchResults: Array[NamingEnumeration[SearchResult]])
+  extends Logging {
+
+  /**
+   * Returns all entries from the search result.
+   *
+   * @return a list of names in the namespace
+   */
+  @throws[NamingException]
+  def getAllLdapNames: Array[String] = {
+    val result = new ArrayBuffer[String]
+    handle { record => result += record.getNameInNamespace; true }
+    result.toArray
+  }
+
+  /**
+   * Checks whether search result contains exactly one entry.
+   *
+   * @return true if the search result contains a single entry.
+   */
+  @throws[NamingException]
+  def hasSingleResult: Boolean = {
+    val allResults = getAllLdapNames
+    allResults != null && allResults.length == 1
+  }
+
+  /**
+   * Returns a single entry from the search result.
+   * Throws [[NamingException]] if the search result doesn't contain exactly one entry.
+   *
+   * @return name in the namespace
+   */
+  @throws[NamingException]
+  def getSingleLdapName: String = {
+    val allLdapNames = getAllLdapNames
+    if (allLdapNames.length == 1) return allLdapNames.head
+    throw new NamingException("Single result was expected")
+  }
+
+  /**
+   * Returns all entries and all attributes for these entries.
+   *
+   * @return a list that includes all entries and all attributes from these entries.
+   */
+  @throws[NamingException]
+  def getAllLdapNamesAndAttributes: Array[String] = {
+    val result = new ArrayBuffer[String]
+
+    @throws[NamingException]
+    def addAllAttributeValuesToResult(values: NamingEnumeration[_]): Unit = {
+      while (values.hasMore) result += String.valueOf(values.next)
+    }
+    handle { record =>
+      result += record.getNameInNamespace
+      val allAttributes = record.getAttributes.getAll
+      while (allAttributes.hasMore) {
+        val attribute = allAttributes.next
+        addAllAttributeValuesToResult(attribute.getAll)
+      }
+      true
+    }
+    result.toArray
+  }
+
+  /**
+   * Allows for custom processing of the search results.
+   *
+   * @param processor [[SearchResultHandler.RecordProcessor]] implementation
+   */
+  @throws[NamingException]
+  def handle(processor: SearchResultHandler.RecordProcessor): Unit = {
+    try {
+      searchResults.foreach { searchResult =>
+        while (searchResult.hasMore) if (!processor.apply(searchResult.next)) return
+      }
+    } finally {
+      searchResults.foreach { searchResult =>
+        try {
+          searchResult.close()
+        } catch {
+          case ex: NamingException =>
+            warn("Failed to close LDAP search result", ex)
+        }
+      }
+    }
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
new file mode 100644
index 000000000..7c2f22ed8
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.KyuubiConf
+
+object UserFilterFactory extends FilterFactory with Logging {
+  override def getInstance(conf: KyuubiConf): Option[Filter] = {
+    val userFilter = conf.get(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER)
+    if (userFilter.isEmpty) None else Some(new UserFilter(userFilter))
+  }
+}
+
+class UserFilter(_userFilter: Seq[String]) extends Filter with Logging {
+
+  lazy val userFilter: Seq[String] = _userFilter.map(_.toLowerCase)
+
+  @throws[AuthenticationException]
+  override def apply(ldap: DirSearch, user: String): Unit = {
+    info("Authenticating user '$user' using user filter")
+    val userName = LdapUtils.extractUserName(user).toLowerCase
+    if (!userFilter.contains(userName)) {
+      info("Authentication failed based on user membership")
+      throw new AuthenticationException(
+        "Authentication failed: User not a member of specified list")
+    }
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterFactory.scala
new file mode 100644
index 000000000..9e8bdf364
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterFactory.scala
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.NamingException
+import javax.security.sasl.AuthenticationException
+
+import org.apache.kyuubi.config.KyuubiConf
+
+/**
+ * A factory for a [[Filter]] that check whether provided user could be found in the directory.
+ * <br>
+ * The produced filter object filters out all users that are not found in the directory.
+ */
+object UserSearchFilterFactory extends FilterFactory {
+  override def getInstance(conf: KyuubiConf): Option[Filter] = {
+    val groupFilter = conf.get(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER)
+    val userFilter = conf.get(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER)
+    if (groupFilter.isEmpty && userFilter.isEmpty) None else Some(UserSearchFilter)
+  }
+}
+
+object UserSearchFilter extends Filter {
+  @throws[AuthenticationException]
+  override def apply(client: DirSearch, user: String): Unit = {
+    try {
+      val userDn = client.findUserDn(user)
+      // This should not be null because we were allowed to bind with this username
+      // safe check in case we were able to bind anonymously.
+      if (userDn == null) {
+        throw new AuthenticationException("Authentication failed: User search failed")
+      }
+    } catch {
+      case e: NamingException =>
+        throw new AuthenticationException("LDAP Authentication failed for user", e)
+    }
+  }
+}
diff --git a/kyuubi-common/src/test/resources/ldap/ad.example.com.ldif b/kyuubi-common/src/test/resources/ldap/ad.example.com.ldif
new file mode 100644
index 000000000..68cd01d0f
--- /dev/null
+++ b/kyuubi-common/src/test/resources/ldap/ad.example.com.ldif
@@ -0,0 +1,150 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+dn: dc=ad,dc=example,dc=com
+dc: ad
+objectClass: top
+objectClass: domain
+
+dn: ou=Engineering,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Engineering
+
+dn: ou=Management,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Management
+
+dn: ou=Administration,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Administration
+
+dn: ou=Teams,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Teams
+
+dn: ou=Resources,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Resources
+
+dn: cn=Team 1,ou=Teams,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: team1
+cn: Team 1
+member: sAMAccountName=engineer1,ou=Engineering,dc=ad,dc=example,dc=com
+member: sAMAccountName=manager1,ou=Management,dc=ad,dc=example,dc=com
+
+dn: cn=Team 2,ou=Teams,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: team2
+cn: Team 2
+member: sAMAccountName=engineer2,ou=Engineering,dc=ad,dc=example,dc=com
+member: sAMAccountName=manager2,ou=Management,dc=ad,dc=example,dc=com
+
+dn: cn=Resource 1,ou=Resources,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: resource1
+cn: Resource 1
+member: sAMAccountName=engineer1,ou=Engineering,dc=ad,dc=example,dc=com
+
+dn: cn=Resource 2,ou=Resources,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: resource2
+cn: Resource 2
+member: sAMAccountName=engineer2,ou=Engineering,dc=ad,dc=example,dc=com
+
+dn: cn=Admins,ou=Administration,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: admins
+cn: Admins
+uniqueMember: sAMAccountName=admin1,ou=Administration,dc=ad,dc=example,dc=com
+
+dn: sAMAccountName=engineer1,ou=Engineering,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: engineer1
+cn: Engineer 1
+sn: Surname 1
+userPassword: engineer1-password
+memberOf: cn=Team 1,ou=Teams,dc=ad,dc=example,dc=com
+memberOf: cn=Resource 1,ou=Resources,dc=ad,dc=example,dc=com
+
+dn: sAMAccountName=engineer2,ou=Engineering,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: engineer2
+cn: Engineer 2
+sn: Surname 2
+userPassword: engineer2-password
+memberOf: cn=Team 2,ou=Teams,dc=ad,dc=example,dc=com
+memberOf: cn=Resource 2,ou=Resources,dc=ad,dc=example,dc=com
+
+dn: sAMAccountName=manager1,ou=Management,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: manager1
+cn: Manager 1
+sn: Surname 1
+userPassword: manager1-password
+memberOf: cn=Team 1,ou=Teams,dc=ad,dc=example,dc=com
+
+dn: sAMAccountName=manager2,ou=Management,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: manager2
+cn: Manager 2
+sn: Surname 2
+userPassword: manager2-password
+memberOf: cn=Team 2,ou=Teams,dc=ad,dc=example,dc=com
+
+dn: sAMAccountName=admin1,ou=Administration,dc=ad,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: microsoftSecurityPrincipal
+sAMAccountName: admin1
+cn: Admin 1
+sn: Surname 1
+userPassword: admin1-password
+memberOf: cn=Admins,ou=Administration,dc=ad,dc=example,dc=com
diff --git a/kyuubi-common/src/test/resources/ldap/example.com.ldif b/kyuubi-common/src/test/resources/ldap/example.com.ldif
new file mode 100644
index 000000000..f19eb2f93
--- /dev/null
+++ b/kyuubi-common/src/test/resources/ldap/example.com.ldif
@@ -0,0 +1,113 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+dn: ou=People,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+description: Contains entries which describe persons (seamen)
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Groups
+description: Contains entries which describe groups (crews, for instance)
+
+dn: uid=group1,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+uid: group1
+cn: group1
+ou: Groups
+member: uid=user1,ou=People,dc=example,dc=com
+
+dn: uid=group2,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+uid: group2
+cn: group2
+ou: Groups
+member: uid=user2,ou=People,dc=example,dc=com
+
+dn: cn=group3,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+uid: group3
+cn: group3
+ou: Groups
+member: cn=user3,ou=People,dc=example,dc=com
+
+dn: cn=group4,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+objectClass: uidObject
+uid: group4
+ou: Groups
+cn: group4
+uniqueMember: cn=user4,ou=People,dc=example,dc=com
+
+dn: uid=user1,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: uidObject
+givenName: Test1
+cn: Test User1
+sn: user1
+uid: user1
+userPassword: user1
+
+dn: uid=user2,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: uidObject
+givenName: Test2
+cn: Test User2
+sn: user2
+uid: user2
+userPassword: user2
+
+dn: cn=user3,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: uidObject
+givenName: Test3
+cn: Test User3
+sn: user3
+uid: user3
+userPassword: user3
+
+dn: cn=user4,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: uidObject
+givenName: Test4
+cn: Test User4
+sn: user4
+uid: user4
+userPassword: user4
+
diff --git a/kyuubi-common/src/test/resources/ldap/microsoft.schema.ldif b/kyuubi-common/src/test/resources/ldap/microsoft.schema.ldif
new file mode 100644
index 000000000..3e3a9a5c1
--- /dev/null
+++ b/kyuubi-common/src/test/resources/ldap/microsoft.schema.ldif
@@ -0,0 +1,62 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+dn: cn=microsoft, ou=schema
+objectclass: metaSchema
+objectclass: top
+cn: microsoft
+
+dn: ou=attributetypes, cn=microsoft, ou=schema
+objectclass: organizationalUnit
+objectclass: top
+ou: attributetypes
+
+dn: m-oid=1.2.840.113556.1.4.221, ou=attributetypes, cn=microsoft, ou=schema
+objectclass: metaAttributeType
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.4.221
+m-name: sAMAccountName
+m-equality: caseIgnoreMatch
+m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
+m-singleValue: TRUE
+
+dn: m-oid=1.2.840.113556.1.4.222, ou=attributetypes, cn=microsoft, ou=schema
+objectclass: metaAttributeType
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.4.222
+m-name: memberOf
+m-equality: caseIgnoreMatch
+m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
+m-singleValue: FALSE
+
+dn: ou=objectClasses, cn=microsoft, ou=schema
+objectclass: organizationalUnit
+objectclass: top
+ou: objectClasses
+
+dn: m-oid=1.2.840.113556.1.5.6, ou=objectClasses, cn=microsoft, ou=schema
+objectclass: metaObjectClass
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.5.6
+m-name: microsoftSecurityPrincipal
+m-supObjectClass: top
+m-typeObjectClass: AUXILIARY
+m-must: sAMAccountName
+m-may: memberOf
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAtnProviderSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAtnProviderSuite.scala
new file mode 100644
index 000000000..c3c67e421
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAtnProviderSuite.scala
@@ -0,0 +1,493 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication
+
+import com.unboundid.ldap.sdk.Entry
+
+import org.apache.kyuubi.service.authentication.ldap.{LdapAuthenticationTestCase, User}
+
+class LdapAtnProviderSuite extends WithLdapServer {
+
+  override protected val ldapBaseDn: Array[String] = Array(
+    "dc=example,dc=com",
+    "cn=microsoft,ou=schema")
+
+  private val GROUP1_NAME = "group1"
+  private val GROUP2_NAME = "group2"
+  private val GROUP3_NAME = "group3"
+  private val GROUP4_NAME = "group4"
+
+  private val GROUP_ADMINS_NAME = "admins"
+  private val GROUP_TEAM1_NAME = "team1"
+  private val GROUP_TEAM2_NAME = "team2"
+  private val GROUP_RESOURCE1_NAME = "resource1"
+  private val GROUP_RESOURCE2_NAME = "resource2"
+
+  private val USER1 =
+    User.useIdForPassword(id = "user1", dn = "uid=user1,ou=People,dc=example,dc=com")
+
+  private val USER2 =
+    User.useIdForPassword(id = "user2", dn = "uid=user2,ou=People,dc=example,dc=com")
+
+  private val USER3 =
+    User.useIdForPassword(id = "user3", dn = "cn=user3,ou=People,dc=example,dc=com")
+
+  private val USER4 =
+    User.useIdForPassword(id = "user4", dn = "cn=user4,ou=People,dc=example,dc=com")
+
+  private val ENGINEER_1 = User(
+    id = "engineer1",
+    dn = "sAMAccountName=engineer1,ou=Engineering,dc=ad,dc=example,dc=com",
+    password = "engineer1-password")
+
+  private val ENGINEER_2 = User(
+    id = "engineer2",
+    dn = "sAMAccountName=engineer2,ou=Engineering,dc=ad,dc=example,dc=com",
+    password = "engineer2-password")
+
+  private val MANAGER_1 = User(
+    id = "manager1",
+    dn = "sAMAccountName=manager1,ou=Management,dc=ad,dc=example,dc=com",
+    password = "manager1-password")
+
+  private val MANAGER_2 = User(
+    id = "manager2",
+    dn = "sAMAccountName=manager2,ou=Management,dc=ad,dc=example,dc=com",
+    password = "manager2-password")
+
+  private val ADMIN_1 = User(
+    id = "admin1",
+    dn = "sAMAccountName=admin1,ou=Administration,dc=ad,dc=example,dc=com",
+    password = "admin1-password")
+
+  private var testCase: LdapAuthenticationTestCase = _
+
+  private def defaultBuilder = LdapAuthenticationTestCase.builder.ldapUrl(ldapUrl)
+
+  override def beforeAll(): Unit = {
+    super.beforeAll()
+    ldapServer.add(new Entry(
+      "dn: dc=example,dc=com",
+      "dc: example",
+      "objectClass: top",
+      "objectClass: domain"))
+
+    applyLDIF("ldap/example.com.ldif")
+    applyLDIF("ldap/microsoft.schema.ldif")
+    applyLDIF("ldap/ad.example.com.ldif")
+  }
+
+  test("In-Memory LDAP server is started") {
+    assert(ldapServer.getListenPort > 0)
+  }
+
+  test("UserBindPositiveWithShortname") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+  }
+
+  test("UserBindPositiveWithShortnameOldConfig") {
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+  }
+
+  test("UserBindNegativeWithShortname") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithId)
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithId)
+  }
+
+  test("UserBindNegativeWithShortnameOldConfig") {
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithId)
+    testCase.assertAuthenticateFails(USER1.dn, USER2.password)
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithId)
+  }
+
+  test("UserBindPositiveWithDN") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserBindPositiveWithDNOldConfig") {
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserBindPositiveWithDNWrongOldConfig") {
+    testCase = defaultBuilder
+      .baseDN("ou=DummyPeople,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserBindPositiveWithDNWrongConfig") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=DummyPeople,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=DummyGroups,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserBindPositiveWithDNBlankConfig") {
+    testCase = defaultBuilder
+      .userDNPatterns(" ")
+      .groupDNPatterns(" ")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserBindPositiveWithDNBlankOldConfig") {
+    testCase = defaultBuilder.baseDN("").build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserBindNegativeWithDN") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithDn)
+    testCase.assertAuthenticateFails(USER1.dn, USER2.password)
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithDn)
+  }
+
+  test("UserBindNegativeWithDNOldConfig") {
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .build
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithDn)
+    testCase.assertAuthenticateFails(USER1.dn, USER2.password)
+    testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithDn)
+  }
+
+  test("UserFilterPositive") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .userFilters(USER1.id)
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .userFilters(USER2.id)
+      .build
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .userFilters(USER1.id, USER2.id)
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserFilterNegative") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .userFilters(USER2.id)
+      .build
+    testCase.assertAuthenticateFails(USER1.credentialsWithId)
+    testCase.assertAuthenticateFails(USER1.credentialsWithDn)
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .userFilters(USER1.id)
+      .build
+    testCase.assertAuthenticateFails(USER2.credentialsWithId)
+    testCase.assertAuthenticateFails(USER2.credentialsWithDn)
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .userFilters(USER3.id)
+      .build
+    testCase.assertAuthenticateFails(USER1.credentialsWithId)
+    testCase.assertAuthenticateFails(USER2.credentialsWithId)
+  }
+
+  test("GroupFilterPositive") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .groupFilters(GROUP1_NAME, GROUP2_NAME)
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .groupFilters(GROUP2_NAME)
+      .build
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("GroupFilterNegative") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .groupFilters(GROUP2_NAME)
+      .build
+    testCase.assertAuthenticateFails(USER1.credentialsWithId)
+    testCase.assertAuthenticateFails(USER1.credentialsWithDn)
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .groupFilters(GROUP1_NAME)
+      .build
+    testCase.assertAuthenticateFails(USER2.credentialsWithId)
+    testCase.assertAuthenticateFails(USER2.credentialsWithDn)
+  }
+
+  test("UserAndGroupFilterPositive") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .userFilters(USER1.id, USER2.id)
+      .groupFilters(GROUP1_NAME, GROUP2_NAME)
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+  }
+
+  test("UserAndGroupFilterNegative") {
+    testCase = defaultBuilder
+      .userDNPatterns("uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com")
+      .userFilters(USER1.id, USER2.id)
+      .groupFilters(GROUP3_NAME, GROUP3_NAME)
+      .build
+    testCase.assertAuthenticateFails(USER2.credentialsWithDn)
+    testCase.assertAuthenticateFails(USER2.credentialsWithId)
+    testCase.assertAuthenticateFails(USER3.credentialsWithDn)
+    testCase.assertAuthenticateFails(USER3.credentialsWithId)
+  }
+
+  test("CustomQueryPositive") {
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com", "uid=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=People,dc=example,dc=com")
+      .customQuery(String.format("(&(objectClass=person)(|(uid=%s)(uid=%s)))", USER1.id, USER4.id))
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER4.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER4.credentialsWithDn)
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .customQuery("(&(objectClass=person)(uid=%s))")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+  }
+
+  test("CustomQueryNegative") {
+    testCase = defaultBuilder
+      .baseDN("ou=People,dc=example,dc=com")
+      .customQuery("(&(objectClass=person)(cn=%s))")
+      .build
+    testCase.assertAuthenticateFails(USER2.credentialsWithDn)
+    testCase.assertAuthenticateFails(USER2.credentialsWithId)
+  }
+
+  /**
+   * Test to test the LDAP Atn to use a custom LDAP query that returns
+   * a) A set of group DNs
+   * b) A combination of group(s) DN and user DN
+   * LDAP atn is expected to extract the members of the group using the attribute value for
+   * `kyuubi.authentication.ldap.userMembershipKey`
+   */
+  test("CustomQueryWithGroupsPositive") {
+    testCase = defaultBuilder
+      .baseDN("dc=example,dc=com")
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com", "uid=%s,ou=People,dc=example,dc=com")
+      .customQuery(s"(&(objectClass=groupOfNames)(|(cn=$GROUP1_NAME)(cn=$GROUP2_NAME)))")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER2.credentialsWithDn)
+    // the following test uses a query that returns a group and a user entry.
+    // the ldap atn should use the groupMembershipKey to identify the users for the returned group
+    // and the authentication should succeed for the users of that group as well as the lone user4
+    // in this case
+    testCase = defaultBuilder
+      .baseDN("dc=example,dc=com")
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com", "uid=%s,ou=People,dc=example,dc=com")
+      .customQuery(
+        s"(|(&(objectClass=groupOfNames)(cn=$GROUP1_NAME))(&(objectClass=person)(sn=${USER4.id})))")
+      .build
+    testCase.assertAuthenticatePasses(USER1.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER1.credentialsWithDn)
+    testCase.assertAuthenticatePasses(USER4.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER4.credentialsWithDn)
+    testCase = defaultBuilder
+      .baseDN("dc=example,dc=com")
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com", "uid=%s,ou=People,dc=example,dc=com")
+      .groupMembershipKey("uniqueMember")
+      .customQuery(s"(&(objectClass=groupOfUniqueNames)(cn=$GROUP4_NAME))")
+      .build
+    testCase.assertAuthenticatePasses(USER4.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER4.credentialsWithDn)
+  }
+
+  test("CustomQueryWithGroupsNegative") {
+    testCase = defaultBuilder
+      .baseDN("dc=example,dc=com")
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com", "uid=%s,ou=People,dc=example,dc=com")
+      .customQuery(s"(&(objectClass=groupOfNames)(|(cn=$GROUP1_NAME)(cn=$GROUP2_NAME)))")
+      .build
+    testCase.assertAuthenticateFails(USER3.credentialsWithDn)
+    testCase.assertAuthenticateFails(USER3.credentialsWithId)
+  }
+
+  test("GroupFilterPositiveWithCustomGUID") {
+    testCase = defaultBuilder
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=Groups,dc=example,dc=com")
+      .groupFilters(GROUP3_NAME)
+      .guidKey("cn")
+      .build
+    testCase.assertAuthenticatePasses(USER3.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER3.credentialsWithDn)
+  }
+
+  test("GroupFilterPositiveWithCustomAttributes") {
+    testCase = defaultBuilder
+      .userDNPatterns("cn=%s,ou=People,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=Groups,dc=example,dc=com")
+      .groupFilters(GROUP4_NAME)
+      .guidKey("cn")
+      .groupMembershipKey("uniqueMember")
+      .groupClassKey("groupOfUniqueNames")
+      .build
+    testCase.assertAuthenticatePasses(USER4.credentialsWithId)
+    testCase.assertAuthenticatePasses(USER4.credentialsWithDn)
+  }
+
+  test("DirectUserMembershipGroupFilterPositive") {
+    testCase = defaultBuilder
+      .userDNPatterns(
+        "sAMAccountName=%s,ou=Engineering,dc=ad,dc=example,dc=com",
+        "sAMAccountName=%s,ou=Management,dc=ad,dc=example,dc=com")
+      .groupDNPatterns(
+        "sAMAccountName=%s,ou=Teams,dc=ad,dc=example,dc=com",
+        "sAMAccountName=%s,ou=Resources,dc=ad,dc=example,dc=com")
+      .groupFilters(GROUP_TEAM1_NAME, GROUP_TEAM2_NAME, GROUP_RESOURCE1_NAME, GROUP_RESOURCE2_NAME)
+      .guidKey("sAMAccountName")
+      .userMembershipKey("memberOf")
+      .build
+    testCase.assertAuthenticatePasses(ENGINEER_1.credentialsWithId)
+    testCase.assertAuthenticatePasses(ENGINEER_2.credentialsWithId)
+    testCase.assertAuthenticatePasses(MANAGER_1.credentialsWithId)
+    testCase.assertAuthenticatePasses(MANAGER_2.credentialsWithId)
+  }
+
+  test("DirectUserMembershipGroupFilterNegative") {
+    testCase = defaultBuilder
+      .userDNPatterns(
+        "sAMAccountName=%s,ou=Engineering,dc=ad,dc=example,dc=com",
+        "sAMAccountName=%s,ou=Management,dc=ad,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=Teams,dc=ad,dc=example,dc=com")
+      .groupFilters(GROUP_TEAM1_NAME)
+      .guidKey("sAMAccountName")
+      .userMembershipKey("memberOf")
+      .build
+    testCase.assertAuthenticateFails(ENGINEER_2.credentialsWithId)
+    testCase.assertAuthenticateFails(MANAGER_2.credentialsWithId)
+  }
+
+  test("DirectUserMembershipGroupFilterNegativeWithoutUserBases") {
+    testCase = defaultBuilder
+      .groupDNPatterns("cn=%s,ou=Teams,dc=ad,dc=example,dc=com")
+      .groupFilters(GROUP_TEAM1_NAME)
+      .guidKey("sAMAccountName")
+      .userMembershipKey("memberOf")
+      .build
+    testCase.assertAuthenticateFails(ENGINEER_1.credentialsWithId)
+    testCase.assertAuthenticateFails(ENGINEER_2.credentialsWithId)
+    testCase.assertAuthenticateFails(MANAGER_1.credentialsWithId)
+    testCase.assertAuthenticateFails(MANAGER_2.credentialsWithId)
+  }
+
+  test("DirectUserMembershipGroupFilterWithDNCredentials") {
+    testCase = defaultBuilder
+      .userDNPatterns("sAMAccountName=%s,ou=Engineering,dc=ad,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=Teams,dc=ad,dc=example,dc=com")
+      .groupFilters(GROUP_TEAM1_NAME)
+      .guidKey("sAMAccountName")
+      .userMembershipKey("memberOf")
+      .build
+    testCase.assertAuthenticatePasses(ENGINEER_1.credentialsWithDn)
+    testCase.assertAuthenticateFails(MANAGER_1.credentialsWithDn)
+  }
+
+  test("DirectUserMembershipGroupFilterWithDifferentGroupClassKey") {
+    testCase = defaultBuilder
+      .userDNPatterns("sAMAccountName=%s,ou=Administration,dc=ad,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=Administration,dc=ad,dc=example,dc=com")
+      .groupFilters(GROUP_ADMINS_NAME).guidKey("sAMAccountName")
+      .userMembershipKey("memberOf")
+      .groupClassKey("groupOfUniqueNames")
+      .build
+    testCase.assertAuthenticatePasses(ADMIN_1.credentialsWithId)
+    testCase.assertAuthenticateFails(ENGINEER_1.credentialsWithId)
+    testCase.assertAuthenticateFails(MANAGER_1.credentialsWithDn)
+  }
+
+  test("DirectUserMembershipGroupFilterNegativeWithWrongGroupClassKey") {
+    testCase = defaultBuilder
+      .userDNPatterns("sAMAccountName=%s,ou=Administration,dc=ad,dc=example,dc=com")
+      .groupDNPatterns("cn=%s,ou=Administration,dc=ad,dc=example,dc=com")
+      .groupFilters(GROUP_ADMINS_NAME).guidKey("sAMAccountName")
+      .userMembershipKey("memberOf")
+      .groupClassKey("wrongClass")
+      .build
+    testCase.assertAuthenticateFails(ADMIN_1.credentialsWithId)
+    testCase.assertAuthenticateFails(ENGINEER_1.credentialsWithId)
+    testCase.assertAuthenticateFails(MANAGER_1.credentialsWithDn)
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
index 639411628..718fc6f6e 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
@@ -17,63 +17,357 @@
 
 package org.apache.kyuubi.service.authentication
 
-import javax.naming.CommunicationException
+import javax.naming.NamingException
 import javax.security.sasl.AuthenticationException
 
+import org.mockito.ArgumentMatchers.{any, anyString, eq => mockEq, isA}
+import org.mockito.Mockito._
+import org.scalatestplus.mockito.MockitoSugar.mock
+
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.service.authentication.ldap.{DirSearch, DirSearchFactory, LdapSearchFactory}
 
 class LdapAuthenticationProviderImplSuite extends WithLdapServer {
-  override protected val ldapUser: String = "kentyao"
-  override protected val ldapUserPasswd: String = "kentyao"
 
-  private val conf = new KyuubiConf()
+  private var conf: KyuubiConf = _
+  private var factory: DirSearchFactory = _
+  private var search: DirSearch = _
+  private var auth: LdapAuthenticationProviderImpl = _
 
-  override def beforeAll(): Unit = {
-    super.beforeAll()
+  override protected def beforeEach(): Unit = {
+    super.beforeEach()
+    conf = new KyuubiConf()
     conf.set(AUTHENTICATION_LDAP_URL, ldapUrl)
+    factory = mock[DirSearchFactory]
+    search = mock[DirSearch]
+    when(factory.getInstance(any(classOf[KyuubiConf]), anyString, anyString))
+      .thenReturn(search)
+  }
+
+  test("authenticateGivenBlankOrNullPassword") {
+    Seq("", "\0", null).foreach { pwd =>
+      auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory)
+      val thrown = intercept[AuthenticationException] {
+        auth.authenticate("user", pwd)
+      }
+      assert(thrown.getMessage.contains("is null or contains blank space"))
+    }
+  }
+
+  test("AuthenticateNoUserOrGroupFilter") {
+    conf.set(
+      AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "cn=%s,ou=Users,dc=mycorp,dc=com:cn=%s,ou=PowerUsers,dc=mycorp,dc=com")
+    val factory = mock[DirSearchFactory]
+    lenient
+      .when(search.findUserDn("user1"))
+      .thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+    when(factory.getInstance(conf, "cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "Blah"))
+      .thenReturn(search)
+    when(factory.getInstance(conf, "cn=user1,ou=Users,dc=mycorp,dc=com", "Blah"))
+      .thenThrow(classOf[AuthenticationException])
+
+    auth = new LdapAuthenticationProviderImpl(conf, factory)
+    auth.authenticate("user1", "Blah")
+
+    verify(factory, times(2)).getInstance(isA(classOf[KyuubiConf]), anyString, mockEq("Blah"))
+    verify(search, atLeastOnce).close()
+  }
+
+  test("AuthenticateWhenUserFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1,user2")
+
+    when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+    when(search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")
+
+    authenticateUserAndCheckSearchIsClosed("user1")
+    authenticateUserAndCheckSearchIsClosed("user2")
+  }
+
+  test("AuthenticateWhenLoginWithDomainAndUserFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1")
+
+    when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+
+    authenticateUserAndCheckSearchIsClosed("user1@mydomain.com")
+  }
+
+  test("AuthenticateWhenLoginWithDnAndUserFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1")
+
+    when(search.findUserDn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"))
+      .thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+
+    authenticateUserAndCheckSearchIsClosed("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
   }
 
-  override def afterAll(): Unit = {
-    super.afterAll()
+  test("AuthenticateWhenUserSearchFails") {
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1,user2")
+    intercept[AuthenticationException] {
+      when(search.findUserDn("user1")).thenReturn(null)
+      authenticateUserAndCheckSearchIsClosed("user1")
+    }
   }
 
-  test("ldap server is started") {
-    assert(ldapServer.getListenPort > 0)
+  test("AuthenticateWhenUserFilterFails") {
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1,user2")
+    intercept[AuthenticationException] {
+      when(search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com")
+      authenticateUserAndCheckSearchIsClosed("user3")
+    }
   }
 
-  test("authenticate tests") {
-    val providerImpl = new LdapAuthenticationProviderImpl(conf)
-    val e1 = intercept[AuthenticationException](providerImpl.authenticate("", ""))
-    assert(e1.getMessage.contains("user is null"))
-    val e2 = intercept[AuthenticationException](providerImpl.authenticate("kyuubi", ""))
-    assert(e2.getMessage.contains("password is null"))
+  test("AuthenticateWhenGroupMembershipKeyFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "group1,group2")
+
+    when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+    when(search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")
 
-    val user = "uid=kentyao,ou=users"
-    providerImpl.authenticate(user, "kentyao")
-    val e3 = intercept[AuthenticationException](
-      providerImpl.authenticate(user, "kent"))
-    assert(e3.getMessage.contains(user))
-    assert(e3.getCause.isInstanceOf[javax.naming.AuthenticationException])
+    when(search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"))
+      .thenReturn(Array(
+        "cn=testGroup,ou=Groups,dc=mycorp,dc=com",
+        "cn=group1,ou=Groups,dc=mycorp,dc=com"))
+    when(search.findGroupsForUser("cn=user2,ou=PowerUsers,dc=mycorp,dc=com"))
+      .thenReturn(Array(
+        "cn=testGroup,ou=Groups,dc=mycorp,dc=com",
+        "cn=group2,ou=Groups,dc=mycorp,dc=com"))
+
+    authenticateUserAndCheckSearchIsClosed("user1")
+    authenticateUserAndCheckSearchIsClosed("user2")
+  }
 
-    conf.set(AUTHENTICATION_LDAP_BASEDN, ldapBaseDn)
-    val providerImpl2 = new LdapAuthenticationProviderImpl(conf)
-    providerImpl2.authenticate("kentyao", "kentyao")
+  test("AuthenticateWhenUserAndGroupMembershipKeyFiltersPass") {
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "group1,group2")
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1,user2")
 
-    val e4 = intercept[AuthenticationException](
-      providerImpl.authenticate("kentyao", "kent"))
-    assert(e4.getMessage.contains(user))
+    when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+    when(search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")
 
-    conf.unset(AUTHENTICATION_LDAP_URL)
-    val providerImpl3 = new LdapAuthenticationProviderImpl(conf)
-    val e5 = intercept[AuthenticationException](
-      providerImpl3.authenticate("kentyao", "kentyao"))
+    when(search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"))
+      .thenReturn(Array(
+        "cn=testGroup,ou=Groups,dc=mycorp,dc=com",
+        "cn=group1,ou=Groups,dc=mycorp,dc=com"))
+    when(search.findGroupsForUser("cn=user2,ou=PowerUsers,dc=mycorp,dc=com"))
+      .thenReturn(Array(
+        "cn=testGroup,ou=Groups,dc=mycorp,dc=com",
+        "cn=group2,ou=Groups,dc=mycorp,dc=com"))
+
+    authenticateUserAndCheckSearchIsClosed("user1")
+    authenticateUserAndCheckSearchIsClosed("user2")
+  }
+
+  test("AuthenticateWhenUserFilterPassesAndGroupMembershipKeyFilterFails") {
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "group1,group2")
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1,user2")
+    intercept[AuthenticationException] {
+      when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+      when(search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"))
+        .thenReturn(Array(
+          "cn=testGroup,ou=Groups,dc=mycorp,dc=com",
+          "cn=OtherGroup,ou=Groups,dc=mycorp,dc=com"))
+      authenticateUserAndCheckSearchIsClosed("user1")
+    }
+  }
+
+  test("AuthenticateWhenUserFilterFailsAndGroupMembershipKeyFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "group3")
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user1,user2")
+    intercept[AuthenticationException] {
+      when(search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com")
+      lenient.when(search.findGroupsForUser("cn=user3,ou=PowerUsers,dc=mycorp,dc=com"))
+        .thenReturn(Array(
+          "cn=testGroup,ou=Groups,dc=mycorp,dc=com",
+          "cn=group3,ou=Groups,dc=mycorp,dc=com"))
+      authenticateUserAndCheckSearchIsClosed("user3")
+    }
+  }
+
+  test("AuthenticateWhenCustomQueryFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_BASE_DN, "dc=mycorp,dc=com")
+    conf.set(
+      AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY,
+      "(&(objectClass=person)(|(memberOf=CN=Domain Admins,CN=Users,DC=apache,DC=org)" +
+        "(memberOf=CN=Administrators,CN=Builtin,DC=apache,DC=org)))")
+
+    when(search.executeCustomQuery(anyString))
+      .thenReturn(Array(
+        "cn=user1,ou=PowerUsers,dc=mycorp,dc=com",
+        "cn=user2,ou=PowerUsers,dc=mycorp,dc=com"))
+
+    authenticateUserAndCheckSearchIsClosed("user1")
+  }
+
+  test("AuthenticateWhenCustomQueryFilterFailsAndUserFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_BASE_DN, "dc=mycorp,dc=com")
+    conf.set(
+      AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY,
+      "(&(objectClass=person)(|(memberOf=CN=Domain Admins,CN=Users,DC=apache,DC=org)" +
+        "(memberOf=CN=Administrators,CN=Builtin,DC=apache,DC=org)))")
+    conf.set(AUTHENTICATION_LDAP_USER_FILTER.key, "user3")
+    intercept[AuthenticationException] {
+      lenient.when(search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com")
+      when(search.executeCustomQuery(anyString))
+        .thenReturn(Array(
+          "cn=user1,ou=PowerUsers,dc=mycorp,dc=com",
+          "cn=user2,ou=PowerUsers,dc=mycorp,dc=com"))
+      authenticateUserAndCheckSearchIsClosed("user3")
+    }
+  }
 
-    assert(e5.getMessage.contains(user))
-    assert(e5.getCause.isInstanceOf[CommunicationException])
+  test("AuthenticateWhenUserMembershipKeyFilterPasses") {
+    conf.set(AUTHENTICATION_LDAP_BASE_DN, "dc=mycorp,dc=com")
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "HIVE-USERS")
+    conf.set(AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, "memberOf")
+
+    when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+
+    val groupDn = "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"
+    when(search.findGroupDn("HIVE-USERS")).thenReturn(groupDn)
+    when(search.isUserMemberOfGroup("user1", groupDn)).thenReturn(true)
+
+    auth = new LdapAuthenticationProviderImpl(conf, factory)
+    auth.authenticate("user1", "Blah")
+
+    verify(factory, times(1)).getInstance(isA(classOf[KyuubiConf]), anyString, mockEq("Blah"))
+    verify(search, times(1)).findGroupDn(anyString)
+    verify(search, times(1)).isUserMemberOfGroup(anyString, anyString)
+    verify(search, atLeastOnce).close()
+  }
+
+  test("AuthenticateWhenUserMembershipKeyFilterFails") {
+    conf.set(AUTHENTICATION_LDAP_BASE_DN, "dc=mycorp,dc=com")
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "HIVE-USERS")
+    conf.set(AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, "memberOf")
+    intercept[AuthenticationException] {
+      when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+
+      val groupDn = "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"
+      when(search.findGroupDn("HIVE-USERS")).thenReturn(groupDn)
+      when(search.isUserMemberOfGroup("user1", groupDn)).thenReturn(false)
+
+      auth = new LdapAuthenticationProviderImpl(conf, factory)
+      auth.authenticate("user1", "Blah")
+    }
+  }
+
+  test("AuthenticateWhenUserMembershipKeyFilter2x2PatternsPasses") {
+    conf.set(AUTHENTICATION_LDAP_GROUP_FILTER.key, "HIVE-USERS1,HIVE-USERS2")
+    conf.set(AUTHENTICATION_LDAP_GROUP_DN_PATTERN, "cn=%s,ou=Groups,ou=branch1,dc=mycorp,dc=com")
+    conf.set(AUTHENTICATION_LDAP_USER_DN_PATTERN, "cn=%s,ou=Userss,ou=branch1,dc=mycorp,dc=com")
+    conf.set(AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, "memberOf")
+
+    when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")
+
+    when(search.findGroupDn("HIVE-USERS1"))
+      .thenReturn("cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com")
+    when(search.findGroupDn("HIVE-USERS2"))
+      .thenReturn("cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com")
+
+    when(search.isUserMemberOfGroup(
+      "user1",
+      "cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com"))
+      .thenThrow(classOf[NamingException])
+    when(search.isUserMemberOfGroup(
+      "user1",
+      "cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com"))
+      .thenReturn(true)
+
+    auth = new LdapAuthenticationProviderImpl(conf, factory)
+    auth.authenticate("user1", "Blah")
+
+    verify(factory, times(1)).getInstance(isA(classOf[KyuubiConf]), anyString, mockEq("Blah"))
+    verify(search, times(2)).findGroupDn(anyString)
+    verify(search, times(2)).isUserMemberOfGroup(anyString, anyString)
+    verify(search, atLeastOnce).close()
+  }
+
+  // Kyuubi does not implement it
+  // test("AuthenticateWithBindInCredentialFilePasses")
+  // test("testAuthenticateWithBindInMissingCredentialFilePasses")
+
+  test("AuthenticateWithBindUserPasses") {
+    val bindUser = "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val bindPass = "Blah"
+    val authFullUser = "cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val authUser = "user1"
+    val authPass = "Blah2"
+    conf.set(AUTHENTICATION_LDAP_BIND_USER, bindUser)
+    conf.set(AUTHENTICATION_LDAP_BIND_PASSWORD, bindPass)
+
+    when(search.findUserDn(mockEq(authUser))).thenReturn(authFullUser)
+
+    auth = new LdapAuthenticationProviderImpl(conf, factory)
+    auth.authenticate(authUser, authPass)
+
+    verify(factory, times(1)).getInstance(
+      isA(classOf[KyuubiConf]),
+      mockEq(bindUser),
+      mockEq(bindPass))
+    verify(factory, times(1)).getInstance(
+      isA(classOf[KyuubiConf]),
+      mockEq(authFullUser),
+      mockEq(authPass))
+    verify(search, times(1)).findUserDn(mockEq(authUser))
+  }
+
+  test("AuthenticateWithBindUserFailsOnAuthentication") {
+    val bindUser = "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val bindPass = "Blah"
+    val authFullUser = "cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val authUser = "user1"
+    val authPass = "Blah2"
+    conf.set(AUTHENTICATION_LDAP_BIND_USER, bindUser)
+    conf.set(AUTHENTICATION_LDAP_BIND_PASSWORD, bindPass)
+
+    intercept[AuthenticationException] {
+      when(
+        factory.getInstance(
+          any(classOf[KyuubiConf]),
+          mockEq(authFullUser),
+          mockEq(authPass))).thenThrow(classOf[AuthenticationException])
+      when(search.findUserDn(mockEq(authUser))).thenReturn(authFullUser)
+
+      auth = new LdapAuthenticationProviderImpl(conf, factory)
+      auth.authenticate(authUser, authPass)
+    }
+  }
+
+  test("AuthenticateWithBindUserFailsOnGettingDn") {
+    val bindUser = "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val bindPass = "Blah"
+    val authUser = "user1"
+    val authPass = "Blah2"
+    conf.set(AUTHENTICATION_LDAP_BIND_USER, bindUser)
+    conf.set(AUTHENTICATION_LDAP_BIND_PASSWORD, bindPass)
+
+    intercept[AuthenticationException] {
+      when(search.findUserDn(mockEq(authUser))).thenThrow(classOf[NamingException])
+      auth = new LdapAuthenticationProviderImpl(conf, factory)
+      auth.authenticate(authUser, authPass)
+    }
+  }
+
+  test("AuthenticateWithBindUserFailsOnBinding") {
+    val bindUser = "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val bindPass = "Blah"
+    val authUser = "user1"
+    val authPass = "Blah2"
+    conf.set(AUTHENTICATION_LDAP_BIND_USER, bindUser)
+    conf.set(AUTHENTICATION_LDAP_BIND_PASSWORD, bindPass)
+
+    intercept[AuthenticationException] {
+      when(factory.getInstance(any(classOf[KyuubiConf]), mockEq(bindUser), mockEq(bindPass)))
+        .thenThrow(classOf[AuthenticationException])
+
+      auth = new LdapAuthenticationProviderImpl(conf, factory)
+      auth.authenticate(authUser, authPass)
+    }
+  }
 
-    conf.set(AUTHENTICATION_LDAP_DOMAIN, "kyuubi.com")
-    val providerImpl4 = new LdapAuthenticationProviderImpl(conf)
-    intercept[AuthenticationException](providerImpl4.authenticate("kentyao", "kentyao"))
+  private def authenticateUserAndCheckSearchIsClosed(user: String): Unit = {
+    auth = new LdapAuthenticationProviderImpl(conf, factory)
+    try auth.authenticate(user, "password doesn't matter")
+    finally verify(search, atLeastOnce).close()
   }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/WithLdapServer.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/WithLdapServer.scala
index 0bb38684e..b31a06f20 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/WithLdapServer.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/WithLdapServer.scala
@@ -17,20 +17,36 @@
 
 package org.apache.kyuubi.service.authentication
 
+import scala.util.Random
+
 import com.unboundid.ldap.listener.{InMemoryDirectoryServer, InMemoryDirectoryServerConfig}
+import com.unboundid.ldif.LDIFReader
 
 import org.apache.kyuubi.{KyuubiFunSuite, Utils}
 
 trait WithLdapServer extends KyuubiFunSuite {
   protected var ldapServer: InMemoryDirectoryServer = _
-  protected val ldapBaseDn = "ou=users"
-  protected val ldapUser = Utils.currentUser
-  protected val ldapUserPasswd = "ldapPassword"
+  protected val ldapBaseDn: Array[String] = Array("ou=users")
+  protected val ldapUser: String = Utils.currentUser
+  protected val ldapUserPasswd: String = Random.alphanumeric.take(16).mkString
 
   protected def ldapUrl = s"ldap://localhost:${ldapServer.getListenPort}"
 
+  /**
+   * Apply LDIF files
+   * @param resource the LDIF file under classpath
+   */
+  def applyLDIF(resource: String): Unit = {
+    ldapServer.applyChangesFromLDIF(
+      new LDIFReader(Utils.getContextOrKyuubiClassLoader.getResource(resource).openStream()))
+  }
+
   override def beforeAll(): Unit = {
-    val config = new InMemoryDirectoryServerConfig(ldapBaseDn)
+    val config = new InMemoryDirectoryServerConfig(ldapBaseDn: _*)
+    // disable the schema so that we can apply LDIF which contains Microsoft's Active Directory
+    // specific definitions.
+    // https://myshittycode.com/2017/03/28/
+    config.setSchema(null)
     config.addAdditionalBindCredentials(s"uid=$ldapUser,ou=users", ldapUserPasswd)
     ldapServer = new InMemoryDirectoryServer(config)
     ldapServer.startListening()
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterSuite.scala
new file mode 100644
index 000000000..d76611b6e
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/ChainFilterSuite.scala
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.mockito.ArgumentMatchers.{any, anyString}
+import org.mockito.Mockito.{doThrow, times, verify, when}
+import org.scalatestplus.mockito.MockitoSugar.mock
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class ChainFilterSuite extends KyuubiFunSuite {
+  private var conf: KyuubiConf = _
+  private var filter1: Filter = _
+  private var filter2: Filter = _
+  private var filter3: Filter = _
+  private var factory1: FilterFactory = _
+  private var factory2: FilterFactory = _
+  private var factory3: FilterFactory = _
+  private var factory: FilterFactory = _
+  private var search: DirSearch = _
+
+  override def beforeEach(): Unit = {
+    conf = new KyuubiConf()
+    filter1 = mock[Filter]
+    filter2 = mock[Filter]
+    filter3 = mock[Filter]
+    factory1 = mock[FilterFactory]
+    factory2 = mock[FilterFactory]
+    factory3 = mock[FilterFactory]
+    factory = new ChainFilterFactory(factory1, factory2, factory3)
+    search = mock[DirSearch]
+    super.beforeEach()
+  }
+
+  test("FactoryAllNull") {
+    when(factory1.getInstance(any(classOf[KyuubiConf]))).thenReturn(None)
+    when(factory2.getInstance(any(classOf[KyuubiConf]))).thenReturn(None)
+    when(factory3.getInstance(any(classOf[KyuubiConf]))).thenReturn(None)
+    assert(factory.getInstance(conf).isEmpty)
+  }
+
+  test("FactoryAllEmpty") {
+    val emptyFactory = new ChainFilterFactory()
+    assert(emptyFactory.getInstance(conf).isEmpty)
+  }
+
+  test("Factory") {
+    when(factory1.getInstance(any(classOf[KyuubiConf]))).thenReturn(Some(filter1))
+    when(factory2.getInstance(any(classOf[KyuubiConf]))).thenReturn(Some(filter2))
+    when(factory3.getInstance(any(classOf[KyuubiConf]))).thenReturn(Some(filter3))
+    val filter = factory.getInstance(conf).get
+    filter.apply(search, "User")
+    verify(filter1, times(1)).apply(search, "User")
+    verify(filter2, times(1)).apply(search, "User")
+    verify(filter3, times(1)).apply(search, "User")
+  }
+
+  test("ApplyNegative") {
+    intercept[AuthenticationException] {
+      doThrow(classOf[AuthenticationException])
+        .when(filter3)
+        .apply(any().asInstanceOf[DirSearch], anyString)
+      when(factory1.getInstance(any(classOf[KyuubiConf]))).thenReturn(Some(filter1))
+      when(factory2.getInstance(any(classOf[KyuubiConf]))).thenReturn(None)
+      when(factory3.getInstance(any(classOf[KyuubiConf]))).thenReturn(Some(filter3))
+      val filter = factory.getInstance(conf).get
+      filter.apply(search, "User")
+    }
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterSuite.scala
new file mode 100644
index 000000000..5ece4c88c
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/CustomQueryFilterSuite.scala
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.mockito.ArgumentMatchers.{eq => mockEq}
+import org.mockito.Mockito.when
+import org.scalatestplus.mockito.MockitoSugar.mock
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class CustomQueryFilterSuite extends KyuubiFunSuite {
+  private val USER2_DN: String = "uid=user2,ou=People,dc=example,dc=com"
+  private val USER1_DN: String = "uid=user1,ou=People,dc=example,dc=com"
+  private val CUSTOM_QUERY: String = "(&(objectClass=person)(|(uid=user1)(uid=user2)))"
+
+  private val factory: FilterFactory = CustomQueryFilterFactory
+  private var conf: KyuubiConf = _
+  private var search: DirSearch = _
+
+  override def beforeEach(): Unit = {
+    conf = new KyuubiConf()
+    search = mock[DirSearch]
+    super.beforeEach()
+  }
+
+  test("Factory") {
+    conf.unset(KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY)
+    assert(factory.getInstance(conf).isEmpty)
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY, CUSTOM_QUERY)
+    assert(factory.getInstance(conf).isDefined)
+  }
+
+  test("ApplyPositive") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY, CUSTOM_QUERY)
+    when(search.executeCustomQuery(mockEq(CUSTOM_QUERY)))
+      .thenReturn(Array(USER1_DN, USER2_DN))
+    val filter: Filter = factory.getInstance(conf).get
+    filter.apply(search, "user1")
+    filter.apply(search, "user2")
+  }
+
+  test("ApplyNegative") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY, CUSTOM_QUERY)
+      when(search.executeCustomQuery(mockEq(CUSTOM_QUERY)))
+        .thenReturn(Array(USER1_DN, USER2_DN))
+      val filter: Filter = factory.getInstance(conf).get
+      filter.apply(search, "user3")
+    }
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterSuite.scala
new file mode 100644
index 000000000..f1e3c3581
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterSuite.scala
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.mockito.ArgumentMatchers.{eq => mockEq}
+import org.mockito.Mockito.{lenient, when}
+import org.scalatestplus.mockito.MockitoSugar.mock
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class GroupFilterSuite extends KyuubiFunSuite {
+  private val factory: FilterFactory = GroupFilterFactory
+  private var conf: KyuubiConf = _
+  private var search: DirSearch = _
+
+  override def beforeEach(): Unit = {
+    conf = new KyuubiConf
+    search = mock[DirSearch]
+    super.beforeEach()
+  }
+
+  test("GetInstanceWhenGroupFilterIsEmpty") {
+    conf.unset(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER)
+    assert(factory.getInstance(conf).isEmpty)
+  }
+
+  test("GetInstanceOfGroupMembershipKeyFilter") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "G1")
+    val instance: Filter = factory.getInstance(conf).get
+    assert(instance.isInstanceOf[GroupMembershipKeyFilter])
+  }
+
+  test("GetInstanceOfUserMembershipKeyFilter") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "G1")
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, "memberof")
+    val instance: Filter = factory.getInstance(conf).get
+    assert(instance.isInstanceOf[UserMembershipKeyFilter])
+  }
+
+  test("GroupMembershipKeyFilterApplyPositive") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "HiveUsers")
+    when(search.findUserDn(mockEq("user1")))
+      .thenReturn("cn=user1,ou=People,dc=example,dc=com")
+    when(search.findUserDn(mockEq("cn=user2,dc=example,dc=com")))
+      .thenReturn("cn=user2,ou=People,dc=example,dc=com")
+    when(search.findUserDn(mockEq("user3@mydomain.com")))
+      .thenReturn("cn=user3,ou=People,dc=example,dc=com")
+    when(search.findGroupsForUser(mockEq("cn=user1,ou=People,dc=example,dc=com")))
+      .thenReturn(Array(
+        "cn=SuperUsers,ou=Groups,dc=example,dc=com",
+        "cn=Office1,ou=Groups,dc=example,dc=com",
+        "cn=HiveUsers,ou=Groups,dc=example,dc=com",
+        "cn=G1,ou=Groups,dc=example,dc=com"))
+    when(search.findGroupsForUser(mockEq("cn=user2,ou=People,dc=example,dc=com")))
+      .thenReturn(Array("cn=HiveUsers,ou=Groups,dc=example,dc=com"))
+    when(search.findGroupsForUser(mockEq("cn=user3,ou=People,dc=example,dc=com")))
+      .thenReturn(Array(
+        "cn=HiveUsers,ou=Groups,dc=example,dc=com",
+        "cn=G1,ou=Groups,dc=example,dc=com",
+        "cn=G2,ou=Groups,dc=example,dc=com"))
+    val filter: Filter = factory.getInstance(conf).get
+    filter.apply(search, "user1")
+    filter.apply(search, "cn=user2,dc=example,dc=com")
+    filter.apply(search, "user3@mydomain.com")
+  }
+
+  test("GroupMembershipKeyCaseInsensitiveFilterApplyPositive") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "hiveusers,g1")
+    when(search.findUserDn(mockEq("user1")))
+      .thenReturn("cn=user1,ou=People,dc=example,dc=com")
+    when(search.findUserDn(mockEq("cn=user2,dc=example,dc=com")))
+      .thenReturn("cn=user2,ou=People,dc=example,dc=com")
+    when(search.findUserDn(mockEq("user3@mydomain.com")))
+      .thenReturn("cn=user3,ou=People,dc=example,dc=com")
+    when(search.findGroupsForUser(mockEq("cn=user1,ou=People,dc=example,dc=com")))
+      .thenReturn(Array(
+        "cn=SuperUsers,ou=Groups,dc=example,dc=com",
+        "cn=Office1,ou=Groups,dc=example,dc=com",
+        "cn=HiveUsers,ou=Groups,dc=example,dc=com",
+        "cn=G1,ou=Groups,dc=example,dc=com"))
+    when(search.findGroupsForUser(mockEq("cn=user2,ou=People,dc=example,dc=com")))
+      .thenReturn(Array("cn=HiveUsers,ou=Groups,dc=example,dc=com"))
+    when(search.findGroupsForUser(mockEq("cn=user3,ou=People,dc=example,dc=com")))
+      .thenReturn(Array(
+        "cn=G1,ou=Groups,dc=example,dc=com",
+        "cn=G2,ou=Groups,dc=example,dc=com"))
+    val filter: Filter = factory.getInstance(conf).get
+    filter.apply(search, "user1")
+    filter.apply(search, "cn=user2,dc=example,dc=com")
+    filter.apply(search, "user3@mydomain.com")
+  }
+
+  test("GroupMembershipKeyCaseInsensitiveFilterApplyNegative") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "hiveusers,containsg1")
+      lenient.when(search.findGroupsForUser(mockEq("user1")))
+        .thenReturn(Array("SuperUsers", "Office1", "G1", "G2"))
+      val filter: Filter = factory.getInstance(conf).get
+      filter.apply(search, "user1")
+    }
+  }
+
+  test("GroupMembershipKeyFilterApplyNegative") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "HiveUsers")
+      lenient.when(search.findGroupsForUser(mockEq("user1")))
+        .thenReturn(Array("SuperUsers", "Office1", "G1", "G2"))
+      val filter: Filter = factory.getInstance(conf).get
+      filter.apply(search, "user1")
+    }
+  }
+
+  test("UserMembershipKeyFilterApplyPositiveWithUserId") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY.key, "memberOf")
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "Group1,Group2")
+    when(search.findGroupDn("Group1")).thenReturn("cn=Group1,dc=a,dc=b")
+    when(search.findGroupDn("Group2")).thenReturn("cn=Group2,dc=a,dc=b")
+    when(search.isUserMemberOfGroup("User1", "cn=Group2,dc=a,dc=b")).thenReturn(true)
+    val filter: Filter = factory.getInstance(conf).get
+    filter.apply(search, "User1")
+  }
+
+  test("UserMembershipKeyFilterApplyPositiveWithUserDn") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY.key, "memberOf")
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "Group1,Group2")
+    when(search.findGroupDn("Group1")).thenReturn("cn=Group1,dc=a,dc=b")
+    when(search.findGroupDn("Group2")).thenReturn("cn=Group2,dc=a,dc=b")
+    when(search.isUserMemberOfGroup("cn=User1,dc=a,dc=b", "cn=Group2,dc=a,dc=b")).thenReturn(true)
+    val filter: Filter = factory.getInstance(conf).get
+    filter.apply(search, "cn=User1,dc=a,dc=b")
+  }
+
+  test("UserMembershipKeyFilterApplyNegative") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY.key, "memberOf")
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "Group1,Group2")
+      when(search.findGroupDn("Group1")).thenReturn("cn=Group1,dc=a,dc=b")
+      when(search.findGroupDn("Group2")).thenReturn("cn=Group2,dc=a,dc=b")
+      val filter: Filter = factory.getInstance(conf).get
+      filter.apply(search, "User1")
+    }
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala
new file mode 100644
index 000000000..e8b92ebc0
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import scala.collection.mutable
+
+import org.scalatest.Assertions.{fail, intercept}
+
+import org.apache.kyuubi.config.{ConfigEntry, KyuubiConf}
+import org.apache.kyuubi.service.authentication.LdapAuthenticationProviderImpl
+
+object LdapAuthenticationTestCase {
+  def builder: LdapAuthenticationTestCase.Builder = new LdapAuthenticationTestCase.Builder
+
+  class Builder {
+    private val overrides: mutable.Map[ConfigEntry[_], String] = new mutable.HashMap
+
+    var conf: KyuubiConf = _
+
+    def baseDN(baseDN: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, baseDN)
+
+    def guidKey(guidKey: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_GUID_KEY, guidKey)
+
+    def userDNPatterns(userDNPatterns: String*): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN, userDNPatterns.mkString(":"))
+
+    def userFilters(userFilters: String*): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER, userFilters.mkString(","))
+
+    def groupDNPatterns(groupDNPatterns: String*): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN, groupDNPatterns.mkString(":"))
+
+    def groupFilters(groupFilters: String*): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER, groupFilters.mkString(","))
+
+    def groupClassKey(groupClassKey: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_GROUP_CLASS_KEY, groupClassKey)
+
+    def ldapUrl(ldapUrl: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
+
+    def customQuery(customQuery: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_CUSTOM_LDAP_QUERY, customQuery)
+
+    def groupMembershipKey(groupMembershipKey: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_GROUP_MEMBERSHIP_KEY, groupMembershipKey)
+
+    def userMembershipKey(userMembershipKey: String): LdapAuthenticationTestCase.Builder =
+      setVarOnce(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, userMembershipKey)
+
+    private def setVarOnce(
+        confVar: ConfigEntry[_],
+        value: String): LdapAuthenticationTestCase.Builder = {
+      require(!overrides.contains(confVar), s"Property $confVar has been set already")
+      overrides.put(confVar, value)
+      this
+    }
+
+    def build: LdapAuthenticationTestCase = {
+      require(conf == null, "Test Case Builder should not be reused. Please create a new instance.")
+      conf = new KyuubiConf()
+      overrides.foreach { case (k, v) => conf.set(k.key, v) }
+      new LdapAuthenticationTestCase(this)
+    }
+  }
+}
+
+final class LdapAuthenticationTestCase(builder: LdapAuthenticationTestCase.Builder) {
+
+  private val ldapProvider = new LdapAuthenticationProviderImpl(builder.conf)
+
+  def assertAuthenticatePasses(credentials: Credentials): Unit =
+    try {
+      ldapProvider.authenticate(credentials.user, credentials.password)
+    } catch {
+      case e: AuthenticationException =>
+        throw new AssertionError(
+          s"Authentication failed for user '${credentials.user}' " +
+            s"with password '${credentials.password}'",
+          e)
+    }
+
+  def assertAuthenticateFails(credentials: Credentials): Unit = {
+    assertAuthenticateFails(credentials.user, credentials.password)
+  }
+
+  def assertAuthenticateFailsUsingWrongPassword(credentials: Credentials): Unit = {
+    assertAuthenticateFails(credentials.user, "not" + credentials.password)
+  }
+
+  def assertAuthenticateFails(user: String, password: String): Unit = {
+    val e = intercept[AuthenticationException] {
+      ldapProvider.authenticate(user, password)
+      fail(s"Expected authentication to fail for $user")
+    }
+    assert(e != null)
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchSuite.scala
new file mode 100644
index 000000000..3bf27127b
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapSearchSuite.scala
@@ -0,0 +1,298 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.{NamingEnumeration, NamingException}
+import javax.naming.directory.{DirContext, SearchControls, SearchResult}
+
+import org.mockito.ArgumentMatchers.{any, anyString, contains, eq => mockEq}
+import org.mockito.Mockito.{atLeastOnce, verify, when}
+import org.scalatestplus.mockito.MockitoSugar.mock
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.service.authentication.ldap.LdapTestUtils._
+
+class LdapSearchSuite extends KyuubiFunSuite {
+  private var conf: KyuubiConf = _
+  private var ctx: DirContext = _
+  private var search: LdapSearch = _
+
+  override protected def beforeEach(): Unit = {
+    conf = new KyuubiConf()
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, "memberOf")
+    ctx = mock[DirContext]
+    super.beforeEach()
+  }
+
+  test("close") {
+    search = new LdapSearch(conf, ctx)
+    search.close()
+    verify(ctx, atLeastOnce).close()
+  }
+
+  test("FindUserDnWhenUserDnPositive") {
+    val searchResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=User1,OU=org1,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(searchResult)
+      .thenThrow(classOf[NamingException])
+    search = new LdapSearch(conf, ctx)
+    val expected: String = "CN=User1,OU=org1,DC=foo,DC=bar"
+    val actual: String = search.findUserDn("CN=User1,OU=org1")
+    assert(expected === actual)
+  }
+
+  test("FindUserDnWhenUserDnNegativeDuplicates") {
+    val searchResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=User1,OU=org1,DC=foo,DC=bar", "CN=User1,OU=org2,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(searchResult)
+    search = new LdapSearch(conf, ctx)
+    assert(search.findUserDn("CN=User1,DC=foo,DC=bar") === null)
+  }
+
+  test("FindUserDnWhenUserDnNegativeNone") {
+    val searchResult: NamingEnumeration[SearchResult] = mockEmptyNamingEnumeration
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(searchResult)
+    search = new LdapSearch(conf, ctx)
+    assert(search.findUserDn("CN=User1,DC=foo,DC=bar") === null)
+  }
+
+  test("FindUserDnWhenUserPatternFoundBySecondPattern") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar:CN=%s,OU=org2,DC=foo,DC=bar")
+    val emptyResult: NamingEnumeration[SearchResult] = mockEmptyNamingEnumeration
+    val validResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=User1,OU=org2,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(emptyResult)
+      .thenReturn(validResult)
+    search = new LdapSearch(conf, ctx)
+    val expected: String = "CN=User1,OU=org2,DC=foo,DC=bar"
+    val actual: String = search.findUserDn("User1")
+    assert(expected === actual)
+    verify(ctx).search(
+      mockEq("OU=org1,DC=foo,DC=bar"),
+      contains("CN=User1"),
+      any(classOf[SearchControls]))
+    verify(ctx).search(
+      mockEq("OU=org2,DC=foo,DC=bar"),
+      contains("CN=User1"),
+      any(classOf[SearchControls]))
+  }
+
+  test("FindUserDnWhenUserPatternFoundByFirstPattern") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar:CN=%s,OU=org2,DC=foo,DC=bar")
+    val emptyResult: NamingEnumeration[SearchResult] = mockEmptyNamingEnumeration
+    val validResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=User1,OU=org2,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(validResult)
+      .thenReturn(emptyResult)
+    search = new LdapSearch(conf, ctx)
+    val expected: String = "CN=User1,OU=org2,DC=foo,DC=bar"
+    val actual: String = search.findUserDn("User1")
+    assert(expected === actual)
+    verify(ctx).search(
+      mockEq("OU=org1,DC=foo,DC=bar"),
+      contains("CN=User1"),
+      any(classOf[SearchControls]))
+  }
+
+  test("FindUserDnWhenUserPatternFoundByUniqueIdentifier") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    val validResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=User1,OU=org1,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(null)
+      .thenReturn(validResult)
+    search = new LdapSearch(conf, ctx)
+    val expected: String = "CN=User1,OU=org1,DC=foo,DC=bar"
+    val actual: String = search.findUserDn("User1")
+    assert(expected === actual)
+    verify(ctx).search(
+      mockEq("OU=org1,DC=foo,DC=bar"),
+      contains("CN=User1"),
+      any(classOf[SearchControls]))
+    verify(ctx).search(
+      mockEq("OU=org1,DC=foo,DC=bar"),
+      contains("uid=User1"),
+      any(classOf[SearchControls]))
+  }
+
+  test("FindUserDnWhenUserPatternFoundByUniqueIdentifierNegativeNone") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(null)
+      .thenReturn(null)
+    search = new LdapSearch(conf, ctx)
+    assert(search.findUserDn("User1") === null)
+  }
+
+  test("FindUserDnWhenUserPatternFoundByUniqueIdentifierNegativeMany") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    val manyResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=User1,OU=org1,DC=foo,DC=bar", "CN=User12,OU=org1,DC=foo,DC=bar")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(null)
+      .thenReturn(manyResult)
+    search = new LdapSearch(conf, ctx)
+    assert(search.findUserDn("User1") === null)
+  }
+
+  test("FindGroupsForUser") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    val groupsResult: NamingEnumeration[SearchResult] =
+      mockNamingEnumeration("CN=Group1,OU=org1,DC=foo,DC=bar")
+    when(
+      ctx.search(
+        mockEq("OU=org1,DC=foo,DC=bar"),
+        contains("User1"),
+        any(classOf[SearchControls]))).thenReturn(groupsResult)
+    search = new LdapSearch(conf, ctx)
+    val expected = Array("CN=Group1,OU=org1,DC=foo,DC=bar")
+    val actual = search.findGroupsForUser("CN=User1,OU=org1,DC=foo,DC=bar")
+    assert(expected === actual)
+  }
+
+  test("ExecuteCustomQuery") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, "dc=example,dc=com")
+    val customQueryResult: NamingEnumeration[SearchResult] = mockNamingEnumeration(Array(
+      mockSearchResult(
+        "uid=group1,ou=Groups,dc=example,dc=com",
+        mockAttributes("member", "uid=user1,ou=People,dc=example,dc=com")),
+      mockSearchResult(
+        "uid=group2,ou=Groups,dc=example,dc=com",
+        mockAttributes("member", "uid=user2,ou=People,dc=example,dc=com"))))
+    when(
+      ctx.search(
+        mockEq("dc=example,dc=com"),
+        anyString,
+        any(classOf[SearchControls])))
+      .thenReturn(customQueryResult)
+    search = new LdapSearch(conf, ctx)
+    val expected = Array(
+      "uid=group1,ou=Groups,dc=example,dc=com",
+      "uid=user1,ou=People,dc=example,dc=com",
+      "uid=group2,ou=Groups,dc=example,dc=com",
+      "uid=user2,ou=People,dc=example,dc=com")
+    val actual = search.executeCustomQuery("(&(objectClass=groupOfNames)(|(cn=group1)(cn=group2)))")
+    assert(expected.sorted === actual.sorted)
+  }
+
+  test("FindGroupDnPositive") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    val groupDn: String = "CN=Group1"
+    val result: NamingEnumeration[SearchResult] = mockNamingEnumeration(groupDn)
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(result)
+    search = new LdapSearch(conf, ctx)
+    val expected: String = groupDn
+    val actual: String = search.findGroupDn("grp1")
+    assert(expected === actual)
+  }
+
+  test("FindGroupDNNoResults") {
+    intercept[NamingException] {
+      conf.set(
+        KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN,
+        "CN=%s,OU=org1,DC=foo,DC=bar")
+      val result: NamingEnumeration[SearchResult] = mockEmptyNamingEnumeration
+      when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+        .thenReturn(result)
+      search = new LdapSearch(conf, ctx)
+      search.findGroupDn("anyGroup")
+    }
+  }
+
+  test("FindGroupDNTooManyResults") {
+    intercept[NamingException] {
+      conf.set(
+        KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN,
+        "CN=%s,OU=org1,DC=foo,DC=bar")
+      val result: NamingEnumeration[SearchResult] =
+        LdapTestUtils.mockNamingEnumeration("Result1", "Result2", "Result3")
+      when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+        .thenReturn(result)
+      search = new LdapSearch(conf, ctx)
+      search.findGroupDn("anyGroup")
+    }
+
+  }
+
+  test("FindGroupDNWhenExceptionInSearch") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_GROUP_DN_PATTERN,
+      Array("CN=%s,OU=org1,DC=foo,DC=bar", "CN=%s,OU=org2,DC=foo,DC=bar").mkString(":"))
+    val result: NamingEnumeration[SearchResult] = LdapTestUtils.mockNamingEnumeration("CN=Group1")
+    when(ctx.search(anyString, anyString, any(classOf[SearchControls])))
+      .thenReturn(result)
+      .thenThrow(classOf[NamingException])
+    search = new LdapSearch(conf, ctx)
+    val expected: String = "CN=Group1"
+    val actual: String = search.findGroupDn("grp1")
+    assert(expected === actual)
+  }
+
+  test("IsUserMemberOfGroupWhenUserId") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    val validResult: NamingEnumeration[SearchResult] =
+      LdapTestUtils.mockNamingEnumeration("CN=User1")
+    val emptyResult: NamingEnumeration[SearchResult] = LdapTestUtils.mockEmptyNamingEnumeration
+    when(ctx.search(anyString, contains("(uid=usr1)"), any(classOf[SearchControls])))
+      .thenReturn(validResult)
+    when(ctx.search(anyString, contains("(uid=usr2)"), any(classOf[SearchControls])))
+      .thenReturn(emptyResult)
+    search = new LdapSearch(conf, ctx)
+    assert(search.isUserMemberOfGroup("usr1", "grp1"))
+    assert(!search.isUserMemberOfGroup("usr2", "grp2"))
+  }
+
+  test("IsUserMemberOfGroupWhenUserDn") {
+    conf.set(
+      KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+      "CN=%s,OU=org1,DC=foo,DC=bar")
+    val validResult: NamingEnumeration[SearchResult] =
+      LdapTestUtils.mockNamingEnumeration("CN=User1")
+    val emptyResult: NamingEnumeration[SearchResult] = LdapTestUtils.mockEmptyNamingEnumeration
+    when(ctx.search(anyString, contains("(uid=User1)"), any(classOf[SearchControls])))
+      .thenReturn(validResult)
+    when(ctx.search(anyString, contains("(uid=User2)"), any(classOf[SearchControls])))
+      .thenReturn(emptyResult)
+    search = new LdapSearch(conf, ctx)
+    assert(search.isUserMemberOfGroup("CN=User1,OU=org1,DC=foo,DC=bar", "grp1"))
+    assert(!search.isUserMemberOfGroup("CN=User2,OU=org1,DC=foo,DC=bar", "grp2"))
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapTestUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapTestUtils.scala
new file mode 100644
index 000000000..49340f2c4
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapTestUtils.scala
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.{NamingEnumeration, NamingException}
+import javax.naming.directory._
+
+import org.mockito.Mockito.when
+import org.mockito.stubbing.OngoingStubbing
+import org.scalatestplus.mockito.MockitoSugar
+
+case class NameValues(name: String, values: String*)
+case class Credentials(user: String, password: String)
+
+case class User(dn: String, id: String, password: String) {
+
+  def credentialsWithDn: Credentials = Credentials(dn, password)
+
+  def credentialsWithId: Credentials = Credentials(id, password)
+}
+
+object User {
+  def useIdForPassword(dn: String, id: String): User = User(dn, id, id)
+}
+
+object LdapTestUtils extends MockitoSugar {
+  @throws[NamingException]
+  def mockEmptyNamingEnumeration: NamingEnumeration[SearchResult] =
+    mockNamingEnumeration(new Array[SearchResult](0))
+
+  @throws[NamingException]
+  def mockNamingEnumeration(dns: String*): NamingEnumeration[SearchResult] =
+    mockNamingEnumeration(mockSearchResults(dns.toArray))
+
+  @throws[NamingException]
+  def mockNamingEnumeration(searchResults: Array[SearchResult]): NamingEnumeration[SearchResult] = {
+    val ne = mock[NamingEnumeration[SearchResult]]
+    mockHasMoreMethod(ne, searchResults.length)
+    if (searchResults.nonEmpty) {
+      val mockedResults = Array(searchResults: _*)
+      mockNextMethod(ne, mockedResults)
+    }
+    ne
+  }
+
+  @throws[NamingException]
+  def mockHasMoreMethod(ne: NamingEnumeration[SearchResult], length: Int): Unit = {
+    var hasMoreStub: OngoingStubbing[Boolean] = when(ne.hasMore)
+    (0 until length).foreach(_ => hasMoreStub = hasMoreStub.thenReturn(true))
+    hasMoreStub.thenReturn(false)
+  }
+
+  @throws[NamingException]
+  def mockNextMethod(
+      ne: NamingEnumeration[SearchResult],
+      searchResults: Array[SearchResult]): Unit = {
+    var nextStub: OngoingStubbing[SearchResult] = when(ne.next)
+    searchResults.foreach { searchResult =>
+      nextStub = nextStub.thenReturn(searchResult)
+    }
+  }
+
+  def mockSearchResults(dns: Array[String]): Array[SearchResult] = {
+    dns.map(mockSearchResult(_, null))
+  }
+
+  def mockSearchResult(dn: String, attributes: Attributes): SearchResult = {
+    val searchResult = mock[SearchResult]
+    when(searchResult.getNameInNamespace).thenReturn(dn)
+    when(searchResult.getAttributes).thenReturn(attributes)
+    searchResult
+  }
+
+  @throws[NamingException]
+  def mockEmptyAttributes(): Attributes = mockAttributes()
+
+  @throws[NamingException]
+  def mockAttributes(name: String, value: String): Attributes =
+    mockAttributes(NameValues(name, value))
+
+  @throws[NamingException]
+  def mockAttributes(name1: String, value1: String, name2: String, value2: String): Attributes =
+    if (name1 == name2) {
+      mockAttributes(NameValues(name1, value1, value2))
+    } else {
+      mockAttributes(
+        NameValues(name1, value1),
+        NameValues(name2, value2))
+    }
+
+  @throws[NamingException]
+  private def mockAttributes(namedValues: NameValues*): Attributes = {
+    val attributes = new BasicAttributes
+    namedValues.foreach { namedValue =>
+      val attr = new BasicAttribute(namedValue.name)
+      namedValue.values.foreach(attr.add)
+      attributes.put(attr)
+    }
+    attributes
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtilsSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtilsSuite.scala
new file mode 100644
index 000000000..1ef371051
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtilsSuite.scala
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class LdapUtilsSuite extends KyuubiFunSuite {
+  test("CreateCandidatePrincipalsForUserDn") {
+    val conf = new KyuubiConf()
+    val userDn = "cn=user1,ou=CORP,dc=mycompany,dc=com"
+    val expected = Array(userDn)
+    val actual = LdapUtils.createCandidatePrincipals(conf, userDn)
+    assert(actual === expected)
+  }
+
+  test("CreateCandidatePrincipalsForUserWithDomain") {
+    val conf = new KyuubiConf()
+    val userWithDomain: String = "user1@mycompany.com"
+    val expected = Array(userWithDomain)
+    val actual = LdapUtils.createCandidatePrincipals(conf, userWithDomain)
+    assert(actual === expected)
+  }
+
+  test("CreateCandidatePrincipalsLdapDomain") {
+    val conf = new KyuubiConf()
+      .set(KyuubiConf.AUTHENTICATION_LDAP_DOMAIN, "mycompany.com")
+    val expected = Array("user1@mycompany.com")
+    val actual = LdapUtils.createCandidatePrincipals(conf, "user1")
+    assert(actual === expected)
+  }
+
+  test("CreateCandidatePrincipalsUserPatternsDefaultBaseDn") {
+    val conf = new KyuubiConf()
+      .set(KyuubiConf.AUTHENTICATION_LDAP_GUID_KEY, "sAMAccountName")
+      .set(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, "dc=mycompany,dc=com")
+    val expected = Array("sAMAccountName=user1,dc=mycompany,dc=com")
+    val actual = LdapUtils.createCandidatePrincipals(conf, "user1")
+    assert(actual === expected)
+  }
+
+  test("CreateCandidatePrincipals") {
+    val conf = new KyuubiConf()
+      .set(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, "dc=mycompany,dc=com")
+      .set(
+        KyuubiConf.AUTHENTICATION_LDAP_USER_DN_PATTERN,
+        "cn=%s,ou=CORP1,dc=mycompany,dc=com:cn=%s,ou=CORP2,dc=mycompany,dc=com")
+    val expected = Array(
+      "cn=user1,ou=CORP1,dc=mycompany,dc=com",
+      "cn=user1,ou=CORP2,dc=mycompany,dc=com")
+    val actual = LdapUtils.createCandidatePrincipals(conf, "user1")
+    assert(actual.sorted === expected.sorted)
+  }
+
+  test("ExtractFirstRdn") {
+    val dn = "cn=user1,ou=CORP1,dc=mycompany,dc=com"
+    val expected = "cn=user1"
+    val actual = LdapUtils.extractFirstRdn(dn)
+    assert(actual === expected)
+  }
+
+  test("ExtractBaseDn") {
+    val dn: String = "cn=user1,ou=CORP1,dc=mycompany,dc=com"
+    val expected = "ou=CORP1,dc=mycompany,dc=com"
+    val actual = LdapUtils.extractBaseDn(dn)
+    assert(actual === expected)
+  }
+
+  test("ExtractBaseDnNegative") {
+    val dn: String = "cn=user1"
+    assert(LdapUtils.extractBaseDn(dn) === null)
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactorySuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactorySuite.scala
new file mode 100644
index 000000000..568009680
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QueryFactorySuite.scala
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class QueryFactorySuite extends KyuubiFunSuite {
+  private var conf: KyuubiConf = _
+  private var queries: QueryFactory = _
+
+  override def beforeEach(): Unit = {
+    conf = new KyuubiConf()
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GUID_KEY, "guid")
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_CLASS_KEY, "superGroups")
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_MEMBERSHIP_KEY, "member")
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_MEMBERSHIP_KEY, "partOf")
+    queries = new QueryFactory(conf)
+    super.beforeEach()
+  }
+
+  test("FindGroupDnById") {
+    val q = queries.findGroupDnById("unique_group_id")
+    val expected = "(&(objectClass=superGroups)(guid=unique_group_id))"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+
+  test("FindUserDnByRdn") {
+    val q = queries.findUserDnByRdn("cn=User1")
+    val expected =
+      "(&(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))(cn=User1))"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+
+  test("FindDnByPattern") {
+    val q = queries.findDnByPattern("cn=User1")
+    val expected = "(cn=User1)"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+
+  test("FindUserDnByName") {
+    val q = queries.findUserDnByName("unique_user_id")
+    val expected =
+      "(&(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))" +
+        "(|(uid=unique_user_id)(sAMAccountName=unique_user_id)))"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+
+  test("FindGroupsForUser") {
+    val q = queries.findGroupsForUser("user_name", "user_Dn")
+    val expected = "(&(objectClass=superGroups)(|(member=user_Dn)(member=user_name)))"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+
+  test("IsUserMemberOfGroup") {
+    val q = queries.isUserMemberOfGroup("unique_user", "cn=MyGroup,ou=Groups,dc=mycompany,dc=com")
+    val expected =
+      "(&(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))" +
+        "(partOf=cn=MyGroup,ou=Groups,dc=mycompany,dc=com)(guid=unique_user))"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+
+  test("IsUserMemberOfGroupWhenMisconfigured") {
+    intercept[IllegalArgumentException] {
+      val misconfiguredQueryFactory = new QueryFactory(new KyuubiConf())
+      misconfiguredQueryFactory.isUserMemberOfGroup("user", "cn=MyGroup")
+    }
+  }
+
+  test("FindGroupDNByID") {
+    val q = queries.findGroupDnById("unique_group_id")
+    val expected = "(&(objectClass=superGroups)(guid=unique_group_id))"
+    val actual = q.filter
+    assert(expected === actual)
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QuerySuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QuerySuite.scala
new file mode 100644
index 000000000..ffe330cce
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/QuerySuite.scala
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import org.apache.kyuubi.KyuubiFunSuite
+
+class QuerySuite extends KyuubiFunSuite {
+
+  test("QueryBuilderFilter") {
+    val q = Query.builder
+      .filter("test <uid_attr>=<value> query")
+      .map("uid_attr", "uid")
+      .map("value", "Hello!")
+      .build
+    assert("test uid=Hello! query" === q.filter)
+    assert(0 === q.controls.getCountLimit)
+  }
+
+  test("QueryBuilderLimit") {
+    val q = Query.builder
+      .filter("<key1>,<key2>")
+      .map("key1", "value1")
+      .map("key2", "value2")
+      .limit(8)
+      .build
+    assert("value1,value2" === q.filter)
+    assert(8 === q.controls.getCountLimit)
+  }
+
+  test("QueryBuilderReturningAttributes") {
+    val q = Query.builder
+      .filter("(query)")
+      .returnAttribute("attr1")
+      .returnAttribute("attr2")
+      .build
+    assert("(query)" === q.filter)
+    assert(Array("attr1", "attr2") === q.controls.getReturningAttributes)
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandlerSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandlerSuite.scala
new file mode 100644
index 000000000..4e92f7f5f
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/SearchResultHandlerSuite.scala
@@ -0,0 +1,203 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import java.util
+import javax.naming.{NamingEnumeration, NamingException}
+import javax.naming.directory.SearchResult
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.mockito.Mockito.{atLeastOnce, doThrow, verify}
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.service.authentication.ldap.LdapTestUtils._
+
+class SearchResultHandlerSuite extends KyuubiFunSuite {
+  private var handler: SearchResultHandler = _
+
+  test("handle") {
+    val resultCollection = new MockResultCollectionBuilder()
+      .addSearchResultWithDns("1")
+      .addSearchResultWithDns("2", "3")
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    val expected: util.List[String] = util.Arrays.asList("1", "2")
+    val actual: util.List[String] = new util.ArrayList[String]
+    handler.handle { record =>
+      actual.add(record.getNameInNamespace)
+      actual.size < 2
+    }
+    assert(expected === actual)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("GetAllLdapNamesNoRecords") {
+    val resultCollection = new MockResultCollectionBuilder()
+      .addEmptySearchResult()
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    val actual = handler.getAllLdapNames
+    assert(actual.isEmpty, "ResultSet size")
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("GetAllLdapNamesWithExceptionInNamingEnumerationClose") {
+    val resultCollection = new MockResultCollectionBuilder()
+      .addSearchResultWithDns("1")
+      .addSearchResultWithDns("2")
+      .build
+    doThrow(classOf[NamingException]).when(resultCollection.iterator.next).close()
+    handler = new SearchResultHandler(resultCollection)
+    val actual = handler.getAllLdapNames
+    assert(actual.length === 2, "ResultSet size")
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("GetAllLdapNames") {
+    val objectDn1: String = "cn=a1,dc=b,dc=c"
+    val objectDn2: String = "cn=a2,dc=b,dc=c"
+    val objectDn3: String = "cn=a3,dc=b,dc=c"
+    val resultCollection = new MockResultCollectionBuilder()
+      .addSearchResultWithDns(objectDn1)
+      .addSearchResultWithDns(objectDn2, objectDn3)
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    val expected = Array(objectDn1, objectDn2, objectDn3)
+    val actual = handler.getAllLdapNames
+    assert(expected.sorted === actual.sorted)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("GetAllLdapNamesAndAttributes") {
+    val searchResult1 = mockSearchResult(
+      "cn=a1,dc=b,dc=c",
+      mockAttributes("attr1", "attr1value1"))
+    val searchResult2 = mockSearchResult(
+      "cn=a2,dc=b,dc=c",
+      mockAttributes("attr1", "attr1value2", "attr2", "attr2value1"))
+    val searchResult3 = mockSearchResult(
+      "cn=a3,dc=b,dc=c",
+      mockAttributes("attr1", "attr1value3", "attr1", "attr1value4"))
+    val searchResult4 = mockSearchResult(
+      "cn=a4,dc=b,dc=c",
+      mockEmptyAttributes())
+    val resultCollection = new MockResultCollectionBuilder()
+      .addSearchResults(searchResult1)
+      .addSearchResults(searchResult2, searchResult3)
+      .addSearchResults(searchResult4)
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    val expected = Array(
+      "cn=a1,dc=b,dc=c",
+      "attr1value1",
+      "cn=a2,dc=b,dc=c",
+      "attr1value2",
+      "attr2value1",
+      "cn=a3,dc=b,dc=c",
+      "attr1value3",
+      "attr1value4",
+      "cn=a4,dc=b,dc=c")
+    val actual = handler.getAllLdapNamesAndAttributes
+    assert(expected.sorted === actual.sorted)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("HasSingleResultNoRecords") {
+    val resultCollection = new MockResultCollectionBuilder()
+      .addEmptySearchResult()
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    assert(!handler.hasSingleResult)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("HasSingleResult") {
+    val resultCollection = new MockResultCollectionBuilder()
+      .addSearchResultWithDns("1")
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    assert(handler.hasSingleResult)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("HasSingleResultManyRecords") {
+    val resultCollection = new MockResultCollectionBuilder()
+      .addSearchResultWithDns("1")
+      .addSearchResultWithDns("2")
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    assert(!handler.hasSingleResult)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  test("GetSingleLdapNameNoRecords") {
+    intercept[NamingException] {
+      val resultCollection = new MockResultCollectionBuilder()
+        .addEmptySearchResult()
+        .build
+      handler = new SearchResultHandler(resultCollection)
+      try handler.getSingleLdapName
+      finally {
+        assertAllNamingEnumerationsClosed(resultCollection)
+      }
+    }
+  }
+
+  test("GetSingleLdapName") {
+    val objectDn: String = "cn=a,dc=b,dc=c"
+    val resultCollection = new MockResultCollectionBuilder()
+      .addEmptySearchResult()
+      .addSearchResultWithDns(objectDn)
+      .build
+    handler = new SearchResultHandler(resultCollection)
+    val expected: String = objectDn
+    val actual: String = handler.getSingleLdapName
+    assert(expected === actual)
+    assertAllNamingEnumerationsClosed(resultCollection)
+  }
+
+  private def assertAllNamingEnumerationsClosed(
+      resultCollection: Array[NamingEnumeration[SearchResult]]): Unit = {
+    for (namingEnumeration <- resultCollection) {
+      verify(namingEnumeration, atLeastOnce).close()
+    }
+  }
+}
+
+class MockResultCollectionBuilder {
+
+  val results = new ArrayBuffer[NamingEnumeration[SearchResult]]
+
+  def addSearchResultWithDns(dns: String*): MockResultCollectionBuilder = {
+    results += mockNamingEnumeration(dns: _*)
+    this
+  }
+
+  def addSearchResults(dns: SearchResult*): MockResultCollectionBuilder = {
+    results += mockNamingEnumeration(dns.toArray)
+    this
+  }
+
+  def addEmptySearchResult(): MockResultCollectionBuilder = {
+    addSearchResults()
+    this
+  }
+
+  def build: Array[NamingEnumeration[SearchResult]] = results.toArray
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterSuite.scala
new file mode 100644
index 000000000..4fc6cba49
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterSuite.scala
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.security.sasl.AuthenticationException
+
+import org.scalatestplus.mockito.MockitoSugar.mock
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class UserFilterSuite extends KyuubiFunSuite {
+  private val factory: FilterFactory = UserFilterFactory
+  private var conf: KyuubiConf = _
+  private var search: DirSearch = _
+
+  override def beforeEach(): Unit = {
+    conf = new KyuubiConf()
+    search = mock[DirSearch]
+    super.beforeEach()
+  }
+
+  test("Factory") {
+    conf.unset(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER)
+    assert(factory.getInstance(conf).isEmpty)
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1")
+    assert(factory.getInstance(conf).isDefined)
+  }
+
+  test("ApplyPositive") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1,User2,uSeR3")
+    val filter = factory.getInstance(conf).get
+    filter.apply(search, "User1")
+    filter.apply(search, "uid=user2,ou=People,dc=example,dc=com")
+    filter.apply(search, "User3@mydomain.com")
+  }
+
+  test("ApplyNegative") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1,User2")
+      val filter = factory.getInstance(conf).get
+      filter.apply(search, "User3")
+    }
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterSuite.scala
new file mode 100644
index 000000000..1a711a6d9
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/UserSearchFilterSuite.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.service.authentication.ldap
+
+import javax.naming.NamingException
+import javax.security.sasl.AuthenticationException
+
+import org.mockito.ArgumentMatchers.anyString
+import org.mockito.Mockito.when
+import org.scalatestplus.mockito.MockitoSugar.mock
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class UserSearchFilterSuite extends KyuubiFunSuite {
+  private val factory: FilterFactory = UserSearchFilterFactory
+  private var conf: KyuubiConf = _
+  private var search: DirSearch = _
+
+  override def beforeEach(): Unit = {
+    conf = new KyuubiConf()
+    search = mock[DirSearch]
+    super.beforeEach()
+  }
+
+  test("FactoryWhenNoGroupOrUserFilters") {
+    assert(factory.getInstance(conf).isEmpty)
+  }
+
+  test("FactoryWhenGroupFilter") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_GROUP_FILTER.key, "Grp1,Grp2")
+    assert(factory.getInstance(conf).isDefined)
+  }
+
+  test("FactoryWhenUserFilter") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1,User2")
+    assert(factory.getInstance(conf).isDefined)
+  }
+
+  test("ApplyPositive") {
+    conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1")
+    val filter = factory.getInstance(conf).get
+    when(search.findUserDn(anyString)).thenReturn("cn=User1,ou=People,dc=example,dc=com")
+    filter.apply(search, "User1")
+  }
+
+  test("ApplyWhenNamingException") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1")
+      val filter = factory.getInstance(conf).get
+      when(search.findUserDn(anyString)).thenThrow(classOf[NamingException])
+      filter.apply(search, "User3")
+    }
+  }
+
+  test("ApplyWhenNotFound") {
+    intercept[AuthenticationException] {
+      conf.set(KyuubiConf.AUTHENTICATION_LDAP_USER_FILTER.key, "User1")
+      val filter = factory.getInstance(conf).get
+      when(search.findUserDn(anyString)).thenReturn(null)
+      filter.apply(search, "User3")
+    }
+  }
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala
index 5b3627381..8344cdef0 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala
@@ -54,7 +54,7 @@ trait RestClientTestHelper extends RestFrontendTestHelper with KerberizedTestHel
       .set(KyuubiConf.SERVER_SPNEGO_KEYTAB, testKeytab)
       .set(KyuubiConf.SERVER_SPNEGO_PRINCIPAL, testSpnegoPrincipal)
       .set(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
-      .set(KyuubiConf.AUTHENTICATION_LDAP_BASEDN, ldapBaseDn)
+      .set(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, ldapBaseDn.head)
       .set(
         KyuubiConf.AUTHENTICATION_CUSTOM_CLASS,
         classOf[UserDefineAuthenticationProviderImpl].getCanonicalName)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala
index fc8e1ec70..31cde6397 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala
@@ -63,11 +63,12 @@ class KyuubiOperationKerberosAndPlainAuthSuite extends WithKyuubiServer with Ker
     UserGroupInformation.setConfiguration(config)
     assert(UserGroupInformation.isSecurityEnabled)
 
-    KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "LDAP", "CUSTOM"))
+    KyuubiConf()
+      .set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "LDAP", "CUSTOM"))
       .set(KyuubiConf.SERVER_KEYTAB, testKeytab)
       .set(KyuubiConf.SERVER_PRINCIPAL, testPrincipal)
       .set(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
-      .set(KyuubiConf.AUTHENTICATION_LDAP_BASEDN, ldapBaseDn)
+      .set(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, ldapBaseDn.head)
       .set(
         KyuubiConf.AUTHENTICATION_CUSTOM_CLASS,
         classOf[UserDefineAuthenticationProviderImpl].getCanonicalName)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala
index 4f6ae92f1..941e121a6 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala
@@ -53,7 +53,7 @@ class KyuubiOperationThriftHttpKerberosAndPlainAuthSuite
       .set(KyuubiConf.SERVER_KEYTAB, testKeytab)
       .set(KyuubiConf.SERVER_PRINCIPAL, testPrincipal)
       .set(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
-      .set(KyuubiConf.AUTHENTICATION_LDAP_BASEDN, ldapBaseDn)
+      .set(KyuubiConf.AUTHENTICATION_LDAP_BASE_DN, ldapBaseDn.head)
       .set(
         KyuubiConf.AUTHENTICATION_CUSTOM_CLASS,
         classOf[UserDefineAuthenticationProviderImpl].getCanonicalName)
diff --git a/licenses-binary/LICENSE-antlr.txt b/licenses-binary/LICENSE-antlr.txt
new file mode 100644
index 000000000..3021ea043
--- /dev/null
+++ b/licenses-binary/LICENSE-antlr.txt
@@ -0,0 +1,8 @@
+[The BSD License]
+Copyright (c) 2012 Terence Parr and Sam Harwell
+All rights reserved.
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/licenses-binary/LICENSE-antlr4.txt b/licenses-binary/LICENSE-antlr4.txt
new file mode 100644
index 000000000..21c16a132
--- /dev/null
+++ b/licenses-binary/LICENSE-antlr4.txt
@@ -0,0 +1,26 @@
+[The "BSD 3-clause license"]
+Copyright (c) 2012-2017 The ANTLR Project. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of its contributors
+    may be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e4c6671c9..723123475 100644
--- a/pom.xml
+++ b/pom.xml
@@ -118,6 +118,7 @@
         <arrow.version>10.0.1</arrow.version>
         <!-- Please don't upgrade the version to 4.10+, it depends on JDK 11 -->
         <antlr4.version>4.9.3</antlr4.version>
+        <antlr.st4.version>4.3.4</antlr.st4.version>
         <apache.archive.dist>https://archive.apache.org/dist</apache.archive.dist>
         <bouncycastle.version>1.67</bouncycastle.version>
         <codahale.metrics.version>4.2.8</codahale.metrics.version>
@@ -252,6 +253,11 @@
                 <artifactId>antlr4-runtime</artifactId>
                 <version>${antlr4.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.antlr</groupId>
+                <artifactId>ST4</artifactId>
+                <version>${antlr.st4.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.arrow</groupId>
                 <artifactId>arrow-vector</artifactId>

From 62eefdb57e792489362a500d4589ee934454f755 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 3 Feb 2023 14:01:11 +0800
Subject: [PATCH 003/760] [KYUUBI #4235] [DOCS] Prefer `https://` URLs in docs

### _Why are the changes needed?_

- Prefer `https://` URLs in docs, and all changed URLs are validated.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4235 from bowenliang123/https-link.

Closes #4235

f114dde2 [liangbowen] update AllKyuubiConfiguration
ad8aaedf [liangbowen] style
e973be5a [liangbowen] update
2370f4bf [liangbowen] prefer https URLs in docs

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/appendix/terminology.md                     |  2 +-
 docs/client/cli/hive_beeline.rst                 |  2 +-
 docs/deployment/engine_on_kubernetes.md          |  8 ++++----
 docs/deployment/engine_on_yarn.md                | 10 +++++-----
 docs/deployment/hive_metastore.md                |  8 ++++----
 docs/deployment/settings.md                      | 10 +++++-----
 docs/develop_tools/building.md                   |  2 +-
 docs/develop_tools/testing.md                    |  4 ++--
 docs/extensions/engines/spark/lineage.md         |  2 +-
 docs/make.bat                                    |  2 +-
 docs/monitor/logging.md                          |  2 +-
 docs/overview/architecture.md                    |  4 ++--
 docs/overview/kyuubi_vs_hive.md                  | 16 ++++++++--------
 docs/overview/kyuubi_vs_thriftserver.md          |  2 +-
 docs/security/authorization/spark/build.md       |  2 +-
 docs/security/kinit.md                           |  2 +-
 .../kyuubi/config/AllKyuubiConfiguration.scala   | 12 ++++++------
 17 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/docs/appendix/terminology.md b/docs/appendix/terminology.md
index 21b8cb1b6..b81fa25fe 100644
--- a/docs/appendix/terminology.md
+++ b/docs/appendix/terminology.md
@@ -139,7 +139,7 @@ Kyuubi unifies DataLake & LakeHouse access in the simplest pure SQL way, meanwhi
 
 <p align=right>
 <em>
-<a href="http://iceberg.apache.org/">http://iceberg.apache.org/</a>
+<a href="https://iceberg.apache.org/">https://iceberg.apache.org/</a>
 </em>
 </p>
 
diff --git a/docs/client/cli/hive_beeline.rst b/docs/client/cli/hive_beeline.rst
index fda925aa1..f75e00819 100644
--- a/docs/client/cli/hive_beeline.rst
+++ b/docs/client/cli/hive_beeline.rst
@@ -17,7 +17,7 @@ Hive Beeline
 ============
 
 Kyuubi supports Apache Hive beeline that works with Kyuubi server.
-Hive beeline is a `SQLLine CLI <http://sqlline.sourceforge.net/>`_ based on the `Hive JDBC Driver <../jdbc/hive_jdbc.html>`_.
+Hive beeline is a `SQLLine CLI <https://sqlline.sourceforge.net/>`_ based on the `Hive JDBC Driver <../jdbc/hive_jdbc.html>`_.
 
 Prerequisites
 -------------
diff --git a/docs/deployment/engine_on_kubernetes.md b/docs/deployment/engine_on_kubernetes.md
index ae8edcb75..44fca1602 100644
--- a/docs/deployment/engine_on_kubernetes.md
+++ b/docs/deployment/engine_on_kubernetes.md
@@ -21,7 +21,7 @@
 
 When you want to run Kyuubi's Spark SQL engines on Kubernetes, you'd better have cognition upon the following things.
 
-* Read about [Running Spark On Kubernetes](http://spark.apache.org/docs/latest/running-on-kubernetes.html)
+* Read about [Running Spark On Kubernetes](https://spark.apache.org/docs/latest/running-on-kubernetes.html)
 * An active Kubernetes cluster
 * [Kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
 * KubeConfig of the target cluster
@@ -97,7 +97,7 @@ As it known to us all, Kubernetes can use configurations to mount volumes into d
 * persistentVolumeClaim: mounts a PersistentVolume into a pod.
 
 Note: Please
-see [the Security section of this document](http://spark.apache.org/docs/latest/running-on-kubernetes.html#security) for security issues related to volume mounts.
+see [the Security section of this document](https://spark.apache.org/docs/latest/running-on-kubernetes.html#security) for security issues related to volume mounts.
 
 ```
 spark.kubernetes.driver.volumes.<type>.<name>.options.path=<dist_path>
@@ -107,7 +107,7 @@ spark.kubernetes.executor.volumes.<type>.<name>.options.path=<dist_path>
 spark.kubernetes.executor.volumes.<type>.<name>.mount.path=<container_path>
 ```
 
-Read [Using Kubernetes Volumes](http://spark.apache.org/docs/latest/running-on-kubernetes.html#using-kubernetes-volumes) for more about volumes.
+Read [Using Kubernetes Volumes](https://spark.apache.org/docs/latest/running-on-kubernetes.html#using-kubernetes-volumes) for more about volumes.
 
 ### PodTemplateFile
 
@@ -117,4 +117,4 @@ To do so, specify the spark properties `spark.kubernetes.driver.podTemplateFile`
 
 ### Other
 
-You can read Spark's official documentation for [Running on Kubernetes](http://spark.apache.org/docs/latest/running-on-kubernetes.html) for more information.
+You can read Spark's official documentation for [Running on Kubernetes](https://spark.apache.org/docs/latest/running-on-kubernetes.html) for more information.
diff --git a/docs/deployment/engine_on_yarn.md b/docs/deployment/engine_on_yarn.md
index cb5bdd9e0..6812afa46 100644
--- a/docs/deployment/engine_on_yarn.md
+++ b/docs/deployment/engine_on_yarn.md
@@ -23,11 +23,11 @@
 
 When you want to deploy Kyuubi's Spark SQL engines on YARN, you'd better have cognition upon the following things.
 
-- Knowing the basics about [Running Spark on YARN](http://spark.apache.org/docs/latest/running-on-yarn.html)
+- Knowing the basics about [Running Spark on YARN](https://spark.apache.org/docs/latest/running-on-yarn.html)
 - A binary distribution of Spark which is built with YARN support
   - You can use the built-in Spark distribution
   - You can get it from [Spark official website](https://spark.apache.org/downloads.html) directly
-  - You can [Build Spark](http://spark.apache.org/docs/latest/building-spark.html#specifying-the-hadoop-version-and-enabling-yarn) with `-Pyarn` maven option
+  - You can [Build Spark](https://spark.apache.org/docs/latest/building-spark.html#specifying-the-hadoop-version-and-enabling-yarn) with `-Pyarn` maven option
 - An active [Apache Hadoop YARN](https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YARN.html) cluster
 - An active Apache Hadoop HDFS cluster
 - Setup Hadoop client configurations at the machine the Kyuubi server locates
@@ -92,7 +92,7 @@ and how many cpus and memory will Spark driver, ApplicationMaster and each execu
 | spark.executor.memory         | 1g                                         | Amount of memory to use for the executor process                                                                                                                          |
 | spark.executor.memoryOverhead | executorMemory * 0.10, with minimum of 384 | Amount of additional memory to be allocated per executor process. This is memory that accounts for things like VM overheads, interned strings other native overheads, etc |
 
-It is recommended to use [Dynamic Allocation](http://spark.apache.org/docs/3.0.1/configuration.html#dynamic-allocation) with Kyuubi,
+It is recommended to use [Dynamic Allocation](https://spark.apache.org/docs/3.0.1/configuration.html#dynamic-allocation) with Kyuubi,
 since the SQL engine will be long-running for a period, execute user's queries from clients periodically,
 and the demand for computing resources is not the same for those queries.
 It is better for Spark to release some executors when either the query is lightweight, or the SQL engine is being idled.
@@ -104,11 +104,11 @@ which allows YARN to cache it on nodes so that it doesn't need to be distributed
 
 ##### Others
 
-Please refer to [Spark properties](http://spark.apache.org/docs/latest/running-on-yarn.html#spark-properties) to check other acceptable configs.
+Please refer to [Spark properties](https://spark.apache.org/docs/latest/running-on-yarn.html#spark-properties) to check other acceptable configs.
 
 ### Kerberos
 
-Kyuubi currently does not support Spark's [YARN-specific Kerberos Configuration](http://spark.apache.org/docs/3.0.1/running-on-yarn.html#kerberos),
+Kyuubi currently does not support Spark's [YARN-specific Kerberos Configuration](https://spark.apache.org/docs/3.0.1/running-on-yarn.html#kerberos),
 so `spark.kerberos.keytab` and `spark.kerberos.principal` should not use now.
 
 Instead, you can schedule a periodically `kinit` process via `crontab` task on the local machine that hosts Kyuubi server or simply use [Kyuubi Kinit](settings.html#kinit).
diff --git a/docs/deployment/hive_metastore.md b/docs/deployment/hive_metastore.md
index f3a24d897..f60465a1a 100644
--- a/docs/deployment/hive_metastore.md
+++ b/docs/deployment/hive_metastore.md
@@ -30,7 +30,7 @@ In this section, you will learn how to configure Kyuubi to interact with Hive Me
 - A Spark binary distribution built with `-Phive` support
   - Use the built-in one in the Kyuubi distribution
   - Download from [Spark official website](https://spark.apache.org/downloads.html)
-  - Build from Spark source, [Building With Hive and JDBC Support](http://spark.apache.org/docs/latest/building-spark.html#building-with-hive-and-jdbc-support)
+  - Build from Spark source, [Building With Hive and JDBC Support](https://spark.apache.org/docs/latest/building-spark.html#building-with-hive-and-jdbc-support)
 - A copy of Hive client configuration
 
 So the whole thing here is to let Spark applications use this copy of Hive configuration to start a Hive metastore client for their own to talk to the Hive metastore server.
@@ -199,13 +199,13 @@ Caused by: org.apache.thrift.TApplicationException: Invalid method name: 'get_ta
 	... 93 more
 ```
 
-To prevent this problem, we can use Spark's [Interacting with Different Versions of Hive Metastore](http://spark.apache.org/docs/latest/sql-data-sources-hive-tables.html#interacting-with-different-versions-of-hive-metastore).
+To prevent this problem, we can use Spark's [Interacting with Different Versions of Hive Metastore](https://spark.apache.org/docs/latest/sql-data-sources-hive-tables.html#interacting-with-different-versions-of-hive-metastore).
 
 ## Further Readings
 
 - Hive Wiki
   - [Hive Metastore Administration](https://cwiki.apache.org/confluence/display/Hive/AdminManual+Metastore+Administration)
 - Spark Online Documentation
-  - [Custom Hadoop/Hive Configuration](http://spark.apache.org/docs/latest/configuration.html#custom-hadoophive-configuration)
-  - [Hive Tables](http://spark.apache.org/docs/latest/sql-data-sources-hive-tables.html)
+  - [Custom Hadoop/Hive Configuration](https://spark.apache.org/docs/latest/configuration.html#custom-hadoophive-configuration)
+  - [Hive Tables](https://spark.apache.org/docs/latest/sql-data-sources-hive-tables.html)
 
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 26147ff8a..9cd8a681d 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -532,7 +532,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Via spark-defaults.conf
 
-Setting them in `$SPARK_HOME/conf/spark-defaults.conf` supplies with default values for SQL engine application. Available properties can be found at Spark official online documentation for [Spark Configurations](http://spark.apache.org/docs/latest/configuration.html)
+Setting them in `$SPARK_HOME/conf/spark-defaults.conf` supplies with default values for SQL engine application. Available properties can be found at Spark official online documentation for [Spark Configurations](https://spark.apache.org/docs/latest/configuration.html)
 
 ### Via kyuubi-defaults.conf
 
@@ -543,13 +543,13 @@ Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf` supplies with default v
 Setting them in the JDBC Connection URL supplies session-specific for each SQL engine. For example: ```jdbc:hive2://localhost:10009/default;#spark.sql.shuffle.partitions=2;spark.executor.memory=5g```
 
 - **Runtime SQL Configuration**
-  - For [Runtime SQL Configurations](http://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they will take affect every time
+  - For [Runtime SQL Configurations](https://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they will take affect every time
 - **Static SQL and Spark Core Configuration**
-  - For [Static SQL Configurations](http://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and other spark core configs, e.g. `spark.executor.memory`, they will take effect if there is no existing SQL engine application. Otherwise, they will just be ignored
+  - For [Static SQL Configurations](https://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and other spark core configs, e.g. `spark.executor.memory`, they will take effect if there is no existing SQL engine application. Otherwise, they will just be ignored
 
 ### Via SET Syntax
 
-Please refer to the Spark official online documentation for [SET Command](http://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)
+Please refer to the Spark official online documentation for [SET Command](https://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)
 
 ## Flink Configurations
 
@@ -651,7 +651,7 @@ Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can
 
 ### Hadoop Configurations
 
-Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration files or treating them as Spark properties with a `spark.hadoop.` prefix. Please refer to the Spark official online documentation for [Inheriting Hadoop Cluster Configuration](http://spark.apache.org/docs/latest/configuration.html#inheriting-hadoop-cluster-configuration). Also, please refer to the [Apache Hadoop](http://hadoop.apache.org)'s online documentation for an overview on how to configure Hadoop.
+Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration files or treating them as Spark properties with a `spark.hadoop.` prefix. Please refer to the Spark official online documentation for [Inheriting Hadoop Cluster Configuration](https://spark.apache.org/docs/latest/configuration.html#inheriting-hadoop-cluster-configuration). Also, please refer to the [Apache Hadoop](https://hadoop.apache.org)'s online documentation for an overview on how to configure Hadoop.
 
 ### Hive Configurations
 
diff --git a/docs/develop_tools/building.md b/docs/develop_tools/building.md
index 9dfc01f42..d4582dc8d 100644
--- a/docs/develop_tools/building.md
+++ b/docs/develop_tools/building.md
@@ -19,7 +19,7 @@
 
 ## Building Kyuubi with Apache Maven
 
-**Kyuubi** is built based on [Apache Maven](http://maven.apache.org),
+**Kyuubi** is built based on [Apache Maven](https://maven.apache.org),
 
 ```bash
 ./build/mvn clean package -DskipTests
diff --git a/docs/develop_tools/testing.md b/docs/develop_tools/testing.md
index 48a2e9787..3e63aa1a2 100644
--- a/docs/develop_tools/testing.md
+++ b/docs/develop_tools/testing.md
@@ -17,8 +17,8 @@
 
 # Running Tests
 
-**Kyuubi** can be tested based on [Apache Maven](http://maven.apache.org) and the ScalaTest Maven Plugin,
-please refer to the [ScalaTest documentation](http://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin),
+**Kyuubi** can be tested based on [Apache Maven](https://maven.apache.org) and the ScalaTest Maven Plugin,
+please refer to the [ScalaTest documentation](https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin),
 
 ## Running Tests Fully
 
diff --git a/docs/extensions/engines/spark/lineage.md b/docs/extensions/engines/spark/lineage.md
index 1ef28c173..8f2f76c9f 100644
--- a/docs/extensions/engines/spark/lineage.md
+++ b/docs/extensions/engines/spark/lineage.md
@@ -97,7 +97,7 @@ Currently supported column lineage for spark's `Command` and `Query` type:
 
 ### Build with Apache Maven
 
-Kyuubi Spark Lineage Listener Extension is built using [Apache Maven](http://maven.apache.org).
+Kyuubi Spark Lineage Listener Extension is built using [Apache Maven](https://maven.apache.org).
 To build it, `cd` to the root direct of kyuubi project and run:
 
 ```shell
diff --git a/docs/make.bat b/docs/make.bat
index 1f441aefc..b8c48a2db 100644
--- a/docs/make.bat
+++ b/docs/make.bat
@@ -38,7 +38,7 @@ if errorlevel 9009 (
 	echo.may add the Sphinx directory to PATH.
 	echo.
 	echo.If you don't have Sphinx installed, grab it from
-	echo.http://sphinx-doc.org/
+	echo.https://www.sphinx-doc.org/
 	exit /b 1
 )
 
diff --git a/docs/monitor/logging.md b/docs/monitor/logging.md
index 8d373f5a9..24a5a88d6 100644
--- a/docs/monitor/logging.md
+++ b/docs/monitor/logging.md
@@ -265,5 +265,5 @@ You will both get the final results and the corresponding operation logs telling
 - [Monitoring Kyuubi - Server Metrics](metrics.md)
 - [Trouble Shooting](trouble_shooting.md)
 - Spark Online Documentation
-  - [Monitoring and Instrumentation](http://spark.apache.org/docs/latest/monitoring.html)
+  - [Monitoring and Instrumentation](https://spark.apache.org/docs/latest/monitoring.html)
 
diff --git a/docs/overview/architecture.md b/docs/overview/architecture.md
index ec4dc0d8d..4df5e24a4 100644
--- a/docs/overview/architecture.md
+++ b/docs/overview/architecture.md
@@ -107,7 +107,7 @@ and these applications can be placed in different shared domains for other conne
 Kyuubi does not occupy any resources from the Cluster Manager(e.g. Yarn) during startup and will give all resources back if there
 is not any active session interacting with a `SparkContext`.
 
-Spark also provides [Dynamic Resource Allocation](http://spark.apache.org/docs/latest/job-scheduling.html#dynamic-resource-allocation) to dynamically adjust the resources your application occupies based on the workload. It means
+Spark also provides [Dynamic Resource Allocation](https://spark.apache.org/docs/latest/job-scheduling.html#dynamic-resource-allocation) to dynamically adjust the resources your application occupies based on the workload. It means
 that your application may give resources back to the cluster if they are no longer used and request them again later when
 there is demand. This feature is handy if multiple applications share resources in your Spark cluster.
 
@@ -172,5 +172,5 @@ We also create a [Submarine: Spark Security](https://mvnrepository.com/artifact/
 
 ## Conclusions
 
-Kyuubi is a unified multi-tenant JDBC interface for large-scale data processing and analytics, built on top of [Apache Spark™](http://spark.apache.org/).
+Kyuubi is a unified multi-tenant JDBC interface for large-scale data processing and analytics, built on top of [Apache Spark™](https://spark.apache.org/).
 It extends the Spark Thrift Server's scenarios in enterprise applications, the most important of which is multi-tenancy support.
diff --git a/docs/overview/kyuubi_vs_hive.md b/docs/overview/kyuubi_vs_hive.md
index f69215240..43ffac146 100644
--- a/docs/overview/kyuubi_vs_hive.md
+++ b/docs/overview/kyuubi_vs_hive.md
@@ -34,14 +34,14 @@ have multiple reducer stages.
 
 - 
 
-|             Kyuubi             |                                  HiveServer2                                   |
-|--------------------------------|--------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| ** Language **                 | Spark SQL                                                                      | Hive QL                                                                                                                                                            |
-| ** Optimizer **                | Spark SQL Catalyst                                                             | Hive Optimizer                                                                                                                                                     |
-| ** Engine **                   | up to Spark 3.x                                                                | MapReduce/[up to Spark 2.3](https://cwiki.apache.org/confluence/display/Hive/Hive+on+Spark%3A+Getting+Started#HiveonSpark:GettingStarted-VersionCompatibility)/Tez |
-| ** Performance **              | High                                                                           | Low                                                                                                                                                                |
-| ** Compatibility with Spark ** | Good                                                                           | Bad(need to rebuild on a specific version)                                                                                                                         |
-| ** Data Types **               | [Spark Data Types](http://spark.apache.org/docs/latest/sql-ref-datatypes.html) | [Hive Data Types](https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Types)                                                                           |
+|             Kyuubi             |                                   HiveServer2                                   |
+|--------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| ** Language **                 | Spark SQL                                                                       | Hive QL                                                                                                                                                            |
+| ** Optimizer **                | Spark SQL Catalyst                                                              | Hive Optimizer                                                                                                                                                     |
+| ** Engine **                   | up to Spark 3.x                                                                 | MapReduce/[up to Spark 2.3](https://cwiki.apache.org/confluence/display/Hive/Hive+on+Spark%3A+Getting+Started#HiveonSpark:GettingStarted-VersionCompatibility)/Tez |
+| ** Performance **              | High                                                                            | Low                                                                                                                                                                |
+| ** Compatibility with Spark ** | Good                                                                            | Bad(need to rebuild on a specific version)                                                                                                                         |
+| ** Data Types **               | [Spark Data Types](https://spark.apache.org/docs/latest/sql-ref-datatypes.html) | [Hive Data Types](https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Types)                                                                           |
 
 ## Performance
 
diff --git a/docs/overview/kyuubi_vs_thriftserver.md b/docs/overview/kyuubi_vs_thriftserver.md
index 00a03c3b2..66f900c74 100644
--- a/docs/overview/kyuubi_vs_thriftserver.md
+++ b/docs/overview/kyuubi_vs_thriftserver.md
@@ -19,7 +19,7 @@
 
 ## Introductions
 
-The Apache Spark [Thrift JDBC/ODBC Server](http://spark.apache.org/docs/latest/sql-distributed-sql-engine.html) is a Thrift service implemented by the Apache Spark community based on HiveServer2.
+The Apache Spark [Thrift JDBC/ODBC Server](https://spark.apache.org/docs/latest/sql-distributed-sql-engine.html) is a Thrift service implemented by the Apache Spark community based on HiveServer2.
 Designed to be seamlessly compatible with HiveServer2, it provides Spark SQL capabilities to end-users in a pure SQL way through a JDBC interface.
 This "out-of-the-box" model minimizes the barriers and costs for users to use Spark.
 
diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md
index 2756cc356..3886f08df 100644
--- a/docs/security/authorization/spark/build.md
+++ b/docs/security/authorization/spark/build.md
@@ -19,7 +19,7 @@
 
 ## Build with Apache Maven
 
-Kyuubi Spark AuthZ Plugin is built using [Apache Maven](http://maven.apache.org).
+Kyuubi Spark AuthZ Plugin is built using [Apache Maven](https://maven.apache.org).
 To build it, `cd` to the root direct of kyuubi project and run:
 
 ```shell
diff --git a/docs/security/kinit.md b/docs/security/kinit.md
index e9dfbc491..0d613e000 100644
--- a/docs/security/kinit.md
+++ b/docs/security/kinit.md
@@ -104,5 +104,5 @@ hadoop.proxyuser.<user name in principal>.hosts *
 ## Further Readings
 
 - [Hadoop in Secure Mode](https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html)
-- [Use Kerberos for authentication in Spark](http://spark.apache.org/docs/latest/security.html#kerberos)
+- [Use Kerberos for authentication in Spark](https://spark.apache.org/docs/latest/security.html#kerberos)
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 28a752368..7ea4d49b2 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -165,7 +165,7 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
     newOutput += ("Setting them in `$SPARK_HOME/conf/spark-defaults.conf`" +
       " supplies with default values for SQL engine application. Available properties can be" +
       " found at Spark official online documentation for" +
-      " [Spark Configurations](http://spark.apache.org/docs/latest/configuration.html)")
+      " [Spark Configurations](https://spark.apache.org/docs/latest/configuration.html)")
 
     newOutput += ""
     newOutput += ("### Via kyuubi-defaults.conf")
@@ -187,19 +187,19 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
     newOutput += ("- **Runtime SQL Configuration**")
     newOutput += ""
     newOutput += ("  - For [Runtime SQL Configurations](" +
-      "http://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they" +
+      "https://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they" +
       " will take affect every time")
     newOutput += ("- **Static SQL and Spark Core Configuration**")
     newOutput += ""
     newOutput += ("  - For [Static SQL Configurations](" +
-      "http://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and" +
+      "https://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and" +
       " other spark core configs, e.g. `spark.executor.memory`, they will take effect if there" +
       " is no existing SQL engine application. Otherwise, they will just be ignored")
     newOutput += ""
     newOutput += ("### Via SET Syntax")
     newOutput += ""
     newOutput += ("Please refer to the Spark official online documentation for" +
-      " [SET Command](http://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)")
+      " [SET Command](https://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)")
     newOutput += ""
 
     newOutput += ("## Flink Configurations")
@@ -259,9 +259,9 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
     newOutput += ("Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration" +
       " files or treating them as Spark properties with a `spark.hadoop.` prefix." +
       " Please refer to the Spark official online documentation for" +
-      " [Inheriting Hadoop Cluster Configuration](http://spark.apache.org/docs/latest/" +
+      " [Inheriting Hadoop Cluster Configuration](https://spark.apache.org/docs/latest/" +
       "configuration.html#inheriting-hadoop-cluster-configuration)." +
-      " Also, please refer to the [Apache Hadoop](http://hadoop.apache.org)'s" +
+      " Also, please refer to the [Apache Hadoop](https://hadoop.apache.org)'s" +
       " online documentation for an overview on how to configure Hadoop.")
     newOutput += ""
     newOutput += ("### Hive Configurations")

From eef6947ccab41570676c7fe0a3d8cd71ac8816fb Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 3 Feb 2023 16:17:11 +0800
Subject: [PATCH 004/760] [KYUUBI #4144][FOLLOWUP] Do not cleanup upload dir
 because of batch recovery and fix temp file leak

### _Why are the changes needed?_

Address comments: https://github.com/apache/kyuubi/pull/4144#issuecomment-1412078077
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4231 from turboFei/uploading_resource_followup.

Closes #4144

93ccd9534 [fwang12] comments
81a224dce [fwang12] ut
6b226969a [fwang12] prevent temp file leak
17a4e394c [fwang12] Do not remove upload dir

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../main/scala/org/apache/kyuubi/Utils.scala  | 14 --------------
 .../engine/KyuubiApplicationManager.scala     | 14 +-------------
 .../kyuubi/operation/BatchJobSubmission.scala | 19 +++++++++++++++----
 .../server/api/v1/BatchesResource.scala       |  2 +-
 .../server/api/v1/BatchesResourceSuite.scala  |  8 +++++++-
 5 files changed, 24 insertions(+), 33 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
index 7283ea040..7ab312fa1 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
@@ -143,20 +143,6 @@ object Utils extends Logging {
     f.delete()
   }
 
-  /**
-   * delete file in path with logging
-   * @param filePath path to file for deletion
-   * @param errorMessage message as prefix logging with error exception
-   */
-  def deleteFile(filePath: String, errorMessage: String): Unit = {
-    try {
-      Files.delete(Paths.get(filePath))
-    } catch {
-      case e: Exception =>
-        error(s"$errorMessage: $filePath ", e)
-    }
-  }
-
   /**
    * Create a temporary directory inside the given parent directory. The directory will be
    * automatically deleted when the VM shuts down.
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index b76f08833..70c130012 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -59,7 +59,6 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
         case NonFatal(e) => warn(s"Error stopping ${op.getClass.getSimpleName}: ${e.getMessage}")
       }
     }
-    deleteTempDirForUpload()
     super.stop()
   }
 
@@ -92,17 +91,6 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
       case None => None
     }
   }
-
-  private def deleteTempDirForUpload(): Unit = {
-    try {
-      Utils.deleteDirectoryRecursively(KyuubiApplicationManager.tempDirForUpload.toFile)
-    } catch {
-      case e: Exception => error(
-          "Failed to delete temporary folder for uploading " +
-            s"${KyuubiApplicationManager.tempDirForUpload}",
-          e)
-    }
-  }
 }
 
 object KyuubiApplicationManager {
@@ -122,7 +110,7 @@ object KyuubiApplicationManager {
     conf.set(FlinkProcessBuilder.TAG_KEY, newTag)
   }
 
-  lazy val tempDirForUpload: Path = {
+  val uploadWorkDir: Path = {
     val path = Utils.getAbsolutePathFromWork("upload")
     val pathFile = path.toFile
     if (!pathFile.exists()) {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 4436926db..f061d977d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.operation
 
 import java.io.IOException
+import java.nio.file.{Files, Paths}
 import java.util.Locale
 import java.util.concurrent.TimeUnit
 
@@ -25,7 +26,7 @@ import com.codahale.metrics.MetricRegistry
 import com.google.common.annotations.VisibleForTesting
 import org.apache.hive.service.rpc.thrift._
 
-import org.apache.kyuubi.{KyuubiException, KyuubiSQLException, Utils}
+import org.apache.kyuubi.{KyuubiException, KyuubiSQLException}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationState, KillResponse, ProcBuilder}
 import org.apache.kyuubi.engine.spark.SparkBatchProcessBuilder
@@ -267,9 +268,7 @@ class BatchJobSubmission(
       }
     } finally {
       builder.close()
-      if (session.isResourceUploaded) {
-        Utils.deleteFile(resource, "Failed to delete temporary uploaded resource file")
-      }
+      cleanupUploadedResourceIfNeeded()
     }
   }
 
@@ -327,12 +326,14 @@ class BatchJobSubmission(
       if (isTerminalState(state)) {
         killMessage = (false, s"batch $batchId is already terminal so can not kill it.")
         builder.close()
+        cleanupUploadedResourceIfNeeded()
         return
       }
 
       try {
         killMessage = killBatchApplication()
         builder.close()
+        cleanupUploadedResourceIfNeeded()
       } finally {
         if (state == OperationState.INITIALIZED) {
           // if state is INITIALIZED, it means that the batch submission has not started to run, set
@@ -363,6 +364,16 @@ class BatchJobSubmission(
   override def isTimedOut: Boolean = false
 
   override protected def eventEnabled: Boolean = true
+
+  private def cleanupUploadedResourceIfNeeded(): Unit = {
+    if (session.isResourceUploaded) {
+      try {
+        Files.deleteIfExists(Paths.get(resource))
+      } catch {
+        case e: Throwable => error(s"Error deleting the uploaded resource: $resource", e)
+      }
+    }
+  }
 }
 
 object BatchJobSubmission {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 24f99a24c..969362f7d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -184,7 +184,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
         " of batchRequest is application/json")
     val tempFile = Utils.writeToTempFile(
       resourceFileInputStream,
-      KyuubiApplicationManager.tempDirForUpload,
+      KyuubiApplicationManager.uploadWorkDir,
       resourceFileMetadata.getFileName)
     batchRequest.setResource(tempFile.getPath)
     openBatchSessionInternal(batchRequest, isResourceFromUpload = true)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 7c06063a6..c77d364f3 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -35,7 +35,7 @@ import org.apache.kyuubi.{BatchTestHelper, KyuubiFunSuite, RestFrontendTestHelpe
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.ApplicationInfo
+import org.apache.kyuubi.engine.{ApplicationInfo, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.spark.SparkBatchProcessBuilder
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.operation.{BatchJobSubmission, OperationState}
@@ -219,6 +219,12 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     assert(batch.getName === sparkBatchTestAppName)
     assert(batch.getCreateTime > 0)
     assert(batch.getEndTime === 0)
+
+    webTarget.path(s"api/v1/batches/${batch.getId()}").request(
+      MediaType.APPLICATION_JSON_TYPE).delete()
+    eventually(timeout(3.seconds)) {
+      assert(KyuubiApplicationManager.uploadWorkDir.toFile.listFiles().isEmpty)
+    }
   }
 
   test("get batch session list") {

From 265aaf28543a659e6590bc1ecc86c7f2f53fba50 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 3 Feb 2023 16:17:39 +0800
Subject: [PATCH 005/760] [KYUUBI #3658][FOLLOWUP] Show ssl enabled protocols

### _Why are the changes needed?_

Before:
```
2023-02-02 22:21:35.507 INFO org.apache.kyuubi.server.KyuubiTBinaryFrontendService: SSL Server Socket enabled protocols: [Ljava.lang.String;2fca3eb5
```

Seems `enabledProtocols` is a java array, the output is not friendly.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4238 from turboFei/ssl_followup.

Closes #3658

999ef90e6 [fwang12] Show enabled ssl protocols

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/service/TBinaryFrontendService.scala      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
index 74cf4e2e6..2e8a8b765 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
@@ -163,7 +163,7 @@ abstract class TBinaryFrontendService(name: String)
           }
         }
         sslServerSocket.setEnabledProtocols(enabledProtocols)
-        info(s"SSL Server Socket enabled protocols: $enabledProtocols")
+        info(s"SSL Server Socket enabled protocols: ${enabledProtocols.mkString(",")}")
 
       case _ =>
     }

From f6778487ea8071443fe185114dd74f7d6326f1ad Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 3 Feb 2023 16:57:12 +0800
Subject: [PATCH 006/760] [KYUUBI #4239] Remove duplicate buildConf methods and
 use `KyuubiConf.buildConf` directly

### _Why are the changes needed?_

- Remove duplicate buildConf methods in a series configs , change to import and use `KyuubiConf.buildConf` directly

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4239 from bowenliang123/duplicate-buildconf.

Closes #4239

04495e69 [liangbowen] remove duplciate buildConf methods

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/scala/org/apache/kyuubi/ctl/CtlConf.scala       | 5 ++---
 .../scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala    | 5 ++---
 .../main/scala/org/apache/kyuubi/metrics/MetricsConf.scala   | 5 ++---
 .../kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala  | 5 ++---
 .../scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala    | 5 ++---
 5 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/CtlConf.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/CtlConf.scala
index f299a5a88..58b65582a 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/CtlConf.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/CtlConf.scala
@@ -19,12 +19,11 @@ package org.apache.kyuubi.ctl
 
 import java.time.Duration
 
-import org.apache.kyuubi.config.{ConfigBuilder, ConfigEntry, KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.config.{ConfigEntry, OptionalConfigEntry}
+import org.apache.kyuubi.config.KyuubiConf.buildConf
 
 object CtlConf {
 
-  private def buildConf(key: String): ConfigBuilder = KyuubiConf.buildConf(key)
-
   val CTL_REST_CLIENT_BASE_URL: OptionalConfigEntry[String] =
     buildConf("kyuubi.ctl.rest.base.url")
       .doc("The REST API base URL, " +
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
index 6052e31f5..148a21e4d 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
@@ -21,14 +21,13 @@ import java.time.Duration
 
 import org.apache.hadoop.security.UserGroupInformation
 
-import org.apache.kyuubi.config.{ConfigBuilder, ConfigEntry, KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.config.{ConfigEntry, KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.config.KyuubiConf.buildConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.ha.client.RetryPolicies
 
 object HighAvailabilityConf {
 
-  private def buildConf(key: String): ConfigBuilder = KyuubiConf.buildConf(key)
-
   @deprecated("using kyuubi.ha.addresses instead", "1.6.0")
   val HA_ZK_QUORUM: ConfigEntry[String] = buildConf("kyuubi.ha.zookeeper.quorum")
     .doc("(deprecated) The connection string for the ZooKeeper ensemble")
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
index daa221b78..ad734ced5 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
@@ -19,13 +19,12 @@ package org.apache.kyuubi.metrics
 
 import java.time.Duration
 
-import org.apache.kyuubi.config.{ConfigBuilder, ConfigEntry, KyuubiConf}
+import org.apache.kyuubi.config.ConfigEntry
+import org.apache.kyuubi.config.KyuubiConf.buildConf
 import org.apache.kyuubi.metrics.ReporterType._
 
 object MetricsConf {
 
-  private def buildConf(key: String): ConfigBuilder = KyuubiConf.buildConf(key)
-
   val METRICS_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.metrics.enabled")
       .doc("Set to true to enable kyuubi metrics system")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
index 84067b8d0..de30b6e66 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
@@ -19,13 +19,12 @@ package org.apache.kyuubi.server.metadata.jdbc
 
 import java.util.{Locale, Properties}
 
-import org.apache.kyuubi.config.{ConfigBuilder, ConfigEntry, KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.config.{ConfigEntry, KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.config.KyuubiConf.buildConf
 
 object JDBCMetadataStoreConf {
   final val METADATA_STORE_JDBC_DATASOURCE_PREFIX = "kyuubi.metadata.store.jdbc.datasource"
 
-  private def buildConf(key: String): ConfigBuilder = KyuubiConf.buildConf(key)
-
   /** Get metadata store jdbc datasource properties. */
   def getMetadataStoreJDBCDataSourceProperties(conf: KyuubiConf): Properties = {
     val datasourceProperties = new Properties()
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
index ee1fe00dc..c6256a5e3 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
@@ -17,12 +17,11 @@
 
 package org.apache.kyuubi.zookeeper
 
-import org.apache.kyuubi.config.{ConfigBuilder, ConfigEntry, KyuubiConf, OptionalConfigEntry}
+import org.apache.kyuubi.config.{ConfigEntry, OptionalConfigEntry}
+import org.apache.kyuubi.config.KyuubiConf.buildConf
 
 object ZookeeperConf {
 
-  private def buildConf(key: String): ConfigBuilder = KyuubiConf.buildConf(key)
-
   @deprecated("using kyuubi.zookeeper.embedded.client.port instead", since = "1.2.0")
   val EMBEDDED_ZK_PORT: ConfigEntry[Int] = buildConf("kyuubi.zookeeper.embedded.port")
     .doc("The port of the embedded ZooKeeper server")

From 4dd00c14995a2814971a416902eb6451cef96c35 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Mon, 6 Feb 2023 09:50:23 +0800
Subject: [PATCH 007/760] [KYUUBI #4247] Bump maven from 3.8.6 to 3.6.7

### _Why are the changes needed?_

For `maven version` in CI is 3.8.7(get info by adding `/usr/bin/mvn --version` in `.github/workflows/dep.yaml`),
![popo_2023-02-06  09-34-07](https://user-images.githubusercontent.com/52876270/216862168-beda949f-a77b-44db-ad11-b959e27627ef.jpg)

We should bump maven version property in parent pom.yaml 3.8.6 => 3.8.7.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4247 from zwangsheng/bump/build_mvn_version.

Closes #4247

431c248e8 [zwangsheng] [Bump] Maven Version for build/mvn

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 723123475..8a86d8501 100644
--- a/pom.xml
+++ b/pom.xml
@@ -108,7 +108,7 @@
 
     <properties>
         <java.version>1.8</java.version>
-        <maven.version>3.8.6</maven.version>
+        <maven.version>3.8.7</maven.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <scala.version>2.12.17</scala.version>

From 8a99750a20b593f97ecf8a5d57efde5aedfa91a0 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Mon, 6 Feb 2023 10:11:00 +0800
Subject: [PATCH 008/760] [KYUUBI #4147] [K8S][HELM] Add configuration support
 for multiple frontends to helm chart

### _Why are the changes needed?_
The changes allow to configure multiple frontends in the helm chart.
Notes:
 - Removed unused code
 - `server.confDir` renamed to `kyuubiConfDir`
 - `server.conf` renamed to `kyuubiConf`
 - `livenessProbe` and `readinessProbe` changed to execute `bin/kyuubi status` which actually prints `Kyuubi is not running`. The issue needs to be reviewed. Also `livenessProbe` and `readinessProbe` should be revisited in the next PR.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4147 from dnskr/helm_frontend_configs.

Closes #4147

ab10dd15b [dnskr] [K8S][HELM] Address PR comments
65e1f593e [dnskr] [K8S][HELM] Address some PR comments
36b5fc64f [dnskr] [K8S][HELM] Add configuration support for multiple frontends to helm chart

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/NOTES.txt             | 30 +++++++-
 charts/kyuubi/templates/_helpers.tpl          | 37 +++------
 charts/kyuubi/templates/kyuubi-configmap.yaml | 14 ++--
 .../kyuubi/templates/kyuubi-deployment.yaml   | 19 +++--
 charts/kyuubi/templates/kyuubi-service.yaml   | 35 +++++----
 charts/kyuubi/values.yaml                     | 76 +++++++++++++------
 6 files changed, 130 insertions(+), 81 deletions(-)

diff --git a/charts/kyuubi/templates/NOTES.txt b/charts/kyuubi/templates/NOTES.txt
index 44a35b6b7..be29b8048 100644
--- a/charts/kyuubi/templates/NOTES.txt
+++ b/charts/kyuubi/templates/NOTES.txt
@@ -15,7 +15,29 @@
 # limitations under the License.
 #
 
-Get kyuubi expose URL by running these commands:
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kyuubi.fullname" . }}-nodeport)
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo $NODE_IP:$NODE_PORT
\ No newline at end of file
+The chart has been installed!
+
+In order to check the release status, use:
+  helm status {{ .Release.Name }} -n {{ .Release.Namespace }}
+    or for more detailed info
+  helm get all {{ .Release.Name }} -n {{ .Release.Namespace }}
+
+************************
+******* Services *******
+************************
+{{- range $name, $frontend := .Values.server }}
+{{- if $frontend.enabled }}
+{{ $name | snakecase | upper }}:
+- To access {{ $.Release.Name }}-{{ $name | kebabcase }} service within the cluster, use the following URL:
+    {{ $.Release.Name }}-{{ $name | kebabcase }}.{{ $.Release.Namespace }}.svc.cluster.local
+- To access {{ $.Release.Name }}-{{ $name | kebabcase }} service from outside the cluster for debugging, run the following command:
+    kubectl port-forward svc/{{ $.Release.Name }}-{{ $name | kebabcase }} {{ tpl $frontend.service.port $ }}:{{ tpl $frontend.service.port $ }} -n {{ $.Release.Namespace }}
+  and use 127.0.0.1:{{ tpl $frontend.service.port $ }}
+{{- if eq $frontend.service.type "NodePort" }}
+- To access {{ $.Release.Name }}-{{ $name | kebabcase }} service from outside the cluster through configured NodePort, run the following commands:
+    export NODE_PORT=$(kubectl get service {{ $.Release.Name }}-{{ $name | kebabcase }} -n {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}")
+    export NODE_IP=$(kubectl get nodes -n {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    echo http://$NODE_IP:$NODE_PORT
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kyuubi/templates/_helpers.tpl b/charts/kyuubi/templates/_helpers.tpl
index 684c1f354..cd4865a12 100644
--- a/charts/kyuubi/templates/_helpers.tpl
+++ b/charts/kyuubi/templates/_helpers.tpl
@@ -16,33 +16,18 @@
 */}}
 
 {{/*
-Expand the name of the chart.
+A comma separated string of enabled frontend protocols, e.g. "REST,THRIFT_BINARY".
+For details, see 'kyuubi.frontend.protocols': https://kyuubi.readthedocs.io/en/master/deployment/settings.html#frontend
 */}}
-{{- define "kyuubi.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kyuubi.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- define "kyuubi.frontend.protocols" -}}
+{{- $protocols := list }}
+{{- range $name, $frontend := .Values.server }}
+  {{- if $frontend.enabled }}
+    {{- $protocols = $name | snakecase | upper | append $protocols }}
+  {{- end }}
 {{- end }}
+{{- if not $protocols }}
+  {{ fail "At least one frontend protocol must be enabled!" }}
 {{- end }}
+{{- $protocols |  join "," }}
 {{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kyuubi.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index ada9e3dc8..7a96daaf7 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -26,22 +26,26 @@ metadata:
     app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
-  {{- with .Values.server.conf.kyuubiEnv }}
+  {{- with .Values.kyuubiConf.kyuubiEnv }}
   kyuubi-env.sh: |
     #!/usr/bin/env bash
     {{- tpl . $ | nindent 4 }}
   {{- end }}
   kyuubi-defaults.conf: |
     ## Helm chart provided Kyuubi configurations
-    kyuubi.frontend.bind.host={{ .Values.server.bind.host }}
-    kyuubi.frontend.bind.port={{ .Values.server.bind.port }}
     kyuubi.kubernetes.namespace={{ .Release.Namespace }}
+    kyuubi.frontend.bind.host=localhost
+    kyuubi.frontend.thrift.binary.bind.port={{ .Values.server.thriftBinary.port }}
+    kyuubi.frontend.thrift.http.bind.port={{ .Values.server.thriftHttp.port }}
+    kyuubi.frontend.rest.bind.port={{ .Values.server.rest.port }}
+    kyuubi.frontend.mysql.bind.port={{ .Values.server.mysql.port }}
+    kyuubi.frontend.protocols={{ include "kyuubi.frontend.protocols" . }}
 
     ## User provided Kyuubi configurations
-    {{- with .Values.server.conf.kyuubiDefaults }}
+    {{- with .Values.kyuubiConf.kyuubiDefaults }}
     {{- tpl . $ | nindent 4 }}
     {{- end }}
-  {{- with .Values.server.conf.log4j2 }}
+  {{- with .Values.kyuubiConf.log4j2 }}
   log4j2.xml: |
     {{- tpl . $ | nindent 4 }}
   {{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index 941fdf164..998a87776 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -57,13 +57,16 @@ spec:
           envFrom: {{- tpl (toYaml .) $ | nindent 12 }}
           {{- end }}
           ports:
-            - name: frontend-port
-              containerPort: {{ .Values.server.bind.port }}
-              protocol: TCP
+            {{- range $name, $frontend := .Values.server }}
+            {{- if $frontend.enabled }}
+            - name: {{ $name | kebabcase }}
+              containerPort: {{ $frontend.port }}
+            {{- end }}
+            {{- end }}
           {{- if .Values.probe.liveness.enabled }}
           livenessProbe:
-            tcpSocket:
-              port: {{ .Values.server.bind.port }}
+            exec:
+              command: ["/bin/bash", "-c", "bin/kyuubi status"]
             initialDelaySeconds: {{ .Values.probe.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.probe.liveness.periodSeconds }}
             timeoutSeconds: {{ .Values.probe.liveness.timeoutSeconds }}
@@ -72,8 +75,8 @@ spec:
           {{- end }}
           {{- if .Values.probe.readiness.enabled }}
           readinessProbe:
-            tcpSocket:
-              port: {{ .Values.server.bind.port }}
+            exec:
+              command: ["/bin/bash", "-c", "$KYUUBI_HOME/bin/kyuubi status"]
             initialDelaySeconds: {{ .Values.probe.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.probe.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.probe.readiness.timeoutSeconds }}
@@ -85,7 +88,7 @@ spec:
           {{- end }}
           volumeMounts:
             - name: conf
-              mountPath: {{ .Values.server.confDir }}
+              mountPath: {{ .Values.kyuubiConfDir }}
             {{- with .Values.volumeMounts }}
               {{- tpl (toYaml .) $ | nindent 12 }}
             {{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-service.yaml b/charts/kyuubi/templates/kyuubi-service.yaml
index 0152bd23d..963f1fcc7 100644
--- a/charts/kyuubi/templates/kyuubi-service.yaml
+++ b/charts/kyuubi/templates/kyuubi-service.yaml
@@ -15,27 +15,34 @@
 # limitations under the License.
 #
 
+{{- range $name, $frontend := .Values.server }}
+{{- if $frontend.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ $.Release.Name }}-{{ $name | kebabcase }}
   labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  {{- with .Values.service.annotations }}
+    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
+    app.kubernetes.io/name: {{ $.Chart.Name }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+    app.kubernetes.io/version: {{ $.Values.image.tag | default $.Chart.AppVersion | quote }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service }}
+  {{- with $frontend.service.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
+  type: {{ $frontend.service.type }}
   ports:
-    - name: http
-      nodePort: {{ .Values.service.port }}
-      port: {{ .Values.server.bind.port }}
-      protocol: TCP
-  type: {{ .Values.service.type }}
+    - name: {{ $name | kebabcase }}
+      port: {{ tpl $frontend.service.port $ }}
+      targetPort: {{ $frontend.port }}
+      {{- if and (eq $frontend.service.type "NodePort") ($frontend.service.nodePort) }}
+      nodePort: {{ $frontend.service.nodePort }}
+      {{- end }}
   selector:
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/name: {{ $.Chart.Name }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index 22ae9d5a9..ddd16a9b7 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -58,22 +58,59 @@ probe:
     successThreshold: 1
 
 server:
-  bind:
-    host: 0.0.0.0
+  # Thrift Binary protocol (HiveServer2 compatible)
+  thriftBinary:
+    enabled: true
     port: 10009
-  confDir: /opt/kyuubi/conf
-  conf:
-    # The value (templated string) is used for kyuubi-env.sh file
-    # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#environments for more details
-    kyuubiEnv: ~
-
-    # The value (templated string) is used for kyuubi-defaults.conf file
-    # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#kyuubi-configurations for more details
-    kyuubiDefaults: ~
-
-    # The value (templated string) is used for log4j2.xml file
-    # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#logging for more details
-    log4j2: ~
+    service:
+      type: ClusterIP
+      port: "{{ .Values.server.thriftBinary.port }}"
+      nodePort: ~
+      annotations: {}
+
+  # Thrift HTTP protocol (HiveServer2 compatible)
+  thriftHttp:
+    enabled: false
+    port: 10010
+    service:
+      type: ClusterIP
+      port: "{{ .Values.server.thriftHttp.port }}"
+      nodePort: ~
+      annotations: {}
+
+  # REST API protocol (experimental)
+  rest:
+    enabled: false
+    port: 10099
+    service:
+      type: ClusterIP
+      port: "{{ .Values.server.rest.port }}"
+      nodePort: ~
+      annotations: {}
+
+  # MySQL compatible text protocol (experimental)
+  mysql:
+    enabled: false
+    port: 3309
+    service:
+      type: ClusterIP
+      port: "{{ .Values.server.mysql.port }}"
+      nodePort: ~
+      annotations: {}
+
+kyuubiConfDir: /opt/kyuubi/conf
+kyuubiConf:
+  # The value (templated string) is used for kyuubi-env.sh file
+  # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#environments for more details
+  kyuubiEnv: ~
+
+  # The value (templated string) is used for kyuubi-defaults.conf file
+  # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#kyuubi-configurations for more details
+  kyuubiDefaults: ~
+
+  # The value (templated string) is used for log4j2.xml file
+  # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#logging for more details
+  log4j2: ~
 
 # Environment variables (templated)
 env: []
@@ -89,15 +126,6 @@ initContainers: []
 # Additional containers for Kyuubi pod (templated)
 containers: []
 
-service:
-  type: NodePort
-  # The default port limit of kubernetes is 30000-32767
-  # to change:
-  #   vim kube-apiserver.yaml (usually under path: /etc/kubernetes/manifests/)
-  #   add or change line 'service-node-port-range=1-32767' under kube-apiserver
-  port: 30009
-  annotations: {}
-
 resources: {}
   # Used to specify resource, default unlimited.
   # If you do want to specify resources:

From 2b958c69e1c768f8982e8f9a59fe84bb116cf0b0 Mon Sep 17 00:00:00 2001
From: Alex Wiss-Wolferding <alex@nousot.com>
Date: Mon, 6 Feb 2023 10:20:23 +0800
Subject: [PATCH 009/760] [KYUUBI #4218] Using DB and table name when checking
 Delta table schema.

### _Why are the changes needed?_

To close #4218 .
This change ensures BI tools can list columns on Delta Lake tables in all schemas.

<img width="312" alt="image" src="https://user-images.githubusercontent.com/89149767/215793967-722eb5f9-ffe4-4ffb-b7f9-1ded06c146d7.png">

<img width="725" alt="image" src="https://user-images.githubusercontent.com/89149767/215794036-871f005f-1494-487d-90aa-1f99891177c2.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4219 from nousot-cloud-guy/feature/delta-db-schema.

Closes #4218

569843213 [Alex Wiss-Wolferding] Reversing match order in getColumnsByCatalog.
a6d973a3e [Alex Wiss-Wolferding] Revert "[KYUUBI #1458] Delta lake table columns won't show up in DBeaver."
20337dc96 [Alex Wiss-Wolferding] Revert "Using DB and table name when checking Delta table schema."
f7e4675a7 [Alex Wiss-Wolferding] Using DB and table name when checking Delta table schema.

Authored-by: Alex Wiss-Wolferding <alex@nousot.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/shim/CatalogShim_v2_4.scala     |  8 +-------
 .../engine/spark/shim/CatalogShim_v3_0.scala     | 16 ++++++++--------
 2 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
index 5977cd415..3478abc66 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
@@ -139,13 +139,7 @@ class CatalogShim_v2_4 extends SparkCatalogShim {
     databases.flatMap { db =>
       val identifiers = catalog.listTables(db, tablePattern, includeLocalTempViews = true)
       catalog.getTablesByName(identifiers).flatMap { t =>
-        val tableSchema =
-          if (t.provider.getOrElse("").equalsIgnoreCase("delta")) {
-            spark.table(t.identifier.table).schema
-          } else {
-            t.schema
-          }
-        tableSchema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
+        t.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
           .map { case (f, i) => toColumnResult(catalogName, t.database, t.identifier.table, f, i) }
       }
     }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
index d60f94ac7..50e641b59 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
@@ -188,14 +188,6 @@ class CatalogShim_v3_0 extends CatalogShim_v2_4 {
     val catalog = getCatalog(spark, catalogName)
 
     catalog match {
-      case builtin if builtin.name() == SESSION_CATALOG =>
-        super.getColumnsByCatalog(
-          spark,
-          SESSION_CATALOG,
-          schemaPattern,
-          tablePattern,
-          columnPattern)
-
       case tc: TableCatalog =>
         val namespaces = listNamespacesWithPattern(catalog, schemaPattern)
         val tp = tablePattern.r.pattern
@@ -210,6 +202,14 @@ class CatalogShim_v3_0 extends CatalogShim_v2_4 {
           table.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
             .map { case (f, i) => toColumnResult(tc.name(), namespace, tableName, f, i) }
         }
+
+      case builtin if builtin.name() == SESSION_CATALOG =>
+        super.getColumnsByCatalog(
+          spark,
+          SESSION_CATALOG,
+          schemaPattern,
+          tablePattern,
+          columnPattern)
     }
   }
 }

From b84cb2f2d7a00c3f3a8f08dbab95f553b547fe3b Mon Sep 17 00:00:00 2001
From: runzhliu <runzhliu@163.com>
Date: Mon, 6 Feb 2023 10:27:23 +0800
Subject: [PATCH 010/760] [KYUUBI #4234] Keep the same version for  Integration
 Test on Kubernetes

### _Why are the changes needed?_

Keep the same version for  Integration Tests on Kubernetes and Minikube.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4234 from runzhliu/master.

Closes #4234

94345659d [runzhliu] Keep the same version for  Integration test on Kubernetes

Authored-by: runzhliu <runzhliu@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 6bb2658ef..59bcdbd58 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -398,8 +398,9 @@ jobs:
       - name: Setup Minikube
         uses: manusa/actions-setup-minikube@v2.7.2
         with:
-          minikube version: 'v1.25.2'
-          kubernetes version: 'v1.23.3'
+          minikube version: 'v1.28.0'
+          kubernetes version: 'v1.25.4'
+          github token: ${{ secrets.GITHUB_TOKEN }}
           driver: docker
           start args: '--extra-config=kubeadm.ignore-preflight-errors=NumCPU --force --cpus 2 --memory 4096'
       # in case: https://spark.apache.org/docs/latest/running-on-kubernetes.html#rbac

From 8760eeef0eb1fba98db1b892510d89285b4f1727 Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Mon, 6 Feb 2023 11:12:00 +0800
Subject: [PATCH 011/760] [KYUUBI #4241] Only force close engine ref when open
 session failed

### _Why are the changes needed?_

We do not need force close engine builder and application if open session succeded. The engine itself will shutdown in connection level.

This pr tries to fix regression of https://github.com/apache/kyuubi/pull/2482

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4241 from ulysses-you/skip-close.

Closes #4241

0b280411 [ulysses-you] style
16369123 [ulysses-you] Only force close engine ref when open session failed

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 536034b9c..ce94b0275 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -105,6 +105,8 @@ class KyuubiSessionImpl(
 
   private var _engineSessionHandle: SessionHandle = _
 
+  private var openSessionError: Option[Throwable] = None
+
   override def open(): Unit = handleSessionException {
     traceMetricsOnOpen()
 
@@ -170,6 +172,7 @@ class KyuubiSessionImpl(
                 s"Opening engine [${engine.defaultEngineName} $host:$port]" +
                   s" for $user session failed",
                 e)
+              openSessionError = Some(e)
               throw e
           } finally {
             attempt += 1
@@ -247,7 +250,7 @@ class KyuubiSessionImpl(
     try {
       if (_client != null) _client.closeSession()
     } finally {
-      if (engine != null) engine.close()
+      openSessionError.foreach { _ => if (engine != null) engine.close() }
       sessionEvent.endTime = System.currentTimeMillis()
       EventBus.post(sessionEvent)
       traceMetricsOnClose()

From 5b70b41a010bf8c90037d35a6f354be56f3f95d7 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 6 Feb 2023 14:51:17 +0800
Subject: [PATCH 012/760] [KYUUBI #4244] Improvement in auto-generated Markdown
 docs with MarkdownBuilder

### _Why are the changes needed?_

Note:
- No output changes to existed generated docs as in `settings.md` and `functions.md`.

Improvement:
- readability in Scala code for doc auto-generation, and easy to maintain docs in group of sections
- reline on markdown linting from `flexmark`, and reducing un-meaningful blank lines or alignment
- declaration over operation by replacing repeated usages of `newOutput` itself by elegantly wrapped `.line`,`.lines`and etc.
- less fragile and more handy for changing in a long single line, as now using auto margin stripping in `.line()` method
- reusable extracted licence and auto-generation hints
- more elegant and safer way to read and appending file content
- possible less memory footprint by apply operators to Stream instead of to ArrayBuffer

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4244 from bowenliang123/config-regen.

Closes #4244

3d90ad304 [liangbowen] make buffer private in MarkdownBuilder
8250a55f3 [liangbowen] remove licence.md
a4c7baf78 [liangbowen] add MarkdownBuilder.apply
248a046a4 [liangbowen] Improvement in auto-generated Markdown docs with MarkdownBuilder

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../udf/KyuubiDefinedFunctionSuite.scala      |  55 +--
 .../org/apache/kyuubi/MarkdownUtils.scala     | 213 +++++++++
 .../scala/org/apache/kyuubi/TestUtils.scala   |  84 ----
 .../config/AllKyuubiConfiguration.scala       | 413 ++++++++----------
 4 files changed, 406 insertions(+), 359 deletions(-)
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
index dc0513ed3..f355e1e6b 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
@@ -19,9 +19,7 @@ package org.apache.kyuubi.engine.spark.udf
 
 import java.nio.file.Paths
 
-import scala.collection.mutable.ArrayBuffer
-
-import org.apache.kyuubi.{KyuubiFunSuite, TestUtils, Utils}
+import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
 
 // scalastyle:off line.size.limit
 /**
@@ -48,44 +46,25 @@ class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
       .toAbsolutePath
 
   test("verify or update kyuubi spark sql functions") {
-    val newOutput = new ArrayBuffer[String]()
-    newOutput += "<!--"
-    newOutput += "- Licensed to the Apache Software Foundation (ASF) under one or more"
-    newOutput += "- contributor license agreements.  See the NOTICE file distributed with"
-    newOutput += "- this work for additional information regarding copyright ownership."
-    newOutput += "- The ASF licenses this file to You under the Apache License, Version 2.0"
-    newOutput += "- (the \"License\"); you may not use this file except in compliance with"
-    newOutput += "- the License.  You may obtain a copy of the License at"
-    newOutput += "-"
-    newOutput += "-   http://www.apache.org/licenses/LICENSE-2.0"
-    newOutput += "-"
-    newOutput += "- Unless required by applicable law or agreed to in writing, software"
-    newOutput += "- distributed under the License is distributed on an \"AS IS\" BASIS,"
-    newOutput += "- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied."
-    newOutput += "- See the License for the specific language governing permissions and"
-    newOutput += "- limitations under the License."
-    newOutput += "-->"
-    newOutput += ""
-    newOutput += ""
-    newOutput += "<!-- DO NOT MODIFY THIS FILE DIRECTLY, IT IS AUTO-GENERATED BY" +
-      " [org.apache.kyuubi.engine.spark.udf.KyuubiDefinedFunctionSuite] -->"
-    newOutput += ""
-    newOutput += "# Auxiliary SQL Functions"
-    newOutput += ""
-    newOutput += "Kyuubi provides several auxiliary SQL functions as supplement to Spark's " +
-      "[Built-in Functions](https://spark.apache.org/docs/latest/api/sql/index.html#" +
-      "built-in-functions)"
-    newOutput += ""
-    newOutput += "Name | Description | Return Type | Since"
-    newOutput += "--- | --- | --- | ---"
-    KDFRegistry
+    val builder = MarkdownBuilder(licenced = true, getClass.getName)
+
+    builder
+      .line("# Auxiliary SQL Functions")
+      .line("""Kyuubi provides several auxiliary SQL functions as supplement to Spark's
+        | [Built-in Functions](https://spark.apache.org/docs/latest/api/sql/index.html#
+        |built-in-functions)""")
+      .lines("""
+        | Name | Description | Return Type | Since
+        | --- | --- | --- | ---
+        |
+        |""")
     KDFRegistry.registeredFunctions.foreach { func =>
-      newOutput += s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}"
+      builder.line(s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}")
     }
-    newOutput += ""
-    TestUtils.verifyOutput(
+
+    MarkdownUtils.verifyOutput(
       markdown,
-      newOutput,
+      builder,
       getClass.getCanonicalName,
       "externals/kyuubi-spark-sql-engine")
   }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
new file mode 100644
index 000000000..45568df25
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
@@ -0,0 +1,213 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi
+
+import java.nio.charset.StandardCharsets
+import java.nio.file.{Files, Path, StandardOpenOption}
+
+import scala.collection.JavaConverters._
+import scala.collection.mutable.ArrayBuffer
+import scala.compat.Platform.EOL
+
+import com.vladsch.flexmark.formatter.Formatter
+import com.vladsch.flexmark.parser.{Parser, ParserEmulationProfile, PegdownExtensions}
+import com.vladsch.flexmark.profile.pegdown.PegdownOptionsAdapter
+import com.vladsch.flexmark.util.data.{MutableDataHolder, MutableDataSet}
+import org.scalatest.Assertions.{assertResult, withClue}
+
+object MarkdownUtils {
+
+  def verifyOutput(
+      markdown: Path,
+      newOutput: MarkdownBuilder,
+      agent: String,
+      module: String): Unit = {
+    val formatted = newOutput.formatMarkdown()
+    if (System.getenv("KYUUBI_UPDATE") == "1") {
+      Files.write(
+        markdown,
+        formatted.asJava,
+        StandardOpenOption.CREATE,
+        StandardOpenOption.TRUNCATE_EXISTING)
+    } else {
+      val linesInFile = Files.readAllLines(markdown, StandardCharsets.UTF_8)
+      linesInFile.asScala.zipWithIndex.zip(formatted).foreach { case ((str1, index), str2) =>
+        withClue(s"$markdown out of date, as line ${index + 1} is not expected." +
+          " Please update doc with KYUUBI_UPDATE=1 build/mvn clean test" +
+          s" -pl $module -am -Pflink-provided,spark-provided,hive-provided" +
+          s" -DwildcardSuites=$agent") {
+          assertResult(str2)(str1)
+        }
+      }
+    }
+  }
+
+  def line(str: String): String = {
+    str.stripMargin.replaceAll(EOL, "")
+  }
+
+  def appendBlankLine(buffer: ArrayBuffer[String]): Unit = buffer += ""
+
+  def appendFileContent(buffer: ArrayBuffer[String], path: Path): Unit = {
+    buffer += "```bash"
+    buffer ++= Files.readAllLines(path).asScala
+    buffer += "```"
+  }
+}
+
+class MarkdownBuilder {
+  private val buffer = new ArrayBuffer[String]()
+
+  /**
+   * append a single line
+   * with replacing EOL to empty string
+   * @param str single line
+   * @return
+   */
+  def line(str: String = ""): MarkdownBuilder = {
+    buffer += str.stripMargin.replaceAll(EOL, "")
+    this
+  }
+
+  /**
+   * append the multiline
+   * with splitting EOL into single lines
+   * @param multiline multiline with default line margin "|"
+   * @return
+   */
+  def lines(multiline: String): MarkdownBuilder = {
+    buffer ++= multiline.stripMargin.split(EOL)
+    this
+  }
+
+  /**
+   * append the licence
+   * @return
+   */
+  def licence(): MarkdownBuilder = {
+    lines("""
+        |<!--
+        |- Licensed to the Apache Software Foundation (ASF) under one or more
+        |- contributor license agreements.  See the NOTICE file distributed with
+        |- this work for additional information regarding copyright ownership.
+        |- The ASF licenses this file to You under the Apache License, Version 2.0
+        |- (the "License"); you may not use this file except in compliance with
+        |- the License.  You may obtain a copy of the License at
+        |-
+        |-   http://www.apache.org/licenses/LICENSE-2.0
+        |-
+        |- Unless required by applicable law or agreed to in writing, software
+        |- distributed under the License is distributed on an "AS IS" BASIS,
+        |- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+        |- See the License for the specific language governing permissions and
+        |- limitations under the License.
+        |-->
+        |""")
+  }
+
+  /**
+   * append the auto-generation hint
+   * @param className the full class name of agent suite
+   * @return
+   */
+  def generationHint(className: String): MarkdownBuilder = {
+    lines(s"""
+        |<!-- DO NOT MODIFY THIS FILE DIRECTLY, IT IS AUTO-GENERATED BY [$className] -->
+        |
+        |""")
+  }
+
+  /**
+   * append file content
+   * @param path file path
+   * @return
+   */
+  def file(path: Path): MarkdownBuilder = {
+    buffer ++= Files.readAllLines(path).asScala
+    this
+  }
+
+  /**
+   * append file content with code block quote
+   * @param path path to file
+   * @param language language of codeblock
+   * @return
+   */
+  def fileWithBlock(path: Path, language: String = "bash"): MarkdownBuilder = {
+    buffer += s"```$language"
+    file(path)
+    buffer += "```"
+    this
+  }
+
+  def formatMarkdown(): Stream[String] = {
+    def createParserOptions(emulationProfile: ParserEmulationProfile): MutableDataHolder = {
+      PegdownOptionsAdapter.flexmarkOptions(PegdownExtensions.ALL).toMutable
+        .set(Parser.PARSER_EMULATION_PROFILE, emulationProfile)
+    }
+
+    def createFormatterOptions(
+        parserOptions: MutableDataHolder,
+        emulationProfile: ParserEmulationProfile): MutableDataSet = {
+      new MutableDataSet()
+        .set(Parser.EXTENSIONS, Parser.EXTENSIONS.get(parserOptions))
+        .set(Formatter.FORMATTER_EMULATION_PROFILE, emulationProfile)
+    }
+
+    val emulationProfile = ParserEmulationProfile.COMMONMARK
+    val parserOptions = createParserOptions(emulationProfile)
+    val formatterOptions = createFormatterOptions(parserOptions, emulationProfile)
+    val parser = Parser.builder(parserOptions).build
+    val renderer = Formatter.builder(formatterOptions).build
+    val document = parser.parse(buffer.mkString(EOL))
+    val formattedLines = new ArrayBuffer[String](buffer.length)
+    val formattedLinesAppendable = new Appendable {
+      override def append(csq: CharSequence): Appendable = {
+        if (csq.length() > 0) {
+          formattedLines.append(csq.toString)
+        }
+        this
+      }
+
+      override def append(csq: CharSequence, start: Int, end: Int): Appendable = {
+        append(csq.toString.substring(start, end))
+      }
+
+      override def append(c: Char): Appendable = {
+        append(c.toString)
+      }
+    }
+    renderer.render(document, formattedLinesAppendable)
+    // trim the ending EOL appended by renderer for each line
+    formattedLines.toStream.map(str =>
+      if (str.endsWith(EOL)) {
+        str.substring(0, str.length - 1)
+      } else {
+        str
+      })
+  }
+}
+
+object MarkdownBuilder {
+  def apply(licenced: Boolean = true, className: String = null): MarkdownBuilder = {
+    val builder = new MarkdownBuilder
+    if (licenced) { builder.licence() }
+    if (className != null) { builder.generationHint(className) }
+    builder
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/TestUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/TestUtils.scala
index 16a49388f..97675768a 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/TestUtils.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/TestUtils.scala
@@ -14,99 +14,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.kyuubi
 
-import java.nio.charset.StandardCharsets
-import java.nio.file.{Files, Path, StandardOpenOption}
 import java.sql.ResultSet
 
-import scala.collection.JavaConverters._
 import scala.collection.mutable.ArrayBuffer
 
 import com.jakewharton.fliptables.FlipTable
-import com.vladsch.flexmark.formatter.Formatter
-import com.vladsch.flexmark.parser.{Parser, ParserEmulationProfile, PegdownExtensions}
-import com.vladsch.flexmark.profile.pegdown.PegdownOptionsAdapter
-import com.vladsch.flexmark.util.data.{MutableDataHolder, MutableDataSet}
-import com.vladsch.flexmark.util.sequence.SequenceUtils
-import org.scalatest.Assertions.{assertResult, withClue}
 
 object TestUtils {
-
-  private def formatMarkdown(lines: ArrayBuffer[String]): ArrayBuffer[String] = {
-    def createParserOptions(emulationProfile: ParserEmulationProfile): MutableDataHolder = {
-      PegdownOptionsAdapter.flexmarkOptions(PegdownExtensions.ALL).toMutable
-        .set(Parser.PARSER_EMULATION_PROFILE, emulationProfile)
-    }
-
-    def createFormatterOptions(
-        parserOptions: MutableDataHolder,
-        emulationProfile: ParserEmulationProfile): MutableDataSet = {
-      new MutableDataSet()
-        .set(Parser.EXTENSIONS, Parser.EXTENSIONS.get(parserOptions))
-        .set(Formatter.FORMATTER_EMULATION_PROFILE, emulationProfile)
-    }
-
-    val emulationProfile = ParserEmulationProfile.valueOf("COMMONMARK")
-    val parserOptions = createParserOptions(emulationProfile)
-    val formatterOptions = createFormatterOptions(parserOptions, emulationProfile)
-    val parser = Parser.builder(parserOptions).build
-    val renderer = Formatter.builder(formatterOptions).build
-    val document = parser.parse(lines.mkString(SequenceUtils.EOL))
-    val formattedLines = new ArrayBuffer[String]
-    val formattedLinesAppendable = new Appendable {
-      override def append(csq: CharSequence): Appendable = {
-        if (csq.length() > 0) {
-          formattedLines.append(csq.toString)
-        }
-        this
-      }
-
-      override def append(csq: CharSequence, start: Int, end: Int): Appendable = {
-        append(csq.toString.substring(start, end))
-      }
-
-      override def append(c: Char): Appendable = {
-        append(c.toString)
-      }
-    }
-    renderer.render(document, formattedLinesAppendable)
-    // trim the ending EOL appended by renderer for each line
-    formattedLines.map(str =>
-      if (str.nonEmpty && str.endsWith(SequenceUtils.EOL)) {
-        str.substring(0, str.length - 1)
-      } else {
-        str
-      })
-  }
-
-  def verifyOutput(
-      markdown: Path,
-      newOutput: ArrayBuffer[String],
-      agent: String,
-      module: String): Unit = {
-    if (System.getenv("KYUUBI_UPDATE") == "1") {
-      val formatted = formatMarkdown(newOutput)
-      Files.write(
-        markdown,
-        formatted.asJava,
-        StandardOpenOption.CREATE,
-        StandardOpenOption.TRUNCATE_EXISTING)
-    } else {
-      val linesInFile = Files.readAllLines(markdown, StandardCharsets.UTF_8)
-      val formatted = formatMarkdown(newOutput)
-      linesInFile.asScala.zipWithIndex.zip(formatted).foreach { case ((str1, index), str2) =>
-        withClue(s"$markdown out of date, as line ${index + 1} is not expected." +
-          " Please update doc with KYUUBI_UPDATE=1 build/mvn clean test" +
-          s" -pl $module -am -Pflink-provided,spark-provided,hive-provided" +
-          s" -DwildcardSuites=$agent") {
-          assertResult(str2)(str1)
-        }
-      }
-    }
-  }
-
   def displayResultSet(resultSet: ResultSet): Unit = {
     if (resultSet == null) throw new NullPointerException("resultSet == null")
     val resultSetMetaData = resultSet.getMetaData
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 7ea4d49b2..1d0e09544 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -17,13 +17,11 @@
 
 package org.apache.kyuubi.config
 
-import java.nio.charset.StandardCharsets
-import java.nio.file.{Files, Path, Paths}
+import java.nio.file.Paths
 
 import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
 
-import org.apache.kyuubi.{KyuubiFunSuite, TestUtils, Utils}
+import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
 import org.apache.kyuubi.ctl.CtlConf
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.metrics.MetricsConf
@@ -51,255 +49,196 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
   private val markdown = Paths.get(kyuubiHome, "docs", "deployment", "settings.md")
     .toAbsolutePath
 
-  def rewriteToConf(path: Path, buffer: ArrayBuffer[String]): Unit = {
-    val env =
-      Files.newBufferedReader(path, StandardCharsets.UTF_8)
-
-    try {
-      buffer += "```bash"
-      var line = env.readLine()
-      while (line != null) {
-        buffer += line
-        line = env.readLine()
-      }
-      buffer += "```"
-    } finally {
-      env.close()
-    }
-  }
+  private def loadConfigs = Array(
+    KyuubiConf,
+    CtlConf,
+    HighAvailabilityConf,
+    JDBCMetadataStoreConf,
+    MetricsConf,
+    ZookeeperConf)
 
   test("Check all kyuubi configs") {
-    KyuubiConf
-    CtlConf
-    HighAvailabilityConf
-    JDBCMetadataStoreConf
-    MetricsConf
-    ZookeeperConf
-
-    val newOutput = new ArrayBuffer[String]()
-    newOutput += "<!--"
-    newOutput += " - Licensed to the Apache Software Foundation (ASF) under one or more"
-    newOutput += " - contributor license agreements.  See the NOTICE file distributed with"
-    newOutput += " - this work for additional information regarding copyright ownership."
-    newOutput += " - The ASF licenses this file to You under the Apache License, Version 2.0"
-    newOutput += " - (the \"License\"); you may not use this file except in compliance with"
-    newOutput += " - the License.  You may obtain a copy of the License at"
-    newOutput += " -"
-    newOutput += " -   http://www.apache.org/licenses/LICENSE-2.0"
-    newOutput += " -"
-    newOutput += " - Unless required by applicable law or agreed to in writing, software"
-    newOutput += " - distributed under the License is distributed on an \"AS IS\" BASIS,"
-    newOutput += " - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied."
-    newOutput += " - See the License for the specific language governing permissions and"
-    newOutput += " - limitations under the License."
-    newOutput += " -->"
-    newOutput += ""
-    newOutput += "<!-- DO NOT MODIFY THIS FILE DIRECTLY, IT IS AUTO-GENERATED BY" +
-      " [org.apache.kyuubi.config.AllKyuubiConfiguration] -->"
-    newOutput += ""
-    newOutput += ""
-    newOutput += "# Introduction to the Kyuubi Configurations System"
-    newOutput += ""
-    newOutput += "Kyuubi provides several ways to configure the system and corresponding engines."
-    newOutput += ""
-    newOutput += ""
-    newOutput += "## Environments"
-    newOutput += ""
-    newOutput += ""
-    newOutput += "You can configure the environment variables in" +
-      " `$KYUUBI_HOME/conf/kyuubi-env.sh`, e.g, `JAVA_HOME`, then this java runtime will be used" +
-      " both for Kyuubi server instance and the applications it launches. You can also change" +
-      " the variable in the subprocess's env configuration file, e.g." +
-      "`$SPARK_HOME/conf/spark-env.sh` to use more specific ENV for SQL engine applications."
-
-    rewriteToConf(Paths.get(kyuubiHome, "conf", "kyuubi-env.sh.template"), newOutput)
-
-    newOutput += ""
-    newOutput += "For the environment variables that only needed to be transferred into engine" +
-      " side, you can set it with a Kyuubi configuration item formatted" +
-      " `kyuubi.engineEnv.VAR_NAME`. For example, with `kyuubi.engineEnv.SPARK_DRIVER_MEMORY=4g`," +
-      " the environment variable `SPARK_DRIVER_MEMORY` with value `4g` would be transferred into" +
-      " engine side. With `kyuubi.engineEnv.SPARK_CONF_DIR=/apache/confs/spark/conf`, the" +
-      " value of `SPARK_CONF_DIR` on the engine side is set to `/apache/confs/spark/conf`."
-
-    newOutput += ""
-    newOutput += "## Kyuubi Configurations"
-    newOutput += ""
-
-    newOutput += "You can configure the Kyuubi properties in" +
-      " `$KYUUBI_HOME/conf/kyuubi-defaults.conf`. For example:"
-
-    rewriteToConf(Paths.get(kyuubiHome, "conf", "kyuubi-defaults.conf.template"), newOutput)
+    loadConfigs
+
+    val builder = MarkdownBuilder(licenced = true, getClass.getName)
+
+    builder
+      .lines(s"""
+         |# Introduction to the Kyuubi Configurations System
+         |
+         |Kyuubi provides several ways to configure the system and corresponding engines.
+         |
+         |## Environments
+         |
+         |""")
+      .line("""You can configure the environment variables in `$KYUUBI_HOME/conf/kyuubi-env.sh`,
+         | e.g, `JAVA_HOME`, then this java runtime will be used both for Kyuubi server instance and
+         | the applications it launches. You can also change the variable in the subprocess's env
+         | configuration file, e.g.`$SPARK_HOME/conf/spark-env.sh` to use more specific ENV for
+         | SQL engine applications.
+         | """)
+      .fileWithBlock(Paths.get(kyuubiHome, "conf", "kyuubi-env.sh.template"))
+      .line(
+        """
+        | For the environment variables that only needed to be transferred into engine
+        | side, you can set it with a Kyuubi configuration item formatted
+        | `kyuubi.engineEnv.VAR_NAME`. For example, with `kyuubi.engineEnv.SPARK_DRIVER_MEMORY=4g`,
+        | the environment variable `SPARK_DRIVER_MEMORY` with value `4g` would be transferred into
+        | engine side. With `kyuubi.engineEnv.SPARK_CONF_DIR=/apache/confs/spark/conf`, the
+        | value of `SPARK_CONF_DIR` on the engine side is set to `/apache/confs/spark/conf`.
+        | """)
+      .line("## Kyuubi Configurations")
+      .line(""" You can configure the Kyuubi properties in
+         | `$KYUUBI_HOME/conf/kyuubi-defaults.conf`. For example: """)
+      .fileWithBlock(Paths.get(kyuubiHome, "conf", "kyuubi-defaults.conf.template"))
 
     KyuubiConf.getConfigEntries().asScala
-      .toSeq
+      .toStream
       .filterNot(_.internal)
       .groupBy(_.key.split("\\.")(1))
       .toSeq.sortBy(_._1).foreach { case (category, entries) =>
-        newOutput += ""
-        newOutput += s"### ${category.capitalize}"
-        newOutput += ""
-
-        newOutput += "Key | Default | Meaning | Type | Since"
-        newOutput += "--- | --- | --- | --- | ---"
+        builder.lines(
+          s"""### ${category.capitalize}
+             | Key | Default | Meaning | Type | Since
+             | --- | --- | --- | --- | ---
+             |""")
 
         entries.sortBy(_.key).foreach { c =>
           val dft = c.defaultValStr.replace("<", "&lt;").replace(">", "&gt;")
-          val seq = Seq(
+          builder.line(Seq(
             s"${c.key}",
             s"$dft",
             s"${c.doc}",
             s"${c.typ}",
-            s"${c.version}")
-          newOutput += seq.mkString("|")
+            s"${c.version}").mkString("|"))
         }
-        newOutput += ""
       }
 
-    newOutput += ("## Spark Configurations")
-    newOutput += ""
-
-    newOutput += ("### Via spark-defaults.conf")
-    newOutput += ""
-
-    newOutput += ("Setting them in `$SPARK_HOME/conf/spark-defaults.conf`" +
-      " supplies with default values for SQL engine application. Available properties can be" +
-      " found at Spark official online documentation for" +
-      " [Spark Configurations](https://spark.apache.org/docs/latest/configuration.html)")
-
-    newOutput += ""
-    newOutput += ("### Via kyuubi-defaults.conf")
-    newOutput += ""
-    newOutput += ("Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`" +
-      " supplies with default values for SQL engine application too. These properties will" +
-      " override all settings in `$SPARK_HOME/conf/spark-defaults.conf`")
-
-    newOutput += ""
-    newOutput += ("### Via JDBC Connection URL")
-    newOutput += ""
-    newOutput += ("Setting them in the JDBC Connection URL" +
-      " supplies session-specific for each SQL engine. For example: " +
-      "```" +
-      "jdbc:hive2://localhost:10009/default;#" +
-      "spark.sql.shuffle.partitions=2;spark.executor.memory=5g" +
-      "```")
-    newOutput += ""
-    newOutput += ("- **Runtime SQL Configuration**")
-    newOutput += ""
-    newOutput += ("  - For [Runtime SQL Configurations](" +
-      "https://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they" +
-      " will take affect every time")
-    newOutput += ("- **Static SQL and Spark Core Configuration**")
-    newOutput += ""
-    newOutput += ("  - For [Static SQL Configurations](" +
-      "https://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and" +
-      " other spark core configs, e.g. `spark.executor.memory`, they will take effect if there" +
-      " is no existing SQL engine application. Otherwise, they will just be ignored")
-    newOutput += ""
-    newOutput += ("### Via SET Syntax")
-    newOutput += ""
-    newOutput += ("Please refer to the Spark official online documentation for" +
-      " [SET Command](https://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)")
-    newOutput += ""
-
-    newOutput += ("## Flink Configurations")
-    newOutput += ""
-
-    newOutput += ("### Via flink-conf.yaml")
-    newOutput += ""
-    newOutput += ("Setting them in `$FLINK_HOME/conf/flink-conf.yaml`" +
-      " supplies with default values for SQL engine application." +
-      " Available properties can be found at Flink official online documentation for" +
-      " [Flink Configurations]" +
-      "(https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/)")
-    newOutput += ""
-
-    newOutput += ("### Via kyuubi-defaults.conf")
-    newOutput += ""
-    newOutput += ("Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`" +
-      " supplies with default values for SQL engine application too." +
-      " You can use properties with the additional prefix `flink.` to override settings in" +
-      " `$FLINK_HOME/conf/flink-conf.yaml`.")
-    newOutput += ""
-    newOutput += ("For example:")
-    newOutput += ("```")
-    newOutput += ("flink.parallelism.default 2")
-    newOutput += ("flink.taskmanager.memory.process.size 5g")
-    newOutput += ("```")
-    newOutput += ""
-    newOutput += ("The below options in `kyuubi-defaults.conf` will set `parallelism.default: 2`" +
-      " and `taskmanager.memory.process.size: 5g` into flink configurations.")
-    newOutput += ""
-
-    newOutput += ("### Via JDBC Connection URL")
-    newOutput += ""
-    newOutput += "Setting them in the JDBC Connection URL supplies session-specific" +
-      " for each SQL engine. For example: ```jdbc:hive2://localhost:10009/default;" +
-      "#parallelism.default=2;taskmanager.memory.process.size=5g```"
-    newOutput += ""
-
-    newOutput += ("### Via SET Statements")
-    newOutput += ""
-    newOutput += ("Please refer to the Flink official online documentation for [SET Statements]" +
-      "(https://nightlies.apache.org/flink/flink-docs-stable/docs/dev/table/sql/set/)")
-    newOutput += ""
-
-    newOutput += ("## Logging")
-    newOutput += ""
-    newOutput += ("Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging." +
-      " You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`.")
-
-    rewriteToConf(Paths.get(kyuubiHome, "conf", "log4j2.xml.template"), newOutput)
-
-    newOutput += ""
-    newOutput += ("## Other Configurations")
-    newOutput += ""
-    newOutput += ("### Hadoop Configurations")
-    newOutput += ""
-    newOutput += ("Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration" +
-      " files or treating them as Spark properties with a `spark.hadoop.` prefix." +
-      " Please refer to the Spark official online documentation for" +
-      " [Inheriting Hadoop Cluster Configuration](https://spark.apache.org/docs/latest/" +
-      "configuration.html#inheriting-hadoop-cluster-configuration)." +
-      " Also, please refer to the [Apache Hadoop](https://hadoop.apache.org)'s" +
-      " online documentation for an overview on how to configure Hadoop.")
-    newOutput += ""
-    newOutput += ("### Hive Configurations")
-    newOutput += ""
-    newOutput += ("These configurations are used for SQL engine application to talk to" +
-      " Hive MetaStore and could be configured in a `hive-site.xml`." +
-      " Placed it in `$SPARK_HOME/conf` directory, or treat them as Spark properties with" +
-      " a `spark.hadoop.` prefix.")
-
-    newOutput += ""
-    newOutput += ("## User Defaults")
-    newOutput += ""
-    newOutput += ("In Kyuubi, we can configure user default settings to meet separate needs." +
-      " These user defaults override system defaults, but will be overridden by those from" +
-      " [JDBC Connection URL](#via-jdbc-connection-url) or [Set Command](#via-set-syntax)" +
-      " if could be. They will take effect when creating the SQL engine application ONLY.")
-    newOutput += ("User default settings are in the form of `___{username}___.{config key}`." +
-      " There are three continuous underscores(`_`) at both sides of the `username` and" +
-      " a dot(`.`) that separates the config key and the prefix. For example:")
-    newOutput += ("```bash")
-    newOutput += ("# For system defaults")
-    newOutput += ("spark.master=local")
-    newOutput += ("spark.sql.adaptive.enabled=true")
-    newOutput += ("# For a user named kent")
-    newOutput += ("___kent___.spark.master=yarn")
-    newOutput += ("___kent___.spark.sql.adaptive.enabled=false")
-    newOutput += ("# For a user named bob")
-    newOutput += ("___bob___.spark.master=spark://master:7077")
-    newOutput += ("___bob___.spark.executor.memory=8g")
-    newOutput += ("```")
-    newOutput += ""
-    newOutput += "In the above case, if there are related configurations from" +
-      " [JDBC Connection URL](#via-jdbc-connection-url), `kent` will run his SQL engine" +
-      " application on YARN and prefer the Spark AQE to be off, while `bob` will activate" +
-      " his SQL engine application on a Spark standalone cluster with 8g heap memory for each" +
-      " executor and obey the Spark AQE behavior of Kyuubi system default. On the other hand," +
-      " for those users who do not have custom configurations will use system defaults."
-
-    TestUtils.verifyOutput(markdown, newOutput, getClass.getCanonicalName, "kyuubi-server")
+    builder
+      .lines("""
+        |## Spark Configurations
+        |### Via spark-defaults.conf
+        |""")
+      .line("""
+        | Setting them in `$SPARK_HOME/conf/spark-defaults.conf`
+        | supplies with default values for SQL engine application. Available properties can be
+        | found at Spark official online documentation for
+        | [Spark Configurations](https://spark.apache.org/docs/latest/configuration.html)
+        | """)
+      .line("### Via kyuubi-defaults.conf")
+      .line("""
+        | Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
+        | supplies with default values for SQL engine application too. These properties will
+        | override all settings in `$SPARK_HOME/conf/spark-defaults.conf`""")
+      .line("### Via JDBC Connection URL")
+      .line("""
+        | Setting them in the JDBC Connection URL
+        | supplies session-specific for each SQL engine. For example:
+        | ```
+        |jdbc:hive2://localhost:10009/default;#
+        |spark.sql.shuffle.partitions=2;spark.executor.memory=5g
+        |```""")
+      .line()
+      .line("- **Runtime SQL Configuration**")
+      .line("""  - For [Runtime SQL Configurations](
+        |https://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they
+        | will take affect every time""")
+      .line("- **Static SQL and Spark Core Configuration**")
+      .line("""  - For [Static SQL Configurations](
+        |https://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and
+        | other spark core configs, e.g. `spark.executor.memory`, they will take effect if there
+        | is no existing SQL engine application. Otherwise, they will just be ignored""")
+      .line("### Via SET Syntax")
+      .line("""Please refer to the Spark official online documentation for
+        | [SET Command](https://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)
+        |""")
+
+    builder
+      .lines("""
+        |## Flink Configurations
+        |### Via flink-conf.yaml""")
+      .line("""Setting them in `$FLINK_HOME/conf/flink-conf.yaml`
+        | supplies with default values for SQL engine application.
+        | Available properties can be found at Flink official online documentation for
+        | [Flink Configurations]
+        |(https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/)""")
+      .line("### Via kyuubi-defaults.conf")
+      .line("""Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
+        | supplies with default values for SQL engine application too.
+        | You can use properties with the additional prefix `flink.` to override settings in
+        | `$FLINK_HOME/conf/flink-conf.yaml`.""")
+      .lines("""
+        |
+        |For example:
+        |```
+        |flink.parallelism.default 2
+        |flink.taskmanager.memory.process.size 5g
+        |```""")
+      .line("""The below options in `kyuubi-defaults.conf` will set `parallelism.default: 2`
+        | and `taskmanager.memory.process.size: 5g` into flink configurations.""")
+      .line("### Via JDBC Connection URL")
+      .line("""Setting them in the JDBC Connection URL supplies session-specific
+        | for each SQL engine. For example: ```jdbc:hive2://localhost:10009/default;
+        |#parallelism.default=2;taskmanager.memory.process.size=5g```
+        |""")
+      .line("### Via SET Statements")
+      .line("""Please refer to the Flink official online documentation for [SET Statements]
+        |(https://nightlies.apache.org/flink/flink-docs-stable/docs/dev/table/sql/set/)""")
+
+    builder
+      .line("## Logging")
+      .line("""Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging.
+        | You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`.""")
+      .fileWithBlock(Paths.get(kyuubiHome, "conf", "log4j2.xml.template"))
+
+    builder
+      .lines("""
+        |## Other Configurations
+        |### Hadoop Configurations
+        |""")
+      .line("""Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration
+        | files or treating them as Spark properties with a `spark.hadoop.` prefix.
+        | Please refer to the Spark official online documentation for
+        | [Inheriting Hadoop Cluster Configuration](https://spark.apache.org/docs/latest/
+        |configuration.html#inheriting-hadoop-cluster-configuration).
+        | Also, please refer to the [Apache Hadoop](https://hadoop.apache.org)'s
+        | online documentation for an overview on how to configure Hadoop.""")
+      .line("### Hive Configurations")
+      .line("""These configurations are used for SQL engine application to talk to
+        | Hive MetaStore and could be configured in a `hive-site.xml`.
+        | Placed it in `$SPARK_HOME/conf` directory, or treat them as Spark properties with
+        | a `spark.hadoop.` prefix.""")
+
+    builder
+      .line("## User Defaults")
+      .line("""In Kyuubi, we can configure user default settings to meet separate needs.
+        | These user defaults override system defaults, but will be overridden by those from
+        | [JDBC Connection URL](#via-jdbc-connection-url) or [Set Command](#via-set-syntax)
+        | if could be. They will take effect when creating the SQL engine application ONLY.""")
+      .line("""User default settings are in the form of `___{username}___.{config key}`.
+        | There are three continuous underscores(`_`) at both sides of the `username` and
+        | a dot(`.`) that separates the config key and the prefix. For example:""")
+      .lines("""
+        |```bash
+        |# For system defaults
+        |spark.master=local
+        |spark.sql.adaptive.enabled=true
+        |# For a user named kent
+        |___kent___.spark.master=yarn
+        |___kent___.spark.sql.adaptive.enabled=false
+        |# For a user named bob
+        |___bob___.spark.master=spark://master:7077
+        |___bob___.spark.executor.memory=8g
+        |```
+        |
+        |""")
+      .line("""In the above case, if there are related configurations from
+        | [JDBC Connection URL](#via-jdbc-connection-url), `kent` will run his SQL engine
+        | application on YARN and prefer the Spark AQE to be off, while `bob` will activate
+        | his SQL engine application on a Spark standalone cluster with 8g heap memory for each
+        | executor and obey the Spark AQE behavior of Kyuubi system default. On the other hand,
+        | for those users who do not have custom configurations will use system defaults.""")
+
+    MarkdownUtils.verifyOutput(markdown, builder, getClass.getCanonicalName, "kyuubi-server")
   }
 }

From 534fc9f20f864069b76f40c3e5b0e183bee8dd62 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 6 Feb 2023 15:49:56 +0800
Subject: [PATCH 013/760] [KYUUBI #4209] [Authz] Set logging level to DEBUG in
 PrivilegesBuilder for multiple specs

### _Why are the changes needed?_

- change logging level from `warn` to `debug` in Authz
- to eliminate duplicated unuseful messages (as screenshot below) with multiple specs in extracting resources with lower Spark versions
![WechatIMG7517](https://user-images.githubusercontent.com/1935105/215329357-ad242cf4-9c98-44b0-978a-f37304a85ef0.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4209 from bowenliang123/authz-debug.

Closes #4209

f3b949bc [liangbowen] change logging level from `warn` to `debug` in multi extractor rule in Authz serde

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/plugin/spark/authz/PrivilegesBuilder.scala       | 6 +++---
 .../kyuubi/plugin/spark/authz/serde/CommandSpec.scala       | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index cee79b87d..51f5694e1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -144,7 +144,7 @@ object PrivilegesBuilder {
         }
       } catch {
         case e: Exception =>
-          LOG.warn(tableDesc.error(plan, e))
+          LOG.debug(tableDesc.error(plan, e))
           Nil
       }
     }
@@ -162,7 +162,7 @@ object PrivilegesBuilder {
             }
           } catch {
             case e: Exception =>
-              LOG.warn(databaseDesc.error(plan, e))
+              LOG.debug(databaseDesc.error(plan, e))
           }
         }
         desc.operationType
@@ -193,7 +193,7 @@ object PrivilegesBuilder {
             }
           } catch {
             case e: Exception =>
-              LOG.warn(fd.error(plan, e))
+              LOG.debug(fd.error(plan, e))
           }
         }
         spec.operationType
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
index d72d78932..e96ef8cbf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
@@ -85,7 +85,7 @@ case class TableCommandSpec(
         qd.extract(plan)
       } catch {
         case e: Exception =>
-          LOG.warn(qd.error(plan, e))
+          LOG.debug(qd.error(plan, e))
           None
       }
     }
@@ -102,7 +102,7 @@ case class ScanSpec(
         td.extract(plan, spark)
       } catch {
         case e: Exception =>
-          LOG.warn(td.error(plan, e))
+          LOG.debug(td.error(plan, e))
           None
       }
     }

From 82a1883561b95f4d4edd65480c6d43e986148ef5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 6 Feb 2023 23:11:15 +0800
Subject: [PATCH 014/760] [KYUUBI #4258] Bump testcontainers-scala 0.40.12

### _Why are the changes needed?_

Keep deps update-to-date

https://mvnrepository.com/artifact/com.dimafeng/testcontainers-scala

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4258 from pan3793/testcontainers-scala.

Closes #4258

1352f013 [Cheng Pan] Bump testcontainers-scala 0.40.12

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8a86d8501..80d210c0c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -194,7 +194,7 @@
         <spark.archive.download.skip>false</spark.archive.download.skip>
         <swagger.version>2.2.1</swagger.version>
         <swagger-ui.version>4.9.1</swagger-ui.version>
-        <testcontainers-scala.version>0.40.7</testcontainers-scala.version>
+        <testcontainers-scala.version>0.40.12</testcontainers-scala.version>
         <thrift.version>0.9.3</thrift.version>
         <trino.client.version>363</trino.client.version>
         <trino.tpcds.version>1.4</trino.tpcds.version>

From f62a7ac5870de622c3b7c41713527a6dd9375e2d Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 7 Feb 2023 10:51:51 +0800
Subject: [PATCH 015/760] [KYUUBI #3968][FOLLOWUP] Get schema url with correct
 version ordering

### _Why are the changes needed?_

Get schema url with correct version ordering.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4254 from turboFei/version_order.

Closes #3968

57474e65c [fwang12] refactor
561a1cde9 [fwang12] refactor
0a3275aa7 [fwang12] save
64236740d [fwang12] save
a723a4023 [fwang12] save
c31564865 [fwang12] save
13b3d29e0 [fwang12] save
347081d77 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../metadata/jdbc/JDBCMetadataStore.scala     | 43 ++++++++++++-------
 .../jdbc/JDBCMetadataStoreSuite.scala         | 16 +++++++
 2 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 151d846d8..f6caa9c1a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -96,37 +96,49 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   private[jdbc] def getInitSchema(dbType: DatabaseType): Option[String] = {
     val classLoader = Utils.getContextOrKyuubiClassLoader
     val schemaPackage = s"sql/${dbType.toString.toLowerCase}"
-    val schemaUrlPattern = """^metadata-store-schema-(\d+)\.(\d+)\.(\d+)\.(.*)\.sql$""".r
-    val schemaUrls = ListBuffer[String]()
 
-    Option(classLoader.getResource(schemaPackage)).map(_.toURI).foreach { uri =>
+    Option(classLoader.getResource(schemaPackage)).map(_.toURI).flatMap { uri =>
       val pathNames = if (uri.getScheme == "jar") {
         val fs = FileSystems.newFileSystem(uri, Map.empty[String, AnyRef].asJava)
         try {
           Files.walk(fs.getPath(schemaPackage), 1).iterator().asScala.map(
             _.getFileName.toString).filter { name =>
-            schemaUrlPattern.findFirstMatchIn(name).isDefined
+            SCHEMA_URL_PATTERN.findFirstMatchIn(name).isDefined
           }.toArray
         } finally {
           fs.close()
         }
       } else {
         Paths.get(uri).toFile.listFiles((_, name) => {
-          schemaUrlPattern.findFirstMatchIn(name).isDefined
+          SCHEMA_URL_PATTERN.findFirstMatchIn(name).isDefined
         }).map(_.getName)
       }
-      pathNames.foreach(name => schemaUrls += s"$schemaPackage/$name")
-    }
-
-    schemaUrls.sorted.lastOption.map { schemaUrl =>
-      val inputStream = classLoader.getResourceAsStream(schemaUrl)
-      try {
-        new BufferedReader(new InputStreamReader(inputStream)).lines()
-          .collect(Collectors.joining("\n"))
-      } finally {
-        inputStream.close()
+      getLatestSchemaUrl(pathNames).map(name => s"$schemaPackage/$name").map { schemaUrl =>
+        val inputStream = classLoader.getResourceAsStream(schemaUrl)
+        try {
+          new BufferedReader(new InputStreamReader(inputStream)).lines()
+            .collect(Collectors.joining("\n"))
+        } finally {
+          inputStream.close()
+        }
       }
+    }.headOption
+  }
+
+  def getSchemaVersion(schemaUrl: String): (Int, Int, Int) =
+    SCHEMA_URL_PATTERN.findFirstMatchIn(schemaUrl) match {
+      case Some(m) => (m.group(1).toInt, m.group(2).toInt, m.group(3).toInt)
+      case _ => throw new KyuubiException(s"Invalid schema url: $schemaUrl")
     }
+
+  def getLatestSchemaUrl(schemaUrls: Seq[String]): Option[String] = {
+    schemaUrls.sortWith { (u1, u2) =>
+      val v1 = getSchemaVersion(u1)
+      val v2 = getSchemaVersion(u2)
+      v1._1 > v2._1 ||
+      (v1._1 == v2._1 && v1._2 > v2._2) ||
+      (v1._1 == v2._1 && v1._2 == v2._2 && v1._3 > v2._3)
+    }.headOption
   }
 
   override def close(): Unit = {
@@ -505,6 +517,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 }
 
 object JDBCMetadataStore {
+  private val SCHEMA_URL_PATTERN = """^metadata-store-schema-(\d+)\.(\d+)\.(\d+)\.(.*)\.sql$""".r
   private val METADATA_TABLE = "metadata"
   private val METADATA_STATE_ONLY_COLUMNS = Seq(
     "identifier",
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
index 73dc105c3..aa53af3a9 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
@@ -279,4 +279,20 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
       jdbcMetadataStore.updateMetadata(metadata)
     }
   }
+
+  test("get schema urls with correct version ordering") {
+    val url1 = "metadata-store-schema-1.7.0.mysql.sql"
+    val url2 = "metadata-store-schema-1.7.1.mysql.sql"
+    val url3 = "metadata-store-schema-1.8.0.mysql.sql"
+    val url4 = "metadata-store-schema-1.10.0.mysql.sql"
+    val url5 = "metadata-store-schema-2.1.0.mysql.sql"
+    assert(jdbcMetadataStore.getSchemaVersion(url1) === ((1, 7, 0)))
+    assert(jdbcMetadataStore.getSchemaVersion(url2) === ((1, 7, 1)))
+    assert(jdbcMetadataStore.getSchemaVersion(url3) === ((1, 8, 0)))
+    assert(jdbcMetadataStore.getSchemaVersion(url4) === ((1, 10, 0)))
+    assert(jdbcMetadataStore.getSchemaVersion(url5) === ((2, 1, 0)))
+    assert(jdbcMetadataStore.getLatestSchemaUrl(Seq(url1, url2, url3, url4)).get === url4)
+    assert(jdbcMetadataStore.getLatestSchemaUrl(Seq(url1, url3, url4, url2)).get === url4)
+    assert(jdbcMetadataStore.getLatestSchemaUrl(Seq(url1, url2, url3, url4, url5)).get === url5)
+  }
 }

From 1b92d80678d6a05ca8a4e9f3ddded6deaf0b3d9e Mon Sep 17 00:00:00 2001
From: yehere <867171931@qq.com>
Date: Tue, 7 Feb 2023 11:08:48 +0800
Subject: [PATCH 016/760] [KYUUBI #3934] Compatiable with Trino rest dto

### _Why are the changes needed?_

close #3934

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4182 from yehere/kyuubi-3934.

Closes #3934

ced64e2c [yehere] [KYUUBI #3934] Add more result types support
3ef85230 [yehere] [KYUUBI #3934] Optimization for code review
69e1f442 [yehere] [KYUUBI #3934] Merge the test class to TrinoContextSuite
4f0a0152 [yehere] [KYUUBI #3934] Merge the class to TrinoContext
7c9473f6 [yehere] [KYUUBI #3934] Format style, with Copyright  Profiles
2023f3ce [yehere] [KYUUBI #3934] Format and add test case
a2243b46 [yehere] [KYUUBI #3934] Compatiable with Trino rest dto

Authored-by: yehere <867171931@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../server/trino/api/TrinoContext.scala       | 235 ++++++++++++++++--
 .../server/trino/api/TrinoContextSuite.scala  |  94 ++++++-
 2 files changed, 310 insertions(+), 19 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
index 8f3131f61..4a0736ddb 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
@@ -18,34 +18,38 @@
 package org.apache.kyuubi.server.trino.api
 
 import java.io.UnsupportedEncodingException
-import java.net.{URLDecoder, URLEncoder}
+import java.net.{URI, URLDecoder, URLEncoder}
+import java.util
 import javax.ws.rs.core.{HttpHeaders, Response}
 
 import scala.collection.JavaConverters._
 
+import io.trino.client.{ClientStandardTypes, ClientTypeSignature, Column, QueryError, QueryResults, StatementStats, Warning}
 import io.trino.client.ProtocolHeaders.TRINO_HEADERS
-import io.trino.client.QueryResults
+import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet, TTypeId}
+
+import org.apache.kyuubi.operation.OperationStatus
 
 /**
  * The description and functionality of trino request
  * and response's context
  *
- * @param user Specifies the session user, must be supplied with every query
- * @param timeZone  The timezone for query processing
+ * @param user               Specifies the session user, must be supplied with every query
+ * @param timeZone           The timezone for query processing
  * @param clientCapabilities Exclusive for trino server
- * @param source This supplies the name of the software that submitted the query,
- *               e.g. `trino-jdbc` or `trino-cli` by default
- * @param catalog The catalog context for query processing, will be set response
- * @param schema The schema context for query processing
- * @param language The language to use when processing the query and formatting results,
- *               formatted as a Java Locale string, e.g., en-US for US English
- * @param traceToken Trace token for correlating requests across systems
- * @param clientInfo Extra information about the client
- * @param clientTags Client tags for selecting resource groups. Example: abc,xyz
- * @param preparedStatement `preparedStatement` are kv pairs, where the names
- *                          are names of previously prepared SQL statements,
- *                          and the values are keys that identify the
- *                          executable form of the named prepared statements
+ * @param source             This supplies the name of the software that submitted the query,
+ *                           e.g. `trino-jdbc` or `trino-cli` by default
+ * @param catalog            The catalog context for query processing, will be set response
+ * @param schema             The schema context for query processing
+ * @param language           The language to use when processing the query and formatting results,
+ *                           formatted as a Java Locale string, e.g., en-US for US English
+ * @param traceToken         Trace token for correlating requests across systems
+ * @param clientInfo         Extra information about the client
+ * @param clientTags         Client tags for selecting resource groups. Example: abc,xyz
+ * @param preparedStatement  `preparedStatement` are kv pairs, where the names
+ *                           are names of previously prepared SQL statements,
+ *                           and the values are keys that identify the
+ *                           executable form of the named prepared statements
  */
 case class TrinoContext(
     user: String,
@@ -63,6 +67,11 @@ case class TrinoContext(
 
 object TrinoContext {
 
+  private val defaultWarning: util.List[Warning] = new util.ArrayList[Warning]()
+  private val GENERIC_INTERNAL_ERROR_CODE = 65536
+  private val GENERIC_INTERNAL_ERROR_NAME = "GENERIC_INTERNAL_ERROR_NAME"
+  private val GENERIC_INTERNAL_ERROR_TYPE = "INTERNAL_ERROR"
+
   def apply(headers: HttpHeaders): TrinoContext = {
     apply(headers.getRequestHeaders.asScala.toMap.map {
       case (k, v) => (k, v.asScala.toList)
@@ -166,4 +175,196 @@ object TrinoContext {
         throw new AssertionError(e)
     }
 
+  def createQueryResults(
+      queryId: String,
+      nextUri: URI,
+      queryHtmlUri: URI,
+      queryStatus: OperationStatus,
+      columns: Option[TGetResultSetMetadataResp] = None,
+      data: Option[TRowSet] = None): QueryResults = {
+
+    val columnList = columns match {
+      case Some(value) => convertTColumn(value)
+      case None => null
+    }
+    val rowList = data match {
+      case Some(value) => convertTRowSet(value)
+      case None => null
+    }
+
+    new QueryResults(
+      queryId,
+      queryHtmlUri,
+      nextUri,
+      nextUri,
+      columnList,
+      rowList,
+      StatementStats.builder.setState(queryStatus.state.name()).setQueued(false)
+        .setElapsedTimeMillis(0).setQueuedTimeMillis(0).build(),
+      toQueryError(queryStatus),
+      defaultWarning,
+      null,
+      0L)
+  }
+
+  def convertTColumn(columns: TGetResultSetMetadataResp): util.List[Column] = {
+    columns.getSchema.getColumns.asScala.map(c => {
+      val tp = c.getTypeDesc.getTypes.get(0).getPrimitiveEntry.getType match {
+        case TTypeId.BOOLEAN_TYPE => ClientStandardTypes.BOOLEAN
+        case TTypeId.TINYINT_TYPE => ClientStandardTypes.TINYINT
+        case TTypeId.SMALLINT_TYPE => ClientStandardTypes.SMALLINT
+        case TTypeId.INT_TYPE => ClientStandardTypes.INTEGER
+        case TTypeId.BIGINT_TYPE => ClientStandardTypes.BIGINT
+        case TTypeId.FLOAT_TYPE => ClientStandardTypes.DOUBLE
+        case TTypeId.DOUBLE_TYPE => ClientStandardTypes.DOUBLE
+        case TTypeId.STRING_TYPE => ClientStandardTypes.VARCHAR
+        case TTypeId.TIMESTAMP_TYPE => ClientStandardTypes.TIMESTAMP
+        case TTypeId.BINARY_TYPE => ClientStandardTypes.VARBINARY
+        case TTypeId.DECIMAL_TYPE => ClientStandardTypes.DECIMAL
+        case TTypeId.DATE_TYPE => ClientStandardTypes.DATE
+        case TTypeId.VARCHAR_TYPE => ClientStandardTypes.VARCHAR
+        case TTypeId.CHAR_TYPE => ClientStandardTypes.CHAR
+        case TTypeId.INTERVAL_YEAR_MONTH_TYPE => ClientStandardTypes.INTERVAL_YEAR_TO_MONTH
+        case TTypeId.INTERVAL_DAY_TIME_TYPE => ClientStandardTypes.TIME_WITH_TIME_ZONE
+        case TTypeId.TIMESTAMPLOCALTZ_TYPE => ClientStandardTypes.TIMESTAMP_WITH_TIME_ZONE
+        case _ => ClientStandardTypes.VARCHAR
+      }
+      new Column(c.getColumnName, tp, new ClientTypeSignature(tp))
+    }).toList.asJava
+  }
+
+  def convertTRowSet(rowSet: TRowSet): util.List[util.List[Object]] = {
+    val dataResult = new util.LinkedList[util.List[Object]]
+
+    if (rowSet.getColumns == null) {
+      return rowSet.getRows.asScala
+        .map(t => t.getColVals.asScala.map(v => v.getFieldValue.asInstanceOf[Object]).asJava)
+        .asJava
+    }
+
+    rowSet.getColumns.asScala.foreach {
+      case tColumn if tColumn.isSetBoolVal =>
+        val nulls = util.BitSet.valueOf(tColumn.getBoolVal.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getBoolVal.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getBoolVal.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn if tColumn.isSetByteVal =>
+        val nulls = util.BitSet.valueOf(tColumn.getByteVal.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getByteVal.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getByteVal.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn if tColumn.isSetI16Val =>
+        val nulls = util.BitSet.valueOf(tColumn.getI16Val.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getI16Val.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getI16Val.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn if tColumn.isSetI32Val =>
+        val nulls = util.BitSet.valueOf(tColumn.getI32Val.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getI32Val.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getI32Val.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn if tColumn.isSetI64Val =>
+        val nulls = util.BitSet.valueOf(tColumn.getI64Val.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getI64Val.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getI64Val.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn if tColumn.isSetDoubleVal =>
+        val nulls = util.BitSet.valueOf(tColumn.getDoubleVal.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getDoubleVal.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getDoubleVal.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn if tColumn.isSetBinaryVal =>
+        val nulls = util.BitSet.valueOf(tColumn.getBinaryVal.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getBinaryVal.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getBinaryVal.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+      case tColumn =>
+        val nulls = util.BitSet.valueOf(tColumn.getStringVal.getNulls)
+        if (dataResult.isEmpty) {
+          (1 to tColumn.getStringVal.getValuesSize).foreach(_ =>
+            dataResult.add(new util.LinkedList[Object]()))
+        }
+
+        tColumn.getStringVal.getValues.asScala.zipWithIndex.foreach {
+          case (_, rowIdx) if nulls.get(rowIdx) =>
+            dataResult.get(rowIdx).add(null)
+          case (v, rowIdx) =>
+            dataResult.get(rowIdx).add(v)
+        }
+    }
+    dataResult
+  }
+
+  def toQueryError(queryStatus: OperationStatus): QueryError = {
+    val exception = queryStatus.exception
+    if (exception.isEmpty) {
+      null
+    } else {
+      new QueryError(
+        exception.get.getMessage,
+        queryStatus.state.name(),
+        GENERIC_INTERNAL_ERROR_CODE,
+        GENERIC_INTERNAL_ERROR_NAME,
+        GENERIC_INTERNAL_ERROR_TYPE,
+        null,
+        null)
+    }
+  }
+
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
index 67a502288..8d7b2bf2c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
@@ -17,13 +17,24 @@
 
 package org.apache.kyuubi.server.trino.api
 
+import java.net.URI
 import java.time.ZoneId
+import javax.ws.rs.core.MediaType
+
+import scala.collection.JavaConverters._
 
 import io.trino.client.ProtocolHeaders.TRINO_HEADERS
+import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V9
+import org.scalatest.concurrent.PatienceConfiguration.Timeout
+import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
+
+import org.apache.kyuubi.{KyuubiFunSuite, RestFrontendTestHelper}
+import org.apache.kyuubi.events.KyuubiOperationEvent
+import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
+import org.apache.kyuubi.operation.OperationState.{FINISHED, OperationState}
 
-import org.apache.kyuubi.KyuubiFunSuite
+class TrinoContextSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
-class TrinoContextSuite extends KyuubiFunSuite {
   import TrinoContext._
 
   test("create trino request context with header") {
@@ -67,4 +78,83 @@ class TrinoContextSuite extends KyuubiFunSuite {
     assert(actual == expectedTrinoContext)
   }
 
+  test("test convert") {
+    val opHandle = getOpHandle("select 1")
+    val opHandleStr = opHandle.identifier.toString
+    checkOpState(opHandleStr, FINISHED)
+
+    val metadataResp = fe.be.getResultSetMetadata(opHandle)
+    val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false)
+    val status = fe.be.getOperationStatus(opHandle)
+
+    val uri = new URI("sfdsfsdfdsf")
+    val results = TrinoContext
+      .createQueryResults("/xdfd/xdf", uri, uri, status, Option(metadataResp), Option(tRowSet))
+
+    print(results.toString)
+    assert(results.getColumns.get(0).getType.equals("integer"))
+    assert(results.getData.asScala.last.get(0) == 1)
+  }
+
+  test("test convert from table") {
+    initSql("CREATE DATABASE IF NOT EXISTS INIT_DB")
+    initSql(
+      "CREATE TABLE IF NOT EXISTS INIT_DB.test(a int, b double, c String," +
+        "d BOOLEAN,e DATE,f TIMESTAMP,g ARRAY<String>,h DECIMAL," +
+        "i MAP<String,String>) USING PARQUET;")
+    initSql(
+      "INSERT INTO INIT_DB.test VALUES (1,2.2,'3',true,current_date()," +
+        "current_timestamp(),array('1','2'),2.0, map('m','p') )")
+
+    val opHandle = getOpHandle("SELECT * FROM INIT_DB.test")
+    val opHandleStr = opHandle.identifier.toString
+    checkOpState(opHandleStr, FINISHED)
+
+    val metadataResp = fe.be.getResultSetMetadata(opHandle)
+    val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false)
+    val status = fe.be.getOperationStatus(opHandle)
+
+    val uri = new URI("sfdsfsdfdsf")
+    val results = TrinoContext
+      .createQueryResults("/xdfd/xdf", uri, uri, status, Option(metadataResp), Option(tRowSet))
+
+    print(results.toString)
+    assert(results.getColumns.get(0).getType.equals("integer"))
+    assert(results.getData.asScala.last.get(0) != null)
+  }
+
+  def getOpHandleStr(statement: String = "show tables"): String = {
+    getOpHandle(statement).identifier.toString
+  }
+
+  def getOpHandle(statement: String = "show tables"): OperationHandle = {
+    val sessionHandle = fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V9,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    if (statement.nonEmpty) {
+      fe.be.executeStatement(sessionHandle, statement, Map.empty, runAsync = false, 30000)
+    } else {
+      fe.be.getCatalogs(sessionHandle)
+    }
+  }
+
+  private def checkOpState(opHandleStr: String, state: OperationState): Unit = {
+    eventually(Timeout(30.seconds)) {
+      val response = webTarget.path(s"api/v1/operations/$opHandleStr/event")
+        .request(MediaType.APPLICATION_JSON_TYPE).get()
+      assert(response.getStatus === 200)
+      val operationEvent = response.readEntity(classOf[KyuubiOperationEvent])
+      assert(operationEvent.state === state.name())
+    }
+  }
+
+  private def initSql(sql: String): Unit = {
+    val initOpHandle = getOpHandle(sql)
+    val initOpHandleStr = initOpHandle.identifier.toString
+    checkOpState(initOpHandleStr, FINISHED)
+  }
 }

From 301185c65024cf428487ab5cbae8caefae90db8e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 7 Feb 2023 12:27:45 +0800
Subject: [PATCH 017/760] [KYUUBI #4256] [DOCS] Add PYTHON option to
 `kyuubi.operation.language` config

### _Why are the changes needed?_

- as pyspark is supported in #3780, exposing PYTHON option for `kyuubi.operation.language` as an experimental feature

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4256 from bowenliang123/doc-language-python.

Closes #4256

d10c0281 [liangbowen] update description
d05cedda [liangbowen] add PYTHON option in kyuubi.operation.language

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/deployment/settings.md                               | 2 +-
 .../main/scala/org/apache/kyuubi/config/KyuubiConf.scala  | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 9cd8a681d..7391f4241 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -433,7 +433,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 |-----------------------------------------|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
 | kyuubi.operation.idle.timeout           | PT3H                                                                            | Operation will be closed when it's not accessed for this duration of time                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.0.0 |
 | kyuubi.operation.interrupt.on.cancel    | true                                                                            | When true, all running tasks will be interrupted if one cancels a query. When false, all running tasks will remain until finished.                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.2.0 |
-| kyuubi.operation.language               | SQL                                                                             | Choose a programing language for the following inputs <ul><li>SQL: (Default) Run all following statements as SQL queries.</li> <li>SCALA: Run all following input a scala codes</li></ul>                                                                                                                                                                                                                                                                                                                | string   | 1.5.0 |
+| kyuubi.operation.language               | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
 | kyuubi.operation.log.dir.root           | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
 | kyuubi.operation.plan.only.excludes     | ResetCommand,SetCommand,SetNamespaceCommand,UseStatement,SetCatalogAndNamespace | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | seq      | 1.5.0 |
 | kyuubi.operation.plan.only.mode         | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index e4c48218a..75f7efedc 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2160,8 +2160,12 @@ object KyuubiConf {
   val OPERATION_LANGUAGE: ConfigEntry[String] =
     buildConf("kyuubi.operation.language")
       .doc("Choose a programing language for the following inputs" +
-        " <ul><li>SQL: (Default) Run all following statements as SQL queries.</li>" +
-        " <li>SCALA: Run all following input a scala codes</li></ul>")
+        "<ul>" +
+        "<li>SQL: (Default) Run all following statements as SQL queries.</li>" +
+        "<li>SCALA: Run all following input as scala codes</li>" +
+        "<li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine" +
+        "</li>" +
+        "</ul>")
       .version("1.5.0")
       .stringConf
       .transform(_.toUpperCase(Locale.ROOT))

From 95318d578289249e1380140ec9b19c46c2543235 Mon Sep 17 00:00:00 2001
From: edddddy <rmrfall@qq.com>
Date: Tue, 7 Feb 2023 19:04:10 +0800
Subject: [PATCH 018/760] [KYUUBI #4247] `build/mvn` should use the exact
 version defined in `pom.xml`

### _Why are the changes needed?_

As mentioned in #4247, it seems to be better that using the same maven version with master. Thus, modify the version check logic in `build/mvn` from equal or greater to equal.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4261 from edddddy/mvn_ver_cp.

Closes #4247

11f19eca1 [1456173400] change the if condition to equal

Lead-authored-by: edddddy <rmrfall@qq.com>
Co-authored-by: 1456173400 <1456173400@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/mvn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/mvn b/build/mvn
index d67638ba2..de697f410 100755
--- a/build/mvn
+++ b/build/mvn
@@ -76,7 +76,7 @@ install_mvn() {
   fi
   # See simple version normalization: http://stackoverflow.com/questions/16989598/bash-comparing-version-numbers
   function version { echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }'; }
-  if [ $(version $MVN_DETECTED_VERSION) -lt $(version $MVN_VERSION) ]; then
+  if [ $(version $MVN_DETECTED_VERSION) -eq $(version $MVN_VERSION) ]; then
     local APACHE_MIRROR=${APACHE_MIRROR:-'https://archive.apache.org/dist/'}
 
     install_app \

From 31077b5763536a8b39089f2c5a54049f9209a94c Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 8 Feb 2023 00:26:53 +0800
Subject: [PATCH 019/760] [KYUUBI #4265] Bump maven-surefire-plugin to 3.0.0-M8

### _Why are the changes needed?_

- bump maven-surefire-plugin 3.0.0-M7 (released in June 2022) to 3.0.0-M8 (release in Jan 2023), release notes: https://blogs.apache.org/maven/entry/apache-maven-surefire-failsafe-plugin1

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4265 from bowenliang123/surefire-3.0.0-M8.

Closes #4265

60f9b2da [liangbowen] bump maven-surefire-plugin to 3.0.0-M8

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 80d210c0c..66853ac0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -214,7 +214,7 @@
         <maven.plugin.download.version>1.6.6</maven.plugin.download.version>
         <maven.plugin.enforcer.mojo.rules.version>1.6.1</maven.plugin.enforcer.mojo.rules.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
-        <maven.plugin.surefire.version>3.0.0-M7</maven.plugin.surefire.version>
+        <maven.plugin.surefire.version>3.0.0-M8</maven.plugin.surefire.version>
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
         <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>

From 0eff3cec535464f08cf6162971b4a80a48536132 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 8 Feb 2023 22:56:43 +0800
Subject: [PATCH 020/760] [KYUUBI #4270] Register shutdown hook for plugin
 cleanup

### _Why are the changes needed?_

to fix #4270.
- Register shutdown hook for plugin cleanup

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4272 from bowenliang123/authz-shutdown-hook.

Closes #4270

3f376f43 [liangbowen] add log
6a2018f6 [liangbowen] nit
8b7ed86c [liangbowen] register plugin's cleanup shutdownHook

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../authz/ranger/RangerSparkExtension.scala   |  2 +-
 .../authz/ranger/SparkRangerAdminPlugin.scala | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
index f4dcb3f9f..5708dfeaf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
@@ -36,7 +36,7 @@ import org.apache.kyuubi.plugin.spark.authz.util.{RuleEliminateMarker, RuleElimi
  *  @since 1.6.0
  */
 class RangerSparkExtension extends (SparkSessionExtensions => Unit) {
-  SparkRangerAdminPlugin.init()
+  SparkRangerAdminPlugin.initialize()
 
   override def apply(v1: SparkSessionExtensions): Unit = {
     v1.injectCheckRule(AuthzConfigurationChecker)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 7ece55fe5..3d46563aa 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -21,8 +21,10 @@ import scala.collection.JavaConverters._
 import scala.collection.mutable.ArrayBuffer
 import scala.collection.mutable.LinkedHashMap
 
+import org.apache.hadoop.util.ShutdownHookManager
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest
 import org.apache.ranger.plugin.service.RangerBasePlugin
+import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
@@ -30,6 +32,7 @@ import org.apache.kyuubi.plugin.spark.authz.util.RangerConfigProvider
 
 object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
   with RangerConfigProvider {
+  final private val LOG = LoggerFactory.getLogger(getClass)
 
   /**
    * For a Spark SQL query, it may contain 0 or more privilege objects to verify, e.g. a typical
@@ -60,6 +63,29 @@ object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
     s"ranger.plugin.$getServiceType.use.usergroups.from.userstore.enabled",
     false)
 
+  /**
+   * plugin initialization
+   * with cleanup shutdown hook registered
+   */
+  def initialize(): Unit = {
+    this.init()
+    registerCleanupShutdownHook(this)
+  }
+
+  /**
+   * register shutdown hook for plugin cleanup
+   */
+  private def registerCleanupShutdownHook(plugin: RangerBasePlugin): Unit = {
+    ShutdownHookManager.get().addShutdownHook(
+      () => {
+        if (plugin != null) {
+          LOG.info(s"clean up ranger plugin, appId: ${plugin.getAppId}")
+          this.cleanup()
+        }
+      },
+      Integer.MAX_VALUE)
+  }
+
   def getFilterExpr(req: AccessRequest): Option[String] = {
     val result = evalRowFilterPolicies(req, null)
     Option(result)

From 4070d78fe7a83cdb1ddc14ba4fbcd05050ffafc0 Mon Sep 17 00:00:00 2001
From: runzhliu <runzhliu@163.com>
Date: Wed, 8 Feb 2023 23:43:52 +0800
Subject: [PATCH 021/760] [KYUUBI #4268] Bump Arrow version to 11.0.0

### _Why are the changes needed?_

to close #4268 .

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4273 from runzhliu/patch-2.

Closes #4268

5329a842 [runzhliu] bump Arrow version to 11.0.0

Authored-by: runzhliu <runzhliu@163.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 66853ac0d..ebf6db655 100644
--- a/pom.xml
+++ b/pom.xml
@@ -115,7 +115,7 @@
         <scala.binary.version>2.12</scala.binary.version>
         <scala-collection-compat.version>2.8.1</scala-collection-compat.version>
 
-        <arrow.version>10.0.1</arrow.version>
+        <arrow.version>11.0.0</arrow.version>
         <!-- Please don't upgrade the version to 4.10+, it depends on JDK 11 -->
         <antlr4.version>4.9.3</antlr4.version>
         <antlr.st4.version>4.3.4</antlr.st4.version>

From e5743c8309978cfc2bf430721d0c9d2d46909883 Mon Sep 17 00:00:00 2001
From: Thomas Prelle <thomas.prelle@ubisoft.com>
Date: Thu, 9 Feb 2023 00:06:07 +0800
Subject: [PATCH 022/760] [KYUUBI #4255][AUTHZ] Add authz for describe relation

### _Why are the changes needed?_
During a describe table call, if the table it's a v2 table, it's a DescribeRelation a not a DescribeTableCommand.

So DescribeRelation should have same authorization than DescribeTableCommand.

Fix https://github.com/apache/kyuubi/issues/4255

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4257 from tprelle/fixDescribeRelationAuthz.

Closes #4255

3ffdbc9d [Thomas Prelle] [AUTHZ] Add authz for describe relation

Authored-by: Thomas Prelle <thomas.prelle@ubisoft.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/resources/table_command_spec.json | 14 ++++++++++++++
 .../authz/V2CommandsPrivilegesSuite.scala      | 18 ++++++++++++++++++
 .../plugin/spark/authz/gen/TableCommands.scala | 11 +++++++++++
 ...ebergCatalogRangerSparkExtensionSuite.scala |  9 +++++++++
 ...TableCatalogRangerSparkExtensionSuite.scala |  8 ++++++++
 5 files changed, 60 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 3b9b8f24e..af748c278 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -219,6 +219,20 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.DescribeRelation",
+  "tableDescs" : [ {
+    "fieldName" : "relation",
+    "fieldExtractor" : "ResolvedTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : true
+  } ],
+  "opType" : "DESCTABLE",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropColumns",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index 9d3e6d42d..dede81426 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -515,6 +515,24 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     assert(accessType === AccessType.UPDATE)
   }
 
+  test("DescribeTable") {
+    val plan = executePlan(s"DESCRIBE TABLE $catalogTable").analyzed
+    val (inputs, outputs, operationType) = PrivilegesBuilder.build(plan, spark)
+    assert(operationType === DESCTABLE)
+    assert(inputs.size === 1)
+    val po = inputs.head
+    assert(po.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assert(po.catalog === Some(catalogV2))
+    assert(po.dbname === namespace)
+    assert(po.objectName === catalogTableShort)
+    assert(po.columns.isEmpty)
+    checkV2TableOwner(po)
+    val accessType = AccessType(po, operationType, isInput = true)
+    assert(accessType === AccessType.SELECT)
+    assert(outputs.size === 0)
+  }
+
   // with V2AlterTableCommand
 
   test("AddColumns") {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index ef981515a..e2fda9162 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -410,6 +410,16 @@ object TableCommands {
     TableCommandSpec(cmd, Seq(tableDesc), DESCTABLE)
   }
 
+  val DescribeRelationTable = {
+    val cmd = "org.apache.spark.sql.catalyst.plans.logical.DescribeRelation"
+    val tableDesc = TableDesc(
+      "relation",
+      classOf[ResolvedTableTableExtractor],
+      isInput = true,
+      setCurrentDatabaseIfMissing = true)
+    TableCommandSpec(cmd, Seq(tableDesc), DESCTABLE)
+  }
+
   val DropTable = {
     val cmd = "org.apache.spark.sql.execution.command.DropTableCommand"
     val tableTypeDesc =
@@ -614,6 +624,7 @@ object TableCommands {
     DeleteFromTable,
     DescribeColumn,
     DescribeTable,
+    DescribeRelationTable,
     DropTable,
     DropTableV2,
     InsertIntoDataSource,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index a2634bb26..909c26d36 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -222,4 +222,13 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
         })
     }
   }
+
+  test("[KYUUBI #4255] DESCRIBE TABLE") {
+    assume(isSparkV32OrGreater)
+    val e1 = intercept[AccessControlException](
+      doAs("someone", sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
+    assert(e1.getMessage.contains(s"does not have [select] privilege" +
+      s" on [$namespace1/$table1]"))
+  }
+
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 6bdab9d9d..9f980c27a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -107,6 +107,14 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
       s" on [$namespace1/$table1/id]"))
   }
 
+  test("[KYUUBI #4255] DESCRIBE TABLE") {
+    assume(isSparkV31OrGreater)
+    val e1 = intercept[AccessControlException](
+      doAs("someone", sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
+    assert(e1.getMessage.contains(s"does not have [select] privilege" +
+      s" on [$namespace1/$table1]"))
+  }
+
   test("[KYUUBI #3424] CREATE TABLE") {
     assume(isSparkV31OrGreater)
 

From afcfe9afb5e8df1761dd80b8ed236d11520eed83 Mon Sep 17 00:00:00 2001
From: df_liu <df_liu@trip.com>
Date: Thu, 9 Feb 2023 08:34:47 +0800
Subject: [PATCH 023/760] [KYUUBI #4252] Bump Flink to 1.14.6

### _Why are the changes needed?_

close #4252

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4277 from df-Liu/fix_4252.

Closes #4252

a5969d01 [df_liu] [KYUUBI #4252] Bump Flink 1.14.6

Authored-by: df_liu <df_liu@trip.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ebf6db655..fecc0ad8d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2328,7 +2328,7 @@
         <profile>
             <id>flink-1.14</id>
             <properties>
-                <flink.version>1.14.5</flink.version>
+                <flink.version>1.14.6</flink.version>
                 <flink.module.scala.suffix>_${scala.binary.version}</flink.module.scala.suffix>
             </properties>
         </profile>

From 3f5121ab2d5558a7ea8cdba63bf15cd20b4127e3 Mon Sep 17 00:00:00 2001
From: df_liu <df_liu@trip.com>
Date: Thu, 9 Feb 2023 08:35:43 +0800
Subject: [PATCH 024/760] [KYUUBI #4251] Bump Flink to 1.15.3

### _Why are the changes needed?_

close #4251

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4276 from df-Liu/fix_4251.

Closes #4251

eb5565cb [df_liu] [KYUUBI #4251] Bump Flink 1.15.3

Authored-by: df_liu <df_liu@trip.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index fecc0ad8d..15d425dbb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2336,7 +2336,7 @@
         <profile>
             <id>flink-1.15</id>
             <properties>
-                <flink.version>1.15.2</flink.version>
+                <flink.version>1.15.3</flink.version>
                 <flink.module.scala.suffix></flink.module.scala.suffix>
             </properties>
         </profile>

From 953155272054137bab1d2e59c910b1ccf614ff56 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 9 Feb 2023 14:14:55 +0800
Subject: [PATCH 025/760] [KYUUBI #4266] [INFRA] Add Dependency Review step to
 prevent introducing vulnerable dependencies

### _Why are the changes needed?_

- Add actions/dependency-review-action (https://github.com/actions/dependency-review-action) as new step in the dependency workflow, which fails when future PR is bringing vulnerable dependencies.
- configuring `fail-on-severity` to `moderate` level

<img width="760" alt="image" src="https://user-images.githubusercontent.com/1935105/217551476-e2858c04-ebcb-4028-a209-e547690b5d79.png">

### _How was this patch tested?_
- [x] Pass the Dependency Check CI job

Closes #4266 from bowenliang123/dependency-review.

Closes #4266

63a84b22 [liangbowen] add actions/dependency-review-action to dependency workflow

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/dep.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index 5ea4447cc..ae1e3de6f 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -23,8 +23,9 @@ on:
       - master
       - branch-*
     paths:
-      # dependency check happens only pom changes
+      # when pom or dependency workflow changes
       - '**/pom.xml'
+      - '.github/workflows/dep.yml'
 
 concurrency:
   group: dep-${{ github.ref }}
@@ -57,3 +58,7 @@ jobs:
           -pl kyuubi-ctl,kyuubi-server,kyuubi-assembly -am
       - name: Check dependency list
         run: build/dependency.sh
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: moderate

From fec6ee6110bea900b9af347801fb4447bb285521 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Feb 2023 19:27:42 +0800
Subject: [PATCH 026/760] [KYUUBI #4285] Do not cancel CI jobs on stable branch

### _Why are the changes needed?_

Since https://github.com/apache/kyuubi/pull/2175, the previous running CI jobs will be canceled on the same branch or PR to save CI resources, this PR keeps the behavior for PR but doesn't cancel the running CI jobs when commit to the stable branch.

Ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

I pushed an empty commit to verify the behavior does not change in PR, and I need to merge this to master first, then merge another PR immediately to verify the rest behaviors.

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4285 from pan3793/ci-con.

Closes #4285

3aa7f427e [Cheng Pan] empty
4156eb196 [Cheng Pan] Do not cancel CI jobs on stable branch

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/dep.yml     | 2 +-
 .github/workflows/license.yml | 2 +-
 .github/workflows/master.yml  | 2 +-
 .github/workflows/style.yml   | 2 +-
 .github/workflows/web-ui.yml  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index ae1e3de6f..16475ce0f 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -28,7 +28,7 @@ on:
       - '.github/workflows/dep.yml'
 
 concurrency:
-  group: dep-${{ github.ref }}
+  group: dep-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index 73ef05864..17591dacb 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -26,7 +26,7 @@ on:
       - branch-*
 
 concurrency:
-  group: lincense-${{ github.ref }}
+  group: license-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 59bcdbd58..c65226d78 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -28,7 +28,7 @@ on:
       - branch-*
 
 concurrency:
-  group: test-${{ github.ref }}
+  group: test-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 env:
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index c848a2f8c..f9307e529 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -24,7 +24,7 @@ on:
       - branch-*
 
 concurrency:
-  group: linter-${{ github.ref }}
+  group: linter-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
diff --git a/.github/workflows/web-ui.yml b/.github/workflows/web-ui.yml
index 08c97cfc9..d99078990 100644
--- a/.github/workflows/web-ui.yml
+++ b/.github/workflows/web-ui.yml
@@ -11,7 +11,7 @@ on:
       - branch-*
 
 concurrency:
-  group: web-ui-${{ github.ref }}
+  group: web-ui-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:

From a31d4490c890dd3b61aa4d5724ffaf15f8b6acda Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Feb 2023 19:30:26 +0800
Subject: [PATCH 027/760] [KYUUBI #4271] Clarify incremental collect mode
 ignore `kyuubi.operation.result.max.rows`

### _Why are the changes needed?_

`kyuubi.operation.result.max.rows` does not take effect on incremental collect mode because of performance concerns, this PR updates the configuration docs to mention that.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4271 from pan3793/maxrow.

Closes #4271

29b290a3e [Cheng Pan] nit
3d2872352 [Cheng Pan] log
277ebb5ff [Cheng Pan] ifx
091511a91 [Cheng Pan] nit
f15fb2270 [Cheng Pan] nit
1a1259ef5 [Cheng Pan] nit
ba57a2660 [Cheng Pan] fix
0b58d8b1a [Cheng Pan] ut
74b59dcee [Cheng Pan] nit
230defbff [Cheng Pan] Increamental collect mode should respect kyuubi.operation.result.max.rows

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/ExecuteStatement.scala    | 60 +++++++++----------
 .../spark/operation/SparkOperation.scala      |  6 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala | 19 +++---
 .../KyuubiOperationPerUserSuite.scala         | 39 ++++++------
 4 files changed, 64 insertions(+), 60 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index 2cdc2b500..fac90f7ea 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -21,7 +21,7 @@ import java.util.concurrent.RejectedExecutionException
 
 import scala.collection.JavaConverters._
 
-import org.apache.spark.sql.{DataFrame, Row}
+import org.apache.spark.sql.DataFrame
 import org.apache.spark.sql.kyuubi.SparkDatasetHelper
 import org.apache.spark.sql.types._
 
@@ -70,43 +70,41 @@ class ExecuteStatement(
       addOperationListener()
       result = spark.sql(statement)
 
-      iter =
-        if (incrementalCollect) {
-          info("Execute in incremental collect mode")
+      val resultMaxRows = spark.conf.getOption(OPERATION_RESULT_MAX_ROWS.key).map(_.toInt)
+        .getOrElse(session.sessionManager.getConf.get(OPERATION_RESULT_MAX_ROWS))
+      iter = if (incrementalCollect) {
+        if (resultMaxRows > 0) {
+          warn(s"Ignore ${OPERATION_RESULT_MAX_ROWS.key} on incremental collect mode.")
+        }
+        info("Execute in incremental collect mode")
+        def internalIterator(): Iterator[Any] = if (arrowEnabled) {
+          SparkDatasetHelper.toArrowBatchRdd(convertComplexType(result)).toLocalIterator
+        } else {
+          result.toLocalIterator().asScala
+        }
+        new IterableFetchIterator[Any](new Iterable[Any] {
+          override def iterator: Iterator[Any] = internalIterator()
+        })
+      } else {
+        val internalArray = if (resultMaxRows <= 0) {
+          info("Execute in full collect mode")
           if (arrowEnabled) {
-            new IterableFetchIterator[Array[Byte]](new Iterable[Array[Byte]] {
-              override def iterator: Iterator[Array[Byte]] = SparkDatasetHelper.toArrowBatchRdd(
-                convertComplexType(result)).toLocalIterator
-            })
+            SparkDatasetHelper.toArrowBatchRdd(convertComplexType(result)).collect()
           } else {
-            new IterableFetchIterator[Row](new Iterable[Row] {
-              override def iterator: Iterator[Row] = result.toLocalIterator().asScala
-            })
+            result.collect()
           }
         } else {
-          val resultMaxRows = spark.conf.getOption(OPERATION_RESULT_MAX_ROWS.key).map(_.toInt)
-            .getOrElse(session.sessionManager.getConf.get(OPERATION_RESULT_MAX_ROWS))
-          if (resultMaxRows <= 0) {
-            info("Execute in full collect mode")
-            if (arrowEnabled) {
-              new ArrayFetchIterator(
-                SparkDatasetHelper.toArrowBatchRdd(
-                  convertComplexType(result)).collect())
-            } else {
-              new ArrayFetchIterator(result.collect())
-            }
+          info(s"Execute with max result rows[$resultMaxRows]")
+          if (arrowEnabled) {
+            // this will introduce shuffle and hurt performance
+            val limitedResult = result.limit(resultMaxRows)
+            SparkDatasetHelper.toArrowBatchRdd(convertComplexType(limitedResult)).collect()
           } else {
-            info(s"Execute with max result rows[$resultMaxRows]")
-            if (arrowEnabled) {
-              // this will introduce shuffle and hurt performance
-              new ArrayFetchIterator(
-                SparkDatasetHelper.toArrowBatchRdd(
-                  convertComplexType(result.limit(resultMaxRows))).collect())
-            } else {
-              new ArrayFetchIterator(result.take(resultMaxRows))
-            }
+            result.take(resultMaxRows)
           }
         }
+        new ArrayFetchIterator(internalArray)
+      }
       setCompiledStateIfNeeded()
       setState(OperationState.FINISHED)
     } catch {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index 842ff944f..b62ef6745 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -259,13 +259,13 @@ abstract class SparkOperation(session: Session)
 
   override def shouldRunAsync: Boolean = false
 
-  protected def arrowEnabled(): Boolean = {
-    resultFormat().equalsIgnoreCase("arrow") &&
+  protected def arrowEnabled: Boolean = {
+    resultFormat.equalsIgnoreCase("arrow") &&
     // TODO: (fchen) make all operation support arrow
     getClass.getCanonicalName == classOf[ExecuteStatement].getCanonicalName
   }
 
-  protected def resultFormat(): String = {
+  protected def resultFormat: String = {
     // TODO: respect the config of the operation ExecuteStatement, if it was set.
     spark.conf.get("kyuubi.operation.result.format", "thrift")
   }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 75f7efedc..b46674d06 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1645,11 +1645,20 @@ object KyuubiConf {
       .checkValue(_ >= 1000, "must >= 1s if set")
       .createOptional
 
+  val OPERATION_RESULT_MAX_ROWS: ConfigEntry[Int] =
+    buildConf("kyuubi.operation.result.max.rows")
+      .doc("Max rows of Spark query results. Rows exceeding the limit would be ignored. " +
+        "By setting this value to 0 to disable the max rows limit.")
+      .version("1.6.0")
+      .intConf
+      .createWithDefault(0)
+
   val OPERATION_INCREMENTAL_COLLECT: ConfigEntry[Boolean] =
     buildConf("kyuubi.operation.incremental.collect")
       .internal
       .doc("When true, the executor side result will be sequentially calculated and returned to" +
-        " the Spark driver side.")
+        s" the Spark driver side. Note that, ${OPERATION_RESULT_MAX_ROWS.key} will be ignored" +
+        " on incremental collect mode.")
       .version("1.4.0")
       .booleanConf
       .createWithDefault(false)
@@ -1667,14 +1676,6 @@ object KyuubiConf {
       .transform(_.toLowerCase(Locale.ROOT))
       .createWithDefault("thrift")
 
-  val OPERATION_RESULT_MAX_ROWS: ConfigEntry[Int] =
-    buildConf("kyuubi.operation.result.max.rows")
-      .doc("Max rows of Spark query results. Rows exceeding the limit would be ignored. " +
-        "By setting this value to 0 to disable the max rows limit.")
-      .version("1.6.0")
-      .intConf
-      .createWithDefault(0)
-
   val SERVER_OPERATION_LOG_DIR_ROOT: ConfigEntry[String] =
     buildConf("kyuubi.operation.log.dir.root")
       .doc("Root directory for query operation log at server-side.")
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 5e4796a87..2ece2379a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -166,23 +166,6 @@ class KyuubiOperationPerUserSuite
     assert(r1 !== r2)
   }
 
-  test("test engine spark result max rows") {
-    withSessionConf()(Map.empty)(Map(KyuubiConf.OPERATION_RESULT_MAX_ROWS.key -> "1")) {
-      withJdbcStatement("va") { statement =>
-        statement.executeQuery("create temporary view va as select * from values(1),(2)")
-
-        val resultLimit1 = statement.executeQuery("select * from va")
-        assert(resultLimit1.next())
-        assert(!resultLimit1.next())
-
-        statement.executeQuery(s"set ${KyuubiConf.OPERATION_RESULT_MAX_ROWS.key}=0")
-        val resultUnLimit = statement.executeQuery("select * from va")
-        assert(resultUnLimit.next())
-        assert(resultUnLimit.next())
-      }
-    }
-  }
-
   test("support to interrupt the thrift request if remote engine is broken") {
     assume(!httpMode)
     withSessionConf(Map(
@@ -227,6 +210,28 @@ class KyuubiOperationPerUserSuite
     }
   }
 
+  test("max result rows") {
+    Seq("true", "false").foreach { incremental =>
+      Seq("thrift", "arrow").foreach { resultFormat =>
+        Seq("0", "1").foreach { maxResultRows =>
+          withSessionConf()(Map.empty)(Map(
+            KyuubiConf.OPERATION_RESULT_FORMAT.key -> resultFormat,
+            KyuubiConf.OPERATION_RESULT_MAX_ROWS.key -> maxResultRows,
+            KyuubiConf.OPERATION_INCREMENTAL_COLLECT.key -> incremental)) {
+            withJdbcStatement("va") { statement =>
+              statement.executeQuery("create temporary view va as select * from values(1),(2)")
+              val resultLimit = statement.executeQuery("select * from va")
+              assert(resultLimit.next())
+              // always ignore max result rows on incremental collect mode
+              if (incremental == "true" || maxResultRows == "0") assert(resultLimit.next())
+              assert(!resultLimit.next())
+            }
+          }
+        }
+      }
+    }
+  }
+
   test("scala NPE issue with hdfs jar") {
     val jarDir = Utils.createTempDir().toFile
     val udfCode =

From 3bb283ecd734135f86c4b6ebf83515b7ee8652c0 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Feb 2023 19:50:07 +0800
Subject: [PATCH 028/760] [KYUUBI #4287] [INFRA] Remove Travis

### _Why are the changes needed?_

As mentioned in https://github.com/apache/kyuubi/issues/4139, we are not able to use Travis for AMR testing in the future.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4287 from pan3793/rm-travis.

Closes #4287

efe2a4854 [Cheng Pan] nit
c72a8b00c [Cheng Pan] Remove travis

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .gitattributes      |  1 -
 .github/labeler.yml |  1 -
 .travis.yml         | 71 ---------------------------------------------
 README.md           |  1 -
 build/Dockerfile    |  2 +-
 5 files changed, 1 insertion(+), 75 deletions(-)
 delete mode 100644 .travis.yml

diff --git a/.gitattributes b/.gitattributes
index b3623c426..6bbad541a 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -18,7 +18,6 @@
 .github/ export-ignore
 .idea/ export-ignore
 .readthedocs.yml export-ignore
-.travis.yml export-ignore
 _config.yml export-ignore
 codecov.yml export-ignore
 licenses-binary/ export-ignore
diff --git a/.github/labeler.yml b/.github/labeler.yml
index a9f79a537..bbc64ed66 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -45,7 +45,6 @@
   - ".gitattributes"
   - ".github/**/*"
   - ".gitignore"
-  - ".travis.yml"
   - "LICENSE"
   - "LICENSE-binary"
   - "NOTICE"
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index c09fa9566..000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-sudo: required
-dist: focal
-arch: arm64-graviton2
-group: edge
-virt: vm
-env: SPARK_LOCAL_IP=localhost
-
-branches:
-  only:
-    - master
-
-language: java
-
-matrix:
-  include:
-  - name: Build Kyuubi common on Linux ARM64
-    script:
-      - ./build/mvn test $MVN_ARGS -pl kyuubi-common,kyuubi-zookeeper,kyuubi-ha,kyuubi-ctl,kyuubi-metrics,kyuubi-hive-beeline,kyuubi-hive-jdbc,extensions/server/kyuubi-server-plugin -am
-  - name: Build Kyuubi Flink on Linux ARM64
-    script:
-      - ./build/mvn test $MVN_ARGS -pl externals/kyuubi-flink-sql-engine,integration-tests/kyuubi-flink-it
-  - name: Build Kyuubi Spark on Linux ARM64
-    script:
-      - ./build/mvn test $MVN_ARGS -pl externals/kyuubi-spark-sql-engine
-      - ./build/mvn test $MVN_ARGS -pl kyuubi-server -DwildcardSuites=org.apache.kyuubi.operation.KyuubiOperationPerUserSuite
-  - name: Build Kyuubi Trino on Linux ARM64
-    script:
-      - ./build/mvn test $MVN_ARGS -pl externals/kyuubi-trino-engine,integration-tests/kyuubi-trino-it
-  - name: Build Kyuubi Hive on Linux ARM64
-    script:
-      - ./build/mvn test $MVN_ARGS -pl externals/kyuubi-hive-sql-engine,integration-tests/kyuubi-hive-it
-
-cache:
-  directories:
-    - $HOME/.m2
-
-install:
-  - sudo apt update
-  - sudo apt install -y openjdk-8-jdk
-  - export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-${TRAVIS_CPU_ARCH}"
-  - export PATH="$JAVA_HOME/bin:/usr/share/maven/bin:$PATH"
-  - ./build/mvn --version
-
-before_script:
-  - export MVN_ARGS="-Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -V -B -ntp -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Pjdbc-shaded"
-  - ./build/mvn clean install -DskipTests $MVN_ARGS
-
-
-after_success:
-  - echo "Travis exited with ${TRAVIS_TEST_RESULT}"
-
-after_failure:
-  - echo "Travis exited with ${TRAVIS_TEST_RESULT}"
-  - for log in `find * -name "unit-tests.log"`;  do echo "=========$log========="; grep "ERROR" $log -A 100 -B 5; done
diff --git a/README.md b/README.md
index b38d69334..16fc794ee 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,6 @@
 [![](https://tokei.rs/b1/github.com/apache/kyuubi)](https://github.com/apache/kyuubi)
 [![codecov](https://codecov.io/gh/apache/kyuubi/branch/master/graph/badge.svg)](https://codecov.io/gh/apache/kyuubi)
 ![GitHub Workflow Status](https://img.shields.io/github/workflow/status/apache/kyuubi/Kyuubi/master?style=plastic)
-[![Travis](https://api.travis-ci.com/apache/kyuubi.svg?branch=master)](https://travis-ci.com/apache/kyuubi)
 [![Documentation Status](https://readthedocs.org/projects/kyuubi/badge/?version=latest)](https://kyuubi.readthedocs.io/en/master/)
 ![GitHub top language](https://img.shields.io/github/languages/top/apache/kyuubi)
 [![Commit activity](https://img.shields.io/github/commit-activity/m/apache/kyuubi)](https://github.com/apache/kyuubi/graphs/commit-activity)
diff --git a/build/Dockerfile b/build/Dockerfile
index b53b6716e..cd2d5077c 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -37,7 +37,7 @@ ARG MVN_ARG
 
 # Pass the environment variable `CI` into container, for internal use only.
 #
-# Continuous integration(aka. CI) services like GitHub Actions, Travis always provide
+# Continuous integration(aka. CI) services like GitHub Actions always provide
 # an environment variable `CI` in runners, and we detect this variable to run some
 # specific actions, e.g. run `mvn` in batch mode to suppress noisy logs.
 ARG CI

From 5cd33a0e3c56320ad2047f94415957274d0a0ee7 Mon Sep 17 00:00:00 2001
From: df_liu <df_liu@trip.com>
Date: Thu, 9 Feb 2023 20:09:06 +0800
Subject: [PATCH 029/760] [KYUUBI #4252][FOLLOWUP] Bump Flink 1.14.6

### _Why are the changes needed?_

updated `.github/workflows/master.yml#L161`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4284 from df-Liu/follow_4252.

Closes #4252

3b0069418 [df_liu] [KYUUBI #4252][FOLLOWUP] Bump Flink 1.14.6

Authored-by: df_liu <df_liu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index c65226d78..7a58a5d08 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -158,7 +158,7 @@ jobs:
         include:
           - java: 8
             flink: '1.15'
-            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.14.5 -Dflink.archive.name=flink-1.14.5-bin-scala_2.12.tgz'
+            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.14.6 -Dflink.archive.name=flink-1.14.6-bin-scala_2.12.tgz'
             comment: 'verify-on-flink-1.14-binary'
           - java: 8
             flink: '1.15'

From b47f0890e1cdeecbf0a54988e912d6640fdd2720 Mon Sep 17 00:00:00 2001
From: df_liu <df_liu@trip.com>
Date: Thu, 9 Feb 2023 20:10:13 +0800
Subject: [PATCH 030/760] [KYUUBI #4250] Bump Flink to 1.16.1

### _Why are the changes needed?_
close #4250

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4275 from df-Liu/fix_4250.

Closes #4250

723c4b745 [df_liu] [KYUUBI #4250] fix 1.16.1
0e151a408 [df_liu] [KYUUBI #4250] Bump Flink 1.16.1

Authored-by: df_liu <df_liu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                                    | 2 +-
 .../kyuubi/engine/flink/operation/FlinkOperationSuite.scala     | 1 +
 pom.xml                                                         | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 7a58a5d08..d5494a42c 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -162,7 +162,7 @@ jobs:
             comment: 'verify-on-flink-1.14-binary'
           - java: 8
             flink: '1.15'
-            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.16.0 -Dflink.archive.name=flink-1.16.0-bin-scala_2.12.tgz'
+            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.16.1 -Dflink.archive.name=flink-1.16.1-bin-scala_2.12.tgz'
             comment: 'verify-on-flink-1.16-binary'
     steps:
       - uses: actions/checkout@v3
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index c75124c39..d0522d3ea 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -903,6 +903,7 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
         statement.getConnection.setCatalog("cat_a")
         val changedCatalog = statement.getConnection.getCatalog
         assert(changedCatalog == "cat_a")
+        statement.getConnection.setCatalog("default_catalog")
         assert(statement.execute("drop catalog cat_a"))
       }
     }
diff --git a/pom.xml b/pom.xml
index 15d425dbb..b57324989 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2344,7 +2344,7 @@
         <profile>
             <id>flink-1.16</id>
             <properties>
-                <flink.version>1.16.0</flink.version>
+                <flink.version>1.16.1</flink.version>
                 <flink.module.scala.suffix></flink.module.scala.suffix>
             </properties>
         </profile>

From 68cc0e40970453e59351d199396a2c546afb8c08 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 9 Feb 2023 20:12:52 +0800
Subject: [PATCH 031/760] [KYUUBI #4262] [AUTHZ] Change from DROP to ALTER as
 required privilege of the source table in AlterTableRenameCommand

### _Why are the changes needed?_

to close #4262 .
- change the required privilege of the source table from DROP to ALTER
- skip privilege checks of the new target table, as the same way in Ranger's Hive plugin

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4281 from bowenliang123/4262-renametable.

Closes #4262

e7117de9 [liangbowen] change required privilege of the source table from DROP to ALTER

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/resources/table_command_spec.json  | 17 -----------------
 .../plugin/spark/authz/ranger/AccessType.scala  |  3 +--
 .../spark/authz/PrivilegesBuilderSuite.scala    |  7 ++-----
 .../plugin/spark/authz/gen/TableCommands.scala  |  8 ++------
 4 files changed, 5 insertions(+), 30 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index af748c278..d36690bcf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -691,23 +691,6 @@
     "fieldName" : "oldName",
     "fieldExtractor" : "TableIdentifierTableExtractor",
     "columnDesc" : null,
-    "actionTypeDesc" : {
-      "fieldName" : null,
-      "fieldExtractor" : null,
-      "actionType" : "DELETE"
-    },
-    "tableTypeDesc" : {
-      "fieldName" : "oldName",
-      "fieldExtractor" : "TableIdentifierTableTypeExtractor",
-      "skipTypes" : [ "TEMP_VIEW" ]
-    },
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  }, {
-    "fieldName" : "newName",
-    "fieldExtractor" : "TableIdentifierTableExtractor",
-    "columnDesc" : null,
     "actionTypeDesc" : null,
     "tableTypeDesc" : {
       "fieldName" : "oldName",
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
index 52e3c0176..7d62229ee 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
@@ -35,14 +35,13 @@ object AccessType extends Enumeration {
           case CREATETABLE | CREATEVIEW | CREATETABLE_AS_SELECT
               if obj.privilegeObjectType == TABLE_OR_VIEW =>
             if (isInput) SELECT else CREATE
-          // new table new `CREATE` privilege here and the old table gets `DELETE` via actionType
-          case ALTERTABLE_RENAME => CREATE
           case ALTERDATABASE |
               ALTERDATABASE_LOCATION |
               ALTERTABLE_ADDCOLS |
               ALTERTABLE_ADDPARTS |
               ALTERTABLE_DROPPARTS |
               ALTERTABLE_LOCATION |
+              ALTERTABLE_RENAME |
               ALTERTABLE_PROPERTIES |
               ALTERTABLE_RENAMECOL |
               ALTERTABLE_RENAMEPART |
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 15f58deb3..b014aaaca 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -143,7 +143,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
         val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
         assert(operationType === ALTERTABLE_RENAME)
         assert(in.isEmpty)
-        assert(out.size === 2)
+        assert(out.size === 1)
         out.foreach { po =>
           assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
           assert(po.catalog.isEmpty)
@@ -151,10 +151,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
           assert(Set(oldTableShort, "efg").contains(po.objectName))
           assert(po.columns.isEmpty)
           val accessType = ranger.AccessType(po, operationType, isInput = false)
-          assert(Set(AccessType.CREATE, AccessType.DROP).contains(accessType))
-          if (accessType == AccessType.DROP) {
-            checkTableOwner(po)
-          }
+          assert(accessType == AccessType.ALTER)
         }
       }
     }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index e2fda9162..d24583e76 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -102,7 +102,6 @@ object TableCommands {
 
   val AlterTableRename = {
     val cmd = "org.apache.spark.sql.execution.command.AlterTableRenameCommand"
-    val actionTypeDesc = ActionTypeDesc(actionType = Some(DELETE))
 
     val oldTableTableTypeDesc =
       TableTypeDesc(
@@ -112,12 +111,9 @@ object TableCommands {
     val oldTableD = TableDesc(
       "oldName",
       tite,
-      tableTypeDesc = Some(oldTableTableTypeDesc),
-      actionTypeDesc = Some(actionTypeDesc))
+      tableTypeDesc = Some(oldTableTableTypeDesc))
 
-    val newTableD =
-      TableDesc("newName", tite, tableTypeDesc = Some(oldTableTableTypeDesc))
-    TableCommandSpec(cmd, Seq(oldTableD, newTableD), ALTERTABLE_RENAME)
+    TableCommandSpec(cmd, Seq(oldTableD), ALTERTABLE_RENAME)
   }
 
   // this is for spark 3.1 or below

From cc6f54ed0ce2cce3264c44710947bd461384ab9c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Feb 2023 20:45:02 +0800
Subject: [PATCH 032/760] [KYUUBI #4247][FOLLOWUP] Fix `build/mvn` version
 comparison

### _Why are the changes needed?_

`build/mvn` should download the maven when the local `mvn` version does not match, this corrects the change in #4261

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4291 from pan3793/mvn-version.

Closes #4247

42717a73c [Cheng Pan] [KYUUBI #4247][FOLLOWUP] Fix build/mvn version comparison

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/mvn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/mvn b/build/mvn
index de697f410..67aa02b4f 100755
--- a/build/mvn
+++ b/build/mvn
@@ -76,7 +76,7 @@ install_mvn() {
   fi
   # See simple version normalization: http://stackoverflow.com/questions/16989598/bash-comparing-version-numbers
   function version { echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }'; }
-  if [ $(version $MVN_DETECTED_VERSION) -eq $(version $MVN_VERSION) ]; then
+  if [ $(version $MVN_DETECTED_VERSION) -ne $(version $MVN_VERSION) ]; then
     local APACHE_MIRROR=${APACHE_MIRROR:-'https://archive.apache.org/dist/'}
 
     install_app \

From 0bdcfb82163b69d1b9feb683620408bda347434e Mon Sep 17 00:00:00 2001
From: runzhliu <runzhliu@163.com>
Date: Thu, 9 Feb 2023 20:52:11 +0800
Subject: [PATCH 033/760] [KYUUBI #4248] Modify the GitHub Action of setting up
 the Minikube cluster

### _Why are the changes needed?_

bump the minikube version to 1.29.0 and the kubernetes version to 1.26.1.

After ran some tests for the used action manusa/actions-setup-minikubev2.7.2, it turns out that it would have some problems when I bump the minikube version to 1.29.0, please refer to [this link](https://github.com/runzhliu/yum-with-browser/actions/runs/4113082204/jobs/7098775474) for details.

In addition, I have tried another minikube action medyagh/setup-minikubemaster, it's good to bump the version for both minikube  and Kubernetes, please refer to [this link](https://github.com/runzhliu/yum-with-browser/actions/runs/4112397435/jobs/7097254604#step:5:8).

However, I would prefer to [this way](https://github.com/apache/spark/blob/master/.github/workflows/build_and_test.yml#L945-L966) to setup a minikube cluster for the rest Kubernetes related tests, it's also good to set up the cluster as well, please refer to [this link](https://github.com/runzhliu/yum-with-browser/actions/runs/4113018527/jobs/7098637193#step:4:2).

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4248 from runzhliu/patch-1.

Closes #4248

7d12e0e8 [runzhliu] Update master.yml
52448ae0 [runzhliu] Update master.yml
5fb0b9ec [runzhliu] Update master.yml
3491b33a [runzhliu] Merge branch 'apache:master' into patch-1
64101d95 [runzhliu] bump the minikube version to 1.29.0 and the kubernetes version to 1.26.1
4b278697 [runzhliu] Merge branch 'apache:master' into patch-1
b19e0983 [runzhliu] Update master.yml
f6bc18ee [runzhliu] Update master.yml
bb133312 [runzhliu] Update master.yml
b44ad030 [runzhliu] Update master.yml
7f22810f [runzhliu] Update master.yml
09a6dadf [runzhliu] Update master.yml
60623715 [runzhliu] Update master.yml
0d2c6568 [runzhliu] Update master.yml
5c8b0cc6 [runzhliu] bump the minikube version to 1.29.0 and the kubernetes version to 1.26.1

Authored-by: runzhliu <runzhliu@163.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index d5494a42c..0cd1f3140 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -33,6 +33,8 @@ concurrency:
 
 env:
   MVN_OPT: -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Pjdbc-shaded
+  KUBERNETES_VERSION: v1.26.1
+  MINIKUBE_VERSION: v1.29.0
 
 jobs:
   default:
@@ -78,7 +80,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v4
         with:
-            python-version: '3.9'
+          python-version: '3.9'
       - name: Build and test Kyuubi and Spark with maven w/o linters
         run: |
           TEST_MODULES="dev/kyuubi-codecov"
@@ -347,15 +349,17 @@ jobs:
           file: build/Dockerfile
           load: true
           tags: apache/kyuubi:latest
-      # from https://github.com/marketplace/actions/setup-minikube-kubernetes-cluster
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.7.2
-        with:
-          minikube version: 'v1.28.0'
-          kubernetes version: 'v1.25.4'
-          github token: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # https://minikube.sigs.k8s.io/docs/start/
+          curl -LO https://github.com/kubernetes/minikube/releases/download/${MINIKUBE_VERSION}/minikube-linux-amd64
+          sudo install minikube-linux-amd64 /usr/local/bin/minikube
+          minikube start --cpus 2 --memory 4096 --kubernetes-version=${KUBERNETES_VERSION} --force
+          # https://minikube.sigs.k8s.io/docs/handbook/pushing/#7-loading-directly-to-in-cluster-container-runtime
+          minikube image load apache/kyuubi:latest
       - name: kubectl pre-check
         run: |
+          kubectl get nodes
           kubectl get serviceaccount
           kubectl create serviceaccount kyuubi
           kubectl create clusterrolebinding kyuubi-role --clusterrole=edit --serviceaccount=default:kyuubi
@@ -394,15 +398,12 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-      # from https://github.com/marketplace/actions/setup-minikube-kubernetes-cluster
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.7.2
-        with:
-          minikube version: 'v1.28.0'
-          kubernetes version: 'v1.25.4'
-          github token: ${{ secrets.GITHUB_TOKEN }}
-          driver: docker
-          start args: '--extra-config=kubeadm.ignore-preflight-errors=NumCPU --force --cpus 2 --memory 4096'
+        run: |
+          # https://minikube.sigs.k8s.io/docs/start/
+          curl -LO https://github.com/kubernetes/minikube/releases/download/${MINIKUBE_VERSION}/minikube-linux-amd64
+          sudo install minikube-linux-amd64 /usr/local/bin/minikube
+          minikube start --cpus 2 --memory 4096 --kubernetes-version=${KUBERNETES_VERSION} --force
       # in case: https://spark.apache.org/docs/latest/running-on-kubernetes.html#rbac
       - name: Create Service Account
         run: |

From 1c7a66ff84a3051bd799c552049f6b50abc73d28 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 9 Feb 2023 12:53:47 +0000
Subject: [PATCH 034/760] [KYUUBI #4269] Add a GA Job For Documentation
 Verification

### _Why are the changes needed?_

Add a GA Job For Documentation Verification

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4269 from yaooqinn/docga.

Closes #4269

c9b39de6 [Cheng Pan] Update .github/workflows/docs.yml
db2d37f8 [Kent Yao] Update .github/workflows/docs.yml
c5bc8518 [Kent Yao] trigger ga
6340129b [Kent Yao] trigger ga
fafbf847 [Kent Yao] trigger ga
52f23240 [Kent Yao] trigger ga
1e0000a7 [Kent Yao] Add a GA Job For Documentaion Verification

Lead-authored-by: Kent Yao <yao@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/docs.yml | 48 ++++++++++++++++++++++++++++++++++++++
 docs/requirements.txt      |  4 ++--
 2 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/docs.yml

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
new file mode 100644
index 000000000..55cb6b8b1
--- /dev/null
+++ b/.github/workflows/docs.yml
@@ -0,0 +1,48 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Docs
+
+on:
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: docs-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  sphinx:
+    name: sphinx-build
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          cache: 'pip'
+          cache-dependency-path: docs/requirements.txt
+      - run: pip install -r docs/requirements.txt
+      - name: make html
+        run: make -d --directory docs html
+      - name: upload html
+        uses: actions/upload-artifact@v3
+        with:
+          path: |
+            docs/_build/html/
+            !docs/_build/html/_sources/
diff --git a/docs/requirements.txt b/docs/requirements.txt
index 8a5ee7e12..00a2eb136 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -22,6 +22,6 @@ markdown==3.3.7
 recommonmark==0.7.1
 sphinx==4.5.0
 sphinx-book-theme==0.3.3
-sphinx-markdown-tables==0.0.15
-sphinx-notfound-page==0.8
+sphinx-markdown-tables==0.0.17
+sphinx-notfound-page==0.8.3
 sphinx-togglebutton===0.3.2

From 363e798b7ccb636eb224c5a7caa1eaaa475a0cc9 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Feb 2023 13:18:42 +0000
Subject: [PATCH 035/760] [KYUUBI #4283] [TEST] Fix flaky test in
 SessionsResourceSuite

### _Why are the changes needed?_

This PR proposes to fix the flaky test
```
- post session exception if failed to open engine session *** FAILED ***
```
which was introduced in #4185

https://github.com/apache/kyuubi/actions/runs/4131523933/jobs/7139249142

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4283 from pan3793/flaky.

Closes #4283

f5c70077 [Cheng Pan] [TEST] Fix flaky test in SessionsResourceSuite

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
index 1357245ad..dcd4d5904 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
@@ -296,7 +296,7 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       response = webTarget.path(s"api/v1/sessions/$sessionHandle").request().get()
       // will meet json parse exception with response.readEntity(classOf[KyuubiSessionEvent])
       val sessionEvent = response.readEntity(classOf[String])
-      assert(sessionEvent.contains("SparkException: Master"))
+      assert(sessionEvent.contains("The last 10 line(s) of log are:"))
     }
   }
 }

From 61df9e2cc402e9bd35b4f300790fda2ac8bdc495 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Feb 2023 22:42:50 +0800
Subject: [PATCH 036/760] [KYUUBI #4292] Pin threeten 1.7.0

### _Why are the changes needed?_

Pin `org.threeten:threeten-extra:1.7.0` for spark master as a workaround for https://github.com/ThreeTen/threeten-extra/issues/226

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4292 from pan3793/threeten.

Closes #4292

8c1a24fd5 [Cheng Pan] Pin threeten 1.7.0

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pom.xml b/pom.xml
index b57324989..fc282c43e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2309,8 +2309,19 @@
             <id>spark-master</id>
             <properties>
                 <spark.version>3.4.0-SNAPSHOT</spark.version>
+                <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
+                <threeten.version>1.7.0</threeten.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
             </properties>
+            <dependencyManagement>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.threeten</groupId>
+                        <artifactId>threeten-extra</artifactId>
+                        <version>${threeten.version}</version>
+                    </dependency>
+                </dependencies>
+            </dependencyManagement>
             <repositories>
                 <repository>
                     <releases>

From afc912c25d9b7c3a778bc02c404c689df35a1dbb Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 10 Feb 2023 05:16:45 +0800
Subject: [PATCH 037/760] [KYUUBI #4253] Change default Flink version to 1.16

### _Why are the changes needed?_

This PR updates `pom.xml` and CI workflow to change the default Flink version to 1.16, close #4253

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4289 from pan3793/flink-1.16.

Closes #4253

dc3885a38 [Cheng Pan] [KYUUBI #4253] Change default Flink version to 1.16

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml | 8 ++++----
 pom.xml                      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 0cd1f3140..fd0505999 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -159,13 +159,13 @@ jobs:
         comment: [ "normal" ]
         include:
           - java: 8
-            flink: '1.15'
+            flink: '1.16'
             flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.14.6 -Dflink.archive.name=flink-1.14.6-bin-scala_2.12.tgz'
             comment: 'verify-on-flink-1.14-binary'
           - java: 8
-            flink: '1.15'
-            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.16.1 -Dflink.archive.name=flink-1.16.1-bin-scala_2.12.tgz'
-            comment: 'verify-on-flink-1.16-binary'
+            flink: '1.16'
+            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.15.3 -Dflink.archive.name=flink-1.15.3-bin-scala_2.12.tgz'
+            comment: 'verify-on-flink-1.15-binary'
     steps:
       - uses: actions/checkout@v3
       - name: Tune Runner VM
diff --git a/pom.xml b/pom.xml
index fc282c43e..d292fe9e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
         <failsafe.verion>2.4.4</failsafe.verion>
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>
-        <flink.version>1.15.2</flink.version>
+        <flink.version>1.16.1</flink.version>
         <flink.module.scala.suffix></flink.module.scala.suffix>
         <flink.archive.name>flink-${flink.version}-bin-scala_${scala.binary.version}.tgz</flink.archive.name>
         <flink.archive.mirror>${apache.archive.dist}/flink/flink-${flink.version}</flink.archive.mirror>

From 673e8e1ce7aa5b993e9797ff8a43340c825ac5e9 Mon Sep 17 00:00:00 2001
From: runzhliu <runzhliu@163.com>
Date: Fri, 10 Feb 2023 07:39:22 +0800
Subject: [PATCH 038/760] [KYUUBI #4286] Bump Jackson from 2.14.1 to 2.14.2

### _Why are the changes needed?_

- Jackson 2.14.2 release note: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.14.2

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4286 from runzhliu/patch-4.

Closes #4286

6902e2ec [runzhliu] Update dependencyList
3cde2004 [runzhliu] Merge branch 'apache:master' into patch-4
8ac6eccd [runzhliu] bump the jackson maven dependecy version to 2.14.2

Authored-by: runzhliu <runzhliu@163.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 18 +++++++++---------
 pom.xml            |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 10933b9fa..2035b95de 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -65,16 +65,16 @@ httpclient/4.5.14//httpclient-4.5.14.jar
 httpcore/4.4.16//httpcore-4.4.16.jar
 httpmime/4.5.14//httpmime-4.5.14.jar
 j2objc-annotations/1.3//j2objc-annotations-1.3.jar
-jackson-annotations/2.14.1//jackson-annotations-2.14.1.jar
-jackson-core/2.14.1//jackson-core-2.14.1.jar
-jackson-databind/2.14.1//jackson-databind-2.14.1.jar
-jackson-dataformat-yaml/2.14.1//jackson-dataformat-yaml-2.14.1.jar
+jackson-annotations/2.14.2//jackson-annotations-2.14.2.jar
+jackson-core/2.14.2//jackson-core-2.14.2.jar
+jackson-databind/2.14.2//jackson-databind-2.14.2.jar
+jackson-dataformat-yaml/2.14.2//jackson-dataformat-yaml-2.14.2.jar
 jackson-datatype-jdk8/2.12.3//jackson-datatype-jdk8-2.12.3.jar
-jackson-datatype-jsr310/2.14.1//jackson-datatype-jsr310-2.14.1.jar
-jackson-jaxrs-base/2.14.1//jackson-jaxrs-base-2.14.1.jar
-jackson-jaxrs-json-provider/2.14.1//jackson-jaxrs-json-provider-2.14.1.jar
-jackson-module-jaxb-annotations/2.14.1//jackson-module-jaxb-annotations-2.14.1.jar
-jackson-module-scala_2.12/2.14.1//jackson-module-scala_2.12-2.14.1.jar
+jackson-datatype-jsr310/2.14.2//jackson-datatype-jsr310-2.14.2.jar
+jackson-jaxrs-base/2.14.2//jackson-jaxrs-base-2.14.2.jar
+jackson-jaxrs-json-provider/2.14.2//jackson-jaxrs-json-provider-2.14.2.jar
+jackson-module-jaxb-annotations/2.14.2//jackson-module-jaxb-annotations-2.14.2.jar
+jackson-module-scala_2.12/2.14.2//jackson-module-scala_2.12-2.14.2.jar
 jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar
 jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar
 jakarta.servlet-api/4.0.4//jakarta.servlet-api-4.0.4.jar
diff --git a/pom.xml b/pom.xml
index d292fe9e2..e4ca73d69 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,7 +158,7 @@
         <httpcore.version>4.4.16</httpcore.version>
         <hudi.version>0.12.0</hudi.version>
         <iceberg.version>1.1.0</iceberg.version>
-        <jackson.version>2.14.1</jackson.version>
+        <jackson.version>2.14.2</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>

From 8d269b83d370e9940c3c9a39c3e3209d9e2dfee6 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 10 Feb 2023 12:23:48 +0800
Subject: [PATCH 039/760] [KYUUBI #4297] Daily publish master snapshot docker
 image

### _Why are the changes needed?_

This PR proposes to change the publish `master-snapshot` image from every commit of the master branch to the daily scheduled, it saves GA resources.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4297 from pan3793/docker-nightly.

Closes #4297

1424287cb [Cheng Pan] nit
32cffe8ab [Cheng Pan] Daily publish master snapshot docker image

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 ...-image.yml => publish-snapshot-docker.yml} | 13 +++----
 ...napshot.yml => publish-snapshot-nexus.yml} | 36 +++++++++----------
 2 files changed, 22 insertions(+), 27 deletions(-)
 rename .github/workflows/{docker-image.yml => publish-snapshot-docker.yml} (86%)
 rename .github/workflows/{publish-snapshot.yml => publish-snapshot-nexus.yml} (69%)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/publish-snapshot-docker.yml
similarity index 86%
rename from .github/workflows/docker-image.yml
rename to .github/workflows/publish-snapshot-docker.yml
index b403e46b5..5c9c04d27 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/publish-snapshot-docker.yml
@@ -15,22 +15,17 @@
 # limitations under the License.
 #
 
-name: Publish Docker image
+name: Publish Snapshot Docker Image
 
 on:
-  push:
-    branches:
-      - master
+  schedule:
+    - cron: '0 0 * * *'
 
 jobs:
   push_to_registry:
-    name: Push Docker image to Docker Hub
+    name: Push Snapshot Docker Image to Docker Hub
     if: ${{ startsWith(github.repository, 'apache/') }}
     runs-on: ubuntu-22.04
-    concurrency:
-      # this group should be global unique
-      group: push-docker-image
-      cancel-in-progress: true
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot-nexus.yml
similarity index 69%
rename from .github/workflows/publish-snapshot.yml
rename to .github/workflows/publish-snapshot-nexus.yml
index acd04bfab..0d4222b04 100644
--- a/.github/workflows/publish-snapshot.yml
+++ b/.github/workflows/publish-snapshot-nexus.yml
@@ -15,11 +15,11 @@
 # limitations under the License.
 #
 
-name: Publish Snapshot
+name: Publish Snapshot Nexus
 
 on:
   schedule:
-  - cron: '0 0 * * *'
+    - cron: '0 0 * * *'
 
 jobs:
   publish-snapshot:
@@ -41,19 +41,19 @@ jobs:
           - branch: branch-1.6
             profiles: -Pflink-provided,spark-provided,hive-provided,spark-3.3
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-      with:
-        ref: ${{ matrix.branch }}
-    - name: Setup JDK 8
-      uses: actions/setup-java@v3
-      with:
-        distribution: temurin
-        java-version: 8
-        cache: 'maven'
-        check-latest: false
-    - name: Publish snapshot - ${{ matrix.branch }}
-      env:
-        ASF_USERNAME: ${{ secrets.NEXUS_USER }}
-        ASF_PASSWORD: ${{ secrets.NEXUS_PW }}
-      run: ./build/mvn clean deploy -s ./build/release/asf-settings.xml -DskipTests ${{ matrix.profiles }}
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ matrix.branch }}
+      - name: Setup JDK 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 8
+          cache: 'maven'
+          check-latest: false
+      - name: Publish Snapshot Jar to Nexus - ${{ matrix.branch }}
+        env:
+          ASF_USERNAME: ${{ secrets.NEXUS_USER }}
+          ASF_PASSWORD: ${{ secrets.NEXUS_PW }}
+        run: build/mvn clean deploy -s build/release/asf-settings.xml -DskipTests ${{ matrix.profiles }}

From 5318585550bd1e0921e95fea10637d3fe4b04ea3 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 10 Feb 2023 12:25:57 +0800
Subject: [PATCH 040/760] [KYUUBI #4288] Use `eclipse-temurin:8-jdk-focal` as
 default base image

### _Why are the changes needed?_

eclipse-temurin is the successor for openjdk, see https://github.com/apache/spark/pull/37705

"The core change is: the OS of base image changes debian-bullseye to ubuntu-focal (based on debian bullseye)."

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4288 from pan3793/image.

Closes #4288

b7b619018 [Cheng Pan] Use eclipse-temurin:8-jdk-focal as default base image

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/Dockerfile                                       | 10 ++++++----
 docker/Dockerfile                                      |  7 ++++---
 tools/spark-block-cleaner/kubernetes/docker/Dockerfile |  3 ++-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index cd2d5077c..8ecc6c8b7 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -29,9 +29,9 @@
 
 # Declare the BASE_IMAGE argument in the first line, for more detail
 # see: https://github.com/moby/moby/issues/38379
-ARG BASE_IMAGE=openjdk:8-jdk
+ARG BASE_IMAGE=eclipse-temurin:8-jdk-focal
 
-FROM maven:3.6-jdk-8 as builder
+FROM eclipse-temurin:8-jdk-focal as builder
 
 ARG MVN_ARG
 
@@ -48,7 +48,8 @@ WORKDIR /workspace/kyuubi
 
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive \
-    apt-get install -y python3 && \
+    apt-get install -y bash python3 && \
+    ln -snf /bin/bash /bin/sh && \
     ./build/dist ${MVN_ARG} && \
     mv /workspace/kyuubi/dist /opt/kyuubi && \
     # Removing stuff saves time because docker creates a temporary layer
@@ -71,7 +72,8 @@ COPY --from=builder /opt/kyuubi ${KYUUBI_HOME}
 RUN set -ex && \
     apt-get update && \
     DEBIAN_FRONTEND=noninteractive \
-    apt install -y bash tini libc6 libpam-modules krb5-user libnss3 procps && \
+    apt-get install -y bash tini libc6 libpam-modules krb5-user libnss3 procps && \
+    ln -snf /bin/bash /bin/sh && \
     useradd -u ${kyuubi_uid} -g root kyuubi && \
     mkdir -p ${KYUUBI_HOME} ${KYUUBI_LOG_DIR} ${KYUUBI_PID_DIR} ${KYUUBI_WORK_DIR_ROOT} && \
     chmod ug+rw -R ${KYUUBI_HOME} && \
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 588f99b1f..190500825 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -24,7 +24,7 @@
 #     -t the target repo and tag name
 #     more options can be found with -h
 
-ARG BASE_IMAGE=openjdk:8-jre-slim
+ARG BASE_IMAGE=eclipse-temurin:8-jdk-focal
 ARG spark_provided="spark_builtin"
 
 FROM ${BASE_IMAGE} as builder_spark_provided
@@ -34,7 +34,7 @@ ONBUILD ENV SPARK_HOME ${spark_home_in_docker}
 FROM ${BASE_IMAGE} as builder_spark_builtin
 
 ONBUILD ENV SPARK_HOME /opt/spark
-ONBUILD RUN mkdir -p  ${SPARK_HOME}
+ONBUILD RUN mkdir -p ${SPARK_HOME}
 ONBUILD COPY spark-binary ${SPARK_HOME}
 
 FROM builder_${spark_provided}
@@ -50,7 +50,8 @@ ENV KYUUBI_WORK_DIR_ROOT ${KYUUBI_HOME}/work
 RUN set -ex && \
     sed -i 's/http:\/\/deb.\(.*\)/https:\/\/deb.\1/g' /etc/apt/sources.list && \
     apt-get update && \
-    apt install -y bash tini libc6 libpam-modules krb5-user libnss3 procps && \
+    apt-get install -y bash tini libc6 libpam-modules krb5-user libnss3 procps && \
+    ln -snf /bin/bash /bin/sh && \
     useradd -u ${kyuubi_uid} -g root kyuubi -d /home/kyuubi -m && \
     mkdir -p ${KYUUBI_HOME} ${KYUUBI_LOG_DIR} ${KYUUBI_PID_DIR} ${KYUUBI_WORK_DIR_ROOT} && \
     rm -rf /var/cache/apt/*
diff --git a/tools/spark-block-cleaner/kubernetes/docker/Dockerfile b/tools/spark-block-cleaner/kubernetes/docker/Dockerfile
index d039dc355..95a7b2cf8 100644
--- a/tools/spark-block-cleaner/kubernetes/docker/Dockerfile
+++ b/tools/spark-block-cleaner/kubernetes/docker/Dockerfile
@@ -14,10 +14,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM openjdk:8-jre-slim
+FROM eclipse-temurin:8-jdk-focal
 
 RUN apt-get update && \
     apt install -y tini && \
+    rm -rf /var/cache/apt/* && \
     mkdir /data && \
     mkdir -p /opt/block-cleaner && \
     mkdir -p /log/cleanerLog

From 547e5ca6176d386f5d8a8b9aadb9c285450f0e37 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 10 Feb 2023 13:04:24 +0800
Subject: [PATCH 041/760] [KYUUBI #4145] Change lock and polling seq_num path
 on service discovery

### _Why are the changes needed?_

This PR proposes to change the paths of distributed lock and seq_num(used for POLLING engine pool select policy) on the Service Discovery component. The reason is that namespace `${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_${engineType}/` should be dedicated to engine registration, we'd better use the separated namespace for other functionalities.

- lock path
```
# before
${serverSpace}_${shareLevel}_${engineType}/lock/${user}/${subdomain}

# after
${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_${engineType}_lock/${user}/${subdomain}
```

- seq_num
```
# before
${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_${engineType}/seq_num/${user}/${poolName}

# after
${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_${engineType}_seqNum/${user}/${poolName}
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4145 from pan3793/namespace.

Closes #4145

c912b3f66 [Cheng Pan] name
3326b9b95 [Cheng Pan] name
10083db0b [Cheng Pan] Change lock and polloing seq_num path on service discovery

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala |  2 +-
 .../ha/client/etcd/EtcdDiscoveryClient.scala  | 40 +++++++++----------
 .../zookeeper/ZookeeperDiscoveryClient.scala  | 40 +++++++++----------
 .../org/apache/kyuubi/engine/EngineRef.scala  | 10 ++---
 .../apache/kyuubi/engine/EngineRefTests.scala |  2 +-
 5 files changed, 46 insertions(+), 48 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index b46674d06..01bd46bd3 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1807,7 +1807,7 @@ object KyuubiConf {
     .intConf
     .createWithDefault(-1)
 
-  val ENGINE_POOL_BALANCE_POLICY: ConfigEntry[String] =
+  val ENGINE_POOL_SELECT_POLICY: ConfigEntry[String] =
     buildConf("kyuubi.engine.pool.selectPolicy")
       .doc("The select policy of an engine from the corresponding engine pool engine for " +
         "a session. <ul>" +
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
index ad3a0550c..80a70f2f2 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
@@ -90,7 +90,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def createClient(): Unit = {
+  override def createClient(): Unit = {
     client = buildClient()
     kvClient = client.getKVClient()
     lockClient = client.getLockClient()
@@ -99,13 +99,13 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     leaseTTL = conf.get(HighAvailabilityConf.HA_ETCD_LEASE_TIMEOUT) / 1000
   }
 
-  def closeClient(): Unit = {
+  override def closeClient(): Unit = {
     if (client != null) {
       client.close()
     }
   }
 
-  def create(path: String, mode: String, createParent: Boolean = true): String = {
+  override def create(path: String, mode: String, createParent: Boolean = true): String = {
     // createParent can not effect here
     mode match {
       case "PERSISTENT" => kvClient.put(
@@ -116,7 +116,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     path
   }
 
-  def getData(path: String): Array[Byte] = {
+  override def getData(path: String): Array[Byte] = {
     val response = kvClient.get(ByteSequence.from(path.getBytes())).get()
     if (response.getKvs.isEmpty) {
       throw new KyuubiException(s"Key[$path] not exists in ETCD, please check it.")
@@ -125,12 +125,12 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def setData(path: String, data: Array[Byte]): Boolean = {
+  override def setData(path: String, data: Array[Byte]): Boolean = {
     val response = kvClient.put(ByteSequence.from(path.getBytes), ByteSequence.from(data)).get()
     response != null
   }
 
-  def getChildren(path: String): List[String] = {
+  override def getChildren(path: String): List[String] = {
     val kvs = kvClient.get(
       ByteSequence.from(path.getBytes()),
       GetOption.newBuilder().isPrefix(true).build()).get().getKvs
@@ -142,25 +142,25 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def pathExists(path: String): Boolean = {
+  override def pathExists(path: String): Boolean = {
     !pathNonExists(path)
   }
 
-  def pathNonExists(path: String): Boolean = {
+  override def pathNonExists(path: String): Boolean = {
     kvClient.get(ByteSequence.from(path.getBytes())).get().getKvs.isEmpty
   }
 
-  def delete(path: String, deleteChildren: Boolean = false): Unit = {
+  override def delete(path: String, deleteChildren: Boolean = false): Unit = {
     kvClient.delete(
       ByteSequence.from(path.getBytes()),
       DeleteOption.newBuilder().isPrefix(deleteChildren).build()).get()
   }
 
-  def monitorState(serviceDiscovery: ServiceDiscovery): Unit = {
+  override def monitorState(serviceDiscovery: ServiceDiscovery): Unit = {
     // not need with etcd
   }
 
-  def tryWithLock[T](
+  override def tryWithLock[T](
       lockPath: String,
       timeout: Long)(f: => T): T = {
     // the default unit is millis, covert to seconds.
@@ -195,7 +195,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def getServerHost(namespace: String): Option[(String, Int)] = {
+  override def getServerHost(namespace: String): Option[(String, Int)] = {
     // TODO: use last one because to avoid touching some maybe-crashed engines
     // We need a big improvement here.
     getServiceNodesInfo(namespace, Some(1), silent = true) match {
@@ -204,7 +204,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def getEngineByRefId(
+  override def getEngineByRefId(
       namespace: String,
       engineRefId: String): Option[(String, Int)] = {
     getServiceNodesInfo(namespace, silent = true)
@@ -212,7 +212,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
       .map(data => (data.host, data.port))
   }
 
-  def getServiceNodesInfo(
+  override def getServiceNodesInfo(
       namespace: String,
       sizeOpt: Option[Int] = None,
       silent: Boolean = false): Seq[ServiceNodeInfo] = {
@@ -241,7 +241,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def registerService(
+  override def registerService(
       conf: KyuubiConf,
       namespace: String,
       serviceDiscovery: ServiceDiscovery,
@@ -267,7 +267,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def deregisterService(): Unit = {
+  override def deregisterService(): Unit = {
     // close the EPHEMERAL_SEQUENTIAL node in etcd
     if (serviceNode != null) {
       if (serviceNode.lease != LEASE_NULL_VALUE) {
@@ -278,7 +278,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def postDeregisterService(namespace: String): Boolean = {
+  override def postDeregisterService(namespace: String): Boolean = {
     if (namespace != null) {
       delete(DiscoveryPaths.makePath(null, namespace), true)
       true
@@ -287,7 +287,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def createAndGetServiceNode(
+  override def createAndGetServiceNode(
       conf: KyuubiConf,
       namespace: String,
       instance: String,
@@ -297,7 +297,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
   }
 
   @VisibleForTesting
-  def startSecretNode(
+  override def startSecretNode(
       createMode: String,
       basePath: String,
       initData: String,
@@ -307,7 +307,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
       ByteSequence.from(initData.getBytes())).get()
   }
 
-  def getAndIncrement(path: String, delta: Int = 1): Int = {
+  override def getAndIncrement(path: String, delta: Int = 1): Int = {
     val lockPath = s"${path}_tmp_for_lock"
     tryWithLock(lockPath, 60 * 1000) {
       if (pathNonExists(path)) {
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
index 1315cf029..daa27047e 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
@@ -66,17 +66,17 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
   @volatile private var serviceNode: PersistentNode = _
   private var watcher: DeRegisterWatcher = _
 
-  def createClient(): Unit = {
+  override def createClient(): Unit = {
     zkClient.start()
   }
 
-  def closeClient(): Unit = {
+  override def closeClient(): Unit = {
     if (zkClient != null) {
       zkClient.close()
     }
   }
 
-  def create(path: String, mode: String, createParent: Boolean = true): String = {
+  override def create(path: String, mode: String, createParent: Boolean = true): String = {
     val builder =
       if (createParent) zkClient.create().creatingParentsIfNeeded() else zkClient.create()
     builder
@@ -84,27 +84,27 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
       .forPath(path)
   }
 
-  def getData(path: String): Array[Byte] = {
+  override def getData(path: String): Array[Byte] = {
     zkClient.getData.forPath(path)
   }
 
-  def setData(path: String, data: Array[Byte]): Boolean = {
+  override def setData(path: String, data: Array[Byte]): Boolean = {
     zkClient.setData().forPath(path, data) != null
   }
 
-  def getChildren(path: String): List[String] = {
+  override def getChildren(path: String): List[String] = {
     zkClient.getChildren.forPath(path).asScala.toList
   }
 
-  def pathExists(path: String): Boolean = {
+  override def pathExists(path: String): Boolean = {
     zkClient.checkExists().forPath(path) != null
   }
 
-  def pathNonExists(path: String): Boolean = {
+  override def pathNonExists(path: String): Boolean = {
     zkClient.checkExists().forPath(path) == null
   }
 
-  def delete(path: String, deleteChildren: Boolean = false): Unit = {
+  override def delete(path: String, deleteChildren: Boolean = false): Unit = {
     if (deleteChildren) {
       zkClient.delete().deletingChildrenIfNeeded().forPath(path)
     } else {
@@ -112,7 +112,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def monitorState(serviceDiscovery: ServiceDiscovery): Unit = {
+  override def monitorState(serviceDiscovery: ServiceDiscovery): Unit = {
     zkClient
       .getConnectionStateListenable.addListener(new ConnectionStateListener {
         private val isConnected = new AtomicBoolean(false)
@@ -141,7 +141,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
       })
   }
 
-  def tryWithLock[T](lockPath: String, timeout: Long)(f: => T): T = {
+  override def tryWithLock[T](lockPath: String, timeout: Long)(f: => T): T = {
     var lock: InterProcessSemaphoreMutex = null
     try {
       try {
@@ -189,7 +189,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def getServerHost(namespace: String): Option[(String, Int)] = {
+  override def getServerHost(namespace: String): Option[(String, Int)] = {
     // TODO: use last one because to avoid touching some maybe-crashed engines
     // We need a big improvement here.
     getServiceNodesInfo(namespace, Some(1), silent = true) match {
@@ -198,7 +198,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def getEngineByRefId(
+  override def getEngineByRefId(
       namespace: String,
       engineRefId: String): Option[(String, Int)] = {
     getServiceNodesInfo(namespace, silent = true)
@@ -206,7 +206,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
       .map(data => (data.host, data.port))
   }
 
-  def getServiceNodesInfo(
+  override def getServiceNodesInfo(
       namespace: String,
       sizeOpt: Option[Int] = None,
       silent: Boolean = false): Seq[ServiceNodeInfo] = {
@@ -235,7 +235,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def registerService(
+  override def registerService(
       conf: KyuubiConf,
       namespace: String,
       serviceDiscovery: ServiceDiscovery,
@@ -254,7 +254,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     watchNode()
   }
 
-  def deregisterService(): Unit = {
+  override def deregisterService(): Unit = {
     // close the EPHEMERAL_SEQUENTIAL node in zk
     if (serviceNode != null) {
       try {
@@ -268,7 +268,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def postDeregisterService(namespace: String): Boolean = {
+  override def postDeregisterService(namespace: String): Boolean = {
     if (namespace != null) {
       try {
         delete(namespace, true)
@@ -283,7 +283,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     }
   }
 
-  def createAndGetServiceNode(
+  override def createAndGetServiceNode(
       conf: KyuubiConf,
       namespace: String,
       instance: String,
@@ -293,7 +293,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
   }
 
   @VisibleForTesting
-  def startSecretNode(
+  override def startSecretNode(
       createMode: String,
       basePath: String,
       initData: String,
@@ -307,7 +307,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     secretNode.start()
   }
 
-  def getAndIncrement(path: String, delta: Int = 1): Int = {
+  override def getAndIncrement(path: String, delta: Int = 1): Int = {
     val dai = new DistributedAtomicInteger(zkClient, path, new RetryForever(1000))
     var atomicVal: AtomicValue[Integer] = null
     do {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 565f41ff2..84b7707e8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -74,7 +74,7 @@ private[kyuubi] class EngineRef(
 
   private val enginePoolIgnoreSubdomain: Boolean = conf.get(ENGINE_POOL_IGNORE_SUBDOMAIN)
 
-  private val enginePoolBalancePolicy: String = conf.get(ENGINE_POOL_BALANCE_POLICY)
+  private val enginePoolSelectPolicy: String = conf.get(ENGINE_POOL_SELECT_POLICY)
 
   // In case the multi kyuubi instances have the small gap of timeout, here we add
   // a small amount of time for timeout
@@ -97,12 +97,11 @@ private[kyuubi] class EngineRef(
         warn(s"Request engine pool size($clientPoolSize) exceeds, fallback to " +
           s"system threshold $poolThreshold")
       }
-      val seqNum = enginePoolBalancePolicy match {
+      val seqNum = enginePoolSelectPolicy match {
         case "POLLING" =>
           val snPath =
             DiscoveryPaths.makePath(
-              s"${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_$engineType",
-              "seq_num",
+              s"${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_${engineType}_seqNum",
               appUser,
               clientPoolName)
           DiscoveryClientProvider.withDiscoveryClient(conf) { client =>
@@ -159,8 +158,7 @@ private[kyuubi] class EngineRef(
       case _ =>
         val lockPath =
           DiscoveryPaths.makePath(
-            s"${serverSpace}_${shareLevel}_$engineType",
-            "lock",
+            s"${serverSpace}_${KYUUBI_VERSION}_${shareLevel}_${engineType}_lock",
             appUser,
             subdomain)
         discoveryClient.tryWithLock(
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
index 5d8ae3177..5ca8723f5 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
@@ -204,7 +204,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     conf.set(ENGINE_POOL_NAME, pool_name)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "engine_test")
     conf.set(HighAvailabilityConf.HA_ADDRESSES, getConnectString())
-    conf.set(ENGINE_POOL_BALANCE_POLICY, "POLLING")
+    conf.set(ENGINE_POOL_SELECT_POLICY, "POLLING")
     (0 until (10)).foreach { i =>
       val engine7 = new EngineRef(conf, user, "grp", id, null)
       val engineNumber = Integer.parseInt(engine7.subdomain.substring(pool_name.length + 1))

From 255b110392bf03be60033b2701b9e49125f6d74f Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Fri, 10 Feb 2023 13:05:17 +0800
Subject: [PATCH 042/760] [KYUUBI #4296] Bump Spark in spark-master profile
 from 3.4.0-SNAPSHOT to 3.5.0-SNAPSHOT

### _Why are the changes needed?_

https://github.com/apache/spark/pull/39733

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4296 from cfmcgrady/spark-3.5.0-SNAPSHOT.

Closes #4296

e16e3f1b0 [Fu Chen] bump spark from 3.4.0-SNAPSHOT to 3.5.0-SNAPSHOT

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e4ca73d69..9afc0cf1d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2308,7 +2308,7 @@
         <profile>
             <id>spark-master</id>
             <properties>
-                <spark.version>3.4.0-SNAPSHOT</spark.version>
+                <spark.version>3.5.0-SNAPSHOT</spark.version>
                 <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
                 <threeten.version>1.7.0</threeten.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>

From 708d982eb90f2b3e915d3e9ec9fda10932469d9a Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Fri, 10 Feb 2023 14:28:14 +0800
Subject: [PATCH 043/760] [KYUUBI #4184][SUBTASK-1] Refactor
 docker-image-tool.sh

### _Why are the changes needed?_

See more in  #4184

This subtask remove build kyuubi docker image from dev mode(source code).

In follow subtask, will add feature build kyuubi docker image from source code.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4217 from zwangsheng/tool/docker-image-tool.

Closes #4184

34c866025 [zwangsheng] Add +x premission for docker-image-tool
97b404db7 [zwangsheng] Copy download spark binary
6f267e221 [zwangsheng] Refactor docker-image-tool.sh

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 bin/docker-image-tool.sh | 71 +++++++++++++---------------------------
 1 file changed, 22 insertions(+), 49 deletions(-)

diff --git a/bin/docker-image-tool.sh b/bin/docker-image-tool.sh
index e9e4338b5..f3efc8bf5 100755
--- a/bin/docker-image-tool.sh
+++ b/bin/docker-image-tool.sh
@@ -27,19 +27,21 @@ function error {
 if [ -z "${KYUUBI_HOME}" ]; then
   KYUUBI_HOME="$(cd "`dirname "$0"`"/..; pwd)"
 fi
-
-CTX_DIR="$KYUUBI_HOME/target/tmp/docker"
+KYUUBI_IMAGE_NAME="kyuubi"
 
 function is_dev_build {
   [ ! -f "$KYUUBI_HOME/RELEASE" ]
 }
 
-function cleanup_ctx_dir {
-  if is_dev_build; then
-    rm -rf "$CTX_DIR"
-  fi
-}
-trap cleanup_ctx_dir EXIT
+if is_dev_build; then
+  cat <<EOF
+  Current docker-image-tool.sh only support build docker image from binary package.
+  You can download Kyuubi binary package from kyuubi web-sit https://kyuubi.apache.org/releases.html.
+  Or you can build binary from source code with $KYUUBI_HOME/build/dist, find more detail about build binary in that script
+
+EOF
+  exit 1
+fi
 
 function image_ref {
   local image="$1"
@@ -77,44 +79,13 @@ function resolve_file {
   echo $FILE
 }
 
-# Create a smaller build context for docker in dev builds to make the build faster. Docker
-# uploads all of the current directory to the daemon, and it can get pretty big with dev
-# builds that contain test log files and other artifacts.
-#
-# Note: docker does not support symlinks in the build context.
-function create_dev_build_context {(
-  set -e
-  local BASE_CTX="$CTX_DIR/base"
-  mkdir -p "$BASE_CTX/docker"
-  cp -r "docker/" "$BASE_CTX/docker"
-
-  cp -r "kyuubi-assembly/target/scala-${KYUUBI_SCALA_VERSION}/jars" "$BASE_CTX/jars"
-
-  mkdir -p "$BASE_CTX/externals/engines/spark"
-  cp "$KYUUBI_HOME/externals/kyuubi-spark-sql-engine/target/kyuubi-spark-sql-engine_${KYUUBI_SCALA_VERSION}-${KYUUBI_VERSION}.jar" "$BASE_CTX/externals/engines/spark"
-
-  for other in bin conf; do
-    cp -r "$other" "$BASE_CTX/$other"
-  done
-)}
-
 function img_ctx_dir {
-  if is_dev_build; then
-    echo "$CTX_DIR/$1"
-  else
-    echo "$KYUUBI_HOME"
-  fi
+  echo "$KYUUBI_HOME"
 }
 
 function build {
   local BUILD_ARGS
   local KYUUBI_ROOT="$KYUUBI_HOME"
-
-  if is_dev_build; then
-    create_dev_build_context || error "Failed to create docker build context."
-    KYUUBI_ROOT="$CTX_DIR/base"
-  fi
-
   local BUILD_ARGS=(${BUILD_PARAMS})
 
   # mkdir spark-binary to cache spark
@@ -133,25 +104,27 @@ function build {
     BUILD_ARGS+=(--build-arg spark_provided="spark_provided")
   else
     if [[ ! -d "$SPARK_HOME" ]]; then
-      error "Cannot found dir $SPARK_HOME, you must configure SPARK_HOME correct."
+      if [[ -d "$KYUUBI_ROOT/externals/spark-*" ]]; then
+        SPARK_HOME="$(find "$KYUUBI_ROOT/externals" -name 'spark-*' -type d)"
+      else
+        error "Cannot found dir SPARK_HOME $SPARK_HOME, you must configure SPARK_HOME correct."
+      fi
     fi
     cp -r "$SPARK_HOME/" "$KYUUBI_ROOT/spark-binary/"
   fi
 
   # Verify that the Docker image content directory is present
   if [ ! -d "$KYUUBI_ROOT/docker" ]; then
-    error "Cannot find docker image. This script must be run from a runnable distribution of Apache Kyuubi."
+    error "Can't find Kyuubi docker context $KYUUBI_ROOT/docker, please check whether the binary package is complete."
   fi
 
-  # Verify that Kyuubi has actually been built/is a runnable distribution
-  # i.e. the Kyuubi JARs that the Docker files will place into the image are present
+  # Verify that that Kyuubi need JARS is present
   local TOTAL_JARS=$(ls $KYUUBI_ROOT/jars/kyuubi-* | wc -l)
   TOTAL_JARS=$(( $TOTAL_JARS ))
   if [ "${TOTAL_JARS}" -eq 0 ]; then
-    error "Cannot find Kyuubi JARs. This script assumes that Apache Kyuubi has first been built locally or this is a runnable distribution."
+    error "Cannot find Kyuubi JARs. Please check whether the binary package is complete."
   fi
 
-  # If a custom Kyuubi_UID was set add it to build arguments
   if [ -n "$KYUUBI_UID" ]; then
     BUILD_ARGS+=(--build-arg kyuubi_uid=$KYUUBI_UID)
   fi
@@ -160,20 +133,20 @@ function build {
   local ARCHS=${ARCHS:-"--platform linux/amd64,linux/arm64"}
 
   (cd $(img_ctx_dir base) && docker build $NOCACHEARG "${BUILD_ARGS[@]}" \
-    -t $(image_ref kyuubi) \
+    -t $(image_ref $KYUUBI_IMAGE_NAME) \
     -f "$BASEDOCKERFILE" .)
   if [ $? -ne 0 ]; then
     error "Failed to build Kyuubi JVM Docker image, please refer to Docker build output for details."
   fi
   if [ "${CROSS_BUILD}" != "false" ]; then
   (cd $(img_ctx_dir base) && docker buildx build $ARCHS $NOCACHEARG "${BUILD_ARGS[@]}" --push \
-    -t $(image_ref kyuubi) \
+    -t $(image_ref $KYUUBI_IMAGE_NAME) \
     -f "$BASEDOCKERFILE" .)
   fi
 }
 
 function push {
-  docker_push "kyuubi"
+  docker_push $KYUUBI_IMAGE_NAME
 }
 
 function usage {

From 4e226ac3ccae11551e34a1ef975924ec65ba8573 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 10 Feb 2023 15:25:49 +0800
Subject: [PATCH 044/760] Bump 1.8.0-SNAPSHOT

---
 dev/kyuubi-codecov/pom.xml                                   | 2 +-
 dev/kyuubi-tpcds/pom.xml                                     | 2 +-
 extensions/server/kyuubi-server-plugin/pom.xml               | 2 +-
 extensions/spark/kyuubi-extension-spark-3-1/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-2/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-3/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-common/pom.xml       | 2 +-
 extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml | 2 +-
 extensions/spark/kyuubi-spark-authz/pom.xml                  | 2 +-
 extensions/spark/kyuubi-spark-connector-common/pom.xml       | 2 +-
 extensions/spark/kyuubi-spark-connector-hive/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-connector-kudu/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-connector-tpcds/pom.xml        | 2 +-
 extensions/spark/kyuubi-spark-connector-tpch/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-lineage/pom.xml                | 2 +-
 externals/kyuubi-download/pom.xml                            | 2 +-
 externals/kyuubi-flink-sql-engine/pom.xml                    | 2 +-
 externals/kyuubi-hive-sql-engine/pom.xml                     | 2 +-
 externals/kyuubi-jdbc-engine/pom.xml                         | 2 +-
 externals/kyuubi-spark-sql-engine/pom.xml                    | 2 +-
 externals/kyuubi-trino-engine/pom.xml                        | 2 +-
 integration-tests/kyuubi-flink-it/pom.xml                    | 2 +-
 integration-tests/kyuubi-hive-it/pom.xml                     | 2 +-
 integration-tests/kyuubi-jdbc-it/pom.xml                     | 2 +-
 integration-tests/kyuubi-kubernetes-it/pom.xml               | 2 +-
 integration-tests/kyuubi-trino-it/pom.xml                    | 2 +-
 integration-tests/kyuubi-zookeeper-it/pom.xml                | 2 +-
 integration-tests/pom.xml                                    | 2 +-
 kyuubi-assembly/pom.xml                                      | 2 +-
 kyuubi-common/pom.xml                                        | 2 +-
 kyuubi-ctl/pom.xml                                           | 2 +-
 kyuubi-events/pom.xml                                        | 2 +-
 kyuubi-ha/pom.xml                                            | 2 +-
 kyuubi-hive-beeline/pom.xml                                  | 2 +-
 kyuubi-hive-jdbc-shaded/pom.xml                              | 2 +-
 kyuubi-hive-jdbc/pom.xml                                     | 2 +-
 kyuubi-metrics/pom.xml                                       | 2 +-
 kyuubi-rest-client/pom.xml                                   | 2 +-
 kyuubi-server/pom.xml                                        | 2 +-
 kyuubi-zookeeper/pom.xml                                     | 2 +-
 pom.xml                                                      | 2 +-
 tools/spark-block-cleaner/pom.xml                            | 2 +-
 42 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index 1d1dcb574..ba15ec0f8 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/dev/kyuubi-tpcds/pom.xml b/dev/kyuubi-tpcds/pom.xml
index 2921cbe8b..1bc69f9f2 100644
--- a/dev/kyuubi-tpcds/pom.xml
+++ b/dev/kyuubi-tpcds/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/server/kyuubi-server-plugin/pom.xml b/extensions/server/kyuubi-server-plugin/pom.xml
index b7dfe0ae8..799f27c46 100644
--- a/extensions/server/kyuubi-server-plugin/pom.xml
+++ b/extensions/server/kyuubi-server-plugin/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
index 5bd4b2fd5..9f218f9d0 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
index daab162b7..a80040aca 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
index cc8291213..ca729a781 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-common/pom.xml b/extensions/spark/kyuubi-extension-spark-common/pom.xml
index 2c587fd78..6d4bd1443 100644
--- a/extensions/spark/kyuubi-extension-spark-common/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-common/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
index 5588805e9..48c4c4379 100644
--- a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
 
     </parent>
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index d537e5a1c..84f76e49e 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
 
     </parent>
diff --git a/extensions/spark/kyuubi-spark-connector-common/pom.xml b/extensions/spark/kyuubi-spark-connector-common/pom.xml
index e9fa8fcb4..1cba0ccdd 100644
--- a/extensions/spark/kyuubi-spark-connector-common/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-common/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/pom.xml b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
index a97dfa053..37e3d8409 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/pom.xml b/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
index f3d667fce..97356cd93 100644
--- a/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
index 53557aea3..e9b867739 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
index 4625cdf1a..5b418e200 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index 74c05299d..c8f9b30bd 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-download/pom.xml b/externals/kyuubi-download/pom.xml
index b0479f7ed..ce9ba2014 100644
--- a/externals/kyuubi-download/pom.xml
+++ b/externals/kyuubi-download/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index c93993607..4d7167c1c 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-hive-sql-engine/pom.xml b/externals/kyuubi-hive-sql-engine/pom.xml
index 1dbc31947..0319d3dd2 100644
--- a/externals/kyuubi-hive-sql-engine/pom.xml
+++ b/externals/kyuubi-hive-sql-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-jdbc-engine/pom.xml b/externals/kyuubi-jdbc-engine/pom.xml
index 8853cec64..4bcc4fb60 100644
--- a/externals/kyuubi-jdbc-engine/pom.xml
+++ b/externals/kyuubi-jdbc-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 3d3259c80..5b227cb5e 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-trino-engine/pom.xml b/externals/kyuubi-trino-engine/pom.xml
index 7e2f67370..7aea8f33a 100644
--- a/externals/kyuubi-trino-engine/pom.xml
+++ b/externals/kyuubi-trino-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml
index 7f9a84a85..8ccc14e5e 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-hive-it/pom.xml b/integration-tests/kyuubi-hive-it/pom.xml
index 8b9813a2b..ff9a6b35e 100644
--- a/integration-tests/kyuubi-hive-it/pom.xml
+++ b/integration-tests/kyuubi-hive-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-jdbc-it/pom.xml b/integration-tests/kyuubi-jdbc-it/pom.xml
index 0aef12fb3..2d95de78e 100644
--- a/integration-tests/kyuubi-jdbc-it/pom.xml
+++ b/integration-tests/kyuubi-jdbc-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-kubernetes-it/pom.xml b/integration-tests/kyuubi-kubernetes-it/pom.xml
index cb04e73c1..ef56a770f 100644
--- a/integration-tests/kyuubi-kubernetes-it/pom.xml
+++ b/integration-tests/kyuubi-kubernetes-it/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration-tests/kyuubi-trino-it/pom.xml b/integration-tests/kyuubi-trino-it/pom.xml
index e62e58d1d..107d621b0 100644
--- a/integration-tests/kyuubi-trino-it/pom.xml
+++ b/integration-tests/kyuubi-trino-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-zookeeper-it/pom.xml b/integration-tests/kyuubi-zookeeper-it/pom.xml
index eaeff5898..bded1585b 100644
--- a/integration-tests/kyuubi-zookeeper-it/pom.xml
+++ b/integration-tests/kyuubi-zookeeper-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index 4e3431afb..b6a48daae 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>integration-tests</artifactId>
diff --git a/kyuubi-assembly/pom.xml b/kyuubi-assembly/pom.xml
index 725126f84..0524470a2 100644
--- a/kyuubi-assembly/pom.xml
+++ b/kyuubi-assembly/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index 61ae4c0e7..d62761d72 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-ctl/pom.xml b/kyuubi-ctl/pom.xml
index aa1e8f2e4..eb4060ffd 100644
--- a/kyuubi-ctl/pom.xml
+++ b/kyuubi-ctl/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-events/pom.xml b/kyuubi-events/pom.xml
index a8030eb83..b97e9dffb 100644
--- a/kyuubi-events/pom.xml
+++ b/kyuubi-events/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-ha/pom.xml b/kyuubi-ha/pom.xml
index 8d7246eff..b4605b6a1 100644
--- a/kyuubi-ha/pom.xml
+++ b/kyuubi-ha/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-hive-beeline/pom.xml b/kyuubi-hive-beeline/pom.xml
index 76753b38d..151616243 100644
--- a/kyuubi-hive-beeline/pom.xml
+++ b/kyuubi-hive-beeline/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-hive-beeline</artifactId>
diff --git a/kyuubi-hive-jdbc-shaded/pom.xml b/kyuubi-hive-jdbc-shaded/pom.xml
index 0bfe88922..1a6f258b0 100644
--- a/kyuubi-hive-jdbc-shaded/pom.xml
+++ b/kyuubi-hive-jdbc-shaded/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-hive-jdbc-shaded</artifactId>
diff --git a/kyuubi-hive-jdbc/pom.xml b/kyuubi-hive-jdbc/pom.xml
index 4d9648e75..7b45c27bb 100644
--- a/kyuubi-hive-jdbc/pom.xml
+++ b/kyuubi-hive-jdbc/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-hive-jdbc</artifactId>
diff --git a/kyuubi-metrics/pom.xml b/kyuubi-metrics/pom.xml
index b8ba40f47..2edeb73c7 100644
--- a/kyuubi-metrics/pom.xml
+++ b/kyuubi-metrics/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-metrics_2.12</artifactId>
diff --git a/kyuubi-rest-client/pom.xml b/kyuubi-rest-client/pom.xml
index 28b1670f1..0af949125 100644
--- a/kyuubi-rest-client/pom.xml
+++ b/kyuubi-rest-client/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-rest-client</artifactId>
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 4dd89e0e6..f14d2baa3 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-server_2.12</artifactId>
diff --git a/kyuubi-zookeeper/pom.xml b/kyuubi-zookeeper/pom.xml
index f97f4c0eb..cd3e017cd 100644
--- a/kyuubi-zookeeper/pom.xml
+++ b/kyuubi-zookeeper/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-zookeeper_2.12</artifactId>
diff --git a/pom.xml b/pom.xml
index 9afc0cf1d..6aae60a8f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
 
     <groupId>org.apache.kyuubi</groupId>
     <artifactId>kyuubi-parent</artifactId>
-    <version>1.7.0-SNAPSHOT</version>
+    <version>1.8.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>Kyuubi Project Parent</name>
diff --git a/tools/spark-block-cleaner/pom.xml b/tools/spark-block-cleaner/pom.xml
index e42f1cd96..02e682c3a 100644
--- a/tools/spark-block-cleaner/pom.xml
+++ b/tools/spark-block-cleaner/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

From d862272645dab08878c8f99158977b622227e784 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 10 Feb 2023 16:19:45 +0800
Subject: [PATCH 045/760] [KYUUBI #4274] [INFRA] Introduce `mvnd`  to speed up
 CI jobs of Dependency, Licence and Style Check

### _Why are the changes needed?_

#### Motivation:
- speed up maven building and testing with `mvnd` (https://github.com/apache/maven-mvnd). `mvnd` itself embeds exactly the same distribution of maven with more improvements and features on the client side and compilation server in daemon mode.
- also inspired by custom github action for mvnd installing in Apache Camel (https://github.com/apache/camel/blob/main/.github/actions/install-mvnd/action.yml)

#### Changes in this PR:
- introducing `mvnd` by adding `build/mvnd` script
- use `mvnd` version `0.9.0` which embeds  `maven` 3.8.7. The maven version embedded in `mvnd` is also check and guaranteed  the same as maven version required in pom by `build/mvnd` script.
- use mvnd in CI jobs of Depedency Check and Style Check

#### Comparision
- CI jobs
(both with maven dependencies cached in local repo)

Job | with `build/mvn` | with `build/mvnd`
--- | --- | ---
Dependency Check | 9min1sec;[see log](https://github.com/apache/kyuubi/actions/runs/3966175262/jobs/6796688187) | 6min 46 sec ; [see log](https://github.com/apache/kyuubi/actions/runs/4124518481/jobs/7123867015)
Style Check | 10min32sec ; [see log](https://github.com/apache/kyuubi/actions/runs/4122613274/jobs/7119603428)  | 7min50s ; [see log](https://github.com/apache/kyuubi/actions/runs/4125013599/jobs/7125006946)
Licence Check | 32s ; [see log](https://github.com/apache/kyuubi/actions/runs/4130799867/jobs/7137835062) | 21s ; [see log](https://github.com/apache/kyuubi/actions/runs/4130923126/jobs/7138088114)

- building entire maven project on local machine (skipping test running and style checking with `fast` profile)

`build/mvnd clean install -Pfast`
<img width="645" alt="Pasted Graphic" src="https://user-images.githubusercontent.com/1935105/217001594-52dfd19d-6c57-4bc4-8336-90bb0c030bd4.png">

`build/mvn clean install -Pfast`
<img width="643" alt="Pasted Graphic 1" src="https://user-images.githubusercontent.com/1935105/217001619-c2ebe7e3-bd14-4f5c-bb02-2ae4ae99cf7f.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4274 from bowenliang123/ci-mvnd.

Closes #4274

380c1c9ea [liangbowen] update cache key
a93bba7b7 [liangbowen] style
bc8da133e [Bowen Liang] Merge branch 'master' into ci-mvnd
97becc035 [liangbowen] add `build/maven-mvnd-*/**` to rat-excludes
5b61f50b9 [liangbowen] apply mvnd to license check
7be181d0f [liangbowen] typo in build/mvnd
c52861df8 [liangbowen] update
f6d0eb28c [liangbowen] introduce mvnd

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/actions/setup-mvnd/action.yaml |  32 ++++++
 .github/workflows/dep.yml              |   5 +-
 .github/workflows/license.yml          |   4 +-
 .github/workflows/style.yml            |  16 +--
 .gitignore                             |   1 +
 .rat-excludes                          |   1 +
 build/mvnd                             | 134 +++++++++++++++++++++++++
 pom.xml                                |   1 +
 8 files changed, 185 insertions(+), 9 deletions(-)
 create mode 100644 .github/actions/setup-mvnd/action.yaml
 create mode 100755 build/mvnd

diff --git a/.github/actions/setup-mvnd/action.yaml b/.github/actions/setup-mvnd/action.yaml
new file mode 100644
index 000000000..d7497e332
--- /dev/null
+++ b/.github/actions/setup-mvnd/action.yaml
@@ -0,0 +1,32 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: 'setup-mvnd'
+description: 'Setup the maven daemon'
+runs:
+  using: composite
+  steps:
+    - name: Cache Mvnd
+      uses: actions/cache@v3
+      with:
+        path: |
+          build/maven-mvnd-*
+          build/apache-maven-*
+        key: setup-mvnd-${{ runner.os }}-mvnd
+    - name: Check Mvnd
+      run: build/mvnd -v
+      shell: bash
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index 16475ce0f..dc94e4ea7 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -26,6 +26,7 @@ on:
       # when pom or dependency workflow changes
       - '**/pom.xml'
       - '.github/workflows/dep.yml'
+      - .github/actions/setup-mvnd/*.yaml
 
 concurrency:
   group: dep-${{ github.head_ref || github.run_id }}
@@ -44,11 +45,13 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: build
         env:
           MAVEN_OPTS: -Dorg.slf4j.simpleLogger.defaultLogLevel=error
         run: >-
-          build/mvn clean install
+          build/mvnd clean install
           -Pflink-provided,spark-provided,hive-provided
           -Dmaven.javadoc.skip=true
           -Drat.skip=true
diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index 17591dacb..a490def91 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -42,8 +42,10 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Mvnd
+        uses: ./.github/actions/setup-mvnd
       - run: >-
-          build/mvn org.apache.rat:apache-rat-plugin:check
+          build/mvnd org.apache.rat:apache-rat-plugin:check
           -Ptpcds -Pspark-block-cleaner -Pkubernetes-it
           -Pspark-3.1 -Pspark-3.2 -Pspark-3.3
       - name: Upload rat report
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index f9307e529..9ff484824 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -45,14 +45,16 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Setup Python 3
         uses: actions/setup-python@v4
         with:
           python-version: '3.9'
           cache: 'pip'
-      - name: Check kyuubi modules avaliable
+      - name: Check kyuubi modules available
         id: modules-check
-        run: build/mvn dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true ${{ matrix.profiles }}
+        run: build/mvnd dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true ${{ matrix.profiles }}
         continue-on-error: true
 
       - name: Install
@@ -61,13 +63,13 @@ jobs:
         if: steps.modules-check.conclusion == 'success' && steps.modules-check.outcome == 'failure'
         run: |
           MVN_OPT="-DskipTests -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip"
-          build/mvn clean install ${MVN_OPT} -Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.2,tpcds
-          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
-          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-kudu,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
+          build/mvnd clean install ${MVN_OPT} -Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.2,tpcds
+          build/mvnd clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
+          build/mvnd clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-kudu,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
 
       - name: Scalastyle with maven
         id: scalastyle-check
-        run: build/mvn scalastyle:check ${{ matrix.profiles }}
+        run: build/mvnd scalastyle:check ${{ matrix.profiles }}
       - name: Print scalastyle error report
         if: failure() && steps.scalastyle-check.outcome != 'success'
         run: >-
@@ -81,7 +83,7 @@ jobs:
         run: |
           SPOTLESS_BLACK_VERSION=$(build/mvn help:evaluate -Dexpression=spotless.python.black.version -q -DforceStdout)
           pip install black==$SPOTLESS_BLACK_VERSION
-          build/mvn spotless:check ${{ matrix.profiles }} -Pspotless-python
+          build/mvnd spotless:check ${{ matrix.profiles }} -Pspotless-python
       - name: setup npm
         uses: actions/setup-node@v3
         with:
diff --git a/.gitignore b/.gitignore
index bbdd246c4..bb2df4fd0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,6 +40,7 @@
 .scala_dependencies
 .settings
 build/apache-maven*
+build/maven-mvnd*
 build/release/tmp
 build/scala*
 build/test
diff --git a/.rat-excludes b/.rat-excludes
index 86c38ec99..2906e7cea 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -32,6 +32,7 @@
 NOTICE*
 docs/**
 build/apache-maven-*/**
+build/maven-mvnd-*/**
 build/scala-*/**
 **/**/operation_logs/**/**
 **/**/server_operation_logs/**/**
diff --git a/build/mvnd b/build/mvnd
new file mode 100755
index 000000000..493ee43ad
--- /dev/null
+++ b/build/mvnd
@@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Determine the current working directory
+_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# Preserve the calling directory
+_CALLING_DIR="$(pwd)"
+# Options used during compilation
+_COMPILE_JVM_OPTS="-Xms2g -Xmx2g -XX:ReservedCodeCacheSize=1g -Xss128m"
+
+if [ "$CI" ]; then
+  export MAVEN_CLI_OPTS="--no-transfer-progress --errors --fail-fast"
+fi
+
+# Installs any application tarball given a URL, the expected tarball name,
+# and, optionally, a checkable binary path to determine if the binary has
+# already been installed
+## Arg1 - URL
+## Arg2 - Tarball Name
+## Arg3 - Checkable Binary
+install_app() {
+  local remote_tarball="$1/$2"
+  local local_tarball="${_DIR}/$2"
+  local binary="${_DIR}/$3"
+
+  # setup `curl` and `wget` silent options if we're running on Jenkins
+  local curl_opts="-L"
+  local wget_opts=""
+  curl_opts="--progress-bar ${curl_opts}"
+  wget_opts="--progress=bar:force ${wget_opts}"
+
+  if [ -z "$3" ] || [ ! -f "$binary" ]; then
+    # check if we already have the tarball
+    # check if we have curl installed
+    # download application
+    rm -f "$local_tarball"
+    [ ! -f "${local_tarball}" ] && [ "$(command -v curl)" ] && \
+      echo "exec: curl ${curl_opts} ${remote_tarball}" 1>&2 && \
+      curl ${curl_opts} "${remote_tarball}" > "${local_tarball}"
+    # if the file still doesn't exist, lets try `wget` and cross our fingers
+    [ ! -f "${local_tarball}" ] && [ "$(command -v wget)" ] && \
+      echo "exec: wget ${wget_opts} ${remote_tarball}" 1>&2 && \
+      wget ${wget_opts} -O "${local_tarball}" "${remote_tarball}"
+    # if both were unsuccessful, exit
+    [ ! -f "${local_tarball}" ] && \
+      echo -n "ERROR: Cannot download $2 with cURL or wget; " && \
+      echo "please install manually and try again." && \
+      exit 2
+    cd "${_DIR}" && tar -xzf "$2"
+    rm -rf "$local_tarball"
+  fi
+}
+
+function get_os_type() {
+  local unameOsOut=$(uname -s)
+  local osType
+  case "${unameOsOut}" in
+  Linux*) osType=linux ;;
+  Darwin*) osType=darwin ;;
+  CYGWIN*) osType=windows ;;
+  MINGW*) osType=windows ;;
+  *) osType="UNKNOWN:${unameOsOut}" ;;
+  esac
+  echo "$osType"
+}
+
+function get_os_arch() {
+  local unameArchOut="$(uname -m)"
+  local arch
+  case "${unameArchOut}" in
+  x86_64*) arch=amd64 ;;
+  arm64*) arch=aarch64 ;;
+  *) arch="UNKNOWN:${unameOsOut}" ;;
+  esac
+  echo "$arch"
+}
+
+# Determine the Mvnd version from the root pom.xml file and
+# install mvnd under the build/ folder if needed.
+function install_mvnd() {
+  local MVND_VERSION=$(grep "<mvnd.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
+  local MVN_VERSION=$(grep "<maven.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
+  MVND_BIN="$(command -v mvnd)"
+  if [ "$MVND_BIN" ]; then
+    local MVND_DETECTED_VERSION="$(mvnd -v 2>&1 | grep '(mvnd)' | awk '{print $5}')"
+    local MVN_DETECTED_VERSION="$(mvnd -v 2>&1 | grep 'Apache Maven' | awk 'NR==2 {print $3}')"
+  fi
+  # See simple version normalization: http://stackoverflow.com/questions/16989598/bash-comparing-version-numbers
+  function version { echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }'; }
+
+  if [ $(version $MVND_DETECTED_VERSION) -ne $(version $MVND_VERSION) ]; then
+    local APACHE_MIRROR=${APACHE_MIRROR:-'https://downloads.apache.org'}
+    local OS_TYPE=$(get_os_type)
+    local ARCH=$(get_os_arch)
+
+    install_app \
+      "${APACHE_MIRROR}/maven/mvnd/${MVND_VERSION}" \
+      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}.tar.gz" \
+      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
+
+    MVND_BIN="${_DIR}/maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
+  else
+    if [ "$(version $MVN_DETECTED_VERSION)" -ne "$(version $MVN_VERSION)" ]; then
+      echo "Mvnd $MVND_DETECTED_VERSION embedded maven version $MVN_DETECTED_VERSION is not equivalent to $MVN_VERSION required in pom."
+      exit 1
+    fi
+  fi
+}
+
+install_mvnd
+
+cd "${_CALLING_DIR}"
+
+# Set any `mvn` options if not already present
+export MAVEN_OPTS=${MAVEN_OPTS:-"$_COMPILE_JVM_OPTS"}
+
+echo "Using \`mvnd\` from path: $MVND_BIN" 1>&2
+${MVND_BIN} $MAVEN_CLI_OPTS "$@"
diff --git a/pom.xml b/pom.xml
index 6aae60a8f..b761ef158 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,6 +109,7 @@
     <properties>
         <java.version>1.8</java.version>
         <maven.version>3.8.7</maven.version>
+        <mvnd.version>0.9.0</mvnd.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <scala.version>2.12.17</scala.version>

From 7cd206642c962b233a86edfe17f0bb0c99e34c70 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 10 Feb 2023 16:22:19 +0800
Subject: [PATCH 046/760] [KYUUBI #4302] Change log level from debug to info
 for creating work dir
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

The message is not noisy and is helpful when failing to create, e.g. no permission.

```
2023-02-10 14:30:32.731 INFO org.apache.kyuubi.operation.LaunchEngine: Processing simba's query[d51a4def-d3d7-454b-a63d-28e27a1e3c3f]: RUNNING_STATE -> ERROR_STATE, time taken: 0.1 seconds
Error: org.apache.kyuubi.KyuubiSQLException: Error operating LaunchEngine: java.io.IOException: 权限不够
	at java.io.UnixFileSystem.createFileExclusively(Native Method)
	at java.io.File.createNewFile(File.java:1012)
	at org.apache.kyuubi.engine.ProcBuilder.$anonfun$engineLog$6(ProcBuilder.scala:187)
	at scala.Option.getOrElse(Option.scala:189)
	at org.apache.kyuubi.engine.ProcBuilder.engineLog(ProcBuilder.scala:184)
	at org.apache.kyuubi.engine.ProcBuilder.engineLog$(ProcBuilder.scala:159)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.engineLog$lzycompute(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.engineLog(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.ProcBuilder.processBuilder(ProcBuilder.scala:141)
	at org.apache.kyuubi.engine.ProcBuilder.processBuilder$(ProcBuilder.scala:135)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.processBuilder$lzycompute(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.processBuilder(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.ProcBuilder.start(ProcBuilder.scala:198)
	at org.apache.kyuubi.engine.ProcBuilder.start$(ProcBuilder.scala:197)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.start(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.EngineRef.$anonfun$create$1(EngineRef.scala:194)
	at org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient.tryWithLock(ZookeeperDiscoveryClient.scala:174)
	at org.apache.kyuubi.engine.EngineRef.tryWithLock(EngineRef.scala:160)
	at org.apache.kyuubi.engine.EngineRef.create(EngineRef.scala:165)
	at org.apache.kyuubi.engine.EngineRef.$anonfun$getOrCreate$1(EngineRef.scala:260)
	at scala.Option.getOrElse(Option.scala:189)
	at org.apache.kyuubi.engine.EngineRef.getOrCreate(EngineRef.scala:260)
	at org.apache.kyuubi.session.KyuubiSessionImpl.$anonfun$openEngineSession$1(KyuubiSessionImpl.scala:120)
	at org.apache.kyuubi.session.KyuubiSessionImpl.$anonfun$openEngineSession$1$adapted(KyuubiSessionImpl.scala:113)
	at org.apache.kyuubi.ha.client.DiscoveryClientProvider$.withDiscoveryClient(DiscoveryClientProvider.scala:36)
	at org.apache.kyuubi.session.KyuubiSessionImpl.openEngineSession(KyuubiSessionImpl.scala:113)
	at org.apache.kyuubi.operation.LaunchEngine.$anonfun$runInternal$2(LaunchEngine.scala:49)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

	at org.apache.kyuubi.KyuubiSQLException$.apply(KyuubiSQLException.scala:69)
	at org.apache.kyuubi.operation.KyuubiOperation$$anonfun$onError$1.applyOrElse(KyuubiOperation.scala:75)
	at org.apache.kyuubi.operation.KyuubiOperation$$anonfun$onError$1.applyOrElse(KyuubiOperation.scala:56)
	at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:38)
	at org.apache.kyuubi.operation.LaunchEngine.$anonfun$runInternal$2(LaunchEngine.scala:51)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: 权限不够
	at java.io.UnixFileSystem.createFileExclusively(Native Method)
	at java.io.File.createNewFile(File.java:1012)
	at org.apache.kyuubi.engine.ProcBuilder.$anonfun$engineLog$6(ProcBuilder.scala:187)
	at scala.Option.getOrElse(Option.scala:189)
	at org.apache.kyuubi.engine.ProcBuilder.engineLog(ProcBuilder.scala:184)
	at org.apache.kyuubi.engine.ProcBuilder.engineLog$(ProcBuilder.scala:159)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.engineLog$lzycompute(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.engineLog(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.ProcBuilder.processBuilder(ProcBuilder.scala:141)
	at org.apache.kyuubi.engine.ProcBuilder.processBuilder$(ProcBuilder.scala:135)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.processBuilder$lzycompute(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.processBuilder(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.ProcBuilder.start(ProcBuilder.scala:198)
	at org.apache.kyuubi.engine.ProcBuilder.start$(ProcBuilder.scala:197)
	at org.apache.kyuubi.engine.spark.SparkProcessBuilder.start(SparkProcessBuilder.scala:36)
	at org.apache.kyuubi.engine.EngineRef.$anonfun$create$1(EngineRef.scala:194)
	at org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient.tryWithLock(ZookeeperDiscoveryClient.scala:174)
	at org.apache.kyuubi.engine.EngineRef.tryWithLock(EngineRef.scala:160)
	at org.apache.kyuubi.engine.EngineRef.create(EngineRef.scala:165)
	at org.apache.kyuubi.engine.EngineRef.$anonfun$getOrCreate$1(EngineRef.scala:260)
	at scala.Option.getOrElse(Option.scala:189)
	at org.apache.kyuubi.engine.EngineRef.getOrCreate(EngineRef.scala:260)
	at org.apache.kyuubi.session.KyuubiSessionImpl.$anonfun$openEngineSession$1(KyuubiSessionImpl.scala:120)
	at org.apache.kyuubi.session.KyuubiSessionImpl.$anonfun$openEngineSession$1$adapted(KyuubiSessionImpl.scala:113)
	at org.apache.kyuubi.ha.client.DiscoveryClientProvider$.withDiscoveryClient(DiscoveryClientProvider.scala:36)
	at org.apache.kyuubi.session.KyuubiSessionImpl.openEngineSession(KyuubiSessionImpl.scala:113)
	at org.apache.kyuubi.operation.LaunchEngine.$anonfun$runInternal$2(LaunchEngine.scala:49)
	... 5 more (state=,code=0)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4302 from pan3793/info.

Closes #4302

24c8ab39d [Cheng Pan] Change log level from debug to info for creating work dir

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index a119d971d..4c7330b4d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -118,7 +118,7 @@ trait ProcBuilder {
     env.get("KYUUBI_WORK_DIR_ROOT").map { root =>
       val workingRoot = Paths.get(root).toAbsolutePath
       if (!Files.exists(workingRoot)) {
-        debug(s"Creating KYUUBI_WORK_DIR_ROOT at $workingRoot")
+        info(s"Creating KYUUBI_WORK_DIR_ROOT at $workingRoot")
         Files.createDirectories(workingRoot)
       }
       if (Files.isDirectory(workingRoot)) {
@@ -127,7 +127,7 @@ trait ProcBuilder {
     }.map { rootAbs =>
       val working = Paths.get(rootAbs, proxyUser)
       if (!Files.exists(working)) {
-        debug(s"Creating $proxyUser's working directory at $working")
+        info(s"Creating $proxyUser's working directory at $working")
         Files.createDirectories(working)
       }
       if (Files.isDirectory(working)) {

From e545df50487592e15f348c50c4a0e2416fa66511 Mon Sep 17 00:00:00 2001
From: runzhliu <runzhliu@163.com>
Date: Sat, 11 Feb 2023 08:54:07 +0800
Subject: [PATCH 047/760] [KYUUBI #4299] Bump JUnit to 4.13.2

### _Why are the changes needed?_

bump JUnit4 from 4.13.1 to 4.13.2
release note: https://github.com/junit-team/junit4/blob/HEAD/doc/ReleaseNotes4.13.2.md
nothing new after running `build/dependency.sh --replace`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4310 from runzhliu/patch-6.

Closes #4299

8857d254 [runzhliu] Merge branch 'apache:master' into patch-6
c2893632 [runzhliu] Bump Junit4 from 4.13.1 to 4.13.2

Authored-by: runzhliu <runzhliu@163.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b761ef158..c7a0fdb3a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -166,7 +166,7 @@
         <jersey.version>2.38</jersey.version>
         <jetty.version>9.4.50.v20221201</jetty.version>
         <jline.version>0.9.94</jline.version>
-        <junit.version>4.13.1</junit.version>
+        <junit.version>4.13.2</junit.version>
         <kubernetes-client.version>5.12.1</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>

From de15dbe28a99fe29e77cf8d7e2bac5d8f8e90eb1 Mon Sep 17 00:00:00 2001
From: runzhliu <runzhliu@163.com>
Date: Sat, 11 Feb 2023 09:07:05 +0800
Subject: [PATCH 048/760] [KYUUBI #4299] Bump MySQL JDBC driver to 8.0.32

### _Why are the changes needed?_

bump Mysql jdbc driver to 8.0.32
release: https://github.com/mysql/mysql-connector-j/releases/tag/8.0.32
Mysql jdbc driver used in test scope only
nothing new after running build/dependency.sh --replace

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4309 from runzhliu/patch-7.

Closes #4299

a9e43e91 [runzhliu] Merge branch 'apache:master' into patch-7
53ce3a37 [runzhliu] Merge branch 'apache:master' into patch-7
d3f02cd6 [runzhliu] Bump Mysql jdbc driver from 8.0.31 to 8.0.32

Authored-by: runzhliu <runzhliu@163.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c7a0fdb3a..a15b4b590 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,7 +171,7 @@
         <kudu.version>1.15.0</kudu.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.19.0</log4j.version>
-        <mysql.jdbc.version>8.0.31</mysql.jdbc.version>
+        <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
         <netty.version>4.1.87.Final</netty.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>

From 7f86611b316a0bac3c336c549673aabd22f9c2c4 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Sun, 12 Feb 2023 18:42:36 +0800
Subject: [PATCH 049/760] [KYUUBI #4313] [K8S][HELM] Comment license in helm
 chart NOTES

### _Why are the changes needed?_
The changes are needed to hide license text printed after chart installed.
Before changes:
```
$ helm install kyuubi ${KYUUBI_HOME}/charts/kyuubi -n kyuubi --create-namespace
NAME: kyuubi
LAST DEPLOYED: Sat Feb 11 20:35:52 2023
NAMESPACE: kyuubi
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

The chart has been installed!

In order to check the release status, use:
  helm status kyuubi -n kyuubi
    or for more detailed info
  helm get all kyuubi -n kyuubi

************************
******* Services *******
************************
THRIFT_BINARY:
- To access kyuubi-thrift-binary service within the cluster, use the following URL:
    kyuubi-thrift-binary.kyuubi.svc.cluster.local
- To access kyuubi-thrift-binary service from outside the cluster for debugging, run the following command:
    kubectl port-forward svc/kyuubi-thrift-binary 10009:10009 -n kyuubi
  and use 127.0.0.1:10009
```

After changes:
```
$ helm install kyuubi ${KYUUBI_HOME}/charts/kyuubi -n kyuubi --create-namespace
NAME: kyuubi
LAST DEPLOYED: Sat Feb 11 20:37:45 2023
NAMESPACE: kyuubi
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The chart has been installed!

In order to check the release status, use:
  helm status kyuubi -n kyuubi
    or for more detailed info
  helm get all kyuubi -n kyuubi

************************
******* Services *******
************************
THRIFT_BINARY:
- To access kyuubi-thrift-binary service within the cluster, use the following URL:
    kyuubi-thrift-binary.kyuubi.svc.cluster.local
- To access kyuubi-thrift-binary service from outside the cluster for debugging, run the following command:
    kubectl port-forward svc/kyuubi-thrift-binary 10009:10009 -n kyuubi
  and use 127.0.0.1:10009
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4313 from dnskr/comment_license_in_helm_chart_notes.

Closes #4313

7cc76639b [dnskr] [K8S][HELM] Comment license in helm chart NOTES

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/NOTES.txt | 32 +++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/charts/kyuubi/templates/NOTES.txt b/charts/kyuubi/templates/NOTES.txt
index be29b8048..0da72d0eb 100644
--- a/charts/kyuubi/templates/NOTES.txt
+++ b/charts/kyuubi/templates/NOTES.txt
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 The chart has been installed!
 

From b6ebd5e8c52438ca5987a10020dd0729ed257a30 Mon Sep 17 00:00:00 2001
From: hongkunyoo <hongkunyoo@gmail.com>
Date: Mon, 13 Feb 2023 00:37:51 +0800
Subject: [PATCH 050/760] [KYUUBI #4307] Small missing `kubectl`

Maybe `kubectl` command is missing?

Closes #4307 from hongkunyoo/patch-1.

Closes #4307

549357af7 [hongkunyoo] Small missing `kubectl`

Authored-by: hongkunyoo <hongkunyoo@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start_with_helm.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start_with_helm.md b/docs/quick_start/quick_start_with_helm.md
index 99c787841..be3adb75c 100644
--- a/docs/quick_start/quick_start_with_helm.md
+++ b/docs/quick_start/quick_start_with_helm.md
@@ -30,7 +30,7 @@ Please go to [Install Helm](https://helm.sh/docs/intro/install/) page to get and
 #### [Optional] Create namespace on kubernetes
 
 ```bash
-create ns kyuubi
+kubectl create ns kyuubi
 ```
 
 #### Get kyuubi started

From 68b70ca1d2a969c6c1664bb5e51e986fe5d474dc Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Mon, 13 Feb 2023 00:40:52 +0800
Subject: [PATCH 051/760] [KYUUBI #4314] [DOCS][HELM] Refine helm chart docs

### _Why are the changes needed?_
The changes are needed to make doc page clearer and a bit nicer, and reflect latest changes in the chart.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

This patch had conflicts when merged, resolved by
Committer: Cheng Pan <chengpan@apache.org>

Closes #4314 from dnskr/update_helm_chart_doc_page.

Closes #4314

d7c18fd53 [dnskr] [DOCS][HELM] Refine helm chart docs

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start_with_helm.md | 131 +++++++++++-----------
 1 file changed, 66 insertions(+), 65 deletions(-)

diff --git a/docs/quick_start/quick_start_with_helm.md b/docs/quick_start/quick_start_with_helm.md
index be3adb75c..a2de54445 100644
--- a/docs/quick_start/quick_start_with_helm.md
+++ b/docs/quick_start/quick_start_with_helm.md
@@ -15,105 +15,106 @@
 - limitations under the License.
 -->
 
-# Getting Started With Kyuubi on kubernetes
+# Getting Started With Kyuubi on Kubernetes
 
-## Running kyuubi with helm
+## Running Kyuubi with Helm
 
-[Helm](https://helm.sh/) is the package manager for Kubernetes，it can be used to find, share, and use software built for Kubernetes.
+[Helm](https://helm.sh/) is the package manager for Kubernetes, it can be used to find, share, and use software built for Kubernetes.
 
-### Get helm and Install
+### Install Helm
 
-Please go to [Install Helm](https://helm.sh/docs/intro/install/) page to get and install an appropriate release version for yourself.
+Please go to [Installing Helm](https://helm.sh/docs/intro/install/) page to get and install an appropriate release version for yourself.
 
 ### Get Kyuubi Started
 
-#### [Optional] Create namespace on kubernetes
+#### Install the chart
 
-```bash
-kubectl create ns kyuubi
+```shell
+helm install kyuubi ${KYUUBI_HOME}/charts/kyuubi -n kyuubi --create-namespace
 ```
 
-#### Get kyuubi started
+It will print release info with notes, including the ways to get Kyuubi accessed within Kubernetes cluster and exposed externally depending on the configuration provided.
 
-```bash
-helm install kyuubi-helm ${KYUUBI_HOME}/charts/kyuubi -n ${namespace_name}
-```
-
-It will print variables and the way to get kyuubi expose ip and port.
-
-```bash
-NAME: kyuubi-helm
-LAST DEPLOYED: Wed Oct 20 15:22:47 2021
+```shell
+NAME: kyuubi
+LAST DEPLOYED: Sat Feb 11 20:59:00 2023
 NAMESPACE: kyuubi
 STATUS: deployed
 REVISION: 1
 TEST SUITE: None
 NOTES:
-Get kyuubi expose URL by running these commands:
-  export NODE_PORT=$(kubectl get --namespace kyuubi -o jsonpath="{.spec.ports[0].nodePort}" services kyuubi-svc)
-  export NODE_IP=$(kubectl get nodes --namespace kyuubi -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo $NODE_IP:$NODE_PORT
+The chart has been installed!
+
+In order to check the release status, use:
+  helm status kyuubi -n kyuubi
+    or for more detailed info
+  helm get all kyuubi -n kyuubi
+
+************************
+******* Services *******
+************************
+THRIFT_BINARY:
+- To access kyuubi-thrift-binary service within the cluster, use the following URL:
+    kyuubi-thrift-binary.kyuubi.svc.cluster.local
+- To access kyuubi-thrift-binary service from outside the cluster for debugging, run the following command:
+    kubectl port-forward svc/kyuubi-thrift-binary 10009:10009 -n kyuubi
+  and use 127.0.0.1:10009
 ```
 
-#### Using hive beeline
+#### Uninstall the chart
 
-[Using Hive Beeline](./quick_start.html#using-hive-beeline) to opening a connection.
+```shell
+helm uninstall kyuubi -n kyuubi
+```
 
-#### Remove kyuubi
+#### Configure chart release
 
-```bash
-helm uninstall kyuubi-helm -n ${namespace_name}
-```
+Specify configuration properties using `--set` flag.
+For example, to install the chart with `replicaCount` set to `1`, use the following command:
 
-#### Edit server config
+```shell
+helm install kyuubi ${KYUUBI_HOME}/charts/kyuubi -n kyuubi --create-namespace --set replicaCount=1
+```
 
-Modify `values.yaml` under `${KYUUBI_HOME}/docker/helm`:
+Also, custom values file can be used to override default property values. For example, create `myvalues.yaml` to specify `replicaCount` and `resources`:
 
 ```yaml
-# Kyuubi server numbers
-replicaCount: 2
-
-image:
-  repository: apache/kyuubi
-  pullPolicy: Always
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "master-snapshot"
-
-server:
-  bind:
-    host: 0.0.0.0
-    port: 10009
-  conf:
-    mountPath: /opt/kyuubi/conf
-
-service:
-  type: NodePort
-  # The default port limit of kubernetes is 30000-32767
-  # to change:
-  #   vim kube-apiserver.yaml (usually under path: /etc/kubernetes/manifests/)
-  #   add or change line 'service-node-port-range=1-32767' under kube-apiserver
-  port: 30009
+replicaCount: 1
+
+resources:
+  requests:
+    cpu: 2
+    memory: 4Gi
+  limits:
+    cpu: 4
+    memory: 10Gi
+```
+
+and use it to override default chart values with `-f` flag:
+
+```shell
+helm install kyuubi ${KYUUBI_HOME}/charts/kyuubi -n kyuubi --create-namespace -f myvalues.yaml
 ```
 
-#### Get server log
+#### Access logs
 
-List all server pods:
+List all pods in the release namespace:
 
-```bash
-kubectl get po -n ${namespace_name}
+```shell
+kubectl get pod -n kyuubi
 ```
 
-The server pods will print:
+Find Kyuubi pods:
 
-```text
-NAME                             READY   STATUS    RESTARTS   AGE
-kyuubi-server-585d8944c5-m7j5s   1/1     Running   0          30m
-kyuubi-server-32sdsa1245-2d2sj   1/1     Running   0          30m
+```shell
+NAME                      READY   STATUS    RESTARTS   AGE
+kyuubi-5b6d496c98-kbhws   1/1     Running   0          38m
+kyuubi-5b6d496c98-lqldk   1/1     Running   0          38m
 ```
 
-then, use pod name to get logs:
+Then, use pod name to get logs:
 
-```bash
-kubectl -n ${namespace_name} logs kyuubi-server-585d8944c5-m7j5s
+```shell
+kubectl logs kyuubi-5b6d496c98-kbhws -n kyuubi
 ```
 

From 3b0137ae7840458cfed10e65de9a6841d8e26197 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 13 Feb 2023 13:15:18 +0800
Subject: [PATCH 052/760] [KYUUBI #4308] [DOCS] Make README more welcoming
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
 

- Make Readme more welcoming to readers, in
  - Elegancy: clear, center aligned Kyuubi logo in front
  - Maturity: always good to see numbers of contributors, lines and PRs
  - Guidance: quick starting point to project homepage and documentation for next steps
  - Sociability: showing star number of the project

Preview link: https://github.com/bowenliang123/incubator-kyuubi/blob/readme-welcome/README.md

Before:
<img width="917" alt="image" src="https://user-images.githubusercontent.com/1935105/218124450-1cb099bb-87fb-41ad-8048-0a8c4653c754.png">

After:
<img width="913" alt="image" src="https://user-images.githubusercontent.com/1935105/218263680-8237f838-b0b9-42c4-b814-b909651aaef2.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4308 from bowenliang123/readme-welcome.

Closes #4308

35fafffb [Bowen Liang] add links for badges
55721d17 [liangbowen] remove licence badge and add total lines badge
42971575 [Bowen Liang] Update README.md
5909b1d6 [liangbowen] make Readme more welcoming

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 README.md | 48 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 16fc794ee..0b46abf85 100644
--- a/README.md
+++ b/README.md
@@ -15,27 +15,43 @@
  - limitations under the License.
  -->
 
-# Apache Kyuubi
-
-<img src="https://svn.apache.org/repos/asf/comdev/project-logos/originals/kyuubi-1.svg" alt="Kyuubi logo" height="120px" align="right" />
+<p align="center">
+  <img src="https://svn.apache.org/repos/asf/comdev/project-logos/originals/kyuubi-1.svg" alt="Kyuubi logo" height="120px"/>
+</p>
+
+<p align="center">
+  <a href="https://kyuubi.apache.org/releases.html">
+    <img src="https://img.shields.io/github/v/release/apache/kyuubi" />
+  </a>
+  <a href="https://github.com/apache/kyuubi/pulls">
+    <img src="https://img.shields.io/github/issues-pr-closed/apache/kyuubi" />
+  </a>
+  <a href="https://github.com/apache/kyuubi/pulse">
+    <img src="https://img.shields.io/tokei/lines/github/apache/kyuubi" />
+  </a>
+  <a href="https://github.com/apache/kyuubi/graphs/contributors">
+    <img src="https://img.shields.io/github/contributors/apache/kyuubi" />
+  </a>
+  <a class="github-button" href="https://github.com/apache/kyuubi" data-icon="octicon-star" aria-label="Star apache/kyuubi on GitHub">
+    <img src="https://img.shields.io/github/stars/apache/kyuubi?style=social" />
+  </a>
+</p>
+<p align="center">
+        <a href="https://kyuubi.apache.org/">Project</a>
+        -
+        <a href="https://kyuubi.readthedocs.io/">Documentation</a>
+        -
+        <a href="https://kyuubi.apache.org/powered_by.html">Who's using</a>
+</p>
 
-[![License](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
-[![Release](https://img.shields.io/github/v/release/apache/kyuubi?label=release)](https://github.com/apache/kyuubi/releases)
-[![](https://tokei.rs/b1/github.com/apache/kyuubi)](https://github.com/apache/kyuubi)
-[![codecov](https://codecov.io/gh/apache/kyuubi/branch/master/graph/badge.svg)](https://codecov.io/gh/apache/kyuubi)
-![GitHub Workflow Status](https://img.shields.io/github/workflow/status/apache/kyuubi/Kyuubi/master?style=plastic)
-[![Documentation Status](https://readthedocs.org/projects/kyuubi/badge/?version=latest)](https://kyuubi.readthedocs.io/en/master/)
-![GitHub top language](https://img.shields.io/github/languages/top/apache/kyuubi)
-[![Commit activity](https://img.shields.io/github/commit-activity/m/apache/kyuubi)](https://github.com/apache/kyuubi/graphs/commit-activity)
-[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/apache/kyuubi.svg)](http://isitmaintained.com/project/apache/kyuubi "Average time to resolve an issue")
-[![Percentage of issues still open](http://isitmaintained.com/badge/open/apache/kyuubi.svg)](http://isitmaintained.com/project/apache/kyuubi "Percentage of issues still open")
+# Apache Kyuubi
+Apache Kyuubi™ is a distributed and multi-tenant gateway to provide serverless
+SQL on data warehouses and lakehouses.
 
+<https://kyuubi.apache.org/>
 
 ## What is Kyuubi?
 
-Apache Kyuubi™ is a distributed and multi-tenant gateway to provide serverless
-SQL on data warehouses and lakehouses.
-
 Kyuubi provides a pure SQL gateway through Thrift JDBC/ODBC interface for end-users to manipulate large-scale data with pre-programmed and extensible Spark SQL engines. This "out-of-the-box" model minimizes the barriers and costs for end-users to use Spark at the client side. At the server-side, Kyuubi server and engines' multi-tenant architecture provides the administrators a way to achieve computing resource isolation, data security, high availability, high client concurrency, etc.
 
 ![](./docs/imgs/kyuubi_positioning.png)

From 41f08059f081c14bd88f9f733935370c9896b20a Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Mon, 13 Feb 2023 19:28:14 +0800
Subject: [PATCH 053/760] [KYUUBI #3935] Support use Trino client to submit SQL

### _Why are the changes needed?_

Close #3935

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4232 from iodone/kyuubi-3935.

Closes #3935

936ea1f8 [odone] address
e7bd01a1 [odone] support trino client connect kyuubi trino server
9ea8b6af [odone] [WIP] trion request/response implementation

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 dev/dependencyList                            |   2 +-
 .../service/AbstractBackendService.scala      |   7 +-
 .../kyuubi/service/BackendService.scala       |   4 +-
 kyuubi-server/pom.xml                         |  10 +
 .../kyuubi/server/BackendServiceMetric.scala  |   6 +-
 .../api/KyuubiTrinoOperationTranslator.scala  |  12 +-
 .../kyuubi/server/trino/api/Query.scala       | 206 ++++++++++++++++++
 .../server/trino/api/TrinoContext.scala       |  17 +-
 ...per.scala => TrinoScalaObjectMapper.scala} |  11 +-
 .../server/trino/api/TrinoServerConfig.scala  |   2 +-
 .../trino/api/v1/StatementResource.scala      | 145 ++++++++++--
 .../kyuubi/RestFrontendTestHelper.scala       |   4 +-
 .../apache/kyuubi/TrinoClientTestHelper.scala |  80 -------
 .../kyuubi/TrinoRestFrontendTestHelper.scala  |  40 ++++
 .../trino/api/TrinoClientApiSuite.scala       | 145 ++++++++++++
 .../server/trino/api/TrinoContextSuite.scala  |   4 +-
 .../trino/api/v1/StatementResourceSuite.scala |  94 +++++++-
 pom.xml                                       |   6 +
 18 files changed, 661 insertions(+), 134 deletions(-)
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
 rename kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/{KyuubiScalaObjectMapper.scala => TrinoScalaObjectMapper.scala} (73%)
 delete mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoClientTestHelper.scala
 create mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoRestFrontendTestHelper.scala
 create mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala

diff --git a/dev/dependencyList b/dev/dependencyList
index 2035b95de..9813bb562 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -69,7 +69,7 @@ jackson-annotations/2.14.2//jackson-annotations-2.14.2.jar
 jackson-core/2.14.2//jackson-core-2.14.2.jar
 jackson-databind/2.14.2//jackson-databind-2.14.2.jar
 jackson-dataformat-yaml/2.14.2//jackson-dataformat-yaml-2.14.2.jar
-jackson-datatype-jdk8/2.12.3//jackson-datatype-jdk8-2.12.3.jar
+jackson-datatype-jdk8/2.14.2//jackson-datatype-jdk8-2.14.2.jar
 jackson-datatype-jsr310/2.14.2//jackson-datatype-jsr310-2.14.2.jar
 jackson-jaxrs-base/2.14.2//jackson-jaxrs-base-2.14.2.jar
 jackson-jaxrs-json-provider/2.14.2//jackson-jaxrs-json-provider-2.14.2.jar
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
index e7c2d8365..b9e254508 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
@@ -156,11 +156,14 @@ abstract class AbstractBackendService(name: String)
     queryId
   }
 
-  override def getOperationStatus(operationHandle: OperationHandle): OperationStatus = {
+  override def getOperationStatus(
+      operationHandle: OperationHandle,
+      maxWait: Option[Long]): OperationStatus = {
     val operation = sessionManager.operationManager.getOperation(operationHandle)
     if (operation.shouldRunAsync) {
       try {
-        operation.getBackgroundHandle.get(timeout, TimeUnit.MILLISECONDS)
+        val waitTime = maxWait.getOrElse(timeout)
+        operation.getBackgroundHandle.get(waitTime, TimeUnit.MILLISECONDS)
       } catch {
         case e: TimeoutException =>
           debug(s"$operationHandle: Long polling timed out, ${e.getMessage}")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala
index e18411566..968a94197 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala
@@ -91,7 +91,9 @@ trait BackendService {
       foreignTable: String): OperationHandle
   def getQueryId(operationHandle: OperationHandle): String
 
-  def getOperationStatus(operationHandle: OperationHandle): OperationStatus
+  def getOperationStatus(
+      operationHandle: OperationHandle,
+      maxWait: Option[Long] = None): OperationStatus
   def cancelOperation(operationHandle: OperationHandle): Unit
   def closeOperation(operationHandle: OperationHandle): Unit
   def getResultSetMetadata(operationHandle: OperationHandle): TGetResultSetMetadataResp
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index f14d2baa3..53b8a9601 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -221,6 +221,16 @@
             <artifactId>jersey-media-multipart</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jdk8</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>com.zaxxer</groupId>
             <artifactId>HikariCP</artifactId>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
index d8b664163..68bf11d7f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
@@ -152,9 +152,11 @@ trait BackendServiceMetric extends BackendService {
     }
   }
 
-  abstract override def getOperationStatus(operationHandle: OperationHandle): OperationStatus = {
+  abstract override def getOperationStatus(
+      operationHandle: OperationHandle,
+      maxWait: Option[Long] = None): OperationStatus = {
     MetricsSystem.timerTracing(MetricsConstants.BS_GET_OPERATION_STATUS) {
-      super.getOperationStatus(operationHandle)
+      super.getOperationStatus(operationHandle, maxWait)
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala
index 6ec9fc1c8..5eba9c327 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala
@@ -19,10 +19,9 @@ package org.apache.kyuubi.server.trino.api
 
 import scala.collection.JavaConverters._
 
-import org.apache.hive.service.rpc.thrift.TProtocolVersion
-
 import org.apache.kyuubi.operation.OperationHandle
 import org.apache.kyuubi.service.BackendService
+import org.apache.kyuubi.session.SessionHandle
 import org.apache.kyuubi.sql.parser.trino.KyuubiTrinoFeParser
 import org.apache.kyuubi.sql.plan.PassThroughNode
 import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
@@ -32,17 +31,10 @@ class KyuubiTrinoOperationTranslator(backendService: BackendService) {
 
   def transform(
       statement: String,
-      user: String,
-      ipAddress: String,
+      sessionHandle: SessionHandle,
       configs: Map[String, String],
       runAsync: Boolean,
       queryTimeout: Long): OperationHandle = {
-    val sessionHandle = backendService.openSession(
-      TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
-      user,
-      "",
-      ipAddress,
-      configs)
     parser.parsePlan(statement) match {
       case GetSchemas(catalogName, schemaPattern) =>
         backendService.getSchemas(sessionHandle, catalogName, schemaPattern)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
new file mode 100644
index 000000000..c8c9e2fd6
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
@@ -0,0 +1,206 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.trino.api
+
+import java.net.URI
+import java.security.SecureRandom
+import java.util.Objects.requireNonNull
+import java.util.UUID
+import java.util.concurrent.atomic.AtomicLong
+import javax.ws.rs.WebApplicationException
+import javax.ws.rs.core.{Response, UriInfo}
+
+import Slug.Context.{EXECUTING_QUERY, QUEUED_QUERY}
+import com.google.common.hash.Hashing
+import io.trino.client.QueryResults
+import org.apache.hive.service.rpc.thrift.TProtocolVersion
+
+import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
+import org.apache.kyuubi.operation.OperationState.{FINISHED, INITIALIZED, OperationState, PENDING}
+import org.apache.kyuubi.service.BackendService
+import org.apache.kyuubi.session.SessionHandle
+
+case class Query(
+    queryId: QueryId,
+    context: TrinoContext,
+    be: BackendService) {
+
+  private val QUEUED_QUERY_PATH = "/v1/statement/queued/"
+  private val EXECUTING_QUERY_PATH = "/v1/statement/executing"
+
+  private val slug: Slug = Slug.createNewWithUUID(queryId.getQueryId)
+  private val lastToken = new AtomicLong
+
+  private val defaultMaxRows = 1000
+  private val defaultFetchOrientation = FetchOrientation.withName("FETCH_NEXT")
+
+  def getQueryResults(token: Long, uriInfo: UriInfo, maxWait: Long = 0): QueryResults = {
+    val status =
+      be.getOperationStatus(queryId.operationHandle, Some(maxWait))
+    val nextUri = if (status.exception.isEmpty) {
+      getNextUri(token + 1, uriInfo, toSlugContext(status.state))
+    } else null
+    val queryHtmlUri = uriInfo.getRequestUriBuilder
+      .replacePath("ui/query.html").replaceQuery(queryId.getQueryId).build()
+
+    status.state match {
+      case FINISHED =>
+        val metaData = be.getResultSetMetadata(queryId.operationHandle)
+        val resultSet = be.fetchResults(
+          queryId.operationHandle,
+          defaultFetchOrientation,
+          defaultMaxRows,
+          false)
+        TrinoContext.createQueryResults(
+          queryId.getQueryId,
+          nextUri,
+          queryHtmlUri,
+          status,
+          Option(metaData),
+          Option(resultSet))
+      case _ =>
+        TrinoContext.createQueryResults(
+          queryId.getQueryId,
+          nextUri,
+          queryHtmlUri,
+          status)
+    }
+  }
+
+  def getLastToken: Long = this.lastToken.get()
+
+  def getSlug: Slug = this.slug
+
+  def cancel: Unit = clear
+
+  private def clear = {
+    be.closeOperation(queryId.operationHandle)
+    context.session.get("sessionId").foreach { id =>
+      be.closeSession(SessionHandle.fromUUID(id))
+    }
+  }
+
+  private def setToken(token: Long): Unit = {
+    val lastToken = this.lastToken.get
+    if (token != lastToken && token != lastToken + 1) {
+      throw new WebApplicationException(Response.Status.GONE)
+    }
+    this.lastToken.compareAndSet(lastToken, token)
+  }
+
+  private def getNextUri(token: Long, uriInfo: UriInfo, slugContext: Slug.Context.Context): URI = {
+    val path = slugContext match {
+      case QUEUED_QUERY => QUEUED_QUERY_PATH
+      case EXECUTING_QUERY => EXECUTING_QUERY_PATH
+    }
+
+    uriInfo.getBaseUriBuilder.replacePath(path)
+      .path(queryId.getQueryId)
+      .path(slug.makeSlug(slugContext, token))
+      .path(String.valueOf(token))
+      .replaceQuery("")
+      .build()
+  }
+
+  private def toSlugContext(state: OperationState): Slug.Context.Context = {
+    state match {
+      case INITIALIZED | PENDING => Slug.Context.QUEUED_QUERY
+      case _ => Slug.Context.EXECUTING_QUERY
+    }
+  }
+
+}
+
+object Query {
+
+  def apply(
+      statement: String,
+      context: TrinoContext,
+      translator: KyuubiTrinoOperationTranslator,
+      backendService: BackendService,
+      queryTimeout: Long = 0): Query = {
+
+    val sessionHandle = createSession(context, backendService)
+    val operationHandle = translator.transform(
+      statement,
+      sessionHandle,
+      context.session,
+      true,
+      queryTimeout)
+    val newSessionProperties =
+      context.session + ("sessionId" -> sessionHandle.identifier.toString)
+    val updatedContext = context.copy(session = newSessionProperties)
+    Query(QueryId(operationHandle), updatedContext, backendService)
+  }
+
+  def apply(id: String, context: TrinoContext, backendService: BackendService): Query = {
+    Query(QueryId(id), context, backendService)
+  }
+
+  private def createSession(
+      context: TrinoContext,
+      backendService: BackendService): SessionHandle = {
+    backendService.openSession(
+      TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
+      context.user,
+      "",
+      context.remoteUserAddress.getOrElse(""),
+      context.session)
+  }
+
+}
+
+case class QueryId(operationHandle: OperationHandle) {
+  def getQueryId: String = operationHandle.identifier.toString
+}
+
+object QueryId {
+  def apply(id: String): QueryId = QueryId(OperationHandle(id))
+}
+
+object Slug {
+
+  object Context extends Enumeration {
+    type Context = Value
+    val QUEUED_QUERY, EXECUTING_QUERY = Value
+  }
+
+  private val RANDOM = new SecureRandom
+
+  def createNew: Slug = {
+    val randomBytes = new Array[Byte](16)
+    RANDOM.nextBytes(randomBytes)
+    new Slug(randomBytes)
+  }
+
+  def createNewWithUUID(uuid: String): Slug = {
+    val uuidBytes = UUID.fromString(uuid).toString.getBytes("UTF-8")
+    new Slug(uuidBytes)
+  }
+}
+
+case class Slug(slugKey: Array[Byte]) {
+  val hmac = Hashing.hmacSha1(requireNonNull(slugKey, "slugKey is null"))
+
+  def makeSlug(context: Slug.Context.Context, token: Long): String = {
+    "y" + hmac.newHasher.putInt(context.id).putLong(token).hash.toString
+  }
+
+  def isValid(context: Slug.Context.Context, slug: String, token: Long): Boolean =
+    makeSlug(context, token) == slug
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
index 4a0736ddb..9e7713904 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
@@ -28,6 +28,7 @@ import io.trino.client.{ClientStandardTypes, ClientTypeSignature, Column, QueryE
 import io.trino.client.ProtocolHeaders.TRINO_HEADERS
 import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet, TTypeId}
 
+import org.apache.kyuubi.operation.OperationState.FINISHED
 import org.apache.kyuubi.operation.OperationStatus
 
 /**
@@ -58,6 +59,7 @@ case class TrinoContext(
     source: Option[String] = None,
     catalog: Option[String] = None,
     schema: Option[String] = None,
+    remoteUserAddress: Option[String] = None,
     language: Option[String] = None,
     traceToken: Option[String] = None,
     clientInfo: Option[String] = None,
@@ -72,10 +74,11 @@ object TrinoContext {
   private val GENERIC_INTERNAL_ERROR_NAME = "GENERIC_INTERNAL_ERROR_NAME"
   private val GENERIC_INTERNAL_ERROR_TYPE = "INTERNAL_ERROR"
 
-  def apply(headers: HttpHeaders): TrinoContext = {
-    apply(headers.getRequestHeaders.asScala.toMap.map {
+  def apply(headers: HttpHeaders, remoteAddress: Option[String]): TrinoContext = {
+    val context = apply(headers.getRequestHeaders.asScala.toMap.map {
       case (k, v) => (k, v.asScala.toList)
     })
+    context.copy(remoteUserAddress = remoteAddress)
   }
 
   def apply(headers: Map[String, List[String]]): TrinoContext = {
@@ -134,7 +137,6 @@ object TrinoContext {
     }
   }
 
-  // TODO: Building response with TrinoContext and other information
   def buildTrinoResponse(qr: QueryResults, trinoContext: TrinoContext): Response = {
     val responseBuilder = Response.ok(qr)
 
@@ -156,8 +158,6 @@ object TrinoContext {
       responseBuilder.header(TRINO_HEADERS.responseDeallocatedPrepare, urlEncode(v))
     }
 
-    responseBuilder.header(TRINO_HEADERS.responseClearSession, s"responseClearSession")
-    responseBuilder.header(TRINO_HEADERS.responseClearTransactionId, "false")
     responseBuilder.build()
   }
 
@@ -192,11 +192,16 @@ object TrinoContext {
       case None => null
     }
 
+    val updatedNextUri = queryStatus.state match {
+      case FINISHED if rowList == null || rowList.isEmpty || rowList.get(0).isEmpty => null
+      case _ => nextUri
+    }
+
     new QueryResults(
       queryId,
       queryHtmlUri,
       nextUri,
-      nextUri,
+      updatedNextUri,
       columnList,
       rowList,
       StatementStats.builder.setState(queryStatus.state.name()).setQueued(false)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiScalaObjectMapper.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala
similarity index 73%
rename from kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiScalaObjectMapper.scala
rename to kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala
index 915b109b7..f6055927a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiScalaObjectMapper.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala
@@ -19,11 +19,14 @@ package org.apache.kyuubi.server.trino.api
 
 import javax.ws.rs.ext.ContextResolver
 
-import com.fasterxml.jackson.databind.ObjectMapper
-import com.fasterxml.jackson.module.scala.DefaultScalaModule
+import com.fasterxml.jackson.databind.{DeserializationFeature, ObjectMapper}
+import com.fasterxml.jackson.datatype.jdk8.Jdk8Module
 
-class KyuubiScalaObjectMapper extends ContextResolver[ObjectMapper] {
-  private val mapper = new ObjectMapper().registerModule(DefaultScalaModule)
+class TrinoScalaObjectMapper extends ContextResolver[ObjectMapper] {
+
+  private lazy val mapper = new ObjectMapper()
+    .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
+    .registerModule(new Jdk8Module)
 
   override def getContext(aClass: Class[_]): ObjectMapper = mapper
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoServerConfig.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoServerConfig.scala
index d1f7de336..298e60c9c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoServerConfig.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoServerConfig.scala
@@ -21,6 +21,6 @@ import org.glassfish.jersey.server.ResourceConfig
 
 class TrinoServerConfig extends ResourceConfig {
   packages("org.apache.kyuubi.server.trino.api.v1")
-  register(classOf[KyuubiScalaObjectMapper])
+  register(classOf[TrinoScalaObjectMapper])
   register(classOf[RestExceptionMapper])
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
index 122b39ccd..ab783f8ac 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
@@ -18,16 +18,24 @@
 package org.apache.kyuubi.server.trino.api.v1
 
 import javax.ws.rs._
-import javax.ws.rs.core.{Context, HttpHeaders, MediaType}
+import javax.ws.rs.core.{Context, HttpHeaders, MediaType, Response, UriInfo}
+import javax.ws.rs.core.MediaType.TEXT_PLAIN_TYPE
+import javax.ws.rs.core.Response.Status.{BAD_REQUEST, NOT_FOUND}
 
+import scala.util.Try
+import scala.util.control.NonFatal
+
+import io.airlift.units.Duration
 import io.swagger.v3.oas.annotations.media.{Content, Schema}
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
 import io.trino.client.QueryResults
 
 import org.apache.kyuubi.Logging
-import org.apache.kyuubi.server.trino.api.{ApiRequestContext, KyuubiTrinoOperationTranslator}
+import org.apache.kyuubi.server.trino.api.{ApiRequestContext, KyuubiTrinoOperationTranslator, Query, QueryId, Slug, TrinoContext}
+import org.apache.kyuubi.server.trino.api.Slug.Context.{EXECUTING_QUERY, QUEUED_QUERY}
 import org.apache.kyuubi.server.trino.api.v1.dto.Ok
+import org.apache.kyuubi.service.BackendService
 
 @Tag(name = "Statement")
 @Produces(Array(MediaType.APPLICATION_JSON))
@@ -50,11 +58,32 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
       schema = new Schema(implementation = classOf[QueryResults]))),
     description =
       "Create a query")
-  @GET
+  @POST
   @Path("/")
   @Consumes(Array(MediaType.TEXT_PLAIN))
-  def query(statement: String, @Context headers: HttpHeaders): QueryResults = {
-    throw new UnsupportedOperationException
+  def query(
+      statement: String,
+      @Context headers: HttpHeaders,
+      @Context uriInfo: UriInfo): Response = {
+    if (statement == null || statement.isEmpty) {
+      throw badRequest(BAD_REQUEST, "SQL statement is empty")
+    }
+
+    val remoteAddr = Option(httpRequest.getRemoteAddr)
+    val trinoContext = TrinoContext(headers, remoteAddr)
+
+    try {
+      val query = Query(statement, trinoContext, translator, fe.be)
+      val qr = query.getQueryResults(query.getLastToken, uriInfo)
+      TrinoContext.buildTrinoResponse(qr, query.context)
+    } catch {
+      case e: Exception =>
+        val errorMsg =
+          s"Error submitting sql"
+        e.printStackTrace()
+        error(errorMsg, e)
+        throw badRequest(BAD_REQUEST, errorMsg)
+    }
   }
 
   @ApiResponse(
@@ -65,11 +94,31 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
   @GET
   @Path("/queued/{queryId}/{slug}/{token}")
   def getQueuedStatementStatus(
-      @Context headers: HttpHeaders,
       @PathParam("queryId") queryId: String,
       @PathParam("slug") slug: String,
-      @PathParam("token") token: Long): QueryResults = {
-    throw new UnsupportedOperationException
+      @PathParam("token") token: Long,
+      @QueryParam("maxWait") maxWait: Duration,
+      @Context headers: HttpHeaders,
+      @Context uriInfo: UriInfo): Response = {
+
+    val remoteAddr = Option(httpRequest.getRemoteAddr)
+    val trinoContext = TrinoContext(headers, remoteAddr)
+    val waitTime = if (maxWait == null) 0 else maxWait.toMillis
+    getQuery(fe.be, trinoContext, QueryId(queryId), slug, token, QUEUED_QUERY)
+      .flatMap(query =>
+        Try(TrinoContext.buildTrinoResponse(
+          query.getQueryResults(
+            token,
+            uriInfo,
+            waitTime),
+          query.context)))
+      .recover {
+        case NonFatal(e) =>
+          val errorMsg =
+            s"Error executing for query id $queryId"
+          error(errorMsg, e)
+          throw badRequest(NOT_FOUND, "Query not found")
+      }.get
   }
 
   @ApiResponse(
@@ -80,11 +129,28 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
   @GET
   @Path("/executing/{queryId}/{slug}/{token}")
   def getExecutingStatementStatus(
-      @Context headers: HttpHeaders,
       @PathParam("queryId") queryId: String,
       @PathParam("slug") slug: String,
-      @PathParam("token") token: Long): QueryResults = {
-    throw new UnsupportedOperationException
+      @PathParam("token") token: Long,
+      @QueryParam("maxWait") maxWait: Duration,
+      @Context headers: HttpHeaders,
+      @Context uriInfo: UriInfo): Response = {
+
+    val remoteAddr = Option(httpRequest.getRemoteAddr)
+    val trinoContext = TrinoContext(headers, remoteAddr)
+    val waitTime = if (maxWait == null) 0 else maxWait.toMillis
+    getQuery(fe.be, trinoContext, QueryId(queryId), slug, token, EXECUTING_QUERY)
+      .flatMap(query =>
+        Try(TrinoContext.buildTrinoResponse(
+          query.getQueryResults(token, uriInfo, waitTime),
+          query.context)))
+      .recover {
+        case NonFatal(e) =>
+          val errorMsg =
+            s"Error executing for query id $queryId"
+          error(errorMsg, e)
+          throw badRequest(NOT_FOUND, "Query not found")
+      }.get
   }
 
   @ApiResponse(
@@ -95,11 +161,23 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
   @DELETE
   @Path("/queued/{queryId}/{slug}/{token}")
   def cancelQueuedStatement(
-      @Context headers: HttpHeaders,
       @PathParam("queryId") queryId: String,
       @PathParam("slug") slug: String,
-      @PathParam("token") token: Long): QueryResults = {
-    throw new UnsupportedOperationException
+      @PathParam("token") token: Long,
+      @Context headers: HttpHeaders): Response = {
+
+    val remoteAddr = Option(httpRequest.getRemoteAddr)
+    val trinoContext = TrinoContext(headers, remoteAddr)
+    getQuery(fe.be, trinoContext, QueryId(queryId), slug, token, QUEUED_QUERY)
+      .flatMap(query => Try(query.cancel))
+      .recover {
+        case NonFatal(e) =>
+          val errorMsg =
+            s"Error executing for query id $queryId"
+          error(errorMsg, e)
+          throw badRequest(NOT_FOUND, "Query not found")
+      }.get
+    Response.noContent.build
   }
 
   @ApiResponse(
@@ -110,11 +188,44 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
   @DELETE
   @Path("/executing/{queryId}/{slug}/{token}")
   def cancelExecutingStatementStatus(
-      @Context headers: HttpHeaders,
       @PathParam("queryId") queryId: String,
       @PathParam("slug") slug: String,
-      @PathParam("token") token: Long): QueryResults = {
-    throw new UnsupportedOperationException
+      @PathParam("token") token: Long,
+      @Context headers: HttpHeaders): Response = {
+
+    val remoteAddr = Option(httpRequest.getRemoteAddr)
+    val trinoContext = TrinoContext(headers, remoteAddr)
+    getQuery(fe.be, trinoContext, QueryId(queryId), slug, token, EXECUTING_QUERY)
+      .flatMap(query => Try(query.cancel))
+      .recover {
+        case NonFatal(e) =>
+          val errorMsg =
+            s"Error executing for query id $queryId"
+          error(errorMsg, e)
+          throw badRequest(NOT_FOUND, "Query not found")
+      }.get
+
+    Response.noContent.build
   }
 
+  private def getQuery(
+      be: BackendService,
+      context: TrinoContext,
+      queryId: QueryId,
+      slug: String,
+      token: Long,
+      slugContext: Slug.Context.Context): Try[Query] = {
+
+    Try(be.sessionManager.operationManager.getOperation(queryId.operationHandle)).map { _ =>
+      Query(queryId, context, be)
+    }.filter(_.getSlug.isValid(slugContext, slug, token))
+  }
+
+  private def badRequest(status: Response.Status, message: String) =
+    new WebApplicationException(
+      Response.status(status)
+        .`type`(TEXT_PLAIN_TYPE)
+        .entity(message)
+        .build)
+
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/RestFrontendTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/RestFrontendTestHelper.scala
index b22783771..fafdcf4a7 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/RestFrontendTestHelper.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/RestFrontendTestHelper.scala
@@ -37,7 +37,7 @@ import org.apache.kyuubi.service.AbstractFrontendService
 
 object RestFrontendTestHelper {
 
-  private class RestApiBaseSuite extends JerseyTest {
+  class RestApiBaseSuite extends JerseyTest {
 
     override def configure: Application = new ResourceConfig(getClass)
       .register(classOf[MultiPartFeature])
@@ -58,7 +58,7 @@ trait RestFrontendTestHelper extends WithKyuubiServer {
   override protected val frontendProtocols: Seq[FrontendProtocol] =
     FrontendProtocols.REST :: Nil
 
-  private val restApiBaseSuite = new RestApiBaseSuite
+  protected val restApiBaseSuite: JerseyTest = new RestApiBaseSuite
 
   override def beforeAll(): Unit = {
     super.beforeAll()
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoClientTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoClientTestHelper.scala
deleted file mode 100644
index c0b3949f4..000000000
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoClientTestHelper.scala
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi
-
-import java.net.URI
-import java.time.ZoneId
-import java.util.{Locale, Optional}
-import java.util.concurrent.TimeUnit
-
-import scala.collection.JavaConverters._
-
-import io.airlift.units.Duration
-import io.trino.client.{ClientSelectedRole, ClientSession, StatementClient, StatementClientFactory}
-import okhttp3.OkHttpClient
-
-trait TrinoClientTestHelper extends RestFrontendTestHelper {
-
-  override def afterAll(): Unit = {
-    super.afterAll()
-  }
-
-  private val httpClient = new OkHttpClient.Builder().build()
-
-  protected val clientSession = createClientSession(baseUri: URI)
-
-  def getTrinoStatementClient(sql: String): StatementClient = {
-    StatementClientFactory.newStatementClient(httpClient, clientSession, sql)
-  }
-
-  def createClientSession(connectUrl: URI): ClientSession = {
-    new ClientSession(
-      connectUrl,
-      "kyuubi_test",
-      Optional.of("test_user"),
-      "kyuubi",
-      Optional.of("test_token_tracing"),
-      Set[String]().asJava,
-      "test_client_info",
-      "test_catalog",
-      "test_schema",
-      "test_path",
-      ZoneId.systemDefault(),
-      Locale.getDefault,
-      Map[String, String](
-        "test_resource_key0" -> "test_resource_value0",
-        "test_resource_key1" -> "test_resource_value1").asJava,
-      Map[String, String](
-        "test_property_key0" -> "test_property_value0",
-        "test_property_key1" -> "test_propert_value1").asJava,
-      Map[String, String](
-        "test_statement_key0" -> "select 1",
-        "test_statement_key1" -> "select 2").asJava,
-      Map[String, ClientSelectedRole](
-        "test_role_key0" -> ClientSelectedRole.valueOf("ROLE"),
-        "test_role_key2" -> ClientSelectedRole.valueOf("ALL")).asJava,
-      Map[String, String](
-        "test_credentials_key0" -> "test_credentials_value0",
-        "test_credentials_key1" -> "test_credentials_value1").asJava,
-      "test_transaction_id",
-      new Duration(2, TimeUnit.MINUTES),
-      true)
-
-  }
-
-}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoRestFrontendTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoRestFrontendTestHelper.scala
new file mode 100644
index 000000000..1ff00e64f
--- /dev/null
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/TrinoRestFrontendTestHelper.scala
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi
+
+import org.glassfish.jersey.client.ClientConfig
+import org.glassfish.jersey.test.JerseyTest
+
+import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols
+import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.FrontendProtocol
+import org.apache.kyuubi.server.trino.api.TrinoScalaObjectMapper
+
+trait TrinoRestFrontendTestHelper extends RestFrontendTestHelper {
+
+  private class TrinoRestBaseSuite extends RestFrontendTestHelper.RestApiBaseSuite {
+    override def configureClient(config: ClientConfig): Unit = {
+      config.register(classOf[TrinoScalaObjectMapper])
+    }
+  }
+
+  override protected val frontendProtocols: Seq[FrontendProtocol] =
+    FrontendProtocols.TRINO :: Nil
+
+  override protected val restApiBaseSuite: JerseyTest = new TrinoRestBaseSuite
+
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
new file mode 100644
index 000000000..c88b5c940
--- /dev/null
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.trino.api
+
+import java.net.URI
+import java.time.ZoneId
+import java.util.{Collections, Locale, Optional}
+import java.util.concurrent.TimeUnit
+import java.util.concurrent.atomic.AtomicReference
+
+import scala.annotation.tailrec
+import scala.collection.JavaConverters._
+
+import com.google.common.base.Verify
+import io.airlift.units.Duration
+import io.trino.client.{ClientSession, StatementClient, StatementClientFactory}
+import okhttp3.OkHttpClient
+
+import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException, TrinoRestFrontendTestHelper}
+
+class TrinoClientApiSuite extends KyuubiFunSuite with TrinoRestFrontendTestHelper {
+
+  private val httpClient =
+    new OkHttpClient.Builder()
+      .readTimeout(5, TimeUnit.MINUTES)
+      .build()
+  private lazy val clientSession =
+    new AtomicReference[ClientSession](createTestClientSession(baseUri))
+
+  test("submit query with trino client api") {
+    val trino = getTrinoStatementClient("select 1")
+    val result = execute(trino)
+    val sessionId = trino.getSetSessionProperties.asScala.get("sessionId")
+    assert(result == List(List(1)))
+
+    updateClientSession(trino)
+
+    val trino1 = getTrinoStatementClient("select 2")
+    val result1 = execute(trino1)
+    val sessionId1 = trino1.getSetSessionProperties.asScala.get("sessionId")
+    assert(result1 == List(List(2)))
+    assert(sessionId != sessionId1)
+
+    trino.close()
+  }
+
+  private def updateClientSession(trino: StatementClient): Unit = {
+    val session = clientSession.get
+
+    var builder = ClientSession.builder(session)
+    // update catalog and schema
+    if (trino.getSetCatalog.isPresent || trino.getSetSchema.isPresent) {
+      builder = builder
+        .withCatalog(trino.getSetCatalog.orElse(session.getCatalog))
+        .withSchema(trino.getSetSchema.orElse(session.getSchema))
+    }
+
+    // update path if present
+    if (trino.getSetPath.isPresent) {
+      builder = builder.withPath(trino.getSetPath.get)
+    }
+
+    // update session properties if present
+    if (!trino.getSetSessionProperties.isEmpty || !trino.getResetSessionProperties.isEmpty) {
+      val properties = session.getProperties.asScala.clone()
+      properties ++= trino.getSetSessionProperties.asScala
+      properties --= trino.getResetSessionProperties.asScala
+      builder = builder.withProperties(properties.asJava)
+    }
+    clientSession.set(builder.build())
+  }
+
+  private def execute(trino: StatementClient): List[List[Any]] = {
+    @tailrec
+    def getData(trino: StatementClient): (Boolean, List[List[Any]]) = {
+      if (trino.isRunning) {
+        val data = trino.currentData().getData()
+        trino.advance()
+        if (data != null) {
+          (true, data.asScala.toList.map(_.asScala.toList))
+        } else {
+          getData(trino)
+        }
+      } else {
+        Verify.verify(trino.isFinished)
+        val finalStatus = trino.finalStatusInfo()
+        if (finalStatus.getError() != null) {
+          throw KyuubiSQLException(
+            s"Query ${finalStatus.getId} failed: ${finalStatus.getError.getMessage}")
+        }
+        (false, List[List[Any]]())
+      }
+    }
+    Iterator.continually(getData(trino)).takeWhile(_._1).flatMap(_._2).toList
+  }
+
+  private def getTrinoStatementClient(sql: String): StatementClient = {
+    StatementClientFactory.newStatementClient(httpClient, clientSession.get, sql)
+  }
+
+  private def createTestClientSession(connectUrl: URI): ClientSession = {
+    new ClientSession(
+      connectUrl,
+      "kyuubi_test",
+      Optional.of("test_user"),
+      "kyuubi",
+      Optional.of("test_token_tracing"),
+      Set[String]().asJava,
+      "test_client_info",
+      "test_catalog",
+      "test_schema",
+      null,
+      ZoneId.systemDefault(),
+      Locale.getDefault,
+      Collections.emptyMap(),
+      Map[String, String](
+        "test_property_key0" -> "test_property_value0",
+        "test_property_key1" -> "test_propert_value1").asJava,
+      Map[String, String](
+        "test_statement_key0" -> "select 1",
+        "test_statement_key1" -> "select 2").asJava,
+      Collections.emptyMap(),
+      Collections.emptyMap(),
+      null,
+      new Duration(2, TimeUnit.MINUTES),
+      true)
+
+  }
+
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
index 8d7b2bf2c..87c8eda96 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
@@ -85,7 +85,7 @@ class TrinoContextSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
     val metadataResp = fe.be.getResultSetMetadata(opHandle)
     val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false)
-    val status = fe.be.getOperationStatus(opHandle)
+    val status = fe.be.getOperationStatus(opHandle, Some(0))
 
     val uri = new URI("sfdsfsdfdsf")
     val results = TrinoContext
@@ -112,7 +112,7 @@ class TrinoContextSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
     val metadataResp = fe.be.getResultSetMetadata(opHandle)
     val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false)
-    val status = fe.be.getOperationStatus(opHandle)
+    val status = fe.be.getOperationStatus(opHandle, Some(0))
 
     val uri = new URI("sfdsfsdfdsf")
     val results = TrinoContext
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
index b60c7c67a..adbf389c9 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
@@ -17,15 +17,27 @@
 
 package org.apache.kyuubi.server.trino.api.v1
 
-import org.apache.kyuubi.{KyuubiFunSuite, RestFrontendTestHelper}
-import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols
-import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.FrontendProtocol
+import javax.ws.rs.client.Entity
+import javax.ws.rs.core.{MediaType, Response}
+
+import scala.collection.JavaConverters._
+
+import io.trino.client.{QueryError, QueryResults}
+import io.trino.client.ProtocolHeaders.TRINO_HEADERS
+
+import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException, TrinoRestFrontendTestHelper}
+import org.apache.kyuubi.operation.{OperationHandle, OperationState}
+import org.apache.kyuubi.server.trino.api.TrinoContext
 import org.apache.kyuubi.server.trino.api.v1.dto.Ok
+import org.apache.kyuubi.session.SessionHandle
 
-class StatementResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
+class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHelper {
 
-  override protected val frontendProtocols: Seq[FrontendProtocol] =
-    FrontendProtocols.TRINO :: Nil
+  case class TrinoResponse(
+      response: Option[Response] = None,
+      queryError: Option[QueryError] = None,
+      data: List[List[Any]] = List[List[Any]](),
+      isEnd: Boolean = false)
 
   test("statement test") {
     val response = webTarget.path("v1/statement/test").request().get()
@@ -33,4 +45,74 @@ class StatementResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper
     assert(result == new Ok("trino server is running"))
   }
 
+  test("statement submit for query error") {
+
+    val response = webTarget.path("v1/statement")
+      .request().post(Entity.entity("select a", MediaType.TEXT_PLAIN_TYPE))
+
+    val trinoResponseIter = Iterator.iterate(TrinoResponse(response = Option(response)))(getData)
+    val isErr = trinoResponseIter.takeWhile(_.isEnd == false).exists { t =>
+      t.queryError != None && t.response == None
+    }
+    assert(isErr == true)
+  }
+
+  test("statement submit and get result") {
+    val response = webTarget.path("v1/statement")
+      .request().post(Entity.entity("select 1", MediaType.TEXT_PLAIN_TYPE))
+
+    val trinoResponseIter = Iterator.iterate(TrinoResponse(response = Option(response)))(getData)
+    val dataSet = trinoResponseIter
+      .takeWhile(_.isEnd == false)
+      .map(_.data)
+      .flatten.toList
+    assert(dataSet == List(List(1)))
+  }
+
+  test("query cancel") {
+    val response = webTarget.path("v1/statement")
+      .request().post(Entity.entity("select 1", MediaType.TEXT_PLAIN_TYPE))
+    val qr = response.readEntity(classOf[QueryResults])
+    val sessionManager = fe.be.sessionManager
+    val sessionHandle =
+      response.getStringHeaders.get(TRINO_HEADERS.responseSetSession).asScala
+        .map(_.split("="))
+        .find {
+          case Array("sessionId", _) => true
+        }
+        .map {
+          case Array(_, value) => SessionHandle.fromUUID(TrinoContext.urlDecode(value))
+        }.get
+    sessionManager.getSession(sessionHandle)
+    val operationHandle = OperationHandle(qr.getId)
+    val operation = sessionManager.operationManager.getOperation(operationHandle)
+    assert(response.getStatus == 200)
+    val path = qr.getNextUri.getPath
+    val nextResponse = webTarget.path(path).request().header(
+      TRINO_HEADERS.requestSession(),
+      s"sessionId=${TrinoContext.urlEncode(sessionHandle.identifier.toString)}").delete()
+    assert(nextResponse.getStatus == 204)
+    assert(operation.getStatus.state == OperationState.CLOSED)
+    val exception = intercept[KyuubiSQLException](sessionManager.getSession(sessionHandle))
+    assert(exception.getMessage === s"Invalid $sessionHandle")
+
+  }
+
+  private def getData(current: TrinoResponse): TrinoResponse = {
+    current.response.map { response =>
+      assert(response.getStatus == 200)
+      val qr = response.readEntity(classOf[QueryResults])
+      val nextData = Option(qr.getData)
+        .map(_.asScala.toList.map(_.asScala.toList))
+        .getOrElse(List[List[Any]]())
+      val nextResponse = Option(qr.getNextUri).map {
+        uri =>
+          val path = uri.getPath
+          val headers = response.getHeaders
+          webTarget.path(path).request().headers(headers).get()
+      }
+      TrinoResponse(nextResponse, Option(qr.getError), nextData)
+    }.getOrElse(TrinoResponse(isEnd = true))
+  }
+
 }
diff --git a/pom.xml b/pom.xml
index a15b4b590..06fba720d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -778,6 +778,12 @@
                 <version>${jackson.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>com.fasterxml.jackson.datatype</groupId>
+                <artifactId>jackson-datatype-jdk8</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>com.fasterxml.jackson.jaxrs</groupId>
                 <artifactId>jackson-jaxrs-base</artifactId>

From 161dd3fa8d4eeea693bfd835d0de08026d6f82fa Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 13 Feb 2023 19:37:50 +0800
Subject: [PATCH 054/760] [KYUUBI #4317] Upload
 `kyuubi-spark-batch-submit.log.*` on CI failure

### _Why are the changes needed?_

```
...
07:43:26.520 KyuubiSessionManager-exec-pool: Thread-779 INFO ProcBuilder: Logging to /home/runner/work/kyuubi/kyuubi/kyuubi-server/target/work/runner/kyuubi-spark-batch-submit.log.0
...
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4317 from pan3793/ci-log.

Closes #4317

dbde5306 [Cheng Pan] Upload kyuubi-spark-batch-submit.log on CI failure

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .github/workflows/master.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index fd0505999..ed7403fbc 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -102,6 +102,7 @@ jobs:
           path: |
             **/target/unit-tests.log
             **/kyuubi-spark-sql-engine.log*
+            **/kyuubi-spark-batch-submit.log*
 
   authz:
     name: Kyuubi-AuthZ and Spark Test

From 10adbdc1855b8059fe2e7e72cf814aad2af63b20 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 13 Feb 2023 20:11:20 +0800
Subject: [PATCH 055/760] [KYUUBI #4315] [INFRA] Check modules available before
 build step in dependency workflow

### _Why are the changes needed?_

- Check whether modules are available by running `mvnd dependency:resolve`. if true, skip the `build` step of `mvnd install`.
- Reducing the time cost of dependency workflow from  ~ 10 min to ~4 min ([see log](https://github.com/apache/kyuubi/actions/runs/4162071562/jobs/7200786535)).

### _How was this patch tested?_
- [x] Pass CI workflows

Closes #4315 from bowenliang123/dep-check-first.

Closes #4315

7c20ea24 [liangbowen] nit
65397868 [liangbowen] add validate to bring back enforcer check
1c035136 [liangbowen] add validate to bring back enforcer check
d4e703de [liangbowen] update dep.yml
8f8d0457 [liangbowen] update dep.yml
e7adfacf [liangbowen] update
c88eff98 [liangbowen] check modules available before build

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/dep.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index dc94e4ea7..ebda6b47e 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -47,9 +47,18 @@ jobs:
           check-latest: false
       - name: Setup Mvnd
         uses: ./.github/actions/setup-mvnd
+      - name: Check kyuubi modules available
+        id: modules-check
+        run: >-
+          build/mvnd dependency:resolve validate
+          -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile"
+          -Pfast -Denforcer.skip=false
+          -pl kyuubi-ctl,kyuubi-server,kyuubi-assembly -am
+        continue-on-error: true
       - name: build
         env:
           MAVEN_OPTS: -Dorg.slf4j.simpleLogger.defaultLogLevel=error
+        if: steps.modules-check.conclusion == 'success' && steps.modules-check.outcome == 'failure'
         run: >-
           build/mvnd clean install
           -Pflink-provided,spark-provided,hive-provided

From bb3e06a035d76c4bc9448e5430fbdaa31f8c74ed Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 14 Feb 2023 02:23:32 +0800
Subject: [PATCH 056/760] [KYUUBI #4312] [DOCS] Include `**/README.md` in
 markdown style check

### _Why are the changes needed?_

- Include `**/README.md` markdown files in spotless style check

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4312 from bowenliang123/reformat-readme.

Closes #4312

1fda1bdeb [Bowen Liang] Merge branch 'master' into reformat-readme
2ca8b4c81 [liangbowen] merge master
876f52a4c [liangbowen] include `**/README.md` in spotless style check

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 README.md                                     | 41 ++++++--------
 dev/kyuubi-tpcds/README.md                    | 53 ++++++++++---------
 docker/playground/README.md                   |  3 +-
 extensions/README.md                          | 36 ++++++-------
 extensions/spark/kyuubi-spark-authz/README.md | 32 +++++------
 .../spark/kyuubi-spark-lineage/README.md      | 33 ++++++------
 kyuubi-hive-beeline/README.md                 |  1 +
 kyuubi-hive-jdbc/README.md                    |  2 +-
 kyuubi-server/web-ui/README.md                |  2 +-
 pom.xml                                       |  1 +
 10 files changed, 101 insertions(+), 103 deletions(-)

diff --git a/README.md b/README.md
index 0b46abf85..e54f6fac0 100644
--- a/README.md
+++ b/README.md
@@ -1,19 +1,19 @@
 <!--
- - Licensed to the Apache Software Foundation (ASF) under one or more
- - contributor license agreements.  See the NOTICE file distributed with
- - this work for additional information regarding copyright ownership.
- - The ASF licenses this file to You under the Apache License, Version 2.0
- - (the "License"); you may not use this file except in compliance with
- - the License.  You may obtain a copy of the License at
- -
- -   http://www.apache.org/licenses/LICENSE-2.0
- -
- - Unless required by applicable law or agreed to in writing, software
- - distributed under the License is distributed on an "AS IS" BASIS,
- - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- - See the License for the specific language governing permissions and
- - limitations under the License.
- -->
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
 
 <p align="center">
   <img src="https://svn.apache.org/repos/asf/comdev/project-logos/originals/kyuubi-1.svg" alt="Kyuubi logo" height="120px"/>
@@ -45,6 +45,7 @@
 </p>
 
 # Apache Kyuubi
+
 Apache Kyuubi™ is a distributed and multi-tenant gateway to provide serverless
 SQL on data warehouses and lakehouses.
 
@@ -60,12 +61,10 @@ Kyuubi provides a pure SQL gateway through Thrift JDBC/ODBC interface for end-us
 - [x] Multi-tenant Spark Support
 - [x] Running Spark in a serverless way
 
-
 ### Target Users
 
 Kyuubi's goal is to make it easy and efficient for `anyone` to use Spark(maybe other engines soon) and facilitate users to handle big data like ordinary data. Here, `anyone` means that users do not need to have a Spark technical background but a human language, SQL only. Sometimes, SQL skills are unnecessary when integrating Kyuubi with Apache Superset, which supports rich visualizations and dashboards.
 
-
 In typical big data production environments with Kyuubi, there should be system administrators and end-users.
 
 - System administrators: A small group consists of Spark experts responsible for Kyuubi deployment, configuration, and tuning.
@@ -73,7 +72,6 @@ In typical big data production environments with Kyuubi, there should be system
 
 Additionally, the Kyuubi community will continuously optimize the whole system with various features, such as History-Based Optimizer, Auto-tuning, Materialized View, SQL Dialects, Functions, e.t.c.
 
-
 ### Usage scenarios
 
 #### Port workloads from HiveServer2 to Spark SQL
@@ -86,7 +84,6 @@ HiveServer2 can identify and authenticate a caller, and then if the caller also
 
 Kyuubi extends the use of STS in a multi-tenant model based on a unified interface and relies on the concept of multi-tenancy to interact with cluster managers to finally gain the ability of resources sharing/isolation and data security. The loosely coupled architecture of the Kyuubi server and engine dramatically improves the client concurrency and service stability of the service itself.
 
-
 #### DataLake/LakeHouse Support
 
 The vision of Kyuubi is to unify the portal and become an easy-to-use data lake management platform. Different kinds of workloads, such as ETL processing and BI analytics, can be supported by one platform, using one copy of data, with one SQL interface.
@@ -95,25 +92,19 @@ The vision of Kyuubi is to unify the portal and become an easy-to-use data lake
 - Multiple Catalogs support
 - SQL Standard Authorization support for DataLake(coming)
 
-
 #### Cloud Native Support
 
 Kyuubi can deploy its engines on different kinds of Cluster Managers, such as, Hadoop YARN, Kubernetes, etc.
 
-
 ![](./docs/imgs/kyuubi_migrating_yarn_to_k8s.png)
 
-
 ### The Kyuubi Ecosystem(present and future)
 
-
 The figure below shows our vision for the Kyuubi Ecosystem. Some of them have been realized, some in development,
 and others would not be possible without your help.
 
 ![](./docs/imgs/kyuubi_ecosystem.drawio.png)
 
-
-
 ## Online Documentation
 
 Since Kyuubi 1.3.0-incubating, the Kyuubi online documentation is hosted by [https://kyuubi.apache.org/](https://kyuubi.apache.org/).
diff --git a/dev/kyuubi-tpcds/README.md b/dev/kyuubi-tpcds/README.md
index adffb6726..a9a6487aa 100644
--- a/dev/kyuubi-tpcds/README.md
+++ b/dev/kyuubi-tpcds/README.md
@@ -1,21 +1,22 @@
 <!--
- - Licensed to the Apache Software Foundation (ASF) under one or more
- - contributor license agreements.  See the NOTICE file distributed with
- - this work for additional information regarding copyright ownership.
- - The ASF licenses this file to You under the Apache License, Version 2.0
- - (the "License"); you may not use this file except in compliance with
- - the License.  You may obtain a copy of the License at
- -
- -   http://www.apache.org/licenses/LICENSE-2.0
- -
- - Unless required by applicable law or agreed to in writing, software
- - distributed under the License is distributed on an "AS IS" BASIS,
- - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- - See the License for the specific language governing permissions and
- - limitations under the License.
- -->
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
 
 # Introduction
+
 This module includes TPC-DS data generator and benchmark tool.
 
 # How to use
@@ -27,12 +28,12 @@ package jar with following command:
 
 Support options:
 
-| key          | default         | description                       |
-|--------------|-----------------|-----------------------------------|
-| db           | default         | the database to write data        |
-| scaleFactor  | 1               | the scale factor of TPC-DS        |
-| format       | parquet         | the format of table to store data |
-| parallel     | scaleFactor * 2 | the parallelism of Spark job      |
+|     key     |     default     |            description            |
+|-------------|-----------------|-----------------------------------|
+| db          | default         | the database to write data        |
+| scaleFactor | 1               | the scale factor of TPC-DS        |
+| format      | parquet         | the format of table to store data |
+| parallel    | scaleFactor * 2 | the parallelism of Spark job      |
 
 Example: the following command to generate 10GB data with new database `tpcds_sf10`.
 
@@ -47,7 +48,7 @@ $SPARK_HOME/bin/spark-submit \
 
 Support options:
 
-| key         | default                | description                                                   |
+|     key     |        default         |                          description                          |
 |-------------|------------------------|---------------------------------------------------------------|
 | db          | none(required)         | the TPC-DS database                                           |
 | benchmark   | tpcds-v2.4-benchmark   | the name of application                                       |
@@ -65,6 +66,7 @@ $SPARK_HOME/bin/spark-submit \
 ```
 
 We also support run one of the TPC-DS query:
+
 ```shell
 $SPARK_HOME/bin/spark-submit \
   --class org.apache.kyuubi.tpcds.benchmark.RunBenchmark \
@@ -73,6 +75,7 @@ $SPARK_HOME/bin/spark-submit \
 
 The result of TPC-DS benchmark like:
 
-| name    | minTimeMs |  maxTimeMs  |  avgTimeMs | stdDev   | stdDevPercent  |
-|---------|-----------|-------------|------------|----------|----------------|
-| q1-v2.4 | 50.522384 |  868.010383 | 323.398267 | 471.6482 | 145.8413108576 |
+|  name   | minTimeMs | maxTimeMs  | avgTimeMs  |  stdDev  | stdDevPercent  |
+|---------|-----------|------------|------------|----------|----------------|
+| q1-v2.4 | 50.522384 | 868.010383 | 323.398267 | 471.6482 | 145.8413108576 |
+
diff --git a/docker/playground/README.md b/docker/playground/README.md
index d9e227c2c..66dca2af0 100644
--- a/docker/playground/README.md
+++ b/docker/playground/README.md
@@ -1,5 +1,5 @@
 Playground
-===
+==========
 
 ## For Users
 
@@ -45,3 +45,4 @@ Kyuubi supply some built-in dataset, after Kyuubi started, you can run the follo
 
 1. Build images `docker/playground/build-image.sh`;
 2. Optional to use `buildx` to build and publish cross-platform images `BUILDX=1 docker/playground/build-image.sh`;
+
diff --git a/extensions/README.md b/extensions/README.md
index 92eac9097..5725f0f9b 100644
--- a/extensions/README.md
+++ b/extensions/README.md
@@ -1,25 +1,24 @@
 <!--
- - Licensed to the Apache Software Foundation (ASF) under one or more
- - contributor license agreements.  See the NOTICE file distributed with
- - this work for additional information regarding copyright ownership.
- - The ASF licenses this file to You under the Apache License, Version 2.0
- - (the "License"); you may not use this file except in compliance with
- - the License.  You may obtain a copy of the License at
- -
- -   http://www.apache.org/licenses/LICENSE-2.0
- -
- - Unless required by applicable law or agreed to in writing, software
- - distributed under the License is distributed on an "AS IS" BASIS,
- - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- - See the License for the specific language governing permissions and
- - limitations under the License.
- -->
- 
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+
 # For developers
 
 This folder contains plugins/extension for kyuubi server and different engine types.
 
-
 - ext
   - kyuubi-server
   - spark
@@ -27,4 +26,5 @@ This folder contains plugins/extension for kyuubi server and different engine ty
   - trino
   - hive
   - others
-  - ...
\ No newline at end of file
+  - ...
+
diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index c257e30e1..554797ee0 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -1,19 +1,19 @@
 <!--
- - Licensed to the Apache Software Foundation (ASF) under one or more
- - contributor license agreements.  See the NOTICE file distributed with
- - this work for additional information regarding copyright ownership.
- - The ASF licenses this file to You under the Apache License, Version 2.0
- - (the "License"); you may not use this file except in compliance with
- - the License.  You may obtain a copy of the License at
- -
- -   http://www.apache.org/licenses/LICENSE-2.0
- -
- - Unless required by applicable law or agreed to in writing, software
- - distributed under the License is distributed on an "AS IS" BASIS,
- - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- - See the License for the specific language governing permissions and
- - limitations under the License.
- -->
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
 
 # Kyuubi Spark AuthZ Extension
 
@@ -29,7 +29,6 @@
 build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dranger.version=2.3.0
 ```
 
-
 ### Supported Apache Spark Versions
 
 `-Dspark.version=`
@@ -54,3 +53,4 @@ build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dran
 - [x] 1.0.x
 - [x] 0.7.x
 - [x] 0.6.x
+
diff --git a/extensions/spark/kyuubi-spark-lineage/README.md b/extensions/spark/kyuubi-spark-lineage/README.md
index e70acc015..34f2733b4 100644
--- a/extensions/spark/kyuubi-spark-lineage/README.md
+++ b/extensions/spark/kyuubi-spark-lineage/README.md
@@ -1,26 +1,26 @@
 <!--
- - Licensed to the Apache Software Foundation (ASF) under one or more
- - contributor license agreements.  See the NOTICE file distributed with
- - this work for additional information regarding copyright ownership.
- - The ASF licenses this file to You under the Apache License, Version 2.0
- - (the "License"); you may not use this file except in compliance with
- - the License.  You may obtain a copy of the License at
- -
- -   http://www.apache.org/licenses/LICENSE-2.0
- -
- - Unless required by applicable law or agreed to in writing, software
- - distributed under the License is distributed on an "AS IS" BASIS,
- - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- - See the License for the specific language governing permissions and
- - limitations under the License.
- -->
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
 
 # Kyuubi Spark Listener Extension
 
 ## Functions
 
 - [x] All `listener` extensions can be implemented in this module, like `QueryExecutionListener` and `ExtraListener`
-- [x] Add `SparkOperationLineageQueryExecutionListener` to extends spark `QueryExecutionListener` 
+- [x] Add `SparkOperationLineageQueryExecutionListener` to extends spark `QueryExecutionListener`
 - [x] SQL lineage parsing will be triggered after SQL execution and will be written to the json logger file
 
 ## Build
@@ -37,3 +37,4 @@ build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -Dspark.version=3.2.1
 - [x] 3.3.x (default)
 - [x] 3.2.x
 - [x] 3.1.x
+
diff --git a/kyuubi-hive-beeline/README.md b/kyuubi-hive-beeline/README.md
index ec4f86fd7..161acb99b 100644
--- a/kyuubi-hive-beeline/README.md
+++ b/kyuubi-hive-beeline/README.md
@@ -3,3 +3,4 @@
 Aiming to make a better supported beeline for Kyuubi
 
 - Support to show launch engine log when getting KyuubiConnection(Done, available since v1.4.0-incubating)
+
diff --git a/kyuubi-hive-jdbc/README.md b/kyuubi-hive-jdbc/README.md
index 3210e76ac..10a0522dc 100644
--- a/kyuubi-hive-jdbc/README.md
+++ b/kyuubi-hive-jdbc/README.md
@@ -1,9 +1,9 @@
 # Kyuubi Hive JDBC Module
 
-
 Aiming to make a better supported client for Kyuubi and Spark
 
 - Add catalog to getTables meta function for DataLakes (DONE, broken in v1.3.0-incubating, fixed in v1.3.1-incubating)
 - Deploy to maven central (DONE, available since v1.3.0-incubating)
 - Create shaded jar (DONE, available since v1.4.0-incubating)
 - Remove Hive dependencies (DONE, available since v1.6.0-incubating)
+
diff --git a/kyuubi-server/web-ui/README.md b/kyuubi-server/web-ui/README.md
index cc5654b23..6d808ecde 100644
--- a/kyuubi-server/web-ui/README.md
+++ b/kyuubi-server/web-ui/README.md
@@ -17,7 +17,6 @@ npm install
 
 To do this you can change the VITE_APP_DEV_WEB_URL parameter variable as the service url in `.env.development` in the project root directory, such as http://127.0. 0.1:8090
 
-
 ```shell
 npm run dev
 ```
@@ -56,3 +55,4 @@ pnpm run build
 # Code Format
 pnpm run prettier
 ```
+
diff --git a/pom.xml b/pom.xml
index 06fba720d..8bffc4f8b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2076,6 +2076,7 @@
                         </python>
                         <markdown>
                             <includes>
+                                <include>**/README.md</include>
                                 <include>docs/**/*.md</include>
                             </includes>
                             <flexmark>

From 4de0a697ae700d5c6d6122f740437f38d66715dd Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 14 Feb 2023 10:48:59 +0800
Subject: [PATCH 057/760] [KYUUBI #4312] [FOLLOWUP] Fix overmatched README
 pattern for markdown styling

### _Why are the changes needed?_

- fix the README files' over-matched pattern mentioned in https://github.com/apache/kyuubi/pull/4312/files#r1105223855

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4319 from bowenliang123/readme-match-pattern.

Closes #4312

3a8266e6 [liangbowen] update
189695be [liangbowen] fix overmatching pattern for README file

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8bffc4f8b..644119ece 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2076,8 +2076,9 @@
                         </python>
                         <markdown>
                             <includes>
-                                <include>**/README.md</include>
                                 <include>docs/**/*.md</include>
+                                <include>*/README.md</include>
+                                <include>docker/playground/README.md</include>
                             </includes>
                             <flexmark>
                                 <version>${flexmark.version}</version>

From 16d4735c92f7fde9b31e1831647bab2e058a5906 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Tue, 14 Feb 2023 13:30:25 +0800
Subject: [PATCH 058/760] [KYUUBI #4322] MySQL url configuration joiner should
 use `&` instead of `;`

### _Why are the changes needed?_

The mysql url configuration joiner should use `&` instead of `;`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4322 from Yikf/mysql-fe-test.

Closes #4322

8d289e793 [Yikf] The configuration joiner should use `&` instead of `;`

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/server/mysql/MySQLJDBCTestHelper.scala    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/mysql/MySQLJDBCTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/mysql/MySQLJDBCTestHelper.scala
index a703b6b15..e6df1fb20 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/mysql/MySQLJDBCTestHelper.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/mysql/MySQLJDBCTestHelper.scala
@@ -42,7 +42,7 @@ trait MySQLJDBCTestHelper extends JDBCTestHelper {
       if (jdbcConfigs.isEmpty) {
         ""
       } else {
-        "?" + jdbcConfigs.map(kv => kv._1 + "=" + kv._2).mkString(";")
+        "?" + jdbcConfigs.map(kv => kv._1 + "=" + kv._2).mkString("&")
       }
     jdbcUrl + jdbcConfStr
   }

From 02deaf4756fef953d706f171d87c5d0dd760f264 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Tue, 14 Feb 2023 13:34:55 +0800
Subject: [PATCH 059/760] [KYUUBI #4320] Support GetPrimaryKeys for Trino Fe

### _Why are the changes needed?_

Support GetPrimaryKeys for Trino Fe, close https://github.com/apache/kyuubi/issues/4320

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4321 from Yikf/primaryKeys.

Closes #4320

3690a2c7 [Yikf] Support GetPrimaryKeys for Trino Fe

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4 |  6 ++++++
 .../kyuubi/sql/KyuubiTrinoFeBaseParser.g4       |  7 +++++++
 .../api/KyuubiTrinoOperationTranslator.scala    |  7 ++++++-
 .../parser/trino/KyuubiTrinoFeAstBuilder.scala  |  6 +++++-
 .../sql/plan/trino/TrinoFeOperations.scala      |  4 ++++
 .../parser/trino/KyuubiTrinoFeParserSuite.scala | 17 ++++++++++++++++-
 6 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4 b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4
index 0b9543a43..0cc02de64 100644
--- a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4
+++ b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4
@@ -97,6 +97,12 @@ SCOPE_TABLE: 'SCOPE_TABLE';
 SOURCE_DATA_TYPE: 'SOURCE_DATA_TYPE';
 IS_AUTOINCREMENT: 'IS_AUTOINCREMENT';
 IS_GENERATEDCOLUMN: 'IS_GENERATEDCOLUMN';
+VARCHAR: 'VARCHAR';
+SMALLINT: 'SMALLINT';
+CAST: 'CAST';
+AS: 'AS';
+KEY_SEQ: 'KEY_SEQ';
+PK_NAME: 'PK_NAME';
 
 fragment SEARCH_STRING_ESCAPE: '\'' '\\' '\'';
 
diff --git a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4 b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4
index 590c4378d..6af00af5d 100644
--- a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4
+++ b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4
@@ -47,6 +47,13 @@ statement
       SOURCE_DATA_TYPE COMMA IS_AUTOINCREMENT COMMA IS_GENERATEDCOLUMN FROM SYSTEM_JDBC_COLUMNS
       (WHERE tableCatalogFilter? AND? tableSchemaFilter? AND? tableNameFilter? AND? colNameFilter?)?
       ORDER BY TABLE_CAT COMMA TABLE_SCHEM COMMA TABLE_NAME COMMA ORDINAL_POSITION                      #getColumns
+    | SELECT CAST LEFT_PAREN NULL AS VARCHAR RIGHT_PAREN TABLE_CAT COMMA
+      CAST LEFT_PAREN NULL AS VARCHAR RIGHT_PAREN TABLE_SCHEM COMMA
+      CAST LEFT_PAREN NULL AS VARCHAR RIGHT_PAREN TABLE_NAME COMMA
+      CAST LEFT_PAREN NULL AS VARCHAR RIGHT_PAREN COLUMN_NAME COMMA
+      CAST LEFT_PAREN NULL AS SMALLINT RIGHT_PAREN KEY_SEQ COMMA
+      CAST LEFT_PAREN NULL AS VARCHAR RIGHT_PAREN PK_NAME
+      WHERE FALSE                                                                                       #getPrimaryKeys
     | .*?                                                                                               #passThrough
     ;
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala
index 5eba9c327..c78cb351e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/KyuubiTrinoOperationTranslator.scala
@@ -24,7 +24,7 @@ import org.apache.kyuubi.service.BackendService
 import org.apache.kyuubi.session.SessionHandle
 import org.apache.kyuubi.sql.parser.trino.KyuubiTrinoFeParser
 import org.apache.kyuubi.sql.plan.PassThroughNode
-import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
+import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
 
 class KyuubiTrinoOperationTranslator(backendService: BackendService) {
   lazy val parser = new KyuubiTrinoFeParser()
@@ -60,6 +60,11 @@ class KyuubiTrinoOperationTranslator(backendService: BackendService) {
           schemaPattern,
           tableNamePattern,
           colNamePattern)
+      case GetPrimaryKeys() =>
+        val operationHandle = backendService.getPrimaryKeys(sessionHandle, null, null, null)
+        // The trino implementation always returns empty.
+        operationHandle.setHasResultSet(false)
+        operationHandle
       case PassThroughNode() =>
         backendService.executeStatement(sessionHandle, statement, configs, runAsync, queryTimeout)
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala
index c5ae97199..061985c1c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala
@@ -25,7 +25,7 @@ import org.apache.kyuubi.sql.KyuubiTrinoFeBaseParser._
 import org.apache.kyuubi.sql.KyuubiTrinoFeBaseParserBaseVisitor
 import org.apache.kyuubi.sql.parser.KyuubiParser.unescapeSQLString
 import org.apache.kyuubi.sql.plan.{KyuubiTreeNode, PassThroughNode}
-import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
+import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
 
 class KyuubiTrinoFeAstBuilder extends KyuubiTrinoFeBaseParserBaseVisitor[AnyRef] {
 
@@ -92,6 +92,10 @@ class KyuubiTrinoFeAstBuilder extends KyuubiTrinoFeBaseParserBaseVisitor[AnyRef]
     GetColumns(catalog, schemaPattern, tableNamePattern, colNamePattern)
   }
 
+  override def visitGetPrimaryKeys(ctx: GetPrimaryKeysContext): KyuubiTreeNode = {
+    GetPrimaryKeys()
+  }
+
   override def visitNullCatalog(ctx: NullCatalogContext): AnyRef = {
     null
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala
index 85e6f168b..6136995ab 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala
@@ -55,3 +55,7 @@ case class GetColumns(
     colNamePattern: String) extends KyuubiTreeNode {
   override def name(): String = "Get Columns"
 }
+
+case class GetPrimaryKeys() extends KyuubiTreeNode {
+  override def name(): String = "Get Primary Keys"
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala
index 3f5cf70b5..bbced0b61 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.parser.trino
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.sql.parser.trino.KyuubiTrinoFeParser
 import org.apache.kyuubi.sql.plan.{KyuubiTreeNode, PassThroughNode}
-import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
+import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
 
 class KyuubiTrinoFeParserSuite extends KyuubiFunSuite {
   val parser = new KyuubiTrinoFeParser()
@@ -354,4 +354,19 @@ class KyuubiTrinoFeParserSuite extends KyuubiFunSuite {
       tableName = "%aa",
       colName = "%bb")
   }
+
+  test("Support GetPrimaryKeys for Trino Fe") {
+    val kyuubiTreeNode = parse(
+      """
+        | SELECT CAST(NULL AS varchar) TABLE_CAT,
+        | CAST(NULL AS varchar) TABLE_SCHEM,
+        | CAST(NULL AS varchar) TABLE_NAME,
+        | CAST(NULL AS varchar) COLUMN_NAME,
+        | CAST(NULL AS smallint) KEY_SEQ,
+        | CAST(NULL AS varchar) PK_NAME
+        | WHERE false
+        |""".stripMargin)
+
+    assert(kyuubiTreeNode.isInstanceOf[GetPrimaryKeys])
+  }
 }

From 9ce5ef62390a8dc40043bee1cfd0943ea24e35fd Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Tue, 14 Feb 2023 14:57:00 +0800
Subject: [PATCH 060/760] [KYUUBI #4324] Add Publish docker image step

### _Why are the changes needed?_

Add Publish docker image step. The step details is maintained by docker repo.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4324 from ulysses-you/release.

Closes #4324

0f6a6646 [ulysses-you] Add Publish docker image step

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/community/release.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/community/release.md b/docs/community/release.md
index 5d3a00b03..ffbdda9c1 100644
--- a/docs/community/release.md
+++ b/docs/community/release.md
@@ -49,6 +49,8 @@ The release process consists of several steps:
 6. If necessary, fix any issues and go back to step 3.
 7. Finalize the release
 8. Promote the release
+9. Remove the dist repo directories for deprecated release candidates
+10. Publish docker image
 
 ## Decide to release
 
@@ -280,3 +282,6 @@ svn delete https://dist.apache.org/repos/dist/dev/kyuubi/{RELEASE_TAG} \
   --message "Remove deprecated Apache Kyuubi ${RELEASE_TAG}" 
 ```
 
+## Publish docker image
+
+See steps in `https://github.com/apache/kyuubi-docker/blob/master/release/release_guide.md`

From 763c088d8197b168894b3e5d84aefc248fd3273b Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Tue, 14 Feb 2023 15:33:36 +0800
Subject: [PATCH 061/760] [KYUUBI #4323] Improve trino session context

### _Why are the changes needed?_

This pr improves the trino session context:
1. always reuse the kyuubi session if session id exists, so we can restore the session context for next query
2. transform trino client information to kyuubi session, e.g. trino request source (trino-cli)

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4323 from ulysses-you/trino-session.

Closes #4323

59804bad [ulysses-you] style
fcf540a6 [ulysses-you] Improve trino session context

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../kyuubi/server/trino/api/Query.scala       | 54 ++++++++++++++-----
 .../server/trino/api/TrinoContext.scala       | 20 ++++---
 .../trino/api/v1/StatementResource.scala      |  7 +--
 .../trino/api/TrinoClientApiSuite.scala       | 18 +++++--
 .../trino/api/v1/StatementResourceSuite.scala |  8 +--
 5 files changed, 74 insertions(+), 33 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
index c8c9e2fd6..925875579 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
@@ -25,6 +25,8 @@ import java.util.concurrent.atomic.AtomicLong
 import javax.ws.rs.WebApplicationException
 import javax.ws.rs.core.{Response, UriInfo}
 
+import scala.collection.mutable
+
 import Slug.Context.{EXECUTING_QUERY, QUEUED_QUERY}
 import com.google.common.hash.Hashing
 import io.trino.client.QueryResults
@@ -32,6 +34,7 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
 import org.apache.kyuubi.operation.OperationState.{FINISHED, INITIALIZED, OperationState, PENDING}
+import org.apache.kyuubi.server.trino.api.Query.KYUUBI_SESSION_ID
 import org.apache.kyuubi.service.BackendService
 import org.apache.kyuubi.session.SessionHandle
 
@@ -90,7 +93,7 @@ case class Query(
 
   private def clear = {
     be.closeOperation(queryId.operationHandle)
-    context.session.get("sessionId").foreach { id =>
+    context.session.get(KYUUBI_SESSION_ID).foreach { id =>
       be.closeSession(SessionHandle.fromUUID(id))
     }
   }
@@ -128,23 +131,24 @@ case class Query(
 
 object Query {
 
+  val KYUUBI_SESSION_ID = "kyuubi.session.id"
+
   def apply(
       statement: String,
       context: TrinoContext,
       translator: KyuubiTrinoOperationTranslator,
       backendService: BackendService,
       queryTimeout: Long = 0): Query = {
-
-    val sessionHandle = createSession(context, backendService)
+    val sessionHandle = getOrCreateSession(context, backendService)
     val operationHandle = translator.transform(
       statement,
       sessionHandle,
       context.session,
       true,
       queryTimeout)
-    val newSessionProperties =
-      context.session + ("sessionId" -> sessionHandle.identifier.toString)
-    val updatedContext = context.copy(session = newSessionProperties)
+    val sessionWithId =
+      context.session + (KYUUBI_SESSION_ID -> sessionHandle.identifier.toString)
+    val updatedContext = context.copy(session = sessionWithId)
     Query(QueryId(operationHandle), updatedContext, backendService)
   }
 
@@ -152,15 +156,39 @@ object Query {
     Query(QueryId(id), context, backendService)
   }
 
-  private def createSession(
+  private def getOrCreateSession(
       context: TrinoContext,
       backendService: BackendService): SessionHandle = {
-    backendService.openSession(
-      TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
-      context.user,
-      "",
-      context.remoteUserAddress.getOrElse(""),
-      context.session)
+    context.session.get(KYUUBI_SESSION_ID).map(SessionHandle.fromUUID).getOrElse {
+      // transform Trino information to session and engine as far as possible.
+      val trinoInfo = new mutable.HashMap[String, String]()
+      context.clientInfo.foreach { info =>
+        trinoInfo.put("trino.client.info", info)
+      }
+      context.source.foreach { source =>
+        trinoInfo.put("trino.request.source", source)
+      }
+      context.traceToken.foreach { traceToken =>
+        trinoInfo.put("trino.trace.token", traceToken)
+      }
+      context.timeZone.foreach { timeZone =>
+        trinoInfo.put("trino.time.zone", timeZone)
+      }
+      context.language.foreach { language =>
+        trinoInfo.put("trino.language", language)
+      }
+      if (context.clientTags.nonEmpty) {
+        trinoInfo.put("trino.client.info", context.clientTags.mkString(","))
+      }
+
+      val newSessionConfigs = context.session ++ trinoInfo
+      backendService.openSession(
+        TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
+        context.user,
+        "",
+        context.remoteUserAddress.getOrElse(""),
+        newSessionConfigs)
+    }
   }
 
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
index 9e7713904..0c7911a46 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
@@ -30,7 +30,9 @@ import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet, T
 
 import org.apache.kyuubi.operation.OperationState.FINISHED
 import org.apache.kyuubi.operation.OperationStatus
+import org.apache.kyuubi.server.trino.api.Query.KYUUBI_SESSION_ID
 
+// TODO: Support replace `preparedStatement` for Trino-jdbc
 /**
  * The description and functionality of trino request
  * and response's context
@@ -140,15 +142,17 @@ object TrinoContext {
   def buildTrinoResponse(qr: QueryResults, trinoContext: TrinoContext): Response = {
     val responseBuilder = Response.ok(qr)
 
-    trinoContext.catalog.foreach(
-      responseBuilder.header(TRINO_HEADERS.responseSetCatalog, _))
-    trinoContext.schema.foreach(
-      responseBuilder.header(TRINO_HEADERS.responseSetSchema, _))
+    // Note, We have injected kyuubi session id to session context so that the next query can find
+    // the previous session to restore the query context.
+    // It's hard to follow the Trino style that set all context to http headers.
+    // Because we do not know the context at server side. e.g. `set k=v`, `use database`.
+    // We also can not inject other session context into header before we supporting to map
+    // query result to session context.
+    require(trinoContext.session.contains(KYUUBI_SESSION_ID), s"$KYUUBI_SESSION_ID must be set.")
+    responseBuilder.header(
+      TRINO_HEADERS.responseSetSession,
+      s"$KYUUBI_SESSION_ID=${urlEncode(trinoContext.session(KYUUBI_SESSION_ID))}")
 
-    trinoContext.session.foreach {
-      case (k, v) =>
-        responseBuilder.header(TRINO_HEADERS.responseSetSession, s"${k}=${urlEncode(v)}")
-    }
     trinoContext.preparedStatement.foreach {
       case (k, v) =>
         responseBuilder.header(TRINO_HEADERS.responseAddedPrepare, s"${k}=${urlEncode(v)}")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
index ab783f8ac..ee23c61f3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
@@ -215,9 +215,10 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
       slug: String,
       token: Long,
       slugContext: Slug.Context.Context): Try[Query] = {
-
-    Try(be.sessionManager.operationManager.getOperation(queryId.operationHandle)).map { _ =>
-      Query(queryId, context, be)
+    Try(be.sessionManager.operationManager.getOperation(queryId.operationHandle)).map { op =>
+      val sessionWithId = context.session ++
+        Map(Query.KYUUBI_SESSION_ID -> op.getSession.handle.identifier.toString)
+      Query(queryId, context.copy(session = sessionWithId), be)
     }.filter(_.getSlug.isValid(slugContext, slug, token))
   }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
index c88b5c940..13e10a112 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
@@ -45,16 +45,24 @@ class TrinoClientApiSuite extends KyuubiFunSuite with TrinoRestFrontendTestHelpe
   test("submit query with trino client api") {
     val trino = getTrinoStatementClient("select 1")
     val result = execute(trino)
-    val sessionId = trino.getSetSessionProperties.asScala.get("sessionId")
+    val sessionId = trino.getSetSessionProperties.asScala.get(Query.KYUUBI_SESSION_ID)
     assert(result == List(List(1)))
 
     updateClientSession(trino)
 
-    val trino1 = getTrinoStatementClient("select 2")
+    val trino1 = getTrinoStatementClient("set k=v")
     val result1 = execute(trino1)
-    val sessionId1 = trino1.getSetSessionProperties.asScala.get("sessionId")
-    assert(result1 == List(List(2)))
-    assert(sessionId != sessionId1)
+    val sessionId1 = trino1.getSetSessionProperties.asScala.get(Query.KYUUBI_SESSION_ID)
+    assert(result1 == List(List("k", "v")))
+    assert(sessionId == sessionId1)
+
+    updateClientSession(trino)
+
+    val trino2 = getTrinoStatementClient("set k")
+    val result2 = execute(trino2)
+    val sessionId2 = trino2.getSetSessionProperties.asScala.get(Query.KYUUBI_SESSION_ID)
+    assert(result2 == List(List("k", "v")))
+    assert(sessionId == sessionId2)
 
     trino.close()
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
index adbf389c9..5740f6d38 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
@@ -27,7 +27,7 @@ import io.trino.client.ProtocolHeaders.TRINO_HEADERS
 
 import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException, TrinoRestFrontendTestHelper}
 import org.apache.kyuubi.operation.{OperationHandle, OperationState}
-import org.apache.kyuubi.server.trino.api.TrinoContext
+import org.apache.kyuubi.server.trino.api.{Query, TrinoContext}
 import org.apache.kyuubi.server.trino.api.v1.dto.Ok
 import org.apache.kyuubi.session.SessionHandle
 
@@ -78,7 +78,7 @@ class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHe
       response.getStringHeaders.get(TRINO_HEADERS.responseSetSession).asScala
         .map(_.split("="))
         .find {
-          case Array("sessionId", _) => true
+          case Array(Query.KYUUBI_SESSION_ID, _) => true
         }
         .map {
           case Array(_, value) => SessionHandle.fromUUID(TrinoContext.urlDecode(value))
@@ -90,12 +90,12 @@ class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHe
     val path = qr.getNextUri.getPath
     val nextResponse = webTarget.path(path).request().header(
       TRINO_HEADERS.requestSession(),
-      s"sessionId=${TrinoContext.urlEncode(sessionHandle.identifier.toString)}").delete()
+      s"${Query.KYUUBI_SESSION_ID}=${TrinoContext.urlEncode(sessionHandle.identifier.toString)}")
+      .delete()
     assert(nextResponse.getStatus == 204)
     assert(operation.getStatus.state == OperationState.CLOSED)
     val exception = intercept[KyuubiSQLException](sessionManager.getSession(sessionHandle))
     assert(exception.getMessage === s"Invalid $sessionHandle")
-
   }
 
   private def getData(current: TrinoResponse): TrinoResponse = {

From 8fe794709bb2a3e28baa6dccf89f62b1dac5c285 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 14 Feb 2023 10:54:01 +0000
Subject: [PATCH 062/760] [KYUUBI #4316] Fix returned Timestamp values may lose
 precision
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

This PR proposes to use `org.apache.spark.sql.execution#toHiveString` to replace `org.apache.kyuubi.engine.spark.schema#toHiveString` to get consistent result w/ `spark-sql` and `STS`.

Because of [SPARK-32006](https://issues.apache.org/jira/browse/SPARK-32006), it only works w/ Spark 3.1 and above.

The patch takes effects on both thrift and arrow result format.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
```
➜  ~ beeline -u 'jdbc:hive2://0.0.0.0:10009/default'
Connecting to jdbc:hive2://0.0.0.0:10009/default
Connected to: Spark SQL (version 3.3.1)
Driver: Hive JDBC (version 2.3.9)
Transaction isolation: TRANSACTION_REPEATABLE_READ
Beeline version 2.3.9 by Apache Hive
0: jdbc:hive2://0.0.0.0:10009/default> select to_timestamp('2023-02-08 22:17:33.123456789');
+----------------------------------------------+
| to_timestamp(2023-02-08 22:17:33.123456789)  |
+----------------------------------------------+
| 2023-02-08 22:17:33.123456                   |
+----------------------------------------------+
1 row selected (0.415 seconds)
```

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4318 from pan3793/hive-string.

Closes #4316

ba9016f6 [Cheng Pan] nit
8be774b4 [Cheng Pan] nit
bd696fe3 [Cheng Pan] nit
b5cf051c [Cheng Pan] fix
dd6b7021 [Cheng Pan] test
63edd34d [Cheng Pan] nit
37cc70af [Cheng Pan] Fix python ut
c66ad22d [Cheng Pan] [KYUUBI #4316] Fix returned Timestamp values may lose precision
41d94445 [Cheng Pan] Revert "[KYUUBI #3958] Fix Spark session timezone format"

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/ExecutePython.scala       | 14 ++--
 .../spark/operation/SparkOperation.scala      | 51 +++++++-----
 .../kyuubi/engine/spark/schema/RowSet.scala   | 82 +++----------------
 .../spark/sql/kyuubi/SparkDatasetHelper.scala | 10 +--
 .../engine/spark/schema/RowSetSuite.scala     | 31 ++++---
 .../org/apache/kyuubi/util/RowSetUtils.scala  | 64 +++------------
 .../kyuubi/operation/SparkDataTypeTests.scala | 35 +++++++-
 .../hive/arrow/ArrowColumnarBatchRow.java     | 16 +++-
 .../engine/spark/SparkSqlEngineSuite.scala    |  4 +-
 9 files changed, 123 insertions(+), 184 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
index e48ff6e5b..d2627fd99 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
@@ -88,9 +88,9 @@ class ExecutePython(
         val output = response.map(_.content.getOutput()).getOrElse("")
         val ename = response.map(_.content.getEname()).getOrElse("")
         val evalue = response.map(_.content.getEvalue()).getOrElse("")
-        val traceback = response.map(_.content.getTraceback()).getOrElse(Array.empty)
+        val traceback = response.map(_.content.getTraceback()).getOrElse(Seq.empty)
         iter =
-          new ArrayFetchIterator[Row](Array(Row(output, status, ename, evalue, Row(traceback: _*))))
+          new ArrayFetchIterator[Row](Array(Row(output, status, ename, evalue, traceback)))
         setState(OperationState.FINISHED)
       } else {
         throw KyuubiSQLException(s"Interpret error:\n$statement\n $response")
@@ -210,7 +210,7 @@ case class SessionPythonWorker(
     stdin.flush()
     val pythonResponse = Option(stdout.readLine()).map(ExecutePython.fromJson[PythonResponse](_))
     // throw exception if internal python code fail
-    if (internal && pythonResponse.map(_.content.status) != Some(PythonResponse.OK_STATUS)) {
+    if (internal && !pythonResponse.map(_.content.status).contains(PythonResponse.OK_STATUS)) {
       throw KyuubiSQLException(s"Internal python code $code failure: $pythonResponse")
     }
     pythonResponse
@@ -328,7 +328,7 @@ object ExecutePython extends Logging {
   }
 
   // for test
-  def defaultSparkHome(): String = {
+  def defaultSparkHome: String = {
     val homeDirFilter: FilenameFilter = (dir: File, name: String) =>
       dir.isDirectory && name.contains("spark-") && !name.contains("-engine")
     // get from kyuubi-server/../externals/kyuubi-download/target
@@ -418,7 +418,7 @@ case class PythonResponseContent(
     data: Map[String, String],
     ename: String,
     evalue: String,
-    traceback: Array[String],
+    traceback: Seq[String],
     status: String) {
   def getOutput(): String = {
     Option(data)
@@ -431,7 +431,7 @@ case class PythonResponseContent(
   def getEvalue(): String = {
     Option(evalue).getOrElse("")
   }
-  def getTraceback(): Array[String] = {
-    Option(traceback).getOrElse(Array.empty)
+  def getTraceback(): Seq[String] = {
+    Option(traceback).getOrElse(Seq.empty)
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index b62ef6745..06884534d 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -24,6 +24,7 @@ import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TProgressU
 import org.apache.spark.kyuubi.{SparkProgressMonitor, SQLOperationListener}
 import org.apache.spark.kyuubi.SparkUtilsHelper.redact
 import org.apache.spark.sql.{DataFrame, Row, SparkSession}
+import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
@@ -135,27 +136,35 @@ abstract class SparkOperation(session: Session)
     spark.sparkContext.setLocalProperty
 
   protected def withLocalProperties[T](f: => T): T = {
-    try {
-      spark.sparkContext.setJobGroup(statementId, redactedStatement, forceCancel)
-      spark.sparkContext.setLocalProperty(KYUUBI_SESSION_USER_KEY, session.user)
-      spark.sparkContext.setLocalProperty(KYUUBI_STATEMENT_ID_KEY, statementId)
-      schedulerPool match {
-        case Some(pool) =>
-          spark.sparkContext.setLocalProperty(SPARK_SCHEDULER_POOL_KEY, pool)
-        case None =>
-      }
-      if (isSessionUserSignEnabled) {
-        setSessionUserSign()
-      }
+    SQLConf.withExistingConf(spark.sessionState.conf) {
+      val originalSession = SparkSession.getActiveSession
+      try {
+        SparkSession.setActiveSession(spark)
+        spark.sparkContext.setJobGroup(statementId, redactedStatement, forceCancel)
+        spark.sparkContext.setLocalProperty(KYUUBI_SESSION_USER_KEY, session.user)
+        spark.sparkContext.setLocalProperty(KYUUBI_STATEMENT_ID_KEY, statementId)
+        schedulerPool match {
+          case Some(pool) =>
+            spark.sparkContext.setLocalProperty(SPARK_SCHEDULER_POOL_KEY, pool)
+          case None =>
+        }
+        if (isSessionUserSignEnabled) {
+          setSessionUserSign()
+        }
 
-      f
-    } finally {
-      spark.sparkContext.setLocalProperty(SPARK_SCHEDULER_POOL_KEY, null)
-      spark.sparkContext.setLocalProperty(KYUUBI_SESSION_USER_KEY, null)
-      spark.sparkContext.setLocalProperty(KYUUBI_STATEMENT_ID_KEY, null)
-      spark.sparkContext.clearJobGroup()
-      if (isSessionUserSignEnabled) {
-        clearSessionUserSign()
+        f
+      } finally {
+        spark.sparkContext.setLocalProperty(SPARK_SCHEDULER_POOL_KEY, null)
+        spark.sparkContext.setLocalProperty(KYUUBI_SESSION_USER_KEY, null)
+        spark.sparkContext.setLocalProperty(KYUUBI_STATEMENT_ID_KEY, null)
+        spark.sparkContext.clearJobGroup()
+        if (isSessionUserSignEnabled) {
+          clearSessionUserSign()
+        }
+        originalSession match {
+          case Some(session) => SparkSession.setActiveSession(session)
+          case None => SparkSession.clearActiveSession()
+        }
       }
     }
   }
@@ -246,7 +255,7 @@ abstract class SparkOperation(session: Session)
           } else {
             val taken = iter.take(rowSetSize)
             RowSet.toTRowSet(
-              taken.toList.asInstanceOf[List[Row]],
+              taken.toSeq.asInstanceOf[Seq[Row]],
               resultSchema,
               getProtocolVersion,
               timeZone)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
index 8cc88156b..7be70403d 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
@@ -18,22 +18,25 @@
 package org.apache.kyuubi.engine.spark.schema
 
 import java.nio.ByteBuffer
-import java.nio.charset.StandardCharsets
-import java.sql.Timestamp
-import java.time._
-import java.util.Date
+import java.time.ZoneId
 
 import scala.collection.JavaConverters._
 
 import org.apache.hive.service.rpc.thrift._
 import org.apache.spark.sql.Row
+import org.apache.spark.sql.execution.HiveResult
 import org.apache.spark.sql.types._
 
-import org.apache.kyuubi.engine.spark.schema.SchemaHelper.TIMESTAMP_NTZ
 import org.apache.kyuubi.util.RowSetUtils._
 
 object RowSet {
 
+  def toHiveString(valueAndType: (Any, DataType), nested: Boolean = false): String = {
+    // compatible w/ Spark 3.1 and above
+    val timeFormatters = HiveResult.getTimeFormatters
+    HiveResult.toHiveString(valueAndType, nested, timeFormatters)
+  }
+
   def toTRowSet(
       bytes: Array[Byte],
       protocolVersion: TProtocolVersion): TRowSet = {
@@ -68,9 +71,9 @@ object RowSet {
   }
 
   def toRowBasedSet(rows: Seq[Row], schema: StructType, timeZone: ZoneId): TRowSet = {
-    var i = 0
     val rowSize = rows.length
     val tRows = new java.util.ArrayList[TRow](rowSize)
+    var i = 0
     while (i < rowSize) {
       val row = rows(i)
       val tRow = new TRow()
@@ -151,13 +154,7 @@ object RowSet {
         while (i < rowSize) {
           val row = rows(i)
           nulls.set(i, row.isNullAt(ordinal))
-          val value =
-            if (row.isNullAt(ordinal)) {
-              ""
-            } else {
-              toHiveString((row.get(ordinal), typ), timeZone)
-            }
-          values.add(value)
+          values.add(toHiveString(row.get(ordinal) -> typ))
           i += 1
         }
         TColumn.stringVal(new TStringColumn(values, nulls))
@@ -238,69 +235,12 @@ object RowSet {
       case _ =>
         val tStrValue = new TStringValue
         if (!row.isNullAt(ordinal)) {
-          tStrValue.setValue(
-            toHiveString((row.get(ordinal), types(ordinal).dataType), timeZone))
+          tStrValue.setValue(toHiveString(row.get(ordinal) -> types(ordinal).dataType))
         }
         TColumnValue.stringVal(tStrValue)
     }
   }
 
-  /**
-   * A simpler impl of Spark's toHiveString
-   */
-  def toHiveString(dataWithType: (Any, DataType), timeZone: ZoneId): String = {
-    dataWithType match {
-      case (null, _) =>
-        // Only match nulls in nested type values
-        "null"
-
-      case (d: Date, DateType) =>
-        formatDate(d)
-
-      case (ld: LocalDate, DateType) =>
-        formatLocalDate(ld)
-
-      case (t: Timestamp, TimestampType) =>
-        formatTimestamp(t, Option(timeZone))
-
-      case (t: LocalDateTime, ntz) if ntz.getClass.getSimpleName.equals(TIMESTAMP_NTZ) =>
-        formatLocalDateTime(t)
-
-      case (i: Instant, TimestampType) =>
-        formatInstant(i, Option(timeZone))
-
-      case (bin: Array[Byte], BinaryType) =>
-        new String(bin, StandardCharsets.UTF_8)
-
-      case (decimal: java.math.BigDecimal, DecimalType()) =>
-        decimal.toPlainString
-
-      case (s: String, StringType) =>
-        // Only match string in nested type values
-        "\"" + s + "\""
-
-      case (d: Duration, _) => toDayTimeIntervalString(d)
-
-      case (p: Period, _) => toYearMonthIntervalString(p)
-
-      case (seq: scala.collection.Seq[_], ArrayType(typ, _)) =>
-        seq.map(v => (v, typ)).map(e => toHiveString(e, timeZone)).mkString("[", ",", "]")
-
-      case (m: Map[_, _], MapType(kType, vType, _)) =>
-        m.map { case (key, value) =>
-          toHiveString((key, kType), timeZone) + ":" + toHiveString((value, vType), timeZone)
-        }.toSeq.sorted.mkString("{", ",", "}")
-
-      case (struct: Row, StructType(fields)) =>
-        struct.toSeq.zip(fields).map { case (v, t) =>
-          s""""${t.name}":${toHiveString((v, t.dataType), timeZone)}"""
-        }.mkString("{", ",", "}")
-
-      case (other, _) =>
-        other.toString
-    }
-  }
-
   private def toTColumn(data: Array[Byte]): TColumn = {
     val values = new java.util.ArrayList[ByteBuffer](1)
     values.add(ByteBuffer.wrap(data))
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 23f7df213..46c3bce4d 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -22,7 +22,7 @@ import java.time.ZoneId
 import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.{DataFrame, Dataset, Row}
 import org.apache.spark.sql.functions._
-import org.apache.spark.sql.types.{ArrayType, DataType, MapType, StructField, StructType}
+import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.engine.spark.schema.RowSet
 
@@ -41,11 +41,11 @@ object SparkDatasetHelper {
       val dt = DataType.fromDDL(schemaDDL)
       dt match {
         case StructType(Array(StructField(_, st: StructType, _, _))) =>
-          RowSet.toHiveString((row, st), timeZone)
+          RowSet.toHiveString((row, st), nested = true)
         case StructType(Array(StructField(_, at: ArrayType, _, _))) =>
-          RowSet.toHiveString((row.toSeq.head, at), timeZone)
+          RowSet.toHiveString((row.toSeq.head, at), nested = true)
         case StructType(Array(StructField(_, mt: MapType, _, _))) =>
-          RowSet.toHiveString((row.toSeq.head, mt), timeZone)
+          RowSet.toHiveString((row.toSeq.head, mt), nested = true)
         case _ =>
           throw new UnsupportedOperationException
       }
@@ -54,7 +54,7 @@ object SparkDatasetHelper {
     val cols = df.schema.map {
       case sf @ StructField(name, _: StructType, _, _) =>
         toHiveStringUDF(quotedCol(name), lit(sf.toDDL)).as(name)
-      case sf @ StructField(name, (_: MapType | _: ArrayType), _, _) =>
+      case sf @ StructField(name, _: MapType | _: ArrayType, _, _) =>
         toHiveStringUDF(struct(quotedCol(name)), lit(sf.toDDL)).as(name)
       case StructField(name, _, _, _) => quotedCol(name)
     }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala
index 803eea3e6..a999563ea 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala
@@ -30,7 +30,6 @@ import org.apache.spark.sql.types._
 import org.apache.spark.unsafe.types.CalendarInterval
 
 import org.apache.kyuubi.KyuubiFunSuite
-import org.apache.kyuubi.engine.spark.schema.RowSet.toHiveString
 
 class RowSetSuite extends KyuubiFunSuite {
 
@@ -159,22 +158,22 @@ class RowSetSuite extends KyuubiFunSuite {
 
     val decCol = cols.next().getStringVal
     decCol.getValues.asScala.zipWithIndex.foreach {
-      case (b, 11) => assert(b.isEmpty)
+      case (b, 11) => assert(b === "NULL")
       case (b, i) => assert(b === s"$i.$i")
     }
 
     val dateCol = cols.next().getStringVal
     dateCol.getValues.asScala.zipWithIndex.foreach {
-      case (b, 11) => assert(b.isEmpty)
+      case (b, 11) => assert(b === "NULL")
       case (b, i) =>
-        assert(b === toHiveString((Date.valueOf(s"2018-11-${i + 1}"), DateType), zoneId))
+        assert(b === RowSet.toHiveString(Date.valueOf(s"2018-11-${i + 1}") -> DateType))
     }
 
     val tsCol = cols.next().getStringVal
     tsCol.getValues.asScala.zipWithIndex.foreach {
-      case (b, 11) => assert(b.isEmpty)
+      case (b, 11) => assert(b === "NULL")
       case (b, i) => assert(b ===
-          toHiveString((Timestamp.valueOf(s"2018-11-17 13:33:33.$i"), TimestampType), zoneId))
+          RowSet.toHiveString(Timestamp.valueOf(s"2018-11-17 13:33:33.$i") -> TimestampType))
     }
 
     val binCol = cols.next().getBinaryVal
@@ -185,23 +184,21 @@ class RowSetSuite extends KyuubiFunSuite {
 
     val arrCol = cols.next().getStringVal
     arrCol.getValues.asScala.zipWithIndex.foreach {
-      case (b, 11) => assert(b === "")
-      case (b, i) => assert(b === toHiveString(
-          (Array.fill(i)(java.lang.Double.valueOf(s"$i.$i")).toSeq, ArrayType(DoubleType)),
-          zoneId))
+      case (b, 11) => assert(b === "NULL")
+      case (b, i) => assert(b === RowSet.toHiveString(
+          Array.fill(i)(java.lang.Double.valueOf(s"$i.$i")).toSeq -> ArrayType(DoubleType)))
     }
 
     val mapCol = cols.next().getStringVal
     mapCol.getValues.asScala.zipWithIndex.foreach {
-      case (b, 11) => assert(b === "")
-      case (b, i) => assert(b === toHiveString(
-          (Map(i -> java.lang.Double.valueOf(s"$i.$i")), MapType(IntegerType, DoubleType)),
-          zoneId))
+      case (b, 11) => assert(b === "NULL")
+      case (b, i) => assert(b === RowSet.toHiveString(
+          Map(i -> java.lang.Double.valueOf(s"$i.$i")) -> MapType(IntegerType, DoubleType)))
     }
 
     val intervalCol = cols.next().getStringVal
     intervalCol.getValues.asScala.zipWithIndex.foreach {
-      case (b, 11) => assert(b === "")
+      case (b, 11) => assert(b === "NULL")
       case (b, i) => assert(b === new CalendarInterval(i, i, i).toString)
     }
   }
@@ -237,7 +234,7 @@ class RowSetSuite extends KyuubiFunSuite {
     assert(r6.get(9).getStringVal.getValue === "2018-11-06")
 
     val r7 = iter.next().getColVals
-    assert(r7.get(10).getStringVal.getValue === "2018-11-17 13:33:33.600")
+    assert(r7.get(10).getStringVal.getValue === "2018-11-17 13:33:33.6")
     assert(r7.get(11).getStringVal.getValue === new String(
       Array.fill[Byte](6)(6.toByte),
       StandardCharsets.UTF_8))
@@ -245,7 +242,7 @@ class RowSetSuite extends KyuubiFunSuite {
     val r8 = iter.next().getColVals
     assert(r8.get(12).getStringVal.getValue === Array.fill(7)(7.7d).mkString("[", ",", "]"))
     assert(r8.get(13).getStringVal.getValue ===
-      toHiveString((Map(7 -> 7.7d), MapType(IntegerType, DoubleType)), zoneId))
+      RowSet.toHiveString(Map(7 -> 7.7d) -> MapType(IntegerType, DoubleType)))
 
     val r9 = iter.next().getColVals
     assert(r9.get(14).getStringVal.getValue === new CalendarInterval(8, 8, 8).toString)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala
index 82417a730..fca79c0f2 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala
@@ -18,14 +18,11 @@
 package org.apache.kyuubi.util
 
 import java.nio.ByteBuffer
-import java.sql.Timestamp
-import java.time.{Duration, Instant, LocalDate, LocalDateTime, Period, ZoneId}
+import java.time.{Instant, LocalDate, LocalDateTime, ZoneId}
 import java.time.chrono.IsoChronology
-import java.time.format.DateTimeFormatter
 import java.time.format.DateTimeFormatterBuilder
 import java.time.temporal.ChronoField
-import java.util.{Date, Locale, TimeZone}
-import java.util.concurrent.TimeUnit
+import java.util.{Date, Locale}
 
 import scala.language.implicitConversions
 
@@ -37,24 +34,18 @@ private[kyuubi] object RowSetUtils {
   final private val SECOND_PER_HOUR: Long = SECOND_PER_MINUTE * 60L
   final private val SECOND_PER_DAY: Long = SECOND_PER_HOUR * 24L
 
-  private lazy val dateFormatter = {
-    createDateTimeFormatterBuilder().appendPattern("yyyy-MM-dd")
-      .toFormatter(Locale.US)
-      .withChronology(IsoChronology.INSTANCE)
-  }
+  private lazy val dateFormatter = createDateTimeFormatterBuilder()
+    .appendPattern("yyyy-MM-dd")
+    .toFormatter(Locale.US)
+    .withChronology(IsoChronology.INSTANCE)
 
   private lazy val legacyDateFormatter = FastDateFormat.getInstance("yyyy-MM-dd", Locale.US)
 
-  private lazy val timestampFormatter: DateTimeFormatter = {
-    createDateTimeFormatterBuilder().appendPattern("yyyy-MM-dd HH:mm:ss")
-      .appendFraction(ChronoField.NANO_OF_SECOND, 0, 9, true)
-      .toFormatter(Locale.US)
-      .withChronology(IsoChronology.INSTANCE)
-  }
-
-  private lazy val legacyTimestampFormatter = {
-    FastDateFormat.getInstance("yyyy-MM-dd HH:mm:ss.SSS", Locale.US)
-  }
+  private lazy val timestampFormatter = createDateTimeFormatterBuilder()
+    .appendPattern("yyyy-MM-dd HH:mm:ss")
+    .appendFraction(ChronoField.NANO_OF_SECOND, 0, 9, true)
+    .toFormatter(Locale.US)
+    .withChronology(IsoChronology.INSTANCE)
 
   private def createDateTimeFormatterBuilder(): DateTimeFormatterBuilder = {
     new DateTimeFormatterBuilder().parseCaseInsensitive()
@@ -77,40 +68,7 @@ private[kyuubi] object RowSetUtils {
       .getOrElse(timestampFormatter.format(i))
   }
 
-  def formatTimestamp(t: Timestamp, timeZone: Option[ZoneId] = None): String = {
-    timeZone.map(zoneId => {
-      FastDateFormat.getInstance(
-        legacyTimestampFormatter.getPattern,
-        TimeZone.getTimeZone(zoneId),
-        legacyTimestampFormatter.getLocale)
-        .format(t)
-    }).getOrElse(legacyTimestampFormatter.format(t))
-  }
-
   implicit def bitSetToBuffer(bitSet: java.util.BitSet): ByteBuffer = {
     ByteBuffer.wrap(bitSet.toByteArray)
   }
-
-  def toDayTimeIntervalString(d: Duration): String = {
-    var rest = d.getSeconds
-    var sign = ""
-    if (d.getSeconds < 0) {
-      sign = "-"
-      rest = -rest
-    }
-    val days = TimeUnit.SECONDS.toDays(rest)
-    rest %= SECOND_PER_DAY
-    val hours = TimeUnit.SECONDS.toHours(rest)
-    rest %= SECOND_PER_HOUR
-    val minutes = TimeUnit.SECONDS.toMinutes(rest)
-    val seconds = rest % SECOND_PER_MINUTE
-    f"$sign$days $hours%02d:$minutes%02d:$seconds%02d.${d.getNano}%09d"
-  }
-
-  def toYearMonthIntervalString(d: Period): String = {
-    val years = d.getYears
-    val months = d.getMonths
-    val sign = if (years < 0 || months < 0) "-" else ""
-    s"$sign${Math.abs(years)}-${Math.abs(months)}"
-  }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
index 688167703..3164ae496 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
@@ -159,9 +159,10 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
     }
   }
 
-  test("execute statement - select timestamp") {
+  test("execute statement - select timestamp - second") {
     withJdbcStatement() { statement =>
-      val resultSet = statement.executeQuery("SELECT TIMESTAMP '2018-11-17 13:33:33' AS col")
+      val resultSet = statement.executeQuery(
+        "SELECT TIMESTAMP '2018-11-17 13:33:33' AS col")
       assert(resultSet.next())
       assert(resultSet.getTimestamp("col") === Timestamp.valueOf("2018-11-17 13:33:33"))
       val metaData = resultSet.getMetaData
@@ -171,13 +172,39 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
     }
   }
 
+  test("execute statement - select timestamp - millisecond") {
+    withJdbcStatement() { statement =>
+      val resultSet = statement.executeQuery(
+        "SELECT TIMESTAMP '2018-11-17 13:33:33.12345' AS col")
+      assert(resultSet.next())
+      assert(resultSet.getTimestamp("col") === Timestamp.valueOf("2018-11-17 13:33:33.12345"))
+      val metaData = resultSet.getMetaData
+      assert(metaData.getColumnType(1) === java.sql.Types.TIMESTAMP)
+      assert(metaData.getPrecision(1) === 29)
+      assert(metaData.getScale(1) === 9)
+    }
+  }
+
+  test("execute statement - select timestamp - overflow") {
+    withJdbcStatement() { statement =>
+      val resultSet = statement.executeQuery(
+        "SELECT TIMESTAMP '2018-11-17 13:33:33.1234567' AS col")
+      assert(resultSet.next())
+      assert(resultSet.getTimestamp("col") === Timestamp.valueOf("2018-11-17 13:33:33.123456"))
+      val metaData = resultSet.getMetaData
+      assert(metaData.getColumnType(1) === java.sql.Types.TIMESTAMP)
+      assert(metaData.getPrecision(1) === 29)
+      assert(metaData.getScale(1) === 9)
+    }
+  }
+
   test("execute statement - select timestamp_ntz") {
     assume(SPARK_ENGINE_VERSION >= "3.4")
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery(
-        "SELECT make_timestamp_ntz(2022, 03, 24, 18, 08, 31.800) AS col")
+        "SELECT make_timestamp_ntz(2022, 03, 24, 18, 08, 31.8888) AS col")
       assert(resultSet.next())
-      assert(resultSet.getTimestamp("col") === Timestamp.valueOf("2022-03-24 18:08:31.800"))
+      assert(resultSet.getTimestamp("col") === Timestamp.valueOf("2022-03-24 18:08:31.8888"))
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.TIMESTAMP)
       assert(metaData.getPrecision(1) === 29)
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java
index 20ed55a1d..fa914ce5d 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java
@@ -105,6 +105,10 @@ public Object getMap(int ordinal) {
   }
 
   public Object get(int ordinal, TTypeId dataType) {
+    long seconds;
+    long milliseconds;
+    long microseconds;
+    int nanos;
     switch (dataType) {
       case BOOLEAN_TYPE:
         return getBoolean(ordinal);
@@ -127,13 +131,17 @@ public Object get(int ordinal, TTypeId dataType) {
       case STRING_TYPE:
         return getString(ordinal);
       case TIMESTAMP_TYPE:
-        return new Timestamp(getLong(ordinal) / 1000);
+        microseconds = getLong(ordinal);
+        nanos = (int) (microseconds % 1000000) * 1000;
+        Timestamp timestamp = new Timestamp(microseconds / 1000);
+        timestamp.setNanos(nanos);
+        return timestamp;
       case DATE_TYPE:
         return DateUtils.internalToDate(getInt(ordinal));
       case INTERVAL_DAY_TIME_TYPE:
-        long microseconds = getLong(ordinal);
-        long seconds = microseconds / 1000000;
-        int nanos = (int) (microseconds % 1000000) * 1000;
+        microseconds = getLong(ordinal);
+        seconds = microseconds / 1000000;
+        nanos = (int) (microseconds % 1000000) * 1000;
         return new HiveIntervalDayTime(seconds, nanos);
       case INTERVAL_YEAR_MONTH_TYPE:
         return new HiveIntervalYearMonth(getInt(ordinal));
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkSqlEngineSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkSqlEngineSuite.scala
index 1e35d2f1d..9ab627413 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkSqlEngineSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkSqlEngineSuite.scala
@@ -139,13 +139,13 @@ class SparkSqlEngineSuite extends WithKyuubiServer with HiveJDBCTestHelper {
       val utcResultSet = statement.executeQuery("select from_utc_timestamp(from_unixtime(" +
         "1670404535000/1000,'yyyy-MM-dd HH:mm:ss'),'GMT+08:00')")
       assert(utcResultSet.next())
-      assert(utcResultSet.getString(1) == "2022-12-07 17:15:35.0")
+      assert(utcResultSet.getString(1) === "2022-12-07 17:15:35.0")
       val setGMT8ResultSet = statement.executeQuery("set spark.sql.session.timeZone=GMT+8")
       assert(setGMT8ResultSet.next())
       val gmt8ResultSet = statement.executeQuery("select from_utc_timestamp(from_unixtime(" +
         "1670404535000/1000,'yyyy-MM-dd HH:mm:ss'),'GMT+08:00')")
       assert(gmt8ResultSet.next())
-      assert(gmt8ResultSet.getString(1) == "2022-12-08 01:15:35.0")
+      assert(gmt8ResultSet.getString(1) === "2022-12-08 01:15:35.0")
     }
   }
 

From 536944cb70f7bebf8d067e95cc7bb4ca4ad69d2c Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 15 Feb 2023 10:26:22 +0800
Subject: [PATCH 063/760] [KYUUBI #4329] Fix REST API 415 HTTP error in Swagger
 UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

![截屏2023-02-14 下午6 22 36](https://user-images.githubusercontent.com/8537877/218708645-60f7f8b2-c5f3-4f02-a1ee-2c1711b78b88.png)

the curl command before this PR:

```shell
curl -X 'POST' \
  'http://${ip}:10099/api/v1/sessions/f07cca06-026b-442c-8dfa-181694d2b21e/operations/statement' \
  -H 'accept: application/json' \
  -H 'Content-Type: */*' \
  -d '{
  "statement": "string",
  "runAsync": true,
  "queryTimeout": 3000
}'

```

After this PR:

```shell
curl -X 'POST' \
  'http://${ip}:10099/api/v1/sessions/f07cca06-026b-442c-8dfa-181694d2b21e/operations/statement' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "statement": "string",
  "runAsync": true,
  "queryTimeout": 3000
}'

```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4329 from cfmcgrady/swagger-ui-415.

Closes #4329

bbeb920de [Fu Chen] fix swagger ui 415 error

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 .../org/apache/kyuubi/server/api/v1/OperationsResource.scala    | 1 +
 .../org/apache/kyuubi/server/api/v1/SessionsResource.scala      | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index b0d0607ce..99f1afdc3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -37,6 +37,7 @@ import org.apache.kyuubi.server.api.ApiRequestContext
 
 @Tag(name = "Operation")
 @Produces(Array(MediaType.APPLICATION_JSON))
+@Consumes(Array(MediaType.APPLICATION_JSON))
 private[v1] class OperationsResource extends ApiRequestContext with Logging {
 
   @ApiResponse(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index 04caa97f9..dd4a8c3a7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -41,6 +41,7 @@ import org.apache.kyuubi.session.SessionHandle
 
 @Tag(name = "Session")
 @Produces(Array(MediaType.APPLICATION_JSON))
+@Consumes(Array(MediaType.APPLICATION_JSON))
 private[v1] class SessionsResource extends ApiRequestContext with Logging {
   implicit def toSessionHandle(str: String): SessionHandle = SessionHandle.fromUUID(str)
   private def sessionManager = fe.be.sessionManager
@@ -138,7 +139,6 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
     description = "Open(create) a session")
   @POST
-  @Consumes(Array(MediaType.APPLICATION_JSON))
   def openSession(request: SessionOpenRequest): dto.SessionHandle = {
     val userName = fe.getSessionUser(request.getConfigs.asScala.toMap)
     val ipAddress = fe.getIpAddress

From a17ccdf27a5c18b8193233c9c02c80ae5d55d08d Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Wed, 15 Feb 2023 05:30:04 +0000
Subject: [PATCH 064/760] [KYUUBI #4334] [REST] Rest client should catch
 `NoHttpResponse Exception` and retry

### _Why are the changes needed?_

[NoHttpResponseException](https://hc.apache.org/httpclient-legacy/exception-handling.html)

> In some circumstances, usually when under heavy load, the web server may be able to receive requests but unable to process them. A lack of sufficient resources like worker threads is a good example. This may cause the server to drop the connection to the client without giving any response. HttpClient throws NoHttpResponseException when it encounters such a condition. In most cases it is safe to retry a method that failed with NoHttpResponseException.

In case of Kyuubi Server is overloaded and does not have enough resources to allocate threads to handle the corresponding request, the request will be dropped and no response will be returned, Kyuubi Rest Client should catch this exception and retry.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4334 from zwangsheng/rest_client/retry_with_no_http_response.

Closes #4334

d526e4ab [zwangsheng] Remove Unrelated Code
708f2496 [zwangsheng] [REST] Retry should catch NoHttpResponse Exception and retry

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/java/org/apache/kyuubi/client/RestClient.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
index fa3544726..20e57b963 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
@@ -27,6 +27,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHeaders;
+import org.apache.http.NoHttpResponseException;
 import org.apache.http.client.HttpResponseException;
 import org.apache.http.client.ResponseHandler;
 import org.apache.http.client.methods.HttpUriRequest;
@@ -164,7 +165,7 @@ private String doRequest(URI uri, String authHeader, RequestBuilder requestBuild
 
       response = httpclient.execute(httpRequest, responseHandler);
       LOG.debug("Response: {}", response);
-    } catch (ConnectException | ConnectTimeoutException e) {
+    } catch (ConnectException | ConnectTimeoutException | NoHttpResponseException e) {
       // net exception can be retried by connecting to other Kyuubi server
       throw new RetryableKyuubiRestException("Api request failed for " + uri.toString(), e);
     } catch (KyuubiRestException rethrow) {

From b79ca8c4ab26d826a87599c0599f4d124754ce4b Mon Sep 17 00:00:00 2001
From: wxmimperio <wxmimperio@outlook.com>
Date: Wed, 15 Feb 2023 11:04:08 +0000
Subject: [PATCH 065/760] [KYUUBI #4311] Fix the wrong parsing of jvm
 parameters in jdbc url.

### _Why are the changes needed?_
The wrong parsing of jvm parameters in jdbc url.

For example:
```shell
jdbc:kyuubi://127.0.0.1:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=kyuubi;user=tom?spark.driver.memory=8G;spark.driver.extraJavaOptions=-Xss256m -XX:+PrintGCDetails -XX:HeapDumpPath=/heap.hprof
```
Now because the regex `([^;]*)=([^;]*);?` only matches `=`, resulting in wrong parsing:
```shell
<spark.driver.memory, 8G>
<spark.driver.extraJavaOptions=-Xss256m -XX:+PrintGCDetails -XX:HeapDumpPath, /heap.hprof>
```

The correct parsing should be:
```shell
<spark.driver.memory, 8G>
<spark.driver.extraJavaOptions, -Xss256m -XX:+PrintGCDetails -XX:HeapDumpPath=/heap.hprof>
```

This PR change `org.apache.kyuubi.jdbc.hive.Utils` and added unit test in `org.apache.kyuubi.jdbc.hive.UtilsTest`.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4311 from imperio-wxm/master.

Closes #4311

d9e124ca [liangbowen] fix percent encoding problem
31ae63e0 [liangbowen] change `com.sun.jndi.toolkit.url.UrlUtil` to `java.net.URLEncoder`
f8271ec2 [wxm] Fix the wrong parsing of jvm parameters in jdbc url.
2e93df57 [wxmimperio] Merge branch 'apache:master' into master
4c236447 [wxmimperio] Merge branch 'apache:master' into master
3e0b7764 [wxmimperio] Scala repl output log level adjusted to debug

Lead-authored-by: wxmimperio <wxmimperio@outlook.com>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: wxm <wxmimperio@outlook.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/jdbc/hive/Utils.java    | 13 +++-
 .../apache/kyuubi/jdbc/hive/UtilsTest.java    | 75 +++++++++++++++++--
 2 files changed, 79 insertions(+), 9 deletions(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
index c5b197f13..59cc67f9d 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
@@ -26,6 +26,7 @@
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.hive.service.rpc.thrift.TStatus;
 import org.apache.hive.service.rpc.thrift.TStatusCode;
 import org.slf4j.Logger;
@@ -193,12 +194,20 @@ public static JdbcConnectionParams extractURLComponents(String uri, Properties i
       }
     }
 
+    Pattern confPattern = Pattern.compile("([^;]*)([^;]*);?");
+
     // parse hive conf settings
     String confStr = jdbcURI.getQuery();
     if (confStr != null) {
-      Matcher confMatcher = pattern.matcher(confStr);
+      Matcher confMatcher = confPattern.matcher(confStr);
       while (confMatcher.find()) {
-        connParams.getHiveConfs().put(confMatcher.group(1), confMatcher.group(2));
+        String connParam = confMatcher.group(1);
+        if (StringUtils.isNotBlank(connParam) && connParam.contains("=")) {
+          int symbolIndex = connParam.indexOf('=');
+          connParams
+              .getHiveConfs()
+              .put(connParam.substring(0, symbolIndex), connParam.substring(symbolIndex + 1));
+        }
       }
     }
 
diff --git a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java
index c890c8731..e0594dde0 100644
--- a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java
+++ b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java
@@ -21,8 +21,13 @@
 import static org.apache.kyuubi.jdbc.hive.Utils.extractURLComponents;
 import static org.junit.Assert.assertEquals;
 
+import com.google.common.collect.ImmutableMap;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Map;
 import java.util.Properties;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -35,23 +40,76 @@ public class UtilsTest {
   private String expectedPort;
   private String expectedCatalog;
   private String expectedDb;
+  private Map<String, String> expectedHiveConf;
   private String uri;
 
   @Parameterized.Parameters
-  public static Collection<String[]> data() {
+  public static Collection<Object[]> data() throws UnsupportedEncodingException {
     return Arrays.asList(
-        new String[][] {
-          {"localhost", "10009", null, "db", "jdbc:hive2:///db;k1=v1?k2=v2#k3=v3"},
-          {"localhost", "10009", null, "default", "jdbc:hive2:///"},
-          {"localhost", "10009", null, "default", "jdbc:kyuubi://"},
-          {"localhost", "10009", null, "default", "jdbc:hive2://"},
-          {"hostname", "10018", null, "db", "jdbc:hive2://hostname:10018/db;k1=v1?k2=v2#k3=v3"},
+        new Object[][] {
+          {
+            "localhost",
+            "10009",
+            null,
+            "db",
+            new ImmutableMap.Builder<String, String>().put("k2", "v2").build(),
+            "jdbc:hive2:///db;k1=v1?k2=v2#k3=v3"
+          },
+          {
+            "localhost",
+            "10009",
+            null,
+            "default",
+            new ImmutableMap.Builder<String, String>().build(),
+            "jdbc:hive2:///"
+          },
+          {
+            "localhost",
+            "10009",
+            null,
+            "default",
+            new ImmutableMap.Builder<String, String>().build(),
+            "jdbc:kyuubi://"
+          },
+          {
+            "localhost",
+            "10009",
+            null,
+            "default",
+            new ImmutableMap.Builder<String, String>().build(),
+            "jdbc:hive2://"
+          },
+          {
+            "hostname",
+            "10018",
+            null,
+            "db",
+            new ImmutableMap.Builder<String, String>().put("k2", "v2").build(),
+            "jdbc:hive2://hostname:10018/db;k1=v1?k2=v2#k3=v3"
+          },
           {
             "hostname",
             "10018",
             "catalog",
             "db",
+            new ImmutableMap.Builder<String, String>().put("k2", "v2").build(),
             "jdbc:hive2://hostname:10018/catalog/db;k1=v1?k2=v2#k3=v3"
+          },
+          {
+            "hostname",
+            "10018",
+            "catalog",
+            "db",
+            new ImmutableMap.Builder<String, String>()
+                .put("k2", "v2")
+                .put("k3", "-Xmx2g -XX:+PrintGCDetails -XX:HeapDumpPath=/heap.hprof")
+                .build(),
+            "jdbc:hive2://hostname:10018/catalog/db;k1=v1?"
+                + URLEncoder.encode(
+                        "k2=v2;k3=-Xmx2g -XX:+PrintGCDetails -XX:HeapDumpPath=/heap.hprof",
+                        StandardCharsets.UTF_8.toString())
+                    .replaceAll("\\+", "%20")
+                + "#k4=v4"
           }
         });
   }
@@ -61,11 +119,13 @@ public UtilsTest(
       String expectedPort,
       String expectedCatalog,
       String expectedDb,
+      Map<String, String> expectedHiveConf,
       String uri) {
     this.expectedHost = expectedHost;
     this.expectedPort = expectedPort;
     this.expectedCatalog = expectedCatalog;
     this.expectedDb = expectedDb;
+    this.expectedHiveConf = expectedHiveConf;
     this.uri = uri;
   }
 
@@ -76,5 +136,6 @@ public void testExtractURLComponents() throws JdbcUriParseException {
     assertEquals(Integer.parseInt(expectedPort), jdbcConnectionParams1.getPort());
     assertEquals(expectedCatalog, jdbcConnectionParams1.getCatalogName());
     assertEquals(expectedDb, jdbcConnectionParams1.getDbName());
+    assertEquals(expectedHiveConf, jdbcConnectionParams1.getHiveConfs());
   }
 }

From 9b2ff854868fbc597be24cf9273045ab9901d068 Mon Sep 17 00:00:00 2001
From: Luning Wang <wang4luning@gmail.com>
Date: Thu, 16 Feb 2023 14:00:32 +0800
Subject: [PATCH 066/760] [KYUUBI #3085][DOCS] Add Hive FTS Connector

### _Why are the changes needed?_

Supply a FTS connector doc in Hive

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4337 from a49a/hive-fts-doc.

Closes #3085

7ec5b73f [Luning Wang] [KYUUBI #3085][DOCS] Add Hive FTS Connector

Authored-by: Luning Wang <wang4luning@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/connector/hive/flink_table_store.rst | 101 ++++++++++++++++++++++
 docs/connector/hive/index.rst             |   1 +
 2 files changed, 102 insertions(+)
 create mode 100644 docs/connector/hive/flink_table_store.rst

diff --git a/docs/connector/hive/flink_table_store.rst b/docs/connector/hive/flink_table_store.rst
new file mode 100644
index 000000000..893262189
--- /dev/null
+++ b/docs/connector/hive/flink_table_store.rst
@@ -0,0 +1,101 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+`Flink Table Store`_
+==========
+
+Flink Table Store is a unified storage to build dynamic tables for both streaming and batch processing in Flink,
+supporting high-speed data ingestion and timely data query.
+
+.. tip::
+   This article assumes that you have mastered the basic knowledge and operation of `Flink Table Store`_.
+   For the knowledge about Flink Table Store not mentioned in this article,
+   you can obtain it from its `Official Documentation`_.
+
+By using Kyuubi, we can run SQL queries towards Flink Table Store which is more
+convenient, easy to understand, and easy to expand than directly using
+Hive to manipulate Flink Table Store.
+
+Flink Table Store Integration
+-------------------
+
+To enable the integration of kyuubi flink sql engine and Flink Table Store, you need to:
+
+- Referencing the Flink Table Store :ref:`dependencies<hive-flink-table-store-deps>`
+- Setting the environment variable :ref:`configurations<hive-flink-table-store-conf>`
+
+.. _hive-flink-table-store-deps:
+
+Dependencies
+************
+
+The **classpath** of kyuubi hive sql engine with Iceberg supported consists of
+
+1. kyuubi-hive-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
+2. a copy of hive distribution
+3. flink-table-store-hive-connector-<flink-table-store.version>_<hive.binary.version>.jar (example: flink-table-store-hive-connector-0.4.0_3.1.jar), which can be found in the `Installation Table Store in Hive`_
+
+In order to make the Hive packages visible for the runtime classpath of engines, we can use one of these methods:
+
+1. You can create an auxlib folder under the root directory of Hive, and copy flink-table-store-hive-connector-0.4.0_3.1.jar into auxlib.
+2. Execute ADD JAR statement in the Kyuubi to add dependencies to Hive’s auxiliary classpath. For example:
+
+.. code-block:: sql
+
+   ADD JAR /path/to/flink-table-store-hive-connector-0.4.0_3.1.jar;
+
+.. warning::
+    The second method is not recommended. If you’re using the MR execution engine and running a join statement, you may be faced with the exception
+    ``org.apache.hive.com.esotericsoftware.kryo.kryoexception: unable to find class.``
+
+.. warning::
+   Please mind the compatibility of different Flink Table Store and Hive versions, which can be confirmed on the page of `Flink Table Store multi engine support`_.
+
+.. _hive-flink-table-store-conf:
+
+Configurations
+**************
+
+If you are using HDFS, make sure that the environment variable HADOOP_HOME or HADOOP_CONF_DIR is set.
+
+Flink Table Store  Operations
+------------------
+
+Flink Table Store only supports only reading table store tables through Hive.
+A common scenario is to write data with Flink and read data with Hive.
+You can follow this document `Flink Table Store Quick Start`_  to write data to a table store table
+and then use Kyuubi Hive SQL engine to query the table with the following SQL ``SELECT`` statement.
+
+Taking ``Query Data`` as an example,
+
+.. code-block:: sql
+
+    SELECT a, b FROM test_table ORDER BY a;
+
+Taking ``Query External Table`` as an example,
+
+.. code-block:: sql
+
+    CREATE EXTERNAL TABLE external_test_table
+    STORED BY 'org.apache.flink.table.store.hive.TableStoreHiveStorageHandler'
+    LOCATION '/path/to/table/store/warehouse/default.db/test_table';
+
+    SELECT a, b FROM test_table ORDER BY a;
+
+.. _Flink Table Store: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
+.. _Flink Table Store Quick Start: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/try-table-store/quick-start/
+.. _Official Documentation: https://nightlies.apache.org/flink/flink-table-store-docs-release-0.4/docs/engines/hive/
+.. _Installation Table Store in Hive: https://nightlies.apache.org/flink/flink-table-store-docs-release-0.4/docs/engines/hive/#installation
+.. _Flink Table Store multi engine support: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/engines/overview/
diff --git a/docs/connector/hive/index.rst b/docs/connector/hive/index.rst
index 2b2b863a6..961e1bc8b 100644
--- a/docs/connector/hive/index.rst
+++ b/docs/connector/hive/index.rst
@@ -19,4 +19,5 @@ Connectors for Hive SQL Query Engine
 .. toctree::
     :maxdepth: 2
 
+    flink_table_store
     iceberg

From 89fe835b93ea26d1c2ce5d9991a284449d16caa2 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 16 Feb 2023 15:05:53 +0800
Subject: [PATCH 067/760] [KYUUBI #4336] Avoid listing all schemas for Spark
 session catalog on schema pruning

### _Why are the changes needed?_

Some DBMS tools like DBeaver and HUE will call thrift meta api for listing catalogs, databases, and tables. The current implementation of `CatalogShim_v3_0#getSchemas` will call `listAllNamespaces` first and do schema pruning on the Spark driver, which may cause "permission denied" exception when HMS has permission control, like the ranger plugin.

This PR proposes to call HMS API(through v1 session catalog) directly for `spark_catalog`, to suppress the above issue.

```
2023-02-15 20:02:13.048 ERROR org.apache.kyuubi.server.KyuubiTBinaryFrontendService: Error getting schemas:
org.apache.kyuubi.KyuubiSQLException: Error operating GetSchemas: org.apache.spark.sql.AnalysisException: org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Permission denied: user [user1] does not have [SELECT] privilege on [userdb1])
        at org.apache.spark.sql.hive.HiveExternalCatalog.withClient(HiveExternalCatalog.scala:134)
        at org.apache.spark.sql.hive.HiveExternalCatalog.databaseExists(HiveExternalCatalog.scala:249)
        at org.apache.spark.sql.catalyst.catalog.ExternalCatalogWithListener.databaseExists(ExternalCatalogWithListener.scala:69)
        at org.apache.spark.sql.catalyst.catalog.SessionCatalog.databaseExists(SessionCatalog.scala:294)
        at org.apache.spark.sql.execution.datasources.v2.V2SessionCatalog.listNamespaces(V2SessionCatalog.scala:212)
        at org.apache.kyuubi.engine.spark.shim.CatalogShim_v3_0.$anonfun$listAllNamespaces$1(CatalogShim_v3_0.scala:74)
        at org.apache.kyuubi.engine.spark.shim.CatalogShim_v3_0.$anonfun$listAllNamespaces$1$adapted(CatalogShim_v3_0.scala:73)
        at scala.collection.TraversableLike.$anonfun$flatMap$1(TraversableLike.scala:293)
        at scala.collection.IndexedSeqOptimized.foreach(IndexedSeqOptimized.scala:36)
        at scala.collection.IndexedSeqOptimized.foreach$(IndexedSeqOptimized.scala:33)
        at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:198)
        at scala.collection.TraversableLike.flatMap(TraversableLike.scala:293)
        at scala.collection.TraversableLike.flatMap$(TraversableLike.scala:290)
        at scala.collection.mutable.ArrayOps$ofRef.flatMap(ArrayOps.scala:198)
        at org.apache.kyuubi.engine.spark.shim.CatalogShim_v3_0.listAllNamespaces(CatalogShim_v3_0.scala:73)
        at org.apache.kyuubi.engine.spark.shim.CatalogShim_v3_0.listAllNamespaces(CatalogShim_v3_0.scala:90)
        at org.apache.kyuubi.engine.spark.shim.CatalogShim_v3_0.getSchemasWithPattern(CatalogShim_v3_0.scala:118)
        at org.apache.kyuubi.engine.spark.shim.CatalogShim_v3_0.getSchemas(CatalogShim_v3_0.scala:133)
        at org.apache.kyuubi.engine.spark.operation.GetSchemas.runInternal(GetSchemas.scala:43)
        at org.apache.kyuubi.operation.AbstractOperation.run(AbstractOperation.scala:164)
        at org.apache.kyuubi.session.AbstractSession.runOperation(AbstractSession.scala:99)
        at org.apache.kyuubi.engine.spark.session.SparkSessionImpl.runOperation(SparkSessionImpl.scala:78)
        at org.apache.kyuubi.session.AbstractSession.getSchemas(AbstractSession.scala:150)
        at org.apache.kyuubi.service.AbstractBackendService.getSchemas(AbstractBackendService.scala:83)
        at org.apache.kyuubi.service.TFrontendService.GetSchemas(TFrontendService.scala:294)
        at org.apache.kyuubi.shade.org.apache.hive.service.rpc.thrift.TCLIService$Processor$GetSchemas.getResult(TCLIService.java:1617)
        at org.apache.kyuubi.shade.org.apache.hive.service.rpc.thrift.TCLIService$Processor$GetSchemas.getResult(TCLIService.java:1602)
        at org.apache.kyuubi.shade.org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.kyuubi.shade.org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at org.apache.kyuubi.service.authentication.TSetIpAddressProcessor.process(TSetIpAddressProcessor.scala:36)
        at org.apache.kyuubi.shade.org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:750)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4336 from pan3793/list-schemas.

Closes #4336

9ece864c [Cheng Pan] fix
f71587e9 [Cheng Pan] Avoid listing all schemas for Spark session catalog on schema prunning

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/spark/shim/CatalogShim_v2_4.scala      | 2 +-
 .../kyuubi/engine/spark/shim/CatalogShim_v3_0.scala      | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
index 3478abc66..0f6195acf 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
@@ -41,7 +41,7 @@ class CatalogShim_v2_4 extends SparkCatalogShim {
       catalogName: String,
       schemaPattern: String): Seq[Row] = {
     (spark.sessionState.catalog.listDatabases(schemaPattern) ++
-      getGlobalTempViewManager(spark, schemaPattern)).map(Row(_, ""))
+      getGlobalTempViewManager(spark, schemaPattern)).map(Row(_, SparkCatalogShim.SESSION_CATALOG))
   }
 
   def setCurrentDatabase(spark: SparkSession, databaseName: String): Unit = {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
index 50e641b59..a663ba636 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
@@ -129,13 +129,12 @@ class CatalogShim_v3_0 extends CatalogShim_v2_4 {
       spark: SparkSession,
       catalogName: String,
       schemaPattern: String): Seq[Row] = {
-    val catalog = getCatalog(spark, catalogName)
-    var schemas = getSchemasWithPattern(catalog, schemaPattern)
     if (catalogName == SparkCatalogShim.SESSION_CATALOG) {
-      val viewMgr = getGlobalTempViewManager(spark, schemaPattern)
-      schemas = schemas ++ viewMgr
+      super.getSchemas(spark, catalogName, schemaPattern)
+    } else {
+      val catalog = getCatalog(spark, catalogName)
+      getSchemasWithPattern(catalog, schemaPattern).map(Row(_, catalog.name))
     }
-    schemas.map(Row(_, catalog.name))
   }
 
   override def setCurrentDatabase(spark: SparkSession, databaseName: String): Unit = {

From 70f7c09b6a7a9ee84490a0c259287663e46d3451 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 16 Feb 2023 16:27:19 +0800
Subject: [PATCH 068/760] [KYUUBI #4340] Bump up markdown version from 3.3.7 to
 3.4.1

### _Why are the changes needed?_

Bump up markdown version from 3.3.7 to 3.4.1, the sphinx-markdown-tables has been upgraded to 0.0.17 in which the regression is resolved. It now conflicts with markdown 3.3.7

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4340 from yaooqinn/markdown.

Closes #4340

da950a74 [Kent Yao] Bump up markdown version form 3.3.7 to 3.4.1

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/requirements.txt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index 00a2eb136..ecc8116e7 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -17,8 +17,7 @@
 # under the License.
 #
 
-# we shall bypass markdown-3.4.1, see details in KYUUBI-3126
-markdown==3.3.7
+markdown==3.4.1
 recommonmark==0.7.1
 sphinx==4.5.0
 sphinx-book-theme==0.3.3

From c489e29697c73e3eec96aa3ff602e40f9a2c798a Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Thu, 16 Feb 2023 17:05:18 +0800
Subject: [PATCH 069/760] [KYUUBI #4305][Bug] Backport HIVE-15820: comment at
 the head of beeline -e

### _Why are the changes needed?_

close [#4305](https://github.com/apache/kyuubi/issues/4305)

### manual tests

```sql
bin/beeline -u jdbc:hive2://X:10009 -e "
--asd
select 1 as a
"
```

![image](https://user-images.githubusercontent.com/18713676/218910222-b829d447-e5b7-4d80-842b-2ddd4f47a26d.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4333 from lsm1/fix/beeline_comment_header.

Closes #4305

f932d4ead [senmiaoliu] reformat
9a071fb40 [senmiaoliu] added multi line ut
425c53631 [senmiaoliu] added ut
d4dc21a61 [senmiaoliu] comment at the head of beeline -e

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 .../java/org/apache/hive/beeline/KyuubiBeeLine.java |  6 ++++++
 .../org/apache/hive/beeline/KyuubiCommands.java     |  6 ++++--
 .../org/apache/hive/beeline/KyuubiBeeLineTest.java  | 13 +++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 7ca767148..92b96ccb4 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -29,6 +29,7 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
+import org.apache.hive.common.util.HiveStringUtils;
 
 public class KyuubiBeeLine extends BeeLine {
   public static final String KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER =
@@ -192,4 +193,9 @@ int initArgs(String[] args) {
     }
     return code;
   }
+
+  @Override
+  boolean dispatch(String line) {
+    return super.dispatch(HiveStringUtils.removeComments(line));
+  }
 }
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index aaa32739a..1a15638f1 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -23,6 +23,7 @@
 import java.sql.*;
 import java.util.*;
 import org.apache.hive.beeline.logs.KyuubiBeelineInPlaceUpdateStream;
+import org.apache.hive.common.util.HiveStringUtils;
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement;
 import org.apache.kyuubi.jdbc.hive.Utils;
 import org.apache.kyuubi.jdbc.hive.logs.InPlaceUpdateStream;
@@ -499,7 +500,7 @@ public boolean connect(Properties props) throws IOException {
 
   @Override
   public String handleMultiLineCmd(String line) throws IOException {
-    int[] startQuote = {-1};
+    line = HiveStringUtils.removeComments(line);
     Character mask =
         (System.getProperty("jline.terminal", "").equals("jline.UnsupportedTerminal"))
             ? null
@@ -530,7 +531,8 @@ public String handleMultiLineCmd(String line) throws IOException {
       if (extra == null) { // it happens when using -f and the line of cmds does not end with ;
         break;
       }
-      if (!extra.isEmpty()) {
+      extra = HiveStringUtils.removeComments(extra);
+      if (extra != null && !extra.isEmpty()) {
         line += "\n" + extra;
       }
     }
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
index b144c95c6..d571d9362 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
@@ -29,4 +29,17 @@ public void testKyuubiBeelineWithoutArgs() {
     int result = kyuubiBeeLine.initArgs(new String[0]);
     assertEquals(0, result);
   }
+
+  @Test
+  public void testKyuubiBeelineComment() {
+    KyuubiBeeLine kyuubiBeeLine = new KyuubiBeeLine();
+    int result = kyuubiBeeLine.initArgsFromCliVars(new String[] {"-e", "--comment show database;"});
+    assertEquals(0, result);
+    result = kyuubiBeeLine.initArgsFromCliVars(new String[] {"-e", "--comment\n show database;"});
+    assertEquals(1, result);
+    result =
+        kyuubiBeeLine.initArgsFromCliVars(
+            new String[] {"-e", "--comment line 1 \n    --comment line 2 \n show database;"});
+    assertEquals(1, result);
+  }
 }

From 6688b3dacf80ac519f6a0d56f8168d15166f5916 Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Thu, 16 Feb 2023 17:53:55 +0800
Subject: [PATCH 070/760] [KYUUBI #4328] Make Trino jdbc driver work

### _Why are the changes needed?_

according to `io.trino.jdbc.ColumnInfo`, there are some type requring signature parameter.
- varchar(n)
- char(n)
- decimal(precision, scale)

It failed with trino jdbc now
<img width="613" alt="image" src="https://user-images.githubusercontent.com/12025282/218707052-a2e9dc91-0333-483c-bc0a-96baec213578.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4328 from ulysses-you/fix-signature.

Closes #4328

aede5cec [ulysses-you] nit
ae1a7968 [ulysses-you] fix test
8ecdb346 [ulysses-you] Make Trino jdbc driver work

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .github/workflows/master.yml                  |   6 +-
 .../it/trino/server/TrinoFrontendSuite.scala  |  61 ++++++
 .../kyuubi/operation/HiveMetadataTests.scala  | 188 +++++++++++++++++-
 .../kyuubi/operation/SparkMetadataTests.scala | 187 -----------------
 .../kyuubi/client/api/v1/dto/VersionInfo.java |   7 +-
 .../server/trino/api/TrinoContext.scala       | 128 +++++++++---
 .../trino/api/TrinoScalaObjectMapper.scala    |  12 +-
 .../trino/api/v1/StatementResource.scala      |   3 +-
 .../kyuubi/server/trino/api/v1/dto/Ok.java    |  11 +-
 9 files changed, 383 insertions(+), 220 deletions(-)
 create mode 100644 integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index ed7403fbc..26d231297 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -294,9 +294,9 @@ jobs:
           check-latest: false
       - name: Build and test Trino with maven w/o linters
         run: |
-          TEST_MODULES="externals/kyuubi-trino-engine,integration-tests/kyuubi-trino-it"
-          ./build/mvn ${MVN_OPT} -pl ${TEST_MODULES} -am clean install -DskipTests
-          ./build/mvn ${MVN_OPT} -pl ${TEST_MODULES} test
+          TEST_MODULES="kyuubi-server,externals/kyuubi-trino-engine,externals/kyuubi-spark-sql-engine,externals/kyuubi-download,integration-tests/kyuubi-trino-it"
+          ./build/mvn ${MVN_OPT} -pl ${TEST_MODULES} -am -Pflink-provided -Phive-provided clean install -DskipTests
+          ./build/mvn -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -pl ${TEST_MODULES} -am -Pflink-provided -Phive-provided test -Dtest=none -DwildcardSuites=org.apache.kyuubi.it.trino.operation.TrinoOperationSuite,org.apache.kyuubi.it.trino.server.TrinoFrontendSuite
       - name: Upload test logs
         if: failure()
         uses: actions/upload-artifact@v3
diff --git a/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala b/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
new file mode 100644
index 000000000..bd8bf3eda
--- /dev/null
+++ b/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.it.trino.server
+
+import scala.util.control.NonFatal
+
+import org.apache.kyuubi.WithKyuubiServer
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.operation.SparkMetadataTests
+
+/**
+ * This test is for Trino jdbc driver with Kyuubi Server and Spark engine:
+ *
+ *  -------------------------------------------------------------
+ *  |                JDBC                                       |
+ *  |  Trino-driver  ---->  Kyuubi Server  -->  Spark Engine    |
+ *  |                                                           |
+ *  -------------------------------------------------------------
+ */
+class TrinoFrontendSuite extends WithKyuubiServer with SparkMetadataTests {
+  // TODO: Add more test cases
+
+  override protected val conf: KyuubiConf = {
+    KyuubiConf().set(KyuubiConf.FRONTEND_PROTOCOLS, Seq("TRINO"))
+  }
+  override protected def jdbcUrl: String = {
+    s"jdbc:trino://${server.frontendServices.head.connectionUrl}/;"
+  }
+
+  // trino jdbc driver requires enable SSL if specify password
+  override protected val password: String = ""
+
+  override def beforeAll(): Unit = {
+    super.beforeAll()
+
+    // eagerly start spark engine before running test, it's a workaround for trino jdbc driver
+    // since it does not support changing http connect timeout
+    try {
+      withJdbcStatement() { statement =>
+        statement.execute("SELECT 1")
+      }
+    } catch {
+      case NonFatal(e) =>
+    }
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HiveMetadataTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HiveMetadataTests.scala
index fe1f5f47b..aad31d5b8 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HiveMetadataTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HiveMetadataTests.scala
@@ -17,7 +17,11 @@
 
 package org.apache.kyuubi.operation
 
-import org.apache.kyuubi.Utils
+import java.sql.{DatabaseMetaData, ResultSet, SQLException, SQLFeatureNotSupportedException}
+
+import scala.util.Random
+
+import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiSQLException, Utils}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 
 // For `hive` external catalog only
@@ -98,4 +102,186 @@ trait HiveMetadataTests extends SparkMetadataTests {
       statement.execute(s"DROP VIEW IF EXISTS ${schemas(3)}.$view_global_test")
     }
   }
+
+  test("audit Kyuubi Hive JDBC connection common MetaData") {
+    withJdbcStatement() { statement =>
+      val metaData = statement.getConnection.getMetaData
+      Seq(
+        () => metaData.allProceduresAreCallable(),
+        () => metaData.getURL,
+        () => metaData.getUserName,
+        () => metaData.isReadOnly,
+        () => metaData.nullsAreSortedHigh,
+        () => metaData.nullsAreSortedLow,
+        () => metaData.nullsAreSortedAtStart(),
+        () => metaData.nullsAreSortedAtEnd(),
+        () => metaData.usesLocalFiles(),
+        () => metaData.usesLocalFilePerTable(),
+        () => metaData.supportsMixedCaseIdentifiers(),
+        () => metaData.supportsMixedCaseQuotedIdentifiers(),
+        () => metaData.storesUpperCaseIdentifiers(),
+        () => metaData.storesUpperCaseQuotedIdentifiers(),
+        () => metaData.storesLowerCaseIdentifiers(),
+        () => metaData.storesLowerCaseQuotedIdentifiers(),
+        () => metaData.storesMixedCaseIdentifiers(),
+        () => metaData.storesMixedCaseQuotedIdentifiers(),
+        () => metaData.nullPlusNonNullIsNull,
+        () => metaData.supportsConvert,
+        () => metaData.supportsTableCorrelationNames,
+        () => metaData.supportsDifferentTableCorrelationNames,
+        () => metaData.supportsExpressionsInOrderBy(),
+        () => metaData.supportsOrderByUnrelated,
+        () => metaData.supportsGroupByUnrelated,
+        () => metaData.supportsGroupByBeyondSelect,
+        () => metaData.supportsLikeEscapeClause,
+        () => metaData.supportsMultipleTransactions,
+        () => metaData.supportsMinimumSQLGrammar,
+        () => metaData.supportsCoreSQLGrammar,
+        () => metaData.supportsExtendedSQLGrammar,
+        () => metaData.supportsANSI92EntryLevelSQL,
+        () => metaData.supportsANSI92IntermediateSQL,
+        () => metaData.supportsANSI92FullSQL,
+        () => metaData.supportsIntegrityEnhancementFacility,
+        () => metaData.isCatalogAtStart,
+        () => metaData.supportsSubqueriesInComparisons,
+        () => metaData.supportsSubqueriesInExists,
+        () => metaData.supportsSubqueriesInIns,
+        () => metaData.supportsSubqueriesInQuantifieds,
+        // Spark support this, see https://issues.apache.org/jira/browse/SPARK-18455
+        () => metaData.supportsCorrelatedSubqueries,
+        () => metaData.supportsOpenCursorsAcrossCommit,
+        () => metaData.supportsOpenCursorsAcrossRollback,
+        () => metaData.supportsOpenStatementsAcrossCommit,
+        () => metaData.supportsOpenStatementsAcrossRollback,
+        () => metaData.getMaxBinaryLiteralLength,
+        () => metaData.getMaxCharLiteralLength,
+        () => metaData.getMaxColumnsInGroupBy,
+        () => metaData.getMaxColumnsInIndex,
+        () => metaData.getMaxColumnsInOrderBy,
+        () => metaData.getMaxColumnsInSelect,
+        () => metaData.getMaxColumnsInTable,
+        () => metaData.getMaxConnections,
+        () => metaData.getMaxCursorNameLength,
+        () => metaData.getMaxIndexLength,
+        () => metaData.getMaxSchemaNameLength,
+        () => metaData.getMaxProcedureNameLength,
+        () => metaData.getMaxCatalogNameLength,
+        () => metaData.getMaxRowSize,
+        () => metaData.doesMaxRowSizeIncludeBlobs,
+        () => metaData.getMaxStatementLength,
+        () => metaData.getMaxStatements,
+        () => metaData.getMaxTableNameLength,
+        () => metaData.getMaxTablesInSelect,
+        () => metaData.getMaxUserNameLength,
+        () => metaData.supportsTransactionIsolationLevel(1),
+        () => metaData.supportsDataDefinitionAndDataManipulationTransactions,
+        () => metaData.supportsDataManipulationTransactionsOnly,
+        () => metaData.dataDefinitionCausesTransactionCommit,
+        () => metaData.dataDefinitionIgnoredInTransactions,
+        () => metaData.getColumnPrivileges("", "%", "%", "%"),
+        () => metaData.getTablePrivileges("", "%", "%"),
+        () => metaData.getBestRowIdentifier("", "%", "%", 0, true),
+        () => metaData.getVersionColumns("", "%", "%"),
+        () => metaData.getExportedKeys("", "default", ""),
+        () => metaData.supportsResultSetConcurrency(ResultSet.TYPE_FORWARD_ONLY, 2),
+        () => metaData.ownUpdatesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.ownDeletesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.ownInsertsAreVisible(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.othersUpdatesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.othersDeletesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.othersInsertsAreVisible(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.updatesAreDetected(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.deletesAreDetected(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.insertsAreDetected(ResultSet.TYPE_FORWARD_ONLY),
+        () => metaData.supportsNamedParameters(),
+        () => metaData.supportsMultipleOpenResults,
+        () => metaData.supportsGetGeneratedKeys,
+        () => metaData.getSuperTypes("", "%", "%"),
+        () => metaData.getSuperTables("", "%", "%"),
+        () => metaData.getAttributes("", "%", "%", "%"),
+        () => metaData.getResultSetHoldability,
+        () => metaData.locatorsUpdateCopy,
+        () => metaData.supportsStatementPooling,
+        () => metaData.getRowIdLifetime,
+        () => metaData.supportsStoredFunctionsUsingCallSyntax,
+        () => metaData.autoCommitFailureClosesAllResultSets,
+        () => metaData.getFunctionColumns("", "%", "%", "%"),
+        () => metaData.getPseudoColumns("", "%", "%", "%"),
+        () => metaData.generatedKeyAlwaysReturned).foreach { func =>
+        val e = intercept[SQLFeatureNotSupportedException](func())
+        assert(e.getMessage === "Method not supported")
+      }
+
+      assert(metaData.allTablesAreSelectable)
+      assert(metaData.getClientInfoProperties.next)
+      assert(metaData.getDriverName === "Kyuubi Project Hive JDBC Client" ||
+        metaData.getDriverName === "Kyuubi Project Hive JDBC Shaded Client")
+      assert(metaData.getDriverVersion === KYUUBI_VERSION)
+      assert(
+        metaData.getIdentifierQuoteString === " ",
+        "This method returns a space \" \" if identifier quoting is not supported")
+      assert(metaData.getNumericFunctions === "")
+      assert(metaData.getStringFunctions === "")
+      assert(metaData.getSystemFunctions === "")
+      assert(metaData.getTimeDateFunctions === "")
+      assert(metaData.getSearchStringEscape === "\\")
+      assert(metaData.getExtraNameCharacters === "")
+      assert(metaData.supportsAlterTableWithAddColumn())
+      assert(!metaData.supportsAlterTableWithDropColumn())
+      assert(metaData.supportsColumnAliasing())
+      assert(metaData.supportsGroupBy)
+      assert(!metaData.supportsMultipleResultSets)
+      assert(!metaData.supportsNonNullableColumns)
+      assert(metaData.supportsOuterJoins)
+      assert(metaData.supportsFullOuterJoins)
+      assert(metaData.supportsLimitedOuterJoins)
+      assert(metaData.getSchemaTerm === "database")
+      assert(metaData.getProcedureTerm === "UDF")
+      assert(metaData.getCatalogTerm === "catalog")
+      assert(metaData.getCatalogSeparator === ".")
+      assert(metaData.supportsSchemasInDataManipulation)
+      assert(!metaData.supportsSchemasInProcedureCalls)
+      assert(metaData.supportsSchemasInTableDefinitions)
+      assert(!metaData.supportsSchemasInIndexDefinitions)
+      assert(!metaData.supportsSchemasInPrivilegeDefinitions)
+      assert(metaData.supportsCatalogsInDataManipulation)
+      assert(metaData.supportsCatalogsInProcedureCalls)
+      assert(metaData.supportsCatalogsInTableDefinitions)
+      assert(metaData.supportsCatalogsInIndexDefinitions)
+      assert(metaData.supportsCatalogsInPrivilegeDefinitions)
+      assert(!metaData.supportsPositionedDelete)
+      assert(!metaData.supportsPositionedUpdate)
+      assert(!metaData.supportsSelectForUpdate)
+      assert(!metaData.supportsStoredProcedures)
+      // This is actually supported, but hive jdbc package return false
+      assert(!metaData.supportsUnion)
+      assert(metaData.supportsUnionAll)
+      assert(metaData.getMaxColumnNameLength === 128)
+      assert(metaData.getDefaultTransactionIsolation === java.sql.Connection.TRANSACTION_NONE)
+      assert(!metaData.supportsTransactions)
+      assert(!metaData.getProcedureColumns("", "%", "%", "%").next())
+      val e1 = intercept[SQLException] {
+        metaData.getPrimaryKeys("", "default", "src").next()
+      }
+      assert(e1.getMessage.contains(KyuubiSQLException.featureNotSupported().getMessage))
+      assert(!metaData.getImportedKeys("", "default", "").next())
+
+      val e2 = intercept[SQLException] {
+        metaData.getCrossReference("", "default", "src", "", "default", "src2").next()
+      }
+      assert(e2.getMessage.contains(KyuubiSQLException.featureNotSupported().getMessage))
+      assert(!metaData.getIndexInfo("", "default", "src", true, true).next())
+
+      assert(metaData.supportsResultSetType(new Random().nextInt()))
+      assert(!metaData.supportsBatchUpdates)
+      assert(!metaData.getUDTs(",", "%", "%", null).next())
+      assert(!metaData.supportsSavepoints)
+      assert(!metaData.supportsResultSetHoldability(ResultSet.HOLD_CURSORS_OVER_COMMIT))
+      assert(metaData.getJDBCMajorVersion === 3)
+      assert(metaData.getJDBCMinorVersion === 0)
+      assert(metaData.getSQLStateType === DatabaseMetaData.sqlStateSQL)
+      assert(metaData.getMaxLogicalLobSize === 0)
+      assert(!metaData.supportsRefCursors)
+    }
+  }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkMetadataTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkMetadataTests.scala
index 4faf5bba4..97099ce47 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkMetadataTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkMetadataTests.scala
@@ -17,11 +17,6 @@
 
 package org.apache.kyuubi.operation
 
-import java.sql.{DatabaseMetaData, ResultSet, SQLException, SQLFeatureNotSupportedException}
-
-import scala.util.Random
-
-import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiSQLException}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 
 // For both `in-memory` and `hive` external catalog
@@ -292,186 +287,4 @@ trait SparkMetadataTests extends HiveJDBCTestHelper {
       assert(typeInfo.getInt(NUM_PREC_RADIX) === 0)
     }
   }
-
-  test("audit Kyuubi Hive JDBC connection common MetaData") {
-    withJdbcStatement() { statement =>
-      val metaData = statement.getConnection.getMetaData
-      Seq(
-        () => metaData.allProceduresAreCallable(),
-        () => metaData.getURL,
-        () => metaData.getUserName,
-        () => metaData.isReadOnly,
-        () => metaData.nullsAreSortedHigh,
-        () => metaData.nullsAreSortedLow,
-        () => metaData.nullsAreSortedAtStart(),
-        () => metaData.nullsAreSortedAtEnd(),
-        () => metaData.usesLocalFiles(),
-        () => metaData.usesLocalFilePerTable(),
-        () => metaData.supportsMixedCaseIdentifiers(),
-        () => metaData.supportsMixedCaseQuotedIdentifiers(),
-        () => metaData.storesUpperCaseIdentifiers(),
-        () => metaData.storesUpperCaseQuotedIdentifiers(),
-        () => metaData.storesLowerCaseIdentifiers(),
-        () => metaData.storesLowerCaseQuotedIdentifiers(),
-        () => metaData.storesMixedCaseIdentifiers(),
-        () => metaData.storesMixedCaseQuotedIdentifiers(),
-        () => metaData.nullPlusNonNullIsNull,
-        () => metaData.supportsConvert,
-        () => metaData.supportsTableCorrelationNames,
-        () => metaData.supportsDifferentTableCorrelationNames,
-        () => metaData.supportsExpressionsInOrderBy(),
-        () => metaData.supportsOrderByUnrelated,
-        () => metaData.supportsGroupByUnrelated,
-        () => metaData.supportsGroupByBeyondSelect,
-        () => metaData.supportsLikeEscapeClause,
-        () => metaData.supportsMultipleTransactions,
-        () => metaData.supportsMinimumSQLGrammar,
-        () => metaData.supportsCoreSQLGrammar,
-        () => metaData.supportsExtendedSQLGrammar,
-        () => metaData.supportsANSI92EntryLevelSQL,
-        () => metaData.supportsANSI92IntermediateSQL,
-        () => metaData.supportsANSI92FullSQL,
-        () => metaData.supportsIntegrityEnhancementFacility,
-        () => metaData.isCatalogAtStart,
-        () => metaData.supportsSubqueriesInComparisons,
-        () => metaData.supportsSubqueriesInExists,
-        () => metaData.supportsSubqueriesInIns,
-        () => metaData.supportsSubqueriesInQuantifieds,
-        // Spark support this, see https://issues.apache.org/jira/browse/SPARK-18455
-        () => metaData.supportsCorrelatedSubqueries,
-        () => metaData.supportsOpenCursorsAcrossCommit,
-        () => metaData.supportsOpenCursorsAcrossRollback,
-        () => metaData.supportsOpenStatementsAcrossCommit,
-        () => metaData.supportsOpenStatementsAcrossRollback,
-        () => metaData.getMaxBinaryLiteralLength,
-        () => metaData.getMaxCharLiteralLength,
-        () => metaData.getMaxColumnsInGroupBy,
-        () => metaData.getMaxColumnsInIndex,
-        () => metaData.getMaxColumnsInOrderBy,
-        () => metaData.getMaxColumnsInSelect,
-        () => metaData.getMaxColumnsInTable,
-        () => metaData.getMaxConnections,
-        () => metaData.getMaxCursorNameLength,
-        () => metaData.getMaxIndexLength,
-        () => metaData.getMaxSchemaNameLength,
-        () => metaData.getMaxProcedureNameLength,
-        () => metaData.getMaxCatalogNameLength,
-        () => metaData.getMaxRowSize,
-        () => metaData.doesMaxRowSizeIncludeBlobs,
-        () => metaData.getMaxStatementLength,
-        () => metaData.getMaxStatements,
-        () => metaData.getMaxTableNameLength,
-        () => metaData.getMaxTablesInSelect,
-        () => metaData.getMaxUserNameLength,
-        () => metaData.supportsTransactionIsolationLevel(1),
-        () => metaData.supportsDataDefinitionAndDataManipulationTransactions,
-        () => metaData.supportsDataManipulationTransactionsOnly,
-        () => metaData.dataDefinitionCausesTransactionCommit,
-        () => metaData.dataDefinitionIgnoredInTransactions,
-        () => metaData.getColumnPrivileges("", "%", "%", "%"),
-        () => metaData.getTablePrivileges("", "%", "%"),
-        () => metaData.getBestRowIdentifier("", "%", "%", 0, true),
-        () => metaData.getVersionColumns("", "%", "%"),
-        () => metaData.getExportedKeys("", "default", ""),
-        () => metaData.supportsResultSetConcurrency(ResultSet.TYPE_FORWARD_ONLY, 2),
-        () => metaData.ownUpdatesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.ownDeletesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.ownInsertsAreVisible(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.othersUpdatesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.othersDeletesAreVisible(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.othersInsertsAreVisible(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.updatesAreDetected(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.deletesAreDetected(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.insertsAreDetected(ResultSet.TYPE_FORWARD_ONLY),
-        () => metaData.supportsNamedParameters(),
-        () => metaData.supportsMultipleOpenResults,
-        () => metaData.supportsGetGeneratedKeys,
-        () => metaData.getSuperTypes("", "%", "%"),
-        () => metaData.getSuperTables("", "%", "%"),
-        () => metaData.getAttributes("", "%", "%", "%"),
-        () => metaData.getResultSetHoldability,
-        () => metaData.locatorsUpdateCopy,
-        () => metaData.supportsStatementPooling,
-        () => metaData.getRowIdLifetime,
-        () => metaData.supportsStoredFunctionsUsingCallSyntax,
-        () => metaData.autoCommitFailureClosesAllResultSets,
-        () => metaData.getFunctionColumns("", "%", "%", "%"),
-        () => metaData.getPseudoColumns("", "%", "%", "%"),
-        () => metaData.generatedKeyAlwaysReturned).foreach { func =>
-        val e = intercept[SQLFeatureNotSupportedException](func())
-        assert(e.getMessage === "Method not supported")
-      }
-
-      assert(metaData.allTablesAreSelectable)
-      assert(metaData.getClientInfoProperties.next)
-      assert(metaData.getDriverName === "Kyuubi Project Hive JDBC Client" ||
-        metaData.getDriverName === "Kyuubi Project Hive JDBC Shaded Client")
-      assert(metaData.getDriverVersion === KYUUBI_VERSION)
-      assert(
-        metaData.getIdentifierQuoteString === " ",
-        "This method returns a space \" \" if identifier quoting is not supported")
-      assert(metaData.getNumericFunctions === "")
-      assert(metaData.getStringFunctions === "")
-      assert(metaData.getSystemFunctions === "")
-      assert(metaData.getTimeDateFunctions === "")
-      assert(metaData.getSearchStringEscape === "\\")
-      assert(metaData.getExtraNameCharacters === "")
-      assert(metaData.supportsAlterTableWithAddColumn())
-      assert(!metaData.supportsAlterTableWithDropColumn())
-      assert(metaData.supportsColumnAliasing())
-      assert(metaData.supportsGroupBy)
-      assert(!metaData.supportsMultipleResultSets)
-      assert(!metaData.supportsNonNullableColumns)
-      assert(metaData.supportsOuterJoins)
-      assert(metaData.supportsFullOuterJoins)
-      assert(metaData.supportsLimitedOuterJoins)
-      assert(metaData.getSchemaTerm === "database")
-      assert(metaData.getProcedureTerm === "UDF")
-      assert(metaData.getCatalogTerm === "catalog")
-      assert(metaData.getCatalogSeparator === ".")
-      assert(metaData.supportsSchemasInDataManipulation)
-      assert(!metaData.supportsSchemasInProcedureCalls)
-      assert(metaData.supportsSchemasInTableDefinitions)
-      assert(!metaData.supportsSchemasInIndexDefinitions)
-      assert(!metaData.supportsSchemasInPrivilegeDefinitions)
-      assert(metaData.supportsCatalogsInDataManipulation)
-      assert(metaData.supportsCatalogsInProcedureCalls)
-      assert(metaData.supportsCatalogsInTableDefinitions)
-      assert(metaData.supportsCatalogsInIndexDefinitions)
-      assert(metaData.supportsCatalogsInPrivilegeDefinitions)
-      assert(!metaData.supportsPositionedDelete)
-      assert(!metaData.supportsPositionedUpdate)
-      assert(!metaData.supportsSelectForUpdate)
-      assert(!metaData.supportsStoredProcedures)
-      // This is actually supported, but hive jdbc package return false
-      assert(!metaData.supportsUnion)
-      assert(metaData.supportsUnionAll)
-      assert(metaData.getMaxColumnNameLength === 128)
-      assert(metaData.getDefaultTransactionIsolation === java.sql.Connection.TRANSACTION_NONE)
-      assert(!metaData.supportsTransactions)
-      assert(!metaData.getProcedureColumns("", "%", "%", "%").next())
-      val e1 = intercept[SQLException] {
-        metaData.getPrimaryKeys("", "default", "src").next()
-      }
-      assert(e1.getMessage.contains(KyuubiSQLException.featureNotSupported().getMessage))
-      assert(!metaData.getImportedKeys("", "default", "").next())
-
-      val e2 = intercept[SQLException] {
-        metaData.getCrossReference("", "default", "src", "", "default", "src2").next()
-      }
-      assert(e2.getMessage.contains(KyuubiSQLException.featureNotSupported().getMessage))
-      assert(!metaData.getIndexInfo("", "default", "src", true, true).next())
-
-      assert(metaData.supportsResultSetType(new Random().nextInt()))
-      assert(!metaData.supportsBatchUpdates)
-      assert(!metaData.getUDTs(",", "%", "%", null).next())
-      assert(!metaData.supportsSavepoints)
-      assert(!metaData.supportsResultSetHoldability(ResultSet.HOLD_CURSORS_OVER_COMMIT))
-      assert(metaData.getJDBCMajorVersion === 3)
-      assert(metaData.getJDBCMinorVersion === 0)
-      assert(metaData.getSQLStateType === DatabaseMetaData.sqlStateSQL)
-      assert(metaData.getMaxLogicalLobSize === 0)
-      assert(!metaData.supportsRefCursors)
-    }
-  }
 }
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/VersionInfo.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/VersionInfo.java
index 427272f41..5749c4e32 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/VersionInfo.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/VersionInfo.java
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.client.api.v1.dto;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import java.util.Objects;
 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@@ -26,10 +28,13 @@ public class VersionInfo {
 
   public VersionInfo() {}
 
-  public VersionInfo(String version) {
+  // Explicitly specifies JsonProperty to be compatible if disable auto detect feature
+  @JsonCreator
+  public VersionInfo(@JsonProperty("version") String version) {
     this.version = version;
   }
 
+  @JsonProperty
   public String getVersion() {
     return version;
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
index 0c7911a46..8c85f31d7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
@@ -20,13 +20,15 @@ package org.apache.kyuubi.server.trino.api
 import java.io.UnsupportedEncodingException
 import java.net.{URI, URLDecoder, URLEncoder}
 import java.util
+import java.util.Optional
 import javax.ws.rs.core.{HttpHeaders, Response}
 
 import scala.collection.JavaConverters._
 
-import io.trino.client.{ClientStandardTypes, ClientTypeSignature, Column, QueryError, QueryResults, StatementStats, Warning}
+import com.google.common.collect.ImmutableList
+import io.trino.client.{ClientStandardTypes, ClientTypeSignature, ClientTypeSignatureParameter, Column, NamedClientTypeSignature, QueryError, QueryResults, RowFieldName, StatementStats, Warning}
 import io.trino.client.ProtocolHeaders.TRINO_HEADERS
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet, TTypeId}
+import org.apache.hive.service.rpc.thrift.{TCLIServiceConstants, TGetResultSetMetadataResp, TRowSet, TTypeEntry, TTypeId}
 
 import org.apache.kyuubi.operation.OperationState.FINISHED
 import org.apache.kyuubi.operation.OperationStatus
@@ -216,32 +218,110 @@ object TrinoContext {
       0L)
   }
 
-  def convertTColumn(columns: TGetResultSetMetadataResp): util.List[Column] = {
+  private def convertTColumn(columns: TGetResultSetMetadataResp): util.List[Column] = {
     columns.getSchema.getColumns.asScala.map(c => {
-      val tp = c.getTypeDesc.getTypes.get(0).getPrimitiveEntry.getType match {
-        case TTypeId.BOOLEAN_TYPE => ClientStandardTypes.BOOLEAN
-        case TTypeId.TINYINT_TYPE => ClientStandardTypes.TINYINT
-        case TTypeId.SMALLINT_TYPE => ClientStandardTypes.SMALLINT
-        case TTypeId.INT_TYPE => ClientStandardTypes.INTEGER
-        case TTypeId.BIGINT_TYPE => ClientStandardTypes.BIGINT
-        case TTypeId.FLOAT_TYPE => ClientStandardTypes.DOUBLE
-        case TTypeId.DOUBLE_TYPE => ClientStandardTypes.DOUBLE
-        case TTypeId.STRING_TYPE => ClientStandardTypes.VARCHAR
-        case TTypeId.TIMESTAMP_TYPE => ClientStandardTypes.TIMESTAMP
-        case TTypeId.BINARY_TYPE => ClientStandardTypes.VARBINARY
-        case TTypeId.DECIMAL_TYPE => ClientStandardTypes.DECIMAL
-        case TTypeId.DATE_TYPE => ClientStandardTypes.DATE
-        case TTypeId.VARCHAR_TYPE => ClientStandardTypes.VARCHAR
-        case TTypeId.CHAR_TYPE => ClientStandardTypes.CHAR
-        case TTypeId.INTERVAL_YEAR_MONTH_TYPE => ClientStandardTypes.INTERVAL_YEAR_TO_MONTH
-        case TTypeId.INTERVAL_DAY_TIME_TYPE => ClientStandardTypes.TIME_WITH_TIME_ZONE
-        case TTypeId.TIMESTAMPLOCALTZ_TYPE => ClientStandardTypes.TIMESTAMP_WITH_TIME_ZONE
-        case _ => ClientStandardTypes.VARCHAR
-      }
-      new Column(c.getColumnName, tp, new ClientTypeSignature(tp))
+      val (tp, arguments) = toClientTypeSignature(c.getTypeDesc.getTypes.get(0))
+      new Column(c.getColumnName, tp, new ClientTypeSignature(tp, arguments))
     }).toList.asJava
   }
 
+  private def toClientTypeSignature(
+      entry: TTypeEntry): (String, util.List[ClientTypeSignatureParameter]) = {
+    // according to `io.trino.jdbc.ColumnInfo`
+    if (entry.isSetPrimitiveEntry) {
+      entry.getPrimitiveEntry.getType match {
+        case TTypeId.BOOLEAN_TYPE =>
+          (ClientStandardTypes.BOOLEAN, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.TINYINT_TYPE =>
+          (ClientStandardTypes.TINYINT, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.SMALLINT_TYPE =>
+          (ClientStandardTypes.SMALLINT, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.INT_TYPE =>
+          (ClientStandardTypes.INTEGER, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.BIGINT_TYPE =>
+          (ClientStandardTypes.BIGINT, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.FLOAT_TYPE =>
+          (ClientStandardTypes.DOUBLE, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.DOUBLE_TYPE =>
+          (ClientStandardTypes.DOUBLE, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.DATE_TYPE =>
+          (ClientStandardTypes.DATE, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.TIMESTAMP_TYPE =>
+          (ClientStandardTypes.TIMESTAMP, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.BINARY_TYPE =>
+          (ClientStandardTypes.VARBINARY, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.DECIMAL_TYPE =>
+          val map = entry.getPrimitiveEntry.getTypeQualifiers.getQualifiers
+          val precision = Option(map.get(TCLIServiceConstants.PRECISION)).map(_.getI32Value)
+            .getOrElse(38)
+          val scale = Option(map.get(TCLIServiceConstants.SCALE)).map(_.getI32Value)
+            .getOrElse(18)
+          (
+            ClientStandardTypes.DECIMAL,
+            ImmutableList.of(
+              ClientTypeSignatureParameter.ofLong(precision),
+              ClientTypeSignatureParameter.ofLong(scale)))
+        case TTypeId.STRING_TYPE =>
+          (
+            ClientStandardTypes.VARCHAR,
+            varcharSignatureParameter)
+        case TTypeId.VARCHAR_TYPE =>
+          (
+            ClientStandardTypes.VARCHAR,
+            varcharSignatureParameter)
+        case TTypeId.CHAR_TYPE =>
+          (ClientStandardTypes.CHAR, ImmutableList.of(ClientTypeSignatureParameter.ofLong(65536)))
+        case TTypeId.INTERVAL_YEAR_MONTH_TYPE =>
+          (
+            ClientStandardTypes.INTERVAL_YEAR_TO_MONTH,
+            ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.INTERVAL_DAY_TIME_TYPE =>
+          (ClientStandardTypes.TIME_WITH_TIME_ZONE, ImmutableList.of[ClientTypeSignatureParameter])
+        case TTypeId.TIMESTAMPLOCALTZ_TYPE =>
+          (
+            ClientStandardTypes.TIMESTAMP_WITH_TIME_ZONE,
+            ImmutableList.of[ClientTypeSignatureParameter])
+        case _ =>
+          (
+            ClientStandardTypes.VARCHAR,
+            varcharSignatureParameter)
+      }
+    } else if (entry.isSetArrayEntry) {
+      // thrift does not support nested types.
+      // it's quite hard to follow the hive way, so always return varchar
+      // TODO: make complex data type more accurate
+      (
+        ClientStandardTypes.ARRAY,
+        ImmutableList.of(ClientTypeSignatureParameter.ofType(
+          new ClientTypeSignature(ClientStandardTypes.VARCHAR, varcharSignatureParameter))))
+    } else if (entry.isSetMapEntry) {
+      (
+        ClientStandardTypes.MAP,
+        ImmutableList.of(
+          ClientTypeSignatureParameter.ofType(
+            new ClientTypeSignature(ClientStandardTypes.VARCHAR, varcharSignatureParameter)),
+          ClientTypeSignatureParameter.ofType(
+            new ClientTypeSignature(ClientStandardTypes.VARCHAR, varcharSignatureParameter))))
+    } else if (entry.isSetStructEntry) {
+      val parameters = entry.getStructEntry.getNameToTypePtr.asScala.map { case (k, v) =>
+        ClientTypeSignatureParameter.ofNamedType(
+          new NamedClientTypeSignature(
+            Optional.of(new RowFieldName(k)),
+            new ClientTypeSignature(ClientStandardTypes.VARCHAR, varcharSignatureParameter)))
+      }
+      (
+        ClientStandardTypes.ROW,
+        ImmutableList.copyOf(parameters.toArray))
+    } else {
+      throw new UnsupportedOperationException(s"Do not support type: $entry")
+    }
+  }
+
+  private def varcharSignatureParameter: util.List[ClientTypeSignatureParameter] = {
+    ImmutableList.of(ClientTypeSignatureParameter.ofLong(
+      ClientTypeSignature.VARCHAR_UNBOUNDED_LENGTH))
+  }
+
   def convertTRowSet(rowSet: TRowSet): util.List[util.List[Object]] = {
     val dataResult = new util.LinkedList[util.List[Object]]
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala
index f6055927a..33091e338 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoScalaObjectMapper.scala
@@ -19,13 +19,23 @@ package org.apache.kyuubi.server.trino.api
 
 import javax.ws.rs.ext.ContextResolver
 
-import com.fasterxml.jackson.databind.{DeserializationFeature, ObjectMapper}
+import com.fasterxml.jackson.databind.{DeserializationFeature, MapperFeature, ObjectMapper}
 import com.fasterxml.jackson.datatype.jdk8.Jdk8Module
 
 class TrinoScalaObjectMapper extends ContextResolver[ObjectMapper] {
 
+  // refer `io.trino.client.JsonCodec`
   private lazy val mapper = new ObjectMapper()
     .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
+    .disable(MapperFeature.AUTO_DETECT_CREATORS)
+    .disable(MapperFeature.AUTO_DETECT_FIELDS)
+    .disable(MapperFeature.AUTO_DETECT_SETTERS)
+    .disable(MapperFeature.AUTO_DETECT_GETTERS)
+    .disable(MapperFeature.AUTO_DETECT_IS_GETTERS)
+    .disable(MapperFeature.USE_GETTERS_AS_SETTERS)
+    .disable(MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS)
+    .disable(MapperFeature.INFER_PROPERTY_MUTATORS)
+    .disable(MapperFeature.ALLOW_FINAL_FIELDS_AS_MUTATORS)
     .registerModule(new Jdk8Module)
 
   override def getContext(aClass: Class[_]): ObjectMapper = mapper
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
index ee23c61f3..e051dbb23 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
@@ -80,9 +80,8 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
       case e: Exception =>
         val errorMsg =
           s"Error submitting sql"
-        e.printStackTrace()
         error(errorMsg, e)
-        throw badRequest(BAD_REQUEST, errorMsg)
+        throw badRequest(BAD_REQUEST, errorMsg + "\n" + e.getMessage)
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/dto/Ok.java b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/dto/Ok.java
index 50d04609f..982baa2ef 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/dto/Ok.java
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/dto/Ok.java
@@ -20,6 +20,9 @@
 
 
 import java.util.Objects;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
 
@@ -28,10 +31,16 @@ public class Ok {
 
     public Ok() {}
 
-    public Ok(String content) {
+    /**
+     * Follow Trino way that explicitly specifies the json property since we disable the jackson
+     * auto detect feature. See {@link org.apache.kyuubi.server.trino.api.TrinoScalaObjectMapper}
+     */
+    @JsonCreator
+    public Ok(@JsonProperty("content") String content) {
         this.content = content;
     }
 
+    @JsonProperty
     public String getContent() {
         return content;
     }

From 6e5f87d6b4e421c7089875ecc957c9dac0356002 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 17 Feb 2023 10:12:09 +0800
Subject: [PATCH 071/760] [KYUUBI #4344] Expose exec pool work queue size
 metrics

### _Why are the changes needed?_

It can help to know the backend pressure if the exec pool is full.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4344 from turboFei/wait_queue.

Closes #4344

161e3808a [fwang12] nit
6d122e238 [fwang12] save
55a4b499d [fwang12] version
668ff8bfe [fwang12] save
9f56b98a8 [fwang12] save
a401771ec [fwang12] wait

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/monitor/metrics.md                         |  1 +
 .../scala/org/apache/spark/ui/EnginePage.scala  |  4 ++++
 .../apache/kyuubi/session/SessionManager.scala  |  5 +++++
 .../kyuubi/metrics/MetricsConstants.scala       |  1 +
 .../client/api/v1/dto/ExecPoolStatistic.java    | 17 ++++++++++++++---
 .../kyuubi/server/api/v1/SessionsResource.scala |  3 ++-
 .../kyuubi/session/KyuubiSessionManager.scala   |  1 +
 7 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/docs/monitor/metrics.md b/docs/monitor/metrics.md
index 1d1fa326a..f128fd1a4 100644
--- a/docs/monitor/metrics.md
+++ b/docs/monitor/metrics.md
@@ -44,6 +44,7 @@ These metrics include:
 |--------------------------------------------------|----------------------------------------|-----------|-------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `kyuubi.exec.pool.threads.alive`                 |                                        | gauge     | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> threads keepAlive in the backend executive thread pool</div>                                                                                                                                                          |
 | `kyuubi.exec.pool.threads.active`                |                                        | gauge     | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> threads active in the backend executive thread pool</div>                                                                                                                                                             |
+| `kyuubi.exec.pool.work_queue.size`               |                                        | gauge     | 1.7.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> work queue size in the backend executive thread pool</div>                                                                                                                                                            |
 | `kyuubi.connection.total`                        |                                        | counter   | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'>  cumulative connection count</div>                                                                                                                                                                                    |
 | `kyuubi.connection.total`                        | `${sessionType}`                       | counter   | 1.7.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> cumulative connection count with session type `${sessionType}`</div>                                                                                                                                                  |
 | `kyuubi.connection.opened`                       |                                        | gauge     | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> current active connection count</div>                                                                                                                                                                                 |
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
index 0aba0c7c5..a2a2931f4 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
@@ -84,6 +84,10 @@ case class EnginePage(parent: EngineTab) extends WebUIPage("") {
           <strong>Background execution pool threads active: </strong>
           {engine.backendService.sessionManager.getActiveCount}
         </li>
+          <li>
+            <strong>Background execution pool work queue size: </strong>
+            {engine.backendService.sessionManager.getWorkQueueSize}
+          </li>
       }.getOrElse(Seq.empty)
     }
     </ul>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
index 662ac3e58..f8e77dd63 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
@@ -172,6 +172,11 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
     execPool.getActiveCount
   }
 
+  def getWorkQueueSize: Int = {
+    assert(execPool != null)
+    execPool.getQueue.size()
+  }
+
   private var _confRestrictList: Set[String] = _
   private var _confIgnoreList: Set[String] = _
   private var _batchConfIgnoreList: Set[String] = _
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
index 62c67266f..e97fd28ea 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
@@ -29,6 +29,7 @@ object MetricsConstants {
 
   final val EXEC_POOL_ALIVE: String = KYUUBI + "exec.pool.threads.alive"
   final val EXEC_POOL_ACTIVE: String = KYUUBI + "exec.pool.threads.active"
+  final val EXEC_POOL_WORK_QUEUE_SIZE: String = KYUUBI + "exec.pool.work_queue.size"
 
   final private val CONN = KYUUBI + "connection."
   final private val THRIFT_HTTP_CONN = KYUUBI + "thrift.http.connection."
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ExecPoolStatistic.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ExecPoolStatistic.java
index ee8a9f007..a40811f92 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ExecPoolStatistic.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ExecPoolStatistic.java
@@ -24,12 +24,14 @@
 public class ExecPoolStatistic {
   private int execPoolSize;
   private int execPoolActiveCount;
+  private int execPoolWorkQueueSize;
 
   public ExecPoolStatistic() {}
 
-  public ExecPoolStatistic(int execPoolSize, int execPoolActiveCount) {
+  public ExecPoolStatistic(int execPoolSize, int execPoolActiveCount, int execPoolWorkQueueSize) {
     this.execPoolSize = execPoolSize;
     this.execPoolActiveCount = execPoolActiveCount;
+    this.execPoolWorkQueueSize = execPoolWorkQueueSize;
   }
 
   public int getExecPoolSize() {
@@ -48,18 +50,27 @@ public void setExecPoolActiveCount(int execPoolActiveCount) {
     this.execPoolActiveCount = execPoolActiveCount;
   }
 
+  public int getExecPoolWorkQueueSize() {
+    return execPoolWorkQueueSize;
+  }
+
+  public void setExecPoolWorkQueueSize(int execPoolWorkQueueSize) {
+    this.execPoolWorkQueueSize = execPoolWorkQueueSize;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
     if (o == null || getClass() != o.getClass()) return false;
     ExecPoolStatistic that = (ExecPoolStatistic) o;
     return getExecPoolSize() == that.getExecPoolSize()
-        && getExecPoolActiveCount() == that.getExecPoolActiveCount();
+        && getExecPoolActiveCount() == that.getExecPoolActiveCount()
+        && getExecPoolWorkQueueSize() == that.getExecPoolWorkQueueSize();
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(getExecPoolSize(), getExecPoolActiveCount());
+    return Objects.hash(getExecPoolSize(), getExecPoolActiveCount(), getExecPoolWorkQueueSize());
   }
 
   @Override
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index dd4a8c3a7..84b19eb00 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -131,7 +131,8 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
   def execPoolStatistic(): ExecPoolStatistic = {
     new ExecPoolStatistic(
       sessionManager.getExecPoolSize,
-      sessionManager.getActiveCount)
+      sessionManager.getActiveCount,
+      sessionManager.getWorkQueueSize)
   }
 
   @ApiResponse(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 54d5b8b24..207ae4c4d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -239,6 +239,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       ms.registerGauge(CONN_OPEN, getOpenSessionCount, 0)
       ms.registerGauge(EXEC_POOL_ALIVE, getExecPoolSize, 0)
       ms.registerGauge(EXEC_POOL_ACTIVE, getActiveCount, 0)
+      ms.registerGauge(EXEC_POOL_WORK_QUEUE_SIZE, getWorkQueueSize, 0)
     }
     super.start()
   }

From b77c8847f51f7d8aa456f45670c8def4d5e4d151 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 17 Feb 2023 10:17:46 +0800
Subject: [PATCH 072/760] [KYUUBI #4347] Bump maven download plugin from 1.6.6
 to 1.6.8

### _Why are the changes needed?_

- 1.6.8 release note: https://github.com/maven-download-plugin/maven-download-plugin/releases/tag/1.6.8

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4347 from bowenliang123/maven-download-plugin-1.6.8.

Closes #4347

947767d1 [liangbowen] bump maven download plugin version from 1.6.6 to 1.6.8

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 644119ece..fab9fd2fb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -212,7 +212,7 @@
         <jars.target.dir>${project.build.directory}/scala-${scala.binary.version}/jars</jars.target.dir>
 
         <maven.plugin.build.helper.version>3.3.0</maven.plugin.build.helper.version>
-        <maven.plugin.download.version>1.6.6</maven.plugin.download.version>
+        <maven.plugin.download.version>1.6.8</maven.plugin.download.version>
         <maven.plugin.enforcer.mojo.rules.version>1.6.1</maven.plugin.enforcer.mojo.rules.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
         <maven.plugin.surefire.version>3.0.0-M8</maven.plugin.surefire.version>

From 0be3cbff6e35c8e86635bfe6d856d0dfa148247d Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 17 Feb 2023 11:39:32 +0800
Subject: [PATCH 073/760] [KYUUBI #4282] Fix ConcurrentModificationException
 when log4j2 async enabled

### _Why are the changes needed?_

This PR proposes to fix #4282, since log4j2 supports async mode, we need to make sure the `Log4j2DivertAppender#append` is thread-safe.

This PR also changes `OperationLog.getCurrentOperationLog` from `OperationLog` to `Option[OperationLog]`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4300 from pan3793/log.

Closes #4282

010e34b0 [Cheng Pan] fix
068405b2 [Cheng Pan] fix compile
c79dedd5 [Cheng Pan] Use write lock instead
3daf8a4d [Cheng Pan] nit
94176a04 [Cheng Pan] [KYUUBI #4282] Fix ConcurrentModificationException when log4j2 async enabled

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../operation/log/Log4j12DivertAppender.scala |  5 +--
 .../operation/log/Log4j2DivertAppender.scala  | 38 ++++++++++---------
 .../kyuubi/operation/log/OperationLog.scala   |  2 +-
 .../operation/log/OperationLogSuite.scala     |  4 +-
 .../server/api/v1/BatchesResource.scala       | 19 ++++++----
 5 files changed, 38 insertions(+), 30 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala
index 1191e94ae..df2ef93d8 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala
@@ -39,7 +39,7 @@ class Log4j12DivertAppender extends WriterAppender {
   setLayout(lo)
 
   addFilter { _: LoggingEvent =>
-    if (OperationLog.getCurrentOperationLog == null) Filter.DENY else Filter.NEUTRAL
+    if (OperationLog.getCurrentOperationLog.isDefined) Filter.NEUTRAL else Filter.DENY
   }
 
   /**
@@ -51,8 +51,7 @@ class Log4j12DivertAppender extends WriterAppender {
     // That should've gone into our writer. Notify the LogContext.
     val logOutput = writer.toString
     writer.reset()
-    val log = OperationLog.getCurrentOperationLog
-    if (log != null) log.write(logOutput)
+    OperationLog.getCurrentOperationLog.foreach(_.write(logOutput))
   }
 }
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
index 68753cf98..dc4b24a8c 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.operation.log
 
 import java.io.CharArrayWriter
+import java.util.concurrent.locks.ReadWriteLock
 
 import scala.collection.JavaConverters._
 
@@ -27,6 +28,8 @@ import org.apache.logging.log4j.core.appender.{AbstractWriterAppender, ConsoleAp
 import org.apache.logging.log4j.core.filter.AbstractFilter
 import org.apache.logging.log4j.core.layout.PatternLayout
 
+import org.apache.kyuubi.reflection.DynFields
+
 class Log4j2DivertAppender(
     name: String,
     layout: StringLayout,
@@ -52,22 +55,19 @@ class Log4j2DivertAppender(
 
   addFilter(new AbstractFilter() {
     override def filter(event: LogEvent): Filter.Result = {
-      if (OperationLog.getCurrentOperationLog == null) {
-        Filter.Result.DENY
-      } else {
+      if (OperationLog.getCurrentOperationLog.isDefined) {
         Filter.Result.NEUTRAL
+      } else {
+        Filter.Result.DENY
       }
     }
   })
 
-  def initLayout(): StringLayout = {
-    LogManager.getRootLogger.asInstanceOf[org.apache.logging.log4j.core.Logger]
-      .getAppenders.values().asScala
-      .find(ap => ap.isInstanceOf[ConsoleAppender] && ap.getLayout.isInstanceOf[StringLayout])
-      .map(_.getLayout.asInstanceOf[StringLayout])
-      .getOrElse(PatternLayout.newBuilder().withPattern(
-        "%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n").build())
-  }
+  private val writeLock = DynFields.builder()
+    .hiddenImpl(classOf[AbstractWriterAppender[_]], "readWriteLock")
+    .build[ReadWriteLock](this)
+    .get()
+    .writeLock
 
   /**
    * Overrides AbstractWriterAppender.append(), which does the real logging. No need
@@ -75,11 +75,15 @@ class Log4j2DivertAppender(
    */
   override def append(event: LogEvent): Unit = {
     super.append(event)
-    // That should've gone into our writer. Notify the LogContext.
-    val logOutput = writer.toString
-    writer.reset()
-    val log = OperationLog.getCurrentOperationLog
-    if (log != null) log.write(logOutput)
+    writeLock.lock()
+    try {
+      // That should've gone into our writer. Notify the LogContext.
+      val logOutput = writer.toString
+      writer.reset()
+      OperationLog.getCurrentOperationLog.foreach(_.write(logOutput))
+    } finally {
+      writeLock.unlock()
+    }
   }
 }
 
@@ -95,7 +99,7 @@ object Log4j2DivertAppender {
 
   def initialize(): Unit = {
     val ap = new Log4j2DivertAppender()
-    org.apache.logging.log4j.LogManager.getRootLogger()
+    org.apache.logging.log4j.LogManager.getRootLogger
       .asInstanceOf[org.apache.logging.log4j.core.Logger].addAppender(ap)
     ap.start()
   }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
index 84c4ed55c..e6312d0fb 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
@@ -44,7 +44,7 @@ object OperationLog extends Logging {
     OPERATION_LOG.set(operationLog)
   }
 
-  def getCurrentOperationLog: OperationLog = OPERATION_LOG.get()
+  def getCurrentOperationLog: Option[OperationLog] = Option(OPERATION_LOG.get)
 
   def removeCurrentOperationLog(): Unit = OPERATION_LOG.remove()
 
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
index 758eeeeaf..fe3cbc7fc 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
@@ -61,10 +61,10 @@ class OperationLogSuite extends KyuubiFunSuite {
     assert(!Files.exists(logFile))
 
     OperationLog.setCurrentOperationLog(operationLog)
-    assert(OperationLog.getCurrentOperationLog === operationLog)
+    assert(OperationLog.getCurrentOperationLog === Some(operationLog))
 
     OperationLog.removeCurrentOperationLog()
-    assert(OperationLog.getCurrentOperationLog === null)
+    assert(OperationLog.getCurrentOperationLog.isEmpty)
 
     operationLog.write(msg1 + "\n")
     assert(Files.exists(logFile))
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 969362f7d..d308c26d5 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -18,7 +18,8 @@
 package org.apache.kyuubi.server.api.v1
 
 import java.io.InputStream
-import java.util.Locale
+import java.util
+import java.util.{Collections, Locale}
 import java.util.concurrent.ConcurrentHashMap
 import javax.ws.rs._
 import javax.ws.rs.core.MediaType
@@ -318,12 +319,16 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     Option(sessionManager.getBatchSessionImpl(sessionHandle)).map { batchSession =>
       try {
         val submissionOp = batchSession.batchJobSubmissionOp
-        val rowSet = submissionOp.getOperationLogRowSet(
-          FetchOrientation.FETCH_NEXT,
-          from,
-          size)
-        val logRowSet = rowSet.getColumns.get(0).getStringVal.getValues.asScala
-        new OperationLog(logRowSet.asJava, logRowSet.size)
+        val rowSet = submissionOp.getOperationLogRowSet(FetchOrientation.FETCH_NEXT, from, size)
+        val columns = rowSet.getColumns
+        val logRowSet: util.List[String] =
+          if (columns == null || columns.size == 0) {
+            Collections.emptyList()
+          } else {
+            assert(columns.size == 1)
+            columns.get(0).getStringVal.getValues
+          }
+        new OperationLog(logRowSet, logRowSet.size)
       } catch {
         case NonFatal(e) =>
           val errorMsg = s"Error getting operation log for batchId: $batchId"

From 7538b99e2c60997fc978abbc264220b7f2a43bcf Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 17 Feb 2023 23:27:36 +0800
Subject: [PATCH 074/760] [KYUUBI #4346] [DOCS] Add config type
 `userDefaultsConf` for config refreshing of admin tool

### _Why are the changes needed?_

- add config type `userDefaultsConf` (which is introduced in #3982 ) for config refreshing of admin tool
<img width="784" alt="image" src="https://user-images.githubusercontent.com/1935105/219381858-76b5d1dd-2a49-4fd7-bd3a-06178b6871e9.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4346 from bowenliang123/doc-refresh-userconfigs.

Closes #4346

3ada9db4 [liangbowen] add config type `userDefaultsConf` for `kyuubi-admin refresh config`
cc3df715 [liangbowen] add config type `userDefaultsConf` for `kyuubi-admin refresh config`

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/tools/kyuubi-admin.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/tools/kyuubi-admin.rst b/docs/tools/kyuubi-admin.rst
index cf60f67b1..c881277fe 100644
--- a/docs/tools/kyuubi-admin.rst
+++ b/docs/tools/kyuubi-admin.rst
@@ -69,6 +69,8 @@ Usage: ``bin/kyuubi-admin refresh config [options] [<configType>]``
      - Description
    * - hadoopConf
      - The hadoop conf used for proxy user verification.
+   * - userDefaultsConf
+     - Refresh the user defaults configs with key in format in the form of `___{username}___.{config key}` from default property file.
 
 .. _list_engine:
 

From 1cc14f1469939bc1fe8c816e46cca7758ea4f42e Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Sat, 18 Feb 2023 00:44:21 +0800
Subject: [PATCH 075/760] [KYUUBI #4361] Fix broken link in `kerberos.rst`

### _Why are the changes needed?_

Fix broken link in `kerberos.rst`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4361 from Yikf/kerberos-doc.

Closes #4361

26145902 [Yikf] fix break link

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Yikf <yikaifei@apache.org>
---
 docs/security/kerberos.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/security/kerberos.rst b/docs/security/kerberos.rst
index c4bca8e82..8c871ce67 100644
--- a/docs/security/kerberos.rst
+++ b/docs/security/kerberos.rst
@@ -115,4 +115,4 @@ Refresh all the kyuubi server instances
 Restart all the kyuubi server instances or `Refresh Configurations`_ to activate the settings.
 
 .. _Hadoop Impersonation: https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/Superusers.html
-.. _Refresh Configurations: ..tools/kyuubi-admin.html#refresh-config
+.. _Refresh Configurations: ../tools/kyuubi-admin.html#refresh-config

From ba1a8682eac6e328d6161329ea2948d31624249a Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 18 Feb 2023 00:54:11 +0800
Subject: [PATCH 076/760] [KYUUBI #4360] Support to refresh the unlimited users
 for session limiter

### _Why are the changes needed?_

Support to refresh the unlimited users for session limiter, so that we can unblock some customers without restart the kyuubi server.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4360 from turboFei/limier_whitelist.

Closes #4360

c846148bd [fwang12] typo
839e71365 [fwang12] nit
904bc9fbc [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                   |  2 +-
 docs/tools/kyuubi-admin.rst                   |  4 +++-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  2 +-
 .../cmd/refresh/RefreshConfigCommand.scala    |  4 +++-
 .../kyuubi/ctl/opt/AdminCommandLine.scala     |  2 +-
 .../ctl/AdminControlCliArgumentsSuite.scala   | 15 ++++++++++++---
 .../apache/kyuubi/client/AdminRestApi.java    |  5 +++++
 .../apache/kyuubi/server/KyuubiServer.scala   | 11 +++++++++++
 .../kyuubi/server/api/v1/AdminResource.scala  | 19 +++++++++++++++++++
 .../kyuubi/session/KyuubiSessionManager.scala |  5 +++++
 .../kyuubi/session/SessionLimiter.scala       | 16 +++++++++++++---
 .../server/api/v1/AdminResourceSuite.scala    | 18 ++++++++++++++++++
 12 files changed, 92 insertions(+), 11 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 7391f4241..8d0e32436 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -457,7 +457,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int    | 1.6.0 |
 | kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int    | 1.6.0 |
 | kyuubi.server.limit.connections.per.user.ipaddress       | &lt;undefined&gt; | Maximum kyuubi server connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                      | int    | 1.6.0 |
-| kyuubi.server.limit.connections.user.unlimited.list                         || The maximin connections of the user in the white list will not be limited.                                                                                                                                                                     | seq    | 1.7.0 |
+| kyuubi.server.limit.connections.user.unlimited.list                         || The maximum connections of the user in the white list will not be limited.                                                                                                                                                                     | seq    | 1.7.0 |
 | kyuubi.server.name                                       | &lt;undefined&gt; | The name of Kyuubi Server.                                                                                                                                                                                                                     | string | 1.5.0 |
 | kyuubi.server.redaction.regex                            | &lt;undefined&gt; | Regex to decide which Kyuubi contain sensitive information. When this regex matches a property key or value, the value is redacted from the various logs.                                                                                              || 1.6.0 |
 
diff --git a/docs/tools/kyuubi-admin.rst b/docs/tools/kyuubi-admin.rst
index c881277fe..606396593 100644
--- a/docs/tools/kyuubi-admin.rst
+++ b/docs/tools/kyuubi-admin.rst
@@ -70,7 +70,9 @@ Usage: ``bin/kyuubi-admin refresh config [options] [<configType>]``
    * - hadoopConf
      - The hadoop conf used for proxy user verification.
    * - userDefaultsConf
-     - Refresh the user defaults configs with key in format in the form of `___{username}___.{config key}` from default property file.
+     - The user defaults configs with key in format in the form of `___{username}___.{config key}` from default property file.
+   * - unlimitedUsers
+     - The users without maximum connections limitation.
 
 .. _list_engine:
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 01bd46bd3..14a05e749 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2333,7 +2333,7 @@ object KyuubiConf {
 
   val SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST: ConfigEntry[Seq[String]] =
     buildConf("kyuubi.server.limit.connections.user.unlimited.list")
-      .doc("The maximin connections of the user in the white list will not be limited.")
+      .doc("The maximum connections of the user in the white list will not be limited.")
       .version("1.7.0")
       .serverOnly
       .stringConf
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
index b658c0e45..69aa0c3d0 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.client.AdminRestApi
 import org.apache.kyuubi.ctl.RestClientFactory.withKyuubiRestClient
 import org.apache.kyuubi.ctl.cmd.AdminCtlCommand
-import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommandConfigType.{HADOOP_CONF, USER_DEFAULTS_CONF}
+import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommandConfigType.{HADOOP_CONF, UNLIMITED_USERS, USER_DEFAULTS_CONF}
 import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.{Tabulator, Validator}
 
@@ -36,6 +36,7 @@ class RefreshConfigCommand(cliConfig: CliConfig) extends AdminCtlCommand[String]
       normalizedCliConfig.adminConfigOpts.configType match {
         case HADOOP_CONF => adminRestApi.refreshHadoopConf()
         case USER_DEFAULTS_CONF => adminRestApi.refreshUserDefaultsConf()
+        case UNLIMITED_USERS => adminRestApi.refreshUnlimitedUsers()
         case configType => throw new KyuubiException(s"Invalid config type:$configType")
       }
     }
@@ -48,4 +49,5 @@ class RefreshConfigCommand(cliConfig: CliConfig) extends AdminCtlCommand[String]
 object RefreshConfigCommandConfigType {
   final val HADOOP_CONF = "hadoopConf"
   final val USER_DEFAULTS_CONF = "userDefaultsConf"
+  final val UNLIMITED_USERS = "unlimitedUsers"
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
index 59ad7f5fc..b1a70935b 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
@@ -102,6 +102,6 @@ object AdminCommandLine extends CommonCommandLine {
           .optional()
           .action((v, c) => c.copy(adminConfigOpts = c.adminConfigOpts.copy(configType = v)))
           .text("The valid config type can be one of the following: " +
-            s"$HADOOP_CONF, $USER_DEFAULTS_CONF."))
+            s"$HADOOP_CONF, $USER_DEFAULTS_CONF, $UNLIMITED_USERS."))
   }
 }
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
index afb946e92..dab796127 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
@@ -63,7 +63,7 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
     val opArgs = new AdminControlCliArguments(args)
     assert(opArgs.cliConfig.action === ControlAction.REFRESH)
     assert(opArgs.cliConfig.resource === ControlObject.CONFIG)
-    assert(opArgs.cliConfig.adminConfigOpts.configType === "hadoopConf")
+    assert(opArgs.cliConfig.adminConfigOpts.configType === HADOOP_CONF)
 
     args = Array(
       "refresh",
@@ -72,7 +72,16 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
     val opArgs2 = new AdminControlCliArguments(args)
     assert(opArgs2.cliConfig.action === ControlAction.REFRESH)
     assert(opArgs2.cliConfig.resource === ControlObject.CONFIG)
-    assert(opArgs2.cliConfig.adminConfigOpts.configType === "userDefaultsConf")
+    assert(opArgs2.cliConfig.adminConfigOpts.configType === USER_DEFAULTS_CONF)
+
+    args = Array(
+      "refresh",
+      "config",
+      "unlimitedUsers")
+    val opArgs3 = new AdminControlCliArguments(args)
+    assert(opArgs3.cliConfig.action === ControlAction.REFRESH)
+    assert(opArgs3.cliConfig.resource === ControlObject.CONFIG)
+    assert(opArgs3.cliConfig.adminConfigOpts.configType === UNLIMITED_USERS)
 
     args = Array(
       "refresh",
@@ -147,7 +156,7 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
          |	Refresh the resource.
          |Command: refresh config [<configType>]
          |	Refresh the config with specified type.
-         |  <configType>             The valid config type can be one of the following: $HADOOP_CONF, $USER_DEFAULTS_CONF.
+         |  <configType>             The valid config type can be one of the following: $HADOOP_CONF, $USER_DEFAULTS_CONF, $UNLIMITED_USERS.
          |
          |  -h, --help               Show help message and exit.""".stripMargin
     // scalastyle:on
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index da9782df5..b8bfe7ee1 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -44,6 +44,11 @@ public String refreshUserDefaultsConf() {
     return this.getClient().post(path, null, client.getAuthHeader());
   }
 
+  public String refreshUnlimitedUsers() {
+    String path = String.format("%s/%s", API_BASE_PATH, "refresh/unlimited_users");
+    return this.getClient().post(path, null, client.getAuthHeader());
+  }
+
   public String deleteEngine(
       String engineType, String shareLevel, String subdomain, String hs2ProxyUser) {
     Map<String, Object> params = new HashMap<>();
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index fbdaf85cc..df163bd1e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -33,6 +33,7 @@ import org.apache.kyuubi.ha.client.{AuthTypes, ServiceDiscovery}
 import org.apache.kyuubi.metrics.{MetricsConf, MetricsSystem}
 import org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStoreConf
 import org.apache.kyuubi.service.{AbstractBackendService, AbstractFrontendService, Serverable, ServiceState}
+import org.apache.kyuubi.session.KyuubiSessionManager
 import org.apache.kyuubi.util.{KyuubiHadoopUtils, SignalRegister}
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 
@@ -128,6 +129,16 @@ object KyuubiServer extends Logging {
     info(s"Refreshed user defaults configs with changes of " +
       s"unset: $unsetCount, updated: $updatedCount, added: $addedCount")
   }
+
+  private[kyuubi] def refreshUnlimitedUsers(): Unit = synchronized {
+    val existingUnlimitedUsers =
+      kyuubiServer.conf.get(KyuubiConf.SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).toSet
+    val refreshedUnlimitedUsers = KyuubiConf().loadFileDefaults().get(
+      KyuubiConf.SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).toSet
+    kyuubiServer.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
+      .refreshUnlimitedUsers(refreshedUnlimitedUsers)
+    info(s"Refreshed unlimited users from $existingUnlimitedUsers to $refreshedUnlimitedUsers")
+  }
 }
 
 class KyuubiServer(name: String) extends Serverable(name) {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index e3fcc7527..6e05ee27c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -82,6 +82,25 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     Response.ok(s"Refresh the user defaults conf successfully.").build()
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
+    description = "refresh the unlimited users")
+  @POST
+  @Path("refresh/unlimited_users")
+  def refreshUnlimitedUser(): Response = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Receive refresh unlimited users request from $userName/$ipAddress")
+    if (!userName.equals(administrator)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to refresh the unlimited users")
+    }
+    info(s"Reloading unlimited users")
+    KyuubiServer.refreshUnlimitedUsers()
+    Response.ok(s"Refresh the unlimited users successfully.").build()
+  }
+
   @ApiResponse(
     responseCode = "200",
     content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 207ae4c4d..038c02564 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -300,6 +300,11 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       userUnlimitedList)
   }
 
+  private[kyuubi] def refreshUnlimitedUsers(userUnlimitedList: Set[String]): Unit = {
+    limiter.foreach(SessionLimiter.resetUnlimitedUsers(_, userUnlimitedList))
+    batchLimiter.foreach(SessionLimiter.resetUnlimitedUsers(_, userUnlimitedList))
+  }
+
   private def applySessionLimiter(
       userLimit: Int,
       ipAddressLimit: Int,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
index b7acbac3d..6cf739c39 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
@@ -105,7 +105,7 @@ class SessionLimiterWithUnlimitedUsersImpl(
     userLimit: Int,
     ipAddressLimit: Int,
     userIpAddressLimit: Int,
-    unlimitedUsers: Set[String])
+    var unlimitedUsers: Set[String])
   extends SessionLimiterImpl(userLimit, ipAddressLimit, userIpAddressLimit) {
   override def increment(userIpAddress: UserIpAddress): Unit = {
     if (!unlimitedUsers.contains(userIpAddress.user)) {
@@ -118,6 +118,10 @@ class SessionLimiterWithUnlimitedUsersImpl(
       super.decrement(userIpAddress)
     }
   }
+
+  private[kyuubi] def setUnlimitedUsers(unlimitedUsers: Set[String]): Unit = {
+    this.unlimitedUsers = unlimitedUsers
+  }
 }
 
 object SessionLimiter {
@@ -126,12 +130,18 @@ object SessionLimiter {
       userLimit: Int,
       ipAddressLimit: Int,
       userIpAddressLimit: Int,
-      userWhiteList: Set[String] = Set.empty): SessionLimiter = {
+      unlimitedUsers: Set[String] = Set.empty): SessionLimiter = {
     new SessionLimiterWithUnlimitedUsersImpl(
       userLimit,
       ipAddressLimit,
       userIpAddressLimit,
-      userWhiteList)
+      unlimitedUsers)
   }
 
+  def resetUnlimitedUsers(limiter: SessionLimiter, unlimitedUsers: Set[String]): Unit = {
+    limiter match {
+      case l: SessionLimiterWithUnlimitedUsersImpl => l.setUnlimitedUsers(unlimitedUsers)
+      case _ =>
+    }
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index bcbdad2ce..d7cd4840e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -84,6 +84,24 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     assert(200 == response.getStatus)
   }
 
+  test("refresh unlimited users of the kyuubi server") {
+    var response = webTarget.path("api/v1/admin/refresh/unlimited_users")
+      .request()
+      .post(null)
+    assert(405 == response.getStatus)
+
+    val adminUser = Utils.currentUser
+    val encodeAuthorization = new String(
+      Base64.getEncoder.encode(
+        s"$adminUser:".getBytes()),
+      "UTF-8")
+    response = webTarget.path("api/v1/admin/refresh/unlimited_users")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .post(null)
+    assert(200 == response.getStatus)
+  }
+
   test("delete engine - user share level") {
     val id = UUID.randomUUID().toString
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, USER.toString)

From e60855fbcb20979155e0399519a22223a7d2e600 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 18 Feb 2023 14:52:00 +0800
Subject: [PATCH 077/760] [KYUUBI #4364] Add metrics for user opened
 connections with session type

### _Why are the changes needed?_

Add metrics for user opened connections with session type

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4364 from turboFei/user_session_type.

Closes #4364

d9505f256 [fwang12] get

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/monitor/metrics.md                                         | 1 +
 .../main/scala/org/apache/kyuubi/session/KyuubiSession.scala    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/docs/monitor/metrics.md b/docs/monitor/metrics.md
index f128fd1a4..561014c37 100644
--- a/docs/monitor/metrics.md
+++ b/docs/monitor/metrics.md
@@ -49,6 +49,7 @@ These metrics include:
 | `kyuubi.connection.total`                        | `${sessionType}`                       | counter   | 1.7.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> cumulative connection count with session type `${sessionType}`</div>                                                                                                                                                  |
 | `kyuubi.connection.opened`                       |                                        | gauge     | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> current active connection count</div>                                                                                                                                                                                 |
 | `kyuubi.connection.opened`                       | `${user}`                              | counter   | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> current active connections count requested by a `${user}`</div>                                                                                                                                                       |
+| `kyuubi.connection.opened`                       | `${user}`</br>`${sessionType}`         | counter   | 1.7.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> current active connections count requested by a `${user}` with session type `${sessionType}`</div>                                                                                                                    |
 | `kyuubi.connection.opened`                       | `${sessionType}`                       | counter   | 1.7.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> current active connections count with session type `${sessionType}`</div>                                                                                                                                             |
 | `kyuubi.connection.failed`                       |                                        | counter   | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'>  cumulative failed connection count</div>                                                                                                                                                                             |
 | `kyuubi.connection.failed`                       | `${user}`                              | counter   | 1.2.0 | <div style='width: 150pt;word-wrap: break-word;white-space: normal'> cumulative failed connections for a `${user}`</div>                                                                                                                                                                   |
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
index 5b731e273..18597dac9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
@@ -58,11 +58,13 @@ abstract class KyuubiSession(
     ms.incCount(CONN_TOTAL)
     ms.incCount(MetricRegistry.name(CONN_TOTAL, sessionType.toString))
     ms.incCount(MetricRegistry.name(CONN_OPEN, user))
+    ms.incCount(MetricRegistry.name(CONN_OPEN, user, sessionType.toString))
     ms.incCount(MetricRegistry.name(CONN_OPEN, sessionType.toString))
   }
 
   protected def traceMetricsOnClose(): Unit = MetricsSystem.tracing { ms =>
     ms.decCount(MetricRegistry.name(CONN_OPEN, user))
+    ms.decCount(MetricRegistry.name(CONN_OPEN, user, sessionType.toString))
     ms.decCount(MetricRegistry.name(CONN_OPEN, sessionType.toString))
   }
 }

From 4feb83d0f38f0eb3fd39ecf669772ba8d3780e99 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Sat, 18 Feb 2023 22:12:53 +0800
Subject: [PATCH 078/760] [KYUUBI #4359] Workaround for SPARK-41448 to keep
 FileWriterFactory serializable

### _Why are the changes needed?_

[SPARK-41448](https://issues.apache.org/jira/browse/SPARK-41448) make consistent MR job IDs in FileBatchWriter and FileFormatWriter in Apache Spark 3.3.2, but it breaks a serializable issue, JobId is non-serializable.

And this pr aims to rewrite `FileWriterFactory` to circumvent the problem

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4359 from Yikf/FileWriterFactory.

Closes #4359

dd8c90fe [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
1e5164ec [Yikf] Make a serializable jobTrackerId instead of a non-serializable JobID in FileWriterFactory

Lead-authored-by: Yikf <yikaifei@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../hive/write/FileWriterFactory.scala        | 78 +++++++++++++++++++
 .../connector/hive/write/HiveBatchWrite.scala |  9 ++-
 .../connector/hive/write/HiveWrite.scala      |  4 +-
 .../kyuubi/connector/HiveBridgeHelper.scala   |  2 +
 4 files changed, 89 insertions(+), 4 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
new file mode 100644
index 000000000..c8e8f9b69
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.spark.connector.hive.write
+
+import java.util.Date
+
+import org.apache.hadoop.mapred.JobID
+import org.apache.hadoop.mapreduce.{TaskAttemptID, TaskID, TaskType}
+import org.apache.hadoop.mapreduce.task.TaskAttemptContextImpl
+import org.apache.spark.internal.io.FileCommitProtocol
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.connector.write.{DataWriter, DataWriterFactory}
+import org.apache.spark.sql.execution.datasources.{DynamicPartitionDataSingleWriter, SingleDirectoryDataWriter, WriteJobDescription}
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.sparkHadoopWriterUtils
+
+/**
+ * This class is rewritten because of SPARK-42478, which affects Spark 3.3.2
+ */
+case class FileWriterFactory(
+    description: WriteJobDescription,
+    committer: FileCommitProtocol) extends DataWriterFactory {
+
+  private val jobTrackerId = sparkHadoopWriterUtils.createJobTrackerID(new Date)
+
+  override def createWriter(partitionId: Int, realTaskId: Long): DataWriter[InternalRow] = {
+    val taskAttemptContext = createTaskAttemptContext(partitionId)
+    committer.setupTask(taskAttemptContext)
+    if (description.partitionColumns.isEmpty) {
+      new SingleDirectoryDataWriter(description, taskAttemptContext, committer)
+    } else {
+      new DynamicPartitionDataSingleWriter(description, taskAttemptContext, committer)
+    }
+  }
+
+  private def createTaskAttemptContext(partitionId: Int): TaskAttemptContextImpl = {
+    val jobId = createJobID(jobTrackerId, 0)
+    val taskId = new TaskID(jobId, TaskType.MAP, partitionId)
+    val taskAttemptId = new TaskAttemptID(taskId, 0)
+    // Set up the configuration object
+    val hadoopConf = description.serializableHadoopConf.value
+    hadoopConf.set("mapreduce.job.id", jobId.toString)
+    hadoopConf.set("mapreduce.task.id", taskId.toString)
+    hadoopConf.set("mapreduce.task.attempt.id", taskAttemptId.toString)
+    hadoopConf.setBoolean("mapreduce.task.ismap", true)
+    hadoopConf.setInt("mapreduce.task.partition", 0)
+
+    new TaskAttemptContextImpl(hadoopConf, taskAttemptId)
+  }
+
+  /**
+   * Create a job ID.
+   *
+   * @param jobTrackerID unique job track id
+   * @param id job number
+   * @return a job ID
+   */
+  def createJobID(jobTrackerID: String, id: Int): JobID = {
+    if (id < 0) {
+      throw new IllegalArgumentException("Job number is negative")
+    }
+    new JobID(jobTrackerID, id)
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
index c4e473ff2..625d79d0c 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
@@ -23,12 +23,13 @@ import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.Path
 import org.apache.hadoop.hive.conf.HiveConf
 import org.apache.spark.internal.Logging
+import org.apache.spark.internal.io.FileCommitProtocol
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.catalog._
 import org.apache.spark.sql.catalyst.util.CaseInsensitiveMap
 import org.apache.spark.sql.connector.write.{BatchWrite, DataWriterFactory, PhysicalWriteInfo, WriterCommitMessage}
 import org.apache.spark.sql.execution.command.CommandUtils
-import org.apache.spark.sql.execution.datasources.WriteTaskResult
+import org.apache.spark.sql.execution.datasources.{WriteJobDescription, WriteTaskResult}
 import org.apache.spark.sql.execution.datasources.v2.FileBatchWrite
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hive, toSQLValue, HiveExternalCatalog}
 import org.apache.spark.sql.types.StringType
@@ -47,10 +48,12 @@ class HiveBatchWrite(
     ifPartitionNotExists: Boolean,
     hadoopConf: Configuration,
     fileBatchWrite: FileBatchWrite,
-    externalCatalog: ExternalCatalog) extends BatchWrite with Logging {
+    externalCatalog: ExternalCatalog,
+    description: WriteJobDescription,
+    committer: FileCommitProtocol) extends BatchWrite with Logging {
 
   override def createBatchWriterFactory(info: PhysicalWriteInfo): DataWriterFactory = {
-    fileBatchWrite.createBatchWriterFactory(info)
+    FileWriterFactory(description, committer)
   }
 
   override def commit(messages: Array[WriterCommitMessage]): Unit = {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
index 486a7aa22..2d72327b4 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
@@ -112,7 +112,9 @@ case class HiveWrite(
       ifPartitionNotExists,
       hadoopConf,
       new FileBatchWrite(job, description, committer),
-      externalCatalog)
+      externalCatalog,
+      description,
+      committer)
   }
 
   private def createWriteJobDescription(
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
index 88b0305dd..1a11790d8 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
@@ -20,6 +20,7 @@ package org.apache.spark.sql.hive.kyuubi.connector
 import scala.collection.mutable
 
 import org.apache.spark.SparkContext
+import org.apache.spark.internal.io.SparkHadoopWriterUtils
 import org.apache.spark.rdd.InputFileBlockHolder
 import org.apache.spark.sql.catalyst.catalog.{BucketSpec, ExternalCatalogEvent}
 import org.apache.spark.sql.catalyst.expressions.{AttributeReference, Literal}
@@ -43,6 +44,7 @@ object HiveBridgeHelper {
   val hive = org.apache.spark.sql.hive.client.hive
   val logicalExpressions: LogicalExpressions.type = LogicalExpressions
   val hiveClientImpl: HiveClientImpl.type = HiveClientImpl
+  val sparkHadoopWriterUtils: SparkHadoopWriterUtils.type = SparkHadoopWriterUtils
   val catalogV2Util: CatalogV2Util.type = CatalogV2Util
   val hiveTableUtil: HiveTableUtil.type = HiveTableUtil
   val hiveShim: HiveShim.type = HiveShim

From 8cc8052f7653c95f78b1bfc08eee3744698813f8 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sat, 18 Feb 2023 22:34:02 +0800
Subject: [PATCH 079/760] [KYUUBI #4348] [INFRA] Cache engine archives in CI
 jobs for maven download plugin

### _Why are the changes needed?_

- to avoid violation in Apache archives website's daily total download size quote, prevent repeatedly downloading engine archives by manual cache in actions

### _How was this patch tested?_
- [ ] Pass CI jobs and check cached engine archives

Closes #4348 from bowenliang123/cache-downloaded-archives.

Closes #4348

a9deeea4 [liangbowen] apply engine caching to all jobs in master
d253a497 [liangbowen] Merge commit '38eb74c26ebbdbb57aba51ad18c7e4a6bb9e1144' into cache-downloaded-archives
0cf2a759 [liangbowen] remove conditions for action
38eb74c2 [Bowen Liang] Merge branch 'master' into cache-downloaded-archives
105d507e [liangbowen] remove
c6542797 [liangbowen] extract `cache-engine-archives` action and cache engine archives

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../actions/cache-engine-archives/action.yaml | 27 +++++++++++++++++++
 .github/workflows/master.yml                  | 22 ++++++++++++++-
 externals/kyuubi-download/pom.xml             |  1 +
 pom.xml                                       |  1 +
 4 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 .github/actions/cache-engine-archives/action.yaml

diff --git a/.github/actions/cache-engine-archives/action.yaml b/.github/actions/cache-engine-archives/action.yaml
new file mode 100644
index 000000000..86a9ccafb
--- /dev/null
+++ b/.github/actions/cache-engine-archives/action.yaml
@@ -0,0 +1,27 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: cache-engine-archives
+description: 'Cache download engine archives from Apache Archives website used by Maven download plugin'
+runs:
+  using: composite
+  steps:
+    - name: Cache Engine Archives
+      uses: actions/cache@v3
+      with:
+        path: /tmp/engine-archives
+        key: engine-archives
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 26d231297..b0ab493a4 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -32,7 +32,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  MVN_OPT: -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Pjdbc-shaded
+  MVN_OPT: -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Pjdbc-shaded -Dmaven.plugin.download.cache.path=/tmp/engine-archives
   KUBERNETES_VERSION: v1.26.1
   MINIKUBE_VERSION: v1.29.0
 
@@ -77,6 +77,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Setup Python
         uses: actions/setup-python@v4
         with:
@@ -129,6 +131,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Build and test Kyuubi AuthZ with supported Spark versions
         run: |
           TEST_MODULES="extensions/spark/kyuubi-spark-authz"
@@ -178,6 +182,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Build Flink with maven w/o linters
         run: |
           TEST_MODULES="externals/kyuubi-flink-sql-engine,integration-tests/kyuubi-flink-it"
@@ -222,6 +228,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Build and test Hive with maven w/o linters
         run: |
           TEST_MODULES="externals/kyuubi-hive-sql-engine,integration-tests/kyuubi-hive-it"
@@ -257,6 +265,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Build and test JDBC with maven w/o linters
         run: |
           TEST_MODULES="externals/kyuubi-jdbc-engine,integration-tests/kyuubi-jdbc-it"
@@ -292,6 +302,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Build and test Trino with maven w/o linters
         run: |
           TEST_MODULES="kyuubi-server,externals/kyuubi-trino-engine,externals/kyuubi-spark-sql-engine,externals/kyuubi-download,integration-tests/kyuubi-trino-it"
@@ -322,6 +334,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Run TPC-DS Tests
         run: |
           TEST_MODULES="kyuubi-server,extensions/spark/kyuubi-spark-connector-tpcds,extensions/spark/kyuubi-spark-connector-tpch"
@@ -350,6 +364,8 @@ jobs:
           file: build/Dockerfile
           load: true
           tags: apache/kyuubi:latest
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Setup Minikube
         run: |
           # https://minikube.sigs.k8s.io/docs/start/
@@ -399,6 +415,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Setup Minikube
         run: |
           # https://minikube.sigs.k8s.io/docs/start/
@@ -454,6 +472,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: zookeeper integration tests
         run: |
           export KYUUBI_IT_ZOOKEEPER_VERSION=${{ matrix.zookeeper }}
diff --git a/externals/kyuubi-download/pom.xml b/externals/kyuubi-download/pom.xml
index ce9ba2014..d7f0c6013 100644
--- a/externals/kyuubi-download/pom.xml
+++ b/externals/kyuubi-download/pom.xml
@@ -36,6 +36,7 @@
                 <groupId>com.googlecode.maven-download-plugin</groupId>
                 <artifactId>download-maven-plugin</artifactId>
                 <configuration>
+                    <cacheDirectory>${maven.plugin.download.cache.path}</cacheDirectory>
                     <outputDirectory>${project.build.directory}</outputDirectory>
                     <readTimeOut>60000</readTimeOut>
                     <retries>3</retries>
diff --git a/pom.xml b/pom.xml
index fab9fd2fb..2df40a658 100644
--- a/pom.xml
+++ b/pom.xml
@@ -213,6 +213,7 @@
 
         <maven.plugin.build.helper.version>3.3.0</maven.plugin.build.helper.version>
         <maven.plugin.download.version>1.6.8</maven.plugin.download.version>
+        <maven.plugin.download.cache.path></maven.plugin.download.cache.path>
         <maven.plugin.enforcer.mojo.rules.version>1.6.1</maven.plugin.enforcer.mojo.rules.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
         <maven.plugin.surefire.version>3.0.0-M8</maven.plugin.surefire.version>

From e647cc910ceb612d1097ec9734dcc49f7a4ac8ec Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 18 Feb 2023 22:38:33 +0800
Subject: [PATCH 080/760] [KYUUBI #4119][FOLLOWUP] Add app start time for batch
 api docs

### _Why are the changes needed?_

#4119 follow up

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4365 from turboFei/app_start.

Closes #4119

3cf7e7a7 [fwang12] add app start time

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/rest/rest_api.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index f863404a6..02a914277 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -493,6 +493,7 @@ The [Engine](#engine) List.
 | user           | The user created the batch                                        | String |
 | batchType      | The batch type                                                    | String |
 | name           | The batch name                                                    | String |
+| appStartTime   | The batch application start time                                  | Long   |
 | appId          | The batch application Id                                          | String |
 | appUrl         | The batch application tracking url                                | String |
 | appState       | The batch application state                                       | String |

From 9aebeb8e777f88bf5358a87c9e941547d4db1cc6 Mon Sep 17 00:00:00 2001
From: Luning Wang <wang4luning@gmail.com>
Date: Sun, 19 Feb 2023 00:06:57 +0800
Subject: [PATCH 081/760] [KYUUBI #4338] Bump Spark from 3.3.1 to 3.3.2

### _Why are the changes needed?_

close #4338 .

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4339 from a49a/bump-spark332.

Closes #4338

6c741d82 [Luning Wang] [KYUUBI #4338] Bump Spark from 3.3.1 to 3.3.2

Authored-by: Luning Wang <wang4luning@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docker/playground/.env                                          | 2 +-
 docs/quick_start/quick_start.rst                                | 2 +-
 .../test/deployment/KyuubiOnKubernetesTestsSuite.scala          | 2 +-
 pom.xml                                                         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/playground/.env b/docker/playground/.env
index d50e964cf..abd897192 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -24,7 +24,7 @@ KYUUBI_HADOOP_VERSION=3.3.4
 POSTGRES_VERSION=12
 POSTGRES_JDBC_VERSION=42.3.4
 SCALA_BINARY_VERSION=2.12
-SPARK_VERSION=3.3.1
+SPARK_VERSION=3.3.2
 SPARK_BINARY_VERSION=3.3
 SPARK_HADOOP_VERSION=3.3.2
 ZOOKEEPER_VERSION=3.6.3
diff --git a/docs/quick_start/quick_start.rst b/docs/quick_start/quick_start.rst
index ca73fba35..db564edb9 100644
--- a/docs/quick_start/quick_start.rst
+++ b/docs/quick_start/quick_start.rst
@@ -143,7 +143,7 @@ To install Spark, you need to unpack the tarball. For example,
 
 .. code-block::
 
-   $ tar zxf spark-3.3.1-bin-hadoop3.tgz
+   $ tar zxf spark-3.3.2-bin-hadoop3.tgz
 
 Configuration
 ~~~~~~~~~~~~~
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
index c8894679d..6cf8dfcc8 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
@@ -54,7 +54,7 @@ class KyuubiOnKubernetesWithSparkTestsBase extends WithKyuubiServerOnKubernetes
     super.connectionConf ++
       Map(
         "spark.master" -> s"k8s://$miniKubeApiMaster",
-        "spark.kubernetes.container.image" -> "apache/spark:3.3.1",
+        "spark.kubernetes.container.image" -> "apache/spark:3.3.2",
         "spark.executor.memory" -> "512M",
         "spark.driver.memory" -> "1024M",
         "spark.kubernetes.driver.request.cores" -> "250m",
diff --git a/pom.xml b/pom.xml
index 2df40a658..a774acbb2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -188,7 +188,7 @@
           DO NOT forget to change the following properties when change the minor version of Spark:
           `delta.version`, `maven.plugin.scalatest.exclude.tags`
           -->
-        <spark.version>3.3.1</spark.version>
+        <spark.version>3.3.2</spark.version>
         <spark.binary.version>3.3</spark.binary.version>
         <spark.archive.name>spark-${spark.version}-bin-hadoop3.tgz</spark.archive.name>
         <spark.archive.mirror>${apache.archive.dist}/spark/spark-${spark.version}</spark.archive.mirror>

From cb23a7d9aa861e3fcb69af8f8e31db7cd8a1488a Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Sun, 19 Feb 2023 00:34:22 +0800
Subject: [PATCH 082/760] [KYUUBI #4362] Add `_configurations` in kerberos.rst

### _Why are the changes needed?_

Add `_configurations` in kerberos.rst

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4362 from Yikf/kerberos-doc-config.

Closes #4362

d8f197642 [Yikf] Add _configurations in kerberos.rst

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/security/kerberos.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/security/kerberos.rst b/docs/security/kerberos.rst
index 8c871ce67..2505fa30d 100644
--- a/docs/security/kerberos.rst
+++ b/docs/security/kerberos.rst
@@ -115,4 +115,5 @@ Refresh all the kyuubi server instances
 Restart all the kyuubi server instances or `Refresh Configurations`_ to activate the settings.
 
 .. _Hadoop Impersonation: https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/Superusers.html
+.. _configurations: ../client/advanced/kerberos.html
 .. _Refresh Configurations: ../tools/kyuubi-admin.html#refresh-config

From 8fc7adee970bb81c4f449c5bf8a1be886a511ab3 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sun, 19 Feb 2023 01:02:00 +0800
Subject: [PATCH 083/760] [KYUUBI #4360][FOLLOWUP] Get valid unlimited users
 from existing limiters instead of conf

### _Why are the changes needed?_

It is more accurate to get the unlimited users from existing limiters.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4363 from turboFei/refresh_unlimit.

Closes #4360

a880b413 [fwang12] refactor
6da9f9bd [fwang12] get

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/server/KyuubiServer.scala | 10 ++++------
 .../apache/kyuubi/session/KyuubiSessionManager.scala  | 11 ++++++++---
 .../org/apache/kyuubi/session/SessionLimiter.scala    |  6 +++++-
 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index df163bd1e..a27e18bbf 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -131,12 +131,10 @@ object KyuubiServer extends Logging {
   }
 
   private[kyuubi] def refreshUnlimitedUsers(): Unit = synchronized {
-    val existingUnlimitedUsers =
-      kyuubiServer.conf.get(KyuubiConf.SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).toSet
-    val refreshedUnlimitedUsers = KyuubiConf().loadFileDefaults().get(
-      KyuubiConf.SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).toSet
-    kyuubiServer.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
-      .refreshUnlimitedUsers(refreshedUnlimitedUsers)
+    val sessionMgr = kyuubiServer.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
+    val existingUnlimitedUsers = sessionMgr.getUnlimitedUsers()
+    sessionMgr.refreshUnlimitedUsers(KyuubiConf().loadFileDefaults())
+    val refreshedUnlimitedUsers = sessionMgr.getUnlimitedUsers()
     info(s"Refreshed unlimited users from $existingUnlimitedUsers to $refreshedUnlimitedUsers")
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 038c02564..73248cd56 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -300,9 +300,14 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       userUnlimitedList)
   }
 
-  private[kyuubi] def refreshUnlimitedUsers(userUnlimitedList: Set[String]): Unit = {
-    limiter.foreach(SessionLimiter.resetUnlimitedUsers(_, userUnlimitedList))
-    batchLimiter.foreach(SessionLimiter.resetUnlimitedUsers(_, userUnlimitedList))
+  private[kyuubi] def getUnlimitedUsers(): Set[String] = {
+    limiter.orElse(batchLimiter).map(SessionLimiter.getUnlimitedUsers).getOrElse(Set.empty)
+  }
+
+  private[kyuubi] def refreshUnlimitedUsers(conf: KyuubiConf): Unit = {
+    val unlimitedUsers = conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).toSet
+    limiter.foreach(SessionLimiter.resetUnlimitedUsers(_, unlimitedUsers))
+    batchLimiter.foreach(SessionLimiter.resetUnlimitedUsers(_, unlimitedUsers))
   }
 
   private def applySessionLimiter(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
index 6cf739c39..96ca36df1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
@@ -138,10 +138,14 @@ object SessionLimiter {
       unlimitedUsers)
   }
 
-  def resetUnlimitedUsers(limiter: SessionLimiter, unlimitedUsers: Set[String]): Unit = {
+  def resetUnlimitedUsers(limiter: SessionLimiter, unlimitedUsers: Set[String]): Unit =
     limiter match {
       case l: SessionLimiterWithUnlimitedUsersImpl => l.setUnlimitedUsers(unlimitedUsers)
       case _ =>
     }
+
+  def getUnlimitedUsers(limiter: SessionLimiter): Set[String] = limiter match {
+    case l: SessionLimiterWithUnlimitedUsersImpl => l.unlimitedUsers
+    case _ => Set.empty
   }
 }

From 6bd0016fe271d0e5abfcd558e9204cfdc8641978 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Sun, 19 Feb 2023 01:10:04 +0800
Subject: [PATCH 084/760] [KYUUBI #4326] [ARROW] Fix Spark session timezone
 format in arrow-based result format

### _Why are the changes needed?_

1. this PR introduces a new configuration called `kyuubi.operation.result.arrow.timestampAsString`, when true, arrow-based rowsets will convert timestamp-type columns to strings for transmission.

2. `kyuubi.operation.result.arrow.timestampAsString` default setting to false for better transmission performance

3. the PR fixes timezone issue in arrow based result format described in #3958

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4326 from cfmcgrady/arrow-string-ts.

Closes #4326

38c7fc9b [Fu Chen] fix style
d864db00 [Fu Chen] address comment
b714b3ee [Fu Chen] revert externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
6c4eb507 [Fu Chen] minor
289b6007 [Fu Chen] timstampAsString = false by default
78b7caba [Fu Chen] fix
f5601356 [Fu Chen] debug info
b8e4b288 [Fu Chen] fix ut
87c6f9ef [Fu Chen] update docs
86f6cb73 [Fu Chen] arrow based rowset timestamp as string

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   | 33 +++++------
 .../spark/operation/ExecuteStatement.scala    | 13 ++---
 .../spark/operation/SparkOperation.scala      |  8 ++-
 .../spark/sql/kyuubi/SparkDatasetHelper.scala | 13 +++--
 .../SparkArrowbasedOperationSuite.scala       | 56 ++++++++++++++++++-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  8 +++
 .../jdbc/hive/JdbcColumnAttributes.java       |  2 +-
 .../jdbc/hive/KyuubiArrowBasedResultSet.java  | 14 ++++-
 .../jdbc/hive/KyuubiArrowQueryResultSet.java  | 54 ++++++++++--------
 .../kyuubi/jdbc/hive/KyuubiStatement.java     | 16 +++++-
 .../hive/arrow/ArrowColumnarBatchRow.java     | 20 ++++---
 11 files changed, 167 insertions(+), 70 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 8d0e32436..1e0567860 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -429,22 +429,23 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Operation
 
-|                   Key                   |                                     Default                                     |                                                                                                                                                                                                                                                 Meaning                                                                                                                                                                                                                                                  |   Type   | Since |
-|-----------------------------------------|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.operation.idle.timeout           | PT3H                                                                            | Operation will be closed when it's not accessed for this duration of time                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.0.0 |
-| kyuubi.operation.interrupt.on.cancel    | true                                                                            | When true, all running tasks will be interrupted if one cancels a query. When false, all running tasks will remain until finished.                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.2.0 |
-| kyuubi.operation.language               | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
-| kyuubi.operation.log.dir.root           | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
-| kyuubi.operation.plan.only.excludes     | ResetCommand,SetCommand,SetNamespaceCommand,UseStatement,SetCatalogAndNamespace | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | seq      | 1.5.0 |
-| kyuubi.operation.plan.only.mode         | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
-| kyuubi.operation.plan.only.output.style | plain                                                                           | Configures the planOnly output style. The value can be 'plain' or 'json', and the default value is 'plain'. This configuration supports only the output styles of the Spark engine                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
-| kyuubi.operation.progress.enabled       | false                                                                           | Whether to enable the operation progress. When true, the operation progress will be returned in `GetOperationStatus`.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
-| kyuubi.operation.query.timeout          | &lt;undefined&gt;                                                               | Timeout for query executions at server-side, take effect with client-side timeout(`java.sql.Statement.setQueryTimeout`) together, a running query will be cancelled automatically if timeout. It's off by default, which means only client-side take full control of whether the query should timeout or not. If set, client-side timeout is capped at this point. To cancel the queries right away without waiting for task to finish, consider enabling kyuubi.operation.interrupt.on.cancel together. | duration | 1.2.0 |
-| kyuubi.operation.result.format          | thrift                                                                          | Specify the result format, available configs are: <ul> <li>THRIFT: the result will convert to TRow at the engine driver side. </li> <li>ARROW: the result will be encoded as Arrow at the executor side before collecting by the driver, and deserialized at the client side. note that it only takes effect for kyuubi-hive-jdbc clients now.</li></ul>                                                                                                                                                 | string   | 1.7.0 |
-| kyuubi.operation.result.max.rows        | 0                                                                               | Max rows of Spark query results. Rows exceeding the limit would be ignored. By setting this value to 0 to disable the max rows limit.                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.6.0 |
-| kyuubi.operation.scheduler.pool         | &lt;undefined&gt;                                                               | The scheduler pool of job. Note that, this config should be used after changing Spark config spark.scheduler.mode=FAIR.                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.1.1 |
-| kyuubi.operation.spark.listener.enabled | true                                                                            | When set to true, Spark engine registers an SQLOperationListener before executing the statement, logging a few summary statistics when each stage completes.                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.6.0 |
-| kyuubi.operation.status.polling.timeout | PT5S                                                                            | Timeout(ms) for long polling asynchronous running sql query's status                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.0.0 |
+|                       Key                       |                                     Default                                     |                                                                                                                                                                                                                                                 Meaning                                                                                                                                                                                                                                                  |   Type   | Since |
+|-------------------------------------------------|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.operation.idle.timeout                   | PT3H                                                                            | Operation will be closed when it's not accessed for this duration of time                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.0.0 |
+| kyuubi.operation.interrupt.on.cancel            | true                                                                            | When true, all running tasks will be interrupted if one cancels a query. When false, all running tasks will remain until finished.                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.2.0 |
+| kyuubi.operation.language                       | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
+| kyuubi.operation.log.dir.root                   | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
+| kyuubi.operation.plan.only.excludes             | ResetCommand,SetCommand,SetNamespaceCommand,UseStatement,SetCatalogAndNamespace | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | seq      | 1.5.0 |
+| kyuubi.operation.plan.only.mode                 | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
+| kyuubi.operation.plan.only.output.style         | plain                                                                           | Configures the planOnly output style. The value can be 'plain' or 'json', and the default value is 'plain'. This configuration supports only the output styles of the Spark engine                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
+| kyuubi.operation.progress.enabled               | false                                                                           | Whether to enable the operation progress. When true, the operation progress will be returned in `GetOperationStatus`.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
+| kyuubi.operation.query.timeout                  | &lt;undefined&gt;                                                               | Timeout for query executions at server-side, take effect with client-side timeout(`java.sql.Statement.setQueryTimeout`) together, a running query will be cancelled automatically if timeout. It's off by default, which means only client-side take full control of whether the query should timeout or not. If set, client-side timeout is capped at this point. To cancel the queries right away without waiting for task to finish, consider enabling kyuubi.operation.interrupt.on.cancel together. | duration | 1.2.0 |
+| kyuubi.operation.result.arrow.timestampAsString | false                                                                           | When true, arrow-based rowsets will convert columns of type timestamp to strings for transmission.                                                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.7.0 |
+| kyuubi.operation.result.format                  | thrift                                                                          | Specify the result format, available configs are: <ul> <li>THRIFT: the result will convert to TRow at the engine driver side. </li> <li>ARROW: the result will be encoded as Arrow at the executor side before collecting by the driver, and deserialized at the client side. note that it only takes effect for kyuubi-hive-jdbc clients now.</li></ul>                                                                                                                                                 | string   | 1.7.0 |
+| kyuubi.operation.result.max.rows                | 0                                                                               | Max rows of Spark query results. Rows exceeding the limit would be ignored. By setting this value to 0 to disable the max rows limit.                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.6.0 |
+| kyuubi.operation.scheduler.pool                 | &lt;undefined&gt;                                                               | The scheduler pool of job. Note that, this config should be used after changing Spark config spark.scheduler.mode=FAIR.                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.1.1 |
+| kyuubi.operation.spark.listener.enabled         | true                                                                            | When set to true, Spark engine registers an SQLOperationListener before executing the statement, logging a few summary statistics when each stage completes.                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.6.0 |
+| kyuubi.operation.status.polling.timeout         | PT5S                                                                            | Timeout(ms) for long polling asynchronous running sql query's status                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.0.0 |
 
 ### Server
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index fac90f7ea..2b90525c1 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -162,17 +162,12 @@ class ExecuteStatement(
     }
   }
 
-  // TODO:(fchen) make this configurable
-  val kyuubiBeelineConvertToString = true
-
   def convertComplexType(df: DataFrame): DataFrame = {
-    if (kyuubiBeelineConvertToString) {
-      SparkDatasetHelper.convertTopLevelComplexTypeToHiveString(df)
-    } else {
-      df
-    }
+    SparkDatasetHelper.convertTopLevelComplexTypeToHiveString(df, timestampAsString)
   }
 
   override def getResultSetMetadataHints(): Seq[String] =
-    Seq(s"__kyuubi_operation_result_format__=$resultFormat")
+    Seq(
+      s"__kyuubi_operation_result_format__=$resultFormat",
+      s"__kyuubi_operation_result_arrow_timestampAsString__=$timestampAsString")
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index 06884534d..a6a7fc896 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -24,7 +24,7 @@ import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TProgressU
 import org.apache.spark.kyuubi.{SparkProgressMonitor, SQLOperationListener}
 import org.apache.spark.kyuubi.SparkUtilsHelper.redact
 import org.apache.spark.sql.{DataFrame, Row, SparkSession}
-import org.apache.spark.sql.internal.SQLConf
+import org.apache.spark.sql.execution.SQLExecution
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
@@ -136,7 +136,7 @@ abstract class SparkOperation(session: Session)
     spark.sparkContext.setLocalProperty
 
   protected def withLocalProperties[T](f: => T): T = {
-    SQLConf.withExistingConf(spark.sessionState.conf) {
+    SQLExecution.withSQLConfPropagated(spark) {
       val originalSession = SparkSession.getActiveSession
       try {
         SparkSession.setActiveSession(spark)
@@ -279,6 +279,10 @@ abstract class SparkOperation(session: Session)
     spark.conf.get("kyuubi.operation.result.format", "thrift")
   }
 
+  protected def timestampAsString: Boolean = {
+    spark.conf.get("kyuubi.operation.result.arrow.timestampAsString", "false").toBoolean
+  }
+
   protected def setSessionUserSign(): Unit = {
     (
       session.conf.get(KYUUBI_SESSION_SIGN_PUBLICKEY),
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 46c3bce4d..1a5429373 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -17,8 +17,6 @@
 
 package org.apache.spark.sql.kyuubi
 
-import java.time.ZoneId
-
 import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.{DataFrame, Dataset, Row}
 import org.apache.spark.sql.functions._
@@ -31,12 +29,13 @@ object SparkDatasetHelper {
     ds.toArrowBatchRdd
   }
 
-  def convertTopLevelComplexTypeToHiveString(df: DataFrame): DataFrame = {
-    val timeZone = ZoneId.of(df.sparkSession.sessionState.conf.sessionLocalTimeZone)
+  def convertTopLevelComplexTypeToHiveString(
+      df: DataFrame,
+      timestampAsString: Boolean): DataFrame = {
 
     val quotedCol = (name: String) => col(quoteIfNeeded(name))
 
-    // an udf to call `RowSet.toHiveString` on complex types(struct/array/map).
+    // an udf to call `RowSet.toHiveString` on complex types(struct/array/map) and timestamp type.
     val toHiveStringUDF = udf[String, Row, String]((row, schemaDDL) => {
       val dt = DataType.fromDDL(schemaDDL)
       dt match {
@@ -46,6 +45,8 @@ object SparkDatasetHelper {
           RowSet.toHiveString((row.toSeq.head, at), nested = true)
         case StructType(Array(StructField(_, mt: MapType, _, _))) =>
           RowSet.toHiveString((row.toSeq.head, mt), nested = true)
+        case StructType(Array(StructField(_, tt: TimestampType, _, _))) =>
+          RowSet.toHiveString((row.toSeq.head, tt), nested = true)
         case _ =>
           throw new UnsupportedOperationException
       }
@@ -56,6 +57,8 @@ object SparkDatasetHelper {
         toHiveStringUDF(quotedCol(name), lit(sf.toDDL)).as(name)
       case sf @ StructField(name, _: MapType | _: ArrayType, _, _) =>
         toHiveStringUDF(struct(quotedCol(name)), lit(sf.toDDL)).as(name)
+      case sf @ StructField(name, _: TimestampType, _, _) if timestampAsString =>
+        toHiveStringUDF(struct(quotedCol(name)), lit(sf.toDDL)).as(name)
       case StructField(name, _, _, _) => quotedCol(name)
     }
     df.select(cols: _*)
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index e46456914..60cc52891 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -35,6 +35,13 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
 
   override def resultFormat: String = "arrow"
 
+  override def beforeEach(): Unit = {
+    super.beforeEach()
+    withJdbcStatement() { statement =>
+      checkResultSetFormat(statement, "arrow")
+    }
+  }
+
   test("detect resultSet format") {
     withJdbcStatement() { statement =>
       checkResultSetFormat(statement, "arrow")
@@ -43,7 +50,42 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     }
   }
 
-  def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
+  test("Spark session timezone format") {
+    withJdbcStatement() { statement =>
+      def check(expect: String): Unit = {
+        val query =
+          """
+            |SELECT
+            |  from_utc_timestamp(
+            |    from_unixtime(
+            |      1670404535000 / 1000, 'yyyy-MM-dd HH:mm:ss'
+            |    ),
+            |    'GMT+08:00'
+            |  )
+            |""".stripMargin
+        val resultSet = statement.executeQuery(query)
+        assert(resultSet.next())
+        assert(resultSet.getString(1) == expect)
+      }
+
+      def setTimeZone(timeZone: String): Unit = {
+        val rs = statement.executeQuery(s"set spark.sql.session.timeZone=$timeZone")
+        assert(rs.next())
+      }
+
+      Seq("true", "false").foreach { timestampAsString =>
+        statement.executeQuery(
+          s"set ${KyuubiConf.ARROW_BASED_ROWSET_TIMESTAMP_AS_STRING.key}=$timestampAsString")
+        checkArrowBasedRowSetTimestampAsString(statement, timestampAsString)
+        setTimeZone("UTC")
+        check("2022-12-07 17:15:35.0")
+        setTimeZone("GMT+8")
+        check("2022-12-08 01:15:35.0")
+      }
+    }
+  }
+
+  private def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
     val query =
       s"""
          |SELECT '$${hivevar:${KyuubiConf.OPERATION_RESULT_FORMAT.key}}' AS col
@@ -52,4 +94,16 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     assert(resultSet.next())
     assert(resultSet.getString("col") === expectFormat)
   }
+
+  private def checkArrowBasedRowSetTimestampAsString(
+      statement: Statement,
+      expect: String): Unit = {
+    val query =
+      s"""
+         |SELECT '$${hivevar:${KyuubiConf.ARROW_BASED_ROWSET_TIMESTAMP_AS_STRING.key}}' AS col
+         |""".stripMargin
+    val resultSet = statement.executeQuery(query)
+    assert(resultSet.next())
+    assert(resultSet.getString("col") === expect)
+  }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 14a05e749..05b6a056f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1676,6 +1676,14 @@ object KyuubiConf {
       .transform(_.toLowerCase(Locale.ROOT))
       .createWithDefault("thrift")
 
+  val ARROW_BASED_ROWSET_TIMESTAMP_AS_STRING: ConfigEntry[Boolean] =
+    buildConf("kyuubi.operation.result.arrow.timestampAsString")
+      .doc("When true, arrow-based rowsets will convert columns of type timestamp to strings for" +
+        " transmission.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(false)
+
   val SERVER_OPERATION_LOG_DIR_ROOT: ConfigEntry[String] =
     buildConf("kyuubi.operation.log.dir.root")
       .doc("Root directory for query operation log at server-side.")
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcColumnAttributes.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcColumnAttributes.java
index 06fb39899..b0257cfff 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcColumnAttributes.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcColumnAttributes.java
@@ -20,7 +20,7 @@
 public class JdbcColumnAttributes {
   public int precision = 0;
   public int scale = 0;
-  public String timeZone = "";
+  public String timeZone = null;
 
   public JdbcColumnAttributes() {}
 
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowBasedResultSet.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowBasedResultSet.java
index c3e75c0ea..ef5008503 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowBasedResultSet.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowBasedResultSet.java
@@ -50,6 +50,7 @@ public abstract class KyuubiArrowBasedResultSet implements SQLResultSet {
   protected Schema arrowSchema;
   protected VectorSchemaRoot root;
   protected ArrowColumnarBatchRow row;
+  protected boolean timestampAsString = true;
 
   protected BufferAllocator allocator;
 
@@ -312,11 +313,18 @@ private Object getColumnValue(int columnIndex) throws SQLException {
       if (wasNull) {
         return null;
       } else {
-        return row.get(columnIndex - 1, columnType);
+        JdbcColumnAttributes attributes = columnAttributes.get(columnIndex - 1);
+        return row.get(
+            columnIndex - 1,
+            columnType,
+            attributes == null ? null : attributes.timeZone,
+            timestampAsString);
       }
     } catch (Exception e) {
-      e.printStackTrace();
-      throw new KyuubiSQLException("Unrecognized column type:", e);
+      throw new KyuubiSQLException(
+          String.format(
+              "Error getting row of type %s at column index %d", columnType, columnIndex - 1),
+          e);
     }
   }
 
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java
index 1f2af29dc..fda70f463 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java
@@ -58,9 +58,6 @@ public class KyuubiArrowQueryResultSet extends KyuubiArrowBasedResultSet {
   private boolean isScrollable = false;
   private boolean fetchFirst = false;
 
-  // TODO:(fchen) make this configurable
-  protected boolean convertComplexTypeToString = true;
-
   private final TProtocolVersion protocol;
 
   public static class Builder {
@@ -87,6 +84,8 @@ public static class Builder {
     private boolean isScrollable = false;
     private ReentrantLock transportLock = null;
 
+    private boolean timestampAsString = true;
+
     public Builder(Statement statement) throws SQLException {
       this.statement = statement;
       this.connection = statement.getConnection();
@@ -153,6 +152,11 @@ public Builder setScrollable(boolean setScrollable) {
       return this;
     }
 
+    public Builder setTimestampAsString(boolean timestampAsString) {
+      this.timestampAsString = timestampAsString;
+      return this;
+    }
+
     public Builder setTransportLock(ReentrantLock transportLock) {
       this.transportLock = transportLock;
       return this;
@@ -189,10 +193,10 @@ protected KyuubiArrowQueryResultSet(Builder builder) throws SQLException {
       this.maxRows = builder.maxRows;
     }
     this.isScrollable = builder.isScrollable;
+    this.timestampAsString = builder.timestampAsString;
     this.protocol = builder.getProtocolVersion();
     arrowSchema =
-        ArrowUtils.toArrowSchema(
-            columnNames, convertComplexTypeToStringType(columnTypes), columnAttributes);
+        ArrowUtils.toArrowSchema(columnNames, convertToStringType(columnTypes), columnAttributes);
     if (allocator == null) {
       initArrowSchemaAndAllocator();
     }
@@ -271,8 +275,7 @@ private void retrieveSchema() throws SQLException {
         columnAttributes.add(getColumnAttributes(primitiveTypeEntry));
       }
       arrowSchema =
-          ArrowUtils.toArrowSchema(
-              columnNames, convertComplexTypeToStringType(columnTypes), columnAttributes);
+          ArrowUtils.toArrowSchema(columnNames, convertToStringType(columnTypes), columnAttributes);
     } catch (SQLException eS) {
       throw eS; // rethrow the SQLException as is
     } catch (Exception ex) {
@@ -480,22 +483,25 @@ public boolean isClosed() {
     return isClosed;
   }
 
-  private List<TTypeId> convertComplexTypeToStringType(List<TTypeId> colTypes) {
-    if (convertComplexTypeToString) {
-      return colTypes.stream()
-          .map(
-              type -> {
-                if (type == TTypeId.ARRAY_TYPE
-                    || type == TTypeId.MAP_TYPE
-                    || type == TTypeId.STRUCT_TYPE) {
-                  return TTypeId.STRING_TYPE;
-                } else {
-                  return type;
-                }
-              })
-          .collect(Collectors.toList());
-    } else {
-      return colTypes;
-    }
+  /**
+   * 1. the complex types (map/array/struct) are always converted to string type to transport 2. if
+   * the user set `timestampAsString = true`, then the timestamp type will be converted to string
+   * type too.
+   */
+  private List<TTypeId> convertToStringType(List<TTypeId> colTypes) {
+    return colTypes.stream()
+        .map(
+            type -> {
+              if ((type == TTypeId.ARRAY_TYPE
+                      || type == TTypeId.MAP_TYPE
+                      || type == TTypeId.STRUCT_TYPE) // complex type (map/array/struct)
+                  // timestamp type
+                  || (type == TTypeId.TIMESTAMP_TYPE && timestampAsString)) {
+                return TTypeId.STRING_TYPE;
+              } else {
+                return type;
+              }
+            })
+        .collect(Collectors.toList());
   }
 }
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
index ab7c06a55..b452ca6aa 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
@@ -37,6 +37,7 @@ public class KyuubiStatement implements SQLStatement, KyuubiLoggable {
   public static final Logger LOG = LoggerFactory.getLogger(KyuubiStatement.class.getName());
   public static final int DEFAULT_FETCH_SIZE = 1000;
   public static final String DEFAULT_RESULT_FORMAT = "thrift";
+  public static final String DEFAULT_ARROW_TIMESTAMP_AS_STRING = "false";
   private final KyuubiConnection connection;
   private TCLIService.Iface client;
   private TOperationHandle stmtHandle = null;
@@ -45,7 +46,8 @@ public class KyuubiStatement implements SQLStatement, KyuubiLoggable {
   private int fetchSize = DEFAULT_FETCH_SIZE;
   private boolean isScrollableResultset = false;
   private boolean isOperationComplete = false;
-  private Map<String, String> properties = new HashMap<>();
+
+  private Map<String, String> properties = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
   /**
    * We need to keep a reference to the result set to support the following: <code>
    * statement.execute(String sql);
@@ -213,6 +215,11 @@ private boolean executeWithConfOverlay(String sql, Map<String, String> confOverl
     LOG.info("kyuubi.operation.result.format: " + resultFormat);
     switch (resultFormat) {
       case "arrow":
+        boolean timestampAsString =
+            Boolean.parseBoolean(
+                properties.getOrDefault(
+                    "__kyuubi_operation_result_arrow_timestampAsString__",
+                    DEFAULT_ARROW_TIMESTAMP_AS_STRING));
         resultSet =
             new KyuubiArrowQueryResultSet.Builder(this)
                 .setClient(client)
@@ -222,6 +229,7 @@ private boolean executeWithConfOverlay(String sql, Map<String, String> confOverl
                 .setFetchSize(fetchSize)
                 .setScrollable(isScrollableResultset)
                 .setSchema(columnNames, columnTypes, columnAttributes)
+                .setTimestampAsString(timestampAsString)
                 .build();
         break;
       default:
@@ -270,6 +278,11 @@ public boolean executeAsync(String sql) throws SQLException {
     LOG.info("kyuubi.operation.result.format: " + resultFormat);
     switch (resultFormat) {
       case "arrow":
+        boolean timestampAsString =
+            Boolean.parseBoolean(
+                properties.getOrDefault(
+                    "__kyuubi_operation_result_arrow_timestampAsString__",
+                    DEFAULT_ARROW_TIMESTAMP_AS_STRING));
         resultSet =
             new KyuubiArrowQueryResultSet.Builder(this)
                 .setClient(client)
@@ -279,6 +292,7 @@ public boolean executeAsync(String sql) throws SQLException {
                 .setFetchSize(fetchSize)
                 .setScrollable(isScrollableResultset)
                 .setSchema(columnNames, columnTypes, columnAttributes)
+                .setTimestampAsString(timestampAsString)
                 .build();
         break;
       default:
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java
index fa914ce5d..373867069 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/arrow/ArrowColumnarBatchRow.java
@@ -19,6 +19,8 @@
 
 import java.math.BigDecimal;
 import java.sql.Timestamp;
+import java.time.LocalDateTime;
+import org.apache.arrow.vector.util.DateUtility;
 import org.apache.hive.service.rpc.thrift.TTypeId;
 import org.apache.kyuubi.jdbc.hive.common.DateUtils;
 import org.apache.kyuubi.jdbc.hive.common.HiveIntervalDayTime;
@@ -104,7 +106,7 @@ public Object getMap(int ordinal) {
     throw new UnsupportedOperationException();
   }
 
-  public Object get(int ordinal, TTypeId dataType) {
+  public Object get(int ordinal, TTypeId dataType, String timeZone, boolean timestampAsString) {
     long seconds;
     long milliseconds;
     long microseconds;
@@ -131,17 +133,19 @@ public Object get(int ordinal, TTypeId dataType) {
       case STRING_TYPE:
         return getString(ordinal);
       case TIMESTAMP_TYPE:
-        microseconds = getLong(ordinal);
-        nanos = (int) (microseconds % 1000000) * 1000;
-        Timestamp timestamp = new Timestamp(microseconds / 1000);
-        timestamp.setNanos(nanos);
-        return timestamp;
+        if (timestampAsString) {
+          return Timestamp.valueOf(getString(ordinal));
+        } else {
+          LocalDateTime localDateTime =
+              DateUtility.getLocalDateTimeFromEpochMicro(getLong(ordinal), timeZone);
+          return Timestamp.valueOf(localDateTime);
+        }
       case DATE_TYPE:
         return DateUtils.internalToDate(getInt(ordinal));
       case INTERVAL_DAY_TIME_TYPE:
         microseconds = getLong(ordinal);
-        seconds = microseconds / 1000000;
-        nanos = (int) (microseconds % 1000000) * 1000;
+        seconds = microseconds / 1_000_000;
+        nanos = (int) (microseconds % 1_000_000) * 1_000;
         return new HiveIntervalDayTime(seconds, nanos);
       case INTERVAL_YEAR_MONTH_TYPE:
         return new HiveIntervalYearMonth(getInt(ordinal));

From a896e95bd4645244a6ee03ee4d928bdc14633b1e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 19 Feb 2023 16:31:26 +0800
Subject: [PATCH 085/760] [KYUUBI #4338][FOLLOWUP] Fix K8s integration tests

### _Why are the changes needed?_

Correct the Spark image tag to recover "Kyuubi Server On Kubernetes Integration Test"

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4369 from pan3793/spark-3.3.2.

Closes #4338

3232bf9f [Cheng Pan] [KYUUBI #4338][FOLLOWUP] Fix K8s integration tests

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                                    | 1 -
 .../test/deployment/KyuubiOnKubernetesTestsSuite.scala          | 2 +-
 .../kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala     | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index b0ab493a4..a70117826 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -434,7 +434,6 @@ jobs:
         run: >-
           ./build/mvn ${MVN_OPT} clean install
           -Pflink-provided,hive-provided
-          -Pspark-3.2
           -Pkubernetes-it
           -Dtest=none -DwildcardSuites=org.apache.kyuubi.kubernetes.test.spark
       - name: Print Driver Pod logs
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
index 6cf8dfcc8..bc7c98a80 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
@@ -54,7 +54,7 @@ class KyuubiOnKubernetesWithSparkTestsBase extends WithKyuubiServerOnKubernetes
     super.connectionConf ++
       Map(
         "spark.master" -> s"k8s://$miniKubeApiMaster",
-        "spark.kubernetes.container.image" -> "apache/spark:3.3.2",
+        "spark.kubernetes.container.image" -> "apache/spark:v3.3.2",
         "spark.executor.memory" -> "512M",
         "spark.driver.memory" -> "1024M",
         "spark.kubernetes.driver.request.cores" -> "250m",
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 798618e4c..019de840d 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -45,7 +45,7 @@ abstract class SparkOnKubernetesSuiteBase
     // TODO Support more Spark version
     // Spark official docker image: https://hub.docker.com/r/apache/spark/tags
     KyuubiConf().set("spark.master", s"k8s://$apiServerAddress")
-      .set("spark.kubernetes.container.image", "apache/spark:v3.2.1")
+      .set("spark.kubernetes.container.image", "apache/spark:v3.3.2")
       .set("spark.kubernetes.container.image.pullPolicy", "IfNotPresent")
       .set("spark.executor.instances", "1")
       .set("spark.executor.memory", "512M")

From 9d33b849fb5cf63ff05eeb2f80ccb74b04751774 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 19 Feb 2023 16:33:26 +0800
Subject: [PATCH 086/760] [KYUUBI #4357] Bump Jersey from 2.38 to 2.39

### _Why are the changes needed?_

to close #4357.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4366 from bowenliang123/jersey-2.39.

Closes #4357

bd214e8d [liangbowen] bump jersey from 2.38 to 2.39

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 16 ++++++++--------
 pom.xml            |  9 +--------
 2 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 9813bb562..7932c5cdf 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -83,14 +83,14 @@ jakarta.ws.rs-api/2.1.6//jakarta.ws.rs-api-2.1.6.jar
 jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar
 javassist/3.25.0-GA//javassist-3.25.0-GA.jar
 jcl-over-slf4j/1.7.36//jcl-over-slf4j-1.7.36.jar
-jersey-client/2.38//jersey-client-2.38.jar
-jersey-common/2.38//jersey-common-2.38.jar
-jersey-container-servlet-core/2.38//jersey-container-servlet-core-2.38.jar
-jersey-entity-filtering/2.38//jersey-entity-filtering-2.38.jar
-jersey-hk2/2.38//jersey-hk2-2.38.jar
-jersey-media-json-jackson/2.38//jersey-media-json-jackson-2.38.jar
-jersey-media-multipart/2.38//jersey-media-multipart-2.38.jar
-jersey-server/2.38//jersey-server-2.38.jar
+jersey-client/2.39//jersey-client-2.39.jar
+jersey-common/2.39//jersey-common-2.39.jar
+jersey-container-servlet-core/2.39//jersey-container-servlet-core-2.39.jar
+jersey-entity-filtering/2.39//jersey-entity-filtering-2.39.jar
+jersey-hk2/2.39//jersey-hk2-2.39.jar
+jersey-media-json-jackson/2.39//jersey-media-json-jackson-2.39.jar
+jersey-media-multipart/2.39//jersey-media-multipart-2.39.jar
+jersey-server/2.39//jersey-server-2.39.jar
 jetcd-api/0.7.3//jetcd-api-0.7.3.jar
 jetcd-common/0.7.3//jetcd-common-0.7.3.jar
 jetcd-core/0.7.3//jetcd-core-0.7.3.jar
diff --git a/pom.xml b/pom.xml
index a774acbb2..1a583eb78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -163,7 +163,7 @@
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
-        <jersey.version>2.38</jersey.version>
+        <jersey.version>2.39</jersey.version>
         <jetty.version>9.4.50.v20221201</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
@@ -1495,13 +1495,6 @@
                 <groupId>org.glassfish.jersey.media</groupId>
                 <artifactId>jersey-media-multipart</artifactId>
                 <version>${jersey.version}</version>
-                <exclusions>
-                    <!--todo: remove this exclusion when Jersey 2.39 released with scope fix for Junit dependency-->
-                    <exclusion>
-                        <groupId>org.junit.jupiter</groupId>
-                        <artifactId>junit-jupiter</artifactId>
-                    </exclusion>
-                </exclusions>
             </dependency>
 
             <dependency>

From 5b2c40659f25d6222c96bff9e144f7bd5719b18c Mon Sep 17 00:00:00 2001
From: Luning Wang <wang4luning@gmail.com>
Date: Sun, 19 Feb 2023 18:55:31 +0800
Subject: [PATCH 087/760] [KYUUBI #3081][DOCS] Add Hudi connector doc in Trino

### _Why are the changes needed?_

Add a Hudi connector doc in Trino

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4356 from a49a/hudi-trino-doc.

Closes #3081

346cf11ca [Luning Wang] [KYUUBI #3081][DOCS] Add Hudi connector doc in Trino

Authored-by: Luning Wang <wang4luning@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/connector/trino/hudi.rst  | 80 ++++++++++++++++++++++++++++++++++
 docs/connector/trino/index.rst |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 docs/connector/trino/hudi.rst

diff --git a/docs/connector/trino/hudi.rst b/docs/connector/trino/hudi.rst
new file mode 100644
index 000000000..5c965a0b6
--- /dev/null
+++ b/docs/connector/trino/hudi.rst
@@ -0,0 +1,80 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+`Hudi`_
+========
+
+Apache Hudi (pronounced “hoodie”) is the next generation streaming data lake platform.
+Apache Hudi brings core warehouse and database functionality directly to a data lake.
+
+.. tip::
+   This article assumes that you have mastered the basic knowledge and operation of `Hudi`_.
+   For the knowledge about Hudi not mentioned in this article,
+   you can obtain it from its `Official Documentation`_.
+
+By using Kyuubi, we can run SQL queries towards Hudi which is more convenient, easy to understand,
+and easy to expand than directly using Trino to manipulate Hudi.
+
+Hudi Integration
+----------------
+
+To enable the integration of Kyuubi Trino SQL engine and Hudi, you need to:
+
+- Setting the Trino extension and catalog :ref:`configurations<trino-hudi-conf>`
+
+.. _trino-hudi-conf:
+
+Configurations
+**************
+
+Catalogs are registered by creating a file of catalog properties in the `$TRINO_SERVER_HOME/etc/catalog` directory.
+For example, we can create a `$TRINO_SERVER_HOME/etc/catalog/hudi.properties` with the following contents to mount the Hudi connector as a Hudi catalog:
+
+.. code-block:: properties
+
+   connector.name=hudi
+   hive.metastore.uri=thrift://example.net:9083
+
+Note: You need to replace $TRINO_SERVER_HOME above to your Trino server home path like `/opt/trino-server-406`.
+
+More configuration properties can be found in the `Hudi connector in Trino document`_.
+
+.. tip::
+   Trino version 398 or higher, it is recommended to use the Hudi connector.
+   You don't need to install any dependencies in version 398 or higher.
+
+Hudi Operations
+---------------
+The globally available and read operation statements are supported in Trino.
+These statements can be found in `Trino SQL Support`_.
+Currently, Trino cannot write data to a Hudi table.
+A common scenario is to write data with Spark/Flink and read data with Trino.
+You can use the Kyuubi Trino SQL engine to query the table with the following SQL ``SELECT`` statement.
+
+Taking ``Query Data`` as a example,
+
+.. code-block:: sql
+
+    USE example.example_schema;
+
+    SELECT symbol, max(ts)
+    FROM stock_ticks_cow
+    GROUP BY symbol
+    HAVING symbol = 'GOOG';
+
+.. _Hudi: https://hudi.apache.org/
+.. _Official Documentation: https://hudi.apache.org/docs/overview
+.. _Hudi connector in Trino document: https://trino.io/docs/current/connector/hudi.html
+.. _Trino SQL Support: https://trino.io/docs/current/language/sql-support.html#
diff --git a/docs/connector/trino/index.rst b/docs/connector/trino/index.rst
index a5c5675ce..f5d651d45 100644
--- a/docs/connector/trino/index.rst
+++ b/docs/connector/trino/index.rst
@@ -20,4 +20,5 @@ Connectors For Trino SQL Engine
     :maxdepth: 2
 
     flink_table_store
+    hudi
     iceberg
\ No newline at end of file

From dec432713107cd52eb5fef9be3e98a02e11e5276 Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Mon, 20 Feb 2023 10:10:58 +0800
Subject: [PATCH 088/760] [KYUUBI #4345] Add the doc of kyuubi trino server

https://github.com/apache/kyuubi/issues/3901
### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4345 from iodone/trino-server-dock.

Closes #4345

6f8e3149 [odone] add the doc of kyuubi trino server

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/client/cli/index.rst      |  1 +
 docs/client/cli/trino_cli.md   | 88 ++++++++++++++++++++++++++++++++
 docs/client/jdbc/index.rst     |  1 +
 docs/client/jdbc/trino_jdbc.md | 92 ++++++++++++++++++++++++++++++++++
 4 files changed, 182 insertions(+)
 create mode 100644 docs/client/cli/trino_cli.md
 create mode 100644 docs/client/jdbc/trino_jdbc.md

diff --git a/docs/client/cli/index.rst b/docs/client/cli/index.rst
index 61be9ad8c..19122ced4 100644
--- a/docs/client/cli/index.rst
+++ b/docs/client/cli/index.rst
@@ -21,3 +21,4 @@ Command Line Interface(CLI)s
 
     kyuubi_beeline
     hive_beeline
+    trino_cli
diff --git a/docs/client/cli/trino_cli.md b/docs/client/cli/trino_cli.md
new file mode 100644
index 000000000..68ebd8300
--- /dev/null
+++ b/docs/client/cli/trino_cli.md
@@ -0,0 +1,88 @@
+<!--
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+
+# Trino command line interface
+
+The Trino CLI provides a terminal-based, interactive shell for running queries. We can use it to connect Kyuubi server now.
+
+## Start Kyuubi Trino Server
+
+First we should configure the trino protocol and the service port in the `kyuubi.conf`
+
+```
+kyuubi.frontend.protocols TRINO
+kyuubi.frontend.trino.bind.port 10999 #default port
+```
+
+## Install
+
+Download [trino-cli-363-executable.jar](https://repo1.maven.org/maven2/io/trino/trino-jdbc/363/trino-jdbc-363.jar), rename it to `trino`, make it executable with `chmod +x`, and run it to show the version of the CLI:
+
+```
+wget https://repo1.maven.org/maven2/io/trino/trino-jdbc/363/trino-jdbc-363.jar
+mv trino-jdbc-363.jar trino
+chmod +x trino
+./trino --version
+```
+
+## Running the CLI
+
+The minimal command to start the CLI in interactive mode specifies the URL of the kyuubi server with the Trino protocol:
+
+```
+./trino --server http://localhost:10999
+```
+
+If successful, you will get a prompt to execute commands. Use the help command to see a list of supported commands. Use the clear command to clear the terminal. To stop and exit the CLI, run exit or quit.:
+
+```
+trino> help
+
+Supported commands:
+QUIT
+EXIT
+CLEAR
+EXPLAIN [ ( option [, ...] ) ] <query>
+    options: FORMAT { TEXT | GRAPHVIZ | JSON }
+             TYPE { LOGICAL | DISTRIBUTED | VALIDATE | IO }
+DESCRIBE <table>
+SHOW COLUMNS FROM <table>
+SHOW FUNCTIONS
+SHOW CATALOGS [LIKE <pattern>]
+SHOW SCHEMAS [FROM <catalog>] [LIKE <pattern>]
+SHOW TABLES [FROM <schema>] [LIKE <pattern>]
+USE [<catalog>.]<schema>
+```
+
+You can now run SQL statements. After processing, the CLI will show results and statistics.
+
+```
+trino> select 1;
+ _col0
+-------
+     1
+(1 row)
+
+Query 20230216_125233_00806_examine_6hxus, FINISHED, 1 node
+Splits: 1 total, 1 done (100.00%)
+0.29 [0 rows, 0B] [0 rows/s, 0B/s]
+
+trino>
+```
+
+Many other options are available to further configure the CLI in interactive mode to
+refer https://trino.io/docs/current/client/cli.html#running-the-cli
diff --git a/docs/client/jdbc/index.rst b/docs/client/jdbc/index.rst
index 31871f138..abcd6a452 100644
--- a/docs/client/jdbc/index.rst
+++ b/docs/client/jdbc/index.rst
@@ -22,4 +22,5 @@ JDBC Drivers
     kyuubi_jdbc
     hive_jdbc
     mysql_jdbc
+    trino_jdbc
 
diff --git a/docs/client/jdbc/trino_jdbc.md b/docs/client/jdbc/trino_jdbc.md
new file mode 100644
index 000000000..0f91c4337
--- /dev/null
+++ b/docs/client/jdbc/trino_jdbc.md
@@ -0,0 +1,92 @@
+<!--
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+
+# Trino JDBC Driver
+
+## Instructions
+
+Kyuubi currently supports the Trino connection protocol, so we can use Trino-JDBC to connect to the kyuubi server
+and submit SQL to Spark, Trino and other engines for execution.
+
+## Start Kyuubi Trino Server
+
+First we should configure the trino protocol and the service port in the `kyuubi.conf`
+
+```
+kyuubi.frontend.protocols TRINO
+kyuubi.frontend.trino.bind.port 10999 #default port
+```
+
+## Install Trino JDBC
+
+Download [trino-jdbc-363.jar](https://repo1.maven.org/maven2/io/trino/trino-jdbc/363/trino-jdbc-363.jar) and add it to the classpath of your Java application.
+
+The driver is also available from Maven Central:
+
+```xml
+<dependency>
+    <groupId>io.trino</groupId>
+    <artifactId>trino-jdbc</artifactId>
+    <version>363</version>
+</dependency>
+```
+
+## JDBC URL
+
+When your driver is loaded, registered and configured, you are ready to connect to Trino from your application. The following JDBC URL formats are supported:
+
+```
+jdbc:trino://host:port
+```
+
+Trino JDBC example
+
+```java
+String trinoHost = "localhost";
+String trinoPort = "10999";
+String trinoUser = "default";
+String trinoPassword = null;
+Connection connection = null;
+ResultSet rs = null;
+
+try {
+    // Create the connection using the JDBC URL
+    connection = DriverManager.getConnection("jdbc:trino://" + trinoHost + ":" + trinoPort, trinoUser, trinoPassword);
+
+    // Do whatever you need to do with the connection
+    Statement stmt = connection.createStatement();
+    rs = stmt.executeQuery("SELECT 1");
+
+    while (rs.next()) {
+    // retrieve data from the ResultSet
+    }
+
+} catch (Exception e) {
+    e.printStackTrace();
+} finally {
+    try {
+        // Close the connection when you're done with it
+        if (rs != null) rs.close();
+        if (connection != null) connection.close();
+    } catch (Exception e) {
+        e.printStackTrace();
+    }
+} 
+```
+
+The configuration of the connection parameters can be found in the official trino documentation at: https://trino.io/docs/current/client/jdbc.html#connection-parameters
+

From 3f6ba776fbda59e0c424283ababc4b6b18912b21 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 20 Feb 2023 11:18:21 +0800
Subject: [PATCH 089/760] [KYUUBI #4216] Support to transfer client version for
 kyuubi hive jdbc and rest client sdk

### _Why are the changes needed?_

To close #4216

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4370 from turboFei/client_version.

Closes #4216

efd934c6b [fwang12] save
cf8acd54a [fwang12] version properties

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/config/KyuubiReservedKeys.scala    |  1 +
 kyuubi-hive-jdbc/pom.xml                      |  8 ++++
 .../kyuubi/jdbc/hive/KyuubiConnection.java    |  1 +
 .../org/apache/kyuubi/jdbc/hive/Utils.java    | 17 ++++++++
 .../src/main/resources/version.properties     | 18 ++++++++
 .../apache/kyuubi/jdbc/hive/UtilsTest.java    |  7 +++
 kyuubi-rest-client/pom.xml                    |  7 +++
 .../apache/kyuubi/client/BatchRestApi.java    | 12 ++++++
 .../kyuubi/client/util/VersionUtils.java      | 43 +++++++++++++++++++
 .../src/main/resources/version.properties     | 18 ++++++++
 .../kyuubi/client/util/VersionUtilsTest.java  | 30 +++++++++++++
 .../KyuubiOperationPerConnectionSuite.scala   | 12 +++++-
 .../rest/client/BatchRestApiSuite.scala       | 21 ++++++++-
 13 files changed, 192 insertions(+), 3 deletions(-)
 create mode 100644 kyuubi-hive-jdbc/src/main/resources/version.properties
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java
 create mode 100644 kyuubi-rest-client/src/main/resources/version.properties
 create mode 100644 kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/util/VersionUtilsTest.java

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
index 6036af855..335253925 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.config
 
 object KyuubiReservedKeys {
   final val KYUUBI_CLIENT_IP_KEY = "kyuubi.client.ipAddress"
+  final val KYUUBI_CLIENT_VERSION_KEY = "kyuubi.client.version"
   final val KYUUBI_SERVER_IP_KEY = "kyuubi.server.ipAddress"
   final val KYUUBI_SESSION_USER_KEY = "kyuubi.session.user"
   final val KYUUBI_SESSION_SIGN_PUBLICKEY = "kyuubi.session.sign.publickey"
diff --git a/kyuubi-hive-jdbc/pom.xml b/kyuubi-hive-jdbc/pom.xml
index 7b45c27bb..36ea7acc2 100644
--- a/kyuubi-hive-jdbc/pom.xml
+++ b/kyuubi-hive-jdbc/pom.xml
@@ -171,6 +171,14 @@
     </dependencies>
 
     <build>
+
+        <resources>
+            <resource>
+                <filtering>true</filtering>
+                <directory>src/main/resources</directory>
+            </resource>
+        </resources>
+
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index 9931dcec2..0932ea565 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -738,6 +738,7 @@ private void openSession() throws SQLException {
     } catch (UnknownHostException e) {
       LOG.debug("Error getting Kyuubi session local client ip address", e);
     }
+    openConf.put(Utils.KYUUBI_CLIENT_VERSION_KEY, Utils.getVersion());
     openReq.setConfiguration(openConf);
 
     // Store the user name in the open request in case no non-sasl authentication
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
index 59cc67f9d..1daa322ec 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
@@ -486,4 +486,21 @@ public static String getCanonicalHostName(String hostName) {
   public static boolean isKyuubiOperationHint(String hint) {
     return KYUUBI_OPERATION_HINT_PATTERN.matcher(hint).matches();
   }
+
+  public static final String KYUUBI_CLIENT_VERSION_KEY = "kyuubi.client.version";
+  private static String KYUUBI_CLIENT_VERSION;
+
+  public static synchronized String getVersion() {
+    if (KYUUBI_CLIENT_VERSION == null) {
+      try {
+        Properties prop = new Properties();
+        prop.load(Utils.class.getClassLoader().getResourceAsStream("version.properties"));
+        KYUUBI_CLIENT_VERSION = prop.getProperty(KYUUBI_CLIENT_VERSION_KEY, "unknown");
+      } catch (Exception e) {
+        LOG.error("Error getting kyuubi client version", e);
+        KYUUBI_CLIENT_VERSION = "unknown";
+      }
+    }
+    return KYUUBI_CLIENT_VERSION;
+  }
 }
diff --git a/kyuubi-hive-jdbc/src/main/resources/version.properties b/kyuubi-hive-jdbc/src/main/resources/version.properties
new file mode 100644
index 000000000..82ae50cfb
--- /dev/null
+++ b/kyuubi-hive-jdbc/src/main/resources/version.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+kyuubi.client.version = ${project.version}
diff --git a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java
index e0594dde0..b01957b3e 100644
--- a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java
+++ b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/UtilsTest.java
@@ -29,6 +29,7 @@
 import java.util.Collection;
 import java.util.Map;
 import java.util.Properties;
+import java.util.regex.Pattern;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
@@ -138,4 +139,10 @@ public void testExtractURLComponents() throws JdbcUriParseException {
     assertEquals(expectedDb, jdbcConnectionParams1.getDbName());
     assertEquals(expectedHiveConf, jdbcConnectionParams1.getHiveConfs());
   }
+
+  @Test
+  public void testGetVersion() {
+    Pattern pattern = Pattern.compile("^\\d+\\.\\d+\\.\\d+.*");
+    assert pattern.matcher(Utils.getVersion()).matches();
+  }
 }
diff --git a/kyuubi-rest-client/pom.xml b/kyuubi-rest-client/pom.xml
index 0af949125..6ba88e8dc 100644
--- a/kyuubi-rest-client/pom.xml
+++ b/kyuubi-rest-client/pom.xml
@@ -115,6 +115,13 @@
 
     <build>
 
+        <resources>
+            <resource>
+                <filtering>true</filtering>
+                <directory>src/main/resources</directory>
+            </resource>
+        </resources>
+
         <plugins>
             <plugin>
                 <groupId>net.alchim31.maven</groupId>
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
index a09ab562b..f5099568b 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
@@ -22,6 +22,7 @@
 import java.util.Map;
 import org.apache.kyuubi.client.api.v1.dto.*;
 import org.apache.kyuubi.client.util.JsonUtils;
+import org.apache.kyuubi.client.util.VersionUtils;
 
 public class BatchRestApi {
 
@@ -36,11 +37,13 @@ public BatchRestApi(KyuubiRestClient client) {
   }
 
   public Batch createBatch(BatchRequest request) {
+    setClientVersion(request);
     String requestBody = JsonUtils.toJson(request);
     return this.getClient().post(API_BASE_PATH, requestBody, Batch.class, client.getAuthHeader());
   }
 
   public Batch createBatch(BatchRequest request, File resourceFile) {
+    setClientVersion(request);
     Map<String, MultiPart> multiPartMap = new HashMap<>();
     multiPartMap.put("batchRequest", new MultiPart(MultiPart.MultiPartType.JSON, request));
     multiPartMap.put("resourceFile", new MultiPart(MultiPart.MultiPartType.FILE, resourceFile));
@@ -96,4 +99,13 @@ public CloseBatchResponse deleteBatch(String batchId, String hs2ProxyUser) {
   private IRestClient getClient() {
     return this.client.getHttpClient();
   }
+
+  private void setClientVersion(BatchRequest request) {
+    if (request != null) {
+      Map<String, String> newConf = new HashMap<>();
+      newConf.putAll(request.getConf());
+      newConf.put(VersionUtils.KYUUBI_CLIENT_VERSION_KEY, VersionUtils.getVersion());
+      request.setConf(newConf);
+    }
+  }
 }
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java
new file mode 100644
index 000000000..bcabca5b9
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.util;
+
+import java.util.Properties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class VersionUtils {
+  static final Logger LOG = LoggerFactory.getLogger(VersionUtils.class);
+
+  public static final String KYUUBI_CLIENT_VERSION_KEY = "kyuubi.client.version";
+  private static String KYUUBI_CLIENT_VERSION;
+
+  public static synchronized String getVersion() {
+    if (KYUUBI_CLIENT_VERSION == null) {
+      try {
+        Properties prop = new Properties();
+        prop.load(VersionUtils.class.getClassLoader().getResourceAsStream("version.properties"));
+        KYUUBI_CLIENT_VERSION = prop.getProperty(KYUUBI_CLIENT_VERSION_KEY, "unknown");
+      } catch (Exception e) {
+        LOG.error("Error getting kyuubi client version", e);
+        KYUUBI_CLIENT_VERSION = "unknown";
+      }
+    }
+    return KYUUBI_CLIENT_VERSION;
+  }
+}
diff --git a/kyuubi-rest-client/src/main/resources/version.properties b/kyuubi-rest-client/src/main/resources/version.properties
new file mode 100644
index 000000000..82ae50cfb
--- /dev/null
+++ b/kyuubi-rest-client/src/main/resources/version.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+kyuubi.client.version = ${project.version}
diff --git a/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/util/VersionUtilsTest.java b/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/util/VersionUtilsTest.java
new file mode 100644
index 000000000..d4675f340
--- /dev/null
+++ b/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/util/VersionUtilsTest.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.util;
+
+import java.util.regex.Pattern;
+import org.junit.Test;
+
+public class VersionUtilsTest {
+
+  @Test
+  public void testGetClientVersion() {
+    Pattern pattern = Pattern.compile("^\\d+\\.\\d+\\.\\d+.*");
+    assert pattern.matcher(VersionUtils.getVersion()).matches();
+  }
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index 341f00639..669475b6c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -26,8 +26,8 @@ import scala.collection.JavaConverters._
 import org.apache.hive.service.rpc.thrift._
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
-import org.apache.kyuubi.WithKyuubiServer
-import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.{KYUUBI_VERSION, WithKyuubiServer}
+import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.config.KyuubiConf.SESSION_CONF_ADVISOR
 import org.apache.kyuubi.engine.ApplicationState
 import org.apache.kyuubi.jdbc.KyuubiHiveDriver
@@ -272,6 +272,14 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
       assert(MetricsSystem.counterValue(connFailedMetric).getOrElse(0L) > connFailedCount)
     }
   }
+
+  test("support to transfer client version when opening jdbc connection") {
+    withJdbcStatement() { stmt =>
+      val rs = stmt.executeQuery(s"set spark.${KyuubiReservedKeys.KYUUBI_CLIENT_VERSION_KEY}")
+      assert(rs.next())
+      assert(rs.getString(2) === KYUUBI_VERSION)
+    }
+  }
 }
 
 class TestSessionConfAdvisor extends SessionConfAdvisor {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
index 6110ccb1e..cb7905286 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
@@ -22,10 +22,11 @@ import java.util.Base64
 
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
-import org.apache.kyuubi.{BatchTestHelper, RestClientTestHelper}
+import org.apache.kyuubi.{BatchTestHelper, KYUUBI_VERSION, RestClientTestHelper}
 import org.apache.kyuubi.client.{BatchRestApi, KyuubiRestClient}
 import org.apache.kyuubi.client.api.v1.dto.Batch
 import org.apache.kyuubi.client.exception.KyuubiRestException
+import org.apache.kyuubi.config.KyuubiReservedKeys
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.session.{KyuubiSession, SessionHandle}
 
@@ -215,4 +216,22 @@ class BatchRestApiSuite extends RestClientTestHelper with BatchTestHelper {
     batchRestApi.listBatches(null, null, null, 0, 0, 0, 1)
     batchRestApi.listBatches(null, null, null, 0, 0, 0, 1)
   }
+
+  test("support to transfer client version when creating batch") {
+    val spnegoKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.SPNEGO)
+        .spnegoHost("localhost")
+        .build()
+    val batchRestApi: BatchRestApi = new BatchRestApi(spnegoKyuubiRestClient)
+    // create batch
+    val requestObj =
+      newSparkBatchRequest(Map("spark.master" -> "local"))
+
+    val batch = batchRestApi.createBatch(requestObj)
+    val batchSession =
+      server.backendService.sessionManager.getSession(SessionHandle.fromUUID(batch.getId))
+    assert(
+      batchSession.conf.get(KyuubiReservedKeys.KYUUBI_CLIENT_VERSION_KEY) == Some(KYUUBI_VERSION))
+  }
 }

From b99ab507c782d33d1cbe6a1b58d77eff14df5cca Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Mon, 20 Feb 2023 13:00:45 +0800
Subject: [PATCH 090/760] [KYUUBI #4371] Fix typo in `kyuubi_ecosystem.drawio`

### _Why are the changes needed?_

Fix typo in `kyuubi_ecosystem.drawio`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4371 from Yikf/readme-img.

Closes #4371

eecea309 [Yikf] fix typo in kyuubi_ecosystem.drawio

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Yikf <yikaifei@apache.org>
---
 docs/imgs/kyuubi_ecosystem.drawio     |   2 +-
 docs/imgs/kyuubi_ecosystem.drawio.png | Bin 658886 -> 352492 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/imgs/kyuubi_ecosystem.drawio b/docs/imgs/kyuubi_ecosystem.drawio
index 723b306e8..7171491ef 100644
--- a/docs/imgs/kyuubi_ecosystem.drawio
+++ b/docs/imgs/kyuubi_ecosystem.drawio
@@ -1 +1 @@
-<mxfile host="Electron" modified="2022-12-16T05:39:03.159Z" agent="5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/20.3.0 Chrome/104.0.5112.114 Electron/20.1.3 Safari/537.36" etag="mxj7PVbz1WR7d7ngV59k" version="20.3.0" type="device"><diagram id="0-9F2cIb9JS7xc2u3utW" name="第 1 页">7L3XtqRYki36NfXYNdDiEQ2OdDS83IEGRzvCga8/rB2RVZkZWd3VfSrr9h03Isd2scARy8ymTZu23PMvKNcf0juZan3Mi+4vCJQff0H5vyAIAuHI/QRGzm8jMIIR30aqd5N/H/v7gNNcxfdB6Pvo1uTF8psd13Hs1mb67WA2DkORrb8ZS97v8fPb3cqx++1Zp6QqfhhwsqT7cTRo8rX+Nkoh5N/H5aKp6l/ODBP0ty198svO3+9kqZN8/PxqCBX+gnLvcVy/veoPrujA7P0yL98+J/6DrX+7sHcxrP/MB/Ra4nvI2YIw+kC0cw1vy/kPFP12mD3ptu93/P1q1/OXKXiP25AX4CjQX1D2Uzdr4UxJBrZ+bqvfY/Xad/c7+H7ZJWnRsUnWVl8f48ZufN+bhnG492eX9T22f5vIewrYsum6X3b6C4KWZUFkGRgfh1VM+qYDjsONfZPdF+Ukw3I/6c73Hb67C4ze75OuqYb7TXZPR3Efjc2Tpf66avhvJ/7ViXKSTiFwPz9O4/eZ3Yv3Why/Gvo+rVIx9sX6Pu9dftmK0X/F8W+f+u7nCPrd6p+/Ow0JfR+rf+Uw2C+DyXdHrf52+L/b8n7x3Zx/bNopiAdiL9v/5x2jTb/RSpgQ/4HTf2Baolu/zx0Ihm9GvEfnDXgh++M8/23Tb1zil0FwnP9YvozA3DvAyHT8+hNEBZ755p78Jt3W2xj3oYv3PbHLL1dy39m3i/m273/ie/B/7Xs/elf1TvLmNuxvPCynCeJ3DkTd74G9mzvwme+OtI7TL/5sjUuzNuNv3OuX3bXf7dA3eQ6u/keHrMd3c90nTX653q8r+H6vX9d/31kzVPe7/6B+Fxrf4+df4awE8htPxVH4r/gPvkpQf+Cr1J/lquQPnson9zQlbQG8sFgT8PZ+yVjK/x06/YE/kEVCFNCPSJQnBVVmP3gV+s9g02/R5l9pO+yvCEH//R/1G1Oi1I+g87dE+mtDEn+WIf8ryPmOCLc1tW/GdZ7aL3b97wLCP2Huf6FJ/zPP+bPMjUH4X/H/2sJ/lFb+NAv/4k6/MvE3SAfz9WWI/ysI/4NppskcIsk/sCZeUDn2gzV/zPbfDfJrvMf+GZP/cUL4LWj/K2Ia/SuM/tbK8I9WJkjyryT67zQ0/IOh/yiWnfVd3JN4Z60/O5j/59j9qy1ERhVp+cfs8L+FB/8CyxMY9Nd/AsD/veGN/NtJI3aTxi+2+Dve6A1N2XxxRmZb63ua71j84lh/PnXE/qgwyXKE+gMY+WdQ4h8Q0QSH/sz08Xumh+F/ACt/xPP+NO9Cfqw2f0kevzPeXSxP4GXTf9Xn7Nczs0zfSnwwa8kvb8rmAFb+h4Q8Hdd17P+hpb6fgc8BxUSZb28RcQKIxjU+a9ofSJWqkbn/GY5XC151v/I+9wPbcYwOxu2YGwfwIvFZ3Rd8ORPOuP9v/3e7tsg8pd+8k/+lj9JvzvLtldi0ekCDq1dC23E7naEe7FMwmM9HYZnIZKqM5T6jzj91i2MwiWVGjn22GvvR+onFHQEFn+VCVglCMBuLcz9oQiU7aEhS9+tHDnXC07exwYQzAp/nrVaE2+QsI9peKENxRx/7HefiaenTSjiE2fAN1LVv2jdGh3vnnYcNklx/HiyFpjxEv04BH3JDq0s0XJECUj94KWLyTT7Z0kDzLekcTc0nS5VoUy+n2XPNR0CS5hwGFPBbq3xF2Z0JYnhAyKRoNpyZGB+/p4hdWxep8AeyuN2R0YIWiwsysPiRyy4SsVZqPwaTy3c0zsORhEt8kbcHGsnkZp3Zu2tTevPvKGB15TXkTtY8efuuiMVZ5op0ghBuv9jFeiz6+SRwXlGCIn4M7UcC0fRIoscJ9+AmrJQu3Du2WfXppfamXIaaD5jX9pJRqKiwabdrsqiJRvfT86My4Jl4zyeGpMhTOuMidO116IkE2oeXk5f6ez91fE9JOv341cUxF2LO+C6C+dIRVur9N0rIIZojwCOCj9SgBq9LF2Fx0w3p7IfphIekMw+aghD5thRLTsJTe4iexbdPa4c4x2T5pXXQx/JCWilzn/Hj4dbqVPDJJT0N6QKfMRea2xSSe6xtBxuzvxtroGBgfhisQx/JwnAmrUqXADmyFSVO8llwmmQalXlQRHlDB9v20dMrpfsTvBf05TBTspuFohrc21JOzUIMzEgmeMj7BhHWfTpJIBgyu38Q7zLTpuXVaEDcsnDvrVsJlZLEfi75vWL2fUxB5scTV8GmLuReMs983CXA1CUiN+fjtHuXApWHDdq6FRD0YjeeGmFwyvAkcO+YUzqSK8mZk8YwKavTzwnZtNaEoIvOa01e3+Q7C6iqQqOxf87OboGr1XvdfMfYQMRT8R4W5xXnCJ5EzD3tqvC+J05s+ceLpWeqTEjfsAUVPTKtzz73h4elux2aFQa/Hp7+LLqiGX7NwLBUpuPJuf6CTbJdlk6L+50JXojvnMLeB+iRhMaD2pG6o87AFCvcW8ZzxqTwEiMs8LZagzFS2qm1fQ9N++rV8dgkHne5dc6vIdg3aDPY2d4M+aHig/CmapICXumZmFxlbg15Anym+HXAejWxCt4/JhAWE1ZXs5S6gSas+07Kh4EuIQFcQKIrQT+zMKHELeujN8El7MQOVMwuzFNbzkZsobS2alh/rM1HEesKWDj6PO5HGe6Xk9+36YCNCT4dO3Pb7Gw/yqkHW+4w6+s+gSw7KrdNkqas7oMHQRm81NfZKGphORQrSVcTq/HUZ6+S5dSkVBYP6s0tYXARlxZTar0ouurt4Iyzz8W9K9sPxvT0jLU6pHLXeoe9CB9KPB+nVMRzs+l5sFC8DTzGwmXNd9n8EzNv9pi43ISOG6AAheFji/Dy6WnUNIIeR/T2YSVehRRJ3eOQBvZAJwXhs0FADwNLbdpRIyk6T38MLirhEBmVVvmMjzlUSQ3jbO59xbsY8908CRumWeprj6refc8AV0wMF+ElQ0nsOdKHl/WZ4xDhGvW8q7zGTJc343y6UlHb+hAs0pg6RcHBdXfo3jII9E5StZI+OQszsoV5dJhdOZdqVy5V9VGqqJD5mMgRW3R141ReV/U4WMZFh7U2pR6pC7fCCSW2dbpOr0jeGKBIujW6KzxEvfdJTqoKMpj0hxxDnxSBXv0Tu5PR5Uwa3MIVHNRvxe+DY3ptevaKXKTWXkdD41n7HE5PcgBQaZ+g3doPlCrxYxpqs54kRDeSe5rJoE4FvUfoyPOTrXYA4srC5XJ2Z7fIhhT4YUOt/jEf7fP8nPVeKSd08oh3H3VMrBZacPhZbf6dnbi08IQLEUoI+C3pqLHmXYK1JnDT3VQg0Vvv2MJj7aiDLNOzVNN9LaXewHiOak+m6EL95bl60EurfeeJoyUOwjsu+vOOHb1R+Vh4PfT65dcgIy6EgprLcea2XltZjDtSHafiFT6m4GlMw9NUYOZtO7yEPZeg8BeQCq7ObwMvVBdtUh9kmpjDJot1aGRfnBkmaX9nJRt5zZzMYcUipnHjP46a7MOZXaJYJlaz7bsA9vzPppdi7rA9yGk9fAnpA5cFkwmVVzpLERZ9ghng38TOjHz6H5Gd+GkO9TG7kikFWek+YZjkmXT6bhNajvnY2HOnvDfB6LblToPjusiM9vY6PfG2OjVp2AC8k8UstmfnNigaQLM90AWdU12f1cwL16bQIs9lvpTgIs436TK6u8DlNoTao1MHYzf6z9QQXY04atqvPKxMG9yhQhWfCz4qcUtdjaB9euEQ9aXu8xEx8DFSoruSYN9t38NBLMakVPKoFtuvx41u5oAJnbRvp+NKSCpBsLSN945eevjppJervF5WceN2oB58F1XLMw1DUZmmhzrT5KCzYhGP0ULujB/45is2sEf49rkuMY50peuVzrKIxKZnjfYTuT1O/mHoU7DMAWAFkxi8m5x9i1uBvNeBzo+wS5BIYOKpXV+MjQFKHlikQB6uBxUxq/lbA5z7pTzlh47lyIn1ltDQIK+pQdq9JiS4PfYQ5myNXFOFTRsA6eMOOC15iPT9mRjJumZJEjXGlhfrA+COn/wcODHsJFbaqNLbeCkbjDnni3/JRZ3r4+ZsDRcf2hCZi2LO0yFnLhc39mTt2SrW8ln11jW+7GFI9eSERTSyxOU86GnSa21ImkelRWPOz58E7aXG2eL1QJQAXJpNvfjbl0SLajpMvRKiljhHejCET4+AJAWxebYjRXQB9+nJoDx0wQumgKv69c5IYgbyhJj5ua/a7Ig7xNXeA9BOvl+7MhjHPrZz37TvJ1Te4zUaZryabL6XJR9LtrR7DDuuaFj7edRZ8kn3Jme7FTxGE7uoOcRlH3U16juXVHceqXu4SZbkyF5fyckJYvkRPEfXlD+R8Xzcpq/vowUD4yDzXPLMizXw1GSPYsVut2d5wL/8142+ak2RlKV3raxUGIi+tpoeFTozoZsxiqprQ1kL9zVpMyKE7/HSAd1xuSSheqRdHTv0IPvaGZ5ctOVRGF3S05eRnR3tEOk1nLYw6/dxaR1vjqB4fQghPjYEl14jHDg3y+LCq7BnwMxALcSbt4V3cYVHoTGTQDXZzBQf6kuGn9xBSjcsxVtLDjwrxPAzyl8RH2wp1UGgWLzptikKkI1DaiIaKPsoPUq+PMXgdhN7tbcPjXfQr64Ku6GR1hyKP+JS8/0PORMfdQMOwCwefWUh26ZSDKGvZ9YnBCDAbCIlySFgbiK97Wuo/Vchzqr36NmRJuiUwriMRpKyGl+zMYor7bpmXTHTSziRKrCuGQb31yt7BDwEcDFAMeOTAYxqn+GSluGiPQR1LckYhOL9Z3zSVyJX7mhIHyrnSPtjZKzD4a/d/nwGv8LcXO8DSmTxwsK/yJvMnoOFkje4iJAJTKxebddby12p3Bjnc4AZhzRkRZL1yPJRsqW8H7TxgMf45cIcTpt32pQSiO5syrkSnsu7d9BQzvt0zUipNsBkIhhC21iKNREDpRjjeL5pqzgXKQqopv9IIf2N/JU377uU/lYtL+MGdmLf45p8H/oPGvq9IuYX7zwZkj9BDsVI0EvF/kGHA4eov+LQ37fSPwga2B/oGTAK/xWj/yRNA/ux5/Er5eo/bVj9j3Sp/4kM+nvN6h/q4/8DPfxPEKr+ZsT/14Qq/Mcux6+aVvrt+lXRgxv+84172zb91q/+nSBJZUX2e+NS/4wd/yy9EaXI37Wr4D9QHBGE/nca8scuhuBqP832n69e+WO7/Tu7T7+sG/uV3Zgh6c4bgJaf1vt1EwlF/gr9E9aD/xab/x77ET+V/p9K/0+l/6fS/1Pp/6n0/1T6fyr9P5X+n0r/T6X/p9L/U+n/qfT/VPp/Kv1gmfNfIfTvWj5J/m+X+vEfv6fyU9T4KWr8FDV+iho/RY2fosZPUeOnqPFT1PgpavwUNX6KGj9FjZ+ixk9R4/9/ogYJEb8VNf4XaRp/+ANAf/R93/+PiRngjxEYjlGAqKFSXfu5n5uw/Va2I9uRc2HlxuXN4cX4TGJD6HdDQhNoNINn3x+QoODnKVSKmr2nz3tRZmwcN/UkdvxGXmg/JKPrbI8S/Lz2HVy0zWeAP54cHkyT6kD0KMBpW+NTO3Utvt8n0WkIdUIOUUb1oPYzt27IMvBp30/qIovbJ0TUV5qGY54Ce/8ZBz0u1bfXNcMoHFOBP/Zr4P5jmm8DCmN//wSjVN/3Eu5b/Rp07ldfgw+OYf4XHqtVfn9wsNfz+7G4/+Tgz9u6X4PKk+H+Fx7rb1PzrH5/8D+emh8Pzvwwzf+rjvUP/CHtCSW+J5CTSct7MN2m9YJphrRGvA0SfgCi8rwLEYZgMJlKOssecb654+w+gvSUM80ABCctS7og/LJohpDhR9RZyEPiP0oU8aBAUU08RpN9MMIz7Z3x43XVZD7So3QMcpdTT5dA+iPLBwG/uK7jmVErF1QZm8V9gg3bzf/Erc9BJZTRBiBJOJuBdHZlb5DijYKN0L587wdF2Nub0d8fk5y9mifzGwfZDj6XUaUIcnc3BV0+mRmQ14hHAr6HkKWlIyJW32dWwpYR1PPQssR3WSHih7x3Fx5EjZrf5xUH1KODC/BRDBEPTGL4Rie1wXqx2H04D6YwNY2ZeLMsuKo95tO/4CAxCOxIXY6gcp0NQp5caWR83wfb2W7QxauIoe9GNDn08WFVtJKwy329AQzB26dDro+oPBiBWnu+XMkX3eZaxJBMuVl8lQZvUqtVNXSfzKI/hLe/htageSxjxCvKA/Zyca8bpp7CfmZPQCH4XQrI6Rs14lzqLHT5CQU327vfF6s/fkkVdVW38eDAGYXnlZUJeCIMo07IZ46fMMMejC4DPSXKInq1fdED95PDvcUhhmztGvd0ZIpj3gqvaC/bC1roaL140T6FEQwq/g7ej7vG/nYNhIPfjx7hFc9VkZoEMGo4MReaJyT9at3VmTm/dVRn3TXLVSAgGoJL5fI9NvpLnGlsQM79nsOYyZnM1JurDj86MFfBXskelqhXDd3bQndXKxE2rYimX/gY4wG3XoRXAywOJqRNoyYEFaMC3RVzeDg3zrOGzyYXiY9W+XxGMCJ0ovrdWhK6oqx+UktoWQ+WtIZruLoj7ZvdJ6AGtx0VWFCDtEqwogyrpBVvYlwbJ3qbWkbY6rbUmNMEuURMPlRWopbsXi+kboJWfm0BzAsu0v4SqfXhSSO6l+/HjN0npNnxpFQQGhdrrXTqGS7488NuOvu+7R628ZKjuIxYMM1+6e9HDu53fAIy37DQtvNwiJLIK9+GWKqqkMwXGk/pBo/jjwqoCAKtbVkxZZN/jiLzBg4pSkAjF5RHU8rYY4Z8Iydzre1St5MSdPmnf+hNxVZqQSaj5VTlkgUlzU7mMinPk8kwUOKenfk+jg8T8WKIEK9W6gwISvv57W7CAwipeQOMp6BvINE3Hx6PNs168x37Ddn4SkQ0eqVpQ+KXhBFBTwfoCvKBHSN51BuGD49AifiFyML+3tAkTCRgegfjT/HJLY6Ra3cdV9nDzsU1QBPy3NPD06YP7M48ugPdA5w6uSZiQ0KANL0ALkV68gsSliNZAvhxTeRJ68WU45Iefcdo+ChvC2nzGG4Dkz2jV7A0hrFEmFN9xvjku+rFIA4jFzfdQs/kKVo4Zt/IDHUxwJ3VMsZ2tSfKTfwxP8RdAAAWj9P73dHneqnCtVp+Z4cHOni9W380lS7p88Pc9byowduR7Yk+F09Zab7y3cdKgIfY6nxEcu+lLyOiMZNAAbbJ13oX41449C1V7gfXJuareASvjLJeiqPLGiFQaEXcsV7GBE648IBaD+4Z8Gz7lB4VO7TlMqWH6T9jp9NLe4Tjht39uOOPAymsPEjNaVpls37GULW8QHzhCMMU5rXHZHFDAXFX79+zlszAiWZfYB/tApVrkJuDfB5KagTnaspV+YRFMhEoYouIuomMvbQ2oE4EdBoyryrYr4JwkekZvT+Xts5cHlI7FNGLNYb++ZJf1JDTlvvZ8IFnsLDWlJBoeFXLQHp8FNlrp192VBJUBb+MlLQvj4gNlDyQvCQeCB4ibW2I+NvRya3Lbxx9/JI/y6Y1ZX0n48VEUcDjUyJML6aumflja3jUuxuupTKdOkUZcHTeijE2zkbow6QJ8zwPir6ZocLkVF4SfIF02XBp6Z9FWEtjC7T0BURcmQ0yQV/7DIL5Ldvy1T52/sSVBi6S5ZV05+708zUML9qJ+7QI7sLw8w3jWWbKVAM98z42jCt83z4rklvDHbguhNtMUpieST2NXGp9h1cm7nyngDpxoCUUqBtwaXXuN6QeFRgV7vDDeXYlgx0p9qqECsDvL7+ZTDwhv+2nz+bFJgfJCEp+vBvLAKUt6NoA9AB9wL0ZSorEInSSSzdwACicKt1JJESuWfU+TaE2G6W3yBi476crSQVvdbHZuMNQog2c8CDIyZIZXWGcNjedZaepwhGWxJBfAg0k70X2EAGvvQOct7Qm209ejaQXMpqn7r4rfGANeD9Ir3pHsyYqpDqnvVWWfSdMhJAZFH7jUdUWgjugpc9WFJ9nEk1HROkbulmUgzQ0/37eYAcsYuwaOk1U+pVD9xCgCpRw0eVH7odndjyJvU65CInVoHToiUzP21hANAzcSneMuxOedrOeGOo+ttnwXYLIPEbHPdlCJj7oPiZKgvkzr3fYF29yPyq6mJOzHz/zs7Du+oZ+Bo/MNawizaNuwKM1rLmgPf1djqZ32oI5Lw5liSteu3AgM1xFRH1kjyw3As03ipZUdjY+AovctE7QGnWTX1DvoiRfobP1UatwKhzKlJ0SwiLouVXPch5Cm1/vOQtLQGfGKfMtLX6hlAy9hjiFedkrRqV1MbJctP2A2v2B+R5S+jxyAj9gis1HvMnatNzjJ7S8iQf7yNM+ljZqlbGeLgzrA0JqmbczgEvJgi47OXU9KJGLPgDzI3DPzQS32CjxmvpJfzPSneNEc1of3I5N5MH4MqXfDso6mM4+90cNu4kDDAa/csA6fGZbnui4NgLrQh31qtGPw68FDj2ZMaoDaBQDrqv81+mgE+FmPgJAp8jwxnRqYUxseGztKHpc7tnwC76jk6FJL55ypi4OCrvHTkbQgUByvsk3NzdcNRblAC4RenneDdEupT4ZQxlo2xpZdUNIrffK7+kMsMyL0TH3teWP5+FzB0vND7CJsLBa6cLA8GM/uSTicBZxrF7eFmlJxz9Bp0UJcRZru7GrLc52ENLK8hvqkZWBKkcuxodsMPAp5/0KmxGfe59JogQyAwwb+Io3nDHUl3Lo0Akx7aCvZpSy3XAOJYZwkmST0tBAndvtSH9xV/hk3AIeSqJjSfSKY6EfkdD2x+erPkWFutG65OP41Af3jU0au20yeTM29tQfkVJLKbVCHvMaLhyyASDKeBVS4SYlcLqF+9GXrYcu1ucuYaw7s2v4MGe4OqLytIHYNjfE1CdCekEZZkgu1uegI4mErS6V7xKRfVfgI8B5tiiyBv7o+uFFdgDDGpwkvuaavRkbDlxNtx1H6FoFxPRu8jTiDFwrz3spTdKWdzulOuKcn0TZ1mnFamENpWcXzsPKim5LadsdW2TP6EfV8JmvfoNfcp5IP1e649mrlPjJlN0kPcWt3c9NqYhcdcYhvSMJ0G5z55cn8MpDdkdiMZtwXypsCnODD2WgAMaO9Kq0wZe3k822UdUnanyeFbmQab3iXvelIEugPgnYaMNBxURlRoM/zqQS0bfvC01POS8PvnlQYEFI8TSxTzUv/PwMoYToMEf9oMi7Qy24FyeQfV5DuGNnORxQLmghvCfRVjMkWk59bJIxvS+bq1tk2VgPC13HxiWW0hn6k4IhGLrY/k46NZlQoLlthy11dNHx8SSyZibOFutogzeG43HJZqqgIU3KJz7T2xVyC/k8sGIVeAlti4JIbHYxW8m3vlkrj+7DVXfyNowi8F/N7BI5lO69pI91sp9Dh4MdhEl04Re5c2o7vyH4LnWvvkOgq61O7niI44sxmk/81AVnGJkJohWRrwaPwQbQ1xZkjyGLJPXPdVHc4yNVDpJYPeDPqhkfpMgP/m5X1WOHAnvmbFrOiMTHCZ299pWPA+Bv5Y4+F8ZKTbK9Nr0yP0zaVz4gluyypP1ExN+yZdGXOMihlOR0GiVcxrkNZUBr2wroQJsMxU2il9dHt70hw+lEB9nZF7+I8hHTTuJ49sdfxrN3DnDnbLozE7Oh6AAqNNCKkWYSd+Ao2MVjzW3dJaJTz2+ML9ZUAVgkciFSB8PZv1mJoyaNkhvAOhgFNWA0zWMSf1EqwywASOkyJfDRQIhRjG+CqoYi519h9+jQz1ujjGK22TKwrqgnaJx0Xu5ywQi90UPmbYeUCcy7oln2LQvPVr2mzlTE18B9XptGjXqlRQ1Gacad+jLNjFeQVcp1Ms2mtlv78yr6xZvMPmC8j+Qx0FPEYJxz3m4ibbJj59c20Ef9pUsIxgumiS/14WFeIQriuWb8AAF1aDGgKwF4VPjOlQ/OSkQRrlWIRR+QvU2XRi8yGcTlSDeJk04w0W2nCVVyJxqv666nySGMVeLEQqMkEIBZXHcf6VcN2/qPGZQc3apJIfQ2w9jwow7aPewCpkZodAaBzpZGMt0ZVypslU2Ju1ZmHLOLOvVd6mS9J7mEu8DbRcsi05TWZDR8g29NihF/THKGvAHEvd9BNGO72j86lzhQQ2BsWJriPX1mN6kV6/kOhkcLsSpxp/EPxbweuui0T1WXZ8VQYc8vgvLToFN6aq6xKo9MwmQt1yK/igJthq30vGc0dSsKgzXWA/9XAJYunqTYCxV2k3adMxr10gMy3VHFf9El9knicXuUTvrVs5pBYRu+3Gu31KAGQ2XnhGB9lb1pRQXFm8yz/OPsVVRgPKpLUWwHPHOpFPZcdlMqTeTFkuRy6gE9azvjZeITwyBRuxNEzyiNnlo6EAOsOT+wrs691OcmYwOw66HbaK0TyPAP34EeDh2uWP8F9DBafEkIDU9hZ4hoAs7LkYlADFCqHtZhHa5coyIVKMzhihf5MnHV3hBAGhq0Gvz01cc6k1nbR3GxoF0p9JqglQ5R7dOU4MdJFSbAHSPZqMx8KpVkORc43folxlnsG8NTiDY2ideTadc6cu1RAtukucHCTkQUJrU2dKCksg/5UGN4LN0gslNmJwd8gJCCnb49q5XlJz35CF19CkY8UipI3ZDBeDB/nRkllhLVCqKL4vjGz3agH+OWjD7mbFIKj/vLJKVlxZv3gWEfIrKu4GVNDz0KqVdsY3LwCh2VWMe3QS4xVq64S7PLrnggmwzyI88qhenwVy7QG/zJrUYpBVZkr1NH0JI1ghYsbcpyJufv/KperPlJnte5+pq38E1Q1ejma1bTfFWoMsuPhFwMDx/nPkx2XovIaKiTCuIN2EHvvcb5pg6F7CLXBnpZ16dVP75FkiNcwmZjS/JNRZLa4MXAelyd1vfrrBRANdyG3RLuPGdn9oP3uFgylZdgRZtYdihf3BSzLUCaHCXNXPVIZaxNnVtP/uq83ScS68mGl1yG4etxB2ozk6K1WRpllyelJWh5Cevp2jybVtlTZAUiSaymtGXHqULPj0fNQfFw6hG0yfZrKkqSMP0QQQtGW7/kl0pqw/jNt0Yrl/HjJJ9G++jPRXtlYVfJDGbhdDl7k2B9imd8Mfvx4D6U4kIPa3RYiPEf9RhZflmSPv3ZmppBDQLDv5YUKecCig8qVfNJnCxwLwdTDeBHLNgPPi8UY71klIpVAixJyi8RVCAx217iu2UyfchkVtq44IVndnkRtrsyBhMMSHfSDNt5Jn/lvMFKB56DUs4eujLEWlReI7jr6vgradQ6MytCkDjZi9HcN1yXUHbXdJdVKb05UxbDyHIcnh1JrdsDgKInmJ71+rSx6XyiGJs2c/uWGG9oea+QzB8kMhs2dOS8VLmp8iiP6ZNj2TDNGyR4D3BvomCNSPzRh4/Tpusu2zbyuqZoomkiD9+Gtm5yPg30tgz2WbwwzV4RMiqvF5wUKglYkziZvPXihTtkNw1TvFSovWfESDzd+1bKRDbA+cEoSLCWx9lICNuCL0gHaxNeE0LiJWfzCKodpG1g3PgQQX1ypNMLfjB9zlnWWqHZprWzWj0hB1NRNgnUzIZRriGk7EmUaVUs+h4KFNasZF8KTVMl78W66RHqr3J1Gg8eBUplJsRgYUtgeiWqlUB4da+qRvY36UC7qyOP6FK9lzg+LTlrmCk+rixSK/nNjv5wnXFewLMYrATMnfheq8AvdB8TVQ7PlqWVxahyqzdtWdvO4THEhBugsO4LeWrD7DlPgZbrdLuKTBxzA+6qPfNKkZg/kurKKzCEVLEcU7ydoz0OaFQtHmKJ02Nx8kV42FJsQao/rlx4BFW08AUOFq3xXVpSMml6GH70+Si53UHdrvFGT4Ko1lCPlQ/EpNqAhya8pxrPDBtmuw43MnnOvqtEYz6EDLNFU97VjUdROH3gTwWDZJeDe5QCokR1jJ+KveNpztj+/OZeKAIW+iCAhrHAWDtTMfJ7QpGlfpT+L6oi2OdmEPfjDYWS8859CI5WHAcJzeVeM86FgGZJuQWj7vvVPHvUu3hxzWrbFsaRU6fzS1smgkYMfIgUY+S9f3mReSnx6oQ06+NhqcYPb4/z11hgpExuC+rm0NuG+veV+yJRGINLwTH8+ERk3rYvR41EuGLwB4v7BGwc4a5A8VvPrM+OOE38RRzQNzFTcJW1WFTg2V32NfwoQFJfawwXRmT/GGvl/d5pa4W5Jyj6gCqgcd7CdLGZfapFSwVBZyFuVtUXjDu9QsY2M04OFAXcUVUl710v+eDysjUIZFb5LMRHvS5KK7mSCvEcJX+kOdxijZF87EuzEb9dZxghA6JZ2f2B8coTqj41wzIC755JiBJAar2LoweeFJzzUWxLer3Jx3Z4NrPXcBXg9WDFvgfjQbCTXJ0aInqjrLvfLHPOgq/2+VRGpBsMd9oF6ZIHaXu+MOmM6BDgI0+TsZdaWBahRPWI57m405QD7p7kgKfDRW5SMehHDdurqPyZfiekiTadp5RzSJPdvHI3/y3Md3tP0AVJwg17hyxv9HvQw47R+v16P3GiRX3DBglmOGX/UYRph5Kos+xQJyRPuxXEmdx7Wcy/t2HEcoNmeXtcC6pSfRf0zaau2bmZGgDwsMoA32MVi42zzPlIxCDG76M5ClS6juB6xjH5JGCnl2AT5Yrs5LjcYNX3tdrY4zDr3sw0bapYnTaEGfaCVwfI6krQAvvU82lrNawYSfR11CnQXj+HWy9PrvI7hO/pt4oUl3ig2V6mcHV8sM/D0Bu0UDNdTNoXDlY9Znq0+N6IGvbuHa2cnTQp8RggugAReGRM7edSSBqffVckPx8PYt3oXcDOVh1g5b3SO14IugN7GpRQnynXV/8N1OS7iiSf8MLhjM4l9oITRin7uiAy42tRyzBtcOJUr8qnKaFhuSaaijWQB5DLpVYLp2Z8EWkZlKHf7eFX4F8Hf4JOmFeAcjKamYeU5fGLxPNBeIXfrhF5vAAlLJByC/cTXCPrtXISFPqk0YqdkgSW+HF7ecwV33C95xLilMkDfu8pN53cAs+vCnbZl5+ltLDXH95e5CkVKHj0WEgRHNaW84UNXCYKD1OeWQYDvhCe51F/SMAYj3pvtm8rmNhGz5x9KPPBcR6pWiE5WG11No2uGu8KkgNxbzkmq1T5eQCtBphX+DDmW6RetVq1gg93Tr0Qud5wN2jzO/8Mt48+PsvxUwcBDelj35QF7jZuDqoOBvr4OCVzuP9sP17P3mgOQbEFCP3+5uSitFko2kg41T0MO3KaQIsY2mYoHLIl8MA1g+uzoPdGs1IU3dDMj00E2IFrt8eZzfWSuHFhn3NXSEv3LQZwSYirdimBhAHxhFbQ1jlLL69ymEMiFXd5XfCaLkFN8qsrCXCRvUW1fpkUqHCRPiuZ5bl+idF8DgPHwYvIc7inSmjZwepIoYdh3EzerrkQQVIircKF/5Tr9mjQVc3ebf5IwFLSd3wNW5eLSjV5Thbe/G2Ek8lX4SgTCe+GDbY6PKBVTqH5seYPQFvjQTD0Z+c7/l0BSal57IbvoDS45auzyb6ahSqUmmROkdySUScZjNQTVvSVrXB5Jl+SDQMKFBSpoUk5U3gAXyUQA75iYu8itDwHrHZfjJnh7GVcGxoYA3yqjgto5Yw16Pj6g4NYYnqgUr5f6uF65ToTFG+0pysjA/q1mH9K71q8blgchabJROFdP7lIRbOoCDHQfgNVPislBiY1vW2PYE5G0fIba7rQTjZK9BwgWrBw6mVpKHpa3c5dvh9J4+2WBLazd61JYE+XuZO2ZAG2KxLWfqhFX2FEVHRDSBMQNFbPj0S3nKBkiogt4hKoedNNAhXptkDA5cMNVGgNwf9GQ/Q04xEI/NNrHvpwKFQ0XI8L3qPr4dyVo8glN9/Lz8K5k+ELpUkX2w6KxcNYSy0c7nZScs5zdzpgmJ3pIW015RrwJnUzAyIc1mAjrHQI87o8P64QbZyb0JZcCR2zeU9TypVc0BLIwqsV05HcbLg6Ot0uAUpdBboZBAl4Gb8rEfyAMDYzEYIuLtA70VdQO6rTG+39sxUVAVrL/FgV68G5BSoAzycmZ+vN1B/OeIrP0FgOMlGj3oBcwnkZwtBd17Zic1RDKFiGKTKdznOcUjM3Dy4Oq+IrkPYy6/SeNmUyxlgt0H7EMBLOxkk76NjciXNygeXJnKUU/wI/w8ZCTzoXduBAmzmkiK2NHbXQInvMRgLL1JTAH6c6TmoHTIWeRtLlOw80Rl/KdJFmBMenKOApKQvk43pogv/kXq8ce74Lq6YO745N1rPNilUkeragbaXX3H5T+gY3LLNgG9JIBrYJ3gmDSEpN7xiJsaKIhZXKLNXClK9aQvS8vEw/VgVQmjToMjcUDu0L4BMzqmk9l9JKGq0yLOUXH05fh2r5R9O+L04ZYdNueXfHtfo9sBAwFzs4i2TGMdJ4HyCU1VeCdHAGPz07x1Q7tofd9Wmhska+7JhYQBn1o74+UGg+d+8dueEGchp6XzWqnDBzV43+sS+i/Y0pDi/jgheCzQ9XL9U6D5Y3ik3eFKUNaICRA+GIkIrj6Z6GFsN/MgII7mJIewtKp2eHvKyN+kz1rrsJYWPW5VJM3fHJTbo/G8tBSqsMPRK0CL5Kcdd+lT2KX0Rcfsp91erOs8bOJzo85+SRHGMV8U6ISKcu9VhDO7lx3ITDwTmZN5Tm6tCYnhJ1FLGHKb8gwQnujC9FouSe1b4VVwA3/WFkUM5jZVPiR6HWs7MrqI/bhZlCVGp2mNMxKn+N8hHxzXwzkxefSE+YyskxPORJ7qGefxLSBgVtjBcEJlxxN6z8NPmj9hHM0g762YBiNV8ExiKyRkuz486u3zRe7/0R9w+K3nFHslyFnnpY7UzHO0jwSDqXtFZ5+lhSOL0PtmIwwjzdDHb2LNFshVO0uiYFcyM7aMUWIb8RKyD8IMEi62Wi0cN8yxc2jVb6kTdND9SxNQBiGstIzbo+tnaCaj1JL5j9TF1JnWro5iBrDqyoEnMddhfgkkW3+UnFF8oIQG5yE3897GIs8NK30RXWwVf92CB1b1hcZC/UsMhACnLdLE8ocQIVTPhC+CRPxNAW7Zo0CVthw92Ai8PWYwjXXqpvZ1SiJijnEqrmpQ82F5mQJRtET5jYqOU8cYHEGck4mUB4mONbD4k8jJSKxoey2X1lqSYUxg1NtI9X2yoTWa21o37K8sghj1pOyw8HlDgEC1L2XSXE8oKeOBvz+arMzTVRVNO3KdAUdqxnkPYV4QwEvf0uy7ctvzx5i/JdXZjKT+Y3A2AVe/aEMnTjgMDPRVB53E/c6rMGIY/psxvKGzY3nhFMo3kTn2d7V2UXSDsfWWUNTpjRhgOwVKNP0DUIQn2NR0Rx2ZVMenYmpeulaiWcgtRKV4ZPxbYIz6cxn3vvHjPe63MxnzhqIr4V7Cthem7Zo9YhEbgCs2f+zjcTT4kvNVCLQDzzO0yREXzJJ/2G5/D5GBc3vWO/Htkb2j702VAiLzN289Dg+54wHA8/kPLShm5DmUQ/ZXSQDvsobhRhuPR0n3TXRvZWlE/lAekxEBe2TR8sGqnJfWftmdrzyGM4eDX1SR2LKUPe7AGtTna1jCQl2XseNLp7XiGe4VMEf6OAhzQPpf6AE9Xjpohln0NidoUxTZ5WlVHu6v2kBSVh+2DW6radVuUEGDdme2QiBvhSC0s1wovuas3qStLsw7RMQ+PqjVnCRGafYNIJ3yJtb7Lh+l6Ix96dz2nk2+nBUoCbLzcNbiMpZsygxcjDue0L3cwmC7t4IN+FgoMHDsaD/kvhwb79rlo1IRP4rnN9VgnhQT5AmUnKaAG6GE9LHhR/SDPQFflUypPjwkOv1TqGliKSdJLMka+v8SBGlybQUIByCFVUkMF6ZwaNVGfAX/yTyz2YcaiNsq4PM+pVJnyDkY/O1DNnLvYkvANSgu04oKPw5oelETyoc0eu9qWQFCouw7pkuK4LRjPjY0I67p5hXoFH22zfcH9nfVEOjIu/IQaRGAFiKXMeZ4EfVKlPandBqwRlQ9nbWn7MuHMORUrcUBKmPO+uz2MuRFsFkTK5pDv4zEDKHg2VdSAPl0ZOs2/Ci2Bg1YJ8gYSrlw5HTsTE899uY7Q/810gwMFuyp9TIi+oa1hhu+uyb1855q/PGAq8Y3zaIEmf9dtmldNdYYeOPFqTKRglCo7RQPXnS0e+oWmBFrXfC4Aux2Wu1sOYuT1QeIOuB7lRhPjkGg+5PEgSqr2YhDF+Zo7F396M2980XxtufisebBScFrG1MqYYoO5gySdOretBjcVpPpJtlcG9rgPiBm06iMlQVsGbPQXHAaa0LSKA83iRdLQWjV7/drfJEG1OnslbckxYD7cLWvILXXWJ0csCLDC1N7m8L1sAlCSBQSg086Ls5pOAvdMtKAo/s9WATjabARIBJ8kObeikuVPIBrxyGowAW5MY9AcODjJAH5jE8IfZA1GUJtmZMZ/8OrvSI3NZM6rEJOkE6T6tCJHlHGGFBYDuDR6CY2KS1mBPBI9TegPaUv1kIBRmPAH8KC67J7UTQ8TBsEynkklohAuse8pVzBrvXZNTBAWIU9B7D7tIGBXnjm5u7Kpnsx0hI05ygN6e3RKSzzW7DILxipicp2hLB0AJPOAJ3B3UPJMAbDivz6cM4ka8oqjWSLRL6K2zWXayZ0bja6Ix7IkVGFsdBS8Z9Ip55BJYCSU21AWarFPwJE61teS8TLpx3xzq1U+Om/esJhrTp+I20i2fc0plJ1NlaYhWQa7KR3Z7Vbg7DUq7PSRgEufxah5rjjp0mTKrA1W4kA9wQgS1bqS/NrzFQ358YAjBZvXwqXfrPUEohzoHYvcobQ4uhFKbdMX77rNr/vb7J6k4NFjSASZi1iyPhKiL3xqVqmVbhOSHhPP9C0vc101cumj2WRvGbsRj3QVhRtvoX7IoqCGKPskAVuF4wYbgLr04RVn7J8yzrwbmZ2yLKOk5KBfHYVwoqFnBpj7N29Kk5Ix6ipLo7pW1kx7XynGuQ5OvHxGRmdwTM43jejMmbp+4BzqB8sRRYzWK3pPfWzJHA6qM3z5pIzWrHYGhL1WEj3wlgHJuuK1fmQz6IUEYoHlO7bC3kaZRQpnIf3H1nkx9X1PYExg8ldSw1PpaQphetjXwTZ7aA13TeCxJ8Mysg0vnLfhoA8of0c+dbqTF9c6SkR0+nEIAC6x0pPXDIP6gIwDlna0aiTchhLYPczaNpEFKsX5r2lens+sXi6vioh8Vw3avO/6Fd0ia2nXBXc9YSu3lriPUrfu82bEIh7YrFHj8Bs55HaJpWUP9zXYLW1uDsOTiU3cq+er6VWlJv9AY9ZnX/hWvVDnqxmM8EOg9MMnzaaucLdTV8915qFp0dwz17ROauIrRWy4mYFFUOI8B7b/XvEXqcNXbk6mYZelkriaek+4392VFmaBb0l054uTusVWakRfvha+aYhbtogkPxGEXZAlpH173vLlEmnAcKx7EWpnaIC9DwSYlczHtmpA7YHixohQXrT0aEhTszgp9whzBVj6vzccFuhrilWJKDZu7UbOO1afxp1L320UUBK3lZ/PWyPmkGITvLIt9fjribV8zitucP7YkWsBRJIfSTa4KRxd91keGkohorBDlDjH0zcNtTIIUdSKyzQdf3ut0yoAt/wVDJPIhzpVrMvy1RoFUW7OJacfaug9zI6YF4eO7BmcQFmbwhyf6SXJEjZFAAbXYjRzdbM+33hZNZbmR0/H72+r762NpOJvvHMHtOIS8IaCW7WIDEQT9cO55PXFyCmiKhfBJg+RzhNxCWVdt5QTD4t7tDUJAcTPktI/34Cm5wScqhocHFUdOJjJaa4qbnjJPsYwunnHNv1gGJAr6EzxMMnmD3qJ9uBeFfLXRsyRrcSKuCDe01VefRjtLSIeV0AUSytLz9O3G8Lrsfd9r5xA6xrONHD6KrNzHflH1N/aSgMwPdRTRqd5d3/jKF8UARN9MZZgmGr9p5xMbGYN7ddIjKIwO1qULMOsZuMrzpFKqSVRaLAu96enZkFzk6amfOh2jZyF95aB0nkclD2hVevW1OKu9XjyLw7e8PZOhxUfSTJy6Dss1IjZEtXOAEg00aYESBYz9+p0Fw9qMqkyvEeIxxiaomjnDWmUSpX3BIOfc7ofPrzRXco78GM/xEVy+fZGCc3t6gGj7HK2mU+CsAtIxQM8D026s4ojypFDICLWXEdyV9CfaKMifHgLufjG/R99ACqIsadfmcQ9w5AqUHc4rHMOKTMktDEK89RFoHEEC78uTM3w2lJU6La2a+eYKtwNcFCcIlLG+sFSxGO1JrihGx/4n8jQPJGuUCTyPrz8sjhYK1RIPWOyBXrEaQKSxMj0rXUAQzw0QhOUMIxr6HI3icnlen1NR+uXVoO8GKgynpE8PnfoYx44hEcT2wxBB3562ZrdTOhrWfJ7D3G/SkKU0+yGyglMGIHhRcPqi9id2TcRdirdqZ+zhaOayf3aC8Kq8z2S/uZokaHobvlawkieK05sd4Wr5IenO3Ml9CYM5zMytXvjYikN8w+SKXyV+zwh+DdXRO7KJxvB3ggyTZs8V0g6P3ImgMTJl1x0c31dXPEHULhNDlZSNTySxDtU4mNJtHtD7wPznCAf1o8pMxusZ5ymzoacXeduz11GudROzz7Q0bv2PB3UY5e0MJepFj35VrphjGeZ88s9ZgCgDvT4O0zxXhjNkLcfJYNz9NuYqpVe6tDZ8hR26Z2NnU/1WW7L/pq6otuTUR5sHsOiJol88mqIE0ngTiQ9296xMm/yi7zK/d/Q3gw5qacWnOr6Zw43nimRXxse28SPkW/ZyB5J+NQSZdMF8pLnoYDeHUNHQXRgdKoqjjJ/jqxkSG4XEKSbfx6pyAlN1VK7V4gcTm2Lier7cShZ57bLUNXdher7h/Gj1mke+dOQSFrySnsDyH9AFvKgiDHMWsgU7CancOGb1FcMyxYKGczhlJZObD/tju5qWxXgg3lCtvV33+BQd1dmdsHcI+raWAn3gpLkN/oNSPGgnXsJRC5+glmGnA/J7uE0HNPuetJQ5VURrDaU1alrMVk+vD0sxxZt6PArtFR/BV4OE5Y+FOoHwLtnjHY989FLRDvh6A20z6cri+bLPtVX5DRI1Z4lmKDVLInQ7a8tu+3EbXZmPbPOe+l7Fn/Qw6zDGTPyLCAsMqguY4q6y7YuB6Whu839Yumo16Y0t+DQ3F0MoZubJxDhiGj39Ve/vwIH9eXel1oGqOtCpmTqhA1mf+V6Mb29RGQHiKrKS/p7TDZOyolizzAt8sW4cw0SKhI9z9AqluU+gWWM3idFQ2MY8J0VrfOKohcJrcTXmzeJbZPDVnGkUqkeMogqm6rwImC53lYjjGjc5FpYwnyLVnO96oNzR2Es5uI9sPIrT5J9R1eNouJsZ93Hpq6TTupYY3QEXLWvmN7d9OPoqQ+m8Pn0gZw3d5IetTFKnf217gPJB33az1F43gi/U4yLCV90q5MMWq5petQ0+fX5bfye561Xuy3aIj53UrMBfC/aeTurZjwxxiuWd+gXEFZDi6Qwd5/vL1VEweIvGvg6cWubKw6L/QJO/Nh2kJXBut1sgmiSVY66T2hJaJLCTSpAH/0GyMvpTNZZVwNfwGSbp0WP0xSgpZVYkqDtHnR0TVTj2B/WJ4uNWDxLBkqFeN+zFLPeCMDJvU1RpCc8h0ApxgnIZAtFVMClw97otH8BzgSYvmLmYeuLPwybO+PcRet1pOK89T4W432+moMM86fxlTi4FWP15nJDldUFjJx26Zs91NBHBT4ykyFLgHRrHQr+slCgw68dyC+hssq/A0cHPktRHssg3eoQFFGo6ihBXs2E09bQQkEQbRc6NVPubDQhsGbuWzm5yfw39OuHcj/z3zeJ4s39fTCrgOnDRHdTt5A4fVZmV/ctwdVxvONWUQ5I0v/SG6E940xTDmNLnWxKbDbIwnC7XodPtbUTohEicyM5fplLzokw9nvkbcReuxwnc8cM5JhLKWRjA2pt6U4Fh2gNoQeTZnxjonxrZipzxvXvIqKguEPU2kAm/IICU0SPiBsPGsJIy1LTiWPpXSfiQveTp8hsZz83RzgmPZb6UclW6+XX1PfUih9CcdR7QHp/Jnb2ysIrP0i8hdEWjSx2I7pdD51BsFzgBx+v3I4mXOzzz77OS8nmpygCQbbxaPzIyEGQdc7s4c7H0bppsCq+ZNLJizJ9siwn98rPDSMnPr0fiIdUd746zfPOiNy0A4VKQoEh19P2oPvZZ9Zz30zoCQ4OFnSqeYmj6fARq98oOVM85ryOIF6MB+XyYOFrCgZM967H9V5r8beaZFfnuEZrWl3lvMVq+fulSJUtTrZLPC8EvrPH4pK8QoQM/pWSDUcHUltdgzstOZqOrdJa9W2vUxba53igq7BUBl0RUdWE3Z9+LAwNpbAplcW3YarR+0dvrKdO3HObihk34xgyowwUfqFnND32DFP1jBPpFZ+7BwO25PJYrhGmexAiNt280Fz6RK8bFE2JGzdr8iw1ki3cBXFPHyt6nvPLQdcU/DDGhcfA1vBdATiMPXSERAN3pZ5BRN1mDrR2bj+A2U7iEKfuU5FX8QrgZbRzwDX0sb1+oedQHHNm/D94S5b9iAetUKDnLFX1+rXixGYGqeLR83ybN0+2vHZg+nkCe4MP6gbKkmF0Fc+MYri9oNPxx/nn72iPf4nBg4k0+VETXIMexPYNSUCINawQNKqPnXf+NtG5/BRCm4AfLDEQrL86924bseIkfM4W91HxmhcLQJ722DlBF+wdLbc2mvxfiWY0gjKfqO6kaTajEcqo1IpQQkFJfVXtx8dynCu9MrXgmUzjEdtTW0c8RFrnI/+s12MQCS3taLRbEQt/oqz9+O+/ovkuxxO/nKb94VW8hoYKzJDQGc/nMvPOJTQ05x4wzead6v9znJTTjzhU9zkTz+1KVom+FKXe9x5zfI7sJJxkBuq0rWdYruIqKZ0QBT74HCRja/fkYR2b7K8j21hsius3w0UpuIhr1fCai/Dzuq1hXzBN17BpEV+qatIKRubv2RwKoYkHHEx+YZHUYC164QPHMaGKmeR4/0Tuecoc+kv/0RFm8iJQiDnT90051iC2iKHUOEEMGJufXhovZnyu5cKE0ulyk4LmT/riZkEZj42h2XYeGC4qhRXQsf2R/OMQNytJ6AMocrNL4hTEzarQD/s4OXRmy6RL4MDv7v/B9PMGmYRty82+fEYZMKvjXTrFq7n8XxoAB2/BGKoT6k1aZ2XnOXVMdAYqRSwLh1/l8f/ZEfJvvNEBhXYE8OJ3QEBZiUgi/vtdTaZocaDICzrG+hWAxcJfCW3lbQqKyhF6nSqKkKZz/oBa8swP/uLm9ZwDoheNBViUL80S50syvA8ZcsHBYysSnHIzJUH71v0P94fHrmXfCFGD7NVuRUk/T0rpoTBzLpZtCYPxVOvhmRG0umcqDwsxAKO22mkWqGrTnCrhGFNgUDg4THA0WuHHCsDrVdkdQ/mjkyXIfG7TqMF9geD7EZkXlZMU7gywKqv89tnqx8p5m8PHksgyI65ePhmlN6/HFWKdrz0+ldgyBtIX5Wg8rl5qffGepC6jP61rItVriUsA+M7hbZo6+jmjNOGYAL2McpDC1sukcTThOTwcZWnGlU5VtRBtCrfCHZQ1OtqHW7nyVXzntFAOeyDCZr4vabHfGM4akBDOqgkxaxmUexS4x+48osy+BU1Z/C6ugHY9l6LIetT7UAc0czLggYL2M6fRYytxOBrLn2Op1feXQltPHxpIz1wdj11guEdTND8bMQmXVP64LHMAnPuLnmwh/FU08ytkJt2R6rYorH6GewdM00MrbgZqxVZG7OaMtgaWLPNg34QtQLvv8yzlipWiRQjYgDOI/x+pcdnnl7drwOy+yz8umC18Yb2/ihnTJlTJ9MRI4/nD2ZdvkQPFhRAsCTICydJQJEJZrgDN3GaSDGgJxtYPbRnPni5CHAd+KtGYzeiRF/uz7ZE3b9qUpoP2XVU9kQgEZg9LGCZQBd3mnBWFeJkJqYyheCWGmua06Sl95TPn+dbtaWmMhPj94GooSnKmGj7W79qoYrWaj3HV76n89OJk8Zb0TSbTM00mlqQp3u6qaI2HP8mesch0v/KiycV1mstpJkqmFHD4tBKF54HlLr0F6oCJ44bcJQb0pbGGoIPx+z0UcqRfqVDfAT5Umo5GF8qLqePAyu4e92A0nEMfWeE6cneHC/g3OkF3h9fkn4MX+d1R9+klvEb+CF2GT/khtCcMMj68rVaswmkSrPlqM1Aho9x9SF0KtrusInM9hkCPJhibIgmWahw3+LO95sMgtDSHUt8Mq/vZJeU9GSkvU19N9sxtJuzSzP6SPvHG1V1fe5YBMdFTcZQtyNY1bTTF475sWIpkGtfbP52ulA7IzBciYiaA9bqTkrK1LpV97yqEkgsMY0skXjh/Z411BqB5jGxMunnMCnJWfZ2YlPhrx1otgWCtEQVoT4GmiEhSuZiN8cMr4GWfjNG7jrE9RJkN1QgFUpvoE2gdBn4FoVdlGfBY2Qx1eUyizcNSpfynP7OnMQ2hsvb6IS18nOOiia3lBbnINIXam3aIOo+7wEUp2BqnTYjDOgcGS96xxTXlu31gfzIP2lAUOMMFo5MJCM60k0f3HPjTBfTnvQmARlpr1E+9zf9/TI04KQAZDg79xV4CpvbFC0sqyQdPMeeQYtvmSxX4RT7XVuzC3KPrGTm6u4vNvqcHQ8tj4nlFLDttqUg65BpFM9xImTVr7VzwxBSvN0n13MhSfl3S/jQBWy1XqP0Uutid7e/nYATTxnUSFuryWfmy5vEWD6cnKzCUHVDJGeASVLHcJigs+hsuwflefcBZrMdEZT1BZf3bZk0XBVeW1v1XxUBCvG53dfUMFQh4vHqjVffxrHVS1ddUd8Y0ZDCMVFuf2WI7s6+syDHPFodAqM8BCJ+iM0eX7wPJyvb4grQUffeZqiNF+666CGixaGFoAFSD5I58Jz8a63E3cECTKKponBp2PWIq3tqmGkUfWAlQBwXvIT53ZJ+DkFsMF4S86keFxiqCR4MsRJ+FO4mAVjo/aUiYKxb/x99wekaEbfudD25MHE6TamgqSnl54Vp0UVAbq2uCa3/N9FDHYxn9gAkdrsuT67TvA+KbxC2RY/J7dlznm8YumoC5kp0BrsRmXNeVG4xpQEi7AzaJxx3z+OqxruvClm9eWlQ/kmc+vVm7POaqI7K4jKqi1Vmewgc+O7rt3wWQLbWHOwnhf7WIkmvmChsgjek+j4q9eZzOlupqzmwgDtEF2fGLtRl0rGM8woltcPQR69qSNgoRlgNC/vtFT3onS/DJnjXlBZEfsVF5zxM5HyinuIMDE+jM7tpD5phv2KNZ6L5+wKh0FsU+WIlrHTiYAOEHqVvxRNJ5r3efzV6gfNKpLIkZPLXHycfu77uWGLCZav6R+Ze1hHOKt5/QfjZn1XCtZRLfEH7MD9YzMOIE02YAmWjEH5sLPVfdFfxBcjFrP9Ob3Mz6f9WLhP2A4Z70buGX7q8W8KYAcDH7LDZHjR/CQ7M79N8VPkIDJDJ9F1UFs2PkTN6S0kI2IvxvAmoTpp1zGgwOf1kWznn+oP24+r1mh5S6k2i9hznxFPCJFsqI4VvLaXT5XkYh4eAv6mX/FPUb8wRGHMTiCwJdS/YbtMPMu/WQK5OLB++aMFp1ocVZCikRLoCySqUlHu2PgQjlxdzXjSbGOmvOdL5bjh/An1QQ7cM/CYpyt39MIDbmxcDf8P13YWHNcOFbbQawu0MwMh5fG+uWXKjnC9HszzGCoFX1bw+D2JmdF9jJe9BuJSEPdC6ZamcTOZhaoJmP3qXGcSCGmh3L/KiRofR+8vSZEX8aTNsqe/DjQ+AKDtD0lbhGHXyf4f23ox7CAGM5+XD3vmhkdGkLYmNr3ecabVgQ7DMbtGE6aSHTEp9rHIHHTnJd+0dAVqNtyaMWLFQr8SJAmjbaFj0gZaIfHZquW3fLKB5aeAuwPIc7yYPWnKuDOPiz9E2rz+fs81FVZf9NAsbabP+ISnW4lIVik1aQVcragGzSMCju9UoXbFCQfJOkwpliKoYwGwqP82RacN851cHnme4SKox04QgeApbIfueS6YBXv80J3h5QcSSwOD4WNb8M0t/ZywTOZrpVNnpc5le0Fv6nyWkj7bCWd02llv4RnHw7KrHHQkqvdhb5znDrXGpLzR2mEpfnBLnmLgT0PWPGy4jM3oe+DjWVVY/tlP8ZYdDN2Ayi4tpwBpx+Akmy/mUhG/gJT/eaQ4nXJQaRCYd/dwy/KEeIF69vTjpVfuk9RFcvgaFDKUGa0IaL2mtXXGPvRKIixxvEo6u7cfZ5s3XZRa0jL15skRK3JzSTM2M6lV2fKG+ZjGyq6lKHXC35llLoM3186896f0UXAGNiWUD02b2aHevSUohK+II16vb3r+9TGwL6kE8vuBEr29yv/wOYV3x0K2mo6I66K762E5darhk8fGvOZAuvs6tTgrJq79qRskwtQtHTlP5v7haaCoCg7Fj0gyGAid5tAhqXcGKVoJag3yhqprt6p5PjaFvqh91yiCPLwY4QgnqispcVQ13ai+BeOQ6EwZzO1+1/8h0cons6rQm0764s6I41MmQ16768MvJdHRPhK2z4kqndJu9Pq6Qi82LCRZ/AiFLILBQt/aovo06bWpFtxhDvXasQRpjgQRj7PfmnZeQ0mOa3XTuKrlO+coVrfTdYopYMj4UaUs6mKxg4+wuiW7hQM2+3jR+/vOds3xyVE15A5jT0u07mCYd0lZJoqvxGp8AxsOeXc0z1gvsWdXwVW/G0xgJjH15ZBIncLlKHYgdFNo9bPnIUWRmYTvku/h68JLuh0rDz1SGTQcBGrAlIdmJ7zyxsxGnMmMcwlx1lbxRxBAuh9ovXHyLiOydfKSXRJ7anKBMAYKss08Xs/raOytUt2iuT7HC2oTnaniAKCmXHbZw/9Ij4YvXbE7IRQIH3E54tjkrs4QANCNuElJTe/xdryFeBCq2N4p7lrkR3CiqdKP3rkg6iQzxCXjaORn/HzWpO99y+qOd0H8/ATcVQ/QDS0kzjx7g/o8N8vfzjfaiMh4AGQjbsRoim1N366FdhR+PvthNzX3lFzxk+5DTIqIQvVzoJ6lhjtAQZjMXlUI6G30TbeKX5VnKHlxqGlQKHedlcMqxLBW93KvtKY+9q1YLpbkKr5OJKlj+8iqwpBdsc5wXSY8DTfGm54hW1nlGu6c7cUZ4J4yK37vK3xv2Jgd1+ooWhI6Tc8Try4lQhkQPXwcj5JQ7aTAQZd5V2RKVyi0rJ0vO4mu5wewu7Kvt9NsVNyhARC6unyc61hIJWuMIUoLi6aNtUTUpU5MtfBgrZ8u4WgXOkhm31VBh6NQ/7iX2tOo9f/n+xN8YzdFhzD+LGMe/HEtglEHs0y6p92DutwfK5nx2x0H3QXi18jdgqoVe9DK889M+5dm4jvkA8rPddUfoHkDSxvKRw+N0E4hA49PIWSLAjNJg86/OdWclgO1UNcjaIA3vbGeomXQisO7qyurHAkLj7A1ovB4OFFsa4xwRKZwQv+0jo6COY3iP1ykLfSCjlUnXTQ3xH6/YYWR9AoQcD3x6n96Id+ZNQc+snmHz757iVoP2Rvgk3tJinh+KNJyhEcp2JlCpMsZgI2bHiEeadFztsqTtpEF9msBGnkbiLZvN90GIVwFs6BfE903EDWF4drN8+HIfX8aNXNkeDTlXbJfNAsx7AICj+2CpbNlf+rlZAbKVDPS4LhMiIHlOImuXqDQLzpIKoglgvm3vA4prHZr1/I2yMfFKQ3EDKxkIFBRaC0gwOrJ6V2LwbnWI7vKq9xDrwpizgDH43tRn6JprKh7W9S6UYxQBSEUNi3UOliRy3PAqzheAmWzQQi/IH6RJ2UdVm0dUnFeV5Ga4rRNaN2BBVJPB9eg6yoT4DHZH3mcei8vki4EEaYcvU7j3Jddp5yWzbHCwevZieDIcwzS9yDeFxv4OVGCaZ/YQ6wje6cyduS0GMbyUkDr3WaTfWN/1ZRIYa9A90DOvotm/Oojfap7Bz723duiK5HnyYl5OHTfAHwRPPfEMdY53ID2P9q/q5sNbZ48WCytW9BmiOQaZzvVS3Vq4igupDGNe/SSsShP+KQdjZkRgmaf3+lAJI3mK4bbFsOHhMTGlbm+dxhkE9awD4HegPia3VK+3QMm6IYDsTeOE2z+vix1/NkHoQUNkvU+Rmio1V+69LmtWXppOb+mO30CbH9Ib6aBhT+8wWu6PmractXt4EooGH4wHZIrDrJou8/iNnFsKZ1oJx4ZG+etUsPzOxnJkGtRAiLBKnKs7R1B1qr5OcNgVk+uwqjB4tB8WeA7CA6N9dsk+VV9MXQbn0h4dzyYliQZTP92xGal4YhMTIje0x6xoMtOvQPz1ZNO4Y7/Iz7Mgh14+IjKD48M1Akf8L4rGGE0Xrbo8pLcLIHD3RTSynRBssM3+yjz/XE9Up4A+2MqPc5PcmhEKdiXSN5hW4EqsleW/OqrFBQPwCd0JEj170+aUIL41i4eBjWiNnoQh30ZkTVRv+GFMEbOSLiiiQK2axASYajVoZ5MapKcDidcRpv/tKPw0itDjZfiZ6kLHzxbc2iQjPc4eH2LmlS/hpJbh4MjG7W36a3N6vcAkK+AYeEF18UlSesxPtz/6hsf+bvs9eG0KQFEp0j2/32jGnP398gAAK6AWMoCm9j/VETtx/0mxYMfnJfqvxXxcpLqdDtiVzdM5lVLP+FP2kv6EN2Dsk2Qvm0Uf5k/ngKe3J//WhoOLu/kFLq2GqvLSYVL1EGEdSKQSY+3mynPKDSAsgovJG7eGlDLQ3MJHAjUnXc9hcsCGDRCyHg0YGZkVZbEi9/cc8xh1Af6GfBJfM34dDoFzOucatk94J91BhjVesLRzyrR6oEL0Qr5n+vYRLHao5b085L+ifSFDYJI0ikArLe9PUFj+vn5ena2vSDtj7pNI3BkJCNNQT59YLmT46mLAg4/O10DH5TBPABUFvjGDkv2R/zkm2XKLnEGvfJfb+fJotZEbXm4IshEzRoprosiQwXP0g38dLo1NATKDbLbvjBKrcruiEsoJifrdisVTp5w8U2ZOqPacHuUrGeV8/SnHBskcMosuCL3plAfGB/RQieNMjs6pRsjxyuncXjxLhKfx2BcziKGsVc/H4DTdms+oiCMxzSkcjSvSaGFvfh6PMhK1q/9LEqtbIIGa+GE2eBvik3Acm01/EvFrYgwVnmE/+eKnDIqZZwdbG44q/MvY+H7+3y8/l1sOLMNWQdZBq6m3zoKIOz82u51bjOhyR1+IbrPwNzTUOOP7PtoqIXVsiK/je/8ccnrN7MfU+mS73bxbP6gloFkUvFjv3IHx5YlQPX1mgRxvh3MDkd1QLOu3cvIHVfu5oL31QyhZx33CW6zUx0UPsdAvuDAZdf3rzy0DLqfbZC9NsXQVUgqVm2CR2aMnxF6dKn7tjwVO6O8YScdQDdXumpFAna0BFvnlrsgS1HeHWwMGpMEB1kw1DFoliQadRPf4Wwb+cOFL2a6+85jEOwxMharjF6EUPixXNA0anYuSi9PQ2ZAHxcRRl9LDj6+9tpCDYJ2uSKCuzZpwRfE9OliYZ/JlYtfSljQVAOmphNhKi4KC/KeixwA5O4g9kscY2noQAyJDmKtPc5nI/NIOGoBRNX70DxZlCjpSpviTR2Fsyp6cHZQ8rrbkMEjVK+tc1tmJpafm6mVSlVlI467wk3WnqNd5ZaKQVeqy93MA5aKxTLG/hrDxKqsfPJm70CF8jpPcSxwXAbDAIa66joZItjJxQIgue1a6h1rpgvyt5Fs/4pVVqvftyeb7uJFyR88LYUEFofTdon7UoTEjJp47YbQjObLYsl/tvxmZPhle5Mcb6Q8b67GXkokh3v+fPCYp2rDhJsKcDNn23qk61UT+2/NsoVH1+ecBz7juKKgkOyI4yqe1YQb92o1qA+yuhcBQXoKE+iRmtAqd0RJ5pnLKozuBgWlERiHBD05Rt3tcFdD2LXIPIQcIFF4mmsbEUIRvuC0FfXHwR2/YjSbwF52X4sAlgH88Glyvxeov0r2Plgtzxexm4XbrL4m6VEdiCXTi106tHIKpE/9G52ZL372Dr+AmiQTRC0PMVoDdfQbkdLhRXm592pG/bEtHZrRY0fTGUcUf3xb0pfGeXFjCSLBdm1Ug/5pXY2rY2Ecdpk0DlNfSFGQzPnw3rB0QVcawQLuAJINHVavyeMCV8Yp5L6RDfCIk0CZd7fJuAMu8O9FWkxXIQyuMin7pfo8WyHdx/J2ksxpOeNyFFWefG25/upyN1fLR80zNsyXyyR+rCUhY0LmL1lMQrRenKMKW+xvVi3B/Tj1YuBr/FZWXi60S1ZKAjD+5tEdM/fePvlTjUleqUfdmlpASlqP3Irs8+BDAblhFSmADPhLMZqfyuKHZ/8ruFCVxTVEzz9bVwbvaRVMu2etYvTL+xqs/hyrdgf22P0awDBQE2FBCLHdv7+Ns2GTOe3qy5VuUPniJdnZHhPPTc12qeXnm+iZ6IfaKLTZnnZfl0V9Hq8eLKS0DupGYV3jgq0v4kGnZ6xu6VwcrnqYe/UQg8N2FD4wkE1Kv963jdr1IlQaKaWdyFASC3eQMpoCCNQ04XmjBWG1uwmKm3wmiKF3eqzvZ837rdRntoDBf9Di/rzs54v9jibzb28BMBz4k1C09fsKG1otUUR0ur1yzrtz+doVHeIcxs6oLZzjY8HODs8KY+xvu5FE5gGhNGSUmjISGFgzglNz9X0ZlJK6jvDc+nHoVAv5UhvC1ZdGzMQlQqp2FDQ0zQKuVZ1az9L4PfslY4d59Ubvnhj5GcfG8No9Xqq/zgWe8ZSD4HbDFis1F8C+KVFAix8ApdeiNqcuXlZsQMp2gSdy93d6JJPpHUycLMyFSS9p/bXxjeC9OXqPA3uzVMhe+d0XnLP/DG/qH1i8U1+gVwMx1Wbz2a6CMUq7PlKmW7yomcw3INpz52dyPsHbmrz8P5Q0uk3apN98ge/jw/epc3o/jdeAKMClVrD/BLZhY3MsdreSD5uE0ytF2mfOntRwXZKltJqgfTGUH69ajtjghs0/p8PnnCP4FGnhV2bPSIrOfMtBUpxXbkXodvNP4+u1vfpY9BaIIazyZATXOym1jdMhGSlQGu0++YHdBl9BP6GbrPGHz6BQWMs+wB2qD9mHEbxLAWS0oupNHx+FdHdzxOzFt1BQiq41WHMXWPmRHUchyu0CuouexwddnpHRzCEO6qkksqHYfa5pL8r8eblOBLjjvPJRU0bhy+mY9U2nFDk40VDVqsSAHxu32g+k/ieMR7n2qvUtAPSNMXZngW30s6Osuckhf/K8gbUQYRN4L5agDHDsj14/dN4vVPUz0ugl9e+ZiWjLBA78CkSXwxN8mGuDwRshJ/AXu2BhVNJ/jya4DLM1FaVf1zph7uoE6h+2jl7YDn0++OgjlEABfP6ZS/Fymzp0UmEyADEcMcNsE7sKfe16CE1obt5dsThE1XB18AVTFykeXoO/ooLy+nxN1FNSKulbwAJsYETcC3pvZDBxBgm09xOL3sJde1F72M68G6XDeJvg7khVN1UgoZI/uCa07vsPg0IN1fVsX/NXWqsuusWmXNYIj40fWBfi1/l7Ogv1DXSNycrlTkfXW5UkmxnZzHiF5IVa1n5tMMMe4qPD/bmN7D78veomvt60EiLJ17zfOkauj+M1lqf2DnExDVrYvB9U8Lxg1b9eUHXC/hZfvsbG8tPMqXxRCBy2x4o/Ue/GGcUJ9tXmD/2e6qT/D1HAbO6hp2BS8TicqxS0zDhyxjT3UKrSoPU9nfMC4+TFr/W0TRw/lwaznzUZyYol2B+JD+c26HcNsFh5qlAZMHYC8g9ozvrDDHYJXwSA5WuCjXBsuvN3+yCDUuapVdgSphjvrRrgPdF+yqdkyCkSrx4eRAYVoOIBJXxSl+aj+fxh41OGwC34N0y5pp13/rnxrKv1HUQ2ntv550YhOezpJSNlT+m8fLz05iHRIO4hOdHBKWFHa0wlsnuznPpsvn2JgPUOFLu3x1QU+CmM+uDyrtXFiT6nfYR9gQLdYbBCY4RnbMzrj6DZcibclYPnYjMeadO2Qsgy92U8BRv2ruF342DhwNUJPqUjqgsObS/cQR5EIhjwhDAlu5afjI9xV3VAd9BC2qq03n9TT/DxqPX5ymEO6o4Ky6o2n7TbLnYaRau5pHDiNXO/depxoX48lMWQ4eG1+PKNP1SGY2VoQZXZSDm0NYkabQD8JM6dohw2A2kEWACJ1TCbfYjZMviAD2l7aOJmIFAYtbMU5WVN/f7GYf7ileCxer8r40iGftjEeORfh/wByPlTaprhLoHi5Q7+QLA4ztnchTCweinS7x8L7TShxWSvorVmub1PL9CUnglZcVkK3EPbv803elnBYX9Hkv5dxFDBs5OzDaLdBc4Xd+MVa9/M1OZiaLX2GItrXZTL+RGJBjZDieRHPNoIYtXhQfMKnTP2ARntbeEGLA6F91wWNjYQVhX0pIeSFlsh4lynqCjBXOoPAMiqzUJ+ISx3jUg8Xa/YO+L/uMn1fmhDdzwkMtQwpqQ+Gvj54ZHKxsE9jBGhS2tRvUTR3nV6iRIeFSemgXSpequ2Z/kz7kAlIorENr5buSfD6/xEkCcUc045rlzWzqk5C8VJfnbXWOx7ZMeU5zoxQODfgK1ZYRcNW4mjuDyhGG0hgyJJ35Xmda1Y9Z8QwSuzw0cxykGuWmMIEC5Kd2kj6d097cwm/RB6XL7W576G4gRiCa/DoCtC++ofcihJm1SY8jiUx+QCO7E4aooWnCRtihUqPiENJLtBe2KZeeaaUrk20lRgb/Wz6H/JAHpLUfqtx4xN1BWZTH1mQSwPIGeclKb4THxQnLtW+mR+Jwmy4FIEErSSWFbCvNN59yYGm1rHir8O0gQ5hGdbeDXel5mE8AJYpEdTNkpju1eL478VjXLAQoBKXN+wEt90QYhd1cwZONv05Bbo0UaJEJ9VQEzsT8KwmbdzftiSL5z3TDM5SDKuI/Fmt0FwyeEu8o0Swl7ekJiHjsku3Fc8iB83VztE/ZAyKjO8SA49ha16tfbvy0aIbz4d1+uEvQ6o718rnkjbnUyW/aAbTss7hI/XfeI74hjsULG4ET4RYf9lU80QWrC9QMckiisMdTX3EpZ728yHnymY3+NiGcckO9AC2ZcREIN07fJza03NcZROEhFX8TCM/svIVXlmZDPLrVuifhXO7Csm01wFzBJxOW6z8o31a0vqgAob0rYtIsXATYDGZejOP9OsQuATWc4glKjjMFopgfF6hjuCsNQDaMomaA3i8BZzHcKixKLCA/u2aySWuZRfibXVq2QpSbNWFkcATFAocf6MginfsM4oLOfNMC1ULPqsTLfoIDZIncD7pLFk8DeHYT6lWn8DYHJhJiYkanJqV8c4eKk77OpZcxeXO5/GtyH2r+RQ+OxAhaqebJF7Pq+PrfpyMHNupfAlrziS2O1rxvH2Bhik1/id9L8M12Gn/DDHITXvOBZRunuugsNstbThcHIEj3JyQaG7gDhIFUlqTU9hR7g6wYiSxoGkz0EKrEJM0nFEhbKRWfs48kuTsAawul+HrYWnqy23RwrfRXvpb1gNYMzy2lwsB77ucVhDg1A1F+H2D9s81GwCYovIVq2w3L+9sB/hW1EvAtuPqA3oVTnK/vSGgZJQ/nityhATFK7qvomZt9iBCIm6IhnT/Y7dYG60NHFMLgW6ItymzDpMGCbpHDvq/etnDzAHbbtoAcorQPcbj22atzFJLoxs2cVE5uVRheob/V2YfNr0/FAf8SMxs3ckAlWHiJmUagCJ8wZg1gXOg8GMxlUR0eY99Nrq7EeRNx+OFJ4A/oibvtPuolCtlmdzwKT4dPzaaF/d570nDGOuo2cZbTIkcsYi666DszZ1zBwjilWu9R9QZezDhfOBjHqckwLBZv2zuQT1VjpC6Q3LVn+ukpccHKvrXlfbj9tdAbEvGp0boED0PfHIiiPuhx0NRF2E0vCJka0g/9u7E/xK6qHIw5ixdvgPWC7l76/H/Vv02lQWmBmv/mEO0HsPxmxmCXz+7F0kFwPeIZtrB7mTvk1dTkjWslg1UxV2tsnJLHOpx23uPRWcjoyO5AC0GHDcn0zcujAG7xDd/OAgnpS8l2wW/A/GCYyDx1Y6PtQ6MOrgvxlBOd9IEuiNt6Xv1cmRvgBYXwxGUGoRggVhgGO/xiB4Vk+uZv6yvcqMt2+xX5Wn96fuOpQ3+A0Mgm42k1P4sAr102suLtTP4GLsWDSKx1qNo81R+JYltdfQBm9uKNfEqHVxQXS+Alcj23d7eD3fShvQApLhpkAKXPRr0u9HEazM/GgT8+Q5wMJ4IFkZIt3lBCjp9/WKJzWBS3pYmT9GFWmWLuFRW8UuiCGGT5/Y5Dz6M4ewfCW4KdtomBRxjpyYXMr5XEuIxtfVqb+UMjaNyrPJqHIsMmBVIykprxKIJpqi8aakRRr56zLngjRfUAuINfKs4gSCMrY9scU+aoolu8bSmBssETjdYnnYcxHIbmFYcFFhusC/H0R8F/OhvWabxcN0NaXQD7yP9yJ7q+Pykn+YBsmE09Bh/CM2G1/H6nXYnk0FgF/0kSfqPzCOCPZkUmhyxMvwBsWfZwaLdUsR6qqq74jqfQs1HJInTvZWJZBWVzqBOpA7uEuIssT4UDaWoht27mTExa6hQDxc7GskHeZWlNV8DD7f6j/C8iYJxwtyRBDoScQI/PFUafw5wVkIcVKN9Xgt1/WqP/bk2tW8XV1HfUBvdOJMnYlor14/FAextOnzW3EOmApLwnBMcYHkH+npmP8+HP0+2cj0ir7UMKgMVgMrzi65RWYZgDTeQDBdR3BMnv/Onf6guYIt8B8CozGvMaRqDDqEHjYHDGbCX8JjDfyxbiL3UWvF2OVxSQLjSKWgxU7zhpa+74mN7Ti/HDUzpG3hUMJPMVI9MHITJAzwTP22LR4LTLES9eXFq2w2Xf39r9GGUE+uP62P3fgJJ4JDX83Db1vUxvzLVqjPwc8uobazPUypeacI2mbFypSj8+jv6Dya5vaxP92U3U49PyNczbdrCyrrPtg3WPCJkEXa/ERze7c/u25EF11zDXIoktrwh66oHVfAhpMn5o3s3NGrDOTzfkCGv++R7tcLN3QzXCgcGnUHrU8uS6JXokm6byxQV7P1nf1NNFXmny/ze+LdLHQxnpQ0GYv3mVS0xX4G9ksw2xPGtUSkXsDR8gDGUGTCnDwxGpK/y7K46mYuVJD55p1W3bN+du5dbFM3s8yY+1rRsWNLYJJfqZCeXL3RKCT7q7oospjPT9MsB6q2nX0BBcasNE4E+0qd+zI1n44hef9bciFMNyZ+aVTxjyaQygsFt4RDHGceGTynRyBuKfHWsLzkiMs6yv7Gy/Uv+QnytPwE5WmK74Xr2eeyTHf9P1uK0B5kbl/MkP63KDx/iwIo5vXCOoiCqq0DwweWW2up02hPRAbt3TYYtC46Zxb2EESBrr/vjuNXcfXh69IRsBSHDh64B9zeRR2gjLhVlxX0bel9ZCyh4DeRxs9Uaa546LAwJfVdxTF1QH5pNsQhfieq73ya6QRbKGQApwVZk5+T5paWeWHMAmzyIxhesXiQ7NzT6vemItkMN7ouHyLBJMWLTrvGMnGuXrWP/zvuXsk0MgU7Nb3PY9exiJ/dvI5yDA9q3II3OLmwDAbirSJW5BkZLzckYZJeafGI/vsFmXFlS/Zxz9LVO18DC/Q8q/iFZlpp8ZZbREdX/OLOnEEmjEB9w3VJLv9y3/eYNvWq1+4hi1HeBGLvhZjfzsXCbXt0iz/2h2+mDt/S7q0RMymdKJvSTdUIiYYgmFd/bURN01qaM9Au4h+wnLDKypO8hkjOXS1Fz8UKBwI+OIx5BTMh7wfw62oJ2Z87v4rfqQWwxgventTNnq6hRTLNEbKLkn+7YVvK6xCX7SJenpI6PvQ7L+f09nFoJA3XKmiHQD0zfj/tVaJoGYnCpzhkI0DdE623DS67BsHKMYqnkOyg/6IM37z6fuhaWwY6+BfoD9gtIf0PDYMyBJnGQc2wj3Cm/Vy8d8Bo2gOhEkprsr0GPe/y5lpNNHBa3wjcrrrecP7sOiIeytkbX5U/V7P8RHzQhObuD/iwW2A0pxBDnp9yZyBZ/0SurQ78/dUGSn8WIyjMJUJabqVLcSxBow0NipOCQY613O3U8k2WENyi6f8AMiE8f6U1CU9ADGvFPxiP6TPy3CiTmkPBIwRmT/bj8u+ZUqu8uhPK9wU9Yf//70T8hFJeO7+dnduG5KnNkLHC5UwIV5Fv5trkUT+i97oODBfbbI6MV8EtPi762JHQL/MWB22/aWLyJ5nHLRbel7wfqHgQtkin/Ikq76a70Hrc5vDUrwhlneu5DiIF5TWHPHSruK8yLJzlnYUvi7GsC/CqYmX0r6/aj4phiSgdaJw1CQWPevAcN98yD+RIPwXLaB7la9cymTWhqmnAjWaCpbZYuZwnNCe/80dzCvvJ6VL06JJrEADMNSLaaFqfYSXP3wAoizWyAXHonltwYF+om3UuHmtun6WCBu1i5NCzrsz3ePLF9K0l1MrAYo3OOQQfY19+FXu7YeVwLgUkRBoaLWWFP5YtmYYBwiafquso+EZ9K5hP2ZCXVwD/O9AgWbFHXImpavMTtm6HOuBkE9YTtu9pSMA8BzQGki9EumZWCAy+wyfFFlGf/Qqbz3iI3DFvaw+Oz2FK/7S5c+IZj+rS/WsrBbvdUHatGaiQCt+0gsR3CPFarpO5zjpkVZlU65z/x3132VMUv745Dmo64sTh+TwE0NIwWWjjDjxCteWUX3Dx3jXn9jbPjjtv78XAKZj/K4ZHvuJ8gOOw1qsi1an39IPSvuBqFYvnXKLnf7+bVO6jqcQO+VvMgWU5r5tyftGyQ5NgGGd3uKp53r67x6qxmZE4H7+TMZX+Rgr6IIwl3U9VpTf+8CKtERyqvD9klt4EqDJjf2KIrbD+YWKPo3/kGuEaV4BDkKpvmePAgVdgsEob9B5KZGYRoPSNIyJgYtSRdrurvBLFOv7nd9/VQhzAignj6Yz85NLbOwMrrpxSkM1uw0LqIm+mIPJhZL7JuCeEZGOJIseyubkkit4LQgqqi3CkzL2K/TaNk+fgyPGjSf4NKK5/XT5VnxLW8q+2PDpw4vaGKGI/ncX+7PsZwj+vlp6pXzjqTLfX3l6c0S37lxC2dTxZCJMifMMGvJg2ttJ6ZdwChZ/GjiVfdvLie7q8F8sn77A8faffC98VI9v9fE7TLgYlD+0AWh7/sZjC0U94kNWT1mnuNMPnhwUqYYP210+Q8Zx/II3NuTPKeg9AiDl+zfbH7NgfY7KvjHarXoe1UVhklYBI/iQguBKvM9UgrcA6+XErvHNIzuYW7aNfcq7x8lN4BVP8PyVYv/3d2+jqE02iOXd9ZftK2SUetsj9ZlGuotEwnQbjc5AbQskIgxCYJwIx9XPCmghYhPf9Vl9Iw3WUSsVoL1013rnoOTdFrfsaG+oZUDws1qA1cRhqQWfT1u6yE87uj6yu8frkw4TGZtFbiHJovdf4By9GURofJ9N5aV7o8H283eFvDYg90sBMlQ3zYLxC6pwicgoJwj/wKcEe1jdhgNRbiYRpZzvP+xX9U/po3gy+hUXu2tSLHmSh3VSiSSPuznTaiyN1vwLgDg05l9+hYcuEMqfYV91dYNZojyVUMyZyG2lEdW7LaDENGJTwB+wJAq4zDDnDbiKmzkjjvawmZJ38lMmUJRGC35FRiyCtkq2+wGTMEHTRSzefwiSl4n7TKPT/OokaErT8KrdAYifti+hFysOfi71gp/Mb22ID8JTaGk2+rckwq5cd3Y4tL6BxqNOd26Ykb+GJJpvTC6NFGovEo0TYti+d8XpH/uWwJ+nMZlrn+9z4MdJUd08j/8igxuJb2zIpS0yW1LyycZWWXzK93/Zfh5Aiyu2D6nxhyHkq5NrHdOFCxelKMXzM3RPjqd/1c4GH+mzVjEgshvtIxEFtHEzAPHicM0+sppU3+gWxa0wyz6rp26ol6jmXiX0/LqO45qBmBVzM1u+7lUyC5Ho3/27X6jj3lxD3077c2HYxBuSAfceilUHQZQDlfl4G2X8J3ervROmNm4+9t/SKWSsfwc69m3Dfib2+zGcfzHp0tI1JcLfggwok4eFi9FSFmWfS21p5e+aZWK3/pYB/1KA18Bl9SyKuAiCZ7MMMrNN0G2vAbCiBkHA/NhW6AwpuaUxgUaCth+oCmaJOitZAwLYDSHC11iDUipS0/lrKGThNm+l+w3FR/qdmgmydlV1F22OSjY8qS+20ufek4l3G2fYjc+Izr/ObIftb0sNrNoa5eFf/QlSiTVwGhVEcNm1rnYzMUwByLB7uO2VRh2/sD3q7FcSONls+evRa5ylw+0qT1wRI7Vk6QrYTY5KGwx71lw4f42SzJzvr/fs7eN43j8sI79uy360ZJd6HnE2jmiXZ5/wbg2q1Dug0Ga+QpCV0d/SCzklY0mVUk8rl0qzFzskj8H6ZEurn6U1e4b2pP4cTbBwYDzYQDaaSZelY562Ev2tonn8br7gbhWUN+XyAUIJafUmaod+hGFu/JFmvdpGGprrEhIw+qPNXpFBM6sTBlHx9L6PDda83H4fHTovCjzFXURp1cB+7YYG5nF8x7b5uV9ZLqTelHQ8ScH9K5sq39ocUtIHhXQQ9ZPPRLdb5ORVSWMxCyN3M9dftghYxXpWDe1SbXE7NwjZLopQWaVYs61Dkr5gApdJ79REZXL4AscgcjGgiV7ALZXi8cAXKdNWSWddNwXxeOjz14KHe8GJOL3gC5UjrMr9ebO52Q8BSHRlUu9fcrz78/kCp7gC2GZBEdgZtrz/fMkztUS4luxmUyWbASNpy03pM/W8vlGmfP0h/B+OhA5pI8zSdxcoo2DWxr0xDHzfzJ4kMM/JkiX+s34DF6gfO77J8PTOXtmEnqqRdIujdbWsDGln1LGRH+qhmjzNZpyc1HplKPnNIMjAShu9q5Ry+eErAPPajfr15YTi0sYQ9bOut+Dj390iTSqKNlTbt+E32VLG420Ubw7tUzMOS7yxLEviivNuXGUlzVheDKKTyR6uhU6vSePGhfWmc9CQSaXZSy9f21FdfwGRXc/8Rvg4YMH1AAzYZliIyQVO4Gym9fdh/In/Zpe0A8ZIygr/tqirMKsC4P93Ceuf+vlv9EUVBpic3Sf+bLvZbPg4fIGw+cR0LbKZClJCmOM13avIrOpbckGojhh/zdKuguiiI8U4dpQVUURr0TK391FIcm2fx4JMLVaDpM/KDacwJROkyDJwMBdbPIskuU04DKDUQJWyL8rV3MXfCRCvvLsMEMWV3bXZy2Eioa2qCggJgfM3dpif7krrzw2ubxYVoDkpTapuVY5IO5u6Vk/D5hPAyCf5W8IMQv29zSdf9kPsd1exMOeh3Oj34dAdq2I6CgXqjaf91zqWk3fz8BsUVg7LaZkYBRPr0j3DN1x7Bib+Gj9arShLjcpPz++3aoYQF5pq43g5KHwCGO6kbFpLdN36Oj/DcEQGe+xuE8HVlhlc+h55XqLmNr+CZO2m+sK4NsR4IK+dPe2E+kHP4xfj5RQWSPkg1fhcsDwRb7b+Oqtw5FxtaavVwlN1s0mAvWeFtRNenzfoXl6ej3sKxvfYqP3XuufjJ1/lbtqPW9SKW3wJM0nba+G/MWbbzbQoAoxX24s8n+RzIVqnGPGAMwF9zv8n7r2WXUdytNGnmcvpoBd5Se8leoq8OUHvPSmapz9MrV3V1V01JqJn/tEOrS26ZBok8AGJBM4FpsvdhP3r1iZHYH01+VvEnA01YD7pK+275iRoQoz6eFnPlMeucmf6oeQJ4JydBR5l2Ys99fw3PnotPNiRkT+GoQ5R7YnVs0rfHuxl2abNbNDiJg5rM98vrJk2cOHbII61og0N9G7TaH7z0lMfWUXmQjvTqpSMSIXFoGe1AOR3VVr9mcLdAsSk1xoWmVR+k/dqcJCHs5NO80GzQMY4FxLA28IXugFpl1EAtZSUNHShFMcB+rkh+nBuVyhgdUfFo14dhDPTHe2Cxu8y4CMXuhnjFu6dVLdpct9L1JMTLdID7BLeknHE+JYLsZ2Wrhla+7qkGmCEozZyaoj+cncfgT4515KLT/Yp8ZgfaJGdM1Iy0fyJlfCWnZbEa4f/Bka191O/Oc/gcxBKuemS5rOuuCaDtp7QwhSlAZg8nZl6oq/O/yYMabpBIPA8adnqu/EpKJZ8JCu4YB3/GxS3OUmydGKn44Y42gwCvAZpibbczO+KZPBSmpB/X6qIrOZ7GxWOv4iC4zzsGZoS5/cvLHdvkZnNF0S0H686oYgNdymbzDdQkpfN91o9vPEaEoKymW9K9RxMbcbnrRsavqHMDCN/9kA+CYoEyN3r4b59s/uxn2M/egPxkt+hjcCfz8Sb0XceS7PwTXvBjwnMKxKOAWkD1na4MEvdjXNy+HNVZDKfgjkCRsE9jPy71NxgBVHPZuz/5AcGSmv8eUEI6krvFnjnGUizeE0klst6uelcGo+DBUrELPerv1ei+flsr2xDgdaGbW9Y6NJnuX2x2a5qAkGpb179ZDn/GtEDWTQtGQSJJ9QZ+KXfUkimDRr2Z0VO1Viryov6PFfoit3Qtwy+Kuj7pc6osu7X+ddCjDS+5czwkPTPN2GOEM6xmMMuZX2y8t2FMz7pk+wo79YKdjYGy7K5uqfZj0FKKPden9xSkOeVTOcnSbXRoA8nLuoMK1S5mtalUjmi6ick+W3Sjbp+IX81dHNzPnM+gB6SFdkjdGO3CQ0zvY8IYA//oM+LJIGeFXu4Fc6pxMXBB3ncAiKP53uOWv3K0XjwYr75N6+v2qjp4Tc8qisAZHmJ0WvTkOwB7LWLo1tsmRPnY4uJEs33J+P6I/HECOhrbroFMrRjXxdWMk7rcWEbBP+ED58Cgqwkh9eHNlwaE69o1STk4PMPggc+jmLxN/U0sFRZvQNYQ95/iMe1GimgN3R+v9IE/xhaOT8pDhk6Mm2zLAIoYdhfQ9/rAj09QSxzRgpuXv2xV83+3POf/KzpliUj9Xkw6EEaooFwsBIvD7GdvffNSYkcpsCS/UfUNwZVHkZEJtkLIS4vL5G7vmbBYxk6U/kqLMjNDj4WdWCOS64QdXEY/BBHBSVjYx3egmEiMvfsnsCPqIAX1Iuc1/WZ0PcDzu8S8Bn/RnlCtIjY5vmmSLRKM5yLJaoJyah3GQsIpFN/JMcB1mlviHUlUS2h5zecUUJ3rE7SCRN+iKxYJwPgBlmmY9t/VdW2bdpFB2v4AHwkGx8LZaQ0TBix8TFTMaAoGX1J9fIB87BH77mXWtmqsb2S33DHIj0cRUOvj1fi81n64fOaPw/jgIZVGYZWpp5suaJ6Yo6nggN66l4Kl22mWLB74b9ohpRC3YKT7yLsrdo553vm9YHkrnl2QxA/nKlAyHKB+tw6FdBWOWzAPBj8AriP/mqw/8e/fxDAz4n/09+AAxXObwe/Kvl/+vtPXabT+fwhn/c4/nAxvOjTYKadsxm/d/Kt4DT2ZnYs+2/ojeqRf0OgMZqzfv039H4EgX9OfbJ5zY4/nEL5f0PZ7hCzocvW+dZ7oN+u/v7M+XMCQ9Gf471K1/LXTRjyc67MqqL89arHr+ei5ee4+L3sb76E7xsBRR9s1ra/VeD7G4Gq9OcZvRS5DrI3/31Dasq++tmw/x399bJP1G7Zz33/hhDt/VomrW6Sh5b1bH8uENM2gPP50K//vlTXffbWFiAYAbvjfrt4/yp+/f8tZBmj/n+7lP1XR4Fy+mHuItDq79PQf+stajbH2TzcnJuIuvE+0cfL+Ie3A6HxrcD/ZNP+HdTxX3nBv9pqjaON/9ct/j9s7j83lR2WFQTi/E+r9B+f/k6O384i/1BtZAUO6Cizl9Wa2WOUgNP7HIG3lmt3T08O/tUq+1vpW/P4dSxEXdUC3sAOXXVLdMiO+pssId3+7YFfb0Hv46itiv7+ndwMKZvBDVXbskM7zN9qoPn3c58HDKpKopb+9UBXpSko5X+CpSGPx98AbPojUwMJv/6JqWHY42/I4898DUH+t/ga9hd87Z/GqZgH4D/y3+0DBEpukJYlaxT/VgL0n/YNhSP/0DE4+ueOISjybw/0zx2D4tC/3jOjH/bEJ2/+vzlEq26j5HdE/Dv1557hojVqo/Mmon/uoruH+jQDxUH/NUWn0VJ+7wUHyzoPTeb/ainyZ/LMvp//NuH/minYXxH+PxP4Ooz/NF/+XqM/1ACCCOI/EO3/OU3917Pjn0cYof7++X852NifxTuXtWukRU22/CejDf/Xo/2PAwzGpZijtLq78A9dTD1S6PH48+CneEam2F+M7V8P5W8j3mb5+t+hmH8c6n7o/5rb/auj/OsqilF/IykYf1AwCmEo9iD+YdrDfzHtUZS6iQLD8V9PkH8mChj63yIKAv4TUfwm2UDPAon6M+h/l6J/7uQ/CNj/BiDA/kokA7ZjD9ucAFL8XbL+VOE/EK1LGY3g54+ETYct/n16/6us6h8YA/j8NRP7I+l52ZxGffRPZEz+BcH+I/WTEPj3H1L7/xqhwvDfYJSCH+hvhPr4J0JF/kSoCIH+DSEpnMCR73N/KcT/1yj1N/XoD5Sqb+1asUBgDcX/Cw6W5ylFEH+JrpAk+Y94zb8gsv7bGBD+36MT6G8w8tuIfynlH+jkr2DMg/zbzff+Tid/phKS/Bv0P6DF/rWYg/5rtPcb66i6qABD9P2fXsYb0P3iGdFvB3l1ABr6fZC0KM5aY1iqtRrAYMXDug7dfziK/wkO+mfgT/5WkfsgvYn6Zpc/h4hQj1nxbwjoDwp44WM0bdpNqFgFzQAfJ5tm5B/LBWaygfUux7CgaceFaLX4MXkwJnCHcsEBA/7YBR//8dgt+AEYQX6OgUWEP363jNwff0jH+6W/3x/+sqjQ3zfTP5f470nGgtqny9KnVheb7oBzL3BV+l7k6FN32OIPx4fO3ccmzX3L+eWb/VvpP4Zh/ib/EkolmtBOaktOvAxFqgptvI4BKYvCrl38prMkbXAUlohCHSEeJItKGyLtZtj5Z3uQvSy2jWGn76cL7c6b4UK/HG1pPEPvSTitVWfdWr98szcuTDWkgshEeI99DwpsBov9Y0uuEbuf/3m3M4LjNXxbpXYCvxK2Ps5QDAi3sURZKtdYxK9XrzRhDfWRZEEJN3w0NEXTE0f1E/8kXfLRnQZ/2eSuV+SpVzB4fk3QdktFAdN8/JJ/Si6GwpBASSMfvp910rV7KrafuPq9Xm0mtt1dtyGVrP1VkZ+417fAtz5B524BQq0a4mGRH3x0G9t/1beiC0P8niV8QWkThFrStzXGyNev5pLJX8/8xdV/eNb7T5/909U/Put23hUjB/xtTett0RvYem0fryNu/4SAjuvRvtv8iSUPinxq83x8TDlMlVma/HXdiZEQShHhDB2c+aELRol9oQ/vd999gBss9e2fV/v8hL2FBm+lNe4+lbnj53wDahP64Vu5wDuM73FQeJ13JgjoZ0DL/O9t+s6vNmyT/vkXbbK6o0yQ0oze5R9KDJfg/RxcscVk4fcnCzAav9fuD/f8/ub6H1rK3X31SdrnHvjP1rj7K0CEJfKVM3hbbfj3HvvH+wD1sNSXNi3RuwJUGRPp99EoBlJDv7RlW3zwpeP9k3EjFr+ZL3Xfz5MGWoKy5vBtFqGPg1l0KhdYFQPpcoWY5m8mUfDMz/eu8c+XY0ydo3edY4qbSe2uxBSJxOzB/S0Udm/umwaZ2ROVMweV3Xdws8SamMGZ++t7bPwq/afUb0ngu99PFT9F/ytfUDpLM7xM8wkjmjrDmzTLmzzHm8Av5GaA6ddGXOhfLvvHD1O4Er2bMm3KYDMoad7s7L7DdP90581FOYZ2RdpMwBoINdyMTgc81qQPcFVa9/uvQb+kj0kzUrApihsq4YoficrG7Rov7AvDaxsPyKkazg8S9+rQp8iMZD+WaZrE4ff0SN/DvMlz/DKDMHggTUK9wcrcmN93CEbpie/m+rTep0IXkCVDJRzCkzhoi0sxaewIeTr11pXnQ0GsyVfGmwI/0ylNsd+HypXNRkNsN5xJvPcM9kS/ydgB7kgM1E5LyEjAtWnZYf3KSwWVJzEaC0yYYmps54kKyRttksVLeO/enAk92D2KzxFxM6npBXFEDSKaXe75IqbZCFrEO6xr6dZKsFQfGR/24507df6aeVhvZRuTJuIjIlITWcoYwND5tCZPPYKHZntkzYWN7PgUZx7eoqblnmjA88zOJcKnLrLAGazdL3e8odnbuSbUmSP99IBLvBDJWYCa2ae2P1COHQIe54iN4Oy6OfNlAbd1ZrL8PFaDtCYfz/3VUtI3s2RY56P6tsBia9d7iBItGpxS/bOS0dUUx4PP0ygKAvtB71vXTPFsjGCvc/SeOrqNu48NpeWHeeBeM66cek4zNAtzWFnANbKuF4hBiwupjdQEqhFjj880e66t7dZuZKRp9ONxmHwm9EpTc7bZm3Y8ZEbh9ZrrZ+Yh1WKflzpLi6jNkSYsj2pdrjfp54IZ13kLZ6WHrnum5aawRQ/2KRYjNzCel+FjpqC14RoqNQFQ9o2sfqGE45vAP33e2ofXk+fDb4humRTz8rHwWePTZ2jsquNK3Rb1MyNHnCOsdJ53hNBelTO9IbFTNYgb3lHGnBMSqfsH6h3Foq742t/GtfIZcDJ3eIdQsBAK2tyjtOm7CgP3KxARgV8r5gkcoHYmZdb+QkDMaYZigGc2bFjTBJZ6e+kbO/QB18BRIyDAhgfCh9Fu29c1i9o497GWg6tLXZkSqXtlbqJnuMyNTcetbQP+CH2aCJYRTz9Y6cF2sMowK3Ja78X3KJ5QKmf/VutZum/hLX+Sm97E7lnIu2zqdS9bUhpgjJ9s8ULib76DEbef3dqqHbKOm/587UP1ekd4lXzDlwjDy57rVyq+Ds0Y1vgjxaVb6+X+TxyFZo0HauwIV71wPfOx4Ocszwr2ZOJlMHm/4Fn+w5s0gNm+PJlnGdO8OekvLmYGN2+SbyTGy3wZOALjBjJDW8LJ1zrrHibgkDduLG6uRjOMqZE58Jr/UO/oMILSdcRwYae7QWEjtksB5jVNxRS8juc9hS/rpnQFrfhXrikR2k7aPTYnmP2MM+U90OcY1MNhEMeJ8Z+Tt2127PQP3EeeT1SyctWbNUmbDYmUXOjFzsSgNwit7GCVfMa8/J3Da8B10Uw/cWsT2DljFtR8nL1b8ygL+6EhhnP4URSQVJrBQcBqYFRwIBiJ6vhCOAfXOBgevmvYYDHX0bSZE0+sUn1v3EV3h7XES8YgACzPD0clbRfGURWsc5mRppL7tWSNcxIZvT9c5+Y8RjU62J7MnbhmlExxPAfK46VbPO8c3C6UMzCTOxDbW8E01F5g6C07jt7P4lErk3GcjfvEsQxtymV+hLXIysAFT8As2lqTeYZf95T2i3l6JYq3pCj3dPMAOZYjg0veQRiFepUIyASspZtbKz5RE53ejde6Hdmt/qUJj4cWMnwIXEJP49PkjJCrkaNK2Bt0jRe9QhYmc6lD6ObzfMMKEreOtnb3rMlGhaXmu7lqFXBPv6DHyqJLay6BA0B7KeWDMcuPKSiws3xnZaOieaO8CULM3D0BicUZjOV69BaDwD3SXDbRKXHlWtJDQji+4XwyOB9OTg3tqyBo7nMj9Hz63Ij+neMv0gW7nOWHgLw5DHhR9fAWGB6/9VYlCfVCJWUUfnwjtyTY51GlLX+GeufM1lvaG0zAiSEAlxDaq4l1RiEK1Cg9qGqBrOOA1LWtphfXcmG9JBXKCqOk+XvxfI3rCBy2OimM1d3U5AZd1Wc4TbPjJSbuBMPKIyF1DHVnNIH8OKvVsr3U0hrz+VwfH2k/lRcSxYifEW5IVteaKrqIpEStulGBelJgWW+ilKKxPGtRsH3yGKLTWDE+2iaG9CyzRRXzaJ10YdGiXzttQiEJSN5cSZjpaUrfbdvA7fZEVJRRQEw7oSovlpt0mUjp2X8tsh5saxk6flp7T67hnBTZGOGanUyf3+sNFL5uU+/uu9nhICawKc1+5qDdbmSxKkGqA4HaaRvcWJ4Jr0mJvWj3+KKTt58UKc9gpgb1k8Nc8LjHTBHTOh577hvWqysl6POOuJ4k9NVfqkcBYWHXM581mCMnuAgbOnkle6fP7Bl84IZ2JfiTfbCtyquvYUNYLmP9hFRnI+IwfjdjhE5FQQ2Zv3ButtfrpAH9opT5UxUIFpLdKNEnzkh6WsRdpkERUo3Ka7C8kDJmrwu8Cc+Z5tnpXnDPFk8dIeCKxKmfI/cJ9WPDN5qpD6uGNy3WslcNo9KTStSK3Qhs9U7WyKF7wr3NbSwKukCWpzscQgFp/PMBZZ8wGSprYnnI1zoZOGrRepe/ZXz4VF//H0XnhjrDQwimqQ9vQAkVl1TxTbVmNiQTuZ5wsTiGj9/QQNSqOtcjcvt6Hp5R+wQMq95W9CEehqQKr53NnulzZJxMXRGtz2vRvKc4tr+XDfSImk5O+z6kOfxutBWe0Wx94ykSXl2Dsg8IerUaW2IY+3rEputHwEl/+YBXFo+DcCwQEEhQvpvbD/donqx94wnueURu4vHfDF0hPA1o8Q1NEwzwSxWnogKWYQECRMXTHGQBIHpj6fu7C7c28DuUvs/xjMXbssOL/KkwrqOWzEG7ghUUMqyUSSgewkVf5iDQUCY4xagx5N8l084zxi6RXaOvWGtLENbIeA5ygWOnr7DNk+rdT6Mko+6xIrS2iI2zQTkieuciPZs+JAh4He4v/sClTTfWCvuQuekiIoLZOOivIF5zDIXkLBVnzAmdgvhG9ZbJtLRDZrjk6iSdRCkm0mFGLAO+wwj2+jr/A1uoYGpeBSI5CrJc6w9ehuneoEo6QLQGRH51vUBYTMSfixtU9A0e2FSLO36c84LyVBCPuDRRJnf3uSFBY87hQMZ14lVyWZKXYpEW8tgwx8ceJKM1gEkuS/smpEFZThFxonenh5h9HaJZb88LhSxoRGM7uQBwBagbE9wgb/s2U8Dehsb0BLsYdWF+UTdEsWFG0a+9UaOSEN2ibQ++yb4NrPKB9fNRt78h+QrJe4MNv1FPCFgzPi3EFom3/kZ8gLuKaNRXMGnPcBVgwJWBNDbPVvWkFPYr4ESOd2qIvaDAvp8CxomSg+zRYR0jzd/GoxQvNbzwUxCKCOffBl5p9tC4sy4v+rOcBHUvLsAAgg8kQqlsk9cHEg4BrdB6Zw3hhejPUVF8XfVK/dIVv420kZtfz8xslseHDSYhjj1Zx0HGFPkQuskuKCj7pruTfSIUP41XwIqPtDafb6Q91iMGKnkNhkH+7DO6+Wu18TbqNktlrFGp2bWK8zwcme7nBJsdxDc1M310viJShYHGiFU1ZHen35zwLU443gJpkUZZiw5Zb0JRTR1xKAP/vPAe5hKPfXsG/+aHUOjMTpGhgMOLR0TvAc66ZMlqE3sDettmQjZW7P0cj50sa/nZJlbwbRTIE8nnMiA4X8XcW1Fi/WZ0gqJtmmkzp7Av1P0GaGTbLdsQNQckKy+5xKPjcTCniRSLfUn9DTt3EgPYPJd1Rz7rhxk0O2JEdnK85iWy8VwI5R5+iZYYM7gvSDHawM+LN+JbUovNIp1MdgttoTGO51gSnRDnLtZBm/zCa9JV0ySvasec92aXOLlh0L3YeekbP4m3+zIv+YLtHk6WtBh/y//C/4ZyuAFsd6zqEukXu6yWmw4BGZfWoYK9YaNhtxlkaCNWvfZSePA1R2RybV2MGNlYYZ8+ZjUaasiC5iBeVJ/tx70Er2u36w3xL3UCPGyzmfh5GhmPqLiYoFYnEslDLZ9tRdRQmOCaNEC3irPwdrMJsBA12+vzWC6IjwMiIU4HlT22flndimGDC+9I10snHuWnmtKNg67I1UlrNT7eIt6Y/d7L8ybsO6WlFm2WCoEKr+Eixxepma+HcvpffGXuK4v0C0Peylu72TpDzqyx5EYWKvDHvF9nWD6FDY/mWabYlHn1CaR6tKm7B1Sjpzk989a+rteRGreQr7zAqhf/QTDH0oYqowvT8qi1RllPr3JOZuOzXH8LebablzY92y6e3cc9yXzJSbpJsPtN1oc5sxRWfpp+zTcFzt7yD2sjtmszu+dlNaU0Rd3CErEvcRRxO785q/dJS/r9eLEdCnDDkHH+iwD+2mc5vuRj9ZROtOTGl2uC3V4YPlU4eyuXwhholsLtDkSNHRvXbbleT3vKNqSyOOczpi3DqDd0lS796akaN+DW6R0IJMIa1Yyx1j070bGhMX/DTR88GpksUCk5nu8y5u1HNav6y1AireLmOlx6mMxg9jLoohKvJoEs0ltNYqYLmGX3mFwWK6oG/aNkRiZ0PFxl5Yv/Jjyks2mhYJEJcYlk7GBCRfTGx2xKnh++d4s0nSxCfZRyfjeoGR/64Q11HceRral75dmhoLG79BUR3MPeMJegKS3bsl73wjEKo1ovrvf4sHUuWkp5Im/9RgjxXDaHuXbsMTq/0qeXdeP1NOJjdrOcKLOjR5kj6YLHEXZqLLwMyb7xyjy6UXKyt46mnjXnjMMLZ44d7iuPGENghJeEOFKU7dW21KHYcKh2p/BUWTJjDqFlKFdodwQVTbAJwao1pM5R9p32WZRvXIbEFPoozzewXvTL0gXJ9JS05RvS8Glmk6Y0kX8zL8BXTo0H/56jFFu31hdryw28q0qohDL1NSyHwk6rsMZeyfKlrQD4Cq1q2qvZMgporvKzfHDjjeXGGzx3YwuRLhKB/VnGAEoyDfAGb7q2bAaOXN86r3VjDZuu9U5kSI61hkQCPO8yW+VYUt43eSDckIIG1j6GdkiGAnNwct4GDSGKq5349nlay4WmqdUAzcPsCHQEW+QF3NNv0O+T5/rd7PhRrp4EyiT3wiAkJvA5IfzNNRY2jlpPfLrNq0bVEdnL8HEjaARx53pfl3pF5auXUle8WwgeFzC7s5+Zfjk5vLyRsi6YmI9bO/aD7g1WTEj/6hBH7W+oDNDiB3QU/czkm9NpHdkKXaiaj2nA0I7qUxcTn2N+qbpTC9uszGdSo7mxt5qEe3haffUoaaaiOamPa33M2XPNCMEF/Y24bfZyXGLuFUiddA/lUujy0NRLw2+ORj4ZjapHlvHtR8thJq8Jed9wk9yLLOPvgsA2aOa5AvWO+eqg23RcESv6ebIZC/IN+UDlGq6uXayTW30L53bsPd9vxy4JvbAk15tKutg6d1QMCI7zW2CXFnAtjCXnfdpLEiO4ypZ5Kz7Eqqng5TF0K31rnmaWFyL9frcB5NOI787JU0tvjXyYfCQ6NfSJmf2bGLqzaRNcQNoPOzaatY+Y8Xk5ez+iT2fJcMQqnEHvlv7Jl0HsnJ7+8K3ay7xkInxvWYJwgMiLSuHVWvmzq9GYm9yLf5uBh7ePuXNudQRXfeeZTFUEYamBfrfRAHyGTNHYFM21vKZuDsNxpeR485wKaqCwvAsEewOImeqdHK1sNCb3KdxsXncbfu7f53wuH0PtjterYJ/SE3m3SowsH9Wgrxc77tekTZn6zcv8GAZCfb+00ptX1GnmswGwTRms/RZe7ZSWyZcC7I9i34pOWYD+DbMSGNzOSWend3SrzduYP6Z0aT3tK5Fjd+Z1mmyu7BV2Xqhp8pMFeQOZau9De5yuhNQyYu8ZNSvCSI/AzhPmYWK+inya5MH3awr5rMcpquiroxjOz2+A9EcN3/jbgrvSghJYMK+1/wb/2Vf4QYJEjIyKOlu8Wc7aTqctrJ7DgXgsQk6d9a5+muZkddQ/xevTyMVPAnp8ysJFz0KC0kwUYouOvywZQIe5riaJ0KDlatv3mPbWlLZaPBVlfaMwsImaUQ+iUJuDaeZlbb01oC55Iya1evVheor6ngrOpfdxqhcBMSSPZeo+dQmpca0b6hmZWFhMTIGmsFavhkgeDTG1M4b3eKxFvYo06vhsieqbtQ1lYVe8PMGRjHbD6eylwA9VvaeunRTrN0omgzXxe7nFagtGbztYsGtu68ZQJ1XqaS8f/KVbPfb+UPgnxn1n7Ld7MjpjEAbPwyXwX1sVV6D60YCFsKP+yllGfKPBy1yK4xMGHv923r52+jWXs2XYjrtgQzOL5i9nqloGVmMXGg3W85q1VNg+3TDW7MlZo7EjaZ/YBBA1Ezy09ArObg3z0pdu6ZWksO1rnIb6L0e0h5fnchJPqxGZ3BNWLgvIISI/29B1FYolC1o0DCDisaMrAZF8AoVVK+zeqpT6S4SUOorxeiRfXx4AgCMneV70Tcm+4nP0SYOUN7SDqwiqLUUGFvLnTX4ap7JzfdhPxEEc2jRmrH+TBq0xHXK91CPYcu1+7gCR5KfKSc33NvneeIul2nTHJ3TeGsHV0V76gsdIStqHanXeSUnuJyY9/lTlhB1wZEuwuhsJXwWK181nzlaS1XHyLQvZpudDski12Ykue7xIVS1HDA2RaZjEVyaLlEvVitjWe1l6GsRGiNhL7HQm9hmWBEkZkn4psla6Pg+toh2lnU/M0a2DV7qObewkluUolxyr3ZBEedeNa9/sCXfFt/o+1aS63rqnBwrTJjdaIpQauDl/ShnykNlNmuQgJkAURNsa7sDPupfMLFhNotraXU+IeauX4Mdg8gGl3PlqkgzZ5T3VwIekCIdhPH7W024tH6ynmTJH7wnP7tBvcpn5kcm0wJd6qZuBK9cKc7emTgKx5BkXvmXxWYxidat3hX6ZiIuodqv4zRJrjMK6e0IqtAlZdRi8HCywa/KPlmvR2LVHh6KC1qbCizKAJXfgpzQSn1kLFuWu+PPaD07T6dWTMnF0M6o1iTcVHF1DInF48cFyTLLnq5M6TbMcc/xmX7C75iysXVvfduvq0rF96nmemGZu1MjxDc0FXbCx2jz1+MZLz0m6/UhVPUSS9QjCBreVXoBLz0pxDkWkEG0CpEoGHRd+ksjC0a8g0l7sxPtxxv6kJ4Jj+JHaRum1oGSrEOv+/ATZgMPu7HazniF8iRSSkRoStj2k7TrBpHs7lC8Pa9Jsp6vNTew+/If9jYVE7/HTt15oKuFg47VoyNBC9gfC5u96cBPgciIma/FUbAts8d3fIB3GR+zeb+ebEe/zxkmmML04Y19gHQrvYx1Y/bhbvHhsBzUB3acftkYv/7MtuZ5oIGDlTTNJS8D3eDAvoQ+N0tOnZp3zzK6aTFE+xZFBKW3mub5NDqVTAAWP+9LEcBaRfb21VdJFE1Cst5CDR1AnyklL5I0FN3pXh2qa/ORt2895Qpew7Pw3RHEGA3Q59B4z60XmHnreTCZG429MZ1rJ1IrT5cnvxUy7Ktm0WwhZAjqvBrRNwYZ1p352QwKPhC0h8LQVlLQ6eSStcC2kXbK6SIDjbybyRXPgxaGDIvkTaN+YtTVS430zFPzr5EiygX+2pGbbax6zXFIehrqwinw8TQ8HZEvT0BxZCbXDIOfNkTwKPenfRZfZ7aTvAWsrSK2skvq82AOrKz0vRQCl1xeIMYQWBxqhxtPwAeT7bn2tSeWqqRGWwBoeCI3ECWMCncTzFn0lnWOYGNjeQg8oqigZBvboaqRWIkHb1CW+tqkGhPOsNghKVXKBLgf1TpFAxUPb2o8vAK/HV24+dyqjx0sctmMRKs9VyFelJ1c9hctxyY+bsWXeGGBg+Yf+7hmNv/SX7h8P/sro4iDAQDo71Xog/DMteuPIZV3//JBrjWDEjVpexLAEsG7HjIViQurD7LG/zCbrx6d+YGohUlXOcXilstXJaTDxMW4I8HaibRCKWqaTBoEAo3oxnZc/BY9cIuTZlMHE3a2I4kZ+iXMBwo0L4+ulFkRTTxGRbRPiP07bf78j+BREjMsREH9FnXXyVqvGZBmDY3sw6JJBDUqzNdw8BuKhjceTUTI02FEErZejp6SWfyot4bnilhxXHD2KMl3FEeLi+PHMdlTN2nh0n4GaRX5xqQo2bV3ZaapaCHazItjiwUy9wf4nSHSTUzfbT56mlliNrcaPK8+cD4oemqHdcMX8NG06vCM7lR31iRFGgZA3aGiLt6ngfX/fmyLPM3GX5WyRAUUWoNEk4mJl6Ggs3uALdhe8QgWKR0W2NSkFjcB4v5qjVmK7aGlBambGmlbiJaov0qQHCd6ZrJKvUSUZTOITHbb4BkLRDUzeVjH0D49V+Mvr3jDscJ5yfRxOiZ3MXeEZJbDXc7W+ceq+4xUR9XP0PG8FqwuEkxOL2UbEMAbiexjKZZcOCpCIfcyTEkaAzEt7exvz3sFcDF7osHFloRzd9kFKR/IAowrdB1O9iHKQzQIDe9JeH8A4BlTGgjYCbrJn67FbSJ4005huNC2Q6bPMt2/WFu/BmkeamYhUYvenPbexmRQiuwlzEZosj16wPdkvYoZ6xNWsyMKaOgMrqd2VGJp7yNH9t8N2uTebbt35pi7ABH0uGnL4jqfAZtJR/PPJTag4NOYLOqSiVkGU18wRP8khHFSm1x9Y7fqJyPF3EzLEgBzLiMEJXbaKyx/LiwPsOtKTfVSzVzOmyttin4ZUE7lUl1EliqrmSOoK+8gnslX4oxe1Z2Hxdgl0ua7ce/JI5AJigdLDN22izRS+E/r9RIg4W3pmJK7mOpfmYscpjKYpk7TH8NjQMCmot1ODLKGMnz2+vBqwohKLHCVzKecpalvjybU+YAmj3Ddu/vthvB+Zcfh4mC9UvmIV/7JCtG1VX3qpxGcQVfekRmgAS/gX9vLIbiDPSYZRcaxK8uNmMk0MFFD2n5XvZfZbnZYrG3wSIlsNBqoGN2228CHpd3krFedHD/jp7oYNVk/FAcvtJntDYqT1d9h8CBaZDzl8cJejJvg0uK4yVyNLdMhjOR4FORiwsGSYoXKUFQvfaHDQZkLZdUuDYxff8lcpcnZ58FGM2jPXICpEuvl1exHiM328KN6c6qtnmoGcrm2uXcKGnspMG+n2Mo4Md/KJ2Z85IMbWFh62vm03Z7aLqLx8dmsE6H0juRhYz3Xg23DjfU28otPs0SUqv7kckuT90Jk5ZiUsrmu8RDBon6Ea7uP5+RD81XIUd2V4cgFyWzXGZ8U+saOh31OtqREgxuotuhceuiQ0J2jzentGQsp15kQ+FtuGDaSgYKz7fsMJgaP7KD1VPVT1pRNioV0a2DIMng3ukQqKIZ8WO3zt/dTzXQnn4XPIjs9gJLnEIy4+vl2K6VrdVPgMq9BJRO3kCT/iR8Jtx9pfs1oKQCdk0m8I2Tj/HIBt+xBxHq7wfKmR4W9tF3Z0er5kLOHQtH0E7Rw2bfbSp8EW4u0Ii4GWxl0hj1NrNXMH9qfCMCxG0JL4rWXM3qbWw7X0w4cKaBlFncqirm/b3mee7nM7tPWgpAsoEfQCojaE+bzfULZ7fvQexvwMw7cztnHxYUVfDZkTdDKR6x7kJWQgW1rBaVfqWITK88oJIDHyUkN08LuO8XNO7K8liHNbzYaTWBFDP3KcgOa5D2nVij527sp5nubxw0O0FTZVSNZ3g6qdLGUMS467uRuaUOdcv58tkllaBqMjDKx1/XEhNbJXXKdXXqqp+5ITtRjiFSTryHvfraKJ1+Ek1rxnCYtIkrO8kc3lL3wGZ2oxrhtkU+XdhUt0aQk1KtmrijoPpAgO1oodqluXK4XGJLVp3wyvVGSZaqW3x6/2lDNMBICZ5SUOa2jLYwowKeQ0zmGGa8QaySsnu7GXuru1ezykaYtgk6THBIHYnOddvPlqBpSYc2sXW9dNwkf4AqaOmkoXzh47kKhYeCuf9abwPHFFK4zH6pJaWgmg6W2YowzdJx+Jn91wApiXDA4o89Z2rVrjPBgWJ9z2lbUsStwaFxkH+MefU0aehz0YSLcwrFQUKZ/B+IAL1068rzs7i1Xz2wkqNDqnqbxIIJVoehD7EgvOWwRGdvlUvZHo5sIV4GhQfFo38kHhCbtf2seNJbZtJvx2CCP4urapnv0OHihqWtTIGuGijZesmhMR4H0eCbR286HZlMN3Z3eWT9ObkyHSDa2IpHpEa0v68TfzF0AyNshsKLTkgWNotb62BcTJyNObfmbAj5VblgF9M3QNkjZqNagDAVu/5PxK3ySr2zjlQmABuiMvmH14qX+YSyrTRgmY3EuRlWnWvLZ6tceSejUhHIKze+L7vJxNhkwXJyyDTt9iEMvvtq/xVXyRJ8isIRCLdx2SuQq2+NL2V2/381rYq+25iVJ5lgxpjPbByBeEXfYWZorNcOQDTInh8F9cmixDgLEvHPeBSWmnp7lWCfUzoaPqFwOwCNYVUgvdq9Fi6H1YLuI9u+Q+kYXTDJJSMPEIMIp3HO1JpHrrZOlHclMUSu/h+DAwpxNElBpVtIJIp6P+DQSTRs9p7vZ1lyuxZ6HGp1bblA3+i1UXbEaqbYIoNRjitFwHB26CoACaHjFpABMmrpOSuKiox+SngTCmjr1sTeZFO0begF/UoRk4bGwDXEhnDQxrZ/YRPQslXjaePwEKU5vXuZIAgz4mWXNvMZFaZ5zVE0Y9XKjPY/TsC++FFRjih3M7tOdDrUJ8Ejq5R5oBiTZRstYhLJ7U3N+Mk2ufIlThdQc7EuMsdcSJ5t6ED9IaPTuu96NDPLjLQesvTsOCUVY9Ykdv1T9GA2pi5jlC0/xAIDyzbcdbArmFHadhcRa4mrwL3T7cNuW6XtV0FelnsSjA6Kvn/OQtcT1gz6LBBMZj6rOEsPx8bZnU7cwjHUxgLK9uxUrF6llvWAkgvcR7Wm8P5mwrdNppv5Wx7wKgeq7ztl4knX2YcsCHqFN1E/IMhUfG9+cDfCfEdAnrG2DZ/eh8g5DFSSRQoah/orq1bfXV1zX6TMbQ1G6hTdb4TcYJUeOZC1QRXTwEz93e1uHxCgw0EaSJ7Vz317qhJM9YsDE5/BB5CHyeY+/QIXSDU+WpayZv2T/pW+pFIxkNuIsfGXePJr0+6evh2FK4NTFAZrbyKOuWGVqLGPAC7PMEVBrxjGd+K5sorkexEHRqA1eiJkIxO/fwNhj4LUYOQdr3/CqnZzuMsoA+M7hdPiCLtzDW6mUty2S5p/UZKQxzoyIXKdKG+c1f1xDRPmPbuPytOH9KdepOBLaEj9XdU0H6LA7Qx/X5ZEVPmapotqPRchJFEqBzzhSINLgr6AaiFduiF0aBkT+fz3G3FHG/c+IbLe/D+E85WYfgmsP+1qgPBevFlBzD4F2WVztgBP/S9EA+AgPEKGcMoKo+/DWBU6FTrcc9uvUkFp2XPec6schAEpROePdihAOV4A2qGI2uqLM3Lmq7V2lNT+BnJ2g+1PrJekXlJkeNsgohBw+oc08RfI/5YFrOeRrCvhfekDg5wnII/It3I/TV5s7nBTzYL36LobuQRqR4/NLEwshDn/5gGHXk6Jk/MoVxQsnsIxFHiG64uSgFoEbfnF466ke6Ph292DKMmbmLkzbtZ1DBilF8PMDayQfE50XIMAeatYN7S7Qlj2zs8EPHxuElUI8EBMlNQlx649HVNTM6YvnDUscbc81qeuVMEkTzrfrMySZSHfxcZaOOKYy0bq3oi7lhT1ObHR11Rb5ENBqXAwtQMww10p7A2yc9w9sXsHO0PwYlMsNhue+nmsperdRGWfb1NJqllpj6muTrJidpuAaJuJjUQYmdY8wbQkCS8ImC/sBxg/r8Q1tpkQz7Tj7daFLbpnPFpV9sQaGBQ1BeLRP1GiO7hwrqeuUTF5xvJUK02HUFw3jDrj828Ew9nEyT5t/7Xejr8yX0TnGDHQXU20orPSOhDPicBHhfv89vAMLNu+DeqIknooSCq0IHc9f99ZyBVxsAj9LiffRZadcUj4O0NYAo2gOfRHr8Q7K5NuFiM6rd3nhvlUduVp/FDOJx7kFsr27tvgFbg3Yit3F0pzCgqut0Pmr6fCC35Iu/qx3G17pJD/x3dVFmaeBj+9018OPhxNs8rQN/Jos5ilAsF5tj9Ke0ky73+8ri/aRDfhVZ4BwuWgj/AHKFJ78LigJNFZIPzFCWVZHsyp8Zvw9EXBWsKKvACSWOi6bgbz0QEQPdlwws9ixoOVOrrYzSGoXItZWDcUNnel9cvtcofiSyKAqYwjQnv8Mav3lbzUMuakAeIAaatHHTTccEBDuiRY/WPOy4RQJs3OgfT7iQJIAmsayu1NwMwSQOPd8cRpa+GdzWXBbpyHYbEO9MqOYFDdkxYemm3jX8g6kEIReVYzRo3k3UZXx80IY+zGOVrKEh0GQczB0aT8rPYt3DUodE5D8d3HqU9g4dngAIX5uV/dSWEyx7ZQRQT7z6eTGGm7piZi/CW1446zivwwzEUO8Y1H6QUNhVtOJhJyTOF3bQ7bJAA+ZghbOjLy9yzv76iG9IH4TACzj5AotEU4UADBJyOlvRqz+8ev6xP8QpluiFr7SUV4hFgrwaf7NC0GKaWXjddkuqPQlLkrFb5cNya2eraGHmxYEt+Qpqj74YnqGzAu6Y+lRvoKTgffXlqWdSfIAMDfyMBcqeaJQfk0Tb3RTL9Ba8/FCMph7TI2RuNLxzU7W0yc2FzEbQWoHmlH3wWFROTULDodNvLo9O3nT+YrdzFHu5xeW2rl2BmM6arlKlaz6T14kD8H9qPmi63Jj/ahnL7tVwKO6/Jq4kezu9i5lHegb4PsWQKyvwMyueWrrPM8bgCQbJjh0ean0aYWMnfWPqJs810ZUPmfb4RpKbJOXis3Y79fEW8o34Ju1NlesqTxtjSMSqmNx38l1sQK49unmEwtYrj7lTpvRyVtiBvUk0t1a+Tw7ZE3NCVGXzgqa+wYPpdq/37sBquaALw4aCBWWHMF1Fu2Ff38jPap70vuVX3N2T3xx+BLMDDqGTPXFqotWLCSXsaBGGS26sfOwNLR0fbOq42zVszlRn/lgIKHgSMY6qa6UZxzWV8kY2ULgq06tKDhqGbbZcW1Adf7KG3j6xh0pUshykkfTWwagqp+GaqmLSceJN2KK73kgvyEtu5WV+lylRdY19spDRwyKnsTovIcd4AYgqMct0FmezZ1kQUZcKCZ8EMuSb5pqIJT2zMbOXK6TnRkNTNSmtEcRkUPF6QrdJXXMSxrrmNZmlRremoFHjrgdnyZRtSM4wiRVM880OOEChyu9tlqCA0Ur4XiaV/KkAV8qMxfU/14dBQjhb/Bc81WBLP+No+K6Hkprpmu9k+zfuHU1ihElNFIUZzHvwCL0TZrkdnWAcT/rjYuPNpT+G7JdLufPbc7SHXZNllyfnnVkP7VjdoDvNw+2ucLU6LpF4Psj4LNkgfHtMm9+ubhVsxsAB5+e2Lz5cQ0Ztw5eDUDiWTKusDDGy9moIidXFTOZ5RVek8owGxPOCYoQgACBqmZOL+lnLq/tpP8bIGQ2E1EDcMMvzXS0WRryY6xTCZ/g85W70zuMh+1Noi36H6MCVgyF65gWYV2II6Folotww4uE5dMEt7A229Y5aUXeDX2YL9FCaF4XnUwaQDte5qaUcgTQMqeHfIOY80x2cfYFNLKMy/EjXNhvvtlGh8aMFjaxJtMJLqZKhemvyMkjd+KLh5+GzC0ITZhDD5FHbcWPZ7xZnNm645x/0+tQ5o1mDteYgICraC62WzxO7JrRZcGURy7KMhq+mdujM00v8OWZYo2g8KrbSR3zk0NtZLMRES5/eZSxNg4Nyu/qzqhXWlPKrpnl+J4t550/cda+JbofjYN13q3+GvJZfAYZY78O2KsGgCgMpz8Ki2LA2Fg07xkEOPw4dGaocIdBziOZQFTJJycfKGZYyIjGatf0hqclPrRAsOhzqx1Bfh9Id5/sb0JHoRabhPVwAscUZDz/Nii99M4rOyOgZ47QX+Vlf2m6UYkB/QMhrwaGdqksLIG49CpdLtnVEDu967ilykmtRSEpGjV2WgTXnvEQxFBb5sQd1Io9zkUyGTPU0vk73Zd0nV/P1Yf36STV+WGCqbLtMHLIdP3sMu/MtDa4fL6WEUc4CUvNGRj72KlD16v052Ztm1U0UlYNNiJl48LexaRMFnfind+qtNAAzBkuG15dpiSZgIu4AcEHS1aISO8KrrUe06OshvuixaNOAoG5UCGyg+66du0aGlXyzZh2mbwTDSgsfYicBV2H0nbwMe1kxyXXP8seoIED9KVMyrjSiUrs7o8jwmYRsQ2ku8jKj1ckuDisreioOLnp8pEu/uIMiz92uIJiBvIgu/OLBj4pFv7T39WpO55LNyGMVbfcqA8ngRiU5vhfFD3Y8O865Z0qnNG5zPuVnYe/nZmbJlB8q+45Wt2DhgStOTwfZzhlu5Sxy5gG4s3VtnNYJ2ej4seO3MumGb8P03DWoYZnjcZzGEdb0ZasY3nPTr5W3LxahZDMuc8LQOCKNm4zbTpLdP1gdVR6Q7UssQXMFJQ+LZk5wcckvv96GOTA3BWzXneKeW6dvVnG+xAK8KVWCbtijDtQpS1ul+Fpm5RwK5zyevwtnJO0QvlkZ1zMHSCjnTuBiwbgGoQcgiGh6314l6qicTT5LXQBDeaugQpG/ZHg3sV2fZqmf6GUwx5EM8Vvxivb4MeTNtWe+/8wf33fUMhE35qCkNH33/uFbTUKz5M4hN2hUuGKXRbU6AKu+idcGqjHPEaZt2a59XLe607wk1h/rM4EVoW0lU+beoId/csmBdfSdu7Es+ysYwI1qK/oW5pb5BDvPmMAcaDa6wK379ViErK5nQiSZh5u3z4CJSPUad6Ws9aIrlGkcohJFlZ79Bg8ehHWeHgkaIuws4r2yvOgUOXHAWFtI8hDWpx7yNw7AuNM51KAg3w1Da+Z7+G7NZSVhw0elc/dZNX/bUsCj3w1u5e8RBAA6H3nzi84ZunB5sGvg9/0HDF9+0fn75iOJZPGqeJAsvWO5AJ6m7sYBT0IT2IB4g0iccnXWXeKuOA2GCkLIjxeCZEUDOakq4jmv4O3vYdr6smGVXIZHCuNn6PtUvHm+4E2fzOfoSjbaPzrsLbaoa9waNVgWbbhu9jtnRo/5/BC3/qwBi2tf90ftDQ5FhbkLYAAHVgHM6AVjsq/BcJL3BtKBBQ31c7DLSVWjd2nbja0euzOWlIRX++SAqd0Mr0Yr6tTgR6DYtTVy0I9dhEbi9dG3WF2G5+YjeyI5L6V7GQjn0Xu+YvM+rO4YHwgH6RI+4oLnU1694x/dIxDpwyNzCrmSV7jCW0hQaOJv3vNU+lfkwl8vJEFov7mxUa3IB3Nv38W5+2hfUXjKnaWvv9vt/2fsO7YkN5Itv2b20GIJrWVA7wIyoANafP3Ao0hO97wzPc1DFrMyMyDczc3uNdnIQe/MWjghDcMiSOVtvASaCAAHZvTRKY7NZ2oGXpLkDSvENOtEqs+cCZ80AtPJ9QEL5TNJfKti0MmiV1uytaNwtw0QR7txeJifrpqzc/V6kNlkGj+nqCGf9S7HvBtWddQQRZ3FZOYaqSNX76bwGVl6E/xZ2hEhomPfxg4R5pZNMcl4fSOpMAMENoFLbO5psk4Fq7BDtkHFMqaU41HRwOejUfJ4hD0uq02/iuQhF2z16EbF1+L3c4B1+iVTn3cXDm8ahTBGU2dN3D/T9kGMcF5j7TFGraKch8HCH/I0GVRv2RDByJufgMsLRYpl/WRfnnnspYQvWMuPnTgwTXT6JmVg7kHunQDjHTTL6WI6fcBIdzXPBi3P8qPFndwgZXjQ6ctPNIrpSyteKRGSJ5zCxPnRpg1eoqfw5jkEftNIKokgJBkmNfGS7i92Lfy8lYbwWN3hFgj1AbCrRqL0jX8+640Nv2lA3vN/hoWxsaA2ovhSVwVHU2moPAIxuxq+sdJkYnN+TzgaoC5ivLa6F7S8wqiILqAVYeeqdB/yZc1dKlq8cR59Jj8oYjHaTfPV+KUIENv1b9CrVwxq8LrgpMbhLxf3GwFa86vB4skTu3+ZBaz8mm0Z62ORN13RoXJ7OqxQP/uI67dkCZRC56nImP3fb8vYYH3hHave+KXcMTVfZhGgxAvp8mBfs8jIcX2hv7m7BvsuzytT5EDnFHiLJDlIrFNR5epVrVJLpOszqQm3bX9hlQXvvx+jlPZOYUckHlMcyEDpPjjYjMR3Qd6fXgrxdOZ41AHW5K0c2a8m7mC2kOUsWfwQcYP5z6MVKYXHqzeb7pvjizj5VA8H35FGIhF70D7SLDf7Y6PlHq7ffL5TDE8tYSM7Yxas+8wEN6MR83SypmYnNRPLKIji5MlisAGMAaVreG849sIZe3hP8Otdz3CyiW7OV35J7ouibUvtRLhM0UGAYwoYN1Ar9Oo2JYJOM19r7MT693K6u03UmoXStPoOZIR4FEEyRqQzFS36gV7krdGPRXc/dSNjdXFvh/2WDVgzgr1Elg+fmVAdqIRdh9mnCcpayVz6mga0wyCbYxOZzr/O517VyeTXgtIMtgG2zCXwiMC69OBCHCl+AH8PiLTO0fI3IDu/4ff0rt0B0M/+m3hsfthjWQLHmPgc2cpUnxdJJ8XC34TEEGAUjpi/5nZJTVr9XkbyLlF6U5mFAInMw88rphtQQ+d6N+hEKfnpXn6oBGAEJrCvVrrnTca2HwNNAtxSRtQn/RFrBD5t1h+SqOh2tEukgUYGaz7Vb2bZYwsK5csUipKaFyFX0Q8eyoCsMeKbzLQRyIf3j90b/7Z7D/f4Y/ec/2H33MrlPksOppEz/+aV+uW7g7zQ5gVcedVlCfLZVSIcl8broB8TAIlhvqFFGhD2MJPDRy4lxPo9Ejox+Xsrx+V7w7TqqS5ejSBkUD1gpvZaejmt4ZfvIRkF9nGb25d5sHQv0WVxG5skTH93dwLCW5+HWEcjTMAGRuuMrTeULQVCNkBs5VYpOBhF7MJ9AJt34KyHkfNphdFlD/I7WLy08cH9Js9jjeKSTFgkcNpNxkmgnNBMluOaNtCwqUjssh6DlzCvybfWrXCoDnn5zp/VfhtMn3GruBjuhlpZh6VDoSK/ioaKQ743UIroploV8y2r5XbwDNFZL/uqSA2DnxEzGXexhQ7Jjs3aBEevnnCgICmJmtqVx1Cv66CGkcVCa2WkTJyj4aZxxxWSTbGAhd8E2Ji4L+76hQydB7ppDzX5pv7r9YbZ+jh5kdrRbLo06qwv2z3lHOvdzcLVbEF4QV96LY0/BnMzlkM5YBCXnBiCo3y1+X7OIR49eyRpOq9D6TxGnWwsf+QJkAGDw3lv4Sq63uvOv1VZ33gtTMU312Cr4PtE0Oxb9Oi+eQh5yCV12+3mOymmCe9fULk91qlViO0WblWAxVZ87QZ+63QgFAj56NDH+grtGBl4xsqmcY8dr/WZ05gYpfcCocxvsMglLIPZDjbRNeDkAgA9EvBn3cDimiRh+D2Lcasrv0kireLtV7qshPLP9z4TtruACEapgpbtj3xdWqdrqXC4h1K71Wf9kFoL4d3P0cpBPDd3AdM38imMCDGP/t02NRUmBirCKuJfWACtlgaBviJR5AWrlolu69WnlK25614Ra6i9+rC9KjW7z1vimJMRYJAKUD9ww2c3f/IG+WV+8FqUeJGJQd7l+B6RHa8MLcYeNRb1TL/W8mWIfEyWMOv8Rnb5jGaW/lvkXaCitl0ufXdkmwVjMYn6HB9UnxNXmE45buIGctVGDCG1ECP9DUNIEPjBUvTslr5cJ9OUQTvbpWgyoM5y2c4vWmEP21dFeMuzKOOQ6IaS4AWHtvahHgUyI4NBRmhnbeoHXS+4yQMjjaR9yLCxO83Uu6HYB63kHjNhvkbC3MlmyZxuxNps5kjK41prmFCq8bmvDObLF+flHmHhw+xR0MgRudCBLchalay3obI9sQScnTuY4JXDd91WpWAFhwhq1cX8W+0ry30kGO2kbtXd0R712POzQBORXMrPVcEqn518JJBvvTTMeiFPK/2jkckzi7ybQabF70e5UPHVCHnq0JMIrzlQS6CohEWNMX3132YXqA0pG+M8pe1dhwd9fmOF+GN/ERfCnPLmhkdLpfQMZjWIB+c0APGSARC8VZ+nHbhtQnvSSgeW9LqHe20exEyJ3qYIp2amG/gWs6V5i821kWY7XIcneXg8hQNyymmEJ2i7uMnEHYaPHLrH/7JVxWwfph820YZiyHo4/YutMcbbek51BbcNkwMxedSYB07xwQNzQDmMxoKecYA6Pbr9METmb9bkCowCOoCE4ikokquY8mE8TOj4Vxb0cKY/LAhiXpwOPFRLnddZj+MDIVSsE4z3x5+Ft3HWMO9w34uJBhofyeBnzfi4Yh7CKBxbgpihFccfYebG602Eypqx9YAdnzWqxffhqHxe1zVq7AQtmOP2Ro+ImWff7V+LO1LV3F+x0eqFY6qHJ8ANzCusohGfd5vo/BvYmIewpdbosGtAxbBMGIR1ylQozhSw9Rif2+2DeimF/oWJH9wOZrOJgIO594mCvbPaz5/xuSy/GhTmMaq7jPxLPfqBVlKuCGF1Oq9NzNaSNFJRlZij5+o6A5MTkS+K0gh5kfpGjt3nUWsQR+2fVnAsoa0wgRf599T1dYwuTAUG97BZ1PPmyqyPWGnrCNMYZP1S6CJmO75p9RbnTfnopCj0H4zP5Hi9kOaQOffdbUxdNXXBKOBdCUNe3bCeXIYxDzb21yplNTPRe6qg6RUhTw4CClMrX+E9YnIXNRJC/7qv/AkL8mKbtOpXT0V34fiao18wo4nCh3WwiBx55+4yHnvn/NhfbwRZM4ebfHP75YG/qjPl1pfuPahJle/vL3QoKx/zfdJ5rOnnSEhAO7CnNAoMxoOsofdG9HngQA0eghr8+YRFxzm1lhUCPj0wdTG4aXDG6YQYQZFdHIFe7mRORyCtbYgprEu+KGG+pJ4ntzgOmBCuiI+2OPWhx+yH5hn6gyWbz2luT5X1uXxpt5qyINau3QXgp0uN+EgDqNCzsa2ndWFCWsLIFetazO1rFc7DOzwmgoUkrpdJRZHMXoIOgG0+Wyojqy4trOxrE7XobStMe9S6sxcqbMw5zxnq3TlspK/fCml+xRrykZiRkq1GIAqA+iv+0zPlPfpqSH38MaUMgQPyJoDp9q2Xb4InjpL+q8fRz+fDMYssnKTENScoRA5fOHt9DpPk6tYHNGuaitdxPxQhzBfidJJ9ULVYGZWaM2KHYUcbe7D82oQxWYtQyXCLeuQbO8o4THU4K5r3QGYAm7Y2yVZrPPo0bLFT8QH+Ukgm45gHX5lGpHj+8uhKamwOiUk7TZj8I8hS9aEznvNRGRX3W3bvleE1E4WWaBysgiKLD0njt/8YB6tHzYA+xdz+mqzATaKop7LLwUXN+KDRAGMb/qAGthtQ/S+yqlX+l8EkGEPwRd/yNIXS5phcZ6cqxraEl+wcDcNzfSvr1Q5pIgQC09JtmrPvVwKqJBf2HSF9xNFlGR7L2bxFNl00T8I014jYUJti4TO3l09l/HBlAwNhh19ZUya500amVSOQmLJzsRMFDP6Y3K/wwXsuh5D8qA2X6tmjwaBBlFUmfY/pSRXO3bLO+F14JPllOhhz7R9hqQDcwtkD7z+otqt9iksE7r17XZY+L1CixVJwVWWd+MbbHd9cZqko6+taY85SVeJB7BD7jUHUYpT6Lyc5Cud3uS8/QDKXTu+aomvC7E7jAy732paJWg14/ExTLNZleCh6hrvDGZthdLiMGPOsyn2EVFH0owqVgPNljW+m/gR3+I0rZGJ+YscgYzY2ZJqzkKoqyYK6IXTKjmX30Cr9Xu0iVpLq3WR8KznfqvnsjqfkjbOftCRGoOzlsybh0g21hzEM6fT71FG91jCXH78h4nO61mJjcgbQFF1dBl9BZv6RcwZqPDBZloV0J2XSj/K56wWKTVk/6pdFK52sbbJwACWJPLr3Q7VVb/iCyHk9j13iGWixfGoPRmBYNjwe5cHD3B0fil6HxClgPeI6dhUI6dS539NZOhdufIQhokqqHWHJYB8n6JHy5a/RL0jEsNHG+possaoyFNsXj5nq3DoqFiWaeQelYq8HXEnt5EJqgpXXUcjbKb/4fHFcPCaULx6ApQgyrJ67B/fF0i7WBabUfa21L92vTLHBEEcZn6MgPJuMmkeB/TrdtAYfsbsq8Ac78i6wTKoqFhWHOb5DXzpdDDWqKFXfm1HGPyCSjg00r1VvI3gaxRNWEBpLEDy/+Tq9xFM4YQEYxP1Mm2iJyfXyPZ0cMb4wwsheIk0RMZWrMs0PN/G1Bf7bFXDhKrTujQsu8yjZSaKy9dG2PMIJCF8sbormF0p9Zjn1kJ7tXnXBh6pi6y1P9SCUJTnqLg2fwZW3QjnQ1mvoE2prnvAhkKkvogMc1n4VbsAIdGsGkiBrDBkJNCER/p7CDGOr8rBbk2HRddfwsxwuBWTTOMYVVOpSGrImMngetyNYIRZ2nZXa974j/HApZEuCqzZQkHSEYmIUSR7JrBVefEE13YTQMpsYriFSsXO3v5LstJmZyJzHtJIuxuTH5aovzSlOf0OFFkBjyLSHecoDx514wmCCcgpvUVcdT1oYaeGKF1pxVCXbNn0nPAmDN0xFAbAp7c4c/+ag+pf8lCq2xk4utqlEb9dj+WgAbxJ545xxs9N8N7peM65wxCJYDCflDFUZz7EN/eYhdJ0xqiawFRBU2pI2h8JB2CNj1Iyi1ADDChamB5AuiiZj8Lm+27lIfoU15ExymT9VPbrOB+kqpmuZI4CshCAvO6ZDetRq3ue7hq3mVkUujteYgKt+kSTGD8642iozAd6UNYA4JpseNVdhp+Kd11hn6ci6rUOBJJXNVafaHyHfxXBFabGjH4VCYNWKe6zeR17aUvSJh5eClI2QMpyFDxil44JKA/lsUToofK2y2VcAJoei+rTkOHwyvtbqOQWRzO4b5OeNjVy1ygvXHV+oqm8XKnvDKXHEOR+zRyYRqfH3+R3LPYLZ7FGfmZsVmXr2pSRKCokiVLw85li8mpLzpYqDbogIj27zhkVhRcWSJC+A2tijlZBhP36svdHXObjDutMtfvFWqKtr6jIUzQPlJcln6nQ0gMf4jF3d2bB2JZj0iWa6K7jl+7QPGZIZc/B/oxVFfZU0azJ2Gk/K/TcHMHUnCYJEbdUdizFuZAorFLRlZxOHe8gHK6gKskJVZgI2iAGYC4k2P6+Y0zM8n1S2+mhGFP9gj0LkVKGQZcV0zCDL6MwtoYSQS/N9KP3BLoFoZDKn9OTDUZ8r4Y+5O87NvfV3INN/RX2S/4Wy6XspCOx/IVwdsJZ7QJpUjYArmC//I/igyWAE/uAVDgB7hq8V+zv82ERkvlxIYeYFy4gfw+iOl9jdzxe6cDAMdxosoz4WFjii2PwbiB8oFGDD6s09ff3T3xlLo7/YCX9i1vBZMwnuckmoCgle0sEgCh6q/+pzDNqJEn/6NVO18lf/5lxaHlvxMX2O5VNU7RTe30wOO5Q/nXX/7qsMet/+c82sd3v7pf7TSzlHc1Qfslvv6Su5qNPyWly/mUu/lUuPns/X8F2EOBRH1fp8vvn72v9y/f+7b/OvG28cqnseObRSK//8/t///fN+zzt4PkQr/1X/a3pNn3cH3Yj/7Xr/dKM2Ib8P/u3d/kefaPTzyTjq1Btmz2AXzyR//3VpRoMrRoJXEsaNAnon/9vz/p/+2M9+/ZfP+p+e0/0mffwfr/OsY5/Uf57zX9f7z5o/ciLAptW63bPmSBK6UtbTq/JnL444Uh/89Xu3RzZ+/anhrDe7//s6f671Z82svtsy1P2kz++9/N9Ewmdn9L77Jvx4uYICGb5zm81zWz4+Dd9HHM+BTD8+LD++zds5jabCXO/Yn6uAVSTeIX7nkviseqC6/H+687M7aPCAKBz61zu7/37n+7+/87OOTR7CXTq4/+PONkeDzs+m5wGZVb95H7TuoO6p9/9c4//i6Szv//90f0k64f6np/vnrv/Nblj8f3/X13/Yjd9d+S+f9cEnl+grkOg95f/pNf6AVBpKUXNMUaZyIKMyGuY0X8zohWLz7PLvZ9pf97Ja80pC8fme6qcIvdj/fpaon1w3X/uRW7ACn5++aLDz2RfoHSa91dLXOwxAh/hfP/R/+fzffbz/Xdf8ref+6gAOutPbv57f/9Lf/tnbCKAJGviCErtTXUH0C3NeS6fPZDH84dCjAI6CEkGVyPCEB6s/SE2+Pmm79Vv/bR1RvrSNk8Za6Hq1F1E87ljaAnHZigXBjEA8jxobSb2li0Q0fBFmHCH7LEyqOY2HerYHghsUDZPeHn37beq6jfy+CvLn3R/RljqNvIzWCdATUH+Do3upFc1xQCgqc82dpVA/4nhunQFdZLmcoJiVEgQS6TzvlVnPmU3kNHF6b3hCyeO1YdEMUyBUSAQ/p50RoXNK1MCPFzjAbYdsCvhxltr957NumylbvrfVWRWFMWTnLkaZ+UB3uc6T7A6QLjnLH3ICIzHEvMF8g97PEcTw1tQG7mv8eGvOdJIreAVJkhACM/K98uaXwZQpC5qZsTxjwy9mN3MEIuc+x7XzRoZupNfvhcTocGr37dH33oy+nSdLXYPCXdZk0OrPKqSZSMdDwyqOl5U0DMp8Rv3bvBezBtlnJl8GhvBlbb8CtfAXeuRETRg86qe/skABJYSxvHbPrMgWjXiwcu83Uz1U/4Z3pQZ8kk7IG/5UlYmAv4UsWqdE2TR1T0gFaU73NCxJ/Wugjt4xPJDlOi4Ig7Vy+duHt2KPQyZj9DciydaoyjywwIUwur2Tqzk8BDKFuw5B7HY7IpzD7HtbXjNYLSx7L9W+gGBkQoAPdXaF3F2t37FELqLrcCA1yqQF+DQX28XREtwxMyxTrIhP0r5l8TxFqMx47DmGMf7z/YFF39e1EYgbragA8kksTtO5OgtaIpkySz26QaGXC5q5Dv7rVB/EnLf42ybJjsJ2R2zul16rpr1tvz2FJIvBtw+WknxrlfaaT8dB+9ChUsobRdGXNiLz80yGaSJJx/HRDTbJB/Vc0Pw6SR9ZkpEA4z7EX4N+ZJCmb59I6ng4ImFE8m8VM81OIG8BgTrzU8GQKFzIXY9TwKkVa7+CuX4eLfVucxoA18M0EzMfLHqMcFTZHQSm8h7Rgj5fwzx5kuRDE8otG/uoLqRtxPxKLqVEelY8jlPPPbn7YI8TK8gdk9t3n7rFTyX47RrLJv+j+fgJfYG3RgaRjq9nDH/eER+Tw7MZjzgzSDBcekQqv33fGCjufJacbAPELCQ8VqCL0HLKAE858gunF/17LE6BJSmCnHPaMMKNkcmgrPFleZDyJ1UCeBgcNbj/7HAyMqTSN/2RPW8AYcwGGML85veb+blY5eQ9EeU0IW2IfbTl2eHm404xM2MP7bBR+lZF2whBnjD6fjVv3kNO27Ln7SS+8V7/OQvF29BfgU4fZZfKcc4ado9yojkQBwg4Zc33RlfK+fvkFBfQmCygMADFiwJWNTuayoQP64tBOJ6PGS9Kg3ES7cOPm+NK/OepuonBiQ+ea81sOS9qvBlZwqihfV3dKDtaKiQIyCGcSKIKBm+BPhomZ8wW/qQvPNzdshu386BiZjqnYZ3mCMYaLS/g1HHXVBQDTVG3rKr9k9Dkw0z9tTdt2EnpnZtDLOQW7FsDnU1u2AGkJkZT5rUNtoq9CZT8uiL/0IqZu5AtYa0h5nCj8LSQ0nRjWRoGRXcmjaAeW38RY4Uh2fM0veW69Ips4kdPsU2wVQnPKyA+e1TvBKNBglC0fRkPJWEeDR3rfOyQQ7cpWbxfj9mcO1uc0wSb5jntUCB+hZd8+68hCvjNwHvz3jiDk2EKjsgcg+w7ukHex7Qv8TjXlkqWhonzgIYHglcda6EoQ7OlDDiKpommvBBUPqNd0lbTMyLIL3f/eHBzgegjkYGiJbGnBxLN9Q/rZR68LFrNEI1suk4CNrfZKqf7+lj4LS5YmQo6eFEV77yT8tMcNLrH5a8wPv866RTMO8hsykIM0zdII4oF/HVvS8LaceIYFjmrSXDyljNlHwNHJx7BQqAPFDqsyVGtAUj+Z77rH6KmGwTILFxdml58fK1DyMr4klLwyvloW/kzApBOIV2UJPGlQ/t7XFXzYzYMicpMzJvztIEE1QEDdql7uXmhns5BiluDOz7NCp4H0IHzcby9PEiap1ItzaFXa+EmfBwYEjazzx52QdUCO2qofTQBs7iboiicvZWd72AODu8n4epcPtWkMEeMqcdB9Om/AiJ3ApHX97ERNHKvK4gEiNIZigfwkgwkcJmKfITfrbafNMPv7VipaNmTXThM21erQFJosHilw0zaBI5FnoWP3vKT+TEzHeFYMq982wPlee4zfV0ZHksxivwWxRuGRsprE6UHFUVc8T32KF4Zzmadi6ykL2V3oyINwzh9yYbTAEKwGjJbMNDeJl1EjoV4OR29EkQ6nFDXuDvua2gYbh9p9AWpXTqNhyKLigLYLii6mAB2WLcwdxQ58gdUBtBzHANzpI1UrI9YAFLQoBV6nMGCAh/2ixaOjx2t7TV+kZsNGJTrCPIjCROhbJ8V95AtznvRGSBJjBnhAaL3s/qfMYKInfbIlr+q0xrT/JITwnuAz7czOB3Hah3WTGaYzMFv7Z0otplsyRvgKAmExw5tV3qB3+IqDeLKfNOdmji5fX+wP9Y8ajhO+6XI72OK09yrT4oUXQrO4OVfASvyZae1FhW+0yqRWNuyHKkpR5ziUTKpOkADqGnxsmxlJLKVSN47ZJ/D1G7rPY8Z2tuLaJNtz9IJnxObyUX5Wz9XY3Z0GLWY+jD2CKuHo9Mxawa8YmBqPi1qoEgEq9kkKDYtoDutaEn5WIswwXyLMuyjpO2UDQMp+7xC7rJ57sASqTiTV57jRoI2Dc1/meeMaeskmuXmOYlXRLIFaxm+p6pUrP/Yw5WthgjkBWmZy2joYA6o6Nbmwm4MXOpfUH6x8Bgpk7cWn1vUQJn10BMMi3B13vce+0SbjFKl0v/a/NW2BMqBbsQmFAoV9uh6+ROI2VaxLyQaAEL2vnr6opw3NfnR92YiROLlV4MXAtoAIFeS57CRg/2zUZY3idTnkyIRJLRTmHnqObHagYTCtylGlQne6vTKK+2wwFlzlG5ZjyFSlWftgnvFHvaScoiYvDNGHuB2s5dgVT5UxTqojT2nacLyVdnG6PWWej8ryRXvxt1j4WerO9nuxXZ3UbkhrwFFs/SvvfOew9+UibzhOHSkMc+/xpGRmYVWH5IgVJ9jioEFtfRygGs61iJoo1dUVicPMcSAN7yO0YyV5s560m8D6wA6vwnWHBroQ/LzwSgcAlpdstwnw39d4P2NiVrgUA7fbwiV/1hv5hcxb7XuohU7/RqdzMDyZnGZQUT5ztJZwZYswfiC12bI4j3wEmJiJ+LbULSON2MpzKu793P1P0jvHy8Ft1a6+4if6dZMtSa23/QrgLKIrpkD3fGBs52d4+TbCdI6/tKdQAIDX/rOb/oQkvt6sdrmJ9wA+HfFr8o52LfivhTp+7IEGU1LoEUiHxkewQAzZdUS/zCSlD1SIUescIlwYmxsPBmaNDLw6wWqb0TSbyDBotKe58yMfOicrToiFo5q3Luk9cjsIC/0nBc/XZnqmjqax6M8PrrSfNqQZV6n9yxZnGHvh1dBQWWWjEfeODJB56TxOa4zorfYeUAx0pFd6hvaR8CRHiaSdW/3TKQoglYR8zzi4ehNSR9qInzO5m7yfMM21+eD9h0xQKmWUN/1Rog8FGJYpvGQ+hcorVgQTQ3aIzIeinUCK9PzLrw6+LN3wK5XJojcT74HoSVYUhuxZvwmYPGGnUWzVLy99Q9SX+JF1sFjDOY46rr3iudZlTQTOYUwYV1/5CK7vmG2pLl+XyEc7muu4NL0Gvw3YpkfukJmw3cL6KO+sbSMqC/FvnrVghZKGl5/DHBc1e7XJBnbLuqmgAgTpoVpqqZIPM5b3wE6brB0OJg/HI1wmF9YM+aWL73YacBGw+0EahbesXKgtkWv7+fTiRx1OTXAGTkz+kvVldCDLkykkt49a4WJFYYAUHt2853pi46KhBdoLQCIF10eKAaNl6R94EBF4XgaSTQbHkMEECJvAb4jQyjeDsPnuzoKvUmIk1L294jML4A6J5ET92p6evVG2kDVYkOSn+VcaxjrRRIF+TsOaV+cXqG5zRt4yTZMEaXRDlF5Ergvkn6ztHz4Ek3sDsNE+xoIg8f/QeqPFbe5PDanpZPHowvfRXxa60kv33P3nLMIw1qz4Bzd0doo8+yuN83Mko+/WMrby7MuHxeIO5uEeY4n0JKLny/greXPL011nYwvBTs0RaMDizvBIETD0q1rbYdzaPPUWRCXCf3O0LMTMUrekjSkLApFzCJKqmoaEw+b6FgH197Uk6BDcctGR1/Dqh77axS8mBs7XfpRkw8U9beX6nJ7Oyj9QAzO0sfyKT0Ehl6OsKJ/vewtX4g0J0URM2vS8pba6ChIi/DO7PgmK5BttHe3OwyNC5pWI5gt75sNcVaxSKR+aB4tDEBgHkAH14kiG3OJCoH6gK4d6BPsC11SZ23Ey5n3SlNEhCl8zrfe+cHg/m2odNa/sOTkwiPKlpLSm3GLeTZoXqPifBVi3ySf8EX806qu7joeNExNh9af9ier1psBAWe/5G3IEJojjjUVjh5Y0jwnW7vVtdySUM+/CrOb6YN0UURWyjt4hMbSoqXM0M3Jj7qPEpzjW0HlLdUYZvLT+TS6gTFFLKvDiWpISwcFfIRADL0EXaL4mKyNPMH2xOXlN/2Yrun6eTiYRoK5cp2Y4iyXuq3CtRq9xyhEERolka35SjEuIfPGhPe3aNlUZSrfrDz6xlb684XcWmJyxiQzBVjvTf/ea3Y6X08HeprlG0iZSe5Vi5/hS31cEQQTm/F5uKDYYTItNDi5NTZ3lN1s4BJSNnU79xzI9C0wNNd5mzXb5PV6KLFfvL+cArdXeqD6pDKR5dF+/D0f6vWANTz5hN/vxHwebV5p5FryFvaGvBYEhlw0k/Cwq78bJpQPW5QrupBfdf7BAnvN3uSutSBI9pq2A2Df6PVK3p6Q7K8i6VIpcOhJJN7lWI/BbS2hAexvG38JI+5MV4vdttiFq/JpUQONdOqWH6CbcUdgftE6LAl8UO53IthnJ6keJ57v90jVQawevCoKs/RSN4D8WGqB5ZuPeA8lYrtU/zAu9UJWowDxwWiniTH8Blm6fNh62BlCt3vDPIsMs/4kG4m5kV/kjv6KujZgO1Qmhd+ODNfWs2dM9IZdeSxVkSEQSnD0xelCUPEwv9VgeDnDr6/B4smiUBZUrpGj5X02mqCqNEIoKs5pWSBANfXw60EQLlnj8+KoShpTesBXd3x+2RHPv60ut91Nc9YXYxHbvjKRcLMZHF1xlH6+FvN0QFQTGRncqQ/l9tnQl8WLZTnjnUKVR2pQ0Hg8o5V5C+f9o3inqL+Lhez6Skvi5a3Fb45eCzqsI0t2HLaSieTsK/AOzedRXMB3SJTNWxzGgb1fwMMz/Yo/qVMQfc4YPXaerG/I4FkmeOzOBD9yzdUr81q/jVpsveitJnihaxuwnjKErbvYb3ILl4/u0h6Gs+LAnrNBJzqJUb681uCkO+Yxf8FlTMXxbu6/vZK4X9nzW1tf+vwGo0LFUz+gw5V2ghMwKWYsn8lLO8wnau6o0AxzTw9uLXVJCSBvJ3B9VE9uW0TCRP3WKj27GeMUMEFgmjYW1E9XY+L1ZoDnRrNE59KDB7pw7/E6gxyWfVZ+FVAmb3TsLtKBemPmf2PTxvEE9jGJTl/LO6GbyFAC8StVCSyKKAIqcCto7iY4VrKZFZc4yO3S8I2clGrWth/ofVk5CnyQ2XRwMfFKQQBVgOqru0oCOwz/G1B6+SlcZaqiyvoKm9Mo63TOgZe1dDvJssOEYmvarXW+3kqH4DjSyT3bBmVxEx6ajcPMdZtuHVG6XaMDPJjinAGPzvnFLLLyFiysoqQcQTmoWIsCxmY8SkWMPtfQHY4rcYtRypALv/wmcfa6nL345BzEK0AgjocHvWM8pRsE2zQ3gi+W4DdaZExFyQrElUwkMsXxeClYRiT7nwdB9iV/whjnELgq8yoWx8rxl78qNXpBsJGPUK/p/HVMjLGZ6LZKlDhnMzRZxWiSYx1bv6AkyE9o9of21T8oS5ETVeu3fA/7sXvbjnshlgR78aEHiw9Jq2UUliRd+ATTUgtFlU0Pl33YwJHiqgbTVCg/viq694NVG9Yce1vdSMuhf7bGh1z3DxYybahti4bipon6825tI7IS/EmpvOFI2LkpfegssPsQNOAGeldScv+xV3ylAxG0563CG6k2yUN1grKje/n7Nd5NugxHm6blGfcW0/Dj+4i7M32QKlcooRWaMrSk1dzA30vTPwF3VUjLLCCGqGClgOLKCsxw5w4E8B7WJ4sZzw14BvOvuNggKsZEx2DCPoKmZi5WNqzkKe52xlxkFOhaovw1qq0i4vVoCuCVCRjiM4QPffaVtHmTk/UBJaGszjGNl46Ga29fchZp0QbfbT3/XpgHt9xxRcn5KmMpaWPZITt3RZ3YG53su2Jh5r3kpODzyCuiUTyC6OjAtJAwFsZ3KFJF8HXgO1GsFD7NsrN+HcFqp+6dTQ+oLP2SmLzJ/mk9iylSEBNQgbhgPmMGB2n8Ajp91U1s4UhMtC6znXGS5b2DQEYe5MBeeZK0jmBrOWNHN3huHqScljo9QJYKK/Cie1f6FQyQEgzceD5YE2okM7nkGw+m3kzbmgmGcd5FEsHytjHNCGGIOAOJYCK/fTnydPOrPWoCFDphaXh6DHR1IwHek9C5XRNIYXYz2S9c1UPk5mC/Vse//P4zirC6cSSVSL5a2pfnXQJ7xN60PeSLYZrwDaGVYEknIjXctVuJSL789l3T1SeVTGfFpmxu1rEqBwnRpg0v1ogmT2clvAZye8woMMkHMPxzpjIDVWR3Qe996Bhry/y+nwuinL7b9hyQpuZ17+2plfLFyU4LpT11sz2rIDIBRTBf7j3ABsvPaHimjB6Ba4LI1Ps6GrAHbydC87TSJz9x42sgJqzCk9yGfeB7bvy6Yl5VZWQlE1KgoQzb13js2JNvGUdlQ4kNGIiQmdkMHzRqR5FkPnZieHDV+m5exxxTqEDDugDSWYJANzaZmAqai8V7ugqhIhSKSOlw9Qsc+ulz1SpiCH7TseBic8QF9I4CX9x+25+7lo2VcevKdrH2A994aByP6hsyL5GtzM5g2vYzhN2MmZ52Cz1yaFa3/Ajg/WW5NFTin6T4ZMqV9osLf/DrlfCuG+KUDd34Rup4030Ii+GalC5HUkyaiPnFEZP2c94FzKPlxpZIoX2b+nkz2oBe7jy9Wigr1p2HipDh7INUkgiF7D56q2i9HrbSfvuGfUh6f3hmge0cQtNEKU/tNFqouMEF8tEzhi7x66FF8r6MbagPAy8IfkkV527FoJvk0kwYRzVCdEkf/3yJeug1K80RYyPJsMwEBEoChzyu3BkrxUX5ZUIfFqPyg0oeCdE48AbSHMecF0bePeQZZQ0a0WNbSIF8o1+LZGBIOiDcVvl90+VdhFTnTJA0EEzT7NsGOLKb0Rp+LyFO8sP96yYOfKrA4RvP6LADAw9SAkEwLAU/eVtWiDYZWnWsPdYZ4V0yZAflc/8hiwiCHtd7S4EP9GswKTvEBEzIkLSVzh/nBuvcv8kn35+I2b+2cjMBwlslXlhBQg605x3hlgz7Bkro6pLsbd6OtvLh+r+4biSBZznZQwDuMZXYXXvMSbpGPz/gyCbjMJgpd+Tqewf3+I3AXVfdsCl8qO07TBr7l6StNEAlAGTg0RJw/S+AL3pDyOx12sAbZtLCaNPtI3roQjK5hn3CppjO7WuZr8zmH1D6glOlQzWMGR5FWXiW9V4+ffArwliDcA3wVOIPHqoycCfw2rwN7ownFghbZ6ZnrwWIa7/c3zjZt1rzmHGji4e8mbdcdx39bBh//8oPFltnIQz6XjfYBgqNfrssM69QjdkeJbQfXBWxioPbOBTmo6gK2G7gC9RC/+xrKdLkS4lUpt3WlHEBc/so6iSntAijU7Gj543bjVlaTHWg8GbPX/kWmqr0tpwsNHBxwvP6z4yVR6jEJViya4+A/keBE8P88wCGfNvbb6TuCvM5y1PUVNZl3pRafJFntFcHSQzWBeM6dJY40A6efZuOk+WgjztrVgzGnp8ZkX9TkLlUaaOdb67Pr8UM8F4Q9Tbb30rrcah0XXJLUI5+NO9hAftrDUBIyrxylD4ast5b5sK+gLecrolz2xeLcQ8OPDOkOhLeHBzaFyQMBNBGhbYO6PvHdRax0Mt6mEodiagDxjD9xriOF+KS2GF854LjYYrZsn9KdRQsp3vHjUjkAZCgjYUJrmJyXTx08cIyiyagsIIzrZzLc8uJE7/1R7rbobV55Yt57g36lJAgSPOZZ6SvWLum4hSXZxPIRkLY2Cgl6epgu/GpbGy2P8AENBvwg8U7JdLFe4rrIqAI7OZg2epxL+I/NHhpQImEB8uDycfiprhb8mCkjBddx32bVyTIXk1YrAkd1OiwnFq1S/+IvTHYDvpi0EvrQa6pHIAE/Z6QoNe3c9bpPgtE7TonLVWi/pSNfGwr/tYx1MMJmiK8NztXnMKho+XTDseiuXEo9vxJNO1Lr/AIfSvHMTO+Wh1vJPSo8CuqPbBdAXPXQVinJQAD86I+d3SRkakB84l3+GKnscmANjP3Ew0ToB0UmOoBRX74vTJHwBrxsjLZFhT0njepY3TGSvQBciHsIX5ZqpChFKDHBRbWqfcteqzt+7IsamYhfwiAPoJ4tgdCpt8lA7YEQy3YUkHSMb1DCWon/nPs4HIvC4PVoutKx7XOwqMuxs/XvVBkb+araJaUm6iiF7CioqlkS44AxNmhax8DG+jWtsjry8h6zurrpjDZb8i6uQh2LAUdeCh/BC4HmbFMi/1eddN5Jn1eiblMtkbxX1XnsWXy91RzLPSLMJT1EJiyi6Do2bnIWfw0E/2d1vlY05uVLN8L/ZmHQrvvUj30WwXGISihmmduYm+3G1EhQDJfmyObVV402YUBSBp7KBYMRPKAdISg+M2QSeVNkj4glzN/xri1FdrEt5ayY526KfvERMOvhxXgipWIAWhRUvZQ/8oS1JzVUTugdTtq17L5dbrZj5jU1/403TMxmtqYN4B8De9zAeevhJxj1r9ZjTvgKhwMgBXJ9cWLokC76bTvDdxqTWouy4RLeihtdm2n7VKcbo4DXfTQ4vIL+9EVfM7YljQ1leW6opUfxzyKA30l9m+9o2mpoZMVCyanb9cucIu/kMqYriRbihfEQmpucBZLtK7lA7dBuiqSMT9cjoTLsxI30w8FHweui2/HNhSfk6xu0N7DzI9vFMX05stAI/5mnO3u3hPA9HozAlVMIerwIJjlryu0P3TfhxG+gAWp6jdFU9O2BSyzJh01W2In85LM6acHGvg9v3IkO0B9ZYMe/YA17zxwSS8fz8Eg9rNsQYcJQpVIjMZgQY649iVbwjuVs04GuxRKx9pDyPxVsq7obVgFLVdgUuEoyyW627+h5UEs+XHf9nePEd3mg21MLMi9ALAYmiKRfdKann1hLrtCX/UAhAZPv823p+NYY1StDh8dOIfzvNPhpJHnD/GXTGXwHTVZtr1/3abUY2f7penxhHcPFolNq+ywvjJnYMC1eIlJxPKuMLD0ckgOlMtk7wa+SxFklZO8Sc2ZpWouunafenJ607erd6Rwq8gfVlQ6QJ1fUbSwrQNoczV780zidSirjY7nRYT/Zk58sXCCv7fmVRUp2mYSRoG3x4FDnr/y/2P5+ojE0x64mipKFFMOH7KixLmsHjIrUhp6Vy4c3m9eqBkU4V9mftC5J6W924GIxCr9Bi/Bb7KssKllUm39JTUIgRlbSPpSaRDhgfILgJpj45F4mmUmYvZMkNtPvIR8PTphx5WY3A68VtGGShGJHz9WS5T7C6ApNrgiYnUloOoReIGyZ8c/EGO9eQXf9APRmEVQIcl/WV9HUO+14hhdFb57rUQQV8U9UAp2QebTY7sOqAD+nqnW30Hq2mvZhfh9MXivGhrbStAdfVC/w+zNWEqlQYj8RtmDtUt5LG+vfU0lDHTZrxGSmbPbg+ch+0uINFSXJ7bQzf7BsdeoybnrjoQazOPPBLbwHxN/WnCLqdP7FeVfGEaWrM2VX6PNQrgzTsRvlFFeIL1OPgA+TTVVB6Kuenr5EuBj0yTVNbHgWxUeu/25JOD9K8vl1o0BG335bGYQH40nRqUh4AKliYHMel0erzN0jjdh3rwFn4xCyao1sdH8MGi3GNnhq6DtxaxG+iwNukNg18QvCLRE0C6SGpuOmxIz1FlWIYFaiLckF3CfsPtMym7AvPV0wzvFcRkZYLrURE0HbLx8+hPTHeI4wczMOyzFGKfSKylw2ZGZz6WUyzC3JYWjOb8x1n0sSYtszImkOXhBIGG/YCKP3pQF0MF1uOd3G0za3hEqnCN/fE1fYM+CcSqGU/RGJhQYpvQhsO3dEm5cNmWOPrwIzHxtH0pTH/gHtHa/i36x59eK2O1Bdl5zlq98/AopTl+Bzu4prywKE5EMNIB8Mwun0hmVwPZ7CYWTQOW1fnpIRWa4/uFP19YHVl5vYpN6w0c6lzYtC51dRPAgWByprqqteRbo/kD7CwscAecW1ZdbpBrMuVJ6hBYGmo7+sJZL01twkzTu8x4ZUwy8EUxax6JYVTWAupnoCI4cFXTF9Y7H/FpkOL7PllH0niPpRRNvjKaWWGJ2BIztBbIy03c2SgF0CmB3y8HI5HW/9h2TP0FS/RyDivbN1a/fsDRshcLyYzQuufoKwR2JPZx3xHBn8BBIgPPjL8HD1IfML+Y9V+nRlS+AZU/JFXYti8QRvM2vYOnHeMa2q8LEzj+01S9YmhF0qaNt8wFpETv6/sbZWoZa88gmZ9hzekdXEeX1SnijUP5qsS1YhMF5+qAi8abFO3pE/Pn+FLZTlVFwDx12QNk6dwN9bworq3/tpZo3EC8yEOkGzcUDcptSnvWaKNBJdAWXuxr/W/c6c/pGaRZ405rWa10ZrlAj69hoAKtya0ylg7LRktUVd2n0EizpJ5yZ0cUI5o1xFe0DxTIgL5jtEvSFdQi+vA5dEl0mwcj2dV3wvuyeI8QCkkYyWFkf5KYqNEMReTpLBSEYfsFTsRMTTe/R9J1fELXjZH7ib3zQ9bEydJjvDdNnHNAxRIzJKALwa2Te71y7B0KzMeOLuFCWq7wp4NVof8FOD+VkkEv0EEAE0yquYFRkLxJN724ig7JfryIYJXnE3fAEey0KBGiubZz02UQcejWt486FJ0MRVqIK1A2ovBNmKe56NZN7cb6g9r0X02qXdf4YVJ1YKWtnv3JP1zyOhBazjz4dtivmpQcC3nsubS/N8nwWCGcp6mLN5l+57bdLhxXNqnCS9OhRK9XuQqgR3Kt5HxjxJhFN/LnW9j4BBnk04ym9Ab4TObYM6lPrpkt7Xw6H6REXKIMnGmgkBVW2PfyEsV3nTZs/Kslz1tXM8ZyySR0EYVae2rqdxkFfbDbsBJIszhybV9zyFWECEQs04isE3ClW0UOq2loKG4XOpH3DuoLGrWp/VGiNzQV/xQdSe9F5/OoMI7gHiFEneOcHGBGSw3q5G7awTVQAl+2vW0XvhZX7iAwdjtqN9PX1t7JmoWrqRDyBrQNWGjSE7JXIbKe0yf22UdYNBSTCAXtZD4nhiWohpRPyk1QFDIOHdQUaT3BEx/1HXY1Bgds3A4Rl/bUQvom8R8WSP3x5YtfjEK5cVFcDhVgrdNjozuUpSV+kxX8A0xrpdNNzgh6HGmh3OssnKE/Do1VRT9OzBxBSqsVF1vvLUrM4JqbZ0Zc38BuaRakL5TCi6S/QTgeDVaboErAoXX7Ozhc2SmZPKegx2JQ0+QufvYZ3gA8Hy0JpPxPiXAw0Eby1uc5hVYuwTQ5+SEV72Bp5zc8/qIkw3Sc52ETdILAkS+7XRXrryOUwnQzmvYtEVE3KYj14UScXTgOjC0RgNKhSVaiZw4YednhMB9AcCh3f3P9Q/v2dboyhMMj24eYtolzTtrviJYj3bzjDFjDfOCLc3sjqzG4+QEktVd06Z0uKpyAs8oSDWNfeYM6EcOJbCNdDEVthXjLB8SoNctjx605i1aiM+diKjyFoDSUTjOZvzyF9VSKt+Tb+FWWvVxMENzQFr72uARcFNixeM/nUDdMs93EY3u9wQaiJnsQofBcSadpZtbUPmlAv9lPX5jaihnfmu+XNhT1bI/C0JegXd0rg4XiBIGz1v3m6im3XkSD5NbMXw1KMFpO1E1vM+PWjuq9netPnka+sqsyMiKRJuWogi9W5HX2D1C345PfXt3fi456P+d+Ewkr/cEXUly7/rQX3pNZTFJeGD1SwMmxwogGC/eYog+0+ldebaxlGuDSVkRUIQj4zsQT5mONtPjCFMxu3QZXCYi8dyJ8Q4SYcCdzyByL/VzDwOjX/Zq+lEcJVvrTZ4/e3ZlmK5E0AjqvKvle3ak+XHl83jwiTOuP2CImuYpz4dXua60FjQNx3mFrkbwGqWE7GI2txCIp/4S9mPh2FGFvzGLYWkx7jc+TE1YFRUzP43hfHDo8e2qESqEheA8gDZPcAJuk3XPkPfUVBygCuZem2AkI3UC+wKhHZEHIu4H6biQP/A3jG6RvnEGvqdmsauARRjT5DZFV6RSk2cMSYwGvGqYrVigl0ydam4VcUPczLenr4ya7SMuadwHvQbw8a4DN1pt1+zciYpyx+hnETKOqevRhnlH46tfkUneZjb1pvRcmBJ4mGK+Q2FRZU1v8pdwSo1m6O5dCZfCZ/tVoETvy5gcKYPrdFZykjc8w55NFM+IsdQWemRQ9O/ShQdaL+YQu9OMGl0fOJCO3bqYViZwdLbVeAe+u6S5eo896jkutPZgcktwcEERnlJ/NsrSkCkfZdMZK5YFJddaUsm5F6nDdwnyG0XGD6H9HFCqwP388ZrkUOP5XJdAn8Mgd/wiUcPynVRsI9vJZWyuZGeaKmgj6XnTaADQrrRt/M3Hv6BZ7V0HTcI3Dil3QCOMnbBujOsldZC6uLJdPMju7Ea/BsaYnczIT8c+sZLhtwzuLKmVcJa2Wk6tiT1+IyxVXxl4RW2pizWPnNu8lx3VgN6J/KoY8cnWEY/LeRvBCCSrp4DNntw4n9YZkQoDSiz5MSG7LX1DjqWjAruR8SPLBw6BFQ86DbYcB+sM3CUfDSVsaV2VuNMFYBj61HZndvetMQ9tKf3CVRJZL65N2peC710BTqz48zAIdoorHC26dqPlY+XJQF0z3VX76CTQAdUaRYBdnI6SsNv7StAhYnlc++V5W3MsOtvaChcAr2+ULMa1HgNkvcDP89w17eZuM7W4a9ZKz8K+D1giosdxCjrYB9IZjE2/Rls6yS0Hv8Quxf/Zts7/pbBEWxmo+uPYCJF7GqZq3x+PkNIPIivYtJG76xKVVfIlrPzhebFJbrY7YCUoqiEoa1Qx0P+hvunuzLAbxPfgYw7zm+G57+8NrJ+iG5IYyquQpWsWIAvdd/ZegSZf3sGxsnQ3cl4ucgJ8Jk33uURnXulfeJBZRLHamrvq2QAbeXoP6uJJU5pX3M8JHM/p4sJoQjcl5g9hU5wgN/TfzR29eaFjahgYldvuieQSxmYATXcPMJIeAW9DeFEyCEonPEL6inusLvoMWlUf1eHPONoorUeEeBufmUtn4sSTQ5BgsLIJrLHMJ6Ssna+48AcPUThPPldI75UltZAep5Hqqvf5LZmOAL6JIBDsghnxOfsXNgL3eJ+RZ1P0UmEQx0MmZxhj6Y9ekYRBmP+Jnpoe37+2/Zky1NAd87VoX2xWKEtAteLlz3GEtKhbc9aS6axqflYQJHNFCQaLMu8mFLslX93vlNZOIOdXmupR5/RWauYVyJszGavbWusfABNyl7iQjVDDQGBzVinmPJJO1sUKjf9m60KALIFtnO+uGDsVa5yDrn4CukvqAlGJk/IL2A+KjgwlGcfkR7Ng9h0VEEhQBBK0DEQWPDoQK4FPUPMlWEqW3J2jTzEYrDBTD7T+UPL9MITqRWGdquIbQv4eVxY1Z4hoceAiLz1n33daS8sbNiD4blPQPypZVRfUU6b7ph8oHGP8jBVPsM+X56S+h+GHRjjRwYZENqdVfSxzIRapValgslL8X1OqRsG6eSwrDsfyiSktTXGvKUxwPwpSoKWqs/Q4QUZOvhuxM89mwhVFxt0WWgZHyhGl+fT/U5IBAJYXdzK4RnmPDj400mV0+5ZX/HVUlmb2dq6QVLa+HIdfZ3/lI8oCOiaAvVFXaBpwwjVXVn+QCH0kgVq+HdOCpu3NHpN+3+xhgdAQv/KpWuzm9ENfmIbIJTGD+hgqvuFo1AQ+Vir38KNwltfoq44sKAS9A2QJ4Ks4eFsp2hxptFKOJw7Kh7O/put8udsVOrqGlwjBimgjd0IRbO0Svi850YejI5Hfhu6ZIXQdCPjScx6BsNd3AOGNfyCGfVLMKkhGUOIJx9+JrC3AEQb6WNZMjUidxY6Rvfwm2rg7lpJCaNj7IttigYtE9CxzX2bde+c2imP3OUiRa9UuFT/W8oQGEs4mz314eJCKEes69rF14x7GwRNKfg+sshkRPpx88oPgoWqGG9xbej7SlFXqI9cBojMm94LpMfIf9JhTVaQBJhbfP1VRmvSmgmq1W1SLQQMFKgu9h5RMlrc46+qffCZFNUwWWpF6Ba6H5oK0o3pYECbJC2AmVmCl2Ql7yhQPMT98u7DVNnEjOvuETfgQVVmUXZdUX5GjkFEDpRvxwTlxkvqkD2VDu/axLWPeU7rb0RcgaA+dQ/EMwgZ79/aYQfqPPg2qd08Y+F4eqnLCmCAgkmk4hISX6wfHrQ95pB6RGUeQDUx9f0c+Pxl7Q+cgxHLGhlwBAHtI2sDiXrM77WHMeLtEweAKGGzb2P3mZBcdyewP2MG70GpDA2llaYWJMD3sPoFwDoPq9DoNb16+RjOGxKwzCLgsjnYNbmTwNO3rzjEObDPiGQFpXbZULV9iaead1g35WEjF4PKRVRgb1rc5LMH1Gqv7J2Kq0Y5j/S94fdQAIwXX5/bWGcbImY683fDbhUff6bJv0FMlegwkM0qKVJeR89NNVY5XTJ+1Ff9p+IJdZKuC2IW2ypLkt3Jds0RaVF1q4PZ3N3WdGgzSkNp5/A36Oo+St86axp8/vXA1lhsCZGJH997hPFxEyklD3pRZgvPQ5/TQAIXQ/vPWGgXyGrFIdKUUzZnHVOQAjyOw9+lioJjl1XWzwQ1lkxVDNw7C7i1UnAjb/lbAKhFx0KxBjWmA16+uX++5vwgeAFRG6QC1lfsG9uhB7UQhrCCxB5W8zPQ1bte0mcaKlPmZkA1liEfGviKbDVXxKrOteqV/dMXsIYQu3xZm2af3YVQQXQ28Fl9xITP7BhtkzhsjGq0JJO3Yw/SHD3y2E2IPXfdG0JJwRKxDM9tfjVhe7QCT6DuwnWxiO23fIgJuXnq1HNB8fozsi/QbG+oaq10TJr2xbLSa9mRCii9+J17iB4onPpmvdylTn3Bw8/m/colT6bBJrG0hPjhi311NmTxItaz6+e6kem3VP814sd3GBjpWJy06e/mZsjnXLk92p4YimFGhLCOcTHAV/FHo07rI8yoScG4QdtuKJ5TQl77eCqT8V7C815wg7+0jEiyseXRNFC9uNv25lj8B6o1TzpOHc4DDNygkjLlzR/fxtsXH8OinVxS+InpcEXeg/B7S8+s+AMW/Eryj/0Cd7lb+xrR4qVpt7grdlAWrChul+xEjAW4ssXT2NbfRjdJaZZy2uuJaLVL6zDMFacoHMDeaZjgoNIZ8NTJ9z1VyPok5icNNNruXsMakOoslcWx0ig9+NDyWeEhPwutAE26ZoSLFDEV6qpKcOKr6GeRsWjKONQnzySx5SkcJaaxGarHoBmsTky3tqz5dLcr7uNzD9zFDckjWwUZBw+jziSUXmr39bzxdH+chaPLYY6JkQzlVEf+c1nhujfjgeHmLkOLdrrHxvp/1NDZWZURL36+jd6S23pdFxvK5mvcMMb1f3bjSViOhsrD/e2kOWAB1BBloYGh2xH9/3+DAOoOR+hK6vSbPIqv37EWFk3O+4f3ZwXkF9J7M/0PMYH0is+qAbDz2xUpjqTsSAzed1X4AMdT41I+kOylSLvHI585A//GaBUjp7idt1056knvv6Yc6Y86l65lQEkTTEVZ5TWDq9UFdjbt9y120Xyecm+CCFZJ3KRhywwq3RvpUVMq6dF0vaFt+6ICao2NWuSMujw+20k9GOqODThBOJFda0fMdvyNzKJrpAiimUEGDoAMM9KD9yANA474DJtjd78l6dniN/fvPN74o5d/OYWArEO9HXkr9x6KOr+De9fZOc9mBIq88Vnihc9vKT34OFM+lP5c+DetpgXvO3nCxWN6HEhpnRSF+LgKH5054LofQ4i7W8csyh2V/SHPqtCxaZ5jLd5tUga1NN9GV+Cf5+fqsWQGiZkzo3ICaFI03MGCq9zCDf2OPen7s0nVAvE8enZqPxaiWXr5m9Wf2no98/7/R5NMx/8I+7khMacCJZ+i1ou00PJL5j7nSNTJC3kTP5mXgP/BWS3h/vp7pL8tTSJP55xBMwjuZwSK8pEpOc2OSLhJRxLsGeHIDPTv1SyjrSJF3Yd61j2sY+Em4MCRV+Aj7atFFodEAloD+SbAq+RfX95Xlhic1tX/82NyDfiebDfmB8S6DLRPgT71wvCFbRz9ZI6ferx+qR421ZtALwtK2LLc3bf6Psb2MDgDnNzzUFvbvUSxggpCC/vJNyGWB0zaDueEEXXZea7AXq2dQCbvFB0+jzvBdCeASLLFPaAJySlpjBWeN5LqLLyI3ecckqqyU1Mkzms8ktoKu4uyvNronXJM4GY2NgNj1ZUw7l3tES4r4YtPH4unnw1jV/dxUWLl12tVQLG/bGc/wEzGh9D/Yq+A1tRbxFkon/TuLq1P04CHdFyrq76rTV/BGhCLzA3an9uns3NceL7UqphV/UpKTs0gUkiRsz12Q4JCHlJLi32KB/FwjDUpDhjkyUq5Ktu0iYxX0cuVx1KiOaA8KLZb6+b8fb744OlRZ9I6RQj/uf4S4RStzf9CkMe8UQbADqqhwDa9W7JJKwb+S0mY0d33/8yrgpKgsFEAe2aDSglDaF2I8kNt1HgalwuFgzCN1BzB7b8vvxySroQCXAs+xukWbTpsf3iAztEyx3ZA2og79TzSJzpiFLAtqVVIS3uWzooNRhLPiWqfm8zcnjEy6H7wxQN5rhE/+TLMvpJkrvPc/KBw1/LjS6xnbzN5ZloRC+LJly3femZ5ntjyW+uK42a/rf+j6GXgrfh8zevAQ8Jar92uT4MFSmdXWsvTJGnHvC3X8x3Ezod6SSw4CMFh2kiIfgaGg5DR3J2gUj1gLwOjtAnpDMfJ0O3mN86+1+/QGCSYKPc33SD8jYkSnbbhHcTWCRgeZTtOWC0NqLHnFevh8TkWeWYSp26Ca/buPjeuMuWKRhY/kf+R13jPtVM7gOOtbAVqAz5UR39gb1nBx6Oz3J/rgRxgfDVZ2iqERdXvY0FHlqobe14u3FS0sfhK/MemrJGesIExZOrbA7xMR5g8asIbiV2EVhB/I3TrRN92B3eMVbA7mqXD+Tfr/iyzbx1wjXPdO7F6R6ePFbVJtONOIZALhDoQPqTkQkaeEpo6dH6CJe6Unvdm7w2Wnx6AE5otdnCXqHmFky+x4E6LW3ID2IU83VFEkVD4BSaJhl8oU46CIjxf1UDhO0lSBvGuQlJtkHHaUGex3ii1tGvPVWDKbfiG0QV/b080zUtp0Fhfm1069nBlHV4NtF8hJZDp5UZEfTL/nVhAua9ww0SwAEDqhR12DgwpYWLRVN/TX5Kqr2u8v6Yj6llwlIFm9HjxguRGl2qvWMc04hVycXOzc/VZEpyDoyNBc0UX7mG8kZyHdD96T9D29NRsvsOiq28nZWi/ZJClN0rXk474fFt7NeuR7TfMcWF8KojhkfXr6sMSoehs78yspeRzpZGHsqRuMVrjaiS5Mrn4E4j/Fv7nUmVFn0+DJCC5wSg1oBdNDOg5SeBR/NT4wTJ9SRyD8iFkRubNCuJa6kbm9Ad7NqOE8iFfvkSuW6nu3RYzEhbIW0PsCDnmpCfst/AV/F/y8++zlGW/u+BDuZkbPOlFBfgGMP08rPo9jJo7WsXV6jLhGL78fTFD/OB3ADS6P42J65phxRhAEBFND+TTzGN/iVUbuklb4HhjbNYb1zDI/mQeTKycgnhZtRi3evj3ThbgXWBEYOiiq2j1esp/HSpEDS+DVV9XJWJ18b+HB/PNmVpVpV5imm7QYkOOf68IgZPENULSXdNhR203NCfxy42H0F1a8oq361XnlgGyjxcjo9n9qXAP8BXERx6KB1fiWPgD5tLHftspuSwhi7qZ36Pt4sPf5kXWQ87jKYFlXIXVkmF8CzxgTaJTdrXteHBHiw+67Ql9YI4Q9g1/QJ+hoXQAdse6jFST9DVrD9U5dowuDn0rtRpllD1Dp6+0uonfq5n+fJLdpZXbcoy3WmqzVOjQq7/8OVXyMVYx1Xt1/XH8PWDrpgTH5L3/tKONSf/JhLZL+dyvl7cCRaWyIIVYUnbMWw7sbt1MqUBJHs4b5NuFJCMbRyy6fnfhxV2Iz5sJ3S2yLBhD8TwXPvCZdXw/n79jCOMdljSvrGJa3lRmoAOxfuP4a/X4yBGvD0i8f0eWVS4pJiCusBiAaCKvb+0uIFiizU//2btFDPtYwYxMTFZ0LeySnXbtb/92olKptSQ/B1PwCXR1/FWC23JzG5uHV9g+2eB+jV6YK3ucjZlZZpqzAIqOVmLX+JZSYjJvpM0PqPuPShFmQ7aN0cvr8xvxCejzaJ7rc1uT14+i1ChtR7c/ZNpL2+K+76hEUPmU1B0bJEkjx9KeE3aw+RCZf6by9v3zwXHrmHBA1trL8Qyru36onhETbBwvlR8mHfaT37oen8dclMzvTUcGgr6PjmuaIaCn7b/JWBCmmNgX8cVpaeU4pt2wF+1DjxVW5HF7OpxfG+u4o3oyVm/4XWbBQKGK06apqFNZDI8IzIzmjOq9zgbwzxR48h38wS9ty82+TmpRJwEXrjoLKKyvGyGOtPkDXEllxIHFIm+9eW65qvOu0C0ofORmXnUD30XeriHOSRyJca8cF+cbNwKmT7dKIxdknvpUx4ImnkTPPSCzMX+8/VJxdJN75tzAjFrrsJjlse2E1V3SkseBrAJ6ptlyLtp5qMHhAkMGntN79/AsRfQ8BtXMr6KiApi2Jjg1F2VkvRSpmQMnrfOGBTas6r6eQiyjSAHPjX7pUTAXbkTi7Iaw8Mv0Jbi1sU3FoWj+Oyhn+EDmCgH9pE5Cc01R6CWrSeUcvwjwYvhBeJBeiYbrnBRhK+qg4FPInJzh4KICvC6AtyMGtSyIG/CUlc+IENbhp/jxcUGOwx4xHGqYyuYZozLn6nEz2dtASX6EK7wsubfkKtF13BJ7/obj/4VDm0v9A+ByoK7B6i7kPL6+5Ld4y9N3h7sKETs9yS4Dkg/416IrKkfKsfR/J9CwRjeFqiSZhOndGladYVsiQtpgV0GmKhhiz6yyNC0jjH9N1C/JoVjcmF9cdJZSMm0exRX/FI2a8dcnuNBWK80moi/qfpIo6DAMvzcgw69nBYgwQVuOB8SM87naOtz6FGDytLVDJlFhhzYvsx+Oa0ohO5HS6Wu6V+2lHW2oNzUGnESKn+lUYnpKvvDdmVvcAHBX5jFyCzrWXW0U2nvXxnMgbYBcoZnvuxP0k8SUaoAaYn5PnW4xv9UtJEy+9aPHEqpP1fIEEr52ohe5pnhvUgcQnuUKD55yVY05W848DG8/F5LzaTzNv+p68u6+g+NPoUuuuR6B8YX6p1CdDYgr7nXpzzbs/G7u3SZ4neMP0IQRziHvqy9dp/YGWGkwB8RqS+Q68Dtz+uOTg2GvxJTFis4z7lIekjx8pewNwS4DiKKbdTPESpYWFVwK8Lb87hp/KgqKkydfMxUMSyo2OVEVOgVcWwZx/5wDzU9KkVqrfUiHs1o0UEKTgI31u5Z0nDQFLMpvnpUCk9wg7UjJPTT10XeFaqYYbWczBPv9GtoQ+mz4ky0pdsJMMUDDKeytLtjIqXpKkuUYNZbjHuNnehPRlF/5ZJOTxssOhgkrEF5T5zj3Xif8G+kHqky4ftihntQ7mewBUioacwx0kLB9wmgTPflvEpecG6/+Ent+q4wm0vhPiLsKhieteR+CFFtO7uaXxhSjAzIzEHR9td1l4F4Dwjm0d4mT0Udg+fWLVRWtgfqsFsf46apb1gYTBuf23Q6OCToDer5XxpCLWkRvANPkOCwRdtVRc7sALbvoVDt5mb7/nYAftGuO1aKwTc7e09Nq1UOfa4MeTFf9LcKqfElaVRldDtMc2IOraisu536I5ykjZ1wM0miZjQVdAuzqD/uPovPFaKUmFPwo/zxKaDgcolCPoZOp4bYn6AzyQAPr33yZ/SWxyUDVg3yU4oGf4qKasIq/QLMZYSlPH0GnaxavzHbOjq5vRm52DmqR/7yPfYBFFFLv4HeqEdELPGdgWcumVmNShCHQwIGTCgpITo759sU2Stx+2TLIxWW3OSUT1VuyoIQ8O1k/Wun6aBW8eRCnBItnnbM7hx7cbaWUUCQy/ZRWpVBV2z29PDFDaXtp9HlY6A/SdcMtxVdTlJjo+0Vva/szibGl6Mv04IyxlXWx2gHSZC4oAbF37r/755JLY77cgsNoDnQE7cBIw6ksB3yXKD3T099OU7++3XWT2xjoJTEntfqj8akLQZKuFP7+qrBwWXas6tISFCLjTDolHItkezwC+6pvbSMtZZV8YzmIAGFf+LQ378z1aJJ40t95VNXl1ew2bC0JPf7GTCv11v0jVh/oe1k8eYHfA43dCs0bH6lhvNQ5l4u1A/hYSxK7p1KSgTdknCjU93PdYmKwW2K+br9a/fsg6XIUQlBMgdmuhV/jWYjD78mefebYiMIU/4c/MLiYp0oZofYZD9QxtZn8JaGL5OM4qkggpZiMvExyhc0Sc2WXtQ5eCcZDYAL2aiDHMksISM3XKPxAaaUQoovYwzFLxP79MRfidsvQSvJ2U8dtec0jQO4kGHE/6xmregG3091Ws1Na4uBToyv3/5ZjJUqtRHpOy6VsQhVQfgd7s37u9o+ODKdm13+LH1PTqD4QTukRWoSz6mAqEcqhdQyKTXB+8an6Au/3ds5TxJxDa/135W0suSRzJUoCSxVQ/K+Un4Xs9BCoRT4ACqOcgf+VDwtjDKiEmUstG1J0CgK0a5AyC0fqc+8Ay4CMgXYJgVRVhZXDTQopEqzGGlq/8uztnEKx8LYothAeEsfRlb/jSgpiwHSueB1jIKEXBN6OWOFA50swRQar36cxfMc1/1xVCN+dCP8wra/9M7ZYF5RQn2ECqUV5TQ0i8xwk+0yt3z75CGEVuiaqZj+Xr/PeOQuQ5U8fVgIjPkin0gVXq08XCdYz/CViz/A2RFzxsOpubcjjO9FdZYQ8nHCrEnHeKRitl0STanyJpX5PybEm4jPg+BjpzMKTXR4UkmYkzSp7yFCEksxFec2osxR6NIlQCwBz117QzBA3Y5hkniRktzrdwCRBr/4iTZySD91/MXOunAHj+KITqEd2CsbVZv3qbSPTH5wJAr7w5XJb2il4JZpjxaGWK8qU6Dhlh5xeeLE0qxBc8ouLum5fVUFF749eYwg7PE6MKWvvXQDCQj2r3UPaFdwTYnfK6dbENhc77n1TBHpBwSApMfS1zvl0ahf55goy4Wfa9a6f10RkvN9/270ALyMNI4QmHf9/W5bTKHLS/7f3+0IewhsLW6GQxrg4usSMJKQ1AYxtD5lecodu19D7wUc9kYq/gbv3v3zPHkT8jruCtNc1JOUcId6pt13t+06Vanub1OkMM8zk6EEgUJDTfwcIwMGq0iVa/u1tjee6cowJzYs0zSfrfR69MSPdHCPdq+gWqofTb5/iYKaJdz5xguiv7FnRjdYSSm7VbSBmpCONKL8D4rCplAHpw1Q3F+NVgTwX8/Tix5f5CPqf/09RCnMki64XMUxQEihnLC0yxn3rxDE82NvxGVK6Kuuw/qp52LSEN3s4Bo7S/bGc7ETmUD7flt18bafrWFdq/ltwXuAu+mIEqnT87QgJfQyITbyR5Cg/yFSmzjgXnH9l0CM1+Oqa/z34wiEtbyRo8BZL7EoeY8t4tQJOscIDVQzzivEFEEPtCdQ0DyS+LeeOpcUMIxiYH6iHZyhXd5AnIN17jgudeYrqdu3m36dPUlqWCm6lg1RWztZXJBEd7j0y4rRpTrHH6KLqCp1rIeWERECi2crxv/oFn3+rVTBJNRF4icgk3FwOQKPewNV97sWp8cICbYvvPgsipBCwOPLY9JV24DThVJQKJZZO0jUnV9oEamXmwm2O2RgtxcLtX3rXmOPMOtSD3eAm3Uo6E9KDmGnq76BKIPid3P3iFYUQsGB53t/0LMhqtqj76nR+zxETdNHjYrBgOyDoOpWWcRP2zeJ/ntNTRDL2B19zdG+1U3WS63P1vuc1EFpMzCm+3vj4MJYWYI9CiKryMtK4UulyG2qMU102NBf+AI18jOi0KynJOuLTwH+xRoq1NcDTpkj+CuNr6BSFAsAI0Jz3vIuVdpJ4iX3SRsU/C54iTP5QSo74b7IX9H3Y2D4YeFHb8Egeur2RgV+k8JAYfApdPXrZhLzBypoZGa0dWG/a2dIqR5SxGuxa6pkYSkc93KCOO0qE59q7hLkLO9jn/0YS5czxJRtme59O0fXf9dP+WvvoKcucoqmcf5wkHgbL8rH/iwF3SN0kNJdWZf2X4O3rcb+354x/mbU5YXww90Z2aP77BoAu+qyQENHPzZWyGEyf1FBKtT5fBgHYACk3e9/hQAnh271p/oQBjuWdWqVUr2hwmdfT5ku0iBVulFK7UXv7xZ6blzmzfADF6oYIMQQ3pA6oW+ETcDAY5GEKjaYP+q1i2JQf868Y1B35KyfEdtc4yXguXN3EOeIHPNyeiR9txcMU+/v3uG0mhWtJE1ypK2MFXm/W2uHFEslHG5pMcLIQacdbH+h+dHEOU4qxPzMkaqSu12hzor+7vkK3nhrv3Zor2x3gJ8mauPVWDO9x0VDpJ6U1Z25rhU2IWX2y13CNKgqjlHn8OMnGmUn/wfnNMdT1af4Kc08KTRg6YtDbD+PeIQR6gvtp88VO6zkl8XkfZmjj2wTt99uVIX4y0NZXSIkxYzvF6vE/I0rXVoHyzp5xDJm/iFgs4vvBu9G3zDwyCi21JHo0PXUIcPOMeioK5ToEWlB8/b0LZf5IThZBwq/J7QJm2Nc23HJ0jP70Yf0DAy2wr+4r2laWCe+21Hz4p9z0dC96jjZGxoDK/0rspePpWx94J6yXCsudRcY0VBgbBFKA800cVs/9pO3uuoMxtHc19w3U7TAjnAEMSqZv6tcFi8COhVxfTF/XmbZJjMErz31jv7KWXp290KYm/2rBfLvHrX7KbVGRA4QctlG4UuAI6jkVxs/2nGiGG4hkV2zNN0lvcTUsPv+1J80Xv3eX2LL2La67k4BSqPKQ0oWuT9ZoIImw3Hvv4JQDX2bqScCR71Rkj62ekt7QJhxJbt/Q9Fr0mClj4jl8T4K2sluOqU+aEKk2tSNAvWJmB9HDks4wOD5DYnXJ37P/Pxvs3nGrpEaD3OTiR82i11SZmZu53OR0jnHrg2RlnDyYRfRLsltRYPntWdRCgNXhPhgFgCq6O5am/QbtCf/tdpVv1ET21RJg9UgG9O9DOf+pGIHZveBmF37qjrA9Ja51/KUUDB3SfXGCekmmttknjPh45p7yac+eGoSnzVVYyZqZsz9OQxm8fVTS1S1XcTT4kquA9MNbgeVt7XEzptGJ3VG6rjYKTm7JGogqw77ynJ+EHXS3Xf+owWQiDyhv5kgqwxmDLJIfrvzqZX4LTqDpF66MZhh2VoB3GaBbywkeQr0demfEcnoAHYGFH4fOXtWeb1JYwklDv0SNKRCT2B8ycE5auvb/9SOcsZpy6gvLqxOF5lLcofYWKtF2j9nAGHzlaDSYN9pnsH9eCkd7V2cmDM+dip/6xbJzq4kAX90AA/c89pJz+Ci7K+yoaPdwOrD+CapXVXwXlBnbwHpQ/oBVyXeAoYnZnjWr18s6D0JIqAXqGn9bVAdjhRNxwnNBKyAR4PAOFL4/omUc23hvIyOXPi/sGlxTWFHr7YPiyPhpzjJTRWVj8a5hCCqqxjuH3WvQfuM1vLgaJHtDaQFQpMHtDDj+WW8m4dV3HOdk6PgAUQ8xZRNh7bdl0l1EBOn2YIupYSCeEQIVE45PxfaBCsqu+MTOc37r2tI4xIrY+9YbDfTcjb76nqsDRn5HHcQ7ttxjqPZKgMiZqFmZKhYMbR6+/qtXqogTfJYjkfnvOf5eSDoZkGlXBq9JKoEShV81hCfVrzni5kcc9bSjVNM4nTgQtDlS9q3v5swgHQAgUiWX0sv3OisSab+DexXblSUGvf0+Qmk6BZmAGNzqCY6Q90+wue3tp+laEwM170Yy899qwmjfd9RKwgIBhWTM+ch8gydsTq/8PV1kFlvS1pGGrRW3UMA+9oDGO7GfnCSNHo+6Grm7f8BS3+pDbwPneHcOaQt0uHkWYX1pn0WODf4CpLCBBPRP15YLTVb8Kg9uLmvdH4sLwtJK00AUFDettX+s6QYL7YGLLkpAVRUwQ1sCRGxsRwe+ZIQfI1MbjmJPkZgFihSR7/8Py2A48tHJzxoffAUq915gypt7pDyo28766SRC1nZskJcUDgEI4HMoRsqDvNylYthrIcS/HFeaMAjy5GTBG1Obx2Znx/cLOeHtt4f3YYHcFeONPy6cNTLL4yqnze8fciB29pfrPVgXDy76/el6ym30kRuEKRGafgfuuqZT9UQ1Ll95lvwXZ9yDBGec8lK79/S+CVPTPv3fvmGQP5InoGhGmP4kz8vS4HxY2tkvN5K5/rNUMSXSlJN+nX3Jdwy+/sWS30wk9TYdhkUy7HB9m0QmzOZibAJEuvHzOIm2HHOvx5G7Fg5OYOpT0F2Q/bBsmzd74sw3PBfE/aaCxkoQsf6XsXwuf+aVXNRO+x77y8+5uWof4goT0wLtm/GaZB2cMhk0qKfrcp2tAUWJI8EkvzNBe5cJmkhr+AVNnJ82TIiCLA2owGh4LZ5GEABYSQKA2+xxc0WKNgtNG4g02oAoVtYWZOzox7Ay6Xxh3ZrTP2sxZZW3NRv2zqqs5GEZtfwReGSFf+iqo9GeEtny4RZeaembSyt/mtdbpP5890cOK60ScWBFGBlwt+mbBVO1kiPlliglwOfj1PUe9DeBDw1a4jMzfwp1sLGWAnNVLzSxQfQoRi+K11crz6jiSkWdb1R6SVD+OivHAWiM+vP3+Tww/Kmypr8PUAeK5h6M8wH5du54iksi4XMIB2WrECa2eH6rmuDQEHBx8MmmTZey1CtI1rr56v3wZIE/F0MsJNEJ1T3GQTW+rKFSs3sa8EycZ37Io1D07EyKJzmdI/k83jkUZJQWoK2AjMNfbK6A+ceRKzLjVwqPMxEQlv8qMQYsKtPfSo2yw8JOb8AcV6UDA/FFrj53XfVl94+bcKCxNz6DH+d5JUdk1wL9aIgAm1ilxHVPwiesLMbL7AhzF3rJRVddNoAZITgiuotzKxbiG1dJaCsXLU1cRyit6BF57JV4H7gl4L7W+UGc0qZr0noyJCYYz6us8Hkli2rtDBykWPKDGZbpKs6uRINRnFl7SxigfWnFLA5dsiFt7nh0BwFGiLm31gd2YiPnePnkvXeoIcZhKurT8y/rzpsfj0nV0kxjfGfsrrKeokqzpN1xci7/YJwGe5b++JyZUrG+DVSiRE4opGdO+EJIIREogMbtN3aHSII8zOoCyt0rvc350Qn0RB3fuklOwaNnZLGBwLzNyUfJPLFs2Vaq1CJ7gs+COS/5cWBmQcG8z5YHRxzWjduWkeTNgK6H3Q3g98cG0ck3mAZG23YUuwnx6p97bqaI4u9S5bXBKZQCf1S3XBImSUV3R27rcaZKh7+Nz2mxdEG2IeancxuyL0NRu6wyqybizHDzwcYyMSPXF5M20qqgvdSS3TEQMGb9xVmn5FRZJ1mJm96uA9k4ncAy//MCVbKTPkYr0lFyAV6GMHnyvkqeeop45u8guhSsUm7pEJ4QdMxRIX0t3WVoaVGJmr/3Kptrfou+h1X8DvMwewuPILekHyz74vNgS95KFzGZxvSyAqcL9IzvJjnjxt6L938HGXlVLuEHov3/K1Kqmu43myMBA2cVQpSG6whK6f7tZOWOkSmns2/Nmh+QL8YA4QAvnU4WQzCZfz+zBw1FAbkD6fQkAtTfl9AgWTszCf6pbsaPlaVRRsjrnXExKlfLqKKuwH+dFa8fKNcEqeyOIBIa9ULZfmKUY3/zQlJFtBvBaki7Hr5YO90fmfu6RLagBj8qZip0VFFiG+FTWxmu6h3jNeiuHOxTJ6dl7TYuJxIIygB+/UlsbIuDsBMH0+Qb2h3yuxqeYxxpUdo7HCvjHeydK6ya8MMJ8paVVwszxsDWP4DkP3wea9Nr+osHAqDAEqaHLDAZKS407eR0xHDO590Z8kYj5UwN5J/On5BWUXwJUdG/Eta0aR3P2DoCovvlHlg6fW3/cnYbd8ykpzhX58MHAEDOvZf7j5jyBZfidaw2o86SM7x8VXFDwFtpfkj0auPTdKMOaZb8ZwCSspyxcMu5du3pPYUQ8pwPdfa/wRCGNAXuZvDfnZc9zoo/Y2TH4rExzLAtmTal5OuwLJNUSbSOQ8e3FOp9LI5rHVlGaFP+QFMoWQVv/qQrw/LDgxFBHOYNl+V5Y9wR0BWzdVkmaD3tTo5JbRqMd7zNoB/SBdKO3srOtkiln0aBLW6K0mtb3x44aHgkNPDrsJ/e6uR75fXtDQUsqJoxZNZl2dy1yABieJQEw3MDjKpTBUCuS49KKNZjJpQuL/kvBWMYurPk+QwmOWOsC49Nfa6SgYd5+DFK+oDWxt0jhPIZu3ofOZf00h+LP++AD8supE8UsdhWel9d+u6psvfIkttq6ZK2Dkhx7idsXwT+qqXNfbg9BpOLqqh6LdIfng9QNuchVwoCBDr8oA5bbQufNoQ0byDSWXv8cd6Lk4vmkq7IwauSv/aci1yhxitxTfgET4wH0xaPB/s1ipR4HvZrETfz1dFKwIUNd52nis8RX6gw/d5r+HqmfmSPx5oVn6eY3gUeNsybb+zqnFLx3zzUhZeAbXG2XIu7chanwXoSXjM4E0Z4I0vnLai4n75KShqbxZcfRnai3xVF84NawQnKIrz6OpQfB/kQ1Je6mFH4/JsLuMeOQ+4YJefXQ8J+iUOfOPbROtQH3nAyaVTQmPv0Z94wUF7SSdyauDk9EHB2sOxnU+/JVpmQuBUHwV4o7soLN6j7FaoTFXNX3vOqcl35vWC2USmyX4pSlW8qapVAurbq9TBsLlt2m7NeTqXJ0FWNPnQnho+mQLMizr7ftqmW7Cx0ALobfwbXpFXAXKrqolkCssrrUG6QwIiUhvYfHrKxaEVcDFLn3uR4mEVW1VN3HkanJQrqBDlGnbhF/4sjQ92k3Kzeus2OJoPCa//+6G49TVJYp1IKkJZuiRocmZSgruJ2kMlzmvHql1JEMKMmUnuLmLvdPO0OJCQrJq3D5fCGO/WOUk2lxrKg+maC12UEpk8YRL3EFnKbW74c8vTNOWxv7OTXpa6edWqitV3uewUW8+0fI1AhYBf7o9sp39//aooNFvgXjrP8+160Ml2S3uLFtq4wiIVBTulc7Bmy2TmeFs0+pbdxajep9jh/LbYuyekp6g32gWZor7PQfvHwUiY9sIVllg5G0RkSvuwAXy8wIFU/Q+s87OH/s2OF4rvXoc/xqpRoAZ1OQKIwN88zyR1ttnmj8XieOvaAbkWG1B/LvbloWeTG4ueK2LJwL/QHrgp9bjnn5eyimrks4fvK2PgvkqV5RZ431Lx7iiWnfzz+1sClMU+74tEMkvnx3ydWFDxEKW1PT8mv8/oF66ky5lyjjCV/ayx9nQG3GPvUh1Cqvxu9W60d/T6xrnsjWiIB/o8Nf203fxaNUERUEtipGPrpv7rmvLnxY0DG3VV8SjV+xDGEN/Bx+9X9Fn+Uo1W9IG2C/5VzIhpugFiHVtMqMiE0lDFQTGINbl9AN9ToM3HrPDSV5Mx2MvOJX9s929UWbg6Y4wFgujfpC6+9MPUjwJdwDeP0EVRBhUSg/lGNK+Jbv9XqaBKhxVN5B6lvJO7rH+xseNHeQBXvoz0kUvoledoVrCtWycv7uGRZeYixnh1ctBRVoRC04nf6DH9TWvp/Yo9o7PnBjekNsjRPNj7tNci4lfV5i6ywTqMmLoywx/y9Tf1OE37cffIpTsfLsQ8Lqz9urITegM31LmCv/m5Axrrw8J95+Nr/WRhjQXbp2Lsb7A5jiZq8ZdSpsPmOyrBi3wCo3UO3xJ4RLGtuSyQC1o7/OsyNwLrST4aEf7bbAZdp/t3cM4BaFpIWi2DfcZ68Zak/KF7IdjqFwTKTPY8LgDdmIPNPVz9JyamuBlvTMDCwciQs3ZRET71+GQpzs0SAb6MRzhuWv9IebBzv237WeXHrKMGN+I1LzJo8V+m/n7QJTMDl5C1ydFEknpNTpNYhxMzfh5Vu0w/JdiZ6agqQwOVo/e9FMStUfNsfwCbh6UscJucC7ID6V8Oq4qO7pSxYPzhOxBDBLZ6wasZzNc89SC391fjy/ps8o3NkPYB8Lin8HD5162hza6zFIXIWTXAGbsUdfr9fm2GciB1BrFhDhgkdm6JVZv8AEkmg0Bu5vxu1N3DAhu7zI7Uxc78+BOpo44dZ3f0cIfURlIDrpzi/5bZHxKq+n/Ny08DhfdrJkLuMHZQB6x7Zo4PPHHFrVF0mrn+aFZWRFXe0RX4AiysZjn4rPCKQoeuWpVqstehUh73Ih9yoANG9QeunwZpMti5zJQeR7fEhjlmYNBfJwi5bPPoJXiItJPXjXz+euuxUYzaXeHNHEG0YWKTCcVDQ0V/5TN1l/jygHQT72N/gvHFyVs0SHB1U7Kn+onN0FQVZrJfeDuUl908J7uhWaUViCLIyVnhLLdVqBCl6QSl/DAFqTfNPY/vazj4+JY8gWdY2C+5lWru6ez/Uow2/RCVz/ALbdfAvp08utHRJuPjKMrSLMq6yxd2/GSyY+InCImi43x/K72kcpD2dVsRLoB3NfsVlM3mbZM0QniWwl3CRUq5t79BScKDoIRbueGl4VDslQ1I+TtngKyL+dV3CYgONam5rpt/eW2HkNkQrGP1Pnpmqrg5pcUJSuo8o4ai1AtzgqIvrdJ1UcnVABxjC/Mf4N+8JsZ0rQ0SrLu8NHWFks+gzL+uw8ku97ggiUlfX6Bm8iXh4etVzOMfRhXO87OR50cFIHhCpeGmTIV56FaKutc8gILKZh28cpFI5jq2xx5uFR/W88X890I6u6d6bbnU/W+zq4UVDh1W9vmyytqM9MlUPWPtPWgeJ9wb3JMRTMW9Tw7ImpWkGCzRRcqoa6HBfcy/cUSu8TOd87chjTL8mPTMEYfasJkgGn/1nwCCGS75yXjbjdttBy1xze5v2TxLH7Z2n4PfbuStjjwdbZ1cJ5P2d3NN5wdc2X4wFuRHuzerH4xQ01IYeezIZSr/cbgee32JfxG6ZbXPpKWknZilzXyOZw6GBLhjtUEE0lVgTZMirDMy9eu6QQJUzu/dUEYdoIl+MnmY/tjJ4RChhIV1gt8rsZZAmlWP0pHrML+Y4pfu7EdjlhidRU4UGP8L5ddHU2Q8177T0SG+VVXuGJ/juOVi/xIUP1nJ7jzxyBerPFwgbzyIXXJZnxrnfrR+IG39LU+BIDOu1aCaQSh/IsI8Crg5pHBzDEXv99SrC0BIMesqD5xXCZIlP00Z6nl22OCwIsc7++sU92/K+a16e6aKSfLZhaD/J/jNkOelzmJdvYpk96zxqHS8yCB3cfLcOx8+9YGeRL4exhI94TKWKI2OoMhYndilQXWLwXMJbRkYiJKtebb+zjFfJ8X6jUjx+IbpgN+ogHDPJtzjOSkDCruYHQIretijHRNK1F3PeRGMhsd01yiw4gecgwoI2t8VetIx8XJk/gt9Fpy1YvZTJBx6Gkq3ckXjTtdy65sv0BTjyU2tPAIpeCuz59eWZx6ztzIrFkPn9dphTFzvjlGtdusSJeV7D6jqspuR3YEyZidpqUD5w9EbHJ0/RTbDvfpmKBSGUjjkaYntbd2yt3kgSqCIzoKhmmqz2qrRmAr6wQb63rVadAtV2NWJlywNLnfx9wbtdvIvOfgUsqQXN6x3N04r4zjuX5qVmvOlAgGu30Wfo/vs1DmdWQbwMiI/3zo7nmHDFOOCFsOfDv24CNX+GCgDDqTJ3D3VPjdTo/nwuk6H5NKhSPOp5Fij5LqOXTAHyMof1xaWqGMQaIVJNkP5X8QHNpFNCJuk+E/VqZlmzUdpe5obK5Q84up1gfY0EanrPuwHK7kbSkKcEjO/HAkd86xluitLW3LCvnUq2B3rxRf876uTH+LS4N/pM3qpA7GFf/6N4RYe7G+6XERiv29TTEteOXeBa0Hi8VysGO0YUEL81YLCcRX9D3JVSY+wxEDk/WxfjuEWsg1maJd+reIlCb6YbVxUZSyTrHVImIVQZV+3Vms5akBpvh/IN8tkqcih8GAV4SPgSoFy7P8yd11ZjipBdjXzjzefeCO8hz+sEN4Iu/ohVf1mDdOnT7dUhVCSGRlxb2QYIS/cvXMuhenbB7nUrzrK8pxQiNco4Du09+u3nHS3zgcyuDeFhZD2agro/LW2/Ttd9qoEkjo2h1+KAHuMao/SfK6xCUB4kDPLgbZfQqlLsVm3z9D/GgpDNZP0Cor3+rZQD/I8c55T/25XAj8F27xCHlT4Fm8bfYmz/jniB9Gsr0LR2l3/xtwz8atCy2/rV5FOido9EYfcaX2xS7wd3nOvYZJGxLyAYDqWybWh7Tgnh0VRgbFfniQHdAqiP6wJCl7XOzocx+94UjXmPoE4PYiKcqmUT3A7GUUj7viOaXKFkBQguj7kgNdzH9uYzuDOdRlt40/FyMMzpqYGqT4v8ZINH6/Etj0z9b0BL66yJT/whLdyxIWXiWevWXuYrD8zdpG3YnLFHuWbYFz15rd18l5AtXXJS2KPJjNTGXTDMsSE86LDBWdUIEwLR+Lx5bO+1WVvoEZ+UfDA3ZOk7HDFE5NyAvmrJ2N78zy+UJrgKGkLyzyi/gzkMpqI9RmY+UsNOJjzF7LTtfv+Fc2huf35EBMegeLhHcxgvZT2d9753gitSyjR3RsPnTQFIVqiMWhFaZFE25bneZxCS1vSqSbaQXmSU1bYAj84YNJxEImMnBvF8uLsvbJwrUwWjhujfvhtb0cEcOqmguzZzRZ1XIwmczPHnzfXHt6wLrLsX3ekD6NUEh/itsUjEPD0V5Z/Zgeb4WEoKZzgQc8Nn+HajVYF1otI7GDihrYWb9yRpnxvp+nhJUF0idQFKamIfZh0DddZpvIZNx3NDuKqNsToLyCfifVrfj5FWVeipi0YQmP/KjpU8OUAx2bRR6m+FZW0rHiJRVyC9L0o1Eq97yor91q4vrjr8irozQdqvBnhq9E5GHhlFSDvpXgFIF0QbHVLm2+/74wBexPkrwPI+XkN4uy/6eOoT1iSqjkvIMhr1/1bwO7slOQ959zQO1fL1WPJoIFJiQyiJ1Kxfn/ZrcnoLYJzjf67FQmV0T4k84EO+yroWRpqU1ZT1708ejhiLX0n5iebA+WhPly4Jm4n9VU3rLzocxuTi1Hd2VcegRK9rEuvFAEXc8bAOp4uerfmlmRN3whNzi4qlviFCvu4BMt+fiZNffWUhcRNfXeEyFhqqpPZ+wVvr1PVE2/6xDwtDNxypXOJN42Cl8dD3TlceDUu0XLzgqqlKOwH0cqzxs3Oa7VF/5tm2qMDJ01YFVs0sW87NhRrXjuPk3zfdqkyvj9nZ1eYkgFH/z0rbzNYMIO77kfsbmjslQvmzoG0M1TMd0CKRLngunmvjMtFfTllmbaqIzV7TYTjwA91N70m219f+uW0i2UfzNYAP6L7sRgx4gW41mBrC8kW80gti4AaZNy5xUH1bTR394Cx5dKeCWYatjaDZCsSF7fUykZtjrV6YZ2zKUfv8nGo3DNwiudfvQsAw9zt4Yr8cHxn9Runj3UrYBDZiDlvGFd1BkTr7YZVT9d1sQ8Zf6s1HOgE3B4LLSpNocOxdxUlhawbDmJnhwUkn4uCHLAGj/VH9Iv0/0Iu0AvsVhEfD5MJU2PYMfm6SNoEkCemfUSlqf2Q3J8LyNeSlXJ/UlrUmc7kH3hlfiXkQ58xqrn/8DBKQO+HJk/rHIxWv3+sJFIhNbMrSiTeJxj1Vn7F9ODuQll9uFzfafG16EJzVcH7brhqWIze7My7bJOAjw5ATTFfYIeS1bySvStlFZFO1d+v+IGBwC1s3Bq2xCJcZAbHvXy/2L13m+1ExQIjcyT0VqfSh1+3hb8hr/nYHaGl/VuVClH0rL22iQEVYIZPUJN11mM4sNiTWIItAiI6slzvWDo0SpVXtnuSgtfovi3iJbITJkDIxEovUpXaB0fwwDcqnKM2fEKhgdhLt8iPwt8hJtL2nYhZ2ecW2b+AEu65VryP422npSiekat/NSMyTevzcvZH9hTlSykZq2Z7saEURW5m++zbCWqJAFDZFU6TPGY5kFw/R5j10kSOfWwtEQAXwdIYxNIC/Zgwtj/sQCS5DuxfrgptIroi+sKUdz0TInTufLkC7xY2rhZZ+PKd7LVHbPKaqWLt80EQMh9TY6Pxz3jYsEI8KtXUP2VL8bUVfkc44qaNWzI9sg4+KyeBmOPyo6urU57XeCQqRt6oV8nv3g+euZV/pnFsZRFd7omLvEEI09dZeAJgFWWZ3LYRFdV2f6Svvv5aw2ZCOB9LBkTHzGv1FD3blYQUitf9Dt4fM6anj1wJZIfB6yljYqbGxqqbo6adG1qcQecal0CJPqVFWieg8wo5ptBC0Y7ne7qPe0QZmaKpMfxuDtxK+s2OyVo+P11vYC+DkXsEokaRj0Tu7SNTffLYdLlgtJJe2aVfbms8QrNHWCC4/9ergWUtBqSSIznO2e9o9SzP0IdD2TR6e6F6/Ko6r1N/zZm6dMJm31K3PqEDA48qr4VOntPajmJpHSm3U/UqDkQZf2XnHZb8Mk7bcKgAB73beAq8gcucdZ+51KkV2rRnKmKqOoO6VA06Uz2U97f2kSMsbvCkDbEbG9uFDwDrkAe5Dzj1LdKSUqcNiIEIE/4Lt6mVVU7TAZTalVHrLRMA/VX7hq2RNvRqt1hEEppvhzO0ah+bywp2cUCqkInI/tH6oZYBUBKIWdU9WLAddSLui4Js0PezAp2ULdK9fB7mpU4PEtvdQPfmgVtRFatXhKY8aJqbdkwYOFFv/+uE5xD3oBefyG/PrfzGZzuRRH0/nD8QxK0SEtXxVEV0Z8h5Fz2WciPZN/mp361B3NTGw78yd6iLUQI74h8GKpgG6/toXeMXddP5l0Qg/Zeb8RUyWO5y5c7Y0AmHIPyVagHYlgux+0Q/Fa/2teGZtmxCqj+9JgrzdQekKrOi9DAvn41/WakuLvwAw6q4EG/xJcFcv9YahswFWckl8JKPRnvGZN4s0qCOTJTO0JfhSYophl+LQWqhrNOeusqzvQ57jIL6sp0ccFy1nuOCZsjk4y+H//pMDzQm436TpJDP1LnXySrhh9opWEt2Qn6LaGFsZ8ZhRHpQPM+f3VAC/PXCyjmdUawqk2c/IX5xPFvCu/xQYj5vDSnIgCFtWnaYjw3Htt35EYuRXeMY6TNDwgbjLUlXnVz5kPio1wTFeb/hfKGQqiStaV+GuAI4Kg45ME+e5Xe7MlN05mUXfvgmUeVVisJ7SslD96j0YRfpfk77MKFeiGC524HsQgkmgjANbatXfKzLmJxeCw51r5S+vGgBzmiKJHzegcZoFgsJTelxVcx2DmqtO2SgIC89jEhT8Yn8e5UPLAwl1X0UO66eqvmF4KxkjOCXudIrKTCFS+loSZ7ZhZ2604x+LrO6nBZY5u9PB7KLyJ+U1QJV2x0k5OtB3qhrdqmIOLf6Gtfp4SV4DF0ZJnB9PSrHXrDjqmsbYx15ObQfrnX80aHiyxXGG/eOAHz9MZXD/ULAvhlWKyO9zLXI0Npob+xRbOvdUqxKWgXcD/L7ZUV7Kc5FC47DXnk/9H1if2YeaPudaQqFLhyJPvvNn/taCrS3cMTnd9qV4qUyFESXQK5HqeqRr4SuBsVHSkUhmasoKSCtNWlmDhxQoNTuVuDAMwi4QvPRKNqNL/LOiIuEgOcR/1kkJ1UTaZl34HXb1X5ZcDmWE6yrNdPp3pIocLV8i23DsME2Er+yU8JDk8PLAQpTxmKAxOgOmPM9n3lptGzrl4+mtsKcqvMgLeE7zM9BdB+Wvf4wC6y+fg4MQ7jum34lY1PH9baCCPHs2WCd03XvuxQ/6lKe7Ow5ChcZw1bWcCVQrAybZMwZGVW22PeGWuhapcYZP4VASfikvJXAKUOLsXipE97hG4FgFdogPxBiQt+cV9AyGKX3PeLYgv9xr3CTcUhnEdVLsK+8nb4tTZosLquccmb50PfkQYMFoo3EiH+XQ/We/fth7hGrnJBdsi3aMPh7n+8F5X2Obsved4Hp896xv375UmiUxQihrrnNfiH7r032S7pcG5+G7YPa9lV6K1fJLs+X7XlMvsavnHxJ5y/UC6V1WPlFhMCReGyzU/Rl8CfL37VmpgU55TmhF5ZLBxkfNJrFvyYpOT7LP7RBu8NLeSkzoQUURxL0Fa/MzPgja8LI2f6yHNHBdyRpsddRYbTTwfxBtY03cGQILKSDNUVaXnvY+/uxVEguDTQLV439soipUd9W/GgwC5reze7nVtom3s+h/coIPv6l4J9X/wqS+gOcKG1oDRQHP1tdBiS3TKDV/UYZV36asV6p7dfvVUBpWjJjs3Dm/OSX7FbRhMgFHnRLYyXaC2euFmClFAMcjZCByXRgW8RxHT/vHAeEvBpSBP76bfh5K4c5yVChejnZs/glTazI8t/zYMRGqzCd6fzA/ro0IbAwu4DmPyK0R2SNbBpRKbSiis1wTmME+yus2c+3Z3zxa0QTN2a5+ejIGed7LZgRlqrt1xSB6a2hvIHBTbFilo22Jm5Oau4CxDINmoLPbTQH9N3uhUQH9IuLZzITBqdnHihgJg9q7jzyQD/Fh+iLROk7X8yoaAAWSr84cRw+8D09V9w7g4Re3j7zzNImQFe3BbG4L47kqljeK2cCq0Gj1Nvqek2WVOE868VcURIzeEZV1zcyCigSsL7eGGb/NRMYOXgqb1Hd+WLjTvxaDkDC+hv0qX69mVLdBColXhBVs7hy1jc2m2gG3dv53TZTliJGxWi9E9xIWXuE695+4YaGPmV9VuS6bhj0KGCiHI/LIhnHfYwLYr4k9TwO0AebbcSx2sjo06avNuva93UYjwE1HuLTP1/zzRbQUXnjn68RMYiSKDhWYW1UpIHoIF/a2uLtfH99KCVSJzvBc62r7OOHbKUlu7c5tvMb/984DMwQjZrcJaC3PtLsRUeAeCtu/vrJY5ifpkoRihDwAPGV8jbuUAnMSN7PmZJx1GZILM6ypXHYN7fLldmm6KHz3mESJ7pV9JvdWTAWUZIOhTJ+ShjUi2TT+uO60fx3Hs22cAwx5nRI6K8TONdUNl9urOgaOCJI+9tlqgv4GxLH/NfY+Tc6yE6blT5Q4bG/nmC6CPPoOe8EYSpNpzslZWIGfIBZRd7RG3OKTeqXFntLVFM19IawcGNZKzmkNOjk+8zqzW58J91KYv5y5Ejj4Z/52IbIWtDyhrSZhqpI+8ae0fG/7tE67Sx9peltPoUiPB7lp+QdZVqjOvi5A3Hmvystg2GB65NCPjNQ9q7ZFK3HKmXgymN0MW1xaDsYw/bVcwXp01q5F/2cP+KvviZRfGOy3NvlDwC+XR8oLCjMoZ/M8HxTwOsa8fx/3+bMr/5ob3XTld6gz+P4dx3vFT3QDOcv7MRS2zonahpjwB/XD0znhXOxovwPyv8PymbpWhLPVHCfgDWdA3pJ7xFcaLh+Lfjv59UF3vIpx8TP/2zZuukL/ESKHDGUHS9DEqh4AFpis2wi0Z/EfchgKA5JoHZx6OB53nXWc/3ri6uOIPql8QACH74DsSwBApC8Pl985vgISnXHok/mYhmmnyz+ih3pZ8Izl7TsSZS9ll/fcV8UE8qBkNlu1oMs949TMqFyw45+xvgryYe9Xlo+9ukA6ULIjSmOyRxNE7YavwFJ6N3EUuz2k+D4Sd4LWnmQE7471KzR7z4MP9t+HxNrM/+P/rDHrDM1eGVzwLlB50kegEAqNf6VwHJ+rTGrtaL2FL1RNEzhmO5/JUG6hzMAa6TtSYXW9Kb3jvpbYOYdQVIju+os21KD70IDW2HzYD30VilVfdu/GUi4+ggElDGlq5wPYIdvcbg37lU7TOmyfWkyjPL8ZbFnfWLOOZu3nZo4LjD6x2QdpXSkHBuZ3834uo5xIJSR43+jEXcaDYKTsW/E49Ow7G9QrUSOrcaekRYQZptclBplcelS/Me8I0YQBHCR9n7IggKde9TUynSXqv/lKwhTMElwy+PvGuO5plYQtUWxg9Vda06CGS7boxTeQKiZF4dionAfqSVB0XvjXHXgOOXvsyxD/d9rxo6t10IQ6Tl77iHb8fMk4AZcxdpXGoG+oKLsxoRUeCqIIwie4RCr95s8gzHlqwAixTZ1yjcepNBeWeDas5Tc72vYOlhKMTSezxtoRPd606yv44Ofz27l+AgrTahaQHEM1mLNZv81sGQ3/1ct4zc6nDcwF7yVO5nQ88ZxAzjHiTdSs8czBu7XJ8a3tq2j+opxm6mbaSXr4jx+ZgIIgXUIPN7l2gKV2gvKlu3nGZBh7JkmDgwT0UHWHfnR07U6SYVQlfU3A631mIEw41hqX87ZmOz2TadAL+vmb2h8wgMMM9CFIR5tAeHyWcBbsVvSt2oecQH3JpXYIio/xqFa8NDEsiD/mfDn76v5pZYQpUvQcpOajpT0ySBgv99e4mORlKHI1MlZKpjr/8mqwJPvN3HZhev1gqD8rlXki/nvNWMKPGKvdZUcJLj+GPPvRn1FOKh0+kY3fHvNDVk61AVpvHOp5AP8mOP5LMuijNanxf6xDw34lsaXU8oEMb4dzbhAol4I03aEgmhonPtozhKTomj/PglgklDDw0Gp0vnMngzAUNE8vLfv6NDYwhBel8TkOOm3ns7viOTe5qFFeoqGHsEup+7PifmKhM/QWtxJVIZTRd9fGNWzmgpF3vbf/uFI7gRnbmy/a/jw1TKqUG3TfrCvZqVbXGjAHC8ei+0zlS4eWnNJJ2LDb0foLAhzUnlcbrSp0j3g2MVQqKMd7Y3CKiWw+8RXLbxfr62RUNwcv/0nFW5W/Y38YSiUa35styyC7s8RwU/yC01U7aGws3ZlOn+AMB3LxW3xGapyQlGE+QZhyaC4+h9lffZSGWjpeUOL/9nP7vjFa/dw5ARwioJ+FR9Hbl6JfHrrJNsfDUgL4/10YpanFQQR1QT03q9dXvtaHtEVvw1chbCJ4HhK/har/dVR2QIxyCutqFUiOAvwDFicW1v6peEqIne+9oPhtxiUwtKnw5wMtczI1KH5IBRszxX+R26FZDyJB07YOlhtsD1VFoh68cuLnXyR20luug8eWUQVgk8Szo3D/pN+VawDOIqy60XLp8ph/MaIouegkVAZvoW+VzVgn6URuKYoX9cETy/Sa4dfGsHKvw/X1nabYLkv3mQ+TEdNQISA+dqX8L391eKA9tI+VMYnCgmVxOsdDV71upUIrpbG/ilusNlBNckdOFmIupReFBwCmV3Xji7+mBc49StnkExGxOLHztAYRRGPtvauKIKGhRyrf1PVjP0tIErn9E6RRe378E5qMwkaBbPDL2+Vjv/d8tegkuMYnN6SHSW2GR4ak26tNXjITH+vMG0a0s9+LfkM/3NmfKsbVfzHBDpw1Lkn9qAhivDE6OwpeBn60EAe3kru1Y78pLz4wn9NexHZfYfw/nCam0Toe86tgLaHO4n8+xt9aDDu4Hf8+WujUEVh8WsXxWZ5TBSJ61Em8aU9ol79tZbqHXu1E0joa/Oo5pns9AD/yeCO62M8Eo33u6+fvWjbMoSuM4h5neEOu707LANCui0ncrfla/xaHIN5jpCu29mROr/UK+fDgH5g0yp+swsht/HrgOzL0yasKiQO/kNeBWIMaZSC5UIJV3dFSgP73ezHF3oKVkYPdnMO9May/JFe1k28X5lwfVQUHDBMrUXfUY85PQ0Ag9iW6yXnTTl8viiSp3Q16xmUQ16UQXpZ25E1zZXx8EG6wYf8JHY5d1UYdUEellWuqTmRdrZbR19ZAAtfr2wGEYSNsKZ07guRBgp2sSutcA8+AA3VSK7dNqvi+a++njCPfQLzpBxxVQZasn5Hwc2omjTt1ySRUx+xyJMgpsSPALh1QIdijnkV2gJPj8Gy7GTrn+JOWoUZ3CClSyLsvWjhtWhhD28LyGW1g8mlivo2HPwL6jqyNQ7D6DuiTfXR8897vsO/97GMy42O9OW7IS1HO0mYZNwsSGDVFOuwMeJavmRB5mM2Ust1dMru27dXDg8E71iBEdpGIZKTcCZP8Lweq/J58JHdCuCevgzjEggIkQWaUQkk+X5YNConkJghTi1Cw1iDIfIyOYlW8mfP4bGmk3QdBf2IHqEhJzxlc65gdfiNEIbbdhdqDK0ZYiVCj+z7PGBiY09gK433+oEhJHrABb+FZHdvSVAVcGk4/iXwowrJ6uDny2NFjObVf2F0anwgEwlZ7wt9rhBuSmg/Uk4PrWXm/nKPtF97RMAlYDiJcLlIP2PVJLEin1Dqg19GSLrpx0sZMS1mQd1Nr/W8Udv2Z5Vll6kH3PBnxekdyawXtrffH6pGdUtFNMYurduZYhiCCzn/nvJewNUrQg/4GdiW632xn+dMfMoF5ACM1jRFVSKos4VuMOVtSdIP+dhBHcQqGVSKEMzKj6KP3stnRmLOZBnPbpwPzGCf6TI3CtceuBoNO5dPrwuXAgkX4Gqtqfv7y1snfqZn7G/inJP8j4C+I7Vfmpz7qAhXGrZ/SrpTYcjMuXIziKLwYTlDEpAUiz0n0vLCoHdz3uvt2wZRNn3Kfp4t+rf/acjqC/KgfJHdCZOv485fCJWNtU90286pLc4DxrTXfbRCSqpFYBmodd9Gh88UU0sNY4UDFY1kva2ocmeZcY3oM38A/5ub1MUFaCRS6QRYGgmE8rHENzVD4g2eiqmV3OUDNfVVjF81+VYmbVv5CrFxextM3VRMwfbsmvPagtsRDKNfrzGxKiyyAWFi1Z0PKu2OvAFswkkumgUfKqqYGJLcwl8CO8XneuohZim9xRYoB6GZqWzifLlVUk+Kbb5Ggoku4K4jkSR7cCqwvgb2TAp9jsbrp82E61kLV3EsJ/FfRIPGbyb2jjZJPVTopFP9xPwjQbBcOPJAe8Uw4PK/riZA28/Iuy3IaixWhQVdFkSFZP0h89o070qQZAK0fIc9mH5pmtg/BXR1RsSJ2ThnO+1bwGgJD0aAZmHOmxZe4rNL0d/XUXbgw0Pr9926U/z70Zg5ukv6clSsl3QGzyeW7aCo2XAcb2njKefwGOdXnqzpeIrM5m8wGhVoa1Cc/oz+W5K/Zp8/Y7j0d3Hc1WH2QQP2m4IfNvaWo0/Z0KiYGheiTy5HkFb3BQgpw68x+XvkEZsUoQyGW8KDIkh/P/KDQ/mospnwgxALz2a/OvhXXX0oIWKeZNIC+K6YJeD+KgnTIb8gulyMqCTPmrVwn+cOZJq+4z/xl/nXl7CfXWqFUV+sDqPOwGUYiifgk17S+DVO/dll42jfRCU6ErhgPC9flfepNdDE9gsPwoh6LooePMJ4XABWusD+dyesjUGeD1FZxd7ol62IFZNYv7x8T7kdLVqfWLYfrCjGnl/2zzzc3y/KEMG7IBb2MmFHlToaEOLFMkoeYLvoJ6WJTMi3ucbaIqIOdAP+1D/0zHLFLogGBTSzFqd3+355DLl/43zPDn/bKhiDD5QrLMq4rV4P5X4WDmJu7jb78iwnEElgpCddPJx7x4+fsSKx/Y0GjVE/nA6chIGDR123k0T3qbrEiodybkeowUhL6mJlYCfsGeRbh4oXX1BeREVqjl6dF+Dojscpw4XeZUrFdowIvlgVVNIOjdrylloMrmZQZaE03NBTlG1o887eq8bjIVjh+3ijky9bdvBhnqeKH7o7vFCtejbbaMniO7wjzvPUsYnRuUdeM72gH6P1Shw5qTBfyGnyNeDoBU9ghj92qT74VORTshjBWw9xEe6KxPsuRlO5X1b6bEMNa3Ay69KqQzYCG770Ru6YekBeaYCOSobJ95WwTmaJTHfDTVZJQOsChH9xIOm7uF/C+mhnLuMm+lfWi30HU/krXrNSTFBl9z6n5ztsaQZFLfjwX6LiRKoyULe3tMTI2a3cVQi5T0YuDHx+SftYY7a4ld/f1+Tn0U/bs7912jT9aju9pcAjcNgdEsDV6B+Re13KWn16y/0gb6y6H72TaGRkFjs8rIWBhCA4Et28EPU6GKOIfFtKbGnwKhSNSoPGGMvyfPyG8Nd1sErOBheNSOCh/85lFMKih72izmwepndwHGuRrefLrC35LVNSkYC61MuQvPHOKrEDWuwwGAAmjW1ZOkHUmlnX+MLdQGEXPCZNvYBJvEe1gu5poVp1ucqJWrfCstbZphvN94J/d7QDIJvd+cak+ptWGAo2hwakELVwUVnO1k0PTs1zd+cxfF9lYjcQSqwT99m03CbyMhcCB6wUki90SsntJOR2m28DbvtLEh7Ii21DMnQZ/Kid+iU1WHbEpb875CgkleYmX1zUMo0OB4+gRZ1wbj3UCFYvEyIMSBDq8cWJdPajRAJxHkT6O8peOGJpLaXfp0/sQ3QkdtbxHqh25h2+JlH5xpUH3lh8ZbNV3Po+3k5+ZZ3AS0WXVqGoq3hktsr0XfCxtPK74VwQwbs3Gr+Wd9nc1dNV331KCTeXU5abkj3FXN0tv6ZkLikE1bnDiOXqpMjWACRFJnTTygD0KDkj+aIzVX2xZEBDA+uW6q14UDEgkGsJTh0rtDv5U/pLthfOh2U+lDjsEWNLIGVsxGARZuJ77QzWHW9qW5naVrx6S4dVi8g3rhPYI7HbShIZP4M0EOI46m+XiAUPRTjR7L/aXOqv/xLA8GzZ/mpdMRbP8yvilpxu3qSqB0ux/LwmCZG9EhtJoVcVG1MF29xHetQ7pqWQyLGLhjev1sjYSog3wuLHszUZVzGUKOiSm1BmCpCbyGizoW5aYav7qCWLo/0Gskv3bT5xEjDfM1t0Cj4OCvW6JCkhRPTRNE30RWnTQnTMkIWGfL3vmSGZpVbutXJ8xvoYCCmzxtTEIu20AgV212W4SByLwyUlFxsGw3LIL1RIXoCLpQT9zP+0w0Vq2NyvWTdJDhXq/spKBJ7mPgKPfBvI/mXrbjv1SBDyidqPeQW/lr9LFF3Rg+AfwPqrMIdCr2l8L3QJaTjBP9wb55fKZwijCS8suED9BXGu1siu3ag6Dd1XLbUzZkyRyo+NVv2xph+FnSTp3Ouv97BXwG1lib4lbMc1ayLvb41V28/WERPwQFsNSdAGYZmEsXeHa2WozbR5Veat/IUwgA+zXtwl73It72yNdP8+2nU6WjZmIDgnod6nMUg5L4T2vjpEC/r6MXdCWTSnf63ToVJzfTCnPqKVAM4L0sVr5RVJ4x+bGmJveTd4MVfV4qhoFSDIn3GfrXGZSiyFqX25QnMMRJa82uWbRBVcC0cLFDIP2j2LD3jRzcrjnmkaFo0MseH1wEhFHqyFTImAomSrv4VzYhiNWD+MiS5LDj69r0INzkkCYwntpZlIQL9QWn4NpgbR5VUZBl6UrfDnYAA+jWyAcbGrpADrPncDwEpVh+6uAfO99E1KIZE/otgO/IoivxiZzZ0mk3jv9sF9mLF65di9dV7OaEsqopRXsNZHsncdZBFWhlfwPD5Tn4us7lE9FcDWbeH+/YZ2Ep192pXPdjhycPjMF4N8URTw/vyAGtBawGDMIZEOd/ogqiPlKw6i9wWEIkeLodP8Kt3AiZC8zap4rZKjvmOsiRdGy1dauF1XV0tdCyluCy8tbfo9llszwJJgKCOSOFF6Wr5DkYCi96KFdEWYDrlUI88slZV/5/Q2fzcDuR8pWCeyCk+5sflPPUPdOYMQNV8xfSRpaC7pIprYvcHGOexh2XzfuFBm0Ff6Bg+8fF6hPmPRFYaOGk0rO6m6fuMq7eiLWGSgi4Hf8bw5Mb5CUR8gUL8sawAwAdaL93YLSpa0wnMov/BpBAbdHLLAbuLxujXRfjGyNo/l9AdTDw/7XIJHx3PL6umykhao9cJqTNO/QnNiq5b+QjhdTtpBkeVI/rquLihXNmpSJZQJCGUENH8hoaWLvh9b88wjQJDySmdC4Q+kz7lMKODIBR1BGhy/xh1uvL+ab+PVbf9u3B0Pp7dMDaH5szgBIhX8tf6JnfUxzW083poLF3Af1cettX1A1dBUD9dblb9aQ4UAYLZZFPHStYPX8BFMJOzbPISzavcq2PuNwLkFoen2GZhnhdtFyqbCmcNorSS3SYxy376Is7s12cEFheMaVUsWca0qWO3EgRzCEdT0fFb9q2olPw1N7BmY+sgOgemM0Lei7esywU+Q+xJ6jFatkCPfIaf4aWZeu7aLTYWv4FR1WfRhY+BwQeHrRlYmDfZVUknY7obHNnV7qcZCc/2tDkDF0dXydAbeJdcGf/HBZp55ljqbwfnA2ryTZVPZQS26aaCCuqr5IEsMOtsC6SqcXoxI40IKGZrBGCm4AczhviMzGxJgQ4k5uZk8QafI/LTnRC7KBuzb8NJfXxLwVALnHPz8FUbpCEZQqZF35QccpvlZNltznx3DRTF5mNPHzF8hmofBnt+fDfW4/FvZxPeTvpFz2e3qA4VILjpwBvTJHu7zDHDFr7IHuTxT6hC0RoS4jMlfelIe1dpAiPm2OM6hPJlJW9erkOk6EG2mBPjbPHBhpW0fNOWEWXRASbhwCNtLfv4ti8wKaR26EFmxa7/TAPpeJrd7OPVVc1VRY+vF+JdtvRlkExvU0LQr9vZRTd1iQZNl6yfJRrFfHri0b9LBpzL0HpyZJLVSngh4p75dBfhgtYN9pANPNhNYqnYID5mVgffYqFkFAi48bxFOqVNM+ase3c6cyS52WRxbEgY/FKjK7Jp+lZDXxewnpRXl1zm6V8yHtcQp6cM6tBEXEUI1CMcFLeZZ7kwJ9u2jf/Lho9PxFthEMEXI0/uEeU1twZ7npsy2z6B0XqtwsIh3lCx3CWyh9GOPIa7f2YYQz3PSOkmitm/RFC2hgUx1qAAR5qPpOkJM9NZdcvQTelwaySBu98uOtLumDXH9uUeBYA79G6rHK3BvBSjklTzWiOGbn1OIzWmmtKcRPxHFWN55LB8NbqcNHAVhJ8+zpmUYLalVeF1aVRsKm0bBpNtUR4ESDwh6sLApJTScGQ+GmviiTfyAfvjwDifoUsBOvWTBfH7x4iAWF0aWuWu/9Pw9o2z0Nc5ZOq7LQflE5vvxePtF2qZu3PaqTtfvLKjpW6gZptlSyVrj1O/6uXcHHHrnPvL3cNQajNZgqBOGBiEAA2DFm76b30WJubZrMzzD9S3jba00fc771VutFL/E2z+BpTK6gXmWUtM+rg3c5WwlbuC/r7oVIV/5Blet10XOyWrwws4z0FL0CP3VFO0teq3AcMqnIGSZLk1i4c+2Xn1mTQxcnKUN31MbwgGhX1Ixjh+MrIusS7S8PHefx0pIQbEHN/V+vxmT81lVWszRzXGReedrzkVbBuuvfBhIHF9fwI5QepnZEYFYESR+QUwXqN5+3ND+k7zWZmxBYMTLlSfpNkcnf1TvArYI773KGFEC+wIC6SFo1h3SDIldeYj6cousoj0aSzRlRmhdBjZNnMHXz+IkvqIoHz1LE7LRTUfqLAPM7Z7LTegowXdq9zHXN2fCvHWDTZENz4joTdZgmN5YsHnaCMPFKoV7N6zKCeKA5Ty6v2+IeljlcyNHBlQN39KonQMcIp1zX6u7E2JpKxlFYfi3ETs5zj/zYeZUzdA1huFkU+himExR0U7WQVo9SOAH+3sX/zmz9NryDjwLLffhMLQ8R8EDJAuXqBUd6y7ISSf2K7HFtqdBuswTOLv57jQVakMSEUIv0HojGYvrM4d6hwauRmAOp94iIOO1SOZelHTzK8JM7/O3KKUuAx0hxXPFuOq2QldFY2HL8Eh7xhE40Lpe9JqBnY3mOxPbacaH5XAY9dAK+QeHz+gjHCdLzXLXx/CKZj04i6u3Y7NC8tTcCiYoTNi7UiFNEGTcz2sDFj8ya54cVpysoCPZNqOlVUI/q4FLgFnWSFAyj10Ajlz+Job1qN1bUCDc7+6ovK8UMMvtF3lhyy/iZFYJLa5QHe2VNcxkPY9HKc7fvH/z0YuP1VfzgfhZoluMwvmBksT7XoVxuqWRbos5kYaSv/+QMcA7Nl00SxVTX4nsWFHMx25ZRgbPfBlXp3lJJv5tX4IA2SDMZ+tjpKiaRQkj+bH0Z0xOrmbWZUDA+LC1SPlZZ/rXhMSgwXkU23a9NsyXQ8CBitm2clgWOX+j4Xt+0QWeQlAWEc6+0PO030fbFhdaQMy3ug3rU7jF69H/YJhBsUAJhCGZT5/QV2EKFlfBI2R+21lhVOM+OZ5Xb76a69FhCC5/BMjoIYFSlwZFT890ls+Uby70wgzpLh6LVWggVpX0gGrEBxgc6TzCub6pG2pL5sCJ1zEG1uwOEwfXbvAQKb4t7E+4FKyNnQo3gLgoRhziuwklIfdezttIDQ0x7G33Ez/LJqnkzv02nDW0IKpXd0uDlnsP6bHbA2fkszbNm9p1P2mrXq1swsFjYV44z7G9qzwMcGMw+MrejQJ3bm9sJid/mNdr32g9SSFeCMERMjhXszbUUo5bJx6L9eiJMCFAJT0RIcRq+uw4isvdtw4L8mAGs6QP6fTdj9VvgcgUv0bDLiOipCt2xHQastW4AIZa8RkvqN7ax0wlan83JhWlPflB/3WuBeC4Gu7H2EMPpTe4+TGd7Hqh0EP9+gNy1FW7wPQCDgu99w9jO+QDLnNOs0o6qNbAfTfbLqcu7h3GsBfaLcPopzjwT3Y9AIZAtriHZkT9oJr1SnjGudJtjAhvGL30Ts01LGl0ZMdQwyXpkE2As/pU06FFKb0xQ4mTBJtJOqPLmpLoS1aBgzTbO1jwbNQYXeHuwYx5PXwMfLPmti27rAo2GwyT37O7tBhl0CTerI2DzGNVdWn8XFxu3G6R6PppT+8dL7RrxYwv1AZQhL3XUfrUlTXGdfje1skGsnl9n5VRwZrve/SiDpP5cTkSMDxCjngIaCbm8oNfpwCPgL5LxwNA8fMSDSi05d2tGtxRRFq7GCzJBieGssHDCSkeJXEnwCdO4uJtL9wXM2bzY+vKyXVpxTErx9nqy7eTbukub4q6rsE5AELVZaeKwzZ4VeGynIZhkPZTGph8wMhB8xOboXVfTDOyOqoyFFSjtLbFaaO69/m6J5e/B/pUAX3Vnw7jQkdaGZ/M3IgGXfroBEDYKtm7dJWgz1ZvqEa4Uh/tWjP2THTGlypt6v19L23aMsuwvOda3fPGj19Y0Uk5S9buS9H07wXFZQ+nfcrfnlNcXxZFfPKBKyZN07dldpNpJgachltEG+ufTJYVeb2jpT92ZF7c5Vhe1Avs6mGzsXdSPzs3dlBltYM1P4f1KxhWbuyC+4hrtDsYz/3qo02sNGFIjajG1HVyr8Fw3w2Y9hidhpHE74gOcZd0CTDxduORBP4I/K8aC1hUmJAibchRwiLhnmbpEqlFxF3KrwVHbbo6SLJLapYnGRRjVnnDoF6D+PFXkWX5VlM8v0uQbjQepil6L1BWpaPObSNrs6/noMNeSY6i2wQORQpUmbt6Th4UJess1VxQdghmkAgKAS3AUucnzdwiVIcH4vuZlQbcR6TUT2d3HymiBf5higfiVm7RLskGbwW9c136SJJaRUUgvYdfG7qHyVpoTGfnaupLWKHsxV82ARBdFVAGzWZRZsnZdCL8dIUGY12LqB50Iqc7TUhJC8tXNMNjZxJ205WbJ09cqJ9JRSC2MiOvxH7UEu7zmM0u0ao4g3RD71uEOfg8jNOZVCJbIU155CVhuQ/fb1BjNMBefUogZedJwCBgBXXPlWNc9+VNfN0e6uy4lcUv/BXwkxvxCVpUwD9FmpyL0/gel9b2Xt+1P1VQbXwgeiEeigJ01dUgPy8SYP4fl3mZG61Iynw77GdzeMR3GL4n5aBHP7yNtSXxCNXnDC6kNU9cSbM7kws7tm1wD7qAgbNvrpPy3h65WwliunWMFzKQ+PLNqiRCJQ3j1fd7HfK036wGwRETODr7d/cYBI3AthmoAqDG3mMZk/GidYlt82fINZmhBlJAAr7EZjWoqWH6DbdElyQS8PsxQml4E/DtSDJb676E4e9Emb5Sr76kukQyt1Y5ba6ClTYckm5nnSLIYWSXRE6e7WyJQUXv4eea7YHGcUgU6pH/EgM0wqvZdak32OjEKFvZ3c8sWVzvT3hEj840FLmIQUFZZ9wIhWjJRIx/x6/vUgrAGaYTM5ynsaEB42H47L75SAsjalSocZal+3SiVfGM70EnFEwsSG82gCknUXGLCciJUZqL+eSQRBAeDJ4cBf/oUdeejL9PWDfjbuvxHX7frPe6Nxzp/TRDeQkxy2N2c7EXnYZxIIOz1yJIwioh+KzXKLHn+P5LGsjo9tADfXqyohbWvSp+1C/jSywN1Sr94e+H+dAEdP8Ff+Cyv1bXfLzbT1V9kb01iJIkZFrGW0e3Is9bucswxbU+IREFrqi2aZNp3B+FZby44XMzpQonQBjM3C0I4M5liEL/zLahAkipM9DZH2g4AZ3EGt8VnetXfn3C+sH1zvVjy7uAJHEiIy52T+ttfKaZP7/FdEPCsd6Fai0rLcKYTUQ7Mn28RwfbhaZvWVu1pYQ+kty1TFkZ0vd05vHAyxDGIw44iiQzb6NiGqE7gLoyQZprIwpsRHoADAa6NfUEw3hNIYQyOo05Krql6tamGfBm8F/VfrmL4qNSsclzjD/gLra6/qsN3rPXkWRpVOwxbGtJkhNs9tXcElsDnw+trsaG4n+1gbRhD7z4jWfbTM2r1eiJzJlZ024cLicnNz1fjE/Gw23piLh+DavmxJHYb5SiZS6DKI/hvJ5lniEsqjTIYULXM88XsT62lNBeF0Kg2RyOswb3l4G04xz8juRb6ybpzZhWTEJ6+UZhn5aZZ6NWpnIgjrS/c7qUWTwrupn/9S1H8RvVv5VfUHkOo9V362+/NnFkKArbg9MxxSdiIc0HdKHUVmZTrp4aRqT2zVMgchQrjcSEZerbF2YV3QH2S9lBONH+atkatHabiulUCuzX+1VK/XXF22zX4hkEJ77eURamyWgq/nZZdHvZF8UD3QOMfHq2BmJ+Em873xJyg0LxIhdjGblBWeBlyp3W2ssLmaoo0NfCE940gI4ibGxw5yPAOba/sOPtf6fAT3d3I2WENplX/6uNPNlYLznfCy57DvQB4td3+HARf8f9wx5eZpRTjlms2XlIGeyIcBKVFC26L+l0TMDfbkTiss7JRxT1lF+bI2TJzgys/IvpPywgOBCuLBo7locBfaTmQeRI/0mZWrTYwVJpu1NDg6aSD9vSpfV83O3IEjP8IF54mUJboO7bfFj1Js2pX7l1oEi3MuJkyke8V9t8VA/hLQxTPPiXJvVdkzyT8VEXWhUKeFbHX4nbUfwuSX4uHWDlLTaw6E+poZVL31hqpuhurpvm/1zlfbmKmxNoPPW53+uHRUvwU2xQQxX/7oUuo9KpMi/Vy7BSVwoMcd55JhhK/oCTVX5kYxY76rpt6PWrR1PIY1zVj364FMTzjIht8ASczYp3Pl/bY7B2Ccwb+EnS0AF6QSueCnFKOCeGYQ/Q+nnbGM7gUl4moF+IQDzB+grtjxB8ksEvg8LyS18KRCI27w7bL606aeUFvamyspbPTDbONmeRO+qzGpgAcgg+R7xw94a6zy7cOBMf2riF+BhKGOU9Sv4ACEgjf32nZv9ho8G5BYuzbwbI7BCjK3lReanFWQXq7ao+pQHvcleR5OczP3uoT3e5n2xYT77twRApbluz9hluFnEGKjrexUcdo95OssxxWfhABo3OVZ8x6AkeXVvTr6XvBNbjm8qZeCNgGjz7kED1OmbGxnR4kZ+WoWo7GueNQnqYOdp35GRg1B/pIb23JjaJrkRXqmOd8gVHY3V8OCOrZ/2DXx0D6Agy2pbua90SrpV9OG7+adVkS9GU9tIupbM0BSQHojZa3y8VSyzl5BLvk3xUjKeGr5KFI8ukLvru2pk92g/tA8O2dudYk3XTCI06+FtCQNLOQq9fwZP5F5/g+Q8ihSutbE9YFo0HEIdLQLhh/tnGOH21Jq0AylcOMHB5Lq9rwW02XGW4pISGc6ABYbbBcnERtlbYvlty3J08vJLajfxeJ8rynpuQ1XUH1OFW7t1IMJajl8YHWEi2ZJsjOBZd9XyF3/4lml9bsYJi3a5j2eh2H/c19JSS4Htbkd8z1ryaykaM08LBEhumMU0LTmkJQRNwlMgAbBkpEIoJBLGMoKiGOF0JTYOYumeOadihQfFQdg+HseRmhjdv1aeRlFghgRk/9DN/qevp/Ue97eZcWHCE/yGoiBW/XiYtso4JYldAhge/HxS89c2kJmYdcoLR3wF8jcDERlKhV15eupKBm+8VBYLgYcXoUoSMYlAIwftr+1T7IFVLeGwzBjrf1dR2kfRUxKve2fOsvYS2dDwIqGeEImmtcR78DEh5iYre5VKinAxJqeLUDPGBDro+MLlTCPOcvL9DO2T81mKqbyTpY8gxirmqKEGtv3TIZwO4lLx2ikXw0/ucQAKMMd32cucFskLto+jaTIUuA/BW87XTKDlHeqtnhKdn8y6bPe9Jbg22442+y68LF9wlxK77da0PEsJ2OyS1KvxKR50j0054T+uXKjeKwK2qTK99D85reuANe+GwFk484a8vvh6O8RGCsQhmpBKSUbjSE4/07s0wB/8BGt6YpxlfYLRHGCh/iOH5cJQiYF5bjRRq9Ur7X3XwXjQXbt8wcP/y+ES0CkIbezw+moj88w4SvoEAwE9Z5hsqSd27DueMiHyxdudkNd8xGOi9tnBMALlN4G89aQhaviQ3Y+HmEzOKxRAZ7fl5CRG/cwXzaNONuE+a5IhFVxKIPUXO+Bj8ZhBVljb/DgJgC/VCISk1HNMesRKVO+lCEmbFX+z/8Yb3gLSgwXV/ZSEt54urQ0jgNCoCqab/xS6gBuB34XmnIMmNGsRbdyetOnyu5s2gl8SDYRSB7aPvhWsyMpxpEBRl9/fsboB/twhErG94uEBL/zD6Wz8hYhZCleP+EqWM8wzSs06T4b5jXSS4/2XvvZYkxpEtwa+5j7eMOhiP1FprvowxqLWMoPj6JSKr6nZP986qmbVds4y0yExqAATcjzv8OPRvOpG6hvzloVTP1pIn7Iedw8ilvE3mjTgejlVNC0b4zucxXs/AwEk+M/+M0l9vrRQG/qrIyTeG0LsGm3Ye2sedu2ywbsw/fJkylFWUtW366bnBhSPDTxK8+cd+4AB/CKCxgVMG58xnxghh9dNyWC2rsxC/H7hhmksf0jRXMG+fnrzZN/l9cUPjlgHtl3HDUcJVbzzHA1X6YjX/FFvFqfMcJwoI4z+yMFg/Zc45VWq0pSzkGz3Joky4Hx8FkuU5hY7rA0l+aoVI+kb5yo4f/gZWjpUGhlk7rOFHXj/Xo3G4l7AWnNxhYfVQgPHhHWI+k+wuAXILhQo2CYRA1E+vFFWm8xU+1BemoeIhGrjYPniS42QJ3F4WJ4Qm2xQ3HTkCK8Pz6zLATTSrpgvjiFjnHphraEaLfGDaT31FUmrdT24/pMiar62rMfd6mOCBuLDmtA8m4/588Qf9ZNw+PN7PIVJfsIXOQO1MuAuTItceGiQwf7GSHNFVZvPr60xuq2w+Jmr2Q5DSE/SyNKuZg/zhft1FhwQQF9cKOON8mT/uMwamCeSOwB8AOT80wbKCosRa3Gj+urK84SvJLSfJYvSbZyCycBTm6i/PhqaZcin817sV2ebKEJiLTuH62Ojnu3iEq4WY9MOw0iCrXQZ/vUcVqmLfGdNvrR5hkzvRMCzpMIBGA2Ou9aRvO+vtPYi7dPwUf47c4op/8F6gVl8qbJPHzhLaP/2PrHwG+bw54Lf8ZPNjCsjAKmcfC9xPg502iZZfGCOwX7qIzD45UZV0Qbp4T81/bswK3rH65+pesV5cL1ms/Darkd7ejX0h9bvfUqr6uX7WfKN1IiiO5ZYV1mMVYFkE9rymPt2f0gI/Ob0YO6kG8eeRepHYPPX4Q0c/vchsZcmWqeu9iA5Yz5yGkPXD3jgJIChzRh49vIh7R+RIdGpym+4/jSJLjkbUxcTaQ5dQtliti6wtb10VnzIF+IDf0BlrbKCSu+YD6o3bMD7BcuuO8ie/EeGUYZqwdbYg45Q221ocPny+DjLyXzR4WyczuASLjCA6IcWEubcwFPvqVZ6FKO3Lpcv6L5qgkCltnLR9tDkHDwnyZ38vBYI9heGZcdKhaisf5LyCD0t724byTykYXfJcpjqv0CAf9mokWjFdKjInzA/9i41YRvZhf9zqk3VurOATH39MmfLPvlHlnNJP8MKsWoQJe/TzXIp/0pOyjFzWKyx42YkU/kmp+64bXnOlZCR4pHubhKh12Rs6DaQRJbGXxsg0rjTfFY6o9W53bORMkeVT5ofz+Y2jhxofLDnA24NO8rn/cT/AP83X5fZXzVWWqU1Hg1l17xJHxLBRFi3U0KifgYhFic3ZOoP0Qiusoth1hPEu2ywLR+JHADCSibOSpqDsbXPrYZa/5IFOEys1qTL9aRy9NeR7nBNVN1W4yIJcYLyvqriOukdBWGW2Ypb+7Q0Us2sJo80G1m+Vtv+PmLn/73zo13fs8CTDUmypQgJJlSiV/ByTbQ/nllYuy/JL6Qas7v8AcV7QlCz5sIE9CKJVAttDzjsIox16OtewmM5/otjPiZ982fLj50QY7EK5/0CZ/hDysc+35RZ10J9H788fDxLFHiRCQCTxxP+8w/lzmCD/IFDo7w8M/xzd62yr/rw9Bv3sq/K6rP4sHIr/AdQT2J2sP7vKvx/9nSn/FghgpIPJu+6v8n3/R6A6+7lmCuKB+BTtf1titO7fTylMiP/E/izDJ+ne+c95PzvW7ez+3LFWyQT+rfukvP/S37/UOuUpKCB070n+2ijqI78fR4Mmq9OkU5NX3pnjWm/1ONzHX+O2jf0/nEB1dQkObON0782StQLXs/C9sW7L2ObBn40D9hTjsDn1BcoCk38V5N7Iktv8QqmfzVsDDOUvY/+Xsf/L2P9l7P8y9n8Z+7+M/V/G/i9j/z9+Gfu/jP1fxv5//DL2fxn7v4z9X8b+L2P/l7H/y9j/Zez/MvZ/Gfu/jP1fxv4vY/+Xsf/L2P9l7P8y9n8Z+7+M/V/G/i9j/5ex/8vY/2Xs/zL2fxn7v4z9X8b+L2P/l7H/y9j/Zez/MvZ/Gfu/jP1fxv4vY/+Xsf/L2P9l7P8y9n8Z+7+M/V/G/i9j/5ex/8vY/2Xs/zL2/098/r/D2Efx5x/Y8xbY8AN9wij0z4R9mET+DUWf+AMj/5Wl/xdz/38+RR/7F4q+AP7772n64/vWKEPOjMPwX8x8QJlnxm5cvueg9w8PHk2XS5LV+X8dG8YBUPuLuuv+4XScQiEa/5uL/9+d/DdbH/q/z/hP/txK77LcJjVKV1vf/Ru6P/LX9p/1hf9d1oFprMFduM99s/WvLAJ/Ji/oj7vKU/VHsq/YH+Xdfv8NZA34b+n9qxvLP+/OJ33dgXfPjH19G1qQk4D4e0hz/lf2QQyH/yAwBOSLIEBH/Oc+iP9rlggM+oNA/k0PxP4X9cC/HvZ/JUnE/2F/6MABOknbchnfQ/YPva74fv73u8x//9r/NR/FX4khqm27r6B+kNA45cNe1Wv7RzIlaZX/MS4lkNrgXDDBVKfj8Nff/2yTok3+8z59y/9zW+5e8AfIKvG/MnUIRPxBQDDyJP6URcQ/S6In/se/6QkE8sfz38iif9j9P78z/Ks4+v99xpBmykHKEGDZgTgsQMt32li2y9smsDjKoegbbwDDD7OYyA6rKb61qutBlPJFwPdpFndrL++rv8Avp+Re/7jtldxIUdqf2wC8cMfP35+dwZhNP5z+n/Pj8m9V+T3pe4j7gds21OkeQ51qU741F+wzwFHxe5ClTs1lyn/YPjT23gZxV+DzQ0zh/7r7D0jlbnFXQZlIEer5fKcnXv0kPsGbF+jCtxmrXtxbY0jKZJ9YKvBNgviQJMhgNvNtOsXn/SAHSeha08lC3YN2N6TZOKgmR5zO2NcJt7ObvN8aI7AG88IUUyyJXID3V+BDkUNjr+B4p9eE3df/PNudwPYWh3alfolITHOcsRARXmsLklhtLwG/jEFu4wYaEtGGUnb8qGiGZieOaif+Sfv0o7ktbjjkrtXkqdUwuH5L0e6dCTymBvgl/dy5HEtTBHeauDjUm7Tv9kzoPq/673J1udD1d9nGTLyNgJr8vAbtHQX2J+q9dwQC0BAfS4LooznY/md5a6o0he9eIuDlLkWeaxba0wv4O2j9ksg/r/k3R//pWv9/eO2/HP3Ha73ev17IAX9r0/nvJASRNk6ANwm7f2LQj5vJuev8eYk+lATPtx/gU8ZiisRQ5J/H/yshjov/24Q4JvP8to/R6Z94sNEolDvzblOJPX72t6A0cRCH8gWeYX63o9Lv/TNFQDuDvsz9Xafv+Opum2/Q/02d7P6oUqSykrD6hzvGaxTqoyd0mMT/fWUJ3sbfpfuHc/5+cvNPNWXvtvqknb5Hgd6Zd3tFt1GfBPIZhXYX/1eL/fN5oPcwz2/ftAX/ilB5SsW/30Y5kir67VuOzUXffrx/cnbCXiH97d339aSJVuBeSxxaZRzgYBSd8gU8swzwo70oDpgVHP3zvUv882VpS2OpXWPp8hZSuyfSZSrSe3R/S5nZ2/ukUaL3VGGtUWH2HZwsMhZmstZufLfNP+/+c9fvncB3v68qf279/+QL7s5QNCdRXEoLlkZzFsVwFsdyFvAH3wIQJKm4a6J9pew/GQilJ1K7JVGWJAM7wbrF2X2G5f3LmcBqoylPoKwUuJaf4y3oNCBjLeoAR8UN2DsmZYgfi6LF6C3LXizHG36kCvPqttfKGBjeOHhEzvV4fpDXoIxDhixIPv3cn8ThcH7cptnylpaXYUVx9EDa9BkCMtVU3GfwZuULYXt9Ov9ToyuDmJZCuIQvstD7VQlp6ySI7jbvvjofMmLPgTzdPfAzn+L8CoZYvvLFbIn3japTP1wA6yIkXy5wMtNQN68xLQLnzLrD2lVUMirNQjKVGD+/nlO3zM+YRGCYLA0+3EH2nQGwHvAlIW4hNRsQSzRg0vDyToOYFzPqEP+wr7Xfat5WAmR6OI+wcJvCWDhY6yQHE2fiIyBim9gyYLOfuj37yhE9VMcnGzZuJTd4stbhr0pW7akKPA1OIRLB8yJLnMa6/fKm20II3WtG3SXRTh/MEfCJlEeolX8a5wMV2MHjrwJxEJzZ3u5y2RfwKs12ULyUKGvIh74b3VMEVvgVN8WkhDZwjvWDj8jJqsLZc9BrCd0sYTq4IkuSKHIe1P7u2/m1mBNwIiXh3FPdq/84UFZ96Afut9PGKue8QAu/xLUNJtiaZoVotLyQxswsgAJpZ9KzXN86x2u8xMyy5MfLk35m9Moya3GYu+/4yILC27U0eu4j9eqcl7KIq6Auicqvj3pbr5AMCt56NUUH55WPbnuuFhb/Th6MLpQTO9K+n+NTLqON6ZnKcwagDDh27Qsl3MACnqjl3T38gTwfQUv06yxbV4DFeoPPn7F16p6tNEfQzpyccJaws2XZEUI1ancOIaFXVIgdwySnzxlJlP0DDa5sP6/XtYfmtXE5cAK6nEvIWAxFXeE/1Rl0dQ4eNqAioqCRrRP4e3c6o7fhQiBQuOd3KhQ27XkGjp9BBFE6zQMGAbh0RACGGxHAaP/ety1PulcRYB0L15ey0RXSDPLSJnq8Lq1DvToHZJqioU+bwBLiawcjPpgeVmh6Q047XAP/yRFy7X6dFZxeeSEfSp/07m9Cr5fSLllaM0i2mEUYHaTv10riIdfDiDcsXmM3Ltm82uE09rE2wgSvUxDhPPKj4SyNkQnGoZrj9vqIr8prtOpfPCKM+UDNHWFrA9fyAIt+9nIM78wWXkWz/yc8K35kkwow21cmcwxtWbck/VOKWdEtm6QbiXESV0UuT3uRRFM2f3KNxniHBSTkjRvLW6pRNG2p5NfJ+XmGyWFGlecK8crMd4XiVujWEoxr6vl6wtt03kP4su+eLqM1ZxSqnKDdrN7v5gSjn3bnYkDBlBXq4zAPhl+gz/777bzc4YEHiK6jol0o/qKK6mKKpOhBBrMQo9YilLwDxvKC+UVYwFvE9slC6bj95pklp1fUepyD13AoAwexKcRL/JHlHSg2HDd+nDrubcUkzetCWBdXWRjESfGICtIOuKq6sMKJ1UrgT7vg7bCa+ukURUDkBfEkZ91Ku4qM9R49Uc/0fizZ4KxIJuGH7b2Cw56tBqK72RNXzYouD318+px4q+edhbv16Y707I3EO5QxFXVWGAol19WGRTgaeTaPs/V0HMvRtlqXR9wIjASmFXnMpuwtXRbYuId0UC6zkcr+mqGs7hURcqxHDleci9Dy06gQIjUYNXt7jRwQDdFr/XRt7yO/zb4s5fDYRsYPgYvoaX7aguYLJXEVEQtB0/iJETMwWYg9QrUfPYRl5NW56taDvGCTzDyXu7pKHbF6UFJTbVOVvVQgOqi75OpBW9XH4mXYXb+jslXQopVDghByb08vIKUwhh3QWw0CgrC1vgW3wuVrzQ4RYbmWDcjofLjFc+yMkqDYz43Qi/lzI/qwwA3SA1Mo0oNHQhb7hqbC78j0ufdg1yLfrM+0SuJPYBa2CAccKnfVz6veWavz1+4GE3Bq8iBymPIbYltQ6AlKlB3PeoXs44CUratng+3YuFnTGmX4SVSDvdSNaZsA97UX45eyW6rUopuix/O8uH5q4W40bhwSP4+x6c02kh5nvdmOn9lqa+n69viI+ykbSPJCgpzwYrK+tkzWBCQjGsVLStQXI9sOiUpMpupsBN4JyGNMTnPDuOQ906RvWx0qW0fnZiuDlsPWqzMKiUDzFnJKz7olAnsQjKT3iSgoLS9goq+uLoadNYnIqCUwVkmL3lsVu0HW+Drbsm6GvGn+WtxcW8LtBgpAeb/DPgfi4iBmML3h6CBmkfcSm1EIUhkJ1Mm66MbydHzN8stPdp8re+lNZUAV6NHyHJVPAbPR435nspA1r2lggY+A7isR+oQJO5CEtgVr/SghLO4H+rNFS+JGF+FAJyfnYabnevSBW8oT4U/+wd51UQMj+ca4l7l94mfvIMI4eWBP7NZPqCULA2cXZ7tOCvRf9Gn9FAWC+XQ3K1THaVHLylefq1CC1JNsjLYfP83F7yN/xgu61XvNj+7R4isTBNjKrPI5ioBQPg58o5nmsBv4rb7U3GhgVNSfqVIzbwLb/JMxC+gecKH1nsqSKpFV98aDLyGV0x9Q/onTsbZnhoMCtf/GY1BaX4QSPn7qDESyyBo7NjkeQzD1/HAmlD5f1bME050vqyXpxPP5i8ExHGSio/HnprjXI/GGZhn1pNOBwGreG/oQDlNUeGNncj3TJ9rNlQ1Rh6IRrHuIY3u4vkGLKNnsduEhLnEGXAS8niw20G0a4TcNuPcBQUanMhWGMcbjZXlBAsLC1w94ZPk4CNf2AcyXSVCTwztanXFuPMHqR+KlPgeG1RjD84h+89800QgbijCXtQYmHSDQqTiKhWwARG8sfX93/rYG/obS9z6OtjlHcjmBO2Xac5WKPiiPt6NSguUqjYWDv6jLGnkKynm3nFSa/C/NtHO0uYtk32ob1jkihLUSXphS5WFnIDOt/hy8Tyunk+YzArR1iIMzUTUhWu8hA5M9RAjML+4Gd+DiWzO3GvuQheUhAoI5OGiv6LUVGApJeSYsmBu7JfGl40tkVjkxPV5SfZJuKpcz6dITloOAYAQzFgBOvoxBS/VrH4hJSWq0ByfB1GA+KypC1BYE1nh+xK8WEizlDSqGFo+cZ4e7wavgeFmXEZ+4VEEid09/I1FrLfFIvprUr6WqIi/ZJm3k8cbcAHuQtNoCIbmuXUiIo7yeAuImYa/FmHMdgtW89QuFbGhCX056AeAKUDfGe1HRDV0ug0CB1vJ5p5w0fjGeN0RxYFrWrr1VkooQvLLrDq7NvxWsi5EJiklzQL/IStEPwXRiMhA81k66jTgCEWohArLj0WUyaRsYtGe88YCOzANtbJ2d4osZHNTfSfpeiTEDipz7KuCcqFjImVzGNbMiNB+VcCnxhZ88XyY4F5p4rTpj6y2atGp6NfPKXl5AAEQfSIAyySGvD8QfPFqjzc6YvIFo+iTLgab4lXZpctAl6sQuhp5b7fr4MNHMv16+pOFgKk46+H52yieUO8D5KgVELHxav4TlAOkcrniTztRMGCjkNZomeX5jU275Wr85B/XatTa3pFKdRsE5Dk4s7/NlJgrhc6GH5DQSUoGBxYjVDeT0Z9Ce8K1OWM7u1kWfJDU5JK2NBSVzhbGKgvPCB5hNfSb0TS7kxpjvrV6WoIjFy0dC7RHOeGTFqDNzA3rHoWPmJTv7OR07WTWS3qV29K3Ue3URrpBAhwsUzLsNJSZoJzcqu7ad39YcD6Wy3wCN7Pr1PSbtAUmyIVV4cjwO+rSQcnUucbhh505iAJsXkuZKZ/OwonZHzMRJD2NZEwcv+FgaYEOwhReNB7z4QltYvzjzdWtqoV3Fk85vpc235qFPFdHzr8LDeugtGXhDekqWFnXjWsve7iIrtTS6lzsnxiDnFecMVVFxJdM/3DztMO7W/2VQAOFyA9j+2JQ10S5m3WwvGyPyVdmHAqLXJtPpcshUJ6w29op/cA1L5FJjX7SQOFjpnAFmtypqSrzqIn7SnN3Hu3i/795XCHGGAhKE8G+HfumnmXOIggspavcCkT6USu9qooHiFFfFEbpNnJVz2jcP80n7Nj6P9YK4V0SkxOmiks80ht1vGDZ68I70g3jiSXEqGdW66IZcvbjV0yMU8NYa9kFa3vy+P9XMpqxKJlDeGC9yMkjVMh7yGXzxlbVvDDKsNHkbb93b0WhyYcy1MPNYhj/W/TjTDp7Y+Gj1KsPm3G9OoNWTt7L7wDTSrVkvOue6jCMzbyVf+5HdrMGDoI+1ixVa4+f10aitvJ1+7Z70m8sLLeSLfLcudda7/rV4j3uQBaKb9jPvDG9JG5fclhlJt4KGa0ucufUf1iVM3+XOwElK9lRl5R1XiHMJk4A7xS1Z/U9WUeHDYHoU4IYxZwODAAyls5oM6dh8uRdsqQ2khmDeBobPNc7cxiU/Raots7sLPaeeeTVdtV26M+dvpLZZ9zNlHU0rN3QVL033FZUdcfv0DwQSYPXZTi+113vBdaCpCOF2iB6tRJaomB56WL0451EvimaYcqLW7NLE6wCTOcxcJlXWwtWmkE36m0UsVAkzzP4i19VO6lH7yLmZ8z0H13llcA0wUah8Xp+wQMe4SNJONKMCeuNjJiPPDzd4ZZbNNqE8Kqm4K9ROD+3wx6Z5vRJHVfbad2JeZXbxqyLYh/PGPIJ6qvk7HzQ/npI4abTyCqeHo7HJWkkzeds3fIwXkjUujetMyfnVPoOkmYZuvo7Fywuiyo8BpY+0jx5H3Csv3jBF58Yry+Ql6cncNppyNqw7jQZOHzs81D4xxcAJL/KvRJbfRtc9D9mBY6U/eV1hyJw++I5+eny3I6hggXA9u1GRpkCZMBvypHizOfJ6oo/qDIH3YljXPkpnXVRXGwAu3cpnVW6T4BZeQK6cKgd+9El82bfV91LXG3jXNV/zVRaoWAHFvVpjrbORlaFuAPjynWI5m9XRMqiu/DN9cOON1QZRJje2EKgy5ZmfaQzqG0Zx4w3O8hzJilypuW1e+8YaDtVovUCTLGOPqQhk3mV18rFmXGBxQLkhJQW8fTTlkvQTjMHZDU0KQmRPPfH3R7fXC80yuwWWh9UT6IQCOwX3tRv0B+S5gR6BfuRrIIExyRoYhLwIfEmJ4O2ZK/NKOl/QvdZoUGVC9ip+3AgaQbyl2be12VDpGsTME+4agst5zOkdPdcut4DXEKmakn5xr855BVEfghkTMrh6xFWGGyoDtPjNNkvpuXRLOrUnO76PFesxjxjaP4fMwwR9Ki5Fcxv+vcjLmTZoYe6dKuI+/mVo7qy4PJMlbY5reyy5vuUE74H2RrwuN1yPWAYZUmbNR9kMunw087NYV8GLSCezHpB1CoNkPazUmJHwhpvkXuY5d98IRB/R+gbMO/prg77n40oYISjSt7kiIGaseRYqrmz9SyPfza2cu2nwg6Cb+jT244rc7l7Sv+xzR4WIYNmgA35pHlfjl+iGp7OmLwRXmKrohIdQtzW8PsZ+o27L08qLUqDCsIuggEICb0l1Nbst8nEOkORUUR2zhpAY+7PtUpxHug8ztaq9T5j5Mdx9mFDdXXMcsUt31Pp10Lkqermnrz0Cu/FzP52JwF/XKB4h8npm8GZv3Nk36IudvYsLrcjHu8fSu7c5giuBq6dznUBYZqJv6MfVxiNzMrVle63G3C9xPG1P6fX23Rpqobi6bwgCo4nlObgFWjvoi9zn+O1wmtdyyxCey7l+TKU/DKNkdFFHwk5+IetHManLYKb9mtU5VxJgHzzGkVBCQ638ZUPddjlbANvk0d5v5dXNWZV+e4DzkZ3b0KlK0L5xXgGH2zlrzBwmt9n8norHnK0diBG8NfLLWziNItsrN+Lej1VV0pkSpEKq9yF2pvlKSTUn9oFW8jJOtATEq9IPCwsU5NOmD27YMihgfFZWhECZhHjR7a8rr4Fv/G3DfWVDKcxb1zbwwDG7b/CD/ABjSUHd9+ttu1s3nw6/+S6rfVP1P89mVz5tezIaGoDwv1YqASj9vPE5j1eQLu2pWijElD132RKADktTzyKhQuvVdeGUDfacdeprLqvmRmEPQP1SDqJU2oNul3Xr/C16XtKbmJXaGOLsFLQ9491LG16ZVkbEmD7Wuf80FaS8Gs1UzsTC4nKmSzSD1WYzBfJoiblbMHzAX2oyKEirTHpH1CCaMEYZ2BMun3dFs3vjVG7I8ENR7qHrpOU2fhEB1r7C9VarHXh774MB0aPvfoo1UnnqzvrBDc0esPDzxD8vPHCn4X0PRneK4kg/PECpBLnM+O3LCAYihJk0o2BoIUQjw1rL4xNHPhe6YaCeQcMWTBV308470MKgheHOdUfDysuDJpPx/XarZGbI3hhjDeSiUtiRdjo2A0RNRw81u6Kz3+KiCsRbe6UZ7AQqq6KB4QrOaPgeK3KUkpDpPWClqoRcIgnyN7ptfLnmUYfGEUQ8dnQjIJJLobju+N3f5EozBEhukhfeTKTxlQEAOLKi7ydgOufc8CX5ZFHGmerB1sSzqwQa5gv97n4qqzBLczg64iIuZZkLNoSkSal0j1yGckTvQr2vO+5HO3PtZlb4ngN/utVSY3mTDp23RXD1lJ8Z8JSIafdQ7N4/n6L3eZE+dypSyow48k6xpp+IQAGG1y1nzk6UlGkObBt5z/pDtEml3Yk+fxikolQThsbIPM6CkUvC03s2stA1e1X5KsQkiDCIzHymzhlXBPk0Re2SJbXyAg7aBCfJ+oBYktsGrzUNezOzUFWTVLGMekMSOWxaz7nFE+4JoRKeSlpfoeZrkUx36Y2WCLlZp2T4VBLkI4uXtulBzKBTEF1neiO3aH66MGA26dk13nZCdKhcfPACgw8Y5e7XkqTJvhieLXyIMn+Y5uNnPu228sF8miWx1J5yzA79pZfpH51M8VylVZoVeVIj03dtmjQSKo724FsXn+Uk1Ld5V2qXhXiI4nRy0K4vlZYZb09JmbIgu4kjw8UipyH/0XMtmLv66FGUV7uMN54m8OSO3Jwlgp53YFLuen2M/WBVjdp8MRcmL392FhE+o6NvSeQVX1y0HrPkB8qszPMivVju7VywtxUMrF7voeu3zaNezqkVRWpZhdkgBwK82tAFm5vDPR/AG6AWJNV9xLoZE9F+RHGLO/LAw5VvZziLImKMthFSp6OG8yD80IvhxPiJf/Bf7ms/zlcwaynvmkGidEl2rSjZycS2658oH3HYW7x+0XKEq5BSNDNTxN4P8X2dYNCF7jOQxi1t36enLu3LewQPBwSWkNT+0gPbQDMRB6GzgilBKzkcCFOEzeilIORESLdSlx0bpAjYQ8A7/Ah9GLrAj1t8QpykS8t/5YwB5qHw4aUBrx97qxef6aE2oobswzToFXzea6GlqgF0faikHQHf74M2+CE2K1+b220pcqduc1n+lEcOZZRVFNp7dp/aE6DgaV/bF5wn5NC8uzrtkxkY1u+YhSdQpqebVUiIRTd6V8Z6noM0dBx9mdE1rvoghJ6s+c2Cj97vzDbIwkfPW8i80Ff2tSHlXKlZTZqDQcjVq5Ysp4OQNaKKekS7DDA63UbvxxSeCEdE4PldPsXNLRJxgxs+69PNQyIcD+kkEKyRE8YeSqRPpIIp2KZBGnxox5IzTpYkW5j+ABMnfxvLlBei/DCVlZGlQ7d8HHRbioKWxE6fOzy9cOtIH6WWDmHZ5043a3vEODLSyJuo6BdzYE2tFZUAoPRmfHOnlgeaoKZufvPUgucUDSlfzXOCv+kyo7cbsfyUQieh36qvogoMEyLHX6kRRWU5xwAJUyXVCom6tqnwrcu+SckXpUXQZy2V6Ho8wwyJFDx27P34AvBmMgpL3585BRK8vI+Vr31PJo1aS69mjtfjkh63YMv9KcLA9A8FmqV4fftftn98+Kujy4P4JjTfn53/pcoI/jSxeT/oH3JrEIy4UYtBjGsEa86LtlGMzwKYOXbDavNh0rUDU0rhWRcsi9cKU5+sChMf84YAoZu8R75sJCptEQgIKoPu/ULnfXJNEL2topm9a5G8WskQlpIB7TQZhlISbTMnRP6ekeBxOkEYJvDJCxhbICC2Xlk08jarpnSdouP9oNE1h1qUYhq4fYzEQ50OnZZzNNpRBG3WY3iKHafLHeF7wjs9rlfyKKtsEyaIfb0eer6jSt69Jk+PlDwJSsDem9991auKUvJOuyHY6sN084aDT5RqFqu8nSDVLTW1W0d5Pa4idz8oeqimesMV69N22RgmTia5io4RZomQN2joytCS8WG4z80Q/Uy9dT07ZESRFVg0qbDaOTqZqz8GvNNHRixDr0mWHFXMQCUwLqiXpBOZPlk7DUxN2fNGGIJikBY1ivBO57V0TQpJYyKXarDNtRCKvsHg7WRT+3BYjRt+H8Kwy/ry9XFZ+eXm3gYvKIEZ+manwDXxfV8J0eiT7/sbmF0g3IJYrS4hxikSwnGs1l08nl+Cz7HMcpyAbl4579Bc9h5mX1++IvOqbZSluiHKqEQaYVSmhmhuVkGK8oWnYV/cmwM4x4DJWFJmxM7OYj92GynSdp6yN0XxZKZXxVsAgNd/MNaR5RYiVtj96c731M4ykd8dc+XbvEgM2Jkdg1igAfFUO7GxtsnBTGp/pabqHVJy/+6xXRqstt92rm1KMED1VUWOwPVl2Er7J6fr7IwKY2sZ0CGWjQJyFOeu8EkP/njmWvOBlX6YiQIP25gmRuRYJwxOqaqTPe5YDRaI60RL90nJjXbK5NBmdFNsiEJsqqQWBEV1RWWDA+STOAr80crGt7HX++KpatvYcPZJ5AJq4anFIWWh7RyHKRXqCPHK14GeiKu9zrW9mGmOk3nORfUxPt5onJbP0G1IELAQ5I+vrAaiqMISV869p6sL6rv1pUYbsZSW7xPfQfgww0duHgEeF+uz2LCaM+wY7TolEA2F+IyC4p3PCRrBFP6FGT7Zj+Q5SzAqTHVFfrxcoojxCYx9vQ783AmVeb3yMSAhslNhYGqw89vhPyQVVrdRcX60iJvvZnjDyim7YLrdYm5IjHTBDlsP3iaLsYAP9nKVFJ9Hz5OXemKIHnmsx6MkRxPm1xwzFfZpv/ge3B56W1B+3drg2IVQ+hpF7i6NAYo999wziRoRb3ndXYSgZw/jyVlzcw10O5Lz9V4aj3AgXV4oM3sb5pHjbjHTu16Aztg5/MPR3u9bMjtlUl0B8255KLyR3At4zzUQ23DjfVW4ktMa0DWpAEaI0jR8aPTyYkTs1TR4hWDQvkANPLwW/cEHm+3K3kZz5Ar0tmJOes3o2NFS4dyoPysC1KHgXXjskdCSoq0R+mZKSk3uJgH2ckwHaEHe3Pb9hhM8Sw1JdiparGhrz7/4bm1h2zQ5JrrfVFSOxbw6sbEP88D1FVzE+pgfn9FMC5FDPHwKvSfdd5olczlWo7OAOqkOP16PlH0f23AtSsUDm5DOJACFXsXnAGI7gIjz8HjdUBIzeHd93FPZaUggUVzWPaJuidsuN7R5dPjX+4jLkRJBwt7jVDvV2oH/qTRNm+bV9BWqOb13mf3wbO0IoBJaJ0F75kk/dN0Q0Lqnvw91O54iyK/IUytYdCoulv2Gsr3+0QYYC3IMf58vBxcedvK1kFleI1OpGS5ASYIc8cvg9sSeQZ5FUbsRJCR+ZgoufpfxpS+p8/UEsV6nOnD6koU4SFw3ojj2Q9qNrE29t7G+r/rc+BAcmclkkgm8qO5mW57iimVv6Yamz3NpQr1DclvNYXSCgbduOC6kQfaa7bXaz1RlXwuiEWK8hiQNCffdLtvXNp7EVgwMYRNpelY3srmClcvhXCmn7Q05z+puwjW51PQ5yblRJ70P1taJtpoZ69uWq/jWItV5f5t+JUvSsxNDn9ucuaDpBAAz209dxlTXxxxhYsyqrEuP14S1ol/NTuusTX9b93hMUTbBpOmA8TzxdvX79pbRjiixFPYudJ6Xxo/YAK6O5pmtrDP1LYChofzZ7h5epJ5gx6+pvsSOkiNoDk1rkqB75yMN8htOAPeSyQJj3n5fm9q6D5rBCa8z8o5BidviIl8R/gEJ1aRl3KOR9ErTzgThGdAYF7Hx1gv3cXdnsHoJ3ahGk3Oeq4sEWomiRmGosOi8VWDiVLriT0S/lB4PJ6McUJpZjDJHOMPaPW4s8X4vRNCNcQJf13tulqCHx+dzXpXEnuCye615vaQCwPscEqndO4AWS4rD3untgKLebo6IN7Qi0vqRbB0ZvIBYBCkWDKcH9lZHHjiG1pvxXgGfv8ju/rMAeSzfugzYm7FnkpTZKFET8dj27c5GFpKM5uBPDwIT0D15wczDz4LDWjOJMisg5AxZkudF9bva6I418xuCP3h394XwvNy3BFkeTtgmlYVC9JLCbmjwTTDIE6Tb4YnVvw7R2nhHMNTdGJxh2Upnc3wvlWvfliCVVj8YaUDY5bzjXHZolnyAITEegcFm6TpGGGPgeABcSjs1L41CKJ8ZnZSgHIFHsKmRhu+NVn1B4WF7iK/36b0jj+fFArbIawIYxT+O7iQyrXPz7CN6GQpl9+v40DCrEUSSmXWyAR7opH1XE8wSfV76fdulWhgYqA2em2NJJvfFqiu2IPV7hp5KNL6yahtduI2iElh6xKwCTJh6bkbigqwcc5BF/JS5zvpucz/ZMfIG/IIGLSBg4z3CpXg2wLF25h/Bt1HCcPBCByhMaY1zA7wu/jFLqnericw+X3kzY8+HBw3FCz2H0jewEkOCeOnG7nwodYzPfC8NSDsiyVsQ7W2MS/25DLfgZDtdgGq86WFXpN21SVjB2tv4QdqT77ya/egRH+4LUPuLVbFokhSf2NHb9H+h0XOmlyVBs+JAIDx3HNdfI6mDXbdlcAaEmoSl5hxel7H9oKiaggyLUJbg7SvnonO2sB2wb1NgAOOv52eNYUk33rnY7/QjGy3gLK9vw0rBmkVrGREgvdTX7dCHWceO3W7eb2PsOwGonNvy3i6Syj90NeJj0iuaBfmmzCFT+Pnm7BeyNW5ugOUMkwvSe9KvNOGfsaB9kqZzHMUYmgbV0ym21Ftpkw1+d+OUaPDcA6aIJhy8771D+/A5GQaWCNK+nEILtqZ9ir65YlN6BDHy4LmiwMLYJTSTVaS5b2d/3T9ZKA6CmU4m3L8eOXu/TWrTqevhOmL8bl8AmTnyo2o6euxsYsRLHPqJ3Ew42re+hU1lz38yEHSqI1uhFvKkd/bhv+FvZn6XIJ17fFWz3o2TxKN6DnfrJwK+v6lRLntdZ9s77c/0xDAvKQvhSTow9w62LUbUz9S1Hncbzp9KmfsTgW3+Y/f3UBA/qwvscW05GcGX5zpZnGSy3VQWeehcchkiTfaK+pHohK4c+Imnpc/nc9w1BanK7jFRAMX8oQNdSrcxupZ4uC3qQ8YGISOnOAqr6upGjOAMVYukIzIxUGcTmKqPYEvhjO8V+3G/3WYWyt7P9aVJbTISebnnw0FIcGAShKCIyeQJGnPjoq43KnvWQZwdrwZQF6TblVRvKWnljY9ZeETde4jg+4uL5vVc5jEeBj6EhNnl14PnDM5LUKMr3I/xXfqRe7+g+yat8OTwSxVKs4gD6oNhz6NAz+KRy7Qbi9aQCDhC9OMtRZ8Aagzt6WeTdmSb7mrlO8fohb1Y8a3+vFQwY/Q6HmDu5AOI7ggZF8CydnF/Td7pI596/NCwaTT45yN1cvFIY1wM8eTq2wWdsOJhK9ONuRYluwo6jZLlNn2W9C08e1jfJLN5PTHSvq2iL+aGfVVpd3TSZOkS0GRaDyxCrThWSWcGT5+1HO8M4Of4Se1AkzkOS8MwN8/c6MQuyb9rXtKL2BHz0JBc0xYkBTc8cHJnLkrsLG3dEAIS+U8SDQeOm8/PP9WVEsh46KXTS2ala3tPWIfV4WUKBAQVIB+rMSXOAJXPyyhmNjpDOUHUl+fxphnCXjC18PJ8uLkqLn+3Oz80p8EPbnmDHRmU285qLSehHMScRPjQhGcHYkfe/gUPZkPoiBzzngId9F12Q19AVBsAj+Lqf7RF7rYMf0VZZwJVtEcgiTr+IZlCnXGhnZR+b/1Q4ZBb1OcvGvFZ7yDeRr/1wMKYom4m39PkzXH0rK/T/SiZ/kBuzff6znaYX+8mNXLf2UUJULH/ZA38RDhxDkdpIJ7Jpo8yFqrVYWlNF3fym5foZ2bxvtIlv4YsCA4XbIR7AL3Ckd8JRZ56lmIA3FC2XZPMxp05t4/Eqy4ZQVJAEMrrVbYld9uBiBBpgWhiL5BN+MzsrjYre+ITz5EP2ovdObzYYm9Q/EglQeAxmW5PbodV7u2/Gw7yUBP6ridKkQ5uedmUgkXJKMGnVB87bpUAmzf6x1M2JglgSaybJ7a3QLCIQyveLi2JQKtNWyEJVOJ4rQFcRPWyojEzpQzVNruKfzCFIKSyds0WLfr5eZmfANRhiIuXQjbQGKkSDsYOhafVZ7Xv19LERBLoLm4/KmeHDp8HHV9d5P1U1xNMe+UEME/8Rr9o08s8IXdWPpRW1j7O67AiIdZ6GnUeJBT3NSX72AkJy4UdVLeu0Ii5WOnuqOEn7jlcHyGEtJGP/IiVLjBJNNcIwCAxqzE1tQWjMXCP/SHML5FauVrNOJlYRchv8JDhow5TrdLv37em2tO4Immnkz8Mu/WOgpZWUR7YWoB83DRq0BxN5SXc082p3EBJxof6K1PPtPwAHRoFOQOMPcGsPhaJdrslVNmteLmxnCztRU2Q9abgnZ3rtUtvKWS1vNrxFCvvo8+gUmYRKg6dQXv5VBpShcG8z0kYpA6XuqbxeGI+G6rO5L79zH4vgIWn6PaDZuuN+a+Otp1Bicfy/m3hcrp3c1guHDLQIPbpBXmSDOt5qavZviwYjacYJLlOfCjNacatkw6tpVkc2yZXMebqA0gdahbli8u796lNt5JvhZB03orU1EXWmmMq1OXshel3sgG59uSWETLTbBzmzbk8SHnpRM5bpNitDgJyzHXMjVGFKUrqKQKfBdXtzd4fWCOVVGk6ULSizBhnm+C0jAHKnChFOgR2ULN3S+Lf7D70DiSERg7EqQr2IKRPfkfLOF4Lc+Ne/thRr4PJXO99jW93bvJgKvmf1MbmUfeduOC4qjz9iYlkts61upailmbad6GuqIbrjKl1OvZQiFqSoiwRQw28Vfk0PUuRLeqV+jO2ap4/UStiSJ20LmGVEXXfOicDmQMssCqjcSJyTBeAqCK9zmd5tnueR8nzUiD+k0KmdPe5NmFI32qt3PD47HxT0FzPcmdGLzKqOS2lurRpWBFjPOuarUqlOotXn9OuRWdFV11MLjCJlXT7AF6AEYoVbu/yFAWCVsT3Kq2lTw2kUm6uXvC5PjQSw/kaGPDcAPIy7ar4rsWiAhZccfO9ACHgFIkR1nN+PjGTDkef0Hp+kbrJjabppD4eNt1S+mNKQbVWO/fWJ2fcVUnyOHLZ6e1Qj82L+tM6vP6KN7tnU5HjopzL0zeEvx/zO+g2r47e5siC4OduKD9sSyZdy1UjX7q2RCmMBNGSarSEyGhCLnGcrMlidSYj4vtROUEQABCNxEplozfS5n26jzmxZgshDVA39KqH9WpjhEFfJx/rsX5K/eSfx0MK5tgRgh7RQCgHTQy0AYRXavLoVqeC1NLC4btUya7MDba1/rmh3hs2rA7YoRQn8LouAUiHa+zcPV2eNE2x5cIEmGn9wToXILFM8vijXbt8uuv2jM0fK2hiLKLjDblOxzpUpXUU+8mgYP0ImBWhCCt6weTROK/WdsIOp9/seI8/yPg0Ba3ao70V31WBBr5Ti2VmtpSySrYqX5IkobHRNi6V+1qF61OOtbLKoUInfoRHAYXuaiMWWgXULmFZFh1Pr28+m1JjbSUZDcVxO1kuO3finnfNVDceB+OFnfYZi0YyIgyxw8Oxa958liZSnaX9ZOLGXFXsmEYp/rhUYipSgkD6mCyxwueiXEy1O65VQmIU4wRj2pCfRiYYdDyUj6kYh9wfJ2C40RcxCHTL+TjvgplvHz+tmqsCK0nOxBxo83RWSW8udTcrIaI+MTB0XMqt+6wE6tZ/4lLFdK7A4v3A6gIrevYTycikdaoqspeCE5/0E0uClw/1AoeziUTGdK2b36D7qhnSq/3GsH7jpNogLjFFcjz6FTM9t/g0s3MdBY4fhlzBKGsDrXkjowAzSlS5hmBJ97bdNAtFpejNv+jXGLyntktldOZ0/9Q6cQRuDIaMr6/QEiwgRLwR4IK0bwT55fJG10xoOTTj66Kmsssi4nmjQuAD3Xf13FUyrqVbNGswdSMYRly5GDsJuI6T7+Clmct+kWyvVz9OBR4aTukp4XIryI2307IEn2nMtE/VQwwr2dz8YrGqpubyYJPHR7y0iz2e5Lk7NQTTkJ9QZVA+uEm2KUMNL6M93UuyEp+R1d2vTSSHW4VkuUEQPtih96x7j5Rebr321CW9dPbzbeXpXBwKEyabVzLwyJanrxXAwGY31iYXDoA7R1OneZuRN/V67PhtTHpxaFq+t0UNLLEcjlM4wliBZJdjuLTDVvv7ahNyvuASy4+tK1C4RXvdLDrDg9FQ+QE5gcgQFFs+pXFVrRkuL8kImve4RNZbBnTd+TWw2zyCKVWuwiK8rRSCapmjiZQ5zzq5/HpmpQKKl+K1fCfOSMolAqs2L70ASKhgTxBiQXsmoUUgf352n16nyiSfbbGIfQRDRSejfFkYErxb2K7NizjM1Dpa00TG+G14JfvrMRbttedBoBeP7zMaiXi11ihnFHW3/hHYbUox5M4iN2iU2XKXBKU+gKi+O68DTGOOJSzHdjznuG5zpzVEJpiaM4VlvutES2JD0MJ/LpGRgLx6N5Zl/kwGcKPamrqVuW3pgHlGR9ZIMcn1XYDqeqx83jQLIZD0wys6PaITUrmmXa4arexLeZ7GpEJReWCA/TiP/LbMjxSNEWYR8EFeDSpDThwI1g4SfYQJno+fZdOnnSqgFv2uIk2pVjh+qbmMyL/xSe69fVGsvygFHPoluFV/ZxAA6HzirC86p6nS4wBr4G/+Ac1VX3Qe3nIkFW1OEQ6SoXas4MHVz7tyIJLQAj4gziRSt9rcbRfZ65VFYw0h5MePTTfMR3JWFMR3jSgM9jjrAsm0KzbHE5kOcjQ8ZX9ZLvitzZY+eaKDDo8eC4UO9czbogbToi3bL0HvLuixnB/itp9V4HEdmuFo/NF9PuPCAzDgm0vXSgwYkwIVhtNiMJHvCinK52DW81lP/qW+b2z12N2peop4vc8uGNrtaLRq2WQmB9ZTp7sGOajHLkATYXy090tZR/0dIHsquobcGybC+tRebNiyj5s3vQ6EhTQRn3DeD55+s+MfzScQ8cMhSwZ5ol96fMinKDRzt+zR5cFIPPgbhcTz3fpdClAti9Hau7A89wAd6ieesWcVaGH3bkS/txYlmJGGohGkdN+sAJIIAAdmWKkkQ2cLuXzXWkxgiZgXlXipC6PDxxOBn/FZgYbyqDi6ZN7vRN6tDdH4oHD3HiDmaUfBrldduaTH5vYgsknXvk5RTTzqjxixdlDWYUPkdRo9Ult7WWKZNLlHiUJCsEdhhmC1xb6NLCLIDJOk4vGcQiHXfQTWgUts6Z+P+sUZuRnQDcoXESntt4gGPh+FFMc96HFRbvqNf+xiTpe3bJQ8JUruAaw+HZGski4YkicKYZQiLwr/qeZ3hWjBskXKrYxaSTp2jYarx6FTqNrSAYI9Lva7UC+K5OtWpRNL3fpSwFesZceOH6gmPDyd1DB7f3w6DsY7aBFfq271PiVc5bJoT3ERbyluZdpDhAf1eXqxQlJ9YUQbyUPijJMYv9zStMEL9OAS9n9j7Ku2ZLeyLb+m38XwKGYM8VsIQxxi+PrWjmO7q/qOri4P2ydPZoZgw1pzLpibQ+A3jaTS7/DnMKmJl3R/sWvh5600hMfrDrdAqA+AXTUSpW/881lvbLhBiNp7/mRYGBsLaiOKL3VVcDSVhsojELOr4RsrTSY25/eEowHqIsZrq3tByyuMiugCWhF2rkr3IV/W3KWixRvn0WfygyIWo900X41figCxXf9eQfQ0qMHrgp0ah79a3G8EaM2vB4snT+z+VRaw8mu2ZayPRd50RYfK7emwQv3sI67fkiVQCp2nImP2f78tY4P1hXeseuOXcsfUfJlFgBIvpMuDfc0iI8f1hf7m7hrsuzyvTJH/tHDxFklyUFinosrVq1qllkjXZ1ITbtv+wioL3n8/RintncKOSDyuOPgdsv3gYDMS3wV5f3opxNOZ41EHeJO3cmS/nriD2UKWs2TxQ8QN5j+PVqQUHq/ebLpvji/i5FM9HHxHGolE7EH7SLPc7I+Plnu4fvP5TjE8tYSN7IxZsO4zE9yMRszTyZqandRMLKMgi5Mni8EGMNATYw3vDcdeOGMP7wloELlgONlEN+crvyT3RdG2pXYiXKboIMAxBZwb6BV6dZsSQaeZrzV2Yv17Od3dJmrNQmlafQcyQjyGIBkj0pmKFv1AL/LW6Meju5+6kbG6uLfDfssGrBnBXiLLh89MqA5Uwq7D7NMEZa1kLn1NA9phkM2xiUznX+dzr+pk8mtBaQbbAF/mEnhEYF16cCGOFD+AvwdEWudo+ZP2z2/4Pb1rdwD0s/8mHpsf9liWIDAmPlu2MtXnRdJJsfA3ITHEDjK++Wtul9Sk1e9lJO8SpTeVWQhQyDz8omK6ATV0rneDTpSSn+7lhwIHCYDT5a5WuudNxrYfA00C3FJG1Cf9EWsEPm3WH5Ko6Ha0S6SBRgZrPlUO+NnjCwrlyxSKkpoXIVfRDx7KgKwx4pvMtBGsD+8fvzf+7fdYIO4H/J7zP/yeW7ncZ8mF6iiZf4tK/erdQV1o8zsCtrosQT67SoTj0ngd9OMCIDHMN7RIA8IeZnL4yKWEWL9HQicmf2/luHxvmFY91cWrEaQMqgfM1F5LL6c1/Oo9JKPAPm5z+zL/k4AUXRa3sUnC9Hd3JyC99XmIdTTCBGxgtM7YekPZUiBkA8RWbpWCjVHELtwHsHkHznoYOZ9WGF32oL6DxUsbH9xv8jzWKC7JhEUCp91knATKCc1kOa5pAw2bisQu6zF4CfOafGvdCofqkJfv/Bntt8H0GbeKi+FuqJV1WDoUKvLraKg45HsDo4huqlUx37JabgfPEJ31sq+K1DD4GTGTcRdb6JDs2KxNcPTqCQcKkpKoqV15HPW6DmoYWSy0VkbKxDkabhp3XCHZFAsY+E2AjYn74q5fyNB5oJv2UJNv6r9eb5itj5MXqR3Npkujzvqy3VPOsd7dLFzNFoQX9KXX0vhjMDdjOZRzJtEqJ4bgKF9tvp99iEfPHEmazutQOo9RJxvLn/UEyIDB4by3cBVd73Xn36qsb7wWpuKba7BV8H0iaPYtemzfPIQ85JK67XbznRTThPcvqNwe79QqxHYLtyrAYiu+dgO/dToQCoR8bOjjfYV2jAw8Y2XTuMeO1/rMaUyM0nuBUOY3GOQSBrKlrE10Ddi5AECPBPxZNzC4JkkYfs9i3OrKb5JIq3j7tS4rofyLvc+E7S4gg1E+MPG3vi6t07VUONxDqd3qs35IrYWAPiXriBzEc3MXMH0jn8KIEPPo321TU2FioCKsIv6FBdBqaRDQFYkiL1i1THRbrz6lbM1d94pYQ+3Vh+1Vqdl93hLHnIwAg1KA+oEbPrv5kzfIL/OD16LEi0wM6i7H94jseGVoMfaYsahn+rWWL0PkY7KEWQdUm4s+o5ml/xZ5F5iobZdL3x3ZZsFYTKI+xwfV58QVplOOm7iBXLURQ0gtxEh/wxASBH6wFD27pS/XyTRl0M52KZoMmLNctvOLVtjD9lUR3vIsyjgkuqEkeMGhrX2ox4DMyGCQEdpZm/pB1wtu8sBII2kfMmzsTjP1bij2gYTc4ybM10iYOwmOtepGrM1mjqQ8rrWGCaUan/vKQK63OC/3CAsfZo+CRo7IhQ5sQdaqZL0Nle2JJeDs3D8jZOXwXbdVKVjBIYJedTH/VvvKch8JRjupW3V3tEc99vws0EQkl/JzVbDKZycfCeRbLw2zXsjTSv9YZPLMIu9mkGnx+1EuVHw1Qp469CTCaw70EigqYVFjTF/9t9kFakPKxjhPaXvX4UGf31gh/vhfxIUwp7y54bFSKT2DY7PEg3PAkTEi+VM3XvV52kHYJrQnrXRgSa97uNfmQcyU6G2KcGpmuoFvMVuat9hcG2m2w3V4kofHUzggp5xGeIK2i5tM3GH4yKF7/K9aVcz2YfphE20ohqyH07/YGmO8rWdXV3DbMDlYJo8Z88AuPvjf6ZcOo7FAMw5Qp8e2H4bI/M2aXIFRgAJIKJ6CIrmKKR/Gw4SOf2VBQIb2x4Ig5sXpIEK11Hmd9Tg+EELFOsF4f/xZeBtnDfMO972YaKDxkQx+3oyPK+YhjMKxJYgZWnH8EWZuvN5EqKwZWw/Y8VmjWnwfjsrndV2jxk7Qgjlub/SImHn23f61uCNVzf0VG61eOKZ6eALcwLzCKhrxebeJzv+kzh/Cllqjw64BFcMyYRDWKVOhOFPA12N8brcP6qUU+pcmfnA7B8AO4GDufaJg7qz289cpc/xqUJjHqO4y8i/16AdaSbkihNXpvDYxW0vSSEVVYo6eq+sM3iUY+aIojZAXqW/k2H0eswZx1P5pBccS2goTeJF/T11fx+jCVCQolcuinjdXZn2WlbaOMI1B1q+ELmK245tWb3HelI9OikL/wfhMjtcLaQ6Zc9/dxtRVUxeMAt6VMOTVDevJZRjzYGN/rVJWMxO9pwqaXhHy5CBgMLXyFd4jJndRIyH0T33lT1qQF9ukVb96KroLx9cc/YIZTRQ+rINF5Mg7d5fx2Dvnx/56I8iaOdzkm9uvDvxVnSm3vnTvQU2qfH9/qUNZ+Zjvk85jTT9HQgLWgT2lUWAwHlQNvTeizwMHavAQ9ODPJyw6zqm1rBDw6YGpi8FNgzNOJ8QIiuziCPRyJ3M6AmltQ0xhXfJFCfMl9Ty5xXHAhHBFfLTFqQ89Zj80D44ATTaf09yeKutz+dJuNWVBrF27C8BPlxrxkQZQoWdjW0/rwoS0hJEr1rWY29cqnId3eEwEC0lcL5OKIpm9BB0A23y2VEZWXVpY2dcmatHbVpj2qHVnL1TYmHOePdS7c9hIX78V0vyKNeQjMSMlW41AFAD1V/ynZ8p79NWQ+vhjShkCB9aboNzMq/XyTfDEUdJ//Tj6+Xw4ZpGFk5S45gSFyOELZ6/PYZJc3QIld3aaitdxPxQhzBfidJJ9ULVYGZWaM2KHYUcbe7D82oQxWYtQyXCLeuQbO8o4THU4K5r3QGYAm7Y2yVZrPPo0bLFT8QHxUkgm45gHX5lGpHj+8thKamwOiUk7TZj8I8hS9aEznvNRGRX3W3bvleE1E4WWaBysgiaLD0njt/84B6tHzYA+xdz+mqzATaKop7LLwUXN+EBogLENf1AD2w2o/pdZ1Sr/y2ASjCH4om95mkJpc0yus1MVY1vCS3aOhuG5vpX1aoc0EQKJaek2zdn3KwFVkgv7jpA+4uiyDI/nbN4imy6aJ2Gaa0RsqE2x8Jnby6cyfriygYGww6+sKZPcaSPTqhFITNm52IkCBn9c7lf44D2XQ0h+1IZL9ezRYNAgyiqTvsf0pArnblln/C48kvwqHYy59o+wVABu4eyB9x9U29U+xSUC9969LkufFyjRYim4qrJOfOPtjm8us1SU9XWtMWepKvEgdoj9xiBrMUr9l5MchfO73JcfIJlLp3dN0TVhdqfxAZd7bctErQYifqYpFusyPBQ9w93hjM0wOlxGjHlW5T5Cqij6UYVKwPmyxjdTf4I7sL/+5Zif2DHImI0NmeYspKpKsqBuCJ2yY9k9tEq/V7uIlaR6NxnfSs63aj674yl54+wnLYkRaHv5rEm4dEPtYQxDOv0+dVSvNczlx2+I+JyutdiYnAE0RVeXwVeQmX/knIEaj3XeEgvpTsqkH+Vz1wsUm7J+1C+LVjpZ22ThAEYSeWzvh2qr3vAFkfN6HrvEM9Bi+dQejMCwbHg8xoOHuTs+FL0OiVPAesR17CoQ0qlzv6ezdC7c+AhDRJVUO8KSwT5O0CPly1+jX5CIYaON9TVZYlVlKLYvHjPVuXVULEo08w5KxV4PuJLayYXUBCuvo5C3U37x+eK4eEwoXzwAQxFkWD13D+6LpV2sC0yp+1prX7pfmWKDIY4yPltBeCYZNY8C+yndtAYfsbsq8Ac78i7wTKoqFhWHOb5DXzpdDDWqKFXfm1HGPyCSjg00r1VvI3gaxRNWEBpLEDy/+Tq9xFM4YQEYxP1cm2iJyfXyPZ0cMb4wwsheIk0RMZWrMs0PN/G1Bf7bFXDhKrTujQsu8xjZSaKy9bG2PMIJCF8sbormF0p9Zjn1kJ7tXnXBh6pi6y1P9SCVJTnqLg2fwZW3QjnQ1mvoE2prnvAhUKkvogMc1n4VbsAJdGsGiiBrDBkJNCER/p7CDGOr8rBbk2HRddfwsxwuBVTTOMYVVOpSGrImMngetyMYIRZ2nZXa974j/HApZEuCqzZQkHSEYmIUSR7JrBVefEE13YTQMpsYriFSsXO3v5LstJmZyJzHtJIuxuTH5aovzSlOf0OFFkBjyLSHecoDx514wmCCcgpvUVcdT1oYaeGKF1pxVCXbNn0nPAmDN0xFAbAp7c4c/+ag+lf8lCq2xk4utqlEb9dj+VgAbxJ545xxs9N8N7peM65wxCJYDCflDFUZz7YN/eYhdJ0xqibwFRBU2pI2h8JB2CNj1IyigDNEWcHC9ADSRdFkDD7XdzsXya+whpxJLvOnqkfX+SBdxXQtcwSQlRDkZcd0SI9azft817DV3KrIxfEaE3DVL5PE+MEZV1tlJiCasgYQx2TTY+Yq7FS88xrrLB1Zt3UoUKSyuepU+yPkuxiuKC129KNQCKxacY/X+8hLW4o+8fBSULIRUoaz8AGjdFxQaaCeLUoHha9VNvsKwOVQVJ+WHIdPxtdaPacgktl9g/q8sZGrVnnhuuMLVfXtQmVvOCWOOOdj9sgkIjX+Pr9juUcwmz3mM3OzIlPPvpRESSFRhIqXxx2LV1NyvlRx0A0R4dFt3rAorKhYkuQFUBt7tBIy7MePtTf6Ogd3WHe6xS/eCnV1TV2GonlgvCT5TJ2OBvAYn7GrOxvWrgSTPtFMdwW3fJ/2IUMyYw5+BKZI1FdJsyZjp/Gk3DswxKk7SRAkaqvuWIxxI1NYoSRAG4nDPeSDFVQFWaEq+52rjgGYC4k2P6+Y0zM8n1S2+lhGFP9gj0HkVKGQZcV0zCDL6MwtoYSQS/N9KP3BLoFoZDKn9OTDUZ8r4Y+7O87NvfV3INN/ZX2S/4Wy6XspgJ42Vwes5R6QJlUj4Army/8IPhAZjMD/eIUDwJ7ha8X+Dj82EZkvF1KYecEy4scwuuMldvfzhS4cDMOdBsuoj4cFgSg2/wbiBwoF2LB6c09f/+g7Y2n0FzvhT8waPmsmwV0uCVUhwUs6GETBQ/VfOsdATpT4o9dM1cpf+s25tDy+4mP6HMunqNopvL+ZHHYof5R1/9ZVBtq3/1wz693efqn/aCnnaI7qQ3brPX0lF3VaXovrN3Ppt3Lp0fP5Gr6LEIfiqFqfzzd/X/tfrv9/6zb/1HjjUN3zyKGVWvnn9//+75/3e97B8yFa+a/0r+k1fd4dqBH/2/X+UaM2Ib8P/u3d/odONPr5ZBx16g2zZ7CLZ5K//1Sa0eCKkeCVhHGjAO3kf3ve/6OP/czXf/ms/+k53W/Sx//xOs849kn95zn/dbz/jPmzTgTYtFq3e8YcSUJXynp6Vf7MxRFH6oO/fu/2rI2fPjWc9Wb3f1/nz7X+jJnVd1uGup/0+b2XDxJRYGb0vvsm/Hi5ggIZvnObzXNbPj4N30ccz4FMPz4sP77N2zmNpsJc79ifq4BRJN4hfueS+Ix6oLr8f7rzMzto8IAoHPrXO7v/fuf7v7/zM45NHsJdOrj/4842RwPlZ9PzwJpVv3kftO6g7qn3/xzj/+LpLO///3R/rXTC/U9P989d/5vZsPj//q6v/zAbv7vyXz7rg08u0Vcg0XvK/6M1/oBUGkpRc0xRpnIgozIa5jRfzOiFYvPM8u9n2l/3slrzSkLx+Z7qpwi92P++l6jfum6+9rNuwQh8fvaiwc5nXqB3mPRWS1/vMAAK8T899H/5/N863v9ua/62c38pgAN1evun+f0v+vbP3EYATdAgFpTYneoKol+Y81o6fSaL4Q+HHgUIFJQIqkSGJzxY/UFq8vVJ263f+m/riPKlbZw01kLXq72I4nHH0hbIy1bgQFgxEM+jxkZSb+kiEQ1fhBlHyD4Lk2pO46Ge7YHkBkXDpLdH336bum4jv6+C/EX3R7SlTiMvo3UC9AT03+DoXmpFcxwQispcc2cp1I84nltnQBdZLicoZqUEgUQ6z3tl1nNmEzlNnN4bnlDyeG1YNMMUSBUSwS9oZ0TonBI1iOMFDgjbIZsCfpyldv/5rNtmypbvbXVWRWEM2bmLUWY+0F2u8yS7A6RLzvKHnFDQzJw3mG/Q+zmCHN6a/jlE7XhrznSSK3gFSZIQAjPyvfLml8GUKQvEzFieseEXs5s5ApFzn+PaeSNDN9Lr90JidDi1+/boe29G386Tpa5B4y5rMmj1ZxTSTKTjoWEVx8tKGgZtPqP+bd6LWYPqM5MvA0P4srZfgV74Cz1yoiYMHvXTX1uggBLCWF67Z1Zki0Y8GLn3m6keqn/Du1IDPkkn5A1/qspEwN9CFq1TomyauiekgjSnexqWpP4JqKN3DA9kuY4LwmCtXP7m4a3Y45DJGP2NSLI1qjIPLHAhjG7v5GoOD4FM4a5DkLvdjgjnMPveltcMRgvL3ku1LyAZmRDgQ51dIXdX63cskYvoOhwojTJpAT7NxXZxtAR3zAzLFCvik7RvWTxPESozHnu2YYz/Yn9g0Pd1bQTiRisqgHwSi9N0rs6ClkimzFKPblDo5QIx18F/neqDmPMWf9sk2VHY7ojN/dJr1bS37TenkGQx+PbBUpJvrdJe8+k4aB86VEp5oyj60kZkfp7JME0k6Tg+usEk+aCfC5pfJ+kjSzIS4LgP8SfQjwzS9O0TSR0PRySMSP6NYqbZCeQtIFFnfioYEoULuetxCji1Yu1XMNfPo6XebU4D4HqYZmLmg0WPEY4qu4MQ9jKOaEGfr2GePEnyoQnllo19VBfSNmJ+JZdSIj0jHsep557cfbDHiRXkjsntu0/d4mcS/HaNZZP/0Xz8hL4gWiODTMfXM4Y/74iPyeHZjEecGSQYLj0ild++bww0dz5DTrYBYhYSHivQRWg5ZYCnHPmF04v+PRanwJIUQc45bRjhxshkUNb4sjxI+ZMqATwMjhrcf2Y4GRlS6Zv+yJ43gDBmAwxhfvP7zfxCrHLynohympA2xD7a8sxw83GnmJmxh3bYKH2rom2EoE4Yfb+aN+8hp23Z83YS33iv/+yF4m3or0Cnj7JL5ThnDbtHOdEciAMknLLme6Mr5fy9c4oLWEwWUBiA4kUBq5odTWXCh/XFIBzPx4wXpcE4ifbhx81xJf7zVN3E4MQHz7VmtpwXNd6MLGHU0L6ubpQdLRUSBNQQTiRRBYO3QB8NkzNmC3+rLzzc3bIbt/OgYmY6p2Gd5gjGGi0vENRx11QUA01Rt6yq/ZPQ5MNM/bU3bdhJ6Z2bQyzkFuxbA5tNbtgBVk2MpsxrG2wVexMo+XVF/qEVM3chW8JaQ8zhRuFpIaXpxrI0DIruTBpBPbb+MsYKQ7LnaXrLdekV2cSPnWKbYKsSnldAfvao3glGgwKhaPsyHkrCPBo61vn4IYduU7J4vx63OXe2OKcJNs1z2qFg+RVe8u2/hijgNwPvzXvjDE6GKTgicwyy7+gGdR/TvsTjXFsqWRomzgMaHghedayFogzNljJgK5ommvJCUPmMdklbTc+IIL/c/ePBzQWyj0QGmpbEnh5INNc/rJd58LJoNUM0suk6CZjcZquc7utj4be4YGUq6OBFVbzzTspPc9DoHpe/xvj866RTMO+gsikLMUzfII0oFvDXvS0Ja8eJY1jkrCbBzlvOlH0cHJ14BAsBHSh0WJOjWgNQ/M981z9ETTcIUFm4ujS9+Phah5CV8SWl4JXz0bby5wQgnUK6KEniS4f297iq5sdsGBKVmZg352kDBaoDBvxS93LzQj2dgxS3Bnd8mhU8D6AD5+N4e3mQNE+lWppDr9bCTfg4MCRsZp897IKqBXbUUPtoAmZxN0VROHsrO9/BHBzeT8LVuXyqSWGOGFOPg+jTfwVE7gQir+9jI2jkXleQCRClMxQPECUZSBAyFfkIv1ttP2mG39uxUtGyJ7twmLavVoGi0GDxSoeZtAlsizwLH7vlJ/PjZjrCsWRe+bYHyvPcZ/q6MjyWYhT5LYo3DI2U1yZKDyqKuOJ77FG8MpzNOhdZSV/K7kZFGoZx+pINBw5jFa2GzBYMyNuki8ixEC+no1eCTIcT6hp3x30NDcPtI42+ILVLp/FQZFFRAN8FRRcTwA7rFuaOIkf+gMoAerZjYI60kYr1EQtgFTRohR5nsKAghv2iheNjR2t7jV/kZgMG5TqC/EjCRCjbZ8U9ZIvzXnQGSBJjRniA6P2M/meMIGKnPbLlr+q0xjS/5ITwHuDz7QxOx7FahzWTGSZz8Ft7J4ptJlvyBjhKAumxQ9uVXuC3uEqDuDLfdKcmTm7fH+yPN48ajtN+JfL7mOI09+qTIkWXgjN4+dfAinzZaa1Fhe+0SiTWtixHasoRp3iMTKoO0AB6WrwsWxmJbCWS9w7Z5zC123rPY4b29iLaZNuzdMJnx2ZyUf7Gz9WYHR1GLaY+jD3C6uHodMyaAa8YmJpPixooEsFq9u/Y1gK604qWlI+1CBPMtyjDPkbaTtkwkLLPK+Qum+cOLJGKM3nlOW4kaNPQ/Jd59pi2TqJZbp6TeEUkW7CW4XuqSsX6jz9c2WqIQF2QlrmMhg7mgIpubS7sxsCl/gXtFwuPkTJ5a/G5RQ2UWQ89wbAIV+d977FPtMkoVSr9T+avtiXQDnQjNqFQqLBH18ufQM62in0h0QAQsvfV0xflvKnJj743EyESL78avBDQBgC5kjyHjRzsn4+yvEmkPp8UiSChncLMU8+J1Q4kFL5NMapM8FanV15phwX2mqN0y3oMkao8YxfcK/awl5RDxOSdMfIAt5u9BKvyoSrWQW3s2U0Tlq/KNkavt9T7WUmueDfuHgs/U93Jdi+2u4vKDXkNKJqlf82d92z+pkzkDcehI415/jWOjMwstPqQBKH6HFMMPKillwNc07EWQRu9orI6eYghBrzhdYxmrDR31pN+G1gH0PlNsObQQB+Snw9G4RAgdclynwz/qcD7GxO1IKAcvt8QKv/x3swvY95q3UUrdvo1OpmB5c3iMoOI8p2ls4ItWYLxBa/NkMV74CXExE7Et6FoHW/GUphXd+/n6n+Q3j9eCm6tdPcRP9OtmWpNbL/TrwDKIrpmDnTHB8F2do6TbydI6/grdwIFDHzpO7/Th5Dc14vVNj/hBsC/K35VzsG+FfelSN+XJchoWgItEvnI8AgGmCmrlviHkaTsWRVyxAqXCCfGxsaToUkjA79eoPtGJP0GEiwq7XnOzMiHztmqI2LhqMa9S1rPmh3khZ7z4mcrU11TR/N4jMdHV5pPG7LM6/SeIYsz7P3wKiiozJLxyBtHJuicND7HdUb0FjsPKEY6skt9Q/sIONLDRLLu7Z6JFEXQKmKeRzwcvSnpQ02Ez9ncTZ5v2Ob6fNC+IwYY1RLqu94IkYdCDMs0HlL/Aq0VC6KpQXtExkOxTuBlet6FVwd/5g749coEmfvJ9yC0BENqI9aM3wQs3rCzaJaKt7f+QepLvMg6eJzBHEdd917xPKuSZiKnECas68+6yK5vmC1prt9XCIf7miu4NL0G/41Y5oeukNnw3QL6qG8sLSPqS7GvXrWghZKG1x8HHFe1+zVJxraLuikgwoRpYZqqKRKP89Z3gI4bLB0O5g9HIxzml9aMueVLL3YasNFwO4GahXesHKht0ev7+XQiR11ODXBGzoz+UnUl9KALE6mkd89aYWKFIQDUnt18Z/qioyLhBaQFAPGiywPFoPGStA8cqCgcTyOJZsPjiABC5C3Ad2QIxdth+HxXR6E3CXFSyv4ekfkFUOckcuJeTU+v3kgbqFpsSPIznGsNY71IoqB+xyHti9MrNLd5Ay/ZhimiNNohKk8C90XSb5aWD1+iid1hmGhfA2Hw+D9I/fHiNpfH5rR08nh04buIT2s96eV77p5zFmFYaxacoztaG2We3fWmmVny8RdLeXt51uXjAnFnkzDP9gRWcvHzBby1/PmVqa6T8aVgh6ZodGBxJxiEaFi6da3tcA5tnjoL4jKh3x56ZiJGyVuShpRFoYhZRElVTWPiYRMd6+Dam3oSdChu2ejoa1jVY3+NghdzY6dLP2bygaL+9lJdbm8HpR+IwVn6WD6lh8DQyxFW9E/L3vKFSHNSFDGzJi1vqY2OgrQI78yOb7KCtY327naHoXFB02oEs+V9syHOKhaJ1A/No4UBCMwD6OA6UWRjLlEhUB/QtQN7gn2hS+qsjXg5815piogwhc/51js/GNy/DZXO+heWnFx4RNlSUnozbjHPBs1rVJyvQuyb5BO+iH9a1dVdx4OGqenQ+tP+1qr1ZkDC2S95GzKE5ohjTYWjB5Y0z87WbnUttyTU86/C7Gb6IF0UkZXyDp5FY2nRUmbo5uRH3UcJzvGtoPKWagwz+el8Gt3AMUUsq8OJakhLBwV8hEAMvQRdoviYrI08wfbE5eU3/biu6fpFOJhGgrlynZjiLJe6rcK1Gr3HKUQRGiWRrflKMS4h88aE97do2VRlKt+sPPrGVvrzhdxaYnLGJDMFeO9N/95rdjpfTwd2muUbSJlJ7lWLn+FLfVwRJBOb8Xm4oNhhMi00OLk1NneU3WzgElI2dTv3HKzpW2BorvM2a7bJ6/VQYr94fzkFbq/0QPVJZSLLo/34ez7U6wFrePIJv9+J+TzWvNLIteQt7A15LUgMuWgm4WFXfzdMKB+2KFd0Ib/q/IMF9pq9yV1rQZLsNW0HwL7R65W8PSHZX0XSpVLg0JNIvMuxHoPbWkID+N82/hJG3JmuFrttsQtX5dOiBoR06pYfoJtxR+B+0TosCXxQ7nci2GcnqR4nnu/3SNVBrB68Kgqz9FI3gPxYaoHlm494DyViu1T/MC71QlajAPnBaKeJMfwGWbp82HrYGUK3e8M8iwyz/hQbibmRX+SO/pq6NuA7VCaF344M19YzZ0z0hl15LFWRIRBKcPTF6ULQ8TC/1WB4OcNP12DxZFEoCyrXyNHyPhtNUFUaIRQV57QsEKCbevhpEIRL1vi8OKqSxpQeiNUdn191xPNvq8ttd9Oc9cVYxLavTCTcbAZbVxylX6zFPB2Q1URGBnfqQ7l9NvRl8WJZzninUOWRGhQ0Hs9oZd7Cef8Y3inq72Ihu77Sknh5a/Gbo9eCDuvIkh2HrWQiOfsKvEPzeQwXiB0SZfMWh3Fg7xeI8Ey/5k/qFESfM0aPnSfrGzJ4lgkeuzPBj1xz9cq81m+jFlsveqsJXujaBqynDGHrLvab3MLlo7u0h+GsOLDnbNCJTmKUL681OOmOedxfcBlTcbyb+++oJO5X9vzW1pc+v8FRoeKpH9DhSjvBCZgUM5bP5KUd5hM1d1RohrmnB7eWuqQEkLcTuD6qJ7ctImGifmuVnt2McQqYIDBNGwvqZ6sx8XozIHKjWaJz6cEDXbj3eJ1BDss+K78KKJM3OnYX6UC9MfO/sWnjeAL7mESnr+Wd0E1kKIH4laoEFkUUAR24FTR3Exwr2cyKSxzkdmn4Rk5KNWvbD/S+rBwFMchsOriYeKUggSpA9dVdJYEdhv8NKL38FK4yVVFlfYXNaZR1OufAy1q6nWTZYUKxNe3WOl9vpUNwHOnknm2DsrgJD83GYea6TbeOKN2u0QERTHHOQETn/GIWWXkLFlZRUo6gHVSsRQFjMx6lIkafa+gOx5W4xShlyIVffidx9rqcvfjkHMQrQCCOhwe9YzylGwTbNDeCL5bgd7TImIqSFYgrmUhkiuPxUrCMSPa/CILsS/6EMc4hcFXmVSyOleOvflVq9IJgIx+hXtP5U0yMsZnotkqUOGczNFnFaJJjHVu/oCTIT2j2h/bVPyhLkRNV67d8D/uxe9uOeyGWBHvxoQeLD0mrZRSWJF34BNNSC0WVTQ+XfdggkOKqBtNUKD++Krr3g1Ub1hx7W91Iy6F/tsaHXPcPFjJtqG2LhuKmifrzbm0jshL8Sam84UjYuSl96Cyw+xA0EAZ6V1Jy//FXfKWDJWjPW4U3Um2Sh+oEZUf38vdrvJt0GY42Tcsz7i2m4cf3EXdn+iBVrlBCKzRlaEmruYG/l6Z/Au6qkJZZQA5RwUoBxZUVuOHOHQgQPaxPFjOeG/AM5l9xsUFUjImOwYR9BE3NXKxsWMlT3O2MucgosLVE+ROqrSLi9VgKEJUJGOIzhA999pW0eZOT9QEtoazOMY2XjoZrb19yFmnRBt9tPf9emAe33HFFyfkqYylpY9khO3dFndgbney7YmHmveSk4PPIK6JRPILo6MC0kDAWxncoUkXwdeA7UawUPs2ys34dwWqn7p1ND6gs/ZKYvMn+WT2LKVKQE1DBcsF8xgwO0vgldPqqm9jCkZhoXWY74yTLeweBjDzIgb3yJGkdwdZyxo5u8Nw8KDktdXqALBVW4EX3rvQrGKAkGITxfDAm1Ehmcsk3Hky9mbY1EwzjvIskguVtY5oRwhBxBhLBRH77cuTp5ld71AQodMLS8PQY2OpGArwnoXO7JpDC7GayX7iqh8jNwX5Sx7/6/jOKsLpxJJVIvlral+ddAn/E3rQ95IthmvANoZVgSSciNdy1W4lIvvz2XdPVJ5VMZ8WmbG7WsSoHCdGmDS/WiCZPZyW8BnJ7zCgwyQcw/HOmMgNVZHdB733oGGvL/L6fC6Kcvtv2bJCm5nXv7amV8sXJTgulPXWzPasgMgFNMF/uPcAGy89oeKaMHoFrgszU+zoaMAdvJ0LztNInP3HjayAmrMKT3IZ9EHtu/LpiXlVlZCUTUkBQhu1rPHbsybeMo7KhxAYMRMjMbIYPGrWjSDIfPzE8uGp9N69jjilUoGFdAOUsQaAbm0xMBc3F4j1dhVARCkWkdLj6BQ797LlqFTEEv+lYcLE54gJ6R0Esbr/tz13Lxsq4dWW7WPuBbzw0jsf0DZmXyFZmZzBt+xnCbsZMT7uFHjk0q1t+BPD+slwaKvFPUnwy5Ur7xYU/+PVKeNcNccqGbnwjdbzpPoTFcE1KlyMpJk3E/PKISfs57wLm0XJjS6TQvk39vBltQC93nl4tlBXrzkNFyHD2QSpJhEJ2H71VtF4PW2m/fcM+JL0/PLPAdg6haaKUp3YaLVTc4AL56BlDl/j10CJ5X8Y21IeBFwS/pIpzt2KgJrk0E8ZRjRBd0sc/X6Iees1Kc8TYSDIsMwGBkiAgjyt3xkpxUX6Z0IfFqPygkkdCNA6igTTHMeeFkXcPeUZZAyF6bAspUG/0k0gGjqQDi9sqv2+6vIuQ6pwJkgaCaZp92wBHdjNaw+8lxEl+uH9q4iCmCgK+8YwOO3DwoCQQJMNS8JO3ZYVok6FVx9pjnRHeJUN2UD73H7KIIOhxvbcUxEC/BpOyQ0zAhAxJW+n8CW6wzv07+eT7W2L2T1ZuJkB6q8QLK0jIgfa8I9ySYd9AC11dkr3N29FWPlz/l9eNJPAsJ3sIIDymErtrjzlJ1+jnBxzZZBwGM+WOXH3v4B6/I3DXVTdsCh9q+w6Txv4VaSsNMAkAGXi0BEL/C+CL3hAye5028IaZtDDadPssPXQhmVzDPmFTTOf2tcxXZvMPKH3BqdKhGsYMj6EsPMt6L58++DVhrEG4Bngq8QcPVRm4E3ht3gZ3xhMLpK0z07PXAuS1X+7vONm3WvOYcaOLh7yZt1x3Hf1MGH//2g8WW2chDPpeN5gGCo1+sywzr1CN2R4ltB9cFbGKg9s4FOajqArYbuAL9EL//Gsp0uRLiVSm3daUcQFz+yjqJKe0CKNTsaPnjduNWVpMdaDwZs9f+RaaqvS2nCw0cHHC8/rPjJVHqMQlGLJrj4D9R0EQw/zzAIZ829vvSN0V5nOWp6iprMu8KbX4Is9orw6SGKwLxnXoLHFgHTz7Nh0ny4GOO2tWDMaenxmRf6cgc6nSRjvfXJ+fxAyIXhD1NtvfSutxqHRdcktQjn4s72EB/2sNYJGUeeUofTRkvbfMhX2BaDldE+e2LxbjHhx4Zkh1JLw5OLQvSBgsQBsV2jqg7x/XWcRCL+thKnUkog4Yw/Qb4zpeiEtih/GdC46HKWbL/inVUbCc7h03IpEHYAVtLExwFZPr4qGLF5ZZNAGFFZxp5VyeW06c+K0/q7sdWptXvpjn3kCnhARJms88I33F2jUVp7g8m2BtJISNjVKSrg62G5/Kxmb7A1xAs4E4WLxTIl28p7guAorAbg6WrR73Iv5Dg5cGlEh4sDw4+VjcFHdLHoyU8aLruG/zigTZqwmLNaGDGh2WU6t26Z9lbwy2g74Y9NJ6UGsqB6BAvyck6PXtnHW6zwJRu85JS5WoP2UjH9uKv3UM9XCCpgjvzc4Vp3DoaPm0w7FobhyKPX8STfvSKzxC38pxzIyvVscbCT0q/IpqD2xXwLnrIK3TEoCBeVGfO7rIyNSA+cQ7fLHT2GTAmpn7iYYJsA4KTPWAIj/8Xpkj4I14WZlsCwp6z5vUMTpjJfqAdSHsIX5ZqpChFKDHBRbWqfcteqzt+7IsamYhfwiAPoJ4tgdCpt8lA6YEQy3YUkHRMb1DCWon/rPt4HIvC4PVoutKx7XOwqMuxs/XvVBkb+araJaUm6iiF7CioqlkS44A5Nmhax8DG9jWtsjry8h6zurrpjDZb8i6uQhmLAUKPJQ/gpCDzFimxX6vuuk8kz6vxFwmW6P4r6rz2DL5e6o5FvpFGMp6CEzZRVD0zFzkLH6aif5O63ys6c1Klu+F/sxDod13qR76rQLnEJRQzTM3sbfbjagQIJmvzZHNKi+a7MIAJI09FAsGInlAOkJQ/GbIpPImSR+Qy5k/Y9zaCm3iW0vZsU7dlH1iouGnYQW4YiViAFqUlD3Uv7YENWd11A5o3Y7atWx+Sjf7EZP62p+meyZGUxvzBpCv4X0uEPyVkHPM+jercQdchYMBsCK5vnhRFGg3nfa9gVutSc1lmXBJD6XNru20XYrTzXFgix5aXH5hP7qCzxnbkqamslxXtPLjmEdxoK/E/o13NC01dLJiweT07doFbvEXUhnTlWRL8YJYSM0NzmKJ1rV8EDZIV0Uy5ofLkXB5VuJm+qHg4yB08e3YhuJzktUN2nuY+fGNopjefBlYxN8ZZ7u79wRwvd6MQBVTiDo8CGb5U4X2h+77MMIX8CBV/aZoatq2gGXWpKNmS+xkXpI5/fSAgN/zK0eyA9RXNujRD1jzzgOX9PLxHAxiP8sWKEwQqkRiNAYLcsS1L9kS3qmcdTKYpVA61h5C5q+SdUVvwyqQXIFJhaMsl+hu/4aWB7Hkx33b3z1GdJsPtjGxIPcCwGJoikT2SWt65oW57Ap91QNYNHj6bb49Hccao2p1+NjAOZznnQ4njTx/iL9kKoPvqMmy7f3rNqUeO9uvTI8nvHuwSGxaZYf1lTkDB1yLl5hELO8KA0svh+RAuUz2buC7FEFWOcmb1JxZquaia/epJ6c3fbt6Rwq3ivxhRaUDzPkVRQvbOoA2V7M3zyReh7La6HheRPjvzIkvFk7w99a8qiJF20zCKPD2OHDI89f+fyxfH5F42gNXU0WJYsrhQ1aUOJfVQ2ZFSkPvyoXD+80LNYMi/MvMDzr3pLR3O5CRWKXfwUvwmywrbGqZVFt/RQ1CYMYWkr5UGmR4oPwCoObYeCSeZpmJmD0T5PYTLyFfj07YcSUmtwOvVbShUkTix4/XEuX+AmiKDa6IWF0JmHoEXqDsmfEPxFhvXsE3/UA0ZhFUSPJf1tcR1HutOEZXhe9eKxHEVXEPjIJdkPn0+K4DKkC8Z6r1d5C69lp2IX5fDN6rhsa2EnRHH9TvMHszllJpECK/UfZg7VIey9trX1MJA1v2E0Iyc3Z78DxkfwmRhuryxBa62T849ho1OXfdkVCDefy5wBb+4+JPC24xdXq/ovwLw8iStbnyE9oshDvjRPxGGeUFyuvkA+DTVFN1sNRVTy9fAnxsmqS6JhZ8q8Jjtz+XBLx/ZbncujHgoy+fzQzio/HEqDQEXKA0MZBZr8vjdYbO8SbMm7fgk1EoWbUmNpofBu0WIzt8FbS9mNVIn6FBdwjMmvgFiZYI2kVSY9NxU2KGOssqJFAL8ZbkAuETdp9J2Q2Yt55ueKc4LiMDTJeaqOmAiZdPf2K6QxwnmJl5h6UY41R6JQUhOzLzuZRyGea2pHA05zfGuo8naZGNOZE0By8IVtgvmcijN2UBdHAd7vndBpO2d4QK58gfX9MX+LNgnIrhFL2RCQWGKX0ITHu3hBuXTZmjDy8CM1/bh9LUB/4Bq93vol/s+bUidnuQndec5Ssfv0KK01egs3vKK4vCRCQDDaDezMKpdEYlMP1eQuEkMHmtnx5SkRmuf/jTtfWBldeb2KTe8JHOpU3LQmcXETwIFkeqq2prngW6P9D+woJAwLlF9eUWqQZzrpQeoYUB0dEf1nJpegtuksZ93iNjioE3gknrWBSrqgZQNxMdwZGjgq643vGYn0SG4/tsGUXvOZJeNPHGaGqJJWZHwLG9YK3M9J2NUgCdApjdcjAyed2vfcfkT5BUv8Cgon1z9es3LA1bobD8GI1Lrr5CcEdiD+cdMdwZPAQS4Pz4S/Aw9SHzi3nPVXp05Qtg2VNyhV3LInEEb/NrWPoxnrHtqjCx8w9t9QuWZgRd6mjbfEBZxI6+v3G2lqHWPGuTM+w5vaOriPJ6JbxRKH+92BYswmA/fVCReNPiHT1L/Pn+FLZTlVFwDx12QNk6dwN7bworq3/tpZo3kC8yEOkG4uIBuU0pz3pNFOgkuoLLXY3/rXudOX2jNAu8aU3rta4MV6iRdWw0gFW5NabSQdloyeqKuzR6CYb0E87M6GIE88a4ivaBYRmQF8x2CfrCOgRfXocuiS6TYGT7ui54X3bPEWIBSSMZjKwPalMVmqGIPJ2lghAMv+Cp2ImJpvdo+s4viNpxMj/xNz7o+lgZOsz3hukzDlAMEWMyigD8Gpn3O9fugdBszPgiLpTlKm8KeDXaXzDTQzkZ5BI9BBDBtIorGBXZi0TTu5vIoOynVQSjJI+4G55gr0WBAM21jZM+m4hDr6Z13LnwZCjCSlSBugGVd8IsxV2vZnIvzhfUvvdiWu2yzh+HqhMrZe3sV+7pmseR0GL20afDdsW89EDAe8+l7aVZns8C4SxFXazZ/Gu3/XbpsKJZFU6SHj1mpdpdCDWCezXvAyPeJKKJv9Da3ifAIY9mPKU3wHcix5ZBfWrddGnvy+EwPeICZfBEA42koMq2h58wtuu8afNHJXnOupo5nlM2qYMgzMpTW7fTOOiLzYadQJLFmWPzilu+IkywxAKN+AoBd4pV9JCqtpbCRqEzad+wrqBxq9ofE1pjc8Ff8YHUXnQevz7DCO4BYtQJ3vkBRoTksF7uhi1sExXAZfvrVtF7YeU+IkOHo3YjfX39raxZqJo6EU9g64CVBg0heyUy2yltcr9tlHVDAYlwwF7WQ2J4olpI6YT8JFUBw+BhXYHGE2zRcf9RV2NQ4PbNgMWy/iSEbyLvUbHkD1+e2PU4hCsX1dVAIdYKHTa6c3lK0hdp8R/AtEY63fScoMehBtadzvIJytPwaFXU0/TsAYSUanGR9f6y1CyOiWl29OUN/IZmUepCOYxo+gvI6WCwyhRdAgaly8/Z+cJGyewpBT0Om5Imf+Gz1/AO8OFgWSjtZ0Kci4Emgrc21zmsahG2ycEPqWgPWyOv+fkHNRGm+yQHm6gbBIZkyf26SG8duRymk8F57yIRVZOyWA9e1MmF08DRBSJwGlSpKtTMYUMPOzymA2gOhY5v7n8o//5ON8ZQGGT7cPMWUa5p213xEsT7dzjDFjDfOCLc3sjqzG4+wEgtVd06Z0uKpyAs8oSDXNfeYM6EcOJbCNdDEVthXjLB8SoNctjx605i1aiM+fiKjyFoDSUTjOZvzyZ9VSKt+Tb+FWWvVxMENzQFr72uARcFPixeM/nUDdMs93EY3u9wQaiJnsQofBcSadpZtbUPmlAv9lPX5jaihnfmu+XNhT1bI4i0JegXd0oQ4XiBJGz1Vc4ahMXq3IniIH0V/Pvz69s78HHLx/ynUFjpBldEffni41p4HdRyiOLc8IEKjgwb3GiAYL/Zy2C9DuWx5lqGES+aysgKOCGf+bIEeVvjZd0whTMrt0KVwmIPHcjvEOG+OBK8yg/w/LFg4nVq/bTX0gjhKl9anTH+LFmWInkTgOmqsvjsFu3u0j1+5RFhUUfS7iHRVYybPGZPe3nQGBDXFaY2+ZlBVCwnk5G1OQTFYzjGrLujEHNtbtPREtJjfI78cnVg1tQE3vvk2OHWQydUAhXJawB5QNg9gEn6cVf+TZ9RkDKAa9m6owDXDaIXWPUW2RByT2B+my8H/gB4xu0bdxdr6nrVNDAJohoZQ2RXekUpDjDEmMBr5qGK1YIJdMnWlulXFD1M83J4+MEu0jzmncB70GcLGmAzdaZdP83IWIcsGsP/5ukqEiRHguRr9i6GoxhTTKmbOMWMr19F9ezOrWu6s5ShcHczcxo3gaLu2YtxRumnU5tP0Wk+9qb1VpQceJJouEJuU2FBZf2fckeAau3mWA6dyWfyV6tF4MSfGyiM6XNbdJYyMsecQx7NhL/YEXRmWvTg1I8CVSfqH7bQixNcGj2fiNC+nVoodnaw1HYFuLeuu3SJOu99VXL9yeyA5PaAICKj/GSerTVFINK+K0YyF0yqq66UZTNSj/MG7jOElgtM/yO6WIH14fs5w7XI4acymS6BX+bgT7iE4yel2ki4h9fSStncKE/UVNDnstMGsEFh3eibmXtPv8CzGpqOewRO/JJOAG/ytgG6s+xV1sLqYsk0s6M78Ro8W1oiNzMh/9x6hssGnLO4cuZVwloZqTr25LW4THFV/CWhlTbmLFZ+825yXDdWA/qncugjR2cYBv9tJC+EoJIuHkN2+3Bif1gmBCiN6POkxIbsNTWOuhbMSu6HBA8sHHoE1DzodhiwH2yzcBS8tJVxZfZWI4xVwGPrkdndm940hL30J3dJVImkPnl3Kp5LPTSF+vPjDMAhmmis8Papmo+VDxdlwXRP9ZevYBNARxQpVkE2cvpKwy9tq4DFSeWz71Xlrcxway9oKJyCfb4Q81oUuM0SN8N/z7CXt9n4zpZhLxkr/wp4vaAKyx3EaCtgXwgm8TZ92SyrJPQevxD7V/8m27v+FkFRrOajaw9g4kWsqllrPH5+A4i8SO9i0oZvbErVl4jWs/PFJoXl+pitgJSiqIRh7VDHg/6Guyf7cgDnyc8A5j3Hd8PTH147WT8kN4RRNVfBKlYMoPf6rwxdoqyffWPjZOiuRPwc5ESY7HuP0qjOvfI+sYByqSN11bcVMuD2EtTflaQyp7SPGT6S2d+TxYRwRM4LzL4iR3jgr4k/evta08ImNDCxyxfdM4jFDIzgGm4+IQTcgv6mcAKEUHSO+AX1VFf4HbS4NKrfi2O+UVSRGu8oMDef0taPJYkmx2BhAURzmUNYTylZe/8RAK5+gnC+nM4xX2orK0A9z0P19U8yGxN8AV0ywAE55HPiM3YO7OUuMd+i7qfIJIKBTsYsztAHsz4dgyjjET8zPbR9f/8te7KlKeB7x6rQvliMkHbB4cJ1j7GkVHjbk+aiaXxaHiZwRAMFiTbrIh+2JFvV753fRCbuUJfnWurxV2TmGsaVOBuj2VvrGgsfcJOyl4hQzUBjcFAj5jmWTNLOBoX6be9GiyKAbJHtrB8+GGuVi6xzDr5C6gtagpH5A9ILiI8KLhzF6Ue0Z/MQFh1FUAgQtAJEHDQ2HCqAS1H/IFNFmNqWrE0zH6E4XACz/1T+8DKN4ERqlaHtGkL7El4eN2aFZ3joISAyb913X0fKGzsr9mBY3jMgX1oZ1Vek86YbJh9o/IMcTLXPkO+nt4Tuh0E31siBQTakVnclfSwToVapZblQ8lJcr0PKtnEqKQzL/ociKUl9rSFPeTwAX6qioLX6M0RIQbYevjvBY88WQsXVFl0GSsYXqvH1+VSfAwKREHY3t0J4hgk/Pt5kcvWUW/b3uirJ7O1MLb1gaS0cuc7+zl+KB3REFG2husIu8JRhpKruLB/gpTRSxWp4N46KG3d0+k27vzFGR8DCv0qlq/MbUU0+IpvgFMZPqOCqu0Uj0FC52Oufwk1Cm58irrgw4BK0DZCnwuxhoWxnqPFmEYo4HDvq3o6+2+1yZ+zUKmoaHCOGqeANXYiFc/SK+Hwnhp5MTge+W7rkRRD0Y+NJDPpGwx2cA8a1PMJZNYswKWGZAwhnH76mMHcAxFtpIxkydSI3VvrGt3Db6mBuGolJ46Nsiy0KBu2T0HGNfdu17xya6c8cZaJFr1T4VP8bClAYizjb/fVhIkKox+zr2oVXDDtbBM0puP5ySORE+vEzio+CBWpYb/HtaHtKkZdoD5zGiMwbnsvkR8h/UmGNFpBEWNt8fVXGqxKayWpVLRItBIwU6C52HlHy2pyjb+q9MNkUVXBZ6gWoFrof2orSTWmgABukrUCZmUIX5CVvKND8xP3ybsPUmcTMKy7Rd2BBVWZRdl1RvkZOAYRO1C/HxGXGiyqQPdXO75qEdU/5TmtvhJwBYD71DwQzyNnvXxrhB+o8uPYpXfxjYbj6KUuKoECCySQiUpIfLJ8e9L1mUHoEZR4A9fE1/dx4/CWtjxzDEQtaGTDEAW0jq0PJ+oyvNcfxIi2TB0CoYXPvo7dZUBy3J3A/40avASmMjaUVJtbkgPcw+gUAus/rEKh1/Tr5GA6b0jDMoiDyOZi1+dOAN2/ecQjzYZ8QSIvK7TKhansTz7RusO9KQkavh5SKqMDetTlJ5o8o1V9ZO5VWDPMf6fvDbiABmC6/v7YwTrZEzPXm7wZcqj7/TZP+ApkrUOEhGtTSpLyPHppqrHK65P2oL/tPxBJrJdwWxC22VJelu5JtmqLSImvXh7O5u6xo0OaUhtNP4O9R1PwVvnTWtPn964GsMFgTI5K/PveJYmImUsqe9CLMlx6HvyYAhK6H954w0K+QVYpDpSimbM46JyAE+Z0HP0uVBMeuqy0eCOusGKoZOHYX8eok4MbfcjaB0IsOBWIMa8wGPf1y//0hfCB4AZEb5ELWF+ybG6EHtZCG8AJE3hbz85BV+14SJ1rqU2YmgDUWId+aeAps9ZfEqs616tU9k5cwhlB7vFmb5p9dRVAB9HZw2b3ExA9smC1TuGyMKrSkUzfjDxLc/XKYDUj9N11bwgmBEvFMTy1+daE7dILP4G6CtfGIbbc8iEn5+WpU88ExujPyb1Csb6hqbbTM2rbFctKrGRGK6L14nTsInuhcuua9XGXO/cHDz+Y9SqXPJoGmsfTEuGFLPXX2JPGi1vOrp/qRafcU//ViBzfYWKmY3PTpb+bmSKcc+b0anlhKoYaEcA7xccBXsUfjDuujTOiJQfhBG65oXlPCXju46lPx3kJznrCDv3SMiPLxJVG0kP3423bmGJwDtZonHecOh2FGThBp+ZLm72+DjevPQbEubkn8pDT4Qu8huP3FZxacYSt+RfmHPsFZ/sa+dqRYaeoN3poNpAUbqvsVKwFjIb588TS21YfRXWKatbzmWiJa/cI6DGPFCTo3kGc6JjiIdDY8dcJdfzWCPonJSTO9lrvHoDaEKntlcYwEej8+lHxGSMjvQhtgk64pwQJFfKWamjKs+BrqaVQ8ijIO9ckjeUxJCmepSWy26gFoFpsj4609Wy7N/brbyPwzR3FD0shGQcbh84gjGZW3+m09XxztL2fx2GKoY0I0Uxn1kd98Zoj+7XhwiJnr0KK9/rGR/j81VGZGRdSrr3+jt9SWTsf1tpL5Cje8Ud2/3VgiprOx8nBvC1kOeAAVZGlocMh2dN/vzzCAmvMRurIqzSav8utHjJV1s+P+0c15AfmVxP5Mz2N8IL3ig2ow/MxGZaozGQsyk9d9BT7Q8dSIpD8kWynyzuHIR/7wnwFK5egpbtdNd5564uuPOWfKo+6VWxlA0hRTcUZp7fBKVYG9fctdu10kn5fsixCSdSIXecgCs0r3VlrEtHpaJG1feOuOmKBqU7MmKYMOv99GQj+mikMTTiBeVNf6EbMtfyOT6AopolhGgKEDAPOs9MANSOOwAy7T1ujNf3l6hvj9zTu/J+7YxW9uIRDrQF9H/sqth6Lu3/D+RXbeF1NCZb74TPGih5f0HjycSX8qfw7c2xbzgrf9fKGiET0uxJRO6kIcHMWP7lwQvc9BpP2NYxbF7or+0GdVqNg0j/E2rxZJg3q6L+NL8O/zU7UYUsOEzLkROSEUaXrOQOF1DuHGHuf+1L35hGqBOD49G5VfK7Fs3fzN6i8N/f55v9+jaeaDf8SdnNCYE8HSb1HLZXoo+QVzv3NkiqSFnMnfzGvgv4Ds9nA/3V2Sv5Ym8cczjoB5JJdTYkWZiPTcJkckvIRjCfbsEGRm+pdK1pE28cKuYx3LPvaRcHNQoOgL8NG2lUKrAyIB7YF8U+A1su8vzwtLbG7r6r+5EflGPA/2G/NDAl0m2odg/3pBuIJ2rl5Sp089Xp8Ub9uqDYC3ZUVsec7uG31/AxsY3GFurjnoza1ewhghBeHlnYTbEKtjBm3HE6Lousx8N0DPtg5gkxeKTp/nvQDaM0BkmcIe8ISk1BTGCs97CVVWfuSOU05JNbmJaTKHVX4JTcXdRXl+TbQueSYQExu74dGKajj3jpYI99WwhcfPxZOvpvGru7ho8bKrtUrAuD+W8z9gRuNjqF/Rd2Ar6i2CTPRvGle39sdJoCNaztVVv7XmjwBN6AXmRu3PzbO5OU58X0o17Ko+JWWHJjBJxIi5PtshASEvyaXFHuWjWBiGmhRnbLJEhXzVTdok5uvI5apDCdEcEF40++11M95+f3ywtOgTKZ1ixP8cf4lQ6vamX2HII55oA0BH9RBAu94tmYR1I7/FZOzo7vtfxlVBSTCYKKBdswGlpCHUbiS54TYKXI3LxYJB+AZq7sCW35dfTkkXIgGOZX+DNIs2PbZffGCHaLkje0AN5J16HokzHVEK2La0KqTFfUsHpQZjyadE1e9tRg6PeDl0f5iiwRyX6J98WUY/SXL3eU4+cPhrudEltpO3uTwTjehl0YTrti8903xvLPnNdaVR0//W/zH0UvA2fP7mNeAhQe3XLteHoSKls2vthSny1AP+9ov5bkKnI50EFnyk4GWaSAi+hobD0JGcXSBSPSCvgyP0CenMx8nQLea3zv7XLxCYJNgo9zfdoLwNiZLdNuHdBBYJWB5lew4YrY3oMefV6yExeVY5plKnbsLrNi6+N+6yZQoGlv+R/1HXuE81k/uAYy1sBSpDflRHf2Dv2YGH47PcnytBXCB89RmaasTFVW9jgYcWals73m6clPRx+Mq8h6askZ4wQfHkKptDfIwHWPwqgluJXQRWEH/jdOtEH3aHd4wVsLva5QP59yu+bDNvnXDNM517cbqHJ49Vtcl0I44hkAsEOpD+ZGSCBp4SWnq0PsKlrtRe9yavjRafHoATWm22sFeouQWT73GgTksb8oMYxXxdkUTREHgLTZMMvlAnHQTE+L+qAcL2EqQN49yEJNug47Qgz2M8Uevo156qwZRb8Q2iiv5enumaltOgML82uvXsYMo6PJtoPkLLodPKjAj6Zf+6MAHz3uEGCeCAAVWKOmwcmNLCxaKpvyY/JdVeV3l/zMfUMmGpgs3oceOFSI0u1d4xjmnEquRi5+bnajIlOQfGxoJmiq9cQ3kjuQ7o/vSfoe3pKNl9B8VW3s5K0X5JIcruFS+nnfD4NvZr1yPa75jiQnjVEcOj69dVBqXD0NlfGdnLSGdLIw/lSNzitUZUSXLlc3CnEf6t/c6kSos+HwZIwXMCUGvALpoZ0PKTwKP5qXGC5HoSuQfkwsiNTZqVxLXUjU3oDnZtxwnkQr98iVy30106LGakrZC2B1iQc03IT9lv4Kv4v+VnX+coS//3QAdzMrb5UooLcIxhevlZdHsZtPa1iyvUZUKx/Xj64of5QG4AaXR/mxPXtEOKMACgIpqfyaeYRv8SKrf0krfA8MZZrDeu4ZF8yDwZWbmEcDNqse718W6crcC6wIhBUcXW0er1FH66VAga34aqPq7KxGtjf46PZ5uyNKvKPMW03aBEhxx/XhGDJ4jqhaS7psIOWm7oz2MXm4+gujVlle/WK08sA2UeLsfHM/tS4B/gqwgOPZSOr8Qx8IfNpY59NlNyWEMX9TO/x9vFh7/Mi6yHHUbTgkq5C6ukQniW+ECbxCbt69rwYA8Wn3XaknpBnCHsmn4BP8NC6IBtD/UYqSfoatYfqnJtGNwcelfqNEuoegdPX2n1Ez/Xs3z5JTvLqzZlme401eapUSHXf/jyK+RirOOq9uv6Y/j6QVfMiQ/Je39px5qTfxOJ7JdzOV8v7gQLS2TBirCk7Ri2ndjdOpnSAJI9nLdJNwpIxjYO2fT878MKuxEfthM6W2TYsAdieK594bJqeH+/fsYRRjssad/YxLW8KE1Ah+L9x/DX63EQI94ekfh+jywqXFJMQV1gsQBQxd5fWtxAscWan3+zdoqZ9jGDmJiYLOhbWaW67drffu1EJVNqSP6OJ+CS6Ot4q4W2ZGY3t44vsP2zQP0aPbBWdzmbsjJNNWYBlZysxS/xrCTEZN9JGp9R974oRZkO2jdHL6/Mb8Qno82ie63Nbk9ePotQobUe3P2TaS9vivu+oRFD5lNQdGyRJI8fSnhN2sPkQmX+m8vb988Fx65hwQNbay/EMq7t+qJ4RE2wcL5UfJh32k9+6Hp/HXJTM701HBoK+j45rmiGgp+2/yVgQppjYF/HFaWnlOKbdsBftQ48VVuRxezqcXxvruKN6MlZv+F1mwUChitOmqahTWQyPCMyM5ozqvc4G8M8UePId/MEvbcvNvk5qUScBA5cdBZRWV42Q51p8oa4kkuJA4pE3/pyXfNV510g2tD5yMw86oe+Cz3cwxwSuRJjXrgvTjZuhUyfbhTGLsm99CkPBM28CR56QeZi//n6pGLppvfNOYGYNVfhMctj24mqO6UlDwPYBPXNMuTdNPPRA8IEBo29pvdv4NgLaPiNKxlfRUQFMWxMcOquSkl6KVMyBs9bZwwK7VlV/TwE2UaQA5+a/VIi4K7ciUVZjeHhF2hLceviG4vCUXz20M/wAUyUA/vInITmmiNQy9YTSjn+keBgeIF4kJ7JhitcFOGr6mDgk4jc3KEgogK8rgA3owa1LMibsNSVD8jQluHneHGxwQ4DHnGc6tgKphnj8mcq8fNZW0CJPoQrvKz5N+Rq0TVc0rv+xqN/hUPbC/1DoLLg7gHqLqS8/r5k9/hLk7cHOwoR+z0JrgPSz7gXImvqh8pxNP+nUDCGtwWqpNnEKV2aVl0hW+JCWmCXASZq2KKPLDI0rWNM/w3Ur0nhmFxYX5x0FlIy7R7FFb+Uzdoxl+d4ENYrjSbib6o+0igosAw/96BDL6cFSHCBG86HxIzzOdr6HHrUoLJ0NUNmkSEHti+zX04rCqH70VKpa/qXLWWdLSg3tUachMpfaVRiusr+sF3ZG1xA8BdmMTLLelYd7VTa+1cGc6BtgJzhmS/7k/STRJQqQFpivk8drvE/FW2kzL71I4dS6s8VMoRSvjail3lmeC8Sh9AeJYpPXrIVTfkbDnwML7/XUjPpvM1/6vqyrv5Do0+hiy653oHxhXqnEJ0NyGvu9SnP9mz87i5dpvgd448QxBHOoS9rr90ndkYYKfBHROoL5Dpw+/O6o1OD4a/ElMUK3udcJD2kePlL2BsCXAcRxTbq5wgVLKwquBXh7XncNH5UFRWmTj5mqhgWVOxyIir0iji2jGN/uIeaHpUitdZ6EY9mtOggBSeBG2v3LGk4aIrZFF89KoUnuMHaERL66esi7wpVzLBaTuaJd/o1tKH0WXEm2tLtBJjiAYZTWdrdMZHSdJUlSjDrLca9xk70J6Oov3JJp6cNFh0MEtagvCfO8W68T/g3Uo9UmfA9mOEelPsZbAESahpzjLRQ8H0CKNN9Oa+SF5zbL35Su74rzOZSuI8IuwqGZy25H0JU286u5heGFCMDMnNQtP113WUg3gOCebS3yVNRx+C5dQuVle2BOuzWx7hp6hsWBtPG5zadDg4JeoN6/peGUEtaBO/AEyQ4bNF2VZEzO4DteyhUu7nZvr8dgF+0646VYvDNzt63ptUqhz5XhryYL/pbhdT4kjSqMrodpjkxh1ZU1t1O/RFO0sZOuJkkUTOaCrqFWdQfd5/F5wpRSswp+FH++BRQcLlEIR9Dp1ND7E/QmWSAh9c++TN6y+OSAasG+SlFgz9FRTVhlX4B5jLCUp4+g05Wrd+YbR2d3N6MXOwc1SN/+R77AIqopd9Ab9QjIpb4zsAzl8ysRiWIwyEBAyaUlBCdnfNtiuyVuH2y5ZEKS25yyqcqN2VBCPh2sv6103RQq3hyIU6JFk87ZneOvThbyyggyGX7KK3KoCs2e3r44obS9tPo8jHQn6RrhtuKLiepsdH2it5XdmcT48vRl2lBGeMq62O0gyRIXFCD4m/d/3fPpBbHfbmFBtAc6InbgBEHUtgOeS7Q+39PfTlO/vt11k9sY6CUxJ7X6o/GpC0GSrhT+/qqwcFl2rOrSEhQi40w6JRyLZHs8Avuqb20jLWWVfGM5iABhX/i0N+/M9WiSeNLfeVTV5dXsNmwtCT3+xkwr9db9I1Yf6HtZPHmB3wON3QrNGx+pYbzUOZeLtQP4WEsSu6dSkoE3ZJwo1Pdz3WJisFtivm6/Wv37IOlyFEJQTIHZroVf41mIw+/Jnn3m2IjCFP+HPzC4mKdKGaH2GQ/UMbWZ3BKw5dJRvFUEEFLMZn4GOULmqRmSy/qHLyTjAbAhWzUQY5klpCRG67R+ABTSiHFlzGG4peJfXrir8Ttl6CV5OynjtpzmsYBXMgw4n9Ws1Z0g++nOq3mprXFQCfG12//LMZKldqI9B2XyliEqiD8Dvfm/V1tH7wynZtd/ix9T06g+EE7pEVqEs+pgKhHKoXUMik1wfvGp+gLv93bOU8ScQ2v9d+VtLLkkcyVKAksVUPyHim/i1looVAKfAAVR7kDfyqeFkYZUYkyFtq2JGgUhWhXIOSWj9Rn3gEXAZkCbJOCKCuLqwYaFFKlWYw0tf/lWds4hWNhbFFsILylDyOr/0aUlMUA6VzwOkZBQq4JvZyxwoFOlmAKjVc/zuJ5juv+OKoRP7oRfmHbX3rnbDCvKKE+QoXSinIamkVmuMl2mVu+ffIQQit0zVRMf6/fZzxyl6FKnj4sBMZ8kU+kCq9WHq4TrGf4ysUf4OyIOePh1NzbEcb3ojpLCPk4YdakYzxSMdsuiaZUeZPK/B8T4k3E50HwsdMZhSY6PKkkzEma1PcQIYmlmIpzG1HmKHTpEiCWgOeuvSEYoG7HMEm8SEnu9TuASIM//EQbOaSfOv5iZ124g0dxRKfQDuyVjarN+1TaRyY/OBKF/eHK5De0UnDLtEcLQ6xXlSnQcEuPuDxxYmnWoDllF5f03L6qggvfnjxGEPZ4HZjS1166gQQE+9e6B7QruKbE75XTLQhsrvfceqaI9AMCQNJj6eud8mjUr3NMlOXCzzVr3b+uCMn5vn83egBeRhpHCMy7/n63LabQ5SX/7087wh4CW4ub4ZAGuPi6BIwkJLVBDK1PWZ5yx+7X0HsBh72Rir/Bu3f/PE/ehLyOu8I0F/UkJdyhnmn33W27TlWq+9sUKczzzGQoQaDQUBM/x8iAwSpS5dp+re2NZ7oyzIkNyzTNZyu9Hj3xIx3co90rqJbqR5PvX6KgZgl3vvGC6G/smdENVlLKbhVtoCakI40o/4OisCnUwWkDFPdXoxUB/Nfz9KLHF/mI+l9/D1EKs6QLLldxDBBSKCcs7XLG/SsE8fzYG3GZEvqq67B+6rmYNEQ3O7jGzpK98VzsRCbQvt9WXbztZ2tY12p+W/Ae4G46okTq9DwtSAm9TIiN/BEk6H+I1CYOuFdc/yUQ4/W46hr//ToCYS1v5CjwrpdYlLzHFnHqBJ1jhAaqGecVYoqgB9oTKGgeSfxbT51LChhGMTA/0Q7O0C5vIM7BOncclzrzldTt202/zp4kNawUXcuGqK2dLC5Iojtc+mXF6FKd4w/RRVSVOtZDy4gIgcWzFeN/dIs+/1aqYBLqIvETkMk4uByBx72Bqvtdi9NjhATbF158FkVIIeDx5THpqm3A6UIpKBTLrB0k6s4vtIjUy80E2x0ysNuLhdq+da+xR5h1qYc7wM06FPQnJYew01XfQJRB8bu5e0QrCqHgwPO9P+jZEFXt0ffU6H0eoqbpo0bFYED2QVB1qyzip+2bRP+9piaIZeyOvuZo3+om66XWZ+t9TuqgtBkY0/29cXBhrCzBHgWRVeRlpfClUuQ21ZgmOmzoL3yBGvkZUWjWU5L1xacA/2INFerrAafMEfyVxldQKYoFgBGhOW95lyrtJPGS+6QNCn4KDnEmP0hlJ9wX+Sv6fgwMPyz86C0YRE/d3qjAb1IYKAw+ha5+3Uxi/kAFjcyMti7sd+0MKdVDingtdk2VLCyF415OEKddZeJTzV2CnOV97LMfY+lyhpiyLdO9p3N0/Xf9lL/2DnrqIqdoGucPB4m38aJ87M9S0D1CByndlXVp/zV422rs/+0Z429GXV4IP9ydkT26z64BsKsuCzR09GNjhRwm8xcVpEKdz4dxAAZA2v3+VwhwcuhWf6oPYbBjWadWKdUbKnz29ZTpIg1SpRul1F70/m6h58Zl3gw/cKGKAUIM4Q2pE/pG2AQMPBZJqGKD+aNeuygG9efMOwZ1R876GbHNNV4Cnjt3B3GOyDEvp0fSd3vBMPX+7h1Oq1nRStIkR9rKWJH3u7V2SLFUwuGWFiOMHHTawfYXmh9NnOOkQszPHKkqudsV6qzo756v4I239muH9sp2B/htojZejTXTe1w0ROpJWd2Z61phE1Jmv9wlTIOq4hh1Dj9+olF28n9wTnM8VX2Kn9LMk0IDlr44xPbziEcYob7QfvpcscNKfllM3pc5+sg2cfvtRlWIvzyU1SVCUsz4frFKzN+40qV1sKyTRyxj5h8CNrv4bvBu9A0Dj4xiSx2JDl1PHTLsHIOOukKJHpEWNG9P33KZH4KTdaDwe0KbsDnGtR2XLD2zH31Iz8BgK/yL+5qmhXXiux01L/45Fw3dq46TvaExsNK/Inv5WMrWB+4py7XiUneBEQ0FxhahNNBME7f1Yz95q6vOYBzNfc19M0UL7AhHEKOS+bvKZfEioFMR1xfz52WWbTJD8NpT7+ivnKVndy+Eudm/WiD/7lG7n1JrROQAIZdtFL4EOIJKfrXxox0niuEWEtk1S9Nd0ktMDbvvb/1J49Xv/SW2jG2r6+4UoDSqPKRkkfuTBSpoMhz3/isI1dC3mXoi8Ko3StLHVm9pDwgzrmT3byh6TRqs9BGxPN5HQTvZTafUB02IVJu6UaA+EfPjyGEJBxg8vyHx+sTvmZ//bTbP2DVS42FuMvHDZrFLyszM7XwuUjrn2LUh0hJOPuwi2iW5rWjwvPYsSmHgihAfzAJAFd1da5N+g/bkv1a76jdqYpsqabAaZGO6l+Hcn1TswOw+ELNrX1UHmN4y91qeEgrmLqneOCHdRHObzHMmfFxzL/nUB09N4rOmasxEzYy5P4fBLL5+aomqtot4WlzJdWC6we2g8raW2HnT6KTOSB0XOyVnl0QNZNVhX1nOD6JOuvvOf7QAEpEn9DcTZJXBjEEWyW93PrUSv0VnkNRLNwYzLFsrgNss8I2FJE+Bvi79MyIZHcDOgMLvI2fPKq83aSyhxKFfgoZU6AmMLzk4R219+5/aUc44bRn1xYXV6SJzSe4QG2u1SPvnDCBsvhJUGuw7zTO4Hy+lo72LE3PGx07lb90i2dmVJOCPDuCBe1476RlclP1VNnS0G1h9GN8ktasK3gvq7C0gfUg/4KrEW8DwxAzP+vWLBb0nQQT0AjWtvw2qw5Gi6TihmYAV8GgQGEcK3z+Rcq4tnJfRkQv/FzYtrins6NX2YXEk/BQnuami8tE4lxBEdRXD/aPuNWif0VoevFpkewNpgdDkAS3MeH4Z7+ZhFfdc5+QoeAARTzFl06Ft92VSHcTEabagSymhIB4RApVTzs+FNsGKyu74RE7z/usa0rjEytg7FtvNtJzNvroea0NGPscdhPt2nONotsqAiFmoGRkqVgyt3r5+q5cqSJM8luPROe95fh4IullQKZdGL4kqgVIFnzXEpxXv+WImx5y1dOMUkzgduBB0+ZL27e8mDCAdQCCS5dfSCzc6a5KpfwP7lRsVpcY9fX4CKbqFGcDYHKqJzlC3j/D5re1nKRoTw3UvxvJz32rCaN8zagUBwaBicuY8RJ6hM1bnF76+DjLrbUnLSIPWqnsIYF97AMPd2A9OkkbPB13NvP0/YOkvtYH3oTOcO4e0RTqcPKuw3rTPAucGX0FSmGAi+scLq6VmCx61Bzf3lc6P5WUhaaUJAArK27baf5YU48XWgCU3JYCKKriBLSEiNpbDI18Sgq+RyS0n0ccIzAJF6uiX/6cFcHz56IQHrQ+eYrU7b1ClzR1SfvRtZ500ciErW1aICwqHYCSQOXRDxWFernIxjPVQgj/OCw14ZDlykqDN6a0j8/ODm+X80Nb7q9vwAO7KkYZfF456+YVR9fOGtw85cFv7i7UejItnd/2+dD3lVprIDYLUKA3/Q1c986kagjq3z3wLvutTjiHCcy5Z6f1bGr/kiWn/3i/fEMgfyTMwVGMMf/LnZSkwfmyNjNdb6Vy/GYr4UkmqSb/uvoRbZn9PsdQHM0mNbZdBsRwbbN8GsTmTmQibILF+zCxugh3n/OthxI6VkzOY+hRkN2QfLMvW/b4Iww3/NWGvuZCBInSs71UMn/uvWTUXtcO+9/7hY16O+oeI8sS0YPtmnAZpB4dMJi362apsR1tgQfJIIMnfXODOZZIW8gpeYSPHly0jggBrMxoQCm6bhwEUEEaiMPAWW9xsgYLdQuMGMq0GELqFlTU5O+oBHC6NP7RbY+pnLba04qZ+29ZRnY0kNLuGLwqXrPgXVX00wls6WybMyjs1bWNp9V/rcpvMn+/mwHGlTSoOpAArE/42ZatwskZ6tMQCvRz4fJyi3oP2JuCpWUNkbuZPsRY2xkpopuKVLj6ADsXwXenievUZTUyxqOuNSi8Zwkd/5SgQnVl//iaHH5Y3Vdbk7wHyWMHUm2E+KN/OFU9hWSxkBumwZAXSzA7Xd10bBAoKPh42ybTxWoZqHdFaP1+9D5Yk4O9igJ0kOqG6zyCw1pctVGpmXwuWievcF2kcmo6VQeE0p3skn8cjj5KE0hK0FZhp6JPVHTj3IGJdbuRS4WEmEtriRyXGgF196lOxWX5IyPkFiPOiZHgotsDN776rvvT2aRMWJObWZ/jrJK/smORaqBcFEWgTu4yo/kHwhJ3deIENYe5aL6nootMGICMEV1RvYWbdQmzrKgFl5aqtieMQvQUtOpetAvcDvxTc3yo3mFPKfE1CR4bEHPNxnQ0mt2xZpYWRixxTZjDbIl3VyZVoMIora2cRC6w/pYDNsUMuvM0Nh+Yo0BAx/8bqyEZ87Bw/l6z3Bj3MIFxdfWL+Peqw+fWcXCXFNMZ/yuoq6yWqOE/WFSPv9gvCZbhv7YvLlSkZ49dIJUbgiEZ27oQngBASiQ5s0HZrd4ggzM+gLqzQud7fnBOdREPc+aWX7Bg0dkoaHwjM35R8kMgXz5ZprUIlui/4IJD/lhcHZh4YzPtgdfCa07px0zqatBHQ/aC7Gfzm2Dgi8QbL2GjDlmI/OVbta9fVHFnsXbK8JjCFSuiX6oZDyiyp6O7YbTXOVPHwv+kxLY42wD7U7GR2Q+5tMHKHVWbdXIwZfj7AQCZ+5PJi2lZSFbyXWqIjBgrevK8w+4yMIus0M3nTw30gE78DWP5nTrBSZsrHeE0qQi7Qwwg+V85XyVNPGd/kFUSXik3aJRXCC5qOISqkv62rDC01MlH751Zta9V30e+4gt9hDmZ34RH0huSbfQ82B77koXAZn21IIyvwfpGe4cU8f9zQe+nm5ygrp9ol9Fi8529VUl3D9WZjJGjgrFKQ2mANWTndr5201CEy9Wz+tUHzA/rFGCAE8K3DyWIQLuP3Z+aooTAgfziFhlyY8nsABZKxM5/ol+5q+FhVFm2MuNYRE6d+uYgq7gb401nx8o1ySZzK4gAirVUvlOUrRjX+NyckWUC/FaSKsOvlg73T+Z25p0toA2Lwp2KmRkcVIb4VNrGZ7aLeMV6L4s7FMnl2XtJi43IijaAE7NeXxMq6OAAzfTxBvqHdKbOr5THGlR6hscO9Mt7J0rnKrg0znChrVXGxPG8MYPkPQPbD5702vaqzcCgMAihpcsACk5HiTt9GTkcM73zSnSVjPFbC3Ej+6fgFZRXBlxwZ8S9pRZPe/YChKyy+U+aBpdff9idjt33LSHKGf30ycAQM6Nh/ufuMIVt8JVrDaj/qIDnHx1cVPwS0leaPRK8+Nkkz5phuxXMKKCnLFQ+7lG/fktpTDCnD9Vxr/xMIYUBf5G4O+9lx3eug9DdOfigSH8sA25JpX066Ass2RZlI5zx4cE+l0svmsNaVZYQ+5QcwhZJV/OpDvj4sOzAUEcxh2nxVlj/CHQFZNVeTZYLeY3VySmjVYrznbQD/kC6UdvZWdLJFLPs0CGp1V5Ja3/jwwkPBIaeHXYX/9lYj3y+vaWkoZEXRiiezLs/krkECEsWhJhqYHWRSmSoEcl16UEazGDWhcH/JeSsYxdSfJ8lhMMsdYV16aux1lQw6zsGLV9QHtjboHCeQzdrR+cy/ppH8WP49AD8supE8UsdhWek9u3Vd0+VvkaW2VVMl7JyQY9zOWL4JfdXLGnvw9hpOLqqh6LdIfng9QNuchVwoCBDr8oA5bbQufNoQ0byDSWXv8cd6Lk4vmkq7IwauSv/aci1yhxitxTfgET4wH0xaPB/s1ipR4HvZrETfz1dFKwIUNd52nis8RX6gw/d5r+HqmfmSPx5oVn6eY3gUeNsybb+zqnFLx3zzUhZeAbXG2XIu7chanwXoSXjM4E0Z4I0vnLai4n75KShqbxZcfRnai3xVF84NawRvUBTn0dWh+D7Ih6S81MOOxuXZXMY9ch5wwS4/ux4S9Esc+Ma3idahPvKAk0unhMbeoz/xgoP2kk7k1MCb0wcFaw/Hdj79lmiZCYG3+ijAG91FYfEeZbdCZapq/tpzTk2+M68XzCYyTfZLUariTVWtElDfXqUOhs1t03ZrztO5PAmyosmH9tTwyRRgXtTZ99M23YKNhRZAb+Pf8Iq8CpBbVU0kU1heaQ3SHRIQkdrA5tNTLg6tgItZ+tyLFA+r2Kpq4s7T4KRcQYUo17ALv/BnaXywm5Sb1Vu3wdF8SHj93w/Fra9JEutEUhHK0iVBkzOTEtxN1B4qcV47Vu1KghBmzExydxF7p5unxYGEZNW8fbgUxni3zkmyudRQHkzXXOiilMjkCZO4h8hSbnPDn1uepimP/Z2d9LLUzatWVay+y2Wn2Hqm5WsEKgT8cn9kO/3761dFodkC99J5nm/Xg062W9pbtNDGFRapKNgpnYM1WyYzx9ui0bfsLkb1PsUO57fF3j0hPUW90S7IFPV9Dto/DkbCtBeusMTK2SAiU9qHDeDjBQ6k6n9gnZ899G92vFB89zr8MVaNAjWoyxFABP7meSaps802fywWx1vXDsi12ID6c7EvDz2b3Fj0XBFLBv6F9sBNqcc9/7yUVVQjnz18XxkD91WqLLfA+5aKd0ex7OSf398SoCz2eV8kklk6P+brxIKKhyit7fkx+X1Gv3AlXc6Uc4Sp7GeNtacz4B57l+oQUuV3q3ejvaPXN85lb0RDPNDnqemn7ebXqgmKgFoSIx1bN/Vf15Q/L24c2Kirikep3ocwhvgOPn6/os/yl2q0og+0XfCvYkZM0w0Q69hiQkUmlIYqDopBrMntA/ieAm0+ZoWXvpqMwV52Lvlju3+jysLVGWMsEET/JnXxpR+mfhToAr55hC6KMqiQGMw3onlNdPu/SgVVOqxoIvco5Z3cZf2LjR0/ygO48mWkj1xCrzxHs4Jt3Tp5cQ+PLDMXMcark4OOsiIUmk78Ro/pb1pL71fsGZ09N7ghtUGO5sHep70WEb+qNneRDdZhxNSVGf6Qr7+px2naj7tHLt35cCHmcWHt15Wd0Bu4oc4V/M3PHdBYHxbuOx9f6ycLayzYPhVjf4PNcTRRi7+UMh0231EJXuQTGK1z+JbAI4ptzWWBXNDa4V+XuRFYT/LRiPDfZjPoOt2/g3MOQNNC0moZ7DPWi7ck5Q/dC8FWvyBQZrLncQHoxhxs7uHqPzExxc14YwIWDkaGnLWLivCpxydLcW6WCPBlPMJx0/pHyoOd+23bzyo/Zh01uBGveZFBi/8y9feDLpkZuISsTY4mktRrcprEOpyY8fOo2mX6KcHOTEdVGRqoHL3vpSBujZpn+wPYPCxlgdvkXJAdSP9yWFV0dKeMBeMP34EYIrDVC17NYL7mqQe5vb8aX9Znk29shrQPgMc9hYfLv24NbXadpShEzqoBztilqNPv92szlAOpM4gNc8AgsXNLrNrkB0gyGQRyM+d3o+4eFtjYZXakLnbmx59IHXXsOLujhzukNpIacOUU/7fM/pBQ1f9rXn4aKLxfMxFyh7GDOmDdM3N84Ikrbo2i08z1R7OyIqryjq7AF2BhNcvBZ4VXFDp01apUk70OlfK4F/mQAx0wqj9w/TRIk8HOZab0OLolNswxA4P+OkHIZZtHL8FDpJ28buTz11uPjWLU7gpv5giiDRObTCgeGir6K5+pu8SXB6SbeB/7E4wvTt6iQYKrm5I91U9shqaqMJP9wtuhvOzmOdkNzSqtQBRBTs4KZ7mtQoUoTSco5YcpSL1p7nl8j+Hg41vyBJ5hYb/kVqq5p7P/SzHa9ENUPsMvtF0D+3by6EZHm4yPoyhLsyjrLl/Y8ZPJjomfICSKjvP9rfSSykHa121FuADe1exXUDabt03SCOFZCncJFynl3v4GJQkPghJu5YaXhkOxVzYg5e+cAbIu5lffJSA61KTmum7+5bUdQmZDsI7V++iZqeLmlBYnKKnzjBqKUi/MCYq+tErXRSVXA/AaW5j/AP/mNTGma22QYN3lpakrlHwGZf51HU52uccFSUz6+gI1ky8JD1+vYh7/MKpwnp+NPD8qAMETKg03ZSrMQ7dS1L3mARRUNuvglYtEMtexPfZwq/iwni/mvxfS2T3Va8ul7n+bXS2scOiwss+XVdZmpE+m6hlr70HzOOHe4J6MYCrufXJA1qwkxWCJLlJGXQsN7mP+jSNyjZ/pnL8NaZThx6RnjjjUhs0E0fir/wQQzHDJT8bbbtxuO2iJa3Z/y+ZZ+rC1+xz8diNvdeTpaOvkOpm0v5trOj/gyvaDsSA/2r1Z/WCEmpbCyGNHLlP5j8P12OtL/IvQLat9Ji0l7cQsbeZzPHMwJMAdqw0ikK4Ca5oUYZ2RqV/XDRKgcn7vhjLqAE30k8nD9MdODocIJSysE/xeibUE0qx6lI5ch/nFFL90Zz8as8ToLHKiwPhfKL8+miLjufadjg7xrapyx/gcxy0X+5eg+MlKdueJR75Y5eECeeNB7JLL+tQ496P1A2nrb3kKBJlxrQbVDEL5ExHmUcDNIYWbYyh6v6deXQBCillXeeC8SpAs+WnKUM+zwwaHFTne2V+nuH9Tzm/V2zNVTJLPLgT9P8FvhjwvdRbr6lUku2eNR6XjRQa5i5Pn3vnwqQ/0JPL1MJboCZexRGl0BEXG6sQuDapbDJ5LaMvAQJRszbP1d475OinWb0SKxzdMB/xGBYR7NuEez0kZUNjF7BBY0cMe7ZhQou56zotgNDymu0aBFT/gHFRA0P6u0JOOiZcj81/os+CsFbOfIuHQ01C6lSsad7qWW998gaYYT25q5RFIwVuZPb+2PPOYvZVZsRg6r9cOY+J6d4xqtVuXKCnfe0BVl92M7A6UMTtJSwXKH47e4Oj8KbIZ7tU3Q6EwlMIhT0tsb+uWvc0DUQJFdBYM1VSb1VaNxlTQDzbQ967Voluowq5OvGRpcLmLvzdot5N/ycGnkCW9uGG9u3FaGcdx/9Ks1JwvFQhw/S76HN1np87pzDKAlxH5+dbZ8QwbphgXtBj+dOjHRaj2x0AZcCBN5u6p9rmZGs2H13U6JJcORZpPJccaJdd17II5QFb+uLawRB2DQCtMshnK/yI+sIlsQtgkxX+qTs00az5K29PcWKHkEVevC7SniUhd92E/WMndUBLilJj55UjomGct011Z2pIT9q1Twe5YL77gf1+d/BCXBv9On9FLHYgt/PNvDLfwYH/T5SIS+32bYlryyrkLXAsSj+dixWjHgBLirxYUjqvof5CrSnqEJQYi72f7cgy3kG0wQ7v0axUvSfDFbOOiKmOZZK1DwiyEKvu6tVrLUQNK8/1AvlkmS0UOhQerCB8BVwqUY4Usd4/OuRWmb1/k8tN+UZplhEJoo4Af0NGvWzF93F82kMGzKyyEtHeTQ9ffatt/2WWvjCGpYzNYUwTYY1R7lOZr/ZoAhAcZs5xouxHKrxCbda+H/m+hMPRj4l5B8f6zL9SLPK+M59R/H1cAnYJttJAHE77Fx0Y1cf7U5/dFNKuWK3p7fLYv9x78qtByZf1NpFOi9ojFIXNaX+xi74CPzGuYuBExLyCYjmUyfWg7zslgUVRg7K9PkgM+Bfm8rAkKtLuKTsfxO55UjbmPIe4TRHmxlEodPE5K0Yg7Vl+aXCEkAYiuDzmgeh5j+6VTuHNdRt/5SzGy8PpSU4OUtSbesuHjpdi2V6pWO1BxlT3+A094K0dceJt4qs36y2T9mbHzrBXj++tRvgme67f77S+uFjBtXfLir0eTqakMH8MyxJjzotP9X+auK8tRJciuZv7x5hNvhPfiD4T3RtjVD6nqN2uYPn26pSokkszIiHsjw4AzKhCmhSPv8eWzvtWlJVAjvyh44O6JE3a43hOTcAL5qydje/M8vlCa4ChpC/NPRP0ZyGU0EasemPlLDTiY8xey05Vb/orm0Nz+fIgJj0Dx8A5msF5K+vvT+d4IrUso0V2Jh06SgBAt0Ri0LLdIom3z8zxOoaUt6VRj7aA8yckLbIEfHDDpOIhERs6NYnlx9l5puBYmC78bo3r4bW9HBHDqJoLs2c0Wddwbjedmftcl1x7esC6y7F93pA+jlBM1cdviEQh48ivLP7ODzfAwFGdO8KDnhk9x7UaLDOtF5O1g4oa2Fm/ckaZ8b6fp4SVGdInUBSkuiH2YdA3XWabwGTcZzQ7iijbE6C8gn7H1a34+RWmXo6YtGEJj/yo6FPDlAMdm1keJvmWFtKx4jkVcjPS9KFRKte8qK/dauL646/IKqOQD9b0Z4avRORh4ZRUg77l4BSBdEGx1S5tvv++MASsJ8tcB5Kxfgzj7JX0c1QlLUjF/Mgjy2nX/ZrA7Ozl5zx9u6J2r5aoxZ9DApEQG0WMpW7+/7NZ49BbBuUa/bEVCZbSaZGrosK+MnqWhMmU1cd3Lo4fjrSVlbNbpHCgP9eHCNXY7qS+6YeVFn9uYjxhVnX19IlCil3XplSLgbE4ZWMeTRe/WjyVZ0zdC47OLsuX9QoV9XIJlP+tJU189ZSHvpro7QmQsNdHJtHzB2+tU9dib6jdPCwO3XMmc402j4PnxUHcOF16NS7TcvKBqLgr7QbTyrHGz81pt0f8mqfbowEkTVsUWTezbjg3FmtfO4yTft12ijGV9dnaBKSlw9N+zUprBghncdT9id0Njr1wwdw6knaLiZwekSJQzrpv3wrhc1JcTlmmLKlLT10Q4DvxQd9Nr0v31pV9Ou1j2wWwN8CO6tcWIES/AlQZbW0i2mEdqaQTUIOPOLQ6qb6Mfdw8YW87tmWCmYWtTSLYicXFzLW/U5liLF9Y5m3L0Lv8OlXsGTvHPV+8CwDB3e7giPxzLtCpx+li3DAaRjZhTwriqMyBabzesarqui33IeKlWcKATcHsstKg0mQ6/vSvLKWTdcBA7Oywg+VwU5IA1eKw/ol+k/xdygV5gt4KoPUwmTI1hx/jrIkkTQJ6Y9BGVJPZDcn8uIF+LV8r9SWlWpTrzqeGV+ZWQD33GKOa+5mGUgMqHJk/rHIxWv9dWHKmQmtoFJRLlCUa95V8xObg7U1Yfztcyyb4WnWmuKnjfDVcNi9GbnSnzNg746ADUFPMFdshZzcvZu1BWEelUvXy9HxgI3MLGrWHLW4Sz1OC4l+9nu1e26U4ULDAyR0xvVSLV/Lot/A15TW13hJb0pSplouhZe2UTAyrADB+jJuusx3Bgb09iCTYLiOhIP3rH0qGRq7yy3ZMUvEa3tIiXyE6YACETK71IVWofHMED36hwjtpQh0IDsZdukbXC3yEm0vYdi2nefyyyfwEl3HOteB9HaSe5KJ6Rq381IzJNq345+yN7ivKllJRV0z3bUIoiN7N99u0EtUQAqOwKJ/HnzXIguX6OMOuliRz72FoiAC6CpTGIpQX6MWZsf9iBSHId2L9cEdpEdEX0hSllNRMidO58vgLvFjauFpn58h3vlUds8pqqYuXzQRAytamx0fhnPGxYIR6Vaup13lJ8ZYXfEY64aeOWVI+sg0/zSSDmd17r6urk5zUesYqRN+oVctn7wTO38s80jq0soss9cZE3CGHyOjNPAKwiz+PbNqKs2O5a+urrrzVsKoTzsaRAdMxPpZ6iZ7uSkEDvdb+Dsjbf9FTLhUB2GLyeMiam6ttYdXPUtHNDszPoXOMSKNGntEjrBHReIccUWija8c+e7OMeUUaqaOobLpsDt+J+s99kJZ911xvYy2DkHoGoUeQjkSt9ZKpOHpsuF4xW0gs79/NtfY/Q7BEWCO7/9WpgWYsBqeTIB+fsMlo9yzP04VA2jd5eqP5+FZ3Xqb/mTF0yYbNvqVsf04GBR4XXQifPaW1HsbSO5NupegUHooy/slOGOb+M0zYcKsBBZfueAm/gUmfdZy5xKoU27ZmKmKJKoS5Rg85UD6X8Vj5yhNkNnrQhdmNju/ABYB3yIPcBp75ZklPqtAExEGHCf+E2tbLKaTqAUrsyapUyAdBfsW/YGmlDr3aLRcShWTqcoRX72FxWsIsDUoRMRPaP1g+1FICSQEyL7sGC7agT7z7LyAYtnxXopHSR7qV+mJc6PUhsdwPdmwduRVWsWhGa8qBpbtoxZuBYvf2vE57Duwe9+ER+e77Kb3y2E0nU98O5hiBulZCoek9FRHeG/Omix1JuJFuSdVW2BnFTGw//ytyhLkYJ7IjXDJQxDdb30bq+X9RNf74kAum/3IyvkMJy91HulA2dcAjCX6kWgG25ELtPtC54ta8Mz7RlE1L96TVRmK87IFWZFaWHefns+5eV6uLCDzCsigvxFp8TzPVrrWHIXJDmXAwvn9Fozzf5aRZpUEcmSmboy/AkxWTDr8UgtVDWaU9d4dlehz1GQX3ZzgdwXLWa3xnNkHHtL4f/qqcHGpPvfpOkkE/VudfJIuaHyslYS3ZCfotoYWxnxmFEelA8z5/dUAL89cLyOZlRrMjjZz8hfnY8W8K7/FBi6lJDMjJgSJuWHaa24bdtd37EYmTXOEbyzJCwwXhL0kUnFz4kPuo1RnHebzhfyKQiTiralyEuA46KQw7Mk2f53S7MBJ152YUfvkkUnyJB4T2h5KF7VPqwi3Q/J30YUy9EsNztQHYhBxNBmIa2VSs+VvmbnF4LDnWvhL68aAHOaIokfN6BxmgWMwlN6HFVzHYOKq07ZKAgLz2MSFPxic/3yh9YGEqq+yh2XD1V8wvBac4YwS9zpVcSYAqX3NHiT2pnduJOM1pfZnE5LbDM358OZBeRPymrBaq2O0jI14NPo67ppSLi3Orru0oOL8bf0JViAtdXo3LsGTuuurYx1vHJh7bmWscfHep9ucJ4494RgNsfUz7cLwTsm2G1UtJLXYsMrY32xh7Ftt7NxSKnVcD9IL9fVrSX3h/Rgt9hr5QPfZ/Yn5kH2n5nmkyhM0eiz37z576SAq0Ujvf5nXYle6kMBdE5kOtRKnrkK6GrQfGRUlBI6ipKAkhrRZqpAwcUKLW7ZTjwDAKu0NQaRbvvi7xT4iIh4HnEfxbJSdRYWuYdeN12tV8WXH7LMdZVmul0pSQKXCXfYtswbLCNxK/slPDQ5PBygMKUsTdAYnQHzPn+mXlptGzrl4+mtsKcqPMgLWEZfs5BdB+Wvf4wC6y+fg4MQ7jum37FY1O9q20FEeLps8E6p+vKOxdrdclPdvYchYuMYcsruBAoVoZN8s0ZKZW32PeGWuhapcYZ60ygJHxSSiVw8tBiLF7qhDIsEQhWoQ3yA+FN6JvzCloGo/S+Rxxb8Gv3CjcZh3QWUb0Y+8rb6dvSpMnissoJZ+YPfY8fNJgh2kiM+Hc5VO/ZvzVzj1jhhOySbtGGwd/7LBeU9zm6zXvfBabPK9/++uVzoVEWI4S65jb7hey/NtkvyXJtfBK2D2rbV6lUrpxdnpvtnzf5Gr9y/CWdv1AvlNZh5RcRAkfisc1O1ufBnyx/14qZFuSU55heWC4ZZHzQaBb/mqTk+Cz/0AbtDi/lpcyEFlAcSdDXe2Vmxh9ZE0bO9pfliA6+I0mLvY4Ko50O5g+qbZTAkSGwkA7WFGl57WHv5WOpkI800CxcNPbLIqZGLa33o8EsaCqb3f9YSRt7P4f2KyX49y8F/7z6VxBXNXCitKE1UBz8bHUZkNw8hlb3G6VcXjdjtVLbr9+rgNK0ZL7NzJk/J7+kt4rGxEfgQbc0VqK9cOYqAVZyMcDRCBmYVAe2RRzXsS4/OCDkxZAg8Ndvw7pUDnOSoUz1PmTP4pc0sSLLf8+DERutwHSm8wP769KEwMLsApr/iNAekRWyaUSh0IoqNsM5jRHsr7BmP3dP+ezXiObdmPnmoyNnnOWaMSMsFduvKQLTW0N+A4ObYNksG21F3JzU3BmIZRo0BZ/baA7ou90ziQ7oF/eeyVQYnJ55oIAZP6i588gDrbOa6LNY6TtfTKloABZKvzhxHGr4np4r7p1BQu/TPvPM0iZAV7cFsbgvjuSqWN7rwwRWg0aJt1XVGi+JwnnWi7mi+M3gKVVc38jIoEjA+mpjmP3XTGDk4Cm/RXXns4078Ws5AAnrb9Cn+lUyuboJVEK8IKpiceWsbmw20RS6t/O7baYsRYyK0XonuJGy9gjXlX7mhoY+pX2afXTdMOhRwET5PS6LZBz3MS6I+ZLU8zhAH2y2EcdiI6O6TV5t2rXldRiPATUe4tM/t/mmC+iovPHPbUQMoiQKfquwNirSQHSQL21tVjrfXx9KidTJTvBc68r790O2kpzd2w+28xv/3zgMzBCNitwloLdqafaiI0C8FTd//eQxzE8SJQtFCHiA+EIpjTtUAjOS93OmZBy1GRJ7p+nSOGzJ7XJhtgl66Lx3mMSJbgVdsjsLxiJK0qFQxk8Jg3qRbFLVrhvNf+fRbAu/IcacDgn9dQLnmsLm840VXQNHBGkvXaa4gL8hdsx/jZ1/o4PspFnpAxUe++sJposwj57zThCm0nS6k1MmZsAHmFWkjErMyTapX1qslKimaOgNYeHGslZySGjQyfeZ1Zvd+E66ldj85ciRxsM/P2MbImtGyxvSphqqIm2JPaPjf92jddpZ+kLT288UivB45HXOO8q0RlXwcwfizH9XWgbDAtcnhdQzUPau2WStxyp54MpjdDFtdmg7GMP21T8K0ieVci/6Odfir74mkX3fZL63yx8ALF0fKCwo/EA/meH5JoPXNeL5/+7mzK/+aG9105XeoM/j+Hcd72U90AznL+zEUtvqQ1Q0xoA/rh+Yzgvn3oryPyj/PyibJmtOPFPB1QFrOgf0ksoRXGi4fiX45fPqAm/5hGPez/9s3rrJC/xEihwxlB0vRWIoewBabLNsLNF17D5kMBSHOFC7d+jgn0/XWc/1ry+uOoLo58YDCHz4DsQ8BwhA8vrP4jNHLSjF/RZ98iPmYVKn76/YkX4qPHNJy55E2Wv+9R33RTGhHAip7aY9yHKvnZwJlRt29PONv+LPsFdLy799OkC6EHLfFMekjqYJW4XfgCT0bmwpdlvHOH6S94IWHuSEZYeaFfrdh+Fn2+9jYm3m/9Ef9ph1pgKvbA44N+hP/AlAIJX6/pXAcn6tMYu1oPYEvVE0TOA33f9KgnQPZwDWSNvjAq3oTe8d9bfATBlBUiO76izbUoPvQgNbYfNgPfRWKVUt7d8MxFx1BALKmNKVzweww7c43Bv3qhwmd9k+NxlGef6y2LM+b845m9JOTBwXGL02WUfJHemDjczvy/iqeuNAKCPH/0Yj7jQaBMdj34hH3bDsb1CtRI6txp6RFhBmG1+UGqXv3KX42rwjRhAEcJFWPmRBgc49aiplunPV//IFhCmYJLj58XeN8VxTKYjaotjB6q41x8EM5+2RCyUQaubFoZgo3EdiSVBUbpyrDhyn/H2WZaj/e83Yb+u1EERyzp57yPb7eRLwBVzB2lcSgb6gouy+CSnzVBBHEDzDIVbvN3kGY8pXBkSKbaqEbzxIob08w7VnKbnfbdgqWHIxNJ7PG2hE93rTrK+jxs9nt3J8hOUmVCygOAZrsWaz/xpYspv/q5bxGx3OG5gL3sqdTOifxnED+IMTJVKxxzMG7tcnxre2raP6gnGbqZtpJe3en/czE0AIrEPg8e6jLVCuvaB02X6eARnGnmniwDARHWTdkbWerMVJKoSqrL8ZaK3HDIQpx1L7cs7GZLclnQC9rJu/ofExDzDMQGeGeLQZhMtnBm/ZbknfonnEBXw3qbwtovDfOFQJHhpbFuQ/E/78fTW/1BIidwlabhLTkeI+HgTs99tLfCySMmSpOjlLAXP9P1kVeLIsicvOXK8XBOV3rSJfzH+vGVPgEXutivggwfXH+Plu1FeEg0Knb3TDt9fckLlDXZDGO5dKPsCPOZ7PsizKaH2S7bV9aMC3NL6cXCaIsXQ04wKJeiFM2xEKoqFxrtac5U2Kov37JIBJQgUPB6VK5zN7MgBDWfPw3r6jQ2MLQ3hdYpPjpN96Or8jknubhxbpKRp6BDufuj8n5isS6qG1uJMoDKeIvr8wqmc1FYq87b/9w5HcCc7c2H7X8OGrpVSm2qb9YF/NSrZ3pgFzvHgsts9UsnhoxcWdiA2/HaGzIMxJ5XG50aZC94BjF0Ohjna0EoVVSmD3iS9aeL9eWyOhuDl++zoRblb9jfxhKJRr1rabZ0H354jgJ/mFxqr2UNhZu1KdP0CYjuXitvgMVTmhKMJ8g7BkUFz9j7I+eykPtOS8ocWv97M7fvHaPRw5AZygoF9F7cjNK5ZPb51ku9aAtDDeTyemn6SAIKKYgN77tctrX8sjuuK3gYsQNhEcT8jfYrW/OipbIAafQssqlQjODDwD9v5YW/Kl4SIid77yg+G3GJTC0qfDnAy1zMjUoZ9ByNiey/xaboV4PIkHTtg6WG2wPVUWiHr2y4udfJHbSW66Dx5ZRBWCTxL+GIf9J/2qWAVwFKXXi5ZPlcP4jRFFz0EjoTB8Cy1XNWCfpRG4Jstf1wRPL9Jrh18awcqXh2tru02w3BdvUh+moyYgQsB87Uv43v5qcUB7aTWV8rFCQjnxKqPBK163EsHF0tg/xQ02O6gmuQMnC1Hl0ouCQyCz69rR2R/zAqd++QySyYi3WNsp+kZRxKOtvcuyoGEhx+pLqpixvwVE6Q+9U2RW+T68k9pMgkbB7PDLW6Xf/77y16CS4xic3uIdJbYZHhqTbq01eMhMf68wbRrSz34tnxn+58z4Fjeq+I8JdOCoc0/sQUMU4YnR2VPwMvShgTy8ldyLHflJefaF/5r2IrJbhvD+cJqbROh7/lgBbQ93HPn3N6ppMO7gd/z5a6NQRGH2axfFpp83kcWuR5nEl/aIavXXSqp27NVOIKGv/UQVz6SnB/hPCndc/8Yj0SjLvnr2om3LELrOIOZ1hjvs9u4wDwjptpzI3Zav8WtxDOY5QrpuZ0fq/FKvDx8G9AObVvGbXgi5jV8HZF+eNmEVIXHwNXlliDEkUQKWCyVc3RUpDex3sx9f6ClYKT3YzTnQG8vyR3JZN1G+UuGqVRQcMEytRd9Rjzk9DQCD2ObrJX+afKi/KPJJ6GLWU+gDeVEK6XllR9Y0F8bDB+kGHz4nscsfV4VRF+RhWfmamBNpp7t19IUFsPD1SmcQQdgIa0J/fCHSQMEudqUV7sEHoKEaybXbZhU8/9XXE+axOjBPyhFXZaAl63cU3IyqSdN+RRIfqhazTxy8KbEWALcO6FD8YF6BtsDTY7AsO9l6nd1xqzCDGyR0ToS9Fy28Fi3s4W0Buax2MLlUVt2Gg39BXUe2wmEYLSPaVB89/7znO/x7H8u43OhIX74b0nK0k4RJvpsFCayKYh32jbiWL1mQ+ZiNxHIdnbL7tvTy4YHgHSswQtsoRHwSzuQJntdjxWcefGS3ArinL8O4BAJCZIFmVAKJvzWLRvkEEjPEqUVoGGswRF4mJ9Zy/uw5/K3pJF1FQT+iR2jIMU/ZnCtYHX4jhOG23YUaQ2uGWI7QI1ueB0xs7AlspVGuNQwh0QMu+C0ku3uLgyKDc8PxL4EfVUhWB/+zPFbEaF79F0anxgcyEZPVvtDnCuGmhPYj5fTQmqfuL/dI+7VHBFwChuMIl7OkHosmfivyCSU++GWEJJt+vJQR094sqLvptZ43atv+rLLsMtWAG/6sOL0jmdXC9nZZUxWqWyqiMXZu3c70hiE4kz/fU94zuHhF6AE/A9s+ep/t5zkTdb6AHIDRmqaoiAV1ttANprwtjvvhM3ZQB7FKCuUiBLPyo+ijcqln5M2ZLOPZjVPDDFZPl7lRuPbA1WjYuc/0unApkHABLtaKur+/vHXiZ3rG/ibOOf78EdAyUvul+XC1inC5YfunpDsFhsycKzeDKAo1yxmSgCTY23Mi7ZMZ9G7Oe7V92yBKpzrv59mif/ufhqw+Iw/KF9mdMPnq3fkLobJvrY5u2zm1xXnAmPa6j1ZISDULLAO17tvo8JliKqlhrHCgopGsthVV7jQ1rhF95g/gf3OTuncGGokUOgGWRgKhfCzxTcyQKMFTMZXycflATXwV41dNvpVJ21a+QGzc3gZTNxVTsD274rw243YEw+jXa4ytAotsQJhYdeeDQrsjbwCbcJKzZsGHgsomhiS38JfATvEfPfEQM5dKsQXKQWhmKp04X26VxJPeNl8hwURncNeRSJw+OBVYXwN7JoU+R+P102bC9ayFqziWE/svokHfJfP2jjZOPFTopFOt3/wjQbCcOfJAe9kw4PK/riZA289I2WZkMWarwoIuC6JCsv6Qem3y6XKQZAK0fIc9mH5pmrd/CujqjIjzZt8fttO+GYzm8GAEaBp+eNPCc3x2Kfr7OvIOfHho/b5bd4ovH435QXdJX46C9eLO4PnYsh0UNRuO4y1tPOUPPL4/1ydek/EUmc3fYDTK0NagOP0Z/Tcnf80+f8Zw6e/suIvD7IMG7DcFP2yslKM6b2hUTIwL0SeXI0ir+wKElOLXGP898ohNipAHwy3hQRYkvx/5waHUqmzG/CC8hWezXx38q64+5BAxTzJpAXyXzRJwf+WE6ZBfEF0uRlT8SZs1c5/nDmSavt9/4i/zry9hP7vUCqM+Wx1GnYHLMBRPwCe9uPErnPqzy8bRlkQhOhK4YDwvX5X3qTXQ2PYzD8KIas6yHjzCeFwAVrrA/ncnrI3B5zNEefH2Rj9vRSybxOrlffaE29Gs9Yll+8GKbOz5Za/n4f5+UYYIyoxY2MuEHVXqaECIF8vIeYDtop+UxjIh3+b61hYRdaAb8Kf+oWeWK3ZBNCigmbU4lW358hhy/74/e3r421bAGHygXGZRxm31eij3s3AQc3O36ZdnOYGIAyM56ezh3Dt+/IwVie0lGjRG9XA6cBIGDh513Y5j3aeqHMseyrkdoQYjLamLhYGdsGeQpQ5lLz6jvIiK1A96dV6Aozv+Thgu9C5TyrZjRPDFKqCcdmjUlrfEYnA1hQoLpeGGnqJ0Q5syLVeNx0OwwvdRopMvW3ZQM89TvR+6O7xQrXg222jJYhneEed56ti80blHXjO9oLXRejmOnFT4Wchp8jXg6AVPYIY/dqk++FTkEzIbwVsPcRHuisT7zkZTuV9W8mxDDWtwMu2SokM2Ahu+9EbumHpAXm6AjkqGyfeFsE5mjkx3w01WTkDrAoR/cSDpu7hfwqq18yPjJvpX1ostgyn/Fa9ZKSYo0nufk7MMW5pBUQs+/JeoOJGqDNTtLS0xcnYrdwVC7pPxEQb+c0n7WGG2uOXf320+59FP27O/ddo0/WI7vSXDI3DYHRLA1egfkXtdylrUveXWSIkV96N3Yo2MzGyHhzUzkBAER6KbF6JeB2MU8dmWHFsavAhFo9Cg8Y2ln8/4DeGv62CFnA4uGpHAQ/+d8yiERQ97RZ3ZPEzv4DjWIlvPl1lb8lsmpyIBdamXIXnjnRZiB7TYYTAATBrbsnSCqDWzrvGZu4HCLvibNPUMJvEe1TK6p4Vi1eXiQ1S6FeaVzjbdaJYL/t3RDoBsducbk+pvWmEo2BwakELUwllhOVs3PTj183F3HsP3VSZ2A6HEKnafTcttIi9zIXDASiH5QqeE3E5Cbrf5NuC2vyThgbzYNsRDl8KP2qleUoOlxzv3d4cchbjQ3PiLi1qq0eHgEbSoE86thxrB6nlMhAEJQj2+OJHMfhRLIM6DSH5H2QtHLK2l9PtUv32IjsTOOsqBamfe4SsSlW9ceeCNxRc2W7xb38fbyS+sE3ip6NzKFHUVj9RWmb4LakvLvxvOBRG8e6Pxa3mXzl01XdXdJ5Rwcx/KchOyp5iru+XXFM85haA6dxhvuTgpsjUASZEJ3bRSAD1yzoi/6EwVXywe0NDAuqUoFQ/KBgRyLcGp3grtTv6U/JLthfNhmQ8lDnvE2GJIGRsxWISZ+F47g3VHSW0rU9mKV23JsGoRWeI6gT0Su60kkfIzSAMhjqP6drGY8VCEE83+q82l/vovAQzP5u2v1hVj8Ty/Im7O6eZNqnqwZMvPaxIT6Su2kQR6FW9jKmCbq6VHvWNaAokcu2h482qNlC2E90ZY/Hi2JuMqhhIFXXwTykwBchMZbTpUTStsVR+1ZHa030B26b79TJwEzPfMZp2Cj4NCvS5JigkRfTRNE31R2rQQHTNkoSFf5T0zJLNUyr0Wjs9YtYGQMmtMzVuknVagwO66DBd5v8XhkuKLDYNhOeQXKsQvwMUSgn7mf9rhLDFs7tesmySHAnV/ZSUCT3MfgUe+DWT/snW3nXokCKmjtjav4Nfyd4miK3oQ/ANYfxXmUOg1jeVC55CGE/zDvXF+KXyGMJrwwoIL1F8Q52KN7MqNitPQfdVSO2PGFCmvbbTojzWpFXaSpHOvvt7DXgG3lSX6lrAd16yJvL8VVmw/W0dMwANtNSRBG4RlEsbeHa6VojbTfor808pfCAP4MO3FXfIu1/LO1kj276Ndp6Nl3wwEf0io92kMUs4Lob2vDtGCvtbmTiiL5vSvdTpUaq4O5tRHtBDAeUGyeK28Isn7x6aGt7eUDZ7NRbE4KloECPJn3GdrXKYcS2BqX67QHAORJa92+cZRAVfC0QKFzIN2z+IDXnSz8LhnmoZFI0NseD0wUpEHayETIqAo2epv4ZwYRiPWmjHRZfmAT++rUIFzksBYQntpJhLQL5SWX4OpQXR+FYaBZ3kr/DkYgE8jHWBc7AopwLr6bgBYKarQ3TVgvpe+SSgk8kcU24FfUeQXI7W502Rir2wf3IcZq5ePXanzckpbUhYlvIK1PpKWVZBGWB5ewfP4THUusrpH1ZQBW7eF+/cb2nF09kmXP9vh+IDDZz4b5IuigPfnB9SA1gIGYw6JZLiTB1EdCV9wEL0vIBQ5Wgyd5lfpBk6EuDSL7LVKjlq+sea9MNpnpYXbdXU117WQ4rbw0pKm399yawZYHAx5RBInSk/Ld8hiUPRetJAuC5PhI1XIM0t54d8fepu/m4HcjxSsE1mEp9zYfF3NUHfOIETNV0wfiRuai7uIJnZvsHEOe1g23zculBr0lZTggZf6FeozFl1h6KjRtLKTqus3rtKOvohZCroY+B3PmxPjKxRVA4H6ZVkDgAmw3ntvtyBnSSs8h/wLn0Zg0M0hC+wmHq9bE+0XI2vzmE9/MPXwsPoSPPo9t6yeLCtpgVovrMY0/Ss0J7Zo6S+E0/mkHRSZj+Sv6+qCcnmjxkVMmYBQRkDzZxKau2j52JpnHgGClFc6FTJ/IH3OZUIBRy7oCJLg+DXucN/7q/k2XtX2ZePueDiVMjWE5s/iBIiU8df6J3ZWbZrbeJSaC2dwH1XHrbV9QFXQVA1XqcpfraFCADDbNIp46drBa/gIJhL2bR7CWbV7ZexdIvDHgtBkqwfmWeF2kdIpc+YwWgvJbWIj37cv4uxuRXZwRuG4RlWSRVyrClY7diCHcAQ1OZ9V/6pazk9D8/YMTH1kh8B0Ruhb0fZ1meAnyH0JPUarVsiRZcgpfpKa167tYlPgKzhVXRZ92Bg4XFD4upGVSYJ9lVQStrvhsU3dnqtvobn+Vgeg4uhqeToF7+Jrg7/4YDPPPEudzeB8YG3eybKJ7KAW3TRQRl3FfJA5Bp1thnQFTi9GpHEhhQzNYIwU3ADmcN+RmQ4xsKHEHN/MJ0anyKzbcyIXZQP2bXjpry8JeCqBcw5+/gqjdAQjqNTIu/IDDpPPmTdbc58dw0Vv8jCn2vy8QvQTBvvnrjfU4z7fwia+dVIi57LbRQ2FyEd04BTokz3c5xngil9lD3J5ptQhaI0IcRmTv/SkPKq1gRCztDjOoTyZSVrXK5DpOhBtpgT42zxwYaVtHzTlhFl0QEk4cwjbi3/+LYtMM2kduhBZsWu/kwD6Xia3ezj1VT+qor6tF+NftlUyyCY2qKFp19vbRzVxswWNl62fJBvFfnng0r5JB5/IUDk4M0lquTwR8E59uwLwwWIH+0gHnmwmsFTtEB4yKwPvsVGxCgRceN4inFKnmPJXPbqdOeNd7NL325Iw+KFARWpX9CuHvO7N1gmtKL/O0b1iPqzlnZA+rEMbcREhVIFwXNBinuXOhGBLH/2TDx+djlJgY8EUIU/vY+Y1tRl7npsy2z6D0p9KhYNFvKN4uXNgC6Ufewxx/U43hHiek9ZJErV9i6ZoCQ1kqkMFiDAfTdcRYqy37vJB69DjkkgGcbtfdqTdNWmI6889CgRz6EuoGq/AvRWgkFfyWCOGb35OIfZDM7k9jfiJKMZSft7y0eB20sBREHbyPGtaitGSWoTXpRWVobBJFEy6TXUUKPGAoAcLm1JMw6nxYKiJz9rYD+iHD+9wjC4Z7FRLGsznF88OYnFhZJm79kvP3zNKR1/jnKXjug8on8h8a4+3X6Rt6sZtr+p0/c6Cmr6FmmGaLZWsNE79rvW9O+DQ++Mjfw9HrcFoDYY6YWgQAjAAVrzpu7nMcsy1XZvhGa5vGW9rpak+71dvtdL7Jd7+CSyV0Q3Ms5SaVrs2cJezhbiB/77qloV84RtcsV4XOcerwQs7z0BL1iP0V1O0UvRageGUOiNkmc5NYuHPtlp9Zo0NXJylDd8TG8IBoV8S8f1+MLIusi7R8vLc1Y+VkIJsD26qLEvG5HxWlRZzdD+4yJSf9cNFWwrrr88wkDi+voAdofQ8tSMCsSJI/IKYLlC9/bih/Sd5rc3YgsCIlytP0m2OzudRvQvYIrz3yt+IEtgXEEgPQdPukGZI7PJD1JdbZBXt0ViiKTNC6zKwaeIMvtaLE/uKotR6msRko5uO1FkGmNv9IzehowTfqd3Hj745E+atG2yKbHhGRG+yBsP0xoLN00YYLlYoXNmwKieIA/bh0b28Iephlc8XOTKgaviWRO0c4BDpnPta3J3wlracURSGL42388H5Zz7MD1UxdIVhONlkuhjGU5S1k3WQVg8S+MH+3sV/ziy9srwDT0PLfTgMLc9R8ADJzCUqRce6C3KSif1KbLbtSZAs8wTObr47TYXaEEeE0Au03kjG4vrMod6hgasRmMOptwjIeC2SuWc53fyKMNP7/M1yqUtBR0jxXDGuuK3QVdG3sKV4pD3jCBxoXS96TcHORj8787aTlA/z4TCqoRU+NQ6fUS0cJ0vNcte/4RVNe3AWV23HZoXkqbkFTFCYsHe5QpogyLif1wYsfmRWPDmsOFlAR7xtRkurhH4WAxcDs6yRoGQeuwAcufxNDOtRu7egQLjL7ii8rxQwy+1nn8yWX8TJrBKaXaE62itrmPF6Ho9SnL+fvuSjF/9WX00N8bNEtxiF8wMlife9CuN0SyPdZnMsDTl//yFjgHdsOmuW4k19JbJjRfEzdssyMnjqy7g6zUs88aV9CQJkgzCfrX8jWdEsShjJj6U/3+TkamaVBwSMD1uL5PU6078mJAYNzqPYtuu1Yb4cAg5UzLaVw7LI+RsN3/OLLvAUgrKIcPqFnqf9Pto2u9AMYr7FbVh15mavR/+DYQbZAsUQhqQ+fUJfhclYXAWPkPptZ4VRhfvkeF69+WquR4chuFwLkNFDAqUuDYqenuks9fTZXOiFGdKdPRYr00CsKukB1YgPMDjSeYRzLakbanPmwInXMQbW7A4TB1du8BApvs3sOlwy1sZOhRtAXBQjDu+7CSXh472c0kgMDTHsbfdjP00nKefO/TacNbQgqld3S4OWew/psdsDZ+TTNvk0levWSaterWzCwWNhXjjPsb2rPAxwYzD4SstGgTu3NzaTk2vm9do3Wo8TiBdCcIQMztWsDbWU49aJx2I9eiKMCVBJT0QIsZjqHUdxuftWYUYezGDm9CGdvltb/RaITPZrNOwyIkq6YkdMpyFbjQtgqPU+3wuqt/YxU7Ha341JRUlP1ui/zrUAHBfD/Rh76KH0Bjc/ppNdLxR6qF9/QI66aheYXsBhoXKvGdshH3D54TQrp4NiDdyy2XY5cXHvMIY9024ZRuvswOv0egAMgWzvHpoRtUY16xXzjHMl2xgR3jB6yZ2Ya5jT6MiOoYZL0iGbAGf1iaZDi5J7Y4oSJwk2k3RGlzXF0ZcsAgdptjJY8HTUGF3h7sF883r4GPhm/di27LIq2GwwTH7P7tLeKIPG783aOMg8VlWXxvriPsbtZrGun/ZU7nimXStmfKE2gCKsXEeprgprfFdhua2TDWTz+j4ro4I13/foRR0m8+NyJGB4hBzxENBMzOUHv04BHgF9l44HgOLnJRpQaPt0t2pwRxZp7WKwJBucGMoGDyekeJTEnQCfOIl7b3vmvpgxnR9bl0+uSyuOWTjOVl2+HXdLd3lT1HUNzgEQqi47lR22wasKl35oGAZpP7mByQeMHDQ/sSla9dk0I6ujKkNGNUprW5w2qnv/Wff48vdAnwqgr/rTYVzoSAqjTs2NaNClj04AhK2cvXNXCfp09YZihAv10a4VY89EZ3yp3KbKb7m0Scssw1LOlbp/Gv/9wrJO+rBk5b4UTf9e0Dvv4aRP+NtzsuvLoohPPnDFpGn6tsxuMs3YgJNwi2hj/ZPJvCCvMlr6Y0fmxV2O5UW9wK4eNhsr4+rZuW8HVVY7WD/nsH4Fw/oYu+A+4hrtDsZzv/poEytNGFIhqjF1ndxrMNx3A6Y9RqdhJPE7osO7i7sYmHi78UgCfwT+V40FLCpMSJE2fFDCIuGeZukcqUTEXfKvBUdtsjpIvEtq+olT6I1Z+Q2Deg1i7a8iy/Ktpnh+FyPdaDxMU/ReoKxKR53bRlZmX81Bh73iD4puEzgUyVBl7qo5flCUrLNUc0HpIZhBLCgEtABL/Tlp5hahKjwQ30+tJOBqkVLrzu5qKaIF/mGKB+IWbtYu8QZvGb1zXfJIklpEWSCVw68N3cNkLfRNp+dq6ktYoOzFXzYBEF0RUAbNplFqyel0Ivx0hQZjXYuoHnQsJztNSHELy1c0w2NnEnbT5ZsnT1yon3FBILYyI6/YftQS7vOYzS7RqjiDdEPlLcIcfB7G6Uwqka6QpjzyErNczfcb1BgNsFd1DqTsPAkYBKyg7rlyjOu+vImv2kOdHbew+IW/An5yIz5GswL4p0iTc3Ea39+5tZVrWflTAVVGDdEL8VAUoKuuBvl5kQDzr13mZW60Iinz7bD15vCI7zB8T8pBj9a8jbU58QhVfQYX0ponriTpncqZ/bZt8B10BgNn31zF+b09crcSxHTrGC+kIPHlmxZxhEoaxqtluQ6fpN+sBsEREzg6+7J7DIJGYNsMVAFQY+WYv8n3onWxbfNnyDWpoQZSQAK+xKYVqKlh+g23RJckEnD5GKEkvAn4diSZrXRfwvAyVqav1KsvqcqR1K1UTpuLYKUNh6TbWacIchjZJZbjZztbYlDQe1hfsz3QOA6JQjXyX2KARng1uy7xBhudGGXLu/uZJYvr/QmP6NGZhuwjYlCQVyk3QiGaMxHj3+/Xd8kF4AzTiRn+JG9DA8bD8Nl985EWRtQoU99pmuzTiRbZM74HnVAwsSC92QCmHEfZLcYgJ0ZpLqb+QBJBeDB4chT8o0ddezL+PmHdjLutx3f4fbPe695wpPeTFOUlxMyP2f2Iveg0jAMZnL1mQRwWMcGnvUaJPcf3X9JARreHHujTkwW1sO5V8KN+GV9iaahW6Q9/P8yHJqD7L/gDl/21uOajbOui+CJ7axA5Sci0jLeObkWet3KXYYprdUIiClxRbdPG07g/Cst4cUN9M7kKx0AYzI+bEcCdyxCZXs+2oQJIqTPQ2R9oOAGdxBrfFZ2r1+eqw+rB9c71Y8u7gMTvWEZc7J7W26inmT+/2XRDwrHemWotKy3CmE1EOzLV3qOD7UzTt7Qt2lxCH0nuWiYvDOl7OvN44HkI4xEHHEWS+WmjbBqhO4C6PEaaayMybER6AAwGujX1GMN4TSGEPDqNOcq6pejWphnwZvBfxX65i+KjUrbJ8xt/wN3b6vqvNnjPXkfipVGxx7CtOUlOsNkXc0tsDXw+tLoYG4r/1QbShj3w3iWebjM1r1ajxzJnpk27cbgcn9z03BifjIfb0hFx/RpWzbEjsd8oQfOPDKI8hvN6lnmGsKjQIIcJXc88X8T62FJCe10IgaZzOM4a3F8G0o5z8DuSb62bpDdjWjEJ6eUbhX1aZp6NWpjKgTjSXn7oXGbxNOtm/te3HMVvVP8WfkZ9PjBafLf+9isTR4Yssz04GRN8IhbSfEAXSm15On3UU8OIxL55CkSOYrkRm7BMffvMLKI7wH4pOwgn2l8tXYPWbhMxmXKB/Xq/Sqm/rnib7Vo8g+DE1zvyzDQZTcVLl0W3l31RPNA9wMgnZ2sgZh1721lKyA0KxYvcG0vJDUoDL1XupNJeXsgUWYa+Fp7wpgF0FGHfBnc+AvzB9hd2lP53CvxkdzdSRmiTefW/2siTjfWS873gvOdAHyB+LcOHi/g77h/28DKjD+WY2Zqeh5TCjgjHUU7RovuSTscE/O1GJC7tnM+Iop7ya3OELOmZgpV/MX3NAoID4cqisWN+GFAtNQ8iR/o6YSrRYgdLpe1ODQ2aimu2pXPr+bjbkTlm+MF74WUKbYG6bz/DqjfJh/qVWweKdMsjTqZ8xHu1Ta16CG9hmOLBvzSp7xp/UhkfdaFVoYBndfwVux3F75Lkf6QDrLzFBhZd5xpauPSNJWaC7ua6af7PVd7nq7g5gcZT9V2uNYvm4KfYoIYq/t0zXUalU2Veqpdiua5kGOKUn1QwlM8DTlb5kY1Z7KjrtqHXrx5NJo/vonr0w6UgnmdEbIPH4GxWvD/ztT0Ga5fAvIGfxA0doBe04onwTgjnxDDsAVo/bxvDGVzCywT0CxF4T7C+QvsjBHU8+HmQWX7uS4FIvM27w/ZLK05aeUEllRfWUs9k42xzGrmjPquBCSCH4HPEC3dvqKt34caZ96GNW4iPoYRR3qPkD4CANPLXd2r2HzYanFuwOPtmgMwOMbriF/XJtXdagHq7qk9pwLvcFSRZ1/Ozh/pkl/vJhvX42x4MkeC2NWv1cLOIM1DRUWa1Oka9Haep47LwgQwa/VF9xqAneHRtTb+WvhNYj28KZ+KNgGnwtCaB6nXMlH3T4UXWLUNVdjTOG4X0MHO0ZeSkYNS19JDeWxObWFeiK9GxTvmCo7HqfTgjq6f9g18dA+gIMtqW7mvdEq7lfThu/mlVZEvRlPbSLqWzNAUkB6I2Wt0vFYst5eRir45rFeOp4auk4cgyiYuWXTuzR1vTPjBsa3eOFVk1jdCog7/FBCTtLPT6FTyZf/EJnv8gUrjQ8vaEZdF4AHG4BIQbfuptfCev1qQVQPnyAQYuz+V1LbjNhqsM55TQcA40IMw2WC4uwtYK23dLjrvzCa+4ciO/14k8v+cmZHXdAXW4lXs3Yozl6KXxARaSLdnmCI5FV/2zwqV/iebXVqwgW7frWDa63cd9DT0lJ/jeVuRyxppXU9iIcVo4WGLDNKZpwSktJmgCjmIZgC0jAUIxgSCWERTVEKcrpmkQU/fMMQ07NCgeyu7hMObczPDmrfo0khArJDBjTT/zl7ie3tfqbTfnwoIj/JqgIlb8eqm0yDomiF0GGR5cPih465tJjc0q5ASjvwP4GoGJjaRML7xP7koGbpYrCgTBw7LRpQgZxaAQgvfXVhf7IBVLeGwzBjrfVdR2kfSUvVe9s+dZewlt7ngQUM8IRdJa4zz4GZDyHBW9y6VEOR7iXMWpGeIDHXR9YD5OJsxzXH6Hdkj5rcVU34iTx5BjFHMVUYxaf+mQzwZwKXntFIvgp/KcQAKMMd32cn8yZIXaR9G1qQpdBuCt5munUXKO9FZPCU9P5102e96T3Apsxxst868LZ9wlvF3361o1EsJ2O8SVKvxKR50j0054T+uXKjeKwK2qTK99D85reuANe+GwFk484a8vvhqO8RGCMQtmpBDiUbiSE4/0rmSYg6+BhjfmacYXGO0RBvo8xPB8OEoWMK+tQjK1eCX9rzp4L5oLt28Y+P78qCNaBaGNPf4+moj88w4SvoEAwE9ZZgnlpO5dh3NGxGexdudkNd8xGKhcW/hNALmN4W81aQiavyQ3ZeGmfjOKxRAp7fmfHCJ+5wrm0SYbcZ80yRGLrsQQe4qcURv8ZhBFmjT/DgJgC/VCIc41HNMesRKVO+5CEmbFX+z/UcJ7QFrQ4Lq/spCW88XVISRwGhWBVNP/YhdQA/C78LwTkORGDeKtu5NWHD5X8WbQS+LBMIrA9tH3wjUZGc4kCLK8+3t2N8C/WwQi1jc8XKClfxj9rZ8QMQuhynF/iVLGeQbJWSXxcN9vXSQ441dOpK6hYCFfFd3a6oT9Zedwaql+J+tBHKRrV9OCEYG7k+NNhyZOiZn1L0p/faxSFAbrS01+MYT+PTisS+q7N3fZYD+Yf/hlyjB2UdaOFXyuL1y4KkxTYOXJ48QB/pDAZAOnDC5YdMZJUfU3c1itarMUbyRuWtbSRywrFNwWsJM/B5Z4LF5kPjqg/WXcCIx0119REIEpTXk9uOT25dZ5jhMFhIm7Kg3235hzQVMafSkL9UFPqqwS3h6gQLPQU+R6AdDkl17IVGCWaXb+5W9g5VjpYJu1wxrt6rrfZOMKqbQWgtphUUW+APnwTzmfKf5QQHILg0oOBZTAu5/SD/qarjQitRTTUfmUTVxuSZESBFUBX6/KE8JS7Qe3XPUNOsOL6zLAzXvWLA/GEbnOfXDW0Iw2RWL63/PKlNJ6e+6Qytue729XY95NWuCGuLTm7P9y915LjxtLuujTzOXqAAh/CW9IeM8bBbwhvCee/qD4d2sktdZaitmj2XvOr5BEgiRQlZWV+WVWGg8cxn1f+IOhWKcNjpXqwkcMm8gI1M6AOTAp8a9DhUT2R1aSLTn30fj4OqPLKhuPgR69AJT0BFyWpBV7kF+5X9fQIRHExb1EjLU/mT8O9QSmCeT0wB8A2V9pgkUJhZE5OeH4cWW53UeSm3aUPpFPnYHQxBCYrz55NgzDFlPuxetL4uozvcF8+BbPzUK2T/MIRw1Q+SvDSoXM19R587WrkAf6OTH9zIoI6swOu25Kug4QDey5lyt/6Ky9rk3cJP2Wf9+5+fn8wnv+o/ykwtbZ054C64v/yNJjb9vKA7/llo7E4JO+WYwe6jtbjb4tEik+MEbkPukiCkfx0kPWRPkU3Ef2dWNOdI/Ze8/O+dTyM1ak0nul1a21dn2fSO3iW/rx2M6vnm+Mhvv5MV2ywiRmEVYkYM+rD8r5Gi3wkzOTvpMP/7kRiRtKNaU9Nyb84iLjpciWQp/rJNmgnzkD3eaNu3ASQFDGeCNaeJL2Bs9u4VtVXsn+RRRFtlW8ygfO6pqItqRynhR1WrWHRCk0yAf8hM6YfQ0V/DkeUKtfhvEbtFu379/zG2/8vRsGdB5NSH/Li2VOthBQ8UGGXsyA1XqznYNztx5EJySoOLYmiqAfvSpwEK1+cunS9oMm6NuQ1HbyIl4ZD3fR7Tu/FyLOvcWOSnn5eKiz4GfCHeum12UbKl+jYDXZddjyfQY6SVizHqn5cD5uY8R+pX9xIccqHuz1S/Xm7AsrePjm9QlbfOeNMuPv7QBP7KyGqLiHX8+lBYoZ7lPPp+2dA4sdycH3lLpP3/CKL2Q9wkLNXeTboypaXWOANKJl7lRZhcHu9afDET1fdEd73pA4IWG/cj4/cfRQ7YGWA4LVaaSQeZuzAf+0UBXLj5k/OLYybBXmHnsT2RKK9opkIrpKf21ENIws3tLYWyu+xFmSmgbX1+KVpkGPfwkAVjYwTlbvCHfZ3FqQZrHSMUlkJgZdJF/E0V66cu1zvGyGEpM4UAtM8B4PTEOcI8fNIp1RU/twA83uasSqo462S6nu/yoz93/mj4k/e0cgWY7migckknSB0NHXZ4rlYvz0Uoqi+KR0g6zu/wBxXtAQTVm3gCu3m1qKXAvZqx+EO0TZZzcZ9j8Q9OuLWzYt2fH1RRhcQvj/QNj2ELO+zZbpEnXQj09vt28YAlEwAl3sTZA3/OsO76+Pb/jt6/1epUv5/Sco9HWtzKqi/D4cBPsGFBK4HM1fl4pfH/Y5G/8MAaCig82a5seIPq9vUJV+/Wbwnx2+5a9fpidStSslBxH+DwL5PquoWbOv731dmJd38/3CXEYDeFm1UXH9nwEUqJKoeURx1hj9XC1V312fx/2y9O31hQZ8wETJq5j6tUvZvumnz62Q/PP3m3vQTVWA3y79cF2N5iFLwKzz6siuYTOfR9I/rkI/rlyvy2UZLmLQX5oo64pva5xN35IehKHuwz+SvlvAgl4IaGj6KP00MYY+FaMggE2EKMnivn/9A/42dMXfyQYoQX1DYYqCSZzCcOwHgd9/WPHfcMH1Axz/mQ9Q+Bt5+5v4AMX++/igrdIU/OZf8AF0cQEE/Qkf/Prb/zIrNNWW/eMCwkv0j6r/NkTdUmZ9dw0u+1b1f403vn7dRK/sH01f9P9Y2u888nnif07oay745w8M+fsckuve2fRj/r8hzK8f/G28dnHXN4KAMewSNhDgt9/zGol/A+bFH4UOBn/Dbn8id6BvEPx3yZ2f+e1x0dte+gks6h9Z70NuwAYcfJFvL6/VtIdrB18X9ikCoqNc2ub7x/My9a/M/z5B9LpSTFFaXbT+DQcSWYRngIvyqml+cx1UzcsTcP1iErs6wSNg9J9LrO/vmixfvv9IiNqqARRn+7ZKrnnYEUi0gVT717H9eF7Xd9nfyQ4ISn0jKRgjfuigP2ggBP+G/swPCEJ9I24ohv1QXD+zBgxBfxdj4P9eEPXrZd90FxW77j+lQRrN5YdDoL+iov71av66UX/LVd+lX3tc3DSU36J9Rr6VaT7/kjTr/PX1P/CSgJEY8mf8933df88MQCx+/n5i4dtf4aw/8uvfx1QE9A1HoC9lBhMISfyeqX5s7d9wFIp9w3DqCwN9xBL6J9rtb4M41L/nqJ+0zW8WfuirbvkMCmP+A+P+jE1+aMTfrsHtNxqqaouPZgJZFe2cROAohIuW6Bcg877NW/Fb/v1ZhMF/53LiCPwNpvDrxddqUn9YzZ9BKvInAgH7u+QBCf0/tXrRZU5nYErRMPwyZ9NWJZ/EUPp6a3+9/YXr26jq5n++rn9xx/9emJAQ+Ofv5ATiwpcU+auxAv8eOxDYn2EHHPsTXvi7QCoJ/z/FCz928m/XXu3jqsl+uS79r1v+CzV+o1AS/VVM/16uw9ifSII/keN/nyT4C8jgf4GpmiLUa4wWeB86uMe+JU2/pvl0sdu3Llu+BMufGiYfr1HTrEfVPy6j5Bepn6rz+lnU/MJcBPnFmS4w8MUWf7tFixHfCJj8VZv/AVWS0DcU+s8/+GeDA/kTL8dl3eJ/F+eQ/55zfo/00n7/M1j5k7j4p+brT2hxmvp9vn279nk1ZCkN3oK7A5pdcAq8BMRFwVO6fkk+UgD770GCf5AkeZ6kN/LPraJfmf5/1k65EcQ39DKif0DKP2AQ+E9cJNA3kvzxbWCn/E8Kor8AKP8XCKIvEfNtr15Vm6VV9K0HRdEF8H4A78EBT9+2/adKxFKunzqZn3/jj9KLkjL7Raq27BfgJPmou5sA3yBoOP7xZ5/+3VKJor7hJIaSv+Md/GfWwYAx8j/ILtTtJ3aRu7yf2ujDA9fevUjVghZt//ehzMcoYa//XIv23wxgfmXjfyV2/pps+04i+J9vm79bYGE48Q0i/1P6oL9jOgz5duG1/1SAP2tAFP4TBYh8+3Ei8H/Cg386w78Anf5vGFHpxWmgqO7HggIXf+G+X/nlkpFLMWW2+fhg62z6zo7/esH/q/z5t/ML9Q0mKIT6YVz9wWVycRNO/CvE9GfHQoDLkL+JX4j/dfyivv9/wirAg3+7pMqvzrI/YCHiZyvsT/0x3/D/Bofan8/pL5wVAZIPP9MI/ifUuEHJlzM3in/cAfrXyh5Dv/04u/xOGoT6WdfjP1wWv3Ne3/42Vf8zZaxs7tcpyYACi7qLt9vPyRNkNNECQMBPlPs/OOq4/TPtmlKfA6q/dqTx73Xwf303YP9k/X9e5/+RRfzTQf4FJ9P/k+geCMcL3H+9vQkAbf+LSvXOJ3ajZGkVxEW8NljrwBfeHqN6fPAf34teCOQZry6iOS6k1vL2sKH5bnfEV4TFjGp12CqsXfWRqNchAuw2IQEdThgjgJd4IY15fbCneX7aRjWKpTsuLJrXvSSQCjrgegnusMUtmonHotqvT3OlABqUd/JpAuNA1AZ9okidN7kptFETJZpJPWHMfaSbNGh/oU/jOOJr3IlHEtzhPIzDVQs8z6dAqottjhnhAJ7IU8xo9tc6QiA0VRMzPaK2x/u1GkxWrlU06xTaZqsyZDfk2DQ8C0CcW6o/HRBGl0LNug6bIWSBd+N6fae9VYlLvfB4hlX58AFCTGzNbXjTs9BOh5MqiCq9LH3ftR8+5kXPQOKYCPGn53pLnQmEscJ0MA8C3S+xHvu5SYA6+1TFv6QPxdKUvncBw1hpkqi8ILzNuKcC0BSZeXfK9XPJMAMkzmSizvTN+kQKvjr0jtvdMtDqFjsdhmsbqRJ0YkBmVAyAIK4UGlWXZS8/q4c1nxwQ4j/FUIoMbtqzmd5+GgFqIBwLm48MPRQRl/Ss+lTTN8Bl73Vu2xOntReTEjhBQLBBiqcUOfBMH1STSo9ZBi2NmCwN6ZutIXXp9HeQIwJbCx30WZ5fQyNWBH1gWFtHF88HCXun10kmaVfX7zCDNxOKpiDAuzJNmYvPIK6eb2eRNh8NzVyhy8E+52kjsykDBi2BJp9au7OTKriIgFrCTIA+HO1I7Cw6C1CIkbk1nCUhC8iuQ4vHcLLvrJ32jAqcfNdX4vY6Fj5cE9cpTYPZG/mgoJxq1ORTfa0Dkdlaer+Hn07PMSF91WNiJkKm+taI1q8tMwgB5Cxzhq0nmlJrdIlTgnMA5Qf/ZN71Ta63PFJ0HOvWLvGV9m7EUFi7AjIeiEBtWZYHi4WgbGGR9Y7g3EZhTiOBygiAie1qKyTBPDcvGc4lrlEh6ENcxJFV2xPSAGVIbQKk8mx4Oe/Qlj/aSc+scz/TYEDuElV1oWhnuELxdkaFkT0oZH3cBuHT2MybRZCuIeqoNrPZLdKD7GZEiUwyhBAmzIsPn/mWuPMzNfT5qZElabU9yPsqAm5ic4S/ZZ/o+Hym08l1TQTkkvSGTzbInmV4I1VuqaaVtaY4wZZwNdlNVg5iUT0XuxMtaCC71Wbg9lVcC/1k9/eyFT3hgJvepI3eYT4A9cwqJNm22N+IXsrcdYmioFNi1JyjWFB0ZCl4S0vTpDHGN2WvK7XQKRYIq9/DKlx2SxDsRolXeFho6SfSF2tybnMrYSszydip96N8ji537VhOHnkhYVK+5yM6yrdDOFedyisKDKK8neL9aQew5lOPJ9MFZugiJZ+03jbq3k21FcxLbizYML6KkhL9DIO1xTZLlyaXtvNEojoQjvqMklA2QICuhJ18Cspq1IBb91VTzBVjW0h5RvrynpEnLnebPsIoi0SHKTkpL1yTvuxhwIakQhzPNfTlUs2xwMNRZwXSkbBuvm7Bq+Ee9uOAI6/bGBZ+O1KWGpn6sEFMDJDYI53DW4O/QDsibq3QVEwsOQVeZ330FvyOe3eSgR6dac+Knj46gmNJ7LHGEZOFDSXAvcoulWrSn1LuNNorNNzM5qeWoqq9DwNjrrtRM4lcIGjMlpXlkLRM0xgEgQqj4aRuEahBVN+9GfY58eVVaubJ7Ca/057w+vMNS44IAWLyfq4xB7reFPfGzUpaCEF3STXJwYiIa0xueGOUtppxGyXpQ477hxF18p08b6iLkQyg+JhFg0dxpOMVsSufA2YkygmYhUg5Nod7N9q2ghlS/wlkIzwoXPXUMxWTbyw3emWXhTJdiLb1KQdfULvW3fUtFrZHiirwDRgu/iCaXTyGajG+JlAWN9krfgppoEkc772c/DrTRF1BPGYauE9blhdvWjkcQRCmgTlGREdboMUwiSyvGt9VyA14wikCo7BW9aF79Y0GYfIHu0w+Med+CgwlDsb5mtof00MmU9RQaepNwkUkCnmsJx1/yUMj3B6PG9rmPgXiJDnhXZQuUgcsiT90fcZcz5BdajUZlZmpjBes7EUd+kt5BMEhd/ucxCOSMZOFo8+bsDQmI23v9pJfRmI2morlCXH4g662I1y32YHwrE+4o+d1KcRJSdhNimPoGBSgUcA3Nw9bNpALqdwNAph0611rkh3Nyd56DfjJ93lLDXgKxDqFEu8N5sfu5fXHkkiOMVvRNhBLRpLZcp4bIU9j8OaqnLUpgqO0J4xiSnveYuMBos+tLUgxXTu0bBKH5LWmY67iMKbzF4WVresPRpHTLofIxwgbAql3bgXF0/LpESCSFBcVDzKEpdiLJkryGZlRehsBQf7TJiexSnXP81ZHIeZJ7wYLCvzRPrU5ySVGoJRJB3lVEOnAu4gnSOSlhglru6D2uoC5pMcfj3lgjchKDTKki/N0xlpXqOAEhR1i1++phmT3vX631g0gl6COVDGTt7YsxZ4DLtvHeOtxIh/wA85eL6lttYO+4faOVdca3YI7On6KuO4B9EyebxvIZIbtsLiZRSXl0QETBhKxWCi45iPVvY7cbvxaqzcOPdlQh1RnOyrvGI9ImDC0Wg5f4Z1Qk7kbm1a325tBXafBD07A47ekmil5N4SRgfTcNkkf5W4HKNCFFLHhxAvE7xROd+lIincfF+GH5HRkIYyux+tYkjstc9LpJ1eBJyX4fODCNnWhgL/9m1oXeUliDgjR04pRxfNshSxk6qss1u0LznXUWrTMQS65pFKj5sveXdoT3HSKd0P2J8cMwXkos9o17dPcZ4VryNIfjTwMCrCRrUxuobtss0KSjpng0H79qTAbpe/7osQy9DCn2hD1CIeZZYP76AsGryKtYWUo0MH0nMng7OK4W1Os/vR2X1LYSrPLJHukvVV5WAXEa28qZY2s7uhUufFpqeqI3i194LjQrWT1ipucmR8mTnFxgbeKkp9zOQQyLJI8kH8PUHRmrQnnU+ILqNuBfzCi59zfQjFdi8fJNpAGdx6ErZNpyu9cN7rZeT5nz5sZXSA6dSPDkCmQa9u6tQ7yCD1MQjJUaw1DeVExYhpS87KP3HqcmKmojHo+92cqFgw3TCsBXbZet1Jsw57RsbPc5oWHQp+5wCgKW5R7o3MBkOt2FbVk6b5K7nqSyvCVlKjvyzQxumLj5SCzyY7MWPJNP7PFSpdwKM36vXyysJvNmhNThwoNefOud2i0VmF4rCFR11PlLheZujvCw9t6sHYSMg7By1NkmTtEu2jyVJqDXC1OvXQtCmUtn0Yp+uCZEM83YWspWl8W+CnNoAiEcIu2sKJopC5sRPApTY2ftyRUHxOxoeWNVl9zX+ISDXLlbB3iEt11VTc6+fuFEGyDCBojrsiUCSTZJ0+TNLrWCS8E5+p0340RmUsmfGQBmZ/Law/lwgFIcZX1W84VksgWKWf0zvMUgSzMnwlKVTulSagkySB2ieHKT33IbCFVD/rkfIg71Z1vqniXQk/xZLVdSurYd9MNgIlx2QukSJmb12XAxrhAIEBMfn9MXJ4/yKVDBmw8ORm5Oe8cscDm3JW378LOk38Rr8umWTzLuXAhyMGKdVCMpsjMx81lO35ITFMMGhI3daOZDsVdD+XGswivKCSxO15d1iiGMrPtAbDqiV4N4CQgcn8hIF48dG96bbaghIPoONjRRCTGFUpScbMFcloU/ZB9lEf4kng5fPVY2OgBNHZPIv0TKpOR4gzM3qg+Eak6FmdN2bScJ8xOuGtnx30q53gAaycX7xMs1jTRhVRSjxy8ZKO4KrihF5w/S88pHUs5nt5IyjfRNv21Brspmy85KZhAwtip9cR6BRiO+/Oh9mqfxN2ouWzNtblbALgGBAAT7Wsu6kTPyi+YeMNP5XkfPHWmkPkQUXISU83Ko7LVbwBkycbGKVO9tNY4jDKAXkBKNFTnUkDLsSB4nYfq8VYzNzYQPKkKBrLfYhMygoOyF9R3LjuxkHTBRo0jH9UlXv3t+TDaoIEOrJNnqh23T05krAcVOrTNe+HgPkGLXTFngm2tGaQEC510qFLuDm7zqAzFLYC8sEn8SM/nKmh7qLGLZo30vYnF11t4hEDVkbXtuGiHL/HFBQCgPlNJWJ6461tj/tD0ZiLcXXgPoSPcqZzDzeeadY2czrO63d4hRQMKuLddlFZuIltPMHPxQSOHXHLbTefnlA4J5Xx6TdtCWwALKpwPGZDAdGmLJ46McH+Dx0htQw++DfzwFtyZfK2OejaXjdK47s3YHrdOTUhqmLPOYzsJ5JOtpX8r7xt+OJVaByMyG7H/MJJerojaM+pPURgZtcQg9O1VVi+LrPHi49ACUDYxG7jkUTLwRKKNQo5IZAbK8kKjxLqgsmWkScnj6q227vdrA6Br3Eq6BsxLsWlGBbt7cEi2DyCj426JS64n8V5O7/ylunaGbJcIq6undt+2cEJd6InP5rFO6uwleeCbPoygT6dHX/ULNvCHJNpotW381ASrJu7RIDSf+i43ZHMjWDAe/tu9dNA682KBkIZc8lWpvD3cGOGqe2ltl1RhtnUQJdV59JooIG1sT5T0Qbw24TUOfb2Tmj5Qb1XtDWRbZDBuNmbwu9rdGX2y+vp0vJEIIti/Ecq2D+bbxHYoGMJH6QNjuDg7OpizveyjjSF1hGncl6CwgVm5AUrHqYqRD9q6Bq0KwTi707bVSOntxurHTElGFozK0WDhWh4vxKtPfO8CqofuxxAYXYwbCY1YA3bcIfFVsSS1L4t2WazSyRxEMr7Do1qalScu46S9iay8vxXTmu2nfyny8qku4cgRjV8Fl7qiyWBPoJa2VTvtMSw2M7HGoaFsnwIr81rG1ujawzNpClCoj3JYev4rM3eJy2Fxh9ycl62O2Rld4y/UWB2pX9ByVwbRjeODjJB0uUJaGq8XfBKlh39X2u58FCGKqfVwmfvvwU2Eu5jEgPWc55uhRlQsX/xo02hOLT5ssVRqMucg2cJaMRjfPSESCyamSVaoeM+vqVf5euqR/E48fahkWSClqHxzbFJDhfvdt09jorr3NfbdPyUNC8VGtxxBa5VtxtDieN0pojzfA2kLF59Cot9y871y1bt/lxIO0oGr53g4XjcqRKDxHe14K+hL070znbO0kEkets70x3uWbjhlyMWnspK/0F40+y+sdmmd8LTR20rVhF+Wxrz3UT2hk39aaKzDILVPvJZcqy4liG89qpAdV70OUkmaeYuYJbHol28QeOlcFlIUiD0bFF2Jtt7YvLgK0m1nTCqHuynFM0y5OoMcWLEB4mBiesiUh8Ub+XmwUjAyluwDf1Zf+NF78nTZRGaJdxKXwynTrczKmZCWkWbTol0jqk2qLZtWZepKrkLYChwKQ1/c7dS7J2+idVxNIfo667e43itz9ViU02Y7iEjIt4/z5qjp/FiPV5XPOjqbJRzwtvKOVkF96mWQCS/71px5ebzLhxKHTbpnmWIivYYww+a5rbJ/8vQvmg39eiHCS7Y4LVy0x6dBmxLrEZ0/LXmo7GwwD/ElYPrROGycU3m73PpsorMsmEUAnyGgfoVewtOVk6O83HPDyk+Xq3k5p4JpNjegl2cQ5BEMvozIUhdJJu0+9RSNFetoVGulQ3RhaZkdWJOcLITVLsBBmk/KCYf3SEN30IWhfwSSS0VJZhKj2oSkrC73I+pRCrfMuismtIYShcbje0k/xY0ZMSk+gOfSFC552tNQy9qFzb4eRYIFckZHOtsqKqe5Vmdhg6m47fOy2IsDffGOmSkg4VLjuazSCkg64AfGS/LUc+UxWWx8l3gzfr/K6kYm2cF7rXSx5QswJudb4RjywrmTe3JdfEh079sOOr3mwiDtoJplfbl20nN7lWXAiud7tTlRMWvLaYA7A2KO2WqKQOJlApaYtwO9cGNVIvTC9ojd3lTmaY/Q03nxC3Z/uUSTyfYt2EnJuzuHO07iUaL4aiaaQvNvhpgISF2PlTMUMW7hgbKf4l1gsnC6c60p4tplsTzVk5w5LMGMTrBzs3jXaTnzN82WEyEj7Ah5KJlUkKMWPC4IlFnTYbiwur3RuTCdiV9hsVvdFVXPAwXouBRpMTzfjFduhkfO14yEeqPaPrIe7bj4piLoxNuECGve+saYtY65a3yYIsqmeMXYVM93UrdncFmVXe7TcThp3ihWDQ3T4/E+Nfud2ixvWy2MvLVVswmJgbN62J73CeKdXOhkVhtHb1Qn2g4KqK/VWE979tJksRU75gcdnsbJZzK+8hZNzDdNQzqhbY/Q0C4NlNwGsxafx5u0SwI2NNqFctW+e5gVcsib2EAzRsFQz+31LFb7kkfRmFeHwveVf/jU86boqsOXPkPi3D1YHUoIDJA+bkonqo2bAyq5X3yEInE7nLiE8OBDlq8x7jLKCmd52M1DavvamDzq4JuovIxUyGrOaBpeT49sHm3goqQ6vaK9AnBFp/G367z5YMKeZoua7/Tle70tHdSj9ySuURjaajO+qB+kG1HH+DSfPMJxr62EW7Oxl4fopilHeAk8DPrnqBvVEJFClVVMneNaCubRojdrl3tNQYtTnC/l9Wi2/Mngu3eXdUZKM0cGvr9AUTbSN/HGDIkF4L51NhB9S0lelHNjlFBONYkm96ogekfyGUAC8iAU7hz4KjCBCz1PZve+MAkEtycHHDECoTwP7wb5m99IZ28cZZ0QCpQ3UdsLDsVTZqBPCZFYDCQuJW0gOHZyJQyT620Hij9sD8h6dum1aidhjot3R8l+z9kjwIKDM48s0nwP1N3JTouKFjahqwkB9a78Oi+Vu+b2D+h6LrureWOhNTujRw7WL+cRT+dMsnVZbEdaaEpkW+KUOClwW7xwBC1CQ7BAggVAOMB1PaEe9uLM21fK8k+9nv/7TzR/5FsQ326/ifWAfh9m/yfZoBfxvlHIzyegOPwN+W+ImP3zaf10Bmo7tMbRjwvx/NvT0J+PKH86xfwv5mf91446A/AfTv5qys1VsjF8jjrpQLMtSKanGb0kLrjQ7BccOq8XD/7iCvZQGVoZE9BslmHSwRNKyOdhVW+1Lbax8quBN4bGwffMc+5A9a5cEhFuUpEvMhGe407FMw6qQt/awtbFwfvY96DQJitZKvDrO3sqzpTclJdlyXAxojQy564ai+5yjd6vQReGpLye9WBbfPjrPZPWag1b6VPJ2vWK3FIkRR5dcj5a6v18k4fuvLDHSb8fp/x+BNfvK/jMfAwKg2K5fl//uPdv7s8/A61O2uYaT7PFFfN+iiEe+sqWBiYlV/Kv3//x76/zu+bguBAltyWUSjT+eFNr8v6VPnUMdoco7I+TX1WWWuJr7mz1+3vJUrnEInbBLA1yW+93c7uesX6n3xqCguxIWSYseTxqektgC0tEd7t+c8aI9w5v3oX3w1ou+t/fn2XQ2D/W5BzAev3Fsf6rcVrDsw3/5X0uOrbP6mucv6X3F80vPuFhTX9ZzUXz29O3xKSlFvlrLfYwAIbwZ24XbyhNcqPgpNWaP97n615fNNPbZk0Qq4yv79mgbRsDVubRNsOT698WL0Oqa55afT2WCw/1MpdNx4Q0N9x1Nzy10zzUukAtZ9+uuwAq4pGPnakoXFT3FIv7V0++VgfxlufFYb99svX7J59//ckXHevUh5u4s356ssFS1xoymuMAnlWGtPVeVqdssfNPafwXRqc7/3503zkdt/7V6H596l9ZDZ3760+1/8VqfJ7KDVzSemUqUm9PpLaYw5gvfmTMSKSgGNH6GKELE1ILtaYPzaZ7xxfqa5U/n92/P0t/ae+nL1zXFDe+UbPx+71Efvi6HoyLbwEFyo+8qNHjWhco8p+t/qLeke+t11iv99T6m9+TD+RPZM0POcdSH5njvizx+s313S/5+JGXoDkcOOSkQHPyp9EoFi+4mTYtudkmkuCDs/nXngG7Nb8hcnABPoYqmiWR3mX8Wtu1HV6mIL3vKyv2Fd+0SisgWNgwlA5wTvFpqe0Jx16hPfF4UdlTUF0Bpk0+KWc6vpu1gzjGp0UkScGEswVDu45NsxKDnQEv7YUokBd5qGkeLCPoxwWOrDFky+9Zve8QAhrOnEkMtT2GpfrhUVmSSk8E1WMcvwUPjnPypGW1OjDrMD5X7ElK/XtFgwkmwRks7oF6toIaIFOMV6CTqGeCo4TbKn96ZMRGW5bLumqS7jprlRSBH0JGaqGklnZUkz44gtnAGRAxSSUxggQcIa1RV6W2o8+I8xJrX8Wi9uhujgexgCmIonjDUTXdCmeyVTqPmRx8h6MN2KY3Lb1BxNSm2P2yfLump5bhfQuR7rifp0OdW927Rvqcq2oGUFSjkeKLCnEiUGFXM7LpJDkFHx8rcqijWauAD0njck/lB8ZwC1D45o3sKV7hKoe48Qz60/EIzvf5e3O0gnghAQcoF0V00df7CW9yBar5UU/ihMui0G7gnc8gVYzndV21uJgR2niO3fysTHBAgZwh3BH50s83Gn1J+WcdItnou0RCqSEgiJda5Kmngxuh1Ot8vuvduUEaf1Y+iHBZ9wBjUeNcZ3sC1EKTaC62GRzqPHHwo8YobmdTPc5QJGbBMlkAgzWKhw9tNiwMycETE1XXhAIvn69IEo5DgPKEQ69tGILIEx2wErctS83jJ1KQHuQSaBjHU3FklEjQeRI7VI1AtkVs0t659qHsHpS+sMggiIZEN1OoT/tRKZqxrp81hUSdxtYSjQnupefGko77TrnQrpByhCCIfe9v0zUmVdNuz4blghMskpuCU8zJPgj3Nj97PAPn3KD3N3vrxHFon6LS76aAq4H0oWJyN56QM4MDSq0sYEjg37ez6kePVQrGsL2puoYWO6c2dsDgQu8aqmnUsfdwUBgNdGPe6h7MyPUa5oiDIGiVy9ekb4MqE9cedQspF5/iRfEwjB3rYM+d2Q80IzZUekVtbGUfkeC+llDSuACYwdgBDeDsTAJuj8FRu685Yv1zdwzawY8E4lWL6m+F+4rOT7+5i+TEy7tpmYiFMvTG7ympglH23Mw+sjbqs4NnCBInppRSVX+lJcLLK2yemfiS/bIHd52peOfXCj97mpDbut2TawYQSq/ABTtF3HbSBHCwS89oxPNxvL18tLzP1wrXpTWG9ISyXmEg1KlcVq4PrCMksuuIc26HoRvTeuBDuFVfeyGL1IftPag9b2IpTBnVaBFW0Dp8/7T5rIcTWUjzx87J3kBiMh/DDviYeLSoNySWcBd+zCpuOi6q2uQdxgik9UsrxeTwa1TNSGN4iaX3etJNm+xPWhJRsnvZ76aXzHvMP2+gw9tI4IXXOTNU3lEpoVf/w33+bm26UVuNA2UT3Zg1Y9a711dI/gbuFmuJBeEyZJU1KSr3wO/SrsXu0moGbMbUxk4+6l+G31ABmU2s6A64JkRi2l47Q0EjHCEGS+BMzZvY9219MnoXspiaOXefvD/Uea5pBNnoOIBaFNyieMs0wRyH5szv96MgQCSjxNTeWjw5TgZ11PcieqIgYEII1oF2EALmEN/Uj0sPmdQrJrLIvtTm1BjCFD/RcZriBgHslznPoR1UgcdOGt7qaGVVVoJJOCBSFDLO4NNtd9zmsJ8qXSFyVcM4cGTn8U6xL5ksd/Ua02ArahoSc7xXuPT9La4VNd14yba20oHrT382PEHBWXRLdQSSPkrGSRx4nu8VjdeSZplPsLj1WpjN4KL+kL1hecwozyYLzoyeeVnvFLKFeQa+lg5mPHrTBk54Eh9FHyt0x7MZvN1eOa5vGL53s5RUBNh58xEzl4Kjng7OQJ/eN93y3IvFM9WYpoflKybuoeIg4HOxKGp2saXyIT3hclLGCrO8r/lHCUAP8tYEz2f4flyGZ78oWqnVNIFIdMhp0/jVDg0FeqmxrTRTDnMnhLXGTJdieMcB6MAsTWfLd4LiyPgep5D90jEN3nf05teTy+xGRlY8098RY689erZWWZZZY80b10RNDN4O3Hqw6VgR/BTQ2iP0grId+JvU8HhanfuKU7dzWXwgQ8TDF3Zw0tN9GrUKXICdr/t2UDS3vfpCQfKWaPxuXId7kX4C65zcpMf7CLZFmviX3HKf06VmGtzUJU4eXjvCcWw5DpYE97kQBO4LwWqauuXvVRAvVBSw2bBvQbjQrMGYb6IQB9Joelnsun4ciJoFRScFvSaSGf20wJ4FloE4Ke6dHIT2mf7jzp5hW0Fdd7q3+jHfKouKwy5LgiwDugsK3rQHm4yVaRty29MLVHrQtR09rafUWKj2kAdcUCMFsh/e/OlAaFP8XhrB8nr3w+1kPBphG5woRX7E5bVcMOe2hmkrmB0kCiHNX0D0vKhf9gGEb5RDvLh3ceh9nL6lJ+5cwGdoVPaBodUDvmt0N2qd+zI2PFsn4kWcAEeJIFhhv29yy3NrWMReWGgR1ShPMzXOEv3S5kHNsncFdLTb+hijWLt9ZjEyZ6zKScBddL8NzLhUgsw190LAl1ee9+SY3szsEjKx0kEdcCk6SbLQIvESCc7ZJZdFlWZtHYfuXqcTUBrzOnLTv3ZsImX5h37Wnd6Qrr+HZEkbPazs5oMKGc3jZBVV0nFWPFnEmbvxKU+ZQWdcUKJc6jM/wtwLoZlLSBsx43tiUto++zY4dkefYnY87TTF1CdS1xQ30Nceuy+joOWrYz6dLJB0+J5gW6yI2fKrPlyYogtA2b57YtF3pNM6RLAqbWZWGs4fAw2N1cyhhESc9/BYgxpK9Ms8QdEAU6Zta9EyWCWEzOUWwMtbZXxqhp83A5dJhN+Ct+1+OpwXocs/7wAIGdviPGb5OMnRDYaTDm4iJ9k1lvFIDYBcThzdSnTGR0fpziiQZRnfAoh/jX7iKMfI3Pebzw911iu0FymjnRb3XQd7zZSbedm7QJEv2nnngl7WS8x+AidpqYNfqzF7i1ySBWMiBnrtphFNF3ntAzsSWzfJiQVr+s1h4GupG8lohddmIVJNvDsESeLva+dcm7/On9KKYdAehxxn9z0t0TOlXEYCX5T7GAINqj/yDq6o8B5AK7UgkjI6N1XwONVp6Lu6UOxRjY9TRRuAzk+c0boaKglu2mmZvV1D7hm2TDBgD2ruSgcvUCHVjyIIkb60N4hlpu+ve/OmZCMe1EaiYWnV2UTFg3RjqCRjcganXd55JbfZueAlRIdmwL18Qd8jWpdpuzm3Y3HLW+vutozpC9WUQjmed02p8BUAtg/Kwpt68h6mq4OQoil8Dg0vLr0OnPEg/J/LXZP7NP5L3Ue2GFrprwD8W8KgsCY6FOxAEq4riZBav3Ake0p7ggWgVAGTFHP4wUhicnGFFDD8W4Cf6sqEo3oXexq2beDVFgi3hnidjFuO1RLiMucMxRRQv1fC1iL0i2c7aaamNPvIyvhxV3ptv4RH+ZDr8uUztH04F8nCBI0uuwryCi2nHeLEbiN0jHcuxR604MxG6pG0uCdvJYK2HthIlyWSNJF1PMUggBYBdRz8stHrnNqVJ18e9Vmn6Yqulst5ryiggVDNobZpVf92mRDdPPa72NqgaPd8uyveaw/Uy8Q6gJZpOQteTOxaO6DXCw0cSI6uAyE5IKlx0yfsxGHhhM35rivY63yUt+otvInKu5TBFAZNEy1YmhTPeiRGH8b19xdfJO/BT+Y4fZxvH/a3JZUxcbQ7N7rpWkkVt0l1rQwqlQiN84AcSMZuFR2aSbGzvxRwWFTWoBG0YWRVnUG4BlP8OBZjIOzH+dgAOq7RuNvpLxsNN2mw9kfIzgM1G7HHBN1pekrin6G8I4ZOLdH166cUNCnZwQkx0Q9beci+A71RgXy21lHJdCjTOIDak5VudJs1ZMDbIKhC+pxW7wgK9W/xXsKegsDh2BNI0l2KCCBETgf2jgQh2KvrymExZWoVb2ZMGsMeaAOAOgee4ueiOY8iur085R6qonSRc6lgtBUIBETzmITxZh8FkhqciuVMTWdBHGwQmT49yyaoiKGk3RUpfDNpOtgWj+8c7gupX1rcYNNQG+dG6vfGj7Lw0JeDmodjc8wj8/3qrsMpsiGVmqegzepdS56lO+ty5KRJk/YzxB71k25AroBQzG46g1lLJchPZ5ZRHUjYpEgK6RjM9Do+6OZmWSrDn3yDI48Mf2vQZw9dKxEixCmKXcwgUEDPgqgomjpysIb0lffe6mrkH1D4YoK9rWDlEbpL4Nn0iR4WdYnJC4q6q61Y7Pbq5LbDO3NuQ+kQLwOGmne/oIA5UeouH9zNGLlpSR3np/gK9ozQcedI9uG5AN5GWms9fV99Q+OiepPuDEkXJgVzC5SS4pBM/UQIyRhcPWVJnXKE95QLdG1AnqAD9BYbfcVtc9qKuyzc6MxlXT1KdxpzT1WhktZGnwfr70Ey5+Sj7teQY7za7mVzkPFtFV3cFbDypVgPy3SgbqwbpCpfH17VIxrE07k5Z0AqX+9heFfg4IIl9bWz76ey5OvTf6SDTG9afCFd5CbJ+eldTKPfgzlPkNVM96oNnhjLvXiF0xW1m4iycSlkDUevYJgH/FRUcW4gjwtuEE3NXvOUXVS69xzOtPjbSU/qUl3j++PhoGsRZvNlpLMjn6tX4S9F71xKIQiQ4BkYd1fO+tmnI5SPhuzFxApduFrhUCe6UOUAWZVIp7RGJDLQ3utjOJfkMAfnAeQ0w9WQPBGsXQllN5ClJYADx7q/BudlG0zE2R1+nncmNeVNq+EckldlPbYU8PTJ0xTbOKs+GcTbvkxiN4sGVoZf73hHHqNCB7pDueFwXKbXBdawZ+kPw0iXlzQv7sSSczoaQc4LhFRZSCJiflMNK8rnl7UoFVQm2VVaop6xJBGx3V8gts0e1x1g38C2n5HDPzc7ezax6JnUKOBR3le9d+qzrwL9+woHXA0bzbqH1ivb+HfhUsIdREBXL66DTtrqgfpFKj/HsU4+oydvHI2oOKxwRFFPVl6o7Jwi8JNoKytAfgw5w9LJBZyD4KGRK18Wl/K+LWoGItGCjcJ7f/CSeC6Zqtto/GG0qnZkCar7X1IzVcFBJQLmwK1Adyh0DEemBFf6tWZ0EMGW1OeKQOM3kjcfs9n4IN5gihSvs80OpI+NsyMJfJ6R6Z3odadcKZws4uBGkmFKSTwOEiQ6GkzNn5Pa5YReEe907nzitcs7/YkxZl4P6dWcFKsPKHMzjHci4FYyga0r9OLH16IdJoiavfU0Zla7fLqM70rCm2FYNYqhwiHukFc7HH3P0xectpfgHYP2zGaiaYv7M5yjexix1JJRfhXokmkyhYQ/j7YAc6jLS3AB3yGe15HQ9R1z2sDDM4KhNeTBCy6r9g4zjfrg01iS8A6z0d7HuGarhbaXoVaytRWcRQMTeq8d2pIqvzZvZnie/NtFNnHz/Uk2YcdcoQMZhSCd7cU7qIa+1J/3Vsdsj+rzh1cScwtjiu6L/ZiiN4iuPx47tFvihrM8Koa07tJpbvjpSE4N6Wt+6jy88x5bhAiQt+lZLvJ4noZw85/KUCnUZCW0mcE4jt7vfUZ+ZDUqvCMaeG7uumC+H94FXdiofx9eCksuI9kZlEgrFVqzuCNOn7hDqBkY9oRdVKRie46eVB2osicMYvGEBQG5gTyEApqaEQ7lZGKEOfRSI1ddNSXEijGMC3q/9RQBPshk3NkQt+PpEw9avZt3jqO76g4e+cjLzJLHIij0gV/NWl7GY/Kc5EW9RkkyaV94acZLP+xIbm4Ydmuklnl5eXbiDpL03cQ260Pfg3h99ybwYApTAjw6x4DqROHMqF8Ez7ynP0XHBR5lEg4hA/oxVdDp9wt+CkFMEzM388Ax0j6kxOaeRye8vRvEcnD3aGhHbjre0LQV57L5E4wr9rEg6p6wEE+RiDEsnDOGFoj240GQXNEdUdrcebZInILB0LwHxecEsX5kOBO4N9IeD9BqRwjRCW/WQhBZc1XvkoJSBMuYxuMNPb30gCa3e9nthbJk6anc2zXd/LZvIsO03jddhJ1wf3izC4mLrma6KL6xEabEFxQUBtW9jd0AjhRLUem6QLjeLqjW9ZZ7t6RopDc9Jfnu8VJLYtlK1Kdf/n2d7wimaYg7bfra3xacO0iFU00RPVa59c0Zti4DDbiBokJ8nl/6iisegAWNaS2wWqw0YldML2+oVhoGNarjudtfcZwfYavTNddHe9gc8YVU2Uz2dV+ToDkuphoe3vdH6bHv4vaiZ3CGKKM5j2Dy8ukPb3U48B5WB4Oq1wM4GnXfYbZCZIgKpkr7bQCN9ZQtjF9IY9hstDZLIGVSwPMB+CSLALcvSQG8Mh6Nl51/mc+uHNcRMeplCMb/YOnaiXvVMtaBmARKMMDVl+OeM33hljMsSCldJDQmDDTZJfMsyAONkNE4CwamozkleJe72QGFYAFEBTt693F1pl2TJJQbtnRcIwiFzMVJclT27i1GbJ3JeIHK3M3x0RmNj9TT6SwGZwIKYBfUpTVvJ9TPgU5bNCOTmSIdLPNkJKyoO5HnSbcLOTDv9Pl8mbxxT2kjOMG4ORDKlj+oDtIVWIbnh/OOB14FcYPAjecCmpA9kUg5VzswGdGvl/ZEUdZ5E7g3RwZ6V30Ywg9PxOnAfdmmNJ7cYvR3HvJNP1edRwhkdS0Cu+dJpUaF3zKtmYh2ZosWIlYTtcGDQJ195ggCtKpNUcGfwz1u8+PMgT5iTsro0lnVNPiEkILXxeMm1ux7058CYbuvqKKKMhY1c0HHZKqXvsg78XYfVyxbAoo4zAV3ashqUTVDRRfA8PKIJRoqiOYNRVvX0PqauG07ZXg+Dut6bZC64h5O5CiFPGBEc/fFLbaSLSkg4gn6PQxs1MEqw02If8T04xMvDU6movdegzWIzABJ4+Ixuk8rfHf4iBbYMzVgF/iea7cqaLso1CSnfbIEKUlthYWmMbq6uhcG9DSABcInWjLBO4UYQSBql57oLly1RLW9TyGJ8BT84EF6gOc91FXCx4xiQ+Ec3xlf4DKJx5S/uBkGfeS5omchBEdUyFvoFLAetSHAF7edRnlWkrrQVlUYFvoq4RPz1f0SfV3iPCU9MRKYMtzkxqzqRI2bjuwpNClrunvwZusWBeVY+czKRH7H7WzBJfa2n5xl+RhpQCe2Eg+sbkpcp9k6pvKeEJ71pzMPST1f5XFmMIfkK5PfsvtQV9fMKBWyrWm0X1CSLRsHZT7NGjshPwMEMtogUpBq2Q35NbQ1cxnp7e5oGbqxN4rCc2l8jb2OCCuc3cpHQlM59r7MImmb+5f/6DqO592czI5ND6F5EOd6RFmy5oO3WLqHLTx8p14oFu9rUYIl2sMRAjjkMflMGDHM8oH2XVgI8hIRHQKiQEVIhmJZ+nijxNlCjppXR7jm6OqTHJAd3xv5CA1gbj0fIio/M59szBESO5yu621dgY1sJdQdO2cfI7juBGkgHvCpAodvOCHdBhQ8CIwFh2Ex+CTSdR+pE6RoGKOvEtx5S5Dh5dfzuyTAcapfzjUGPtBBpWOmC3EYlyBxzc0v5wZjnggA18OHxQwgos8JB8dbOZbp3pPoKMfZ/fXZbSuIo61yojU4I1jzy9b/nOsGIhjLwew8cI8p+GYZfUpQFei9Bcb/7LtOi9k9VaINPCMFqSLL8lANEusq4/Sf9bWkIBatBiIBIAOHEj/ZOsBedDqf3qq4hldUo/jeoF4X6yEzQad3tPTrbDzWQdfsxOAuUGrDsdwgd5TuLkGZOboezWXrcSA3YPH8xcNikds5qEjAk8C0OQM8GXvqn3INmmMsGTjXti0bOIcipeJQ9URm5xbRkVQ1DXUtGHeyQJHPxoOBUGh4n2AZSCT4rLJE274SMi2C3z9wVUALFn6FPj/tWZHBRg2/8fgxffRrLlCELQcK/VqXmLaA5VbKyijFlAAjY7Yhx4kZtZbrdLEj8GpMg3TydZE7a0pkd3Bz3HHackLz3ZfDHJDsvQVA/iOf7mFfA1Cl01hrMMYF5lKGI8kxr/K0zu/hmziCrdgJvNPfMPaAjhwD0sExTs00k5T6xBgXNMoc5XSTgI8zYmP5FWxc/S4r9cswoPBqnYyhuLcYlFsWsT4Rlrok764D/at3gEnytDDlNuiS1pmnzHgDbzlV4ce6zTpt7SwYM6SYIlbvLNJmBAwY0ED4V+VR58fWmYXskVfdmD9uAbnDKPo4Ubbh+DDHNxjbWG+/LMVk3spc6XndbKKwFvDUAxy0MjDOFnT6EPaH8EYTncIhv4CTez7lx5riB3Y+Lu5+dS+DkwfUsU4Qk0+AQ5pymm5twRgVGcaYNH06Fz5xA+3FZ7yY6KaWhYFORglUQL0CP1i4kQKVRWNYZR6JoycLS3qLOQFXUmDSwCTiLywPml0Kq2ytzwsjJZxgmVakvQNecipcZzRoJ3uTYZXiNbcX26udYSI2jbzvbXN3LckDYZstLkL20JjLeB7ZTWkaM84VvCrzWtrXBYseKOJgOEXiTsRMBSuzSK+7lMkySKrusjGVz/t9oBa4h4bCNLWEKxbT6fFHkLkF+drRTd5VjgbHOq9PxqwTtKn5EGiJ7FAXj3ybGfsaFPMRtO1A/CeQDjJMtsBEvux7eQqANuIkeTR0yGsdZ1T64AjloAR8wW//H09Xse440ixfSQxLMVpM1k5sMePTX9Xp+W8vZr7jPm3LVZWZEZFQIX6bqpChFKDHBRbWqTcVPdb2fVkWNbOSfwiAPoPvYg2ETCclA7YEQ03YVEGjHn1AMWrF/mt2cHmUxYfVovtOx63OwrMuxt/k3ChyNMtdNGvKzVTRC1hR0VS8x2cA8uzQfYwBuHWcbYu8vj9Zz5l93RQGO4Wsk4tgx1JQJkv5fzcyyYxpmOx0103nGfR1x8Y6WxrFT6rOY+vsH6lmm+iEMJT5Epiyi6Do3bnIXv00E/2D1vmvpjcbWSYr/VuGQnueUj31RwXBISihmmce4mj3B1EhQDLd3ZaNKi+a7MYAJP16KBYMRPyCdISg+P0jk0pCkj4glwt/fXFzL7SZb03lwDp1V46ZiQZQYwHosFSJGIAWJWUNNfA1o5qzOmoFtG5F7VY2xB8EOL+kvvWX4Vzxp6k/yw6Q78f73UD8lZBrzPqE1bgTrsLhA7Aiubm8KAq0k87H0cCt1qTGus64pIfSbtVW2q7F5eQ48EUvLS4n2I/u4Hd9LUlTU1muK1r545hncaJubP2tdzSvNXSxYsHk9ONYBW7yN1J95jvO1sKFWEjNP5zJEq1j+kA2SDdF+iwvlyPh8qrE3fBDwceBdDF1bEPxOcnqH9p7mfk5RdGX3n0ZeETghYfDOXoChF5vQaCKKUQdHgSjBK9A/tBNLyN0/7rL6oSiqXnfA5bZ4o5aTLGTeUnm9MuTLQykxM/4AKivbNCzH7AmyQOH9PLxGj7EcZUtKEAmVInEaAwW5IhrXdkUklTOOhnsUiidWw8hy6RkXdFbsAqGJcCkwlGmQ3SP/0Dri1jy83ms6fgiusUH+xibkPN3VSy4oE32SXN+94W5rQp16wEcGjydmqmnv1+NUbU6fH3gEi7LQYezRl5/iL9kqg/fUbNpWcfkNKX+tfe/Mj2e8J7BJLF5k23WV5ZMAWDtFuOI5R1hYOn1lGwol8neCXyHIsgqJ3mDWjJT1Rx06371bPeGb1VJpHCbyJ9mVNrAnd9RtLKtDWhztXjLQuJ1KKuNjudFhGMA4U9YOMPTo3lVRYqWEYdR4B3fwCavvxvMz3XyEYmnPfBuqihRTDn8yIoSl7J6yaxIaehTOXD4JLxQMyjCu0Z+0rknpb3TgYzEJnXgAMAJWVbY3DKptv0VNQiB8TWR1FVpkOGB8huAmnPnke+8yEzEHJkgt7/vGvL1aIcdV2JyO/BaRX9Uioj97xu1RLm/AZpigzsiNkcCrh6BVyh7d/wHMWbCK/iun4jGrIIKSb5rTragPlvFMboqTEetRBBXff8anayCzOc3dp1QAfSeudaTIHWsrexC/LkZvFc/GttK0BP9UL/DrP2zlkqDEPmDsidrlfJYPl7rziUMfBmoUhKMnN1fPA9ZEyHSUF1e2Eo3xw/H3FGTc8cZCTVYxr8Q2ML/Qvxlwi2mzokb5RMMI2vW5n/X5E6F8GSciD8oo7igvE4+AT5NNVX/u5rY00tXgM9dk1THwIKpKjz2v8lAgPdvLJebDyjzF2+fzT7ET+OJUWkIuEBpYiCzXpfH+wrtMyGMhzfhi1EoWTVnNlpeBu0UIztMCtrezPZJ36VBDwjsmjj9tXJBh0hqbDruypehrrIKCdREvDW+/24qPhZSdgIm0dMd7xTbYWSA6VIDNWyw8fLlz0x3iuMMMwtvsxTzuZReSYFkR2Y+l1IOwzymFI7GkmCs80aSFtmZC0lz8AX/bpIFEYNHH8oE6ABcuDrtg0FbB0KFS+SP7jyBeBaMczFcojcyocAwpQ+62sVuDXcumzNbH1wCM9z9R2nqC/+A1+4P0S+O/N4Qqz3Jzmuu0s3HSUhx+g509kh5ZVWYiGSgAdSbmTiVLqgEtt+LKRwMF2FbPz2lIvs4/unP994HZl7vYpN6w0+61jYtC51dRfAg2DdSHVXb8izQ/YH2VxYIAdce1bdTpBrMOVJ6hiYG+qz/sJZD03vwkDTu8x75pRh4J5i0/opiVdUA6maiLdhyVNAV19sekwNEZfs+W0ZRskSSSxMJRlPrV2IOBMv+nZWFfrJRCqBLALtbDp9M3o77ODD5F8TVnzCoaFOuTn7D0rAZCusfo3HIzVcI7oyt4XoihruCl0ACnP+dCB6mfmR+M8lSpWdXgjEg4iU5wqFlkTiCbwOSCfYf4xnbrgpjK//RZr9iaUbQpY62zQ+URRxoMn2zrQy15j2b3Mda0ie6iyivN8IbhRL4S9qExb82zx8qEgktPtF7xN/X57Cdq4yCe+i0AsrSuQf4e0PYWH2y1mrZQb7og0gPaGAJyH1OedZrokAn0Q283d34U93rzOV/SqPAm9Yw3W1juEKNzHOnAazKzTGVTspCS1ZXnLXRS7Ckv3BhRgcjmATjKtoHjmVAXJjtYtTFOgRf3VOXRIeJMbJ17xs+1sOzha+ApJEMVtYHtakKzVBEni5SQQgfv+Cpr/0lmt6j6Se/IerAyfzCE3zQ9bH66DDffwyfsXkA3L5kFAH4NTJJkmvPQGgW9pkQB8pylTcEvBqtCez0UM4fco1eAohgWsUVjIocRazp3UNkUAawjAejJI84Ox5j7qpAgOZan4u+mohD76a1naXwZCjCSlSBugGVD8IoxUOvFvIoLhdqk6OYN6us8zeg6sRGmQc7yT1d8zgSmswx+nTYbpiXngj43ktpeWmW54tA2GtRF1v2gug/iJEOG5pV4Szp0etWqsOB0E/wbMZzYkRCIpr4J60dfQwC8mh85/QB+E7k2DKoL62bby25bQ7TIy5QBk/8oJEUVNn+8hPGcuyENv6oJM+Zd7N8l5SN6yAIs/LStv36nPTNZsNBIPFqL1/j/rZ8RRjgiAUaMQkBd4lV9JKqtpbCRqEz6dixrqBxszpeF1pjS8Hf3xOpveg6weeYEdwDxKgTvP0HGBGSw3q5G/awjf8mYViTU0XJysp9RIY2Rx2f1J38vaxZqJo7EY9h84SVBg0hayMyyy4t8ngslHVCAYlwwF62U2J4olpJ6YL8OFUBw+BhXYHGC5joePxR18+gwG3CgMOyiX9VN0Teo2LJn748s9t5CncuqtsHhVgztNnoyeU5Tl3S5H+AaY10uus5QY9DDbw7neUzlKfh2aqop+nZCwgp1eQiM5lYahHH2DA6+vYGfkezKHWgHEY03bXBysMqU3Tx3yyW/FrsCf6UzJFS0BuwKWn2Vz5zhyTAh5NlobRfCHEpBpoIEm2pc1jVImyXgz+kor1sjbyX9w9qIEz3i082VncILMma+3WRPjpy20wni8AZEFE1K6v54kWdXDmtArIiCBpUqSrUwmFDD9s8pgNoDoW2bxz/KP+RpDvzURhk/3HLHlGOYVld4QriE4JSnD1gpm9EOP0nqzOr+QEntVZ1a18tKV6CsMozDnJdR4PZM8KJiRBupyK2wrJmgu1VGmSz4+TMYtWojPHGit9H0BpKJhjN318jdSuR1nwLn0TZ69UYwT+agtdeB0YI/RU8fLdMvvSPYZTHOAxJEq4INdOzGIVJIZGGlVV7+6IJ9WZ/dW3sI/rxrvwwvaWwFnP8G7eBTrhdAoXDBUnYalKuGshidW5H3yB1Cz75ReBvTnzc8zHHwa9W+ocror50+W8tuCe1nqK4NHygFvuMDE40QLDfHGWw3afyenMtwwiXpjKyAkHIZyaWIB9zvM0HpnBm4zaoUljspQP5EyLchCOBW/5A5P8KBl6npgjYURohXOVLmz1+f2uWpUjeBGC7qux7dav2dOnxdfOIMKkzbo+Q6CrGiV+3p7keNAbEfYepRf5AGyObk/HIWhyC4l/4i5lPRyHG1jyGrcWkx/gcOXF1YNTUDL73xbHDo4d2qAQqktcA8gDZPYBJ+g1X/kNfUZCC+ROspdsKCN1AvcCqRGRDyLmA+20mDvwP4Bmnb5xDrKnbrWngEkQ1+gyRVekVpdjAEWMCrxmnKlYrJtAlW5uGX1H0MC/r6eEnu0rLmHcC70G//d8YHJ1pt18zMuYpi59h3ASKumcvxhmln05tPkWn+dib1ltRcuBJouEKuU2FBZX1f8odAaq1m2M5dCafyV+tFoETf26gMKbPbdFZysgccw55NBP+YkfQmWnRg1M/cAMKq/5hC704waHR84kI7duphWJnB0ttV4B767pLl6jz3q2S609mByS3BwQRGeUn82ytKQKR9l0xkrlgUl11pSybkXqcN3CfIbRcYPof0cUKrA/fzxmuRQ4/lcl0CfwyB3/CJRw/KdVGwj28llbK5kZ5oqaCPpedNoANCutG38zce/oFntXQdNwjcOKXdALYydsG6M6yV1kLq4sl08yO7sRr8GxpidzMhPxz6xkuG3DO4sqZVwlrZaTq2JPX4jLFVfGXhFbamLNY+c27yXHdWA3on8qhjxydYRi4a0QcCiGopIvHkN0+nNgflgkBSiP6PCmxIXtNjaOuBbOS+yHBAwuHHgE1D7odBuwH2ywcBS9tZVyZvdUIYxXw2HpkdvemNw1hL/3JXRJVIqlP3p2K51IPTaH+/DgDcIgmGiu8farmY+XDRVkw3VP95SvYBNARRYpVkI2cvtLwS9vA6DJWKp99rypvZYZbe0FD4RTs84WY16LAaZa4Gf57hr28zcZ3tgx7yVj5V8DrBVVY7iBGWwH7QjCJt+nLZlkloff4hdi/+jfZ3uUCoYRiNR9dewATL2JVzVrj8fMbQORFeheTNnxjU6q+RLSenS82KSzXx2wFpBRFJQxrhzoe9DfcPdmXA1hPfgYw7zm+G57+8NrJ+iG5IYyquQpWseJvxu1fGbpEWT/7xsbJ0F2J+DnIiTDZ9x6lUZ175X1iAeVSR+qqbytkwO0lqL8rSWVOaR8zfCSzvyeLCeGInBeYfUWO8MCviT96+1rTwiY0MLHLF90ziMUMjE8dbj4hBNyCwA8AKptF54hfUE91hd9Bi0uj+r045htFFanxjgJz8ylt/ViSaHIMFhZANJc5hPWUkrX3HwHg6icI58vpHPOltrIC1PM8VF//JLMxwRfQJQMckEM+Jz5j58Be7hLzLep+ikziS8kZYxZn6INZn45BlPGIn5ke2r6/gd7M2NIU8L1jVWhfLEZIu2Bx4brHWFIqvO1Jc9E0Pi0PEziigYJEm3WRD1uSrer3zm8iE3eoy3Mt9fgrMnMN40qcjdHsrXWNhQ84SdlLRKhmoDE4qBHzHEsmaWeDQv22d6NFEUC2yHbWDx+MtcpF1jkHXyH1BS3ByPwB6QXERwUXjuL0I9qzeQiLjiIoBAhaASIOGhsOFcClqH+QqSJMbUvWppmPUBwugNl/Kn94mUZwIrXK0HYNoX0JL48bs8IzPPQQEJm37ruvI+WNnRV7MCzvGZAvrYzqK9J50w2TDzT+QQ6m2mfI99NbQvfDoBtr5MC0R1Kru5I+lolQq9SyXCh5Ka7XIWXbOJUUhmX/Q5GUpL7WkKc8HoAvVVHQWv0ZIqQgWw/fneCxZwuh4mqLLgMl4wvV+Pp8qs/xN3wadje3QniGCT8+3mRy9ZRb9rddlWT2dqaWXrC0Fo5cZ3/nL8UDOiKKtlBdYRd4yjBSVXeWD7ApjVSxGt6No+LGHZ1+004CExOOgIV/lUpX5zeimnxENsEpjJ9QwVV3i0agoXKx1z+Fm4Q2P0VccWHAJWgbIE+F2cNC2c5Q480iFHE4dtS9HX232+XO2KlV1DQ4RgxTwRu6EAvn6BXx+U4MPZmcDny3dMmLIOjHxpMY9I2GOzgHjGt5hLNqFmFSwjIHEM4+fE1hfzPFRaWNZMjUidxY6Rvfwm2rg7lpJCaNj7IttigYtE9CxzX2bde+c2imP3OUiRa9UuFTlf8x58JYxNnurw8TEUI9Zl/XLrxi2NkiaE7B9ZdDIifSj59RfBQsUMN6i29H21OKvER74DRGZN7wXCY/Qv6TCmu0gCTC2ubrqzJeldBMVqtqkWghYKRAd7HziJLX5hx9U++FyaaogstSL0C10P3QVpRuSgMF2CBtBcrMFLogL3lDgeYn7pd3G6bOJGZecYm+AwuqMouy64ryNXIKIHSifjkmLjNeVIHsqXZ+1ySse8p3Wnsj5AwA86l/IJhBzn7/0gg/UOfBtU/p4h8Lw9VPWVIEBRJMJhGRkvxg+fSg7zGD0iMo8wCoj6/p58bjL2l95BiOWNDKgJvo0DayOpSsz/hacxwv0jJ5AIQaNvc+epsFxXF7AvczbvQakMLYWFphYk0OeA+jXwCg+7wOgVrXr5OP4bApDcMsCiKfg1mbPw3YefOOQ5gP+4RAWlRulwlV25t4pnWDfVcSMno9pFREBfauzUkyf0Sp/sraqbRimP9I3x92AwnAdPn9tYVxsiVirjd/N+BS9Rl0wHRfIHMFKjxEg1qalPfRQ1ONVU6XvB/1Zf+JWGKthNuCuMWW6rJ0V7JNU1RaZO36cDZ3l9XfqL40nH4Cf4+i5q/wpbOmze9fD2SFQ7Af5K/PfaKYmImUsie9CPOlx+GvCQCh6+G9Jwz0K2SV4lApiimbs84JCEF+58HPUiXBsetqiwfCOiuGagaO3UW8Ogm4sQA+JBB60aFAjGGN2aCnX+6/L8IHghcQuUEuZH2h6HJG6EEtpCG8AJG3xfw8ZNW+h8SJlvqUmQlgjUXItyaeAlv9JbGqc616dc/kJYwh1B5v1qb5Z1cRVAC9HRx2LzHxAxtmyxQuG6MKLenUzfiDBHe/HGYDUv9N15ZwQqBEPNNTi19d6A6d4DO4m2BtPGLbLQ9iUn6+GtV8cIzujPwbFOsbqlobLbO2bbGc9GpGhCJ6L17nDoInOpeueS9XmXN/8PCzeY9S6bNJoGksPTFu2FJPnT1JvKj1/OqpfmTaPcV/vdjBTTmNqpjc9Olv5uZIpxz5vRqeWEqhhoRwDvFxwFexR+MO66NM6IlB+EEbrmheU8JeOzjqU/GeQnOesIO/dIyI8vElUbSQ/fjbduYYrAO1micd5w6HYUZOEGn5kubvb4ON689BsS5uSfykNPhC7yE4/cVnFpxhK35F+Yc+wVr+xr52pFhp6g3emg2kBRuq+xUrAWMhvnzxNLbVh9FdYpq1vOZaIlr9wjoMY8UJOjeQZzomOIh0Njx1wl1/NYI+iclJM72Wu8egNoQqe2VxjAR6Pz6UfEZIyO9CG2CTrinBAkV8pZqaMqz4GuppVDyKMg71ySN5TEkKZ6lJbLbqAWgWmyPjrT1bLs39utvI/DNHcUPSyEZBxuHziCMZlbf6bT1fHO0vZ/HYYqhjQjRTGfWR33xmiP7teHCImevQor3+sZH+PzVUZkZF1Kuvf6O31JZOx/W2kvkKN7xR3b/dWCKms7HycG8LWQ54ABVkaWhwyHZ03+/PMICa8xG6sirNJq/y60eMlXWzIximPYOL79jE/kzPY3wgveKDajD8zEZlqjMZCzKT130FPtDx1IikPyRbKfLO4chH/vCfAUrl6Clu1013nnri6485Z8qj7pVbGUDSFFNxRmnt8EpVgb19y127XSSfl+yLEJJ1Ihd5yAKzSvdWWsS0elokbV94646YoGpTsyYpgw6/30ZCP6aKQxNOIF5U1/oRsy1/I5PoCimiWEaAoQMA86z0wA1I47ADLtPW6M1/eXqG+D2Aut4Td+ziN7cQiHWgryN/5dZDUdcHsX+RnXdjSqjMF58pXvTwkt6DhzPpT+XPgXvbYl7wtp8vVDSix4WY0kldiIOj+NGdC6L3OYi0v3HMothd0R/6rAoVm+Yx3ubVIv9GT34ZX4J/n5+qxZAaJmTOjcgJoUjTcwYKr3MIN/Y496fuzSdUC8Tx6dmo/FqJZevmb1Z/aej3z/v9Hk0zH/wj7uSExpz4AcqOlsv0UPIL5n7nyBRJCzkTwvwXI/9Kqx/up7tL8tfSJP54xhEwj+RySqwoE5Ge2+SIhJdwLMGeHYLMTP9SyTrSJl7Ydaxj2cc+Em4OChR9AT7atlJodUAkoD2Qbwq8Rvb95Xlhic1tXf03NyLfiOfBfmN+SKDLRPsQ7F8vCFfQztVL6vSpx+uT4m1btQHwtqyILc/ZfaPvb2ADgzvMzTUHvbnVSxgjpCC8vJNwG2J1zKDteEIUXZeZ7wbo2dYBbPJC0enzvAdAewaILFP47yIFUmoKY4XnvYQqKz9yxymnpJrcxDSZwyq/hKbi7qI8vyZalzwTiImN3fBoRTWce0dLhPtq2MLj5+LJV9P41V1ctHjZ1VolYNwfy3n/01qPoX5F34GtqLcIMtG/aVzd2h8ngY5oOVdX/daaPwI0oReYG7U/N8/m5jjxfSnVsKv6lJQdmsAkESPm+myHBIS8JJcWe5SPYmEYalKcsckSFfJVN2mTmK8jl6sOJURzQHjR7LfXzXj7/fHB0qJPpHSKEf9z/CVCqdubfoUhj3iiDQAd1UMA7Xq3ZBLWjfwWk7Gju++fjKuCkmAwUUC7ZgNKSUOo3Uhyw20UuBqXiwWD8A3U3IEtvy+/nJIuRAIc+7s8pCra9Nh+8YEdouWO7AE1kHfqeSTOdEQphqHsq0Ja3Ld0UGowlnxKVP3eZuTwiJdD94cpGsxxif7Jl2X0kyR3n+fkA4e/lhtdYjt5m8sz0YheFk24bvvSM833xpLfXFcaNV0BEhFDLwVvw+dvXgMeEtR+7XJ9GCpSOrvWXpgiTz3gb7+Y7yZ0OtJJYMFHCjbTRELwNTQcho7k7AKR6gF5HRyhT0hnPk6GbjG/dfa/foHAJFm3U/+mG5S3IVGy2ya8m8AiAcujbM8Bo7URPea8ej0kJs8qx1Tq1E143cbF98Zdtkyf+T/yP+oa96lmch9wrIWtQGXIj+roD+w9O/BwfJb7cyWIC4SvPkNTjbi46m0s8NBCbWvH242Tkj4OX5n30JQ10hMmKJ5cZXOIj/FgAFwEpxK7CKwg2D/En+jD7vCOsQJ2V7t8IP9+xZdt5q0Trnmmcy9O9/Dksao2mW7EMQRygUAH0p+MTNDAU0JLj9ZHuNSV2uve5LXR4tMDcEKrzRb2CjW3YPI9DtRpaUN+EKOYryuSKBoCu9A0yeALddJBQIz/qxogbC9B2jDOTUiyDTpOC/I8xhO1jn7tqXoHisYbRBX9PTzTNS2nQWF+bXTr2cGUdXg20XyElkOnlRkR9Mv+dWEC5r3DDRLAAQOqFHXYODClhYtFU39Nfkqqva7y/piPqWXCUgWb0ePGC5EaXaq9YxzTiFXJxc7Nz9VkSnIOjI0FzRRfuYbyRnId0P3pP0Pb01Gy+w6KrbydlaL9kkKU3SteTjvh8W3s165HtN8xxYXwqiOGR9evqwxKh6GzvzKyl5HOlkYeypG4xWuNqJLkyufgTiMEEe+bSZUWfT4MkILnBKDWgF00M6DlJ4FH81PjBMn1JHIPyIWRG5s0K4lrqRub0B3s2o4TyIV++RK5bqe7dFjMSFshbQ+wIOeakJ+y38BX8SCATF/nKEv/90AHczK2+VKKC3CMYXr5WXR7GbT2tYsr1GVCsf14+uKH+UBuAGl0B9A617RDijAAoCKan8mnmEb/Eiq39JK3wPDGWaw3ruGRfMg8GVm5hHAzarHu9fFunK3AuhKgrKnYOlq9nsJPlwpB49tQ1cdVmXht7M/x8WxTlmZVmaeYthuU6JDjzyti8ARRvZB011TYQcsN/XnsYvMRVLemrPLdeuWJZaDMw+X4eGZfCvwDfBXBoYfS8ZU4Bv6wudSxz2ZKDmvoon7m93i7+PCXeZH1sMNoWlApd2GVVAjPEh9ok9ikfV0bHuzB4rNOW1IviDOEXdMv4GdYCB2w7aEeI/UEXc36Q1WuDYObQ+9KnWYJVe/g6SutfuLnepYvv2RnedWmLNOdpto8NSrk+g9ffoVcjHVc1X5dfwxfP+iKOfEhee8v7Vhz8m8ikf1yLufrxZ1gYYksWBGWtB3DthO7WydTGkCyh/M26UYBydjGIZue/31YYTfiw3ZCZ4sMG/b+LurSvnBZNby/Xz/jCKMdlrRvbOJaXpQmoEPx/mP46/U4iBFvj0h8v0cWFS4ppqAusFgAqGLvLy1uoNhizc+/WTvFTPuYQUxMTBb0raxS3Xbtb792opIpNSR/xxNwSfR1vNVCWzKzm1vHF9j+WaB+jR5Yq7ucTVmZphqzgEpO1uKXeFYSYrLvJI3PqHs3SlGmg/bN0csr8xvxyWiz6F5rs9uTl88iVGitB3f/ZNrLm+K+b2jEkPkUFB1bJMnjhxJek/YwuVCZvwB39/1zwbFrWPDA1toLsYxru74oHlETLJwvFR/mnfaTH7reX4fc1ExvDYeGgr5PjiuaoeCn7X8JmJDmGNjXcUXpKaX4ph3wV60DT9VWZDG7ehzfm6t4I3py1m943WaBgOGKk6ZpaBOZDM+IzIzmjOo9zsYwT9Q48t08Qe/ti01+TioRJ4EFF51FVJaXzVBnmrwhruRS4oAi0be+XNd81XkXiDZ0PjIzj/qh70IP9zCHRK7EmBfui5ONWyHTpxuFsUtyL33KA0Ezb4KHXpC52H++PqlYuul9c04gZs1VeMzy2Hai6k5pycMANkF9swx5N8189IAwgUFjr+n9Gzj2Ahp+40rG4BaJIIaNCU7dVSlJL2VKxuB564xBoT2rqp+HINsIcuBTs19KBNyVO7EoqzE8/AJtKW5dfGNROIrPHvoZPoCJcmAfmZPQXHMEatl6QinHPxIsDC8QD9Iz2XCFiyJ8VR0MfBKRmzsURFSA1xXgZtSglgV5E5a68gEZ2jL8HC8uNthhwCOOUx1bwTRjXP5MJX4+awso0YdwhZc1/4ZcLbqGS3rX33j0r3Boe6F/CFQW3D1A3YWU19+X7B5/afL2YEchYr8nwXVA+hn3QmRN/VA5jub/FArG8LZAlTSbOKVL06orZEtcSAvsMsBEDVv0kUWGpnWMafFP+SKFY3JhfXHSWUjJtHsUV/xSNmvHXJ7jQVivNJqIv6n6SKOgwDL83IMOvZwWIMEFbjgfEjPO52jrc+hRg8rS1QyZRYacBW5Z+nJaUQjdj5ZKXdO/bCnrbEG5qTXiJFT+SqMS01X2h+3K3uACgr8wi5FZ1rPqaKfS3r8ymANtA+QMz3zZn6SfJKJUAdIS833qcI3/qWgjZfatHzmUUn+ukCGU8rURvcwzw3uROIT2KFF88pKtaMrfcOBjePk9lppJ523+U9eXdfUfGn0KXXTJ9Q6ML9Q7hehsQF5zr095tmfjd3fpMsXvGH+EII5wDn1Ze+0+sTPCSIE/IlJfINeB25/XHZ0aDH8lpixWsJ9zkfSQ4uUvYW8IcBxEFNuonyNUsLCq4FSEt+dx0/hRVVSYOvmYqWJYULHLiajQK+LYMo794R5qelSK1FrrRTya0aKDFJwETqzds6ThoClmU3z1qBSe4AZrR0jop6+LvCtUMcNqOZkn3unX0IbSZ8WZaEu3E2CKBxhOZWl3x0RK01WWKMGstxj3GjvRn4yi/solnZ42WHQwSFiD8p44x7vxPuHfSD1SZcJ3YYZ7UO5nsAVIqGnMMdJCwfcJoEz35bxKXnBuv/hJ7fquMJtL4T4i7CoYnrXkfghRbTu7ml8YUowMyMxB0fbXdZeBeA8I5tHeJk9FHYPn1i1UVrYH6rBbH+OmqW9YGEwbn9t0Ojgk6A3q+V8aQi1pEbwDT5DgsEXbVUXO7AC276FQ7eZm+/52AH7RrjtWisE3O3t3TatVDn2uDHkxXwSEqRdgSNKoyuh2mObEHFpRWXc79Uc4SRs74WaSRM1oKugWZlF/3H0WnytEKTGn4Ef541NAweUShXwMnU4NsT9BZ5IBHl775M/oLY9LBqwa5KcUDf4UFdWEVfoFmMsIS3n6DDpZtX5jtnV0cnszcrFzVI/85XvsAyiiln4DvVGPiFjiOwPPXDKzGpUgDocEDJhQUkJ0ds63KbJX4vbJlkcqLLnJKZ+q3JQFIeDbyfrXTtNBreLJhTglWjztmN059uJsLaOAIJfto7Qqg67Y7OnhixtK20+jy8dAf5KuGW4rupykxkbbK3pf2Z1NjC9HX6YFZYyrrI/RDpIgcUENir91/989k1oc9+UWGkBzoCduA0YcSGE75LlA79+e+nKc/PfrrJ/YxkApiT2v1R+NSVvs7xIE+/qqwcFl2rOrSEhQi40w6JRyLZHs8Avuqb20jLWWVfGM5iABhX/i0N+/M9WiSeNLfeVTV5dXNfrppSW538+Aeb3eom/E+gttJ4s3P+BzuKFboWHzKzWchzL3cqF+CA9jUXLvVFIi6JaEG53qfq5LVAxuU8zX7V+7Zx8sRY5KCJI5MNOt+Gs0G3n4Ncm73xQbQZjy5+AXFhfrRDE7xCb7gTK2PoNVGr5MMoqngghaisnExyhf0CQ1W3pR5+CdZDQALmSjDnIks4SM3HCNxufvPjVI8WWMofhlYp+e+Ctx+yVoJTn7qaP2nKZxABcyjPif1awV3eD7qU6ruWltMdCJ8fXbP4uxUqU2In3HpTIWoSoIv8O9eX9H2wdbpnOzy5+l78kJFD9oh7RITeI5FRD1SKWQWialJnjf+BR94bd7O+dJIq7htf67klaWPJK5EiWBpWpI3iXldzELLRRKgQ+g4ih34E/F08IoIypRxkLblgSNohDtCoTc8pH6zODybRZkCrBNCqKsLK4aaFBIlWYx0tT+l2dt4xSOhbFFsYHwlj6MrP4bUVIWA6RzwesYBQm5JvRyxgoHOlmCKTRe/TiL5zmu++OoRvzoRviFbX/pnbPBvKKE+ggVSivKaWgWmeEm22Vu+fbJQwit0DVTMf09fp/xyF2GKnn6sBAY80U+kSq8Wnm4TrCe4SsXf4CzI+aMh1Nzb0cY34vqLCHk44RZk47xSMVsuySaUuVNKvN/TIg3EZ8HwcdOZxSa6PCkkjAnaVLfQ4QklmIqzm1EmaPQpUuAWAKeu/aGYIC6HcMk8SIludfvACINfviJNnJIP3X8xc66cAeP4ohOoZ3s2EZUbd6n0j4y+cGRKOwPVya/oZWCU6Y9WhhivapMgYZbesTliRNLswbNKbu4pOf2VRVc+PbkMYKwx+vAlL720g0kINi/1j2gXcE1JX6vnG5BYHO959YzRaQfEACSHktf75RHo36dY6IsF36uWev+dUVIzvf93egBeBlpHCEw7/r73baYQpeX/L+vdoQ9BLYWN8MhDXDxdQkYSUhqgxhan7I85Y7dr6EEXCPRSMXf4N27f54nb0Jex11hmot6khLuUM+0++62Xacq1YHbQllhnmcmQwkChYaa+DlGBgxWkSrX9mttbzzTlWFObFimaT5b6fXoiR/p4B7tXkG1VD+afP8SBTVLuPONF0R/Y8+M7kxqQtmtog3UhHSkEeV/UBQ2hTo4bYDi/mq0IoD/ep5e9PgiH1H/6+8hSmGWdMHlKo4BQgrlhKVdzrh/hSCeH3sjLlNCX3Ud1k89F5OG6GYH19hZsjeei53IBNr326qLt/1sDetazW8L3gPcTUeUSJ2epwUpoZcJsZE/ggT9D5HaxAHniuu/BGK8Hldd47+PIxDW8kaOAnu9xKLkPbaIUyfoHCM0UM04rxBTBD3QnkBB80ji33rqXFLAMIqB+Yl2cIZ2eQNxDta547jUma+kbt9u+nX2JKlhpehaNkRt7WRxQRLd4dIvK0aX6hx/iC6iqtSxHlpGRAgsnq0Y/6Nb9Amq2VlMQl0kfgIyGQeXI/C4N1B1v2txeoyQYPvCi8+iCCkEPL48Jl21DThdKAWFYpm1g0Td+YUWkXq5mWC7Q+aBhAPU9q17jT3CrEs93AFu1qGgPyk5hJ2u+gaiDIrfzd0jWlEIBQee7/1Bz4aoao++p0bv8xA1TR81KgYDsg+CqltlET9t3yT67zU1QSxjd/Q1R/tWN1kvtT5b73NSB6XNwJju742DA2NlCfYoiKwiLyuFL5Uit6nGNNFhQ3/hC9TIz4hCs56SrC8+BfgXa6hQXw84ZY6/O+3qCipFsQAwIjTnLe9SpZ0kXnKftEHBq2ARZ/KDVHbCfZG/ou/HwPDDwo/egkH01O2NCvwmhYHC4FPo6tfNJOYPVNDIzGjrwn7XzpBSPaSI12LXVMnCUjju5QRx2lUmPtXcJchZ3sc++zGWLmeIKdsy3bs6R9d/10/5a++gpy5yiqZx/nCQeBsvysf+LAXdI3SQ0l1Zl/Zfg7etxj6oUmX5m1GXF8IPd2dkj+6zawDsqssCDR392Fghh8n8RQWpUOfzYRyAAZB2v/8VApwcutWf6kMY7FjWqVVK9YYKn309ZbpIg1TpRim1F72/W+i5cZk3ww9cqGKAEEN4Q+qEvhE2AQOPRRKq2GD+qNcuikH9OfOOQd2Rs35GbHONl4Dnzt1BnCNyzMvpkfTdXjBMvb97h9NqVrSSNMmRtjJW5P1urR1SLJVwuKXFCCMHnXaw/YXmRxPnOKkQ8zNHqkrudoU6K/q75yt446392qG9st0BPk3UxquxZnqPi4ZIPSmrO3NdK2xCyuyXu4RpUFUco87hx080yk7+D85pjqeqT/FTmnlSaMDSF4fYfh644BbqC+2nzxU7rOSXxeR9maOPbBO3325UhfjLQ1ldIiTFjO8Xq8T8jStdWgfLOnnEMmb+IWCzi+8G70bfMPDIKLbUkejQ9dQhw84x6KgrlOgRaUHz9vQtl/khOFkHCr8ntAmbY1zbccnSM/vRh/QMDLbCv7ivaVpYJ77bUfPin3PR0L3qONkbGgMr/Suyl4+lbH3gnrJcKy51FxjRUGBsEUoDzTRxWz/2k7e66gzG0dzX3DdTtMCOcAQxKpm/q1wWLwI6FXF9MX9eZtkmMwSvPfWO/spZenb3Qpib/QvcSc3uUbufUmtE5AAhl20UvgQ4gkp+tfGjHSeK4RYS2TVL013SS0wNu++n/qTx6vf+ElvGttV1dwpQGlUeUrLI/ckCFTQZjnv/FYRq6NtMPRHY6o2S9LHVW9oDwowr2f0bil6TVoABYnm8j4J2sptOqQ+aEKk2daNAfSLmx5HDEg4weH5D4vWJ3zM/98BUgIxdIzUe5iYTP2wWu6TMzNzO5yKlc45dGyIt4eTDLqJdktuKBs9rz6IUBq4I8cEsAFTR3bU26TdoT/5rtat+oya2qZIGq0E2pnsZzv1JxQ7M7gMxu/ZVdYDpLXOv5SmhYO6S6o0T0k00t8k8Z8LHNfeST33w1CQ+a6rGTNTMmPtzGMzi66eWqGq7iKfFlVwHphvcDipva4mdN41O6ozUcbFTcnZJ1EBWHfaV5fwg6qS77/xHCyAReUJ/M0FWGcwYZJH8dudTK/FbdAZJvXRjMMOytQK4zQLfWEjyFOjr0j8jktEB7Awo/D5y9qzyepPGEkoc+iVoSIWewPiSg3PU1rf/qR3ljNOWUV9cWJ0uMpfkDrGxVou0f84AwuYrQaXBvtM8g/vxUjrauzgxZ3zsVCigyJOdXUkC/ugAHrjntZOewUXZX2VDR7uB1YfxTVK7quC9oM7eAtKH9AOOSrwFDE/M8Kxfv1jQexJEQC9Q0/rboDocKZqOE5oJWAGPBoFxpPD9Eynn2sJ5GR258H9h0+Kawo5ebR8WR8JPcZKbKiofjXMJQVRXMdw/6l6D9hmt5cHWItsbSAuEJg9oYcbzy3g3D6u45zonR8EDiHiKKZsObbsvk+ogJk6zBV1KCVwIxBIClVPOz4U2wYrK7vhETvP+6xrSuMTK2DsW2820nM2+uh5rQ0Y+xx2E+3ac42i2yoCIWagZGSpWDK3evn6rlypIkzyW49E573l+Hgi6WVApl0YviSqBUgWfNcSnFe/5YibHnLV04xSTOB24EHT5kvbt7yYMIB1AIJLl19ILNzprkql/A/uVGxWlxj19fgIpuoUZwNgcqonOULeP8Pmt7WcpGhPDdS/G8nPfasJo3zVqBQHBoGJy5jxEnqEzVucXvr4OMuttSctIg9aqewhgX3sAw93YD06SRs8HXc28/R+w9JfawPvQGc6dQ9oiHU6eVVhv2meBc4OvIClMMBH944XVUrMFj9qDm/tK58fyspC00gQABeVtW+0/S4rxYmvAJTclgIoqOIEtISI2lsMjXxKCr5HJLSfRxwjMAkXq6Jf/pwVwfPnohAetD55itTtvUKXNHVJ+9G1nnTRyIStbVogLCodgJJA5dEPFYV6ucjGM9VCCP84LDXhkOXKSoM3prSPz84Ob5fzQ1vvRbXgAd+VIw68LR738wqj6ecPbhxy4rf3FWg/GxbO7fl+6nnIrTeQGQWqUhv+hq575VA1BndtnvgXf9SnHEOE5l6z0/i2NX/LEtH/vl28I5I/kGRiqMYY/+fOyFBg/tkbG6610rt8MRXypJNWkX3dfwi2zv6tY6oOZpMa2y6BYjg22b4PYnMlMhE2QWD9mFjfBjnP+9TBix8rJGUx9CrIbsg+WZet+X4Thhv+asNdcyEAROtb3KobP/desmovaYd97f/iYl6P+IaI8MS3YvhmnQdrBIZNJi362KtvRFliQPBJI8jcXuHOZpIW8glfYyPFly4ggwNqMBoSC2+ZhAAWEkSgMvMUWN1ugYLfQuIFMqwGEbmFlTc6Oevi77R5/aLfG1M9abGnFTf22raM6G0lodg1fFC5Z8S+q+miEt3S2TJiVd2raxtLqv9blNpk/382B40qbVBxIAVYmMMAGVThZIz1aYoFeDnw+TlHvQXsT8NSsITI386dYCxtjJTRT8UoXH0CHYviudHG9+owmpljU9Uallwzho79yFIjOrD9/k8MPy5sqa/L3AHmsYOrNMB+Ub+eKp7AsFjKDdFiyAmlmh+u7rg0CBQVvD5tk2ngtQ7WOaK2fr94HSxLwdzHAThKdUN1nEAMyAYVKzexrwTJxnfsijUPTsTIonOZ0j+TzeORRklBagrYCMw19sroD5x5ErMuNXCo8zERCW/yoxBiwq099KjbLDwk5vwBxXpQMD8UWuPndd9WX3j5twoLE3PoMf53klR2TXAv1oiACbWKXEdU/CJ6wsxsvsCHMXeslFV102n831oEjqrcws24htnWVgLJy1dbEcYjeghady1aB+4FfCu5vlRvMKWW+JqEjQ2KO+bjOBpNbtqzSwshFjikzmG2RrurkSjQYxZW1s4gF1p9SwObYIRfe5oZDcxRoiJh/Y3VkIz52jp9L1nuDHmYQrq4+Mf8uddj8ek6ukmIa4z9ldZX1ElWcJ+uKkXf7BeEy3Lf2xeXKlIzxa6QSI3BEIzt3wvu7HzESHdig7dbuEEGYn0FdWKFzvb85JzqJhrjzSy/ZMWjslDQ+EJi/KfkgkS+eLdNahUp0X/BGIP8tLw7MPDCY98GC677ZtG7ctI4mbQR0P+huBr85No5IvMEyNtqwpdhPjlX72nU1RxZ7lyyvCUyhEvqluuGQMksqujt2W40zVTz8b3pMi6MNsA81O5ndkHsbjNxhlVk3F2OGnw8wkIkfubyYtpVUBe+lluiIgYI37yvMPiOjyDrNTN70cB/IxO8Alv+ZE6yUmfIxXpOKkAv0MIL3lfNV8tRTxjd5BdGlYpN2SYXwgqZjiAoJwLgPQ0uNTNT+uVXbWvVd9Duu4HeYg9ldeAS9Iflm34XNgS95KFzGZxvSyArsL9IzvJjnjxt6L938HGXlVLuEHov3/F2VVNdwvdkYCRo4qxSkNlhDVk73ayctdYhMPZt/bdD8gH4xBggBfOtwshiEy/j9mTlqKAzIH06hIRem/C5AgWTszCf6pbsaPlaVRRsjrnXExKlfLqKKuwH+dFa8fKNcEqeyOIBIa9ULZfmKUY3/zQlJFtBvBaki7Hr5YO90fmfu6RLagBj8qZip0VFFiG+FTWxmu6h3jNeiuHOxTJ6dl7TYuJxIIygB+/UlsbIuDsBMH0+Qb2h3yuxqeYxxpUdo7HCvjHeydK6ya8MMJ8paVVwszxsDWP4DkP3weY9Nr+osHAqDAEqaHHCByUhxp28jpyOGdz7pzpIxHithbiT/dPyCsorgS46M+Je0oknvfsDQFRbfKfPA0uvv9idjt33LSHKGf30ycAQM6Nh/ufuMIVt8JVrDaj/qIDnHx1cVPwS0leaPRK8+Nkkz5phuxXMKKCnLFQ+7lG/fktpTDCnD9Vxr/xMIYUBf5G4O+9lx3eug9DdOfigSH8sA25JpX066qsGbyEQ658GDeyqVXjaHta4sI/QpP4AplKziVx/y9WHZgaGIYA7T5quy/BHuCMiquZosE/Quq5NTQqsW4z1vA/iHdKG0s7eiky1i2adBUKu7ktT6xocXHgoOOT3sKvy3txr5fnlNS0MhK4pWPJl1eSZ3DRKQKA410cDsIJPKVCGQ69KDMprFqAmF+0vOW8Eopv48SQ6DWe4I69JTY6+rZNBxDl68oj6wtUHnOIFs1o7OZ/41jeTH8u8C+GHRjeSROg7LSu/areuaLsA7p9pWTZWwc0KOcTtj+Sb0VS9r7MHuNZxcVEPRb5H88HqAtjkLuVAQINblAXPaaF34tCGieQeTyt7jj/VcnF40lXZHDFyV/rXlWuQOMVqLb8AjfGA+mLR4PtitVaLA97JZib6fr4pWBChqvO08V3iK/ECH7/New9Uz8yV/PNCs/DzH8CjwtmXafuf/sfdeza8iWb7op5nHU4E3jxiBACG8fbmB9054Pv0ltWv3reqqNnOm+5y5EaOK2n+BIDPJXPlbhmWKCtdfmKMd0oeXgK9x8tk/zcDq6gfYk/CQwevcxWvnsRuSjDu5mlHUWn9w+dbQbslXtuD0rQ9gBQVhGqwXFJ4beZGUHdvYVls8mz5xm5x6/GHk6vryCPpWHPjaMYjGpNRnj5OfVvLea4eWwgG7zSHuyK6AlXv1EtZspmGq3RIpiQaKmwqXBNDozDKdtymjeRSaLKf3fk6p0TGn+YDZ6EmT3SfLZeGkikZyqaCTqY1hU0MzrIqzX1wauUlWp32zK/ioPWBeeLF3a8tLh98f+gFiG7/JK9LCRU5Z1pBEYnmpeZNWHwGO1LgGH+/PbFMyOJtE9fyIYT8LjSxH1jT2ZsxllIdyNfvhP/yev1XsJJ/1bM9LbyoO9Ljxr0RxPdBIYh5JykdZOidocmJigjuJykZFzm6GoplJwMLeExOdrc+e8WIroSsiSTEtKhfDGG9VKUnWh+w9e83SPnSWi2R0eVHYQWT+bNK3MzU8TVM2W+6teGupi13MslAEn8OIsXmP83sTyBDA5W5LVrr8xqui0KQDujSvK2g7EMl2imuDZsowwwLluyv14mDFeJKJaS/+4OhGG6KvLsY2s1xC+xyRjqJubucmknyPg3a2jREx5RZXWGLmDMCRKUVlXXi7BQdSdlT4xU82+s0d/8iCtfJKRq9QYA1qUwQoAt98nlFsLpPBbx+d4/VjBcq1UAP/c6HLt1cyWqFgWwIW9fwt2gOYkrdzKu2YleR3Otn4OjNv3JGpPF9cO8gl+/TDp5mq5bcIUBI6vCMQ0STuqnaDmFvwEKU0HT9EpTo4mSW+nom0DzCVlPpQ2S8G0LF9yCYhFk472yfama/qxLnk5miIDeI8ldduWOkxKw/pgeoiI25LO3aBpT3VW27sWb8tsksq7kG8+/B0Vaeb0evzfdWo+yq0HHBZMAOmvN6A17HZiAqMJ/ZF6Ga9UJGLCvQ9CVocTPeO16wxb/YwUtEZmjXwCx2XJ4zRARP9Zuric8eLHd99PfDFJl6C8AQeEr12czS79k+nLGTgpcMKGnIOYto+26S7ZWPT8VMXLpwn0vkW8SpsU9HdZV7a58fabDJPLOQ9HO3TbSndR6Fxx090G7/ZWjqnYHd/77je8qgFMhUbttXm+Aj4UTSphSzwC0a0lzTBKnnjTTWM47qdHXK8TJXzMJvzKqcqjIheAIWah/vNn9uj4av/cMG0BXr5fMzhw3CoEPsmNsfRSM6+r5Rprw4Gyb0lH/fdmJujP3hEMvQpz5ADmls8sJgTgV9ROrx9vFwMBp3Hs9w4cwNqmkfqDYOpQ/WxP1Feomv2MOQAMMrkaducC6Ixe4O7uOprTIxxLVwYl4XdgSEn5aB8fOzwUZfMkyVc/DNs3rAo3SWm7sqVy1LquapVfo2/wznNEujj3Jr63dDxZHouIiuNo4kotuuUJrEWJyZ834rmM5aSuzLjVhRvBXiOnucnI06FmiZDBdo8LCauVaecm2xId+uwsmC+zDx8vL/yHeAhD7a4hVfNnY5p7MC7va+PL+uwURBqHu0AweMcvc3ib1hD6/XFUhTyTIoeTthPVsVBEBgMZULyBHjD5DJIaJ4iK9fpBl4yvQnkZPZgoc4OfrChxaxIla1Mye9I5bfsMFmDjZukMpAKgHKKB2CKbCIqO9/g5auGvPPeJo/UZAy3cllrT0wHIHHBzb6/a+nrUvQk84u0pQvwACwsJyloyzt8z6SLRqbq5AZUyuZuyYfsaZeRnZ7rxl4c3+yUJ1KHo0tkwBzTM2jZPh7p0+DR42Ej4koeJ6J+Y+uxQfCbVeK1FEGUfmSjEcW9t4yW+TW2h3DrAfEinNt6ucMtJy9+L8LFST1t2YkMhqYKL3k6mb1Cad5OU7S+FT3XXUEA7+R0b3o2hScRuWa6+fNiMvJV1+c03NOw8eEp2g+eYWEn52aqPse9+75iNOiLKByG/9BGBfa3mfonOhhkuG1ZnmtZXrXphx3U5Glq+A5YomCaQTnTn/jpxl3VFIQFxLuKDR7SYvCGRr49eBK9VcQFSjqXb6Kkx4WghFVY3qHgUGjnNXjlb+4uMn+04LWKwOhQkYplWWnAKyuETO+Hvs22+ko0GdfGONuBS539riA/tr2UoOhDKV4vQUplFyxjA/MqwDe7DrGX0rgR1h52HFuPnE+gxDmOzUwOazsgkYlvLJCT5yHi3o0q2vZDRn3su7qQuyoDIXhExf6kNIm56Eb023t7AAsqm7TwzPkCmb6wNbRxPVNZ2xHS8hbpjI7qlM8hr9/KrjqWmbRXGPutVVaa/xo12X7PnQ1Nw4jbvbUzD02yzp0DZs1ClN4s0frS8FK8N6dq33RE1rvUzL1ckFrqSybeU8SkFmwiiNqZncuFYIaLyifetMNyGm5DHJNVfhZbf/VLs05uub7T5oVcLa3vXPskjWCxNLMEULZujA45/mpPsooRcpw/Bh7b0ieVlhz+Cu0uxwOEblhFHZWYNCItNxh1uya3jwAcyzXyIC0JVhTRx9p3IgeW5UbAyhmcNfWuXDR67UzqxSU7mhzyyOHHPMI3Scw5MM3KW24+Ky89mKyMV1ZVmE+ITgInPBgngNJDVaQnnirBuLWIoxeFNYT7MCyp0N0KihPNZLvvuO8IRep9IHvYiFW0WIcapm7QS/DaOsj3B0EmXKNAFYNQzkh4qe9yk0fh2uAJdnlVswWEkGx6yTwArxy8LCkVqa+myWTdTfdNe++OXViDmHMa+bQ1GROfe+uB+B+3nCDbjs2PfnQykpyTwqPidksGqYWT+9o68P7q6VHgq37I0R3OQ5FSaB/y37MZWjTwbnnzXETrbwxwyUbbG2flmMCMsW4hYjw8YdrlF8olrL321nCKcpfCDmaFQIkedmuGiBJelm3eEoyCh3RbS7DkuJyJPhC0Owt0p0Pi1pH5AFI/OKuHrJpFHLq/pXbmstoaj8/5WpwHTTH2s66k60E+7JlZ02NJE5tZmycrZH1rd8r2HrnOGvxKbuePH+U3HVDFYdQDuwLLmBHFuQSlF0cvsL+X0lPz1iJIUMjzRK9P4xxbm6phT21DJFcSzA+GKrLBKrNCYzKIB+vpc1UqwcrkxyqPvKgrcL4K5c20m9E5nq6aPcVXdsKv9sRpaRiGNaBZsd5vVcDFX2fWpeg6mVVKJ/oboIzAT+eLHXavZrLhg2b91w59WQjVlAyUAACpE2uNFfVkKjTtb+g0SS7uszgdc45951zbsh/MBGZl1TIeH79lEGiGSTZB+dLnXYNIRoSNYryUX9REs9olNR3NDQVKbmFxQ6AxjkRsWRerYjl3QpGHU0Li5APxwmz9M56FrnxSwjhflLua+i1f8GXwIlXiUOByd5hX/gLGFv76kYb7cWHf7HI+iZVBnY2ftDDPDFfcyOa5UHo3g0s9wkBxM9OSXl+Rq4g6hCV6Iu0m4zDfVvY0QA7t3KlkPCfBgxnvgyren/GptIiXeFBhHKdSKSn6huJ03ZAgSZ5ilkLexkoP9YFLGcqxjyS1ttY8JaZrbsmlVEo/ThJCIpThgW/Q1s1LNqpWmfSke60SCyHNWafQ8S1t++Ptsp2HkNiyCaxID9hmZGMQp2MONCCEuwnz2dFmIaQyE+p5rfruW1AYKpmwk1C8U9cPdUueR8Jz8o/mMmCnYGvF40GGb+EyUEWY1GoPbolmVlLp1WzqEnD3xM8S/Sz0b0Y6yW+2UOgTs3GENrQ3eEvsmglrAbNdgmlZJnn1TcuZCSwIEox94yQ5gCmIemtNkKuchb+bptPypPyeuhDiVNdPs08uVe5lxhSNWEMR0OQMIRGQ6DqPA1bPbWgCOoZby2JeK39I78Q7AmqskbxShPP5dvBcaJojlosVWHGlNfwKT3jz9Dnv1PBYmV63JutMjJEmjRCegU05GhhXuTpNGRYfkG1dtMPApslYk3r1rb+FkLP93QLvqICbFo4Eg+Kwjt7GBYCRrxc8MPeEEdufwchE3IP85pMx7GkaFJQmOEpcvSzxqR8M8jNoiF71zLRQPQ7mXEE2urSKb9IcmtvumxhvdyUbb2EG68Sou5LWsQdo/ngi3Ra4Z0YRcNES3v0rzXSSaJrsOPbj0dC6eMjha6ds0cxy7APfcsCo4sATGTlWiuWFyVZib841Fg7qd3nrt53hE8CoGz2etlGvfssFaDjVU1AVXLPb/fx5Pp3z8tV+EDOiIi5D2N0HHn3T8k9sbzA8DIWp6d7Sc83H+OtC8xTrBCQwMWFFG51/X/5LWi6z7uBPiKgiqT7EMCe2flRfuMoyucNY0aC1EJc3HkYvQPkM9W/x89GP2wzVjMf7URvfjA45fJrAsJl2fqSuaS5+ZjzDfC5Euk54lFK5bTL77F7erHDnaedQwbtysL49pVY5GFhlJUDvmXC6IFwQbHX9NV1O1757rCDIbwWQo1J6YXIKet/LAxbFfEpSCLKbeVtS2JrMjLymhOs782y4csgY1NUogUHUUEzn5RvdGg7252Geg1M0AiEzr4pkKmg3zpSexL7UnnJkWadN93vwiopQq+LJlW7Vh/Pm0GrFLm/7mRccbmUSwS9b40x8kKKXteiZIuB0ihlYxaOP2s6JLurj4qPh0frpJ1DQxzZ83M92VONLVjpKR4K6vFpCYHQ5Usm4UOBVOWQ1tMcq4OlHz33OaMrwupbwbL9Vdw5/KLVFNNz0QeVMeGw70TynFzeZymwIzhLFrxsDx9djlgxBw5ZmqClWOzceJ/muaSNpKKqjNXJMioGh/5qkQnM/2Js7r5vsLmjopBPmjp40YlRINqAUCc+Ua6ctf58W6jwjlmny0pdjZSRME75Vd82u401ZaMVsPrqxM2sN7IhWpTOCzz/g8gXrq0c2mE2+Yh/AIGNNDQ6yb6OJtbmM8cyMiWDGfm1i6Kn7wsfKXlkt1/ucK1hrrtLeWXzgSdcEjOLJorYu0DA3oz99xxuKuCxwep/XFAaejZhZwLisMsBbb3vr5XieJ3sr44Vcwq5KwM3+oQWpTlU4sM80o5B5xYHvbP8BwefC4+mybx7rdv/r6b9AFsAFds2JysaehPZi2CFcLCSqXcgWos6nosi4ldyvCch5hTNlfak0LWOVSSp4Zr4p5D2HeedTV/EwSkDFrSaP8+QOerdVeujLkBwbOSUQxQFGvWaLEO3clUqzA2dzEaWLTqcvS37Yy4rLb51R640psiZ0eX8HqinmPNg+Y192xl65NAtIK6uFEtxiIDALv68X9gkEOI3fHKc4TrrZRRNvRM4CJrOH9FpGYsXP64e/ILuujJZ4RV0hi6kg2PpWGkSPPmCGD1GNNee937HAFlmCTV3C3+NEbVnae2cyL63XKLrKYBU6oQjsiD0gZGRFhZTF5pYjeGAbfRzDq6+8Rw2xp6qTlcRfHibQxhUKcdYlOtkpAIQ7rhGufS+MKBOEw7fU5fX2NU2vFHO7aU+SFkqKWTne0hWlKHLVmnvfjlBDuECVneEoTAKWA8H1k4/pykvg2JvXEi4wEXzqN/FpAD6GjOH0GyBJrgX7l8s9g/BPnz4xqSgnQoCOjc9mYN3ChlknU+d5hVtpE+tzjmWhdHjX9ZhKe7H+8IN5GLBE3JCqqVXWUHype8sA+9y4cp9Y9fWdj7PxQUxBVqnybGbHOeyhjJEXaufPonPce26fX9Y4NE8B/Vwj59v9w4uUI7UfQKvIsvAy3n6ar1clLur8LQ0bP7xp/8SAdLSklA/BNizxEUHBvF1uUWkBPVbP/EG2GDwfT0yI5eA9q9rweh0rmh5ua73PByU41Mt/tQ90miFTezSQv+HJFm3D5lPvWHrJAVzUO66H3WoEZPk8qrZ7Y8qbeXYIRA0C7wtc4SBjefDYeFpgtKKaG5mTrXMwQJNN6MC5/1urgWV1BoSSIwnOGYU/27r9VvtdWl/0qqBqoOSt3crf4kxtNGKTo8trF9LuG/dzu4EOnns1LcXSKpKth2znHPAyXp5m4WX8ZxjXfpeBHFQ0wejaPReb8zZxkVlKtGZMlM/kZQy1key2mrxLxVI6yO6lF3jSmtjeK9t6twDWIrfk3uPUkkYZJY8rIAMBJhwFN6iZlQ7NBCq19UT14kkA6S/fVmz2X30ntx+dCD2tMLn3K9+G+tTdTeiR3GN8srtR33vFQChxhThvb1mwGVQi6NKUrNHiXoFWjD/i9aluzUseb0lss1zVnnpuRmWsnBGasqFxqpshZOBQvpzF9I4+6EAtPoFf76ac2mFbgUQdx5sqCOJmEfHLYMx9un0/k9a/OeVKsgVZlUXzJi5q5eFvmjvUwqgHO+AVA6VMjXWdP8+BQl10spAIpH5jM5ZHDD/bRLpi1jO93vW+qVqAbMt52HWgVc7LXfm2NeOpQbIzKiOFOaoJQpVZQbw1L4cNvlGpFv74CgyzZEG8zmcEc35La7yfnBtnXAh/kuHdHAGZ1B+xlwfGjyZoYXiSYtL+W2KQ+lD6YYxtbht2i91MQVYMMwE6rlxOQUozZFg5n91RqvEWjcmgW0XR42N56lQyD/m+NFNWf5oev/r0Y2gmxmQEupds25ksTwT664llUzShWJ6F935CnHS/t4R9Op7IVMULSUmXIQ36aTKVAQeG0To+i5Ftbb6je4YeK4w3JJ23z9yBhBteQxTnnZpzHqmYh1FJO0+IS4GhYn+62sGz/GbkWoRO/NOCb32TyJM8QuEtop59e0N6vwl0N0WdF1IK8tCtdUe2RwYmgtDer7Wc8aHMAnJUPjjUKhF92v4HGKMpknB4Exr8SUhFNKKHWdKayS1f7f4EAHmqnk9qkkMky5ndYqEnytYN7Lh8yNoCwXHGvN1v5EonRYAVfjLzFSaxkRqRNU5odWr5aTaAMy9fDGQ/An9QegOgtt1JyFHdpJbn+JQRYWrUOSij3Q7xADpj7MF15SDtW8oOs/paGX1Psr6puMZ0BpMKTusxXLi9u6D7fcz6S0HAvulnPSbt2NJJT19pe+hQbO2sTMgzWga6H+R0nxntxCARdDjwOqm41feR/bJ5gPYbU6cSnZoifXSrM3Wl6L6Kxx4cy7hJqSIzFERngK4HMe+QRUTnN8X7Uk4hsSVJEVBaS1KLTdilQKrdNcWBZRDoCnX1omgrOMkrJk4SApZH/MuRzEgOxc+0AavbJnefD/4MniHWli/NbAtReHDl8xKammHddSC+aacet5rsnSYAzCcWAEmMbgE735KJFwfd0L/xaHLzmCJ56sWPV3jJ0QvWrWXPX5kFlpWvAeP9OK+LVsKhLoNynYGHeHxvsNZs2+LKhEr+ZAc72abE+e9+zUo4f1DsE9bIgHvHVNZgywU10DmLtTlU6YMS8VEqJNfMPJ3RebF9FF6BQLAMrZDjPgJCXU3FbRiMUrsOMY2HU1mntz5xSGUR2Q6x5bkejiGOr6fwmZ8Rp2W3+h7e0mCKvAZiwJfPLtv3/q2Ya8By02M/8eqvGLxcR/FBeYejm6xzLMD67CJw5oXPHrX0eXtQW19a9yG7xSC7T/Q5Vz7ymltq22axkM6M/dydbUlAKsPyDBfS/OHqhdIqLH09QmBf2NfJTLvM/UHLy1wy4wc5nlNIf1gu6p94/6JZfNFI0XRY/lYbXpd3Soo0ES+X4kiCPoOZmRhnYDUYOZpvlCPaO6Yofox5kJjXYWJOLxvvAhgyHiykgjVFGv51a+/FzamQROxpFs5rQ9GJsZYLPbgRTIfGot6cRI+a0P4atJWY4INvCP5xdooblhUwojSe3lMcfG/1J1BysxCarcWPuayqh3Km1m+91wdK06IWaKk5JQf/iS8ZDYnkwYNqaaxI297ElQ9YygQXR32kZ2IV8BZhmIeqSHCgkOd9hMCL03hVIe3a+IRS2U7IjsVPcWQFll+OnRHqV46pTOu4xmLRxIOF2Q8o/iNAm0+WyPoicomWZKHuj3HwYWeGX8bde8yn30I0Qa1lq4MO3Pso5pQZYDFfv0URmE7vswsw3AhLp+e7KYmLE+srBb5M/UvCp8afXPpqtlSkXVrhgomMH73ZMbcooIW31Nza5I5WaUV0aSh1rSPElN8DDqWenDD0FXyN9xXXxiCenTT3PLO0BqSrS4dY3BEGcpZ0W0kYV69RP7LXspzDTyRxtq4wpx8GDB5T+bn47xTyH1hXrgyzfYsJDBw8Zpcgb3y6cgd+fnaghHUXqFOtFEwmrw8qIhSIKllcOsoLmzQ0hq71WNZVe4o+I2O02j4sX5o7hGsLJ7W8tzrGXZwmqvp+08MDE57B8PmI7/3ahw+iKaJ87Duog83WwpCvpF81kdLEbVOc+/tmoO9b8enubpb4Ayoqr/zdjYBBlEjBgQy/BknsiRZyxLVJC3P51qEUSZVsH7aln1kX3MpWlLFbk2Abv/I/x/HG3sK7JDcR4FYlTra/u4g949q3njyGOVEkpZ4AAQsQn0vF+/IkV/Of2zFRTxw1GBIL4vhTm2zBbc9cayJ0V3l714gDXXO6YDcWjEUQxV2i3l8QBvki2aisLMuffryPZhs4gBht3EX0Wwmcq3ODz1ZWsN448hC3wmLyE9gbQlP7tbDzd3SQEdUzvaOPm//aD81CmBvn7AO4qdStamaUhr3hHcwqUvgFZqar2H0arBCpOq/pFWHhWtdnso9oUMn3ntWLXflWvKRQ+8bIke9b/0yGxkPmlH6uSBO/UBlpCuweHf+tHq3S5qfLX2qTjJ4AD3tWZbwpjbNful9zIM78vFJ/MywwfVJINQGwt7Q6bWxWylzrOfgn06T7awNjWBc1kZAuKqXrox5TJXzzaxLpEpDZ1nx+CICF5QDAgrwE+tIMz9cpPM8+z//szZyUbm8ueVWl7k0f+/7rdbyddgAZjq/biS43ZUKUNMaAj+W4mqngXCBJ/4Hy/4Gy+dAvVnVl9xGM/Hp869JVe95nuKGrbk4NWVF/oxukWj9vWM72e8d/IDfSQWP0yfoFtIcgainyHWStnh/sEG1d/Ue3/heK/7hwyz5Ldvy48Hsv+vgPlOsOMRu6bAFZ7aFff8UR5BdQQxPcdf44BQoDgcO9Spfyxyma+nGqzKqiXH7e+QuM/jgdzT9OFX9pHuDyj07BZj+4rG1/juH7HYGq9O88B07/+hxRu2Y/rvsPhGjvntm0ugERmn+dmPvstA7Lr9P1v+bvBN90DcEIqPLz88f7W/Hr328j8xj1/+5W9l/nCrTTD58uAk/9vRv6p3qxss9WgTp/EF/NyXAv6T2vRNSN9299PI+/GQiQtr5j+Vc+5f8Cw/2vdPBfnYDnffv9I7NFVRvFVVst/8cn4P/i0//1o76GKL0vZqM26pOqv4U4CKzQr5PEDX2yfm50SM5/MOq/ffq7s36eRX73ZMiNJuD8XlZLZo1RAk7vnwgMrFy69gtR/0WMQ+/jqK1uGRHlb5VoyT7ggqptuaEdPt9hoPn3c58HAFclUcv8ekNXpSlohf0jUML/WUhEKPgXivgdJKJ/gokYRv6CkH/ERQT5N4EiAf3fBMXf0jMGQX9sxi4/Vb78SpbmA1R9+H6VeZb79av2/fo/dPifoEPyd3SIkP8d6BD9Ax3y0VzGQ/RJf11o9dYolnuyfmLUfB+AaQI/3WOoQB1o6KtuQtYSLffv31N/tdifYe3TDAwF+sdrnt5D+F4LDm5+kbVslDTFt42fK9cPPVibefkMTfab5aSQGCWIv/zi/Tq5yB8XPsUzKsXu88UnSqt7bX/zG02mEEn+0+T2K31if0Zu5T1d131R1P768P8CcoJ/L+X9mZiH0b/8vOq3lET+RJ5/PSlhfwJpf0UFv1njuYzSYf91Sv6y4NCfzeDf3Jh3GyNouTvuJRzLX6LPZ9hn5Jd76asxSxlwCFoH0wT9AogiBROIgV76YUm+hIH/Oa38Z9f9D6iSpAj158T1F8T5PfH+StH/AvKgCPgXmiYIGidwBCZR+nfUQlJ/pBYS+oWifl4NoxD2JzrCv41w8P8hnP9fEA6OEb/g/71Ih/pvQzr12o1S/zvKgfGfhIOCBf1e+cwi0CeO/23O9seF/q/RV1uNz18f80/p5k8ITbg/KPpH4qS/n38NraG/52Ew/kdU+glUv6Ul+t9FS+T/wNC/BIZ+0hv8ryGTG5Fg+DeIBP8eklD4vxkkkcT/kNF/QzIi/4qx/Z6MSPq/l0iE/hNEBJjG+CczjoP/fl2Z35z/8fkzjYn4fv5T04xAydD3WbJE8c/hQH9fYfkruzTxJxoLCf0J3GPYv22O/8wE81/RWv+TiipKoDSa/jOKapJk+Hej/Kd245/aPn6nWf9xvf8+Mf7jzfZ/ZDVHL+yJLW/+n0+IVt1KS35E/NlqPo4l69MvhSLQoy+qPvt7dgn4H6/w71fqb5gO8jylv9vpj3YmJEn+Jtz91cr9Ndgvw/iTxPRhrpZq+FPe8PqrC/7CI/5oBfvdK6l/grb+9dTy81fod9DwJ9op8WeCIPxvoyXkzyTBHybN+D/+GdMs8fdMs+Di+6L8B5H9f9f9cc5/08T/bqdOX+VVBkx5zLp8LVHRlzJ+Ps7nT2y2Pwb4h9PxX5/7w4l/15Nhf286/zcf4V8LA39L6vntrqb+5q7+UxCJcOhvamz/vq34C0LQv/n81ZsT8o+iNkHRv5DoH3fnv8LM+Oebk/zHbPunQFx1UQHm6/uXmcdbYPkpXP88yKsDLPvfBNB4WJah+5tL92sPfBot0U2tPw4RYQTv9LjKZTVzhxSxGIAbwdtyyodT3N988A8vcUwA/laSPvZfRwP/bZmQxHxmLCEMcKLdLaG97i+vx84w3KGyjDwl4n2CZdPRFUrIe8Cq1r232MLLUKSr0MKx2Gd+fPgD0/pySUS4TcVHkYnwHPcqkfFQFXjmFnQOAY5jz4UCi6qkZ0Hc1+ypONNSW74djuVjVG4l3lnfHLZLNabcgy70p9yE9WiZj+AvbSadCRLQDenT3LWK2lI0RV99cr06+gxP6tDsBn9dzPm6pPPl3/dX8JV5OBT4xXLfX/9s+zftP0L/XSdde4+n3eKKPUMxIAJP3lLfoKVK+sv1P///y/Pdz2A7EC11JZQ+GeJ10mty/mV+6hhsCVHYX9djVTl6ie9n56rftyU9yyUW8Uvr35DTub97truP9df5WwOEXl5oWSYcdbxqZktgE09EZ7vvuWLUPQPEtUIvqKVi+H37HIvF3rEm1wjW658c698bpzmGXfB327nnsQurH+P87Xz/mPObTh7wW2vM9p5zJPRMMenoRfqxFnvgy1fofp/tpg25TRAaTrp3+9ft/Gjrx5xpXbsmqFnG93WWA8L0wMq8unYM+eE0HxKkOsb1ru9u+eBQHQcxbAN6O8GuOcH1voxDrQvMtPftbgXMIhF5+JWKwj3rrmzyf6/ne3VQdwlvCvttz+bve77++Z7veaxTD27j3vxDzzpH32vIvm0b0Kw8pp3bmL28xfbfnON/YnSa/Y9H9yulE+bfG91fev1nVkPj//lerb+zGt9e+ZFPOrdMRfp0RXqLeZz9QY+sEYk0FKPvIUaZwoDUQq2Z420xg+0J9b3K39+UX/vSmvcZesJ9TnZihJ713+8l6kvX9ajfdAtmoPziRY0d97pAkRd2WkOfkeeu91jvY3r9zf3UC/0TrPmJcxz9xRynMcX7nvvaH/j4xct7bb9p0WjmRupQb2XzITjZ+7PkRpc8BQ+4TTd79s0zgKCSr9oPli7aJXmeZdys3dqNjSE8T2XlxKF6tJ3cCSgetCytgZw/BQvc0V3h2CtsIF8NnYWC6ggwYzyScmZixaht1Na/lUApGibtzR+7dWrblRytjAQBEdmANtShprm/fHOIAW95HN1yJat/eL1x9ZXEUDfgeKodLp0l6TNEMS0mCMR/fT3mOu5d+0YdxNeKh9RzOFfM/8AUcEIn3PobROmjn5ioQCoe1wAerMgqgZ+TWO++/pjvp+bYa5UUvhdAempi1Dvt6TZ98SS73bIbS36eJTmh33I3Neao9HYMGXndsKaDKhH4HinGdJDL+nVvBP6NaroV9sdSmTxmc3ANz+iwxWzvFIHIT5fiynEhfTvQy3giAdofynXZ9LXVg6On4VxV87deG/PTqzJOBDroa1Yy7CSnYZBEeniNdTS/KxAt+uZzV32MrO4UIGPKie4pUREqjzrx/P66IxOPIT83+12QDfrD1zCKmGKo9wvepAq4ZtIhecFlUbwRcOSxaBUTeV1XHSFm5Hu6pn4OKwNEIaBXAPdkvgwzwmDNM/+uQyTpQ588MXr0SbJRizx1vx6fGN1c4VnvoKrQ46o84AC97j7OYfq1ztbn66uaRHOxAZd6NiTATa1eIFdbva5AJGfBNDgTxK3QD/h4z7qJo/nXV1LV3kJBlGETPYXjEKA84bF7G34DvkFCdZbflqV+EBdaUC7k/PB3LY6MFkkmT2KbrlHIMsntufeOdci7C6UNHukk2VLYZgj1Zb0q+a2v63dNIVFj8LXEYpJvtFxf0mnfaQfaZUqKUBS1lAH5JF/fXCRsOd6/wCI5KfDG/lgH6SBzOBAg5gFUcWA5pBensQtFedgNgVD950//zxCyZx48blnAkPA4kasaJpeTC1a33E91Dy22r/fUg0ySmPLG3sBHdID9Qm8hEGuy+zN6f4d58iBJRuXzNRk6v8rEdcCc4pmLoXjPeBDEtnlw187uB5aRG/Zsoi7+hkI0u9MswfPNAydfAT+gEeRNe4IAsNFW+x/PiA/hbuuMTRwJ9FBNekAKp4kuDERr3FNONi7yzkQ8kKCTUFIKeCwfAz9zr6yLhux4sCRFkJ+UVlVvZZ6km1f4PLPxjf2SC/e9IbvXjxUOB4aUurrbk/sJIIxZvzVWI367GBKk5nmG0UTk04Q0HlYqM/BoLs0pYD4Y5xY6Sl+yoKseSNuFRlYd8TZy6Jr+WQ9iDLbqx17IIvVluS96z9v4GaSsqncoJ7x7YgfZLpN6vNCFMn7unOwEiAlSAgskiPR4YEW9ofGTcODXrBKG7WCqRSkwTqKdV5opLgU/RtVODE6UeKrUH82wqOFiniJG9Y0FEjAaSvwIEeCsPZFE4fb2DJUK9kyY1ftSn7ebm6bXZmtD2YdpjZo16t0dKjQ/QQS+ucSC4CqSvCZF5RyE8tzfsbN0bx02YnrjPh7mcTM2VgCzyRXbAdUEaMxYa6/LWESg5GgKvPF2P9yJrCGr9QGHq5mteJTyUue5ZlB0Y2If6jDQRHFKDMkex9uez/NVkHXw9X931yLkeQmET+xFFGI0cFj215GxURLmUc/QjpsPGXQTk1lk3Wzz0+rCJw6x6fOJWxSQX2aHYzeqwgO/GHiro5VTuSdMwT6ZYpB++RcIQZ62ORg+lSaTufrGeRAm6D7sYl8ySerrNWbAVny/0Zh/uIXDKKe4VvQHeTwtcyttuD5B/i0iAQm5hI7uSTR9layd2PA8KxVD1M+3aYRgceu1MNrRwbwxO2FpymjXogreiMK8rHca3YI8A5eloxFP7me7tTw28TDstUIKkc3gcGtyQttwYu/nZ1KRYOfNR8zeDI4ObYKFwm/4yhLuxeIaasww448oL+GlEsDVezFpenbwpfIgLeFzSsILo1TW/MsEoBeFtH4YBufrVjeHRX6X75oh0ScT8O/PtIL0Uz32TR5nmWkmH8ZOCmuNGw7NPmxQvok1SsPe8p2keSpW4hSyGg0HvvcY4tUfh931jKoe7KCg+l67zGyukiRx+pq3joEZOLwdhPni0qkiHx+feb8C1y+78YE82weRVte+EjRyLYsHMEQ8PGEHeUl68psbl/fxq1G2g2b4rRkKGc07svX6aR2VIgXRm7OdG8ykTGBbpIkHohrCz81mWsLQnrw0NjvK81w5jeYTHnLB950GxWuGRvJzFcRbKvK5bNw3P1gYTmeNkyzEkdJbEHHRD9NI1pwCJAStJpMZu/c6G88Cx0L8Mx7sHARPGt5L4a6gq6C+vxykfs1IZdJx0GeJn2XfSAb/ZFzYYM3svaHInt5CpQvd29F9D7QaC9UePAAV1GiB7oc7o69vFoPHXur+0pzDiFysy6BcS5Cl+JgIaS0X3EbWIO0Eo4dEIWAetyB63bNfDj5EbLRNNvxZHNoQp+czJOxb8BlblXvhWPWClTfTT+/eafSNyNYP2ZAXkKPEb7ZrZZO6B78GRewGxTuiWzk0Uv0qsR/c3K85TpFBKP02xDjNWV2YxeiccSr/BHVwFWRkp6USJL5VCoFYmjwfqClFjOwGmVjuoR5k9bSTZGFEshFJ3t6fDofJ7drZNtM3l+3Tb7Y5csO7d2zyzPLv/JkKs6H9oARUyegDLO/Giw7Yt8tLKian0yy7kkiwik6CZFYZdMUFLUqlNj8mmG9Qhr1BWo9ZzxWT0vK4Uwf1LkMxO0IrTXE1ROua5kfm3mPKMgnvfLWN0M78pwYrCb7Fspgtf+GHC1v0PojBVRKTUdD+3aOCWb1ndmXg/DUy0FTNPEY+yUsJjtWvoUS71RMM83H5s20dVvrrE6VyqQPiJVLpIggluRCdkCj0sfmn5UwgOqsInEeoAEFI3xb7NUvHRU2OP16Mj4j806rx7IHWQJDLyaNfyV7/8ijNngSqLGPEhx7N5CW2fEyssiPeY6yzQWbcSJ6stFB2Dew1Q2rnZe99Wbrnzr0W7NZeYg4Rwihhnj3crPrsLlJJFayB6ti9myYsXaR18K1I7JwkJxe8HTabhe+lbp96JzSbiT5r8uxRNIl/XTv73vx1Hj5XHIf2OOB5axiYJzPT8q0kPIpyn76Z4rVX3sMVHSg+tNIL+pQnG1EFl1ftllHUheaOanpdKtYC6fwi2HdfQyXJf3ZG4pB7yAPLlQkO9MG3szJ+A+L5vCiCfkTFZBHImcsojdKetKTHo9o+Gfi5alyiEn66sXSSsTlLMM7DbhJktm/xEmICw+cbT9D2iNEkxmqv7VicEumc3ZJwbaHbUiinS3nLFbECge0rZRFt/XFfhqOBquefIBzbh7gMGkgP5X/DrByDB5OPpM4rW/R36YGMF6wpjDJnYGPBjRTpOE8RUuuGQLPwuSe4D0LD2aSYg6+MJCY3VTx99nEKcKiubDCpijgwsGV9a5eTTg09NCrueO6dkLc6p8uGgHmDHHQmqd002z9n+pNmX6yMX4o8vPcbPMqXVJeNxzLWYd9TFiRYdOtVkFu8c8YmLxyZoGNS+BR/MYI966lLMeKenHIEbQPQkW5NJGkj8whF34cWAbNt4tbR65ze5fBRHvVVp+mKrabDu03kMwBUc6hrO9VDbhWin6dhFzsLpMGeEUV2m91XbxXrAFym4014MfB77QBfL94g8cjk2BCagynVEe2DXwQsXLAxK5qMN9erRKpTOMnKvZnBJ/DbNlrwNCnCeiInDya08wddJOfoJXOcvq7Tg71tSSVcnKzeiRDtXdIF8lEdM4NKOcLi3KdGirU6WYNmSuytHww4KCpzfJOMrmdVnUHEG6Yf01RMvrAf1wtUdxFqLO535oeORhigCo1wBNw80rMeu6zfX4YrJ94VSDuqa/QS3XeHT79NqR5OyA/zsuSX5NnQiQlU2JlHJTGBxBBA1P6Y6cZ0WUv5DwsEZwPFi853FIOGU1RK2JVROJgGEk367BvxB/Ea0HeeEIo3fV+OiyHRq4gYMaWPu/8egahzEClxLW/7VURI48pKoIrPezqXCsY6gURBvKxB6if3KtBU51U8Z2sm82N/g6g0dE2LpCOWfu6OSBObwTD+triP3uZ/SOo3F9e5NHhPc/sc9taLsuDQloOex2OzjSPzvErR4BTd0ErN0+SqVuWdhKUza1Jkp0mbDjPEHXXItCA9nVDMTjp/yzOWGNAMl0kdKdigKRrtWdxw+4ffz+2yVLr38XSeOjLifEPfPXSvRICSlyj2MYtCPjMLoiy/1YmH3+hQuedWV9PjBQUN6+9dBcuvwFl812Iu7DDpGyZvUdRZLdnktqaXup7ojbkLnod4KzD0vHvFNwtwqTkPXzFiFHkndZxfYuPvGakR9pHsY7gA2kY7c708Tz2haVHdj2aPSR8kBYv4cknzaKYCBeYW6OAqlJ7qJ0cfrnwLXRvAE2yETrHVVsIyPluhSALCZA7naFG6M7hzqTKddBYWHpy3+8mcU696WAOedWtrkIxRIrZVdAhHwMtGNl+mYUP9VLdoVTZfWtUiBgQcOzmvQ+qj3oNAkWH/Fkvqe2crl7zka+i90lFitnd8S7oo8pTyy72JRlP8OU/Q1Uj3qvNDnOObh8xrstp/yLJ1aHQNJrdg2Rccyqo4t5DL+wjE0LPbhpKDPZWBJ9iOOO30om/WNZ1fCwdTizCXLxOTHflcNYW3FIN9MwXfR/3Q1xVHyobZYyLsEY1Zw8YyUzjvwqYvbKHLETIrkUmZN5lIgHuvr/FaksMY7RfAaZavIelDclYllP1IleY3kVw93INzsw0m40yBw0thU0Pa3jWcQ9Iqr8eWApq+HgzNtfaqfXTytG6V2MmikZPg5ox39DXJjK/ZtBOMx6163cIaHpbeOE5MeaN5oZBLzmtYBNkNyElgoomIe201rtgjv7XFZ0FnT6tKS8zVlyQiN6UBKW6sad2B7OtbVhjZj3CzsrCNRdegJ4GI8qEa3EubPRXw3yYYCTVo36YSmE22Pc7CoQUFxNlXDd9DF2MOgP2ilZcTeC9dUfjQj1aUbU44omigKjeQd14WHh/Rklcg+bHUDD8v3udtlAj0XP6hccknsqgZSH/rbzQxeKObxHPJVv3GEC+9U99HlmCa9wM1UzU9yQ0Fz8CvgHfITAxHxhOutHvNGD+CzeeQywJDINTDeM1G64GQ3U8ku71l9CC7yDTbT+GRZ1SqkINmlytNUEXsIxQVpPTzQYDE2T0DHs2bk9rhhUEWFSa3ga1uL5VfA42b17NpL5rTRoxFdP1MBMJMQK1xVhjEr63lfRggPxMyMLhR7dLlsJ7zFE6W5dQohgqbVCC3tnlGydMGTrsbeCe/u7KZbLtCCYM5UoKIo5eM9ipfexoGWzyJ8OgK8Ax1eQMXsB0SeR0J/dCzlwUsPBMYWksdD8Hh1MFmP5M2egyeJA+b3Rj3q1xz1cJYy1jL2doJ9vLNKHCuPdZR6mNtT3YMr8fpoJu4ed5HMmDbWKEDnQQ/na3FPeiWudmfe6pTtkf19dMqiTuF/omUxXp9om96l+O1Q7spbgT3wMSA0RwmzXUvnahPS3lvL7Vf7qXEJikCydtwTQd9hZcuIF4oj5VMf8yEMTKYIDBFGTLqi9WYcEYMsNwommCcL/cWXbhoOA83hZ8O+7QyKHmudGDO4o7aQ+KMwVvH8RB2MJGOrTkK6dpXJVcYxSKEBQFFQK6mAvq0ExxIyYcV5sBN9Vx11JQUK1bXb9H71FIU2CCTaecCwgJv24UHVJ3tmRPYrjqjS73yMjOlqfALbXysRi0t0/Fx7aShm+n5NBhPaN56ox1WJLUIjiPts2MbN88uwkaTof9w7frSdj9ez8EAFkzhkwCLzjFiGlnYM+YVfpgPDJAbKuGBsQmPUj7z+lTQ5Q0LcQl+zJAzPz+AYaR7PROLD49eOF0E4ni4f7WMLbX9Q3+/V4LPZhfUXxGHWBA1V1jIUCRjHA/mjGUEsvtaEJ6O6EwYY+wPrkjsgsWxfCCAPV+sXxnB+g5CWdMRg6q+AfYh2rUQRM5YVeUpYzTJsYb+OqHQTQ/o4/SN1d1SlvQMZaVb083rhjbSDfNENBG2g/3lzg4kLpqaaaJ44hNMiw3kFzrdn/quA0OKKatMXaD8YBV057iL0i8pFmntQD8952jUkly2EvOYxlPWWUHx9xt1Ppu2DshC8Acl86ohYscqdZ4xw+atoAEzUFSI4fWDX/HFC5Cg/lkLvBarN7nLhpu3dPccRzWq47nfmzjOj6DTmJofoj1oj/iWVLlM8jTv/YTmuPjU8Hgqr9LlzgJpmBm8Q5Sw/IHi0gLYcGv2BLAeVgeLqXcHPIM5Z5CtEBVggqEyXudDU/3JFtYrnlPQbsx7fqIAa4l8BDbJwiesGymAVcZliLL3bvXZkeI6Iiet/Nayf3FMbceDaurrSH4EWtDB2cZ2rpm55ZYrKKhnujyxmNSxZH8aV0EdWIRO+lWwMBPNKflweMTyaRT3IdrfMcUj1JlxDIqUEXzp+VYQComPk+SorN1d9Ni8kukWKnMnJyZ70r+opzFZDN4JyIBcMId5uzupfl/odEU7sZkhMv4yf/SEEzU7ct0ncksO7JmGYWM8dCVldP8C4+ZBCoj8RfeQJsMSPL/sMx4f6jd/JBAtwJxQA5k8c762YSpimuYdYhhnnyThzpGOKaoHQ8ThigTjO41lPKeLX/RBeUCe4eWq/QoAVtfiN0kZneoVgWTv9kN2M1d0ELkamAU6+ib/O3wfq2pDlIlwVOIuP64c8CP2ovU+ndX3G74gtHho4oGINXduWiiQltNEFV2Usfg2FmxKPvUyFHkvIsq04tni0+RhLIRdQ2aHqRkmOkAML4/4yUAF2Z5QtPUto62J03WfjMin8Zu5o674lx3ZciGNONkqnrjFZrIlBUSG2j2gkYt6WGX5D+odMfPyQZvfGkHnXoM1iAwfTePiNTmhGZw9MWEFHqY67ADbc+1UBWMVhZrkjEeV34oTFR4Y+uRo6l7oUKgDDeSRvJMPvNOo7vvi++YT/S1XLVFt7Z+AQh80/HqALO+u+1LXJzFlNBcI13Rmj4KQKCKmvcXJcOiL57KWBRAc0cHDxD4+59IbCmxx26WXV/VUF8asCt3EmhK+cE/db+jrEzt8aomewLTuJAi7qh962jR0T6GPvKa7C2+WZtJQjpdhVibSGXezCZf4aYW8aXo4pUMXvpIvvG5LQmO4OqbzgRTC2me+7xHDpjyuDObRfGVzJFPGurqfjFYhy/xMVgMl2bLxUOYxnL6TUuijkN75kYxWy65LzdjV7K2kd7v9zrCNQ2iayJ9TMw0aKqxwhpSvhKFz/LzVouc2D4336nv+8XByKjs2LYDmUZzrCeOo+uGfYukclvDy7HqhOWKoxSf8ZFwC/VFgWLoSVgyyfGQ8Bxb8vERFm4Ro4GXM0hzHHKB2VwfZal4dwZpjq0fxADuAORkwEuATKmj5GNH5lXlUa0yQ2BNMXW/rCnRkM6EV/Jo9nOT7C2RScoFNFRh8gw/ab4DBg5o84GXYN1VtpGkeWido0bL6UCWEfT4h3c3v/vvEJwh6WK4VFLplR5WJ2T4gYOIJiWtu/DBusMaFAuF6/JKYDiD6+hDg9VaOZ5obkj1t27u3hv22fotG52Sn87q/5reu/32v64tgLAe7P4B5TCY2Ux9SEtRY/QqObDj0/Tvm9lSONtDHj9TVy0vVKbyv9MsL63tJ73NSDSABSAY2LQLT/wz0Rbv3mK2Ka3jF3vRj0OnmJj10JpkU5DSus+lYR+1tJTp/C6UWHEstqmBMfwNlZmtaNJed+y1Dv7je4uKxyO88VCTf0vHAtKODnvFQA6+tk7etLxl4r22ZFjAORXLFY+qFzjYSMdGzalv6XjD+4gAjn/UXC2HQeIL80iyF+t9VfjKWJwdshxLKV1wVsIKDm8B7fPasyGC9hk8ifn2+/DUXaNKSfJlp1iVmzG+pO0menjEtwOiUbehx4Xr9zjWm2FF41T/j83rURW6vKZkp3yQ0tt2V/y9P17HlOBIjv2bv9OZIb0XvxBu96L39+mVWz24fZl6pqyUqMwFEBJDAgpVnqHxLsGT3EQH/jwIRw/j3AB/5sfYGPOMG8znLU9Rc1mXelNr3Jq/oqE6SGMwbxnXoKnHgHTzrMWw7y2nwFYyKwdjrtyAy0DgTLlXa6OCb+1d//hEDmqj3xZoqrceh0nHIPUY5+vW8pwnirzmAQ1Lmla300ZD13roU1g3Ucromrv1YTcY5OfDMkGpLeHNyaF+QYJydaKFCWwf088d1VrHQy3qYSx2JqBPGMP3BuI4XviVxwPjBBefLFLP1+JXqKJh2l3wbkcgDcIJ2Fia4isl18dTFG8tMmoDCCs60cimvPScu/NHf090OrcUrE+Y5DxggQ4IkzW9ZkL5irZr6pri8GOBsxISFjVKcbjZ2fH6VhS3WD4SAZgc62PegRLpI5m9dBBSBPRwsmz3uRfyPBl8aUCLhxfIsQLO74uzxi5EyXnRsJzHuSJC9mjBZAzqp0WY5tWrX/j32n8GyUZdBb63vNN+R/2YA9oQEuVNnb/NzFYjadXZaqkT9Kxv53Dc80THUwwmaIryEXSpO4dDR9GmbY9H8cyrW8os1baI3eISmyraNjK822xsJPSr8impP7FDOD8+AtE5LAAbmRX1u6yIjUwPmE0nosvPYZH9dSY8LDWPgHRSY6gFFfvm9skQgGvGyMlsmFPSeN6tjdH2V6G+yonCE+G2qQoZSgB4XWFin3lT0WNv3ZVnUzEr+IQD6DL6LNRAynZR/bS4x1IRNFXT/og8oRq3Yf80OLo+y+LBadN/puNVZeNbF+JucG0WOZrmLZk25mSp6ASsqmor3+AxAnh26jzGwgG9ti7y+P1nPmX3dFAY7hayTi2DHUgdYtz8CyUFmTMNkp7tuOs+grzs21tnSKH5SdR5bZ/9INdtEJ4ShzJfAlF0ERe/ORfbqp5noH7TOfzW92cgyWenfMhTa85TqqT8qCA5BCdU88xBHuz+ICgGS6e62bFR50WQ3mCgpfj0UCwYifkE6QlD8/pFJJSFJH5DLhb++uLkX2sy3pnJgnborx8xEA6ixAHRYqkTQRI4tKWuoga8Z1ZzVUSugdStqt7Ih/iDA+SX1rb8M54o/Tf1ZdoB8P97vBuKvhFxj1iesxp1wFQ4fgBXJzeVFUaCddD6OBm61JjXWdcYlPZR2q7bSdi0uJ8eBL3ppcTnBfgR6WH8tSVNTWa4rWvnjmGdxom5s/a13NK81dLFiweT041gFbvI3Un3mO87WwoVYSM0/nMkSrWP6QDZIN0X6LC+XI+HyqsTd8EPBB8MMxaljG4rPSVb/0N7LzM8pir707v/NpQJeeDicoydA6PUWBKqYQtThQTBK8ArkD930MkIXRJCqTiiamvc9YJkt7qjFFDuZl2ROvzzZwkBK/Iz/JkOWDXr2A9YkeeCQXj5ew4c4rrIFdceEKpEYjcGCHHGtK5tCkspZ99e4L5TOrYeQZVKyrugtWAXj9mBS4SjTIbrHf6D1RSz5+TzWdHwR3eKDfYxNyLkBsBiaIpZ90pzffWFuq0LdegCHBk+nZurp71djVK0OXx+4hMty0OGskdcf4i+Z6sN31Gxa1jE5Tal/7f2vTI8nvGcwSWzeZJv1lSVTAFi7xThieUcYWHo9JRvKZbJ3At+hCLLKSd6glsxUNQfdul89273hW1USKdwm8qcZlTZw53cUrey/4cXV4i0LidehrDY6nhcRjgGEP2HhDE+P5lUVKVpGHEaBd3wDm7xAzlM518lHJJ72wLupokQx5fAjK0pcyuolsyKloU/lwOGT8ELNoAjvGvlJ556U9k4HMhKb1IEDACdkWWFzy6Ta9lfUIATG10RSV6VBhgfKQXt68dx55DsvMhMxRybI7e+7hnw92mHHlZjcDrxW0R+VImL/+0YtUe5v62+s/R0RmyMBV4/AK5S9O/6DGDPhFXzXT0RjVkGFJN81J1tQn63iGF0VpqNWIoirvj1wClZB5vMbu06oAHrPXOtJkDrWVnYh/twM3qsfjW0l6Il+qN9h1v5ZS6VBiPxB2ZO1SnksH6915xL+m/sLvqCRs/uL5yFrIkQaqssLW+nm+OGYO2py7jgjoQbL+BcCW/hfiL9MuMXUOXGjfIJhZM3aXAGvT4XwZJyIPyijuKC8Tj4BPk01VQdHXfX00hXgc9ck1TGwYKoKj93/vSXg/RvL5eYDLtOIt89mH+Kn8cSoNARcoDQxkFmvy+N9hfaZEMbDm/DFKJSsmjMbLS+DdoqRHSYFbW9m+6Tv0qAHBHZNnECiJYIOkdTYdNyVL0NdZRUSqIl4a3wD+YQ9FlJ2AibR0x3vFNthQPtwMTVQwwYbL1/+zHSnOM4ws/A2SzGfS+mVFEh2ZOZzKeUwzGNK4WgsCcY6byRpkZ25kDQHXxCcsL9kIo8+lAnQwX0617QPBm0dCBUukT+6M7hcIgbjXAyX6I1MKDBM6UNg27s13Llszmx9cAnMcPcfpakv/ANeuz9Evzjye0Os9iQ7r7lKNx8nIcXpO9DZI+WVVWEikoEGUG9m4lS6oBLYfi+mcBK4vNZPT6nIPo5/+vO994GZ17vYpN7wk661TctCZ1cRPAj2jVRH1bY8C3R/oP2VBULAtUf17RSpBnOOlJ6hiYH2on9Yy6HpPXhIGvd5j/xSDLwTTFp/RbGqagB1M9EWbDkq6IrrbY/JAaKyfZ8toyhZIsmliQSjqfUrMQeCZf/OykI/2SgF0CWA3S2HTyZvx30cmPwL4upPGFS0KVcnv2Fp2AyF9Y/ROOTmKwR3xtZwPRHDXcFLIAHO/04ED1M/Mr+ZZKnSsytdgGUvyREOLYvEv2apIJnwN329HtuuCmMr/9Fmv2JpRtCljrbND5RFHGgyfbOtDLXmPZvcx1rSJ7qLKK83whuFEvhL2oTFv5mEP1QkElp8oveIv6/PYTtXGQX30GkFlKVzD/D3hrCx+mSt1bL/DUZDpAfcWwnIfU551muiQCfRDbzd3fhT3evM5X9Ko8Cb1jDdbWO4Qo3Mc6cBrMrNMZVOykJLVlectdFLsKS/cGFGByOYBOMq+m908oC4MNvFqIt1CL66py6JDhNjZOveN3ysh2cLXwFJIxmsrA9qUxWaoYg8XaSCED5+wVNf+0s0vUfTT35D1IGT+YUn+KDrY/XRYb7/GD5j8wC4fckoAvBrZJIk156B0CzsMyEOlOUqbwh4NVp/TV+Hcv6Qa/QSQATTKq5gVOQoYk3vHiKD/ub1eDBK8oiz4zHmrgoEaK71ueiriTj0blrbWQpPhiKsRBWoG1D5IIxSPPRqIY/icqE2OYp5s8o6fwOqTmyUebCT3NM1jyOhyRyjT4fthnnpiYDvvZSWl2Z5vgiEvRZ1sWUviP6DGOmwoVkVzpIevW6lOhwI/QTPZjwnRiQkool/0trRxyAgj8Z3Th+A70SOLYP60rr51pLb5jA94gJl8MQPGklBle0vP2Esx05o449K8px5N8t3Sdm4DoIwKy9t26/PSd9sNhwEEq/28jXub8tXhAGOWKARkxBwl1hFL6lqaylsFDqTjh3rCho3q+N1oTW2FPz9PZHai64TfI4ZwT1AjDrB23+AESE5rJe7YQ/bWAVw2ZqcKkpWVu4jMrQ56vik7uTvZc1C1dyJeAybJ6w0aAhZG5FZdmmRx2OhrBMKSIQD9rKdEsMT1UpKF+THqQoYBg/rCjRewETH44+6fgYFbhMGHJZN/Ku6IfIeFUv+9OWZ3c5TuHNR3T4oxJqhzUZPLs9x6pIm/wNMa6TTXc8Jehxq4N3pLJ+hPA3PVkU9Tc9eQEipJheZycRSizjGhtHRtzfwO5pFqQPlMKLpLpjThMEqU3QxWJQuvxZ7gj8lc6QU9AZsSpr9lc/cIQnw4WRZKO0XQlyKgSaCRFvqHFa1CNvl4A+paC9bI+/l/YMaCNP94pON1R0CS7Lmfl2kj47cNtPJInAGRFTNymq+eFEnV06rgKwIggZVqgq1cNjQwzaP6QCaQ6HtG8c/yn8k6c58FAbZf9yyR5RjWFZXuIL4hKAUZw+Y6RsRTv/J6sxqfsBJrVXd2ldLipcgrPKMg1zX0WD2jHBiIoTbqYitsKyZYHuVBtnsODmzWDUqY7yx4vcRtIaSCUbz99dI3UqkNd/CJ1H2ejVG8I+m4LXXNeBNQQz7bpl86R/DKI9xGJIkXBFqpmcxCpNCIg0rq/b2RRPqzf7q2thH9ONd+WF6S2Et5giUthidcLsECocLkrDVpFz136jq3I6+QeoWfPKLwN+c+LjnY46DX630D1dEfeny31pwT2o9RXFp+EAt9hkZnGiAYL85ymC7T+X15lqGES5NZWQFgpDPTCxBPuZ4mw9M4czGbVClsNhLB/InRLgJRwK3/IHI/xUMvE5NEbCjNEK4ypc2e/z+1ixLkbwJwHZV2ffqVu3p0uPr5hFhUmfcHiHRVYwTv25Pcz1oDIj7DlOL/IHbi2xOxiNrcQiKf+EvZj4dhRhb8xi2FpMe43PkxNWBUVMz+N4Xxw6PHtqhEqhIXgPIA2T3ACbpN1z5D31FQcoArmXptvI3ehnIE1UisiHkXMD9NhMH/gfwjNM3ziHW1O3WNHAJohp9hsiq9IpSbOCIMYHXjFMVqxUT6JKtTcOvKHqYl/X08JNdpWXMO4H3oN8eNMBn6ky7/ZqRMU9Z/AzjJlDUPXsxzij9dGrzKTrNx9603oqSA08SDVfIbSos6G+6MnDGBKjWbo7l0Jl8Jn+1WgRO/LmBwpg+t0VnKSNzzDnk0Uz4ix1BZ6ZFD079KFB1ov5hC704waHR84kI7duphWJnQQfmFeDeuu7SJeq8d6vk+pPZAcntAUFERvnJPFtrikCkfVeMZC6YVFddKctmpB7nDdxnCC0XmP5HdLEC68P3c4ZrkcNPZTJdAr/MwZ9wCcdPSrWRcA+vpZWyuVGeqKmgz2WnDWCDwrrRNzP3nn6BZzU0HfcInPglnQB28rYBurPsVdbC6mLJNLOjO/EaPFtaIjczIf/ceobLBpyzuHLmVcJaGak69uS1uExxVfwloZU25ixWfvNuclw3VgP6p3LoI0dnGPY3kXsohKCSLh5DdvtwYn9YJgQojejzpMSG7DU1jroWzEruhwQPLBx6BNQ86HYYsB9ss3AUvLSVcWX2ViOMBRPORT0yu3vTm4awl/7kLokqkdQn707Fc6mHplB/fpwBOEQTjRXePlXzsfLhoiyY7qn+8hVsAuiIIsUqyEZOX2n4pW0VsDipfPa9qryVGW7tBQ2FU7DPF2I00EtU3CVuhv+eYS9vs/GdLcNeMlb+FfB6QRWWO4jRVsC+EEzibfqyWVZJ6D1+Ifav/k22d7lAKKFYzUfXHsDEi1hVs9Z4/PwGEHmR3sWkDd/YlKovEa1n54tNCsv1MVuZ/obhhWHtUMeD/oa7J/tyAOvJzwDmPcd3w9MfXjtZPyQ3hFE1V8EqVgzq//wNUmYzibJ+9o2Nk6G7EvFzkBNhsu89SqM698r7xALKpY7UVd9WyIDbS1B/V5LKnNI+ZvhIZn9PFhPCETkvMPuKHOGBXxN/9Pa1poVNaGBily+6ZxCLfxP/hptPCAG3IPADgMpm0TniF9RTXeF30OLSqH4vjvlGUUVqvKPA3HxKWz+WJJocg4UFEM1lDmE9pWTt/UcAuPoJwvlyOsd8qa2s/A1hDtXXP8lsTPAFdMl/o3UgnxOfsXNgL3eJ+RZ1P0Um8aXkjDGLM/TBrE/HIMp4xM9MD23f30BvZmxpCvjesSq0LxYjpF2wuHDdYywpFd72pLloGp+Whwkc0UBBos26yIctyVb1e+c3kYk71OW5lnr8FZm5hnElzsZo9ta6xsIHnKTsJSJUM9AYHNSIeY4lk7SzQaF+27vRogggW2Q764cPxlrlIuucg6+Q+oKWYGT+gPQC4qOCC0dx+hHt2TyERUcRFAIErQARB40NhwrgUtQ/yFQRprYla9PMRygOF8DsP5U/vEwjOJFaZWi7htC+hJfHjVnhGR56CIjMW/fd15Hyxs6KPRiW9wzIl1ZG9RXpvOmGyQca/yAHU+0z5PvpLaH7YdCNNXJgKAup1V1JH8tEqFVqWS6UvBTX65CybZxKCsOy/6FISlJfa8hTHg/Al6ooaK3+DBFSkK2H707wWDCzXFxt0WWgZHyhGl+fT/U5IBAJYXdzK4RnmPDj400mV0+5ZX/bVUlmb2dq6QVLa+HIdfZ3/lI8oCOiaAvVFXaBpwwjVXVn+QCb0kgVq+HdOCpu3NHpN+0kMHzgCFj4V6l0dX4jqslHZBOcwvgJFVx1t2gEGioXe/1TuElo81PEFRcGXIK2AfJUmD0slO0MNd4sQhGHY0fd29F3u13ujJ1aRU2DY8QwFbyhC7Fwjl4Rn+/E0JPJ6cB3S5e8CIJ+bDyJQd9ouINzwLiWRzirZhEmJSxzAOHsw9cU5g6AeCttJEOmTuTGSt/4Fm5bHcxNIzFpfJRtsUXBoH0SOq6xb7v2nUMz/ZmjTLTolQqfqvyPORfGIs52f32YiBDqMfu6duEVw84WQXMKrr8cEjmRfvyM4qNggRrWW3w72p5S5CXaA6cxIvOG5zL5EfKfVFijBSQR1jZfX5XxqoRmslpVi0QLASMFuoudR5S8Nufom3ovTDZFFVyWegGqhe6HtqJ0UxoowAZpK1BmptAFeckbCjQ/cb+82zB1JjHzikv0HVhQlVmUXVeUr5FTAKET9csxcZnxogpkT7XzuyZh3VO+09obIWcAmE/9A8EMcvb7l0b4gToPrn1KF/9YGK5+ypIiKJBgMomIlOQHy6cHfY8ZlB5BmQdAfXxNPzcef0nrI8dwxIJWZgIW2UZWh5L1GV9rjuNFWiYPgFDD5t5Hb7OgOG5P4H7GjV4DUhgbSytMrMkB72H0CwB0n9chUOv6dfIxHDalYZhFQeRzMGvzpwE7b95xCPNhnxBIi8rtMqFqexPPtG6w70pCRq+HlIqowN61OUnmjyjVX1k7lVYM8x/p+8NuIAGYLr+/a2GcbImY683fDbhU/W/eaPcFMlegwkM0qKVJeR89NNVY5XTJ+1F/Ey7AL9dKuC2IW2ypLkt3Jds0RaVF1q4PZ3N3WdHgmlMaTj+Bv0dR81f40lnT5vevB7LCIdgP8tfnPlFMzERK2ZNehPnS4/DXBIDQ9fDeEwb6FbJKcagUxZTNWecEhCC/8+BnqZLg2HW1xQNhnRVDNQPH7iJenQTcWAAfEgi96FAgxrDGbNDTL/ffF+EDwQuI3CAXsr5QdDkj9KAW0hBegMjbYn4esmrfQ+JES33KzASwxiLkWxNPga3+kljVuVa9umfyEsYQao83a9P8s6sIKoDeDg67l5j4gQ2zZQqXjVGFlnTqZvxBgrtfDrMBqf+ma0s4IVAinumpxa8udIdO8BncTbA2HrHtlgcxKT9fjWo+OEZ3Rv4NivUNVa2NllnbtlhOejUjQhG9F69zB8ETnUvXvJerzLk/ePjZvEep9Nkk0DSWnhg3bKmnzp4kXtR6fvVUPzLtnuK/u9jBTTmNqpjc9Olv5uZIpxz5vRqeWEqhhoRwDvFxwFexR+MO66NM6IlB+EEbrmheU8JeOzjqU/GeQnOesIO/dIyI8vElUbSQ/fjbdmYwo5ilVvOk49zhMMzICSItX9L8/W2wcf05KNbFLYmflAZf6D0Ep7/4zIIzbMWv+BvlBUDe9Rv72pFipak3eGs2kBZsqO5XrASMhfjyxdPYVh9Gd4lp1vKaa4lo9QvrMIwVJ+jcQJ7pmOAg0tnw1Al3/dUI+iQmJ830Wu4eg9oQquyVxTESuPvxoeQzQkJ+F9oAm3RNCRYo4ivV1JRhxddQT6PiUZRxqE8eyWNKUjhLTWKzVQ9As9gcGW/t2XJp7tfdRuafOYobkkY2CjIOn0ccyai81W/r+eJofzmLxxZDHROimcqoj/zmM0P0b8eDQ8xchxbt9Y+N9P+poTIzKqJeff0bvaW2dDqut5XMV7jhjer+7cYSMZ2NlYd7W8hywAOoIEtDg0O2o/t+f4YB1JyP0JVVaTZ5lV8/Yqysmx33j27Of2MJE/szPY/xgfSKD6rB8DMblanOZCzITF73FfhAx1Mjkv6QbKXIO4cjH/nDfwYolaOnuF033Xnqia8/5pwpj7pXbmUASVNMxRmltcMrVQX29i137XaRfF6yL0JI1olc5CELzCrdW2kR0+ppkbR94a07YoKqTc2apAw6/H4bCf2YKg5NOIF4UV3rR8y2/I1MoiukiGIZAYYOAMyz0gM3II3DDrhMW6M3/+XpGeL3AOp6T9yxi9/cQiDWgb6O/JVbD0VdH8T+RXbejSmhMl98pnjRw0t6Dx7OpD+VPwfubYt5wdt+vlDRiB4XYkondSEOjuJHdy6I3ucg0v7GMYtid0V/6LMqVGyax3ibV4ukQT3dl/El+Pf5qVoMqWFC5tyIgBlJTc8ZKLzOIdzY49yfujefUC0Qx6dno/JrJZatm79Z/aWh3z/v93s0zXzwj7iTExpz4gcoO1ou00PJL5j7nSNTJC3kTAjzX4z8K61+uJ/uLsnflSbxxzOOgHkkl1NiRZmI9NwmRyS8hGMJ9uwQZGb6l0rWkTbxwq5jHcs+9pFwc1Cg6Avw0baVQqv7m4zugXxT4DWy7y/PC0tsbuvqv74R+UY8D/Yb80Pi/6Y2EX+zxjeuoJ2rl9TpU4/XJ8XbtmoD4G1ZEVues/tG39/ABgZ3mJtrDnpzq5cwRkhBeHkn4TbE6phB2/GEKLouM98N0LOtA9jkhaLT53kPgPYMEFmmsAc8ISk1hbHC815ClZUfueOUU1JNbmKazGGVX0JTcXdRnl8TrUueCcTExm54tKIazr2jJcJ9NWzh8XPx5Ktp/OouLlq87GqtEjDuj+W8/2mtx1C/ou/AVtRbBJno3zSubu2Pk0BHtJyrq35rzf+bsa0XmBu1PzfP5uY48X0p1bCr+pSUHZrAJBEj5vpshwSEvCSXFnuUj2JhGGpSnLHJEhXyVTdpk5ivI5erDiVEc0B40ey31814+/3xwdKiT6R0ihH/c/wlQqnbm36FIY94og0AHdVDAO16t2QS1o38FpOxo7vvn4yrgpJgMFFAu2YDSklDqN1IcsNtFLgal4sFg/AN1NyBLb8vv5ySLkQCHMsAJqiKNj22X3xgh2i5I3tADeSdeh6JMx1RimEo+6qQFvctHZQajCWfElW/txk5POLl0P1higZzXKJ/8mUZ/STJ3ec5+cDhr+VGl9hO3ubyTDSil0UTrtu+9EzzvbHkN9eVRk1XgETE0EvB2/D5m9eAhwS1X7tcH4aKlM6utRemyFMP+Nsv5rsJnY50EljwkYLNNJEQfA0Nh6EjObtApHpAXgdH6BPSmY+ToVvMb539775AYJKs26l/3Q3K25Ao2W0T3k1gkYDlUbbngNHaiB5zXr0eEpNnlWMqdeomvG7j4nvjLlumz/wf+R91jftUM7kPONbCVqAy5Ed19Af2nh14OD7L/bkSxAXCV5+hqUZcXPU2FjASvm3teLtxUtLH4SvzHpqyRnrCBMWTq2wO8TEeDICL4FRiF4EVBPuH+BN92B3eMVbA7mqXD+Tfr/iyzbx1wjXPdO7F6R6ePFbVJtONOIZALhDoQPqTkQkaeEpo6dH6CJe6Unvdm7w2Wnx6AE5otdnCXqHmFky+x4E6LW3ID2IU83VFEkVDYBeaJhl8oU46CIjxf1UDhO0lSBvGuQlJtkHHaUGex3ii1tGvPVXvQNF4g6iiv4dnuqblNCjMr41uPTuYsg7PJpqP0HLotDIjgn7Zv1uYgHnvcIMEcMCAKkUdNg5MaeFi0dRfk5+Saq+rvD/mY2qZsFTBZvS48UKkRpdq7xjHNGJVcrFz83M1mZKcA2NjQTPFV66hvJFcB3R/+s/Q9nSU7L6DYitvZ6Vov6QQZfeKl9NOeHwb+7XrEe13THEhvOqI4dH16yqD0mHo7K+M7GWks6WRh3IkbvFaI6okufI5uNMIQcT7ZlKlRZ8PA6TgOQGoNWAXzQxo+Ung0fzUOEFyPYncA3Jh5MYmzUriWurGJnQHu7bjBHKhX75ErtvpLh0WM9JWSNsDLMi5JuSn7DfwVTwIINPXOcrS/z3QwZyMbb6U4gIcY5hefhbdXgatfe3iCnWZUGw/nr74YT6QG0Aa3QG0zjXtkCIMAKiI5mfyKabRv4TKLb3kLTC8cRbrjWt4JB8yT0ZWLiHcjFqse328G2crsK4EKGsqto5Wr6fw06VC0Pg2VPVxVSZeG/tzfDzblKVZVeYppu0GJTrk+POKGDxBVC8k3TUVdtByQ38eu9h8BNWtKat8t155Yhko83A5Pp7ZlwKDscwigkMPpeMrcQz8YXOpY5/NlBzW0EX9zO/xdvHhL/Mi62GH0bSgUu7CKqkQniU+0CaxSfu6NjzYg8VnnbakXhBnCLumX8DPsBA6YNtDPUbqCbqa9YeqXBsGN4felTrNEqrewdNXWv3Ez/UsX37JzvKqTVmmO021eWpUyPUfvvwKuRjruKr9uv4Yvn7QFXPiQ/LeX9qx5uRfRyL75VzO14s7wcISWbAiLGk7hm0ndrdOpjSAZA/nbdKNApKxjUM2Pf/7sMJuxIfthM4WGTbsgRiea1+4rBre36+fcYTRDkvaNzZxLS9KE9CheP8x/PV6HMSIt0ckvt8jiwqXFFNQF1gsAFSx95cWN1BssebnX6+dYqZ9zCAmJiYL+lZWqW679rdfO1HJlBqSv+MJuCT6Ot5qoS2Z2c2t4wts/yxQv0YPrNVdzqasTFONWUAlJ2vxSzwrCTHZd5LGZ9S9G6Uo00H75ujllfmN+GS0WXSvtdntyctnESq01oO7fzLt5U1x3zc0Ysh8CoqOLZLk8UMJr0l7mFyozH+zuvv+ueDYNSx4YGvthVjGtV1fFI+oCRbOl4oP8077yQ9d769Dbmqmt4ZDQ0HfJ8cVzVDw0/a/BExIcwzs67ii9JRSfNO/8bWtA0/VVmQxu3oc35ureCN6ctZveN1mgYDhipOmaWgTmQzPiMyM5ozqPc7GME/UOPLdPEHv7YtNfk4qESeBBRedRVSWl81QZ5q8Ia7kUuKAItG3vlzXfNV5F4g2dD4yM4/6oe9CD/cwh0SuxJgX7ouTjVsh06cbhbFLci99ygNBM2+Ch16Qudh/vj6pWLrpfXNOIGbNVXjM8th2oupOacnDADZBfbMMeTfNfPSAMIFBY6/p/Rs49gIafuNKxlcRUUEMGxOcuqtSkl7KlIzB89YZg0J7VlU/D0G2EeTAp2a/lAi4K3diUVZjePgF2lLcuvjGonAUnz30M3wAE+XAPjInobnmCNSy9YRSjn8kWBheIB6kZ7LhChdF+Ko6aPgkIjd3KIgIpiCzAtyMGtSyIG/CUlc+IENbhp/jxcUGOwx4xHGqYyuYZozLn6nEz2dtASX6EK7wsubfkKtF13BJ7/obj/4VDm0v9A+ByoK7B6i7kPL6+5Ld4y9N3h7sKETs9yS4Dkg/416IrKkfKsfR/J9CwRjeFqiSZhOndGladYVsiQtpgV0G6Khhiz6yyNC0jjEt/ilfpHBMLqwvTjoLKZl2j+KKX8pm7ZjLczwI65VGE/E3VR9pFBRYhp970KGX0wIkuMAN50NixvkcbX0OPWpQWbqaIbPIkLNSEJk4rSiE7kdLpa7pX7aUdbag3NQacRIqf6VRiekq+8N2ZW9wAcFfmMXILOtZdbRTae9fGcyBtgFyhme+7E/STxJRqgBpifk+dbjG/1S0kTL71o8cSqk/V8gQSvnaiF7mmeG9SBxCe5QoPnnJVjTlbzjwMbz8HkvNpPM2/6nry7r6D40+hS665HoHxhfqnUJ0NiCvudenPNuz8bu7dJnid4w/QhBHOIe+rL12n9gZYaTAHxGpL5DrwO3P645ODYa/ElMWK9jPuUh6SPHyl7A3YJoMK6LYRv0coYKFVQWnIrw9j5vGj6qiwtTJx0wVw4KKXU5EhV4Rx5Zx7A/3UNOjUqTWWi/i0YwWHaTgJHBi7Z4lDQdNMZviq0el8AQ3WDtCQj99XeRdoYoZVsvJPPFOv4Y2lD4rzkRbup0AUzzAcCpLuzsmUpquskQJer3FuNfYif5kFPVXLun0tMGig0HCGpT3xDnejfcJ/1rqkSoTvgsz3INyP4MtQEJNY46RFgq+TwBlui/nVfKCc/vFT2rXd4XZXAr3EWFXwfCsJfdDiGrb2dX8wpBiZEBmDoq2v1t3GYj3gGAe7W3yVNQxeG7dQmVle6AOu/Uxbpr6hoXBtPG5TaeDQ4LeoJ7/pSHUkhbBO/AECQ5btF1V5MwOYPseCtVubrbvbwfgF+26Y6UYfLOzd9e0WuXQ58qQF/NFQJh6AYYkjaqMbodpTsyhFZV1t1N/hJO0sRNuJknUjKaCbmEW9cfdZ/G5QpQScwp+lD8+BRRcLlHIx9Dp1BD7E3QmGeDhtU/+jN7yuGTAqkF+StHgT1FRTVilX4C5jLCUp8+gk1XrN2ZbRye3NyMXO0f1yF++xz6AImrpN9Ab9YiIJb4z8MwlM6vR32z1kIABE0pKiM7O+TZF9krcPtnySIUlNznlU5WbsiAEfDtZ/9ppOqhVPLkQp0SLpx2zO8denK1lFBDksn2UVmXQFZs9PXxxQ2n7aXT5GOhP0jXDbUWXk9TYaHtF7yu7s4nx5ejLtKCMcZX1MdpBEiQuqEHxt+7/b8+kFsd9uYUG0BzoiduAEQdS2A55LtD7t6e+HCf//TrrJ7YxUEpiz2v1R2PSFgMl3Kl9fdXg4DLt2VUkJKjFRhh0SrmWSHb4BffUXlrGWsuqeEZzkIDCP3Ho79+ZatGk8aW+8qmry6sa/fTSktzvZ8C8Xm/RN2L9hbaTxZsf8Dnc0K3QsPmVGs5DmXu5UD+Eh7EouXcqKRF0S8KNTnU/1yUqBrcp5uv2r92zD5YiRyUEyRyY6Vb8XTQbefg1ybvfFBtBmPLn4BcWF+tEMTvEJvuBMrY+g1UavkwyiqeCCFqKycTHKF/QJDVbelHn4J1kNAAuZKMOciSzhIzccI3GB5hSCim+jDEUv0zs0xN/JW6/BK0kZz911J7TNA7gQoYR/7OataIbfD/VaTU3rS0GOjG+fvtnMVaq1Eak77hUxiJUBeF3uDfv72j7YMt0bnb5s/Q9OYHiB+2QFqlJPKcCoh6pFFLLpNQE7xufoi/8dm/nPEnENbzWf1fSypJHMleiJLBUDcm7pPwuZqGFQinwAVQc5Q78qXhaGGVEJcpYaNuSoFEUol2BkFs+Up95B1wEZAqwTQqirCyuGmhQSJVmMdLU/pdnbeMUjoWxRbGB8JY+jKz+a1FSFgOkc8HrGAUJuSb0csYKBzpZgik0Xv04i+c5rvvjqEb86Eb4hW1/6Z2zwbyihPoIFUorymloFpnhJttlbvn2yUMIrdA1UzH9PX6f8chdhip5+rAQGPNFPpEqvFp5uE6wnuErF3+AsyPmjIdTc29HGN+L6iwh5OOEWZOO8UjFbLskmlLlTSrzf0yINxGfB8HHTmcUmujwpJIwJ2lS30OEJJZiKs5tRJmj0KVLgFgCnrv2hmCAuh3DJPEiJbnX7wAiDX74iTZySD91/MXOunAHj+KITqGd7NhGVG3ep9I+MvnBkSjsD1cmv6GVglOmPVoYYr2qTIGGW3rE5YkTS7MGzSm7uKTn9lUVXPj25DGCsMfrwJS+9tINJCDYv6t7QLuCa0r8XjndgsDmes+tZ4pIPyAAJD2Wvt4pj0b9OsdEWS78XLPW/bsVITnf93ejB+BlpHGEwLzr73fbYgpdXvL/vtoR9hDYWtwMhzTAxdclYCQhqQ1iaH3K8pQ7dr+G3gM47I1U/DXevfvnefIm5HXcFaa5qCcp4Q71TLvvbtt1qlJdDjQiYZ5nJkMJAoWGmvg5RgYMVpEq1/ZrbW8805VhTmxYpmk+W+n16Ikf6eAe7V5BtVQ/mnz/EgU1S7jzjRdEf2PPjO5MakLZraIN1IR0pBHlf1AUNoU6OG2A4v5qtCKA/3qeXvT4Ih9R/7vfQ5TCLOmCy1UcA4QUyglLu5xx/wpBPD/2RlymhL7qOqyfei4mDdHNDq6xs2RvPBc7kQm077dVF2/72RrWtZrfFrwHuJuOKJE6PU8LUkIvE2IjfwQJ+h8itYkDzhXXfwnEeD2uusZ/H0cgrOWNHAX2eolFyXtsEadOcHOM0EA147xCTBH0QHsCBc0jiX/rqXNJAcMoBuYn2sEZ2uUNxDlY547jUme+krp9u+nX2ZOkhpWia9kQtbWTxQVJdIdLv6wYXapz/CG6iKpSx3poGREhsHi2YvyPbtEnqGZnMQl1kfgJyGQcXI7A495A1f2uxekxQoLtCy8+iyKkEPD48ph01TbgdKEUFIpl1g4SdecXWkTq5WaC7Q6ZBxIOUNu37jX2CLMu9XAHuFmHgv6k5BB2uuobiDIofjd3j2hFIRQceL73Bz0boqo9+p4avc9D1DR91KgYDMg+CKpulUX8tH2T6L/X1ASxjN3R1xztW91kvdT6bL3PSR2UNgNjur83Dg6MlSXYoyCyirysFL5UitymGtNEhw39hS9QIz8jCs16SrK++BTgX6yhQn094JQ5gr/S+AoqRbEAMCI05y3vUqWdJF5yn7RBwatgEWfyg1R2wn2Rv6Lvx8Dww8KP3oJB9NTtjQr8JoWBwuBT6OrXzSTmD1TQyMxo68J+186QUj2kiNdi11TJwlI47uUEcdpVJj7V3CXIWd7HPvsxli5niCnbMt27OkfXf9dP+WvvoKcucoqmcf5wkHgbL8rH/iwF3SN0kNJdWZf23wVvW419UKXK8jejLi+EH+7OyB7dZ9cA2FWXBRo6+rGxQg6T+YsKUqHO58M4AAMg7X7/KwQ4OXSrP9WHMNixrFOrlOoNFT77esp0kQap0o1Sai96f7fQc+Myb4YfuFDFACGG8IbUCX0jbAIaHoskVLHB/FGvXRSD+nPmHYO6I2f9jNjmGi8Bz527gzhH5JiX0yPpu71gmHp/9w6n1axoJWmSI21lrMj73Vo7pFgq4XBLixFGDjrtYPsLzY8mznFSIeZnjlSV3O0KdVb0d89X8MZb+7VDe2W7A3yaqI1XY830HhcNkXpSVnfmulbYhJTZL3cJ06CqOEadw4+faJSd/B+c0xxPVZ/ipzTzpNCApS8Osf084hFGqC+0nz5X7LCSXxaT92WOPrJN3H67URXiLw9ldYmQFDO+X6wS8zeudGkdLOvkEcuY+YeAzS6+G7wbfcPAI6PYUkeiQ9dThww7x6CjrlCiR6QFzdvTt1zmh+BkHSj8ntAmbI5xbcclS8/sRx/SMzDYCv/ivqZpYZ34bkfNi3/ORUP3quNkb2gMrPSvyF4+lrL1gXvKcq241F1gREOBsUUoDTTTxG392E/e6qozGEdzX3PfTNECO8IRxKhk/q5yWbwI6FTE9cX8eZllm8wQvPbUO/orZ+nZ3QthbvavFsi/e9Tup9QaETlAyGUbhS8BjqCSX238aMeJYriFRHbN0nSX9BJTw+77qT9pvPq9v8SWsW113Z0ClEaVh5Qscn+yQAVNhuPefwWhGvo2U08EtnqjJH1s9Zb2gDDjSnb/hqLXpBVggFge76OgneymU+qDJkSqTd0oUJ+I+XHksIQDDJ7fkHh94vfMzz3QFSBj10iNh7nJxA+bxS4pMzO387lI6Zxj14ZISzj5sItol+S2osHz2rMohYErQnwwCwBVdHetTfoNrif/XbWrfqMmtqmSBqtBNqZ7Gc79ScUO9O4DMbv2VXWA6S1zr+UpoWDukuqNE9JNNLfJPGfCxzX3kk998NQkPmuqxkzUzJj7cxjM4uunlqhqu4inxZVcB7ob3A4qb2uJnTeNTuqM1HGxU3J2SdRAVh32leX8IOqku+/8RwsgEXlCfz1BVhn0GGSR/HbnUyvxW3QGSb10YzDDsrUCuM0C31hI8hTo69I/I5LRAewMKPw+cvas8nqTxhJKHPolaEiFnsD4koNz1Na3/6kd5YzTllFfXFidLjKX5A6xsVaLtH/OAMLmK0Glwb7TPIP78VI62rs4MWd87FQooMiTnV1JAv7oAB6457WTnsFF2V9lQ0e7gdWH8U1Su6rgvaDO3gLSh/QDjkq8BQxPzPCsX79Y0HsSREAvUNP626A6HCmajhOaCVgBjwaBcaTw/RMp59rCeRkdufB/YdPimsKOXm0fFkfCT3GSmyoqH41zCUFUVzHcP+peg+szWsuDrUW2N5AWCE0e0MKM55fxbh5Wcc91To6CBxDxFFM2Hdp2XybVQUycZgu6lBKYA8QSApVTzs+FNsGKyu74RE7z/usa0rjEytg7FtvNtJzNvroea0NGPscdhPt2nONotsqAiFmoGRkqVgyt3r5+q5cqSJM8luPROe95fh4IullQKZdGL4kqgVIFnzXEpxXv+WImx5y1dOMUkzgduBB0+ZL27e8mDCAdQCCS5dfSCzc6a5KpfwP7lRsVpcY9fX4CKbqFGcDYHKqJzlC3j/D5re1nKRoTw3UvxvJz32rCaN81agUBwaBicuY8RJ6hM1bnF76+DjLrbUnLSIPWqnsIYF97AMPd2A9OkkbPB13NvP0/YOkvtYH3oTOcO4e0RTqcPKuw3rTPAucGX0FSmGAi+scLq6VmCx61Bzf3lc6P5WUhaaUJAArK27baf5YU48XWgCE3JYCKKjiBLSEiNpbDI18Sgq+RyS0n0ccIzAJF6uiX/6cFcHz56IQHrQ+eYrU7b1ClzR1SfvRtZ500ciErW1aICwqHYCSQOXRDxWFernIxjPVQgj/OCw14ZDlykqDN6a0j8/ODm+X80Nb70W14AHflSMOvC0e9/MKo+nnD24ccuK39xVoP2sWzu35fup5yK03kBkFqlIb/oaue+VQNQZ3bZ74F3/UpxxDhOZes9P4tjV/yxLR/75dvCOSP5BkYqjGGP/nzshQYP7ZGxuutdK7fDEV8qSTVpF93X8Its7+rWOqDmaTGtsugWI4Ntm+D2JzJTIRNkFg/ZhY3wY5z/t1hxI6VkzOY+hRkN2QfLMvW/b4Iww3/XcJecyEDRehY36sYPvdfs2ouaod97/3hY16O+oeI8sS0YPtmnAZpB4dMJi362apsR1tgQfJIIMlfX+DOZZIW8gpeYSPHly0jggBrMxoQCm6bhwEUEEaiMPAWW9xsgYLdQuMGMq0GELqFlTU5O+oBLC6NP7RbY+pnLba04qZ+29ZRnY0kNLuGLwqXrPgXVX00wls6WybMyjs1bWNp9d/V5TaZP9/NgeNKm1QcSAFWJjDABlU4WSM9WmKBXg58Pk5R78H1JuCpWUNkbuZPsRY2xkpopuKVLj6ADsXwXenievUZTUyxqOuNSi8Zwkd/5SgQnVl//iaHH5Y3Vdbk7wHyWMHUm2E+KN/OFU9hWSxkBumwZAXSzA7Xd10bBAoK3h42ybTxWoZqHdFaP1+9D5Yk4O9igJ0kOqG6zyAGZAIKlZrZ14Jl4jr3RRqHpmNlUDjN6R7J5/HIoyShtARtBWYa+mR1B849iFiXG7lUeJiJhLb4UYkxYFef+lRslh8Scn4B4rwoGR6KLXDzu++qL7192oQFibn1Gf5ukld2THIt1IuCCLSJXUZU/yB4ws5uvMCGMHetl1R00WkDkBGCI6q3MLNuIbZ1lYCyctXWxHGI3oIWnctWgfuBXwrub5UbzCllviahI0Nijvm4zgaTW7as0sLIRY4pM5htka7q5Eo0GMWVtbOIBdafUsDm2CEX3uaGQ3MUaIiYf211ZCM+do6fS9Z7gx5mEK6uPjH/LnXY/HpOrpJiGuM/ZXWV9RJVnCfripF3+wXhMty39sXlypSM8WukEiNwRCM7d8ITQAiJRAc2aLu1O0QQ5mdQF1boXO+vz4lOoiHu/NJLdgwaOyWNDwTmr0s+SOSLZ8u0VqES3Re8Ech/y4sDMw8M+n2wOtjmtG7ctI4mbQR0P+huBr85No5IvMEyNtqwpdhPjlX72nU1RxZ7lyyvCXShEvqluuGQMksqujt2W40zVTz8r3tMi6MNsA81O5ndkHsbtNxhlVk3F2OGnw8wkIkfubyYtpVUBe+lluiIgYI37yvMPiOjyDrNTN70cB/IxO8Alv+ZE6yUmfIxXpOKkAvcYQTvK+er5KmnjG/yCqJLxSbtkgrhBU3HEBUSgHEfhpYamaj9c6u2teq76Hdcwe8wB7O78Ah6Q/LNvgubA1/yULiMzzakkRXYX6RneDHPHzf0Xrr5OcrKqXYJPRbv+RuVVNdwvdkYCS5wVilIbbCGrJzu105a6hCZejb/rkHzA/rFGCAE8K3DyWIQLuP3Z+aooTAgfziFhlyY8rsABZKxM5/ol+5q+FhVFm2MuNYRE6d+uYgq7gb401nx8o1ySZzK4gAirVUvlOUrRjX+1yckWcB9K0gVYdfLB3un8ztzT5fQBsTgT8VMjY4qQnwrbGIz20W9Y7wWxZ2LZfLsvKTFxuVEGkEJ2K8viZV1cQBm+niCfEO7U2ZXy2OMKz1CY4d7ZbyTpXOVXRtmOFHWquJied4YwPIfgOyHz3tselVn/7e791p23EjTRZ+mI865UAW8uYS3JDwB8EYBDxDeA3z6jWSV1JKq1N0zPZqZvZdUa5EJl8j88nf5G9gXOgG4NNmggElPcbtnIbst+mc66PaUMC4rYU4glzp+QElB8DlHBvyltKJR69xA0hUWXyljw+LjU/3pvlqeeY9Shr9oMiAEDIjYv3T3EUOW5xFpL1YrqY3kbA+fVXwT0FoabxI9e9ggjZhtOAXPKcClLFVc7FDCtia1d9bFDNdytfXVQAgD9UVuRr8dbcc5Nkq/+OSNIvE+f2BLNKzTThcVuIlMxGP6eOOuSsWHxWG1I8sIvctvoCnkrOIVN/KiYcmGoYhgdMPiqbJ8E84AmFVTNZoG6BpWO6WEWs36c1w6cCGdKfXozuhgiVhyeyGo2RxRbIbPzfU3BYfsFnYUPmzNl3xeek1NQz4riuZzMKp8j84KbECiOPQKOmYFO6lM4QNzXbxR99d0rwiF+2zOm49ejL1xkGwGM50e1qV3hV2kkkH78XHJK+obNhdo7wewm7Wi456Gxj0qWf4aAM/Pmp7cYttmWekau3me4wlQ51hbiqEQVk5IMW5lTM+AQvUw+xbM3ouTs6LL2iWQ37z+QOuUhRzo8UDMwwXLaaF14Vb7iOZuTCy7b6+vxmx3gyG3GqLjivgTlmuSK8RoNb4AinCD+cegPceNXWoleHhuMipBeAtVtCCAU+NppanCU+QN2jyPd19cNTIhWfLAZuWlKYYHD3eZhqXciwo3dcwzDmXiFeBrnEz7VPeseZuAPQl/Mvgrf+AvT9gtRcW9/JZR1PqacPXS0C7JV3Xg9G72YAZFcewdHXqeG/kmKTd2se3l8Gwq4y45drhg5bdV9wn6Uhz4l2cRtU3d5A4np0bx72uLluIBP+pD2pFdAzOndwpWb7Zl39ol0hIDArP6VgA1OrPM5F3KqoXCUNX0Ws8pNXj2OB8wG8k02U5ZroonVdTKgwpbldoYNrUMy6k4V+fS6JFkr7Srdw0fDAHmRZ297rboJnyfaAHENn6SV6TFAzlV1UASheWV+k46XQQ4Uv2w+HiXs03L4GyUbuckPbtZrFU1csahs2Muo3yUe7ETP/F7fr9hJym/ZndeOlvzIOGifyWKm6FBEvNAUgHK0jlBkyMTE9xJVC4qcW7dF/VMAhZ2H5nobAL2jBdXez4kJCnG5cbFMMY7VUqSr0P15c5wjInOcomM3n70bCEyl+v07o01T9OUy5Z7I11a6uIWsyoW4XRYMTbvcX4tAhUCdLndkpUuP/GqKDSaAJf2+x02LYhkO6W1RjOtn2GRCh4rpXOwZslkYrtL0Hum1TxRvY2xzS6Xp3sOSEtRF7d7JIp69YP2to2RMO0SV1hi5izAkSntxj7g7RIcSNW7wTo/uugnd7yQhWvll4xZocAa1KSgnrP4yecZxfYyWvw2mRxvHitQrsUX8D8X23zTk8F5iq4jYlHHX6I9IFPqdo6lG7OKek9HF19n5o57KpXny8MNc8U9g6dsp7fyUwQoeXq8JxLRKO034yJij4KHKK1u+T4qb72XOZIuJ8rew1RSmn3l6gzAsXuoNiEVXjO7J9raenXiXHJxNMQFcZ6avltOesyaoAioKTHStjRDGzqGfLvkxo4NmiJ7K8XViXv3PB83r53R9/TZajSDG7QccFkwPabpd8Dr2GxARcaXuuL5yDqxIpcb0PcUaPEw0z/02WDu7GGlktfXaxgUJq6OGGMCJvrJ1MXnnh97wUMX8MUldFGUgYdEZ1wczX0Fp1cWKvDSYUUDOXspbeQmaS/Z2PaC9AEXnoy0gUPohWtr5mOZl0aenM0l88RB7v3RyI+GMgMUGnb8RLfhk62l9Qp2D/aW6xyfWiBbc2H3Vh+TiB9FnTrIAuswYujKCN/Ii95U/TCs29kih27fOB9zOb/yqsKK6AUg1D4en/y5HfrUu4kLxy00S1mYn4LlUU/sk9gcRyM1+2wp0/4r7JXHJfk87rW9eabAI4pljnmGHNDc4KHDnAisR2l/D/BysRh0Hs5y4+wNqGk+adYMduuryZ2ivETXTLDUEDDKRHZd7gGiMTuLe3PVx5gY48ZzYR4s/OgZctQOKsCHFh9MxT5Z4oFP/eb3i9a+pfSxcuWylGZ+M6rghd+fc5ol0ORdmvp1o0NmOi4iK4OjiSh2XylNYg1OjPi+FfU0lMpjZYatKO4a8Bw9zykjTo0aR+sGtHlYSh7OK+UeyYa0lw6rirZu50/h/pHvAA8R2OISXo3HeIxDC/b2Pj6+rMdG4dPwaQ8IHufgbw5/kTX0teosRSFyUnRwwk5ZFYdhaDGUDakj4A3jg0Ge9imx6ivdwCbTnUBOZg8X6mxhgX06zIpU2cqU/I5UQcP2o9O7uE1qPakBUk7xgJgim4Sq3id4+f2C/PNaJkJqM9ajerDOntgeoMQFNwfBbqT6WzOTLCjShi7AC7CwmqTgXv4R+DZd1Cr1Si6CSrncJfmQHf1gVK/j2qGThjs75onS4ugSWTDHdAxaNoKQyhaPHoKLSCt5nMjtE1uP9WJQrwpvpAiidQMbDSju31W0zN9Dc4iXHhAv4rmt70d/yclL0ElwcVKyq3qRxdBU4Seyl7krlObNOEbrXTNz8yGKYE/O9Ee5LnyFyA37kctvJiP11+sc+2sYNv55Sq7AMyzs5dxMvc5hbz9bjBb9JgqP4SfaqsD6ttPgRHuLfG5bludGlldNOrH9LZFtA98BSxRtOyxneorlR9xWdUE4QLyr2FBQFou3DPLuw6PkrxIuUsq5fBIlCW8EJZzC8Q8Nh55u/gJb/vb+QObJCPVVAkaHitQcx0lDXlshZLwL5ja7Nz0xVNwY4mwHLnXuvYKC2PVTgqIPrdB1UUnVB5jGGuZvgL65ryema/UjwprDjWNHyPkESrzj2OzkcLYDkpj4ogVqIh8S7l9Uxdi+yqjCvt8Wcr+pQAgeUKk7KUNh3nQtBc21PIAFlU0aeOYCkUx1bH26uJndWNcT0/IS6ayWarXpUNdPZVcTy2zaL6z90iorI9AHQ3Xvc+tCYz/gbufsjGAozrlzwKxZSMqdJZpA6XXNv3M345OOyLmXhr2XC/JSupKJ9xSxqQUbCeLlzd77AcEMF5UyXjf9clqPmjhGp5wW19S7pV7HR7ne01pH3g1t7lwjk1a4OIZdAlK2bowJecHqjuoNI9Q4F3oe21KZSksO159um+MhQtesdhu0mLQiI7eY2/YeH10EyLH6QgTSUWBNkwKsuSdq6DiPCFg5w/NF3asHGuk7k/pxyQ42hwg5LMwDfEFizoFpVt1yW6789GCyMl7Zm8ZMT3QUOVFgvBBKj5umyHiqhcPWIJ5ZFE7/3Pt+ScX2UlC8aCabfccDTyxSf4LcfiNWyWE9qh/b3izBtnWY7wJBJlytQRWDUN5A+Gnw4Eafwo3eF93yXc0OEEKyUVd5QLxysFlSakpXjaPNPjYzsN29PXZxDWPOq9XTNVRMkvfGB/E/j3KEXDe2J/NoVSQ5R41Hpe2SDFIHJ/e18eBd7+hB5Kuuz9Edzp8SpdEBFNxn++nQwLvlznMRbd4xwCVrY6+9lWNCO8bahYjx5wnTD36hHoSzv/z1OUb5g8IOZoVAiR52q/uIEnXHtS8JRsOfdPNSYMV7cDYqIGh7FuhOP4lLR+ZD6DbhrPlkb1nEoftdaWYueznDMZ364gk0xbjyq1LeAim4M7Omx5ImLrPWMitmXeO22nYfuNbpg0pt5imI8gsHVHFYr55dgWXMiuJcgdI3Ry9wsJeKbPhrESYo5PuS36Vxjq11VbOnsSHKQxHtCUM11WK1WaMxFcSDdfS5apXoZKqwqgMvmRqcr2J5Me168A75cctkSc9OWG9OnFb6vl9DmpVe+6UKPHD9zNoUXUe7SunEvAMqI/LjqbP97r+YrJ/QrPvYod8OQtUlAyWAgLwSZ42128lUaNpdpNMmubjL4nTIOfaec03DTpgNzMo3xxKmoGEQaIZJNkH5MuAfFpEMCBvFeKnq1EizxlupW5rrC5TcnsVFAq1hIGLHebM3LOdOKPJxSky8vCd0zDWn4SxMbUoJ69Spx2qbl3zBl6FO3ohDg8vdY/RcB8YW/v01Dbfwxj7Z5QISK8NXNkxpYZ8Zrj0il+eeyr3uH5TwDLVHZjuK/hG5iqhFWKIj0na0DvvuZLIFcmjnXqXiOQlezLofVHGfBllrED/xocI6Tq3SUvQOxem6IWGSyFKWQv7GKsJNwJUM5VghSZ2tsU+FaetLcim1MoiThFAIrRfwDdraecmGm1MmHfl4rwoLIfX5SqHjU9r26+6ymz8hqWETWFME2GVUq5fGYw4NIIQ/Emba0XohlDITX/Nade2noDBUMs9WQfH2tk7UJXkeCc+pX2+XATsF+9J8HmT4Ft8WqonjrdrDS6KZtVTR6+22hNw18LNCy4X5yUinBPX2FLvErj2xebobvCXui3m+RMx9EEzDMone1Q1nJ7AoKjD2iZPkAE1BbpfWBD20swh22/YanlTvY/uEuNsjSLMpV6rH244pGnH6IqTJGUIiING1Pgesnltfh3QMN47D6Ct/KPfEP0JqeCF5pYmnfPfwXKzrI1aLFVhxlfX5EZ7wWg44/zTwWBv1S5P1RsZKk1p8nqFLeQboV7l6dfksJpBtXXKfoUuTsaF0t7t5F5+cG+wO2KMCblo4Evaax3pmExeAjHy84IG55xmx3RkOTMQJ5CefjOWOY6+hNMFR0upnSUB9ZZBTbyBm1THjQnU4GHMN2ejSKT5Jc2huuy5i/P2huHgDM1grRe07aTy3h+bJl+imwH07ioCLlnjv9DQzSaKus+PYD6GmTelQn/pOuZKd5dgEX3LAcMOBJzJyrBTLi6Orxf6cGywcvu7lpd+2VkAAo24kyK71WoOGC9Hn+BrDquDq3e3mSZa98x3cul7KiIp4W+L+EPDok5Z/ZDuL4WHomdqPS3p+8TGuv9E8xVoRCW1MXNHa5O/vQFeWt/1q4emJ3CTyJkjPnNi64abjN5bJPcaJeqOBuLz2MXoByufT/BQ/H4K4yVDDEu7Cy/pkdMjh0waGzbQNotua5tI04xkWcE+kbUWhVMptU1m51f1Z487TzaGCf6jheve1142DgVVWAXjPxPMBwgXBUjf18e21zb3DCoL8VAA5Kq0TR6+g9708YEnKxySFILeetyWFndHOyPeYcF1rnzVX9hmDPgxKZJDbU0rn5RPd+uzdSbDP3itqkVAZvSKZCtqtM6VHqSsNWY0c53Tpbg/1qHgaVTw+lEv14fz56TRSmzfdzIsetzKJGJSNdSYBSNHLOvRMEXA6xgx8w6Pp1syJKZnDEqDPownSKdRQYeunx7Qd1aCrWkuZSPgq3w0hMqYa3ci40OBVO9Tb0x2qkKeFjpvOaMzw10vBs/1S3Tlc0F4OUXPjhKqZKGw7Ucujzo22Nluit0SxftHAQRdmxRINbKn7F8Ua58bjJN/WTaT0RXU0Vo4pMTD0v0elMB4TdufO9wW7N9S3yglzR0daMSomG1CKRDnlmnHL76eDenLEMnVeBmqsDYRtw5fqbriveNMWWrPrybR2Zn0BO6JTmYwY8AJc6rC5+mSNuaQeB4AMMs5Y4yD7Npo424Ox5MwaCWbo1jqGZDMQJyfTs5f62udcwxp7VfbW4UNfeY/AKJ4st+YBNMzN6s7A8/siLguc3uc1hYFnI2YXMK7eGOCtt93NcjjPk72U8UIt4ceNgOt9okXlld7g0D3TjELmFQe+s90Egs9FQX6wdx5r9+Dj6b9ADqAL7JoTlYvJhKEzbP9cHCR6PSBXjNqAiiLrUnI/JiBPf86U80FpWsY3JqngmfmkkPc95p6PbcXDKAEVl5o8zOOjN9utMp+BCqmxlVMiURyg12u2iNHOvVNl9uBsLqJ0MelUd1TBXVZcvZvM7bUxRVY/H3ywA9UU8wS2y1jdzdh3rswi0qi3QgsvMRCYhe9vHZtCEU7jO8dpnpdublHHG5GzgMnsT3otI6ni53Xi35D7qqyG0KO2UKVUFF1zKy2iQwWY4Z+owdrz3u1Y6EoswaYPItjj5NawtH/PVF5Z34P00HqnMAlNZAdMgJCBlTRSlepLjuCBbVQ4er2rfOEFsefNJCuFf/uYSFvvpxhnbWKSrQaIcMvV4nvfCyvKRPEInNui3wPDMCvN3i7sKcpCKTGrxlu6ohRFrkZ9rdsBqokHUGVnOHomIcuB4PoxwExNFzn24rXEA5gIptedmGpAH5+M5XUbgCTXgPXL5b5FBGdAn5hSlCMhQsfGZzOwbmH9bJKpJ7+fW+kSqzzHqlh6/OPhM5Whs0H/lXlYsEJcJNW4VVlN8aXpLz0ccMPKTfEtMHc+zgaBGMOsuqmznR1nvz9VjHyjbi4Xrfe4xlb+sMa+lkV0eg9c4HaCH2lH6gpAq8iy59u6B2m+vitpuc2f0rCx4I/7FAPoGEmpHqJrOZIQQeG8vR9FZYT0UMm5QDYYPB8yJsZqeJ9vRq/rx4qmx6Nx7qdAiR6lB3ojoOMM2YZQQ8GGJ1u09VtA3WNFV0O4eO24+WxXKyRL+aia9o5pd0ZuEYjqRT4QucJDhvLgseF0QG+lW25lXrbOYQ+NLmEC5/5PrQaWNRkQSo4kOGcVweya7v3W7cqq06uG3kItb9xG/RRnaqIBGz1TXdsn/bjjQe7W0MFzet1QLH1DsvVQ3ZwDXsaLbBd+xk/9sHa7CuSgog6Hh9txsT1vIxfZpUIb1kgFTF7GUBOpj8ZQd6VYSg/Z/fQN3vRFbPeVbfxLAGuQS3LvcGpJo4xShxXAQIQJT8MtamaVw7CBSu3IqFnIBJD+8m3F5kDvWrWZTOLpG4XN3fV861+n+djEDsl9JiDbi+r7egyEkocY580lC9b9jQjbNCVfaHHNQCPFk/SeqkvzUodLEtucx80dO25GVaycEZpyoWF81f2TgZ/q21ts/+jCFtTiE/n1upX38thGJFHP88cKgrhZQoIyHPKAbu5y0gQXp1xJtiCrsqjvxJtaefiT5g51MEpge7xioJR5YW0bzHOoUW86WUgEun1iMxYhhuUmUd4x69t+9/A/qVqAbMv52PtAq5xX2/LuGpZsQKo3aAOFeTcbhCqzonRpXh4bfqJSHVz4CAyz4kC8yWcEc35Ka9xl7hFn3BOekv5eHyGZvCapU3smiEZoYXiSYtLuU2KQmijzsIYmdy23wS6moGqWnQAdVy3HMKUZ8ll50+5p1XCJxmTYrpLk87E6tjcyf/JdaaesKds+vwa00NcjYzMi3Smu642OLwH99cSyMRpRLM+e13pCvHS/loR7er7EVIWOpOSDIS1atpnKgkPLaryAxcjmZd+ja4SEFcZrks4bOfcg8SKvTxTnvRfnCamUP6OS9mSIS4GhYpcfxsGz/GblRoSOvOzAl75J5EkeofAWUXLXXCS920S6HaPWf1IaIpjOuiObkIGBIIy7vpYz3pdZSA7ahEONFtGnG0zAGE2RhMfbUB+MYiqhEd3PilGPj1JvdhkQyPPmB6SheESynNklFvqS6lyEHVcP1VggOM6Y++MTudIqEWCFU2brzyS2UityhhGtTiM/7Rpw5uVDA9lJ5A/KrAGpbXYS8m6P5KXO8aki4ljf5rCMdveJh9AZYwLXlr2ybynbzzd9Zcw9ybq64mrb620qPB2hf+Pu/gCP34ese2sIWDfdbMakGzsm6Zsr7fYtiq2tk4l5RqtA94O8dprRVgoT0YRDv1WKS30f2A+bB9R+Y16pQqe2RB/t6o1tKT30QtjDYxk2JdVUhoLoDOC6l/IWWSR0vlN8oOQUEjuKEgGltSSN2IYfFEi1u6Y4sAwCXeFV6RTthCf5jomThIDlEf9wJDtSn9I0bsDqtqntNOFyKD+xptQNuykkUeBK+S3WL4Z9rD3xSTslXGqyf9qAYMpYCCQxugHsfEtGXupNy/zEo6m1MEbq2EmTX/jJ0YnOpWXPH5kFVrWPAeMunO83rT37VxmW6ww8xONrgTV20xTvTKzUKTvY0bUVLrh3a1bCuUCxMmyQIXePqazGljdUQ+csvey+SgVKwgelUB525puMyUuNUPgFAsEqtELeQwiJ22prj5rBqFvbIrYleJVz+quMQzcWUd0ntsjr4VnSoMviNMsRZ2SX+v68pMEU0Xuix5dpV91r/VbMu8dy22eneA1WDF7eRzGhvMfRddZ6DmB9bhF688JnwkuZ7j7UvN5GO5HtYpHtFE3nykd+fUlt2ywVypmx0/WwLQlJrV/k50LaX129UPoGKx+PEDgQ93W00zZ7fMXyMpfMMCGHPD7pieWiTsY7nWbxxSAl22P5S23Q3/6paMpI6A+KIwn6DGdmZLyeNWDkqD9Rjmjn2ZI0WXOvMPphY16nWvcCGDIEFrqBOUVqXr+09+LiVEgidTQL5y9LM4nhpRZmeFEwExqK1+YlZlQ/3Y9BW4sJPvyE4B9nqz2eZQWMKLVvdhQHX0tdBkpu9oRmZwliLqtefTlT66feq4DStGSERmqPycFP8VtFn0Qi8KBaGivRrj9ypQArmfjA0QDpmPgGeIvYz31VJDhQyPMuQuDFq/2qUHZjkKFUdROyZfFTGliR5ZdjZ8SXnmM3pvEe1uLQhMDC7ASK/4jQFpAlsupErtCKKr66Y+gD2Jth3bqeHvPppxBN+DKy1UN77n4Uc8r0sJSvn6IITGt22Rsw3AhLR/lel8Sbk17vFPgydbqCj3UwPuh3vaUS/aA1LhzJWOjslrlEAeN5Sc2NS+5olVZEmz6VtvHEmAo6wKFuJyf2XQW/h+uM98YgvpvU1ziztAGkq7cJsbgn9uSsmK6WMA/zhQaRu5bl/JwihXNNjTmDZ8jgMZWfS3BPoUDA2nJlmO1TTKDn4CF7i+rGpyt34Oe0AyWsfYM61VrBZOoqUBGhQVTJ4spRvrHRQGPovR7LuhqyFDAqRt8awQmUuUW4pvBSx7/fhriN0+R2u9/pXsBEOeynSbrv772fEEOT1GPfQR1s9iX2+UoGVR1pddzUxbnfLwZ6vxSf9nrMEk+govLKX48RMYiSKDhUYb1XpI5oIE9a67Swl08dSom8kY3gOuaZteGlbEUZu9UJtvEr/0s/7thdvJfkJgG6VUmjG+wPxJ1x41NPHsO8KFJSX4SABYjPleL+9pWHEcjbMVIyjloMiYVxPL1stuA2OTfqCN1vvLsbxIGuOV2wGwv6IkrSrlD3DxEG+SLZqKwcJxi/7kezNRxCjDHsEvqpBM69covPVlZ07jgiSFvhMPkJ7A1P2/hW2PnTO8iKXjO9o8LFf13BcBDmonPuAdxUXs3NzigDu8M7GFWkCArMTlepnWqskKhX/qJXhIVfpjmTXUSDSr7XqL7ZlW+kt/I0PjFy5P3SP5O+9pE5peUVqWMdVZG6wK7e8Z/q0Tfantpcv9XJ4Itwv2dVxtvKMAfl42MOxJlfzjTvDAtMnxRSjYDYO8YrrV1WyR6O3AcnU6e7voE+rMstUZA2KpX3dDvGSvzk1yTSJSSzrZ6+CoCF4wGCBfkJ9MEMz79SeJ4Dnv/lafaotXv9Vteb0t7pY9+/nce7aQsow/FxOzHVukyIksYY8ON4D8PWcC5UlL+h/N9Qdl6mvs78Kl3KqwG+WvK+W5zqnYGv1PW9ieKsYfspzSaub/oJXIeg0OfnOly1UZF9PXwd6fruuvB6nYsCQkM0Zd3yOR+5lRLfQs7qB+EO0c67m0znJ5T4euKWTUt2fD0RBk2o8DeUaw8p69tsAdnuoW9HURj9QlL033++3eH8djF2Hf7asn97pesbhX1tKrOqKL/1B8O+gCwLoDmavzYVvz4NkO+vfQA04eCypvmlS5/PCFSlX68Z/GdHbHn98/REq3allSAifkLhb68VNWv29by/IURzPZm95oUols8IfW0Ao32dmkfJ1zOJce1BO9e31SUkQU7UXYwFujl/P3R9nZez+f354D4/zZ9pu9YPBGOgmtDfr/j6UKErKlCAEXKG63nzL30AXOTTjd93DQgnf29DfvdYZOrXLs3Sb5jZy2rJPje9GvYpGq62cmmbb4eLKUqrCwq/wQ9NphBJgo5XTfOb9hTPqBT7ITC/tvxy7jek/RGtZT9V76st+uXZAFtVEjVMU118HuWXfvgrAQojXxCC/nOAQt+hk6Cg7+FJQH8VNvHvsPmIpqpfAcqYNP2p737FBSil9C9ADb+g9kHNH9D272Hm9/OP/BhFeZ7SBPEHGOB/OuvgLDFqqwbMxvcr7NttvnUY/gM4/2rSRv5D4CDYj5BDfI8cGPkvgM4PXwn7U6p23f9ieFBSRtOcLb8Dy7rkP1H/QdoF/SmgfiWiP7hL8nWewB2mIv7/rlG4XhP65c////Xhn0fl3yDAfIau2TIAld8c/3ZvcLjrpxaQEnCsyZYlm36aL8hWXfH98Wuel5+qC+EAGODgL+/x9cgyXUDLr/N/ufIbnKBLOEx/f9dfL4yjpC4+y+anP7weglFf3wzB6G8f8N+95H9gPP8qHvRnz7WzuV8nUCsWUua+iZaqvzQw6KPnQY6lg99L1KXRlF6XRC1Yul08D7/nTf+cZf03oeX7F/5/Akb/W9DCrMuHqf8BJks/XYInYFqc/m9JMmBU/zk7+i2Dgf4VVhJ94zzJNY9ANP4LRQ4a+kcyMQah33EOFP2BzIH+VYwD/p5z3K/Z3MDsCUeWrF9n9g/z8gsL14H+YfZz9TkL5eN+Wfr297PzY3b/3RT8WIL8vQAKQawgAnFjLqMBdKU9LsFjKL9E73XKviR9mv18XQKuHPoK3FjYrvvP33ryVVv6db39QFr95wLIN5ghfylo0EveIH8vYpD090ChfqA6wX8RTn6RXH6DE3HtEjDv83fw6NeluZQZru+6LAE9+2VV/mYur/9E8PzvRMcfTz1CkjBM/BlO0mguP8Ir9BvA/Sk4/0VE/gmFQf4gi4JHRvPw9UXz6gD9+CH8vgPtPmNfmqiN0+jn/NtY/vso/ctQif8IlfgXHPr7D/wdRrEfYfS/QLf/MUb/XLe/eG/3L3E65E843VfRh6+iBkz033nX1xv/Cfv630km57H5ecqG/noekEb+ryGLGEF+If8IQOyfAfAHzBT/q5gpuP4PAPyDhPQHgPyRyFEMJfxLJOw7Zfx3ijf4+dch9aFVn6HA2et/6AuM4Ze8+evfv+E8ED/Bka/ff99G4T8+G/60/vEOv5z97e8f7g3/oe2Xnnx39u/vjfP/IslNqjnpf56jHAgL7QAGNlOSD9mNi68f+Gueq2EG0J+y+Vvbj66Phiiummo5v1RAH7g+/Bz9brL/71lZKEn/IykVIb+32+L/resK/W5dcVFSZt+tp+/48G/Wye9hzv9oJXzs5T8Y+G/tfNWCjdCmAhb8dk4isOn86cjPdpZW88/m1KdrsnyZt39OV79btr9a7b+3rv3A1PU/JwcgMHyR4d+A5Z9Lqj8CC4b8VWD5XqORq/lSScE7XJLahQsEMoalaq8Znr6D0C8k4xcs/FNS/I+n+U9o8B9x+nka80sr9BvMlcsyzB/hBHjO7fv+5VKuk+ZDwP72tbTZkiXAn+MrOpOYhn4a12w6fxqyCRgjoi7JvgwfVv8fITnUX0px8H9sUaW+14sx6Avy36rxfG+N1y+l5mPY+CeY+X42v5vw/6SS8j9LU/6MLqbREl0Q/foVEQHWEK56sIa9Q5pU9GB38+54peAV16cb+MUrHBNef7nF14gMnMDKd855WFd7oeRMWVefTdFmd8TmfX3Qhf06+7ixjDom0tUgyIdqC6KXqe+l85E9eDzwA6XQmnklrKC4k/6wPE2rODkKoTJnhYmDxHFF7g7SAO/8wR/pF+u2bXO3Km8XbTF09nwSozLThY05hmjhbstr0SAxnInFjthHOe2PmyEqlXU9hWMz1CSwuOkcgUT8Nl+2NI8ynAZegp/tcjrzk6vtPcmokYOcK+gTEyyrKMqSZTmOkwRBUBQltKxw1cJoGVlZwKT3lgK/JCgoYmQ67fDlU1HKoDioMIAOx2S9XNPMC3EueMqTzIxLhcL+hLMcJ0/7zc2o5qZy0pvBm/K7SLO0TS1deUzaK3Qfyp1ezloow4k7Dx7WCyFRBajIM6FWJdpkoFJHOVu68wnn7kbAKJYcyHuUAPqzL1im9wyacNu+Ub7C3TWH4Z9lvjicUwlutJM4jWkoAzwX89ti7lvC8sf95gu34Y0y5sePg7HPELjmpB7GLjwNFbXSV6GAeXHBUMS2zUTCyHtMscNurqx36pG8McyjM2kxYDxKkgv4QIFXUwnv942dmRdNuYyxMUP8iPlMeGLsFjoQIzzlsp2Nx1bCWJA+oE/OWG+XHzB82hurh4EmJG5kb7tD1Jl1m5XoiQdqYyWxB8NV5uK7hklnk7SkZfsDWt8mX0hndsF8qH9ppDwaN9+8MxTFdruZSc5x00CMmSDlQv5i8E5FQdTP4Qzu0zg8ihlJBTi5iTLbH/nbDz10MpdIdp3R0bDXu6B2rqN44JzA0cCJdCdR0XzueSljgsyiqr7k1RYCz03pE2OrQdPTuXpeMdMsSAGBceQJVFIFsURKjAvNUNHdAc6L9OGKiuN55yuE/SaHyrjIDabA+jCfa4yJER1l+7ZIDU2SUF5sVPlMVUWjmGlMEw+1poQBb2bEBZWkVlUDF8bTMHCN3tlJoUGXxKmCS+Adklef/G2ldgo5fqtq8RHGsWDtGb2A6WeB58O+BSqGfwLpuYp6SSKf+ZK4Kq/BqMMND/aFogxMKQSzL0GCBUbfc8oCodssykDhjFizW7ajphzjzHd34v5+jh1+wcPaQSKLQH2F/FuK0DM1pkzUTIrN2h7RwwsZXXtD4VlaiyN/kUeyMEoe4Mqm4G/d4XzDMvv1nt3RdY1CJHnuyL50Vrsaj10IGD0BwxtO5otG1DgGrBcQkgoqlSOWGfSW5TQWEKDEkfLJtGhdsyophKzPtse9wprHRIp+d1iNmdh7Dp4vxxBy5k6yhCptd3Q7EQVbGtaFqZfhyag3KxjGHiS/af0zOnIhQm9kVpA0vxVqbMBBawU7qFN2Us4nL4o9a81D9XCHL3KomF41WuvwKOLQ85o5z45IuXqlhRAcRMfgcwqcd6E9YTd/dkj93u4Z7q8GCZxvGLiNm1cISBmPFva9iLJ2SY6g1yhhe8mn3GRVDc3AN1ltY0U90M4E/kUJl6u5XZr71WnfpdOZpjWq3ET8qSZwle/YY1uAdxp8hEPczu+XdSyuOHWURkol7TzHVyEFoYiw/quWF/reZRk2IcRxfhzDpM0TJzEj4EB+3MU2BHhC4LufuWeAvywYZg9eA903HgTAGfdmN/u+i92nnkL9ls1H4OI2ngcBcFQrdf/u4Tec1BP4+ZR1GdkWVOaI1tcrgrnlFQz8MES3dnzyfirv0MZQPaGR0JAjaGwH8mvWOfDueQ2XOcEjtY+vD/YZlbrT6r4ZBY3plhDFop/RkSvDrDpzaXv8MdcXVaiUHM2GPXXHD3k/Zx0XhXZLlpLGPJEaXqJYA0Qb2ftgVVHU1wTjMidVs0+USLkIWSXjSlVfcy0Q+uwenhVK3cehWc35iAGjBtwVzf1+UeThLFfW/FQ5ydn4UyJPpwoQccKy7OyYDEoquYYV5mnPj3Xfw9RKCz7IpHf9Th/UNDJ3+cRivcNAChXD5+61/uosBBNflYnDuH+RbPBACeEZaV5fx7is5Qv71JBHVUSm4ep184Q3TZEvMYU2dlPGNo4reUIRtw3aAUfr1kwSus1MYmLC+OmUo4LeE/mc71GPl+wrUN/hkRHGOBlWPMyliDOGADuieHUiRqtDf8oyg9F1lID8Z906Jw5if5KkvNEbfLy5N6K4ULqd7H0hZADFMBQuPuawTyJV8249fDVW4jDTFAkhFGqiAs6KG6y8y1UG4qmKKbzzet03ApjRnUiNaymSdw8jzeIgtEg5BoxZQpSgejuxWHFVe1WrhaR8rfnM+zYfyqYSwIBGKr1wqA/4NkPLa4UqodKq4ja/DVjxtgfbtPIbJKz+BCdlRDwoKGCfFZpExObbuv0GSebqlFQSHe9uFjmi8jRMmHGjaNupCSfvd3FuT05aGfmEQSiiI4WOSJjZgeYFr18PK1hIplwEVuOnmQURanpIoeKN0AbGul9Cdt3dVWo5RMjpPG/9lMLxbOdNZtBEzAwI7ACe2lxVbx3ixG7yZD2EyYvAN9Dik4aWf71OPzRn3NvOniPLi7FgO7ZgeCy/6SCtjONe1moyuWIoU08GpJwKOG1QelJ20pRA+izAdtJP9LzbugQjxzYyVwQANpBl013BMsjtZi+whxKYYYxsmjI8ac593nzIq4ev7oqP4HgctCKbNveOnTu5JJlVH29IvnqGhhtRJHRZeyWpzwpOoh0Sn6VDsGrH581X6vSAc+h5cs646n1IzEu03hVUQknp/UblcLmjtwC75QkDDAN6SC2PcIyMmb8VlDlZB6At1wFEnamp0ty3fIGQKIvoJt/fa5LZ4KpmuahjSYfKw0qA67kb+kyckOQLTRIF0IawYfGNKyen0SnmXGNIwt81bE2DjDEvMzdWPcNIUQwRTzMwIIXjxSVLiOtwmmWZHbeh40uYuJura/dv4lp5/KhT1khEm2Dat65l7sdGBKRvMquMpUWLIxllOEcKT4yxOqs5Z4yAXqINwO0cedEUSJZhoj1w9xxYGcQe9AKzBhx8eyrrXibYgGkBJaKCHYVYwM6t+fDplfZMrKUZB2vim/xytvPio5ipwSF065N8e060pD3lzVJYnxTjBeJHop0JPwRxxcNt4UV5ebkfVZgajX2HTy3VdoPdSBGj5qzrt9gvs+eOp9n7mhIIFFJgC3sHl+tAu5ogtLcbLnv2dkmTC3AUFWlVCKebtb1q8eweSFjN79Im6NbE4sGLaWZnnub91cwHNJAFTyuBghdxpd8Ityseh4knHEjO81yCa5VunkAcpWXEew9nLx7toEgIi1BDuBOq3V3uYyELybBGriM6yBwp1nss5iFvsrJvcPJY7WDaSk4PSpkY3pSUkXNtHJckxSZ7VotZtC332cpjJEhiUL2VVeF4xNjnxuQv1skHPww3+n0KpptWZ48Qo7MMaVmDEres4Np5VuhxDmOy79V5Cw3Pqs+BS21Bhs4loutOc1Zoc1qDlIKxed3hcIq1DPIMtEQUnX/TRqd2mAt7Q85IJ6fjiH9pAcP01ULBeslTfz67WYLkZhc2kDvncROj6KijLYw/gbKzXBEvRPwQX+N4b0lEaq7bqjc6998DRdLymzdMOmFzdQptIF0GTPDOF9aMyO2wyet8pm0fb1/8JGwluSBClmf1WiosrmryzRFwP7HnWSEyEaiLwogX/m2N05zmli5NLLrNJZcFIrHLAtKYEAkzt+juC8hjSIudJChsA0lX2NLXcLlYuPSUHzxmmuEuTkdzSnoMSkpyW/IxMawX2Ex7hzkD05KAdIkLxHNJfqqSvgz0uPQQdYS6dnYqeSeuV5pdRACBkFFjV5E850bOltkFmJvwYdTM1BLRjpWFDItU+5BYTM2YbU/ulQ4rt4dI2c38SlCI4xc5vEkQjguYfbvNbIL1CeAX75nx1d5S8dSqY/VUj4qXW3kv3ON4DzTO6B6QCvz9EKlbzhEIKRirzaqjE0COJa4cua8PoUxx93XCMEO7Nwcwq1FLLzF3HkLMQtFne8rUeqMQHBbQCJ4dDoo/SRc9y5DOVqjIEJ4T3qhMJn3n7+da7nbfQwCC6VEJo3ogy0sQRgV2OJbLVJYpTaYorFdpWYq91/eYDRRW7PHWuKOX3ExXVtu9Prkvw3yQXsmb3ODsvF6Lj/z+pkBWXwucQP3wbv1NUHpL5nyLSqyA+rh/M2eFvYpwN1lE7u4oxhs7db4uMv6psGym9XMVVTl0TCIjKPS+plYfU1rV2ok6mYC6IrxwvdF9thmFBX700tY/hhAeFxsilvel8HCMuyUqFM/Yuo3ptF/CE+DAwSu0SNzpFuTeGcpozKqsTrVoMCrWuCt0OCAiE4x38VrfoxANKky1ZhkLz5B7QLEBBNK7ohjoyzDYS6IGscmmO0STzTiOOSum/5Xl8aLJIFb3Jo/9al8+onKMp3uvDjJC5bf3dcT6HOncT8Gl/FaVVqLaTGEK9YvMeBvw1hetdEDq6WqBjw4SfnXdr9/A8j3eJO06FxQxIhKyPHFxmsJVlUcSoKHupXcJ28dF7qrX5lYau6gmGvbzA6TUU26JKNcmv5rsXTXIQlhfw7uzPzqWneDu/WZLagdqJbMYawptBpg5lX8by+cAKHtaOkBF0aGPtMGoe34cqC2+okpq7e1dKFkvVksC8loOzYzo5dIqLK/fbiu77JcuKW9a/t71Xcy4BWHCAXoIiNLLWMvJX6lZskM4rKCeTQscQzkVy2RIN0i9X5jmLlFFS1CumTDpbua8Dl/AE9amYNCLZcZpZbE3umJsoGZ55QPGLska6oQbeliCX3NUbyihoDTnHKcje6i7nQzC9f2AchtrCLlQOM/6pIgca+7IzLDNbqnqF1t+9UNmD8zXoujuCsKs8SynCeze/NrHzxLQbVg05oi66JQpIm8ZN29wwhHDACsnF3L22kXawOGH40Th+7Gn97uhclZfTUTkCyr2WVDctaAM8bqbzFm4CEBU9HMtNsECKC9BMMY1fA9mgpvAn+t0l32b2oYFUx0pZixbG5jHrl4KExeJ6W5sTIaPyCD5c/jAsDDwayBCdlNylwRNgPeIb1vOMtgI75Gis3VN4FrXPni+KiMrFWbM0i4ZgOZLSr4bCBOpTyACZzdd8OxPymVocmK414nWfCrkXarO2rUFhHHnF4j/BKYQ2PfspTlXWXegPbxRFu5riSmLpnX0709+yluFjNfiS8aDR4aKy76+fbFbVcl8XR99dA9HUrSrunld4ki0sDf8YN7jvaQOGTADH52VBVOwdiiMRs3c9tnHk1OeqQMCSNaX1JSdAxBm+lm5jGHR/Z5SgXk/NEVgifGYfaLNrZJaEhYEtXwt5sPuUXspKZ/Kk0JGY/cmncfXMLOi+FD4a5Ud7iiB0Mz8hZQkeglS97mGiCx5XGqVXapDaHXV9Uh3VxRBwbxrqhOVH9fXOpIySJbn+dirVeMMTtyYQoyl9SXhbfT+gXrCq1o1sIAOh3q+TZHl1YusRL07n0Xc+XtT9tyx10ftXST4t09xxIeKQl0imGxGht4mY4E4MDPbrj2kSvFNUqQ0WnmnMrzRck/NqPPwEo4kW1U0LdmthNZcZy9NoSh2UOFAjKzEEYAmxXKeg7USGhWJTQF1yapAy8o+sU2qO+ElyY1P1Q93G05UlMmeECMoDwtbXB70AMONSFwTf38gTBcHQXnTBJG8vVVnr2bL0559Xhdx0ScqMsi/9OD78dN5g3GMcb+Jr9LAX4JZrPxgYXxlV/iPxxv2SGIMj+DFWQFX7l0y1mMt3YL64FJbgGbFPa8FYJsesIFFJ6S7fF+2nB1cBKmlI45G7xnCgPqhrM+AEFuQC9OCb2kUL7spHPJwrTEi1AJ9TrgzyJsMCfRtCtP5mKp4X7z9e0s0sE4f7Atoi5AAFky1dTEy6x9jvNAAY8hqtRz3l+4w0vgXCv7jFvQXHP1+v+i3+0P0F+wHPve/af6v3yIif+Tv0S9r979ia9rt+2b+f3szmoDxL/hvN6P/6J/2PUzI/0bHhX8QbZZW27/skPan/t7/Ibe2/+Rd9m8D9RtfeAT62w997H/4lNvaLBcBg5asizpglYP+1H3uv+Klfvp3H/Dvvu8/jqAoowl43f31g/A/OALXgV+jGZsqz5IzuR7zj3v0582fhfJfFh/wi/fuvxxqhv6IGv/Bb+9PPe7aKk2b7K8kgDCCfCF+yxh/TwF/EJmGYX/34/0tEfzFefHfIYKP0OL0XiVO+sGfcBbq4VL+9CMa+Bc53aRZHq0f4PwFfjfRAFy9vvTTh9P2lyIENvo/W0RpP1W//v25vAb1av/mc/OXTT32SyDqrwHW9BcU/o037PcyEgz9yBML/kKif9Hc/+Kx898x+f+C6+t/dvrXoemj9Mte1VWbpVX0DQTg+wC+A7+rvm0/sRDiUq6fGP/PP/CL+QDnZ7nasp8Bbj4iGSLCnyiwn3509K+GDk7RX2gax8gfEg34QgSE/QZI1PcefZfY9QNh+79CkKqMsI4XXi0xRLd/Uhu1Tb3/J2jIcnH+/kv1Mf3Oc7bMv7T91P/lE/5HfzvqDxP+PZuA4R+RCvoL/u/P8M8S2pi6tUKS6zaLj6X3YPvpe9f5//tmOG+qrv49n/iml13r+m/fHOPETyjr13N/nse1mqas+flq/PkT//k7JHw3wf8yOP5xRCL9m8WN/FMo4NiXXxSZ3y32vzf/B9AAeGYPxMVfj0nAtf7Wpxk44/8A</diagram></mxfile>
\ No newline at end of file
+<mxfile host="Electron" modified="2023-02-20T02:42:07.554Z" agent="5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/17.4.2 Chrome/100.0.4896.60 Electron/18.0.1 Safari/537.36" etag="FYfXV_rToRGbHyNTwxZK" version="17.4.2" type="device"><diagram id="0-9F2cIb9JS7xc2u3utW" name="第 1 页">7L3XtqRYki36NfXYNdDiEQ2OdDS83IEGRzvCga8/rB2RVZkZWd3VfSrr9h03Isd2scARy8ymTZu23PMvKNcf0juZan3Mi+4vCJQff0H5vyAIDFPE/QRGzm8jBIl8G6jeTf59p78POM1VfB+Evo9uTV4sv9lxHcdubabfDmbjMBTZ+pux5P0eP7/drRy73551SqrihwEnS7ofR4MmX+tvoxRC/n1cLpqq/uXMMEF/29Inv+z8/U6WOsnHz6+GUOEvKPcex/Xbq/7gig5M3i/z8u1z4j/Y+rcLexfD+s98QK8lvoecLQijD0Q71/C2nP9A0W+H2ZNu+37H3692PX+Zgve4DXkBjgL9BWU/dbMWzpRkYOvnNvo9Vq99d7+D75ddkhYdm2Rt9fUxbuzG971pGId7f3ZZ32P7t4m8p4Atm677Zae/IGhZFkSWgfFxWMWkbzrgN9zYN9l9UU4yLPeT7nzf4bu7wOj9PumaarjfZPd0FPfR2DxZ6q+rhv924l+dKCfpFAL38+M0fp/ZvXivxfGroe/TKhVjX6zv897ll60Y/Vcc//ap726OoN+t/vm705DQ97H6Vw6D/TKYfHfU6m+H/7st7xffzfnHpp2CeCD2sv1/3jHa9ButhAnxHzj9B6YluvX73IFg+GbEe3TegBeyP87z3zb9xiV+GQTH+Y/lywjMvQOMTMevP0FU4Jlv7slv0m29jXEfunjfE7v8ciX3nX27mG/7/ie+B//Xvvejd1XvJG9uw/7Gw3KaIH7nQNT9Hti7uQOf+e5I6zj94s/WuDRrM/7GvX7ZXfvdDn2T5+Dqf3TIenw3133S5Jfr/bqC7/f6df33nTVDdb/7D+p3ofE9fv4Vzkogv/FUHIX/iv/gqwT1B75K/VmuSv7gqXxyT1PSFsALizUBb++XjKX836HTH/gDWSREAf2IRHlSUGX2g1eh/ww2/RZt/pW2w/6KEPTf/1G/MSVK/Qg6f0ukvzYk8WcZ8r+CnO+IcFtT+2Zc56n9Ytf/LiD8E+b+F5r0P/OcP8vcGIT/Ff+vLfxHaeVPs/Av7vQrE3+DdDBfX4b4v4LwP5hmmswhkvwDa+IFlWM/WPPHbP/dIL/Ge+yfMfkfJ4Tfgva/IqbRv8Lob60M/2hlgiT/SqL/TkPDPxj6j2LZWd/FPYl31vqzg/l/jt2/2kJkVJGWf8wO/1t48C+wPIFBf/0nAPzfG97Iv500Yjdp/GKLv+ON3tCUzRdnZLa1vqf5jsUvjvXnU0fsjwqTLEeoP4CRfwYl/gERTXDoz0wfv2d6GP4HsPJHPO9P8y7kx2rzl+TxO+PdxfIEXjb9V33Ofj0zy/StxAezlvzypmwOYOV/SMjTcV3H/h9a6vsZ+BxQTJT59hYRJ4BoXOOzpv2BVKkamfuf4Xi14FX3K+9zP7Adx+hg3I65cQAvEp/VfcGXM+GM+//2f7dri8xT+s07+V/6KP3mLN9eiU2rBzS4eiW0HbfTGerBPgWD+XwUlolMpspY7jPq/FO3OAaTWGbk2GersR+tn1jcEVDwWS5klSAEs7E494MmVLKDhiR1v37kUCc8fRsbTDgj8HneakW4Tc4you2FMhR39LHfcS6elj6thEOYDd9AXfumfWN0uHfeedggyfXnwVJoykP06xTwITe0ukTDFSkg9YOXIibf5JMtDTTfks7R1HyyVIk29XKaPdd8BCRpzmFAAb+1yleU3ZkghgeETIpmw5mJ8fF7iti1dZEKfyCL2x0ZLWixuCADix+57CIRa6X2YzC5fEfjPBxJuMQXeXugkUxu1pm9uzalN/+OAlZXXkPuZM2Tt++KWJxlrkgnCOH2i12sx6KfTwLnFSUo4sfQfiQQTY8kepxwD27CSunCvWObVZ9eam/KZaj5gHltLxmFigqbdrsmi5podD89PyoDnon3fGJIijylMy5C116HnkigfXg5eam/91PH95Sk049fXRxzIeaM7yKYLx1hpd5/o4QcojkCPCL4SA1q8Lp0ERY33ZDOfphOeEg686ApCJFvS7HkJDy1h+hZfPu0dohzTJZfWgd9LC+klTL3GT8ebq1OBZ9c0tOQLvAZc6G5TSG5x9p2sDH7u7EGCgbmh8E69JEsDGfSqnQJkCNbUeIknwWnSaZRmQdFlDd0sG0fPb1Suj/Be0FfDjMlu1koqsG9LeXULMTAjGSCh7xvEGHdp5MEgiGz+wfxLjNtWl6NBsQtC/feupVQKUns55LfK2bfxxRkfjxxFWzqQu4l88zHXQJMXSJycz5Ou3cpUHnYoK1bAUEvduOpEQanDE8C9445pSO5kpw5aQyTsjr9nJBNa00Iuui81uT1Tb6zgKoqNBr75+zsFrhavdfNd4wNRDwV72FxXnGO4EnE3NOuCu974sSWf7xYeqbKhPQNW1DRI9P67HN/eFi626FZYfDr4enPoiua4dcMDEtlOp6c6y/YJNtl6bS435nghfjOKex9gB5JaDyoHak76gxMscK9ZTxnTAovMcICb6s1GCOlnVrb99C0r14dj03icZdb5/wagn2DNoOd7c2QHyo+CG+qJinglZ6JyVXm1pAnwGeKXwesVxOr4P1jAmExYXU1S6kbaMK676R8GOgSEsAFJLoS9DMLE0rcsj56E1zCTuxAxezCPLXlbMQWSmurhvXH2nwUsa6AhaPP436U4X45+X2bDtiY4NOxM7fNzvajnHqw5Q6zvu4TyLKjctskacrqPngQlMFLfZ2NohaWQ7GSdDWxGk999ipZTk1KZfGg3twSBhdxaTGl1ouiq94Ozjj7XNy7sv1gTE/PWKtDKnetd9iL8KHE83FKRTw3m54HC8XbwGMsXNZ8l80/MfNmj4nLTei4AQpQGD62CC+fnkZNI+hxRG8fVuJVSJHUPQ5pYA90UhA+GwT0MLDUph01kqLz9MfgohIOkVFplc/4mEOV1DDO5t5XvIsx382TsGGapb72qOrd9wxwxcRwEV4ylMSeI314WZ85DhGuUc+7ymvMdHkzzqcrFbWtD8EijalTFBxcd4fuLYNA7yRVK+mTszAjW5hHh9mVc6l25VJVH6WKCpmPiRyxRVc3TuV1VY+DZVx0WGtT6pG6cCucUGJbp+v0iuSNAYqkW6O7wkPUe5/kpKogg0l/yDH0SRHo1T+xOxldzqTBLVzBQf1W/D44ptemZ6/IRWrtdTQ0nrXP4fQkBwCV9gnarf1AqRI/pqE260lCdCO5p5kM6lTQe4SOPD/ZagcgrixcLmd3dotsSIEfNtTqH/PRPs/PWe+VckInj3j3UcfEaqEFh5/V5t/ZiUsLT7gQoYSA35KOGmveJVhrAjfdTQUSvfWOLTzWjjrIMj1LNd3XUuoNjOeo9mSKLtRfnqsHvbTad544WuIgvOOiP+/Y0RuVj4XXQ69ffg0y4kIoqLkcZ27rtZXFuCPVcSpe4WMKnsY0PE0FZt62w0vYcwkKfwGp4Or8NvBCddEm9UGmiTlssliHRvbFmWGS9ndWspHXzMkcVixiGjf+46jJPpzZJYplYjXbvgtgz/9seinmDtuDnNbDl5A+cFkwmVB5pbMUYdEnmAH+TezMyKf/EdmJn+ZQH7MrmVKQle4ThkmeSafvNqHlmI+NPXfKexOMblvuNDiui8xob6/TE2+rU5OGDcA7Wcxie3Zug6IBNNsDXdA51fVZzbxwbQot8lzmSwku4nyTLqO7C1xuQ6g9OnUwdqP/TA3R1Yijpv3Kw8q0wR0qVPG54KMSt9TVCNqnFw5RX+o+HxEDHyMluisJ9t32PRzEYkxKJY9qsf163OhmDpjQSft2Oq6EpBIES9t47+ilh59OernK62UVN24H6sF3UbU80zAUlWl6qDNNDjorFvEYLeTO+IFvvmIDe4Rvn+sS40hXul7pLItIbHrWaD+R2+PkH4Y+BcscAFYwicG7ydm3uBXIex3o/Ai7BIkEJp7a9cXYGKDkgUUK5OF6UBGzmr81wLlfylN+6FiOnFhvCQ0N8poapN1rQoLbYw9hztbINVXYtAGQPu6A05KHSN+fiZGsa5YkUWNsebE+AO74yc+BE8NOYqWNKr2Nl7LBmHO++Jdc1Lk+bs7WcPGhDZG5KOY8HXLmcnFjT9aerWItn1VvXePLHoZUT05YRCNLXM6Dnia91oakeVRaNOb8/EnQXmqcLV4PRAnApdnUi799SbSopsPUKyFqiXOkB0P49AhIUhCbZztSRBdwn54MykMXvGAKuKpf74wkZiBPiJmf+6rNjrhDXO09AO3k+7Urg3HsYzv3Tft+QuU9XqNhxqvJ5ntZ8rFkS7vHsOOKhrWfR50ln3RvcrZbwWM0sYuaQ1z2UVejvnNJdeeRuoebZEmO7PWVnJwglh/Bc3RN+RMZz8dt+vo+WjAwDjLPJc+8WANPTfYoVux2e5YH/Mt/3eir1hRJWXrXykqFgehrq+lRoTMTuhmjqLo2lLVwX5M2I0L4Hi8d0B2XSxKqR9rVsUMPsq+d4clFWx6F0SU9fRnZ2dEOkV7DaQuzfh+X1vHmCIrXhxDiY0Nw6TXCgXOzLC68CnsGzAzUQrx5W3gXV3gUGjMJVJPNTPGhvmT4yR2kdMNSvLXkwLNCDD+j/BXxwZZSHQSKxZtum6IA2TikJqKBso/So+TLUwxuN7FXe/vQeAf96qqwGxppzaH4Iy413/+QM/FRN+AAzOLRVxaybSrFEPp6Zn1CAALMJlKSHALmJtLbvobafxXirHqPnh1pgk4pjMtoJCmr8TUbo7jSrmvWFTO9hBOpAuuaYXB/vbJHwEMAFwMUMz4ZwKj2GS5pGS7aQ1DXkoxBKN5/xid9JXLljob0oXKOtD9Gxjoc/trtz2fwK8zN9T6gRBYvLPyLvMnsOVgoeYOLCJnAxOrVdr213JXKjXE+B5hxSENWJFmPLB8lW8r7QRsPeIxfLszhtHmnTSmB6M6mnCvhubx7Bw3lvE/XjJRqA0wmgiG0jaVYEzFQijGO55u2inORooBq+o8U0t/IX3nzvkvpb9XyMm5gJ/Y9rsn3of+god8rYn7xzpMh+RPkUIwEvVTsH3Q4cIj6Kw79fSv9g6CB/YGeAaPwXzH6T9I0sB97Hr9Srv7ThtX/SJf6n8igv9es/qE+/j/Qw/8EoepvRvx/TajCf+xy/Kpppd+uXxU9uOE/37i3bdNv/erfCZJUVmS/Ny71z9jxz9IbUYr8XbsK/gPFEUHof6chf+xiCK7202z/+eqVP7bbv7P7hP/Yh2CGpDtvAFp+Wu/XTSQU+Sv0T1gP/lts/nvsR/xU+n8q/T+V/p9K/0+l/6fS/1Pp/6n0/1T6fyr9P5X+n0r/T6X/p9L/U+n/qfSDZc5/hdC/a/kk+b9d6sd//J7KT1Hjp6jxU9T4KWr8FDV+iho/RY2fosZPUeOnqPFT1PgpavwUNX6KGj9Fjf//iRokRPxW1PhfpGn84Q8A/dH3ff8/JmaAP0ZgOEYBooZKde3nfm7C9lvZjmxHzoWVG5c3hxfjM4kNod8NCU2g0QyefX9AgoKfp1ApavaePu9FmbFx3NST2PEbeaH9kIyusz1K8PPad3DRNp8B/nhyeDBNqgPRowCnbY1P7dS1+H6fRKch1Ak5RBnVg9rP3Lohy8CnfT+piyxunxBRX2kajnkK7P1nHPS4VN9e1wyjcEwF/tivgfuPab4NKIz9/ROMUn3fS7hv9WvQuV99DT44hvlfeKxW+f3BwV7P78fi/pODP2/rfg0qT4b7X3isv03Ns/r9wf94an48OPPDNP+vOtY/8Ie0J5T4nkBOJi3vwXSb1gumGdIa8TZI+AGIyvMuRBiCwWQq6Sx7xPnmjrP7CNJTzjQDEJy0LOmC8MuiGUKGH1FnIQ+J/yhRxIMCRTXxGE32wQjPtHfGj9dVk/lIj9IxyF1OPV0C6Y8sHwT84rqOZ0atXFBlbBb3CTZsN/8Ttz4HlVBGG4Ak4WwG0tmVvUGKNwo2QvvyvR8UYW9vRn9/THL2ap7MbxxkO/hcRpUiyN3dFHT5ZGZAXiMeCfgeQpaWjohYfZ9ZCVtGUM9DyxLfZYWIH/LeXXgQNWp+n1ccUI8OLsBHMUQ8MInhG53UBuvFYvfhPJjC1DRm4s2y4Kr2mE//goPEILAjdTmCynU2CHlypZHxfR9sZ7tBF68ihr4b0eTQx4dV0UrCLvf1BjAEb58OuT6i8mAEau35ciVfdJtrEUMy5WbxVRq8Sa1W1dB9Mov+EN7+GlqD5rGMEa8oD9jLxb1umHoK+5k9AYXgdykgp2/UiHOps9DlJxTcbO9+X6z++CVV1FXdxoMDZxSeV1Ym4IkwjDohnzl+wgx7MLoM9JQoi+jV9kUP3E8O9xaHGLK1a9zTkSmOeSu8or1sL2iho/XiRfsURjCo+Dt4P+4a+9s1EA5+P3qEVzxXRWoSwKjhxFxonpD0q3VXZ+b81lGdddcsV4GAaAgulcv32OgvcaaxATn3ew5jJmcyU2+uOvzowFwFeyV7WKJeNXRvC91drUTYtCKafuFjjAfcehFeDbA4mJA2jZoQVIwKdFfM4eHcOM8aPptcJD5a5fMZwYjQiep3a0noirL6SS2hZT1Y0hqu4eqOtG92n4Aa3HZUYEEN0irBijKskla8iXFtnOhtahlhq9tSY04T5BIx+VBZiVqye72Qugla+bUFMC+4SPtLpNaHJ43oXr4fM3afkGbHk1JBaFystdKpZ7jgzw+76ez7tnvYxkuO4jJiwTT7pb8fObjf8QnIfMNC287DIUoir3wbYqmqQjJfaDylGzyOPyqgIgi0tmXFlE3+OYrMGzikKAGNXFAeTSljjxnyjZzMtbZL3U5K0OWf/qE3FVupBZmMllOVSxaUNDuZy6Q8TybDQIl7dub7OD5MxIshQrxaqTMgKO3nt7sJDyCk5g0wnoK+gUTffHg82jTrzXfsN2TjKxHR6JWmDYlfEkYEPR2gK8gHdozkUW8YPjwCJeIXIgv7e0OTMJGA6R2MP8UntzhGrt11XGUPOxfXAE3Ic08PT5s+sDvz6A50D3Dq5JqIDQkB0vQCuBTpyS9IWI5kCeDHNZEnrRdTjkt69B2j4aO8LaTNY7gNTPaMXsHSGMYSYU71GeOT76oXgziMXNx0Cz2Tp2jhmH0jM9TFAHdWyxjb1Z4oN/HH/BB3AQBYPE7vd0ef66UK12r5nR0e6OD1bv3RVLqkzw9z1/OiBm9Htif6XDxlpfnKdx8rAR5iq/MRyb2XvoyIxkwCBdgmX+tdjHvh0LdUuR9cm5iv4hG8Msp6KY4ua4RAoRVxx3oZEzjhwgNqPbhnwLPtU3pU7NCWy5Qepv+MnU4v7RGOG3b3444/DqSw8iA1p2mVzfoZQ9XyAvGFIwxTmNcek8UNBcRdvX/PWjIDJ5p9gX20C1SuQW4O8nkoqRGcqylX5RMWyUSgiC0i6iYy9tLagDoR0GnIvKpgvwrCRaZn9P5c2jpzeUjtUEQv1hj650t+UUNOW+5nwweewcJaU0Ki4VUtA+nxUWSvnX7ZUUlQFfwyUtK+PCI2UPJA8pJ4IHiItLUh4m9HJ7cuv3H08Uv+LJvWlPWdjBcTRQGPT4kwvZi6ZuaPreFR7264lsp06hRlwNF5K8bYOBuhD5MmzPM8KPpmhgqTU3lJ8AXSZcOlpX8WYS2NLdDSFxBxZTbIBH3tMwjmt2zLV/vY+RNXGrhIllfSnbvTz9cwvGgn7tMiuAvDzzeMZ5kpUw30zPvYMK7wffusSG4Nd+C6EG4zSWF6JvU0cqn1HV6ZuPOdAurEgZZQoG7ApdW535B6VGBUuMMP59mVDHak2KsSKgC/v/xmMvGE/LafPpsXmxwkIyj58W4sA5S2oGsD0AP0AfdmKCkSi9BJLt3AAaBwqnQnkRC5ZtX7NIXabJTeImPgvp+uJBW81cVm4w5DiTZwwoMgJ0tmdIVx2tx0lp2mCkdYEkN+CTSQvBfZQwS89g5w3tKabD95NZJeyGieuvuu8IE14P0gveodzZqokOqc9lZZ9p0wEUJmUPiNR1VbCO6Alj5bUXyeSTQdEaVv6GZRDtLQ/Pt5gx2wiLFr6DRR6VcO3UOAKlDCRZcfuR+e2fEk9jrlIiRWg9KhJzI9b2MB0TBwK90x7k542s16Yqj72GbDdwki8xgd92QLmfig+5goCebPvN5hX7zJ/ajoYk7OfvzMz8K66xv6GTwy17CKNI+6AY/WsOaC9vR3OZreaQvmvDiUJa547cKBzHAVEfWRPbLcCDTfKFpS2dn4CCxy0zpBa9RNfkG9i5J8hc7WR63CqXAoU3ZKCIug51Y9y3kIbX695ywsAZ0Zp8y3tPiFUjL0GuIU5mWvGJXWxchy0fYDavcH5ntI6fPICfyAKTYf8SZr03KPn9DyJh7sI0/7WNqoVcZ6ujCsDwipZd7OAC4lC7rs5NT1oEQu+gDMj8A9NxPcYqPEa+on/c1Id44TzWl9cDs2kQfjy5R+OyjrYDr73B817CYOMBj8ygHr8JlteaLj2gisC3XUq0Y/Dr8WOPRkxqgOoFEMuK7yX6eDToSb+QgAnSLDG9OphTGx4bG1o+hxuWfDL/iOToYmvXjKmbo4KOweOxlBBwLJ+Sbf3Nxw1ViUA7hE6OV5N0S7lPpkDGWgbWtk1Q0htd4rv6czwDIvRsfc15Y/nofPHSw1P8AmwsJqpQsDw4/95JKIw1nEsXp5W6QlHf8EnRYlxFms7cautjjbQUgry2+oR1YGqhy5GB+ywcCnnPcrbEZ87n0miRLIDDBs4CvecMZQX8qhQyfEtIO+mlHKdsM5lBjCSZJNSkMDdW63I/3FXeGTcQt4KImOJdErjoV+RELbH5+v+hQV6kbrko/jUx/cNzZp7LbJ5M3Y2FN/REotpdQKecxruHDIBoAo41VIhZuUwOkW7kdfth66WJ+7hLHuzK7hw5zh6ojK0wZi29wQU58I6QVlmCG5WJ+DjiQStrpUvktE9l2BjwDn2aLIGvij64cX2QEMa3CS+Jpr9mZsOHA13XYcoWsVENO7ydOIM3CtPO+lNElb3u2U6ohzfhJlW6cVq4U1lJ5dOA8rK7otpW13bJE9ox9Vw2e++g1+yXki/VzpjmevUuInU3aT9BS3dj83pSJy1RmH9I4kQLvNnV+ewCsP2R2JxWzCfamwKcwNPpSBAhg70qvSBl/eTjbbRlWfqPF5VuRCpvWKe92XgiyB+iRgow0HFROVGQ3+OJNKRN++LzQ95bw8+OZBgQUhxdPEPtW88PMzhBKiwxz1gyLvDrXgXpxA9nkN4Y6d5XBAuaCF8J5EW82QaDn1sUnG9L5srm6RZWM9LHQdG5dYSmfoTwqGYOhi+zvp1GRCgea2HbbU0UXHx5PImpk4W6yjDd4Yjsclm6mChjQpn/hMb1fILeTzwIpV4CW0LQoisdnFbCXf+matPLoPV93J2zCKwH81s0vkULr3kj7WyX4OHQ52ECbRhV/kzqnt/Ibgu9S9+g6BrrY6ueMhji/GaD7xUxecYWQmiFZEvho8BhtAX1uQPYYsktQ/10Vxj49UOUhi9YA/q2Z8kCI/+LtdVY8dCuyZs2k5IxIfJ3T22lc+DoC/lTv6XBgrNcn22vTK/DBpX/mAWLLLkvYTEX/LlkVf4iCHUpLTaZRwGec2lAGtbSugA20yFDeJXl4f3faGDKcTHWRnX/wiykdMO4nj2R9/Gc/eOcCds+nOTMyGogOo0EArRppJ3IGjYBePNbd1l4hOPb8xvlhTBWCRyIVIHQxn/2Yljpo0Sm4A62AU1IDRNI9J/EWpDLMAIKXLlMBHAyFGMb4JqhqKnH+F3aNDP2+NMorZZsvAuqKeoHHSebnLBSP0Rg+Ztx1SJjDvimbZtyw8W/WaOlMRXwP3eW0aNeqVFjUYpRl36ss0M15BVinXyTSb2m7tz6voF28y+4DxPpLHQE8Rg3HOebuJtMmOnV/bQB/1ly4hGC+YJr7Uh4d5hSiI55rxAwTUocWArgTgUeE7Vz44KxFFuFYhFn1A9jZdGr3IZBCXI90kTjrBRLedJlTJnWi8rrueJocwVokTC42SQABmcd19pF81bOs/ZlBydKsmhdDbDGPDjzpo97ALmBqh0RkEOlsayXRnXKmwVTYl7lqZccwu6tR3qZP1nuQS7gJvFy2LTFNak9HwDb41KUb8MckZ8gYQ934H0Yztav/oXOJADYGxYWmK9/SZ3aRWrOc7GB4txKrEncY/FPN66KLTPlVdnhVDhT2/CMpPg07pqbnGqjwyCZO1XIv8Kgq0GbbS857R1K0oDNZYD/xPAVi6eJJiL1TYTdp1zmjUSw/IdEcV/0WX2CeJx+1ROulXz2oGhW34cq/dUoMaDJWdE4L1VfamFRUUbzLP8o+zV1GB8aguRbEd8MylUthz2U2pNJEXS5LLqQf0rO2Ml4lPDINE7U4QPaM0emrpQAyw5vzAujr3Up+bjA3Aroduo7VOIMM/fAd6OHS4Yv0X0MNo8SUhNDyFnSGiCTgvRyYCMUCpeliHdbhyjYpUoDCHK17ky8RVe0MAaWjQavDTVx/rTGZtH8XFgnal0GuCVjpEtU9Tgh8nVZgAd4xkozLzqVSS5VzgdOuXGGexbwxPIdrYJF5Ppl3ryLVHCWyT5gYLOxFRmNTa0IGSyj7kQ43hsXSDyE6ZnRzwAUIKdvr2rFaWn/TkI3T1KRjxSKkgdUMG48H8dWaUWEpUK4guiuMbP9uBfoxbMvqYs0kpPO4vk5SWFW/eB4Z9iMi6gpc1PfQopF6xjcnBK3RUYh3fBrnEWLniLs0uu+KBbDLIjzyrFKbDX7lAb/AntxqlFFiRvU4dQUvWCFqwtCnLmZy/86t6seYneV7n6mvewjdBVaObr1lN81Whyiw/EnIxPHyc+zDZeS0io6FOKog3YAe99xrnmzoUsotcG+hlXZ9W/fgWSY5wCZuNLck3FUlqgxcD63F1Wt+vs1IA1XAbdku485yd2Q/e42LJVF6CFW1i2aF8cVPMtgBpcpQ0c9UjlbE2dW49+avzdp9IrCcbXnIZhq/HHajNTIrWZmmUXZ6UlqDlJayna/NsWmVPkRWIJLGa0pYdpwo9Px41B8XDqUfQJtuvqShJwvRDBC0Ybf2SXyqpDeM33xqtXMaPk3wa7aM/F+2VhV0lM5iF0+XsTYL1KZ7xxezHg/tQigs9rNFhIcZ/1GNk+WVJ+vRna2oGNQgM/1pSpJwLKD6oVM0ncbLAvRxMNYAfsWA/+LxQjPWSUSpWCbAkKb9EUIHEbHuJ75bJ9CGTWWnjghee2eVF2O7KGEwwIN1JM2znmfyV8wYrHXgOSjl76MoQa1F5jeCuq+OvpFHrzKwIQeJkL0Zz33BdQtld011WpfTmTFkMI8txeHYktW4PAIqeYHrW69PGpvOJYmzazO1bYryh5b1CMn+QyGzY0JHzUuWmyqM8pk+OZcM0b5DgPcC9iYI1IvFHHz5Om667bNvI65qiiaaJPHwb2rrJ+TTQ2zLYZ/HCNHtFyKi8XnBSqCRgTeJk8taLF+6Q3TRM8VKh9p4RI/F071spE9kA5wejIMFaHmcjIWwLviAdrE14TQiJl5zNI6h2kLaBceNDBPXJkU4v+MH0OWdZa4Vmm9bOavWEHExF2SRQMxtGuYaQsidRplWx6HsoUFizkn0pNE2VvBfrpkeov8rVaTx4FCiVmRCDhS2B6ZWoVgLh1b2qGtnfpAPtro48okv1XuL4tOSsYab4uLJIreQ3O/rDdcZ5Ac9isBIwd+J7rQK/0H1MVDk8W5ZWFqPKrd60ZW07h8cQE26Awrov5KkNs+c8BVqu0+0qMnHMDbir9swrRWL+SKorr8AQUsVyTPF2jvY4oFG1eIglTo/FyRfhYUuxBan+uHLhEVTRwhc4WLTGd2lJyaTpYfjR56Pkdgd1u8YbPQmiWkM9Vj4Qk2oDHprwnmo8M2yY7TrcyOQ5+64SjfkQMswWTXlXNx5F4fSBPxUMkl0O7lEKiBLVMX4q9o6nOWP785t7oQhY6IMAGsYCY+1MxcjvCUWW+lH6v6iKYJ+bQdyPNxRKzjv3IThacRwkNJd7zTgXApol5RaMuu9X8+xR7+LFNattWxhHTp3OL22ZCBox8CFSjJH3/uVF5qXEqxPSrI+HpRo/vD3OX2OBkTK5LaibQ28b6t9X7otEYQwuBcfw4xORedu+HDUS4YrBHyzuE7BxhLsCxW89sz474jTxF3FA38RMwVXWYlGBZ3fZ1/CjAEl9rTFcGJH9Y6yV93unrRXmnqDoA6qAxnkL08Vm9qkWLRUEnYW4WVVfMO70ChnbzDg5UBRwR1WVvHe95IPLy9YgkFnlsxAf9booreRKKsRzlPyR5nCLNUbysS/NRvx2nWGEDIhmZfcHxitPqPrUDMsIvHsmIUoAqfUujh54UnDOR7Et6fUmH9vh2cxew1WA14MV+x6MB8FOcnVqiOiNsu5+s8w5C77a51MZkW4w3GkXpEsepO35wqQzokOAjzxNxl5qYVmEEtUjnufiTlMOuHuSA54OF7lJxaAfNWyvovJn+p2QJtp0nlLOIU1288rd/Lcw3+09QRckCTfsHbK80e9BDztG6/fr/cSJFvUNGySY4ZT9RxGmHUqizrJDnZA87VYQZ3LvZTH/3oYRyw2a5e1xLahK9V3QN5u6ZudmagDAwyoDfI9VLDbOMucjEYMYv4/mKFDpOoLrGcfkk4CdXoJNlCuyk+Nyg1Xf12pjj8OsezPTtKliddoQZtgLXh0gqytBC+xTz6et1bBiJNHXUadAe/0cbr08ucrvEL6n3ypSXOKBZnuZwtXxwT4PQ2/QQs10MWlfOFj1mOnR4nsjati7d7RydtKkxGOA6AJE4JExtZ9LIWl89l2R/Hw8iHWjdwE7W3WAlfdK73gh6A7saVBCfaZcX/03UJPvKpJ8wguHMzqX2AtOGKXs64LIjK9FLcO0wYlTvSqfpoSG5ZpoKtZAHkAul1otnJrxRaRlUIZ+t4dfgX8d/Ak6YV4BysloZh5SlscvEs8H4RV+u0bk8QKUsEDKLdxPcI2s18pJUOiTRit2ShJY4sft5TFXfMP1nkuIUyYP+L2n3HRyCzy/KthlX36W0sJef3h7kadUoODRYyFFcFhbzhc2cJkoPEx5ZhkM+EJ4nkf9IQFjPOq92b6tYGIbPXP2ocwHx3mkaoXkYLXV2TS6arwrSA7EveWYrFLl5wG0GmBe4cOYb5F61WrVCj7cOfVC5HrD3aDN7/wz3D76+CzHTx0ENKSPfVMWuNu4Oag6GOjj45TM4f6z/Xg9e6M5BMUWIPT7m5OL0mahaCPhVPcw7MhpAi1iaJuhcMiWwAPXDK7Pgt4bzUpRdEMzPzYRYAeu3R5nNtdL4saFfc5dIS3dtxjAJSGu2qUEEgbEE1pBW+csvbzKYQ6JVNzldcFrugQ1ya+uJMBF9hbV+mVSoMJF+qxkluf6JUbzOQwcBy8iz+GeKqFlB6sjhR6GcTN5u+ZCBEmJtAoX/lOu26NBVzV7t/kjAUtJ3/E1bF0uKtXkOVl487cRTiZfhaNMJLwbNtjq8IBWOYXmx5o/AG2NB8HQn53v+HcFJKXmsRu+g9Lglq/OJvtqFqpQapI5RXJLRp1kMFJPWNFXtsLlmXxJNgwoUFCkhiblTOEBfJVADPiKib2L0PIcsNp9MWaGs5dxbWhgDPCpOi6glTPWoOPrDw5iiemBSvl+qYfrletMULzRnq6MDOjXYv4pvWvxumFxFJomE4V3/eQiFc2iIsRA+w1U+ayUGJjU9LY9gjkZRctvrOlCO9ko0XOAaMHCqZeloehpdTt3+X4kjbdbEtjO3rUmgT1d5k7akgXYrkhY+6EWfYURUdENIU1A0Fg9PxLdcoKSKSK2iEug5k03CVSk2wIBlw83UKE1BP8bDdHTjEcg8E+veejDoVDRcD0ueI+uh3NXjiKX3HwvPwvnToYvlCZdbDsoFg9jLbVwuNtJyTnP3emAYXamh7TVlGvAm9TNDIhwWIONsNIhzOvy/LhCtHFuQltyJXTM5j1NKVdyQUsgC69WTEdys+Hq6HS7BCh1FehmECTgZfyuRPADwtjMRAi6uEDvRF9B7ahOb7T3z1ZUBGgt82NVrAfnFqgAPJ+YnK03U3844yk+Q2M5yESNegNyCedlCEN3XduKzVENoWAZpsh0Os9xSs3cPLg4rIqvQNrLrNN72pTJGGO1QPsRw0g4GyftoGNzJ87JBZYnc5ZS/Av8DBsLPelc2IEDbeaQIrY2dtRCi+wxGwksU1MCf5zqOKkdMBV6GkmX7zzQGH0p00WaERyfooCnpCyQj+uhCf6Te71y7PkurJo6vDs2Wc82K1aR6NmCtpVec/tN6RvcsMyCbUgjGdgmeCcMIik1vWMkxooiFlYqs1QLU75qCdHz8jL9WBVAadKgy9xQOLQvgE/MqKb1XEorabTKsJRffDh9HarlH037vjhlhE275d0d1+r3wELAXOzgLJIZx0jjfYBQVl8J0sEZ/PTsHFPt2B5216eFyhr5smNiAWXUj/r6QKH53L135IYbyGnofdWocsLMXTX6x76I9jemOLyMC14INj9cvVTrPFjeKDZ5U5Q2oAFGDoQjQiqOp3saWgz/yQgguIsh7S0onZ4d8rI26jPVu+4mhI1Zl0sxdccnN+n+bCwHKa0y9EjQIvgqxV37VfYofhFx+Sn3Vas7zxo7n+jwnJNHcoxVxDshIp261GMN7eTGcRMOB+dk3lCaq0NjekrUUcQepvyCBCe4M74UiZJ7VvtWXAHc9IeRQTmPlU2JH4Vaz86uoD5uF2YKUanZYU7HqPw1ykfEN/PNTF58Ij1hKifH8JAnuYd6/klIGxS0MV4QmHDF3bDy0+SP2kcwSzvoZwOK1XwRGIvIGi3Njju7ftN4vfdH3D8oescdyXIVeuphtTMd7yDBI+lc0lrl6WNJ4fQ+2IrBCPN0M9jZs0SzFU7R6poUzI3soBVbhPxGrIDwgwSLrJeJRg/zLV/YNFrpR940PVDH1gCIaSwjNev62NoJqvUkvWD2M3Uldaqhm4OsObCiSsx12F2ASxbd5icVXygjALnJTfz1sIuxwEvfRldYB1/1Y4PUvWFxkb1QwyIDKch1szyhxAlUMOEL4ZM8EUNbtGvSJGyFDXcDLg5bjyFce6m+nVGJmqCcS6ialz7YXGRClmwQPWFio5bzxAUSZyTjZALhYY5vPSTyMFIqGh/KZveVpZpQGDc00T5ebatMZLXWjvopyyOHPGo5LT8cUOIQLEjZd5UQywt64mzM56syN9dEUU3fpkBT2LGeQdpXhDMQ9Pa7LN+2/PLkLcp3dWEqP5nfDIBV7NkTytCNAwI/F0HlcT9xq88ahDymz24ob9jceEYwjeZNfJ7tXZVdIO18ZJU1OGFGGw7AUo0+QdcgCPU1HhHFZVcy6dmZlK6XqpVwClIrXRk+FdsiPJ/GfO69e8x4r8/FfOKoifhWsK+E6bllj1qHROAKzJ75O99MPCW+1EAtAvHM7zBFRvAln/QbnsPnY1zc9I79emRvaPvQZ0OJvMzYzUOD73vCcDz8QMpLG7oNZRL9lNFBOuyjuFGE4dLTfdJdG9lbUT6VB6THQFzYNn2waKQm9521Z2rPI4/h4NXUJ3Uspgx5swe0OtnVMpKUZO950OjueYV4hk8R/I0CHtI8lPoDTlSPmyKWfQ6J2RXGNHlaVUa5q/eTFpSE7YNZq9t2WpUTYNyY7ZGJGOBLLSzVCC+6qzWrK0mzD9MyDY2rN2YJE5l9gkknfIu0vcmG63shHnt3PqeRb6cHSwFuvtw0uI2kmDGDFiMP57YvdDObLOzigXwXCg4eOBgP+i+FB/v2u2rVhEzgu871WSWEB/kAZSYpowXoYjwteVD8Ic1AV+RTKU+OCw+9VusYWopI0kkyR76+xoMYXZpAQwHKIVRRQQbrnRk0Up0Bf/FPLvdgxqE2yro+zKhXmfANRj46U8+cudiT8A5ICbbjgI7Cmx+WRvCgzh252pdCUqi4DOuS4bouGM2MjwnpuHuGeQUebbN9w/2d9UU5MC7+hhhEYgSIpcx5nAV+UKU+qd0FrRKUDWVva/kx4845FClxQ0mY8ry7Po+5EG0VRMrkku7gMwMpezRU1oE8XBo5zb4JL4KBVQvyBRKuXjocORETz3+7jdH+zHeBAAe7KX9OibygrmGF7a7Lvn3lmL8+YyjwjvFpgyR91m+bVU53hR068mhNpmCUKDhGA9WfLx35hqYFWtR+LwC6HJe5Wg9j5vZA4Q26HuRGEeKTazzk8iBJqPZiEsb4mTkWf3szbn/TfG24+a14sFFwWsTWyphigLqDJZ84ta4HNRan+Ui2VQb3ug6IG7TpICZDWQVv9hQcB5jStogAzuNF0tFaNHr9290mQ7Q5eSZvyTFhPdwuaMkvdNUlRi8LsMDU3uTyvmwBUJIEBqHQzIuym08C9k63oCj8zFYDOtlsBkgEnCQ7tKGT5k4hG/DKaTACbE1i0B84OMgAfWASwx9mD0RRmmRnxnzy6+xKj8xlzagSk6QTpPu0IkSWc4QVFgC6N3gIjolJWoM9ETxO6Q1oS/WTgVCY8QTwo7jsntRODBEHwzKdSiahES6w7ilXMWu8d01OERQgTkHvPewiYVScO7q5sauezXaEjDjJAXp7dktIPtfsMgjGK2JynqItHQAl8IAncHdQ80wCsOG8Pp8yiBvxiqJaI9EuobfOZtnJnhmNr4nGsCdWYGx1FLxk0CvmkUtgJZTYUBdosk7BkzjV1pLzMunGfXOoVz85bt6zmmhMn4rbSLd8zimVnUyVpSFaBbkqH9ntVeHuNCjt9pCASZzHq3msOerQZcqsDlThQj7ACRHUupH+2vAWD/nxgSEEm9XDp96t9wShHOociN2jtDm4EEpt0hXvu8+u+dvvn6Ti0GBJB5iIWbM8EqIufmtUqpZtEZIfEs73LyxxXzdx6aLZZ20YuxGPdReEGW2jf8mioIYo+iQDWIXjBRuCu/TiFGXtnzDPvhqYn7EtoqTnoFwch3GhoGYFm/o0b0uTkjPqKUqiu1fWTnpcK8e5Dk2+fkREZnJPzDSO682YuH3iHugEyhNHjdUoek9+b8kcDagyfvukjdSsdgSGvlQRPvKVAMq54bZ+ZTLohwRhgOY5tcPeRppGCWUi/8XVezL1fU1hT2DwVFLDUutrCWF62dbAN3lqD3RN47EkwTOzDi6dt+CjDSh/RD93upEW1ztLRnb4cAoBLLDSkdYPg/iDjgCUd7ZqJN6EENo+zNk0kgYpxfqtaV+dzq5fLK6Ki35UDNu97vgX3iFpatcFdz1jKbWXu45Qt+7zZsciHNquUODxGzjndYimZQ31N9stbG0NwpKLT92p5KvrV6Ul/UJj1Gde+1e8UuWoG4/xQKD3wCTPp61ytlBXz3fnoWrR3THUt09o4ipGb7mYgEVR4TwGtP9e8xapw1VvT6ZilqWTuZp4Trrf3JcVZYJuSXfliJO7x1ZpRl68F75qilm0iyY8EIddkCWkfXjd8+YSacJxrHgQa2Vqg7wMBZuUzMW0a0LugOHFilJctPZoSFCwOyv0CXMEW/m8Nh8X6GqIV4opNWzuRs06Vp/Gn0rdbxdRELSWn81bI+eTYhC+syz2+emIt33NKG5z/tiSaAFHkRxKN7kqHF30WR8ZSiKisUKUO8TQNw+3MQlS1InINh98ea/TKQO2/BcMkciHOFeuyfDXGgVSbc0mph1r6z7MjZgWhI/vGpxBWJjBH57oJ8kRNUYCBdRiN3J0sz3fels0leVGTsfvb6vvr4+l4Wy+cwS34xDyhoBatosNRBD0w7nn9cTJKaApFsInDZLPEXILZV21lRMMi3u3NwgBxc2Q0z7eg6fkBp+oGB4eVBw5mchorSlueso8xTK6eMY1/2IZkCjoT/AwyeQNeov24V4U8tVGz5KsxYm4ItzQVl99Gu0sIR1WQhdIKEvP07cbw+uy932vnUPoGM82cvgosnIf+0XV39hLAjI/1FFEp3p3feMrXxQDEH0zlWGaaPymnU9sZAzu1UmPoDA6WJcuwKxn4CrPk0qpJlFpsSz0pqdnQ3KRp6d+6nSMnoX0lYPSeR6VPKBV6dXX4qz2evEsDt/y9kyGFh9JM3HqOizXiNgQ1c4BSjTQpAVKFDD263cWDGszqjK9RojHGJugauYMa5VJlPYFg5xzux8+v9JcyTnyYzzHR3D59kUKzu3pAaLtc7SaToGzCkjHAD0PTLuxiiPKk0IhI9ReRnBX0p9ooyB/egi4+8X8Hn0DKYiypF2bxz3AkStQdjivcAwrMiW3MAjx1kegcQQJvC9PzvDZUFbqtLRq5psr3A5wUZwgUMb6wlLFYrQnuaIYHfufyNM8kKxRJvA8vv6wOFooVEs8YLEHesVqAJHGyvSsdAFBPDdAEJYzjGjoczSKy+V5fU5F6ZdXg74bqDCckj49dOpjHDuGRBDbD0MEfXvamt1O6WhY83kOc79JQ5bS7IfICk4ZgOBFwemL2p/YNRF3Kd6qnbGHo5nL/tkJwqvyPpP95mqSoOlt+FrBSp4oTm92hKvlh6Q7cyf3JQzmMDO3euFjKw7xDZMrfpX4PSP4NVRH78gmGsPfCTJMmj1XSDs8cieCxsiUXXdwfF9d8QRRu0wMVVI2PpHEOlTjYEq3eUDvA/OfIxzUjyozGa9nnKfMhp5e5G3PXke51k3MPtPSuPU/HtRhlLczlKgXPfpVuWKOZZjzyT9nAaIM9Po4TPNcGc6QtRwng3H325irlF7p0trwFXbono2dTfVbbcn+m7qi2pJTH20ewKInin7xaIoSSONNJD7Y3bMybfKLvsv83tHfDDqopRWf6vhmDjeeK5JdGR/bxo+Qb9nLHUj61RBk0gXzkeaig90cQkVDd2F0qCiOMn6Or2ZIbBQSp5h8H6vKCUzVUblWix9MbIqJ6/lyK1nktctS19yF6fmG86PVax750pFLWPBKegLLf0AX8KKKMMxZyBbsJKRy45jVVwzLFAsazuGUlUxuPuyP7WpaFuOBeEO19nbd41N0VGd3wt4h6NtaCvSBk+Y2+A9K8aCdeAlHLXyCWoadDsjv4TYd0Ox70lLmVBGtNZTWqGkxWz29PizFFG/q8Si0V3wEXw0Slj8W6gTCu2SPdzzy0UtFO+DrDbTNpCuL58s+11blN0jUnCWaodQsidDtrC277cdtdGU+ss176nsVf9LDrMMYM/EvIiwwqC5girvKti8GpqO5TfJ/WLpqNemNLfg0NxdDKGbmycQ4Yho9/VXv78CB/Xl3pdaBqjrQZuqEDmR95nsxvr1FZQSIq8hK+ntON0zKimLNMi/wxbpxDBMpEj7O0SuU5j6BZo3dJEZDYRvznBSt8YmjFgqvxdWYN4tvkcFXc6ZRqB4xiiqYqvMiYLrcVSKOa9zkWFjCfIpUc77rgXJHYy/l4D6y8ShOk39GVY+j4W5m3Melr5JO61pidAdctKyZ39z24eirDKXz+vSBnDV0kx+2Mkmd/rXtAcoHfdvNUnvdCL5Qj4sIX3WrkA9brGp61Tb49Plt/Z3krle5L9shPnZSswJ/Ldh7OqlnPzLEKZZ36hcQV0CKpzN0nO8vV0fB4C0a+zpwapkrD4v+A03+2nSQlsC53W6BaJJUjrlOaktokcBOKkEe/AfJyuhP1VhWAV/DZ5ikR4/RF6OklFmRoO4cdXZMVOHYH9Qnio9bPUgES4Z63bAXs9wLwsi8TVGlJTyHQCvECcplCERXwaTA3eu2fADPBZq8YOZi6ok/D5s4499H6HWn4bz2PBXifr+Zgg7zpPOXObkUYPXncUKW1wWNnXTomj3X0UQEPzGSIkuBd2gcC/2yUqLArB/LLaCzyb4CRwc/S1IfySLf6BEWUKjpKEJczYbR1NNCQBJtFDk3Uu1vNiCwZexaOrvJ/TX064RzP/LfN4vjzf59MamA68BFd1C3kzt8VGVW9i/D1XG94VRTDknS/NIboj/hTVMMY0qfb0lsNsjCcLpch063txGhEyJxIjt/mUrNizL1eOZvxF24Hidwxw/nmEgoZ2EAa2/qTQWGaQ+gBZFnf2Kgf2pkK3LG9+4ho6K6QNTbQCb8ggBSRo+IGwwbw0rKUNOKY+lfJeFD9pKny29kPDdHOyc8lvlSylXp5tfV99SLHEJz1nlAe3wmd/bKwio+S7+E0BWNLnUgul8OnUOxXeAEHK/fjyRe7vDMv89KyuelKgNAtvFq/cjIQJB1zO3izMXSu2myKbxm0siKMX+yLSb0y88OIyU/vx6Jh1R3vDvO8s2L3rQAhEtBgiLV0fej+thn1XPeT+sIDA0Wdqp4iqHp8xGo3Ss7UD3nvI4gXowG5PNh4mgJB072rMf2X2nyt5lnVuS7R2haX+a9xWj5+qVLlSxNtUo+LwS/sMbjk75ChA78lJINRgVTW16DOS87mY2u0ln2bq1RF9vmeqOosFcEXBJR1YXdnH0vDgyksSmUxbVhq9H6RW+vp0zfcpiLGzbhGzOgDhd8oGY1P/QNUvSPEegXnbkHA7fn8liuEKZ5EiM03r7RXPhErhgXT4gZNWvzLzaQLd4FcE0dK3uf8spD1xX/MMSExsHX8F4AOY08dIVEAHSnn0FG3WQNtnZsPoLbTOESpuxTklfxC+FmtHHAN/SxvH2h5lEfcGT/PnhLlP+KBaxToeQsV/T5teLFZgSq4tHyfZs0T7e/dmD6eAJ5gg/rB8qSYnYVzI1juL6g0fDH+efta498i8OBiTf5UBFdgxzH9gxKQYk0rBE0qIyed/030rr9FUCYgh8sMxCtvDj3bhuy4yV+zBT2UvOZFQpDn/TaOkAV7R8stTWb/l6IZzWCMJ6q76RqNKESy6nWiFBCQEp9Ve3FxXOfKrwzteKZTOEQ21FbRz9HWOQi/6/XYBMLLO1ptVgQC32jr/747byj+y7FEr+fp/ziVb2FhArOktAYzOUz884nNjXkHDPO5J3q/XKfl9CMO1f0OBPN70tVir4Vptz1HnN+j+wmnGQE6LauZFmv4CoqnhEFPPkeJGBo9+djHJntryDbW2+I6DbDRyu5iWjU85mI8vO4r2JdMU/UsWsQXalr0gpG5u7aHwmgigUdT3xgktVhLHjhAsUzo4mZ5nn8RO94yh36SP7TE2XxIlKKOND1TzvVIbaIotQ5QAwZmJxfGy5mf67kwoXS6HKRgudO+uNmQhqNjaPZdR0aLiiGFtGx/JH94RA3KEvrAShzsErjF8bMqNEO+Ds7dGXIpkvgw+zs/8L38QSbhm3Izb99RhgyqeBfO8Wquf9dGAMGbMMbqRDqT1plZuc5d011BChGLgmEX+fz/dkT8W2+0wCFdQXy4HRCQ1iISSH8+l5PpWlyoMkIOMf6FoLFwF0Kb+VtCYnKEnqdKomSpnD+g1rwzg784+b2ngGgF44HWZUszBPlSjO/DhhzwcJhKROfcjAmQ/nV/w71h8evZ94JU4Dt12xFSj1NS+uiMXEsl24KgfFX6eCbEbW5ZCoPCjMDobTbahapatCeK+AaUWBTODhMcDRY4MYJw+pU2x1B+aORJ8t9bNCqw3yB4fkQmxWVkxXvDLIoqP732OrFynuawceTyzIgrl8+GqY1rccXY52uPT+V2jEE0hbmaz2sXGp+8p2lLqA+r2sh12qJSwH7zOBumTn6OqI145gBvIxxkMLUyqZzNOE4PR1kaMWVTlW2EW0ItcIfljU42YZau/NVfuW0Uwx4IsNkvi5qs90ZzxiSEsyoCjJpGZd5FLvE7D+izL4ETln9LayCdjyWoct61PpQBzRzMOOCgPUyptNjKXM7GcieY6vX9ZVDW04fG0vOXB+MXWO5RFA3PxgzC5VV/7gucACf+IifbyL8VTTxKGcn3JLptSqufIR6Bk/TQCtvB2rGVkXu5oy2BJYu8mDfhC9AuezzL+eIlaJFCtmAMIj/HKtz2eWVt2vD77zIPi+bLnxhvL2JG9IlV8r0xUjg+MPZl22TA8WHES0IMAHK0lEmQFiuAc7cZZAOagjE1Q5uG82dL0IeBnwr0prN6JEU+bPvkzVt25emgPZfVj2RCQVkDEobJ1AG3OWdFoR5mQipjaF4JYSZ5rbqKH3lMeX71+1qaY2F+PzgaShKcKYaPtbu2qtitJqNctftqf/14GTylPVOJNEyTyeVpirc7apqjoQ9y5+xynW88KPKxnWZyWonSaYWcvi0EITmgectvQbpgYrghd8mBPWmsIWhgvD7PRdxpF6oU90AP1WajEYWyouq48HL7B72YjecQBxb4zlxdoYL+zc4Q3aF1+efgBf731H16Se9RfwKXoRN+iO1JQwzPL6uVK3CaBKt+mgxUiOg3X9IXQi1uq4jcD6HQY4kG5ogC5ZpHjb4s7znwSK3NIRQ3w6r+Nsn5T0ZKS1RX0/3zW4k7dLM/pA+8sbVXl15lwMy0VFxly3I1TRuNcXgvW9aiGQa1No/n6+VDsjOFCBjJoL2uJGSs7YulX7tKYeSCA5jSCdfOH5kj3cFoXqMbUy4eM4JcFZ+npmV+GjEWy+CYa0QBWlNgKeJSlC4mo3wwSnjZ5yN07iNsz5FmQzVCQVQmeoTaB8EfQaiVWUb8VnYDHV4TaHMwlGn/qU8s6czD6Gx9foiLn2d4KCLruUFuck1hNiZdos6jLrDRyjZGaROi8E4BwZL3rPGNeW5fWN9MA/aUxY4wASjkQsLzbSSRPcf+9AE9+W8C4FFWGrWT7zP/X1PjzgpABkMDf7GXQGm9sYKSSvLBk0z55Fj2OZLFvtFPNVW78LcougbO7m5is+/pQZDy2Pje0YtOWyrSTnkGkQy3UuYNGntX/HEFKw0S/fdyVB8XtL9NgJYLVep/xS52J7s7eVjB9DEdxIV6vJa+rHl8hYNpicrM5ccUMkY4RFUstwlKC74GC7D+l19wlmsxURnPEFl/dllTxYFV5XX/lbFQ0G8bnR29w0VCHm8eKBW9/GvdVDV1lV3xDdmMIxUWJzbYzmyr6/LMMwVh0KrzAALnaAzRpfvA8vL9fqCtBZ89JmrIUb7rbsKarBoYWgBVIDkj3wmPBvrcjdxQ5Aoq2ieGHQ+Yine2qYaRh5ZC1AFBO8hP3Vmn4CTWwwXhL/oRIbHKYJGgi9HnIQ7iYNVOD5qS5koFP/G33N7RIZu+J0PbU8eTJBqaypIenrhWXVSUBmoa4Nrfs/3UcRgG/+BCRytyZLrt+8A45vGL5Bh8Xt2X+aYxy+agrqQnQKtxWZc1pQbjWtASbgAN4vGHfP567Cu6cKXbl5bVj6QZz6/Wrk956gisruOqKDWWp3BBj47uu/eBZMttIU5C+N9tYuRaOYLGiKP6D2Nir96nc2U6mrObiIM0AbZ8Ym1G3WtYDzDiG5x9RDo2ZM2ChKWAUL/+kZPeSdK88ucNeYFkR2xU3nNETsfKae4gwAT68/s2ELmm27Yo1jrvXzCqnQUxD5ZimgdO5kA4ASpW/FH0XiudZ/PX6F+0KguiRg9tcTJx+3vupcbspho/ZL6lbWHcYi3ntN/NGbWc61kEd0Sf8wO1DMy4wTSZAOaaMUcmAs/V90X/UFwMWo905vfz/h81ouF/4DhnPVu4JbtrxbzpgByMPgtN0SOH8FDsjv33xQ/QQImM3wWVQexYedP3JDSQjYi/m4AaxKmn3IZDw58WhfNev6h/rj5vGaFlruQar+EOfMV8YgUyYriWMlrd/lcRSLi4S3oZ/4V9xjxB0ccxuAIAl9K9Ru2w8y79JMpkIsH75szWnSixVkJKRItgbJIpiYd7Y6BC+XE3dWMJ8U6as53vliOH8KfVBPswD0Li3G2fk8jNOTGwt3w/3RhY81x4VhtB7G6QDMzHF4a65dfquQI0+/NMIOhVvRtDYPbm5wV2ct40W8kIg11L5hqZRI7m1mgmozdp8ZxIoWYHsr9q5Cg9X3w9poQfRlP2ih78uNA4wsM0vaUuEUcfp3g/7WhH8MCYjj7cfW8a2Z0aAhhY2rf5xlvWhHsMBi3YzhpItERn2ofg8RNc176RUNXoG7LoRUvVijwI0GaNNoWPiJloB0em61adssrH1h6CrA/hDjLg9WfqoA7+7D0T6jN5+/zUFdl/U0Dxdpu/ohLdLqVhGCRVpNWyNmCbtAwKuz0ShVuU5B8kKTDmGIphjIaCI/yZ1tw3jjXweWZ7xEqjnbgCB0Alsp+5JLrglW8zwvdHVJyJLE4PBQ2vg3T3NrLBc9kulY2eV7mVLYX/KbKayHts5V0TqeV/RKefTgos8ZBS652F/rOcepca0jOH6URluYHu+QtBvY8YMXLis/chL4PNpZVje2X/Rhj0c3YDaDg2nIGnH4ASrL9ZiIZ+QtM9ZtDitclB5EKhX13D78oR4gXrG9PO1Z+6T5FVSyDo0EpQ5nRhojaa1ZfY+xHoyDGGsejqLtz93myddtFrSEtX2+SELUmN5MwYzuXXp0pb5iPbajoUoZeL/iVUeoyfH/pzHt/RhcBY2BbQvXYvJkd6tFTikr4gjTq9fau71MbA/uSTiy7EyjZ36/8A5tXfHcoaKvpjLgqvrcSlluvGj59aMxnCqyzq1ODs2ru2pOyTS5A0dKV/2zuF5oKgqLsWPSAIIOJ3G0CGZZyY5SilaDeKGukunqnkuNrW+iH3nOJIsjDjxGCeKKylhZDXduJ4l84DoXCnM3U7n/xHx6heDqvCrXtrC/qjDQyZTbovb8y8F4eEeErbfuQqN4l7U6rpyPwYsNGnsGLUMguFCz8qS2iT5tak27FEe5cqxFHmOJAGPk8+6Vl5zWY5LReO4mvUr5zhmp9N1mjlA6OhBtRzqYqGjv4CKNbulMwbLePH72/52zfHJcQXUPmNPa4TOcKhnWXkGmq/EakwjOw5ZRzT/eA+RZ3fhVY8bfFAGIeX1sGidwtUIZiB0Y3jVo/cxZaGJlN+C79Hr4muKDTsfLUI5FBw0WsCkh1YHrOL2/EaMyZxDCXHGdtFXMECaD3idYfI+M6Jl8rJ9EltacqEwBjqCzTxO/9tI7K1i7ZKZLvc7SgOtmdIgoIZsZtnz30i/hg9NoRsxNCgfQRny+OSe7iAA0I2YSXlNz8FmvLV4ALrY7hneauRXYIK54q/eiRD6JCPkNcNo5GfsbPa0323r+o5nQfzMNPxFH9ANHQTuLEuz+gw3+//OF8q42EgAdANu5GiKbU3vjpVmBH4e+3E3Jfe0fNGT/lNsiohCxUOwvqWWK0BxiMxeRRjYTeRtt4p/hVcYaWG4eWAoV6210xrEoEb3Ur+0pj7mvXguluQarm40iWPr6LrCoE2R3nBNNhwtN8a7jhFbadUa7pzt1SnAniIbfu87bG/4qB3X2hhqIhpd/wOPHiViKQAdXDy/kkDdlOBhh0lXdFpnCJSsvS8bqb7HJ6CLsr+343xU7JERIIqafLz7WGgVS6whSiuLho2lRPSFXmyFwHC9ry7RaCcqWHbPZVGXg0DvmLf605jV7/f7I3xTN2W3AM48cy7sUT2yYQeTTLqH/aOazD8bmeHbPRfdBdLH6N2CmgVr0PrTz3zLh3bSK+Qz6s9FxT+QWSN7C8pXD43AThEDr08BRKsiA0mzzo8J9byWE5VA9xNYoCeNsb6yVeCq04uLO6ssKRuPgAWy8Gg4cXxbrGBEtkBi/4S+voIJjfIPbLQd5KK+RQddJBf0fo9xtaHEGjBAHfH6f2ox/6kVFz6Cebf/jku5eg/ZC9CTa1m6SE448mKUdwnIqVKUyymAnYsOER5p0WOW+rOGkTXWSzEqSRu4lk837TYRTCWTgH8j3RcQNZXxyu3TwfhtTzo1U3R4JPV9ol80GzHMMiKPzYKlg2V/6vVkJupEA9LwmGy4gcUIqb5OoNAvGmg6iCWC6Ye8PjmMZmv34hb498UJDeQMjEQgYGFYHSDg6snpTavRicYzm+q7zGOfCmLOIMfDS2G/klmsqGtr9JpRvFAFEQQmHfQqWLHbU8C7CG4yVYNhOI8AfqE3VS1mXR1iUV53kZrSlG14zaEVQk8Xx4DbKiPgEek/WZx6Hz+iLhQhhhytXvPMp12XnKbdkcLxy8mp0MhjDPLHEP4nG9gZcbJZj+hTnANrpzJm9LQo9tJCcNvNZpNtU3/ltFhRj2DnQP6Oi3bM6jNtqnsnPsb9+5IboefZqUkIdP8wXAE81/QxxjncsNYP+r+buy1djixYPJ1r4FaY5ApnG+V7VUryKC6kIa17xLKxGH/ohD2tmQGSVo/v2VAkjeYLpusG05eExMaFiZ53OHQT5pAfsc6A2Ir9Up7dMxbIpiOBB74zTN6uPHXs+TeRBS2CxR52eIjlb5rUub15alk5r7Y7bTJ8T2h/hqGlD4zxe4ouevpi1f3QaigIbhA9shseoki77/IGYXw5rWgXLikb151i49MLOfmQS1EiEsEqQqz9LWHWitkp83BGb57CqMHiwGxZ8BsoPo3FyzTZZX0RdDu/WFhHPLi2FBls30b0doXhqGxMiM7DHpGQ+26NA/PFs17Rju8DPuyyDUjYuPoPjwzECR/Anjs4YRRuttjyovwckePNBNLaVEGywzfLOPPtcT1yvhDbQzot7n9CSHQpyKdY3kFboRqCZ7bc2rskJB/QB0QkeOXPf6pAktjGPh4mFYI2ajC3XQmxFVG/0bUgRv5IiIK5IoZLMCJRmOWhnmxagqweF0xmm8+Us/DiO1Oth8JXqSsvDFtzWLCs1wh4fbu6RJ+WskuXkwMLpZf5ve3qxyCwj5BhwSXnxRVJ6wEu/P/aOy/Zm/z14bQpMWSHSObPfbM6Y9f3+DAAjoBoyhKLyN9UdN3H7Qb1ow+Ml9qfJfFSsvpUK3J3J1z2RWsfwX/qS9oA/ZOSTbCOXTRvmT+eMp7Mn99aOh4ez+QkqpY6u9tphUvEQZRFArBpn4eLOd8oBKCyCj8Ebu4qUNtTQwk8CNSNVx21+wIIBFL4SARwdmRlptSbz8xT3HHEJ9oJ8Fl8zfhEOjX8y4xq2S3Qv2UWOMVa0vHPGsHqkSvBCtmP+9hkkcqzluTTsv6Z9IU9gkjCCRCsh609cXPK6fl6dra9MP2vqk0zQGQ0I21hDk1wuaPzmasiDg8LfTMfhNEcAHQG2NY+S8ZH/MS7ZdouQSa9wn9/1+mixmRdSagy+GTNCgmeqyJDJc/CDdxEujU0NPoNgsu+EHq9yu6IawgGJ+tmKzVunkDRfbkKk/pgW7S8V6Xj1Lc8KxRQ6jyIIvemcC8YH9FSF40iCzq1OyPXK4dhaPE+Mq/XUEzuEoahRz8fsNNGWz6iMKznBIRyJL95oYWtyHo8+HrGj90seq1MoiZLwaTpwF+qbcBCTTXse/WNiCBGeZT/x7qsAhp1rC1cXiir8y9z4evrfLz+fXwYoz15B1kGnobvKhowzOzq/lVuM6H5LU4Ruu/wzMNQ05/sy2i4peWCEr+t/8xh+fsHoz9z2ZLvVuF8/qC2oVRC4VO/Yjf3hgVQ5cW6NFGOPfweR0VAs47969gNR97WoufFPJFHLecZfoNjPRQe13COwPBlx+efPKQ8uo99kK0W9fBFWBpGbZJnRoyvAVpUufumPDU7k7xhNy1gF0e6WnUiRoQ0e8eWqxB7Yc4dXBwqgxQXSQDUMVi2JBplE//RXCvp07UPRqrr/nMA7BEiNrucboRQyJF88BRadi56L09jRkAvBxFWX0seDo72+nIdgkaJMrKrBnnxJ8TUyXJhr+mVi19KWMBUE5aGI2EaLiorwo67HADUziDmazxDWehgLIkOQo0t7ncD42g4SjFkxcvQPFm0GNlqq8JdLYWTCnpgdnDymvuw0RNEr51ja3YWpq+bmZVqVUUTrqvCfcaOk13llqpRR4rb7cwThorVAsb+CvPUioxs4nb/YKXCCn9xDHBsNtMAhorKOiky2OnVAgCJ7XrqHWuWK+KHsXzfqnVGm9+nF7vu0mXpDwwdtSQGh9NGmftCtNSMikjdtuCM1stiyW+G/HZ06GV7ozxflCxvvuZuShSHa8588Li3WuOkiwpQA3f7apT7ZSPbX/2ihXfHx5wnHsO4orCg7JjjCq7llBvHWjWoP6KKNzFRSgozyJGq0BpXZHnGiesajO4GJYUBKJcUDQl2/c1QZ3PYhdg8hDwAUWiaexshUhGO0LQl9dfxDY9SNKvwXkZfuxCGAdzAeXKvN7ifavYOeD3fJ4GbtduMnib5YS2YFcOrXQqUcjq0T+0LvZkfXuY+v4C6BBNkHQ8hSjNVxDux0tFVaYn3enbtgT09qtFTV+MJVxRPXHvyl9ZZQXM5IsFmTXSj3kl9rZtDYSxmmTQec09YUYDc2cD+sFRxdwrREs4Aog0dRp/Z4wJnxhnErqE90IizQJlHl/m4Az7A73VqTFcBHK4CKful+ix7Md3n0kay/FkJ43IkdZ5cXbnu+nInd/tXzQMG/LfLFE6sNSFjYuYPaWxShE68kxprzF9mLdHtCPVy8GvsZnZeHpRrdkoSAM728S0T1/4+2XO9WU6JV+2KWlBaSo/citzD4HMhiUE1KZAsyEsxir/a0odnzyu4YLXVFUT/D0t3Ft9JJWybR71i5Ov7CrzeLLtWJ/bI/RrwEEAzUVEogc2/n72zQbMp3frrpU5Q6dI16ekeE99dzUaJ9eer6Jnol+oIlOm+Vl+3VV0Ovx4slKQu+kZhTeOSrQ/iYadHrG7pbCyeWqh71TCz00YEPhCwfVqPzred+sUSdCoZla3oUAIbV4AymjIYxATReaM1YYWrObqLTBa4oUdqvP9n7euN9GeWoPFPwPLerPz3q+2ONsNvfyEgDPiTcJTV+zo7Sh1RZFSKvXL+u0P5+jUd0hzm3ogNrONT4e4OzwpDzG+roXTWAaEEZLSqEhI4WBOSc0PVfTm0kpqe8Mz6Ufh0K9lCO9LVh1bcxAVCqkYkNBT9Mo5FrVrf0sgd+zVzp2nFdv+OKNkZ99bAyj1eup/uNY7BlLPQRuM2CxUn8J4JcWCbDwCVx6IWpz5uZlxQ6kaBN0Lnd3o0s+kdbJwM3KVJD0ntpfG98I0per8zS4N0+F7J3Teck988f8ovaJxTf5BXIxHFdtPpvpIhSrsOcrZbrJi57BcA+mPXd2Iu8fuKnNw/tDSaffqE32yR/8Pj54lzaj+994AYwKVGoN80tkFzYyx2p7I/m4TTC1XqR96uxFBdspWUqrBdIbQ/n1qu2MCW7Q+H8+eMI9gkedFnZt9ois5My3FCjFdeVehG43/zy6Wt+nj0FrgRjOJkNOcLGbWt8wEZKVAq3R7psf0GX0Efgbus0af/gEBo2x7APYof6YcRjFsxRISi+m0vD5VUR3P0/MWnQHCangVocxd42ZE9VxHK7QKqi77HF02OkdHcEQ7qiSSiofhtnnkv6uxJuX40iMO84nFzVtHL6YjlXbcEKRjxcNWa1KAPC5faP5TOJ7xnica69S0w5I0xRnexbcSjs7yp6TFP4ryxtQBxE2gftqAcYMy/bg9U/j9U5RPy+BXl77mpWMskDswKdIfDE0yYe5PhCwEX4Ce7UHFk4l+fNogsswU1tV/nGlH+6iTqD6aefsgeXQ74+DOkYBFMzrl70UK7OlRycRIgMQwx03wDqxp9zXoofUhO7m2RGHT1QFXwNXMHGR5uk5+CsuLKfH30Q1Ia2WvgEkxAZOwLWk90IGE2OYTHM7vewl1LUXvY/pwLtdNoi/DeaGUHVTCRoi+YNrTu+y+zQg3FxVx/41d6mx6q5bZM5hifjQ9IF9LX6Vs6O/UNdI35ysVOZ8dLlRSbKdncWIX0hWrGXl0w4z7Ck+Ptib38Duy9+jau7rQSMtnnjN86Vr6P4wWmt9YucQE9esicH3TQnHD1r15wVdL+Bn+e1vbCw/yZTGE4HIbXug9B/9YpxRnGxfYf7Y76lO8vccBczqGnYGLhGLy7FKTcOEL2NMdwutKg1S298xLzxOWvxaR9PA+XNpOPNRn5mgXIL5kfxwbody2wSHmacCkQVjLyD3jO6sM8Rgl/BJDFS6KtQEy643f7MLNixpll6BKWGO+dKuAd4X7at0ToKQKvHi5UFgWA0iElTGK31pPp7HHzY6bQDcgnfLmGvWfeufG8u+UtdBaO+9nXdiEJ7PklI2Vv6YxsvPT2MeEg3iEp4fEZQWdrTCWCa7O8+ly+bbmwxQ40i5f3dATYGbzqwPKu9eWZDod9pH2BMs1BkGJzhGdM7OuPoMliFvylk9dCIy5506ZS+ALHdTwlO8ae8WfjcOHg5QkehTOqKy5ND+xhHkQSCOCUMAW7pr+cn0FHdVB3wHLaipTuf1N/0MG49en6cQ7qjirLigavtNs+Vip1m4mkcOI1Y791+nGhfiy09ZDB0aXo8r0/RLZTRWhhpclYGYQ1uTpNEOwE/q2CHCYTeQRoAJnFAJt9mPkC2LA/SUto8mYgYCiVkzT1VW3tzvZxzuK14JFqvzvzaKZOyPRYxH+n3AH4yUN6muEeoeLFLu5AsAj++cyVEIB6OfLvHyvdBKH1ZI+ipWa5rX8/wKSeGVlBWTrcQ9uP3TdKefFRT2eyzl30UMGTg7Mdss0l3gdH0zVr3+zUxlJopeY4u1tNpNvZAbkWBkO5xEcsyjhSxeFR4wq9A9YxOc1d4SYsDqXHTDYWFjB2FdSUt6IGWxHSbKeYKOFsyh8gyIrNYk4BPGeteAxNv9gr0v+o+fVOeHNnDDQy5DCWtC4q+NnxserWwQ2MMYFba0GtVPHOVVq5Mg4VF5ahZIl6q7Zn+SP+cCUCquQGjnu5F/PrzGSwBxRjXjmOfObemQkr9UlORvd43Ftk96THGiFw8M+gnUlhFy1biZOILLE4bRGjIknvhdZVrXjlnzDRG4PjdwHKcY5KYxggDlpnSTPp7S3d/CbNIHpcvtb3nqbyBGIJr8OgC2Lryj9iGHmrRJjSGLT31AIrgTh6uiaMFF2qJQoeIT0ki2F7Qrlp1rpimRbydFBf5aP4f+kwSktxyp33rE3EBZlcXUZxLA8gR6yklthsfEC8m1b6VH4nOaLAciQShJJ4VtKcw3nXNjarSteajw7yBBmEd0toFf63mZTQAniEV2MGWnOLZ7vTjyW9UsBygEpMz5AS/1RRuE3F3BkI2/TUNujRZpkAj1VQXMxP4oCJt1N++LIfnOdcMwl4Mo4z4Wa3YXDJ8Q7irTLCXs6QmJeeyQ7MZxyYPwdXO1T9gDIaM6x4Pg2FvUql9v/7ZohPDi3325StDrjPbyueaNuNXJbNkDtu2wuEv8dN0jviOOxQoZgxPhFx32Vz7RBKkJ1w9wSKKwxlBfcytlvb/JePCZjv01Ip5xQL4DLZhxEQk1TN8mN7fe1BhH4SAVfRELz+y/hFSVZ0I+u9S6JeJf7cCybjbBXcAkEZfrPivfVLe+qAKgvClh0y5eBNgMZFyO4vw7xS4ANp3hCEqNMgajmR4Uq2O4KwxDNYyiZILeLAJnMd8pLEosIjy4Z7NKaplH+ZlcW7VClpo0Y2VxBMQAhR7ryyCc+g3jgM5+0gDXQs2qx8p8gwJmi9wNuEsWTwJ7dxDqV6bxNwQmE2JiRqYmp35xhIuTvs+mljF7cbn/aXAfav9GDo3HClio5skWsev7+tymIwc3614CW/KKL43Vvm4cY2OITX6J30nzz3QZfsIPcxBe84JnGaW76y40yFpPFwYjS/QkJxsYugOEg1SVpNb0FHqArxuILGkYTPYQqMQmzCQVS1goF52xjye7OAFrCKf7edhaeLLadnOs9FW8l/aC1QzOLKfBwXrs5xaHOTQAUX8dYv+wzUfBJii+hGjZDsv52wP/FbYR8S64+YDehFKdr+xLaxgkDeWL36IAMUntquqbmH2LEYiYoCOePdnv1AXqQkcXw+BaoC/KbcKkw4BtksK9r963cvIAd9i2gx6gtA5wu/XYqnEXk+jGzJ5VTGxWGl2gvtXbhc2vTccD/REzGjdzQyZYeYiYRaEKnDBnDGJd6DwYzGRQHR1h3k+vrcZ6EHH74UjhDeiLuO0/6SYK2WZ1PgtMhk/Pp4X+3XnSc8Y46jZyltEiRy5jLLrqOjBnX8PAOaZY7VL3BV3OOlw4G8SoyzEtFGzaO5NPVGOlL5DetGT56ypxwcm9tuZ9uf200RkQ86rRuQUOQN8fi6A86nLQ1UTYTSwJmxjRDv67sT/Fr6gejjiIFW+D94DtXvr+ftS/TadBaYGZ/eYT7gSx/2TEYpbM78fSQXI94Bm2sXqYO+XX1OWMaCWDVTNVaW+fkMQ6n3bc4tJbyenI7EAKQIcNy/XNyKEDb/AO3c0DCupJyXfBbsH/YJjIPHRgoe9DoQ+vCvKXEZz3gSyJ2nhf/l6ZGOEHhPHFZAShGiFUGAY4/mMEhmf55G7qK9+ryHT7FvtZfXp/4qpDfYPTyCTgajc9iQOvXDex4u5O/QQuxoJJr3So2TzWHIljWV5/AWX04o5+SYRWFxdI4ydwPbZ1t4Pf96G8ASksGWYCpMxFvy71chjNzsSDPj1Dng8kgAeSkS3eUUKMnn5bo3BaF7Ski5H1Y1SZYu0WFr1R6IIYZvj8jUHOozt7BMNbgp+2iYJFGevIhc2tlMe5jGx8WZn6QyFr36g8m4QiwyYHUjGSmvIqgWiqLRprRlKsnbMueyJE9wG5gFwrzyJKIChj2x9T5KuiWL5vKIGxwRKN1yWehzEfheQWhgUXGa4L8PdFwH85G9Zrvl00QFtfAvnI/3Anur8+Kif5g22YTDwFHcIzYrf9faRei+XRWAT8SRN9ovIL44xkRyaFLk+8AG9Y9HFqtFSzHKmqrvqOpNKzUMshde5kY1kGZXGpE6gDuYe7iCxPhANpayG2bedOTljoFgLEz8WyQt5lak1VwcPs/6H+LyBjnnC0JEMMhZ5AjMwXR53CnxeQhRQr3VSD335Zo/5vT65ZxdfVddQH9E4nytiViPbi8UN5GE+fNrcR64ClvCQExxgfQP6dmo7x48/R75+NSKvsQwmDxmAxvOLolldgmgFM5wEE13UEy+z969zpC5oj3ALzKTAa8xpHosKoQ+Bhc8RsJvwlMN7IF+Mudhe9XoxVFpMsNIpYDlbsOGto7fua3NCK88NRO0feFg4l8BQj0QcjM0HOBM/YY9PitcgQL11fWrTCZt/d2/8aZQT54Prb/tyBk3gmNPzdNPS+TW3Mt2iN/hzw6BpqM9fLlJpzjqRtXqhIPT6P/oLKr21qE//bTdXh0PM3ztl0s7Kssu6DdY8JmwRdrMVHNLtz+7fnQnTVMdcgiy6tCXvogtZ9CWgwfWrezM4Zsc5MNucLaPz7Hu1ysXRDN8OBwqVRe9Ty5LokeiWapPPGBnk9W9/V00RfafL9Nr8v0sVCG+tBQZu9eJdJTVfgb2SzDLM9aVRLRO4NHCEPZARNKsDBE6sp/bsoj6di5koNnWvWbdk152/n1sUyeT/LjLWvGRU3tggm+ZkK5cndE4FOuruiiyqP9fwwwXqoatfRE1xowEbjTLSr3LEjW/vhFJ73tyEXwnBn5pdOGfNoDqGwWHhHMMRx4pHJd3IE4p4eawnPS46wrK/sb7xQ/5KfKE/DT1SarvhevJ55Jsd80/e7rQDlReb+yQzpc4PG+7MgjG5eI6iLKKjSPjB4ZLW5njaF9kBs3NJhi0HjpnNuYQdJGOj+++40dh1fH74iGQFLceDogX/M5VHYCcqEW3FdRd+W1kPKHgJ6H230RJnmjosCA19W31EUVwfkk25DFOJ7rvbKr5FGsIVCCnBWmDn5PWlqZZUfwiTMIjOG6RWLD83OPa16Yy6SwXij4/ItEkxatOi8YyQb5+pZ//C/5+6RQCNTsFvf9zx6GYv82cnnIMP0rMohcIubA8NsKNImbkGSkfFyRxom5Z0aj+yzW5QVV75kH/8sUbXzMbxAy7+KV2SmnRpntUV0fM0v6sQRaMYE3DdUk+z2L/95g21br37hGrYc4UUs+lqM/e1cJNS2S7P8a3f4Yu78LenSEjGb0om+Jd1QiZhgCIZ19ddG3DSpoT0D7SL6CcsNr6g4yWeM5NDVXvxQoHAg4IvHkFMwH/J+DLeinpjxufuv+JFaDGO86O1N2ejpFlIs0xgpuyT5txe+rbAKfdEm6ukhoe9Ds/9+TmcXg0LecKWKdgDQN+P/11olgpqdKHCGQzYO0DnZctPosm8coBireA7JDvojzvjNp++HprFhrIN/gf6A0R7S89gwIEucZRzYCPcIb9bLxX8HjKI5ECaluCrTY9z/Lmem0UQHr/GNyOmu5w3vw6Ij7q2QtflR9Xs9x0fMC01s4v6IB7cBSnMGOej1JXMGnvVL6NLuzN9TZaTwYzGOwlQmpOlWthDHGjDS2Kg4JRjoXM/dTiXbYA3JLZ7yAyATxvtTUpf0AMS8UvCL/ZA+L8OJOqU9EDBGZP5sPy77lim5yqM/rXBT1B/+//dOyEck4bn72925bUie2ggdL1TChHgV/W6uRRL5L3qj48B8tcnqxHwR0OLvrosdAf0yY3XY9pcuInuecdBu6XnB+4WCC2WLfMqTrPpqvgetz20OS/GGWN65kuMgXlBac8RLu4rzIsvOWdpR+LoYw74IpyZeSvv+qvmkGJKA1onCUZNY9KwDw33zIf9EgvBftIDuVb5yKZNZG6aeCtRoKlhmi5nDcUJ7/jd3MK+8n5QuTYsmsQINwFAvpoWq9RFe/vABiLJYIxcci+a1BQf6ibZR4+a16vpZImzULk4KOe/OdI8vX0jTXk6tBCje4JBD9DX24Ve5tx9WAuNSREKgodVaUvhj2ZphHCBo+q2yjoZn0LuG/ZgJdXEN8L8DBZoVd8iZlK4yO2XrcqwHQj5hOW33lo4AwHNAayD1SqRnYoHI7DN8UmQZ/dGrvPWIj8AV97L67PQUrvhLlz8jmv2sLtWzslq81wVp05qJAq34SS9EcI8Uq+k6neOkR1qVTbnO/XfUf5cxSfnjk+egri9OHJLDTwwhBZeNMuLEK1xbRvUNH+Ndf2Jv++C0//5eAJiO8btmeOwnyg84DmuxLlqdfks/KO0Holq9dMotdvr7t03pOp5C7JS/yRRQmvu2Je8bJTs0AYZ1eounnuvpv3uoGpsRgfv5Mxlf5WOsoAvCXNb1WFF+7wMr0hLJqcL3S27hSYAmN/YritgO5xcq+jT+Q64RpnkFOAil+p49ChR0CQajvEHnpURiGg1K0zAmBi5KFWm7u8IvUazvd37/VSHMCaCcPJrOzE8usbEzuOrGKQ3V7DYsoCb6Yg4mF0rum4B7RkQ6kix6KJuTS67gtSCoqLYIT8rYr9Br2zx9Do4YN57g04jm9tPlW/EtbSn7YsOnDy9qY4Qi+t9d7M+ynyH4+2rplfKNp8p8f+XpzRHdunMJZVPHk4kwJc4zaMiDaW8npV/CKVj8aeBU9m0vJ7qrw3+xfPoCx9t/8r3wUT2+1cfvMOFiUP7QBqDt+RuPLRT1iA9ZPWWd4k4/eHJQpBo+bHf5DBnH8Qve2JA/p6D3CICU799sf8yC9Tkq+8Zot+p5VBeFSVoFjOBDCoIr8T5TCd4CrJcTu8Y3j+xgbtk29invHic3gVc8wfNXiv3f372NojbZIJZ311+2r5BR6m2P1Gca6S4SCdNtNDoDtS2QiDAIgXEiHFc/K6CFiE1812f1jTRYR61UgPbSXeudg5J3W9yyo72hlgHBz2oBVhOHpRZ8Pm3pIj/t6PrI7h6vTzpMZGwWuYUki95/gXP0ZhCh8X02lZfujQbbz98V8tqA3C8FyFDdNAvGL6jCJSKjnCD8A58S7GF1Gw5EuZlElHK+/7Bf1T+lj+LJ6Fdc7K5JseRJHtZJJZI87uZMq7E0WvMvAOLQmH/5FR66QCh/hn3V1Q1mifJUQjFnIreVRlTvtoAS04hNAX/AkijgMsOcN+AqbuaMONrDZkreyU+ZQFEaLfgVGbEI2irZ7gdMwgRNF7F4/yFIXibuM41O86uToClNw6t2ByB+2r6EXqw4+LnUC34yv7UhPghPoaXZ6N+SCLty3dnh0PoGGo863blhRv4akmi+Mbk0Uqi9SDROiGH73hWnf+xbAn+exmSufb7PgR8nRXXzPP6LDG4kvrEhl7bIbEnJJxtbZfEp3/9l+3kALa7YPqTGH4aQr06udUwXLlyUohTPz9A9OZ7+VTsbfKTPWsWAyG60j0QU0MbNAMSLwzX7yGpSfaNbFLfCLPusnrqhXqKae5XQ8+s6jmsGYlbMzWz5ulfJLESif/fvfqGOe3MNfTvtz4VhE29IBtx7KFYdBFEOVObjbZTxn9yt9k6Y2rj52H9Lp5Cx/h3o2LcN+5nY78dw/sWkS0vXlAh/CzKgTB4WLkZLWZR9LrWllb9rlond+lsG/EsBXgOX1bMo4iIIns0yyMw2Qbe9BsCKGgQB82NboTOk5JbGBBoJ2n6gKpgl6qxkDQhgN4QIX2MNSqlITeevoZCF27yV7jcUH+l3aibI2lXVXbQ5KtnwpL7YSp97TybebZxhNz4jOv86sx22vy01sGprlId/9SdIJdbAaVQQwWXXutrNxDAFIMPu4bZXGnX8wvaos19J4GSz5a9Hr3GWDrerPHFFjNSSpStgNzkqbTDsWXPh/DVKMnO+v96zt4/jef+wjPy6LfvRkl3qecTZOKJdnn3CuzWoUu+AQpv5CkFWRn9LL+SUjCVVSj2tXCrNXuyQPAbrky2tfpbW7Bnak/pzNMHCgfFgA9loJl2WjnnaSvS3iubxu/mCu1VQ3pTLBwglpNWbqB36EYa58Uea9WobaWiuS0jA6I82e0UGzaxOGETF0/s+Nljzcvt9dOi8KPAUdxGlVQP7tRsamMfxHdvm535luZB6U9LxJAX3r2yqfGtzSEkfFNJB1E8+E91ukZNXJY3FLIzczVx/2SJgFetZNbRLtcXt3CBkuyhCZZVizbYOSfqCCVwmvVMTlcnhCxyDyMWAJnoBt1SKxwNfpExbJZ113RTE46HPXwse7gUn4vSCL1SOsCr3583mZj8EINGVSb1/yfHuz+cLnOIKYJsFRWBn2PL+8yXP1BLhWrKbTZVsBoykLTelz9Tz+kaZ8vWH8H84EjqkjTBL312gjIJZG/fGMPB9M3uSwDwnS5b4z/oNXKB+7Pgmw9M7e2UTeqpG0i2O1tWyMqSdUcdGfqiHavI0m3FyUuuVoeQ3gyADK230rlLK5YevAMxrN+rXlxOKSxtD1M+63oKPf3eLNKko2lBt34bfZEsZj7dRvDm0T804LPHGsiyJK867cZWVNGN5MYhOJnu4Fjq9Jo0bF9abzkFDJpVmL718bUd1/QVEdj3zG+HjgAXXAzBgm2EhJhc4gbOZ1t+H8Sf+m13SDhgjKSv826KuwqwKgP/fJax/6ue/0RdVGGBydp/4s+1ms+Hj8AXC5hPTtchmKkgJYY7XdK8is6pvyQWhOmL8NUu7CqKLjhTj2FFWRBGtRcvc3kchybV9HgsytVgNkj4rN5zClEyQIsvAwVxs8SyS5DbhMIBSA1XKvihXcxd/J0C88u4yQBRXdtdmL4eJhLaqKiAkBM7f2GF+uiutPze4vllUgOakNKm6VTki7WzqWj0Nm08AI5/kbwkzCPX3Np982Q+x313FwpyHcqPfh0N3rIrpKBSoN572X+tYTt7Nw29QWDksp2ViFEysS/cM33DtGZj4a/xotaIsNSo/Pb/fqhlCXGiqjePloPAJYLiTsmkt0XXr6/wMwxEZ7LG7TQRXW2Zw6XvkeYma2/wKkrWb6gvj2hDjgbx29rQT6gc9j1+Ml1NYIOWDVONzwfJEvNn666zCkXO1pa1WC0/VzSYB9p4V1k54fd6ge3l5Pu4pGN9jo/Zf656Pn3yVu2k/blErbvElzCRtr4X/xphtN9OiCDBebS/yfJLPhWidYsQDzgT0Of/+T9x7LbuO5GijTzOX00Ev8pLeS/QUeXOC3ntSNE9/mFq7qqu7akxEz/yjHVpbdMk0SOADEgksMF3uJuxftzY5Auuryd8i5myoAfNJX2nfNSdBE2LUx8t6pjx2lTvTDyVPAOfsLPAoy17sqee/8dFr4cGOjPwxDHWIak+snlX69mAvyzZtZoMWN3FYm/l+Yc20gQvfBnGsFW1ooHebRvObl576yCoyF9qZVqVkRCosBj2rBSC/q9LqzxTuFiAmvdawyKTym7xXg4M8nJ10mg+aBTLGuZAA3ha+0A1Iu4wCqKWkpKELpTgO0M8N0Ydzu0IBqzsqHvXqIJyZ7mgXNH6XAR+50M0Yt3DvpLpNk/teop6caJEeYJfwlowjxrdciO20dM3Q2tcl1QAjHLWRU0P0l7v7CPTJuZZcfLJPicf8QIvsnJGSieZPrIS37LQkXjv8NzCqvZ/6zXkGn4NQyk2XNJ91xTUZtPWEFqYoDcDk6czUE311/jdhSNMNAoHnSctW341PQbHkI1nBBev436C4zUmSpRM7HTfE0WYQ4DVIS7TlZn5XJIOX0oT8+1JFZDXf26hw/EUUHOdhz9CUOL9/Ybl7i8xsviCi/XjVCUVsuEvZZL6Bkrxsvtfq4Y3XkBCUzXxTqudgajM+b93Q8A1lZhj5swfySVAkQO5eD/ftm92P/Rz70RuIl/wObQT+fCbejL7zWJqFb9oLfkxgXpFwDEgbsLbDhVnqbpyTw5+rIpP5FMwRMAruYeTfpeYGK4h6NmP/Jz8wUFrjzwtCUFd6t8A7z0CaxWsisVzWy03n0ngcLFAiZrlf/b0Szc9ne2UbCrQ2bHvDQpc+y+2LzXZVEwhKffPqJ8v514geyKJpySBIPKHOwC/9lkIybdCwPytyqsZaVV7U57lCV+yGvmXwVUHfL3VGlXW/zr8WYqTxLWeGh6R/vglzhHCOxRx2KeuTle8unPFJn2RHebdWsLMxWJbN1T3NfgxSQrn3+uSWgjyvZDo/SaqNBn04cVFnWKHK1bQulcoRVT8hyW+TbtT1C/mroZub85nzAfSQrMgeoRu7TWiY6X1EAHv4B31eJAn0rNjDrXBOJS4OPsjjFhB5PN9z1OpXjsaDF/PNv3l91UZND7/hUV0BIMtLjF6bhmQPYK9dHN1iy5w4H1tMlGi+PxnXH4knRkBfc9MtkKEd+7qwknFajwvbIPgnfPgUEGQlObw+tOHSmHhFqyYhB59/EDzwcRSLv6mngaXK6h3AGvL+Qzyu1UgBvaHz+5Um+MfQyvlJccjQkWmbZRFACcP+GvpeF+jpCWKZM1Jw8+qPvWr2557/5GdNtywZqc+DQQ/SEA2Eg5V4eYjt7L1vTkrkMAWW7D+ivjGo8jAiMsleCHF5eYnc9TULHsvQmcpXYUFudvCxqANzXHKFqIvD4Ic4KigZG+vwFgwTkbln9wR+RAW8oF7kvK7PhL4fcH6XgM/4N8oTokXENs83RaJVmuFcLFFNSEa9y1hAIJ36IzkOsE57Q6wriWoJPb/hjBK6Y3WSTpjwQ2TFOhkAN8gyHdv+q6q2bdMuOljDB+Aj2fhYKCOlYcKIjY+ZigFFyehLqpcPmIc9es+91MpWje2V/IY7FunhKBp6fbwSn8/SD5/X/HkYBzSsyjC0MvVkyxXVE3M8FRzQU/dSuGwzxYLdC/9FM6QU6hacfBdhb9XOOd8zrw8kd82zG4L44UwFQpYL1OfWqYC2ymED5sHgF8B99FeD/T/+/YMAfk78n/4GHKhwfjv4Vcn/099/6jKdzucP+bzH8YeL4UWfBjPtnM34vZNvBaexN7Nj2X9Db1SP/BsCjdGc9eu/ofcjCPxz6pPNa3b84RTK/xvKdoeYDV22zrfeA/129fdnzp8TGIr+HO9Vupa/bsKQn3NlVhXlr1c9fj0XLT/Hxe9lf/MlfN8IKPpgs7b9rQLf3whUpT/P6KXIdZC9+e8bUlP21c+G/e/or5d9onbLfu77N4Ro79cyaXWTPLSsZ/tzgZi2AZzPh37996W67rO3tgDBCNgd99vF+1fx6/9vIcsY9f/bpey/OgqU0w9zF4FWf5+G/ltvUbM5zubh5txE1I33iT5exj+8HQiNbwX+J5v276CO/8oL/tVWaxxt/L9u8f9hc/+5qQrH3DMGAsPAbss6dP9F7f7j09958ttZ5B9agKzAFx1l9rJaM3uMEnB6nyNQgXLt7pnKwb8aaH/rfyshv46FqKtawCbYoatu4Q7ZUX9TKKTbvz3w6y3ofRy1VdHfv5ObN2UzuKFqW3Zoh/lbDTT/fu7zgFdVSdTSvx7oqjQFpfxPcDfk8fgbQFB/5G8g99c/8TcMe/wNefyZxSHI/xaLw/6Cxf3TOBXzAFxJ/rt9gEDJjdeyZI3i30qA/tO+oXDkHzoGR//cMQRF/u2B/rljUBz613tm9MOe+OTN/zeHaNVtlPyOiH+n/twzXLRGbXTeRPTPXXT3UJ9moDjov6boNFrK773gYFnnocn8Xy1F/kye2ffz3yb8XzMF+yvC/2cCX4fxn+bL32v0hxpAEEH8B1L+P6ep/3p2/PMII9TfP/8vBxv7s6TnsnaNtKjJlv9ktOH/erT/cYDBuBRzlFZ3F/6hi6lHCj0efx78FM/IFPuLsf3rofxtxNssX/87FPOPQ90P/V9zu391lH9dRTHqbyQF4w8KRiEMxR7EP0x7+C+mPYpSN1FgOP7rCfLPRAFD/1tEQcB/IorfJBvoWSBcfwb97wL1z538B1n738AG2F9JZ8B27GGbE0CKv0vWnyr8B6J1KaMR/PyRsOmwxb9P73+VVf0DYwCfv2ZifyQ9L5vTqI/+iYzJvyDYf6R+EgL//kNq/18jVBj+G4xS8AP9jVAf/0SoyJ8IFSHQvyEkhRM48n3uL4X4/xql/qYp/YFS9a1dKxYIrKH4f8HB8jylCOIv0RWSJP8Rr/kXRNZ/GwPC/3t0Av0NRn4b8S+l/AOd/BWMeZB/u/ne3+nkz1RCkn+D/gcU2r8Wc9B/jfZ+Yx1VFxVgiL7/08t4A7pfPCP67SCvDkBDvw+SFsVZawxLtVYDGKx4WIHu8B+N4n+Cg/4Z+JO/VeQ+SG+ivtnlzyEi1GNW/BsC+oMCDvkYTZt2EypWQTPA3cmmGfnHiIGZbGC9yzEsaNpxIVotfqwfjAk8o1xwwIA/dsHHfzx2C34A9pCfY2Ac4Y/fjST3xx/S8X7p7/eHv4wr9PfN9M8l/nuSsaD26bL0qdXFpjvg3Atclb4XOfrUHbb4w/Ghc/exSXPfcn65af9W+o+NmL/Jv4RSiSa0k9qSEy9DkapCG69jQMqisGsXv+ksSRschSWiUEeIB8mi0oZIuxl2/tkeZC+LbWPY6fvpQrvzZrjQL0dbGs/QexJOa9VZt9Yv3+yNC1MNqSAyEd5j34MCm8Fi/9iSa8Tu53/e7YzgeA3fVqmdwMWErY8zFAPCbSxRlso1FvHr1StNWEN9JFlQwg0fDU3R9MRR/cQ/SZd8dKfBXza56xV56hUMnl8TtN1SUcA0H7/kn5KLoTAkUNLIh+9nnXTtnortJ65+r1ebiW13121IJWt/VeQn7vUt8K1P0LlbgFCrhnhY5Acf3cb2X/Wt6MIQv2cJX1DaBKGW9G2NMfJ1sblk8tczf3H1H571/tNn/3T1j8+6nXfFyAF/W9N6W/QGZl/bx+uI2z8hoON6tO82f2LJgyKf2jwfH1MOU2WWJn9dd2IkhFJEOEMHZ37oglFiX+jD+913H+AGS33759U+P2FvocFbaY27T2Xu+DnfgNqEfvhWLvAO43scFF7nnQkC+hnQMv97m77zqw3bpH/+RZus7igTpDSjd/mHEsMleD8HV2wxWfj9yQKMxu+1+8M9v7+5/oeWcndffZL2uQf+szXu/goQYYl85QzeVhv+vcf+8T5APSz1pU1L9K4AVcZE+n00ioHU0C9t2RYffOl4/2TciMVv5kvd9/OkgZagrDl8m0Xo42AWncoFFshA5lwhpvmbSRQ88/O9a/zz5RhT5+hd55jiZlK7KzFFIjF7cH8Lhd2b+6ZBZvZE5cxBZfcd3CyxJmZw5v76Hhu/Sv8p9VsS+O73U8VP0f/KF5TO0gwv03zCiKbO8CbN8ibP8SZwEbkZYPo1Fxf6l8v+8cMUrkTvpkybMtgXSpo3O7vvMN0/3XlzUY6hXZE2E7AcQg03o9MBjzXpA1yV1v3+a9Av6WPSjBRsiuKGSrjiR6KycbvGC/vC8NrGA3KqhvODxL069CkyI9mPkZomcfg9PdL3MG/yHL/MIAweSJNQb7BIN+b3HYJReuK7uT6t96nQBSTMUAmH8CQO2uJSTBo7Qp5OvXXl+VAQa/KV8abAz3RKU+z3oXJls9EQ2w1nEu89g+3RbzJ2gGcSA7XTEjIS8HJadli/8lJB5UmMxgITppga23miQvJGm2TxEt67N2dCDzaS4nNE3ExqekEcUYPgZpd7vohpNoIW8Q7rWrq1EizVR8aH/XjnTp2/Zh7WW9nGpIn4iIjURJYyBjB0Pq3JU4/godkeWXNhIzs+xZmHt6hpuScacEKzc4nwqYsscAZr98sdb2j2dq4JdeZIPz3gHS9EchagZvap7Q+UY4eAxzliIzi7bs58WcCDnZksP4/VIK3Jx3N/tZT0TTIZ1vmovi2w7tr1HqJEiwanVP+sZHQ1xfHg8zSKgsB+0PvWNVM8GyPY9hy9p45u4+5jQ2n5YR6414wrp57TDM3CHFYW8JKs6wVi0OJCaiM1gWrE2OMzzZ5ra7u1GxlpGv04HyafCb3S1Jxt9qYdD5lReL3m+pl5SLXY56XO0iJqc6QJy6Nal+tN+rlgxnXewlnpoeueabkpbNGDfYrFyA2M52X4mClobbiGSk0AlH2DrF8o4fgmcFWft/bh9eT58BuiWybFvHwsfNb49Bkau+q4UrdF/czIEecIK53nHSG0V+VMb0jsVA3ihneUMeeEROr+gXpHsagrvva3ca18BvzNHd4hFCyEgjb3KG36LsjA/QpERODXinkCX6idSZm1vxAQfpqhGOCkDRvWNIFV3176hhF9wDXw2QgIsPeB8GG02/Z1zaI2zn2s5eDqUlemROpemZvoGS5zY9Nxa9uAP0KfJoJlxNMPVnqwHawyzIqc1nvxPYonlMrZv9V6lu5beMuf5KY3sXsW8i6bet3LlpQGGOMnW7yQ+JvvYMTtZ7e2aoes46Y/X/tQvd4RXiXfSCbC8LLn+pWKr0MzhjX+SHHp1nq5/xNHoVnjgRo7wlUvXM98LPg5y7OCPZl4GUzeL3iW//AmDWC2L0/mWcY0b076i4uZwc2b5BuJ8TJfBo7AuIHM0JZw8rXOuocJOOSNG4ubq9EMY2pkDhzoP9Q7OoygdB0xXNjpblDYiO1SgHlNUzEFr+N5T+HLuildQSv+lWtKhLaTdo/NCWY/40x5D/Q5BvVwGIR0Yvzn5G2bHTv9A/eR5xOVrFz1Zk3SZkMiJRd6sTMx6A1CKztYMJ8xL3/n8BpwXTTTT9zaBHbOmAU1H2fv1jzKwn5oiOEcfhQF5JdmcBC7GhgVHAhGojq+EM7BNQ6Gh+9yNljXdTRt5sQTq1TfG3fR3WEt8ZIxCADL88NRSduFcVQF61xmpKnkfi1Z45xERu8P17k5j1GNDnYqcyeuGSVTHM+B8njpFs87B7cL5QzM5A7E9lYwDbUXGHrLjqP3s3jUymQcZ+M+cSxDm3KZH2EtsjLwxhMwi7bWZJ7h1z2l/WKeXoniLSnKPd08QI7lyOCSdxBGoV4lApICa+nm1opP1ESnd+O1bkd2q39pwuOhhQwfApfQ0/g0OSPkauSoEvYGXeNFr5CFyVzqELr5PN+wgsSto63dPWuyUWGp+W6uWgXc0y/osbLo0ppL4AvQXkr5YMzyYwoK7CzfWdmoaN4ob4IQM3dPQI5xBmO5Hr3FIPCUNJdNdEpcuZb0kBCObzifDM6Hk1ND+yoImvvcCD2fPjeif+f4i3TBhmf5ISBvDgMOVT28BYbHb71VSUK9UEkZhR/fyC0J9nlUacufod45s/WW9gYTcGIIwDuE9mpinVGIAjVKD6paIOs4IHVtq+nFtVxYL0mFssIoaf5ePF/jOgLfrU4KY3U3NblBV/UZTtPseImJO8Gw8khIHUPdGU0gP85qtWwvtbTGfD7Xx0faT+WFRDHiZ4QbktW1poouIilRq25UoJ4UWNabKKVoLM9aFGyfPIboNFaMj7aJIT3LbFHFPFonXVi06NdOm1BIApI3VxJmeprSdwc38MA9ERVlFBDeTqjKi+UmXSZSevZfi6wH21qGjp/W3pNrOCdFNka4ZifT5/d6A4WvB9W7++57OIgJ7E+znzlotxtZrEqQ6kCgdtoGN5ZnwmtSYi/aPb7o5O0nW8ozmKlB/eQwFzzuMVPEtI7HnvtG+OpKCfq8I64nCX31l+pRQFjY9cxnDebICS7Chk5eyd7pM3sGH7ihXQn+ZB9sq/Lqa9gQlstYPyHV2Yg4jN99GaFTUVBD5i+cm+31OmlAvyhl/lQFgoVkN0r0iTOSnhZxl2lQhFSj8hosL6SM2esCb8Jzpnl2uhfcs8VTRwh4JXHq58h9Qv3Y8I1m6sOq4U2LtexVw6j0pBK1YjcCW72TNXLonnBvcxuLgi6Q5ekOh1BAGv98QNknTIbKmlge8rVOBj5btN7lbxkfPtXXFUjRuaHO8BCCaerDG1BCxSVVfLOumQ3JRK4nXCyO4eM3ShC1qs71iNy+nodn1D4Bw6q3FX2IhyGpwmtns2f6HBknU1dE6/NaNO8pju3vZQM9oqaT074PaQ6/e26FZzRb39CKhFfXoOwDgl6txpYYxr4esen6EfDXXz7glcXjIBwLxAYSlO8+98M9midr33iCex6Rm3j8N1lXCE8DWnyj1AQD/FLFqaiAZViAAFHxNAdZAIjeWPr+7sKtDfwOpe9zPGPxtuzwIn8qjOuoJXPQrmAFhQwrZRKKh3DRlzkINJQJTjFqDPl3ybTzjLFLZNfoK9baEoQ1Mp6DtODY6Sts86R699Moyah7rAitLWLjbFCOiN65SM+mDwkCDoj7iz9wadONtcI+ZG66iIhgNg76K4jXHEMhOUvFGXNCpyC+Ab5lMi3tkBkuuTpJJ1GKiXSYEcuAGzGCvb77AIAtVDA1rwJBHQVZrvUHL8N0b1AlHSBaA4LAul4gLCbiz8UNKvoGD2yqxR0/znlBeSqIR1yaKJO7+9yQoDHncCDjOvEquSzJS7FIC3lsmONjD5LRGsAkl6V9E9KgLKeIONG700PMvg7RrLfnhUIWNKKxnVwAuALUjQlukLd9mylgm0NjeoJdjLowv6gbotgwo+jX3qhRSYhu0bYH32TfBlb5wPr5qNvf6HyF5L3B3t+oJwSsGZ8WYovEW38jPsBdRTTqK5i0Z7gKMODKQBqbZ6t6Ugr7FfAnxzs1xF5QYN9PAeNEyUH26LCOkeZv41GKlxpe+CkIRYTzbwOvNHto3FmXF/1ZToK6FxdgAMEHEqFUtsnrAwmHgFZovbOG8EL056govq56pX7pit9G2sjNr2dmNsvjwwaTEMeerOMgeYp8CN1kFxSUfTPfyT4Rip/GK2DFR1qbzzfSHusRA5W8BsMgf7Yc3fy12ngbdZulMtao1OxaxXkejkz3c4J9D+Kbmpk+Ol8RqcJAY8SqGrK7029O+BYnHG+BDEmjrEWHrDehqKaOOJSBf154D3OJx749g3/zQyh0ZqfIUMDhxSOi9wBnXbJktYm9Ab1tMyEbK/Z+jsdOlrX8bBMr+DYKpIzkcxkQnK9i7q0osX4zOkHRNs20mVPYF+p+AzSy7ZZtiJoDkpWXXOLR8TiY00SKxb6k/oadO4kBbJ7LuiOf9cMMmh0xIjs5XvMS2XguhHIPv0RLjBncF6QYbeDnxRvxLanFZpFOJruFttAYx3MsiU6IcxfroE1+4TXpqmmSV7VjznuzS5zcMOhe7Lz0DaXE232Zl3zBdg8nS1qMv+V/4X+jOtwAtjtWdYn0i11Wy02HgIxL61DBNrHRsNsMMrQRq157KTz4miMyubYuRoxsrLBPH7MaDTVkQXMQL6rP9uNegte12/WG+Jc6AR622Uz8PI2MR1RcTFCrE4nkoZbPtiJqKExwTRqgW8VZeLvZBFiImu31eSwXxMcBkRCng8oeW7+sbsWwwYV3pOulE4/yU03pxkFX5OqktRofbxFvzH7v5XkT9p3SUos2S4VAhddwkeOL1MzXQzn9L74y95VF+oUhb+Wt3WydIWfWWHIjCxX4Y96vMyyfwoZH8yxTbMq8+gRSPdrU3QOq0dOcnnlrX9frSI1byFdeYNWL/yCYY2lDldGFaXnUWqOsp1c5J7PxWa6/hTzbzUubnm0Xz+7jnmS+5CTdJNj9JuvDnFkKKz9Nv+abAmdv+Ye1Edu1md3zsppSmqJuYYnYlziKuJ3fnNX7pCX9frzYDgW4Ycg4/0UA1+2zHF/ysXpKJ1py48s1wW4vDJ8qnL2VS2EMNEvhdgeixo6N67Zcr6c9ZRtSWZzzGdOWYdQbukqX/vRUjRtw6/QOBBJhjWrGWOuenejY0Ji/4aYPHo1MFqiUHM93GfP2o5pV/WUokVZxcx0uPUxmMHsZdFGJV5NAFumtJjHTBcyye0wuixVVg/5RMiMTOh6usvLFf3Mf0tm0ULDIhLhEMnYwoSJ642M2Jc8P37tFmk4WoT5KOb8b1IwP/fCGuo7jyNbUvfLsUNDYXfqKCO5hb5hL0JSWbVmve+EYhVGtF9d7fNg6Fy2lPJG3fiOEeC6bw1w79hidX+nTy7rxehrxMbtZTpTZ0aPMkXTB4wg7NRZehmTfeGUe3Sg52VtHU8+ac8bhhTPHDveVR4whMMJLQhwpyvZqW+pQbDhUu1N4qiyZMYfQMpQrtDuCiibYj2DVGlLnKPtO+yzKNy5DYgp9lOcbWC/6ZemCZHpK2vKNbvg0s0lTmsi/mRfgK6fGg3/PUYqtW+uLteUG3lUlVEKZ+hqWQ2GnVVhjr2T50lYAfIVWNe3VbBkFNFf5WT648cZy4w2eu7GFSBeJwP4sYwAlmQZ4gzddWzYDR65vnde6sYZN13onMiTHWkMiAZ53ma1yLCnvmzwQbkhBA2sfQzskQ4E5ODlvg4YQxdVOfPs8reVC09RqgOZhdgQ6gt3yAu7pN+j3yXP97nv8KFdPAmWSe2EQEhP4nBD+5hoLG0etJz7d5lWj6ojsZfi4ETSCuHO9r0u9ovLVS6kr3i0EjwuY3dnPTL+cHF7eSFkXTMzHrR37QfcGKyakf3WIo/Y3VAZo8QM6in5m8s3ptI5shS5Uzcc0YGhH9amLic8xv1TdqYVtVuYzqdHc2FtNwj08rb56lDRT0ZzUx7U+5uy5ZoTggv5G3DZ7OS4x9wqkTrqHcil0eWjqpeE3XSOfjEbVI8v49qPlMJPXhLxvuEnuRZbxd0FgRzTzXIF6x3x10G06rogV/TzZjAX5Rn+gcg1X1y7Wya2+hXM79p7vt2OXhF5YkutNJV1snTsqBgTH+S2wSwu4FsaS8z7tJYkRXGXLvBUfYtVU8PIYupW+NU8zywuRfr/bAPJpxHfn5Kmlt0Y+TD4SnRr6xMz+TQzd2bQJLiDthx0bzdpHzPi8nL0f0aezZDhiFc6gd0v/5Msgdk5Pf/hW7WVeMhG+tyxBOEDkRaXwaq382dVozE3uxb/NwMPbx9w5tzqCq77zTKYqgrDUQL87agA+Q6ZobIrmWl5TN4fhuFJyvHlOBTVQWN4Fgm0CxEz1To5WNhqT+xRuNq+7DT/373M+l4+hdsfrVbBP6Ym8WyVGlo9q0NeLHfdr0qZM/aZofgwDob5fWunNK+o089kA2KYM1n4Lr3ZKy+RLAfZHsW9FpyxA/4ZZCQxu56Sz0zu61eZtzB9TurSe9pXIsTvzOk02V/YKOy/UNPnJghSCTLX3oT1OV0JqGbH3jJoVYaRHYBMK8zAxX0U+TfLg+zWFfNbjFFX01VEM5+c3Vvqjhm/8bcFdaUEJLJjX2n/jAO0r/CBBTkZGRZ0t3ixnbafTFlbP4UBoFiGnznpXP01zsjrqn+L1aeTiJxc9PmXhomchQWkmCrFFx1+WDKDDXFeTRGjQcrXte0x7a0pbLZ6Ksr5RGNhPzagHUajNwTTzsrbeGlCXvBGTWr36MD1FfU8F59L7ONWLgBiSxzJ1n7qE1LjWDfWMTCwsJqZAU1irV0Mkj4aY2hnDezzWol5FGnV8tkT1TeCGsrArXp7gSEa74XT2UuCHqt5T106K9Rswk8Ga+L3cYrUFo7cdLNhAt3VjqJMq9bSXD/7SrR57fyj8E+O+M/bbPRmdMQiD5+ES+K9diytQ/WjAQthRf+UsI77R4GUuxfEJA49/O29fO/2ay9kybMddsKGZRfOXM1UtA6uxC40G63nNWipsn24Ya/bkrNHYkbRPbAKImgkeWnoFZ7eGeelLt/RKUtj2NU5D/Zcj2sPLczmJp9WITO4JK5cF5BCRn23ougrFkgUtGgYQ8djRlYBIPoHCqhV2b1VK/SVCSh3FeD2Sry8PAMCRkzwv+mZnX/E5+qRByhvawVUE1ZYiAwv58yY/jVPZuT7sJ+IgDm0aM9a/SYPWmA65XuoRbLl2P3eAoPJT5aTme5t8b7zFUm264xM6b43g6mgvfcFjJCXtQ7U676Qk9xOTHn+qcsIOOLIlWN2NhK8CxevmM2cryeo4+ZaFbNPzIVmk2uxElz1epKqWI4aGyDRM4iuTRcqlakVs670sPQ1iI0TsJXY6E/sMS4KkDEm/FFkrXZ+HVtGO0s4n5ujWwStdxzZ2EstylEuO1W5IorzrxrVv9oS74lt9n2pSXW/d0wOFaZMbLRFKDdycP6UMecjsJk1yEBMgCqJtDXfgZ91LZhasJlFt7a4nxLzVS/BjMPmAUu58NUmG7PKeauBDUoTDMB4/62m3lg/W00yZo/eEZ3foN7nM/MhkWuBLvdTNwJVrhblbUyeBWPKMC9+y+CxGsbrVu0K/TMRFVLtV/GaJNUZh3T0hFdqErDoMXg4W2DX5R8u1aOzao0NRQWtT4UUZwJI78FMaic+sBYtyV/x57Qen6fTqSZk4uhnVmsSbCo6uIZE4vPhgOSbZ89VJnaZZjjl+sy/YXXMW1q6tb7t1denYPvU8T0wzN2rk+Ebpgi7YWG2eenxDp+ck3X6kqh4iyXoEYYPbSi/ApWelOIciUog2AVIlg44LP/lk4ehXPGkvduL9OGN/0hPBMfxIbaP0WlCyVYh1f36CbMBhd3a7Wc8QvkQKyUgNCdse0nadYNK9HcqXhzVpttPV5iZ2H/7D/oZFovf46VsvNJVwsAdbNGRoIfsDYfN3PbgJcDkRk7V4KrYFdvvub5AZ4yN277fzTY73eeMkU5henLEvsA6F97EOrH7cLV48toOagO7TD1ujl//ZllxPNBC78qaZpCXgezyYl9CHRunpU7POeWZXTaYon+LIoJQ281zfJofSKYCCx31pYjiLyL7e2irpogko1lvIwSOoE+WkJfLGghu9q0M1TX7ytu3nPKFLWHb+G6I4gwG6HHqPmfUicw89byYTo/E3vDOtZGrF6fLk92KmXZVs2i2ELAGdVwPapmDvulM/uyGBR8KWEHjaCkpanTySVrgW0i5ZXSTA8TcT+aI58OLQQZH8CbRv+NoaqfG+GQr+dXIk2cA/u1Oz7TWPWS4pD0NdWEU+nqaHA7KlaWiOrITaYZD+5kgehZ7076LL7HbS94C1FaRWVkl9XuyB1ZWelyKA0usLhBtCiwONUONp+ADyfXfB1qRy1dQIS2AND0RJ4oQxgU7ieYu+ks4xTAxsb6EHFFWUDAPbdTVSK5GgbeoSX9tUA8J5VhsEpSq5QJeDeqdIoOKhbe3HF4DX4ys3nzuV0eMlDtuxCJXnKuSr0pOrnsLluOTHzdgybwwwsPxDf7ePxl/6S/ePB39ldHEQYCCdnWo9EAmaFr1x5LKuf37ItUYw4kYtL2JYAli3Y8ZCMSH1YfbYX2aT9eNTPzC1EKkq5zi8Utnq5DSY+Bg3BHg70TYIRS3TSYNAgFG9mM7Ln4JHLhHybMpg4u5WRHEjv8S5AJHHhfH1UguiqaeIyLYJ8R+n7b/fEXwKIsblCAjFos46eatVY7KMwbE9GHTJoAal2RpuHgPx0MbjySgZGuwogtbL0VNSyz+VlvBccUuOK44eRZmu4ghxcfx4ZjuqZm08us9AzSK/uFQFm7au7DRVLQS7WRFs8WCm3mD/EyS6yamb7SdPU0usxlbjx5VnzgdFD83Qbrhifpo2Hd6RncqO+sQIo0DIGzS0xdtU8L6/702R55m4y3K2yIAiC9BoEnGxMnQ0Fm/wBbsLXqECxaMi25qUgkZgvF/NUSuxXbS0IEszY00r8RLVF2nSgwTvTFbJ16iSDCbxiQ5bfAOh6AYmb6sY+ofHKvzldW8YdjhPuT4Op8RO5q7wjBLY67la35B13/GKiPo5ep63gtUFwsmJxWwjYhgD8T0M5bJLBwVIxD7mSQkjQOalvb2Nee9gLgYvdNi4slCObvsgpSN5gFGF7oOpXkQ5yGaBgT1prw9gHAMqY0EbATfZs/XYLSRPmmlMN5oWyPRZ5ts3gYv3YM0jzUxEKrH7057b2EwKkd2EuQhNlkcv2J7sFzFDPeJqVmRhTZ2BldTuSgzNPeTo/tthu9ybTbfufFMXYII+Fw05fMdTYDPpKP755CZUHBrzBR1SUasg4GvmiJ/kEA4q0+sPrHb9ROT4uwkZYkCOZcTghC5bxeWP5cUBdh3pyT6q2asZU+VtsU9DqolcqsuoEkVVcyR1hX3kE9kq/NGL2rOweLsEulxX7j15JHIBsUDp4Zs20WYK3wn9fiJEnC09MxJXc51Lc7HjFEbTlEnaY3hsaJgU1NupQcJQxs8eX14NWFGJRY6SuZTzFLWt8eRaH7CEUe4bN//9MN6PzDh8PMwXKl+xin9ZIdq2qi+9VOIziKp7UiM0gCX8C3t5ZDeQ5yTDqDhWJflxM5kmBgoo+8/K9zL7rU7LlQ0+CZGtBgNVg5s2W/iQ9Lu8lYrzowf8dHfDBqun4oDldpO9ITHS+jtsPgSLzIccPrjLURN8GlxXmauRJTrksRyPghwMWFgyzFA5yoqFb2A4aDOh7LqlwbGLb/mrFDm7PPgoRu2ZaxAVIt38ur0I8Zk+XhRvTvXVM81ATtc21y5hQ09lpo10exlHhjv5xOzPHBBjawsPW9+2mzPbRVRePrs1AvS+kVwMrOc68G248b4mXtFp9ugSld+0DknyfujMHLMSFtc1XiIYtM9QDffx/HwI/mo5irsyPLkAua0a47Nin9jR0O+p1tQIEGP1Ft0LD10SmhO0eb09IyHlOnMiH4ttwwZSUDDWfb/hhMDRfZSeqh6q+tIJsdAuDWwZBs8G90gFxZBPix2+9n7q+a6E8/A5ZMdnMJJc4hEXH98uxXStbip8hlXoJKJ28oQf8SPhtmPtr1ktBaATMuk3mmycfw7Atn2IOA9XeL7UyPC3tgs7Oj1fMpZwaNo+gnYOmzZ76dNgC/F2hMVAS+OukMeptZq5A/tTYRgWI2hJ/NYyZm9T6+Fa+uFDBbSMok5lUde3be8zT/e5Hdp6UNIFlAh6AQEcwnzebyjbPT96D2N+huHbGdu4+LCir4bMCTqZyHUPUhQykC2t4LQrdSxC5XnlBJAYeakhOvhdx/g5J/bXEsS5rWbDSayIoR85TkDz3Ie0akUfO3flPE/z+OEh2gqbKiTru0HVTpYyhiXH3dwNTahzrt/PFsksLYPREQbWuv64kBrZK67TKy/V1H3JiVoM8QqSdeS971bRxOtwEmves4RFJMlZ3sjm8hc+gzO1GNcNsqny7sIlurSEGpXsVUWdB7IFB2vFDtWty5VCY5LatG+GVyqyTLXS2+NXe8oZJgLAzPIShzW05TEFmBRyGucwwzVijeSVk93YS93d2j0e0rRFsEnSY4JAbM7zLt58NQNKzLm1i63rJuEjfAFTR02lC2ePHchZLLyVz3pTeJ64ohXGY3VJLa0E0PQ2zFGG7pOPxM9uOAHMSwYHlHlru1atcR4MixNu+8paFiVujYuMA/zjzykjz8MeDKRbGFYqipTPYHzAhWsn3tedncWq+e0EFRqd01ReJJBKND2IfYkF5y0CI7t8qt5IdHPhCnA0KD6tG/mg8ITdL+3jxhLbNhN+O4QRfF3bVM9+Bw8UNS1qZI1w0cZLVs2JCPA+jwRau/nQbMrhu7M7y6fpzckQ6YZWRFI9orUl/fibBAwgGRskORRa8sAxtFpf2wJCZuTpTT8z4MfKLcuAvhm6BkkbtRrUgYCtX3J+pW+S1W2cciGwAN2RF8w+vNQ/zCWVaaMETO6lyMo0a15bvdpjSb2aEA7B2T3xfV7OJkOmixOWQadvMYjld9vX+Cq+yBMk2RCIxbsOyVwFW3xp+6u3+3kt7NX23ESpPEuGNEb7YOQLwi57CzPFZjjyAabEcPgvLk2WIcDYF477wKS009Ncq4T6mdBR9YsBWATrCqmF7tVoMfQ+LBfxnl1yn8jCaQb5KZh4BBjFO472JFK9dbL0I7kpCqX3cHwYmNMJIkqNKlpB0NNR/8aESaPnNHf7usuV2LNQ41OrbcoG/8WqCzYj1TZBlBoMcVqugwM3QVAATY+YNIAJE9dJSVxU1GPy00AYU8detibzoh0jb8Av6tAMHDa2AS6kswaGtTP7iJ6FEi8bz58AhanN61xJgEEfk6y5t5hIrTPO6gmjHi7U5zF69oX3wgoM8cO5HdrzoVYhPgmd3CPNgESbKFnrEBZPau5vxsm1TxGq8LqDHYlxljriRHNvwgdpjZ4d1/vRIR7c5aD1F6dhwSirHrGjt+ofowE1MfMcoWl+IBCe2bbjLYHcwo7TsDgLXE3ehW4fbptyXa9quor0s1gUYPTVc37ylrgesGfRYALjMfVZQlh+vrZM6nbmkQ4mMJZXt2KlYvWsN6wEkF7iPa23B3O2FTrttN/K2HcBUD3XeVsvks4+TDngQ9Spugl5hsIj4/vzAb4TYrqE9Q2w7H50vvHI4iQSqFDUP1Hd2rb66usafSZjaGq30CZr/CbjhKjxzAWqiC4egudub+vweAUGmgjSxHau+2vdUJJnLNiYHH6IPAQ+z7F36BC6wany1DWTt+yf9C31opGMBtzFj4y7R5Nen/T1cGwp3JoYIDNbeZR1ywytRQx4AfZ5AiqNeMYzv5VNFNejWAg6tYErUROhmJ17eBsM/BYjhyDte36V07MdRllAnxncLh+Q0FsYa/WylmWy3NP6jBSGuVGRixRpw/zmr2uIaJ+xbVz+Vpw/pTp1JwJbwsfq7qkgfRYH6OP6fLKip0xVNNvRaDmJIgnQOWcKRBrcFXQD0Ypt0QujwMifz+e4W4q43znxDZz3YfynnKxDcM1hf2vUh4L1YkqOYfAuy6sdMIJ/aXogH4EBwpUzBlBVH/6awKnQqdbjHt16EovOy55znVhkIAlKJ7x7McKBSvAGVYxGV9TZGxe13au0pifwsxM0H2r9ZL2icpOjRlmFkIMH1LmnCL7HfDAt5zwNYd8Lb0icHGE5BP7FuxH6anPn8wIe7Be/xdBdSCNSPH5pYmHkoU9/MIw6cvTMH5nCOKFk9pGII0Q33FyUAlCjb04vHfUjXZ+OXmwZxszcxUmb9jOoYMUoPh5g7eQDQvUiZJgDzdrBvSXakkc2dvihY+PwEqhHAuLlJiEuvfHo6poZHbH8YanjjblmNb1yJgmi+VZ95mQTqQ5+rrJRxxRGWrdW9MXcsKepzY6OuiJfIhqNy4EFqBmGGmlP4O2TnuHtC9g52h+DEpnhsNz3U01lr1Zqoyz7ehrNUktMfU3ydZOTNFyDnFxM6qDEzjHmDSEgSfhEQX/guEF9/qGttEiGfSefbjSpbdO54tIvtqDQwCEor5aJeo2R3UMFdb3yiQvOtxIhWuy6gmG8YdcfG3imHk6mSfPv/S709fkSeqe4wY4C6m2llZ6RUAZ8TgK8r9/nNxbh5l1wb9TEE1FCwVWhg7nr/nrOwKsNgEdp8T76rLRrisdB2hpAFO2BTyI9/iHZXJtwsRnVbm+8t8ojN6vPYgbxOPcgtle3dt/YrUE7kds4ulMYUNV1Oh81fT6QW/LF39UO42vdpAf+u7ooszTwsf3uGvjxcOJtntaBP5PFHEUolovNMfpT2kmX+31l8X7SIb+KLHAOFy2EfwC5wpPfBUWBpgrJB2Yoy6pIduXPjN8HIq4KVpRV4IQSx0VT8LceiIiB7ksGFnsWtJyp1VZGaY1C5NrKwbihM70vLt9rFD8SWRQFTGGak99hjd+8reYhFzUgDxADTdq46aZjAuIe0aJHax523CIBNm70jydcSBJAk1hWV2puhmASh55vDiNL32Ruay6LdGS7DQh9JlTzgobsmLB0U+8a/sFUgpCLyjEaNO8m6jI+PmhDH+axStbQEGgyDuYOjSflZ7HuYalDIvKfDm49SnuHDk8AhK/Nyn5qywmWvTICqCde/bwYw01dMbMX4S0vnHWc12EGYqh3DGo/SCjsKlrxsBMS5ws76HZZoAFzsMLZ0ZcXOWd/fcQ3pA9C4AWcfIFFoqlCAAYJOZ2t6NUfXj3/2B/iFEv0wldayivEIkFejb9ZIWgxzSy8brsl1Z6EJcnYrfJhubWzVbQw8+LAlnwFtUdfDM/QWQF3TH2qN1BS8L768tQzKT5AhgZ+xgJlTzTKj0mi7W6KZXoLXn4oRlOP6REyNxreuala2uTmQmYjaK1Ac8o+eCwqpyah4dDpN5dHJ286f7HbOYq93OJyW9euQExnTVep0jWfyevEAfg/NR80XW7Mf7WMZfdqOBT3XxNXkr2d3sXMIz0DfJ9iyJUV+JkVTy3d5xlj8ASDZMcOD7U+jbCxk74xdZPnmujKh0x7fIPKTZJy8Vm7nfp4C/lGfJP2psp1laeNMSRiVUzuO/kuNiDXHt08QmHrlcfcKVN6OSvswN4kmlsr3yeH7Ik5IaqyeUFT3zjCdLvXe3dgtVzQhWFDwYKyQ5iuot2wr28QaDVPet/yK+7uyW86P4LZAYfQyZ44NdHqxYQSdrQIwyU3Vj72hpaODzZ13O0aNmeqM38sBBQ8iRhH1bXSjOOaSnkjGyhclelVJQcNwzZbri2ojj9ZQ2+f2EMlKlkO0kh662BUldNwTVUx6TjxJmzRXW+kF+Qlt/Iyv8uUqLrGPlnI6GGR01idl5BjvABElZhlOouz2bMsiKhLhYRPAhnyTXNNxJKe2ZjZyxXSc6OhqZqU1ghiMqh4PaHbpK45CWNd85rMUqNbU9CocdeDs2TKNiRnmMQKpvkmChygUOX3NktQwGglfC+TSv5UgCtlxuL6n+vDICGcLf4LnmqwpZ9xNHzXQ0nNdM13sv0bAo8mMcKkJorCDOY9eITeCbPcjk4wjif9cbHx5tIfQ/bLpdz57Tnaw67JssuT886sh3asbtCd5uF2V7haHZdIPB9kfJZsEL49ps1vV7cKNmPggPNz2xcfriGjtuHLQSgcS6ZVVoYYWXs1hMTqYibzvKIrUnlGA+J5QTFCEAAQtczJRf2s5dX9tB9j5IwGQmogbpjl+a4WCyNezHUK4TN8nnI3eufxkP0ptEW/Q3TgysEQPfMCzCsxBHStElFuGPHwHLrgFvYG23pHrai7wS+zBXoozYvC8ykDSIfr3NRSjkAahtTwbxB+nukOzr7AJpZRGX6ka5uNd9uo0PjRgkbWJFrhpVTJUL01eRmkbnzR8PPw2QWhCTOIYfKo7bix7HeLMxs33PMPen3qnNGswVpzEBsV7YVWy+eJXRPaLLiyiGVZRsNXUzt05ukl/hwzrFE0HhVb6SM+cujtLBZioqVP7zKWpsFBuV39WdUKa0r5VdM8v5PFvPMn7rrXRLfDcbDuu9U/Q17LrwBDrPdhW5VgUIWBlGdhUWxYG4uGHeMghx+HjgxVjhDoOURzqAqZpORj5QxLGZEYzdr+kNTkp1YIFh0O9WOor0PpjvP9je1I9CLT8B4ugDDjjIefZsWXvhlFZ2T0jHHai/ysL203SjGgPyD6teDQTtWlBRC3HoXLJds6Iod3PfcUOcm1KCQlo8Yuy8Cac16iGAqL/NiDOpHHuUgmQ6Z6Gl+n+7Luk6v5+rB+/aQaPywwVbZdJg7Zjp89ht35lgbXj5dSwihnAal5IyMfexWoevX+nOxNs+omisrBJsRMPPjb2LSJgk780zv1VhqAGYMlw+vLtEQTMBF3ALgg6WpRiR3h1dYjWvT1EF/0WLRpQFA3KgQ20H3Xzl0jw0q+WbMO0zeCYaWFD7GTgKsw+k5ehr2smOS6Z/ljVBCg/pQpGVcaUandnVFk+ExCtqE0F3mZ0epkF4eVFT0VBxc9PtKlX9xBkeduVxDMQF5EF37x4EfFol/a+3o1p3PJZuSxirZ7lYFkcKOSHN+L4gc7nh3n3DOlUxq3OZ/ys7D3czOzZMoPlX1Hq1uw8MAVp6eDxOcMt3IWOfMA3Nm6Nk7rhGx0/NjxW5l0w7dheu4a1LDM8ThO4whr+rJVDO+56dfK2xeLULIZlzlhaByRxk3GbSfJ7h+sjioPyPYllqC5gpKHRTMnuLjkl19vwxyYmwK2605xz63TN8E4X2IB3pQqQTfsUQfqlKWtUnwts3IOhXMez9+FM5J2CN+sjOuZAySUcydwsWBcg9ADEE80vW+vEnVUziafpS6AobxVUKHIXzK8m9iuT7PUT/QymONIhviteEV7/Bjy5toz33/mj+87apmIG3NQUpq+e//wrSahWXLnkBs0Klyxy6JaHYBV38RrA9WY5wjTtmzXPq5b3WleEuuP9ZnAitC2kilzb9DDP2nlwDr6zt1Ylv0VDOBGtRV9C3PLfIKdZ0xgDjQbXeDW/XosQlbXMyGSzMPN22fARKR6jbtS1nrRFco0DlGJokrPfuMID8I6T48EDRF2FvFeWV50ipw4YKwtJHkI61MP+RsHYNzpHGpQkPqGoTXzPXy35rKSsOGj0rn7rJq/bSng0e8Gt/L3CAIAnY+8+UXnDF24PNg18Pv+A4Yvv+j8ffORRLJ4VTxIlt6xXABPU3fjgCehCWxAvEEkTrk66y5xV5wGQwUh5McLQd6igZxUFfGcV/D29zBtfdmwSi7DI4XxM/R9Kt48X/CmT+ZzdCUb7R8d9hZb1DVujRosizZcN/udM6PHfH6IW3/WgMW1r/uj9gaHosLcBTCAA6sAZvSCMdnXYDjJewPpwIKG+jnY5aSq0bu07cZWj90ZS0rCq31ywNRuhlejFXVq8CNQ7NoaOejHLkIj8froW6wuw3PzkT2RnJfSvQyE8+g9X7F5H1Z3jA+Eg3QJH3HB8ymv3vGP7hGI9OGROYVcyStc4S0kKDTxN+95Kv0rcuGvF5IgtN802ahW5IO5t+/i3H20ryg85c7S//8Z+44tyY1ky6+ZPbRYQmsZ0LuADOiAFl8/8CiS0z3vTE/zkMWszAwId3Oze00aUbc1ctA7sxZOSMOwCFJ5Gy+BJgLAgRl9dIpj85magZckecMKMc06keozZ8InjcB0cn3AQvlMEt+qGHSy6NWWbO0o3G0DxNFuHB7mp6vm7Fy9HmQ2mcbPKWrIZ73LMe+GVR01RFFnMZm5RurI1bspfEaW3gR/lnZEiOjYt7FDhLllU0wyXt9IKswAgU3gEpt7mqxTwSrskG1QsYwp5XhUNPD5aJQ8HmGPy2rTryJ5yAVbPbpR8bX4/RxgnX7J1OfdhcObRiGM0dRZE/fPtH0QI5zXWHuMUaso52Gw8Ic8TQbVWzZEMPLmJ+DyQpFiWT/Zl2ceeynhC9byYycOTBOdvkkZmHuQeyfAeAfNcrqYTh8w0l3Ns0HLs/xocSc3SBkedPryE41i+tKKV0qE5AmnMHF+tGmDl+gpvHkOgd80kkoiCEmGSU28pPuLXQs/b6UhPFZ3uAVCfQDsqpEofeOfz3pjw28wkPf8n2FhbCyojSi+1FXB0VQaKo9AzK6Gb6w0mdic3xOOBqiLGK+t7gUtrzAqogtoRdi5Kt2HfFlzl4oWb5xHn8kPiliMdtN8NX4pAsR2/Ru07RWDGrwuOKlx+MvF/UaA1vxqsHjyxO5fZgErv2ZbxvpY5E1XdKjcng4r1M8+4votWQKl0HkqMmb/99syNlhfeMeqN34pd0zNl1kEKPFCujzY1ywyclxf6G/ursG+y/PKFDnQOQXeIkkOEutUVLl6VavUEun6TGrCbdtfWGXB++/HKKW9U9gRiccUBzJQug8ONiPxXZD3p5dCPJ05HnWANXkrR/ariTuYLWQ5SxY/RNxg/vNoRUrh8erNpvvm+CJOPtXDwXekkUjEHrSPNMvN/thouYfrN5/vFMNTS9jIzpgF6z4zwc1oxDydrKnZSc3EMgqiOHmyGGwAY0DpGt4bjr1wxh7eE/za2DOcbKKb85VfkvuiaNtSOxEuU3QQ4JgCxg3UCr26TYmg08zXGjux/r2c7m4TtWahNK2+AxkhHkWQjBHpTEWLfqAXeWv0Y9HdT93IWF3c22G/ZQPWjGAvkeXDZyZUByph12H2aYKyVjKXvqYB7TDI5thEpvOv87lXdTL5taA0g22ALXMJPCKwLj24EEeKH8DfAyKtc7T8zcrOb/g9vWt3APSz/yYemx/2WJbAMSY+R7Yy1edF0kmx8DchMQSYiiPmr7ldUpNWv5eRvEuU3lRmIUAi8/DziukG1NC53g06UUp+upcfKgEYgQnsq5XueZOx7cdAkwC3lBH1SX/EGoFPm/WHJCq6He0SaaCRwZpP9Rtf9tiCQvkyhaKk5kXIVfSDhzIga4z4JjNtBPLh/WP3xr/t3sM9/tg953/YPbdyuc+Sg8HkzL95pX757iAvtHkBV151WYJ8dpUIx6XxOujHBEBimG9okQaEPczk8JFLCbF+j4ROTP7eynH53jCteqqLVyMIGVQPmKm9ll5Oa/jle0hGgX3c5vZlHizdS3RZ3MYmCdPf3Z2A8NbnIdbRCBOwgdE6Y+sNZUuBkA0QW7lVCg5GEbtwH8DmHTjrYeR8WmF02YP8DhYvbXxwv8nzWKO4JBMWCZx2k3ESKCc0k+W4pg00bCoSu6zH4CXMa/KtdSscqkNevvNntd8G02fcKi6Gu6FW1mHpUKjIr6Kh4pDvDZQiuqlWxXzLarkdPEN01su+KlLD4GfETMZdbKFDsmOzNsHRqyccKEhKoqZ25THU6zqoYWSx0FoZKRPnaLhp3HGFZFMsYOE3ATYm7ou7fiFD54Fu2kNNvqn/er1htj5OXqR2NJsujTrry3ZPOcd6d7NwNVsQXtCXXkvjj8HcjOVQDpjJJSeG4Chfbb6fc4hHzx5Jms7rUDqPUScbyx95AmTA4HDeW7iKrve6829V1jdeC1PxzTXYKvg+ETT7Fj26bx5CHnJJ3Xa7+U6KacL7F1Ruj3VqFWK7hVsVYLEVX7uB3zodCAVCPjr0sb5CO0YGnrGyadxjx2t95jQmRum9QCjzGyxyCctgzINNdA04uQBAjwT8WTewuCZJGH7PYtzqym+SSKt4+5UuK6H8873PhO0uIIJRqqB7+yNfl9bpWioc7qHUbvVZP6TWQnj3c7RyEM/NXcD0jXwKI0LMo3+3TU2FiYGKsIr4FxZAq6VBoK9IFHnBqmWi23r1KWVr7rpXxBpqrz5sr0rN7vOWOOZkBBikAtQP3PDZzZ+8QX6ZH7wWJV5kYpB3Ob5HZMcrQ4uxR41FPdOvtXwZIh+TJcw6v+ldPqOZpf8WeReoqG2XS98d2WbBWEyiPscH1efEFaZTjpu4gVy1EUNILcRIf8MQEgR+sBQ9u6Uv18k0ZdDOdimaDKizXLbzi1bYw/ZVEd7yLMo4JLqhJHjBoa19qEeBzMhgkBHaWZv6QdcLbvLASCNpHzJs7E4z9W4o9kErucdMmK+RMHeyWTKnG7E2mzmS8rjWGiaUanzuK4NR88V5uUdY+DB7FDRyRC50YAuyViXrbahsTywBZ+cOhnnl8F23VSlYwSGCWnUx/1b7ynIfCUY7qVt1d7RHPfb8LNBEJJfyc1WwymcnHwnkWy8Ns17I00r/aGTyzCLvZpBp8ftRLlR8NUKeOvQkwmsO1BIoKmFRY0xf/bfZBWpDysY4T2l71+FBn99YIf7YX8SFMKe8ueHRUik9g7EN4sE5DUC8ZAAEb9XnaQdum9CetNKBJb3u4V6bBzFTorcpwqmZ6Qa+xWxp3mJzbaTZDtfhSR4eT+GAnHIa4QnaLm4ycYfhI4fu8b9sVTHbh+mHTbShGLIeTv9ia4zxtp5TXcFtw+RATB415oFTfPDAHFAOo7GgZxygTo9uPwyR+Zs1uQKjgA4goXgKiuQqpnwYDxM6/pUFPZzpDwuCmBenAw/VUud11uP4QAgV6wTj/fFn4W2cNcw73PdiooHGRzL4WTM+rpiHMArHliBmaMXxR5i58XoTobJmbD1gx2eNavF9OCqf13WNGjtBC+a4vdEjYubZd/vX4o5UNfdXbLR64Zjq4QlwA/MKq2jE590mOv8GNuYhbKk1OuwaUDEsEwZhnTIVijMFbD3G53b7oF5KoX9h4ge3gzFtIuBg7n2iYO+s9vNnki7LrwaFeYzqLiP/Uo9+oJWUK0JYnc5rE7O1JI1UVCXm6Lm6zsAQReSLojRCXqS+kWP3edQaxFH7pxUcS2grTOBF/j11fR2jC1OBGT5sFvW8uTLrI1baOsI0Blm/FLqI2Y5vWr3FeVM+OikK/QfjMzleL6Q5ZM59dxtTV01dMAp4V8KQVzesJ5dhzION/bVKWc1M9J4qaHpFyJODgMLUyld4j5jcRY2E0L/uK3/CgrzYJq361VPRXTi+5ugXzGii8GEdLCJH3rm7jMfeOT/21xtB1szhJt/cfnngr+pMufWlew9qUuX7+wsdysrHfJ90Hmv6ORIS0A7sKY0Cg/Ega+i9EX0eOFCDh6AGfz5h0XFOrWWFgE8PTF0MbhqccTohRlBkF0eglzuZ0xFIaxtiCuuSL0qYL6nnyS2OAyaEK+KjLU596DH7oXmG/mDJ5nOa21NlfS5f2q2mLIi1a3cB+OlSIz7SACr0bGzraV2YkJYwcsW6FnP7WoXz8A6PiWAhietlUlEks5egA2Cbz5bKyKpLCyv72kQtetsK0x617uyFChtzznOGencOG+nrt0KaX7GGfCRmpGSrEYgCoP6K//RMeY++GlIff0wpQ+CAvAlg0H3r5ZvgiaOk/+px9PP5cMwiCycpcc0JCpHDF85en8Mkubr1Ac2apuJ13A9FCPOFOJ1kH1QtVkal5ozYYdjRxh4svzZhTNYiVDLcoh75xo4yDlMdzormPZAZwKatTbLVGo8+DVvsVHyAvxSSyTjmwVemESmevzy6khqbQ2LSThMm/wiyVH3ojOd8VEbF/Zbde2V4zUShJRoHq6DI4kPS+O0/xsHqUTOgTzG3vyYrcJMo6qnscnBRMz5oNMDYhj+oge0GVP+LrGqV/2UwCcYQfNG3PE2htDkm19mpirEt4SU7R8PwXN/KerVDmgiBwLR0m+bs+5WAKsmFfUdIH3F0WYbHcjZvkU0XzZMwzTUiNtSmWPjM7eVTGT9c2cBA2OFX1pRJ7rSRadUIJKbsXOxEAYM/JvcrfPCeyyEkP2rDpXr2aDBoEGWVSd9jelKFc7esM34XHkl+mQ7GXPtHWCoAt3D2wPsPqu1qn+ISgXvvXpelzwuUaLEUXFVZJ77xdsc3l1kqyvq61pizVJV4EDvEfmMQtRil/stJjsL5Xe7LD5DMpdO7puiaMLvT+IDLvbZlolYDHj/TFIt1GR6KnuHucMZmGB0uI8Y8q3IfIVUU/ahCJeB8WeObqT/BHX6TC5mYn9gxyJiNDZnmLKSqSrKgbgidsmPZPbRKv1e7iJWkejcZ30rOt2o+u+MpeePsJy2JESh7+axJuHRD7WEMQzr9PnVUrzXM5cdviPicrrXYmJwBNEVXl8FXkJl/5JyBGg8MmWUh3UmZ9KN87nqBYlPWj/pl0Uona5ssHEBJIo/u/VBt1Ru+IHJez2OXeAZaLJ/agxEYlg2PR3nwMHfHh6LXIXEKWI+4jl0FQjp17vd0ls6FGx9hiKiSakdYMtjHCXqkfPlr9AsSMWy0sb4mS6yqDMX2xWOmOreOikWJZt5BqdjrAVdSO7mQmmDldRTydsovPl8cF48J5YsHYCmCDKvn7sF9sbSLdYEpdV9r7Uv3K1NsMMRRxucoCM8mo+ZRYL9ON63BR+yuCvzBjrwLLJOqikXFYY7v0JdOF0ONKkrV92aU8Q+IpGMDzWvV2wieRvGEFYTGEgTPb75OL/EUTlgABnE/0yZaYnK9fE8nR4wvjDCyl0hTREzlqkzzw018bYH/dgVcuAqte+OCyzxKdpKobH20LY9wAsIXi5ui+YVSn1lOPaRnu1dd8KGq2HrLUz0IZUmOukvDZ3DlrVAOtPUa+oTamid8CGTqi+gAh7VfhRswAt2agSTIGkNGAk1IhL+nMMPYqjzs1mRYdN01/CyHSwHZNI5xBZW6lIasiQyex+0IVoiFXWel9r3vCD9cCtmS4KoNFCQdoZgYRZJHMmuFF19QTTchtMwmhmuIVOzc7a8kO21mJjLnMa2kizH5cbnqS3OK099QoQXQGDLtYZ7ywHEnnjCYoJzCW9RVx5MWRlq44oVWHFXJtk3fCU/C4A1TUQBsSrszx785qP4lP6WKrbGTi20q0dv1WD4awJtE3jhn3Ow0342u14wrHLEIFsNJOUNVxnNsQ795CF1njKoJbAUElbakzaFwEPbIGDWjKDXAsIKF6QGki6LJGHyu73Yukl9hDTmTXOZPVY+u80G6iula5gggKyHIy47pkB61mvf5rmGruVWRi+M1JuCqXySJ8YMzrrbKTIA3ZQ0gjsmmR81V2Kl45zXWWTqybutQIEllc9Wp9kfIdzFcUVrs6EehEFi14h6r95GXthR94uGlIGUjpAxn4QNG6big0kA+W5QOCl+rbPYVgMmhqD4tOQ6fjK+1ek5BJLP7Bvl5YyNXrfLCdccXqurbhcrecEoccc7H7JFJRGr8fX7Hco9gNnvUZ+ZmRaaefSmJkkKiCBUvjzkWr6bkfKnioBsiwqPbvGFRWFGxJMkLoDb2aCVk2I8fa2/0dQ7usO50i1+8FerqmroMRfNAeUnymTodDeAxPmNXdzasXQkmfaKZ7gpu+T7tQ4Zkxhz835RFUV8lzZqMncaTcv+NBEzdSYIgUVt1x2KMG5nCCgVt2dnE4R7ywQqqgqxQlZmADWIA5kKizc8r5vQMzyeVrT6aEcU/2KMQOVUoZFkxHTPIMjpzSygh5NJ8H0p/sEsgGpnMKT35cNTnSvhj7o5zc2/9Hcj0X1Gf5H+hbPpeCgL7XwhXB6zlHpAmVSPgCubL/wg+aDIYgT94hQPAnuFrxf4OPzYRmS8XUph5wTLixzC64yV29/OFLhwMw50Gy6iPhQWOKDb/BuIHCgXYsHpzT1//9HfG0ugvdsKfmDV81kyCu1wSqkKCl3QwiIKH6r/6HIN2osSffs1UrfzVvzmXlsdWfEyfY/kUVTuF9zeTww7lT2fdv/sqg963/1wz693efqn/9FLO0RzVh+zWe/pKLuq0vBbXb+bSb+XSo+fzNXwXIQ7FUbU+n2/+vva/XP//7tv868Ybh+qeRw6t1Mo/v//3f/+83/MOng/Ryn/V/5pe0+fdQTfif7veP92oTcjvg397t//RJxr9fDKOOvWG2TPYxTPJ339dmtHgipHglYRxo4Deyf/2vP+nP/azX//ls/6n53S/SR//x+s869gn9Z/n/Nf1/rPmj5wIsGm1bvesOZKErpT19Kr82YsjjtQHf/3e7ZGNX39qOOvN7v++zp9r/Vkzq++2DHU/6fN7L/83nPDZGb3vvgk/Xq6gQIbv3Gbz3JaPT8P3EcdzINOPD8uPb/N2TqOpMNc79ucqYBWJd4jfuSQ+qx6oLv+f7vzsDho8IAqH/vXO7r/f+f7v7/ysY5OHcJcO7v+4s83RoPOz6XlAZtVv3getO6h76v0/1/i/eDrL+/8/3V+STrj/6en+uet/sxsW/9/f9fUfduN3V/7LZ33wySX6CiR6T/l/eo0/IJWGUtQcU5SpHMiojIY5zRczeqHYPLv8+5n2172s1rySUHy+p/opQi/2v58l6ifXzdd+5BaswOenLxrsfPYFeodJb7X09Q4D0CH+1w/9Xz7/dx/vf9c1f+u5vzqAg+709q/n97/0t3/2NgJogga+oMTuVFcQ/cKc19LpM1kMfzj0KICjoERQJTI84cHqD1KTr0/abv3Wf1tHlC9t46SxFrpe7UUUjzuWtkBctmJBMCMQz6PGRlJv6SIRDV+EGUfIPguTak7joZ7tgeAGRcOkt0fffpu6biO/r4L8efdHtKVOIy+jdQL0BNTf4OheakVzHBCKylxzZynUjzieW2dAF1kuJyhmpQSBRDrPe2XWc2YTOU2c3hueUPJ4bVg0wxQIFRLBz2lnROicEjXw4wUOcNshmwJ+nKV2//ms22bKlu9tdVZFYQzZuYtRZj7QXa7zJLsDpEvO8oecwEgMMW8w36D3cwQxvDW1gfsaP96aM53kCl5BkiSEwIx8r7z5ZTBlyoJmZizP2PCL2c0cgci5z3HtvJGhG+n1eyExOpzafXv0vTejb+fJUtegcJc1GbT6swppJtLx0LCK42UlDYMyn1H/Nu/FrEH2mcmXgSF8WduvQC38hR45URMGj/rpryxQQAlhLK/dMyuyRSMerNz7zVQP1b/hXakBn6QT8oY/VWUi4G8hi9YpUTZN3RNSQZrTPQ1LUv8aqKN3DA9kuY4LwmCtXP724a3Y45DJGP2NSLI1qjIPLHAhjG7v5GoOD4FM4a5DELvdjgjnMPveltcMVgvL3ku1LyAYmRDgQ51dIXdX63cskYvoOhxIjTJpAT7NxXZxtAR3zAzLFCvik7RvWTxPESozHnuOYYz/fH9g0fd1bQTiRisqgHwSi9N0rs6ClkimzFKPblDo5YJmroP/OtUHMect/rZJsqOw3RGb+6XXqmlv229PIcli8O2DpSTfWqW95tNx0D50qJTyRlH0pY3I/DyTYZpI0nF8dINN8kE9FzS/TtJHlmQkwLgP8degHxmk6dsnkjoejkgYkfxbxUyzE8hbQKDO/FQwJAoXctfjFHBqxdqvYK6fR0u925wGwPUwzcTMB4seIxxVdgeBAb1HtKDP1zBPniT50IRyy8Y+qgtpGzG/kkspkZ4Vj+PUc0/uPtjjxApyx+T23adu8VMJfrvGssn/aD5+Ql/grZFBpOPrGcOfd8TH5PBsxiPODBIMlx6Rym/fNwaKO58lJ9sAMQsJjxXoIrScMsBTjvzC6UX/HotTYEmKIOecNoxwY2QyKGt8WR6k/EmVAB4GRw3uPzucjAyp9E1/ZM8bQBizAYYwv/n9Zn4uVjl5T0Q5TUgbYh9teXa4+bhTzMzYQztslL5V0TZCkCeMvl/Nm/eQ07bseTuJb7zXf85C8Tb0V6DTR9mlcpyzht2jnGgOxAECTlnzvdGVcv4+OcUFNCYLKAxA8aKAVc2OpjLhw/piEI7nY8aL0mCcRPvw4+a4Ev95qm5icOKD51ozW86LGm9GljBqaF9XN8qOlgoJAnIIJ5KogsFboI+GyRmzhT/pCw93t+zG7TyomJnOaVinOYKxRssLOHXcNRXFQFPULatq/yQ0+TBTf+1NG3ZSeufmEAu5BfvWQGeTG3YAqYnRlHltg61ibwIlv67IP7Ri5i5kS1hriDncKDwtpDTdWJaGQdGdSSOox9ZfxFhhSPY8TW+5Lr0im/jRU2wTbFXC8wqIzx7VO8FokCAUbV/GQ0mYR0PHOh875NBtShbv12M2584W5zTBpnlOOxSIX+El3/5riAJ+M/DevDfO4GSYgiMyxyD7jm6Q9zHtSzzOtaWSpWHiPKDhgeBVx1ooytBsKQOOommiKS8Elc9ol7TV9IwI8svdPx7cXCD6SGSgaEns6YFEc/3DepkHL4tWM0Qjm66TgM1ttsrpvj4WfosLVqaCDl5UxTvvpPw0B43ucfkrjM+/TjoF8w4ym7IQw/QN0ohiAX/d25Kwdpw4hkXOahKcvOVM2cfA0YlHsBDoA4UOa3JUawCS/5nv+oeo6QYBMgtXl6YXH1/rELIyvqQUvHI+2lb+jACkU0gXJUl86dD+HlfV/JgNQ6IyE/PmPG0gQXXAgF3qXm5eqKdzkOLW4I5Ps4LnAXTgfBxvLw+S5qlUS3Po1Vq4CR8HhoTN7LOHXVC1wI4aah9NwCzupigKZ29l5zuYg8P7Sbg6l081KcwRY+pxEH36r4DInUDk9X1sBI3c6woiAaJ0huIBvCQDCVymIh/hd6vtJ83weztWKlr2ZBcO0/bVKpAUGixe6TCTNoFjkWfho7f8ZH7MTEc4lswr3/ZAeZ77TF9XhsdSjCK/RfGGoZHy2kTpQUURV3yPPYpXhrNZ5yIr6UvZ3ahIwzBOX7LhNIAQrIbMFgy0t0kXkWMhXk5HrwSRDifUNe6O+xoahttHGn1BapdO46HIoqIAtguKLiaAHdYtzB1FjvwBlQH0HMfAHGkjFesjFoAUNGiFHmewoMCH/aKF42NHa3uNX+RmAwblOoL8SMJEKNtnxT1ki/NedAZIEmNGeIDo/az+Z4wgYqc9suWv6rTGNL/khPAe4PPtDE7HsVqHNZMZJnPwW3snim0mW/IGOEoC4bFD25Ve4Le4SoO4Mt90pyZObt8f7I81jxqO034p8vuY4jT36pMiRZeCM3j5V8CKfNlprUWF77RKJNa2LEdqyhGneJRMqg7QAGpavCxbGYlsJZL3DtnnMLXbes9jhvb2Itpk27N0wufEZnJR/tbP1ZgdHUYtpj6MPcLq4eh0zJoBrxiYmk+LGigSwWo2CYpNC+hOK1pSPtYiTDDfogz7KGk7ZcNAyj6vkLtsnjuwRCrO5JXnuJGgTUPzX+Y5Y9o6iWa5eU7iFZFswVqG76kqFes/9nBlqyECeUFa5jIaOpgDKrq1ubAbA5f6F5RfLDxGyuStxecWNVBmPfQEwyJcnfe9xz7RJqNUqfS/Nn+1LYFyoBuxCYVChT26Xv4EYrZV7AuJBoCQva+evijnTU1+9L2ZCJF4+dXghYA2AMiV5Dls5GD/bJTlTSL1+aRIBAntFGaeek6sdiCh8G2KUWWCtzq98ko7LHDWHKVb1mOIVOVZu+BesYe9pBwiJu+MkQe43ewlWJUPVbEOamPPaZqwfFW2MXq9pd7PSnLFu3H3WPjZ6k62e7HdXVRuyGtA0Sz9a++85/A3ZSJvOA4daczzr3FkZGah1YckCNXnmGJgQS29HOCajrUI2ugVldXJQwwx4A2vYzRjpbmznvTbwDqAzm+CNYcG+pD8fDAKh4BWlyz3yfBfF3h/Y6IWOJTD9xtC5T/Wm/lFzFutu2jFTr9GJzOwvFlcZhBRvrN0VrAlSzC+4LUZsngPvISY2In4NhSt481YCvPq7v1c/Q/S+8dLwa2V7j7iZ7o1U62J7Tf9CqAsomvmQHd84Gxn5zj5doK0jr90J5DAwJe+85s+hOS+Xqy2+Qk3AP5d8atyDvatuC9F+r4sQUbTEmiRyEeGRzDATFm1xD+MJGWPVMgRK1winBgbG0+GJo0M/HqB6huR9BtIsKi05zkzIx86Z6uOiIWjGvcuaT0yO8gLPefFT1emuqaO5vEoj4+uNJ82ZJnX6T1LFmfY++FVUFCZJeORN45M0DlpfI7rjOgtdh5QjHRkl/qG9hFwpIeJZN3bPRMpiqBVxDyPeDh6U9KHmgifs7mbPN+wzfX5oH1HDFCqJdR3vREiD4UYlmk8pP4FSisWRFOD9oiMh2KdwMr0vAuvDv7sHbDrlQki95PvQWgJltRGrBm/CVi8YWfRLBVvb/2D1Jd4kXXwGIM5jrruveJ5ViXNRE4hTFjXH7nIrm+YLWmu31cIh/uaK7g0vQb/jVjmh66Q2fDdAvqobywtI+pLsa9etaCFkobXHwMcV7X7NUnGtou6KSDChGlhmqopEo/z1neAjhssHQ7mD0cjHOYX1oy55Usvdhqw0XA7gZqFd6wcqG3R6/v5dCJHXU4NcEbOjP5SdSX0oAsTqaR3z1phYoUhANSe3Xxn+qKjIuEFWgsA4kWXB4pB4yVpHzhQUTieRhLNhscQAYTIW4DvyBCKt8Pw+a6OQm8S4qSU/T0i8wugzknkxL2anl69kTZQtdiQ5Gc51xrGepFEQf6OQ9oXp1dobvMGXrINU0RptENUngTui6TfLC0fvkQTu8Mw0b4GwuDxf5D6Y8VtLo/Naenk8ejCdxGf1nrSy/fcPecswrDWLDhHd7Q2yjy7600zs+TjL5by9vKsy8cF4s4mYZ7jCbTk4ucLeGv580tTXSfjS8EOTdHowOJOMAjRsHTrWtvhHNo8dRbEZUK/M/TsRIyStyQNKYtCEbOIkqqaxsTDJjrWwbU39SToUNyy0dHXsKrH/hoFL+bGTpd+1OQDRf3tpbrc3g5KPxCDs/SxfEoPgaGXI6zoXy97yxcizUlRxMyatLylNjoK0iK8Mzu+yQpkG+3d7Q5D44Km1Qhmy/tmQ5xVLBKpH5pHCwMQmAfQwXWiyMZcokKgPqBrB/oE+0KX1Fkb8XLmvdIUEWEKn/Otd34wuH8bKp31Lyw5ufCIsqWk9GbcYp4NmteoOF+F2DfJJ3wR/7Sqq7uOBw1T06H1p/3JqvVmQMDZL3kbMoTmiGNNhaMHljTPydZudS23JNTzr8LsZvogXRSRlfIOHqGxtGgpM3Rz8qPuowTn+FZQeUs1hpn8dD6NbmBMEcvqcKIa0tJBAR8hEEMvQZcoPiZrI0+wPXF5+U0/pmu6fh4OppFgrlwnpjjLpW6rcK1G7zEKUYRGSWRrvlKMS8i8MeH9LVo2VZnKNyuPvrGV/nwht5aYnDHJTAHWe9O/95qdztfTgZ5m+QZSZpJ71eJn+FIfVwTBxGZ8Hi4odphMCw1Obo3NHWU3G7iElE3dzj0HMn0LDM113mbNNnm9HkrsF+8vp8DtlR6oPqlMZHm0H3/Ph3o9YA1PPuH3OzGfR5tXGrmWvIW9Ia8FgSEXzSQ87Orvhgnlwxblii7kV51/sMBesze5ay0Ikr2m7QDYN3q9krcnJPurSLpUChx6Eol3OdZjcFtLaAD728Zfwog709Vity124ap8WtRAI5265QfoZtwRmF+0DksCH5T7nQj22Umqx4nn+z1SdRCrB6+Kwiy91A0gP5ZaYPnmI95Didgu1T+MS72Q1ShAfDDaaWIMv0GWLh+2HnaG0O3eMM8iw6w/yUZibuQXuaO/oq4N2A6VSeG3I8O19ewZE71hVx5LVWQIhBIcfXG6EFQ8zG81GF7O8OtrsHiyKJQFlWvkaHmfjSaoKo0QiopzWhYIUE09/HoQhEvW+Lw4qpLGlB7w1R2fX3bE82+ry21305z1xVjEtq9MJNxsBkdXHKWfr8U8HRDVREYGd+pDuX029GXxYlnOeKdQ5ZEaFDQez2hl3sJ5/yjeKervYiG7vtKSeHlr8Zuj14IO68iSHYetZCI5+wq8Q/N5FBfwHRJl8xaHcWDvF/DwTL/iT+oURJ8zRo+dJ+sbMniWCR67M8GPXHP1yrzWb6MWWy96qwle6NoGrKcMYesu9pvcwuWju7SH4aw4sOds0IlOYpQvrzU46Y55zF9wGVNxvJv7b68k7lf2/NbWlz6/wahQ8dQP6HClneAETIoZy2fy0g7ziZo7KjTD3NODW0tdUgLI2wlcH9WT2xaRMFG/tUrPbsY4BUwQmKaNBfXT1Zh4vRngudEs0bn04IEu3Hu8ziCHZZ+VXwWUyRsdu4t0oN6Y+d/YtHE8gX1MotPX8k7oJjKUQPxKVQKLIoqACtwKmrsJjpVsZsUlDnK7NHwjJ6Wate0Hel9WjgIfZDYdXEy8UhBAFaD66q6SwA7D/waUXn4KV5mqqLK+wuY0yjqdc+BlLd1Osuwwodiadmudr7fSITiOdHLPtkFZ3ISHZuMwc92mW0eUbtfoAA+mOGfAo3N+MYusvAULqygpR1AOKtaigLEZj1IRo881dIfjStxilDLkwi+/SZy9LmcvPjkH8QoQiOPhQe8YT+kGwTbNjeCLJfiNFhlTUbICcSUTiUxxPF4KlhHJ/udBkH3JnzDGOQSuyryKxbFy/OWvSo1eEGzkI9RrOn8dE2NsJrqtEiXO2QxNVjGa5FjH1i8oCfITmv2hffUPylLkRNX6Ld/DfuzetuNeiCXBXnzoweJD0moZhSVJFz7BtNRCUWXTw2UfNnCkuKrBNBXKj6+K7v1g1YY1x95WN9Jy6J+t8SHX/YOFTBtq26KhuGmi/rxb24isBH9SKm84EnZuSh86C+w+BA24gd6VlNx/7BVf6UAE7Xmr8EaqTfJQnaDs6F7+fo13ky7D0aZpeca9xTT8+D7i7kwfpMoVSmiFpgwtaTU38PfS9E/AXRXSMguIISpYKaC4sgIz3LkDAbyH9clixnMDnsH8Ky42iIox0TGYsI+gqZmLlQ0reYq7nTEXGQW6lih/jWqriHg9mgJ4ZQKG+AzhQ599JW3e5GR9QEkoq3NM46Wj4drbl5xFWrTBd1vPvxfmwS13XFFyvspYStpYdsjOXVEn9kYn+65YmHkvOSn4PPKKaBSPIDo6MC0kjIXxHYpUEXwd+E4UK4VPs+ysX0ew2ql7Z9MDKku/JCZvsn9az2KKFMQEVCAumM+YwUEav4BOX3UTWzgSE63LbGecZHnvIJCRBzmwV54krSPYWs7Y0Q2emwcpp6VOD5Clwgq86N6VfgUDpAQDN54P1oQayUwu+caDqTfTtmaCYZx3kUSwvG1MM0IYIs5AIpjIb1+OPN38ao+aAIVOWBqeHgNd3UiA9yR0btcEUpjdTPYLV/UQuTnYr9XxL7//jCKsbhxJJZKvlvbleZfAHrE3bQ/5YpgmfENoJVjSiUgNd+1WIpIvv33XdPVJJdNZsSmbm3WsykFCtGnDizWiydNZCa+B3B4zCkzyAQz/nKnMQBXZXdB7HzrG2jK/7+eCKKfvtj0HpKl53Xt7aqV8cbLTQmlP3WzPKohMQBHMl3sPsMHyMxqeKaNH4JogMvW+jgbswduJ0Dyt9MlP3PgaiAmr8CS3YR/4nhu/rphXVRlZyYQUaCjD9jUeO/bkW8ZR2VBiAwYiZGY2wweN2lEkmY+dGB5ctb6b1zHHFCrQsC6AdJYg0I1NJqaC5mLxnq5CqAiFIlI6XP0Ch376XLWKGILfdCy42BxxAb2jwBe33/bnrmVjZdy6sl2s/cA3HhrHo/qGzEtkK7MzmLb9DGE3Y6an3UKPHJrVLT8CeH9ZLg2V+CcpPplypf3iwh/8eiW864Y4ZUM3vpE63nQfwmK4JqXLkRSTJmJ+ccSk/Zx3AfNoubElUmjfpn7ejDaglztPrxbKinXnoSJkOPsglSRCIbuP3ipar4ettN++YR+S3h+eWWA7h9A0UcpTO40WKm5wgXz0jKFL/HpokbwvYxvqw8ALgl9SxblbMegmuTQTxlGNEF3Sxz9foh56zUpzxNhIMiwzAYGSwCGPK3fGSnFRfpnQh8Wo/KCSR0I0DryBNMcx54WRdw95RlmDRvTYFlIg3+jXIhkYkg4It1V+33R5FyHVORMkDQTTNPu2AY7sZrSG30uIk/xw/7qJA58qcPjGMzrswMCDlEAQDEvBT96WFaJNhlYda491RniXDNlB+dx/yCKCoMf13lLgA/0aTMoOMQETMiRtpfPHucE692/yyfcnYvavrdxMgPBWiRdWkJAD7XlHuCXDvoESuroke5u3o618uP4vrhtJ4FlO9hCAe0wldtcec5Ku0c8POLLJOAxmyh25+t7BPX4jcNdVN2wKH2r7DpPG/iVpKw1QCQAZeLQEXP8L4IveEDJ7nTbwhpm0MNp0+4geupBMrmGfsCmmc/ta5iuz+QeUvuBU6VANY4ZHURaeZb2XTx/8ijDWIFwDPJX4g4eqDNwJvDZvgzvjiQXC1pnp2WsB4tov9zdO9q3WPGbc6OIhb+Yt111HPxvG37/yg8XWWQiDvtcNtoFCo98uy8wrVGO2RwntB1dFrOLgNg6F+SiqArYb+AK10D/7Woo0+VIilWm3NWVcwNw+ijrJKS3C6FTs6HnjdmOWFlMdKLzZ81e+haYqvS0nCw1cnPC8/jNj5REqcQmW7NojoP9R4MQw/zyAId/29hupu8J8zvIUNZV1mTelFl/kGe3VQRKDdcG4Dp0lDrSDZ9+m42Q56OPOmhWDsednRuTfFGQuVdpo55vr82sxA7wXRL3N9rfSehwqXZfcEpSjH817WMD+WgMQkjKvHKWPhqz3lrmwL+Atp2vi3PbFYtyDA88MqY6ENweH9gUJAwG0UaGtA/r+cZ1FLPSyHqZSRyLqgDFMvzGu44W4JHYY37ngeJhituyfUh0Fy+necSMSeQAkaGNhgquYXBcPXbywzKIJKKzgTCvn8txy4sRv/ZHudmhtXvlinnuDPiUkCNJ85hnpK9auqTjF5dkEspEQNjZKSbo62G58Khub7Q8wAc0G/GDxTol08Z7iuggoArs5WLZ63Iv4Dw1eGlAi4cHyYPKxuCnuljwYKeNF13Hf5hUJslcTFmtCBzU6LKdW7dI/Ym8MtoO+GPTSepBrKgcgQb8nJOj17Zx1us8CUbvOSUuVqD9lIx/bir91DPVwgqYI783OFadw6Gj5tMOxaG4cij1/Ek370is8Qt/KccyMr1bHGwk9KvyKag9sV8DcdRDWaQnAwLyozx1dZGRqwHziHb7YaWwyoM3M/UTDBGgHBaZ6QJEffq/MEbBGvKxMtgUFvedN6hidsRJ9gFwIe4hflipkKAXocYGFdep9ix5r+74si5pZyB8CoI8gnu2BkOl3yYAtwVALtlSQdEzvUILaif8cO7jcy8Jgtei60nGts/Coi/HzdS8U2Zv5Kpol5Saq6AWsqGgq2ZIjAHF26NrHwAa6tS3y+jKynrP6uilM9huybi6CHUtBBx7KH4HLQWYs02K/V910nkmfV2Iuk61R/FfVeWyZ/D3VHAv9IgxlPQSm7CIoenYuchY/zUR/p3U+1vRmJcv3Qn/modDuu1QP/VaBcQhKqOaZm9jb7UZUCJDM1+bIZpUXTXZhAJLGHooFA5E8IB0hKH4zZFJ5k6QPyOXMnzFubYU28a2l7Finbso+MdHw62EFuGIlYgBalJQ91L+yBDVnddQOaN2O2rVsfp1u9iMm9bU/TfdMjKY25g0gX8P7XMD5KyHnmPVvVuMOuAoHA2BFcn3xoijQbjrtewO3WpOayzLhkh5Km13babsUp5vjQBc9tLj8wn50BZ8ztiVNTWW5rmjlxzGP4kBfif1b72haauhkxYLJ6du1C9ziL6QypivJluIFsZCaG5zFEq1r+cBtkK6KZMwPlyPh8qzEzfRDwceB6+LbsQ3F5ySrG7T3MPPjG0Uxvfky0Ii/GWe7u/cEML3ejEAVU4g6PAhm+esK7Q/d92GEL2BBqvpN0dS0bQHLrElHzZbYybwkc/rpgQZ+z68cyQ5QX9mgRz9gzTsPXNLLx3MwiP0sW9BhglAlEqMxWJAjrn3JlvBO5ayTwS6F0rH2EDJ/lawrehtWQcsVmFQ4ynKJ7vZvaHkQS37ct/3dY0S3+WAbEwtyLwAshqZIZJ+0pmdfmMuu0Fc9AKHB02/z7ek41hhVq8NHB87hPO90OGnk+UP8JVMZfEdNlm3vX7cp9djZfml6POHdg0Vi0yo7rK/MGRhwLV5iErG8KwwsvRySA+Uy2buB71IEWeUkb1JzZqmai67dp56c3vTt6h0p3CryhxWVDlDnVxQtbOsA2lzN3jyTeB3KaqPjeRHhv5kTXyyc4O+teVVFiraZhFHg7XHgkOev/P9Yvj4i8bQHrqaKEsWUw4esKHEuq4fMipSG3pULh/ebF2oGRfiXmR907klp73YgIrFKv8FL8JssK2xqmVRbf0kNQmDGFpK+VBpEeKD8AqDm2HgknmaZiZg9E+T2Ey8hX49O2HElJrcDr1W0oVJE4seP1RLl/gJoig2uiFhdCah6BF6g7NnxD8RYb17BN/1ANGYRVEjyX9bXEdR7rThGV4XvXisRxFVxD5SCXZD59NiuAyqAv2eq9XeQuvZadiF+Xwzeq4bGthJ0Rx/U7zB7M5ZSaRAiv1H2YO1SHsvba19TCQNd9muEZObs9uB5yP4SIg3V5YktdLN/cOw1anLuuiOhBvP4M4Et/MfEnxbcYur0fkX5F4aRJWtz5ddosxDujBPxG2WUF0ivkw+AT1NN1YGoq55evgT42DRJdU0s+FaFx25/Lgl4/8pyuXVjwEZfPpsZxEfjiVFpCLhAaWIgs16Xx+sMneNNmDdvwSejULJqTWw0PwzaLUZ2+CpoezGrkT5Lg+4Q2DXxCwItEbSLpMam46bEDHWWVUigFuItyQXcJ+w+k7IbMG893fBOcVxGBpguNVHTARsvn/7EdIc4TjAz8w5LMcap9EoKXHZk5nMp5TLMbUnhaM5vjHUfS9IiG3MiaQ5eEEjYL5jIozdlAXRwHe753QaTtneECufIH1/TF9izYJyK4RS9kQkFhil9CGx7t4Qbl02Zow8vAjNf24fS1Af+Aa3d76Jf7Pm1InZ7kJ3XnOUrH79CitNXoLN7yiuLwkQkAw0g38zCqXRGJbD9XkLhJFB5rZ8eUpEZrn/407X1gZXXm9ik3vCRzqVNy0JnFxE8CBZHqqtqa54Fuj/Q/sICR8C5RfXlFqkGc66UHqGFgaajP6zl0vQW3CSN+7xHxhQDbwST1rEoVlUNoG4mOoIjRwVdcb3jMb8WGY7vs2UUvedIetHEG6OpJZaYHQFje4GszPSdjVIAnQLY3XIwMnndr33H5E+QVD/HoKJ9c/XrNywNW6Gw/BiNS66+QnBHYg/nHTHcGTwEEuD8+EvwMPUh84t5z1V6dOULYNlTcoVdyyJxBG/zK1j6MZ6x7aowsfMPbfULlmYEXepo23xAWsSOvr9xtpah1jyyyRn2nN7RVUR5vRLeKJS/WmwLFmFwnj6oSLxp8Y4eEX++P4XtVGUU3EOHHVC2zt1A35vCyupfe6nmDcSLDES6QXPxgNymlGe9Jgp0El3B5a7G/9a9zpy+UZoF3rSm9VpXhivUyDo2GsCq3BpT6aBstGR1xV0avQRL+glnZnQxgnljXEX7QLEMyAtmuwR9YR2CL69Dl0SXSTCyfV0XvC+75wixgKSRDFbWB7mpCs1QRJ7OUkEIhl/wVOzERNN7NH3nF0TtOJmf+BsfdH2sDB3me8P0GQd0DBFjMooA/BqZ9zvX7oHQbMz4Ii6U5SpvCng12l+w00M5GeQSPQQQwbSKKxgV2YtE07ubyKDs16sIRkkecTc8wV6LAgGaaxsnfTYRh15N67hz4clQhJWoAnUDKu+EWYq7Xs3kXpwvqH3vxbTaZZ0/BlUnVsra2a/c0zWPI6HF7KNPh+2KeemBgPeeS9tLszyfBcJZirpYs/lXbvvt0mFFsyqcJD161Eq1uxBqBPdq3gdGvElEE3+utb1PgEEezXhKb4DvRI4tg/rUuunS3pfDYXrEBcrgiQYaSUGVbQ8/YWzXedPmj0rynHU1czynbFIHQZiVp7Zup3HQF5sNO4EkizPH5hW3fEWYQMQCjfgKAXeKVfSQqraWwkahM2nfsK6gcavaHxVaY3PBX/GB1F50Hr86wwjuAWLUCd75AUaE5LBe7oYtbBMVwGX761bRe2HlPiJDh6N2I319/a2sWaiaOhFPYOuAlQYNIXslMtspbXK/bZR1QwGJcMBe1kNieKJaSOmE/CRVAcPgYV2BxhMc0XH/UVdjUOD2zQBhWX8thG8i71Gx5A9fntj1OIQrF9XVQCHWCh02unN5StIXafEfwLRGOt30nKDHoQbanc7yCcrT8GhV1NP07AGElGpxkfX+stQsjolpdvTlDfyGZlHqQjmMaPoLtNPBYJUpugQsSpefs/OFjZLZUwp6DDYlTf7CZ6/hHeDDwbJQ2s+EOBcDTQRvba5zWNUibJODH1LRHrZGXvPzD2oiTPdJDjZRNwgsyZL7dZHeOnI5TCeDee8iEVWTslgPXtTJhdPA6AIRGA2qVBVq5rChhx0e0wE0h0LHN/c/lH9/pxtjKAyyfbh5iyjXtO2ueAni/RvOsAXMN44ItzeyOrObD1BSS1W3ztmS4ikIizzhINa1N5gzIZz4FsL1UMRWmJdMcLxKgxx2/LqTWDUqYz624mMIWkPJBKP523NIX5VIa76Nf0XZ69UEwQ1NwWuva8BFgQ2L10w+dcM0y30chvc7XBBqoicxCt+FRJp2Vm3tgybUi/3UtbmNqOGd+W55c2HP1gg8bQn6xZ3yf/N0FduuI0Hya2YvhqUYLSZrJ7aY8etHdV/P9KbPI19ZVZkZEUlA4XBBEraalKsGslid29E3SN2CT35/fXsnPu75mP9NKKz0D1dEfeny31pwT2o9RXFp+EAFK8MGJxog2G+OMtjuU3m9uZZhhEtTGVmBIOQzE0uQjzne5gNTOLNxG1QpLPbSgfwJEW7CkcAtfyDyfwUDr1Pzb/ZaGiFc5UubPX5/a5alSN4E4Liq7Ht1q/Z06fF184gwqTNuj5DoKsaJX7enuR40BsR9h6lF/hagiuVkPLIWh6D4F/5i5tNRiLE1j2FrMekxPkdOXB0YNTWD731x7PDooR0qgYrkNYA8QHYPYJJ+w5X/0FcUpAzgWpZuKyB0A/UCqxKRDSHnAu63mTjwP4BnnL5xDrGmbremgUsQ1egzRFalV5RiA0eMCbxmnKpYrZhAl2xtGn5F0cO8rKeHn+wqLWPeCbwH/fagAT5TZ9rt14yMecriZxg3gaLu2YtxRumnU5tP0Wk+9qb1VpQceJJouEJuU2FBZf2fckeAau3mWA6dyWfyV6tF4MSfGyiM6XNbdJYyMsecQx7NhL/YEXRmWvTg1I8CVSfqH7bQixNcGj2fiNC+nVoodnaw1HYFuLeuu3SJOu89Krn+ZHZAcntAEJFRfjLP1poiEGnfFSOZCybVVVfKshmpx3kD9xlCywWm/xFdrMD68P2c4Vrk8FOZTJfAL3PwJ1zC8ZNSbSTcw2tppWxulCdqKuhz2WkD2KCwbvTNzL2nX+BZDU3HPQInfkkngJO8bYDuLHuVtbC6WDLN7OhOvAbPlpbIzUzIP7ee4bIB5yyunHmVsFZGqo49eS0uU1wVf0lopY05i5XfvJsc143VgP6pHPrI0RmGwX8byQshqKSLx5DdPpzYH5YJAUoj+jwpsSF7TY2jrgWzkvshwQMLhx4BNQ+6HQbsB9ssHAUvbWVcmb3VCGMV8Nh6ZHb3pjcNYS/9yV0SVSKpT96diudSD02h/vw4A3CIJhorvH2q5mPlw0VZMN1T/eUr2ATQEUWKVZCNnL7S8EvbKmBxUvnse1V5KzPc2gsaCqdgny/EvBYFbrPEzfDfM+zlbTa+s2XYS8bKvwJeL6jCcgcx2grYF4JJvE1fNssqCb3HL8T+1b/J9q6/RVAUq/no2gOYeBGratYaj5/fACIv0ruYtOEbm1L1JaL17HyxSWG5PmYrIKUoKmFYO9TxoL/h7sm+HMD75GcA857ju+HpD6+drB+SG8KomqtgFSsG0Hv9V4YuUdbPvrFxMnRXIn4OciJM9r1HaVTnXnmfWEC51JG66tsKGXB7CervSlKZU9rHDB/J7O/JYkI4IucFZl+RIzzw18QfvX2taWETGpjY5YvuGcRiBkZwDTefEAJuQX9TOAFCKDpH/IJ6qiv8DlpcGtXvxTHfKKpIjXcUmJtPaevHkkSTY7CwAKK5zCGsp5Ssvf8IAFc/QThfTueYL7WVFaCe56H6+ieZjQm+gC4Z4IAc8jnxGTsH9nKXmG9R91NkEsFAJ2MWZ+iDWZ+OQZTxiJ+ZHtq+v/+WPdnSFPC9Y1VoXyxGSLvg5cJ1j7GkVHjbk+aiaXxaHiZwRAMFiTbrIh+2JFvV753fRCbuUJfnWurxV2TmGsaVOBuj2VvrGgsfcJOyl4hQzUBjcFAj5jmWTNLOBoX6be9GiyKAbJHtrB8+GGuVi6xzDr5C6gtagpH5A9ILiI8KLhzF6Ue0Z/MQFh1FUAgQtAJEHDQ2HCqAS1H/IFNFmNqWrE0zH6E4XACz/1T+8DKN4ERqlaHtGkL7El4eN2aFZ3joISAyb913X0fKGzsr9mBY3jMgX1oZ1Vek86YbJh9o/IMcTLXPkO+nt4Tuh0E31siBQTakVnclfSwToVapZblQ8lJcr0PKtnEqKQzL/ociKUl9rSFPeTwAX6qioLX6M0RIQbYevjvBY88WQsXVFl0GSsYXqvH1+VSfAwKREHY3t0J4hgk/Pt5kcvWUW/Z3XJVk9namll6wtBaOXGd/5y/FAzoiirZQXWEXeMowUlV3lg9wKI1UsRrejaPixh2dftPub4zREbDwr1Lp6vxGVJOPyCY4hfETKrjqbtEINFQu9vqncJPQ5qeIKy4MuARtA+SpMHtYKNsZarxZhCIOx466t6PvdrvcGTu1ipoGx4hhKnhDF2LhHL0iPt+JoSeT04Hvli55EQT92HgSg77RcAfngHEtj3BWzSJMSljmAMLZh68pzB0A8VbaSIZMnciNlb7xLdy2OpibRmLS+CjbYouCQfskdFxj33btO4dm+jNHmWjRKxU+1f+GAhTGIs52f32YiBDqMfu6duEVw84WQXMKrr8cEjmRfvyM4qNggRrWW3w72p5S5CXaA6cxIvOG5zL5EfKfVFijBSQR1jZfX5XxqoRmslpVi0QLASMFuoudR5S8Nufom3ovTDZFFVyWegGqhe6HtqJ0UxoowAZpK1BmptAFeckbCjQ/cb+82zB1JjHzikv0HVhQlVmUXVeUr5FTAKET9csxcZnxogpkT7XzuyZh3VO+09obIWcAmE/9A8EMcvb7l0b4gToPrn1KF/9YGK5+ypIiKJBgMomIlOQHy6cHfa8ZlB5BmQdAfXxNPzcef0nrI8dwxIJWBgxxQNvI6lCyPuNrzXG8SMvkARBq2Nz76G0WFMftCdzPuNFrQApjY2mFiTU54D2MfgGA7vM6BGpdv04+hsOmNAyzKIh8DmZt/jTg5M07DmE+7BMCaVG5XSZUbW/imdYN9l1JyOj1kFIRFdi7NifJ/BGl+itrp9KKYf4jfX/YDSQA0+X31xbGyZaIud783YBL1ee/adJfIHMFKjxEg1qalPfRQ1ONVU6XvB/1Zf+JWGKthNuCuMWW6rJ0V7JNU1RaZO36cDZ3lxUN2pzScPoJ/D2Kmr/Cl86aNr9/PZAVBmtiRPLX5z5RTMxEStmTXoT50uPw1wSA0PXw3hMG+hWySnGoFMWUzVnnBIQgv/PgZ6mS4Nh1tcUDYZ0VQzUDx+4iXp0E3PhbziYQetGhQIxhjdmgp1/uv78JHwheQOQGuZD1BfvmRuhBLaQhvACRt8X8PGTVvpfEiZb6lJkJYI1FyLcmngJb/SWxqnOtenXP5CWMIdQeb9am+WdXEVQAvR1cdi8x8QMbZssULhujCi3p1M34gwR3vxxmA1L/TdeWcEKgRDzTU4tfXegOneAzuJtgbTxi2y0PYlJ+vhrVfHCM7oz8GxTrG6paGy2ztm2xnPRqRoQiei9e5w6CJzqXrnkvV5lzf/Dws3mPUumzSaBpLD0xbthST509Sbyo9fzqqX5k2j3Ff73YwQ02ViomN336m7k50ilHfq+GJ5ZSqCEhnEN8HPBV7NG4w/ooE3piEH7Qhiua15Sw1w6u+lS8t9CcJ+zgLx0jonx8SRQtZD/+tp05Bu+BWs2TjnOHwzAjJ4i0fEnz97fBxvXnoFgXtyR+Uhp8ofcQ3P7iMwvOsBW/ovxDn+Bd/sa+dqRYaeoN3poNpAUbqvsVKwFjIb588TS21YfRXWKatbzmWiJa/cI6DGPFCTo3kGc6JjiIdDY8dcJdfzWCPonJSTO9lrvHoDaEKntlcYwEej8+lHxGSMjvQhtgk64pwQJFfKWamjKs+BrqaVQ8ijIO9ckjeUxJCmepSWy26gFoFpsj4609Wy7N/brbyPwzR3FD0shGQcbh84gjGZW3+m09XxztL2fx2GKoY0I0Uxn1kd98Zoj+7XhwiJnr0KK9/rGR/j81VGZGRdSrr3+jt9SWTsf1tpL5Cje8Ud2/3VgiprOx8nBvC1kOeAAVZGlocMh2dN/vzzCAmvMRurIqzSav8utHjJV1s+P+0c15AfmVxP5Mz2N8IL3ig2ow/MxGZaozGQsyk9d9BT7Q8dSIpD8kWynyzuHIR/7wnwFK5egpbtdNd5564uuPOWfKo+6VWxlA0hRTcUZp7fBKVYG9fctdu10kn5fsixCSdSIXecgCs0r3VlrEtHpaJG1feOuOmKBqU7MmKYMOv99GQj+mikMTTiBeVNf6EbMtfyOT6AopolhGgKEDAPOs9MANSOOwAy7T1ujNf3l6hvj9zTu/J+7YxW9uIRDrQF9H/sqth6Lu3/D+RXbegymhMl98pnjRw0t6Dx7OpD+VPwfubYt5wdt+vlDRiB4XYkondSEOjuJHdy6I3ucg0v7GMYtid0V/6LMqVGyax3ibV4ukQT3dl/El+Pf5qVoMqWFC5tyInBCKND1noPA6h3Bjj3N/6t58QrVAHJ+ejcqvlVi2bv5m9ZeGfv+83+/RNPPBP+JOTmjMiWDpt6jlMj2U/IK53zkyRdJCzuRv5jXwX0B2e7if7i7JX0uT+OMZR8A8ksspsaJMRHpukyMSXsKxBHt2CDIz/Usl60ibeGHXsY5lH/tIuDkoUPQF+GjbSqHVAZGA9kC+KfAa2feX54UlNrd19d/ciHwjngf7jfkhgS4T7UOwf70gXEE7Vy+p06cer0+Kt23VBsDbsiK2PGf3jb6/gQ0M7jA31xz05lYvYYyQgvDyTsJtiNUxg7bjCVF0XWa+G6BnWwewyQtFp8/zXgDtGSCyTGEPeEJSagpjhee9hCorP3LHKaekmtzENJnDKr+EpuLuojy/JlqXPBOIiY3d8GhFNZx7R0uE+2rYwuPn4slX0/jVXVy0eNnVWiVg3B/L+R8wo/Ex1K/oO7AV9RZBJvo3jatb++Mk0BEt5+qq31rzR4Am9AJzo/bn5tncHCe+L6UadlWfkrJDE5gkYsRcn+2QgJCX5NJij/JRLAxDTYozNlmiQr7qJm0S83XkctWhhGgOCC+a/fa6GW+/Pz5YWvSJlE4x4n+Ov0QodXvTrzDkEU+0AaCjegigXe+WTMK6kd9iMnZ09/0v46qgJBhMFNCu2YBS0hBqN5LccBsFrsblYsEgfAM1d2DL78svp6QLkQDHsr9BmkWbHtsvPrBDtNyRPaAG8k49j8SZjigFbFtaFdLivqWDUoOx5FOi6vc2I4dHvBy6P0zRYI5L9E++LKOfJLn7PCcfOPy13OgS28nbXJ6JRvSyaMJ125eeab43lvzmutKo6X/r/xh6KXgbPn/zGvCQoPZrl+vDUJHS2bX2whR56gF/+8V8N6HTkU4CCz5ScJgmEoKvoeEwdCRnF4hUD8jr4Ah9QjrzcTJ0i/mts//1CwQmCTbK/U03KG9DomS3TXg3gUUClkfZngNGayN6zHn1ekhMnlWOqdSpm/C6jYvvjbtsmYKB5X/kf9Q17lPN5D7gWAtbgcqQH9XRH9h7duDh+Cz350oQFwhffYamGnFx1dtY4KGF2taOtxsnJX0cvjLvoSlrpCdMUDy5yuYQH+MBFr+K4FZiF4EVxN843TrRh93hHWMF7K52+UD+/Yov28xbJ1zzTOdenO7hyWNVbTLdiGMI5AKBDqQ/GZmggaeElh6tj3CpK7XXvclro8WnB+CEVpst7BVqbsHkexyo09KG/CBGMV9XJFE0BE6haZLBF+qkg4AY/1c1QNhegrRhnJuQZBt0nBbkeYwnah392lM1mHIrvkFU0d/LM13TchoU5tdGt54dTFmHZxPNR2g5dFqZEUG/7F8XJmDeO9wgARwwoEpRh40DU1q4WDT11+SnpNrrKu+P+ZhaJixVsBk9brwQqdGl2jvGMY1YlVzs3PxcTaYk58DYWNBM8ZVrKG8k1wHdn/4ztD0dJbvvoNjK21kp2i8pRNm94uW0Ex7fxn7tekT7HVNcCK86Ynh0/brKoHQYOvsrI3sZ6Wxp5KEciVu81ogqSa58Du40wr+135lUadHnwwApeE4Aag3YRTMDWn4SeDQ/NU6QXE8i94BcGLmxSbOSuJa6sQndwa7tOIFc6Jcvket2ukuHxYy0FdL2AAtyrgn5KfsNfBX/t/zs6xxl6f8e6GBOxjZfSnEBjjFMLz+Lbi+D1r52cYW6TCi2H09f/DAfyA0gje5vc+KadkgRBgBURPMz+RTT6F9C5ZZe8hYY3jiL9cY1PJIPmScjK5cQbkYt1r0+3o2zFVgXGDEoqtg6Wr2ewk+XCkHj21DVx1WZeG3sz/HxbFOWZlWZp5i2G5TokOPPK2LwBFG9kHTXVNhByw39eexi8xFUt6as8t165YlloMzD5fh4Zl8K/AN8FcGhh9LxlTgG/rC51LHPZkoOa+iifub3eLv48Jd5kfWww2haUCl3YZVUCM8SH2iT2KR9XRse7MHis05bUi+IM4Rd0y/gZ1gIHbDtoR4j9QRdzfpDVa4Ng5tD70qdZglV7+DpK61+4ud6li+/ZGd51aYs052m2jw1KuT6D19+hVyMdVzVfl1/DF8/6Io58SF57y/tWHPybyKR/XIu5+vFnWBhiSxYEZa0HcO2E7tbJ1MaQLKH8zbpRgHJ2MYhm57/fVhhN+LDdkJniwwb9kAMz7UvXFYN7+/XzzjCaIcl7RubuJYXpQnoULz/GP56PQ5ixNsjEt/vkUWFS4opqAssFgCq2PtLixsotljz82/WTjHTPmYQExOTBX0rq1S3Xfvbr52oZEoNyd/xBFwSfR1vtdCWzOzm1vEFtn8WqF+jB9bqLmdTVqapxiygkpO1+CWelYSY7DtJ4zPq3oNSlOmgfXP08sr8Rnwy2iy619rs9uTlswgVWuvB3T+Z9vKmuO8bGjFkPgVFxxZJ8vihhNekPUwuVOa/ubx9/1xw7BoWPLC19kIs49quL4pH1AQL50vFh3mn/eSHrvfXITc101vDoaGg75PjimYo+Gn7XwImpDkG9nVcUXpKKb5pB/xV68BTtRVZzK4ex/fmKt6Inpz1G163WSBguOKkaRraRCbDMyIzozmjeo+zMcwTNY58N0/Qe/tik5+TSsRJ4IWLziIqy8tmqDNN3hBXcilxQJHoW1+ua77qvAtEGzofmZlH/dB3oYd7mEMiV2LMC/fFycatkOnTjcLYJbmXPuWBoJk3wUMvyFzsP1+fVCzd9L45JxCz5io8ZnlsO1F1p7TkYQCboL5ZhrybZj56QJjAoLHX9P4NHHsBDb9xJeOriKggho0JTt1VKUkvZUrG4HnrjEGhPauqn4cg2why4FOzX0oE3JU7sSirMTz8Am0pbl18Y1E4is8e+hk+gIlyYB+Zk9BccwRq2XpCKcc/ErwYXiAepGey4QoXRfiqOhj4JCI3dyiIqACvK8DNqEEtC/ImLHXlAzK0Zfg5XlxssMOARxynOraCaca4/JlK/HzWFlCiD+EKL2v+DbladA2X9K6/8ehf4dD2Qv8QqCy4e4C6Cymvvy/ZPf7S5O3BjkLEfk+C64D0M+6FyJr6oXIczf8pFIzhbYEqaTZxSpemVVfIlriQFthlgIkatugjiwxN6xjTfwP1a1I4JhfWFyedhZRMu0dxxS9ls3bM5TkehPVKo4n4m6qPNAoKLMPPPejQy2kBElzghvMhMeN8jrY+hx41qCxdzZBZZMiB7cvsl9OKQuh+tFTqmv5lS1lnC8pNrREnofJXGpWYrrI/bFf2BhcQ/IVZjMyynlVHO5X2/pXBHGgbIGd45sv+JP0kEaUKkJaY71OHa/xPRRsps2/9yKGU+nOFDKGUr43oZZ4Z3ovEIbRHieKTl2xFU/6GAx/Dy++11Ew6b/Ofur6sq//Q6FPookuud2B8od4pRGcD8pp7fcqzPRu/u0uXKX7H+CMEcYRz6Mvaa/eJnRFGCvwRkfoCuQ7c/rzu6NRg+CsxZbGC85yLpIcUL38Je0OA6yCi2Eb9HKGChVUFtyK8PY+bxo+qosLUycdMFcOCil1ORIVeEceWcewP91DTo1Kk1lov4tGMFh2k4CRwY+2eJQ0HTTGb4qtHpfAEN1g7QkI/fV3kXaGKGVbLyTzxTr+GNpQ+K85EW7qdAFM8wHAqS7s7JlKarrJECWa9xbjX2In+ZBT1Vy7p9LTBooNBwhqU98Q53o33Cf9G6pEqE74vZrgH5X4GW4CEmsYcIy0UfJ8AynRfzqvkBef2i5/Uru8Ks7kU7iPCroLhWUvuhxDVtrOr+YUhxciAzBwUbX9ddxmI94BgHu1t8lTUMXhu3UJlZXugDrv1MW6a+oaFwbTxuU2ng0OC3qCe/6Uh1JIWwTvwBAkOW7RdVeTMDmD7HgrVbm62728H4BftumOlGHyzs/fUtFrl0OfKkBfzRX+rkBpfkkZVRrfDNCfm0IrKutupP8JJ2tgJN5MkakZTQbcwi/rj7rP4XCFKiTkFP8ofnwIKLpco5GPodGqI/Qk6kwzw8Nonf0ZveVwyYNUgP6Vo8KeoqCas0i/AXEZYytNn0Mmq9RuzraOT25uRi52jeuQv32MfQBG19BvojXpExBLfGXjmkpnVqARxOCRgwISSEqKzc75Nkb0St0+2PFJhyU1O+VTlpiwIAd9O1r92mg5qFU8uxCnR4mnH7M6xF2drGQUEuWwfpVUZdMVmTw9f3FDafhpdPgb6k3TNcFvR5SQ1Ntpe0fvK7mxifDn6Mi0oY1xlfYx2kASJC2pQ/K37/+6Z1OK4L7fQAJoDPXEbMOJACtshzwV6//TUl+Pkv19n/cQ2BkpJ7Hmt/mhM2mKghDu1r68aHFymPbuKhAS12AiDTinXEskOv+Ce2kvLWGtZFc9oDhJQ+CcO/f07Uy2aNL7UVz51dXkFmw1LS3K/nwHzer1F34j1F9pOFm9+wOdwQ7dCw+ZXajgPZe7lQv0QHsai5N6ppETQLQk3OtX9XJeoGNymmK/bv3bPPliKHJUQJHNgplvx12g28vBrkne/KTaCMOXPwS8sLtaJYnaITfYDZWx9Bm9p+DLJKJ4KImgpJhMfo3xBk9Rs6UWdg3eS0QC4kI06yJHMEjJywzUaH2BKKaT4MsZQ/DKxT0/8lbj9ErSSnP3UUXtO0ziACxlG/M9q1opu8P1Up9XctLYY6MT4+u2fxVipUhuRvuNSGYtQFYTf4d68v6vtgyPTudnlz9L35ASKH7RDWqQm8ZwKiHqkUkgtk1ITvG98ir7w272d8yQR1/Ba/11JK0seyVyJksBSNSTvK+V3MQstFEqBD6DiKHfgT8XTwigjKlHGQtuWBI2iEO0KhNzykfrMO+AiIFOAbVIQZWVx1UCDQqo0i5Gm9r88axuncCyMLYoNhLf0YWT134iSshggnQtexyhIyDWhlzNWONDJEkyh8erHWTzPcd0fRzXiRzfCL2z7S++cDeYVJdRHqFBaUU5Ds8gMN9kuc8u3Tx5CaIWumYrp7/X7jEfuMlTJ04eFwJgv8olU4dXKw3WC9QxfufgDnB0xZzycmns7wvheVGcJIR8nzJp0jEcqZtsl0ZQqb1KZ/2NCvIn4PAg+djqj0ESHJ5WEOUmT+h4iJLEUU3FuI8ochS5dAsQS8Ny1NwQD1O0YJokXKcm9fgcQafCLn2gjh/RTx1/srAt38CiO6BTagb2yUbV5n0r7yOQHR6KwP1yZ/IZWCm6Z9mhhiPWqMgUabukRlydOLM0aNKfs4pKe21dVcOHbk8cIwh6vA1P62ks3kIBg/1r3gHYF15T4vXK6BYHN9Z5bzxSRfkAASHosfb1THo36dY6Jslz4uWat+9cVITnf9+9GD8DLSOMIgXnX3++2xRS6vOT//d2OsIfA1uJmOKQBLr4uASMJSW0QQ+tTlqfcsfs19F7AYW+k4m/w7t0/z5M3Ia/jrjDNRT1JCXeoZ9p9d9uuU5Xq/jZFCvM8MxlKECg01MTPMTJgsIpUubZfa3vjma4Mc2LDMk3z2UqvR0/8SAf3aPcKqqX60eT7lyioWcKdb7wg+ht7ZnSDlZSyW0UbqAnpSCPK/6AobAp1cNoAxf3VaEUA//U8vejxRT6i/tffQ5TCLOmCy1UcA4QUyglLu5xx/wpBPD/2RlymhL7qOqyfei4mDdHNDq6xs2RvPBc7kQm077dVF2/72RrWtZrfFrwHuJuOKJE6PU8LUkIvE2IjfwQJ+h8itYkD7hXXfwnEeD2uusZ/P45AWMsbOQqc9RKLkvfYIk6doHOM0EA147xCTBH0QHsCBc0jiX/rqXNJAcMoBuYn2sEZ2uUNxDlY547jUme+krp9u+nX2ZOkhpWia9kQtbWTxQVJdIdLv6wYXapz/CG6iKpSx3poGREhsHi2YvyPbtHn30oVTEJdJH4CMhkHlyPwuDdQdb9rcXqMkGD7wovPoggpBDy+PCZdtQ04XSgFhWKZtYNE3fmFFpF6uZlgu0MGdnuxUNu37jX2CLMu9XAHuFmHgv6k5BB2uuobiDIofjd3j2hFIRQceL73Bz0boqo9+p4avc9D1DR91KgYDMg+CKpulUX8tH2T6L/X1ASxjN3R1xztW91kvdT6bL3PSR2UNgNjur83Di6MlSXYoyCyirysFL5UitymGtNEhw39hS9QIz8jCs16SrK++BTgX6yhQn094JQ5gr/S+AoqRbEAMCI05y3vUqWdJF5yn7RBwe+ClziTH6SyE+6L/BV9PwaGHxZ+9BYMoqdub1TgNykMFAafQle/biYxf6CCRmZGWxf2u3aGlOohRbwWu6ZKFpbCcS8niNOuMvGp5i5BzvI+9tmPsXQ5Q0zZlunet3N0/Xf9lL/2DnrqIqdoGucPB4m38aJ87M9S0D1CByndlXVp/zV422rs/+0Z429GXV4IP9ydkT26z64BsKsuCzR09GNjhRwm8xcVpEKdz4dxAAZA2v3+VwhwcuhWf6oPYbBjWadWKdUbKnz29ZTpIg1SpRul1F70/m6h58Zl3gw/cKGKAUIM4Q2pE/pG2AQMPBZJqGKD+aNeuygG9efMOwZ1R876GbHNNV4Cnjt3B3GOyDEvp0fSd3vBMPX+7h1Oq1nRStIkR9rKWJH3u7V2SLFUwuGWFiOMHHTawfYXmh9NnOOkQszPHKkqudsV6qzo756v4I239muH9sp2B/hpojZejTXTe1w0ROpJWd2Z61phE1Jmv9wlTIOq4hh1Dj9+olF28n9wTnM8VX2Kn9LMk0IDlr44xPbziEcYob7QfvpcscNKfllM3pc5+sg2cfvtRlWIvzyU1SVCUsz4frFKzN+40qV1sKyTRyxj5h8CNrv4bvBu9A0Dj4xiSx2JDl1PHTLsHIOOukKJHpEWNG9P33KZH4KTdaDwe0KbsDnGtR2XLD2zH31Iz8BgK/yL+5qmhXXiux01L/45Fw3dq46TvaExsNK/Inv5WMrWB+4py7XiUneBEQ0FxhahNNBME7f1Yz95q6vOYBzNfc19M0UL7AhHEKOS+bvKZfEioFMR1xfz52WWbTJD8NpT7+ivnKVndy+Eudm/WiD/7lG7n1JrROQAIZdtFL4EOIJKfrXxox0niuEWEtk1S9Nd0ktMDbvvT/1J49Xv/SW2jG2r6+4UoDSqPKRkkfuTBSpoMhz3/isI1dC3mXoicNQbJeljq7e0B4QZV7L7NxS9Jg1W+ohYHu+joJ3splPqgyZEqk3dKFCfiPlx5LCEAwye35B4feL3zM//Nptn7Bqp8TA3mfhhs9glZWbmdj4XKZ1z7NoQaQknH3YR7ZLcVjR4XnsWpTBwRYgPZgGgiu6utUm/QXvyX6td9Rs1sU2VNFgNsjHdy3DuTyp2YHYfiNm1r6oDTG+Zey1PCQVzl1RvnJBuorlN5jkTPq65l3zqg6cm8VlTNWaiZsbcn8NgFl8/tURV20U8La7kOjDd4HZQeVtL7LxpdFJnpI6LnZKzS6IGsuqwryznB1En3X3nP1oAicgT+psJsspgxiCL5Lc7n1qJ36IzSOqlG4MZlq0VwG0W+MZCkqdAX5f+GZGMDmBnQOH3kbNnldebNJZQ4tAvQUMq9ATGlxyco7a+/U/tKGectoz64sLqdJG5JHeIjbVapP1zBhA2XwkqDfad5hncj5fS0d7FiTnjY6fyt26R7OxKEvBHB/DAPa+d9Awuyv4qGzraDaw+jG+S2lUF7wV19haQPqQfcFXiLWB4YoZn/frFgt6TIAJ6gZrW3wbV4UjRdJzQTMAKeDQIjCOF759IOdcWzsvoyIX/C5sW1xR29Gr7sDgSfoqT3FRR+WicSwiiuorh/lH3GrTPaC0PjhbZ3kBaIDR5QAsznl/Gu3lYxT3XOTkKHkDEU0zZdGjbfZlUBzFxmi3oUkooiEeEQOWU83OhTbCisjs+kdO8/7qGNC6xMvaOxXYzLWezr67H2pCRz3EH4b4d5ziarTIgYhZqRoaKFUOrt6/f6qUK0iSP5Xh0znuenweCbhZUyqXRS6JKoFTBZw3xacV7vpjJMWct3TjFJE4HLgRdvqR9+7sJA0gHEIhk+bX0wo3OmmTq38B+5UZFqXFPn59Aim5hBjA2h2qiM9TtI3x+a/tZisbEcN2Lsfzct5ow2vcdtYKAYFAxOXMeIs/QGavzC19fB5n1tqRlpEFr1T0EsK89gOFu7AcnSaPng65m3v4fsPSX2sD70BnOnUPaIh1OnlVYb9pngXODryApTDAR/eOF1VKzBY/ag5v7SufH8rKQtNIEAAXlbVvtP0uK8WJrwJKbEkBFFdzAlhARG8vhkS8JwdfI5JaT6GMEZoEidfTL/9MCOL58dMKD1gdPsdqdN6jS5g4pP/q2s04auZCVLSvEBYVDMBLIHLqh4jAvV7kYxnoowR/nhQY8shw5SdDm9NaR+fnBzXJ+aOv90W14AHflSMOvC0e9/MKo+nnD24ccuK39xVoPxsWzu35fup5yK03kBkFqlIb/oaue+VQNQZ3bZ74F3/UpxxDhOZes9P4tjV/yxLR/75dvCOSP5BkYqjGGP/nzshQYP7ZGxuutdK7fDEV8qSTVpF93X8Its79vsdQHM0mNbZdBsRwbbN8GsTmTmQibILF+zCxugh3n/OthxI6VkzOY+hRkN2QfLMvW/b4Iww3/NWGvuZCBInSs71UMn/uvWTUXtcO+9/7iY16O+oeI8sS0YPtmnAZpB4dMJi362apsR1tgQfJIIMnfXODOZZIW8gpeYSPHly0jggBrMxoQCm6bhwEUEEaiMPAWW9xsgYLdQuMGMq0GELqFlTU5O+oBvFwaf2i3xtTPWmxpxU39tq2jOhtJaHYNXxQuWfEvqvpohLd0tkyYlXdq2sbS6r/W5TaZP9/NgeNKm1QcSAFWJvxtylbhZI30aIkFejnw+ThFvQftTcBTs4bI3MyfYi1sjJXQTMUrXXwAHYrhu9LF9eozmphiUdcblV4yhI/+ylEgOrP+/E0OPyxvqqzJ3wPksYKpN8N8UL6dK57CsljIDNJhyQqkmR2u77o2CBQUfDxskmnjtQzVOqK1fr56HyxJwN/FADtJdEJ1n0FgrS9bqNTMvhYsE9e5L9I4NB0rg8JpTvdIPo9HHiUJpSVoKzDT0CerO3DuQcS63MilwsNMJLTFj0qMAbv61Kdis/yQkPMLEOdFyfBQbIGb331Xfent0yYsSMytz/DXSV7ZMcm1UC8KItAmdhlR/YPgCTu78QIbwty1XlLRRacNQEYIrqjewsy6hdjWVQLKylVbE8chegtadC5bBe4Hfim4v1VuMKeU+ZqEjgyJOebjOhtMbtmySgsjFzmmzGC2RbqqkyvRYBRX1s4iFlh/SgGbY4dceJsbDs1RoCFi/o3VkY342Dl+LlnvDXqYQbi6+sT8+6rD5tdzcpUU0xj/KaurrJeo4jxZV4y82y8Il+G+tS8uV6ZkjF8jlRiBIxrZuROeAEJIJDqwQdut3SGCMD+DurBC53p/c050Eg1x55desmPQ2ClpfCAwf1PyQSJfPFumtQqV6L7gg0D+W14cmHlgMO+D1cExp3XjpnU0aSOg+0F3M/jNsXFE4g2WsdGGLcV+cqza166rObLYu2R5TWAKldAv1Q2HlFlS0d2x22qcqeLhf9NjWhxtgH2o2cnshtzbYOQOq8y6uRgz/HyAgUz8yOXFtK2kKngvtURHDBS8eV9h9hkZRdZpZvKmh/tAJn4HsPzPnGClzJSP8ZpUhFyghxF8rpyvkqeeMr7JK4guFZu0SyqEFzQdQ1RIf1tXGVpqZKL2z63a1qrvot9xBb/DHMzuwiPoDck3+77YHPiSh8JlfLYhjazA+SI9w4t5/rih99LNz1FWTrVL6LF4z9+qpLqG683GSNDAWaUgtcEasnK6XztpqUNk6tn8a4PmB/SLMUAI4FuHk8UgXMbvz8xRQ2FA/nAKDbkw5fcFFEjGznyiX7qr4WNVWbQx4lpHTJz65SKquBvgT2fFyzfKJXEqiwOItFa9UJavGNX435yQZAH9VpAqwq6XD/ZO53fmni6hDYjBn4qZGh1VhPhW2MRmtot6x3gtijsXy+TZeUmLjcuJNIISsF9fEivr4gDM9PEE+YZ2p8yulscYV3qExg73yngnS+cquzbMcKKsVcXF8rwxgOU/ANkPn/fa9KrOwqEwCKCkyQELTEaKO30bOR0xvPNJd5aM8VgJcyP5p+MXlFUEX3JkxL+kFU169wOGrrD4TpkHll5/25+M3fYtI8kZ/vXJwBEwoGP/5e4zhmzxlWgNq/2og+QcH19V/BDQVpo/Er362CTNmGO6Fc8poKQsVzzsUr59S2pPMaQM13Ot/U8ghAF9kbs57GfHda+D0t84+aFIfCwDbEumfTnpCizbFGUinfPgwT2VSi+bw1pXlhH6lB/AFEpW8asP+fqw7MBQRDCHafNVWf4IdwRk1VxNlgl6X6uTU0KrFuM9bwP4h3ShtLO3opMtYtmnQVCru5LU+saHFx4KDjk97Cr8t7ca+X55TUtDISuKVjyZdXkmdw0SkCgONdHA7CCTylQhkOvSgzKaxagJhftLzlvBKKb+PEkOg1nuCOvSU2Ovq2TQcQ5evKI+sLVB5ziBbNaOzmf+NY3kx/LvC/DDohvJI3UclpXed7eua7r8LbLUtmqqhJ0TcozbGcs3oa96WWMPTq/h5KIain6L5IfXA7TNWciFggCxLg+Y00brwqcNEc07mFT2Hn+s5+L0oqm0O2LgqvSvLdcid4jRWnwDHuED88GkxfPBbq0SBb6XzUr0/XxVtCJAUeNt57nCU+QHOnyf9xqunpkv+eOBZuXnOYZHgbct0/Y7qxq3dMw3L2XhFVBrnC3n0o6s9VmAnoTHDN6UAd74wmkrKu6Xn4Ki9mbB1ZehvchXdeHcsEZwgqI4j64OxfdBPiTlpR52NC7P5jLukfOAC3b52fWQoF/iwDe+TbQO9ZEHnFw6JTT2Hv2JFxy0l3QipwZOTh8UrD0c2/n0W6JlJgRO9VGAN7qLwuI9ym6FylTV/LXnnJp8Z14vmE1kmuyXolTFm6paJaC+vUodDJvbpu3WnKdzeRJkRZMP7anhkynAvKiz76dtugUbCy2A3sa/4RV5FSC3qppIprC80hqkOyQgIrWBzaenXBxaARez9LkXKR5WsVXVxJ2nwUm5ggpRrmEXfuHP0vhgNyk3q7dug6P5kPD6vx+KW1+TJNaJpCKUpUuCJmcmJbibqD1U4rx2rNqVBCHMmJnk7iL2TjdPiwMJyap5+3ApjPFunZNkc6mhPJiuudBFKZHJEyZxD5Gl3OaGP7c8TVMe+zs76WWpm1etqlh9l8tOsfVMy9cIVAj45f7Idvr316+KQrMF7qXzPN+uB51st7S3aKGNKyxSUbBTOgdrtkxmjrdFo2/ZXYzqfYodzm+LvXtCeop6o12QKer7HLR/HIyEaS9cYYmVs0FEprQPG8DHCxxI1f/AOj976N/seKH47nX4Y6waBWpQlyOACPzN80xSZ5tt/lgsjreuHZBrsQH152JfHno2ubHouSKWDPwL7YGbUo97/nkpq6hGPnv4vjIG7qtUWW6B9y0V745i2ck/v78lQFns875IJLN0fszXiQUVD1Fa2/Nj8vuMfuFKupwp5whT2c8aa09nwD32LtUhpMrvVu9Ge0evb5zL3oiGeKDPU9NP282vVRMUAbUkRjq2buq/ril/Xtw4sFFXFY9SvQ9hDPEdfPx+RZ/lL9VoRR9ou+BfxYyYphsg1rHFhIpMKA1VHBSDWJPbB/A9Bdp8zAovfTUZg73sXPLHdv9GlYWrM8ZYIIj+TeriSz9M/SjQBXzzCF0UZVAhMZhvRPOa6PZ/lQqqdFjRRO5Ryju5y/oXGzt+lAdw5ctIH7mEXnmOZgXbunXy4h4eWWYuYoxXJwcdZUUoNJ34jR7T37SW3q/YMzp7bnBDaoMczYO9T3stIn5Vbe4iG6zDiKkrM/whX39Tj9O0H3ePXLrz4ULM48Larys7oTdwQ50r+JufO6CxPizcdz6+1k8W1liwfSrG/gab42iiFn8pZTpsvqMSvMgnMFrn8C2BRxTbmssCuaC1w78ucyOwnuSjEeG/zWbQdbp/B+ccgKaFpNUy2GesF29Jyh+6F4KtfkGgzGTP4wLQjTnY3MPVf2JiipvxxgQsHIwMOWsXFeFTj0+W4twsEeDLeITjpvWPlAc799u2n1V+zDpqcCNe8yKDFv9l6u8HXTIzcAlZmxxNJKnX5DSJdTgx4+dRtcv0U4KdmY6qMjRQOXrfS0HcGjXP9geweVjKArfJuSA7kP7lsKro6E4ZC8YfvgMxRGCrF7yawXzNUw9ye381vqzPJt/YDGkfAI97Cg+Xf90a2uw6S1GInFUDnLFLUaff79dmKAdSZxAb5oBBYueWWLXJD5BkMgjkZs7vRt09LLCxy+xIXezMjz+ROurYcXZHD3dIbSQ14Mop/m+Z/SGhqv/XvPw0UHi/ZiLkDmMHdcC6Z+b4wBNX3BpFp5nrj2ZlRVTlHV2BL8DCapaDzwqvKHToqlWpJnsdKuVxL/IhBzpgVH/g+mmQJoOdy0zpcXRLbJhjBgb9dYKQyzaPXoKHSDt53cjnr7ceG8Wo3RXezBFEGyY2mVA8NFT0Vz5Td4kvD0g38T72JxhfnLxFgwRXNyV7qp/YDE1VYSb7hbdDednNc7IbmlVagSiCnJwVznJbhQpRmk5Qyg9TkHrT3PP4voaDj2/JE3iGhf2SW6nmns7+L8Vo0w9R+Qy/0HYN7NvJoxsdbTI+jqIszaKsu3xhx08mOyZ+gpAoOs73t9JLKgdpX7cV4QJ4V7NfQdls3jZJI4RnKdwlXKSUe/sblCQ8CEq4lRteGg7FXtmAlL9zBsi6mF99l4DoUJOa67r5l9d2CJkNwTpW76NnpoqbU1qcoKTOM2ooSr0wJyj60ipdF5VcDcAxtjD/Af7Na2JM19ogwbrLS1NXKPkMyvzrOpzsco8Lkpj09QVqJl8SHr5exTz+YVThPD8beX5UAIInVBpuylSYh26lqHvNAyiobNbBKxeJZK5je+zhVvFhPV/Mfy+ks3uq15ZL3f82u1pY4dBhZZ8vq6zNSJ9M1TPW3oPmccK9wT0ZwVTc++SArFlJisESXaSMuhYa3Mf8G0fkGj/TOX8b0ijDj0nPHHGoDZsJovFX/wkgmOGSn4y33bjddtAS1+z+ls2z9GFr9zn47Ube6sjT0dbJdTJpfzfXdH7Ale0HY0F+tHuz+sEINS2FkceOXKbyH4frsdeX+BehW1b7TFpK2olZ2szneOZgSIA7VhtEIF0F1jQpwjojU7+uGyRA5fzeDWXUAZroJ5OH6Y+dHA4RSlhYJ/i9EmsJpFn1KB25DvOLKX7pzn40ZonRWeREgfG/UH59NEXGc+07HR3iW1XljvE5jlsu9i9B8ZOV7M4Tj3yxysMF8saD2CWX9alx7kfrB9LW3/IUCDLjWg2qGYTyJyLMo4CbQwo3x1D0fk+9ugCEFLOu8sB5lSBZ8tOUoZ5nhw0OK3K8s79Ocf+mnN+qt2eqmCSfXQj6f4LfDHle6izW1atIds8aj0rHiwxyFyfPvfPhUx/oSeTrYSzREy5jidLoCIqM1YldGlS3GDyX0JaBgSjZmmfr7xzzdVKs34gUj2+YDviNCgj3bMI9npMyoLCL2SGwooc92jGhRN31nBfBaHhMd40CK37AOaiAoP1doScdEy9H5r/QZ8FZK2Y/RcKhp6F0K1c07nQtt775Ak0xntzUyiOQgrcye35teeYxeyuzYjF0Xq8dxsT17hjVarcuUVK+94CqLrsZ2R0oY3aSlgqUPxy9wdH5U2Qz3KtvhkJhKIVDnpbY3tYte5sHogSK6CwYqqk2q60ajamgH2yg712rRbdQhV2deMnS4HIXf2/Qbif/koNPIUt6ccN6d+O0Mo7j/qVZqTlfKhDg+l30ObrPTp3TmWUALyPy862z4xk2TDEuaDH86dCPi1Dtj4Ey4ECazN1T7XMzNZoPr+t0SC4dijSfSo41Sq7r2AVzgKz8cW1hiToGgVaYZDOU/0V8YBPZhLBJiv9UnZpp1nyUtqe5sULJI65eF2hPE5G67sN+sJK7oSTEKTHzy5HQMc9apruytCUn7Fungt2xXnzB/746+SEuDf6dPqOXOhBb+OffGG7hwf6my0Uk9vs2xbTklXMXuBYkHs/FitGOASXEXy0oHFfR/yBXlfQISwxE3s/25RhuIdtghnbp1ypekuCL2cZFVcYyyVqHhFkIVfZ1a7WWowaU5vuBfLNMloocCg9WET4Crvwvc9eV5agSZFcz/3jziTfCe/jDCuGNsKsfUtVv1jB9+nRLVQglmZER90aGKVGOFfLC3TvnUpi+fZBL/aqjLM8JhXiNAr5De79+y0l363wgg3tTWAhpr6aAzl9r27/TZa9KIKljc/ilCLDHqPYozecamwCEBzmzHGj7JZS6FJt1+wz9r6EwVDNJr6B4r28L9SDPM+c59e92JfBTsM0r5EGFb/G20Zc4658jfhDN+ioUrd31b8w9E78qtPy2fhXplKjdE3HIndYXu8Tb4T33GiZpRMwLCKZjmVwb2o5zclgUFRj75UlyQKcg+sOaoOB1vaPDcfyOJ1Vj7hOI04OoKJdK+QS3k1E04o7vmCZXCEkBoutDDng997GN6QzuXJfRNv5UjDw8Y2pqkOrzEi/Z8PFKbNszU98b8OIqW/IDT3grR1x4mXj2mrWHyfozYxd5KyZX7FG+CcZVb35bJ+8FVFuXvCT2aDIzlUE3LENMOC86XHBGBcK0cCQeXz7rW132BmrkFwUP3D1Jyg5XPDEpJ5C/ejK2N8/jC6UJjpK2sMwj6s9ALqOJWJ+Bmb/UgIM5fyE7XbvvX9EcmtufDzHhESge3sEM1ktpf+ed743QuoQS3b3x0ElTEKIlGoNWlBZJtG15nscptLQlnWqiHZQnOWWFLfCDAyYdB5HIyLlRLC/O3isL18pk4bgx6off9nZEAKduKsie3WxRx8VoMjdz/Hlz7eEN6yLL/nVH+jBKJfEhbls8AgFPf2X5Z3awGR6GksIJHvTc8Bmu3WhVYL2IxA4mbmhr8cYdacr3dpoeXhJEl0hdkJKK2IdJ13CdZSqfcdPR7CCuakOM/gLymVi/5udTlHUlatqCITT2r6JDBV8OcGwWfZTqW1FJy4qXWMQlSN+LQq3U+66ycq+F64u7Lq+C3nygxpsRvhqdg4FXVgHyXopXANIFwVa3tPn2+84YsDdB/jqAnJ/XIM7+mz6O+oQlqZrzAoK8dt2/BezOTknec84NvXO1XD2WDBqYlMggeiIV6/eX3ZqM3iI41+i/W5FQGe1DMh/osK+CnqWhNmU1dd3Lo4cj1tJ3Yn6yOVAe6sOFa+J2Ul91w8qLPrcxuRjVnX3lESjRy7r0ShFwMWcMrOPpondrbknW9I3Q5OyiYolfqLCPS7Ds52fS1FdPWUjc1HdHiIylpjqZvV/w9jpVPfGmT8zTwsAtVzqXeNMoeHk81J3DhVfjEi03L6haisJ+EK08a9zsvFZb9L9ppj06cNKEVbFFE/u2Y0Ox5rXzOMn3bZcq4/tzdnaFKRlw9N+z8jaDBTO4637E7obGXrlg7hxIO0PFfAekSJQLrpv3yrhc1JdTlmmrOlKz10Q4DvxQd9Nrsv31pV9Ou1j2wWwN8CO6H4sRI16Aaw22tpBsMY/UsgioQcadWxxU30Zzdw8YWy7tmWCmYWszSLYicXFLrWzU5lirF9Y5m3L0Lh+Hyj0Dp3j+1bsAMMzdHq7ID8d3Vr9x+li3AgaRjZjzhnFVZ0C03m5Y9XRdF/uQ8bdaw4FOwO2x0KLSFDoce1dRUsi64SB2dlhA8rkoyAFr8Fh/RL9I/y/kAr3AbhXx8TCZMDWGHZOvi6RNAHli2kdUmtoPyf25gHwtWSn3J6VFnelM/oFX5ldCPvQZo5r7Dw+jBPR+aPK0zsFo9fvHSiIVUjO7okTifYJRb+VXTA/uLpTVh8v1nRZfiy40VxW874arhsXozc68yzYJ+OgA1BTzBXYoWc0r2btSVhHpVP39ih8YCNzCxq1hSyzCRWZw3Mv3i917t9lOVCwwMkdCb3Uqffh1W/gb8pqP3RFa2r9VqRBFz9prmxhQAWb4BDVZZz2GA4s9iSXYIiCiI8v1jqVDo1R5ZbsnKXiN7tsiXiI7YQKETKz0IlWpfXAED3yjwjlqwycUGoi9dIv8KPwdYiJt34mYlX1ukf0LKOGea8X7ON52WoriGbn6VzMi07Q+L2d/ZE9RvpSSsWq2FxtKUeRmts++naCWCACVXeE0yWOWA8n1c4RZL03k2MfWEgFwESyNQSwt0I8JY/vDDkSS68D+5arQJqIroi9MedczIULnzpcr8G5h42qRhS/fyV57xCavmSrWPh8EIfMxNTYa/4yHDSvEo1JN/VO2FF9b4XeEI27auCXTI+vgs3ISiDkuP7q6OuV5jUeiYuSNepX87v3gmVv5ZxrHVhbR5Z64yBuEMH2dhScAVlGWyW0bUVFt90f66uuvNWwmhPOxZEB0zLxWT9GzXUlIoXjd7+D9MWN6+siVQHYYvJ4yJmZqbKy6OWrauaHFGXSucQmU6FNapHUCOq+QYwotFO14vqf7uEeUkSmaGsPv5sCtpN/smKzl89P1BvYyGLlHIGoU+Ujk3j4y1SePTZcLRivplV365bbGIzR7hAWC+3+9GljWYkAqOZLjnP2OVs/yDH04lE2jtxeqx6+q8zr115ypSyds9i116xM6MPCo8lro5Dmt7SiW1pFyO1Wv4kCU8Vd23mHJL+O0DYcKcNC7jafAG7jMWfeZS51aoU17piKmqjOoS9WgM9VDeX9rHznC4gZP2hC7sbFd+ACwDnmQ+4BT3yItKXXagBiIMOG/cJtaWeU0HUCpXRm13jIB0F+1b9gaaUOvdotFJKH5djhDq/axuaxgFwekCpmI7B+tH2oZACWBmFXdgwXbUSfivijIBn0/K9BJ2SLdy+dhXur0ILHdDXRvHrgVVbF6RWjKg6a5aceEgRP19r9OeA5xD3rxifz23MpvfLYTSdT3w/kDQdwqIVEdT1VEd4acd9FjKTeSfZOf+t0axE1tPPwrc4e6GCWwI/5hoIJpsL6P1jV+UTedf0kE0n+5GV8hg+UuV+6MDZ1wCMJfqRaAbbkQu0/0U/FqXxueacsmpPrTa6IwX3dAqjIrSg/z8tn4l5Xq4sIPMKyKC/EWXxLM9WutYchckJVcAi/5aLRnTObNIg3qyETpDH0ZnqSYYvi1GKQWyjrtqas82+uwxyioL9vJAcdV6zkuaIZMPv5y+K/P9EBjMu43SQr5TJ17nawSfqidgrVkJ+S3iBbGdmYcRqQHxfP82Q0lwF8vrJzTGcWqMnn2E+IXx7MlvMsPJebz1pCCDBjSpmWH+dhwbNudH7EY2TWOkT4zJGww3pJ01cmVD4mPek1QnPcbzhcKqUrSmvZliCuAo+KQA/PkWX63KzNFZ1524YdvElVepSi8p5Q8dI9KH3aR7ue0DxPqhQiWux3ILpRgIgjT0LZ6xce6jMnpteBQ90rpy4sW4IymSMLnHWiMZrGQ0JQeV8Vs56DWukMGCvLSw4g0FZ/Iv1f5wMJQUt1HsePqqZpfCM5Kxgh+mSu9kgJTuJSOluSZXdipO83o5zKry2mBZf7+dCC7iPxJWS1Qtd1BQr4e5I26ZpeKiHOrr3GdHl6Cx9CVYQLX16Ny7AU7rrq2MdaRl0P74VrHHx0qvlxhvHHvCMDXH1M53C8E7JthtTLSy1yLDK2N9sYexbbeLcWqpFXA/SC/X1a0l+JctOA47JX3Q98n9mfmgbbfmaZQ6MKR6LPf/LmvpUB7C0d8fqddKV4qQ0F0CeR6lKoe+UroalB8pFQUkrmKkgLSWpNm5sABBUrtbgUOPIOAKzQfjaLd+CLvjLhICHge8Z9FclI1kZZ5B163Xe2XBZdjOcG6WjOd7i2JAlfLt9g2DBtsI/ErOyU8NDm8HKAwZSwGSIzugDnf85mXRsu2fvloaivMqToP0hK+w/wcRPdh2esPs8Dq6+fAMITrvulXMjZ1XG8riBDPng3WOV33vkvxoy7lyc6eo3CRMWxlDVcCxcqwScackVFli31vqIWuVWqc8VMIlIRPylsJnDK0GIuXOuEdvhEIVqEN8gMhJvTNeQUtg1F63yOOLfgf9wo3GYd0FlG9BPvK2+nb0qTJ4rLKKWeWD31PHjRYINpIjPh3OVTv2b8f5h6xygnZJduiDYO/9/leUN7n6LbsfReYPu8d++uXL4VGWYwQ6prb7Bey/9pkv6TLtfFp2D6obV+lt3KV7PJ82Z7H5Gv8ysmXdP5CvVBah5VfRAgcicc2O0VfBn+y/F1rZlqQU54TemG5dJDxQaNZ/GuSkuOz/EMbtDu8lJcyE1pAcSRBX/HKzIw/siaMnO0vyxEdfEeSFnsdFUY7HcwfVNt4A0eGwEI6WFOk5bWHvb8fS4Xk0kCzcNXYL4uYGvVtxY8Gs6Dp3ex+bqVt4v0c2q+M4ONfCv559a8gqT/AidKG1kBx8LPVZUByywRa3W+UceWnGeuV2n79XgWUpiUzNgtnzk9+yW4VTYhc4EG3NFaivXDmagFWSjHA0QgZmEwHtkUc1/HzznFAyKshReCv34aft3KYkwwVqpeTPYtf0sSKLP89D0ZstArTmc4P7K9LEwILswto/iNCe0TWyKYRlUIrqtgM5zRGsL/Cmv18e8YXv0Y0cWOWm4+OnHG+14IZYanafk0RmN4ayhsY3BQrZtloa+LmpOYuQCzToCn43EZzQN/tXkh0QL+4eCYzYXB65oECZvKg5s4jD/RTfIi+SJS+88WMigZgofSLE8fhA9/Tc8W9M0jo5e0zzyxtAnR1WxCL++JIrorlvXImsBo0Sr2trtdkSRXOs17MFSUxg2dUdX0jo4AiAevrjWH2XzOBkYOn8hbVnS827sSv5QAkrL9Bn+rXmynVTaBS4gVRNYsrZ31js4lm0L2d320zZSliVIzWO8GNlLVHuO7tF25o6FPWZ0Wu64ZBjwImyvG4LJJx3Me4IOZLUs/jAH2w2UYcq42MPm36arOufV+H8RhQ4yE+/fM132wBHZU3/vkaEYMoiYJjFdZGRRqIDvKlrS3ezvfXh1IidbITPNe6yj5+yFZasnubYzu/8f+Nw8AM0ajJXQJ66yPNXnQEiLfi5q+fPIb5aaoUoQgBDxBfKW/jDpXAjOT9nCkZR22GxOIsWxqHfXO7XJltih467x0mcaJbRb/ZnQVjESXpUCjjp4RBvUg2rT+uG81/59FsC8cQY06HhP46gXNNZfPlxoqugSOCtL9dprqAvyFxzH+NnX+jg+y0WekDFR776wmmizCPnvNOEKbSdLpTUiZmwAeYVeQdvTGn2KR+abG3RDVVQ28ICzeWtZJDSoNOvs+s3uzGd9KtJOYvR440Hv6Zj22IrAUtb0ibaaiKtG/sGR3/6x6t087SV5re5lMowuNRfkreUaY1qoOfOxBn/rvSMhgWuD4p5DMDZe+aTdF6rFIGrjxGF9MWh7aDMWxfPVeQPq2Ve9HP+SP+6msSxTcmy71d/gDg2/WBwoLCHPrJDM83BbyuEc//923O/OqP9lY3XekN+jyOf9fxXtEDzXD+wk4sta1zoqYxBvxx/cB0XjgXK8r/oPz/oGyWriXxTAX3CVjTOaCX9B7BhYbr14L/fl5d4C2fckz8/M+WrZu+wE+kyBFD2fEyJIGKB6AlNssmEv1J3IcMhuKQBGoXhw6e511nPde/vrjqCKJfGg8g8OE7EMsSIADJ6/PFZ46PoFR3LPpkLpZh+snir9iRfiY8c0nLnkTZa/n1HfdFMaEcCJntZj3Icv84JRMqN+zoZ4y/knzY66XlY58OkC6E3JjimMzRNGGr8RuQhN5NLMVuPwmOn+S9oJUHOeG7Q80a/e7D8LPt9zGxNvP/6A97zDpTg1c2B5wbdJ7kAQikUuNfCSzn1xqzWitqT9EbRcMUjun+VxKkezgDsEbanlRoTW9676i/BWbeESQ1sqvOsi01+C40sBU2D9ZDb5VS1bf9m4GEq49AQBlTusr5AHb4Fod74161w5Qu25cmwyjPXxZ71ifmnLN526mJ4wKjf0zWUUpHyrGR+d2Mr+sYB0IZOf43GnGn0SA4GftGPD4Ny/4G1Urk2GrsGWkBYbbJRalRFpcuxX/MO2IEQQAXae+HLCjQuUdNrUx3qfpfvoIwBZMEtzz+rjGea2oFUVsUO1jdteYkmOGyPUrhDYSaeXEoJgr3kVoSFL03zlUHjlP+Pssy1P+9ZuzYei0EkZ6z5x6yHT9PAm7AVax9pRHoCyrKbkxIhaeCOILgGQ6xer/JMxhTvgogUmxTp3zjQQrtlQWuPUvJ/b6GrYOlFEPj+byBRnSvN836Oj74+exWjo+w0oSqBRTHYC3WbPZfA0t283/VMn6jw3kDc8FbuZMJPW8cN4BznHgjNXs8Y+B+fWJ8a9s6qq8Yt5m6mVayLs7jZyaAEFiHwONdri1Qqb2gbNl+ngEZxp5p4sAwER1k3ZEfPV2rk1QIVVl/M9BajxkIM46l9uWcjclu33QK9LJu/obGJzzAMANdGOLRFhAunwW8FbslfavmERdwb1KJLaLyYxyqBQ9NLAvynwl//r6aX2oJUboELTep6UhJnwwC9vvtJT4WSRmKTJ2cpYK5/p+sCjz5fhOXXbheLwjK71pFvpj/XjOmwCP2WlfJQYLrjzH/btRXhINKp290w7fX3JClQ12QxjuXSj7Ajzmez7Isymh9Wuwf+9CAb2l8OaVMEOPb0YwLJOqFMG1HKIiGxrmP5iwxKYr275MAJgk1PByUKp3P7MkADBXNw3v7jg6NLQzhdUlMjpN+6+n8jkjubR5apKdo6BHscur+nJivSPgMrcWdRGU4VfT9hVE9q6lQ5G3/7R+O5E5w5sb2u4YPXy2jCtU27Qf7ala6xYUGzPHisdg+U+nioTWXdCI2/HaEzoIwJ5XH5UabKt0Djl0MhTra0d4orFICu0981cL79doaCcXN8dt/UuFm1d/IH4ZCuebHdssi6P4cEfwkv9BE1R4KO2tXpvMHCNOxXNwWn6EqJxRFmG8QlgyKq/9R1mcvlYGWnje0+J/97I5fvHYPR04ApyjoV/Fx5OaVyKe3TrL90YC0MN5PJ2Z5WkEQUU1A7/3a5bWv5RFd8dvAVQibCI6n5G+x2l8dlS0Qg7zSilolgrMAz4DFubWlXxquInLnaz8YfotBKSx9OszJUMuMTB2aD0LB9lzhf+RWSMaTeOCErYPVBttTZYGoF7+82MkXuZ3kpvvgkUVUIfgk4dw47D/pV8U6gKMou160fKocxm+MKHoOGgmV4Vvoe1UD9lkagWuK8nVN8PQivXb4pRGs/PtwbW23CZb74k3mw3TUBEQImK99Cd/bXy0OaC/tQ2V8opBQSbze0eBVr1uJ4Gpp7J/iBpsdVJPcgZOFqEvpRcEhkNl17ejij3mBU79yBslkRCx+7AyNURTxaGvviiJoWMix+jdVzdjfAqJ0Tu8UWdS+D++kNpOgUTA7/PJW6fjfLX8NKjmOwekt2VFim+GhMenWWoOHzPT3CtOmIf3s15LP8D9nxre6UcV/TKADR517Yg8aoghPjM6egpehDw3k4a3kXu3IT8qLL/zXtBeR3XcI7w+nuUmEvufcCmh7uJPIv7/RhwbjDn7Hn782ClUUFr92UWyWx0SRuB5lEl/aI+rVX2up3rFXO4GEvjaPap7JTg/wnwzuuD7GI9F4v/v62Yu2LUPoOoOY1xnusNu7wzIgpNtyIndbvsavxTGY5wjpup0dqfNLvXI+DOgHNq3iN7sQchu/Dsi+PG3CqkLi4D/kVSDGkEYpWC6UcHVXpDSw381+fKGnYGX0YDfnQG8syx/pZd3E+5UJ10dFwQHD1Fr0HfWY09MAMIhtuV5y3pTD54sieUpXs55BOeRFGaSXtR1Z01wZDx+kG3zIT2KXc1eFURfkYVnlmpoTaWe7dfSVBbDw9cpmEEHYCGtK574QaaBgF7vSCvfgA9BQjeTabbMqnv/q6wnz2CcwT8oRV2WgJet3FNyMqknTfk0SOfURizwJYkr8CIBbB3Qo5phXoS3w9Bgsy062/inupFWYwQ1SuiTC3osWXosW9vC2gFxWO5hcqqhvw8G/oK4jW+MwjL4j2lQfPf+85zv8ex/LuNzoSF++G9JytJOEScbNggRWTbEOGyOu5UsWZD5mI7VcR6fsvn175fBA8I4VGKFtFCI5CWfyBM/rsSqfBx/ZrQDu6cswLoGAEFmgGZVAku+HRaNyAokZ4tQiNIw1GCIvk5NoJX/2HB5rOknXUdCP6BEacsJTNucKVoffCGG4bXehxtCaIVYi9Mi+zwMmNvYEttJ4rx8YQqIHXPBbSHb3lgRVAZeG418CP6qQrA5+vjxWxGhe/RdGp8YHMpGQ9b7Q5wrhpoT2I+X00Fpm7i/3SPu1RwRcAoaTCJeL9DNWTRIr8gmlPvhlhKSbfryUEdNiFtTd9FrPG7Vtf1ZZdpl6wA1/Vpzekcx6YXv7/aFqVLdURGPs0rqdKYYhuJDz7ynvBVy9IvSAn4Ftud4X+3nOxKdcQA7AaE1TVCWCOlvoBlPeliT9kI8d1EGskkGlCMGs/Cj66L18ZiTmTJbx7Mb5wAz2mS5zo3DtgavRsHP59LpwKZBwAa7Wmrq/v7x14md6xv4mzjnJ/wjoO1L7pcm5j4pwpWH7p6Q7FYbMnCs3gygKH5YzJAFJsdhzIi0vDHo3573evm0QZdOn7OfZon/7n4asviAPyhfZnTD5Ou78hVDZWPtEt+2c2uI8YEx73UcrpKRaBJaBWvdtdPhMMbXUMFY4UNFI1tuKKneWGdeIPvMH8L+5SV1cgEYilU6ApZFAKB9LfFMzJN7gqZhayV0+UFNfxfhVk29l0raVrxAbt7fB1E3FFGzPrjmvLbgdwTD69RoTq8IiGxAmVt35oNLuyBvAJpzkolnwoaKKiSHJLfwlsFN8rqceYpbSW2yBchCamcomzpdbJfWk2OZrJJjoAu46EkmyB6cC62tgz6TQ52i8ftpMuJ61cBXHchL/RTRo/GZi72iT1EOFTjrVT8w/EgTLhSMPtFcMAy7/62oCtP2MvNuCrMZiVVjQZUFUSNYfMq9N864ESSZAy3fYg+mXpon9U0BXZ0ScmI1zttO+BYyW8GAEaBbmvGnhJT67FP19HWUHPjy0ft+tO8W/H42Zo7ukL0fFekln8Hxi2Q6Kmg3H8ZY2nnIOj3F+5cmajqfIbP4Go1GBtgbF6c/ovyX5a/b5M4ZLfxfHXR1mHzRgvyn4YWNvOfqUDY2KqXEh+uRyBGl1X4CQMvwak79HHrFJEcpguCU8KIL09yM/OJSPKpsJPwix8Gz2q4N/1dWHEiLmSSYtgO+KWQLur5IwHfILosvFiEryrFkL93nuQKbpO/4Tf5l/fQn72aVWGPXF6jDqDFyGoXgCPukljV/j1J9dNo72TVSiI4ELxvPyVXmfWgNNbL/wIIyo56LowSOMxwVgpQvsf3fC2hjk+RCVVeyNftmKWDGJ9cvL95Tb0aL1iWX7wYpi7Pll/8zD/f2iDBG8C2JhLxN2VKmjASFeLKPkAbaLflKayIR8m2usLSLqQDfgT/1DzyxX7IJoUEAza3F6t++Xx5D7N8737PC3rYIx+EC5wqKM2+r1UO5n4SDm5m6zL89yApEERnrSxcO5d/z4GSsS299o0Bj1w+nASRg4eNR1O0l0n6pLrHgo53aEGoy0pC5WBnbCnkG+dah48QXlRVSk5ujVeQGO7nicMlzoXaZUbMeI4ItVQSXt0Kgtb6nF4GoGVRZKww09RdmGNu/svWo8HoIVvo83OvmyZQcf5nmq+KG7wwvVqmezjZYsvsM74jxPHZsYnXvkNdML+jFar8SRkwrzhZwmXwOOXvAEZvhjl+qDT0U+JYsRvPUQF+GuSLzvYjSV+2WlzzbUsAYnsy6tOmQjsOFLb+SOqQfklQboqGSYfF8J62SWyHQ33GSVBLQuQPgXB5K+i/slrI925jJuon9lvdh3MJW/4jUrxQRVdu9zer7DlmZQ1IIP/yUqTqQqA3V7S0uMnN3KXYWQ+2TkwsDnl7SPNWaLW/n9fU1+Hv20Pftbp03Tr7bTWwo8AofdIQFcjf4RudelrNWnt9wP8saq+9E7iUZGZrHDw1oYSAiCI9HNC1GvgzGKyLelxJYGr0LRqDRojLEsz8dvCH9dB6vkbHDRiAQe+u9cRiEsetgr6szmYXoHx7EW2Xq+zNqS3zIlFQmoS70MyRvvrBI7oMUOgwFg0tiWpRNErZl1jS/cDRR2wWPS1AuYxHtUK+ieFqpVl6ucqHUrLGudbbrRfC/4d0c7ALLZnW9Mqr9phaFgc2hAClELF5XlbN304NQ8d3cew/dVJnYDocQ6cZ9Ny20iL3MhcMBKIflCp5TcTkJut/k24La/JOGBvNg2JEOXwY/aqV9Sg2VHXPq7Q45CUmlu8sVFLdPocPAIWtQJ59ZDjWD1MiHCgAShHl+cSGc/SiQQ50Gkv6PshSOW1lL6ffrEPkRHYmcd74FqZ97haxKVb1x54I3FVzZbxa3v4+3kV9YJvFR0aRWKuopHZqtM3wUfSyu/G84FEbx7o/FreZfNXT1d9d2nlHBzOWW5KdlTzNXd8mtK5pJCUJ07jFiuTopsDUBSZEI3rQxAj5Izki86U9UXSwY0NLBuqd6KBxUDArmW4NSxQruTP6W/ZHvhfFjmQ4nDHjG2BFLGRgwWYSa+185g3fGmtpWpbcWrt3RYtYh84zqBPRK7rSSR8TNIAyGOo/52iVjwUIQTzf6rzaX++i8BDM+W7a/WFWPxPL8ibsnp5k2qerAUy89rkhDZK7GRFHpVsTFVsM19pEe9Y1oKiRy7aHjzao2MrYR4Iyx+PFuTcRVDiYIuuQllpgC5iYw2G+qmFba6j1qyONpvILt03+YTJwHzPbNFp+DjoFCvS5ISQkQfTdNEX5Q2LUTHDFloyNf7nhmSWWrlXivHZ6yPgZAya0xNLNJOK1Bgd12Gi8SxOFxScrFhMCyH/EKF5AW4WErQz/xPO1ykhs39mnWT5FCh7q+sROBp7iPwyLeB7F+27rZTjwQhn6j9mFfwa/m7RNEVPQj+Aay/CnMo9JrG90KXkIYT/MO9cX6pfIYwmvDCggvUXxDnao3s2o2q09B91VI7Y8YUqfzYaNUfa/pR2EmSzr3+eg97BdxWluhbwnZcsyby/tZYtf1sHTEBD7TVkARtEJZJGHt3uFaG2kybV2Xeyl8IA/gw68Vd8i7X8s7WSPfvo12no2VjBoJzEup9GoOU80Jo76tDtKCvH3MnlEVz+tc6HSo11wdz6iNaCeC8IF28Vl6RNP6xqSH2lneDF3NVLY6KVgGC/Bn32RqXqcRSmNqXKzTHQGTJq12+SVTBtXC0QCHzoN2z+IAX3aw87pmmYdHIEBteD4xU5MFayJQIKEq2+ls4J4bRiPXDmOiy5ODT+yrU4JwkMJbQXpqJBPQLpeXXYGoQXV6VYeBF2Qp/Dgbg08gGGBe7Sgqw7nM3AKxUdejuGjDfS9+kFBL5I4rtwK8o8ouR2dxpMon3bh/chxmrV47dW+fljLakIkp5BWt9JHvXQRZhZXgFz+Mz9bnI6h7VUwFs3Rbu329oJ9HZp135bIcjB4fPfDHIF0UB788PqAGtBQzGHBLpcKcPojpSvuIgel9AKHK0GDrNr9INnAjJ26yK1yo56jvGmnhhtHylhdt1dbXUtZDitvDS0qbfY7k1AywJhjIiiROlp+U7FAkoei9aSFeE6ZBLNfLMUln5d05v83czkPuRgnUiq/CUG5v/1DPUnTMIUfMV00eShuaSLqKJ3RtsnMMels33jQtlBn2lb/DAy+cV6jMWXWHoqNG0spOq6zeu0o6+iEUGuhj4Hc+bE+MrFPUBAvXLsgYAE2C9eG+3oGRJKzyH8gufRmDQzSEL7CYer1sT7Rcja/NYTn8w9fCwzyV4dDy3rJ4uK2mBWi+sxjT9KzQntmrpL4TT5aQdFFmO5K/r6oJyZaMmVUKZgFBGQPMXElq66PuxNc88AgQpr3QmFP5A+pzLhAKOXNARpMHxa9zhxvur+TZe3fbvxt3xcHrL1BCaP4sTIFLBX+uf2Fkf09zG4625cAH3UX3cWtsHVA1N9XC9VfmrNVQIAGabRREvXTt4DR/BRMK+zUM4q3avgr3fCJxbEJpun4F5VrhdpGwqnDmM1kpym8Qo9+2LOLtbkx1cUDiuUbVkEdeqgtVOHMghHEFNz2fVv6pW8tPQxJ6BqY/sEJjOCH0r2r4uE/wEuS+hx2jVCjnyHXKKn2bmtWu72FT4Ck5Vl0UfNgYOFxS+bmRl0mBfJZWE7W54bFO3l2osNNff6gBUHF0tT2fgXXJt8BcfbOaZZ6mzGZwPrM07WTaVHdSimwYqqKuaD7LEoLMtkK7C6cWINC6kkKEZjJGCG8Ac7jsysyEBNpSYk5vJE3SKzE97TuSibMC+DS/99SUBTyVwzsHPX2GUjmAElRp5V37AYZqfZbM199kxXBSThzl9zPwVonkY7Pn92VCPy7+VTXw/6Rs5l92uPlCI5KIDZ0Cf7OE+zwBX/Cp7kMszpQ5Ba0SIy5j8pSflUa0NhJhvi+McypOZtHW9CpmuA9FmSoC/zQMXVtr2QVNOmEUHlIQLh7C95OffssiskNahC5EVu/Y7DaDvZXK7h1NfNVcVNbZejH/Z1ptBNrFBDU27Ym8f1dQtFjRZtn6SbBT75YFL+yYdfCpD78GZSVIr5YmAd+rbVYAPVjvYRzrwZDOBpWqH8JBZGXiPjZpVIODC8xbhlDrFlL/q0e3Mmexil8WxJWHwQ4GqzK7pVwl5Xcx+UlpRfp2je8V8WEuckj6sQxtxESFUg3Bc0GKe5c6UYN8++icfPjodb4FNBFOEPL1PmNfUFux5bsps+wxK57UKB4t4R8lyl8AWSj/2GOL6nW0I8TwnrZMkavsWTdESGshUhwoQYT6ariPERG/dJUc/ocelkQzidr/sSLtr2hDXn3sUCObQv6F6vAL3VoBCXsljjRi++TmF2JxmSnsa8RNRjOWdx/LR4HbawFEQdvI8a1qG0ZJahdelVbWhsGkUTLpNdRQo8YCgBwubUkLDmfFgqIkv2sQP6IcP73CCLgXs1EsWzOcXLw5icWFkmbv2S8/fM8pGX+OcpeO6HJRPZL4fj7dfpG3qxm2v6nT9zoKavoWaYZotlaw1Tv2un3t3wKF37iN/D0etwWgNhjphaBACMABWvOm7+V2UmGu7NsMzXN8y3tZK0+e8X73VSvFLvP0TWCqjG5hnKTXt49rAXc5W4gb++6pbEfKVb3DVel3knKwGL+w8Ay1Fj9BfTdHeotcKDKd8CkKW6dIkFv5s69Vn1sTAxVna8D21IRwQ+iUV4/jByLrIukTLy3P3eayEFBR7cFPv95sxOZ9VpcUc3RwXmXe+5ly0ZbD+yoeBxPH1BewIpZeZHRGIFUHiF8R0gertxw3tP8lrbcYWBEa8XHmSbnN08kf1LmCL8N6rjBElsC8gkB6CZt0hzZDYlYeoL7fIKtqjsURTZoTWZWDTxBl8/SxO4iuK8tGzNCEb3XSkzjLA3O653ISOEnyndh9zfXMmzFs32BTZ8IyI3mQNhumNBZunjTBcrFK4d8OqnCAOWM6j+/uGqIdVPjdyZEDV8C2N2jnAIdI597W6OyGWtpJRFIZ/G7GT4/wzH2ZO1QxdYxhONoUuhskUFe1kHaTVgwR+sL938Z8zS68t78Cz0HIfDkPLcxQ8QLJwiVrRse6CnHRivxJbbHsapMs8gbOb705ToTYkESH0Aq03krG4PnOod2jgagTmcOotAjJei2TuRUk3vyLM9D5/i1LqMtARUjxXjKtuK3RVNBa2DI+0ZxyBA63rRa8Z2NlovjOxnWZ8WA6HUQ+tkH9w+Iw+wnGy1Cx3fQyvaNaDs7h6OzYrJE/NrWCCwoS9KxXSBEHG/bw2YPEjs+bJYcXJCjqSbTNaWiX0sxq4BJhljQQl89gF4Mjlb2JYj9q9BQXC/e6OyvtKAbPcfpEXtvwiTmaV0OIK1dFeWcNM1vN4lOL8zfs3H734WH01H4ifJbrFKJwfKEm871UYp1sa6baYE2ko+fsPGQO8Y9NFs1Qx9ZXIjhXFfOyWZWTwzJdxdZqXZOLf9iUIkA3CfLY+RoqqWZQwkh9Lf8bk5GpmXQYEjA9bi5SfdaZ/TUgMGpxHsW3Xa8N8OQQcqJhtK4dlkfM3Gr7nF13gKQRlEeHsCz1P+320bXGhBcR8q9uwPoVbvB79D4YZFAuUQBiS+fQJfRWmYHEVPELmt50VRjXuk+N59earuR4dhuDyR4CMHhIodWlQ9PRMZ/lM+eZCL8yQ7uKxWIUGYlVJD6hGfIDBkc4jnOubuqG2ZA6ceB1jYM3uMHFw7QYPkeLbwv6ES8Ha2KlwA4iLYsQhvptQEnLv5byN1NAQw952P/GzbJJK7txvw1lDC6J6dbc0aLn3kB67PXBGPmvTvKld95O26tXKJhw8FuaF8xzbu8rDADcGg6/s3Shw5/bGZnLyh3m99o3WkxTihRAcIYNzNWtDLeW4deKxWI+eCBMCVNITEUKsps+Oo7jcfeuwIA9mMEv6kE7f/Vj9FohM8Ws07DIiSrpiR0ynIVuNC2CoFZ/xguqtfcxUovZ3Y1JR2pMf9F/nWgCOq+F+jD30UHqDmx/Tya4XCj3Urz8gR121C0wv4LDQe/8wtkM+4DLnNKukg2oN3Hez7XLq4t5hDHuh3TKMfooD/2TXA2AIZIt7aEbUD6pZr4RnnCvdxojwhtFL79Rcw5JGR3YMNVySDtkEOKtPNR1alNIbM5Q4SbCZpDO6rCmJvmQVOEizvYMFz0aN0RXuHsyY18PHwDdrbtuyy6pgs8Ew+T27S4tRBk3izdo4yDxWVZfGz8Xlxu0Wia6f9vTe8UK7Vsz4Qm0ARdh7HaVPXVljXIfvbZ1sIJvX91kZFaz5vkcv6jCZH5cjAcMj5IiHgGZiLj/4dQrwCOi7dDwAFD8v0YBCW97dqsEdRaS1i8GSbHBiKBs8nJDiURJ3AnziJC7e9sJ9MWM2P7aunFyXVhyzcpytvnw76Zbu8qao6xqcAyBUXXaqOGyDVxUuy2kYBmk/pYHJB4wcND+xGVr3xTQjq6MqQ0E1SmtbnDaqe5+ve3L5e6BPFdBX/ekwLnSklfHJzI1o0KWPTgCErZK9S1cJ+mz1hmqEK/XRrjVjz0RnfKnSpt7f99KmLbMMy3uu1T1v/PiFFZ2Us2TtvhRN/15QXPZw2qf87TnF9WVRxCcfuGLSNH1bZjeZZmLAabhFtLH+yWRZkdc7WvpjR+bFXY7lRb3Arh42G3sn9bNzYwdVVjtY83NYv4Jh5cYuuI+4RruD8dyvPtrEShOG1IhqTF0n9xoM992AaY/RaRhJ/I7oEHdJlwATbzceSeCPwP+qsYBFhQkp0oYcJSwS7mmWLpFaRNyl/Fpw1KargyS7pGZ5kkExZpU3DOo1iB9/FVmWbzXF87sE6UbjYZqi9wJlVTrq3DayNvt6DjrsleQouk3gUKRAlbmr5+RBUbLOUs0FZYdgBomgENACLHV+0swtQnV4IL6fWWnAfURK/XR295EiWuAfpnggbuUW7ZJs8FbQO9eljySpVVQE0nv4taF7mKyFxnR2rqa+hBXKXvxlEwDRVQFl0GwWZZacTSfCT1doMNa1iOpBJ3K604SUtLB8RTM8diZhN125efLEhfqZVARiKzPySuxHLeE+j9nsEq2KM0g39L5FmIPPwzidSSWyFdKUR14Slvvw/QY1RgPs1acEUnaeBAwCVlD3XDnGdV/exNftoc6OW1n8wl8BP7kRn6BFBfxTpMm5OI3vcWlt7/Vd+1MF1cYHohfioShAV10N8vMiAeb/cZmXudGKpMy3w342h0d8h+F7Ug569MPbWFsSj1B9zuBCWvPElTS7M7mwY9sG96ALGDj75jop7+2Ru5UgplvHeCEDiS/frEoiVNIwXn2/1yFP+81qEBwxgaOzf3ePQdAIbJuBKgBq7D2WMRkvWpfYNn+GXJMZaiAFJOBLbFaDmhqm33BLdEkiAb8fI5SGNwHfjiSzte5LGP5OlOkr9epLqkskc2uV0+YqWGnDIel21imCHEZ2SeTk2c6WGFT0Hn6u2R5oHIdEoR75LzFAI7yaXZd6g41OjLKV3f3MksX1/oRH9OhMQ5GLGBSUdcaNUIiWTMT4d/z6LqUAnGE6McN5GhsaMB6Gz+6bj7QwokaFGmdZuk8nWhXP+B50QsHEgvRmA5hyEhW3mICcGKW5mE8OSQThweDJUfCPHnXtyfj7hHUz7rYe3+H3zXqve8OR3k8zlJcQszxmNxd70WkYBzI4ey2CJKwSgs96jRJ7ju+/pIGMbg890KcnK2ph3aviR/0yvsTSUK3SH/5+mA9NQPdf8Acu+2t1zce7/VTVF9lbgyhJQqZlvHV0K/K8lbsMU1zrExJR4IpqmzaZxv1RWMaLGz43U6pwAoTBzN2CAO5chij0z2wbKoCUOgOd/YGGE9BJrPFd0bl+5dcnrB9c71w/trwLSBInMuJi97Texmea+fNbTDckHOtdqNay0iKM2US0I9PHe3SwXWj6lrVVW0roI8ldy5SVIX1PZx4PvAxhPOKAo0gy8zYqphG6A6grE6S5NqLARqQHwGCgW1NPMIzXFEIoo9OYo6Jbqm5tmgFvBv9V7Ze7KD4qFZs8x/gD7mKr67/a4D17HUmWRsUew7aWJDnBZl/NLbE18PnQ6mpsKP5XG0gb9sCL33i2zdS8Wo2eyJyZNe3G4XJyctPzxfhkPNyWjojr17BqThyJ/UYpWuYyiPIYzutZ5hnCokqDHCZ0PfN8EetjSwntdSEEms3hOGtwfxlIO87B70i+tW6S3oxpxSSkl28U9mmZeTZqZSoH4kj7O6dLmcWzopv5X99yFL9R/Vv5BZXnMFp9t/72axNHhqKwPTgdU3wiFtJ8QBdKbWU25eqpYURq3zwFIkex0khMWKa+fWFW0R1gv5QdhBPtr5atQWu3qZhOpcB+vV+l1F9XvM12LZ5BcOLrHWVhmoym4m+XRbeXfVE80D3AyKdnayDmJ/G28y0hNygUL3IxlpEblAVeptxprb28kKmKAn0tPOFNA+gowsYGdz4CnGP7Czve/ncK/HR3N1JGaJN59b/ayJON9ZLzveCy50AfIH59hw8X8XfcP+zhZUY55ZjFmp2HlMGOCCdRSdGi+5JOxwT87UYkLuucfERRT/m1OUKW7MzAyr+Y/sMCggPhyqKxY3kY0EdqHkSO9J+UqUWLHSyVtjs1NGgq+bAtXVrPx92OLDHDD+KFlym0Beq+zYdVb9Kc+pVbB4p0KyNOpnzEe7XNR/UQ3sIwxYN/aVLfNckzGR91oVWhgGd1/JW4HcXvkuTn0gFW3mIDi/6UGlq59I2lZoru5rpp/s9V3peruDmBxlOf+71+WLQEP8UGNVTx717oMiqdKvNSvQwrdaXAEOedZ4Kh5A84WeVHNmaxo67bhl6/ejSFPMZV/eiHS0E8z4jYBk/A2ax45/O1PQZrl8C8gZ8kDR2gF7TiqRCnhHNiGPYArZ+3jeEMLuVlAvqFCMQTrK/Q/gjBJxn8Migsv/SlQCRi8+6w/dKqk1Ze0JsqK2v5zGTjbHMWuaM+q4EJIIfgc8QLd2+o++zCjTPxoY1biI+hhFHeo+QPgIA08td3avYfNhqcW7A4+2aAzA4xupIXlZdanFWg3q7qUxrwLncVSX4+87OH+nSX+8mG9eTbHgyR4rY1a5/hZhFnoKLjXXzUMertJMscl4UPZNDoXPUZg57g0bU1/Vr6TmA9vqmciTcCpsGzDwlUr2NmbEyHF/lpGaq2o3HeKKSHmaN9R04GRv2RHtJ7a2KT6Ep0pTrWKV9wNFbHhzOyetY/+NUxgI4go23pvtYt4VrZh+Pmn1ZNthRNaS/tUjpLU0ByIGqj9f1SscRSTi7xPslHxXhq+CpZOLJM6qLvrp3Zo/3QPjBsa3eONVk3jdCog78lBCTtLPT6FTyZf/EJnv8gUrjSyvaEZdF4AHG4BIQb5p9tjNNXa9IKoHzlAAOX5/K6Ftxmw1WGS0poOAcaEGYbLBcXYWuF7bslx93Jwyup3cjvdaIs77kJWV13QB1u5d6NBGM5eml8gIVkS7Y5gmPRVc9X+O1fovm1FSso1u06lo1u93FfQ08pCb63Ffk9Y82rqWzEOC0cLLFhGtO04JSWEDQBR4kMwJaRAqGYQBDLCIpqiNOV0DSIqXvmmIYdGhQPZfdwGEtuZnjzVn0aSYkVEpjxQz/zl7qe3n/U227OhQVH+B+Ciljx62XSIuuYIHYFZHjw+0HBW99MamLWIScY/R3A1whMbCQVeuXlpSsZuPleUSAIHlaMLkXIKAaFELy/tk+1D1K1hMc2Y6DzXU1tF0lPRbzqnT3P2ktoS8eDgHpGKJLWGufBz4CUl6joXS4lysmQlCpOzRAf6KDrA5M7hTDPyfs7tEPGby2m+kaSPoYco5irihLU+kuHfDaAS8lrp1gEP73PCSTAGNNtL3deICvUPoquzVToMgBvNV87jZJzpLd6Rnh6Nu+y2fOe5NZgO97ou/y6cMFdQuy6X9f6ICFst0NSq8KvdNQ5Mu2E97R+qXKjCNyqyvTa9+C8pgfesBcOa+HEE/764uvhGB8hGItgRiohGYUrPfFI794Mc/AfoOGNeZrxBUZ7hIHyhxieD0cpAua11UihVq+0/1UH70Vz4fYNA/cvj09EqyC0scfjo4nIP+8g4RsIAPyUZb6hktS963DOiMgXa3dOVvMdg4HeawvHBJDbBP7Wk4ag5UtyMxZuPjGjWAyR0Z6flxDxO1cwjzbdiPukSY5YdCWB2FPkjI/BbwZRZWnz7yAAtlAvFJJSwzHtEStRuZMuJGFW/MX+H294D0gLGlz3VxbScr64OoQETqMikGr6X+wCagB+F553CpLcqEG8dXfSqsPnat4Mekk8GEYR2D76XrgmI8OZBkFRdn/P7gb4d4tAxPqGhwu09A+jv/UTImYhVDnuL1HKOM8gPes0Ge47/l/23mtJYhzZEvya+3jLqIPxSK215ssYg1rLCIqvXyKyqm73dO+smlnbNctIi8ykBkDA/bjDj0PjCUb/phOpa8hfHkr1bC15wn7YOYxcyttk3ojj4VjVtGCE73we4/UMDJzkM/PPKP311kph4K+KnHxjCL1rsGnnoX3cucsG68b8w5cpQ1lFWdumn54bXDgy/CTBm3/sBw7whwAaGzhlcM58ZowQVj8th9WyOgvx+4Ebprn0IU1zBfP26cmbfZPfFzc0bhnQfhk3HCVc9cZzPFClL1bzT7FVnDrPcaKAMP4jC4P1U+acU6VGW8pCvtGTLMqE+/FRIFmeU+i4PpDkp1aIpG+Ur+z44W9g5VhpYJi1wxp+5PVzPRqHewlrwckdFlYPBRgf3iHmM8nuEiC3UKhgk0AIRP30SlFlOl/hQ31hGioeooGL7YMnOU6WwO1lcUJosk1x05EjsDI8vy4D3ESzarowjoh17oG5hma0yAem/dRXJKXW/eT2Q4qs+dq6GnOvhwkeiAtrTvtgMu7PF3/QT8btw+P9HCL1BVvoDNTOhLswKXLtoUEC8xcryRFdZTa/vs7ktsrmY6JmPwQpPUEvS7OaOcgf7tdddEgAcXGtgDPOl/njPmNgmkDuCPwBkPNDEywrKEqsxY3mryvLG76S3HKSLEa/eQYiC0dhrv7ybGiaKZfCf71bkW2uDIG56BSuj41+votHuFqIST8MKw2y2mXw13tUoSr2nTH91uoRNrkTDcOSDgNoNDDmWk/6trPe3oO4S8dP8efILa74B+8FavWlwjZ57Cyh/dP/yMpnkM+bA37LTzY/poAMrHL2scD9NNhpk2j5hTEC+6WLyOyTE1VJF6SL99T858as4B2rf67uFevF9ZLFym+zGunt3dgXUr/7LaWqn+tnzTdaJ4LiWG5ZYT1WAZZFYM9r6tP9KS3wk9OLsZNqEH8eqReJzVOPP3T004vMVpZsmbrei+iA9cxpCFk/7I2TAIIyZ+TRw4u4d0SORKcmt+n+0yiy5GhEXUysPXQJZYvVusja8tZV8SlTgA/4DZ2xxgYquWs+oN64DeMTLLfuKH/yGxFOGaYJW2cLMk5ps63F4cPn6yAj/0WDt3Uyg0uwyAiiE1JMmHsLQ7GvXuVZiNK+XLqs/6IJCpnSxknbR5tz8JAgf/b3UiDYUxieGScdqrbyQc4r+LC0t20o/5SC0SXPZarzCg3yYa9GohXTpSJzwvzQv9iIZWQf9setPlnnxgo+8fHHlCn/7BtVzin9BC/MqkWYsEc/z6X4Jz0py8hlvcKCl51I4Z+Uuu+64TVXSkaCR7q3SYhal72h00AaURJ7aYxM40rzXeGIWu92x0bOFFk+ZX44n984eqjxwZIDvD3oJJ/7H/cD/NN8XW5/1Vxlmdp0NJhV9y5xRAwbZdFCDY36GYhYlNicrTNIL7TCKopdRxjvss2ycCR+BAAjmTgraQrK3ja3Hmb5Sx7oNLFSkyrTn8bRW0O+xzlRdVOFiyzIBcb7qorrqHsUhFVmK2bp395AMbuWMNpsYP1Wafv/iJn7/86Hfn3HDk8yLMWWKiSQVIlSyc8x2fZwbmnlsiy/lG7A6v4PEOcFTcmSDxvYgyBaJbA95LyDMNqhp3MNi+n8J4r9nPjJly0/fk6EwS6U+w+U6Q8hH/t8W25RB/159P788SBR7EEiBEQST/zPO5w/hwnyDwKF/v7A8M/Rvc626s/bY9DPviqvy+rPwqH4H0A9gd3J+rOr/PvR35nyb4EARjqYvOv+Kt/3fwSqs59rpiAeiE/R/rclRuv+/ZTChPhP7M8yfJLunf+c97Nj3c7uzx1rlUzg37pPyvsv/f1LrVOeggJC957kr42iPvL7cTRosjpNOjV55Z05rvVWj8N9/DVu29j/wwlUV5fgwDZO994sWStwPQvfG+u2jG0e/Nk4YE8xDptTX6AsMPlXQe6NLLnNL5T62bw1wFD+MvZ/Gfu/jP1fxv4vY/+Xsf/L2P9l7P8y9v/jl7H/y9j/Zez/xy9j/5ex/8vY/2Xs/zL2fxn7v4z9X8b+L2P/l7H/y9j/Zez/MvZ/Gfu/jP1fxv4vY/+Xsf/L2P9l7P8y9n8Z+7+M/V/G/i9j/5ex/8vY/2Xs/zL2fxn7v4z9X8b+L2P/l7H/y9j/Zez/MvZ/Gfu/jP1fxv4vY/+Xsf/L2P9l7P8y9n8Z+7+M/V/G/i9j///E5/87jH0Uf/6BPW+BDT/QJ4xC/0zYh0nk31D0iT8w8l9Z+n8x9//nU/Sxf6HoC+C//56mP75vjTLkzDgM/8XMB5R5ZuzG5XsOev/w4NF0uSRZnf/XsWEcALW/qLvuH07HKRSi8b+5+P/dyX+z9aH/+4z/5M+t9C7LbVKjdLX13b+h+yN/bf9ZX/jfZR2YxhrchfvcN1v/yiLwZ/KC/rirPFV/JPuK/VHe7fffQNaA/5bev7qx/PPufNLXHXj3zNjXt6EFOQmIv4c0539lH8Rw+A8CQ0C+CAJ0xH/ug/i/ZonAoD8I5N/0QOx/UQ/862H/V5JE/B/2hw4coJO0LZfxPWT/0OuK7+d/v8v896/9X/NR/JUYotq2+wrqBwmNUz7sVb22fyRTklb5H+NSAqkNzgUTTHU6Dn/9/c82KdrkP+/Tt/w/t+XuBX+ArBL/K1OHQMQfBAQjT+JPWUT8syR64n/8m55AIH88/40s+ofd//M7w7+Ko//fZwxpphykDAGWHYjDArR8p41lu7xtAoujHIq+8QYw/DCLieywmuJbq7oeRClfBHyfZnG39vK++gv8ckru9Y/bXsmNFKX9uQ3AC3f8/P3ZGYzZ9MPp/zk/Lv9Wld+Tvoe4H7htQ53uMdSpNuVbc8E+AxwVvwdZ6tRcpvyH7UNj720QdwU+P8QU/q+7/4BU7hZ3FZSJFKGez3d64tVP4hO8eYEufJux6sW9NYakTPaJpQLfJIgPSYIMZjPfplN83g9ykISuNZ0s1D1od0OajYNqcsTpjH2dcDu7yfutMQJrMC9MMcWSyAV4fwU+FDk09gqOd3pN2H39z7PdCWxvcWhX6peIxDTHGQsR4bW2IInV9hLwyxjkNm6gIRFtKGXHj4pmaHbiqHbin7RPP5rb4oZD7lpNnloNg+u3FO3emcBjaoBf0s+dy7E0RXCniYtDvUn7bs+E7vOq/y5Xlwtdf5dtzMTbCKjJz2vQ3lFgf6Lee0cgAA3xsSSIPpqD7X+Wt6ZKU/juJQJe7lLkuWahPb2Av4PWL4n885p/c/SfrvX/h9f+y9F/vNbr/euFHPC3Np3/TkIQaeMEeJOw+ycG/biZnLvOn5foQ0nwfPsBPmUspkgMRf55/L8S4rj4v02IYzLPb/sYnf6JBxuNQrkz7zaV2ONnfwtKEwdxKF/gGeZ3Oyr93j9TBLQz6Mvc33X6jq/utvkG/d/Uye6PKkUqKwmrf7hjvEahPnpCh0n831eW4G38Xbp/OOfvJzf/VFP2bqtP2ul7FOidebdXdBv1SSCfUWh38X+12D+fB3oP8/z2TVvwrwiVp1T8+22UI6mi377l2Fz07cf7J2cn7BXS3959X0+aaAXutcShVcYBDkbRKV/AM8sAP9qL4oBZwdE/37vEP1+WtjSW2jWWLm8htXsiXaYivUf3t5SZvb1PGiV6TxXWGhVm38HJImNhJmvtxnfb/PPuP3f93gl89/uq8ufW/0++4O4MRXMSxaW0YGk0Z1EMZ3EsZwF/8C0AQZKKuybaV8r+k4FQeiK1WxJlSTKwE6xbnN1nWN6/nAmsNpryBMpKgWv5Od6CTgMy1qIOcFTcgL1jUob4sShajN6y7MVyvOFHqjCvbnutjIHhjYNH5FyP5wd5Dco4ZMiC5NPP/UkcDufHbZotb2l5GVYURw+kTZ8hIFNNxX0Gb1a+ELbXp/M/NboyiGkphEv4Igu9X5WQtk6C6G7z7qvzISP2HMjT3QM/8ynOr2CI5StfzJZ436g69cMFsC5C8uUCJzMNdfMa0yJwzqw7rF1FJaPSLCRTifHz6zl1y/yMSQSGydLgwx1k3xkA6wFfEuIWUrMBsUQDJg0v7zSIeTGjDvEP+1r7reZtJUCmh/MIC7cpjIWDtU5yMHEmPgIitoktAzb7qduzrxzRQ3V8smHjVnKDJ2sd/qpk1Z6qwNPgFCIRPC+yxGms2y9vui2E0L1m1F0S7fTBHAGfSHmEWvmncT5QgR08/ioQB8GZ7e0ul30Br9JsB8VLibKGfOi70T1FYIVfcVNMSmgD51g/+IicrCqcPQe9ltDNEqaDK7IkiSLnQe3vvp1fizkBJ1ISzj3VvfqPA2XVh37gfjttrHLOC7TwS1zbYIKtaVaIRssLaczMAiiQdiY9y/Wtc7zGS8wsS368POlnRq8ssxaHufuOjywovF1Lo+c+Uq/OeSmLuArqkqj8+qi39QrJoOCtV1N0cF756LbnamHx7+TB6EI5sSPt+zk+5TLamJ6pPGcAyoBj175Qwg0s4Ila3t3DH8jzEbREv86ydQVYrDf4/Blbp+7ZSnME7czJCWcJO1uWHSFUo3bnEBJ6RYXYMUxy+pyRRNk/0ODK9vN6XXtoXhuXAyegy7mEjMVQ1BX+U51BV+fgYQMqIgoa2TqBv3enM3obLgQChXt+p0Jh055n4PgZRBCl0zxgEIBLRwRguBEBjPbvfdvypHsVAdaxcH0pG10hzSAvbaLH69I61KtzQKYpGvq0CSwhvnYw4oPpYYWmN+S0wzXwnxwh1+7XWcHplRfyofRJ7/4m9Hop7ZKlNYNki1mE0UH6fq0kHnI9jHjD4jV245LNqx1OYx9rI0zwOgURziM/Gs7SGJlgHKo5bq+P+Kq8Rqv+xSPCmA/U3BG2NnAtD7DoZy/H8M5s4VU0+3/Cs+JHNqkAs31lMsfQlnVL0j+lmBXdskm6kRgncVXk8rQXSTRl8yfXaIx3WEBC3rixvKUaRdOWSn6dnJ9nmBxmVHmuEK/MfFcoboVuLcG4pp6vJ7xN5z2EL/vu6TJac0ahygnazer9bk4w+ml3LgYUTFmhPg7zYPgF+uy/387LHR54gOg6KtqF4i+qqC6mSIoeZDALMWotQsk7YCwvmF+EBbxFbJ8slI7bb55ZcnpFrcc5eA2HMnAQm0K8xB9Z3oFiw3Hjx6nj3lZM0rwuhHVxlYVBnBSPqCDtgKuqCyucWK0E/rQL3g6rqZ9OUQREXhBPctattKvIWO/RE/VM78eSDc6KZBJ+2N4rOOzZaiC6mz1x1azo8tDHp8+Jt3reWbhbn+5Iz95IvEMZU1FnhaFQcl1tWISjkWfzOFtPx7Ecbat1ecSNwEhgWpHHbMre0mWBjXtIB+UyG6nsrxnK6l4RIcd65HDFuQgtP40KIVKDUbO318gB0RC91k/X9j7y2+zLUg6PbWT8ELiInuanLWi+UBJXEbEQNI2fGDEDk4XYI1T70UNYRl6dq249yAs2ycxzuaur1BGrByU11TZV2UsFooO6S64etFV9LF6G3fU7KlsFLVo5JAgh9/b0AlIKY9gBvdUgIAhb61twK1y+1uwQEZZr2YCMzodbPMfOKAmK/dwIvZg/N6IPC9wgPTCFIj14JGSxb2gq/I5Mn3sPdi3yzfpMqyT+BGZhi3DAoXJX/bzqnbU6f+1uMAGnJg8ihym/IbYFhZ6gRNnxrFfIPg5I2bp6NtiOjZs1rVGGn0Q12EvdmLYJcF97MX4pu6VKLbopejzPi+unFu5G48Yh8fMYm95sI+lx1pvt+Jmttpaub4+PuJ+ygSQvJMgJLybra8tkTUAyolG8pER9MbLtkKjEZKrORuCdgDzG5DQ3jEveM036ttWhsnV0brYyaDlsvTqjkAg0byGn9KxbIrAHwUh6n4iC0vICJvrq6mLYWZOIjFoCY5W06L1VsRtkja+zLetmyJvmr8XNtSXcbqAAlPc77HMgLg5iBtMbjg5iFnkvsRmFIJWRQJ2si24sT8fXLL/8ZPe5spfeVAZUgR4tz1H5FDAbPe53JgtZ85oGFvgI6L4SoU+YsANJaFuw1o8SwuJ+oD9btCRudBEOdHJyHmZ6rkcfuKU8Ef7kH+xdFzUwkm+Me5nbJ372DiKMkwf2xG79hFqyMHB2cbbrpED/RZ/WT1EgmE93s0J1nBa1rHz1uQolSD3Jxmj78dNc/D7yZ7ygW73X/OgeLb4yQYCtzCqfowgI5ePAN5ppDruB3+pLzY0GRkX9mSo18yawzT8Zs4DuARda76ksqRJZdW88+BJSOf0B5Z84HWt7ZjgoUPtvPAal9UUo4eOnzkAki6yxY5PjMQRTzw9nQunzVT1LMN35slqSTjyfvxgcw0EmOhp/bop7PRJvaJZRTzodCKzmvaEP4TBFhTd2JtczfaLdXNkQdSgawbqHOLaH6xu0iJLNbhce4hJnwEXA68liA92mEX7TgHsfEGR0KlNhGGM8XpYXJCAsfP2AR5aPg3BtH8B8mQQ1Obyj1RnnxhOsfiRe6nNgWI0xPI/oN/9NE42woQhzWWtg0gECnYqjWMgGQPTG0vd3529r4G8ofe/jaJtzJJcTuFOmPVep6IPyeDsqJViu0lg4+Iu6rJGnoJx3y0mlyf/STDtHm7tI9q22YZ0jQlgr4YUpVR52BjLT6s/B+7RyOmk+I0Bbhzg4E1UTovUeMjDZQ4TA/OJucAcuvjVzq7EPWVgeIiCYg4P2il5bgaGQlGfCgrmxWxJfOr5EZpUT0+Ml1SfppnI5ky49YTkICEYwYwHg5MsYtFS/9oGYlKRGe3ASTA3ms6IiRG1BYI3nR/xqIcFS3qBiaPHIeXa4G7wKjpd1GfGJSxUkcvf0NxK11hKP5KtJ/VqqKvKSbdJGHm/MDbAHSastEJLr2oWEOMrrKSBuEvZajDnXIVjNW79QyIYm9OWkFwCuAHVjvBcV3dDlMggUaC2fd8pJ4xfjeUMUB6Zl7dpbJakIwSu77uDa/FvBuhiZoJg0B/SLrBT9EEwnJgPBY+2k24gjEKEWIiA7Hl0mk7aBQXvGGw/oyDzQxtbZKb6YwUH9naTvlRgzoMi5rwLOiYqFnMllXDMrQvNRCZcSX/jJ82WCc6GJ16oztt6iSaumVzOv7OUFBED0gQQokxzy+kD8waM12uyMyRuIpk+yHGiKX2mXJgddok7sYui51a6PDxPN/OvlSxoOpuKkg+9np3xCuQOcr1JAxMKn9UtYDpDO4Yo36UzNhIFCXqNpkuc3NuWWr/Wbc1CvXWtzSyrVaRSc4+DE8j5fZqIQPhd6SE4jIRUYWIxY3UBOfwbtCd/qhOXsbl30SVKTQ9LaWFAyVxirKDgvfIDZ1GdC3+RCboz53uplCYpYvHwk1B7hjEdWjDozN6B3HDpmXrKzn9Oxk1Uj6V1qR99KvVcX4QoJdLhAwbzbUGKCdnKjsmvb+W3N8VAq+w3QyK5f32PSHpAkG1KFJ8fjoE8LKVfnEocbdu4kBrB5IWmudDYPK2p3xEyc9DCWNXHwgo+lATYEW3jReMCLL7SF9YszX7emFtpVPOn8Vtp8ax76VBE9/yo8rIfekoE3pKdkaVE3rrXs7S6yUkuje7lzYgxyXnHOUBUVVzL9w83TDuNu/V8GBRAuN4Dtj01ZE+1i1s32sjEiX5V9KCB6bTKdLodMdcJqY6/4B9ewRC419kULiYOVzhlgdquipsSrLuInzdl9vIv3++59hRBnKCBBCP926Jd+mjmHKLiQonYvEOlDqfSuJhooTnFVHKHbxFk5p33zMJ+0b+PzWC+Ie0VESpwuKvlMY9j9hmGjB+9IP4gnnhSnklGti27I1YtbPT1CAW+tYR+k5c3v+1PNbMqqZALljfEiJ4NULeMhn8EXX1n7xiDDSpO38da9HY0mF8ZcCzOPZfhj3Y8z7eCJjY9WrzJszv3mBFo9eSu7D0wj3Zr1onOuyzgy81bytR/ZzRo8CPpYu1ihNX5eH43aytvp1+5Jv7m80EK+yHfrUme961+L97gHWSC6aT/zzvCWtHHJbZmRdCtouLbEmVv/YV3C9F3uDJykZE9VVt5xhTiXMAm4U9yS1f9kFRU+DKZHAW4YczYwCMBQOqvJkI7Nl3vBltpAagjmbWD4XOPMbVzyU6TaMru70HPqmVfTVdulO3P+RmqbdT9T1tG0ckNX8dJ0X1HZEbdP/0AgAVaf7fRSe70XXAeaihBuh+jRSmSJiumhh9WLcx71omiGKSdqzS5NvA4wmcPMZVJlLVxtCtmkv1nEQpUww+wvcl3tpB61j5ybOd9zcJ1XBtcAE4XK5/UJC3SMiyTtRDMqoDc+ZjLy/HCDV2bZbBPKo5KKu0Lt9NAOf2ya1ytxVGWvfSfmVWYXvyqCfThvzCOop5q/80Hz4ymJk0Yrr3B6OBqbrJU0k7d9w8d4IVnj0rjOlJxf7TNImmno5utYvLwgqvwYUPpI++hxxL3y4g1TdG68skxekp7MbaMpZ8O602jg9LHDQ+0TUwyc8CL/SmT5bXTd85AdOFb6k9cVhszpg+/op8d3O4IKFgjXsxsVaQqUCbMhT4o3myOvJ/qozhB4L4Z17aN01kV1tQHg0q18VuU2CW7hBeTKqXLgR5/El31bfS91vYF3XfM1X2WBihVQ3Ks11jobWRnqBoAv3ymWs1kdLYPqyj/TBzfeWG0QZXJjC4EqU575mcagvmEUN97gLM+RrMiVmtvmtW+s4VCN1gs0yTL2mIpA5l1WJx9rxgUWB5QbUlLA20dTLkk/wRic3dCkIET21BN/f3R7vdAss1tgeVg9gU4osFNwX7tBf0CeG+gR6Ee+BhIYk6yBQciLwJeUCN6euTKvpPMF3WuNBlUmZK/ix42gEcRbmn1bmw2VrkHMPOGuIbicx5ze0XPtcgt4DZGqKekX9+qcVxD1IZgxIYOrR1xluKEyQIvfbLOUnku3pFN7suP7WLEe84ih/XPIPEzQp+JSNLfh34u8nGmDFubeqSLu41+G5s6KyzNZ0ua4tseS61tO8B5ob8TrcsP1iGWQIWXWfJTNoMtHMz+LdRW8iHQy6wFZpzBI1sNKjRkJb7hJ7mWec/eNQPQRrW/AvKO/Nuh7Pq6EEYIifZsrAmLGmmeh4srWvzTy3dzKuZsGPwi6qU9jP67I7e4l/cs+d1SICJYNOuCX5nE1folueDpr+kJwhamKTngIdVvD62PsN+q2PK28KAUqDLsICigk8JZUV7PbIh/nAElOFdUxawiJsT/bLsV5pPswU6va+4SZH8PdhwnV3TXHEbt0R61fB52ropd7+tojsBs/99OZCPx1jeIRIq9nBm/2xp19g77Y2bu40Ip8vHssvXubI7gSuHo61wmEZSb6hn5cbTwyJ1NbttdqzP0Sx9P2lF5v362hFoqr+4YgMJpYnoNboLWDvsh9jt8Op3kttwzhuZzrx1T6wzBKRhd1JOzkF7J+FJO6DGbar1mdcyUB9sFjHAklNNTKXzbUbZezBbBNHu39Vl7dnFXptwc4H9m5DZ2qBO0b5xVwuJ2zxsxhcpvN76l4zNnagRjBWyO/vIXTKLK9ciPu/VhVJZ0pQSqkeh9iZ5qvlFRzYh9oJS/jREtAvCr9sLBAQT5t+uCGLYMCxmdlRQiUSYgX3f668hr4xt823Fc2lMK8dW0DDxyz+wY/yA8wlhTUfb/etrt18+nwm++y2jdV//NsduXTtiejoQEI/2ulEoDSzxuf83gF6dKeqoVCTNlzly0B6LA09SwSKrReXRdO2WDPWae+5rJqbhT2ANQv5SBKpT3odlm3zt+i5yW9iVmpjSHOTkHbM969tOGVaWVEjOljnftPU0HKq9FM5UwsLC5nukQzWG02UyCPlpi7BcMH/KUmg4K0yqR3RA2iCWOUgT3h8nlXNLs3TuWGDD8U5R66Tlpu4xcRYO0rXG+12oG39z4YED367qdYI5Wn7qwf3NDsAQs/T/zzwgN3Gt73YHSnKI70wwOUSpDLjN++jGAgQphJMwqGFkI0Mqy1PD5x5HOhGwbqGTRswVRxN+28Ay0MWhjuXHc0rLw8aDIZ32+3SmaG7I0x1kAuKoUdaadjM0DUdPRQsys6+y0uqkC8tVeawU6gsioaGK7gjIbvsSJHKQmZ3gNWqkrIJZIgf6PbxpdrHnVoHEHEY0c3AiK5FIrrjt/9Ta40Q4DkJnnhzUQaXxkAgCMr+n4CpnPODV+STxZlnKkebE08u0qgYb7Q7+6nsgqzNIejIy7iUpa5YENImpRK98hlKEf0LtT7uuN+tDPXbmaF7znwp1stNZY36dB5WwRXT/mZAU+JmHYPxe798yl6nxfpc6cipcyII+8Ua/qJCBRgeN1y5uxESZnmwLaR96w/RJtU2p3o84dBKko1YWiMzOMsGLkkPL1nIwtds1eVr0JMggiDyMxn6pxxRZBPU9QuWVIrL+CgTXCSrA+IJblt8FrTsDczC1U1SRXLqDckkcOm9ZxbPOGeECrhqaT1FWq+Fsl0l95oiZCbdUqGTyVBPrJ4aZsexAw6BdF1pjdyi+anCwNmk55d420nRIfKxQcvMPiAUe5+LUma7Ivh2cKHKPOHaT5+5tNuKx/Mp1kSS+0px+zQX3qZ/tHJFM9VWqVZkSc1Mn3XpkkjoeJoD7518VlOQn2bd6V2WYiHKE4nB+36UmmZ8faUlCkLsps4MlwschryHz3Xgrmrjx5FebXLeONpAk/uyM1ZIuh5ByblrtfH2A9W1ajNF3Nh8vJnZxHhMzr6lkRe8cVF6zFLfqDMyjwv0ovl3s4Fe1vBwOr1Hrp+2zzq5ZxaUaSWVZgNciDAqw1dsLk53PMBvAFqQVLdR6ybMRHtRxS3uCMPPFz5doazKCLGaBshdTpqOA/CD70YToyf+Af/5b7243wFs5byrhkkSpdk14qSnUxsu/6J8hGHvcXrFy1HuAopRTMzRez9EN/XCQZd6D4DadzS9n166tK+vEfwcEBgCUntLz2wDTQTcRA6K5gStJLDgTBF2IxeCkJOhHQrddmxQYqAPQS8w4/Qh6EL/LjFJ8RJurT8V84YYB4KH14a8Pqxt3rxmR5qI2rIPkyDXsHnvRZaqhpA14dK2hHw/T5ogx9is/K1ud2WInfqNpflT3nkUEZZRaG9Z/epPQEKnva1fcF5Qg7Nu6vTPpmBYf2OWXgCZXq6WYWEWHSjd2Ws5zlIQ8fRlxld46oPQujJmt8s+Oj9zmyDLHz0vIXMC31lXxtSzpWa1aQ5GIRcvWrJcjoIWSOqqEe0ywCj0230fkzhiXBEBJ7f5VPc3CIRN7jhsz7dPCTC8ZBOAsEaOWHsoUT6RCqYgm0apMGHdiw542RJsoXpDzBx8rexTHkhyg9TWRlZOnTLx0G3pShoSez0ucPTC7eO9FFq6RCWfe50s7ZHjCMjjbyJin4xB9bUWlEJAEpvxjd3anmgCWrq5jdPLXhO0ZDy1Twn+JsuM3q7EctPKXQS+q36KqrAMCFy/JUaUVSWcwyQMFVSrZCoa5sK37rsm5R8UVoEfdZSia7HM8yQSMFjx96PLwBvJqOw9P2ZUyDBy/tY+dr3ZNKotfRq5ng9LulxC7bcnyIMTP9QoFmK17f/ZfvHh786ujyIb0Lz/dn5X6qM4E8Tm/eD/iG3BsGIG7UYxLhGsOa8aBvF+CyAmWM3rDYfJl07MKUUnnXBsnitMPXJqjDxMW8IELrJe+TLRqLSFoGAoDLo3i903ifXBNHbKprZuxbJq5UMYSkZ0E6TYSgl0TZzQuTvGQkepxOEYQKfvICxBQJi65VFI2+zakrXKTreDxpdc6hFKaaB28dIPNTp0Gk5R6MdRdBmPYan2HG63BG+J7zT43olj7LKNmGC2Nfroec7quTda/L0SMmToATsvfndV72qKCXvtBuCrT5MN284+ESpZrHK2wlS3VJTu3WU1+MqcveDoodqqjdcsT5tl41h4mSSq+gYYZYIeYOGrgwtGR+G+9wM0c/UW9ezQ0YUWYFFkwqrnaOTufpjwDt9ZMQy9JpkyVHFDFQC44J6STqR6ZO108DUlD1vhCEoBmlRowjvdF5L16SQNCZyqQbbXAuh6BsM3k42tQ+H1bjh9yEMu6wvXx+XlV9u7m3wghKYoW92ClwT3/eVEI0++b6/gdkFwi2I1eoSYpwiIRzHat3F4/kl+BzLLMcJ6OaV8w7NZe9h9vXlKzKv2kZZqhuijEqkEUZlaojmZhWkKF94GvbFvTmAcwyYjCVlRuzsLPZjt5Eibecpe1MUT2Z6VbwFAHj9B2MdWW4hYoXdn+58T+0sE/ndMVe+zYvEgJ3ZMYgFGhBPtRMba5sczKT2V2qq3iEl9+8e26XBavtt59qmBANUX1XkCFxfhq20f3K6zs6oMLaWAR1i2SggR3HuCp/04I9nrjUfWOmHmSjwsI1pYkSOdcLglKo62eOO1WCBuE60dJ+U3GinTA5tRjfFhijEpkpqQVBUV1Q2OEA+iaPAH61sfBt7vS+eqraNDWefRC6gFp5aHFIW2s5xmFKhjhCvfB3oibja61zbi5nmOJnnXFQf4+ONxmn5DN2GBAELQf74ymogiiosceXce7q6oL5bX2q0EUtp+T7xHYQPM3zk5hHgcbE+iw2rOcOO0a5TAtFQiM8oKN75nKARTOFfmOGT/UieswSjwlRX5MfLJYoYn8DY1+vAz51QmdcrHwMSIjsVBqYGO78d/kNSYXUbFedHi7j5boY3rJyyC6bbLeaGxEgX7LD14G2yGAv4YC9XSfF59Dx5qSeG6JHHejxKcjRhfs0xU2Gf9ovvwe2htwXl160Njl0Ipa9R5O7SGKDYc889k6gR8ZbX3UUIevYwnpw1N9dAtyM5X++l8QgH0uWFMrO3YR457hYzvesF6Iydwz8c7f2+JbNTJtUVMO+Wh8Ibyb2A91wDsQ033leFKzmtAV2TCmCEKE3Dh0YvL0bEXk2DVwgG7QvUwMNr0R98sNmu7G00R65AbyvmpNeMjh0tFc6N+rMiQB0K3oXHHgktKdoaoW+mpNTkbhJgL8d0gBbkzW3fbzjBs9SQZKeixYq29vyL79YWtk2TY6L7TUXlWMyrExv7MA9cX8FFrI/58RnNtBA5xMOn0HvSfadZMpdjNToLqJPq8OP1SNn3sQ3XolQ8sAnpTAJQ6FV8DiC2A4g4D4/XDSUxg3fXxz2VnYYEEsVl3SPqlrjtckObR4d/vY+4HCkRJOw9TrVTrR34n0rTtGleTV+hmtN7l9kPz9aOACqhdRK0Z570Q9cNAa17+vtQt+MpgvyKPLWCRafiYtlvKNvrH22AsSDH8Pf5cnDhYSdfC5nlNTKVmuEClCTIEb8Mbk/sGeRZFLUbQULiZ6bg4ncZX/qSOl9PEOt1qgOnL1mIg8R1I4pjP6TdyNrUexvr+6rPjQ/BkZlMJpnAi+putuUprlj2lm5o+jyXJtQ7JLfVHEYnGHjrhuNCGmSv2V6r/UxV9rUgGiHGa0jSkHDf7bJ9beNJbMXAEDaRpmd1I5srWLkczpVy2t6Q86zuJlyTS02fk5wbddL7YG2daKuZsb5tuYpvLVKd97fpV7IkPTsx9LnNmQuaTgAws/3UZUx1fcwRJsasyrr0eE1YK/rV7LTO2vS3dY/HFGUTTJoOGM8Tb1e/b28Z7YgSS2HvQud5afyIDeDqaJ7ZyjpT3wIYGsqf7e7hReoJdvya6kvsKDmC5tC0Jgm6dz7SIL/hBHAvmSww5u33tamt+6AZnPA6I+8YlLgtLvIV4R+QUE1axj0aSa807UwQngGNcREbb71wH3d3BquX0I1qNDnnubpIoJUoahSGCovOWwUmTqUr/kT0S+nxcDLKAaWZxShzhDOs3ePGEu/3QgTdGCfwdb3nZgl6eHw+51VJ7Akuu9ea10sqALzPIZHavQNosaQ47J3eDijq7eaIeEMrIq0fydaRwQuIRZBiwXB6YG915IFjaL0Z7xXw+Yvs7j8LkMfyrcuAvRl7JkmZjRI1EY9t3+5sZCHJaA7+9CAwAd2TF8w8/Cw4rDWTKLMCQs6QJXleVL+rje5YM78h+IN3d18Iz8t9S5Dl4YRtUlkoRC8p7IYG3wSDPEG6HZ5Y/esQrY13BEPdjcEZlq10Nsf3Urn2bQlSafWDkQaEXc47zmWHZskHGBLjERhslq5jhDEGjgfApbRT89IohPKZ0UkJyhF4BJsaafjeaNUXFB62h/h6n9478nheLGCLvCaAUfzj6E4i0zo3zz6il6FQdr+ODw2zGkEkmVknG+CBTtp3NcEs0eel37ddqoWBgdrguTmWZHJfrLpiC1K/Z+ipROMrq7bRhdsoKoGlR8wqwISp52YkLsjKMQdZxE+Z66zvNveTHSNvwC9o0AICNt4jXIpnAxxrZ/4RfBslDAcvdIDClNY4N8Dr4h+zpHq3msjs85U3M/Z8eNBQvNBzKH0DKzEkiJdu7M6HUsf4zPfSgLQjkrwF0d7GuNSfy3ALTrbTBajGmx52Rdpdm4QVrL2NH6Q9+c6r2Y8e8eG+ALW/WBWLJknxiR29Tf8XGj1nelkSNCsOBMJzx3H9NZI62HVbBmdAqElYas7hdRnbD4qqKciwCGUJ3r5yLjpnC9sB+zYFBjD+en7WGJZ0452L/U4/stECzvL6NqwUrFm0lhEB0kt93Q59mHXs2O3m/TbGvhOAyrkt7+0iqfxDVyM+Jr2iWZBvyhwyhZ9vzn4hW+PmBljOMLkgvSf9ShP+GQvaJ2k6x1GMoWlQPZ1iS72VNtngdzdOiQbPPWCKaMLB+947tA+fk2FgiSDtyym0YGvap+ibKzalRxAjD54rCiyMXUIzWUWa+3b21/2TheIgmOlkwv3rkbP326Q2nboeriPG7/YFkJkjP6qmo8fOJka8xKGfyM2Eo33rW9hU9vwnA0GnOrIVaiFPemcf/hv+ZuZ3CdK5x1c16904STyq53C3fiLg+5sa5bLXdba90/5MTwzzkrIQnqQDc+9g22JE/Uxd63G34fyplLk/EdjmP3Z/DwXxs7rAHteWkxF8ea6TxUkm201lkYfOJZch0mSvqB+JTujKgZ94Wvp8PsddU5Cq7B4TBVDMHzrQpXQbo2uJh9uiPmRsEDJyiqOwqq5uxAjOULVIOiITA3U2gan6CLYUzvhesR/3221moez9XF+a1CYjkZd7PhyEBAcmQQiKmEyeoDE3Lup6o7JnHcTZ8WoAdUG6XUn1lpJW3viYhUfUvYcIvr+4aF7PZR7jYeBDSJhdfj14zuC8BDW6wv0Y36UfufcLum/SCk8Ov1ShNIs4oD4Y9jwK9CweuUy7sWgNiYAjRD/eUvQJoMbQnn42aUe26a5WvnOMXtiLFd/qz0sFM0av4wHmTj6A6I6QcQEsaxf31+SdPvKpxw8Nm0aDfz5SJxePNMbFEE+uvl3QCSsetjLdmGtRsqug0yhZbtNnSd/Cs4f1TTKb1xMj7dsq+mJu2FeVdkcnTZYuAU2m9cAi1IpjlXRm8PRZy/HOAH6On9QONJnjsDQMc/PMjU7skvy75iW9iB0xDw3JNW1BUnDDAyd35qLEztLWDSEgkf8k0XDguPn8/FNdKYGMh146vWRWurb3hHVYHV6mQEBQAfKxGlPiDFD5vIxiZqMzlBNEfXkeb5oh7AVTCy/Ph5ur4vJ3u/NDcxr84JY32JFBue2s1nISykHMSYQPTXh2IHbk7V/wYDaEjsgx7ynQQd9lN/QFRLUB8Ciu/kdb5G7L8FeUdSZQRXsEkqjjH5Ip1BkX2knp99YPFQ65RX3+ohGf9Q7ibfRbDyyMKepm8j1N3hxHz/o63Y+S6Q/k1nyv72yH+fVuUiP3nV2UABX7T9bAT4QT53CUBuKZbPooY6FaHZbWdHEnv3mJfmYW7ytd8mvIguBwwUa4B9ArHPmdUOSpZykGwA1l2zXJbNyZc/tIvOqSESQFBKG8XmVbcrcdiAiRFogm9gLZhM/M7mqzsic+8Rz5oL3YncOLLfYGxY9UEgQek+n25HZY5d7+u+EgDzWh73qiFOnglpdNKViUjBJ8SvWx41YJsHmjfzxlY5IAlsS6eWJ7CwSLOLTi7dKSCLTatBWSQCWO1xrARVQvKxozU8pQbbOr+AdTCEIqa9ds0aKfn5f5CUAdhrh4KWQDjZEq4WDsUHhafVb7fi1NTCSB7uL2o3J26PB50PHVRd5PdT3BtFdOAPPEb/SLNr3ME3Jn5UNpZe3jvA4rEmKtp1HnQUJxX1Oyj52QsFzYQXXrCo2Yi5Xujhp+4p7D9RFCSBv5yI9Y6QKTRHONAAwSsxpTU1swGgP32B/C/BKplavVjJOJVYT8Bg8ZPuow1Sr9/n1rqj2NK5J2OvnDsFvvKGhpFeWBrQXIx02jBs3RVF7CPd2cyg2UZHyovzL1TMsP0KFRkDPA2BPM6mORaLdbQpXdipcby8nSXtQEWW8K3tm5Xrv0lkJWy6sdT7HyPvoMKmUWoeLQGbSXT6UhVRjM+5yEQepwqWsajyfms6HqTO7bz+z3Alh4im4/aLbemP/qaNsZlHgs798WLqd7N4flwiEDDWKfXpAnybCel7qa7cuC0XiKQZLrxIfSnGbcOunQWprFsW1yFWOuPoDUoWZRvri8e5/adCv5VghJ561ITV1krTmmQl3OXph+JxuQa09uGSEzzcZh3pzLg5SXTuS8RYrd6iAgx1zH3BhVmKKkniLwWVDd3uz9gTVSSZWmA0UryoxxtglOyxigzIlSpENgBzV7tyT+ze5D70BCaORAnKpgD0L65He0jOO1MDfu5Y8d9TqYzPXe1/h25yYPppL/SW1sHnXfiQuOq8rTn5hIZutcq2spammmfRfqimq4zphap2MPhaglKcoSMdTAW5VP07MU2aJeqT9jq+b5E7UihtRJ6xJWGVH3rXMykDnAAqsyGicix3QBiCrS63yWZ7vneZQ8LwXiPylkSnefaxOG9K3Wyg2Pz843Bc31LHdm9CKjmtNSqkubhhUxxrOu2apUqrN49TntWnRWdNXF5AKTWEm3D+AFGKFY4fYuT1EgaEV8r9Ja+tRAKuXm6gWf60MjMZyvgQHPDSAv066K71osKmDBFTffCxACTpEYYT3n5xMz6XD0Ca3nF6mb3GiaTurjYdMtpT+mFFRrtXNvfXLGXZUkjyOXnd4O9di8qD+tw+uveLN7NhU5Lsq5PH1D+Psxv4Nu8+robY4sCH7uhvLDtmTStVw18qVrS5TCSBAtqUZLiIwm5BLHyZosVmcyIr4flRMEAQDRSKxUNnojbd6n+5gTa7YQ0gB1Q696WK82Rhj0dfKxHuun1E/+eTykYI4dIegRDYRy0MRAG0B4pSaPbnUqSC0tHL5LlezK3GBb658b6r1hw+qAHUpxAq/rEoB0uMbO3dPlSdMUWy5MgJnWH6xzARLLJI8/2rXLp7tuz9j8sYImxiI63pDrdKxDVVpHsZ8MCtaPgFkRirCiF0wejfNqbSfscPrNjvf4g4xPU9CqPdpb8V0VaOA7tVhmZkspq2Sr8iVJEhobbeNSua9VuD7lWCurHCp04kd4FFDorjZioVVA7RKWZdHx9Prmsyk11laS0VAct5PlsnMn7nnXTHXjcTBe2GmfsWgkI8IQOzwcu+bNZ2ki1VnaTyZuzFXFjmmU4o9LJaYiJQikj8kSK3wuysVUu+NaJSRGMU4wpg35aWSCQcdD+ZiKccj9cQKGG30Rg0C3nI/zLpj59vHTqrkqsJLkTMyBNk9nlfTmUnezEiLqEwNDx6Xcus9KoG79Jy5VTOcKLN4PrC6womc/kYxMWqeqInspOPFJP7EkePlQL3A4m0hkTNe6+Q26r5ohvdpvDOs3TqoN4hJTJMejXzHTc4tPMzvXUeD4YcgVjLI20Jo3Mgowo0SVawiWdG/bTbNQVIre/It+jcF7artURmdO90+tE0fgxmDI+PoKLcECQsQbAS5I+0aQXy5vdM2ElkMzvi5qKrssIp43KgQ+0H1Xz10l41q6RbMGUzeCYcSVi7GTgOs4+Q5emrnsF8n2evXjVOCh4ZSeEi63gtx4Oy1L8JnGTPtUPcSwks3NLxaramouDzZ5fMRLu9jjSZ67U0MwDfkJVQblg5tkmzLU8DLa070kK/EZWd392kRyuFVIlhsE4YMdes+690jp5dZrT13SS2c/31aezsWhMGGyeSUDj2x5+loBDGx2Y21y4QC4czR1mrcZeVOvx47fxqQXh6ble1vUwBLL4TiFI4wVSHY5hks7bLW/rzYh5wsusfzYugKFW7TXzaIzPBgNlR+QE4gMQbHlUxpX1Zrh8pKMoHmPS2S9ZUDXnV8Du80jmFLlKizC20ohqJY5mkiZ86yTy69nViqgeCley3fijKRcIrBq89ILgIQK9gQhFrRnEloE8udn9+l1qkzy2RaL2EcwVHQyypeFIcG7he3avIjDTK2jNU1kjN+GV7K/HmPRXnseBHrx+D6jkYhXa41yRlF36x+B3aYUQ+4scoNGmS13SVDqA4jqu/M6wDTmWMJybMdzjus2d1pDZIKpOVNY5rtOtCQ2BC385xIZCcird2NZ5s9kADeqralbmduWDphndGSNFJNc3wWorsfK502zEAJJP7yi0yM6IZVr2uWq0cq+lOdpTCoUlQcG2I/zyG/L/EjRGGEWAR/k1aAy5MSBYO0g0UeY4Pn4WTZ92qkCatHvKtKUaoXjl5rLiPwbn+Te2xfF+otSwKFfglv1dwYBgM4nzvqic5oqPQ6wBv7mH9Bc9UXn4S1HUtHmFOEgGWrHCh5c/bwrByIJLeAD4kwidavN3XaRvV5ZNNYQQn782HTDfCRnRUF814jCYI+zLpBMu2JzPJHpIEfDU/aX5YLf2mzpkyc66PDosVDoUM+8LWowLdqy/RL07oIey/khbvtZBR7XoRmOxh/d5zMuPAADvrl0rcSAMSlQYTgtBhP5rpCifA5mPZ/15F/q+8ZWj92dqqeI1/vsgqHdjkarlk1mcmA9dbprkIN67AI0EcZHe7+UddTfAbKnomvIvWEirE/txYYt+7h50+tAWEgT8Qnn/eDpNzv+0XwCET8csmSQJ/qlx4d8ikIzd8seXR6MxIO/UUg8363fpQDVshitvQvLcw/QoX7iGXtWgRZ270b0e2tRghlpKBpBSvfNCiCJAHBghpVKMnS2kMt3rcUEloh5UYmXujA6fDwR+BmfFWgoj4qjS+b9TuTd2hCNDwp37wFinnYU7HrVlUt6bG4PIpt07esU1cSj/ogRawdlHTZEXqfRI7W1lyWWSZN7lCgkBHsUZghWW+zbyCKCzDBJKh7PKRRy3UdgHbjElv75qF+ckZsB3aB8EZHSfoto4PNRSHHcgx4X5abf+Mcu5nR5y0bJU6LkHsDq0xHJKumCIXmiEEYp8qLwn2p+V4gWLFuk3MqolaRj12i4ehw6haotHSDY42K/C/WiSL5uVTqx1K0vBXzFWnbs+IFqwsPTSQ2z98en42C8gxbxtepW71PCVS6L9hQX8ZbiVqY9RHhQn6cXKyTVF0a0kTwkzjiJ8cstTRu8QP83xr5qS3Yr2/Jr+l0Mj2LGEL+FMMQhhq9v7Ti2u6rv6OrysH3yZGYINqw154K5T+HNcwj8ppFU+h3+HCY18ZLuL3Yt/LyVhvB43eEWCPUBsKtGovSNfz7rjQ03CFF7z58MC2NjQW1E8aWuCo6m0lB5BGJ2NXxjpcnE5vyecDRAXcR4bXUvaHmFURFdQCvCzlXpPuTLmrtUtHjjPPpMflDEYrSb5qvxSxEgtuvfK4ieBjV4XbBT4/BXi/uNAK359WDx5Indv8oCVn7Ntoz1scibruhQuT0dVqiffcT1W7IESqHzVGTM/u+3ZWywvvCOVW/8Uu6Ymi+zCFDihXR5sK9ZZOS4vtDf3F2DfZfnlSnynxYu3iJJDgrrVFS5elWr1BLp+kxqwm3bX1hlwfvvxyilvVPYEYnHFQe/Q7YfHGxG4rsg708vhXg6czzqAG/yVo7s1xN3MFvIcpYsfoi4wfzn0YqUwuPVm033zfFFnHyqh4PvSCORiD1oH2mWm/3x0XIP128+3ymGp5awkZ0xC9Z9ZoKb0Yh5OllTs5OaiWUUZHHyZDHYAAZ6YqzhveHYC2fs4T0BDSIXDCeb6OZ85ZfkvijattROhMsUHQQ4poBzA71Cr25TIug087XGTqx/L6e720StWShNq+9ARojHECRjRDpT0aIf6EXeGv14dPdTNzJWF/d22G/ZgDUj2Etk+fCZCdWBSth1mH2aoKyVzKWvaUA7DLI5NpHp/Ot87lWdTH4tKM1gG+DLXAKPCKxLDy7EkeIH8PeASOscLX/S/vkNv6d37Q6AfvbfxGPzwx7LEgTGxGfLVqb6vEg6KRb+JiSG2EHGN3/N7ZKatPq9jORdovSmMgsBCpmHX1RMN6CGzvVu0IlS8tO9/FDgIAFwutzVSve8ydj2Y6BJgFvKiPqkP2KNwKfN+kMSFd2Odok00MhgzafKAT97fEGhfJlCUVLzIuQq+sFDGZA1RnyTmTaC9eH94/fGv/0eC8T9gN9z/offcyuX+yy5UB0l829RqV+9O6gLbX5HwFaXJchnV4lwXBqvg35cACSG+YYWaUDYw0wOH7mUEOv3SOjE5O+tHJfvDdOqp7p4NYKUQfWAmdpr6eW0hl+9h2QU2Mdtbl/mfxKQosviNjZJmP7u7gSktz4PsY5GmIANjNYZW28oWwqEbIDYyq1SsDGK2IX7ADbvwFkPI+fTCqPLHtR3sHhp44P7TZ7HGsUlmbBI4LSbjJNAOaGZLMc1baBhU5HYZT0GL2Fek2+tW+FQHfLynT+j/TaYPuNWcTHcDbWyDkuHQkV+HQ0Vh3xvYBTRTbUq5ltWy+3gGaKzXvZVkRoGPyNmMu5iCx2SHZu1CY5ePeFAQVISNbUrj6Ne10ENI4uF1spImThHw03jjiskm2IBA78JsDFxX9z1Cxk6D3TTHmryTf3X6w2z9XHyIrWj2XRp1FlftnvKOda7m4Wr2YLwgr70Whp/DOZmLIdyziRa5cQQHOWrzfezD/HomSNJ03kdSucx6mRj+bOeABkwOJz3Fq6i673u/FuV9Y3XwlR8cw22Cr5PBM2+RY/tm4eQh1xSt91uvpNimvD+BZXb451ahdhu4VYFWGzF127gt04HQoGQjw19vK/QjpGBZ6xsGvfY8VqfOY2JUXovEMr8BoNcwkC2lLWJrgE7FwDokYA/6wYG1yQJw+9ZjFtd+U0SaRVvv9ZlJZR/sfeZsN0FZDDKByb+1teldbqWCod7KLVbfdYPqbUQ0KdkHZGDeG7uAqZv5FMYEWIe/bttaipMDFSEVcS/sABaLQ0CuiJR5AWrlolu69WnlK25614Ra6i9+rC9KjW7z1vimJMRYFAKUD9ww2c3f/IG+WV+8FqUeJGJQd3l+B6RHa8MLcYeMxb1TL/W8mWIfEyWMOuAanPRZzSz9N8i7wITte1y6bsj2ywYi0nU5/ig+py4wnTKcRM3kKs2YgiphRjpbxhCgsAPlqJnt/TlOpmmDNrZLkWTAXOWy3Z+0Qp72L4qwlueRRmHRDeUBC84tLUP9RiQGRkMMkI7a1M/6HrBTR4YaSTtQ4aN3Wmm3g3FPpCQe9yE+RoJcyfBsVbdiLXZzJGUx7XWMKFU43NfGcj1FuflHmHhw+xR0MgRudCBLchalay3obI9sQScnftnhKwcvuu2KgUrOETQqy7m32pfWe4jwWgndavujvaox56fBZqI5FJ+rgpW+ezkI4F866Vh1gt5Wukfi0yeWeTdDDItfj/KhYqvRshTh55EeM2BXgJFJSxqjOmr/za7QG1I2RjnKW3vOjzo8xsrxB//i7gQ5pQ3NzxWKqVncGyWeHAOODJGJH/qxqs+TzsI24T2pJUOLOl1D/faPIiZEr1NEU7NTDfwLWZL8xabayPNdrgOT/LweAoH5JTTCE/QdnGTiTsMHzl0j/9Vq4rZPkw/bKINxZD1cPoXW2OMt/Xs6gpuGyYHy+QxYx7YxQf/O/3SYTQWaMYB6vTY9sMQmb9ZkyswClAACcVTUCRXMeXDeJjQ8a8sCMjQ/lgQxLw4HUSoljqvsx7HB0KoWCcY748/C2/jrGHe4b4XEw00PpLBz5vxccU8hFE4tgQxQyuOP8LMjdebCJU1Y+sBOz5rVIvvw1H5vK5r1NgJWjDH7Y0eETPPvtu/Fnekqrm/YqPVC8dUD0+AG5hXWEUjPu820fmf1PlD2FJrdNg1oGJYJgzCOmUqFGcK+HqMz+32Qb2UQv/SxA9u5wDYARzMvU8UzJ3Vfv46ZY5fDQrzGNVdRv6lHv1AKylXhLA6ndcmZmtJGqmoSszRc3WdwbsEI18UpRHyIvWNHLvPY9Ygjto/reBYQlthAi/y76nr6xhdmIoEpXJZ1PPmyqzPstLWEaYxyPqV0EXMdnzT6i3Om/LRSVHoPxifyfF6Ic0hc+6725i6auqCUcC7Eoa8umE9uQxjHmzsr1XKamai91RB0ytCnhwEDKZWvsJ7xOQuaiSE/qmv/EkL8mKbtOpXT0V34fiao18wo4nCh3WwiBx55+4yHnvn/NhfbwRZM4ebfHP71YG/qjPl1pfuPahJle/vL3UoKx/zfdJ5rOnnSEjAOrCnNAoMxoOqofdG9HngQA0egh78+YRFxzm1lhUCPj0wdTG4aXDG6YQYQZFdHIFe7mRORyCtbYgprEu+KGG+pJ4ntzgOmBCuiI+2OPWhx+yH5sERoMnmc5rbU2V9Ll/araYsiLVrdwH46VIjPtIAKvRsbOtpXZiQljByxboWc/tahfPwDo+JYCGJ62VSUSSzl6ADYJvPlsrIqksLK/vaRC162wrTHrXu7IUKG3POs4d6dw4b6eu3QppfsYZ8JGakZKsRiAKg/or/9Ex5j74aUh9/TClD4MB6E5SbebVevgmeOEr6rx9HP58PxyyycJIS15ygEDl84ez1OUySq1ug5M5OU/E67ocihPlCnE6yD6oWK6NSc0bsMOxoYw+WX5swJmsRKhluUY98Y0cZh6kOZ0XzHsgMYNPWJtlqjUefhi12Kj4gXgrJZBzz4CvTiBTPXx5bSY3NITFppwmTfwRZqj50xnM+KqPifsvuvTK8ZqLQEo2DVdBk8SFp/PYf52D1qBnQp5jbX5MVuEkU9VR2ObioGR8IDTC24Q9qYLsB1f8yq1rlfxlMgjEEX/QtT1MobY7JdXaqYmxLeMnO0TA817eyXu2QJkIgMS3dpjn7fiWgSnJh3xHSRxxdluHxnM1bZNNF8yRMc42IDbUpFj5ze/lUxg9XNjAQdviVNWWSO21kWjUCiSk7FztRwOCPy/0KH7zncgjJj9pwqZ49GgwaRFll0veYnlTh3C3rjN+FR5JfpYMx1/4RlgrALZw98P6Darvap7hE4N6712Xp8wIlWiwFV1XWiW+83fHNZZaKsr6uNeYsVSUexA6x3xhkLUap/3KSo3B+l/vyAyRz6fSuKbomzO40PuByr22ZqNVAxM80xWJdhoeiZ7g7nLEZRofLiDHPqtxHSBVFP6pQCThf1vhm6k9wB/bXvxzzEzsGGbOxIdOchVRVSRbUDaFTdiy7h1bp92oXsZJU7ybjW8n5Vs1ndzwlb5z9pCUxAm0vnzUJl26oPYxhSKffp47qtYa5/PgNEZ/TtRYbkzOApujqMvgKMvOPnDNQ47HOW2Ih3UmZ9KN87nqBYlPWj/pl0Uona5ssHMBIIo/t/VBt1Ru+IHJez2OXeAZaLJ/agxEYlg2Px3jwMHfHh6LXIXEKWI+4jl0FQjp17vd0ls6FGx9hiKiSakdYMtjHCXqkfPlr9AsSMWy0sb4mS6yqDMX2xWOmOreOikWJZt5BqdjrAVdSO7mQmmDldRTydsovPl8cF48J5YsHYCiCDKvn7sF9sbSLdYEpdV9r7Uv3K1NsMMRRxmcrCM8ko+ZRYD+lm9bgI3ZXBf5gR94FnklVxaLiMMd36Euni6FGFaXqezPK+AdE0rGB5rXqbQRPo3jCCkJjCYLnN1+nl3gKJywAg7ifaxMtMblevqeTI8YXRhjZS6QpIqZyVab54Sa+tsB/uwIuXIXWvXHBZR4jO0lUtj7Wlkc4AeGLxU3R/EKpzyynHtKz3asu+FBVbL3lqR6ksiRH3aXhM7jyVigH2noNfUJtzRM+BCr1RXSAw9qvwg04gW7NQBFkjSEjgSYkwt9TmGFsVR52azIsuu4afpbDpYBqGse4gkpdSkPWRAbP43YEI8TCrrNS+953hB8uhWxJcNUGCpKOUEyMIskjmbXCiy+oppsQWmYTwzVEKnbu9leSnTYzE5nzmFbSxZj8uFz1pTnF6W+o0AJoDJn2ME954LgTTxhMUE7hLeqq40kLIy1c8UIrjqpk26bvhCdh8IapKAA2pd2Z498cVP+Kn1LF1tjJxTaV6O16LB8L4E0ib5wzbnaa70bXa8YVjlgEi+GknKEq49m2od88hK4zRtUEvgKCSlvS5lA4CHtkjJpRFHCGKCtYmB5AuiiajMHn+m7nIvkV1pAzyWX+VPXoOh+kq5iuZY4AshKCvOyYDulRq3mf7xq2mlsVuTheYwKu+mWSGD8442qrzAREU9YA4phsesxchZ2Kd15jnaUj67YOBYpUNledan+EfBfDFaXFjn4UCoFVK+7xeh95aUvRJx5eCko2QspwFj5glI4LKg3Us0XpoPC1ymZfAbgciurTkuPwyfhaq+cURDK7b1CfNzZy1SovXHd8oaq+XajsDafEEed8zB6ZRKTG3+d3LPcIZrPHfGZuVmTq2ZeSKCkkilDx8rhj8WpKzpcqDrohIjy6zRsWhRUVS5K8AGpjj1ZChv34sfZGX+fgDutOt/jFW6GurqnLUDQPjJckn6nT0QAe4zN2dWfD2pVg0iea6a7glu/TPmRIZszBj8AUifoqadZk7DSelHsHhjh1JwmCRG3VHYsxbmQKK5QEaCNxuId8sIKqICtUZb9z1TEAcyHR5ucVc3qG55PKVh/LiOIf7DGInCoUsqyYjhlkGZ25JZQQcmm+D6U/2CUQjUzmlJ58OOpzJfxxd8e5ubf+DmT6r6xP8r9QNn0vBdDT5uqAtdwD0qRqBFzBfPkfwQcigxH4H69wANgzfK3Y3+HHJiLz5UIKMy9YRvwYRne8xO5+vtCFg2G402AZ9fGwIBDF5t9A/EChABtWb+7p6x99ZyyN/mIn/IlZw2fNJLjLJaEqJHhJB4MoeKj+S+cYyIkSf/SaqVr5S785l5bHV3xMn2P5FFU7hfc3k8MO5Y+y7t+6ykD79p9rZr3b2y/1Hy3lHM1Rfchuvaev5KJOy2tx/WYu/VYuPXo+X8N3EeJQHFXr8/nm72v/y/X/b93mnxpvHKp7Hjm0Uiv//P7f//3zfs87eD5EK/+V/jW9ps+7AzXif7veP2rUJuT3wb+92//QiUY/n4yjTr1h9gx28Uzy959KMxpcMRK8kjBuFKCd/G/P+3/0sZ/5+i+f9T89p/tN+vg/XucZxz6p/zznv473nzF/1okAm1brds+YI0noSllPr8qfuTjiSH3w1+/dnrXx06eGs97s/u/r/LnWnzGz+m7LUPeTPr/38kEiCsyM3nffhB8vV1Agw3dus3luy8en4fuI4zmQ6ceH5ce3eTun0VSY6x37cxUwisQ7xO9cEp9RD1SX/093fmYHDR4QhUP/emf33+98//d3fsaxyUO4Swf3f9zZ5mig/Gx6Hliz6jfvg9Yd1D31/p9j/F88neX9/5/ur5VOuP/p6f65638zGxb/39/19R9m43dX/stnffDJJfoKJHpP+X+0xh+QSkMpao4pylQOZFRGw5zmixm9UGyeWf79TPvrXlZrXkkoPt9T/RShF/vf9xL1W9fN137WLRiBz89eNNj5zAv0DpPeaunrHQZAIf6nh/4vn/9bx/vfbc3fdu4vBXCgTm//NL//Rd/+mdsIoAkaxIISu1NdQfQLc15Lp89kMfzh0KMAgYISQZXI8IQHqz9ITb4+abv1W/9tHVG+tI2TxlroerUXUTzuWNoCedkKHAgrBuJ51NhI6i1dJKLhizDjCNlnYVLNaTzUsz2Q3KBomPT26NtvU9dt5PdVkL/o/oi21GnkZbROgJ6A/hsc3UutaI4DQlGZa+4shfoRx3PrDOgiy+UExayUIJBI53mvzHrObCKnidN7wxNKHq8Ni2aYAqlCIvgF7YwInVOiBnG8wAFhO2RTwI+z1O4/n3XbTNnyva3OqiiMITt3McrMB7rLdZ5kd4B0yVn+kBMKmpnzBvMNej9HkMNb0z+HqB1vzZlOcgWvIEkSQmBGvlfe/DKYMmWBmBnLMzb8YnYzRyBy7nNcO29k6EZ6/V5IjA6ndt8efe/N6Nt5stQ1aNxlTQat/oxCmol0PDSs4nhZScOgzWfUv817MWtQfWbyZWAIX9b2K9ALf6FHTtSEwaN++msLFFBCGMtr98yKbNGIByP3fjPVQ/VveFdqwCfphLzhT1WZCPhbyKJ1SpRNU/eEVJDmdE/DktQ/AXX0juGBLNdxQRislcvfPLwVexwyGaO/EUm2RlXmgQUuhNHtnVzN4SGQKdx1CHK32xHhHGbf2/KawWhh2Xup9gUkIxMCfKizK+Tuav2OJXIRXYcDpVEmLcCnudgujpbgjplhmWJFfJL2LYvnKUJlxmPPNozxX+wPDPq+ro1A3GhFBZBPYnGaztVZ0BLJlFnq0Q0KvVwg5jr4r1N9EHPe4m+bJDsK2x2xuV96rZr2tv3mFJIsBt8+WEryrVXaaz4dB+1Dh0opbxRFX9qIzM8zGaaJJB3HRzeYJB/0c0Hz6yR9ZElGAhz3If4E+pFBmr59Iqnj4YiEEcm/Ucw0O4G8BSTqzE8FQ6JwIXc9TgGnVqz9Cub6ebTUu81pAFwP00zMfLDoMcJRZXcQwl7GES3o8zXMkydJPjSh3LKxj+pC2kbMr+RSSqRnxOM49dyTuw/2OLGC3DG5ffepW/xMgt+usWzyP5qPn9AXRGtkkOn4esbw5x3xMTk8m/GIM4MEw6VHpPLb942B5s5nyMk2QMxCwmMFuggtpwzwlCO/cHrRv8fiFFiSIsg5pw0j3BiZDMoaX5YHKX9SJYCHwVGD+88MJyNDKn3TH9nzBhDGbIAhzG9+v5lfiFVO3hNRThPShthHW54Zbj7uFDMz9tAOG6VvVbSNENQJo+9X8+Y95LQte95O4hvv9Z+9ULwN/RXo9FF2qRznrGH3KCeaA3GAhFPWfG90pZy/d05xAYvJAgoDULwoYFWzo6lM+LC+GITj+ZjxojQYJ9E+/Lg5rsR/nqqbGJz44LnWzJbzosabkSWMGtrX1Y2yo6VCgoAawokkqmDwFuijYXLGbOFv9YWHu1t243YeVMxM5zSs0xzBWKPlBYI67pqKYqAp6pZVtX8SmnyYqb/2pg07Kb1zc4iF3IJ9a2CzyQ07wKqJ0ZR5bYOtYm8CJb+uyD+0YuYuZEtYa4g53Cg8LaQ03ViWhkHRnUkjqMfWX8ZYYUj2PE1vuS69Ipv4sVNsE2xVwvMKyM8e1TvBaFAgFG1fxkNJmEdDxzofP+TQbUoW79fjNufOFuc0waZ5TjsULL/CS7791xAF/GbgvXlvnMHJMAVHZI5B9h3doO5j2pd4nGtLJUvDxHlAwwPBq461UJSh2VIGbEXTRFNeCCqf0S5pq+kZEeSXu388uLlA9pHIQNOS2NMDieb6h/UyD14WrWaIRjZdJwGT22yV0319LPwWF6xMBR28qIp33kn5aQ4a3ePy1xiff510CuYdVDZlIYbpG6QRxQL+urclYe04cQyLnNUk2HnLmbKPg6MTj2AhoAOFDmtyVGsAiv+Z7/qHqOkGASoLV5emFx9f6xCyMr6kFLxyPtpW/pwApFNIFyVJfOnQ/h5X1fyYDUOiMhPz5jxtoEB1wIBf6l5uXqinc5Di1uCOT7OC5wF04Hwcby8PkuapVEtz6NVauAkfB4aEzeyzh11QtcCOGmofTcAs7qYoCmdvZec7mIPD+0m4OpdPNSnMEWPqcRB9+q+AyJ1A5PV9bASN3OsKMgGidIbiAaIkAwlCpiIf4Xer7SfN8Hs7Vipa9mQXDtP21SpQFBosXukwkzaBbZFn4WO3/GR+3ExHOJbMK9/2QHme+0xfV4bHUowiv0XxhqGR8tpE6UFFEVd8jz2KV4azWeciK+lL2d2oSMMwTl+y4cBhrKLVkNmCAXmbdBE5FuLldPRKkOlwQl3j7rivoWG4faTRF6R26TQeiiwqCuC7oOhiAthh3cLcUeTIH1AZQM92DMyRNlKxPmIBrIIGrdDjDBYUxLBftHB87Ghtr/GL3GzAoFxHkB9JmAhl+6y4h2xx3ovOAElizAgPEL2f0f+MEUTstEe2/FWd1pjml5wQ3gN8vp3B6ThW67BmMsNkDn5r70SxzWRL3gBHSSA9dmi70gv8FldpEFfmm+7UxMnt+4P98eZRw3Har0R+H1Oc5l59UqToUnAGL/8aWJEvO621qPCdVonE2pblSE054hSPkUnVARpAT4uXZSsjka1E8t4h+xymdlvveczQ3l5Em2x7lk747NhMLsrf+Lkas6PDqMXUh7FHWD0cnY5ZM+AVA1PzaVEDRSJYzf4d21pAd1rRkvKxFmGC+RZl2MdI2ykbBlL2eYXcZfPcgSVScSavPMeNBG0amv8yzx7T1kk0y81zEq+IZAvWMnxPValY//GHK1sNEagL0jKX0dDBHFDRrc2F3Ri41L+g/WLhMVImby0+t6iBMuuhJxgW4eq87z32iTYZpUql/8n81bYE2oFuxCYUChX26Hr5E8jZVrEvJBoAQva+evqinDc1+dH3ZiJE4uVXgxcC2gAgV5LnsJGD/fNRljeJ1OeTIhEktFOYeeo5sdqBhMK3KUaVCd7q9Mor7bDAXnOUblmPIVKVZ+yCe8Ue9pJyiJi8M0Ye4Hazl2BVPlTFOqiNPbtpwvJV2cbo9ZZ6PyvJFe/G3WPhZ6o72e7FdndRuSGvAUWz9K+5857N35SJvOE4dKQxz7/GkZGZhVYfkiBUn2OKgQe19HKAazrWImijV1RWJw8xxIA3vI7RjJXmznrSbwPrADq/CdYcGuhD8vPBKBwCpC5Z7pPhPxV4f2OiFgSUw/cbQuU/3pv5ZcxbrbtoxU6/RiczsLxZXGYQUb6zdFawJUswvuC1GbJ4D7yEmNiJ+DYUrePNWArz6u79XP0P0vvHS8Gtle4+4me6NVOtie13+hVAWUTXzIHu+CDYzs5x8u0EaR1/5U6ggIEvfed3+hCS+3qx2uYn3AD4d8WvyjnYt+K+FOn7sgQZTUugRSIfGR7BADNl1RL/MJKUPatCjljhEuHE2Nh4MjRpZODXC3TfiKTfQIJFpT3PmRn50DlbdUQsHNW4d0nrWbODvNBzXvxsZapr6mgej/H46ErzaUOWeZ3eM2Rxhr0fXgUFlVkyHnnjyASdk8bnuM6I3mLnAcVIR3apb2gfAUd6mEjWvd0zkaIIWkXM84iHozclfaiJ8Dmbu8nzDdtcnw/ad8QAo1pCfdcbIfJQiGGZxkPqX6C1YkE0NWiPyHgo1gm8TM+78Orgz9wBv16ZIHM/+R6ElmBIbcSa8ZuAxRt2Fs1S8fbWP0h9iRdZB48zmOOo694rnmdV0kzkFMKEdf1ZF9n1DbMlzfX7CuFwX3MFl6bX4L8Ry/zQFTIbvltAH/WNpWVEfSn21asWtFDS8PrjgOOqdr8mydh2UTcFRJgwLUxTNUXicd76DtBxg6XDwfzhaITD/NKaMbd86cVOAzYabidQs/COlQO1LXp9P59O5KjLqQHOyJnRX6quhB50YSKV9O5ZK0ysMASA2rOb70xfdFQkvIC0ACBedHmgGDRekvaBAxWF42kk0Wx4HBFAiLwF+I4MoXg7DJ/v6ij0JiFOStnfIzK/AOqcRE7cq+np1RtpA1WLDUl+hnOtYawXSRTU7zikfXF6heY2b+Al2zBFlEY7ROVJ4L5I+s3S8uFLNLE7DBPtayAMHv8HqT9e3Oby2JyWTh6PLnwX8WmtJ718z91zziIMa82Cc3RHa6PMs7veNDNLPv5iKW8vz7p8XCDubBLm2Z7ASi5+voC3lj+/MtV1Mr4U7NAUjQ4s7gSDEA1Lt661Hc6hzVNnQVwm9NtDz0zEKHlL0pCyKBQxiyipqmlMPGyiYx1ce1NPgg7FLRsdfQ2reuyvUfBibux06cdMPlDU316qy+3toPQDMThLH8un9BAYejnCiv5p2Vu+EGlOiiJm1qTlLbXRUZAW4Z3Z8U1WsLbR3t3uMDQuaFqNYLa8bzbEWcUikfqhebQwAIF5AB1cJ4pszCUqBOoDunZgT7AvdEmdtREvZ94rTRERpvA533rnB4P7t6HSWf/CkpMLjyhbSkpvxi3m2aB5jYrzVYh9k3zCF/FPq7q663jQMDUdWn/a31q13gxIOPslb0OG0BxxrKlw9MCS5tnZ2q2u5ZaEev5VmN1MH6SLIrJS3sGzaCwtWsoM3Zz8qPsowTm+FVTeUo1hJj+dT6MbOKaIZXU4UQ1p6aCAjxCIoZegSxQfk7WRJ9ieuLz8ph/XNV2/CAfTSDBXrhNTnOVSt1W4VqP3OIUoQqMksjVfKcYlZN6Y8P4WLZuqTOWblUff2Ep/vpBbS0zOmGSmAO+96d97zU7n6+nATrN8Aykzyb1q8TN8qY8rgmRiMz4PFxQ7TKaFBie3xuaOspsNXELKpm7nnoM1fQsMzXXeZs02eb0eSuwX7y+nwO2VHqg+qUxkebQff8+Hej1gDU8+4fc7MZ/HmlcauZa8hb0hrwWJIRfNJDzs6u+GCeXDFuWKLuRXnX+wwF6zN7lrLUiSvabtANg3er2Styck+6tIulQKHHoSiXc51mNwW0toAP/bxl/CiDvT1WK3LXbhqnxa1ICQTt3yA3Qz7gjcL1qHJYEPyv1OBPvsJNXjxPP9Hqk6iNWDV0Vhll7qBpAfSy2wfPMR76FEbJfqH8alXshqFCA/GO00MYbfIEuXD1sPO0Podm+YZ5Fh1p9iIzE38ovc0V9T1wZ8h8qk8NuR4dp65oyJ3rArj6UqMgRCCY6+OF0IOh7mtxoML2f46RosniwKZUHlGjla3mejCapKI4Si4pyWBQJ0Uw8/DYJwyRqfF0dV0pjSA7G64/Orjnj+bXW57W6as74Yi9j2lYmEm81g64qj9Iu1mKcDsprIyOBOfSi3z4a+LF4syxnvFKo8UoOCxuMZrcxbOO8fwztF/V0sZNdXWhIvby1+c/Ra0GEdWbLjsJVMJGdfgXdoPo/hArFDomze4jAO7P0CEZ7p1/xJnYLoc8bosfNkfUMGzzLBY3cm+JFrrl6Z1/pt1GLrRW81wQtd24D1lCFs3cV+k1u4fHSX9jCcFQf2nA060UmM8uW1BifdMY/7Cy5jKo53c/8dlcT9yp7f2vrS5zc4KlQ89QM6XGknOAGTYsbymby0w3yi5o4KzTD39ODWUpeUAPJ2AtdH9eS2RSRM1G+t0rObMU4BEwSmaWNB/Ww1Jl5vBkRuNEt0Lj14oAv3Hq8zyGHZZ+VXAWXyRsfuIh2oN2b+NzZtHE9gH5Po9LW8E7qJDCUQv1KVwKKIIqADt4LmboJjJZtZcYmD3C4N38hJqWZt+4Hel5WjIAaZTQcXE68UJFAFqL66qySww/C/AaWXn8JVpiqqrK+wOY2yTucceFlLt5MsO0wotqbdWufrrXQIjiOd3LNtUBY34aHZOMxct+nWEaXbNTogginOGYjonF/MIitvwcIqSsoRtIOKtShgbMajVMTocw3d4bgStxilDLnwy+8kzl6XsxefnIN4BQjE8fCgd4yndINgm+ZG8MUS/I4WGVNRsgJxJROJTHE8XgqWEcn+F0GQfcmfMMY5BK7KvIrFsXL81a9KjV4QbOQj1Gs6f4qJMTYT3VaJEudshiarGE1yrGPrF5QE+QnN/tC++gdlKXKiav2W72E/dm/bcS/EkmAvPvRg8SFptYzCkqQLn2BaaqGosunhsg8bBFJc1WCaCuXHV0X3frBqw5pjb6sbaTn0z9b4kOv+wUKmDbVt0VDcNFF/3q1tRFaCPymVNxwJOzelD50Fdh+CBsJA70pK7j/+iq90sATteavwRqpN8lCdoOzoXv5+jXeTLsPRpml5xr3FNPz4PuLuTB+kyhVKaIWmDC1pNTfw99L0T8BdFdIyC8ghKlgpoLiyAjfcuQMBoof1yWLGcwOewfwrLjaIijHRMZiwj6CpmYuVDSt5irudMRcZBbaWKH9CtVVEvB5LAaIyAUN8hvChz76SNm9ysj6gJZTVOabx0tFw7e1LziIt2uC7reffC/PgljuuKDlfZSwlbSw7ZOeuqBN7o5N9VyzMvJecFHweeUU0ikcQHR2YFhLGwvgORaoIvg58J4qVwqdZdtavI1jt1L2z6QGVpV8SkzfZP6tnMUUKcgIqWC6Yz5jBQRq/hE5fdRNbOBITrctsZ5xkee8gkJEHObBXniStI9haztjRDZ6bByWnpU4PkKXCCrzo3pV+BQOUBIMwng/GhBrJTC75xoOpN9O2ZoJhnHeRRLC8bUwzQhgizkAimMhvX4483fxqj5oAhU5YGp4eA1vdSID3JHRu1wRSmN1M9gtX9RC5OdhP6vhX339GEVY3jqQSyVdL+/K8S+CP2Ju2h3wxTBO+IbQSLOlEpIa7disRyZffvmu6+qSS6azYlM3NOlblICHatOHFGtHk6ayE10BujxkFJvkAhn/OVGagiuwu6L0PHWNtmd/3c0GU03fbng3S1LzuvT21Ur442WmhtKdutmcVRCagCebLvQfYYPkZDc+U0SNwTZCZel9HA+bg7URonlb65CdufA3EhFV4ktuwD2LPjV9XzKuqjKxkQgoIyrB9jceOPfmWcVQ2lNiAgQiZmc3wQaN2FEnm4yeGB1et7+Z1zDGFCjSsC6CcJQh0Y5OJqaC5WLynqxAqQqGIlA5Xv8Chnz1XrSKG4DcdCy42R1xA7yiIxe23/blr2VgZt65sF2s/8I2HxvGYviHzEtnK7AymbT9D2M2Y6Wm30COHZnXLjwDeX5ZLQyX+SYpPplxpv7jwB79eCe+6IU7Z0I1vpI433YewGK5J6XIkxaSJmF8eMWk/513APFpubIkU2repnzejDejlztOrhbJi3XmoCBnOPkgliVDI7qO3itbrYSvtt2/Yh6T3h2cW2M4hNE2U8tROo4WKG1wgHz1j6BK/Hlok78vYhvow8ILgl1Rx7lYM1CSXZsI4qhGiS/r450vUQ69ZaY4YG0mGZSYgUBIE5HHlzlgpLsovE/qwGJUfVPJIiMZBNJDmOOa8MPLuIc8oayBEj20hBeqNfhLJwJF0YHFb5fdNl3cRUp0zQdJAME2zbxvgyG5Ga/i9hDjJD/dPTRzEVEHAN57RYQcOHpQEgmRYCn7ytqwQbTK06lh7rDPCu2TIDsrn/kMWEQQ9rveWghjo12BSdogJmJAhaSudP8EN1rl/J598f0vM/snKzQRIb5V4YQUJOdCed4RbMuwbaKGrS7K3eTvayofr//K6kQSe5WQPAYTHVGJ37TEn6Rr9/IAjm4zDYKbckavvHdzjdwTuuuqGTeFDbd9h0ti/Im2lASYBIAOPlkDofwF80RtCZq/TBt4wkxZGm26fpYcuJJNr2Cdsiuncvpb5ymz+AaUvOFU6VMOY4TGUhWdZ7+XTB78mjDUI1wBPJf7goSoDdwKvzdvgznhigbR1Znr2WoC89sv9HSf7VmseM2508ZA385brrqOfCePvX/vBYusshEHf6wbTQKHRb5Zl5hWqMdujhPaDqyJWcXAbh8J8FFUB2w18gV7on38tRZp8KZHKtNuaMi5gbh9FneSUFmF0Knb0vHG7MUuLqQ4U3uz5K99CU5XelpOFBi5OeF7/mbHyCJW4BEN27RGw/ygIYph/HsCQb3v7Ham7wnzO8hQ1lXWZN6UWX+QZ7dVBEoN1wbgOnSUOrINn36bjZDnQcWfNisHY8zMj8u8UZC5V2mjnm+vzk5gB0Qui3mb7W2k9DpWuS24JytGP5T0s4H+tASySMq8cpY+GrPeWubAvEC2na+Lc9sVi3IMDzwypjoQ3B4f2BQmDBWijQlsH9P3jOotY6GU9TKWORNQBY5h+Y1zHC3FJ7DC+c8HxMMVs2T+lOgqW073jRiTyAKygjYUJrmJyXTx08cIyiyagsIIzrZzLc8uJE7/1Z3W3Q2vzyhfz3BvolJAgSfOZZ6SvWLum4hSXZxOsjYSwsVFK0tXBduNT2dhsf4ALaDYQB4t3SqSL9xTXRUAR2M3BstXjXsR/aPDSgBIJD5YHJx+Lm+JuyYORMl50HfdtXpEgezVhsSZ0UKPDcmrVLv2z7I3BdtAXg15aD2pN5QAU6PeEBL2+nbNO91kgatc5aakS9ads5GNb8beOoR5O0BThvdm54hQOHS2fdjgWzY1DsedPomlfeoVH6Fs5jpnx1ep4I6FHhV9R7YHtCjh3HaR1WgIwMC/qc0cXGZkaMJ94hy92GpsMWDNzP9EwAdZBgakeUOSH3ytzBLwRLyuTbUFB73mTOkZnrEQfsC6EPcQvSxUylAL0uMDCOvW+RY+1fV+WRc0s5A8B0EcQz/ZAyPS7ZMCUYKgFWyooOqZ3KEHtxH+2HVzuZWGwWnRd6bjWWXjUxfj5uheK7M18Fc2SchNV9AJWVDSVbMkRgDw7dO1jYAPb2hZ5fRlZz1l93RQm+w1ZNxfBjKVAgYfyRxBykBnLtNjvVTedZ9LnlZjLZGsU/1V1Hlsmf081x0K/CENZD4EpuwiKnpmLnMVPM9HfaZ2PNb1ZyfK90J95KLT7LtVDv1XgHIISqnnmJvZ2uxEVAiTztTmyWeVFk10YgKSxh2LBQCQPSEcIit8MmVTeJOkDcjnzZ4xbW6FNfGspO9apm7JPTDT8NKwAV6xEDECLkrKH+teWoOasjtoBrdtRu5bNT+lmP2JSX/vTdM/EaGpj3gDyNbzPBYK/EnKOWf9mNe6Aq3AwAFYk1xcvigLtptO+N3CrNam5LBMu6aG02bWdtktxujkObNFDi8sv7EdX8DljW9LUVJbrilZ+HPMoDvSV2L/xjqalhk5WLJicvl27wC3+QipjupJsKV4QC6m5wVks0bqWD8IG6apIxvxwORIuz0rcTD8UfByELr4d21B8TrK6QXsPMz++URTTmy8Di/g742x3954ArtebEahiClGHB8Esf6rQ/tB9H0b4Ah6kqt8UTU3bFrDMmnTUbImdzEsyp58eEPB7fuVIdoD6ygY9+gFr3nngkl4+noNB7GfZAoUJQpVIjMZgQY649iVbwjuVs04GsxRKx9pDyPxVsq7obVgFkiswqXCU5RLd7d/Q8iCW/Lhv+7vHiG7zwTYmFuReAFgMTZHIPmlNz7wwl12hr3oAiwZPv823p+NYY1StDh8bOIfzvNPhpJHnD/GXTGXwHTVZtr1/3abUY2f7lenxhHcPFolNq+ywvjJn4IBr8RKTiOVdYWDp5ZAcKJfJ3g18lyLIKid5k5ozS9VcdO0+9eT0pm9X70jhVpE/rKh0gDm/omhhWwfQ5mr25pnE61BWGx3Piwj/nTnxxcIJ/t6aV1WkaJtJGAXeHgcOef7a/4/l6yMST3vgaqooUUw5fMiKEueyesisSGnoXblweL95oWZQhH+Z+UHnnpT2bgcyEqv0O3gJfpNlhU0tk2rrr6hBCMzYQtKXSoMMD5RfANQcG4/E0ywzEbNngtx+4iXk69EJO67E5HbgtYo2VIpI/PjxWqLcXwBNscEVEasrAVOPwAuUPTP+gRjrzSv4ph+IxiyCCkn+y/o6gnqvFcfoqvDdayWCuCrugVGwCzKfHt91QAWI90y1/g5S117LLsTvi8F71dDYVoLu6IP6HWZvxlIqDULkN8oerF3KY3l77WsqYWDLfkJIZs5uD56H7C8h0lBdnthCN/sHx16jJueuOxJqMI8/F9jCf1z8acEtpk7vV5R/YRhZsjZXfkKbhXBnnIjfKKO8QHmdfAB8mmqqDpa66unlS4CPTZNU18SCb1V47PbnkoD3ryyXWzcGfPTls5lBfDSeGJWGgAuUJgYy63V5vM7QOd6EefMWfDIKJavWxEbzw6DdYmSHr4K2F7Ma6TM06A6BWRO/INESQbtIamw6bkrMUGdZhQRqId6SXCB8wu4zKbsB89bTDe8Ux2VkgOlSEzUdMPHy6U9Md4jjBDMz77AUY5xKr6QgZEdmPpdSLsPclhSO5vzGWPfxJC2yMSeS5uAFwQr7JRN59KYsgA6uwz2/22DS9o5Q4Rz542v6An8WjFMxnKI3MqHAMKUPgWnvlnDjsilz9OFFYOZr+1Ca+sA/YLX7XfSLPb9WxG4PsvOas3zl41dIcfoKdHZPeWVRmIhkoAHUm1k4lc6oBKbfSyicBCav9dNDKjLD9Q9/urY+sPJ6E5vUGz7SubRpWejsIoIHweJIdVVtzbNA9wfaX1gQCDi3qL7cItVgzpXSI7QwIDr6w1ouTW/BTdK4z3tkTDHwRjBpHYtiVdUA6maiIzhyVNAV1zse85PIcHyfLaPoPUfSiybeGE0tscTsCDi2F6yVmb6zUQqgUwCzWw5GJq/7te+Y/AmS6hcYVLRvrn79hqVhKxSWH6NxydVXCO5I7OG8I4Y7g4dAApwffwkepj5kfjHvuUqPrnwBLHtKrrBrWSSO4G1+DUs/xjO2XRUmdv6hrX7B0oygSx1tmw8oi9jR9zfO1jLUmmdtcoY9p3d0FVFer4Q3CuWvF9uCRRjspw8qEm9avKNniT/fn8J2qjIK7qHDDihb525g701hZfWvvVTzBvJFBiLdQFw8ILcp5VmviQKdRFdwuavxv3WvM6dvlGaBN61pvdaV4Qo1so6NBrAqt8ZUOigbLVldcZdGL8GQfsKZGV2MYN4YV9E+MCwD8oLZLkFfWIfgy+vQJdFlEoxsX9cF78vuOUIsIGkkg5H1QW2qQjMUkaezVBCC4Rc8FTsx0fQeTd/5BVE7TuYn/sYHXR8rQ4f53jB9xgGKIWJMRhGAXyPzfufaPRCajRlfxIWyXOVNAa9G+wtmeigng1yihwAimFZxBaMie5FoencTGZT9tIpglOQRd8MT7LUoEKC5tnHSZxNx6NW0jjsXngxFWIkqUDeg8k6Ypbjr1UzuxfmC2vdeTKtd1vnjUHVipayd/co9XfM4ElrMPvp02K6Ylx4IeO+5tL00y/NZIJylqIs1m3/ttt8uHVY0q8JJ0qPHrFS7C6FGcK/mfWDEm0Q08Rda2/sEOOTRjKf0BvhO5NgyqE+tmy7tfTkcpkdcoAyeaKCRFFTZ9vATxnadN23+qCTPWVczx3PKJnUQhFl5aut2Ggd9sdmwE0iyOHNsXnHLV4QJlligEV8h4E6xih5S1dZS2Ch0Ju0b1hU0blX7Y0JrbC74Kz6Q2ovO49dnGME9QIw6wTs/wIiQHNbL3bCFbaICuGx/3Sp6L6zcR2TocNRupK+vv5U1C1VTJ+IJbB2w0qAhZK9EZjulTe63jbJuKCARDtjLekgMT1QLKZ2Qn6QqYBg8rCvQeIItOu4/6moMCty+GbBY1p+E8E3kPSqW/OHLE7seh3DloroaKMRaocNGdy5PSfoiLf4DmNZIp5ueE/Q41MC601k+QXkaHq2KepqePYCQUi0ust5flprFMTHNjr68gd/QLEpdKIcRTX8BOR0MVpmiS8CgdPk5O1/YKJk9paDHYVPS5C989hreAT4cLAul/UyIczHQRPDW5jqHVS3CNjn4IRXtYWvkNT//oCbCdJ/kYBN1g8CQLLlfF+mtI5fDdDI4710kompSFuvBizq5cBo4ukAEToMqVYWaOWzoYYfHdADNodDxzf0P5d/f6cYYCoNsH27eIso1bbsrXoJ4/w5n2ALmG0eE2xtZndnNBxippapb52xJ8RSERZ5wkOvaG8yZEE58C+F6KGIrzEsmOF6lQQ47ft1JrBqVMR9f8TEEraFkgtH87dmkr0qkNd/Gv6Ls9WqC4Iam4LXXNeCiwIfFayafumGa5T4Ow/sdLgg10ZMYhe9CIk07q7b2QRPqxX7q2txG1PDOfLe8ubBnawSRtgT94k4JIhwvkIStvspZg7BYnTtRHKSvgn9/fn17Bz5u+Zj/FAor3eCKqC9ffFwLr4NaDlGcGz5QwZFhgxsNEOw3exms16E81lzLMOJFUxlZASfkM1+WIG9rvKwbpnBm5VaoUljsoQP5HSLcF0eCV/kBnj8WTLxOrZ/2WhohXOVLqzPGnyXLUiRvAjBdVRaf3aLdXbrHrzwiLOpI2j0kuopxk8fsaS8PGgPiusLUJj8ziIrlZDKyNoegeAzHmHV3FGKuzW06WkJ6jM+RX64OzJqawHufHDvceuiESqAieQ0gDwi7BzBJP+7Kv+kzClIGcC1bdxTgukH0AqveIhtC7gnMb/PlwB8Az7h94+5iTV2vmgYmQVQjY4jsSq8oxQGGGBN4zTxUsVowgS7Z2jL9iqKHaV4ODz/YRZrHvBN4D/psQQNsps6066cZGev43zxdRYLkSJB8zd7FcBRjiil1E6eY8fWrqJ7duXVNd5YyFO5uZk6y+BnGTaCoe/ZinFH66dTmU3Saj71pvRUlB54kGq6Q21RYUFn/p9wRoFq7OZZDZ/KZ/NVqETjx5wYKY/rcFp2ljMwx55BHM+EvdgSdmRY9OPWjQNWJ+oct9OIEl0bPJyK0b6cWip0dLLVdAe6t6y5dos57X5VcfzI7ILk9IIjIKD+ZZ2tNEYi074qRzAWT6qorZdmM1OO8gfsMoeUC0/+ILlZgffh+znAtcvipTKZL4Jc5+BMu4fhJqTYS7uG1tFI2N8oTNRX0uey0AWxQWDf6Zube0y/wrIam4x6BE7+kE8CbvG2A7ix7lbWwulgyzezoTrwGz5aWyM1MyD+3nuGyAecsrpx5lbBWRqqOPXktLlNcFX9JaKWNOYuV37ybHNeN1YD+qRz6yNEZhsF/G8kLIaiki8eQ3T6c2B+WCQFKI/o8KbEhe02No64Fs5L7IcEDC4ceATUPuh0G7AfbLBwFL21lXJm91QhjFfDYemR296Y3DWEv/cldElUiqU/enYrnUg9Nof78OANwiCYaK7x9quZj5cNFWTDdU/3lK9gE0BFFilWQjZy+0vBL2ypgcVL57HtVeSsz3NoLGgqnYJ8vxLwWBW6zxM3w3zPs5W02vrNl2EvGyr8CXi+ownIHMdoK2BeCSbxNXzbLKgm9xy/E/tW/yfauv0VQFKv56NoDmHgRq2rWGo+f3wAiL9K7mLThG5tS9SWi9ex8sUlhuT5mKyClKCphWDvU8aC/4e7JvhzAefIzgHnP8d3w9IfXTtYPyQ1hVM1VsIoVA+i9/itDlyjrZ9/YOBm6KxE/BzkRJvveozSqc6+8TyygXOpIXfVthQy4vQT1dyWpzCntY4aPZPb3ZDEhHJHzArOvyBEe+Gvij96+1rSwCQ1M7PJF9wxiMQMjuIabTwgBt6C/KZwAIRSdI35BPdUVfgctLo3q9+KYbxRVpMY7CszNp7T1Y0miyTFYWADRXOYQ1lNK1t5/BICrnyCcL6dzzJfaygpQz/NQff2TzMYEX0CXDHBADvmc+IydA3u5S8y3qPspMolgoJMxizP0waxPxyDKeMTPTA9t399/y55saQr43rEqtC8WI6RdcLhw3WMsKRXe9qS5aBqflocJHNFAQaLNusiHLclW9XvnN5GJO9TluZZ6/BWZuYZxJc7GaPbWusbCB9yk7CUiVDPQGBzUiHmOJZO0s0Ghftu70aIIIFtkO+uHD8Za5SLrnIOvkPqClmBk/oD0AuKjggtHcfoR7dk8hEVHERQCBK0AEQeNDYcK4FLUP8hUEaa2JWvTzEcoDhfA7D+VP7xMIziRWmVou4bQvoSXx41Z4RkeegiIzFv33deR8sbOij0YlvcMyJdWRvUV6bzphskHGv8gB1PtM+T76S2h+2HQjTVyYJANqdVdSR/LRKhValkulLwU1+uQsm2cSgrDsv+hSEpSX2vIUx4PwJeqKGit/gwRUpCth+9O8NizhVBxtUWXgZLxhWp8fT7V54BAJITdza0QnmHCj483mVw95Zb9va5KMns7U0svWFoLR66zv/OX4gEdEUVbqK6wCzxlGKmqO8sHeCmNVLEa3o2j4sYdnX7T7m+M0RGw8K9S6er8RlSTj8gmOIXxEyq46m7RCDRULvb6p3CT0OaniCsuDLgEbQPkqTB7WCjbGWq8WYQiDseOurej73a73Bk7tYqaBseIYSp4Qxdi4Ry9Ij7fiaEnk9OB75YueREE/dh4EoO+0XAH54BxLY9wVs0iTEpY5gDC2YevKcwdAPFW2kiGTJ3IjZW+8S3ctjqYm0Zi0vgo22KLgkH7JHRcY9927TuHZvozR5lo0SsVPtX/hgIUxiLOdn99mIgQ6jH7unbhFcPOFkFzCq6/HBI5kX78jOKjYIEa1lt8O9qeUuQl2gOnMSLzhucy+RHyn1RYowUkEdY2X1+V8aqEZrJaVYtECwEjBbqLnUeUvDbn6Jt6L0w2RRVclnoBqoXuh7aidFMaKMAGaStQZqbQBXnJGwo0P3G/vNswdSYx84pL9B1YUJVZlF1XlK+RUwChE/XLMXGZ8aIKZE+187smYd1TvtPaGyFnAJhP/QPBDHL2+5dG+IE6D659Shf/WBiufsqSIiiQYDKJiJTkB8unB32vGZQeQZkHQH18TT83Hn9J6yPHcMSCVgYMcUDbyOpQsj7ja81xvEjL5AEQatjc++htFhTH7Qncz7jRa0AKY2NphYk1OeA9jH4BgO7zOgRqXb9OPobDpjQMsyiIfA5mbf404M2bdxzCfNgnBNKicrtMqNrexDOtG+y7kpDR6yGlIiqwd21OkvkjSvVX1k6lFcP8R/r+sBtIAKbL768tjJMtEXO9+bsBl6rPf9Okv0DmClR4iAa1NCnvo4emGqucLnk/6sv+E7HEWgm3BXGLLdVl6a5km6aotMja9eFs7i4rGrQ5peH0E/h7FDV/hS+dNW1+/3ogKwzWxIjkr899opiYiZSyJ70I86XH4a8JAKHr4b0nDPQrZJXiUCmKKZuzzgkIQX7nwc9SJcGx62qLB8I6K4ZqBo7dRbw6Cbjxt5xNIPSiQ4EYwxqzQU+/3H9/CB8IXkDkBrmQ9QX75kboQS2kIbwAkbfF/Dxk1b6XxImW+pSZCWCNRci3Jp4CW/0lsapzrXp1z+QljCHUHm/WpvlnVxFUAL0dXHYvMfEDG2bLFC4bowot6dTN+IMEd78cZgNS/03XlnBCoEQ801OLX13oDp3gM7ibYG08YtstD2JSfr4a1XxwjO6M/BsU6xuqWhsts7ZtsZz0akaEInovXucOgic6l655L1eZc3/w8LN5j1Lps0mgaSw9MW7YUk+dPUm8qPX86ql+ZNo9xX+92MENNlYqJjd9+pu5OdIpR36vhieWUqghIZxDfBzwVezRuMP6KBN6YhB+0IYrmteUsNcOrvpUvLfQnCfs4C8dI6J8fEkULWQ//radOQbnQK3mSce5w2GYkRNEWr6k+fvbYOP6c1Csi1sSPykNvtB7CG5/8ZkFZ9iKX1H+oU9wlr+xrx0pVpp6g7dmA2nBhup+xUrAWIgvXzyNbfVhdJeYZi2vuZaIVr+wDsNYcYLODeSZjgkOIp0NT51w11+NoE9ictJMr+XuMagNocpeWRwjgd6PDyWfERLyu9AG2KRrSrBAEV+ppqYMK76GehoVj6KMQ33ySB5TksJZahKbrXoAmsXmyHhrz5ZLc7/uNjL/zFHckDSyUZBx+DziSEblrX5bzxdH+8tZPLYY6pgQzVRGfeQ3nxmifzseHGLmOrRor39spP9PDZWZURH16uvf6C21pdNxva1kvsINb1T3bzeWiOlsrDzc20KWAx5ABVkaGhyyHd33+zMMoOZ8hK6sSrPJq/z6EWNl3ey4f3RzXkB+JbE/0/MYH0iv+KAaDD+zUZnqTMaCzOR1X4EPdDw1IukPyVaKvHM48pE//GeAUjl6itt1052nnvj6Y86Z8qh75VYGkDTFVJxRWju8UlVgb99y124Xyecl+yKEZJ3IRR6ywKzSvZUWMa2eFknbF966Iyao2tSsScqgw++3kdCPqeLQhBOIF9W1fsRsy9/IJLpCiiiWEWDoAMA8Kz1wA9I47IDLtDV681+eniF+f/PO74k7dvGbWwjEOtDXkb9y66Go+ze8f5Gd98WUUJkvPlO86OElvQcPZ9Kfyp8D97bFvOBtP1+oaESPCzGlk7oQB0fxozsXRO9zEGl/45hFsbuiP/RZFSo2zWO8zatF0qCe7sv4Evz7/FQthtQwIXNuRE4IRZqeM1B4nUO4sce5P3VvPqFaII5Pz0bl10osWzd/s/pLQ79/3u/3aJr54B9xJyc05kSw9FvUcpkeSn7B3O8cmSJpIWfyN/Ma+C8guz3cT3eX5K+lSfzxjCNgHsnllFhRJiI9t8kRCS/hWII9OwSZmf6lknWkTbyw61jHso99JNwcFCj6Any0baXQ6oBIQHsg3xR4jez7y/PCEpvbuvpvbkS+Ec+D/cb8kECXifYh2L9eEK6gnauX1OlTj9cnxdu2agPgbVkRW56z+0bf38AGBneYm2sOenOrlzBGSEF4eSfhNsTqmEHb8YQoui4z3w3Qs60D2OSFotPneS+A9gwQWaawBzwhKTWFscLzXkKVlR+545RTUk1uYprMYZVfQlNxd1GeXxOtS54JxMTGbni0ohrOvaMlwn01bOHxc/Hkq2n86i4uWrzsaq0SMO6P5fwPmNH4GOpX9B3YinqLIBP9m8bVrf1xEuiIlnN11W+t+SNAE3qBuVH7c/Nsbo4T35dSDbuqT0nZoQlMEjFirs92SEDIS3JpsUf5KBaGoSbFGZssUSFfdZM2ifk6crnqUEI0B4QXzX573Yy33x8fLC36REqnGPE/x18ilLq96VcY8ogn2gDQUT0E0K53SyZh3chvMRk7uvv+l3FVUBIMJgpo12xAKWkItRtJbriNAlfjcrFgEL6Bmjuw5ffll1PShUiAY9nfIM2iTY/tFx/YIVruyB5QA3mnnkfiTEeUArYtrQppcd/SQanBWPIpUfV7m5HDI14O3R+maDDHJfonX5bRT5LcfZ6TDxz+Wm50ie3kbS7PRCN6WTThuu1LzzTfG0t+c11p1PS/9X8MvRS8DZ+/eQ14SFD7tcv1YahI6exae2GKPPWAv/1ivpvQ6UgngQUfKXiZJhKCr6HhMHQkZxeIVA/I6+AIfUI683EydIv5rbP/9QsEJgk2yv1NNyhvQ6Jkt014N4FFApZH2Z4DRmsjesx59XpITJ5VjqnUqZvwuo2L7427bJmCgeV/5H/UNe5TzeQ+4FgLW4HKkB/V0R/Ye3bg4fgs9+dKEBcIX32GphpxcdXbWOChhdrWjrcbJyV9HL4y76Epa6QnTFA8ucrmEB/jARa/iuBWYheBFcTfON060Yfd4R1jBeyudvlA/v2KL9vMWydc80znXpzu4cljVW0y3YhjCOQCgQ6kPxmZoIGnhJYerY9wqSu1173Ja6PFpwfghFabLewVam7B5HscqNPShvwgRjFfVyRRNATeQtMkgy/USQcBMf6vaoCwvQRpwzg3Ick26DgtyPMYT9Q6+rWnajDlVnyDqKK/l2e6puU0KMyvjW49O5iyDs8mmo/Qcui0MiOCftm/LkzAvHe4QQI4YECVog4bB6a0cLFo6q/JT0m111XeH/MxtUxYqmAzetx4IVKjS7V3jGMasSq52Ln5uZpMSc6BsbGgmeIr11DeSK4Duj/9Z2h7Okp230GxlbezUrRfUoiye8XLaSc8vo392vWI9jumuBBedcTw6Pp1lUHpMHT2V0b2MtLZ0shDORK3eK0RVZJc+RzcaYR/a78zqdKiz4cBUvCcANQasItmBrT8JPBofmqcILmeRO4BuTByY5NmJXEtdWMTuoNd23ECudAvXyLX7XSXDosZaSuk7QEW5FwT8lP2G/gq/m/52dc5ytL/PdDBnIxtvpTiAhxjmF5+Ft1eBq197eIKdZlQbD+evvhhPpAbQBrd3+bENe2QIgwAqIjmZ/IpptG/hMotveQtMLxxFuuNa3gkHzJPRlYuIdyMWqx7fbwbZyuwLjBiUFSxdbR6PYWfLhWCxrehqo+rMvHa2J/j49mmLM2qMk8xbTco0SHHn1fE4AmieiHprqmwg5Yb+vPYxeYjqG5NWeW79coTy0CZh8vx8cy+FPgH+CqCQw+l4ytxDPxhc6ljn82UHNbQRf3M7/F28eEv8yLrYYfRtKBS7sIqqRCeJT7QJrFJ+7o2PNiDxWedtqReEGcIu6ZfwM+wEDpg20M9RuoJupr1h6pcGwY3h96VOs0Sqt7B01da/cTP9SxffsnO8qpNWaY7TbV5alTI9R++/Aq5GOu4qv26/hi+ftAVc+JD8t5f2rHm5N9EIvvlXM7XizvBwhJZsCIsaTuGbSd2t06mNIBkD+dt0o0CkrGNQzY9//uwwm7Eh+2EzhYZNuyBGJ5rX7isGt7fr59xhNEOS9o3NnEtL0oT0KF4/zH89XocxIi3RyS+3yOLCpcUU1AXWCwAVLH3lxY3UGyx5uffrJ1ipn3MICYmJgv6Vlapbrv2t187UcmUGpK/4wm4JPo63mqhLZnZza3jC2z/LFC/Rg+s1V3OpqxMU41ZQCUna/FLPCsJMdl3ksZn1L0vSlGmg/bN0csr8xvxyWiz6F5rs9uTl88iVGitB3f/ZNrLm+K+b2jEkPkUFB1bJMnjhxJek/YwuVCZ/+by9v1zwbFrWPDA1toLsYxru74oHlETLJwvFR/mnfaTH7reX4fc1ExvDYeGgr5PjiuaoeCn7X8JmJDmGNjXcUXpKaX4ph3wV60DT9VWZDG7ehzfm6t4I3py1m943WaBgOGKk6ZpaBOZDM+IzIzmjOo9zsYwT9Q48t08Qe/ti01+TioRJ4EDF51FVJaXzVBnmrwhruRS4oAi0be+XNd81XkXiDZ0PjIzj/qh70IP9zCHRK7EmBfui5ONWyHTpxuFsUtyL33KA0Ezb4KHXpC52H++PqlYuul9c04gZs1VeMzy2Hai6k5pycMANkF9swx5N8189IAwgUFjr+n9Gzj2Ahp+40rGVxFRQQwbE5y6q1KSXsqUjMHz1hmDQntWVT8PQbYR5MCnZr+UCLgrd2JRVmN4+AXaUty6+MaicBSfPfQzfAAT5cA+MiehueYI1LL1hFKOfyQ4GF4gHqRnsuEKF0X4qjoY+CQiN3coiKgAryvAzahBLQvyJix15QMytGX4OV5cbLDDgEccpzq2gmnGuPyZSvx81hZQog/hCi9r/g25WnQNl/Suv/HoX+HQ9kL/EKgsuHuAugspr78v2T3+0uTtwY5CxH5PguuA9DPuhcia+qFyHM3/KRSM4W2BKmk2cUqXplVXyJa4kBbYZYCJGrboI4sMTesY038D9WtSOCYX1hcnnYWUTLtHccUvZbN2zOU5HoT1SqOJ+JuqjzQKCizDzz3o0MtpARJc4IbzITHjfI62PoceNagsXc2QWWTIge3L7JfTikLofrRU6pr+ZUtZZwvKTa0RJ6HyVxqVmK6yP2xX9gYXEPyFWYzMsp5VRzuV9v6VwRxoGyBneObL/iT9JBGlCpCWmO9Th2v8T0UbKbNv/cihlPpzhQyhlK+N6GWeGd6LxCG0R4nik5dsRVP+hgMfw8vvtdRMOm/zn7q+rKv/0OhT6KJLrndgfKHeKURnA/Kae33Ksz0bv7tLlyl+x/gjBHGEc+jL2mv3iZ0RRgr8EZH6ArkO3P687ujUYPgrMWWxgvc5F0kPKV7+EvaGANdBRLGN+jlCBQurCm5FeHseN40fVUWFqZOPmSqGBRW7nIgKvSKOLePYH+6hpkelSK21XsSjGS06SMFJ4MbaPUsaDppiNsVXj0rhCW6wdoSEfvq6yLtCFTOslpN54p1+DW0ofVacibZ0OwGmeIDhVJZ2d0ykNF1liRLMeotxr7ET/cko6q9c0ulpg0UHg4Q1KO+Jc7wb7xP+jdQjVSZ8D2a4B+V+BluAhJrGHCMtFHyfAMp0X86r5AXn9ouf1K7vCrO5FO4jwq6C4VlL7ocQ1bazq/mFIcXIgMwcFG1/XXcZiPeAYB7tbfJU1DF4bt1CZWV7oA679TFumvqGhcG08blNp4NDgt6gnv+lIdSSFsE78AQJDlu0XVXkzA5g+x4K1W5utu9vB+AX7bpjpRh8s7P3rWm1yqHPlSEv5ov+ViE1viSNqoxuh2lOzKEVlXW3U3+Ek7SxE24mSdSMpoJuYRb1x91n8blClBJzCn6UPz4FFFwuUcjH0OnUEPsTdCYZ4OG1T/6M3vK4ZMCqQX5K0eBPUVFNWKVfgLmMsJSnz6CTVes3ZltHJ7c3Ixc7R/XIX77HPoAiauk30Bv1iIglvjPwzCUzq1EJ4nBIwIAJJSVEZ+d8myJ7JW6fbHmkwpKbnPKpyk1ZEAK+nax/7TQd1CqeXIhTosXTjtmdYy/O1jIKCHLZPkqrMuiKzZ4evrihtP00unwM9CfpmuG2ostJamy0vaL3ld3ZxPhy9GVaUMa4yvoY7SAJEhfUoPhb9//dM6nFcV9uoQE0B3riNmDEgRS2Q54L9P7fU1+Ok/9+nfUT2xgoJbHntfqjMWmLgRLu1L6+anBwmfbsKhIS1GIjDDqlXEskO/yCe2ovLWOtZVU8ozlIQOGfOPT370y1aNL4Ul/51NXlFWw2LC3J/X4GzOv1Fn0j1l9oO1m8+QGfww3dCg2bX6nhPJS5lwv1Q3gYi5J7p5ISQbck3OhU93NdomJwm2K+bv/aPftgKXJUQpDMgZluxV+j2cjDr0ne/abYCMKUPwe/sLhYJ4rZITbZD5Sx9Rmc0vBlklE8FUTQUkwmPkb5giap2dKLOgfvJKMBcCEbdZAjmSVk5IZrND7AlFJI8WWMofhlYp+e+Ctx+yVoJTn7qaP2nKZxABcyjPif1awV3eD7qU6ruWltMdCJ8fXbP4uxUqU2In3HpTIWoSoIv8O9eX9X2wevTOdmlz9L35MTKH7QDmmRmsRzKiDqkUohtUxKTfC+8Sn6wm/3ds6TRFzDa/13Ja0seSRzJUoCS9WQvEfK72IWWiiUAh9AxVHuwJ+Kp4VRRlSijIW2LQkaRSHaFQi55SP1mXfARUCmANukIMrK4qqBBoVUaRYjTe1/edY2TuFYGFsUGwhv6cPI6r8RJWUxQDoXvI5RkJBrQi9nrHCgkyWYQuPVj7N4nuO6P45qxI9uhF/Y9pfeORvMK0qoj1ChtKKchmaRGW6yXeaWb588hNAKXTMV09/r9xmP3GWokqcPC4ExX+QTqcKrlYfrBOsZvnLxBzg7Ys54ODX3doTxvajOEkI+Tpg16RiPVMy2S6IpVd6kMv/HhHgT8XkQfOx0RqGJDk8qCXOSJvU9REhiKabi3EaUOQpdugSIJeC5a28IBqjbMUwSL1KSe/0OINLgDz/RRg7pp46/2FkX7uBRHNEptAN7ZaNq8z6V9pHJD45EYX+4MvkNrRTcMu3RwhDrVWUKNNzSIy5PnFiaNWhO2cUlPbevquDCtyePEYQ9Xgem9LWXbiABwf617gHtCq4p8XvldAsCm+s9t54pIv2AAJD0WPp6pzwa9escE2W58HPNWvevK0Jyvu/fjR6Al5HGEQLzrr/fbYspdHnJ//vTjrCHwNbiZjikAS6+LgEjCUltEEPrU5an3LH7NfRewGFvpOJv8O7dP8+TNyGv464wzUU9SQl3qGfafXfbrlOV6v42RQrzPDMZShAoNNTEzzEyYLCKVLm2X2t745muDHNiwzJN89lKr0dP/EgH92j3Cqql+tHk+5coqFnCnW+8IPobe2Z0g5WUsltFG6gJ6Ugjyv+gKGwKdXDaAMX91WhFAP/1PL3o8UU+ov7X30OUwizpgstVHAOEFMoJS7uccf8KQTw/9kZcpoS+6jqsn3ouJg3RzQ6usbNkbzwXO5EJtO+3VRdv+9ka1rWa3xa8B7ibjiiROj1PC1JCLxNiI38ECfofIrWJA+4V138JxHg9rrrGf7+OQFjLGzkKvOslFiXvsUWcOkHnGKGBasZ5hZgi6IH2BAqaRxL/1lPnkgKGUQzMT7SDM7TLG4hzsM4dx6XOfCV1+3bTr7MnSQ0rRdeyIWprJ4sLkugOl35ZMbpU5/hDdBFVpY710DIiQmDxbMX4H92iz7+VKpiEukj8BGQyDi5H4HFvoOp+1+L0GCHB9oUXn0URUgh4fHlMumobcLpQCgrFMmsHibrzCy0i9XIzwXaHDOz2YqG2b91r7BFmXerhDnCzDgX9Sckh7HTVNxBlUPxu7h7RikIoOPB87w96NkRVe/Q9NXqfh6hp+qhRMRiQfRBU3SqL+Gn7JtF/r6kJYhm7o6852re6yXqp9dl6n5M6KG0GxnR/bxxcGCtLsEdBZBV5WSl8qRS5TTWmiQ4b+gtfoEZ+RhSa9ZRkffEpwL9YQ4X6esApcwR/pfEVVIpiAWBEaM5b3qVKO0m85D5pg4KfgkOcyQ9S2Qn3Rf6Kvh8Dww8LP3oLBtFTtzcq8JsUBgqDT6GrXzeTmD9QQSMzo60L+107Q0r1kCJei11TJQtL4biXE8RpV5n4VHOXIGd5H/vsx1i6nCGmbMt07+kcXf9dP+WvvYOeusgpmsb5w0HibbwoH/uzFHSP0EFKd2Vd2n8N3rYa+397xvibUZcXwg93Z2SP7rNrAOyqywINHf3YWCGHyfxFBalQ5/NhHIABkHa//xUCnBy61Z/qQxjsWNapVUr1hgqffT1lukiDVOlGKbUXvb9b6LlxmTfDD1yoYoAQQ3hD6oS+ETYBA49FEqrYYP6o1y6KQf05845B3ZGzfkZsc42XgOfO3UGcI3LMy+mR9N1eMEy9v3uH02pWtJI0yZG2Mlbk/W6tHVIslXC4pcUIIweddrD9heZHE+c4qRDzM0eqSu52hTor+rvnK3jjrf3aob2y3QF+m6iNV2PN9B4XDZF6UlZ35rpW2ISU2S93CdOgqjhGncOPn2iUnfwfnNMcT1Wf4qc086TQgKUvDrH9POIRRqgvtJ8+V+ywkl8Wk/dljj6yTdx+u1EV4i8PZXWJkBQzvl+sEvM3rnRpHSzr5BHLmPmHgM0uvhu8G33DwCOj2FJHokPXU4cMO8ego65QokekBc3b07dc5ofgZB0o/J7QJmyOcW3HJUvP7Ecf0jMw2Ar/4r6maWGd+G5HzYt/zkVD96rjZG9oDKz0r8hePpay9YF7ynKtuNRdYERDgbFFKA0008Rt/dhP3uqqMxhHc19z30zRAjvCEcSoZP6uclm8COhUxPXF/HmZZZvMELz21Dv6K2fp2d0LYW72rxbIv3vU7qfUGhE5QMhlG4UvAY6gkl9t/GjHiWK4hUR2zdJ0l/QSU8Pu+1t/0nj1e3+JLWPb6ro7BSiNKg8pWeT+ZIEKmgzHvf8KQjX0baaeCLzqjZL0sdVb2gPCjCvZ/RuKXpMGK31ELI/3UdBOdtMp9UETItWmbhSoT8T8OHJYwgEGz29IvD7xe+bnf5vNM3aN1HiYm0z8sFnskjIzczufi5TOOXZtiLSEkw+7iHZJbisaPK89i1IYuCLEB7MAUEV319qk36A9+a/VrvqNmtimShqsBtmY7mU49ycVOzC7D8Ts2lfVAaa3zL2Wp4SCuUuqN05IN9HcJvOcCR/X3Es+9cFTk/isqRozUTNj7s9hMIuvn1qiqu0inhZXch2YbnA7qLytJXbeNDqpM1LHxU7J2SVRA1l12FeW84Ook+6+8x8tgETkCf3NBFllMGOQRfLbnU+txG/RGST10o3BDMvWCuA2C3xjIclToK9L/4xIRgewM6Dw+8jZs8rrTRpLKHHol6AhFXoC40sOzlFb3/6ndpQzTltGfXFhdbrIXJI7xMZaLdL+OQMIm68ElQb7TvMM7sdL6Wjv4sSc8bFT+Vu3SHZ2JQn4owN44J7XTnoGF2V/lQ0d7QZWH8Y3Se2qgveCOnsLSB/SD7gq8RYwPDHDs379YkHvSRABvUBN62+D6nCkaDpOaCZgBTwaBMaRwvdPpJxrC+dldOTC/4VNi2sKO3q1fVgcCT/FSW6qqHw0ziUEUV3FcP+oew3aZ7SWB68W2d5AWiA0eUALM55fxrt5WMU91zk5Ch5AxFNM2XRo232ZVAcxcZot6FJKKIhHhEDllPNzoU2worI7PpHTvP+6hjQusTL2jsV2My1ns6+ux9qQkc9xB+G+Hec4mq0yIGIWakaGihVDq7ev3+qlCtIkj+V4dM57np8Hgm4WVMql0UuiSqBUwWcN8WnFe76YyTFnLd04xSROBy4EXb6kffu7CQNIBxCIZPm19MKNzppk6t/AfuVGRalxT5+fQIpuYQYwNodqojPU7SN8fmv7WYrGxHDdi7H83LeaMNr3jFpBQDComJw5D5Fn6IzV+YWvr4PMelvSMtKgteoeAtjXHsBwN/aDk6TR80FXM2//D1j6S23gfegM584hbZEOJ88qrDfts8C5wVeQFCaYiP7xwmqp2YJH7cHNfaXzY3lZSFppAoCC8rat9p8lxXixNWDJTQmgogpuYEuIiI3l8MiXhOBrZHLLSfQxArNAkTr65f9pARxfPjrhQeuDp1jtzhtUaXOHlB9921knjVzIypYV4oLCIRgJZA7dUHGYl6tcDGM9lOCP80IDHlmOnCRoc3rryPz84GY5P7T1/uo2PIC7cqTh14WjXn5hVP284e1DDtzW/mKtB+Pi2V2/L11PuZUmcoMgNUrD/9BVz3yqhqDO7TPfgu/6lGOI8JxLVnr/lsYveWLav/fLNwTyR/IMDNUYw5/8eVkKjB9bI+P1VjrXb4YivlSSatKvuy/hltnfUyz1wUxSY9tlUCzHBtu3QWzOZCbCJkisHzOLm2DHOf96GLFj5eQMpj4F2Q3ZB8uydb8vwnDDf03Yay5koAgd63sVw+f+a1bNRe2w771/+JiXo/4hojwxLdi+GadB2sEhk0mLfrYq29EWWJA8EkjyNxe4c5mkhbyCV9jI8WXLiCDA2owGhILb5mEABYSRKAy8xRY3W6Bgt9C4gUyrAYRuYWVNzo56AIdL4w/t1pj6WYstrbip37Z1VGcjCc2u4YvCJSv+RVUfjfCWzpYJs/JOTdtYWv3Xutwm8+e7OXBcaZOKAynAyoS/TdkqnKyRHi2xQC8HPh+nqPegvQl4atYQmZv5U6yFjbESmql4pYsPoEMxfFe6uF59RhNTLOp6o9JLhvDRXzkKRGfWn7/J4YflTZU1+XuAPFYw9WaYD8q3c8VTWBYLmUE6LFmBNLPD9V3XBoGCgo+HTTJtvJahWke01s9X74MlCfi7GGAniU6o7jMIrPVlC5Wa2deCZeI690Uah6ZjZVA4zekeyefxyKMkobQEbQVmGvpkdQfOPYhYlxu5VHiYiYS2+FGJMWBXn/pUbJYfEnJ+AeK8KBkeii1w87vvqi+9fdqEBYm59Rn+OskrOya5FupFQQTaxC4jqn8QPGFnN15gQ5i71ksquui0AcgIwRXVW5hZtxDbukpAWblqa+I4RG9Bi85lq8D9wC8F97fKDeaUMl+T0JEhMcd8XGeDyS1bVmlh5CLHlBnMtkhXdXIlGoziytpZxALrTylgc+yQC29zw6E5CjREzL+xOrIRHzvHzyXrvUEPMwhXV5+Yf486bH49J1dJMY3xn7K6ynqJKs6TdcXIu/2CcBnuW/vicmVKxvg1UokROKKRnTvhCSCERKIDG7Td2h0iCPMzqAsrdK73N+dEJ9EQd37pJTsGjZ2SxgcC8zclHyTyxbNlWqtQie4LPgjkv+XFgZkHBvM+WB285rRu3LSOJm0EdD/obga/OTaOSLzBMjbasKXYT45V+9p1NUcWe5csrwlMoRL6pbrhkDJLKro7dluNM1U8/G96TIujDbAPNTuZ3ZB7G4zcYZVZNxdjhp8PMJCJH7m8mLaVVAXvpZboiIGCN+8rzD4jo8g6zUze9HAfyMTvAJb/mROslJnyMV6TipAL9DCCz5XzVfLUU8Y3eQXRpWKTdkmF8IKmY4gK6W/rKkNLjUzU/rlV21r1XfQ7ruB3mIPZXXgEvSH5Zt+DzYEveShcxmcb0sgKvF+kZ3gxzx839F66+TnKyql2CT0W7/lblVTXcL3ZGAkaOKsUpDZYQ1ZO92snLXWITD2bf23Q/IB+MQYIAXzrcLIYhMv4/Zk5aigMyB9OoSEXpvweQIFk7Mwn+qW7Gj5WlUUbI651xMSpXy6iirsB/nRWvHyjXBKnsjiASGvVC2X5ilGN/80JSRbQbwWpIux6+WDvdH5n7ukS2oAY/KmYqdFRRYhvhU1sZruod4zXorhzsUyenZe02LicSCMoAfv1JbGyLg7ATB9PkG9od8rsanmMcaVHaOxwr4x3snSusmvDDCfKWlVcLM8bA1j+A5D98HmvTa/qLBwKgwBKmhywwGSkuNO3kdMRwzufdGfJGI+VMDeSfzp+QVlF8CVHRvxLWtGkdz9g6AqL75R5YOn1t/3J2G3fMpKc4V+fDBwBAzr2X+4+Y8gWX4nWsNqPOkjO8fFVxQ8BbaX5I9Grj03SjDmmW/GcAkrKcsXDLuXbt6T2FEPKcD3X2v8EQhjQF7mbw352XPc6KP2Nkx+KxMcywLZk2peTrsCyTVEm0jkPHtxTqfSyOax1ZRmhT/kBTKFkFb/6kK8Pyw4MRQRzmDZfleWPcEdAVs3VZJmg91idnBJatRjveRvAP6QLpZ29FZ1sEcs+DYJa3ZWk1jc+vPBQcMjpYVfhv73VyPfLa1oaCllRtOLJrMszuWuQgERxqIkGZgeZVKYKgVyXHpTRLEZNKNxfct4KRjH150lyGMxyR1iXnhp7XSWDjnPw4hX1ga0NOscJZLN2dD7zr2kkP5Z/D8APi24kj9RxWFZ6z25d13T5W2SpbdVUCTsn5Bi3M5ZvQl/1ssYevL2Gk4tqKPotkh9eD9A2ZyEXCgLEujxgThutC582RDTvYFLZe/yxnovTi6bS7oiBq9K/tlyL3CFGa/ENeIQPzAeTFs8Hu7VKFPheNivR9/NV0YoARY23necKT5Ef6PB93mu4ema+5I8HmpWf5xgeBd62TNvvrGrc0jHfvJSFV0CtcbacSzuy1mcBehIeM3hTBnjjC6etqLhffgqK2psFV1+G9iJf1YVzwxrBGxTFeXR1KL4P8iEpL/Wwo3F5Npdxj5wHXLDLz66HBP0SB77xbaJ1qI884OTSKaGx9+hPvOCgvaQTOTXw5vRBwdrDsZ1PvyVaZkLgrT4K8EZ3UVi8R9mtUJmqmr/2nFOT78zrBbOJTJP9UpSqeFNVqwTUt1epg2Fz27TdmvN0Lk+CrGjyoT01fDIFmBd19v20TbdgY6EF0Nv4N7wirwLkVlUTyRSWV1qDdIcERKQ2sPn0lItDK+Bilj73IsXDKraqmrjzNDgpV1AhyjXswi/8WRof7CblZvXWbXA0HxJe//dDcetrksQ6kVSEsnRJ0OTMpAR3E7WHSpzXjlW7kiCEGTOT3F3E3unmaXEgIVk1bx8uhTHerXOSbC41lAfTNRe6KCUyecIk7iGylNvc8OeWp2nKY39nJ70sdfOqVRWr73LZKbaeafkagQoBv9wf2U7//vpVUWi2wL10nufb9aCT7Zb2Fi20cYVFKgp2SudgzZbJzPG2aPQtu4tRvU+xw/ltsXdPSE9Rb7QLMkV9n4P2j4ORMO2FKyyxcjaIyJT2YQP4eIEDqfofWOdnD/2bHS8U370Of4xVo0AN6nIEEIG/eZ5J6myzzR+LxfHWtQNyLTag/lzsy0PPJjcWPVfEkoF/oT1wU+pxzz8vZRXVyGcP31fGwH2VKsst8L6l4t1RLDv55/e3BCiLfd4XiWSWzo/5OrGg4iFKa3t+TH6f0S9cSZcz5RxhKvtZY+3pDLjH3qU6hFT53erdaO/o9Y1z2RvREA/0eWr6abv5tWqCIqCWxEjH1k391zXlz4sbBzbqquJRqvchjCG+g4/fr+iz/KUaregDbRf8q5gR03QDxDq2mFCRCaWhioNiEGty+wC+p0Cbj1nhpa8mY7CXnUv+2O7fqLJwdcYYCwTRv0ldfOmHqR8FuoBvHqGLogwqJAbzjWheE93+r1JBlQ4rmsg9Snknd1n/YmPHj/IArnwZ6SOX0CvP0axgW7dOXtzDI8vMRYzx6uSgo6wIhaYTv9Fj+pvW0vsVe0Znzw1uSG2Qo3mw92mvRcSvqs1dZIN1GDF1ZYY/5Otv6nGa9uPukUt3PlyIeVxY+3VlJ/QGbqhzBX/zcwc01oeF+87H1/rJwhoLtk/F2N9gcxxN1OIvpUyHzXdUghf5BEbrHL4l8IhiW3NZIBe0dvjXZW4E1pN8NCL8t9kMuk737+CcA9C0kLRaBvuM9eItSflD90Kw1S8IlJnseVwAujEHm3u4+k9MTHEz3piAhYORIWftoiJ86vHJUpybJQJ8GY9w3LT+kfJg537b9rPKj1lHDW7Ea15k0OK/TP39oEtmBi4ha5OjiST1mpwmsQ4nZvw8qnaZfkqwM9NRVYYGKkfveymIW6Pm2f4ANg9LWeA2ORdkB9K/HFYVHd0pY8H4w3cghghs9YJXM5iveepBbu+vxpf12eQbmyHtA+BxT+Hh8q9bQ5tdZykKkbNqgDN2Ker0+/3aDOVA6gxiwxwwSOzcEqs2+QGSTAaB3Mz53ai7hwU2dpkdqYud+fEnUkcdO87u6OEOqY2kBlw5xf8tsz8kVPX/mpefBgrv10yE3GHsoA5Y98wcH3jiiluj6DRz/dGsrIiqvKMr8AVYWM1y8FnhFYUOXbUq1WSvQ6U87kU+5EAHjOoPXD8N0mSwc5kpPY5uiQ1zzMCgv04Qctnm0UvwEGknrxv5/PXWY6MYtbvCmzmCaMPEJhOKh4aK/spn6i7x5QHpJt7H/gTji5O3aJDg6qZkT/UTm6GpKsxkv/B2KC+7eU52Q7NKKxBFkJOzwlluq1AhStMJSvlhClJvmnse32M4+PiWPIFnWNgvuZVq7uns/1KMNv0Qlc/wC23XwL6dPLrR0Sbj4yjK0izKussXdvxksmPiJwiJouN8fyu9pHKQ9nVbES6AdzX7FZTN5m2TNEJ4lsJdwkVKube/QUnCg6CEW7nhpeFQ7JUNSPk7Z4Csi/nVdwmIDjWpua6bf3lth5DZEKxj9T56Zqq4OaXFCUrqPKOGotQLc4KiL63SdVHJ1QC8xhbmP8C/eU2M6VobJFh3eWnqCiWfQZl/XYeTXe5xQRKTvr5AzeRLwsPXq5jHP4wqnOdnI8+PCkDwhErDTZkK89CtFHWveQAFlc06eOUikcx1bI893Co+rOeL+e+FdHZP9dpyqfvfZlcLKxw6rOzzZZW1GemTqXrG2nvQPE64N7gnI5iKe58ckDUrSTFYoouUUddCg/uYf+OIXONnOudvQxpl+DHpmSMOtWEzQTT+6j8BBDNc8pPxthu32w5a4prd37J5lj5s7T4Hv93IWx15Oto6uU4m7e/mms4PuLL9YCzIj3ZvVj8YoaalMPLYkctU/uNwPfb6Ev8idMtqn0lLSTsxS5v5HM8cDAlwx2qDCKSrwJomRVhnZOrXdYMEqJzfu6GMOkAT/WTyMP2xk8MhQgkL6wS/V2ItgTSrHqUj12F+McUv3dmPxiwxOoucKDD+F8qvj6bIeK59p6NDfKuq3DE+x3HLxf4lKH6ykt154pEvVnm4QN54ELvksj41zv1o/UDa+lueAkFmXKtBNYNQ/kSEeRRwc0jh5hiK3u+pVxeAkGLWVR44rxIkS36aMtTz7LDBYUWOd/bXKe7flPNb9fZMFZPkswtB/0/wmyHPS53FunoVye5Z41HpeJFB7uLkuXc+fOoDPYl8PYwlesJlLFEaHUGRsTqxS4PqFoPnEtoyMBAlW/Ns/Z1jvk6K9RuR4vEN0wG/UQHhnk24x3NSBhR2MTsEVvSwRzsmlKi7nvMiGA2P6a5RYMUPOAcVELS/K/SkY+LlyPwX+iw4a8Xsp0g49DSUbuWKxp2u5dY3X6ApxpObWnkEUvBWZs+vLc88Zm9lViyGzuu1w5i43h2jWu3WJUrK9x5Q1WU3I7sDZcxO0lKB8oejNzg6f4pshnv1zVAoDKVwyNMS29u6ZW/zQJRAEZ0FQzXVZrVVozEV9IMN9L1rtegWqrCrEy9ZGlzu4u8N2u3kX3LwKWRJL25Y726cVsZx3L80KzXnSwUCXL+LPkf32alzOrMM4GVEfr51djzDhinGBS2GPx36cRGq/TFQBhxIk7l7qn1upkbz4XWdDsmlQ5HmU8mxRsl1HbtgDpCVP64tLFHHINAKk2yG8r+ID2wimxA2SfGfqlMzzZqP0vY0N1YoecTV6wLtaSJS133YD1ZyN5SEOCVmfjkSOuZZy3RXlrbkhH3rVLA71osv+N9XJz/EpcG/02f0UgdiC//8G8MtPNjfdLmIxH7fppiWvHLuAteCxOO5WDHaMaCE+KsFheMq+h/kqpIeYYmByPvZvhzDLWQbzNAu/VrFSxJ8Mdu4qMpYJlnrkDALocq+bq3WctSA0nw/kG+WyVKRQ+HBKsJHwJUC5Vghy92jc26F6dsXufy0X5RmGaEQ2ijgB3T061ZMH/eXDWTw7AoLIe3d5ND1t9r2X3bZK2NI6tgM1hQB9hjVHqX5Wr8mAOFBxiwn2m6E8ivEZt3rof9bKAz9mLhXULz/7Av1Is8r4zn138cVQKdgGy3kwYRv8bFRTZw/9fl9Ec2q5YreHp/ty70Hvyq0XFl/E+mUqD1iccic1he72DvgI/MaJm5EzAsIpmOZTB/ajnMyWBQVGPvrk+SAT0E+L2uCAu2uotNx/I4nVWPuY4j7BFFeLKVSB4+TUjTijtWXJlcISQCi60MOqJ7H2H7pFO5cl9F3/lKMLLy+1NQgZa2Jt2z4eCm27ZWq1Q5UXGWP/8AT3soRF94mnmqz/jJZf2bsPGvF+P56lG+C5/rtfvuLqwVMW5e8+OvRZGoqw8ewDDHm/pe568pyVAmyq5l/vPnEG+G9+APhvRF29UOq+s0apk+fbqkKiSQzMuLeyDBedLjgjAqEaeHIe3z5rG91aQnUyC8KHrh74oQdrvfEJJxA/urJ2N48jy+UJjhK2sL8E1F/BnIZTcSqB2b+UgMO5vyF7HTllr+iOTS3Px9iwiNQPLyDGayXkv7+dL43QusSSnRX4qGTJCBESzQGLcstkmjb/DyPU2hpSzrVWDsoT3LyAlvgBwdMOg4ikZFzo1henL1XGq6FycLvxqgeftvbEQGcuokge3azRR33RuO5md91ybWHN6yLLPvXHenDKOVETdy2eAQCnvzK8s/sYDM8DMWZEzzoueFTXLvRIsN6EXk7mLihrcUbd6Qp39tpeniJEV0idUGKC2IfJl3DdZYpfMZNRrODuKINMfoLyGds/ZqfT1Ha5ahpC4bQ2L+KDgV8OcCxmfVRom9ZIS0rnmMRFyN9LwqVUu27ysq9Fq4v7rq8Air5QH1vRvhqdA4GXlkFyHsuXgFIFwRb3dLm2+87Y8BKgvx1ADnr1yDOfkkfR3XCklTMnwyCvHbdvxnszk5O3vOHG3rnarlqzBk0MCmRQfRYytbvL7s1Hr1FcK7RL1uRUBmtJpkaOuwro2dpqExZTVz38ujheGtJGZt1OgfKQ324cI3dTuqLblh50ec25iNGVWdfnwiU6GVdeqUIOJtTBtbxZNG79WNJ1vSN0Pjsomx5v1BhH5dg2c960tRXT1nIu6nujhAZS010Mi1f8PY6VT32pvrN08LALVcy53jTKHh+PNSdw4VX4xItNy+omovCfhCtPGvc7LxWW/S/Sao9OnDShFWxRRP7tmNDsea18zjJ922XKGNZn51dYEoKHP33rJRmsGAGd92P2N3Q2CsXzJ0Daaeo+NkBKRLljOvmvTAuF/XlhGXaoorU9DURjgM/1N30mnR/femX0y6WfTBbA/yIbm0xYsQLcKXB1haSLeaRWhoBNci4c4uD6tvox90DxpZzeyaYadjaFJKtSFzcXMsbtTnW4oV1zqYcvcu/Q+WegVP889W7ADDM3R6uyA/HMq1KnD7WLYNBZCPmlDCu6gyI1tsNq5qu62IfMl6qFRzoBNweCy0qTabDb+/KcgpZNxzEzg4LSD4XBTlgDR7rj+gX6f+FXKAX2K0gag+TCVNj2DH+ukjSBJAnJn1EJYn9kNyfC8jX4pVyf1KaVanOfGp4ZX4l5EOfMYq5r3kYJaDyocnTOgej1e+1FUcqpKZ2QYlEeYJRb/lXTA7uzpTVh/O1TLKvRWeaqwred8NVw2L0ZmfKvI0DPjoANcV8gR1yVvNy9i6UVUQ6VS9f7wcGArewcWvY8hbhLDU47uX72e6VbboTBQuMzBHTW5VINb9uC39DXlPbHaElfalKmSh61l7ZxIAKMMPHqMk66zEc2NuTWILNAiI60o/esXRo5CqvbPckBa/RLS3iJbITJkDIxEovUpXaB0fwwDcqnKM21KHQQOylW2St8HeIibR9x2Ka9x+L7F9ACfdcK97HUdpJLopn5OpfzYhM06pfzv7InqJ8KSVl1XTPNpSiyM1sn307QS0RACq7wkn8ebMcSK6fI8x6aSLHPraWCICLYGkMYmmBfowZ2x92IJJcB/YvV4Q2EV0RfWFKWc2ECJ07n6/Au4WNq0VmvnzHe+URm7ymqlj5fBCETG1qbDT+GQ8bVohHpZp6nbcUX1nhd4Qjbtq4JdUj6+DTfBKI+Z3Xuro6+XmNR6xi5I16hVz2fvDMrfwzjWMri+hyT1zkDUKYvM7MEwCryPP4to0oK7a7lr76+msNmwrhfCwpEB3zU6mn6NmuJCTQe93voKzNNz3VciGQHQavp4yJqfo2Vt0cNe3c0OwMOte4BEr0KS3SOgGdV8gxhRaKdvyzJ/u4R5SRKpr6hsvmwK243+w3Wcln3fUG9jIYuUcgahT5SORKH5mqk8emywWjlfTCzv18W98jNHuEBYL7f70aWNZiQCo58sE5u4xWz/IMfTiUTaO3F6q/X0XndeqvOVOXTNjsW+rWx3Rg4FHhtdDJc1rbUSytI/l2ql7BgSjjr+yUYc4v47QNhwpwUNm+p8AbuNRZ95lLnEqhTXumIqaoUqhL1KAz1UMpv5WPHGF2gydtiN3Y2C58AFiHPMh9wKlvluSUOm1ADESY8F+4Ta2scpoOoNSujFqlTAD0V+wbtkba0KvdYhFxaJYOZ2jFPjaXFezigBQhE5H9o/VDLQWgJBDTonuwYDvqxLvPMrJBy2cFOildpHupH+alTg8S291A9+aBW1EVq1aEpjxompt2jBk4Vm//64Tn8O5BLz6R356v8huf7UQS9f1wriGIWyUkqt5TEdGdIX+66LGUG8mWZF2VrUHc1MbDvzJ3qItRAjviNQNlTIP1fbSu7xd1058viUD6LzfjK6Sw3H2UO2VDJxyC8FeqBWBbLsTuE60LXu0rwzNt2YRUf3pNFObrDkhVZkXpYV4++/5lpbq48AMMq+JCvMXnBHP9WmsYMhekORfDy2c02vNNfppFGtSRiZIZ+jI8STHZ8GsxSC2UddpTV3i212GPUVBftvMBHFet5ndGM2Rc+8vhv+rpgcbku98kKeRTde51soj5oXIy1pKdkN8iWhjbmXEYkR4Uz/NnN5QAf72wfE5mFCvy+NlPiJ8dz5bwLj+UmLrUkIwMGNKmZYepbfht250fsRjZNY6RPDMkbDDeknTRyYUPiY96jVGc9xvOFzKpiJOK9mWIy4Cj4pAD8+RZfrcLM0FnXnbhh28SxadIUHhPKHnoHpU+7CLdz0kfxtQLESx3O5BdyMFEEKahbdWKj1X+JqfXgkPdK6EvL1qAM5oiCZ93oDGaxUxCE3pcFbOdg0rrDhkoyEsPI9JUfOLzvfIHFoaS6j6KHVdP1fxCcJozRvDLXOmVBJjCJXe0+JPamZ2404zWl1lcTgss8/enA9lF5E/KaoGq7Q4S8vXg06hreqmIOLf6+q6Sw4vxN3SlmMD11agce8aOq65tjHV88qGtudbxR4d6X64w3rh3BOD2x5QP9wsB+2ZYrZT0UtciQ2ujvbFHsa13c7HIaRVwP8jvlxXtpfdHtOB32CvlQ98n9mfmgbbfmSZT6MyR6LPf/LmvpEArheN9fqddyV4qQ0F0DuR6lIoe+UroalB8pBQUkrqKkgDSWpFm6sABBUrtbhkOPIOAKzS1RtHu+yLvlLhICHge8Z9FchI1lpZ5B163Xe2XBZffcox1lWY6XSmJAlfJt9g2DBtsI/ErOyU8NDm8HKAwZewNkBjdAXO+f2ZeGi3b+uWjqa0wJ+o8SEtYhp9zEN2HZa8/zAKrr58DwxCu+6Zf8dhU72pbQYR4+mywzum68s7FWl3yk509R+EiY9jyCi4EipVhk3xzRkrlLfa9oRa6VqlxxjoTKAmflFIJnDy0GIuXOqEMSwSCVWiD/EB4E/rmvIKWwSi97xHHFvzavcJNxiGdRVQvxr7ydvq2NGmyuKxywpn5Q9/jBw1miDYSI/5dDtV79m/N3CNWOCG7pFu0YfD3PssF5X2ObvPed4Hp88q3v375XGiUxQihrrnNfiH7r032S7JcG5+E7YPa9lUqlStnl+dm++dNvsavHH9J5y/UC6V1WPlFhMCReGyzk/V58CfL37VipgU55TmmF5ZLBhkfNJrFvyYpOT7LP7RBu8NLeSkzoQUURxL09V6ZmfFH1oSRs/1lOaKD70jSYq+jwming/mDahslcGQILKSDNUVaXnvYe/lYKuQjDTQLF439soipUUvr/WgwC5rKZvc/VtLG3s+h/UoJ/v1LwT+v/hXEVQ2cKG1oDRQHP1tdBiQ3j6HV/UYpl9fNWK3U9uv3KqA0LZlvM3Pmz8kv6a2iMfEReNAtjZVoL5y5SoCVXAxwNEIGJtWBbRHHdazLDw4IeTEkCPz127AulcOcZChTvQ/Zs/glTazI8t/zYMRGKzCd6fzA/ro0IbAwu4DmPyK0R2SFbBpRKLSiis1wTmME+yus2c/dUz77NaJ5N2a++ejIGWe5ZswIS8X2a4rA9NaQ38DgJlg2y0ZbETcnNXcGYpkGTcHnNpoD+m73TKID+sW9ZzIVBqdnHihgxg9q7jzyQOusJvosVvrOF1MqGoCF0i9OHIcavqfnintnkND7tM88s7QJ0NVtQSzuiyO5Kpb3+jCB1aBR4m1VtcZLonCe9WKuKH4zeEoV1zcyMigSsL7aGGb/NRMYOXjKb1Hd+WzjTvxaDkDC+hv0qX6VTK5uApUQL4iqWFw5qxubTTSF7u38bpspSxGjYrTeCW6krD3CdaWfuaGhT2mfZh9dNwx6FDBRfo/LIhnHfYwLYr4k9TwO0AebbcSx2MiobpNXm3ZteR3GY0CNh/j0z22+6QI6Km/8cxsRgyiJgt8qrI2KNBAd5Etbm5XO99eHUiJ1shM817ry/v2QrSRn9/aD7fzG/zcOAzNEoyJ3CeitWpq96AgQb8XNXz95DPOTRMlCEQIeIL5QSuMOlcCM5P2cKRlHbYbE3mm6NA5bcrtcmG2CHjrvHSZxoltBl+zOgrGIknQolPFTwqBeJJtUtetG8995NNvCb4gxp0NCf53Auaaw+XxjRdfAEUHaS5cpLuBviB3zX2Pn3+ggO2lW+kCFx/56gukizKPnvBOEqTSd7uSUiRnwAWYVKaMSc7JN6pcWKyWqKRp6Q1i4sayVHBIadPJ9ZvVmN76TbiU2fzlypPHwz8/Yhsia0fKGtKmGqkhbYs/o+F/3aJ12lr7Q9PYzhSI8Hnmd844yrVEV/NyBOPPflZbBsMD1SSH1DJS9azZZ67FKHrjyGF1Mmx3aDsawffWPgvRJpdyLfs61+KuvSWTfN5nv7fIHAEvXBwoLCj/QT2Z4vsngdY14/r+7OfOrP9pb3XSlN+jzOP5dx3tZDzTD+Qs7sdS2+hAVjTHgj+sHpvPCubei/A/K/w/KpsmaE89UcHXAms4BvaRyBBcarl8Jfvm8usBbPuGY9/M/m7du8gI/kSJHDGXHS5EYyh6AFtssG0t0HbsPGQzFIQ7U7h06+OfTddZz/euLq44g+rnxAAIfvgMxzwECkLz+s/jMUQtKcb9Fn/yIeZjU6fsrdqSfCs9c0rInUfaaf33HfVFMKAdCartpD7LcaydnQuWGHf1846/4M+zV0vJvnw6QLoTcN8UxqaNpwlbhNyAJvRtbit3WMY6f5L2ghQc5YdmhZoV+92H42fb7mFib+X/0hz1mnanAK5sDzg36E38CEEilvn8lsJxfa8xiLag9QW8UDRP4Tfe/kiDdwxmANdL2uEAretN7R/0tMFNGkNTIrjrLttTgu9DAVtg8WA+9VUpVS/s3AzFXHYGAMqZ05fMB7PAtDvfGvSqHyV22z02GUZ6/LPasz5tzzqa0ExPHBUavTdZRckf6YCPz+zK+qt44EMrI8b/RiDuNBsHx2DfiUTcs+xtUK5Fjq7FnpAWE2cYXpUbpO3cpvjbviBEEAVyklQ9ZUKBzj5pKme5c9b98AWEKJglufvxdYzzXVAqitih2sLprzXEww3l75EIJhJp5cSgmCveRWBIUlRvnqgPHKX+fZRnq/14z9tt6LQSRnLPnHrL9fp4EfAFXsPaVRKAvqCi7b0LKPBXEEQTPcIjV+02ewZjylQGRYpsq4RsPUmgvz3DtWUrudxu2CpZcDI3n8wYa0b3eNOvrqPHz2a0cH2G5CRULKI7BWqzZ7L8Gluzm/6pl/EaH8wbmgrdyJxP6p3HcAP7gRIlU7PGMgfv1ifGtbeuovmDcZupmWkm79+f9zAQQAusQeLz7aAuUay8oXbafZ0CGsWeaODBMRAdZd2StJ2txkgqhKutvBlrrMQNhyrHUvpyzMdltSSdAL+vmb2h8zAMMM9CZIR5tBuHymcFbtlvSt2gecQHfTSpviyj8Nw5VgofGlgX5z4Q/f1/NL7WEyF2ClpvEdKS4jwcB+/32Eh+LpAxZqk7OUsBc/09WBZ4sS+KyM9frBUH5XavIF/Pfa8YUeMReqyI+SHD9MX6+G/UV4aDQ6Rvd8O01N2TuUBek8c6lkg/wY47nsyyLMlqfZHttHxrwLY0vJ5cJYiwdzbhAol4I03aEgmhonKs1Z3mTomj/PglgklDBw0Gp0vnMngzAUNY8vLfv6NDYwhBel9jkOOm3ns7viOTe5qFFeoqGHsHOp+7PifmKhHpoLe4kCsMpou8vjOpZTYUib/tv/3Akd4IzN7bfNXz4aimVqbZpP9hXs5LtnWnAHC8ei+0zlSweWnFxJ2LDb0foLAhzUnlcbrSp0D3g2MVQqKMdrURhlRLYfeKLFt6v19ZIKG6O375OhJtVfyN/GArlmrXt5lnQ/Tki+El+obGqPRR21q5U5w8QpmO5uC0+Q1VOKIow3yAsGRRX/6Osz17KAy05b2jx6/3sjl+8dg9HTgAnKOhXUTty84rl01sn2a41IC2M99OJ6ScpIIgoJqD3fu3y2tfyiK74beAihE0ExxPyt1jtr47KFojBp9CySiWCMwPPgL0/1pZ8abiIyJ2v/GD4LQalsPTpMCdDLTMydehnEDK25zK/llshHk/igRO2DlYbbE+VBaKe/fJiJ1/kdpKb7oNHFlGF4JOEP8Zh/0m/KlYBHEXp9aLlU+UwfmNE0XPQSCgM30LLVQ3YZ2kErsny1zXB04v02uGXRrDy5eHa2m4TLPfFm9SH6agJiBAwX/sSvre/WhzQXlpNpXyskFBOvMpo8IrXrURwsTT2T3GDzQ6qSe7AyUJUufSi4BDI7Lp2dPbHvMCpXz6DZDLiLdZ2ir5RFPFoa++yLGhYyLH6kipm7G8BUfpD7xSZVb4P76Q2k6BRMDv88lbp97+v/DWo5DgGp7d4R4lthofGpFtrDR4y098rTJuG9LNfy2eG/zkzvsWNKv5jAh046twTe9AQRXhidPYUvAx9aCAPbyX3Ykd+Up594b+mvYjsliG8P5zmJhH6nj9WQNvDHUf+/Y1qGow7+B1//tooFFGY/dpFsennTWSx61Em8aU9olr9tZKqHXu1E0joaz9RxTPp6QH+k8Id17/xSDTKsq+evWjbMoSuM4h5neEOu707zANCui0ncrfla/xaHIN5jpCu29mROr/U68OHAf3AplX8phdCbuPXAdmXp01YRUgcfE1eGWIMSZSA5UIJV3dFSgP73ezHF3oKVkoPdnMO9May/JFc1k2Ur1S4ahUFBwxTa9F31GNOTwPAILb5esmfJh/qL4p8ErqY9RT6QF6UQnpe2ZE1zYXx8EG6wYfPSezyx1Vh1AV5WFa+JuZE2uluHX1hASx8vdIZRBA2wprQH1+INFCwi11phXvwAWioRnLttlkFz3/19YR5rA7Mk3LEVRloyfodBTejatK0X5HEh6rF7BMHb0qsBcCtAzoUP5hXoC3w9Bgsy062Xmd33CrM4AYJnRNh70ULr0ULe3hbQC6rHUwulVW34eBfUNeRrXAYRsuINtVHzz/v+Q7/3scyLjc60pfvhrQc7SRhku9mQQKroliHfSOu5UsWZD5mI7FcR6fsvi29fHggeMcKjNA2ChGfhDN5guf1WPGZBx/ZrQDu6cswLoGAEFmgGZVA4m/NolE+gcQMcWoRGsYaDJGXyYm1nD97Dn9rOklXUdCP6BEacsxTNucKVoffCGG4bXehxtCaIZYj9MiW5wETG3sCW2mUaw1DSPSAC34Lye7e4qDI4Nxw/EvgRxWS1cH/LI8VMZpX/4XRqfGBTMRktS/0uUK4KaH9SDk9tOap+8s90n7tEQGXgOE4wuUsqceiid+KfEKJD34ZIcmmHy9lxLQ3C+pueq3njdq2P6ssu0w14IY/K07vSGa1sL1d1lSF6paKaIydW7czvWEIzuTP95T3DC5eEXrAz8C2j95n+3nORJ0vIAdgtKYpKmJBnS10gylvi+N++Iwd1EGskkK5CMGs/Cj6qFzqGXlzJst4duPUMIPV02VuFK49cDUadu4zvS5cCiRcgIu1ou7vL2+d+Jmesb+Jc44/fwS0jNR+aT5crSJcbtj+KelOgSEz58rNIIpCzXKGJCAJ9vacSPtkBr2b815t3zaI0qnO+3m26N/+pyGrz8iD8kV2J0y+enf+QqjsW6uj23ZObXEeMKa97qMVElLNAstArfs2OnymmEpqGCscqGgkq21FlTtNjWtEn/kD+N/cpO6dgUYihU6ApZFAKB9LfBMzJErwVEylfFw+UBNfxfhVk29l0raVLxAbt7fB1E3FFGzPrjivzbgdwTD69Rpjq8AiGxAmVt35oNDuyBvAJpzkrFnwoaCyiSHJLfwlsFP8R088xMylUmyBchCamUonzpdbJfGkt81XSDDRGdx1JBKnD04F1tfAnkmhz9F4/bSZcD1r4SqO5cT+i2jQd8m8vaONEw8VOulU6zf/SBAsZ4480F42DLj8r6sJ0PYzUrYZWYzZqrCgy4KokKw/pF6bfLocJJkALd9hD6ZfmubtnwK6OiPivNn3h+20bwajOTwYAZqGH9608ByfXYr+vo68Ax8eWr/v1p3iy0djftBd0pejYL24M3g+tmwHRc2G43hLG0/5A4/vz/WJ12Q8RWbzNxiNMrQ1KE5/Rv/NyV+zz58xXPo7O+7iMPugAftNwQ8bK+WozhsaFRPjQvTJ5QjS6r4AIaX4NcZ/jzxikyLkwXBLeJAFye9HfnAotSqbMT8Ib+HZ7FcH/6qrDzlEzJNMWgDfZbME3F85YTrkF0SXixEVf9JmzdznuQOZpu/3n/jL/OtL2M8utcKoz1aHUWfgMgzFE/BJL278Cqf+7LJxtCVRiI4ELhjPy1flfWoNNLb9zIMwopqzrAePMB4XgJUusP/dCWtj8PkMUV68vdHPWxHLJrF6eZ894XY0a31i2X6wIht7ftnrebi/X5QhgjIjFvYyYUeVOhoQ4sUych5gu+gnpbFMyLe5vrVFRB3oBvypf+iZ5YpdEA0KaGYtTmVbvjyG3L/vz54e/rYVMAYfKJdZlHFbvR7K/SwcxNzcbfrlWU4g4sBITjp7OPeOHz9jRWJ7iQaNUT2cDpyEgYNHXbfjWPepKseyh3JuR6jBSEvqYmFgJ+wZZKlD2YvPKC+iIvWDXp0X4OiOvxOGC73LlLLtGBF8sQoopx0ateUtsRhcTaHCQmm4oaco3dCmTMtV4/EQrPB9lOjky5Yd1MzzVO+H7g4vVCuezTZasliGd8R5njo2b3TukddML2httF6OIycVfhZymnwNOHrBE5jhj12qDz4V+YTMRvDWQ1yEuyLxvrPRVO6XlTzbUMManEy7pOiQjcCGL72RO6YekJcboKOSYfJ9IayTmSPT3XCTlRPQugDhXxxI+i7ul7Bq7fzIuIn+lfViy2DKf8VrVooJivTe5+Qsw5ZmUNSCD/8lKk6kKgN1e0tLjJzdyl2BkPtkfISB/1zSPlaYLW7593ebz3n00/bsb502Tb/YTm/J8AgcdocEcDX6R+Rel7IWdW+5NVJixf3onVgjIzPb4WHNDCQEwZHo5oWo18EYRXy2JceWBi9C0Sg0aHxj6eczfkP46zpYIaeDi0Yk8NB/5zwKYdHDXlFnNg/TOziOtcjW82XWlvyWyalIQF3qZUjeeKeF2AEtdhgMAJPGtiydIGrNrGt85m6gsAv+Jk09g0m8R7WM7mmhWHW5+BCVboV5pbNNN5rlgn93tAMgm935xqT6m1YYCjaHBqQQtXBWWM7WTQ9O/XzcncfwfZWJ3UAosYrdZ9Nym8jLXAgcsFJIvtApIbeTkNttvg247S9JeCAvtg3x0KXwo3aql9Rg6fHO/d0hRyEuNDf+4qKWanQ4eAQt6oRz66FGsHoeE2FAglCPL04ksx/FEojzIJLfUfbCEUtrKf0+1W8foiOxs45yoNqZd/iKROUbVx54Y/GFzRbv1vfxdvIL6wReKjq3MkVdxSO1VabvgtrS8u+Gc0EE795o/FrepXNXTVd19wkl3NyHstyE7Cnm6m75NcVzTiGozh3GWy5OimwNQFJkQjetFECPnDPiLzpTxReLBzQ0sG4pSsWDsgGBXEtwqrdCu5M/Jb9ke+F8WOZDicMeMbYYUsZGDBZhJr7XzmDdUVLbylS24lVbMqxaRJa4TmCPxG4rSaT8DNJAiOOovl0sZjwU4USz/2pzqb/+SwDDs3n7q3XFWDzPr4ibc7p5k6oeLNny85rERPqKbSSBXsXbmArY5mrpUe+YlkAixy4a3rxaI2UL4b0RFj+ercm4iqFEQRffhDJTgNxERpsOVdMKW9VHLZkd7TeQXbpvPxMnAfM9s1mn4OOgUK9LkmJCRB9N00RflDYtRMcMWWjIV3nPDMkslXKvheMzVm0gpMwaU/MWaacVKLC7LsNF3m9xuKT4YsNgWA75hQrxC3CxhKCf+Z92OEsMm/s16ybJoUDdX1mJwNPcR+CRbwPZv2zdbaceCULqqK3NK/i1/F2i6IoeBP8A1l+FORR6TWO50Dmk4QT/cG+cXwqfIYwmvLDgAvUXxLlYI7tyo+I0dF+11M6YMUXKaxst+mNNaoWdJOncq6/3sFfAbWWJviVsxzVrIu9vhRXbz9YRE/BAWw1J0AZhmYSxd4drpajNtJ8i/7TyF8IAPkx7cZe8y7W8szWS/fto1+lo2TcDwR8S6n0ag5TzQmjvq0O0oK+1uRPKojn9a50OlZqrgzn1ES0EcF6QLF4rr0jy/rGp4e0tZYNnc1EsjooWAYL8GffZGpcpxxKY2pcrNMdAZMmrXb5xVMCVcLRAIfOg3bP4gBfdLDzumaZh0cgQG14PjFTkwVrIhAgoSrb6WzgnhtGItWZMdFk+4NP7KlTgnCQwltBemokE9Aul5ddgahCdX4Vh4FneCn8OBuDTSAcYF7tCCrCuvhsAVooqdHcNmO+lbxIKifwRxXbgVxT5xUht7jSZ2CvbB/dhxurlY1fqvJzSlpRFCa9grY+kZRWkEZaHV/A8PlOdi6zuUTVlwNZt4f79hnYcnX3S5c92OD7g8JnPBvmiKOD9+QE1oLWAwZhDIhnu5EFUR8IXHETvCwhFjhZDp/lVuoETIS7NInutkqOWb6x5L4z2WWnhdl1dzXUtpLgtvLSk6fe33JoBFgdDHpHEidLT8h2yGBS9Fy2ky8Jk+EgV8sxSXvj3h97m72Yg9yMF60QW4Sk3Nl9XM9SdMwhR8xXTR+KG5uIuoondG2ycwx6WzfeNC6UGfSUleOClfoX6jEVXGDpqNK3spOr6jau0oy9iloIuBn7H8+bE+ApF1UCgflnWAGACrPfe2y3IWdIKzyH/wqcRGHRzyAK7icfr1kT7xcjaPObTH0w9PKy+BI9+zy2rJ8tKWqDWC6sxTf8KzYktWvoL4XQ+aQdF5iP567q6oFzeqHERUyYglBHQ/JmE5i5aPrbmmUeAIOWVToXMH0ifc5lQwJELOoIkOH6NO9z3/mq+jVe1fdm4Ox5OpUwNofmzOAEiZfy1/omdVZvmNh6l5sIZ3EfVcWttH1AVNFXDVaryV2uoEADMNo0iXrp28Bo+gomEfZuHcFbtXhl7lwj8sSA02eqBeVa4XaR0ypw5jNZCcpvYyPftizi7W5EdnFE4rlGVZBHXqoLVjh3IIRxBTc5n1b+qlvPT0Lw9A1Mf2SEwnRH6VrR9XSb4CXJfQo/RqhVyZBlyip+k5rVru9gU+ApOVZdFHzYGDhcUvm5kZZJgXyWVhO1ueGxTt+fqW2iuv9UBqDi6Wp5Owbv42uAvPtjMM89SZzM4H1ibd7JsIjuoRTcNlFFXMR9kjkFnmyFdgdOLEWlcSCFDMxgjBTeAOdx3ZKZDDGwoMcc384nRKTLr9pzIRdmAfRte+utLAp5K4JyDn7/CKB3BCCo18q78gMPkc+bN1txnx3DRmzzMqTY/rxD9hMH+uesN9bjPt7CJb52UyLnsdlFDIfIRHTgF+mQP93kGuOJX2YNcnil1CFojQlzG5C89KY9qbSDELC2OcyhPZpLW9Qpkug5EmykB/jYPXFhp2wdNOWEWHVASzhzC9uKff8si00xahy5EVuza7ySAvpfJ7R5OfdWPqqhv68X4l22VDLKJDWpo2vX29lFN3GxB42XrJ8lGsV8euLRv0sEnMlQOzkySWi5PBLxT364AfLDYwT7SgSebCSxVO4SHzMrAe2xUrAIBF563CKfUKab8VY9uZ854F7v0/bYkDH4oUJHaFf3KIa97s3VCK8qvc3SvmA9reSekD+vQRlxECFUgHBe0mGe5MyHY0kf/5MNHp6MU2FgwRcjT+5h5TW3GnuemzLbPoPSnUuFgEe8oXu4c2ELpxx5DXL/TDSGe56R1kkRt36IpWkIDmepQASLMR9N1hBjrrbt80Dr0uCSSQdzulx1pd00a4vpzjwLBHPoSqsYrcG8FKOSVPNaI4ZufU4j90ExuTyN+IoqxlJ+3fDS4nTRwFISdPM+almK0pBbhdWlFZShsEgWTblMdBUo8IOjBwqYU03BqPBhq4rM29gP64cM7HKNLBjvVkgbz+cWzg1hcGFnmrv3S8/eM0tHXOGfpuO4Dyicy39rj7Rdpm7px26s6Xb+zoKZvoWaYZkslK41Tv2t97w449P74yN/DUWswWoOhThgahAAMgBVv+m4usxxzbddmeIbrW8bbWmmqz/vVW630fom3fwJLZXQD8yylptWuDdzlbCFu4L+vumUhX/gGV6zXRc7xavDCzjPQkvUI/dUUrRS9VmA4pc4IWaZzk1j4s61Wn1ljAxdnacP3xIZwQOiXRHy/H4ysi6xLtLw8d/VjJaQg24ObKsuSMTmfVaXFHN0PLjLlZ/1w0ZbC+uszDCSOry9gRyg9T+2IQKwIEr8gpgtUbz9uaP9JXmsztiAw4uXKk3Sbo/N5VO8CtgjvvfI3ogT2BQTSQ9C0O6QZErv8EPXlFllFezSWaMqM0LoMbJo4g6/14sS+oii1niYx2eimI3WWAeZ2/8hN6CjBd2r38aNvzoR56wabIhueEdGbrMEwvbFg87QRhosVClc2rMoJ4oB9eHQvb4h6WOXzRY4MqBq+JVE7BzhEOue+FncnvKUtZxSF4Uvj7Xxw/pkP80NVDF1hGE42mS6G8RRl7WQdpNWDBH6wv3fxnzNLryzvwNPQch8OQ8tzFDxAMnOJStGx7oKcZGK/EpttexIkyzyBs5vvTlOhNsQRIfQCrTeSsbg+c6h3aOBqBOZw6i0CMl6LZO5ZTje/Isz0Pn+zXOpS0BFSPFeMK24rdFX0LWwpHmnPOAIHWteLXlOws9HPzrztJOXDfDiMamiFT43DZ1QLx8lSs9z1b3hF0x6cxVXbsVkheWpuARMUJuxdrpAmCDLu57UBix+ZFU8OK04W0BFvm9HSKqGfxcDFwCxrJCiZxy4ARy5/E8N61O4tKBDusjsK7ysFzHL72Sez5RdxMquEZleojvbKGma8nsejFOfvpy/56MW/1VdTQ/ws0S1G4fxASeJ9r8I43dJIt9kcS0PO33/IGOAdm86apXhTX4nsWFH8jN2yjAye+jKuTvMST3xpX4IA2SDMZ+vfSFY0ixJG8mPpzzc5uZpZ5QEB48PWInm9zvSvCYlBg/Motu16bZgvh4ADFbNt5bAscv5Gw/f8ogs8haAsIpx+oedpv4+2zS40g5hvcRtWnbnZ69H/YJhBtkAxhCGpT5/QV2EyFlfBI6R+21lhVOE+OZ5Xb76a69FhCC7XAmT0kECpS4Oip2c6Sz19Nhd6YYZ0Z4/FyjQQq0p6QDXiAwyOdB7hXEvqhtqcOXDidYyBNbvDxMGVGzxEim8zuw6XjLWxU+EGEBfFiMP7bkJJ+HgvpzQSQ0MMe9v92E/TScq5c78NZw0tiOrV3dKg5d5Deuz2wBn5tE0+TeW6ddKqVyubcPBYmBfOc2zvKg8D3BgMvtKyUeDO7Y3N5OSaeb32jdbjBOKFEBwhg3M1a0Mt5bh14rFYj54IYwJU0hMRQiymesdRXO6+VZiRBzOYOX1Ip+/WVr8FIpP9Gg27jIiSrtgR02nIVuMCGGq9z/eC6q19zFSs9ndjUlHSkzX6r3MtAMfFcD/GHnoovcHNj+lk1wuFHurXH5CjrtoFphdwWKjca8Z2yAdcfjjNyumgWAO3bLZdTlzcO4xhz7RbhtE6O/A6vR4AQyDbu4dmRK1RzXrFPONcyTZGhDeMXnIn5hrmNDqyY6jhknTIJsBZfaLp0KLk3piixEmCzSSd0WVNcfQli8BBmq0MFjwdNUZXuHsw37wePga+WT+2LbusCjYbDJPfs7u0N8qg8XuzNg4yj1XVpbG+uI9xu1ms66c9lTueadeKGV+oDaAIK9dRqqvCGt9VWG7rZAPZvL7Pyqhgzfc9elGHyfy4HAkYHiFHPAQ0E3P5wa9TgEdA36XjAaD4eYkGFNo+3a0a3JFFWrsYLMkGJ4aywcMJKR4lcSfAJ07i3tueuS9mTOfH1uWT69KKYxaOs1WXb8fd0l3eFHVdg3MAhKrLTmWHbfCqwqUfGoZB2k9uYPIBIwfNT2yKVn02zcjqqMqQUY3S2hanjeref9Y9vvw90KcC6Kv+dBgXOpLCqFNzIxp06aMTAGErZ+/cVYI+Xb2hGOFCfbRrxdgz0RlfKrep8lsubdIyy7CUc6Xun8Z/v7Cskz4sWbkvRdO/F/TOezjpE/72nOz6sijikw9cMWmavi2zm0wzNuAk3CLaWP9kMi/Iq4yW/tiReXGXY3lRL7Crh83Gyrh6du7bQZXVDtbPOaxfwbA+xi64j7hGu4Px3K8+2sRKE4ZUiGpMXSf3Ggz33YBpj9FpGEn8jujw7uIuBibebjySwB+B/1VjAYsKE1KkDR+UsEi4p1k6RyoRcZf8a8FRm6wOEu+Smn7iFHpjVn7DoF6DWPuryLJ8qyme38VINxoP0xS9Fyir0lHntpGV2Vdz0GGv+IOi2wQORTJUmbtqjh8UJess1VxQeghmEAsKAS3AUn9OmrlFqAoPxPdTKwm4WqTUurO7WopogX+Y4oG4hZu1S7zBW0bvXJc8kqQWURZI5fBrQ/cwWQt90+m5mvoSFih78ZdNAERXBJRBs2mUWnI6nQg/XaHBWNciqgcdy8lOE1LcwvIVzfDYmYTddPnmyRMX6mdcEIitzMgrth+1hPs8ZrNLtCrOIN1QeYswB5+HcTqTSqQrpCmPvMQsV/P9BjVGA+xVnQMpO08CBgErqHuuHOO6L2/iq/ZQZ8ctLH7hr4Cf3IiP0awA/inS5Fycxvd3bm3lWlb+VECVUUP0QjwUBeiqq0F+XiTA/GuXeZkbrUjKfDtsvTk84jsM35Ny0KM1b2NtTjxCVZ/BhbTmiStJeqdyZr9tG3wHncHA2TdXcX5vj9ytBDHdOsYLKUh8+aZFHKGShvFqWa7DJ+k3q0FwxASOzr7sHoOgEdg2A1UA1Fg55m/yvWhdbNv8GXJNaqiBFJCAL7FpBWpqmH7DLdEliQRcPkYoCW8Cvh1JZivdlzC8jJXpK/XqS6pyJHUrldPmIlhpwyHpdtYpghxGdonl+NnOlhgU9B7W12wPNI5DolCN/JcYoBFeza5LvMFGJ0bZ8u5+Zsnien/CI3p0piH7iBgU5FXKjVCI5kzE+Pf79V1yATjDdGKGP8nb0IDxMHx233ykhRE1ytR3mib7dKJF9ozvQScUTCxIbzaAKcdRdosxyIlRmoupP5BEEB4MnhwF/+hR156Mv09YN+Nu6/Edft+s97o3HOn9JEV5CTHzY3Y/Yi86DeNABmevWRCHRUzwaa9RYs/x/Zc0kNHtoQf69GRBLax7FfyoX8aXWBqqVfrD3w/zoQno/gv+wGV/La75KNu6KL7I3hpEThIyLeOto1uR563cZZjiWp2QiAJXVNu08TTuj8IyXtxQ30yuwjEQBvPjZgRw5zJEptezbagAUuoMdPYHGk5AJ7HGd0Xn6vW56rB6cL1z/djyLiDxO5YRF7un9TbqaebPbzbdkHCsd6Zay0qLMGYT0Y5MtffoYDvT9C1tizaX0EeSu5bJC0P6ns48HngewnjEAUeRZH7aKJtG6A6gLo+R5tqIDBuRHgCDgW5NPcYwXlMIIY9OY46ybim6tWkGvBn8V7Ff7qL4qJRt8vzGH3D3trr+qw3es9eReGlU7DFsa06SE2z2xdwSWwOfD60uxobif7WBtGEPvHeJp9tMzavV6LHMmWnTbhwuxyc3PTfGJ+PhtnREXL+GVXPsSOw3StD8I4Moj+G8nmWeISwqNMhhQtczzxexPraU0F4XQqDpHI6zBveXgbTjHPyO5FvrJunNmFZMQnr5RmGflplnoxamciCOtJcfOpdZPM26mf/1LUfxG9W/hZ9Rnw+MFt+tv/3KxJEhy2wPTsYEn4iFNB/QhVJbnk4f9dQwIrFvngKRo1huxCYsU98+M4voDrBfyg7CifZXS9egtdtETKZcYL/er1LqryveZrsWzyA48fWOPDNNRlPx0mXR7WVfFA90DzDyydkaiFnH3naWEnKDQvEi98ZScoPSwEuVO6m0lxcyRZahr4UnvGkAHUXYt8GdjwB/sP2FHaX/nQI/2d2NlBHaZF79rzbyZGO95HwvOO850AeIX8vw4SL+jvuHPbzM6EM5Zram5yGlsCPCcZRTtOi+pNMxAX+7EYlLO+czoqin/NocIUt6pmDlX0xfs4DgQLiyaOyYHwZUS82DyJG+TphKtNjBUmm7U0ODpuKabencej7udmSOGX7wXniZQlug7tvPsOpN8qF+5daBIt3yiJMpH/FebVOrHsJbGKZ48C9N6rvGn1TGR11oVSjgWR1/xW5H8bsk+R/pACtvsYFF17mGFi59Y4mZoLu5bpr/c5X3+SpuTqDxVH2Xa82iOfgpNqihin/3TJdR6VSZl+qlWK4rGYY45ScVDOXzgJNVfmRjFjvqum3o9atHk8nju6ge/XApiOcZEdvgMTibFe/PfG2PwdolMG/gJ3FDB+gFrXgivBPCOTEMe4DWz9vGcAaX8DIB/UIE3hOsr9D+CEEdD34eZJaf+1IgEm/z7rD90oqTVl5QSeWFtdQz2TjbnEbuqM9qYALIIfgc8cLdG+rqXbhx5n1o4xbiYyhhlPco+QMgII389Z2a/YeNBucWLM6+GSCzQ4yu+EV9cu2dFqDerupTGvAudwVJ1vX87KE+2eV+smE9/rYHQyS4bc1aPdws4gxUdJRZrY5Rb8dp6rgsfCCDRn9UnzHoCR5dW9Ovpe8E1uObwpl4I2AaPK1JoHodM2XfdHiRdctQlR2N80YhPcwcbRk5KRh1LT2k99bEJtaV6Ep0rFO+4Giseh/OyOpp/+BXxwA6goy2pftat4RreR+Om39aFdlSNKW9tEvpLE0ByYGojVb3S8ViSzm52KvjWsV4avgqaTiyTOKiZdfO7NHWtA8M29qdY0VWTSM06uBvMQFJOwu9fgVP5l98guc/iBQutLw9YVk0HkAcLgHhhp96G9/JqzVpBVC+fICBy3N5XQtus+EqwzklNJwDDQizDZaLi7C1wvbdkuPufMIrrtzI73Uiz++5CVldd0AdbuXejRhjOXppfICFZEu2OYJj0VX/rHDpX6L5tRUryNbtOpaNbvdxX0NPyQm+txW5nLHm1RQ2YpwWDpbYMI1pWnBKiwmagKNYBmDLSIBQTCCIZQRFNcTpimkaxNQ9c0zDDg2Kh7J7OIw5NzO8eas+jSTECgnMWNPP/CWup/e1etvNubDgCL8mqIgVv14qLbKOCWKXQYYHlw8K3vpmUmOzCjnB6O8AvkZgYiMp0wvvk7uSgZvligJB8LBsdClCRjEohOD9tdXFPkjFEh7bjIHOdxW1XSQ9Ze9V7+x51l5CmzseBNQzQpG01jgPfgakPEdF73IpUY6HOFdxaob4QAddH5iPkwnzHJffoR1Sfmsx1Tfi5DHkGMVcRRSj1l865LMBXEpeO8Ui+Kk8J5AAY0y3vdyfDFmh9lF0bapClwF4q/naaZScI73VU8LT03mXzZ73JLcC2/FGy/zrwhl3CW/X/bpWjYSw3Q5xpQq/0lHnyLQT3tP6pcqNInCrKtNr34Pzmh54w144rIUTT/jri6+GY3yEYMyCGSmEeBSu5MQjvSsZ5uBroOGNeZrxBUZ7hIE+DzE8H46SBcxrq5BMLV5J/6sO3ovmwu0bBr4/P+qIVkFoY4+/jyYi/7yDhG8gAPBTlllCOal71+GcEfFZrN05Wc13DAYq1xZ+E0BuY/hbTRqC5i/JTVm4qd+MYjFESnv+J4eI37mCebTJRtwnTXLEoisxxJ4iZ9QGvxlEkSbNv4MA2EK9UIhzDce0R6xE5Y67kIRZ8Rf7f5TwHpAWNLjuryyk5XxxdQgJnEZFINX0v9gF1AD8LjzvBCS5UYN46+6kFYfPVbwZ9JJ4MIwisH30vXBNRoYzCYIs7/6e3Q3w7xaBiPUNDxdo6R9Gf+snRMxCqHLcX6KUcZ5BclZJPNz3WxcJzviVE6lrKFjIV0W3tjphf9k5nFqq38l6EAfp2tW0YETg7uR406GJU2Jm/YvSXx+rFIXB+lKTXwyhfw8O65L67s1dNtgP5h9+mTKMXZS1YwWf6wsXrgrTFFh58jhxgD8kMNnAKYMLFp1xUlT9zRxWq9osxRuJm5a19BHLCgW3Bezkz4ElHosXmY8OaH8ZNwIj3fVXFERgSlNeDy65fbl1nuNEAWHirkqD/TfmXNCURl/KQn3QkyqrhLcHKNAs9BS5XgA0+aUXMhWYZZqdf/kbWDlWOthm7bBGu7ruN9m4QiqthaB2WFSRL0A+/FPOZ4o/FJDcwqCSQwEl8O6n9IO+piuNSC3FdFQ+ZROXW1KkBEFVwNer8oSwVPvBLVd9g87w4roMcPOeNcuDcUSucx+cNTSjTZGY/ve8MqW03p47pPK25/vb1Zh3kxa4If6/3L3X0uPGki76NHO5OgDCX8IbEt7zRgFvCO+Jpz8o/t0aSa21lmL2aPae8yskkSAJVGVlZX6ZlUacM8YDh3HfF/5gKNZpg2OluvARwyYyArUzYA5MSvzrUCGR/ZGVZEvOfTQ+vs7ossrGY6BHLwAlPQGXJWnFHuRX7tc1dEgEcXEvEWPtT+aPQz2BaQI5PfAHQPZXmmBRQmFkTk44flxZbveR5KYdpU/kU2cgNDEE5qtPng3DsMWUe/H6krj6TG8wH77Fc7OQ7dM8wlEDVP7KsFIh8zV13nztKuSBfk5MP7Migjqzw66bkq4DRAN77uXKHzprr2sTN0m/5d93bn4+v/Ce/yg/qbB19rSnwPriP7L02Nu28sBvuaUjMfikbxajh/rOVqNvi0SKD4wRuU+6iMJRvPSQNVE+BfeRfd2YE91j9t6zcz61/IwVqfReaXVrrV3fJ1K7+JZ+PLbzq+cbo+F+fkyXrDCJWYQVCdjz6oNyvkYL/OTMpO/kw39uROKGUk1pz40Jv7jIeCmypdDnOkk26GfOQLd54y6cBBCUMd6IFp6kvcGzW/hWlVeyfxFFkW0Vr/KBs7omoi2pnCdFnVbtIVEKDfIBP6EzZl9DBX+OB9Tql2H8Bu3W7fv3/MYbf++GAZ1HE9Lf8mKZky0EVHyQoRczYLXebOfg3K0H0QkJKo6tiSLoR68KHESrn1y6tP2gCfo2JLWdvIhXxsNddPvO74WIc2+xo1JePh7qLPiZcMe66XXZhsrXKFhNdh22fJ+BThLWrEdqPpyP2xixX+lfXMixigd7/VK9OfvCCh6+eX3CFt95o8z4ezvAEzurISru4ddzaYFihvvU82l758BiR3LwPaXu0ze84gtZj7BQcxf59qiKVtcYII1omTtVVmGwe/3pcETPF93RnjckTkjYr5zPTxw9VHug5YBgdRopZN7mbMA/LVTF8mPmD46tDFuFucfeRLaEor0imYiu0l8bEQ0ji7c09taKL3GWpKbB9bV4pWnQ418CgJUNjJPVO8JdNrcWpFmsdEwSmYlBF8kXcbSXrlz7HC+bocQkDtQCE7zHA9MQ58hxs0hn1NQ+3ECzuxqx6qij7VKq+7/KzP2f+WPiz94RSJajueIBiSRdIHT09ZliuRg/vZSiKD4p3SCr+z9AnBc0RFPWLeDK7aaWItdC9uoH4Q5R9tlNhv0PBP364pZNS3Z8fREGlxD+PxC2PcSsb7NlukQd9OPT2+0bhkAUjEAXexPkDf+6w/vr4xt++3q/V+lSfv8JCn1dK7OqKL8PB8G+AYUELkfz16Xi14d9zsY/QwCo6GCzpvkxos/rG1SlX78Z/GeHb/nrl+mJVO1KyUGE/4NAvs8qatbs63tfF+bl3Xy/MJfRAF5WbVRc/2cABaokah5RnDVGP1dL1XfX53G/LH17faEBHzBR8iqmfu1Stm/66XMrJP/8/eYedFMV4LdLP1xXo3nIEjDrvDqya9jM55H0j6vQjyvX63JZhosY9Jcmyrri2xpn07ekB2Go+/CPpO8WsKAXAhqaPko/TYyhT8UoCGATIUqyuO9f/4C/DV3xd7IBSlDfUJiiYBKnMBz7QeD3H1b8N1xw/QDHf+YDFP5G3v4mPkCx/z4+aKs0Bb/5F3wAXVwAQX/CB7/+9r/MCk21Zf+4gPAS/aPqvw1Rt5RZ312Dy75V/V/jja9fN9Er+0fTF/0/lvY7j3ye+J8T+poL/vkDQ/4+h+S6dzb9mP9vCPPrB38br13c9Y0gYAy7hA0E+O33vEbi34B58Uehg8HfsNufyB3oGwT/XXLnZ357XPS2l34Ci/pH1vuQG7ABB1/k28trNe3h2sHXhX2KgOgol7b5/vG8TP0r879PEL2uFFOUVhetf8OBRBbhGeCivGqa31wHVfPyBFy/mMSuTvAIGP3nEuv7uybLl+8/EqK2agDF2b6tkmsedgQSbSDV/nVsP57X9V32d7IDglLfSArGiB866A8aCMG/oT/zA4JQ34gbimE/FNfPrAFD0N/FGPi/F0T9etk33UXFrvtPaZBGc/nhEOivqKh/vZq/btTfctV36dceFzcN5bdon5FvZZrPvyTNOn99/Q+8JGAkhvwZ/31f998zAxCLn7+fWPj2Vzjrj/z69zEVAX3DEehLmcEEQhK/Z6ofW/s3HIVi3zCc+sJAH7GE/ol2+9sgDvXvOeonbfObhR/6qls+g8KY/8C4P2OTHxrxt2tw+42Gqtrio5lAVkU7JxE4CuGiJfoFyLxv81b8ln9/FmHw37mcOAJ/gyn8evG1mtQfVvNnkIr8iUDA/i55QEL/T61edJnTGZhSNAy/zNm0VcknMZS+3tpfb3/h+jaquvmfr+tf3PG/FyYkBP75OzmBuPAlRf5qrMC/xw4E9mfYAcf+hBf+LpBKwv9P8cKPnfzbtVf7uGqyX65L/+uW/0KN3yiURH8V07+X6zD2J5LgT+T43ycJ/gIy+F9gqqYI9RqjBd6HDu6xb0nTr2k+Xez2rcuWL8Hyp4bJx2vUNOtR9Y/LKPlF6qfqvH4WNb8wF0F+caYLDHyxxd9u0WLENwImf9Xmf0CVJPQNhf7zD/7Z4ED+xMtxWbf438U55L/nnN8jvbTf/wxW/iQu/qn5+hNanKZ+n2/frn1eDVlKg7fg7oBmF5wCLwFxUfCUrl+SjxTA/nuQ4B8kSZ4n6Y38c6voV6b/n7VTbgTxDb2M6B+Q8g8YBP4TFwn0jSR/fBvYKf+TgugvAMr/BYLoS8R826tX1WZpFX3rQVF0AbwfwHtwwNO3bf+pErGU66dO5uff+KP0oqTMfpGqLfsFOEk+6u4mwDcIGo5//Nmnf7dUoqhvOImh5O94B/+ZdTBgjPwPsgt1+4ld5C7vpzb68MC1dy9StaBF2/99KPMxStjrP9ei/TcDmF/Z+F+Jnb8m276TCP7n2+bvFlgYTnyDyP+UPujvmA5Dvl147T8V4M8aEIX/RAEi336cCPyf8OCfzvAvQKf/G0ZUenEaKKr7saDAxV+471d+uWTkUkyZbT4+2DqbvrPjv17w/yp//u38Qn2DCQqhfhhXf3CZXNyEE/8KMf3ZsRDgMuRv4hfifx2/qO//n7AK8ODfLqnyq7PsD1iI+NkK+1N/zDf8v8Gh9udz+gtnRYDkw880gv8JNW5Q8uXMjeIfd4D+tbLH0G8/zi6/kwahftb1+A+Xxe+c17e/TdX/TBkrm/t1SjKgwKLu4u32c/IEGU20ABDwE+X+D446bv9Mu6bU54Dqrx1p/Hsd/F/fDdg/Wf+f1/l/ZBH/dJB/wcn0/yS6B8LxAvdfb28CQNv/olK984ndKFlaBXERrw3WOvCFt8eoHh/8x/eiFwJ5xquLaI4LqbW8PWxovtsd8RVhMaNaHbYKa1d9JOp1iAC7TUhAhxPGCOAlXkhjXh/saZ6ftlGNYumOC4vmdS8JpIIOuF6CO2xxi2bisaj269NcKYAG5Z18msA4ELVBnyhS501uCm3URIlmUk8Ycx/pJg3aX+jTOI74GnfikQR3OA/jcNUCz/MpkOpim2NGOIAn8hQzmv21jhAITdXETI+o7fF+rQaTlWsVzTqFttmqDNkNOTYNzwIQ55bqTweE0aVQs67DZghZ4N24Xt9pb1XiUi88nmFVPnyAEBNbcxve9Cy00+GkCqJKL0vfd+2Hj3nRM5A4JkL86bneUmcCYawwHcyDQPdLrMd+bhKgzj5V8S/pQ7E0pe9dwDBWmiQqLwhvM+6pADRFZt6dcv1cMswAiTOZqDN9sz6Rgq8OveN2twy0usVOh+HaRqoEnRiQGRUDIIgrhUbVZdnLz+phzScHhPhPMZQig5v2bKa3n0aAGgjHwuYjQw9FxCU9qz7V9A1w2Xud2/bEae3FpAROEBBskOIpRQ480wfVpNJjlkFLIyZLQ/pma0hdOv0d5IjA1kIHfZbn19CIFUEfGNbW0cXzQcLe6XWSSdrV9TvM4M2EoikI8K5MU+biM4ir59tZpM1HQzNX6HKwz3nayGzKgEFLoMmn1u7spAouIqCWMBOgD0c7EjuLzgIUYmRuDWdJyAKy69DiMZzsO2unPaMCJ9/1lbi9joUP18R1StNg9kY+KCinGjX5VF/rQGS2lt7v4afTc0xIX/WYmImQqb41ovVrywxCADnLnGHriabUGl3ilOAcQPnBP5l3fZPrLY8UHce6tUt8pb0bMRTWroCMByJQW5blwWIhKFtYZL0jOLdRmNNIoDICYGK72gpJMM/NS4ZziWtUCPoQF3Fk1faENEAZUpsAqTwbXs47tOWPdtIz69zPNBiQu0RVXSjaGa5QvJ1RYWQPClkft0H4NDbzZhGka4g6qs1sdov0ILsZUSKTDCGECfPiw2e+Je78TA19fmpkSVptD/K+ioCb2Bzhb9knOj6f6XRyXRMBuSS94ZMNsmcZ3kiVW6ppZa0pTrAlXE12k5WDWFTPxe5ECxrIbrUZuH0V10I/2f29bEVPOOCmN2mjd5gPQD2zCkm2LfY3opcyd12iKOiUGDXnKBYUHVkK3tLSNGmM8U3Z60otdIoFwur3sAqX3RIEu1HiFR4WWvqJ9MWanNvcStjKTDJ26v0on6PLXTuWk0deSJiU7/mIjvLtEM5Vp/KKAoMob6d4f9oBrPnU48l0gRm6SMknrbeNundTbQXzkhsLNoyvoqREP8NgbbHN0qXJpe08kagOhKM+oySUDRCgK2Enn4KyGjXg1n3VFHPF2BZSnpG+vGfkicvdpo8wyiLRYUpOygvXpC97GLAhqRDHcw19uVRzLPBw1FmBdCSsm69b8Gq4h/044MjrNoaF346UpUamPmwQEwMk9kjn8NbgL9COiFsrNBUTS06B11kfvQW/496dZKBHZ9qzoqePjuBYEnusccRkYUMJcK+yS6Wa9KeUO432Cg03s/mppahq78PAmOtu1EwiFwgas2VlOSQt0zQGQaDCaDipWwRqENV3b4Z9Tnx5lZp5MrvJ77QnvP58w5IjQoCYvJ9rzIGuN8W9cbOSFkLQXVJNcjAi4hqTG94Ypa1m3EZJ+pDj/mFEnXwnzxvqYiQDKD5m0eBRHOl4RezK54AZiXICZiFSjs3h3o22rWCG1H8C2QgPClc99UzF5BvLjV7ZZaFMF6JtfcrBF9SudXd9i4XtkaIKfAOGiz+IZhePoVqMrwmUxU32ip9CGmgSx3svJ7/ONFFXEI+ZBu7TluXFm1YORxCEaWCOEdHRFmgxTCLLq8Z3FXIDnnCKwCisVX3oXn2jQZj8wS6TT8y5nwJDiYNxvqb2x/SQyRQ1VJp6k3ARiUIe60nHX/LQCLfH44a2uU+BOElOeBeli9QBS+IPXZ8x1zNkl1pNRmVmKuMFK3tRh/5SHkFwyN0+J/GIZMxk4ejzJiyNyUjbu73kl5GYjaZieUIc/qCr7QjXbXYgPOsT7uh5XQpxUhJ2k+IYOgYFaBTwzc3Dlg3kQip3gwAm3XrXmmRHc7K3XgN+8n3eUgOeArFOocR7g/mxe3n9sSSSY8xWtA3EkpFktpznRsjTGLy5KmdtiuAo7QmjmNKet9h4gOhzawtSTNcOLZvEIXmt6ZirOIzp/EVhZev6g1HktMsh8jHChkDqnVtB8bR8egSIJMVFxYMMYSn2oomSfEZmlN5GQJD/tMlJrFLd87zVUYh50rvBggJ/tE9tTnKJEShl0kFeFUQ68C7iCRJ5qWHC2i6ovS5gLunxx2MeWCOyUoMM6eI8nbHWFSo4QWGH2PV7qiHZfa/frXUDyCWoI1XM5K0tS7HngMv2Md56nMgH/ICz10tqW+2gb7i9Y9W1Rrfgjo6fIq57AD2T59sGMplhOyxuZlFJeXTAhIFELBYKrvlIda8jtxu/1uqNQ0821CHV2Y7KO8YjEiYMrZbDV3gn1GTuxqbV7fZmUNdp8IMT8PgtqWZK3g1hZCA9t03SR7nbAQp0IUVsOPEC8TuF0106kuLdx0X4ITkdWQij6/E6luROy5x0+slV4EkJPh+4sE1dKOBv/6bWRV6SmANC9LRiVPE8WyELmfoqi3X7gnMdtRYtc5BLLqnUqPmyd5f2BDed4t2Q/ckxQ3Aeyqx2Tfs091nhGrL0RyMPgwJsZCuTW+gu26yQpGMmOLRffyrMRun7viixDD3MqTZEPcJhZtngPvqCwatIa1gZCnQwPWcyOLs47tYUqz+93ZcUttLsMskeaW9VHlYB8dqbSlkjqzs6VW58Wqo6ondLHzgudCtZveImZ+aHiVNcXOCtouTnXA6BDIskD+TfAxSdWWvC+ZT4Aup24B+M6Dn3t1BM1+Jxsg2kwZ0HYetkmvI7141udp7P2fNmRheITt3IMGQK5Nq2bq2DPEIPk5AM1VrDUF5UjJiG1LzsI7ceJ2YqKqOez/2ZigXDDdNKQJet160U27BndOwst3nhodBnLjCKwhbl3uhcAOS6XUUtWbqvkruepDJ8JSXq+zJNjK7YeDnIbLIjM5Z8089ssdIlHEqzfi+fLOxms+bE1KFCQ9686x0arVUYHmtI1PVUuctFpu6O8PC2HqydhIxD8PIUWeYO0S6aPJXmIFeLUy9di0JZy6dRij54JsTzTdhaitaXBX5KMygCIdyiLawoGqkLGxF8SlPj5y0J1cdEbGh5o9XX3Je4RINcOVuHuER3XdWNTv5+IQTbIILGiCsyZQJJ9snTJI2udcILwbk63XdjROaSCR9ZQObn8tpDuXAAUlxl/ZZzhSSyRcoZvfM8RSAL82eCUtVOaRIqSTKIXWK48lMfMltI1YM+OR/iTnXnmyrepdBTPFltl5I69t10A2BiXPYCKVLm5nUZsDEuEAgQk98fE5fnD3LpkAEbT05Gbs47RyywOXfl7buw8+RfxOuyaRbPci5cCHKwYh0Uoyky83Fz2Y4fEtMUg4bETd1opkNx10O58SzCKwpJ7I5XlzWKocxsewCseqJXAzgJiNxfCIgXD92bXpstKOEgOg52NBGJcYWSVNxsgZwWRT9kH+URviReDl89FjZ6AI3dk0j/hMpkpDgDszeqT0SqjsVZUzYt5wmzE+7a2XGfyjkewNrJxfsEizVNdCGV1CMHL9korgpu6AXnz9JzSsdSjqc3kvJNtE1/rcFuyuZLTgomkDB2aj2xXgGG4/58qL3aJ3E3ai5bc23uFgCuAQHARPuaizrRs/ILJt7wU3neB0+dKWQ+RJScxFSz8qhs9RsAWbKxccpUL601DqMMoBeQEg3VuRTQciwIXueherzVzI0NBE+qgoHst9iEjOCg7AX1nctOLCRdsFHjyEd1iVd/ez6MNmigA+vkmWrH7ZMTGetBhQ5t8144uE/QYlfMmWBbawYpwUInHaqUu4PbPCpDcQsgL2wSP9LzuQraHmrsolkjfW9i8fUWHiFQdWRtOy7a4Ut8cQEAqM9UEpYn7vrWmD80vZkIdxfeQ+gIdyrncPO5Zl0jp/Osbrd3SNGAAu5tF6WVm8jWE8xcfNDIIZfcdtP5OaVDQjmfXtO20BbAggrnQwYkMF3a4okjI9zf4DFS29CDbwM/vAV3Jl+ro57NZaM0rnsztsetUxOSGuas89hOAvlka+nfyvuGH06l1sGIzEbsP4yklyui9oz6UxRGRi0xCH17ldXLImu8+Di0AJRNzAYueZQMPJFoo5AjEpmBsrzQKLEuqGwZaVLyuHqrrfv92gDoGreSrgHzUmyaUcHuHhyS7QPI6Lhb4pLrSbyX0zt/qa6dIdslwurqqd23LZxQF3ris3mskzp7SR74pg8j6NPp0Vf9gg38IYk2Wm0bPzXBqol7NAjNp77LDdncCBaMh/92Lx20zrxYIKQhl3xVKm8PN0a46l5a2yVVmG0dREl1Hr0mCkgb2xMlfRCvTXiNQ1/vpKYP1FtVewPZFhmMm40Z/K52d0afrL4+HW8kggj2b4Sy7YP5NrEdCobwUfrAGC7Ojg7mbC/7aGNIHWEa9yUobGBWboDScapi5IO2rkGrQjDO7rRtNVJ6u7H6MVOSkQWjcjRYuJbHC/HqE9+7gOqh+zEERhfjRkIj1oAdd0h8VSxJ7cuiXRardDIHkYzv8KiWZuWJyzhpbyIr72/FtGb76V+KvHyqSzhyRONXwaWuaDLYE6ilbdVOewyLzUyscWgo26fAyryWsTW69vBMmgIU6qMclp7/ysxd4nJY3CE352WrY3ZG1/gLNVZH6he03JVBdOP4ICMkXa6QlsbrBZ9E6eHflbY7H0WIYmo9XOb+e3AT4S4mMWA95/lmqBEVyxc/2jSaU4sPWyyVmsw5SLawVgzGd0+IxIKJaZIVKt7za+pVvp56JL8TTx8qWRZIKSrfHJvUUOF+9+3TmKjufY19909Jw0Kx0S1H0FplmzG0OF53iijP90DawsWnkOi33HyvXPXu36WEg3Tg6jkejteNChFofEc73gr60nTvTOcsLWSSh60z/fGepRtOGXLxqazkL7QXzf4Lq11aJzxt9LZSNeGXpTHvfVRP6OSfFhrrMEjtE68l16pLCeJbjypkx1Wvg1SSZt4iZkks+uUbBF46l4UUBWLPBkVXoq03Ni+ugnTbGZPK4W5K8QxTrs4gB1ZsgDiYmB4y5WHxRn4erBSMjCX7wJ/VF370njxdNpFZ4p3E5XDKdCuzciakZaTZtGjXiGqTasumVZm6kqsQtgKHwtAXdzv17smbaB1XU4i+zvotrvfKXD0W5bTZDiIS8u3jvDlqOj/W41Xls47OZgkHvK28o1VQn3oZZMLLvjVnXh7v8qHEYZPuWaaYSK8hzLB5bqvsnzz9i2ZDv16I8JItTgsX7fFp0KbEekTnT0seKjsbzEN8CZh+NA4b51TeLrc+m+gsC2YRwGcIqF+hl/B05eQoL/fcsPLT5Wpezqlgms0N6OUZBHkEgy8jstRFkkm7Tz1FY8U6GtVa6RBdWFpmB9YkJwthtQtwkOaTcsLhPdLQHXRh6B+B5FJRkpnEqDYhKavL/Yh6lMIts+6KCa2hRKHx+F7ST3FjRkyKD+C5NIVLnvY01LJ2YbOvR5FggZzRkc62ispprtVZ2GAqbvu8LPbiQF+8Y2YKSLjUeC6rtAKSDviB8ZI89Vx5TBYb3yXejN+vsrqRSXbwXitdbPkCjMn5VjiGvHDu5J5cFx8S3fu2g06vuTBIO6hmWV+unfTcXmUZsOL5Xm1OVMzachrgzoCYY7aaIpB4mYAl5u1AL9xYlQi9sD1itzeVedoj9HRe/ILdXy7RZLJ9C3ZS8u7O4Y6TeJQovpqJptD8myEmAlLXY+UMRYxbeKDsp3gXmCyc7lxrirh2WSxP9SRnDkswoxPs3CzedVrO/E2z5UTICDtCHkomFeSoBY8LAmXWdBgurG5vdC5MZ+JXWOxWd0XV80ABOi5FWgzPN+OVm+GR8zUjod6oto+sRzsuvqkIOvE2IcKat74xZq1j7hofpoiyKV4xNtXzndTtGVxWZZf7dBxOmjeKVUPD9Hi8T81+pzbL21YLI29t1WxCYuCsHrbnfYJ4Jxc6mdXG0RvVibaDAuprNdbTnr00WWzFjvlBh6dx8pmMr7xFE/NN05BOaNsjNLRLAyW3wazF5/Em7ZKADY12oVy17x5mhRzyJjbQjFEw1HN7PYvVvuRRNObVofB95R8+9bwpuurwpc+QOHcPVocSAgOkj5vSiWrj5oBK7hcfoUjcDicuITz4kOVrjLuMssJZHnbzkNq+NiaPOvgmKi8jFbKaM5qG19Mjm0cbuCipTq9orwBc0Wn87TpvPpiwp9mi5jt9+V5vSwf16D2JaxSGttqML+oH6UbUMT7NJ49w3Gsr4dZs7OUhumnKEV4CD4P+OepGNUSkUGUVU+e4loJ5tOjN2uVeU9DiFOdLeT2aLX8y+O7dZZ2R0syRge8vUJSN9E28MUNiAbhvnQ1E31KSF+XcGCWUU02iyb0qiN6RfAaQgDwIhTsHvgpM4ELPk9m9L0wCwe3JAUeMQCjPw7tB/uY30tkbR1knhALlTdT2gkPxlBnoU0IkFgOJS0kbCI6dXAnD5HrbgeIP2wOynl16rdpJmOPi3VGy33P2CLDg4MwjizTfA3V3stOiooVN6GpCQL0rv85L5a65/QO6nsvuat5YaM3O6JGD9ct5xNM5k2xdFtuRFpoS2ZY4JU4K3BYvHEGL0BAskGABEA5wXU+oh7048/aVsvxTr+f//hPNH/kWxLfbb2I9oN+H2f9JNuhFvG8U8vMJKA5/Q/4bImb/fFo/nYHaDq1x9ONCPP/2NPTnI8qfTjH/i/lZ/7WjzgD8h5O/mnJzlWwMn6NOOtBsC5LpaUYviQsuNPsFh87rxYO/uII9VIZWxgQ0m2WYdPCEEvJ5WNVbbYttrPxq4I2hcfA985w7UL0rl0SEm1Tki0yE57hT8YyDqtC3trB1cfA+9j0otMlKlgr8+s6eijMlN+VlWTJcjCiNzLmrxqK7XKP3a9CFISmvZz3YFh/+es+ktVrDVvpUsna9IrcUSZFHl5yPlno/3+ShOy/scdLvxym/H8H1+wo+Mx+DwqBYrt/XP+79m/vzz0Crk7a5xtNsccW8n2KIh76ypYFJyZX86/d//Pvr/K45OC5EyW0JpRKNP97Umrx/pU8dg90hCvvj5FeVpZb4mjtb/f5eslQusYhdMEuD3Nb73dyuZ6zf6beGoCA7UpYJSx6Pmt4S2MIS0d2u35wx4r3Dm3fh/bCWi/7392cZNPaPNTkHsF5/caz/apzW8GzDf3mfi47ts/oa52/p/UXzi094WNNfVnPR/Pb0LTFpqUX+Wos9DIAh/JnbxRtKk9woOGm15o/3+brXF830tlkTxCrj63s2aNvGgJV5tM3w5Pq3xcuQ6pqnVl+P5cJDvcxl0zEhzQ133Q1P7TQPtS5Qy9m36y6AinjkY2cqChfVPcXi/tWTr9VBvOV5cdhvn2z9/snnX3/yRcc69eEm7qyfnmyw1LWGjOY4gGeVIW29l9UpW+z8Uxr/hdHpzr8f3XdOx61/Nbpfn/pXVkPn/vpT7X+xGp+ncgOXtF6ZitTbE6kt5jDmix8ZMxIpKEa0PkbowoTUQq3pQ7Pp3vGF+lrlz2f378/SX9r76QvXNcWNb9Rs/H4vkR++rgfj4ltAgfIjL2r0uNYFivxnq7+od+R76zXW6z21/ub35AP5E1nzQ86x1EfmuC9LvH5zffdLPn7kJWgOBw45KdCc/Gk0isULbqZNS262iST44Gz+tWfAbs1viBxcgI+himZJpHcZv9Z2bYeXKUjv+8qKfcU3rdIKCBY2DKUDnFN8Wmp7wrFXaE88XlT2FFRXgGmTT8qZju9m7SCO8WkRSVIw4WzB0K5j06zEYGfAS3shCuRFHmqaB8sI+nGBI2sM2fJ7Vu87hICGM2cSQ22PYal+eFSWpNITQfUYx2/Bg+OcPGlZrQ7MOozPFXuSUv9e0WCCSXAGi3ugnq2gBsgU4xXoJOqZ4CjhtsqfHhmx0Zblsq6apLvOWiVF4IeQkVooqaUd1aQPjmA2cAZETFJJjCABR0hr1FWp7egz4rzE2lexqD26m+NBLGAKoijecFRNt8KZbJXOYyYH3+FoA7bpTUtvEDG1KXa/LN+u6alleN9CpDvu5+lQ51b3rpE+56qaARTVaKT4okKcCFTY1YxsOklOwcfHihzqaNYq4EPSuNxT+YEx3AIUvnkje4pXuMohbjyD/nQ8gvN9/t4crSBeSMABykURXfT1fsKbXIFqftSTOOGyKLQbeOczSBXjeV1XLS5mhDaeYzc/KxMcUCBnCHdEvvTzjUZfUv5Zh0g2+i6RUGoICOKlFnnq6eBGKPU6n+96d26Qxp+VDyJc1j3AWNQ419meALXQJJqLbQaHOk8c/KgxitvZVI8zFIlZsEwWwGCN4uFDmw0LQ3LwxETVNaHAy+crkoTjEKA84dBrG4Yg8kQHrMRty1Lz+IkUpAe5BBrG8VQcGSUSdJ7EDlUjkG0Rm7R3rn0ouwelLywyCKIh0c0U6tN+VIpmrOtnTSFRp7G1RGOCe+m5saTjvlMutCukHCEIYt/723SNSdW027NhueAEi+Sm4BRzsg/Cvc3PHs/AOTfo/c3eOnEc2qeo9Lsp4GogfaiY3I0n5MzggFIrCxgS+PftrPrRY5WCMWxvqq6hxc6pjR0wuNC7hmoadew9HBRGA92Yt7oHM3K9hjniIAha5fI16dugysS1R91CysWneFE8DGPHOthzZ/YDzYgNlV5RG1vZRyS4ryWUNC4AZjB2QAM4O5OA22Nw1O5rjlj/3B2DdvAjgXjVovpb4b6i89Nv7iI58fJuWiZioQy98XtKqmCUPTezj6yN+uzgGYLEiSmlVNVfaYnw8gqbZya+ZL/swV1nKt75tcLPnibktm735JoBhNIrcMFOEbedNAEc7NIzGvF8HG8vHy3v87XCdWmNIT2hrFcYCHUql5XrA+sIiew64pzbYejGtB74EG7V117IIvVhew9qz5tYClNGNVqEFbQO3z9tPuvhRBbS/LFzsjeQmMzHsAM+Jh4t6g2JJdyFH7OKm46LqjZ5hzECaf3SSjE5/BpVM9IYXmLpvZ500yb7k5ZElOxe9rvpJfMe888b6PA2Enjhdc4MlXdUSujV/3Cfv1ubbtRW40DZRDdmzZj17vUVkr+Bu8VaYkG4DFllTYrKPfC7tGuxu7SaAZsxtbGTj/qX4TdUQGYTK7oDrgmRmLbXzlDQCEeIwRI4U/Mm9n1bn4zehSymZs7dJ+8PdZ5rGkE2Og6gFgW3KN4yTTDHoTnz+/0oCBDJKDG1txZPjpNBHfW9iJ4oCJgQgnWgHYSAOcQ39ePSQyb1iokssi+1OTWGMMVPdJymuEEA+2XOc2gHVeCxk4a3OlpZlZVgEg6IFIWMM/h02x23OeynSleIXNUwDhzZebxT7Esmy129xjTYipqGxBzvFS59f4trRU03XrKtrXTg+tOfDU9QcBbdUh2BpI+ScRIHnud7ReO1pFnmEyxuvRZmM7ioP2RvWB4zyrPJgjOjZ17WO4VsYZ6Br6WDGY/etIETnsRH0ccK3fFsBm+3V47rG4bv3SwlFQF23nzEzKXgqKeDM9Cn9023PPdi8Uw1pulh+YqJe6g4CPhcLIqaXWypfEhPuJyUscIs72v+UQLQg7w1wfMZvh+X4dkvilZqNU0gEh1y2jR+tUNDgV5qbCvNlMPcCWGtMdOlGN5xADowS9PZ8p2gODK+xylkv3RMg/cdvfn15DK7kZEVz/R3xNhrj56tVZZl1ljzxjVRE4O3A7cebDpWBD8FtPYIvaBsB/4mNTyeVue+4tTtXBYfyBDx8IUdnPR0n0atAhdg5+u+HRTNba++UJC8JRq/G9fhXqSfwDonN+nxPoJtkSb+Jbfc53SpmQY3dYmTh9eOcBxbjoMlwX0uBIH7QrCapm75exXECxUFbDbsWxAuNGsw5psoxIE0ml4Wu64fB6JmQdFJQa+JZEY/LbBngWUgTop7Jwehfab/uLNn2FZQ153urX7Mt8qi4rDLkiDLgO6CgjftwSZjZdqG3Pb0ApUedG1HT+spNRaqPeQBF9RIgeyHN386ENoUv5dGsLze/XA7GY9G2AYnSpEfcXktF8y5rWHaCmYHiUJI8xcQPS/ql30A4RvlEC/uXRx6H6dv6Yk7F/AZGpV9YGj1gO8a3Y1a576MDc/WiXgRJ8BRIghW2O+b3PLcGhaxFxZaRDXK00yNs0S/tHlQs+xdAR3ttj7GKNZun1mMzBmrchJwF91vAzMulSBzzb0Q8OWV5z05pjczu4RMrHRQB1yKTpIstEi8RIJzdsllUaVZW8ehu9fpBJTGvI7c9K8dm0hZ/qGfdac3pOvvIVnSRg8ru/mgQkbzOFlFlXScFU8WceZufMpTZtAZF5Qol/rMjzD3QmjmEtJGzPiemJS2z74Njt3Rp5gdTztNMfWJ1DXFDfS1x+7LKGj56phPJwskHb4n2BYrYrb8qg8XpugCULbvnlj0Hem0DhGsSpuZlYbzx0BDYzVzKCER5z081qCGEv0yT1A0wJRp21q0DFYJIXO5BfDyVhmfmuHnzcBlEuG34G27nw7nRejyzzsAQsa2OI9ZPk5ydIPhpIObyEl2jWU8UgMglxNHtxKd8dFRujMKZFnGtwDiX6OfOMoxMvf95vNDnfUK7UXKaKfFfdfBXjPlZl72LlDki3beuaCX9RKzn8BJWurg12rM3iKXZMGYiIFeu2lE00Ve+8COxNZNcmLBmn5zGPha6kYyWuG1WYhUE+8OQZL4+9o51+av86e0Yhi0xyHH2X1PS/RMKZeRwBflPoZAg+qPvIMrKrwH0EotiKSMzk0VPE51GvquLhR7VOPjVNEGoPMTZ7SuhkqCm3ZaZm/XkHuGLRMM2IOau9LBC1RI9aMIQqQv7Q1imen76968KdmIB7WRaFhadTZR8SDdGCrJmJzBaZd3Xsltdi54CdGhGXAvX9D3iNZl2m7O7Vjc8ta6uy1j+kI1pVCO511TKnwFgO2DsvCmnryH6eogpGgKn0PDi0uvA2c8CP/nctfkPo3/UveRLYZW+isA/5YwKKyJDgU7kITrSiKk1i8cyZ7SnmABKFXAJMUcfjCSmFxcIQUM/xbgp7oy4ajexZ6GbRt4tQXCrSFeJ+OWY7WEuMw5QzEF1O+VsLUI/eLZTpqpKc0+sjJ+3JVe2y/hUT7kunz5DG0fzkWyMEGjy66CvELLaYc4sdsIHeOdS7EHLTizkXokLe7JW4mgrQc20mWJJE1kHU8xCKBFQB0Hv2z0Oqd25cmXR33Wabqiq+Vy3isKaCBUc6htWtW/XSZEN4/9LrY2KNo93+6K99oD9TKxDqBlWs6CFxO71g7o9UIDB5Kj60BIDkhq3PQJO3FYOGFzvusK9jof5a16C2+i8i5lMIVB00QLlibFsx6J0Ydx/f3FF8l78JM5Th/n24f9bUllTBztzo1uulZSxW1SXSuDSiVC4zwgB5KxW0WHZlLs7C8FHBaVNWgEbRhZVWcQrsEUP47FGAj7cT42gI5rNO52+stGw00arP0RsvNAzUbsMUF3mp6S+Gco74ihU0t0/fopBU1KdnBCTPTDVh6y70BvVCCfrXVUMh3KNA6g9mSlG91mDRnwNgiqkD6n1TuCQv1bvJewpyBwOPYEknSXIgIIkdOBvSNBCPbqunJYTJlaxZsZk8awB9oAoM6Bp/i5aM6jiG4vT7mHqihd5FwqGG0FAgHRPCZhvNlHgaQGp2I5U9NZEAcbRKZPz7IJKmIoaXdFCt9Mmg62xeM7h/tC6pcWN9g01Ma5kfq98aMsPPTloObh2BzzyHy/uutwimxIpeYpaLN615Jn6c66HDlp0qT9DLFH/aQbkCsgFLObzmDWUgny05llVAcSNimSQjoGM72OD7q5WZbK8Cff4Mgjw98a9NlD10qECHGKYhczCBTQsyAqiqaOHKwhfeW9t7oa+QcUvphgbytYeYTuEng2faKHRV1i8oKi7morFru9Ornt8M6c21A6xMuAoebdLyhgTpS6ywd3M0ZuWlLH+Sm+gj0jdNw5kn14LoC3kdZaT99X39C4qN6kO0PShUnB3AKlpDgkUz8RQjIGV09ZUqcc4T3lAl0bkCfoAL3FRl9x25y24i4LNzpzWVeP0p3G3FNVqKS10efB+nuQzDn5qPs15BivtnvZHGR8W0UXdwWsfCnWwzIdqBvrBqnK14dX9YgG8XRuzhmQytd7GN4VOLhgSX3t7PupLPn69B/pINObFl9IF7lJcn56F9Po92DOE2Q1071qgyfGci9e4XRF7SaibFwKWcPRKxjmAT8VVZwbyOOCG0RTs9c8ZReV7j2HMy3+dtKTulTX+P54OOhahNl8GensyOfqVfhL0TuXUggCJHgGxt2Vs3726QjloyF7MbFCF65WONSJLlQ5QFYl0imtEYkMtPf6GM4lOczBeQA5zXA1JE8Ea1dC2Q1kaQngwLHur8F52QYTcXaHn+edSU1502o4h+RVWY8tBTx98jTFNs6qTwbxti+T2M2igZXh1zvekceo0IHuUG44HJfpdYE17Fn6wzDS5SXNizux5JyORpDzAiFVFpKImN9Uw4ry+WUtSgWVSXaVlqhnLElEbPcXiG2zx3UH2Dew7Wfk8M/Nzp5NLHomNQp4lPdV75367KtA/77CAVfDRrPuofXKNv5duJRwBxHQ1YvroJO2eqB+kcrPcayTz+jJG0cjKg4rHFHUk5UXKjunCPwk2soKkB9DzrB0cgHnIHho5MqXxaW8b4uagUi0YKPw3h+8JJ5Lpuo2Gn8YraodWYLq/pfUTFVwUImAOXAr0B0KHcORKcGVfq0ZHUSwJfW5ItD4jeTNx2w2Pog3mCLF62yzA+lj4+xIAp9nZHonet0pVwonizi4kWSYUhKPgwSJjgZT8+ekdjmhV8Q7nTufeO3yTn9ijJnXQ3o1J8XqA8rcDOOdCLiVTGDrCr348bVohwmiZm89jZnVLp8u47uS8GYYVo1iqHCIO+TVDkff8/QFp+0leMegPbOZaNri/gzn6B5GLLVklF8FumSaTCHhz6MtwBzq8hJcwHeI53UkdH3HnDbw8IxgaA158ILLqr3DTKM++DSWJLzDbLT3Ma7ZaqHtZaiVbG0FZ9HAhN5rh7akyq/NmxmeJ/92kU3cfH+STdgxV+hARiFIZ3vxDqqhL/XnvdUx26P6/OGVxNzCmKL7Yj+m6A2i64/HDu2WuOEsj4ohrbt0mht+OpJTQ/qanzoP77zHFiEC5G16los8nqch3PynMlQKNVkJbWYwjqP3e5+RH1mNCu+IBp6buy6Y74d3QRc26t+Hl8KSy0h2BiXSSoXWLO6I0yfuEGoGhj1hFxWp2J6jJ1UHquwJg1g8YUFAbiAPoYCmZoRDOZkYYQ691MhVV00JsWIM44Lebz1FgA8yGXc2xO14+sSDVu/mnePorrqDRz7yMrPksQgKfeBXs5aX8Zg8J3lRr1GSTNoXXprx0g87kpsbht0aqWVeXp6duIMkfTexzfrQ9yBe370JPJjClACPzjGgOlE4M+oXwTPv6U/RcYFHmYRDyIB+TBV0+v2Cn0IQ08TMzTxwjLQPKbG559EJb+8GsRzcPRrakZuONzRtxbls/gTjin0siLonLMRTJGIMC+eMoQWi/XgQJFd0R5Q2d54tEqdgMDTvQfE5QawfGc4E7o20xwO02hFCdMKbtRBE1lzVu6SgFMEypvF4Q08vPaDJ7V52e6EsWXoq93ZNN7/tm8gwrfdNF2En3B/e7ELioquZLopvbIQp8QUFhUF1b2M3gCPFUlS6LhCutwuqdb3l3i0pGulNT0m+e7zUkli2EvXpl39f5zuCaRriTpu+9rcF5w5S4VRTRI9Vbn1zhq3LQANuoKgQn+eXvuKKB2BBY1oLrBYrjdgV08sbqpWGQY3qeO72VxznR9jqdM310R42R3whVTaTfd3XJGiOi6mGh/f9UXrsu7i96BmcIcpoziOYvHz6w1sdDryH1cGg6vUAjkbdd5itEBmigqnSfhtAYz1lC+MX0hg2G63NEkiZFPB8AD7JIsDtS1IAr4xH42XnX+azK8d1RIx6GYLxP1i6duJetYx1ICaBEgxw9eW450xfuOUMC1JKFwmNCQNNdsk8C/JAI2Q0zoKB6WhOCd7lbnZAIVgAUcGO3n1cnWnXJAnlhi0d1whCIXNxkhyVvXuLEVtnMl6gMndzfHRG4yP1dDqLwZmAAtgFdWnN2wn1c6DTFs3IZKZIB8s8GQkr6k7kedLtQg7MO30+XyZv3FPaCE4wbg6EsuUPqoN0BZbh+eG844FXQdwgcOO5gCZkTyRSztUOTEb066U9UZR13gTuzZGB3lUfhvDDE3E6cF+2KY0ntxj9nYd8089V5xECWV2LwO55UqlR4bdMayaindmihYjVRG3wIFBnnzmCAK1qU1Tw53CP2/w4c6CPmJMyunRWNQ0+IaTgdfG4iTX73vSnQNjuK6qoooxFzVzQMZnqpS/yTrzdxxXLloAiDnPBnRqyWlTNUNEFMLw8YomGCqJ5Q9HWNbS+Jm7bThmej8O6XhukrriHEzlKIQ8Y0dx9cYutZEsKiHiCfg8DG3WwynAT4h8x/fjES4OTqei912ANIjNA0rh4jO7TCt8dPqIF9kwN2AW+59qtCtouCjXJaZ8sQUpSW2GhaYyuru6FAT0NYIHwiZZM8E4hRhCI2qUnugtXLVFt71NIIjwFP3iQHuB5D3WV8DGj2FA4x3fGF7hM4jHlL26GQR95ruhZCMERFfIWOgWsR20I8MVtp1GelaQutFUVhoW+SvjEfHW/RF+XOE9JT4wEpgw3uTGrOlHjpiN7Ck3Kmu4evNm6RUE5Vj6zMpHfcTtbcIm97SdnWT5GGtCJrcQDq5sS12m2jqm8J4Rn/enMQ1LPV3mcGcwh+crkt+w+1NU1M0qFbGsa7ReUZMvGQZlPs8ZOyM8AgYw2iBSkWnZDfg1tzVxGers7WoZu7I2i8FwaX2OvI8IKZ7fykdBUjr0vs0ja5v7lP7qO43k3J7Nj00NoHsS5HlGWrPngLZbuYQsP36kXisX7WpRgifZwhAAOeUw+E0YMs3ygfRcWgrxERIeAKFARkqFYlj7eKHG2kKPm1RGuObr6JAdkx/dGPkIDmFvPh4jKz8wnG3OExA6n63pbV2AjWwl1x87ZxwiuO0EaiAd8qsDhG05ItwEFDwJjwWFYDD6JdN1H6gQpGsboqwR33hJkePn1/C4JcJzql3ONgQ90UOmY6UIcxiVIXHPzy7nBmCcCwPXwYTEDiOhzwsHxVo5luvckOspxdn99dtsK4mirnGgNzgjW/LL1P+e6gQjGcjA7D9xjCr5ZRp8SVAV6b4HxP/uu02J2T5VoA89IQarIsjxUg8S6yjj9Z30tKYhFq4FIAMjAocRPtg6wF53Op7cqruEV1Si+N6jXxXrITNDpHS39OhuPddA1OzG4C5TacCw3yB2lu0tQZo6uR3PZehzIDVg8f/GwWOR2DioS8CQwbc4AT8ae+qdcg+YYSwbOtW3LBs6hSKk4VD2R2blFdCRVTUNdC8adLFDks/FgIBQa3idYBhIJPqss0bavhEyL4PcPXBXQgoVfoc9Pe1ZksFHDbzx+TB/9mgsUYcuBQr/WJaYtYLmVsjJKMSXAyJhtyHFiRq3lOl3sCLwa0yCdfF3kzpoS2R3cHHectpzQfPflMAcke28BkP/Ip3vY1wBU6TTWGoxxgbmU4UhyzKs8rfN7+CaOYCt2Au/0N4w9oCPHgHRwjFMzzSSlPjHGBY0yRzndJODjjNhYfgUbV7/LSv0yDCi8WidjKO4tBuWWRaxPhKUuybvrQP/qHWCSPC1MuQ26pHXmKTPewFtOVfixbrNOWzsLxgwppojVO4u0GQEDBjQQ/lV51PmxdWYhe+RVN+aPW0DuMIo+TpRtOD7M8Q3GNtbbL0sxmbcyV3peN5sorAU89QAHrQyMswWdPoT9IbzRRKdwyC/g5J5P+bGm+IGdj4u7X93L4OQBdawTxOQT4JCmnKZbWzBGRYYxJk2fzoVP3EB78RkvJrqpZWGgk1ECFVCvwA8WbqRAZdEYVplH4ujJwpLeYk7AlRSYNDCJ+AvLg2aXwipb6/PCSAknWKYVae+Al5wK1xkN2sneZFileM3txfZqZ5iITSPve9vcXUvyQNhmi4uQPTTmMp5HdlOaxoxzBa/KvJb2dcGiB4o4GE6RuBMxU8HKLNLrLmWyDJKqu2xM5fN+H6gF7qGhME0t4YrFdHr8EWRuQb52dJN3laPBsc7rkzHrBG1qPgRaIjvUxSPfZsa+BsV8BG07EP8JpIMMky0wkS/7Xp4CoI04SR4NHfJaxxmVPjhCOfj/eLqKdceRZvlKYliK0WKydmKLGZ/+qk7Pf3sx8x33aVuuqsyMiIT6gXMhHCF+m6qQoRSgxwUW1qk3FT3W9n1ZFjWzkn8IgD6D72INhEwnJQO2BENN2FRBox59QDFqxf5rdnB5lMWH1aL7TsetzsKzLsbf5NwocjTLXTRrys1U0QtYUdFUvMdnAPLs0H2MAbh1nG2LvL4/Wc+Zfd0UBjuFrJOLYMdSUCZL+X83MsmMaZjsdNdN5xn0dcfGOlsaxU+qzmPr7B+pZpvohDCU+RKYsoug6N25yF79NBP9g9b5r6Y3G1kmK/1bhkJ7nlI99UcFwSEooZpnHuJo9wdRIUAy3d2WjSovmuzGACT9eigWDET8gnSEoPj9I5NKQpI+IJcLf31xcy+0mW9N5cA6dVeOmYkGUGMB6LBUiRiAFiVlDTXwNaOaszpqBbRuRe1WNsQfBDi/pL71l+Fc8aepP8sOkO/H+91A/JWQa8z6hNW4E67C4QOwIrm5vCgKtJPOx9HArdakxrrOuKSH0m7VVtquxeXkOPBFLy0uJ9iP7uB3fS1JU1NZrita+eOYZ3Gibmz9rXc0rzV0sWLB5PTjWAVu8jdSfeY7ztbChVhIzT+cyRKtY/pANkg3RfosL5cj4fKqxN3wQ8HHgXQxdWxD8TnJ6h/ae5n5OUXRl959GXhE4IWHwzl6AoReb0GgiilEHR4EowSvQP7QTS8jdP+6y+qEoql53wOW2eKOWkyxk3lJ5vTLky0MpMTP+ACor2zQsx+wJskDh/Ty8Ro+xHGVLShAJlSJxGgMFuSIa13ZFJJUzjoZ7FIonVsPIcukZF3RW7AKhiXApMJRpkN0j/9A64tY8vN5rOn4IrrFB/sYm5Dzd1UsuKBN9klzfveFua0KdesBHBo8nZqpp79fjVG1Onx94BIuy0GHs0Zef4i/ZKoP31GzaVnH5DSl/rX3vzI9nvCewSSxeZNt1leWTAFg7RbjiOUdYWDp9ZRsKJfJ3gl8hyLIKid5g1oyU9UcdOt+9Wz3hm9VSaRwm8ifZlTawJ3fUbSyrQ1oc7V4y0LidSirjY7nRYRjAOFPWDjD06N5VUWKlhGHUeAd38Amr78bzM918hGJpz3wbqooUUw5/MiKEpeyesmsSGnoUzlw+CS8UDMowrtGftK5J6W904GMxCZ14ADACVlW2Nwyqbb9FTUIgfE1kdRVaZDhgfIbgJpz55HvvMhMxByZILe/7xry9WiHHVdicjvwWkV/VIqI/e8btUS5vwGaYoM7IjZHAq4egVcoe3f8BzFmwiv4rp+IxqyCCkm+a062oD5bxTG6KkxHrUQQV33/Gp2sgsznN3adUAH0nrnWkyB1rK3sQvy5GbxXPxrbStAT/VC/w6z9s5ZKgxD5g7Ina5XyWD5e684lDHwZqFISjJzdXzwPWRMh0lBdXthKN8cPx9xRk3PHGQk1WMa/ENjC/0L8ZcItps6JG+UTDCNr1uZ/1+ROhfBknIg/KKO4oLxOPgE+TTVV/7ua2NNLV4DPXZNUx8CCqSo89r/JQID3byyXmw8o8xdvn80+xE/jiVFpCLhAaWIgs16Xx/sK7TMhjIc34YtRKFk1ZzZaXgbtFCM7TAra3sz2Sd+lQQ8I7Jo4/bVyQYdIamw67sqXoa6yCgnURLw1vv9uKj4WUnYCJtHTHe8U22FkgOlSAzVssPHy5c9Md4rjDDMLb7MU87mUXkmBZEdmPpdSDsM8phSOxpJgrPNGkhbZmQtJc/AF/26SBRGDRx/KBOgAXLg67YNBWwdChUvkj+48gXgWjHMxXKI3MqHAMKUPutrFbg13LpszWx9cAjPc/Udp6gv/gNfuD9EvjvzeEKs9yc5rrtLNx0lIcfoOdPZIeWVVmIhkoAHUm5k4lS6oBLbfiykcDBdhWz89pSL7OP7pz/feB2Ze72KTesNPutY2LQudXUXwINg3Uh1V2/Is0P2B9lcWCAHXHtW3U6QazDlSeoYmBvqs/7CWQ9N78JA07vMe+aUYeCeYtP6KYlXVAOpmoi3YclTQFdfbHpMDRGX7PltGUbJEkksTCUZT61diDgTL/p2VhX6yUQqgSwC7Ww6fTN6O+zgw+RfE1Z8wqGhTrk5+w9KwGQrrH6NxyM1XCO6MreF6Ioa7gpdAApz/nQgepn5kfjPJUqVnV4IxIOIlOcKhZZE4gm8Dkgn2H+MZ264KYyv/0Wa/YmlG0KWOts0PlEUcaDJ9s60MteY9m9zHWtInuosorzfCG4US+EvahMW/Ns8fKhIJLT7Re8Tf1+ewnauMgnvotALK0rkH+HtD2Fh9stZq2UG+6INID2hgCch9TnnWa6JAJ9ENvN3d+FPd68zlf0qjwJvWMN1tY7hCjcxzpwGsys0xlU7KQktWV5y10UuwpL9wYUYHI5gE4yraB45lQFyY7WLUxToEX91Tl0SHiTGyde8bPtbDs4WvgKSRDFbWB7WpCs1QRJ4uUkEIH7/gqa/9JZreo+knvyHqwMn8whN80PWx+ugw338Mn7F5ANy+ZBQB+DUySZJrz0BoFvaZEAfKcpU3BLwarQns9FDOH3KNXgKIYFrFFYyKHEWs6d1DZFAGsIwHoySPODseY+6qQIDmWp+LvpqIQ++mtZ2l8GQowkpUgboBlQ/CKMVDrxbyKC4XapOjmDerrPM3oOrERpkHO8k9XfM4EprMMfp02G6Yl54I+N5LaXlplueLQNhrURdb9oLoP4iRDhuaVeEs6dHrVqrDgdBP8GzGc2JEQiKa+CetHX0MAvJofOf0AfhO5NgyqC+tm28tuW0O0yMuUAZP/KCRFFTZ/vITxnLshDb+qCTPmXezfJeUjesgCLPy0rb9+pz0zWbDQSDxai9f4/62fEUY4IgFGjEJAXeJVfSSqraWwkahM+nYsa6gcbM6XhdaY0vB398Tqb3oOsHnmBHcA8SoE7z9BxgRksN6uRv2sI3/JmFYk1NFycrKfUSGNkcdn9Sd/L2sWaiaOxGPYfOElQYNIWsjMssuLfJ4LJR1QgGJcMBetlNieKJaSemC/DhVAcPgYV2BxguY6Hj8UdfPoMBtwoDDsol/VTdE3qNiyZ++PLPbeQp3LqrbB4VYM7TZ6MnlOU5d0uR/gGmNdLrrOUGPQw28O53lM5Sn4dmqqKfp2QsIKdXkIjOZWGoRx9gwOvr2Bn5Hsyh1oBxGNN21wcrDKlN08d8slvxa7An+lMyRUtAbsClp9lc+c4ckwIeTZaG0XwhxKQaaCBJtqXNY1SJsl4M/pKK9bI28l/cPaiBM94tPNlZ3CCzJmvt1kT46cttMJ4vAGRBRNSur+eJFnVw5rQKyIggaVKkq1MJhQw/bPKYDaA6Ftm8c/yj/kaQ781EYZP9xyx5RjmFZXeEK4hOCUpw9YKZvRDj9J6szq/kBJ7VWdWtfLSlegrDKMw5yXUeD2TPCiYkQbqcitsKyZoLtVRpks+PkzGLVqIzxxorfR9AaSiYYzd9fI3UrkdZ8C59E2evVGME/moLXXgdGCP0VPHy3TL70j2GUxzgMSRKuCDXTsxiFSSGRhpVVe/uiCfVmf3Vt7CP68a78ML2lsBZz/Bu3gU64XQKFwwVJ2GpSrhrIYnVuR98gdQs++UXgb0583PMxx8GvVvqHK6K+dPlvLbgntZ6iuDR8oBb7jAxONECw3xxlsN2n8npzLcMIl6YysgJByGcmliAfc7zNB6ZwZuM2qFJY7KUD+RMi3IQjgVv+QOT/CgZep6YI2FEaIVzlS5s9fn9rlqVI3gRgu6rse3Wr9nTp8XXziDCpM26PkOgqxolft6e5HjQGxH2HqUX+QBsjm5PxyFocguJf+IuZT0chxtY8hq3FpMf4HDlxdWDU1Ay+98Wxw6OHdqgEKpLXAPIA2T2ASfoNV/5DX1GQgvkTrKXbCgjdQL3AqkRkQ8i5gPttJg78D+AZp2+cQ6yp261p4BJENfoMkVXpFaXYwBFjAq8ZpypWKybQJVubhl9R9DAv6+nhJ7tKy5h3Au9Bv/3fGBydabdfMzLmKYufYdwEirpnL8YZpZ9ObT5Fp/nYm9ZbUXLgSaLhCrlNhQWV9X/KHQGqtZtjOXQmn8lfrRaBE39uoDCmz23RWcrIHHMOeTQT/mJH0Jlp0YNTP3ADCqv+YQu9OMGh0fOJCO3bqYViZwdLbVeAe+u6S5eo896tkutPZgcktwcEERnlJ/NsrSkCkfZdMZK5YFJddaUsm5F6nDdwnyG0XGD6H9HFCqwP388ZrkUOP5XJdAn8Mgd/wiUcPynVRsI9vJZWyuZGeaKmgj6XnTaADQrrRt/M3Hv6BZ7V0HTcI3Dil3QC2MnbBujOsldZC6uLJdPMju7Ea/BsaYnczIT8c+sZLhtwzuLKmVcJa2Wk6tiT1+IyxVXxl4RW2pizWPnNu8lx3VgN6J/KoY8cnWEYuGtEHAohqKSLx5DdPpzYH5YJAUoj+jwpsSF7TY2jrgWzkvshwQMLhx4BNQ+6HQbsB9ssHAUvbWVcmb3VCGMV8Nh6ZHb3pjcNYS/9yV0SVSKpT96diudSD02h/vw4A3CIJhorvH2q5mPlw0VZMN1T/eUr2ATQEUWKVZCNnL7S8EvbwOgyViqffa8qb2WGW3tBQ+EU7POFmNeiwGmWuBn+e4a9vM3Gd7YMe8lY+VfA6wVVWO4gRlsB+0Iwibfpy2ZZJaH3+IXYv/o32d7lAqGEYjUfXXsAEy9iVc1a4/HzG0DkRXoXkzZ8Y1OqvkS0np0vNiks18dsBaQURSUMa4c6HvQ33D3ZlwNYT34GMO85vhue/vDayfohuSGMqrkKVrHib8btXxm6RFk/+8bGydBdifg5yIkw2fcepVGde+V9YgHlUkfqqm8rZMDtJai/K0llTmkfM3wks78niwnhiJwXmH1FjvDAr4k/evta08ImNDCxyxfdM4jFDIxPHW4+IQTcgsAPACqbReeIX1BPdYXfQYtLo/q9OOYbRRWp8Y4Cc/Mpbf1YkmhyDBYWQDSXOYT1lJK19x8B4OonCOfL6RzzpbayAtTzPFRf/ySzMcEX0CUDHJBDPic+Y+fAXu4S8y3qfopM4kvJGWMWZ+iDWZ+OQZTxiJ+ZHtq+v4HezNjSFPC9Y1VoXyxGSLtgceG6x1hSKrztSXPRND4tDxM4ooGCRJt1kQ9bkq3q985vIhN3qMtzLfX4KzJzDeNKnI3R7K11jYUPOEnZS0SoZqAxOKgR8xxLJmlng0L9tnejRRFAtsh21g8fjLXKRdY5B18h9QUtwcj8AekFxEcFF47i9CPas3kIi44iKAQIWgEiDhobDhXApah/kKkiTG1L1qaZj1AcLoDZfyp/eJlGcCK1ytB2DaF9CS+PG7PCMzz0EBCZt+67ryPljZ0VezAs7xmQL62M6ivSedMNkw80/kEOptpnyPfTW0L3w6Aba+TAtEdSq7uSPpaJUKvUslwoeSmu1yFl2ziVFIZl/0ORlKS+1pCnPB6AL1VR0Fr9GSKkIFsP353gsWcLoeJqiy4DJeML1fj6fKrP8Td8GnY3t0J4hgk/Pt5kcvWUW/a3XZVk9namll6wtBaOXGd/5y/FAzoiirZQXWEXeMowUlV3lg+wKY1UsRrejaPixh2dftNOAhMTjoCFf5VKV+c3opp8RDbBKYyfUMFVd4tGoKFysdc/hZuENj9FXHFhwCVoGyBPhdnDQtnOUOPNIhRxOHbUvR19t9vlztipVdQ0OEYMU8EbuhAL5+gV8flODD2ZnA58t3TJiyDox8aTGPSNhjs4B4xreYSzahZhUsIyBxDOPnxNYX8zxUWljWTI1IncWOkb38Jtq4O5aSQmjY+yLbYoGLRPQsc19m3XvnNopj9zlIkWvVLhU5X/MefCWMTZ7q8PExFCPWZf1y68YtjZImhOwfWXQyIn0o+fUXwULFDDeotvR9tTirxEe+A0RmTe8FwmP0L+kwprtIAkwtrm66syXpXQTFarapFoIWCkQHex84iS1+YcfVPvhcmmqILLUi9AtdD90FaUbkoDBdggbQXKzBS6IC95Q4HmJ+6XdxumziRmXnGJvgMLqjKLsuuK8jVyCiB0on45Ji4zXlSB7Kl2ftckrHvKd1p7I+QMAPOpfyCYQc5+/9IIP1DnwbVP6eIfC8PVT1lSBAUSTCYRkZL8YPn0oO8xg9IjKPMAqI+v6efG4y9pfeQYjljQyoCb6NA2sjqUrM/4WnMcL9IyeQCEGjb3PnqbBcVxewL3M270GpDC2FhaYWJNDngPo18AoPu8DoFa16+Tj+GwKQ3DLAoin4NZmz8N2HnzjkOYD/uEQFpUbpcJVdubeKZ1g31XEjJ6PaRURAX2rs1JMn9Eqf7K2qm0Ypj/SN8fdgMJwHT5/bWFcbIlYq43fzfgUvUZdMB0XyBzBSo8RINampT30UNTjVVOl7wf9WX/iVhirYTbgrjFluqydFeyTVNUWmTt+nA2d5fV36i+NJx+An+Pouav8KWzps3vXw9khUOwH+Svz32imJiJlLInvQjzpcfhrwkAoevhvScM9CtkleJQKYopm7POCQhBfufBz1IlwbHraosHwjorhmoGjt1FvDoJuLEAPiQQetGhQIxhjdmgp1/uvy/CB4IXELlBLmR9oehyRuhBLaQhvACRt8X8PGTVvofEiZb6lJkJYI1FyLcmngJb/SWxqnOtenXP5CWMIdQeb9am+WdXEVQAvR0cdi8x8QMbZssULhujCi3p1M34gwR3vxxmA1L/TdeWcEKgRDzTU4tfXegOneAzuJtgbTxi2y0PYlJ+vhrVfHCM7oz8GxTrG6paGy2ztm2xnPRqRoQiei9e5w6CJzqXrnkvV5lzf/Dws3mPUumzSaBpLD0xbthST509Sbyo9fzqqX5k2j3Ff73YwU05jaqY3PTpb+bmSKcc+b0anlhKoYaEcA7xccBXsUfjDuujTOiJQfhBG65oXlPCXjs46lPxnkJznrCDv3SMiPLxJVG0kP3423bmGKwDtZonHecOh2FGThBp+ZLm72+DjevPQbEubkn8pDT4Qu8hOP3FZxacYSt+RfmHPsFa/sa+dqRYaeoN3poNpAUbqvsVKwFjIb588TS21YfRXWKatbzmWiJa/cI6DGPFCTo3kGc6JjiIdDY8dcJdfzWCPonJSTO9lrvHoDaEKntlcYwEej8+lHxGSMjvQhtgk64pwQJFfKWamjKs+BrqaVQ8ijIO9ckjeUxJCmepSWy26gFoFpsj4609Wy7N/brbyPwzR3FD0shGQcbh84gjGZW3+m09XxztL2fx2GKoY0I0Uxn1kd98Zoj+7XhwiJnr0KK9/rGR/j81VGZGRdSrr3+jt9SWTsf1tpL5Cje8Ud2/3VgiprOx8nBvC1kOeAAVZGlocMh2dN/vzzCAmvMRurIqzSav8utHjJV1syMYpj2Di+/YxP5Mz2N8IL3ig2ow/MxGZaozGQsyk9d9BT7Q8dSIpD8kWynyzuHIR/7wnwFK5egpbtdNd5564uuPOWfKo+6VWxlA0hRTcUZp7fBKVYG9fctdu10kn5fsixCSdSIXecgCs0r3VlrEtHpaJG1feOuOmKBqU7MmKYMOv99GQj+mikMTTiBeVNf6EbMtfyOT6AopolhGgKEDAPOs9MANSOOwAy7T1ujNf3l6hvg9gLreE3fs4je3EIh1oK8jf+XWQ1HXB7F/kZ13Y0qozBefKV708JLeg4cz6U/lz4F722Je8LafL1Q0oseFmNJJXYiDo/jRnQui9zmItL9xzKLYXdEf+qwKFZvmMd7m1SL/Rk9+GV+Cf5+fqsWQGiZkzo3ICaFI03MGCq9zCDf2OPen7s0nVAvE8enZqPxaiWXr5m9Wf2no98/7/R5NMx/8I+7khMac+AHKjpbL9FDyC+Z+58gUSQs5E8L8FyP/Sqsf7qe7S/LX0iT+eMYRMI/kckqsKBORntvkiISXcCzBnh2CzEz/Usk60iZe2HWsY9nHPhJuDgoUfQE+2rZSaHVAJKA9kG8KvEb2/eV5YYnNbV39Nzci34jnwX5jfkigy0T7EOxfLwhX0M7VS+r0qcfrk+JtW7UB8LasiC3P2X2j729gA4M7zM01B7251UsYI6QgvLyTcBtidcyg7XhCFF2Xme8G6NnWAWzyQtHp87wHQHsGiCxT+O8iBVJqCmOF572EKis/cscpp6Sa3MQ0mcMqv4Sm4u6iPL8mWpc8E4iJjd3waEU1nHtHS4T7atjC4+fiyVfT+NVdXLR42dVaJWDcH8t5/9Naj6F+Rd+Brai3CDLRv2lc3dofJ4GOaDlXV/3Wmj8CNKEXmBu1PzfP5uY48X0p1bCr+pSUHZrAJBEj5vpshwSEvCSXFnuUj2JhGGpSnLHJEhXyVTdpk5ivI5erDiVEc0B40ey31814+/3xwdKiT6R0ihH/c/wlQqnbm36FIY94og0AHdVDAO16t2QS1o38FpOxo7vvn4yrgpJgMFFAu2YDSklDqN1IcsNtFLgal4sFg/AN1NyBLb8vv5ySLkQCHPu7PKQq2vTYfvGBHaLljuwBNZB36nkkznREKYah7KtCWty3dFBqMJZ8SlT93mbk8IiXQ/eHKRrMcYn+yZdl9JMkd5/n5AOHv5YbXWI7eZvLM9GIXhZNuG770jPN98aS31xXGjVdARIRQy8Fb8Pnb14DHhLUfu1yfRgqUjq71l6YIk894G+/mO8mdDrSSWDBRwo200RC8DU0HIaO5OwCkeoBeR0coU9IZz5Ohm4xv3X2v36BwCRZt1P/phuUtyFRstsmvJvAIgHLo2zPAaO1ET3mvHo9JCbPKsdU6tRNeN3GxffGXbZMn/k/8j/qGvepZnIfcKyFrUBlyI/q6A/sPTvwcHyW+3MliAuErz5DU424uOptLPDQQm1rx9uNk5I+Dl+Z99CUNdITJiieXGVziI/xYABcBKcSuwisINg/xJ/ow+7wjrECdle7fCD/fsWXbeatE655pnMvTvfw5LGqNpluxDEEcoFAB9KfjEzQwFNCS4/WR7jUldrr3uS10eLTA3BCq80W9go1t2DyPQ7UaWlDfhCjmK8rkigaArvQNMngC3XSQUCM/6saIGwvQdowzk1Isg06TgvyPMYTtY5+7al6B4rGG0QV/T080zUtp0Fhfm1069nBlHV4NtF8hJZDp5UZEfTL/nVhAua9ww0SwAEDqhR12DgwpYWLRVN/TX5Kqr2u8v6Yj6llwlIFm9HjxguRGl2qvWMc04hVycXOzc/VZEpyDoyNBc0UX7mG8kZyHdD96T9D29NRsvsOiq28nZWi/ZJClN0rXk474fFt7NeuR7TfMcWF8KojhkfXr6sMSoehs78yspeRzpZGHsqRuMVrjaiS5Mrn4E4jBBHvm0mVFn0+DJCC5wSg1oBdNDOg5SeBR/NT4wTJ9SRyD8iFkRubNCuJa6kbm9Ad7NqOE8iFfvkSuW6nu3RYzEhbIW0PsCDnmpCfst/AV/EggExf5yhL//dAB3MytvlSigtwjGF6+Vl0exm09rWLK9RlQrH9ePrih/lAbgBpdAfQOte0Q4owAKAimp/Jp5hG/xIqt/SSt8DwxlmsN67hkXzIPBlZuYRwM2qx7vXxbpytwLoSoKyp2DpavZ7CT5cKQePbUNXHVZl4bezP8fFsU5ZmVZmnmLYblOiQ488rYvAEUb2QdNdU2EHLDf157GLzEVS3pqzy3XrliWWgzMPl+HhmXwr8A3wVwaGH0vGVOAb+sLnUsc9mSg5r6KJ+5vd4u/jwl3mR9bDDaFpQKXdhlVQIzxIfaJPYpH1dGx7sweKzTltSL4gzhF3TL+BnWAgdsO2hHiP1BF3N+kNVrg2Dm0PvSp1mCVXv4OkrrX7i53qWL79kZ3nVpizTnabaPDUq5PoPX36FXIx1XNV+XX8MXz/oijnxIXnvL+1Yc/JvIpH9ci7n68WdYGGJLFgRlrQdw7YTu1snUxpAsofzNulGAcnYxiGbnv99WGE34sN2QmeLDBv2/i7q0r5wWTW8v18/4wijHZa0b2ziWl6UJqBD8f5j+Ov1OIgRb49IfL9HFhUuKaagLrBYAKhi7y8tbqDYYs3Pv1k7xUz7mEFMTEwW9K2sUt127W+/dqKSKTUkf8cTcEn0dbzVQlsys5tbxxfY/lmgfo0eWKu7nE1ZmaYas4BKTtbil3hWEmKy7ySNz6h7N0pRpoP2zdHLK/Mb8clos+hea7Pbk5fPIlRorQd3/2Tay5vivm9oxJD5FBQdWyTJ44cSXpP2MLlQmb8Ad/f9c8Gxa1jwwNbaC7GMa7u+KB5REyycLxUf5p32kx+63l+H3NRMbw2HhoK+T44rmqHgp+1/CZiQ5hjY13FF6Sml+KYd8FetA0/VVmQxu3oc35ureCN6ctZveN1mgYDhipOmaWgTmQzPiMyM5ozqPc7GME/UOPLdPEHv7YtNfk4qESeBBRedRVSWl81QZ5q8Ia7kUuKAItG3vlzXfNV5F4g2dD4yM4/6oe9CD/cwh0SuxJgX7ouTjVsh06cbhbFLci99ygNBM2+Ch16Qudh/vj6pWLrpfXNOIGbNVXjM8th2oupOacnDADZBfbMMeTfNfPSAMIFBY6/p/Rs49gIafuNKxuAWiSCGjQlO3VUpSS9lSsbgeeuMQaE9q6qfhyDbCHLgU7NfSgTclTuxKKsxPPwCbSluXXxjUTiKzx76GT6AiXJgH5mT0FxzBGrZekIpxz8SLAwvEA/SM9lwhYsifFUdDHwSkZs7FERUgNcV4GbUoJYFeROWuvIBGdoy/BwvLjbYYcAjjlMdW8E0Y1z+TCV+PmsLKNGHcIWXNf+GXC26hkt619949K9waHuhfwhUFtw9QN2FlNffl+wef2ny9mBHIWK/J8F1QPoZ90JkTf1QOY7m/xQKxvC2QJU0mzilS9OqK2RLXEgL7DLARA1b9JFFhqZ1jGnxT/kihWNyYX1x0llIybR7FFf8UjZrx1ye40FYrzSaiL+p+kijoMAy/NyDDr2cFiDBBW44HxIzzudo63PoUYPK0tUMmUWGnAVuWfpyWlEI3Y+WSl3Tv2wp62xBuak14iRU/kqjEtNV9oftyt7gAoK/MIuRWdaz6min0t6/MpgDbQPkDM982Z+knySiVAHSEvN96nCN/6loI2X2rR85lFJ/rpAhlPK1Eb3MM8N7kTiE9ihRfPKSrWjK33DgY3j5PZaaSedt/lPXl3X1Hxp9Cl10yfUOjC/UO4XobEBec69PebZn43d36TLF7xh/hCCOcA59WXvtPrEzwkiBPyJSXyDXgduf1x2dGgx/JaYsVrCfc5H0kOLlL2FvCHAcRBTbqJ8jVLCwquBUhLfncdP4UVVUmDr5mKliWFCxy4mo0Cvi2DKO/eEeanpUitRa60U8mtGigxScBE6s3bOk4aApZlN89agUnuAGa0dI6Kevi7wrVDHDajmZJ97p19CG0mfFmWhLtxNgigcYTmVpd8dEStNVlijBrLcY9xo70Z+Mov7KJZ2eNlh0MEhYg/KeOMe78T7h30g9UmXCd2GGe1DuZ7AFSKhpzDHSQsH3CaBM9+W8Sl5wbr/4Se36rjCbS+E+IuwqGJ615H4IUW07u5pfGFKMDMjMQdH213WXgXgPCObR3iZPRR2D59YtVFa2B+qwWx/jpqlvWBhMG5/bdDo4JOgN6vlfGkItaRG8A0+Q4LBF21VFzuwAtu+hUO3mZvv+dgB+0a47VorBNzt7d02rVQ59rgx5MV8EhKkXYEjSqMrodpjmxBxaUVl3O/VHOEkbO+FmkkTNaCroFmZRf9x9Fp8rRCkxp+BH+eNTQMHlEoV8DJ1ODbE/QWeSAR5e++TP6C2PSwasGuSnFA3+FBXVhFX6BZjLCEt5+gw6WbV+Y7Z1dHJ7M3Kxc1SP/OV77AMoopZ+A71Rj4hY4jsDz1wysxqVIA6HBAyYUFJCdHbOtymyV+L2yZZHKiy5ySmfqtyUBSHg28n6107TQa3iyYU4JVo87ZjdOfbibC2jgCCX7aO0KoOu2Ozp4YsbSttPo8vHQH+SrhluK7qcpMZG2yt6X9mdTYwvR1+mBWWMq6yP0Q6SIHFBDYq/df/fPZNaHPflFhpAc6AnbgNGHEhhO+S5QO/fnvpynPz366yf2MZAKYk9r9UfjUlb7O8SBPv6qsHBZdqzq0hIUIuNMOiUci2R7PAL7qm9tIy1llXxjOYgAYV/4tDfvzPVoknjS33lU1eXVzX66aUlud/PgHm93qJvxPoLbSeLNz/gc7ihW6Fh8ys1nIcy93KhfggPY1Fy71RSIuiWhBud6n6uS1QMblPM1+1fu2cfLEWOSgiSOTDTrfhrNBt5+DXJu98UG0GY8ufgFxYX60QxO8Qm+4Eytj6DVRq+TDKKp4IIWorJxMcoX9AkNVt6UefgnWQ0AC5kow5yJLOEjNxwjcbn7z41SPFljKH4ZWKfnvgrcfslaCU5+6mj9pymcQAXMoz4n9WsFd3g+6lOq7lpbTHQifH12z+LsVKlNiJ9x6UyFqEqCL/DvXl/R9sHW6Zzs8ufpe/JCRQ/aIe0SE3iORUQ9UilkFompSZ43/gUfeG3ezvnSSKu4bX+u5JWljySuRIlgaVqSN4l5XcxCy0USoEPoOIod+BPxdPCKCMqUcZC25YEjaIQ7QqE3PKR+szg8m0WZAqwTQqirCyuGmhQSJVmMdLU/pdnbeMUjoWxRbGB8JY+jKz+G1FSFgOkc8HrGAUJuSb0csYKBzpZgik0Xv04i+c5rvvjqEb86Eb4hW1/6Z2zwbyihPoIFUorymloFpnhJttlbvn2yUMIrdA1UzH9PX6f8chdhip5+rAQGPNFPpEqvFp5uE6wnuErF3+AsyPmjIdTc29HGN+L6iwh5OOEWZOO8UjFbLskmlLlTSrzf0yINxGfB8HHTmcUmujwpJIwJ2lS30OEJJZiKs5tRJmj0KVLgFgCnrv2hmCAuh3DJPEiJbnX7wAiDX74iTZySD91/MXOunAHj+KITqGd7NhGVG3ep9I+MvnBkSjsD1cmv6GVglOmPVoYYr2qTIGGW3rE5YkTS7MGzSm7uKTn9lUVXPj25DGCsMfrwJS+9tINJCDYv9Y9oF3BNSV+r5xuQWBzvefWM0WkHxAAkh5LX++UR6N+nWOiLBd+rlnr/nVFSM73/d3oAXgZaRwhMO/6+922mEKXl/y/r3aEPQS2FjfDIQ1w8XUJGElIaoMYWp+yPOWO3a+hBFwj0UjF3+Ddu3+eJ29CXsddYZqLepIS7lDPtPvutl2nKtWB20JZYZ5nJkMJAoWGmvg5RgYMVpEq1/ZrbW8805VhTmxYpmk+W+n16Ikf6eAe7V5BtVQ/mnz/EgU1S7jzjRdEf2PPjO5MakLZraIN1IR0pBHlf1AUNoU6OG2A4v5qtCKA/3qeXvT4Ih9R/+vvIUphlnTB5SqOAUIK5YSlXc64f4Ugnh97Iy5TQl91HdZPPReThuhmB9fYWbI3noudyATa99uqi7f9bA3rWs1vC94D3E1HlEidnqcFKaGXCbGRP4IE/Q+R2sQB54rrvwRivB5XXeO/jyMQ1vJGjgJ7vcSi5D22iFMn6BwjNFDNOK8QUwQ90J5AQfNI4t966lxSwDCKgfmJdnCGdnkDcQ7WueO41JmvpG7fbvp19iSpYaXoWjZEbe1kcUES3eHSLytGl+ocf4guoqrUsR5aRkQILJ6tGP+jW/QJqtlZTEJdJH4CMhkHlyPwuDdQdb9rcXqMkGD7wovPoggpBDy+PCZdtQ04XSgFhWKZtYNE3fmFFpF6uZlgu0PmgYQD1Pate409wqxLPdwBbtahoD8pOYSdrvoGogyK383dI1pRCAUHnu/9Qc+GqGqPvqdG7/MQNU0fNSoGA7IPgqpbZRE/bd8k+u81NUEsY3f0NUf7VjdZL7U+W+9zUgelzcCY7u+NgwNjZQn2KIisIi8rhS+VIrepxjTRYUN/4QvUyM+IQrOekqwvPgX4F2uoUF8POGWOvzvt6goqRbEAMCI05y3vUqWdJF5yn7RBwatgEWfyg1R2wn2Rv6Lvx8Dww8KP3oJB9NTtjQr8JoWBwuBT6OrXzSTmD1TQyMxo68J+186QUj2kiNdi11TJwlI47uUEcdpVJj7V3CXIWd7HPvsxli5niCnbMt27OkfXf9dP+WvvoKcucoqmcf5wkHgbL8rH/iwF3SN0kNJdWZf2X4O3rcY+qFJl+ZtRlxfCD3dnZI/us2sA7KrLAg0d/dhYIYfJ/EUFqVDn82EcgAGQdr//FQKcHLrVn+pDGOxY1qlVSvWGCp99PWW6SINU6UYptRe9v1vouXGZN8MPXKhigBBDeEPqhL4RNgEDj0USqthg/qjXLopB/TnzjkHdkbN+RmxzjZeA587dQZwjcszL6ZH03V4wTL2/e4fTala0kjTJkbYyVuT9bq0dUiyVcLilxQgjB512sP2F5kcT5zipEPMzR6pK7naFOiv6u+creOOt/dqhvbLdAT5N1MarsWZ6j4uGSD0pqztzXStsQsrsl7uEaVBVHKPO4cdPNMpO/g/OaY6nqk/xU5p5UmjA0heH2H4euOAW6gvtp88VO6zkl8XkfZmjj2wTt99uVIX4y0NZXSIkxYzvF6vE/I0rXVoHyzp5xDJm/iFgs4vvBu9G3zDwyCi21JHo0PXUIcPOMeioK5ToEWlB8/b0LZf5IThZBwq/J7QJm2Nc23HJ0jP70Yf0DAy2wr+4r2laWCe+21Hz4p9z0dC96jjZGxoDK/0rspePpWx94J6yXCsudRcY0VBgbBFKA800cVs/9pO3uuoMxtHc19w3U7TAjnAEMSqZv6tcFi8COhVxfTF/XmbZJjMErz31jv7KWXp290KYm/0L3EnN7lG7n1JrROQAIZdtFL4EOIJKfrXxox0niuEWEtk1S9Nd0ktMDbvvp/6k8er3/hJbxrbVdXcKUBpVHlKyyP3JAhU0GY57/xWEaujbTD0R2OqNkvSx1VvaA8KMK9n9G4pek1aAAWJ5vI+CdrKbTqkPmhCpNnWjQH0i5seRwxIOMHh+Q+L1id8zP/fAVICMXSM1HuYmEz9sFrukzMzczucipXOOXRsiLeHkwy6iXZLbigbPa8+iFAauCPHBLABU0d21Nuk3aE/+a7WrfqMmtqmSBqtBNqZ7Gc79ScUOzO4DMbv2VXWA6S1zr+UpoWDukuqNE9JNNLfJPGfCxzX3kk998NQkPmuqxkzUzJj7cxjM4uunlqhqu4inxZVcB6Yb3A4qb2uJnTeNTuqM1HGxU3J2SdRAVh32leX8IOqku+/8RwsgEXlCfzNBVhnMGGSR/HbnUyvxW3QGSb10YzDDsrUCuM0C31hI8hTo69I/I5LRAewMKPw+cvas8nqTxhJKHPolaEiFnsD4koNz1Na3/6kd5YzTllFfXFidLjKX5A6xsVaLtH/OAMLmK0Glwb7TPIP78VI62rs4MWd87FQooMiTnV1JAv7oAB6457WTnsFF2V9lQ0e7gdWH8U1Su6rgvaDO3gLSh/QDjkq8BQxPzPCsX79Y0HsSREAvUNP626A6HCmajhOaCVgBjwaBcaTw/RMp59rCeRkdufB/YdPimsKOXm0fFkfCT3GSmyoqH41zCUFUVzHcP+peg/YZreXB1iLbG0gLhCYPaGHG88t4Nw+ruOc6J0fBA4h4iimbDm27L5PqICZOswVdSglcCMQSApVTzs+FNsGKyu74RE7z/usa0rjEytg7FtvNtJzNvroea0NGPscdhPt2nONotsqAiFmoGRkqVgyt3r5+q5cqSJM8luPROe95fh4IullQKZdGL4kqgVIFnzXEpxXv+WImx5y1dOMUkzgduBB0+ZL27e8mDCAdQCCS5dfSCzc6a5KpfwP7lRsVpcY9fX4CKbqFGcDYHKqJzlC3j/D5re1nKRoTw3UvxvJz32rCaN81agUBwaBicuY8RJ6hM1bnF76+DjLrbUnLSIPWqnsIYF97AMPd2A9OkkbPB13NvP0fsPSX2sD70BnOnUPaIh1OnlVYb9pngXODryApTDAR/eOF1VKzBY/ag5v7SufH8rKQtNIEAAXlbVvtP0uK8WJrwCU3JYCKKjiBLSEiNpbDI18Sgq+RyS0n0ccIzAJF6uiX/6cFcHz56IQHrQ+eYrU7b1ClzR1SfvRtZ500ciErW1aICwqHYCSQOXRDxWFernIxjPVQgj/OCw14ZDlykqDN6a0j8/ODm+X80Nb70W14AHflSMOvC0e9/MKo+nnD24ccuK39xVoPxsWzu35fup5yK03kBkFqlIb/oaue+VQNQZ3bZ74F3/UpxxDhOZes9P4tjV/yxLR/75dvCOSP5BkYqjGGP/nzshQYP7ZGxuutdK7fDEV8qSTVpF93X8Its7+rWOqDmaTGtsugWI4Ntm+D2JzJTIRNkFg/ZhY3wY5z/vUwYsfKyRlMfQqyG7IPlmXrfl+E4Yb/mrDXXMhAETrW9yqGz/3XrJqL2mHfe3/4mJej/iGiPDEt2L4Zp0HawSGTSYt+tirb0RZYkDwSSPI3F7hzmaSFvIJX2MjxZcuIIMDajAaEgtvmYQAFhJEoDLzFFjdboGC30LiBTKsBhG5hZU3Ojnr4u+0ef2i3xtTPWmxpxU39tq2jOhtJaHYNXxQuWfEvqvpohLd0tkyYlXdq2sbS6r/W5TaZP9/NgeNKm1QcSAFWJjDABlU4WSM9WmKBXg58Pk5R70F7E/DUrCEyN/OnWAsbYyU0U/FKFx9Ah2L4rnRxvfqMJqZY1PVGpZcM4aO/chSIzqw/f5PDD8ubKmvy9wB5rGDqzTAflG/niqewLBYyg3RYsgJpZofru64NAgUFbw+bZNp4LUO1jmitn6/eB0sS8HcxwE4SnVDdZxADMgGFSs3sa8EycZ37Io1D07EyKJzmdI/k83jkUZJQWoK2AjMNfbK6A+ceRKzLjVwqPMxEQlv8qMQYsKtPfSo2yw8JOb8AcV6UDA/FFrj53XfVl94+bcKCxNz6DH+d5JUdk1wL9aIgAm1ilxHVPwiesLMbL7AhzF3rJRVddNp/N9aBI6q3MLNuIbZ1lYCyctXWxHGI3oIWnctWgfuBXwrub5UbzCllviahI0Nijvm4zgaTW7as0sLIRY4pM5htka7q5Eo0GMWVtbOIBdafUsDm2CEX3uaGQ3MUaIiYf2N1ZCM+do6fS9Z7gx5mEK6uPjH/LnXY/HpOrpJiGuM/ZXWV9RJVnCfripF3+wXhMty39sXlypSM8WukEiNwRCM7d8L7ux8xEh3YoO3W7hBBmJ9BXVihc72/OSc6iYa480sv2TFo7JQ0PhCYvyn5IJEvni3TWoVKdF/wRiD/LS8OzDwwmPfBguu+2bRu3LSOJm0EdD/obga/OTaOSLzBMjbasKXYT45V+9p1NUcWe5csrwlMoRL6pbrhkDJLKro7dluNM1U8/G96TIujDbAPNTuZ3ZB7G4zcYZVZNxdjhp8PMJCJH7m8mLaVVAXvpZboiIGCN+8rzD4jo8g6zUze9HAfyMTvAJb/mROslJnyMV6TipAL9DCC95XzVfLUU8Y3eQXRpWKTdkmF8IKmY4gKCcC4D0NLjUzU/rlV21r1XfQ7ruB3mIPZXXgEvSH5Zt+FzYEveShcxmcb0sgK7C/SM7yY548bei/d/Bxl5VS7hB6L9/xdlVTXcL3ZGAkaOKsUpDZYQ1ZO92snLXWITD2bf23Q/IB+MQYIAXzrcLIYhMv4/Zk5aigMyB9OoSEXpvwuQIFk7Mwn+qW7Gj5WlUUbI651xMSpXy6iirsB/nRWvHyjXBKnsjiASGvVC2X5ilGN/80JSRbQbwWpIux6+WDvdH5n7ukS2oAY/KmYqdFRRYhvhU1sZruod4zXorhzsUyenZe02LicSCMoAfv1JbGyLg7ATB9PkG9od8rsanmMcaVHaOxwr4x3snSusmvDDCfKWlVcLM8bA1j+A5D98HmPTa/qLBwKgwBKmhxwgclIcadvI6cjhnc+6c6SMR4rYW4k/3T8grKK4EuOjPiXtKJJ737A0BUW3ynzwNLr7/YnY7d9y0hyhn99MnAEDOjYf7n7jCFbfCVaw2o/6iA5x8dXFT8EtJXmj0SvPjZJM+aYbsVzCigpyxUPu5Rv35LaUwwpw/Vca/8TCGFAX+RuDvvZcd3roPQ3Tn4oEh/LANuSaV9OuqrBm8hEOufBg3sqlV42h7WuLCP0KT+AKZSs4lcf8vVh2YGhiGAO0+arsvwR7gjIqrmaLBP0LquTU0KrFuM9bwP4h3ShtLO3opMtYtmnQVCru5LU+saHFx4KDjk97Cr8t7ca+X55TUtDISuKVjyZdXkmdw0SkCgONdHA7CCTylQhkOvSgzKaxagJhftLzlvBKKb+PEkOg1nuCOvSU2Ovq2TQcQ5evKI+sLVB5ziBbNaOzmf+NY3kx/LvAvhh0Y3kkToOy0rv2q3rmi7AO6faVk2VsHNCjnE7Y/km9FUva+zB7jWcXFRD0W+R/PB6gLY5C7lQECDW5QFz2mhd+LQhonkHk8re44/1XJxeNJV2Rwxclf615VrkDjFai2/AI3xgPpi0eD7YrVWiwPeyWYm+n6+KVgQoarztPFd4ivxAh+/zXsPVM/MlfzzQrPw8x/Ao8Lbl/9h7r+ZXkSxf9NPM46nAm0eMQIAQ3r7cwHsnPJ/+ktq1+1Z1VZs5033O3IhRRe2/QJCZZK78LcMy41LuRYXrL8zRDunDS8DXOPnsn2ZgdfUD7El4yOB17uK189gNScadXM0oaq0/uHxraLfkK1tw+tYHsIKCMA3WCwrPjbxIyo5tbKstnk2fuE1OPf4wcnV9eQR9Kw587RhEY1Lqs8fJTyt577VDS+GA3eYQd2RXwMq9eglrNtMw1W6JlEQDxU2FSwJodGaZztuU0TwKTZbTez+n1OiY03zAbPSkye6T5bJwUkUjuVTQydTGsKmhGVbF2S8ujdwkq9O+2RV81B4wL7zYu7XlpcPvD/0AsY3f5BVp4SKnLGtIIrG81LxJq48AR2pcg4/3Z7YpGZxNonp+xLCfhUaWI2saezPmMspDuZr98B9+z98qdpLPerbnpTcVB3rc+FeiuB5oJDGPJOWjLJ0TNDkxMcGdRGWjImc3Q9HMJGBh74mJztZnz3ixldAVkaSYFpWLYYy3qpQk60P2nr1maR86y0Uyurwo7CAyfzbp25kanqYpmy33Vry11MUuZlkogs9hxNi8x/m9CWQI4HK3JStdfuNVUWjSAV2a1xW0HYhkO8W1QTNlmGGB8t2VenGwYjzJxLQXf3B0ow3RVxdjm1kuoX2OSEdRN7dzE0m+x0E728aImHKLKywxcwbgyJSisi683YIDKTsq/OInG/3mjn9kwVp5JaNXKLAGtSkCFIFvPs8oNpfJ4LePzvH6sQLlWqiB/7nQ5dsrGa1QsC0Bi3r+Fu0BTMnbOZV2zEryO51sfJ2ZN+7IVJ4vrh3kkn364dNM1fJbBCgJHd4RiGgSd1W7QcwteIhSmo4folIdnMwSX89E2geYSkp9qOwXA+jYPmSTEAunne0T7cxXdeJccnM0xAZxnsprN6z0mJWH9EB1kRG3pR27wNKe6i039qzfFtklFfcg3n14uqrTzej1+b5q1H0VWg64LJgBU15vwOvYbEQFxhP7InSzXqjIRQX6ngQtDqZ7x2vWmDd7GKnoDM0a+IWOyxPG6ICJfjN18bnjxY7vvh74YhMvQXgCD4leuzmaXfunUxYy8NJhBQ05BzFtn23S3bKx6fipCxfOE+l8i3gVtqno7jIv7fNjbTaZJxbyHo726baU7qPQuOMnuo3fbC2dU7C7v3dcb3nUApmKDdtqc3wE/Cia1EIW+AUj2kuaYJW88aYaxnHdzg45XqbKeZjNeZVTFUZEL4BCzcP95s/t0fDVf7hg2gK9fD7m8GE4VIh9E5vjaCRn31fKtFcHg+Teko/7bszN0R88Ihn6lGfIAc0tHljMicCvKB3ePl4uBoPO41lunLkBNc0j9YbB1KH62J8oL9E1exhyABhl8rRtzgXRmL3BXVz1NSbGuBYujMvC7sCQk3JQPj52+KhL5skSLv4ZNm9YlO4SU3flymUp9VzVKr/G3+GcZgn0cW5N/W7oeDI9F5GVxtFEFNt1SpNYixMTvm9F8xlLyV2ZcSuKtwI8R8/zkxGnQk2ToQJtHhYT16pTzk02pLt1WFkwX2YePt5f+Q7wkAdb3MKr5k7HNHbg3d7Xx5d12CgINY92gOBxjt5m8TesofX6YikKeSZFDyfsJ6viIAgMhjIheQK8YXIZJDRPkZXrdAMvmd4EcjJ7sFBnBz/Y0GJWpMpWpuR3pPJbdpiswcZNUhlIBUA5xQMwRTYRlZ1v8PJVQ955b5NHajKGW7mstSemA5C44Gbf37X0dSl6kvlF2tIFeAAWlpMUtOUdvmfSRSNTdXIDKmVzt+RD9rTLyE7PdWMvjm92yhOpw9ElMmCO6Rm0bB+P9Gnw6PGwEXEljxNRv7H12CD4zSrxWoogSj+y0Yji3ltGy/wa20O49YB4Ec5tvdzhlpMXvxfh4qSetuxEBkNThZc8ncxeoTRvpyla34qe664ggHdyujc9m8KTiFwz3fx5MRn5qutzGu5p2PjwFO0Hz7Cwk3MzVZ/j3n1fMRr0RRQOw39oowL720z9Ex0MMty2LM+1LK/a9MMOavI0NXwHLFEwzaCc6U/8dOOuagrCAuJdxQYPaTF4QyPfHjyJ3iriAiWdyzdR0uNCUMIqLO9QcCi08xq88jd3F5k/WvBaRWB0qEjFsqw04JUVQqb3Q99mW30lmoxrY5ztwKXOfleQH9teSlD0oRSvlyClsguWsYF5FeCbXYfYS2ncCGsPO46tR84nUOIcx2Ymh7UdkMjENxbIyfMQce9GFW37IaM+9l1dyF2VgRA8omJ/UprEXHQj+u29PYAFlU1aeOZ8gUxf2BrauJ6prO0IaXmLdEZHdcrnkNdvZVcdy0zaK4z91iorzX+Nmmy/586GpmHE7d7amYcmWefOAbNmIUpvlmh9aXgp3ptTtW86IutdauZeLkgt9SUT7yliUgs2EUTtzM7lQjDDReUTb9phOQ23IY7JKj+Lrb/6pVknt1zfafNCrpbWd659kkawWJpZAihbN0aHHH+1J1nFCDnOHwOPbemTSksOf4V2l+MBQjesoo5KTBqRlhuMul2T20cAjuUaeZCWBCuK6GPtO5EDy3IjYOUMzpp6Vy4avXYm9eKSHU0OeeTwYx7hmyTmHJhm5S03n5WXHkxWxiurKswnRCeBEx6ME0DpoSrSE0+VYNxaxNGLwhrCfRiWVOhuBcWJZrLdd9x3hCL1PpA9bMQqWqxDDVM36CV4bR3k+4MgE65RoIpBKGckvNR3ucmjcG3wBLu8qtkCQkg2vWQegFcOXpaUitRX02Sy7qb7pr13xy6sQcw5jXzamoyJz731QPyPW06QbcfmRz86GUnOSeFRcbslg9TCyX1tHXh/9fQo8FU/5OgO56FIKbQP+e/ZDC0aeLe8eS6i9TcGuGSj7Y2zckxgxli3EDEenjDt8gvlEtZee2s4RblLYQezQqBED7s1Q0QJL8s2bwlGwUO6rSVYclzORB8I2p0FutMhcevIfACpH5zVQ1bNIg7d31I7c1ltjcfnfC3Og6YY+1lX0vUgH/bMrOmxpInNrM2TFbK+tTtle49cZw1+Jbfzx4/ymw6o4jDqgV2BZcyI4lyC0oujF9jfS+mpeWsRJCjkeaLXp3GOrU3VsKe2IZIrCeYHQxXZYJVZoTEZxIP19LkqlWBl8mOVR17UFThfhfJm2s3oHE9XzZ7iKzvhV3vitDQMwxrQrFjvtyrg4q8z61J0ncwqpRP9DVBG4KfzxQ67VzPZ8EGz/muHviyEakoGSgCA1Im1xop6MhWa9jd0miQX91mcjjnHvnOubdkPZgKzsmoZj4/fMgg0wySboHzp865BJCPCRjFeyi9qolntkpqO5oYCJbewuCHQGEcitqyLVbGcO6HIwykhcfKBeGG2/hnPQlc+KWGcL8pdTf2WL/gyeJEqcShwuTvMK38BYwt//UjD/biwb3Y5n8TKoM7GT1qYZ4YrbmTzXCi9m8GlHmGguJlpSa+vyFVEHcISPZF2k3GYbyt7GiCHdu5UMp6T4MGM90EV78/4VFrESzyoMI5TqZQUfUNxum5IkCRPMUshb2Olh/rApQzl2EeSWltrnhLTNbfkUiqlHycJIRHK8MA3aOvmJRtVq0x60r1WiYWQ5qxT6PiWtv3xdtnOQ0hs2QRWpAdsM7IxiNMxBxoQwt2E+exosxBSmQn1vFZ99y0oDJVM2Eko3qnrh7olzyPhOflHcxmwU7C14vEgw7dwGagiTGq1B7dEMyup9Go2dQm4e+JniX4W+jcjneQ3Wyj0idk4QhvaG7wlds2EtYDZLsG0LJO8+qblzAQWBAnGvnGSHMAURL21JshVzsLfTdNpeVJ+T10Icarrp9knlyr3MmOKRqyhCGhyhpAISHSdxwGr5zY0AR3DrWUxr5U/pHfiHQE11kheKcL5fDt4LjTNEcvFCqy40hp+hSe8efqcd2p4rEyvW5N1JsZIk0YIz8CmHA2Mq1ydpgyLD8i2LtphYNNkrEm9+tbfQsjZ/m6Bd1TATQtHgkFxWEdv4wLAyNcLHph7wojtz2BkIu5BfvPJGPY0DQpKExwlrl6W+NQPBvkZNESvemZaqB4Hc64gG11axTdpDs1t902Mt7uSjbcwg3Vi1F1J69gDNH88kW4L3DOjCLhoCe/+lWY6STRNdhz78WhoXTzk8LVTtmhmOfaBbzlgVHHgiYwcK8XywmQrsTfnGgsH9bu89dvO8Alg1I0eT9uoV7/lAjSc6imoCq7Z7X7+PJ/OeflqP4gZURGXIezuA4++afkntjcYHobC1HRv6bnmY/x1oXmKdQISmJiwoo3Ovy//JS2XWXfwJ0RUkVQfYpgTWz+qL1xlmdxhrGjQWojLGw+jF6B8hvq3+Pnox22Gasbj/aiNb0aHHD5NYNhMOz9S1zQXPzOeYT4XIl0nPEqp3DaZfXYvb1a487RzqOBdOVjfnlKrHAysshKg90w4XRAuCLa6/poup2vfPVYQ5LcCyFEpvTA5Bb3v5QGLYj4lKQTZzbwtKWxNZkZeU8L1nXk2XDlkDOpqlMAgaiim8/KNbg0H+/Mwz8EpGoGQmVdFMhW0G2dKT2Jfak85sqzTpvs9eEVFqFXx5Eq36sN5c2i1Ype3/cwLDrcyieCXrXEmPkjRy1r0TBFwOsUMrOLRR23nRBf1cfHR8Gj99BMo6GMbPu5nO6rxJSsdpSNBXV4tITC6HKlkXCjwqhyyGtpjFfD0o+c+ZzRleF1LeLbfqjuHP5TaIhpu+qByJjy2nWie04ubTGU2BGeJ4teNgePrMUuGoGFLM9QUq50bj5N817SRNBTV0Ro5JsXA0H9NUqG5H+zNnddNdhc0dNIJc0dPGjEqJBtQioRnyrXTlr9PC3WeEcs0eenLsTISpgnfqrtm1/GmLLRiNh/d2Jm1BnZEq9IZwecfcPmC9dUjG8wmX7EPYJCxpgYH2bfRxNpcxnhmxkQwY782MfTUfeFjZa+slut9zhWsNVdp7yw+8KRrAkbxZFFbF2iYm9GfvuMNRVwWOL3PawoDz0bMLGBcVhngrbe99XI8z5O9lfFCLmFXJeBm/9CCVKcqHNhnmlHIvOLAd7b/gOBz4fF02TePdbv/9fRfIAvgArvmRGVjT0J7MewQLhYS1S5kC1HnU1Fk3Eru1wTkvMKZsr5UmpaxyiQVPDPfFPKew7zzqat4GCWg4laTx3lyB73bKj30ZUiOjZwSiOIAo16zRYh27kql2YGzuYjSRafTlyU/7GXF5bfOqPXGFFkTury/A9UUcx5sn7EvO2OvXJoFpJXVQgluMRCYhd/XC/sEApzGb45THCfd7KKJNyJnAZPZQ3otI7Hi5/XDX5BdV0ZLvKKukMVUEGx9Kw2iRx8ww4eoxprz3u9YYIsswaYu4e9xorYs7b0zmZfWaxRdZbAKnVAEdsQeEDKyokLKYnPLETywjT6O4dVX3qOG2FPVyUriLw8TaOMKhTjrEp3sFADCHdcI174XRpQJwuFb6vJ6+5qmV4q53bQnSQslxawcb+mKUhS5as29b0eoIVygys5wFCYBy4Hg+snHdOUlcOzNawkXmAg+9Zv4NAAfQ8Zw+g2QJNeC/cvlnkH4p0+fmFSUEyFAx8ZnM7BuYcOsk6nzvMKttIn1OceyUDq863pMpb1Yf/jBPAxYIm5I1dQqayi+1L1lgH1uXLlPrPr6zsfZ+CCmIKtUeTaz4xz2UMbIC7XzZ9E57j23zy9rHJqngH6ukfPt/uFFypHaD6BVZFl4GW8/zderEhd1/paGjR/etH9iQDpaUsqHYBuW+IigYN4ut6i0gB6rZ/4gWwyejycmxHLwnlVteL2OFU0Pt7Xe54MSHOrlv9oHOs2QqT0ayN/wZIu2YfOpdyy95AAu6h3Xw241ArJ8HlXbvTHlzTw7BKIGgfcFrnCQsTx4bDwtMFpRzY3MydY5GKDJJnTg3P+t1cCyOgNCyZEE54zCn23dfqv9Lq0velVQNVDy1m7lb3GmNhqxydHltQtp9437ud1AB8+9mpZiaRXJ1kO2cw54GS9Ps/Ay/jOMa7/LQA4qmmB07Z6LzXmbuMgsJVozJspn8jKG2kh2W03epWIpHWT30gs8aU1s75VtvVsAa5Fbcu9xakmjjJLHFZCBABOOghvUzEqHZgKV2nqievEkgPSXbys2+6++k9uPToSeVpjc+5VvQ33q7ib0SO4xPtndqO+9YiCUuEKct7cs2AwqEXRpStZoca9AK8Yf8fpUt+Ylj7cktlmuak89N6MyVs4ITdnQONXNEDJwKF/OYnpHH3SgFp/Ar3dTTu2wrUCijuNNFQRxs4j4ZTDmPt2+n0nr35xyJdmCrMqieRMXtfLwN80damHUgx3wioFSpsa6zp/nQKEuOllIBFK/sRnLI4afbSJdMeuZXu9631QtQLblPOw60Crn5a5825rx1CDZGZWRwhzVBKHKrCDempfDBt+oVAt/fAWGWbIgXuczgjm/pTXeT86NMy6EP8nwbo6ATOqP2MsD40cTtDA8STFp/y0xSH0o/TDGNrcNu8VupiArhpkAHVcupyClGTKsnM/uKNV4i8Zk0K2i6PGxPHUqmYd8X5opqz9Nj199+jE0E2MyAt1Ltu1MlicC/fXEsimaUCzPwns/IU6631vCPh1PZKrihaSky5AG/TSZyoADw2gdn8XItjbf0T1DjxXGG5LO22fuQMINryGK807NOY9UzMOopJ0nxKXAULE/Xe3gWX4zci1CJ/5pwbe+SeRJHqHwFlHPvr0hvd8EupuizgspBXno1roj2yMDE0Fo79dazvhQZgE5Kh8capWIPm3/A4zRFEk4vAkN/iSkIhrRwyxpzeSWr3Z/AoA8Vc8nNckhkuXMbrHQE2XrBnZcPmRtgeA4Y97uN3KlkyLACj+Z+QqT2EiNyBontDq1/DQbwJmXLwayH4E/KL0BUNvuJOSoblLLc3zKiDA16hyU0W6HeACdMfbgunKQ9i1lh1l9rYy+J1nfVFxjOoNJBaf1GC7c3l3Q/T5m/aUgYN/0sx6TdmzppKevtD10KLZ2VibkGS0D3Q9yus+MdmKQCDoceJ1U3Or7yH7ZPED7jalTiU5NkT661Zm6UnRfxWMPjmXcpFSRGQqiM0DXg5h3yCKi85vifSmnkNiSpAgorSWpxSbsUiDV7priwDIIdIW6elG0FZzkFRMnCQHLI/7lSGYkh+Jn2oDVbZO7zwd/Bs8Qa8uXZraFKDy48nkJTc2w7joQ37RTj1tN9k4TAOYTC4AkRreAnW/JxIuDbujfeDS5eUyRPPXixyu85OgF69ay56/MAsvK14DxfpzXRSvhUJdBuc7AQzy+N1hrtm1xZUIlf7KDnWxT4vx3v2YlnD8o9glrZMC9YyprsOWCGuicxdocqvRBifgoFZJrZp7O6LzYPgqvQCBYhlbIcR8Boa6m4jYMRqldh5jGw6ms01ufOKSyiGyH2PJcD8cQx9dT+MzPiNOyW30Pb2kwRV4DMeDLZ5fte/9WzDVguemxn3j1VwxerqP4oLzD0U3WORZgfXYROPPCZ49a+rw9qK0vrfuQ3WKQ3Sf6nCsfec0ttW2zWEhnxn7uzrYkIJVheYYLaf5w9UJpFZa+HiGwL+zrZKZd5v6g5WUumfGDHM8ppD8sF/VPvH/RLL5opGg6LH+rDa/LOyVFmoiXS3EkQZ/BzEyMM7AajBzNN8oR7R1TFD/GPEjM6zAxp5eNdwEMGQ8WUsGaIg3/urX34uZUSCL2NAvntaHoxFjLhR7cCKZDY1FvTqJHTWh/DdpKTPDBNwT/ODvFDcsKGFEaT+8pDr63+hMouVkIzdbix1xW1UM5U+u33usDpWlRC7TUnJKD/8SXjIZE8uBBtTRWpG1v4soHLGWCi6M+0jOxCniLMMxDVSQ4UMjzPkLgxWm8qpB2bXxCqWwnZMfipziyAssvx84I9SvHVKZ1XGOxaOLBwuwHFP8RoM0nS2R9EblES7JQ98c4+LAzwy/j7j3m028hmqDWstVBB+59FHPKDLCYr9+iCEyn99kFGG6EpdPz3ZTExYn1lQJfpv4l4VPjTy59NVsq0i6tcMFExo/e7JhbFNDCW2pubXJHq7QiujSUutYRYsrvAYdST04Y+gq+xvuKa2MQz06ae55ZWgPS1aVDLO4IAzlLuq0kjKvXqB/Za1nO4SeSOFtXmNMPAwaPqfxc/HcK+Q+sK1eG2b7FBAYOHrNLkDc+XbkDPz87UMK6C9SpVgomk9cHFREKRJUsLh3lhU0aGkPXeizrqj1Fn5ExWm0fli/NHcK1hZNa3lsd4y5OE1V9v+nhgQnPYPh8xPd+7cMH0RRRPvYd1MFma2HIV9Kvmkhp4rYpzv19M9D3rfh0dzdL/AEVlVf+7kbAIEqk4ECGX4Mk9kQLOeLapIW5fOtQiqRKtg/b0s+sC25lK8rYrUmwjV/5n+N4Y2/hXZKbCHCrEifb313EnnHtW08ew5woklJPgIAFiM+l4n15kqv5z+2YqCeOGgyJBXH8qU224LZnrjURuqu8vWvEga45XbAbC8YiiOIuUe8vCIN8kWxUVpblTz/eR7MNHECMNu4i+q0EztW5wWcrK1hvHHmIW2Ex+QnsDaGp/VrY+Ts6yIjqmd7Rx81/7YdmIcyNc/YB3FTqVjUzSsPe8A5mFSn8AjPTVew+DVaIVJ3X9IqwcK3rM9lHNKjke8/qxa58K15SqH1j5Mj3rX8mQ+Mhc0o/V6SJX6iMNAV2j47/Vo9WafPT5S+1SUZPgIc9qzLelMbZL92vORBnfl6pvxkWmD4ppJoA2FtanTY2K2Wu9Rz8k2nS/bWBMayLmkhIF5XS9VGPqRK++TWJdAnIbGs+PwTAwnIAYEFeAn1phufrFJ5nn+d/9mZOSrc3l7yqUvemj33/9TreTjuADMfX7USXmzIhShpjwMdyXM1UcC6QpP9A+f9A2XzoF6u6svsIRn49vnXpqj3vM9zQVTenhqyov9ENUq2fNyxn+73jP5Ab6aAx+mT9AtpDELUU+Q6yVs8Pdoi2rv6jW/8LxX9cuGWfJTt+XPi9F338B8p1h5gNXbaArPbQr7/iCPILqKEJ7jp/nAKFgcDhXqVL+eMUTf04VWZVUS4/7/wFRn+cjuYfp4q/NA9w+UenYLMfXNa2P8fw/Y5AVfp3ngOnf32OqF2zH9f9B0K0d89sWt2ACM2/Tsx9dlqH5dfp+l/zd4JvuoZgBFT5+fnj/a349e+3kXmM+n93K/uvcwXa6YdPF4Gn/t4N/VO9WNlnq0CdP4iv5mS4l/SeVyLqxvu3Pp7H3wwESFvfsfwrn/J/geH+Vzr4r07A8779/pHZoqqN4qqtlv/jE/B/8en/+lFfQ5TeF7NRG/VJ1d9CHARW6NdJ4oY+WT83OiTnPxj13z793Vk/zyK/ezLkRhNwfi+rJbPGKAGn908EBlYuXfuFqP8ixqH3cdRWt4yI8rdKtGQfcEHVttzQDp/vMND8+7nPA4Crkqhlfr2hq9IUtML+ESjh/ywkIhT8C0X8DhLRP8FEDCN/Qcg/4iKC/JtAkYD+b4Lib+kZg6A/NmOXnypffiVL8wGqPny/yjzL/fpV+379Hzr8T9Ah+Ts6RMj/DnSI/oEO+Wgu4yH6pL8utHprFMs9WT8xar4PwDSBn+4xVKAONPRVNyFriZb79++pv1rsz7D2aQaGAv3jNU/vIXyvBQc3v8haNkqa4tvGz5Xrhx6szbx8hib7zXJSSIwSxF9+8X6dXOSPC5/iGZVi9/niE6XVvba/+Y0mU4gk/2ly+5U+sT8jt/Keruu+KGp/ffh/ATnBv5fy/kzMw+hffl71W0oifyLPv56UsD+BtL+igt+s8VxG6bD/OiV/WXDoz2bwb27Mu40RtNwd9xKO5S/R5zPsM/LLvfTVmKUMOAStg2mCfgFEkYIJxEAv/bAkX8LA/5xW/rPr/gdUSVKE+nPi+gvi/J54f6XofwF5UAT8C00TBI0TOAKTKP07aiGpP1ILCf1CUT+vhlEI+xMd4d9GOPj/EM7/LwgHx4hf8P9epEP9tyGdeu1Gqf8d5cD4T8JBwYJ+r3xmEegTx/82Z/vjQv/X6Kutxuevj/mndPMnhCbcHxT9I3HS38+/htbQ3/MwGP8jKv0Eqt/SEv3voiXyf2DoXwJDP+kN/teQyY1IMPwbRIJ/D0ko/N8Mkkjif8jovyEZkX/F2H5PRiT930skQv8JIgJMY/yTGcfBf7+uzG/O//j8mcZEfD//qWlGoGTo+yxZovjncKC/r7D8lV2a+BONhYT+BO4x7N82x39mgvmvaK3/SUUVJVAaTf8ZRTVJMvy7Uf5Tu/FPbR+/06z/uN5/nxj/8Wb7P7Kaoxf2xJY3/88nRKtupSU/Iv5sNR/HkvXpl0IR6NEXVZ/9PbsE/I9X+Pcr9TdMB3me0t/t9Ec7E5IkfxPu/mrl/hrsl2H8SWL6MFdLNfwpb3j91QV/4RF/tIL97pXUP0Fb/3pq+fkr9Dto+BPtlPgzQRD+t9ES8meS4A+TZvwf/4xplvh7pllw8X1R/oPI/r/r/jjnv2nif7dTp6/yKgOmPGZdvpao6EsZPx/n8yc22x8D/MPp+K/P/eHEv+vJsL83nf+bj/CvhYG/JfX8dldTf3NX/ymIRDj0NzW2f99W/AUh6N98/urNCflHUZug6F9I9I+7819hZvzzzUn+Y7b9UyCuuqgA8/X9y8zjLbD8FK5/HuTVAZb9bwJoPCzL0P3Npfu1Bz6Nluim1h+HiDCCd3pc5bKauUOKWAzAjeBtOeXDKe5vPviHlzgmAH8rSR/7r6OB/7ZMSGI+M5YQBjjR7pbQXveX12NnGO5QWUaeEvE+wbLp6Aol5D1gVeveW2zhZSjSVWjhWOwzPz78gWl9uSQi3Kbio8hEeI57lch4qAo8cws6hwDHsedCgUVV0rMg7mv2VJxpqS3fDsfyMSq3Eu+sbw7bpRpT7kEX+lNuwnq0zEfwlzaTzgQJ6Ib0ae5aRW0pmqKvPrleHX2GJ3VodoO/LuZ8XdL58u/7K/jKPBwK/GK5769/tv2b9h+h/66Trr3H025xxZ6hGBCBJ2+pb9BSJf3l+p///+X57mewHYiWuhJKnwzxOuk1Of8yP3UMtoQo7K/rsaocvcT3s3PV79uSnuUSi/il9W/I6dzfPdvdx/rr/K0BQi8vtCwTjjpeNbMlsIknorPd91wx6p4B4lqhF9RSMfy+fY7FYu9Yk2sE6/VPjvXvjdMcwy74u+3c89iF1Y9x/na+f8z5TScP+K01ZnvPORJ6pph09CL9WIs98OUrdL/PdtOG3CYIDSfdu/3rdn609WPOtK5dE9Qs4/s6ywFhemBlXl07hvxwmg8JUh3jetd3t3xwqI6DGLYBvZ1g15zgel/GodYFZtr7drcCZpGIPPxKReGedVc2+b/X8706qLuEN4X9tmfz9z1f/3zP9zzWqQe3cW/+oWedo+81ZN+2DWhWHtPObcxe3mL7b87xPzE6zf7Ho/uV0gnz743uL73+M6uh8f98r9bfWY1vr/zIJ51bpiJ9uiK9xTzO/qBH1ohEGorR9xCjTGFAaqHWzPG2mMH2hPpe5e9vyq99ac37DD3hPic7MULP+u/3EvWl63rUb7oFM1B+8aLGjntdoMgLO62hz8hz13us9zG9/uZ+6oX+Cdb8xDmO/mKO05jifc997Q98/OLlvbbftGg0cyN1qLey+RCc7P1ZcqNLnoIH3KabPfvmGUBQyVftB0sX7ZI8zzJu1m7txsYQnqeycuJQPdpO7gQUD1qW1kDOn4IF7uiucOwVNpCvhs5CQXUEmDEeSTkzsWLUNmrr30qgFA2T9uaP3Tq17UqOVkaCgIhsQBvqUNPcX745xIC3PI5uuZLVP7zeuPpKYqgbcDzVDpfOkvQZopgWEwTiv74ecx33rn2jDuJrxUPqOZwr5n9gCjihE279DaL00U9MVCAVj2sAD1ZklcDPSax3X3/M91Nz7LVKCt8LID01Meqd9nSbvniS3W7ZjSU/z5Kc0G+5mxpzVHo7hoy8bljTQZUIfI8UYzrIZf26NwL/RjXdCvtjqUweszm4hmd02GK2d4pA5KdLceW4kL4d6GU8kQDtD+W6bPra6sHR03Cuqvlbr4356VUZJwId9DUrGXaS0zBIIj28xjqa3xWIFn3zuas+RlZ3CpAx5UT3lKgIlUedeH5/3ZGJx5Cfm/0uyAb94WsYRUwx1PsFb1IFXDPpkLzgsijeCDjyWLSKibyuq44QM/I9XVM/h5UBohDQK4B7Ml+GGWGw5pl/1yGS9KFPnhg9+iTZqEWeul+PT4xurvCsd1BV6HFVHnCAXncf5zD9Wmfr8/VVTaK52IBLPRsS4KZWL5CrrV5XIJKzYBqcCeJW6Ad8vGfdxNH86yupam+hIMqwiZ7CcQhQnvDYvQ2/Ad8goTrLb8tSP4gLLSgXcn74uxZHRoskkyexTdcoZJnk9tx7xzrk3YXSBo90kmwpbDOE+rJelfzW1/W7ppCoMfhaYjHJN1quL+m077QD7TIlRSiKWsqAfJKvby4SthzvX2CRnBR4Y3+sg3SQORwIEPMAqjiwHNKL09iFojzshkCo/vOn/2cI2TMPHrcsYEh4nMhVDZPLyQWrW+6nuocW29d76kEmSUx5Y2/gIzrAfqG3EIg12f0Zvb/DPHmQJKPy+ZoMnV9l4jpgTvHMxVC8ZzwIYts8uGtn9wPLyA17NlEXf0Mhmt1pluD55oGTr4Af0Ajypj1BANhoq/2PZ8SHcLd1xiaOBHqoJj0ghdNEFwaiNe4pJxsXeWciHkjQSSgpBTyWj4GfuVfWRUN2PFiSIshPSquqtzJP0s0rfJ7Z+MZ+yYX73pDd68cKhwNDSl3d7cn9BBDGrN8aqxG/XQwJUvM8w2gi8mlCGg8rlRl4NJfmFDAfjHMLHaUvWdBVD6TtQiOrjngbOXRN/6wHMQZb9WMvZJH6stwXvedt/AxSVtU7lBPePbGDbJdJPV7oQhk/d052AsQEKYEFEkR6PLCi3tD4STjwa1YJw3Yw1aIUGCfRzivNFJeCH6NqJwYnSjxV6o9mWNRwMU8Ro/rGAgkYDSV+hAhw1p5IonB7e4ZKBXsmzOp9qc/bzU3Ta7O1oezDtEbNGvXuDhWanyAC31xiQXAVSV6TonIOQnnu79hZurcOGzG9cR8P87gZGyuA2eSK7YBqAjRmrLXXZSwiUHI0Bd54ux/uRNaQ1fqAw9XMVjxKeanzXDMoujGxD3UYaKI4JYZkj+Ntz+f5Ksg6+Pq/u2sR8rwEwif2IgoxGjgs++vI2CgJ86hnaMfNhwy6ickssm62+Wl14ROH2PT5xC0KyC+zw7EbVeGBXwy81dHKqdwTpmCfTDFIv/wLhCBP2xwMn0qTyVx94zwIE3QfdrEvmST19RozYCu+32jMP9zCYZRTXCv6gzyelrmVNlyfIP8WkYCEXEJH9ySavkrWTmx4npWKIern2zRCsLj1Whjt6GDemJ2wNGW0a1EFb0RhXtY7jW5BnoHL0tGIJ/ez3Voem3gY9lohhchmcLg1OaFtOLH38zOpSLDz5iNmbwZHhzbBQuE3fGUJ92JxDTVmmPFHlJfwUgng6r2YND07+FJ5kJbwOSXhhVEqa/5lAtCLQlo/DIPzdaubwyK/y3fNkOiTCfj3Z1pB+qke+yaPs8w0kw9jJ4W1xg2HZh82KN/EGqVhb/lO0jwVK3EKWY2GA997DPHqj8PuekZVD3ZQUH2vXWY2V0mSOH3NW8fADBzeDsJ8celUkY+Pz7xfgeuX3fhAnu2DSKtrXwkauZbFAxgiHp6wg7wkPfnNjcv7+NUo20Ez/NYMhYzmHdl6/bSOSpGC6M3Zzg1mUiawLdLEA1EN4edmMy1haE9eGpsd5XmunEbzCQ+54PtOg+I1QyP5uQriLRX5XDbumx8sDKezxkkW4kjpLYi46IdpJGtOARKCVpPJjN17nY1ngWMh/hkPdg6CJw3vpXBX0FVQ318OUr9mpDLpOOizxM+ybySDfzIubLBm9t5QZE9vodKF7u3ovgdajYVqDx6ACmq0QPfDndHXN4vBYy91f2nOYUQu1mVQriXIUnxMhLSWC24ja5B2gtFDohAwj1sQve7ZLwcfIjbaJhv+LA5tiNPzGRL2LfiMrcq9cKx6wcqb6ad37zT6RmTrh2zIC8hR4jfbtbJJ3YNfgyJ2g+Id0a0cGql+ldgPbu7XHKfIIJR+G2Kc5qwuzGJ0zjiVf4I6uAoystNSCRLfKoVALE2eD9SUIkZ2g0ws91APsnraSbIwItmIJG/vT4fD5HbtbJvpm8v26TfbHLnh3Ts2eWb5d/5MhdnQflACqmT0AZZ340UH7NvlJRWT02mWXUkkWEUnQTKrDLrighalUpsfE8w3KMPeIK3HrOeKSWl53KmDepehmB2hlaa4GqJ1TfMjc+8xZZmEd77aRmhn/lODlQTfYlnMlr/ww4Uteh/E4CqJySho/+5RwazeM7sycP4aGWiqZh4jn+SlBMfq11Ci3eoJhvm4/Nm2Div99YlSudQB8RKpdBGEklyITkgU+tj803ImEJ1VBM4jVIAgpG+L/Zql46Imxx8vxkdE/mnVePZAayDI5eTRr2Svf3mUZk8CVZYx4kOPZvISWz4mVtkR7zHW2SAzbiRPVloouwb2miG187L3vizdc+deC3ZrLzGHCGGUMM8eblZ9dheppArWQHXs3k0Tli7SOvhWJHZOkpML3g6bzcL3UrdPvROazUSfNXn2KJrEv66dfW/+Og+fK45DexzwvDUMzJOZaflWEh5FuU/fTPHaK+/hig4UH1rpBX3Kk42ogsurdsso6kJzRzW9LhVrgXR+Eey7r6GS5D87I3HIPeSB5coEB/rg21kZvwHxfF4UQT+iYrII5MxllEZpT1rS41Ftnwz8XDUuUQk/3Vg6ydicJRjnYTcJMtu3eAkxgeHzjSdoe8RoEmO113YsTol0zm5JuLbQbSmU06W85YpYgcD2lbKItv64L8PRQNXzTxCO7UNcBg2kh/K/YVaOwYPJR1LnlS36u/RAxgvWFEaZM7Cx4EaKdJynCKl1Q6BZ+NwT3Aeh4WxSzMFXRhKTmyqePvs4BThUVzaYVEUcGNiyvrXLSaeGHhoVdzz3TshbndNlQ8C8QQ46k9Rumu2fM/1Jsy9Wxi9FHt77DR7lS6rLxmMZ67DvKQsSLLr1Ksgt3jljkxeOTNAxKXyKvxjBnvXUpRhxT045grYB6Ei3JpK0kXmEou9Di4DZNnHr6HVO73L4KI/6qtN0xVbT4d0m8hkAqjnUtZ3qIbcK0c/TsIudBdJgz4giu83uq7eKdQAu0/EmvBj4vXaArxdvkHhkcmwIzcGU6oj2wS8CFi7YmBVNxpvrVSLVKZxk5d7M4BP4bRsteJoUYT2RkwcT2vmDLpJz9JI5Tl/X6cHetqQSLk5W70SI9i7pAvmojplBpRxhce5TI8VanaxBMyX21g8GHBSVOb5JRtezqs4g4g3Tj2kqJl/Yj+sFqrsINRb3O/NDRyMMUIVGOAJuHulZj13W7y/DlRPvCqQd1TV6ie67w6ffplQPJ+SHeVnyS/Js6MQEKuzMo5KYQGIIIGp/zHRjuqyl/IcFgrOB4kXnO4pBwykqJezKKBxMA4kmffaN+IN4Deg7TwjFm74vx8WQ6FVEjJjSx91/j0DUOYiUuJa3/SoipHFlJVDF5z2dSwVjnUCiIF7WIPWTexVoqvMqnrM1k/mxv0FUGrqmRdIRSz93R6SJzWAYf1vcR2/zPyT1m4vrXBq8p7l9DnvrRVlwaMtBz+Ox2caReV6laHCKbmil5mlyVavyTsLSmTUpstOkTYcZ4o46ZFqQnk4oZiedv+UZSwxohsukjhRs0BSN9ixuuP3D7+d2WSrd+3g6Tx0Zcb6h7x66VyJAyUsU+5hFIZ+ZBVGW3+rEw290qNxzq6vp8YKChvX3roLlV+AsvmsxF3aY9A2TtyjqrJZsclvTS11P9MbcBc9DvBUYet694psFuNSch68YMYq8kzrOL7Hx94zUCPtI9jFcAG2jnblenqee0LSo7kezx6QPkoJFfLmkeTRTgQJzC3RwFUpP9ZOjD1e+ha4N4Ak2QqfYaithGZ+tUCQBYTKHc7Qo3RncuVSZTjoLCw/O2/1kzqlXPawBz7q1NUjGKBHbKjqEI+BlI5sv07ChfqpbtCqbL61qEQMCjp2c1yH1Ue9BoMiwf4sl9b2zlUte8jX0XukoMds7viVdFHlK+eXeRKMp/pwn6Gqke9X5Ic7xzUPmNVntP2TZOjS6BpNbsOwLDmVVnFvI5X0EYujZbUPJwZ7KwBNsR5x2etE365rOr4WDqUWYy5eJyY58rprCW4rBvpmC76N+6OuKI2XD7DER9ojGrGFjmSmcd2HTF7bQ5QiZlcikzJtMJMC919d4LclhjPYL4DTL15D0ITmrEsp+pErzm0iuHu7BudkGk3GmwOGlsKkhbe8aziFplddjSwFNXw+G5lp71T46eVq3Suxk0chJcHPGO/qaZMbXbNoJxuNWvW5hDQ9LbxwnprzRvFDIJec1LILsBuQkMNFExL22Glfskd/a4rOgs6dVpSXm6ksSkZvSgBQ31rTuQPb1LSuM7Ee4WVnYxqJr0JNARPlQDe6lzZ4K+G8TjIQatG9TCcwm2x5n4dCCAuLsq4bvoYsxB8B+0crLCbyXrih86EcryjYnHFE0UJUbyDsvC4+PaMkrkPxYaoafF+/zNkoEei7/0LjkE1nUDKS/9TeaGLzRTeK5ZKt+Y4iX3qnvI0swzfuBmqmanuSGgmfgV8A7ZCaGI+MJV9q9ZowfweZzyGWBIRDqYbxmo/VAyO4nkt3eMnqQXWSa7afwyDMqVchBs8uVJqgi9hGKClL6+SBA4uyeAY/mzUnt8MIgiwqT28BWt5fKr4HGzevZtBfNaSPGIrp+JgJhJqDWOCsM4tfW8j4MkJ8JGRjcqHbpcljPeQony3JqFEOFTSqQW9s8o+RpA6fdDbyT313ZTLZdoYTBHClBxNFLRnuVrz0Ngy2eRHh0BXiGuryBC9gOibyOhH7o2csCFp4JDK2ljofgcOpgs59JGz0GT5KHzW6M+1WuuWphrGWs5WztBHv5ZhQ41x7rKPWxtic7htfjdNBN3DzvIxmwbazQgU6Cn87W4h50y9zszz3VKduj+vpplcSdQv9EymK9PtE3vcvx2qHdFDeCe2BiwGgOk+a6l07Up6W8t5faL/dSYpMUgeRtuKaDvsJLFxAvlMdKpj9mwhgZTBCYogwZ9cVqTDgjBlhuFE0wzpd7iy5cNJyHm8JPh31aGZQ8VzowZ3FH7SFxxuCt43gIO5hIx9YchXTtq5IrjGIRwoKAIiBXUwF92gkOpOTDCnPgpnquOmpKihWr67fofWopCmyQybRzAWGBt+3CA6rO9swJbFed0aVeeZmZ0lT4hTY+VqOWlun4uHbS0M30fBqMJzRvvdEOK5JaBMeR9tmxjZtnF2GjydB/uHZ9absfr+dgAAum8EmARecYMY0s7BnzCj/MBwbIDZXwwNiERymfeX0q6PKGhbgEP2bImZ8fwDDSvZ6JxYdHL5wuAnE83L9axpba/qG/3yvBZ7ML6q+IQyyImissZCiSMY4Hc8YyAtl9LQhPR3QmjDH2B1ckdsHiWD4QwJ4v1q+MYH0HoazpiEFV3wD7EO1aCCJnrKrylDGa5FhDf51Q6KYH9HH6xupuKUt6hrLSrenmdUMb6YZ5IpoI28H+cmcHEhdNzTRRPPEJpsUG8gud7k9914EhxZRVpi5QfrAKunPcRemXFIu0dqCfnnM0akkuW4l5TOMp66yg+PuNOp9NWwdkIfiDknnVELFjlTrPmGHzVtCAGSgqxPD6wa/44gVIUP+sBV6L1ZvcZcPNW7p7jqMa1fHc700c50fQaUzND9EetEd8S6pcJnma935Cc1x8ang8lVfpcmeBNMwM3iFKWP5AcWkBbLg1ewJYD6uDxdS7A57BnDPIVogKMMFQGa/zoan+ZAvrFc8paDfmPT9RgLVEPgKbZOET1o0UwCrjMkTZe7f67EhxHZGTVn5r2b84prbjQTX1dSQ/Ai3o4GxjO9fM3HLLFRTUM12eWEzqWLI/jaugDixCJ/0qWJiJ5pR8ODxi+TSK+xDt75jiEerMOAZFygi+9HwrCIXEx0lyVNbuLnpsXsl0C5W5kxOTPelf1NOYLAbvBGRALpjDvN2dVL8vdLqindjMEBl/mT96womaHbnuE7klB/ZMw7AxHrqSMrp/gXHzIAVE/qJ7SJNhCZ5f9hmPD/WbPxKIFmBOqIFMnjlf2zAVMU3zDjGMs0+ScOdIxxTVgyHicEWC8Z3GMp7TxS/6oDwgz/By1X4FAKtr8ZukjE71ikCyd/shu5krOohcDcwCHX2T/x2+j1W1IcpEOCpxlx9XDvgRe9F6n87q+w1fEFo8NPFAxJo7Ny0USMtpooouylh8Gws2JZ96GYq8FxFlWvFs8WnyMBbCriGzw9QMEx0ghpdH/GSggmxPKNr6ltHWxOm6T0bk0/jN3FFX/MuObLmQRpxsFU/cYjPZkgIiQ+0e0MhFPayy/Af1jph5+aDNb42gc6/BGkSGj6Zx8Zqc0AzOnpiwAg9THXaA7bl2qoKxikJNcsajym/FiQoPDH1yNHUvdCjUgQbySN7JB95pVPd98X3zif6Wq5aotvZPQKEPGn49QJZ3132p65OYMpoLhGs6s0dBSBQR097iZDj0xXNZywIIjujgYWIfn3PpDQW2uO3Sy6t6qgtjVoVuYk0JX7in7jf09YkdPrVET2BadxKEXdUPPW0auqfQR17T3YU3SzNpKMfLMCsT6Yy72YRL/LRC3jQ9nNKhC1/JF163JaExXB3T+UAKYe0z3/eIYVMeVwbzaL6yOZIpY13dT0arkGV+JquBkmzZeCjzGE7fSSn0UUjv/EhGq2XXpWbsavZW0rvdfmfYxiE0TeTPqZkGDRVWOEPKV8LQOX7eatFzm4fGe/U9/3g4OZUdmxZA8yjO9YRxVP3wT7F0Dkt4eXa90Bwx1OITfjIugf4oMCxdCSsGWT4yngMLfl6iok1CNPAyZmmOYw5Qu6uDbDWvjmDNsdWjeIAdwJwMGAnwCRW0fIzo/Mo8qjUmSOwJpq63dQU6spnQCn7NHk7y/QUyKbnApgoMvsEH7TfA4EFNHvAy7JuqNtI0D60TtGhZfagSwj6fkO7md/994hMEPSzXCgrdsqPKxGwfEDDxhMQ1N34YN1jjQoFwPX5JTAcQfX0I8HorxzPNDcmetu3dW8N+W79Fo3Oy03ndX/Nb1/++1/VFMJaD3R/APCYTm6kPKQlqrH4FRzYc+v4dc3sqRxvo40fq6uWl6hTeV/rlhfW9pPc5qQaQACQDmxaB6X8G+qLde8xWxTW8Ym/6Meh0c5MeOpNMCnIa19l0rKP2thKdv4VSC46lFlUwpr+BMrM1LZrLzv2WoV9cb3HxWOR3HiqSb+l4YNrRQc94qIHX1snb1pcMvNe2TAsYhyK54jH1QmcbiZjoWbUtfS8Yf3GAkc/6i4UwaDxBfmmWQv3vKj8Zy5MDtkMJ5SuuCljBwU3gPT57VmSwXsMnEb8+X/6aCzRpSb7MNOsSM+a31J0kT8+YFmB0yjb0uHC9fucaU+wovOqf8Xk96iK315TMlG8Smv+Xp+vYchyJkV+zd3pzpLeid+KNXvTefv0yq2e3DzOv1NUSlZkAIgJIwPP634KVZ6h8S7Bk9xEB/48CEcP49wAf+bH2BjzjBvM5y1PUXNZl3pTa9yav6KhOkhjMG8Z16Cpx4B086zFsO8tp8BWMisHY67cgMtA4Ey5V2ujgm/tXf/4RA5qo98WaKq3HodJxyD1GOfr1vKcJ4q85gENS5pWt9NGQ9d66FNYN1HK6Jq79WE3GOTnwzJBqS3hzcmhfkGCcnWihQlsH9PPHdVax0Mt6mEsdiagTxjD9wbiOF74lccD4wQXnyxSz9fiV6iiYdpd8G5HIA3CCdhYmuIrJdfHUxRvLTJqAwgrOtHIprz0nLvzR39PdDq3FKxPmOQ8YIEOCJM1vWZC+Yq2a+qa4vBjgbMSEhY1SnG42dnx+lYUt1g+EgGYHOtj3oES6SOZvXQQUgT0cLJs97kX8jwZfGlAi4cXyLECzu+Ls8YuRMl50bCcx7kiQvZowWQM6qdFmObVq1/499p/BslGXQW+t7zTfkf9mAPaEBLlTZ2/zcxWI2nV2WqpE/Ssb+dw3PNEx1MMJmiK8hF0qTuHQ0fRpm2PR/HMq1vKLNW2iN3iEpsq2jYyvNtsbCT0q/IpqT+xQzg/PgLROSwAG5kV9busiI1MD5hNJ6LLz2GR/XUmPCw1j4B0UmOoBRX75vbJEIBrxsjJbJhT0njerY3R9lehvsqJwhPhtqkKGUoAeF1hYp95U9Fjb92VZ1MxK/iEA+gy+izUQMp2Uf20uMdSETRV0/6IPKEat2H/NDi6PsviwWnTf6bjVWXjWxfibnBtFjma5i2ZNuZkqegErKpqK9/gMQJ4duo8xsIBvbYu8vj9Zz5l93RQGO4Wsk4tgx1IHWLc/AslBZkzDZKe7bjrPoK87NtbZ0ih+UnUeW2f/SDXbRCeEocyXwJRdBEXvzkX26qeZ6B+0zn81vdnIMlnp3zIU2vOU6qk/KggOQQnVPPMQR7s/iAoBkunutmxUedFkN5goKX49FAsGIn5BOkJQ/P6RSSUhSR+Qy4W/vri5F9rMt6ZyYJ26K8fMRAOosQB0WKpE0ESOLSlrqIGvGdWc1VEroHUrareyIf4gwPkl9a2/DOeKP039WXaAfD/e7wbir4RcY9YnrMadcBUOH4AVyc3lRVGgnXQ+jgZutSY11nXGJT2Udqu20nYtLifHgS96aXE5wX4Eelh/LUlTU1muK1r545hncaJubP2tdzSvNXSxYsHk9ONYBW7yN1J95jvO1sKFWEjNP5zJEq1j+kA2SDdF+iwvlyPh8qrE3fBDwQfDDMWpYxuKz0lW/9Dey8zPKYq+9O7/zaUCXng4nKMnQOj1FgSqmELU4UEwSvAK5A/d9DJCF0SQqk4ompr3PWCZLe6oxRQ7mZdkTr882cJASvyM/yZDlg169gPWJHngkF4+XsOHOK6yBXXHhCqRGI3BghxxrSubQpLKWffXuC+Uzq2HkGVSsq7oLVgF4/ZgUuEo0yG6x3+g9UUs+fk81nR8Ed3ig32MTci5AbAYmiKWfdKc331hbqtC3XoAhwZPp2bq6e9XY1StDl8fuITLctDhrJHXH+IvmerDd9RsWtYxOU2pf+39r0yPJ7xnMEls3mSb9ZUlUwBYu8U4YnlHGFh6PSUbymWydwLfoQiyykneoJbMVDUH3bpfPdu94VtVEincJvKnGZU2cOd3FK3sv+HF1eItC4nXoaw2Op4XEY4BhD9h4QxPj+ZVFSlaRhxGgXd8A5u8QM5TOdfJRySe9sC7qaJEMeXwIytKXMrqJbMipaFP5cDhk/BCzaAI7xr5SeeelPZOBzISm9SBAwAnZFlhc8uk2vZX1CAExtdEUlelQYYHykF7evHceeQ7LzITMUcmyO3vu4Z8Pdphx5WY3A68VtEflSJi//tGLVHub+tvrP0dEZsjAVePwCuUvTv+gxgz4RV8109EY1ZBhSTfNSdbUJ+t4hhdFaajViKIq749cApWQebzG7tOqAB6z1zrSZA61lZ2If7cDN6rH41tJeiJfqjfYdb+WUulQYj8QdmTtUp5LB+vdecS/pv7C76gkbP7i+chayJEGqrLC1vp5vjhmDtqcu44I6EGy/gXAlv4X4i/TLjF1Dlxo3yCYWTN2lwBr0+F8GSciD8oo7igvE4+AT5NNVUHR1319NIV4HPXJNUxsGCqCo/d/70l4P0by+XmAy7TiLfPZh/ip/HEqDQEXKA0MZBZr8vjfYX2mRDGw5vwxSiUrJozGy0vg3aKkR0mBW1vZvuk79KgBwR2TZxAoiWCDpHU2HTclS9DXWUVEqiJeGt8A/mEPRZSdgIm0dMd7xTbYUD7cDE1UMMGGy9f/sx0pzjOMLPwNksxn0vplRRIdmTmcynlMMxjSuFoLAnGOm8kaZGduZA0B18QnLC/ZCKPPpQJ0MF9Ote0DwZtHQgVLpE/ujO4XCIG41wMl+iNTCgwTOlDYNu7Ndy5bM5sfXAJzHD3H6WpL/wDXrs/RL848ntDrPYkO6+5SjcfJyHF6TvQ2SPllVVhIpKBBlBvZuJUuqAS2H4vpnASuLzWT0+pyD6Of/rzvfeBmde72KTe8JOutU3LQmdXETwI9o1UR9W2PAt0f6D9lQVCwLVH9e0UqQZzjpSeoYmB9qJ/WMuh6T14SBr3eY/8Ugy8E0xaf0WxqmoAdTPRFmw5KuiK622PyQGisn2fLaMoWSLJpYkEo6n1KzEHgmX/zspCP9koBdAlgN0th08mb8d9HJj8C+LqTxhUtClXJ79hadgMhfWP0Tjk5isEd8bWcD0Rw13BSyABzv9OBA9TPzK/mWSp0rMrXYBlL8kRDi2LxL9mqSCZ8Dd9vR7brgpjK//RZr9iaUbQpY62zQ+URRxoMn2zrQy15j2b3Mda0ie6iyivN8IbhRL4S9qExb+ZhD9UJBJafKL3iL+vz2E7VxkF99BpBZSlcw/w94awsfpkrdWy/w1GQ6QH3FsJyH1OedZrokAn0Q283d34U93rzOV/SqPAm9Yw3W1juEKNzHOnAazKzTGVTspCS1ZXnLXRS7Ckv3BhRgcjmATjKvpvdPKAuDDbxaiLdQi+uqcuiQ4TY2Tr3jd8rIdnC18BSSMZrKwPalMVmqGIPF2kghA+fsFTX/tLNL1H009+Q9SBk/mFJ/ig62P10WG+/xg+Y/MAuH3JKALwa2SSJNeegdAs7DMhDpTlKm8IeDVaf01fh3L+kGv0EkAE0yquYFTkKGJN7x4ig/7m9XgwSvKIs+Mx5q4KBGiu9bnoq4k49G5a21kKT4YirEQVqBtQ+SCMUjz0aiGP4nKhNjmKebPKOn8Dqk5slHmwk9zTNY8jockco0+H7YZ56YmA772Ulpdmeb4IhL0WdbFlL4j+gxjpsKFZFc6SHr1upTocCP0Ez2Y8J0YkJKKJf9La0ccgII/Gd04fgO9Eji2D+tK6+daS2+YwPeICZfDEDxpJQZXtLz9hLMdOaOOPSvKceTfLd0nZuA6CMCsvbduvz0nfbDYcBBKv9vI17m/LV4QBjligEZMQcJdYRS+pamspbBQ6k44d6woaN6vjdaE1thT8/T2R2ouuE3yOGcE9QIw6wdt/gBEhOayXu2EP21gFcNmanCpKVlbuIzK0Oer4pO7k72XNQtXciXgMmyesNGgIWRuRWXZpkcdjoawTCkiEA/aynRLDE9VKShfkx6kKGAYP6wo0XsBEx+OPun4GBW4TBhyWTfyruiHyHhVL/vTlmd3OU7hzUd0+KMSaoc1GTy7PceqSJv8DTGuk013PCXocauDd6SyfoTwNz1ZFPU3PXkBIqSYXmcnEUos4xobR0bc38DuaRakD5TCi6S6Y04TBKlN0MViULr8We4I/JXOkFPQGbEqa/ZXP3CEJ8OFkWSjtF0JcioEmgkRb6hxWtQjb5eAPqWgvWyPv5f2DGgjT/eKTjdUdAkuy5n5dpI+O3DbTySJwBkRUzcpqvnhRJ1dOq4CsCIIGVaoKtXDY0MM2j+kAmkOh7RvHP8p/JOnOfBQG2X/cskeUY1hWV7iC+ISgFGcPmOkbEU7/yerMan7ASa1V3dpXS4qXIKzyjINc19Fg9oxwYiKE26mIrbCsmWB7lQbZ7Dg5s1g1KmO8seL3EbSGkglG8/fXSN1KpDXfwidR9no1RvCPpuC11zXgTUEM+26ZfOkfwyiPcRiSJFwRaqZnMQqTQiINK6v29kUT6s3+6trYR/TjXflhekthLeYIlLYYnXC7BAqHC5Kw1aRc9d+o6tyOvkHqFnzyi8DfnPi452OOg1+t9A9XRH3p8t9acE9qPUVxafhALfYZGZxogGC/Ocpgu0/l9eZahhEuTWVkBYKQz0wsQT7meJsPTOHMxm1QpbDYSwfyJ0S4CUcCt/yByP8VDLxOTRGwozRCuMqXNnv8/tYsS5G8CcB2Vdn36lbt6dLj6+YRYVJn3B4h0VWME79uT3M9aAyI+w5Ti/yB24tsTsYja3EIin/hL2Y+HYUYW/MYthaTHuNz5MTVgVFTM/jeF8cOjx7aoRKoSF4DyANk9wAm6Tdc+Q99RUHKAK5l6bbyN3oZyBNVIrIh5FzA/TYTB/4H8IzTN84h1tTt1jRwCaIafYbIqvSKUmzgiDGB14xTFasVE+iSrU3Dryh6mJf19PCTXaVlzDuB96DfHjTAZ+pMu/2akTFPWfwM4yZQ1D17Mc4o/XRq8yk6zcfetN6KkgNPEg1XyG0qLOhvujJwxgSo1m6O5dCZfCZ/tVoETvy5gcKYPrdFZykjc8w55NFM+IsdQWemRQ9O/ShQdaL+YQu9OMGh0fOJCO3bqYViZ0EH5hXg3rru0iXqvHer5PqT2QHJ7QFBREb5yTxba4pApH1XjGQumFRXXSnLZqQe5w3cZwgtF5j+R3SxAuvD93OGa5HDT2UyXQK/zMGfcAnHT0q1kXAPr6WVsrlRnqipoM9lpw1gg8K60Tcz955+gWc1NB33CJz4JZ0AdvK2Abqz7FXWwupiyTSzozvxGjxbWiI3MyH/3HqGywacs7hy5lXCWhmpOvbktbhMcVX8JaGVNuYsVn7zbnJcN1YD+qdy6CNHZxj2N5F7KISgki4eQ3b7cGJ/WCYEKI3o86TEhuw1NY66FsxK7ocEDywcegTUPOh2GLAfbLNwFLy0lXFl9lYjjAUTzkU9Mrt705uGsJf+5C6JKpHUJ+9OxXOph6ZQf36cAThEE40V3j5V87Hy4aIsmO6p/vIVbALoiCLFKshGTl9p+KVtFbA4qXz2vaq8lRlu7QUNhVOwzxdiNNBLVNwlbob/nmEvb7PxnS3DXjJW/hXwekEVljuI0VbAvhBM4m36sllWSeg9fiH2r/5Ntne5QCihWM1H1x7AxItYVbPWePz8BhB5kd7FpA3f2JSqLxGtZ+eLTQrL9TFbmf6G4YVh7VDHg/6Guyf7cgDryc8A5j3Hd8PTH147WT8kN4RRNVfBKlYM6v/8DVJmM4myfvaNjZOhuxLxc5ATYbLvPUqjOvfK+8QCyqWO1FXfVsiA20tQf1eSypzSPmb4SGZ/TxYTwhE5LzD7ihzhgV8Tf/T2taaFTWhgYpcvumcQi38T/4abTwgBtyDwA4DKZtE54hfUU13hd9Di0qh+L475RlFFaryjwNx8Sls/liSaHIOFBRDNZQ5hPaVk7f1HALj6CcL5cjrHfKmtrPwNYQ7V1z/JbEzwBXTJf6N1IJ8Tn7FzYC93ifkWdT9FJvGl5IwxizP0waxPxyDKeMTPTA9t399Ab2ZsaQr43rEqtC8WI6RdsLhw3WMsKRXe9qS5aBqflocJHNFAQaLNusiHLclW9XvnN5GJO9TluZZ6/BWZuYZxJc7GaPbWusbCB5yk7CUiVDPQGBzUiHmOJZO0s0Ghftu70aIIIFtkO+uHD8Za5SLrnIOvkPqClmBk/oD0AuKjggtHcfoR7dk8hEVHERQCBK0AEQeNDYcK4FLUP8hUEaa2JWvTzEcoDhfA7D+VP7xMIziRWmVou4bQvoSXx41Z4RkeegiIzFv33deR8sbOij0YlvcMyJdWRvUV6bzphskHGv8gB1PtM+T76S2h+2HQjTVyYCgLqdVdSR/LRKhValkulLwU1+uQsm2cSgrDsv+hSEpSX2vIUx4PwJeqKGit/gwRUpCth+9O8Fgws1xcbdFloGR8oRpfn0/1OSAQCWF3cyuEZ5jw4+NNJldPuWV/21VJZm9naukFS2vhyHX2d/5SPKAjomgL1RV2gacMI1V1Z/kAm9JIFavh3TgqbtzR6TftJDB84AhY+FepdHV+I6rJR2QTnML4CRVcdbdoBBoqF3v9U7hJaPNTxBUXBlyCtgHyVJg9LJTtDDXeLEIRh2NH3dvRd7td7oydWkVNg2PEMBW8oQuxcI5eEZ/vxNCTyenAd0uXvAiCfmw8iUHfaLiDc8C4lkc4q2YRJiUscwDh7MPXFOYOgHgrbSRDpk7kxkrf+BZuWx3MTSMxaXyUbbFFwaB9EjqusW+79p1DM/2Zo0y06JUKn6r8jzkXxiLOdn99mIgQ6jH7unbhFcPOFkFzCq6/HBI5kX78jOKjYIEa1lt8O9qeUuQl2gOnMSLzhucy+RHyn1RYowUkEdY2X1+V8aqEZrJaVYtECwEjBbqLnUeUvDbn6Jt6L0w2RRVclnoBqoXuh7aidFMaKMAGaStQZqbQBXnJGwo0P3G/vNswdSYx84pL9B1YUJVZlF1XlK+RUwChE/XLMXGZ8aIKZE+187smYd1TvtPaGyFnAJhP/QPBDHL2+5dG+IE6D659Shf/WBiufsqSIiiQYDKJiJTkB8unB32PGZQeQZkHQH18TT83Hn9J6yPHcMSCVmYCFtlGVoeS9Rlfa47jRVomD4BQw+beR2+zoDhuT+B+xo1eA1IYG0srTKzJAe9h9AsAdJ/XIVDr+nXyMRw2pWGYRUHkczBr86cBO2/ecQjzYZ8QSIvK7TKhansTz7RusO9KQkavh5SKqMDetTlJ5o8o1V9ZO5VWDPMf6fvDbiABmC6/v2thnGyJmOvN3w24VP1v3mj3BTJXoMJDNKilSXkfPTTVWOV0yftRfxMuwC/XSrgtiFtsqS5LdyXbNEWlRdauD2dzd1nR4JpTGk4/gb9HUfNX+NJZ0+b3rweywiHYD/LX5z5RTMxEStmTXoT50uPw1wSA0PXw3hMG+hWySnGoFMWUzVnnBIQgv/PgZ6mS4Nh1tcUDYZ0VQzUDx+4iXp0E3FgAHxIIvehQIMawxmzQ0y/33xfhA8ELiNwgF7K+UHQ5I/SgFtIQXoDI22J+HrJq30PiREt9yswEsMYi5FsTT4Gt/pJY1blWvbpn8hLGEGqPN2vT/LOrCCqA3g4Ou5eY+IENs2UKl41RhZZ06mb8QYK7Xw6zAan/pmtLOCFQIp7pqcWvLnSHTvAZ3E2wNh6x7ZYHMSk/X41qPjhGd0b+DYr1DVWtjZZZ27ZYTno1I0IRvRevcwfBE51L17yXq8y5P3j42bxHqfTZJNA0lp4YN2ypp86eJF7Uen71VD8y7Z7iv7vYwU05jaqY3PTpb+bmSKcc+b0anlhKoYaEcA7xccBXsUfjDuujTOiJQfhBG65oXlPCXjs46lPxnkJznrCDv3SMiPLxJVG0kP3423ZmMKOYpVbzpOPc4TDMyAkiLV/S/P1tsHH9OSjWxS2Jn5QGX+g9BKe/+MyCM2zFr/gb5QVA3vUb+9qRYqWpN3hrNpAWbKjuV6wEjIX48sXT2FYfRneJadbymmuJaPUL6zCMFSfo3ECe6ZjgINLZ8NQJd/3VCPokJifN9FruHoPaEKrslcUxErj78aHkM0JCfhfaAJt0TQkWKOIr1dSUYcXXUE+j4lGUcahPHsljSlI4S01is1UPQLPYHBlv7dlyae7X3UbmnzmKG5JGNgoyDp9HHMmovNVv6/niaH85i8cWQx0TopnKqI/85jND9G/Hg0PMXIcW7fWPjfT/qaEyMyqiXn39G72ltnQ6rreVzFe44Y3q/u3GEjGdjZWHe1vIcsADqCBLQ4NDtqP7fn+GAdScj9CVVWk2eZVfP2KsrJsd949uzn9jCRP7Mz2P8YH0ig+qwfAzG5WpzmQsyExe9xX4QMdTI5L+kGylyDuHIx/5w38GKJWjp7hdN9156omvP+acKY+6V25lAElTTMUZpbXDK1UF9vYtd+12kXxesi9CSNaJXOQhC8wq3VtpEdPqaZG0feGtO2KCqk3NmqQMOvx+Gwn9mCoOTTiBeFFd60fMtvyNTKIrpIhiGQGGDgDMs9IDNyCNww64TFujN//l6Rni9wDqek/csYvf3EIg1oG+jvyVWw9FXR/E/kV23o0poTJffKZ40cNLeg8ezqQ/lT8H7m2LecHbfr5Q0YgeF2JKJ3UhDo7iR3cuiN7nINL+xjGLYndFf+izKlRsmsd4m1eLpEE93ZfxJfj3+alaDKlhQubciIAZSU3PGSi8ziHc2OPcn7o3n1AtEMenZ6PyayWWrZu/Wf2lod8/7/d7NM188I+4kxMac+IHKDtaLtNDyS+Y+50jUyQt5EwI81+M/Cutfrif7i7J35Um8cczjoB5JJdTYkWZiPTcJkckvIRjCfbsEGRm+pdK1pE28cKuYx3LPvaRcHNQoOgL8NG2lUKr+5uM7oF8U+A1su8vzwtLbG7r6r++EflGPA/2G/ND4v+mNhF/s8Y3rqCdq5fU6VOP1yfF27ZqA+BtWRFbnrP7Rt/fwAYGd5ibaw56c6uXMEZIQXh5J+E2xOqYQdvxhCi6LjPfDdCzrQPY5IWi0+d5D4D2DBBZprAHPCEpNYWxwvNeQpWVH7njlFNSTW5imsxhlV9CU3F3UZ5fE61LngnExMZueLSiGs69oyXCfTVs4fFz8eSrafzqLi5avOxqrRIw7o/lvP9prcdQv6LvwFbUWwSZ6N80rm7tj5NAR7Scq6t+a83/m7GtF5gbtT83z+bmOPF9KdWwq/qUlB2awCQRI+b6bIcEhLwklxZ7lI9iYRhqUpyxyRIV8lU3aZOYryOXqw4lRHNAeNHst9fNePv98cHSok+kdIoR/3P8JUKp25t+hSGPeKINAB3VQwDterdkEtaN/BaTsaO775+Mq4KSYDBRQLtmA0pJQ6jdSHLDbRS4GpeLBYPwDdTcgS2/L7+cki5EAhzLACaoijY9tl98YIdouSN7QA3knXoeiTMdUYphKPuqkBb3LR2UGowlnxJVv7cZOTzi5dD9YYoGc1yif/JlGf0kyd3nOfnA4a/lRpfYTt7m8kw0opdFE67bvvRM872x5DfXlUZNV4BExNBLwdvw+ZvXgIcEtV+7XB+GipTOrrUXpshTD/jbL+a7CZ2OdBJY8JGCzTSREHwNDYehIzm7QKR6QF4HR+gT0pmPk6FbzG+d/e++QGCSrNupf90NytuQKNltE95NYJGA5VG254DR2ogec169HhKTZ5VjKnXqJrxu4+J74y5bps/8H/kfdY37VDO5DzjWwlagMuRHdfQH9p4deDg+y/25EsQFwlefoalGXFz1NhYwEr5t7Xi7cVLSx+Er8x6askZ6wgTFk6tsDvExHgyAi+BUYheBFQT7h/gTfdgd3jFWwO5qlw/k36/4ss28dcI1z3TuxekenjxW1SbTjTiGQC4Q6ED6k5EJGnhKaOnR+giXulJ73Zu8Nlp8egBOaLXZwl6h5hZMvseBOi1tyA9iFPN1RRJFQ2AXmiYZfKFOOgiI8X9VA4TtJUgbxrkJSbZBx2lBnsd4otbRrz1V70DReIOoor+HZ7qm5TQozK+Nbj07mLIOzyaaj9By6LQyI4J+2b9bmIB573CDBHDAgCpFHTYOTGnhYtHUX5Ofkmqvq7w/5mNqmbBUwWb0uPFCpEaXau8YxzRiVXKxc/NzNZmSnANjY0EzxVeuobyRXAd0f/rP0PZ0lOy+g2Irb2elaL+kEGX3ipfTTnh8G/u16xHtd0xxIbzqiOHR9esqg9Jh6OyvjOxlpLOlkYdyJG7xWiOqJLnyObjTCEHE+2ZSpUWfDwOk4DkBqDVgF80MaPlJ4NH81DhBcj2J3ANyYeTGJs1K4lrqxiZ0B7u24wRyoV++RK7b6S4dFjPSVkjbAyzIuSbkp+w38FU8CCDT1znK0v890MGcjG2+lOICHGOYXn4W3V4GrX3t4gp1mVBsP56++GE+kBtAGt0BtM417ZAiDACoiOZn8imm0b+Eyi295C0wvHEW641reCQfMk9GVi4h3IxarHt9vBtnK7CuBChrKraOVq+n8NOlQtD4NlT1cVUmXhv7c3w825SlWVXmKabtBiU65Pjzihg8QVQvJN01FXbQckN/HrvYfATVrSmrfLdeeWIZKPNwOT6e2ZcCg7HMIoJDD6XjK3EM/GFzqWOfzZQc1tBF/czv8Xbx4S/zIuthh9G0oFLuwiqpEJ4lPtAmsUn7ujY82IPFZ522pF4QZwi7pl/Az7AQOmDbQz1G6gm6mvWHqlwbBjeH3pU6zRKq3sHTV1r9xM/1LF9+yc7yqk1ZpjtNtXlqVMj1H778CrkY67iq/br+GL5+0BVz4kPy3l/asebkX0ci++VczteLO8HCElmwIixpO4ZtJ3a3TqY0gGQP523SjQKSsY1DNj3/+7DCbsSH7YTOFhk27IEYnmtfuKwa3t+vn3GE0Q5L2jc2cS0vShPQoXj/Mfz1ehzEiLdHJL7fI4sKlxRTUBdYLABUsfeXFjdQbLHm51+vnWKmfcwgJiYmC/pWVqluu/a3XztRyZQakr/jCbgk+jreaqEtmdnNreMLbP8sUL9GD6zVXc6mrExTjVlAJSdr8Us8Kwkx2XeSxmfUvRulKNNB++bo5ZX5jfhktFl0r7XZ7cnLZxEqtNaDu38y7eVNcd83NGLIfAqKji2S5PFDCa9Je5hcqMx/s7r7/rng2DUseGBr7YVYxrVdXxSPqAkWzpeKD/NO+8kPXe+vQ25qpreGQ0NB3yfHFc1Q8NP2vwRMSHMM7Ou4ovSUUnzTv/G1rQNP1VZkMbt6HN+bq3gjenLWb3jdZoGA4YqTpmloE5kMz4jMjOaM6j3OxjBP1Djy3TxB7+2LTX5OKhEngQUXnUVUlpfNUGeavCGu5FLigCLRt75c13zVeReINnQ+MjOP+qHvQg/3MIdErsSYF+6Lk41bIdOnG4WxS3IvfcoDQTNvgodekLnYf74+qVi66X1zTiBmzVV4zPLYdqLqTmnJwwA2QX2zDHk3zXz0gDCBQWOv6f0bOPYCGn7jSsZXEVFBDBsTnLqrUpJeypSMwfPWGYNCe1ZVPw9BthHkwKdmv5QIuCt3YlFWY3j4BdpS3Lr4xqJwFJ899DN8ABPlwD4yJ6G55gjUsvWEUo5/JFgYXiAepGey4QoXRfiqOmj4JCI3dyiICKYgswLcjBrUsiBvwlJXPiBDW4af48XFBjsMeMRxqmMrmGaMy5+pxM9nbQEl+hCu8LLm35CrRddwSe/6G4/+FQ5tL/QPgcqCuweou5Dy+vuS3eMvTd4e7ChE7PckuA5IP+NeiKypHyrH0fyfQsEY3haokmYTp3RpWnWFbIkLaYFdBuioYYs+ssjQtI4xLf4pX6RwTC6sL046CymZdo/iil/KZu2Yy3M8COuVRhPxN1UfaRQUWIafe9Chl9MCJLjADedDYsb5HG19Dj1qUFm6miGzyJCzUhCZOK0ohO5HS6Wu6V+2lHW2oNzUGnESKn+lUYnpKvvDdmVvcAHBX5jFyCzrWXW0U2nvXxnMgbYBcoZnvuxP0k8SUaoAaYn5PnW4xv9UtJEy+9aPHEqpP1fIEEr52ohe5pnhvUgcQnuUKD55yVY05W848DG8/B5LzaTzNv+p68u6+g+NPoUuuuR6B8YX6p1CdDYgr7nXpzzbs/G7u3SZ4neMP0IQRziHvqy9dp/YGWGkwB8RqS+Q68Dtz+uOTg2GvxJTFivYz7lIekjx8pewN2CaDCui2Eb9HKGChVUFpyK8PY+bxo+qosLUycdMFcOCil1ORIVeEceWcewP91DTo1Kk1lov4tGMFh2k4CRwYu2eJQ0HTTGb4qtHpfAEN1g7QkI/fV3kXaGKGVbLyTzxTr+GNpQ+K85EW7qdAFM8wHAqS7s7JlKarrJECXq9xbjX2In+ZBT1Vy7p9LTBooNBwhqU98Q53o33Cf9a6pEqE74LM9yDcj+DLUBCTWOOkRYKvk8AZbov51XygnP7xU9q13eF2VwK9xFhV8HwrCX3Q4hq29nV/MKQYmRAZg6Ktr9bdxmI94BgHu1t8lTUMXhu3UJlZXugDrv1MW6a+oaFwbTxuU2ng0OC3qCe/6Uh1JIWwTvwBAkOW7RdVeTMDmD7HgrVbm62728H4BftumOlGHyzs3fXtFrl0OfKkBfzRUCYegGGJI2qjG6HaU7MoRWVdbdTf4STtLETbiZJ1Iymgm5hFvXH3WfxuUKUEnMKfpQ/PgUUXC5RyMfQ6dQQ+xN0Jhng4bVP/oze8rhkwKpBfkrR4E9RUU1YpV+AuYywlKfPoJNV6zdmW0cntzcjFztH9chfvsc+gCJq6TfQG/WIiCW+M/DMJTOr0d9s9ZCAARNKSojOzvk2RfZK3D7Z8kiFJTc55VOVm7IgBHw7Wf/aaTqoVTy5EKdEi6cdszvHXpytZRQQ5LJ9lFZl0BWbPT18cUNp+2l0+RjoT9I1w21Fl5PU2Gh7Re8ru7OJ8eXoy7SgjHGV9THaQRIkLqhB8bfu/2/PpBbHfbmFBtAc6InbgBEHUtgOeS7Q+7envhwn//066ye2MVBKYs9r9Udj0hYDJdypfX3V4OAy7dlVJCSoxUYYdEq5lkh2+AX31F5axlrLqnhGc5CAwj9x6O/fmWrRpPGlvvKpq8urGv300pLc72fAvF5v0Tdi/YW2k8WbH/A53NCt0LD5lRrOQ5l7uVA/hIexKLl3KikRdEvCjU51P9clKga3Kebr9q/dsw+WIkclBMkcmOlW/F00G3n4Ncm73xQbQZjy5+AXFhfrRDE7xCb7gTK2PoNVGr5MMoqngghaisnExyhf0CQ1W3pR5+CdZDQALmSjDnIks4SM3HCNxgeYUgopvowxFL9M7NMTfyVuvwStJGc/ddSe0zQO4EKGEf+zmrWiG3w/1Wk1N60tBjoxvn77ZzFWqtRGpO+4VMYiVAXhd7g37+9o+2DLdG52+bP0PTmB4gftkBapSTynAqIeqRRSy6TUBO8bn6Iv/HZv5zxJxDW81n9X0sqSRzJXoiSwVA3Ju6T8LmahhUIp8AFUHOUO/Kl4WhhlRCXKWGjbkqBRFKJdgZBbPlKfeQdcBGQKsE0KoqwsrhpoUEiVZjHS1P6XZ23jFI6FsUWxgfCWPoys/mtRUhYDpHPB6xgFCbkm9HLGCgc6WYIpNF79OIvnOa7746hG/OhG+IVtf+mds8G8ooT6CBVKK8ppaBaZ4SbbZW759slDCK3QNVMx/T1+n/HIXYYqefqwEBjzRT6RKrxaebhOsJ7hKxd/gLMj5oyHU3NvRxjfi+osIeTjhFmTjvFIxWy7JJpS5U0q839MiDcRnwfBx05nFJro8KSSMCdpUt9DhCSWYirObUSZo9ClS4BYAp679oZggLodwyTxIiW51+8AIg1++Ik2ckg/dfzFzrpwB4/iiE6hnezYRlRt3qfSPjL5wZEo7A9XJr+hlYJTpj1aGGK9qkyBhlt6xOWJE0uzBs0pu7ik5/ZVFVz49uQxgrDH68CUvvbSDSQg2L+re0C7gmtK/F453YLA5nrPrWeKSD8gACQ9lr7eKY9G/TrHRFku/Fyz1v27FSE53/d3owfgZaRxhMC86+9322IKXV7y/77aEfYQ2FrcDIc0wMXXJWAkIakNYmh9yvKUO3a/ht4DOOyNVPw13r3753nyJuR13BWmuagnKeEO9Uy7727bdapSXQ40ImGeZyZDCQKFhpr4OUYGDFaRKtf2a21vPNOVYU5sWKZpPlvp9eiJH+ngHu1eQbVUP5p8/xIFNUu4840XRH9jz4zuTGpC2a2iDdSEdKQR5X9QFDaFOjhtgOL+arQigP96nl70+CIfUf+730OUwizpgstVHAOEFMoJS7uccf8KQTw/9kZcpoS+6jqsn3ouJg3RzQ6usbNkbzwXO5EJtO+3VRdv+9ka1rWa3xa8B7ibjiiROj1PC1JCLxNiI38ECfofIrWJA84V138JxHg9rrrGfx9HIKzljRwF9nqJRcl7bBGnTnBzjNBANeO8QkwR9EB7AgXNI4l/66lzSQHDKAbmJ9rBGdrlDcQ5WOeO41JnvpK6fbvp19mTpIaVomvZELW1k8UFSXSHS7+sGF2qc/whuoiqUsd6aBkRIbB4tmL8j27RJ6hmZzEJdZH4CchkHFyOwOPeQNX9rsXpMUKC7QsvPosipBDw+PKYdNU24HShFBSKZdYOEnXnF1pE6uVmgu0OmQcSDlDbt+419gizLvVwB7hZh4L+pOQQdrrqG4gyKH43d49oRSEUHHi+9wc9G6KqPfqeGr3PQ9Q0fdSoGAzIPgiqbpVF/LR9k+i/19QEsYzd0dcc7VvdZL3U+my9z0kdlDYDY7q/Nw4OjJUl2KMgsoq8rBS+VIrcphrTRIcN/YUvUCM/IwrNekqyvvgU4F+soUJ9PeCUOYK/0vgKKkWxADAiNOct71KlnSRecp+0QcGrYBFn8oNUdsJ9kb+i78fA8MPCj96CQfTU7Y0K/CaFgcLgU+jq180k5g9U0MjMaOvCftfOkFI9pIjXYtdUycJSOO7lBHHaVSY+1dwlyFnexz77MZYuZ4gp2zLduzpH13/XT/lr76CnLnKKpnH+cJB4Gy/Kx/4sBd0jdJDSXVmX9t8Fb1uNfVClyvI3oy4vhB/uzsge3WfXANhVlwUaOvqxsUIOk/mLClKhzufDOAADIO1+/ysEODl0qz/VhzDYsaxTq5TqDRU++3rKdJEGqdKNUmoven+30HPjMm+GH7hQxQAhhvCG1Al9I2wCGh6LJFSxwfxRr10Ug/pz5h2DuiNn/YzY5hovAc+du4M4R+SYl9Mj6bu9YJh6f/cOp9WsaCVpkiNtZazI+91aO6RYKuFwS4sRRg467WD7C82PJs5xUiHmZ45UldztCnVW9HfPV/DGW/u1Q3tluwN8mqiNV2PN9B4XDZF6UlZ35rpW2ISU2S93CdOgqjhGncOPn2iUnfwfnNMcT1Wf4qc086TQgKUvDrH9POIRRqgvtJ8+V+ywkl8Wk/dljj6yTdx+u1EV4i8PZXWJkBQzvl+sEvM3rnRpHSzr5BHLmPmHgM0uvhu8G33DwCOj2FJHokPXU4cMO8ego65QokekBc3b07dc5ofgZB0o/J7QJmyOcW3HJUvP7Ecf0jMw2Ar/4r6maWGd+G5HzYt/zkVD96rjZG9oDKz0r8hePpay9YF7ynKtuNRdYERDgbFFKA0008Rt/dhP3uqqMxhHc19z30zRAjvCEcSoZP6uclm8COhUxPXF/HmZZZvMELz21Dv6K2fp2d0LYW72rxbIv3vU7qfUGhE5QMhlG4UvAY6gkl9t/GjHiWK4hUR2zdJ0l/QSU8Pu+6k/abz6vb/ElrFtdd2dApRGlYeULHJ/skAFTYbj3n8FoRr6NlNPBLZ6oyR9bPWW9oAw40p2/4ai16QVYIBYHu+joJ3splPqgyZEqk3dKFCfiPlx5LCEAwye35B4feL3zM890BUgY9dIjYe5ycQPm8UuKTMzt/O5SOmcY9eGSEs4+bCLaJfktqLB89qzKIWBK0J8MAsAVXR3rU36Da4n/121q36jJrapkgarQTamexnO/UnFDvTuAzG79lV1gOktc6/lKaFg7pLqjRPSTTS3yTxnwsc195JPffDUJD5rqsZM1MyY+3MYzOLrp5aoaruIp8WVXAe6G9wOKm9riZ03jU7qjNRxsVNydknUQFYd9pXl/CDqpLvv/EcLIBF5Qn89QVYZ9Bhkkfx251Mr8Vt0Bkm9dGMww7K1ArjNAt9YSPIU6OvSPyOS0QHsDCj8PnL2rPJ6k8YSShz6JWhIhZ7A+JKDc9TWt/+pHeWM05ZRX1xYnS4yl+QOsbFWi7R/zgDC5itBpcG+0zyD+/FSOtq7ODFnfOxUKKDIk51dSQL+6AAeuOe1k57BRdlfZUNHu4HVh/FNUruq4L2gzt4C0of0A45KvAUMT8zwrF+/WNB7EkRAL1DT+tugOhwpmo4TmglYAY8GgXGk8P0TKefawnkZHbnwf2HT4prCjl5tHxZHwk9xkpsqKh+NcwlBVFcx3D/qXoPrM1rLg61FtjeQFghNHtDCjOeX8W4eVnHPdU6OggcQ8RRTNh3adl8m1UFMnGYLupQSmAPEEgKVU87PhTbBisru+ERO8/7rGtK4xMrYOxbbzbSczb66HmtDRj7HHYT7dpzjaLbKgIhZqBkZKlYMrd6+fquXKkiTPJbj0TnveX4eCLpZUCmXRi+JKoFSBZ81xKcV7/liJsectXTjFJM4HbgQdPmS9u3vJgwgHUAgkuXX0gs3OmuSqX8D+5UbFaXGPX1+Aim6hRnA2Byqic5Qt4/w+a3tZykaE8N1L8byc99qwmjfNWoFAcGgYnLmPESeoTNW5xe+vg4y621Jy0iD1qp7CGBfewDD3dgPTpJGzwddzbz9P2DpL7WB96EznDuHtEU6nDyrsN60zwLnBl9BUphgIvrHC6ulZgsetQc395XOj+VlIWmlCQAKytu22n+WFOPF1oAhNyWAiio4gS0hIjaWwyNfEoKvkcktJ9HHCMwCRerol/+nBXB8+eiEB60PnmK1O29Qpc0dUn70bWedNHIhK1tWiAsKh2AkkDl0Q8VhXq5yMYz1UII/zgsNeGQ5cpKgzemtI/Pzg5vl/NDW+9FteAB35UjDrwtHvfzCqPp5w9uHHLit/cVaD9rFs7t+X7qecitN5AZBapSG/6GrnvlUDUGd22e+Bd/1KccQ4TmXrPT+LY1f8sS0f++Xbwjkj+QZGKoxhj/587IUGD+2RsbrrXSu3wxFfKkk1aRfd1/CLbO/q1jqg5mkxrbLoFiODbZvg9icyUyETZBYP2YWN8GOc/7dYcSOlZMzmPoUZDdkHyzL1v2+CMMN/13CXnMhA0XoWN+rGD73X7NqLmqHfe/94WNejvqHiPLEtGD7ZpwGaQeHTCYt+tmqbEdbYEHySCDJX1/gzmWSFvIKXmEjx5ctI4IAazMaEApum4cBFBBGojDwFlvcbIGC3ULjBjKtBhC6hZU1OTvqASwujT+0W2PqZy22tOKmftvWUZ2NJDS7hi8Kl6z4F1V9NMJbOlsmzMo7NW1jafXf1eU2mT/fzYHjSptUHEgBViYwwAZVOFkjPVpigV4OfD5OUe/B9SbgqVlDZG7mT7EWNsZKaKbilS4+gA7F8F3p4nr1GU1MsajrjUovGcJHf+UoEJ1Zf/4mhx+WN1XW5O8B8ljB1JthPijfzhVPYVksZAbpsGQF0swO13ddGwQKCt4eNsm08VqGah3RWj9fvQ+WJODvYoCdJDqhus8gBmQCCpWa2deCZeI690Uah6ZjZVA4zekeyefxyKMkobQEbQVmGvpkdQfOPYhYlxu5VHiYiYS2+FGJMWBXn/pUbJYfEnJ+AeK8KBkeii1w87vvqi+9fdqEBYm59Rn+bpJXdkxyLdSLggi0iV1GVP8geMLObrzAhjB3rZdUdNFpA5ARgiOqtzCzbiG2dZWAsnLV1sRxiN6CFp3LVoH7gV8K7m+VG8wpZb4moSNDYo75uM4Gk1u2rNLCyEWOKTOYbZGu6uRKNBjFlbWziAXWn1LA5tghF97mhkNzFGiImH9tdWQjPnaOn0vWe4MeZhCurj4x/y512Px6Tq6SYhrjP2V1lfUSVZwn64qRd/sF4TLct/bF5cqUjPFrpBIjcEQjO3fCE0AIiUQHNmi7tTtEEOZnUBdW6Fzvr8+JTqIh7vzSS3YMGjsljQ8E5q9LPkjki2fLtFahEt0XvBHIf8uLAzMPDPp9sDrY5rRu3LSOJm0EdD/obga/OTaOSLzBMjbasKXYT45V+9p1NUcWe5csrwl0oRL6pbrhkDJLKro7dluNM1U8/K97TIujDbAPNTuZ3ZB7G7TcYZVZNxdjhp8PMJCJH7m8mLaVVAXvpZboiIGCN+8rzD4jo8g6zUze9HAfyMTvAJb/mROslJnyMV6TipAL3GEE7yvnq+Spp4xv8gqiS8Um7ZIK4QVNxxAVEoBxH4aWGpmo/XOrtrXqu+h3XMHvMAezu/AIekPyzb4LmwNf8lC4jM82pJEV2F+kZ3gxzx839F66+TnKyql2CT0W7/kblVTXcL3ZGAkucFYpSG2whqyc7tdOWuoQmXo2/65B8wP6xRggBPCtw8liEC7j92fmqKEwIH84hYZcmPK7AAWSsTOf6JfuavhYVRZtjLjWEROnfrmIKu4G+NNZ8fKNckmcyuIAIq1VL5TlK0Y1/tcnJFnAfStIFWHXywd7p/M7c0+X0AbE4E/FTI2OKkJ8K2xiM9tFvWO8FsWdi2Xy7LykxcblRBpBCdivL4mVdXEAZvp4gnxDu1NmV8tjjCs9QmOHe2W8k6VzlV0bZjhR1qriYnneGMDyH4Dsh897bP63u/dadtxI00WfpiPOuVAFvLmEtyQ8AfBGAQ8Q3gN8+o1kldSSqtTdMz2amb2XVGuRCZfI/PJ3+ZtW1VnYFzoBuDTZoIBJT3G7ZyG7LfpnOuj2lDAuK2FOIJc6fkBJQfA5Rwb8pbSiUevcQNIVFl8pY8Pi41P96b5annmPUoa/aDIgBAyI2L909xFDlucRaS9WK6mN5GwPn1V8E9BaGm8SPXvYII2YbTgFzynApSxVXOxQwrYmtXfWxQzXcrX11UAIA/VFbka/HW3HOTZKv/jkjSLxPn9gSzSs004XFbiJTMRj+njjrkrFh8VhtSPLCL3Lb6Ap5KziFTfyomHJhqGIYHTD4qmyfBPOAJhVUzWaBugaVjulhFrN+nNcOnAhnSn16M7oYIlYcnshqNkcUWyGz831NwWH7BZ2FD5szZd8XnpNTUM+K4rmczCqfI/OCmxAojj0CjpmBTupTOEDc128UffXdK8IhftszpuPXoy9cZBsBjOdHtald4VdpJJB+/FxySvqGzYXaO8HsJu1ouOehsY9Kln+GgDPz5qe3GLbZlnpGrt5nuMJUOdYW4qhEFZOSDFuZUzPgEL1MPsWzN6Lk7Oiy9olkN+8/kDrlIUc6PFAzMMFy2mhdeFW+4jmbkwsu2+vr8Zsd4Mhtxqi44r4E5ZrkivEaDW+AIpwg/nHoD3HjV1qJXh4bjIqQXgLVbQggFPjaaWpwlPkDdo8j3dfXDUyIVnywGblpSmGBw93mYal3IsKN3XMMw5l4hXga5xM+1T3rHmbgD0JfzL4K3/gL0/YLUXFvfyWUdT6mnD10tAuyVd14PRu9mAGRXHsHR16nhv5Jik3drHt5fBsKuMuOXa4YOW3VfcJ+lIc+JdnEbVN3eQOJ6dG8e9ri5biAT/qQ9qRXQMzp3cKVm+2Zd/aJdISAwKz+lYANTqzzORdyqqFwlDV9FrPKTV49jgfMBvJNNlOWa6KJ1XUyoMKW5XaGDa1DMupOFfn0uiRZK+0q3cNHwwB5kWdve626CZ8n2gBxDZ+klekxQM5VdVAEoXllfpOOl0EOFL9sPh4l7NNy+BslG7nJD27WaxVNXLGobNjLqN8lHuxEz/xe36/YScpv2Z3Xjpb8yDhon8lipuhQRLzQFIBytI5QZMjExPcSVQuKnFu3Rf1TAIWdh+Z6GwC9owXV3s+JCQpxuXGxTDGO1VKkq9D9eXOcIyJznKJjN5+9GwhMpfr9O6NNU/TlMuWeyNdWuriFrMqFuF0WDE273F+LQIVAnS53ZKVLj/xqig0mgCX9vsdNi2IZDultUYzrZ9hkQoeK6VzsGbJZGK7S9B7ptU8Ub2Nsc0ul6d7DkhLURe3eySKevWD9raNkTDtEldYYuYswJEp7cY+4O0SHEjVu8E6P7roJ3e8kIVr5ZeMWaHAGtSkoJ6z+MnnGcX2Mlr8Npkcbx4rUK7FF/A/F9t805PBeYquI2JRx1+iPSBT6naOpRuzinpPRxdfZ+aOeyqV58vDDXPFPYOnbKe38lMEKHl6vCcS0SjtN+MiYo+Chyitbvk+Km+9lzmSLifK3sNUUpp95eoMwLF7qDYhFV4zuyfa2np14lxycTTEBXGemr5bTnrMmqAIqCkx0rY0Qxs6hny75MaODZoieyvF1Yl79zwfN6+d0ff02Wo0gxu0HHBZMD2m6XfA69hsQEXGl7ri+cg6sSKXG9D3FGjxMNM/9Nlg7uxhpZLX12sYFCaujhhjAib6ydTF554fe8FDF/DFJXRRlIGHRGdcHM19BadXFirw0mFFAzl7KW3kJmkv2dj2gvQBF56MtIFD6IVra+ZjmZdGnpzNJfPEQe790ciPhjIDFBp2/ES34ZOtpfUKdg/2luscn1ogW3Nh91Yfk4gfRZ06yALrMGLoygjfyIveVP0wrNvZIodu3zgfczm/8qrCiugFINQ+Hp/8uR361LuJC8ctNEtZmJ+C5VFP7JPYHEcjNftsKdP+K+yVxyX5PO61vXmmwCOKZY55hhzQ3OChw5wIrEdpfw/wcrEYdB7OcuPsDahpPmnWDHbrq8mdorxE10yw1BAwykR2Xe4BojE7i3tz1ceYGOPGc2EeLPzoGXLUDirAhxYfTMU+WeKBT/3m94vWvqX0sXLlspRmfjOq4IXfn3OaJdDkXZr6daNDZjouIiuDo4kodl8pTWINToz4vhX1NJTKY2WGrSjuGvAcPc8pI06NGkfrBrR5WEoezivlHsmGtJcOq4q2budP4f6R7wAPEdjiEl6Nx3iMQwv29j4+vqzHRuHT8GkPCB7n4G8Of5E19LXqLEUhclJ0cMJOWRWHYWgxlA2pI+AN44NBnvYpseor3cAm051ATmYPF+psYYF9OsyKVNnKlPyOVEHD9qPTu7hNaj2pAVJO8YCYIpuEqt4nePn9gvzzWiZCajPWo3qwzp7YHqDEBTcHwW6k+lszkywo0oYuwAuwsJqk4F7+Efg2XdQq9Uougkq53CX5kB39YFSv49qhk4Y7O+aJ0uLoElkwx3QMWjaCkMoWjx6Ci0greZzI7RNbj/ViUK8Kb6QIonUDGw0o7t9VtMzfQ3OIlx4QL+K5re9Hf8nJS9BJcHFSsqt6kcXQVOEnspe5K5TmzThG610zc/MhimBPzvRHuS58hcgN+5HLbyYj9dfrHPtrGDb+eUquwDMs7OXcTL3OYW8/W4wW/SYKj+En2qrA+rbT4ER7i3xuW5bnRpZXTTqx/S2RbQPfAUsUbTssZ3qK5UfcVnVBOEC8q9hQUBaLtwzy7sOj5K8SLlLKuXwSJQlvBCWcwvEPDYeebv4CW/72/kDmyQj1VQJGh4rUHMdJQ15bIWS8C+Y2uzc9MVTcGOJsBy517r2Cgtj1U4KiD63QdVFJ1QeYxhrmb4C+ua8npmv1I8Kaw41jR8j5BEq849js5HC2A5KY+KIFaiIfEu5fVMXYvsqowr7fFnK/qUAIHlCpOylDYd50LQXNtTyABZVNGnjmApFMdWx9uriZ3VjXE9PyEumslmq16VDXT2VXE8ts2i+s/dIqKyPQB0N173PrQmM/4G7n7IxgKM65c8CsWUjKnSWaQOl1zb9zN+OTjsi5l4a9lwvyUrqSifcUsakFGwni5c3e+wHBDBeVMl43/XJaj5o4RqecFtfUu6Vex0e53tNaR94Nbe5cI5NWuDiGXQJStm6MCXnB6o7qDSPUOBd6HttSmUpLDtefbpvjIULXrHYbtJi0IiO3mNv2Hh9dBMix+kIE0lFgTZMCrLknaug4jwhYOcPzRd2rBxrpO5P6cckONocIOSzMA3xBYs6BaVbdcluu/PRgsjJe2ZvGTE90FDlRYLwQSo+bpsh4qoXD1iCeWRRO/9z7fknF9lJQvGgmm33HA08sUn+C3H4jVslhPaof294swbZ1mO8CQSZcrUEVg1DeQPhp8OBGn8KN3hfd8l3NDhBCslFXeUC8crBZUmpKV42jzT42M7DdvT12cQ1jzqvV0zVUTJL3xgfxP49yhFw3tifzaFUkOUeNR6XtkgxSByf3tfHgXe/oQeSrrs/RHc6fEqXRARTcZ/vp0MC75c5zEW3eMcAla2OvvZVjQjvG2oWI8ecJ0w9+oR6Es7/89TlG+YPCDmaFQIkedqv7iBJ1x7UvCUbDn3TzUmDFe3A2KiBoexboTj+JS0fmQ+g24az5ZG9ZxKH7XWlmLns5wzGd+uIJNMW48qtS3gIpuDOzpseSJi6z1jIrZl3jttp2H7jW6YNKbeYpiPILB1RxWK+eXYFlzIriXIHSN0cvcLCXimz4axEmKOT7kt+lcY6tdVWzp7EhykMR7QlDNdVitVmjMRXEg3X0uWqV6GSqsKoDL5kanK9ieTHtevAO+XHLZEnPTlhvTpxW+r5fQ5qVXvulCjxw/czaFF1Hu0rpxLwDKiPy46mz/e6/mKyf0Kz72KHfDkLVJQMlgIC8EmeNtdvJVGjaXaTTJrm4y+J0yDn2nnNNw06YDczKN8cSpqBhEGiGSTZB+TLgHxaRDAgbxXip6tRIs8ZbqVua6wuU3J7FRQKtYSBix3mzNyznTijycUpMvLwndMw1p+EsTG1KCevUqcdqm5d8wZehTt6IQ4PL3WP0XAfGFv79NQ238MY+2eUCEivDVzZMaWGfGa49Ipfnnsq97h+U8Ay1R2Y7iv4RuYqoRViiI9J2tA777mSyBXJo516l4jkJXsy6H1RxnwZZaxA/8aHCOk6t0lL0DsXpuiFhkshSlkL+xirCTcCVDOVYIUmdrbFPhWnrS3IptTKIk4RQCK0X8A3a2nnJhptTJh35eK8KCyH1+Uqh41Pa9uvusps/IalhE1hTBNhlVKuXxmMODSCEPxJm2tF6IZQyE1/zWnXtp6AwVDLPVkHx9rZO1CV5HgnPqV9vlwE7BfvSfB5k+BbfFqqJ463aw0uimbVU0evttoTcNfCzQsuF+clIpwT19hS7xK49sXm6G7wl7ot5vkTMfRBMwzKJ3tUNZyewKCow9omT5ABNQW6X1gQ9tLMIdtv2Gp5U72P7hLjbI0izKVeqx9uOKRpx+iKkyRlCIiDRtT4HrJ5bX4d0DDeOw+grfyj3xD9CangheaWJp3z38Fys6yNWixVYcZX1+RGe8FoOOP808Fgb9UuT9UbGSpNafJ6hS3kG6Fe5enX5LCaQbV1yn6FLk7GhdLe7eRefnBvsDtijAm5aOBL2msd6ZhMXgIx8vOCBuecZsd0ZDkzECeQnn4zljmOvoTTBUdLqZ0lAfWWQU28gZtUx40J1OBhzDdno0ik+SXNobrsuYvz9obh4AzNYK0XtO2k8t4fmyZfopsB9O4qAi5Z47/Q0M0mirrPj2A+hpk3pUJ/6TrmSneXYBF9ywHDDgScycqwUy4ujq8X+nBssHL7u5aXftlZAAKNuJMiu9VqDhgvR5/gaw6rg6t3t5kmWvfMd3LpeyoiKeFvi/hDw6JOWf2Q7i+Fh6Jnaj0t6fvExrr/RPMVaEQltTFzR2uTv70BXlrf9auHpidwk8iZIz5zYuuGm4zeWyT3GiXqjgbi89jF6Acrn0/wUPx+CuMlQwxLuwsv6ZHTI4dMGhs20DaLbmubSNOMZFnBPpG1FoVTKbVNZudX9WePO082hgn+o4Xr3tdeNg4FVVgF4z8TzAcIFwVI39fHttc29wwqC/FQAOSqtE0evoPe9PGBJysckhSC3nrclhZ3Rzsj3mHBda581V/YZgz4MSmSQ21NK5+UT3frs3Umwz94rapFQGb0imQrarTOlR6krDVmNHOd06W4P9ah4GlU8PpRL9eH8+ek0Ups33cyLHrcyiRiUjXUmAUjRyzr0TBFwOsYMfMOj6dbMiSmZwxKgz6MJ0inUUGHrp8e0HdWgq1pLmUj4Kt8NITKmGt3IuNDgVTvU29MdqpCnhY6bzmjM8NdLwbP9Ut05XNBeDlFz44SqmShsO1HLo86NtjZbordEsX7RwEEXZsUSDWyp+xfFGufG4yTf1k2k9EV1NFaOKTEw9L9HpTAeE3bnzvcFuzfUt8oJc0dHWjEqJhtQikQ55Zpxy++ng3pyxDJ1XgZqrA2EbcOX6m64r3jTFlqz68m0dmZ9ATuiU5mMGPACXOqwufpkjbmkHgeADDLOWOMg+zaaONuDseTMGglm6NY6hmQzECcn07OX+trnXMMae1X21uFDX3mPwCieLLfmATTMzerOwPP7Ii4LnN7nNYWBZyNmFzCu3hjgrbfdzXI4z5O9lPFCLeHHjYDrfaJF5ZXe4NA904xC5hUHvrPdBILPRUF+sHcea/fg4+m/QA6gC+yaE5WLyYShM2z/XBwkej0gV4zagIoi61JyPyYgT3/OlPNBaVrGNyap4Jn5pJD3Peaej23FwygBFZeaPMzjozfbrTKfgQqpsZVTIlEcoNdrtojRzr1TZfbgbC6idDHpVHdUwV1WXL2bzO21MUVWPx98sAPVFPMEtstY3c3Yd67MItKot0ILLzEQmIXvbx2bQhFO4zvHaZ6Xbm5RxxuRs4DJ7E96LSOp4ud14t+Q+6qshtCjtlClVBRdcystokMFmOGfqMHa897tWOhKLMGmDyLY4+TWsLR/z1ReWd+D9NB6pzAJTWQHTICQgZU0UpXqS47ggW1UOHq9q3zhBbHnzSQrhX/7mEhb76cYZ21ikq0GiHDL1eJ73wsrykTxCJzbot8DwzArzd4u7CnKQikxq8ZbuqIURa5Gfa3bAaqJB1BlZzh6JiHLgeD6McBMTRc59uK1xAOYCKbXnZhqQB+fjOV1G4Ak14D1y+W+RQRnQJ+YUpQjIULHxmczsG5h/WySqSe/n1vpEqs8x6pYevzj4TOVobNB/5V5WLBCXCTVuFVZTfGl6S89HHDDyk3xLTB3Ps4GgRjDrLqps50dZ78/VYx8o24uF633uMZW/rDGvpZFdHoPXOB2gh9pR+oKQKvIsufbugdpvr4rabnNn9KwseCP+xQD6BhJqR6iazmSEEHhvL0fRWWE9FDJuUA2GDwfMibGanifb0av68eKpsejce6nQIkepQd6I6DjDNmGUEPBhidbtPVbQN1jRVdDuHjtuPlsVyskS/momvaOaXdGbhGI6kU+ELnCQ4by4LHhdEBvpVtuZV62zmEPjS5hAuf+T60GljUZEEqOJDhnFcHsmu791u3KqtOrht5CLW/cRv0UZ2qiARs9U13bJ/2440Hu1tDBc3rdUCx9Q7L1UN2cA17Gi2wXfsZP/bB2uwrkoKIOh4fbcbE9byMX2aVCG9ZIBUxexlATqY/GUHelWEoP2f30Dd70RWz3lW38SwBrkEty73BqSaOMUocVwECECU/DLWpmlcOwgUrtyKhZyASQ/vJtxeZA71q1mUzi6RuFzd31fOtfp/nYxA7JfSYg24vq+3oMhJKHGOfNJQvW/Y0I2zQlX2hxzUAjxZP0nqpL81KHSxLbnMfNHTtuRlWsnBGacqFhfNX9k4Gf6ttbbP/owhbU4hP59bqV9/LYRiRRz/PHCoK4WUKCMhzygG7uctIEF6dcSbYgq7Ko78SbWnn4k+YOdTBKYHu8YqCUeWFtG8xzqFFvOllIBLp9YjMWIYblJlHeMevbfvfwP6lagGzL+dj7QKucV9vy7hqWbECqN2gDhXk3G4Qqs6J0aV4eG36iUh1c+AgMs+JAvMlnBHN+SmvcZe4RZ9wTnpL+Xh8hmbwmqVN7JohGaGF4kmLS7lNikJoo87CGJnctt8EupqBqlp0AHVctxzClGfJZedPuadVwicZk2K6S5POxOrY3Mn/yXWmnrCnbPr8GtNDXI2MzIt0pruuNji8B/fXEsjEaUSzPntd6Qrx0v5aEe3q+xFSFjqTkgyEtWraZyoJDy2q8gMXI5mXfo2uEhBXGa5LOGzn3IPEir08U570X5wmplD+jkvZkiEuBoWKXH8bBs/xm5UaEjrzswJe+SeRJHqHwFlFy11wkvdtEuh2j1n9SGiKYzrojm5CBgSCMu76WM96XWUgO2oRDjRbRpxtMwBhNkYTH21AfjGIqoRHdz4pRj49Sb3YZEMjz5gekoXhEspzZJRb6kupchB1XD9VYIDjOmPvjE7nSKhFghVNm688ktlIrcoYRrU4jP+0acOblQwPZSeQPyqwBqW12EvJuj+SlzvGpIuJY3+awjHb3iYfQGWMC15a9sm8p2883fWXMPcm6uuJq2+ttKjwdoX/j7v4Aj9+HrHtrCFg33WzGpBs7JumbK+32LYqtrZOJeUarQPeDvHaa0VYKE9GEQ79Vikt9H9gPmwfUfmNeqUKntkQf7eqNbSk99ELYw2MZNiXVVIaC6AzgupfyFlkkdL5TfKDkFBI7ihIBpbUkjdiGHxRItbumOLAMAl3hVekU7YQn+Y6Jk4SA5RH/cCQ7Up/SNG7A6rap7TThcig/sabUDbspJFHgSvkt1i+Gfaw98Uk7JVxqsn/agGDKWAgkMboB7HxLRl7qTcv8xKOptTBG6thJk1/4ydGJzqVlzx+ZBVa1jwHjLpzvN609+1cZlusMPMTja4E1dtMU70ys1Ck72NG1FS64d2tWwrlAsTJskCF3j6msxpY3VEPnLL3svkoFSsIHpVAeduabjMlLjVD4BQLBKrRC3kMIidtqa4+awahb2yK2JXiVc/qrjEM3FlHdJ7bI6+FZ0qDL4jTLEWdkl/r+vKTBFNF7oseXaVfda/1WzLvHcttnp3gNVgxe3kcxobzH0XXWeg5gfW4RevPCZ8JLme4+1LzeRjuR7WKR7RRN58pHfn1JbdssFcqZsdP1sC0JSa1f5OdC2l9dvVD6BisfjxA4EPd1tNM2e3zF8jKXzDAhhzw+6Ynlok7GO51m8cUgJdtj+Utt0N/+qWjKSOgPiiMJ+gxnZmS8njVg5Kg/UY5o59mSNFlzrzD6YWNep1r3AhgyBBa6gTlFal6/tPfi4lRIInU0C+cvSzOJ4aUWZnhRMBMaitfmJWZUP92PQVuLCT78hOAfZ6s9nmUFjCi1b3YUB19LXQZKbvaEZmcJYi6rXn05U+un3quA0rRkhEZqj8nBT/FbRZ9EIvCgWhor0a4/cqUAK5n4wNEA6Zj4BniL2M99VSQ4UMjzLkLgxav9qlB2Y5ChVHUTsmXxUxpYkeWXY2fEl55jN6bxHtbi0ITAwuwEiv+I0BaQJbLqRK7Qiiq+umPoA9ibYd26nh7z6acQTfgystVDe+5+FHPK9LCUr5+iCExrdtkbMNwIS0f5XpfEm5Ne7xT4MnW6go91MD7od72lEv2gNS4cyVjo7Ja5RAHjeUnNjUvuaJVWRJs+lbbxxJgKOsChbicn9l0Fv4frjPfGIL6b1Nc4s7QBpKu3CbG4J/bkrJiuljAP84UGkbuW5fycIoVzTY05g2fI4DGVn0twT6FAwNpyZZjtU0yg5+Ahe4vqxqcrd+DntAMlrH2DOtVawWTqKlARoUFUyeLKUb6x0UBj6L0ey7oashQwKkbfGsEJlLlFuKbwUse/34a4jdPkdrvf6V7ARDnsp0m67++9nxBDk9Rj30EdbPYl9vlKBlUdaXXc1MW53y8Ger8Un/Z6zBJPoKLyyl+PETGIkig4VGG9V6SOaCBPWuu0sJdPHUqJvJGN4DrmmbXhpWxFGbvVCbbxK/9LP+7YXbyX5CYBulVJoxvsD8SdceNTTx7DvChSUl+EgAWIz5Xi/vaVhxHI2zFSMo5aDImFcTy9bLbgNjk36gjdb7y7G8SBrjldsBsL+iJK0q5Q9w8RBvki2aisHCcYv+5HszUcQowx7BL6qQTOvXKLz1ZWdO44Ikhb4TD5CewNT9v4Vtj50zvIil4zvaPCxX9dwXAQ5qJz7gHcVF7Nzc4oA7vDOxhVpAgKzE5XqZ1qrJCoV/6iV4SFX6Y5k11Eg0q+16i+2ZVvpLfyND4xcuT90j+TvvaROaXlFaljHVWRusCu3vGf6tE32p7aXL/VyeCLcL9nVcbbyjAH5eNjDsSZX8407wwLTJ8UUo2A2DvGK61dVskejtwHJ1Onu76BPqzLLVGQNiqV93Q7xkr85Nck0iUks62evgqAheMBggX5CfTBDM+/UnieA57/5Wn2qLV7/VbXm9Le6WPfv53Hu2kLKMPxcTsx1bpMiJLGGPDjeA/D1nAuVJS/ofzfUHZepr7O/CpdyqsBvlryvluc6p2Br9T1vYnirGH7Kc0mrm/6CVyHoNDn5zpctVGRfT18Hen67rrwep2LAkJDNGXd8jkfuZUS30LO6gfhDtHOu5tM5yeU+Hrilk1Ldnw9EQZNqPA3lGsPKevbbAHZ7qFvR1EY/UJS9N9/vt3h/HYxdh3+2rJ/e6XrG4V9bSqzqii/9QfDvoAsC6A5mr82Fb8+DZDvr30ANOHgsqb5pUufzwhUpV+vGfxnR2x5/fP0RKt2pZUgIn5C4W+vFTVr9vW8vyFEcz2ZveaFKJbPCH1tAKN9nZpHydcziXHtQTvXt9UlJEFO1F2MBbo5fz90fZ2Xs/n9+eA+P82fabvWDwRjoJrQ36/4+lChKypQgBFyhut58y99AFzk043fdw0IJ39vQ373WGTq1y7N0m+Y2ctqyT43vRr2KRqutnJpm2+HiylKqwsKv8EPTaYQSYKOV03zm/YUz6gU+yEwv7b8cu43pP0RrWU/Ve+rLfrl2QBbVRI1TFNdfB7ll374KwEKI18Qgv5zgELfoZOgoO/hSUB/FTbx77D5iKaqXwHKmDT9qe9+xQUopfQvQA2/oPZBzR/Q9u9h5vfzj/wYRXme0gTxBxjgfzrr4CwxaqsGzMb3K+zbbb51GP4DOP9q0kb+Q+Ag2I+QQ3yPHBj5L4DOD18J+1Oqdt3/YnhQUkbTnC2/A8u65D9R/0HaBf0poH4loj+4S/J1nsAdpiL+/65RuF4T+uXP///14Z9H5d8gwHyGrtkyAJXfHP92b3C466cWkBJwrMmWJZt+mi/IVl3x/fFrnpefqgvhABjg4C/v8fXIMl1Ay6/zf7nyG5ygSzhMf3/XXy+Mo6QuPsvmpz+8HoJRX98MwehvH/DfveR/YDz/Kh70Z8+1s7lfJ1ArFlLmvomWqr80MOij50GOpYPfS9Sl0ZRel0QtWLpdPA+/503/nGX9N6Hl+xf+fwJG/1vQwqzLh6n/ASZLP12CJ2BanP5vSTJgVP85O/otg4H+FVYSfeM8yTWPQDT+C0UOGvpHMjEGod9xDhT9gcyB/lWMA/6ec9yv2dzA7AlHlqxfZ/YP8/ILC9eB/mH2c/U5C+Xjfln69vez82N2/90U/FiC/L0ACkGsIAJxYy6jAXSlPS7BYyi/RO91yr4kfZr9fF0Crhz6CtxY2K77z9968lVb+nW9/UBa/ecCyDeYIX8paNBL3iB/L2KQ9PdAoX6gOsF/EU5+kVx+gxNx7RIw7/N38OjXpbmUGa7vuiwBPftlVf5mLq//RPD870THH089QpIwTPwZTtJoLj/CK/QbwP0pOP9FRP4JhUH+IIuCR0bz8PVF8+oA/fgh/L4D7T5jX5qojdPo5/zbWP77KP3LUIn/CJX4Fxz6+w/8HUaxH2H0v0C3/zFG/1y3v3hv9y9xOuRPON1X0YevogZM9N9519cb/wn7+t9JJuex+XnKhv56HpBG/q8hixhBfiH/CEDsnwHwB8wU/6uYKbj+DwD8g4T0B4D8kchRDCX8SyTsO2X8d4o3+PnXIfWhVZ+hwNnrf+gLjOGXvPnr37/hPBA/wZGv33/fRuE/Phv+tP7xDr+c/e3vH+4N/6Htl558d/bv743z/yLJTao56X+eoxwIC+0ABjZTkg/ZjYuvH/hrnqthBtCfsvlb24+uj4YorppqOb9UQB+4Pvwc/W6y/+9ZWShJ/yMpFSG/t9vi/63rCv1uXXFRUmbfrafv+PBv1snvYc7/aCV87OU/GPhv7XzVgo3QpgIW/HZOIrDp/OnIz3aWVvPP5tSna7J8mbd/Tle/W7a/Wu2/t679wNT1PycHIDB8keHfgOWfS6o/AguG/FVg+V6jkav5UknBO1yS2oULBDKGpWqvGZ6+g9AvJOMXLPxTUvyPp/lPaPAfcfp5GvNLK/QbzJXLMswf4QR4zu37/uVSrpPmQ8D+9rW02ZIlwJ/jKzqTmIZ+GtdsOn8asgkYI6Iuyb4MH1b/HyE51F9KcfB/bFGlvteLMegL8t+q8XxvjdcvpeZj2PgnmPl+Nr+b8P+kkvI/S1P+jC6m0RJdEP36FREB1hCuerCGvUOaVPRgd/PueKXgFdenG/jFKxwTXn+5xdeIDJzAynfOeVhXe6HkTFlXn03RZnfE5n190IX9Ovu4sYw6JtLVIMiHaguil6nvpfORPXg88AOl0Jp5JayguJP+sDxNqzg5CqEyZ4WJg8RxRe4O0gDv/MEf6Rfrtm1ztypvF20xdPZ8EqMy04WNOYZo4W7La9EgMZyJxY7YRzntj5shKpV1PYVjM9QksLjpHIFE/DZftjSPMpwGXoKf7XI685Or7T3JqJGDnCvoExMsqyjKkmU5jpMEQVAUJbSscNXCaBlZWcCk95YCvyQoKGJkOu3w5VNRyqA4qDCADsdkvVzTzAtxLnjKk8yMS4XC/oSzHCdP+83NqOamctKbwZvyu0iztE0tXXlM2it0H8qdXs5aKMOJOw8e1gshUQWoyDOhViXaZKBSRzlbuvMJ5+5GwCiWHMh7lAD6sy9YpvcMmnDbvlG+wt01h+GfZb44nFMJbrSTOI1pKAM8F/PbYu5bwvLH/eYLt+GNMubHj4OxzxC45qQexi48DRW10lehgHlxwVDEts1Ewsh7TLHDbq6sd+qRvDHMozNpMWA8SpIL+ECBV1MJ7/eNnZkXTbmMsTFD/Ij5THhi7BY6ECM85bKdjcdWwliQPqBPzlhvlx8wfNobq4eBJiRuZG+7Q9SZdZuV6IkHamMlsQfDVebiu4ZJZ5O0pGX7A1rfJl9IZ3bBfKh/aaQ8GjffvDMUxXa7mUnOcdNAjJkg5UL+YvBORUHUz+EM7tM4PIoZSQU4uYky2x/52w89dDKXSHad0dGw17ugdq6jeOCcwNHAiXQnUdF87nkpY4LMoqq+5NUWAs9N6RNjq0HT07l6XjHTLEgBgXHkCVRSBbFESowLzVDR3QHOi/ThiorjeecrhP0mh8q4yA2mwPown2uMiREdZfu2SA1NklBebFT5TFVFo5hpTBMPtaaEAW9mxAWVpFZVAxfG0zBwjd7ZSaFBl8SpgkvgHZJXn/xtpXYKOX6ravERxrFg7Rm9gOlngefDvgUqhn8C6bmKekkin/mSuCqvwajDDQ/2haIMTCkEsy9BggVG33PKAqHbLMpA4YxYs1u2o6Yc48x3d+L+fo4dfsHD2kEii0B9hfxbitAzNaZM1EyKzdoe0cMLGV17Q+FZWosjf5FHsjBKHuDKpuBv3eF8wzL79Z7d0XWNQiR57si+dFa7Go9dCBg9AcMbTuaLRtQ4BqwXEJIKKpUjlhn0luU0FhCgxJHyybRoXbMqKYSsz7bHvcKax0SKfndYjZnYew6eL8cQcuZOsoQqbXd0OxEFWxrWhamX4cmoNysYxh4kv2n9MzpyIUJvZFaQNL8VamzAQWsFO6hTdlLOJy+KPWvNQ/Vwhy9yqJheNVrr8Cji0POaOc+OSLl6pYUQHETH4HMKnHehPWE3f3ZI/d7uGe6vBgmcbxi4jZtXCEgZjxb2vYiydkmOoNcoYXvJp9xkVQ3NwDdZbWNFPdDOBP5FCZeruV2a+9Vp36XTmaY1qtxE/KkmcJXv2GNbgHcafIRD3M7vl3Usrjh1lEZKJe08x1chBaGIsP6rlhf63mUZNiHEcX4cw6TNEycxI+BAftzFNgR4QuC7n7lngL8sGGYPXgPdNx4EwBn3Zjf7vovdp55C/ZbNR+DiNp4HAXBUK3X/7uE3nNQT+PmUdRnZFlTmiNbXK4K55RUM/DBEt3Z88n4q79DGUD2hkdCQI2hsB/Jr1jnw7nkNlznBI7WPrw/2GZW60+q+GQWN6ZYQxaKf0ZErw6w6c2l7/DHXF1WolBzNhj11xw95P2cdF4V2S5aSxjyRGl6iWANEG9n7YFVR1NcE4zInVbNPlEi5CFkl40pVX3MtEPrsHp4VSt3HoVnN+YgBowbcFc39flHk4SxX1vxUOcnZ+FMiT6cKEHHCsuzsmAxKKrmGFeZpz49138PUSgs+yKR3/U4f1DQyd/nEYr3DQAoVw+futf7qLAQTX5WJw7h/kWzwQAnhGWleX8e4rOUL+9SQR1VEpuHqdfOEN02RLzGFNnZTxjaOK3lCEbcN2gFH69ZMErrNTGJiwvjplKOC3hP5nO9Rj5fsK1Df4ZERxjgZVjzMpYgzhgA7onh1IkarQ3/KMoPRdZSA/GfdOicOYn+SpLzRG3y8uTeiuFC6nex9IWQAxTAULj7msE8iVfNuPXw1VuIw0xQJIRRqogLOihusvMtVBuKpiim883rdNwKY0Z1IjWspkncPI83iILRIOQaMWUKUoHo7sVhxVXtVq4WkfK35zPs2H8qmEsCARiq9cKgP+DZDy2uFKqHSquI2vw1Y8bYH27TyGySs/gQnZUQ8KChgnxWaRMTm27r9Bknm6pRUEh3vbhY5ovI0TJhxo2jbqQkn73dxbk9OWhn5hEEooiOFjkiY2YHmBa9fDytYSKZcBFbjp5kFEWp6SKHijdAGxrpfQnbd3VVqOUTI6Txv/ZTC8WznTWbQRMwMCOwAntpcVW8d4sRu8mQ9hMmLwDfQ4pOGln+9Tj80Z9zbzp4jy4uxYDu2YHgsv+kgrYzjXtZqMrliKFNPBqScCjhtUHpSdtKUQPoswHbST/S827oEI8c2MlcEADaQZdNdwTLI7WYvsIcSmGGMbJoyPGnOfd58yKuHr+6Kj+B4HLQimzb3jp07uSSZVR9vSL56hoYbUSR0WXslqc8KTqIdEp+lQ7Bqx+fNV+r0gHPoeXLOuOp9SMxLtN4VVEJJ6f1G5XC5o7cAu+UJAwwDekgtj3CMjJm/FZQ5WQegLdcBRJ2pqdLct3yBkCiL6Cbf32uS2eCqZrmoY0mHysNKgOu5G/pMnJDkC00SBdCGsGHxjSsnp9Ep5lxjSMLfNWxNg4wxLzM3Vj3DSFEMEU8zMCCF48UlS4jrcJplmR23oeNLmLibq2v3b+JaefyoU9ZIRJtg2reuZe7HRgSkbzKrjKVFiyMZZThHCk+MsTqrOWeMgF6iDcDtHHnRFEiWYaI9cPccWBnEHvQCswYcfHsq614m2IBpASWigh2FWMDOrfnw6ZX2TKylGQdr4pv8crbz4qOYqcEhdOuTfHtOtKQ95c1SWJ8U4wXiR6KdCT8EccXDbeFFeXm5H1WYGo19h08t1XaD3UgRo+as67fYL7PnjqfZ+5oSCBRSYAt7B5frQLuaILS3Gy579nZJkwtwFBVpVQinm7W9avHsHkhYze/SJujWxOLBi2lmZ57m/dXMBzSQBU8rgYIXcaXfCLcrHoeJJxxIzvNcgmuVbp5AHKVlxHsPZy8e7aBICItQQ7gTqt1d7mMhC8mwRq4jOsgcKdZ7LOYhb7Kyb3DyWO1g2kpOD0qZGN6UlJFzbRyXJMUme1aLWbQt99nKYyRIYlC9lVXheMTY58bkL9bJBz8MN/p9CqabVmePEKOzDGlZgxK3rODaeVbocQ5jsu/VeQsNz6rPgUttQYbOJaLrTnNWaHNag5SCsXnd4XCKtQzyDLREFJ1/00andpgLe0POSCen44h/aQHD9NVCwXrJU38+u1mC5GYXNpA753ETo+iooy2MP4Gys1wRL0T8EF/jeG9JRGqu26o3OvffA0XS8ps3TDphc3UKbSBdBkzwzhfWjMjtsMnrfKZtH29f/CRsJbkgQpZn9VoqLK5q8s0RcD+x51khMhGoi8KIF/5tjdOc5pYuTSy6zSWXBSKxywLSmBAJM7fo7gvIY0iLnSQobANJV9jS13C5WLj0lB88ZprhLk5Hc0p6DEpKclvyMTGsF9hMe4c5A9OSgHSJC8RzSX6qkr4M9Lj0EHWEunZ2KnknrleaXUQAgZBRY1eRPOdGzpbZBZib8GHUzNQS0Y6VhQyLVPuQWEzNmG1P7pUOK7eHSNnN/EpQiOMXObxJEI4LmH27zWyC9QngF++Z8dXeUvHUqmP1VI+Kl1t5L9zjeA80zugekAr8/RCpW84RCCkYq82qoxNAjiWuHLmvD6FMcfd1wjBDuzcHMKtRSy8xdx5CzELRZ3vK1HqjEBwW0AieHQ6KP0kXPcuQzlaoyBCeE96oTCZ95+/nWu5230MAgulRCaN6IMtLEEYFdjiWy1SWKU2mKKxXaVmKvdf3mA0UVuzx1rijl9xMV1bbvT65L8N8kF7Jm9zg7Lxei4/8/qZAVl8LnED98G79TVB6S+Z8i0qsgPq4fzNnhb2KcDdZRO7uKMYbO3W+LjL+qbBspvVzFVU5dEwiIyj0vqZWH1Na1dqJOpmAuiK8cL3RfbYZhQV+9NLWP4YQHhcbIpb3pfBwjLslKhTP2LqN6bRfwhPgwMErtEjc6Rbk3hnKaMyqrE61aDAq1rgrdDggIhOMd/Fa36MQDSpMtWYZC8+Qe0CxAQTSu6IY6Msw2EuiBrHJpjtEk804jjkrpv+V5fGiySBW9yaP/WpfPqJyjKd7rw4yQuW393XE+hzp3E/BpfxWlVai2kxhCvWLzHgb8NYXrXRA6ulqgY8OEn513a/fwPI93iTtOhcUMSISsjxxcZrCVZVHEqCh7qV3CdvHRe6q1+ZWGruoJhr28wOk1FNuiSjXJr+a7F01yEJYX8O7sz86lp3g7v1mS2oHaiWzGGsKbQaYOZV/G8vnACh7WjpARdGhj7TBqHt+HKgtvqJKau3tXShZL1ZLAvJaDs2M6OXSKiyv324ru+yXLilvWv7e9V3MuAVhwgF6CIjSy1jLyV+pWbJDOKygnk0LHEM5FctkSDdIvV+Y5i5RRUtQrpkw6W7mvA5fwBPWpmDQi2XGaWWxN7pibKBmeeUDxi7JGuqEG3pYgl9zVG8ooaA05xynI3uou50MwvX9gHIbawi5UDjP+qSIHGvuyMywzW6p6hdbfvVDZg/M16Lo7grCrPEspwns3vzax88S0G1YNOaIuuiUKSJvGTdvcMIRwwArJxdy9tpF2sDhh+NE4fuxp/e7oXJWX01E5Asq9llQ3LWgDPG6m8xZuAhAVPRzLTbBAigvQTDGNXwPZoKbwJ/rdJd9m9qGBVMdKWYsWxuYx65eChMXielubEyGj8gg+XP4wLAw8GsgQnZTcpcETYD3iG9bzjLYCO+RorN1TeBa1z54viojKxVmzNIuGYDmS0q+GwgTqU8gAmc3XfDsT8plaHJiuNeJ1nwq5F2qztq1BYRx5xeI/wSmENj37KU5V1l3oD28URbua4kpi6Z19O9PfspbhYzX4kvGg0eGisu+vn2xW1XJfF0ffXQPR1K0q7p5XeJItLA3/GDe472kDhkwAx+dlQVTsHYojEbN3PbZx5NTnqkDAkjWl9SUnQMQZvpZuYxh0f2eUoF5PzRFYInxmH2iza2SWhIWBLV8LebD7lF7KSmfypNCRmP3Jp3H1zCzovhQ+GuVHe4ogdDM/IWUJHoJUve5hogseVxqlV2qQ2h11fVId1cUQcG8a6oTlR/X1zqSMkiW5/nYq1XjDE7cmEKMpfUl4W30/oF6wqtaNbCADod6vk2R5dWLrES9O59F3Pl7U/bcsddH7V0k+LdPccSHikJdIphsRobeJmOBODAz2649pErxTVKkNFp5pzK80XJPzajz8BKOJFtVNC3ZrYTWXGcvTaEodlDhQIysxBGAJsVynoO1EhoViU0BdcmqQMvKPrFNqjvhJcmNT9UPdxtOVJTJnhAjKA8LW1we9ADDjUhcE39/IEwXB0F50wSRvL1VZ69my9OefV4XcdEnKjLIv/Tg+/HTeYNxjHG/ia/SwF+CWaz8YGF8ZVf4j8cb9khiDI/gxVkBV+5dMtZjLd2C+uBSW4BmxT2vBWCbHrCBRSeku3xftpwdXASppSOORu8ZwoD6oazPgBBbkAvTgm9pFC+7KRzycK0xItQCfU64M8ibDAn0bQrT+ZiqeF+8/XtLNLBOH+wLaIuQABZMtXUxMusfY7zQAGPIarUc95fuMNL4Fwr+4xb0Fxz9fr/ot/tD9BfsBz73v2n+r98iIn/k79Eva/e/Ymva7ftm/n97M5qA8S/4bzej/+if9j1MyP9Gx4V/EG2WVtu/7JD2p/7e/yG3tv/kXfZvA/UbX3gE+tsPfex/+JTb2iwXAYOWrIs6YJWD/tR97r/ipX76dx/w777vP46gKKMJeN399YPwPzgC14FfoxmbKs+SM7ke84979OfNn4XyXxYf8Iv37r8caob+iBr/wW/vTz3u2ipNm+yvJIAwgnwhfssYf08BfxCZhmF/9+P9LRH8xXnx3yGCj9Di9F4lTvrBn3AW6uFS/vQjGvgXOd2kWR6tH+D8BX430QBcvb7004fT9pciBDb6P1tEaT9Vv/79ubwG9Wr/5nPzl0099ksg6q8B1vQXFP6NN+z3MhIM/cgTC/5Con/R3P/isfPfMfn/guvrf3b616Hpo/TLXtVVm6VV9A0E4PsAvgO/q75tP7EQ4lKunxj/zz/wi/kA52e52rKfAW4+Ihkiwp8osJ9+dPSvhg5O0V9oGsfIHxIN+EIEhP0GSNT3Hn2X2PUDYfu/QpCqjLCOF14tMUS3f1IbtU29/ydoyHJx/v5L9TH9znO2zL+0/dT/5RP+R3876g8T/j2bgOEfkQr6C/7vz/DPEtqYurVCkus2i4+l92D76XvX+f/7Zjhvqq7+PZ/4ppdd6/pv3xzjxE8o69dzf57HtZqmrPn5avz5E//5VyPhE5FI/2ZxI/8UCjj25RdF5neL/e/N/wE0AJ7ZA3Hx12MScK2/9WkGzvg/</diagram></mxfile>
\ No newline at end of file
diff --git a/docs/imgs/kyuubi_ecosystem.drawio.png b/docs/imgs/kyuubi_ecosystem.drawio.png
index 19de7adb52ec79e639fc2c6faaf5bc114aa9f760..72d221d1040b94f4b51558d47397423e7ce17b06 100644
GIT binary patch
literal 352492
zcma&ObyS>7@GXi<umlKh!JPoXf(K7<CpZL`L4z|$0wK6tU?4cb3GPm?!QBb&I>0b+
zhqK;Y>vG=jy>nOp0c+r+yX)(!+Eu+bVXDe<IM2wQAs`^&D9B5zBOsvJBOoB>VW7c3
zF<I;fz`r26s>{7YC>x>JML?iIP>`0?^fWqHLe(YQrA9wFW}h_+I)ojzRyTo<97Xr-
zd)nJk><N1~52DTwjz)wpC#!{3Dpe6tKi`9!2g||(+7CF{PcpU}`hqjOwll!Z+|6x%
zE3xg7NQ7AksLT?G&r}2c$8Tw5QFBQ|g;kXQKY!!@c`m?{vLaO+*lJg9)MB8At4MIt
z=EhRTj-E6npH_lkuk;~OPJ_lD)7nB0s~`M^Ul3I2^v7<@{gV3OZTt!m<_9}^AuReo
zjEy6M=c+WySp6<B+DVyc>-$1Y>lOg%?V4NTdR1gH!h|<z31ePHnc+y43N-n*i?g4)
zo7JBzoty1>IWj*M@rXwvy%I~Q_R&hU6<C<ths|td4)*X?$2f_BNg=KnfhVi`;S*_0
z#P`HCD}QC`r08#Zq3j#YvdCcRp7&*Sn&Bs#<>yK@JZK7Wn)mwty5f59L01e?gBc`k
zYLH=05WM8NEXdod_B}OI2U_=8(-(!Z4;IZnoZWP(PG8@>yb~ewe_)h+i-!eiNGgUZ
zCO<Low<e_1w<a5#d^0a&3=noXXduVarI5XPpI^g17Wc&9kr;~$VrMc~enS3gTe#HS
zAlM!0!t~~w8!Sefo<*xM-ph_-6}YyDMCyV!t&(%we-(BZ|8>DiA&!WVQ?Ie0VZVCi
zW+IW{k7W`2pwMjF$xSfW*i^(yrpj+d;$v(-l3!WFzQ{z*lefPfD$$HLD<Ajwry_=0
z>o<&k*T&C>hs+9b&Lp({3165EHj`bglC58PU~=8JuY^)2XJHw3exLbb%$e&D_95AZ
z;%o6ummzEfq=!ygs)wtGo1=}pYk|upuM5i6oa5j61ukHfoTf+!K-uc2UO-Jczcz|O
zIKOJxD&AKNeQF-yqj{=7{W(}A<!>aXrl=PxAG5yoI9i0--?8DoFs^(^jYqbSpP*Zg
z_ko|?{Ac}DB0@F|&$^V9`i_T+)DU`8({Q5;5KtBINiuTnZ%!HWvV3d)&ewb~7P~Qs
zw-Bl;vN`p9rn;IQ&~R&z_Vf%9zLudeLbp%i&_Lo>O_IjyQl%PgaBWM?U+t|i-wY?#
zxCLJNpvnJPpRYOfW;Q8BiX*zg*C}-R;BfD&0vchLglZn1ibNq1z6J$gD<$P_4v6wH
z$h1u`^&ycsyeAV$LL$V_r;!NvWl`L5-F^Smx7sxWJ*g^ESuAIFlBKaWR@^ZO7+vfa
zYD4RaMxEC@SK|B75vr`Nxy;vovKnYIv~m@j-R~#U*E6vg&*?dkuY0V|GV7^Z&Q$nU
z`KPt{RvE~Y8Y%F|G8O60<?8XbGDWwb<X*6Y*})}1wO_#4vp5S#?#n4igDupSO77`W
zB)A@ZiA|dsk=!C=7_Y96EON3*3cb(pv}N`>L$FaUNlhQ6_Tu<+VsLWY2Dov}$$KY>
z=#$rLeXmjZ`nY<tL|WSg>J@@MWh57`B$a8ES{3dUW63yWhEm;zpuJn)J0~yswD=P6
z;~@G4)`?3S-7YR&cr@LUxP;7)pj~p}mPpU?Ga#}e&ce%}FABM@d;8~x&p|&yzf00{
zw*IdWR2@-5aXcti#>E(Bg|BqJuXVik{gkZ3!iLYqi4OvclwyVHjrol^EIjoJ{W|9N
zKzY&R^fp)y&pn>r=EZ`_74?Dm<qG!Ak?{mnApX{%#y!1H?MZMUG-*d`FV@O5gIgm>
z8p?0}j#M|qjpp_1(Ms3t4uK8x7iYrWvvNrm!eu2F!GW}8qxeNH<vJ;?e;TLwgB%F*
zoC;Ofa?(EcL3UoHF0Wx9R5n+(el(HE`?jY)&N`(DcDxdG8O4kdnZ>K7jw<|d>Uw$T
zABPgAF3$=z;Df!1&VJ&r%qHwv-lH^}uggC24Qs_kBuh_3FOu|COXo6r5`fSZ@Ed>I
zZU5%sB$3`E^Tne+iM5!8sc!pl+*4Ftj0RKnmMYK>1_NkU2ytJM6+N5v6?2mycEqJx
z`2?H79F-F2__F!xc2KIymQPdM$M0?Zib5PcUXpQ=@wD+^jdA`(gPK>_R_oI@h1!X)
zDr)_lSa7B!b?=#VH+K37Ka6ZGTReGtsqwP1Ej?Y|#GvBa5Z^V`JQEUs+?b9}V)@be
zHo$l+AAK;GVXteu+rJo@zZD%acv}O~71I;rP!rQ@b<?P!)o+W_E-$*B+n?xYQ6{qp
zQ6e1agA&w0rMSHPln=@q!I4AfZy^6N(Fq;mR4|%zpcdvVGp{{u6a72{ia6f(v9#6)
zdL^aOgBty<tOL@X36C?}6(QI&SE_Bb=rbc>mv-CNw|)w1qw<^B=`bH0#Pk#6`Hq^7
zdVZ3H%bjBCKep4_u!BpR2S+9rK@$SQn@z7-vEI6?v6<svdtw4Vt!(`Nl{9H+A6N2%
z!CnajSU$*Pppjr@Q&3maOX5ZDXCG9zRKR}#5U1Aphf-CH8fRlGjAPqQ*;W+r8CEl#
ztv3PcqS>44;m2`|Wp$rA%ll;KymhIUZCl!^){FC*Dh+nvr<%QD|Et^I9(D2b9l;fZ
zSpl0Uio32H$!z(GPyD)@_;DfAxW8>C5^g0WUCa?I=rK_*KcwrOtdxFqFag&($lY5V
z^4p$6Y#_?i4DBy%^VLp>tGm*RazU#d;J}IjYCksu6J4=RE^2?{U`=#;vBSBdl1XXf
zu*>K}l^yTr1c!jCx0hP*V>90}ff*3m+7c0VN1jZV34-Yu92nmrO~L~XsM3q#U*Mx9
zU{4a+jzJTNud3t_H%k)x?-=^%XX`na?kf_(x*nAqn;Becg;djX*nm)P9!p80)OCY0
zP4mmp9VrmTKqw$f+r543yo|Dul%E}FT7J-d+jmPmd`YLbgjNh{5j$MoqW?pNC*@~(
zV{sF?bw+OXbzbn}{iBucUyl$x1wqb65|>$lHGk~q-xPhPH;rKjQWuWNJ?|W>lo9g)
zjG5I}*N~>BfmDQRZxCEg@Lg^ZO>!`lzLnpdxh@5e`C-Q*CE?|qJ+HZ4EBLw>FkC>n
z;C5V*-DV5Ct-MRAzNZI_%3oH`6lCcCFu|Cu0Gd9WEfHFsuD+<b|9Ysub2XeGHZy7E
zK&A5J-KjpViEqqd{!NEg9DVXhlIHiY73BKogkO|7^rNn4(n=Kn3>F;f2P5;}YF-%6
zZG&a$=w-Vv#*}PKZeG{;UjHGxL`*-_4+0<!(hbt>=kWcO`$NvJ_IQ*Rh?u^4%vOk1
z!-sycSo-*O+S!j`bC##@kQu2M9j7D^Fp=-9Wp7VUtS9@@u3tshE5@S8?tF_b`J>(a
z&$#kveS!UD(;WRO(Z!cZ*Ft`}Vnh1kcl7%3$xG8Cx4kNtt6*kO$}X7BS?@4ByxiE&
z9ndSBn1~PhC&5a*pnB#iK!V%FLJ=KT<9~ruQ_MoDH{WbVIP`lx5Gu|VKnH7^{j?u4
zNi*2jFD&#v5|EIL=2?8GE9XA69Jmp8xRFA!S5ye@gXefP;*$w_RqBelv(VF-iX49z
zDoMm=DOxmM@mr6_!(r|(iaeF&@N)t<E_#QNGQJ%b_cRj)6g}=<QM8h!53s;rTc90&
z!(BO<dZy*hw~cy2A+g^Z+4tl1=DhjYY;?K+j|oA%K)`lX9nyVm*rS&?F82p0HFF3x
zJJ}Id*iEZnRwskEaFp?p`KLYgQws#?P2PjZLrFYYo&;41?0<HgeP_0>UAG%Yj}y@o
zZW>`T*>7Q>c$4a~91XO8eq0etL&{M^7c4%pv7k=Nj+a!3=Z}g13wPG{);xGD&bnDV
zsa~A@;WjT!x0P0-HBJDKcRM#|HG!7HFt$TU3Ydnc=Oz50*mACW#*2o05vz0Ef7$&z
z+&6<$Ru@{AE@Rj?bSy%`{jmVO;fX;1H>RB^4t6tCH?)itQ<)Q18y~6rW#KDASStrI
zp#UEPyUboN(5#IRH?q-RQ^P~tQTG?t>?1;{^8c9YFI(e3S7ZC@aXnohnGmQ-z`pmZ
z=gFIy;%zB#K(Jfjh5fHMVg4Aw#)j+tng%Tu-c9U?m0N(B>KsQ+4$uZOyL^j)ixsjc
z_Cv|E8b1+GY3Wu$-Nt_HmM}8TFe1`VM^b^-_!V|b%8%v`nNp4$@|cyLC|$Q%FA8As
za};6Nu+Vst_ALqFInAV3L^@@1B*Q!(`Aj0`c$}2-+@Ugj_C|<kx?H^0>I;T;MKE|?
z%QsXBdpUGM0I)XP7w!3Q!^^qc5?TOQS%(#X<r76nc?uMQ2T-xHY*NQ#A_}r(c-pGi
zH|Emo`prQ6adJ*|JA~Kk5WcTcI_|vozSCt@^6gvm8%*+)23J2PXnD5J@Gt_R%elt$
z6iHK;fc4;EEAVUYLvKav88j~*3mzd+4gBka<LFOe1nF@o(KSecgbu=m{#R#uP2-rp
zp^+~adq(xHk74L;KlsR7_9tb#;uuPJqK7p9KBfvf540nhr{RXi_a94tZS;Zcv?5sU
zgA0t2I5=V0tGHP<dgYl5n>#LAu2djCHktO`3Y0W|mN)ly7s{X*)2@@wFk636wT^M~
zm71gE^}={-%h+!>mPslBM3v?hnqPh&1#{&Q^~uRm&`>4W2G<|rnUw9X%Y9p$>mT-B
zqH!6A9nytl+jazvxrnmM#R3VE+kgS^INHa@7P)L{o_TgN1A`Xw%xe*LmreQ0w0XP7
z@cMcGVi9l<wKD7LX*-#;LsVx}vQ=+w#-;c&ah8~}m`&+DQ+DZ~z=8GKr_Q)p;+IY4
zy2w(o4p!`Ob)93*E+HPa<0L{b8GnVf*yL}O5^!ue`17H^2JB$7+B=Vc-g8v=Y`N9A
z&1`GL&|0GssY*yNWs>TyA9hl+Z~f*EWt&z}M8i^J+NDUeQA_8jmfdKPt;HmZcEsfh
z(qXxC6Qt*hn9lGy-~SBb-jaA6QD_<F#NtW!HI%GTRACo*UotAzg*1OjL<eaN`hDvE
zJn+H)Qi|a=x&F**33Quu(Z8~S30`iMnR<t+RwUv7R~|&AfX~=&ek@QAU1u=zyACi_
zB75Z#f?X)=%rmmwN>KDO7sc(P4s+;S6QuK(j>m6SohXQaXW?)hgqL-5b8v=c3XvQ>
znT6{N*quq`XJ2Q}s{x&yIEK-3M~8%g#KFI3)mz<|o|GaH98wuEZ}rZY3v?X2tqpw6
zP-a9#PvTqr5~2mJKDr;E+;SRyj~z}kvo>c?HEXy6JMX%%i@Ru|Xi#&dV3CtYuK7}0
zfxD8<iMy@9M8m=KHth4u(s{mVO};&v-a1sG(seiCuOSdl=2W)i9$yW&o!rL&vFXAj
zUnS?;EN;87ks01xan;S@c2mP@>2_qT?sJlJ+x9T<@(tufddB!yXSHh|b24a(N!jGI
zqigo<BxX?@1D^9;8bQIR-Iy8k;Q?!(7!h#!+wtc9piU_qwW;G7Ervaf`0aQons{Wo
zAKeFuk~PB!(5YhR8>DAfFlV-DYPrIQcpj?QkDp;H&Q?hx>ll9^m*evTC4O)}uHfe6
zyFCB`g|DlX+atuZ4EolNp?D|BQ0c!TDQls-KpgCD*n?3RsnEcg>b^=wM?SCBSi^gZ
zH>_GnpgY*<+yj;v@FwV;xJAcS^>*b+`z!YSC4%9Bgj?-5Ln%O4pYDQ-R+Ro?^k`pg
zPFO8{TI$hu$b{9XLm)Bh)?g@zV*DMc;v_)nePVaSNZTv-s!zp(K(2BI+F_+&v@Gpd
z<DUjp;W(6mO<cz7TM;(>35@RW_eMd3ysrY1g?tTPTdaR2`^KhZKZ<>_b@M>D{dM@!
z1&RRSK%CYOl~mH?JUMDLK;q%;MUmOn521zRYfVsR6VNUS^sc<;!|Muv!}=O~NA4BE
zHg`C**sON>Q^zniqzU5C$}G+Hy?4H%XdE(T=H%81!M^qxkPe?(X-O{2%G*}FC{)AI
z5dIzRa)UW_M7m_$R&Jb~Yy4J)^V56E#r)HI{Ss0BJaFV*H6H|C-2b1QtCN4Q;|GnS
zC1JBx`ahzVAF_Htz)eF$#IRBxlXKG>Gc<cMr-0nz1<yO!>MPC$73rvpT{o@QaW|<=
z#|W||3jt$F=_XEH-q~m+6v?IC-_83ft5mq&u<9+EA%Bb=1{hFDX!5Q;@X4!FR@_wh
zR?Z>wr-L)(l5fICbG-Q!ZC20#V*Z^28%(Q}=E)eWg1Hr4oZH#`>D=b^$hLu!A7^df
zyb=RKcB`+o8}{?XWxRgO)bJJ)4#A@}KAl!ou4xj4Mh}aefimYd1~~d$1PH~g6DfEl
zWt#(;l~y$l3i@rP9qxRi@483m&1Dp#rbKQoAAB2fcYnUaT_)xqRQqzk&j+CCbh|#E
z;6|$_o_H>Lb=3<F&cG?iT&Url*J0)wfy}_rui?(wWwj83{Vp*GwNpvF<h%`bfobKq
zA`@x+>{WItM*`xiTzN|mO>Ms&$zj-f_LzKjnTirjGpHZa!CopcG<3P#d1uevtymqC
zKMu_w(OBjT9(CRrfCQ(fuR=4|@_^9I4|kAzQPwRmQxx!gmq6_Lme%Jj`qBXd<_YW!
z71Zk6kqs=%-d@k6<?15i3n=YH+f~nh?c<YDHE|4wV#^#5m+_qyQ-ZH&FB9+I4Z~`B
zFA^;zv2dt})}1eR@8&8##C5AKulVy96Z6;pyc0dUk}bO+eOIH>dnqLU>*eNDz39p%
z#Nu}bA9{=3bbD@XDXrndir+o<rl?EE=VQo7p*oFt9D`zn=AU@k;=7i!Q^|Lc4)svB
z-3RCeDXw8t)C4>u=tdoo*iL5ZZNS3cLv4=k;E?#^?J-^cQ%v6N_n0G-a_8y*o;nI~
z#Od1(Se3SX{sn1#OnQfL*3?N}VF8h6%Ft^93FMMZ@9=1nuT5MJT^!(|{umyugtMBX
zNzx15W<tM&z+8R~sin3fqYst$7o;Ue3*<QA#GA0h((P8Z&Es(G9C**Ldgue`uW)s*
zFzW{g;s@E#hV!u++n1jA(<7=z_t4egtxR6$%`x-812I&6hO%^C>(U`$P>WxvGtjYT
z3<y}gY4TuB;loNx<_v4)vs+)=pJ5hqQLHx{w18mtAH^se^xZT;)>_R&F(jA~e?Gf8
z`{`3tY^~W`e=TD5AnAE{{=&mbQLZuJvp74L_;{u7uY<7DRupIHcld8ElxvOEe{yzS
z93WsC1<bvVa2Uge?N1WzQeSVArFo4IdbJ#Jlj@D<zHAeBfuSwd9k=f;cyy0j<hgE2
zpO5E_);8l$-Z(ckK+i0Gr}E7>!46pyx|%sNdYsMq9eX20eQ-cZHVbH?c6Vg!jhSu0
zQ0Mfz_1QLolY=E;!htl@;rEHsZS#Dw?Y%_tbq;;G4#E}7m0X;QZP7Nu9^n@WtMirI
zIWY_lWU-k%1I=5Lq%Q)5eYVT$ql!__%&og_uQv-o*fZHb0Bapx_4gMnRL$Oz4|5A$
zm7h5@IZ{?)xK_A~*Q#uIKi~N&ECM!Ruf8AmGe*X+xU*IoKfGkCyqm?O@F4w4AOJ8Q
zuRUBB8#<UpeE;0C_o!vvd*JWLSDYwV%v-N<<~(D&xTg9jwj%;=Gnni_W3G>u!Bh}x
zMI}(2zM@9*2vPZG^OqVg_v7zL76a0r544SKy`X}fMWsi~iqFNQ=M{<rUBiGDY4dKI
zfH&E!by_K?+Ps3{6Pre#KTjBp?{gBT)90d{INDk0@vpJ{jsWl?78pa@*{^hNnqRWR
zy!SpqVDpAZ-*7v=sP$>$Gz@}XW#}%H*JZb;jr&|3aWt}@;9D5X@f0X?%(M7GvryW%
z55+MyKajr{<yl_l&_f}QB+NFKhDjRS-Tf+Q1=svtkyA{6l0CmsKbA}EJ=Gq^6`lP2
zs>}KtCPl8gri~t-^cJcthl?6x>DiXV*o_LCPnSpDR}*hnCpG|p+%ZDG{Y5Ji=FTC<
zrz=oARW#)masPLNJb9~gt%fPM=w(Jy=c(0WjrOGM2lGOcVi`o<rh{L@XIE#@Yk=Gz
zgIGs?^+sXcvCb94>mS|blLc&YUc;lZL7mahBO-3anlE^PcGR>}(f;?=qE?*B%Z-so
zZQ4DPwWU4VR>#Xy)uh$Zq$67<(V%L}m&i8*wY31i<n5+a#B7BcicguSALErq(mhKG
z1Ft&00`0g$x`+@F)!U%#{ps+H?-qlMNVw4Z23G&p?OjA4Vd0(qfgHU|`NYW`^1T&9
z;HUAApAQ7lN<IdMm43`piQJ<FA8vCzXK8rj5FzQl|LtML`;^PgphEr*Saz|S-MnLf
zsm{ExY$~P7Uw7sRI;lI=uQS~nSt^VXh_28mgY{1SF%$YN5*)I6*%y6XYUWiU;>?=h
zBVBv>ov`=sp)j`%6jyL|F6?&#P=itFd(#6fbWDlN)TyO$-5`V5JIqdvpF#D!V+Ic>
z?)xoBuWI%8zV)e(Ir1h%JWnZ@pw2PeC*PBqa{xQDQ6oRhJh4=<?8i@RX8k<hn+o$2
ziPHxqQLDAl%l#eQB3f+<@lz?f9^(eQ0iwAJJEct8kzZ{`zNtLxa4)AV_X)v~ZCGr`
zUfd8LF>Z(Hl=p~g1Zgt3ev(^9!Tj<ejA9O$QeNnvat5J#%mH2;ZsYPN-}Zzy7Vd9(
ziWec_1ifZQ_rWPuuEdLJ0zCoqHP{rfMZ^Omu{Lb?%}#2QAVhatQ|X+Le(rXKglY@X
z#%!BE_#v)Tt@m7Mo+E@7XY-SPNUC?EF&0_^f6bWej&00}w7;0bdP!)*Qr%;#oJPA>
zp|0bQ7`pvyrrT<!K=EDD8=Kd*8`LQ+#t>HdJclBkTnuf{TMnes7d6qRr9&jf<?xEp
z_wz>0(~5EH#bd>oIT5P7x!RGvkFX<qz23vfRbu343!Zf<qHZR-MyN6r`Em2<_m%F@
z(5&|{l=NZ$_@c{fJo}x{(C(~cbHw$+NA|`$)|J07_n*SHFm()a=q1jj*FwX2Hg@N+
z6B!MfMw@u1c;ArUOcQYGv8{3XktQ8_f7sxHTDm>d2Y5MPUd!zI%5P+;DKss<;5*`<
zrip^iJ}_~fVQ*N66T_-tiKJoWqNZr{F0G*Rhy(VS#lR<dIa1w>3Wrc;FlB;8N6<vu
z-OdZvXb}BgM`LS?THOiwnv4V`)X1-g23kFr`Lns;Am2{?Azc6~jDQ}yTEy7@0wu9;
zf7z<C48S$XVL)PxjJ!Jf%h>57Z@06NT$Jg_{AJ2`ej)~bz5Oz6RO)Dz(Cu^~<H$DT
z63hQH6$8>MeKf(Jwt>E$uv3CG@Q+}&Xliq{nGtKP{0qE&Eup$ocvL2xzBmf|+<}<=
zE52`|2a4CJ-q4CXBBeU*PVwCWN*xtJ!8v|@dM;;^T-j0U&RrtuH)~5jd47Uj>n_=<
zNc!3a%Bi?qsqxnkGt=JXAUv6RIp?pnz#A4dia{T@uAg0UuRkrJy--~kt&0{snmlYO
z6m};|OJonsTWVUrf#UUxOV_zAY~A~*wWz*|jm{Bp{5f`!8UiDt6bpF;j{%^9T8FQ1
z{=}KX=BjrZ+`eWTF!#9|)XzSrQ4exu^LCR98{?$)%WFv+Z{%}q@eE9=-VUih>d!YG
zT<Utxyr);n%2;C?rp2Vv;k;?<Sqli}Ok^WJ8vL_Rrv}(_`^~9OhSkIz=rA}5O<3}V
zw|u>~`BoH=8B7QoGwL+`&Gj3pVRx!-e@WD+bs&3)4DtmiES3jL(Qm&3J8oNBuwkD*
z?a6#v$cWq?$zE8uAW<*JmF08%!dIY@1F1^<d1RC>f>;#K@KqbFI08gJ|MgF)ewGej
z9?n=|^~t>G=K0ZwB=fF0*I8aoOr9-5X!LA7rYj!BJBaZw6I=4lN<E^(kwm#@>6Qcw
zjw(T1e90UfSOS+hv%6MjMl#pw=mI&P^lIoPbIBP@D_+$dL{6T$ohtXF*VNvK`dD+V
zSK(4oEPjlu;B37^WEoW7-<v9MtoV}0Fz(ytWaQK?3u?T_^Sdu0sQ3}evl^Gz7Ef}W
zI@-)~a2Q8dnn5|vsKRJTnX4Fw!cUgI8VDMNY%KrMVHTTL^0m8bujuFy_8kON>$y7Z
z+~S<3Rz>HPhwjRiHlxfkYKwYa_^&O(uLQQ(K<}N(m+oYC)Qf2I>n8eU+VZFir)U@2
zUzuf{-2Ock^n&7gvl|B5qMn;q=itAdGz4y94zzC)EM7Vh^P0OMTeTm+(7C<Oi9CPX
zd|mma$#bv**t9Kq>rPgtL~bg<v8jK?vkblc?z%ac^1{kcF3eBka)<8TukB<3-+W~T
z?9VnslBcEdR}S-LA;$K9a{(g!KYU14qBZZxrgK`p4lVQ<xMbEZ`2O;Bj-S4izlTv{
z&=nSusV=N>N3&9dh*Ag*+yd=seeYzkAR#x)puL=KDl)g5J~IfRjseVKR6a<7i*_39
z8LsYKUxqijb#C@Wb04poUKC%k_3{CbphmE6e=bX~MBEq5inYZXlLe&NgTf|9i(ew9
zRk02(5wpMba&znpWTT(+T3*cPUl)`J^1BE=6O3*@_c*Qu6cW7O)<pYianR(AQ@S-I
zcf8kTW)^Ol(rix5c)W;Hm#;M1rtRK!GYt}r&K%S>ktj`DzfW+cj85k=T7`o!LEy1i
z{=s~38?_id6tJ^^RpWoJm%9SI{8%FB{A}*v(7D~K0%I$IWFw^Mp`{b(YDF6huVT(}
z4eDI*GDm(ej(@Yiy@e&Xl`E4mSq|@%D}Z$Tyqd395sOtazxTqssa}wkt`_54SXUG1
zg<oc|9Q72~=$L54J?<Tf{Y727@1^k1JN@(R0UmF7*6M2HwZgHOxCSQhTzH0{zZrm9
z(S)jT@sQ6G8n!se?$jcA9`A?RBcqeo2;)y@iUlvTX`6n^K_gMG!$qo*EPVa>XCb<>
zyREs~23kl}!QYLm1O@ptc}!-ubb8B9UpvS}p!8CK!!}3v5!=JJJLVhj^Icw-w>U3B
zqUn5w&D(4xXS!WW$izqD&o7JL-}@HA2Eo><zhC3eGgj!{)NY-fma^Z~x5C@kA$lj*
zAD*}tya)dL@q+HFtF-M5rEnvYQl?0c0)h;kyTrlrZegTSXKf;@lJARj&W*011~Hyb
z!W-`hmLbuXGd<ugTyfc{ZE;X^Kd)Oo$z(In@|3DQ?fx%zP|}JQ;hDuyfGcOCq=Ur-
zwK3pUk-N~}_QHv9;D^w_E)W!5Xha>2r>EQsfu_-f!P|JDsIJ|=6e8N>9QI&yzHr2&
z*Nolr3-(=sBP}E?Gz+`p0WhliV%1Z`k2U{bE?fv5*Hp3q*P6~UZKrncXu@f&16d?>
zEs!vbfPDP)tv5yR450hkQfahYmapr0Ff#qiJ~(sjOi<^OM+I>k1bX(86pDu*7~3@>
z^_+wd1u6z}4~FuJbl%<9yEtzAP9SCY4&LT6j%5)nr5llwzJ0&i<FJ4AT&X7RDlE1u
zW=Yb^S@gB*gJi^wE88>65%#kJ`}c<K#Tr-+0}1#aUc&l;OF|5@mFfb)-Ch`56e1C^
zz`L-k&4KTTMi%+)_pgFgS*>s<G58k_-ym$dY~v$0R|h-jC$l(sqBkyUbE}^1*W2P~
zXTA*%kqI}^!ebyoY`(pI(GZGFjNHC(3z6b4$ZnkD(r~X%N!S-ZJH~mF%14ZBI~8CT
zFS}FGjwQ@#+_5{>rAFgw+2tO&)JQo2IqEC9au{nhAkE!9w02T$9WJ+b7)<JD|Hv1^
zB;_r2i#%P@bw*H7(dvQ6ol+vGl_8>q;z8x3{IbKEfqFCe7#3`EwC)kB)Yg8YMvJjI
z)|iKJ&$7#Q188f<g4t>J&E`kqZ0^rjTdj-K_;Y@V^z#l8ZtI=AjjysYe)OI#u=}`t
zl`cL<)nQx1ep}HD;LnB*YjuG(8$nH*L&JE1RG9so)6NR{PfkNO^2o*A2`upq@5-va
z<Db6F(7(^hi2LNQd4Io5?roqA4Q`Rw^%9SFZpxw9c88<q@`Z2C!)fi@^-K629Sw~P
zgoy}B$vq!rjQ8j3U!hHwk^VH)b-NG@`7(CIa$~<Egw+RF>h+pY>ra1$9JSQ^HH6nP
zN8!{=ce?aL{o$Z^G{|J}ic-+&&=~of`br(%4pWjeww-?@!?B9Jm;akQFpk>wHS&{o
zlLX?+$J$2o$9`xig%FQC>DTGfVEj-4h0YXKt^DZl$mDDPWp?WR3f>3|R^pBqbm!8a
zXi3xvR@$k#$r{G<x_VaiP<~>|j6W<f8GoYQi?F}4arP=v<HHiW*YUu+gY9s0HZ{<s
zOU(m%c;j|M2hinw-H<HLu;l+HcV_QbRIGfbk~BYq&#~DuVHr7F^41Rxrd{6Ep2oL2
zUN2d=-+X=YqF5z0#Owiz85)Wca^5?v>vTb4S!WlFyE#bavgmzJd(h&IQ^y!7cbmY1
zy;~yYN8|^`<o#%uuXB|-x{g28NA)e~lsk1;5V{noSY7)SFGn>tuJJshZo8)2r!ibz
z8~Ka5HVuAmllQ@DmP-q?`a8j!5qabDLHF+#s9LFn|B%B9?uN(Fm$<f|RNl4KRZ00c
z=2wjND_@IzAYuEgsiNd)lO>#JFo#6IshpX#+sUnxuJ0Yn58J8k9ofs%nJ&3Pei?yy
z>A3{E20ky5Hv>HK>2)T{Yjh+_6|J)?H_`Ad{e^D{5R7XvxHnQz!d6_DAwso#sGc<u
zXEA#VVYnNsBQ7TH=eioJ!%9`p>r~r*)xRO4zP%;Zq3X{i?iIuuU+~i>@qNnpPa#_s
zP+&FWXyflU)5g^@lxrYPJ2=O%M*^bVC&rveC(MI03jP~>a^0dX^GP9NK1SRRHo9%M
zvKq*oA=-4^e2Bz#aKFtu5=~l!b<{7h@U?M;Wm5rDM2;WEt~{Vv&gJ>mk2Q|zJ^i@O
zz>oEbA~?=hU9KcF5I<`6{TgT9m-8-jaaJe`G`DvQx#ZFU$o=C*BQ9|l@NTjO)a>Z0
zL)FQg2B=KVZ}#Ujz7Xd6N=^LPr;%@;Fx??7kO4kjpDPL?w}XJ`ybs@@<Ufu6g1N4I
zAalfXp@LFH#1G08SW^1jmV_==@>caC8=vKb9H#@NNUAN!^J{Gb9TVBe22>oPNd<i#
z#0Ito!gxK7U%`7v^<t*%>a5jA5%ZyN^v3|Yv>G7_%xp7|qqBO8ULx*+D5_J^nIenx
zy3jHbW5I(OC{EGljvoK{u=mmmJO-U9PMIxH$ek~!*A%0L-r2(MH_1WAsa8*tQhVcL
zk3Hp_CyJ6>lQ2dFNqu~_R@?jUdH8k}dtI4&&v_p}i=U|^b;4WRBLwf00&zv<(D=Qg
z0ELc)#G9`6jz+{>Oh>iP<J9HYgrXVz43noa2EFUq5OR@Ir%=PV?htSyB>3+9f`unv
zK5WQFUFN2looUNUMnb|22)~hT;FUtRS1f4@kIHNxRRXp*I8qAE{G$A6(0mDtNTcGF
zHnEUyX(ahrM+A@TL2CN7Ki!MsbVn;&OdpniO@Bw6^n>@*-9`>VRsbTv7fW!1#LU;c
zu97tDI@TXH{^B=NX0F`CZ$=cV-ugQx*5lgx1-s|&F5>1Ls%+y<kc`xici8f`*SBl)
z=iAIb7_b`I^|L?x@+1Gvr6GGzFg4IGOe<JQN+oZfj?i^K8}U^x+T5a!(^|Lw^&L{{
z&&JRKl8XbanrDoBfFSXQ#xI;7l5^f28PJ-TQWOe7RuM(64*LEQDaB57yc$9rpP#V&
zj<}@M;*%xYfrO#DJU9W2$wocaFJ<i&a9}U<*v}g@i)m1dqL>vf6yKr{3sM83E!<Bp
z$M_#lb<`>&OVi}eE#3&aZ7?cFk$iub>K2&PPQ!6PiT?fE6MXf>PkiaYm_$@v;57#_
zq@_h|$ep5i6C671=bgPW@2=~9TT*{yq*eUQO$0*uW#Ni)eKw~HEk}O3gn7N#PUG{%
zarpNJSMsw>@{^YukOQfA`uf=A`shkqLtU}ybxxlro&FBSNFE4SFUhitdOcgXy_DSa
z^^z9*@o=qy0=s~`;@K6RDT<tgp?&jh0SQm2MvW}DM9*jPs^v%^+V4$toj{oY%j?_R
zj<h?UO->}jYdnf>FLdDS2gf69CWWNV%(s?iEm4PumxB<oegSp8f#-sJW+cy8k9&B$
zjr6?N3DHVdzBRVpMbr$i^OC-p4zF{y%o;{2$5_bd#w2L>gBU5!*PvI=*Y*P5o4mdD
z|Iq|NsL5wL?jCpO+MDb>xpjY+SPplj4c|<1Q6#U4f<Bo|Q9g}=a4u5=3f^b6{A964
zStUKC+gvhP@4ea*Qw-C&b2`>KyFv@s)<`X(Bn!uFLg&;m(taSjEja+=Q^sDm)MF=l
z>-XEw_U-Q!-gz)6SsYURVb*b8vqG>N&sUnuQ+-uezU3Bv^m}>uj1YcBPyfdW^hpm5
z7)2FbBK6~RcaZqN?SQVes4Sur9R)S4V@Uwyr^f6mo2#89h`DhOkBQP~1+N+d2j?=g
zkBpN#8h=A@+`55cVxHGq9Lg&#p)E6I;pQ%RuI)WzbnQ?|-c8YVh~2YLQ&y|lp({<t
zbZebq_XkVLw?W+cbvd&t;%kuin>{X4h=GCiR|i5Ocodz($y{puR=D=NO9TTFTZa!u
z*^{12Jo*mrlcg{3Zk+dy4B@Z-<6W7@)IdrhyVA?W%o1_n3sIfYjsUW$)%l9n?B+5t
zS6sN)5%V(K-hD(B&r=8%e`uvgdNEL&uTOk>c+Nwx*b|WJa`1tgdJ%Ta7q!?NhShPb
zx~rAP^UPx8i<sSX*l%y0(ja(FuDB@&*pwblzjXKK{09Gl`C-HP>}WN)Em1$$-po`1
zSZ&O&Sa2H-M`I^mQL?IBK1Y1E+06IsFY$-wj0O*C;fDs+E8$%c6jWXdY%TFbu)6SG
z5O1=fY#5^Mrhkpm&R4$~_dya$QXUK$-~g*HRhwUUXW2&2F|}eQ!Z8@6>S9pgP!wl&
zHT0*+qjISK^Sk(7>uT%DLa<yY?z=U1J)F%~(Vjw3rp5F(RCM=?-*JdJY4zuS@931W
z2L1lX{?;GK!?=ZLyNRy@hfDlA%jM(%#3&Q~EpT0l_<`R|F4;hqR{x_9JG{ja%x{n1
z1~ATl<3AEd$|dI8o>slxeUnDW7L=FaFExm2BzSU+^TUNI2&qFX-s8CIuc%LDt_J!W
zHX}vPAyF5?oLYN=P3Z<;tdcR{mmS3I60*z&Afy&R^y1C!Yls~QIlF9MAeUKU{O024
z*)LH&m3+K!T<nhwr-`+|3!AWa-YL~$=}ms$iY^jr`y8OkYUuYnQ=*eFjXkRu0)|Uo
zZ!CTm<~R^>a2FHnVPEos<r$oQ{UY`$Gm=}WX{@C^_*}rY2UC~-q5r3=6ZdemSTpST
zHlWTE^YeqN(hulJx3g2l2P#(JKG;|StYsHD-vWR|wu+8U#VcZrqGk8~CapjF%ks=>
zIB2UUyhAqUMWAwCtK<Fx)_dW`qdU|W_HZg4(;YHW1$2+^g}tNNPZA>7bS4<ECIUvg
zEjo71fzJKd{uiS<^O4Zzs`f*0O_w5ub8kF6oNHKS=KD)4cD`gC#r$*stvA#NpH0iN
zUx3@@?MBK!hwy&2xlVFO0bY34%VcSVt?SN8dcE-8VNpet3}hDSpxkuXY;Uf0c&8N0
zdMx&G1{4Z=&tPF<BVS6kV^m37pe@tohkJg1gI<U?JM@Dy-KRJJU*5XL+PU6B4fBMO
zWR|)po{>AD&kLSKx|1AUMX_9IXy3uE!$>gv-pXLU-I;&EATjO(r<B-@VH>g~2;AM<
zsb*nh+28K#2S_MXC`KK?5dvb`OSbO{O5}9l!V{gDq2yPhMDEs1Mnq*O_WlXeaZ!hB
zRer>lRBt14g3+_(wKrkPjklYv5Cq1<x$x6S@}GdIf%?l8wik-y=wC00i*@Vy3qx<)
z?(i*PUdQ{<_FZz%f|-s8Xi(d*VbN`zYmmfWYOi!S4-RJ7q+2+-P2)%smgdUqu6>us
z%uQ$SzqC<{<JM+;>qx)vUXL$uvK~bsd@$CQ@`ghYV#G`=x{O%*K#q?bAHVN|LF7mA
zapezrN_6w+;H2TP245ljCSO#)=`vzTBa402{5N9PH>S`;;7PY1?EyX${;rC!)ANnb
zN4Q$b^9ihBl{n<>9h{`H_H&$PZGDwo1FY30G^Y1s=Bo3;8_>4PGx43@_Nd-EMG;|2
zWU_BzwB}6fYv}@>8@q_)kuJyd+)f#$C$G7!{jKhFyZjoCVPrkMO7Avkzg9N8%Kej$
z@YEmEQLh`5LUUJ$hG83E20q!dyo@=4ERdsD%j^05kwG2P!Mwq1p9_q?6)NOK-q{Hc
z-{vzID23boj>Qz`tMPyr2aG}Ez1!5ceMIbUo$=drnDL^Cl)4TIy6hkcZV7JNR6-$x
z=CYk)UOdjt>P8FR96iIy4_^z-Yo2ZO#YMHPb!P}$Z@j!c<<%%on4K$+uJ=#Msn}Nw
z0A|5?5{#e;FUKbkj>ZuK&dPf|vk4MhvraM0`Jf?wQZ6o40=o&)X7ec4w7IGiXi3B3
z2pRX<7UF{wW~E5KZ5P0Hj-wN;z#G>YO(*vk3hW+c<~f0-vccFa>L!Y?x7RXW1=51)
zXSAN=3ivC9F#iP~nDLOH8%mhHL#&V%>nFuj{JF!4^<?(c6W4r2Qz`;5K<>AZ|0<l!
z(UIeksgWo<d9aWU234M}uL%0?^Jg~uguYRT|6ZlhWa2;huxX{1)Vh)ocn-`IBOXj*
z=^)E%W(`d01FU3Qgqejbt@vN{%wrLcwraBE;!A>J77`1<PWzj{(E%RTzXM_HMH*qv
z%*em;s;#<y<n+PAf;;_(1PncCFXcdy-HGska2}s-&v0grwsOS!(=&$emQ#MvWlv$q
zYIc1HJto19H<un!aKV5(V?|{LmmUvYMuy>+t6yNl=eumYP7!tIcvL_8RrF#<dl|cr
z!HYnevYAp-QSJ{CbF@`jmLrC~7bG=UM9){cX8=sc%fT*`$i-SO+aB;qn6EUD-r2-4
z$Rvt1nEtBlID>ObR+B+rYpPfd|Ktb&V)^xWoTH1qM(}xyG8LzXO-2F7ez23{aAMEP
zQvw&kT$y`p(l3$z(7R16+{OB@w{3*@4yjcv7R7T&TqV2nnC|c!lQxYrK4-94>_e4M
zLWk!Pk=pG5zUP3jeL_~|Y3<&D7rj!71j@}ty2}F*NF<Wg%ayL~%!m%lp$HxKk!@<(
z7#a_!=+*miWhMNn1BpLWjIcnNt0!G%7s9*X7nccsbhc~>RfX(Y+6(|HDZT0Bu>-ok
zZ|50QdtdHIdB1p_)7nB3NCCa>IttRM7CwKc9TxpBpM4I)55Ia{5PUSBaF|hE-e1SF
zKgQ{7mT<kxbb8OFL;^-+S6g}Hy6wt8CAzh1K0>GbOkJV-1HHa=I4%0*fD9HVx}rYK
zaq|M|KW)8gRC{1=<w~NbL3W(4V%pxD=7@2Q4?sae{sgZfb~V`XE5Zb>n@2HF6C{s)
z%Qj@5AB_h1zc`{!rA$Cj(v@uMr?5MO=2E@UgwuZ0caN0G<gsUUp-TJ%Abb>xvu$n7
zfefq#@31LggI)uih**|rOji9be24T8zN@dDD1dUJ{5^8ERzRaJC8A{2OsQU?5Svcw
z)sOx|Ytr>qcc`VEaAG6KTig*9Ihg(uksSW{(XjWRw`G(|)|BlUH3__IB=~+)F(7c=
zRAv;KQ+I4)mV>sVRq2b(K|$hk1la2sdAx-4RCI|;@R-%L@2H*Ku#P&Tpp1H%Kiqvu
z%vF(p4k*;GK-iaK--!-_D_Kep=Q3`d((lbckNHo7>vFxP^#%!flRQ7)T(oacKM+N9
zFd>!Hh1+@mPu3qHF9G*Byiaq=&7~jPc2_t{sDobLQ8Xiq&nQvmL_2;9*`%u%kuLQ|
zvE|!C=GS2I^9jX)Y28%cqv1sk@}L2hq8JLm-#s=y$(x2YmAA;4j--oGD&x9+DLp-N
zuz%>Xf6%}qErSaOBBAt5k!Wyo_(jd_{pH$%2lHF6;zBNnf!wR?Q}x(pptjEg{A?)s
z&ssjY$Ig;yCVsroD_)$dZV5q7v9^6X?bJ-K5d1zlbK3^TtMU`oa-#|c{IVG`Wdu{`
zf)=xi&tQ%+9h5s(`%3GI1?8f^H4Ol!=oyZ%-m|_l;%T^=YPwDQ;Rf9`8q_%fIbI`v
z{_P=8A@aSDYnDphv;G8HnH?9Ro(rkO2|-WaG}9b7N4h2T&B&t!BUppt0+Sn+A<1|J
z4#U)DmypZc?K&#eWu~K#p|99l+ThZRBwt*s`KK)6yT`__2`l*KTojC`&N9f^8u);)
zTTK5)$3pMUXQ5ZtA6{!7kLSZ~kEVWgkHn!66A)qD3NXtb!4H0rM!t7<$i|8?RXNtI
z6CC9H)S{7(SA~;m#|2xv7(X5psmKOWW95>HeS|X<FlK2yLvXUqze*VRQ)`seBeL??
zya)YScN6*YFS}y=<8^|W;ww36^lMoxHeY}xZqG-Ls%jEHzvO5<8HpZoJ~B|ziIn}U
z7LTXU*&I#Hdr|&zibHkywDL5ij-c<hzY5OZJy}9D2o_J9S;ebTDiJf`?T9?C2-||b
z)L$;`@J%~$$04{4d_!mWj}=$9Py*mBl@8FRnB{<<y~_+-b=2Ft?X#8oWN{Uo|E$fR
z_bb-YwmklAN?gckW!x7m1b)O?{qMve4}q#(qx#V$ErBk^_xdribnYzL_G<&olrPag
z`wMsUpjUO1@;k2@o#C4$OQ<5jRW@DuzMAp-bsL64U9vb7(b)lCQN|-&v>v13A_<ei
z_|CFv7hIBA@$J$3Wq7)!pHS}uJsIF?ABocO;dH|TF<@;2Vt?xJ31!<RS!8pO^;l2S
z)ZgvSuPcUpY5iPbj0%EqH>dcJpzEeFd}9XX2J}W<A(~i)KzomSU80_Ci+q8qr;c)^
zk1?L<P*!;HevYu8%VX;D5yAzkKxQv8Zg<$qZTcb}7dP*a5HIT$szf-Cmm~!r$%Rt@
zho4-<(8byN67b#An{RHe$3;3!KioIjp)15`v)WzA<7b_%zy%!{`X#gDyte1r6p$I?
zws2DZ*rC39vmT;o?oHoH*sOqKjxSA@as<Jy089`AIQ=L=;_N;%nLf)>y3@K`9V4$(
zTd|z2@U8N#^6&M8CQMs2?^%_@AM1{@J^;+FoO#h*`%n{kF29B|1P{TtL*h?5w$INW
z8@7{{u<<<3bc8oEl;sb->0&k159|u#xDuHfx&7lXTQI<PG4F$+0pbS3*gKGMQcX02
z!bFqx7(>&L^T_Ov-gIs{-%stzm`<ekVz^8vaCTka{w{%~Nzx{r?WWW|aZ0D@_eO@X
z<@$)2HoS-laohU~tQ%CUB<hI)m5+5{@Q7*@O}dsF>ju{owVrfB&F5j+)G&C=F+X<|
zJAbMe(hYqKo_up{&N&*jT*kTjar6uk>!(~bA0xOvy6rA9Q$f0x5(6R~6@EL_xrY%f
zyxkgZ>R<S=9a(DALMm!dNB?nBJ8AVj#l`w}5yrCqoJ%})>Iza`gRN)227%FswU;H`
zsh<z%;eEz(IidX|Y4f&D|DJCDudsL5u%N5(TQPxJu?^mpCt)Pu@)78%x?<{-fBrma
zyP0}xe)%C*=H#4JZ#s%g{nMrc-}c=Yw@#VcGw!afraNqA1J8z6<y&GN_KIMizZI(<
zv)#RmykNp_El4f_C2&5QsLL#z9BRge=&BqjNM|D6VF=HU`!A$2=udIU9pN&jynkd&
ziA?z)o}}z<>PP>y{Z?kU@2Q%k#&MB=<!8GBv>>GOzxV2)=iB~1#H~}#iby_Z9TJJ6
z5C=v_Re)g;8~O9|*mM{8HOpaNB7PE9PF>SUznR+Ff!S75V89dk3n`1`@|_mri+o7*
ztpYSm10FNN0&qUzU3DFV&W-4nWyB&gOu<PXw@m>vPqmx6vT${dq-M42=6k3aKYv==
zPbY)AcVD$RqdM=^mM{0FRty+e;D^=q8Ii#*vw~SRhT{sRr!byBQoo*{YIh(lE}@=d
z7IVaHUJdBLG^bYb>@(FJRg6Z}^5c-TYrz5F)Z$&mi>eoug3Cj3ju;irXs4|nNBERg
zDeSLJG4y{@EskPI>$h*+x-$sUHZgPk;rn4Q-tq<l1v%Kq&>6RC;j#OrCy21{+S4m|
zvkmSTSF8?9C5c(tD?db@XNgut%vau!rFcB+=10V=kDK=Meo=GdFX}d`pzzMCrte(v
znQFT)QdNWou13C&YWn)ZE93z?zO;DT=xt}htoCSB#Y5NKr*BRbu5q=-p8dT5*T0p1
zYkdK~F&Y1q%ENKSciBnndUv^hm`J0}B5`D#)jlsAE5s;veC~Y`fQTS+Q)RyI<;7=A
zMgcKq<U%~UqT>BARV!K^azV}TXIyYve_Fqmn0v*jKThQB(q!t!)U?%Ry^a)Gb3(vH
zGl&}~K3CS;@>wfsEfe14nMr8;AH+>#_!SMV1%}_-C2kVw6~Yoo`P5H_(vBYzErj#~
zk?g2tW=b2}f0ce%Znj(cxet$9B7jhw52S=U57_u|&RO4(Whe^2=LfQq|8-5_IZv9u
z>hf7_AF7gtCP3KIj)-+^zwh{vp5D4D{Q6^dynCbQ;HMqsBRcEMP7`S<KIETr*oZps
z9%<uO#sXKL{!5nptu|mdlH9>gAr46eW9xr&0h%Flf2-IN`$0el&1L5<VG?Ada`Y=o
z4Ec$kqMr8LF|zerj2~jS{oviMvr`9YH5pipg_p})uuzv$>0UY76*+?f38b{O>i!=^
z))Fk4-Q4Xhc#d(nOl>~Mj*|mFAM(cuC&rb0*&^qsU)a&U6*LEEWCpb>JuJsg$piD%
zfVWPc#0ZHyqHjs0{B?l3X+QEeKa}Ef=Nnwhmx$W{G6xOb$B2GO{SwIlF45_2!-pvs
zIDsQ8^yt?GJD%-8FuiGd%l2aLmMy6f-a$1k&&PBB3Xx)#XnU}tJ(!`y<K)LeufgSw
z)`M6gJtjIL{VMDeaPZc~3^plR?%<kY+A20<;GVJjRLOU$LX(EXUpj)oOfao(9dO}u
zw78$#Eq*)e*RvcYYGwWEGI~j;V^O2s7F9bpov$sv!4=X7JVvczhrIS^RE&npwT&g>
za=+s8ZePBs8{7A9VI3r6{~AHDrJTO2Mw5xDn+uM#3TZZYQWCc-A`#)uG9Q=6<_6%I
zZt5hhr3yoOB`q6?7zu`vxS$s$<*}>u3Wa9BUy~(k*0sm&UBIqjYxQ^EpCfF)>X<N{
z4!TS#9(lOjAJYtaBabvtZO{|#(gUTCg6Q?K=*1NjfLcyeK1^+IFEugMDA7m8X6?R`
zQhu4dAeXd3!rJEy)siGScID85q;ft@gdV8uR22;#<ualO!d)~XiM-qS&zzI_?+xbI
z`luQ<+q0_TWaG8QJK>)Ql_wzOV_74X(*FVfmgL{&W!H5Yz96Ja?mS;^+phbnNfyT#
zPCv*WEBxIDE>0E4k6~cJsJgPD`Rkgx#nJjA<Kx5SO-l$`T2M?Z&s*@Is~QbIX16AY
zJUt>s=ZU#!EKz^HGMVsAkq!Pc(9|cz8OF#r5NkehmD1vynehafJ<*2$v$gK#fF5Li
z$gzMPgMzxxQXU!6zHXW*bgPUTcr%3fWcN?ijE@K9n-^j@x;>Scy^BIzF6}KTf53r*
zot^$G*Da+wv-`7D<R|NVq73`z*u#MZ{6&j+PYNPnoEpWOK0sHdS-63_|2c65E@C*E
zJ(Y-c40u}GRjQ6K?F^UvMl*?hfmOFJkC*s~Q$1BXJno|XEebnXh1czGHCMeP0R{Xl
z_OSf1EVZqng*yHJ`^T?Jve{^wb~v?+(uB@O%BG#?hEV^*U=>t|Sm^e9fCT#AqlRU*
zF8PX0(fZ&#UZ(%M1>aQN^XVmF4e;Pv4*dQV;%>m>3YTF%b=iOYrIHWrorvj;JT%BL
zjTZeCK9%l<Z(XJS>mjLjGsJWOz#bvSvrc!tUOI*MM$CqdN}!UBxKynF{|T8*43UVi
zW}CgWn!eKiAxE@{4enZ|ns%QX!ufCGgrnLUwUzC%D#T$0tQ;IdN~<zISStUYVwL~*
zA<PPJ$JAvvIp0!>j70coUDJQC>a^P6Zpi=N+mw6UW*y)c2sO9;jSa45MdqNzf6jLK
z&umAAHTnU~-0pi_Ii<%{sdWEk6w!Z-0yMr%l+Ce8qV35hn09R#!u&6jh#_L3*%$l1
zPu#P1*>C!^_3c00SvNUA28sW8MMoa)h}Cbs&de`M_FYoRYmfw*SMirCZ<;zdO2D1M
zA<+HbJ2|c<UM60z9mRF29>+UK;Q`mIF-h{XB=o`L(34x*8t~Y^|D%M&CscU5=Jd2E
zP9<lI|9$3Nz0W7!PFTtRV(TxU;@E<<VK_Jh8ze|@5AK6AxP}11LV`QN-Q9z`OYi`}
z-3dNe0>M4V;O_bj=iGbWaQ=Vw0JE4`-My=7S3UJq?cJYNg7Mdn>{BWpbjyE!rZMBH
zzT$ChX=*V_5zX>+V)aBl+KT>Vww^8!-V*E-1-K>J2YfqYZu7Am>nQL_@h+ycdNcNU
z2UV#1^0yE6-sh={uHvlSdH$L@jpc^yqyZlS^ioZ)6ydFJjPUA<x;6I^jrS4Y(@(^g
z!^`M+*F=NO*%zq-&y>*l8lLH-KQvpnK+e}Fo_er~YRWctIA9z0#y8UI;NUBE%^1#&
z3;5kq1AdU3!9j)L*XU8d4Zn@9#;;Fe(Q`vybgJ&q^U>F0_&~~}LE3t_m8DHs$$oEx
zRQTKqi*YJtI{T&@#KJ3d>wJpjoNlt3Esx(=;QU0gJeh1Uv(hy5{@aH2s(rE1JZ^2z
z^IJ1LrBgBpaQ@?$bHttulUmlYL1z4y$Sb!$6zXp}eIs8j;hOxl$gZ;$7UfPw2IG}*
z8jo_J)blw_ZV!uxGUIvuzFsm{!W1aUg1W#6L|!=Zw@Ay-4k;R%X4JPFU_Jet%kz7K
z%BF{7%t88mbSa9RlrZTPy7KsnDMt&sn?tlJ)rc_H*OJik%Tx^hrr+NtX@alU*|(Sf
zHs<et;)b?9S!FCp=rTe97Hy`du%-9!&4(m3ePPny#2>$Su0K!cS5w9~MvHoU6*4+{
zTSflwV?YN2L1ozTWwyrO>xujb@bo%qgKb1C`Gw$sRom9=6@NKHWvrw28f2Tp?^y{A
z;fJBc#Qk2+NCN0`c6kwa%f9_BO@yE77@5VJGh2wLQQnUpyNjT`yEIhB_M&cI1y5F(
zR`36JBQ6Nm2MiP}EIvF(@>X`2z*F!uMNh*1iH@ZyDkS#0xUeqvRoLWeib@14)2ViD
z-rWnSmD%|a+B%q54osHx8k%ofyLR;oUmkYvpPs!nx}lLdlC<}X#TG{;nus@i`PWcz
zU*w1au)z;9!HO@|-=sp7M#FOOe5Z;JBG9ooKh#(^>H6CAA5OT)#1djSYl>xFoc9+&
zS0XX}J~aIN=#!n<9SMOXfCdRFt3)W2<62h>Zo_$W+rmr60PsYuiQ{WRdlce%{3N8$
z4229u<|pN=)>x?rOd#?XTs$~ntihjmf8Sw_F9L!@=jKj$Y58ju7C_BoqTRL4BRGa4
z=-A`ld+O*q(iB2iS*1t8F5S7wxpxGsiS>r==PTCxLRRZLO*#?GB+MzydQ3~qS<-5d
zp3eXTrbY;JhVljBG5p{W`;Q`HL`zEQKN!z18HCXDbLAXgLz_aD1y4A+Hx7bE6#nZq
zHW0c858cdaSVs3r>N?@y3IYU+sBa6$Nds#2JA)<vvy+lJ%%HLSm?e#ahMjD(phZ!B
zm`Y%Z9+j*wvHg!oHScn!5a+dPH<mDyuJL@JULI3`vqm}+jJ-eE@WhR`4!+NWXkDIR
zv70XwD-)~!2&Qq99`ryKvPnDlKc{?{3WtCH!rt8a(bkRYa6bI#Vs%H>P2f7Ja>bB4
zzVJC_0hIf$*XOmA!Z)suslG(uNDfOB|5^bO?#|=kVF7u2S*$#n>WO!{u839VW)P5S
zX#iuHxwapM3WK0`8Tvb?`l06OAkh=(bS5{M^Q#@VF#6qkbsS(1`-mGS9uzvQ$oaSi
zRLOsSVP61D`dzAg{~UKWjh<!~8pvf;s4k)towc!WaMsDS*|QB>>H-ZsA6<@s3*E4(
z*f&x*@(7U$y0wU}us-Hir6=_8uJqEo9k^gG>%_lBy1)eOka7LY)${kE2%{^r1w!?B
zTRe9Ew^Br4P?3AW2!UPVcu<-@$CrSP9@Mb~*U3^{bp2+2RYwH4l{|%d%<6xbhUQJ$
zdPeT$D9`p1DG76N+@*}nl59peupH^>Po<a9qn_Af%ESf5UOw5|9Q{t(>gbyVXjbx<
zzpeBYx#F}mnEi;Jp>OCneykm*j6T!)vbukw6U`GMSEgmgW|G7ZW;}wCd^3TWajIMI
zU<sKat%QmaAV25FRL>ea+9z;_WQu6X^eBxm_S|^}G9E3WrH@xRcfx34kNoKsEP+YK
z_uD=aWXq(`UHv{=vFw)}($<6J<p|3}#zdx%aAxr7-t}gSG-_`d1GGH0H8)KN1lH3g
z+Z<}J9`7A{;j$>Rs0xLB8C#RSw1xD64AMR=-F1+kD)P;EBcWE_>)+zw&t)GD*{RNj
zG&<g=TIy2d?K48}?I9UX@%g<KW5x7YA5PJ0{!uNz=196*ek4A5)KkbkoF=a-&xSIs
zBm2>F>`-Y4V#<V=`eEGlnKNDY(d+t;B<nc@<FNI6QOjwRMZMoB3BG~tZd`3s`u0&<
zwPcC>hqKiK7ydwXgm6Ir>v6Z6b(l0&dh*vxT;?Q|j;D4;qiN`;{+Ihgu9kt@!D@=8
zZ|(c8<3p-Urmtm4d@e7XwAyW7j?6jn>^=65;lDzKE})?2vRQ@;=yzRNlO}6K+ws3V
zbX=BE%mk8*&lQQkzI8O4@5TByJ|n%;%A}joG~gY4AHiJ<mujU;rQ%-+2V8Q&TitJ)
zj6ZQcCc&yJGCELr9xOWrVZqCzjW>TvN~ybO>K`cf?~e&dJ(io#25$Ruexc(Lb7P{b
zT<efSwPz~VNec~EGaoBbY%t0+yE{KRCU=iF#jUvX$8H_)GN^VIs+Ln<eGkF8K_ev7
z_cfUNK!;UH_=jULX7mqVe5G06hqsqEI2#O;fkuW@<HrQM)a^{G>l{Kq9J^0!2^U_C
zWeaxZqK8lkKHPt@sV!GQJ6vk*t6yt~Wmi#;1wqX~sX_~*@tt<W@Z(U}8dAMsVlo~7
z<?AoO-}w#iDoK&Y5yM0j$BmjbQm?%qLMh6#%$C|s10j(Iw*#kD_g|v-@rS(D!Css2
z6|sC7z9S>rG!nN-9qDFMPkSW&Ju^a`{Z@QOUTL7j$=7BtzNKqDz7tG%H0m5F=%Uo%
zq!}`bfd4yU;cBK7>5}B!^~Vans|u^LV7BjJ)tS__iox4BrIAh+?*3)fxdou|;V^=(
zu|y+j7WjI(Vt2K5N-B3mWpSZ}{1UAv<kBXV)~cDzz3#gT@vH-+KQOhFYNG@l&A)Go
zb^%L9lTmzJhG0C8kLxx10>tW0zZv`>?#|WyEzd)eQ`qgmUA25xDgW`$H5J$QI5G$I
zebM9bL`nV{TK=`4StB#fcTp6J&Bl)*a+5pVZa)?VA|veKQ{P!iQ>iV_DoQQO$5c~$
zqHlCm{^OMr{_B<GQ9My+WT5JIjw)Ml?emQ+co{0ZNTg%%2IhK4JL2qHg5C%Yjowos
zB1eP?@DmZ?tC+WdqdF|`UOHr;D*KR5l`#%O2(c;GaO~>`wh;t@hYuM2s|P7N<GRB@
z^SOE=#FkOqe)O${7wDgy`zoB${v2h2>>M9~#0zz@!|#-n07GfabcHMnXrJccDK6Ba
zyzW+jg%Nf=%aAB4r;kVp<sabSq}@ANj2YN1Ooy6#XBs^*NI|Uudrc?d1>gkZx!}n3
zQ}GS2`Kc}|8I3bSei(<M2#MR3m3aG~_w$drUia7^ZXmMjjH+m&qJCTRUoo)hWMRi>
z=Fzv4hT?I*3tZw%kNh({OWXmluYzT()iCGZDa@ZpkzzvN4XfBo82YP3pcL`c)wRNC
zWtFR+8cwC#NiR%v$BfTVx-e<+Bf8I&*J&ClKTHx*5)xxE=BpDL@uH>CD{Yh+f{p&$
zb5ySK6jbs4QK{}E?G<hdCiUS71m?85T@+A<;><ndGjYoUOkBQb0j%>DpII657t7^F
zv=C>TAG)T|UtLqdZ?tj+_a;omy74l<PJVW}<&TuSwSH%?`L3qKEq026>Z8+6I34Dp
zLHEfl0hbAXTK&Es^KL8Kh}8@5<41gB#>pRp-7U5kSKfA{8=k9mbYx2%qT!zrVjA?6
zhqc;?+UC>)qznVDEik``m+SBc=vbA6i$okk6nU#{P!ATHgU@dtMU%4azubHqzWS!h
zCYd5!*3rdDKbut}Wa?vbet)eP)*8!=WjgcWE*dH8`NUJA=_CY}%=}pv{R|6??!cVs
z0ReT`5#9iX;2AdMgH855^gG`~1Nb_Q$0QwXGzr&Czl(09MY8vM@dBCBgLHSf0@5LJ
z8GOz7;vT^6zJTf2Ibo8|xOSbLzb1awYGcMmb#zo*Er!aXDi_Imh|k?D?_Mr8dIC)p
zo%@>aA6G^@G%EGx2#&qedearZ=*dH6q*Nm26k)H+G>&|AgK$3d5Ln-VDb}yk{o}W~
z$<W)^zi_~4>A3|Ae@=^{8}AQ|s}8?1+QhIa8)OLBy$ERG1`_L5+R{6cZGAB?W+3t|
z%GjOO9nZ1oP~Q4&>dMqoGyD(Fmg$RKc^w8rgopHh0Q)Iob;==7Co>DxBo1rO_ENY_
zy&J?X2u;+z(pb{X8?Igzuw>Ez|Ax0Dy`C4pjwXVdqu&hW&vt7pqibE3w^@(Up-hZ^
z2~8@&hKuc`0}0#$g%Jk<+UXj4*Y&3ZSuHO{iRV!vIwMt|r)l!vCL*E_Jz|RYk4Uze
zkVx{&=@qJ1ITG;AqH+_}v*+KhE~W!+-@X0?=h0A(1yO?K<|e9@nupreHmC80!aav3
zo5>D`YU%Wk7^$_Fv%l^dmduvDWKxC&9zR5VGrajS7Dp=|1sfz!Av?a#YiBF4Ss}pW
zEnM$I)Q4skG9rB#YCL0UY1#d@)ZTA>Yi5X0`zG=Wb3?-Q6D&LOxfq3GD6#NZyEQ=S
z3YHQv6#de-WDrr9LMrZ_wM|iP)?By~PRP}p;1ic@O&&(ye%6B@x!sFvsJbTwuvCUY
z)f24}cs$QM?ljJTF-g(i{NXZXziN9ZwBZ6KzHqq|Hb$<sNMXH#Fl?9>$gTDfs^G+h
z(_s^##JqU+g7^1jce~ia74MniYwmE2+V(LZ0r!YFDEE>#wj0_+-KoShS)N95uhG&d
zq!S^>aJRj+K}e6hrTXs9g}rMvLiK&dX0L&P<mBOp;Uzektc^Z<WF%=IN%^xN37_W&
z>)UBP8iRcAix9BSi5JgM@ZRLf=$_-b+p%uPfEQKV`gyc>Y;g*P{q@Sl$q~-Px|r+4
zj3fpLKRM*`O9B#^j{-~kpUpVCFQ=v~WR7=BLpBL?q@?tqVQ9Xz=-!}Zw`euqtRQgi
zsow=eK@E>Vy{T3GF+AX5MYG>(poG-4*Q^}pc`K2;1~Ohy;J9o_JsC|7&(|)JVDE|9
zpRXV22&M+lAY~=!54sFt>UvQt3Ua;o{-E>bd}qo<AbOO)plX3_$D5Fwr9du&+1-eA
z8o!*C_|kpZW;J`Cs0rWlw|D!JA9CJCPHtLzgXyh|FZ|yx|9Fuwy?BB}-DZhP{Faj{
z<=FA4c@?IU*_iFck1k}S87bd&OCz{s%}E6e#7cXr&Kc)lhjJ5LG_aAp6O+ee7Q(AP
z`uW52E+#5XDEd(|o2Ef$PI|7F7Oahvl~_3P35?IF6JOEcsz~a#X+>y%+<_Y+>!M31
zfLcGu_;@erC3RIj|G+In>ak6=y>#i=WU2S5$>xNS<E+HU>Av&9pb5H}rM)hAh~w<@
z-Dp>p*_bu-E9q;OOO(r_85Co0Uo$o=2rCEa2$(bsHE=E`k1csfKHTohxovz4F?v|2
zF#g?0Kc06;eyx8Ia<U<9Zogd_Yk!!J|L%j01CLDt5$n$8$xWpLcD{Ld(n%j($CHSe
zR4DM6muZ}Ke)CaezuNYZJ4ix58KyF%E|*tSb6#wA+Rz=ml$qE($}gK;^WQgoJh^Sz
z^z?BtQzZvjEzrIMCNA!r3S*PQ{QUv}if6j}FoSNW<Xe;~kC8MSvMv_Rgeb9fX6=C@
zmGssW1_YGO0zPqY{V)(enkhe;Q=cR{($^F%FXb@{f<^52kL+m9ee}UX)h3hJsTcHu
z)_c_+8eg^e8Z#pl-85Mm_YnOE{2#N0*Rh?1e5A9`h_G3sg)iH&4bGZf*SE0FJ)90_
z#e1zAh6E~vS#-Vl+wwgF*#p?@CsINR^!n9hn=aio+YFQk-=o=mQ!#K!z54x$?&yBM
zUz5Xa0sUlYnvuHDDuiPi<Z)^2c0Y@9vKR-O`Z({xuuP`0hXrSmXx=ubR;gXiU$cfH
z5864uJF}rFcfgcCW9$gI5*ofozBK%R#2<(!gY+bz(f<m_?=!95N#!;ja=6K&(c42j
zNlYT2i|iu*k()nw{yqos-iFhQB&`RodC8tyI4f5xS4Yctm1H$T7vDb_jU9-Ylchsv
z1kW2zG}P0Eq4r$u@p^I3!NcUc^YGfk-;!z4S*p3{Tj2--C+l+#*z1vF4+&An+6tuf
zKOOckVtW#D_N@kVXecNs?CtyEQBeG*!>LFFoK=BV14+4yLF46yxm=dGB|qwefWY1D
zg3~-#o7f5N^*@a|DINQ+Ui;N9V=O2(<9n|3#*k^yE(cBiI}&rO*&A1#44(|2hjgC;
zQiZ#RwaaWqShY_+{K0t04^0YZmB)~5oZ<9m6H+Dz7S<R(orS$9i6BZ&7v6;+u2%Hh
zS&{cwpiKEhci&;aB2kygqHvAg+8q)Ql+1k<i{zGqo<oeuZ6!#|XD_oe^&Rpa!1qgJ
z<e|d+e(b{5i*d2o&Kt>IxF=Y-^7xhvo$0v?km<C5?Mu+ii|c+3RFI9>nLk(`kf`8%
zc^3e^K^HPth8dAE&6b9yT_wJoGHMr!T-U{8M8Rv@yT+FV{nuUBUFUwgR2^hj_nn6!
zIMaS|o*?I!jJTn|^7r1(CAj73?A-dU#}Yn=rKzB2ejV!O8!2-PD$9mHWl>TBr?a>U
z*vA6S-5-{;W)nJ0whQlukK^MCM~pRYLwuoz@R51uh;8Si-3I~8jm@tMf(b2~#Nd(Z
z;eQS-m1)0sk*EdnL|wEF?{w?J4g}?_bW;Czbx-ee=1_`3Qb`bI1(aC8r@G{WJXlV9
zd^wW?%2pMg*`$P*$6<s0@Eqekc!WImVn%l<)ku5^D(^0qHsiE^FF2~hq3dz^{(7OV
zg05$YKh0BaqqW?KVM|i^gCBse^TsX`Rr^4Xe&*^56WK%>mRjVm*9yBI2Px2+gu=1@
z-~j{u$mu1J^s=QN(<uKN0Ztq*SKIiQSlOVM443=N&u*!ZH>--HNaaXcm`|r);qP=J
z_uUooTody%TVqhJ{B{P+=81bACa=PLQ89_`gNs?%uRx~jEV&_(*@&T|Q&54F7B`j6
z!gU3QJ+m}eMRJN<r9bpD@a<F|;Qsbi(D%vk3=n;sbu7{?{k6wm`;mHZRZ=Lx%{MDu
z6^~Wzdllm-y~p6|PUw+?Vk@-b-g%xQRfdGJ8U*{RPYrtM$HziFlxG4Ef!)Aiv*hfr
zJ;d=S{H`XEzFvvA8r7)LA3tU8f6qBuu}TPhAlX?$2BvzX$!;E)^ow`={IdbweVdHg
zyY^}lIh+i_In7xPx$}k)(HD*sIbHCCDZHd%Hz*p4bnsR$!L`m{=cZ_K&Gm7a8qRz+
zRH*8;aM)<aNHYyWXRz~bWg%M+NnD-l_#0qQkVTT!QkBU<e!jWG>})&TN~B(VRk}Yq
z!s}fE+c(9^O6#5*o&`B?MN|FlM|`>v{S_dz<p@NRH||K35lI1GJUh}&qW&{dY9*+)
z{m~_e9PBSD?M7Kr%84i^T7oHGIsI=hfaE!`j$OQ42oKcQs0-ZoLQ%eB_fJ*qotC<A
z<Aeg=a>t7#10z41bk8vSk7nM4bnY<U4)*_mC!caOm+R{Lp*>I%|F;c@MA9lng+zK!
zOi_Z+Z_lj1LoLyvcFtkqGE~OZc*s{Tz~||_9q;tV%Z&@pThdVczEl1aq>9zxfg5CT
zL9@4?)zU3K8d6LtRem#X17AFYVj?3HO64Juy=i=H0z#H|bH-UOfj)<p45iLM9Pt(d
zLQ3bBBM0==Um%vZa}A$YrrG<4W&d?G<SEE^HES_U14~2q5kZ#@MO^dr(4P(O5A4(*
z*%bJuf}W}CGYJeGX1X_x^w!6oio&x2U2&)tLRNRb>D9=g0t@3~7cyg31eY9D79z!U
zTmZ<_*(%VXy7jSp{39zrJ*pR7n-yhkF!vAWXO|t5Lm_$-iT(<e3d~a>&n_gh!V6;v
zE>j-VM^DeEmN>U^u{X*^WgDe+hJ5nh<cAJYuuSNcr8*ukQ7uS;#FY1w0*sLt<6Z*{
zN@M}t)5p6hLjO255jL!u#`~P%vAH3y$e>GE?exPq>k(~_nRU}5xz%PUwhhKtL@TuG
zZ+<4y7bw3;Vc80XPFf4-g9(78bCalF?2S}JFUA$FQ`hLAfcBF|bA|h-ok+c!+{$m`
z77GPAv9}AVG3O3j!18hP<H&+;S+p?qwwjoN*neyRKJEp4I%qn<ea6;jElq^&Fq?d;
z5yz4Pa;Ap9BUrMqZ$TbHK1BNrn_w5O!V~)|jE>`W1Jc!mC^$~>WKFF3Gk9s|<KC-$
zc7@g}-3ZMM!Xt?IC^)>|7BHVNzDxt3_|vMBsF%4QL@5{11<Omn1j3|7tF!#JZV3O1
zQE#7FZ@tJ6j>jCApP$db<1muOeX<q}0-sOovO?dN+I#Z{EG%f5kLQO41_fotK!VYU
z;HNbzbeQMst>Om;WWvJ3<2grp#dju4HS|ds{;239CN_3y^|gE58cmmLW8>hgT?`6&
zT*x>(*Y7PfsUV`irbZ_MGBqURNk_|N@;fmo$A7W0>s_0vGOV^<<nNu-=6BqRF)}v(
z*1k1S6kTifEBD6_PtC)ZsB7p+G?n`EqN&N668-w$eq!;MT`CKG+)FxO*7BH9s;t`k
zZPfceru?r#=kx*Itm&_rCAO$YIi?33^7o_-FG%8A-tjVVj{okA>G`^y$YRU~pMFOR
zJ70ExwOV^e&mG*qo!L#3<gZWwfwRHovtJLzM!Yy&W>r>Jrja3k5f~C8f4I~(c|Hbu
z)WT!Y`e1GZOjo!#SY#X%y3BA#M7$qj?a(qA%VOqPa?NW!8<&@>oNe=HSl`%?HOMVJ
z%1&fFSPdadD$4f$xEOKsE|Xtv6!hqMPPos%ogbfHTrBgk?sGxUYh)goaC}zvORA0a
z^?|eP3FF=`uXeKZyMqT)O|$4H3Kin34EyEMfmYO%lw!wX{=D$Qih{?1XasCI_OG}X
zx!upquD9}{f7>YW<li2&C_WrMJ}9Edc0e0RBM3RANImx0)yN=@bLK^Zx<2;>-jVLD
zj}N!@v&PAZP3Tr`_vh0akZd1ySO8eycCSXLyma&QYAt%`a@mJ<ce)~(MZ0-G98-vz
zXW6p`Yy(c9_ZJ2oww|hHyX;Qw2insrq)`uu(|PteY$jx9v$D1x`Fq~(H<XMvEZBz&
z-fZRROr~N^lEUuR>2-TW8eeh>QM$-uz692pj#n2vbJKe4um?hxj^eOxC44(dVJF+r
zNT&>ePBf;Du$62z@%^f$jgT!ew5~#@Yn!=SAERpcQmhniizLgXR!uyn4>@R$0MH6L
zOjm()G%1I}=3Dc{<~nRmhV+Nq<wrR&G5@puU1VcU!#=d8`-^$w4RGRkxpqsOCHeci
z(=pJ=tZB9ya2MwwJTfv-p0!Pt-)V<hQRqCua<*D>b0nP(4hcgQ7H!Tq`=f+!2=W}_
zS2&dYmJ=|e@zF}x4q;{IBSnhH!1aE^a)K#FAo;q}K@;R<t6t~ULCYZvm7`icmc!<7
zEEK~QLnw^UN%&RWGDUj)Mc`~`Lq7phg|F9fXh^r={TTWAKaNjK6qrvG$|?D~49(S9
z$O{%MdEZ(QvKs_y+4a7XtMosrH5$a;hR#Fd(hv4z5^1Fs?H_N>cZ<A%)(amZ<H@|Q
zM2|(aI}s?Ss*Q&dUYzfgR+PA>3N^5i9tni90h-D8at;-RuZ`63;NOJ4BOqIejf<mX
z?YOI6fIj1fbUGFDHw)};JxL5m9SU%NNYBWO4J__tmr7u!&v9qZetZT^kfmU0F^Q@)
zxf@}i{ufl+`pPotfDHvWHzBoad$)HaSp6otOZ!Iw4g%4mV*BflKNu@obD>6$$KRC)
zuixE%v%|O{1XCq~%7UzcunMO?0N7!mrj~F6ccvry2jfW`5srye`kA7L=~KKVlnC}X
zXp-i4IVkH1q7V<32|!GYIw~#+jnNxP=SgmIfG{Y-k#a+w5Uy)Z>*=U~9IxxcHAGFb
z9Q#MjS8ae~dDG_W1|if~r2T*+$8L0<D<k;M0C-sR9otbpNU<Qrx|aPQ&6nki{rOil
zHtp9^!uMw?G)d&5OigQ10;=;^n`mO=J`bm4Gz=7N=To0J?AK*z{I#7X)k;80!591|
z`6mE3a%!RL^>}a|B3cY!3N1?ma0`e-_d0_5ieisd$<txZu{T|)q{1>sV86->=p<u2
zBu4)1ig7<)WhkxL?D*}(*}nm|^$Rp@C_V54!25-U!GozPt#@Irh4Kc*mzQa>#_$$>
zRO=qvKEAJ9Wuki?IgoW=gRM4GF1!qo=08f+DqvUutOubRD!T?pE=#BI_@nov(Fjn=
z?Gy%~+(Y*bbFKW4*q^FRnXiHi)t>P6XET_FMdx%}T-=0X=dM}q``gQ8X;Qa*>Wo*d
zJl1XJ>c*WRUrBVZ0hTN1u)kjDm#>%~_u}gg1Yimmw+cAUu;z%%aJVXpP_xrz48pP!
zDvpPcc^8j%^VzQWVtbI6iCp>F!dJbZM39KJTkE5Tfj<u*@V%j;Sipmab;WerpHq7W
zx_A7h+wp*+HdAXJkDZyss>`z2;&Pe)#riM^30*LNoMW5QjP_kdv7r0I)f(nGajPp!
z^A;sdvj{-c-xlr{s+QfMrfFuuj?c8V%b+6YK3~wclXQt&O}4kU7cBphROHB!y(p51
zM=k_|Bq147Fi1)ItO`$~lZX;K@b!Wz-YEH$w(Dw;Trt#bJQVeixju*>2Q>Ccz-D28
zXgT-2ySOBk_wkv&xYsyL@_^5cEKSHxWC$WMeXAhDlC`xxvvU8;twEEH6;#;1_1QcX
zG^|esj=HiD2as^VQlaR(+<y|Q*-ig4yQjqJ`^C%O{;+LWmPsO&vpNhjzhU3jm4umQ
zVN=-QT7Fi`zOAl0it?34lz__w)bBjp9wuL1xpt*e0T9XI-=?sM2F>};yokmiIO=$~
zv7lk-9Kaj{xQ^XjL$Vp(5=PuKVp6mM#86Sb*0VIOz&edg@-Zix6ZN3F!h97bBqWrB
z|1rx2P$#$VMD58SXAoWK;-i-V7yz<Rf55<#X!Y}P@GLs2q(W*T;dsFeDh*!_M0vRa
zZ2}r|aiB_R6p<K5fgpX&JR0z8z!6NdEyTdi3Yo_4p|8dNGf=FY=V^Zsj$zo~w5yJS
zj?O$m9D(9`Lry)nJ{X^f1ii;o`2)YuX(*P!9;0&wh~A0c1F|rdxOhJy>Hj9r`bx$|
zy29S`qyk?(PM1kiMY6SfQHdOvQlatrNWHug%|nsEU-mI;ovgIayc3l3DK>$n@mCO2
z)!inZP;{HwB2eI8_kAV&lmJMdzt$PK`>bF`XdX8%=-d;i9%iWMNwR<*)H_dQbX<?z
z|Fzcr!?w8l^(^~$rr|Y9WZ<vJ&m+Wo;$G4#D_sHLA-G)BRvO3Vt3Tn!P!I(sz+}&}
zny+VopZ->qRU$!5uxj@X{YP<EafipH^{bnge^6SrVr+j3odh;S@^!&cF*7R!4caHJ
ze1n5QUhN`(?|HfCV%(~G<N>kOyj=3AI4SIEdPC-Q7K_bk3&h;PP$VK5A5wEWLL>xv
zx4xW4?CQ@T-|@WONUpYB6-#ysvJI*xR~7jULuOimdm6z1mRK+nfPo<!;t~)8W5T};
zFbfI_l3Vv32yz!I^AicGU%k{5_Pny4#0Q9h<;_s9^2(3?`0>I;<2(2d*n{bdGHjh=
zFUm!?YJ8xrnG9&JN3;AI;@%N(Zux|A5^(B8*I2By1y)l;ef3%S6}SsEyV4B1KEigQ
zpTpnOu?9v1^lIjz9!q`s$z6GU+{e0eNPjc)yM%9~?^&`eQi)ZJMGC|y?mIhB7J{Y@
zc7d}F6UWov*VgyssF8u&^90xmc_ro)GNT8tDUNY18Q5`L!#QERf<uKRNT=&U;ot<s
zT(%wL$xS-L5whNl8lbkCk&A6P*pef2ef}-u{dn)<WD>>)g`;mXy>iF+?8<S#qM<<7
z#Li;OXmkg$EVh$nmu0V=7ar8Ery>MD^e=h)jmNTt=mK@Ry^u45Ek=JJN>GN%Y&v+_
zJ|=4Dd~0=D2xA+-%tZkQ9R>Zg2D~3e$;F(Du((0PhXz>Am=$w4Oge{9E?3M|;$(}8
zHgz{%(Fn0E-VFM{TIc<bPgr_d$3x+s^as+76kVWt_?Iv5Dbx76@(?bm1c|{euQt(#
z?aHJ1-V*M>VbYul^zgGuJeZAj`oYP6@eO$ePmOHNX*#NUM~?QDmAzbvbS{X^47myM
zkYW+~03k$E8op@!(T~`+(l7i+SQ%Y7snbwmCNFrr6m#{u3E%z2f<T=UpcNkMIz!Hs
zrWUU+Qu#F`5_CJJ(uHU+lKVYz%H>YeX>%V5R=k-zHju!5<_g9tatvDxwdV!Fic^|^
zOZmy!&pyX{Les=f@@NNDM>F<&v>%^Hgxpn^JPw7<8JSBuiTa4uQDLQbr@n7&7iA}{
zuNzfdiRH^GD5ya_@jFoh&Onv`vw%~lm1`Kkp4l3tAkib=Bi|cQL0^#<`Y>N7g>Uyb
zoh~BZHJ3j@mN1@(qE|~TE)`I8Uh3exk_h__;5=;bY82ofGTN~0U0N+&%)5ZJ3TN6Y
z^5K^$xbqYxcQBl_{SEV{dR5bD-+~d7cnuvl$)HkkvXzXCC#V#pdCJul4jJKDR{cRN
zXhuHchuI?(f#AB%n@thuU}Fo~ff=LC@CmGOB5z;4+$xO*J$%S)gF7U0<y;;9Dsb4U
z^0V*>EQA>#*O*+)9M>MSb~s}VfEQUo-)+4fWcMlc7pE>Pw5gxSX!n^94Gx+P&zw{-
z47?md`d0fmU$d_HR!Q7|nKOHj?Xd?5A2V+`s(9|T7q2_R4Ab0eitu_UW9ZQjU+nAf
zW(GdA^*lUCnFJQC)zHyj8VMerxn1O^$Opzy{-btZ4e9sq->3F<Gs5Z*+HStY?umoq
z#bnpOt#qdWroeN1Vbj8DE{d~GMz~xAY(butDnHv#0C;k1kx)NdI4qPU;Uir4^;qfO
zhaMMu-wr0X%W6j7i}^X2vAE8Y?-2#Q^m=$_yld8Ovo}-40ez^>_IN?KL0oF;x1C~~
z9(335<iCjnF)In#^n8cYxaGq*0ANZ=IU(v;On7=^D?otl6xxphQDjkna)f9K)5A3I
z6o~<tCRr<Yrv&H32kHeA$phh)5g_}W>Bz9eU@7etO}GP@X6-A`=#n2nuyCgv@Mxwh
z<z^)S^LJYS5~lifrrTy};&<9ZDi}Y#Qz`@^`RG7zx>vFtQ@EB)i(zGg&#2DddjH3;
z%7#VnOdPD^74#8Lnm`DUM#=rRo`?pJ9F%Clvqn!2a)YLk%bb4ns|%zGG_j;WKR=t}
z_jZL}POn)2ynr8aWbl|+F#5Fs@Js!MTG6EiN7p=Zrj&O8T-$ooQE_&<^*Z|vIVb3b
zHz=fU0Bo<h%#>(R7n9UV)xUAN0i4mCe(>=^6G%f@Gwy}t#KZy#qFRLMMH&rH!S6gh
zC>h;whophL4tO-3@cO@$=v*t#cBd7?m`$<(k!e7y5_rx)PKU&wq@gy=%YxsFuDt`<
z#X%HYB=9T{Hk%dLzM~gnW?Z41+AYp%YfwkSD=v&|9&+SbjxCsPi>@R6mU@NWkDKpy
zBV?mR&@18+3Cr(6S#rF?DR$`f#@|dyE<+8&e_%~rsBg6+^O$A^B}MSas%)N+N!e*l
z&KpG_ewk)7J;>tjiNUi_epIti5yG=P`C$wLPsF^}Rr$F=K)BTC#<E{prvW?r^v#Uw
z?wz6jzbE&jgEB?88!hseoC_TvtRI~}?@~Tdtj42ufguNiC5{cRuax^=|Ch6&g#|md
zbD7%7h3e0g%^eLdIBLcxM^#$ITgiSaV0SK?%ONjwkxHAPT$6ei8bPLVaeiXI^RjBQ
zVxdoT=C%4DKK$t6tSWy4%DJTaaKQgiQcR-coTeR~4UR=LJ7BqHS~ha`iVV4~;O_tZ
z!vB!j<T5A;$CY-P(&w9ce07-qyQyy5)wId}k)Zw$Qfd5sGT0%78qFyk_VhEVuagjL
z0`(>em=TCjok>dH{^N>QX#9qmZ#O=@1nP{VM)i}=poJEODA=AMT8KV()hlm(NrA*T
ziIh-IloM1`HLO7jq+$Ohk#NvG#_iV~)RqRNqJQtLD*P)<?jVuAB!g=cl+nsn@4k}T
zrit83usOSjHim4lL@7OI;{NlJ*e>={NetFXh2j^K-<!@lQLnt_4DpXtLx25h^7hBl
z$T}`G0yr(P|LeZ|Rw$v$+U>=)EMxkB9`RKVN2}&b9mVr}gzbMg=2rqUQw)@}d}ZE^
zG|TvbA8KfA*vBf5*JduHDrLt|6LlX@cxLY-*Fw(tAAhr!oHWnu7j}DaN3X1NRyxG5
zz2clytRQbDiIQ>ek4GJ2aLV3xPlcS_vt+r9>XO~;*(01%K5|?)nq{9lsY%exX(-<d
zZfIcXx=b&gD;i(leo-{u)t!BC+T1NY-YECU+|||eo)q$C{PYNp8Usf?f-hKiHKHKq
ze7khlNssq`q=kJ<@JN=&;31ba1YK=D$d31;)*94ad0(^-(oSpM7uc>vd_x)R#kp_%
zZZh?si9x-R^uHDIB*3Hww&Bgklc1)%wx()6kj4L@ePf^7EMFe~kzj4~^@-s^G`~K8
zEgFfTEPcjTROaiTf%D*9^l734fkupk77VTUMtOcNp)Kzkt$&g3uDG>lNALe1qC41E
zwsM;)?3b5zdvtNO?Pa@%k`|AV`&hAX_iV=lMNBL${fMFTTeC#odT(QSUK4ybeSLX8
zPp+QhkQ(nbl@`@v7~?N6W4pAZ(1*$h(_}FclM$2A>>@xyx=Dwim8I_EOu}jD@@Orx
zXdm{3$9tuUDDA%UWflsWr8XAlIw&@4nS^-#M<U+jO6rwi+Ynl##1<vBu2T>3i0#EZ
zcW5x{CjX`RFC*SaCwW&}RmC)n&MB0O9zoNT^x*g1yLY#cK!3gKxbs^1HD~mx-@nIg
z7&hzzt6Pok4w*I+q_(2dE!aPj?vvM&{C_5l;ZyA{aI0N-wEcBWUP$D!z6aF|F|UEl
zPTb~uM`Rr!T2&7~o;LbL6jHFY!4_?KxE9jC6&@vpT@lxNLyl&buUuso!n$L<7peY{
z%g{0k%zp-VfWqrGb5=K=3NapID$rZIv^$8@3y}Lhuc<4nHJQ&vo%V9k;H9RrJ#YD}
zVfeJX7-?)Y>KG^rGb(zGqKg;A3j(|>8RlKN>4b_mU>DtMf5}IC+Nq%jD4=@mo$9a9
z8{vxdEPTcIE+Z4Dm_*89Sj<q<2$#6D)H7q>smCmH7V53J^envueymNcqrGb^id-%Q
z!#*pziL7Wkn2RYF^rYSGsnTol7=He7^e0T>Kh-f2SU>Wds0FRG8s1*Ep3M_UV+g)R
zz>z~2v=*op)8^>lJ#{53JF$rfYh?ANhQS~Gid=B6;xP~$*D7VdRosPa9s%e_wuAn1
z^4)zg4O0&HB-blrl49L{mbN^Mfz<sAHDbj5D=A@zC@Mimh_W$8L<#!5XMODRf&jS;
zGBLg-UI9U{K587ln^q)uQ@F9hl7Yl*nx(v)!Z9zLuo8t|1Xq=0Ut|V=5L74{#G_%`
z&E7I_lX-5`-`;Hh;s-j;GwEIVigfckn-e-q@B;;yC`he2p&3UGTnfUoZ^eitBB#Ko
z15i<c+qjk`Txbm5yi^LA{8VA$6O8StF3&=cZ!a>GmHrS?)%?shl;BW)b{8T#mw?hF
zy86geQ|bP?gh(YIM-PWdsLTD?sYLc^R;Xt_aE1b*z|ZG}O64)gFzN5YC4d(e*Alir
zi{@Fa=>-ZeGC_T+;oRjH5+e&jtaxH|kXCP7b(&>-FDI1Q$%2lNgdO#7hmTC|cUPuL
zzrbtwS<L>p=Y@KJ<bO{2+u;9r3o%tP+0X++S=?*Mrs^hgi`gXqx_=scEC!|E-3p*Z
zOE;t{_rFK4MyK?Tt5Q;)<TSwe`;({lD|~*~U9`d_(bQ6xRrw*2Uv^DqiY_B|corPs
zJ##spSK)^5Tc6j7n52FEBR85OUOlUu_@znYNV(1wW3WeT3+3HFyE@jkY9WP(Sh2Ps
zysolm1p{(hcqoF75|V#*1{iEWe29XLv`j5W$PBdo!-Fqm4t~t3n`OeI?`L;kwqY7H
zs&8}H`~~0rd~u*^JYvy9cs9*)fH-<GwQ~!%r1hEpks+O~0)MIAx9-VY)P1VzpNU1O
z`>$DD?o{DyMYWbGXxYP&jV=!5@3N7KDiG4Wuqlzy#iPFP2SJI!zc1NJt0cWQ{?j^H
ziEmSl^m_K&`$p@&-+`;WIBj5G%zukf|IgAyUZK2^zaGz!q&Em10f_Gz;P)$%peXn_
zKM)E|qkcItlGnc&AGx0Wx8@~D>$!jqql*F*h~R&3_B)me_cQO*-xv3Mn^Qhh&~#s1
zTT6ES1~Sa&HF=*YZ5O|T#k=$`$oW4LUg3n5tJKV>A*YcLv)oaP=YaM=uAQc}_QoYP
zz^i5dGph+nOjO0lsT3?@?WpJ^`l8KOn3L`e2JrHth`H|3%Miqbj^scBa;r`uN^-(c
zL1Am+(MY41<(OJz*U+v9ByW(tkJ7J);;%CWk@v+brpDL^>0qTlLeHcv0{cL%)CW~6
z!Zqh1cM}xk58}I-=JP#_D-fq0s3{}$#Gp%s5-TfyQYAEM`~G#MI(tS@-SgCUE$QjF
zg)4{i)<oL*B7<~WB^L(7wQQZ+Jf--{GM<1C8Fo%cB&Pn<dRYm>j8QnnQ6;_8>UeFf
zJU&POIVME>=bGz^>x$=7y*_4_q672FYb*U;q<E%4g{IXKN|mg4n9Km5owE`V2AV_W
zWy9(Wl^_EJB&ap&e6zTdBKQWpPlt#)GBBYn3Zx&{5E-Y%%R|lrtM|NFq$DUAXOvYc
zQLeIy%l<A<L#v(c|I)>621s+1-G*`9JJQ4;DzWs~vsA3EdqT+c5gO5B)CTlQsm?8X
z_|j!w{i$$WLRlX`7t!4j!_bxk@cEZril=Mc2^Z5ZheY<oNObSjIsIAU12L+-<QYv#
zi_sGN)gfT9`5)dv1hyQ7Al@|k9lM0(v2q&?MRPO_-z(gWK`0$+{ORRXRC)rJRXGh2
z)_UTFdL^Ilsm-1=$@hsQ(4xAx^9R_$fVF_rfL*wMFTHX}aS7+WjOoa}BNOoDV&NP^
zf`A$6m6{__#eaNSj4uc|;gw~s`zPSffKc`}jkg`E557ILT|?^s+Y2Bl`F9V%Wne!G
zAMNhGbgwl&JDT{ObIZy`UmTC~xv35vSrq2~Gdt=1)q#6IL!p(2fuh^I4|(NW^bYD-
z;o4BFuULQ6n*40G%5?U_Yq`#RIE&F0FTDJctGBjxtV}E5VSPi2g>so60ej0n`$l>}
z@XwuG)2UUf&PAfb3BA1UTEJTOUR)=%%SWH~2`<1*BVFFs%?W_`Wwgz$0~0zDp#Wr1
zJ^S(*zxD#<Dn*2_3sL`9SsGgGcALQsw5}6PvIXs|umLd;?S-g)CpZql@*y}ba`d+s
zhW8eRHZG}p->zZ~-Uxh(BIRR1(O%m)b9fgY9QpdAecN2Ee)w?qZSwkEJmW8`y!=b^
zHfS#%U3tgdL)E(L<|RT0D;JEex2`kSjx1^(1_BZ2p{?_||Mi70k?I`mF1$SciCU1#
zFUGzFQ0M0oKhnnU&IwVN>=O%8^kAJKE@87-`p0uj%91-6Ckfh1f3f`7(e$?Jd+tZD
zMtFPiXo+eQQ>a1(D4zDP?P3|{#C`8ox|Z#AlNw6^;gh=)Q6T^Mt5~tCkk*lU{{NiN
zKX15GeA$hsir0SzE4=^n@zQd-Ub59VT@I7z(IwNxe*{a@XD`QiOllkk_PXY`xLn6J
zIGdJY{tOY+1P@9cA#zyX>6$K;<TRh@9Y6hjfKB@AL%q#NGH~C(s8jP^UJ(0dwsbT}
zJU<1+M!8`KCTW~I`c5eX+NjEOzB|q6@K{A9O_Og;5`7Yc1UPZ<9(5CPcmH#G(tE25
z9weCu(@bl<A;IP!XcxLQI$ZLy*BJ+xkGF>5TC&Dy2elNa81%oKUNdxV30!$gkH6Mz
zHce{2K)tZxBp7n@hZ%D;U?m&rPG{}%qg6%`iTG=oeC6r=LOzgy+RN#Ylr*+h*W5>!
zDJH+?M(GRxjylJZG28(!9}2i?cF3%QB;BeDZ1?{!6bwaOV8YnIr;|7%1Cj1jC^qGu
z5VsD%6|zCdv7gFQAg<-%#<0(BzEqtG?IVzr$*hLFX40<I((yV$*Q_(D;|jN=U37Pe
z^&o8%H<*(gnrCgNL-mnQ=49d3hCbs@esDH{5oPhu#zlzKpb(ERxy##D1?$%ynI(&R
z(H%*22R>3+9uWF%4|i5Kr_UvKY`dnjsU0dp4!;s1LzP$>gFluhHd0Yo2b}UMVk<!R
z@6=hxR5#w;o=KWdZyO~u2f2)FlZ+})A9(DM@?FN&P}kZObD7QLtb4aCvfy8~zfa^@
z8TPI=I9_HjnnQ0uj}I^B*Ijfu>J&|7->15^-i!wCBA++k-N>(hA!1dV?&@@&UMtBQ
zc+B`}I@p*XF!|W9VVw-2ZF{rr!;<)?t#`b}$EE2!D}DVp=Z)Jh0nflEiQh?+1M~Hp
z{1rAc+Dnc`^N4RapJP<0<*M@dz3-ChF_~16sy<1QQD1uBiY^FkiA#IG2(S?UyZ__c
zt4eJ2WxKt~GNJkoY?l+fr+`sR3d=aIF_^-5$fA;hO~Jw^AB4FpR9SS_W>go^eD}^t
zQEZymPXnVTltO$gp<lOQurZx94xxjE|Lc$XWLofgOSUSsh2U^@JV(^4$+MFUDrR||
z$3026$2!c7vFyk9Vo0spO8EKE3{&MHtwls9Jxx81?m#qkt!RN+gHHDVZ`7+nkm=M%
z^TVb)gcQa8VFLmV(#WD)Rrq17<PlQ5ma&w@sqlxtADlTImArwfkyPt4Qet`jn9Z>{
z5cU1qet)*1cnmHCEvAle*T`cD<9aN@G+(}Alw)r=UG*05j-|}5*mB@Oy6*5cvF071
ztE4DI^W_uFYNQ2d6vaxsK419rRj)f%{CQFcFoUJ->Z{b`4h|Eq)D-LLi_W8`QjqMA
zg*J(hCRTTQ%S@3vvCeG8FdcAgIE6&W374bTdfIxr3V?v+i`3hvN#L|s776548`)Ze
ziwQ-Db3P`5%w!$sP1vI4P3JGoXNtdKe~hsv_V~Uate>#pw0K|by7Yc~si9O*;NH&7
z9K6c`nK)dp0hxsEAJ8SPoOb@U!+t#{L%V#M@3^y|Oq$03PD<N58JiPor7YKbnUAu4
zC)^CnkIYvx?bmlmZfmIxzt4ZCvdV6jSh{&GOc>mb!8fgdamK#>T6;YD+RbrT)L}FN
zX3|V<5_QHqP~V`+9B&D4J?@pa_nwwdymEka*u<AwH@(gBIWtbZ|HWf(117=7Bc)Yb
zxQt-99MP<hYjbznNbBOEhe13~bG$V?nb2_9*c2#FX2*;KxbCf6Eiow5Ne_nDcv4mf
z9tWRoEh~&F@PBe66>as?O91Ywz2cAD#h+%?fN%76xW90|?{htIzH=<WVPK}8aji{;
zjQj_SP0Bw-19#L*HFIc}>nqvIYgfh@OOUfnb@YLQQJLYvw!zh`z8yIxG~!14R$%h_
zKxv%CqSm)8?VFydw<Bb7D?h(!8mTnt53|v%{QmYy`k?6nMpMuxHGjli68iXA4B`YK
zfy+0sYsq{a^s!X+4$|jW%@OAu*ONY_4#rujN7)>x`zxnN;DO@?8O!9Tlcgatxt$uD
zq0Hz7+UcnFk5ME+Y;i?mm2S=6ELk0I51KAu)Ta77+8ABXTXfxeJ-IGP%qJ+MydPH;
zQ`yF8A=*HRAjR9AHJkO|s&1pbZmLNy4U9&eIcH0%$NOVuzPvRAhHTb{8<D!P)~uq1
z^ZYyB-DD0c*t~TQn*>?~s>XIZFUZa4`QqC7(8T#@{O#IqpzKi0jWtgzR6>u-xc_zD
zIi9dAf|h$boh#!L!2yq)KfeCz?&}a=^yu2mF(RAqpGbCV=2Ud4-=WawE?Z*6e`Ho%
zddyf5w#!Eow$U4GT&QB!rHx7}6VwTgY<=&RjeEGrdaNx#|8+A06-f^I$l_{`OH%Wx
z)^7_A_W^R1Znx>v)a~*`9Ba1&t5o*A-=-NAaq`ubV^6kQFO5h0mlKhJ03((T@8a5R
zg1iHZaV9a7){ClqVFB$vg(mTGx%RU6yPJ6~f?vU|dOJc-;d8Rvdzi&R`1)Oz`;nW|
zz7HxWp{3kQ1X!_5dFcHZ+(YXa<D&Z@GX8K#Li3K>?6-(XJI^Pnhz?Ebwo55K$CVhg
zunq~KTZan`4(ie4N4_E9c-j#v)i#VhP>x_UvHyscUk<`yUU)g5B4t{j{KExonB}DZ
zX?ySpS*g20%@S>L!pC;9FibzaHQ{DfXv4~bP}jn<w9yxyfmUzEB+7i5(K&~iLy#8w
zyv4QmnSJX3ti6k1%Pf5rJ4KCS4Cs0nt9}fbsb6i09D?IHVgX-h@N@KZ$u&DTcE@<K
z@5xmTecpW!HPy8bmf%89jxe^MwwRoYQ^TelhD>y*=1LD0%kb^yc2#>otToT(vH4tA
za)!08{N55k_kX!-db@OUqZYP{?cvXMyu?TbPJg^C2cLEo9VE(^w<rO>&r|YX5PtJ^
z=|g}ka7v$&BmbEC(6DfEWXtD#mXa@Y8?_M6p<doxXYW5^4Bag?6QPCrX8jGJtuttY
zq{e88gMJBuEa`UfvkTk;**ujR>f2KoZ}ZWhDZV@I_H^<(v3N`hxWxp=U*2a226M;h
z=T*dw>^iLXvy$j=PIP!_>tvk-f3~nRK;qlac!+DF{50;POBvmIlrz)Iq8Q<!zUZ-i
zjvtO?P<+B;GY~s1?4#3svH#<|BZ+9Bsr-|fxHf7#EA~#He5pOOVec=Bg26iTn)k0f
z`k!3JRkAZh(8KWyg+X}q4$bkeHfF-yZ_qMCJ+2As{QFAle;SF~D7!+yG)mlEg))0{
z%0rpmcohP~^8@{L0c8D1{UOnt{juF48`si0iMs7K-z9$k4A))mYTJnNiB5>h6d3UH
zy4|RwTZ&t5&n$w+%Cv4ZOo?!3)1-}(iFE_9#9aEwCB_@hXZ-{P&7&G$1-TUW3tyjV
zoBynAPh0kRs1*@*y~oi^J>WG&{ALwG;6}Nxta-F+;C5c6>bCODgL=CeRZ)vay9|?8
z8Zy~G{(F{t6W7b$qUlN(e*oREA~uHKX+7!GTE#z-Pusa$iSV(9#Qto6J(X*deUdbj
zd`aYtQ22qi>1fAcqw5oGqFcLFKY`oM{$R-gS?j|$><03)Ev}Wab~&`qxKlB^plQ}}
zUEz-%TKt_3o^D+2&`#6t6PNq{Ntuon|J!<wjST<9)v%N#LpyTo_rha>2_`&x&&WuT
zL+ic{|FstB0M4i7Mb-X{_n=^P5s=(~2s(9`Bv!U!^Wv%m<zKq&B}9eo(==OIpnSuz
z7efW;SX%YDqoAO~#tYOXx}WcqctHOpK1KVAVMLo@u1y1jl$Sb|jvKU^BqR`?@M64B
zyq3#m_N{jRz0ZBM3}Pma$m<~PlTed~dNIv5YVovsvy!<9UdpoJ(?Lk2+QuTMTLeRe
zc2WJfaJzP@2l<WVVynVO$%ce?nF8RuY<xM04$63$qzX)hnmmV*#{ov7Pk-QrL8rT=
zTvK{IxZGcxK^Iy0?NguvSi)oP0%PN$l+mY#O5y*+E?U@fAxkC#?5;{ETX#874=EIP
zgXVA<-}^6y(x_VGNq@!apRr!eV#$UH62tS7LJzXL8dB<PmlkZxrH6}GG>x|Hc5SQf
zL+ACt@&=5qLRisMQec+lxf|<qYxj+QDm6hXmiwCkbnOxW8oD>-iibFy(6W#)Df#AJ
zE4F16o_rrxAdUgRC#&5`lqO{@DTMWROn03%seOy(Yz&o+*JZV1C@A&*qxenYGUJ`j
z>I1mu-Z;5gVI!aa>&9Uclqfu|KrvBx4w{s(V4yXlP(Vd8;7Gkv)61v`+Y*iaH_YT*
zXV2I_{Cwwmr@rmQr91C_*fz&wktD}{DSp1P8C*v)<nV&c$J^)VHei`-$<xR2+x**)
zDwV6cJpYlS=-bW|4hvO#vu;{?yYC*g788^#p`{=7C%5!fC~`{{pH>36IA)g#Yi<4L
zmYVKeOpk3nAQurXUnYk@7a*<NJyGbfyLpV5MBbpI+phb|Zu;{y`CWeFu`7<lsM8vi
z0^3Ds*`_<3PTgvHxadEgU8Yk2mcjG<PsTMpB?Yh)G3gBxI6mWtlROW;QFQhb8R7Eg
zN>viR72on@f@!2TRT_xIMk*eT&z9Jh^xs7xPh7X(&L^aI-==f5{$2P&0<BsOV+Fjj
zigo+{Sp(rIC4vGB2aYMCps-sC57nh{g2A5{X5Hjh!`c2p`Xjy5U;g~H`UNqIi}!L%
z=lb?%)LOKetP-SiEQ)7+uv^r3?f;|et;3>fyZ7$_1{iwi0i;txy1PM1m69BgkVZhd
zhmdYix>1QiR6x3sMx<L(x;uW``+lDHxxK%~d-w;(A+XuA_qx`#_PNf_+Cj@eZ)6MQ
zzj8?4-6@*!R!wrLSj?QGB~WvH>|1aA*Y&=o0|>7?vt@!7LFS=of$)#<A_8*-EUPqJ
zi8{}aqDy;D@*R$R!-rp!8nb;xq(r1=x87vZ{{62T%lWS5MxLT^;pR-f=CYg(sOpmb
zZ&jxbMCO?KZ2qbj*W|tXi7DYVY1y5qL0vrP3(MArfb?}eY%S>W7q1csoIF~1_x%a^
z=CW|8ef}1rel7;kDe?nKk<)*ixmF0|x2*17ES>SQ+$_oUd0d%9gSw7-x6Q=KinVh8
zt3zifaOi*OYC|_NXP3Vbj3WY!wSPyq<=--xq&O~8QK^F|TnIuAJP(G!^*60g$1Nq=
zi+knsu5sTpOqPixudh$@Udccs?B=<kogdZyqs~Ftg0|aIP`GkJeKd2GZ`fW}P%R0C
z{A2f0*n6~;^vCA_63e0_ipAmf$o;SgE+D^lD4!fkm4KuSw31mxL+#QW?&}LXKK}lx
z4yEj24A-<zt5pqWiP;mzZpAoVG-j3t`51dDD#iaS)C$N7NqO4p%sO$bBGz#!Ef?=9
zMCiT2f6}_ar`Kgd|4JsESjpHz<vtI6-6|8~r^MX8==ev%Mz1<>VU7p4km*h9Le+;y
zlZ3?2m}ATLRGDk;O)>Wota%?o_C7;`vRU!+%`6g{%mx2mM!xc9k4D4{nszi7o_86&
z&ypF!;3axeqk6IW82RqhA0G6tk6r|}MT8F=tN|+h(eISGM@V?a`uQsxZScUy5K;dM
zifRIIkjX>jFIYsr0n2~R9E<>93d@-_^g?^GXYQztl%Mj<p14Q%|4YVbiTiD7>QFo*
za>w{epL+EI(C*{fI}$zv?bbC$am%S7uD?hL(LUL|@sJ{Q&$5MX>i_meg3RcVUPI3e
zzU&a}5|mx62Orx`>Q4V~cy{ZYAFhs66CVGw|8L8T0`v?t-NRzW?d}QSRz(^A5*9<>
za}QHEI)ebprGd9ub@PX=Yc!c$k1c*+2MH99V*0HO6G85wK!hIE+|blwBUji7H_E{o
zR;%l>t;G+cFL?gES2AP&X$?5Q628B4k9+0ttixciT8Tp~tmjyYx8wjf<9$r{%N(Ga
zKIK-cl}a=Fl&|9Wjmp=BbAt{ZuTKWAm2*n@fltaR9b3CN<h{`3_t9?R!Ryzrv2J^H
zUGaqNC+QrfKP3RWaLWA)z}grbKuAcK@_r<NQF*2DY(6Q&smTDaBpbf7zIK12t)1}O
z)#F&Z6!tPozt%bLw<iTxux_rTcWu4$l+N@Air)_;Tt0`~^>{=30&uFX=0`mcqu-Mc
z$5++WO<h@Adzd5TSEv|8mcoA5O&gF5sA4MiWuF_bf-U`X<2HZ1dvgD@;hU`4QMSFo
z$DNu)e%iVmm)dE4%e(LOvf?ichZ@b2a<bS%x2)9EVI~p@7TNz6vQTAZ43fxJ`!xZ1
zc}>OUE8i|dA^PY^TYfp9XU%=j1lm`>aUOtA|D5-mPiMxwt15%`q_gf?WFNm4do&I7
zkAlv50b1aVuv0byflzt;IME2OdP`+J`|afaO?CKR?Fi?r_;gWN_v|&_J+SDCPUxob
zQDb0a>|414sF9wcG!yn}>!H*nO{pnX%V+dSS>hfKkJbh(FAi6~H~O6M=`;ZZ0s8E2
z<C#g-l>JAKJrgg08<-W^0)9JrR8!jcbbE?%X^Dn9ujuj;u#P9Apka8%3>bCae^T57
z5E+a|>q8zH3zf~c@4FtrYWWcLeM4jV236*rSl11X5gC|1#~XQ<KgSK7PTa>20Y9@I
zjo-1hL5<@amY3#R0acoS>x0CFW&ZQjw8*F^W=>8u|MMkG(X&}sKi!4R?2@2tT9_Vi
z^sm<dBk|Dr7T`=)wyTFuDTdx=kFYRLUibRND9W>)X$Pyj*0c)%q^EoNQ7In^hV3QN
z>i@9q5rOi^DGBaQ9^4FOf=a^r=j&Wa+vR;`hJST^uo#*Ii`oCdHKA!ze*WbgR7g8n
zic94=Wz-z>;`ZH;+D~`8gJ0zCUp~b|96cAQZ9D_cFR|}Iy&4t`xsh`a-%nwiVHp$8
zCG;F`9Zr3ujF7`L(}a<$ddilumR9a2&awpfjc)m~Z>%}K`C!z)uqayJ{h(RDvpFdT
z<rI#+b==>cLkhqdi<OU#dj_COiJ$Ez*a@&;$HYWLg-)j7LH#=3JD(?30PB0QpxwCV
z)2-xWk~b1wAAeIoF9F}V*Kyf}l`AzSz(B2Md1Mp4oh=Hd@mBfbwD4fGMAO47s{T5&
zyEm3v{73prW^b=KSPACR>Igsp1fet=);Koxeqo}GaNXFm&h}bEG>q(7bjPL`I@T#>
zd;Y{?o|YB4uQ`eEz&p3_3v^!o@O17-ApU3>Ku=N$8I^iS^^E9Qv)mHZGKADqISm*Z
zy-yBF2Pt!giX{y`dTtqg&RM$cbXhA(Id$@*dX;PTWZC*YmC7IG-Z+aE`y>KUTO)(+
zMOA&2%02@4EAGVD8PzY|s{9;wi^INHcMjr|LIyeIKRZ_caVQaesfc&*+6-+8jXu__
z)(@~G8^>}Zc4W_)B1CHS!rx8<V3fd%?+VyBILwTU@)WmlUx(RR7u5)6n1>5>n3-Sm
zgXaKf)~i2N^oaZgz>}#?0g{c@1%07jUn-aJIM%#an$gSGE&LFS%NeI;V=q(R%U>lg
zPsa2<STB;A<KKiHE>Z7~>6zYlBAhev#J@i1rv3iaeT!IvUC3#kGcPZXc_#?v4q%7x
z69#^<pUUrTk=7K++ZpU~i7;r|2M5<+G(4L3JsRNKp7-A3dL!bJpSulQ_4}`^Dk-k<
zZ!qc0{BJHd4LsT0cV`W<y*KZF>+4I}*x10H$kj9T)7fn}(r{m>-)s8N_AUqyfmIC`
z<L7_!^XJc}#ssudWeRy#18-9hwfqx=eiNTwJb5GT;rN<ueUrkoY&PKT=6kiZ=9rSJ
zX-ZlS4M!<!uZ(eb94$A`E-MQQyGGM4H*AkpEj>5A9%o@q;#R;n+Uppw4WE%#<T)Lv
zU7hZX%?5SP0^Z=h<0$|GN-;YFu#yjT;XZU>vcn;P2!vNgR#v%`MJ(eDfHaVK8r>ZB
zac}Z_I?mQ=Lrw5dq0=D3hv5bxtkj!kyRLe!^Aef|xLvdzxc#aKyLPeMqz}B$mIB?r
z(rX=|9XYM^B-pC8`Vcw<L0$oH%?HZeg=SN%Y3S4^4_E^YeR0Uldz}x-*2Lp_OwnUN
zhJTl%?^7kk*g*p}7`SJFvWzBCh2MUJZ)vuj>Am@G(}1f59uw}t+*Log;5DaAU3Hp&
z%SPn|tlv;(MApRPl^Cx`uX5sSS>s018@kCtr<>3#%BWpCy2(tVAwP(c_oV07`~&|#
zdZctHro_&N$OHG&u_Ri+%Q-aV)5>D{{jAdZIqz9Q=P}OL)T=4!&3mGv3{AZu1YHvV
zOVkr1JkK^^8qmo1v$eE@7<XbnB4`O8YaQ+j0CI^*Nd?iJfMdJ7u&C&rU1h^zq%RO*
zy}7YaOCF3iC~gRo+-=J_!7?WiA|>Ev%anO_gXhs;bHM48bqdP7sH|t83%Qap6D&qs
z7$!TyLVc>@!@a2f%9EsJf4)?kaZDpK9F=iHbUm{`ftJa5zBh$KXGXWuq}-pNogH@p
z>eO_#D?Y{oD~8Wr|BT{J7FMzpZIuVlv#tqm5yoQA(`I{rtfd6;4CZt9XRARP5mI4!
zG&KBdPE#K(-|w1*4jXu4U}3yOyltP7;W=%S$GE{(+Q)Y$3+{Jsd2@gNdoUY@tU6W6
ziO6UdJi?CL)VE58r^7RN5yOK2v90a<XiCBNYSf=)Fhh6;eS+v`E+}9LF2E~J^w-fX
z&hBo{q*E&E2G*|QS-T{<BIg{*Bc#^Av9L5CaH9hteifcyDFa|7Fjr{1)nMkk_Yq%y
zdXx&wp|usLu|}&Jx#Htt%I*M=iXJK+m<%?{o7Rf8P6f9Ic*)O9w1`}JeenoZs60L2
zQYPIoVLCm0r{z3Um}(6((S)Bz*hM4mgJ_(DppPeo?0M^X=cEFyxdV_Ha%N+-Ay2Z4
zW%>y|p_t>WQ8n20W34ODOHkJ`X1R|Wup3b-ye%zdqY!f|B~p!F#0&jQ;7UgG6iS|O
z{8hq!l84zdFRtoV&aAVc>uYF}tn^j`T@QT6<Ts#IAr}De&o%Pcx&^q&iZ0L^<!xMH
zcld|TBo}4_6RuD>!j7k9vihcts(0H4jK933T}>@U{M4J3s8?6KE!)%HcB7zEIa#6S
z{L3r3&kVHo&l9ci2K#_gKb&*Axd|ibU8DLIt$T$gm<r|%XG8GnL=lTTL8DLHw-T5?
z4TF<mHZBjid0KLsH0aNJty7;+giQm;m423M@bGgUlD6E~kWE4j9Iy5yR0j0<?XV?{
zaNRa9MyRYAl2*bK$p`!dM4nE<(QH^#Lqpd(Po!j2LtLFgh937<Va#hNs}{y)cugHV
z0#SlK7$ak-74U;FOdaw7vH(n(6u37JcAEK8P9$WerECL;0d2(77--_rF+Efh^fE1;
zyI8CdFsLAn@4oDqkVAi`Cag4z7`Ji*2lfhn-Zk@UHxa)YJpn!JG0ft#HuaDV95>7b
zLIczunyTVZ4cu$^aM&X19t2{j0yzH*`SuyPVOz$`o{CHUD^a%yvk+f1=P*#vk=rmi
zk6gjMAA}P0g{`Hy@<Iv>(S#7LHL-aB>FC|Uwor_68XWpjZm3sLzbi%>wgY58JqBV0
zT+bjgiMl?5Wu-XM6_mk^@Y|a!4io|!)0cZ`R{!+^@ObKdX{MvxybYef%68XaLz6>q
zc#tU%Hdm_yf_e*fw*Rs{y%W~m5L%1EC?#RVGc+6kl`|XePWRA&`Y%!k`3~m*g`O@d
zN(XJf>+#;*&BEQgrq+8Q3Do%nK$$-nqTTF&lMD*<LaQW<FoFiP!2EEvF)dJT0tLI~
zGL`GzN_L0??*XANq&}2|DfZ(?PGokob)~Z2haRE%;f?G2&_#=t++D9rKcov0rj$5G
zW}9EjXoc|*(b85TNRN5P6{6)4#qHM}Vo|q26C@4xi=oBqBIEqg<dAX#iT%J{+9Q}>
zcooVX)e2rK(K7T1e6$5@u<rHQ@Wz&FIktyo#{0t$H8u5Ir^lW}3gt>dcq6{T=j4Nt
zTbt4EdXJgG8H!%gI%~S~#0c=EaAc7gG2*6;{a=2gWTL-EO-#W9%M}&eUfSGrrTSVp
za{(6Mt90NYY0A?koO8B$oN%Qfn&5TC$NF?iK-z&e_-e#RX-+FLox5$XuCH^1&<s`t
z38S>pwu)fNi*=AUSQ5yyM{h!0(cAfOyLcK}Z7@UVqa*jdTW3xo^e3xnrtHf!w*(e^
z*&%enS7z7ztPOQ|7Q%9?HU!u(e)`AhNvGLCRTIAYXIFd8+#a(o;Y2SS>vx1KZImV5
zdRQIey9_sZQkNavJV`ccn%ybPK#Wq;;1Kam^mZ110!AqWq=6Y<8-;-+Ix+iYa19|C
ziVV&pR<c7-yJ|oi%rb>pJ!v+ODuZWs^mwS0xYf}2Ei`R-xFu$&du$L?sEpQKhT~V&
zP;FG&0cs3gM07}=UierroaS4KG6Z*EF&OHyR;bAKg8~&K;Xt?D$`3LTf|AqWGhD;`
z!*3PznPGYE)UB9zw8D;=M35!LWuTt8pS$;2CFtO_(9%GFr%qij!94pu<#!8o_iz~u
z?Y3<^?Wx=E+45ExHvA1N{om}>Jn*m99k1b>!IBL~vumm4X#Qjm+z#A`2m9$DO{Qz#
z<rv{)Gjk0nKm9`nFhfHLk2HL^yY=i`5_hwds)NjvN%pBCt$B6`@wr^IJgrQ0NEK}`
ziNwdn0hBK2w_!}ENR^}6c3sAi)oFUOKCRUCJ}`d}MH_`iz^0&{*OrW%H;kS^wp5`J
z*+eJpiroR|L2EK}BTK7pS;MsHIX3(qtdbAtUIyW{t;yB~FNO%>L__5W+JNc6M`F2(
zyk##o43BBM7!`z~F(YiClZyw4s$d^vg=|Cnbb0$8oU``X&~S4p#~Sar(hr<1x^e8X
z`ik+#5z9SPcAUKmS^MUJqWxJVrsh;0*1c^Fv>}&QqLXI?L1hc?^0EqzB`5MUv@8E9
z;%Ihb?EMS51*#3`e`lHe%=dn1^t5uhBzvpu<o-eHO`X}E?l&%@dizJMm%kxT(Vwn7
z7s-KV!2_>^gJTp!att4TM=)mXdF4?0$)=!F!EoT`f~+tbxKY>4I7AyPFFubOPL8<X
z#P+~|H@w3OLK*rQ;|o)Pn}v-~V<=tI%3($OT3K*3I4`=R02ExV>^)}>6KvdHo<~OE
z-EubvWa9IO;dvh43srk%u((lR-U-7rFg*B%!YvOEprYn1!>vFeOl>dexg+HF2V1C?
zpk?v2gHKvB?mXM?%?sBqJkhw!BuDTCTN8Hh>Sgn95L~xU5%D0~RN}mAAMv~_*cr?w
zh4w6}qcGO*GQw<@M8UFn**MUL!`)C5x`-And>}xTgL!GPAMEG4Xt0s{;b^1ZfHbjS
z9s|~;fy5o?$ppJl^aOGR5QK?mSDr0I#;l^?qCe#@Th?&6a{r?&s)Z+MAeX<nQU1W7
zb*)Go>5p=|iHe8)!Na*n!L?7c1K`o^=lCJw2qhlZ(_C499-{(oBQK6RssJec(g8X>
z>P7o`+`jI9MBsUtR}ez1Wf^B_c=5taV;@7_^cRmM&&T#7EWfZXKMlCd@+<d!GL6v=
zK+9;^bkqEpuJ<gk&**3)RH3k?PE<n7RhijPy$GP<@P0E@AklB}39XF_VFpozI?Tmr
zyUrl9WmQ^Sp&P>wtoMGG9uW!Y?NDyFV6CX8ppEMu#<=863-Ab89t}OJd@hPp^os}+
z=<0AudfNHi#z;ZmF_*+3-IooX1bq&=Kn4;91VtIYev*6ed8{DO@|@R=>*wrWO<~I9
zm-kj>e{^2ItVxx-MnEG3ak8bw6wGymRDdXcN;i3ad-Y`-hr7R-T|xsdhC>gjZBg*o
z$T>RYXtn<zKDK0B5-^gN(Dr`?UJuxd#$OFr+aq_K-nU)Tvy1FgNlIR;Vr2RB@ZOdP
zRzu>8_Pm{sxsxuZ5%NOAVHo~j#NtNjCIwvX;qRyiFHvH+dp>PRkJPf}VQ+&%;)oEz
z!L86PIE1b?R`_%&6s^6A1C4GoZ{aWu4rRcNc8AQMY2v|fPYjQtT4w#BBb4yu#U&sp
z<qj9Q0$_gdvW~kfym>ZS>jy1bG2jDC8g`y%?PfSAAPl<(6nuF;e*z~M!bmQH^%J?%
zeEWWx{Hs>y*e!@4uz03%M<6Fka-LjF5GjZ{IvQW}d$CU`C7JuFq8(7CADXnsJL;yJ
z)@EAa9z^r+g=xXS?}da`hiU~NgXu|cf~!5vJi`yj&2hmXm@hm&)U$YK3q=``Fq$)P
zf{;NOBCkFNww_D9aO<`k$PkzS6)_l$4B^EH;YH9ugm@;~0}13m*2O|m=_t*BS0!Nl
z#GSqcga<Z8!AsJ4vi)lr!`ao6PQ2)p+FFq@&SU~7rsR^O$}1fAV0!9)ZA{qF5+N96
zc<#KN-waIVo!x4OLjRMevV{_r6Rg^A>3ZWX4h_Sf*Lo}7B?v}^Ez_sBQeiDqW<TEl
z7{vCv4%G!^n|E&{F5P;+B2bSwTiyVA=}dhS1xA6~qnDv4SQjNgc|7#Q^ZQ~oet7sr
z%tBs;P22}wY;Hcy$GK~m9ipD(a*HkJT@4{=6qk=`2rNKbAXq*(ol=N&L(XClx~6Qz
z+CB}cUNrFvmXj#8F20@cxcUl#HqlT4ZrMo%g5nrUqG(b3-4m}ZiY}0Z|EHD^K{PwA
z!&jeE<z^Lv1F`Af<sVhD&!kb&O|JM4-9#&%xuVG}7x~>hUK+M+eu8|r?Y8)TS(3#S
z_~<Bs;#193pc8oo2*@1vK8|7<b_8dI@p$21sLAcmm23o6)5c!m?gwr}75b3^v+VN-
zmQbCLTL|Ir2N=@0bC704O$q$oIA(3TOk_35qA@BXZFJ0_Y7QY>Dh@pxZ~tlQ6gR{j
zeMBKA4GoT|q?nAiM+#99TjJkbyr%?#e}i^mcEMqAAWu`x@(8rozWz9Z0n35+3;7@x
z?TH|gJdt+t`40$`oM0pH=i}>ZbY-yUp6MCPuqO??aW(y)&w_<BwX9(#OIRV$$4x3?
z_sBcAt(~Z00|&3f!IYl)bOJ;OQ3r?;Z9zFtayukiDoB<r>^bZ^VHnnqVopJ2Kb8p-
z^h^IvASULf8NOlowb>_S$tCo>cIjUYJY<VYA-B8}gkdH|A%W|=Kvh8ZG))7VLC2IU
zoiMv<O~U~@QW5D!H)p=oVKqHX!yg+5v?pev&5KZ})`pkDw`Rz0Po<efAoohO887iG
zkYo`YhQcB)7Bi1$TlWZ4v6oS{&78Yu+cV|;#g-`BT3fI1816~v^6Y5|5nZC+h3C<_
zg4-y%Qly-)mLcvgg6ku%BsJ;NWj}RH%1c3~7wLnA=<TVdcO{hQ54{pm1*LgB=p?qP
z3+Wu?I$9foO7ZA*j=<7odQc@KhHSrr985VPe!~eO4V`xjUMKHjZ$PED${+@l_Nzm@
zpt}87TLf#64r|w!HQAEDhz)jdMm9N2T;F4a%){>fp`s6+7JNWBj!W}$(04Cv?t`W5
z?wS9AQTdB2gqi(N;4m0lXdd5R>R%9y78h8JMo97={YcrSg**XOGXZQ5oKemfV7hkj
z_1Cb`*Z0@k=}zM-ygX~>FBS@2Q@W{f3wbCvp;m(wKlkk*v^=PGOW-g=U`Ah`S%hFt
zABu|#RlED`zKv`;cSDhrPy@p(Ec%jX{wp?N*gE}pI(wq%1|BAPo4|unqp&(PnB+m1
zDDHqw_=OaN2;zq>FC-!0*2eFdL5&(*=MNb}3_s%8$Vg(%)DniN(%Z^pf-p^)=E#of
zq{K`;&08{196WXj8V2GPWM>0wh!KRJh)o2c7;bVK1wm+-*;+afXvN@<AQemkjx00h
z@N<h@y=dvVxKb*KTC+vr3BqMO`f&kPy`kLseN?n3o<6zd`;hPN8m=?FT4vCPwhngV
zZohZAdeYOc(5wZC`li(%gb(Y(?EEf|wYz*gwPk!e^gH>}lc3tpajqgf$QBq1qi1FM
zm9A^BS@=b`t1?{^1NU{vMxc~T+qr4o%c4ukHDa(4#9W`1hxP=12yLfR+PGM@9ke@z
zdTIsixQB`2Ym*Hz)=?H@55AEZATZX9;M=zu@jc$-9pb4$uDu|HxndqY3}0!d3>`B5
z>ZTpHBzE4i^)SZ}vC#eqlas!swGVs!XA2|7@|2fkr%1QR%M_z>YZyVPbcZREpAcbN
z-mj|FhE&@iQWGO9*|E_k{)J}v!~&o6S^e^rrC;b3#fNQcj4=1q(-UfIhu`xe-}RC#
zRsXB8rNgAP2_OAh0<@n<>Wvi|SA1sa+t_n<+Tv|=?%|M10dQFL?Xd2JooSebNQx^H
zQKeyAoIKJ6wwGR}DC5J|A`**q3wp>iD=#DKDd0)oIs+8TJg0mqM3B_m_c4A%J-n1X
zAMNB!w~hdpzJ8N!5|RC3lgoD6$*VV48ALRZ)vuM2J9`>9TMX1}ljpW#JhcB3$E2Y=
z#r>2i_ojImik@uk?wG&zc*)*&5hJ@!2_A80L|9Lr!voW+j~^mM(^&(^fa#>5@A+_w
zC?#gj2PNG`e;w9q{6fknf^k1sru4q6KI1~#Q~%g~v%qd}g9)@4GS4J()t2I+;Xc8Y
z-iwoZi_O9^rjsTUJ0g>6Z0vhu94qC6ovmIWvERTIa8sdkXuT^e*V*+pa_kqpL?!$Z
z-$_#M{y(kCH5Q1We?3vg%jiH#122H?`6I%1WQwPZP5oCzf3n><cG1wSv^A14YU%qg
zrf1)Sma2ELJeeo&^(IN5-R!VDk*A*C68YS!^Yg@P&DC3t2%ReG0qoL<e4WQ-Z0;VS
zP2Q8&^9S80(j+_7*6*gDs{&9(mCy`csc&onO@Q~#evpgxz7?o_)7ouk{#DIr``1*C
z$>)Q=K7>75*Iu>P^b^fZC;zi~2e4U$T3-&)GuDd`F!O5mtnCKNkFT~~BIf>L*s5&B
zgX`x1=zDC|?V42pZzJnXQueG=gy7n`zH_sG8L4R7XZs&xzswj`+05t1YpcFGC(-Hh
zG7wzsEf#7jg*vW`V0D?Vp`rf*0Ma4p07<0#vL~WRwtg0TVT~<xOFK&OViQKG3g9l<
zaQs%QA}ONR($sl#cHr<<pz*pn;<@-=o2Hp1D)0lZV$NwQ?_UvWPV=&riKA0-Xv&QL
zX=<=V30kHRYA!**=z-ONPQB|u+(>FKL_N(SP0n@jMPG`%1MK}pj4{Hl`~81zXkY+@
za|W2m%4b#K&+4q<N&CXEIc4T0Kp>wz_&=;ADHPCktJXf;O&O+ro0b52tm`&sfPCQR
zmeW6b!m*%GE}Jcw-S7>&hI8JOU*i2_+_v(db%phB`cU7Gy7uF*H$>X3(E!DDXJa=1
z@0H8&x3#aa{oR+I2!IQ?T<Rv!9t&?YTxRW{1iXDkE?P_N0A1O09+lPHTT!4$n%YYB
zPYg<>g%<pF3@?r2ZMK2q_=N$$V7UMc*2>S<x20%De|LTVhu{T8LjDWDWIa2JuPx0c
zouf^jz&UeF0c<CIFR{ntelswRTDsqVro4|dJ36~PIh<%}=F$ip`{y$#l09gY(j(;o
zp7>Lvo4==Eo)>F(7XBY<lopanH#ynqhz&0U2CYFN7H>Gs)%GUVj+gw+Iye=X7}X!Y
z?T$?!W_Pjoa|-mW+tQnId7frL_p8w2!+v!L$P2JR`#bwBdiR{fFJN9vt@yXBUj^y9
zXM8JC=kPkE0aVQ|m%d?twqje9|LXL+SezaE^OD&63Oq2fvKUfdU}RXDPuBK)UeiA%
zsfmA2{Hb{aFD_yIeVCYZ5@xsjJLm4d#+d>GO+$VE8oWy5*-RsV{en(DBlE$)rqWYK
zoJXz2FEc&=wb}wrA<2aHVu~jsRZs^l4?W*_BVizz(ooC?KLMcX;Wz1zkJffo)7lDr
zJZ&q-G<Pg-ye>sFY1hTN{>!S$HsOCN9aR{N+~DBa6nb|p1wgo~1_v7d%A+~N&P(v+
zO>S=Eiu&gMkj1ZXz-O@DUSJ=lLu&8l7<FdZvv4)>&HqaFEDYbTT3jAf2|!<Qb|Lox
z&mrbI<^<+%jM~`2@Zv^`qls272ID)kfbJ#Y)v2$CT5Ff9m2dFBE~Pa%`hK+%bGT5n
z%4>(YMq{-j{Txf9ISRn&d)MK|Jh}09jb@r2UHR2F*{h}H-jKVQ7NUQ~r!51DJSFU;
zNU@QH$hfjd53henBc;uqznBG=J9|S1!#Cp3KL}7dDxf`@-r#}XOF9hi&Lh^@Ds)Kv
zuL#9^<cd8W^V=BZNcv{qMHuYMH3=2?BlUrCf&dgyM@KB~F{=vi|H<H=iP;G4aS1av
zo;Yxwy6%jV{?3XK>c6Kp+#l1ZA|pvpVENKhn?TI4+$~UwK43}wPs^4q1qv`mu&jN`
z=#TpXkwYyC9&jPZpewTo)p?dtlNqcYn*9Eiywcm3O^JZVU#BlZ^A9LY21*1VoQSM{
zsg^QajEi0EO5IBQ3fr$n^FFs;P|OSNe*`Av+$sGw2Ul4R{xg9DvC6cv?EAI+Ih;bq
z0eG2J#<UbF`;<R0XB*r(^UwRisS0qc%=IxTe^97Fl!`6LfqSD(KH<QHX)|OE7qZ!Q
zE)9wf0qO7Fvkl(96a)GMep-)_2jb>r|74n=GN}JdIw)lrQGXm6z(P8~(ch|-OJEFN
zG|KBAm6T=|J&e({=iIM$-V^%9r4Ja4oZD-Equt{_Z;uT}0lyR;7ymyG0wF{FkEaOz
zk-I*@AJ?8PXj(B>0SUyWF`$GcdrsPDQhm54N%(a$gG*yl|F!b+S;jvH5S*m+CjRq!
zsN_;&0h4Z(COISj48)c<fq=<|fP)wS<<{q`{{!`sw{QP{0nxy;|8uDG<EyKYmpM&7
zDy1Et-#^)v><<UPRp^Jf9F6kL9!Yt*xwrse%0`8hZ}h*8PyX96<YtT4x^})KNOtuC
z26*f{1KGF<0Bgt%5lbhAJ59hD!BOP}_}OF)Mp**7(pF%~K(H#^Bo_Fkqgb`q?mFW~
zm#f>C3Cua8O2D|?r@NAS*PlW!lI0_O%f$Tw-_KQK@8us$KxT(U3y7vvr&&05{ub~D
zkMt`d&8nv&o_uzt;lAcHPrr<j=xLwxv|+j`ESH=as-E>bHBizVG+jDh@zxPj?%#56
z@H1#xD|T%iy7g5Pa#+xF^sA64saL46eY|@%L@r$(pSe@d(a&0}lk~EAfg^)pYnevy
z>cdZ$jc@0`zz%^vQVzL4I{!?Iz}p@EhT;hCQ)_NcKPdKM1!mW#*D`C7wyx3ou!a|n
zW-%;nPZrrN4K77ZP=k9)wrk(FE`La<(wzP_9aygQ=6lFd4MrSy#gNXG|3iUPOnXN$
z@&-k*9+TILXK2l|b^~V?mgAL~4)v=6&1FwVizHfE{!#6j53AYg{)I{XFEny>3AMQU
z9!y@_MZyu2{imkZKAt=Q^K~8>D<qEkZw---e@~myA<(t304k11X0>Fqb_Kv-Cy3%X
z`AHa+b@KTnmtWVLiP;M}tfyfz>vTl+LNjqVLMiV=_UMD2$${q0O?Bmv-!ez_2!Bbu
zk4AgOmDgeQuPO?R1~{RWI<$ggNJpp3IiAmrlR68f|3;Rp%&CGK2mdJIww~D&B%O4d
z_cefC3?wC%dAAX7854IIrdMf-A<B;2E-$uko8w;9On$SvcP0p*&7kHFsgpF`D%+nj
z`e3V+5&Jof!3Vs)bpQ=(m2fQMYqFD*bbYm*I_0YO?w3w>I39Y&`wAJ~e>tCW-vh&>
zsM?Vf<`F<AmiJ!3TZ2`8;3x4zB6EgRo_wJN$~}{V0Sylsq=9m4Sa6CZ+5?R6CE8&1
zZV<N62e!#!kOo@qjC+G26iet%3%PX0)$F9HUr9gdtJvDLEGa?zzXIkj7h9=6Dp2bA
zucdNUu?G)G`IMH46MdN8*@ZyxLMOaRMF|ACjT!on=zp-KYPh4V!>fNf3lA>bS?`Ip
z6tI8Ym^#*yhd_zw@;tN)qXHq{SID7+q$t1C6Br<<SP%wdLg>4Pg!d!yIG@UbNl+44
z8d>s~@({<*@Amq49|^&QLzCy!cYSG1C+E(rb~Ecd)*3}!_XLT^_)ICF@fTuVP5%8;
z@l@?(y+vT@*+*)pNJ2kSKT;p`V8^-6R7uukzKHM`uKuSCA#`*Q2x@TP|GwzU(S?Q&
zw3EM(g?|5PENY_9R_A(GXNL7Ub(B3@r)|x?ftTs+T8kx#zU#(AYy*a7s(Z6w+R(s_
z@Ybb-Q|+E!#DFxDeTP)1l%+qPxU{q*8bW<CMB!coEN;Ie-}!+SIHfN|?XC2W(e%m6
zNhhf<3s(f@&Zmd!o+7hBnt37uoO|}CBL;H$tH)HKKe+#Ob`aEG^tm{b5<ShYE-q0z
zang2;TZ*8^U0OENQwBS(o6TR2uP)*Pn8Ve*8M8VUsud=g$XWtiNIApUMii<^7>)gf
z>FCbW3Di?fj|<}Encj<-_T)25U+yTI+rGiWN;Talzv^2!O`AWTa2H(ZLRyLX@S_}g
zD6tbZG)CsmjS41psA~FO7$46VRpc~?H0wDxMd#z6alPH#;eP~u^<v=oeIsMH;b?Y|
zgRBe`3I?P6?@LcJWP|07hfWI<{Pfr#H|3$U71cLNzBh9M+pT!ua1#-4$?cyJuc^uR
z2AkX8xJnLT!--|vScKjnRU1+0a_}I9r^-n~VZT(4+XF#Z8SfvAGuq=TQ$eUG2&(kn
zRMKQu=D1Z$wiP>!hGS7xnN}@aJ2s~neP^*x4iix(A4##XeKYp0uG`_A=sKZUw3SAz
zB?<}JV)~K#L!5sG00i{{f|8w&i{ebyLI~oG`|d&9RxHHsHK7VTgRB@>d|23W)1S&!
ztCosG4W3PsLM=&U7_K&7aAE#{_e%9{Gg&VlDN6dpBoXw8$V_!QJG5{ol$t?%;KbZ&
zfP1DwnndSG7dOsw+Ba7SpXv0Juff6`5UFoFf3z1T>k)qPdLOotko7B}pI9`&u`IEV
z)KjFmy%Per7<k9YI_-#)%MmC9>RnMldtCCrp#3X^%}|1jK~0$Z%z+sciuW}=C!Lk$
zFzN02#5Ur*v!phLB|)M5KGIkjNh5NTJxXeWP95nuzY_JFxwm1jH+7lpZzD<CSb%{@
zCRN0CCk3)7RE+kK<gKo9lMpyFVoV+rkG&ono;0=YDc;n?9k>Lt%{UG!p^igc#7fr!
z9lV;ACN%!zj<<Y)E~YBbgQP(3(L5zmJabUe(HDKa%}e%?aD9P#F0r{@rJwMmg7&jg
z#J~*#RfKTWNfayU^Q*~1W4P9~4Q3P4g2eW#;ZXZpO9*8?_p3tgk597d#m8c>v-(F)
zgc(yZyeE@6O~B<;dTH)@<6duSo(#<B%vI#4drm%o{;+D@?k#FMO780_;&o6N#y)jm
zz;>MlL;atZ&6r+`L`EFMjkfWe;X(oQWOP%tH~z>%#o@nR0GpyMkav<WRo0-R)FYKo
znR=6DP@!(sNfkmcI7nG35TVY+K_qm=Xe;q?`(*)L`~;zmeF#Dw_`k<M^wXiEj;TzF
zsH%LDC?negrN7vwT@DKXEgnhCn*MtG=c)M7wMazz>h4&QcwmCO5vD?{O^&^1H$LRf
z97OtgPr0ONhp<ma6ssi(2{JNi8h)P!&3S9=xwJcj&dO)1CLz;kJ;D;U9}k@Gmki9B
z-vrE7I#&AnHw_cKsVoyWmDE{D9<zU9CsGuy4*z7Iz71!*gd5*LuN^S&Hh1-wev!aO
zOq_CzgONve#d<r$qVt<dT&T~<f;2(6{PO~sEgSv1bQ3s#WJ?IDXtazE=m_O0*m*47
z?qKML1D`(l)bxgH7zLs-ou`3K4?jj$9Sp$<9O>A$e<tJ(M=`R#GHMVH4;rW$lV*pz
za_50m{&O*vb0aKBXgF*n+t$u}UOu}UQP$k;-+~By=4~rRSOe$GB$P36qH&q#1-2zo
z$v}!W7G=Nx<Q+h&|2Xo7ZvTFutdfflNZ(F6KdSIwOBy%GyeqzuI@*gg2hDks1Pu-D
z>ZO-EC`)cu**Z8BevNZGik5^X_5iEjIwX^0PVzGeib={<%+Y(k9>Hq7`6!R>5eTrB
zqB4xQA?XZSKkj3@W4}2`?kCMXoqd<ev7^Em94N^!+`s&3tP|fSJ_3z=*_q=D#H}K9
zX>ZHY{fz=hwnZ1}2_+5bn~>LTTcznGiIs0Z9JEp-ZtK!j;(YRQe~!B)y)K%SEMV}*
z+{>yzLxawY8a$4+ff1PJ`zGMv3yV@>cnm&d_}&Y(fagk7hIhVFE9p=n(K7v#)I<Wb
z_wFLezfx5u@73*DSNi7maH(cEFudT$%IL;1j6+_;Ak^Ql3>;GMN%vgmZs&XPZV?Mj
z|MZo}$CX>gdEMCS%Y2md?b?mwSjzvZ&#WZnp_sX6AFABs^UK%sEKcXNfqT)3?&$lU
z)gRuM!}?b^tPxJ)FB*U{P~22iCxK0tO<fG~JQP_+wHMod*867Lep(Ej?T`YB)Wa5b
zilxQM_^Mc;?@%#KszgBLle>Skb{-`;ed>E0y&j-jJ@5nX&S!zVW*IvQI4jG1$}bMm
zb-c}U*!AI!;kd8Z5itX5dIqE&C?L$wM1ikC#a5r?>P-JgLNd@EOK>l$2x@LEZ^xeX
zbS&qo=^SZk2%7P?osSXW>VpJ^x>y;_d#Un|W0_(g@th4`l0ws{41u@ANYW@~73>$1
zVr678*&nkgk1Lvj2}Z)1%<C;(X6Wr>=eR>=T#k{1KI#mp&zpMBE}ab_8JPhFJvU^Z
zv}}A(1p02)iWGtUuLlL33F4^;5D7fLSGth>fk|}-LN}N#4riXCLRk#6VG0Z>rVj^6
zV6>38XihOv5fHkeYV~-=%N&bj1g6-6gCt^QxIsB+5R^p%Iwf+XSA2lOoi|EnRPyf5
z?qjXSg`-AYj??{%HoR}}q|wL>(zZ2?OmY0V)k`*3iB5T034ufhLD$p8C6X9#n(-s#
zlz;vE%*iz3E0#y<YsbQsLwDs3gDb~;nM;>(^GBUK`b~_zzE`D34ki;5*OSdNOJ~SE
zr;x1TRk-U_KM}(C8GobgUe5uAkXYR?CB!*#8OK2uR1VrkhC#m<19AIY9CZQJvsHgf
z3S<Z3?6Y2pAqX@EDWOi92k$=vso~BF%xKpvV5{!ep+u+@;B-WFG`;wRV-|XV^Ya;w
zOcriiylw_5C{uXcl^FCoKZ>GE?*Z{&l>|=A>4QLuuivC`A<u8$M$UiM9?4kwc!Pd}
zA65H07m1@B(*7VOebVK?kz#pUneGE(z|=zxE8~YMfq)kmvwZvl9t0w_wqA0bM@us}
zQtG7GW;MeVgCx9Ce;0lsfA{=W)#uj1xGfBlQQuT+nE-r)^h(fga7g-y94kW_zeIDA
zO(C-&YU80mW6q7{=wk~ZhJB$xFOWaR@B^x?l=ncsZ}|!twtPeNvl-PB4`k7hSnEa8
zLcJB4YF8eI$}^)fj$GixO)6l{U;Ada#Vj-+2;=)Pd<9DH<K+6d$_%24&K8Is)%;jo
z?Xt5-*@jp+j`ZS_=R$q)`P+WxljzIduf%-%B}Od2t3nXrV&)xMAP$JVn8DtbbwrR-
zciJv%AYdGBS-{72*#le0{i8JbW{-1>6or{|$%ru3*;5EUlA<!61_C<n(@sIUs{kcQ
z{ab^hzAsw=bq0#tdTShSDwA;z+mGBc60NHT#y>tASrV7RXj3}YIUWmcTI)U$61b*0
zrRAM`@r*`j6P4cnqZr<5*UeQ7YnrK$W5=pe#`iEF7FHxso2lA$CA+64YblzES{6Xr
zs$&gg<Xu0C^y?8z?Hhu!dyzg$npww%+~y6s^|2j<Gd$$M{V7Yfk99U28?xaw{iI?1
zeLWbrx{PmHLeOYHL^1SV(xcxNHHPjRznfd2cs7UwB9}f5EgZt*4=!rrmdsQO(41o(
z?{s1KrsNx;ntTxUsjF|+>0UrA{gD_lS*TZ2LZpf5NF_dgk=@o;M%ZIAA2V=FN%LNB
z$Cp^ta~v6I&;o4B(O#)p&7FhMAsf^ZFvo|M|Lt=zd=DFB1CkMs*U-$jS^i8hR-{ZK
z@Ax}7IT)OYWZXeR2Kz{$&@PB)m783tmHHKee*h21u_%5hf|bF;2)9TeQrnp-5`=$S
ze)M-GE`5=6b_|pY@|s(OLedMR=J`%u1PjUDOgBjv%&tdvGmpP0PR>S;$mPE|!X>&P
zyBW;%Uk|<DJsy<22W?|{GPEb;%R6^U!I+wn@5{ZkmPPVA;Q)L~I+jp2-?(?ju$e2!
zS$;_jM8t7~;>J6OG83I~dPgaIxPWNIX>(f$rkc&<m_{}0>FY+hMhV394*_|i<x;Vz
znsKFJy=I`%Eh-r*0mV|uC-M%-e0$n~)yS?wgS>|}Oxz-^<OQ3yLTdXbf~!IHpLmRX
zo$Kuw#N`)}rpKrwDuE+P68h+`VW%EYP*WK-22bl`I6?G0Q%Bq(F~KdhxqZeGG20`Y
z<@HJwT*1Ne?K5Xald`nJZ#>JheSPATN7Y(VKfera7|89>hJg$8a8_3rxT6d4ET5<I
z#0Dv~6$+*{#9Fj^OMzRQEjm)+UGpeBQ@CL%D4CB=Bxfv}1s|(WZN0!11uy!5vRU%h
zIG5yRxjtVYv}x<n=w7(>sU#D!68Rr5zOn0g%Z+zTWSK6M$m0`z(uA_8xO_7PlE5)b
zscMb_{Sb_Gcm%puHa1t$+8t5-UG+7DfPlA8JvmB*WMCKB=9&NMPSkwPvV)ev#5j@o
z<$d!r1k231F)Knn_QN_Ou~3!cB<<U`$g1XHpHz8N1MC#Wg&B(oMMLU!^9Lg~M%T|`
zXX=VDzF-_(=xvYdp2)9!-1VJla@+Kf|L}$#KQygtVB-^ns>-5@d}}&NaG#*wl@{}k
zkbr7yKy7OJkOR~N-Y;+&<uT+)>;0X9-b41?C@s!ikKTrYxsIlt`GdF_XEUv81stc7
z>^;qxxK)JQ(Dy&Np!u=}{!)@-Y&n;Fjg=_QB#4g!11*XdoMCSjtOIj;1mZ9fm3>=)
z(T7CA2o%$<RLa+QM1&U6ccy07(nl!`w#V03*exO;CJi#GnU#}ck`W2H$05e;8+o#E
z@e?r$1g>Ssh3nn>7Iy-^Dhl!O=N;*NQ4>&FbJ_2aD|k4o%k6Ndg7wE<j3aGGaVB~g
z{x%n5f}(k(Ma!N(=9NY;q7dU7F5a>!2pMPpA%vHc;x+HjN9JMkf+Z+FgcG6tiUMsB
zc)XUXcAUQ~JB9Q`9H-M?mg#f1!xQP?gN)uIJkMz=<22FV3t=$%Zz#&6#!e*K=Xc{t
zzGdU+&K6Tb?Y;LP?Ym9VvaEqhp_WD>FBADYj-u!lJjs~aSG-JAI0sAz-CO!9EzZWv
zp79&>7o9FegP|0viYA&<r3Fk>s^G^pg+LybnU@W8C0tLCCkR!jo{<6`k(TAtfGwDS
zirN0>vN`mE4pmX2)?{rPqwAnOAlEnL8JoU}kCabsBeC+W3}M_)Hp6U8gO7RuZ3Y$*
zJEUOu*|PK_JZoF}xmkR>s&HdKk6mFb7By_xx?lN}STSmZSmNp`hxCFEK$9|9fakU^
zlcI3qR~+EZhKI5x1tngC4*JT<ime02Q4#S~uTHN&VrdG!hzSn$>goS_NkLA9gQ<)u
zBF2X;+qF{TX6*JH{2)^j-<s9>>HAx-8~%2N`&HVL9S<Z*8_TvV1HMUg_erUoiW@uF
zbT89%;w84`J7L#Xhipf&%=LKnq|sY?g9Yh&K$7J@DeIs1jUT&U`f#SK*uChj0`r~S
zD=-@I6yO{Z9h6Imw-LS7Na)0<#p)y83L?`Gx32Q8`~ApR76Brsa#R@=4`sp=zA}JK
z1mFaEcf~jm)i5b<c*!z^nJ_YO1G@)C%gg1H<Kf{pm64<%1lntIB1zmLMZWO7b`^Z*
zWs@Ttcm@;uE7)u5+Z+U@<o%6=_E!{NtcU}lAf{*mBE^t66ZU>_`L@s_ve#&d9LE(^
zBz#dOT(lJO@G6JiAuXF@GkT2UU3e4OX-ELYv>jGpP?wVGc6{d2FMDt1k@~O;Ltx8z
zN>AT%dnCN(LhmBaAa^9U)CZ9?^dtyiHRzK2SQL{WQ=t4%eOaHUa8hkK-NinFxhg*m
ztGhxpa41><@{QYEc8_JpKanK0E3xi{N@>FN0e>Pp(*u>~F3|>`e64V4i$hHwl{Yc<
zM>Oh2NFR)77!q0&3F8WO@7tt0kF=E=*e3C5RhDArWPB3-R;xQAAC|3%>-uVVgIE40
zx0_Aa`Zc%d)7RXMUZr-&NVuoyZ5OW@^>wyi5i42qGVIac*-J(iM97rm{-kMdp+3+s
zq2-X-?)-wJ(&i`J;+t!iP%}C3d^s_w%xvFgK8M^R%c<#4`C*Xw*fgoSIY4NO+I|X2
z;vjY+S3=XixYaFBTFkt2T4^eUw#P@hxS`^-^65(WywiK*yQ|2v<`!$*^1`x!=?%RU
z+{T3;4Gy&BchbI}VcqyUtv=NkYK8K?Mx0>{KR|PrO(D9}7x(O%{6=Y<LuNY1NJAs{
z>-rw^_H;Le&f#m{*e!hK#wK4?qJMOG$Uo5b`O#gTy_ff`)a7}1m%{P~Oa9@Vm=R}=
z7E%1gbKKotYX<ojlMRw#jl!mcYObt!3Pwh_nOVk525nR{*~|y#l{HH{eeImTmXk(q
znSD$%+IjqZKV3;0=N~-9+VYybcFxM4jgyjE6J%Sy8S1_Hu{yu=p|!?{x#5Skz+1@)
zbd5pZ@Lv5Z-VyCuDt{d2NBo*aFTBogCuW{@ZJed$YoIlWTb143jh(d=dTnV}-p}bA
zt&lEXST?snu1{3DTu$aVyK)D<)fA8|AbVEvI8f;D=BuK}OEcENEHUi6UP0}ek?M_U
zAMm{_+>A6@b((0RdCP-onWpaNYX0*cj2nFZS6+-?PnNDi^N<x;(uX%h`|Q6$CNMNx
zs)w2*-5*JJ+#2^6VJd2obC_U{(bxszbDs=7zAJy1L+w|-2X{TSLS5SvK&W%;eu8dF
zD`kx3OQ%=oM#nknZVz2IUY{<V66`I+wqJP!el^Oob@*g6L0#d<B!klab|p+s5jHq?
zePd9Sb9~H7PfwE+-i*-0Y>2Xr6YNj+D-2y|6wjNyZGUFe=uBx+<eM^}Th=8BLzCJ*
zE9PEX`XP-8bz7CN9rwfLnr=c^Ilu(ld7AF8Q<r}}?oQKp^|!mmC3s1Rz4eu<ONB;e
zmC~JeKkLnY<zpP$*qzWB;fi<b)D>yKO&l&$*OM5D2v^;aZ)UR$`Ps?_RG=hBtEW@U
z5b<U!?=h)_OmNX83+gi)x@>b{PQJes8E(3k@R7-<)JuH?<i?3ioX1djDWBtU5_Hk(
z^eISff3R(q?^tA!;TzO!c6(i}vw^_~rkCz1GAthg<R{QZUCY-`>h9x;PP9a1xS~o#
z!SjUACi&I-S-P%ZO_3S9#i0b|ZaYj>@<SA-p)?$`{hD){J5mG72<}lPb=YC#Jc(}=
z8~j*{{zASI@4@^mk`@0LW=;>6A7cE{zOXT%Jp&t5XS6^6u70i0tx8BHg-AMI!XesX
zebY&9%SB7j7^eb_?}yXe>m7Ph+L4ZcsIo{&>|6f&IC2%T+<|mws`j)^d>*y7)Apng
zmnv;s-?q+Lg(cy5sTjOvmLn3&38=pF*D)siYuN4UBOE24328?g1RApaEMQW-53f0w
z@>lsj{wP+O1j;zK@7Stzv4oAC`YMrxkBG#XqEsgLnd2>-o(VWT&d$!G@w5MdCdKq|
z-#b?RurC`Ov|<O;pGa}A2zRoMllN8SF7^-E?osqt25k(EbRyT^|0@8M)gh-XP3;Xf
z02Qlwfzu+1et2DNBaXlOu5E6ACL%Igrdo&_zF+UEl?$C1IeyaN=467wSj;KgZnZPI
zv(PdaS75ln>-mLofjfqIENE<M??i_x9c_L|HsyGx#tqb@8BPglq(BJHJjg|cvufPA
zLM^U7Ya=?(r+mi+7MgzDPG!En84FWeAf%P>MGB7HbmS#h(mu#qt>ziF*ay4qNPb@&
zh}Xal1vWTym5EFJlPyt_ll_Nv&FQa6BtMX;cTMCBwbvThB?`T}yE@~J{xwRuKm%zH
z<?rTkHFA1db}Moja}Awox<YN$<2IiduN=M%sAQDbE}rJ8m_ZD60*NQ(z$^Ju(zsyc
zM<in4jLH7--kqhn@8b>G2g^P?KLcRX<$2S-5<Z7Kk>06V9mXLgGesYAl6_`sKJ3q>
zMIp^@g4|AyLNRDOod(4OY{nn7-!Hb2c2a*9!NO&#Qgcgkwa0R<JWJ5+gO<}><jOky
zNyl1IMKYo`s*2V>Pvx7Ta0UGPum<GoOZ=U$r;1aDIxZ(|0q4KAR)Gmnjdfd#8;b~n
zc`wp=%ie;anNdE@0CPFi`JDx_Pc=HtnL6hm!A%$WA4^iHO<Koe9#y?M5b(WTl`?Ad
zeD<x%vYjuP)0nKt_j+;rXXFw}4rQaW{m||A(S^H|DnO(++3BVDz85~8VDv@vOXUQs
z`E7FEWSu27jnjEFgK|hkc6YqX(W2qtFhRuxO=pbVW3usX<u?ISO;Xx%cpO%FUNdRQ
zG0&B;>lW?EdGeL{YisKYWJkZ$25{eN@=qCd)z5u@*VCGn&ike0vT^LFGEX1N>G}v@
zUOt~$AHyUFxlbsHfC_$a+ude3(?^q{ItQ6S4?BD;>6yYFf=-3cbg~|LNt0f0TO(F>
zaB=-Qa?!Z)M#5je1~#Idpx<ndu_--AhL4XQS-W|7x$l+}@Vz=`_Bsm@<3WiS_{Akb
zhx>Fdhh^qXboKQRppk?`Q6blaRLbe&KHUc%-lxJrIgY<>WQPdDHhwAz%RfEnSkCDh
z@FpTW7F)tOLa`WS64^k>b9jG*mz-C>q20D`GHumB_8_{3x1SsfHg7lrvx>^NY{(8p
z;5AaGPjnK&3lgM?72?7$8qHu|qrCJ~a^tVzwGYAy7n^^8(JZa9sZV1L`K)o}&8uuo
z1TxP)-R^^NUPnDsl8c-;u*@_Om5^0@nbACw5gN)}hs&jO7<}`y=?&T2vZN|wA`V<b
zB~99&a$bU(G(?QJtwpP9^skt5RHTqR!qI8G>-dd2Y~f_n%1PRca1|396GouA>A-C)
zRw+)v{SG0Fow2vb_<`e{$J2jLGOM3-6Gt`9ip;-6n7qB^;3>y9wnw$`oaR+OSh|z5
zxr-4*mFrl~674!tFW-eOFeWH%a}o-@ognUhGcocceA#xk^fBVzLDBBRziOFKkm@-r
z9%5kCIB1xj?pLVlR_T`!+vOZU(v89qjy=k9e<{<=>=u`nH~`6f7742Cz3KAOq3C$R
z@rE7F>p1B;I^h{tL~UB$J9~4p+#>7j?51!xQjN51x7M$=iJb1aHv6WjG?e(<%k!%)
z&i$^WP24m7(mvu1-seP=lB0y#Cca9%0g^rwl@{v9Fh1?9|Hsu=M%C3U+Xf2|+(~c=
z?jGDN!QCB#ySuvt5AN>n8z+$9wsCiNhqrRhJ@=mPjXg&G<Ogf@s;-(<J?CuPIpEUC
z4Cd>&jr4`HPXEo%Ugz&QzkYmo8*5#n*v|g}iz9<-w@B5{FfUwUyw7a~0Y$93>AhU8
zdA7As^icYGx(boOP4DnIwHg`%rv<E?a<qO4Tc#{5EG(hZWFR4<tFW!%Lx=t0(`sLF
zUWvp7CL#QLx_uSn?;zJDn*EzOOkP#c$1ZJNBp%;q^wA|}R;%tZROOI(%~#mFvl5Ix
zqsNBcsGX&Cr7Fk|Sd$%&EOUBIz6ZzlQTsh+4(mw}TS=5?zr)F%n5>Omy;>v3m%6Lh
zd}0`JeEr6KcO3=J_f{)Y`5)Q69Erc(%(9Rf5WKJ@g$Bvg$7_Zyefz23r2TxN!jG_9
z<!!3wInS6qP-BC1elYJ#wz*0`m&uB47DLn<XHS&tOeu~nNeEmiEI4W;Tm5U<dkHiU
z0_0xTQClkc8o1?UBtq@9msH)g)?7-8KRU6L*@nh2S8jz(*=pI;ksJPzSh=5wa6$#{
zUV{e5pHZYg=R#F;f~l;BXN*W&eQYXxnq450ZNHdgL?T{Zcz7F<LarWHNXGj;td)F`
zO~}q-U|l;2u4PrtSBOMT<*ws-rkU$L5^)b9GunEYF4|FN`Ms{edNWOw1pDrHe-FXr
z_JV8#vGliZg0W^Vv&(ajFoe8N;vI9Ca?J-3416Coh&6PlFKTA=wA#CrG`fbgnhS1g
zO0^<6EOqs)kOa_CiK2X9&PE?b`ltVtfIK?wWjxd>DTgi5Q8qt47SA7{5nw^wK@L9z
zPir#D%sZ}*iy(dW8Y#QE>v?IXQU{~9C6Yi&QKa=9UDpPd$T!B+eMQf^9%IuvV=)xS
z_u$XZ5;CQGyCHe%!t=ohZ09YN{P9C6B{wd9cw)`OanSI0$Y-hB)m8)MZ>djMSzaSE
zUm2~RGTFO0U%@?+WZfa1Bz7+L3gb{Z>51JPji5e|A`+0s-`hId2EiP?1y%cgUIyXC
zWR0uzUl)RM7LArg>QP=;2teYxJ?Ad-$cO?~^}=9vSHj==M<Bc_E;jZotMPSfho8Uz
z5DWpS-LX&7tIbH~_1(A%7dxK%TJehsIZi4Q|4hq;Ts0~>zBb%Xfo;xwi4T2xlRW-c
zFr9>wxHYoqWZxj=&S2wFwT-26;&2UG==nt_Sp(n9TG;vbne~2qmNIR>f7i*H$`hRR
zlbkgbFH{sM9J;HcR@dV|9yy*UG5snv`L}3!ya5O|D+*<nyb|{@;z7TmE1_hv;~Nzv
z=dqL_v)l*Ht5%3^RO@RygD`k>(d&MLRc!2d=|8_k96|`$$(i;IuCgbuf?4AI^8S$j
z#Jvm@eZOOZ%Wn9GzfO;wK8&nW3H+YV>|S5cFkqvrL0eFhh>bKVOSnCX1r6t`kyLzC
zI^^{-^UZax&mUHJsG{I*G8c0GKUkan7X{yTKMW<4BMk*YXMfgaV`TVhZDA0_^@@*C
zS))55h+mq5Pa7|v7~Y@sxi>^tmb~bmSX%B=bocc6gmC4>0DBLzm6j+bFpi2M%gJ(1
zfX9P{-fyXe;!}K^jTu`wJlhkA*%JN*0?uu`&RM;8N((LakY~A5ZEnpf(&W)OIN5qB
zjPADQR1j8)B7*v%5mA`7EqHtn;V6(^hz>byq7|kQvzmrb03&$EwSgT+${F#!U!}A)
zdwbE~j<j)<;hh&bU*+vzjOl8IFH<NgaGz}!y9ioDtzSDPt0ERF3UJ0p*J;(cp9r2i
z&(tvKRUsK~++k1j4r4X8JW3PVt5J~pWA(fvu!y3E8peHuZ@8n+r;AL0tXp>pU8Yn0
zad7l;%6N-Q134ZO0~U|h$P+m|N|tZ6cVCy@ZbN{O5Ms{JXmCL#IKu!WX;|a5&w=VK
z;ZtIq#v#pPWmJ+vE;-LBUcA6*bKc~&ifUv1bXQ)xAK1)f_eZ<o;4*|esr?q<xjk%Y
ze)j#1Ty6Nv^NM*l+ALvv%A>}{HEz+1)wR=KSz4pz<I8H!t(}8|_(2^O*6G>Uwh*@8
zhBJRAKmJz`r`zi{pK=8B%`GOAA0+tGwgR@@L;g?~qyFd1imehh#lYBC5uhn>0BnRl
z9+G)R!(WlkSQ=6U8>S~_tl~6$ne~U9iPe{>8tGPxZ3rICG9N!wsjd`B`_e7grHBtO
zUF6HS<)NW;7t-zSqQ{eU>~(%QN;2!|@Ppv0^W{l?wL>2pV=%Rz$w0S1&B0kX?;f8S
zWER0T-vR4^NX|!P@BPv%8WTjIEkJi~dNRrtw=H$)rDVFo4>XMzi~3zq1$w7JEBzBy
za+|^PtNm4#M>D*a&%b$5-?N`Nd6~eaHJ^k`zrBWEyezHvnJmc{CT~FVES)?*E?Jz`
z-%Yh<Sfg<eihannp?5Suw8k*6vem{Y4V)3Ej_;bF4nW7AC$Hk1UUOGDm{<E+T;6Ch
z7;#dfy(JZSRQS1_Kp=;n&=#y1Oz^ZfuH)AAq<_5jka?+0@VH9p)?|bNWSkKDmnHq(
z2!auWyT)Xbq|+(SC~HT8J<VbE5Lm%i@B@L3HYjS4{w=hNtcWt0U`E{UNITZ-cj-;W
zT@sZJGRy}G4B4X;@33r;uD{$Ikrx#kwFoNm=_P>7)BJB4k>nl23f+g6!-)7=FqA?-
zVFno3`aLrSsV@UIV*Fy_%ObI=KKHUGYIpzP0$iu(k6cBE@^!s>#b}Bwm~C>FIA#{O
zPjfU<TbF)HLG2wR9HLM91I+&Yg%TOyAhA)`sd>;Li~8ZNM&jIZT@j^VvV6#ey3ZPg
zS%Oh=u4$wQj8dUt<f!aK0^F?tJQer6LD98Kk;y#|U%e5@BBJ(VW*uP{lhwfz@4iTY
zIRneYV@lE~u4dvx-;axa+~E(?y<Uvu$ZQUQj9uh*ZX<pqvkfxt@oeO&ZjfIQJd0-g
zo&}DH_@pJD&vVmRY9^k7vuMaMC6{aHPkKatj|<0#iXslvc`Vj2@xpdGrZ$Hf!-r#f
zyru>rDX7PT4LiLIW-r&6=C~Y@n9Wdz<Pk86y_?vQ5qSntZLHEy%o&f0R+$oI$gaae
zcOMcw!f>Udf{<^zwMnwB-*1|;$7`Bz#H*&yFmC4D$XG@OeXuw2ZOGd(&ND;pdzrLM
z6iqgFAI8O&yJDK^NB|?BP4+@rWYaszbzuW1Dm<dZSO!Li1_`a&#j4{-p09(T7F1F~
zjxVJ_8lSCPLhrW=++wxwiitW3FS!x3|A^3p2=^L3?w_jH9N3CV@OSTLjZSo|{I*as
zKJD-NzEaw}n26ZrK{ze$B68)jGFi7}Nu{zV7rda!;)vOHgBQ6d$I%Cr`g1`4G5db!
zXgs+u$DSzPCSk5@EN`IWTrr#Z-g{}DM)x@=mcw8WOh_{x5?Ri}L6@D&5s~Ho%C61p
zh<J8wk;{*BOBI8%=8gq5H1>6eKtIm+sw@_Bp-<_QdGg0T>!t|ei6#zT2yoYCub@}M
z>AR78wH~?j<gz0mD#K}UWDRZt-u-#@N?B~kmFRseoEAb!^~pEusSiT&c{-qt^v1gv
zrgu8x!5)8Q{33udT&N@96TYMM*0&7rZMS*O-@)xhx@nkKYc+;jvE~UisepoM!1^#c
zhRbTiPNPzdFpgeGuUoydz(jDq=A#)aSA?iq_x7-aZKVOiEpO6OC4_%!@(vsz>WVhC
zZuiGi=B(1|4gKAmuZYASDTF3TyBFPeNRW)Y&0A+-@)S*OrRiq5kzU{V=tTScSa)la
za9YUW3c>j?)X5#6$k&;PS`Lfz>(GsLa2-}z{`fBx`bBb1EA#vYlvTO*Lc+BA4OcVo
z@YB%_X7`P|5{(qthj@g}?mwfS$(7qVZu`Tif7k4#AaS{GqkPl74y@~IuwrBXHP4W#
zaO=JA+PA?t_QksGTE%g`xm-Ziak^J#k)$)xby{4Oa3S>J=uOda&gdq+yp@{FWU_%1
zn7KhfGu-Pgkn~YSrw!W8$X~_CwMvgT`dwMHSG`QSVxpvclwP}4na$`Pwew_Te7tx8
zw*kbgkf6~m_LETK&k8jbJ><`gdz4~rIE)8@96FCVBF#c}&W!plGMgk37cbdLS^3q7
z8DTQCX1RU812H#@Y&xwTmm{%Ho>%zCH<wGvB6xFgj>7vu`A>cqEe@{*nnVJR4xmS#
z%f{jwtKYsf+EnvS=<JCJ?x{X&uhDHb4;i)hj^o&3;;OzK%taluFx7}&D3wuJCPkW;
z^I4VmHYb!h&BzFy&e>=DqVBWbyxVD|A0G4Hcr<5X6CVehn}zC;fwtfYdyl~J)9|vj
zEoe%efQe+7ZF_)H8Si-L1aF?XM9JDDp+6;cA`6dIo6HrqDx*(}k+b{x#+PQPX=tjz
z7*0AeG@1`NvlK{e;3v3<=Kwzw=+yh<++xLcVG9zx{g3%r@etRiIh<k1c3I@G!$`a4
z24QsQa7E4lpd-X27r>RJzX8-hoHnPdUwEZZ2sL*|W#rI2elejnwDyi7hqM`9dhGT}
z5u8S4F(*cnM`LT!I`e&79E$ebot?a_u&d8n#VWeF5KCTVBQI9RwW;V}cETT~^caov
z(+@*_&2NrXmF$?X3;~}v4?)Dq-}mjG2ti8l<o<qR{e$!L4YB>x)#P{Q$*VwPRQOLG
zH{XNF(U!tEcKZ$P8{sK#;=dC=m_8a>+R%l=^2ImQxK@C;-}zK`&Y-Goj=gHq978>Q
zH$M(zh9{xV(Di6hw@Ba?q@!YWo@$Wy{dpE<FewTCd7H@?tv#=ZbI5YVX>X-oB0xTJ
zFF)ADB&tnhgiI7tl|TwK{_e047`?lP3?XP=FKZ?rOWbF`k7iitGH~hmDx($X9PI(t
z2{jsANvloW6YvNL=SGmLg!JCbE`yr*Uup<^&z@i+yB;Kh5%K048QN}qaYh%<*P)qi
zqs=fsPHdQXD2lx3UJV!F^4fH9|KurAqNjU&EaCq0q=+FG^|MwSO_WIHFcc;oIX^L0
zAbIRl@cliPGfH?~pD*s^=&bc6{^00t5B_@k_}=>QFlcso!*<>a5hTsd>@)VhB|T$s
zmYd05o+t78LSl9iNqMCjB|Tskfx_S>rW|*omiw`jRclz_VN^DvC9DM}=48#=KbgRj
z3SIKbP^0}jOO?(eijmnTht-1FW*>sGyrH;v4f}Ck6TA0op2~QRs&6q0)tm$A5RoeF
zPffo0+ZxaG*;_f6R@XjNyrvc4aA1Zl*E>3OQxxGtdmmAjo^D#SvsI0lF2&QO7ww!a
zBR0L)7LbM3c*L%j?yI@bx%0Im^^QT+x*4i>kp9!S`VYV(bJzzyJ<by6+_c%_-nfs%
zEk){dXmE$s?!1|3vULwGl0!--S7wTX^VPr&l!u&Nzma9zRqf>dSZAy#Kh3_FSJ)cl
z7^tc)F{FlgrRc$7VKY^HH*xdT%<lV{oO-kIC)3KsKqwy2(2tiTCL@!>K&_BZlFK&g
z96AdSdu)r56oIWA4QKoC*F98y+9g;Xhz=s@g=Xar5iMn}ZW!#@Kd3n9GdOh#*c3+j
zZgtxpmk14%ibGydIZF3#l!lP?7b+&*oX^P{ylb-`zucr<uYr6Gd%K&YT)cPtN$yoD
z!s+$sS=x08S3#qBnV>fp98rO=?gF{4zFn0oRIeL+@eUB=wXCPFo0--93&&VCe}w&u
zW@%%h0h)QUip5-CLm`N!I-}GURALq8A>ehX$Y%YLcZq#+t85?jxQ@VP(L+VDi;&I3
zkS*Y!&B4&K26~Iy(HbYU`z|r#wn^Q=(eD*8{Lx5Ph2+yyRGNYPD)ao}WvkJ}6~(k9
zfna?T<JPEDHjUx&iQ1>l)-l_Xy+F!OjUf^j#<qOc46}f%QNvQPBp5R;?)xp53k3^;
zfzcim)#hKup$>^4O8!i%!*Ll@D;3?=jYYp40|%`Pz&;Zs6zLWOLt7DU>n(wF{mcx`
zR!<pV5`^>2GiQYh7B0==+2i{t%w}0>gGNuja~{LdR9-SO2}GEeq5kDdYaRw=yuRdz
zd(VcScjcQ=4!hp;N_9+MnR|7-qR!DF%2S#FuTtnkv{sF^*va-zPGDZfJz3_{454$j
z2QuTeKJt6MHqM*gbL!s{1tw;q5(0wNsypYyMSWBoC!wb@kw(iINcwI?l|ZNSfcK{A
zR-wnDGO$O)=EDye!W-Lez&Y7Aji-Jy42_uGfheQttcoY}_S%T&{HaNFNG*hVQ|Pl0
z$7bn^$$qVF<%r?=JxqywWz1oyr@!#`iD!4jpEdHceN2?z;(xl!>2V!!+-`mOCaac+
zu}(*wyf`W|N@ZVU@AoaqDGo12rgfz*C$37=jvP`!KME3vJeqI&{A#Zz?iU!Oww{if
zX}ggw?sjdI)4Q{MJn@0!<gGQ3i$PDKkox78Z&~Mk3+}bsAgmJqN(4<K-sa_k5sJ>+
zFz~+?9jnT|bBqt~1gxJCGd-gfi_5&9%k-UMDfW3Ru(NEIkhD0xLh@mofVGG=y@@5U
z<xhXbR(+L@#b271o4%mmz>ZGlNBm)xS+`;6o?gEeHHM-#mfg$4mu|ShIkc`a!b#oO
z-vRHvez+U+VK%FK?k0P43(1$3@BXm9RKKL!|7=VxJC<lM@-Ec1w~eoPeSP0Ao0I;l
zJ)e}&qII*+7ITY|%pctwo)OiGtX}@Tu6YbGzOU4=>|?fDPtC$hRZz+?Df60%;+@4y
zxo%Q=&zCnWf1WOhfkL`5yF1LW__`x>ep7DY@){Kz8_LfNAv;z@?c;k@NSTDAdr+6e
z?5U0NNB1hU?#c+()nEuP)6oATVMi<fPHFYHV7GNcDcPu>76}t#rR@q2Wt6dW?+hMl
zk(h$wL#6J1@MV%E83zaU8R!O*f58p+v-k7)rP2Vi^DtwHa(<S^Q=S)r9zn!h<|DY{
zrI1sgL)(9nutMt_pH&1lb=cx8O;Pvk+?<}$Q*?BAP^6_l=Hu7iUDNZOf(Os7%b#3V
zXF?sEXO@kxFRsUO-##rP>%9=B<z-K=`k)PcoBOSKlUBaQ-ku5CuyqERHaA@Pk(^wJ
zZtYF9?k(NhuaM#|ywOs4J=06dcdT^sV_WlwqzkE`a$UPutYAfndXwtf9z-e-RS3VB
z5}c3s5Tx>#;q6wf#QvyeS3U9^o_cL@+a-!Rnnow80>iw~#1`)BIVodmuej|irI7oA
zE01ue9+(>m3BfN=ud7cOrd5vwHm9fH=K<dSLGfIzHT$p@q7a{x@|-swNBO(bCX3ad
zjfbv@<?4LqKCGMqEaNEimSdbqTF)r2NftC`)4)gX>9u_wC}bTvx5+lE@zE>McmiR3
z3J_wfsqCcE$_-iBPbq!jpm&DiH%H}Y9;Xum7qU;6-^Lhc_)s^6`=N3)ePJL?`b%6x
zf_Cc-DrP!h?^9|<%<Xv=2q91Wdw%#=*5L370tx`tp%DJu#5n=3^vc&&nbXm`k}n%*
zoM@OX7vJr`g=iQ&45ojis28FH0fy-bxz#sCb<0w_$`{vN@VtD7sQERC0o3|w=2Gf|
ztSdPMx&C8>&i%uY3AoE0hJx``>N9Ef1c?2R-7+=>_M7~?9NtCVrLlYMxcZIz*nJk2
zG8oEx=#SX<Un+>ct%QT)D?y*+_@fC&zZz^(uI20Z^je4*pDse3GiagxHjC{otba3H
zoI1gsj@+1U%lEz`iTL&4GRxaI{QR=`z;$t_8<klPq5Ij(?r|*;++xKo?o%V(SiJG;
z+;HousXv1erMLJS%(c0eu6uR|>(y7@g#sjws#JgLbT$2pyJF_U*^m<DEvXJ>!}l3F
zD>c4DraMySw~0GtU1zGkL1ezq5yROwD%pE6XW;?Cd=tKZw3k1$Ml|bHh1xrE=E?>F
z_~k}*U6IXZR&1ji)kZ1AS+so2d&0ZhbAP^y)C2kL9X)qP$eQnhU+@{q;AJ*rj$m${
zpdqQQxhf<E|7uj49EXUZuvgl=CBS&IfZ|aVdrE=Lw_I~gxV9YJPubYqjrpM@Fchmt
z-y7cN$!xmY7JAM2Y>Mjg)_{zc?BmzGrdR4yJ>9~-yu6%n-q7Te)+E=vs{xSsj~El1
zrL<XCs=vF`0$hJ7y`<*DSZh66K71ZW0^W`e=Bjbl)cV_ZUL&ggQw#Za567U?HmCL}
zghj3O_1k;HA?KF1HtH7+*Oxf>Y{MDL=$ic{j0h?duEO7Yuff&6?Aq;i(hG!p=&%x$
z-`K`Jlj}b<m6sf^RZClU2ps!{MThs!d<Gd_AIVYUo$wikSh%jmjB-5=Rl8Y^Tw*@{
zaX(Cv0SvhwEfO!v1I{P#!1c}qU79Q^vs-$NF=cnFnM-bFgDDpH=5JW#0{)}}(o{Uz
zZBBSJs@0MF;|~ViEe|DY4FpwsUm}4pDMwYHUj)S)J~QHRx~x6z<CP%U3%Y-}{k{>+
zDL$sW0p?=-ev=lX<m7~D1EZrz4o;A3956!CqOt9}R5=1~bN~3^p3`25#u1E=r+O3N
z;$Lhkmr>lBB`+X(obc^z(X2ufrBq<;(|kd<Tyxp@bqzf3GV+lmIF(ng0^s`|dki}V
z9L0a(@hz6XXgHlxJ2*M5JUSoUtH<)k!y^a=DqxAT{N8$)6x33QJ23;rhnGdQUfAER
zG@X2|o2V4XR{6-JalefBmC>mqi;z`YFR-n+BQ{q}lzu%7Z~N1%$yB2e_4f542&s*i
zJHPx12Qhih@{3AH(C`#`U!V?72J$co<Pc@qOv~J?OirRHVZTLrx(d^e@vvvR(FCu&
z)|pfDzwPVLy&dp=z`T{eobYtr^xI?FisTE6jUMoP(V|ADYh0CB2IW6KZ0x5@8i6q}
z8C3w9q&v%691{PUM%_|z=QM@Y%vQal6PiwVktXk(l}}#sVI2enz@UW?EfxM3dmRC;
z!Gsv?ol~vJcgB!6ePrw<xknlin!mJP!Bs(EE}}Fd2qyQO!PRwc7%zRZkhr(naTNsB
z*|#P~ZBTs%{P!9${j;#1VrVt2YrdM6gRo8_PUfX4_qeBMCU`%6<EIp}+;MF^e=431
zF*qC7E1h1a;|yfTmt<!2s<Fc1{hF)_?;`MX24_!>HHv=5mM#*+Q@Oom?hu0L{+eWP
zcqIVqqJQuQEzHXfW%38w;bWW3V$S$4js1rT6jQHS9FylV!`JOsu9hR77Az`g95v2m
z1W>fQ9zkze>`<;x{T@~=8V*t9g?E-vpy_zN%sj-s)gu$uoFwgdCm5wO#J7Y)T6t3F
z2SYaW?a-kPiJg-}?<UG>|0L8>js7$<S8L1qeJ<a<z9<d=(`=I{*RNs+Hv(#H6L+G~
zSZ7U9fA6X|+U?%!;qpwQCZA*rxauE7C3<`2N#P;lKQX`Wl$W{5)gDM|!Eh0Id8>U-
z&-~ce2#k0KQS^NB4yQlVe&jVkOXHtM3cs*->ohTMyy#E3r%SF<%aR#%*Z}3HPJpn0
zS_l!lSr~t9`8GCcfvEcI01xu1hb)dc?K>a-t+cN<kyMYnl7Asm#_K%nf|V@Or<5t*
zlm{f1vmL^~xh{Z*ui?5X@FmTGVZqF0!<Ks$tDNtL@i^lRUg#K~giv<s_c@BaDjsNC
zJ>QI1Gl8Ox1vE>SHF**!dL03qvH4W~LoxPjJBCT=Sc9{CpDW~4fs2jS?X8<o0PG-%
zffE_Dq%!x39xR}uvhUcnS3Z<|5lZ(}1eXjy<GRq|Iu3qx&@l(7IYSc{jT_&uqe$*V
z_bZR?_d8e17(z5Yw7Q@fG$U>#z(zkok1m4p22+}jx3}Z3@qBG3I>=VD+E@neZCCE8
zU%|IXt8d3@NsQ7<wK~jq1fpWgeG`7;6UEU26pV{yvYV7A`;h8fCd9YaZ`{Ez>|VPt
zfthJwEthDJ>G+q{t`5cUF9wxby@ceO-2+_OU3#ds$S?|dZp`UFLEnZ1Zk|V&d?E#K
zBfOX5odevbv)sF2+pa$$Wd;ULWsmCp=~>wFH9(vvC$Kx+Hu(1G9=~hZktf*aM>kWu
zZr6kVL!;{o36NUE7Y5#R@nS%}Z}5(TpqNHa8`|2Zh8u}D=BstRQjS%;i4R|Wxbhc|
z7UHvV1@aX~J>XD~dM3sinJj1dO`a^VWtH7eE#@u#eNj$SkA9?k=3+j2-}F+8aoO|D
ze5gLVxplg~S5YNoczdZQB9ieC30ADURVUkFE=y`XdJSl{b%)mb5~{%W>1U?vqAP2V
z<?MMj-zoe3quKy%AjL=C?~)DV6hM-Xp3Hq>!g^0{_Z{}Lt;JJ5U;4<1g%pLrd~3A~
z|5{<P00lQTr^s1%^*PkNXMetdyEuKVd{9m8sd2K;kubO*_J=mf-z@RJf>!-(xNQOy
zyc>qH>1r!waX_FlBj!CpLa}3X+4>C&onr||z8T#!G!wFdnn$d1G1<HwIA(Isg&lk}
z^A**Xecy*q*dMC&ShkI+RGLV~2;LB84{<r3ekP`nB=5WD-NfdGGh}e*$!5os!-KFY
z!Vqmpv2Lld8vF<2zW(VE4p@IK?W58wL^j+qT;Dy+nt2U`y~~+CLdv50b9=YWZ}VP9
z5sv{l!;qrXXMc9{{(i2KSgx$(jfH^`-I6MaNn`ly2U<32tbnU`wQ#|gk7po9T3iJM
zG%B4U()IN?a=rT#)SXPDH1*Uhc${c&M;Cjc{Yw2LR=;#9iPw7=HO4Ge${pJIvRK8g
z9hGOE=<{`{9R#yif8Rn)xOM`>JILT9v%pLJdoxg5Xcp|pR^208<r%1!c2?Jd-0xdA
z>#qdt6vwuP+8LKE%rBYlFv3+?p;|q?RGSLg?s5yjZeEmtZ^mt4FajiNza3vu4$>P>
zI9X2;M4v6sRGA85^$ImD5*ka)hPRQdO|KB!!<Ty0<X68Zys8{_4-8=0*D{Z66&a3t
z9O%9+B{y0q)vJe3onJCUeyHdZeG7<kgzr3(3{$P1Rv$&05vdet;EV4}<FiA~jrK?>
zg@d)xEuL~caRi^BLId>6waeM{4UNm(3*b%%714`erO>2rCNwkMcjbE<uPgF#Ry10r
z6fp$gs$Q-i&^yEKZzHkP3yMpyoC_Z#qO$~wE+<4{+?WB2lKcReNM3T={!S*|7GIoT
z-iY*<6~#9e*40+)@#@8Q2KgJeT6R*}zVh9t$4QS4C(lxt7w5tU4oQUZ*^dMmA9H<-
zq-KuLoDSGV63t#0wjcERdZs)|7g~KAhmz>+PD~g$J<_I(Zd`t;Sm}V^s!_7D8u;z`
zwmihJMbHx8Rq67=WIH4!%*84JiG`5T%V+&l-?J5t98r%1##%Q3{(cgmc%;S`bYgfw
z?UV~Za5it_Tc&kg*$rg3`*tT?4XJ=d$FwZ5zbTJn<rh^e80Z{y4&5x)i<&2%Gn7AW
zAMa)vb{TrxPb!pU9|xB5*^fCmI0q)=Cve;KE_0QhL}xV~e_3*Mv2WygY4d!8kbO1#
z#ja9XKo-*cZIIhMe(IGhXjCK)48{Sbp<ur-uK(L^f7Rp*A>Dn19Eg#onhmJ1$!QIR
zYtDXvAT`}4wR-;td^(ldv)615bM}u37KhAra*uc~eU19i_*3TZN*v^&mCFt{mSgwf
zFBC+|<E&Q;fu0+wJYBG3gl`!2bFZbc$B{35R=x+7U#r!mZcFOYetg1Pbp~ih)*&w6
zP=-3rdBPP4OV<6v#gyKcD12nLR%u$CO#-n0ZmP{8)6n&}ubOBi*m}_gXcDhAM5?Gs
ztSb1vnzVWY=mRlV`JZBV{d_p}^P1YkBo1e6H?5}%AcN2W=PzZJvC`mWas$VKB`XKb
zuTp(Go;w+a%m>Zu32)~l2GdO$H*o2*<W{)C64xx_8>l#Vk!wvA;(f`P3N0mOSx0&{
z`_|)SfUHHE%z*4R?dWRug{PUh!qFM)G*Oop@#OY&c@$_{NS1~Iv)p{oRszg;Zbol>
z7Pq+V<bXM;x5TfVk>HwPlkUPV|7ynmrzeB<*Zw;R`u5P}YwOzF>%a4L?)vJ2F59xw
z%vA)?8Lx!#YwM}PrB|kW-T8@e;JyJ}lhHr=4DVqX>q&iw+i=zX<0`}^H<(d2B>`jE
z9WeD-^vG0OJkvRen6+Yc?&GOS>TZO)sHvUf#__tz_z*l&Q-WA%O8=!`CGqIFGYpo?
zaV*Y~h8`t-$t;EV_&M!B<w-QA`C~q|kRlmzQ1pHf&{h6lY8KQL1D>|V^@-sO&dF{9
z2E2w{WKd4YyNMmp%SZ^1+{xx(I5g0Hbr`16uBSm_)uc`HnNo0om1Ic{cdr;@yYNGQ
zPA8yE9G3$B3itjwWK76v32Up|OweoEE)EXsi~xQV3$%PzV_9<9|5D0&ELW`xh<zZo
z6bShGM2&{pE6(<BwE3S^B(5fni?5kHkObF&9W?c>E_L9(_yZ&=rOROmf)wc8S+sgn
zkSx8JpW2SkR!144!)OIQC#lZGR$=_lPMInk;Lr{OS`y5A<~wbXN++N(XJP%dFTk&o
zY@&HkB^}Lv35!uX+^+efyC|wqH#TZmn46y?4q`6C^kofN?;y4~t<J}w8Yvvo)_*z&
zbjzZ-rPkD9CTK>Qn3RJODq2xVgJfiBHcJa5hD92YLs?c3;nRs20Of`G`u2Mv03J`*
zb^tMGLK#$p7K{l^M>0`ebOP{9<7-+OgQCBe6YEC^_6NdpF$T%#DtsWZx*U;|7WhvX
z{ky|gB#TR{@m~oM#rVsGKLtkfYnhBcFw;a4SaKm3e?n`_!wEgCFl7bA?uV9oyWvC)
zywRw~0@prue5>n>@QLsqdCoL^`6U0OImX!k(P|^*H@Vfav3Js5WP#++r5B8-sOV<z
z=Zl)*bvDDJ6nF!pBQo;Ke~M{&X&{sNtQ0-}9uZvBxGNL<y7vYGL6}r07Y@&;o3B#k
z!3s{0$}JUDIUrQb`<wwa5{E_;c!o>ckCSSXazCr1;0km>?}3bsaZ8K_%Q(2ToCz5=
z)85yYUlNrPd=bAF`+WC|hJh2xv*9W~Oooodi!oW#QNIxS*Y4uN6^d4uIw%^eC#4AH
zzib?U=?5k-{lNHN8S00WV?c(=B%$@EbmSxQNpCa;FmNq?_df1(@2)=rM>g$`z$vL&
zpmC7^u7%5_U8&QQ5O^7y|4(o*wTwBJN4ousjvl4#fJr6)?$u|ff*}D8AP;?lJQ)e?
z1xYrD)!Jlh1k`-}t4t^OvN~ss;~tL+gm9wJKjgkZ2<sDD{l{g3N(BQ;dR~_7{SQKF
zBh7`ez4I_FIAo9$8`tsFzl|o!$xKImOp<CI#NqHPk+T~zVNt29O?pj#pmMkiMiwA^
z3GPP4Be!}Esu?cbNcIRVl-~Le7vKcf|Mmctqs($_Qq1Xd+G_Kb&93t#keH6h=wAM<
zSN->+5x<e@htynD6$-C1DF>+@@6;o!FSIPzdtaWp?OKh?(TnAn4RmcutKuEUFC+&L
zwX7ep>T1p*BrJWVl6pmuCKXzbM<RB7)N7Nc)2;C0sozbpo@e9|M#1|Ck{|#T7^6#J
z8QVPX_$&=tf-!^^Of6$I6)aHF>r8%+c+lROigq`hP;%}y@6iVJfJ#hI@JOr(o!^hl
zJ^?SK(o)F$pY8vzUFWYYN{obpN6%AA@G^T)Q)mA(8DKNyya$wwD^T)W^)hia3k7H#
zfAX^W;SLcAbuPcSi-?`0de`WqT-O|E4tNBOQj%MV3Wy1qbaC+Lfy|A9qCNc~skDkJ
z_RIIndG)BE<Fh%Xz==4$6!o!}O)j0l$c=-PH1?m#(S-!aMAYMP-&Y&|C}%AWQQUlP
zx@Zps%4mwAdc~dse0mNXj@5IuTg-1tB;Z)>BSf~ay<2G+u<K*r7&22flDgm_HH7u=
z6M8h-1bA#XZffjZT|*h+@u-1f9S7<Ert$%&cktC&7!L1=NaVo(AAjD@9r{nGXuVnk
zIl1OotTs?Ikcxp1`+ydYeaQkzZq=qzPiSy8Ndjb!Iv=UEx{&Ur8>`rwiwmq?3d?*N
z*F7;H4Jw}l=NK;hO#nuCco%X1PmF+##)Qi8SAVm#Qfa6E5YPTB?U~HEOEqDrvox(&
z;U(<=-Y)4f3$A%MOe~f{#`Bz_9S!{UN->n0a>2UoFsy?w33jR`Ov~rUQr&TUBQ;2P
zdKt6MDC}IGJ?aR!`}IhoS}#*+poD_Q>FSzzOPz3ZrL6l=?m%KS6P8;ASp+5)H}clw
z=@>mIQx8ycXaBlT<+MQSMh8^>sl@s7th$wnykUZ=vc(A)vF>*Ig<t>m_`r5-*X%B}
zpwG7PAQ%~>q<GzLX4*C`gC1<6aL`Q|0_s`H-+DH4fT~~3haB4yzJC5&A^;F&XZ#gq
zd!B?={?5eeHC>S+u`-6DI<tAV^Zv(%7Pu{FG(!Mb;As0~cVIjpu7G3}Rb%fM+KkE}
ztiE&E1L>Ix;#Pqd8DN7;pVm4o9lAJtNnoX0e7th!Pn3fL0{Sv=5y2pVNL=HQ>R&ZB
z2~A)1A}*JIZQ$UdgV3WhUlu1HO7~m`w_$W7Z)a~;20q=|f8qc!Naiq+%>|IoM`N_O
zZ9$7=<4@R2>H84QW*k117Q&sEE!$?OB?(piwBCC3HuG}t#h5Uc(%Y#fac^HI<}%hs
zkpy>WveNx)OOA8zBYmunicJB#zNW3Mnmds#S)C}*e)u0Zh{GnlQ_7aVli9klU);1;
zO&9L8{0!JAgrYef7gWkLSz#eNnWJfGs2s7}P&<d-z_ugnrC{Mk0};mbwjSBLb>tzW
z3G4z&J?CAvY8>F5AK|{f{i|x#KtNZa+#F=Rd(rIF-OCBz+V@+3^3XXsM5xwc?2km!
zHxff5q_A?D5JKTQJ~<nR!yq;%3z8Wtod!zi$iGV{9DI5sxz%<-aZqA>oMx;QEV-3#
zJ*fffm0$CI_5K;zk*#j_+YlH)|MX*eZ+re%8#ad3e}5F?nE<b)1sEs%lq!sm!CkEb
zrszL?@|u6*0SRU+NXC%VPJjjtlpQvhR|#l*c@=KB_|d5JrqD#VF~$2VY^b(R--UMk
zUV$@67@(Hug)v3z_VQ?#9h&A>g!X^-e;1qo9_5A)r+8jXa@MFbLH4b1ymx)x9g)>H
z$3UsGVcoz;iN*9=Dgp@r@|X(<U&;VU$^0pg(J1J;X5;mTi?Gg;MBI2t!hJyKzQp3K
zLXjlC$4p&T=xFHE*YKB-XOnAi+yl*x*NqLvktg^&?Q_vIAs5am&F$Zx#ibV(23GhI
zXJAl``?VT`R+|!BI<GX?Zn4XY4B0bA!f3DdJANxJ>|ViD*Kj6<w^DNeg65pP$d#te
zIrV9QZt<l$S}#Q;6itu}HpHLeW*|)EVEMCM(%Wm*LLZkWj}*w+p}C1k6pC%vK}`2{
z{J}$MD`PF8(Jm}=@q5vYzCfbfyP*QS3@p$&OurtcdX_TAuOZ!<l)~{pz+|%oZ=HKs
z1KRQFH!2fxc(J$3$k*X#Yh-`p7a}u}pwU4k@!s8B+~&HjB2mHJ>Ss3J0Z|E(>moPs
z_A{PHRReL53?aEyfXLRxtSuVYnfE>CDLF9-iM7rq;^`*by~me4F?vowdjqE{M&Kw0
z;aG|WbP8|{s2m#5OxddpK{EUV_g;%9^|l_^_A*ZGh4X!4LOH?9ESnn@ec@9GfrQf#
z@72_(TZ8@lYvBL-Ru%cK_-zJD-?%u^e^2?61UOZV9eqoNOZObR-%Je++Kr2|L(ii`
zAn_Q%440@L>UCTN(>E}k+{Lr_XyAf62+`?4cW0eN%@wBUrFg4$byQ;^%q!aQM@1E&
zy4PJ#Z(v|93a->QVK5ICZTB{X?`5d`soUtf?Uv4Lfkw^_B)Dzhd+-az@}Px-YbYVh
zT?7QZI!sJl?cU+ijA~2GK-tK4=ePt<bO{N$VLJFF<gc_Z{|(Jnp!uMKOqH_*K1epQ
z7yrraEJ@+gVeXQ&99}%TEVBB~k|DhCK_#6*bwQ&M`VVQ=@TAU+ewK_$_R}en#|5EX
zd`@kkXYBW*<Ha?m63u{UVVmeZ^r4^MWuZl0fa~aS3D^7)+`p3MR|%2cs;IwC7N^=c
z#6)bVfS#BJKHZm>{GpayAbER8io}B@yQ9lW;Ru~WNeXN%<Rh{V`g5msim`kwWJ|$o
z%@Z{00XSQDChQ^qbWNDc1n)}*t;uHBD8yd>4_+CEjlH{F6eF=Z&Zr5Gp5MCPQ9tI#
z4yN}NCpq>fG{2x7`0!=@A><V7&h}|uguZ=s|Hi}3oh#3q&z1Ksh=(T0C8R!K1)US%
z7u$!R10nuycX|m(;>A$ea_!#MCF6VW9@mC<1Wpr_6zk@cl!(!CqOM!v0zO2lgR~`y
zHY_u>A5Qn7A=^?Q*Oj-6<UGwN5vQS?H#eQdoVYvde{@f_b8Q~3z}7aFRkqNN&-|RP
zo(YmcQa-PO;omRe)f&X{Zht_087UrVJWX)N-;RkQwzHsy<fFYMP^(+i4=mTF_yC`t
zBynIsCI$d8LM;C}vCZ?rEmy*uTe>w)6S;7@c@iuDJ7D=sjar2Ql~xoj1HLdc`mck+
z1Zr4hcyFdWkY&RF-+v>PxZ4Km%(#-F;otV^tuOqtI?;Wj?cwI{edgL0azgM-Z?6T{
z7wwL@u@h{%K6xzPC)tV4vW)G|)}fXqIZE9T;x!-v8;6VP))-IYxNJEq8V-o5XnkoF
zj_7ycN$UpuI9uo&5<&#d6GKA-kKFz3NBAGeGo&O%g?!{(x}}PrO0Rp52pExWeHK?1
z4Bnwn6062eP2~IS8YHyU%OZzGO&(b)tK)ht6#3W4Y+S~KMnmYW0BgfX8zh5Flm0*U
zUrW&N=~xo`21Zf8a#a9JH8e|TlzjL|pMpXZlgPo`SfHOA2GE<{fUZdw3y&TQ+uwF_
z<%0D7=o{6hVg9ssRU|eek{Qk&+umAxuF%Kwp;^As2a>*<FkbATZ-ca!kKcNCtAO<H
z9n?H~6kNmn@uTNLVoaEHe}#<ed0)1Io!zgD`LClavZ<UkTojeaL;kF_Kc{}TK=ZAB
z*Fd#(zI@kLwxIAgVFsEoHvJf|897;q0_w>EVu`X@J={LjIx7C5BPRn|FjYZ*AOrYr
z@TLwN)_)|@AwjWEVCo-!j8q^KAY0rHXewr<yuOl0o10}4oXdfubKW;{kUAnXkCG;r
z2mHLMDJ{jfjK4LCis86D*C+;%<#x?0FJMQtQ^h(K%ClGFq}WLucZcRSC@^J_x$Io(
zH@lb|0t2BX(Vf=x^Aq0UVOGLMi#Owm*;cV7rbsxcInSsxUqI~VrFzbn@F*#HmmZM$
zPL0A#Qr!0@{+$m%2npZTQNL{UNJ9JkbeFUD_^nL06DHQz!Ss4%_w3D|yrIFOBDwg@
zeHMz5O(8V+r0{Rj`B8_n^vjTQ=hjMG5H8*7y>eN-2J|&!&xHm28mz~@juaHv{<(K+
zun?pCdO6uh3mL~nwJ6`zSbAP)7Ksc-l)IH1<B`M6!Px*gxoTCz{h&-bOm`CuD-k;V
z7pY2$&ccF5j=T21&QW&2P-nYF9eC^iol>L{pI?kgX0)4s853aiE;oTtW;jTtuu+U%
zH<A)M*6;=9&QAx5aCiwM4Jk4Q3beiFO9JMeBR@|Wxc0Bl88?E&RkSBdLhwE*I}i9z
zPu{<%v)yKf_l)v{OaA(Wre{<*YSCgi=C^r^`3WGv(aEaZ8UmZ6XgO>2@8%fwlXm8a
z>@I}REhNa$t~!K}*w1x!=*L}y5vphRuSUA?p+H0C`Ie$t)N0R`kp?$QX;_?);Nxi+
zQ03A=XlpTl;1uRCN9jV<NoAZe>auzZ!}@=aJI8nU(5H|OFj@JOusk7^ThV~3ItbD%
z!_&Igfd#s9^Gu9hiej|n$A5Od6~Wyn^<Pn4d;p(AZ_**HukXz{b)bQD5b520kRpL=
zO;08Na_3o=;ym~e=O#LoHn<FPsA@NO+?7S8_>0$kER2|vVUSpVg+LoF+zdCRz=IFr
zU|j=@wimFeKQfj`dk~b=7nxrY%soBZwhRJ3Ih`R;WB&^{yg6yP-paJJP`YtW_W6^4
zr6ik--`_5=-FuQcul|Jj%>TV){7{rnclO}=4&SK_YU1FIoSfp6%JFItZAH9a=cDT5
zmrUK}FA6AFW=le$Zm{dtYr#SYS11Kvrj(!z`pWKfSF!hVL<Ak;e<=Tn`Yb*u-h~p|
z5*+t$ARqe|$e-f-f29dV<;a8nXHx@Y(!c1uO64p&S9{+b>%G=l3Mz+-IB=)zVE$|Y
zo}HsKg=*O&_eLKlZ;#t?zG~2xl{~K(AHf7j#=xmW?_Ep`chHKQe1D{#6s4Od_lB1|
z{;9<0UQi-y1h$i4o^C8V4{43P9(h0?y8Q2Pc!+9jrNJfpMVS_6*~r>Nx<kK%&d6L@
z7&WbVTN(bp=~fXaPX9uas2mSY>sM~gjJLPvb~O8QqQ&#hGY3wLhyI)J;WQ%Anp8mM
zrR=AiyL_VCE}+H~g7WGxB)~XoC+B)reXP%+(jEOn-Lc!NpIyd)3{KCHfcM$Gi{YjN
zItn&k6_-Qa7@HWU@x+>k&+@RLe#bTx*QU6yJU-Z;zorNl9%3oqOe!z~HUT(=Uecyo
zjySd%-2-@(rR@K9oNJ0G%p-^XufbYfda?FL{(to4fRkYU-(8_lP~nk@%0Y3y)K_%<
zxOQr^JAbDXMCNEem75G=T|Jh^t*S!ia^iU3_@Xl-5YO`4r!^KMWy|i;0)Mw-!+(%{
zrS^Ew6Wqaw?z1}fU9k^~k%Rgjju|XIA5oxX?nQ~#Bo>ZsztQY19DZjiOKf_3B(jk%
zT|i9qF-2@Nfci2_k9#=kz+$a@u)z3*0#-1IrZPbASB~Q6Eqv#jccJr6f|MRTB^fv3
z@q^b2y$cZGr)WQP2lzn=xyFtuuqm{=`*C(uLe*+`FA){?-6&lM0o?E!3G{uLQ+?va
zB7!bYv)4APsC%+Hg862j^lx#dYusn=Qdu`JKEEhce%k0OOvrU~`c;=bHh>CzVX@Cs
zCEGKKP?4IIeYqJn(uaSCkpI1K4g|o#x&y(bgt<H%9uJw7I3xVPDF(CYP@7*l@|hET
z#NH8(e2}c9I;40tVxO<t*1lI@7#AN$?2WLqfLg_hI}w6UM=Y07L{rhM4s$z*G6S&a
z@{AEPIG?g>;o)7zyjr=o)`0_B8UMhaYeZsbj`xIr5pvBx5Hjz~iRFuTc{j{7zLOh?
zZnf*ok%7ys5&tLHOa}Ghz8@|3LGG`Sw#R?q5JTU0FU-%H`C36{%~ZM0Y?M@s$dj#5
zGJ(Km1%|DInEo?_9Bo!8;kU10Kks+aPrxpho<XZ0MDBJwFGTaXsScEcy+Mcbg(dQ{
z<K08l{OgmiQ|;osRt~D|065d|Ds=hp<$;DcA_ZpC&KKkQ!0{m%%>aWSJ?u8YW?ff#
zgqK|t#|c@mdM=o$K?h9?3>`XXbijC5dn2DnYD#K&1LkNYA4zf=ELtPdUv0ia#V8In
zGk|R<+X_+8i6}car>o~&=}GY<?Doehq_KMWxmX3~R*Cx|-N=ch#H-cq=ie0q9P|DQ
zQxhKC-jMLipcB;4GNUnIw_)xb=Cs4ZzO1H}^q10l3CqIBhUg+VCKDq5vBY5cv$xbD
z>cqC&<(~j$!zDH}Pu+OD8-0D6vc?)EILK!ePgp`XL6hwBX7mIRb-=3NKCjK~3WKov
zhNyS)0C{>^<(BK?8kNrefk4+LoxJvQ8%5{sKp#b4;Oj4(4+dAiCWfQ`ncrOe03_nV
zBnkXW(Pw;=K1InekTd=)PmbGZsA!2Bp28^Z(bJxa5t9+wgOQ|-hEqM%l&=uc(u#^6
zOE4{+E2=>0<$DgnzwCy?pB00<P)c>EX0Jj%ezSBzb#f2{I~l&uyoYTQM46_t?eH1@
z;y|7;k!JThO2pq1ATc~=O%}P5u;d8$H=^OxOF4$ni2c!d|4_0qpbaRp6@{)2NZ}O0
zs!9wF$m!`E4xappV=Hpj`MAlWP(3d<*IV{w->DWE{!zRuGB9S_4faY6>U}ST{uS|C
z+G{MV8#c}C(&%STqqafOp&X+Xn{%pDh`WGOpr0CO)1gIm`i#4hbs8K_6fKrMHg5XS
z1*noNK?kZp1KEZ;4D<i3R8;qW`vEW6b6&RX|0}-g?QNlVt-3<p5Q1b<ia+RkaiZXV
z!HXt|>|?G|GUxy|pyE4qkDj|_bfHIzv#<1IaJrJA+npP;rSa~@2-}3fF{a;&>(5rf
zrmhTOBza{pzqPj?vYyH5;9^_%fj3KzEpezdfI#2;M)8ljd9^afZoArHZDn<Q`to!q
zVcy*QeKIeNK}e06ux-85(>1<d(t*)>u3`a$J97-URNZIEc5!)HPC%zuYHvoPc%ERf
z)pgI{buLc~f%A0%xZIVoA|JTt+WKq_1ll?Sy~S*uji#|%9srkvSIzVEAFp;A@qm<8
z8Eqez!({}2D6dTNFdu6~b%n0gtxtcvDUw1O9$0;~iGeXZJA$CRNhkC$qYRz*=5KA{
zxH=yuI3WJNId&qW3e--gr7%n+yEEAwz}=zyy?o~ByAW#s0+mFEu^TP4#86pdv7x5U
z;t11qfAe;%1Mj9Zfc?5hVcvE|`$QqHnhRH#R3L=vRuYzz16fB#1xFQmOp_BpoI^}Z
z+)h`A0BJ6~04)TuU>qup({?74u<X9J%x0~*sQ8^0X0KyU&Ef3N&!4_y%gcWR_A&}f
zG>QTHy`h=$$MiVt$dVu}v%JkSFSgbrbiVAzDG5Iej>1^#`Cn-3aCXpKkoXWW?<D-l
z<i}9ujoZ+(IjDCk)H--t;p}<`2S1Hm6*WjwcdcfG(GRf{(1$$7o8*C+2JvnzshGV*
zAYERvAShu2ax=9j>MJpfVQLu`q~oVVpS`GH5bg?u8Bo6+?S!alec9;NJ4o%Is1*$O
zMGlFvW+yi8GA7sOu^A)-Z&u1%9gU70t;Q$<&1Ikzvd%A3HhXyMEjWNhe2tYUduMq&
zAsN>8!mWULgdXrgv^#!cLf)LUL$}kz#i#34DnM`wJpmo6E*vM%rkGF;+Mq-7z&1co
z@_R{>8Hdo-Cz4*OOa|pb#Znr0Q5WfgU1^Wb)tNjoN;S%%3eP-AXHjBTC+-tC+J+xw
zG*-XRFI0u(F}mp}CEt+<Ja0MMrulI99|-m^l)_Nu_@O=s1xJdr9;(|SK%3Ee<4kVb
zOXZmTBA520f<fi*xsh&1lggg_9za5dF;<nFLUvLm64r(n+#K4eVR51$tlCt0sraU-
z^b2c8Xnl(1+f~IE{Q%n)gWv&SFX(>JZaYGz6{voEmPfS1tGxgDEZzV4O8$_jsQB;P
z#RM1LQE`o1OxD=<7Ima!QCeA<mhjq2Qx=D(o-6UnJ}0Q;$S_l;)>J<i)~9=eqWf;z
zr+N&iu%Jb_zvRabiamOL=0#|8{3*}bByl3`^6O8Ydab}mODA)tG`c+*J@XCXo#HRf
zqkeK~l*A0B>wG11H%a#{HEQn7_HzQV;6%IRk*h_jjS06K7EvIQOyF!Dlw>@v_euKu
z``IwX6w_gTv-LfzsjGw8wZ>DQS57BN0uzRR<5Q*`7?P3!y&u6(osggscC$aEFB$Lp
z!USXXoffH&btNT#;Y%wB`JGF9m}(|%4aE+XE7Q38|FVggSyrr`*E^le54F159gP<#
zlP=UnkjAIB6GZ(k;-@@&AlzQ#`A12DLFpKWnj$>!!dP8hU6!j(hEIQfu{vOtZVDTd
z?yGi>FyLbkoiZgBRdM6pU%M$g+L-Ip^??)xHg~FviOd38$g6%TuVi#!w&yn%g1<0O
zlXZ0JHkv(Vwp+T@tF(UaxNT#4y^Y=28Gno_QK|Nj?L_d^6&Ls5PHTj(yV!T<eNl}i
zhODp}g-<seecr;(Lo1GlP+!d;lIUk6cIJsA{2(7FCgKxY_3ZKR0<=K**&T3pPwTe|
zf`$wDWE;0VCxJ^68*6i3-sd+L71by`gm#D!8G2Ab5^zs{0CQmX-*22pz^;6Ma@j%c
z&E6XZUyg1^yQrMw-Limz|IG5PHk_gZ#6`$S8a;&^nAz#~<*Y4VMg-Q_IKu6q9@n_=
zC)%<g^$!+VX$YQ}V#C`Q%&_+#c88}6iU^WpuX`SN#J@dLL!i~dG#}_o)Jf$*8Wz2z
zt3IDMaT#3MMMcmlWX+4ihYpsfkU(bCP>b08{&A>UDQvMw8+=BMl@4WBe~<<j#{<cv
zP(E)%SMr-i<(Hd(oD^x{5;Q3r!Yn}rilDK<AGjb%VM%B~6cc09D1(hD%_ggZ1N}2x
z84`wfpZlo##XUM-HPbl`i3^3BWXgHeKkM-bhiPKSQoEp`lELU=3#NR(S!}Jy5HEC3
zhg72O@e$Onm_A?t&lM|?pn%TiHR6VM!$>V^30|JJi2bPiD#kHojNa>5F!`Zh@pkHF
zKh#jy1?eD6nEni3)KnF>qaMMXY*|oLm({VOMuNUX|9@P)Q+Qob+b$ftF&f*pjmBwg
zte8#G*tTukP8!>`Z5s{u>id1~zW#ro%%gR%<{V=@xbX~*#rLzkVExVw5D$*V$R>7L
zIpvLM(*)Sf^yeY?USXv!9IFrV2A_epK|!PGG<v(ok#9B6rLXsilp3qe($H4`Wt?Kg
z&}dW?j<jRn0YVT5|EQ;TR=pl0vKaBZH#d}>m(@TB`W{Pe0lXZrJ=+5fxE7>egc|~I
zJ|;Wo0W~pZ=3XOwAkW0UUIlxd<PLqsu3Y@BN}08Fy<NaV{^iY$wy#D;H2L%9en3+y
z_l*T4tjyH2i5`2AAF`w9cW?zO@3A$CH1(@DS_JKLq-#MEsYJ&flt=qUXGtRhN(E9e
z5p#l}2-3549|Zw$r70(+Sd}iaE+Q;J!zs;r2d&c3I0pO6W|R)yY!dCvJKV8JdSEkH
zAX+j@)ymkwVNN_jF4z<R7oBM!IU#5C#FLeMcau~H&YWdbQ;-n=iJQ9K*i(;(lUZ~p
zD<>~1<8`OkfF>J0N6Ap>2C!TVSmN%8L_|y~H+2t551}F@Zg??gxk5+QJT?-3Wexki
zK#n%i5JY*30&d|#(;uCBjFt=O^9!=Wfx$t+^`F6|BBn~=Y9Oo9VQx)&H41bvT0Gyw
zsnUFC8-xV%5*_Pbv&LYrz+Im=Wt?h!<K^f)GfGm-*ehJ7`-`b9OLJ-zDcXsZU<H#|
z<snXL$F{{8yfk#ZyH{Y)4*<&36e+TLKhoc$IS2oG9`3O}Tt5gL)#OB(R%IM<9c{!!
z_MS6#MNMNW__sOO5rkyzoisV!)Fo3AZS)tfIDEN65@ysgXM!7=3F;MeU;^{${|(&#
z(ra!ZjB5;Z;vkU?FvTeqj<*Q_<2EwGbjDmppAxf`1B)?-u%;MX?S7wtJj7Y>Q|ik2
zho27ngpmY#?^EB31hOHj>`V@4u8kM@JO3fF_>n5O6yrL5L(&NutJ;N3Z*MnCY^*$a
zAEggNreaOoPFCzN5{}{$RCZMk8V5N<+y9edlff5hl8PBYbrFU1BCk?~0|j_CdmoqT
zFV`&A#vnT?7cD56l_<yxKm02zC(3?A<4M6-;Lc@^j7Df>Ir}wvo-bADCQ64eCd8u-
zWea%mh!(h=ilz=kMAiaK7Hk&iiH4bw<Fhj}+2RkIEoSqBDjEvL>8h@FpeG!Dpyj8@
z31bBZ2X7^um9htbLZJL?nA7_^yVdE@(2s?|M{<PW;G$6!EJlHthknF*JH>h=u7(5K
z7m8>3LkKbOtO*~kbh4{+b-C(6+$y0YSS-5qr9rXKR^xgUrZwAsU+?4iDSxC3-2q!b
z_rF>Ia0k5sf8U_mv^s~Mg3ul*7K@(eYLCyQ$+%~9&=gjsEayRcKA-n5nvtI8Mics9
z<o;TmqiRBN-%}#1<vex@rX_YB1$6J@(g&Aq6;pMyJysH10fLx-{=QsspUmlo;)(V#
z-2Y!S^>6hLNP75e-n$rB__Qt-i$c4*oYk^EPtmv?4>3XIS5{=@+_n<4J9r4Xv!^Dw
zyR3_Qu&)2){Zb{rF!n8J0QunopV5CeSF6Lm9$maU@U1|l#6cMv!H1j^C&Xzb$5yT{
z&LM5?O0fdxx1-lA%45ZPzr1jv`TA)Z3F^F<ahl)d@LVl3-8a*WL=GG9OD5Y=msa+h
zi)dik5Xh<m4CTV2?e6;&@1CB>1m0N7wz_?S%hUPJQ9R~zrS#=0)hZ%vu8({Fj{hFX
z<3rNCIoqQc>j%GnI`j~?F=!$R*9H9O6FNw{OS;Gyv$9?0WC=oWwXkrsMfDXRajtl&
z4%NWjTY)55fs%m&5Pf%5bxX@z;zM81w~ZZKIYT3Jt#6hqhFHC05}#m&t^!9nJc0)n
zS@Z5Spss*TcG%R8*%$nHb#u90j1pT0=~m5GJq%xA#`K-(Wic)kA!cC49(<<Rh?a|+
z7qIBxq|t56>b>$wf5r(*R~I5DqJ@x;cJ+>d?c?!qP%ZOth;duesUIW0LRJl`<m0s#
zGW9n7-@595s^6PN(wz-#JD-*rMV+mA*)}Y$(ivoI1zxaekuPq55o^SuoAPT^+Uy^U
zEZp=+6pn`1KL!3VczGqPOkYAYP>oIlg?a>kP~w7Gx}uX{uqZCBQ-3j>R5{0W*!+^f
zRUFkuEb=#azGai$jD@IhkW<yi?mD{;v-F0W0G8GmuWYjJi`bLr+y>jH2-X6bPziE@
zY>Y10&aw}Fo%J)G6Ni8-JK(xC{LEe+0v9b1vi9T?csEDi@@R);vzZb>)=VTNO|A_0
z(@%mud9rLlCF!fcf(C9fbm*dzdIZG^_I06CT8={5bP$#)1C~n8jLB%kC;1#D8kTDe
z%#;Ka<n^#fggMJ5dxgVL_!GwpHDXo##J+EF;mM3ba42A2x+U|MwbWC!>GHk`a;A6h
zZNXT@q3D|?fweZDv|zmqmY9#oBOWB=HOKC&M0{hRZIj6og@UxM{Jr)o$Q+zL8Bn0g
z<N2(&b+D;|haM+SfrpCQo!7MA*^OMw*xXoONq&jz8xFC0SuPj386qT0gX_RD(D$oc
zA4AFCRP(E7dUA>FTzP;T>e&wtN2VP7fBTjm6e=``P}I^!mN(?X0D9nOlKshOQv^(z
z!i~U`+09D{mC|>AM8uKmD;w8G&x;gQQQ&Jr=$>cl3nueSw)^H)77Gs%?cDP;>V4yw
z1o%orkk!cY<@Vyw{dM76>dG4ILm08nY&v2hL>R>i<>DwT9UPjiKSV@4xF_F#w^(au
z{?tlsUwE$SX}oe1#+b;_YA3xeDI-isX)O(7=%$DJHzYYJDabxSpf^!r%QwS;3}PP#
z1Uom-trXkty%E8xxoN;<djb+*57wH9{jaoQHP0#C%grVFp^nu;g?o(yC!KtXXc3}y
zKPj8VqsoQn><C_DsE*7cRWe`C$I0=T7KG>r0SP&(tD|F1?Y=kS@9!TtU!u^k4>foy
zT6d#brZSBN<8u_NM%PD$a(@2!I<5u@tj=J-BmtW+gEvjz7}BB=>FUZvSN&jzwnJ6!
zq~inKR$;)>v@B*jr^6Sq^-8HA?%Y>EjLXRf=^*_EGNnq?G&Ytqr^)~LoV#;P<+S-G
z9;iTYR7MRka?r4UL{<U{zfoF`P3<w#C&+?1wP(_Jlct&Zy|GpW4}581q7VD+_gwnc
zfPdocOoRUK!&PY-bUVz~YaeXej2oc*zWh$95s${fv6FHvcbe5*0yvtMV#26f93TMS
zT;~E<bE+GsQ3-6vhIW>)&N2?blD4-Jlj{!9vKqz48%o%Dkr#KLgL**rc3h4sl{R2H
zCB4+=K!3kwb&><Nt#QPMoz$`{a_HL~$9{;DcsaSSSQQq)0|Q^&2cLA@1Xw?h%4q4+
zTY+ZGA#>#^BCT!ahZrCh5C^Uwov}Y?J~!m^6}iz62}V~|JM6eRo&Rd0e~iQw6|r=O
zyEm|ry|-QqlrAclA<}8Qt<EDdP6IYRhP;MJ(&Sj;b?(6KXfZ$5z|9m74=)`}+8ssM
z{D<%dOeieTS7>52iumeOZSBWyjBjzSQkf+(%{j;nXPD3#m|cD@Z0<p+(5;c7<=!lC
zi3Jxtic~Aqx}=L(VwHOJa~I^v@+Dzfi{?+GE!fhZ^24scM=7+Z2Ivwh?`8|2Ni_6T
zX(n+Y919l5C5enD*PyVv##s{fLEKWcX_8RzYF>23a5FqPV?aO|EdzwS`--jktUtev
zw1&v77QAZ&%8d~aeNuK2-xhL^xwd<XCfbJH9V7W5-W-Gc@8iG=(e(*Zrww=vFMI?N
zRpB#h-K2paBI%$RE?V8QibP!VP9fP#ehu{6Ld%ce>7la~Xtn0PC5Z{9ho9(l>nS90
z0(6v<d(Zr{ZQ1;Y`Xhm#*9fxS<Dz2<_v>Yjo^2Guccs*_#w@w&wWJcAM|x__n(6Mq
z?IOZ9P75Ga3a{$69^Uleym=m!F~98~Emw~jxV%w$IF-m#DJEs51?RLKMbY3zUC4x*
zMUQB7<c-Wy1=s7UQXIW!dheXibJT}|_GssmY_eF#ln%-dJmJ^)*!X)d85%R~P@q^a
zbYqvIq`}A92b*DLN^_4u#>MrgO*U44I;DUjLFCh4ulvi>{)cXj9zU=Cw(l~eKf6ky
z|G{P~=k+&baadvsI9VBa`S;g{(|I>txqJ4ddJ{=;505*1(6(^Y7Q=5ZY05v{GhzMh
zrj04G`uh++btQcuqoi38!2U|GMf^Sz85l!3q9lzK=gD$TlrD155z;WfY#@Tk*JN`$
zeS8&b(%J+|!~-*kDmR8A-mbQ=bIZni2<=4>1f!}Vo`E|7PlBIO(?Fl~16KJ>r6S|}
zk}FK@v3!<yUrBtw;QsugH*@%UdbIOg@W3;r%O*Q4(R{q*F)lO_I?WC23_uk_HsDCx
zJ-P5*eyhFliwDKf_7VO7-YiVc5gbC}O4mnW!5aJLZ(f_*{~}6jFtu|2a%*flf6{_>
zjxT4+OinWk-+#%l=vn8A{oMQ!il{jj@b=LG+MOjiT=KC&oN`+WQ-r{%J`7CGeCIHK
zo<TO;(Yd6r0QV|DPn@-NaaqSNY3+7b!QRMQ!NL8FNs{M^olA<H{pHPEw=H5bM|&w#
zS<M8HP4NJeACVxFR_lOO7~7HhZJ+O&1s}Bd4J{Nh#tMKwSG>vlr_`5XUL8CFXURW0
zmEiw?4V<z5H3Ku#2~$>*f&#_fZKP+TeJ1-o%J00zA&D^-%LMom9WF>E)5dv<AI7P&
zqjpa6;6>QEY_P0dPrjW2zRUsD#O#xxIgI6DSNOL1QXdE#QNP7(qM(UVb8*<9Sa^BG
zvJm=PJ8_BlYPYpnm^3#Eco-Xp7T2F=%AXBZ+S^E;?o6!zTGC}#D0Ui;jceKf|5XDl
zb>|g~WzrFY5cpl0Z2V|YIW!W1th<J?u(0s2U)5J3rINTuuBGU@Vg4|~RP1GNut^dN
zy=T?PBbXp}V4*qCjc6ib$ZOPWY>qx%8FbeZP&DEE@FboP*w{sjmRRMg>4PAXw=`oE
z)|rtK1vObBZlJymg()KF5cSd(^N17jv_F152E?zZ<Ncy6Aq+(qATgMBC9@KQ@TUtk
z3>k|k_<q`7WDKJLlTo%FtOj4X<XWE6;3MeK9&c+tC@~C}8i4%H0RW*<tMGl+|AJ|$
z2_ogEzaGUwVsx?QY11OHm!<)>P=zo89iK)h9Fdh$8xMAe9T30{>Ly2Y=iEu^MLZ|C
zb`bRE$bCE_FH(t-wgwJn)KhSR=xku%=d`S>ew=UF2Y;@mWllhWyBOIDKLtZH80xdS
z_)41pI40J+&((Lu=c@LTg*njfsYk|N?579E6FI1}^?s<A`Xig6RMGwm2q;g^WJt{O
zZnEf41k=9Gd4eMT1akWJYsMyUmMu(`5fu%&zv-qrLS(LnU}fm|4Adf39)@8Bkh8=2
zlj4bb&VK`e)Gr>eD}GRkHFTmn^<<LIr8P~b*CK`Y<+njxItE}~uM;lkvz8XL-Xqzc
z{Ql%ccQsV|^F1h{0bDp{N&fpweMDp0q)6drt1ZwdO@+cCyMYI>P@X&DCYahyF9jEn
zoJu1dC=XCtR1Xdk?flsraT&&s0SrW_^2%-+xX^vkM5OE(+l*hR5l58+(1eIX)$}=j
z;m383i{uDiHBhAh+)#sHS;@f9K<r+|0nyy&*ffh6Wp(J@X(#&fzk~Y&ty-me<glj7
zG+-U9z^VF(*TM33Pq*UT`q9!)gk3ji*4k5u(<#-dkrXP{D`2B#*xzg4&>?6<S0Vv3
zpIp#-+1W+wD`-nYuo;wmpeD<Fu!<p`l;Mu%pbnYE^C4}RNwmR1LJq$jyX2`Kr<TQ!
z)`^N@3<&5U<H$i)%jT`xH60F(mw^*UOk*|CQx0nSvvuRu5fZ@oTw#czMAb|$3x33G
z)jf$<skH=4_Q8?Ff2Sr@x~JvI`lS#m?GW$ZWl;44$neLd>8<x}-9|fES9%G@+Q2O0
zds6D>6j?5jA+-d*22oua&rg~{jKXwgi=S$%c1IW%BBjKW8W39-U*qsafhbq}h0Jf$
z?~JdY7YQ)OBu65^9!Jy&k59!3C>>Y_0_pvN=^IXAUFfO~s;fYZJU9dFA9$V)^WxMB
z?tI4L>0zRBH~F^TdW5_C2L;eqhJitFHp*h62_~SO77FXN!R$~PvM{*K_<iPgEP5~o
zVdr763lC3$1wJpj%9G;I01UhYgp<vFXqNt8jP|pIL)g?h5|pM2s+;K{>A~vZy=HY!
za=a=WnmSuO2H^!W352B!nZaP}F4u}q<+?|V76ZU#GJ5y><+N5-XqXJDovS^_8e4O$
zO=QpQg{$_f%SKoEjpJdYoc(cB%094=4i6JT35+Tfjysk1Tq{IZ#$|lEChdX6#hn=M
zFLtz--Pw=>7tp|qVGA%pDrYL&WgM>bCb)4(kpj%%U4}Z=4&$uOn&(SS=hr5n6`G~a
z{xW34Ll-B!0<g`#&Thd}rgJ)~*uQ>2jQ?w3c2Yu`?Dwy9FE(D;A$Yl~b=Uz{Sp2!@
z>V~s1ST|=CIl1-AE+Z4tL7lohRC0rQHc(*a;iUw~@CAM%=qAXaK__e(hq0rRlJbg@
zfSGt!9h8~GT=DBqa{)&%S#0V*Y&OV4k$-pUV(;x7#LqD&?awAO@!)yM+@LfEjXCz`
zTLp8a6R>98mXv-bz|yWk8}`3qAR9w=SByh|Mx8GQq_ki;0)F&3CaRRHl=@118*`op
zmZ0QWMR(fWK*C|_(;M{br!+14%s4vSta{C|w!G(>B+^6dVEMiebkSsG3Vk6IsmKYN
zkk0rN?^tOiY|<|8EZtIl6RC6=N+8Q-*wQO;FLAGmFUNX=M4R<(b}uCJ_`6iF;!{dM
zfF>x)W*E@~RICS!DqJfC-oLGzc1sD2^KhK%F&>HG0?jqhfjb1Du~Hz0BV!k_ad9YD
zXM336dg?6<cLSQu(6}&G&BEwV1NEucyH!Kge-c=KcWY>c4usDTE&&%euB7dDR+RTp
z`wr;W%eU5dC-`#EvgB#5-iYRWbqOd)ctpS1KW_lhl=S*XRm|o2a6`V8T`v`xq#kKH
z^gwL4^@o2IXVivytnfXuPD2AbFI))8bM5#&4_=xAe-}N}?Z+ZsrTA5c3fkOXs*qE9
z<01h#&T}#Mp&DrKd?ws_+!rBlMcNV&YRU&XxZHvS@EnvzQ!omVr-O*&8il#_OCA#q
z1x&Vx5+sFYN|}Gmg`UHnZ?DFuH2Ar{cGLas*Bt1;zur<iu{6otT})owHHO9=S?n99
zKc-Bw>8B9E3{fZlcuxl=2ap!Aq%5fiRwNJs9-kh7gZ6TQ>Gfao+s72|f&or&@%}?j
zS6Y}fuOqvM6hu5*bWPJ8v8m{bzW^^LrgemgZo`U+i>VXnEhKWObu3aO*#cLW!JxWX
zii`RTZfHT<oKnmu_v_-`S(Sp~s}idk49jExDwanWroN#9v)%rkKsmP@Lm<X8@zV|H
z^p5ULokTxJDgx|Q8=q$75djKihl>%vZ_HvFr3{mjD2jy)NiS4eyFnXY<9=<7_I)~}
zx$bh47k6GpV_TsiJ5$346;%VW*Y?}m^Y7t{e0qww_8Ek+fz<&BpITE#Wz=Q6^WMg)
zD$z}Up&~XB8%~1hFkm8NG7s51qyZe>4-<UGbpy_2V6;Kt<o1p}6+V>2oP*W?bG56=
z*UCkArZ55TW9d4;K?oz2We(ZllX2V`JK+NS^|qyk*!q<7MBsT?1jVFVEHYU3z2T5D
zQxGM1=b4fy*IASrJeXY9pPVeOpoK6KoQ9O10*-duI-(g|FxX|X4S5Buv2c9ELLFUv
zgWntE`1x8QNJ7|rrit^w*;$D@u1MS9ixl%X@L&W6FH;aBt7IY|AOU{hg1HugxRMSR
z9sb_=>kN`=nsBIVQ(HqI231QEFrB9qO{q@Nc_2-Q1)3zSs!mitpEw8ICj%=6!>O#y
z55)K_D+I~Nj4REH^);owpRS6Gx*!k0{vEH!<NWOUM58LiyKNP`gI&#=KXhG1ZsIwB
zqAFi)Ob{YI&s`>bVeKwa$l$QyL;rnf;k!0O$c8OfI2A{_hI`R9HzlBkE<T>0i%gBe
zd-nMH6Bh})T&b)B*7(^0t3oB6-=eTk9kV|8qDbXJ583|lPwKsUOpws3$I83g1%kvA
zP6+w>vCLoVF%=*PTzn%9&$Xw*62YKy5&RvHaMN(OzDcuW>+!kj4>BCEKJ4S@r2&hp
z4c6aAQ2AW_p@Z_u3Wbn~5m8-*f4i&-eznz-ImOe;2g10})c-;r_VU{XmBF?&^n?p-
zh+aOC&)PZ&1x)|jbI;55{_SC#ahY`%4IGdOQu>I3o+q=-DQ>zXV=*;WP(Q76deEVG
zosR5Jy6Nan6}Z?9xBcNJ;P^2_k*-)U%pc}iKUQ7idE31dZBQsasD3S-Lh7QHJVG)W
zV4{lZ?0p)dK6Dt**KE}K>L4!rPK=TvI)7uS{Ub1YD)FJk#yaL&!XqC*4`0&dsttGa
zl}Y#5DFMmN)8aUA0k{f{WZiG&yw1~O4-#9!6R_$%d#lqs+1x_8Vhq802{pT9*iMUw
z7EB1+>;HSJq%DiH*qG3f+16N(H^b#L>MJ#lYJXuXgM0CM0U*%mqQ%Im8RIrcoZre-
z&t$gog+6;~3u)oy0^DjSoc`@Oo7S+HRbEvO9=&dr$rcy9lJ4zUwO?(H3u=FsYi&j;
z^*njMIktVOvHkR#=#Kfax+VpJF*n>_=(-2Mt1OL^fGWzp6@@n80e}3_6-TnF9z0xm
zY5$xd*Zl(w@UFE!Z|AiO{$t+evRH6Igy-N2wB8VzeH4_pol~zM1lMbFvxn=QJGP^D
zpy|RsvOJXK(8A{ZW}j!F$_e)}{R}idtPq{F>x&v+4!1a0RQu`51}qOku}*%absG1&
z6TrPPM8-V{$`GBFtAd!YT0cAi6E%1a#^hG#>!%$fLZK{>`m_O+L8>1ukrC4k;F|^~
zIV_*rQjc!`O)%?|BWCdY{JR<h!v3PDL9&z3&+?K7gIgx;mU)G{jnkcO8=eH17=QSa
z>PHDjpv>plHO5!`MY7aRpNqPT5`3}_?5sa1!+<;Ed#<J4?el;uZ?P(|phZKLUd<n)
z^cVV+otCt9cz>~{F8OhPgu_Tl>5h;7YgL?@SOdKr9$)k4A0{=4BBfEt5oaZuE;{CH
z%<D8qMq7pD$qdenMaxNa$!u=!K*akii|XZbMl7ftV0RlQWN<CGlu(VX^1X!D@dijb
ztg9=o&1OuTQnu66D6!t3gf%TLH&+#Bi$r%<9m1KPvjvUZT^<luX8TinVYX`^1JF_%
zd;ng2TF(iDhYiH@z7b{&`#BEkw;vOSCttI?rAiGfk(v_USsDyj(*8{)YsS~=TU}h;
z+sm}6ikZ)DgrEW@!Y3BsJBuoNIrbfy5q%zS5NLX>R;j<3jR%tq_xppignUKve~(0e
zBE~c%vd||Vbr|6Js*@t|{4^tGnL|_=I`gvl&cP{Qmd13AE>RtMa^)XXz=zC7qD6x5
z2>(G=6ZLF5beL!&ChnVp(7DEI=<1>lffQ4psJjENsto;pz5ll2z$bdgV4<SySFk$J
zx2g(i=YsOH>5X4X{c`Mg*v_icLVSeHD+s5o+w@1?Juu^GR0_rhcV%T3a$wrX_5Nwm
zW%elLCD{{G@w}{d<p0|uJ@?`vAKh!J%fsPw^ewo*SC9p$8*5vjAf=*lg-vCi!N2y#
z46y+upEuv_;xfEA7eXKXk{w#PrVErj4<5_3XBMISQ-}KPO{>E>RpYi&SJTgD3EE)v
zNd=G3WWIVx@y;=gc?3Lb$k-?=YP*)(Ug@v201Nd7E@_M&Ok@9O(dWw74+@^>F2<(b
zp_3z7vU;1}f}9B6gV+fvl)Ee2X@5|E#oyR0&Jge~BHH~#EfwsDX^u*Q(LM+fHADF6
zbwlLl<YXj{_fA@1xBfzv@pFG#{nHb80pa@_``260afa`31`?mB1A`q>MqeE@p$iuf
z!$&%_P;TQoB326Th2OI~l2`&C%urL`SqE%=Zzmz3WH{#cOz37>uk~geK)G&q8H{{{
zg&B9z2ubp(i^e}fyo<lv<qP^x!=>e>g`4-v^oQp{^d~q!jEP5{g~mexs_5%hpudJS
zKe=kKzPFQj*0JYI>5>x_It5wD+Wt-$Tqz22$QXu+T|MOp8;#vfDr>MTQvjEH-n0aN
zsL;)HbW?26K(9FqDF-#Slb$<%*CUQhn@iXBH)jI6<%s}dSY1!BnY#cBWC$RTAc)v4
zK`%@tK6h#Lr|#p&Pa}#eO0tGj>ls-+ke~$Gs}q+z%Mq*Gd~AD81`?6yiihjO2L$9a
z1UYx4pnwuirK?ThgH@x_%~q@l3GnJm9VF3ruhdBrC016&200H1HY?IN(YypG5&jS8
zvd=+!+E^4c>Lk`w+0yMtIoG91=$|NWuTBGl^X?;uCJ8a&z#>`4RYB^}`BJ0}4ubbC
zD8;a|gvhvAzQm*zK}u5cEiczG?%Sw+ib&;WtsTJfQ6{U*e9fkbGTDWKhG*_^Z!kh4
zs_nxmE?mtP8%|{S#Iel{$uAnH6N$7g%h8Pv64xdu=j9SBQevl2;j)?37lo0+C|jlM
zPLcIc^+*a!7mcXBl|_EdmoMRcOO)Mj*qE#bPVjksq^Z<w+|ApG`f_J$d$@R+`8`O}
z1DwqVsVoJTlv+zIwco+;4{Deo>Jb5qtZDu}*j!g*Ryd)RNN;o#)Vg!#{wNUa+RXG<
zghwr`clhC&Yvka;c7hfbTl_TReIAhus`zp*oh*jRRNrF^B_g2}8r1CrClr7aA5ufs
zY_f{<ffXXA8JZZwS9_9z{%${7?}q#-BTl!T7LHvJe<SRIMfcqV_WpJE9fEEn-JiRE
zlliD><EIs*+yrCD+^kpp;m`4f=MB5F-^pT#ny^t0%TeYVj7lW5pPII?1?zwZFT590
zG>_w#y+h1orl!Iw$dUoCq@AHqdXO5q(B5cL%scaEbpcdwxwjv}K<FI!%bu2s!HSTm
z^AT=v4omt2MA~r}x?u1G0?Qwj*#}9=TgY12&Z`+XkWE$*grsWUZ~JfBI~at{M0Mg}
zp4LYf6@9-dp2-Yt9x@nS3~PCVC&PxzJ1sN>7qv-dQYThpBV)Q1CWz}+*n?-k1j2+<
zk`a}B(&(8oTw4mzj=Xk=CrAD1sZ+o5OytAsqx_G8^#3)XTwptalk>kIfFMa)?_DFc
zu1<d&mRY<=wr&{HA?(1EIfjo5DD!B3V)s#=i0_#m%SJfsF*o>db795bu{!foO0bSG
zQ|0G8FIqPs>y?Pyf7i&t@Zo?#8Lc4E&G`vdWDg?O6QAULvPKR|zyOuWbr_-xy*X18
zg73+XM%3p^-wk_mFHIsL=Q8ZKowa+t59Okc1>veLlGP)T%5&|Zf@tl(d{hHT42G&M
zH>hxLx_@xmJ(KU?!gfAONDm$DM@^3{!^7!kHV9XWzJgA4@eHADgIU8y6K>9XWrbXX
zdb~_8(ZAJSRBQS++!>OfolHt`Bw*ROLLeVKb<+J2sB#<wnQ+q=k|P5xf*5@obPw$v
z*Ku^lZWAH%e6?HUX0@wa1Dijc6{xT&fqZdc@Af=>qCSt(>G3!aM5{iND+kSXc7x+T
zJQbK~(vx@Ek8<}n2K6s`(+=AE`#xCZW+TRRG|*DqKSW%stzS4SvHyM`{POYQhpP2s
zcM%Amo6aP24vH1bcF?Dvp1l`-17!|pT3$MTY!OvSuR?Fsc0R^VyKj{*$-1lUEmbMk
zg6PAj_$4B#rs7x_QBqQpAo6QiUO}3{Ffg{T@nM06Qa-cxPZA~|otS1)9`04pN*_W*
z&D?2Cm?o*5l4{kUNmrQYxG`_-_@1@V(&=qWg{`Kk&R$wb3@#llC)@X(z9pe)qua-4
zt$%3bI)xexv(I#BO85isLZ?{uu|}D_r@)e6YIE;TJni5|W_)6JhWankcXzHXJWfKw
zX@W2;|A5>^WuZJ3N$WpAIbMYw%d+WzwE!9SMyD-LBh7+=Ko-BONmBnP1_w3DZF#_!
z?%w+r3aE$lD?#$h^_xYV{e8fzKMFrUBYH$;a5|+@nYk0@ot4RCq{>oUEg2sg1z!Pv
z^BhIThL23|Hjt@%8k24-z9$g~>+^LG1GPwhAbS(~#^pKXdoTF6!25~ad9#@gzGiT(
zK1qF@%U}qEQ|cKv!3dalp}aHB0}vTCMiQpgDP^*W9YWe=#KZu1%c?Sj@CgeaNrgJh
ziyjivyJOY12qW{hm!5=Sv4(rEce;gz%3{_PL~-=8dO7G3HUR9@t?h5hudUKtEPU9b
zO{VdbXU}!WENX!Lzn;0cZOzWLu9cqVx1O!7)F6xRheW-Ywk0q87`wZM#6fVD%b0=^
zbWwVVp@16h{kK_eH+Xt?Qn}LG;=u??Q+09Ic35B?11jTOXgF@Rb+R>u%3^c-q|)&v
z2PV;RMdv2N3?Pu;FB!@!Swq1sb{8(Lf4H2}@>!UC`t5EaQdt-fWI#K{0ha~h9RO6v
zyx5ZN{KX`jD+UScY(u|YUY;tS7tG44JWvuq*#VZ@9f>8tayuO!p6TZ8P*zqaD-}op
z*q;kl>OeALAANfenuHrv=zL|$QrH1f1JW?=z??iUkb~G@k7XL!ihw*WP->29ciM&|
zpKb4Z7KEU36Ba;}TGYXyDdB-YppWn00jJdx-h0^&*5;@e$idhgdnTXGjMjkp85;XM
zOj^6ni_ALz^Krz|lh2uLNH){o)>|in^QclxsQ)Om)fJ~D=5)ro=ft|c*v<e+mcT#7
zlrBNZTqon6*ju*+VNEn-w#!VP?Q{m;Mq=8Rn-zcfNKR}$>|PjF{O*qW#bOtajGVH+
z(~w@sG)8zmrf+K!m$Rum_f=-Is1)K&5Z`|jzNA1c>g>gF=s5N7CY)pT4TfbY59#fY
z;7DYYh>!z@(zV`?CRPt7lQ}L&w<>6FerFv1Zq0AoP;w}4M`U`kpSVVX@410Ximpz;
zkci!Qs92Y)6yz!EtJz%m&BGan$TpY&ZWA>hu~mfHQYx$EAh=9l<%H#&XuWxnEq?q2
z8@F#LHZk*LZ*MQ37}<NWGrIPtZfSY#jU`8J9J1<&J6tW6h6QaV%t6J>&r66T8e<C3
zA?<Ng1JzQ2ht7B33Ke2y;Zqgd8bY+Z?^OQv5bE4{OE9%WDul0!%&#g0#}AsP2|=}h
z0&Yi-Yc^10%cl<Q<L&{U>1?hT6#iku#V+zv?2$WaP3q*ikBn5Dh|+<Z?)*L5m~0^a
z`l*?gcgKMUe6ben-H%-uzD}5jza#`!-ZBXsTdNcT3B0qWDwimrSU>znE-}bkd@$Fn
zuBNF|`3L0g2L3p%hq_-&Nac0pyQqv10~jiwQts-R>QFf%X8^`Qs+ED@wBvjVm4TC~
zoVrX0s%CuZQVecEuC1d?hS@;|sV~*EUEhsiHOFDX-7=JztU_^zx^@4AOqPttGdalB
zFXW7R>F!=r2gI}!q0rMotZdbI70wvT<J0AB4~Qleh1#VnGQ)hZqP;?PnLl>~4cvLK
zi=53@$$^%h*>aP=t_^66_L~mV*>=pWfi7RA-RLkLU5ebip?2f-1-s37&TL}a;LybV
z$~A!X!3OlhARU!8+D69|PD@YetRwrTW6;~6FI3ZeM^2>Q8N~;J_XmW{iWQ+%(`9N8
zE|V5oS-jEq&So3Djv32pr;)jRAY32OZ5k19UQdP(=T^&WyfVYj$I7g96xk2FQtR2B
z8xvPXdtXPWeM>|Y?w9O{ac`4^4UVXfDsgeT$#wwdZj*2zggkl3KUr7|4t>b|qF=nZ
zJ4T58Pvj(|md#N_=tR*%AU}we5l;s@E+d6^2_ta6AMN~&K14Lza2Kcnr>p^jSWy`q
z{p%(WEZ?qNr7#eAiABfM6D(r;<)=b%3mijNjg^EL8V)8S!^?aLIo$GWZe(5my!A~k
z;yYO`PYECR*go~vKqDF5G?UgkJPtH{Xfv0G3G#F-5U}I24@aGRf6#40s{T~9JD>Tb
zVzsP!7d$E(**_VuE*yK_r&e|-V^^(#pLY9fZ!xUJ=4Q(#=75>m!q{^$O=0vfK%Ls{
zN$>9YLHdr<A~aFNDjEJKN-KRiHVHWZD#fQi6cAu{dS|kLbOq*uMA*@(NbB~IsloPb
z@`r2^2|NDli_QDvx+$`-&|+H@upEc9_3DP*nqCwgI3>NYTEJroLOu4;^PjZ=o7F1_
zj_^@UMSnW!=0KP40{zqYL0L)g$phx;C1Z{sq<$PImnN*ufYIQ|8aUz{Fqb)_fC>;D
z8E8Z}e3p;aj7wCKafRtI9~rB3yjWo#KOH6^BO@zJF)u#19*G<HnYARdDbEiUI5ACZ
zE#w?@)>MNTfJbbZWQrx!Zp=CE?c80n9KxVj!N%juG8Y0{MAZM_eu?zA9V;JhRmiWU
za#=H#LxQBW)%}DDLwh}uGXi}R5g%?7IK1WV%_P|O8^FQgnoR`8BYur6fttJ9kR!wX
zSc|KCxk|0v{r>rW=|koZhF6%^tX$5T6Sd6NKv5#fpGE}b&Kz8>-u9=NJu{bx^$~t+
zX*YsDJkdQ3{yqBYQRX}|dqI7C+8sKOl`o6G_pBWiuqN<-5rYb7C5HaZP_8p5<P~t;
z#I_$L>1fv)0WmTsXS*VdifD=CYVTtV$%Mrj=x~YTYMDd&W+Rfnc%7l0Jjhz}Ry~MT
zq^%9D0w243P(+9K!7D=&k`BE_Y^)OL_%-P69Dh8zg_bsV9OKctQ<1mS5#VM<#-Gqv
zRzUtdxisBz<8F5q?01lNZ^W{7xf8mW<KB18E-@6Ubd}sF8_qvW|0;U?CbUVGQ9H`u
z;M6H-X_7#F7RNl3!@SeODPT@m7-*C6?4lBD*NJO11n+c7W_WUkUr?A4$0n+0-*=v{
zM>f&ovrFDI%w$ZwhRApqH-b;G)V11d6``+`9=d}>_kwV;M|POKS|}5el_`0k)RY~k
zMA+8Ym=c<7+fpcLbeZ?Nr}#A4nY_=`+5bSQ>37Fqzv=oeLYWV09A`iLhw0#ciPx!8
zHXa9obIxcOdDlv=9OE3v0r%AA^jP`s{y#ONG$g3RitFLK-edug1u62k)1=)EjQZAh
zXrlaTPm!e*Zre-_nBR3wjX(ptB#!z{&GbS}iEw%W*IM}?nLCWFO}+5%bPLllTJ4WD
zov%Db;B@Lu_hphxPh>f&-{rS@OhZ;QbM<eFin%tTy*`DCn0&FNPQaZgEQaK8-W)Hw
zFx5_{ZY&(ErmEPi;Du56cj5Mf#2J1Kc+XV5WBL>Ie6<eEC11WlGYFX;`;PN^i)=2x
zN@jTY)O;a+;jPi4NX$Xu6PpWK5Nyya_jM+?|4}c8DuG)h!kM$TT#|Hc=iYt2^pKol
z+wo~o6FJ=tqV4{S#JS`VzB&jmys`SzWliD9rxTZ&>3_d$Td=spT)I}Aa1iG3`!vP;
z@2+Fn@{eL9QFcxb>YT@0!LMNL#dKG<*JtF5#22$SoCUW_-Lj3{n&I9YV@cwrPc8>g
z(5Uph%Tz`pnBSRMf+!(sUdkflRBb#!r4;%WWwB1dEYlFHRK=nIGL&eM(qA;1jfNxN
zxNLl}m(=frUSh=Wa>VrCDO3uNqC*hzX;>)qfBuXGMnE|QYAwxk6o2u&wi%@LCM!-!
zA{L2aNgmjd#h;xVOq3FUU6?vNjvrJ-+&q9{o3hAk<WRayrL!E}MLMN?0Y^y>uI_T=
zq$4~?8}m;2P&;}Rms)2a2EKvuyB!x~!{I#EE`gi&<Yu=&nebib)8?NP3^}%}Xkyu5
zvhN#L<26;b?JP2BF@ms?4r+7NX4Fb4SI4`A2OB~;WfldMMSEl=a2u?yO&6IYpE&(T
z3?>>`8@3*saj}&Cko46=MtjU<hxfVf4D69rJa23av(4bvOZDH%pf8gAjS25LN&pWo
zVH#{>`2G40@k>!wl*t7_B;M*EuT#=J)kbN5+Sx%cIw4NGlB{92FJh#-?(lexvdNWJ
z=|4+PNQbKnuwQ<QhKtQ<1O@4>Kc!)vsj5p7aP)VLUJ~8|=~8*ubx2m|b`10GXSA|~
zt}{3C#`_NX5{ZUmZi?Q>^v(h@rGw>~jyife{2GO5pPjVV_2sRTnGL;i_0}JWVxEN`
zYADf>GQ?tcv4FryL92J<9UE-@`#k2C{oj}jRkvog@h^^UzY$w|aSXil*|)$|-w#~@
zH(p_duZOG(Qu;Ng_AB4h{Wcpq3pbd>fo=D;`nfXGRY)P<N6ywZhVtv5ot+%b_#Y_!
zwB5!RHAIuwYabS_&k+!^KGUjjmqTkG`-G(FNUgT82~T;rhVfKuG0|}_<Q1N*8*+EG
zfGzogZkfLPxU27<Z4D~hO%8#B9M0;#A*{R8nxFjr-DaQr+pLgXwr-C=JJ#*?(YTS+
zKjuo>Z8gzbM^tJOx$d_Q+)_{xF~wuAOYq*=qYJU?GdWfV{sjaUw2bR=i4Ks?=!2zG
zu-Z?-_pp0-LB->Kpp3o>17larZ2JkhYwu8N^z7`(bHTY#iG$RzipWVyW3(#`IfMwd
zbZrqrozOKMFwi+drD8dQpo+sjTyeit*CYAjB~6&Q(F7ZUNa%MKB~YsL!QJuHkN9&o
zQn2d_VKP`@bPJziE}N}r6`{;&6eavVLp>J|^GUbgHVN=~;vKqs>rbcK-B=4Uf4K@F
zy7=(_5cHtUsNy+A_4p|6*-QXPhIK~tFm%>4*6$@l(Fewfr-saiK`P(urKVZmuPJGI
z#@ewLmk@bwX<TgeDMcs#Q{Z0IdZDIkxBSu-E~_Q{=8q&Mjdk*vmviuJ3JVKcMwM>i
zI<=u33P!9u!NiLO90<{01S`gszld*5IrxoEBUBoLB{K-4p)4gWGycE{C<A){ntn1u
zS=^<=+e}fUiJfQ8AEDv<e-tULo<F(=Xkq+L5_g+sFvB!1G_<s|3@!*jTd%F9!-1QX
zJ#6ahd)jVXTrN|iEXw=6<Rxt(pNcF}ORR#mma+IvF(?v(*umyaJhYY*c$}?JjJ!~l
zU-c~-n2>PKCF+x;+}@}A+oJk{x*3el`e0$aTiKx;y$M^YwNR;8R~>%A>*&zq+O<wh
z7PPpWf0_X6?7CF}0zd<3=waYDO4Hw*mE4MhVQuf{ekgd|pV@wn;JMygh<<dHX_HV!
z#VB0%%<zm$EdlZ3=Ohpz(>Sq-^0(bsNe0ho%3?1K?+mMtYmuRTL?COedOxY?24c{m
zdWcAvqx!b{MJ_aIhRM_HZ=12FRTB?q`>z`AQfzUH?xL(lik!VRAVyY3Cq+0!l;^~_
zxZy62XTSr6tyzK^_<zGtKcyY!-a02p1x7wi(;=K(#5#P{SWy^%7aNrsT+1F6Bk#~j
zb8vp*+EXq)Ab$7_4?o*qZDt&9@aVM(YpJ4g@Nm5125zaY*0a7SVy@F|HZXfH@u0Gb
zwfal=WwVuWZ$VJARvEd`BG<QF=8BJuEW`e&4fZrG`IE9J{0}BT;;k467p^<>`65mx
z+BuD7l>m9Ao9B2@28|&ATR4~VY-pe{%Cw+ah^2S(U!xCh`_)h^aEza8nrDQc>!F1z
zte?wcB7C>Uj6R>gd3Vlt{EmG&Nv+*6UXCXCt;b%V#ZOC*f%!KYh-1Inm#CwI21wDx
zr9|lv8EnnZb=@@(1L>+=zT}oB`!{DU%n7S#M!_fv6>AJSJ#}z>Pl9k*<)NK@?}%7H
zrT@rV^><cCn92g*tSmg$3YXs07>Wa7!`^2>gM|mi*_|TwS@#pJFoRoI?SNa-5Wr}-
z>dVVLx4ED-pQX8;xSA54H^JJs>&kZw|4x(bs7``om^W&o%kRp8Q}5p~&NxI2o&_+q
z$U`PZoo)a&Heb2WYY4c|*RPXw*K4w(Q`FXAFuueBP}&lm;N4nIxoPiJK^vol7KtdV
ziF+^ct9G|{gZCdlgppzE=QOS!JK)p8CGfs1`IfvtsBsp7ngJ6^;Jfl#f0;~*70pFr
z!gS>()(4teTQ-PUBF>#Z9#?r;EC79nEh*fIN^2YLQAwm=<sc&Zv)0*J(?pZ##((r`
zn#err<FuMAsVh{<SW?4ZmWmNELT@6}Txx$jm7^|{$7+ByOBvXvi7VS_Xrz+6RYaL<
znZNHyde598c2%nd)h1*sr6P$)>XcST+1k}s=ZpMukwF&^10fM(idayQs#!jkvV2oI
zPoYUgH^q$MAJz^HH;xsM9lu+aRAsl6OO>?9$UGtsPKutxpJToY8}E+z#}!xVcfiV+
z*7O`1RoEZCvwQNmLQ#0LVq(y|8HvTzrQXjUn^#)`?em|TVLp{h(qb!oY7rf%|1li7
z@<CJr*o~(LK*xvseV6zCM<(wlg8UzF73Y7z)n@9CMqG97GeIC|!i9ZkV^jOnK!553
z&cm5OEW(sw1YH|&+oviiFE1RE&A2lk(|NO=mz>Js){KrA$(=U>;b${(L<GPTXS00Z
zLq$s<9)UPD&@w1ER&3W&y;$vp9->2wq-YR(DqXX>c`KWjjBJgGbd)^Q)xjuLYJ$RH
zFORutN8x%triO_nre1}aH3mZg;Y5NIgE3#qCzsXK<hozR?y-)4a+5P9<#9R<+(tYB
z9crwXJp}t%@ylkRDj~zD#OMuCQeJN8$!0yT(IuA83?c{tt`!f=3Ie#B!P*-`?B9N&
zyECqV)bvnDcKk-H!#(O-4-hvUBX<KkUmmUn{n)wEvy(hSO_$C-1MVX^ww%gp<R*$F
zr8DDocoE5TN#+^z2?S-T3tW_+NA-iKXGh4`5UD8TNLkftR+s^Ey??RAo~((*xP$=&
zWC^1rlcuaF5P2v?FQ6)SzI7&ewx<ty?AFvjfs6)2TzHnvIEo0%WImUog-Ydk{W$8S
z7%y~!0gi~D0!%GC@QSA==?znvDHZ~EppPB08R^&d3|*+1gGePxUte=8P-vjCZr@_H
zd<B_CB-q==uvna!F0LHVAA+Rcn4BQeFKnR4mmJuDDK*Z5V@b&GzJQvLJ>DJk&+gP_
zW8Tzb8CBxW^Y^Jio#%+<v=X;@D>ml#?^Tt@Nfl1$mZ(QhtVPd~DsNtA8~iEt>B-uI
zoae*p+sPBdeeGECu(bkQnDZCQG|-q`e6JDs?Y=rpS3kIOublh8zVZM1++uuvU2J{h
zI3Oi2fDlJ_6VUABeTqgXOv?Cr4RjIV;&zO$7e91c!A(0_{fko%$;(Xuj)*@#f>1yi
ztDR%xL0e>GWZxq$=j_4XA-mu8N1Q&$z8HelJ=t0Fb#}i38*N)Gvp5;HPC^Bv@rS3a
zNOsP%!gyV>W-e`hI9@Ga!{PO;D9+wIV`!G+X1@1Bg8%rlb5N#ij`dEmR1+%fYYT;k
z58CSAV~mP|Pu`!N!+$$2Z@ciVGC=-}$?*)Ck$b-5F`IC$^i{asmb}@v@j#c5zZcqO
zExJE6j+D@C2u!=wo|ObOz$Mc#64g706V{6Io9N}SC4YVOTshDtH79Zxc211r^rkOP
z)0Npx8HgMggq#vM2-AonBAKs4T+!(B_4yEsJc&r7l=1BxddRqWEuxSyhXDi@-S8Vw
zw?YZU2X7B0O#(yQtj8hCeQ%K`W{_<cuZ=@$Mn#2BF7l#Hq+*rub|h4)2fWLHH%c0W
z-`pkxIUW@Q|J3VtZ*U{^8bm}yq%F*}ZIR+aTkW@H{Qc>CiNk)hOy2BTOaZdl5oyA&
zz_Z5b+Zpq(ayj5|kJEN21=5}cOK(4eucT&KJU09vPlPE8mU@bSv%Xs{uLlHyGkyYx
zWlujKq%OT-Y-kBIR$XU?g(H2L|6V44MWsD}BM<`Gz&EJ=?;wHy*$~<85aC4Dg>}>{
zx?u_#i6!2d(^nw>SlE{4jJbR&>5^L;g@cr0Y^D#oGVT-~$p6qbM|aXIiN+c(q$IOP
zgQkCeb3nnhqEO1e?M-$)y%-mQUL%DE&r%KJ+P>v&?}(>z{o;G@xbB<gq<<!A2I1T8
z!<rX(1J(EZ1pS<8fRSqMf^6+Pf6*e>d53;^6GPq5rPmK*?RpqYf1D~+B?b3r5tm+W
zbF2wu-d7VTu=tV`WzCqhtI#8i?!uS_^r;)f#kxd!L&vF4^=xI6UwN_sxnIfv56#B4
zGG)plVpiI8B`vyTI*Ehta+*nqgaQ+h8KsNFB|@_cYn%~ga&=&~EOX>6tjbFVD|H{3
zrmQ)o>!sSrLCDGY)m5dt8IaOEiXs722INXqpqg0a%TJ1BYyq$*dpbzCnTU%)93Hv+
zO-G_M;rCS^l!1jIXN_(hG4<y#G^(N5Aarc$QOhWQsa0w&r(wvNv?lvXt0={;;8OQN
z3W3(jPfbjR7s919;LO{q2+L1Dj$29_KI_VC#+X}9dhT!SK3gFR2ab;C_kynO9tJ>#
zHrF4~m@3L;EqP?V;H?d=v?cHOq~1k6Q>cL=1Y{sYGtXy*n7X6w@;%~9gD*^T8pxoA
zpfe8sKOQ<;q8=Dr!epZ+<lVr@Zf1CLivXa1=VWkbXpTC8V)tyZ!hkrX`FaCZeK|9;
zkGxm2JR>g74=EUFc=N`NtNqVTh{^cQ;i0Nwr%taZkOY_%C8lZXX#mbUM}dao=!<?_
zzR{^d*l4W~dizox2ortY*)<&)qW|?`ugmIqwtyYia<q4zhQgE%QTaX!FS->0nWW5S
zbr_P}`D1^__P*BVM`9xu=idg9lb8`E&s<R3P83qmH;EjOz>xL*z)w?o^z2e|=*9)t
z{i<w=iF8z0OwlSmWkNhbH|(n`x=77ia%O65!D@}T691GKq}R@S=i8)2;Zeh1BPqh;
zIwqP#$a5Tp)CUJlMTxBq7@3EWB4l8#6iN<OK-A-ITrywHB9&HK=xG=MtR5YL&^QFc
zLr9$?uOH{Hd>|LGk4F9bzH*t06C??*khoSJ$TgmoeFG8cqY$$&x`n=T9I{9lk?gW1
zl4r4+1tyrIYxS?YEcqJzxEgv?R8$rPwt1wgCwdr>Opb?KTVXxc-rnBnQIqidzawO%
zK^<j4XG%v~mOBNxBNUOR989M%%kJxLf7|w$;pb;R&%MXWf;fA(J4YRf14~E}qJvR?
zZDEN?pD|nCVpgYYvOI5~fyp`zFmB5P6r+@AKyjrQw)Dbeq&g)RP6vgtQ?qsJGlAg|
z{u1>3xH*RQ5x6@x5{9|ChW`BM=_Vw&e*5P*@lIkaf&6EtWJW<jalGmA3k?hN>+Ixr
zzS`0)50sOZhU0O%po$az1O=UgI`;{y1?Yj?+S@aw%a;Dk>+5bM1NNCBjXA1)6k<ia
zwY?>`63b)*gQNCW{#Xk(1t>X%VimD)T)F&#SpMm|p&YPH<+yeiE?5`uiv$g31Cr~D
zRVtva)rw{+Piq0wC1O(R_V{{Lfw(OYo@^xW{m>0MhY*)MD&j@u*cvTtJkuO5-Fd1v
z@-bqK%VeY!OK7^=l@Vx^G0Aq#V+#Kmm7G?ps%!{oXmzy_^m(e82;}(vE^%sh|2go)
znQ14UO==KRs|<RrMmwiQmvB(O$DUW+EP+N#J3BkMRw6>7(3u~F`9974-{1wEK}mEO
zQ0-InY@KvHUSN0}Pj-yiaMnSM8-*lgq<4Gr^H4<ggiZydPe`OsErgb`kX0sU&Cz}4
z@n^GCp({Ml{8Z}nN&>GIPaWw><OqOqqy{$EsR|2LGFYwVqdArUHA;GZ7GVv?H?c=r
zB9sUW8|WWumR{__H!!?5Ofoi2BV|_>J*k^HM<S$WyoG@|Ah#}mT@rWd?g2YZ*pQ-6
z)vN2w`JNL=*rns=65JgWuKIqve0?07oeWykiTd>9OvHjMmVo^v|K!S08@#YpaKae6
z1$cx#8QZbUY7Lnr)#xd}1nQ?u@$GzcQ6>)*v=Y0ix^p<o(1$4*!8Qc`c&&H`+&uO!
zhtPw)|Lw^^djI?L1%AcH)9a<{+Y7qAe+p1?e5MfS)6VzLHxER?SJSq$H{0th52cyr
z&Y}qTne1kA>#Z(?CxKg(cx{>nz-qT+0P%9s6B*`4O8@O^gfROvV5Vx_>g4{Zg3E;j
z6^z;F9o+{x4W*%Y(9h%?=2QcAH!fPEi43kv-}u<xZ$OMwXe2O026J7#KYN?+_R}1z
z<E<DpN1-8>XDO;LtD7hP|Iqc-aZz<$xO6uI4BaqDcZVP#-Q6A1-KBI364D@`QiDi0
zBcZe)A>BxK$34F97q8#F_n%>g-^@8@@4eQupS9Mr_nuJlQHK!J-ZA4EH%+0QZjExT
zIK3(OO(-QjHGYaaEVR^PmMWSt7G2n83okec^izokeD1<)a{l?AoOOM@hN6Z-TJ@LL
z&&^p@_$O}^ak^&B)iE3#QlmV#MoR528{bpY$YRF=3p<7V=KSZ%zkat53JUt!8&6^o
zlHLD9@8^+w@FNETGN3RPiylrKY#ggu;|gkZ7a-%Sz*VX0@#Nd@{EU5(bWzId^i8Jt
z4Ngkr3zp!XvdX}r^WRmQKQ@?g`a4Fz$%X!gZcCVCm0{!|G5hP2i?jV{T-ajhqnU$X
zD?VWMc>8v5ptE&bddhFP(ByFzqe~D)?{L`6Rw4_0`Fjo)I*XOcM}UJrdF_7+!KY(n
zbq-)-lVu&h{wY23`Opx%@i5E%mlwtQ$=N*Ntdm_9LFK}F<fz@x?*5u5QMfG$rs4!C
zHgruV$%JH+z~S#~Qhg&o377L|-;6b%vbEihh%)9@ooM9|3T)VM<Xfw0KN%K9^72-7
z0jIPV1vrza7K(i}xK^uorggI2qnI4+9`QFM>TJ<L6#EF;KDLZxe5_i>y85>kz`w0W
zBAzai29HI`T+<SRV2vO(+ain>2DiD$s5h{(vl8*`$CC`jz{*fyiPB!;Why%Prio{$
z^Q><|<G*?Df4UKZgV1pZm++ZI%Cd$-_U^pCZs$y`K%YXVZHVwGK#>HXBpVj=am8nI
zb5D4(m2a3aPv1NmT1=ltKQn3wY6krjV;85)&(HrJ8j1cw6gYA;H8mAlS0@u02G`Wo
z@=2XDa>}A;`t|GA3^l||BdV&Jl%+hb1RiCg?CjV;_DM6Jve_6XG&EF5M1<HO{lkY3
zXt=njM6y>m*WGh-qH6wSnJazP`)~RE(Q>+FqSjdkV{-4Tz77q2S!nf5&CfvLbanlp
zraO<hlhtjW@~y6xD_BB8LUTa4*?0t4WF%pluhSDXYp1S`$#!=Fl+Kk=!V&7p0<AhP
zgfz9%j#X=tu6FGikc!OVM7=8DWy)e?Ze0|ths&H7k50IrmMFf0VEAch!3W=jMEs}_
zG+&FWd#}MyY4>o^lRlb0(=05)?3fNAKte_}KYq<_Kl{lB-LB$J8*ugO?0Du`!g|9~
zWJq308aHJRZqd!lg!(NiPBjn92T^AuG;)DO8No|cdW5o!i<w!>(WOvhsr$0<l&|cZ
zF*dZZA8KP%u^w5UJdA9AHObr_EXJ-TTz-Y!i163GSN|Eu@N%+nI<%a}I$x$`ZWC8<
zs4JRf1;3AFy!vgmtVX)yo{o+Ye(6PU=9dnwR-_{PDxE;1K%>z5NkibD=$6R~cLkT$
z2U!UWOxdJg8J7I1)Q08*8<yI$=Y<dbI}g7^eRp(34yIF3-kl^&7JNz4-M6PH$26l3
zxBdMCAq34WywRb~_Pt&WRlZnALXA;<gi`Ud=Q$jdWusX|hHIA>Wh!qWEA+J$tP#X)
z>If0d<}eCjVUJC1x~~<PoNv&yil3o-9gZU&8Zc1Ub<)cxbdA%?<B^el{Hd7D!zgie
zB;&QaXwp742msY_=i@zYC$K_UiG=f`#5EOW|5}Eaa2yePTz-3Cg_t<2US*eS=R;gd
z3LfKBn`K+5R4l*FM_nD4EbR|H<t7{8jE5_Fpg>?x@Ny;tkpGaWHSEpmgg)j8g*!}?
zt*AanJD6{;IGKiW0gFKosFEC(3!e_8F(*3!1^Ne4R^3W<Z%ACK+QEGDc&n?~`jCSn
zcj3rZQ>R%Io@j%s9s<#5`BmDNA4I>tm-j<gU@{*5e(#b6JL_w?Qm@!%{D>eiu*cR2
z>#tNRdy!}MOH~XFF8A0SGWX_wJme2DkV?4L%a)a2yj}Fs@KnwD?@KpD5<Tf;`nL3i
zZr_TOujpl`^7vZ@NnU;u>F}=*4eH<Qh22iO+h5u=*^iFfsq5ZBdAJ|0HbhR=ZCh}b
zfANxlShtec=Pv1htx#&+A}J?I(FBrKcC4!$e|*$7vV|ktjYxzyET9x^Q1$xcKj4;^
z8P;rG*Nywu*0+0eU@>&8RKX0XGA9l}_Cy%#$2B>#8|@X+W5?BP0P2-+WeL*!(XrH(
z?ZA?Y6v`;hN~54`?|Pr5`^=Z}Kql9MD?ak<csx7=X(==`_+7MIQr884j|@+|Li041
z)gyMg8KGWA5MWF^vJ5k0iL0X4XbrAQ)$^1#gBiV7v4kr-J0EkYsdcI=7kzzw`+uJA
z>bwAXf6L&YWSU`6O;~!oJH_sf+R7I7fp8s}o$ve@Zww7hdoDfRTW%uCxOXJfOFA|2
zsG)sKEub9B$rgCI7hX_PLtswFN*#0r&!qhJ-Om$p5n#pHNxaAp53!&c*};sf1})~a
z+sM`NCT=UJ1q?+;-nVz#J08S>U=|u`J(^Dm)USG$!x7zq{k+gdfAq^AJKPLqL-e7A
z1ic8GLmCJP2W2Zl-uO||R;KEBCmWbXxJBUJ(@Zu~Cy&$Z1TWvwmh)X19-9%ih(v5^
zg<~D4u=ft1Vf__aYlE>4!r+)ic8Zv@px41qWE(|L-%4jSjlye^CgNNwqKfut1_hJx
z&5FS730^i5m6x2JMaI9Px0ghf6WFvE$*WCJ9>m>9K4?ky3}%wWX%8gzAe%t%ZZWyq
zJf6nldM+QQF>Ft4Q2h+1%n;q`hNVNaMUXj++XzbIhoY3gtU9vLSfV}mDy=HR`efgZ
zfa{ONzg+v2WcK$%ogVqCv9<dMUD5S11UNdpm?!wFLOL=CV5Yl=M*erdChUZoZqaTU
z$RhCJWz?be@M3`%Sflw8dIFA(AeVu+yzv3%aSFGaYpr-e6d>nkQ1|)a05Ptin=Ku?
z&htEVXmjm=pNzqx)QQL{xg?G!ix~F6Md|sp*$C)w<Dp&NL#nPqNb-qUekz3X*q(IM
zZP@oB;NaV&G!psNL;G(lx-q~IsF<$QI7o{nWO^?<8TaOi#rv8X1?5^<XwkA(hcvSF
z*Vo9thl{<3qP`KdU68f}3VsY~-O8BT%L5j>;gLMiH%D5Zv{^u`x>#7U7yXBw6-Q<+
zE-u>(<+wXR7uj#WcC-hs9B!5Ol-J@OOxf9UwS;Y>Vc_8OG1ogj#Z@T76aWc=<5=vf
zjhljR1sYsti>HXUs|{*B7{9+$srXqS=}NUZlwb8=)-{Mp^et1q_)Bc9-6$2s?H2WU
zM{+Xm&zq}dKu)aR?)b)IC08PttUsAr&w2Cm>>0e88sRmALRztZJaJqvkUiuIn1tv=
z(}9s$L_8kEeXv6B&q=_Wi4;uAx$ljorfbZi)#e%$L3E;rE#7Yex325#n(!$SP%jT*
zt~1b-^{;91=2kE}oggBovXQLtPT%CdqoQOBKV&|qowyIYx@%uTnV}YmoMj2YNKJ6<
zH;hj=l2KQH1I7I=%<%)f{NLF(9Ii&S6gXb(O{j~7u0*J{rO{aR<=RhOiS7IdE}Ob1
z3(3a#Q2`$N0F#+--HI^uPP0fk#2d<5O|GxV@A>f~tT3{=DWsLwb~xVwrV|(V+xh~h
z83g2j^^0$?K4{W%--cYDlxAEf4|TIbSG~o?XTa%a*(qp3BNlZ$_Sj|DqyDTz4{L#i
z7hC*`0gH30c+taiXtN<=wh_a0%PnXEs?0;r8pgD&fwv8hPZTi!LLu5^WhBT9#kCw#
zj-Zc=a4lSVc7#ei+M%>N07jhUXacsGUp1k}r<eWf3TbX@eb}HU+Rudzz<tV`4QK+S
z3k%$yQ*745Z*`g#nN)IP&UdF+GBIIQ*c4*==pc|bWZRF3Ee4-np3bPj>6>$pn|0->
z5Ff~UcUr#2v^|B-;FDW~%ER6Dc)6J*<4<*ng?N4eoh$}XPogY|lb_RB7WaF@s<#;2
zQ}v#9cejU~A4k4?P19)huwjhjbDdI-q_lcpdrZhwsNNmnD6{gTLT~)+boBVH7ju0$
zheRplPD9uf0(DbWB4+Q|o2`3OQ4VY*YCqi(++>Cqr{py_M)_<!%K75g1giJ$53L@;
zIcf<fFb<Vap~rm!nK)UmQhHaj=hkGF(8y<piH{-vxxuelw_Y=;yu~9SA;EWYx_Ta0
z6EVC2$ab5pnCIJXr6Lh3_3H^xa4EtDGdW6tOt0S=mvR=1K?~B|{k{9%k`-9Y4Pq)5
zTJ+s@oizn_Ya|yoNK%tBz|VbyyItY|Q7I5X<jjw*k`L9c=egKlh#r$q)_M4qlqXVX
zy3n#MX-;!-I9n3}$aUBgQcL7$bUvmF7?(Eb=^*7a`Knkylcs?ufZ{nB^O<3jVVPs;
zKfJm@>_SBiq3H~H-0vTyl1zSdUU-?3;|q1{Hso_OAwgCGNqv8(u>5wC2*?Njc&U-9
z8JWW49cSO@Dl8EtLl~WC<!X_GMBb01Vi>B26gOruv1fA5bPsHeOM~<(3@;`a0px@e
zZT2qy{^?gVCpwylM3t*mDI0vJA&%d~=5UXSib^Q(qLM&pbEJTpqaUMUmTty+<Tdi?
z=BVI?hp^vKp-0@9f{c5NMP~-P$wwsmq*B}Ax7!0_)_upO%>hLBw--99=^h*3#$}6<
zFg>G(0W+w1md|ETCl^qW4M2?fw!KBRuoVh1hkoJ1Qt1o5jj-7U8_Xzd^0Hj1(!unn
zmj??v9F*-?6kJlVV%4#PR=Y`*PYx4IXQmQ<O}sIOwFyyn+I0Lniu822*vM=mrKo(B
zPo2Rb>uB{rQC%{W%`3mLX;E;0b19$rmj8`a%sk{{Emx<?pl+3Vb&$U|73Fg{X+9Og
z?!GA8+^Z+RIhD^o8a|amB4?%f$^tl<&|9f2^R?ENm(iK>+)G|8JPoQD49zB@HqSpF
zm|gUr5v^&w8@lyzo@?U<oDQq%!wMK(z-!w0aq;+N8r32;yol4Mc=J;ib0yBdT^5fS
z&Dew`LM68e&xhjKW(J&W4%)Y>G<Y=OPCu{ksUpPvnG!x5GX%PstYbbBr>lmJ*-uW*
z9?Hfw(w^BQ7y@rtbu{UeygX-s$!ogW1Xf<}7%prGfmRyVD{k1Lzm+tLr3iQ+JAL@|
z#KIzrFG^!Dg}Y<{DMxlGH2K#=*@uhH>rL{{4%0Xlp*ITX&#{K7#{IV6)AB|+Ej4&D
zYnH1zlU4IaV4t2%o?htg*KG?soynbDkls|vkLJJE>+JB@xclt*2IGeuGeLjv>9+Y3
zqcSXsDlODf#Y`N9bVw?ifIyH>jJXwJ8<H_#*hoRgHapTZ2Y6_NPIuGwmlJSH#s{WH
z1A8_ZZE}q>U+%VGsL4?01=XOb&lv&sn00$!+S&(pmV&)71rLnHyw*lGsASsg4r4?U
z)<&N{gT_iu^YroJcQf^EzbpQmjR^spWjf`a^~iGXL6FFG2G127*{ym}k6l-fZRLP&
zG*R^Ij<SUJ9NN1%Rbxcpv!B7sYxUCb*E+LQ>yElMh3Kk7Ezs&p2Q%rpXr$2b?+ywi
zWKgU}(iPC@G9rscw>ydotvREIS7qb5oOiT;yy2L+YYV8yfXO|Lv;;O1`QVKnFWqfD
zl`GuRDoa_f3;kf$SdC%RC$No27dR*_H{5Z9@#cx1ZuIt*u>T1|gVSO{l~E(zRUdZR
z3@k{1UOpLzMWguD?~Zed{l7adMhg0M-R5#-p(%iHn!`jsV=p^}!GYkF1Xk~_wXLJU
zkL>T~Dg~Zsv%bib;HP>2slVKL?|T;C2}<}{_>od(<35~kO;Szps_UB9exUnITVg6N
zC8uKau-*utC22(-`YRw&ef!;2=~Q|3t$3i17J;$R&$z^vgxHZ+P58kplAfDbO?Vbc
z!fwlO)yB;c#j^2qdez1ad_)c=!6elo2x+@K=@`BXa@tKZ-Mz?t)|>#Wu`noVzg$x_
z99$^l&Px!Vi~9wBXNtfe)xDXbhLGzgmd}Hn!^TcuP>3ere!mLL-ae6Ro-<tiLo?h~
zM@ylPAH<$4wD`)G^d+j$Aw)(v>U@N_hp%)txGYtVtnGd(RjROqd$_$Hm3#y3PBE*O
zynYsW`^js@>0w_Gi%dv8Pp?dwR5?$AvO>4|%NKOQ^yjAvRfb?5FZ*|+z$R}LEHiua
zwTK-u(NDr(S)EZ!7;nVamIZaX6?yErg|Hhnd}+)R?bO&`fkoT@D2@!UEm7Lq^4^_1
z-JgrQ<^}iW1E^-vmq02MxS8<L@ZIy&l;+bdz{v$tG$?>@62%X_=_8r|`qk>-WTezQ
z?Xq7qHYIn}N8he%EfV_Niyrp6l~m4hlU%{KPm##wmyDt+ZVwTk+jvWYoT}Ni(ZMRR
zYK9e^v^9Cr$!G$)OE<^IUnC#z2n#}PSPqu9`r#&}r50MexkDd<g05Dg$KUc0c6!Kf
z0ADHbp%XDOX!T)#E9mNCX(18Pr*L_GE}KZk5A2`wEMz6gBjB!B(!2|f$Slu&-e9WI
z;N{KvZq5$B!*?X5OpZjiep|1Z{iRN7v!LTh#jZhQaEA5=&G1#y$Sfej`k;TA#;m40
zJ@pBTln04kE`h6kc$%Woe<cEEt-i*%S+m!Ei(?!ZJ#i5jmhVA}_b$|aoQ^^wNIw#L
zMQADTu-(3~KQO7tsI6_UlbiA9%T$aJSt$~yb^l)fd_BKtS?_j$OII&-3(B)bB$5&;
zb=&UWobMcpc=m$RrmfCqY9WA|e3UIJw0Mcq<a7R!zySq|A|_e#0bGNHqFtlQuGrlt
zuEjKzD@+JPtf&k8R`SWZ!L=$FGF~YZSGTTMlp>%;mqqQK=kXcrZz>p^-}3n#pD?;C
zv_y*1(n2&pzxUXL3TZ-tEY8zGV)jWt$TR-?6QwuuOiG(WiZRWP%kVD7ok?Q;rya*Z
z-B24Vxnu!!&6m+wPrqq@(55Qf6?A!T#}sE$BA?h(mPr1?_(|v)euv{C1wcb|$#t*V
zyf;p47=3_%P$ds`+2A@CHSd4&{*K>E>e$e@#S5K1M^Nt(2o7-#8ZBP_h6BU@2OK~_
zP8ePEX_>NLc(75x#WB{z=f_6VE+y`f8QXkcP)T|1q*lMgrieH@-ua$^Y_V{^s0EVH
z=LP-*H`a8wg|feo6LO*m2$VI08UPc~Re&<cWr+Rw<Y%)VsDK5BJo+K3cfarU@-UfR
zKFNHoFY#)(rc;~Fz}3|?=<)t?+(+GM1`6-|^D{T2QQ{nLsHfNd&w4G(;ggNQC82?=
zJrD?oQsiAnif5yBe-b4<$f#*9t!H3!IOnN+Vn@~q5CyS5eQ|en9Ov5}a1IT=^#Kg5
zmq~m6zS((BKs^W(4NbimgM<}=bAGTuzB^r`7f-6(G1n0s$T*)Bt-+#R81`1FLbr;`
zWBobfbCV{wr|bgIG5?9r4qA+xsra%?Cs)793yQ^E4g@x`%G3&yfH<f^z<){Ob1WqN
z>zv5;kBUq()-5(!v}f^MZ-^{#$o)fNB}Y9CjNlCnWkbkgU`&RcbhU1u0PZ|SPvDf*
zlph+{pG;XXGL$aNi?B5!Tc(^nx%-und9|N9R6A6y*`5AHgVWBfP%lZ;Y21*7jC&8g
zuM2}}I@&y%`~8hKBZqn}Sll*2L@w37=jvF$(<RSwaCjKo;FGn+D%R-6@t5jqFn_>j
zk8|J{7O2H7xu8>6XF&l=H1_HKJH>3x_RUk2M{FvQ$uo+wwS_u6+?%tV(w-0Q2SJNP
ztg$&-+c%{~%w`=yGp)XyQP;O?7ga`aER-|zuV5DjnUxZctC;6^Up#V04J0HSwFUzn
zzSG23uwvDiu4vdpfW9do`Jh?vI56YB_6%CPf+&YXPQJ{z{E=>kVL6^tiv+<vI*f>R
z{4AF@75j$0-_^7;vTwu4a_Bc!j^;}SChg>(bJ;7pPF9++doYY|n@JZ7Ka6}bfV$t|
zm7>ZMKm-T}XlchOVud&wRhWl>;{qx=yaXL5pR*UMW%KkhOsNNr!E%2U^<3Fx;JgO0
zXhQ6eI=_5h8EbSkbL*$~HTOs@u;?6$gr8cwzVjHBg%c+h>O9iKvM{;OY4LKHI8f$*
zb8BSo6v~NSUUiX;qXNZ}2{^?}RT<5_%5HtmYd4ZGULwyr{<V$kn9Vm$)7WBwt3{(P
zksL^Th?oQTw=%L(+?#0@;y@4#PGSR2K5*oIX*moW39H`f<6KYpMpQ_z#<a?(>t_iT
zg^+r)DP(>-a;=n$&wh+%!@kH~`@K3Xg_xf@yK1g@pl;&fOs&<<y-BN2k!5e3`ITT&
zvNT4XZi2<AEDeWtu8=!|@}~;U0ew*)p3PzuVV9qu(IYWQP-ai^&6li8<Bi%nD5yz_
z^pmAYch!*q;qTj)OQAjhor=u6BkboIsyqmOwFVdzTvCy!=x^T?=R{9OA>iL`-phB#
zbRru2y?)(=rVbUJ;Rsg|$yd`uBDd@8`b~eHVhAi<T|q9{9yhBE8dWzOSL(EDsKlkl
z!%KCm3>DLtc?p2s<_>;fl5iUP(RX4!ZZfL8Mw;_E&>nThr55Y5^WK4Iz<5ZolgpoH
z6UYPyYkbgToOpkwJkzK~O|%*B&9-}N5bK@g8V!VfE=wI%4^ueQ+z22YI@S=G=+$Yn
zP#sSS!4R=tZ0{$)B>#$3>DIO5X-<Q)iVB-q16G~wh<4F9TR%*=Zghv=@zw5Y1gyyX
z;6DE>YU?})UfcI}8pIMWlE}EF#ruy7Hk!RY;2xjrxK4<Rd0e@j2jSyuNyv|)V_|)L
z%^3gx15JQ@Mpd0V>}N2PnvE#uH}jMaJFGy%hih{5oNLO&oGxhASyGhheOHeZyxvbE
z(r;qP^{PF2wgQb+eO!gQpS2S?cSjw(t-z!ZXLEQo!7qd{$)EcE$T=g7MpM_e0Hd}r
zZ@*oZ7D6U(uhg$az?v&15s}$W+Mcc{Fgz-+3y<GFI5_yGBQuTci??IZ+_XH390^RK
z5R%cYg3#&_yCVB;&Tg-0x9&VEG%PIb{_PHPO#=-2hlht9@fP)MI{$||;TEr7#kmYl
z1re}!3Ta~{^0+wzKp{&TUD+ww^0oi<MyA=MpD^cvi;YDnsDW+NZiY`pUx;KRcBKV^
zlqz$5vT?jUPGA2rt$!f-zVC|x!MOF;PJ=qzog3&j?M{Q!tR+Dt1W#kxu+5LV<7S6-
z14JhoN8RRQe6@0Zb-h(U^rEF|28VF#ZM-XY_%PQCLMCPPYI+Q}%}Ck>zXCTg<M$RP
z=8LF6GBTXN;NfZwH=WHu^T!4P=Ao<-^W+Du@<|-CPo+6AvIU|Ga`Og5!k@7FTFZ~V
zyilyQ0}{~O*{>(vZGVTOZKh|Qn;!;d5|KVNpg?{;Q+LV3kQ&JDEy4VZP6=sSWdqp$
z5XW$Pt1ottz#0l^ixg0fOBrfv4jaW8;)V4jf)>4ZKXw*@(3`F;U;u$2eK|_b0djoJ
zD0AU7tL+CBDF`k@LZ&im^r;F+ve<@}kLE{ibh>-X<_BGCHyICZ(O&dRJlw6}-W`TM
zYN=BEh>njBkXYTsbdk2m;v&Y7pLgoEqizY8xZSIRzzR-`TeP<oKNxj(u(;CXaqOj)
zN=IV6Kk7zh(hRZ{a=#Pu*_$ak`EoQHY0-K<{IuS2T6Z))Bhsp*t7nUPN~5~S`fCcW
z9>=8XSQltB;ry!dX0S{}D0nBmh3exygF=e9JWe{h5ivDb2F)`+bbqlbU+c<PSs<V_
zaxv5lT^^{=V2<;t0KhE~1z<S5DMIy=2o;2mtBX95w4SnMy?wN|Do9<(U7oKP(Jb1A
z1_iuE1)3_jCZhzh=Ghru-+YA=TPZ;bLx8(#WErBv%tdya>^q+00yZh*SB9>fH5AM(
zZxuUqSbU46Ws~E7Lv&w%lRUd?Pw{xUjP6yrq@{EDWHUDXgO>RtHEOC@Bzee{71j4L
zE4G`g#?j-&U@!7+Ury>aDv#PNyu(@1)qTeJjo4Uo!a)+6hE|epriL1+%JWg#TVi&@
z_fS%-T8;Jq?+N{;tl`L8U`JJ2Ak^527d2tC>QB<CM&(Et%@M@i8ZFT4!QAz<V>F=x
z1vkM-rM|>T2SB|7Ie<ezouP2>rJ3X7!>ucuK2)l`Y^>|Z$;<NylMk7;#e|r{_<b(E
zSRdyku$|YFN|HPp;~_g!@YITQq|HjE-_#0;Er-wcL3~VD=;eZMmWcPqn^hNstcgg>
z$5!7%0m@ZrG)g98nyc-S<jGsFLN}`QZzk2itdEMG#}D#==(|-?i1w0yD&?{;XfiKO
z&M`Zy!dHY~)v}-BId$G&kV{;z6B2DEPU~}e4W`g;^+pnLu(@eO6_d&0V_12KakEj?
zFlKKbe9T&`G?w~SAld2I`q90=axsI0ZCo4{n1Tc57~s-V1(G6fM58W|w#t|4<`pVO
zlUtMh@0(+!8}Vf2THg6}erJES5`9`EBy&juD|ct+Sh6#vBF50xBme`>v$}+wEDaT|
zrFCiydP;pisBo7PB9;XN?zSZ3=3HO=1c?elAv{N<uSO-kG$!(_4z#CQSDU>izF!Y^
zCVG{f+{KLWclLt`5+bl~3lX0m(hD5QNMMc+%fQEuBIhb;pDxcE$m0%v+cJ`<lkJV&
zs)IVa=*MjvdkTnziWkuCI=*cX5)c*+Tmniaw?qkf$MNQbqVrZC^r8YkI)LbK;Po-W
z6d#k}u4t>{*+KeL@a8;ACU9~_34)wq#Bf=A=aI)?tMb!9$*LTAwvjCo#r$b-7v2qd
z!oKP|^oh#E7$^g(RO_Y?Tw@|LG#@uC0WM#z=MycQ1g9JA7E@R!Tmpg{mXtgkFFYUb
z$U<AJ3tS5V#AdHC5NV%R*u|C{xkSGOdDW?LGh$doQpFSfbX%m*xZMp~$(EzP7Lj=p
zrkEc=Wq+eWzkZI<DJooMV%Fr2Koap-(zkxNOSw!k;q%UP9VrR5M^NU$2a(6m2W=3?
zL8bYV6otT)8&ENd8%6NwyAmy`8`A6}g%8hQH~PqBU_7+tqJqI2P&6RD5>`~+^n3*B
z;FYdkczkxI9e;;KQWTwEeAOcc*^EH-rR3Q{??sKH#U|rZS8!(0Rrf1ujka2r7F`g#
z6a5tW7{YkKl`n*xBI3Q1MSRp;;W?DWt%&wDU%VAVp-<fmpGd^>?yl!?mdkfQf2yeN
zm8i@wfm*fzeQu76-N>TPV3Z^}`BXYtZF_+Oih4FsLsLq(I*r$ndSzjZ<;c%A9N$b$
z3SQ2s_2w1tcek;a=q*;!bR@oAJj!oPy)H3k$C`VPk)l|vuDIjOKnhJInJy3vAJ7>J
zE)~VbA@0_5_!v53lE80oSj*=PHzTVd7@QP$AAbE?3y>RcQv}v6k;5j+h+Hd#%Hn_q
zw%dx*qFSx|RdNJF?+toyQ&pLwJgrFi9n%TA{ctt5SH*_{->hQy(qX7qsvXPWs`TF`
z$Md#HmNIYw6UqY)^#fNpeoW{@sd*av>QUD3O5Fx=cOMH!8kQ#77Y@KBEHgXnE;u3*
z>r9*N0jJ$*(Vx8OhA6Tjrcj0jB2{SyvDjX8RA}5m(3c6}EE;sBLUoG}BQ5()>O{n%
zrEw^Q>JlxJL$bC)VQ_e<L))SyVbZm-X3OTUr{v^TzP3@f$3EE75zg5`@Pb{0;kYj9
zs!`o4QHO4*%t1cjoV<A4cDRJ1Lzo{<)rV2Iq2vpq6bub~v_t4P-_;I_)!up9K_>m}
zgY3#{Q#Xa&0o9_>gg)wpBSaug*}wFwAMwo=hN<_3(Gn?g4(n67{)~h9*98_h0?g~`
zmO!3=YU%!XQ<-Dlvo^n)Bo5@I%XNwF>A!tIh9L}shqP>~;$g63y(r~;y(`s}HG=n|
z#VQ<!R75Q+Eei7yq%=b!ODV2~zUv`KzsqI)#<U4dEj3J3u=z+eHL4gfPmIktr92Df
zF26prEG+7Kp#2CjRY!Vn-290kj_!%qEmu0KECPn$W~9|}wZ_7D33W+WZ?i_&SRN(l
z$u_ho3}yuqhXiO$7E5^o6vd5JfQ}3knR6s@736F4ox8_}4HFicit5<}ovbv_YSui%
z^9ZVu3P<?X{%l2#6ZFK75>h=z`Q^wy;JXP16X*@t&>4t+75R7z1bxRp;Y13a_SBw;
z92sil7BBaily63!7QQcueo?X;OGk1#GA1jV`h2t<_CnSo-V+@gTW2~I0k0<cpv+<p
z<hi}`{S?jpl1pZTn}MufanoyM%=^oA3VRLmR&U#LFS1lpQegjR=EXag!Dp2WZvOuI
z&-v``TK6kQ$&;vj8){^swI>(JCFRb@T_&~0Vl%|@{SX)df;3GAdd%<XuS)@#{`wR+
zjnATnw@@+YKuk>&uWM(1y)GKuY%$PULddcJ$>@^9lE%AFzVA^i(83z8WZff<XAI#M
z`yOlHjzmJlpkKCaEsWJ$yqn@<B9xfdPO&SveGV^)CyIg82c-Thr0@tN;<E$)96QW~
z<g|Et<@WCJ>6)g<txb^E!@D)Pr9?*-E{!1zv4EEFZ{S@Jf7H`>DsN#?5u~Og({Esc
zVQ!op`oQF(7ik@6`j?bq@vo9)sPj@g_KoqK7Uc#m*0>3sBEkj%kE)WgYBtyONcyWh
zC2WETRFA&9trT4AY>SzD1Yq!ZjUR!L;ai?&UA|oTdKDT~W(h{ybl~PRHZRA6aT#Gb
z$QG4rm8&|Y=Ev`Vi2V{)(U8fa7R~d?L}<WUb3x$+@w=6y$UYd<Ue#k?dt`lDXd!J}
z=;D+TQ%!1%KJHW1CKa2i<!H!M4Jy8<z2qDhTCa*cU(x=6(5OQ#V|YDE;$uz=Q=XOu
zT=8Jwc|qMeut)@huH4=%FPcW;kYbQ|ec^fsrepwFK;)n)M97#XZbed`Lhb|724j0j
zO*pXx`>)-cK%S6<RDRhfahzTqXM3|++(j=-{f<{xC`6}5qN`~yxLxLjhyq?&k{`l1
z3>wR}^>2q+K*TZ3K!#VL7#bj5zfmr+94gBsI($z=?q}381-~o~{gO4zCy~J;vB6r;
z)|vw(=<?O%No1*_F5;hq>U>;0^3w<k&1Iq!(FBg|5LJCJ1kB|9Wa40bEFo&mr*AN+
z@goo1;?M_ZBE#_9!~iIx7!{JZpovfkYWwIq6dT*X5`%>*MH>|%`%KungDXnGif1r}
zf&m$xi}pz`ULTPim~YC$LchMOkAl;yNIk(~hMSm4)+WcRQJu?Dh<7uk*{X7M%!$qG
zWP4>Yt7MZJF5naYMK($oD_o1vv;HI-D)OkY_tsu#S*<>C;5k#ouvQb&#~e%SIYE*v
zaDyd&7-!<X`j=H+Fs#>oi}CcQlkLYFB=@bhRt3}bdy8)tR<6;*6Xm0B_Lul)&inEB
zo+uS}{G$aDunD`-<JDQurcyVVsa%7?W_tlqS0F!lXJVCRzIL^ufO{Arr6A%2eygP@
zP1m)4fF&+l`zo^N8&ERT$aO)9>am3IwIA^>aT+&4MKZr`pG!wa*@S>Ovb5G$iiLK$
zy+}<2*oM}mNwAS|F(g6QLzt8jUR&x3<}3QY>@8dfqEsg^WeEqNcHGTTpfoT+yhS5~
z0Lmps7Ma1QlmV%Yj37Wph$Ho)(tudL=Q9Bp?MBy}7jIb<33aPGdU1@iSl1Lcj@EL0
zAvr}JHz_6&9|D_YvS`UgLamBu<ilS^TBbcn$P8&v6xAuH@hBg(QR_o0$0=cWma&Aq
z)0Sr#GIbhoYvNKF&T|bq`|f)bg0h^aJu|mh!sSc6VgkMg#yZKexC(X$hQ(<y#R(F2
zo25m(2?tc4$|1ZVcYZ+C3r*6Lyk*F1g*|}xbzNRQ9CFS*KIehx{XD@A63~+utfLEs
zpI`Chf9R}Jlk4LIDuPyMG3IOF>f?4DfF|A&>7GvXVw`^c?hMN-+iZqq9Y$I{bA=ls
zv@$h@Q^&f-ld^#$Pe9Fnmj@ilnY6NMKnu5<D2*l)H%=<!{!Sc@=|idcM7J{3f)`8c
zm=G?+VH!}U_(yN?JR^nGaDPUblfaSkrQ#LK$(M=V=UT${JUqe-F^E6b!YVF_i6H71
z#DzPZcN^L(@b?BYB}!w<^wxH^5U<RgF_Dr4TSqi`E)FxWw280RPX_7v9vz)PR&xYo
z`=-9We#dn{Gbvvb?Gm@R`v!B$vgL6XxoBW>(ly9;(#2SutuOlt_ipm_3kIM-dYJon
z!7f8RDyg045b7=B<PmFriWA!(Tip~kqHb#ZZW<GrpykQ7h<TCcOBZsE+}#K)l9u5}
z^mdN4HqCT%4}THSCOlWuto|rrWk}q1KUg|Z7PrwhL;~jNp0JnWf=k@+wEGnYX4Jta
ztX3i|sMk2xJTc*<X4CQ=WCY6fjx<jWWG#dfM**q=S1WU_52QE(+~*yQR3>(F2Ya}y
zSHD`VeRl-%HxubvY2VB3{UgKi57Ob0)kH02L;VV<guMc|xVYZ?z<f)2Y&bS+{lWs=
z0cggohX&eWS1|Lmb5VQgqNJ=2=oUlU7QMvBXJJ8#0YwwB{+U9Yr_!`r5BIm<_DeC9
zKyajGi8U-&$8ULZ$xK9sl3~Vz7aal(pI+Y_h5_aijK3x7kJ_$8l0=izjx9CL6ydRJ
z4JSRqNo7*#y)7m0#qRtwGOWX|3pr}KReJCHXFfWlS5iT=zu~C)^`Q?H-AtR&V(koh
z=er47n7TbkwT!&~q+^^PmI)HR01HOzZz^ti7ISE-?-j-LtfDWcXPc){!F5h*@)co5
zH@^TsB+#iaS%rWP_$Da@oL>6F3cxZA?&Wqwb-CPL^IW82bC$1%Y2X4ASH3B;?)KGg
z<Iu#ZXJGmVKm;*(w-RyaFnB<rV4uX5Q3#$phZm;C5RgPInueI0aEqjEs}`R|t5UOE
z(5n9cpZIoec2>6+pj>TwaE2LYx9xqu%O>1{2JV`^ns0kqKwK#Un_7hEx4{95f(Ss&
zLX-M}t}W<+;4t$^jP_xBvmepI(|MqZ+3m|g+2X$CkxaW-cb*k8?kqQw91(^l;1LM0
zw`O#p3J*xiXo~Rhx|tqKj)4Luzri%~hx!B}cB`;{Nt_W;`Y1e$_h?b~%Mp=m1VV@P
z>8Y6T(ZJXHEbQ03VRSQJb_WN)+MsqJyT{>ex`4#zp9n^{$)Lq^_$kAW!4i~FO7y!M
zx3g9bG!IrQ5yM0yz#b~D$;DW(@Ud9fvlF(VY#EDa=@H*Pyqe93L=Mm}${0QzEP=}v
zYr2J#w3i}E!%A{5`FOI~lix{jf45ka{|X0|sbOqU6!R=KdSz4yXA{}l3}mz2v|{W-
zmi)^SM2OB?Nse63Fi%f@c$hwuLlY^55s}7@l!M?y`MrBVer#<pJgdQyA}+niXfRb4
z^W&;UG)4&s6;Fr?t<%eY4#(|sXTVH#_gm@pDzr8!-7{Aw4kssLgj<)i^xp!!KwvqH
zGKIj!GC1=mpunS#tHA=gqO^i&R^JB^;+k+il69>4SLdz(m_{%7Od0q?Na(1lQ%)Hs
zWrfBoqPDGT0l{z4*M|gb=lF=h<?<5BoyG1PfTHZM<LiK<7^89&LXg!5*=n#N(|7wk
zpCDYp5{PBVqUfy9c%qcn{IRA579r3e5OI_uI)6ZG<;bNfIWkEc4+TA@ECq(B*X@|_
zvn?DG?gWz&3UMrFA51t>_4lOkVV*@`esn1-xQYblaqrIyepE|0Ll8FZP;+FsMtH6V
z;af?R<yx%;WcNVmQ2eu6s4Wr>dDI-QuV(MvIqViFmfx!eUC6RGF<8b(W@I&9X50Y$
z>#B^`cp-GDDQ&nVA2MV7mL%hyz^7v7<2P&ggfU7%KxXKmBeU*b*7krGqYRBz3N4^7
zW?zfHyVgR=xjMR?T>!s$Ac3o2gT1oG0mKS3nShyIY-Fn&5_U5!nmP1cnp%0qWvOKp
zKi7kkA6`_(Tt*0U=^L}UDUy{7FXt+O<>YmKY07?OiC&;4QRF(;^HruC+eFyw8&sk<
z+Z11YI!^>-vPmZUx^rlxL<lCv(464!1L?{lVVW<+>kY}GnVzTpatc0hYO0ksD>?d-
z$b|)8P7<e*iz-{SD#wh|%Q4u~CUT+FLw@Mm4Pkz6;Y0~%+S$g`%~T!;?`Qo4?*2B9
zU9v#JKkiF)Y^snuomOD<B^B(#yA#G9N&aN|BV3Io@}x)y`+e3l>KBW(?OTzXh+(m1
zI^?whj7SO$KMyfW1os5BUs7E%6aq;P;%OHEtNQJpIQUIXpqas8hfT($``{47%mmJF
zTZ6gI;S_fd<O=xFDik-!30{zd55sxy=V!mZ>q=<mkOgF-wC2AxHS<{9zadchy|4{s
z9QV*fkDDzs+cTn5^l^W4(ttN31Q^^I)dU@x^N>}pB{Z3M+4N5@SB$TrBiP4mrSL&c
zUX|)x79HfCv@xS%%F?a|V9i8}k?oH~GSMS6BU^>soQc=hSg~@`C?w{OD1fwrCQky3
z@RBzylQ@roC(31wm*i3H67SZE&eCIr!uIWOFN<rG5Z^X?U*OZ`MhXIg;l?%l_2Uz%
z3YQ^t^jr}i6bWyLVh4xS=528h|3k=31t90(e4Scv724f5PM>kHuLwX_>uP%6-{#bX
zj`j>PBh=kw6O&2^z*xsTr83;!3oK4e;SOcRO<I6g1Ov`zMV*9RMTGA}@RKO>8Y5gt
zCQKA5J2Pe#3_BM8@t^EGj_;^(_QVEs_V{Gy4g8N2zqOnPv$a8-MD0MWsG%<-DvvVD
zH!R;QCR%&VjXQ$~Ssx6;zQhvF^*Yew0Ku^JII&YT8}bNubVj=0(?UF$ks?0A-@==e
zF0{J}d93H=r%5#v!wc90Q+z$M3nD~eDZKIWB=&^gtP3<(1>g??Y>F3x`oMb$y?+m3
z;a~V6{V)8`lm~{D9Gwf5AW!2LycZl-^!|r+y1CJ+(+R#r(R3#c+yn7fzO`lBf*qoc
zp{A68Zd7I%0eiejMcj+(8&_c0VqR#8E328ZArAqgB%7^gfiLw!Phx8(E=siVf$*0=
zpJy4oIkzb&VfL5;z7GgV22qNj*MGO*FU{6(bId?%lO%mU$hF{_K}ZgMg8<nk<S4RZ
z!`5!8kB~C4VhhN3%x9a9`{)q|SnqK*;Ks+-J0dPF08S)TeP#pZ<abDC>h=}ze3PR*
z=mOs~tC=IYDfyYQWBXpfD)g=@2S~2otID2HPGjqhn)T}G{Dk?+Nos%4Qedp|ce{k&
z$*_--uxeeMVB$AT7K*wzLwmp_d8x(&F6gZBh1);Y+*4lmqY2_&cNL_0X&3!YSJ2rH
z{qE3e`3GS|#X#(zt?8mgGJXwD?S#x1wGvVX@K3y*Bo}Sm#J;Azgq0Db=D$(=KfjSO
zW`<%(5!$A~AHjzi-GrH83cTH{D2LRaZw;+@)>{0k`DR1tv5V6|E<!%&%NZ7!f%OD7
zzE4hTZ(PlIXM3jClT>wY(soP@`3c;s>GsI4u*K`>W1VC`UhX|k(@6=z&K|+7>QDTn
z7AULa#-*YJ?)s^e1nRoyUoSKw1&Fg9NGGpGD;yroStC@=s7}|$X6q7Y8HC<#!ex9Z
zs{N||w_p6$iT|au6Au3jM-2a7CL2jg1rBvc4eB<-HB-*5{uW#Ea49%U75jGiq?z?&
zjq$aodABPs3;{|SRxjz)v;LH~)=wVp)5bT;0Lij%i9q2#bh=+3>VFJ3vjp-B&>{vE
z*A>!Ws(W+}+|yx>p9s?wApYycymK`C9clP?rSLBw=z`sVbl33`3&jkK4=yipUkzz&
zE<9La;y<1GH_9;~ZKD-n&~Sz+^+7uV*~#O&EUdy%hLsy*XLm&#4=wjsRhq~>a1%SL
zqbsQl(y2U`L!-y*W@*+rb4lQL%OJIVQx6=ALM%8rS@U$`?+LBCqk>=Up(M$5<ZzS0
zQndaC(|>o1)EPSH8t1tl?Y98BnP=25C@RKLyM)%Vz=oEfFl2Y91RjdNRf>O0?!#Zn
zF9*W~={now-sr+P!yCt-MQ;AB%d=SG`^x*5E)V9u&_s|hT;U7oXn&+iXo<9*G2@W8
znkRh12V{^9%Hx}zD;BEczlDAO8k^tnzHEY5SXb7S(iq22@rM*|sdwxhZZzI|H1kSs
z93fF5XDs1blrD?tGe{!F-$VQR=fJhX1<~733kAYB;U)z|#gMvU-iJ9n?EbuU2y<2S
zRa^h2-Nmx982Gys@)sFY{7nXZg*F&guL_-sorEN#<V7V(ni|Obu7#3D^`n@P{$WAO
zpOFZf;SI>(sP>DoUS9Ow85g{p;?WIS{(PDdzKhgkl}h|bXZySwQ3z={m)rCTvzzgs
zKc_+3dluH+tBEjxQAiWEO1wV;&qdXh-FQx73U&8Y?T$+0vq$^5xw5e7Oqj98P46a#
z7xL?*fpYoa2e-nIAy<WsANu?(rkDt3o1e9(=l8!%<-gshjzmxnr@0RQJp=jkv+-y;
zz#+1G_sQxLYP%)jQ^Z|xb>#kN4c;i46DpLr3l}b;D$l6RZN}{r8J@N*68Vdoz=V<C
z9EMtIJ=@S~@}oA8EBo(#@DSWz0XXKqE-hpYRzCQ4wIU4n4jB(oc9eGQwcH<;wTc?9
z4(H{~Td?{RPR)v^N{~VT1zh;_<-|QGT1B}!^z#nD1lf%}KK*O(;QunSy5E#~7C2Q&
z@1Le2h4zIN!BxZw%fg39XjTo7cs_Ih^8Dk3Qq(_;Q=b8t;MsaItN(ZsU=+uG&un>Y
z3W}W+2iG1psyQ&Gyv>#NXz+M2onks?#M{J=v?ft}0`(;93(qHjfb`{|9gxJq(tk_x
z&*sPQBQ&Za)2t7zjwAnkg_BVK^m+duy#st;ut%7D20foAlO!4L)k_`A;}^-WZwq<Y
z6W&zQPbh_#{P43NL<2F=a9S29VARmcmx#aU_vAbiaG7rp;u2c-82xRP4BM<bU0>tP
z*QA=hfBt6=NdYS0+M>@porTG9f;4}z8=8L_+R+Gl77{tOVV1d7^vUv~jMKG0s_uwc
z{0owr66KB8_CM~GKu<KfaH=|Izw|DrElVOU|1OtorKl44mGmR7<j{t;!jp=LGN>#=
ztZ)8k+;Ph9DeS2DTlzoz;`hzd@X?rO?8(fz;4W?){LV2%1rDUg-ch?<&l3gdmr!&Z
zToauTpFv+p0yE!3wJ6p5Ha!69myYukaR0c0^fD#DTsA2YGY|gf4tRbq!vHdv(cTtx
zO&}_`*V7go|7NW$sQ$bC_iFgKH=J0BJ1L2P{gT5QYMA^-HvC_7QB?xSQhB=<kJ~>D
z2A&qr6-{W;!s^$g|M>}HL-jpnd>Ol5QclLg+hXraTLIC4-?^@PNJQcqsnVYhTPrVx
zlrv++DUSKK<^E@o@Z_XUO%}RgtacVlmzuWrfZ2IS$#xVctu+;3wfgvtO8Rk{IIdp|
zIe3Nw)3pK)IqK3l&@*5t-|ytlf3H)4<dTOaHE{jA=8i)Nu0Tv3`Cq$!4n^X7^xnVc
z>k=$)Wxg6E9c-6x#1FbWDOwiQ3&1+gZ-<d?;Z66mMW`5eO7lqk(fAznCJBWqo64)M
zO`muF(+FT#rLfSl&;_pZbfM@ujl|mQz6%1}<}^B$H2=h=SfcX5|H1LDYk;b)1x+i<
z0Tk!I&7nbB#ScHi$x+U?NF6&XmY4I4nkI|*=ns5%AaKIX`!N{q1I29gXZAmTWSIyU
zU2T-92r<H+wgSh6E+9OAN}t(Uj>tPLB*2^Wdtw#^T*j~O`^*3I;_rsA5deIcctvUY
z&np13az2Ki`^%z2=cA<7L$9g)F*kKT7f6J}1^OPq#9zqWexK%ZpP9+rCa;P$Uo-Fe
z-uB03_kLg2=UVCT&&$$;6aEj}DCR6w<B%8pTyVSi;-6lniBa-0%5uLr@ycbJBC@Tg
z--at_M9MzaxKQ4-ZlnBnGnoHh&Dg_h@_qtGYe$^SF~;O&zLy{sK=ePILQ_OoC>K$+
zHFf0>R?}{ga3GAFqvzTmWi^QBaf)N8{VQyB1C!n=BVp&>zf)D#Wz<-}H}G)W8EL82
z1Hc}|zp!U!zK{=(7D!^R_x(Mu!vAeHF*Qi4PLQfH-7)!n<}@Iu^v}TsKKN}R^&sW&
zR@^TaUw>rdML{gg_BV0zYY*HF!EzClZhpa$-|@<T{^imAg~9X93@nvzp^1xDtpG`&
zo||9l%_(<dxdJUbedt((4>`=WMA$z1CwoOVZ{d;sr~QT_$pIdS<kM}_@;?KBL%=2C
zq<ib&rh!9_nC@itq@gY3W}TGmjZ5t1_fFKt^{+>Jzj)c^1u&;MP5bqzgI~g@1r`R}
zKM}a}Ww~PDh%;Xso7)8#DgQFCmQ3b0weL^AlXAiXMqc2((X3r`u+Gu9jS|5TAOCv7
zy1_P5i>D*FGK@hzLId|SmoKlQqvvrwB!Ty#Y8!_ocfov*6fvxqFXIQLhdA8xW$N5!
z^d%5>RRIyvyQPqz>CH~A&-eB}q&j04)axvC?zpTNH&yf#nmd(c4-kY){1ih2Z_~3N
zQ!%i<Z=9msVk$^E;D|KGKiaPfteePb3e4V774NXxmrP#NH~(lP)H_mGGrxrA)L}|s
zEIWewN^M4*{Za;u+DyG3!u6P*dHeL>_xtOo4-$Q~oyi<gA8+Is(qJfV$NZSDY(0K%
z<B%JLbOb#hBvVVuew<{{ZWWz+jNQ$2T?V4Uz3<6@)jn=~TZ|Z9>sNz1E!a9;2jk*U
zh=*fl*3h3F6ZWe;3;5HR^pIY+GRjo%WovwjA^E7s5zX25qHCDl;PVzFLgjO6dmToa
zK%SA?T6cwR24zSVGwG8}_dqL((EQ*86T7857uv1pA_55uiuI6`+wMD<%wLZmlG0gz
za;fnk@ir8vt>Shix|4eOdmag}{`9ZKBX%Rw9S&NyPI-K>bGupg4G=!tZ=<EWdPjS+
zp6ll)Xs4&(uu$ClXy)YnLhD{jpI@BSTTt#jPJL7kNckHviL<=mids+k3j!y|Bvy_X
ziPjc7QF!0T^z*lb|8zt+$g-F797rbcb9{!I=Rb3^E8s@7`HtW@wTUcGo!?>MKSnM_
z5~&TbI?9=khs5b$Ycv3|k~$&YX<~P~+N%_#(Sfa~_aq!Xtu^N-4#ll_#>fMD1umQP
z&gTzK2d9fAb4~t#0sr)G;J>%UvdRgJF+hyEFa6ZD(d%Vzk4E#H)xAk&$T05S@B+_i
z%Jl&;4<)I$mv#EbD~W1tVr)m9?r58M+5&l;cbadi%>JzfP)-%QV17dX$HTfkLBOSs
zTs^y1nyJ6!(tZ4dX!JN!(O1B0WIF`@fm`t7z4d+2zbLYKFtYHe3E(oDCh8dyf1t)9
ze|Y$=i`8s6YV^UYjw`Zo8{FE^VTKv&q2%1`leymGVo?Xx$3Wtxpee#NlG~DX)Lvzr
zoSbRbqF<={TwZe2LE5)66So2F;CrM9i4hY?RWv#jL_P|RAEaH+!B`&>2(i8^Qp6Ch
z#eYro{U@bX-WfG+BFIBY(9mI-ygGMGj<bpHf5-BH{!dh+V?5eglsU=)n-jR$CLAQY
z8u2$IWdX%}_kc{h`lT&Y`;PmM<;af;|4wfJ)6H*GJWi16_4@UF|NGXNA=Et#wmEiC
zvi-vet&fu`>NPbnzk3_G2X&%i{WHDCi}%wfT7k!jgb|4==Gm)m?&wJBH}wRi(%r}o
zy_Z5&=CF9{rj|#EFngn7Vm7nrn%3KjU9oq8qFB3g-KNvVKmX^}_yk}P7lA0X?2060
zm1EgmrbSm~#)#oL()L~6XHei|hf>KuP}En6hM=3tN@9Iz9sT8}XnU?MIF$*ffcw2)
zo?b3vB-5M=Qga>b>b17QO{HG2*AA>uHgo>6dp=_1_`si~lJ>Q`P;QFqYy`t?E-=;t
z97Dj`TSvnb-Lp|7<{1hR9|A^4J}sd>teuFEyu|^c8yDBmUn)ST<|n`W3s^w<xQx$J
zmYiqOm@G}bw)ir7;4RCVsLdd>r1M}VQRD|}$3#de?_bZ$iw_pHqP<DZEsF|rJH>@O
zbl6S80Oi_&i78MeTjWp0M~DAM!)DUDT0LjnCVgENdij>5_U7$9&fkBXbTvRVxeMMC
zuGROP0VnBJA-=Q_;ImHll17n9(e<*6Aaru%-z_Ev%?Y}O39q5do(3ox{pF*wg^p{k
z(6!Le5{LG;+v5+c>FmcLLOjziT}!?S-s>Rj^c4hCFxIb?kI;r5<UY^6QdwANTfH#3
z<+h$@LsA7}aiHW&_@akaXOrx+dR!ZFX_mRkyqz2u;Iv%b>)jT2!Wh{%z)Yqvpx?h8
zX}`S+=|!Os4<R$)v5~6B9W305E-ew){qUE0x#=P-ol(Yy^;R4!yurBIh~_$G`VNGA
z^Q}Wb^1b~99sM6M8<aWxC}J2|FHx1osPHRuLEN=k*`Y34*paWxyz51DBBiOBSTJ(`
zgG4y$C3UgXco4+!BDl2y*Z$BL%6)gMK-?B2OerP9TCJX<YpoPP@E33_Rt0p4%ZTL8
z-t%gfJ$FH768<X`!4pTwj+=URRE4Kis<@$O-VKsm|N2Iy-FNfOCjI>^7VOsNS)-4c
z+|R4h3c-{*FUkb+d7|JBXVMKC-O9P*XN4v&wqUM36!RUPxS@|NLIH@VDJ7HT5KS&>
z0gimK{g#C&<*rG8C3lOZfH(U8hpl%G&pYV4Mq}G%W4Eyz+qN33v8~2Qlg75q#<tbi
zww?29pXYnedB5xYo#e`W&&-}#d+oi}=E=Q&h})5x^0;JXUEM<WEf?}{Ysp<JQu%jP
zagzIo#t6kV33=Z&8LjmUKbDIXz!ZHyQ2|P2^gyXh_E69)-K>qU4oGV5XGZ$|*TsYZ
ztQq3Q9}m+8Vn7J$3EJwzg_BbIO(kILH}wP2n%L!98MNJc%Zy{#!zp3(xw2@~OOuNk
z2sx;5>0*l|r#?8DPZY`7n=GtUwZ&2+hnn3oY0eaZx3JWU5P%PXQVFHA6vELoQV06}
z=4mjUMB-<z_eXcea7;LO@0-VA<z@<LOR~G`J-XFqXMEQSK0mWe9Vz=i4HqbQ4JTzn
zkxzG)RY3{)lJUvM)rjx9(!W?w+o|NUN<J2?mnG*n>P=`XbvjFeVs~waW$u~<CALz7
z4aYM1d@J8SE{5xh@7*=zsy2Mm{a@W3$h?;y=B#WpH*pv;_`R}v&{lAs*1YI78j(l`
zn@G<*OE#L}H3Y1FXj%Hl8>zO-^D7x6dA~v=jwZo8aHJaUjU8C7CqK2}zB7nAaLgKx
zdZZKMQb_Gy54dsO|9&72!lygYZ*f7FjBh6M#Cm}6p&Gpf;FSF*P(D_zz-86T*)~{I
z7iS~k<d^Df<n{3+9C0~L{sso1SlOET85;;`psnZm*5a>G!f<^1yPn}U)iil{SlDhr
zPkafqMCU2w2(dR&A^s=X69jtx^t?lYUx=MDJ9oCw=&8RanUyk;r%jgM&$2Fw0@K$X
z6GpVZ&>Mh^sL=%T>m&B(LFY(hlHtY|*at>Lgd{QPk-3lT0uvJCKe@<S-?070@PbRS
z%`8;e{+lS9IR+}S8ay7%Zre*@zyy-EUYP{cKP>W87&!8xbl_e$;m3B@^`2l(Qgib8
zyh04$gzTv{yBw;UxX51&jgr{_*<!38>{Nl!*B~TpI9!>}<H20q)<`z*sL;`wf{9{h
ziTL}0GosTLn;K&})jcBC@%r+wk2g$9u7?};7=y@1A;wgb+koScRIH(!INaBwkB2(A
ziZ8bNLU&IK*|K)l@80swtyWkvLTjmsEH>|-od|h}IHF$*2Ohr-`aeGGa?MrV`{U)g
zZ+Ti_%c$kf);~!n(iO^F2_<v4A&(@{27FBD2>!f(`@Z{FVt<#Zzlv@M)1-XB*mKhx
zA_b$#>kaWaUpg;28D8DGOt)&w@|=LUcSQE~3^a?Md_DOgQt@pHkXJM^W(8Yfjuvx&
z6R`P_=)a?|7pP<~l%tB@SW@G@SR4u5t+cicoyP(DQT+XpkfZbIub#evc3P}Lv(exx
z)I9B{E4O@7*gu(qU?0^r3mG8@r2Mv6>M%Y;?od7U<(pGrPdo;Jr1=(YY3}iCrRj}z
z+y@`Q1}{?OU!KUB+*K%>b~&%EPx@^n;c%`5eYxHuFcQ}|lj-Js?YG2F%BcA~y;dih
zj<<X5$Hzy5)1?}<#h>W^!TBW5f03Bc;vXu%h#XqeBt<a{pxI>`jdJPm9i{!Lddj?t
z$8+V1DkjTl_L||b+4ft$)K9dV0j95)^J#8q&k#8=L}ejpRC1B^xU<=d$#N12)Qa`X
zF~uL!9P(RA)y9zcy<4d?v7h>xLDoP-GFC~pt<du^b<V~D5T|>~CVa}y+bVp|h3_Z{
z6+28&PxXjRR0+8x|1x4I=wR-2bIM!>W5V%wml;7c{sNn!Ddb<(!{jeev%{2_J44Y}
zq_D1pHslzt9^%lcRp;Of!m;|~@tg8C!b*-c4%lTCZt|{+S4xY}yr}0c3E&W%X6UtA
zPzB20A)BIYRLKw^(-!pI@)X`zlbLzwS(oPnJF_*5zG`&1)D1%lbD%gboUYWvAe6B?
zy;|@288Q;wd+u&1KemQ;qB)^aNkuxR`HBN^UE?)@lklA1f@bAWZx^CMqinF0FE}5w
zW!aZC>a@gaxd?6LvxbXAH^^1$OJy>WjHDU9*t0_=KUJyeJ@&R`Mp1nFry7OuCC0~i
z9drjO$9p5LSh0n`N1Gd5-w7vs-(|Cj;?edzMx)t_kGtMF$j0})ceoCl#n9Z<ZSSVb
zjNy0LdkW9C?+bF-!?KSiG2wHRP#si*LZ=$$>+2{I!r2kI;j+;+Jc%=K@mHq`22XYj
z=tD;vjb3X$HXEgI90RI9wh>pKTp0EXf)*$0e>?&Xhb;jhIYqaH0Ea>l1msJxw5qob
z`f{1PxPSxgAkh7;*x}_~X4+sfj0WI8NWk_4>_qy%2yGBGOsHCOugHSY1z<33ALE)%
z%|oNMHYQKHAnObT?~^Cx;b-6&<(UJ<$AammExK^(?bbmY2N1)#*h^^s0!ue|P{+_H
zpW}%&=!CLD{UWuIEpbq@(d!f`5yt25%9!j?U|^zPt+pCCwDh9u;j~UmlV8#2J^T6J
zm41A3n$MR`!}AXD4n=+I5Pjh%PfSMhaKS!qILBoSm7S_>FrPI}cF2{1(+EJ+eh)ei
zkUZ1GZE-Z|-Kr2My{B8SiqL&QN)t(vPjl@rwE0j*!fc!rGD8tAa96bqI_Do}{?l3H
zk#+tH$oS|U<WzzKrl!%0P`yr&epNil!g69rwKm#>UuQL_2~F==bxU#P;s_g-d1Wl1
zPW+aY_hswQ_f3zM?>H?_XUE6#hHhFVrVf<@(nDF>jJ1;h`_o-q3J+(C8_2@w!$4x+
zcg%-#fj;PO;k1qP8J)HOxYU-GV11GW=-RF=h(m~cVTXak_s2%n9gb(fRbVTLWPlLh
zn~j~66oD|J`owH8^C=RC1?&!R(EzlBf}neV%y{Jc7sDP1R*RY4iaL+0ZAeDFwy>+6
zL1RGNA?0T=oeSx(JLI1)*$XWPJNoU-qo^?t0{^}jP4zjbNIt8BrK3qsP3}L?gT<ek
zkUbUND{rI=P1E#O@wzWSFRG2}$J7l@<^k5_3T59LB)+uu<$HU#N&QU_1}^Px=p}9~
zx&1=e^<BXOSgVN9A`QNHUF$SBdPzLE;4E;^iw9!-1GwZc3J}9tJZ7As<9&Z3rahN1
zUOBBW7<D>A-pPwf(%CUbu?90dA6Q;qRB`wiB)Ftp-ZA_}_N2D~Zx4xt_Hr}_pC`jq
zJX+CU05NQL3i!ft+-i-t7Nb}&F<n4@Oit;y_KG71Hd>x@TCcXk-}vYR{-$!-Y@eg)
zu9-2cb=`R=<=gMf;W?O3^me-&@$2InDSe>vQP|Bk4$c|7C*lopaMmhW<?d)-E_0-H
z^Nlk8$mo9iY1k9}Ehn(ZJm+;whi)wG#wU@IT8mjAm7_GOgS@cRa%@EyG&BIQQ&5!M
zE}RV`@wV3ek4(PIdEr1$kINB=rPc>};znpLI%FCqsPXh;T}&@x9O(+>xMpr8B%zEG
zA<IY1f7T}thS_BQlE#sxTpl{{VXPKl7^$xtn*cTQ8A1Uhu!QNMU4Rs7>i}R7ghO*Z
zAI{xgA8XJootj1g6?2$8KP>!>`{m}>NCGZ2;D@SJRtx2@`uh6xTJ;k1HS~X#=?OH-
zm%GF0)mfNyYMX$&1+`jvvcp`x?V1*>$S<U{q35TqP+}E*>mooiSo(XV$u95v&cNm6
zrJ#ZW%3t}u&)f6X!-lVVk8&^^=G1RjJCzD8Rahw=m(#AIET3@qoBgfVryEQ9G!8qp
zY4`kp&}N&*9|jVCW1f(g*AeSl_UC8sll;oz@qpYvWH~{SG=oU5p|(-bBr!?Q{BOD3
z$4#Zii}$@`t+)vq#*+l>t2%zl3_QJlaekzU>oKwdY!DWi8&o*m1HMKeuaA?~-&s07
z0)}6KOD2pEOlx6gB%{V<%Y@hG8slTd6~{Zow@4($nCI8d3nu>5sPE^-s`R|R_$TQ_
zYQwF^5=W_OgRtuCVM9vgM%5A>*w+qj`c(~+9>`v=X|9{w9^1M1Qo4IW?hrd|Z=`d)
zw7WMc)rV7kD;7R;u1EKwHij|6-uL7rF>Grm@$ou%-|l&~8aU4Z6l<re-MgX6eTVyP
zO!`cA0<O_HMKE-1T-<Z(xw)s(tT3TmMK7b~FRiAB){=>2T=#_U*b!>B3N{M2G|J_%
zaOz^AvL6!_-}gMK(UQ3vEfG3lK~dpUPZ#Tq!1ol4_`+41gwDx~w~nQp3_CK^p}-s8
zYp}U$O?v<uM3j2zl<N}tebp026mGwFTNPh5tmWxv==KTI@xX-ar*@$B7)t`vcJ_3;
zFboouuFu;lcrxV=3l@ehs|0~h)vEDX1vqQgl+2F%G6+PxOP`hw5sxpvWR3qor%ITb
zE><LWPCicq4&n}A1$;PL6oaNO7KIng=Xp>4l@idvQma>{JDdT+Y)HU{tQSBny&X3g
zbRobyQ}&?`=+ptH0Y}bm)0g|RxO>Nobv_6Ph+=l1motv$)>fmb?61jeR=<wTfQChC
z<w6A8^|l}7nsueIwt##*3-1EZ!e91d>l>^zR`VwB2RqVfvC^Xj{EHt!FG`dggPs4j
z-3=upbA8_P&FC9&X@`0^Ulq?&s+j8U<U4LCw)we^n#gvbXAWb#*6v09IMMLeBcyDX
zmxUqZXGMgt<Cc`}QF0@yAs@FjFW}5ztX@2m{Fn3EbYA-Gh=qZCSWKffgf8u~9JHSi
zTC77y>Uxpm@zbu?(0GU?M0A#rUG`*NWr6@JgwXT(wuL4rMK6wY`d8%>Ch3Q*xN%m;
z)^(o(b?)yF+srZ!+foHn49VMEctS7P?%jt@q|J3-p2WJnC10~?=OMR5XfY;!eKx_a
z$FIlj&o&+@%i9EhDjDxJ*5OAN-a{$_si>y`B|~F}%^TOV&kEcRw3cFC&M#Qy%o)8k
zU&N7bMnzcd8tV-Ha3`9X-Mzxnejtnjn5x^?C>t)X5IfvJ^NX2E&Mb~;h3)uAA)q0P
z%BY#TUH&33clt`B5M1>iy4)VazX_JTRR2G%g~Xhe2s5^0e>>v7*eXc_@6y31X76Vw
ziUojd^~TD{$r;MzqgN6jWOF{AQxqBkblVZ6!Xep!7CL)}f|+^hQ}v;Z^T~oNmz{>2
z+`&XfqB$U$#-gZApjDLuKH=+)JZC6kZ=JilyXZ2qXbKvI6!igu<HgjI@Kwk+z`J4u
zw9kD?bvFAe_+If=vSz6F4Ij51HRUvyNKW_;kNu{f!=c1K?9%572EMp9Pz#QXv<B;a
z#RfJ?wC&Yk9}wl~lLsy)o&!x7@pQ74F}SlUV8(1X%xp5UZ~JiHi$OWiB{DVGf<K^v
z!a`sh2R8f@IneYF3LK4V(-dar8oJNT3kgTQK9%?X?Kn*COAS}^CT%Pv<@(#>Lwbn?
z#-!J#vNin9??7NNn=jUa7OZ&s_9~IOdp9^Al}0+0z>;D4gKVUeYVvQgn$S!BqpYk1
zI)rF6g`rN8^YNe$*SWk}ece9K?fn&!C?tdo_$}3Q{Ahn86heN4$zPmTCj#VN7ne0Z
zEv;QIf-69O(P?VD@%kRoo(p*86A0`FyXzg68-`W?&80(^7JbbaNi5LRF@{e3J&}pX
zbW`Wz&~jn=U)e}q&&#+>WU}s~9FO2~SHj+QM>0iW#pA}ctHziecTI48pJ(Rr-7YUt
zd2e==5Hk5aLjce!-Vk2UtBc&&>poTTlgZU(_htz78@<&N#Xlsm6zHcqSwyz91m57i
zV%|B4JmvMGDi8nupYs%U0f93Td5$C9z5jG`KwE@33LsEb9F|{zhJ)1m`Bn;W)Tsr;
z?L8|i+JtEWz8!D^`#U><HO7Ob53Md|;edOtF!uMu5gMR5-(l-?rHLuspf}bULp}Fc
z{2~xc0f4X74tr86l{%VS&dUu}p;<m~#Cp$Zb{&e0*#N$!8AOIm16*`UeQ@5-03QP>
z-uQoIAqhbU+Cu3h+a&&tMc|O|?`9k1@mSq{v37gA-jkL&7C`T;Tm?*5R}~s;DVm$j
zY2^fb*-z$h0NV^0$MvP9EGXefAV*4xb~dn2K}0mv#$2~xd9-jhdrot;;GF$Y6{;nG
zFs?t!vo;xYDPtzkh0^FOlz2H<VaM^B@?RepS?{tA6z$pA^#6;}Jr(RKJy51Xvqpek
zCq|Nek*2$vgyPx!@mm&%L)WUPNEzVRg`(iF7(pCb*I-yX83s+D!?6SJw9?xb@yN8a
zG&GaP7&&Y>3i{SGu}R(D2kKwU`Z6EyZ_|KX0<ZTo#$Qv3gV3O$Aav_w&wZP>Hn%IV
zL|Rp)oQd07!2WTsbQ%&r<a^%ZU%QNa*)%M`Sx<a_EJZdTDoD_AsN&P#u9i(+2r?||
zTC=gx^z*0Oa9)5_H}*EEGn3CW)XB1F_I_j6>+rxtii?PV?;xCk$`rj3{jIz9fPP*S
zl8ra*w1hL^IvJ1@as-0cL6nXNmuUHE`R=X0O&MtawKWZhVmoVjv~n*3>bq;>5cmto
zzPyDGfLRU;1=ZdEqQQ*P1l!Q9-x;wW#;5SQXxkjlaueTQw5-3lNPGa<H$)jLEsz(j
zQgl@tjH&lB8#)cxe_<8QRx~k8;qzq2<FGAvXqzHbt}~VWE1q@)%q+JClCwhO@Ue8O
zEf&ggafqV69nBQbM&c2&WN<qxaoHY*8$RvC2-qJ^kt!pl0Z*mYJo3#Vpop1XV|)Do
z?zgELWAQuwn`3*1*l4`_r%|R(YARHHK)mXDA&#2@JTDhPf}fD^m67lRQ^@i_L#ktq
zOU(xsDGNTG6U4|#um*zSP23$Ln3Lz=Drqu(6{W^RjZ9HMU)vR^daYmm*#pmh;DHN?
zU$%0$=pgULu#|pcgJCUm*Gm|4WJ3wGj}A-n{X^mZE#CMqQKDQxqy-iPWcvpoK18mC
z79tAOynSIE$N9qD=)Y3ti)wu;s`Qto?~;T$B$F2DCFJ*NM$^=AIbZ$pS8n~v@@o%>
zEs0cCnqN%%(SRjJ@+vEDOf*2_Qzst=ZzHbcoP-FWKoafuA5G_ls=lqZdt$p^?<$U0
z0RC-Uwzr?1k5&F+(;uuJC3@}LSo9j%1e^qe`o3?F^78UjEkd7V{(a&#*dXkG1`I$)
z0$k_mxw~Ua(Xgp{=y-)y6LaGOD?;)d;?d`VI>`mMG6bW7-U0hc`S0e8{><68Ryh=(
zhkkK+(NES5eurb<p@&HG!2*g314U0(ErY-@dLu`%)+3HNVxai{U7}0&?)`-l03~Sx
zC@F2qzlKlE>Y0OpcJOT0Fd#~g^)z&UMvSiYrI^izv!4q%S^eMQzXD-kpbwVBsH@a7
zIQ)}JwfW1wli@__>r?MRN4|o??V)1gOE6;^;F7bm+T!?64DOf7>kihcU#eCS4tVp5
zHw(C&;xOto`vJy<Wd!WJRREfzC7u9~Q(yoje9wIH#f{C|SSlNQAQWQHUr#(8Zq!7;
z5qJl%F1ftERyrs8HCrUV^LVvWn9g%wKwa^##E>2$=++(5yY6M0m{n-eaj&L=^nL;J
z%=*ylN+-Vc7O&TctC*``eI6XLx&I%Uc=;bqjH(OQd$&$=*=K{pD$D^=Rrhu9-T7wL
zAqs|RNe5>e87DWc7wTQB615644L<P6w~l~)D`wDX1R(Vj(&zqHg)z(q%nsf9Z#6zd
zV~R>AWPFLpCI1aS+6xE5ykY}p*t$y^MA>h*L#t+ksQ(YF1`ji;bvXsa!N1RM6x>y&
zUL|8V3kD7jz|cGm+)yVVi~&wo3{1R=zqjWNnR{~M${rRgp?Q>RiYylb-&|+2i5o&a
zfwYS;qdh$1#C7ZX$!h8OM$StikACKNQ9qy^yLvtP0(i6%&?vQT-P|K?#tHn6BJD?L
z#_)nlvdb*w8QNIn>H4H|h&^n--igH8YYlQrAB{OKKe}f{y7ZW`S6yS;4CTv^)R|(i
za{_H{8X)_)vrupDKJou?1D32P`DkS7Tc{^J_?Hv?zn7IKs@uv<$qg(!aSALucY!@B
z2&1s$Q8wnEj&3~!<FX7O2Me`fPWW%v!uRN|IC61?0x8VBRKP4Z0j{6&zpYf|<eP-{
zn7=3ZL3I#RS$;=;&P|2@s`Gvf%In%LnA2CpW)(ecSJE;?l=5347$x!KCE7~O1ri}Z
zulv>Z6TH`29qxz<4elNmyVY|iffrs98HzQ+fw<{cGUhU^-XT=Y*}xtQ$(jcK*Ls3L
z;Ic_NY@Uup!Y^BXSad+}U|7<@v)Hdz1g@K=a~D|Oh3`;t;D4JCROdJDgO^Ihc0ZAB
zf`EZW`1YK4#^nBRMf}U=f_ubL0?cI?1K9Noq4sWpJ}FA3pw64F7qB9;u<RdR))?07
z9?+G5hc=^Dj(%19-594w0MN#F+cQ-CZwW#EQXPN^S)ScShxu}S3G;s_D}Qs8Fu;fl
zP(W)pj7=N8S@qI^%MtKLRYpA<kM-nGtCl3E{2aKy@703ApDfs%ZT7l}95ys&#$nYV
zTER_aM}rck_2ddAm_>rbPplhIK}Z_V*sXRiyBXFWot~7b#(gnG!mrzzZZ?xC3jeDM
zQKBO7e?j&~FY>R$_7~6bD+E271#@=<g}eqCSZa<gWH*>|icIMM@kfWs)2(}sK9^g@
z27?Xs>ju$z6!26BQ&YX__f7IvbU}d-5ftf0d|*hDVvzk}Q@2W2H-lB?TY_tlcBZCQ
zh?!VuQIeSAsl`~Z%@|G{5pX)x(fj-3Vr-{do3Rbk?Ku77MmRa;i=%Jd8c!$JK|bi!
z4?#6X(a(_d4F1_jg67PddyH8(<MduW9ACP0+Mmd~9+oLz4)@8e&u1bHXK}#5!b!p-
zP&;lMzsBnKwZ;XZvvVlfT{SxV?@<GX;eIag_@LQelAg&i$$dL9l7g^_^#ZC~eZZ>j
ziDYVM?&xl5w3ph5rtj2Ywk-uuR|Ko6NoF$a<CDzeUKIl_B1(hC8)A-)mJW4%>o;GF
zzzrSGdb#1#p08<-T9I(}ywa;#AlUSv5)%cLXfMa*yB5|2B~vJ=v9JWQ1umC*yS$A-
zsOAO33dL9`*a-c>DM^m|xx&1@N0-bydK36-LxV0)1yPy&`ait@H}L-Lp?*~hVAzaS
z{5)~2(MVkx!u~DF{<b;eQmdCw-X{nG@A*<Nm+fi?TlTZ4?B92cNel`nK!&~y2vsLD
zIK7>fXYOgS@laW7VfyHC{hQSGce?Js2@HZjsaJAI#5QGxC0|%0UmCwDrE%e&vPw&h
zE-<)2w0(VfS<CvzpOCE`sNUJZ-cNUN!Ln+4pU;u6Kbn3jr@e#F%jPzJOAvwWm@GkM
zA5GNBJ(>$M?|$H-=-Ef7NHQ;PlWLX2oB#a1X8>i+cI&fKY+5>;*9ZLN?1i8t`jxG2
zy5E&6*x3qbC8MAQ6$v#+b|*(~)a#(W7x+f`hit7Q-1bB7pOSHg)$gy<TwvT}3VNWY
zJP74l&;$bDLwGIaHa3vAM@Y9ZAn7Y0?`Qs%q}N#qrbb&gD}8<r&ihdy8&-Gc#5O^)
zwmq~u@|rJlhhw#(9&~oWU`DHbI50gj*PPi!RDN188quY-5;+HzlzKB-TRC_oz`)`C
zS?o57{~53FpCv047L2d{vCd5;1w!`58@P3W*`pK57B+!J<Sfd1L%i$^AyD;>_`v%a
z&vl&xEO8Gr*?G{*?Xh`hR(4cINni2E83V&C6ZhiGZF+V+dV79VFenOz;*qyNYRSY)
z@c>PBaRNIJGRq7PCM|L@4`eSpz4WNnQgvbw7GGH5ckpPecK+fzxX~oo{Cq3;SLo)B
zbwLRdX4B^MA&Z@2Pj^BG{ze0u4hl3$Ax^_Qa6evn@$6=ZM;GvFkM`9bG4&jEh}vxU
zQxK;U1es1^7<d*MmeGTz%8c%tHH^O}=)!hRY>7E|0aGsEV9KaHu}KK@st0@qi=8{T
z%LGv_5Wz9HI;*Kc=;p2zSRjw?{xAR6B#%`R82aVZP(-S5`Msq1v7Y1iqT)XRw1%_8
z`7vbSWR&;G15UpZf9;IhVHtJ}@jtpwvb6D=;VuyCAtKvx%+Aq}n5t~<{xP~Q)hh;$
zkC6T>wXH3KQNrd;KAvIS2uRPqByh6mV0#Kl*J7z!tML?VyJHw`kFOJ=826l?Nfty=
zCmnZ4V^fi2Qo&73M!iY!$V@bit-x<DAj{o^iB1MY9JnYj|Fk^CFGGnq1s24MX8$PN
zwd4fjKn4@(^7)PWxJj2?zIu5;rXF_A*!AVhZXe>fD>_Wp1|>*bSu+dDrf0?1xBS_c
zqbQLj9j{MNxy4n|tTd<WUro96VYJf>QL4vv%_msyZEi*~Dzklc{;xqNz(2wT6JA?g
zMWV?p(S%JKo3oa|f5-S$?uMFX+?dl=Pe9k?9X7N5d3Di>d;QUa6l&d;OivWWNDNXg
zRTh~tJlC)MV*hKGw%?MPJT~ZaD+cptf!rXMIu+Qoa=Q~4{NVohg{*0z-<pU)vT8CI
zBx1CDO;W8n;94><3}D&HeyADzVTd*`OlBQ0yL;e{*r1`tsw;=b2r@0$z=UW{j56Z5
z*=}{YWsx9ory(n_9O1QbpfIN8ftBg~YH0oBNc_6o)SK|bSSCB8Y!ha+4~BpniuWB(
zA>Zj~bp#D(Rh=l%a_hICXu&zi(h8_NKO8TgF0kwnJqJy&g1fY1_@Et&c&h^3?OE#*
zL9#uOI9;ED5Dm2;P$Q<FLMI`=_U{FByQP(rP+7}BQK<L*?-5@HzhGEpmts{TySBxK
zY>qHH%Rc5P_?YO3k&!*XZt{r5C7KL)dE80YpIunIURMn7i_K~*U&IfWTENRDQQk(*
zgfoJpKJOY$;1Lh?VS)_Frly3WP}HXtiY>incLvM;#+3>he@Mk*mpTdo>jq*j?zia3
z{2a)}D}-0I)Xo0esH4A`88~z_2$Kl7W=pHTkr_O~F}Q+Giu)J;%8W>tET_{s_gi9~
z_Kx>Q@HA$dceJUE(Rifp%;Vi2;H#LE306)Gd7Qse%-3fcf&|NvtA{8OgKoSbs4SX`
z$F8%1d4XoRbghy5r67a+8gOUbyV2%3<sC$f1}?Iw<F2%r>J&ooE(|Po#AdiK(J1T2
zsk`5GV*WNGJ>!CaGqP&6ARB!U9!zXXZG#T>|Gw(GWW)Vnq=!W4=E4_ZyO$H>|2SZ=
z&mBV|w}<rI(70{STRb}U5@~2^ch3%jW6SCEwf2_DJQ$z_MG3Ve*ZC0mC4#)lsOJo`
zio#|p1E(!LD;M<2na?r|i?@gsg`Ml<=p#;QPj%*Qsw_ScojruiH6lS;5<D{k!f3LX
zpSeH##~M_<Gla?K&8psOFG!Q>0#TtrKWDn#rl$xgzsm`bwIL3nLf!@#fwx9@!;C<C
zeo|PGrPo$t0X^@NFFKD0*iJ`t(=cak)Z&|zVg~aug0~Ly(4Vja9El+Hyz#1Q!5psr
zn$$tGUCgO$tgZcu3c--&LEs`lQ($gSEiwGOeDEQOnY_qJx*oLhJdO&<tr-P0#h0i9
z7LrfR82t9A8DcOzDrwl@oRl%xQ4PtnvDmQ+s<EUDDH3MqMU?BKPyXlC1o^kJ&HX4O
zGlfw1#lN_+rL2v^i_|Hsf4#r=$?)J0QtMY`gD_$1hoO*GFD|xbIb(6)`7W}wZ+f7v
z`yPEESo0MsxT^BHr9V&SZ0oKSYu6*ZThxYN`?{piZ?umbUG1a+7d8pXd=6Jd)0*>D
zJYn<656|!>0yJnG95|wrXhE{VtvTbsINqG0HL^VyVi42LPgLI$`d837-;0hnwwb`?
z8K4-8%=gtpPc|vtV;#^Xvsje3&W|IJ$+E;Jc?yeB*auxJMK8{EWmM4Bdr_NzpcI#a
ziSa_{NGf|%TUi-&qj%NS;l0Z-POraWX#B=4F0omL+~#uyA!Y;(TVnISe6j&UX@R>D
z^SfveyNhA(p?sJD-dG*rjXkXuZB_e3IS~;+ZDlV?uOR~8O^3HWIzOA!KVPHeeoy%G
z(FsF@RB3A~d(VdqF~GVK<#mr;_saa27bS_cbr9JSTz_P-1=p*LST^oaKw498n{NKi
z`_^0DJS4w<(=ji|)m>T@wpaV+N$^tzxIvI?;$e{GG&RRXX%J$&%7xr37hFJat!T*b
zMnhGB2?^T~o@JR8>I@%_-Wi{anmF(b?_!vyj}6P~SDU<!yvfpF-89_>$Y>yTiF7+g
zdLyt%*>}n(Ru8|Z`X-s5Kd^b>?AuH`{U}VZHID!$$Wc2q334eytUqErT2}1$&M-Xp
zYJ(6n&9h#2cU~cHE?M}&q+6w2_v$(yts!bWA#I-6ppgv9d1I;1e7+hFm1Z`7rGNd+
z1~tj(p4B2U%G(Zq#=9n?gsk3!+FXLd>4BI0Mi#4I{H(FNVEt^ed3ONn>>5zC?bo2~
zCq3NNFOsdX9naq1q{WKtX3r~FV;_mZ-x&oFi_KvN@u+9z^kGhJz1=h{fZWR8t$~>#
zBICsm2i6~5j;<Jn6_7-S%5HhITwj`4bc*L}K5O`VD_f1S4^Nn6maNx+gcn6(Jybd{
zkqgo&)UlcylI57Z!38bgySo!VDb3IH#ND+B+JSWGya}ZbZIa7IYf@Q^k>TvtqB`!t
z-VV1hh&B1*;yWDk$e8P=^k;BrqAx2C0w#{(3XE<<M5iS^{PAbfRD&xu821xyJ9EL_
zr-1h#f=;`Ss&~W^QKX-M*R9Rwh9t}m)ZEGmJQAEy%AU9ixSJKt4D(LHgU!3W+t3W_
z8YX(g6!qA2FMv#~$5O;2h__=Z??xvB%**_RggqazH6d<z2unu!P-Z%y-*kHh1FT^;
zUP6c-0*-JN!pAA>cF1cpi@dZz^DF%3drg=2$4?hCF)XfKu_z>$rgNy$(s?Hhkev&N
z_Xi9Vg(f|m>8Mfls$TdwVhi)bX*P(W`*N#iuBhT9Y&Ig$+G1;yu-d2bBDYzbQ4v&D
z)%jr4M#%B`LX$VUt`lO*fg-Xbb5<q+H$)tioDzT9u`yu23n;xV(yq?p*v<ub+cN^Q
z4~F1#Bnq&FAo4M}URCqp^gqhIs%+ZZ)mC0gz6Qx&ODm!z!r*@m!vYg9cVkkQUu5^1
z8&P&)xuQ^2l1Pi*mt+D9>W6vVbc7RF=2c~_WMg7tl0q38k#NmfV!g*|sTTF2^F99#
zj=RI3#N|UEU~ABWDD(J#wzBJW5fl}R8k<jnruF!}2hQNN)QLc<6okGnPUBAuZtfg9
zJJu;=^SfWCTul#KYA(^+Y}LU&IUfbO<dr%KHhv6x=tMS&ypOQ!@hdd*TX1MXW%W^2
zR`kJa?H#!_hCKQH>7_rW8c1?Jc0A=cy$EcjG4Oo65_)JY!Au97B!?jPzGf);&4iMx
z%pzL62hU$4*D>xGIn!321!_=Hc$k)!ByL^Is>f<86e@o1n?!8qc{wb(S{TvOQTrkA
z@w@zL$_a+w$KGsdg&kEU0_oeJ4CFQ%-iWpah-(Z4<p!cxGaL>M=vW%8o5x%Qucc~%
z8K`_4*i?m=Gij5wA*tXkShl<?w=R3LBW+o!{l;lhb%xQ=oa72S(o(~_Bf_UOoiQx`
zpgG=jxv{y+)&m2xC{SJRtvyS;CM{EVKUBoB#9{kK9oiX3Y1aCBN5{U)Ou{tEwhkTe
zwobI-a!YDEV}_>k;SoqAqQs9Z`fci8QLR&WSBs<u`(W<nc+THlEJ;k)(tnV$A6h)U
zvcmvzbk(lL)Xe(%roGYmLCfZ%C<K+gO6;pbI3W$07K~1z$Wn2E6~2(=9?kFM@**S~
zXPiXFfn2P*;7!*_yaKVwo)8rFdm+YC`s-skHw;WmAG?vN`fDd(W->89(WBSq38+5u
zlgH2lcn9(I1E}x@w8%8tHzS^XGFf$t_-dBKU|9=A+y$TeFWd6EMxSKeX`WzzMYQMf
zkwG~NCxxLnMZt(Z_~;sbg|2GFi)W3O*N4Y<?&>@FJ@^$x4eW9jQ)YILyk{SYt;aMb
zGbjp&p*dQK%-Y4ORYX~eBmay8%urcRGZ4`?LpU)=yF$@B5alqBxYq(kj>93PIl-EM
zJFWBz#@6PH#YckLx+2Y9T_m&yqtkTqtNRl>(sl1*@C}HA`zH!Ew(CGWGGktyy-#Bg
zogh{18%{d-;XiJcdIgi@OxPhYFu~EqP9XU-EeSXs&<@b!x3=~JR-i=e)y+Lfm#$MR
z!rr`TAz>|?E^}$mCy;Q~IB;wTt+hG~IV7SWDKM8@$#A)XQ-fS$HeGOV3ctOqv=M5&
z@+;_oX=sD`@ONEHWXs14pi<K%Y0pi)x;VvZAB^e3plH&5I~Gp0w(*<p_4{EA!o#!a
z!9UdmJ=LvlmjCp+fJ+<r`MQ09Wa$|G3fSGXXm)r*$GryXFsYy@KXcN}@sJ0HJ12HL
z41VHI13$Ige`yPgqwh5wamacwkkE(fiso;=`3H4M@9h6jvG9h)57*owG4U(6ZvJmV
z{~u`b7pZ8$`Qt6+$?VHUyE~UELBr#ZPeR{Kg4%T2X?Nm}V*3`%WK-#7gz!)y1*RpH
z4IKPn_ioL{w=~RKm0)o!B0oJ#0^4>3iFD1cTBpdxA#aXMu27awF)YOQuWpG~^~(@P
zXPY9=-SUsyvNs<Q>O)|$JEA<}^uSfGo7+~7RaJ#XMmXO`rn9LGpU?+mw@&2nRIuBu
zM3of))0}C0N_ic4PZ!?}t#>NpzZTv+un}|*c7X}o)x3hTuR0GJSGQvC?QcP(j3h$x
zyi3Mkw%X;=g7vQrw>;&_3>rI0#Uc|KSpP#cq>vY>=8^lWf}QPmtR@Ls^zr9HUn+?D
z*=@7L{i9N1|1pAWZ=TJL-@5{7XthIs8nK&gKrVOlt~phxCO{)L618{O_BZ5mel7%V
zf&07aO{Y|E-TZzU#020r;QQ1tuw`a_v`=cCd$O81zeb;j!wMP)?37k(W16Mq-cd?F
zU7Yik*!V<?E1pS@PLA;|yYY*dw!1eBKA8mp!;ArtJ3`sqT{`{mQGcM(el;*EVdvD?
z4e2R!s$~Dez$8hSiT`C_kV@r1kE(;#0&M!~MakL=3!y&F_@cjvZ`+$}d^gb<H=2KW
zZ0a3?Z8E$p?tp<sHZ^2eI!euaR?TIePm~{(oS_SmRnCrh3iap)D+3+Mi)MEQm&<ZO
zWeFHXkz2yy*-oSO-5kTzX^t<8>s{=H&3l3DUWNdzNUM3OC~a*m#IkbDf_zg+TJeBj
zo*58C7L5|X)?Cal<mf9u!i3^n0#{Y-T4?Wz(e|sm0@2)_8}ZX>XjBX&%7CHwmh_?1
z7k9VrR`Pn8y&&N*uOmtYvY9AxktPK~=^N{cU=UQc7x{wh;(Db#*ub8*X}+PdhE&u0
zyZC-d9Vw*u2x;*C8bz$-HM7+<c=qucej+}Kjf3HtMrFTM+E634ek!oebBG0NFxoOu
zO$G(sydQZn*wxmg%nsEPH8zj0w(na*4_dt}`<^x@7Y)lWX{$l1&6&0L8B;0WBAm`F
zSni^LXsc0$V9~nNpAlRtF0xWCSIhK{(s3t;^BAz3R*RCH6}1ka9>eBloM0}|qxklW
z!p=_Zm)Fns<XX7x`SWAf?eePY09+sXf8J2PDsYB+Bp|b*#^gCP`9==xs9grSsO$27
zNFr+o<c?uj^{b0ajn}t9(tWb1zWy~_bhGIGgqDY|3at%x#i4DvGbcj~G6IP|vz~h5
zujn-GiHt=sL_sOU55D$kqf9NBXW59jp&IVYWudbVI7R-dJ-JU8m26S+3T}Pn3tY*u
z!`9cZgfCr-wE5yXf8^f(xKpk4n$imOQ*~x2Ec)_pZtWpgGBXiNp><jwLP?I1*#!#7
z+NI;!{|p=Z7chZM*xZ#m%rB3-SsXcFB(XM!90OoSe!Q7DM&L85+W2?-3UzpQQyK`y
zg1xP-l(Otc+~d#R&8gdTR_r(NzGk<Ig?vmDNue#T+uAT2O28B3mZpu)tX7sMpf>_J
zZklUxt5AJCgjxqf)7&h%DQ4EjxBwymS2+g&tn=2chHu#GvDn%pc}bvEZY3X4a$z}8
zedR0qqgqjVu`t<aiTb~QbsFy|R{<g{V(Xz3pbKJQ)J%2qZb_{Pf>oAaq||m=o2?a)
zG6rtS2GVu`bo}^guF;ih$e*CD)-$mH1;!(xCX!lNrnLPq`#q`VJ*nMo?@4@9YNLlk
z@MBk(sploDaxf1$Qt06_+qC~itSgTQgzz~{AZF$TeDEYB`NGSKqkQAr<=2A4$~y|T
z=>=YEPDL-;&T>;MwFd!F$RMa5N*Eu#jQkY#;9yx}nfzb3wefJD(%U05I!}Ao^*>7N
z4r|$}@*WJ}u64!daf&-Dy~YkVp=G4P!U}5mV`1q)Wa2rN6{LP(Mxid>vRJ&--#5d4
z(b0&aZrU8g@^E&SqEdzeC>+_PjuX+n$GwXiJUj+^2r*8GCcDd&i4GF{h%AynlZcjo
zq*cg;nwAQJMkI=0<JIU|cN5hMG_zD*oQCl|SqQ1nSeZnXP##d*xqAwt2ra*n(Uw^*
zA$s@BPb`POu|gn6eI8?r*LaWs7*|+;NMo?ZqK7Ok1BJ6c-zRg8V!d}U7<jwx#3f;4
zYv6Rd#bCEtiMa56&&zD13EMz6qw=}51IZuP3X;IX%QHjU!%7<w`b9c>aSRJz(DG*~
zSv_?){w5Ubc%aa2ha1yT(DL2t*h(daWUe!UqeJW{NB&522ywY`NyOy9Dg+k?<2>~I
z>)8^Xs;2HJ3`>t6J=&4J@s~ClURLJ(vGBV%qUiEHxCp;p6@#~nE~b@T6IpHXt`&Hg
zbC9;*Fqh2q3y{ER;~;#}(|%y5u2BG(PRG@h9i6$OHx>P!{pHY97HcnkYZB|Z*#=p~
zaKk*6%=W9JGGT4P@f1c9tj~sxo1L5G!=)*Xk^Ki=dvfYiorQg1^X7CqP;dWu9eao|
zSpSQKvo8FL4?kk{&Jcg^UX58sJt@(o_u0!$Z}OV06^V>go|BYsB)a&<xtCpiP#n8Y
zkp1?~itS^~Mt4}RH8;#1x>s<^o}P0j@*VO1#J=l+-q3Qjc3Y1@WfI&CL`3IWtDhDv
zVoS?P20kul<;L8O3CBFQ`MvImL`gUQvP<?5wmuN0n~_Q^f{W0E$NT#(5^<V8s$oO2
z)T=9{Qpb`Ke?>XgTs1o}!kR^A4(>Th-aYZPtxX>^W*!QVfe8;H1R0Q(L4W;6Hriqd
ziO}=$Afc#(O`#>WNNN~C3=)mc@c(p5MUv{fT_W?NkFJl9Bko(CKTO}zabQQvlAa&B
z*fki1NprEi7Ix!~m67U<j(0eU;e^v#Us#7aa!=*28Wy4|Zl@z>n%k2y1+9f=4RrVX
z&DHZ~8VOsO4ZL7QLz|4g3w=Rtmso-E4`e}ed<m|2VN^R}S=#nh!Y_4F7QQULh}NLz
z-@U`rjqj6tiSwMk6xg4CXrQ8!uG2FjqOz>K%f?0`qOGoD0%<}ud!o83d1rF~;h|F6
zS_Z+?dLF||k(Y*C;%p94gQ70MS^4yzjdoHZIYXA}?{tC!B~jslYpW++zEpm67Kq;&
z$$I|seXa<ghxhHMLZK3&#_~H!0{7d$qqG4Y0OA*eVnRUr1y4$3J%Lt$3dPbQqU$YE
z`G>L3cP_N5J?W{GYkF2Hx>8F8h1?^psD1Sq16ks{-4F&Ea$=K`TzXbt>U(K9!<76o
zc4RY81uw$jsdU-lA#uf&LW*p=HJ#ix$)l$sI@(1ywWdZFm`fMMA5_j)mX-PZ98^3I
zPtCPy9`2&w9?v#KB~S8cT%C+<irA{E>jV0mbDmZQx}heb8)1-dXY7;2CgajGV~k)U
z#E2i*FO@ZRr@bg=oHq<xC=k;&>VZ8@Qt}HF$JZg7ndQHNVZQMp>5{iCwaW%b9uj+Q
zj2+Jkf=?Zb$IKdnM6%;{Rr5gL*Z~zDRo8F1I1G>cMgKCAK=}&ZZ`f5wC4U1aOAj7(
z)KC+b#;vp5U0ZPD`HsZ8Tww$T|EHToap$qEOHJV8jYR}x|E#L+nj^0kAu=4{CKji^
zx9hs=q|H*BDNWiSe4e`DpKE7p)v>l_$g?(``iYAp$Bph(#NXBDCltw_pIm-@WW+2Q
zP0v()H+U(+;jR{cyFtRcV||a{i#h9Ti}-zx)Aj!Tkn;uS<5CDS23_UjU4Xy)l2oNJ
zE*8ew*Y{w@S)<;G4axcgK^WR)HZ^Na@BK=CEb{>v@!1Bg@BOM&_7Eyn49PFx=6m_3
zSL8l+5cPf$_<1Q?;WXEj`_ExSHLKyy2`&UM5J$ScFzKLh7Wtevpg`U?Tj@m?c|E$L
zmkb3970lJnHSd;VfggmjsanwoMv?a{%%Q9R1+o>%pv$5LhnzFSu}5qJnU(P7g8Nrk
z!WdZ8Dv<DqRDp0VuVk0DVhy6tp!%|@?`$T*p`m_hP7~mn`{aEr^r?R+Owj4JFsT@d
z^s~v^dL6YY{JxEyRWQ#p1SwS~hB%|n?9}3VJA>FAyy>S%A*9Uq@EaN~Jog{vxXbO}
zr`F|5IcyE`BW!bdd9A(EmEADMQfj0wgulxT6-3+%SN}v2j$tLJ7!1aZQqwB)brrI@
znnAnVWFo~B(EEn@;m))NLQ#q{>GYP2rr=F}T|)IA*oLLh16_YZTe^!`4G>Ff<_1Sz
z2XA|CYfP6d^ld*^r`NlOto?yeiY`FR#LH##Suca*=WmfOaBKTCGR8k)pvg$)zo~3w
zdnoN{$)O@;N{bpw2Ac?bgg$2f%)*z`pGf$m_@g?*0b0|W9p*a%71OtBUlChc_&9oR
z;gy}K7L{ErOSDGto>xIeTudR6{dM$V5+zC9fm?V}6NF)=m&u)0k<82JOdOnj=uvL<
zToGQImj^U*lZ4=X+a?kwg}3@FWoxEzo?J#&Up^gzIBkW}8XrYHGSB7TP2Feh;D&Z9
z2IIe!6@c$4$p@{ui%K(UvP0Z;ZRc0!{2ihmG3H#?PxQvm5O}$hf!M*ZZT+<k#12iz
zq9rlQJ~wt+aP{z`&TP-XK?+ol7@sb_m&xDPrZ!@cU)}k4p{)2x(IP7QHwL+-B@*K3
zsnr`TVzl+YgTgn}#5RYn;Bh#QaiKu_l^7)cjI^l+A*Tl4VDDKiWZ@@mo%6iZef)%s
zP}UxNe(-69P}Efh_vF!*@ePMbThnNIX5+QLu+P^S@0)q>HSqOxe;0PMUe<tkY%;c8
zfQyid%S?%=%-G{-`_YEW>Ou7K(MCmSv_S5<bFgv0vqIctym3KHPG5hOwmBD4c&v1;
z&&{K7|BiaIgEW@;0fY-lkE#E(u>Y<8B$Jq?J7jr9#pc<!<Zm6*h+A;~YG8g?5OAna
zWVTMR1N7E&I=M8(_@c~2guYBe3|-g#`dgRh#<VuD7qgJ4!mZ?OuGB)FA=y!Nf$4ZN
z%D#C|kSwN7*%rFFlKwQmKHUZcSL1;_kIXtd=TZ;A+-GnZ=JmqNb4Y7`V~gk%>I-aj
zLcHv<;R9Rxdh-5rI9`p|DQ;zW8VLiscVRiaznhf!O-U$7HZ1FSw9EHkmQ{ysnv`a3
z?qa2Yk4K@v@90?Q=&iLr^qa01R4N>h3PEY27fWYN-H*)#hpZg+$)J$tG6MX>_YasB
ziw2?hDCyompJX|dM$}-3ai8efVF=&x$b$aVv+${uTl=gN50-zQ3r32i;cOFihrGOp
zBQeb*RRt4%1{=-uyH8y}S;n9Zh*$2gc!=pAgB~<~%;vvi>RleWx&0;X7sh^D?eKqk
z0R}U~j~dHMr&hhUGx@ExNqX)#|Ih(AYPB%#goz9oa^c8@KFCxk%|DcW<*o8A*EigO
zP7|L$B-|8Q_x=5$1S3IuEbGPg1WX=#(8IgrkLc3(1Q-?7?a)l)`=xdI39Jg^PQuoq
zRb*Ot&6}xL(it(*6nBcp6O&r8Q%16+&^s8AamRSR!Jo<V(WF8)CwQB~VVc3?@JG)F
zW0+zAWuxS-F3_3~+qdrSr!>Mr3w?<fAUlTx**-w=&&TcPXWB)BL;a&(*-A0XV#^XQ
zkmUoVHhy{9e~dKACwTmV>jd4gDdo^c?o>A2Fi4X+$O|g%eu`AY%28N+V_OnD&%n5(
zgU6ezK_;WJ3UE5LxA3PbFSX9+Os+>Z2>9%m&B2ootaf`!JzsacZN|dvmFz+0vmC|8
ztx@$qUU;mQ{N&njN<L;DIEFWOM(Ht~0UQDvWi_P&EZzia-nAg!Vq>C`7F-h__<`}Y
z4uu>He9)t0SzUCK0`!06Yl;}R8#s*ZAI%A7d2DY%etn#<`ARLa83TXX27(cB@Fvf`
zJ*a<AvgLs1@ql0mG5)je{Ogz&ne}=SI{T=;!5x}p{qu_eDt1-?(bm_;?cReaa{4en
zJ0%CG^$%<C=qxEgu?6Q<u3Qd1PYc=rp2k7f6W8rO>T1OrFmG40+Bh7hB*d;>A6qZT
z8@^+<gwz;6sx2;q=K8FfX$|XcAE->1|8R;mJRl%kI#}4%2S*us7nhe0%uAO@w7Owp
z%j<$^u4C-7HG4RGcO8hwgrBPLO_p3QN?Yj>!&OkkfK;KJZ3t>2iH~5`HH9#OcoCFa
zV(o<{(@Z}VNCD%PQNrThB)~a`)_-W^#7GLSx0ZF4GO3vvUX0RQpq3uH{~52w+3N{K
zQZF2Mq28)0A6f>CXq{TiIAy7IC0Snjv-z8lUN0eh$|iM-kEb+NfD5u<$%FH2uS3W(
zXFl+xc~Mwpt_}VaWL%mHh9PP7uA)zSZ}H>(k@g|n`a<58ht1Q*9~V1;R9&!Ic(knR
zlw8IsLHQsh@a8O+N3Dq#6$WF%m~YR3?skYv@>E)>%DQW{1Jl+ClgzC3Q45kQpoK^$
zEzSGc0s-vJ8*!!^zJVTW_dHgIr3AiZ15bbx1J=Tw6Dw<C6|yv<C<2^J$V;WXYiQ(r
zGo_54=w~Z0yPRBlEOogRwNG?yETr^DWk;k}z6&Z#DI@E8QIthkg)m!2b8_?!T21cI
z@_A-=MoPG}#bOFuWGf_L90@rYcfd96ZcicsiedSAY1BfbXJ}AQ3*$Wo>Xg!gWa~Yd
zp@c~T*)L2@e98Vc2OFyxXpH=;cw|32jzcX`VSb~qu;Qmz*{%_(i)$~R6U3AW$VWZ8
z(C~|fRzzIKjEKKHhjf`e-}f_Mz{)7r(S5#O@|`S(NDk?xABh<J8Ije$?1n~-Zt|Yo
z+u6J<k81`J<7-I&W#(NA3CxT?A!3C(a*{dwP$0Qd<SlNue4Eot#~$bRbSEz8t(~BO
z;kPfjH5MoS&#IRZ$eE(1F8sebnhM|TOmuG!2AVE!>^?TTHSL&BQleO@YVO8L0#`G%
zo`VtHD2`8n?kLe_8wCz}_ZLqBezee_K2|5B``%5^EjRmZ=2ez*Wb5_|qi4D=O~!w&
zvrt-2JrQuH5Pd(cNa<73zR$n^X<))KrtBOUiKU3G`$<mj_N$E-)6q1tH@*po#v%8D
z)}G7FK2#jGTn^jLhi?Rr>J#(mnvUDI6!#z7a}|$Ii=8Z<@6a-U@lYqozS>!oovI5Y
zlRUP`fL&kbAfv&MF5-9Fq2ti<*kZoLiK<Y$C5({%NSeH@{TVF%sz1?80$x}#{Pt9?
zXWwekb@}a{o+lPvm01LW4^5MU5i4SO(0!xPAP%v%#-^}sKrAGWnhBC3%YIl$$jS`%
zrML#t+eIek&UpPRIgU?i{3|&Q9M3kiX{2t0(~V++P)a5#BG^k|8bN3a$SobhRT4c>
zqde6_9O31|5^BYNgVT&P*~PSKhRg$3sP%)rb&30Zs1#oj%0wni7CoMA@9PAAYqH-y
z-|+d>lMxeJ*^$i&`2^RGk&qXsrdGM9T}vBUJNATx+g=T(MTmzWsq}05R1RJL;ibKc
zV1-Ob!|w@+fht^%;x9v@KZU5V`di!0*lrb1(|<p^1~h5otEeqj2U?Z5eX*W{b5Q@z
zXmk3VtxT|&A|aPC+*$a1L*kJ6HETAtl6p0)?|440MN?P`&wf&dME{Fk%tEE_9j?K-
zN_coBTbWA8e;d0H>DHf#GgI!ezjC|f{1P?T>EM)v=XT%_+ewi?cOGTM`<?SnG{%Or
z7N(9>yYzJ66rRsEF*nV(sc`UK)?AL(Nh~)-67brdZtp2V;%IDtXiZBVIR~U)n69_K
zCSlQPOaJ)n)|wCy)z*_M{n$lm5p9dlt0_c*m2pg8U_;Y_k52ClY2LMta^uruj810$
zl+eJ$(}~eZ6lquA8|HO=Wj+c+=<uDg+mIy!SF4Iz53>SSBo;m7c&6+p2YGEW?-T9i
zpxzs_RF(Z^;G$n;#w`=P-=tlj!E6c2hSeT3P`@eKGHP^G#5Y9ml(iMyxclLeCsct<
zZ(5<~tWHU$WzHe{A7V?ff_FuD?qsSkZ*P|4YnNBIqn22miVce4EIq@P6i~4NxZ-t~
z1a+03oHxGm)nZidYR`}F0F+}ElR?4#>^mXi)p)$ft!~k2^leOy_vYH{^dgJVGbF=N
z!#&z?FGAUOaF)qCoDKipVC`5m`Lp|{mltR{pMlY;svf#YzMyY$4rLjy0cg#TYlH7h
zdK*!3=z2Zxfkib(FA_3%0xCOPho1evM+1i@Xu1N5E(W!wO}9$01-e~NTr4UguE$az
z08tIOCx2kn|HIZf24~(i>pqi-ZQIVowr%rHGO_JUY&)6Qwrx!&wr$(zex7~yuJi6X
z_5YZvd`Q+>-F;oZ?ruWoen|h;^O!Bk*Mh(#a9K%dy&3I^SM7i6O7Hh(A?xRkMj9TI
z)fu+;*4>*lvSk`H-H%ypxC4twO4|WK>|^$01N#Pddf1Ma_HB8-<L2}Zv7jrK2k+da
zy{p=7>*k+71&BniCK$|&9xcG>Ki%eljcK!`FgFU@FwkSu<>;|optZcCEsuh)EhZ6T
zp!Vf&LRZ?Jf=SCfEYvFvQho?u4g<VwIk+jcZM8V@1jMn7_s6^%C0UAVkag9|mJ<>j
z6Not-G}y5L2(;AV-`hA<1cI!s>;mfoxdV;Vr~QlC-*HnT8l*BfUa9rL@ud@N+il*T
z%4n&o6uTA_Fv#2<;Z0laapy!t;k7aqdC-KJh*6Z;5Picnv3Y(3f#Xo3gpZQB<Q@HX
z*U@<Fgvncb+CP=mJN}Vsq|C{+%Iqe;uPikV6S_|G0Q&$wG?mxh04rTb$quc?mSG!5
zr9Ry%L|j?!L#bjfwF}ZA!eb`Bygcjg<cV<&w6>M&n;C2+DU~lCFn?Jjf@Fpq&FlH|
z9>r$17@u~MKfhmST;KnJyr=(r*YX22xCou7UpzuGmq}Kg?X>Qvc_+#@6oO-D$IxO1
zQKM<^M8|^X?NNJi<pjw#lmaesTMP@{M76D)Fa3ll4iU17esb&+607Vhx8LGTgYQbM
z@}w<6Z}Jp@x+P_>TA;I?YEV^H`w<t~wsqqA5ep(FtYdZ0R-7JEEZJy9FJ9bCXTl`@
zX=|e@)CoZ-Lp8+xAz?KAnUyeQzAovUjj)}%XS%)gdI;VR1-=F3(*~C?K&`XX3B4=_
zl)vX;NM`BXyC#`*=t)~oBI@O@7|<z&Kn9XX1w;|>TS@^)^zQN&|AsvuyRu};`Ju`O
zm%_M}4R^UfqCe=oCDwC3&R8id|C;4Vbm=%s#(}z=5uTj}IE#4t5v099N$ohQx7uff
z>F`s`d~KM(&(<BaCEBa5o9=`D=K1LwCfR^2O5hegCaX2fLZK_P#B?i=aWf~jyc}ow
zHOly8LCeqR@g1?wbWguh=fRQ>aCgw+w|$Z-Fwi+dx!vG)Q0F+ya<`59302W@JYHiD
zlNPp{;P{)X7G+}~shd`MLJKeLK8hFYA*F-$uhcRWqMI4-!)%Erb_0BmcMDkJnIu73
zJAvP&v3G+jq`t?c5S>@ndi6nn&s)Kt-J{(ZJER6%Osl8g*v2={jU6*ze_yU|?S+Pe
zbCy@eWq=PrXpUWf{piTG<vm9w{1Pfh-$D_5^A%S}9gqpz<m29X?w+bUx=M6+{>yA~
zG~N}1B%jlL#~LeEaTm6a4SbvYQ$%wWkIRy4v3qFnLlbB~U>(TRAB{t(T!4s@5-3vH
z#ao~5+?*qdP@$X^GW)rR^dD!@=mTXzqBXfmRAHbU6+IFyyZmDbLT`BJl(o9a2kER(
zG*ouqHxdE6$Y_vN&HJ{t+EFG}JSYrxwt_))F>WD7mcqC?j4G|Ae!A~y04RBd4mzVA
zJ`G?BeQRGRYRKUUd4MUUj2y)=y$UCjs>rtW*MDGGqjH@ro5%>QiGmA<0&4>(OB(m(
ziM+3;N3zw+wx;L=>5U|iA;zCfw<x4OK4{2hT9Rs^#;YN3bW^t2qUq{sjgo}ZC5{S*
zLl4!yn6uSd;wu)AyCUGPLp*~r@*>FMeg83MGw^dQJFwO4^$u&chVl}hMOSR5AyxoR
z2RAFgAA1u-UzrhXSGhhNJ(6EIg{a^aqApEUSy@#*+=ntDKG~o=p4UQC!*o*IYWylx
zbxg^$X|C_PNQa9dA%>{4?dMTINHA=X9PWll(dYfT(ff^EfVht+cQoNVcFZF?5oV-G
zm#~A={6RATz9t=Zu%dp(p7P*WP+#7)tKC4Qr!S9te0<fZ@DwL=KIv$5x-ivda*`K^
zB`GqyC_!Qq$)tlzUQ;Y+9j%cgF~hesUP!9NN*&Z7c0o<E?X{<GW|Thd+N6v*TjG67
z=78>{@w^?cs>{6z-J|^GCzS!H%p5j)YhFS{66^WdGl5c^zC=3fq;VAnCJC+3dhnj4
z7!0YJ;IM;IAY#{9a#lNi#_x(VQAP+zoZm)?X18-aD?q^f<QWN!h2$sHcIR_{+smna
zp1iW(;uER8$rQ7P?ao1_Boj6CewcB>Vm;(~2T~_#=#0!2NlJ<OLtVy@J4<ZwrDgGb
z?HigYJv4WSypQK2j{T+&6=}>CU}sZTi;2M#q3%Yn8=4O{cYoM4Jr`Y`L#UxL>5u)6
z8aQ2<{o}c>7=7^2lNU5UK3v}!Pp$5u5C<P~wv1k+r00AC0|W8%xAX!_-Ik1oyr#C(
zM<{C__BtLql27yZ7{5)uU$J=KOcI9qy5ImSPZ}B;TELbs=p6ash3Fsd`r4N;KE{Qu
zz2>$k$?>Q!XoN>sEN<6t2>9Ux<FVO8>)<){jteV(^^par1kwGA_+L!#?0!8#3mSTQ
z(a}Bly#Yf8OuL5#97o&1C6sp$(KUA7K2|#q(LDwhem$%SwL2K>!+zqUY+-6IT|`ho
zzt@L`N>nh)@Sq<WSLK^t2_<b0Sch?<ph*C~@QpgvrL?hdwZHGCpFU~&XyP|O_xTUE
zsT-5z-tF7m?QS}DIB5J*<+ahOg!)=<Js)HOswoNK*D#`d5hfSx4aQdfPjTbwJWsbr
z00wx(GOh`D!%YombSuA!oG8bY7lc=X%Y!Z{WaB<)xRDZ7M+9wE>2UV4=$MEt$**IN
zW3EqbVtlZyN|aIQTz!-p5Q9$;>lJ8KbAApgb-A8wL3@xNd%nMHw`4R$PUfzXG`NuJ
zJy!yrKkQvC?Nv%@Y_qrSq2gqO%F^WI7WVfIBX=wrAd~MBn|e3*q*^noP8O}+xBvbL
zUhP()ZY@82oLHH`D0p)Tu+nJ*|9dh>hsRZe-4hZP?FHdtS{Nfdx}c>i9V6Z_=CW$D
z@g2)w`Vx1{QeiwoZsj&KNl{-rFf2(4gT$sJ=5lNiR9nH92d!r3HF}nW`)#xeJoykU
zzE2dU0(PhtdxkcSk7EcXAB+8Tc4jR&-bD28;soQ`uNps4QacmoNd{7qW&_6U7-Eq4
zlIG#WB5&VJUxWm4;7xKk_`f&Fr~!%HLnohzrY!{niN1Af>0fI)5SSqT#C%xDt3oK4
z4c62&Y~E&9A}Gxb78U5Hs0-E}s@VCrmtz&#{kYDp_GZcNT7TZy-Q)8^@m-$$>En|@
z9PY$F*ly5p<u=-VdvopjF(Do5<PA%O*J+$eS8f70f=9k#i<a4U1a-<s*$i+8Q!Go-
z58*;KE<xw_Cj$K3PSm6kHmm=W@z7>u5nlr9g_yjC_X%Xv*9HUBQ{HTmX;1uVWE;4{
zXKZ{cjlgng*zRCwV?QX`Qcu8oITBmJuU9e+GbcSNXwXXYX@WoH>t4WM`}ssBjql6&
zPr3sKzuy%$nD`%)hx^E5I0;Cea{=d&WI4VLjExZ9u~{kv1%MK@>!-`_lk~4aFkngw
z2AevZtMOzA_Uyrg_t&5^f}D{rpa{0a;tDQ1@ZX@_2uy2)gP1Vbar43Ygb4=39ln)a
zemka<Jcycyo2yCp4~};9i_E7IROd&G>k_M5J;fTq>Z^wbBImqJRIXt7_T_}ymK7nk
zfdY<ZZmz~6(lixTH*=d#e~d)6MiYW`p)PnmwFc0UH#+ebNkI@?Y{y3FvA|_0^~QxE
z%iZ9igm{9_h<>#>7ico0r3&j6$DWMoVj$l%_+D{EJ3H!$FVgp2;Ep1-gZJzm|BN==
ze{5F&lZA?3jbiGhKt@W<XCPwsl<SIxR(-ltQ(G7?)UW7AKqIRz<}4}i;2xtp4HsZ*
zXB-SIBC>N%C2$N}ZV7POrHgaYTbLdGi*Rk9+#!Bz&$7&ypt|MT>PYYU<s@3a#o>3y
z-?1|=#EV3P2>=Q!xyT~oI%i>2*jR@nqjSTY{1FXg=zgb{-?9|d^dbXU-6~X%dfGD^
zfPfv@iExzBnIat~xQEc&acswwIa298UQ%p8TH^2S-(yh7E_rDhh+72J!Xa_NghOab
zm>FxLw+YkhpKtf*@W8t6OccYzB)pKWBbJ<mOXX5qPz$tE4_LZMh;Ju|A;-_03cI@@
z+Lqwl`xE?LC(v(&OG;YYa3{r8mC23%KHZ0Tj0d*7k`WYD1l;FQW#fvK^7ly_CUf{n
z+ebXM?e7qf&uJDHT2V`-5{JFq1Co+W&NhPo@U2GK+1!l_08LM1B8HGNz8u(qTu+_e
zA3mPRvstxc{sp7ZxLv&m>HlOhrecQ6d|w0pep7(0s|hTw2CFUTsJ1UQIBcYl?`xZ8
zSI?rO>r4*B@2g%!59f%Q*Q=J^?*|ysuIL6EL8WefgTP#BxKBX9kXv%m_8oRE`xRuS
zMt<mwaiYouNEPm2-~RAkZQI#ZYFB})+-f9LV0f<F><=C9X>x}MK|J|8JGQZ0cw)C$
zLd%iM`=PPCvMRZ#rlJxl#j<Hq7$+R|i&%!lQbqL1P}ZF_BVGwM$1hF`H9EVqwVPo4
z?X6uh1QEb?xg#0PPUq!=afv-g2)sQ-0WzBAkmsB47^_|#999C32me(<A%VdJZvv6R
zc%4I6xDzCtll^1%xkYWZ9}UFt7SYUA_yfgtW*9@tgkdSPL`En?gHS2Wz^=9(5aRwF
zpv5ANf<-c(LVJ2pVfAy_6)4~(E9S<+zVl|W8Vx8$g#w3<{6b)tI;Lf3|HP5k8=tpN
z6%G1J>gHV2<D=k$A1-6;KfDmUE2O9kmGE5AmMdcFlIM=QUtP-YDyp|0F_+q)xeoU;
zuk(KWUWEb``&%JFVCZcHp)7}5Pi7+DB_YA^Xz|zXELj!Q=m$z$hNWsDXi{2l#&DcN
z-$WWB=ze`{<$Rdnj7Gp(hmm<K2s(%VIQJ-b$Zp3puObGCVtsY$c0`5?{7FZbf+8QW
zkki?kfP!Tbr5-RN3tWT=mTc1~V2wCp{SBo`i1`?0vOxM%PIS@AWT==9_i@NyQq_f6
zIGygB)TnldBz~F8uP|zo05su6PM%mjQ-`Xg;88}$SjiM{pfj!6a26$=CF&h}vIX63
z38v^H4pFzdLXfldig2PnG4-U)bq^$8nuyJ3Bbt!e+n|B!-A|x;$1<_M6y}1&<mZJZ
zTC_|P0K_LZH~x(Ub7kt;Rk<E(YEr~D+_G5=hNzZ546Zw6<_2fyUD)y!%=*R2`VW-@
zWzd`+PA1oioK@z}jaY7O21ZJxMve~l;ePYw1iTHyS1)-{pWuM<xDSj+FvN}PodU}T
z4$yZ#hoft#N3YprIx<~(5yM{`%nf((St?<Wm-qqow=}x)(q^`Q&^W3mXld$fmYAXl
zu)mcwqp2wK*Hj;2_N}hs*l0z`d+^<#$lcgbiNi-SRxED4fERJPFvKsgv>ITdVI=Q3
zI(qtajMJ6_e}PgI!3wVYpDsrcx^otXG0E<XU<6-+V{C#bn~qo`!5l^RR<0dqUFLR|
zlipR4i(F3xLLNjJSeg4Pd{7Pz$7nh`Hz5GDe3pzUrYXPH1CQ_L1<_))H+1Z#0BD=X
z5GQ_W5Kz~+KP3p-j^TGny|?|7w$5Qm=dfwZzllS~|IEKR?@iTsY>Wj!?Q%hgH2BBH
z6{s;p&xswppP<Jq^r@FB$`K%lZQPgD)Yh)eH3$d>k&%(nT+{4ZUBp>rU#zXG3&{$^
z2Niz5U#vL~)Kv0QviNojGpBHXX3`B5`J^#^kNg%zvl{-^4<c0Sz43dsNI{38G9{-u
zT?G!8+q`IPQ~8FVv}!R0gH9fPs3OiWeQ{+AA1I-hwqKWh4<3cAUvKliXor#AKP|0o
zOu*L#+A^DP7c+UAU5Xw*;el>$z&_mM+G#dJOfJzLOdiN_hcT)U!wAr9iXF2-h8}9p
z)%kn6d$2odq{O)dE?x4>w68CBiqTn9f;x<FJeZw63oSt1<|POP`=c7Ep7nLl9`ttJ
zXim}di=q1%eRtBx0x2&kr2zW}AITu@NBi?B%YFtuW0l2O^LcNE!Kdi$g4J@XB{oKP
z7ibpu>)srPfo-#Ao6!d{(UJ}&3bSH`czGNJ_Z4MiRWky+<m4ir6B_Dawh(cKx}M7<
zQL53Kd~t5E`a*eCU@A-GMWHSwGOnoow11VbaszDL$LP=KP!ifCrjLNLDvi-DY^|xX
z8gkXRQTdFHOL>GpuZK(DZxWa+LR_zY)yCXDv$6Vy7gE$~>rwgsDFo<g>f+P~6}SjS
zfaE(nu83o}ku|0$SLQAQMOAeVG)VLHTqKO8lDcL6`Oh`4is6Boo)$TkfGNAV?b6C%
zpijjL^r^O%nU~s1qiX>Q7J55m?g;dY58*@aT}nuUqpw%wz-|iNtA9(LCj6lCWHT#)
zioo^irfbN$FjmdcLzuq>%_k8OP6u<qSQAoE+9trE(b1~^e@W0E^q?o{ODiqe6*9Qu
z!jl<2zqQr|@n1nr<eVxdg6BX!R8p$>zP(Z=FV4DCug=as+`e*x9!3b}i5XM{P3Bj5
zEZgTltNLn9(p6siMP!R95?k{IMtODv`*r_dH-K1-wd-}idY^S1qlveGMqz$40#at7
zwwkaQd&uVc@R;hP<MhvU!TNgHv(%%%fE157d%AAW4879>?rmX;QEgl%F$w;0?Y(yO
zp&Q3g8P=SD=0QqZzLYa*7DB{HPQ79$<ipx2+LF<EFA_Q*kd~$s4?*h_f*dP&1*;1@
zjOs-BEj11r&weV*NNv(499rRg+;OobGa3&?AU`E-BKfO@MJ86}FQATNeogB2E$B5@
z;pnlFrk;V*gIc8?Q}|;e{fxC;Pl4k~LH}>>P(_9bGT$4%Prx#un%7i;Bx0hR)md2=
ziO@~$Nk-hYr*Fvb)dsVecfsC){j-+>2pMp(+q?mn4ZMSEkOpSsuK&<i1ph{&{K=mj
zAPSx8BP#1`el%FgKg#^`YzIv0e)KjfOp7|N?d2`c9X>$VCkFLK=0?9A(!>8$4N9v<
z@eig;9+${XVLPNJ(;1tio8+Q{vbu01|HdXynAW$Mb@G1k@e#N-F49!vMv6icjP2(k
zxG_!+G%Hit9{E4?#`;Rwq#i|!M8RT)p{@+Fl<^v(i={eC(+x`N)FjDa`x|b|*r~Is
zQr6?B$9oZLp3a8VxH>w|@9aK^Kvpe=8ra2*s{_ObTs#F95^HA=vF8pkV4p?=(M;LD
z$E(0XO(-cLQ@h8`cuTQe7@IG#A8DcyiFP}d&>kD87?GL|D5dl=e%?m*O#Yy6-HB%J
zPA|!v|8bO}J2J~sJ<#$d8~yXs9~xL{uW3AYV))Bh(bc{{7PaPqP{^S&d4#}acDM8%
zvXxt`a%jyRrm^Y`?pxIBIKDUEci{jP<2pu6?fXDD_)WQtG>89cZJkwv#;qYL!0eT-
zH>IlhRVfaUP9<XFV)HRIK2D>mrt0sz3IrTF?Mi1Js3A&;V3-O53AclyEta&=ZHzqW
z^o*BI=JiStjY!v|83x0mlrXtf^8&RA-8`<J1I<)`D2#;d?;<kiR!MaxA^urH-{=hr
zjYXl*EMv%^UvwHt<Q=(5Lv6$|xGs6jF|O=%1YlaHioX%4iJA9-xcVQ<lG;Ylju;9O
zgMM%nn-OOanU(`74XvMY1x!B2>RlwZLqJf3!!k=0!%?3BA$RS;Bu`aQH%|yeY5O+2
zZ<FW@dt6~rR8+YPRV?TZNX}H?x#F%oh@<xawV&nYBO+4)-fvr<_dH>>D|b`Ke{|jn
z{+@q8Z*;gaOA9bs<A9AO*nEwdm`KH?3ti|jajxeeqnbdA+yDv>k%yAoD|(#$P>35{
zpRlVg7e~uuB&8zW^65<UMAX>}Zrm9Dn*~rdGPVhC21-9}p+yG^33X**AScNC!QTM4
zno4MQ5p=$VL5m=i5-$)6Db}azLJ`b)XvVbbu~qc@v(eXy5nN(cinv}ntvo9%dZMSL
zI`9edo`+tct^mk|1-2%-Y$W8?abX)$*be@zF?69bUp&PQ;BlOMS6S=_CN4O@E+sqb
z^s|2m%6oAV>j;D)MOn)aPYJ6_O--nVVD`W%%gGgG?0a(S!AO?|^%=n?qRLYtotG;-
z#$+mQ@6J&-K7PM_sOy{Q*}a_sM&E(0(7!v<+U&wSFT2hDJMNy3ny!bvZz6-mgml<|
zxu(#t>aP7gmdcW_YCdYY-a|sV(^+lTcYRK9T~5+p$n10I`gG6lGiIN^$Lj~}pvNKK
zCL;}gInkRwDt>m`ZNAzryjX$uQy}?f_wCQ11k6HgTz7Qt-OJUKRSDTN!8M=P%INb8
zbb$ET@kHqdb`%(w`sw+EoM<$L>MXN<VJ5aAv-8C0o2HPR3fGZ_Je@;vvy!*jlS771
z6<OeA%vzaG$!{L775Q}0vi#K307fqk_Hg`mY3O9c8@G{KZW*)#Ugy!yy;1V90c97x
z2w3}5zpL}3m>uT^e2_M-0!;$Zbu1d^H14xY{akm{ecxz=wrFI>3-KF!G{_Z+za{>=
z0g?}pL-#*0PgqQ8-q%_NX1^xIfNh*V`VZft{kF5Fj5q<t3|U}Ad@X51&eZfvjmspF
zu}D1-6X_Qc3{vf4q*kdX1zw9a;HR-qcb}Y66)0l-B;<Bi_@i`^^TCy#%(u>uX$4Bz
zhdW_mF%Llwcx_xf6;gs{bL2oqf117)|1FLyGbtK~c%P`~k~0F_fX-VO9%)`HKTj;V
zC6e*}Q-*G{QWT*Ru#rt}3l?}l5LJNk#tkrny5AwQe+_|{0E|(n1AYye&wV)wAr->$
z%PEHoN#B!L*Kbpi_J_d!PrI@$KNuFEVHh;Ac<hHqyJh84@oWZe_+n*8TTT`Ey`S4K
z0^_+2Y`S^4y+RfqF7`rY;Tihzu2S?z>>+MZDCS~}VBP@;s^&7*35r~Kx=hY1NT@4*
zaA*t9`MHgvvT8^G?+fvp4pZc`n<nFhLWu~%H{fgp$h4?&Bl#dXmuNUE*Q}IIi%pJ3
zzQ{LW$QZKy^0Qb!R5H6+mALbrF7A5V{ZnCe<~Mn=hBP*1;TyW+?X)mhmoY|$k?g&(
z+#EUR1sMz~<r~w{A;l#Sk9C-Of@Oz&=2AJi@aSZ6rzY_f&eQ5$D)te*@B51o;Y-!V
zSK%h`Y9?hO2UMnVD#F#N$8qX6=l5z~YyR$IkJKYuKP*8qO0NSIx+8kN`21Ti`2+v)
zQE9jIf;dwBq8p>E_eZV*BNOGtO(-nkHAsU&hWLpzj7)?|Z0p2A^Zu#KcLU;#Ht-@9
zQo)=g-TZ>w?h|AS(q#6lE1B|^Rap^>=p=v?)6YUl72zPnp%fbGidlPrc+l-W0ASsn
zfb=3_i&&(KO>>&->dv{=z$UdZlo43P7V-cGqJ=*5`aESJ=jOOSJ2^H}ER_&(N`h&#
z5x83ChjyH}udB=+Gi)%Y>6C?Moo*%NxM7X}gn=x){I8m3-EX_p-#A%-2Lw2_gnUF!
zWI1dZ40gr4udc?{x2g&8+uY%FW^Fi!&4(`T{~V4#VBffyjKZbnEOCjgRp%IfHyfrf
zPLltbEh&+;eVLQ&$f&r?6tk1gBPZ#039U(__w}g7|80${TgNfNqTiDp3+|VkFHLt8
zB<BQDS==z~m<tG+oZZSvvoPDkTG(tb{#7F5MGlLj7Ks^5E@O<rp?pFf{4;Ic3qxEU
zE25df#?Zn7nsSL<vfCYf<T0l|gtWrY*lvK%8g8b>`euOMI>Rq19TgxFnyKtSdyJGs
zr;pas4~_2l(r|KhmoNy6FB=1_2lpQ(^+q#-jRYmzO!C)m_F*a|YB`P-)%8YwkcQH8
z1vh8E&4C}*N9#t!cd$EB7SruVL?H;FU*xY~r6xrWIAr(_qaRR#@C;p0Q`ZcZ$)w}d
z{Rnx218I{b;j%xZY2a1HAZew#gxC=aT~@v*J}P#{LE{nS0^vcH26l}saQ-QJe?ox&
zDYP&t=DSfx_%!J&RlxPM!H1IB<FTci;UUu!xbBYMVGq9_A*C0F)#~T2fsR7X)&bQK
zLoVG;V0CmFb`vOa2Ce(k$6;)R(^=kAzKv_ec)b_6id#`SEb8N~N9K>VoV5A58|=N2
z?HZMOQu_oGjG_GHFq;0LIl_kv3AP2-zK61kB%u~!!U2Apu?nRtRScTe_nA&IJ)jZ4
zWN#quF$!}8Z2V-MMPpO;@(O*fU1o!!71M_Or}7D^@W45PsZ!d5a7odH)G<c7d$G};
zf6=c9r`)n~!8HbEOaD~Wsp>nPyQ^-(W~ppo9dj4)I^?OEj>DR%<`zgnZ2`tlHdVJE
z?ds*2fJEq#RrgDtoRM0l^fMO%((U0e<leXNr@1N=5sNvT3J4<;?dWmemJ`UL#uGMc
zeAWFWmx%=qLeiMxh54m|=MVK0L=|4Md4KjW{$&V81lK+yzbvDy<2AX5myarGMK$%P
zBFf4$sLV6(9#!`MtKyvClt4IA>(V7x3R^>eyfes*eA)#cwv(5)CR*$?pEsvx^F3Us
zD^%^CxFob>Bga8H(Q0q(K#2z{EOXCOjmDNzR>C&1bV{c?77RM<9><<O(o{@qly6QX
z)(NwB4oqryro2NT#IwTbvbmw$K3u3L(XEX6I`_&9vEwx5H%}*MQW`SO*B%`BhwR8E
znFw->x??~6$HIG+pz!BIAU*r1=ECtIuDG%b6Xaih<DE}8sPLdq5OTA2C1~{q1Y%MR
z)#u^9>+!e~r6Fim(b@BpOWbNnh=Va(WoxIyjW86F_J}ULhT3ka(7{AxCA!lSj-WED
zBBX!s)I-{wL3IX^XJSqw2T~U!sI2sORPy3I3>T9mSZ$78TW`CNowtW24}R@7f?&Sd
zFYK!=i8`zf7J6V|>$x5UynoT@Pp9Si5t4%g@^d6dMYW2G-&k=fz7M>URUK17z{eAw
z3hzT{O-WV3j(dzTUuwRy=}u5rQ!1LrfWNipTR|#tw$u$RRFX8S$1lXy13`LXAhf2#
zAx%1gtzCgKdwWX1UrPU}FAsHg46e;njhVU^G^k5z)e?q8DE=FX0Ifsj^KgL(&8k92
zg3;7pLS3pcn<`AJ{yvZ0?bgYd40Whj399O+8A?N(hH9}tdKE0dCFNHYk0p-f(cPLe
zU*FRz1V<q-MEdFe(}g0wJZN_|LC|=HO7jix-tQTMhB!q(%wLen`u?LItSgNHxbv)#
z=-ztOyCXQeXw34S!kVG9JxW8P`Z7POq=KaPW@oRYY~tD5`}(GDL}E`z9rh0**Ei!}
z;3N4XT@sr-9+kb^!UW*->3pYU9rTd2pta1pS^Y}U48kwh-Is3hp#-_g++R#?vVpI5
z?N$$L*1g3kXH)UEy}wa0=hFQD&=$vLG8d0BKz$unG{e(=)beK<9uqDfWXMhvqkfRu
z2C<#II6*PI56;({Ilpa>Tj|V#{)AM2({Gbk)$ka+9-49UU|oL*P+%Q8OS*p(OptYS
zD*9vz?A~_^J9&I9YCPlgW>5>1&HJtjW3ss^!m*^aZ&cY?o`K&x3#jH^$z#NrZyqnl
zIeZMW?M?i9h{SDB9OzUYdzyRHonF|Pj}lI8VejS=qQKL3fSjrW>0du?X-X_|la~~{
z9uxfB#w3GQ?>tArst^`O?vs>L`G|Ij)s$>Qm$hrErmD_DOG4sORQU|IP^Bxsd5N=V
zsx6Zwg`;w8Cx`Ft+d}c$zBKuy4IF#X9*e26KmX|KxrfXS?GhBte+*R@x9|sJ)tRqC
zp=|MQW@;)XIaI*nl^U)V1m4dhosPCn-~VX^WrYRJT+}qa!?BXhP>&v)Q|;noO<tsn
zR#INgaN&4rU~Bm-4U`Y#FI{`dud`7iw;r$kiXYY+#MQxMWR%FAwk%ceH~n9|`lHa9
zgYZfiME%3}&2wJO@6k^NuXqfXe_P-3)&NI_q2JfO1`b+Hyc@i@-UGa&nm1%8q#)wi
zf7e=cpV$MM-pgH69qPE%^8f9;r%wtG$S|0o59zA<om5(ez9M()G`2!Si~BQA=4gMo
z(obUx!xFz{SQYA=%N|YOqa77EwxxD^Ou_*;1gG=$(TvlT1|e3y9hXpy{#RF)ymw()
z#^6IE2&l=5Fot1K@<MF|sbQEdv2e<IY?)3s5PUHbt%*snMbXJ^>xB7^ynVMOxUF4_
zwPmG)bgo`GzW$HfJck=oORcaNT1yQ&I8+P&u8RbwhWbYxkELC`iUmMw+FQr|_xNh!
z@R?z83q{&sf;v0rDf48?>ACgbE@F!IE<+=8ahVF4eIJmY=aW$w9tK-d1)S!_I^{HK
zyc{RfIJ`Er6kog)Um9ov*eg7vjaPapgvRau%XY+Vh6k9F#bA$6a^9Z$x?a!`AmUK5
zwG`W*M1?Kcjd=^fW}8L}ZVQf<GPG76o0MH9Guv;_WLsQJIj87YCn+x8B#&qQf#3O?
zsZ&F+z=1xahteHBgyed9J$U)~&DQ$e68o~tinBe|8wy%V<7|QNZF%5%AAWL~J!ElY
zA{`PGE%9V}r9yIyCdef#8A~fgbz#0f^Wu~l2+y`dxZ~K68xtt_oizeQth+0#?xhSr
z!u0&$Lw-y<?*8IiOE^(LF@jGEbW_tE_(%*k_deSM9XBd_{XKX8FdgAuij}I7G={!@
zI|la35;D#@fu6`a(&h?cUe@ZsMiag6Z+t_5gOk?HmSff*!Ze`IX08N=#Z<otkyxw_
zxMfvK-Bz}U=wZ_!MZYjF*PB#(n#|`o&1K0)Yyt(4lEP-5XM&42_{0cTtP!D}XISST
zV6dMafQKPv+J7rG@Kh3Fs>rQsSm($g(o7Q-paf=7x|@H3;D@3(9d|O+k;eQ!M)mP`
z4o*wi7^e(<p@I;y2B9)eD<o>)a!9dw9<&xmf%rT)xC8?OwTQ<p0O+5j8SHsP!ioRW
zJ_FR|#l`i*)$!4$EH$S<s$Se7?nHpR-rX7M1IA6);``eu8a?aNzj>${HWLUk`>FiM
znJ?xLtEN%4;X%VB+Q(W3_dTigUuwN1wEb?#Ge(TNEghIxzgY6^DutHq&2VI_X-2G~
zqU2UbHq2DihPdBJk>wHE&mJ9nmup^mepm9f4Nb-0K{pM&J8xgcmnzzAqH7?P&mM}K
znwL9=fqz6b!0o(r@=N^*BssI0C%TRT<L|n`mpS!GQ$eJ~1_(W`dEo}V&acLc7V@9W
zN$Ma>W_ULrZ6Qv>&nR!EUI)r`wZ#30Gj#l0%T`Wz(M!S;fd6)Q9udQxUGLK@tc*3D
z0z~1}G#6)Jt9N?*x~%D)xb6lk=1wu7kPUh|5XNpau1)_4b77kV`DTDDIgXLz!~*85
zS#WxRhxy&<6=t`F{jw!~SF)9Br9i=qQ1RDAvC%o38KM2gF!A=h2Nn>lcJRFNr1Q9v
z>1=z)b@yl`{@6$8d>?l7?zF^bz~2mz$Nz|~2uo$B1*0jqtUc%jM@uc+<X5&O8#0Hv
zbr{;V{amjfuJlxR8oqw1;!&?kPP}TW3ih5@w7UEUrcBJNg;`Qr>_+8ouvVHNG1Ig$
zQnQ64D%V=BP3+bNnE>eFQbTPPg;;RZD0?EavzhI0rNRIpx8I*q21yxqa7+bSPzZf^
zgX7um`HGMZCv!Vtz=0I{tqxuH+YXX2_v`jRY1#FYiydd|_6McJuUG?qzn9mcC8weX
z`#EhMYkjLoDHU2K56j^3_vOanW?~!dqQ!^3@t?3s$<VC{=Hd0qL;fxUo);(NfuSvM
z2r+_!_BM&Htfz-(sp{`71m%4XMsh8LXR~~@v?E1Y`h$zHDScDOnx6eQYW2$Jeq@nT
zHKx8>RE;>c|JoArNg$%Ho)G<0ET#S>O1D9!=3d4Gh`2J0qtv|v-*W~NYbJYr8ip4Q
ztY7UE=<>6@33F^baEbW>&LBg(U(tbsweI3|(i~`Nh|Yq^_cZFad39wY|M_pmbre>t
z1ecbU|Lhw;-!(LYUt)I!l0tzoo7GW`J0{T<BWg01nVe^0?=Ht!)p&2;MXr4CfFm@n
zue%EBJ||k3{BFE7ksFZB9)Wvn^mv*~8r=0JqktD@?XzQWS83)8oyn@Qif(#%6C(R>
z%=MFFKu;=*btQdf8=J0=6LIg6n-j4Wcb9h!8-B`R<rwf~XYUUISpBQACwGAVa6-0%
zA&0^p%vWdEsdeG8I-Fdp@MuS6U)t96QsHaY=S&wlT<<jEeOp~RUTXoFn#6_IZ2S&}
z3FJo%i)IEB5@0Iz{ICRUo)JkQLUuNpd}c^HzgwRgA<|%uPB8Wz>|2fg`70`AK~6_^
zj<kIhE$GMS?!{GsBy#u*-0u6o#pVw-V0Z=wia8q9d5&ap><MYG_l7lyuk&V8vgq#F
zCJFdggzCOpB{h5V0%=zB3Z1QX+u(P|sYQ~T3<|)VMFgTe8hfl6p<F-3o%*kKwVb+X
z%OGIH{@*?0@EA$ZxCT>1<Pf!+N!>AZ3tvx(p??88_Z&Avgjd9+R*+oaWD%w1<$Xc5
zW$qM~?86H9HnqON-R-z4Om5%;tQ~4zI~3LLz)47L-~!Fl6%#7lFOjn+fy=Vj`I%42
z3v8vyW18zY!4B!kMdat!bV7sC<WE)B6kR{vS-RgpF?qY}(<1_!Xg7Nc5--KS>gN6l
z-zHfrLzT9z>%35-qR2pfzqBgZe|LpSKa>vKf2hi_wkf2liTta#r?2DpKjB93{|Prh
zk-94nDl-8K#1S}YRqR(Q7KRN!CYTV3bSAZDYqIknE(~y}_?q<-nAfGG<<aWCy2D0k
zBvXR()`I|O%3_nf;H4#^Tw{_H2It@gmZ6e5a4<wc`(X1OL`|@70k}k^!_{MB^uvF%
z%xZl`w3fA2wii5}a%I98)6;4{dELnf{5~HjNl5B<4yCW0A6qlDp+cK|6!mw3$~yxV
zOFd<z)T(v2Us8bAox_6TUc{5x9a!X1>t<T3t+rL{q}9a_3rlbc1$qswtNlfe2v!m&
zoI?xw6mkr{xs-Tzm=h#bSP6-Etr_>`L<{R0E-j4F$wrX3^o?56#HLBun$-RVd_DJ+
zy=B#oXU~;;Pi&V_@R`sI-yWs~+%yOPOK?B#?L#Nm(tz+;yf$=Z`{#c(YR@du1V#7v
z7xULuufcur-C1Io#&}~CP{j7Wa}b19Rk7hh+)y&^yu29<^ebc!Tzf$*#qta}S{V8O
zo%sbgThZ7w0v%D}Fy}IHpl+^*cEgMJ4HY;CGduVi8L?KAjqJlScxS6>Yo|9p5zFH%
zF{*Tow=0owJrl~VI)rpO0qXi?Bf<Qxof9;g)DZaAmH-p2@Y=GfDF0rlOgSXWL)ZXd
z+sKx;5fVTJGBBPn?cwMS!Z&yG{9wtJJLvQj$Gx44_)(U*Tki?el$U1r;j68GR(YJm
z|F<kMxJIudlp!_*R5Oinb8#_nx9k&Q_p=cq2EP|0K^8048$$L7p<h)Wk5Wo)eZm<!
zeg8Mk@AaB!YVreL7#G8hUUmbu{(3m~H=n6F12;Fcz;_vvpTIWYC08nn_1q13OXIob
z#?@YRlwuqcga0HlCZDnqIM&nGdPMUzOcQ(D4k;H)5aV3z-pQGHe@$(A^h&917`(rY
zH)dT#|4iNVLLUUB(L`nqP(tz=N->vZ&7jh}Z5c{1PYPpGo`))3PA0(@^}KTNVpK7B
z@w?2_(|lDAe70Su<GEUNy7FRin&La+@CEdL#np~A=EO$7e=6=`=_>S7w6S5ARUv8@
zF6t{fm2MZ+zaJ%b?=3jkA?Kh?tfayb5mU#cCw3EKLEU`@Xxt3DlY*wdHbY+NuDd2x
z)mjYJn6m@s!nRk{zUZLNS2M?=Y7P@pXh45wOL<$vB^LXP&7z+jZ*|}<>2ckgorG?L
zMgNKx93VB^+JcWQ(<_J;)I;J-zZz1BsbzYg?9(NYI>mHJuP~5J*G6W4yAIJ{I~0<7
zBPtI+ki9-C;Wt|Bzv8-c#>{{qFWPl(9`yLG*J!nutKo)ulhS{<Jcfp0;W!d@DsHP}
zk%dtwx7Jb<$FY?zv$%=!c)2y$5L<D7tiEwBG_3ksw?9JC?n+fuyX$?~b;a`O`1JGl
zN>3M`!lS>%8`t#&THNxTYk)^4J6FU>B5zdd;?yWpx5#zIqc7SVr56^{@YLv;cPKBU
z+m)in{$;BO!6^Njc}i2d;*#h*b0|gLc-=f(a!-YU&r27HXjCQ*$-VnWJviP7rf-Zv
z+~{7UFF{GF2s-=0AN;N@-yZAzrwNpimj^OyWo=`ve763qMyEObPo5hV48ImUzu+8#
z61Sbp5xe4_UdZbmd2z@=(Kg|WX$GCv{l!c(O=r!>wg2&%%Yw<X0e@7-U3OZ{254Ze
z_jj&TeR!Db_H_oc{56%I)9kRp$H;8#$h*NUA&EBdE8i%~C!IT3jQfl|<al#sOzZnP
zCmv-47>y3QMR5|Sv|HR-V4-#$B!}(z{@Rr~li6QuUjg-lPJbml=L*+4XBWHf_gfwU
zuV?S(tBYY31)nh$#F#?0yM6B1DSd&*4`Ts=7=J<dY{bWpxz;CzAgpks!6trjeOw2`
zGHK-g!{a5<Y-qn&z~@tFInLRwufTNxkuf1B>-tus)X3$MKl}NE)BF_W9wx=jbN?4Q
zpy6s8rS_;qiC-Xvlc5wBa5reyvT^L{Il>`lvBFH=eex|h+Cp4-g7w}`gd-lktnX|{
zeR=+XOQ(XF9iT$ndj5wU^glmJWKc?=sL;|awDTyX;MTeFG%7W3(?Q!rY<=J5-jvL4
z8XYFcS$P+Fqk_fjPM?a%2V8CzK#~O>3HsZqIrF)-9Aqi<Z69w%3l*{yGhh~*43X$=
zE+Q+c`%=xeXJ&tM&B&pHwrZvjY%_Z{LB1;0;jkC?`P55bZSnBBLx(}Id3R;GtQyMP
z5i|r%Z)q1^zq&m$85v5m^Vhkn&PAA2NSKzEZj`z{frn7M1KHqSRE)UjBMRe5u~2J1
z=ulpM`-Y@C{qBe$Go1H}SkQ!z`>v7V-mYMBJS)5iEGgG-$?-nH3)5i4m7QMuQq}!^
z!5`*TYGY{4eh|daMwzTaE^YL;Gma@Q>4{BWG_R!Mj8c-tilVBqch2^qkG-1)<RogL
z6&3oiAbL$onp|n)aTaP#oDW?BcTj#llX98+(Q(YiU;q^dD3Fm33TBw0KRz7dVg9LG
z^n)72T1+-Uuf_TAl46C58)1Zb{o%J6p-FtY@lN^8em*Q}cgQ+GVxTYsv(#8Vl;mbB
z4`$K`En9~=UPI~6dBxLw9eanS95R&yOux8y3KxKzH6(iUbK$XUkG#+U9&n0{5S;e4
zpbP<bBBSbz_6bASZo2KvW#0~-Xk~;G-=aOnjicg+IyM_Y0we9DaftczV`pXuh<PA^
z@`z+1)k0@-_nBhW|Hl=oMdpM?;zR~CoJ7u5>brJdv>pX21jN6Ow=3fI4=+b@bna?E
zOi%HwKV&}L#kOo744JX!^Rlh^Gf>Ubd$EeeGdXBk;)Elm9sF9}ukNN)^x<_#lh#n=
z_Fs?sNFQ4N8hJ9G^TwQtQsAupmaQ@!{}Ne`?duTsi$4HUUwcx|7$R|#?DGix2+c|k
ziT!7c5amMYpK+C;;0Zsnv{V`8t<P3v6((}js>XnRLchVB<lx;$qp%N(P*LTl>cM8~
z;2#%vW~T8Edyc!@&6L3X^d>5m0B}EjitY;@>PgyOs2~R~UCxXm)U|4OC4Z#61d_r=
zR+B3sP#J?Z;EFT|ZAWISO^;Bj(C=&%-%zntW~s#T=eW%Fq-7gNb8|B5kWG?^u_2*x
z(M+5x{1$zGn`pjAl7!){49@rGf-|uS6chA|3a4aAmcx#n2rJ`3bxUxFy_9<i7zI<E
zI;4pW1|4Ooo*k&3%LZZHFdNAZF+pV(7*zBd^~2Wv`P!W9z55>JBN$Xxt;Ma>w)aqB
zO8@TZ6m5{Uz8xet<;-Z-98v5h&RXC}iM$sPH|cMWOxy)pf)l7y)i}yBu)T$_0}6E%
zpniLn6(x@45q{T?io$NiBGTE?d7j;Jl%jCBu{pHJqW!+5p;Hng0h}K!8ETbl`Set*
zrqlX0KH`4<0D0_YYZv0y{a8Bi;Lazj#r&;BLb9~NZ@NOyE5GOM&NV*0N9F$g#$jL!
zYYXc6^R!}}Gu~nB!p?`YZD1MagfhqbM2^7A7c_R$jaGq|^HC!<2mTi@`u)FO?-z#u
zNOop#B4f`Osvpio!PAzfsF`*Dp&yUHh*ei^u3@M1_S<Ql6ZZq3`+xvGk4SRxV4dUg
z5-H_zY~U1!(;~Cg*c<P|lDTS=Y0zZef)tUM@h*5#?1NoYwBh-;23cz+!kKnz@?V}@
zRP-xtw6XCTJ%dqCKee0eH9g?x1_Fxe?k}<fIf~H*=uZA}<k%ggOH}h#o=C$Ydws^n
z^a9Qd5>ct0vge=>L(19IJ06Tr49TWHd>?(76VHS1EL>g=Si81Ct#E07XUhD252li*
ztg~4&GUpbnP|p*yG)83mZx(<{3f~!FbKk_(?-g4t5@XKt`GD;A0-;E${X2I@_g6;!
z$6NTtGJ%^i$>(o87`Ln97muU(7-=zEcGHm<s&Gh~$SCZb-OGjVU1Bob9eV_;2wbtp
z3|Z53KT}1QgBo3J6gvrIcJA&dg;tKC<i}ZudeG6Nkl2Z^0gd$}&VEdmxmXSPNOJ}e
zXfy+GDfwprR;m62hrMg}9~(;BF=7#a1!FBkP?E!9P>B6#7DURGL}iaTk4i3%&Y*K@
zC_O(T&gLj2SbQ8=Nr#hI9HWT3XcNhhiREG(<xI*3x0F}blZ?<kU$Qy_>#Sl}1V-po
zY?Kr-@l>S9@E2<=KPtwaW1c>p%99zNWUQwW(i)Z~5WVs%^WL1(!Nuwpui6VExrgue
z$tO?ZF^q;j&8TmxC<+gDm190S;g7dnS&8|}5ldRUVT835A5nuG5w#3Ta6Ut~*TSYs
zP?m-$$*e<q;>Y^&zr{`7rA<$H#t{%%leI<EmQ5sZYKoVdHQOvpW&WjCLJK~)Q%}rM
z6YM1<+lJLvR$RzK%0U|eC&fLS^z+-4AB>e-p0~S<(eT_G9IY#nPi3f4BCY9qVsaCB
zhiftL0{`;8WMrc;Hv8XiWi7Hf9oVJ&wOuEZ1;m%<>(si-006h`m)tTd#_dB*%VJP8
zzIDfr@DKrp<Kvy328-E>pS!27H$HTx$WkCRIe^Bj!69<IdLuXq?Sc$zlzd!8K1zd>
zsV~>q3-acsZo3nDpDf$&Mn>7l%xSKP36f^5p49*Fq{y9@$^16Cu*El{sUauV!tyu%
zU}wxzU@@8UVd+=4+#o{bZ2w=@AHg4K&pFQ1`jzYo;Rz3C(3g|MzcWKws51)h{)#=i
z&p0(u>2}4mF4{<)Y)oW4DY{}z@V~|#H(yxH6>wzsyd-d{iATo_tkjWis?(Qg)`kTD
z_eJx*!R=}{)<Yrm)$Uhm#&C3Dk98A$R$52N<HwaFv(H9N**~0zFP3v{Z8~7`*>wdE
z`uYepi<{ZRWrq0E4KqageRWnwV}%-}9oI)$TOR)$QcQ_fuO%G6osn_+G2W2JirPR1
zOTFE&D<T%ggswLe9^;bB&Fb8LY>7tZ@@w#~WH^3Yrn6AERSY1)gEfBA$SBb1;;ky?
zDHGfqUf7#ZXjzq(!$z5n`Dj(zs<&XCXD68R(C-Sc{o*^!ujttCYL)Qi{!u>GYRUbn
zLcP`KL37|w8lFU*KIWaN;T3$`Wma-CMXTN5J>~8wBOp{Zz@ok^4jj@`Y&IOI$cqWe
zBj3t@{!(S45##Wc!g(gOOvH34IGs_>vkfw!>Jge#=(h%wx$50nrn9+<!rp-KKKi1u
zG4_jpL+ky8$Hi)%;U}r#|N5o{p?))+Q>0XCPCOBI{f%pQ!&j;Ro+6~_Xhpe6=*$iG
z0X81PMW~H;HB~OZ6ZOrU8^X_<O5D^6SD5g<@B70^YnrYWMW4Qvda0A|;F(%ou81?2
za=c$ABsb7<eK$JwcdFUmyHfgIJ467L9Vf#KoS7M>{ZzgF+`cPjzu~|_GW<Vx6=}H;
zcqXC%C;co-IEcXg{X-Ol;IUD2X$vjvwPtG)4l~5+@n;bP309j`*COC^RvOW8%XtGm
z&jHBVFz|~W*~u6C`aFMiAXc_S&A2}eOwW|tIc*Zv36fKgT^VdKhO{#EmA5`(a2Elb
zDLP0`5mbH}!Z6{l&RI_zs`J0`mX$o@t$+uLQQ=O&$WnC;#uAaPcRVR}o5FX`i-w_N
z2nSdvD4I@@`i{P&;ji9)T(r!29+MBcUWAa1VI{=0Xh9&jB_(s9&`PKhGLfMcL=C2v
zq4BHc(@A0=JBc$-O7BvkxKYfONLJzxM2MlT5GBE*&K*&1-vPkBn}>vOR8dFF1=HaM
zMZ!WIT@H<|hv+8-D>Wk0d*Q0??>S12MuaipizkDZQIKqewFkT8`Jc~*%ZCXk4qz3B
zY-hsZ9k&M@h7By#Gb(4^#j(5^6RC;@Bli!>M@I;Xj-d>MG5w6fQ*o8l8R<~xGZtl<
z8}vLmaC1Z`w~m>;%Q&pESc``F%UF5)GgFQIk}IM0^QgMGl8VbWs&ycAwIe+g{pqQn
z6~0@03sbB-Q&?gicUCUsNfQ9g5TK=EFY{@DRZpqmCZj8&fDkO_qB$Nh;qe*!Wi*j-
z@!MtQWc_WQJ~|)+SiPcYB9=8a2SslY5|v-9sN-u@bQ9Az-F!D^<A-sD{m=4%9kfRj
ztlkOMeD#c^;;j1u_S&7qzr2DnvzE)ltl2eaGIm7Z)SM8!3X?y5MU3}({_TD5ikxh4
zNsidzJeeY(Nh0u$q1d-Eftrv3u+=T>dNFQvn;EX_31BUrg`JmqUYome`dZ#_FF>%B
z4*x-1k1|ymyz%S+;EG-6X*88sR45`{gKzC-<0|_bB<JA3q|<Cmj0UHqq%Z9tMG+A%
z*4q<LrND`@mS+C@l7WouvCymL+u)GcF14un_jm+yFmMUv<(8ZTHmmT7QKBLliDqx^
z?*lu9L$wo7M@NYQW()}UM!+S;Kj2}WE(avTi0d@$TzzlYs3&#iEUyjg4}IhW?-Hkv
z;8H%$;AbK43l@ejwF|?DXoDUU$n;}^td?veFd0bDj>KZ3heYc<DHwI7`ws?koy<(P
zJRz$fvwp@47FTN485?oC^dsYX5xL40UXCNf7>NfpA@89}<5~TQXHO0b#m)d_u1Ei(
zP*e}0<rWtmAy(84X%>jQzVvyHaEzPy9^{Rlrp=`tdDw_`qf?lm>wT6=d~hi?zA3%3
zImt;bq#3TM%w1ktFiP?(I;t>iD}XDaR<IsQl{D0WlBRTq2A~pID-#lKGMb_+3F$1f
zN#;B_bEb_)4{3B<G#GR^fA(TTcpy+WXu7(;Y#9_CCgh|j>_leac>YS!nb!M$Re<H*
z9b4x|#eLYhz`Aww`g7{+=E&teAC15uNxKFSpwHp$=;Za+F7r=wC*pF#9VmGpi8p|d
zJTJ^e-{M*^Kp`1DA5W<?Az*2TxDP*e1X(23bSe(njbQ7N=Fs_oWmgs1syYPa2hSFA
z4$rCVa#SW$v)bC>#mJB+s+}`e%=@l#4tj&fgX<;ki$=)1DUnDGR}O;@_k2maaSD2n
zoaraS8cLPYbhN6rPQQ2(w!;Kr`ptrF_RB;Uuk#ap^fFI}CGNNX_4yl<UZ3}D?oIi5
z1=BKcrJmS*e3W9}wR8&YRR2>8&pd@iAB+VH0v}*KcaebFIu&D*>rFq*2Ed4H_PdpA
z;BvlLbM4Q#H~(3f>tA%0fAX2+lG6<;_vf$)uNNzXt8$IFs|_Excih<0^*2ZztjiN@
zDXz~2j9PE%Wy}{@^Oyjf2WQPtxJ%pI(Q{W%4OUC?&9)nYLYwld&G9EoD&*uI0trg~
zM&n@pD7YMuT8*;A{114437m-?9Fm>XEec%2!qWh84;yY6fIXX~Z*x0>Yn{+52Sgsr
zMXd$-RL`GY*TG@Zb|HDVU_Y*1uOccc1Mm%eWH?u4tnX5&K4Bs_-bLqNLlU~Ixv2Gc
z5<EW*<G@ywi%i3jfNj!VrOREgZ8kD^;Zn%lW2{Ww&uB*{A2T}5duwaMvu`0xWKS11
zT3yhf!}c9Nk}V61i=vpSIC+ikq>)(EyQN{-g~CSr`z4nX!qa#UzD418EO%Mbmzmx7
zA>)b+^(Q~KTnerxN*TT}c$2>={ak_J`9Ea6V{~O<*Ckr1ifub5wr$(CZQC{~w(UwP
zwr$(4*vUO_-~PtvetYb3{+)mOdDfn5Vy)fh%I1$xUc{piS(w`ztr%g1T_>sZ$~XYd
zXp{m3l#w#5s<6^w1Y9QZDv97g#03|J&>+jL0f&prn7}frv@d|mI(=U}P9%#-*CKMu
zA=i^z$_IRV_mZmyqeEc|sXii+vLWVgX-XonVRvT0yIJ3(Jv=Jkba&2tyqmB$Po5Xy
zE<|A+Q&uf!vt99N?upAjz+m0G9eO0U@oEm)$(f5%+{)7GHBF@>Z+alVqhhNsv*07z
z5??JRtbTW-Qsh9bdt9K}!&U0im5k?(C7a`|ZX~d$G<aM7sdv*I!NK})kscw2Z5rvV
zu>}+$W;%U4K@aAYwdQC_Vo5z4b9a9iPP~2KJ%ql<KI8m7&PCF3|F$P7L&L8Bs(c&w
z89GcesiUHpZu<sy@iuT~Bs7ifh-`WO?0I|aoAOpp#2Xm?Le1>RA`^1|UBuab@?-ow
zLgQP{y~T05hsk)|mWJ&x*loyi12rm1X+q!)dU1ALv^z<MT#T#NbgR#;{8gY@x9Tqr
z&$WVrkjFomm-|8g3&QTWRo#PR0|G9mSS4YB;mFQHj9TwwBu&ThmWitwWmyyIFimeb
z$diEKa{q_bAA@mDPyDY>HEe{fTO1yI^Wd1)ZjVo;3F|0@RoIH7NvV(l!Ka&@nIzKt
z(Fx5Nd%7FR6L>lkTL_CR+TRfhwdwsq(oPMY+7Y7CCfSOgr;E0TS6nVUi1(#l2V#y;
z9em$GLD@9>p^unUQXC>@?W_Q|8@UC)PfEQmaP@l^qYjsrD6LxymK@$2SyBzPpv?kS
zaH`4*M2+s4MP|7XtRrIkcebQyp5%~a+quwj(SLzBYy|*vBwejQetL)+WABtf5!kV2
zNVLaftnx1JB3An$_10~{8*V$&HvgXSZh}Q9)mXuDa~c@tK3Oa9%$;~7$RPR%B*+5b
z5SnHQ@wmAD9wQP@;DW-<7Q8(6C^PdX68{4=s$&`fT8cqR%F|O0G^j08qfzMV=$XC^
zw%>OpJG*pa!b+w{gWyArybH9Xu{7eStZEi8s=}$H7vkl10L@mL84(F=@#aAGxj-_@
zWuCF0qf-51HfN%v*ibG|vTjOqPfAHMn4t?j#oIG!`sbfc0vZZ4Cl`^!{I*UyA@x|w
z<D=G6@O|Fv#pBjNlWi?bY*UVJ%zL3C$1`_K4iaF-1Qa~`o}PslOFQzVvXRDbhg8HB
zhxvp>iMJd`dOaZ*Nd06+is~x>RJNdcqzdE4G-oYRC$D=Ct}>C8zvHr@e#^)28cCXB
zYN8><o?Y+#kcP(oewFtpk;u>gfP_T+B+c#snrT&(&$_J4Wsj5rJszP=l6GR^eETqp
z=0c3JUe5Fg3jaw#+V$Q;pRbix_3|q~((7curO2+<Rj@-K7IBp$@ix-d-jn0cLe4Zc
zTKS~QE$j2$)aKBp-xb=&dt1+9X?f0ySnq#5`P-12x4SzY#`CarT+guGxp(8Y7fn!E
zUI$ydXq#UL9tp#|E`C4vPdvsdU_xV88JcUju{VOqP?tSkGM+I#hy1`FtToEwgikbv
zQZ`VIjkZ1CRj>alu38FOiYjmW?Bu%+yVYX)IS5+~S;gA-ob?5}>jqg>;K<o9n$)Eg
z?a*gt%Vb=94A`|%@x;54XR5qVX|%nGyV>hYO{5wY7EPRO6Xm8;@WX!?pc>_Cv}h$^
zH>@WmtYuj?T6M`7TH<ImW69iff37t;{<2o9%l93TdpKW9+c%w{*!mMb*fawu^>hX(
zBO&RIejj^3%o`bXxEA=xlf{`$MO-X5%m>H_%}g23tTaWOt>!L%`PK*z5>Lw*T(CWT
z{f!yK*S)=&DKVMR%XG7e=cYybzV1S`TbEiO3YK)D1a)#^;Bpm^lWDe@pdsl#%iB9&
zN>-Ri_3?hkbLn=WkkswaC=M@~OGMS7T}VVD?{gw>5`+ru(mcFchbu8X4TQ!O#G}j?
zB$R0rF1T94NbE9#i)*W*T(8eHu)>`JM*uWCa+_YT6XO_es>R^!DU=qJ)5$CWFmXiJ
z>zhV(IkPyLKt&x3Dl{4_O@``GS%S)uQY}(5#gGPL>~xh)p{O@Q3$@Sjbr~Zh-3tGP
zux7>yauo6~nTAAX);pm<lSszba}zD}608IcI@^i59<R>qi1~eIuyN*|Deq%C%0iKh
zpc0rxl0jxw0<Q(<*ZoYCyt8wdD|63>8yThS;63Xd&*+4s!_L&%@0BO@;Wkb;-;s-z
z$hTYT9(*DjVym+D(({n1Jy(`Uw?zB{;-L$`_Eo;C66z3kN|+1uFYLB%2GM;^my`#u
zXRsDhEna?c5y&iTD9mX&85tc7RyYW#EL6eO=8Db&k~9+htP#E-=R)8*kOcmZCq_5B
zb>pS9?9_;Jg}MIB$9H-Eo@lx<*XkAke95JpivQyUGLYY2!RaVHnw&fmve&FCkF8p^
zFL(x9(U4tTwqO-qpEm#Ro)ZyLMYABXUCoajm^PC)n6p7)g9Gs%SXQL&HzVJkoe#6!
zsl7^vyquyj+Fv}2`AZyqt*aAT)Ldb+l`>CBbs^d5j^2pc&!7?|wK+JFs=VcD_0;)e
zgFR;gZv{_W(tO4;7BNDjP}hO54q#LR={XcQMSa^U$bd=6-_xtKRIS+*G=C@SazU}D
zHVAd4GkuC9?&M<<K6a8eN)L^6G%qRVNEEsIq_&8O;WstVUjo8rYc1Ci_iL@kpY{Ej
zhLo=X&i746%z8~yV<qBZ3q>=5PpFc3{P-AYbXq9RNfQu+nitU|=~SH87}QOV(p3z~
z+C?d4nvFY$qYTsV9{xJWW-TWr2E&y09m0&+i-jXvUya+dAglC@KS)6qHWQwh@B`o7
z)CLE|^%H#Y!3-2-f9-PzK|)HZ4++CsGY88s7&w7lC{`^=J48(>uB<uxU#?Bm)8(IY
z=X_0*NGi#f#E1?X2Dt@*`808o^e1MRpvuiODh4`{`Oz+mi}WJ#u^^hE8>m+$g?&Ez
z<8B;=jWm*+=7<VjI($Jnl8!W*<*y_yOMf!G)=}IADtgL7It3`AHWnUB#nZ+xnp!9~
z361<Qsz!kExgmoKK)Bq83L&Q>OJHUPImfMB)G!u3Gp9lg5?3+?m&UKtdc?}4KU#7!
z4{fTK=qTn>xG&IV#OqVzak1n|3+@ATn#WI3s|cAbTzG|+H`S@a?D_m+>trL<;!($&
z^m^i4a+M{i|9GOJiDHtvQBFZcK8c3WW-@e;d}!JEG;zPwq?@_<inXP`RB)EZi`13K
zMnv|;k0m+l+IzF|VeZ}TC=z0X&4~W0(iYU_zn<NO6S9AY6ZTpPo%eSfcAZu)k%kRW
zSt!O2&L`z?hDA{QX16n21NyGs9ZzU?FVe|vd+o^JIcJtSG{r9xz3$A76&4ZoILqKq
zeP;eTNM^6|ew&_K1{3FFa<1Y6h-@XbFtj)|m8cDWF>qcKR8%JAC;Ux5+m`@jBgn9?
zua>VowFC<pnDOyw(k=6Unz9z;qsh3W8Y1F0`w2BUk630Ri0GE#G8F<((;FwhvKjLH
zQU^N03^QA8<u;z|wAkPpoZTa0H<UTw9|X|_3EQ&K4N0&X(V|Oq-`Sca<Xcq;Dhst7
zjb$XoT4+`P0RLH~gmgJ`z?Y0EvYLK7eL!KkT8@!|nI~8&e+2fykV_j)lB9@rV&WX>
zE&Z=C2Ac8lf-^PToZlDf2Q$-xkJg~3!BLYwcWyT%ItnrqzDMPnq2-x@(rmPaLt0JC
za~61IrgWu5o<+A$R`R#<IEnp&*<oTD?2+>FWq>-wvL8|_B>Uk~q46{lIHJQ2VUBEx
z3Pmi`@UfSOpKOUaVkJ&wLX#rZvmt3&hDe-3rX)HGppL;-MigXnk^^Yw0-Z6GSr$n_
zg<=OzoO3=$i7#wsn97L8Ng-r!^y&EWFo)af`?5T5l%MT&LLG;DkTO|Gy$_VPK;)gC
zxPpr3^y;w^7g~%~cAR>=e3Z7cZavh<xo%CK8QI?KTgc^4yD~y=H+~RJ;%I)J8CO=%
z**OhV#kc%`dR4oelxZ9Cj6HThy`=3{xfF||P_I{$J!oiqO?|})bfw^JJ2G40`O5Zt
zdIy2uu$Ad(?^lffuG{qWP8E2~y5@f$JR4A}xZWVsD$MVGoXJdrNYlHzvhPV<b{)+o
zXrRVy#_^fmW+l3M$q`e}xr{MW39`Bp-wmR`?c=g_7_~ugvV>7+ky^WK?FxxZRvjs8
zGX|aNXHw~PH48+~uh7u0_}J>BQ|jCOYoF@`1IXoW2i#7-4ptQPl9ef(^))Igk?xUO
z*v?EP4M(16eV(smGK;+&+hARkNtl_FzkHE_XrQ-+7AG>=d7;1-HXWqDG;X9|{~qGj
z65B5?e66X8me~A-l-BWY(B%~L{cW=@jlN=UexEHzlRq{iKL3Ot)&3HD)9pL&ph+`P
zfik&DD+X&m()h-dsqpk(<AfgxMW=+$Z!1_m08bO;7dJ6ooT)Zh1WExeva%I4o9KtI
zMqCEw?`6xNXOwIGpcO<J@%r+hk8B;}d1Z$oPtU^{f1}TKT8@Lv*<x?^J?0R4`ZV4N
zzg;qO>>N0VBr^?1XAv9R0xcw)qEbu`0F>_XEd`Y!ZNx+hlr)!>gt)TF#fYV6btEHX
zI~5Z=ql_rVIVPm&#a|_Wih4*sBVLftyaPu_Nyex~Nqq&tRwYrsv3illHI}M+7POBv
zkVM7>1)|S_-ARQ8zV(;BA(CD^C|bWm$$an#OM;AH8ksguVgZ>s;*vd!ow4s9?Pb4i
zw!!<ye<wg0Ua}lu1C8)UB#ZcRe((>mm>$XHe4Lq~+u^-+zw{WeMk;I8MpUwa!&4ex
ze!hk;IX|52G*d?Y7D=+uMwEQ|$b<auXUgb$g+IQG-3#x6sNwAaGGS!|fN|@)()GU~
zvi0jeUtHVY*iN6z8TFp~O&fMDoV*7M%36P9;;gNB{f0KwmijAic1VXzeO~J1H9Bla
zHkNOSwR_~UJq`J%@%+f3#`Z&G2Aa*OZLFMtacOzr;-a~`lbxxPYw=vunJ=3vlAynB
z`}@wERsQnpf2`!1Tg7ty9&ti+*Z&Lk?xqOkclM98=z44ZwP9uM&h-u`w@geN?)kbQ
z3e#0!wl4mtu~+!(JHLQu|HSJg1@a(GAY%)awOcqYyD}a~fbTT$)uH&$^CI{az^>c-
zPudD&h76T$t&w(8o;nyc4fCUZb|!7-&GUQ?^vk2}sK|8^Fp8I02_;Z{HO6`G`t>4_
zFqFp^F>+*)a*KbuNZFYy1W3Z-3jX-;iGsP;>^350-*iCXcC$HY!XlXO@mGG!TSh9|
z=*#xBj)<l^DGZ!TIjk$JFHbj{+IOr(&Hy7~a`t^V%QlE~_92QLl8#D$nTA)&r207O
z;{yzHu5}j0*qh&&>zBq81#2-p1d&OYaZaSZdF;1M`S9Bl@X~dp+7;Om(~O1|;zIjn
zPuagcn?0xkH!xq(YC;oAM<Eko7LQ)18jb#Tv?XqG4|uBrc!YFii9SUz4+rhdiE6G9
z3qB}de#Z%^eb%QMb!E4FZp>CXb3;o@w|#|OXtepjZHep1cfin(T*wj%&b@ejd~Tx0
z6?7nnVly$2qNP=kkW}vzA4Ut8yM?HTAry@EC&_%!5{0{1>skldAX)3IR!4q8X-Vm{
zN{~W{Qs^ZK#G(yKhvfB97Exov3r<Eb$VrJPl2nl;;YOO0R6vLQq+>xPrI}ot<!QjI
zaAdhklFMhnVb%zoC_<zd8zF*Flz|gQR&)8OP{5kRSVGafxRB7H7n`)2bQ)z3R8F{N
zHX&!iEtSC-fuk*B=y*VHER#_(`2IxIQ}T>rsPNXu&E-L^CG|$ki30iS(LMi_Lr?eo
z7*TX6;tK2;=b$HRrSA%joyihL)YRy#huH^7IpRDM^5yddZD9Pu8J@}p+mKfsg?HJb
z>uY{lI?`MONPigR>)YmV;b%C)`Tl}zyS$<Mjuu_iaar<gzF5z+y>Ppm@;^xcin!k&
zhxQ_#ypMkQX|GX~6jOQ``YHF};^Fe?+EuEy=CzDJA4zRQg#G*j$o0IE{ktDQ`26#S
zZ8xy~Uz}kTB#<&Pbz_G$Wc<7nHKKe!bs(#sZKk^O+9KS|w_GgAEpJS$pxsaALa1kL
z{4`$s&H&1GGkO$Fz_;JsA#W22c<N_vV#)PvOMlGjznocIZBT9s`lDWwLBM8s3N`}V
zCTH9_Ed5=%8<(|zx_+jh-8_klv9g&owY8!*y_ELYa8eluiJID>QP23ROxbwo&R(O<
zjAVeWD^8c2eWA*mSU9|;?_^`-PIc{a-PGympNmnkE2yw&NDLyQ-jLCPn*IE0eRs@U
zkECe21sH2i&Bnx9{gAj;lZBVd)2@=P%?_G@f1IG6A7>;ZHU^xeFe6;cwZq+_wD!yH
zy=}JZ!LNs|V>=(Mgw8+FkrV5ar$oUVHRcG>wMcB{iKleG8&s)OnUHiPL=>G3)MvHq
zRZRzbNThK0n$T$;o9s8-k}^w>$i<uP7D!QRR>f<3LSmx1<}UiX2dVM(Uf*Fl*<NWI
zqodmHUZDVaZgiRZ#N906LkOD_6nW8daTF%9!pUfxVfCyiCb5ALghVY?tda?w;EjZ8
zLfDPfTD+>TaLTdemVg>19uuJBC4nRHl)n+RH;0U7OvV9nKwyj5Ok^l3;a<ZEyPzIv
zfQiBM*HD25y2~gPU+Y3tNAi3Dil9G~r>3^Wb_0}(Nl@LY(m%|kh#X)F{S#Hq1-Tu7
z<UoF4<x3>?W{^@mjYvmE_F{^so~2t|3MmqiC?ck#?2&+3LE{6&%2nV0oLno)=uEA+
zj+I$=D)I2yu3eGl;TwItKk3M>WliJtHE@=BSn&;+H(ErhURiKi%_GeZp`fz<WDsp@
z>$%NrI8Tt@+tJ0Xkp7Psz@8{R+6U{^=;H7;2_OoY1upZt7OLa_#H-_YuVCkWxc-ZE
z=G};K=Hm<P>uvorb-lEklGz?3<F#W@`{v*vtcS6?`*H0kUc}%)WSF$I=W*{4-q`wi
zkpnzE=<ln;u{*H3QBp7489jH~Wc4;+<o;i#3!nk91_=>VcEZf^;cPqd9wKLYX@I^Q
zO;LF%A1Hrgzva~k2nq_ucGq$Jx$+2xseGJhG2u)kl@`{;2xt9%XhrZa@`1NoNmMg4
zoGSjiDzIRJkE=d9z63mOWPvps1Dp3{!GX0^WcFv(E^-&Xmvy;2(~PGZ6Ou~(iJ*#v
z6!*j4hGx?)ceg$EWJGd^{7W@~m0AreBe%yrg9Jk#Q?itF>tPFjB5!&oh1>vhEv~3N
z9Tzl!<tEn+{O%m>=@Q|YGS_5ZiUM88A{vz~C4bDuWKw?B`tvfO>-G}T(!&A72KgZ9
z%u*CmH!QfV#&@cFs0~)IJpK?vaLbH6Q8ts7E9d(~{#J&A3mb49cLF@%&PEL;4fX@y
zH?H7K&renn@yHiRB(2i<<_V))8fV@;3Ns{T;wKqb=`N~?f(Wp@g!%Na>B1Xyg<N&9
z@LW8o6qS1CHMSNS4e|QF*<U2!v$uua<w=vJoYJo+8+8p#)(}aTri(q>B;C^bL5)(&
zD+`IG@<+Ix#f3pg!>9l$Qd59efmA6P!U*zXI(U>#f>MDYhe=cpQ>FofXbiTYu(?!f
zki=kbA9nccsRblR2J=|po|+@I#@{iyf?}j`!tkZip{Y@_sLK549iSO(5HR2VSS*5|
z*lvg>yKoS3ho+Fy1tuR9!>uT!C|sUOCHdz;;HUbWdCxg%_9l#bI8nmvuYuom#K(lz
zZG+&IC~QxkOA0e9=Z`?lKKM`}8G}g+iDRhlhG-tm(ol=0lElf{BvM7S($*1AxAkeG
zabb9{UT(YyghwaMlw&e^nHrj6JPTK^b!Q*(`q_O4(oE-%8I^O8S+zi_F#HN(cK7#Z
z^GU1OJq)R04=<4+^GB=<`ZZ((d+>h@9LR;Zgf=FEs}b(d7ZQS`{~kZI7vRF&J5%rJ
zxT7KTJGq@MhgjC?ji?cHSmWMvyK|!byzRO+HtbQ@9@`tNl{^jxBWkS6q|;Ua9XTWa
z1%rCUb}>SM&W!BN1y%R{<3qfKiq$60=$5-3d;WY=fZt=_p<6}sxW#ZP?X3@|HA3t5
zax!(eZGXWV&HnK|b<-Gq`2%|ujVp2gFoD9qza%Y6;?hRi2ip*z*&ENqwb*teay1iP
zFp`p&2yiAB$48Ujd$PxV9cgk~S@*NTY4gOk^cLQlJwpb|I^;b)_CHi;M2GEdaYxlA
z(cqNb>P<|Etd|cNpWd$1OLvH|P1Xz((fakI(MeH}n8nCYk*(nIL{%N3;~9hvm%M_@
z^wxU|@f@=qKYfdz2?T!REGh4hc6w3fthWrHf|yaYHW8P;gL`oVAW@AV-f9{lE93;>
zIuUAGAvL&Fo}vhbQcwhKF~GG{Z$+so$wae7rktQBv@t{IIuefz&UWfb7aklyzI~Y7
ztj*+Z`l?_W!iJ|&kMN2sh1Xgn^<S3Z2OQl?I(Rxr=tT=4F<}`tkiC&>zuSfVxi>>%
z3yZ4`m!L&3;()y~!IOO=Y~x8q7IV>@Wr?a6LlKFmpq0Qc@NkSu3~>w_hs?xwlA&oN
z9-WTh5=Z1QGFDVnk<KA8+Wp%(2kcsUDd<Jl+9Ivrh8NgLBMKlAa*(4&da)qn(tb@5
zccTg=!5FRYop~|}%9}3^E{Cu#VFxJCRd^9G2GXB5E?zSI5!fX(B$3Dv9=kr!<<>({
zJ%XP>A@Yj@EXJ#;>u%Hz&C0J;A7HR^M?z(34ptC{#pawx33Nea4J)ih^mTq-qVnaw
zaPrQaN`3crL8*Ygo(F3}K2B{oe+z0grL@Pr3UF#0D%(TKYXkyM79ufs@PF0ZUV2QB
z|7hjpb;lu7Y@LCxBYdmg)xQd!F2wmMw4`-d1`H;icn15X&V$fJe@n>5nB7nFh;2Rc
zO`z)tY3(an_Z?xJ>bQI3?@ZqkH2&!MW{JHAhh7?-OJ2SCvWtr+&!ZnM80UHSApU%d
zFt~tNsP@Fp^Gh10me;|HT+p7l{aC-ZmV!3D-n-oHiuLb&p=evn$aeFB82<G9q2&O@
z1av+RWP5VC$6kf@c)$&XiZ<J%8rkmRIL#7EtJy#{Sa#)E*V#mwKv#+;fHO4?wL<-l
zj=(b}&Zzuj=fVnW2H1`vRO0&rL_5mYiCwY8EZD!2<QA)lEdJi--MGElutmdI3<o-G
zg;zsFX*zMk#!Bh=iR+pZ;xJ%Ih>GCCh$OHRxsmh4X2}z0S(&2j^0UAVHOaM7HTYg-
zpX#)Sv4BXuKw94=9A*erB$=WlI(c@VpGA~7Lei_1&chfvg3Xk#`<rb%$j?ik3DzC>
zm9OVWh860EmwiB5BaV;}q^aoNq=`WZ&HK7XC*@|}zg)~=ro#!{dl2(k=tm-rqYDLL
z4^x=3!0!K~DHq_uNB=xAeY)8mTk`+JA&rW15Mk~oYouY3r!x^us4(n{EhrMHUJ~N+
zlr~#1+R)MauyxkaLP|OpVPkd3;y3`X*rOgb<VapRVu6TDXOH2{I*QQ1()O@T#K5c4
z6Apj3`R1|SIh(Dk6qrbw4W9al#ZB{r-b9R-++`~4;K~{}r+nG!pbUk%ifbvjogEiB
zBk0GTbL#b2t;g$Ici%>5-M=K6J-#8T;e^VrJYZ6RE@%foc&*$-C<i_H>c+pf1J0>n
z$Gml#t!wKml$LQ{bV~?pc^Va>FTzUi*NW{kzK@XEKAMNlcR2^952Lc^3XJRAkVIz!
z16R8J6#e|a=s+!vwF{Sa?W&B?v+65I9NZZHTQ=7R{mEwNd?%+|1DUnkd7#m-c!2X<
z=Sp4?IE)7w_WJo(-qZNbi0_>+N1C3;!u{zXS~SMH9kVOb!0c`iRV+4!@3>H>OYY=V
zJ!djUKd|8BzHj3UmW$cQvBVPjy(y<!Lw9;bpZwp=cSm4n5R=;#b!qYBO#YXx129mP
zlO2#af2bn0mA3!<zS?X^tKIq)0=U{wRh*L;rn62i|EprQy^pxj`p$V@4d7~Fj(8rI
z2#W)R)})hLv!B^)p&sAu-BMWfD$PO;g%R>2f<|Bsru;I1EbKL0tHA0fn+j-jf}rne
z2|m%&7oJfx#&S5wgFLG=y+TXO0j3-pOLP<&U{N&ZY0x60g5j9A2U1wH^0-mWZJY+5
zWN47bMA8HpX>4Ol^pKW~+YODzx%5;`&j!<Gqwi0-@5EBn@JMd8`?1678I?u&P|7L_
zvr2cB8Gut}Vu^*9JU+L%E&R_E+Tq$kWnHyCT{6f(G!rC|qs$6NE0-XoL5k8jSVnW7
zIhns7xiI)%%(WgkVE`CmwVHrrGbsx?yfVFt+&LjN%_-6Y__nccL+~A+TT1pGhCn9C
zhT*GOfV5(<G@T4@2#tz#X%LaoJ0xpd1XZ&y+zu~8n7sX!2y|$9r4?m>6e)&M6I*eP
zH>YW?n@18?eg?dZ@}~LHPdU}?lFCH!82?gVeO9IgZd)lSRwc3<2I=MjNE{iq+Q&x6
z9Ks%)lg~P5cK)0Wb%##BrHEV0;xE?azc`KC5&g%&3>Phb(o$Ic+5BR(e641TcyvAI
zAaaf4vZC<5XJbt(F!_977Gt~A;`#2#xE+F{8<#1oLAx>)cu5*svfOikY<!_Lq&Tq#
zodq6xU;cY7ME1bgruDxab^m&V3H>K<P_Hu|Tt;ww<3Db^3|oCzK&|9fZH90VLt=B}
z*g)MbDG#fW>XLG_hr8Sd@9q{PA=>}iil_SpKPzi_IiS3>;23#)jfof)R_({&auNFr
z7>$kBh77<j*S-eAKzN@mYc{Ara=tqHyu6})JkF6@ED$Fe26rf{w4@y_5~tS8VzNF6
z*|k@GHMq#L#o)B_XA(nZ?WIB&H#f(WNShglq&Xc8m6RtD!hj|cHd$5$S1>!BE^kfz
zGmPYb%@bW6O)><IwFin*IO=GO$CYvAwfSguVo94eJDP%iis@gz3k;7+L|91eDAK;f
zkZ}puCU0eJJdcxBEg0q5eha)0xUM81x@5}?x9QkKk_qJC@DsZ-!{(zY8HlN%mc@;h
z!|wnt7bdSfu~kGaYQbqpLy3@jq!t@G%{~P{%3$ekRMRx-L}TCO%9mK0UfDwRw`Yj1
zqCuGBYZMeJDk3~glH}l7;v6fKxE72_S{kC=WRCRM+MnoVzF+?U#Ru&D01nyC_BgXl
z%&0(I^h#_BRn>7>w6a41TsL?d9jT{lnRVFifclZxfrLocaf&`@>f9KjQ5s$G-@G9*
zp+8wz!haHh`F{R<GBKUMPNGg^g;HgcNM&)PH0mmaP=uY$o;!RIROLAh%PTejA<*HC
zptrvk4pI?V-4n3%#h&w}Cq0ztU+BaOJ0FIHS(g}19P}4YVyn#62C5kkQq31talOqI
zLG_Y`gQq-Vap)maeJ;(`s&%aBQL3LDdOg@xSIQ;Zs-AjY^0j%c=C+VoezbUpmaH3T
z{#_I7{}J&pv?ASA{tq)p@_%&f%E0Lvk(cU^>YsWZ4nO_9_UMq6QLtm_X`j)O^^>|P
z^EsZsfCNT;(EVzKArg?+4jWpio%%1lx(g8LMT+>XG)>11<^5E3t#k#MMc}ujky9P)
z|M@wz`Iv^K_T297$aHdF3K$e0#cUA#8tFm*cXyHaE0?$}8~N88X9i;%lw(6b%K0oR
z<oIcO<OV5C9`OpO=KYloLGt&-N$SPItDRddnoXDOhDVDX4AU-4a=#G<j#}&fT6lPF
zwL%WdXCo?G?jCw=Nl6Kf&I9jP<Ll;2){i9IMhOH-rPV(;=%3}x4hE=al!B<5HW$>O
zj}~gxG^WQftj*THN6V`g9L2^sa`Yza<NKA8XL_i2!!_SIjRjD`bhl$uP!UeCOGugW
zd>b;<^|Ytorb_;1wd8-pJumDfO(4Bx`!;n0tjBC{@gc(S$qr%it+{UTyca$;4F_4R
z<19~UJnz98F{a3<*wAIm%|nRAk-e}Bco;?Mb09Mc$_JnDMOI*H2@5R4(1K4oPVkFX
zI5860c5Qx!jcuDckA7cM>%7C%XfTp0f%&b8Bo|@&e3J~eUW-VmYkaJuJaoM{6>7Va
zUAiP0ylCFN?Ep2{5nB$(al<Iub%}yWlo`)w-UxQa0c053k7sAtzZM))V%joG#gtqG
zyx$yJl5AESF(W_nq$vVbgr)&u{7;~MOQDt$H2w!SE<E2nomX!fBJu{$cFSMyjyz($
zjfT|X4aCnO`^cDg9pX@;?1C%7qgj4NLkGs`9$Sd(d9L726Zj#8nY$9!)TKX_TU<DV
zgizbY;vo6(H5-9ZvZiFS&)iD93^vw3*oMj8qYUwGvJ^IK)!f~9%D(mI^EJeU^_+4&
z=gQx8C70wI$%uopy2=&TCX$v~u~92=^{?w>HdZ0$4a~ni#PbsBJx$C&2x=*`RSy^J
zjEufjm(4SSLu93aZY6ckJl4@0)#&B>(Z}x*7=qX`=e(y_vc9U~mmRG2r_8L2$Rgbj
zOh}vT(U-xNR-Wwjv*}DMymg6n$kqRPKIZ?ELQ1wDwgWCsk~qNU;s?2P?mUFG@54bn
zc^)h^QmtgVt$X9ry0WK^_Wk^!m%1Q%u<LyDGLz0>iq&V3{=$(FSqE?)D%l?WqE}Ed
znyvWObGjcCd+IB$bQl8znvayAWt9++*;AXm9xcIxh>|^FKC5?7jRr~?_Ugy@^Q2p<
zmqmEDDKg0ORwSdZCRQ1LQQ<V4d~4j(qq3PQrfJ^l{sf8rV~x>hx`le(IUHD=s?BI1
zqim#KI#&IP)@*TXI-2kC0isb~oL&;$%KY+?8uIBkpNz|5e?;6$(JNmyE-4XJs2*?D
z$>)e7&)*aSLw`C>I`G!yc#r;pcI0xgoOhb;CX@Tdy5rBE74voCxGwvgJm1FcRG)3T
zKsKlM#OSgrdT46SY&vgp{Kb&Qh7ps0lkP2Hv5hQQXRvKO)97{#Yn0VWRv=5Rqe!QM
zbTEvlsBSW`F0<@PT`H|K1JZoT{=?n|nlWmywXR#D3ItfjZ+=WT**-b@m%Nt(^C`o~
z5kWIg^rlsHKiVuI!eae%7pJ=%ivF#U^c+-Q*b$Wqv-c;3PciS1?)502;RR8wNovL<
zx4P95vLg;!%mw1;`6RCv!}iN%WcYVS8@ls{BrON!(=?gCy%*DDidHo`EjB_opJIM>
z8FPYVg4DD-?%*syap-W6=EUQ-M^k@)VD7!J05lDcyz3J9E_D4CsKTIGGka#%M&)!z
zGG<e_`9D&a%!xr=o_u%`_2O`^J6^#%W#<#SpiWDBPyU^h{|WW*=^uWM{QR&ze9p5}
z&SLlsRuPLCH$6Pf4)%~{u$8j<19Ww~zUJC5@F9vQsrFPx6zA1_LdLIh+~_Z74N2;K
zA2(XqX{~mM<?R6_KbJ2mq1Eie1OAM6b!6WuAg?zb$<58k=xDeEP$RL?N=#foFDEjE
zH>rhYbk>l_8mPP3NgP7Zry+B8XKUiu><zeoPg(>7DiDfLV3Og^M?^h299<1q%v~E8
zlo*FjRw%yz$FWhQ-E^G+bZqR8D$8tH*GvDuS0sB7ay4XXjGYsxsM|z8CQtR}_{-~0
zmFd@<RM{_USj!|ZDDOz|4&Gh9`lH{EqKINHao{wF6Vfc^;^jpwcw!1WuUf%bldW-b
zRsQq@1Mhea!SWmHLzxiz?L3r@oZI<r_4aJxN2PttKKfx@sj&J1t{RrTsl%81#@D8q
zcR#-aZg9HxI|v4%FJSQclj$Dgq`_iaZeIH@$3=B1OQh1-EF*TSc>3?NT?I<&wDd1g
zvIYK)iMC*^J%_%_HSNe~Te0`J6Q}6}m^qi6;z1KO+x2m2`tIJlBWjMTN}MzQcLK<Y
zIf|js%kSeJ*z1HoxRv<5th(;QHS=84$97lP&LclB9bfMDf!KkxnWR>-{C1vZo@bv3
zDIrH_e}=B4qRP!(Au(pS&20}IJ$5em!inhBPAkp^TkgcgVlc+2u`-06zR(Q8X$Kb5
zqST4v>bzAviu~s#<1?Sf8jhrSi^9{+?^S(H;|EOSb$7AUoXL-i9Gx6h5&bDyMxrM#
z*X_-gn0|qX?UilOI_v9UtfL_uFnfLnjI^C^(6~Vp>8^(*;Z_In{1oP2$hiq)Kl^!_
zj5$S<Wa=(%ioYNI0o4@6-ZHrzk7CzvC)z3F(D0fkS>bjke&!$;B@`y&q)cz0H*4fo
zz;DkqEeg3ZndhwUQMJdBqo4oLtB%`R1c~OXRws!DG>+gZ(6j{J_8k{`(2S4?q^#%K
zVsL*uLvAmWs*pI>jy1eBIOaqcD!U&IN2Usx7u27r_1(TL<*Ug(y>XqtMIo~J%CYD!
zKLX`+-EM$f1+fjbdbnd{Z8Gvr`WrHvkl{k5Sh9Da41w%RjQjW3UZ4$r9ge*WDqTEG
zJjdKF(0YWu^1VkT$6a<3Sy{E_s_bQM;SJ<JnCs6|C&+Bh!?JY8{~N_%1pS9|^FdM7
z?jPoVPydNy?J&X_V6AV@<HMKTnmkwxDyIL84F-0U%5@yy6Mc~37zwewxr}F6+fJ0m
zdLay<=Uk4Qydz_HXv(_buqeXd4(6wUX)v2%XYxuo*5q9mEr@Yr{#?jU;IpNNFw&{d
zQUYbFNJ2qLwck-^UT?Ye+-z^pbl6FuRYoo0^aFsV{1IZ}1jF)V4iRye&SFc2a*~>W
z1|>Nu2%v#8C8bK{+aB3Rn{&CCi>~9#i~5y(-8FOamgOg&<#xq5Bx}{banm{V;uv3W
z2LGn-&)sF$iI-QZ(C!AO=&k0sl)%h+(7fPrJB0E2zN1eVGw$imFLQ#lg1kt2r%pFa
zK}A@it)DWeA}wl6wU5{xq5%jq(O}dK`I8l~K$1ZwG+;Uo|1|X#vxrU`VYQUO09|1Q
zw!{D74So~69S2%^_%TScqxS)d_1Vuo_{5zT09Y7I8|u`&x7e;DXpq%P*me4s$6a?A
z%g8?8<Ld5GHt8$RKR#&+^Dq2o%<IUzhgVK8Q3eat5%WbdmP^-z*CGY^ZB)PaitZ$e
z9fYqhQzgy4(VkqX>f!zhYOTL3a$IgO18MMKBaNBdSH%7G%P&C}<llt$pKc5{PjW@k
zB%_^5<UM&^*-qif*XldNYsTLa95hA;s7&|t#u-oR6V28u1$s07sxw5TMq!^HykWgf
z1>5?iz6rw*2$>8<D)1!YrUXIH%@s?vvC}QrMU@|qnVScwEpLomStRQ%JNEv|GdNk&
zMQxUImaLh_ezdB0&400ve7o*XAZX_<pC`C@cccpItReeL_h{y11`O^q@jmu|N!If%
z{)Lmv>saX_V4sM+W%D>@0wjqAXXvc|%LV5!Phx<=M!ti(6ji?#!_Ls**yEmCDK3EH
zsY5WeF%W@NcK@VZcRyP+K}p9*Gk+ZDZREL|>!GBKI&pQ-=8t-xMjlN(%|=WY_7g=<
z?zohZmE8*x6jp~0spxQb+EOFg<0ux<%Tpb{{XQGKA%K6W1T-^AOmh*<X00=~m7H&q
z;QB&D&klq-_2%e$gDdD*Jjn%Cvqb`3GEG4w9fi;aaw#fO7|n^2)=Az9{^?Rtqg#x;
zl>=M%O0o?8O3^eqrF04y(TXEpWs~{%`cc<;M>WIqj5{X@+@E#D>+*MBN_wfu@(tp_
z5u)w8HcK(V<9N;7<4PaJft2N_dgEIpydbS81DTrt1EGSlq8ZDF5-luD8@};kg!IsE
zJBnBm6G)}0CCcOk?B~mV2NpM5gj-fldL2Q%!D5S8-84a^lf6!yBzzBNJy0u4K8f5)
z9!sgcH$qYar$*kvM{dmwmt~pE<j8ql#FbBN1R;xtEf|c`ra8NJ=(#wNYCTyWV8|J3
zPWuHVC1-7aVE)l%cTu@Jks~Ln0h8*`D~}S4!ZjF2!}w?8#B~)+1tNM}_rAi&t`kEx
z;&f7+0jjh?$c^gMog2nZ89LY<JPWx1NSNUd&l%$$m?kW8h1u3@%V|BK5pwFldV8rV
z&h}%3|FsyDBl9{CYopOJ%cbFaYG-n_4NucQ%)aIK#nw1zvA$Rev|`R_hVSAvNJ|?J
zmS0MBuq4M`7_HW;A#TT#$ezvXQrL|Dr#)14T9i1jqUpr0+MX(5jFngg#kT!qLB}Uo
z?s6rw$$hzO!O@kQc`2o&)g~J$VLc5jvb}J>on@70+N(N|kd(Kg5PCh0OCY;}wdEg<
zGgR()Uer2jfy&bAGd2J3;TA7oL<v2QaL}#tUhM}{-Qs?NTYQflz_iOS|Hb0SAqGeP
zSd%-m)uJY5Af?Q!0T=?GnuuMu9TN3P_R;YpMzZCSP)WYRNw##;>R(QqSS1I#G=1!$
zL4QDUdcKCE<#yKjLE(LoWu}!@gQZnc%aw|!hYpxMk1L7fts*PsUDb>+rA;TvTD>Ff
zO(%0)&vy+@=zG)4QwL3$PJ+Y*EJBot7C=f+GGWr@biRW2lnIQKZ+!gDVnwQt<!3|$
z#a?|laOTxoeMxo<`qXMy4+Q(BPu8C_YM4^-QHN@igq)lKem%bo_8p(-m$<G|-_NdQ
zo(moomlnSV{9npCAJ^{2V^b4HXFyOe&;3nQF=3hQHu1^Ae+6r@WpL$Bz9(xb)Zt7o
zsxHe${}u&D&?$YkZJS=Iu!5<Eix2iY1po8Y{ff8P<uno|_D0Vu`^h{<R;<T)j#2Yz
z4+qu%O`k~y%HD<r=gE$IL|tYzarB73M{c3^7vf#cn*4XDU{USxLOZvgrr_9SUmC)W
za8;qszUU;un2D(*{91eDTrtVYw==P#<rL%u*ZtQM=E<f5jG34<E-~3cZS3U7mMv_r
zd{Bi#B^3?zB#}NFREhg>E<2yt^Dttn>hb5!0BqZyna~;WVSvzDwtV`%KLTU1zPW?w
z?ZF%E<rp0yZrW&0GT%^)W$4%UWe%7Jsyaqkk7l&@Pf$oG^z2<VfJfpFFeyjNIir%2
zf6Dn#s8K5QO3fTYl<4^i&40nuK;b|mH^?-zzT4cJ9M>oUbN9xYE~l5=r@KgYvYlD2
zLUMRPkB<E7UAL$#(pOU{QjUjT9`V^aoRWXv9R~E)*2vULqMCX!_mO!{Sn0!8j;hYP
zYr5BBe*~KD2Ti@ci9J^OVPOUR5%XGA*+#&@Lb0)!pbeCm2%MFqi5<)Jg2PE2Sn+R)
zC+zJYL@h7>N0FYM**h3hqpHskW!KDvT%cH27arF0>D9jC)G`jR1rrDW&H5Q2C5j9}
zEC3qu1BvjbNB|@%)X!(%#{xhltn{OwMxw=re>)N<vd#4XafyNP-%pkwlb7D>8;i|n
zmj34$#m;@^#m|P5Zw>U9li%RYtq!{mG-3W|QLTMidYKiG0cg><|JKM;A$<zM#1{xD
z4j$y=Ns)J}6xq_*2k^0LAY;KdVNS9bpD1*h-scLI7;mr%_hl_7vuD{jh0Ws0o#uK}
z;H3y8{9>y)3Mah?$;iOP<MDfIq^lTTvxfiTAj0-ce5EtAU=xZ3f+2VKQOE7<82^tK
z0J*0IHsH6cW(a8buXV_W8*OBQR$917y1-}-`d}HyD>c~aYL$qX#xQ>aURXR<rYVp`
zf)sA|>pKQ>@8=ugCAY2Ff6<Z&+`ofVutM`mHfA@c;PVi0A$xGx8O*17aJijO|8zVH
z$AT0Qxl_O|aFAYS^Zg9<g#u>1p>t3pV7x)5?th%7%q2ALn*Yp47lq`4Ivkqlt#;9r
zkU^^t1V4GY3=&>Cr?>`g9g~B0eUU!>Ngz-v_oLVeQ2u9D;8)HfGTV|>@8Bf(u@Ys=
zmpxDBBhHVkN>+~uHf2-PZM}{kx}(<hxP^pZX~aj+tG}yYLp!)-NS7HBEB>9V($Cq>
ztK_FMA1YA}zHoGM`a>J3Ales+5r-?GAUIpYXr$JGQLDS379(p+m};=wAclRk!|okJ
zM=%J+>~M<kwZnzBWk;J<dax2Qhw5UfYphg5C|dvgqZJ8Z?Jpkhb@Xp&7i1RNh!2vD
z+tLT^-^&UN$@FGbiPa;f-H2-CP`(sgaGLafH#Q>{cMGb*`}KCq;Wp2fcaIPP8DQ>1
ztNg>bnW_1^42&Pmv=xhbRYOWuL(^40cjlX5|CMp9yQ!la6w#6ul8eZ??^rDX`l3!G
zUelS$jCpw}&S1!iz)=4?mM>s1tE;PDHy#B-O|QorAt#=?%r0N9Df7i}%7o`HQUL$)
zS0p=q(Cyd>-hX~~CEfW6WgcjEF>AfB_I1Dc*09L0W;g@At9Gw698XcjpA*SAXJk45
z=Pn@ruZtltM<x&?JIBjcP*A`ZMCf6@A{6?@N0TD{Xoqz<oXQss8y<+_wkO++-t%!9
zQ;GKT<sRqz2U_<xBd&Pd2nmxEgt9V-ua}0wssS~RS9M>r=AH-oXusu|XcoUZ_uhhC
z>goYb^tSMJp)57d2h#-9_0gXX1@q>LMP!{0%P4{qal_@1>2lQ)(6!LS10fRXK#FL2
zA|$X7QP6|M+kw>{cQ8W50#{}8n72;Ud}ZOX<by*}Qnzb%!Gm}n$HQGFAJ*YtXu2o{
z1G$QpDiNyV4tr8OAHRa;nyQ$mvk?ZS%Kk9g2@S{Fx7hE15ZqvS;Jl&7zQKzR6eJ_U
zA!X)^E4=3jg|9EoHQ3_N=r_Rjd~_lvDmq#)TK%l_XG3-561cmA(&Oud3bhvHXj2Ux
zg_R%|m~BL~4JbD)*knO8K_)A5kjKfO2=7JzbL$^ahCtBUSA<@jt@|S<+j~ty6b%7{
zTne;hA5I@eybukf4HY>Ov;>vOCjAA@>JbZc<6M<!;cTGKk_Bq^OoTxnzZ4e=nbJif
zK*(;mE14ys;4c^SL{DY_{x&lqS89+5S)dB&qN5_B23rj*vLbX%{;~B9g$ym>QU<Z$
zY@vz{Me5gS@E0>WvEX>n!WdEIKA{!sY^04XJ|5sB4^~MTWl*|z1&(P!#Q0ggsKN18
zX7OKn#tQ>OhbG(oC)1U+#?WQ{t?A**_|>cBN{f<Cy=0p!a7G#LTjzW@>4sTIRL=WA
zwyhl9s?Sr>Wq!aFA<26ivQ@aF`nj2R%z0WOv4(Y)ZTp$sh~f~_-%%a$&bk%X#MI!X
z$NF0>tdOSo1CYp7<cSMs@f4B1;a$VztJ`tKpqrjq7`6%csbFD7?uSZl+!pxd`j)2t
z`+zhJe=kR+@@8DLY%)iMf6AbV2FVy9YsX!!QuK>z*Dj<R%_#wp|Nlw;-zC1&9#o>9
zvR#};JV<tPu5csq+hIb@raOqfj3B^U)R`vJIFv2dEL+Sa1|FjhU~nA-nf=0^3&T83
zS_~ZEg_}4>T&v40-i2L)h>ITG%RbZKP)j@PhZDv9yu`qsmLC^RY9{M07R-g6PVs<n
z0EeTk^4Vw1?8ErR$!DocuoGti-8PBncERt%5Oc|;KQO$n3@MX6D~Xhb7`x&A@$V)h
z$71dfO>3#)&}cB3oGZKSJRs?)J=hXe9DZt~lfX)#)Hn2ngVtz&((xrv;_@C&;1OHS
z!7=rqZvb?(M$2G6<pGJ}j~1R<txoJsm$`tMWw6*Uu|l^S`usU453h5IN@zvQS50;e
z?M&nA4^NGH2O`vE_!o;q5tZ|K1Z)rw2MdVnuPy|*_D8W$GXh~sD<ZU#H;gV)C4Apl
zOIjtxfPCW%O3MOt&}&mC=TEAaJnkU5qHf?S&Dh>-WtSk(pU>lSg5-08g~s1Yg4AFl
zIX@!HgRkdkFW+AwTrybjO3^Bb1xfaV62)c(=n{c{du;mS+Z>=1Ah#$)XSG|rV0h6i
z>EUw4G+eC*r&}Qvu>j5RTO!}+4(7ggk6sl<M`1rRStUTIC@`4?|6(Lw<WF3VVy!E?
z1>h$OGFCAcWpN>>l^{$kp#a%9;Ywsg8X#ay-c8|Pa2%}MwxSm{&ys;LQJ94W*R<HT
zSaujJYZb3;Qg$tdw0EVrEyqi?u5ziUZA4b=J%*OOXC7-kN&iTZlamCoR>|P=ppgUj
zFouE^rZ(MgLaIIyn#*IISM1ry-GDrLLh~qvOZaDEs_-50s?7t4zcJ-dmPD8ptUVc)
zPkK@}IoYVu_gqd{{Xc)|29F&Zp7wjx=+f%`584I86O(8|+wQ&;(u3KD18}b+R*a*2
z^ax@M>(PNy195ODHn52_Df0gyl>a%)9<9J*?AiL!RJrBRcZ?4#$c+?KwldAll9oMR
z-8@aS&p!Bk@S<08)cG;$1N}O^i;*put0T}u(UL@a@kAn<zWKxRs)`&=JaOT|FmOvo
z54~Y8uN`g)V}Nv?8^{m+&E6t%u1>Ea;p8wj1qzeDp3Lw$Tv~fg*JKXPb3#NIh-f5z
zkJ`{Q`gpK{#=*SQ-okwts`Tk!XOTy_@`{r)U^o*qun2xHCq)6`8clW}d{&6@+q$|1
zQQpB9>LiXII#94U-z5G0L5`Ps{DzdD7<n!ZgITRyxI87pSq2y^_cjowHlQMkFwV}}
ze^YB>luC4zuyC4!%jEM6_ku)Mn=MgLOG_!#8lW#X$3cQ{3*>(lM92kbM>Zymvv{C;
zAjIdr3L9BPA^)!IYf<66roAWIh40UO8Cb6X;8Lpu_0I=IlX3|Ls8AmXMXCKTDTGfr
z&o_qml<`0k;py>2o2$$1YjMF^O>+%zYg27B=tp*fisl`j|Hq^u!4XM8%=Hf{=;w7`
zr-o%ptqzJ4GYrE4x(Hl)5~*pwdLhN2l%e%$xhogN&9=y3(+?4Am3kU&5W1yv0V?*R
z(n=JO(bY1MiIuHH$e$vypg}6YC3^UE_?rSR_ampRE;y6pD`8PJKTz)=S6ZsWRf>Ws
zkP3d+KQSsw?(QdwR0+OJ2)Nj8LmG?0hvo#6m{jWw6C-485145OP7;VZ`V`-shO>TE
z_}_d#3JNr%eH7LFV_8O~|9uRpk||t~C}el@lQ|N*R0;08+U5(rM7D6(3?1CP$$$@G
z{&uG4fWY!mR1Y*O=(au*I$rGNjYP376vD&_%PzYoILEIF2?;sUFIL?6vYLLjz`cqm
z8~H(VY=CSAvWXUmscn!HfBqkc8Zq!W{Rb4A==1JTo`JH<`%6J94GS^6@9<TBLsPt`
z2So*Hxt3&{Ul+|>WgC{2ce=w~n5|4Tr<YD7XO9KaKat2K=dRfrU(-$>w9q|e_XAZ6
z$nkb9LMkbN=VjNqwm;loo8B-8d0l~GF(3eJ3s$D|v1*07FlzAUaxi9PvgO%Sl%Ew~
zIKFbKozNih1pAYe`a0b%KMLibGAw`t=VSMH@68!*(zV%Z``uTdQ(PkjQj~%sUZgM?
zy?AJ7XbToj|04DYMMxeoNrWuo%Uk`yjwj&no62g<R~f!@_a;@s0&OXc?gd2yG1VO}
z$kz5OM^5>N;1SWAHbYo{XVNGFG-zqnWQK#HfKq~1#K4f#q-4mT7R0XXKSkmslmjAS
zWd$nQO%>XGBz1Uw;0?d_5>5{jtTZgJp-h}m(D`G%XC*Z83L)FdLjyeOd(EnSm6qvF
zfBb>w%86=K9tOn-gd&w$HN0S{AYwpSj8t%_!$-na47UiZ;UEz@zWibNct@dD%X4^~
z`cYygX!0{Yo#Gc0W9X-TfJ%a3*@EF&VaY##4-D)K*dq75knwq}Aj06CRDA{QN}(z2
zr2>5-DgOEgry$4-LP1V;c9mKc5Vcepl_atrfgF@ylF4k|ePjrs%4+|4<-OiggeyV7
zy#pj$;~gshT9{h#sufOEKU|`PvGNa%=E|p{-413*J3OIy!(97MlHYb;wwYf{_njtp
zxbT+F)uhC7qwh4m#|BDwYf^#d&s>J}f6Cqe>drd3e-a_66JMT{a{dOVUKly`be}5B
z1i_?TEx+y;dUbz$pJ;w=deD_8yn@*Sd(o{zb3B}v=J6@%k6H6Z#K)h=B1{HxYf<{E
zo={+{?F@Tq9GOIFvigS}9EW{vH>*H)x9K11Fl>4JHC`nli%g`sU}8j+WPmfHbc%aJ
z@c+lwTSmp%Y}>-Y-QAtw9^4^7kl^m_!QC785Zql7JV1cp?jGFTrD>c7zRtVPK6mf?
z-BCXngYiIjJylEQTys?!u<c7qIJ85~HDapxpm&jE?q~_Ezzs(WPgn8oS$jzsrC2n6
zoM<MkLw!QxETrpmaX6Did`p-P!)|e*s_pic3bfV&zHqgC>EN6!RLij!(Op79g>C~>
zjDWx~L6b5r1{dV6bT;Wa^AXWxUV2|z&y3XWFrrMwQ4tRwVzfrR7eQG`V&HqFzQ<y=
zh1Y`0T4%Fe7Y$oTS7&0V%3bkw#YPdayF6ZA4qA7r*c8=;E}^`p>&KB3HpF=Jfzx1X
zZ?XsC-~4zi?$qNSSy@W$hBG!37{o_A+#0{u&wr6d;{l)(SLot$S4d+4B$1zY22{pN
zanIJ|CACJe)Pxjt2$<1zk^B&?tfog`5o6+{2<bdkHtAIN$ZeZW|MX=yJH316daxSW
zjQXa_K|u}{IY$9M&CBuF{t2#rO^HkLn~B1d#zGDUpp?`Wdqk;0(K%SusnrE!vcOyR
zXGVp0H^gkngV=M8kzc@SgdkJXJofKm;eG*X)9p0Xk^7T<R)eqGqR?CCXGbw=pTB@%
z2hCFs=H3g<JZ<_yTgG8GWoaB*uPC8-?!3mo8wZ<X)2iX4@HpKLFwkHTKMu0<?3{-k
z8;w2g2siGthg894W4@&lX&vaect>=p`-<T26d#J;iQj#7Eu!@MJLG~+N<eVA>}q;&
z%TiFQp~4$_&UVDPUD~r6dPYcligf}xuW<e2MyMs5+<~SI!7Xcd7!gHb%x7eObedcl
zJ<p=M=MIUbrH{Trr;h9gSH_~!(?b_gk2}BRt4_yIvl#^;S>_P4694Y)zef9wwmy^y
zTD$yVHlL3HJc@>Y@l6X3jYmtX^68eUMmshnb|VnmwPep<$4{D(SIl$6FDrw#Qm#pO
z?Ajd2HgWvck>ZwYI(k*(%(!h(VKCdlp)U@0(@Qj}J5DxxaBYRh9&TMkf<-d!3V$1X
zoq{9!^*J^Rh0U%B9XlGaHO?an4%Xa=OE<h^%(rYh@@$8VIikSAb|q~#IgD->IQp$`
zE1H@B<O%+bGN6zmxtoAi=QqHnQDY3}u`<8oIQRX7w+A=k5W&UJ=}^egG55Qg_;sHk
zom+rRFk$LDO+}tRE=kii8osqu)kZPjkb@1_Le><a!VRD@zYD<H+uPu&iBB5DX6(j?
z`CSgfA-RvYhCd$G?YmHJPi-&Za3!I<KbA_V7q$IJmLgC0qg7i*QIgayfQwXVFc9XK
zV0?0P@PNqb&b5niinIHcKPoZmX{cgv7+X>zV=Lvp**AHn?i8O6PAZ0bUo_)}VJ2Uc
ziLQ?p-~;z|^(Wi}D<T1|X_r!v8QVGatey8Sz=YScRQ<VLqj8HGH*6*GLw&2h9OF`o
zyK6uqMsVFP^?|_r!&|H1Yiq@=4W<X3RGVGhACo!mfTfqv+Yatg&DPz0BBGbi$F~|$
ziFq)~Fw0V-K7g|j$e?=3Or9ig@07E}v%r9Jz=#PmhF}phFX=w^=XZenJzh_fAYDh~
zc`_Xa41#)e6*pAajKi?Y)^wZoR#8Q|AR3k%dNza4-OI7S7H>MJ^jbPft<0y8*Wo~q
zt50q6R~2fc$l<tY2gnsbQv8c-pZd46iqL3or@qTH<V|Ik&~F209ImryDITe&=YXdp
z!3S#UVt4+=?{pgx{btkJ>04Sd2_5!&#baNCu2@tqb9;CbPmmo9{~)A}rIm%ki?c7?
zD4F#vI)=QXuRRVY=%6(79-Jb-JH5?FF@t$dLc%=LrWd!UMRaDz?3{Fw(N}X65S3BH
zY;^_;yZJ~oJ<Xe%Iwedn^A?*mjoM5%iaNDXa&SsTJ`l*CWq05?6-!NfxU#qSq%7WN
zMsm;joz#gQQxufq6~ex7O^~AF{Jg1UC_isY2=`Oiv(yoz2L+xk`j`c&eNU;q<OZH1
z$xR<mcfQ#`$eq!T6#ALy+13Gx+KCibb#A&y93w-qKHGbaFT@M_9VQ^_ghUj}e}ant
zFf4U-rir<wB0=`b>T3Q6T1C1gLSYBgZ!J9_y7!wf6bPm#-2xfctNa>w6~U}sFX8-_
z(2C=@9Gt4+)OZCmM<!ovV<ul#=<^zG)GWW8n7@|~T&6T}9J;1mA~c73%#DZ^AWGG>
z)EWHiXITH&&%FNI&&ZViub<gok_t3tSNHLu{A%8FphC`6Tm`2jUOls2%U!!YUyY61
zYlUdW(x@k1jgLiE9R5awMlNC+`^UcCO_>G!#U6NG7g3=%gLLu5vqHU(2<f+Vo%5m?
z;iP=sa&wu8ZybM2Boq@%t~!p>#t#m+o&cU2>-h7o=8tpaen4<IycRyRv3j|$CfsYr
z90}f73X=`$<;O?gp0Z8987*^SB9h85E^6X~v^0(;9&<h99cptbbp{i&FW-J3;vXoI
z)b!!!(^brM2r&8hUcKl>x^tJ|wJMuqx@Fij1ittR``$#wS_67fsd20+_wA2c+J2je
zcUcs&-hVh?DL1N{LHXW@^$+J1oF`s#8`X}&OGjo18s|Q9<PXg5#FwJKjcBlU@qb=M
zg%w4XG;r|$@zas4s{Wu~l5KBqN`{>Gu`fxU>OVo!KMRbD1r4Eazw}YxnPA!Sf1u%p
zRyLM4d(AqnIM@yr{6JoiQ%RhF{!O|zY|kLD8GE|(nFRHzgzdop6sc9Qi#$?o3^tn;
z{MMOWX+D~R(Bh+CeP8GDb6|LcuQhUFdEIcv@5Uvk6End{CKUo)(0I@N<H^Ys%wC|C
zHS8P6>gCBiYrn(^YRdQZ{vn^%eMhZNmd6`kMO#$;6vR*Yk4ugvg$7|`zhm`t$q<<2
zxWuyxg}(RQ-kzZiW}zi-X5S1}pKx_%(TzI{N+&_F9~8E3RNUVqiJhb0r&`rn)$Pi7
zkENi#l&y#ZTY01uZpb<>`<KvWn1!Wwl-Un8>60wN+bWxLJ=DGE&AiN(11NQJmqJJX
z4<GV>GOWvQ;t6mh#^iuc6rqg!<)&Dxja?+2kmHV$PXUL0<cymbh&|12%3CWP=@mNU
z&g|?`nX_E{0`jKjbRk*@<f9G~Wj0}vndY-s5l72~*rey<1%G~iwSnv(RYR1u0K&)$
z8$-dKgAL#Y;ln(V!{!@yb+$ewn^FJcn7kt4K|+2xuf%d$Hs*~UN}?S;;Yu^D%*~k*
z!%L9ynK})7xXl=bT-_%Fq0Hs@ut?jvSawFKI-=L9ehe~qVMV>A*k+EVrm)P?a4e{G
zWY3>__DeQR;LI#4Y2sQ{6MF>PTL6web5u2_#&EVG2`uFJ5}vo&$H>Vp_ZNvpW5$CJ
zxl;pVUhaD|5{DuVkc+3ghesW24TVm`+}CXYE5fEGkf~pKuy+M=e>{4*!Q{s0PjTE?
zvDa}<7)ZR~{-R|k|4p0zeYtQ7ltX}t5P%~_YMvA9QgNiyVNUlBn)V~~Es^86YWJEV
zK&fk9V#tadQ<|CKgM{<-61p2V)WHF^j{YYTC+425DS65A`u^dO=9b8b-8mS}{qly4
zd&q(Dnlejm#a&Z1vD+P|-POx0B_AB<6Ir8MjRWL%q&vyznW7N?;;!!9bQhIjS_VU5
zfwRqtV8SrzikTlq3#YvuL+fQ_I3d(hl(Sau7s3uY82&GOPvV$d2K=JsA_mWMyk`dW
zVw$|%DC$cD4dLHg8UG;JNr%hQP#J|Ulav*FlYPw5N@5FW<bpQEa;lA#>HJ$)xlZ<B
z`-=RJ&HbNE^_Q{;@lvLg1xzUE^goqBTtT%)Uslyfegtjfn;}T``-dwLAT0B1d%{))
zKfl1B1ifb89}VdD2uLT3oFPq3u<HK31q)FIIZ5(x!~4Od;jm3VbZM?MQNL_z7At#M
z<2E;c!gu%_5EAcKYYvHF*aT4sxUNvLZw~PXw_`ok%f#)0l^+`-?g(#e8E-BhT(aQy
zMnpH70#sgjf@Z+Ep5$B?;M<*Q<V_aT?)m2#VJS;(H!x49@Q;?v;?4VeXP_r8v?pH)
zsCc7^2M%HPp{!X!N+88pIe0Q3zAdKF)PBi=HDLo;&GaSph|~V_pu^zr6)bqb(q-3-
z?7Mbu?%KwKwE6oC8#?ghy2Mhpa~-D557-aC*f$YK{OmQV^|9!!=sB7>LR(Xb1aBSD
z6!gbRP)^ns-kA1?jKYPjr5qxf7v=N4g0v-A|6lJGOo>TMd_qGA1QbeoVBmAMar>y4
z*nE<~5XYgByrOLs+eKi78)N4YMz8HljgmtQF^rZ=VZ=jL562$wlPSjIe9Be<*K-or
zuyMIRE}_dR%TV%5$C6drn*i=b9@f>ipQG8L?U!hMmvX?Q+Lyvop=`1R5JuWKGgBUT
z<A8zN&>W!;@=zI!=5Hxv6kZz>XZwKQZUy<1lBQ6=dC)aK)w3VLoh*2y^A=V#4oE;!
zF46qS3rNdAPL{PKMTJv$@6JGf!x%mzqEI;1=-1-UP7Kv{@?KW@DflV>mH%L^vyTSn
zYO2**PQ`Yn%YMEeS`_tp7(>({FCkvt^sRpAp;3zNm3knOEATp2`J0Kk5W3)}pLa<!
z9`%c(lsN&U7;^n-I!5_IMOVz~^h<KE-k{nD9lwZZCW=nwqwV;e(%h@A0dtfRaKYC@
zlOi-E-bWW9Y0LlK!hhpZ3_6rK97*N@QB{%6%xRI^p6lYb#h&_>XJPzW8p*<08Hwu8
z;@y4D-n{NIl`{K<c;+Umw(r@&`R7d>z{s{tL|!RO90C-CL{^pWw*aL9S9)(}2TJ3K
zFeF}f0FVDUDK|Hi=Gy*)tr=em>v2w7ggP7KQ=`PODC^v<G4UOIq9>Kk>$fVe{g<nT
z3DK%pEx>O9W$Vh=4ohnp1q(f+23-p+Tt*1$I7qaN8|Ee(@vgd~1SB!y?;C7;ce~~M
zfn8l#c*Q%6u|iqJ8KDBdo2t9tey%JD3>Smo+tD<yEf(+4#Ls^WAa~4Foo^=romnk&
zHSQt(=Pozn+~B4vW<}h`Hc@cskm=IF^SdcPk;=?Gx`=2^RLqx5zlbxTJ48d-vz|d?
z!J?o=rtrzbfC`oOO&?QkIidj6V+U4@OB@*4fRnQ|7lo?>OGNy$ELBR)uaQb2CZ&@9
zk7$$=Tn~sZhz<AHLze4b>gOdflH+lwYPe+FK;36&DN|B@PTt^W)esH-TpmH0B>v8i
zqf{(V-p~ZOXAlM_NbcAa68F{@YE9i-Iiz!O(fn%q_D_+(1%Wf0<dxPp2(+Be_MKF=
zXe7U;iho1v6S&Ln|Ag<MZy?Yc5xs$pQXXU%P7e4Q(B1|t#QXS%$UBq*fTK{^w;_{v
z_V|@Q=sxrAUHat!rHQp+T+SOJ`v&b+ckMhTLG8z(+RL3?nO_;g({P>Ey&TqkDDCK)
zg$|$8QP0&#^P4;r-2z#&4u|wHB!Q~6)lmuaD7+Ez(Y#J<3B#_hSzXu2^iyvHFuyf>
zyo!m7Tz%;Ea9?lxqHJaBT~ApnE)pXR==Tr1fDNC`PD2o`#O?&DSogM&4VWTh*CxbP
z{V9s>A5y3+p_ozNioV2+G=gys^NZ($b9MM9aCQ+EKe<m28@^luoJ_|z?LN}=>)ejs
z39j&CWGfoJ<92%)eZ6l2HTQUd#Fn<3<((8V2Y-%@hBJYD0RRZYw_2Q^h(!Fs?&Ld+
zUJ0ujbk1+*ZN=Xo!WcU8aDg*!|Da|8udgD1$Mj>$WTJbZq5uXio!@X3>!Y`>(nq3C
z-8wxHc-B}A2*~rSGzw)Fmoy>X?c(|U2nyVt-{U-lV6OHu;qyHh(S__uST=7k2Xabu
zw%1Xn^-T9W$@tw_a=bkDg0F3iYtbm<`<?U2gsZYl&8esOU<3<O)T8gQP?|FTQslwU
zQ#;d-r)`AK-?{Bt^|zK%<=T-|sf6`HGx%8p2`^%d-~7K5IC##7%La+H;HpE`P7~{a
z9*VWAJwA{^$W-od$A<fWm#HPANJ5ht{OH9|{_JeMuCc-Qk?c{-I=}e5!0^FT66XTW
z%)B(XsTAq65vug=3SCmcEG4ZlIi7(dPQErwemrR4E))a!)QfnLX?})JP`hoJku~gm
zp@(^Y#HhalugZy3*TA{|6wGCWhQdu>RJy^VM`odh^p+HU)$SrjI7g7PYu|njuI4_`
zVn=VDU6{7}cqDxQEK$y$85DM_*$50xi#NCuW+3Lu4E{F2g)uT99L?0IHx~OO*M!CW
zZ!JK86*JF`^I+wc&XR6+fec-!ID)kFv9W($6YqAu?4+>Nb59%aIZlgkp$)#sT%$do
zk#E7enyuBz!Psc2ghhylntYrj#)ncjtK8b|%!PT_-Q~a$%V~vSm5B@2q5X~cSZkp)
zr@5(h-6UN2!;*sn4_8lghc$4le_zMV6)GlGUKDb^`4lga&yqzfgE3AV;hPxnskGsE
zv}%2e=8x?(Z7!wP`K*9N-fOY@zCoKiZ}N?jO1Z=wt_#+!F1Pa3N^<fwD9ebQ$*9d8
zevv(QEKJ$-S2@EK=aLjxLXlg040QfmmdIX7R|GK6mtlWAP})M|ZEsLiy-WCO*KP;p
z;Z*yi6OWOaUeT+6I*wo2&Bs%Jr8~tthrI{9FrxIy+_GCv(Cuexukd~8I#t>=d4nN(
zFAvp!-0$B^?vgn~DKd1s;Rz1j!@c(@)HjK4|JQzG%){-Jb~HI}lWO6i2TzS@c>D(5
z)s_#bU_byx-*5cT(0EcezIN%@l?8qekr)C_4`)WyV}pmno@-Z@JBpw<Hkv#0k^4MC
z?(R?mj{|wktlMR%sfbdS>m8KW)$|v;oywl3ndeHW7SBURwbW7tot=wqsA-#<4OYJd
z(TL3Ns37`)u%7iwv*EpBmG4a^J3X6kqPs?n7zyaoBlMN34L@nj%;rtDmvvSQgAkk(
z^GEtlO)r|C>}O8BLV>r5<vv0g-Q4Y79z5UA;}WFq%T9Qi?<c}d!CqQ#J@baG-k{y<
zF`ed9HbCDFN2B(K@%%MhvD(fEMzQ>ltBIpqN6UxpIp?uLJ9FrG+|sRI?hQ9EYPI$`
z9Nhz!bTSKyDp_e6cXk5q#{|Z812Ye;*A^!1Bio<~+eIkmS)&`YLmxyJrkX%203?--
zST>W92$J@xTYLPWo#VU;<6?e`R05I#t3%Tu#g|)Qa#5s6KV6~mtm%w<)7`vh!iV$C
zPXVUq8_m7U>{e=&J|5Wi{W|xNS|=%vk3^76{tn~bbbC67Y^<Op+5VgCSJUGx@Pq#o
zC8oJxP~@d{U_3mlz1sk%*yx8892|n^>EY%;NG|(c@m?=)vX4feD}_=P*8hMV53W`B
zw=iDiJixDM<v1|N`%n;k`Jn2%)8`m`CLxAv(|#oI*WZ;0|MLUl_-@ry`NilbKGH7j
z9g!DO;v7oXVfA~nEe&g8p#1!#!3)_>|0KoKvL+L+Cg7G=x-=!GF^Z#fMpFO@l)R!b
z*09JI&sQC+fU@V^>kb{*v#Rhinv3opnTQS$^L7si^1tFvj7Yum`{|HA1gr{}smRKv
zup4r)KN8UPlSP7O?ANHO9t!aYq?SCNt`!=O+G5|j?BM)fi5{5X`2wDIPAT37#H?W+
zoy_6?z~VT_+<gzpGsoDerAhSmO-qZ$G}V?Vm?-FK>F$F~{XHM+vTb?jL^k6#-s8S5
z&$uORKr*s8?BdiGQckkgfsCH#8`E6q64lCy97Glnma6ZxyU8qZMYM={YlkcQUYSp4
zQ7_>q+d@ly7dw9SeV=y2XV7oM999=TO4P{LqZsDqO|vHesNEoK=zdR~&E3IxjY{gz
zC_kE=*9+uiU}@TO_5+haAD=|WD37)a)1^P=M=NEdcG@1jo#x7QCU)G?LqBGGmPGR+
zOW6&3V;a06=ZJnb@*nwFfX-^rdN}>Ms|?}Bu62Z(SshMUrqU(~)s<(gdrdc*dqjRX
zZ<lNC&hq~%6pG=~8xY_$jq<r|_s2=54aO^B-ETbeZb<AFc8FW<T&0L{Tr7I&P0gax
znGfE?L}r8|v6fwQ-$40PfA!6dqutQqf$H`ih9q(8s3yqti!Ho5H%>+dV?kVWUsI4%
zp~f;cgZ2R4f~Qv9&nD?z&s&vFyG-fCxVSOyUx83MtKWBmr{bX`Y_DZZ1`b}#45uc2
zn8RFg{-Hzu4b(%Z<${rT%l(^o2M4%WxsmVnVY9)ee6|mk6yjHTYlG-#QyEH0&Ljt%
zZIt5a{z91nw3pz7HKqN1wjBW%nlC(GY&(m5DAPgR4SYy8A_t-;TEE2a@jY8^`O)<g
zBd*mCe^D?Me8EGx$s{j;1V`_!hGVD}Uord!*|fn>Yv7VI11yag<Dl_R<N8C^-#iUc
zZScI_goKF=e8s@I3@!$B1K<W}K5Hk&j92fb&WpLd|4aju(|w`()U?ZyC>uO%?lbA;
zq)6z#{ui3PSq}cC%p!^V^ELB>nfegn0E-mlUmn^80S#PNhV$VleEA7NVdt@eCJR5u
zT71M{p@!glH&$>rC&fZ-i-`*yDm`)@M<&)eZ_`2ie&=|9?qzm|_O-V<j;L!cj^ma5
zF3o%N#Hupq;H7-EB%08(vGNO)ex#RXKd#altj>`%RSE!oRGp0hi6{KK<G=DMRvnqa
z`7%2LT~Y;ci`}gw6c0a*(Kc#*m}`40HFeMQXNdOo9U<_Ol<)3#<ff&b@$i!g?S%-s
ztg{Vipk6>cia4`%Q*R^OAw;X_G#LcN&8<5N_TPF?_l{q}@Z!@qSY0Hs_goujq4>ND
zzEkFOJEoh=Yzm3~;2_l2^!_r^C*IPRH~Y8w2>>#mTgZH5cZW7>yZwM44PGkw;Qjr=
z7T>Op-Yw~56?pH?6E2qvrcF3RL*XQv%xxgF8|4GhW=<h@HjQRj%XQXvf3p`_9L>S9
zUq;i@O^~eOZE9{-Mz&6suluxbYJT*dJ1S1tjB7dQIE-SF^mmxIrSOi~ZlRVfrS>po
zs(fKwyp%&DHYZj+xM3>e%aLfKdcvsk_4p@sF==dvxK^K$L>`EDL-@!P`oDSvh*K-5
zz;5xqekXGSlGpR?toQ{Io2fBC<c*8Xye3rK{rvJCQ}zA7^L#=?)cj}Mq1vOqjQV(=
z>G7AJJbDXF2b;@*Z{6NGI(kIqwX(aQ<tK!bPmgT^rtXP54}tRvXCl?cZ?TSwuzEl-
zz9l{RO_C*jjECZ>urA<Gj@CmC60c&*^{wn>?dza&vRH3_VH4*~+wOz;kfE@cNQU1J
zo}+rQ+6^YGhf9;Z*PDGxh-)NKmsuD{+~gVD2+Av1WiUR|T|nAo|K0sD4MFzlJ*O$v
ztl|$gsRmy<7heUhytIAQ_2+MkA|^Yk4u(s4ew_|$pm*$(s1o0I@NG7%`M?+9l%r1k
z?DiKil^NF{pPcmt7^M?_&}LXnmy0sarlt``WhW{m#`TpNcC>Ww=>&bCNBtiD0E?FP
z;zL5<85k2mKCnIOK!)pzL{3JLanVx$s{zwI-?QRtBQKglquHrrTuvZ1L?U7Wj37B$
zZ>9dlVw2A#W*>BDig1<fg%WpR4AbS*89pOgUgz}jy*ttN*c{hXc0G)}D?6R6kUF{O
zBq6WjgX!sP9WTlC&7~d^Nzg*1zWLB?WNCV<_A~|#vDr%cZET#<39LfDZe!?ZiPq=U
zlvb0z-lC4$>~|r;4#>w_Nha!Y1>cGPqSOC%PF|9b;=dO_WLMseaS5>q*{WXF1Usk@
z(IX;D@_!yHFhQy#Sa*70269QqW8b-Iu-YSYC+~ecp)qfgQ;BA<dcTVn9ktN=_EA`#
zKz(Z?*;|9r9@!e<h5EuS9`UUkmS1Sp)cW=n@xxi+>u9x?%fsg3QV^K&hgO}`^6bJx
ziKBpADRcz*lHZf%OJW{H`cR57o5@9teM?<20s+5p`!6aME~t?5TWAD*iZY$zCIkP6
zK*azy#WgfUS;#qyHf#3UMJ986#|1zB2xe&LCuqgXZ!bmE5Q?7DYB_er7Bqymc5f{Q
zVI26+A$}>Xp0@5)^%v<6jpd-}5(_7&HNSdVGr{%Z8B(sSHJ=58`0MMLg-OzO_E9dn
zigiV-b6!C>8<W`>lAM>TgZyr{c$e>=112W@bef+<Yp0e+NYQ-H`uFvn3OmG@=6~~4
zwfiOZsy6lEUsQ9QkNu8{(cB$R)m}O|ojMh2Y9$dRyXV7@_~q-VFuad_CJaV2e_9mR
zh>N+@7iz|X_o|IsmnAPA%IJHTXcKViYZB_o_)thSnqEKHYF`WF=RjV?Z;C7(8g*C}
zMu{1`X7%!3R*Mb}NlpNodk0)v>-;{(&xy_K>s3r(qrte|y*>bc1(0dTq_IiH@W<ZC
zahRXt9D0vQ*15ROv$OU2cec>gA=+LJc_BxqnM)0Oz+*eO#wT$7m%6$g;ji>g5`i%t
zfOZ-pO@Nl%0y1bcg-!@mAlVUeG`0<z1qGu{1V3QrSLI-ghz>&rmssfR149+Cr$6Mn
zny*v{SJCF^=r|@p3WFAjH~UVsKiKK5r)NHQy0DcwhR<khv8MHDvHa8H;>GVoV8biq
z_KP~l?LTFNVioiRQrH@LYfEpsKTc7!WFTm*?(iP{6JUA*ro+V16uLQ$1ZdfHk|9z^
z<r^;sD2}#2(9s?Cd91YZGdn8R1db7lDdza0d!gTLo58gOy4ZGNc~lAkUD?<DW1(=~
zdiu(rnyf|7RUmf|ui(!S80|o(NYp_nJ=oVJ7Yx<K$ZKa?+vX9m+##^$qWa7DiMbgH
zPRnNlZzL^v^HJV~NvR<B1M1KBGm$Qq_vP(MiFvX`lGzg(!tK29?$u!~V&K?a0welV
zp(<_7s+|3i$1-aW5d`}?+qXtH5X}~I!7B+4hI2~g#!W0ct^<LG&&dfetIgiN+;L<o
zySc`jwxyrtIPBwK=ipmAqCT@Ojj!=J)J6A>mxmR{R)#78*YKYvK}nHH+oS-Q_$=QA
zyQLdx(C3aVqiWA>4f!Srs{T)Nm!yTrf~k5ZYkmkL@<tTl0T&_GPQ*3A-C<<DglZ2v
z?Ii-WBXK9O8+w3{g<&fS7N10b)LlU4y5k$D2M5viweKKccFh|zCM)%fD)~etF(C&{
zI`)aqwCHQmScR0$avd%`YE7n{XjJ0jPWz^Pid%hzJtK2qXUjRo;GBk6v$Dr4Vsuob
zBz;IzDYW(_tod@9kPc51Bg?o2zbidvO=-2t$VA#9nlDN05PQ)~fefcX>kGc-*lN$h
zAgt;PlR*~=;NVt4(qsZRWY`8$ef<7CCCFM7pTMbo`=!#TC(m!XpJCn`OpW|uoy_|Y
zl95hsdWSB=-xvuJ<zC|a(KGlB#COev{lFy9O%2B`^+a+niA7Q_^Fln(QjS)cAI+fH
z&1oRUkw`)BxxAW1+mwzZk~+HFyQXnDgNIFy5iSXBA1lopw9!*^tYm7MHC&d0r#v;<
zb<2S&m>Xqx;mPj-#1ke-*?Vat!-S95ixiyCQJa6Oskzjk|4_hHjnPyj$+esF#@=Mo
zcYS$pd`TmIHR;WnIgVe?DA*-C^pQ$<XX18xc&oPDk5w$wjXtGM2O2Gl=RSnN*X!g1
z>{%l3f37GL^;IDjWltF**^ED?gN_sJZ@FQd3&|Sa?r;(bg8UJ)>W_z__W>PZ<(}4!
zh#bp!%W%tZLBDghsh4krTnd2_ySp!02=3S<HhY$ZS{eX(RW!^SfX0_!`Vvf4UDzU4
z6C)WDI@;N7iY~?jFBl8Y;?&+GMirl)Z7ZrOE`so`No%F@xPgxUu-$9jg~Ef7Z!^gM
zIVI*lbBwJQ+N-NckDR-8^sZQIJ);)q2qSoA=txc;o<Fjfu$N%F7!43Hwj*N6inDlJ
z<k#NwLCiY(^YX$kEBR+p$=8qXfHOFh&y>%@N3BHh7{nAjV$)!`!^rzL@H;t5`SHSJ
zL2+hQ_}rB6A7jr4O<ai96hkoB^>k^Ahxg>Z|0t601-V!y%ICKoRS@M{aL4ZTGEDkj
z<?2Sf8jq1_d&;(m)Y1OpyZ<$p%Y@*|yC#z$%zrTr={+0kg>pXxy5O>@r|ImV{|65K
z&*S0;03~7!5*X%}Y^ae~GfUFhg_aj<4CBFtQolNjx3dzdB;)-qWF%UQY)P&wFunt=
zBq?o_xhgHrrmXx$RF67uL(NQJK)d`-GAGnejGzCWA;???_6U4sEFdOFDT$tI1BE4k
zqWaf@*LC&^h#|iEUF^62_SJl_t{0}sT7{oh=Sk130TW#Lw@dEZ&A7^Yb0WpchM`IO
z$q-+$Y!ZmX%SDB&_K5+u0=X8bf%Bj9=?+Q=)@qE<atD0o;r?+6sfUMuSHXc~4;3xn
zx&CwWg-B9=Ei~DES(I!3Svu;Yue*Y-HLNttN4Fe8ziUO@`ZfzZ)d8;)JN&Mr^$?Ib
zm`X`PY)7`VUxHPWYn0?D`RlNJc^rI;K9(Cf*J=q3eLz-`qKB2FmIg)nkB2I3B|Y9m
zh;K$CEW^Y@+>woF2?#0|<JdR21_61;SDZ%BZJWL=9ya?75$`n++W|RWU|#P3<Tg;$
zDp#-&rpxM#;)3Sg1|2DcQ!vjgK{yzRr8;&Z1U<c6d<X&yy1;3Xy)hb(DlF#_TH^K=
zZ9Ig33{%XwXv)EdXEo8+tM}>BS!{4)vzrlT^MQo|>aq-FEOQy$_zjM^VG-<noB5e$
zLGX8EvfF>!4IM;?Pkg(6n0B2h^G;i=ha}uPTwTEpUrp4zgTH(K*W2@w+-iF%T=HaH
zVK?|r1kgkS>(GQ*^bEpHCRidjnyPNkK;-gF6@m-Cnxr>A5_q5Y>2ZduO=$4)!~xD1
zpUjtLJ0-Hg?<Dd8cjbY7X%8iyBQy{jk$Z&a{c9ucfrTJuL*wb&WX{Dz;(Ai)B@17l
zx4&k1y`DfqFxA-Zyp7s{dROBV7GZn`1$#N-c-H-DLj(O^c0fTGQg(NDXN?vhPX|%c
zxGQa&nqO7<IEj9$W29A>h&Q33gjU<;^jRpm(k$l7IYv8tyC#{mc>6o{j-^2FCSWe@
z$T3aPt91m%m=7!8W0**b)mq>+eywTvo`s6|)kMll;y)Md$`of<y3WNpq(ME?%VRU;
z-WLk8v?I=LG)r<@7*I)>h=7Q`eA0%^ErG(fl9#6;-~RVahJ@Z<A+-PWL&0Onfov89
zw{K6>B!+w7Fc?f(ge|RO?RyI;+d|BSP#sb!8dNFb`L9V{vWJX|I3Nqs>OpbS^ppid
zk;F{3n$SoBn1d-#@^c7zCEoSpiV>y|t<=63_a7Fu@h{0>$4=GHqOb`pcue~HNhKh2
z(Hx48{8C{kkkYdI+t+eCh<Cve9aa3#$*JrimEb#AU6AlDNt+(1_s$H=Z<Oh*(7oFz
zhu9e|;QWK#pFa&+eP!>nyiVZm?V94NRFSsIHl(C+sSp`A!pbiDL(iy|L2-i+iy+3}
zA#br}%w<3J4XH^-e)7cvum+F!6(vQ+C#64zC&j^L_ZBF6{2!kNnKML;36a$<B)q(y
z2E6k=^vZ73W4)^u0=&P6*`8@Z*7I^o+tj?eHiKAdENUk?J`woVy>`Em!zM&!fncTJ
zlN&`;kyp8q6yyN?)gq|11Bs5=mZj<YKWwu7q248gYCJ|ZopSr%<UlYJ7(8OMSdh1K
zFa*w^sD7t0b)%LBOR`&YjY5Y9c}0LsrvFlXF!)0^12lAk=zPbsk~y>MYdm4?p^W9+
zE<>CCb}*4pE0(<Q@O&tLzBI<@E}63Gss4tta%%@w8{+5<TLos?RGB>eD&CHcW|8P>
z<?UB(v4i6XCr#-EP{MWJsdi_Te{P|3gkH&iazO=tQVKo`J)_y*6@-KmQ8nzpy9ObP
zf~yO&1Zav#X@VwEkwjGy=~c7ac<K3IC_H!F8_s>hr31CDy;rg{J*^Vhm6a@<lJ>87
zft(mDuOUHWSAgTOW}f#?c<zpr5r;-90pPkyOp1Z*LI2q#1M*9x?UA8QvT%i}GOpnP
zv4UQbOlOWZol#|cF~rMX9l02(@ApqpaDg#Myi^bel3r+``S}7aJ3D+v_{V=?_h3Xq
ziEd)-LaT^l|K?h_=TOS=7WWID4pb}H3BYHwDiaX+(amA`Ctcq`OG`_E(`M)Kon>0&
z?5Qdig$TmWNQ^#mWZ#;n+Ej|#SlOJ<NOvQ76GV9zGuE#DM18SbH<|4_@XH9xLy;Wh
z768&RZ0-z&aS+Rf1>;i5O&zCnjlAC6ha`(Hol|7ZxQSoH2CC5Bq=2*NPah6IDn>Go
znO+cM3wN{qO41`EjoT<Fh8!gW70*zh8e=LC6~IuS90+^EnSr~E0~zYqunM~&gQ1+e
z5||E@c)}3Kk)t0aya<_u+rc=I`|&K~bR4@s6(NtH!}3)x(1DU-p0L3BWr|T^*u!5k
z*Prliy3VvucuH2|U5hwQbv!`6T;6vQL?s+dM->tV`_mkI!Ic|B=To%_UBiL>%z@RI
zK^@Telm^O;bIN$`kDZ6k^*S->Y5=?yewoeoyj)j-`%dplhm1!^af4w@lai~pn9tJQ
zAgOEm`+LB|?V6@s>pwX95h5s@K!}Qo>aFZv^akG0nH8CvelbPAx5Jxmbi~oo)7^86
z*C72@gvI>;4N=zML!|ZR-4?TXImo=fe*LP@WWEJX9Pw!xN=w6n!Qk0>#p7GKe`JV#
z&rTR5ybj_c-{|Tg%Xe>az??M^_eYvih9vi7Id7YYA|R%pZh+hPCuBKOh`S@dV5rHN
zGB-p<_tOp~dqw<9*S#j+3W?53Xj;Q=MmAd2Dg%{}c9u%4CqYudTsBR$XlX#9`g4(4
z{7-=kxfRsL2&FtMVngv_86^=BVqTG%B6ao_?Mg=tQPsFGJ+Fz1#uSKB1rlDr!a^j@
zS?Tuaws?-e8+*q$%l3aGL9$?h&DVaA^5e0-9Br##U+)sUw5-hTpKWgMoi|i1-n0s>
zHsllD@9JB(#H*t6|582ufTabXS$q>D;!T9;o;r%t)O!XeCeYS@dyJ_>6-Hi;45jxI
zilAVd-;j!G_?ZNNZf?R76GeM1b#!!QviCMZ@#}-F3r{fnPj@y#7u0b6VXQ7Af;+~c
z4rX&YU~>vhxXs_3DWI;{wvV8#Wz+Au4lJs;uuWBaAO!>}oH9Sw@^A^1C3<a#4fciG
zGY5B8-=2dXGslcne;2Nx0FgtY^m}%oQWJeOabb)s9i&lt>voLK`;i5)TCgct`x3pi
zCJ%|>+}?fn5o2==#$LbDAU)M^u-Grrd?N);WspIg?tG=0n|><ytD)zL^53ZNpp0We
z&g=SV9hC@@AKWPRLCUO6;MbRDe%C$3Jkfv{kJAOqB_jGGRB~bd_0I8Y6<-mif0T$<
zfy*%VtT^_N5VN{QUKE(ku&~F*^*K=XrttcRU*)Q14fc|{jS;o2K3xdd<QTX9e^KFW
z0VtmU@u4X4{H?fh)2G9AHV>Qran`TwTSmpCKmJrBW*VdkcM<!3jV#y&1UDJsAq0J4
zL6uMUgBHMZa5sb1SYdV-E%mAAIQaOJ`)7m0d6i*mjmjWX{pBbxM0=#1ZdANLxwT=Q
z;^q~qNF_UbiV68`sAASmdn(*vGkYji(x)w*aVSpCdPLtlWW37MNSW%7-ZuO>F+!3i
zd3=mDwGY_2)Uz*nx+Syb2%mfXZX7c7vv!lAj4BM~$ONm=O{umk?o}OAs`nzM`Ank_
z6Qv*JEgQ%PsshQKK7<AiNDuUmui>hF=UIQPTB+8w$08zvJ8-nOb%au29&=btno83B
zE}Dh$GZ$lHj4$=5<zUPu74esf+^MCv1o;1#Bc(mBMu0~Iz&|l4y_LV1BiyC0r)kv{
zUfJwPnAK%s%!h^vhuz5XH|&nV^4>u@6g?ZP51#wx3n4cn5DbHQOY}fj!e7%R9*-Xg
z8=_1_g@fq*ih*hC{(X`?c-s6@Yz(ekz`ta#ShhtG+_|Zn#gJ`h0@~`5Ag@b35bU<q
zuRPNlbn4%x3=diGXuLf-#|zl(v74<p^18h-7<}IXl%0%7f=?OU)8kDd`OwXIdP994
zGGQ{5)GXLsnW$(Yr`yw$#Ti1!+Wvpau)vqFTj!OSd4cntbQNlq*zUw+=oi9(xyY#<
z+io{D8GqhJp%w2YX>T3aC*QyX&-}*0{^i}PzA&E$zk5!1a3kb#{@yVcMr~r|I~G7w
zJl;kp@*v<cednb0RAsQgr&z)Rm3S2cP4CadHGkrz5R&%PQ=!z<FG5}y#3~0C6FaLc
z+K0M8&+j0jUMZUCx{o4jzkLxV*(Q&Kir%jT%|=WOA-NzuxDB9_F1wM2BpP>j_`<oL
zFCrN}d+t2<Nl|Zc-^m(bte)^yhSpjoMA!?Yv#eHY+15Es+Bv+Ld;L(K=&W2dxwMeI
z%SL!EeM~&)@^5pd7YZ|~`<{PH2b@nv;3&%1?ip+vAA@@gVss*h%N}p1dR0LDUJJ>Q
zjyfEcWT<9bt<dBRStRFso)jZa5u~tg4Bv8MA!+8{B$H~w--bG)D5FUFGyR$(EJ@_7
ziRsL>TWq3&ID29egYg8OdLRi*`8RZL5H+m*;TK5vhjzVlBF3nu$3!_(c$488M3|9p
zVx_D21vcAz;v=?$TwNhT(@pSM?i7s6D1T$^)2GB3*tLIa0m|IgW(~WxfG_0_mM7mz
zcs$X689W?`R-g<*u5|p~XSFjv1M=_EAK>yndCPeV+DY8qQtRXy4B|!lK%z0^v>Fs~
zpF!cW(|ug>bDVX&ATGXd+)`b&%a-is77R!~-#bG@QE)TDS8%&pV5@7|;PMmivfTg7
z^6cXABe0H3^kN47yscT{_-E;sF7NL2m&!YKiSQr$9Gz1ZYwhmY={@~fk<Bm<Z*QF-
z0t;lK&LjS;=5oFBQI*OM{%^sY9W!42<+{I~PnJ&~thzNe5<S=TrK;8XyjC}t?k)xS
z(-|fH!3qB4l-sdk?04OtsO!VOH=33m!a!30-J0HEL085lLR~>R2sqgi`%77`ksWCx
zu@~TLwvH+OD-6GxLbLE>mHs*6c+B)$a_*t0z`Kt6%7E%1j1JRv9GyplvnY%eGIXD}
zU0Jh1_|j+6_%_aMjBERs8+Sz9GpIw7%{ick#fORt2Nx>uh<l3fZjnvEP&rA?6q^Q#
z8mF<SLnqLYZmW!wE2c2+AH?NJ{Wd#X>CoXahg0VEUE%oSWJD0U8ZVtoPktmij4~%P
zzH=P3!hv!zKW0A3*X3H9<8+u1Y3|~uNWK$4SWRqlkwugt=ubaMIuk22_No^wd!N5`
z$QaA%zC$^T=gRh*!==1Q+pS9f;XQ#9lV6MZz()Am6o2L8^;5Whi`y+5_)=6xS`L<c
z?fTFR6GxsmS10_HH4=DP+(|OJ+Hv)~+3L)-;0Mc6&B9^5Q!9La-4P3^6it^u9vbkk
z_yp42z4>5@1vSHdIMEy^ss>RdD*&JN_4)C<y6?p9ESA4?#WuIv4Dc>YeSr~_D*W0L
z=JT$jc=z+|>|=V3*wGX7xiIBEK#2yjMCa(#7<iB-ZUpa?R7hq36H-t>>3*?Bq?FA|
z#~_0pH810Knf34h3)_V*W7|CI<9oS3{2HV(QOqQt#+Z5Px?`65b<~nWmBIDQ+y8zc
zVC}anPDjMesK?6<Ia^1N?B(Xnv)AAx46+0i<T_rN$ric)AVOQDY_<JJ-kYOv3a(dp
zs$=3*_rImZ$?UJ-6?|4PfByNh)Y?n1SqnzK6&8tOV?GVrGfh^eY+xx<EiTJz`kUXh
z|4)9Cs+WYs`-G78FG2eT9TfhPy?7;-f%D_($pLEi&%hb{D#JP?HcJK5^%+ZV@D^i)
z2XW+e>R8dFEcp^}i2R1^mN7zkfn7_u9Rw*{ydZ)WCbmq)0%WEn#wI7WURK{YY8GiB
zCWB!3?A05lYixG^`$gxhfwV*RrhB!(gmg3iETC`ngtG(%KK>NNUZ{ApSMCG`#dM)|
zK!t5q@p0e2>eUAZU>t5TH=@aKu7z!#Xw?13RIETrTR9_xX{+rV@hRaXdOJDt$~~W#
zy#Ki!*e~zT=T1NQ;)b=+r6dFS8tN`t0-i>{&Nn)r*ukRA%P=-OIrT?thr3=rN8i8v
zWhlg%pw)WNt$q$>s!?HNQ(JIAplM;Kgc23>B|DV5x;iR_DEQ^PTgc{-L=$tT$>l1K
z1LpY`h4>hH9wC=6=8wf1_+K)i4D>ajBLusOuak>I<0e7s_xMKw1qg%6B-xE(f?QdV
zF}(C*l};A5GYsmJaO#IjBQ7spQ^pCJC~w_O>FKWXfl@)-r<;+#x>7ud_;qpp5Yp~V
zHGEEQJ#0MmI_%r9c6X&3@^dCJDD2*1vs1#p_m2}6LkRLZQa_5STP)fuNC(~7@ylVx
z+OzB{CiDJ6Nq~r=-VGhCTA2b-rIKY1n+#F-)$rD-X%dyO^1a??lu%-G_*TWa{{p$o
z879SlauhsL&>p$e%WS*y-T_CvJ^!I1&mRzdpO9aKBVBr|?&p<=@&eK(USU?XUIyTZ
z=xv125c{`yi%m{VViQ+*wj_r#E+Y$v4h?}@5n?i)x!oAU@|zz`_MhYOVzrDWI0Hs#
zQD3}K$=8EoHa%a$>^v&Fy~Z{ld`7YT*Ba0?keJx~>s+4$mT}Jg8Y7yj@gz6GT$FRi
z2j7fOF|IsZ=-+stEZ4_qOWRKG-{Cwf?E)s^Hp@-sl}WC4Mijs<4}2-LXAx)$zsx4s
zv%S~Ltmu~-W(cI{Z~D4{0T44OG%USnr+A-F-mTqH-hJ82I<9{h3ZHk&{~rI~Prq~s
z#o$|tWgFTqHxo7SGcQH&Nj~pYe%iTVFcUdm@@EpBt{HIJj3(K{B~RC(XW$e=nE#3o
zeQCf*i^&}AoPzG(^7ANr36B7#!(@&?D4XH$E4V=fjD;>836g(s5rj0RxArW+YeH1?
z?!AQRJQG4cR5p@hDyY`BkITKLlW%J+>CESno*mv}G*<Ugz9IgDV_u%H{RqKYGgWE|
zEIRkx!mA&Y6QsW_t4m@%l;|pJR2rf+q>sx5b)_i11hE)JZXUcQRI;;6_L3KrSHI5&
ze<EMiZA|pL38Z{h&~5u>lH6dL%ye7Lr&u>by9%?MF1j;_z$F@&D^^wVt1ey0%J$R$
z%}*$dUpn52KJ*~~`h}c+emeLWD^uE&TZ!RvzNdt!hP2}D6f=wGdI_ERE7wU98Yp-J
zCv?Q!-l27({jIoK9C7b+9g<YllVTRtr$mdRBt=t^Z-ugeW98_#bs#~xqIkJo2Y)al
z3VnBfKdfFgJ`#}W!lPH%JnglPxNYIAPbc5>!Qv}HQE%~db%JQzN;7D1r+h>Kvg1N|
z*Y&ox7K#lhO;;xsPMz;pVEn~g(X+g4pz}B1o6EIvdLK|k;UVA`nKk|7zn`*HB;iGA
z%Kp<oB%*IRxyW)uG~KG~hlmZeIJLe*J@zdZq+0!@6qVibAgB#7(u;g|dtA>86viY9
z#mBxmP<dGEqx+eTwEkl0^5N$yU;72|ZKW&K(b-I_f7ku&h+LF%_nH&_HJ2#a0vdZB
z?Do=zy8qjWRIJPEk|h`jlG&L0mG4c>!VkE-e9+bR=BY{$FlHZaT)%e`?mzB3RPFcz
z(O+hpt;Ve9%qVAD6<x?SspVwL{iGU+IIzyjZ}_HxydYWvfMMCAu=MWuCwu?zLc`a#
zm>fLfzj}K_fR|@0B!^DGJbw@U#tMD9P`yiL1<i)UD<E_y54lV+60OaMOzg^DIzrZL
z<N%J}a|@QYb_Fnmk#91c4#VMl%^+v_P2--ms6qkxGUwX2`OEhRLcv$JxGWx0mr?Kj
z!Ty4P^GQNJ4<6Cudn6W?amv&YwT|C*n4eJh-EC)KZnOUk+~k*AwJ}iGM^e`PI<Dng
zU@?j<1*PqtDA0>?CQ_2s7+y(fCXRA&^C`=h&)HEW$#b(9m#Xbf-U_w&-16FexC)l-
z$Xfoj8-PZAVAcnly(7R)DxWL8b#Pia4QYY9KC1YtEsHQ}tP&%8x1S}as4`okm`2lQ
zZ;3f6nt(uSrod7=bt!@kmklA--d%!!QQQR|bVmejeW+j^A6G&d7d486-|;|%P&b_H
z2U>N}s&8Xj=I^}7O8=b|O~NE2JZ@bdpAvn}%>G={y&S}5wp{grkk6d|H`-bMP^I>*
zsDb;#>52@?ol!K-^P5uon@#r@*fpOxRm1n!{^r)GeT{_;tq=7lTaqc2I}wMk>@891
z^}aqVn{Oz;svl4gn#uM7(WdrWx(K2Q@B8}KXr+Wq?MJ}ZU8OC)gY23l87;Fd9szL=
zUpO$BO)z8C=&w)iIS1c3po>2D-_smi{UYL}->4Hs&zp|)!=HFP(asU{=AD229@`~R
ztaba-;T~y|`@wehn}#Fk><_Lw{^wu=`eF!B5X*Yo*apiknvN_Ma<MI0v?ql8cNqwI
zm!2kD5W-GDBZOp$!){1Hi;6xm<^=rpA25W4NK!3=Vb)n3-qahN=z|A+r;lE_pCiM$
z)19}ihL<D=L0zig`=ukD@%&fj1PVbYNDDMtHedJR#;$6it50Xwm+vx!zzLNbiW!WF
zHT^PsmBkIChu8G)({_zZzdeOK9UoAp$i-y$iBqrkOOhTcG|d}tkAfF+^|ph=0<%pc
zi>Ql%&+YsC2Y#dwh-`DVjF@b#92To@Tcvk}koMLdgTh;dAr{p2Zgt_J`<oKVOo=6p
zu-^@8!~3bedC;QCrOgoNbI#+3u4c0rU7lyYv$Z;*?;8h>*{+ub7#?o*E;NvX0}!;?
zmu#+8pe<i85$mkCzF3VU$#9*h;{%j>yqDH~J7dhjPrixyEkcoL&U@S|avdX;sKA5~
zXCccC$u&dAprOQ=^h7*Gn;k0DnLk%`Au|;e0m!6rQ9g?MCT&Q4qD#F|d|vGA%WhY+
z;`%_fpVwqX$L+Ss`kd!?*wJt)fKbaCh!5-#dW7Kjh4&&3cFN%*R1T<R4qxl)qg=nK
z9XI#~rSYXc$h~|$El#_O1hh+5fghbLN^;;qohnC$a}7>>ab-jDndHx2q|*1Ih6N~y
zn46a??b^b@sKm?0?aHF=(3y<o10$91o$|x2Sc`%4Ppvzo{l_;B(jV-R#l%>z-H@G`
z1n@-I&#ZDcQxz7A9ETQ;)*3=xzd+l*=lYtS8`<*U*?T&W`tq}-g0PM6lHj9|hg0Ga
ze$v9z!*XuA2(7R~8QnVT(_D=kN#kXa=(6eH%*#+xAQ#Sr{!o-4Z`E4NMaOQqHQK#>
zU=VnkQPnF^6nM3GtRcp4Rgya_ZR9Dsv$IM~%TqDy{SAXGQtLGG0VG7lRrdYQrQYmi
z4AQr*+Uxsyqpuu3Z>49ouPZiT$4rMuYST$!O6MZ_Ei2#NhfQ2<_w~%(atUWuGK{%m
zheSjM(>e&}&p8CpU*ERwc-jr-D)0OO;`-k{AEu(4b%FOPA1*)?SG&KRX37Fs$Xgyw
z&sKhsBwyr4ZB3hiofd=$1*~9=UXJKo47-+kdfN^rBg;${@7DP}If$l2o~UIEL{YU3
z{D=fS&cj+J&kO$e?WT}$Z0!VQJWjKq67#D3;ci@IFmM~2_of9FG9@tYm+rUR#*Fkn
zA8u#PVG`rVq~~SC4;g#o;*=RA3OM=42{;7;JR-HXABotv7b&#1Hi*1XYV*0RkvTlO
zz596*d-~g)u%&0x-MR*M*+rRpTLPXg{K1=NiOzlJkQ?7;4{r6p1~S2L8)X<7liB3l
zWrrz&rqlA6RcX3htyk~~$KlKQg%Yq1Jm8av-Et~8VY=KRQ+=bY4V<kXY>%3(jn_bR
z^#OTqG-gmzW29?7u#ukc&0o(3S{@65HgolOH~YRvV>cW}@rcN1{oSeonD|&H9@3b{
zrs{re1?6E%A%RW8s?5rNMw4%^Edn|=5#oGlj<&JqgprqZTXn7u79Z?KHVHY|pp?5_
z<Z_Ag!|MdX1;#d|hicCEpOQ~&KOdLh+<YY;I$YV!3R7zNlChp`^J(eNMniZd>!;p9
z%@PZN=wNB__~5L%$Fqj1>E9mqEV@6X0ejHU<zsWICXJ+D{B9E7e@)7YW)I9Q|E)$d
zoXNO*F$lV(r>;>ar8o3JFna1boc?Xd-2S|S(5t>bl1|Zgn_Lq<W76B*0xNuT29x2w
zDP2kT+xQGqF*opinW%3%|CWdIrRkdM2(5wNskgAmv&+oJbWO3#ZptaJJNX{4UoOm#
zgn?K~PRxWiV*&&_0Z+J{wg&F4w|@fDcZOeST3r5AdmqN~aa#17Z2N$Yg;1u8y}ZuW
z>oL4Ug>^CIQrHjKdb2+{?M8aUx|rNcv_H=x$O+^DrqY9AE(qNFViTtZF;Ief|39YQ
zGOVpO+7@krQe1+&1uO0Zcb5V!RxG$vptuza?oixmX@Np0UOd6w-Q9}2o_zbBeV+S2
zS$VS7J7tVH#+p-#Cvq<__fem1hk6U0SL-FOo?3y9M*1w%g!7qg2HW6bZhWG9!__O<
z>-O_!9V+U7AtG>7_~(S{ZccE@Exh&LVsE`B7N!#~NQz`HS1_;jK1Qg$SBU2MsJ8O0
zX;#Sitm#p0P7M-P#5X$kIpNTL=2cwsRPL79j<7U%kD8SKs08P<GHy2CHrvN3=u!bY
zS|9c&=hI4;Q*G0O9$z1!GYj^ojfQuAtIezJA(gG{mCqhl0joUs(m5jEAc!X|^>Ewx
z4wv8UssBnZ{qo~M@l@}^jAD=z7CjPVu{Av{EKarIw$4xqAXtad;HXAFW`_5kKycs%
z1Oj1O`wM^)C%5f{EueUUxav9aun-ylzm^)`nQ%`eL$Vb$0Vv8o1|VzoAbfFOkKUEs
zhq3aPH;otTi}LzBDt5}OoX5Nve0llt=sJ}(Gkg_`jE&%lx{T{u#)<_^)2CPx>z3Hj
zz&klSM#67R|5iSIo(=j@5R@Gwr(f4hovCeg`x3ARsxUbd(mlE*3ziO6lJKV#!fJm*
z6YxOINjatH{g{}cRq`SqAa6n~86-L6yY=SraoDY^-XSiP;1_Ju=Dc=sj3-YEpH?i^
z#P3?Y!nFTU2yfHxux1vIm|8bw^0UUF^K5PLCG^Z3)w3iCI_{?x+EQCci$}859RRbQ
znfRqlPFpSig`(DehM2xE9ndI;oUlT&O|pKw{-K0Y9qu<e1V`plQ#gqkk(DZt{PJ4l
z_VBTQONh3`?x*6_;&s)}TP!yWjg!9NL0`+AMqDfNG4h$c1Y%Bs8!CyJZC$J%>{}_&
zUli9f(Sd`{N)H*e3H?_Ew1|xM*?W}7|8B*rPf0wkqvO?=gZbAM&TT0Fn(KeNAKHz?
z<byX&Kb@^4&!bs4^8Px}UR|E@Vl(5c#5H(kM*>v&R<G`%fOP}{C2X_+f}E>6vxd@o
z=oFr|FV9c<)#h)KQ&OyyY7MjL<`d-#oat%NDMok0!_?d8^fFw3nB2U2e0n;2E^6S2
zf`;45c~>{N1V&qBxA#hx3t|>o-EPbB>_0~dzrZfSB7&q>$il+H3w{=m7LT?AMqBQM
zdsf}j8uM07SNteB$%HTx#9t!4UoMKQypPAztM{t7#^~BwZCzk}pIpZyI~#A#nv=%t
zO3=JK55<M@<7nTH=XXWq!^>8mdj?wDqsN9o^G%Hvv-&L{7eUT8ptN^?h5q^5w&#G?
zf>n!<T^c_!FU@vjozm6d7l});Z$U2<&aJylY8n1ihILLH2cw|e&^>FdnP>7#U-k!U
zkct1}$MIc?-&-lkHBCj5#0ls34{gSiIJVRa1MZCWTYAo#izvluP&@B?t<|e$!3P&Q
z$Eo#gHm>;6bZd+8`Vgw7ZU}3Js1%TG<|lggHy$Vdzd6^A5|O3MZ6OWmBY#M1?BDZu
zw3Kh0G!~;~Cw|PA?=XfbXu^IRX)-zgHhVSt+#zatv~@#_OR0!e)}^??a3x!b+ax(B
z38ueMY?2&!(mGDyJW3F0C*?;cwYqtJUd#KZ-|C216k{Z64u{m8bI&yeVr2aVp^pJ2
zctimHAOgj(IFl+xY3bKRMYi54^!SNr{HQ2OOWGNOD!y}#LYtY}zvv^dhlNvm^<j`!
zP>^6zmVES=w}Wj@L|o#}?>Jk12~E7Y(EAnREnuggeut^2{6urquR}j+KgXvI0*l-;
z8%6RwRmx8+j&2M%aMfgq_Fy*>lf+TRmRgVE?IZ-e925MDYqz5OA>m1)K_wc+e4H7j
zTg`E{6QcK~lkXy~l-pK6h;lA~^z990S6lAGxXpVPSBZcBc30pjT;kDMn+j(CXkN@_
z7`QMrGavGEqHT^fky=BDpX~a(`P>)WZ~yhKp6w?md_H>5n-`RdGC~+j&WFTQL#9f?
z0oQXUu^72I*&GDLaPL6a#@gIP5viUg3Rg0rA9n@vke^{c{EN<6@&ict;NihjU8GPx
zBLMcJ&rBgPA2l!y25Ty{z;3;)pNiwoy293#JZKJ_wSHNQ=+aZ2%Q418*V58DO!d%;
zf>wLaWfYFv`k&8Q@@{Uef2ciK=wZJ4ILp-`c2dTf4E+^{JxTy$s(Qo~HLej4vHv6&
zXnGe})>X=jq%Bzz_|sTn>pt;NHty>Z&DJyR&D-9aFt>ou0eiK>V^goevPbom_hdI}
zl+43;b!VT~E3j$s1tp(v89a~Xf{&M*H;ZC8WwHhHXmr_GS*1UJhSuci-K|*if>+xD
zlvGs-Mwd7~)yvIR8h7`5umWC3Ne%xO*Egp`VR3YdTT=c<Bc;%thPtAVz6_-;>+R?l
zzbi?alYlEp6qGj@n#n|xPr-L50m1Nxczp_n!iz07K9qiUgDTe||CgADT<i`R-0X7K
zX>|)k3D)@y5;D!;p-^orQ>rNlWBqhGXtWf#z5EeX2AA5mKelyWMXmWva<2Wbpib>V
zcer4d;&d^d(cAf6RY^26{^enZYCO<cgSwK;t(exFI`;~1r{xSiP``0XL}Er&Gw;y3
z9aSi<W%#}+1YW8tDOYjYr8Sbo3c{f1@q@@Y;4dsxZaij~cMQIb^}Z65#ELo#)nIeU
zbPQhjR{vTdrLglrQC?#LQg|W&%ERe20SLC8Lcu?4uG*cYUy@q!0K~D$McSm;3MeQC
zczA@gm$Qz4#N-_O8w<Wi#Q90Kt)zP9LqTy%e^y)Vv`zft@%8{7&memPK{iBWDWL$7
z0Kx8|QkjK>%p;T{LUDt-4%n{&f=R*Y!j77VLMli!LUE4362EU_5DQ7x;Ss-SZjR;&
ziWTDA7B_eLk{E6uFGhJRda%ME5RsFYc|cQBlNrsQni_mkQWmAGq9XcO3L%_;hii`}
zYJ>OmwD_l3ua)N-BR(k@MAJI50JDXvmZLcw8t9qXaL0#>$7(dafU)HC=k0SU3%|bL
zt5mq(Xwav}(r4P0N+Zd0e42GpeBgAofyaOJci-yZDalomU5s}cs}G>4xC@|y#F9pu
zwmo4hUegfeNmP^@N7V0mO6w&B2Fth%gf`>S35nv0`*}qKeZ_fkUI~v;z*YcDC-v14
z5b3P{&P++e3<{Ez<B!9ey}%PaoVBgn8w24OO8&mh0eRnodWmO$<@PyQxEvi98a1dk
zxGa!yz>Ww6!+rTgs>X`v(D<ic!_E0g0dJPZdT@Dy4TBlNBM8XL9o3%{cc69^DK31+
z@pQ{A7tpgeV0W`#d@+f2d9kaY$uXC?H;t90-5wLVq?$p`_b+rTjpi5E*3^vPO>Ey|
z<3n_CicUSORl#y!B)H?$Q;$xL#Dw{tUX<?tJ;DVkvzvW&MATvzjJi?)9gC2-JmxT!
z=W;gDwS`U?U^|0c?Q*WJJkG6Gx<|{+BrlH_xElEq94$^tOSW~y#YP_5hKBFlHvONj
zW;1xLFtUVPj+0BV#ocy>GLehNSr&FZ2-|Kh%I%M8XCwan;g!B*kwJckZGK%TM2hvX
z#nZN{Wbezh#m^cEMbfR^-ObyxP5P3hwa!pu*Z|qLbH6AlCx*nVtmtZsUV1vZ!ussW
z^nX^Vxd4!33BL&nCB9&ZIj`z)qkSv&0|wjXBro2a7>p(YQ@u|@CsK7$$f@>~3hc+Y
zMnGDypWK{S!`5+s@M~%1;o`+Ed4XR;U;L0bT5aNw#pAD+7duBaW1Jj3=|mYwzIR)(
zaIg~Ki}c9|Ma6ggbl^HKL2sT_g7w(E*ZnkJAdL?9!&TD<eHlXOx;fg^F5dnz*~j`c
z{r%6M_scS7-b>zLh@W*<k3Nc%lR})`M6@Xuq-IT*uCvGJ_v8W#85NH?bOn=wieJX8
za2C_UhC$g`W!Mjq(7OY~yX_E4ohA2C@gnSGDmL8;ysqJH5>s|13XJ}=_UC)mM3Kv{
z`%6uHl`ZEgiM9GrGwHNvWA|Z!z3Fn2KY#w5KAf~;%0$4%94vZb@lnua3j!|36$|um
z58bvhQ&LhwR|6l^r#g*9(@g_G8yg$%_4OmYRs%?8O@qY$e%Yr#u!$4`NX#00Q9VE1
zm{N**VmU3=cdrJ$VEbNRQ3zr&D8%Af=~Ws<O_%G%ynL#)eSMv|j@akBQ0GwXb738<
z?&!!4!6Ku-R|ffBvV21<XJ`o_%oOo>XV_35wDA|mE>6#wm5WQ!+L}ozIjOIVbzRKW
zc^ZI+_jPa2w$LlSuP*CAQ?^Qog#~TOl(mvBQ3Ixs?<8qc68TzJeZ=@KAhaVQOnneK
zr-A`rjRW<@djCsA&$LSO=r=`Xr{0U8(=x;|{I2-$2kX&W-m#eRuA!tNv@;8?P)QO2
z`b*InIL=xd@jxwTWFkp*3q&VZFLGF{cTpjWW0KyxmBEM^r9Dxbxz2g4*yrmFU?B*-
zNBZ#A1B;ZGAKlu0BLiKhBb`m#c|finfq;U`M$*Xez2bn52TK)wILiO!L`20=r-!QI
z3BI-egKpqOB}FTRCzvjJ6ovRu2awhHb10PV?(_6Vy(pB;6lTpz{z&;4;^45pfSYB#
z{fqpdXR=TAj-9f&;$e}IXwns97dsQGTtw6ys_C3Wz`?Jtkw33>yv`Bx(N3h4jld!5
zl5h6>hte-A!^q1EfJflI)jW4uYQ(=;@vEX$u)TaaZa#t9j8Z!+?&b$c++Xf9+^dWd
zho^#n@&`5qJa}qdM=|H&T?IUz^_r`(Yl0<}50*Z|u|q!4?aP2A=YxC+Tr08#onTz;
zk0Gj@O>&nmh{_t02s&xGKxw)_T(iiuJ<yyTK>!mxc^~{LmD4XIG4<CnlHG_{b;p`D
z@#Dx6xOgtGp_+icGX{Aaq-IQJ5t57RXlqx1Lme0CR}j*q@_tVKzkd-KYbCWbJ+~Gj
z=YFDM@VAh5tj#W6B~1O-cr3FQ+39{%&H9M<?fQ`!+3nF8C%M?Nam4CmT%%nLK6%RP
z7?JN5mp)Xkr{1Vpis8j}-jR((wMGeUt*;e|$%0=$qv1^5@%!KP()Rza79dNYuq7sC
z-PuR4Y&rR_2I5!W{8V`VLr3W<Y`AjDjeSm=``_fpa7><dO=>#)PLv?wQ{`lZP`RX#
zDgSS1y2;i)cY%io#&gwyTpCo$1VRkmZ@QHvGs7Q`_!?iDlp8O5z{KV&G1t6*H0c;b
z!###nD214R;SXJbD2htMhWC?AN0`!dsK$hwo7jH2Y@1GtK$(7vHh9N5264!EeABPg
z{-48ypdIMPNb%;<?r`I`X%cTZupcEj#;QQ(A(ge|6K`)Ed$X)!sx3Ab@F@f<(jqz!
zI$)zCBN`KppF5x;FbH^PkFnT$js;%inrDd?g$5C0Xp*iXN@lwJbKCy%Ac@}-ON~pI
z%#7tCXg2};ax|yqufS`IXr*pPgPucwsApp!Matnt;d+qrC9^mtaP7bfJM&70r}a!Z
z#LV{4;m>vU(}>Ba*Rj!A9&i8_j``-bEH2r=qDwo+f(;I3_!sT_+Mt&}ElK54M1C>$
zeu$-!Y@1M<5Zy&wf@rfO0>7W)I@=OQnbtQ58izwA63Gk1m62hG)I&HUaGKJ49j}k(
zVWPi8)^l1;VVE=Ymn-zadrBdpq4KvN))hMLpl5%r*Zms*H3n9`^XOaS@Sb<k-91|3
z=MNb7FlvP>+<cs*Gh4D51*{%R!Oi()-xjYS-g=f?GWUnu^_^jb)NFyq60+0fwO6FW
z*0Bbk;;)*%EeY)2<#*CBz)xrN%AroH%Km&0oM%3(QCt?I<6qd`8!rg<Zp?cXx-VLz
zjWrR!n@VD$X5$5qy+hu)9$zb)5lJQI@O1Wlm6pveST7~nVT*KWO<U6y`Kck}bg}yx
zZOmQ{WCE`}d~I?|=BRP^Nq%ms{jMsu>Zo1lu-SdjXWDlzHajKSLs9khZyywiBd$F0
zim<qua0;`Vdat#;6#{Qd|75hFnI@Z@#wE!P8vG=%?TiR&x&~=<pSAkZ?|PNHOLl-@
zDG<CVkUYY6ngcc1X>l_s8lmGZd-6ckdiNT7QQ-e=0R*Bt+B08hK|w+4f^>(K$Y?0H
z0*W;SJf41k9M8l~-^5wZ{J3)10z*Z(P1|T4+io{7rTdmV(!2FbloS+DC2rS{@tuzl
z1sfK#Q{78Vu>O;D=cx5&rF?6?C{eg!$qjR3b5mXbkwN~P`ZwL}WOqOO{?vdmnv=<A
zBQm4~hsPoc((lv1K0BE<r%yMln90_NJXM4P*)(qj8j{i<rf5o3CxafJhlN%Nff%hp
zN^>QprFvu(t-;>Q{~A^~BT4EK*}Zpjy}}x>#NGCcySVLJ{ch^7eV*>G=AhtEv~&eJ
zh07tkJ{cF5WaHyVfJW6{2c;RF$2`LmQs3buZXx_#*=R2`AfrM3=Vt^L<fpI8==csN
zL!?X@6v@%vkRTNRS5%*?=;PkFk5k}*1}AkC1&heNvE|-06>n4KSw8`b)MAfs^b#U7
zIsHasBr_9S3*zZLJI?veoi%i8xg&QO?-IIw=xOm->|XXt;P&zQ_BqZEj|l%D4_2nq
z-d06f-Py5VgguhLZLw{KX~5T3N8DbLT_BX{YV$S-e}UsY<`-P#6-`uyo>xgCW>TrB
zsuM%BPM6Q&BK+e9eav3pdBF^`ngNqRi+9&QUQF->b#W;~nIF<LM9#l{z7)Th74w??
zbbHeK(itv0>gBCHK6#(^Y>5U#ER<<%_VLzUA%OiD$_O4x&Swi3CUVjvfN2Gq3Z0TI
zKSNMu=jNESt$1}MSegM8_X(2Ec(_fuA|B_K^ZaEF8L{7b@F07i1)`jbk<jqa{nFVD
zLZS$mXMPn<CU&IMM@2<BHy2O#b(IVc{8|+e;3g53wIFnV#qIJ+Q{rNaM{|%D<fNt+
z8&fxB#G`i!S^pIHbfuRxly#v+v7yp#Urf{HXkoMCOF6ix=ek<<*EH#d*<<q=A@F@K
z_Ejt=U#gwhmRfA4@&M79rLzqPdHBf8ar2XD&a$nK?+j-%%OoVVydNz4Sl&Sr1%SLQ
zX6{0qCe}dA{WoU|4pr#%KOAN&H+Z`*EMZ~jd*j6sx3N}pIN~}i6`|DPST+i{6c9Rw
zrlRY5a8rKZy>gg@-}Ssr_X{wVI_S~W75BUM^HR{uQ_(6ge#%4~=s3r`)9)%bH>MMo
z2SRLp^<Bas>t1yRARo~zu8Z@U@;kG^C<Tvb`Z?mGw#m!9W#$@V-oS^G%*r(ok;++i
zJ*W!nai^Rdh-au08*HHS_NSUqoY5=3n5?!FGlVn{sqkCHP_KT^!e7UIOj?U@#wX^=
zP@h*=kDA~bz(q|V)2rY!v#12H#8rZr_5$w!PMDM3F1-Q_zTll)y#i<n)}%ET;KqI1
zmqGBKa!=Hyk(Q0oAWKEo1Dc_qcSrkb{`bbJ6iMBDK?}{c*Q;0<U1XuCc8pApBLW*=
z$nZ#z90w-RHdudW&@HLyi>pPDi4G(hAz?Y}L?DM-4@KU{8b#W)`($hWhO9WAa+ahv
z(EZxF@<4hS0q@F|j)RsGbG_$itKCi+zf(Ivc`4rY-rZO+Zr_ehN3pPR^roDwB;1<t
zdoH+X=gqq82b1j^uui~xE>^(}m6wPN=Id<X2h!%d^QpUVQ+`0l4uOJWT_81cP41;*
zUU}B4N=kURjr<yV%>3qjJnSib@zmmmgx|GpLNGa@COr{`<Q^w&56<{9a9!J5tBhDk
zAbk>@%q>(C+1cA$_=j315+w4y<Y{x=`cxq-cKvz3G#_J`j!a%w0v^LXgoZ70+=pn%
zBen<A^+c@fPJI1*-5+mV@w4+wJ<0f1)6Y-gxG@CZ`S0fl$bWl_WS;%=sTsy&pYl48
zjM8LMw%#Lh33o^?G+puD#C9onJM?{{cfg5m$mH^a)BOZG?6s!S-Im8zw=!3rjsC|6
zqggqHX`_puKxG!vST<TWPGVYD&F7v=>u9M~3!x$ymYIvKDHlwJo=w}I8;c{-GO0<d
z%qZ!~;+dCcZ#>n8P}+^{C3WFjl%P>>Q$=1#STC;RBdrXC)r8Q;$H)8dcS8kuQhyf#
z0nm?!fu4KV@G-|BF#Ns!kUR_-|8bcqs!R42Q1$wFnN21!juNE31)r~X$`&5$^qXpI
z6vn5IYj1rF*a2tgnfSaxV05CJ0$`jsSLX{6jERFoeJQ3ayuGwV4=gNnogaqZ8Z;MS
z(&`(vYPeE5t{QP81hn)X9c=r9waAFmGE2w#=;VLDUy6^1x7OVM+d|+MI>lt#&1-dg
zAyduy{?NYr0|Ds;Wn7ArG+A}TYL$5#b8)v^W!Lyu=-EaA-&&~b=Ne?EM_eNMDs72o
zbi-sF8d{7JsYiPpPQ4p2;58x<!^dI_oQ4*)J9UNMGSA(?w}G$C1sH7s0JPr<p;j)d
z5yV<)vM1@^_IaGHXKx=#R3+*o$7oAlo-rOjyhVv+A{ZFJ-VkDC=~z8>7k=>Vr17ml
zyzn)s{;-;1HBvqlDaqwkpfX=HKdp|)?Ru$>!ecHnJLOu!5P-mWUR!!D=iQs<$!?lu
zSRLBU+s8hoTq5dwD^t+%t6a&)r&@ZFgic$)Xx~vfeYUo4Orq_?5erTE->_t;tN)2*
zI#l^_edYR}`6d7^o27<>hIVNOh?_{}^?!U!zuj!ElQHEYouWdwK&2ICN4wV+M~yuW
zg+}64*=X!QU7sxu%K@RNj94cE+~92}4*}k4O@iw5H?qkjla>+~Tmgj6`l7oPtL-K~
zUEQAkr4b!`B^H4V*FD{$jf1KPzm<S$=8AmGF#{I9&mC)qC>!2&3`Y1tV%PRPk|i<h
z;BNyZPS2+p2nH80XfQ~#b0m+k4M^Lceq=iXs#ou%x>COD8M%ggo34giY%1$Pl<1T@
zZ!f3V0H9+GY@R7r8_PoR)^$5I^6(7OOy#Hm#@I|vs_$n%)hSeS%<H%*G1^PdcK!@<
z5*!9A<i9+f1Z|L$2iUUwDSbJ<PGS!BG0#9xbWpX;S<jg$=+WuJK<^a~r85`9Hyuqg
zba6anO6q$=;ujpr5*RG~yY6^Yc~Dd1doXb$$~(JZdu-yfI?-`58S-dYAm2Cb`4K@{
zdDzJt-fv*SAUBMc{)MM`@s?=eTU|~K%S<>li3JF#9ek^<6V{I0GMmj~0l8H|XZ$hZ
z06)Ln0h97YZz#h<*@0uqD~V>+L;zubt=mss5)*?8_#SftzAxOPv4*5=v6kY8J1)q$
zgL4?T<l_Xo94fYa)b-%j13WXaRG0`EdHhYMec=t$37Gtk66^<fxH1c>^<2g2^&U>%
z>Q$`Fp-vnYM^8Me+bbQsb%TwYuaUGo_O6A)GndgkV|2SA=5bu;Pg$=r0yM?w?z{G#
zPudebok({2KXS`}rJ6ru_9u^(GpzVtqS}6xi*)OZq2cOvr}-4fm7n9!YQ6kv9s6nc
zWbyOi&>b2&M#sHRLZM$oS$#TED;XQFT4QA#jo^01=aU)Ur7?|&onUf&fRkMoIx631
z19y%Y>+JWoQ13-T3XavPQQjh_NYr+#tT&kgh1km37%=OH;1p7^I}h-pkI%x#jKD)%
zwfhq!cEf5Sago}t>#Dr^_<+q{AIGvUH(HHouw4RvUM<Z(_Cy%3Nr3qr_NRc@iF5QK
z#2gk2x2bmzhYud!yZxF}&nm*0X*>3S`=SlLzTwe@BtNEyq|8l;)F|oJ2V+m)D@Dxo
ztOuM18X4G1H!*C7*;MqiLDu<-^q>UzCss+)Y>-_<_Mtc!KDo*tJBc<dymFaQ$dl3I
z1*s}{orh~3JFX6A2)807j$+0j)5%#q3r<_-y&W4&B#Q-&M0{ql-iC{7>dfT{TAF{7
zC<wZm*3+-CjzhEReCxoJ{2eOk-%(na7A4PmX;uKvVW#vtS>b5$g~4DIsxc^pRfS$}
z7dMp^B^)oh7#Gbb-I%IAhFzU@G4;YGv-~p<|IdR(*t~PndIi#878#3>0Y`;35i*ro
zoi8Jh{wH|<nH&rDE91Xk@Som?q1uqs{YSRQgr0sWl~KZDW@`F4FnJj4@osbLrYi&m
zgQmk<=CUh_0I4(>`K{riS+m&FLVHk<oPvU(q}LSl;*;aW&M+yr+1D{D4|4;rdyQOL
z9w}pO4Rv02)Q294>Xn1bo^MhGulEssl1w`hmD>-3`b~2`F@quDJAR3I40yrVW*D92
z3WCUZx0+I0xN_db$-`Xu3n!xYs{2YVr}5f5Wdu}G9qSNL{b0ww`B=@4Z41;lCVQ*N
zGRe|&zJi9XU#Wf&AwJ4zbC~?Jvp`??{RsJ>X=7o_i;_Xp*uAwZipS3{*jKFH*P{IG
z5smB)_ZH6L`<8{DH2jbF3?qdL6tNGK4>HMdTQxPU!5*&Ir(FH~Gj^K!#>Sc}Lwf3_
z%?uYVh&9jRZY(Fb<U>z-1wpE{Sl`0b)vK6Ir%&F2;nzw775ddOkJmqCi^dyat7>hx
zpWqK{$K6A+#cgjlBzjl*j#D0ucU;I%*i!uk97FRaThg^?^446)Z?vD8YMmB!kCGn$
zZHg0z=U=Sh2I<{V{9LK}{V8VNvDMUSvA*4<WwbB?_k_^^H{4=P8lxL?j(X>DdHV^o
z7q$xebYcUUvRw71`L(18rLOPx)5Lgy2MT>bh)v*GVC6Y)iG0KnuH7Z-V>=W_B8L5-
z3RK})tN+ck?gTRuppq?D$hZYf)3$t=G8f6kfoo!RE0Wicxd!`&p}e8z?x0z1b0aa&
z7Wy56FK&st`b_RgDHh%riC0qP-EG)I1na4XDQ6Fyp5MKW#P;NR2Py8aQJfRIcm_QF
z4dfDOi0drUdw0I&Bvv<}GB@RCm56+b5qt|ZnFa`Iat-$sIlU2ei^106_Ugc?ww?-8
zkI4{>XZU7tLO-e<>f9zorcTdqXs1Pn<%=xCAcF^>J{r8<iA!j|z^TGZC20=(${eO{
ze}+4eR!{wR!er)*IBY+wv4q5<8jmK&PHac^9XcjC#MF165nnqbp9lSr%4;bY(bK$7
z6dKr<$@^2HmD^)SuIq!5w9d3AU+_)zq=kSc=&>5jqEmQh@`rl)r8vRdL}VFp-h!nu
ze_%>Z!6`V0PRLei4OzHdudVp)TUpJ-RPYnlV4)Fw^p;BY!~0Z%On)<Gx(fvEj0|Lz
z0fhPJkTO4YzNI0gx%j}SOs5F3_u5GV1q!by(gb`kQeY5JMkimfQ=@fNcqG!2vE}I^
z7I(K*D&Ps*T!ZtXvjuA4;$SHAK`t84dMLur9uQcUq{o6>MhTKMRk(}Z&;CYoLq%4g
zALtRuL4HprGN6@z6qmiViXdlguz&aR9$)7^nP(7@E7-DYVf~v@9LNE=%SH0|`NHum
zfyGMX$y=Lt^ZhBzpJc~eEBK%BkQGJ1E=E)6$qF$fT=k;Mz%|m!a7!G``(zXgNy2q+
zCGD|Bc}>bn0e~0(!6_HK20BV;qKQjh$u=Tzwl=q4CkIF+<rBm1-La(vQZ?3_c(1=H
z$M0YK><BC;U4byCD!ZM_%Tf^N)C9%PF!o2iJm0j-ys%8U0}`e<u8fj?ZY+IvtVr;7
z`!_yk?ZO2eep50-aS*R9gdHyS#>tO7o0PzPNBeynLd4_h<jTRSAbcF;4_csTR5bSc
zR~KSi!s7Akp}VcICU0r}lYR5ib*zAJa)aVZ!xa31*h@wO<*rVy9PgnJ8TWWTetMAD
zVz;M`LC{g34L5Z9n!eV_<zNRWm2%s)r*yilh8Pr#RHm$|qC_IpS>)fS6C1yC_oiM#
zU0s}YR1)YK9&5K>#n8v|Qudv2pz(A2i^zK_9-eyM?xf;-IrBw73LHZA@oZ%0#^QON
zX~cDPg)PyAvC4zO_s6Kq@ArmKzhK-DL;&wSTp~cDOXhm4LPsLe>pH6dd^?;MeoUuN
z`hgEb2s&<Bq)UN;yTD!}@vRGGv}k4h*7=aQPOR#2&|8HRGWdgM=L>afn~ERqh)GzT
zXhP9PH5B4je`c60$K9gDt+l|;BeYG$2O=w)Wlr{U1AKA2C}}pou)H@>Nfzk8X>uq)
zp-~yOV#GO{utYN^P~lY<Hf#_HC@LzNVg3A(-qHUbxcEAewU0|-An8MwheOO-qEx=`
zIg|>U|DrOwT^1mC{DkWFVZj*oV=5!Qc4NT#mRf+FtIPw1^F+AXgg}sgPx5L?C!}O;
z{{<0US~)l+)#)HsTmMpgx6`#w`WsYPbe_~V*!%3FmVJ2Ax7>Mm1=68mbh!{+UxTqm
zWjIgV6c9`QC7i@W-zq+pU{7sofRc<5qOti)9iRw|Q39TBF=<v!epZ(igx4p<g4NFa
zPFnRYle&;;_?3(jV++sHO(gjH+;aF!CcOtKm>5$jHuK#nu~d6*4`Y9i5Tr&6p<wr4
z@)nKH>)v*#$V&7MS104S0{L-L#>_=q;!Sw5xa5(=S{*a?(l?(F1IX@v-Rn?`0wMgk
zB}!&=USFKC#oz$O*K)9^67nc?U#X;1y38M2g!Ix<j<(*`KLG%9c3Cd+5e{*ZjMQ{G
zg^bNmuzE&nE|5}ldEt<ty@nY`rlj#+lclRCw@rse+4}4Qr|ZU&4zAsiO(Wp}(^Y)N
z+$6;Tn{4js7mnRL3rni5T++nPg~565_L|H`aZ$6AeHz+o|ISJ{RRcCMK&BWzJ)rL^
z$=o_(D#FBhf<NApBa+O}oFagWUGqFNfRU`*?ebtP$2~Ce-%uu>{OX<f=9MV<+gYxD
zqU$JqSEppDH6!0LxXP!2D<I3BE4&32sC)EVwNmqdSyLbd52&S76b|~TM9k(cudRSi
z)a%jFRJcoZ=ut~@YFTeM<y$<1e5?m_Rp!;XX_`rM$gKKmNp>T79bVesbev|Sv!p7_
zWh8rf?7Nkucyx?S$qZjTof43xavR+wXId{lPA?WXwiTbg$IYU^b{^D^EA}D6O?NhW
z7c;|v!X7qUhvV1cF+JL7vmv}n*;}F5IMrW?n44*6sLK9JMa1dBkPJZ3S>rdY<K-pP
zUEn&7eRq<Qz~hxyIMg8Ds$=_59c=<B$ml2mGwTCR)U_Vu^`_8*_bee140=n@Vf%AT
ztcJ`9ISvi?4<5$_feZYNv3a?zwXO*rs+unmYo<?zC;WYj>o;31GzyzC|A)C?@0&9U
z*B?Jo{`HO!-dXh+`%||CIN7JERt0V$Ki-c@)H;xb59dpA!hVaN4$%8Q4=PBLeq<hz
zDRL6Nnl-?s@QNqw_m~=+!S9_Es7UY%i|d9fd{0s<Iof_;Xihns+00)<C??ADZfNE)
zXVqH)%bZ6?9#1pRcKiscW4>~`_+**caUxOs^7mt56|!XGv9rIPXA3s?_0=RCqVNI0
zI-~>FIR(nv0<GQjlF5MPwjIp<(weV)RmSFic@vD8jp#gF78M5Pl=j-??3m^~>j8XI
zzS6EsGyG^xH0Mv`^~cjZVrz1-Mf*{miK>gy`p)*z@{^jQW+-PrSzeLN)1`I+GcMdZ
zsiHt}bUWRYvqe+MK5?uNKRfIdK}iaG;rKU*E_vIujI0oL%@J-C9(l?>zF9VIcpfTH
zYf8p3Rrs)evHxOJ(lqL_F#U}(EqU!eenHq&k!yw}@?edN$}t}KEg4DfdY$bS^S%t6
ze>cVwKdue<M=4|6TTNCV3dsZJPClq?G>)du#o(I*4Fn)pM3j7`2M$qQ^{?nE(?^*Q
zU}$yyR}3vS{PBZ)vl40P_N7BY^DzG#Ov+KqCe0mSFBS(Tq7~erpeq2vfUHVCp)Nqj
z$RzRH0<X;9EKZ4HwCMZMV|-DYYhpZ8)UHh6qS#Ps*&Jkm6);Iy0YEzS8W1=oFoNk3
z+C}M+b3XtoN+)^Hkcn}3aG?Z(gcY8@=Z*Q5TlB_zqU-2+WCU1wlLBa#aQ9lj<B;vy
z8oT8wrE-hWpi_5$iVkB@X11zqgeVVj^V83=N6F=#m)OJ=w|01P61Enm=NjVbYn)kH
z_^FJb9KS(K)#B$$8<{`HEB#C)EQuhW#qF2YyGHe;cWc`V{)sc%=a3fY%H?V!-c;nU
z`)6q8@*|=ms{Y@Kc<hdVvJ8TkA`xXw=-KW~7)}e<iO^rN42j0S6wz)&pmxNLJPLW7
z)mxmO6$dn^<!1D%qE0<jZjHPu)2*l&XvH0uCgW2liu+g_!sJpXgz@(%r;&fdH#;8r
zoxUAvIU_xL<q>;%R`h*0H0Rzdn)apC-L2%w)_UF~k@EcbgwB&jSE*d!-P7)D=_2Od
zyZy0)v2(&}V{k4%CpdVwp*O2(Ql2aviavF>IUP}@ut=OHTh@AUWnZ!2tG`wFc=!8Z
zoK0fJ31)pYBb#x$#az_N#&r-ZT1Cx%ptEJGB52+6l%fi9d<NYyUoxddsBeB?0NKA<
zhH-{zP^@8L_EHOmK+g(E<CvBfPNWfXp0#*pX0(&6%?C~M@dwqUteoHky>>{3E)n=+
zi=!bx&;)7kU^@?Aa8(JeD9-P1H1De2%IN6rmVaksi^2qwLgovnX68Rl9;3yVDGGtO
z0K|aKO0T$&LGGes+$zW-*uM$MTQd(sSGWgQJ;@#IjDBcM=J_Lr?XXEX^oE|4<IAH0
z#SUa#G1^EHiNx`k@E!+<^~Ns0d5x(U_9!oZWb)ek*b6NAE`K6mpl$6Bo*al7xutUL
z7>g>r+PvfA{SR*#G=RKzo@)cl_L#G2?Z<C2$*p>VttbPFa!Q(`y+f2TbdtRDU2l+c
zvM`Ws&$u`~SmT7$e8i{7ivauXGK?-s9$5%oXlE5n2H?8<w*L5D$s}pdtdW!aoXA{l
zfA>E&Tuj_CZgS+_QdHvryZ>FX*TJLE@nvopm1_xg(ounyDIK!i2WAr>JxjeWd{jxP
z_4)n~)~D%DByJhccz`B5ki-uyC8%$*iDW%oBd1&6RU&Q90~Q(*vXh#dj~B^@NNwb3
z{cN5RJrKjbRk;<EKT#qan}n30i91Ze1iIeZ0a&`=E5eNmO5EeB(J%p(-1iH5v%6(D
zY;u^r_Nsq%8#tS&Nq@wz2rMyY=tNQL1FKS-HlC#>lCKi?zT-z8=B}t1!LP587Mlu$
zVv2-}WDoutd;=3GOR)Wgk2VG>g-pO9d73J1%z)aiJdwV?QyaD}1$u<L9tTqc%o9^j
z8zzR!<X%6`JT5UY!Eo-t^RR4D6r}+8pv>Id&Ce2hL_xygc#qJ77xvrU8lOR+=;L;-
z#_6_3<8**-UxIHmgWX;c>`f3OBE%FjI`v`u)~MT0fYIgGg8+Xen?@S7yt5AkvAnqJ
zCKLlKJKXMCOg+dq6p6!aaS{0n;Yrhvoz7G+Y92>xJveG-<->;Lle}iKn3lH?ERL(B
z#HW)+8@sc(TfCv;r6*)cA<KWR#YySKhM-$t=H6o9P>*(5h5ohZ|8x`Oo3jlq{73(|
zu|Gx;tIzEKP{7_h5CqqJzOz;fx)2>-*_Skx@0!Q68<0BMhGt%_zR|BWXY>7H8}-jr
z+==Q!lKCZ(S}@N0>1TfN-|!ocRrpR5qn9QQ7MhAZH5CQPJg}#9)M}orsnLB8Yw7&d
zTdgsu;tJ$E`YqJkdZYYywA{=5b~-fR!v8HonorSy`#;R1ID&Z``yb|!zS_sbDV<!$
z^-p3G{uBgv8$+=&_}mW@X_q*^I@eiIUus(Jb6ugsN^R#`4&TYKNX=rdR!35pT7QbP
zCJ_X{P@R~ZOds3Ee>`!kQOppx%1_DX@}_EY-y1{oXUZ#D)&jJ+(o45BkL$462{bi0
zyL`VXZ1NGve4Boi%(Af`cpY3AVT*!bWKhtsMGce>{#Og|ga3Y_u`*1gI2}n`SxK7(
z;*zX%L=#u%n2zcJ5Wf6u*2fHS)b<NM-D+<IUL2ciTGS@<MdWd-eq+ZkEK_<vhBj1<
zr|CO0R`b<Fkn-ecz9#%E7jY4Beol8IAgw-)tmSy)=zAN&WMqEIlmc^GCi2)QvQ`sB
z4a@`|D#Mx>tL2wihEibHq;4Z7`K0u*0UyFlK3*2k_5cG?jX;+@MdQo4ZIi0e?n+OE
zCe`gz^2v}K(*uA<uz9)AlxDK&Wm}QPm_rPBTDbiPx%JC&(=K(P>GhY8#$VxK)Utn*
z<URwVchS+Yzu72pBnwo;T&Mw3!^q&XN&E#YC(4#%aEK)aI@3-z9Xh<)J*UgyOj~DR
zmz;hj=ab?lExL37Q>Kzk!qvoPgo$__#w?cmU#Q6^I{bB8<B7qjrZ6Q-Zhlg9Qa}_|
z(2pS^kEpOpz(G6;uOvgK9Imi0_5AT046^T+^1p@b#n-46=?n%48ddaV!!7AM2L-x(
z7+x!#u=wsJDsAd#vc+sNM9Ct}j<0kCgwvsui6lHQ_S21|{WUeBsjOhu-2GW!wV2!n
zh;UbySzvHXUCCKo-E|KL8pB(_y>^KcEF|(-alBGP$PZi3%k2JRbZvRb1NFoh9U=8m
z9VOJm(h~|Cmw)d3PwX6(xxS!_Awm`<MKS#L$ja|kcX2d%zkI1mJZ(f++z?oYXA_%U
zF|H;@G?&4TUJ!Qf*up>kHR=;Pc+}aYv{SUzgGDII^=`q<akz?7TDSc`F9TN;hl>&m
zc?0%XIBh>xW1-5f^k+`(Sm_>X_4iT~9Z7BPw^n9Ee@S>E$@ALFIE8k>Ltzf8cH5m$
zVC2%p{L)I4j(vPA2<8jwM-@9ePB6>MX%TSwx*}%p8UZy3+VIMRD;(3v1pJM-a$ki*
zNS;5NIVUR=tJks=o_Ny!$!;(b#{T!WR$-z=5uZInnQw+;HF}o%`Bg$2h=?QsL1Ug+
zL!phYnr!~m?{3>@=7Wx9Gf8VvU1(9U$g)ssK(0e!tZRcrtUNz9KCILG@D@|^4qAw+
zSEh%>0ZgK)-}2i|x`(2=K@2zie2o%YXb}@5?aM4J%(zUk@ey9JDESQt%m`0xy~>-7
z+mSpj6UaEF5a?kH)I@mJy-UYb!{o5~Q88LSk^YD^K?ic%c9f328VTeM!Wo?G7>251
z!R53g@>2-Gdko~GL=$0K@}qg;JieE<4sG}V=EodrBKF=BJ2~dp8<<*X+~n?Lka!r#
zY=jzs1jMsFW!7SFE`q_s^^n9ZNKw`C11rP+7UAc5zbCzqMs=A{XAqA<uNzYhFToL)
zRtotU-ea|MRalr0yWTU9!zJ(wpf4;UhBO!Vh8gbNb$!-3nDnW<%-zD@4Kewka!mEz
zBv6A3ty|xvT&OF&$xMlTEU}}WNQ}%drpFy136wqBN4b*5_dOqLj_^pL`~rN$W>x_H
zAS}cgUyKQ$bCnxXj%0O+?4pfAsw5g|PM*r!+<Y<e1FB9=PRg53!+4UyN+kXRZZxgB
z8LAP~np1p!EA+>Ebwv(S*nn^>jvrxe7LhWFhuU->e|?(LO6D;_2G*rE(RcQoy>keq
zTUW9_BL}1)%3!jwz1CrzAug%HS0L7IVi)E^LF5Mb=Zs%+>eA%ix&oJgJmJR7_=;5W
zIfBco{l>fxzn^|8YDi~0?9cT9rCT+WynMt4Gg!QT*eRKA>gDN^Bz9s1yK|;z9Xd5j
z&m{`)KD|8|R1#E8LTilq+8m~yu!pxaQ%tr&k5ukt@8ZcLv5>jWua*ULT*~E{{coo2
zf$%DP*vGd_x0$P(nSYLE6ByiN$3ARCgmYdbb_1RuLc)II#MP@;%CA2+io0p}u->eL
zsy1(((#*t+d4EFkVS?h*@MOlYEsd?z=lB2lGEVzz2wVeqXOu=ILK}HTb>FSjTLC4q
z1<+-EJ<7bohX1Ct!wWE?m}V8>hBWbW1bz?2d@yT0dl0cBYsU3{87w?wl{q0siklJW
z_)6Ve9VPJAZ=R`zCm>$`^N_KQwtn<-HV*AyE8xo09S9}jt)ElR$dHD#f+xnW9|lpI
zJHVzJKA>uI=vRd4fQ|?;9MB#}g0PAwt}aSe`yL}UK-}Sk&C23Zke}MoZtr_xz=?PW
zQvd_ed2fbpq>&lomWCu{U69Cg_oF%!%^!0VtQZZ155Xh2c{$Ae7OkuT+47Gc6=gO#
zu*b1NOWGg`*5vs_A)zQp@IS1DGq$g`{TLnbWlO48hu|`QAf?aBsbjCor_?PtH5b_K
zY;C)?m5Gx125f-*d&@Gg$igIlI)5mm?tp%($Ua9QwNS5I0+KH(OJS)}WRh?}aGqSU
zNIFihqV`ug$h|wjg`aa$=j-i+&R1_YXGhtNYObLg8ClRpDvJra3eCSO<v4Wg4XiZz
z;zr*UgP!HK8nG*7GEt9I)PRvfbAM)3LPZ2^AOH{qswttd$gr1BqJJyqiLua{iQuC$
zlT@ySibavsjrqw^t;BCJ_G<(xEGg}rA`b865BgsnK8$A;Y{1CWvyVbJ-z=7aYI||A
z;x`J7&&u)1Yuggi+Np;zd7dLPj8~aYg{9<(hSinOihW8aUN2McSbnJVdsm4KXc2+0
z*z0|Zd!kBk#UBF^!{v7mcsH0EN=Hr}>3Jek0Xv-9J5_&MrTdW;TqMJ7YyOcu{Bsod
z;nS@1`L|Om>B{02QKsw@q&<7A$^N9(Rda`aogm)~%|0rd=@ehAww^aXnrrmzf?zvr
zgP{vXUvU-&{!`uA^4s8&iX12Yr}ea)zTj+Bnd8<R_Bb0au!$2rU+#2d*Bl|DoBU4<
zx+Fd6W577@8r?{FPPkXqc*C+EY?)rFcUM>Ubd`o6Az8c_u+bAZwRS&=I|^6Qhmy71
zkh*$QwD&1Wc(zgpl^0874UfG%6AUrO3xBMa(gBIc?RC|heGmP+o@TcR=Fc2+T?%^R
zT1*@y$wAyEEbl$CB<L<76M_T{T(Q_&DYQ!SJV=fhULa^UaG&FsdxClitt4Kqrf(jS
zt<Z@4-VCMM+$k|%9@my~pbo};h_S(C18)vsLnn!L3p$dPd#io6H5~P;)l(bKXOdtw
zJsYl@t(KMuyQCkXad{^njHz2@&bBMhq_ft6pSbv&z5L+GA+f}!$g%+!I>l^l(^;Cf
z7}$1cdtZkY5PTo@3Sm+iyO5s<E$rB%lF_VLAWr^@<)NUR98jQ$4bMrEt4N@~feh5t
zgPw3Hhvw-{G|6wD3?gYAo$H$|(>e0qwiS#IEz}0aiDBu!6%<6Y>%q#lK;zHhP&zGl
z`G>xD>!U{Dk(R>|FFzKsQ<%^x^t8VGrj)JMzSRQ=R)T+|iWs;ldCw`?wV-t^;tARV
z1+6GP_lsC(|H9J&zs6b(#302Qk><<BFXt;zR{ARJUBCC8b#JM@iPn<%#krbFXQ9?M
znkz3qwv*(`mqqwaG@baE^H2>psruTBWSfD2*I^oNYl5T@m6TCAi{tYnI=lYg*L*9_
z(wD4W(++4j6*(+{hiwFnd+|bH9PZb$n`il-6ku976awH)N<4!iI)*hOFoT%m2UL%B
zn2ziTn3rMO8`a!Ufu36!3Oj+puS+7-|NW{%*kRq)WiTaKNXe#^mG0U!HeEe-oAIde
z4E!*dK9y;qkg7z}C6k({Mavbm(Mct{?oWKDFUdP!8(tEx<G4&NEG3);Jjk37`QCGP
znFbIw34O?GQnzd0G#j}Vd3s<!DQ#)b$2xNfZ9M&S#Q6zvpIeuQ2w;#xKA*oP5XEx8
z3xjmOEetTj`Shh@Jl@N|oxKs2UUg>}u9phJO54)H%8antjf>KuW%H9QtQ=-Y3E&U@
z^pqJ)hT0KmT}c^6b;e2rePgJraPy5h{~q%-mM}eybIK^*6CW}Bnh0J#JrCXFxp?`u
zRyWFiXQPO{7yYKjS+S;%`)p;IQc%cr1(!oXGB{*|_e*RXu?a{WE?e=WDxRAV*w7Y|
z!`B^|;1JJYDi%fayb!!dAW2}g;&X(m);f|bshA`r`GTzZvZ{S{-EdP1_Fnal2pe8y
z{wC`(p_h{V*K=pQwEuwO%=Z+v_X75IMje-;xHB?EapLpmU9F>KH#CZ%)p&%X#>jnk
zyYcDl(AZ=s9zz9}qKfWI6VfPpHW&HNl%HI=TL*b5ThqBG-@@Vs%ZramEYUb1b=nco
zvWM1h;;Cr*cxHRNz9HPTba0X~_`hjE1uXpD_pX;e!F|>DoNg{Z#X_?ubl1#|J*Oi)
zPHyG{mAJnT{%NmVBRE<`{Rd}SFm6K#JpGyx<@aDEhkuH?NoMZz5uFG}<q05eP_)sj
z@n5s-yndh>M6R6UNsB;G%nXh<f<Q9Ae(xN5h%&3-=wd|aR=s5qJ;6sh(;}H;blfve
z&P)qG|KpYv3JDu*kI+7yYaT3fQq&(E$r>XplOZV}m_>PWyP4i_qNs39W+Z$@q}Ea-
zxsnk`1(SV8&)1|nx8%G1%Ku?ka0zsXnfi@_-KN*+5APY4k5VEIrfEh98^MSyf|cd;
zTQfeAkol9m+wd-;eRq!4f=dE-b*N2MF6i?X*n-Y+KpbXbG6lsujr{+~Vq{><Z}%GU
zTKJ^0)tMYkuDD21|4k+F15YHQrnUy0Q(HL?f~f;UH<Qufc=Kvh7t=Lw)pn}-hcwba
zj`q^|Z?RQKR~*b>17Hg#+BO@SbVGK*99VV8sPQ{C%xMmk%6+#g#J!wJ?OXXD(-T7A
zkIew(`6oo#_Y1B2J$$(TU=$ze61tBUn7urMXq4iazGqo8f^}|oN(!%kiokw2dDC*9
zj1jVFZf$-x`StZ{ljHHfX~1%EXnDA$sb|z_8ORtmIU{A6DEU|MjYWXH^!GzcCH__W
zZ~tjOY}#~KNAQKU{9hSNz<+4@k$S{2fj1Y{YhO4X2~?j~JanrmcW-}dT!=J8^}N+w
z4#90Rj<X|B$YIofSE>K!-gN0<LJuK-2jBTk;;mM?1%CYID0yv=bhz`6OlS=<P7)mx
z^k9SgqwSRO5>nO#f2=k1KZE@voe^4DNbEH08rBSozIvf1()edj7tGh<LNb&K(%PCR
zTzVOpy>;Ez_!8$3pXN?oO>F9JPIjrV58jNkiQY8YyBc)=_ZZoE>^C=LC?cSY3=~X=
zmmkc~cL;k^ZZR_-iCo$C@|4|v_RNR*j`cF^p|>dDram$zL4L4)czw4D@n-9<v%~lQ
z(zxD%LR%h>s1TTiCi8#r%G8}pl^&ynVdK=2*R6i~AuZUwc8zaeSPz$qu4>;cA7RXx
z`SL%GvHxsp<VZ*qlY!mOIZo$o->Fv`8VU62Ki~<b9F<l47a=O1X;AR!{+lNAZVVtZ
z^I)Q_hs(P||AZWTK_SmLd<$WN_Yl(*_aswm!jp$OEI0x};t@E4I4YHNqo`?)hdNe{
z%+ItE+lj@CLdN;~Oj}+K<pRH-Bb0f+qY;`^cd>+YN-59G?m;P)O}PSxFI?&9*&#*R
zNweYXs^JWS^Dns_Ho733pW^n8Tzur}ESwx9CR}u#ug4a=+oAr_uD{mah9G&2-8~qT
zv&>Sw*L6<$q=<}yx`$WruGGkkH(N{F5GUmquf^tWX&pd7WqyKJ{1TNx=^1Jot&c{r
z51tg()7;h)WpK<h$%>O-#PHlAruboY{FSQ3P)B;MRv~6jzshxJl(R#Kh7*1*(EK}3
zptDfA(fjBXR@<daju4dX(c@b-foZftsL$r+NgF)fW8m)*!x|@8$9|}*@DT(U@r{%^
z*^xa2S6QVq{^x)B&$6%vLSlr_Q})dt_`EqE@C}w~tmIpWShZ}Z`p>d(fUqpM|3AyZ
z$W^Sya!!|jxn^uUis^_PKyU;vc~vjsYk63lcJKWZ-&~ef7;o|R)-|G$YTR(l;D<;&
z9GlhOE}53U7XKo`k6tm=0(7+3rBVK0uW!WF*~XI%g3oT&_~tB(mI$?@82`17_4AwJ
zpZl&+M1HgyI<$A+Rm771T7Q1hp4-MGColh7M?w!@5b-TDRM1#7fqh>4sPbs{PMT<S
z;2rT}Gq~M0WeYnhTT93&Ht*^0SG6*(1!Vq<p59ef^lZa14KH*GKDD{ri)7)_{gM9O
z`|Y)v_mo##!X+!p5g(g0`vatok=<w#AEe-`Z?oQDE0iaW<DBF){C{TGT?4fQ!$umH
z59$cjmzMfX6Lm#%81{qepPj0dySWsrvm$UtEqy3{w=ZVY<U9UX#`K{mb{1@if6_{Z
z0Ox-CDNvAco_)$0ToC#HkoA>8akb0V3BiNA6C}6>7#xBPF2RBZ26rd81$TG%;O_1a
z+=9CVch_&{yyu)-_kO=pMWv=@?|HhP?$v9p4sx&fHv8*2_lJXr*BVE215j&fg5sqr
zc&e~q0o2@M4sO9~{I=zig6Sfl@;p2+oI-m{W~e{W`Z;J;8l)CF^6iOz)6MZr_?ez5
zo&+S|Gnp^7{Lw;fzv@SYO~F%^^!2dtzklYx!nS{upedqR`n{I$bKDWbObDqdqHCkg
z03mwWLJTJn9v+&H%mQl<k1Cwo^e(ZRkAs*Ts%&HYNQeO;by4Xr1QY0JcP@~|RD%Y(
z_#oXQIH+fx(b9h<#0zAT)$T9x-(1rCWRtZ7!+9{{3}26CDZ8Y*si=M%^V;?gF%T_z
zVZb$z_LYY}+BzrpVaHEV@(|%_Pm*#9x^r}s3%gfentl+;acK>0bjb!tCZ6}6l(_C?
zAu{T$$5NNSQ2pGkg+6aW79#QlBs`)Hg-+n?1mhmFpZKFX0^3_j;Q?6bj!LPd?HzDo
zr=r4hsA~aM0=ed~gbO=|2lhfbEnO}m^E6!T?H|RSc&oKB3nzd&hgMX8{(n@9UB-@}
z?GOgPaIr*2Sj6y;2z5QA2KOE!J%yU=2&rSp>Z9fk7W9$KKC32VXFCt3%a0-zRJbkj
z|L7H)y|eOgCd;<SDHss0TBCh=BQ|FP1x3HRme-}!r)zFK39U>#caH^~uAq<V=eC)4
zpVR@v#6MAsWi}I8ej9CYRHZ~bMo^n>H?}2{`Y<{a6&4lp@H~=Vq(d}FuA{}%w*@}j
zzHLGs{O5$88IbN_dD4?ZZI-k}0%{1&hI<Z8H4Kp4`APz5#9B?Rg5C@d<I)78=>An>
zu^7%GT;hX)36Ss*!W^q(0Lx05bPaxW9co_B2p-2$XKTamU7~9dklP8`9*KQ6rA4c^
z*UovSLOB}f+YAMB*(>}Nj-PB)jgRseq-RQyC@B^C!(=QR$r9Yo_H*Ic)o9HZMP=Kb
znOq%QEtW>!=Ii6IyZ1Z**>%u3gU_PlXWm~ltKompteIp)=ksT8GLcwa5OqW{3ygac
z1*|<Q%8plvqJ99Ea~9D=lounM3MC2#ToIfd@xPxs>d|`{&g?s>2{8`=qi-O0n?LaA
zN<n57-h_UmfV9!}e-wLd0vTHgt8!MMT5Ye~Cw)!k?c!?aRJFgZB;f!WKPKLx!AF3*
zYpnsyw~K11MdHj2ao&&DsG;>d`0F^KW0Zxug-}RqqN}+)iN}@L&CfL4Cq7@VxB^Jv
zkrd;=4@Q`20d18=w9CisFTs9r=T46TQd1@z!2~9v8h6EB@uqgiZn0f{zAX_OXB|Tl
zt6msxAX4G}p=s58%e6XWo^;$m1k^B*nt2**`E8Bo`sd*hIT#%yUDeG-ZpzHO88oO>
zG|*AZssro*V!N2oJ^H>Wg>TnGT;ny&27|oWaO|RDWZpo)GTh%|;S<n;T8q#I#rPvV
zu$#NlnD;k>W*9NyTm&GjDFZq!k#X!3<<#`_^t?$EjCAd3HH6f!5xv<nGk2}#SRQ+L
zia#W)_Qz&=@=pPMABN0z!Nk-3rI?Q7IuIjmro5`PaLGR^qo>r+_t2+tk5hmfbNc?3
z{vMbgY|%O+A2kce2C5uF*sSE}eiJjo)b66+RdzVv07fiuz)KO<+<@f1+3LwU-=~(-
zzb$yj)yj)MfSR{{=cCkkdcS0Ip7a)bdL811zd#FQ%8!OO36)=(lhvz9lJj4)W}+B_
z2_=^$Ho-==aesgP|As+U|BcU}_vOSV0~+DyrACK=*8e4hVo6jeSr7(3kVHpv9!S?l
zUv;0$_-Ti#{V#z+aXED$SIo_(`Dj~x&Uoi@<Uv4PjCAGGs@-}aWMi7*LAcgj(F0!n
zwzk+d{)PVDEiUz!%54L(v>=@@%+U3z#j~5(yvb+OR021-;>mX<K+Sgp;@3e3NkzWD
zrdF_!@b6MqqwR7(4wtC^kAmyp$#`M{ZNlsceGk{)MjLLgcEbu8z`w1!ROtWudIg}8
zqGXg?BW+9qmCZX|Fl0*X*j92Jr|y$ZyT$e}GWA)11)PF{nT?vIrOP}!!c|YWwmurV
zg2!FcT!R`$U8Kcao(2u#aQJ-OH?<;}f79~s?(ZS<EPpl#J%SxYN~JMC8RG|&IV*#d
z5Q_Xs@(GFp(oG;F&YxbBpV9$;8N9Xt#|?j3@w>sE0u1|H$~hY>@~vgBOfr$2*%YeB
zl**#Ih~a?$>K^}dyD)tK92{^z7w?e&ed#vFexrBq_0JbpiU)D(_`Fuxo%l-NDRi{M
zr(q0HN{Se}!TX(2zc==l$dP<JZ+a%UDJ+nv*dlfkH}cY10ephcvdFdUe>pkzHiWZJ
zEK)+IKU4n>heTHfBU+vGV^{wq@R2R@lIjK*`+e@D=%zXkbX#f&wM@k$z+eTOjMSL3
z<AD9goR<HGU@w2n!JrxQ&%O9hHS{n2Hxv}`?O~!;EC5Q&?7Q8tO8g06YwXC+j#UE7
z!q>1T43Bg&i+Oa{B_vZ~pNvT|l?N4Kh<$Yy(ZGeY&{Tg05F4YTU6QsOkld%t*x0Ql
zFoB7sc*u9M+$+EIwCM=)OB(K?o!c7<Vrh2<?&*9_iRVgOgce9eq-S*Q@@-{uor75n
ztb_&03ISt|rlv?DZ3lM<`RvYZUmwgMe{37YsmvI~Ka%I)XUIMO5T{8sd&&k6{#(}l
z=NGAq1Xy%tr1r*)%~JD~8PAWm`h6kT5^{10WRqi1^azB;1ght4Lk8W^6ym*b1@x!y
zQrJswHtRQh$gk9Ebkpn7_yL2E5pUn7d|kZS1EAz9ACIU12;>MvsheRU+6P?x{1J$L
zRV6*GIg$GE&TYKX{QM^6IbhYNL?rqAb7Yz0>Utxr(#6#jgkwoRAFXMT^rPwBcbl((
z8x3I$=vtM1*JZAM&0f6i*o*(55vcSh4FGD<KLYK)1?t}?Y4q>>3+A~3VBYe7z&w_Q
zi4vb~B~I$MDZSKS@gK~_<Or$7@Y;(tFzxA}UVI0~i^rK(3<tM^IkQLAC9=sQ$KBQ>
zv@nw;Q9nr~Oi(^7Cdy92rUM6w@WBIc_BA;uZKWYh^gu!*sSkYrDh6ISuW3TZTJ3MQ
z_GV#1d@Old%{cY$6+Z~nA`N%*+9Ty|)<8|IX|WepR-WN8EG!qD|H*GbWLcBp`7KJv
z&qEU>`}ODQY-1<4UAX;*eYnwT-MJHhvA3=1MoIzyQp|6Q{h#XW8rr9<#Iv6tbKv}5
z<5v^-GjN$3cdARUtDc>G)Sf7@R4R0wt%FL9+*$XH$BD!hSHy)Uya_juUBk&%%hdSL
zyqGN+HK?>j^OW3n4kWx?b_IYa2ytsPDTEKE5+hf@f4h64c;PfDtkpJ`B`OcR+&2&6
z-!_pU(}<(F`iuf*S7M4uwxn&ZkAGy<u1*wNZx8J`6a`0s-{^ZR5JFXGl)${0W*GE;
zLVpY!h#Bs$gG;7!BES$nJgdKD6A_}cmChB2JOdDxanXRFz@=HN_)A;_zK;#ulr%Of
zp?sv(@Zpi$@(i_B?Sx5p)@1+Z-0%R{5f7l|pnBt)B-6x_TB8fvNw51jS9s1nR=oA&
z(0jI_^kuxJH=F8Di`Ps({0uDbk{_|#{EUG_t(WIg0Cx?b=6>KzbDXF-HI!f<x4B%W
z0~pzFQd&j-b(a1O4S0)YtpeF9m4{sgr~!EJV=8I8^5z{1xtbI^0d%T-W?v2;sCRu6
z+zbH+Xx8sXYLt|ejZP2>MvtF1aGxaRC3vl57i|w&+9}O)Hcq`V?hZqeM*Ud`Uj2uX
z5KNHjB9>IN3mT_n)xqTJAgDxbHVo8}_R+2D19Zsca!d>Lp#xxUp|8;=25zi}Um?Nw
zE-U%I(N>77yZSK4-?V(sK`=-J8vAn5-1~n$EF3+mq5jpo{U^wQQ}kI|1UM{?CSc$s
zJA4ANIs###6#4rPG&Jx^g>vx{jX|B+-N!)7q}BQv$NU4lN%m~LUuONgTF<gl?l3LV
zG<+(16q$frmK3?)W`ngQTm0iOz+@DifFL9)3hjLJb(t-1Mjrat@bDL9Wxvf$J>XBU
zzFk{glt_d>@a<18?jGKLNo+cW^!#q;J^K;^n<5&i`F*21E_Xla_Ck-3_m&J-s^x3m
z&&D?{FzQQ}7xsnYM7P;8NCzbDR`Db(1|}FIyS=QK1>Vemy@37``2Vyl0Rcb~JD3P-
z7OHE+X!#EpV7^ql1?Q`_W4r{5fXl@;4|`C`@h@IO4|ME#u1k1>IGC)Dh%Br&nev|#
z{`N*ya;oHjy-)!Fc2f>V$%ha24I;5UJ&y%;cp1Opxy34wGNlOXXU7X)f`AfdLP&sK
zVV<zGqeD<nPj8}Bo$WlaVsKD`*)}@yk-+E24=4je!;P!`=}l&x{QP_Y%iTr7ivHtq
zot-KY)S%{8jsH8s3ao<Z8}mKA@rZ*)#z<}kOR6hnzGRF^iWz+;s5$wU=fF^54LN;@
z-)Boq(Az~jXme?_EZV@#et2X&3Z;;LXTtvgTl$|nkr<JT1ouYY(y+qhE@LTd^$7g`
zRo_++uk{CBUS7#uThGqQDh$wYg(sS;_7*?FGQ$=Z>}%V66M2&YaL+M$D@TTmWD4qB
zB|w+|t&JLeVV0s)Q<j7FLNp@R^9@icFum$hKHoiF`)7JBNredKR!P{O1SBPO@0KQo
z?bC2tz>f5B2#lR;6T5u|<P|vJT=a#71sZyKdwur!P&&$pl)-4qhyj~sj}1UiUYZvs
zJmJiic~u$`5dqfK{UDdlvr{QJx5h_;8QbsLN{SNFo&&tZ<uv6|UJXQ(QHnE&*ZC2I
z%)&1a*=(k#|5)8->&J)%5Tb7rzlxdrR+=7U!nJolzemg30Mq#vfKD{wxL@sF45x&f
zP=EcWrS~=@rQw9j=|qd*6Hz)ZMo_PJCb|0oW;36D;J9E>1J-02rT;BmDtEpLLbpW(
zXAu^%5A#KInFA#UmvP6#7wZ2?&k5`*Z3w5NBGgN-jo5&_KqJMmD;FL;T_W$i_MVvi
zGIbuM$R>oJ>r8Nt0zV6u4gV5hPCrtlu#*b^k(He!qdq|h>NcSJ`Ne~P^fajwpTi7`
z$MJyDAt_H*PA=k_ng3HO>%-&yy~;&*ws-`kt(Gc&AdKYL&o-mhbm|y3%0-C@00~il
zg@uM*-yVupYj<zL>^2G;c;KaZkU~XB^&q7bDv`yC6xyvhrZ>89J^SW5@7#f=RhC@<
zPv|;U3qSaoO`B>@ML&BLJCXU^ooP*)Z_G+Tk#yTN>d|MJbm!D}CqVWj&`!`|`H`&6
zQtmL7BDWQ0FL;YS+Aq8!>PnkG0}b>qACo!GfHR=2EW+>ZCtCQWm-YRFF(Tp@)o&-f
zVuG4VE(honZ@4VxSu*EV=IP@6!vC;&X6e#TNkyvDD_HTyqi(x}CKr>fXJ4Koq`%&)
zR)b64HjBZMYyE*M<2~UpVne*5LdT`98T2l#4oM>e>m&ZUI((}pP=fH>R8X=-q=E?9
zG7<YJN%S(F$O)-y3|tCOqLBR1CjfO1yuI!eR@CsqoONsIF~Gb?<QXV2%P~nnUtL>Q
z;lv})qbj3GKp6+0b6d)(;8Ts7r%kYvpwhu>duMU)68?8#c!u(}O){|dLM`n#=Vf_L
z%~#+Gr)GJm#gLp=MlA%2tbocQ6vqHLX<6B_go$$_bl}D#yrL^t!31S`+~8|8ScQL-
zPPi+$fc+NA2+ZefBz2Qyu+M9rY9kQje-BKk@3=Bb{i@q+&U%9h<w$k+$lX3xk8J#0
zeeC;X7BCm)Ib`G3ie0$IgVbN2Yl!nz1`Npaae3u%nki_MizR=fuY8ZfBJ{@^Dj3%|
zCK}gA@mWl@I^anra2H}iimkY>_!~QKHpt#Lt>MW|>0`IlNa0XeZsAzap~Uw;d&n$m
zTe<k?c}xB{vP$WWLtCd6*FP$&=4je%u;hvSdueGQ0wm+2Wau-Za{83E7Z(@BejL+>
z{0(qyGQ`37o5eS28-L0}TKvLGuIYC8$Sp9u8XG)X=0U;PUFflnZ+#Llj}YgI()KF0
zPLn%!9U?{`z?u_hMbCfX9<TuJ0s0s2ah`{G$U$kc2m`oNjOYFLs{W@6lz?s(@+O;-
zi*xi|J<`qr#<9+9?>X$tC@qQyRCX(il8HdG*<+Lg>^uv<W{Q+1OTIEkO)Rv!ut{Jz
z0}aVJbY1ZrP;~Bi5$NV~iR*fG;pD{=Iet@6A#YF!{79G@DlgHx%+5Z#an0~J5Mi>7
z`<R=zj7o(G4Z+M~+i1Ok*;~neb2Av*D(v-CTjekPtmlz<H72a=?9b|azL-Emds*Yv
z1`B`2w($c6W{*JAAd!nF8QZVpJGf;=;QdNeR6x{cX(l5Kx)LXGGR6T<c<B_~RKJ7C
z4ru`ma02&7Evajbr#5QD!s;K&e&Ld6pbauuq~qjJoM^)YExhk}mA$0zzYdUpY$1o!
za5j0vB)u1uRO5$SVY!Jax>pN7qXD(HC)=4)YqvK$WF|3>H_Fx2)J;!cC=)sT5&Ihk
zI+-gUACr2NBnR1?W6K<*Zj8@D>sa2(%IYIVAf&mK%oeX8lx#)<M8h0|iYyj{%c}Sd
z$<~NP+4)-&ubk^38tHW?C9)S=8~RuHR80)#+s0rr)~$c~mEu92X@+KO4bg^rDj!AH
z4H~`1+*8z-)UcV{eRxC!QRis|KM;bDi8G6X&)W$zj)_BLnh|<oTOou^Hz&W}^5&c(
z!Mw+~xVV6&(^y0+8+YW$Kh;4MV$=7He|I>C8W6br?kB_vvb~^@FG^dca|R<`_?J4n
zFHuc`|APsfAH5r~wJ)v3L=4{`St|kX3;jK_BjLYxqPqXfPLv=ux>?0mcBit)D$dl@
zR3%Ifkg2hhlX!i+$?rh)vV?E0b4SW_zX%r31B|2GbM=8UL?jN(*843DT;)EjsuNHX
zAS1AEE)Yg4Hz9MTaHw@u&?Z<Ht<u+fgzCu<B-2R{)h$p`Fu$>8hLmIf!5}c`B~DBe
zE*bn}F8J-GfC5n}EweQ;oT+bnl2(`a;N~_RvFDFh-S^eI1q}IB8))<{@T8}05ox=|
zG@|$vom<6xNvTo^xr~H_xU<C04fZ=TGpi3cuPYeIE)kcBrW{7gHnu!tk@S_$C-ciF
zR)QElq@1<hs|rH<4u^Q*(Y{OXt7%41O-O$FWXh_sV{mxo#pNysRI(C|N~{3t_c%gX
zV2Fa~`zznXWSmHAm9qp)GG2bDap@P{)<o`7;k+4@l*K7$Yg;wUqo=7bRF`wpTZBr9
zGK9aB#<m*6CN+ldpGC$k;_lAKgbA`b3Ou+5n&<zo^K&PlhhWYk0=2KpGvDLLXa(f8
zo`MN-d&4XVSV-qb;uIULI<A~F_2dT_l2xFcB~+SjCI-q0!9lZ~)^$sEi(o%b_oVkQ
z87?{_@d_+@Z}Um;$2=x4NACQCj?P4Tcz^ey$k&dx2AWC!)BnG7j8wSV5c}VqBcU-o
zN9(D1Y9++(U}R*3?lY4{Ej)feLsZ6V%U!uPV6|zW?PEG!(1hF!R7U|LCoq&&v?GQe
zfyqUWgIAYPUcyAZvAMCrL6Mo4#5i(ii!^T#6s1K*)44+Y;oNa}ZzgXlf;DEo*5OaZ
zy{FL+__3OJy2$vy+bqe-@zWwEK4c6w)Fwvb2010DEoR9|{`oVn>Fd#GX@Cf%28{}@
zozyYa?trzDHfJPo_+BE$MX5{dr)9^5A*th2LHvO6ul2S?9ylqUqhI{sG#_-d3i{^E
zHMS%)em1UxEb#A9eZQC!d%0VXSrJDg3Nj9;MPKijfZ^NkTR6tBG=r!Egv?j-h`wy>
z&@f$MlJH$=C~p7qOvYR0$ECEvg7B`Dn+IzTq5mF-a`0?)l;P|J!{!zVuAhD=Am~YZ
zK7oShe@cy3RSpntn_PrNXcR9O2w{m)`+iDDe3<xLDunIo?9uQ@MAuXSWE^d=ks&?l
zO)PBeCRdkuJA&|n7;2O@yRnbKJyp?ZikR$R{XV`H-U)B-H|A<=9Nay&fU}11{BoLe
zQ89hQQN_*mZB9}N+D}KRnSafKYJRT|_Vg3lTe?VcBfbym>X2W1DmFPRe_ajpev>}0
zkJHwIWjd66=dfZ9507#-w8hV!<Yf7G3?&lXMrN_6j!D{z8#a3XdZZ2KtgN!=c^YS+
zC?PD&lZ`1AwTgg-rht_7BTMhy`-IuL^#cvHALiPJ)?#Wf?`eL1SP_fHi6d|GBM^p{
zl#q}&qDsCITx)8IO_nT>7xup7ALol5+CSyL9a+B2xP5H2h30}HdK>XZ+?%2keI4Eg
zn&91AOz5;3hg&t%8mD0mKKHra0v9O@q&MXSJlv42E3*qckSt+O|LXoeHofY)@`4i0
zG?D%s1C;^8Q;E^~Mj+{TS7b{zo9=$g!8Dxpzc_g5C!&h^a4k;loSnow&d>8RDyf>K
z-CnPA{W8BDOtpinJP^?dej4{8L?b8P`>3_C!Mf&l1_jZITu#)q;o<s^#8d{GeDS62
zxk!3n86bluV}f5=V`ph3IlnAGj(ff#x*G)cleG0GZC@ZlRkBPY_%&Ult^EjSvn!<{
z;ri2^;4Mm`2nNmc?<ejU5C{+44uckNU|5A=W?z@OR2d3Tk5!a11c-l)SjMT+p3N3O
z*Hrh*LwZ+onLm8WODT#DawwkqRds9veUpx2xC8IIPr>{_&g{J|)6D8)6U8vSx`H=G
zr2KKPiHe6x_|6ApDooHWm+E|!=HQPDMP)o}7DPu&G*bsnI}%rQEu~wdg6HK1M~@LJ
zJpl4ScFb#SO^fD=K@41N`)JDmXmX@EbT(*bMb=yrm`3-ko7*!|IyyQQ@{{wjnwG2F
zm#Hn53EQ0fkZCQ*^;XO$B~PSXJ~}(kymx+Bfs0OCTuXbL>8iQ=b8HPcNtDm|Ghx+k
zW<MEM9%<trUNPaI5LpNeMt=&;dH0-Q9=NN4gq&P3fdkN~67<>X<zw1-Q_v6TkAnhU
z=w{(K*<@XNv$>eC*YajK6svCQT!%`9D4PfjZmJ4uP)%9^K{n@bb@}*6U<Qq9oFQMg
zZ1bGGZ=KpL7?pNTGJJynI#V_<J_NC(5$5H-W7~hEzL)T&RoW6(_tUSFL8hIF%{)0S
zf%Amh696i*v$t3OY^g~hob?*@o6Gsd<&K`hR{M!wt$~M_)blQTDK-E|;Uc@WZ>TNO
zgbm`!a@{$ZOyop#2P|c?Vo%sli9M(c2dK??D_tepF1l+mcb}*R&t|O=j2tD0aX6ga
zg{hvfmEE+T!MR9;H(<TFV0f^ugQd1l3pky#K}VsuTim=Cl+#@d=$Gx`7523cNUvW7
z1*uZ7L8z-y{@=f(xNd3I^P>dT^cvR?K5F+?o`~%}$ZywnHlzY8W=*nCUX$z=4c%un
z@DnVpE&JDBs{Txnfwe21F0QzUc<AfbxXUqazh#atauUeiT{=U9PC|cl(Rjn>4k(W2
zh-H<p-jz7oS=`Yhx_o>qGxX`AncP91hEpeUx~c2VOexhhb~9juc%n*HTJ-KM<2F>>
zr|fSG#BP4!Le`&uXHtL3{*wE%8cCtvJF7G_l7a)&XwIq#r)BVLXY9$H>ZR23GI~O3
zjp8ROlAh~qA{r#YOfEu4PruTl&S*Ey7ac@6JkM3GYJzVKR-9nJ^7v!sAvz|J7k0H;
zoo`=PTXOwKmr3t8di+YTb?#0~;u7kFnEDg`qQ~UECs)pn`p5d}pPVPf5rTX9<<}|p
zyj9*st(R?|8t09hhO;N?NWJx>ZwX4nTQ@L5>xhIpqsr9R&QkLZ%EaPHt!gu6QsA}D
zs|AMr;^&cRF=#FUch9rO+^%b~`vCDu{Xf~TUrT1!Ug0nYsCnDG*a;ZvN@|0`;7gue
zFIOIvl(hm>j|cP@%jWbKa=ds;JES{!qh`wZRoyRL+pcY2H<b2x-C<8sJuz{-9%94~
z3zbT(WNu8J0wXi}*D^eCnfW}J`y&Yz137g%?jJ@wI?~DopB~%xJzwJqG&aNPOO`rf
zfXoLn2><Gh36iVYK_pzGwSYfTDjW<~>H(*kV^w64g@%N51JVsvoAu8)Yes;Jk~1Lv
z&z}9AzV778YR>jknGT7VXJ+<@FB4dFG6{loLj#17mZ((YA(}P+_bF`1R&(=KYZ954
zAu89vVEZ_uThWW*DWBMWR_s?|pf%6%3?nlC2~NU21)Cr|ECt%S@#oVB!%eF^1R9#l
z0r3*v>i50yskZ9y3iu=Y$g{=^Yp#B>?C4a#BSkW;O#(0da~^YwhHxipM6@5T;Zv97
zX6da_Nkbq?k(I$^#a}(e!O)<iV58$$y4}ec8IXWt-%}$6$-sDnZe#d~x_4ZL9v>b8
zsqt3gl-CNbzoodwZ0eq+o(PMTGhCD#`$Z5AB^;C?l<;$qMv=$J+q2<&vl2W|exg)#
zW_o06sTNu`#T~l3h`|?+!vqDNr5I-K8KLr<x%hM0W3#nq1N)B_1l@t~gwjxfF9oM0
z)*~^k(J%Fmrr^vrGUGkB(B))x40Z@4qlx;)s5B$aF}c!I_i=Ic*{Ug>w>2KlZ<M}-
zG$mWPcq)fnZ!y3hd>2yzq3@3^y38v1y^(xNBKnvIqG?hK7~ggGeYZbwcAvmGLD&C7
z-98evdMC26yFXTa-zd4uH&)3NRce)w+z}uYKQwCbC`LzuUXqs^+}O^K$MoS`wyvTF
z5Y137sqgy-@F16+{Fp2b6OIaWSX^#Qxc*}KNzZr0CUamOZ{1hdmG7t0cc#}kKQB4S
zK8sO%xpOi{kc<mQb~yn@HMh!Qk{(4r6&})K({t^6HY|Vod${4YQ}Rl_iFCR!q9?}x
z^@0X0brCLVMO@!Shw3l(5%}<QlR2vXT-UE<YXO=C9o{a?eBNIC@=#ybHU{*i&m9BC
zsXYbnfw6S?iMKF+nPWL2wT0F|@ua;SKq}}>t2}3fh!Aq#NF=nj@`3x=>-+lpvdzEV
z4(;}z%*AU7T2cXKM~6}*!m&5cYWH%{m9|@7J--DbW|m_QVJXf(*)Q7K-{<}juGACf
zbAZLC0gY_M%GJ1^%*b~DT*c?}^Ax#K3sDK=6Fg56x>t?v{sIB=cfwGPs`9kfZ2sXf
z@g4fTF11!-h=jIL+=)<?wqEQ~CB0lcFH-L^I*y^S5EXv}b;t!*s#mKk7eK@9oe$p0
zw8#tn81ajG)5e{ymBYA{;XSg52VxsA$`%QOfhaA#=4)a^*?tRSoc`Dj<rF?<bo|u>
z>rPLf7c2ge&E1+X!*{GIo`m1u<I#;Ut#u-2HBIrJ-bTa@u6JN2|I3o-s_6ZD_%A`V
zqXB7VGk7u+%4U^LOW$Uc=Q<^j2*ZW&p}Pd<Puwjr^Nr>)Jx{)QiQgAGx^-Kne#L-H
zPkb13OxaG6A-5mwTimJk_V#vVH7>`pD<B&I#-y>Qt@t_J{WXO%=+O<$6_wc$FLCGU
z1P0y9{f!d~g?8r$zNFbS9nf!u=uC=xr$3^OwqbJ0k?zM*mCRt%l+di|XsBL{qy=BP
z=qhApE!up17Z@SoJH*cExF|C*jE$+=>*(W_9XETIhIW<xVMO~a{`e_z*RS)fJC{0=
zWiCU|OM@w{+^J4L#PQbQD7B>{@(nSUPuIJc53xgP%^GEWyOxhEc50+)qho#VB0GZl
zA3s&PpLa|ael>P5v)*Wyd2_|{4l6{%s|89yLE%T*vhdY$e2{dXAp<`ZkCqm!d4;i9
zJ^}9gkm%U2L0^jG*P|b;yNply&1VJe?5VyEj%?v}$KXRQS8z=~+!_)u^@(7w4@}*X
zaQVE@qUt`(RH;=@Y??Rwyew#<9zqN!bsl21s=s(W-pKUk=X~0`hVAY3YjN-}DV_YX
zF=0|tb=oP3bg)Lu!9&c1laQq?j1;@8xhdkvCS$qVp;2OZci;e9D;pG$*)f%WGrA`9
z<hkj5FZW@rBeT5wQPTLT2jVCg#f$Sb91~PdJ_~)n{J~;sdYTpRt;NxG?+?S5ooL#f
zgr>G|m!6-QnaRq^@{R^26o&7!!Khiu#6mGU9n2s|<u?{Br-f<NMaKkv6A}_aBIQBO
z$jltqV{^uIXs#L<0<e5E90bB>W!u>cd<aDhEjc6>!qog|zy;)1!}3;)Eqa^VJ^ON1
z^LTkm3!WC`dP5uJjP~n1mDL8XBRwjMBNgFDmMTV$Mr#Wkr8~70iTTFeVjcluU*HDN
zXDVmK1d%7RLUft*81?p)4-E#J@%)GfG+5Jqk~&531(qY^H0NlQ8TchNYxq=tATEgH
z2~0|GL~I`k?V5L`sqTXG`J1zpTemN4jQ&6-j<PS>_^_A0RNtEfIX=wTVK9q(|Jg6o
zyR7h6l;Z;wq8*}WqE%Lsh~40h6c*tg{-P&dXCplF2~l$R#D{e0xyf0X2B*iCmC~;~
zKrnR9nAKqiiy$WVf3OWot8z5QA<$S$Zz-88;@-6nuWVY~Dvu0GJBq60PSf<Qcqw*%
z8fJ`_u53h&J+J273k(~df_`g1+Wzh%X}o~z+}Fb@>&GwKhS;5gov8e<A9EZF=Xutw
zztt<L#YJ{+@-3F6a5`=NV2?!KhDj%1M}T1F@<lrDaNkDCIZJ6@*kycaC*q7)!gk2w
zb>XA6K-oIW)alaM4}9t-$HI!s@n}&4^SL(}5K|c7K`u@#(8yR$5{xVL=OD`h_pS_@
zRYj|=PIr+N6K&?atrx%b+;4Wq!v^st8VGj<1Tl*^ksxL<Du>gy<HwxqsfMrmJ8Lp-
z(BpzGxWDL%Sq_I@b?<+zl^p<61-G+@G<6od@H?BA$UEl^`N5H2eU)8v8?%Wd!oSW0
z(7FTW4u^3`Uomgj;zQctf-7AVC@pZFLd$XmUs_?9+nV1{%V&z~6+$PRHWe1soX!M9
zxKpm3;Sq9%kFTwv-s6TU*c4$MFZJeFpNa-<<ve(5)M1Avl=pP?6i(L5hBd8)CR%ik
zbhJhI?uS-64!nJOzDG^Uk?7WaO6pQ;d14%d#`n}}gJFJN${BYm+-&NQ4=iXVh~&GD
zz?X;G%zmWO>w4uMI31wh^SrwIi4JV$yKF`Ha}T4fxqT>_c{z5pJ^4IeZ^eyrBt=?h
zZ_Fczw2M?pCBaNbCxr?92M(!1yL%U5k01y$YDzf5Y3Z(pKJI%qthv--9GR`uTXPIC
zCk{<Iq@;9h%k~&;<xdR9H2uU`cGDDC63RnSC2WvQ$?#chFHk?K6PRZHwIFkH)32Th
zttu{|kZmKqm7v8Vn+rj+ImF|>Tq4rx;!rO`qo6HS$2VW>dX_O7*8{hw0HNR#dkGrG
z|75j|mqK)(k^}vN=sa4qnAPSdHa6S639<>Q98N1ocZ7+}zEE{X(RJXm<Tr>+cnyAU
z_P)E{{~a-IsLGu~x<mmQ<nn1oe-}(kHTrrJ;wRhSXSW<}H<tTO9IIzHwyqo#B)?)O
zd?aG|x^`bwBJC$z5@kkNU*6d$;G()CzwM{Hj{_in97f?4A1$Ci=f>;b-+%^3a1jW}
zeYdNdmBcmDkz7SqHe&MX4I3Hn`3#_%Vqkt1$K5%|8k;!Uq2W6k|Kb)61T3?lZ0;=Z
zJY}r!8srA%rIz`5q)Xp-8XxjfbToRp<4eU3K_l%GM}AuoZLmlHOQoW5pB<JH#qE4$
zNnA;o30pPkPX1KaGX&m7*Y*l|YXHLCO{{sh<mBKsW!3VP9wI^+o_|qLg+Ms8vrs27
zFOw>g{mpE2^qz;@4pI3c070?XcJqhU(clc!r)ioI(#{P2d5=CU(AB&7i!Sv8zcx5p
z+-Z5@k?#BHCX+SBx5q8iGyF--YOCe-<2mj^tN?iG7v6(CDIN?AYvy21d@>bo->m1B
zpP2zjgpWC%57ToYTX*+w4QRNWqbFvXR^^bxfYkws#D-n|kXgbh{4NpEAzac9Z|(}F
zUgnNtC|W(mm`9fQv87i}q*u;YxDhvd^pbjGMR6h?S6F3Z(;HZs=F3dA+YZ696boY9
z;L8Ek^)BjFU?Fv>p-XJwRd0ZfQ?>idjlI0w0Oq)dcO>pp?~6F)`|I=>L9Z8{HJN!)
zv3k)8lJv8~U4DkOjM4WCMO18%nlqg{%V8Znx8Z4q^f-Y>lo0BEl;?Bo@<S%rwOS5i
zHQClJmzJ%ETQ8g~oeHn6;=HPu?x3T)jE{HjlXR`G`*x+T8<qxXe1Qwh9u`(9HXkg;
ziSMJsXTN328}I5~tT0zKTN7~lZ4eU@`(UrNe@7m-5^w;Jnk-hdpRD&=m9E~>DixaT
z@K--Rj4VA5fIRU=KF$zuVp3ZWZJEnM^d-NSGS2Fs`16qaNhB?>dX{b?`XbN{90uVH
zvy+<?h|`SbA$d@3f~)I--v+6KEIHQug~Wj^J7O!?Vn5Y;B;yr))@Yr_C3g?Hiyrwj
zT5m}!Z{TB%4GQN?tr%I{cen=JnUYdLiocUoW^j74@!kVnPtVQqlF*4;if?{?urybj
zJwPp?CkM>LOZ_pXUb2+qM~$N^B@K$mA@(y`p0CLXYAq!kSFmp_bBfP8k&TZ|Q5TCc
zZ{XhlQob_?p9hD&ArAP6U9CnlV)3w5!IA~+WoY(E^>*?+Fru<J!S}#H__C?RkqjND
zN*C?P9@0b+8x(8naj8bA_)N_Ngxl`-BYp2o68*<r%~|WAZ_q_odnpQk>O;^$`<Btk
z#%tPmDpaw_6SU<}v4LsE=Pr~b3iMUFBGd)7*;Q)-n?x8n2ZPc2e}t>djML}f$p;)<
zqu*d4q}G&LRrhs#?_AK>99$h~G?XFV%qi2(6?=GFz{wZ>A1;7YvUj}O<(K5IC`#dV
zP(y&XEm<{UL*$^5ex;sU+6eQ~q50!|gq8e4`ZjQZQuNhTQJU;|B@UNwJ98jIc0;<2
z7Sq0vjL)H$SzU%z76BY4k}FKJe9Ie@H#~BJZby7CtoM!qV!s%D&wEpE7tWYhXPIe#
z1eMY<jQv4OrD{}K`DoF-Ew;BOUr1+>EVyK?n_=a_p0TC>92z=~Dj--Yk0naIIx>hy
z4vVpwI{_kttzzAfAm+r1rH;^@Hh#^H-Q&Fwy8OlEDys9;y6vbMaO6Y1+MBpmF8;tw
zsz0BVp<vDqAJXEJ?{V9w<=(0bqg1eL^ZfbgVv84#^B(`H`JNfAs@iGTi}kt7W&Y(4
z*>>g~KC8AB<aL~{5=qF1uJ!z-!TCHM=I-vekk!oDni9D^a<=8qEzATVurlN33!jZV
z-OJ;~C7MQr?)C&Jp`e(8?i(D2Z{dNNo^bN~JlIb1gn=))B;8j_{klWl+<2TWpu?WW
z3PB%VaXJ0-Ddf^`W(^*iv^e3{50fma=)l9_0S{NpTR#2RE>hU;^r`i?`zsX~<<S4o
z+LNHedMR+LrK7JU(>>B(r>yU{Bk5-3iuieV>$rMPs;Y<gReB)HZ8&q4;c=kz@k)jH
z;}aJO3Ag^_pVNgunx~!!#EX3!Jq<4rgkV&?li6PL?VVusZ>tesZC;+cJ9OZE%r9Sf
zlvarI1K<lgk^n>jD~D<vC|zP>VxV}my%-zC?YA+)u|RpXRVoASb6@(D*<#d-^>J#I
zvUQ@6sO!MXF5vf?ec^dCRZoJm`b9HU%4boofm27<Vh<fNxa5&RqU5nt68UUh;1!CU
zKYp@Xt1&MxFL>N`l&-fY$adir_)QTMb3NNsvg9@rmLgIOD=khUg_mV56!Ku8c9mDa
z942CXe8-)lWTj$LCF(!^+Yw?2g$J?k)e<<=V`*QSBH6x?-ZAcsZ7`Uz=cF<$;NrwK
zgR!p_3qezil>j5A%Fl&Ziu#+e>M!F%KeUj1Jy^+XPDMyf-jd6;WQ6E*PxPoWRvnB(
zgPH0=%X@3l|BP5hbqDkdfzNF-lC=uS?O<`5L?0n;yfxhg(ua1@wQoM3Y}+xxRCP$M
zu<0+GLYI^d<QGNP)YrWKkrhQ4&2t9z;J^Ull(uyWE8uC927}PK5W;Hrr<#$R!ua5_
zRUtLszw*8C%>IHT>Qnf#0%!#^49y1fyY4t|VKg=O%*@+e5hay(9>FOD9CKTUkZIa-
zBBhv`<8NNZT#M2jH7(ASRb(wO@Pvv(61HZPKl(K>v=sZ*+BvrsWpk@kC!6gV_gcEE
zJs(ozlE3}{)N(TEv76@#V6fbET4nS?C`5nQX7T&DkgL$xM?Tl*VdsnEWIR?=g`Rhp
zIi9LytVdb^!!^&gAq!B#^LE4rDM(SHK=ah=c1c`}6QK%_9>~R=J$9u(3c+LQXC+HD
z{ASX>KBuRl>38fg`lJ_l^fXC2$@A@EpME{q%N@A6$~!9rI|5m0pKb5<@UMuBh*Qm<
z=7o}8Uo2`(iG6)?jUnUhTYuy2tRavpRq(Za_gz@VU7SRx`xTM7`T3L%%Vibk*?!CT
zhYy{oY@}|Ow<|6bI9@kU-%q&v;Zp}lQ^F!wJu%o5&h_E+pD!BbADlOpLCq+QaGYy#
zVcg>@p)a&GEFK4V4C*X!WC&Zyc4D6t4;5a)$fxE`9vu2A)pcFhz!r)?#(qcoyzw>n
zmro}ycPh&sk6aUL4jws}))42I&Alq))xIfGuby(*%PO;Hl-8FM&PK;>o6@@*mDa1%
z*XnUWW)I}s5!W&w0m0BOLv6_=je(i2a60Za5y+-@Q5kpVhhNdKC0QNr9y;gXObafr
zqt{T|)loyPSO<%7<ac;J$<1?#{M?@gq7cs>P~n$p1OyREe-bNRP$aJ5l;m5k&Qb^*
zf8RUWTc-UEjR9A;C?fh`RnyP_Ix=5zpnAnqyl;&O`MOULM%k353S?xcqHi7lHbN_3
zoxB?%wZDxT6BAP?H65!VAS{kuJc3Bb%8Kc6xj>fiYHzYfW;e>M*1F?4p|7@SxqK23
zvQ%`u5ZKz<s<pW~Zb5yIpYg1HLf!r;IeOZRy7b^T3bDT@NGBpK+y8-B_p^X-`5MFO
zD05o(d7xUPYTtWLAbc>iMLbrMwTcub|1B~as8+7&_qdanRP_f7xok$IpK7EAL-eW}
zsj_;dNqY$dz|`dZ24fKWrwviLp8$&DYfPn-Ml$E#YF2D`2XS*_gV>)Yv6<k?B9dYr
zP8*xIeAcAsS0GMM_Gb046Kj~OyCw|p?0>eMPbL$X{vK4+shvA6%tYZIeSH^Bh3_ed
z7fvjmyD&bu!H>w&?4<1h$JSGI5eY&urf&itt}qhlKMYW)p$wXD#S(;3m99FW&+@#Z
zun1e^(F1PD0{H=Q86x+$pRzqWwA&((cUpiO7uZbYYHQL;CcF2ezqeNnojNbdVKxY_
z+Mx=3zT8R{N`sSX`9w%=my+59o}VCzGd~QoY>$qf28JcO<?eaf!tRGnLT?$3XyP}!
z_vv$){}@}lAd>+%=T!GVwn9j|rH3UDh~}clbDYjLc2X5WL#g5gaw2+)q=m>jxRtRj
zBK9E|<9`QafN8~qBHxNGoheuCXHOwktE4B?T|MbfigBeH4?Np;=j{76_5wXEq|7~w
zhSs0z5Snlg6F-IK%eH-ld3D}ILE2lw=1C`!%7@a1UG7<S)8?rmK;Iz4vz=Z`?%th?
zKh--bt4R*6Zqvl6yvStM2p7+Ai7Wz3Fn+qUw%%-_KJC>sMctZ7CZfFQNUf`K|3YBG
zur+|x{Xn{^XZYvu|Ic(ml@|nIJINA<zT_IQ`j2vEc0jxI(j){vTz5}9L8k5?M?z}Z
zXkPQ224j`goaK=(my{XKC$B7jNN+deaZd+GTOxJmkt0)WI}WqI;zLCAseT;f!q8Wm
z?VFd%S3LcpAMwyfZ+|#~S-#yPlzWsBotLh7Nu;$U@!C^WSX%zqK+(GbUDs-o-8Wrz
z7@&Qkak#(&5f|XzGm1P=nXQ<x9fmc~AH$WM#ERt$Rvb|4Z>v&X8411Z@ni9iR}@#=
zR}i4x4Oa#$?$0Z&NO(kRWkmllGL4RCGK~!)A8wbRloOFS!vlr8Nv{GMr}m}`QTMKD
zzf}zUF4MHVJA>HU90C;4zYE9OT(5s*W;Paz=E3*Xu;P`jeB`i_Kb*4y#1~$e(Y>SG
zP~yM7ueUx>zE>O{`_golp+n?7KIdc@4|jKX9=U{~8NcM%iv7~S=`$<-{c_!2!b}Iz
zf5c?WsYuJet_34X8*QW>9O%$NgMnLjjGIt&wy<bb>Q1RNpQcwnq_t04_xKV*V$>b*
zt3JHAmOv-`TZBhpPnB)Oo<`WR(+cQ`L1|jyUI{m-5?%XCAoTC`{ULGfesOKafykw$
zEsOR&qoY;U!U=(b@@J1i@=8y6D2n2rCqqN(GH(rn1!?1ht|pa3A4{Gw-?Qcnh(Rmy
zB`qH2O~2>T!3)crT4J3F#*ziDvkBJv<uIjq)!^61rWTcvv;ZT2DcXTlw!SvOW{az-
z8N8|sU9w_FFrN9<gif&m0&FZop9Znp0$Z~j=gn|eXSqMq*6zVm>Z(Wm%J)>??t;9$
zybQYl<=|B{V0l;BAbtq*u6ap$c|E!9#pNZw?P(D$R){Ml3aza~l}pnIH-rsA=^M%Z
z1&@9UNq7i(H&}Us!vMLzGP%J>HRa7nI8vmLa!F$|W?9$=s-o0jM+r&?MmetLq?hR@
zWVMGEI?5Zf$Qif%H~i#}d?s3?G;x%f*R7rhnHoyL)fb!Z@^?PUk0*0w!ogZ@<G<X;
za1?mbVy4w^Qk&RncQO^;JH!5KzP-)_g)vmQG4RSF>?eV3mp_|rNwioOEVLGlx-lQj
zAd}3Fk=go;1<rd(k7j)J+<yxwhxtpJ{_KtoERlLf#;>)9Xe!34-|vkzeBu~fBhC0x
zk1#2*=7L8*XEoq+tfPCuZy%K$|6cY5{PXFV#nOnt^Umdcec3A->dUjG>T9JCKZ}C`
zsw(qBE3Of_<1!k!Icm7ptHW8){@u+!u3$|gqk3S1(4^Fp6{RC0I<qqMf=;T~g*drI
z0)sn#?1?+Nx##^mOu+iLD)*tLIiX@X?6vg*o+O#ONC=M@GMjG?#dDLqy58vdd`}$K
zwxj-goZ3jXza^8w_<+Dp=eyCX;_~C*;hoU}_~_}HZFe^;2(Y$Zeb<zcd;Wa9fO@vO
ztUh0L7_=hbWJVgfBWT_4EubBp>V;rx&1A&tDR*?=ze3w}Y5y<AKq4AfDZU?pQjgI0
zd_*olo)ssXGNjTSz~cxkHn9Mf$f>KVFMrfHR*4D1mL#U|p!#Ge<P#Ci7{jx>fF}rE
zpKtz9Ln%*_fV7a(`^H{i$Pu5`@pl}-$hjG%9yo=i-Xr=Kx~*vW@1M+h^U3k~{-PMs
z7e;wvVZ=*A13(Mv#5>i$7)Pr#kuQzAdlLpa_+6^*3rscWuaPVX0NyUP=xWsQV%>XS
z{ao{r)g<r*@0WG`!grySoM-mM2PKoS7CSGr`Q+uS+5~i{V`#%FlU)akTgTv^8q40v
z?fL<`Oerb*6Uq4U2x?VIW)Zj?$&eC%DVL5`t`o=*d*W1~A1vA*Q(+~*CLs`-<+`OR
z(rnK#FV@$dWNKN7o}%;x!Ox~luf6W`utBDCwONII9UQmV-u7YBrHxras6GXJ$Bn18
z!=JV4E=przgKQPDWLX#L1>Pa;e;XXcJ<#FrHaeoMjVxzR{Q7nH>@wnpE1rH;Jh*Jw
z##pLA<(VoMNfSj(|1nzavM=0PrBAEj%Ls{Gu&UyIVAv50+P!GPOg%IvY<i#|x@O&+
zd_|)E{w~U3vl?!0|Eh({@#-o(ib6{4EC;xBkOqQC7`qBDVv0TUkpRogOd;Q1W(p$$
zwb1Cpr`p9$S4mgsfy?2Whu<DJ!<^LJ0m^iuD4P9%`*}<TK~o06`>G`8p~;xv`9!|O
z7|)g0NLd$E2;Qo3ECgrnzsf?G&_VWKF0EIh(eW=b5dBxzw#EYZ;TshqnlFdOdK;bZ
z*p0dXdPmsLmJN@$K?PEw>J;DJv~e0Rk9Z+HE0$l1DM2sh&}x%5tx?CHOA(Q;(?Kxl
zn8DN?A|!Bzdg*7M_VAc>O6FtBX$E4)2Y3?ezg|6aJnqP!uTl%nXqLEAId&%0k!Jm=
zgu^R3-_Vq2!SGXNd{!g@8<Z%3K~Zfi)?}+sy0qV|AHrx=P1@$G9^t=vUca}HG+v7y
zQH*h8+Zi04*3o;dXsz_=D{{F$wr2Tr&0O_;fzV`{2eDy=7ngcGs<dP5n~N=#(oeqg
z<v;-Dm9mG5mJvmIuDiEiW<Pep!b;G{XT0lJXx#ce$rT$PD(7+9eJQ^Z%=yak-UUX?
z`681vRg#!)CR>|<BHi`->BRcecfZ-LD`pn6&FRfXJJ1Ij3IDHa_ptWg9x=>2yxu*c
zr1y4w(=p(n>ejzZxjo;cf9)eYW$qg4Xz!|yPgTc{uH5&v^djmWoS|0l$aFW5>hXBl
zRk2vC#~p9IDpGkCWRUBz<cw_1`9uBsvbnbQbSr-O{A}CYO#KTf;@LElubEVHj&Yz%
zdq4O4iOiqCE~eX>$x?n(Z<gD8Rz@La<L|N<pjZjW*4p}8X`b#U3x;SGse%ZXyHZ#H
z(@iuElcAl2m^Xah4GEiJ70v3UW7Nu=ZKkm#!>r6tRW8?HAU%yd4RLU$?tq={iBBRv
z3}oDaEv22^SOJl<@|@?T)X@{a@c@B`9)zJMdzCcUs@R@uVX2E{)l%^~7f+q?el0T>
zOmP?1@d|+FEh=7HCKj|d_Q%ja^o;-uR|3Y;d22?D$20mKt`8Te^78!y0`!0(Pn4X~
z=~@SA$J538)`cvGRo*|`L5&}C)l`AvkBE7gC~$bn_M0p~7)I#`szm7galN9>AzHxa
zw$$aiGhFg?rtb=;^)q}<*u|XRGC7`8QILw-n7l|9!L2{~LCA0P$x)ARY(z)$S4_<w
z-d7{0*O!otpEEPjs1XN2kw3dv<}&><r%af<=%}&QtdF-#P3<3ix7g4KnK0xI2w*%H
zSG!6pn~X;!fw-@<`<W2G2DN6n-wRLCZ78!wgmmIMi72kPZo!Wgc$JIQqs)GjG`=|<
z#A-wtT0-nAWm@{D@pwGU<f&eegetU=6B+qvNOEO@3^boci4NkZtLm3}9~y06j#NiV
ztOra>v6Pg?SbmIgh})I_X`$aI{k~+y;2%C|V$cf{&6WTiz{%P=7>*aswjH2oM-4_C
zpzmUkEKW-!iYgvdqUe(qVYP)P)ky^yA=`<8Ep;RsW2ci}oVWlA+dwQ42}yg8ySyg7
zh2Cfk`~FyTo^ggJ2yLmDGf7@Yg82906~Mo}g17+#>1)5bubCx&vU%jVmQQldM_c1c
zYu>GCyn;pU&)7qUTbC84yP053-%M3&F(Xw0CLAobdxmJ_hBY2U57#Nwy@zK2ABIX_
z4Qj+&{E2B(^b-pXB@+VeOVd%7+VL?zp39bpP@AVtXqe@}mhMAG7JT2w_`Ows_h-bB
zzMd4Fm)>xF*v~ts<8o*jT<N~Q=r~**4&Q`>L(dYjqlSx^q2$uJBd3k+C)+KN78`<l
ztTkV|k#pg4a;ig`A_s>%pz8`?gVQ(FJrun@$r)vPEOGsO+7AroDnBse2cV(w#(7l}
zVsQb}<E`>Zv-9bLV;M2~sx0X3P%avpHw|kkKLq$O(<4HErSm67ZpPTjq;jLO6#!eI
zGWo{)b%4Q6)#OI$8rHj@Am-xChs(!$kG<ddjM9bUv$Gsr&Xkz8RU3alenPAjK#V_Z
z8GtCJU9b22-e5OPnWVV%E^TnNyuc53td%D`erzdtk9ch>=LI@lsm4KF<Cwfi@}2&~
zCqhBi2^8p^Ja)lg|3{dis;u<J1(B0}BQZKikw$bJLyQ~yFHYW;lqSg<c1dIrDPnSG
z2}g>ZSgi_l^qRWv&gH`N83Nls_=i2I!2G7>k-dmtnnPa1qe^9e9;zD~Bv%+TfWOCi
z0SH1S%QQJ}+>+%KD%7f=YMTu4GyiVTlaQ4av#D$>O3lcK0G0)7fA<gH=>+=nRrV-&
z!pmJqSr4&2<J9=zq8D0|f?9F+)F^qA_(8HdCvnNJ)t8Jos*Ypn&sMe{LWWgFV3G`k
z=!kPP%%Y~~amy%Z+CxoZdNOnDuoIq`>NiFt-m-aiy3~f3vn0NrGHYl52DNU`!&BYS
zhr?gZWh-fM!&2gWX2M-SEqWe#LMvTa_^m#@d$pt_N5Lc0^UJ(=XTGu!+5RgS?5BLF
zx`~(nV2YX`5f^50ZWAnQ)q6}KpNmba$Pk3*E7_Sn0#7uCBrc@xy&y&qPiBbT_p(o<
z6Oz4hxsa6iz*s@5U16xno1NFqif`kQsg`#Y;VaDand}XRE2bx(ns-jlC#<w_Uk&=t
zyVMvD5n=GPkJfw<s$`;_a{?%fS~|loRRdz2Q>O>3jef{YesMwg<i-FxMK~8p7asz|
zudOjtp*f53+(hiv#f2UC0v8A8hXhggs1ij!bu<@7v`G2Pp7juMVc|8P!FA>lY@@Oe
z^$)iul|X%t_KAfXBj+K5@}v{|Nngk1cEty(c*10RaUm?v<e8!Ve{6kKR8<SxwIB!*
z($XOy9a5X_?(W=xba#hzhcwdN-QC>{0@5Yj{V&gZ-uyrJ7+f*DSgifTd}iP>K}v<?
zJ9vguTX3bNS;g7MSBA*{5Nxfc^YX`)J}dp3O=^>jLWF7S4J26%s(>k|=mvhWVj4VV
z1Tnm}6`Y?T>{&6;+uyog{`K3L{7`iJ9K^b(9ytMMpfM9jSFuIr9290ZRgf4QE)1<W
z6%MhI#-KR{Gkdmzk-j9f;)s~(6|X|$;_?-&ys*81ITQ+g_|;IR&uVtrG3wwfg95jd
z=Xce0=x|G2n#(-@!LdWUqO~{#mXeut+W_e;nJN?#5xrlXzC^d24k=tDBz`E2=;0|m
z-#Kfiazt~0u%uB>L=<))x0)M>D<7N2Wh@SxWvgWXhT4$nX$5M?LI#mpEm+(xwRc^G
zzVh+~ktX5iZkl^p)yHhQjz7yTaopMv(ES4IF}~WNWec!4jeNf>nTF#<Pk;fi6yxzx
ziUesBIYf;BGpvo7$(!6Yik>`$c*$pC8KP2Q7JCdb6euApEX0qo_+gils9>PjKE(xU
z%!OWqOzU(aW9<}}o9jI#P8Q?rNJgxg;V8;31f?T>cz&>!A6u@%H;$0$*QybJB~LW-
zrSfd^5c*|ejy@`_6(BOC#Lk!;(syNwQ7kORhuHGrrruRrL~kJkOC+70F;5_H;~90b
z%m6CR4no8aMYm!xWO~yM3mV!G0-d$*9y{^V>Lu{D;^|s*rXIDBAGo&k*r<X95BWlV
zR4GL)YR+gitwX+ji_MOPi8&C*M61c6irAuX8lNOurox1}2i#YGzws$En^|QLCyl(4
z5&94VE>E%VHX^q2q+Hs0Tyyel<Z){Th=p!+Qx;egZf_l9Wprn6Z@lyQ6HNf3%;@?B
z&NmG<J@BeYMvIWWBaU0fgmO2TjO)j$&>8|+6V;A4t~?7~6gEHDWO#PBaF2sNo)*ZC
zGq`wqCX_9H<0QCim`i-ux3Avugy`=N<)+QsF+R4%ae35P(NlNxNF=*X(A0b*<Bbg5
zttf@06Mg^C{Xl4-4<O{dzDK6HFvFUfy6kWLP`&r>jaW_NboRcDKHS#ScwA~|HZVMg
zzawYf6v^AUjmYsxC|@X~&z2C~I&+2r=&CX(6^y<8{hL6xoq&f2SD1kyZu0bj9kG^)
zK{$wzat%@4$qD2I1ZltXQ<$N=X!m^lb{Hok^j#wD=Pn+*9Td52x&`xQpgxUM(ie!K
zp&^}(4NGtn9WJdMp%2J{tTxN}%_zIlWsTt1l_W`KD^*rVp$CtSJf`t&jt?rQr{tn$
z66C!??|@`<z4O?yNtGj_yC4BMHs=KlwDSJAje;pgH7<%ttX)d5qPDi>&b*YuxXaAI
zM_P?9c7d>##3=hrtOKx<&hRL#=p+%a=p5+3BE%1IyLBHpiHI`0sI-YKbZ(x2V<!a?
zY^tgXFSB6Lm26meuqp0GRB)Mi&0JyAJ^QKFr}RcJ-E_Mfob7SWl4;nlO1>XIGeX#%
zJA!T(Uf|!S(a2&fGBTHYe|%G3d2U43qULn=YddbuFP1e*EG@7%m*<0I9~Bdds6Qg>
z-;DLfP2|GzdGOLOElp%(hJx>j_VQ+amEW%kts2`cfX&VZsY(Xf^l&pc<7l(&3P4Z+
zg$IlPH=S}GmyDaPztXm|Q-TVoSW2ls`dfaa_<gzJ8&u`Ze%s{$vyUtJSr2$SlJDh{
z<`^6gQy&PpXf7F?O~}Ra6cbNdWPEqqTT@jd@`T-j$Sa89t6dRr3u<~V5o)7mTAZy#
z9K;yR3PE;ALQs)k<xCVtN;T?2`<km9(Pnc*k?is7&#?;W6qfKfox+QpTSH#;taBZf
z-GD7N{q06htlg@s|MnVrvzkhM5XUC={<C)2&}I%@qtaN`wB?|R@!5CUh0dXbX$jua
zpHuIfgdJ_oa8gLSe7&%kO7Znc{LXh4QZuJUh%S+e-~|kgji90Tzu4N4ar7(vRKd&>
zC)jRj7~nk~w-g8GOqm?UFy&^R_frI7#xPxlhKD;yE^SD+EC{G8Fr$RnZ*)V8Y;N!E
zxwBY2e8_qG4%JuiH22OSpt5P_^8~klL`eIJX8>ZvRZzI>G!#E*;pCa93w+vM{ar^n
ztKajj(bkmeY5#QtA`o+W)#vFxy>+*8bgMtR{mD_UMZIHool5%i@Nn2|VtgVOlkuhp
z0oH8E!BOK`XBNq{9^;sF8VK#m&d_#Ps+Wop*O7l$wAJ&dJ9=yA++vha&co~czHd);
zi#zk|F>GD;>Ba8&Wq8J!kB-~|=iD?4rP#@@GAm*Yh(oP<vxWZVS%X1UD?0|4+0InN
zNx-}_!S3jec{{W;Ok#X`A?`3*bEXoWal}J1%t57mm}X^g4!bJfKRDrGx0D{;zQ8;B
zvR#bD9_Stu4#b?Xv9Vu(l%o16VWEgJd5>>ED)lBH@RJHKFvaI|GCce!**#Ft<!bV&
z8(2fQ7u!8sCSc|~U{mq@x4HGIkjOGQC@@kgAHlKE_Z~mfRa^=ksH^7&j!qYrPF~L^
zh#|`}SgoDzP3!0>5PL6ZwdKn5U9xXzX@mk81XsY%fvbg#&;rqOl&rW~r*F+{Bri-!
zg;dlyrOlyQPo&+ttOjy&a+aEf%y_KB=Xu511sx@Z1*{LZzpje<h=GXJ_k|C|t;1ni
z?NmjF3EV;V;~~g^4Vk_D3kQkChrRh<B^^`*uXd6<s5B>nqxpbF7yOn#>1f#?(ml$r
zV(bCxu>rqN(A1guKHp33fx7B?FYV6b#5w7*4{e{lG!>?`=(-+Y@p+(s+?z@M;c8D#
zCw93ja9$mWViQ#PshUg%jMCFDC{VtJ2-b``M(mj>vqp}Lx<(@A;k|pR{JF4m3)8_%
zLs<FO^`@O?aowg-;v`DTQxw^BYfy$@HOlfRVXL$JN}kg>|FTDK>=#5)VIhSyvVYTf
zv)vdf2+bUTh|c-Eq0csA0`|TbK1Pk_!^qyELMZf29-Q~~3OSsvrS<6&C7RR@Id1m8
z-yIK^5m+fUFcG|Le>^cL_a)640}aatxtd;n-&~JIF%>)sRw>syxF*A!11{G3D)cCg
zV}X@ZXy8kmwi0k$gFl(YM>9xK7uP%w#V3H~^P^-KxeoIU!9TeGL+lr+pJ9JLoK2|G
z696Yum0V|jFWWB&B99EFo5X(d0H3mqpLG6M-LMeH;L$isTS@)<XvU*k>wfBxt|mMs
z1L+Pzll}I5D+*D3zR>3O_V!(E&G-CO{~`N8*VdPah^B?CZlnKU<&64A+`V1A<vi?z
z&U4v$L5i_oPAM{5`AlF<=S?8tEeV>hxq$};?U|7MLPlrUR5oEU{dmAm>-%*qYwurL
zp#P8t6-M!;my_6~A%l(*=poyPU@x6st0D;BnZH8|K?6n73#3Wb8rf9Q31T)%*5<!W
zgT*1X5{bYGNauF1?pP?(4B8rq$|)``?z&@2<8<x^zA9Ntp>XtemNjnIX7*kjOI!eR
z9s%o%Po5&zdxa&7<=UYm-+z!uSP8p#Aq6g8jhrnwl&uRjUl2uHa~HO5^C3kR3z=GZ
z^gJUj232XSlyP`}^P&Z;VpkQ;v#U%jrs`7ha>p*~2(0&d2nCv@&=~G|a_d|e4cAoH
z=EppWSgFE5wg(3YiXq^$!`AR5Z=ZW|(=Eey=U1VF9Eb)oXAA}cJ=xr8QmcyJ;~Oy0
z)bT1oc=0sZHg)G8SdresrZNTBDJ?Q<v${(DmxAgKjmZsm`yiz9U>_M<W|6rgWb3ah
zf49tnF8s+9XpzbyS8{*Jb+GxpO+Xw#*2wQLrX&#R@OtKh_~CuG0h6DQ#m0<?y@Su;
zK%ux5O{?9EULczR`p%iVn3*|w`_mptKtO<x0lvDX=6p_7*Oj|+SA21sczbi*e1J@R
zF*hqTL;4$GEp0ykiazQal!pBJp06u0>aL4hh!QfhT1_9qBFG?8aG>i6B|0~1<R@{p
zGW?G9B^a7-*`u39qLWh`UPc>FcJkY$UECL7A%zyXuFi#`_Ac)hA2-MqmxM>4fhzb(
zTe)0hJlP|<S_DH30>#r908uz;(&n~#!1fvld`7Ag^b+Q-&24hLc!a?B`nhWXrk#iR
zX(YHJ%ENQ}h(wogRhJNW{eCZaT}lDE6hvs1f;-&pBQ7?!q&Ab9lr?d7K6<-Tp_9y6
zGZu<U2Fec<WTL{t(8I&Si+lZF$}2bMrf>{&*o$ZIyLWd}t&Pm^0Qw{lPMtYtR#sf#
zZn|7+8m{*_$At|@UoTqdsV22(e|a$P?dxN3oY-M*;=%j`J<*7Mw2&#~!*TU#|Cxi;
zHBnaicVE>-THPZ{HZ`+d2-!1T#Uo8K?AC!QA&*GT`#fa`HqTE8>;YMY(^T?h-+N5r
zsxmU|x}fr=-^43K-Kk*g<LQPMo>A3zIJ57H-i#~o@R}!2kNCdMwe!>xU~Nu4#R>+#
zw~b=c>cJ)b_ifS_f}bf)!W)RVy8Pf)Rv{tFYfQi%6!mgn7cW`+l2hJ8ThpH<nGwlj
zT2XmNOm_}QrY@j){^wK~WZ6$8Ln33_EdJ1kyYbiX^B?aen;?<u`g_+0nGZF#0TE2-
zsXWhi$RKp7BprEq`Tg0U^B=Y_D0VQysZ-F<&@?wND4c7{fg#?0k?A`X@&<HM)2;}q
z`HfFPa`l!g2~G52QBlSa4N(N#p+J(=29O>%nwDG^LC8x0*g3JHfrNS|x%Eu9KU(gN
zCTAw0)E<c5_IC%sw-LmC29rEXpWD+F3|+gzQa%OYY9q_xv*DyfuYge@S1I<i=eaD&
zoU}Dgb&!v!iFV@$M7Jw!hmeb`YFXfB_jkTvL4oKEzrFXW^N-N7YPS0<?6G$7*oty`
z`sFLBLbjE2BN40E;;1GQwe*`^k-z~WM&f=CIoaYOu&<FeXXG^EI}#%VkB?qdpHJMq
z;1m}O(;9s;c(kK_mO_rMKj9GTYliwdn2mkEnN5+1OH9P0prv<p8}Gg6`cmk;J|ZLO
z-EJ6Bq&o~%a35UyX*v-1U%JV^Yh@-o5uYJq3@9=jSY$UO)Ni|hqlkn&O+*APD={_o
zh-IP)x?G!PgH?Fu`Q>HJp%8}QpdTJI8FVO-D5WQeQtmCp9P(ldBw6%~wVN>9JO8d=
z8!Y7aZ?mDfv-JvL=q#laGbl}33RFY^x1SFR(hL2@GQa|FuSG9vi~n$S;0HvdGc<g?
zN>(y9+=eU5&wsbGv$I%dj!9x8W=e+LM2^Sf(U@GxZnq5!bhII@j2M&yLC1BMtq2;V
z_&g4kGL0QKnB#4Wbbo0c0lKzdH;dsHawZy5q7i19D_^-O<t%6Q1lPQ2Lv?VE#8-Xp
zU4-B5E<f;WZ0#&)3UxZ)dJp_sYov2%?D=}v$0Dp&U$My-qQQ#>4@02G9SxhRvN07L
z9vnb#J(&H($Q64*Z1wsG_48)Y<<ckWm_4HDwl#`;tr>~Ls{X0^{2elQYPLLT^>hdm
zg?@_wvK$p81t#I`OI{W+H1kA-3cZcWfZ8CJxZ~(sfN1}4=IB%Lc43es+I;`F64?G?
z-^)U~0T0GGFKW4oDUI-*{i%G{ZIkh__*?&`i73<eZtP65u(%wnye5-G4hPeH#Sb}T
z-cJx1<0)|zfsO3P5hz(R{F7Pa#W6G{nbnI3)U>o;edopVewEt>AgV4lavJ{}lC^px
z3UoODZ)Rfk*)}WqMDi5@pqmr&gag<CK2<y%u&aqlNa%Y@ia;Tu6bt>FTnCCe-|flj
znCoD~uV%+1teAr`c}~M^v$A^%iwhJ5=7FuOgQsR71(81d0ygT%rcTdoLjqkT!<mJ1
zV&Lz#41z@nYsHX%d0+l3_7B=BIBded*h@6*+ueV|u2bB(cFCPLgL%{TY)q1+NTc&|
z@gC}32(P&FOEuCd&$TYs^~p0<!g2?{a5nXI4am%t2tth+KwiqF-c(!yu>-x7GC+-3
zFu8>Lj|t$9IM^e=r?AqN0ABAjq0Z&5JOuGn;-Q$Sm0$tc#1J?Qu{c!oQcw*3%&?%S
znnn*t_+B^MU-zLU{m3Z`G6$+o*|*L8mT|Kmf91;t!_;S-Fhr_8mlmfr68MnH`yu>6
z7adF#B1Ze4jkZ#*MkO3Is?afC0KcBmHtcwE=!mkIW)X#rXa&(>!LLk=jA}oyA663Q
zEnsnbg#FR;mU;o#OqfwpiY!El0FVvBn}xUCEn&v>9B<tvy>?(y@4CpmDi3hj7kjne
zX&@u=G@c5^p)~S5(5WWsxc?E;>U*>!pQ<%r5{|yaI!5X*m=xEtH9w*g>vx~6r6i(Y
z;r&X*B?MaBA;KBx4`N-qiN3i_PMdNm!Y@2`cG0fXY0Gu*v3VIH*?RQR#EbXr(RUr`
z$txPUv3bEyOOW^ixIrFo@y#UMMpxR_eFq${goT7w#jkV7cs&g5%C~Lnyo~Py;c<R`
zj??`5c)g&zs<3P!=6SUo2^RDpi^Leu+&v&5;wvA0_W=(!RGS1Fg*I1fXkx<n)odm|
zf;~MVE(jLe&RRsII29PM7`u%Jqdz&hgTG)!Cntxnn9pZsXLtLpanMZzO9-St`s)h$
z7SrHXrj;%E)vyy!QAL)7SIZsZu%j@|5Z<Q7unF3XPeE8~(-IrcX1!wB`F+>kK%JBK
z6(XUZ6F;|>b_PBQC{~jBoL}1K&G)w%lI8iv1l&;_Aj0kwU8HK6HJ1f31j*x|&dfI%
zv$`#iHi;(XG7$8aO+cnaKm-PO>uXOd+yB<iPI#ybgb?5vLwhCWnUJ7@s;a6Q?{`zn
z0<TjTAot{TQ6`fNUQ^{lkNlhUj%!V&ZC$ijL>4KY%E19+t_b&jz#BY{sd_0aEDV0S
zJ2zRWFIz&?0E0hyJsz{>XU3p^*(Q$o`92b#Goi1cirLP+-tkB!dW5$c*a*V$*in_7
zSINplP?&RR9*-(IfH6Y*I9u}`kR>w!a?RcRW4n}}az4?qte%U|5Oc+!CZVK##0%}Y
z_e$OYGGwsv6o=Q@S_8}}dpe#h!A7Tu@%~$W$(rU0jr)fF;K7xj>Y-(T!RbH25ril!
zTpS#of=UK&_htS`KZi6Kq&x+1U*&RI*2z55Om>kr;U0s<&ty1)ZG0{^_PpE7?J*LC
zf=>)ZQ9U?f+Gr(}N{cR&MD*SNJF1_dK)OB%MGyBU+a{WfBb#+!iI7@o2-Wp#e<xQ%
z+@*=T>%|I`fUycJrk*P-pRTkE#KE8aJP()LneZw4ky5?c8wknqdwUG&<R=%P86Z(|
zWnf%gb-Zv*=hq5;>RD*)-sK8>YMTDq>LRj$41~VF2}Hzw7YY{4S1GA7o1@BqA!Z5B
zi%H1`0_(Auj1a=?NtP0Iy+YtI>3q;x4TVmk;hF6cMd%;2R8#_ibZJIRQw5#{w|yPD
z&>SZ7d74`|76GfKEaXpl){m`5Ii=9dzTf4x)<^anPwAKZM~4M}cRHpSQ=I!WI7GJq
zfRD=d!9ONUaLWfR+#^4!Xak2U2Y*VERrRQ{_qbH|g8k&C$X^!HG_=Mv%gVYY;Jy1Q
z)~!X=<)H;gH1vMs_t+i@Zv84i_3m{uH~RxeNZtT&1kc}ageD(;93h*75RO!SQ_+mk
zH=Rft8QWND0AbJo%=iD>JmIGxpVA@#FLBS(*;}!~re0k+NTo1`Kx1Vv7zEBl8k;I5
zd9Kq2BOuibYeKPmfuIed#QR{AFT#X(6KUDEYGalWK24!yV#csv5ge2E2xX!A`9GL_
zLz+JcqB2e_QQq=q<?%P`XqL81gxC3uodY)xJ{wn79WqIo_#&n~Qy@zSFx=Y5UY;M5
zH3DH10>guoU<h2^FfcF}36BGRr6jZbPsD+PI71XKwg#!RV6@C7r3D_t$#>z^hu^+7
z*R&_&P{@A8DHi-vv{A8oP%05M<2XDn2eS&9GwP;&+1S1O?I2NwSl9kW12MjDz|%5N
zY-=G+*Evey?T1h?VF5kN#KhH}CYHOyiqL_Mp9)P-VUJ(LsU8Eh63*pQ-hk;m!PA&|
z$q-jvdr0Z`sGReseU+&XS>_#)Y*z!ezn2_fhtM9jhMbKaa@!>PF!|}xzF431LZi1u
zXp(&T^#P1V&Fjl{A5x;V?Nk?XbLZlLrWCd{XuB={-je`5Dy;wh*0ct->C*8<LVM31
zQ9Ih$=IM>&pFuzq7zCXDIS82N?!h@1)BYt<>N<cBl!Z-23l;Ks<RgTFo+szJQNpSE
zr3Nt`uatGBU&X0y^~E|Y;gbm=e&8ntS{v1HUX8n<qaDo)(T_aK31QgaAT2BFh0gbl
zSaU86G+HNvUxycWwyh?^Qms*v7{9`~T@_xoy>`4lN5z29zxSudgz;15$OT(LJO5tv
z9ZO|hP~5(&FSs$+Y;|FfB!ygvtwfP>^N&}+!#;of3B@j<`7)vvW7%A@URS@fWQ1$J
z6+d$EI0gkxl381v<@2^KlXIcVgmE)Ul9xm_Rb5kRc_`j&Bcm@(J2EKvO$L$&k5=k!
zPv_aW32xl>_(f<4yj>NEBK)9K&KK`D?l*dpLrB<!dHm7r&k(;=%-=}B4SzB34Wls{
zduyMc97gZzjNzrzh;mwy>Nk&X@UyI5=cPN_0~k3Yvdu9X1s9Rk1#=PCbvMS@?|F{C
z-lv`XZu(Ym`K;2;W3LlY@zw*sad#eq*gUw_*6_c91N&o!EO~ntGH?wW`A2->r}H)1
z<1dXZ2Ga%x?Ks}Ms(f!D?v>{nmDCYEEw5DV?u2xyuM|4{&-5^|{hm<Xki-&0GH`HU
z$$KSC6_$OXrlIW7)C@a6o-(UdjMEb-#Cn~>Xqhc$VQfa=7auWEt=3g`1->DdgDOzP
zWvkQL%6_d<e&^7D*y%8VR+A1F{5^q;ZsW>Ic+qDtj`c7a1D)c%XV;T@rL?mXqQ!7n
zswK#htt1C!8u5an@GUtXeblY`F^q)wKvAeCPf3*OKLC^RcTnFj!21h!c-cypKM5j%
zDD?Dh5kMicE>8_nto*AnDcz9^W@7b$Oeg6T_96Utmtj@zFLrMZq#E+}K+Ij<P#%)+
zG^9o+bM$in&B<y4Itm_m$iZ-_TLcY#@OJ-e*5VPuSDsa(7=Q=}S3?@D4=?;H#l^)T
z(#oB;2_m$zQNSeX5(6Jyh}q%%nj3-y<aM7nQ>WAxVqLS|tP_^^2Ej<Z>AU}eJt-p}
zj-6Ew)U+JkR+&g2a=Ix3k28KDQPEWG>@wXB0{7dKHVe8bJXFwEM_a=r0kSLhOJQTf
zFyZE!B|Xjbix$nG8W5K(rrhxYF3uc95|sBuNfkwM!BFqi1+Sb|nz3Sr18Tnx6W1z7
zVFRrU9${qEvmgGo-}vRdK}6?Hi+8g>LZ@R^4}X<8R~4D+;(oECi{3sjgQ15m*TbRq
zE)U_7E99k-M=;X-EBrZrD=%~}1}I$$W@7lSr-KW;kAckeegEAFf0+a0gmzPR|3W5+
z-&0z6QSHOdO)ej)Gc149Ja~V;sBA*S^+bSY99>C&02)ojs3clb7!{vHkNHb=pcpP7
zf7b?Y)r_BqvO#`?1)!-nJ%NaVCMFb*6&hvz#mXf%z;5dnik&PKxYp)wFq*^w3tMPU
zf7gep`wLigfB&Mx#&6D3V=dFD6EHL+eQe3ig#zsVCJ!7CQ90MN&?UQffhj{oOAAk>
zLWee%a))qMnRZZqdeiiB&+TBG1FV=HF$cKqIWpTd%YTH5c%_)7Xn82jgHKUpQ*}gW
zN@4mEyB1BISi!!-cw5-ReW+D(>sgqMp#kH>|M)8%Hm>2!OxrTLGP&g<#_9ar*4|I4
z3ji5-D{wNqOWN-c$#0DXHVS;CkZlYX#N#lO^(GtF&Q$NK=zlSZR>veN`%E;n1t!F7
zCU&s)V}RB&_jH#2GDtuK3=$asGDu*fkusG2LF4BYFOEw4GVYOL$Hf)8+-JLWi`3zL
z_t5pPrA(*%ZBxG$(R6<duvWNFz(~hD0@%Z@?a;Q5RAlZK?pS@u$)b3;sw}GBAgU>1
ziZ@wZzGt_J#C(*Z5ncXfX#^O`8cHU$6y>E|O?GJGi3hfT?_3bow@jAl1Ih1V(~~Lv
z!8r2j1}ck#VXL9w8T1982HWFL$QT&V3QK_T=X_}rB@In4K)Db6{o7*ydK+1e6x{4^
z@U6;VfS8oD7p{;*G*S<svQp4~Wr$O62aKl~t3?=z?E!z3D)(EfCtw_(G^^uzyAoR&
z^Fl{Q_i-pLH0tPq4=(kiY!dHEKIaj#;-XrdapPj`MrmZe#KO>uKv^?^Nb+^vMg6nn
z9Hv|r^|$%Lz%J5pM616*nO|o7d_HgTMhW>t<@_mgP;$>!ah8d|Ox9zi%n(T{R9rYQ
zDCn~NoDv=r`F?i>JziLd?`|Fyi)G8B`N<Obv*P?@bfZ_#w}t#gpxp6)@|P6}n7W?(
zUR+cc>`DEYc<TqcSUvj}6;|M6Qhx_q=JFijKM<im*D*Zbd_JOyNyP1sV==bf`IP1U
z?v}s;C|5QRML5tOfg2Mazf&(+>()m6O)eUO5t?tJ5@1%gz?V3$yh>(#)mJaU#Q$0R
z*=#>8z3p>%e`)2XM3a-gN?Ro9^i+~x9FTw+=Rl|LTNFI0M^JVQYTyaILLajF_vmP!
zyE_*ObU1qgjza3=M<rENgT3*zv)kK&UtNC3AgeD}HaEZ3^L+qZ-=^*R2fJl*3k2Ab
zAJ$c`p9RIwa&}Xo7V|k*$ZP0iF+v<YcCWou4a7iF-|#d#d?%?6kjqIhrFfbUT2cQ#
z6WaK6hM9*}TIlxqqSkqlef+@H*)9lJK@nS)O2PG;S4<nl(ZQ-Q*Bx!$USdz)!8Xb)
z8WJU-gZ{x~|F=078|2s<UoH|9&??@|_8;YQGoXAv`KR*Psi|V+KRI%{irs-YCCZDl
zBxb>#Rm9e2A^0Mb$W?+F2iC-%`%G={fX9Frtr#w@vk6yVL=E-mOe(5xXD44cF6)QY
zW=Fq_408f?F;_u2JUe%h9oi7QqEn%L<a0q0tEpTrB@n<`hylfZ8%RAztr8NcDlNqT
zz4KRoUXWT$A`&#66x_|nTGEd>`K?!D=~^sSY5=Ywwa7ikGTe}RjPlXh^(=(6E=Qvu
z`MYR}eLzB5|FoeeyeK3xtDD<~xMc7JE5^GV*>w+2uB@EjRs1uYU8v0`Cc^K8?GV}z
zjt+x+EmJ(?7AYo9Ez*l>1dEkznNKy>z8@oD2K?6P9jUQ92=AUdPhq@x#bD2_eJWsh
zG>`z2i9vT@{^}a7`T3bP+I`g)nOnQf;^+=wrc7ypUMCcuH=X}!CnBOc&^4*>vo#)-
zMXwr&D^S`#$)yzu6%xJ2Xtq#(|7R0Zn5<xNN?^EFYD~)R*+$RZ^X+<;LQ(XOAK@pf
zEt-9Gz?>V54y+m84c6-fKvSgQ#cmSSY;mHM`N6g^6DAi`DNkQslA%8dHCjn#K{Jzf
z-J9Q<TxnbI!Pt^nquIwy7}F%~tsbft$qr5#b*uhgZ<5V1u^wQUBT!;<s-3-*&ZWk7
z>i+cL>Bim2sk89$wu2cX&0YSDsCe<#eT#T!_6l$+5YMmsgBJY8+T0$nAg%Wp2smxL
zGZ_dNbK=Rk`-2yp?qA}2qCm70TwF(21eKQt3C(X~w{Sj>js7K^(0+#m#0_#J<;jC>
zWlFb7uhBtHS~*KpRwjz6!_zf%_E}_<7G~O6047|nMVwxcOvHCG`UeOEE-&9;@gAgx
zu^1JGCre68!~3$>fnijgTkwFAl9Fh_EH;dp*z6AqxQY8craADi{k$JnouD}EP_51^
zURG2$s&dN1ygY-_5b}h<+vpH0%)uDHidOc1wX8=SHzLgn9TLk_k;Hm^QTqJh??ot+
z2l563R3-*C*ho<fJur=uwM{55n*G%d@!A=j3bQ$0Kvs<fdZFTls+IHocFjh8D%1St
z1huTlsHMaoF@{BGc{aHWiTg#pb%S)v#fIz7<Jaw5UEqj*=Qg+?_~#i_+Rh6So7*A&
zs5C9!dzVpb&;A~lpr@ZaF<RB`ng|&k-5&s`^*enaOjes&NHl|e*qwf30ZRYm?*94y
zD8eXUHv$xivb@je0RaIjOM{Nf0C=5@%c5|&y|V+}5U?ZP<s2Cs>+^q)mUI{tL%IA_
zB|fn*Uz00&LDqR5ZRBFJLjCs0W?n=w*F4TME1om*dLI4xm*qdIsW}3KdG~Jo9MYH^
z)$@!-fM^{e;`;`+tOJ_DluL*2?~_=bgrVwTJ0Hz;zlEoD+USg<^#NES^B6P1f9?1o
zkh4py`IRyF*V}fWdFG94(D?Cy?M~yx<4=2E3ZT0__nZ=Xy`DK{zF+XwGC=+FUl{nE
zYBc@uM~ukk4~WPH@kF$$a0{LSmF1L<qoSyZ#OC>WAxF2vYjkc2FctOrPA<C~!EO)O
zR55*x%>CEpBv9;HDisvbm-2~3ASf7L7pF-pmBsvHNo)+|9IyI7<$1?gN@bN;#gS-_
zt{TATmTxbQAUt-#t11&U>srIq-zva`#$di!D~xG4|NOg^?w=JH5qL0x!!#pzf8A+I
zTcfzmegkmZE2}$7VEAbmHoXl0h)NdEty<Q+N_K0jgSWct0h2x1_?|Dnb}B5v4$gnA
z;8IG9c-MvaI>CRt7XAyT{4?~0ivt*vxg2f_&%al2%ZKqKdCaJ89n7?5p-W{1T>el~
zk~bd=7O~#s#0*rL{$}qxy2XKThQ%G`bl8^z<oyl@3O{%}Qz%UbDad48T-Z+9Zgu?q
z{lBQ10+{68VM#^nNx@fWz)LG-t`1i(PBId;BXw*EJIf$`+|4Xz{iepzl_CDH(&1=c
z3u7Cyc;`4Ph8#E)tt1^u+s$HOOeSxC!TS0|p_T6Mfq+Vg&*wd37wqRYL$|x3tIStd
z^B{ZkvpHRiDDS2`yZ0Y&DdXG0Lf!8G9RsTeqUT2YbFa7UVW;}6iTSUB3qPt!Ld*$W
z##?UYZ0JW_tw#y~<&`S@HpH!w<~r>qe=e*=MVHw=k;-YypVGj0esS}UV|*Z`#s6;t
znF0Zs-Ay(Gmi@nu?ade%7<2f5@fD#iGAIi|LW*$uoh1pRZMj&4V-S3_wgMt-Y)U>|
zpmb_5U+#@bK>Y?)oN2_})dX?e+@y@9<tPq8Pd@f2!5XwKF&`B+F%JbDVv!L=!We*t
z+W_hjC1vGgajX##r{iJoER#f@*gLI88;BCs3eX<8v&mbS4~ACrgM($uK!K|?ogu4e
zY5#MQhe2ta_m4mUH`nbxBnybJ1G}4#V{=X9VnV^w$^1rXM86m->?gSqcYgX>hZeUo
z{`V35L%}$IKYR@#pF4zjtsp*E#O-fbiDPJ~jYOE7jCDSv%y5@5mBvW@@qo~S(j*-7
zbmYYvu@(pa=?P<U0c#Nxw3T8eD~p9FV#2~Qsbb1-6wiq=OU#GRDRw~6j;3y3bVp2X
z@nLPZ{GVI^u4D|W1R#+e;6bQ3^==&<9(erPX>G}1^TOk`o;Tp}zI)oZ9JpL(dV1OT
zGf3mSz6>$lya7&17ONM+nV3-EwG-a@^Bz4b9(rbxn|$D`>2CN%!M!gfC`LQCzp}w8
zvvgT+<3%cRlFz%;eVgMd9KLu&Q^OCOkzVxKk`%D0Y@vq3eY;F4@rC3{&wy{}XdBig
z{7nqgpF<$fS(}|tBY~ZmaSov`mECp|%0A5LVEXgE14jvnVtmZ=c6C61O-w~gYxDva
z;T@1bktvNkg@}1fD38zk`ou)B8{Uxc*DkFC^pDqxY&UEPbk-zZrs_VbRdw0Y5nz@6
z^Y=hp&qM3Vjdu)GnP2PwntBPkBEzO~q?%1a*E!xgUvGPIrhi>sx$AJh_nddQRj(8n
z3C5Kj{RDoicM^Xn@B<*9CVxnew~eY~2mB>I^18bqe<ct~o`8ApyGs?a_l$<}Yays&
z!J}>Wh(#BvqW>E3)p28c`UEu9iF7oanmBR*^nbJO&_;4=g4iTP{rY>}O;Ej=8YYT{
zU0-;y)yBZR^-H~1Y0#{&aTT{Dd^9d|sCm!N;yEg-eQOfW4y?WinO%Z0SS&;zafcw0
z(_{3$BowzohEF?=_E0|sd<G*4xZU*5eszs{VmC3=u!M5f0ATYE4o5f^mibf_;0V;&
z8-j-N@uN|LHnI8Ndq%XzIOcA2CBrPGOOk+yS6knB01Eiy!T5u|rjAF7O$9KT+)-(h
z3-Qq&eIQY?QY~VkkjsZJY?z>HI;?X3kXjH11V&~APS{`mf$Qh&yrBlKVXtQz+v=M$
zE33{z`aQmjQ->bE=1oM-sCu-cw15csZXwca)_KWuT60lxJ60k$!@gp<jsW+tl`N;e
zi&C#5@7!|W(Ec+Wi2&m)vhuu8{Qs!AXi&g$0}U&+HFiXLani?qbS3n+f;KG*$-q?N
zJCdwCZ*Cd|%&*`__J|}|HxyezTl~e#I%svl7Nzjg7%|*)ZBmQI?))Kg9P3JcsBJrT
zz^))-d)tt@TexC@X){m>1dz`B;hQ)|Mn??~u_Z~mgAR$lMrLGWDC5j2D=2&m4@a<A
zZ^yq{!UQ~FJ%BbB92REqY+x8_o7yK5=YzT=X8-+qCXduz=BaE%(W)x43<UR4_S+j5
zTp>OhYxJi~e)3sZc>;dPlZjz7ylAfay;Td%jf45U4K|*6*fZc^2Ia_oQJs7``;Loz
zQs88s_OHFVioyQvTR&rp_$xof2gvi6=N-<qo+3YWmy1<wEVg>g^p0!V?H@y|&JQEn
z)}JUyJ2y#djByBw%|l%fa2v?{3X)-vWMmFlC|oZGXHCVV4!0^()Rw@#??1xfdg-MR
zs_ntdADsZA>VMsnejP#RBHg)78XobN7r|VFFR(u$jsR!~4<)ls(=Oj)DYpa4Ob1u5
zSkim$oGJ&S9tm27#W+)6)_&1cR<kJd{j;ZvK4P!|^JckDSJE0&qth`H_`p|zW=U14
zpfU#2Km-ezCf33?Sz7$~EG%fOnh(f&2L_n*1813l%gS$ILqtj|jXE=EJ5Ld(mnYY!
zvmT^E;NOCjloSG>w}EjhNCGJlHp!7-ngYsq@FAYU^4&17Y#mseg~d?j<L?>)FE^GE
zuruUx9z|KY0`fNz{PE>8E^R&*{Y;eQE~s;yCiA&>?4c!ZUozS*ePXj0Tka~{FDzs_
z>Dc#v<dBl^BV_6eD0SkkxxYh)@H}MlFhUoGmWN{a6bu<E6!XJg&FOthCA&=e!Ku=O
zh#II965he~27yUiTiLUvxw*w^^^teW0_^2#oFY71|A;bqMtN05!SPsfja25XWwj6_
zx9p#cw?kkiNoqkxkHsYZEhJ`RE*Jq5DLy{Y>;4JJ=y}~EpC(P}XSzY_^*%Gf{raj>
z2}W0M%bLNHG164IbC`Ykq|wA@CQeUt6_s5@v_PpjNWXNZ>^#h~gHmXTf%X81`|&tV
zku_f;O9_J5i8SQdVQ$WEiapXjWsD)NWxS@(;zzQ}&r-NBwYI+$aA2U+zh|O=_U<jS
zF2d;P!6arMyCxE8)CIJ(0MCK!9m1(hN?dhEim;{I2C&@7ASx0NQ~PaJovqla>t^o!
zgVo)xp>Ox@{aO~+dch>l;q?w>>&rq2mnJi9p!CiyQCY7&f2M2(4{!$$09>v;cyxW?
zMAR}vPKiO%fI<Bn8?!(J32Y*}{jSZ~FMdaNaq+m%zo($UBuebb$;t5&v)c>mRN$Tm
zV(IVV1(IFP@spJGZ8T6}r}TEJt-x`i@Xm=|#e%t0P_NH<e5I#AjFhv~1tSZ+RVtw~
zF}VM8t-r3h_j_2AJ=qqXlKDGy3mX&@3SFtxb9jY&EBl*yhtxfue8;8YHNlJbslkxl
z`4?mas9TCI7tM*-Zm)b=GMHiQ>O-Z+r}`7NXM9n6*xX>Yg~;F9;%E<29cA|hITH_b
zxyNc&P{WdocNif3uSuX7TS{p|lRe3!3JveF*2hdIZqtSDfBgV`P%5(};x|>y?>2fZ
zr!7@uOSC*vxdoQTx_YeApVsg9D7TUjzw@Qs{q6)}&ee+;->1&ODD2NQMklE|en|^5
zIyKt!?~cC{ok{B}ol@$4mmF}LCb9TqP;rrhYn|MG?-89~<Y?skvwy_Lp8V3863dQG
zSXk(>G1hgd%iS?$mIxvhuZIJ2Wno37_cK7y&pSjMA-&8DEMx`~U|%aLHU=UaddtL!
z6Xs0ea82#`XV6I*<0AXsrxLG>a0Dve(i2%w$%&{tDjBxOJ+Z}M;h|GKQ&oFUwPMSl
zH4*eIos=IJe98nqHhsi$tNMcUiLEwSP;zboK|z>eyzsEN%3w74RYE9g?+W5iX0sXN
zn~$kcQU+TJ9Y0$3G9$TOZYZ3}R|lwXJ$vDGxdc)P#;Edmg!LaR$C$f!1+<`dK3gaS
zL=agN&$~Cz6C8V(Tox=p6@fmOZ2A2CLn~{GFMB#)Dj>ooeXaIMwSSF$`>Jpma}%st
zlEVgx8B^)%xuJ7%sFS$7(cQn20cASVBL8XWV)C}igRzyr%L%1NL@gt&t-HUVuX3u~
zm&(s4n8hAoe@!>q8q`S#ArbC2tb37s{+y?VD<~j<#bTz!AD&99Szl=~MLfq-R-Bvd
zA7S!cn5y;&(?3j*@`O#%!CieoZu+HQUY>1iw~rKKprZ7Gx_VU_8Kg_=fgXjX6vKFN
z+3d+E?nI4^ZR#Hwn4$b8K=^VG6%R*bf=4xD?nQNfD-;x=QUt+SJK%N9(acuy3gN~I
zCNp*oT918?+tI!I`&(4JN)7GGxGwLLAMHvP3yC`l4)$nmi2a@W1{sg~3tU2{!ncI@
z+vr)3*!;>OWF6y-rdIz5B6EGiG57o5G4nUG$Us!%e|!q1pin(5k#nWh#YrrN1@<AW
zcqO~@xoE>{Qj=|In$_k@Wv!_0=wMT&T7q6zHSAhb0$Qf;T&~4GMq27r$}Yj-W|#%3
z6nBe+0f_TV!A{c~*x*LyhM#uufDA_Ycm%*py1qffi%Ch*<X589n*fj=IUAdr<s2}s
zs{tUYu<9auz`hc|(d<;!$Kdz@b@V~087&0qt&=XImV{UyzDD4Tm|a3@xpa@qR!&8e
z)nG8(gvYw4A|Y{(+1W{LlQFl!p`*K6^ET#<#d>(@%v7zgW_hz4GFeVjCO1ek@<H2p
zGQ*J@Cr9aEwYvLR*r1p>|In`Gg8`()ey&}g5hoKE4MPV%50(*i+V$RQ!qLuT59N@x
zM3^sFt!#VmVZ4Y(8mwr_x>F5D1ys&K9A$9MXGDnq`S?=#_~?RjP(aGRl;S$xV<uPL
zyDWht+dVx)j`6P!=)7A~7z&U<1-+FhoYuSt#4{TWeTBH$1u`b!Gi#uT-naNATy~S#
z9M>&Ow|lxvk)aVpiPmwfw0m*_`y!PoiC79i&6)x%VEl<ibMG(rN?coYP6MpZu+0Dw
z^`A-6Oq1SdTAc2iV>d@tb*%pk<~P7;xl*8H)PZXtG+24I!@!cPjXfURu&TOoe-(7n
z3?ZIyZ@61w%!1_pGzcbWcZNN$f`NsF?KT8`Pe>W{UnsB{8H9mbwx6ivsXd;J@b0+V
zRiDeDL}pHxWFnfptGi_Q;Gd!mg+2TgN#jSQtLuwj4#K;c+~Bjq=1*N;-62&S&N5#6
zGAz`ag7%x`vBuu9c#XBw28oADZf2>9PT%fYVbES6+_MBoe}+&uV_0pzK3pj`ulVZu
zE+SKW<R))7BBmaN)^Y^CoU--ig8RBww&ON4&@a$$9;x<-?@w#{=MTDVw&=pz&-|vE
zy9PD+m6T}N@QEA5XrPMM`i!Dm2R*|DjlM`%Q2{#c^_BeP9H5vQa_C(PUXMh?02TD7
zoGCUvB&2i-GZ+AVluCA;4FTR281SP5$g8<PhSg-Vqxq;&hr5KE8%K@N7%?qvSrXhH
zF>{+*e72`Se|Xd47$14l`+35mI42hj5|A}IL0<I_bGX!<i(%5;6!sXGA4e^$+a0Ge
z#*@;{+q8}26N$Wi$FJoSJfuYwrnz67wjHs;$#_y2bhQhQD_54P9N(t3=qd|Iyy2<9
zR42cobs!lVmf9Ns#BI}}Ep>mWio<M`pFrP^i|`FkNoj>UYGv$g10rd)24Y>BQ4MsC
zxSm3*Ct$4R@^jyzd1m=Eqj|_$@qXlTz(qlZx?=xaIoHz_HZinAMdyAZDzLz<&+NHq
z(8a#}tn!dsNPXmMn97ezl!E;h?$Z)qJoqMN?*&?=)@`Kzdo9KLdiNg$Cl<HNbLOIj
zoLJ%S1aiKKbI0(D*pca$yQ8VA&f+xd@9Z^90P_nqr-39ezs&q&eo+}N>(~}(zS?Jc
zFPzL~((4)AF&!(hIJh!yU|yTe0>%74pW!IJY+0ZtMX6v6sY7&&KyeUqI27XOY4y%f
zP{$9T0+sa>#K(EAg%UNIRDMP0%0rtEZMcEy0*k#>RBPk2srpz;^&ay=0YHgLs+-kc
zjC0(qJ;p?b$SOUUDTperu2O^BVsBctawJ~i9Xiffuw}#hBeOxo1u0Q-GEdc02`^%y
zP8{GBGuXF&Vr%t+Z@!GF)^?l5Ba7_E*Ed=J*vh`6Sx(>}8KT_Rce2;EkZ!QWOFeh|
zw!9-`PuG>Orf>L}<Q*~|YJba&7ZEj6nyBdNU?lC4T02Wj^rVf-Q&Tjhwd{818vbnA
zdeV_qYXn17hY!uj@1>@I7{3<Vv0s|5Cp)*W@KGFPUh*%y*Ck=kI^4}<9Tn`kHzO?6
z31@wAtcwlixR#tw2Gg1|!Nmm9KeIf!E(g=Nm=5rHT(*Skq>nkS^&XH$W~*Ox+LL70
zJd?FoKnf)?o>tiRL^=J>lB;CsJQ?0s94o99Buw1#I?v@>LwmXdhV{{@-}`XUGIlG3
zF9*lQ@-<H(xSqRHnXOc+>vr$ioHdehAaNj-VIaUkD%682W`0hjjdx}SH#xd=6Ulwy
zH`v5AZmMZ*N6+Hb;S!6m9~ZrAu9+<NE}rkQNYe?Ps4Bc}>2d0c6y<cLtC$Hoj2O|3
zd1NkS5GR`2XRizuW@3fH$Yt>^mU4^jHRw7Ll>94E4pXp9k9J_bISJuF?m<8#uJok8
z4Z&jvJW4e_RCr(Ej^PN~J7#>`-sZqsY=Ndt5kk{rNef!8BmVchRgM6K8s`KXFKuf2
zXEf7dODy}xXyzENjgW6)wJd&EX}uM1v#X$}NG=|$rl;msi~tP2T>&>nCAZ`?hk6`?
z9EU<s(=Fnpj>M&<JaI$Cix#h^8!9KiwZ<yaMUCd?r6LX8=1wj3OZ}4^i!D={wV&=i
zYRj#*y%+8<SwbCB{%V!;Mf3H#dQik9BnQiN)MF_uB!Chwcr&x|Q#Y|CAo(f&s$pey
z0&N8znj1@E5L_jK{aGxy=mHBOOJm`&%6Okjj-HXtdBiweW6<2g7dXTB+m{=mBcJ<J
z>e094-3K1a1rl4BrXpQxv-zTlByt_YiO8|hWQKsHj<N#rOHeq$nrsC4@+!>wV*8o3
zq<1tfxnsKQmapF8E)_-uA=5phq{(Rz_T}lBT;=te)81>HZ_B9c+>N{Ste4_N?M{%t
zZDG}gQ!r><a1Q_y&MhMQ3H1jOu03A5%+1n+Ub#aG%@}~Dk>=?A+SlW}%2%UuY&zBa
zmUrysTe~XK#w*WbI<NO*j4@%8;;Qj4#0KD7Qf#GL&m#ZXRmWvhr%s!7-IjOV>;BWD
zleKYQJsOp|z2fV<ka9^^+ty1&m&x`uCZX{lt@HWlwzKQq3BQ^93H~Fxk>s1x_J>jl
zy|(-F-xr<bJ5#`<(};jlh-q=jOP2l#@t(%F!vLR%`Z;M?-Sbwi29wHy3KJu-XKeNO
zwXc#v)qX%x5DpHL!9v9GK^EAI@^U|$`b+PmH!~%upmd8wvlM?$N%&K!B!q}K2f6|+
zZ9Oh~c=5PAzU4cT6cT_xbB_$2ETRXlE+*$u-$bXSOFva9O;`Uwz*!6o61~ndNNrA%
zeut?3_w?X90_Cff`u#SacBAF~$Yh=(aDL2us$AGo15_gHBK8IXf(+r|l9Sy&nNR%?
zd`COA9G_ym@$(><m(=v)frYx{xBi!}ibn@xwcP_IMKh83iI?{+(f-m5c*?QD@6?g1
z@6flyPU0pMy>Go=kK3CmLKi!J)wN{quQ`UTU~)6l`>LnT@SX2cT1;bOWVeZGk9$5S
zaMhok*=W?7WKk^&2ns4g3elWl6sG_niN1lsTq6r8wQN`|OFCtnu)EKA?vq6;RH_0s
z-s)=5hZauc#M^F~Uy@b0Lr#ZF4elkycK0^@9&T4nyR}4^uU`A01lpGX=#m>0#Tq(Z
z56*}MU5{{O&hJ$kevQUz^o)!O;<D0R38`ZP>rWyJ1kZDJ>2AM1e!yQGW4&DXa@umx
z`ugA!e|Nu|$O07<h{1;bHMgJ`E-6hDbT%=}yIAK*!W!9_nD}yQ>f4h<LCr)GK_4JM
zHgO;x&3|6?nA~AU|Iz#n;I$nkyY3y2p(%SdaLUX0a_+7aYx?^;y&VltLgI@fZ^r0D
zgfIRP@<)`R);!LbYmRjHD>~H3eg^wBvlrI$_wBC_iV3Ar<iyp@8n1|}xYIT3jz1k9
zO-|aY$Sc}-6}cmk)?9q0%~da+s0nS3v<=4bNXfkU*c6d5EL#X65Hn)^Mope`hHs-d
z_?;Z8_d7oqFrk73z$8ObqYYRkqZ8I^z(dld$$Pv$KJb=w4*&R;+Dl_Xm-nTIdYwmj
z>*gA+bYZ-HZI)RYY@bDNM<uW*B&it^Q*V+UjM<4+b@pUV5SRFkymX?V(&e6x;O<sR
zncIG4OnXjovCs(%DQZ6$BIC;&k*Onj0g}17q<la3yZs=<*4G)CYCCQy7|mqfEwGfx
zTf`&f5rd<;OK-{_-p6j-*C7gzI#2Hvd$uHcw+!vbDm*KreQeNFkt`zS^hxP>0{ntx
zP;pcJCw54vXoA<YQzr{F6$QTa8Cp+$)mXmM)!}-AOC9mAT$+}tl*o}gBfcbvb<Uo3
za-UP1*BPQGHx^vHI$pu7YHnwCuZ^Xdk}+>4G7Uvx5r+Mtzb(CXTAU&xI=?NDCu3^!
zo9!TXZy@Mm5a%2r$vULIEmnRubOxEt8Or}TIruBdi~qC;GKe^TECh{wHi<>2;`S$X
zQ7>vS4cK6uMqqK9(B>Q&LfF_SjR4Ils!tYDH#5$HDRyVJC_yjB>SSzIJ?vnyEULJC
z*m)BrL$$6b|K;VRmT+zz`uyVXE=awF7dK62!g9e;PMKrghbX=h`*9nJz{R3fW1J<;
zJcku)XlPuaVfFTmDID*aEeniNF!x=zqR`+8&G~Y#n^3)uN%^z>>^eb5YK|?;y;0Zl
zw;M+@J)`|I_vEvVA~RQSdfi^MoS^d=UCyNz1E#HvMp0TpwT7KU@9i@PE9^xPWvEr#
zb%VoGdLCE$A@LBZcO)>5@+-GPrNU<1PVRJ`8p0QMH5I5IQTn!x`zN!dMV+kIg;pY0
zn_j2(l=H@m8co;3Zb=Z45TmlUhIi%(4+GgIGZ4Y{?dYIQo=vCb<okZEgi#&k-}S_U
zsa3BS5F_K<rf{kD1C_0xfku2zZ2<*VoPQf!zZ%t<OfbppK}YWK(~7<=ux)6~k30mf
z;o=}S%fU(;x2+F>3_f<QIF`lE2&Yk-N_{J=@Es3yPdh$oV`R<<;?}Y;rX4dorh3BS
z*`o{292!4g7~_qG_w*TC!%Jr4k2|}Xm~b*fbG`E>Im_1Ra#qXMqS?Jva@~i7!j!J3
z#{=9+O!=u`%*3Bs<Oc^$rRz4q^v0#cw4Z}iGdhxA+EQ}Rs9)-isst7cvZr4z<QFZD
zxwP4y(GS80<Z^8l9<Sj?9xc3!wp&d6#{ekAGkr6^a5|rKCqimIw;DiY&Yez@?8Bv6
zM3v_O*oTKUa4c_{q0ULg6)F@J#AG~9N=6n4>|(mJPDh4>UAq^yM>-kdV_*BXTF&4!
zdBHixJ-j2XcjZS(=a*C(^#>lySL1csW;0nU%B?ROtcOPn7reWd8MY*9&Fu0K+DwJU
zf@TYrgDtvGqpxIK{notRBS2rC%2V|&H#?3Jznq*w!}d5@g?jg}<&{U4LCQ@0t*>J=
z@03MQsk&f)Yn*x_;_J(;?)mKrLO5B6zWh_Y;}(wB6O*hBRaOFh>B3qPqvq=C(FEYa
zkEFX-K^sEz{7eqCTLP7nv+q3jJMhzcyAWkAFCB!om-tA9UppQTnJm<5!mTl_^sdT0
zVWSGiS28>+2u^QxWp~EJWiJjNnW|PSo^J1LuiAD+POu;8H5!hxPcq_TB3USq+scCl
z18<tk+sZRmj+z74Kl|&hBD(`HQwVPqK>X1*(Dz}niR;p1tLgnMHC<!(lI}nnp9Ayk
zJC}VVjH0+skI$8pTlQlo^jUEx;4_dB*0T%A<pf+rORQJQ+Y+={OrWGS>gnr5_~(1&
z;wqcoAeQQ3d}zRS<`d-_M-W(wAWc)xR_V&F`;7xx@F_a}ICEmm8qJ+FfD-K;Q>`x3
zD48cekFa(dB^wTQ#?m)ZNLP;I!(JcyYL5Ix&%ybeUvuBTqxZtETj<}$Fgp=S>@`#n
zex0h;_Fy+gd{mL1pIks@BZopS@cT)dYJ<=FjgA??d<2A5EV_69|EPKgCds-kTDQBp
zY`e=gx@_CFon^brwr$(CZL7<+ee?a!J#phk>>rSkd#|<T8e`7!+~+9Gtxx|~A&Vf|
zv2S^OEHNcleg(|%b!VTXni7Ql=vR%EZ0^$j7=h=_tPj*&>Ti8Nx@xr2$oQArPcZvB
z#D!}UO;Q-2nkX%)Nfw@8;-L)sXeEZM#G_35Q8Spx?+I$5q}gsvGuP~r5lw<d3b=!p
zdPQp4Wh`4LcZ{&q3E~_TAqIeglTraBYei8&Eft2M2s{V7_jYByhp8hC3c5k5eMFja
zN^hyHKs5@e0F9WeDy7dBGHr=S6q2h4-+B~&K$WnWy$@ZiOa@UXV8FU}m(EMAbJkjR
zoF(>jvEeQT?Bh5Oi3$lB8C_yCuM42r5>I=s=J=di^7=G^u=xGGW5y?6;)Bwi{)X;o
z<}>-O_a)fEyE0p2&0>Sg7+#|5hLXXP!ex6BIh8zs;Cu1!G9~Be*?ouU^pf6utDCxv
zQsV5Zqs7+vYOhLrtE{+O(fuY2YSDHzaW%m6Kg>0sH&;|hcJ^RtNDghPs@G?bn0kXD
zV^1}&I>QwEtzN<FXUdx8Ydy*RmDSAb^|}G~`yIr`?fG-(%fWv^{E<W0>hjSWr~lIF
zoXuxjIq17MWIlCb88%oy2XZoyU-wtqIvH=FbiaB|3rmV_t}4D2<f7QOv02U?HkvL^
zJg4M=AH1!g;DAQQ8A5UABl3*2Pt18pRAr@wd{yRnn(VUOqFp7dX8xp)GT#FYDr*8p
zWEx4|VCW46(LjaTTiKm^*ToL@OkURQ$pdG)bE(`V8Oz-1V67TQWYm-mF*P+%{dZaZ
zPyMf|_Y<IhfP3;<dj3E9e+fheR}-&62s$lfM!c+}&r!sQz^Mu>dqA)O9PFJ`n_MMP
zXaFgfW#;-c)vQkw6b2Gs)mQkw?@oeVozXLrX_q^-a}d$6G3mn35$5u|lYR-VTZA+X
zn`k^aljrFzV^iaW9wnVC%tde|bB5tW661XXh9f~qp-yy|?OuLUua1Z^m}REII=?6l
zRdk=v(w-1YU_}$nr}Fu6V52QHoFjG9zBLNYvusKWdByz0+s$oPzUGm>%2#FX-BYEf
z`)(t}+VN)YSnBomdFS<`fMLB6HT%J^Uk#K#MmVlKpxS5qdGA2Rr8(e``nguW54}^C
zzQFce<k}_*#-E=&d(wECUJ43+Lr7hn&a@#ZaZ!7oDL*vwMDR@l;(2R3gTJE8jjtOd
z+xGvhIkq=!f$@g%i8QFXxsT<P{ar_1T^QP>4ii$Vp-&fE9VtMNH6jLv>s7M(G2(z|
zl(*x0j<Wb7WV~o*x>tWOzX37L9B_qTl-pW7YHvd-YxEC$n4Yt@sP!Mk-s<qbH^h4g
zC|1Wwm&lR|WVidST4)4*uK4a`NXXk!?2GCaXr_l1mK*%7sK(1jCS7r^8o24eSFGw2
zUavP`*}rN{|L*=~(eZ@;ZwVOQeq2M3*Qged&2)b7cD*AghUI*FzUq}MefI9t-~5>F
z@ch5M0KG=^sNBz?ur=IV!K=SI(!LhX{6EIXQ7}E<`J?f9D!<6azl@g+EtjlE>qYL}
zuI9MZ>jr>-#GlW%{S{01*D}+~H%ly(uV+d%9UkQ^+kL*TvJs?b?#gDz;ThkBPG^WD
z$aKa>TKFqkSX$S|f4k*|<OK3G<8$%Be}j9Ig84N9r(VFyyjnOst=gv?@fX?wXfNVm
zfimi-Nc}D)AmhpPFUgGwSkmq`=pD<K^e%MR&D8@9Igy0yM5T9U0jDi&zJ?D;F7x!m
zx5+uRYZv5za`W-qC8FA+Ca|iBDR#-f-eVk1%jXOG3euP+8O6&S<RtVxSu3_t`_Umi
z`U4*&b%7y&xBpIWLVD{%7-yl0*jJ!9#}^Kqa|h2P49C5wo6dast?^Zw%GU({foGd<
zONd&YiX4@&CS>^WAnMRC35)qmm;eq@zo;70qSt<S_e-8DA13(kj1BqgIlUbjDcWLL
zgC^9~T1YQ^R$L&qn$&-LI-02d;rb_F9Z#-dc&@Pc@Mh>D2{eS{<}lH&Ur?%^6UoKQ
z19c3f9iE^CoTE|w0y{5Xqt23kUoTUt$3`aY<w2h1Yl^wXXZVs>cD}4jAu6F-d@lDq
zdZr0Ary9S(cl4-tT3FY^5|V6xNUKZB0Fl}tL>SayA#XAM>3Y3CJjija*~Yo2$x2Oa
zZAgFo>1!b_kW|xxF)}fVqJ2&=!z(6L^2e<p2BYZ!Nh}#J7X$3AnrgW+FgVvGy`PM}
zc&aQM`&MVVK^jF8M_{?sJ+QvGv|lu{hTA!+yz&;UL1^JWu`Iah5*y@Dj32RuC`?^d
zMa<w=-_O?(d3K+7)LO3IL(1>lteH%5$H0Ekkd4c|dj#E~(^?b_p7b*o%eh>880<e5
zX&7Q?^$koMwPswpH5tp79rkyFi~x?dKek)hg(xE`R(~2qa2tI;d+T0=lw-;Q&hCf>
zDO)oyw%U?P&*m0OHOQ}PKd1vbbrI|#o{@ZCei$Id{jpq6&($}`Qr%Rd;dSX*A10$+
zN8ivJOkHdLvNg_%R=woJh$SQ1p1-ojG2hD5s{43NCCd{3H`|>B8WcF6FGJpJtu0j5
z4hK}r3QYgIZvq$_Tvt@_u-)NcRtAxfNCD%Yl(#QP^NO<br54oErg?$O+_QfWYNSR7
zfNmdJy*AzXn+@U-%@Q)L?dk~{9^RMh7p9{4Dyq^dDuDMK9EcdpZvRqIlry$_ZWuV(
z>|qgYh@+);y*&-&P_Fsich1Kv#2>q3JD)Rc@gu`0Lv%HB=G|Ff4UHJUijl2$TTj&3
z^?LkD<jc3)6^`A6je(n@j$}B6OwD!oW&pO4a#$9OIxnVU;J`$fY&q{ha?9kBd{`#O
zrvgb|#dGY!%WA{dZ?;oeY<qq5#}Zd2!(}VZ<hSmM#Le2057C$@i4I~s9cIpX>zi*@
z8T@o+7x(i##-vtlT;6A-leu!%+*VD%KmHs439DVb8ZW^ZG8-R>N&#W>ANXA^Ts|!s
z4d*lKue>ey-jw^toXBE#n`>^r^YzfTb7UA<pgN8`BAYB<$#WWSB|5qrZ->4!wTB;b
z32rxXHry_T=ufwV0!b1^rydO&s2?s&i=`lltI~1GbY*I$FS9wuC=_*OSs*mDLy!ot
zmM(N_VrIJ4hl?NU06XrH_63eWgb`vp5qB)n5&>ZuX}m4Z?vl-J)c1z;eyaFYd(k_Z
zGY|QEo^-#ce!InMO=Op&c+yjpl8bHzkmEFo=Bi6_%ELV_Ty`0M2PWG}V2gHGd0>dl
z3f%CEQ`<$mTJJ|Qyr>(I(O7-%inDp66bLuQp<<I|g!qMWxgnK*_lpv-GtAI2#@M;G
zd#z^ae(yV@N%+@}*_{n)Q9<unh`!T6g`|An|DgU-@13V5|9m>ameur~tH!wGWH-Sz
zcasg2@#`-hg{F1RzP{+5alckO@_vGl>*fl#SvgvRKS*lX&-v{1_#TPOwxeFzoU5=a
z`p2;tQb-A)TlDVg1OhoT!VHv5ICfMlIc#G5q$l)&@*#)&26Vr!WyJibf8rmAf^8Lp
z!xbnkA%9CJQUU_svPge&19T7Jk2pzJ>`J?LDkYAR-!pAFGa|m1d-8_p&s&@5LXx=g
z%n%|aVs)SeprZMyzm~3jdK~NitcMs+?B$3|v^w5N3jT_`@bblt--i5YTJM0m{c&TB
zy%g`Z*P+eXR5qZu!<YA%z;s+gHI;T>-#+cgW=nDzGelvN_ePZ&k!<|CPp2Juu>hlf
zsr<hhKu7iS%WIpQxgNm%)-PS%aYf;}iL73W%|g8)_Mw0P6{gF?)P)I$yrO5_2cS!8
zx<$|?nvPP26S0A8PbL5>kGT+wDXurY{CV_QANsSaq3zp7VEw=m9$5?-hw*YEpz}f7
zS+Sw!kZ*=|FE7sfWT|Zq&5;-7B$U8<TrvgJpy522yT7=yU~Hq>4i<>KZ&Giq&Gb}`
z0+>mxCYIdVyD&3Hi=<?$03A&{iY9KL%8lm-^a4PkaFpx*3HF(~?%#$7WvftUAqGbA
z<d{$U+K%g$Ivo1sFh0sekBlHAsRVR!vDJND_h5dnlf!mD>VAKewZ|Th4~cR4Tz*)6
zem|V|C=7B?1Ip2u*?G0PChCO9U!MQ10DBRBh<<sR_vw_FyBm3QiH~&CV!iKhNp4ol
zBCGK45c?I^w(&nd-yyRy#@7mOIQeO+)LC9+^KTLcF#LXU=o|p)Cu<?TSvzt=?inzo
zXfN-)a7egtt`l}9rYN0_QC9GBL+KW!?--}!pRgApVz_^I1|_94vWxi0O$kD=OeKy3
zIU~>rEL`V9#^a5fD8Hn{4cnRd{yh7aF=DgV?h+Mi8R+<jE~<^MD<)qlR4PS$cEzMG
z(q4_EdR-ug3q-@0j?8f%95n_)Nf<P^l)~ZZN(E+Ft4es&iMrT>sCt+ZW(EyRP8I!%
zIK+MsuRkd<vQ89E@C{BF9+vw#*n-p?Qac|Ku!%m?$f4wR+$2wv%nZYtDH}9nW@`Vr
zq<Xf*a!^Jx!D|lo`=s5kntIe{=LLnF*<Jqv<D@WPG94X=_~C^zHrSn49mLZfFF<%c
zH1<FcjeJQJX~-sE$SpnVy6~W1!VPok^g?Cru$gQSuK2em|AHj(oVvJIG6;R;ZeOnl
z+(04>9POvuR4ame-T4U!3H|y4AQmc8)c<(h#>*x{K{xN&wJ!FQrz1DO8M6ZqK&=uL
zr>x~n`kmvNA-?^_4fBOMh%C>Cl9j)Gq4(ug$L)s8-{vbptaQpJ9=2Yrfm0Lr__!tv
zsbnI7V#{#w@YMZ~7<F!=Eglrd$LB`H_12HN#Z~T6x$;(Vhi&fYRPlq%1KR}oqL?#2
zclu!)Flna_&HGH@1_c1~ZOOAvGc%P=d)NQ&#T~$V@gvqBe==GrgjK5lylN#drD`_Z
z{u**KV7+rZjO3>FtG~o`#Muj8HK1yfcG^B<7y3d>-3>ImfOXT8sa97jA+eBHxD~_7
z9xxttkd$^CJ$KFc>BHRJyFI#Xd{gKbYO<f8Y~|RZMaVHV{IyRGg}^RQDnhsg{_I;e
zat>o~cjE`!Rtz%&Ps;o~^KIl?9{sawQ(7B&`pRS|fI&A6(n?H60Tfk)(E17h2!Ssb
zyvl91u4@K}tbe$-Hr#`Rv06y3Hmwk2$xzT?Tpf^T--g%^kL*gy4j(@q(0<9s8mGnD
zY(ZVI)#l60-C03uvqFBHAKIR*S>X?WqhT(mcmP;4e3Pn{sB}NzfT|&~s-z_RzlV`-
z3dS_~gQHw4Xa^$)hpkTbQ;0qIs{Mf$!7`-@{0h;yv)gHM<dz*wIqA#15B8lf>aD&}
z1D)7U-SiaaJ8A%DvU_AoV87`MEgJBo=R2eM2bTWHE`m(Qroy2E{AT_s=J$(I<PDAA
zce=5jl>m)pDp%qvYitnHhBQVa=wD-cG{Phjf<QM&MNUNtHDM6IbNUo-c%egc(CG1h
zEGjw~P;9YwhEWq<8;lqOVtD7LYFBcJdhXlB0bZ3|#q7(vj%cQ@<(9VH?e5L@O&L<&
zPp(V4tIHewx1ISYMiErjL&_fW?2o6li#B63Gn=vTaW9Yl*fJGX26K%q$+g8|w)krp
zlJ2DS>r7?UuZX%XsTke_`NXgQQDE{oH7!&<S$dRvMeY4E_JNe}ecNcn1J8&OocDn<
ziRwEN=}3TyJS~y$RRFm?D|$ddEHzz`w`@(4avR^=9OJ4Fx8PkWi+W9s#NZ^}YRnYr
zY^sv@U)_U!T6Gl1xSQoO`it*V4Hu9qQCM)Em7P~crS~SX@;6PA2pkcNFe0%6amJTK
zYzhb1_&(_RpF_#;78w$*Q^(o#4yzu*Ap$k~%h|u(T6M^E^**p@tvbwgRt8pWK{&c!
zRUQoYWK;x{tIp-D<d%5wbvv>WZF`2@_dxqWXaT+amDcOApEKC?D>Vbhw*=?LAnT0-
zW)nk6v47dvAcn|sv*hIBW#!a+Dj+YGrEn0MZlA+{$F#%a&9E(0{;9l1sMM+>8Me=p
zXU-Rg<5$D*66?c&k>o@s6(M8IKk@L(gP=?4e}USW>poPy!d57Cl9IL=izDthU7wS5
zc&d_q2jIkPE``*_cILLG*!#*Ta}tVY)X$R&tX_0@b3zwDukaq@FQqNNB)57Khr2c|
ze!TxSF>sh`R{LA4(dEG+6augED>4R~rF@c%%ZuroOZj>7m5Mqzs<u_-dk{o4=Q~^7
z5Eh62#p|JIaDD|_&-A?s_P=Y&p;&G?BI}{;?a)*j0V-=hvdjXqxu!p~1=Jsz<YI}1
zM$?k$3=<?)E@W-5CdT(U`jq2IL(z9w#<z+IU`LK<yeu(bu$c%6Ala#v+5S19=A%D$
zv7`<nt?p0brX55dfAj-IwBTpWij<)?(~J+0N}$$s!?p)o#{F1QM4FJEO|#DFz85=F
zPBN#kUZuLW%?Vp`^&6318yKe6w4+HHQ$X~;)+C^q45rk~25xl1f{XAaYn^r2j@f_w
zC?J_0q@dPJvsQ8<?&M0|?gDesgLiyTH4!((#L@!WhnFl^>nMT7ZCNFu^3yLcAuZDL
zip%HqPGDW<o=gb>K2JfPqMi<H%_|b+Y5+8d6bbL&FNv5Lwcj=K=#xBgk*eGy&v)nD
zwr)-?>FrEbhtxB6hEljj7~V7aBP88hu-CM=^>-uWtF9*`wCRhv&JC&Mb|;!RbU#5i
z!=MVM-?7v*vFml^7DG1}muh0pU+kH_wEg#AZaY_9h7d&KNlCf{vW$@nWqp`Ngi&}e
zOdkw(Q+nt0R>{JTabk$d99{gimLvoh3X3L?{EF3h#`bc`(I~X14>47SqOPcr<E?7F
z%{VQ_JnPnw>rxv+p`VeEs%LYvvuhccPayodX}>GEM(>LBn7>Z@SJ_=cvWZ6m%-0!y
z=h!fye0iqgw6hhtu81DbcS;%VfO5u(mnd$u`>vp?(q&F8J6F6{>2$P@(}62JZMoAy
zXXInL`90f>q7*gj9jgwZq@|~O3_maBUsh2V5I^Z;V~^i8)-vNifkgxH35QH{PQ<2V
zB!bOU*;(UOz$lumlevNs4m67Fm>|Perg$QDN0EMVN_In|I#CgUTzQ_in^EK|8ZIoH
z<vmFWq2a$XmbscWc<O@wacEF6B)fL25*x06EvL>4*uZj?j8P?qj~xx2+SYoENxP+S
znmSs<)OvX1r$gwNVM=H*j2=%6(Hpb7-s@P+|4x+}eIx83m7-ijn>z7g#Z1e#Zwr_7
zvHe@XlJ~-U)Y%mz_v>VL$w>uX-g%WjW_-WnNc40=jeT!C2r*S=QaBlte5Z{cKgzVr
zMvLeO5Z_^nLfll54_`5$t=C)s3%*J82xT^%ly89nQ6mOWE#pL+K?OyLu9^oXiT0X<
zMvC@kp0m&XnU4~1Ju*um%ptvTtrXhie`joJc)L;%Umf+Y<#>j<?QI^Qd3~~dlqFEz
zJ$tNwJH4lD#kJX_W3wrNu!>EyuZb2e;d{p6F9&j^>16sv*Om`;Q4g&N>i<1aN+c9D
zpVPbl&wcJMhAyU&qn#xD#euFVz8d(oilX$!HmbNbe_*VpL=%_Ah<EQ$xkUd@B{Xv#
zZeWXLuEaY;;0fY<IX<|z3=**AoM~nI{ddFWtUt2tJeAKLwhC9^MNy{|rl^Zo6`!mB
zr#s4uvx_3%IK9yGIwvvMqfk7Yn_Tt3;WU_4`$?gh_D3xB0{EkoDcI9ea+VdboNtra
zLS2^lXtTP19rleD)kv(Gay0lLPdZ!@@Aq<@9BU_$qLz`~kUDk@;UhBBM^naCuQ;|g
z)!(F=$xGI6vkb5X29}dJ@4EwTca;mUySssUt~|wWaN}yPXo=J-)D842le!r}fEwx6
zZJ~r8<Z!g`AkHQ`0o4ShbP+;brU&QJxYxy=$K#PmM*MN-eyCAfDmlOEm?qS&Oa_M4
zn{7AxH?b7{SRn@+V#-E$Vb^@yV%Kz~;xo%^T9VY)!v%u2-H886d(Z?CdjC@*RuY^7
zc2x8`kihCcfnAf`m2(e4BE8dRYMkm-nr^-30$)WVPzDcooKZh>@t`6|rHVLHu3r?l
zf&c(&@2J_{%LuR>O@nQ?$`966C(w02)rP|P7WTD|-_wS~-PPTjm%_}%`*J_CfACY)
z<hlEE#5p(0i{<%Yu;=pv<~W6Y0uo@qfs6Zk3bEevhTI32?gxyzo#t+ye)q$>_WE0-
zis=SBS}(mx@5u4Cp(m`pl|Uec7<SH<TcMJ$?7Ag$(ygutut@EA`k|9Ynsi=(0EKl=
z0Ke9MQN7h>*$=}W3BDQci!4qt%n93#%>_+HxZK{$n&Q8yXj~&%A|9T492bWQCPHfB
zb@r{&Ag3Xqs!b6M@M;@#vzBn%gpZ9pnG!ew8HfYv@5TJPVm7#+bYD3vLg_ynx8%TT
zy*|2Qg2<Xc_8MY$TZY7nhNJWm7-br!%DC9L`QL#Av|)&6mDTgJSPT+MYB^Nq94Nhd
zP|;Y&ldGfRob~?BcLcHpj45ugsN5aa5<%l6)he(a%=y1w`@R0z9s0~ZEsG*G{xKqW
zTn<+UUnMhJ84YUeqh;#Jyrs|z@`iW>e_+0!qX57IxwhdSJl-0U&=wBeHQ%M|LZ!>i
zzy71?Il=usl-#R^NFOsYGKJtZT@|Ix{T9`e^YL{d)M&2oi*(M<Opi5uDq>Gz)P=px
zbBcQyp=G`!F4Qyk-$X06&?ReY%*gFze$1=8Bm9JIXVhYC)!^c!$&e3D!coxzaU<(>
z)78x92KxPDCy=Z)+R#^~?<tp{Zuy?G@?~Flqq=FsT}Ii8j8b>G1x%hnO7db14pQ*m
z6ry4zj%VWus9d7HH7+y?jT}To3Zmmi)v*h;3`=gX|JBUndDEti=??;hWe2y6J_Vx|
zZ22j6$#;s!<0uz=KUasHY4=K7Z!D1)H`Ld~qS)G`iM<OxllD9M?wSERJ7x0mW&7Ay
zA69*A_1*uIE-5J$H8Qs+`L`$WYtJ(}iZ4k}6pj&=eL`5-wW#5rpj=GR`%?@YOhz}-
zU4tML`qyeRN)7K<2M_dpn{!$7(50RBiB@0I`Bx?)z*SB(Nz&!J${cSA1>fEr4_VU-
zO<jIRcFo8C=jeAnnUiOVqLYdtn(+l`^T-$^V6+q?8?C0Ik#9wYoLccZbrW=wjPt1V
z7as(mKKRYx!&LTbs^(SS8gikEy*+i2(7k09%SDnlx=X2???y(Ex=*-Z>$uV;pRw@Y
z#&=v3P<Q8ubi@@X7fp4N<D2n6<AFY2{Cc$9otpr~<DQ<M;VZts|L#M^Ek>q`udF@H
zay9=P6%xMS6n0PrFV5zPKw_PTP^#l*ht3!p-IV3QYV!c2YrtF~bqdE5VUWh7ua^x`
zBPVpH-y}jzVnPl#$nlp;zNLib914+jAoSFxSSwqNz8=VO`eD1L%S~<+cfoODj9*W(
zANNQ>23COv>(Np!OVo<q-p(_(av6lWjM;))nk|+kfA#~1)!J}s=WD3nOcL9`@hRo2
zPMXKUrR}Bu>H~4Xj7f5#`8|uC#Y-~zm-(mAIlkJ-;~e){Cnewx;+2`wj_&G73K+wE
z0Wc5_^TG={{;3q!A{REMcwXL?USk+I6--rGTNXy>L=Z-}Q&B>o@5TedXDi7+J!8T<
zhwG{*qU=OGA6zrc`c2V}jc$3_9jE;c?qAmav}1yon!MXd`0tU@*mN!JX4$q<y*r^u
zuBGTu3I~ey?6qOzvQ;w#ahU?LK(^nL0%N968#N}z8><X<harZRzG<W|g`nhTuw|D*
zy|t6)JL#ru>Zd+Rc8+hVwHUw+E$BGIc|Ti|R=MG?4Yk?rv0Ti2qe0WX3qZ3kg#v^Z
zzq*iQQ*7TJk1Lvs=eMm3t8NAyDg6&i{ROhX9nSolA3zmB6x?ld6rH->tpJ_=z=dlK
zc*b>EpzwzLS~DhU)Z+tLZx)(=56H9{i}_p2pAm;SrX^-5?wAuTlh`-qJvSCvmL?pk
z%Z_Ss>cIbR^ww$n<H3=P_nMTbvtG4al0uPrw&mAYI>s>>f7ATrWFzxiUrXwZEym>r
zrourpF2`Jyv(>iAU@f;`F=TBA!lU7mB7)KNMUa=Dnvq`Q{khtz6J66;I0Yc_*Zv#P
zgf|TI!)vls6pWE&c5_!{0I!K}+~=eT1zY}XbtTb^gC~6aL;m8;{_~8(x8&BPAR_B4
z+_c@fMg~&<wl*~uUcgSY#B#+m_oLEh^)Jd8V7_F>3lE>E%yvop%kBdv>*E3H`suz!
zF<+R*JnGxA;A-fPt9}n1l01DROPrL6u$6N~C>)LDyp=HacrvH<yErz(Cm~g1m+oi0
zDF_55v{861s$teF2JqCI;i33e6Ab6-4tObPIMlHSt}liiIiI9%xzCK;1Lb;q#VP?I
zANN-@51wb-<+CPrt}{B$o_p5dP&?F`$V#fV&e48NbRIv?r}(VIz#6L(kbY4Wc<&FW
zpGNq77W0f1j%K2j>d`aif;8)B&PEKcDm3--&5$E?<8{H*E{qXGXa?3~RA>z~d+~@X
z0fm~WuiU&h9COFT23+kJ$9XcV2!Oy$5@}JWuI&h2hdd17s8yk++JqZQ-AGd`t6HR-
zi{XOS+x&q5sFayV<ti|NOB><xHLRA<%i`W(2lafQS8h6;DFK`|yFZ?(S-d@Upp_;C
z01P+B^+pLzH9wC#jYS1Fs&@+>5iZ|mheP6rM~;@J{cF=+?pr<P=9b7ctNaRJ`+dKF
zDBqOyWWjY(pkcVin#)#y2R7RZi!caWd_Cob{l!`>y51WumrWPt0>tL?_1<MOWOD!l
zQ4KxP96g6l#uq{GSWQP>$?BBe4s6611MAARA};<y&U1pGr@=;|kOVe*q56~3CM!(V
zb3*@3t8tSORnnhx*v{LCZjS+csl2W{7FewQQy$6O&S+(~$Sc10<Z^mjfe`(ihFliC
zNQDFQteLa?JnWsVEhc*tw+`=bub@jejF(p~qtgVFyPq6RdnBLRFZ4V(!gYt@oXlL?
zy}r*t)ijE8p%+`Sb#5|13nM{C#$atztU45`_1*=9zQLd8^pqU|uh-{>;OYUk6CMJH
z&EcOfO~8#0q+|Fy+pT6`vDK^$iduuQ@nmgGqZhq$#Xo-vc{-QXD+|OT61lY{hZ7-Q
zGu*EFy;V-Za_*x_rfv^(&5eDOxPXYh_E$wNO)tI*^`1Z8PRX51h->xxW<$y!+f(y_
z1!&`os9_waR=&LxoJ#Q7?Zf3GXvo6~xxF?GeVp$)f&2<*``3^bRf;i}dj8f_`eCZl
zhm2B4_g}MbnPA{l-Uzv0O=wdiw}$15K%Zl$!}?P_O(}51Y`qNE!wDJk{VZaau=))r
zCK=nuNkNTNN4&q-d<U^SgS{gO#U|o=hB$Oi2`Yn`!e$V(BXtzLfvsLPN<v8}MTCbE
z3aO+xjZT5sLbeT&T5=V&iHpnU0~3eMny^?DF5jrU!D__?o%SR9p)nvZIJI`oT6m=K
z@J*m)p<cxkq>50S)1dNjYGEtX>fQ;fkeDM$htEf@Lm&XE8f~B^fqeEY+B4L08C4Fz
zO}<=Hpu6)kwLGXyReuD7o_Hi%=JDq*b>>}>H$J|!zno3#pPL1Lu$~c<Et_5qUa~fC
z*2L8FiRK7*6@+mDvoic4h<|dmpgiA$Y{C`9k^JHXrWMqFG$nK5cLr@)9+j~EKDnER
zVF%?P9&>wyeyr|-&+1eETP|M!8NkFivCl^JYwcKXk8bZiR8HXR#M>}`D@2Z79OHNV
zN|ajM>=-BNPyrqEz^N+6r8q0s)xn>7#RU6}`Z&RWP|Fp(0D+kJ1b<=|t|waRv9%73
z%N@hZXo2fK0?(yX?|9i!J5-XaT1ll?uYB29IK0R{Ce8}H81t%9rNP$Qu;N!1MOh_K
zhloCPO}G)0P~*>GnU8zdQ$_%=7wh#~PKvq_vdX`ujB25<0E<)6+F$j41efY#vIi&Y
z&GXCEy5rlXYFDXq$NY03Cd9>CJ8VU4;w(E{D_=&J!89Heg}6UIG&HoG{raa#S4(2u
z*3l>_HMOIa%l|qsP^--=s9ZTs-g6m@XSi|`XX^PW0Gf1V@qtmj4+|PFiP7E=DNwes
zIHBl)Qykel_jSJ2<j5ICeAOAOdmmh3x$oEp-dz4a-scrJJSUlBOGDd9o;Cfg%)sLo
zJbI(ZKpcF8N~jGD92vJuDhQ@AOmugN_HL%lCM;I!$*R(Y?_UOU)a#yNvHxye-6=5t
ziKV}~lw(;N{^$6AdjTSXR*rBDHQsc)+uvQzz*c8%>tfFz{xOWEY6T&p1Ades%yi>!
zuQf;4L|+<z!m#B(t3v_<<T7B6?|1PdFjsPE5teMliZ{vxKRxFSz*TH}=MUV9i!Kd;
z1r;PrlXm?6+iUApP2-pPgIkd0aJM&(hSkd6^rYym`zQ6mU3{w2JOsF5nI67ULUHQZ
zq9|)Re<eSy3AZC&H0j}S&MjwVxtW)KM>FX2Sri?+__-_Tzh)-p)MNPN!`?C%u98iK
zfCt^Hvg|>a#~35|fTwJWqWGuxA_tugZQbn;V<f-4b2k7$yhy76&4rLB9QAL=?nkpZ
z9Gh;3)>a|nu$p7Wzfq0;-!0%s$QR_+gA5E0tiN+QJrJBNgY=MAtn(L(9MD)pa<T*S
zrD>RQWs}c(l*Csv+q){s&5<VRN56dfk4`1TMb0QHBFA^=jA5<~mShqwJF~Q2hf;J5
z-Jx(4=7BkF8ui9dK+-l^y)bnL+7~Vs9x;|K3cQG(_`idZc7;Rm@`K#Jxkv$SJUWu@
z5jBZkf(C?p&X`f6D%QIWZFZblty?NuLrMz$!+g=NXry8>xGE}ST+P@2YKmY^XIV21
zgvwFS(jpHgM99Yq3kM>xLKwjw4SM0&P;|P;>Pf`Iyqd)9U%=Ah?iRd=hzb}MD+)AI
zvr~C8V!u8a8m%j+l487ge@BdjqU!gXJ;wtcW*_20<~+RsId5pR!Ei&^SU^M@u69d!
za0^dwjS>F8bxQpFi0V9KR$hf3qTS@jRBjvCj;DC%8-nGltXT=s&iKGe3ij@g%)cf0
zBPOuMvLn@-_wU@?9$6l+{>rz)f#{lZ<!1!)#!xYmuHq+MKKY_I%x8b;&yqf&@oPYA
zY9Q9G1}$3l?K>b5p>q>y99-~wyM36`&RJvQP-8UAdi4|Mh5}LC&h5${PeiZM^~T=L
zG5j~-BTeyj1Jp=!109smN>06~B#67kJ$k@0V}HI<GGTaBAUFp86uDL!BPGOC9K#k_
zt$>O|?c>~K6(w%MjxKs+ShiW8ID;OnorBB>hocu`ekfd*C1s*Fnpx~5FP0j1RI|D!
zrDUIdTS>x7$TNAIM`PW`D7@P`x~Mv3o$;1FuUFCDR^&B6!9$l2Zmpea`(u_)8unki
zii6XTjleNqOTFW4m-zSwzcH9)22In)Wjr|`UqjCXjnzf&M_TbYqgN{bkrfxDM=oRX
z$}cFVYVLgt2X~o5EFkutB_k2yyU#&LM)26BKam$lgImG!G+gwbxga>(&OK$^oB?3n
zKC-#VzpY0N&SyJww0a*}Nfe$)5P$T^H#2hQm3gQ81u_`*x8JZ62s6(KeCt?a$1Ugy
zlogV{M)Hk`r<?Z}lPURy!BoSuA!}fqc>~i)*7w{fZl9TT^|0YABbz-!n=V_+;2#6g
z583X}jlP_Qk+~wBEb6yR<)#2W7R2f^3PS(=a9@#Ztq<<;QvpYB-rEc}glDtqV=d*J
z18%;5A3IAbVTJ;>y1Hs!xTn5!L+(svi0Bgih=_lS1iU9@GW08TAl9_Ma!;}smE(KT
zg1Fe!tP?263w?cI6%<t9-l!I`i%tn6W2&S8SinizT9xBNzmtSc`RCMjA{D6=2oPKE
zH|j_13*%M&Uz~O0FP%mFOqW}b3{|4^T#K5D%=wI1(HKgrs~5a)IyE;l{=Ru?wElG8
z2f(tM@{#}f|KBA;Pfy$6@RBAWpD2wKIFTU&nW5B@5@dh-xn%#@$T?26&uy*79!wLH
zaMq>JPSRChf!`pYg30rL`erzH0%bHF^-3@M`uYNcf{?JWCB?-d1qA-fw=AF^h*nk)
z$>Mg82eK`JnEBDsQ34*G-+7#f8+4|eIQ^oHYU+6$xbWy-oH3D&#G7tLQrIicyN))(
zcfZAIUNCZBNU%ik`$ux{_*tI{S5(-Llq&EzySo3Sm6e92$|qE&vHRh+KzIwYBymGF
znh;O6Yx3POn8padCBq3nTt`s;L9VHNy&Lm~AUv#cWlztLDE|rT@WX?xmGw&`Mb0et
zj}`b*&F|1Q73zm@yb_5R1qQM-4Yz<_kXtT)QJS5kw>S$HPF2t%YuOiM+!6L$L+m8b
zyU%8`Jy|~jMiR}!RE-H`zc?OFjh*mn+z3FCW<(Wk!bG@u@xx1JDso#iZ^AbeG|{8G
z?2SL0GC$uDW^efr66)xa6X|<|fQ}s%j=V9xM;62oq;3NgXH&s8T$hA41B|03w?`Lz
z&UT2bGuQ*lpYo+*SwU457Cb(`0vn7->Fg`9;{i+(19+ByaXdavar#NhhX^mId8qM0
zb-(LJBFGyFyWtDg(s6swmaL>M>-}5NBnIo}fool7ODwRT?0MXcwG@*{)8>C;Hh$rR
zv*n_v&>5Zc|C>+;HKis15cL-z`ljR(Yw`+c6hY#cJpUWcMR_voqISVnvA8oXd+n6U
zt_?Hj(gS)E337Axlb*j6#HL7|bPJJLmse;&Tc>dwZ&C}0<5)Hl=B=TC=BXua>rb64
zT-f>wXuQ1TLYS!D9^GuYDQz}en)TuRUt0EJCF!^mqlSwq8L!3%;)0t7xa(I(>dJJV
zoPkOm8qCoE9zTh3($NbNeLb>nShg}&wj*%Az~FTGO<tQU=8%790-ao5n9F~~uhO14
zwD$Mi3RT%qvm)HoIN6kK`GY6Mp2-p9$%$fvLX0F<|D1-Wd3DSlzX8sqW}J{+X(G_0
z1{kr1BxS`Xoa`8Q17i76oDKbJH9r_-qDhR2?^-O-%aH%z#l#dUbB)Lz0ZWE_gREG8
zFM*%nlVm()Sit>f3RE2~Q@j}|CpKuUv_#@lp2n0X+WTGn`<#9WoR&`loJSyw)4+Ng
z*V~REel1e@XHD@UN5fcDl-d}nw>YH1XLbL4{^44$<IqLJis|m$C){c>ihQ*Z`ja{R
zGS@f{OZ-HV-h}ca(&)7P-Dyii8D2vamsnyAe&(Zs#7_!kAw_r$RKk9)(6GjjgGZ`O
zw~WC|N(2;KWuN}1$_-^Omj`NqBsoBsnT_^42^eTYnV_PyHzFsP7up{@rnt2N4fVfu
z?<c>Gv8HFtR~219&i=jO3yKF^_sMQw6(E25MT0a3w-E!Sqp(>@bvj(qX1U_*2+D%>
zOi?TQ^~xg?v$AA>{JpTSFko<ze#^$hdXZv_T4F6ygs!#?hFCP7>3wkzhnE{qm#6ST
zm6Wspq>a;dfw*KjHnB(?w+{|OpO(JCmo52PH&-T}x9EJa5Sz3pb6Of!YbHFfk(eP(
z+PHd$|885oT+bVgkdY-w8!TsL;OUrL{ySQW5i~Hi-kS@_`&~Z_^(>kDQPKl_Vz@^-
z<~V0qk$SxbJ<hps<`YZr@=W-T)u=6fm+Z6HFtTz(u^yVy1gZNGz>=2%Tk3<*fw|%4
z@uEyK6iQHpesY}m19Ko1qV8N~@@zG&Bl$CIqf~8wxfI5Y<ahlL4JN#oVXv!4Y^Lmm
zEDm@EjFtzsV)L(g2RpOla(lykaHpZ9blJ0%d-i${QUPbnxr1t?!taK(1nTc$n%7$B
zpombp0=KzSnN}I-;Pxh{o^BW@Y9GSIlqgx&(q@2%hQP9WoRhAxz~U%!{4|6|AN%X#
z&fwdRtXl6Rv`#@2BXFxy_%03g9QT{Dah%7$cgn2pmIO7G**(&*qf@qqG4sJa%U9H{
z_=}Jk4nl{%E2Fb<ih;Fb7+x5iQU|op%iaIQv)sy&TYU<gBdkB#y}8Z40m+-dEQNU;
zG-?UOBmzKU)<D!r=ghB}0ORsi+B$vn3>ud2-Tw~sB<Dej^YF-3kz~JPdI<V<<kAzS
zTbSC<)(RLFLr!}VH&(xA*1@;(F}c;ub@)0<skt}`I8rBS61dNZ*=Mdi{Pr0AtvV`C
zFR&4X*{X8%uN0+s^qSR?hqCj~+SJ-~8Ca{8&=Ufb0N%GasFfWVVH?=8Fy6Dr@H~Z`
zcH`@{m?j%*_{zuuOD80K7o=11z6R<D*p7@yetbBqkc7kpsTvMFrsKYmGBotzgB>5!
z+h}Vi$O_qwSW73UioWzlP}M^6S<+(kU*{qT!ko;{c%}=sa%B|@&^f7%_j&|EWr4RM
z1k^Oqn|Sz~8vVw|)Xbl{|Ax+x{Em2deYBA$KKS<C4$G?ll>QFfsHpY2WIXzE37yp^
z9;mSuPGMcD<?8BuyA_os*?7Gv(xt*`pl8k6QN!yyS2C9;PbK_33wyTXeX-=)+E5$G
zO<D71$ojcurBGsuxbsmT)1)Ok-zY%gy0aQM3)BT0|1hP{kGL?PBe{}&R|z(aKtd00
z=Kd`9aApJ!<dfS*4jU$0l>AO1iR<wBW#LP!w7&ysB5Suo2kLy8KU~+AS#8UwYUcYH
zIy8<aGEDG(BZ0h+u(ZEXNP*j3uSOG&`)gn!ZTsSf=q`++;5X;Wlf`?^#w!ob$EGg6
z4tUp)r!B?9mHib-nEWDC3UNUliH(3x2@S04^ouyBi6;7*#pTO$Yaiz0tH2!n&byfZ
zVv=x~Ra(r+Avr)7dFCQ05YFGuy$#a95vVGh(KYvsRt~DQ0+ValpD&>`ay$9A)QW*5
zo?~5oO43YH14mt8?-q26I!z;BE&gaK0|ik&^T3(V9+oF8JUih;TwsKED3ri5P&BWQ
z<ceAp6<gAV=mt3`#JqDckvkBor%Y+y?-#^smuHLQKkd-PIwLWUrweyUmDermopcEW
zG#0uPlnmMw9Z%PK!yyExYx6?K6o#8(6q_akM)z4tXxW^|1wsQ>s*@;a&c194WV|&&
z$>Jp70O@?*#3%4KMc0^l4R&{FVe#Gxc(|UA?9T9&4702tE>?zxXPyy}QMP`q@!Qyd
zCtE5Q|K^b}f38mL|D_NJA{=K2*a~LmiRh*KJqM-^6FqW1X)p$iBgFcqA#_oHJF;p#
zUqZ2MVu(+vB&e{_;f!p@kopj)cW_{AwhE#-S22kVHQ3K!jOg94C7&?XpPLnUaNm<y
z@|ihCBJPSjP+(}X^&{VskX2+l8W@q#?a6wX(u%umEBEbIVSO`t#*}{HY$@_-NxtxU
zmO5KQ>s0;qg#JCV?cQsqaA5n<(P2CB-hIkLn8$Y7MNAM1ZMX}{H5A<S*`{>OEiiLG
zt$UrQ)aU<Op*&n1NuE-%5Ji*Xl*fIi)B5>4%^iv|5fl`3YIEpE2NxF?Gw_+YcF$H`
zoOf7l!hq>(i|Bm?J0faQpQH*G8OS*qL@zIRai|5>V|^D)P^Zj&g=LBS39Pb;&@z1t
zV6%%q_LLmim013w=j+GR8$yCd?+wTgddu{^q2jUmn^faqz7a~W-5v*4SHe2&zE?S`
zSyVy*WG`s9wQ}RMs7^kQD-mbfs0ftxt{jzK%DT7CHZD{5O*%;UlBon7M=+yerfZS@
z%0w2vf}5yMH|^YPNabT~R9}Vo=`a2HR<SMDUv2z2$%Fuaswaq}^&Sl#L6m%6AnS2U
zJ}}&+PY(IGLleqr+Py{FXr3_RCa%{M0(zfI4NP(IgHfuX5tiQ`#HxSRU4Ku_TSvBk
zdVkrkp#i4ZdqZU}C88jUT00{trJ9+!_n>KHQD{Aakk;~`)+Shy7Yfi!PBkvn)ua;_
z#6ns4z1*?=s)ky<e{PSh_Gj^Q+>JF)Nw3ufvDNtg-Qe}g&RR<g)D*N+uM`drT;SkM
z)0G%YZTbNpA~0cUdi4&VY}sOomDylgYv#!~#>W?sUbKkb`}*Y!l9$uv>I-FYI%Is<
zZrAn+d?&YcF6)0HNJtqUAZ^1NyF|PgthgZRwY42Bn86>!lUJrbOfhg=4-znq%=BxF
z*P9|ucf&uu>h#$JzW{r*za_$5?}q$!1aiV)uq9lgLzPii<UUrQIa|VtYFCBaQiI}z
zGLW%s4#QSdjat%9H(31ee(wcT5wp@f6)Uy7{60KAJ)u)mfx&SPryLCKa%aBa@sKxl
zLB_KGh%)Zl6uJt*SICZ|tZ6CwL$K#BpdOF>&Cj#<5<|6aE!Uj(*g@lDaYV?mF4w%%
zKfr}^r{aU^gLUTlu{fqNeonh!j;u)6vKeC&rmaQyI5N|Wz1m6}fKej5n`Aani-%^;
z;SmP*BUKMkf64>F-JSEC&Ev&f6st-r{nc{#c86yUpZeykoGEgx4IF`Y&t$%9-(ve^
z6K=cQ3dd~r*U$CE<TKdS3(vjSkg2@iw2U!w?v2Q`W$vBLSvA-z6NFyZ2ND!#Mm?6^
z3LD;XUoV!ZMxF6@&w7>>3kkem5MY4y7F#(W>ut7tcCVhHZoIaByS7g5B08u4K)57p
zFAoN9ohsXs!*-`T3yoS;e64OFjp_$Z9X`@#0^)u$U6(wl)bJ%0IXz!UWhE@-eluXr
z0hsPRvC3G*0QTYayd>%IT+i%ehnxpbNNQ^M%u62x7WBvRgn+0&nCuSaUx;DBYEi9S
zTt-t*;BIInInx<IRYvNomn=92Y-d_B9QJO57K275g`z4gg%J+c?jQxFP{UfSB{Z*;
z_-u>_Ljem)@g#1dIC=Y+!^wnq>GH#m><ewdd?R^jGA9+nS~Gl~8W_(7QBYLoaw2|w
zKJ+E&HvRF?zi^E3C*V&G7`$TaX<%!s@E0S685BbiQ->uKHHa(CJgD?r;?q}M>}YTu
z8bf<1Kk-4{7>v8akz;+>t4HM(#o$byGjdS;qeT#MGo%OEEXKRDI%>hZkd+vXwIG?K
zXLBS5GfD}4r0b~2GGf_L7G=<+C1*242QMKh|NNX6zY+a70a1&0RR6ggY7`7=-<zLk
z6wV+|GzE&f>sgRD=7E?8zPJ7J;qNgbv!r+dlsh{daWM*?J7>M2*w%ZYeiR%&Zzhl=
zojq;y(J`j=gO#HQ?Ru}RP0p?Q(rP)Sr8_4p;{EpVv-!zqgO~EJh}Uy;PWdm^n3;By
z$~8b1DjM1X1I-_b1_!$0op=KyKr1V9#T_?=k=&f1W&Ql!X9IHW=~~0}-)NpUx-&ii
zD($)xr;S?N-za-8nYEqznpY>Bpk``{>mFRKYj%L#8e@{}4<*$0Gt^xnf31N0j@vgD
z+#}u#+dl!d99vLUuUiI`e_RQWx8nVgDM$ua$uUqLPh%8*N%?FJg=Q2RD6)JxUS?fP
z&lCz6qh=*2rM<jzMap*Ogw7(SKZXq=TM8k;VAaXnYf^5y#XbNv2c(~XbbPBXrhbI8
z#P?s^okm!4&+UJC8@6}vWQAVLAJyDGc!QhHCkKQ=3|PU8AJXz)<W=y?_e4}aEBR8V
z_%N#a_ir6-jm2CNj~X^p#`0fXK_3gw7i!9X#<2DJAHHj}Qw22gh@hspBlzKg%XXx(
zP8DEsG(rK9L^f{8o*<Ji9vB%e2gF~S%_6A#-;3e>$n@8~Z91Y2uGSb*6=ZR(6QA7o
zN1TFL=#*A2OG7dw|A?wFMm$_)2}tKCuanZw4eur@uy`u5_-w~Xc{u|s=q#u(7G33Z
zMO&Wg>bZHi@IU|uk~_V6>Y=XRK2Y1O&&B)nbaBo^tZ)Fh_}k(?hsTBx%M9cgPgOcL
zLroUUulL=8&+iJf==~l~y=zU(<&Pv##XaRg)7=q4+8-_F7oDFnn7=dJFt>UVMeTW+
zywLHsw^D2Fi4IK%Zxv%|4YvVpS?m!pw0J0CWLXqQM;`GK4Bh2pXt;MG$T-9*Y`0bu
zx_?u2Yv|saQr{t2Q-9D~;aGuESLOd;f;^Z1SDYxrA^TIf4Xk03W_Ye3lN=pdH-}Ec
za&JbpA$TZX0(>)!Tg`gLn<|En*#tZVc0=SG-B9TIW$cjk#Y>g4;izMD93F&)v?z&|
z<8>GEi}iMO8xN0u(?brvpgPj<<`r8-Z_XiRT#4Rew)2?r)KAKidYr?TTj<n1{AWf9
zy!$FHyg+tkA-6VIEytdlb>8?=b;`hVH#vEq2Fz+G5%f|O24fnY5;EB`&t_M3*C_(z
zYNqekYrKk5oEL?cX<+>zWSLdfXZbz${=Q^W;*qi>9|js4qwO~L;PpaMIS6aNT*>_R
z3;`E)f(*_|gVUH`czA=wP9B;D2iC(Gy2Sf3HqNq5u7M?}wdSe<+OxsHyAFgyEf=o3
zv<nkLG71KkpmL$VfvS4r0YObyXF?=523z!X^ukez?TmW1y9M>TW4`^WQEi}@A-r?`
z3EAY&fWI}NTx6R9mIJ6zdzc|^k@>R9ZSbg(h&mv@_ew08KtYHwi3MMzR2ZRRg%ucI
zRiLEZSkMxL%L>aiVxfrD=}hp(d2|H_2B6HrV?LaT2-8ty*z$%&;_DnxusY`DC865}
z<`PF8YGCgePDO7vs6xmC{$lfon!K@O-PA&cM?f>4bN-YOy9a|T#cnSjKUS6*ea-qf
zf)<S=yhE8ch5l*w!z$9x6zPi{JA900q9)C0EVJwfz+YcR9-0>N08&HNKH4u2+z;2!
zIgJ?Y0TFBn&{v~AJ4vVx%G^ex7ydTp9uUb6IqIHJ&6T^Wzw9<`G}ivh`6`+<BTCD*
zt7-c9drodMp(b8QGYCny=2hjt$6b|!X0Zps?82MD0$MgBd@CQ>Pz8#ST74?~qd@|V
zDZ}tLl#dRB9o!&rgs?#AYRTRcP8%<a>DEjxiRA&yrU!nEyss9i>vBMbURrRs4w|G!
z&|zQuwWDKGL_%V2eQ$3M0<Y`gaUVM%`z)rq&UzCQH5-ihDDjZCu_8l`i~48ARoD9j
zMZZD8FriO$3j8ltGs+-U>D*^Gy1`qgpXvHj+}o<6QBY^!Kz3x&ZE@-%i_NC`nJ`-;
zsr=hCU1OblAQsNSAX~21EXwfxf?UNx{`i5WOly0SY^zS$hLCP|L@*rDxzpDz2!2pq
zQK%;8g@B5j2>0dUWz+_9+rKkP>Fxu8ug}NxPM1f$F`6j@y)Oaqrjto#$72VLgDfXZ
z<nS?ALMU18HXGbAc&D7{<ed6CbLco(v?<Tnke<}Rj!Sye135hhrSoW-ad9)%H<#D&
zu%P9A;%YPf2~~A~;Eo1>|E=#BWGG?{i>T<=aOa<>0F$9eXzSsd15>YNTb!s1gU;Aj
z=DImqQN4A)cbhA<9XZ*(Pef!<{22+OBmb@VIR{idwbxTXCh~BO?Uir@*=~I{f^kZn
zmor(Iy~|km*r+|@(|9s!vfGR081I|26bZ*R;rscx^BQ1FhkvEn{-d5aCe;onz=OQO
zUF_#h&2+48oo{<7<L#V_%LS$JS~_q#sS=EO+1QYY^5Ha7JZxgZ(Y89}8AV@a<lZnE
zV9OXsNj;R36=61m*NK&84i$FMG<ZK%%(M)cHhZ`+jqI$IsJf23qAJk8@*1Ca8SA!`
z2_<(p2~v+oIe*ufok+1=S%2M8+f`iXQc^-FcuSdO*q-ropaw<)F>$fIrRGLyFt$>$
zW?*Pu<PX-|c*F&WPw6|AM%bwUv@=&*uWupTY>(h2wYvu{iR&3MSg;4VPPPe?1I<0F
zb`mDJF?Q(qdi!uOOiXxRPm%Zyy`&+5U5*5V(>{|=zCPuU{VC~8A$%JBoRpImd3r6N
z=|zDO`W;8l7oYSlu}ON<s}mV0zfCG!w7Fv_<TO2yicEOh#!On$fQBGLt`<mDy6AY=
zN7(YpDX;I)4A&^tYvu$UNBk7oFlNk3?{N_2b>huIgUBY+a9?en3phNVV!HXduVL%%
z*{qT5gpWEJ0ol61J(-v&(Rq8n{}4Fac5@EPJsu&;>&lGO^wH}mB?JJT+p#c2=5A23
zxA^FG9Ua#2xBQ_8)M}>r{{zcFG`}9T-Q)Bf7h1s+lm-*$p3+;K0ARCh*)m3q7$FVD
z$BrF)N{ex(GHctm?GX%smyAfZ2&eZmoE}m0NyT^gt_KbrVD{|Ur>zuSx^$*<=PvmD
zKDibX-xuNAlW`z}SzmmJSu1ALs3Angg!B2#Z%9qDFsQeU^qoJTnhX--9azkekzbD0
zsuJZ8qFx3*1HSySfH&S;$Bj3(Wz^+KSgf!!-NXC^dnhXLbM?qJG;JjOV2b$PTbVrl
z$`%gnchm8@2}E`7h^E-k3bM#r@fFYieG;wPRsw2b-$a)T6akQk@4sMy2%Mv0fflSX
zO%DPyx@wZ3PCzW;Oe%(|qxzA)Gm2)B{w`i$0HvUu>>MFmS%lkPOq+gPDf5=oIJp6+
zc9I8;pyTk%u(=^bDdVe0@8h**{fYE?(LDwh)rv_G(s1J2sAHH6EJ8v}(NW6Xm;?hy
zHRIC*n7ldxi%LK>q}_}F%nrwt9QrN`W{xJnmPiA0IA|sT!YJq>m_qZ*W0edW0n!{|
z*GO43VO*nQR{bc_zs7=LHlanCal|_)H<__G1PJA#Ja<1<)r%_1tZ0ZJ5d=F(c<Cs1
ze37j%&bx-SnGU}HzV3=1^?=QZy}EnygAAMcR9^%2HBeszXR-#uLNp>A!JmYP<Fko%
z!-vOTOu+DC)ts2M<EzW$mj)<u1t=&BP*56>vh!ym)dtx7a?r~=t4r>BdvWP>rgf6W
z!*cYUzUjG1s-)Q;nW{#NoUO<6^K;2B$Q2X1$&Xz+<%|Fw#?G<L37FnOq2Fm}+{sGw
zH_ym(oM_ok1h5h8nk3_gD)wt9xU+P+cS=ym^`sJ!I)aSM3_kkkBMH#lbI(0TR7+}V
zD$hUvJWi*RfddCpmiavq>P7;DpeEhSEw|jl4L96Cm)4<#`o6Ez4%&71OlRi&4Y+nZ
zU8nPpwbQgeqlo7Ho@DO3w=$@Av$MLse-AsjE7$F(ed`1Uj-Eoi+J=XR{F#ye8^yb0
zUMI6GizVBaFr?-Aq_0b%eTM|X;><Gg&K;+nGXMY}07*naR2F5ySK`AOX~FOEvw3q4
zap57D)l#1MY9g+Z0`h(3>@F+9s%m(2L76mhNt?cm?lOQlrxQi>VUM=sNQ@*TAqsPN
zDBhw%O84z$%FG$OzF-OQHV5;1U&&8JStMKRM4D}s`F&)2UA&*ZnH|;=KK<`?v}ht&
zASZ!boPqc9Y%JG;We1q@@n-T0gAyS!*icnv<fo7?tC|M)X~09bc0_DKdqgBhxgUq!
zOdz0B=JFFAX+_w`6qR}ib66zUBHr)fQjxbpnA1$D%P$woVNNSPe}KYbA6}oIxF|bj
zvx2)kK)J_Hc$k$kmtb0{I6^f10fU@;H+lfVL(MoHVsqyh?JUY(?!i}9#)?fve7ImA
z=?6>k`wb@F*Ofk<1v@7=ZkLq#*_mEMoXJa6pa?A@3Ui!@Q&4cHrI9~pJ^_zc`qzZ_
z?oMd8ZYb6Y8IV72KMUxJWZ3-gtBBx6jcU-ov4<N66_XO{W0yOGXZAJV^PJeDf;J7U
z<-FEn2i?O;SmCztezAjmU8T3p!_DEPIAqXc-RoDh<0ZF#ErG)jn-+97F@(&FA-#@-
ztltGa6B%`JlS8bO>fddlkUxJ(I$ti_%j%7}lFeeXY7)Tocmh}~D&5=1GGb6eF7Dp|
zO}qqE$|ufiKJ-(Wx0Lsj#utX{bAmb3zEw11FK@=+-VKg;t`WC?!{(iZ%%5^0%^QjO
z3_f>3aXD{(x}BNd?xm>2Lu8m$<}cno!HT<YOdGBl)(o3fl;!N2hwRTN=B-aZBQ`#>
z8Vg9%6cS>iNZ%93;^jp&X_?5Q6AN(Ia%5e%?!KQLJ1aL(MK5^gzp-3D+Ih@ro!g^H
z`OV{{=U#QOX+tV+{CkvapR=vLPE~mhD!mY(&GFLqO>0>?_Y>Crv~1vyKQ23NFqm=R
zg(E#|lJBnq*c@@Zw(0j|rONg4EkE)ewdL{K9yg2`_?5erM)#jG<CDC+yh)0p9Cf`~
z^<jSxfX(HXUrs_o!r{j{h>6Gb=-;GGhbyHFSE`eyKKS4Rii?X+OL>|$ZAxlN14@f?
znK$nXoMADH7%`Ih^JdYsv4v}{?uo9Kv0&j=0*1nX?ivx+T@(~%p_vUr?Pkf+nD<>S
z@i7)UpBIK==;RiZ^Ub%JEL&Z``2(XEdVUIuYT>)32idx_jDoy!uK!ab+P1bykYLGD
zmHYqxJsZ>9T>tV%M6~aY*XyQe(+d2Xe&jDVjiYg+hSJ|fevbq?W2iy@NF8*kQ?H=O
zKlrQ3qDivIVbV)5fI+bE18y%Rg~f!%M51~P4s6^-@ecwZTS$XTnsL=Vqp|tTOrQQf
zcmDZ)G{eI959XjIwm?xe;@mmBKl}ooZqkd$fbf<v@Tn^HfDc209|q#fFH0l<6TyfP
z<qqhmnhC`(1mpzUCis2T1UPaiLP<!ssX`J?0nO^e9HW9wNTCG*Dn;1)2$qhNL=*C7
zLJ}?LV}oSUh-cI=G*!x>nL{iX&Inu<3+BXdViO(s4{n8$TnYG~>L`X+)~hZ`EsBXo
zz!HHG)efck<*120`Dx`kR;*Zl+`c$%+BA7w0J!yl&56CXyYp1C>j9e+tF-#F>uaFC
z22QF5#9A;l+Cp-)Su$xVl5Papnfo!>CChPn_u~uX<MS6`6H(E}Ng^OZCj^t~B*c<J
zxUB^#krxx~XkYEBg9SeJ<#{D|b2?L}24a8j*mt;e%0ZUzDi`0(fxO;Lu014RQ^Bw~
zorOD{c?%ueGYQxjX%ij=<?++_OiM6~#d5b#M7C7?Hq<Ya7XMjS^}fcA+b%=ZI#oNb
z=5<y79-vwtM_gayc+F=#5x^$N_>n{j*qoiIG?0ibc_hz1`y6Z5tdR?&7A;yF7qFQ=
zeLB(6(LDO-qeR$>2=y)`SMNb+Tqj&5S%kXhV^-aDdf?$>-{kAXTk-9Awod0C>!kNS
zU(Jp8e!&0THh^dTHsV+1Rey2qHSq3?pUE$D@%mfac>L0rNOC4K`t8AdG=2_0rY~l9
zP8#hJI-{rcp<Q1`Fv?6UZY)9;LC6az=strz2eQa6+sZpXJ;TntAUi>%FiSY85e?|o
ztUW{9^dLSg6jc?rvVO^?F@(0WRYS9zgQlLILY8m*nHT3S=5Nh=Vo@~-(9F!-!N1Py
z&z6!rqRciLJHq9r?8gVT@%-L3ES))l#wk&?KXCmS<Q0@N`PHALteIH1hFCQ&8{CKs
zdMA^a>*nLRJK3C8Ac33i9pboeOj{CSD-CAP_9`qX^D%u^8lQc&OFo0xM1SLnel%?u
zCW|gM;=lTSA1i*&;+j5@B<);9ps+}q=vo^##2gcaYugT7yY|TQEfHZv|LF?MvA=&W
zjM~~ZD2e7c4A_YCRn?$nvX=)g&nG-oXQwNKXZNKrGcUFpbIYpgywEg_D`IoW2&lYQ
z<Y2AGDkV;Y@o;yWhr1(7v7Ueor)cX-ZvBR=JU8z>eSU>P3b_StKAFFpmA~W?5oTfZ
zB~7^R#x_Sh-e+I$=C$ctB;eDpOFY+&XeOC8Vr&t4zxCO6e%g>jqhu!&u4%=eE^J&a
z4*^=Xym$r)F(Ev5XD7l#h4nR*lzMsN<87?lnoo;HVNCsJKjNaR%l=$CVF6oqRRA`X
z624z7+{-g>{esV@^Y8!bMr4>J$bbzPl)8K*$2n-!z==sj_MT-)yl=bG^T^BzN)uKj
z@eT^_v84DgZkqTp*WS>CO9!t#eEgZ0i+E^Kezj{}cq)o}ZacoTaeiTdhbI-VWxJ1?
zZw%wctE)$#6%{L7ce9r#9~@1mw#jE%ZJoN}WGKBjSPNh?_mioJ9~5Qs$`wnG8$@Mf
zyfO)+3Xq@}la<7~D*>CD$7_3(8rO@{jRUVtq7Gn1ZCRhu<BE}iV(O?Q+@5_Z?)!%V
zY_7PHg!s5>)%L6&MH<K7oDdfTygtebD#4VJtUQ^IW-()r41U)|3X88B0Q9h$Ps1t<
z8*%N6@65#J&N>y%dPE*!VG%S)PR7vF*|2^Q1qC+TZZrLQH{+VoZP2uxtlhAcja$uh
zZr_r2P4X~2=>!y?l;aW%bi-t0`bT**O0v?wmjgrbpsQwbv&*rCI%I&0YIrFx*U2k1
z5f%}~+O>OV)X+r3BqwS>Vda)k?wI%;J2K2%`uA6eY}pB);$!6-PjlOlK3vqlH_njY
zcS@Jv;UMev(4R0FDt__BK1@ys2KPuG90}M6KqAPj(E|qicJ0Sk=pjFEKPk;y;og+b
z%x69%)NiKwHJ#`-ZV09T<o&#Z5m#SE25t<^#-D%KM1Hx7UwGjx`<l!rpX8>*wm6Ld
ze!mypY{IJRLWND>CYS|KBYbfLh+^nyS^&G-kD;0H3Z{=9KoP%183j#PQBXx-k}AS0
z#Ix#HECH;sW(=!>W)f<MJ_*if!T$t790AryphkGrfXO1*Goh&AkrZkwAz`5;HB7>_
zZzCo9e<32)j5)-INzr9FMV(5?SXqC9^<%^9NI*&Hjk(D%40~e?U1ink)hw?Cu$eR|
zI2?=L^?=QZy|%mZgd|#3hRqq)5IP)aQ&H~P@9!+$L3Gy9eThXbdGWm|4HH4G@{K$c
z095z<&zJ^OefjF!=MU6B8^&5_k!TGnA^`dBZTxcZWlCHtgWs)Fm;|F#(;Cnu<{DbY
zU3WO=i~=8950>K*l-$$s{+%>n6J*$kg+?&aQAAu;L@u5Se?L<U8)Mhq{V;e7XkOW0
zjuqKjamJ}U&UmHit5d7?Rb%Jf;_pZC&N=4&tL1T&>yNlc)%%?YU?aeqB>jg|6%ct!
z^C{P3@JC(2Q&0ViEnBw8M@&vmJ`C6hbI<Vba4C`Ia=EBr*a*Nzq_D6s{`R-O5oOCE
ziXZUC+=4%EA$EONoy$3VoB(XL;oI}fi3CU=k-uNp`C;`Qxw+!BTkCxPvn<f~oGJJ1
zfBk~_i??%K$G_7ysRxP96s~)>8`E!G&cd`Aq~~uZKBNifsn^q}O~r;|aM0HYkW;ds
z^n&fo+4we@#e0Z$M3WMcLaVs8q}Ur_F-#aDq6{G`5Fjc-BPzm#-EN?%LEoB+9|7R3
z*_+1GUw*~goraQRtBkH*U6@64M+DnS^64H`-H7_Fy}$57cn-7Q9)s|WIDr8DbEch6
zW&d8fDwF?A-$Zs^P)ewM%P5|Iq~~Ex@QvFG_|Nps^z0bNwIiBh5+M0e0{Mkmtmp~C
zi$iSWizpJ|_aXmRM@d7ufEM`(jaFaKz*XE&{FdMDS_lL|3GhlOEg|8Nljr8mPq*>y
zil7F#!){{Qzt1N++$MEkSFFk6g=xRY^4@n%bDE|7K>7aadf@_;tdNNld4~7xNoda=
zGMe&_+`od7Xb%4Ob#-qMQC}(1UjBYv9$_H?c6mbh=iY|Q$%~QIC8W?^Znm8fF?kdQ
z;Db^JKbG6@iH1LvOc?YE@o-moiIiKbOFaweuuE=TAX!*j=Z!qvUj!Aru-MB7b9PGL
z#Aeg@<oN+KNew%k@BYj(ZlAP*t-Ff2>$=w5a9J}V!Yzn+V)1{m;gnzO;Xl*2@ZRj5
zbZiyHzyGf*O&Ww9zK>vwwH`K80y>|*IFQJ2tIS_S@MdJYxZ>`GlzViZ`%5>5^iHnU
zpNHSJfUUcWnE%EQnl}zg4vPCe{pK&c`(+w8jA+Wlo7z>;>KCU7_E6B|xGwcm+xv5-
zk1zf)jSEJ<&ZB>h;_rW{+-Tjt(@X!0GswxUT)^CWdl=6@dF&0?{RacQ`M%1Osc!P}
z^7z-JB<{Oit589vs8}N}-_O5aRJeB7P<nN4L`HTo*?Fb3Yn6y2BnX6^i}hHu+y_;`
zu<3Q&rQeAGHvc`uu&H=I1z>Y~6~LzEadGS8tq-bSFVD^pc~oVWoXYh@)rLJ~>z5gr
z)Vr0~+kR7q&42*|5YhGLnmk&<c|Ewie|4|WaujA7PL>#z0U@q}Vv4i!4*v+S=0uYK
zaU4<M62J+Ki^A#*=HF8Ba+y*}lNw;nmc5z0Giwoz%%{i4rfu8vh>VP&sOTs5?%c$(
zCAl<fnank#+S0mNA%=dCk3ZXoGpZBAFG@fy-+-dKFr;6ZV6q5yi;cJ6+fLJza0c~@
zA%I{AnbCwinIUw?%s~c+X5cQ@@p}C7`Vfa1i^wNnV)4%^_dW7Gg<2~H-1!LBCc-Ds
zV9sAAaMRF%v~1o~zQ<zsL;wrHH&VwCGH1F6T`^;}*aYbY46|gj1m!@5hM4%X@MSTf
z3c0U<pJ~rbAt@oAOUI31@q2UGyk;w!W<s~Bj2JT<#bL*lmB-@GzhZg%dfX<kYO&lk
zXAv$xcomgJe;!ZsjC7iX#i5C%gxKT~3>WFMBgEOH`-^0&NQE+8$Ey2CD)UnoqL6Je
z2nY{X&5WU_@_QQ4bxcCSR1sfPAubodYBQsRsAw8kbRT}zk7~0ZO>YEJBfaqiXrrKN
zngol?Rx2@$8WYvL1!enop>115+h{*==5qW>IjTbh{D9e}qe&lGv#22q#f0LB!4uaG
zHFYr7q>gy~g2639S77z()vQ=??9F-6AL;>{6CD*Q&)=1+l2uxDckt|<286gX>9YJb
zOuo`%KD6KLWclDPe-G1{-^;YD{yBah)9aIN$9AbUQlcv*Ul(j0jn}tL`b3}Z<k2m3
zNqwH=@Zh?@?bTVc%SEv}=rUV(9gEtRNnHfP<~ZtZ$6?q!Hwht$c8&tfr<-A8?0qN_
z-TOR71u#<4ZO(9oDU4Sdzfc{p+5Ny&4C9bMa~;Z~7}fGHYF=OCc+D5&L;xEhhjunH
zY;;4T)Nuv#7yQ7-AAc+#QOF4isk4hOxdfNjOG?9r^4~-f8ykDl(g<@nc<H5=C@Bd>
z!U{&tOE0}hAme@1xT}JIjZw*zsBLfwGHeb3Hnp8x<#?&fOLlGvjT%JNYVKS$TX(sS
zgIUGWs~|Z(4DAG>jm3tSxMxY3hcKs2`k|byCe9~Nl_zy-bo<9?8r_Kp2fvEn@R8(f
z!uaW3`Ol~&EZZ}iO$UCUp|c|wG#!I8LZQr4NLJ~7mhYOy%DvyvJiY_{nhc?BVrNt}
zfGQ#ag(QKH5fBR=#UG4RQv(v9@%zik%P*#+w3LW&m9S6+i#dSF?Bmm)S1@Jqcg*f}
z1t}rN_AWTugI@9DmpuQU5%liT@TBVDk95(TMd?hPv7LgVpd4D0lu-UPu{$x5LEj1S
zA<r)?mu!KWQT$>fT6ov&PA}p6pEFszNkr4T@dtFmofgh(9>Kt#NfHDKb()W9x-LMT
zqEavGw&b&Hbp~5@7E)a5ljjTHkZ$c`8PFq<#tlLbNf}jdAz{WYHpJI%&SlU35^2CE
z4C4ECNgysJg#Ui9nN=Hd<VC4TPG0$YZyX^e)^E+@=_wl|BST1EJut2<o$}V>-kyf;
z3vP@YEjd~=BWlDj6!Y;lXMgYgsFGoGbTjy*XdjcW%O%noAl+l-p<PW_S`fjD&C(bd
zmqS@V;k^<k3tb_ypVdqP*cohhb5nR}Wf1RiDmBQk5r9oOTjyVS#F=8Ozvh9(tlpGM
zyB3kmeD#9E=REMQmCRkdk7f;>%z1t2F~0!<5ES>=xvzxL7dK||-JK49tAs>Zo8dvg
zX2wf{2p4RaDrxlni`clMkcs2lGWN<Uu`$5#2@51xG=Itvnm4Lsk_dLqJ71(RxK|P{
zJls8Kj{G}FVvOiM>_ygYIzYc(Ru<1qI{Z{+WjeP%kjwN>D`kq>wl*{Gvjmb8kNwUq
zS{_b-UaVR<m*!3VjJVh;y&k+i6Z01J;?_H76Bnb?w@YixCLObVC;JZii4AMb>rY+v
zJE+y*BLo>Xrx38odQ18{9<CronXJU$R0-JBJYL&^tH$;6JCpUlDlDEl%=fE}7-#T&
zh5hJEP!exGwH`LX`S=M-qMfUN&9wcA{P)JrbZU`u#Cw;E#;2L(e6c>A?5yfcyI=E?
zYGxC$3DI;(iDFE%D4HX7{Hv$D!eTD}AcH=EpHCZL)1^x{`t<J0!Udl)^?$FBmtVx~
zcU;W1qZ?p&)=MDZ%XvQR&c+NGpy4jwA^l$LHmeZWls^I0!pC3irBPA@eY?gIFv_LD
zy<FMp!S$UmvKKO4=oSpcOF$9ATVnhapo@(uQ}^=ptDA@(cnh5`zaA|*5|7`*h7aGN
zG(BB1QFO7E5@3cQfC(89gHc|>fuEN`Yyxp@I$+kE60iw^NdojR31Kh!Coo|a=E&%H
z{RR$iDchFKM)7$`?a~h;JQ^)55;dTr=qf(lgK9R5$R7-oirZx7^85abUsuq40sePo
zUz{N}Vq3St(CrukFu{*cM%Acjg7I@mi%rOvsR2KV+eOKSwRrqx1mY5jYkVGt$%-Om
zf5jw5#yf~Wq2R`uA|g>_9y(e{0a@GEp_?o;=-5rxdoWNU2n<P(NZwim7YOf}U=WW|
zR77Iw0mifpaB&M2P4}W|DvHUEIZVUkRPmUs=*}ech*oIHeF$mX8?SE1A4GAa2abqU
zS-ocM2{CNmefM3Gl9HG;Yu2xMUH&lF?#xxmE~z~r?3C|pp5#txM8SGG{`5et?X#}O
z^AtvQsC|d^B+GHO)JJ_ePVtU=eSbK$2!;X;V=S~usr2%kzj*|zQ9UrU)))F$p5XTT
z7<%3!Ld?OyH{osb!?v<hK0b6wISIh#v6&MZB__r{7Gk%LwU~t0LS;IG)B8gcr;{TX
zo=%31vHQ<sFpOtW5MuqmaZ<)Bji0Uo*i1acu&Ha&1Yq;*;XI7pHLtIJyk@RFd-fgB
zp-10E=MNi2i#F9GziOVFXsjSf7ZERK*T`0EG^0f8#@%<{EsNZwNfU0JFoC#~6v~CM
z#4(blDA*K*58i#3?-nk^=ksypl~;1{kUluWV+rJbi`_`8^?9FpV+rrgSk0b&1(dox
zv}sYPQ7vxWzef{Z`^ObBpUE$L!;U?<y!*n{Y~GR0<1c>0%&#`e&E5}Ry`HN_bRaXQ
zl*?{<n>U`iijHjrlS1M9mAiQGiP_A1=Ozwh7W3q*-}3qVjnYFyr0`H1w_VqZyT<h<
zB~ff79vwSAm{r8vAFtw#=|3R6aw<}z29ex3rVrO&*_nh`5%qg2vFEd^ztrr%je7o@
z>$^NjyX4+-;nX0s1y6l@6Jxslm0kJ2Fn8lr`ZpR)QdAQETyP7CVX0i%`A$+JTcAoB
zg~(BCv<t&c0nP-1j2ZmF#helZZB!*dh)Kn6)d(@G*n}puBChkXEqf1lfAl(jpP%ph
zUrng##7$^F-oF*k1s48t`}u#U_B)yJXvxY9{`0{Wxydb(06K>BNoL%Y&54Q-6O5zx
zf4@J#o`Yq~TfC1&KW0e4r79Dp;(fA*m>ASEiIEpJBqh-)RWPfTQ+U+;yg8507wlnk
zTA`GFs+mN-iLrJ@4{IVlNbDgZIx$!-SGkX6tF!rd-Y)hYD3ONjA_)(Z`^L5<CBe=M
z(>AkXPmvt0yS9tr(K|b_?_jB9FYG;7Dt&g^Hjm<#Q7vhr72@8y17A)KzET&u+Z_aN
z4pD5Rk4=v*g!bu)BHU>IK;uKr{uR*Gpoh)ZN0%QI?bag6!`+wW6CdHjrE8Q0G@{LZ
zycm33;$(K&@r@G`G(Tg)O6hJB{qy+arvUkeP573ad=FdaU4GQ_i%Y$99yyzqjl!7w
z#t_+lVuR$4$A93vA2V3?!9^rQi!vR1+~1T|$Q5@l;=<lZ{NvtE(jP~hU+xLecEp!7
zPImIyO9KcG4gR|*xA0`T;_mM_nC<4(M|()gwW`lEY{CMz?Jj2i8-ou4Ho@!WFWtv8
zZ*O8>W*LKeB=YB*+RFDb)S+P#;lJl-|NC+6UV2~tihQkvZ`JnI4M<I?1Y<s*UB<XO
zawsjUoVmAaW9I3}QCv9aNJ&PYU!k;AAtc1WViw<%pj_v{3_tfjlF!8#CX$g+!hsAo
z&6+y#cun}cE_!rzaOeFcq<#Nzt^KRE{&%(<KdAO5L+O3oiSr3DY_g`-WWP*S;>T41
zY-%2_ZO(2~yI!1a9C44@@;Kwi#RU3A4D~T3;l}EQC#R?=e>A{mkK4wpSETZ%zLm!I
zN2|)OGF`0Ack@eDF(uxB<iliT6&$nHO=c5eQDN9H2(@Umi4Uh&LMVNrEF3*FAehxp
z+YWN)S0(H((HR@Q?lb~6UFhArHyeLh&x&R9$;&^$!2YpZ*xv{GehG3c`>Bk~>=0VF
z48yEu5fh;h8|jpDXhZR#o6O9f=O!sGgl?ToD0m5|swA8!hAAjTrU-u&;qzjZbQ41p
z-hn}ujLU81mb;hn<u_Rjojir)ZWmxEX8f8LlQ>C05mHu6BVd>%iAB`}tHy*A6Q55U
zOH7YGbh!8mG<)Qs{gogaC!na91=u6XA#o4UW(Iz<k9cb+Q?4D3&8BnxOCL~VaY!bN
zY*bxEF^jpDjs**DO_v^r0kfYF#X+3k#Xl~+kdAlU#rc<AO<B2D0#qWfqfD$T3=Pdt
zF=3MaHHIdF#sV0HWqkMI6YO2To*onKq1#1Q;uiBvBOs;OrO%uQDl=?SrcCvF<vcZD
zGNT{NW5u)=Df0*T)8GC<vGBPOtRuhp#)z7<pcuYGel+6m!S9Z*uz($(O(ky4C;W4G
z5)O(bn@9wF_$(UM<amq*Z3#5!PiW)5cmp;me<s>1m?{G^PLyF&!M4fIKXqW|DH`I=
z%52hd6|#!Y9fnP0{(3sCda%~IT-)tA3ZgokWxG^o%PgtB9B21#)bFc(x-`;Ah^|zL
znYq3__FBAYYJI^^;)LX=TWFg&;qaA<*5~2!3q6ZdSKr-I^%G~<OrCw~Bn2Leii{yT
z>fAJ;cDvmamlUomDJi-C(Mw-Ht}$p`+s@ecx8~^jTNw1K>ouqSJVSsfPgMtO_C7K-
z$o#2es*#6L^ZKLQqh`);OrLFZ88E!o8zvbmNR)uhu~JP)u;zKE_P8!5=OL6khcM@x
zHGJ~PC$w$bmIohx7?+%U*DYC8m2K<R@xt@ZW3^g&>n)*@2fpn2IE)=tGC6wrufFqr
z7JR=$vQ>OOA$e7OW2J4&1eSbyyBr$Y4t|DB+p~D*`KuZ8z(;bD8y_1=sKY7&n=b8=
zne**tE*(FW7blJ2-tocidhcUj^77PW{QbTmJo)lMIoTF^_)fb8DScDqrl_Qx=tu`^
z=if(4QqT~)B8d&6RqOZBZ{%xueF15F9uXFT$*jpT3lEnvmsbKmU%!6~JvyZxrSeW~
z`yF|MGoSyyj3Vy6XC~bn{GDcT?Q#3dNOCr&-0x=1zHdp2Xu_XoUXDpKGr09AdN&zH
zv^|MXO9WPvT>>^@${S?X2!JLiZ>AFbEhNrVv4E6+7Yj+@UE`y~Q@|@r-(}67&G-U-
z{C*$zHtEbYDXp=~4e{frT)&5BO1IM~egohCl)x(;22tww@po48@oQHf<Ki=4ztszJ
z_T2wKRvG_%eS?hdmvUl2sKd;NL8)AEVMC&XtW%BT4;a$dX8Nq1tlgZ4_`68r9TqGc
z;awr##fl_M#s_py<krzGiH#B<Q1JN$BVxhwgUtA551BcxYO-TO<5lEQQKpJ=i99Yj
zKUGGdiu<nIki(RZwvwJveGg4YpZ(*$F0w5DnzG?AAT{j#6fWqU#OohzVaIN<h*oIb
zG=ec#G^1nd=)>|-fzlFu8CiHUv+(8S;V&tZWwFLa5!$N<rl_N{N`lXP_O$QOUw~6n
zzJRU-J#3Bv*ob?J=+jP3-HabnKzu}ywN#>O%q$Jz%d%se$RF-Iz-7)dt_!W|gL3rp
z3ovHbgoRZAo1;H{vy>3Dt^fca07*naRH2_sFPT}d4Z>tn*|E2nho1kL^;`2<^Vy}6
zO;$a`rg}aZIpqw$eF5!TL^AoVj*_({lB?WL`^#q0xPf5U43w-b0Z0}Uds(pJATPbQ
zg|^Kjc<YJ2ggUE_ZI|5kE!+3h1Z;x$eQ(xIW_+_(0y?4(b~-PbYlk(aealFaV(pmC
zHT`Q&P5T~u<o)&ePyKWycRl(gE?1D*clT{!JojX@v<DE$?KU`n_(9gJtsVt0Hqv6E
zRX&*-N59^cK0s0lu?G1_`1~wf;>O`nc=`2Wwr=-HmX2U^dOZ*xt}t(b!F%tA@#%kW
ztn#?O{`rpAe@^%KkfHYG;Hd;`a;8thpbEo=$x7^Xm4Hpn<Hzne6~kk->%~7BS<@$>
zRJliOd7R1P3abei<CTQ#e>t7Ett((7%CL3oR=)Y>8}{tkb52U435JaTY((nTAcO}7
zBr%|)kmNdX2BDBr6MP5ZfOazCBI|c$^7<MVGt&-j;u|_+!%jb7BL=L@g9li(Y5}Q<
zTj<-xg{Fvki~u|AeDG-wo3@oR@~RX%wAIi8<*2#{gfb-4W7eE(5@Q^6?HZ11a!W}s
zQ40q$yo5RIggL$Fsz)FXm{bwu5|ExPKHbFE-xTxLC)ctqE5OL7|3_4t?)d#0Ry82O
z9-ojcR&`7g5>Y4*h<gfiV-u=wV%2{p(Pii*C^1PWGH(fEpsN89o`pG}W6{ibL_T3L
z1O$Ud31C$fW<NTCA=li3qj@LFtRYwgTg6p`*DXA2baYk6h83UJj~X5;CEg5k7*Tnf
zc<<%cxO~zRsA?Fc0WV=1Sp7O~A^)a=>J_Xa4Y#HeFceIRis5qM+O&dIOMl|R2mTMY
zp-FjWlL#o&eFQ|=%{nH(Si_j`8X~^{hNhtwyKrq?$=;k?+79~@x}l)qN33jh3D}4~
z_@%^|7c-uK@Xb-MX#sMV&BOJ<6FfB}kqEUE)oO#t6uhx5ur%#Lc)LD$36%<VqV1}J
zG*!o$dcfv%j=GSRqmU&SHs?q>QNZRLd93<k*4M!Awg!^4y>#x_{_yiHPMd(ov+9`7
z>j`)fKYl%c%jY_7y;wC1R+AM?(Qufnd!tsp(5EX5Z@0QyUf--bfLE=39eyGWQyXCO
z$m~2m{<&mbfy+OR|8<w%^-5L1CMxPIAd#HN6IVS~Vd}N59~ghKmseb8Y<$c@sPQm}
zALYnhxL<pNUvs^XL`!|V24M53a73*;V519JwaPq<y)~|{ar|h-tutVwuOQJ_{%fB2
zlwE5WDup3e5fRe>MNuWYM)=e``SjD2_>V2?bF2cG6ou_;*YezR&++!#Z%e-$Pq_<!
z#)mje$B)<%o1=mubNS8huwdzS%C<jQ?KWZ)wnDC~?cnDmU?cSR#lL;?{>}95-ng3V
z(wuL%Q~_-I%DnD<Y?cIUL=xA2`PNu2I=`jdcoUmh0))Bi(Jy%O!<95jiDdV35jk6#
zeq5VQpDSLI8@ZDoxRAfxF#xkklX;1M6W8DI*Uy>y$!e??6C1yMkY<hQW?p*A8ud5G
z=pU~vX73soMxYIswtEmyz>TJuhz?0)e_<N?i?;E}&o6U*kH647x+5Xx&_jzrf?gvb
z3WdH*wr8v(w=|tHZ-M;xun;Ga_6Qty8_}U*xXMfTVf%8@4(=ekIG3D~TtW@FFs>1O
zqmyYH7DI%&?!(jO^OE^u{VM)4NTKJGU-4DXtBJORaP6M?Ec)W+-=HSXty_vd|HZfI
zyfZUR0w@(p05z8lPUX^pDblF@@OQ+3y$4G9?}uAivoTNlbC@)Rrm11HY!Xgvq!o`>
zXV<<GHtr~p(q<x=O)9sJZo!ooHj*2wLOyEIPno<sGmXq#w>(D}ytiu^Ax&{ZY$n78
z{MMaCazkCno{1z3-TytYD=CQ%@{2r7ow0*?OZH2!M{JNcOAW<tH)FS&xb2!2?ATK*
z0V%<L5b6AG3FH-d5Z*lEop0VSj4@X>qg&e;3Emu$41+*f8G)i=$+9s;Mxxq7j@%tS
zx0?Nwlr{+1IFAe1h#RHE`WSmbJ{=mDQy5SstLDoxhuq+)OS;ri#+b0;TF(wLYy@Ca
zeu!an^xT^bohkdt=dTRFZZolATLFK2d7Wf<t@&&?;i1PjzRt*TbJ?AXXw@W)Nq2UT
zGJ+zNx&3swe0C79d2s;gnWfBLyq|TO^CcUtL(53+A9Eh9n^sDmRh01JTNlcHKL3pi
zXx^yO&qW*;-?bfkOZZ^UZuVxBvN^4Yl2RXC+eUNEu*RI<JzhS?xs>KDPvfVJ**yN_
z7qZv_gqit%JiU8V$_6Z5;b!n<nbaf)r#8@7vm}|Q$m4I%3c#kQL?=DnPh70Vtodb3
z7++cUqW?bos+;8S{@ggS%ehp2$1Q7y(g(q^IbPbnX)R0Ue!}{nmJR&z$7RP21~YO#
zKICC@ILFCK?C2_h%@N0ItIKNF%RYYOJ!;G2OdJ;o>0gN*{hA^o1WsqVb(Lf>{bg_@
z;-|Lsdjf1Ko;B94a&5;j`ZSHCW78zULQm~RLdAW&UN0MVXR&O*kGZ=Qe#uvbNttAJ
zRQx`@44ba>?%hjJVI<(Tdi6qDrf#B7r!pDvBv=+IW|psn?R(sG>t>~SV<BcHSn3MC
zfR!D4N|--yCtcda)2DX~CaV&ZoYhS%UzJ5>j)KFg(7c(Qq?Ax>W)&r%;C91`HMvZh
z^fRm0XX9+ro{Jy(C(hPwPz?p|x|QheVgf==OgK||yqFaef%wK)Q=4L#Et17E|B>5h
z*|afgsDr?vWu^cfq$0jJK?jQfO-vf$9S0KMsI`dZk)X|6<3@1L>oX_`u}Od=Cv7d-
zw$1pm3h^j@%2k(S^7wQMoyShV7ck-Sscd`q3A+7hJb}<?bdwE}w~(UM%Lwt5qZnqq
znisDCOca%(&?pkR_Q8UU@{%I<EuKZwZv7xG2}AK?bGtaO;U~=HrC7w&P|@)Sz)KCm
z2#+VCLkGNyMtN>7c|R{DyhSUV4clPy1u(J>;N30unFPQmf|CMLPR)pGfW1jabc+L%
zzl{9FGf}>Ho+mEtL_|U){+LwEE&E|_(gmMi!w?c_BIHo2xK(&89~mrA7r;jJBawuc
zRXxL|w$Zct@f`xNDHi`$bv{}XKs$T>E&!X(t7~W2{M<FjunDHKr~LKhsc(-zT7TTM
zcp4A=-@Vlap4I!FCadrxOsYbe&rLyjAw}L&3D5|j=46uqZR}<{QML%eEx|dIW@<$L
zrc(&9#2wCd=gysM$S`5DiJ<mVH$HT0sAH{tIodZWD(dhidNsi2TxHmZ4~U`|Q?LG&
zfQ^y<ct21CU80I``l)N6Q!oIJS5gJQQkjf&0lriPY-%g70DUU+IP&`H$B*_h)ETgm
z44bn9u+a&D<U6?KmRlG#YLo<7UVime49D@MW{x))i0#=)4?V<HS6#&iAABI?(Ry}>
zBGmI;oyL&iW2f@<l5O~Q|Ld6NR|RZlzdepi2DLik+}Z$}xzolU^*Z5+apkS=FlXUb
z=1v>O#RG$R3+7Mr{!f#eU&idI<GASj7DtWf6B}eNzrCFMCeI=%K8#(<AClnB?=^`{
z`+?WIg;o+uw}$QLl>8t%e(7V=AhbF2x4g^Join*_;7i2WQ_zI*ruYb0VMESRR_|Fz
zVM#s~#X*cSk;sr}xrwg|IR+(w$6v~K+vc+Q;6`*qC)FNC@2Et&MkLTFB8~<p=uuO(
z9iG|$3+`r(iPS>K&<nY*FoZa(oqINX$HeCc(!FDY-)pm-vgZ;T-5<~0&Byb1OVF|+
z2{z21hBo4&{>hScBa#4GrhKxU*$dMp!$oWq59*c31-%mG#<kOKlK(EeY`$G_kU5L?
zNrr()!h`0&lY2^lQ~)}{pJV%Oxl*D*f`iKkr%K5(0m=xOG6Axr?JefxdAnJ;As4X$
zEA}L=9^Qmou4=)a1Eu`?f4{J8SCM>=2lPmgd4xI45{wb$U--j8DT!9`T!KAOQtFie
zPfC)5+pcaY!5RVh)~6Gzfw}-T5zYWt^ekdv`!dQ+Ft^OXe3t`{(1@=?5^^V3I7=Dr
zJhs7VMK*N-Y(zh3aq$<DVKe8ygJeGu0MGsZTE&m+b6NSxB}ZkIRV}KJ(HlPDJ9>AD
z<?(wu5+5CmYASX4=y=7PLkyb%?A~9(lW+XO+AaBv9MX^n#<nKz(781q{o-4{m7vVg
z0Go<)McD;dv~+bAi&tjy!@3;lHTA?j9qH9E_Jn-j>QMEk^^~uE+D-R<?fBExudrzG
z7WrOZFd&5KQ(}pU4gxXa9UXUP4)1+bz3uOr5XKAttXmL;*K1%hE9~6mm7q<y2+2N_
zO3O6ve6X1ROukz(dw(w}L+w*5!$v&on#FUt?Yc{AeG!ek8HX4)hfY<D$x8IdO2DS(
z@nGv6djqV-_3~_)hf>MnIfV<zV7u0~emLUz3=Hm8Vn=42k$zDR*i^4(MWJz+L9d2(
z+9%p+7HcOq!bwb+o#^Pgz57K)MdTNkkyTtydVz;cc?K)9O{^^m4}vqIPY4A9A&pf9
ztPy`d-3*&PeR@k^Av-6VrAud#61A2gef*#au~4BSrt;%T5BbGrx^)gAE-HY>r?F{E
zF`hsOJ9lK0pHa+!esMHysZrv#keBZzA;yAg3+1kRf8_fmd%5fGL3Hog43|3xAr|Iv
zG~}}xTlw_!@5#x_Cw0JZdfzk=M`{XYkDCRP?&rM3NTOmQD9p`e>Efk`dTe{`U39$S
zMnWRP!C%UUw_i=+uHD#UVlg`-4l(P6H;yK~R}3M~76?f1m!ylXrt3w+Fj+%!syc7o
zd@VP;@CJUTQ;zXpJ$4t3H|`|fZKuHQV|mU-$&ewcF?WCQ73I2FGH2cyGn_l7&!WUI
z<5x92E5ByTV~@~CF=56^p2g3S`~z}fVrto$+unE=ziy$VD3`@AJi(O{CsA$>$MCuF
z{IH0h-*|y=uM5rN#iOXKap&SyY{YfDfa{-nnKDD6aBmu$=6*(xYpzF&OvYPSK>8Q&
z<C!&u#tw}fkHX5V5{eX!)V>25_Sb*mwngI0%A|0?hqNi%%q=4?CB9=1l&BPZx`4q1
z8>xb484$VzlA%;NPE~&u>H^qQy`mnlIk6F205+M$m7l@0-7+Dnj)2XYLx9cM{yg>N
zJ2}gYie6q{e`kOFz4yZXbnDofi4!LtF*t3_{)FB6%SbO;K}PYK6C1paadw!k0V(0V
zXc|3)W-&tuvo@-B=I-6QS^E7l!kYA#fX%72jOqSs0UOD%IpO*GSpvBK3Wklb_o+w}
zo<}k2&Qv)i-Q@%`F$9?MNDaW|si`Ma?izU*={2rD$~|h9vaW!Q0Be$T!SeX+BQkWw
zE&-bxZ@iJ~uDgyED^@V^(MNIl{nCr(-FM%iZ{L2jY}xXdjUpn>rcIm5C6`=6g9a%w
zQY&ZIF4nGH%bGQ75XPn#^lpgL{Y{lTj{QOnA145t?f7;*b<FeI4tZWOY=#YL#hj_*
zj=G>0fXk)hr}5%rmvZm;KC-^=og^4G%Q?Si6TbWK)+(D+)yp&QyDbbGH;u0C8?b7&
z@bocw>*Lkj{O8XY+_yPjzc(H=XsA(TqFmXYfk1$Z$4uqhWohz019~++E86>5<^44S
zTz-+8{-fTcRcJSE=y@fdtp171JKl-QSH!ODO}xAEDJESqoraM?t#M(v`AgnXmhSk1
z1V>}Kqz*z;g{izS;512UrcmiIsRpakzvYc({{r31fS6RqH*8A>A#-qwQkmb!e|N8A
zkE@slaq-+2*9x0v;^)FF=A|6q)ycySfpX{S2jJ-a^VhU@<-)MCzZVvJm^O1Kv%lL{
z?c*&#kDLG0Tt@L*%o^Kv7x9;8*GT4!V5D5sH<@cMZ9+nfRc=63?Vs6s9^U$FI}3lv
zklr!^#C!XxKEy`a_-O8K-k-Hg%AQ3>SQ$66ne^xoESak16PwiEugT)gPj_%2D@Y9%
zz|UJx_G0U<Vjg{IEqR3=*~Sl!Yr~K}iIUAD>c>?cV8+*bnKm=+u-sZj`9#@o9o2#>
z2B#hZYwG*QiGI(dhs}DyusQk$n!~0ux^Dpk+Lcjm7GRB&Z{2oE51As@HUx;?+05+a
z=CER#nT2%L@xQkcu(^FvkYO`-#8J=xaNceneR(~t8V3QJ;CN<m*FRSB&58^jy15NE
zjTCV$$L<gResd#l&PZd#zy>^dZ>K|jR!IE$=`?b#^st%nQh&)36Rep3e7KEvEhBmH
zFI{mS0zPZzf6=WANlO=i%^=D8I^O-oJF#<LG0(icnMEtJxarDf5)2aW=jr%99BsV#
zwd2oME7KV=tQ$Z5^b<Evn8ucEL6+U+!$SDiq-dHq4Fbd)HhCC6DvJXdl@VuSuXXa)
zt9Ac|h%v_RGq75#gR*PZD}3@v6i-bYDaWST`q#N~{Gi$g0ov4->JHd^c_hOo`m!p3
z%@N0IyY*zH%JuRc%sb&cYP-kD9^a3`1SRUSxhI>!NnLl6fXzwW>nylv+WrLgxQ{L0
zA&V$n?kj%8+(H<-i@z%xEkj*II;@0;Sa8}bl9^xX)hYJq6u5QL+)m1ckc7NW{2Y3}
zD}WkFYY^u0;&&yp=8Q0Gx^|&&pWu2XBO`;kv)-jq!WKqe;>1u(F@%hlp^?5{=jRRO
zcs&6eHb2fNCtEh;5FcgGyI&$<Az(2Xs8)?_X=Qx;#eQOABk0&6i79Wd<CpbWbnD)g
zrY$;9SX_q1Y@uh*eq>}8^89npv2EKf20ri@jfPx-7UIN|o56;+Uf_ub@1SF+cFdnW
zn@1o0JA3w}bJ3$OlhSK2N{Ah6*+D+I{~n@}5{Ycr6=z~&%;tcUqZ9Ky!8Vcpl{yGw
zbZpD^ghV>gaS-b*;<G9LrT?wBVKs;2v>3cHv<pwS7)Wffm2J)<o?AbQGR2_zWjAyF
z{STw7R$>hwFI;~W6W;lVGSy1J3$q^>&7DO7+F2qfR0HgF8vJwZLa;h$dif0ux#JND
z$hpdLnfKHrMo)g3a+8_j+#I$%`&Y*5K3cf~_{)9#h?kdkti%%@O{*)%Fks9B_*E#|
zvy~q{|Ab5Knn=0DDgm4WQ=jIVz&`pn2xmo}k4fLIBSW*&a=<W#J~RopYNue^7Cb9v
zGj4c)1`HfrXEyQCUd?*I=JXC&+p`rig^lfRznxR3>04yMdb+OuzgjD0Q=5q#OuF!N
zOy7R(^soN<`sL<1^S%WaiN9`qnEv7eWbNN6eZ_CM;RXf`3a&kmOa|Gdo5^?WpuoM0
zqVj!|dNU|+@5UE!;R}?Z8-C211G8o)%-R5_HGwc|G7+{$MA@4W<7h>Q`RKl~BKYE$
zjhhhc8j(U9_eZmd0G40(d{wXS(a89<44ar!YN}I#Xr7VZCkfaX`=1>H#<N0gqSlf9
zw?08gq9sqP4%qB}b}F0z&{QK2qvrKTxkt^%t}9@Zq%S8?05*p^fD)YiSGaB;{$25+
zpT6U|P}5DmlZPI9h@nG=$`|pn>#vvnebc6m{OxalW5|#p+;PX9hab1x?Z#@e9cGuT
zTepsX{Nr)1x@t6|M~{~0+5CRKoH<i2D7tm)MvwN<ILp7O@tjA0zTxAh1p%Ag|2#Ah
z9Qpih2L}P0&tAWtk(abPYW>YwC?wI|;l)Xpa__i4vVMb-Xv>*7<pwUlsLe6+-?lTG
zRs)}ta%-NnClPXNSKTq48S{Q&%Xj}r%O)|kw%@nQ(-?B?o07#dck0;Rq<w<}*Xip&
zBL9q>QqCXs7Jupg0%hJZGK;h5+F&I6OVjx0{9CxH)7}5i-g$smQM7IN-qX{2NJ8ik
zIsxgBP(-j$R74OP#ZLuAvG;<?XV=g2i;4v-U>Bu`U;(7}5_%^I>AjtP_P=IMIte5Y
zFlgqw4&j{LnVorec6Mf-_jz8fi+1;)%)(^8-T6NTwi%6|DHy%RAm!0KbYAE*25e3<
zd6sOBWNc&JmN!YvIz+#q2xdhOK`$2D7a*Oq6mX&_kLBSfnf2chXmuju>fiHxUWofw
zSN$We(7~*E`&hoVqEm76#@>=i5E<^pC*K`p-lAjjE(%7?)ElC>q*JhzcBotr5nt-3
z-xB!jry~;J5#9K;hr83VsV@(`yoIBQ?zki)FKxnvYg)=+>J{&kdwfaDvhv2KyV)F<
z>7HbG>G|Q^LG0L<$&+vGz;1V8&}(?^-mdiO9E>6Yr>H8qg?8rtaG0O}NRatT<ncvU
z5X=f8DfQIU&Ukwn8v4gsJRd?M-YtoC>J&q#Rr$}b4Enb(!m3wTRN%$$X0IB9HR65+
zX`M{+$)UH06-^E5mscnx(aHffmEO;LkLEJ%g-wVUG*8~yk()=gEPa10S(V5O@5iCK
zR6d^Bm(Fect9(DK-I~fh|J@?{;1hRtWLQ6;;qUHmc|{H`8NH-f5^Vs!K6)~<tvoj?
zjuo3yxa)=}`Mi`pCuQ%?%m4E`M-mEH`r%;OG#3+S@jO*Oe{ecoygp|SpZsu?tA|AL
z!n9~iLKdxpozDOK<7~&b#cPgn<u!d!9lKb!<~we`H-&?T-SUaioeVtlh(9B*^uq2?
zd3t6RZ-0<iDvcK4uVLkqa5}YjOEqraWy9gr(WRq;(Qrn>h|FWPX?W{>mB#+vxn*>Z
zD#x$-Fuyw+`zC8*5TMPOQjGzd>?IZ1FM=TxFuV+~seJrQ7p|0FoUUdrnSoNCVRNQJ
z>ioEHb$<)1_E{zD@`?e`>ikkw6!@<LY|3KTRBc`bv~F<54bq4JCFTE~=JyhSM&uPQ
zed(B04BC_jY9zzvRCbNn<Uik%XfZMU$<E4P?O(sMe)UiE?&;#%5utb(3*7G$QFm2O
zR*u5*-%qk<PdXi=y@=@<LU^DFoxvR+P8Diys+OEQ9nZY9lg#W;TDJBk;h10*>j@6&
z!ML05rd@}Q#V-R5Pdxc3-_HArLYs^0Uz>$r_r5qC1`2j<!nu1j58QSOZQ8Wv?kQ9F
zY2hMls=~w%zQfqEgN$KQ5Vx9R>$eg;`g&CV5L67fv`(oIhCz$!a-wmGcsAg4xnvv}
zt)gO6^%SjN3gJ!gX%dA-)e@mG^Y#^enb~X@jjSrOGdJ;jUV@BqdHcLSaWrX%Lv_*2
zmd?Acyu;WhAIG8b#KURj)3Jm2ar_kgta_5vd}jao6HAZm#?v>DF>lPp)V3EI)q*iU
znMI#}!R2>9g;TZTNJ(P#Llbz`+lLMo4LL3sALgFqr<`QGBU>``@t5%F5`#{h8^51*
zf39Zmq`R;yPVx?H<K(+Dcs$ZTq!AXUT6u9@9JZh^qDN1l*G+ebs6C|YT8Dk(a-O{F
zHrlpzJGz~1sx4rXl$6AX5hI9+am$D|q|;kK05-`bfK9n&Ov(GdWcgiRz6a*i46qTc
zKGO15j<&kR?XXrnpR8}~X{e8T+TL(~+^?vAVt*(BY)VEV0o;gv**<;xND$|ICacv-
zN=gdHjvePje0+sVc{d+`&cm-x`(K|HX93tezwq{nI=x{=U|>))U!U?CZRMVfvK3i5
z2(6wSuO(okCcNDSjZ4U%xudjS6iJ<|G=88WU~}?+;(INaK^4nTPsxAkHOiZ&PoJ1U
zU3<r@7%+S+Q60OT)@lN*aWicG{^VxZOym3Szb7gxinzEqhF*7FX~l#GYy0-?@%44<
z;&0!+jfWq8h&%6`!u8jWEj{nAzgE$sM^8LGML0z_V6$P}I>f^+%54&C#oPRAjT$^+
z(r3jCn~E`P%4hC0^eqY4ByV|wun>0)fXd0uu=$L)o*hxluz~3_7V*xUb;K>dk4|kH
zRa>8g<XoEed07HAg$JIOl4jADzs>Q)Y;yOM?lqjYJqM3v(00%pczYVi-}hXN+I}&f
zl$4gwz_D|9aoG19%Q#4M<dr=9^GI&#^(bF%ewDXJ|0ZV>M>2O|S1tG&gQPT?Mx&Jy
zXYtv4Sa<XnHl0|)$=s8Kc{C#1ngIVm0KbjRX<_aqSI|A6`ulVydkF@Om+tg2C8{dp
z=j6k*ygQs>v8~Q@iH76lERdCB<&8P}*swFbl$9bTP<M@Q%QcrZVfueJv-gOQAcG-&
z!kIcgiU7Z|7&n!T`R9fdKKkx3sTpRO=hcTUkwM+3KDSXyoCyiFyKidCu>KLJ1Pw1K
zOT@2vdG>BrZBCVS^7k?D_5Wh!ck#RUEzsW}<B4>N67PC<O3$|N&gc7CyDeRQ7i=MM
zu4to(z2jlha{U#}Bv^Dd!H)m!9Y;!{?esYXuo29<yGNwar)?27MPX5qH;W5>FxOB9
zP1x0_xR~abO;4i*A&XX%<Yw5cBrVgzfnP?JW)aeQ3w{^C;Zcqz7SgJjHw)e#P>#)o
zjFI%vtK0Z>Z8D8RJ-F+JHe5HXX(@wK03@INbd1^GA0{{7&d9-yd45`#3T5OM+37ZV
zX)(hl7GH1oxOF5UpSzylOlqcuPiFR}dxujQNtfULXE9(isF-2nuD+086aC%S$56om
zbkE^j{`=u>HpOM~;KX+PXH4s2W?4-v_4l7M^SzbadGAO9{o+yV3rR^U;`&=tS+_|r
zsYJ{xg$M8PW#&_XWMn#t?w?3%x;u`QNWFU)`TCPknl{l<Sm@%T&+@r)SO9HXmz`5x
zE5#VF`+z_9J(SKTuZ*W<)2hAE{(dW+T@8{nF$mD+OsVF8%`zEZrK~&w*j!!?u&I3f
zOjoX$U!1LG*S3r^U87dVx1cJMmB68KwaQhOCpQ2#r&_ZD!$tr!<ykfr88>CeihmcA
zjZ$_^3CmHmo7n&WAOJ~3K~$z#XR$K7<^nTpdh`%6Z2GhE&t>e{`6Hb=fZdT#v&L{q
zXCE}G)y=ZeC@3<%icYfERn>{pCF0l!sbLk3qM|Aas$IjOBU%>xl7x5Q05bEmm~&Im
zX^jlK>RLK=>4r`xWQ<iT78?^L-pU`p|A|j%ORjk4ReYm6qjBljI{R&I9MGB3!-k+Y
z=ox*@wQSt91&@%XjCt)NJX^Ivb!k}l-YfLKb{sTnh65J{jf=zs`%#N*s0OW+Qx+m+
zs%pco*VDLFJ9K&vR7KCyr*3Eb^RJPECr(90dtejmrr*!)5q&YZEWCK+Hxd*pI*pDe
z)*m3%X2RyO!`5HPGlde=u>)Ggn?`B@|2MKXD_;E&Z<mn*YXPJG`yhwY)A0&w#2xdO
zk?R!%)*{sX8_2Qi3A$tedewq9=@={S7{_aoEeS7zc-6|xv;%B*m<evtg|V;A#vI%P
zr6?Eko^2GWI>LL#qQy$Vj=wng`eVG%s|^~xj?ea-<m<SD__c0N->FX!-eVv-r;Ef5
zzvA5a7w^CN5}sb?7K^F2fQ`vy;*LA+sLRpmA6?dgREhzc>Kr5M*YC{|7SQhC`=`Ap
zc@`(WCbxrRRzNh{yF80S?^BIqTK#HY^$v&)^{m?Qw81X*-7fRrdVsW(ZdOa><nQlK
zhYlU&KC1w4L>#ha&6=I{m@B}U?3^63va-m?$RsBxr`oc-n#H2^@UPQxp>IoS&#)0S
zoVVwV8H%Djd$DT#naxGy7vycv&&zw@>5(6tHZZ7M^a!v<tJx09*#|H=>uz!m85L!c
z5`OpG@+GLr?|zD^2(7G|rAlR-lD~>;lrOkfzX3B))n|u~orL(DE(x$kGHmKWa$%By
z%>xfU#IRw*B$7JfilNwwiqM5eo)R3}<#I7?+Fd;V{7iy_PxXv;<!0k5$j37%6o<nh
znLE>_O`~<V1z-DLHEMBf0GpiM&*JA(7HGKq1x^Rp?EdXOI!09w1SBTs(xeh#)Be&o
zNy{uCbLTTPYRA#|ELz3BCO5)tN2&*(YE)P~KB)w-d1mke3T@d0dNm=>oXy_U4Rnhf
zOcVboa;+KUS+fZCj9~ML<@~twefqZOP4DL23GoiXpx0s2YH>ML-umSOHl_Z>kG)6I
z)T3em?GiKO+ifgQJ5GY7fKY=cBg0$bBisfnr8f_4;ej?iYHht&bGPu?M^{OyjD}P@
z3mi=-;EhlBvhS#HJ9DR@{ld9_LVIp_a1D6{HYuApYDgqgZitfXma3B282xd1yp&oK
z0oetsW$sITiBB%#nYVXJ&_u+mnRatq84skoB;w}0^3k4Bz(z2BX3glukIUlu<cA|t
z(n`okJ$zdSS~n{Lf0NS8y!b(!1eiqX+CD%sB0l==P-$G9$S_X{M)i&kY5;9&*G;Gj
zuo29fJFiG*P^SVMC^BBnm-&7|Af?8oi{3QdFOwJ#w@g+|Qwd-r;=DvP^O0b^+2$lC
z&xT-+2`RC5t$g|Zf3cVhr?UO*4i~pSvynC1(q-PzAQR0a+*7GzCksi-GRu$$1ABz>
z?o&Nv{HF3r^zrCxe>nxP5$Alf^n_&E1P2)T`TqtI;9GI58+QAji05wUhZO-Ek!R70
zlY|AEXxGvgUoRc;DMjo$kV96kjrJ{ldHabTw2VBrO`)3FxUSB7cg{LyzPE~x-@lY$
z0}i0qSx8NH@Y0(({P1%TNhxj#w7xx!JoT_YA;DViekhY|JFSvwBlctOo9fH!GlMvC
z+|Kp4rjecrAHN&H;8+a?ebpeJOI0|YVBr48(;0M0ZyvZkwpyULuG)H`%W*So>JqS7
zF$fKVO55RLr4lf>bUmVGS2}*C23N{2POr8Mm8-?jeWoJM@^}FXPbq$b-#*Lyb(gIc
zfX$jUYZx_Zlw8<PoLCE=wz{kBIhQmy@eB+b$&5J{hK*q4h&M?|IprkLN~F-r$FM0M
z%jP`Cun~Zbh+#8t-Y3|tE4Y1PGyYtDSb{0TE)BukBx3ccxU@)yrcUEQfRC4C(q!aX
zFdFUndO1<Cp}4fzZ6=odnvJKgAKP~;bnSUFUAta_POn9$Gn6twg;PpGLITt7p2q5R
z>j{q@K+Lo!@M+Tq6E2oNbsw)kI+d6{JxNYU;g(x&W#_h?gha<O<dNs`Y0?ypQ{|Uu
zA7;qZ`!R&Iz@f8|zIz?p=Y5GSFH80d5xY{==+U`UbWxqSbkcq3yaUm@oP2!SDDL>b
zPceH0p=g|}o;4HWlI27PMS@AoqWv4lR;;MHVD4MF4ztY@hw5a-jC;B9h1bbYO{i$`
zNjt)4<FDk_)?F|b*|0cm%uCr#x=V{^^UnO|({Cu!8ZhVQvVY!edXJxk*)J5M(~NoV
z7S`Q2g-K!Ic-a-=RR`Z@oFHDO5Zq-TH@x^RW}`O+=_w@rv4pmRE|aVvit@<({Ra+x
z{tnmo=|Z92$kJ{5*mFFA@a}yX_UOy#LRz5|=90YfXF~H%^7@O<;W|Zcrgo1{17K4-
zd)4;r1F6Lfn{pW|D+E<8^Y1zyn!c89yWGAKyON7Y%yq{H70E-dVQ?$=dV9r@Jc2xR
zGX9rH4xM{`sB=^u3sM~4bjj=F`?wt(|E~6xw58$t6&1tkOaE)QKW+=uwtvolyL!N;
zy74M3ER4|5P#Lo?ARqugKR*Px)4qKNY<3$qs|}0Ag4t}Qu&9W_!a^Aaqc+K_S+OKq
zrA)PLU-|5PTb`a_6PIM;vn~14K3!QbkGb6>nk07zBwz#2UJOK<sx;fOvNOoa&J>59
zdv@gP8qosOgb&)FQ;Qik7eutJjLUcShMug1PpQbTNq&D0C=<&bjWaQys8EJ_O8$z+
zD|hPJ05;*S)kHYUOQQX~1g&gW8&uzcczSxXV&zH($HtHze+*qj6BI*PFkQj65%Ok>
z7A@rJtFPhk;X|};E%f@!lKuD*3?3f*xnVP-M~|kcun?#DI05!Q&}tktx*a1X3x>@h
z>_=x-dw!>(Z%c+vPTVv2`3fndQ@hdPKLx|)b2r0gQa|}rPoJ?^GHiA)pH4@?u&Jh7
zBqrt3r0*-m44daL>U9jc@e@{VI7;sBXYlqE`qrnvZ<}`|(reT#dUR>b=7o2k@%%HD
zS6`2(WE3!9>>S3odz>L{u4C!J?-|;D0&lLko7?(6ho|0$baNu{83$Q$@EgW;pGcd~
zDD=|f(Ixe&#S7$QN(RYkDZIS-A-?E7^o+4;gw#Qv!$y+1fF-F%Nhr$a#g4J~mIH1!
zq$RN~H;MaNcb6c+=~9}th>z0Z7%{m$z4}HH7~oN({#sw}%lWRC#pWbC*CrV<as#{g
zd2l#gEd48q|C@IZv576xrM(+5>AF@-cx=7g_!hU~@|Xyw-p~dg!6c~SIn2nh^6|Ha
z`E7l&bbyHn^<d76ec8AxgBkC}Nx(+12kyQpic5QkNr%{~%E`&M@#@EWWl(r=-F{s|
zc=Yy;%vo?mO0J1Z_vjSJJvX<bNtkD8JB}w6^4RO!Nz1ah+t8<xl%)Fk&qTgjd|bxQ
z5wapZItOvr_$Zo+&G|FEW*Ux{+Se_K=EFzJ-C&!Khm#uzWHGRFzPy*eSv;AWAAmTo
zrpa4zG08WZL8hWwkGDb+?bgTFBVs4XxXr~fcw(a}B*4fmS2yRXm<Ws_PEs}ZQLw%i
ztxV+ouMZ>2v)kQ$U4Zt!-a76W)0&Z&HbyUi;7acgtKG@qNq^Eb%#)9v>s8^o5K?Oo
zzPg<)d$SlZFoK6CwJ+XCbHDd)cyO%*GUvV0mljRDOY0|qo-Y?2Co|V3rT+vtDS%I-
zUPHGI0ZbhiMcbA>Xi6G<k@U~Cn@<ok=0h4sn0WjFAEr)rZzu?RZ{1;K?)(Bi|Ed6+
zT_re3!=M<GWYv5=-$l>PZ4eF_Nog4@_{xj_y_d`Exdrlh?%3XwhwcsInya*UdpS<&
zc1dX_-ubYAxa~&1dG98Cz0N!jIN#%NU6-Gv6%3ox6YLM}+0I`}zGcV8HG?;7SaU{a
zu$n%<b$y<i`&TX30X2L8RP_h++@p96sHp#0*A1ved6}7+(!uadS^gD(jWEJ#V%SvA
zwkZZ`PGQ#+JC&5iuqhY6<^nTpx_9p`0h^7RH?d>ucl7U;M^J!?Z97lWx`m!z-2_Y6
zj;hh}`^qFvBpC_xZ$wUZA&QbqOkW?`v^1iqHdLpMlgUPYTaiecC_mP2(9*g4ZS;#B
zP_7%fUsU4Vv2o)jo_z92cI@0q*BkDn<Cw`9gF-PC<+0`ep5uiFrqH8nH#Th9$bI)d
zz>xz7=`m?KZLhlpqfY=H7Bhc*{0?15--1tgb5xy^eJdAIv~?p^M*%v4GU33XYSE)5
zpyxnZ#aw}EG!lfB&!2gOs~&qA#Un&AhW0K02HoBr_;`7tF&a6UoPtB^#HtHr@FNeS
zS`7lnVb=9ma^JTL$iawRQP3Vg$mY546XLQ+SvaSnkYTstFnZzNp*PXjkCUt+b51hL
zXFkuE|Gr9*!4reiLC&GQ9QgJ#g4IG4A@QatWZR0+`UT+IC5Gr>*W%JD<eWH8+z($d
zc*-;iy}WSb<dVK}F<HAe5fJ2y#bzfvD-XNIKuGi@bR01br{YOo;xP(V|H75gExB>r
zbx4xbnI7uX9IpvrGk31r-&Fv(4Gf#w8GC;UB$fH5)h_b|JlnV62)(vFjNVbe@hmHQ
z(@u405&%u4pP}@)uTe|)NG}QIoGGOS_hVa^8f`P4si=$KxJr=?3T-MO-W6>lmb}Ti
z4w?j1bjZ308r4w6dTN2M-+8cFhD~j%EEJG#7=L4JvYhr@&!(|xL=2lcO#NG(o?$a`
zb`ookT0o-?=7XMc?NJ8UC_GznWnEIU>L&K}=Xh3DCIYmn4PaAR`{Yk1qVPJXRYwG_
z!y9zYMX8#}O8Df8fKBShb5Ls`iKeQPmGIk3%TO!luXMa}oofTwM7UNXK$}|cDAo1K
zyj*#zs*q1x%%*<)v|s^at{I8l$ImSbP@Du~M#Q8s7z|SC%*V$^BDWP%ejWw6dF<J@
zkA6K{6KG$8R`T*|xDZBV#H7#50Gn#^xh2uk$l3igem)}j=&9u|{^LLyU^BU|w6|Ll
zZ9Thxn_kSYsk&Z?$vHIX^J*DjW6(0=e}D4aTYqrpO}+TwMd7%4dc@|@mzMGB2Y)g5
zjWJ9ZBV_U}8UVCb_e%tv7l6$r-b0w$^FEH{#*<*P(=;Foz1D~m2U|}3!NJsR+%s?{
zI;|G1(M4WfJ}K#`>^`}L<CzB}sB<)D7k4yo&F#&*)OuLho1e+t6MJ~BeLp<3?#WVe
zVF8Eov)PfKPIGTR`UZv*V)T@~<zPWJOR|sBGA5Xh7i~v1sf-)ZiMwv?C1XtdQ}5Tg
zwo7b+o=h!d>z-^W7k1s{P3RjPEaN?i=g{GV-_|Da?iU9UppHnljA~AowgEiy`VP79
z7f(XFR({+$uC<gQ6TnCLdYLT_ep{EqyoJX|&$h}<=9@=0XTr5D*?%;T`(E5C!65Pb
zHJ3$l)5zuo_zG~j?0FVrn$_kYA;rwB`3Kp#KU>!2`YW4p<M3v@@#%inZcme7(9r&2
zQWh#CP?RAe>Zt5LlE(utZ$mJ2L>hZVGj19ssKyG<ytAvcJRyyC&5%gOUez2wZ_)4m
zna_D$x6A3$NJ+GhmxbW(?cmxz*$nQIkD`Z_W>4ni2jHj$SQDsmGR`}PK^|swB4TkZ
z?}O6?iOGdhN?*i~7yVhM6LC$nc$%~r^kOsV%<nPLy9<l#oJcAnIlV~cYuw00c!;Mg
z=XCWto>YKNqah;HghqOJmtC*O;*{W_L8m1w*jV9sVoITm*Am&t1AV!Aif7Giagv&4
zCO)YMA@AnvZ6GqtgGNCf81%)S<27hkZS8qJ&$m0A1V_&#ufQ#VcJ)=By!&bpVU2V$
zbcIN%X->ZQCZCVy=987<BELXoaGzHE{K>6SitdXacQ9|!Vsv_ibsKHy^%`!yF@hg|
z&ZJFiBTqaOM29wZJUzf-Q#f+MlZ8tPShTo^WuH%`k(6RRbALFWb~qo`7hp}&833Cl
z-_AjNP?YC3t^2Fq?$W4v>uV{Ee1>U<LLx5B6veOil3Gtt&U1zaz^0sm6@@NM0~p>V
z!cC`B6i#H@*qvO+u4J=}@zONNlbDu%Gz&D9p0g{(#*zbt#J2F}s~aNlHEP(EYGcg_
z3#;R;@|c`3lmIuU#ISL}d1lzS0h|6<tu|J#`kh02mf#nVO=4mueY^WI;__fntvFO8
zAIv$*vBc)&=9wwXKg!U7z6=`@M3V?3s>6=OY~r^S`Dpcax^?pA(|K8R>3t6a248kc
zZx!#7S+hRi{r5j0DLt9dPrpN>m@9AyU@T!j=_`KZq1z|WF{&*uzVZ@tKKX*2oLt8J
z?<2gs^aHI1L;NweY+X&8*x`5vHNvH+C^joPvv}{SXk6gbiMT*ooVZXt{ZTX`#*H2C
zgm_l`wTkXz#-a$1f0queVntgZ_c(BAG@=Cge~pNX<L`~mp&`rw&yTu_yT1O3B7+vK
zQ$_EzQk0pB(`v&dx`(Pm(Q47?6nsL$Dbi}ts|K_g$C*Flc_zI59tDbCI$9_WJLa^L
zIGq*=c!@Q#OL1WI^28JnjuSl!4s1scux9Z>uA2TRg&GBy&51oT1*f$T6_<#Lga!?I
zlNZK-0Bi;mV%3qpXB(C^%X#=eH_$n{bLo8fY=@7U05&sbxQB4@w*j!Jouw}Zz(#;H
z{Wnd;!;(sBzMZWn3o-P%4SSC}OB<^@u^NxxA0eiN4|bh5Yw1SO?nUS|iu~<NpiP#4
z7dBoZ!e0OLlS_pahinws6o$9gp%V)RkyJRI<zU$XJ7c1a1bLkq==$edtD%MGYJmp8
zrp$t;2W<Xj44d*DOHG;|jMn-(C=<@L!=2as3X_%4iIo7GxwTuURVqVGt(3otYm{$O
ztpOXSkO!+@8+(E(p6@w|y+`smapDBSMvcOziml6<C4)vo($S-=_~Q@myyG^M<k{#I
z5r4II?Y#Q-c?dZ(`{5VdssvT!?=(y>Y|_Yyd+PLn&23-s)-%JIUIN%WCm1&C*}eSU
zGXpk#UvmRC`)9~ayZuKp=sfHlbUF>Ye!Yh_ErcXo)f+Y&cf=Dr=3@*7Eh$?b$J_It
z3jm0X@u9bT!7z_8bPDN6n0I65?fa3K&eKRQNW{bF#r*Xz^7xRq(ffLmU0BG@J^MM4
zx)8;6h<4$9@D1rfzO9Jomfgjg0b}vkmod9)*8ALNrC192^u%tSXxm$Ucd9CBg@st0
z4#~*Kci1p!wHz+Yk*ukoQ;v{m&SyYSW1{^+*_oS8R%<&Sy*2`!u4Wswwe8;*^Z5e2
z*tR#DAAd`bQek2<_>v9*+;&|n+P3hOAj-a@d3?JxUNT|C-iD8tj%V-cL~@3OH|Fdw
zy`4sbhS=^QTzgp)S~c~S8`~nLQEG;jwcFBIvPyV|7RmG5H1m-`+M7jql9^-U;n%iv
z{G>a!vyh&;c1R?HdpDARi(o`ptPT#x7m|`*gxEm;epx(+PUOq;@0-w$m`j3r@~vGQ
zIF=`WyZ(x%+%%%OWI>4gBcvZU?9AlpcXpM^+uk{@4Od?pA>&!a9n4|o2fInna&H(5
z$*D=BTQRU_NR2o4FXnzw7aPScm%`@5UMyH2Ky1f+26f6uV|207?9G=20a$7Q)`V&u
zjPlH5kVgR?a_#ib+erVn_m|4;zjwwGW`DH>tJN;|WFs4EnK0gm0sTz$>0!jHc(H7?
zsbpt688<PT!$)E2Eq!?6?g0|Kn()AP97{S*)25yXHGs&VCOmZeV3w{rz}DUIxRgRn
z9)c;QV6&JA3k+uRxE^$D6Iv{R_|NNS$=U(`Ai!qJ92B)KbibUa%3BoapH;%5-7lVc
zmd*yS88m1R!n^)rlSez9B$}Uxp7~Sy5F2%>WV5(sQ@=SV0h;&6R#XQlxt+NdC$lzW
zv*chAUyX~PiC>wg^x^|WOkI>lu33Nz0-P!SR03`$`t6{({`|PzmjE^jigcXYv11dz
z{PGiu<{0Cz_M&Ge6ArtR6Nw7T*Lu;i?e%QgypGVI-P|&^5qh#woi6eUbo{j@hjp7X
zXxG+@wk<rF|3eBxhCj-Xp;w*KyIoEfcicIJg^QM;_44MrneP$QwGR%lNxAeJ`h|LN
z!|-AF`}%R+*wL(8y9vE_AY<R1gJ+8_xU>$A{Wy<=;|J(}^IaJH8{yD`&Z&3DqtR$_
zxE#1NDtbkWU3H*QUAR;oXdN8-=mQec<GK35XEEzcC{7)A4d`UN9)}xv5o<-Kh|MGJ
zi-J~B@ku$(TX){Z1B?D7%jHDtRB#GbjmC*i(Mwr40i6iINR%T&-sw~a+M*(M%%8)q
zb?dnEqff}u`bb9}oq%IhCt8gTA(5%5iUe%LT0^JNVsNQAvywQtY#|Q+AUa<;8ixWd
zbZ#cAiUgxXZMCZW1&88rJDKFB6TfmPt(;~ay!TFg{r!p~il6;p(*W3<z3pm}b6*Oa
z%n_>$x1(3t-;!Bq<=;!bpZU0uAoDFahHt@P^bP^^Rh$JCnHpg>g^}ki<OSXRv#RUI
zY@Ui>*ofFP8{-S0c`WwJUn?%JtbV#5Zl${^QOcnmYJM}vv@LM0e370(R{7iMk^pSh
zcYCc)+wX4g+1u}Y<QL;gp4G|AzZc<aRJgvI2d#p|bF9cch7Z=7IhJALiVhwOZex(j
z9u@CP&F}yDsDEAd&xZP4nEv_AyY-V{V`>_M*63fS{X4d`a@rU+wPe^_JPWjQVc3)(
znANneV!<V3(yE@}*5s{rUe8e`E1@@51Z>jg)ef+sVj1cw`A@w@`6iteU{jvwT+*#d
z3jLeD+gx5){cm9Xrd@2<uz^umUrpndEz#)pazZM+tV#eJ@gfo*t)h^Vmd4sut0V(w
z+TByICI5t<KEBLEwP?>HFD~P?4_7n$<!iWoygUAgkc6>2UB#QB&}ry9#S9w(*p!n*
zD`&sOe+q`p7rgcCaHdb{D`z^>XDlfLY}$raTR*oXS}|aA;90r3FY>?g{%Rh3c^O`w
z27dndW(M_X?q(Jgw@++PuULPS8}Ip+jO-#_d*X8L|4;u@MJsDz54Qm-@#5>*_jl%O
zV(%g&w|BY@gU*v8hn*=apU2Ou3Ei6xrk$4`y*u~kSbR3|M-yqTT|&puj-&*S#-Z~=
zRkUQ}C-U{mTX?5)ncV%^3>&M{6X_n<2v4m$Xtzi<rxT0AAzv&4u<_899jknenFls-
z)kEzVerdVkuAbTZ@9Ga?lXK}`$x`ykQ7m^RST50R{b}362b)9Xz|lMo9?y3(U=&5N
zSMD6wiXVPUWZuH#70hiiXoza=OWT&d`1|VRChF0ILiQZaAt%qRr`jmk#N^Q}8PqFO
zdcj+5E(ySVw%`~Jr+YLC^fS;o%AXdIUJ_8v$g)a+M&#|#%1;K3KbdNl8@sPQ+?B{i
zo=kgTE15Y~x$%1Y^(`4atVwA+9f#e;;#En!^Tk0~zVM)W_&@EXESdmuh4j_8zs587
z$78acqTG&c{FruA6m6P$yEhK%;rL!^{Cd)#bBnYjWg2K6YDI5Q`NQnRw*`LWxN0sZ
z&`4`%q-P!jJc{rVF1i=Nc=>ldzxD0@pG$p?oy_5jWk>k&r>*SV<(_K@2af=M4Q*QK
z>C@B5t>b*?+{qx9{2hAb@W`EmnYUmky}L&8__Tp?K6CJB2I-lFczEdP+%Alu08g>I
zMt+f%%<LkH%y#+A3+dG$e^2Rz@lU>g$(nx<U{kQ8mg|5jW*myL1yz}>cz20AoB7Cv
z%F_VYxGnwFls*iP4zJSeOLk{4Z)+O!Cv-UDZCQQ7%+!Txd^I+l&W*}qh6%>ajo&5{
zpJPV`B~y#Rn-b9GJTq)W44Z!a`W0_wDiWMnvEom5@A;0a21D0&Mr=ieGA@l(GnCjN
zH?V&FUu32(<+4~ajf0#dr)$`_0}dYxz{ATQKR+<&6tZ$Wh#5GNw(Z(gu#Xrg<Kq*!
z_n!M$y>>0$0l`F%z7gLh&Cw`EcK@<~%cCzLs#y~h#mW1#-{$D?W0(R$=stcD9wE&@
z>te?bUyze{f}SI9z$>zujI*Ov^*9t4dh|H80&h_;I9<53E)<uFLs4W*o{gW(qA(|k
z!MEInCL|24h`*x+jRagoOde5|07UFKgoKkr@K>DV?%2qtWj`_Wu7}YEgyNKJ8sU^<
zmk^3Z6$}|6#O9K}<8nwAjq~t+)_(srm<;s0Wg><~Ed>@N0UHT0xfEQQVwq8q&82Y*
zQdsiIIkby}y?Yt@;B$Dk=z!hjz?^=P%mW7`Amr4zIW}&<#wAq<v~~+*rPAD_FmCwe
zbcyaFndidx=aOm**nIx^=R`zAuyEnRbGhulCT|H~Q(?j{?pXy1?n)ExGaL^~UrUF>
zA4o<_O;etCD|WVj2=TYn%M6I#_d1a&%dtCE)*R2r=G7R-4c}K;KYjda{8l_l@21|8
zWwWC1=Qte>dT*LapfmHdRmt@4!iH|e44ZRofBE`XIidd>%NLjaW}BHcM=f%FJ2=XN
z;T;U<wF-NZ?GmsNKz`dsdamzgBFwkE<7cr6|Hk^e*GK2pKO6F2So?ijZvmTFG)5tb
zR=e@-bp0o`^;t-wJ-c8^^YHMHXFWW;Ch96}?ul{ubnnpma$LxvW!Ex>O?4x(s(x!A
zLwy33$51#s_xGB<d1`x}kShzlp%P&8^&Aut!={F*QW<JmrTkS~qkPGI`otc3HDLe%
zAOJ~3K~xNi?j5sY;PA0TbrkYf)u(XhUqrYB!>0ZvyXr-u-_0C4d>n6YZ@&EUOA-?k
z>C~wcmt1lQO`0^3zuRm!($dn{zkfe#*RDm#rHvmy9=%>qkM5V?NLzrPwj5wni>9vM
zmO#vyk7TTiJ8$esizWg5^xHmcHV0c5-z7`xH0<4ChRu_1z@~~MCDCsClDD3@s+eH|
z)1MQ7%?5TazlV-d<p7&X`4f}#$^e`F&q%L&_j^ud@*_X-`48J={X`j)$6i9S#sMTG
z<?#NOn>ctZQ^qWqa&s@<nK8T;Ex&kAEhw_l=d$^HciA&iZbGoN3Y|8tT6{l!n+)K^
zq4!g$!1hhY7!kY^yD^N6z{{l9nN!hXbvTGi+(29FUv%-UK7f2pER=33;<JQ3Jk+LV
zO-?`MoVSl`qwUS1OuGJj#VS6lYSoKO;=On9cph(meu(|W>=aQkflX+&Vp|jmW|X8(
zZG`MuD;eDUzaQ>n<)+js-<?8wN-%5$2qa@|6c-?vE7xDqgrWVy@Gkc75_LG4TEy&c
zkFs{VVDY%m7VllbgcFNgtKB8{Qik<!Bm=5{vou}?Sr_2a7q9e|%%G{yxn<P^)92n>
zqPQX^tk`QF2?~Ao(=opO#XW|3d+B)Mjt=yRE>j3i&9v~|yhE(nmLbm(pw4Ce!k99y
z6~5kj2^e{L=;TCRNHB?yp$1ye_2NeV4V6f6=y^Xcn1gm>jai++S_jv9<`U~sh?kT>
zYe@eV3kbH~y8YSo=oiKErLXeZ+bJA5<{&f6SvtlD04FR|OZ&EZHg0k8>8sar{qRm~
zjZ5Ot@l0ZRHY2Q&%8a)cvU6`bm&Sym(c1WZRSwY|eHlBlHBY^=4R3D^GarlM{-^iL
zaplSBU5RSag;ziNnLP(`89Gpa$qK*xUbev^#<cry>&1ZX{V%FplB5}cVA-55T{Mzt
z1-s{<)Iu7$e4|zJ(C{Q49p6*Lj&VIt|1Q8LjN@h@g<LU>hz^(Rn(9)g|88LEUEOFB
zP_rfM;sb@e{8tXY+!`+B(Mpm4bB2GG__r`@$^aWt8zIl8aNxiJcI;S*%YFbIi6~Ap
zyLX%E-v2g6UV9_iIhib7I1kM0=-5^;gzXeMIuSEy6v08kSS=Pe8`{?wUtfQ8x{3}H
zA{g<OEn8W#_!m-BlhNt*cm@WeF&I!ZdWy2MXx+Fie%^jKoJH(AxQqP4Tr>tFJ^?{!
zbZ*(XytE`-LITah8&CfLsXZ#3wIsjA0*ALBA|NQ3th7v;^=^St(X(&EP7HP<S>n3(
zA`~wld;)@{q?mv`w2B6eQ;4An#~C|XToQoMh;mgY=FAK%<~$UWH^Ge}#aU>C6q_ny
zsya}l!<|^MD5x&M=y6fxbf9LYqWF2?Y8;AhL?r$p0t9sTff7kG$>b?!H7Kf<yu3W=
zxOnpTAwr`%aP>>GaruT}&dnra{bD?lj}sgeB<DA(0HR86p=9nrL~tO3WBSsreLED5
zn|*VxskVSki9A|XR@S**`d^WMZ?Z~ab~)xt@%~_`uE<$@Z@2bdTH6oQ%6<Zn*{^BM
ziNUkn`=LOK#07Lb@_{U8&9Qt6bbh$5{|cwkzf8BJQvHkzCX}*l62gYz(0LJ=@|%o(
zbGjq|n|0Bz$#q!C_2oA1Kk2(zd*(TLeMJ#r-U>lp3h9M#T^A!Q0=2xk%1pl1#U+h(
zY))`6tgV3otqoFQ`CR(LKh~cAwEl6P+Vk!IJw*D+Befb2syex@W7rrXW6+xX>hyUZ
z&_=;jy+1WoGHjk(bjJ(@o(&8LA~3LOYV|o=?>rY^HW!hfpSL4FKmY!xM}ANzfkD-@
z@7ti&e1fXR)*FcqMVYJwjjjmTWc*OOV536vtXvst<@}Y7S9R+?oVQ5rK4`=l@2UW6
z!kw#XEfsbl>|LZrV2Hex`|rPBvSkE7GilN!xskbg^=b|uK1_aozKmldyl@1F)4O+X
zzWVAb{`%`LdET3EzKPbBNF!zWSxM6fQtx+*;}|#X+X}Xf?hwX~Uj$&I(EI8S*?TyR
z>|IaDm?%|A;OyL&O1G=t<EwYa%Ge|#-<uz=<-wW1a&YBz+BC0T(kv&>Oi<UC@bNN|
zx$_Ajzg&91gap{u-6y%?*3YE}ZspV{#G9XI-$<{n!rScPVdR}_{~9pv3myo*o(=)c
z$a7fn(R=aq)-Uif`0@DADI7hSL($22`UIzv9xxP((?w=M79zB>-JH(B_@#_((WU}3
z=8O+h6(<Nb%@cc8^J?dT(gUWpX;nr7rkg#uW|;6Y{P*0yn%;i_X8gWBh0lLFA>+$b
zm4runm$v@gJgON2w9)Gnrp(wXnK$B=2=GOx)sT~Ks}jHw`P(%2VceBX=-DX{PmhYR
zKb$TXN8<~bxA+9>cVtT7rE(G*rq^B;iLaNA`Agy@d&kqH<A-<pv14BjPy8=VQrH80
z4NSka4Fh@z0M~uL%~l6*e0qQt8`I=3kzt-ZG`THZqJ%ezd+IG>o^0Ej#oM19Bq`k@
zFE8TR+&Q)tBL_#YWp@^SK6*CCWl83bkaa7Gk<-wxPJOP{TD<wZAb<>^3txler*U$l
zcQ*Y^MR>?KX|<EyY&ieowwIVE>^+i+Ph=#G!;Vpy_X}HhSomXQ5j)~+Y}jHYGppjb
zFf_ImcZ}~z?{1Cp@iIveRjV)H$_exNV|5A>#zvs%Y|NdX!H@v~Jb7;iE*-O$zyJ-~
ze;-E7sNYC9>Ez|7TQT~wOSx|9m&ENg^YT+|i9hLJ)||3MmC>Lu_pO24aMh5D>OGRI
z9f$yJPM0nkz^3p(F<?{c_xKN}u6q=(4#_nbit5EFH3e)$Wrd^F^5x4pe*E}9N)qjt
z2V#k7Q}ud1E~$W*mK|sQB(WB#d3x-(OmZ#o{>X~qTzy|S45!4faZ1+B`IJPf2-vvW
z;dDC5%*f!t{@o-cAI0eq-rpW{?cR^}?K{Xh)}aFjiQBpYyFC@BCXgOIFC(g5+e*~^
zQ|%%gVuV9pT3R}0vj|jP8N1Y=(JF*Dip0~?C}rAGQ&X^5%@TAdJH6z6Q?iy4e^p$H
z2Cd6U@~$+N%~`^b(L?z2r&V0@)M$Ktyg0OF52@SIiQjS@qt!-WiwOK0`I45NiX|h5
z+`Iw|P8AQA6N6&IL*tYz76HI$r8AEc5fMjKU2Z8f)hX8nLe@-UQ1A)#$H&hPuRwnk
zUk~swqVw~`5a5j_FaS-XK)n3@BrM}j<=RoYzH>|C96ET2d+(V}W?nAg-DA1_<@Ygb
zJ;_ZtLi+MAnRr<&?S#!s<X+thY4RVV!63mLqsc^`RoF$r$EaW^U3=EN&z3*40kAnc
zyVW$;o@AAi?(mp(mIP>`WE>#SQ-`lfE91v_R^jX=q`AyCmz3zrEOMX=ZHM*R&tyHC
zq%5cFfj8v;cO@5bvPcUf-oX)CeSBB}%0%q{nC2%J%j?!Al>j!i$#b!tYjvp1-)5Ce
znp=B%NJjT}+pR=LXt^}XAdf}*DfDe_;Op%csSGowtBDA|+S&4Avr9vL&#wi(d$0Zi
zHg1MZ-K8@DHcu?d<eP2zJF<%$llZ9D4*5nd0c-+F0GkpDS^2*uFYZzZxdcisq2Lt1
z*#E}k3hJC2J3chI?#$^fNzGU|5k(dJ$Dj%m7<sh(#Oy+R*GyJ|MpguDG8fK)67A}m
z)W<bh3A(1V4E2=!6^~bC&zb@@0<4J;fK7G%;&1&O@@a)JVhjrwEa1EEzLW7B1TyRE
z>nj5iYPDMF)h;IHg@uLW=H|-pQBhG$pFSOvdJ=!@uP7Sf{Z&jIJd3}nnS~^!<Vh;8
zua|*lk^XoXg*2H$L4g&U!$qK9alp_j$`=!1!ITMa<bzJQ-HS=OL&yOX5ZTD5crj6Z
z{jzc`81)*wyo^=0LwNC@NX#ZZtBBk@3jzKf1P6G^dKz?^dU}7){(hXPzkc-14mN+8
z#iL!W#i6PsS@ZGK8oB<@w^(x18yr2JOC!s1f<l^-rFxN5m_vXo9d8Obk)6z*{7gnS
zZ;OYvW*fHEjcE>-i|v`IwDt=iz)&^&s(jw}j&3KcQvum#Cr1w|42<<<?uG;w%o*<v
zWdFB5kLT}xolCo{RwrBbWb@sx3G6?XUn)%|7%WZ0J-MQPBL?;gCCE>YMytVYcQWq5
z4N~Szu+J{*8_E^2Vf?ZxMV6DDXOp)?Y@kLp^I>rB5c+is#@}0qRy<2pJl|p~HZRY{
z`kh()x+aCgCkn9Gobv4x9AKhXmq4zJX+%P*nRVMUWfA^9dhVML#n#<fEL<t};#7kC
zjSL?UM(buirPmSdoBvA!#}b8CnL=c!i4lV%hzO}T-k8k}R&GgW%~p5dTk(&Nm!5lW
zY9&FO0AIbdkB31+%cedA`sy3{Q#H@i3X2c(3j)ZhfgGA%adDS#27L{M$aU;lykE|x
z|2JH(evC_ETv@s<o<Uc3!^`kHiYpGM6N=0(3JP2tk9TnRsGXz~C;JcD_;!Jr8%9Ml
zq+bgn8u=32vngl`xboKd{ITZrfX$9&H*n94Mg06rJ~xi>;ep9lG3vJONlJFI<coeR
z`6HcKa}QxMig8TAU{IL#;sCB2cIidcKa;cr5unZK(!o93S+(R_c5YlVc*BM@b>a+G
z*J~6x9Gef9bKEMq!fDq7i73hx#nfua`KZr%EAx)cGeCLv(aQo5pEIR@BVhB`PX}oh
z<jK_7$TOLz!twYV2c6zKN#a9IDzI#PpFdO&7&c<cQOqzF@l+Id90i-ribkWAiU+c{
z%Pk2f>8a`D<m3<-6hL4=09uW{6g#NiC_)O`eN>cRAr()0+@ACmkBK#*_^rHHiu?a%
z&!7CC>Xy6y?z!&>X&g?UD=*>y9($juZ%x4`#2dlCNj;dv?w@zE_va1xG!A6sBV))h
z=VHk&ATO^Fy+c7;WCN=iowGoyA0Q-oU0M_os|HnqN{T@vWzRGQ6E2ex)u6@G-wRJ)
zAB_G!C_WzOO-2mfUf^j&Ene%E8qvM`QNaWy?RL1FY}>kxkt0Tehc_KY+)V70`w*O;
zyu*7)TJ$;ZJpUw-5rV1XwoAnk$sK=0I0EI{Rh$B_(Sbp%qtAhBQxm{O0JkEESXK=T
zn_3MI>`4*~o4O@nn*MqY$Nr_YtB6oJ=s6i{w>$7FI6}W&k4jd|p$v=sXfAykTkBI5
zKg2m<nd=G9SWj5yx>K$x;@$|A00A1EE@k?4W^MFqwXXBUlwntrgKxH5Xc44kVlNMh
zY${9lS=pcFWPCTHT-*Aaz}u*>;e?&#`)v})iD{viHf%@@7C0LVeE;6Vq$kxwhE3!C
zD0K|j42;s8mSIzDznH+lz_q3C&wm2L#y!JQ=iJ!7?g1M)ZOK~{j9vRW3KPzz6V_QC
zMV+h!46g*(EUjIz(Mn~gnU(TaagECLuPI;?;aXM9u&FZ()OkTgu2394!^k!3S+i!1
zls!vIN;>5_9v&W&WixQ#K%!bVN6BA}w{v$fv!u?e)lgtPwt(0?yL8Mv-f1=pf6s9C
z=cN*F&Ew}2+vwFgn(n$zL^@955z?NMIVm*Lq~WDiWNewF!hBN9g>(xEJ7>T~ELe}_
z<uE6450AC&g}1Iuf4s8!eos5W8q+pjx-$R|lK=xv=sQ2bC$rxtA14ppUcJ0VJ-!te
ztZHImoRMuKIo&MRl;Oc9f&+|FdaQg(%d#@zvCRk>Bf+j2dqop&9@SKyVzax*FSN_}
zy*}PLDQi~SBsLVx76%1phXhN7Bw6J;)V9oq^DnFg_Sj6!&JQNhQT_8OY9uya?)6Kf
zzo}lv{=TqAYq%O#n}bJR`2+t(o(vnDM$?EKLPInNhF$rTk?G|2dowtA(37o;r{L+~
z=H1&}Ib1p6E6K3Ac}y6J*2Wj#WHDrbKTqD<v6Nx6bJ<PI`C&cJymFY1?e)C<LQh8A
zydH~1<;13Id3DxqW_@;uhwpB|Q}_14$0HP6BEFvIMRk|l44cyfHljgWS1#txn?}~_
zT?o~BVh(DJB+;CpyoJ&5tfGWnd;?1ZU?ZQg(=lvf-q^&;*F@pxp(if6Q2vc=>3dpF
z^0-tR;xjL<kh^;NGCayH!zO;~KRdoGhE4fcHWw_0P06rQ5@=j}7aParH&!ddC1rWs
z|Er6~w=(ol{cu+qu#q)T6}GI~N^)E>14a+V%iqZJ(`GV#=KTZ&`$z{DMRAdvoX7s3
zcd&BaGI~!QOze$=(HX@UuAn#-ToyYHyA7v9u(qAjyB*anoF=BDBG#xzr<D$e8nGrY
z8gL1QjPwU8Yl9n3a!bvr#SEG<D^&)2i}NZ_P*BKs-+jv?4?cu<qX_zqy@TMcJ!D*)
z!s7?Y+^~XgKKn>AX{01tIWv`%Ut%92=_cBxk@Y$^FrX%YP5C?40NB*-b-lY3u&G<d
zvOX;i?aB4%vyWoW70zYFJ+mks#Z$<JyT2>p(WpKV*dzPl^lOUVQOM9u6C_xZm}`^l
z8g2jkuyh<>%JkJc@(Ih_KzPPF!YhF^!a+8*z%HHeng<#&+g+sQ+vWdHm-Z=bI2ilx
zKbGm9Z-MW2nmL-`VrqXAjs10U+}NAy;O96iO#*b>AV3=l%&4U0t1O7KkZX1^xsM0I
zUM1sl-S(3PrGS6FJ%11kn|cV?=p|s|U#AKJgU$u8kqn!Fid5*@4d;LR*>i3>4-A{~
ztx~gok415P0+fr=eIeVeOjZJhRs?Lam)A1bXvH$rQ}UmBjmj;oDPZGf*wkC6#0t&I
zS6iX+>4L@-Nuk9>Mn;CD#S4vNe}8|1f&##nh9iGJ9`-o&8n-l1L;81G;D=xL^TV6_
zc(uzFICb94J-V62NqaeI$z?|8TZuM6KyWiGc}EB--j@}Vp2UKDa%@&w`TL)<B$}{%
zQb9guhl3x}4%0oL5j_IJ@GS;zoT|#c{7jaoA4Uz`%Z!O84F2J`BZh*u?R2)T`IAqU
z9pwF)SDcls+Q0MeSKsQmgSkBNMx2ZdBUmo~8PkHR281=3slfuJ7BH(CX61#j(dvbp
zCsi?tU;H%=Ci!I2-*|dG?FO^{yDT6Wt}o77&HP2XXxhY1$98&}H`NgmtijJ$iwMb3
zSm<KeA7;M#p^(R>#xmi$u0*v6Dh6!6mJFK~O$}lPkz*(9#ej{FL|Z2%(RMDoksbR^
zFlypz$)0)P@o*lQkwjP{4T&2kGkwM?-kW=f)-6noyC#sC_ug?)-h?FWpffUTM8hr)
zz~*F4)&X0<HCZt>iMuFon5gtw0yY<Gd*>#GbKHC?d-`;Mjqm+`;OAweS)eEVTL-W^
z+03pK3+twLqKW^hP6AVZP9@i>(mBjXe6EY8{yH9yb<2Ou-<i*ppHu1u!>0UZf63N<
z&0v^Q!H2W&4`*MNrO3*G9eZfjswF-_-V#(<yL>g>V|wG^X^_B)kd~Hh%U9XCa4XBc
z{*L><dI6ocU=WFGpTgTYO;g;kNcn%upDfr&?ub>jYg1-srj!?4w{9(ZFK@zIc0lp;
zmMkNUt%yiJFQ(spSKVM_wYX6YfK4robrz?_ofHfk!S^r!)Kw?JS#p8X9}mvmNrqo^
z6&s<|=NCXt)70N+n)*9_g+~y~n2qrTxSGXczU&nV<b(?*jr>$((v*NS0+<nCO-UNu
z%2zUL1nAS)&p?o;PD-zdzak0djz|L3Nj9{=e2rU<t$NAlnzg?^=HDFeWXWC|-5P5c
z*~wVEFQ8(v!@@l_b|pEP&_hp~5TT+VB(oLPpRn`W0UI$bbX*o?l%)QDs(tFR|JTR+
z|97_U$5{ffIeHeOQ^hQG9m7T!(XSF<bMF0naNBcW*a*NTC@@%hT!<+_*)V%?d_SKI
zo65aM&0g^W3QwJLud2R)RVcWT4)K000jyp8qy!9>T6U$~CHv2-(J0+Ye<*)`<^1mN
z70OUg&40=@Dp#|nfQ<laWDJ{&3K&+fxV$hsyg_3Gmji>g2v2RU^nPjx_3@8&EU9%r
zo$%ly#^prO)jt%M){8CKsl2prCAn4yFSQ*`mnO|ISWY68u1b>C=_DaPk9=%&^KW#{
zLx_+?OU%!c-SW6OkHx7+*iw|n;NH#1bJ<w2_Bd}}XJK$>D*?VP3D&3v_hMWZJ%f$E
zyvt|Xf_eXi%Ta`TUUl>9hTm({KmJ&s#w(v3z~N8{4K#B9gf{e!4s5V%L;tDJe-7A8
z%q<Awu-znI@g+%vN+YeEab8*UH5Eyg&BgWpY<NGM@B1a<T79`-7k50q2%Ft0^~J>k
zx!74*%KC_paE8D6x+cti<uW{UVc1<ojF|Kd>o%w2>8ar5r6IsyLriaf#$45g0oS-=
z*a*NTBg@Q?@e9bxcA?XP!wJ`o^5pw>?`GPwKS{twq+yqOu<X-EFUs*vGHkSi&iD?#
zC;%H<TJ?a9f|wvYi9X~##T{($;!O>Jjl6dsOz6&yeca65%E|YEKl$bEONeRZFBvw?
z0!&;rdq2ZF1@ic%LZ+%LtvO+4-i~}?n|m-Xu7Jk}1hD#qwG^;<Y<UK=Hs(|j!$z!y
zoJ{oHL34fXdFfA8#jrUq7rH=&+UyQgn;pG}$qmeCG`P$*v<AJD)mG8Sy_Zsm#SXi^
z{S#x0AX@e9jP5MrRMvIVN+iOM965r;VkwrH)5tlDsJULJB{Vol#(lleskVTPP|_GN
zVgxZUF&Db37v=Q?V3UwlHXkif{H+`@p*G)Rc0G)zHH}=aR^)oOB*(KAcD=WpPn0j;
z(~^RhH5I>tqXg&flB^n$1OT)0NFEyhCIrOXUMrAB(R-kY><LCM!ju1?OSq>5WJ)B_
z1PIi-skgk&FZ**!@0qsqSc-Z-P@#U6>wB?&&nk3DP$oXd#ngT#H(N##vBOmPj3;C}
z`DTX=552;D13gOTeR*aV^R`(@%2j#nG7r3Tiu4PW#JS@Azq;rz4dwl_?fJv3hsmgi
z3>$4ke?$zMy6k_KwmS>J=J|!UPt@rRGXevGn)&$nUX(AA;!2-)hD~|nsJW}!faViW
zW2;6aOU|yW%UYxF&nbSfGwS2b=+h@=P}kluD+UZ7OH{`)oT#e0x&fON)$HI@wom09
zy@um%3!Iw=OGEziXFn19XYe)i__^yf7&T?`R$Ft^d4BIYKJ9xm0cyUKDJY-BhTFmX
zEZX~39W=JK&%M>@Ahoa%!Ke{wcHwU3el>zuXK!HNf=sT6J;3l@1sDyd?$vy|NzYN!
zK%Sn~uhMhc@cf<4^EZES0&{*kAt$(zjXZdIYFpZfm@%h3#|`#98~c{o@#40hcoO&8
zJXmJ-CCO>PrYh(Zl@P6+fyR8g8;dZ?z18zKe*K&6UpB^Gy!MSdkjBgJuVLHXRDy%;
z=(J|^It5=}g)SWpTshQ}882tEZKsvc5G@A1@ZbhNUk(1g2K;<s&wdMy!@RkBV!Lt-
zoAKCfo?LV17wp<o#w33C#Wqa4aWvCr{3rpNRxLajcXbH=oj&QJ9N&_)gZ@E)P39aF
zWnvZM;}7Uu_b5t;(3-jUQv+Zl@8RPk+VlAEc2(X_0odfdd8s_Mcu%IB*R45LAf0ty
z9$qo7&HSCYtUhkx@qt13nKaDWoR7ar!_=N)&H|m@Jwbf7tzIx}F8a<ZoTY>wuJFMu
z_Km{jX4J^dOtG_ByiqNFP!$)tA{YC%#nGZq7xV&|uLr3lW{-PyT2ZD>#<>yHopY2o
zJDX<K7O)X<YVWw?;$(-OjeX8F&#pvQ1;C~*98(6wJwkBq*%LmGXIUk{(#Xdx`&yE!
zW6~%(50oZ7a5Wo*rS(;%uS?%=MlvwWUK)Qz05_|WbzITZ{k;CF8!ET?ge04}!wnau
zgUXrimuTtM1P6=u+8NkVOKeL$1|fT<z=<pu`_i2Bh}5#`sDn)>>|7tMr+cKqE!d&L
z#smk8cU$S!#K1Kjg;aOlDM(2Nq~ecOQ|!ZDg(J8)&nX5}m+F=ZK8>TGI3(g|iF(SB
z^)!y<!eL1aZBhlU(s}N3)Z%j7_7e4Q2o*|INK~F`2jNWRL`58ulIF$r6mcoV@TnE!
zY84K&C3X<|3*tOcZ>>gg?=f9ej`3C3cftDtu&I9x8%?-i*!b1yb3dfLw)Qb>L_eLk
z=d~Fq%Cm0Yj*=Jf#q-x<Hj`hFyFEXz;DM({esDoGxYWG$6G3?$)Sx<hVicZJeEQZ)
zz@}Hf0W(n5XNQlSg!r5;l>s&-XH}laHGDr+;kW#zdV_uHyL}Rp^N1b!C97h`VJHXM
z6gccm-u5dmcN{=VFE^v*d?wLrY)%J-c5J<6R9s8fHA--IcXtiY5ZnVHxVr{zEV#RS
zfZ*=l1b2tv4vkxI3m$^qKIgHV_q${F4+acI?_GP<Tyw2Ct4ffApYQ4xL2Hiw4u)FY
zA>)xG-E;U&-_zLRRlBY8{edAr^eXpbG0SwyBr9=_Rx_N<>yus7nCVo$5D}&pFbe&I
zASymJQ_~-?w{ZWmsod>MQtNC$Of)uB!AyutYm8In`W?wz(!c!q`rhFr{vlLzC+T{m
z-op5&T(NY$euq#!og>Zcmp$pV&+i5BD@Ri#eIOad@vtm(roW%@n|3<4Xg#uA!=(o?
zbn9Mk?ZaOD&Fs=*jcE96>mJ?5%uASh5yA1o`-Yu#??;nag#0oY<xrQoR$&Z+xBlPU
zeu^T1oPJCMeh!G0psuiuD!A7BEOJ0b&~d5@1)!$iD^n>n54eQv9ccKoVsQ|zGD#{r
z7TIFtxlY5dK*(6_bDz9FZQZ^$mHdmE%7nL8R0>JAyve=r#E){0>Pfn$^vJXlnXja*
zrcZp(2P`Eg<)(Zi8beL*rcg8Q&Q_N~kxn#-Qr3B;_n4t5E0~K1e_RZDbM1FP^AV@-
z{KpFrBVu?f^R4Bx@7NIqUi7DD;ec4sa+mL;jZZfTR3>rehnyA`6^I~OO$ArR_}ljA
zbDc+N+uA)hS$wQ_T7okaaI|?VhEm~LTwB*r<7=`0v#`65R3*-}HO}eRT-;eJ2EmQN
z6dmWidx}R6w)YQA>;>p6{`8Of-*?lcnMDV6M(TUOHSolbwtLTw?~M0MNc0p1h~@@m
z1CT`4jHN^RIty!&M3dSPv`K#+(W4+OvzH8}S)DRyazRWKA6AUa)s|DwB{)5GVQs9i
z^HRj5KRx2=8eqFzaakYYAH{X58N7bv2$4KOr}n|ifU}Bz^X2pP(#|7`p+CtES=tTq
znIv!82U8j5DE$LVyoyt~rdLt#gE!<FDP5QMit<$1_!6~2`4zZaV#-xiWtBV3m8Ne_
zejBYfa%2vKRh_q;=whO1EB7j@;3ng9QYMHYsuoF>Sr;j_zaC_bgvh-e8K+Ge`RJjP
z<4MnbzozDQu;zTRcJH?tzH#Pyh;5CtFs8uVM9M2^E?gUouR^6^@w38_3gL9DeoHDc
z%FvGY5Vxid=`Jd0GcHqEzr4UmkgZ@9{A+d9K@%^FxoJzR3oaaGyo|FF5oI>dQZF0m
zuP&S7xZ8VqF!tcONL&4~dvMbHvOgT8pq?_4<{sy-6{O%+gGB*k_B(vmpu6UBNaMLo
za^5b?N>$@kRu$6gdS-C<6DLPTz8Y{!fgJZed>|3-WuYe6^BWm=51m6rPOUHev4i5g
zVI8MeMtf->Jv21dHwa<=!gGUT_xWw}ImMZvenk7l6Zr*d2eh4wW$q0Y!!_BUr}k$b
zijrHxn5M9{uJ7yb_Ju~cU%?J7e*2z>>ukuu?Ea8$PdDNiGJ5`d7uflPxrk#A#Pt=D
z;^<5T!PUZgC(f_w{=)_CF99IV?f0wsfVl2qAyx|w!-0{cN}0gPnT{wS;r)?^@4Jah
z80Q9}cq!_pt2sVD@No;uZeV$cY0$}-#fHl`*PQwv5Z{JuAFp-~DIGC54*%e1T=_8m
zIL{77?J4GaF?Eh?I*pI8TSdYs@r!*&v6|x+9W}q@v2TZ{DzKB!V`6gM9+Np&*NNZT
zi=6X#Vx{jok`^G)<?OmkC6yUAd!F^NN~aA|hh%ox(!A*L#)MO8^0A_|VYCk(AL=!b
zo>p2VSygEiF}cIj)3ZEk=l8wM2`13gDNktNXgbUD#H(}@!^fViX{x1Ys41N#j`}$O
z6Zm^!`Cu`0nDdh??3YQ~;ATKhA{X$>@6er>!BS4q%I|JT5{SHUrm+k38y{nVBB@q^
zZz+~1d#ET)FCu7R^^pNNv8#*ynxtQXV(-cKD4L(08bs$jP)M|>V_P5j)o(t0wm!};
zXB@~&@t4??b@~l^m;B!N<P(bH?(fRI0}dJgg9ShDTNPi9m~as0^5=n|3qNktj~v-C
z(q;)=YZ|0X4LeC}DG|~0)YbupQ5d3UT&8>EH0)=U!@oqtrxDe#HN+>8xc41u2DbRg
zUO2x)1^Z~$Szk+Q;GMp+>m^wI$jGZZ(_Rgq6i!&Az5QK9mV_ai&BM17&Y*xdO+-RZ
zUaV$0?sS*=>yt(APxhW)kd__PI}(CQjb72EG)$a=trBtM0?Db2@rcdef=arVGbPBh
z*%Tr2UQq&g+SSZo&l@PO%aCZ=Y`B`5(eu6ZyzdWmE;X94xJ(4}=ZwPROq#r^D}vzC
z_xM#|_4$-7qp{R)w{i$`Pj@w|)-5Gkk*o-i4;#hOk@$5?r4MA$u)Rs9g>}oDDHO;M
zj80$AR$r`53J2og%^BZZJh*i~`4|M_14f)b*V!9|a?TOQFZb^`U@(DYQAnu3JZCLe
zgB}8V3$sD7&kdzH%L4Gkx57}o6lPba9gNVP#Y}c#a2>`tmO46n*b{0{<4Vwh(#DT9
zY99OLjUH9~(ueEx6*9YnYN*s*F+Y{pxmwVI$XJ~^7UZ3X(_3v}nqadBwysyrZs4+K
zMCf62MN)$g5Mq1x3vj-(iiE=K4Kg-n{7@C;tRh2C#TWMv#IG$iM6YhR|3v);oAM1d
zqB(Sh4LojT1hX<3E!doGV8NZ$g$?}l^S#T_G+F&VYyYO@rw>m4^FJ}Go^QktT{4(c
zt-7^#k=`<<-5(P^U1m7F2_3gEnFATuyKL)65a80;?f&NV^HgBZtHdwF1j0+yZ4@(#
z$9BWuL(zEHBLT7<^VS}MMK*;6;E{Y!+7>!p?ExaK&dRZgRa1R3=GdA5j%ubJh9t8@
zzcPs-kf);*e_MyoH2thBN@m+4uPVrTh!F6G6K{C{iY6h$Mz3#B5RPODeu^GE?^1a-
zZaQA4uC<!U4322K8Xf=6!98~07e~;~x|Xe>Guu+J*=69sKFF(g9^gSRQe+!^!Tt+s
z$-YCy@5S`yUeTmg&(F8$`O_;m9<#`rI#O)G&Pt%TDio$%3xQroC-%GHi59PbH~j)9
z#raZl#Zm9N)x}yE+O1_VcPg%;Z3p84T3c3$czmen60dP?GXwA5xc_!|3p3_MR3|zW
z6JZP&9vz?;c0AME8S_)eE|B^~R0BBpx~Neg-#|Y19@#|tJHw>fofFE}Q_P?!g;Px5
z^6Vlt8<w9}#~-YFKVM^JPw18~BZ;&trd`g|7N_xZ;ud-zSDvsiYSp=fV}+wsw_FJc
z!@JMsLwbItddw=;@LzUs4;M7G&fXfe_~?O(ao<O&>x(iH`jY-`zGxsaGS8eDf{HmR
zmuzN?b#c;HwH}<r(X0|RmU!eu`!dN#33viNu5GVQ8&DWsT)YM;Oc2fDilpXlg5(>#
z;7Bq<(Nt}i*_*<aCqADr)4kMp=23P_vjJ_g^5)OrlgpK0Mw6g|gaqkUoKbo$5{zE>
zZ^rxfEeF#5-LzG+XRJn(n<u6-xI(hnT3;Gy>wGu#uAXe4l=f0hhUAY9n?y;QU4<zG
zD1K-8d8|(HYv_cr2;7J@h#($4v?7v~NXjK*`6@~6=A66w8dETF4B;RwZS}h+P17yz
z*RMU$p~UC@UUI4t)%W-G`T46XKH#+q!=e$9>Gcs`&poTJ7>O)zhPckul`3rDz46sR
zmxtG)MM${yPp{END}oIa+qeF`{`)V`g(`zBGh{!PL=^&MZ2R<3zM39QJyr@<5xlXw
zAdYnEw-H%zcn#gEJqe!Z8^S*+?84;?imgCb!=<Zt>gI#CtsO!HL`FtpDlH*ocsKmk
zFNnnQ-kKHhI4a5Li}~fZkMVdppCW9FdYmMW{w~(UY%2N2gx$hu^^Lq+%2<CRs4pnJ
z^4eB+X}XUdgpS+Pg#HE@5Sxpu6JE`q=DtXm!AA;DyDv0Di$Y@A`HqN-u#_5MTYbPd
zD~7*a1TeqxtN$9y-&{oMlz1CYyjCM&!Au~GJdLJO+vCzb)-i#M5PrBX;PdkvZodt)
zZ#qjivyy~Mh=%W@Sv?$rv4qWV^+mr20A?!&-E_fT^Dz!hnVfB<=&5%z^3fPhjVyPb
ze1+K0E4EH&VlWb+wFfeS9-1o3B|F(@Dg3pa=m)OTTkV_U5wXgSC(4r9@?%MZnjLi;
z5$rPpA4yDbfT!hmzZ^vE2WK}w5^hNMwrs#JTUw&aNOh$9S94J_YxgQhR;*=eq_Dze
zCRzAA*%E!(k#wvJHl`sYV+G013>DaLG8x9-BCvsdXG26$k^6eItJx-%G_W5C%)f41
zB}UmIz~ws#W>V61y;{{{y+>wispuw`+yS0%oj#ZIRBG2R#WX%ne143m5jboJJfb{Y
zZKim?!Nmu$en}Xgfl)I0-?@Gbglx6(boo^;o81i|*lebAr{z6L{)!V1u4IT7nV&vZ
zt)%S4v>xxuJSa4FeW2s+VhrlnDF;3vu3;gH%-3Y03!%&`E0bJ<qQq4J9*<4|=^e)w
zTqgh6)FCY_$x&V%a|ZS1NMXuUc&*=BFvjL)oG9UM6PJ(rXnfY>*>pnR_021!ibP~{
zl;bp#^9IcOBv<|VDlY7YDxLYvmiZnpdqI`O#Y*MNAqImF;Q4)i!{3kEsF+IDS1muB
zmPg~|bHY8yMVgo1^_ahvuie>^``{#`&DOM4vV)MP^YmL?;}A_CVnVZwGZQ$Y8QP4P
zt;o=vS*@uZN@E{>E0J7^b1nvRDD?TGJJV;qNaNk!Vu>EhVq-IsK6^XKy5|R$lNig{
z%yjMFJs{#ujHd&@cvm?AwpZ9YGJoq&NroZcjoC_2(fiqQbH!9VQ#4}DP)VHbN6E)Z
z(#^oIPg0){p5g)ujjy-EDX7`m(IK0GT(!IXHVd{v0c=?9{-Q?)2r4GaCl=e0keN!j
zL?Ghx9of>i2hePi!IBQ^%jum<Wsc%t?zy5a721`d7mJhaxl`}CWK(a(u5g|nxm5GD
zol|@&>#P16^;%UeWsd210tYV@z9LP8cMV8SfNbjPdMS`aVOw8QS33Iv59M3T=hq(|
z+i{hn%)=F?Gj|`3m_N24k&tS+e_T83XvzAxX({#l4GMiuZR(|Q7ucq66361n^CRa<
zqYA01-!d!kG-yJ2mQME>V{QQ-n56@ba9d;mf44(J1emtBeB8*e9lBbl*RICLCE;y>
zY`Ck7>->XqRQHe)d}GZ}(;WD=K8heUHD4_RzS#(ucK4c}-f7D6!kVRP%|fb{aO?Pu
zI3f!2M+c_Oj(c}p(v73V8&FI;*&_RaWV0!HG7hhF&TrVvLh-XY;VJ?Ft(?9d?E4U^
z`hw7=e%T((ZO!(ziFw9e`n{7!uK_okTx@LYw;Hu`g16Ha4r0FKbGlyb5k@psKwaiA
z1xc8qudgC_%!YwMP3P#el(3l_eoWvP;*<n_bMwAYC%L2<j;{Uqpp|DFQ-!QOhWqx3
zEZXT0h!IJLsbg-t#e94_s=j=*%@?8Q;`xYkL>a;!R+H&-RwTGVnE(!%{i{{XjiG?C
zng>#jyN?NWEsnRt;KnD#hIk}9x`t)6zsL#X<CrT}bN3c;rX(Mi5g%}VFYwb@6=HD;
zJIQIq4Q@l+Jhq%$*+c<7Ycriw%t`w_jO?p<T$Y-FUw&=DBNz?TrgvB4${mE7?jJ)t
z2}a=q0{vS+2<Wh+a3qhf4-XIKKi~t$CGko5?OZ(+3z-kSZ=J<*{K>m_kzA}KP)TM^
z?S@Aki@q~@=PfZtAT6|FI>L)b@Ll1FV0J3j_C$2ne%OBBqH%(4ZIvLSn5vh!?iq!P
zY(9NQf73m9-(2y_ubGGhozUsiE2aLLf$d2=9yrso_pv*pNUxr$|K=*6eE2R3!QU;1
zXSbde2iwak5xi>giRNyK?b}W#TFT*)cyQ4h_y#U;2%gfTZJqAr1+R=0>>EgEpayFW
z-tE%+w6DkfQuNZNs7=yjehaKJjW)Sn<e+znTinjs1|;SF9%48s(zP?;ZYm`gsJ_07
z{Px;76mp0O$A>yAD?WCo{{<RL&*Gj5Le`mwc`vC57uNT8#=8t|v=F&AfqbT8`5y*k
z;I{MSf%Z|h*O)@0Q>^`o+{`txe0fUV!c`S`rBNDB44v4%X1E{8u=LlBhM%Rg@*Tdh
zVA?>{P~cLpH}i%ym+tPKJyBRx1$YkYmTGb@AQV%<?jz0R$qZ}w7q52^W@MjKhzjBW
z{V>jgI;pZNuLsg5jkPcB4+mfvZ;O0<LvTH?Z>Zje#qvFRFHm+K-~+6qOG}x>KDfB(
z4Gc86dPq##|1!zFe0gl`C?Fji9Mqv39E=~A%{g<2*l@X9&oIrs;F!-HcRLv4_IT*Z
z+KrF_1<wvsMpcGs{4<}lfcOAhpni~Pn5NQJ^o9FwHwCcwTo{fJcLrTpk_M}WTV0fF
zhY2dSfKqnm!}Xbj8XW+aH0cxFfXmQ5!(D%Y*5w=lU%uKS;M?Kz`zX$fF;bwxXXKOU
z&xwy?ozn~VvXP~+CVu}8XhcfrVVBgIKKg*6u?=;1IFdwv$T2{_E{7?cwt50J53m((
zE&|7XZxxfAv`M$Sp1Z{y;lwian>lSBcypC#(Vlk~6^_kx-A1cvdzWEL@9o!{#?BD}
z0P-Y5Ag9P=qNfNbxXdApFayw~1?X7b-!{vbCIpWP1RhMWD-A3RO;MiM;}tlJ3ox5+
z3hY&lf_X?m#8~`rk`eaBvHtElAobX52&sp1YdD%MEy+acBSapG;i1%aGY~Icj>6ze
zcf5(gb4TOL%WTLgfBf#J5{kF^YSDLT$^v=aA@(YO{JcK%!HQ0L^F3XzOCOjWL7R$m
zR}ahv0}aq~h#azna6#kYX0L?~bxhaXy+&V^&Ck?2@d$J*e4(Z-veFNe$N+aE^Z4A|
zwRz)5B)rWt9up5sI5Y2MSSCyH*=kL=+7c2hBGffbSv`Z?EfWomQvvH<hRiXiiHF{n
zmT)MKCek|JdnT5zXFLTBvr(!^L6I;ngfj*$*_ArE8X7;PzhY8IlTyKWHRJTfMHL|9
zy*{<-4^^iNP$P=>x$CjbMM=Wp`=r=~w5%tQQp6w<-Ld}+n)Pq-WQ$SBE*gxn*tB@4
zNydi?!z@$DHa_#sZ>Ye^wPk>8sA&h6`~|v!=^eX40a9<V7(rZN@0m(XIZ3`$1TR_a
zLqw%eET%l2L{-XLqdIn62DBMW{CCs_H49=3(FkTjY2EC<+OdH-hFRfodQtVrqvP&7
z*;qQCrKXSpToIA>CmIxX8$X?n#!K^j^GL_E0$SB}DB3G8OAGfm)p+;f0yTUw#Eb|U
zi<!i;VT?drujV*FXovNm`%WV-&QFyGYM!k`rO2bkJjmhPeQ>e&Q<cQkL6c;Cn5;Ej
zq@#QpY}(mQu)bb0`IZN=lk$^e7U}-_7oA=P!@J4DO!0FT{7N5sW!!awQ+L{(-`05@
zNdVUqL_}z4)-TB6ZC{Mo{51P-jMU!H?L{KZU~*`cH=+O%sl0x4IMPwuypvS=bx#iz
zq~Do|FouQf95V=ml>Jln%f#`J&ZvmV0Nn+7rNCx{t(q>lCBtZqTpKpTk>yLoCutOt
zsUiC@@yyUzzPV4`!jb5M%j5)1u$gG#A2?gotQxKA^OtD&qvAM!*oWMi(>s2)EQBT1
zihV~Uf+#B2OAkuI6oIr5zOc936PowrDFT*0^$D1dsc?5~TFdxUDYi*EyM*q8ZB2x~
zIIjg2cN1~7B;lvt@=}(4xDe1b9^`vRKM=;$($-Cm)tl3LgnjlXHef%(S0GvBc<<-t
zU%woaM2By^z@1;~@pHi~(x+k|YMBUvy|ddj(L88vQe*E-2Ho4oTNo$V!Tc0T(affY
z+C}p9w!5x}q@Ig|nU0=cJ?B|Nb8X=X9aU26S7C>f=rmbZKS?;zadtK1SKjL>E2FP*
zDl?cp$xcA(zOP0=wp1=4{UA#35WMRA<z^$^RR_eTOfI~#63Vz5XX*_p9q}(X&D8nO
zhVEvmWDkgJ{nJM%?Br5|V)<0#C&~F6KdWrR#$p0HP9P>(ae)x^L3f+H-yvyfX*P5D
z89@pkp@!cobGnZPbU!p2o9Ur8lNj5-@~8_TF}l);Cd#SI;rb3QQh~KKJznE@E)cIE
z2eUGgWoi9&>DRWRJCbb)Odl@=nynzQ!;v_>>+)Q{UK6By$LasZdpEUKG)26(WZ#Mr
zIVZzIB&V&!==T2J|2N6Lg8-E@G1Vd>OJ?eq_QDfqJ*WLplw-1qbXydz%MNAF{&VGg
zqQqX}A_~^w@dZ!7`<FW~?_vcQ&;YtDr3tpXOn`#400NMDExJ?TGLd3&fuALJ6H`i|
z5aygr4ghb@V?fDR5+B5^YLDaKvL|JfVW1~}ZD1kJ*cP$yI0X@$&+F4sfvc?Gf+lk2
zG=17TvCmelewLyHQ=;)f;U?=`PPpMHrk1yOhrH?ag2UhD9UZ|-`1Jvi1=9I4@ejn~
z!>H5Sg~Fr9v%Skq^qgm|{s8Y%#iZP_(;>PU6c31QVI|gI)Y6jlVdB%fv@U_$7H57@
z$8&#=2q-0k%@nL;17<DJ!e(An!e(;K_6>Q8P!%Dfq*oQ<#~c;+N7xGxR=_6iAhX~f
zq$OyfLpoUTB4?BMsy6DEbL8B9Q}sKu8v+BvHjWM7qiVk?Ao4QG66d{NDyx5x7B<pE
zg2)aD29P~Aca6|9F0aXPe!EYb`cMd)N~9bkJjCJafPCVK;65>bnIf<QwKk#*+|=bF
z15$Z|jhz+L;7GRd*_72NwZZ(~G*}exLN)Kn^Ww@M5!q&OeOChrfCA}Sl#{HmB=rBz
zZvP@}R-VwUZAknjnOoneAeoi=${<Vz8PH{$=Wd(fPK%E)deZh<rV=d^eL>y|i{!hq
zGg9lmJ;D3FNPDi@j^rcJ29}b+2HMeMl+#3e`{jDWb;30FxHZj%kq`2E0r2HERK9_(
zUEZmzN1Hn?)}X4~E0;Jul>9d}#Aa2T7=VGO47x<U+J}(<m5Xi!TNW>Wb~ofA^K}$!
zqr&NntaK^q3&NqJC!N3RiDcQ3zR6(77wtf&X%D5M)@G5;#Cx_}#Iz$FONO4Ti=EE?
zE@3(6hicCNi-1>omlHTrG5T4*O$vn~V(%GdwXbBn%ygNZ+b#Rs)}o1*OMH_~7$Sio
z35E{n${mOOJb(D`T$lA_A_%#DeV}z8@u-m*-VGO@q5@a6P0Ge`&e*rn*s-i9icW9>
zaYlS`w`MOKlLLQ`FfrY>myCdTn!BU~kxB~HWZ@g{Qq-ld%iFuSLWsgu-&k4ly@;As
zHkwP=&KEBz7Sps3t)k((Q-d4UqL6R_o;4gz2rCf{{V;0Ma#R<Yi|P;TCX4Xv2?+Zf
zOyFl5x?hx|lA&$?{>{FdNOH$T_OMv8Y~${E(G33yG#6rM7mBGt*Cl(`qqWLhR0hd|
zkY7#do+PVR{5o<+am#6-X4jW)Cd_n|aSDy{EuCPjQ2(KAFs(xa*CeKJ&As$c96C`<
z{qiN14fqBAB-6@7Z4a9bQ&^c2O26QpV1)X0dO4Kg8%IqxwPYS?67rvr2e1vX>X(A1
z75m@kMNBM$SE9iwg%R9B{iFZvAj^0T31PHY^0(I)Xe+y~Ji+ZUCVKYexVA$#k-chK
zx5+zWE53ti4{9|}FYVsH7g)fwzCNh77{rwYJc2Ef&cyvg7N7bF0U}wCRil-#pPik#
zoOYyWX=yzg*A{ib^i<%iZ{S6QcDQeBZC-_<&Cf52Wu@*~G|`B&61COd{W=lMmds=W
z1&aL%qT8-kEGSsF{hiZz6xCEKtf>VG7xi4N*$ww?cJ4G)SFm?kH9Z$4ZUJ?uG%F+q
z$N+{u1o32!g#h}y?&7;mr@oj^?W~7nF#6n-h!P%H&+jyViG9(Si1y^fAq8(yG|6Wr
z@cf!d!;6_ULkm=<S!8<Qva7T&+ck!qTR)Yd3m1d)dVngI*M=wnGJwerlra1-@_km#
zfxKTjoakwj#^*UoG8c_A=N~CXC8oWaC~eZVPSy^T+NI*+>2N5`F!=R&#DiRUVQixc
z%~rzncLeql8mAL5i|2fj+I<oD3x_!c#!^~nVM8`~b4(y@4MYNmZt|ur$9y=8XpMab
zoTA|#ZDVaqGHOYlg=_JFS)Fe<5vZ!gEDeXsGdQb0SaaIR^}Do=CYEr)g4TIUQ3}Xk
zF96%>Oq@-nK{Ydd#hquruzSy^)S<hxL6nbacyOOA9<ntn#Y+*{!dw^gv|`XD%4|k2
z!K&9YT{%8qj>uB2Oy!Qr4}@WoFI7R2H^-MEbzDIc_0c5?3rA?>Gc#Q4{r#cwO)DR4
zjD65~P)LT8+A4Ca5i0NS#9I6BIx&F~PpTjyUS=w%!|x#}W=ZsgMo%F4S_Ogh)VaQr
zM#IiJqyGgTW&kXtCP-}uzJnu4jqphg3{o&y?7K~WrrTXmAFOtI>K+wdai2RT0Ag>v
zi?U;wh%wo1UmnlUO%QW*<b)i5uo1+DSXIGC#%Z=G$G~@<Exc`aq3c_BP|-v(Nh+ni
zs0Z3V3vS|BqQj&sKw)k(h`PFV2pgod&x6)g!zxH!M=_9No7wM3|Bi9A#{+MEF~`FB
zyT>26$Q%BVpZCaFO81KM{GI^QLTJWVP%#8!ApSr@2i$UK)S2VD{$q~xF_loG3T#%7
zip4(OCbbORqb+rsL4*I)G8}{C+t31vW`nQMX=rp4C0pT8<m;0JCsL!}19@p!WqWTD
z;WMMT@c3112K!iPST*4=;?RROW=`~lpF$cVX9^@#@L-V&l^AZLYeQCfRl3Dh%v%6h
zZq*W}RhlClymxB(8n}cN#{|U5g#JuR^Grr5efc*&n!Mf8_=P&5oB-@cYbhOKH~}``
z`47@K7^<IyYys2cw*u0KlDtispVk5P0@?HNKipKh5`s{PXKLHdzG<tcRUyaVSCZCJ
zR-0BzR?4E^Zge>qKV^AAIpjY)l!HK#_FkwYwJ3lJ=t`=-N}r@~p1wYrn6dZoI3QJG
z6zUo+tiWRn!uNxytIx^FStG3M?4B+%SEm7Js1+3@T*?dgd5pP?Q5zg^nOKFxB@!BH
zU+6cHE^QbG(^DlQ0F#CE&C^kshb+XaMvpp(lN|m6yPy3&`z?CnRw8vDX6zE6tR6V7
zp!XPMk&4C{@dge}K@K}XgM^Oz$P-gALXd)&mjJy&1}#jCQZ_Rw5v*Z``v62n{WW7q
zHw50`)yO@&&@fe8xJT0gOLaKr9Utjm_IEdhDrlgR3~K{oOmIAKqS$Ka#d?S8M}D68
zao=TsTY>J-68?U1cAuxVJe@H)-x_F-d;+Z|b?<euppH+qKiu{eV1(vHL2r;L@MyqM
zWg7!H$uJ<JFHo2&B)8Q5j~76t<ws8?r}hT}iFbta6qN{FvsI)W6AOkp+FkCsO~y0m
z++l;(3Df=iy7Is&7PUH$aJd&hh2vVuaL3hq`*^+p2j}tc<Gd!bP-J1QSRbP8Uh&!|
zwB36`kbGSU*LP3v$x}9Ct|xch5ZAA&#A7Y9I%ebR!*K26<F$@&jYW70L@tm3$Zf-e
zEka+{Clbn-mC>*a$qwWsN$`Q+oMV3(t6fT7)H0{Xd-fym)zQLbp6ZlG$;df1U%q^;
z&7-8)DTcOY8gYJ7J^UGxUQq#qC%t?=BGNT_5^0QM`$Ckhu=!YFT@?;18}PpmF|DJz
zKX2R#yB+7$Kh;}=(|+S>Yvvz&d&SIAC!3WAA;vWDO<|!5DXt2Q5xc*1)ErPVxl=S<
zJRkDT*pp><(7*ni<=80pP`fon&0KV0%y#xo=X1z8t;cj^0($_SBtXmFv+Z0!AzShO
z)<zksl{JLU;Nn;i=plbI`fXFJ@F2eB?x?Vmmfn&JnH$}2$T>fm(lMloQbMGba==ZS
z<2c{ljVp^eU(K(Mu1&yHq;M1s+PlR<d5vlBy77w%ZnFtL7Hn^8Cl!L~35lV8+O_1)
z_L+$9#&AhHuG3m@VN5mZb&i#CLt3r7kiuI6nr|{HTsCbT1{$TQ=Kf1)tUFw$6SMIG
z5{CJPd{P)ug&Fxf7G6(9_QkVGD4t`FadLKlZ!m0TmQFb`&n+TgGFTzII&ZJJ8PGfA
zt=9KQ=SdB2Xg1Hwyp$&f|9o=|uV7<MISU%$dPq=`q(91{`0Hv!Wjjk1iRJ47rSv@O
zo!zcdJ)`j#lPzpXU(JR(QyD5JH^iPS!9MjHZ@fxxJz_I~`8n^W`z-Eag&j{oZAv*M
z5Z2F2K|ydFpUDLT;`2ek_VHngm_&(^ccCdH+8rWyJFRKcf#=ab?I`8)4pBE$W7|O*
z&@@t;pkrnGZ<+`1RLut*7)DL7*&B&vZJJ@T6d?y<K(hpd94^EqG2`#0<%>y6MPPnP
zuE>pNj$&awBrNIGcy6$wuprS;f-yyOIYHM3S#-m3QAJIVX{Sg(MVex{!$H~&<hx!r
zMU+3RAI6RNk`qM9{1wP@r<!WQM_AZrGTwu%ZC*+59XgC9A%*Ou{(+;t5^SdInBomr
zmpA&H>5|+ZQTY_va}nmPTy&<?JCqAQ7~8}n1CsmrF~p-yWO}Wz)g_YN!`h{(h4)r_
zL2T$7*7<CM2W38uVOxna*=R11ZOAuTX_XcD1IEH_j2KczbJ3;Ki9vX<^^=$#SZl6t
z=!LYRQ_BAV$S4wW_~|~+3`9iW_RdykPI)R+xxPCOdpZ>SEqyH8aw&9cy!chZb5(p{
zYUDxh^~5$_`TaK~ZKtB|?1S^C1)O0=_{F`RXLu2>B!W4gWbhzWD%DO4zdTnyu|8%g
zr4)yGVSRbsEgZ7{-4y*aFOMNgljnO7)@5j$=M3En;iXR$d*7!=gWD;mM^^%#kv^HU
zG(m2-vI{K9*M}T@K&&W|cUvh#P^>sxPhJ#33-xu3DNPUe*Awoq3@jp^Ul<NhrZ^x6
z6+QJ`R}L=`EcZ_Jlu7Y<Abmt3QSzta@%KXp#JLL#MVoM!Xu*EnSTCKVr1MRSZVZow
zEayjDvT|#-s(`zfwwI`ybX^PI&&8_>gw@A!#082x{gfOS95k6JkgjnzN1w+BJ`u^u
z8Unn49@vEft#>Dl53)>($!P&i&yE6@n;=5!=T=(<8@*6D*hcr9fiu|czK;iMBw6oo
zk!ObPwD=-3k9q|%83&}G<6!ZB*BS5HrCP;e168}aYTpBatI1ml)8$^B8~bfd$70_^
zt<1V-Y%uJ9IIN-|U#ozlOu@gdsf29QC3X@LkywW56lA)8nXqRHls&y8R95b`#d@82
zhSsPxZ--H{+;4GOYhnNVd?3){8gLR2zx0M`-W*}d(ewF3?+_hzt|fmeZ04s@(*%{n
z9ryy_u-Jy8a)z*2P*(Z3Z#wq}FNC-xtiuWeHJ+x+OyirHs-FyK@XfH;wAU7$O+W2o
z_R|x}2rav1PYvhdeGxN5;ztJDy<T5mljyCzYcv`%#PJg~Dep3@b`qVY;_sY$3}pj#
z+V%?QJ6U}l;~M2x55h61mD~V@Pi?#c1MeVyjiy@W2EBy~ysMug@l*Bwmr?ROu`=S#
zimnFTZThIkBMHWuCJXO9Tz!A_ON-|WgXHvtgf-r%78IIM8V06~j*Y3Ps%B}Z>R)}2
z`LT?Ox-uU8>+WgrI5ZMxy`nh$lDnZ1=)%Imod|`L@ZXP^GuHRHxSlut6bAT^8TQwx
zIBJ2g&{kWW8T_6u-;?q?Qc@Ze;AOa^`Id1rSKSIT)j;WHwsU7vnh{u#8Wb%&`+b~3
zv{tA;lcI}a4t*stDW^Gh<O_?1TWWkjlMI$xgVex?sL;4TVo}9~pxDlc6>@SLg7v;t
z!4!+#jLlr9<?TH($N_fX%9DND?YpH**&R!t<*o`!(c1~m$=nQb<+ZeKBRhlOQMYw{
z^7@*$9(thGfr3B{y|GSHoZ+Pu<LjFpAyzQt(UmQ_a4urLWBY2JLVR8>sHO#G6)|8S
zJph1`$z0yLQaGc7L;AW>Gug@Z64|bgM%&Dn9l#Kzko-x|ORH<?=7SFOA43C$#1q)F
zk=L$LMt1luWc^*bcBczflf5iOZerqOc&|RT?LO+9zXDuxG6TJoWQRVawF#7Zjng9j
zsbl{hH^X(Z-L@H2PS!uf7EJ=_;Uo@S?g@lVF!qb<FIdF0Jgq50`$>x-{=K9U(yjqo
z`8}+M2s23a{H~{;={rj4_B&VqMke>Dj{=bQ?hG(9+0hjnP`})K0r`^VE{cfyFV~?X
z6dn(OuYtwbQ#l?}eI=dcu$``ThDH?jgyd^^5T2BaV`^$zF_BgYmnqf+s*98#U1Pe8
zR{>qRSnyGIL%@X5Pg$B6)h5519wF8H=_7d-hNXe>mB-d)&u-vw@cJI>5=;$(K1N43
zIU%pgcXUOk$5Hp|3c42e4{wEQ+7+sZxO0MoV)K|-ftq{LG=-c6^!nCByRD(I4d2VD
zX2D}lj*;}_iw*5E^-*Q*_)__}OQ9Bp;Wc?g2<g&EV%Io%#=AsjnZ{<9z*7A2^>SJg
zoOMj#SJ_?*Wt665jU*@}Fp^JhJ-KDUZU*dtUXVgdF)7TvGUEz}zHxYYk`LVhOs5+R
zdDrSZ1!ktuOQ`@c6p~scrUN)HX7E79*TQ=1NXdCmfohC3n2F)Z{mKjNIz#yOt+rm*
z;1j5&H#IQ&2*lm!qzg&|PS1PxMr>*zClZZoOJI@l+!NZh0-8k22xElUV*1Z|d_G=Q
z;BlmhnR}{czpJj@SVqOvRj+`P4^rX~{mRV}c|YT`$jvm@M!17aMk5a&#Eg)GW!ODz
zVS>ZRRO8aF7c|klKIcenYL({_eMTFosboCna8lQ-AXxT0Pv%ymawgA~VF@3MhPTnL
z9pRR7H*H0{1h0kGEvF5JZS_GPZw;N$ff(An1OwP-^c652?C#Y;D#k;3SL%lgrVhM;
zd;go%kl7ue2mA2@|2Ik1`~vcORmBha#=H2so8|(;a3t@)_i3yIUSXcHq6|B!Au<~~
z3WiPSppa~1D`>CILs)esE~O@ul)oLjmz5%oHrIoNj}8jbuLv=Fdv<!otcZ{hSc(Ng
z@B(75g*y}y;0zgHHrvZ{*m%2%%f_d3>AI%I7)M414(?w}5@VrJwr736-&M_Tff&q7
zyH>cts|lJZ#~;WTofbz5)g(Dm$<DFJStIP-UzVOLIlc*-KRi4<H`(3}eB2^u0}5qx
z#Ey#o1^3f`!9D%oaBrVFv(bUR9)og-9m~EAi~<QKB6vEA{PfuJGN$RdO*o-i>bKCt
zz#y_8Vp^xOH)@WG!37HSEp((af#=7Xr>oxQF9+=IE30d}GB&^$P809Y%EYdJ8^Z4%
zvfwSG)YJ=MEGDhXV7_0N5d6ZL4Xc~{pX#;14zXx-3F7LzcQP@-A;h2D9`+Ys3$w%|
zDG8s9v@&Zd<A*S+kr|Ex{=1!kBdxrjmVz+5{74~A0$=@65uy~SH!BJ{Vr|EWsx^aa
z>T0edZ~4GB5_-`{+tW1qNZ}O`;jP3Dy%+3LBQz4zLux1_Gh6YWEsCLKv3mPY#bcq5
zItx0W2k9)|%16snWG4z`28w51G8+#Z)|D$SBo~diOLPdyb+T-VC)2Ga8KkBDkKIF<
zKCwccvLK>&aEWJ!C>%+ABJU<TIU?Zb=qQcH`U@(ji0kqEzAcVCJ;eOR55a38lDAag
zQvr*_A&)+_f-{5A0!H-Qv(4tGyRBKt!xmFw<C?PW!Zu^lwsVATV0ZWRr^hGnm*)LT
zCQc%!Z-=;1qtPlhfC5tFDtsK~;Qst$)G{_Oq6)osqgW_>q9#jK6uHSX4PoyzQwILK
z7YA~pwLIgbY})~Z%qR*ke~l5JaT5C6g2bsS-vnW9jY6wqne7IYkXtr)zi$vb6-8($
zoCJ=%yj%{=07Hod^)zm;Of7!C{{stWndv!ichFJI?1+yKcEEMwFwMVadJCitZ{>Ru
zpc2_Pnb6%^<gveR?5;?^$Z8N#g?6;d{dV?&Q=9v_=4TPOqoYGzTIKk~uv!BVjzp>K
zEeBGAAN2M9L{c^`G^B$+HRQc+Pvb_8l0^t8aJRc^rV(=g)Jev6=*h;s>T-<=>kPrJ
z1Th?>wa-q75@@&WwjXnnqFo=Ep<)Hd>%+%3$=}|;U#?fp4;(|;qHn5Qc1sOXcmtPd
z0duPCs0K@-@-gib$8U`;c<IKUU9u<b9DR@39h)P&8N<B)d6r*;0(s23r|4dUbSoR=
zM${Yz`~*92(sHXUerOc%*J*k8?hthKEn!WBorHrfFK?pL?@)u}nF0TGhrUJ05-6vL
zp)n;xzu$v<4DkdaIT!On+ml@R(>BLO!6$gY3P|srd>dVH;n~GoT>K4WDhl2M1l%E=
zZxyE^I)qM^jWB5W!qr}~Kgqgm578Su-BYwK0_l}sGH(iu=NN$#ZE9w)nF9k-5v3<b
z<kdRiVWCL@MiAtm`?Za=$ZPAa0qBA{m;1ZFNokP3?&V|^OlxJ*A319dy@3goqUmGp
zE-ZB-M_mk}Z;pifC(2P8&r6wgn=pT9@FhkI2~sGW;a!cx1!kbJq0k3vD)gv;9)9*?
zU=a|6OGo239*cNaI+sRQ|MGJ7Ofe(RNSF%?2M9H6ZwpMPx#oEbvegh0{%AE$y1Mlh
z78n>R3JD2OTsU!gL!=|sA_=kQIAnh%VYi$w3mKrI!O@J9&xrB6?9WgykFcJrzEYD)
zZ(bfvJn0tB$nLkyJP@&GpqRuUr_h*TZ52_kP1UFH^xJw!Ttes&DeDqpoJSwZ&(jl%
z(@}d2`WmE=#D1Ci$r2eb5tI`8MXZuxixCWdotm0*xP89UL=ZL93R5j?k+bbyt7tPa
ztL=GtOkS<@%Spt*4d*AzqG);~5E7X@+NH_QeRG+8n}hNnBY?UK4}>0eG}b&eWc}Ub
zNj6WxO%-}e;|YKX25>(&A8=@Le9Ss*)LqG3EJ(6Oy0LLeX_oY!af8dvB|DcDaAcrZ
z#X<k8TwO>N%fb*MuRwJ4{qg(zb$_di9}m+ue@SkH+HWqyR*_=kUA!1WwgH1)8TB^j
z1I4FbyYc*vTTliCp02psgh;UDkd&xEQg3ueSa%i?83xD0Y87Mh<^T<H#X_(7$uUYm
z+@U2&pB|1NCV5aXe`Vgd55opgBHe|f1`0q$0u<?HW1{xxW@RVI?+>nF99>)8$!)2$
zE~Pm?Lx1Cd0%+2!ws7I85%ZoSCR7)>+?nL(#P}bd%Nm1?`GBf;G`tgH0<C`75oQXR
z`<fgE5!L^)s9&3K)+XASi~mXK=pcQ7sw!4oeEdZw`@`w{h^VNFYvJqFgoOB5m;*`U
zaRjQhC|XmUnZBWgV;y&I@p3#AK(fZBM=c<&tPN{oN&_DE2bIIPvxuXJY%n!B#=>xa
z0KYIc0?#S>gvp*lL}a9n<*Sb-sJsb;q>h9M0bS8ofKB{9CXkc_`_o1g<CtcMo?D;s
zL@BkrR=&?$8s*eaO_?VIOB^*u`UoxP9-d^JHm1r|XYmqen7GGbJjc3=+1Y?v-5~E$
zTD~X#EI~Lfr8y)Xm4DUD3yOb1m?nSY+<dv(-h{zE0|gfXKLzl;L>>i40S1JlH<Q+`
zYeb&)jSlV4M_l~q@$A`!lunr^J=Fx^)Nj>y&v*3VjdAeM{*u3v3J`nu<#fTnjG;31
zKu)JYy&2({CtQaMK8N$F){*~^EgbDJF~4$K6r+9ofI7;XZ9Ly_D>uvp{smj_ox-CE
z!dm3+Lk_~H0*p5x);VqY@bewOz>(a4)w67kvA{!lJF2XoFY&~L&d2<aF2qkUiJUG(
z?jgiaj#2oV&`}&Cm?7HXIY`0f<IQr~#U1$K%@z7IT?Rva9+Rgp6PTwsd+q;ZLdk$2
z1+y~VIT48D`|>d5Kf6ve7<r5&R~KcPLYa`684X#9L`_ANpN?O-sCT+8go6L+Yx4&B
zH_N|z;ak$szJkY&gL%eE@>NWbEk3MP)U!7di1El4gjreF=K7xKMcIHp+_;4@bhPMX
z>7dWRS@WA{iv7$F5F+&_fc^SQpQY$?)6k%S&Gf$LBv@WvcKwjUYl{z$L9T!BI85Q6
z_3$Pk-p<BR1kB$s^uYP~hpZM0dh?Q`@e&u#SBF|kioXTMKzKwK+sghT6ba(~vJzvO
z55FkAEh-9BREwxm*9(Tu6WO6ev^0|oTZ(Aw8(MB=h(_v(2phQO`X+p3V#qU*H5BAB
zd>96zBmY4dbV(pn){m!v9AXRF%k{ZJf^4y;Uy9Sb_8A3oh`r{4_kJ@K6$J^xWcZ>m
z#gmmQN=wP9u=Ur1*pVs;Sc2O77ZW=r;l>M&&w>w5FF${kD>)!;-EMa%{vOg^q!e6=
zzyRQh-n>+Nc}U}{QqCeZr&M49Gs>2GH-R2^Dldd~C{|HWkc&pzk&B9Hr{vID>J6cI
z(}EPB(C{-q{7(;~-Qo)Tt2(Q9q51|Wil6!}d(dx8j&t*Z{`bm~0{(~2<L5SQ>c2-`
z>=_pML$!8$B{YJfPDRj^)?OnE|3dp>o6+|(KxnkjDNfk+`?bL)26BowzCMQy$TIh6
zebeXUgH`3^FF)S3YB$$HPnYd-dAB^BZBv37nb7O{DGw%=!E%1jtsoGTL_<ELbV$X6
z<e*$G+kdIP|JHurLCX_NhI)vr%mQkR`onv5?HMa<ON@6Bf_v!y3W@-jK;hvDu-Es9
zHR$O6GfBPa%lc-VzvJCQ2)q}%*i267f(-A*wG~7T-+=T5TfXoM#PE<Fs!(`*`Jf1?
zA;~^N#ALIHj6b`&K1u;Wu@~v>6^TKyEE15S6B5B}l3VI^a0rU&PF2%E9oQ_R%o=Ic
zJ42_-2VG}ul^3m!_RUz76bEiFf8qX%qfZ0?_6ScZ#A=#KBD%(|@o-KBLt)o7<5+sN
z(HJLBkug+|2Z93oKR)&j@n!uZ#Kp!iA&LI&8c9V;Q0!|glHQ+E=Clj6B3x#2?ZwFq
z6@Z?OpVqv>uoQ(>$!a0W7t0LH<LlO<(^sZ~6e%e~UqzbAL-f28-r7n~|IY@7G2|O|
z{dc8$hhB$5*#5P6<KH7L@TN3KVFj{m9ytLU4==Rr@UUcQ7Mf07T|KX;h_(_k5fcA3
z5z>dZ&K{x{P;eLk&TOnX|Cj{-e*^e$MGP|n_W$~l3NWG!K#?&~5-u(c4WK%P_NkG8
zUsa6G7ZLtfHDaV`Vz%6nTAYNd=}$oFF@XN3c_<qrxD}<Q^-AHD7f)F=Ck+$r()7<K
zqYTuPp`@axw=iggSL^Sir(eO}W2VF<rsC6(-otjl1^NJ#AmED1%kt-cS-pYI)MD%H
zRQuA2DboN)ytz^VsdHCklAo#mwv_&B)XL;~T8(K~fk5^dXpOqwH9>e`1r!pBkC1k<
zNWeJrpRuJI1F_WMOByws{sj|+K;%EbO^h3}%m`H1E>%xb13NFs2Fx(2;pc!XyqZ$3
zr~bnf5r|JI)>{IXx1>b}M<Pm$3JCpU^z(=i=W&5K20V5ZinU6yF>%M_kW`F%`%osE
zf)D7T6#hSzVOQA~*FW(!AwUTU;(1^?4`V4b-hCh3Tk_{$d0+xFf?~_If=>xl^Q}~Y
z_`J-xjI&(2c|J8&Wm0l-au(K3M}^#9EV((YxW|dTAzNp~D}+{*&?<D{><s=H$zsse
zu@EE|C06-=2O@wE$^3x$vbSU>e8WiNEyZ;hUevcwloPGX97Q&HMe0mEZpHM*8z?9!
zD(c#dQY8(^Ki-vZgbaPN!Ok=8Cldby=%zD}PA5kOGKx_W8>xJKWMl*&L_fH9a%@aq
z1D9?PBctzcAo*`|FJK9gc4}m>%@;2~hU`C!ufVK8=zHiE5Cj&MEFz<W7{R}ycuxL|
z04t>bi&UnVHVbmSLm2RZ3V%Y{Pk}(lVi#)@GXmgg*YxQELXV{`*u%GGUXK!vWV6mf
z;eX1p7<3l{M5ntSH&~GE9m1osXZR!J5T&3SKu7~B*YyCtRAaNZnx>X+^yn9x!5wPD
zDu#ypmco|Kf5zQYXn<y=w1+v5>26!WlIP{&Y-jUQhD`5}En}x9#M6`BSkPmguJkd&
z?Kgz1f&M0IFbBcA61@*SkW2Y~e&iZ%iXg5&=(?Bh+T^fGl3(4p<_MeZFZ*{xe5@Q2
zI(kOM(n)>=GcKI6#x|T7Qp6OspMr`B1eQF`7*w9&V*g?H_R~(X85i}%hHM!FYx|X>
zuf&xlQyt$OQc3@JxcJ?XTu$fV2p9|_<&*3O4llKMkznC6>9=jaW``QnAlpCA`;|HY
zuPp99I%{%Wua^Dyt_A*c*W>@Y>*4EOuCV_=8_{3TR%X%KV}CBe!py9!tD2#qtN;5y
zUErS0oNnz-PAAhs+jpNGIYhipKKVS%tn!W?5{TjoKcb60g84(j!jJ|*Gp>&B|98if
zfshsMrhvjSN{rU<dowLX{3}KB+H+v;OR(dZ@N2lOLu<PV6eE}iIn%){<E8RCO~N@$
z@HOYbZdXDCfS!esg%QVscK`#qB-fq!rU-<L_$QGk5jH0gV(rN-Fa#-?H6X6mL{(6o
z&LWr%2z@|S@%BDWTxoMJ(+K&%jZFayxbZx7o%VbcV-pamWf0CnzaBHQTPve2^`jN-
zYv-RKWQ7~JF4$yxi?O-W&LP^j{oFnF7T$=57(<jBMe;qZhx-0slBQuBrXJsaDZ-4I
z#UD=#c~^lYn2wmhQ+z<hv=iwlYQhxqKE!d=Tf&soyY5Ru111&xj5+mkYyXt-l2m1}
zqu{=E_ehZ>GMxTraLV@R!G2}U3cok>RvD7PJ$ik4QCf3*H6zFC{+H=5eSd>o<^TO^
z>@pJ*nzaHrd({I)vK#lmX|*sO@bfpoPNX&8j>owP5$0Xpfnh&gs=;pX*Kf#w+<TyN
zN{@feGl_`bqtUm=qzfO!c+pqUW))>fI}?xl%YOmk?;ku8#SBudH12ra+B3vFOXYbu
zCXorGA&TYc_(o8;eJgY*oTqGBLWrf&BO+GfOqVUI?VnkM-xA5^b-`!+*LAM>t3%7P
zh!F2JTeCLgt59(MsVzVud87wiofcTDxqA89n5&!L1GY^9l&wzX_}?I=O+g6D)taO3
z+TR)eJtV_t{+;1@wLh7>Sg*aaZg6?;<auR2p4HhypkPk+CzjAED{Q4|jQ#wXTN7AO
zk@jMRT=Kf$>Erd@92dwR_>Z>{0IM4ma5E;v_ZX@!Egof%i_~yG8ikzvHQC}TeyXs*
zzbfI~kHlPFKxTDbI_s-!%-S&e^q}VdcmZb3?w{VUbiWeQV6*pUqG<A%RciD6k?Ek2
z=9RV%F1iMG=j@Y-UWD)UVmeJ#gIgHEj(~qq6)2<z*g)pq{Z@6j56H^7>ShiZ{`MTq
ztU(^-V!9u$NSETr8)1($RZH80CbTHJV+nFwFcN3%xL$|ZB4SS#KOllg{v3or*{#l3
zk@)79cQ6LtH@&I0?&5_r{AWY|)b6iMKw_l8ru09uY5**Ba*s~0%uEri6@{|8G6ay{
z2Oq@!4ZJ%M<lhBdNy}f;!z20Dw+k2Ri2sT+5Ef^q!t~M2fQt0iN0m3TsT{q7yR{N7
zt9Od6q$}MBg3WeA#d3TJWR~cVwpS$`=h^SN?`thh;!9TlhxDESjfem7f_h#N=f8n2
zyW!jBs38Ka<cOf>8WvE*!wmoBekX}A$B}5GfQ9EGz>*2_@VtmsMy;sj{;e?FFSq1F
zAJeqWR=*l)?sBLlIo;l>{hXIShfA%&aL}<v%JIEnZ#ct@9?tQesFg7pUR3yXxjOZ8
zON~RKmX8PAgt6&GR4e?-Um|>kvG&-^Q|d|4bw*tE`rzI1u>3iOkh{0`_vp~y#Jm|1
z`0*79V@>D{RleO%$wjA-CZtL=9yk(*8H;y+z7ojKIoOW<eKMgF8oIvad(8xRkUF#!
zW)u8$jtE$aJC7|yxZhsDz+Y-jTmgHvQv4N0{Ma6^jRcqbRhEt~)7!rskA{vF@au`1
z^+jMG-7b1UBKfw9n+X6&YfTC#PD_oc-{1PJ`02KJ-h{i9a8mHakpw)=F>u*V9<;EI
z;HTzy-HeL9VB~h*6Q6tivKIO|fTCFcY%=c2-{8P!`1%7OhS)t+)FsL8ugnx^LG{-h
z3d4MP&A4N>Z$02}J%;dgR<I7^KLR`<fCM)AZ=x;&V5Vc__ka*}94F)BSaUTa*vzjl
zFQ{e^X?=cU<n8}aW?hljK^E`GJNA%oP6eTIYge|jKj{2T6X&Tx77wOE0t@(@UK2Ik
zh-fIOuMQ*H!AE>CNv~5cPnP;TUOq`+ooY=VkqfjVnbRoSS8&m{j@IjFrM2i<ksO-n
zjsp&E$4#>-fVR&Hjl1b(pQp!G<bl&t{}lg(_h3StDwNkjB`+c1a|~bR*tfreuBR4}
z)u;ngY2BS0-hdO?nc!8m)D9Q;WYYpB`~yzkVDpzEGX8rljk!84bs-H_#Q(?ER{+JG
zY+vK<t|35z1PeAuaEIWo!QI`0Yk<Ln2KV6Z?(Q(Sy9f7gvipB;_w9aFQ&bJq)Q`E{
zef!*V&g~A95jBP#3j16w^?8Ua`A_QI9jTqyr_w{;Kn7pr=EG~+0}Y@1-Yi_krp@kd
zr5iZDj=ln`gIf&_>eLI<9QY+2p@GBOueL2$Y`ZVERNSs-LAG<xXre{t<eC}^XszUh
zs{+&65lYk!n1r~{!txdLN)4ipyDZ{XN-DKtq&voWoL|>nuRi%mT+`s}W+c3d_tq4@
zoNiZAa(Z83d>9&@s5RAfI-FWLQNS*nuxU4ObAGu1U(}tr_WX0~Md<57v*oA7x}#98
zSK02c_ZeFk_+R?Bi_nK!vQNa(PlQjip7$qReQQ9pbhLfc!_^iwYb(LCCgkeKF=pGK
zVa)kFco&;B3d5}{ULOh6mtIq(JYzX?NoIpjuEO={UMr=s_rHUjsQ{xq8^-L_y+hP;
zH7~qRFkdUi1*VpQzJK~hI&||B02h#$xZes32Lxs;kI|NP!CT*Lb4y2{Xv5oyXg$ZJ
z+3t&_I+-u-RcX+FAYoL@2IDS_<9lo3{8x4rxF|gTPUpm{7)HWg(~DN#=a#F_EtiMY
zEbSG2$!^o64QICIp`l@&aksL4r=(gJ{mo>3;JcmZN~H}Jojdx60b4zllnt!+2Fn-g
z*msxHOoN+&nU`yOZ@T+x>Esm@B9Cku;n82c5^yNfAD4LVZl-U~&l=YZj&bAOYS#dx
zqGBEymSV%R{dsuo&tyO`*OtypBA(s@JXBk>4N}=rx7z%0T0S~zX|=)yjCVHE8;9eY
zaNFRk5KQSGj-R=Ec^}u%?MH$28=#l~=SBVTr;~?P#d8PhWNEPx?|U-!`{#K@Cqhqm
zmY0`bpF+*oF!>oZeGATBDT7hkVJI?M$2nFmAky6~P-z37_ZHe!wU8E$9`z33deBKX
zWUohrf7cE`s`CNTLG@+>#4m1_*xK$V4D3S-X>s3XKjRx51z%kd5*~adD4C3Jr2NN{
zFMv6$uc%B^{v-ly_f{3`?3<pnHF^n#NsU>#s!$(MZ!YL5O^pItLAg@?#<?xm<AiQ!
z?c-|wm4mCX<h{5tcx5Ak<=%V4ucB{a>RnPECgR-oi;^1(t1mgNnOZIo1F!o(%kjP~
z6<NKz5~rP8j$y;<66#}K0ViW=&uy{>Uh_a4s;QSp$XJ^eQdsu_yZd!CmZMv($jtx_
zlR<SB3g@F)^!MOdC{SaxC1|d*`QiEQ#MJEpatYY$^K`_^^EltU^E%ApI9V1jx;el|
z#6|ZRK@vZz9f?DiTLOuGEVjAQqXZB6<?QC&Q`KPzQ7?k4MOSG`MHyxp=tthw+UJXv
zM6!)u>eIN?p#5A9f?N<)gRZ;IXlg-OgWad!;c}B&PxC3*IPu9dI1G^6%qlRQTk!f*
zAa@Y<<KYD_iT}|@e&?X~knqT<2qI#lh}5)@1ifOIs=vGJ(CS@TW~f2iZ}@yAb3CN#
zvASAeuzx>-jT*Awjh)|ww7>b)>kaZ=+ZTrQ(59fBk<vu;@1sdy_k`Wfzu}*sThB`%
ze<v(&3IC1DgY_<tEy?sxe)VEppr-%0rwR;b)t51J{X|8tCPLcvf$DnJz3Ruk;|s72
z8g6SES4%$%`tpIAUvH*?F1NW-5`U>gMfHrntCa)TKX%N}aQL8gF~Ywm;c7wgW_)Kb
z?x?}GcvQA#XEEGU(r+(#>9m_SYNTTp-zj0?<#Ge-op!>zl}a6-Z=-o2$Ja-KM41-M
zN0*&-IW--cc2CO<xhdRK48=g)$r3JI3FM^mz46Ww>a#@mxih+Q7kF3jwk8^M|1nh>
z3_1{y&;;k-co}K=Xg<KECwa#$?=ii)!ERtGDAHp|hVm8rXa|~-)e^QL3GSXSscx<k
z_kXUm?37!$J1vgN^L-y!`#P#ib&2pf4bzZOSl!LYQI<48=J&$5+enqW7zwB!x^~??
zhII~=uh@9^_c9o~L4qq`cAacdaUm7RgJ11Z^_4zl&!@Iag2==fqZtn{#GcwgkO53R
z;%m0QG(6QY5u-aAB?TH5ni|BTk6SSKzj)o0v%n22F}1#jMUB~QeZl&YaUYMPu4?s(
zHVA?I3&P~~+9jSO{udYIR1HTy@ZA^S#!{x@i_wBJsiRa|eor#n_E?IQP)Sz<eCO}}
z0d`ST%ejd4Uko3EhMNLmN8{;&B?U#*lMp^*lP5^GIb|-lT|^Ux<BjxQM#;ow1nIGy
zOyWH04>_4RH^IRxguWMgx;q_?O54Sr<Lw&S17p@MFlLRW2(4hLDzFs4O_-xQ^KMlI
z+vrsJ>SZ61-^h5Wm|%Kgc~#dd<;+qTUPrm@&(R&tP%kGV)|<F|P7lW}kM|Fk=<1SG
z=We~a5!%k+CfBL{W@P#p!n`Lr{D$02wB9<3R_%+t&P)73)aGgX6Dhc)*xL;>DF?5M
zuTtytR~h!Nqlp{YpBa0PgZO8QQvHE)Apzh2u~R5x%Kw)I3Ju#|r5dSy{p$1Hw7Md>
zlK?QvBk&KZT{Q=Ak$b-~|9+sLcI}a>HCd}`^Y=o8aQpfI#JDggiOc!Sw80|X<Iw0m
z#727<`mTfr@LGlR>hVe((fn)CqSNFe7<zvu&l6Y`2%;1r)BkokQc};HohqY_ned^T
zsS&4(L4EUnQjrD=YLFFunPO|Z<>um+fcNFY@lq>vTz~(tmp8A$_XOJP*7Ei%r`pdf
zlfj8=_gF&jikMCo(=~*bG42Bq-p3X$omQQMqp!s>E+69w-uwc$$^T$d)!%60$ThpX
zyL^pP6{koW;El-L03=!w!UI{}jQg#*N_{2)SBr}B@)Z#>j$jC6Faeu$zRsYg*PXI6
z%N!_@-hX-@P!sF!F}FlB!Vlyy<)zeV_o}oAInHP$E%&Y<Fr<<W+@H5(;vpZ#l<XNx
zemwEeK>ts^QJXIX^Ve~F!+$3*z{>%ARLCEdRHL$hBxVBpwZ_cd<?Z+HxHJs3!}N5F
zo?!2|6&##(-#wqf6-c?zLTYOJ6Zx0O!CCY*6DvIM?Ppk=;)n?0aXvg>wVcnWrCTI5
zT|sdeD62jvqO@fQF{1A<p~ZUqE44PkbifZpzzru?+>2Xc1fd~5$*Ip1*YdNEkNAV!
z=ZnN8>LCYFZ9MX~rC_{Hi-s5@5&8y<gx}WN@>uza<;1)qXPF)(lBx8&xxX$s6MUWA
z_Yl8WD~j5TbN%vNmCF(T*&oebCv%>-g87-6$L<oQaqVYX5U9;qxK<^CH!`Xsy%F4`
zOM8qkoG^lFX{=4Q(RXsfq$U}TH)*o*LH3=iVKkz?1cC_ummf4MX<U6rm?c37ls#qJ
zgGw>K4z)GvR+<J+Bga<t?O!kqqAFxP?vgbcp8fjACkaPwz}A4fFyG=MRWMsmggE!d
zF8x;(u`VHi1UR#n`8;dJM(Y=rUs!=)iZqVEWc}OFtq5I9<~L!31n~PPWkrej;}eWj
zSa>u@w@0@+kAq(;64THMDp=x3jj_Air%CgLX*nZER7ABIw>q5DrPD;A&%4L@L;-sB
zQ#qej_xnX+CSG9UYc*^EpU=MC@xX)13zK#QBIJJU9$9~gZ7Y4y_cGo`DNADV_|U88
zUCJq`eCtPb+Oh2nKJrop5iFZ`L7yZ|i>k6o60gv{r;3y$@vl72A6kL!MR^z2#-vPb
z*MxmK%!uGhre@JYyhb5Z>;}+s-bc-8yIx^|DT(v0#5j<c)l;+T;;q4_r4nl*sYt7!
zJIAYYZ;hym!uzkrXsaIXVzth(7-k|KPKWOZtHm2^muhVCA{reh-)~`(kocGL)oBRu
zzH}WW@mve4%{u<EE3<tQ5cVJaR~<|hvpe=zod4*kO2@FPsDK1JJO<Ko+-X5Sa-hd;
z;(W=l?;eGfDvpoja(f5BKsa}ax!<TBrqYL6``ZF6ivD*BgZj{M@RnS@6$bWZ@OAOO
zoViGQ?Mo6)=V!M_Yx@626NeuH&smSsm~!)mlCz<fIqTYMaEj9Aj`;$b%VnY|A`P)B
zwE{7enpbXk@_J3}u0?f>MiS+`2SifOLx~=l++Ka$-21wx!bH`pkJm1VO`h)MSY)Gk
z5g{dO4!+;EiEXOPOHPW|RXbwbAG>=mdkDRp$yRB-UAT1FpMiaSHY*|tFW+kqz<-kw
zNo?CrCO7s~$>e@5Tn-GLtnk>nj8p8?_L4-FGkiv$6YQ;){l<B~v5}zwqwc?-R|STK
zlDUnn|A2<nFlPE&hzz^1u*9-ZVC?5Z`Bo&}mfs6Kk!r>FhIH!(;B0+WM{(dI4D6P_
zf}#EKfFKEP4LV}tdr5r#E=BPkW&4CklI8G*GT!2q<f5Np$D{4*`{43pu9)coy#+!u
zjiC-GK^3PE_Ffd$eSflm-(}A#Xu+rlcm4&lZwTplwGubv=2WaXGVP<@fG9!~rzN>E
z*;3UM*8Y_T0g9k(_4b>^s0JI};(Cn{lTbdgabEgTV~^`kx;G2VVo~dLwrY{bo>6Vk
zxo_VsE|&>YM+K{^pM$w|A?2kT0!}9pXDiZ9a#lkbAYVG4I|{$g?e~aE%07#;u@lhi
zqwR!+b0`@%iO{+JAH<mMZv_f@s3hQjI2MTxB`9_Vs~+mvtWb!1=|r=1G|#O|r3!PN
zPygq3`Lm~QoeTy{!S{1k;QnK7vLn*a>aNY_c!dn$2%AkPx5}d9f&~i5YsSs_kHJ9O
z{F{GhW3z=bD(9+eHPN-dS&RR^1iHZwunYd{7k~WajuP^{^~IGkti-p_FaaawT>iRA
z<J1py9~4x7)5nT0f6~W?vFg(-Eq@ldI`e|yZK3bG=WlP*e_nUNVBurU&V=C~|9v`U
z;d_vXM3k9}oSENs*+{G9L_{;s5uYOm_yehZ@>_g=|G<k-COOzn_)kNI4<TFK|3-BT
z5~}of4^te}NE+D1O|6sw#tR>-vHn)Q`<YOz53zjx6NOhr+z$S)QUiW$8-<-JSfmpW
zae{%G>wyCkk+ZpAgCyP5|8&G;a{cZTK>JA__rK$sSp;+F{LO@^fe+vOr9RDHMu|G0
z`4Q|KO~kqUJ8S_*7zyyg`N8UsZS}tai~f@mtp!t}BFb*J0DbE*P0)<0(bEenEU~Wi
zo<a^5R!F3@Iv2p4<)Ih7SRt>NtgX$A?C3XP^VdraMq8(T>U|2G|DT%fU(uW(fyvd~
zy{(#7#HFF#6!yYne|c)H%*M*gGfp<{-H95LNFVLU9A#GeIYja|(vzuw`!K|o6%a1^
z_u-B9UHbhXMKF>4{@+BhuS~^4O2SVX3BPQJpJ4)?{7T9ZtU;!Mpm^|!nbfo4U)7Zv
zz)nKW_kU;npwj-o*;#<hsxISyA`KNPfQp<7Vc`nQN2(0=2il57fq!sT<NYlTe!G<a
z&RF-se((S1OMod_3i;u#{5m<d=3W`Ewy7t>$7Bj}5DvHj1b!L}Inm!%{|}#T@*XTo
zYFt#={q0fU*!ziLfo;{4ooU6*3Kd*x;_1(SA|x|fs75Nf8)ePP;;Ar0D!Lxi7(k-N
z4*;!fxgd3GOHX%D7I&bf@1=iD!&~JgMIF6XZ-KYeuPAe5!`*~Al6CpQ5*UjiFj<yv
zG@FJLPnkh&)==P8^~=QiuVMWoTbyFb|IsM%h!#T|9GzLjou;Z@B=FROo_lMsfmIp`
zJ_!ibecIul>J+d`8`joZb96cN{{lRQ3e~HMTO2+L(zfaRX~5cJYMbXRNc1lFD25<E
z;I6$kUr98i@^Zj~gtL(peuoa;_`4{3(^6}<Kuy#>(goue{F}y~wVQ>f^Hl-;<bkP+
zv|X9~cZ?^K)GQ+fD6$D^QX7Tuv0zgZGRL_8Q2=XW%1`0R$*K6phZfq2h`{bnJAcRh
z{u@GmU@CGm`U65bvmeSVzx-eG!cn|XXZ|<6#y__9AJ8x?vWc7W;Irbwfb1T``Lmfm
z$`~Fsh+Xb6435zCc^7A8HJj5=lz8|H^luM8>l48~`yb(J)y){XD>d`ze`9Seg~X=3
zW>|49pJ5V7spUehpxR>vH|@kR9y+o!9(uC(^{g#}Tfq!69z=*I-So{JRc=8hXCW28
zG+fSM&=TV}ZeCXM@}kPI!OIof)a#!kgi(lR)kWEjNk|H*;#>i40Lbo(;ur2*ZidTS
z-jOXxE-(kDV>Te!?eD4M=lHFoD#!GExQJz&c$B8l>9ngDfF7VK`1qD#QwXKur=v(Q
zzFi=!%wi={$p_|nfl0~o7}byX!4`R+S;?mYEv?GNmL<EK7n$S2MvYAlWMvxU>Ff<k
zDTkyFaOg{IpqLTucZ+qubf%nS%$j*OhrXJgNq6LY7{Bq!(1;rxF+w+@q$j6`j1d(P
zf!TgVr1&tE?c8mlQKBVkT|Ddmx%SkuRNzs=wO20BrUwrabK%`FrbJglbkOmj(ap|N
z`5vh(izHR@`?x`v)q+v>k&))ry-|ccj@wHkUx)~*4|tTUOs5sKhkaPe9N$^s$FinM
zKWb>DQ4dxoC$W1Y=I=6smFXpX;{%7$RzzzTwfX89E7gKewQFfPA#bHHU!1&jAXB^i
zdGB71*g^G%!&fIu_2*0hY0mACUxl?H%OKQz={j)Nk?dd_ptSu4RMt!EKtEy<p;JGm
zv7%XZy}Qz28@(MpO%2)z)$OH&ZptEzWDjygo1B0-!na%p)uP^H)cL0?4NS3QwX9PV
zmT5xl1crAt=7y#ex788Bdb(1G74)AgY+;ms`&M|J#t>dq$yrfVh?gfuoH9P6buhLX
zo4rjyiVs{0p>i=z3O)W@mh%36KEQl@;DSZ1+$fW3Mo@k~z=OD@(QdczLuHGPa$&)7
z<poXeLV;F>_?MTT30!dR_BN*!<_*8zSYbFJzH`AX?=H)B9$@-14`pi>k($rn*)hI=
zrz1%0un^c(1}rERoBEag@-6Ad;-~icwjUe!scl`c#Cs2N661ByUANu;3CCa2xe9}_
zCIOtrn|T#^$XM2r`hBwMa`EM?Kun$S@}_9QY|QRL@jy|VsGn3roA}{4(br~4Y^7V`
zcfDr$RZ8ZZ>M(yzz-tx?p{XqyX?l;UmCcTmWMHicvz+%@9EE@l2l?y?Iv8l76;79A
z@1CIwi!k$)(|{%_gQuRBRoqN5nyE1GkyRxe7J6$OX<-o3aqF9^x^U5$D(XaFUL8uF
zj%Uf#l%Tj&OdTif(?JnbYvy*SyZuQigR{Aqk!;`7AiDpXW?~rsxt(%@w-OF37!?{U
zkKe1utfvWU6o!rIRS0M65JhWTXD5=_ZnBpJvk3SKnZe&q3b6X^ui5dRaO~^Da&ua}
z)219<3Q2bikwGWJGk5zvSDeT)f)$^%oo5K93>IFb9LfZU9mYWbZ{%Um;td|f35qBi
zWyX=bJUccQdis?w!q>CNW1928Q47JztY=QuJ65>8?d+eMIBky)uhF;n@DkDoQORmA
zSczY}*_A)A%O)lo44f+ryy0u=X2ur94DN%QnO6~Zaz-U{uCxyY%J~aTawvVifBdvt
zx{`u@4N_k~5k??kZ<~uLOxUXLj(z<4vqptowdALD>5lLzo<n0GovO0txk|GKSNxlk
zaB^l$)K>nb2Ohqa2a-6+oH@h6V>M<LM;2MtT5mL$JpEX{X{K9Lzf@NM&(PtfeDu<8
zTk&g9NxZ^FlZbw@sdJ}&^kbe^;Lx+s!FZj@oC|?Z=LCw81-t%2PQ4^&#R2=lea}Ca
z9AudQJ`zHdPvyR9qhg~FS@GzU87+In9*4nu_;5C%Z9aS$Kk#BCxt5H}m;UtHMN3>T
zrs4Zzxo%DR7Od5Oq>qxr6hx|N$CRigQ2frDsF6FdX`z(5VHFI3F{M9yg|0(&XP_PD
zVe%Tnt&V;?{9LG+7!v#aRnPW73<%>#f&dlC_b3FPL`jwqUYLp}$o~ARy3g71aGSa1
z<%&$9Vvibyh?`^-rhy(W0c~{0q0@*>06Qm0D9h-h=>zWk=3Mg&LTQ<GYgpfd=GWJg
z_R5pTR{@-6H~<%ApWdzta#BEn7sg#tF&{8YiCV8R2{R))q6RV`Gcv3%os_@BrruyX
z2{|+BMC%mOVYbDs5b6CWsqNj(ws@>2<N7Z)oeY;HdPeqINtv5sH{4S>#EfQR$)azw
zwdQ1Wtn9q8kqkI{`o^oR47C=0rsG{x3*{{H!{L_r6z!bj<+O#*ht0^(7N3DMDvLwT
zw;$_Kuf4XL#wqX?<#h-g`tOKmUap^ezodqAK`JeSB7Df`&OUm(l;EkM%U-%B^G=P;
zuW7kU)x3#GLm&EgQn-`%UEzJ+YullF8^>TP^KovmxEjV>F<ioJ&7`u+i0zD-aAf#R
z+9MSc%3?sj_vUsH-P^F?J^DNL{eIT3&)xO#iMXJNY;3etT*hWZ6JgR6VhcT%nQr}R
z0jF=#gE;bqIhZ-&;#LOyg@&8!v2<C=qLBWt9D-0<GYj(`9tw`(%_bUQL>xWE9!_y5
zwqK`=lwbX9c+wg4pEu*sY=~?<DfL))Pkdb5hUL#$U37TcKkuRDNhpmb1r-weK>Krg
zaY;qtZw2kNcSjM=XX#qN<&UR_Fk>@{2|4g{rlG|rlJt*}%^4o$^V~G^-!^GgUUgDq
z<jmGC0A^e7?YlWL$2oOlxIU&fx>N<DSWeFv0LXoosGb`1Nu?t3x-8f!0eqN^hSU_7
zJyeqa@d7XyzJ0koi;AA%N9ADh!XVTL@RGr1KEp22s4Ry<tvk=-wQ9c?)Wl6ENF`!U
zfvLi<&CrUEEGe+GSNKqeUtE&u0a&F_^aE0tB(vLK+N56?4gbn`a(hD~lhR&kG)I@j
zedytnx@9yg*wT3VCSDm|gsmnE$5h#;Z*3o?P~zG4O?puL{`y;r&dgcZeu1cTK>>4x
z({<mD*!D-n+_ducdIvr1(3BR2zwe8GW<HD$umlwvt+w|_$#3b=XEQh66clwr2<P~<
z2u3kvG+T%^?C~e=9u0Sh*)2>eYoR#`zfU=|1kZVpjMl?kv-U0=v%f?;7Stn|*U^{g
zL2?8Z5GkX`(N+w%9gV@J(z?-!n^Qi-3QEgiQsvHxPWR#}#2MmF%gSA@`-3Lt$<1QJ
z&}V)3*NlpnN5gU(q9U)SUVQS6%|U_+BTO8RGY_Sd8pH86-(OLD7e`nUWyIGi?N`NK
zx$HmrbRz4&coGq}-Q%=t-)X@q%BFD+DdrZ<SfG${!D*(wv0QtFuk(6kC~I{`v}u0a
zKwHY3v6%h7L;pUd{B6H%`;7GNW=z+PgTbXwTMvA(u2AP{hF)#bf)-0MO5*4}Y@c)s
zLCEc%;gjg}N9#HEiEGS|(HkPl7ZvT0-H*8fmwBEh5m<6jM=Q2RkD594x1S!Dvuli|
zosdRm>6m3H(M|Tzyl7;0Y~tbsQ)J-86AwO6VuD(lH!!zPzKq`Npw>xr?8Y4NomEAm
z<|*dHTg0y(?}#=-O(iJi@?K1~ga!fP=OU(3cc}KCg8{^HDglSXPIxPlTB^o%1~Llf
z@Or`m-{wF|leiVM^q_!I-SW;=QmuU3wYDH1!jgI>yo`*0?s9f$v=fIF<a%4?mHKmp
zkQky(J||=Gcv)v0>_mEI>m5`idv#1u#E=xnqq8*pP4KAfv&U3LR8(+c)vyj4OT_wE
z6<OT4fK+If#vilU7^Jc^-;qEkfS&8mq7M_7kj~@6p?2ES=}7^K$MQc(X+5w(6GRUb
zHRK$?lQpvLHcKt}#DQsJrK&@+!Uw7-NKzz6N!lTP&1wB*I0*YMCY1BQhr=Tb=dF|I
zJY%@pbURlEZW7KKezJ1@XN&;q_UG<6P`f2DpZg<fd^%0AVo_INCAR%2YPdR5l?qdt
zKzj{j!=s#!s6#s&!qr+ktAdu!pzrW%n$}kvN=JEsi8eD?fTLJlP2T;>%LpYXz8()P
zBpx8$aW|N_+1ER){s~G5U#6Mlc^dxi2PGC!boK7-{Z2(A&vYSNUDbxY&Ad+BN>H<d
zA+v2Xo~w0HpQ~|c2B}{}5@t@1?ju3X0Sc&QjiV7Zq-ck}^c}CF*$x!Vwc+Din(1E)
zmM+;{r(Kxg*g>kVI`T1aRy6MyK3m!vFEzRRf==SU??ijN!3SYDX<TWd9g!6d2S3Qa
zhODOhrQ|EoGZ5v8=dhW_VC0QbmC$ncCTud*xZj>jVyGX``v=jjF0*f!B&Ww<VO9j+
zEa6t%dyHyjk|A^%eyX?G)rAWWgdUs!FBbj}+Tj$(Sw~BC+!hM4NcBPmfktJ_N@&FH
z2fL#uQPq<n@)W-{G;o5CdLm~ghn$=wGIQ1}jF;Li$-=^AOhiZ>ja*F81ly%Mtk^oO
z0G%5Zon{unLU|&JVt~zQ$G2)}ytMT~&axD!poz8zDDe2B`Vk$q&-=a{6NahtDw^m<
z7LG`(hKmsrBRh;>d@XvlCqArqf%y~%cuwT9K$vsFEii^y*{nu}ni9dRqyR<L%gZ((
z{46dPe%EZ1LUfo^yc=?@o3lURJ<_a?$(U{roBptcMY7zQW32VT8HX{Im5gKU;%(d0
z9fQ@~gOYTM5tZX+^wQ3L475Cr@`RbQ+aAzVLyA?(Syk161Q1TRKsgp5yXKKocRu00
z?^LP&u)g&hreTYQ5N<O(xs%QLTq6#BmecFnHs4Q7KumsXs3(q398yd6g3Zj#t?l!;
zGC+_-`ct?24RMIxsNo}>g6)a=W6yjpcOHtIZc^wsT7^u0&%RGVGU`4<D6LX>Y&C?K
z#eErLm;9vh<<~b?k1tTE>0iVjFDMZ~${Y!s8?KConSmB_^v%20<qmhqR)ws2fXA$L
z!`&WoaoJ44gGn>KpXSqi>{^+IK~=5W6)}BRu+~jKbt!?EC>2@ugBp~6Z=u+?Vz**Q
z3sAXRHEEn<`!+lBsg-vO9ex)@|CtDX)<`QVnT{bqHivgOMHjp07wTlLAg5b`yS4T+
z2x3e$LxxCPtB}!Ul*E05u@pazfavsev{Kb!MGA!pj)Mc<2fuJ%U^pZ(B+I}y3(dCg
ztW_ttji|7sM8r#&p#(roB1;`R4fmFo4nJ&v;LfG=RjtZYON^o-i!`J;v%dYq5*SP`
z;alo0t&^6Z+&@1PJY_C@o7CVWN|m=8_u|`#Fnz@$l&6B|W3|C5Md-<ZWS7FI!NjD7
zTE$|CnHKZ9hJv%97<E=sbwC+^Ij~W6&G+%ZOW>*SpAFKuIV#pSdq<{VDc#`4ed@hm
z4!Y>}Xt@~4NV+sx1%}%_pWLoj->NdJ3q$O6&obqd?Xtb>9UfI0KhK*L7I!{rCHPy+
zNeG^%#feAh4L;M!dmp}QyKi^Zx3Up3^dhw=rqiomBIIc@c#)BiJ`HI~`2c6x_Ugg_
zZl8&IOlS{1#>{!<1+>nccIp@xe)KH&+O$+a2Lj=_ELUmSI`mxiS2GE6`)Snckz;c-
zn_T<N9jDjbMx@T3oj$kKWZrUBT$EyQSq|vO<&JkuBXc+%njpe}Fkl{54iT*!bZKX}
zwKjGG$owo0olH^In$cT&kv)-?oPNQ9JCc7`0J0i75gc}$aQ*T{F5xWkP(~wY<S9?U
zb#TWx{#ob0!QWL2RM)TZL^NsXNd`6XVq4>)3;~XxwBMB1+}YUJE{OoVKB^#;I4YTB
zz%CfHGo@8Sa5Wk(jT{!cStcb6{JPa3mfJGx1oW8Am=%_Xd@1j5u-}SKN<wKK9UF61
zR>t`uOKm0FvEd*j>{>`JV8cP#r;P}S#tDOq66(iY$NyF>v$2toTJDFCvok6YG4V!?
zRu)jE!#4&W;)C^F9l-{x=!c3dO^jj|%3)07hG%@8eBPWCw(j&Re&XQ-`?#db{OSsb
zxAIDi2zE7ez1xUZxi2#!P#mj6vPw;CD|EJk%-)JUKZd}te!KJ;BX!Ozatd4gqIhjN
zz&<YDp!duhm?Mr>SE5uVzdrTah!mb!+QE_08d5&@glx#zkR+J=P03{QymJL*z32VA
z%`}em?p5%)PZF|>Qjz$b1^~kz_pQvR&t`;Y6Ky)7VRIitWURhYgrSl8u9%4GcYgW$
zn!#k()Pe&Yg3`@o^UMHeg5F<m$!}1RUzGKRb?*hsmFMnVRd9n6yQoFWlOwy!>_bMC
zw8IQfO-=$N5fb7eiA_b;;BMCj++(shvE#hFMU9q&6F8>?hPckb(FaLUtuI`dON2QD
zWJ;i+Sv9qBhe*}4P$LI1RZu{t7Uh(QSG8Fmib>_n@iiS)WnJWQ(XuZp)qlmu6bD*>
zqNn><5f-DH^BS@U^G0{k&RlEHANwC(lV=k3P*0MfQ$snczGD6(b%5Ure1Z+^Z_{oO
zf=D<raGvNt;x1B|)<8`ia9gpc?V7P#wX~^QzTIEuaMz!B!?#Pf_Nqw2e=>wtEdo_R
z4xT8CqP^b&>_8(Gi`E1HD*_f))=4HVLO?MvkGuNQ@yFDWk3^{ow%GdkMg)l~Wd72@
zW`=~@_h+5@C2&}*<VF$V)h-w$3ik4awRQ_Lg{40Y4}h|1+^~t=kUBy<iXoAHnu#;r
zhqu6u07!r`#$&g~r(ZIswx>!`Z^qrShQfr3vCX9j@!tOg<$zBZF*B_tTI^@6j>BEd
z4;9f<;-G3B4o`7;hT3ksiPgnloiyq|-=gwg2Iz=-ngVC$h$}93YO>lC!cYBn%lPkV
z`|Q{pxYEq53Jp27R$rD_B}Pd?KY72x0K6{=S9PDUEQ&t}R+tP_C^WbqK#zD`f)A95
zC@eIiZ}Wkjs)iFTur1wHawtJ~eLU2y*a~?y(7Qn>%*k%G+1j4$4waMcBt_?oM9$Zq
zo7z?17<ap7^68jEUF+C!sI0M2=Gfb=6q0`cI6SW0_ZQgBI=2Ti0{BR<VA<jGgdV$3
z9n{la=1Ut{Iq=|`5u{wj&UdeA2kA+PI#cSS2-J&s96%GE*h(`rtlXfZs~4S|&GY*U
zlbbyOLtoWz1%3IjiwwsnTonhJ4v3*n-;rd91TBuNMQojIdGs+l@%$P6f(w-P+ALp!
z5ErVUNh!8ZE{hK<i%PhSwjNTkO3OQmutK3zqe-#(F#bPfh!8A~FA(p6^O?{T*kk>!
zKxUgCKCs?~-?rD9d?pxu_8U|Tiq&yG9Lc8&LdIrNmOQBEX(juY{Yv_k<Q0>E&raEG
zWs!bFiPNwl-QTDhv1DuE@KMJ6rEsz=`H+rvU=5W>Nu(Hz6g)Vci=uCb{pf8FvU8@^
z9b%UHLV02Nb4p5(&?e!$vfpUr<O}7S$s9SBy~!5vL+$*7xD%~(MV+pV8Nckym!;C%
zfdJ0?FP*UKsu=eE)VxJqlYjvPT^3ME=D~UMO&r)uHX7gs^WGC=v#@eo3$t4xoi>$!
zc9nS?Q#?uWNM5qoLbS@>kPXQ{+gxqI$O&?mK%?iPWImrXr8sR+%V6wZD(CNBX5e6I
zC5y|~iG*&h+vu63M2VFrs*0aMDS15R{mn_(&tBK-Z>0I?nPc$^Ljh`M3+z{{UCC*C
zJ%RCZFV}DZALFq`u|Xg!)u-F=sEe_+4Cqc`sb-oWp`xCe;quOtcJT4M?-Ej&g|;?$
zcWBIQ9!I@=5~T!o(+HpK3Rn9wM?&3j89&<wRb3JJ5qjuCam$?*-MYG!pF9Xzu%TIT
zxA&wA?0_qlXp*Hl_USh2JeizDmUO}K%kWEeU7{Q>iRiu9<)aFxn_|JVdU;M~|CEL}
zSr}PWd=hBh;16E~Q`-<MB~r_LW%N7We0{wpI$o+Yez-Z&x=ZX7a!$JA{CA@9m4h8a
z3PD}Iom*}4VuJ_pmAfGjiF~NA=PKcBd-YV8LCs|HH8n;RIW1I(9>xLFksp(#3(JdP
zxvGAk!N)srHFF&*i$f|X5TqnPHQAQ3%|rBabnbi<sv*KKF4ec|FANRhHGxp9>Ju!B
z2<grfGLAzHkxR(Q{s|?kMyWUjm!o?F>x*$;<R)Z?!%a#duXicfipr#_vEZhe?Aur=
zwVW{pfW+rALuip;Ot~O(hsTeshZW_nSOCnS>Kklg$HekM9OeXJ07t*n&H{&EpGDBk
zTJ6m_)qR`D>K~kDot#^VA>)U9O$0k25)pnSm^HB|ppc^FC<ZBotVGiq-|(QgAJ(Sx
zC<+3-4!0Fru0YRs7tOZOTr|YLE7s4z{Mmk%g3r#zT;9tSkzBgc`6k+4&nI9!YZy9L
zBV!A`ycGI=$!;}paH7Xe&c{vf)`dpJg5GPr63`KhCuhFsVsjtqM=lj(0w9b@nj+hx
z(ixg#cj_@K+^?n)+LFk@l{+p+v2cblp+Q}AHKs~9jo7^05`(irn8L`EjEZ6P71j&U
zW><uX!;(2n#d+U9jPHcT6|g8B`pI5zx-k<A;Q&pVS%cXA>?h(!jnoP-wUOy$o{mX_
z^Q%r%E>WgJHVuP}E^yIU_~-~_@k&Kq*z?y8%J|w9Zo)EWz0R)*d0hs+H~-Ea9k^!2
z0>mLe#<CNR#m886C|6M6iGwH@V*1FaW$^g^jLp!mU5IA=`VJ122t}p_4lf+m`T81c
zC9KdWi5}jG9yXfj6A><$Cg<iRlKKuIs2>#YVV=`C)a9FRE#6qLp*-M+@01hK?k-hQ
z2}>cnM(8*Z>i+absFav{b?9a+Hs_Zb_z$%t2g1}8jI*yl&h(q@^ncLE>urHmw?Eme
zma@9#(=L_%2!^v-*A2I$88u(v-Xd#olvu<H91bbk;ZIRh6Bdq03e|Cls94@egYn{d
zukf7lwsmK1A(Pd^8F@p8Y0lv7%<K}FzK1$zQ3_m;d};FDn?~YC7i-Z6U%?WS@2dFW
zpavLD9a**+)oufqdBY+;9lwS7)d9u0UbCf_`U<dm;hy2+E8}iSK2SK6di&_gwmWc1
zwSIVH+nxC%27H6B<_P_FirK2HMF31B3%m&>A1$ndyOHo}h)ZJ53_((J@LN>aJRZuu
zkuH6YXv<yYYG_v0Y-XOZXHVH$YZp}wf}Z5$jo?q^WLA2#lT_eCKY6Kqytz(^Vge;4
znP1pWz5_@=Zi#6E!`bu8ucRk7KPz21c>G&dia$9oEH_*5Sft2iebU>{syEHdZGx!o
zW9S-XO+Wr#J>xwEW-`U?b6oGv&Y)%;2w7@V66|gMAim~arLK(Cg^BF+w$3EiPySWj
zX#3fHm@t=OyQR=n$`*Zc6a?44AJcw-vv%FCCdt#qXAx0x;o|v?u5c>h(n$Yl+U&A2
zv|4s{df3=~JAvX^axrYwGyt4MEtV`K1}wgIHp1ji;6B!Rd`xQxB-gRLIx*&~8&p-8
zmw+{53emPaHJYIG4NRz{@MLbNuxJ3}Qrjz%R33y%JX(O*xUV*DBL|}AL!lEqNdAP#
zVcZE1JCZ<im0QaXSR)7&3-^Xl9xe5}$w$tUCa%~9Up#_QazIa?S5RU7@QOSDq#QE(
z*h8J2-IhOXPl*dk0*=0&A0EsRkN(a}!d@_3xsf_vNqgqlLrrCP_^RFOjgT;-s-ibg
zp$+a`$%5t~7k`tdR$N9OK;xp*{vJS%_^il^fxA)%rzH0}cD;SqIaAj7J|r`7La{k`
zDvP(a`3-W&K~hfedW3RnaK~ti;OY2h3t`zG1x(ULC#O$YMEojR{;Oa9pu)nJH36Lv
z#8M}m<V~035<a~w4Zi3{t@H4|uDOoSNIL6su1uIpTXBhM-xQxQBDoOEjjN?4kHYhJ
z4Yhb?DfDlC@8z%T7Z4`Osh+X)i^LDRfl>M;s|tr|jW9<~kTM8?3RIGxhw-phIMurW
z&FiC@kNC;Z$P$qS{FCYGz(uHq>e|w!Z&E2!E}7^(tYXtV3yK%!HJ6L%Ck60kS@bhg
z%cQWJJRuiY{opo*ba3deGhaU<YvZjIn%ohXt!(8~Xu$XIqVEF|M|l?&9h>NTdGY=%
zF4mAi`biuU`@_Ehq+U2{5ljh*|KnI3M&!MbEW8M(e&Pno0OWQyb|nk4_G~Z4Fj6Kx
zo$s`T9}6?`Fa5-9Nq!R4P%#yE=9{x6=*jm69TndsB#0-Kv?A~9!L{Bi*2#|_(0hc5
z;%coA;S|Nx(;7B-Q0&kNFL37by6{1(%~}p?T}ukrGU>YEIZF-fEFBXE5vAQm42|gK
zpU-YBm+d$lxJfHC>FI&VqZXZg&KX-wKI;C03*GkP8R@+Z;fz7UJAvIc@Uw9j^9Mq;
zW;e&6k;Abc{Pt1}^|*8QFAB=xGT%FWlwOOzeY0wX(HoGwl+E&Mw4}-}tgIditEEnf
z!OQ9BA|bUIoUD#Fi$^*EL&%bGW8DO1eA$m#vB-C8gV6p5L<xMI5UIW2KG4e^jv(WM
zs%U4o4ZoB6soO#m58|@&dEzDLT)OC`LJ4$GGx^}!q`$yaDT;Nfr4bGqJDzOAfAskk
z06D&g81z(Bk9`iavR_e~jn`a!1pU)|3(+#S2yxNqkZnL_A_EspdhHyYmGZpT<Uo6K
z_WuzyU`ipHZ|gnQe&PE2?py`h=+`e}yxZ$cCJvlBin(hWHOP5*=Q#p*R3*OGHi#Sm
z=SA|>^#`Z>AyVk(FD_(n)Q1Zc-PiMLUJpBl5^&?@UU|r@iHN2J5tVcjLY@?2>TFnS
ztRm<bK(p=8b7&B=%tWa0!TGa-y`WR)hC>H=STrJxl{UtDpbT0=(j^=Q=nSG29pO4J
zl>Y)%-W>w1n6#<{c`}|EHUG{EG=e&?R*URhTN^q@rPtF_%;S^lzoboe((4C&#UGoL
zkNO3sC?1OC^eioYEhxZaN-}nMPH|S$n8H|Bjd9xKLLSxIbe9$TOzzxW-LJlbVE2az
z8UGGpZ`en9ebbETIw;MrDJ~Y*bT~~fnj%XUvatsYQ7u5X(AR2vBqDp+!qxV;pH;Uz
zN)rT5s&PN_wWI7%`N)bakz&S^7ohNB*=0GIap!epjx1t}B~Ssi0m{R{hw~VjS$idG
z>D;?r_fNl+;p|>i1->Wvho{2z8>)KP&2u#nKA+8!>Ir95-<uS?#<|!0$X9tQ&R|%M
zQR5D-zf7cHJ*Yg0K|J>tJn~+IP>j`mOlWRV?OMEkT$aC;Udnl|)jnh4@dM}aw+)x4
zed5hKRWX@zu1XECEgJmXYzxN&<rV_w)rhkuuC1K3@9HD=90xU&jO+Xri*<N8OJzRP
zxT0skw2E(_p59gFhMH}HCkzQlq{nzO{Qo=xf6-w-9FcxN0(?w5`hXUTImrV)HfCnQ
zS(VAEFQ8wI#i~CX)tDoQBSrKKIdvjpyPFA;lI=Q0jEqqOrK!3PhNcTkOZ}u7#cQO1
z5fLafvp*9au$>kWL7X~hAViP=V)8JmRZ_Ru9FmoUfx|(ejw;O|QWpIZtlADHC<jZA
z=p*h=@;E(bkloXr{qb5oI*VY(z(sZDl%i0vBNHb$L8L4JwmYwuk-)0SBt3+aR+GlL
z&Q{Wg^mq4mE4e!D5a#WgzITK8`oj&99}_*w;e~8c;2;Zc4Zk$?64Ql+;zPb)DQWhA
z%sz8RsLI88<yZ-400vW$Fwpxd7WIT)Qo*!h{WQJ2As*kX;<~h-jva8qhiz?iA+=r8
zgetB+QnowUo1!(&WHY;xz}USG0HXBp@Gz!B5<s!xz*y425_J+H{nTZ(jZS!WU#-WT
zC^mW<GB#2^<i9$mmxdITAy+m$5Pk|lJpQ2VcPdSdEpXkn+c#y)EN|wlZ~v_bcJT^O
z(Rks0>+`9#6Ia*s`&69dNiOp{gm;1@<MxFnW39zh9Y)q&u^Q!ihlNL8GSeGg=1+P$
z+>ml0AR3HTi7Ykv+*1PZG&SAM%u@fz7BE|y1+Wa0N>1(5@?bOfDDvV+n6}huh5`h^
zdRE+n-6PHab&p&xs%&CA{*xRX<NaNjR<u0dy#G3#Ods>BEvvJ`PbO*1<{eb3p=Vn_
zWhIjT+wKyLYJw8Kx0zXOkS5j1dE8Rc5+YJkEXROPMn>QDEBa1;*cXW89Gf8xh+_Ir
zq+kIFsA}VcGO1<hW}JgCKA?43ICiARh8LDFS2T*S5d%S0#>iGCbXX7QBD)pUpHvi0
z`x)i+SX&DTgIU*3S2>lDo035qBfKUey~$S+WGE5l_X%#MC%m>6iYFl|$uTNgxi-=s
zA$dyXw;ui+{t!M`g1zAsn>}MX9Px~$yd_zN);PY?-c9Cgb_GV^*A8oZhjVK}j%yiR
zSF|&&=2DTko6jmt6k_<{o-bF@69H*-9VVVY%yP2B7H<VpD6Hs4OJ#b;NqNoc5SJMi
zUtw8dfA9>j%gvlG@<z=Qr_>XU4i-QMn^RU>ym~O47*gZSxW4>|#=NRM9gNI^0I2nS
zU{*VWV|wYsEXD>`Q1-$tVSdC&a%R)19l`5^+4Byd6xB5y0y`PPK^;nSa!4YFV+`f2
z^MtzN>C*9y>e6va5I375QT=C!@@}v|{@_VVkxwd^3M}|(H}Ae+tp}_T@CU#+gb`~^
zQ;rQCjw|L~&+a3EzP9c%OrXPTRHkWhTrve*&xVi8kN%Sg-48&r3y~pfF>7tymVgGZ
zOh!JZ@|(t99VPmQGd6|hkyCO+Oz#9vZ@_Rt6*2}%GY0J2)!2hD@a>RbtZ818p&Syy
z*V>zg`<1MqS}0&-)eyfWvQ+=co=k;@_8kpSfRMTpsnhI|_27iN&B7(7%R`op0Rq;n
zwzOrXEa~bg*|_REmjd&)v(DiQOA2e&i&;--^Txww_8GHea-mb>IL3o)UQcE7Y;l&&
zhorq{V#()a_!UH?@oR1NRk?tY=Hp*QJvo5&H)HYM6{9Us2R?37^LCgQ-WOTWV9KaH
zgpUzYuI<Hp!jfAJ?A5%sTuon%YBZcO#6jtat`1&D?FE<q#fH;HmNI*y<vOhL!yRbg
zp<I+dWb=4Ysttnt5kxEp@7226{ElwFjdy_=r-Ldf1(2RG8UM!G-2w-C2WBiWKFQ8U
z3a8I<o44^=w*Ll(?u;J;#9pw-4n~0Afih!6h!Zug3vK})R-6|kI{H%s3e*Bo3>3kG
zrdN16S~s-FD1IKu9`7Jie(32lztKSzD%{olhoS4QWc~XsZ<#<MTI!n&UJ-2YpoIor
z876_pOxBSU$>k{oGR1zYPyakq5QDtSqE;YJv68I$yA4)Y$(y+0gTS}gV-1$e=409z
z8yLTb4G9Vmk98uAN*vpRYPF0Z0S7-L3tdu0qaH|52um2RN?DviIenn-+GKY(p^t-)
z+qq$9Fq6wAZ!W`RPW&G)z~;03&9TKMQ^iFfEsU-z+Jw_V8Tt49;LT@alVd=m?ahNf
zPYjw>9dOi_n;g^r06MdnCZJ{L5p_sFhhq{0^F7oyb+#1vGD&{gaS0{%W!iBk3WD=1
zyt%CI$y~*((+SAjk@OI9xz;&qG<#P+;Pin==W5#Benz=L|L*H=FHwX2q*s#LptOjk
z!9yUNAN{Wb=<hUUW?GkBYCcd*FlIFG)T^t9x_$tzBo4+0yufSMVNN^x*gK7c9UUm6
zS4Q-}I$NFv7NpU@JAAw<@C!QCm$tX0k_v%rl;D$tK+zQG=c#;#sIr*mLu1~Lo~qs8
zj84mt3}dudAb1JGy{ZkcEo+A7$N5SUKfG%N0hs!pcVz}+%N-v6KyBb)LE)LY7<(l4
z({sAIfU+jXQ4d>__ulN^bdP`;4n~4co0FbFm`&pcDd%D#T2qeNgYbE;gUZI3`3l5Q
z`*Yr*TuG&TV58ko-{(Dg0ohX!fb=V_Ef}t?GgwHWXFcun&0P#}ITB=IisFZbg$pE4
z(mXG$cM8A7HX5;qPK?(JgNX3tOV;+=#D0HgzQ;#!co>sZ*grFDlIhcKq)y5>K+uEv
zc8UqMun$P+qJiTCpx)L3bb+-dAT#rXt~<jB67Gi&bQR!(&s5PYCicT)CVcGHiI28;
zJ%~U&@+NSjg7yILhBut{(SYp=Ks+NF(wYv%-3g~^8!QlEn;6k9{>^6eaBL>uo?7CN
zAX_zLw^LX_>kE{n&QX2&_<KD^GatTHt$Qf%r&D5r)YMExaeejE`@8EEbi<($E|lYR
znTwtmDH3xO6i`X~RN8Ko#VkEZzG+naZUhNHxm-*tMyw*(KXYUnpUU8w))9FCEXUST
z7N9|rI2=k#D{LL`UJDL-{-HWWwamz5!GUcD$3Y)H!vo7^=(G-JCsI%Na~7PV5l760
zBU4u+^!$MJ@uunJl8mXIYCv(BX<9eO1+Zr6ulQ2|Mw5Tf3JOq+92ua^niixyO{JRG
z(=VD=2+&%ZX*?Lc#2#2C0l{SB*$)3R=dL3KeumtrWWq1U@ZD)rXK=FT-W4$e-l$km
zTsF=c1T2{SmJwF}D<km!B_mwHRdA`?VIR^(R@Q2J&8nEbjR?)~d0FsEfW^!a2bypw
zkfMDGV1&_Kesx__XDBY|>CgBYoG*r~?7*e%LU$#3k;Lps#WKa3Id4IZZ&Xqqu2?vz
zjUmc~1q7OT?~YG!5bG1Opp+5Y1jvwugQf2$*KQA0C2FsI^(*3}rEax%zk+Y^K@%K}
zx`kDBxtuvTJj$Q4ip|c3-1&H$hHd?CVMBoR&#^~T%+?S!;@-h}CvMOQ4-?i-P#kdl
zmMd<lA+aENRFa=E(+jr;4A0Yg64C}>r;|M+WGYx<hA!v7{z!EAQ!7{gr*eb&;B&)H
zBz#slZ!?MW?J-Xfx25GFi*5!$xp_B%gcO>7JB6G^xE!;P{G)KuxXprHN-Mxt9>r3)
zXd2AUEI9gey8^?yjdj0gE${0w5?cso2ERz3QzdbN`6vzyVUJq5)H#h$a{$TF#amSv
zWUF@^qj$#|>Mo;848yjs4`8wJw==B-Fh&>db0|+K?yvxpvUqF-3Ak6e1}V=y+|Mm=
zaS~^u!UI~bwZ`^#{`BDfJ!Lm3X2OEZ3~ML)&9&0l=@H{Yrm4CzkUO;MGj8v!pB!#m
zpkiRGWJ#VNW!R0arsuW2oariPGl_>`$V4NEc*8oe3%Vg=1Z0|RJNC|2L!4hVqH=qb
zrBgm)y1VOkBVxJ~KpXZ&bVis@V-OSf?`FQBO+qHpylq^7SXxW>1Mj&g2LW$a?TF)_
zrxmocf?8h7;EkXj(20U-j+uFV6ez6Ve85c1abtf(A?Ky_BNJS|6QUkZd(3Gu18_~v
z54iUpc)jtJJOgSrFDu?O&4;?_gglFR&^FUtEl1J<H#Cm=dXe}KHvbsMLs!;SDckEV
zO6`16$;Wqean9KR%+hb&c)kV(=6ZVx!TaF5pN%OMqC$Y#JVL0CG5~xN6EnMoL}QS<
zH5D{RJk&`U!z?{4QJ!?p0~?G3!m9jF*2B-{<EzP&QG%pDbsSA?=p7fMw}O`eopY63
zYQCs~=R)Dz@2p#gilnke_bk*pf;~ooDh3*1i>6^xKH~~+PYM%8zyM1<an=>z1>(bM
z->===m_>KTRSCvaOKN`K`#3Ty*6qQc0d99`!yrq)2CH{^TceHG123M{40(b%IHoUf
zv&~tW0M&wG;Ph_7hK5&mzKmK&euW--+p7oa%?XIb>+y!+X;|;&4bp1lzsZ^XI;ay8
zz@iO0NDJCd51VfXY<nPCsfG;Zz8wv+EKlqA1wvrLqcu$DD*Q<FgagS-u{DmI6zij|
zprvMbF9zARF9mMrzBFt!>293aw!js4j~z~8Tz&&iZU*Z<BWXahPRv;Oe<p{@CV7^Y
zsc89y!{+R4CP9p{>_&`JbYNyt*f;NfBv?P92){$YTVQ?IaIRCdno0{MY!USb^ruxS
zj}XOC7>JkHBeeZ=#KD+rvHS&{`pXNlRjv2eoQ0@G7AnZhA?Q_Y4&_uaIw(Y)*?h!_
zT5O+ABNXqa_k|D5(|V#FPWT|JA+2zZbT63xNSqq0@7nC)r=EYf)o4`G-p7YK8Ml-(
z5rhDhGlDZmyFXbHR_H_Q6|=zU(eM)a5j)H*$L92dJtHM$s9a`L-l{{3pPj7`PM=O<
zjcy)<4YxEF*`T=m`Wm6Eo@RUT!LE;|Qo7x<AAU8>7w#N)SNKUS4KC!r!Y?P1>309*
zQ#0SAYJPe7(9(P{DXRlGvD~<;b}5SDK-iXhT{RQV44O)2Up%I<F*B((djf8ov6m62
z3@T=+B$uiyDGzm^ib~a_%+_SxQgD6c>b~Ug3VP2m#@qZ$TkIF?hUM13S9%iE8?;mc
zSE-sd<(9r`5Zd`1#c2iNaAo8>Jx8mxTeA|r-Wy(@ms*Anlh?M^Q)t-^lNlN~(;tlZ
zMo5j1Djr)X6<prgI2m7?@W7@sB-Qr8-VU_y&Gy_nVDH&}jiz+VxlqK&Xb_JkVxxAj
zvJxeIIUll&H3JH?!&}`3g0VXh<$2|e<}-jm^l(x)mGgkRej{TH8zMa5MHdxp_8$hj
zdPl`yg@lC}Ql1O_Hsx9gH6d5Hs}X#)VZQ3aIP9|_`VK}lakBB}DSU1^$J)nRK?XMh
zJgwO=)gLofm=_icuI`bo$JMV199&TRW?bi5h%dsm5-1!eCcdod>=&Td1dpC`;(p19
z9l;Zl57uU%a`b2UO{jVX&sGu=kH1CpOSvxie{{VCP+eQLHkx3;HR#6Og1fuByA#~q
zB{*y>xVu|$cX#(d@Zf|1!FlU+_r3q^KK-gFs-R#~n>p7UV|+H{5cg+)i>{a(4~|d?
zn<o4Ydxy;JM!kertgzQBF*Khd&9u(?J-vr!u55Ygw}JI{DXOx529}jV#z4YHj3Ywj
zU?NV%00;m!xp2k{IGK(&4bS48_q;js(UcDyTMwaVFz8!UUTH}m$fO%tF(|)7sy_G^
zP3y;gdHV;h2GxvY72VPm+NS6mpw|L=?OD2+jlYe;tq?m(fq+LK|5}?vlKg#UqA0JD
zUj-_FQ9M8VCP`JU#>Ixey9|x~K^DkdDA6DpF4ZeBmxvCY&-}KM&2YBWK$OYhi_$8V
zCNCjG5>BisM42i|313!ODJmz2$kG5~v=#g?OLHK_w%GeTOgFp8(aXg2LAmGQlbkYM
zQfjL4X`HThSLUSgUVI|^E<Nx2?v{ZdumiXV>sD1FFc17OX<kmoVVU`x@`w{VYCaW}
z7FGFFyAIrxIJ+a>OI6UqnjZ5+?w7}P(DSw{V>7UT`8pc%NN$MhzIR)+dTi&;o2_QJ
z=!q)CsU6Wxx}QF4eZq>cv+j56wtA$FnjaJ@S96nETa8xvR-P-M6d4Tj=I|3;Egz3f
zEjsLETIoBU^QMy03tlkS&752f?wA{3Wq>`KecG?m4lw7DO})DbjYRx0`;<g$XA;F@
zY4rOV`WR4Z80JdBD|+PjoF={la~dt+Mx<A2*0Wi>hOxOjywCg>H!{~v2yVH3s^DJG
zX^@E1#JaSW{zh5MBpW+5I1%mchNI(r5N~5)b~tpwn#G;|(uksHDP}sCmVn>aix<q6
zu7l(<6{8sW=cLN2=SV6XU|__qX%7DW#AbE;uW0|92sY>|X7!R|_*9z@*7N$qUu|}F
zz)lia^{+PDenZW$`*jDnhw42COO`;Cs84seO!;6^bSW`EKN3SJf@E|Qj%Q?C^cM-x
zmsKtgBs}M?R#D3~<`Z=4NIY%_Gs_x>kTqMAx}o>)0lBR+tYcPrZGjR^{=8Lueo9~W
zu`ZD19r2Tr_v4Wv>;&V{K#9iQ=+3~Z$JIMPO(vnxipUJ-N2ab8IPbBR1qpgvs_OFO
z3OQV6bI9R`bnB98viJR-V)q%y<nvg#$J6Y-@gLm!Hu)z1$7JFH0%UcZgm-?<nKNYW
za=2GQ@u%hN=VD~x{r-86@t-@Q>BYHgiw1~c`HZMje?RPb7{u#R(be_m!ZNH(+84#I
z<i$*6Ossqgk)pTm8ehZaa|rC~SgEEwTo!Og*R;*8%H>5B@MPldZgO}u7Q&1ay<>ux
zS`z}1f`}kE`?zfX8k%i0pjnj5fYeMEkEQ08psAW&H&3hcYQ!2Pg3RfDA`kGsuT^fv
zWa@+j1poQb9gJB~v-BfkXFZpoT57)JFdWRXoUG#K_+eIH;5xPamVjvI`_h$MDt4Mc
zHu~Yev|PT_y?ij0e_p&oiH*2l(z}b!)2rGT`C7DXnLtxMlT*v)anpWZv0={pOa+~;
z7co(X4qULF@ox5TfkocHm_R?1zqi`6P@+v9m69LWk7f*;`Yf*R_Nju7HcyQ<54=Ri
z&5aACOZ-*AgRU+g;}U&8(6gi)NtS}5pQ1eosm<dI*@GWctOHZnhHHi7R`zlaX?bcr
zXZr!YHXX&qo}o$xv)N%gtUe0<@Cujr)*7~=TNgyTYO_pW)Bt#+O1GgHTRI$<m`x|@
zr^E0#c&UzvX?$>8G0o#Ov+roV@)U3?)J0=KGi;Xo%gpbIwM_qzo#TShE(h9733%|E
zka-IvWBcMu4G`{HLz)Z~Av4G8(QRKZQ@NB~sq_5Ik#NIsHT9zRVJo4NG?zpE#4bH`
zVMA~LgqQV-QbhwGj?u|t*)Q<2HX)VuyL;?|Nx`z)8D2mfMa{}5g5bCqS?0FFmnoDe
zUn=v<OF;iL5{<zEagLR82Mkj%sS%{Ik`4v|#er<ai2J=(?(U6y;Dy;#EI>03$V)!T
zm`cp4M=_7-FW^%D3SofqhkfT2w%Eg(ip1@wpwV%vuAIRJ@8IS}=zqkLRmBsby@$1P
zh^rWOa0bOH%~bbULnC0H@~3XeL~TX*)Byy)47-hQHHAt(_#dkOz0>jQKW+c1_tXo@
z0c;*!25px!bY`fyb;r@hmbMZug$Wm>g3Z1c6_|cbD1PQsfKFMB1-tp}h#w#~xNP0^
z0$y(GGCn!35l}NQge=&H3kV>?!NJXroRCoOTO@w;f&k%)#REyU&Bm$0fnZOVRoLJS
zW6_#S%VI<mQA}4!<ouoJTC`%7oiv$9G>>h_LOr->YU0ZczO-trl&zo7Ry~2LF=quG
z{7!ce&>TdI8&@XDyyuAuluSkq^u=~d$&8?LEqxnEVNjH86MSbp;knDhJXq3NijzXq
z+}igJ&f<%msjdV02ogaoS1PRA+>S!(4~0}1t(QQCpo@Xrb*}$AUw_IZ1r!y?w$l;k
zbsNSkct$O25Q&EQDkKt>Uqp5$h%jgCNUVG}meE%`H~0T=aB*88x?|77w#&)cI*myk
z&yDJf{#v~7j)~A@VG?DxE+cwR;JmBUscLCdJExWO8JvUhgG5syk6Ej<fA6RiX8jZW
zxhRsY?^4~dZTH<(2eA5)jD1P}0x;cM33D#+9Na9+zU<fhvOsho9(I`r<z9~DG&>x%
z#g^JXAZybU_B*>nWRv4)ea#0CyNPa;c>G?`UhwxzfVFG?Z;&>$_YY5>e|JOvHHi^h
zLhImjpu(=ss*b7dJy3&*(l0@HfHm$B3Tl;kJ`m|s&wj52+p?Mv2`txTCo@h`GIRy2
zvbuWcLaCxC%~vuWN<a+Os?T9>B#IjLO5eQs?A{|;i!q2MCWKm!9tx|BifY~>yr6`z
zS85ZuM`Z+F8gQNqjp%U2%W|f;yV#B+lZ<5=QFJ~*y#aX(2g2tPOhH0(G@gPKaMoIS
ziY)^m=YC5RYET+2y+d+d>^9aigy5LpT7rv|k^{Xv|5l)|P>i-k>S%h^@G7TC6^$xf
zKrKS0Vj^@YY@b1y4DS|>>}oli8VDY;6*2dM`{)eK0`vL93&M)FOk-g<%I?A+jol+Z
zL1?zSy3OBCd%Na1OsnU#5k>cY{<!1vv4JVBQ$n9ymh03kKnko^q+Jq9VLuR-%JYdo
zAo=iJD0E3UhCL>LB;lRUpg@}DC*O>WHe40@Vlhwrfd?L{vB#QR(O?6oR@tai0vTc(
z(;~0MB6>*L?!6cJJCJkZUp!Z{oP*V95f5i}n@v%pb@pxQ-DM?A>|zb8(VoMbQf{`;
zh|gaNe_J^6^$we&ZVQCQ<G*3o(9VvYx_@8XJYD!Kr&Yds5g21HgxZ9#q<gs#!6W2M
z`|O}V9!b(VC${8#rZ=C_1Lwh!p}l?tN>UvRBvDn2afReQ6aKx;+0*!p9GGO81NV8<
zR^xPI9thB{NnMC0mo}l9@?~&A4Kgz*AjIvGgALE-2eIVfri~FU6RL(NM)T`EnYE3L
zHf@tMtN;7(-A&nWi6|II+cF|<I}Y{^2gDYS{!S(HApr0nSag1-H5i+Jy2tQCTlKu4
zGaj`3Y1gcv&l%E+2%#if{`8DCSctS#k}t-Y5sRCsMd!Sb24h~>UIn!r)~+BK$7W>O
zqOI)Ri8In!LV@wUY5k{%?v>oTlP!Zr2}l{mlmzx7S$1AXjt}k*BbhS-Q6~$Sqj-ss
zp@{+x?=qKy2R^v7ewfP3CqpGzcwD>sy_FlEkq~N5XCS6<@$lYYD93@&k^rPL2Mk%v
zd<xJN=Aw0BCNIgylTM<2DkTICpRK0LJ|i{dH!nH>EZ1cI@9)XS^lo^?N|_Jp+Dahx
zF{tOuA;{npP^<#5Bl2}zfQ4U2cn^Z$#HhDuShQ4WJ)O~e=Y2M*Pj-6_d;*J?Pf{1-
zifb}}9D0Wr^cU1mnw9iZjYh_JwIhRhT6{jm17sFty4v=<Y!=dN7-Xi90_1<k(1P5N
zGacnY>t3w`l#Sl*>^kHSpgH^DNdE0U6YDUY;=wE90cPKON3BULHBHUJ{BQ3mzv4Q#
zA*O3<)3f72FQqwAiF_4C-Q;|uLCV;#BgqhD!1s3L(Q||+#X}|xK6_z|C(baA&?G)7
zKtN-+V##1*rlw;Up80^nqJ@#071p?u8gkh$wkp>LI2u+ZfYJF2r@{MynI}JceS*}$
z{hRl*_>32eZl>t(+9_6kLW@aZ#Ai|(xURGwBYJVeAc}M;gb!m#?y#vIWY(D88@`3z
zPt@Km(c50C5~OqHctP<3a^<V6{n$+YH_GR`Kl&^AKR>SSJB)1S`ayjOKiI`?*?eC;
zt<PFmQv&~&aj208xRUOLu*d@0T6+V5?n2bm@6(0f4R`zk<$M9)iMaHKM^2OS$#47&
zfZx4<sO_-om+NMHX35y0$)$4qz~S_!)+Re`?0Zl!UmuSxi)oUlx1LUs^m=`c5+vxb
z&g$f67#`6l2e(x&9`yC0Nc%c!@uGJi#Z)kr+=J_>%f0RC@1K+UdlT6UuR>Ce7QT1%
z|8R924T0(s9+9M`hX7r_*giJ`)^gba%O(pSf_KH+iu8?}<v@_U7@>AI^?yF&z1+2d
zb<e+xA@@{GQY6L8?UU&~(%)jZU}i~!m$7qHU+@eDDETbB=8I?+hV{72_ljMxh^ahm
zGo}479nQ-!RiHB}3VgHp8b2t{%}FUp5ATnCUCRYiVtnDi#KfE(v}CfJB`zyiB%X+w
z*m+%U(WCql{2qjzrGUnO-NhgRnEXb~&!X?$OEE~f?Px1z?|-$#Z=5L|APT*`al#?#
zuusMt{~iXHl~;u65QHjYln4_LwQZkVl-rPiCxYaS;8*-_1Ik`akWK=ev70Vv_vi2i
zk@15)zr2r1+%w3Whokh|(?0(q6ZQ3LiQR5t^LKFJNI`QA-XZ)p=aG8km{j*O?TxM@
z!lJ+?b@$!JlRq@)Yjb4KfL{aI(=xc_WuArEOv^si4{o)}{};1XwMG$&<3K8RPbV~>
zb*j65IKW}IM}OT`N2vRiITOFgh-pfx7sHwR#0r1+5)u<6ib_DRz~T?Mw@2~Qz~*sX
z9}@s^<m2pxa}plptz%n@6f)4>H@_xD24OqTOoDI*0uhCQ??_ytrD?bRV)F?&PiM1Q
z%vGsCTZE&u$HR})KCXsd_<~zV^%R1)nkCO}Oa9$ZuLJdA$V)1A3Ti1LKYo+_Mkle`
z4vgvDQ&RqM-~SlC*V8~#v6q$9rG7<L!H$~TvGL)Dq*l6zL*|P2brlq=yNA(KaDIAT
zJ8O3VqbLa3)>mKuRp9T^$XO6D)A_Y|hQ6a;86FnGUg2EeT%+emi%IE9`F!g4ufBih
zYvc6`<It~#nlmO@hxZ_z2#Leqt=qQ`l~eE?13|w>;>6wEIUqmLCZi{pDmG+b0@onK
zj~zIo1v<622nD#WWg}|L=k65rvok26ITp)63p4Z{yM9|y*WkrN#_Ts?Go20jZLA7c
z#>BC+TCVbufF@+gr0;6;_pIO(DVJEgxW7Hj2aY~{kJGV2uC7A@wSXsR+oo<~QCDjo
zbc{qa7b8VS3<$@P8&T6Ywnc(ZHxu%OATPqiqe;mgkUfg`bk2okQ<_u3JriILgUpqA
zm-tj{Y;<?U@N}{E3-a}4PEgsaBBbqvx~Bb=BV}C<g5xi@#c9to)Y!`c(_O!8-F4dm
zSDnR&d6o~Pw6yK!zB1oa*tw_*f~FEA=yFyKaqDstRm0|U(W(+oR+DfE5SNwOS+iBb
zvemIt(80U^)J%t^<KprCQ!%HN(I`Zw{Aq*^gB6$rmj5*gh{)P}VzOc_mkBCPDB>}O
zv5*W$T59<fBjvO@n*rO&_dJc5RwYl*zFq~ONY)$o?OOW9TsGU9&J*`|Ur&yeXq%}7
zyHoh5@mgRxXMV0H9NA3fcnadzN$7ZZ<V{TtG<cgl`Gd!Tz=kZpB>oGbmWFAGU~AI!
z2^ln|y`V`*65;TP=W=YLziOMCTOTMC*CAuz<k9V{4`2EM_g`sn*uB|Q7Uoe23WLUM
z!{p+HNm9RMRu;&H5Rd<G<WbgE4jLYoaQ~#QfGtMKT@Vox;(4Pe`$dH0%a=AMG3$2#
z>8gT+nEozRRqWTVz59nzk~I0xgO+YwZw1<p73kAr4J39MkeL^TuM0%a7)yo$Cz|bS
z&fm!q$AoRox%bseUox^b*}zlsOj&$~4gBC-J{RP9`yRU8O|~s8LuGG>T7g^1v$bz)
zM_cQh@nidG?3XZ`ze_FJ&t%!HVy0lYva63v*_e6o`F-C71l%bf);%maT$ndC?K?xq
zNI>R1Eqq6WFbsI&m*U+U&zCmPB3z@HBPSu;QjJYK?A7CdGJ~B)jc+67h7af<PZv&$
zq_GApkT(`Lgn+{P5U2@QmmfKHQt<g@vn6I$a+vD9IfEpMI&3TjfubK|y{P>p1;Noc
ztUq*mHNURA=3JZo{4Vh}z098W+_?itK#{Pp$8{ip>#mwGTslYtx_c%dmZ8#1l$b_E
zH9r(%St=MB!ETsh#ME2Dxh&RRXwMbe79Qd5$5ZW!(RS>og%*eH{vJfE`1(%f|MJ`u
z{H2u#>%IeQKrW~d$DqjGu;tqL_edkZolaJbSF=g?WuT`8-+XUmWkY3(O)hX{0wi`6
zo~XhHj(ZcxLg~+O_m~U5_TdD1#voP^#>$ijPJIriZWnrU8Gl#$Gi1S7(rwLZ|45a@
z2^wU&crTk5Lj=XLpEV)8z1zJL@=ZJ#EZQ_X#)IXF5-yQoFfg17v)@khc63^1@YWQ7
zoL1Erv2@b4+@8PAHudY5B{f}8Q_b?q;!gyC_{!vR+ojI&+h<tR$Q?$C_Fu^#i!2xz
z)qNt7$l^p!^<Lb{_XjQe4bP|YKTl=~-2Phr(VLFPaoe<16$@55u0ay1$%X7_X*gOV
zlOU7W$S8@n$15o^H(HAtm5-G0Ax@oQg)TMzy*qnFk&=W3wq8;?VTE7^P<VsfbhN1-
zNZj@Uyr20X?GRh(`SHkh)hE3~XQ|?)B2|72A<RP_&(qlfbKK8{KcTcUW)T;5`sJD?
z_EqSNYTC+{{H7h0R5bsi1z@~g{WU(>9C|<oSYcJRzhA*#yVriMG+;T!lp}ESTdhss
zuj1BrLj?q}ir?#limjuIej;g+oeOGNx*Yu^iBJjIPClE!&FML&qi=JvzkEKRNJPdo
zMELu1qiR5}1IpXzWld4kUIGr|cFzQOTgxZsQaGwR``|H4qgxy5UlSpb*u-S47|Pb{
zm7=1;Zq}o0qQpm1%4lcqe_Dq1893{VP2qY+jR*3TXn)kLlVFGgY9)qnNaPNrVodYV
z?G7TCXt<L!OGG>t^p`NX5R9FkW7HB^qFJ`T6wK?}sI~p|AGh1CATxU7hSdUntjck3
zq<;Msad8>ycK=PSCj)A?-PnRl2U1=pfTLMZ0k2%~xkxs?`3iY3CjG}sJ83mqQ0ft3
z*N0%@ALTs(5yOu>cj?5M)cJ8>QR6;=&gVf$96>8Qz|rqCaUG39&^z+>gjX+_wPI%^
z>Snczo+uPc0RO1x#C2vXzu%s(!>yvGo?`qn;<w}59;2i!63D8W@l6k`-&7LF@Suu;
zK?2+RsQMY_i~+{*r|O-9YN9p|oAV;-AW53&BimXQ;{H!{mQMe=grF=T5ekf}aOD>!
zdXDE@?x3o#>tR4C2eaGqvHQ7v=f4N6xp(Nr5*=QT7(p_Gu0FwRY7G*>>`C@ue9nZA
zU2rz!1TsKKtg0(5v9|pvZs1~CS>R(x0rLlre5HiA|6;`q(Fux02DNL;duTiYG4`t=
zkG8Hn2IP>SN4z2lroEp*)qt@@qA(x8Um}0zW<-&Qh6$CrtymRg2CG#_)WjFImtb*p
zWEVr4y_Fii|J>q4LO}sd+ZNoVFtg;$eNw4VSXKs$SxRTzsAKH5Ivdbygb3n<#7a$M
zKY0HS&C&4kjkKCz&<S-2>(9et3tuKC819p0(7}$LEcFq~#YX6L%UkT@x#0al`!5T7
z`DNl8Lq|IF+E%QnR?mQTF<TJaDk{#yi=n}YZml2~yzM(}Jw|_jt3Nu57jy83!Hk$n
zXW>yC8iIB|B>i`^Zab1~7$Onakf9S&$FE8;JLm29<*btC7at-&hTR|}yTc&BK+E>w
z&=cUbkEg;$+6W|}EXh4xTKlGrkc#;`C?rQVIRfY`&C2J4BP&^MwV3K0vUZdpGmUPp
zm#NSRIOciy^O1`Abls<V@|2%m`A=gxk`nC>+I_UA@SK;$NUQQ+y1ILCmWk=R8|oj)
zIP;foR|u-h9E9~TU<n^UE6CC##D4cZY{Nm|9?giB|3Y{5mj_<mV@Ct+I3``=H)id*
zuB-EACA$<}TajY3l|8u(HuLodY=t#0w`qv|{aCw&)fGYCfd&yyhnO(vWU9NJA3^+p
zKV7MEDIzv@cs5@&Av^oL#*{2-(rM4J?FTxvkfU&5OtGx#?9f55N`9bBHH2Q^n&se(
zAa-8s6>60RNcPL;CM~AV{p94x_>c{%ea7Gs@siyYmpHsRIWu~Qg4zz7PU)YPWs>Kd
zx%tjhJw`lUeALNbOAKT8y?R78DOkUp5JhJ51x@YMc1QE``uG0Y6^)3TBk?#B1EeQc
zH$<00Z#VREo%{7EpRyR}`tB~@zWn-H>H%8Snxu^33m|<u`-LfJuQjsC^{3kNo8r4n
zyl6<eJN1ITW#%Rg3m=LRz&65jSVj_##BEV#5B><{Oo#`HyBwdKbi%MTvr@mGSY0&g
z2=Cek#8ST7_&CoxS!MmZ<m}{Sr2HrcyJWblvjT!ZkdXioXtcr7m!bQaF9-n85Q?E}
z=^@xI?VnjWh@K<(OEcJIEqd^rrtz%yf`ZXcu&uQ)CUt;`cwaIVW%TdTlN)2`)s^p>
z7d~d8h*}ElT;!%m9ltjvb2h3u(!eSFho3k8r4GOQ5%llc@EEE09F3I09LzFQ*0LzO
zN03iD==ya!)n|btLqjA!Kb6QSDM>jvQi|!FOQ{N6`EGu?2Pt)dz5*dmsu(9Wr%t<r
zPHY^@qLdMn`Grd-Ow>N)H^&3U&R1-fTd@Siq&|6*h!vHynR6JNY(6f6TZi`d#{3n6
zZ>a2`p4&DybrTkq04EHUnx5*J4y#VPW(tZ7xiAY2|NawsZvAQ2<I#^mWCopq*Y%$?
z=QaFI-x0`9qWJ5%aRJ@e<n=Hp2*4r6=M6=dYZ&_p)NO3Es?S(?N^CK+2$-K`FARg;
ze{u0;kBj)zvV!yNTI$o;cc^-7@{R>!v`&%{c@I)DiO8N<+0$uM<I4?g_=Xy+{vfb!
zwrH{Luif=fChhNmahn{!sRT#=%IUJczScC=f2D=7qlSe=!#T0yRP<OOgl#;g0SaDU
zZWA#4(i5;lMH!U290B_5&M<ioMY7A8zb_V4p%6kH8Zm=IdFR$4%mS`68Cq6~q*eP?
zKu_CT$e{#T_1U)r7tLx|3D~U>LFh;Ly8Q36JFzMdhwUm^Ja?>kpcA8STG}V9fL9bO
z0okMjovjdXsCz{!rff6~f?!c7#gHgOyS+uK%c!0N7b=Yse|`TY{4nn=5TCe&s4B>h
zdtESprd|WemIGI3p)l0Ohg;b>W@R-0G!!Jfvu^t2HR`5%JNH&#^#_@aU~?mp1+0=|
z1#^_;2DCOj7<FEc`MmKxb{K5T7i<wZJC0mN?3sB=6?w7N)tNtBxr|$MoemfsknmQO
z2<T-hhfhqPjTlrbl9VLHTNXQys{svF=l4(!2gS>g`P_uP&j1l|#=QD7x=v#K^usMj
zr<VDx&nf<Dql`Gy!2(gP=+?#3Cq@<hbin;Ra!=9_kDqzmQnSd^!-bOcYO6Wdj-~Wh
zwg6zV8VosGdk<d91i!qe;7774dU?{BXuL6tQ9RE681~P+z13&HruqGUZJOS{g?_jF
zja)baX#ZZAiQ;+oGldpOnoOwxg*pJSy2{$@hO#9W|7p-=a31{a5$f(@YpgeV%*<rF
zRg*U9O!tZ*^(piF4e?8QFB0@qN~f$5%@R8L9<$Rp8%~z8<@MXEjwb_hZYUrpF@i^}
z^Ey=YD7f)tcB#1sH7zBt=Jp_A>wA06_6~2iO{cg^;#GT|J7VJ526dPgd2{5H&jrsF
z2Q)&=C`zG}*bLr0)X&9YS5)~I$M5%+?3q{E)0<n(`%~YyPGv&bN|+hMnDO(wyKXJA
zB?mv|RPl@ofh|zWNJgeZ@*Bvu)c4MbJ)mX!0m9sEPKP6>;zY^t=pW&G8LKuu;lMwu
zcBK>gF^HJ2+2!=}t9hM4hm5bu-*B9^QXy>Q%;_xFgg-n$g}?l9CvHSmUYMks!G=u_
zE>+fdf(Ik9GvR{IGOw_rhx8XD03i+xyRx$NPgfmFH}9V}K<O7ijffR*kPlfn;GI&w
zuYu3~E8Ol%EsvcdBk)Kg;G~5M+9#lY96N=~<%bfo?Xw0_UIqsvVTFjai>JOTZCl{j
z81wzq>{iDPC{RuyQ{{Ut%Bk&r-qsdH>rQWp3k_ViEyI1pQdYSY&w;9o0}_x(W`dmE
zy<c{0Tey`c-)anQ<fvQ--5vhSrgIJ$14Q>4XDgG0^$V5Uc6%w+WUih5iyu#kc6Qj9
zjN6LGWl`+pY10^EoNVq^%MW)|iudcpyHH}0_q-nqkYxJaLuV<CZ#Fq(F`%gdUvXyz
z1NS~4Wy&I_QupEtMHOD@V+vpZ-S8|Spb={H6SNZ-agN&FU9Hvt>J`(|I_TG|;r2}j
zk;6|7qp3*m{bXFD)6e>#fEzib38$kvGsI~1r-e?%CKAVnu^+u9pFeavT%=Lf@YhMJ
zj>lIZo~Odno{^Tptc}Yd$<nQ1fB7+$KTnkIb7<!F-Y4ngyVMhIeAdK#i85YOLOOPM
z(W`us)d8HHH^Q=52IagrS6$>H-N4Gwf1Y7nEtvllw))CUI;$sLYlMmr24PySYb+-`
z^Us?X9!aF2PYv3vhV0NQ{?#<30VcIh*MBw*tcA6^)y7(cxxxRCRrStl#UX9`hMjM}
zQ5mtDxO(gH?ZM0C@-zPE?)<W0*U(;uH3UOf#V^##4*#B2)eUHiJgg0FhS{e%xf2|m
ze?%;W!gnAnG{Vy>sF<pQF)OX@_}h!R5pBKI(gZlTgh9~*Yc@?Lr0NXFwxqY?S8h&!
zGf3F|Z~B9cDf{fOiqqk!tk)sIT4T+^=WheH^%qTSx|cq#7nz+*mMFQ$$(I2%vAOQ%
z;o3lWpz+Sb6@XI&Zo@|uL>F@-@<G7{KZQ$P!K1cnYioT$FC>tV{BdiyK9dEQiOX7l
zHc-B3UyWbq0KX$t_7O;|`v2cw5Vj^J?6X6|H^O=@Fh{VSHe+4^ZJ&~MufBEC^#&mc
z;{FRC`B4kuWiG#}V<(oq6bX~LP-{<{{w|o!YL0eNVI?=YeC8QFm~$5pH+jni{f}Aw
zZH*V9tSXT+Mler{IBm77vZjlYwz9zH2ygZKcY-_{508<GvjDp@EX<A$3|^&#!+@=a
z&RilSbo8050p(Vgqv_|*7cWLRPo1@ekPO+*^-k{YyAwvr90;~)|CV(uMNAy@4jHtd
zB|ADgYAHS<VoI|rHh`#77YQ@k3H4Xp_MkEZ>5o?Lhaa((;XP;>lyZTcSdj?>^vuv1
zTs(j9vET;DA@aEgW(c-|rl)Kc>~X(Rg8lyOK9e9%q2Anq;Yksw%)I(RoY!h}(YOU;
z47-WsVEM-U!_fa5(p(S-q;yjUj#K_edM~LQ@idq1Gxe&NCv!*>5O8fwf$4JM=k^5g
zRV*@|DPKBI;la~~Ot?Qpu&bfgP++8Eh0*D9nY}aM37#?%oy_9Gms+O+KL&&R{`kf8
z!~g!tU1Z?3oGci)|8J7_d-ModsF-2f(^X2~1@B5|5<kmYXDs#_7jj#fjP-o9Eil*D
z(bm?aRvCX(YRhOI&3^L;SV25T*|t0;W<)0sioKoaTb#sS(6qg!^7nn%kCNbcV7391
z`M*>vMcjxfNoSGMOny>1Ih`Wp#5ra)54Fp@K%?BQ_$;m0<0;W(noh!M(8j0!mix_`
z_w~L(BV+@`1~ReiwJ#eaLq9)W=+nYf65z9hJ@6~MX(~<Qa(M|s%Gx@tirXJ-rEePW
zuXjhR0~>PZLnm4wKEZZH`X710?_tZdETS2Z8aRU!^lgjxjxR!M?Jux51%2*7+CC&0
zUnF+KQs`Bu3H|-u+3hw&x)Gyyh`MDt2trH4c@xRyOKNuy4&X4piYc%1>MwM6cYD6<
z;wGk3NIL)ih}OMDwSpp*#RZ2>p@6>A?5_c7XOlXd{CoPRg&^b<&)uBIz{UoG#u_^G
zqnFYP{#+rqO0jgf|J}lE_#gZ4fgj7~^Y)1XBs?wWM}mi{W_<=f9^5B*`93{DtCY&4
zn40dvwh%4Dh-FzRF)-fg`-di#FH|gS_4t92CO#MX<)TR?Q9Eg6MkRWe#+{EGy2)Oh
z46*t?-V>hw(T8slwH_Ze7@uM@-WjGoCIe9bamarqBBv<;ceBgolHA4p+XJ#o^*-Ck
z#W;;W#^}QXLkf;H;?u+05|W`n`&gXB#*%?8kzgr{w*-MkU&+WUoTETJw*H5gYM#4a
zFS>F#^OzXe+<A(XI%(a`x_R>VR4A9EK~4~6lNn?pU$|RcFt8MG;T#+s*sQkc`Y+;^
z5K5?9Lfwip9{nTl*-kHmQ2RtSiNPDUVs;xG!gsn{TFJEqu~WHh_)DiPLa~Mc2=z6s
zS}8Ml;eC5Y;t|5VUwxXYf}%^af80G_yz+WutT`XdX<9v67$?zc;`&L*FTG7N$z^aU
zh;gNJRG`GffYtfYSP+Le%lCF(*~Nks2J`bo>aDQt3}^7n>6V2$3<e;;`hz_koHfLT
z3FwceyXegF_OX*|&gHq%M81B$!5<m*1iLkDWKU$#km2OzZb-AZ!24+tE^(LJ5~mr(
zbtX^JW)tb4LmHJ(F9wEO{vbYRe@%uG>>0w!Zd_b(gYMmPWIE<{2i>F^CG~FtjW!K}
z#xzv~`fN+coD8`GlS{n)-tedYO1BrvB1KI!a(P;Z#&>h=9a2@`n4VVf#idu6;`{LL
zmzgkU25uQc_D;h}T(K&Nm`wc16$DPS8gndQmHcXVTKymBd2Vpa+bKy(QYLY}{QA8z
z;J9bN0Un}IYIOBFTdOAo-hl8%j_8Zs^9OugOKwg4w-&ryeZd0b${O0umG$pO@so>k
z>|`}aQ`Ns779_K{S`jobD^3RVa0xYU{e0^zGrG{(qI8lMJj|beOjpE_%60kw!Y2SF
zjTF2Qs053JO|ISCZg%@hER2VKvmT+*Dw0DYB63id)Wavuu%zGT(aFI&w;-h@m;PLl
zC9`{x0N{}e45We>BoySvMp72K6!onEZUa+vN69$(ZMohYwPAAFE+(TP51z04B$OzZ
z?@J+LrILqLrgC8|N$YV_7$8T=Oi7`djs>6?a|M-uKlPAtstJl0;Vo5C+!=UBB9zAV
zbvuCgd|VCT4EGLeQCOZcs^$F`ZI;oRKrMaY9u8NpV1~FUhtQ~<yIWaHjW*a4hK(5b
zrIVeLP*qFS33$`bwZdSSPe1CM2@e6iR7e`SIi1ORRP`gbA+rU<q5NW`&;jkr@P6@|
zv16$OwaPr+rw+uxDyq!q^19g_Vl#u#IAf>wC+O6f?7`s!7bd$0EH^292D&48wQ11K
zY{jXN{*%|_T&o?5tsb-Ht#~Y4<tQ~Cq?1&ns*Kpcr#E`>FDd#rHax99q9H;~B37gu
zS-(VyA&&Ql-VmB?=2NO@4pE|F)=dAp%+#3VYUhP_^yo0$<8rZq%C7xJDqG^n)r=%)
zloHrudq3+SuA#{a=Smgv4<?KfkaExe?+pt;RfLlL(J?TL(;jb`F(AQ9f#s_hE`L*f
zRR_;eAM|o{A<uR`s~h?5TJl$M0~M3+JSpPIBC0#9MxO4TU;=|FRulJj`v$RG!(}v3
zs|r)>KurnVj^or3rp7-9p~nyEe5XAlFhsgHHw8?OOA4)joS&o&on%|wWG>fxU7jBl
z4+f2qd7JF@(OF~o1B76w*Ku&p09E-jHQk|tP{m@(&sC3)D!L^j!DD2<p2r|>aM|TU
z4-@N@J!<s(8>mp~Y@@##n8i;yz@<06jobKnR`q;v6?&j`V=AyfD4I!w=5{$6nUzLh
zZdU~1e{UfOl}%DNO=U*RY=rI7T~_LkW%?$UD-9=?D0z5(n#$$niGtUB5!GF7LnkbR
zPsAc{oEZVLtC7)SOr$`#4)$rOp^-4BTbhkF6|N35{+>Y!HurV~@gWnuK0>Yqj786}
zYSM6y_afh_mo;pWQ5ISylX_EjwA5%8jAglXEa^qjiDuF6z9t9&%3p}kmzd;H%~me!
z<jJt1Hv;AU6j;8`hgc_gq+x8fYtS6*Cj&JeHv6Bn)ZjecM>kTCh8rhvyK=e8zer&i
znDIyG%7!4MSMshf=6fv_;IR9(p;J6Il^5cyILt|ZOSokY7!W9uGmSKTa?cY_eYI30
z$wkk2wcb(&mz#8}X*HbEvzSkmFGp3$qlE*ZNv1CjQzBKme2|&3-}}9e3V$x<@maIk
zmg95P+c)R5mQF7X6Pp-kxZ);3%AN*@U8p#rjIs0cZGJO3jTB-i$P3}vXy#8UBQyD)
zz^}V>z>9)Yz1#uIL7Er2AUmv4<qD06&np?}N{XsLums9nX3#i_khSYg(?&ZMm;ovm
zELBjgy<t3Cx>cFQ*l$@8cNzb05lN+S7kvu@1BMqh5siPyjs*NYi6A>3P?~7ZlU@g4
z{K6zI{M-0cbNRhOCbb(*J072pP3g0^alf2X^)Avs#32S94YB~&XPB&oeCznPwgFWU
z_TFVxhzLU-)P+U%>2tt8cKtH2>+QS|`>rmg;^{p6pRaX=o941u)OB3XIN^c)qGlg^
zAx~S0v~PWzQSPX=JI>{C&D4&98@KeEiq1nCH`AK-CJmOWVHjD3A*D-~b9Zg;$(mJG
z405gNg55Wfuz$P_<D1<c`~l@yGF6YW>y5p#=)q|`k}I4lg-OUhsnv2mia(tm{y;m2
zuvMn@YP&zKj_U=A)AlH(R&u-iY>z%aCJepoo#7%od3Z#lp!)^S3%l+TeIzbji*SFm
z9k&z8Y3j6Ctf9Z?PzDlloAzP#cBS)4W0?k`EGLnwiCi14o8#LZyIRE>s)xOvL_1=-
zamuF1K?WLw%4>`F`wP9E7-7?+JiG5KWh;&Ruln4EZDPnguceP`^`}C5{6{e?n3W$o
zP+cD^=#yDRJ=q@`P+zN-V9848gYX-q65xAMA0bK4EO);|knY~$a=VpVYjQjgZFbl6
zuUQp)Qj$%+Sj53UP>M)LEn3ax|AAek$;OyyAq<a;LxJ(IjvySM6gd<>6yuU!tqT-i
zKUthX4p6J9-W1xEV%e-qLTX-alG%A2VjT~qI29YeUfXlLeWv+Htpg7ntt$QNXY9O7
z8R$EG6AP-5{$a&3JFYSz@ej#*OzctS8W+T9_2l#!Qw}uAfn*niG&b1s16y{WZ|lF<
zN;dusErkEM!9PhE3!Q$Eq$`b!$v0A_J1|PT-7M5r&+?<J@ED8=3BXX6*)$>b#Kl5u
z3&vOvc{mJ6p(Z3{i~1rTQnj`RQ|TkOEEdfGS?9i^c0<IEp?=C9IuO;S)nWz%6PFzg
zoC79ztHQztoF-&Z-3|Qw{Ayf$XjIx##5}NBT#cY<$-CZx@A~|w`)fvNGx9mcZ}i!b
zz<O3#6tuo%c$`E(i_278@cTP{xUF{C`}s-pwhc|C{7sUu)9awXz#BDRD<?BdJj;1E
z<ZN@BFf=L^u9?QGZKvV%!-3B89O(=WS}f42zbaw;x!mfXHOOZ29@jG)OVJNy_q*+f
zjzp&rY0he&*&d}OoxV9=M3-H52yF{xSjj#eL0N4&7hH6hho_{ZOmHjDouB?af>P%*
zA!xZ`<C#{&m|MFWl9Ec^uVVJS+vhhtZi6p&XTP(7T%~9qWyuum)4%sL<it=hXB-}5
zIsGi@`n!XacIav3@nWbZZ!5fZ`*B>D*3!8fl!pXwyN}7-wgp!Fx_=EQdcc74@YjH{
z{Z`Te^zZ0cCquuf9+i~Qu})XJ&n=hi;^8HmuC~9>k}pK9?WtQbp?Ma??(fGJ-H~FA
zQl_>lm8{<iM=QJ}sfvrlOV4qXAH0zU7Rje7D+*;1KLjwAU*|`ls&-a^ol7DXj2G6$
z$E(Rkrnv}|Y6#b$ut|y^4X5VH+&D3tZBN4vtoQUoV9}V#2X$*Yp%>XNw%fx9rz(vn
ze(}<(rNh$yra~Tp2#1WHVs$be{p|TDr=3hZyVQ(6%($8-1`GE@A-&7XUKNO2*=#x$
zOml*_TZc9$F&NgtS)1o~i6)bl#?{H2^6VkjCN#LTFk{bC@v<c6*K^v_RN*fr0)`RS
zleeO0rQVT@I^;`m)G_SwR~Ave)AL%C=z`@?A>W?P)MR9`UT3*|**z{yR+Sl~qNzvI
zqRos%pBv04**P#XRe}lveummf)MdzQDqS~{o)k7h2}=#_o2YXI&LKQY6;*KLWT~xD
zO1Y9eoa43a$yOu00>Ssv>-LB`&FeV9+tMZK9OxIx8Kr_W<AjHlsVVO%9%_<8?>V{0
zO@Un|ny;+o&gzk@GEosCyS_U0$J9KWjmo=9GsYN8%xK4EFEVA#^=*m9<MZ-$<*(Rg
z3(cC*CtNRsR7%|?S6emc!FGN7XtaZRy`-dOjv|>=BMgudm2Q?=Vj&5ea?XmQFxiv3
z3FziahdEW6Z2@|MovI9(?eZIR9$L0Y;LqEo;CAdU@bWDIBRyR09=ahM<paE_PSxEJ
zk<#*0@$4hDPIi_%gmEE@_zSfJ?#~@Ep>s)7wrJAf@;YTRpb~zJp)SpQYkeFLRbZ8<
z(_JKnQjXzufR_Y8>mz0SJB&Kj-IIwVitxwh_<6f4t;S<!wYSNH?VXe<yh;JiMqfi=
zBsl>W3Y7Gh$>bfv7Wd$bp+MIY)@RA_FC8t+MVgZI9;;|Y1L9Da@_GqQZ5;vP^F?Eh
zPs8eFGq;s^zcV#!;~7LH0!T!9d|!)Vtr*|=K3wB6DCQb@ZZqKU`n_i{OH8G3eV7uV
zyGHM?KGlq`HA0i>*p-n<=K=RD4AQvnj=l$W_WR_D2NWtiou>pRz5XH@1+IthVgjsU
zX(-iFX&Mg%rrQUaCmzYOQ6YQJ7Gr?0CO*u)x{ObukCOJd-tIrHZ6cyDV)OQ)@*(S;
zUL?hxq)&XY<Q2T-Q}keL?eNlbeLGw8Fgp*GL&O_u_-6Uty~hL-!a)S*bw{^S*@j#y
z{+(M!qiR>eGbnR~L82DzD|4f)>A@kF&u%<AtymqZ<k%29)LF#;XaN=!Wa^G>IOPwh
z6Tpm4Yoo)ho!RuD%8W{p^`tBs2g5EUdx8N{!R;oiY;*%LS2XO%5KfE)NfDnh-N_?G
z0(AxGH5}cRqt11vjfWm~+L+W%Zd$vjI&u&;db6Auyp=57ZfpG1+2oo_xi4FT1~08g
zSOoHXO{Y0M$+Q@3!j;k9;Y%StQ9Z7}QSSGjTSf3C4BJ)C@lsk`PL~mx5>Q|ea3}}Z
z(P1f(MmJI+=bE#Q?0(Nor47llg^AL-k=+U&5B;c<ATa8Nm`%C+@npHEo~KEBq`Pdb
zuGrZrVnGZl1x~d6$8uA&jAsHV2%NYf5rSAf>Urd_8JD=6oD`_qrA2wWd_E|SJl^Nh
z`zs)-u+<L!W0T4>HChY#er5z;m^cTac}>Nl6}~0c1_%8}+Ut4p54EC2BHCPVRrK=r
z50!Nu7I8#_XH6YO=_C#4$>dpEN#>ceJ$Cw-l=321xFB4*)R+itvUW~Yk_mFLtg81;
z{m&jZCF^R*@+*nj=s!m&veDjOjBeRkpOHRRX9(gVaGYs^Om@k6J<qF8T!x;@Z>RCO
zDKBW@vZ?$cq#i8B<mj__#tm@<QcL61MmsByvcG&>XDeN}K$uzLVWDT0_%rhLgU1a6
ziIe15)*l>>_W)>8UV+X~V-+r7?7zoDx)(j}GDJcJTDsPQ(-QmG<$fH4ZoOxkfaL9E
z5T#Ul@Bk0~!gm=`dZ?9XaSDK9$$@xtq;?a23?_GR?QFr`zXjVvxV_4SE+~%Qhyq|<
zV-|DTNDVx2nIvYE`g7gv%^*Em7*{>7DjpG0R}S+*mkFDCN3XCo5xRAMMro*x_2CdG
z!M*O`$tULFa}65dX)E+b-E?rLG^7!fvlF+$6Q&e1qbrO#<ww;Kht69YD~wEbYDCG3
z@&dK{4XP9An9FWXZ_}R;&%eWUeTWOLJe6E>2UbX_;D%^+lM{rG(kGR35UcC7GbxSO
zoEyP`R8eSs{<zxUhtcitCi<nM+IU0dPsa#Wc#~F-bL3;dHx={QfctHnty(%Ud=~mj
z&PxC^TdA|zphU!HS0Lc2^ZC%sQ>8kc`6#cOuP{(D+uzJ?w*YsldD1U|OvH;B8kN%f
zRT72CVcpYj1Kr+ky<gp!z`tne$z#b^4sTh%spUQ(Ts>BZ=9*VY1Owx?<I6`lM!KHV
zh)Ok)+U6Q<nKn_1#nR4IbiIU``<D%ZI@iN(t(HF!a#NE_zeW8y(ZW+x6cud@FKoQ#
zL<GXgZ*n>#$l9J8NlzukN^*CCi;OU=CSsBPW84%Y4Y~{ld#R)qGpPr7p5n9fP|4Fj
z`imctVz>t6H;B;$)xmNkPHvJblfDqW)c5V(9ehP+Dk{7G6?aM35^DP>l`tz_pPy%E
zFWbtvW|k^=bKv{1<%prUMV!p}=5ja&n4Ig4soYdc<u4ruWUiM-KL_szCLo0YNDY~6
ztl>>2cD)zPSZq^^Y?D0An8R0M;eMe^!}@fJOq8(9)Ll!hZ|5OBEd}PP{69dI^B<0*
zZOtNFNK}`zqQbG<<%fwyg0raf#1Ipw7@d|!CBkiEM{&MVvLh`}N{&1pC@og-wIe@n
z5YgFvahh#y8+Rf_##-C_cqpAnuD&~wg5j}*bMVOyt(LqqMPsm!#r!znQAuD|49z1k
zf@ogRn3`meJR~b6S7MM7tqvjzr~aG&;l1#)Mjei?pPw2|7er603Mtsu;B~305FM?^
zvIgDDM=M9O@TpndBvFGrAUexq@0y#UZ1i)|M{S$kvUabBEazmLl-nmpnvukiAdEQ?
zjvBUv>0berPDUedNxdX4vu(oAFQ9WBPmVEcRURLc7q1K#NtbV8`z1+A?1>(d940nw
zmgQnJYnHWk8xjX;a59#<H<u*Ozbezwn=?Ev!ZjIY9CsF#7j0K%><;~&uM~1+Ediv+
z@#V?@&aOUeNSORt%=6>2!V>|Rxu^gsqW_H^8r={<DR)7z4Hao-lwkc1_35PJ!nNcG
zcEaz!02dKV>zcZ{MvDHE?S_>+-=+47b}qaF0Spg4v1mRzPWnvnou35M=^(;6o^aO#
zk$!*HzG5a{=ZBI{+rgU;(bNfgSp+%>GxTf3*g=LHi_5X+&kmm?Zmr7=h~q7~Bf5;?
zA}NExAz4)mTB%Rs{oYacq`RG5)CUbEcG)aiUB4S2pOfnfRVD8<W*D7TBA--40=&Y;
zKfhj$MT<_FQsfo_=$9sU-M)*+ge2vkbYnD0-EaXi(M*Pbk;~1_ShSb+id?`FCi_AM
zdbs;)u{S>CqQz$eukqR<`{MikI+XUq6mbWfOdVQ&iHtnjPu0D_gfBAGXh&0{uiu$X
zHeI!fq=H;Z6$><8hOK=`SD*Q-h+tyyqxISXRQqSUvvqe`9}Fk;>ajR$41!<s45&4~
z!Lyi62ZJk9jqk2+udc6z-fDoOY2E!COou()$KnUmc(DixoCQPSe=cX6E>UkEyoT4{
z*iRlkJi-u0QPi-0HRjybj@!{H)KZ>%m+J+q?6Ye0Uyd<9yog^<d~)T2^?IGS1ceP9
zUtr(z4&MuBCwFKIAc!X=r&_$y|J)8DV>F!HsMGAKBW7TJ*i1=v-5-i#RrFhu<%vur
zSH3W7i^bwltD*W6!xz5)=gYs~G-Ir|fOm>{sv_vN_J$pSWU<JtuH$3FYip5=U&LV?
zn}z?nWB&hrpi)9O^&1yTSerE#xa2#1wC!g*N2~mZ)i*pFiuSD%+OIj{Q#~5d(h8iz
zc2m6N4nJeXsVpqp8edXvptu+=T392JnA0czfJf8^c+8Qe=+fi?$*ob$_aYqXgP{eO
zU3pLEAFjJX=Hb&Mg*i$uzjsE(XuCi?4Y%4Z6RtI=A0(muk{je3V^phgJ}3SqmGfbM
zN$#4X7S@v6`3RwLjV@D+v}`o3vBlGTb0(KhDKmNZ4m~yg?(i1?rcmp3#t1Ug|Ii8r
z!+s76&W}+ZWIxB7SIFNjCNnoR2w`&~8pW520KqY?Hu^c-O85XxudReU-j*n1igYXY
znpWzRw%0_PYJfhe103%Cc19>|Cz$KYAUjFsriz)W`)I3I*<78u8sh@Bm0?I5-$V4h
z%aIi}dJuEIG%04gla$4VqXTUetI5`&vA3`a6x-Ot{^?O=$Op6sv54e&-<Od|wNoJx
z!Sz3Og&dvc1A5N3kxDq<#W$3aPx0()CScmoM|!%98F#-$3^}7j=Y8VN^hU%*$;7)=
zr<NJBquBW*Ui1dEG9%6oc!!>I>j|892S=p%GJ-`YVX<EWMYJ6qUc-wGuQwB!a@u}l
zhDD&0o<z5z=a6oaA7${36fu&bMx!!-4zGQiUWe4+$c5WrhnO`x)ZFECo@>z?C~kJg
z!U^-+)x_9RHx1FZl<8QgHaKgPcIx)i7h6??&${j*91MDtGJiTVPDs4Y)_~{o#4T>=
z6C6L2{*35gE8^2Y4^}b2iTAbCoX%GBOJ=g)HNgC(0Cf(~4Z!nJLVUzVp2JzIAN0MK
zQ0ujpOiq64S)Je82<5fKz8GD;h(42(z}~Ps?<g<9Qm>HDe=1Wkl(WP46>%7h6A0#w
zGdd_(ySlrU2q%1j(AVfMXtGhm!1&B4F>UCYYsJf9HyBy?f!Y6%v`U8$n^8Z9Mp#Ow
z)?I$COkCG&G)X*E1!F{hFXjB3(-aGzzoTKBbIMe1P#14Av0`^{UAYP*CaosQ+`-43
zCd}pbYg`h0b2wg`mCEEtdMpxysLc+$b`)hsfl)s7$y6C`5mo@z3jx%WZ-a~GnIt=p
zX0L;2zL(4D6rIvq3J-03+xxGpUFKcm4wSKa4}6JNu89a2+XE{Jdn?<E2p>szrI9(&
zZ13zmlxo&ts@uzE=(IC;=Mz(rB;*ZimJ?bR!sK;|`YR+f;iT&l1hRNLA+s}AG#&)B
z|CfpUAJVS<FNjS_t8rB)<{b|($X}ZT8<BxLh_<^zTMbQA=I}Y0%N5ULH%W*ykBPQ=
zkXWdMfo;D@S06;RV<{$=Na~Ol?U{E_oN#%$-CZ-tT^->_xf>rM!|Dn*$dR$j@D=GG
z)=v`pq}`T$oYf3~5(OK}sgD3?R)jr@Ol}i%I*yO|dp8mC<yL_+Ncw&RfbI%U^S+Hk
zlQ=YS+OCPi5xRHj(j8{VlC-Zz{g!VX#T(7|tx3TUK_@o;Slr-vJxbX1RUxDbAnw$%
z)qhhyoEC)W^7vb(qUV}@)esY0OCsQMkJTw89h}7F#L-=5R5b~FiNUmHh&|s9;@4fS
z1P8!<qAB>%Ez6kvMR8E{I6B0t{^673wYO7tgcPn4HO2?^WYSkblp@AN(+Q<Cgc?O4
zQXwQNcu0mWHR?wCIsqDy3TK(y`*lCR{gM*-w8XhqI&Idu?JHf4@BzVs2(wH#2+g~3
z>SDHr3ON&i&1qV)H3rM6GtUztB?Z2cFD}h(<R+z&pLt|?mtFX+^<HiUG&)~M=QP~l
zHdH*b_8oll{&R;}@sfiUYeD#d<~3UB=Et3zU)j*?BjMHk?F2Tnx0FNG_jV#m%5Bll
z(p}LOipGafK3xM6gJ>R{oUUi=?>?QX3%{Y6D%VdEwR&E#QO4lI!euXaHGR@?J9$rM
z^R~lT%+IK(*jT2CYg#g`4iTLs4_f{)|FD3=?-hG8QtNe{ue~vSvf6ubu2ie+a<GVI
zF})km+)FAhgK2*bP#ZWrpX;5g^?ID)QW>-Qn%}B5k+ZCuPQ$SWP*zs1M{zlb|Kz7U
z$t_3mos!d+@okG6q4kLiU^hO=LuGBlW2!P5;Dp^LJ-NN^qdnq#gayawDK2YwvGn|0
z2@4@2;H@ikjvUiTd8{WqD28?NkNSFc-<RF${hH+LT9d^o4Y%SP5TZ%_Vr&%XTnTKF
z>m}%02vq3Ih}na-|5uv+QKkfCdV7t(e*BD8f?g$aM*Hp3kgNwY8-ba8J&qydDhnF}
z3Xp}Sx&d;4UB>s)TMTe3x~>;Qu)((Ehtq~y2Q2WHCA+CJHK_j|SziHE*RpM!5E9%q
zxVyVM1PJaSxVyUtcXtgEg1ftGaCdiihrc-Y-S@+JRl8DDW$(4RXHOk-bhl$?;+*NE
zf30tL%H0j$<H@PL=qw$?18IF;*GD;m%5s~Zuc&@|8b$%U5@N7~8X=>Sg<v{J>z4yi
zv6d3q=I{BZUeT;(PZi(TY~&Ld_0~r%2DBLgsCbHWja2&<qh=q(y86mQ_CqyBwcK4l
zgF%00$7iu{(m8aCG5vSbG^xSQ*@gw>Au<e}<KS`G5~(<^eXQY1X@w^M<D|S%dx}p(
zafQexld823F(k_r8W`M>j;)mLf^(+ST%=fk2O&ikV<q!`<q_?7WF{S&S_Tp8)NQ+Z
ztO~)}J7S5+(I6;o`KMC4kubKBs;=vKF(iLGMX46{1BcFO65exE3V-@arNU0ctO5g{
z_&k-$_f?N90D9e-qD(U&Nt&{hi4yl<dahFqQHp|)fht|8jCr-bi)byi$k8Dq;Ai5z
zLNuAfX0G=%fc2PM8kt<Udafci%hLZnYe>4Sg*u%_)!ggra4jx5qK4VwsmHD11Ap9y
zkusw@a|0@kY=PJkbrwzb(s{e%pzAQxgER(JmFi!ZHQM{L2z0Eqd^0VA+InWbKrWRf
zQ7<kU%|!nA=r)#<3nLPq5e_08oc}eb&u03r4$=DhWHGk|m)?UTXJ{^_S8J~4sLuYW
z0MeZV7Uw9H@WHXL%-m24M=-x)OOb81yz`z=e}8h9)9y0j=WV7fQD{1s{AN0$a;ER}
z!FV1)O<GgwVlfchxQQ&NsP%rwH%baUFtEo^j0to>Az*SoUV*``JpSxba+V6bkUQ2S
zPbPD^4~js%+)9$gw}fndM-(oDP^J$Pj2GQ13b8d1o$yX?NW4$BpV@JLm*=%*?PrWc
z&)NX>F=dxz_`hxH|K3pV>*qC=XpX%=B$_z7JV{_&Lu3$S?-HiOv_$exyHF*UbKSnE
zsE87oT;DxUP4fHZ@QEjY@$kA4df3<eV;pOQc-oLDj{Ak@&Y)E5M3KIW>n#v~!WS2!
zDX?Xv?W7l+@&ovH0TvNJ%n<gmah^)qMKlpTZ>%cPPzxdi=mxUG@Yd8~$Ak#XM3<U&
zs0h5tkKaUbNu(QVYOE>O&Nr!@`hO4ztD&2_LQe%Oj)SHeU_az-Afg&yd6QG5ru#a@
zz}pFn#|i^ffGeGd$vC?BYH<U3%$ABXTIb^Flg2!jCH)KKbLAp+CYW=BXOrFu7a{^D
z7^4@obY732EY4d)FF$=5%n8|7Q(nday*8W$`fL66hT)&R>R%3jDBe*}1cZXS0~`nF
ziA$pcegW8ly9#R>Qvu(E;isdqCV5^X*gy-P-hxquiuW`S>szx8-4mI9RIyxK9SXh(
z5WMy`Jt&Kf?l5sCOfr}!{;%zlt<iB%%)Nlk#Hg@44WKIuAHWd5akCg}E83N+|2=|o
zEL*ZzE>EU79gzy=#1Bw(X0s(lKNF;x=uM%RNFxR*^KAF-REPnwv+PXqYAXW(gaCsi
zCIJcA%tkm9qEzx!;2ZftINCIvL4lR*EA0Am4bxC%_S0rIP>bGme8tK+7wNOyZ?O=F
z$^<gQ&^qnpsr(#X>F}?!%wmcJ+M_LQ&!7+O&1bjm-1ZjS3#dl(xr7!P&Cref+?iKn
zceC0+FAgGRn?|toTJmXVNb4bpOtr!;aavl4()d8yrqAdib4xb{%f80Ep)gX{cwArR
zf*OC+g{iQ>R}R9qfW2wka<R0-XP|z)4FRFX#{B!08Kpu~C=XiV^+S3QWqkm%w##La
z;{H953w8}SBgO5`UXFB#uf~mf&D(bgJMPbVq;h+}SI!*E3FKFi6AS|o*y9#uC|OG6
zFx=6N5|ETc^DO-50{U0x%s(ISaIfIOrqvEQS6yA+#*<-;VwXc1Gp?oP)#GjJ_NPka
z)~ISU26`jplACD#fw|6+k&;~V?|li{^&Wdvs#9c{9mb+6FsQFjyPX5wG(VP|h|dIS
zSc;LJBU3bBpT2M8{#;YCxEFQ3TSsF)n|1kz{rF+O_khnG5~VhNY(F@O<s$@%ViWD^
zC%E&f$#4k-dO%tL(Lkl;itQBzyffdH#)6##PdHT{lSP%l$;V>Gc8TCSeiT+9t9<2W
z={>q_RYjI5t(%Quu@KBwoiM9~$p(XeC!h*kCDQNNeReuu4d;Q5H-ikpn=<cXi|vmR
z!Ud7AQBb7O3&Q@5t9`TW85{Z2PkW+=`WOwNTIg~-*q1zoD~pr`x7CMg&J)Pfl2EV7
zUo9b=M5OANhi#U}e4z|$9TI*`EVxb@=n0B$u|j@Dc;8kcZOY72+(%MX_n8PR5LHPA
zGXm>jtJYh*D~ezxgpZKj6-fRsMO9d=i9`{=CNAR^6a*YQ3A9Uy)Y5!oTpsTI?pxVV
z4T|PV1eUoQ9HFR9V`bLzG+Ld)@zu?)?(%aa$vdQcYakU5vOGeD+qcULmVbWCox75~
zOR5@o-9+9BkE}48RzaDT>QH?Wy*quzhCNyEbEz5f;ackL{Q^PO|L0F+9}&WGlgBTi
zWYP#6Jl*Xg7v*7~n2zMM^l+ys2XnLpI9{0So<kcW_1XJRN^L76Alnp;t_Po@iNw7B
z%-IPfU9R0t^!DkTJ{6k+XuJ$UV5j&!fxXS<KyfP9nBwy{2EqD4r6aa2=|cv)KOa#T
z%%7gWnj9IehX-bzOT=c?4_95)x-CHH4aa}Qj(Ido!-(zO>s`JdO(qZtG5U@2t(9Q5
z?@4(+H~Cp3+EDz!!Y9sE5>yA_u1aU2CcvgnSebpp4qhEoS>UV!rF?Xa@8{qvODJj8
z{$EKsG=v+Hng1;2=g)Hhp&u#=6{{}8^Kr1Z^mhGT@ehCYkqPaz{+K}!A_zVN%lWng
zb|Dr;O><YB;VTXDM}{OHOBGTwk(|`WVo`7k2w9R8Kg3T30J8m>d1p4q4`UQsDznTG
zFDjlRlgCA#-9DQGe64SOPf=lmMEw##HePCzV1#*Qqt@|TZ2TyX2Ip8)w%&?^>10;f
zuVp;gY&t{+PeN})84D-m*%AF@rAYv7A(-Ne^iuATqP-Z0W}VY#VjHm}rXo&&3h;ZR
zlQ6RjX#OY%4HF|LnR(sdG9sCxN_0E#5Dpj<t*rtyEd;Wepi{02$CTwve30PHQG_pE
zfvVf69EQG|?;*)zu^Y~C`iJCqZRLzCpTFY5_|>o86CEc5;bvc$NIRNaStD+Om`hkd
zaH-zo8wAz58hF8Cv-3v)%Zk%VV083Akun)m;OsN7_k_UQy8c$LEwqV%PpX^_LNOBP
zTLh(|Cq+yP08N9b+zA8igdOqPOI`%Nn}yNQ)P@$sWysYOzf->=-ir^K68HK5`0|}p
zi8@;`C}}4aFQUQMX?v>;Shz3KFu3pQX@NFJZHRVM##ayOel%iXP;Q8^8=%oZ0h(E7
z+$BpYEQDTPi$o-mXW4PJ;ksDw0pSdVe3kHBL?Cae!9kYx*oahgR_I$y#V2V_Y?-X;
z!HF+)jI}a1zhfV2OWFzaP26ESXfxClVN<c{FN7O6WNa>=PnIR>14*bBcO#Yn&t)|^
z_8v`|eU2^UD%kH0u@KO)tRR4<rmJ^ohz7+tlLu}AkP7*QFd<oFTTK9TXLJ8oMRHqj
zFJ|wt8!Yl5@4jm<CBQt2^zsBbSGo(M+?njD2<(rhCDGrnDu`YaxsI@)5EmtbppE6!
z)UIx)hNzs#9n71L4>Px(5e2-18&O3$1?C~*viL$*Xt?u)T4W<F*G=u1MIxTs`EOBC
zDoL4W4;UO?xG+^mdG**xl~>A6D>ZGF@+(;lWEkLNodOWbKt2IY^0WCtfus)k`u*+3
zh$_Wpk}pAWg<VXmHs`Y?Gwk7Q2BM9SLS!nfzp%g`vAp_K-wF(v@1O3rTmMOHyOwOv
z{#ZA268(fnnYzekud3qWmUZW@kp>}pN0r2b5t2Js2=B-3@9qc&f%zo>WgkjJBwIRz
zZ6Kk&PU~N$nHA>sqw~`z{4t#bJHY_Ss$w)>l35`80RiZP-5s8ASx%o*b`Q`?g<c^s
zdS9=E1X2kJ#C+DF0Q-rpYH;-D14H|%qd~)`g=>HJNY=gXb^>9cJWf`c!qYD_(l`Z8
zXzQ1eHV^m2IU})(n##*n38UYW83kL=%84!8vkF?u;90|b#gOp71~<vl>cm$el^GEv
zmm%Tz69`iP1qXyCF78%IRH~pVt`FkCYq#ZRCs7`cm?ux8hr)UcGQ=9mdYo@aa0!8T
zGFv-QDKr#BB;O>`?m|P2O<q{a3tYkURfbQXx8&r-4$8l#?o9%p(<xGj!O1W?s*RKu
z!pYQb(BRICBKKRpRGT6c26z;}-X;ZECyAmnQ+-B2;1FsXPTrWg_5GpyN_zc)F4;CR
zg68>{tOhZO*rSY<=<nw(8Jf=H5dKC{*O}fEHV&y*{4SHwNg%V%Vu3)!D1_JbmmSyb
zys`KL5V=Dp2L>7h*5sxG24<>+j~`pX8cH@zBC)`t`|ejd8`$osUW-2X3~<q`n*<u^
zxbK2C>}9X242+Ko<e}!^+zf@v#1Cab`qMtv$CN~7%|n>i|NP$%Fbk3FTE_}jkVA=~
zm<}dk28eyyvt-?=)^wa@tCw}>v5gSJmH){wN>_ysY93GuWhiG0C#hqgMsSv9b|?ea
zkIS6jv}eH?e`rt_Y;<KV?ee;ON_N-<XcvDrRifTZUKFnY;ug(}D!NBJAZ!?6vo`B%
zl-N-g2KoY+0Fs%~P>L`6M!-*Bdt$2Dx{SUzD}*Nk&vs<@ZVBThD5qbdd}lob@4{uN
z#o_%IENrX2*qE@&N+jU=WCX@ussEkm>mPiNc<`Z}BA0MMVY%$)I-NHnlnuy9eC;F{
z)8<CrVF|y%0P0(KZK-CP$F}&S$s`AcOZV5ePv`^Xcvgf(lfo7J?cuOHxxzC$umgL-
zx3gUhLnw?y{r?5~pPvb_zi-xxkr2rGMs(%Ke+MOOm$E7@!C@g3AQ?-GdIXXQ!6Ih~
za68a>>!7IQa(fz@ccOT7r;QG9Y5%dS|1Ig?Lr|qKqe78HDBN{Fb2>ov^z^g~WNCF?
z{fo+S$_Nf>HB0ogT{MQpT)w9Xq?D%b{e;V+TA&YQa0497MZ^xo6Gujk#+bRAVE-B}
z-#ZX6$L9ckY|MfTDa~?}t%6C2D1?ugH280p76`ihZAO1;!p#whB#bit5Qx<f<p$}-
z2oTaQTt5BkByow4h>NrLBluMW7guN;vUukScb0{_+|0kgp?|vBj;&B)9s&WyDk4ql
zjPmBmw<4>XYfHORS)U#s9|d6ia{05hI=BAs^z!QdK+!;#vod(6{dh(wOl3*O(Kxlb
zXj*-qD_rTDhe|?cf>f64XV^Mi+c8w0sG;7Ztg^WnaK1EB{Rp6XepeaH^aj@$iQjXe
zkC<>s|H-lcC)xf1jx<|sj4g6)mN{=cS^(uQr2?PJLOwfNi8S(GE`Tot66L>Jhz!6Y
ze<0*-6t&=-PkuN*qg+&5B3>CbYMc-88NtCY=MHW}gDlk|Bq~wo3Twy4TnCs!eW}!F
zpPsofflv_G7|F))mn?o{NNH^+zE^29O5P7JU%)|Ua*#^AxBEZrY>7#gpnsVZ1NbeH
zS*R8$?=AjntLkofqRZpp7stAKk6&6ypD77qSv-WwqDa)!c{+d&y>-u?SA#&YNbwlJ
z0N(r)!;9fE^hVvg&_Fn`lyv3}&nT!$V_*5B`ZGVYaayuFA^XrmLq#%ptYc|?{F1OJ
zqyKU#faVLuzQblgAVwb<evxe#>8!HbR-sB|kdrPJsCLPd`%OPEs}PV>FU*zQzxMYp
zg+BcNy4Y)d>BX~mD;QkPR?5uZ@|-?jV(>r+i>n44AObxWzmT|pZ(xb?LNwcEyUEzw
z+gsw)YJ@;UCoDH60JWRFb$V#;93qrq^-yx>Fe9)Q_8nIc`iN=#yqE2&QmF;`{JpYo
zWy)rU)*Gw!*}rO!k>DExqjMqs{imKcYutqa!n3@5d;3hC&g<;;eTHWJs1WVG<t4fn
z4{&Z_0MX}V)QN2N5uPRet<@62Lx4_(-`f4=q2z6KG{r9C-T>{1kTamu{Cv8Dqsdj-
zn{#i0+k$#`KbK8oJ1f)?4E_s(lJWr3@9Q^Q3e5@B`imEwOsH25TO;d>571U!J3JFa
zFbN@z`Agtknjm`&dLny}in8Sfg0bcKsQB>6W(2+wZ@%@qEM9=5UYTwdsiU=$Z4RN2
zk2v84l|+$RNb(1mowuj|F&_{p0;=CMs<lg{Dt@Zk`54<A8tFK7&RgEW%+J?XP;O8A
zsN1&R{`Tg09tfh5c<-aX=Lp@0ep8U@0yZ)TW4wc8iSm#Bcf;K`=AEvT9};@u2U+~t
zNXoxl5D>FKL266Y+Yr8hsc~%SZ5$qUCA8~w<dnhvuOIv;+)0DWlm(F@VJCG0J^du6
zIn=)%!Y4s!b$kkIXQ7eeN!eW$r2XGLJ6`{o3SKzUDlWdYn|HR36R_LJn__|JFAoq%
z4oWuL6`Q2R`!?QqApF!qYTf3P6ZzUsB1cz&@VB+1iv!zRpwrMDLf#nTI@|01CpT|G
zS0^Q<X_VmD3Lb@$Txy%07w(D_L)SMmI-P)!DZAT~Z-adsZJLOH;G`k-5CPYqmt=E&
zdQn+uynuS%E$~+xk`Kf>4A|LK$C8Z&_m><1VZy#LjeEJe6E%S1i(bAx{O^Ygy$5WK
zW;GAk#FqZgCN>VNj|o~aZ-(`nS`Y!VP(xoM00yE~r;_y76!GE_tn5_Y-+4!k?M{$}
z&-YdwSH2}R^MRBn0z*^ba^}rGKsNLEWUmqP_X8SU*O6xYO&od+(|o|d>qt6;0lC&$
zl{5S`D?TbhU?B05=#5|BiXaep4;xd`7(Md8%?CSSllkpx&cD8vWwHtWuLr-r_TB4i
zi8>^;#u|=1x+x|hZ=AV){54)LP#q3H8uae|v%G&P0I;X6@l|b>>cc9cWXpmWs^07b
zTqQ-Sb3XzJXX98MCnv=;H2mGkThH0V^{<z6y-FBI(m@Y~nW?>J@&GZ~d5KS8#gWci
zQ%^nq=<lVA<jVtf3zaxyUZcH@tz&wO#GAb5S7dW^0^?vU9cqp92*i;l_)Du_ksn!*
zN5V~j*0yosjbujETEst3YZ}$HBg>WBnfb<-fP(Odh@Fvq)2&Oi_lYQXu4@qbKPwNI
z5?=JH5Q!qs@{_#0!-7UAH*e{{`?=FLkUoXS{UtLzRQOYdnyyadjn(Aa2)dhiZ^=a2
za)N(No(K`JuOPY&LHU1~3O0m0FW$|9lIXrYB@c9l?i*wM1$vyLfnhM_?=4A{rst6I
z*K2{LVh5J0+zlkV@qu_SwlW|iLtS#ACbCrR#D&1`VR^N2Z3hh9uk4Rgs#_h8(+lVq
zuMsdF+*`NRiytEaKOs)<ZUslaSkJ3f+Cj@ZF+sA7Jt==G{qjcX0Nya!tQEFzh*zf8
zM3aNTrpp4g?}fhe-I-GvXkWmA&&`)pIPhiMCSE7c(`WGTcNuVQJdd{*Yx?I7PA2qB
zT`QiJ0M8&B;2Ajm!!y{ks`L0}p#Mg<fW-@Z2TTRQ3k_GA8QIK5nFAuEG+>?ZQ}`QW
zL`6JhmhunzJkkjV;eFKnSBReEL4}P`{}-wl`0G_=$AcceElq=_%!hr~71|T?$~YO>
zhb(<-T5BX$q(?S&B;;S(NftMqK>oFK3P`}xP5Ex9JS1yP)JRI&kv9>AhlO|ky-zjp
z05m-p{S!nOs#<0zNlEFu@V7ewb!cAA%F#kcZ{#1;o(4ee`O^gQQq6=y4+%Mi-$=b3
z!O3C_iUzfreAX)HjadLLkL}gvEyi{|!cxD+FSkADzKe0x(~Fqf<;Mi9I#?&%Q}(u<
zcNrhtU|;{>D{_LZQ@QN01z!IW0ec<!Mupb#fnl9ljT3U{HEUgDA+Q?M(IZi^7?4r*
zNNQg#eZhTn?1HJqan9l!?lO|^WRjc74){%L!0sk6=N%+lV-<~l)s#}Zhs4$VI9eMd
z9J-J8(XFMeZO44kZMmn~8Ku03Sojn+<<$)b{_kF54y>`2G-sZ-Qho>F8wWVJvS=M{
zZXnm(7>`tVb!mLkZ9_|NHH4b@-|u}BXL#-L7?ycF5?g@#_qZRmW@v;H`>>mL!_NwN
zv)ri}nF@>wcz1@8XjL5De<+{0x4f9?k~~JwfkM@~b=2ruB+fDuLq0{5Nz6bLL~jI@
z<}sfVpX;->SKB9f<fXwpwC0`F6dPX)?hJ}0(-bkEZpN`zJYOleyKZDi^rZ}K1}wnt
zb^R`F8Z+JI+#HDl_jH6_aP#|3*wW%vZoSG#VEWuKfi?})$AOxlYI2wD7x18%nb!Y5
zR+s*2ANxBSjBJx8ZQ~X2xJT}4fhBA2q2N9TT#kE8FHQ^}G9sJPFm{|vtAg?=cf4d0
zHS}N*B@WrbmEV2TV9g)V3=00dW@DavnCH2hkA6199lsPmUtU#b48jF(OXYw@9bd&1
znkFkddrMoi?5=cS$-Cx2UtzQ>s#IMeHApxIEPj))GIj5<s?7$?;4htYj(8sQE!so$
zFNDF>{ONXs=Je8!MvC?;pgvz}>GpOGjl6(c_Jx;?6Wc791VXt{ySPbj!O$-GQAyFW
zmJ&*i1WrI5!c_PDKDWzSSTwfgPm#SG75YD|b!gu%ZhX`?jDfIw=GAtA?7kXZAst8v
zWb1IKAOWIp6rVm4Pyuu{a{A`4fRf)smwOVO+JYCYynGxwT*(W0VAqG545IE`Je?Vx
z+25h9HT2gX82y+sc*8~S-bq?jU=SSKZP($;CPh`SFO<|iG(?~IRortuQqAz7ycB(|
z2ZWu`Uz&*i@N(0>1ifjs8PRu``h^D7&+nL1SyRvQR^m!_U^*y1PdAN;>i7OZoyVEt
zMy!pQhl>iDc+vC8@m@d<3U1*GZepC&2(emNKxPHFFd?cZ-*YO-?zQqcT`IygMPq7f
zR?oY%#4T$wO2j0$7ki?LZQ8?TZAkz$xfS7KHv^nft?`c2n-m{U2_En<l)2>FcH^&b
zNE85v?9b2y4g>}Cq=uK10>a}>YnyM@96h&8BkVj;ndW<%vucBpY=z)Ban$#ZfGfL8
z#59SQD(Ff%fNRFnp6HT{X>0p~pE(^(eD`d9^%w@n@N^|n?ditP5j&7DtLbiu+txb+
z7X%~pu9y)q{SQ$l0^+A^l%P?Yi*ht7iLf=RQ5an%51}nYu`<U7{kmI+#7o#g2e;`A
z#u{BnXiNQ)m*+JoOQNr4o6=R$rxs#}pUFvw_At|(9>&0!Kkb9kSVJjN#G|+FNagJ3
z6qP^)Z8Py=4<L(%g3&AwyhlPn3r(oS)$lwO?qOP41J$FQiSqc(z^c?Shvvw8MLfgI
zoJc6REQaKn!CBuE6@tU&IEW;O>LD}Lr5(d=4iZNxy6?~A$uHTl5YeKo`eiMdPYLk<
zffJxYMb=_-tX=fu+DN|>-hsW1XY}!}3dYGyU#a`wkeT2RH_CEy-qw!-Lh^m}rh#Zz
z6(8<Au=9W)6cT|Vhpe5X%|)~Rf^lAI6x)$E@uMJ`M;mm2be=^VvL(;`>K_<s`=X8$
zu`*XxRU#>HyR>H<z}fUXC&iPc(IU)CI0bxl<hFhYs%;I>ixKZX9m$(KJ!2GjjvrY&
zpGJejV!*5RlXAPgiNx$Fxepw?X_~x22_fM>5itO?P{N&7KzN7Tvixp$h7V42A-KQH
z+Af)n_XJiGxJ{5Y%~gofzBoo_@RrHs$<$l^Tu;QQg_!YAG{#ytC$3)J19X4PXWh=-
z$-FzsJc!xPg^xkyx^k*H`M;3N8lLq1nOzqzrP4F0hv-`-YTXz;JZ7!Ou`6G0AckkS
zw6#rq!|ngjHO2WM*6H!M4Bh|q&52RwE}If#bpQx|#^nwpXjNDbsGg2xZGqFM=#}e)
zhw+}!=bia7G)QV{={O=iBI0eIYwrnJaI89?c9z9MjrC%n300GHhjT~D;BsNuY3jqg
zlUuP#TXe2lGgjS}w6Lg$qVRqo+z&awm}3*Sr$n@TIv}HWkgj~BSv<QN+_A*+c>W~r
z(0zro?vh|-G(tYx^@o>bmhw$H5xDaj_b)!eFRwiynVnNjm}{8`vk2UBJ6mz@f_HU3
zXfNkV@6um<5DK(fN@E|r(0asBhSofn^=#VtbCcM(*9g^p>TIVMPCS4j?yDxLnJ4*@
z)GW6e0Yto_Y??1pZ3M@m*_9LPci(aKjCZqOGrmW|3frb=txeO4-$E2{+4TLyBL3CT
z)N!}K(Jp%b(tq?&S!}A#_~#^pL1Ki}`V`sdLhh<wXjv#vi2~wTW2<2PaWxU5r>Cv`
z0w-@$c_-DmmN47qcWT{sP{ooR!ASo{<1zQ1FN@CmzfJ;DX-hIhSj6aalGw+mTyYLJ
z9y*6Z%jmwoGv@(O!kQ*v@39xp>`JV5UGg^D*_sX&PepJ@o<&x39rprffW6LFXh~a7
z)5t#qqZ0g1^kwfcXv}aJ%(GYD%vheNEzx0{Oq0m^=UqzeU8Slre|UEGN0;Gy_(zW9
zG}J9f((r^ELf(kG2MABz2NAr$5nTjRHMx%`W%aM=KL^L^`v0W=?L1b_|EWg*`j;RH
zFh0>w7&9psq_dkE7&8HbX8_LR>(ll~odHacwcS8Dm(S24@eyYbtM#W@yO33~X};}<
z*;Cg3)^IfZL+&r(%GQ<jTNG)k&xwfGCP^Jl4VypCI>-6R$69j9hZirq$_H_Fd8KzQ
zt>#kSZ}*2@;ZIm_UyCfq(@vJBn2vWc{GzXzYsh11m}K@VmShN3yOvcK97yVpue+GU
z9O~Ik<>e&(&A+uSc6#0n7wq5^1SApkb>D0x4$Tlq5FG~9=?&rv3tX)XRJTC)86-(j
z)xRadezZv>i^|!mvy{pqOqwcR`n@FU{*&fqB!N5Wa$~Hg)yzt~s!+QioRW1|lS5WK
zxL8u|(jpN{zwrPx;{)UPdaW5mRC!BDc&MS?!KV166<dz&SReDel-uu@7D;<~yL?^9
z!jcA-<6>#JMwF6*QtASt&g8ZHNgxCzZB8S68P9mq*w{10B^C){yEfhSHBn0jXR1#5
zn6rcxX8))REtcPsV6zd0c3wRmWXT}yT(NHh^D&jzRz6#%cg*uSKxQTi2leG281j5B
zssJ}V01r4VyvWO~z0c@!59!MhMA)085y;E3LV%^*CBXhtl8t6IuOzUr_;tN6j}01#
zaea7YH=$q!9!S{B<|FWA8R8`d96SBHHQVS@9PG&v?h&5X2Us|+xjFoCh(WUXE0|k+
zpXVs*ZPd^eN4E;T@lv29D@YVP(`uKCJ5I1GJi<Pp`46vL3zSQ7jIH&z?pbfOpqW5V
zZ%rZ8hGESNbV+TChwkyd5ax2aiA({(%2nLt=}c8{xnpcjeI;QOy?BXKKw?x1hu!ha
z3wc*%5cvSk?NyETQbjl!3k+DXpMpPSw*;|$(j6Gz^+OcizLffb<GI%bix4&Lj$}rG
zCLOvYKi)PA?xOU)=a)a5d$I>orbX#g5IG`jiIppMN+BgRy}=YI@oZlmHt8=V?eSc*
z+oJOqXybUSEC1H+>5XIYzHg%^-xI4X;qQkY0zbd(FUrm@I=kHATkEG?{B|GGQ{kZd
zb>GSoz)6xTB3VeZZy2F*kLRkJR_5RlMC|c0C3N%h?qbKTn{m=QRP%v-(jIw!@r>;i
z?I$?pvgak92UP}KUg=fa+w780;<e%?84{t|1z1KZbYh1D5RXJ4(UClc@@b|zGn<on
zN^-UAw8E+M#ErW`s5>8xW%p}^MnR)^A&KSI{^Z0STw(Omxa!ErGfM26Wv(2)SV~Y#
z(xR!9opHzZYbNI*DRax#1RQhFvKY2)>uQeKH@sM>KA8>0-bNAn3{T+`galF_nGkhW
z@N-1*2ZM7rO4U=I=?IWsz~_rI^=T#_fRY!B9;4nhT+5)%7wO08sc=&fUuRtKZ9Q|a
zhE2avOC8^u`bw!VAZMP}ItKx%O=i$n;3lgwb|yv`3S_aOVaC!kwG+LlQ9Xi!K(fm*
z`fMFNHeS}5oX)(h67ez!3%99HE#2vi$GcN)(3LJ8j_98u<tG}x@i~b*KaPXVwFJ@m
zU(l{cU(U(cAq9l%bEkdSy<My#lgEp?_iVdE;-{^$4qOoTt&W_Q4UFmadCg+Oy=-Q4
za<!07NYX#NsX2eB@Bw%ZRbo!!r0{<+8WWkqcNC;p$T1B)EkG&vs0V^bL#c?Zep~1^
zhqyk@@Rdm7UDLy6h>6eg`X5PJ1?njDM$!W{s%h?()muerXbY2EPzdrXktX?)aD%vL
zou$B7x{5J&mgj2eApb3U@34WJaY0fir{lqQF}^Fj15zuOLir^Px+5<MuxKYP**)-S
z@B{=yx3JsdU6E?6u2QZ)4fcps$_HTtQ4cy2vD4x{O@BmMYlp&(J$VwT|9;QH(0OTr
z55?j-65J^2nD)_~dbGYKUqdvx?3mG?dTOiOxtyH)nCC)d?V3Y&FG!Gsc>mG$meTCY
z!6LgyfL#eDc{fLM&mE@*`UFe8&Aq7ebq`n)=ALi)1k`wzkVYD(Fngk!8(o9B4f4|z
zXm!9I7H5Freh-sb5G9G_XuS^CwLagVHSVgF3MeL{#4fs%TeW|Syg;B;%EVXFSu?In
z6v>|5`?)*;IWw#{IbJDROJ1UaA|!1RN0#0;5`)vLkB~L4eg_dv^uI#bKQT=QapLkk
z5a^qyb&A|8x0FehL9lu5Sh)Iega^B?_&0=K^4;OS<`0o0VAiua$GB8b9A<SAZ{Rd9
zP!Cj~PUa19qiQ+MvR`-_NDvR;lHT8owleKkyQ2jXi>`+U?U<MVo~i_WNL_WZk_V1}
zpjgU5YFRv2knVi7QdTyHZln*GDLOW2Q1&mEsT;xdDL{z(0fe|T3=tH2khc3M^06+G
zAP#9YT4w*<F7S*GpS8^{pV;lzN?3y(#)I%9SXDX*oIxI!*WwTvasngqb$(no2hx8q
zmyG&-Md^+!tTJ{_xg$!(Qtu%;(x}?GOld9H^JwHl98JVBJ=1#81y%oj@4iY`fZ|b>
z4uN5zMPVk=RE)kUedGr;T|By>hX>i>TG%=%!JoW%1CvMP6W7dD*7ltqim#hPSsULB
zXF1Jy_rgWCVzm0(ko%U_Q8e676^}5(jfJ2XAD5P~!oIZnbZXz6cz^SHP(~VQn3T#D
z$jUD>cX$?T>34$K6wOm(Vg5?&-@{)*zP=cv%p+bjHk<K1RVnOX$&fdvBpb;LR!SNs
zWd*4)0}KdHj2kk&2=Vq^Bjigi1YkC+9HUEMH2K}yK&KV;g}tNXZ%i+eFO?W@b;DBT
zlQ0srvs@*EFnAVT)*m7T^ndQ~m9pc~8&=Y=hA9cr&2rPn(Ogc|KIBeRMX0Rrej>)J
z`dZ?_<GG-0mvM#QXOp}-9z97my;W?J80aL=(i)^{S$I>Ic}1jNM>~VP_oV(3R){<P
z{L41OZ9WRtpg+|5pd4*p+Fp?cx|1MlbU%|klChayYUxs>5CYfgVecl=fIuX0H4`+X
zg@d2G4#skU9{2PF!I5qDmk>aN{xEewH-s|i(4hTLr;w)~2Yvusm)-63k~v@1;=U9o
z1>m2@cc{ZN&1D`!kj+|GmjEQe<Xo&KftHZtCkCS4n)~wb`3cQUz^^07%1FcnMdPqk
z_T(xntcrH{*RQ9cD5fC#dFeZ^t;Ux1lNtl`F}dCqE4Ouy<f=8Oo?7Yf%%P#kUuTqC
zY>)+HJCj|pbwI0`qjP0X7$e`543*oyOelA<=XUo~&h2)Ya|J#%!*>#e890+?0n9Hd
z(+GZ$kSNF$WV4@nz+USvq^AFzuw-r5_Uk_<ECpmA*P7Hwys7d5ANmY51J;7USplTy
zB2TJrWDDZevHG;d%<#-QbbN>|%$c+#q1aTc=z8Y0AsQJ7GS$eFAwrOd*$sDpTo2f4
zT#SYK<%EM&=X{(0NIEw`I_hI<cg<J4b|QOrBg96>tcdrMcIBZ!#w>p*><PQ^s_Q#(
zqjYp1xStJ)5G3PEFL(2k)kS$kK@52qeek1B)_H|!AA>P%&iVmZlkJr-2GonW$<FO9
z2%P3Eo^sC#O!M7th&*ePRy2HH3^Be##+jF2ez{cQostFDwZHF2q!|gFn3G3e^$H@9
zXAcsWLC@aBvj<v|`-8xg-Ccd!EeeW6M*QGShOq#;nCC-|qaQsiVv!Wis~&@i$6Qw;
z$A2KE*gMp*WR2y~DM_P3uP&5%!B0$x5jPSf8p@rW?$!>eX}R3?e4z6Y^Xi+<+rEai
zKI5+R*1R;4y175e{Hmh?i%<fJsmLC{WRQ7}Il`j>1iJ`SZ5+Do6@@b1SzN>3U2I}`
zQG%pYm?nISod+TV*g26LT~DdVrT0+h{F&)07SQPD3&qD<|JpMNaf#opBhfqipPtYU
zbm>*+<o8x$oOoRxK-=YPq7U{BsKuB1+S8GeGM$7KC!JLx7!d?o^zlsJ|87JFnt=?w
zT5?5s1^1ik4ey629`I{Kyq@1A|I2Uo7y`*No22D|N&AO<^54M+e)y-_=cMb30!S=i
zB*}vR)8+op7k;RSzJ}w}s*Jg<|MEt^rUV<M*tXvgO|{#Lf7Kb<;77v4RgbnUfh&pl
z34Z##`qaMjAtU0^ZFNTw*^Nh(t!fA8>TG8qH?h3MEBWYNk#S?+kT%Emo=@hLwC`5Y
zI_@f(oVc9$HaoA{9{_0F3iLl<`#-2VcrssCM#Km;SVuR5Q^3&Q^e#?LY}gsv!J_|T
zCJ3*h06AUX$bbHra(9OCzW491z=uEts$4AE$dnPj?NY60RvZBK^!KMc6iC=rShRT?
z8(rFStJ%!9pAL^t@BjV^5j+hD!E{|tHa{4&(z|y!C1OJS3R*}sM*kicJT)+NA*k&-
zTZI2}{9#}Os2Ua68vDnTTed4K#y2wSa(acXACbF@VE;J)@%4NWAB;QMxmw3R`&h1T
zc@UZK@Bnzcw5nxFPlS>1uRd1W2$0xr8%9NR&!|^fG-}=<8b|GDz_g7>ue)Ao0-<8n
z{Vxa{z{1Pd+40s!)8)&8x;?|n-U<ia5pYI9jkcKjgcDFKj)k_m{+NvAI=UnUzQPgW
zwAqI|x}C3bg2x0WTDJUL$_tjYf8lo|as<WyDlWKX?SD>{`^)F)b~g9%yfFy?w}$~H
zzuv<oazF-{SenV0i@HWAs1C;a2wu(ZDw^)b=iA#`JbrJ`GmAwmt4oB_>uZq?Ux@4z
z@A5-&@iJ}vA1Wek#82>CaQtOaYyYzcY<oq#+{|K5{fz|$9)aF|5jD$b&lvS=*0OEf
zm#*WW6$7CUXhS_wWV1Vkuh1Lvrcf*(kWS~K|81LjsW(%Sc6<8#0ie4CG8xMex?W@T
zB{3Q%K4{iTVNaH7;ubGdL0qsqo-B7CD3{7KNF>o^Ajx(6fWiIL4S=n4eBm#f0thWu
zTLUOLQfU}T4EpEFC-+webym+@Jf6>?9ez;Rv2iG&p`oYGOPmrJJlLK7a9_rA#5yNu
z94%MY&tgbTV0^Dq>6oEcmz!O8=c}O{ju)>4JAO1aa$+pZ>x^&q_oc8}1|~e+Us3Y7
z-FiWPX7H_cEztNSj`Dh2m_m^Xx!R6#9HFWC?ft#Z!}U>FdHIj}`a8I*?o%QJQwpUj
z{)A!m(IV#yt%Z<*yNFXf5GMFVtU(TT>vgttZg+pRdK-M>3OzQDMF?(}OXzZ_pqpP|
zhctk13bX+knSlH8)gK>UBfwiSR{8_&TgxJX2L*CNHPkf{z*ZOgoCL6lW$g5%)atDG
zc^jg#MYL~E5$HXtN=iz~BvMFZcr$n%`3olVJ11YLk{Gki7i!QiZdTf-ap~RI{zRu}
z_eEwFNR6a(ui71=)2KBe=bHK|<yR?^>kX%VetAA=#Ve%Ir~;26k?g7j4njZUalhAD
z&k?h-wH0jja4)y%hV<O&_kRTLW|_*hzcQJ!dhQV39893?vf%P~ME?MG**jhQU9lOs
zQ)>e_i=!`{yAcsKp5~i(@j{IsODudu>Gwv|qlMbefQS-NfNEX0(BS#PbN&>M)_8Ns
z?+3|(pT1I{50%Pp`-#<J8M0iXt-Rl5cQo_E;o(u|Qfpul%o?CH=7)2QXz}rTr<Z&3
zkI|H*SkF(m`;++>g6{NO#ye79CSML{*)ll72!w+{O=vl`c{_Z-NBLxIA2<7vCi664
z9FG@etD#V-0vqfPw5N-boSwGL1Jwb5e2%f}I?D$rzW{@UooxE_#=S)Hu>pn*L0WdJ
zvGl(fy7EZCfCl$ECu}%xIuaQZ73M%3Wkh<ji}vZyA0`tTEIWltQ+`mfwHL%{33V)0
z1h8Jpr5YW*y{wTNf`x?PaC3<XbQ0<5>2xeC*E>a#teY_ESmWttN|^CKOU#`ffg2}P
zs!fPLU7kb$cghorjpvZbX89Hnc>9NhKrtBnK`;7F1oU<2>|(be?>6^?yT8U$taWyF
z3Wkvi2P5;BqymTSX3As=INhBS%jHTy$jeV?DbHpKg2m-k*v^#Tsbl|^P7|oN@%$+k
zLt->mLCoV}Cw#nEKP6(f!sA}1)$V3@G!OFu3`R~jmCl39U?lw)D5kZ<RKYi-1R70<
zDdsEXW)~|P4u5j_TmsXYBB!T&7z`#OFIGzp-Q(2yL=Jn%)bI?MVN^y&MrNFEA1X*T
zzdETkyC|}|;c&b77JaMS-%-VaBVak2Eywl&gYj+*_?`a6O1l9X*vc1z#J_e|X*lrS
z_Rn6ON4O6N<w0$^IibDiqCiEiw`vG~*imhh^H{yDVYhq_no>g4wB|S4`FZ%-;BV)f
z1!<)g7NSWMajg$ubV=P8>TOAdyb@V0c}!;Vi|?sSS=j<c7g&LFBRj!}FZ($L<Eg&~
zO4DPeK<?jW3iAIhyN$YoJNABmV%lksIG;T|I0ywCl$EI{Ka%HVOSKq+@}wTb%!!3<
zeR9m5%H<5gZnN37Sa0i%Y_{pr@eOp~($E9us-Xy=^@e!`GShsvqeTK$-Yp9<uIzb!
z({Tj|m4ID){ISgmtN0&+%E5R6$h<-NM|U~3BS?>x=&o~D?DyxR#M$B52mDB8xsn;c
zPLbhQa>7s0=z(j5B0r@wmQ|{4e$9_!@p^!8IPCi}7b<7#_QJYgAr2g@`G6H1hoI4p
zdGdK)9xs6re?|T>VK6jWs_9u}yaWj>oIrAwvDI0}$GS#Wt(BH$6Q2f)rG`B9#(0}M
z(YjI?OqMLZc5i+S&b$CGHW`<z{h-<tp!O321xbP2x+=*WR&UUnE}B!RvwEK^kzOPq
z5tc#seyVT=Xz2qk#De&-&)@Q!sp+32Ml@m1n-h`QCVi;sl5ai|NesH@vE)DIslH|9
ztdn{N`_ds<)LJaTPM^vD64ys*IJ``%d<LaAPt6ty?*cpu9S}H(+mLBBu#6{E*Sn$6
z^hV-g=4Y$!2`qA?4fAhdJ~MzKo*&I$VNx(DSZzH$-1J5Aq}deP?aiYkF&GGq>2$}6
z8miYo52te%@+waI1%3u%jNCBJ=Zrep3WK3f3nDOA8}T(=5S7LgBuu9BLY^&?XumrF
ze>GNUD2>JA2HyI7Pq{sm5uw`~{!tZEe;{7CIGOqKn828f=)HKyPZTPdcR`3ryFvtC
zzC7L;>c^64P>rf`*>2nYET>kjg5R6?t!&D7-{7#sL9B-3XaiZ*Qm9m%<x95{Lpr54
zh$WTG#$Oz^&s;!>KV0_M+RXUA^lb6^c7Pi3avEOnBQuUXSqYAu0Gois7=~&1Pye1G
zYKS<z`DFQ>*!8TV{4;cylAJzzB6>etiQ>c%WC(AQz)b(eoz~m&v}VUh`0M4n){z*}
z!^0D757XwA<%g$}YE+?m4*TT_Eyule;_C7-lbI6gi*4G`C)<08CP<zSV9=4Xv+CoO
zhP3>kSibf8gYkRBVqyt;9bG{TE>%}mqJf_-t}Q4El}e*n%;#0=_zjL$D)hfXp=Nk+
z%yl?mbJ|y^P>x3zYc#78YDi^pP!A=u#<1IN4*-!tpYP?_=Kj+7>dbx(fx<!6^z)n(
z;EfU43_`UcbSyDp5NuZ5F2Yi|9ck1Z{a1s)2IDA6e;e=yx2+wd3AQe?&p&+55&Zg7
z>tc}yw~X*jl7jbR=Zly3(1mUiq07Bs*%{(XbOb1-?iO2O?+=)lm&kX{Y)!mP>@`Iq
zf~%3Z0gY@-!d2n|I$5_@`{exmx?825X~oA@<a-r3f4&F{_a`%(5(5^}{@$XxK=GGC
zezXf4kNLd9T)AxmQ{GFBult!FG!~nv$xH!xIt-@C<$KVdA{rVtjKsppOm`tfn$q#i
zg)@EYrDzBIJg^Ve?<~yCCdhDgL)K5xqA+JHb9QSl;IP>6aIW^nU*3Pnk<Ms2U$C5E
z(s^&YJ6oRp6GuW%FNa8@j%;fnek#`J#C|VpWw@8$^25j{Z$XWm2!Wx*wNC&2CaYET
zavfn5dXwpbUs<uv8KN=%3Q9)sc0A9!gx^}VeM%;p)_%5H>(YL!ar3J(of+P5zOj*u
zcDr38LtzY!H4^lPj`I)0$j5H0mrCQ<E4jKkp<X+fHWreZp*b-&$GT`>-S*-4{a)o1
zbvR!y{{kwztC_+gcBa#<cdTryzwQfxh=M}RyzC|q!h=o(qy@?d#_isB$t=aDwZ{~H
zR#zL{A7B}Dd+h4n0CKcjrT=Y}5&rYDyWV78l<ET*`Fug6atv@XT0iNA4|9dycF{MR
z(^Y<`714%NqTX=qm{GCJ3X>^{FftDN`%n?dZ>Bx?kI}ydb6jgnlILmZ$V4@UGDbSk
zNTm{u%4;h0m*IuX+iUWuK{-cKST(!p<zM_QZ)=RRbs&WPe7x8(RZtbRD%0=*CoKa^
zH1u+BgI2LnDNen-QGeCz8TIh_c?pp}2PI3bOcQ<%Gz$8K*WuCEjlrTwqz4olHuCet
zZ`1phjoxrds9Vae{I6nSpG8KhET+T}5r+pouaD&shE-ivACzq!(QZtps8qCQwjb^f
z=QOFNA(hPC-G5oOdaUow$vnC~^skq;Mg<`W<cP-=tgo+Ana-3<^)@&h-A}Uk2P$Sa
zG>WtptK3D{&4gjm3&<P{FmdA$m@bMpmE3UMo<$LU$=NaeaOcuH<J#!j9H0`j8*lA9
zbXNC-h*T~Id$_zz#NyC+1>cBuHk=XiH~R}HW}U`>Qme^m-GN7gqrHdv&#-dmUQAmh
zLLN(Q6^;r93|L<phy8f0pok<=AX#P%=|SyE1P(Vv8i&Iu87NlZ!|kond`V)Wx!g{1
zEs<wS69zjH{OJ#o{ME=BlemHPg9Rmz=IcT%b~lwQ-I{*OnG&&*#rj_YcQy>p=f5e+
z(5bV_i;J14%;G~obE{h9EJ}Rs)ECNK{pofW9G4t!Y9<p&q}hu9aDA+px!Kl^`zxuo
z7LvtJ9m*6}G}C_l7DBSw{<cq+T(hMq6oXxkfRJ@SI$+(-spywt;q<!F_)yk}{Xqw_
zDj6M}s6Q-bZWQIp^AqPD5U3mS1(^hZ<0OL?s*EeAb}`hvE=`Arhh3<<N=C(En1HKJ
zEwp^d<$o8{mD%+p<}1`!%>Vv!V^LwfAreO6trD5&gs;v)W9!e><gaBIs4dF->8#-E
zOo>VBN$ZP7L(|N+Z0=w*TAI7_hQ86vPK8L5wT<j3-Y^W7@jObQDy{Uqgo^72Pw_^_
zl_){$0L5MJyieiq(HJf)qxV$Bs?~Dz`fDA+h$z@`!>p<5YF*V<_({B;KQ7NNVop!3
z_GUAiQ#l<qf|0AK;4N{6eC!G2AlC`E&5lD7TleN8J&KGFlu_`sD`Afo`hCFi5z*0&
z)>Z-`Az)!qd3kx4(12^xC<s2c{4in`>fvLWuQHCA{veRdW_pN9b*m{!dn>Xx4(zM&
zhRKq#I_l5xj1NYkFcLy1n8HJ>Z$O=P_YtKnOJujrEmCjnF=@sLlqy!OaWh-W_%r)*
zNZYESUry<u%(1XFlpqa>LZ!7v>U_Q#1#>Vn*q<TY@A>>>X$)Mw{(QZaz`%ybw}dDw
z36yIyPr8z71ART1tRe-t`14RRS^TR)OxU2(ht9KYRs87tFJy97Ygygn<kBaGjZx<&
zh)xioh)do?YxLfdT?5_TxYjnwWrl{pp%J#tzV_ClZ==Ec2U5QFo@eu00p&=kGIII@
zzwn`U(Y9%D1t>SceP<_8pL-Z0A|e$yjx(4WAbT=ycgE5nG)FN>y}i3aMZOlnj-l=7
z0BR&!{U`sh@e02PkBio>1LDh79OJ^K6qdM}ld8BD_XlGW8aG`WZ^@23(4gBjux_u;
zb&5F3{>GD<7@$<^569;0T3S*U@b3MNjR{tk3p0imSoW>TDiac!_-kA=iDYu$T4#Ww
zuhH_K?@i6k%pjl$<nYJ@9fVA(8xn3!B2s*1XJ)(kD~~HR=8bAic4B_-!N~(5At9k-
zQ7Ge0b09HV`d6CjBb=Bm%*IHwsP<cr@PWcs_N+kb$BdqmO5$`9y}1a2Q|Qf3gMD#B
z7ck<gQnAd;@!YV|V3UblsWAo1v$Iyw5L6!3RGb=trR2n2qrJJpgxn%Q1%>kUZoS(w
zZHn2|dH07KF`y3bo|$1?a)Kw3ld}-llKIKDW3BW9pUF;cUb~TAS;+OL5+p(BDP|L=
z{c(=0WFWkN9h4B`Erf4sv8?Ps)t88L4qBmEHBpJ!v_>7pK5wn@5_Q)*`EE#;Q4gS;
zvupVwM!>Oo+}y~(ZdXC2-k^{zZZ#V*PrVI8fGKw&EZi$fFZ5|BEt>#K2qxz<<Bf2r
zWeW@14i_SWws+`fq&yF3+4l%?r%0yH+<Lq4cefj3#`5%Ty7QNN$t=)&_oFKhPs?aC
z1j0oXA)${6=*Io1w9l&YwV%CVK!q~4hpH{c0ucxmp;I~Rlg(z!G!8!FA7Pn&#2=|*
zfhPf#g@5+hWw_NBp=P{xbQso+`)GodbZi=`KP27M)U;Vxui3v%{av9=aC2}Rh)~~a
zOUA46YrQbD=IFwWRT*`UBPz=gf<CQ8goI4EA`w`6a5>2wJh?p_)nat}fpcBDKTK1T
zs}>~!`X^Vuw?6|%lyLQq=zF8SEe}zo2wtXMBwtm3o@`lW<(qQi9Yhlq00e2EI&)$t
zc!#B7gij2kf_TCf7Z~@!lY8C63kE<dt!=(c`we<MpZuP>^D?T`A5?ns=N`|^Tq{pB
zUtm^5f;At5$M+KbF~akpK;rv&=C|zS)o$}JY|id@t=8~CZ*sjYQB>H^KM?)Wl!rym
zW^HuAh%J&vsY-O-zQ+xI>0M@<QDD*O$;6jr<_oE>cOT2&UujykEibHS($xZmR?ZXl
z3@k2>08a*k@I-cIOV}BVJF?Y{*=jz450JFHe0&d?D&zTaOc1`l2Mp|YB{l&u{10t#
z<!NZwlVxtn5I<F3kq-$YJQ-QlqIgQp4^j(E-_b|-6%e+Akre}N7|h|(@VF9d0t3N|
z>Ge)~SMbUJP)HCGne1o4eqsPZex*(~<Y%l?{)Qa@2>I?0i(O#6hj;tqy-7`1Mo_}p
zMz85U9aD~~AT>fxuuq>Jhv6y14NOiLCX<m?12~;2v$Mr=6S*H03bNoSU#m!3Mp#r-
zh3$?Ml%{V+V#!f8$j7Q@xc%NL%N31@cOI8(0X7HM*mru1Y)~)$<{v)6P4}T?1J1XP
z>d!(|I|)4E&>X*v3$Zc{O1V<$H_GDgwbOQHfua2KExWr$VO9)}oE#h?-aViClO_xm
z%G#g#P09;fH71yBMHuCdwO5>)o@$uUCVCl6JrBVynqhevYtxu{gTj`mxm~YEce%2O
ziHO8iR1zW0{NbcB=mlj?daAhldx*vBj1^*KJ&n5hqD)de+#mAzOy>>$q!I(gmZ&Ru
zKH|%muDgHeEf`{%A_#`Ie6)91@qEC=8&dp_R0#k8m#XnVojzV$o2xV69x29FRfsdF
z1=G(2(+~g&7hIL|aq3TDEyYuh8k1>S78SEQTmM+^c;caojf|B_pz}eN1s*<f8j6~p
zUbaM|x!{T;w0C`DgSi;Z0}_=gPnPzUbw53^W}(*dfOV}<sW8_#D%60dhTR_gJv@(^
zdPvSM!A{%AY09-n=Oef*pRvecYR~6KxduC9ckui?NEC`9Spp;YtTKzq@jB0!A9#|}
zQ<Tb^wVQgyBi`}R(OJd=WvEOSJOEUgpFi35?xHVcM%WK>!vCIRYak(JMw9kT=!*b0
zrcegn)@Sr&7A&jMZ$KpjxlDH9k4FKvHx}tn!(>+hxCj1>W2G!#g;EXf&Pk&(*8NXw
zZLI=+kbC2@_}!m<{Z*??e!;+CuG3FKw_9F@8R7aM+zTjxv*8CrN{rH$FdjY}OcmPj
z;Pc~xIU*<3ZeyY&%c6<)`d686%PRHc00sFk53~8`n3#!l%j1yK_ZQVk*Y8Qt(VoqQ
zTH&xca-w*0S?Jve$;rk1h6zeaqF<(zw|cG)<Z3mVnO<1+19owlgruhOWC@2#@zOEe
zvo*o(R*%-#vpV)qT35z)KZ7T@-W*TaIc>L;o6bmueR7o>EP5Kc;dr(ja@h9puGVR(
z^Q5{v<}9`c<%f3g<AdN0Q2%puTgB3I0bdMiArj1ctH0S3w*OFu=7#d5tJ&EC6vtEU
z$B%;d%~wPQkDL&*An(J<$k|ys^XWQzP>Z_Q-}o)Q;n$vy;rvsQ61Qc4gF-1siQHY_
zO(#L6NV)nmNd(q5oTI9`Yi@H_h<U&}*iLKka58WqJHB^XgzvxOd)c|uFX(`RAozA$
zEHw^h35S^LxC|qFy#0T(Yj|J(=G|ZaBu^LMnBK<D*&OO<M-WcvV_=oGa#_Z?gww2j
z_N}|@C0srtH#7{a3h&#wMfmJ|tnzd2PX8VLIob1b{%MAWz1g8YeX{GlRS#5@Z#|o~
zXXnf1UxIIc3a;M7eq`2>AmEX@#~*+5E;-_5xud#z@{JpB183H4KEsVR-S45$4QzL(
z2*&vB)A8NV`P<v?*nzFc^UXID8;=A%1~qPYr)@FUieW4H{xn_HdW-&Y<Ov!Frf)tC
z@=kAVR_SNH%WOKkP)$FRO=cR(VyaERy5fq3r;hErjpD%@PD(|`q3#7x`H%y2ijDMs
znMzaE*)o}Bdb1GvWttk?fZ<li5nUvRGL`cn1E|Sjmh0w9TRFLTz1dek-??>fd6$Xz
z%lT&)Z>&aXd{yjYQMjfu?cbA)bBzu?`)QP(k7ASqlRv1Ze!1|`W;wwX(fb2CmMmlY
zU7oMU-0lBsaYdzDOV6Wwe|DELJyDKYGUK1){|#;pzng*6U+nkffBrgfy*;O*)*`%Y
zRZNMr+rhT^1!zH?1B&0-#+|wTCj@e8tiMm%sLFgq^XtK6HJ<NYPwyM6IM{vRf7joW
zFK|a50wo0>{B8W+p1#|DP67Y)Cr)RL?<9dD)dv`<8=#T8?eDueo6#mY3sis=ugu9=
z`U$#i372<m-p{l8pTA~-=_A&jQ;I0AdT^7|rb2bU%!eIHEB)4|+=xVOz@FILe@YHT
zIdF;NgO|X)LX}p2HP@7xmNof)U)H+x&_liy)G4hp#|KF#9~Q0q^X2%tsZG7HGbT+&
z?e4V$^Vl)Pv$JZujYM+<QiC6QsB2bK=6>TnF%M<6_ybFU9kY-7K6)iH<@Zjmzzvmr
zHaA&O$HEVM1~#al{WLCpA!lo2BYl0%^PN{$m!_|L5*J-`cdydax*V;_;JTt0rNxEF
zvHi{WflIHv%FYSrg~bnY%vM)=B#h?OO`X7r#2lvAC+?n$-lVtH@3C2?_nE)dO;fC2
zssFFd?e@sh`c(Vb-0}kd4*m-H2el2~8Sk-!7zfneF_(XyGQoJNxZTu<X7e4u$oM&#
z=eirpJmofD;9jfT+sD<?)AephOx7u@+a_ZB-MnyT?Id;+n*|#?nWeZoL;^Gwf*qbi
z%r1IY``};w)9I)4{;F;~vqOEEqjBx!TARH6F79il01tmR2UfLmsgv_hSZbmqdj&>V
zaPRFt<*~ug?d*IR?VovXrpJ^|KEip3RT?Eg_b4!ZFW#%R{Zr`V*R6Y0ufCkB)4L0n
z@t5jceC&!Gj6imz>H&VmNY&}h>#HXvOm4nd@Df=8A8?^qFSEo%Z<GmZMr%+4;OqUi
zX}QnAXQ|N*kCDrq6m{S{(@oFmwa9|NLOR8zp^3LvIhe%;6w#}m@7x;r`drY-y=BYR
zJ)Mk_ZVt!+Q|U%_?ZQ4}x2Qa*02LPVd^eZ6mcBOUnt0_(LWgO6(fXyy54W3sWMhr?
zKO(zf2LJs30-Qf>o;cJmu%B^H<puv2_Fv6Urz`%bI(VJ?a;;;1h2g&mRo|zz)W{q-
z?{)Ln$)>qz4xJ(Vpk3gX%Q6m$rrwvXTVI<^_`mY@fkpFctIJOOv$fWdd;VEoNpXI=
z49M(z{uTe9{GIUK`SNduzm5MAwEr2r?>_%CQZsnI$d44%m~2c}{qTPh<DV__w@Ke&
O00K`}KbLh*2~7Z9#~YCV

literal 658886
zcmYhjN6!4p*B*8a8-gJ~8!$Y*z~_PfU=Bm(%w|p#fz6y#Gwwhe(NJE90q?^@j|_O^
z;_u3^fquK$>|(Ka>V)T{_di>v^dJ8H|Mc(w`s=U%pvb)Q*I)nc`0KC#{(t=+{~b8<
zfBtX(_rHOU|88?6_OJi?zyHtw$6x=$fBC<DLi8K1vgwPz{zkcfj{ZiVdfI+}qx|0p
zBJ@S}Tc;5mg7d?aH)T`g|NMqP2=X6c@FF}2{~Kjc61*Ygzi1pw{u!TE#rWSQ!v6(<
z3I5GUvu6BFTm3i6g73=sD|+w=PJ{Q43*I8|2Sfh}#{U!fzkow#p8Fy!zFPD98xe7o
z{1-}q)BmQ)o}vGZaNxLax&nMiMb=I4CHb13|7s>M9D)9Y{<$w#uhReqi7<ry3;Guh
z!^pp27z2a<zXyCr!~a6TIX5lSwfX<u?tS*+msbBgw{x5&Z)RUOz^2u4x(E`$fOpJM
ztXl(!^@nu-@6F#Ie)nAbb2cxICIc%${ze5r^1Ml_H66f^=D$%D`j51TWXhLTUGmD1
z9o>K7KeLZ1c!WPw|1FSzGu-<Ev;u#B3-sR%{5OmLGcT#5(Qk3$u0aX2jAAqA8^K0C
zIqy=aB1q12a8*iy2V7ai36d@eb2KR3b){<vRkj@2GRC>7d+?GSK`rCZ%&dgkJxNE@
z0EA(&gH!FYgk=1<8HL$p1x#i;(lb!4p(qXtrAv;R;G_)x4ze=M>?(7Xu#O4dJ&~HX
z97g309=-$_G6>&&ob^j3E=?X(X?@Xbxxj6}3r=RjUdp;Yx5Xnf&zYzdun22*Q~l2k
z@Kl=#z(nGQXDvW!n5MSl1NM=nyCpH-$F#16W8bT)Q9rWae%Dk?*1ES0X+gJ6gF&nc
z&Jz5e$;nO5uGIo346p{#NwM)zkXSjvu#SVW6F%NKI!m-*WZ=>Hx6|N;;M)SWL;OTq
z)L014L>SlF5zHh0ldqV6sq6|QgZ(Z?8G~_AnuGU@1gB&&QNz*M{4orAs>G;dF9G@3
zZ#_yFjT8~>AxMcIN^!37whu&vehCiK!o(Ll$*Ia34h%4UiTQT>m}O$+BKYceC;Dy;
zk&&njNX=nSLE@i%iNB;5C6<E<Wt$=1ToOcj)W=H$GH4>r^&0WC9{K}hL@W|CKG3j!
zpIJJ9V6khUT=W(Z)=uZ;Z_r+;6-5d#DqDiTog6u9&50QtgC9O8q?XQm+54k^zEaEb
zca+O(i39Oqfgp=tY9uc-x!yx_nj0o>bov0_@C#|ZFF0`Axw640CVM5qrc=LzFV6)j
z^*~F9P>y_5)nGR8GQft42<m;|r|BW_94$INriVfKgSlnz-R{~H*o4IKnWWSo8X{MV
zPT(o6udM5Eexvk&zA9iq$aiO(S9!e8LPi^SFZvSp4t+59>#(?c<O&t#J1-|Oi5{Ng
ze02@``6;CLJ{rEY{{EP|d7z&iY+O{5IfE89@jgIT$g7c~84ZnIMBwN`t>9XjI3oJx
z4ixU5z$yTbh{XG3;<c7wPuRS~(o>-7pLGQ?1}+gR>*!|tr7*X`??(2^Zd>Cvjr3#p
zUt6L!vGOSE<-j{=H8A3WfG!nd0lalWz=<YjxvD*~K`>Zo6@Y;oT|r=nL<jHb`SV_R
zaKbCo?>X=XOYo<G0gJH}Mdn~4cKGoEFc)m7l+=1#!-vx|_*G$|lqY1WqhFdlb<RTM
zy(GkUosR`1js03i>&w{7Nbmf}_U92qu<@+PynKLl?_!NZKwYMM=rDX4``+Gn%$(<~
z%apAHUp6i&e11f#2Rs0n{9E#+x*o<$87X;%I`ef*4_k1gAxa89+#Se{`1@*<LWgSC
z-s|lV<YPnNtnvXoCEiUqmO+lHCYBKI=@0&1kJBx^+_2!(!3?I)%8ddW&i>&Pin}i(
zrp<R3nGG0IpmU^GC7M4~K~wJn?8O4wviwmH3~VCNbvZ-wCD1)3;g-Vs_r}&3z1y=?
z=N)M;eJcZ~4mQkftfp+pc3)y`4@5=#0LHWL#xUG#E3ZFfH9s_0E+<k#U2!~C5xJLz
zNs(95(MX!vvq4Ykj^~+D-SMT?f%!x68nY=m&tVdfi>>D`QC1nnUcQ@r5z5JIO}Sbh
z{FKsD>8jz<eZiKCQjA9&jKlA4y(~eW);EjK&$T15be5-bhzaWC)W@+tyY)x7(SrPK
z6*U7QvDCYJ;InUO^>_~b*XIpXbR56HIftMEIi^BEipDt@v>Yd+l4y&8dqn%RG~6J@
z*@S`AjtC+h2jES18b#R_#FrTZE~t9WV0S%x=*ez;G8Jl<2EY7devCMXEUq)Q9|r8A
zIIcnZT6EUl6nZW+!MvPTEs=6jHfb?>Zrcb*$(XPn97vl>HF}I=oS9w!4wIW(oZCw{
zAdHn!m0zF@id2E~TN>zV{q{UEfja)ti!SprXms&l@_}k)M<lXL2jX13J|)otW&*uL
zB!Sd;teIPLCUd?M=~V*YE;Cl=;Z@8OQ{20WI8dyF&AHv1)j0Q!xm%Dd)|q-YnnBO@
zacbd5b>B>uwy{fQ6xj8jR~*)%Ni2+eQRn?)swnrpF@gl2W~i#!{h(X1XdWPTtm~Xn
zFLBC<8Kj?aQ0XYsmZ>iVnPFA!9p!f<ETefY(;-sQl*ikMo>gbjnlt_8>$WtibCe!M
z7&oT&*mD=sY}DRoH=6td!-Uca$W%lfUJ}Ja!=*s0p996<%m+l!U)94AuieNMC)iio
zgjPjKruO7MTuZwZyU@D$YP1ubNu``?rRa<kj8ChY$A7h>dz<PNSW{fz+)A+wyAThb
zqsV^uOy$C+e_kGzTP*)BfyJw;2bqMem4;KK$mO~PasAk9e~t?PVu=MNx7q%=_#6QZ
z{3T-e;TGNCL-qYR40hT_z3s?7&(a4#rN%m!n|H7!gnO*F&AT|&Ylgt;=kXQe5vrju
zT9U2hu=HkCVXJ#bDVuzBZ{8!ok$kp|{ILd`+9$eDHY9$8I#T)<i*K11P|~39PGM{`
zg>n%CbAAJq4O_N9d5@Sml=*xiM2CmswkV`QJnw_)vX`#0|17RX4M|7Er<NYxbB@W+
zOod4~J}CqjFP5@Nj%XHp`CKJMe!i2m!qJhJMj6|N<53P4;#V|sDlR-c`df~7t5gUF
z#*)nneGZGo6WVfP{J`?G-}8`YjTQZVA*pD;Dp;O@iDPwrX{3lWPo4GW-BN*x;JmMz
z_Z{)-RUA^IsXazRFJ3WdoZ3ivWR{4DA{mi8vXDxiYw=E@F@Ppc(&`aiWEtSnre9)!
z*BVfH)yZRl=NWM*d4;CD6(c$JqNh}DDzFxANN0ru3N;zTtN&Io&Wty}=&T$uMH^n+
z??pvw&4dD+L>ulBm7Bg#3Xxik3A<v8uZmo451e}pO&0WGZ%s<*NyGjG#<@SD`F*-%
zo4ziR{?YTR0n0+MX(8Vd)(4lRf{40Tyig+MOwPmd55Oj*1Xx<Umre!-mBr3iG~XLn
z?n!EEZgxw$k&_|Y&OpHc1!~e<e;j*tgUnlAD*MSFX~uK63)t8qHs}{ejMHC<m#)yX
z@9Pg!?&qOGTBA4XIy|V=ePWjNsF(_xV`<HL$v6gv^SpQN@lE6?-g~5Th|HWGDd8~>
zdTuaOaX%8lFm)lez|@KSO@yOwDoO#Av*;nQ8x*zUsA%!A*&|`pGpaX8Wcbt6zxnJa
zcSm?AW$4XX3+xaC$6&Ni@4GhIem^*UeYcpRA&PVMAuQ&#CDx+MC?<eT<255fZ$snu
z$u+qL_X`v3;%n&$sfBzbPt8yay$QdUzhG$1Y|va0PA0Q?R8DBCD71jPzvQ)IAA5VY
zDZq2J&Ob@M1UDYgfwU|tj}J!Wgs1~!uu}x!E<P3-iCB|9GCRb~ktN5uA(DUR&kD7L
zq_N80hJ^M2>rm#Zw@jKbw@`gu{CK%+bU@yYTMq7@DQYNzY&yqPfF<xTa50J_)gsLc
zqb}z$cqC;3x3Y@0(-+WHXg*mzw_fozFB^_^4qvzhzN(XeiHBcKxApPXC}yy2<?u*F
z60%h4+QVZ1^MZv|D9O^IMk^>ZH;1UHMrAZGRyIj9t4_Wpk&oX7q7+*f{OKhNht7*G
z4^gba>d1R&U{_FZ9EhQ|WZLk$`FR4<r1dl^PPzG{z__ymA?P&z?FmTO*Rm+o>GnTo
zy8#@`9-oi=g<rcJ)R<Lz1Q5_lxe1|~S3LtNIO=~%%l}+CEgR7z22ARWlQ#YMll(s9
zEm%oWQEXvz3(!xeaRhAs^J}^r=9X8dADl`~IkMf5M)asUKm17^BhLJ09_7};h?F!w
zNtCLw+NTfs-546crFqU9a%JdS>gbXgX9my2?gYH}%(~ztbXAWPN_n4Feh3+tUKAsB
zAKH`1uIa?Ecpo}W+HQzE;#-?3&|NVif5w9^SwjEz-ek4=))@2=6ILl9pEj5ghNC*l
z-+n_mnoX73x<NxsnENnN!r7_A#Mf3fx<6*GQZ@`FJdM~XzBeZ?onS+bpOScJ+m2!g
zOMxb~w9Am_ySD4F<Q{Cv{9oRtEM4q^O{dXLUBX52qC2g-8=LeGrA$^g(k`&HN&M}{
zg~2;MG3xkrju+&bn#;}Xrn@GM;YD$@^Q;!@A>v_Hn8?K9ln6(<al*Wx3`6~_9<Fgu
zTuT<@>w62dhlt_LhHOHK(QCIGF%Hee9y}{Rm0B{kW$f)93@np4$dga<1`{%3cQw?2
zUvvZS>|qw{Gl8X?F3u|PN1G!ce5}#hA`tebvsq#XVD)-6UjJqAhn&5quQ9T}l@acL
zysc<p{A}k7tu`*;w%Epp+l<7I=s6oh6vpQRfNW!V^x(8AFa)a5Mp9pwD+4a%J}*)@
zvkxzCs`yP8ps)(A`?mZzHYoT>brN(1HiAty-pNX&=8^_r80Z#9z0QDZ>HQFQ4XJ*F
z;r7+!q$DbI;R=rD-q**c2x)Xv1XhNw=$+8|JUAtgX(S<q4%@2DMCxoFW&7<RS5Mp7
zI2^6%+gdJKPVn9vGb#hn;Wuub$Yx(NGO7~~z>&QVm39zxhAVOPy=%3__t*TUq*9TW
z85Io8eh#28S<<Lm*;<naCA~w10d#u&G+FQTs}qsx(E4w6NS@#KRBXv2cM_@_QFQ<S
z-Mb`#+^0|G^fKzhL<``HoE1y7W59ptZV@l<tW)Eob1b2Zdf*zd4i!Dw{BGDWoj#A<
z{1aKa(LB)!ORg1f!Tv*X`~)aKq+skt=V^yHy%wNrdijz9EDZabr$Y3mXG*rKS?1M-
zJDq-l*|;?jFay@lWpeo1UAHb4CzrhgQmiAD5<L5T0!I>27s3l?bkLvh>EKb1U;8TN
zSL(n=yRcYkSGCo~LJwoD%vb0O+I66A*zq(jM$g>u4-3#N4&=#`Je!Y_hqX(h+oh4d
zShvl#EBNVrd#;zoJa<nyGIGwaFIA!b%)h47ItAv_MoBemn=BuYgSCvP%4?JSeKV_#
zN_!<RZ6_oLu5ayi&QzBIYlN(iW0bjVd`|8x%FwS7B5`?5Iube_S&nDEoYLQ}SbZCf
zCc_;_j~Hb2v#cOQI5_Iw_~+Uf&aB<iyZb;jPAmDHf#Q-q_h}q$<#x&bqVWAAS^g9<
zUSy2o<1z8I0BK+)x8J44vK?5@y14%6bb>x^aH|nH)QWtsqig-zM0<Gb<u{-y#qpF5
zO3$JX#k+%dof{BJ@m3FGoIYaL0<5kws;2=q&hzgLBQwgjV}>zF{WzVI=<sc+&bEY<
zOnO&klo*~VnK%DXWVYSrgKziRx#PBzInCP7@q-?q?9GksfZ^j1xY0~U;Af|83mu=A
zr;0RtndXC5loA1GQB-}DBzNHEihcY8jK>;MKIq^!Gxa*%lO-Jst?Y3`K4;RkG|O*+
z0tv_Kf_IY4V8wKRt8^PBOV>K9^pE2<Ngne)==CQ6aXTi^DB^zM;9Xep;@y~U(9$jH
zzP>2dy|{EdOaeIf;sQilq<E{mEJ0hr56R|%Gcabql4E511sIl1gJb=H&pvXh>s<kb
z!6fp0Y4{xlzK<@eCVqsx(86@VIqZD*<GyJjjTDp&SB$4^nU&ti!<ePimhJV<E*6C%
zBSF8Hg`ZcTyq)yGC%Z}D%O0RfRTCNZt<<!Hj~^_Y{Y#5#r3E?#QZ8O8KwIKPk^)#Z
z8-U}PerW-LZ-DDWqI_2aTkn$-BRDI<9#P&aZQ&6ZGD6^)f$0aw;KElGfX!iFUA&Yp
z9fCg>Y6n~mrCBPacZ4nehLK+E{!Rdbga??<r#;|_uawAxC9qBX(%gxWa@rEhFFxa9
zi5_fKb9$V<84;S)(qj9ftmf)y2Lq#lMir+jR)sGWm?aja&bwqVf-#x$o$XIJ7<>ob
z_*j8pK-~5cvuL6ll{-G-`w0dGDWcH3lOb|{?U9LP5#~uMPsllM*XCp@=7?Tk4tx6W
zqZYW@up;Aw{+whuvzI~rE<Y|Q8eX48)vWcaP%r)T2a$stdcuOSa4eHM5X|a$NHf?u
z1k;(`2lao)j~bz{Q*vMV`2H83toZpMq+%TGjJ}j#l<D}Ykmm>Z0s=c22ew_L683?1
z_*+J1W=yj9VJ&brSuqQ5hk@d`;awMaoo*Yvhp4dQ@18p|MD}@Ef#+sFF`$^d{DN|%
z&&@0!aE_E-vVsGzdgz^qFiY#eHy~#q;z_Pw*m_p^l@SW?5nBv3Wq~m3`2b?GYkT<b
zGC27M&^9=s;+*GZKhiLffsWO=ULEORAh)czhFVWuh?B}td+oDrMfN3daBKEmSarC*
zK|u`5Wj~jkUb5=yRL^|v&`tsnW@AB<Po*s5`w->KCT$qXLni2jp;3_Vq&uOuk<Gd1
z;rR;`8cS!-KeC~b?GOm72;0d(1$0%R-*@dm<TDxwqvx;<tA5m-&E=&3;(XJ_nhEJR
zMV`5cnEMyXsj|awdT2`EYLy9a6C*$Mm2AvVHUJyO4$ff1SS>RvA$MBXE4Lb=NFJVZ
z?7)^~Z<~XLuH4ih%r0KI&?X@Ie)%%2eR$xli>$-5g5^m%<}?L-M$3iB5XKYnX~sxW
z=*G5d6OI2qU@XQl7x%f8C?=|GhD>|Lvov%l^en$fNZMDrE5KcpOn!u@Pz-*mcHSsL
zGxozGM9!~3<k-mq4;_v>IE;)gLW?8?84_a$36S1S4j*uc8M)=70e3^J^_Tx@kc2DT
ztG&2Gd-Y~=1MT#kXOb(2#IiXMKektea5fn0AK;#NIA{APLLQ|^Y+!uZbwM74C{^%`
z6h~v9_-er^#srZ{f)S-*7yv?HyyZrkGA?kL3p|Zm{E_)}Jv=|@$e~1;TeMn^^d;Jt
zgV!n5VGQyJQLxWf!&YR`lE=I4V{F!nRkjydiy0ks$s`!kguM|Z_4erWhX#WOl#`eT
z&WL)E9=J>;O{$KU3T+;<K1%&&8zc?<*!WIH16KEyZ$S)AEZJxS;BcuUK1aXym`B<r
zAZy$VuXe0r?3B=Gaw6tFKkDL`(;W+9YH+9%JO#im&-#&`JC2%|enlp_B!g3-=~(ly
z)`)3&6_4NjrqBil;ZI4{U7uPqIdYX?q~8Svp~&$+VL7MjUS~Eq;{N=q=<*G_Z%nLT
ze=rSU_Z`Cm2zHvkTl7M-?mMYrIY8{gY&&#d?ovjz>wew@-s>62tqF~@IbO49+ftpc
zYve7GOJWpd?w{l371ALPD$&|qxnjeB!5N~UWq!xel2LAy<n7;Ko{g$2+6#Q8P+Jxd
z3XCM6P{f&im3`Zu%fvC-?;CVilDvwlZS;q&u-WaHR>U3Ir`9;e5=y!AXDwj&hZ}Bg
z4dbhDYV!ioRohKlJn;Ii^83dp2csFSj_OYTqZMQMYOl7UJSx-_L8C*WIu-Xga55x0
z=4|G|{undC9*QZT@<mwY1{2f;R-ccU+u2aD1oKOJEvi8}!8^+duskcfCJwW^#A7rA
zGV$X5=D=C>$8;X&R7F*`uN{<CJtmwK&GLXA`DgQCo3(D#w0MY!Ez-cKy|Qu!KZ)H<
z8XM9WQ->J63ka&(+`cgr=BO{Pa8!Z{eGFGXTqS=cma7jAm>@~Q`0hd4fMlS06@@`G
z>Fa2_cXw7%VX#(w02qA*uG4}EOMc);;bs3iRS;Cz66EKWnpd8eML9XcFkwquB$|V$
z+%j^%KdF=i7_QIQ&_Gt9-X&*>vNHO6PiMY6Wc*TBgy<ywk|4mHYn4*Q#CQqWyM$i9
zKaG)?4D<b}FgisTjA1kf2V_-7>YlCz;~uT97R_SmQUl_TLX>R*DX{{9Q40G)6&7s0
z^pHJ^1s~GujU|)`k8Wq$)C<gO>mN$*pO3}d!)6JsnFe#ep`_&NA!W-?%^8M|uaTU{
zBF{u(M82H(^xMNUVN%8~r~jBaSUYtGkpNsvD{oA<`Gq5~BO0|Z#nZ0r(_kE58v!vK
zA!jF$m0IH!Q_rsGk^^is8~rvslY4~}O-VOnU}(Y2Y@(L1%6t8B0QMEfP3Oa2Wr1rH
z>9#ymqS>!AOd|oS`s{m&(d+inVwKtRw|#JS!LeBL4Usp>V;;_(qWbr`UdW@qn)oJS
z5cPycj0yxl<6Hk$4V_5$q3qif1)0uk-)B$DKb@asvR5>%fIL9%Pr_EI=d_xYNTv*M
zn~1rkB0@;S&O}0sq3~-t(t}vv$p#y`?H3=CyrScJe%!G4W{Snl4cLZo@gx8xCqNfK
z)Z-gEy#SQQlD0x_`bnK=8-`ykU<{giFr?*v6#8Im*B`w6t@hgd8UEZ9u7{YBG}ASl
z4di%_6+d4S=lcu$JJTrILGZs2ohl#?o-d-fuP$h&mqp+<{?JKqzr^Fu`Tz$&B*6Pu
zRI5_ugc%$k?4dK7|0B$ap&5_})1d?eSOjHsUH8dPhHEnI2dk>!?qTVJE4)-dBqBs_
zw!uguTU|Ri@~@oihG|a~l2IJ5+=-Gzp_G|zktb;}pS2VMi&-)i)R9nx2n@)4*&l#>
z>;Zx3qD}3{n3s`Uv9**Kv*2lEMQ3@t<7MWT@d(1ObaSItnM9Py*3bR0YWHf+=ulMY
zQRraV`E=jCAN=Z{Y$!?=F_Ufaex|@heiuFmJbiH$H#;X(1Ts10W8MNU&L?n?E(#{u
zn;QSI5V!`|_{rR{F!t+H<m;!9KCe>w{l+tjb;T0CvX%E7h#yW?lW5h^Ju6zqB0}HR
zy$}OPl*oY4;<J(bE9cV-$^Ync!%WZSNzMJ#40zRt$|~W!T@n<T6kI>?zHxuWjxv=2
zU!o(!Aj5m2Am)oUbK>W14CY~`Bl`)YEsdcEDmIR(amwjy!G8KXwffO|6>`r;pY|ZK
zvKr?GV0gsiWB+tpDkYF5`soo-_smV#Z6g+Ww>nDz8(%g1SqOt1e<ahv0X}Ej>t<TI
zYBpE~zHa(6pH?MZs<BJ*HeYwIZ<D3}N`+oMD+8&^@Xek|IMfQT#wYS=O_g-3;vWU&
zt;cpzgln(inAP&J0C`OzgQpTza1%FV%vhq5-zH)(UX)8inYm*f&oi$Ro`FzTDJ9==
zZ!ojcSGz{x<tJGu0bHXNNsM&jQ`Y9!<)B_WJ5<0SWW~X%RA#2y^BSEc_OGpwo}VVq
z83}fhBZ;;Hd3_znZ;%A|aO)v^-Pf*sP&%-6sQKiX>3n;J!<=Fq3qBWsw!jkm>L=uy
zlN@9S*0R)I0qcy-xOK>r(O(f-ue^&73mqm;a_XkDDUs<6B>{?wJE&L5*yLJ8vJi(}
zy&jsKAz#fLfLllj1dwq=Fm;Wpj|Egav04Xw<tg6`i<!Z^BBTwMR2Dd`PL+K#=lSYI
zWkN?_w0cyZAf~&>lsl5yz0rvIsBv<3gX=**mKpN{1f}WgRabR~GD_htYU`G+7861V
zg7wIYrHa++LUI2|1pcuwm??p#gwh>>?!q$=`e&D2pz7K;-~dykdVSvvh~E@!;9_pv
zXZj+7NoXlr<7|ibY>(5E+>iq^qyqaa`u$Vn*lbGy=5ns+ge2)IFs`T+Y!FtL2*^uw
z%Al+iip76TbF&Be3g0e@dByY6e0Im4riasg`TjD07c3Lv1ZoJJooc;?7ti%Ux7o|J
zFn{*`vuoK1c?mp>Vmb)s9A?q8Sz0sTdYW%}h<Fxw_<&M}qnyk#n{ma03j(8uwYOTe
zH=)kT!XGGmF_*Z`@+__o*H9q|e{eh-DP!jIE(ccpcSiTTapQ;Qk+5Qn^h0Y4bS4Gb
zQ3wJw)|ifWA$~!+^@}#qQS^!c&`mYQsbPX3u+ux!%OMZIYtXkmI0&{rE@d5KZv#ZE
zP@a2vj}O$iXr0Csdy^rQ^kg)oeIuB77j_xo{4SZ}$GL2vS^xwpouD<ku*2!Es$9n_
z)87UDbx2TI94KqMnlOawk?1g`mh=^<7qP<#GwJO~?|=0T!?`J6l<VF}^Zfv(n5w6c
zFjQ8PWvLV&)zpXdkSn-f7o(##NeK$3|23GZeC7BGsR2FuZUq%6EXfB^d7IPOP=G^3
zlVlaV{}A-7(C{|Xe2p1-E%XqOHatTn^0;M8AH(D5KGj0NA98FI4BM{ZMaLA(1f!&O
z!08R0^-QhP{@U;bf?Kzwt5#&?AdrjQX28#CY!$q<)Ll6n)$4r^cm#(ZnHi7aE3N>5
zc`}zEG(Csb>k6|69={q0gb+0EtI_5P-4^tu!Gl%(e&4eN3l{+5?49IN^f8*c|2UA;
z1fUSFGZUX(k#n7Fbu%s>X?i-Be<W1DUVAUF^q7dR!ceGM_Pkxi=q)d=)kOJ`AHVwa
z2;`>*smR4NIjsw0HwS~62{D593DI0lRquI2$^c0uJ`+@3)`%_(N~I2X06D7E?COL0
z)Rkz442Y{3ZV3a&=RO(t)7@&xJGN3gE%5kQZkgf+hw1tSe69V!d)rDHf_U1wF4dT-
z7ZmOIecBBT`PT4_3!lqwa_UC}fG{gqk>Tk*0j5|wntxIoExlvIQkuP`f^4gspd!N#
zvKcluWcc+5N!=@PC5K@R9QE>peL<on#6Sb013+<K5a6dXQ07|Fv%e`<wGR#8R}eA`
z#X_;yW)Hs<!-#OoOO<wtSYWlE9ylK22Y4aQ+J}ncywe^&5;+ZZOPSZZe4%y_c0wUC
zasi0(Udurc#CW@s5fr*$FGeRQY!b;?Nd%es0=LDI5<5dvP}xx0$Vs>7bdsr6oZJlD
z;+#p@XHF#J2PFZJ_ufa;9Zm*W|LC71$ce$FRdNtOp6lymTLVfc!i0CI3Zc!Wei`4B
zL9m;Vg#!e8P3c1-z)S9*+O|P-GE~>bir~Q{fQtjhcAvV-^v#_wfYn67y1r)tDqkQE
z4x@w$>^P&2>d?JOG>LQ}E)ezrMMw4zzBMqusnlP+pwJ;@Q0{J8^+e$ti=ZP$jrVc!
zV(to%4o!38T4AU%ZZwd^k`{Wp8=EZJeebQ}z-IvUUl@Z*I|^%zWFyg7ODx@g;n}ex
zaiH!O?R=~)2%O5&X59}@*^)oAXeC(=d=jtl#BO(Pq5|>N=V+5c@y?rd_RAEWyD`Up
zA_V5MeO_PTTsMM-KiL2ZvQC1Kzo`a!x5Zc}CKP;)?4d=8G|#4`&?&r6*9lfn%tq>6
z+%vq$E%Gm^<rL4RTM0DdshhgQjZqHJnq{PVfu!Ss;4C9R=H%<3(lv<yFRM${+qgsK
zA0H?pRdm0M>{`iUT$DBkpz1fn&~oape%vI=1coL?n!NB*P@DnmoWuO~ZqH=S>ug_L
zeI(boZhPZ$xG$NQZbH@8n}d4hRHbs<_{Hc2k9ze%aZZG3u8S!U@>kG=XA2&<M&jsn
zeP8PVw`e+cw9<p7)f;2{ge^}3y`^YChQvcxwE&bv9B35^rLt-}CIu${K-v=ITa4-_
zS0h1a6sYZDSFjM6OIrFmR@HDmw?a`%U5saN12hR{d%(hD5Fkmq6*gr^Rp6?Qw{JGz
zpuFX^JK7AuL9c>R_!r{L3rY#F4HxZ@!e6fx!wE#*tXez`9smgu1Q{+Qnhua8YCLXN
zOhk~6Bm3f@fI%cVJz~c>fr&h@NL=h1GdqW*eMMe1LCz$_3{b<;-#L7g>&iNencouX
z=({E5BRyH@E>?G+<du{B;v8%-%DRv4bE(WlW@H5lh|!s2@Ow4>zEG%}xdb&xJ$y@8
z@w-@LdOAXbLuc;$yXe&rK;`0?k@o%uzurq2zj4!h_(>oD?CVwwm8M;aCs9k#T_&s6
zEv{ifwr&5U5NLF<>!Eo8T3&3;9~7@|l0a@%m40<Cc(s-j{rWg4RbKkmIp32VKuOJz
zQ$`6A*F524onob^6E`5$NIP{>_JeC3Xfn(*%iB5+%#yDa8P`<Q5|pMoa@VP!xyKi*
ztecf(HIyHdaMvqyz%-Y7H<S~A=qCb`&5rnYnblqJTQE!s#(eCY-@4swZ5Xaxy1e<r
z)e$VYKMYZ0af0_Z3{(Q?LfAWnLbfY$fa?F;1~qX%uH)OJq2<hk@5q<GQLg5J_Jwf&
z`tr970=+e?uKC7SATl|q<O|4G_adUZk<<;zz-{(WlIW=b&>rNwKslvRZ%7WnPM{An
z)if57m@VS*rgS?PkFv)!aHeZLP7MsR2&&As9b}2_eMzQi=o<btVbX8FZ>vI~U-cm2
z7ew3x%rTk;r29`_tNOTmn&hyeruKfFd4i&7P)KlurQq_<Yq8+3=J4Ma0A#}C>Rfoy
zy~3G0r$dztSg8;oy#W!yhtsBfmf#AtDp0xr-?M4xWy{h}KZfBVC-WLUAt;q$Vbd|I
z(SMZ0SsSS%g~3k)e*<@@F-<hnEfFcr3yhwmLV|E)kl|EesiF!{QP!)QQ^o$TDw=TV
zeHP1KS}o2IqlC|q%l)wkQKS0@s2EoF`gP#mNYmO}?yLDnvpw*0jKt#9jd*1|V=O@`
znPQHdrM$o<t$qoEE3NP4$$w#fd@xTIKp|zdeK5TUSDxg1t4h9WuJ4-1Ue8MyVzEk7
z>ylTkb^EGm4<`h=kon}DPY?6~1#&-m&{PO9FRBYLAjzAZzG2L@zc5w|A&T)oA}AJ(
zg4s2Oo{(e`0u#Fpj{0&AN;4#o@0#GAv;J6iVKx`0zEf%jJq|qk8}<`JjdA=O%TI_O
zLIA}(qEC|n2naYI8LhlC<P){v3*6?W&Vk!E+M*qWIX}M_bAY9Ml0svY5PWGkre0+x
z<bR$~s-!(jeL24dNGGNS^q>p^2#E7>=u#9;a|#~HOr}0XP#6>;R#Kwwb_l}fM_|c^
zzoYf_gzHz_QpYFC$A!0{>SCi*D*yG`UAjaEr*OxMnC!Qhoi*zvi>>d=(GLvQ)ht{)
zK+)_vK<55xjpHrUVsF)v6jMJvnF8Mgr$g8Ha4=ZdCH(~LEhH<Q8J6M<6&%+3I^~~_
zfKrb0*yba8nHs{O=v7F7B4&9`wy2irc}C6vo>Y{iw}L{<@i_%$k?P$N6}MDbPI9>}
zC1pB`?isMj4N|5*KWh1%wzn8DAnYSDQRWAJPr?we48UmJTk9){_{DX@kq;NwG;(mc
zL&($!{N8=?t7!qllfwQ8Uph~&s%8i^K|q59l}+B#V(|GW9O!dUL4t`%S45xAq7c>R
z@xx0mfN+4O3(Q=tC}X3F4tenaQDpned65dGAP3T}`cdk#1>6PjOfO0Xr4pe2$H?hP
zBoajiB}Cw)@fi$)<tydoJa0?#G-T7-u|fqW2Moe(o}9_9(g0Wvan~qnP>;H=i*+ZU
zp{#3w#h-EKaaAinWCaCxx>3*-@v|T%P|pe`>-#!r`LIuneDUZ36Ba5pPK5Go)ej#D
zkVEuiXRdK=dX>RttG8qAS0oJiMTXf8e*Yn|kWJ=LM8Aw9X18=o;DG=q{5vF4#h;ro
zF(_~f8Vq?Jt5+_Lmq^0Ex!wguEG%)gGOkM8*dvUG$LogcZ5Epm`pefCd-xUIPUxG?
z@d$!>QkinWSt>-g+RSnI6w<FCN)>~f!Z0`5(JMG|c+=K;C}jNs%bS1L1fmTM;3{Is
z<bc{<$CZcJ9rAfI_sl8c`<PC~<)yJnDAMuW<rK+A&z>o#s`iR;3du1*IgabHOIZe4
zXI+#P|3DBt<3B+SSNIooKQN~3l}SnfXM(`zTRbIFCj4>9rg2M9aap$p*3*;XIn7A!
z4Rd42&$%D=mwi-!rIt}k#d>$sv}r?|#d&=WVtqyuN(j58*W?mJVIoYV<PuXqgIF+G
ztEB_*b?{QsFUw>LB`Vii#1Dq)b(Q_&=Vo36nudOn;)>SNLGhAz)t_{(41zk@8K5Xf
z<Cos_M#q;sHJdn^G4EC%0Qe>Si=BE<T@%SPUf^68XmSgMLgmP28d4ZY<a4pc!=ECw
zWB#bQ0*7C}!8Mq;Md#x;faV9YmL5=Jrdbx7f%?s`5%5rgVRJ%uX{WTVGA~fJJ1ig=
z4eAVk>|DQ6$n!%;IK?km;HsigZ-wj~lq#7>`@Gvq89(e*GS+rn{+Y3S(YGjWi)5SZ
z{4#ymV+CQd-~k;Gn*};9(4qR+UqR$7AO<YHyUkDRCZww{*n^A@s->X(FGhxVl69r0
z3<iF!)&5LYE^RP~9^|~yLXdzc;`*bC<S9dUm&JNSK{i!5P~A>WH*VIv89?EyeAOcG
z@!MY43HlxcqY<MVk4i4pJJF;TP%avA&f$k}Id}ddbB@*Q38>)&_iS>Ij;}2Fj1MIv
zo6#NG<Sb@oit`#3o?=})+YXdw&9s-)xVO?n3%pmf_?EbGin^Plry1gf4ypxkul~L%
zUI`I8s*f<Y^4^jIR^mZA(bCw!TV#AIV#^kf*7kVljsCv9b7Bv%ZrbCd@;xTr#qe~0
z?k|zn?&1#vh+pTo>$_Rfnzk1lZm>oyuD;86dE3xL)}1H6!+o@3qT9C_5^v(2YJU7F
zuX0kh>R6LfkO6-tX3%?StKWpjCs02?t7B#yk4xpRplM+j3EZ1J@wG9~4D>dz?cxFt
zGOdyDLVf!xtJAOQe8k)$d&T*FCXScwvN8j!*?P8#;Uh$>SimKyRK6(*%Ev*y6wRJh
zxUwfP1T%=Sf}|dvA2qE41IHpEtEW#+!0Ow=#YTJbK@vtnv`Y`mr4}RL+y=74yR2cG
z;uoN87acXWYo_Xl)!J0#rpeSG&d~9ou+=aFsWQ)!mTa(c8^SK(P4}4QDj)Nyfisap
z>F8puSbhf+RrMx7h@jep((o503Ht1J5pojRm6@@7Lm4?HZnoi1{>;^&qO%f0Fb?8M
zDu8dytz_`Pw5x0@6gg2Af!W{W{z7V!aSrknph)MQgA8JI<y<z9?vb;vUJ;)kv@`yk
zv)?IUnI4ls(~?l$jKRl`5G%X>V@N2-?GLef?^dAncKHDltU6e$Sb-F$gtP7h%I~t_
z<)Fia|KOKGSuIGcK1MHrMnE<@L7U9^V{@2HnhbV$O>86$WVN30lliTI@;3;(g6oyF
zv*H^d578~m!N0G*`av=&7_9!ex{f5wHftjDu8K$<HQxsV&zGzxm2loOMfnaIXdVE!
zHN*s<-&V%Ma4OJ(sCtY{WP~?>42lvK&QI?@Cj~h#ve1AhJ+MYGY9D6S?4!fbd8z<n
z5W8rhvVz3)g@`{ShMVwenN9C^#hO-Mkk&$F`~_nb@M3{`BhjGIWQ|p{8h97rLh@?V
zE!C7di8LK(%wD5Y`*5j4czv*-3hbc;5z;pE`5n?R)_9hoqkCG_qy_ZRe*8#=@Uli$
z+@XQ)V|55i;@sSesFZ)@L~kr}g8U8EAf5!m0hoMqJ{%NWE;Ew#K;#A6<Zmi-Ivnb)
zd%-!W*0Ifw@I<~G4@xD$`|DUx`CbT8R?kHAgv-dYz%hCC<>rF71}rv)X8!$btGeJG
zn~rqaCwM$Yn+`2R%{Nnpb6)%{DV+kE2NFUOx3?0&s1$`9RM2Vr(`KZQ5AA;AlHCKZ
z>!!w`72<(vprx#O-xq~T)Q@!+kV<egh|_T`%is0&9->7MDE<XOSh!d}8}<FD&qTdu
z%5`KAD5HErakXrxgPQ-4{e>zZpXd#ViF*U_<3Q7w3X8fVYhS85?Qw58TAX&bfWKG}
zoD6taF%&!Bz}p095QmV%jWpKfWv*|X^jsj#2&lohG~j`<CWwq)pqTdQuA+2bZ4uvF
zcY(4|m0YBvymXhXf?o^VG_}7jlXxi88d|!R4X7dsBxV~kpoFW@Zl~KHj3RdQaf(;{
zLJkd>gVj*bZnyQI#Ce=!(tqR+)SfQCL_ab4W1DODqeIqjP|mY`a*&EefSa+^!3Wx#
zSj=vNObtI&zLcZgJf#>yLm*)T5?0g=`rzB(OMnJjlc(LwwAn`5e#-OGpZ$#~m$op-
zIJLAVf@Xwpo$!WT`Q@I3(a7_<thz3InZqAJlk%k45`F_PPm_|eQKp7MP86O&Nh2Ka
zSK&HK-mtsB88yR=daeu9l-Ww)S@r8k00VfLOh_gZ#09_lq!Ff}tS~;?C|c$tf!#)J
z+EG~6VYVq?^#&Vs8weiW#tW$I&SDv`ZHEoO`y4*zm&ZD)RbB0xiW`aGesMuYt%A*;
zLPy9wc_AnRpHNbxwyJL7`E#EX=qRfM4%U&#jlkNp0ze25DP+^tc)Y*~On?z`#?O~)
z1iC4}>=SgGK>JN*zvH>^S18mxN?Pqz1TpxR4NUMF-c&F~udNK;asn0y|D6CN2#M8@
z6yRuy^LBw&!6!z?S~MoK^F|~m1H_M9ek;S!H@&%a>gsa_nrT72uh=63dKsMyNdlm!
z;sI3n_h}Pm)z8raECDgsSb2!-8qwnb{TBs+8rS&Li?U(?$^GhL02HR<TKHDnhLm8X
zPn&rj)*WWR={Em7pq$<jqDKYJsE9~_#Y7&L*bF_w7j?<M?u)b}gn+1x{+I|w^RMc_
zu~TLM8Uwxix?2x8Klrb;OCs0i573TPJN0fk&|8e<97))}ROp$ay9BmCJO`v=mQgK3
z(DR<J&n+2P!AG#`AiCy*CT&m{1?o89ma}^#+6q&j$*2Jdx&Y*qh!0agwl$XoBhXPh
zPjx>+W|L3;<t2F72l7rFNXNPXsPttKJ|sY7DA;{L;`5<E?1nvRmxDI=oIs{-Ll^g_
zZzt&(VEwGMw86+ZQd-8QqN2C@`;z)QPfvhGeIkF5v3p&&k@Y9;t3R3fZHzhD?&`{b
z|5-pf3gUzu37WrNT_;wchm7C;)a-UgeSS%L?I&1qENmT3I;h6l_HbtKfg`|3ge1_q
zTm!dEba?>J%H9X*oc8QK2Mmh0`UZ3qsk-q;ogb9TO8xz{eFdO?G4MMBIFV-xut&+f
zKHTly4-#i-V{Qv(y^i-BsN>CdFBg7b-UR=_A?^;wbgLc0Ce1qWsptjoo-(M|=_Ry9
zZrV?B?sg5+ofg#VLkdC8cpXimj37^$$uwx?7Cx=AgDDj|btFb?w8$tD45Tcz-b%-u
zT~4RB>G2zmq_NA!$MM(9XSKls%mu(UV(gB%iJhn6Gk;)@z-uz_+j5t&dMNp9fY>6}
z06PoEDpkeq+Ml@WZJt2U^d6Hh&ru*Z06Nw7d#1fV?F&;1*ELuZyWd}!!f^mEL<>|6
zQ!)CaiZGOP{u}z-%;UKDSmNSo4rpqgNXNFK(S?8vvr{;*;tJ3^#(>t!aEC$NAn2vB
z3+1!3Wbc6Xh3=0D#Vw(7mlcU?9zb(8nMe_(36O}Upy>MTWwRAu*3HCKf{i7Prw?A;
zZvI(|AKPZZY|ZMg&m?-StcD#RqA_|q*rcyzM>3P9knU;>g*HyEgJ4eZT8VruRRR37
zfN|@;S$D-end#x7=us4^P_}V8&%q`+P&&LZJ?FBvTR{||gEYwpgx8Fp#sFO}Zgj|a
zZTe*#g;lBU^DUZg4=jLTu3MT;Cd5I<Jp&qZT9uLUR-lwJVPMHue?wvbxF=Gd^>7u`
zOblWb)K4c69<a5l+{=<AvN6B&4#CBU=E4JOu?p=Km6iGj+$pRxSd2_*96_q2@7a{c
zZo)lwT|d>#z7^CQJnVWziRrOSsQ5HU&5}PwVxzGg@SW7=al4>ef$+OBi2`*r_j$s%
zzUgY_CYzC3XCX$lK8%X8sBftT^W~cZ=tu+WQfgY-(A6EC(2ysL(mR2^Z3={&RJs5F
zmz;H}gjQx8XVsW<eFSF0bOkAGRUqJB;ZmMHU+DELe`<C<10Y4QsrBm3VD}a9-)E3A
zgFt)~Hv2TLLpvok2TjP}TamoKke2II!d`;VCcd`q3=N*PGH{4>41L;_3x5{?yF_z+
zL>tAam}%MMh)z&?vRb|{)z2iyM>c(JY_CP_n;Q{HuI36ZIliO{^5mx2x(ujAgqz!{
zwMIv;C0K^wTYp@+wk(>1jtmCbrG03T&^e^<=Cr6C)XwjiB2t+aP69169TV)Jmm&Uw
zS{9J-4n|T1Ikfcz;T`1GwNHm@Y$?aVIW6MI&Mj#owASIuMKrTMk#h)xDv#(MrQOCq
zhkQxSke{A`p>5F`!}lc>#y$&6ZH^N^p@z;@89u7a5Q~96_^g0Xr5sDO4u?XEo_!^&
z`>w&|U_XT73&3ITKjfD~yEJj^c~nYNhR5!rBN(`SS4H)?dxGYN)Sm0&*G8uY{$B<I
zqh7&XDrMYT1s$Vaf~*`hl@JK{v!GMm6X}d_JLe4vje^2(1SnIpB3`kGN;&y{Orf;#
zvbxq|D+47`vmk0)gs(_nj2pNHl;sjfGu2dZqUrHkPD0F~CPl`GjWRlRceDrDQ-1{^
z7vw7_H5soU1w*kLj?1Y!hrUHWpnNNYcOE1f8z0Sp-U8(=L;$J|51M%cR<B~O!z19w
z<r)l1_*9^Betbi3nVy5zbsEMOafb5qfl22BYR6Y6ys;q`MgIc|R>&{7K01VG$;{~6
z5ks65p!@;+FNW9e#86PnC=Mz6g?b3bc5mN;F#Uf>x~?rnwJ7*Y<nSmU837duZ{(aa
zUq73kwffHORzy7<cC4yhzq75l6A0MO5dbWp5GFmn;L!{+O5>Z}JlpOOYX|*whYnH!
zR)C^N6JPSu4iDOw%cC!BZ~7u26!D#}d|>zD;(isiU2!a~#Z)$~stLhLJCSLkVRj6t
zj$?=eP6BUkQ)9WHeo{*c=)@=sn^jX8{g|s<*4P37t2=XVXoY{iA)&pGghlIA0!gEO
z;)F)1WCUFF@>LWk`Do{5CmF~<A!q+s;Kch+P%Wjn06%H~F!J4tj!T<r7-!*{vzJ2o
zB9WRj*T%NkMtgB))CUA8piT^kSPv+HR}$Th6~~L<6-4d5cL4r(#|IOH`me!MAtp2A
z#Z*3w67nwXD#FwLvav~$mM5NkTWUqdsdqs2z5or)yT4>1p(sNv^ddOwBmP?Ta%Unq
z!MEi8iN~UkWzk7YwNk^77^ALIt=Zq#u9IIt*pXDAEj+ISwgu=ZjVilxshH{Bdp_S&
z{LxlkND;^svv;-VA0_=E59f0(Iw%z35~EKu<ct$}Jg8$bU$Q`H)9aG6Mn><9F8t)i
zZYA&U8$_v+J8`Nsk#QbxAaDdh-bxcYkcSaT{)<i$rP7q$M4>%tm^0unr)v<k@$-9!
z`eS9Ov<qqxnw(*qnFUrs6`v(T4(aN+5wPNyZZ2wSD@1swzSAjSNX+7J;5w@(CCpHt
ztAgj^nU80VAff;KaQ+2V6acG<J3AU<eQwWGIgT>y+o}`X*7*z`&M9UV(|u-5*V~JG
z`akIHc-~4@Toy=tj4xC!RkW;Otpkto^J7sC+h7C)qh_M7&OsCuUU$7G)NVi#Ce(~F
zlXHE|ZrBR&mDmSADsz}*uxr?ze2fkteI^Kew69Tvq>sk1Z?Tu3Po8GhuYvDaqdJrx
zV)s3k`r5L;Vv&!PMu+opv-mkA6Z(~9AsujjqGKxCQl-`50dp{2%v=>f9Dgg8Yo44p
zJwsdj98k8LJO?-;J7O26V<-nuSrojCJ1|zz_k$Aym9#e*Nz2b}crsR(_5MK+#WVh5
z`@wNINnyd1e9dBVq4^}>_m}(Bnsb}SQ#$ho@)-zKV{0tgGQqy_JAq2*cvph1A~eG@
z!$Y3YM&`n9kG2MV9m;*QHQ`>DsRn`;3E@tFi0@3?XjtAi$P1dc-d6c#{bKG!_@j9z
zRMfd^zXNa~@!lq_smI3Qd47I_nfW0(G%u7kH@<3v9!QL%iDx}!M=xGN6MSCZ^K%G`
zL$oh-kr#mmA+C;pWN6O}#<9);dA3&{#$KAN(BqO;=+c3phK)oUW<luSlPO}T=^#Rx
z`8N$kC8Ytw%xsYJxv+f+6S)qrs9v=mXR80Y*w+ep;9p8DLckPnV2)z14t9}<x-NZ}
z&4!Wcm-Xws$yuJwQtcatX-DOWbosZmS&XF)<BllKlD_UfDbzn84#;<M3}d%50q+eB
z#;$DN-Z7^b^8q9z91)yQhlLe-*`FXWKoU;xdS6Io=Ox>~Tud|wdG1c5SdB;hkqGap
zeWL83hV#+9(4R*Ch&=wbm|mt69e;{|q$3^5{7C_S!_tdVg#v#X-XSsVk2syc1%*aB
z`w%xRF9q3f=iH(Bu!~J8LdDoP4_}kwt7z1~j08BrQmy3Z9v-l@8h+WJ0|6)F>;z5P
z1Qg=HzHw9NJ~})f^!he5J+#xMyz^%D&6Dsfbf%;ZYD}U^uTMmNS!=qeHu-bjlMp&+
z*i6Rnc43=<%*PQdl=YaFKV2>EN0?6%avn}JdwJKFu9AJ0VMYB7%?s**ArKhe8iib>
zTg%TQg|~tRMAK@*Pggpd4w>anCGcnD1+5iX=DiRNeXAjf_D)@b^tDc%f6T_1uRbwS
zC+$Ov%Pm$0XZ^M9QOZZa+W<%c7ZIZm)<^{bjS{M(>|eQH+ZCBjy|h7lX*3spXuo6e
zK-)W2|4~MSv2V$iOKsBb8)=}wLSUYKQ(o6&VP=<zcjTiL3VX4SvAJ2cT<*FC4m|}M
zGkiuxep6;@eG#h@bcWh1RinTX0G<e4h&na;d~B&{S6ZIL8y`S+RZNP5zjvqp>r9sF
zU)LLZ&g7~<S49C00+oHE>8oGWIbd-awln|*2j9o-rw55h3znZXt$wuOgS22+kUZG&
z1a9=@D{5T^aF5(l!DWUQDiU~p7f~Dn7VyU+BWW1!NDk?83x;u-M@HG1k`(H#Cmt#l
zbm1q1%kH95n10tO0Oa%mz`MIln0rq#5K7A46WB0-JVJlZJykYo%c<C1BW=HhZ$w+Y
zBePe5)vCv>3p(cj<NNs(^~DN6FY3T|93C<pf=H(U!Vs?@`0db`mOjydxE6AJ@*(*7
z^(ZWI_eQ?IZ}r!<cU5A2xx%4y^(dyWg}F=At&}$e0Pv&lfsdI2Bsh;8#I_!b_%rxs
zXX$>C8SctI{?_Wy)mwFIKchP@wqj_5L6Hia#g}ji{0=GF-hj@2b~N9T5M2u;J5^{B
zN37HXEX~ZKFHYvZ#0k0pdM>}A9{_m)H#d9^F!bc^406RhLrf_?kXVMW;w{f}j;GLb
z7p0ym3n0Q_PlSzZyMEe$4y2%=vPM9mg?w~%FTk&4JI<P`97D@hyl~h_#Ei4qm!ER8
z6W((2UC0NK{et#xgvQIB{Ep3hxsFXLcN<>(NYs-hkmD<~FTl<oS|miu-tn~8C)N@<
z-@bU3P{1U!q0z6t-q~&gt*v*u9(xxvu|cYZuDS2(fei~llEebbU%j1vgYKyM?wEpd
zxQ@-+lu^sqr{!Sv<F==Y!aK+ZGVIxsW>q;+{ad=$0G!Cu-qP>D6mxJf`1{IR3v}b0
zxN#|1E)VjF%qa_&kCQhIlpi=1sCQtXl?OeJk|~m>TYU~pp@&2OI@v5<IR{>v+i*aO
zd*Dkhng-ZV*A8dS+fj6c)}@?J$xdQ=CSqDffO0wWa80=2rK{zovU9n2ECX<okI`8Z
zl9fO#1~o+L$}F>doydduX?FiCP}ahFYYPGvge8!x=WPHzbe}Qx+ltB_?~!GCP)K6P
z=`<CQy5%=H@AOS^;`6{@DOzTK<itd27>HT7K7+|^aDZ3+?hli#%|~^X?-b}3&pfxu
zl8HfM?B0fOR~+1r;KYFEUy}Tq7c&^m3825Mi){e03Q1_ZgOr2AHOSjZ+$SE~ahd+u
zUqkd5n%KqtaJoYfB-tilH{r4wm4NprjvQENyOTjq`4VtU02R=Rvj*{wDQIptG15}~
zsgT<Ac$BXNV-WG8-Wn5$PfV3S7?de@6r@@Ke<51(xlr9^>9Evb5=B7f7jgDLH!gX6
zOT&T&E<pD1At1T;3vGqzjYY7lxd-OZ<x|U6hZH@=o&aO?zIMSw<_LwSq0?u}^6TDH
z0!w_zh%F!K;%Gvri{5>}<duiyOJk}7hxd$Lw;jVa`Nkx1UCpP20qJC<)vbt#cj5`?
zr;_bo)^P`ST}NZ3l@T5AC+qu_zvtIejP$Vl*T>-%fIZkRZ3HF5+c&(HzgjK#=3C;C
z>5y1VIzzD-5zVPmX9nT2sC=|VtlKJ$VM23D8ghH0M={oJpjGVpNM32#Xi|0f4XbB7
zLS=G*yB{z(KW{m}XmtF_8k3i|&Q(2=<?A9b^A@M>&Pd>7Gm05D|G}3~e@9RI&Z+wG
zFATqp*!|a5ug7tl+)j&F;^#6&?`xMT*b;nuu`@QyRKGSt9>jj7VM1-})v4cabrlYK
z)!z$Fg97sr7Mv3`FJ%w%%7C1vsz=SOBQm*(Kdo@L2Z+smX#%?H6~xg%Pxj%0Lb1OB
zy3|~*Grl9BgQgS{3Jv+&=Lpw2qJ?*HFO=qn=N)H`;i72o6@tI_uJwK`%g_5}_5<1R
zc@)~JmTZKQ)~0U)P5=s1Y24q}u)a+j@&=r7soJH`eOUw{(UQkXO?J#DFqHwH>J|MK
zbmvOO+7nruvnKREh|^RCKr*QatiU`!m3U$-Kxt;qFt|fR6WYz^0z6@(kEfST6yN6+
zPWByA&4dXcsgru^gduG7{Si3UGNjgjFDG;RiwxNLhPGAScM?asW4xn(+%lOWCuuzh
z8K7YRKxxza8Og&R-=AGCU<ZpJnhXC1&kS-`P<Aam|H+stcy}%+oj-TIEy*_o=3xkl
z&^6szO5r|^Sj~7B2YJ*{I|~q<_>5Yu1#khyo&({F-Gbj%y=8-4=!^8l{Ypn?kPnH>
zpr6MC@hsn+v`;51m+Htgx*--zWb)KP5muB0`t@7i4#ark7nz3s%U${qKywdNTg|O#
z-x9L6@d(hP<Dr=t*4FMQP2Y|Odm+AZN5}y|_(0rMmVtIS{eTl=!@1h3K0PIq=<jHV
zY@Q1AGpM~LFdRBRcMa%T>;k10W*{MykpVG%DioPoMccf<L5Q;GYS6y8Z`CHrPi|2>
z(#@HvAptWar2|h@7KKjA@|#L$hWM2;=pqVwcr918)ytIphmL{J0n}{g6;v$0h56m%
zzy-RxL;jXGxA0TO%YluW%P70RuKamdw}=ljJp~@*BDOG+Gw7a#H7A&3ULWDnI_Uvu
zYIqBR>E}DK<s1}jsK`@m4zX`T>31+jJC7KNFFntF_y|<?_Rr-oxk>LZb3n7yvzx_|
z52(eVds3k&_)|bm2~1?zt@i_zfi4@5&RX@Zz4J4uFd@vj)aru0sR=Z1WJ*f+#6S>Z
zit=CtqPIkwp|Rwlt6Q%eC+x-6w+-rwO$h*@w_W+UVBUu1{^&!TbX`Ly({A41;Jlc%
z<x$3u?hRZP9VC2Tl{MbVeJgeX79?A3TVnBk%=}m3&qTG=ry5MT@WQ3=1Dp)?SOCuW
z?yRmPdHHe2jM^gkS6aTol!+_IPdxF69i5@KFz@HEwVgkMoYf^hu(<?pI}Vs0K<OF%
z6B^;J)UF{yeHxbhT96As32_PC)_}$UOGthH>9iK=2rkV6k!5nj3YUL0)iJE8)=Ur~
z-%s>~#c7+-9`KbKLj{v9rcLL#_zRV^@{E6IJ1>J;kF6*}MTpZxl8_rH$%<6Zs{|3n
zsvRLiBuTwu-K%yXPCUM|@h4;etaI9)ltgCK#}xS0E0IEn73rQv=B7_7?ot^-LNUk9
zTEq)Bt3i>}yT1qezWp_je4kJ)<alTae&M*fSoqj5DvAM7*LiR24?yil1AP=dd$1oM
z{w>owE1kg>HE*d!87X<|hQ)rTdb-Jyvym^tM|Kv*7~y;y;9wnA`qU5}voFAwEb4lF
zE{g(Cxh$bS*ny<a83{l{1A94NK0x@tB0-b0s|>ZYWRXQ;YxAI$i;GLY3?D4iaO+7!
z0Yk^q=lHDi+3=CM_Nse(1_X+7BS%)!VL+|S;5z_I2bkYj#dM(klDqu!w154VklGR?
zZP%cDLBKf?lABd82_WWA_N~@0)Xqg`*!m}yCtOE}{V!>xjPo)3KvU-|q1^Zxva_>j
zvomb0n70Vf2`JN<W?6=K!$qC)QoOK*gyxU6OYcu-0O!+v{Yo(NSo%N};P`qCkXiEV
zQY@?iRI*`+J!z=CK_N8)<!-C`a@n`r>=ra9hY5YcDzjGxS5EvY2%*`JK*(v}QWE^I
zMIy92$J0(MBTa38+1k(H5$`YU{nm@eLGVTbq{K>WuWgKFn^`KNYeZdGmeI*6k{d*W
zJ(TwQo9N#K)uGP@+7c*k6rZfY@1(S{Irl`p5rpa1rA%l@kwLQK@%<j1^AXqS1f`0T
z+@7ug`wn2)jtrGo3Dg6Ax*V%zKEtOk=5@~+5J=zxknw&7Uz7_nJPK;W<9?}&Zm4%S
z9KT5<o@9<8+6A%6(5=mYpC<o4XaaFE<0FB<8$WT)Fc-pv+s@9XAX_33qeg?__`6P0
z8c6CvEl54Lh{z|~$+9#U%hw&z0Q-uU$|ID-{sB!`QXv`jVnPak;_;LJYTD34!vg~}
z?g-+nE#%Od`)F)#hn(X};=z4>p%!NYIQa}!ry}U5@o&PI-}f`3Nwkk&)x+|HPU&mM
zU5`Ilc2Dc@8D%R_T!Cr~t+cSs$4}Rg#1F`~zehA;D<8t01o{x70K~<P%^x*r0k5F0
z{oQWIqD2Rfy?r=Dr4vx#ZJE3Fz?1cWaMSz-NzwEt5yxOZOZssEeeS^T;L042Y2Emy
zWmESL(_XiCNVEM~+A_mYp*5n?#uELt>7L)unDn&ZyKC!_E1P>)WKh$t+pXn`Ij{cO
z2o*810G2eH6|}(GJqK+Q5d*mD@@|kxGMK$@mKgNSD0ck3^8VfAuiFr9i}=O+?%qy<
z+Ere|K@2kgL=tM*q<og$su;q(%`1am27w%k4bxr$r9-;U0ka$t=ezddD$OK+OaEa$
z<?**2@0UtWc$!^5DhGDJpeuD?>7IPX*$Sd$uB7upxKVF-X^^6YY--D0Kd`eZ=unSe
zg14SMW!ex}|1wM{)nWdlb*m>pD0S<XC1Q4PaV1U`Yeu+nQ5oy%1rXJVfJUMfBzQ;0
zWi+7r3o@+>fn32miM&mN7R`(KS-=oe1(g+1N1QRM{=TRWQY)CU9owVrzr%oDQofrR
zTDw<wyBTm!;PSW$Z3~dgt+A3VuI>;mUKQt2A$}X^gnmg6l;eo>u~B~_HlpQ3%>I^S
z<6H8(n%rybM~h(@EBxl#8fofxeh5FIAr5FC{{p_O-+IrVfc<Rb6$3I!)f~y?Ri8*Q
z+s#aLGWs*Dj}EnMI=&M_-XG2dXAMP&+9MV+#zJx5m0z(bMv)!vD`M<M0nlZ5qt*4a
zs^eLCzAlOHA$yAMny-MVZ6dOjnzG!gex6psQ$g6qUo$AeUIjJ%(Uam2FSP}J*K@S;
z-TzHQV75>2^qBAqaEIIc2o=P4+(Q!<0coN_lD#t{G7Rqzkd2Xyd((IVzO_Z2NVV>_
zFW4k;82xe^bTXqwdQ#y>{yqnGk`-D0cIq84Aj#u5zLqmITwSy$=A%B^Dgxa`C~}2L
zCI{o{;+YN%r7(T0y9Hq0)3@ACTLsf9FBWu#?wbz8?NRX;WbErPM_~k!F{gYwmuQq<
z31K+^djVr8T_1z5R@Uh~u-|qDJ@$P72uSbm(hdr8*gFJ77m3Dl*QUfr>kovm^Yk%9
zO17pS$_Eu(22t^XwByfbHwD6dMT~KmBB5fu!-7u3@6`=4*`$cL0qNAOD`={^34%4v
zM!Y-umO_?gyB@csh{&shnI6)hLpiX04xj)Fk)NJ_5zDotlK>=V59`hemHYeMW@u?F
z1|W;V3wxX;u?#ym+#$-NZcli&b&9*AkgIoWk%l(Wc`5)%cpsKoO!oT_4f;1C#ctnf
z_+=~T#fkBjhoYc4Qiv#_4zyj*lPpl|RLbMno;|hFaTbs>?gj4<)Rs|luHPE2ULOz!
zFsSB-W!k;<f=U7v3_#a=JWe)^-Wxc|Pz+0Dh~qt^SLr&??TN5ZPPdQK7f^}k6a}TW
z2%q3r5T)I9s(v!t$~`C0)Y#y|?xz344+OeKJ*7~T2JOEmnS@hOGnurR!DHQKYWe1q
zIzmMFp6h)9GSauP$c-+-knj1NzPHgSJ<5b!9>wUz5+uHA2<n&xNN_IHKw4EOZezis
zXUSXo?!)!&#&RCwpN-;oR?Bf90Zl!3u)dJWaqyoAWyiShW@@rqgr<m@QV7%leKU%t
z7-Lft`3*P$>>}#1OVpLMM#?T3Oy}Qs#_%XbUD3I}#6Ik|9-$(45SOD6HZPp*_fX~b
zyP~bE?Sj-sS~JAG@2XABo&Lu?6rR6{-w(b~5g@TPQ>}L7xAofB(xnUAfMA}(Z;J?~
z2Q)yE89&b76I8;<>Wi!h-NJrAnn3MGkmnni$1$6!2QvI<zRhmp?Z3PIAt6VuRx(Nk
zoYKWQTvtC&#8=NoR;M`byY;_Ng@6MKic$5oKqlcrKOid_bJFx^lms|{*Llo`)ETW2
z@6CZW5ezEe9&5q&8@LL+G|wc{J|18^L%@9l(?OeOm=pnVi#Ubmxi||}u3uW_u^w=1
zUHQ=X){~<EOq$3l72$7Q^rRJ_x6AmGB$le4X2O2FfWY@`KusSGJCf-XQ{cU0FJhpZ
zsea>pIVPHgPjya}_I2=H6`Jq6?;v09V6rUSCEREx$W6TxA79u8@PAtX4|0K0S`L5o
z%!}EwtIERCC<vfNR{;3v%NBj%6u=X1s2OK%OYyoqynzugcMpXWzRIZB+wbaCswt}F
zVF#7rHI70_IP#5B%_Dyu=mQ@BNwYOMO`6ykq4MprxV9}C-25CnqQGN`YHcD-Rcr3b
z8dHw@z$J4`?%u}-q4P{?NuqGku8~$4s}nl`p%SNt)0>7L8>Z&Ty@&hWEfne-GvDbX
z8oPij&)Z{AqlC`P7d}}+{xASSo+UD=2=D~kmE6-EP(s_nzUJTSEFN!2e7iHI&_Yq&
z)li&XFRAdgIA3RQNMp&kd<vMAaC6VBixx+JTtU6=wWLcATg;xlD<Ze^Jzk7|C1P<w
z1%}fl<Gyb4bIF^hJR>JHu$Zted!~`yfgOm9+g^z>Rg#bWFJ%RdVOVgJ9GSF4wbc)(
z@<Py>^>QtI02KPZ{of0D62*gHEd@YIkLso73<R;FnYeM2o2c`Ot5A918;IKUt!J0B
z31rI^Xo9s~(GRrWI4A=H$&Wbpw-)R+*d`9CdWtszuWg}ct!E#;YMjpd+V~;g=k|T~
z%|3cN7Vv}WSW3A)UGTE+Xm9RX`Jzd>{6XCD-trn>)Utzoiql@|3EkoWQyYE&C9+(>
zBDs7*4Ntt5dHgPbk73)Hle#)8^<aCk2#9a&;!Htdibe3J;EF^ty<qEdvXX)4etEAt
z1+^_NQZsOj2mMg^d*fjI5WO0>1l-gF50Ik*Q9(j4j8Xv<kkYQ+2=wD?P_#a8@(lz%
z9>f5Ilj*j83U(TqsM+v#+EFVY%^30k7BnZ7`eFJWb&w@&+Q=Tlv=8N#3o?N(?~YQ3
zNh@fV{ZNj7*xcvoyh_|L8yE?KTaWQ7QV0Ss+rBG_icGy#5K#HG2#BbN>5r5`VtT*A
z7ue&UYJos_P5}U!5J1HYZ{xINwz?#q&(M!Ihpuon0m|O#UXcuv!&^|Mf)el7hdl*I
zA2!1LN&GEMFZwpMS1A>r$@)PgBRZWLsB&)j&D<9}jRtSU57`Hc2<Fx=P%?#%C*1i1
z&0RExCu^yZa(DU-X~Nv6hrGWnD|;G=PvVMzS?mZe7|Hn+1q9>r=i;(lTbiJXe{H`H
z{u_xhUk5>Y-JAaNnLouHw`g`!1@${`!wk|Bu6e*jo>n6wAex$TVSJ?~f)BzaM^S^c
z!Y&Xp-~b^H{@qR$w~dxkd}02kCP<sXBU^dgm+e){z3sf9HUN*k+p<T0@C(K2?c%~@
z6cf@Wt~GIlk7QN>h7wmm7{M{SyHZv=h4JDo#Ix@u89>T`G6|sGzuq<ylpMra3(#IY
zh~N$dpmsl7mw9w5loZ|oaOSj5o9Q>op(B{C_?7>)mDhc&I4Hm{pacuyBlTjFdqNV7
zcVZ3Cjyj|u63~EbN;~*kEOtm?L-_FRl`2IJ>gbKd+-&PYgO^G8G<*;cJ2mp+o}0%3
zN=6_UD5TUGqZ5-PJrQq;0HL7AI?Nu#Zzc2Y&CRoMFYsBxGKt=kbq3;2`!Hj)Vi;f0
z7EdiHJy10)T;e&-FzOGEGsj8fY-{He1Yk?(ADJ1XPIUq;iIl5cSdSjGs*s=txchA?
zB++<A=0`8f($=u>czpb@`t<>6go73fWfH#!I8IyuE{p)Rs{+z#K-Ic@9ne)M?aGRY
zRL1nSxpRzSP$Q7dsU+IPsStlrTl}c+3;*!br-(96^GWB!TJEnz74v<IN88M%5~A7S
zb3iJH4@4ZRq|U-wCVxCM>fsta-?CsAL}-pI5K)Rq3-Xm2fXN|9@Q!%U$3$4l-<23-
z^V9E5Dq2{*QO_49%r$0jE#hQ1(Ms%cEyW=(hs0lWi{8}lD4`bh5tGJE|M)*0eM(ON
zj@h5vso^b@bu{7gnDc&9B|4QF0W_%%z%5o_P-C_L_^l+o`BTmjUkd795Isv4&Kbwd
zQGiqx1(hN-GjJjidhs&XI9zI$P+62Ks$V+m@9Ui2RR7cwdm?X#v-xjb4tp{}7!uMQ
zuFO87;HwH!){jX~Sqs{~_hB8Gb|JQXgr%Z~mx6P(%D;f7N3uS&83?M?A9vsdxNk%N
z-V$d$I0x8&l2Ajl10Dx1CI&>M?kR1Vn%%co29q8Fz&x~sG8fP5-49bgm-g;i2n=dS
z^d5aZzM2r}(N=NV6i;jUoO`v*fDSqTz5}^44i=cB6~^-FOj7#0Z$K#Tb1+}b=w}cv
zz=!6M-D8-<w_T<$qnfGVJ%gy*+QnXV=!KRY5Jq05Ce1(aMxsmz-=u}0i|b3?IId3}
zSD)<z#hNWED9b3cKVfcGe~wF}C{hSVN>3~WvjTEraeI$=6hT&e^7H-IwNLm9j!3mm
zP{ttGlSm?n+X@=neYs`0Q91m)KXwD~Z{2vgb`o%)pNC()rkEFltt1*%W^umZ#GDdM
z*8aM_4#-*3*3yrP_nS-D?qYSDOeT)I=|vmaZPVHhjYmfWy}+gi>d_`v&@z?}(r+NV
zLEHR&Yz1xzb%NTux#IDr$dCh(y^f>ySp)}AcwOpp4v;>YlgG9Sj{uO3K%_tfeaxbO
zhuFune@;IBS`1i#p#e1lD$zQ6srH{qnT-F56B{s9YdeS!z_xNC2zgC2K#=8Bc6S42
zN<BHWhT#(;U`^~Wc|&8;{gZQpbY90o2pu>Ekm2Tj7)3Z$BK35v^6*{{B<y@3+p?Ao
zBue>+-|vP6vHtr7>@x7Mf3fwW@#_@~`x}A*aI609-&9bC&pr(hTOVdS6feLp6WU!G
z($ezSAEZg-Y(2+521e^~szR$RVEg`hkuSxRdg$bOG$I^8*{X)mu$A98^vTYFilKqR
zOjA@F&+5<dEHFr~RfjNZferd;evLv<^j_m`H@*@w2sQhcjwg#7515I0d~YP4SWLp9
zjdNzHEsgLZQw>)9Id%`g<qsvKsHzW?1+W;llCLQmQUy8<`F1X(2pd);hTji{RW4^5
z(W@$+Z-&u*=PCA(A@v>Y^f1&(9SGWw?8=OEe{SGK%XWYmbJ3)v0qWW|19K-OukLFY
zlLl*<Sx|4mCZSMgFwL(H!^fIJo!b-McJl?JcI10srZM>cYSpy7Hcy2(#}xJLh{bwz
zygkUd7BOdg{ohQy^4%_vF+tucIdr<#Un_u#n&-QeIRPQx3%<l66e)F2u@pO2M3HFQ
zIeI$Eds}%#%shxH?l<?LOtgz6<`F<b$Yq8BstQct={ID;EFgAXM|!k`7fm|RQom<X
z^4_;Z5o(bYZMg4CRwA)L$7xKM;4?nj(*C}A#4>)pkYsjLCpxrATatyDRd96lTp-|k
z`$+bcoY=|m1KJ|cfb+zP|L9!OqRyQSk%Q-BlaD>)WT+7s^a9pYvM;OK@rgsA>;nCD
zeT5L_CI7<hOb!0W_yeg^Zz1EA8sUS4&eZi`tc(dVtM%b2_6cLxI(o=@#y#ca_D3pK
z&&Ob<uTvD=G?OqA9$bg>g=PQ>K(5z(dglpNmz#K}@DaV$(Z;YRP;t}@4cs<&Y`^lJ
z>MMRL6tHBl0-_kWfG<ZrXrMi+JNqD)X9CHDn5EX%d@H9(M<+|#W_Wy>5kQgC42Fy2
zU|vO2h@bW$ScPr`V|K2ZeBW%$w2J)i`2L>P#YVq9+QRqGSg~~Rw|mwmcZ~PGEzT*)
zGYqp32;MmR3Eg8}my_+bjjtJ#zGjM#Fvn?ips%JTU2wAuzA=i8sn^|+AA|=AfMj)m
z=yaeNg#1`}WKv!GAi_FGP&BFX5#+0DsSBuMrG9%nb)$b9Ovlcd7Zmb{y?&zF#!`5d
zOsLY>p%%KyDLy_tp4!IH^ZW}))?Qn2pfRxSt=8f@0INkj9WPMs#px+|!>D9|%h*36
z>vX|fCm6|BMi&fW<O~j~A1IHo*{n&>338k_vQ8-Q9qzz{OW-z2mH3#cUJtIyXJk{D
zp`v>)(YBJ}lgy>!C4HQ>Qa+NHUqI)+SPuyrRimm+xYMXk?thPsbU^YD1y#Pwup4_E
z;Jew#Wozp%K*NjGVSLWq_(VdoPPBDJMM`l7T3$Wtjkj02ayNy+z7Rr3f(V+YA_KOO
z(|%B;Ihe<gq~&XjS7=_(uqasmNx*<5l&V^T?3}S~z(l<dJHUw|@2FCqHKAYgz}M?%
z6tLV}f_U8>Es4T?M~yNHdQG?a$bT@C1$CnfOg?Yi6qZJ7UHa_Xc*hk`t|77Hv}QSK
z0gY^tHnM_Z8z}lS`F#<q9sWs&7{7ZSRgyk5K)(GZ*uf&F2ZfItb26pSXaQK~xri8G
z!Mg=UBnDcufaKYIKg$#wRtvC?X9Qj~0HhFR;u50N6+bMpKFVZ*W-MqD9l&S+9NG4=
z?y!0VU9Q1rxlmEU>kJ-W&pcbS0*zi6uwqLqoD1$S&X*IeVL6MEz<WzDe2TMO<Bl+P
z4jTowm7md}Kim&YbQ?fw5}ptfIk^t=5*L)S%aK4`+3;Me1*P-2I9G&U`xRzjCP_EQ
zZ%`mIsj;r-QTDTt9CT)4(x@>xy{a}Cy5b<wJq(y@eb&J`QK$*zC;Z0w1AcSGF)&)(
z9jKP6@uoX$+??fMeO`tabh(QoGiA<eTo({HiyD(hj_toe%#92oj}_+XPA|mdMSud3
z1H&fr=5OFgP`Z`QJ!ponKi&=%jaFKP{XG|VApG!F=*0bA_wUsi5`u1^V))C@Yban6
z(eoaj!eLcI`!J6HeuW=1ubSrryb%?A;8h|(s-b7qKF^2njE(p;Kj~S^Qk3GKXdf+P
zGJlIF>TxIxnEQ%noqGL^59)jUUWo2^q2dc@3Qe>>)Y*T2W0;S&f$rSF<t@S<rjE~Q
zlA<CFC0$0MJdjY_a=L~O4MrY(Fq{i|WeB~^R*ooObbqr4kG(v1oY!@Bp%dmqMGnba
zE-PV!iw$k&8!ABVbjDNjtuxOhow_}`;F3#`RDL1ak;^^MfEcZN<3@mS6=((qU$@%=
z6WB^!Md>Ru>u|k;aRa!=876ekL->If6304>4n*XLO&zE>!|OpiZJQ%tyIY_se7t$?
z#17)VKb-rHk)+sB*~M$`x583t1cxpPsQidbs(?l@FwjaE>it130i=AYFYaj52WA`r
z7t`SHo&ObYhv6dMyPzaCdw6x16P$kE{9P~g_8u`tfj-(S7UbAG0vL71GdbH|+ay4D
zQT6uEgLGHE^0;~3UO2qq<OOF9hhLI^00+NKZy+rG4aPn}UFL+XG#y0xe)vEt079X6
zd?0?|!h1QgqaaXI+IgIKAtwnPEjS-Q$c_o-%gBz6b<0MQ2uwOkuR;C18u-2d9M1F$
zAxrtKm_%VFGN-ws93p!&ck9(z!@PA+A+$iQOJ8viJGg^tz6FQKt-?7io>+dVF7w}P
zZtIC3al8)=jmWq_pFjxWGKw4D>io)pdX<UUbAGaz!*K5n1Gk71m{9C5N3}+$8bNX_
zx;J)gze!+iReK>knw1Q*N`dw|{(FE<CXbCHf_Loq?^+$B<pHw*?);w6PO8T``Wxw>
zqx%k5a*&1c<=s0zNkJyvBbdf;Z6cL!TWbO58%onY_UrAy16vPTTYeozw!o+cmGs39
z3fT42eef_xjE^$E3XH9M2v|dhrrIjv!(Sp0%y<7r#$>eQXLQ*B>n)v_i9kvzTdHSj
zzOx$<v2&-@e8XWX^j<DW`*!KJ{vfWUi;FLmqCkg+J{X<;eu~5WZ2k0WSC}88v%J&g
zO%VTT4S!k@beZt9={VnG<$5ENLll71W?n+5CtOT;37psXg)F?Kfto=X>K-O3%j5-r
zamHIxxeAcm>07p5z2YxkVP}TceW8g8ZaV^T3jINeEV{d|$_J{VhYX+$EjDvOG-o&R
z73Z0~^#Cos%K^Iut+WFqp>xKA^iT9*rT?a)uSN&_!9qx`y*3tmA4VIVk+zB?0$Dre
zCtGn+@d0_J&H29Z?njkxB?T>#HupY5I<D9qHPshgL(2dJ=wA~Vt)EPQtVTSZH6J@M
zLXcB)xz|{eJo8htF7jOSpaTQsny&t^O(DxQH1OZ?%O%<hHfkYBNRgkaij!WOgeXw_
z7<>P$z}tzBvzAr>6e&-h)Do<&s03kYAeX}%zB$U%X_uraiOAn2e}7Y<=a)MmfS*2#
z%R+5YD6?0kb2}}YH|Zx4LNOi4?MqoWqg6g%s=fdjUklPS44tXQkmj97a4HvOFv9<U
z`3q91*|;18SY^%)zB1a{A82bzY20WLAnFdg(-#-spuOW+b#G5XRGy%d{c&NU%l3Ma
z?CDD_I?3h4m`HAug_J}<^-mkJeKMf)I^3wTdZ<=3)d`yURi6H^dzjV%B~5OBE-YgE
zMFQg*1M{^ZB&gLOP6*I0_Gdq@`O9c~8zon^lpmeE@ULKyp!U7qUO;RY;DVhgXx;W8
zIp5G}t(I~%*DEf@Ovy3$?^>R4U;s0rE0g&^*}Vu+3ZO;X35speMf`Oj*5_tZJ&iI`
zS65NzobY|c@DY9InJ(@(@-mR1B#LTwbcukefp0%!8;3z`cj8$XV^o(Vh`fD0{5b?P
z#+*=uZT;J*zDg;MVanx$$Ab9%R9*<A7gvbjuQ+&{PtYA=zWg2J&zth|nl=zX9QC)B
zS>c&9KSMnOG+;ROFrgN}^f($K+n7K42$}pvnZ3u?7o;GqOu#10_WJm`F-SyfRRvh0
zA%{UeMYZzt%N9bTZ^H*(G90+PSSt?=_$=_YD;Ay~cMaZI8F{}EvxiUg0;!bv@f9CE
zND>=)*=4gq^tze73?6lKYn;D&)+<5)y*N;+(?N9`s7U^oYTS+yd|55j5=>gBjz0!!
zg<1^=`5}mp)HClqNm@=B1OLUn@7vQn9z{5&kt)*G2!C5sHk^k1T8He>Ojr5AOmsRn
z8DbV_oWsk@gw>&zib+sB1I)Lqe7()&g7@03pdI;|m*`u>vI3-H^|V8Y&V@n|oo4)k
zOz)e{sogI>M=#YE0%PHxs)2OkvjF8yH=7BjUcd7LPz<+glP4dF1t*5T_bGdO+Yq7o
z%QvnQYxbD~U`Y&OG&%aXrO`MU6If{ZgAepUZWb1Dzp)D(i1@&#gbvtq19@I+eBk}>
z+ua4D?IY!Z3M(LX<pLcnV9wAZsEh^+TXMVtMRPzv!m~b|_!5P@WYN%bmr@o8zJ$S$
z_z2w01}i3}3(T!~$PqAiA8|j~Rvc9r7A_YI7U&O9JN-S$_4h8){=V^ln4f{3IQ%9)
zGUj6(GaiGzbLCP6anPJsnLWr+Xp`kYoIDyxlv1As1@e)8rtjBnXiQPP>(XLhM%!Yo
zJ<z?H7HqEeB@zpG%6F+XA!(!&By;VtIEcPV4P!7$0A3066`&WlSHK8f**9wkDa1IL
z$yM?g*D%RC*syE0zv!<5WUY+@KMCG(t%o?4wQcg6EUMTgc|^}m8jz@e3W$}-3h1@2
z#euxuBCuOFUadpqE(WkGec$|tMvbzvljV_Yx#jY7L*FL-wtv43kPtQqL9|eA5y77$
zG7NHVkCylD#E=$|THLKv36_bYTWB()$+xcDxyexngsYdiQ*{uTJ}?}VP~5ocPm_G`
zh$IUj`G3W0^^oX80QV@GkGvZ`OoQ#WZMoM^;{8)NP!MceK-AWp^6h9iGhsoKAE*zM
zx52Cx=*NN6-4Dr;dJrxA6}fcB6-NoPb|7ou)?lN~Egp>pgTD@dCPQ~GTg}0~jn4xy
z@|M7A)Pfof$ZKOWNPc}SLeghf02v*0eDw_aXV!gSdSo`&va9yWo}>IbY!5;rPz{SK
zXe`mGfM=g#vmb+A4E00vtoMYhto#hG+j>d)mw}^gayL{$5o@TE0S*#sbazPLf<(W|
zeel6=zpNy>t*fu%+hv@!<R$5Q+XSB!E(!!<b^w?YTC(&l_dcotW^Nf1>A{rnW66Fa
z>|f3?s_=DAmI{}2Hd^inqpyeQ&=hqTOC|&^`+Fj(ONU8<@636C=5waaME>E8$!F)A
zD8hk{Y*r@vw9s*ReyhaqIzK*SC2B=K7D23WzC(B!c{BG`HjB*-BamrBUZDrdoTtT}
zpaTWxvCjJ5ojy0Wz^UTyfQvV<JIWJfs`LD=29dP;6iEHaM(g5D-U@1`g_z#hc92@n
zK+Hu?ocT?S<46<LnAtGrL{+*k$mys7=l(!I!32u^3M(+rU&0YWw=Wh9w&L@E`lBrz
zF)hutoPzugXif<Noly{x!<6w7WbOCmd~-to0YxTw%o3e2+sXY`D={b!v0lF1AJrW#
z_&2Jt#bvx7DrXM20rlMI{HCA&@=NiN9*fz5`v22xVFT<PXMi+Q4L1<zXSddU<z?&6
z6|uNN%87OiEjNBSu)#};e7i6~Q23^{z$I^-GrIduGrNoeDy6b89K-jQ1Y<njqach=
zx$<R@r{+CIt%U46ps|cQ?j~a9@A%ky_0in?aOkTTARyvsp#9R{5>6-!&NWDQ;TS4Z
z5Ea${zo0&@9YRb@e-rvwe|~_0DS~0fybNb2R+1br4%}){n1yG#suHT;F}M(+KylhG
z{Wn(D9y4nng_i{)J!u##7|5QV!>78xakWvx8IoIgKs(UE9cbvEulS0Ri9e^wT5{Y4
z#9saUi&3BNE2U%joGV5`TMWGfPwDGr+6#*6q3-`E2BRZ;e8ykWB$(eTt9c0)3cLsR
zrk7ZM;r8Y603Gfed2*QbL#bY0w^Vc<_K&vEE<;~0(Q7-%u*D0KOb*1jWc%m_8<G4C
zhZ;BnfM5x#>pON>(&Bt-4+btXxd681%Xb18nc;R!C*VOrHDdk2$aZo-T|BzOv}7fd
zNHp-7IeqvOo!+zi(tQ<Lasi)uI!LteUwWkbejX|q1#Qfr)eO2A2*<_Y{DPre@G4}y
z6NO7bJD{Pb85_aq2;+4^)D3f3zXwz!>@%Omg?J0H6sOV`x}qnyY8lA2=~rDEGZ;Hs
zy1(K*goFb@*2UUEceK@L!ke%(J->3sTIi}F99iGGo1#%$6t4ZL!I!(zlbgqz&{~3I
zPT2R<b+L6ou)=yjq6Po@{=ySfa75S>)CML9QlNvjzPuQ?Jrt|FXYL~l1w{Z3JAJ>g
zywVHMzW0zQZP<W63qnZW$ILomND>s#;ece79H6si%OnibwF{8%9clawDf=C15*X7R
zl<vX)abJ)>c2g)bfxh9X97PIJBQ_14CTdGtWvPu9-LHUB;#7boey2?`KzPNQ-22wO
zwiU)3f~j}tSA<(Wn}RSQJf3U{c?u79#1#cM^>&9saXEcdm*naIWUXo+@cCgT-L_$y
z#nu!5I=TVO1JZvc3Ij^v37fe?j8Y7mVPFDa$~_Yg9)L*`-SgR2FivF0VHVHEp5SoA
z)PHU62v&t7iW0g^oTP6>P-WNb@sYP6B{)?PXi#uKD=hH)haQo)akh!3Zl5pAS1o-%
zZ~sW~k@J2b=olL8V<o`0a(kx>+Buj^QCFt-LB)%4H0~CN<V@utxvx>sd$v<puVMj1
zZ!pJewB7y4x3pWnuWqD@_g8;CBTfIa+qD1NGzuVB^hZs*L7}Y8zA5}%hOnL3s}J1M
z+ETU!<jQWFy8J@5m;8<&uA){D7{)|lxbUH9Zk9E}A3Ny1+))Rm7&r|m;k5|e-KXG$
zT-FP0z9<=D3BGZ1YA4w-wpTcRXL`SrNf@rja<h1XE1M@ovfu_5PqG<aFPRJRy^5!4
zN<j++6a|zNC^(Tvf+rK<&WE|!7YIN^E7W|%a(A%@G8~-H4eSY`0e3=+eAdaP!DNYv
zBYir?RnE##9W{)`AI#xCxPAw1wZY_VpF(k%cgxh6`+S`xl`)WVKbeejP~Kr5g0zX&
zQCbwR;Q_ezZEH|{+W*UVM-{WeHw~O|W!A#d*xh0M4BiudXynTjq6#uAa0E;|TP0HK
zKv6;FNoQAnq_~mGRR49gN+3*|P{ofTg#y*b=VFxrvs7gpu8U~690prQ1a{G>lAR2M
z#I%7+KFYbh)a9KIDD_BFA&tmWOm2b$_O<EK6-LA=ps4G@K#<S0YRsvtAeHYsTM5qd
z-sSx0w;nRVwGzXM7>e?fC!xBdyzN@)_K2a>eZu;3puw?wdI;)ZAse6V*DXd+#;M#8
z@JoTe27C9qb$CSvNiKfd0D+_<P@bQj55aiB^!X5mFZ&<Q!uLmCUhetu<i2Z`-G^o3
z`WAOqxn0(da(O6jm*fk$ck_j(mM*dy(xArl@O#`eZ9DT(h^#o#TWLT2?RxIiZw_Xw
zx~^!E{?htBx0hiyt}_%Jxo5y?Bp}uU-uvzMK7o8RcOy~ulokdz8{eg+WDq?A{Eq)!
zRu+`;A3$2SrMhIFYa6)y18gq0pP48E69!ITkI{vfFjGz3!X2J6FDOsL<Mf9FFUKhX
z+%Pb40UmMZ2@oHNBZrF=mLLQTPrxJ+Kt5VxI1MIwRRf?X8W@3h8;1i&aqMR}8|bkL
z0JJ5blnk%<?oZ^U?5<l?0t~c;5oZplnL`oC>(~m!daDJd`*;uSeqT|8a?iGcl$>eq
z=s1^X*x{^VeE`fmivHH!D2VLdixITRt1-6k0@80Yau?=MlFOMb(rJ?*_$np%stqJQ
zQS?E98dLBj{tyFSBLE}Fz4M7ul)b?n_BVWCSs<3tmgoB%H-W7iz$cA@T4k7~Ot(Y^
z=ewHK-)0i3KF{z+0E<K$wicLMITT&zXCJXJ-ZGH<cMlx^7)hM_%jca;>$GvYXl`_u
zz(p5-b^)U?^RA-&iy>cnWbVc^4acW8pf!f*qXJfiYZYK<1v;&+eEJL|Q&r~lT%)=!
z7ecr5aV&AZzI5!qYF`-I1TV?*(~@8q8}ZUKa7rSO41OKRBi}B7!z^Lgfr}_<e+~oS
z8}J})&B1<O>a7{5!MmyvDgyvBrD9M|rW>HEB;O<8RnX5d3<-wvVGB@Qg9K*6+?GkI
zN}yM4AW8xh3Xz#Rntm`@m}NZ6Kn%CB*^~b2x!>HYhdkT@E}A$86^}S9QNP?Tj8t1+
zhSe3j1HyYSH}MWaZ6-M2IB<He^=oNq4&z@12nDz+i)8whXFecDD><CJK1H2hQ8zw!
z`@qu9SD4gbuueY3kK1m0&uNoi%C-6~9l~I?5o)E)i{O41W1T-ALJ$#8Zf91FKpH7c
zFJXgh(Xfw`E_1~OfO_qh=ib>72yQ$gd#;uI;C*!mok`E)VLqB)SQ-0kSY^ju=QIC$
z9hBSfsq4*eB2L*HLZc35H#$Iig;qWqzYB0_*%w`@^U2U_MV%{?P4y1L(1S&cN?Gl<
zBqO+!l^kGAsO*ajf1nsGV+;uSZi1h)$P7bFZT#}}19biOGR}MTzJ}ti#m^MlXGIP(
z2TK?a0H{ESFCeRAZ(lR?cz#=f!hr_T^3mn?Q{cZ(`T1B-uK$K5biX&SL_&^`&25|t
zn7;Qkz~KE@H1S^n2rK;@1H6)iHO~apazf$xlGN{h2f4fY7-1{`%pi+Ot-WgKorN%r
zN5!Fb-a0UV0&x7|yFB@&9`6<3rLXanzwghLW_$T*2q?g7)?F|$L51i!LDg^q&T|P>
z!~3I%=WJ#rjphR!0eUN#0_FB^DE$e2PEdIm$vDA%V$mt+ioeVRqx||#Hzidawl7b;
zKtBWc2guj|J7L0j1EfDNMP^swsLlwQ>COe&>z>@?B*;BqOk~RZSk(x-l;MM%E~=j=
z5Px0o(%9P!1X)2o%5%j87{^<jay^ouAD);Z6!RO+@Gb*?Th$#ii)c(pce>SHzv`LK
z#RiI1PjQi-*Ta&_*tqxoJPZz;7SJ3AbWzTWng)#O8>(u((t`s4^kx#|$U)A0fu(>W
zX%HXfN%_wvVYEk872X^Ij?i?B0RxR&KaUKstc@evfh{x{D2QW_nBnQPz0LO35^xUo
zFO1XN&z$Ws#kRNrmBjlBUC`RT<N;X}RE_m4&-cD2Qn6&kkJ!Q}RSX@-J5LD%5C?=$
zH~dZdh2dT>&#hrUr?x&yKA@o~H@#kngl&(AFS%O2ODC_wr5^jRh9LjzgrI;6=K;)M
zsG8*xJa*j&7AlXTr2rGHKKEB|CQbSlx2OYmTY??`6Al`aHgC_Q`Jp0)nICBU-_nd6
zhOAjy6Adn5(0=*zXV(NLF@bioM9BP_UVTV{<QhC?H=pwR+oj_7j9*X$?|?$)K-)#<
z=+(ra>IO?8&Y;ppi}A;NH8Y$)-QFR2Hn-nI#xJ_R75Z0G_T+zkQj_+BMw^|;2<&sI
z(5{2mXEU9?Kv|KQ6`BQ|91024gp#`_R<)%U+_rj;a%@C}HAns+arVIfkbC2N_zUbC
z(t>y_aMqFW0!8t<Vq_|Ku2TnrT}njQU=i^*;&xxSd?*!%ACL_6K^^S5VN2h2Of=DX
zRDf_Xd}8l>IEor(P8;^{1{`qjVJnHCvA)4fB59bWXQA9*ZM0tAAaVvZf4N3JSe>$j
zBxG<I82{gX<Eu;bocDmn_w7&nzC?B+bI=jgD%n6Ezi9(B)ei{JYUDiPY#%!?wzKeT
zn++`MttSy_zJDLrIQa908*Gv-U``Kja0Qq^9(hmtwO4`O54Icr{Fy?9dLnbcP^dKf
zeg>XSJmxr$D=9BwG`AjjB@;h9EqS>gH%VT*ccf-@p#+d07)gbebPmyKH5n6|Mka~b
z45WhZ##z}cp02;>y5<Ku=P@bZo=FY`!#kYGjQWC9n`l<x?4NG*_`HS_!3P7LbD6D?
z+RQ>=_lox-n8gEhF`4U=9C6=+s_`))hag|s^^c_U+Ex?@qUbMyNP3j4NDxHA8&M=F
zQRM6AaA&OvcN|0{bXQl^+2?Ysjr}c``n6BHBXyJ%XdNvU&`$eq1yd_`eeY!FxyllM
zl+>mpud1_;7=77Rn;Ct6DXD!L-R{h@QJvfp_+Q%D$MaksPPQFa#X!>G{Y8x7jZdt3
zkJBXZtBBVfm<N<>ll>JL!5JzbKsP2|cJd&XblKl}m6z9RG3P*qyZfWeC0)P&9A+*(
zW^r>{EepR*c@ZY?D0u#O0HTx(yd~iI@SQm1IFF&Bk*CuZM$PN|yFIL<`fK?j+t18-
zkL#mPPJkeB{yq2SVd`Ilp^xIx<|#3s_sDB$7GCxq0_d=myT6cJmngBH$KtH+cVp@h
z*F=xR<|4M10V&mjrjifny6U?s_m9~!eSXfb*O~K<*#~`<;EoY@o#IL5oVJHzJ;J&B
z5hL}Ejddwbzp$sMf70b^fD2%sQFHQ$qohmT?c)E?1oEH^U@aUh1FoYX8~%d=UF>&|
zU+?(Pi_a$vunj8vyb87+hV6TplNF_Pss5l|J3m7DY|-eILR<z^cL{O7SkOL5@3-Z^
z;|?kK8f~Fuz8Y3uQdWh2<5Sij&W!jB`YJAXa_jw?DmK7Jy~h)iZB&PX1KdzWNhZ0n
z!s~B(tN3_uOL+5qY}~K=T}Z|6@P<CR9^@`s*S?|(cub;vt{DVH);_ICseDuSp?jTW
zPJ1+EvyYJ_O$YrIB1`-%!d#=p-=lssN9TA(kSSz#evt8Zt=Y%5sA%Wr18(;u3$#?D
zIVIV_rO+x*Us_owxa&T?jY*C~ds_TlnH)3kw&EQ$OkPo=zAi<G7Pw#rlku`=F`H!S
zZHPH^pZe}Kon%iBB6z~0F+mU5?R|Q$!QnV^`z-BjsL*sOc+tjJ;kSi@>-WJAyzDob
zYS*UA=PhKkn{!S6?m5fT7Tay(&jwBox&g=sL0<YluewRL1{Y*5;azhl6uFHf;O|gU
zLeNFNA}!SRc4RCq<nBa}z&P&-HsQe1P_*9O8<WGJurcyEZ42g|-;ja)Wr9ODhj8S1
zfVk}LJ;9N}sqg!jdGFqkVfPq`q0r{FImC&Xn9}R=qzAaSFT<riq?U%RXoh@036lr%
zB-YrCXn=$8g7#J|_Z~|-_Z%p1H78G&Lp>g_nE_Y!G`cmpf{6Wa@KO6sm-XpI)JEF0
zI6~cSMtD@vC3WD=!TeM{4Jn_d$OV4TEfwQ$2p?)ZMu4Wzk6-zO=1F;z$E=j>yOtls
zb>@CY(Fo?UtCSgri`VRvPCT4DjQce^ORR9s>rUJ6k4tzRqk}(`&0mJMuhmwR-&^#H
z-?;gNv`dTU{YaBE8V+%sA<|OMBEG1ZL7sm^@w+srA#`ZVkB|EVEz~gyD^L7n?W4^z
zT?Kv4TbCZJ8BIje^kHw`(nX8Rlk1{}d1JAo?3@2WBThcT**<Y`*7f@&Cx7%y#9hSs
z7z%sHqOLAwd59oX9U0B=czAxr<rIBjC7bScMuHyMg4=%ZSSbMmT)!2u>grp|@g*L&
zZB(PTyHDQfviDooQD-7qLud@gyu&BVCfj6_vRnNrOrCu6i!I0UTmQ8_uk#KNtZC9A
z4I3}LW=JCDW`(a29H9^9En`X?jtR{p+)(DVJM4oNR5@$C58`E&iWnH&gb30cZk%6K
zP=)H-8Tty36u*|p4%U}&hpphng6%c)5lMRStZLEOn<(rbOPcFbcxZMs@3S0z0@9*g
zxZIO>53fb(s!sJ@8w?BUW}KKg2mkzyJxPK$$YACT3z_e6dC`o+VU>_<Q4^mJ8CXir
z!C^hbbbqQ<6kJ(8lJ@amoggN=!|3wn!qD=D#Ut7W3a@^(k~1740{P0vYxunv##V~=
zYocz`E-=QWhFBtHphaN!i8IT@O4>s_Iz^9&eYeenYRLw(wuUiB@Q~mpj2Ih$_}J$A
zX8BNu<GqTMI6e18R1u1<+gaZ6SZrJQ<8GxLLJbFy>Fzqe4V`r9c8VJhVHxvE_nr8Z
zTm8YX&jCkfnu$(iTnphTFs_o-Ri;{$hz`*u<j&z9+2Yr3!7W@b=)gdF=Llbk&uRp~
zwRY+0rQ0+$TmC}nL{NRhfu(myk+2;4>T`sG5>nw)q_r2qU+%T_71*l}8OJoX4qBm(
z^F<!1T@8a~$bH4D$s*vd$?#T;!Ks2Z^NpGvQeRF48ym?I&56(cTbF#UndmZ;8U9VW
z_ZnUU_VW)FQMK1~zw<m|RGetJnFt>CJNjkhr21-~Cbf?z3u>BpaRoH?&V8h^W{mc*
zT~B}JSH%sBMP)cu1b=ha&3S(2V1b`EhbK&+Y-@jr^$oIkui}IH%Rp53ek-WJpBIT$
zv!y6ZH>^`I_Hbbpukg%o^w8=^zD)J?>>igZt+Mdh7Q(e=JZw_;SEDke>gZ>_Xt{uX
zWq};xKLo%P-A5I!RQ_z`m$4LMH;Q(DJ_Y1?PWNfXj|e*jSB!HxVZSe(4%P2-71B%F
zf;g`mG;)i882sXrQg7q=qwHtrf)SEzo8<+dp64D)ddpMKyHJD7x}t+EgqOY|Enq)|
zrbVA99#Z82U-%?L0DV}F5c1V3+O(qhM%)Fo0^gOp5ue^_KwkLbEO0E8ENmP2Q`?Wp
z!KEm)MN~xUc-B&p#fu|5=2%#;D94Vg=Q(<)VdQ^4^f<>CCVVq+<24zkIqD6tT0Yh;
z$Ao{EA4jA@{m%Zb<B+{+8Yl%GWxoNQez$eMSv$Qs{WN`#8m2F_#)5D8Sda=8cLD|-
z8?=9Rv>ajuFf^pocHGYyf$J@tPHSMnN*e#x7c9we;|u5}2;yX)>xyr=Z<!wPM|T2X
zvbu+QoWXe=FYL=2eS%Kt5OpC2xIZbxyUIaDBCIDG;J0ESC|*0t&w#gz<U((|o4V4;
zR~i}kh%LqKoi0A!nMLe-KmGgQzOegq7Z~D=SBoP{>ihM+26v}|u9!9Y{>mX%()REs
zf6;l4T?%MaO;|=|R{+W#ek2D>S;_;5G4-hSyp=|a<I>Xb=g~-!QoN%%|ISvsUx}6C
z`Q&1gDhs|N?slat|B51D;SE0HmUKcU8aK<Pae%ijO(1yK#|LNuf}%)#<#h^AkY*Lb
zw12(d=WpLi!A+6S?r|DUA(r?y88}B}9}HV<K2H+h1ojONl`u|mm1u|imUfr<JTLp?
zOQZ!d?ZP>yPK>q=sf67`<~|sJ{J92HhiCbN_|n2z15AIypA|o{6-PDB!B=j7wb*?}
z1HXUI{n@P<i{g$L?G;kM;@q<s@wGKPyn1}gdzv<@omHx7QGFx0ecqkC{Unjg2Ny`O
zkD0s5LFS3nc(Q^3af9*NXV%X+o_9JqR*p)M5ZZENUeoJOv(RN<Lys0gdIZT>8|-F+
z&t-QogX1(w|LE^eg7@*B5PaPFP4Dx9_;FQx<+)R0zbg+t40~#ix%9q<NgY3)j~vfQ
z-oBpNzw$HY%Zy_&3n^+JJ)v2{PkRAOAS6Nl%=IN~;`NRfAI~eX-^rm_y88n`NHVUK
zFz3L<!{&Lv3jmltfcz!mN2;<ad<L{Gm;F<*;j%Sye_$$F%Wzf|X(4HvE#K9n$8@R~
z?R($({2u20&?>Y8?8m5>p5GCVeVk{%p7w*=;XTK9R^nH;7h9Dpu($YY-*SJW(!RPd
zSodAnt9`WI`<%X`lJ+AAdOQ{ic@jnOkK86(`<-feSQxQ()e&j<{>!EBn{xEQd==|`
z4kmxD9q+GNBjzaN<1N8{#0UHI-PBL?0-3&Nxf2ibXwqfC9_6qDvCHMS{rgyheL!j8
za~0Jlm{9i9E|jgtrA)`}JEDibFSK`KE7sV*n*DIm3KACN=_|JKn}6Y=2w^rz$U;qC
z<btnomAD6Q*BS?uQN>Wdvwm8Rcdz)i2T!t3?~d7rfD(IZ7@R$Yop1P4H1`h?UeZ3~
zL7H`9qe|lE^rT$5AlV<6hqYfE8C)_o#G+}x!ty=*dpbH2^RvRtBU8fa13y-r>DVl0
zU!j5gX;q8Du_GC09EI}z3heW;f0u2*<j5<Ff2@7^U8EwsxZ?i*<x;{_@IqYnFI>BC
z@w~sf8`1%I=CIWMVCw09?~%XikLVw~CEES#ogw4V6Q0tZx>v+6<0A>B$otzb!{@X|
zD<OZ};Gi}xY@!PL`J)))&ZyiMfb27fXU)Dbz!nF|*ejh|vK6?r!u^%uU!U@iUM+y?
z$m~Wr%HW6lR`dW3U&1girauW1n6^bQh6!O)FEvv@dT+>+Ffc_V5|}>YkbL!%gF=@P
zAe+Tz1+<~q2@I0(K`lc6eUE-!jL#+PnCP<y_2sd=Rb;m&-|8)WKgXkQ5STm79_=^V
z?NnT7ICEn>QUI`sf6v03K?r)rX|AAA8A!YuE{md;j<T>{Ar|Xo{Dog!_T2BglN{ax
z#(H|bY*UaZ!S}Hs_6HRRaBM}be_IP<Um>kt+-(}u2hpj|sqcQg-XS59uy4RDDdB<l
zz;>NcOzL2P=Z8s|O4Al(j{P>u{r#SPEJ(*iC4Smh=!#swF*piVTti@fT9y9!nU?cW
z(8EO>8jAZ22CBg)56(KG=F0iyJn8E1Iz>}ON7M{M!r!6t)sAJ-E1NRO(c4ca@OvLy
zwo!9`O%K1w{DJ32^sC(^A56UxSRNiGAD>ZpFMLSMvz+W%7KLgl<9MyiU`?R26PHy#
z*dy$UPcLfpoJgOtaMk$$&I_ef_)a9t7ZX@kQx5JjQIPvn!qovZa@`)nL;B#(`zdjE
zJD_7xQ@5-J_%hpx5z3!enfqc?AVp5D3y*r30}{gnz@oT7D<vPaL_1AnHvQDcV3Us;
zyA+NjTb!ni7U;uKxb;MQY>@{8wnzPosz{h1L1V~uuLpPY>wBpT?z9E!&&(G{cP_#H
z$=sUZsDSuR*uUm9p7<+(*z<HigHg5LNb7XZr-^_WdfpPn@H6)a;^>~Ld2yC$;a)C;
zvfbKq6oNIWF`7rahXz`Zy(0PMmRc#HSqjG+%U9<O``~?`Su&pIpJ+<s^Fy&8!NQeS
zj64W>gvR^}I2w3?(9~CoOVBwV;Gjse!BWaCzmU}B34JQW!FZ#!e_3H<7PI~B56n^r
zNuo1v;&&t7TMolXUAh$e!|AN)h%WzQk#^#Cicxa=Ya}T4^DrljMh-d^P^6m;owigq
zIaDm18|6!(KMbl&k^<ut3{dcCUx^$|HvmM#nZFlLb?gt%%Wt8%fL-e}KDB*6xy{#<
z43rwShx9WjHrh~qtZC^*n3P_%pJYSmWfm$he@owf2qtUm6_T;fNcqg|XDkQ_c)e43
z1`vPZ=7$-uLi9&(`(<$nFT>eV=JpHntphmrH-At;_8mDlZVh$6L-1>26Z_j^JEXA_
z7&FW~Z!33xf8>8t;YpvX!LFd#)d08-QoG%+?Y3zx2YsI!pO`FD1FI}RHr3#fd;}mW
zF<MFwCF31u?8shODYJQk1_8_paTwXh_zLec7WBsbnQ~;07G34PT4G*qc*upi0?)@A
zPM=o^CpXNfuXIpZ=e@9}MT*za{^@nRJvny|orl|pdl}I_Jo|Ap$VZGu?mp~Gi_z>S
z3Q0&qdp_?Tx-ilqZB1lJ<>d3q@qhchG~DwKaSmz`ght5M>aBbu?YqYL_nhAclKcc6
zn#RW81Nff3y+$E^jX7e77qs6eFrC^QO?tg7c53joi~s*+PXT`A1}W3mpIn_L<X^&q
z(%rBBxNI_bEWZ%0hLB{|u*96EdVE}SjOR+;ooWDe4*Iq#tHE?1V7+B@rp7_e(&ru`
zcV&Ra2G%B7q>mu>sr$%$IMM_r1}4rQ<$}iVJHprM+?>(;4sx0)(UXW0K?o6SH`QC{
zo2>oxqLoE5FKN2AI&s`)T~fWf4%d?kQ{XF=bMLH!*dy^;*XH@Na7Fxh@k0@wE&0JF
zMGMxuIemPYN9)I+6TUem85x1bjV=ZWjN)QH@zet~3TgzSk!EaW8iiNPXY5NjPb$ju
z*Z|xO0A#%NXxqf^iRfbzSaJ#OwlY?#xa@P8n_EL~&PUGtpdT#Hh1_766y>PR#JJ{T
zIb<d}oV!Zl^_@Rec9UUVTvZ%L<P0;hSu{tw^WiOXZMAR9%b$D7CQ(a;98eD>9}UC)
z5QHV^>qWDDfJuV6i5rg9;gbzj@u83Bh@|Rk#Q56K%`F|r-@Q>^Ip|JUnVXn5c)wD8
zdXYRj@7}yAH~xJXi(ZwF@F=$_DnGo7U=Jq>DLIyN>)bbP(7t|d-=jk{_A_imorE-g
zrq+qpm|bY9gw1(#w?KMP?q>K*D0s}F%hc_QQDaI9$Z;07>NpBeVb4)2p$2)*Zg9xe
z57V!jtQPaRP3h~&c|JJQdFm7{YHgJ557(`hj5v&5Pc=Ox3ZSZ&h{2;E)VmFXa)U|{
zeLZNDE1!i}^61dyQxd@TBP>t-Co^4xsCMDZ+9b&N&N%3Mnor4XUlWPiAr>zoz8`W|
zsd5;N_ZKj_7_BIjexYyrZt$Tz<|&%@QK`HJc$3@mtjspuc|L4?=JJVGex4Ov0XXma
z!fH~Ilf0m^zSk1{&wGyMSkET&Iy*MOCN<wm`qAw0_+bDOq>+FX_On`JSia)l`v=_D
zp8~^GEuPU_#gbpUu-2oMj@uWRGV9V9+I}#{zvbbV9*O5)S=7EXotjykmDdZ5DpV6I
z5W!7;clAd>m~*;TLUoaR4noLnfYv8@)>1ZKRc3Z7%jhE+6jcoCFd@SqZ{rNV^3?f;
zan9ag@P<boT;7MdIxbhuz^Lp`!|>^DXmTin0U*jl&BpdU>{|P<m%0RxC#*Ci4YQPu
z{KD-w?R`3s2iCsXl$_^x(*32ApO{{oNMY**R)x~03sdgb#H!+>Fyeg<yHHZh2_)g|
zORdx&?||f2C?_CcM<(3wxyN0MT$Y`E^c?s0xC{cIaeb&b-?Q+#FiR;~ry{U~XTG#c
z7)lztJ>5tq@V?RO$c2(0RLKUi%Z1OAxY-hsHi=W9{lW(at#v-1D?9nFnXcz(fi2j+
zm<c(j^3c}C8eIa;xV*0RsX*851J*NKN{NhTY~tNorNrlCf>h`yBNA*ivG%c%hniB;
zs#xUlwn7ZD$4|Ji&cE@b+_}?ufYK!o0iLAqhZj0=E@4l7#EJqK_+&+41z)`U=DZ--
z_RhbPJA$yD=o{_GG?hcV&1hM>KWDvnsg9{{bl-CzUu-lt*VRQF>e$pVe-f3G^S3f=
zQ>Kv^3(Ek*(B&bwrVao_*n*dF(9UerD*@PZjHLbg%QgNnP$USfp8JxK&bIEpzMuhi
zQEa{P*y2Q(h*1(Dynu<TtOo;OxAc`LH;@uX546Ug;3-fcksus{@6Qr=>;43w_b0sB
z&Zu|@yQwo)YC@MA3-JU<-ST1D^`#|vSn<WlR|PyF3jYWjv3Q6V-}8#@TTMSy-AT3i
zdp1=R6QS)zmlJ^&D_1_D9U|_J4e7uzf)t;8ulB-VSts)9PoJ^~(iX1ZLZFMiwGVg!
zJQvQ?u*-d|S8I?N<<Y>lkWgja(WQ2AlUXoq{rpo%Nqe9at8tdTJjQ|Yi1Lpc`uG;w
z0lQKf2d$atUy*&tlczk^;a2^T-Dz%A43!u7|KRgpjjr#_+|H;`KNSTL{|}#gc*QC&
z{x-)6fB`0nFjHT_Hchve4D~IYx>5Ck8n8&R<-`_|{J1#IP5!cP_l-ubiD<p*gGP^O
zEa@>u*0g9oEGWcfC*09Vrp6G+{h`1{Q@PTAc0@SfdFH$FEXHUfB5`PRFJ%cJ)OxM<
zr=u3f&XU4G=Q0rOW$`N{5d>6;CmKDxDgXRD6SC&al)F~iUC`i3Mzbu07yWN+7~8UD
zRKR)jQS^0+HaaaZ5L~sQ(aoo4Vs&+sGlk6x4Ts6=a4BB*A`z!wKQEzYf{tYKB{H@9
zn*01Ms;nwyTDjd0(L%u=XezMy)%f=ZH1*Xx?}bj?l)J4i8Gl6VR?Cj}ru3K<xmvok
z!*}MyJr0fNsY9eB*^s|w=Uhbbq%HPnDZTK%Etz!xk(gOEe-z|GDG(3(-JM*Wg4Yi3
zvHnk2*zZ7@iTl;(TJ%5Ln1VaL=Vfd|h$0StM4tiDlry=#BTEH4<g*8GQLr5!d!&kA
z8WDgYF-W)XtL<+*)H(H|A@A!wd9)^QDsx1C$2)AO5H{iqn=ZVk(kg|bUHj08q=fIy
z=y}@bML9=f8Ay(l+0D%sT~Kjw)M-0lHKV7;2?M(jNQHZDYkFUYZ%l0!>pTg5PWUSi
zLn1e54$}DK&iUZQ{$cmQ7Lecm%#-$&5i#I!A(TPk5r0dm_`S(;d0W6OM;NOBkJDo>
z-)_!52aIy9kQ4$nZ}QFENK^i9Uw8Gp_fz-7n=Cp;aM#qEaMnJs!I@bR-AbG^d&`Jj
zt-x3&<7i=ASM>Tj^vFod5CN8+XY@bMb)WgSeiZaex_J<cukmxGO|Buh<F>vSCy1@Z
zSEs9NCg=PF_gUZS23GoOj~uc)W7PW>VAeCrzOVCPyWQb*H>WQ<!iNi&Q+d?#<ATo~
z#pVuZpSaAoIj>)5fJH!uU(klUNeI2K!lT<xZT4JBm5-9k1go-WsA}frW{y~6Wvf6E
zy`O3r!0$70wa=|5a(;*ECl}l^Ee@BI`SN)=cljG&+}rhrg)R;8iV)rnw|K1+TDFNC
z5#`mQn3OwSe-A;lVcP3lI#^`7u<+$}LTf}Go5#<O^dS7mJ~utTE0^XM-5{TGJ?|6s
z*n;#JVX?fvySyvul82jVlz?wkLQ3hV1`=hUX~fS&=D&aP;t^7NDKE!_5UyjG`TOPf
z?wLILV7X!?jPz@4xxlr(62zAKn(UVx&B4|MzA&AM<&ggnZo>s;I&i!M`Wny``$Yk!
z)MDg-zKnw%qaK@1V1OK#3XkXa;tQsf*pJ1p6+0Y`vWqUh{=CG}Y58#C`fgn;c!kXg
z9irOygp~@x_F^X6*IPwhw2A^LxepHo$oSi@AqM(X&^)wnoKDXtSKs<(toc-vpGRTH
z1Q_*EWtmsD_fWV1Uf9@Uc77~qj;W&w_0@H3#$1!!u&gRF0xMKi?D{sNQA8I}l^o_f
z9w^T~lEL@f+mjR*06_8N%Rn``Hp@SG6)Rbov;==9xqH%^_0$ZC`Z*-N&TZec&Dl=4
zjM*xsBml?6^18TXsHranZXjCTQS|n`dPg*JTt2lIMXxUnTZ)TwcgR&gA%ayF`;^nA
zZX+e9;-C1a7=AXDasR00)3C0vKSTRF!$d~Y%hV_#>483i$Y*T=fL3DMlNw!g0m&nA
z?q`{U>%!}F47ecmNd;5&UNC$1aFlNA?SsWEX`??)1u7vMZ@`aYIf##>SKWqRz1Y1R
z_gZ)zFWo0fe%hgZfm6lC4&_=C*5M*&ozBrO{|EowGwtk=)GG=@gMEUEr^VkrY`kJ2
zEL;-ry_n|@X&`|&z3-|;lTWvEVBxgaMsQf081t70@pG4W%v1gl2iCPI;p`sfd7aqD
z{Vs!0X}=4?>!j6;KmFx}ak%@yE8_Pt`pqYpNi$n7&vk%~T)+Ju1vM&s_#g3MY?jm7
z)Ujy#OA)!~@+O^w^GhBFLp7T)j1ZoJQw^=q_!8-tknah5fR|YU35A(rzSIion+Wjs
z)}m2VEnB<4zQVT>cJc@+VZ={P=G<CKj7?djULezDgK@!{h};K^W%EVmTz$b%_24LS
zKOBmt%U-Rz%X$R<OcG<K&3@NTy7^?-GwC&hd1v$U#9-`JGWN>-lF?%PMrjYe_=Z>-
z?~{Sy&OduDOVH3J0|%U7){hH;oLc^CX7+IZNL&9~X&KG#i=-_I-@y?AKtt>kULi@?
zXdNlW4m0U3E0AvW*=krd?mHZ&+);=8Hn7{N{{!B@Bv&KeVgLRvca*kCr)lhgx>(U{
zZGpyJbCA`WE#wbBc!Z}Z{|h#RSf9&iPbLWW^teLR{lSzfZ1)t*TJ|R$#%gNE4e2@|
zYs}aqoD9j4L0*8cTP>FRGm_6P`>2ObzpI=<87ILe3fsSS>4b1-p)A3ghlhNBvH(AY
zZ3Fc<hIZo}(O@5Z%ktff*GZ~fQ**$CPMZ8qExOseKg&wD&x?`}8WD}l@=T0)8vB%d
z#v#rZ;|x5+ZzU@Nz5;5wTeT?C9T++FQ;(il(;d2K=$X_^xEcJ&(`(4Dt<|hdYphSc
zy1v0NUoLNXB$~+#djvjeK()%(N9J#Ty3ytDyimYa)`tFTUcXeodOWmc2-rdzHZ`jX
zq5~ci$j15~0eC-4$C2pVRV*UsS5*1?F9U;`IZ0}1?hJ9mf^}TJuPVz6o<kXS4m;JS
z?o!Fvuuv|^`WwjNVJVKI=FNWnp?7(L!aG>B22!len68aG*0Kr#o>-RKqzT{S3}df;
zwJL`O6eGN9aHH<8*RSzQ*!5Ta7%$L&6J&}ok?1PJxJJh#5-qc>%I34Y<g%sc9*YV(
z2~v2fmxn#95<LG7QE9I<IwFqjdwblI)8!k#$&Z1I=!ZJ^5iZy{krn&>-nJZuANMQq
z3@-e|C1_`Hfw*gHSbf$3w_Q0QxMP)#9n(yuD6n!Vv*GtWa6Qq#OX*6Q?hkc)W*Chq
z{}p-zQ?H}glRX$uk@5Vzheh8CO{%IqP}OavVDRh!h>6Kifph0ce*a+cqb6*BNKUa8
zm>e@uj|wi@Gw;#0i!LvavPG;IcUpz;2)*e@0kf6Xz+#dWqh|F>J$2?cosO#Hs(MdT
zN4{&~-_dXT%sXwVJ&M{*-rs#wC==|BJ>d9Dc@G(Dm(K7x%D>m0`o2!}WjWF3Vlz!A
z1RUyP7uUh;i3DK3?#gL$6`!1yrao|s`6zTe2VRqN{`Z+<sAb1}sE&%NrkCr_8DC7;
zp3!59FB(hilSH{|udp#Cx)}C@c}wVO13B2kiz%?By!p|xS`Xq^TpiF!cV>HUP4C@d
ze|Gxha~Jt}+|<l{v+X+3y_{1eL?qrjj^mdVw{}cX#v!mx(UAAiJA{8;5&Z%cGIZ~i
zWhcCbPTuMVfWY;;51y7&9iuA#Xw9M_S1^^Ap1b53|E>Ao^=jG6b37g3fJ~z~aX)8y
z{{$u?mEDEOlXJ9B59j^hJgHH8W)9-t9W1XajfcX{_+|YaFH3T&NqW-f>B#^AYKUic
z^ABQx1m9GNL04p-tNgN#Klm5w8!PvH_oVOeV4~1u-p0Q2yYj`53TV(fvmATzhzUM$
zzpxN*44{XXwm2l}wcldLOmF7fwm@c>FbX5+3u-z?x>9)E55*-lZha?f=$~aT4d@5m
zg~fkyIu-v|;IzAS@zI&`G+tMC)*di_-FjXPTbzf2o`sUl?Kv>#?B)QGl1F#Nlf$?b
zilJ~$+E2ZkTBsNYa?vAL-ka+O#(Et6)#G0LE~in>zrcIveWvLs9*7C0XX_YrDSUF+
z0(FjABkZY~@*&*kMps7t$$fuEjrX4el<(}6*MJT(Te@)SDH8vvwgmB+0upVUBTO{z
zPCMeAPL#8e>;IxuWY7GII({ra+(&aMF<jN$EZ5JwjB<x9n?q2}i1<!TIt`i~wu#8L
z{mrcKI0Sw9fvvQX->fK}c`2ts)--RwaONV@T|{?Z{++hcZZZ4qC%A(^+|a1_JD^1~
z{q*x|c&`=2a`?{^55>S9%vQ;BSX>NSp|QV-#7jGaRXIG0;|)V|b^hsa+Tr{ZIQ%}H
z26%NpgXegwnT(J3N2{HqI{P!bTl3}qGamM-`*6SUqHKgN67|;$-?O#+zR{k<9$xW<
z(4{7xAPct>zd>J-Ej*ecHooJzjlJ7`=-y?P;yh}SgdpKDM4x{#nJ=hiz6Z1mp?A8-
zP?=7Vqjl{lf8#CLt^K4ikuW6`gUXJ^R@+gDm$HWG-d!b)V?yQnsw^Q)CKgyW=6y2V
z$R>Qi`Q1>R3eZCaQN;JeKbAP3JLf)_#JhcN=*4F{C4Nq7vQ6QrPBX(rw+k8cvC9=W
zRXQ?fe;41gpWWJ#9ed4Kqxw`bIy%0;;2V(R<H1M_5sILLBk~n~4U~+!E&Rxzeq0Sz
zTlfPt(EF9Ce7NKWVKq$8+h$$q7vJ^GTYa=fphDG;7=e74`&t4lBA+#y=*?pMLxxfb
z1w>ym5WW0qu#zXW5ua>kBEKF1vFU&@zY;kCcO1~SKptDwh!RZy`drTEzgy?P3#0;w
zn@GM1Nt9k=48>=paHsd<k7>K*{pZfON7u97!wOfsB3O^7C-NZq10vfL6RU9SY{CsK
z&tzSx|GxUG=YgGk?e4)5nE1<vrh0po<@8WF?XZV6ccCX%Ezo&Vw4vC-?I%FS;LtkU
zFj9&#moCrGb93nK+J(C3>Zm=42g^Li?Cegx7I#7Jdfj~ag*?tcb8kw4{6bywoy!rJ
zIbSEyezrBSOYSxsw<Y?(18b~b<RPr*oL$c__R^#iyl$dOe*EHVBZG}PRenx3j5<2%
z%Pg;~c5C^v^#!?(>hAa%o0zfpOEA65L-S|AZV>T7da%8fV1*Bp?02*N1`1+~Jj=~L
zG}$Nyg|a6%_q&yhU4|O^PWTRp3bGiksPVkZ1QoaJezn<{?R<M)>Jwz>W6X|{4I+_o
zRZ8<c4RL_E30+c{=b-m`a!<9PV3k)tw}`$|Se@jxc*cpwd`29Olg9kI_I}aWFFfNW
zVM#w7U4vB(pC+b{AUfnzJ!SLu{?wskuY;uxRzF-{Sv*l?z(lX}{LcF2xH*@hGIS;<
z&i!<1qRe@5n)v(ft1#Ve+Qm6sA6m)iBH2SMwdtozP&_}|&F#qg3bERZqlVT)B9P9@
z{JYV?t(<w2FZhaRNJ*YM<;bPV?|!{@FzRORiIF1JrL1j$EDQbmjlp9nvU%x=LE#yg
z618eHlSYLFD4_(2xE>&x!DkrY3lJ?<u8LQJObICItrCSHe*|v<|MOX;+OK7m5I-^q
z{?0zi)+1z{G4~`IcIU;z?T4w6F5DBk7cF+?7S`!5ih=u*4EsIZqo-ldtOoSq3qm``
zb!+GCP8I41_d)n*Bio3ajaA<GK^gp>fB(PlT<}%+kTJ(8+I=GFH)?6mBl~#&OhM#P
z0itJ~Nd^0vzAzMGE5%Dr)5v8M`YfqE_!YLjmrBSJc~8f|Po-^*D{+J%`w2VlB?Qq2
zuP0@)Xyqtu9t0I>G1Y$oH)~AD$-U32gzS)caXE>~k)GJA|F8uCV<q}f+om(|U6Jw9
z8Yuz<4M6hIrqn;~r_&C65CA_<h1e;Q1Nq1<icE^*M2nI`o^azfR~T`lzvL5?hkpM8
zmIE7Qp1ytZFIv4RN0ZePb)$LVxG_Y~YTc0E#R!@n9+{xwLhk<WX}7E%x}K+&@V{kr
zs`^EM-NiSI$PWea(^t1kktn(A?a^FsOzyf<Djv{epfm1Ss*+#wa{~Jbk3H$U)Q}hB
zsKe?0aF6h@R_tw{<=5}I7pnkwPLg<Kwm>=O<$w{Z`*Qair$zE|CvXP9jgZbLxYl=k
zXx<f0R798umlK5Lu6`KnrRNSOYtT1hac*KmuKC#rZ$4z4<qA5;DZjHx2f=FYLm{R5
zsKn>unUX~x{*dW?Q#zvQd<zAyDhG}D-M^lZuq5xeci?)bC8W5Aq!VNarEQH^UFeTM
z7p~8Oyo0K~dUkSnbIWPZ{%DWG5!+_JzFLVfom#`uNB;3skgq3q>wszfgQp~;ALObk
z?BmzYND$bvHE~}nZorltuCOu=?<4xnZW5Su!5iBtk}>78jn3UYV!*G9FjPqPSC3B)
zS%y5StX9EV>^2V)`^Pfh#AH~R{mBZ|cj+~Ol?E>~;|G`cF0F=tJabz7N*q!5`}i)r
z<<lF+X<f8G@8|<d&+|P(sZgfk!}<8vTJs7F^u!a_{X5Q$QakW|RGq}JUpB!e1-naL
z1;LRkI3da!uXI810}vg0xK;|O@e2@wAbI^}W?v3a7pM^Oy9Xyr^f<`_7<M1V^^4zo
zIwsw#Dc3+lUx3k2ikx4ONfO}9oHcjz(3M1YRAVQg*Z%fCBo8Wz<4-JNBmkWK_4R)I
z7yjC==H5LhzV9^CHqFZ%(%9DbluIfd-+9|>S!x8FsUj2+4YqM85+<=gvYn_{eO+NJ
z{w((OH%u+Bwn3>NYyF&)=lO3_u8-{nQ`2*#=F>GRbME%^b%*c|rdumjDjXLYrj=mQ
z#A+kNZKAeK@<LbmLi9IH%$R7n=!@ri(cL=V!EHMVHPXM{mOm<ukdFKVM`<hrRY_xd
zp??Ju6R!wrGU)g(i4>%Ni=;H~vDtC;97xFtTjiAgJIgiTxd$(i4WM4~wbG*~wZxBj
zF4Es!uH(}tPizjl5j85Qq_FQ%Q<}H4WqhsZ7~7Qd>HS4+leGAkrr);PS<3lKu5qWM
z(A?E$72>YCbPTH`?&Syz>~c26!;MMoKLDBH|7k&mw$9@=EWHrq6*~b29_A18x7p<A
z4P-I%wX+&QAYkC8KmH6oM%VVxXNQM+`LJjT;3q)AXSA#W$wPnOWhrRHtajHOkadct
z%YLA?4f*!-Xj<Xb>fP6)Ry~q~-3?cl8d&J$%7<*xUw*bi$=g+aqW$h=$d@3A_1}v3
zUteE)v?l#tJlyTES?zC{UfnVBP@4CkZfair(7M)pkI1=aH#WiXz2;<e(AMnP5Od6?
z`|y7`(<hjlW><LN9bTJ*ype#B8@VIr{5<;9r@iQGi(t78$MjR_;Rn-`#+elseC>N8
zE$OO*<@2{7ScLwI3=Xg;k4?|hPuwhM5#9q0*ik~YmtppXg=V>6{u83KD37hkdrN!9
z{i3iJae}38K=q$hO>Ykfn4R`{!tp5Rf?uxZ<ONTqFmlp()w$Vh4G@DAMLKkJuwY0{
z(6KY9)Ym;Xqbc-n)c+3$PSidbRS!y@X;>|x>4SZT=AR}}IiZYn=_V<Jf;r<$PK1zK
z+8Qps<P~Vm1k!@P$InE+c3D|yK(`!JdsR1l2fC-+mLk@qTZA@~%$ucfEeftlKWP`y
zoT3_s$_~zm4d$hR!clt})Pd7YCT04mYu{=*w1+uJb+sD-Ld3~{zUhrP3`eN%=pXuQ
zpgX=~4zPitFj-vtD~#^jQD!uvnw>J-r~vDAsVck!2Zh~8xL&`obqe|;Ph4smF6iUX
z&YU9&=n0l%cD8AJj3aSmaQ1Mc9@D1+H>W_2xc&N!u~kyLeYYb+@c*7*w~)`T8*xE6
z1ojYwARm&h_eoxvW>t#aXNV;|sG65&Y_qyVKJ3Sx{5a<8{n(?}v(Y`N83hOZ9C5xy
zZF|s~-M8S@b;rOyS0n$tTs!&v+sERiIq1w|$R73+)jR>RRH_#5c*o1(F4M|?ijjQl
zH!-V;mOCHrd#*)0|8-Qa!m9Nk=;*C;^!Z7lA|fB?`igF+Nh4&|`5uxYaX*~wA7|qH
zf>ZL^5GDGG2Qx4<zAr>WTvg%%S0g_#s6O$(Y(RXEsU8cB(xnjU?%BSCYI7{%;Oc7o
z&(CRm%f(H6SMeU?pn1T%Mr^U%Ffe_MFPnl+tgWH<C?uE`Ws>eND_dWDjI!haP*~CX
z=R1tn-j_2P3%uGSxa(|jfoZWi*Ss`Tbi(-V3yOq}p!A6>4es*CtD+C=_(2XeS-*ru
zDEH{$ni2J6`s}KDh6{U;*#S|&%F>1Arn+fjp*Jd+iXozf9aCv0mjD9s0I2>Cj+;K;
zC#QNTE?n!hr5Iv;7ouW;0$gb)g3ekG7FVZKbEUp&ba<~rIo12!5@e+}5%H}i5nm0j
z>TQ2c@O^tD#Bb(6KL+aM`uI@a-||r1DDHiDw&4g4jbs|aS&V2b|KdY+4Zr9%f+geD
zs%p&Lz;OjQ8}1?VFq8TAtK)Eb*34Z)p)~BQEL*Tb5k7919>&1uA#tyZ<Ef9Wwtfd&
zd1Pz740CZV_&E96ngWc@rZJyO>_6Kl;~&EJcgrpqJAtnPsTsYBfpj{)IX*fJkD;=`
zow)GZp-H^aoxZWM{uQu{yzq!PFE=7|ujzMCZl1ocl=m_0e7eF9go9TD`yzww@U44<
zxm};E=kw+9&P$1vpNr+g);3!jZ;7-wJ)R#&74&H3O>wnWipf+Q#@xIlm=~7yAi_3a
z9^y}jT&DIadw)U}Vpd;Ol#gv`I7f}h#l$&qjE3mOq#`Q!@38f)f0`>H()nl~8Hinm
zyBC{6oPOq5j%cf>pFWm-34`e2e)*YJQnbmbq8~}~RCt5BnRONQCYb!E$395Y_Nr4q
zcQ|ZS1NUxWhL)_=$YYO)LI~a8aEF^(NXawWVmp69uiXS8W?p$Eyixwc``G2Oq6YX4
zF25hjVf;%rmSw_}udI*Y=Ulkgcy`2VwjSL1_D4i9uZIV+7YfCZLx>H91O0kj=;pZs
z$d?E|2>pX1^rQCxv)&sFAiI)-gr|K$e+dD<W}~d^w;g;beX;PicWn2tJpGDh2#=v9
z>v`pccHr<jpLu*o;fCLJ7~G}H#WigCY@9!oW|5bVh7Lok(bC57-2G(im0St1j@6VK
z;q#czm-C0&mod`Ky*nfSVV8((e)AeJn))G8FF7H`6<(wlK*QT7;rVUiIh&NPCL9>?
zeG+4>Qa&faXn~J%XZ`iwZ%Vg&-bJ+Ql5m=f6bnecKlG;ecIsoIekDA>opf9G?nfnb
z>>FnED$YR<)IBf(=jeQTZpYRS%*BY5IHI?QOoTiPjO~3nci%B#`#q~DI2QOev6Gca
zgLmQN3LFLcjbv)%j8j-%FRZtVFa)DM%*DC6m)R|4<=Ggs)P)d%ktP0&PB&!n856MQ
z>Uzt^<vv=X_Xzp0&K44o)YIYfqN_$E@Y(C>Ed915&63m5f{>q;se`um;d`a-Y--Lv
z6HE^Ri;Qk`s}rLy9o}T!ru0reH|8o}HC{1;B?D~BB~j-AFkWc@r(AV@UcEtKU<K@-
z>L*HItlvU)(;@^kKc9v6SN5wvfh^pn=2&;ZA%y#x)+^>;C;!<fy+TFO2O)JK7IJp#
z2K6BACpa&;CoRE@#JRm=+yKgZ=*gr2UUUnXyOG>Tl_~ET@ZxEB@p3B?NhFW~`Pz6Y
zCueOHpI<_b-3!d<DU$8Wi@}GZB-7ZHAkd=r%W+k3J(Sxya3v2v`=9s+c<?^&?aDD2
z+Mn0j1U3~V%G^fV5nf~Rr9_NyG{Lrxh6HI<n1et1t7@M_);8paFszljubIFcc@K5I
z%9;c0QvSNs=XI}F6koHfj#n?VZrQLe#l#*S61cc;6cGf2Ei?NiUZ)Kez1Ew42bacF
zp?HygTetV`jOpXgo;W27a+Mq#>DSr*O%@<0unK@>NGwC-nt9NGUr+394^#sh{aH5X
z18)Eh9OMlZxfiyrbkF7${IOH~QegY25V7z_2`Dy7r6BLXJF$|3VcB&LQxUugGDrJi
z@odNa*(3X>4GxXc2%B_N4gk$g&t3DYxV*f7lhf0dbrmLV`kpJ>_uva2qud8nS?9&8
z74(PMdCH7wd6GYlmD|~?JXw$9>Cmg^!wiWnb!~h0acE3j5<%!LhkdzA+UV)1gXU7_
z=J<S<!k(6Srv&HxwNBBYGFYf8ic5(AR(jIk?!4#JK@;Bpx<BX<9S?V~t0?CBPUf4_
zI|zXk^D2MG@=qxas~#<=nM;kAjW;mH(D0sDMSH2tadw}|TTTk3xfrI-8M{27`&>8L
zq`lT#GDW0>mO2I5Xes{P3YjK?vvJB%H$gU)y*1Tg8#&pAZ;K48Tuuf^%e<lfdgQf-
zc{doa<s@%RlfB13pC5)?-?yO{jGr61TCt|+bhPyFM<hM<ez8q?C#^(tNYY7Y89{e&
zf@8Gt{gMP)B@Vxo|MFunY8GLC!^RlRa>lh3P}un7usc%yA|cI7-!y20YUlfKd1asZ
z6kp~`<=w(I3%PG{t3{VPw-~&XQCRmx!hn{l=~Le}_Fl1BtXz{%XDgovKLVC6+(;q6
zI*_EkEVe}VR6cumg<hA7rxORwQ@&V~4i$Ic<S*aJzdJo)mu!$%1NRGvd#6g;E$|M+
zd$3&#@P`*VXv$*Y_~m3=cae-B<^8$t-fvgziL;jS1<!+1`B=wO#a~|q@;h;sdezZ_
zEyihwVit~uV}=6XoFOY`hK%Y;L<8CU*dHxLvMz`Ykuf>2)ACf1bPpl_SBTFB>H0ho
zFbic05%jS0J{k2ZrIPGtH%Ni}HhU;-43kV87Eh3zWtXcta>EV7w{m%p^s70I3O!Z4
zo)h(t-KQmPKrTXw;TBdtq9a_c{pTJ}pEO;$u-x_ayqHRKwl_ueACWfxK&M!~yc`Jr
zsO!r~bbaf^B+q0cZt~5}n(ueyU+dd?Si=x*uKEtnQ{+pjXLex9VvUtT3<4O|sSm%^
zty?%FUZ^J7JY$aQQ+__7st51-dz#9EG{2mEvhr=~cXV!-k+Pn}oqgRd=TkezznL@<
zU%NNU&N!HSA~`6i+2#jA^7(0DB3r!CTcILl^$J;23%DZpgbDiD$sZxyA*q`3qG08S
zzvjM8wH|{mmjqCzn}C8Dtd7HplDu~&(-QKfTJQ1CW7a)S=KxG699QQ0@(*SiH|KT-
zAT__MYRi6J(SAlnpFAF!?X`Tro9w~6kklC1!<LW9f}OzcZYfl9W0T8iADyCSnON2J
z$N#p4WnL<O){b{HUsv=Aygl#eoh0G%vzo=}xBZ&s3$xnX?bBeO99Y+T982XneB**O
z!D@%qSWsnIJ@@vlxni}O(5d;05BU(Q8jMF}+~dLxs%Q2XcD=ft=DkBkXq@G(-=9Sh
zG`*j>#rb3aSZxStpU0P5QNu<X#;#X%F?0BSAcMnR>3%*qvw2-NG=LJn6zO9*x%qFc
zZ8YlZD~@&duF^X*m+PCisGa{WghRF|+Dxyxe;8oz(;7@XG<p+n%$+>e5{Ffo4cr8^
zr^=PM?9guh`09Jxm~!clb-vB~i*De_n;h-Yzv(|LvVL>!gHdg8$y2-~m#QT4xFg~a
z{oaLd_ZK)B5RqrMMRIgLdUCOX*GPpdc#J+wD2^B0Nlgw1=yj^Vlj&P?1*eZ3Z~Bp+
zVY>O9Lg>Vr`)6@}kLe{~!XPGczu)d(Hj*h*e5k?p+|$#5j@h4Vk83G*6#6+nUBAaz
z6nwCd6%t|$rJ%UVM(K)JW~4XF!<}09cu%+*;DxJq8%*!_<X=TM7-K<If#Vqq>uaKQ
ztw^l?c-S7});N1i)I86+_H>Pq>0<_hpv`}9b$IZuu%|;ml2rD{MMvmdJ7oo{t5n6T
zCGqjb@>kcz-T%hVzlEO~_wCh1hopJXb(TWl^pmF<hCDc`=GQnGN&(|Xa=t&k8$mid
zr`hooK6@jDSxKA20HMBlQL2j(CmWC)0kw3#+z*?PSb@&mJLs$KrrS<(>eQaC01TI5
z;c2+*FtldWHqMZ@Z$+zyX9hX9Gr7j``+~6_BtVuWi!dnTr=}NAgf|?6SG+%YdVP9u
zy|M1bqzbS+!mTP3{3u|i@`XPGU2~u4bw&e$_|wijrcdxPXU!vDrQDdx*@JJ$@)fVd
zJsRq)^G|;o<Dm*?+x+Y|s>)un>s;7L%DP$*nN9O6y6#ci?4!!w(qisY{b5e89&`OD
zxEB#enf0^KCZpYh$T=w=Bc=g?#y|4Ib)(Z85djC4OP=)d@A^DSlKSJ@_xY6t%H4`+
z=aJXk`>U?D1?bHU`U|0NqrLZ6Xu9iuQ%xV6OU~-;Ad|9`8pg5(F5x@FFJx9!J+Q?S
zVG&Cpgxl9Cr1^ePjK;tf^7&I3`ss&{19(dCM}1G<?{Svt%s>kDbU5%K9eV+6ZVus<
zSHxI32A%hfZ_<?0ee9*rJ9?{gtvFjDN34gm2oa^|#t$DUgR4_wH3yjl7aK|yub0WV
zT>D5b^LF_ez{22I^lQ1F33U^R^F1mhiB_~E^}(-L0SaoFBfW=*1U8v&^qT}vI}e{{
zafn6c;KRL+y$nv2LWhDnj#2Il!Zw>LgCG{p@}m$_D-fB9>rh)wm{W8$9QhAMlt=Dr
zBD4DYn=iM%4E)B{q18ccRJa@`7<u7y(`<iuFUh;8LX)KWeQpHcH7ZVF6tbLk&`0$t
zK8?@D>8}I8QOc7*KZ$JF-(#l6@ARAr+sle>%KdWrrG>6W;qP3j@l+6HpQ6vtIgM7i
z^(!e9C4bIvE)=vAU$nOqC#C)P0^jE$<A|5d*Nf+k<6!-)XLMw50geUj42KrZ?)Bdy
z!6-4>t65)<*Ry)$#ZPvfx`!-b4F>b9U)@d)1oUe4IQY+d&@J+9RfL2dZy9-h^IPqq
zlg0LkrDmxpBf9;OvPmc$8TY<F^}Z_h$#pWc>p8Qj(b&(Nfrj2=ab<kjOOK+rm}qcd
z4|*e!%tAo<Kf$n+@S4yxUzg^HUdA<c45cex-G1@=$pj8hsArX=!H9FC=XpM!Qdx7!
z`0QG^a)Xx>@CGcG`L)KT1sDwNiRum@7Z@g+3Dh2f-xigyEco6f_c<0Jg0aUz0~_rN
zI#0d+g23j+{C&oX6l&hzP`NK}7(t7zzHR7?w?jR1m0pp^i=r1{$X~F}Mqdf?viN@U
z*?4XIVLo3lzQYd}FIiUs@N9ro?iBBX>`Y(HpK3f3fO7#zf{7JY+GU|g&>~tKLq|m4
znJT^6^P>y*RZ17N$)ypv{a!uN{sfD*r;8rTZxL-J{Mg*}hv@z|Qje)K;V_(6$1%4k
zV{X-ivk6K<<89PcX|%!7J0YTY45`k(542BR*SL%%V}`)wW{En`rCV}`(!(a7*~4LO
ztT&Fgz)*HW9++0v^cSv83k*qB>wcmHq<Xs?x+NxC(3*!$)|1ZZ4<G5LS0zoik4yep
z1}UGGcD_2j{qp5Ibr*}cElmx_8$)x&s=Lo<B2AtkxuwsSS~3(m@0tFU-tY7^xFIx-
z=jZLu?KaY$)c80QQ4chn>V45rYjBTceJ#n+$nWOl?@IxkGwxeZRN)z=Owqkqo7x{p
zW>ylYe<7|umgb@KW>pWI#A8l6E|UO<ceSrH(8Qt%q%A(U<_rOAWO84q55`e`ynUka
zuw{aq19zj6j;)XtZU#G@5ikG7@Ovivz2y1!=}$rn(qgy9DUGF=fdG=_A1`^(>F$Ob
zx1?ukJBk<A_TmhR8a_S`jS77xR<ccmrqL&tmztkz&pJNO-|;vcehXL&R-m1HWjb@E
z<bPI_g}&?wtY;d4*e3<c>V5c$Sp1=~X5>D~F9FCHjwp*vJpT%^kPy9n$(hbM2ectZ
zqq^<I9izDu=uussm~s?ClazhxA&L&&4b~;H)jq$RMl|)Iti!bI7z%fczK64Ld=f9X
zdk3i8>a%q^s3PD})tZZu>`8z#^v9}Qjuy3mIKqsr`UuXECeCIDcOP%r6_>(MJ`|f(
zya5D@Q34;YN&JraZ)`rmVow0%tftPvEUeJ@Er@$|q5lf6!&LA@F-bRCDU<pdo=)21
zsTs`a0V(aiWqJWwV$ucSMv*BiUEPOYWrr@QVj`b6%WuxkJ|g0myZb&H0}&3)bbmUG
zwAbW+#F_s`(zUj$rbXeuBy#(R2$4$?z9r;NlH0G}ueG1&>~&hLl9+RjF~@i>NiN3)
zpPZ?OLZ0#QVpyiD23KUCJv$J23HEUlP9}a1)-hD)x5~KKk&CbeYwrh!Kkl(8(H3Zg
zuiyxyb>_3B^dNEvriBwVUH9QsXVqMDlMWWg1f=HuNdZ!Eoha_He<Yb__n^GA&j;q+
zgq&L;v#-U5)s@!9iHu3&tm(tU7uZ=_JK_4wY)a^e+~V1JvtKYV$41*+Pp|Do{jN!?
zIs2MoKHw^g$Y0znf1HHdQ^NHF5!1bd7&jy&w0fgD-6r{Jjq+z7-7n;2gfQBWnS)>y
zP#W1~EC{nH{KIb@pVxVu3CCr}CDjX1$3ELW>U;)>q3XQvBw<&0&iEUvLec<AvX0|M
zloDCt^K*lDITO!kzh-2-XNkyM&b!9WmiN)6`{-)E>SK1ZdQ&jvYlp45Mfcz8sC-!Q
zG*)l`Lt=3}sP1f`R-Ea_{6zdd#9s6*eon5C+kuf|<$#kgsMm2v5{d=v#;8|tYPe_a
ziRU{B70(mi;PKVjd?|FvddeBSi&qXLk%~WP#MyTz60NUQ|7CCUYq(**!=fH8(m8b8
zLT7rIKfCqb&<*q$y@9%DrT$vy1nQoLfTuCpOVpAru*HJ1xsR<tk?9=;rNg`+XQ>VS
zZ5`8#dqz2QlNP&m`}YCde0UR;m7I-N?b20mU96gGcD}I%Pa4_E)nN>GND3Rb@&G01
z!TlHnHmLZD%#pZGB&x>KzHiUF$MSs&WH;qEfA-Zo*}yqcTYd{BiwLrL6}EUCib(G#
zaE--eJQ>&)aPz0ojE~@h0P;!pl@(yoLvpD<*ecV!UUFRs&3G@f_ke%7YchCAF)t1N
z43!UKc=u+U8%su=XXVK;lX(1A-fz!}BJsI#O+!QsX}L(1+%C{r>$B_(azs&vO)4pJ
zC7Nlq21Z0N2bQr)<?3_Vm-tKYGCe<w^7DJyc}#%Tez{V61!Rsn#ER4Rx2>Z`%cmAK
zE<-=n+MrxrI_>=dzAU}<-9Ao3#Q~q!PB2ZFr(#*#7?1Z?rPk(al}|nV6T;GTA-}?8
z0g$zc6&(+P`k*hwi+pko+W_2S-C<ZYJFn2DVb$ed!a)513dQzQSzzbw3!Dmx_Oq75
z@8iVYj8n$K+N?%@G0QNIPBJ%!H<JyQ=RV80S-vu+%Tc$rZ*WIk+qh_DL7O!c49}+U
z^oR7!9r>>o0nKf5)|hORv=$H6@+n$}8%`15rxAd8lenJ+^umya3IlI-q#o)}_~i!{
z(nUOVVSWU4Z@S<%+MN|?XhqBN>VBL}xlzp9hx%@Ew*N~JC%0>ft;MtlLh^C)Ve~x!
z3b5x?Spyf?kLD&h-?S2%^Q*rx&3hMGm*Q}-qW=ov^nvx))PuE_W{&SOxk<rXm=eQV
z5DSp@3|de*yD&V908v;wVO>>r{f=QIL;}kzpgm$k<=<?~%ZCGveE`wOSATDpMAx|h
z2D_dN{1*7Rd(ngj^~!^SYf#0jQ7g=yZWKXl&6(qdJ|7(iM@yJ}wCD0A+u5p2CxTg^
zqrmD9L+ibsq&i<AEV10&(b@ONt}=)a(AaYU5p>a<96@e+-$Te`uzpO!<z)U|=+_s*
z>X)aoDgohe>DozOGrh!{;kc`oQ6*2rI2IeR`%;q~L;OtlWs*dCVh*(pJZ#_ZqF4L(
z-FK+s@4>#=&7t4^D@}Ybv<<XpwO0-8@lNDCL96rWqbTS6M8e_g<gUkhu{&Na|C&F+
zci0EE&(5s(`P}HVyouHQ1iAkydZuMF9^uEVxfR$*=a{4u`l~t<@$i>3jcKa#R5BaV
zUldXw@~iYr;q3l?CWKP%fVfH53U0T4hypzZx2f}jK2os#RjcgU=ZUi0Qz#k>R~mwY
zUb+6|!Rff%JOwfo*ZvBG;Jdw|R{XP`*HN0`IQ;$Q%&CS&%o=BpA&|OL+tS-!&-Al=
zG+XLC{KWE?*L{>TJ{;WkTnoa{7l%DkcWvnUy7Re}9OxjPPpCLz%d7l8Hvyj1i@c%Z
zvE&Y`mtX1${Obfab?giqy%|6La*!s5k&uD;5+wL4^fSxjGg=n-|9bIRfUuoR>ctU9
z6j?aTL6Mm4LFx+VeqskcjIn7J%bc!~!Ho?dxj!>38===>P098$e6VMZj?XhjxNj5T
zjIh;}NrxgR4Pqg6)VfEdfVD6Y`E+%A>%*TI0Lj|N{N1r|4j{MZ(@fRV@%CY;-(*b(
zKccAj=$UuwKuW{W9%aH>V&1|W5K||oSIPh5yipAd;2SCBfhef>!>9HOi+IHKLs)z`
zLjB3cG89<W=-s0EhHxjohw&`d$L0HJULltZIA>56>37&?FR6Pi)7O00hGs`VH9~{>
zR0(eY_a_lS^;9&4yU&voX~5%bn22g;WR1Wee{<Wg;RWH1!%vXpXaDZwv7{id`bmaQ
zARY6=g*`kV;;nSXF`>Yw>_y1qQ$k`=9Fzm3(|HdMBSBu>dm|QubouESOrgj6{S?9T
zbZOx+)bKH6_(xk`NSc8f%abYgbQYGhm-4}GhpA|E(+zduazF9&Oui^wVMW_FFn`r5
zV8-sLe%76Y-Ipejan&bh8m};g1IWSK2i1dX9$F@^57U}B*lW|+qCfC_4N0k|RE&T^
zWkFIkvtOFfV^cxwg}-~yKno`RY3JAIgK&60$db*U?pF=EcH$k~&U&Chleg}UH^u$q
zy><{zC11zs(a3OdNtD$5Z5J3FG1~KX6dvk0J#+PaU$x^^bep`z&O{AvIOpT)m}U8N
z!AFr6i-Us_qlO|wRceVEOBG9$SvPBh@PCE=P*q-zhaO#2>BGg%bh2V&UxBh(ZPa|P
zPc1Hd)ZAYpiN-5`f-6OJv4+;j?S;)-c+`Va!XF;}Ls0TL{~TTchl?Q+!%7j=*&?fW
z3=+a+4<z_D4roMyIoSS7{<QRg1N?ECJkLxE#op&LSpspi73>;2&lo{7rSG=tOKSTe
zKm{DO+PR_Koy(7_2?Z{S41*86z4n`Da(#M8@;TwN#@fHYdCz=gH<Mc1X!0sC`V748
z@}ccn|BDdp^G$GJSiR5PR*exF+G(f4KX~J#rX+zz=c-emQ0vKOgHKT2k1ylX1xFsL
zN5}@+t4)J9mpj)L6AbE<1q-unSq-1IYV0fm;LrT!F=u_wkp#4MR<%3g+3+`-uQ*OC
z`XI)yYc-oon%qJWrJ&ilZq5nJ#SU1vP+;tM;7!?UVm_{<ZiY#pBp(aNEq;C>2OnwA
zDv$mW6R*o2O$;F~f_}Da#WmU_`LmlcPoNTf<>N*z`+h<hDHWp@{&dhi7V|D!QxOvK
z#WBoT=^`%i8){q13x&BfhQTf=uRTNvLLq_C<p+SY{G$T!xA`AdaK^^6$$f7oYOpTJ
z*gawy*1_<p{pv473STLB%<7zg%?~`c@^hBZ)4rDzCve@;xliH_ycJ=IMf0q=hqZ?O
zdw!dFx5$vci{vRS8XOB7YF*`LD;g~Q4F>=o7{4jDpBuiBvixo<{&&v3#(aL*(q0TZ
z`=Hcy`AKKxfR*&RU7xqBqPsN|HusCrF#>IRyGWOKA>LTEGgP@os=YtHj=O(u=C^=j
zA&q&v8O`&+@_~lv3HLM4g7{?H&H7nw$OjJ6)eIvz*E5pdSS)z*ZrplV+d*4~P>-8U
zs|8<KPX{#mB)%`nH3-CuB_`7Sno=<=BDHWiZGfz=JzB!Hn=+p_<KA;`K1xz;4gt;v
z_G7IEfiZpWSF)c8KZVNRnoB%dec%y3b<7IzHMzMvwo*<#=0aTP{d*qaxc!HFxaL_r
zyODWJ<4m<#I^0JyoILA857EG9uGjmna55;TyC7vyz=zQx1>d$e8U1TkYOg|vF=>6f
zEIIRP`*xtA@XiMg9}>FCvNeY~2P?ZI=EOT6pTX(Ogih#0N}_5?$~La$!lWn;-~F)H
z$;8WfpRv7uY{%_wHKOz@_Kh=X*^hkBSyq+KTjmXK5MZZ%9vvKh!P0}pxN6tuk8*-{
zPyF^2PJW+0FogR)$rgGF5*#t{dE;{fvq-_V-`eKp-QBAJ4kvD;nn9;o?=xbs_*lF0
zvqHqfS_YX7y7)GlDSu<W%j*-HGrcYChw|$0pZjMfHG3#nP$I7)I1hXdXHEDBc&fnd
z5Q)vM?X3UYR0^HQyZLtPRqswc{~?3;sI_Ik=M5h&bCKLZ|H}-&-}d6k*W0Ue1v<0T
zk;i_cV#ZLto`26`Ocr~Ap_!N!$Z+|);fLqw@ia*gckiz_WltR0Ibg$#&KgKY`g3B7
z>tIWNKVIm8a?ZfUvLU(p(O}yhf%V+uoISALD_9@XZ#AInbFc0jbNCWop3Q6(cVKX%
zl0#|f#y{n)ovtptNGLd+PIZb#!SV5UqR90wF2;#y%e@rAA*PJ#wkx=bOR|5r=CcXj
z6Jo+Fc**x*zeAUki>=F^`F@1+h(#8U_L;YS>V0(AoLrq{d*10T%6bKGh3@lL#JoPs
z@Z2?0#QAl4UAOEu4F?BKFmFd9cxWdKHq0<CA6?8y^``L46()QxYmo7xTx$a6iW+e^
zmf>9=i=$^zHNoRxiYnFu&?@<XkM5u$62uc8u$I%n`|yiO^T}pHY7ay69DIK{TDBj7
z44APg=cfql=Do@Gg|@%BfknlJh0{alNVn_S%JYqNc?iawUh`O;*!^+<odS?r^_AJ-
zzy=ZCDjEl=SbTl<9}j$E(Trm?;a}0G>KObwK0}Va`Kd0VxWSfp^&W!TW~?t-`oVVZ
zh6$%Qr%T}NljzwslLXbYQa~4;?4SDMec0oRyui>is#7Uv@?ko`11(R0^FD*Av9_e_
zLm{V|KmOak*5w|kQHE3AE`>)LF+^t_4}i;lhg(QS`e&;y-DeFij23toxMop=guT^|
zDE!{|P!E^8Y;E?L+AnbERT*2^D7oj(+UoBb=fs;l<Qu#M&~ZN~XZ`>ZuL>QLV{0*o
zMlWCQ*in>20&gproHOogjz0EDjF89!Cmh@`LX`{6fG_9$0j!xm!SCcZj`dlP9=dH{
zw6ngy53fSP-h(d>P|$r8OLp#Tw-Li@Ij8hXJyED<7B%F%rTPu)at3fy{J7B+e~qj>
z0VvJM5mrCyL)Al(YZ+Z#X_QkDN{LebUU%@2*mvLWvs;zxHz;YW52x;<6pv@>z!~bp
zse#;%w5&snHVE#oGQRAm1!E`WWlPVyu`ojKyw^d8IV%2;DMZ0O#AkfZp5(#cN$~1b
z5hO%#cg?r0|4c9j_7{3XG74e#jlUmGc(Gi;%pUHEl0Q@{rcc4vC#Tcnb5Vk<IjCoQ
zm2MC;BZh-NY1I3<xYvg)f;WBI<0QU?_u&`CJcf=OF7^SY1BJe3!D>gu%Z!h}UgW7(
z!GJb;4Ca@x_blp+eiIuj!70BC-mi4N&|D~^8)yTlkCL{j=@Og@;|@tA(eqIWW}VKC
zK^urU(-)9su=$&G*S+>*yvb~i9ux|w&Y_t)ne2yl67uR&P2Jmk!3Eimzk-&WzcAVq
zhm%<8S4l=#R(cj20Bhg|5x(5u$H6V>yUaiF;dz!B`o0Cd@<D3=6HmwW8ftDtwo&lp
z;USK9t3nU{rS#b%r-CFf5|I1NMLSUR(@d5RREXAO{|yIVm%o_Y6K#A)y@^&GLfN|Z
zTYjEOgRQdNY72_`ic*Q?YTVTH)twglaGV=SdSPdM_g{&3=pgZTz9@%&@ueWXwnS?S
z&FM-kiVzDu`#SFXe%y-ZdmmMR`AZ*isgA$#Q_C@*><jbbEyRmXqoE1!<STb&duU$L
z^8#tbla$pb;O9Vq-)~MD=7~-$pW-<yu6QSVjm$Y+Bq7la^OxcvoK8{>`Z+DY$q7rm
zvDe*6w$`%lexT(AmaV*xOw+<(6RQsz-H~>bzPTh!7860;#{E#>q~;&^WmixH*juU>
ztp8$l^Uf!ZIg&-U2?+yLG2y8903Q2E-sA6=<ZwV3e-+Gdw?thJuKp7ghZU%=KvbUb
zxm1t76kZ>fl!0~hfqmYmo1W9DRBI&e#;Tl_qCOt=3nGkCfA3z`WfyWK{g<G3e_kmA
z3_VnU!pHbyIS+TU;O}Ck*U|@r`8@^do|AT;h6^t3gmqJutv$ip+%<GRnYyoeE@jvu
zp!Ui+Yof2;z%d)k`$g)i!Z&7)t_!Z|jjazqr?`7-B?+7L%Fo@`<F;pHqCleCRYxN1
zjTpEbsW5OTPss4cY=VpYWgM7NyKjzN>#w?HpdtG<vtzkiWX2+?!#xEH2y<b}J=C#|
zeU6~yiEq14{BH4;ECNz|)5&v%C-%tXy;M`Z152;VadJ<JP5DJaHz)?u+r@$}+grUb
z@5{H+ee_4kLO6%gu_Em~yoAJNa_!-^C)W);>TLd95=Q02bvt_b#3r2##+=74yg3Nb
z%9X#^lxTEH2dA4B%7UkR#0`7lN~A50y-t}=Y1e%Sx&gVr;rLjY;M+?UayUiv=j5wL
ztfTk$G6YI@&tLcF@vlH?C+y|^pWvS$lbe6I{Z7Gjij>`IsuwLxLuEa_vwi<rST$cJ
z+mbS`lVB!G_wBahLn(`bwCA`GxlTEsPRy6!vy1`~rZzej#}1`{FAkF!nb1&sRZS<o
z>y-G)Zv@5<{*EK}+v)nz<rcp&*WKQ`&hU_~mnTFnAooUEw12&`u9s58Y+3Z4ynw-n
zpD1UT>7E4PC@+ruCe+0C8SC9Ppu7)G_N}Lhx&7$R)m|U<zVbGA1npf?!*0KL5O4}9
zTcWETvYwl!mL*{qj^}X#A{*m@HJwTB^=Z+~jorUm7oOY`fd8M04^}c<d%#}DBP6s2
z{C?Qa>`C=k6k=2=+?PEz*#D4ROj1KT7!QBco@rHS2DtUMdgTWO6wO8o!M0**>_?^i
z-tFLh)9HcyeO`t3&rgA$kkR}p@!>N`lgCf|9%VSDxKH+!z^_D;WplQFqV)~21%dMn
z&29mou^YW_{9c72^y7n}V!OEkSaTm^Z@(2fcx=bx9d#pxLvlg6TlD|<&o&=U>3%oy
z-<Qc4_7LG}PvaLcg{<}@3;*F{Fj(ceNm|~3{ok}4f1xIwV|r`2!}i#YcoB*es=7Dp
zMDK*lC>khG?r+|bFI_%kDL^&{87T%s^5&&lz_!&?eAADFnWOB<GsCea<X9!)0;#{l
z_S?^jVlj3^JlZb?$6A)>vQprE@PRmE(YCHtdfITm#fApq#gBPfWxZc#G5vnh{GXW%
z9u&-NoBrOTpsz_(aHfIqGoF~*VSoM_*Cn^hODe%({~4AEzvquP{LA>4{D(t%50&-i
z=?s7GuNiuwVt+vrZr+~}Tpi5y{0j+)^mO^d*jO7@fM7xKtp4PPUgEL_o6na9e=EE_
z>z`eFn5lg{{oDsDNG<N>ezl&)X(QdNQ*Tcg*cyQ~FT#G?@_isE|3{FR!2u!Ohf9!T
z+>qjgMCL8PKGBXRn%&QjH};<pMwLLvKTieJrbaKgtAs>d(;IXvqm#-VVN4~!ybn7B
zf3+o9WN;xNctYZMcGIAvzF(TyJ-E|wyH;HEWYo_=Ilu(ChV)LWLf$wKA$P%*3pRK$
zSr>#uWTMibtH&Dh3ScLxLPte?=imD&vQxFC*f{+#WrnFJN>GT{t(p|KE<e{vgLqgX
zcz=c`r;hsd%ImN=0MugsC%wPNsACJ|K?m)2qj`0D;mdE7tGsQh{nl>o6p#oC6H~dg
zrq&@$Wb?j?_nWY<Dm_i02X?(2Ojv+#r4Wb77l7}j9tWOgufJxk<7vqJhx<VL)@zMw
z*VYh0r2oAbj};(wShj{rX_B_7@?<L9n`dqL<;{oDIkUSD*?F=OT^mxt*Q;ER_QuME
z=YG!s3Mjoqf1<Cqlrykoa1NDW?S#WGYygaF^uutP@|V}W&I83J=vQ?6^=WSy0HG}f
zNdzf6=oEec={A$oj0;=Scj9FB@Ug@OQcO2-tXsY2&LC<+J%y9TObF7SD}(gIF`vEs
z@T~;c+})N*jqL%p<7H6HuOEt++u^=n+KB3%h^s1gFV!kEP(pA)Jfi>hNn{e@eID^v
zo_BbCNQ;gaJbv$TJT5kxe^znS-e^JLl#`!2k{8=qqmn<piZwwxU#|14-RIvxdf4r7
z;_0INW?E#`kkt?%Sapnp5{jv}g*EsG4)Q*W6}%JeBzP*6LXH%x$e>dWFG)D8A4kDU
zPEJ5_fh&*mVy=rfXt_-cbj^A2sxX%$duq-m7Db$As3;Vl9%Sfy56`!NFZlIFi?-e)
z)Hka2wvh}l=mG8z4a<PR-xnIWHQ<E10;BrXNtfJy^#Q)d!(p7@IInByvClY%N7XI^
z1Z;pp-g~zqFXi`d7rPMZzZS;E5$hRblAXM!sP4&&_5INP3&48j=JHY1%fb;UW^ml2
zOazNiSm$Y=fFHF+k-3Hgxbk3WXHI;3!*=J+&PCa@AmpJ*Q2Eb&O_ZPnk{X%+do3Lt
zj7>t`%*;>$`UKHXb#4upvyeQavw2(S>gS>z+Kv0&{dLC29Z>|i7$0B8?utWu*0$r8
z4K)rl$9GckDA=)s;;q4vbq8ZNC;G#zXKy_V&y@Rqy5)y&_kM<w?)!%wW{dLg_TFwM
z5!&(2X97s*ES0}Zf4*YDmJP|_{14Eas&Ns(4B_6t7B^ElV69+8{nkjWYCj?Be1%TQ
zd$5%{jZUk6xJ#+{eqH0gc&iGl`SJd&2T0d`a6<T+&u7!%=;==)BZi4^>hN-UCp1XH
zf{S01soER~=<SfE&Bo$>u63l4b1t^!iOEWT!pdQhtkJT!eZl8^TwIWuCI#9!+53LX
zqA0t(UdLzB@u+K6&>ejrBk0t)b%vZ#%%(~aGpCW(w<(;I0<xf2@Aq6g$7YVOQPCOH
z!uiXal5gzGviJSLb<Z`ewEuPJP+@@*(<gWMS~nh|7j*<&K#t@uxtzx5rEs)WI=^lg
z?XuSrM9~I*15&-1D$2*1>?<N{{-Zbs!j$Ew4I>I7#o^PyS5e*vRSkR*%sc-~4VQth
z_)|3#8$Wu<NXl*BM&rpqYR|$i8lajVDV!_4iadI_U&rplOOeO@3Im6N{7dwsg)w|W
zOsJKx&$&57>y{4}@_f*wMnp&-6z7J>Gsw(@;`f8$wf=jo68n26XWwb<%evRH(t|gN
zm#g>&)hu%>TYt#u$)$$OS{;Xd^^X`<t#Amn4!;*M1FKxN<6YXPSRN&NYQb>1G{F%^
zg{DARoGMbjl;8Jj-|WrouTs;6btcX$gSz@W@~++98e&il_$VWH4r|q?Q*r6LrkO<X
zZhx*2MvOgkH8g|T!)B_A+dGBxWOy$07?uEwapm_QGDI%J8Om^#wZr#U9i{7#MVHT?
z6;%yn@r@1}r-Q?)?6d6Zap*%_(W#)H+-y%A!?>Plart+xG?Um8O*?k`@K=3^{24F?
z(n6(d21t*ub$PAPBUiyPfuD?EE2j^fF;L3CV-5g;#ttfTX`nQw8OoA0HO*z0!)Y~#
zBcxccU8}o&a8#Sni<ah-cileM`xhA5KnXTfp3LIao0~puqlV47BcDJ6W`6;iTwfY&
zq#r7~pegiVu4?M`idWv2i)Vk(#_g#DDBFl~lL18!1*#283+ccs%_2Wt<~bsGwQ*Mz
zuPJ&YEJRXHKdwEd{mUL7l_{s@=aoQ39Rpbr3Y`*qHGnmNdsQ#f<@lD1tA?y1o2&O+
zz4YdiX<jzO&+Ka26YCfK^V$FaltbMu9h{vnqZT#B^HbDlrR^RzL@zy@o+oc=s)V4X
zbL4E-FwWaDpNQ1z3pC^WSlr*){i0aT+*Ji71<s?$3qs)5JQI{tDzI7+g0<_s<@_4P
zo*-Z5bE(JX^_1!mYA8GZXt^XWR}RxEr{H&*eoyip#yQ{f!UJuC&oy5!VCER1Q4|d5
zxa0#&<YaNM>Lqt^6gL%Zn;r_NgNFW(VmO`XGp%`+{?a`X_*$!6$dUcS`c~2Rde*%`
z0u5hstvuG@DTcX-GBOZNqF#z^E<9ljh^zX^%<!VMS*+Cqt^{<p23!$@Ef3o?VFT0M
z5-Al{kq__ugmFBevk}paJqn62#l8rQyv+3IQ=i>!R@6SH)VO3<D`^0f+0{wJ+2%v;
zS>}6nmI*YLv@Qe>dhxNl2M&;WmY)f?X$1!2fEpTJM68gtx&C0<SoJQw6?gB_Ta^GJ
zMZ0{PrPhrLSn)?T+VhGNoC!hd;UaSU8BhH>ZoH<qixsc;fPQRz5JE5DY&=37xIB?)
zQL7zqF3<VNg$?}Qi^Hdr-|~mAstcfo9cl$nxuqZ47d7YAFn?>=TX0@O{R2l}7l|Eo
zn*9p5k5_=|$ChrVk&rgVsX#u!e5T*3!Njn_I&jhac<yeHV$byVVNb}z8Ia)|ONIDA
zEsHEWG!;AM8aHzTi!VrU+*M{l1cw60>jC2i_;j}iLNv{S5)ah0%Xx^zEiRQyP3*}w
zrj~Mjpl<yU<F5l?P3QB!oWZMHOC$Z~Vyw<nkPQ<17N+ZG>YBAKPlkmHDPbQUDU6+f
z7R`-jB^T=<;Cc5bq>99At5tJ#!}TD(1i3Qx`3^nE)z?@U+LW2R%O1$cc~<JJKGRXT
zD!2Lpd;4}$)ai*%N)b+{>skGY<d;s~{w`eaeY(;k+vf`^-${FB?8hT5xdAdv(=s05
zb(#(q-~N^$qV918IJ~0lBlI>+nU&5wKJZ?|TW+bh%G}do{B7yaZWH<smDb+A&X+|e
zD`V!a@AH>A6nfVklDl8LZ1Z&!uIy?N;R=2x%|K=1#LNOS&Fw=Khd*m80}}4<mr(b~
zcbwaq;*+BduRwoz-{C+I&xMZ<JmeFdzm}K{eo!ph1Hb!8HuJPb?KyJp9=(lvG)Lig
z&I;*3#@Z1GU%Al>3|7&I@5ar#l3*NMek@PfkeV(hb>$Q=kM_HEEHbzVnd9wAVm2wx
z00K0yh}8+15#T*!vhSR|SV}a!S{W~i1K#z%D}<6Ces)eZjm$S08l9i_(5YtNQg$@J
ziN%zAe<N6vp+aMH^1V=(DxDo+gS^QNZ{DOEfd5eYPQNd$p2G%~PGa-Co{Sk4|4&SK
zw|Irv$aqO<ZZ$It{!d<4C>{Nwj2}eD%dfWAl!#Wu%~67={WRqVvRNi)55q0Hew+wP
z7QccT0wu#7Z3gG@c$9LMS|?qk0kE;2$E_RC?7j;N(JKj)PfwSVT(x-Kl08IG-o@$O
zb?9>2Rvgp(ip=<<wVOpZ><WJm67x_@Pkc@+Ft&Nzkt!<(w|hgdMGyPwjG!jwuWs<)
zj^|KMZPU`Cy-OF~-i%@1?|=a>xC<TV9mKxbquSk|S(}6RKY?ywpU-GYZ$3zUyu;u2
z#Z6ZZU!^=*;gJ~zs`w>Q?KvKRi*xAjYXU7@;Ol!Pdt)ys2CMvHo8RwvHHh;xQ&8H;
zV8q$X)XQKl`vUomZ{}yeihHHOf9KKVT<?XOlPbOrDI4fw8ymk5RCC^5-}(LL10ttM
z#~5QwJctB3@_4nX9p*;iLlZ}QJ`9!$pD*z|<2Ml2^Emwmm-kpb{+viNuW*-x<psjo
z`zzp7lV2w&Jyu|pjYs}@eCSFT3U}<(IEd#KN9K}?NoP2crW}a$B0R4(<MKyY1ik3}
zym?NnB67<T)Oh1#>8xdX`r7Sp>mVrAXw|_W`D1AsM}g64+2hF`lz0D3RwqBKtlM6|
z@gV?I4z8>1dpF1q{Gsn&!3RVPcRa3MWXjLLJ=F>=5AUghxGMUdN4bLd`}c}Ernq$4
z`%iS!NdfJRQ`$Z~+di^YsB~v;usj)}!gj-^TEo=l!)H69?nESAx2KEi@5)jCO%!k~
zA0|lntO>q<3arCVPQznM=oh2K{#AJoX<!?~;n0Tjgfk`Fr+F&2Nz`QTM0^ed>IU1>
zw(k#D3Z#s(2*U(KY)Gr}R-yKWNvB^vP4|@dn-eq2TRrgXy<*@$@fy$WK7>x6oMoTO
z4Y1lT8)Us(&D@=j(|~~tuC<mtrm#hPv-RQ;a$bXPbJ+vql+I%SMu1M-U6Vx0*vC&s
z%C#Mnd9vU()?8?D9MzPv0Ed_8{-M$Dk)^-a7vjckSK1Pv;&D95;#;i*D1$(%nX+`L
zQ&G=8CX5JW=ELC@k(9jBEp@A}axT>z$mDyJda3(BY)BAA_aODPylO7&OWhl{hB_Om
z7j*%mZzlQ$R7f&T4miN{er(yLR~f1z{4?W=bU47?QP_DT3Vo(D8Pl>X?>?Y?AptY^
z2Rr#=vfl3dK*wt&EQ3sVCGL0k0mrRlZpOFn6PSbv<|+HJ<$fz4gjyTPJ&Y#fFY~)G
zZ%<JS2*DSRUc1dNCDUBtWDs)jG>*+>z1pTqE>=+QiwPMHzZR_EB6K@IOnWjs7HjbP
zP!ifQ{Ice<46DTINzu1b{%M&FMZT2641u{TSoWulS?ZYKj_@96^mQqmP4vsj``bo5
zsgMZ>PEC7|Ply6?{Ip-}lRv+KG$A{Vw`ai${X?P>dfEs9YWnI$RDC^skJt}iA)CQ3
zo5o87@UjUF%g&g#edb~)*@P{b_!5RBNIxg0hh7n#?2`)zJP{cKZH=q9(fR%rr$wF9
z*r$718CC^0Lz5U{T+Kv<KLQ!ba<Se!_JekYUoU2$p^5_F322A^#+#_YdYJ^oGh=N3
zLiJ!RUC<%*wf<%0x_*Ul%ieGhV>pZp&{8^6oW4U%XwyGV3FOU`5B`i6g=1Y43*N?z
z6u<7tI~!%FP1M}oqA6|6TOHB}$ipU{D1GNSr<2rO_FTb5VtC>na6qD?pPdST<PYOs
zuL2{Qzw3`~J}vX3XbT9O!N;7*u8`mo;g3#DCtLfP`!SBy`Pk6a9__1gVlKZjg7lHo
z<a>qJI$g8JmrP7vi<0!V_|*+wneB;K(ptLP@;vcAq=ehkut#Vh?3>~)M)v`bCORO<
z<|BQu9mL6E!resSngugM$c|CB<-Yb@x?A3R=@$Y_)PmnhSG6aG_>KJG`r^YNTvWJe
zU)+~rMo>dtYIP4<%5)_h7+arRs98Dq+?pR-r{*3;<h5mczxXcMJA?}9NZO|nUQnd&
zr~>U@JT&rjV{Ry}(@#o?k7)O8pRY!Yq-s2GMe2R`(t}`aX#%96NZoYr`dGFz%#gC#
z{4>1_JG|oKn@;wE$3XB*hclkgj!M;}7Pb#3aNv{s0Ko}74K>K`lorrsEAr>^o7)nm
zT=5jflxEaOZ<HUALsEA?F=(}1MSc6|cTAbXPx`ahg$^4B1z!{PuD|^fPZ89pc;Mj<
zBW95}&1c9zD)+q=@t$d)eCOs2Po8hf)rQ5*?ehnVQDND<ng1DquS+*^(kYSmW&Zad
zJju1G#|3T0b86lp#r|%}@Ntl_kJ!)X5CH}4Vna{EoD`Vjc~1ak=Dn<s><_r8_(Bs?
z9=sJUV%mV5PTJlw$ueJJKZX=QF)ZdBuZkdXx6zj%ns5=c&r2FRwg`_9D~OcnbzCh9
ziWuapJ`dO~;9XtjSG3fw4jH(!nJE{?ft`%?8Gb}3S@T}F1SVh~3bz^x9-m?b@4w;A
zj-fp8O##F_O*$Nh&}W~XLx5CDq^b`*!OPp~QL)(gi@Y$;5{YsWjnGg(GXWx*t(QeB
zob7FD6~i!A1?sxp$9Z8T>aatSmL}wG)x)&M%z+E}@CrwF?FD1P`OM8Ldory-9cgis
zFN6T+*Ov-f4%fS18LmXs8=**i98bwJk{4xl1_+kSmHCB|wuBU~@Yr_7-v2M{p7XMm
z!GY&iP-nPdsafuG4SMmbpY1=hVC1%_jF_cyju;~Xg*6AN+l`h-af8}zJTXGG%6!Ln
z8F}!y?uN|6Pk&T~ELmZ{!4#M6H?Q9=%ROban0fs}-tTqsC;KaS-u*qIS4h}31q%dS
zEk5tq^QAq+O~nV)va5gQ!&iEklAHO<0nRw*hmATd;Tk`4K%U~Fhe{tu(xb*|d$uh%
z{bVT`X;gidzQ14l>wqA8PV40M!sQbepIU1HvUM~=NoS@a*ZcMG9xmk`3tJY;`}Ox;
z)P{*65&n7*c=ogxdyWMQB|_&?zq-x^Ms2uNhh!5dV)E>HH~%aRLz2#)Gk`aiaghMo
zpy#8^i7brIzR@-xjw0afzv~-KYup#|B-t2BQ9(bhJNPK2$)#Q@#ma%cK<4xzisR&W
z(ogaws7{$j$Ih~+KdOzl$BVnDKhNK-gqzHfIX_80d*xA2I8f~KDEvL>-$2_fi~DNn
zOJnv=aL1upM}dzPo@wg)BLP4dsH(S4+X`6X-CHHbf_tkj%*r>SplG51>4Ww8{8diu
z^*bPh!S+S@Q$b)7538Zr88&%qjBQVgnu;&h`X-B4=N;#7P(sfl*>XY&<K{c!=sh<_
ziP_rVe4}IX1W-;&n<88TE=1XYSopZAAb9=M&+S#09q;Jjz7tlYB0Xe`;;fGR-d^d6
z4rQ{dOf)V3((Z<WbWihc&aZ@4<gdDprFxalXU!5UJ(Tt%WL~=_Hrh6iPEt-i%n3oi
zfbfnst7*kcbl_e!tp6K%gZ1a#uIRr8zW?3F1OBs*8vyvs>vr>R2K^-atPLEUU9Jpa
zr#B;v1{gA*{ZOu2tqcHp|LHe_<@lQN4!6|z&KY>Y%kMBixoO_nZp3ux-i?PvXcD3|
z1)SA1E7i1@tuM6`8ef!?@;oEv!=4D^pV-d70?HmSpRZ2;iw;;DA)Q=jhO*v|M(-UC
z-;Er!lP0<z@Jl5nh~LS6szp<ZjQBhn+QI%Z=Rr{8HIX<p@AZvej^y_Z*qa1bi*uHu
z7eB2`Skr#=aBBH*d3VkhAE@$6>euOfPip5_UC&zKG)ZNuoBMHTrLx<ofXkJS6Kd!b
zG!pM4pWxhny1_RBb+u>IKxD8$A^-RO<XV2a+^l-$oi8@BkP+Svx4uA&()*?`e&ig5
z2OuZl|Kc<9Gm))3U|`bek_;*-@ca?TOq)UB)}YVhX3}qR3OA6P%_gErX*;Y>paO8w
zgmPa%9uNAecty*2$H@HneE0op#-7kCl70xJAo789addzEk)WV&iD%BwTB6l^wLS~G
zRpiJfU;I(oAg{jkk=6wyiUDF<ZDc2=Y`OA}0vxfPREz$Uv)UD~(?VfSH1i<~UWL9w
zHvP`oJ!dj1Z{8{Ka>gqp=WuT06~ZMygh6hUx4d8%hEWu5V9faWwuP0`va0f-S*djT
zRKdd`bT?m0<Z91nsZ~#Z@56;7+;Fw^uQ|)2+)4Si{wT2;7S!jWyOt>*dwmnoyH4aI
zC&V|^OkWC=@$A%zB8PYq57-ZC3fCR*os8%#YF2T2`BTkf%@YA_QoPpF1wxiL5A*+w
zMJ*;=gaZ-r%HqB@&#a-9T?XOkPBxNA==||Fp^|4q*uP@xkB{OMMvwLZ-;*#p`otOu
z*&k1v%ZnK|eoWZgQMUQ>cfNQNzQv|hU@&icWNyXZ1ZR&5K4$nx?eEHyuM#TMHPrjy
zGvK@#f?g=ZmW{>N?wH>A#tCDMlY#e(d(9Qm;U-2~8#%jGdK82~FqyZwN8rULyg}Y8
zp~Bkl>8JNeL8jk7i4p=oLsPouJ{G}x;=tC-4fjo`v5|ihu8tk$AF@|4sQ$EC%Ypm~
zP@ptm#bv_*8a1!-0$4XC^?hlvk6$!!8w4Ov%)7Q~XM4cyf>s_u@!<Wv>Xc=|FxR;B
z0yX=VW~-lWeM#9&4)c}m=2n5;QN%>;Fh8`t+o-&#t&GOQfP<b(6l=I9PF~4E@$sKa
z8D7D4=-G`RL2pb@W}*20T(jZ(H5n-JC&=$(Cxa%{Qgn7~iAXuH?<8T9DDm!IA;CE<
z!zD4Q+p)g)BlW0N`LFWy?ch+@jzUr1S!CTuDlYx{>8X!5caH4<Z>?Z1G!SDy14t?^
zGls<mAz+s&W!*2<=l*r~ya0GlnX@@=23h(##WCakqzNRTgMIgb=%sr1ndwS9Dlheh
z3%0vpCwh1!1SZX3|AqJm*kHMhDCBHsh*CsVz<ZTZ!%odgVurN`?rw6RqVZlFQ^WxI
z@0<t%-MDM}V7gj-E@b0yx{KO6ENgu_J|UtH$q&Q}@ol89p{qA?NsX5SU9gi?S-G({
zqriD|Oz|q7^Ek8^dr}kkxe(^aG;)^|Pyk)Z6Tb|_A1&u{BhLy)AB{2$hv?fv<<Er{
zFg2;=y{uqZ13~S(j*8+Mcni3LfH1Dl_gB-lA=-==_tXE33Jxwi#2vPcbU4!Nn__BR
zc;9R*ikRE<Fn-N3zXj1^gWza{B%ohR+W!f1ocs8^k~SwmU2dA++<lkmQPSfuXdgji
zt>{gr{jzUV_Ko9J&3i{{WB}z)P-H3kA&<F6s!B1z(1OtV>S;lB2nV4`4pxC-`8nMF
z4;F3m)bKR*1tCv^^JIEe`@_6NjMIVs@#5p&evdNib*<q)u*?Ei4s!R58LEuPAx%?n
ziVJt$0Hif9Ircm-*E)UE;upvr{F3x5$Ts_n1r6wU)%5my-XlLux_#?73Cdlum<WL#
zIDXOUjsU18zL5w=AGdl|B6qC!c@1C1@2e56rA^5*;dLT$Z>&yq1NJz<onwaj<F_;-
zCHH{(Py3Ma&bP@CUxoUGgjw|IrChn7TIj})Pxczq&#ucXvf6hSJI`Q}Wp~iWc_&go
za<#yQva?d*9S~eIKAfb-AGWNuzeiP@q@(S3zwrXpi8X)B-}1$m3nm|?<T&JWc<Rr4
z!xRW5Qqg^C%)_IwTpR4_xYHiD%E$OEhn35j?KccPT)|?L0w4kashxWQJUk93N=LPc
z6?4Dbhcrp9G#Vah5!dEe#Y=DqTKEvG{K4G}`(~KBcaZgBEtnHT^;->GZ$id9$>cEA
zApr$9<H}*EC{eT9Tuk?pf;U8P)^0`KKv^i<n=ugAgRSdHhibkR`~Hz2!@GDBd-fuR
zrfXjWc*Y<uizewHF@kFD@m+6wVFWYgpd^Dl($6)dN#+87YZsJ5*Z{l>l+T1m?m_@~
z-+yC+anLva?)~10H-3Ovpp$rrO1iuwj424@p1FYO8eWegJV^OXNFn>FFXdqXT-!rm
zEuYP|80h@#VRV%QNd|8^!OX~ebU*0k8EKJ^Nkg`*e|g2-@f4tydYrU<n(#7w#o4ef
zVOxZrde`5xWrH{$Mb!NM{rQe;`YtkkX??aa|N6m30q0biAE2$>7)SycCP}}S7-193
zVvHov2L9Yk_=1<6XM7h8;7d+Hk?2>Dc%ypFZ&}4GKjO-sP<@&dGa%^iDD3l<Zd!}_
zfgCUJDp1L_Z^C?c*7UL-)*oS0UY0NWSb3uh%9M$6=Pm4E*G<of1K=1fM;p+Rd#Sq^
z%0y|EMTmS9ntRe43I}#u<{R9VHco!?!}aTgFWu>Vtu&*z6GHN`@Z-7s`CsCA{w?kW
zI^(C+Ui|Ne#ZvWF3_p3_e=xCI9}Kytt2urDQ;!MMjBit0PN)Wy3DYnOUND3Z^WV*q
z%d>3{xiO5=9!u^*E<|Y8lhmGbT*L5i8&5fxSTLfSu6Ew*YJ0-#&VhFhX4UhfaoEQI
z1*SnrX26lRORm0b$ah^oIKnzlrQU|7bV#*YU+l}z1jFZ5y{&ytu)B|rcw3aJjx6r>
zBBLH7;@3X26g4q|h3F>Z&L8fb`L)Bqek!}iw;5`Y-D~q%j@XLiRzMJqZQanrSwKaI
z`v#IUu@Db%?>*UsHvlxK<*1z6eKFgUd-6|NzAI${GNKJg^@?IzDtjpwqxr(pW4Px%
z<FCgT)$r*Dr1qoFHz1zSI`iPk<5^q4Q4#kkF2?NT`@Pily`gyByK8T^j&F8<gIHz$
z&NKriu;r0fj!koKLRb)1*U<(kp0m9^U!V<32@L0tP|(ZIy1Ma?8||?Yh#c49U4-qu
z?ySyDweuQrNZl3rZ1JfRWV`_KiR?Sz>f_mm&%-|!m+^4S!Hkb-cDOr^kD~fr=t(Dy
zy^#G{9|3m_LMbgw@zf95Oi>PvFEc2nbB>gGg#Mntry)qQ#0`{=Pwj*y=Z?@gyN~p4
zZz4{R6|YY!#ORjut%>b;Ushgw)<^ubE1XnxHg-1DPrpgpt#Lb)odd3%ZKF{*tINLT
zJX*>4BsPmQH9N~sP(VmOVC*Y8gPZqtr&>``%{W;08wrc(dA={AV41csuK_uqSUvw5
ztMA8hPxm=a(z*p5Ee@6i9U-16ijL2rqaK0F`P}oPaH)$B`F9P0{q0JWWs*~9!nVf+
zOGS71CMsv13+jAr^AB?xm*?NqE#~X5y1oybGf9Rk6B2Vf_dlyywC$jv+#4#-!gy5*
zC1vnDHP;3fyS7iv+oV7|Fba*~j(4ds{15OIa@$i=?Kr<S(^@y>e93MX*sYP#Iog=V
zecdEV4<Dr!bIYM6zPE7vZgBjzf?U*g79(KhK*{$GOrw;;&q}B>&>mC{cC)l!&rCjK
ze{C`8b^Dy}c*Z^Jxr5%IlYcELksIi0HV@0jBDJZ@s1m)W;#H_psF-;Ql=l{zPcNi(
zfHy0>)j*8kX#vjc7+RvZ{f_;x&KDV4SXWKt%=y<6dE?KJ#FN5@=U9&eL@qRxW{_nn
zKS;Fkq3YN46!uqUCSDA@Vli_LiE9h*hq(5`=L65#80m%r8k;nKUqTA`$0&(=aWH?r
z4ok}L-0Tp0RKp@PqsF<~ydSr~C}dta`HuU<=%MdDgkRrwl6HJ4frsuOyMHmIuPlQF
zV-A{Yh26XE73JmU<8juJaBZU)Yb!y$$lF^Xq(-DxPSt4jfj9Cw>Dk1-!%*Dy1kJDO
zE}p4m-;?{z(cup_=l9FH%j}Z69WB(NiY+IK+S|5Em~oyC8l1{-&f%YxOzYM-k|;#`
zEzy-A91G5ICp4}?t5t!kAR%BQZ+nG{INbQK$zjC`r3!9VdfA&$`GoLZ^ys1|$Gw|~
z&$qNn0yzy1w-);VoBn)nhcGvH-74`T6dc&>7S->`gWcjO1(ovJSI`|ekWk8JlKINV
zGZev*lR=;{>R`sit+G{}x7Ypj>c?9<J)Qui>51?Ne#^d8?pNi-?CVYs>!0XI(8J>i
zjnbhON`}un;WDmIVy)k-;a20_hyE2I7h4be9B{pm^LK|uNr}_qX>WrrM|rv_iGyWR
zgso{J*F-bFN;2`OdHSuX#yL_|h3iA9GWrstt6;h*<l;n-sj@G`;9b-6_BiSChyt<^
zl#vRk6}35hEU$@PBA>Xn>Qz`=Z3Cspn4hGVvWJxwiOXiD7K}%w2aGp*6gNB6+^u~*
z^s7pqu-6u3pmctrf@~g%FH0VaH>+pEs)c&c$|$SK=}KJ0bMcF#jUeyND@8hZ<QPRK
zOxOQtm%}c9Bwia-6q##uWnVFa7*3!^@&Qc!82b7lygbHsqICPPtyT_+qH;SXV=*<o
z^OC6c`-}I{cjemo0l;I=G{%+QXCckTiGi%_ib;Rtt=zqU#Nd2Ds=SP}x|EBaEBj(#
zv=6>KLif8Oj%&lCTkTnKXfhCX>?>g3W~gksa&Upw$+>w~qW>W6Y?Z%0RBxj%4siLR
zHZ%q%7p?2fCFIb5rX*Z~P#?|WQ~VWm?Yrf$)8@BTdB~FNAQLIRG9}dy;%<G&y1Sf@
z!2PJy2^d>c`;kK^KHLO12gNF7agtlg|7opRovE>JwE);SwU7^q=i5wu=rjAAJ>L=b
zuT4%5BAD_hU<+YR%JFmM?cgx7I*Rqf$33kg@_@&=yveK%2Vv+%uNg_+lkh6uJV^+~
z=mfxg@#ym2wb$z4C@?is6Xy=2QBhuSJ_j`j58^xdQYfb2BcWjDOkKmd+~a0L(I6Z%
zcq!8_AI43&|As<;*=@gjf7>f>)e>+5&}Dscy>9OuMhZ<%Sv&Q5pM|IH;Ja|S*u({z
zK3`usOp|ek(x3i`BLd)A*l|7GX9ble3G58K!|~8(^Ph1i4?-6}t!2xxPBoEzN#6^p
zJ9~M^`DGITuE24tE1~!HViyoFC**hqR+P^D@HczTz9ifL!30i=-d_814)yPuy1i&p
z_7cqy{-g=mzzv3BweEB4Y|RvovM*DYusj^^w^!i3Em#A(@9PDMUe6+$k71g$xhe9(
z3nBm+W&a^UClVS9Yi^n)c}#&et2d~xKq)0Gsdy_-K$2vZWV|S_cegVFgy_iC=qCi+
zUVoQ<6~5S5oF3OK#VD0umL5yj<RtrJ9+Za2-MZ^*EEm+9io>(md*VrP0WzyQ-R@p#
zMH5CL@8AB&g5JJ|L+x?$7wEWc4m799pWwbARJx>itJ0$CXnuK04yhkMJI_LIzfPBl
zuiG=}qcMi^axF}JZ3m$16nUF9KO7OFvECuxGk=MI#WsXShBpL$5u2g(LSeVqP(gJ&
z(bw1v=EKEQdg~w`{zUuiNBILnJRR+}+LPQbFsvpLZvFS@-Ua`l)qp%5pe{w*Suj!%
z$)Nu%I`*=dJXiY){E}hmydn}RgA;&v1*=~@Jp<G<o6RzJ@AICprQvQ?C+@?ePT<bI
z)aT#n=2z}rbIRlPbv(MUkam`mVlEIjhyp1rxMbBi=LlmODcM$WMdVWa?KE3ufJf1u
zxYzPa_ou;&_Q0M}Q4N5FOzgIV7f|-8=Uxs9)S9Epx$vx?O-fqx3wtbS!4G&8rF5WB
z-6%r^^}WwSW?@k<E|Rvd2*(@Wzz0BqN$Pes!bi2RCE^TVs|PH>_su?1Ib6CsE+s$m
z?IY)Ce7`}U0Wb4cQGs3A+1(e{xAcqBh7>A|y5mZS^CgFcp$gSjm5GZ#tv7)x&x|{@
z@_G8ejp~UZ;g%kKil83o-YW8C-op7jov~N+3wVryvC$m;*WG??2C~lM`ee}ndnUkI
zJMqjtkEiRQ9}oDj?Nx;RZfhpyt?XT_Pdd4ITdPNA%&L2vMrC|}7Wb=xes6Q$D_jm@
zS9Cv2T%XK0hzBzkok&skr-(fI9l}1ORw1=w4~Y`3Rr%s(8m07o+-u*&d8Dv(<B{jX
zEY(S#xMO1I{CLYe*F**!3lsxBp^vGW7_pxU2$kZGfh-r?f|#-bIVyU;s&Re+(b3j>
z>j=%ITP0Oll$g;4E)aT>Jn!FzR+#pb%<Xz6g7b+{c@@e%vrTavM5ynU4KNv8M>zA1
zfvU{K{bjGM?|!jS)}zPzi_You(!5J1XuYR!a)!Yj@j{bQCkD`MpHRJ*MxBb9awN-a
zWARs7-#UpT=4a@MZI%!`-4ibue1+|6)4YA>BYq<zALs37TpItS?;2XnSa|z=&{ml9
zEcMZSz`kXB*zNVl)eGgnugv}>FI~vJ+J}sGw_>F3Budf^7VD>LJI=?J4<k@*PPYQG
zt+z941cy`kd6dHNbGe&sh%+N94#%A0@C9gz_%$i%o?&u*pFZhB85QQkC38@tHks1V
zbolX-QIhW>ZDr^y*{2c<v@2*oM{Wb>yz2&4BAMi4*Ek(iLy*;Pln;SQ$#aC{{&YhT
z8k)@Qd!1P9$nvn=%l7*x`_R)h;hi@<r5vyq)G5TfVLlJ)`&vz}lg;t-flZ^I$v%!x
zKDs~w8ZUtuThV=!MJk6-1i+)*xox1EeVO$}s1xV>mc6qPjo*EZ>EnMSo!OS6%o2rP
ziBaHEM3g}U8RZUS5EPJkc>3N{uT$&%)oP&vnHd?e<J;odUn)fA;%Giks?1&5u>F&5
zm>)wil>)1Tdf^U>=6P`0>CEk&#<CiBPwshg;o^C2BGOt26Gs3e84@`iP3C5nKWA>+
zQ#BVB?<4X?hbto%7gl*9=(2u(k7U!7?Dtcc=60CT{blKEiw2r=eB~;yerS4hA9XN(
zGr%jthklK!ZfYs(2;Ep?9!6Dl*<V24cy;f=lz&XGq8{-2vbpef**V|CBiKtpvz|tP
zf4}qRHvz>twQSV<k4^xgfU2ZNUy#tfu%6CMjeea&QIEYoH8=n3W@LIryCp86o1Rl~
z%wRQBGd<LSte67}qjviBrsC4o`&^I8&&zb3w`qP8g+nvh5FXPXdu`h(WA(7QAN7N(
zh*F=wq3zE4z{qtv-OtJc03f7D0mBCVG+f^0;VGn_=R>Uav#Qp=CZ+e2xL?Tdvy#R!
z;o+nkP>ZjfhvSgyU%1hn2kjld1lTP{OPhV4mU=bhlNCY#%~!IHN{&EJU!W<JdlFP5
zWa&5@_Hg6VTh)HML{sdKeRdR$^~)7j=}D4x5jP}yD^pePWbbNaCR7Ikakhd!OUz0l
zO!j&&VpplFnbQc1*yH!|=Ln<d)Dh2XWj=o|uk7>S3|tk$J0oo=0+A%0E#H(H7#YZ>
zYu>)dJ@_<i{G9Fl1fao@I0t|3n!0dP97yReNjoaBH8H8TJjsxGH?Q=Fjx(~R=>+EF
zeQXpG6Ms!`a(<!r$XxdjbD(53pjYsv=$ZXKrv~gEcI~wr5q8LB`GC{z*=Q3lvmrWr
zL_aV3=KWXa15lnG{RNJ@b0<NUSlAyllU^pxU1oFs*$v!W_vqPTU@?I7>A2i@p_<>G
zybOfz=izmIU-p1D!}pL~RuPZtGe|a#dEj(PB|JSVZ(qLIa9@0{p8Kt0Drpavr|&n@
zRY|gt#xq}qhdQQ+j+2Kj6!ACDr5AYncF#IpiBIme`>PX}kB+o){o$Vf>tR^ld2+NS
z96<Z|<5mf0Bde4c{s)(R3-r$0X_Oms?-PZ3v7=%8IDdz%X&I*1j<#^5ES1rECYAdi
z^#&(N*6!-eX>V>{jDF+5k4f*{yY}*(OR>P*pAgC;z7zIT@GS96OKh>T_jm}Ez)FB|
zvR}(V><y6j?iV9Nb64i+H|_JjxOYWe1bhs@GU?;liVwaK-b%MfmM2#6Y_6y-=e|D`
zHNTQmAg{|2w+g3aLy0)qSG*Th0O)#mi$^55qr9JRxMx_GbI(+8wPI5Bq@C0LAanrh
zEZk*&7+SW6PoP779_DX>#i5xuetWqHOPrRR{gs1O5nf_b!ZHD6|62w-YxV7TktM3{
zI5QFFSCb7fL`(Xlty|Vj*78w!vya=idokF`i*1HgUN+p>_kS{^0f#F*u!)BLJ<q3D
zJyFNXt4?3a`f}^rGLf0)M^5sL`dmV}a(1%Z^1R9oAZ!oVOZkz3k9|zb>_E6OwI7M{
z{+Oodj_}RYMcs;cyz*!ta|y1ge7=DM%;B`k(bLLW)66L#srh{gl9{xv^;2~^=AY`r
zycIh*%-OZG1oj6q;l)iY$z6nu*q0#_Dy97%c|oV6U!b4_S9MURUMhm_#&IwY0f_ND
zr$^wo039>wDimMIn$9M5yKuzi2g7+7JU)H(CegjwAUn~RAW=3(OzvmtQQj|$Hg6|A
z@5}m$E)r)p?sT`6=X(rWql+c~f;a@ON+_Z<O30jM{c{Oh3+>@Opx^6W$gW?>3w%XY
zN^6NHTjERG0+a211#=MWvs~<7Ua?X=4?LYoG2GO$L#$4OeEX*8xw;Xp=Bep}7YxID
zvVpVD$)ubK2wO!(O+sMbC^S~CAXpEyn(PW`?Cn~{3~7V*lMC8EKgMr=qa%H|?`x?&
z@R)^v`#x+6jv$%!aQ+5xPT=0A3<lumE1~il=99Va++;)o7$*CRfq=_{_0q{oqPgxC
z)>rRt9n1Cp*E;eo8dM#~z~5#RMm~!tf!2P4siRvTOKgVZZ+z6=@<M0}Dp%F<?-Y-i
zVD@l=MP)KQB3F2@PUJW1FX*xnIoEo3r_&;`KEIh384oE@y&~;vR^bO9yf|lQrPpE!
z@s`%zQH#SiSWa$1uOJYmm$0IujDC8S6<8EBjl!ZhCMUvyb9?vY1%yTQ4z(Hn#s)BH
zrOuRM1|YuS@fo!Y=_X*i?Y&dZIynakN=lT<?-ZRWxjF`QOI{6;&zh~@6Yo}x+^7h{
zaFTG;j#^?Jz<}y;f-40cS4pk_CcQR))s(DX(745UKmUk9<X7``4l!n!3-LC~cR`aR
zdg>MhRJZ*mOd-UrXwT$Hrbn_>EPuYb5{EtU1b$0d2Y{SXKjsN?;N`8K?l0$h+)smi
zZ3wPYpy#t+7sg74QBzq5BbrN3tpg>_i6;?<>`OO*PtYBv5J1T%VFX5-1$;p~G^Dfr
z?$;M1NyeIgN-X3L95`EsKDhGtqV|@3y;ABQwuLF?ELj9X8;@Y^5sx<?51hMozvGD$
z*rK=vpeJ}Rt@j%^q%OW-m!96^z78$t^5`>tA2^f|XOA*bqY&L&<ETcuryn-yCP%O4
zdV@DYSmq5{5_!Xc&nO8@Li1sZmth#)81%R3b8q_Z%U_6MXZwqWwEF4!ZO-FxJX43T
zv2_{S`9u5DUU#iKT+&DHm)hO1>TR_b)<%zGgsgkiT^q6LozF@S?ZzhhtK&vvlY~u{
zUZ2vR-SE$}uG|XS4XO^Bi)~4e?nU(>GWF*Z)^pbO_0EW9(N_XWLYb90+MabJgOjei
zE)&MDOd3+?hwcMLc6eQx9BdT15_y?4wwhp60|hX&6*d62@4my*D5uot?jJ=GY_{fk
zc~i@EpGC10!(8*;{IP!C+F`O|Q$e>kcSi1#-a{cKqr*7>`B>%lXp}H-&nr>v*Qq_m
z09-8YuWX&(K0<^{1`MDx4nrczAb#%9^63+D(mad#8=4UL5{V#Bb44<c&`y48a9^IU
z!;?RJ59}A|6vsJxA?x^3E4Xq}#)Ghu6cMcH3wJwqJ94Pf+T#rfK}$cTpX=S)Ln0GX
zw1Zy6gK~-*%J4_*a!U+Nks?0A<=);U=Z(f~If;numQ3&$(A4gCEQ-oKU!>-EyFoB4
ztViR>aEzo5Wy0~_LsA!epq-&9n`0Vw59set|JcFh4E}(fu%IcZ!<(Q&oQ3z7P@%t)
z=RGK=UjiCeY3Ba7+x?pCzTN;0^~-|^o?NHJHxAeH`&U2gT_>aG+La}s@n|v&0#ToT
z_3NA3hoOBn+u^jpOSIGzc5w5EGz{T_r^Hi+=~c|y-nTAA_}Lo3EFz%yX*8X-0^md$
z_>gJM_3)ZGPG>%?0gGFr!VfyO68wy+o4?u!hOqo#joX6%^7}>OKJQ!fI;kOkFUV#j
z2vbGAo2zY%niKtT;O-gZ2;XJVw`s(i^7P|=IzK=VXtL}g-cZvGXIq2I%kTc8?za9`
zAB)~!(yJnw&P3X4+1aX0Ka&GlQvJSipV44>dhFlpSaQ)I%dmhuew#g@v*Tln|2(ol
zV4>J5UP$TgpOrFJDJ#-g$|~g64wC*bb8z$K=>*8hCWP=1NdJ)D?SrAna6k%u&?p`0
zyBOUMeN5e?T&j(2bLA<XTzkp$-|4h}9TlE4J~)+;G^Xcs5QJ&O9fOuitW!M6f2pYw
zO+?8lJ=(f1o6%8SZCEIZerm8lTj;Aor!aqM+tnp+pRMZo&(LTiGp>`-HFcogn9Gwg
zav;Z01meE*aJCtsq6YKIjCDPe<$m###r5?sNe!O0*DK}tg4;-j!Rh5K?8Eubq4!7*
z4?rA0f65SN)LZPgnA0_p*RJIbowFYZN~4nwk#SVRTCJyzSE_Sv`+M)txjzkkQMvmm
z9{q;m3ZtH`XyGl;L5-DFmgiD(AxkVjtJ|{L0FvQz35eGS2)I_<qa&~BVSK>#iTNz%
z80P+cgy3F0tbOJlGsb2f_ONBb>2phY*NV|6+`gf86?{%rwRxY`ZK8S-$)D*AzrqDU
z%X|5JOsNQ#LtiP9DTPO!8M%SzJCAa{oeWakpfm*sYFTXv<xatIpNy9A<Hydg&*<W~
z4X_EMLliM`PH;9zReuGDzkru}icOFH*1!??t(yg8I2FIW>hioEuH3v>2HU;&j5iMG
z=(p*oe!9urPrN41B>tn9_F<{x&0xV@+?8&ku6|cKOQ9aEhjPWjCBnF#!d6G__6fW^
zT!OsI-u#wMM~hdZ4wgp_bCc~V34HkWs+amYo#=pH==0WK8n?l-y~%ItQz%&;U0{Rz
zzy>mROETAy(j1QUPr79)ai=ST-_Jch*M70A%gKIfCP)^x#Fx*HUBeUR`f_|U52qnG
zDgKEtTK!tfP_yvP$4~vI{evO${#oPEEYtBe`j}lYB2l)&K_8IrnuB-a^80;=k6wG+
zSoc8-h)%&#INUcH0j1pKk0s9}FQkh0{78c7Nyyi4+r%l!jI?Z{`|XYVjeJY1PQ9eP
za$drF7azIh_F!{9>Xo?gfZBZTUqYds?qLYn>!t90I&xJT?6Uy40eG^2iSa_tWnd<E
zPCh&iDcT1;b+{XMB|PeHY`e|Y`B<MQJ^z|Rg8n2mJ-GFhRNPGYHK3Abwi%N86tve$
z{;W9i!k~A_hmiuMxIFF2=Z_~bq8+L4FW<P#;RKJKjC7^<o%o^|<uY1d6;3MG$i1Ws
zT@>VSLBZUYv^Xm+#9v`3CLrZ-haUmZQ$-R7p%%Yak1+<Bf2*PNW8Lta{jt$&?|mHM
z;4>5Ud_1F<@Ig{iKL4J+{_y^?JOQh<9X0Y;Crj8Y&tFBZgloCv<KyzBT6Ao@2<Gjr
zui*aQMkYM}R;gJHK)c<5t1kQ}T(5~F92`NS1mn?9{k>=@z7GFXbU@X74WbJ^Soty_
zB@A$eI48Tke3{pp^8LvIxDnlKc&Yaszrr~7vHil!wQnEe4W{i;VY4^nNX~!UNZ<!*
zxANqAPXI{j>BORGn{33yknTBar#r4iHXLR~0A`~w%@^|LF~-IT!P?;yqso_XMteWw
zabQ?%7*p5an?1MlJ63!GEsauL{h(C9VlV#>RPoEYhmH6_tNR`{j`$Turr{?x?_ZEy
z^2^O6U@h7RrP^?QA9#mSe_tT4&m4K5NI_6IO7_8IDD?oI?(%>ku_zmVx1F<H_RCOs
zZajXzF>`&FvGI(_O~P6!S61q1>npF{;qWNvbSi1*9p`~Bo}c#uXSpQPevj3z_U|m&
z`#JGEAy9pl<oBuXy5I4pQF%Z7k1asyve0CE&knqjhvwNpKYEZD?*~Ny)RZkN1MfAN
zjQFOd4-nsd^UGQ;(0vKD0PA0q7lZQyQHe-qg>U9C;n1(y(EmnzhB~|rX*fwSy_vC}
zz_)m=)SmJ;Py+8$$^2<sawk%qqzeY9RMBLE&v)RgukchLfz9{1&)T<-?<PQYw@(kH
zY~z;lI!SQZq?t#lh6l;x_eGn!^xLN;0yvzkWo!JJsXEG1LHue~8tUH7yO&nGhaUXh
z3)Y(l0cWt+A!O_gOke7LIRK(MLQ{0n-whjck*vP;-J?QG07T(lr$^+kih}m<I==Zc
z*T(~SYtheg?E$rf&#!vA#gBD8WHmHwaA4fnUZrhn)y22OJ9A)8r!WcdCDE=Ul*rvD
z-xAd1iyG12N7Wqf3t->OJ~IZ)3SUBrDEN#>ea~ioY5_vKSRA91Htm-YdLg+eHWx3(
z4;2qUBM;B{x!fE%B=mH(>mVNRN?D+quLgO7h2P<1J)eTd{;g&IMA7PYVbR+q?D-pN
zXW5FScX(<*mX+Z*3}F+6UbMSc=?H&BHMF0lI{j{h*_xwizi}^ekwLtsj$fwbl$Kkh
za@~s@9g@N83-a_H9^Af=g~m^(@X(%8hdsv`r9zh!iC8^<$^|~fXFA%i{R73E16VN=
zz0JY3tF9tqjZWvSwHxU}Q@_tnEY8#S!B^J|HE6C$Yd(2>Z`<U!uM3RD&9WLJB|6oA
zghtgDPgP~)0sr!TQR*_kftqo?L=-6&5A{QtyZ=BU#v>!s0NCQ~`&%aPW6{zs8gYnz
zu#FETg$Ea4t4gryw>$<5>%s7EnxAc9So!^XIn@vH`f~uimab{*bXhO=!Td<U`3qF$
zRaW+$gaGX&+fMh9I1x>De^jvElxQMIyW)Ds%%r{|{<VL)S8U8$<#36nED822KX(Dr
zt40`X+NbTdUkgk>vZumc$KcpuJC<_S^+;y)DRm}2+Ww#~rGppTZ}_hI@MGKC^?m%@
zF7;sirLm6vBeQrBLWS<26~|vesbx;el=qn)_OG&THCRd)(TVy)cSx;bE$!pgECcT6
zI>#XXI0dIfGk=>1H7=0Lrr`j9=u5n>?|tZ<rRtPlh2NPyy$JGgIQgBOy02+2=jZem
zQGiH`XWZ4|V_&4jHb>rCsnzYxXv%4VdT&^7m%(2DKyoMduY?2Zs(6Ri%9wrJ3#f+7
zaz)W`9iL&d=>WH$HwqYLq~FdOH$w@MeY8O)X;IzBeDlZtVmzrLCIS0GQCu616AuOV
zG4*}oVD*Gq1vGMTy>@nbVYM0Qv!@6c@}P9uC)4_DUr1EpG(XBzZg-Qwd!1aqQS$Wq
z!op6=BQBNpeiz$eMgKh1a#z715w3wU<drYr7hVa*(5-@T#qMn<quDRQ?OTtA=%Xp7
zYWBQLoBfpL0F3Iiz4Ccq$DjFZdE*^BjvLR_(S6tsz^Sf-?n&xb2G;yJ^$WhjJtCU-
zoxR!ze>`}2fcjp2sxdbAQlD*Yzc63-S^u;NLZ8Z;UdJm^_@%s_w$2YAKcVU=Sn69I
zKgCxQ*3-C{#D}-ts5zpN$eOj!ER*04>Uj@h1h{CN+n-5hAV762)x1;oSHCAWe_8eD
zY7)z?9wgX4&p`dX->@>PZ;`VZ6aM;l;P+--ai4h%vvJ39d>lmn861A(DUqIe$JN1a
z+hT;-@`W2|J7nq<tEyr>w&FUq09)^O!}H=_KC{R_+I^|B4!ksM_+`91Idy>q-;s+R
zki4$~z{0}+(%G1CWeZJ<6URK;h<apD>Ullpxxc$h%UkWUCfRLqZ}!?yckk@oVejP6
zA<nVP&eG-zz~{AH23|@J)ueldpSD87voR!U$&&TkZ>oPT+S8D%a!b{891??Ej@sul
z_Tf5iPQqo_`7&a)F`tzHT}Hj#TuIVWT-2dd+Tf>sM)zriae0LqWBN89-+h{AL-p<~
z=-PefpYANPV9S(rP-Of*gMF^;XJxVh%8S9`s&ob$r-@$kLVR>lfX#wqX5Z=jOJ5h9
z_<f!M4ITgA0*y^fZ`gbF+Pg?0EyRN-Ssv~j(38vCE{~Y}&ew-9B;=Qo8EGynB4H|r
zKpQ?@oB6u;@P{0U0lCi@OqwwXHV`U&6m1>uC#R9pj)gtMN%udG>1ddrI|flQc#jvj
zNqRgro;0vkybsj+i3XR;cqb!mc3xac2u4e~_bg&yAc`!q{sJ!T{EfWFH<5rxqm+9W
z75&K42Zcq+KP2ZHQGsJ;dC76y+CA7B&1N#?NOLRMoRLtLw?&Jj9C=K1vWE8`6N4&y
z+*a#ob~L>r3nAP7vbwNRqtU3?Tr#HBuw`iRgoQTyr~Ngr#HEgwXxgsubZ^<|QL&U%
zwfhvottMKRWFRCa=9;$W<gA;QB==t<iWG+ZK3%O@xj3i%r#KDA3SisW!#;p1M^_f#
zr|%Hwklwg93c7g64-V-AF%gMApFU2ts0=j%5bnJ|As6|sd$KSb<?!MEJUHcUlweA-
z6a~XixPG4pOm?!Jyl%tdCC*nZ_k=p(O?#BlZ$*6h9x#hD&;Wb`f1&cL9iEux7z3Q!
z;Uyf)s```TUU_ez(cL<8FiD&bpB}=`K$B>P5a5S|3%AD(bl^MGQZ}lCJ1c8T9^xzu
z`F`2lU(j~q><3s;2E~?7dg(~b_o@uAdY|_#?cq0pbTfpZ$3M49IbQxi%eqB#{6<Eq
z$`FIVdPeXi)0v8)B{DM(CvhUl3B-pzC)B_mm`|VA?8wl`sVCy=0rqQ##i9mI?x*1m
zc&WzyNX^b2tgENe1#l^OR@&@S`#J<KpZ&CCeGV#_Ykfs1G^+70XHojkQsVe3&C>W;
z+>|};`eVf3bck4pCTy~2C<)dwgf;ft7oEM|nD&GGPFUO~Al%<C0@{2(7%bovUZM0n
z>Qq!n*W0I8>>C|u=5mZ8*J_&SId8JQn4EBXz+R-EEPGNZmrsWDMU>VZFpBG*EjTPy
zm*y9mfVERk8WA&!PP0yX01Nt->bAq<`n#_OueaWwmE{T7)7&WR*Z(eQNk!t7qJAY!
zr<EAX89xudvEdGQY|pRuomim91p8IxBMc5~a6m-wS!Yp~-NY6PE9(>eXg@a9ZBC$G
zU_RUN=b~FPK`)4>=HW2MQ+t2q86Nedc_<~VI9F~zTu7BT<r)#O#}xp_77?PzA6H}`
z^5CiF-ot}rQF5&2cZTTg^4-TBKW;;P))roWHUmH*=RQND0G=pqI3mqgdrU>LRJ3y-
z8i%`omyayb&krl==)-Hl-jduuG-&_WS|N>Q@^iO;4dKRxPnmsK@ZC7Iu7`pHg6?I;
zpaXSopf`>^UC!QEMD3qjQ?L&TGre1*#kzdvfj4h{ikis1pe5jRm^`ui$S1GZ|8t}s
zm}+1eIL5ECybHh%KP|q#p1Ly>%-Uo3A+w#RUe#Z~nrn=VWNGd*DrzR%4X6LXxS#6z
z+3X*;%AhRwPy@fHre7WhL-|^#S=>mH12N`EKiT)EhV#v^b;*2s>|LZXQ#j#jOTzxu
z!IB&6<Da991`WVDp-z45g%jPP+X5S(Sv_{#3}sSGf#|P>zjBE#h)P=bAickDc1ctH
zOtcGF>dlDeJvQ@PS?1t|_rx-1o)0$-4!D6Oovf1TXxEJ7WOkl)rX7;_Y`k9_SCfu-
z{fV=EL<!g?0bM4dcgC`Lvod}b3DF@V3BctI0iT!Rh@-wjG0#|t_4h}7Hg>e@AC#2K
z_IsCrL)E+2{lmptpeY=C`=)9Zd3-K|#D3xXkc^}takKjpK6~O)&SQA`(wlkxIDFZS
zr@?rU>fME@I|5~r-WNmS;6?QqllRZ<#&4g)`JB6|<Ye<pnQth-72bZ=jO0+JfZaE<
zx;=Yhv$HOH9E6)~CfAdh;Jw7$-(i+9i&qy<EmD(>MgF9iI2pv#<Z0U#j45pqnT5Nd
z>Ab{rr{DK@{mrEH=gtLtW$YODsL3f7He*j_i*Y0q=ya`bpW?s-H+QklSnTx^u`V^;
zEr9b<#<W~K4GkaTj90fmfZpu0L4yX=a0rn0gf0iWGFRfV?|_6rly$zme_*uT&cV2k
zbFos;8{zPr1yHZGDo(sU*gvoZh<?>p=0SZGzQpN<+e*B*`}x>tW-iVHUfA$x664NI
z`s4>@u+)410vf;qn{7J7!PFd1iA6{&K8mQP>HYU|Z_0uelS6S0*LRSx$67H+uFS_I
zeL^=q(iMG3O!wRRr|R&{$%nrUA)sgHghMk6(>;DpcLmE-Z%;q6Q&Ru@IG+mY)h&oJ
z<wmaeJEij+Q8gYI5U>10%k$mROhkg7!1ewQ4Xp4&ohCEyi=TL!?<j`}sz)&>;CQN~
zsbP30O1DNI{yC}wfElSf^~i_ir4Iq!f$V7B?t?AS>9L~S=5R(`r@GWgg^QYE7O+XA
z3;F3<{Y7N=drSuL>)j4*$sKBh3*xpwQ*2zzXD8-&q|xp_-+w(!YTMOJ=p{Cshooc6
zDs0If=8-P#+XsLGr}0IeWk6U@`{t6KO6G<>m?vOQh1RXNL1WzUyI!dF=8`aE6!&TP
zsE~YlF9>ag%loK1^Iid59!(3DkmUS6`yLMV-`zp9<s(d92z8?;W%Lp_ffWJzQu}@3
zJF%EqOxCg+j)^%X5MX6MNzgaT*BE_wDL~zi+{2+hyb52O<1aCTE_~}7npc|e5)p}y
zZz4xjq5#HVFX+TW^X=z}VkVq#Pxm{~0;kh*Z~dd+g%TSVnRwdlYg<%wQ>Cl`8(Oq*
zB_`eilTM?dV-X%AuZ*2P*F4twKX1PRa1+}gK8Bk3VMYb8IqzOrF+`gE^Zl-3mwg8F
zED#|TnH(oJe|LWiV25!vHz+YL=QSf`QG-!&2ISfEc>2)kJ{7&KWBsN$a^HY77A#MF
zSY&!`N4?>2kU1b_6NTuFUs>baVB(e#OqQ+MGN7Fg%~QEq7X1U})5nK7JFv`nvKIh|
zqv!sGS`wRaE8`D5g!MG5t=Tyl000W|F)--!Jyouzv8DyW@#S^H<-i&(PxN>ps<)4=
z8Jy}g>Lv$!Cc~%3E8rsE>xKQ@Ub<pMuO!|tIl?6|f!B)5w2QgjK5+RSN$L&MBA(!;
zk4D4RVWPtZ!T=ib!73W}eDhsc2v7Q{2bT;f6fIl`IRa`W>63wdQ~ABtJOrti%H1#7
zoYe-(vSgGo+Kb>dfaDL)L5lYrCk&pf$047FABvav!}j^|0c5mQSyHnz2*T(oNP!VX
z7}&~Zd7?4wFzqo9{I3G9xvtxfT_kn?iiMo_%ruFkaG{~TUNQDb6-oj#aFv&NhixUO
zY)*6bzkfNCn9#$FRh&1<;rpzo!u_P8j2A^;RiZRG;+YZBai#ViZ;|P!Z{(j+{7R9)
z3I2qQNKViKm*Hh;Bt$zh(IGo+{`^H?)B~*E`Z0ODo`fgnu_$Xto*-UckJkx5G`)`S
z=o?@@0&_=~bB<+wJm2gVwpznWF8I^^?JY<T<JCbGhiZ8{cMx2a6Q}vXj}i!NZ&sG6
zPRvl>?gCDWz02dsSg+xG!B~e8L;3OkTC%D7Qd}+!Y;dT}Fo^H;a@^j;gea0KkB$&J
z4N#S&;33X^P<Loe%_16qbcC=`6tE|+)5NHj1W6d6Hm3(iK0f7vO3?vhsqaON_gTym
z<c@&ms$@z~^BIlm;S}8N_hWR{KGa|v$H`YKQMgK<o|*3wD?L$$q&eK=vbjt>U0=H2
zIg;o*c#}L;?Bu`-fN=W$Aj<mM<<#R_OYi~89*|oOkEdC~nf`Igjo@v*b2&e?(0@n!
zIkDp5w6Bf>TplL!>`>%G%>_5V2zNoc?-SqeqFlo%6)Ws(+Oj(eYQ$pwk|7I{KrqXK
z%PIX-)i8YO(tI;40<LHeOVdkZ*PG`(*AVs#n{c<53SpmPlQtQ=9EX9?=TW#BaSmz-
z7o4}>a8YT%vd~ehITfc~n!KIC@~-zh_8IQ4bg+M(X7;T@T7i!J;Q6JJbXCc^X=}rP
z(GieC<aW4)Z<OR4w5La6yw0E0>WCz*vh%BMj@Rc!zB1W882mIQ)#nTm)I`{Z_Bc6+
zrq|b*jmAAwEDQGi)rY?o!%c6OJIr(R7j`Q?vSU;!0OobwzNmXX4dGY!S0O!p63(Mu
zm2|`BOp1MuJ1jAvYs}{u2*mM-2VT7JQ};Z}so?gYe{CW&neV&gLp(*lzzgQ!3oz+?
z{aJW9$kc0)9-C(!)}`N(e1DJ#6*LC`JZm9_M|t^v7|RU5X#n0IjCs7vI<x;_<zi^Q
zCuO|{=AIqvFW<%S<!i@1&0<9_^;W9R!}qY)WZ$P#+b-pJrTxju#v3{5d8A$kDFO-a
zcf&7#JS-pPzzllkuJ`0~K$om*@k{tH-e?i~5?}Hx-fQZqjK8OSO3#+!!4ueAvPeAj
z?H(P0;_$-Wm>LvjQMxA{fxEPnIk1z%g5ILpv1YH=m&FakQnqHO<+mbiA$`)`Pm~9c
zdf6xJb_m)gcQW+(e6o7FXKZRqP58Nd1F;oUtvTCok0;-!%<HzgU_UR=DD2WRZcOdu
z)*yWW`llzhpYyAA%w1?Kh<>8)MQ=y@8YiVo5Pxm=GGzq*X;lD-0%>$Hw)XTqSbwCP
zc}(d6msk7(HhLp5_pQ7jv~yKviSW?oToK>Cv)=`;H=nOb@9Z-sZ+hehM#?t%yIi`5
zPrEnV5nu?w`i;9}=&v)b`yTUf=_)ScMSBmxeo{P}b$WflYIPvSE9`j#@>di7UCNl#
zPd~wv;9-*NQ+K?W*K&aPpgX%VJp>f0Mi56=hL&X)VTk>~dg|QsqJxumM1wlCdp!&d
zm;N#D6LqLqnL^&;vQo`Yn9Ic*CUSotd!>#HKU~#qX+W-VTY+Tr70NCE02+$t4)D}C
zk#z`PF7$KeXN9@mnn&MC6BOLf;oT`OM6L2wPNN$ngzUu;FXTO5sIcA>gD?G_UWWm?
zrRNi{vGfjGsl&@~be&n-dQ182RfrV)eBi8{1JKXmMv&9*VXff7{20&L;}T_gHjZuR
z2(CryUxEEja}Ww3EML+W|JD97_xKFr$uk{uqBCHGEt6I1=JLK&CiB_&$!4z0lNzvz
zVl@`;&>2W$2KHCox4m@$z2&^(H$2lrNkhyZ!FeX{kGpd4z^(|Z+U{WyAJy|XUAMbZ
zQCB#mFK8;1bN2qc{~SW5_7NS6eYGVV)6cXiX8Y0{MW^M{SbYYAv0xteNiOo>ihIW|
z3noBpWkeQ@TN#r#4l(P)K5<{7P(%mO`vcKv)&ZUhg92YwU^zN%h6rCswF31Ue|dzK
zSLG>3DNZ^R7W3uJ=pmw}qX;WB?MUr!vb+diGxEW>0CGz;AfFFUKfG_v!X06Iw!G=E
zb4;pVLf9J`kBQpaw#PBTA)6oR#r{h;6>TG2((_P*sR0pATE+IdFL%{|_G**m1p+#}
z19CaOD8qt%#&cp7iyrcH1$w5@0X5&V5<H+3jS!+VlM%?qTQ>j5UcdOq+VJ$vUaZV&
z9+=NWjU->)b||5U_mdc<65HG7(0egmkN#i7-em3r$eH*3oK~Uxn>XEK3QiL!+Vho7
zMg-%ZzQBG^fki-fK1FaVIds(sQXNo6{H>~-FkQ*hppae19wvGYmHmRDAHG+Ovr0Pj
z#d7vow9{a%NcRzcUSA>2DGezR+<Dd1txERN^9P-3A2(DjztN~;c{8$D+w+SsYk6p!
zUV3wD-j=iVo%r@<J$r31GrOVInOD)Be|&idSK3z(S?)>}>!9})Fv-JWTRSbr2DTmk
zk+7<pe8^cBA|*doWbs|Do;eq3uis*wJH9uW?$n0|Fidj<7%(r!X4tePE-oZgn5RC_
zUGnu<ivf*CEd0HhE0=#6o!h^ldwCIU*b#NJs;B33JB&Sl{d^0m8zgc4_@)Lk*7&FO
zhw-5pk6Qk6_5w2rAFxX_T=xaU3iX>1XZcd-6;0*|!1<Wh(4RO3X`{Ttw>EYTk0B;^
z8)QKxlyJmnDYHw~cb%5Pz;yc=<nk)^Iq9j+mz3S7Yy7Ayn6Uc>Px9>Iab}v|CE3T$
zSyhzB8P1#WV9?RkRuq1N%lJAF-Snba!m5dfNCO)Fz0Z+Rhx$dF_03q_4CbqH59EJK
zo>VUHajesQpTbz&yOs62@EiNQK9<cdlhOaAj*)AJD-8;#z`riwi_q0Eyii~PK}fv7
z4vmZ3NMS|+7(|$4ht?@05zW9`+;%<sL80;+VUfcZ6OE0kmgIb)lr*Ye%ed-<@fZ)V
zom%5!yGq;qdalTp1TuT0h_=lE$+T(bY~3!guy|F?qR&r-|7<0|?M?VF_3OBwQ~cac
zUaUFh=h+coc|CfE%k5gP)2B_-=EtxjEP>v3?^fLJtU^S5Loa(k00rhXk#|um%q237
zYIv75`(pkk174bLb2^WvqNgA1EI?H<a$8{Gm2?T0$zG4`OBa-FQp>trhJ!B9{Phxi
zJ$*c1o4<6cMuONqGIX`x;5Pa4te<^3%+R%F+z=uc`LV0I#}p+4g@iY?bRIsO)^Vy`
z#<w=qy!S|IgVqb?qaXMQS)b$JWM2We2dCdo+2I%Wk-67A9>6En!FkcZP;51A{M)}L
zas>Al<8^M+^{$8t`Zlo1sWkVAnM2;79g+ue5~EMST|4%9hksp_jfaOG<zmUVVeun8
zSuXZ_Pj=A0HXhz|X@FvNy)TY>NWPr&9Mwfp)_lKFaZLBy$I2-6;_dnuUBuLzUdN?P
zpUd)dlZLy(UFVvviFQ~c9+)it7kS>?BN;0BCJL)2J*Sai>@zzISdOi9Jh#zRmyV%k
zGX$4Dh~+B5N1lM6*t2Ba85AhI@4aS4-wkF=5qkpRJVZqFpiN3@PR%rZuiyNT`TLiC
z)z3KL*UxWz2P}WPLg#d!LJ%g|auq{l)uWke_=A1p7TybFX$H{&=EwxLxelxt?-9UM
z;e4`t^ryaVBW79pXCjBg|7J7EBD}-=I9-fmFou(q)!|Ekx(|;&Dd);`=LKzhL*+zY
z_CC(KYPfa`4{JW9<@-<26}AK4;}XdxzP=^j8sGZ!$!o1{#xZm$Uu5xme;T{e++&}@
z{2)YsOQ4y-ZfS5DR*fI+E#Wq!*{_BzCfc3u(NFLxzBLhvNQr7hHN;@{Fwr&t7^Vbu
z0A875UgO}wGDw!&w`#M5fYwn7tXPj?k*d~trf*WI{T$IfjW#1_nt@8f&l(|ukw25@
z-=1S<?zwSmu5e@bCq^*9^tJP6f@njO{we^C<fCn?e49!*(hxd?8A0s#y}o~6{D5=T
zkH0hT_Q~5%zkfD~;{golO!*8$dk8g3`k=an+D9-u_=C0$u+-#&_`B<navt<V$?9CN
zjPdpM=H?_yu(UX`ag64Eqp=8>QrLbl@vr2df0(KIw45?Wqm2zPWcdZTzL#QH&=hor
zD(p%uk-4A7o-BS3<~oHP`h_+UKGrau167x*i=KZ3hkU;{3A^93*S5+k+g#Yj1N!|*
z=Wc4iO*_U@TZ^?~p&{{ohv_j6E>xh597Oi@95i-N-k38HG72%(dQ>nq$7=SwjhFD1
zJ?f~SVJOQpMl@SBTt2qL{byzSXZu(rM1>W0eE5gj>mz6!2*X6?sis)~g(rS5P$j*a
z@#8*NSGqo~k>^;IIT4}2%&yGYcCtpJ^brshQ2l+WUHr{{G!J@@QFO1f$245u=*FSs
z<fw7vzzFE+-oCyxJ3%bu+7+zaelT_6TeS8a$1ZLKN9^_QKvmH2Ic=a4vTvBRRsXT@
zD%47gt>dzxt$gmZAfeyH*&GKyIXDJd*8+=w>ai}mXrh^w!hKIqbWUkYboO2nSRC~D
zU;t_INzb6Kp9qM&t`(*4rH<eGQo!`3B~Tw)+tRV8?rH-QZ#?|>gY5?+I36rMNJaao
z;aEJHR~6cMH>%X<hHTt)ZNH>?zG*k4tFYbBC$M(mmT|H=6~^IgcDi8smHoT>p}xRM
z<~Utd1OpfM{QK}vv_PEYT8n*-dGV8D-2G+Z;F<A@4k?m>1^kc3bawqc>?N=xK`Sx{
zw~YXfqVWGiM$iMxQy!F^xxa`!5VtP{p|CCwD9IO!CpzQz#fjBQITbnw_nGz=Crbp#
zpHN~z$$I<*_T}?C<TRE0NY-(tl}*>#EuKQJc;9c%UQkf6r*S?8D?ckTuDQJ5H$9wC
z5p5wnxXVm81r2f?^3uXq_85}Ljw`dl^YEJ`hoP=YJ}A=r6k&1l!4%)$c#2^VmO2+^
z1o%i-=Y4*#kh1v+pk~)>x)xQ3tWP#+lnFbI)?-1xp-CNsy7234+ZQ}++rEGKOO6@N
zx6f2B^qTl^ls;=dijq7WF>%xeiIC6Ae%G=*dH8p<E<$Zx=!-eIZ}QYm%P9B<BEeJ6
zVd>y<?-$Dc85`cnpkd6G$Z*dO_dFD!r*=O$G*)m8U7mz=p*@eso*JKJkuHBu-Qt3O
z2!S9YfhoET=?lt*LUmeZy-j)lM(iiA-f(Mg#Tgv0ov*LJ_*FO>g43WszcbO<&fXU4
zHr>@g=mkn}{TOLaW|nhw)ckg<T2Z)}ZaHHoCZ#5E_8#Kf-SL9*_p*EXiE2CvK^uu0
zG=v5#9=?-$hg}<<S>W7#O)W8)nvM9lQ}a!e#_LXlzrH38hGb#-ESCCBz6SB(K`Bl!
zb%wB7aQwgSohM-DoLP%y`Z4<QVWI;RC9s0|W)OlN*4b%qmENo~PJ+A&PDb9(H22Cf
z<>&O7-dnuhZo=3pPMY6vF{{%)p;qj1={kh?!oC9ROS<eo-lY}9KMGu1?#PzNfAC>q
z|9Z2!ubo)X^QocTJH4pj7G8$YUeQDM=Lmi8S7X*Y+hL+Jkm>O;{1f>M^y|imk^EEq
z0!9+A@Bk}WEJLy;b4pUS^6VfceDZn@VUuDSrnd>|8danCot&F=nqP(0)8XTcW(|DE
zi}l-j!al}_+hco={v;@A3~y_S=KK`8L+!Q;a7Bd#AiVkWz25h#HIkn=*q1$#YXZr3
z{WF}O@q91X-o06GB=+?|O^Wak<*hZ}y*(fRtLJ79Zf5k^e2U)(w|}YQ>%=M2!Q<~O
z)84tCy*$AIxG$mvn(<+dz+5+wV6#uOKxXA0_x?b6p^cCE6nVX<fy!dZ1G4qeVUv|W
z@pq@5xObDR6S9iBAkjdIo%{wr?~_yq*o;qLseY=Q5Jwi{g*0gC_#U}U;oRlL?URpq
z|1}Jggf#k8mCSv773g8NJ>ka2;dRkkyk^ho8!N#}?=0!m57wY-Xo-h~3me8XuUEPA
zU@zV6BPWtW{~-q{@jz=9I`zV`W;*i(r>1m-N~P_G^zFVmT7fxUb2Ki3m5%is{%%9T
zZmN|&xa|BczZEz{nK~D2Y=Ti56w08QK^g3mM>>v+``n@+y&Bi^g+MyfIlVl|BKApw
zbqo^0lU%OIjyW8Kt10KxRbIh;w67?kaer#KrZx!K^1@EdQfYL-kLFcweESg$!cMxf
zdi7h^6R#Cd--BiE2b7L->tu%c#P1X6Q~UN+ee$`VfMAQ?*{|P?hZLVscAI$*`5z~5
z{})tFNp_rm1V0W}0Bp=s1BhQoC)v6r`|B?Dii4sz5e%4uq4y!Ean$Galfd`tA3D;&
zM%H`Z8;#n)4ZFU=pTG3!ffkv86GZ!^Nex=Y$Mo`r%CY}if8B7-Q0Ll?rV)|wJU#Qf
z5mjvW8*ud0r>-9Zw&WLhj@3Wlk8>8~Sk)dIzG0$*ggIc|DpQxhKlO!%E^#UMnedh|
z`{3Z!J|sGeuseO^jVt>0_6=sf?e8_t{AU!nJTKgD797NiFM>Cd4&HXZWsi3NYx?_x
zC0?>}eV=~mrE(OHJwTu}4lh1ebS-?tSp6p}Y}r!F!jAF-Z|w7Yfb@%U7!S!Ij`#Rw
z2dp9DVq8ypW3Ha6bsgH9aQnKZZw{uPr*J)sY4rx*OdqzloKpS#&*ii|9<R1R6S<hZ
z_VM*{?U8rx;6S|IrK9te>D<6fi+c5wU-tW+tY=sx*c`hCWn99QMqJ5dOWBEX7X8YF
zRLz)KJlaE9&Pg1SFO@Z^gf<LzPF^TI&M@h|j$7JYnZ+VV<(a0N0{@@=y-_+yX-dtO
z%OQ*d^QXZUI4r(fu-?P@aDf|3Ik;!6H&6tGx1y77tB{Td%TnEK!~qib{7f1Jx2Jfk
ztNqR#N=&S$_gnGEeBir243E{<H;Lc1`w!S-ei;}sNr~3B<l!<dpbo&%CRdlTc#`8B
z!rnK7o)?UlecMoucW<8y7R5D5SWK1MvWh9}b>}?ZRt0=&<UqSR>u{OCb)p3w*9Kre
z={}OtDYEQ6SW$X~KkfGzaMaQ{m;}M@PK2o3Qsh|KB{+r3*CdGWP=6^3`aq?BaX1Qo
zdRN#-$i6m4<RLvonw{z4J3^vN{`+{w=bj>>QxhN)Kf+;K+N;g4Cy{<-`s@A&krbZj
zoYk3hc`E|rXuhUU;HLo(lN4Vo@bx*kVN>;a7OFO+{{#6_&Qv})fO)+K1xoze5h!Al
zUtxkWY~|hlNT+UmUM)Cw4@G$e2Z5AnGksic?>-^OwV0Vag@zY)kOS|fgR=0!AI>8m
z1o^j;pqV-<TAD7OmVSML(t&Z+f$b;oZpziA2J@(Ze=}~NOZwpgN3%`ocIN^JU*C?r
zP38A8Bv8GmsmDo&vPILygMOaZut<KbE3vb1j#1UbS$a6JG-ba^6YYyzmLI5jhd802
zZ~EkR3q$fo0}Z*|sJ44l$L=tL8$owolpF^St*vM_n+?6r77V5#nG}>Oa_k?iz&I?l
zL7<IrE60Fsy=uCDkNIT;V>#Pbzo{psD)GU6x)pl@k=`1vuC9`Nzn@?LmPr!@3)}#w
z^>WH3sdZFZLg#pyIQw72J>mn-!wyh0@9>@~N_0Bj1Lt^MZ%sxn5f~FUD^ffaOCuZb
z*46mQ#tDEc9B|KYdM%J!o16Snwuv>?;+gSB=GhaLcXekXd7^Qj*#2lQP$Ka1D+u8{
z+_=VKKy#LULVl)&TA*7V8Oj6WPW=>hd!PNFx}e+Nk^9pq$_ImaJX3BTG6yun6cZ(&
zrFcm1K`KVXwcx!KCIrOOJ?lLA)K9NRAV{?8+53b)FK20wWPCUlk7vKn$qHg2JkbI6
zdxCda>@9E#TcL9CluGg7n20B7uj*MK!hh4>&@%Yp)4qx~e>r-LZRU0(ubj!R2}y<}
zL@fyx&2ocw@dWqaefjLq2BYkgNAvbFvXYW}jdla~4gaCb<GaL^_5Aasc})S#Yf><#
z&|}qY9U5#Gt1w>ROOJ$r1C4ZjwdpN?ts}TU?@*$myxT9H?(bt3x3mB^)lb<_?>+L;
zj@R)P?a$i~hAk&oWImFq=W&=>?N{%;ir)SjO)vRRGD4F$H68LfVi#KbXjk|b%OWEH
zY;ABXd5FXow2nHAT=8-CtoDVrtP2sg3>~3As2!gUg3P?}(QsP#&(nFVd@o?ajoJMb
z0r_Kdb3)g5AOY12tWl3osrA>`e{&8Rtcab7A!l`AU6W&5n1>mSYe1iG&1;_$1ja3c
z%52Vz`7E?oTe%L6d%|@~ZbF}GpvfP2J&Yyy$&F;Y3gdHwEpqbs4$M9%<rQ98zxH`)
z9cJP~#n_Fzkkcw*t{oGiemJb^{$1y{o~#Rm7KNWqelUXQ!*9v&LO*L=zK(wUlsA&?
z5|aPI&=-@jO=+-cG60u$q+4&F`GYQre&Q-HxY%cCePLtV?;`1YQ*#dS8;D#-I=p{4
z49zoZtj7smlavAFEmlVntp8lQeDrl&_f;U@KDQr$E^t}hpX`mhT5d9@J3}_%0r^F}
z$Bbsr;w{Zn9nGLij){&+1dgTi0$m;DgMPsN(XnL3Ym1xzmZMNUQ)~?6+j6qW$!_g9
zvI69l$@q!u%sdTsIV;tz7AFWn^?r)gxdRKP+%W~ydx(h_*oW}I9Jde_Ph_CLYYIBQ
zddq_AaKMg2?*lqTZWVjMeZ&+)@0Mp%B0Lt~Uk>v$X8d!bg<EdDcmqqmc#TT$DU%KC
znJ!ZC?w)=utdC#)2SR{bvg*o2kyx@8RZ14V2`Nd!-=u^<_8HQswMOqW`g+O=RB*Er
zz8PLxz-i!#oDAMkD}OG3hp8zQKOP5cFGPgQM0YJv+E`D5PBbJOh`F`t1fWr-uI%`t
zYc?x^yE|CR!kN8X-(T5=dqI%PiVXjxtEX4E$M?N2$IN27n4fMoG3|=M$3P!A9zUe_
z#vu#4EkBcTd;d|#$#}kV{r3)Fjj&mFGSf-lR2xNB3u`S@Qd_b;0t!2*4)mwGmDz!l
zE#Q`*ec+k%ej}}2<3F(EkfDPrGM|D8q6b9HqEjB_9ylJD-<44-z~VfY?(}{5j7~vb
zliedH2aB~sxlulzgBKqkA;%xnE~~!P1IDXw1Fo*^cPix5G&151k*k;$p^;_2`+hxO
zmY1Ga`Q4%qWxtVU;1)^K`-8L{7HEzoV_AQ}T{RdAz9<O<>tA>=xg!zih;G}jc1Hs6
z)gm!X-y_c3lSk}OK{F?*1W1b5FZ4dop&had%F+DLTb7{9VuEfWB-7_7m$4|w8_}UT
z`*~CD9QVokxGE8UPu133h#TqL65^yi^g18wYASC7e4W0)Q$?);{<`yY%J~Q@KaQv<
zQpoTfMxQ7sH^TvsFsI@AN4_w*&yet%I`JQ$Cvv!l9iz}#*~Pt*v4iGl=CrVhmY)1)
zG?bAPo_bs6GI#xiL)oFDFQhij%_hFSG&CqTaHY*AtB38)HZaeQe_fYac#L&PyTIH@
zVIh5|i=2?+$AQoy^c*1}vHeGLUQb@{`I#0OUAKQg$ln(r1HSKQj-^Vi-?RIvnelYh
zkCzfB#=8p2w9j>fG7`tB_ul7BVsENTna^8R9c%+@!wHfW*Z#H{Wzj0HuSRNrgFUWu
zznxpXxX%?<Iav{W;C#Nc`~FhqB~i2XJMa1zPjy$cP3)Bz;I3um4U%YQ7f!mHCwMg{
z3viIPzF%RKw=Bvo<lzh>hS!ygyLam=Tgu&5E>`cya%SP{CTCA2waIw3CwutHp?oLz
z<#?ak6qMFZWKWCOm7LU9c#N-8u#YQBC+U3*ljp@!%Gc@;UYpr}D;^CulD&eB#+GZe
zGt6Xf^iE)FcREEC*4cY1q3NmyNme(eHwwpB6d2Vg2Y`epUup>Z=LJJO+BtY)Q$ZJM
ztT^gNQkHWwxj#V6h-{vvS6gd0Dm!Z+mA&<WFU)yB<M*Ib_46H4;Di795FO9sf%Uo-
zeaBS&vy1c-?R!DPzO7D*hO;TW3UB9Y<Hl*Jkn5wf`|#QQtKnyhL4Q_{GSHvy!7(pS
z_Or9@f$}Ix;$z=4e;&@(F_;tOxfp-W&tVSPKVH&XC!3YPN<@lqP`bU*P3$!{*$79e
zoiWp4XaU_q_YU__Y-$Ood)L_1qSnWkfg9%S4WYsTR%3Me?9U3X4S{P?p3cXvmwjFg
z1N65KtBF2mZ~$$E((7)n&0*|ZmJ8C8)jozp<MDt;?}^-W+`}mOSHm&xAtzje^zZqs
z5JG~ay_$o98`Am{&v;Y@x0-2UQ7{TmcTvzWCa&9MB4vq=fdzDnArmC%K43~wm*lL5
zN+urGZ~1KF%hI-SbBK})*}kmw6+tzvnyn}MMViAtjr|SciGcG$3Mbl>u)-?RAdO!}
zko5Q64zjcBo<$N(G`T$Y{DSle`g8M%9wp(79Ox)nrau$?n-8iAdWDz80Do8=_T#4$
zPJ}F^UGBSs*xI(T)psg|-=V#si7t^S2PlJsyvH0`bLhxDtlh%ukigW2CN<iGAsPfT
zZO3@`dN3mhYJOKZ^<rx$yRG!Gc1>-4MWO8W;ZVZQk0M9M=@Cv7kmDx%b!162%2C~;
z)+((9?dRYfiG#aQuE1r~$G-LPboxl~IR-onH8`pJ98*@>N>WcW+ihP)p`8Du3XBe?
zBG21JlOd{V-nG*oyXr^=`SaaUAk;tFfrQiU4*@Z(k0Y${yJYT1z1&m#QR;p3F<cK#
z_!M2JvJngkzJ5#+TOSKX?O}+w!RW!o`wE%JRX>+8&%>0!xv<K;;UPyu@YbGu1oU(Q
zPqRDBxN$_h$#{kkm4>NWwj%zQ%`QXLcpD#&y)Y`*5^pUUVV{R!K_4NinQvC!DF0QM
z;eNiWAANwx7opk=&Ovf0bk|Zi264Rh%m2Fch9*dFL6Vs4m#}c>0`D2~4|nzN?8?5l
zCvmK<iusSZ>)28iU8Ao=4nvV33W6ko8AuioML>A^-c(QS_>Ow5v+7hC5aADB*kKJ4
zz?0i@+QU-fhL@>(CxrUuTKw&P$2aDnB%aI9mfi9vl*ejOM*EpTNUq+K=VZ*wVd374
zvVVu)`Jp~$F-od&QST2xbI%vs>1QpzG9&RmTHe{Sh;vc7(QByovV(EEzpKyHLL272
z%{P{Bbb}iQ;_*;dvY)IYWWS!w9!l=JCH@Vjyxls6=Dgu7+oaKl5LKxv@ip9)FLmoV
zBhfH3g}4HR337gTXF&&tz5HZ{$F=F8^t!yEJ&Xt7arCp*`M75@KNxPXv+VYIc~rmm
zK8YHDS-)RIqtWExN=BS_l~J{548INgU}K+l{UR4n%~QO+DlXa$#NKa$#X-`5sAVoC
z!<xt?fkg_jQ9!nWg^XY^mz|#nK|P*%cWfba(Gb9?qJ_-!=0(kG?Z{HhX}m!buxt+3
z6yv7=LZ&<a^5epiAJ)YoXRVYr7|6i3BrhNF3rOa(m$$#*0guh@{k7n+pdSUXQ7TV}
zdLd_h+c+#xtb<ZK$K~(2Q<=-}*;vPL%0N=~j(_%U?aPh%7^^-<>_B(P_*h&o#SuG+
zw!~kI6`QN%lQ(c2zzt=suSDbaW$#Y6jDpj?#lW}$BdbJw?j_N7Kd0~mQQvM%A(_Bh
z@L&T5K_Fn$xc<UFhmG7iz<LEfb$gQL8;7}S@0ZmQHzU-E>+r(G1<N3{=FETpF84Bg
z>@PI<*bn&2gH?|VFNgh}28$=ME~qF^>?uobZ`G*QvpvsyM6Q05<HtoO!0VAz2F%-E
zRmBZ&7l^{<Z|B3flQae=_vu$%GQKV@_&xWwldB)xyu2xxz^Ptp<~G~T<@&y&PzmeZ
zTA!5CdLS)Q$>$T5PA`Ft8*>U%65d%4xw|Xe`nhKIK!cY3Fan{bXn8ahO2MWst-f%U
zp8{^nZSa2G<?ypgtFuk9r&}O_w@<roN8NWsdN`Y<kt_UWic+?3r}w#FmLs=Mi=t%A
z8{bSF&9o6|pTsmd9_`ae-H#bThah6_bDC=}Id3g2^o!$#1eN$0+&+gD<=`dO;6y;#
zxptqbWOzie%>)OxsGsvWJY0MW=}$c<&`Z=9wN$fLY5ycp*74DgKs>D4B}C!Mh{_oz
zaP-l8_)z4|0uX}n3ZYM#FU;9T<2^kdUCI)6@w`Q*`g+kyjTtS4``O)d{3yN^KI7A$
zC4i;q#I!3OcTN&iHl(a{ob!x14N%kmLF<k6VT6rpLiPFd*P=f0AA+V_et2js-l75E
zn}}_|T}TLdjQgkXVQbD~GWVw+3^MR({*eoitbhX#A+KCp|I{#?RyY<0%?I63`luGb
z7le%s>Gv$I=Z`wC(O`MJVe^iJy0wwJkTJXYKE%R^zctg`?6OG&L&wIyqPGC;4`&#&
z%!yLZTZ*6bjo^Nw-B6`=<*OegVLwMWJDkphHNKp{TQmZO7ROf&D2#{-wW^iNk^SU|
zH2dKD>gfI3V26T`q7Ex>u<b;Yz|`fB!H&Ur(a4wV+)g(6&7>N*sEfP@D=?@JXf7E8
zZr~BV2fj4in{zYLGU7AUazh>>WR;1Oq<4&H4U;34Pbv`l>cNDZ$5C2Cr@RZ!@8se2
zz!&DqEDf$?!%7SdtPAr1U;kL;4KT2HLD_oArVAJ&>IN4y4Th^3S8V&P`*{(1dRQh#
z?(FqKIFx%$rNOzRZe5R9O}oDpb461g3$#SX^!7`Ln|Gy>{mw$nR?89K#c+Chf4=0;
zmAHfg#``3BsanH1l{$B<l}t!#Wc}K~t2gy-kW!$h%E$luWW*3Pm)==_s;d$}|2Hbq
z>tBIL#buRh!$Bz{gpg!%INaTjz&sqpsjyWe#6Vp5l5ujn;kWIocQ@$rOR2^f4F7z$
z4Z7Kn<D1YL@;blsCv^{?3j}|uhYw4XT!{m6dw^n6x}(A8nznBmSI3O3uzaV;XYnC-
z5S!;;BBMBrzp9ydhn(02Mg~S~3rnJ4<g1lz9#ltxyPM4{?ZIcJM)m1liwXokQQ=Xz
zzg{X6C7Rs@VlcT}S~bK)JJzQ?k}>qEKNZnpL>~qK-o+vgs98VUA2l{Fh?dOPX--7i
z$L^<)C(yj?eWTwtC%yS0+}}9?=UlrNxw^y2+#mE4(tW%lp(f*7Kv(s03?N@NOAn6v
z@RoH-FMbOU3;UhT{VR(CBb&>uK}`UNOWOV#qvJy_|M=ZE;rVlp*t!^=K)6=&a<H{P
zXwu0)^rm~|p@e$=ky@<7#SNMHDZ287(Pmx8T}~U_Dejpc0`WX&ckgibW8JF$1Z3R`
z8pf1|kqc=DjwpUKR!8b_Sbl8p=-dU}n``D@k>q`>GO>>5z3w4?TR;mL6!!MG<67+V
z)O&EN0y>t*-k4nhRqeYYcSL{D$^`||WLLC?+xV_)g$|YUjCVBJx_J3J1QX8)RFf1T
zeDct)5Qy)dSF6FMB?;SmyR+zklb2{lT&6S)vzL`v3L4S(FK8Ygh=sg|{hWj(Cw9RZ
zmH#Rn(52##w_oUA)YzKa0WY{^aqxy}am^m+Q#Y^U7eW>i#PA{ee7#|;$LfVXU7&}!
zc2~l@qYf^Qf10pq@L0luAm8kMGpPsaOcJy{>ewkXYo)JqEB`U=Lq~WS$Hsi^=V%J2
zA4U*BzXf82KV?p&&-e``b2{|ej4L-B$7W!rIjbIhlPzEkOvk0RSD#cvv+PS>C=*+c
z#@-JO;PyHT_S&Vx9b$LE=~$HVJv-0?tf$pS@@H{t6wS;+Y!lo<=tX-tQI*=_X?pIP
zGNejQvgV&$QC8ltAXA5Wq?Vf4&sKq1czHRn=hq1x5etOMKD_TyApNPi2_CfXR=6Et
z%*@E63w7n;DA=tiuyd(H59##ULkzfHc3r>j->R<YA%?aO5RRi8yJEZN=fwlYZ;Ald
zx@$X;FF2k6No2m&bz%19>o=F5HOj@X-7_<BdLB66&>I)f2IqHG_$Zkd^~`~)=T958
z4-c7fGsd|09n=#Tp1f=hzcHpQVriA&>GnZ*yQdQSRrts!^!LbI3%12*C6;*RrE-7?
zE*C7PJ#71U+UJ`XSOZAs3IpcO!a1pDAgHR%JS3d=b))buUQ)W52Y9_k*$w80n3lj<
zQshPE30+3xcZ(oA6x1#Jg7+z_`89)=l%>+jpxd*H9qHMO&LqvZNV=?UE$+{?u?-<k
z)gF2umIY{EkH){z$lQ;*WkcvbPtp|A0?kY>_NSj+hoN!I235U81{Z4FcS3~`t%XOw
z|KqzB@WT1iiEi=meYDbm!rboo1<5`^N10SQ9UZafb-2!Fx#;<8?}qO^>uN7ch4yUw
zM`W-ej%Tq067jEp|CM3@xm9lO)TXbWm)|aRtTI{s>JP=+4J1(CnsE1qx59Z`e|r#`
ziJ#w#gEFjs<2+~$*PyT#=94+Zj~~93_QG71UKf~LzOcp}-?|PgI=ZVLksXC{gXZ9J
zsDEBeuFWGKz*)HGasr)%2frJYwbjM++<g0eUyhw|1h>x6t1LE(-}9zJ`SFq}xt$b~
zgi{q@8sw<maMe^Gc$n=07m>%J@@rtR{SD?Jzr)s?YA<s~0WvZZAD)E-a=+A`-Mxli
z$Dyj|h9BmyVHuaYUV;P(A=#EHF9B7~mliioi=~P`KRZbNLBQp7KNY=0@IL24cDgNm
z*eTK^7~l&-R_{>Y;k2+(9y)=Tn$iqa{YqF$6XLZ;Rd?9$AwRA6hm?*1s%6wGe*k+3
zHG@d6F*|@L12p+6D`UN1>aLJ`o}1YLDhPu=-yVaNG+>mhu7to-%$d$|+RF*-oi@G<
z&Atc;-Frd&5BOhP<uh5nW#Q9?&l*ql^Yw0CZ0#~<vHv(5`$f=fdv<zKwJsHbKc5j@
zoaU<>JUQ|Z4D$(H#DguMG6a?Lscx=G|10(~F~aUK34P(Em?@KOX?1wDz-ZEmQg#(Y
zu)nXZx_GY+pP|}iTY_sRFOXvgiqq`N?ciS(VK$1HyUNi5eJc<mA*t8FkZkV+c{%%r
zDdX!61w&;TaALe&1D{>(6aRMq{?36Odrl@68fsWwIbdB(3p_WeF!*x%wA+K-J)v(F
z(!0EU4JN6d;~c*O;7gms=_us5B2bTQT_(Tx*YlY&<di602Ivw#98l7aI}i<BQf6>_
zUw|Br=;H+d61)k>RwG4Sj-wp^x;*v?M)c5H*k@}*3z1v<2@UVobv^Qc!7e@?hiC^N
zG>NtVQ`K5~fPXM0+W6gR2vHB~t=0C7`4(4evR9#`N^FZFcC~vm<j6&E1hKdIx%vA}
z8LF<%0x5R9P<6yp+Hz;0KtE?dreweTqXCjcG$g%xyE){|Bj~pX!Ow4Ug5lP@kdG=o
zo*|NW!Evi(A2nIvP&fUz9;feH^=s=eFS1(0B5~%1TzTs~QWX%^?CSfgeJJ$y3%i(K
zIOUKKMb;&#(*6*TOAf`UvAmuog5PKIca+Hh4O32dOnb!w3W@DBl|p{^Z$Sy2Ea)Nc
z!~D-RB1jh5(%&nGM#CTsd$eyR`fJL|XK;w;Kk9d|1!d3q&UA@hq4-d|{WiM^lNH){
zy3DvcYDo4;8W~R*Wg*9cyHj?(=`Lb$DZ}J601(SB2l2ZH7J(V{$Fd84)|klwPfmlc
zf8eBzqtxv*UR&w<cxIN`f!gTgDk|AsK!?pvM3Fk_!HDj+e=0xiXBnsMdx#uIvtgDq
zUG$4qIqRoDU!}2$udaN0QQ;iK(7d2PS#EiPo@zs)U_XgwA3&M##rK?WLRZc`xpzu)
znB+-u-)q?De{J;H)QE%_MZCo*p8GtYuN@@T(xBK*k_;6L;|YDqLsieR!dc6ZOFc(G
zp_hJsCNkoM!PuCk7q9v66c<skU#tF@bg;+H1@2oK$;o1R0f+y6#YC3jXI1Qf-KWNf
z=&Jxl&fguH-;#UgNTm}JUwpN^_>I%|DV#`!XkPn#vrwY#M{)OkRaZ36Im#527ft^u
zmlgB9NzIo#nM}p@xnfN`!5atYiq=H`_!RAagkN&fuWU0MCko>F);>CY3{<I*%M)7?
z>%JO{%UB^60I9XKHiKA`@lx;I4fT1=rMqq>v3q2F{T$Gl>XtT7=i5o8Uzgw+*;#K|
zqM7U?=d42ih!R4!U5eo5pJd7Wpj72Y0&CxhLn+pGFw}d`YlXS4-GRQ5kPrgZkn?Zh
z06xD$ZgKb%6mVCf0yaPqn~{D5cv0TA_v!6*PWFjYhZN((;ahyDMMJ=R9WOD#Lm5^o
z2WoVI;5zIV`f#9OE5~Qo_q;DnxD*HzrM@}Z#m(3TkoACMNJda)7YN#Pz`l^H>-ays
z=(nEDau{73;=1Hb&+4W}6}ddyji9ZNeELHeo~`@KkLlwPy$bY$(Fy+Et4gNOKho}G
zDRgZ;zo?VF7y!ns*Bbyb@>F{TVqZbzAxDb~Ci0pIc~eWY?!4}zu?11+__~a)CI>2r
z8)kk^=FXAW&ZMAPL}un^qWCP7OF`ku8WJR6mB$zFag2eVTJraP6Oaa+vg35j=Mt_P
zWvM@Jz!Tn{dmtFH(e?Q1pXahd`}4SvwX7GQHb;QecZH37q<hl0Oe!e-1j{xsRoe&0
zmRV6>6+KO}DtpTpB97|dxbJowZ);K=5n_2^b}4J=h4-932MIYE+R3MEc7sFk(4JU>
z)jC{W%je8NGIgb{D(rHD0!uw;38k{MF~5ApPbE!oVZn?2Cu2hraIY)$7yFAVg>riv
z$@TeRw7N~%!P!vio|NAuDQd3q8GghVn=aYiGV)&tu;6Di6|(@Lb7<h%QvZYf>Y6Me
zs8_{_1G&xrs@I)Ql1*_`)yLzu*ZBJR3}F`k^H=L;v<zdGrhfYtlbMD2QrQD^XBtPv
z;ChWrFqu~Hbu%5Yvy@d5XxDEIPbubhX*jt4j^Ezt3@es;I~^8#(?F*3bo%&x<dgKe
z!afeRzEcSAmXOh)$x_VxN{&#Fjr$$Xqt^Y|78+(x<#j$Nx?$t7D23W*Pe$C&;6;zd
zoI-u8FUAsit*i_Ozut(Rn2qD>lx_4hLvj@K@}9n+u8L_c?F!wXp)_wC6+Sn`K3-sY
z#0a1qobT7KFA|i%4F+s1ejhI^Qs?Nt2l%9QuPhU_N)UXX7_SlI%W6bE=Y#^YA&(ys
z4G6k`y+LImU}XAga&%no=0sZADUd{grz2FRODeD5Sotkqz7|2yr~+yOQV?}%Ftf*x
z`pbV`lMWnnDblf<?WFvUj(oWmpAFVB^|~JJYE8xjT*xVFKB(jJd`?~I7ne7nENA1f
zp#EkFVV_U0Dy}>6=R_~CG2-`qtC8sk{yq~fY07Hl>p3wOrg?&)jjGEsmnr2Pz-<`Q
z&md3=M?Q^!R{oevYT@X%maZuU@r|<`c&|aV#h<-2w^Vvq_W1y*_XR#S`1+q3BJ5a%
zRDD`$J*j{93Sxlj(^UZ|sss@>BgFd_A1>f!z(L`}4&8Sj^%8_}9l+@*ullp&0y07?
z&oYr5;_d|Z>NsaUSL2Ur5c*+SE`<FNMT*-)qKzlwl7(j%_h``(pl{l?=660hzNql<
zNU6TL<i(=FE35|tG}k{S+X-MXgO*4h_XPH}=c9LaKmYj8=_Z1{QAR^8<bI-VH=F7h
zy|~WF{e{RD3cr^cb{cu@t?cQkrZj*?!@>#s`WenoB_93P4J)B=k@e>ud|-m87a1{x
z+P%gBlm2%wwm-pm*lmSjNWAp>C6E8Qw$g<Itq6ObbSZmJPeG|{SMz=J?CujR`&@ij
z@foX~#NedW-<~x0Vap$j@Q!#3wMuD}-?p`AepJ^*`6PGgDezkNMK^0(hH47u=yS@a
zD($0Kz>#j)O-sdcgghhYU9VRTGdU(aV80&s^MD1?*g*SSCe`?dZf(m^Iy8kNNb3k5
z|I7@u+wVq%pt#Zc{dA~p+aC13D`G9scwK_^0@zcn_evDYP|YU<s$fe8H+n$&Ysej^
ziT;L@+hJcw$bGvfwv(Y6FbI`AcT?ZlzP{2dD;xXa8Hk9<`*M{+F;kY=+XqN)<`Xc0
zAu@L$AtoMb5JJ85iqgX30sXu4kN@qla51_U+$A+akugA+to8@)QR$it6?Xbbc+g|}
zDD^8_(`Wu#{L0|Ea~nZ^9Qf6=Vqj}aO1Yz;L<F;ty=)-An(;9#Oqhc|jMDz1&utk5
zSKVr|&)T*x^V7xHYZd5uOJ0lGvLNvJTSyx{*jYppUBhWXOtTp_obUW{;$Qr%9=~~$
zrit0t7QeuG!uH3gcP2l}O&%hVoK3pb!oEETeb0Wq=JHGO#j<Kd>h1C97(3or!JJ|d
ze@f0>e)c#yt;L39%B8SDPiPSG#moD)MMsV232=j>{3+#01cve}1(oEEDl(M8PlfCS
zAe@6~Se;NDwK{&nmsa-$xr6lCWMYq!+Tvc*#A%<0&rkTdx}GYv;>Pvt_8pU3tfJnu
zgq%@3m)GhWP`xlcNbk~M>ej4BM3a2lCyrZuqlizKHp796eOdH+Vn1j)@*)X0Juzt}
zad;e>$F<CqQ4Y90sBv<VzTA6q@8qaNnR2_U15#$qd8*AQeDu3i9S;l|n}TBdoOZEv
zh~8gPt%uvHdv#y7rkV3v*sCU7fwNIQmQ>|e*E;SKS72M!ywnv>)myjZLk}ZWZE`+&
zVZh;yHG-@AjE)>>PH1eMU=gIq_i0(Q!=Y>732!}5e%JOP&eJrqo2G>JF}}``be@%*
zEGKq&1p}Oq-{<?MIF8>m9w3<sF(Z6*#@}Qel~}y@@#j@LeDB%;NX{jBDn_vQK@Zgf
z!uCdT`+L!^P{lTC9yj;Bcp~H^=wrH?)#E5}00z|}0dL3e*>X_(7UXpP8cN0M&})*-
z{<d$ZmwG=;?PJMHl>v&pkez$BdDMmE=9@3VlJ*%?0^ql#fGQo;XjWF;bS3#MJnpbQ
zO&aHL{z2Z4vmo_rY3IR6!eZE0%<)Fwp4m73o!%A2R(rB?Zci-e$|t(5P}jN!w2hjD
zL_b;ljAQ!X68A88YY@J#o?jqJ!{Ye++7}G(<+h|Fts$BRu2SqDWQKPGG;#Fu&}WnM
z+0bB565pANpGN&u$h4PhD|`=Tb3Ys%^^7QdEoI^&|0%8|K!O2_8Y?hG!Xe>6@Fual
zE9Fx|N4SE-y*#t~Kpc#3Rag~;-=$V=M&*7rbS)Tv+QEsZGY=`q`{^#e?`)q0pC9K!
z=cX1)`ct8x$DdNS0@#Q#3B}TxKhR-VAAH;K8i(Jr@+7qWDr`UFAZXiuN4g<1ofJso
zxo!toAHUr<l;`*L%UC*?u!&0bg}C)2&`49I#NR20^ziV$-&R8dZviEnv5DMQNiUOe
z8aF=<HqF0SwcC+WcN{Q0w0e8p*#uQn{(Za~xC1JojYxP?kA=&YT$tpSI5v!RobTNE
z_^ce;L*<huoI4Pty=Ol4yM}(>+__pj1nKleRqQvvqT{hc+09e*i9+%dP$YF{T-Y=(
ztKX`>QCnz3M-f#IUq@rOdE&M&{lo&~7F>SjyO*8iD#RuS%f<^d#5=pZ*o8DB)mFRk
zlQuJnakthPkUO`%Skit(Lse-9k%V+87W@4%_3Q`*F{J6YbK*6U4fs6E7MFObo1+U3
zv?7aAs7>TpPjpgpGMuc86gG9w)mitUcnxOix7Q9NwRgRNwx(I+rEt;UB$qO63Q^N!
z1s9VcgTHtO+K2XXQ^%{D9keL!lo9kOIQ_o1)M11C59+1+OSuoSE&MJm7+7DPTG8GX
z@DSDe+`WlAT`qfg!t|zJvIgT(b2BJ=toq@AL^<9)7o<Ykdj;pM@Q%F=yT60U7{nNS
zSSL9DK@O0~oafxj7&9o)sjpr@s_H$h6`xRx-Fj8uA;sQ$({#>>Kmo(-NWtSsJYaT)
z^rAueif)|k@oD<*nW!%)mE<RKQ7ZNHUR6);4zJGr%uKK$bGY7RoV*E75JPTYOG)V0
z?fE=LOaC3>R=*kI?cOujq1-P5Y|vWH|DX~X?Lt=Y^;;31L5S=if9(DtFUk<?7aXz^
zg(Zp#dC}v2mwtWAJ$lh!_57>jEhdnuHM2OXVrQrvo7G|#@K&OX@7Lgj<262wJwQ<K
zQwMf&v1Qf+E^_2sMN}X1J<U(}3>*)@Ol2TNYJj^;Q>_oXF;(U&_>Q+%H0Jf7eWhg4
zWD{p$VR2NUCI*?A%fi*-a#!?cZoF{wE?@dk$46mH2IdoAnz^&a+R3z)%#ukZ!+`i^
z$F-e~tME;W7y2CIww%u;v=&`pnYjChm9dM|B6m?U<sQkO*4G6AjW7grD%L~wMitvb
zo*ZF-9^QJ~V|aEfS{rt=nH8D0Yasjz*BO!{Kj_0Jnja_40^5cPw_;MIj!+BkPwQPM
zRIai++fk#$(w+pcDIEu~t~a08#$9vEdN0+a3u~tA(RYN>H-s?(Jm~<#Zjp`vJ57kC
zH(z_9NgAX>nw<=oBu~a~YC@-IwDr0#A|T~vp1fa0KGe^r9}SuRsau~_@)95CHwfGN
zx9YF;`%i%7)>N7I9i(R->@)oHo{YK*uifCD<J<YD`Ot(Es#kJ1=1NQj0eQz+USX$n
zWDrzKPbkcr7fVL*kc9Qs9tr#^a+<NKN`HD>c90h0L`#H?=DjH=CwAOQNv}fTTX5&T
z@FBxO2=wqWRQgbmk6rAFJdl~>%VL(cshHdt{}35*tlB5{8`+^Cspi?*V4UY}$^3Xz
z_5|we6Drs}rNvcWWnXoDr^oJbeSM&=;zqxf<~e=jN0NFdYL%Nw;E(r5LcH%5t(4Ao
zR5Fh!)Kq-KGQ?g0N|ydG{$pvCd1t~^q~`N+-D|+o{;hv!7_ubaCyF{cR34LioKJjW
zc+q`kRENBS>lfi=(sIjBAE%8vxrmYf^%4I{PuD)+-;ek&`Juk(m#ah;t{Lp8&)GxU
zbL5j04=kJ=-zlUd57cM%;=qn?F2zA>>NveWtgeiZULB8|`+kJ4pUw~{R>mK&i8|)+
z*s8fUk+q)78}npg&LiBCV!ykF*E>i4B28N=T+c=LGnU|B^bq|NR6iY#N_>0AD$U*=
zk6~`(Yx~_mPL~}|WxK0=+F+^Fy$Y${v-v_U?ubeN2#kMr?#%=6eL4L;FoA9~!y>_J
z>jbK;3}(fL*H4r8^SJ6rI4>8vP{@2>Oh9I^1+<|mYhq@c+w&c$&8PL`pr6x8c9YsC
zsT%G?0gVCW9y$j%t(N2Ui+%(1t%c>1pir%--7n#B9^Szo^7AL-EjtJvaMs=Lz`Q34
z=j=N>ElRwzPZ+n4ILD5ck@XGVk6Vkg^HEWDuZa{8*8ye7)3C;8BXIk&Vg{Z?RjMk#
zyGS7P`>)kCdiRkovt3XYMf6sm>Y-)?xWZX)Xw>1;k};<r++%fF>hAnfrNnutpgmmp
z^MI$@SPp;r(qpk~$*lt!dOdv~w}E?@+*eXU#n;KB`GDbk9P`iREKW!o_gh!JMEj?H
zE5%fREyE*|lKbR$iTQpQS8C(X<a>XYQLpIs_@j^awSpU?ttWt-M$v7fZP$8s^`H8f
zqaLZM^nc|0aB$eSJy_4PDPH63G2Z~hTM~4pCO8ROUkF~yAs9S<E=31kguLVFLPJx>
zZJw>S-D^urd(zUkJ0v785byn+AcVoP2AtYc;8<aBTAlYTb{jfBGJs&sVW|{2<E0~j
zoI%aUVH8(hDsD6m!`X8IFv6>~4ux8;SP#YAEOK4E{86$Hnn=Y7$z+X643XTY`-H0?
z+Kc$2HsbnVW9!Wux1v?pdH&_7-cfHfYwhH{6Lbs^PwrfamMaRU!KWejWssY~$LVzX
z^!9AfkLxXIu5tO6U;tAqhXW<69UwyB^qr?P{+JtFMP0f{6M`t9>J6iUuewK%3bmIo
zq`|vzW!M3Aybps<Nk5RxwdwR1LGZ6Y|JzceHb>7jwATA)SzypXs0MMgVTEQ9aK)t$
z5A)sYnj0HWvfg#}C18!o&b$2{{l&l15cpe4tqMu~_m{((A00$Un7P`gy!a7=eoK|p
z6(_Y9Bj#V{31l1G$IaP7&B^oZvps`Unx?ssD%kUg#iFw}Bv-K#sgdG3c-PHe!uJ(>
zAMm+*fbrzFd))n`$n=cXEr#p!(HEpQA3g}JdHSNMdyph8I#wfifmblZ(_4sGH;@UR
z#uv1O+|7Z_Q<X_geC^HCACFy!{j~l%ZKR>_hU59g+c?<Jqz9cUFJDWTy~XVmUa8_Z
zpYE~;d-aWJUS1ZL-Ia~TQ=c478vyQrzjE8<h;9(;t=zn)H+tSS?PCRmt-W1o@$%|#
z=0hLIE#yG{rOw0U*Q!xb)3CdNj|eW-7NLf)We2jF)aSm)S9PcS9Kz?JPz2yOP@Z^@
z9+6F|kTZsU(<(QMVH8DW8aKfa6#0CZ!nfpS+=`OATTmDN1UZvTn#RSmjG5(|TaY|W
z7xQ~2POnCb=8wr_9CFGD)KkbKF|}@4q-(`_d-Ar6a5nd4&7v<CNZkI2>KEE7gl1v&
zok4EtWC%zif0e=z#*mBWx70^;XZ`Fnd0>+b50RK1P*jt!1?|JLY);3_*g_-RlbGWr
zZU_d*5jx_pN8yW7ejUBMYt8$$dQ~*<vB8{MZG<&p8CXcI<Le0I_S-@kbKgkbjB1o>
ze}`E13J%1fY4^`Kzf$sjB~$+>|52E^*L)Ft)11F5Qq6S_4ggDt&PKxCPB|4^A3sPt
zh^Nbghk6U1-B6OSNwmVsqKaSbWG-_jJx7lZU%_vB-<|X|vd<`S_ZVpZZsy~_Ut5BJ
z4TBdl{Rn|nh>)-`=!?i%+Hj!T^Lb{!A)_BCS2mH_N#AC;)QNNZ%Rti;5feY_)1`3t
z{YyfPBk9_(0K+GI!pd|@xbgZF4biS~h2YRp!V*e7+VXB;G)N5-?wcWTyXQC9Br6YY
z{|kCLG*P5#1t_n%(i0L<pKnx7+`nXWuE6X*oU5Z2dzfYrVxW|Z+7^;d?emX<&v#($
zYls!IA+%K!PE;ZBy1!I1o0lG`Zo9;)2Tg!>#LN72<%y--1_LF;;9i!&5E7;KQKVn_
z;JocPrD!`)gTao+Gr1`mIW3m56k!UF%nLBCJOX`*Q7`MYzrE<vC|^#s)f1F;^&-o+
z?^lPs1RU>acxK`xjPtvHZZkpk@*Q!<5N5<AxBX~y=_x%>#dF-!YbOpQYPX;8O`^@G
zHc`O9jYt#U+hRU66Y(j!bUA`a8b*ZUc`tyd-8K8rR4KZynjcNYF`FvHv3&o<rsp37
z=<@n(9@WFyBOLwVAV-Db0#lE3_FWi=7aTNbq}p8JWsMlj<)idxB9)EWs)yqj4$QY?
z{N9;^9w!3a7T#Ar`4LN-^a6dZ?k!A$_RNI7Pf~tlw241aifIpCjwna+w2Vgqg-~n}
zf0fsjRPX#^-;Q!QiQ*#eJZkAC8~xQ9i5K_2ria2SQse!Y_=?s>sYr~6{eo)m;?a?a
zb2xnAeilDH@pb-?Zr^BA1~248HERY<z$TV7w3dj??6$1o@KmVXc2ymGf<rKo62BX4
zh@>-$N^jff2IJ+D2}CHo)FPWDz1|`uz!OaISUX(I!mzt<4V^;Nu(V}`eVoOAr3$1R
zFaPM24BN#ZyZ1t<qSB$k>C+wt58p?~4Bq+tqGcuz@vSoG&@VoI>xEiYG&wn<O4GMu
z&j!vCf94$L=hiZ`LLVMDF7of#^d%hW(oT3?i(xt1rNJ7%<$3_l$d%oiU^D8geSeOl
zzIkX<oFT=gjpIo^y3hO^Dv+MYEM@|iON2@Rm2Q6#-DM4f;pZtI$RWK~KKI}iIi<{-
z`-}>EKzS}s^2@TtOaNeXugBHXjy-JvddI9J;b*0<Fep6PTCMkMRaLk78YwhfEe<zU
zg=h@Be~*124E`acgMPuv{mc?=Ul2@MFSW4vykPVeUA`Tko$uvF#`9ZA7{9_RzW2t4
z6rQKGP}t>WQZ%r1nB%m}R+i9(4S=l}5&n~PMW|+oCxTx>HQr;MzCi1|Z?BK=7psMR
z0hcSj5`5NXfM%Y{<WaTXou&eJDeoKwIT}KPCsMHrcq*LlNw5sLPTR&XbM0-UvsP-q
zkxAN20VZp8Pp5U?rI`vfweioZg?_&XYP@Qy-Xx7io`Urws0+PNkqC8+YB&M32T*nl
z7N;lwvdMA)hTIqbivTsS%J0sHI(<}tuozVj)T8o7c?lYmp9Ksyu)kab3;huFn&UJ<
z-^&oR+QSK34WIWA{ZUhxiRqR$2tVqUGf3$^B({~h*UyMWRPA3T2$2z2Q_IbAfSc;l
zFXvT^f6m8|41Tw)th(m`ph%ZK_|v1`vZW66$BCJzxV@zhhx2@}uj$j;)l$J$kTb1=
zj)$iDQ%je-_#kP{J)aZD_scl~_Jn_*)?j#f&~i?u!MI;e<1Y}XgCk{XaL^D1Iq}%X
z+0hU(-Pa<LGTuNc>hA~d`PCWQXm~ZRP5e7kFn>$Wgox_0cy`<)W!4ZAKJmVSj0pMU
zL?kb!q#YS(6$P3SLUXm^;0T7JPqOSWs3wdEwMa>+xtgF@`L8n0v-5J4N+}HO_I`cr
z%TRDFt^}kFSEhaV`<93j*>g9f3<iIZMHDfiKZ=J-Xbq;+-$q4Zd%dOMQs%Xi*Cn{V
znP1wg;6@lIE#1W$N9rpEJ+Eb3ZaTDPFg=?{C!1fdUpM?gwW61g-1F*-4;N-!&t>Gl
z9l6Np50~k6{tWg?SKJ=@)>D5s)$Ov6ZrixNYv*{r(G6K(DJ?Dp%`MsjWhzVl@cZij
zh$Njpe34;77E_};Ge)rmdb3&7eg&$~uW?sN?fC$^9wlz>ulN1L$!Vsv>kZ-W_`7v2
zgN;m;zpi{vIi6FPTvR~Ya6dfvoSwJ!OGa#(aK{$i>u1OIy=&;v-3=Xu%lZ3y21tBn
zau|?DC+*>vJ~!<9wNjeI@}A=?dD4{CV5^>E`XP+>0Op%?rGTc7AimRYz8c5kqE{d%
zIQkxC{q}JTTfomjOCrx?*M3YC3BIxnZ}6;p7@MSZUynFJYYkfbbx>#~Pbj^r>{twe
zDv!_J4>bs9)Mr0_?=_X&y*bh$m(R>&_cc*pXiVjeA;QPC0M;CXEaaiIopaaUhICVf
zg-U*V{(yX-9=sCvQ4Bd#Ya`b);G8e4Skh$+FR-cJ?-6Tgz|o7}gIt8~^;M<!+1+#2
zKP$(^g%%3wenbWf<j!Z4vV(#W+@E;#ah=IDEQ~Gn$UuCi1X-W;XRLm-JCW1+h{f(P
zF28h-ts&}*GE+@~$UV?|A4!eVm4S@&Hrx=ZON~h%37s+7wpRA^YBLg8c-Dg{%JGRR
z0Z^qC4Z1RY4sKab@2lE)f~iu_to(F1pOji(S!&<EzTe`K#P%LWqq=7w#|&CaH3-O$
zOXT@C-s~v=`--$m;`ts-<Phyc_4!>%PkqM3oDnS8B7n<k`ob`EecMv*T5E5GFQFC(
z`0htvhS52_4l)qP*TRR4Xm!=2+iJZC7CMhD_f0yjkU9a;su~oZ&S2hGcYL&4gSAjC
zjZd<Vk@t9|KQ`7yX9!^MnQGtjv$~GrH+(4VDEE7`^!<#9#_acrL_xQb0i|y4Me3Q<
zheTYoo!gk8n1@k6`s)Vyw0$aQ3q=oDp7ACbh@KyyO_&aK>~ivDU&*Wa%(i`v;%(#U
zk#B@1q^3rXqgvp3RpJ6Ciq#q+B-Jt+D0Q3AOb*(7>9EBR$XCudcgaV|jZNa1yWR)T
z51S8K-s*#Y`*&~oOvBzR7J)GmoEbQapzu#m>m`EEvuA2}?%J!*%i#l&Q}g$8vs!-;
zr|fd_gD&<y1Cuy!kJ<vWd{nnj^Kg|o|D-Av1@!Gi0k<w$*L^6W7MFZaNm@@W1YEa0
zGADx_QV@nJMQtG*K@@a}a^Fe1^<KX5OdrP?G*49lR<t+BbDbc0)1mt(0TstXp>Hh-
z<EK|yqou8M&n0Z=^qm?<ql11WaV?ID$PlH@z)A48uq&J!(gcScEgOZ+;^5I4ty6d9
zI<z<&R2on`Y9nLoi{r}j@_dt+?_Y2Ibb!iEA%f45#{)W2Z8uV33#QPjKcq{5N)5M9
z{FZ<OUy;Iqb{zS$^Yh5v7*k4h$~$l6x(A2)jJ0<uEf^UYaJ_0@SRxV+w%N{puZb?c
zf4pc3&I5$-<dREZkcRnP1Ojc*y3*K!uCh$$pVODcr-j;(=MnXJz9nBuO`FsCxju6t
z5Ha=8Ku{~=_Jc2P9iHbPdv2>I1WI_X{7bH;C*)$OUo4XwG85AG*6@;r!-$k%gA^Dv
z5Z1#~O%SC-7h5H_7WC~)_q)Dq`_9sM*>rOJdGV>=?Y1LQRsQ8qFA*H^8h->UFS(Gv
zH6IyF8mmA2>+9$RAyUI%#B(1+UiSUtkhUI?ThP!Pqnh5<=+##^xQ{IwXd5f8nnt`t
z9Un`I4^(=WIH=sso$_O^UaVuT?Tf*mW++T2u`ZW>%XF{(n(H@t+t;n~^KE{T@En!7
z1pLk=1$dC?6u<DP0mM6Omm!tc!NonbJvp_mUH<0@0B66UJUq(1U*_<?MPwjnxbhE6
zG7IWc@1G!57tQiTcZQLmQZ@xm_3<oLFF|9a2*uka)p_aIT;QG!opJSk3*Y=ME+h@N
z)BI?2hqa&rLr*V{&e@*&MIO(87w0gf?X-ziJE^^*U7An+^B>RzVy$uf{q99|kY2PE
z#KMm|Jo7M^y$=`8(iNT(!aL57*HUXX{;9~M)nU~44)fd->ig^d;<YKi-uicBWdqG>
zPWdO7I_N2^wwvVqc{<^{gU(zToFW<mkVoqeNk*X<O32)yT&W?Q5;V#`AVFCgmTW13
z?z1auK2W~XkeY<#-cUD*6M7W_cimc6GUg}!^8ql@K2R;!1<+__AQd5nM(wbs??JGr
zY|5f1_&i6Q*jFp{d%Rr@>-I+FE4JCc7SDboZUX!=rf;f<5xQ<CMbC_zQDNa!zrALi
zV6F5f4r}|c%o7}w-{NPv6I7_(nL&582M0HX6mYCwalS1q)!Oe$p9x_`0NfP6{49Ld
zewc1#2-y+~iQ|{l&2s|#py+g0YAQaDjU~mI7_K`HNoCp&0oxdz!6aoHDz7N4aVqSS
z&Ms^&zA4nYHuAG3>oYM4!H|?{>P*zOz3zFwIoG8%%R?$X2StCKB||e`ms+z_;_QJI
zGj+L@WOa2bR7BAD=BF`7ZLY~?GRa}KTUMpB$6cblR}tU&pMEMl9e4ok?x*9vtE}3q
zmhSi^tfTMvV$M;U9jX#xfqMG6g7~1G=Pt?~FT<f1RcIcv0(wIgkZeAorHm;r34s(D
zWrW^^|8mW!J?KmE{oo1G<8?JKa&6h92GHxwp`Hccv6nfg3TvDrm&)Wtf5WLlN6Go&
z@Pe#VY#n`aHn`ON;dg%LhA#skD(`Y!0DrXJ(FS$PfFTlvawrrT($yQFUHPj&-TQ)A
zVx~PkUM!|HepLMom%r-z<94{1W=2yGbx_Br@!gNsB%Y3H9KI<$Y55QY)%KLXzkPMd
zdST^K8<n`Uq$q~jx3`rO3{_lOc(3xH=h#5>LD<42FZ1sL8OVkpSZ0q?rtks+=5hgq
z=pu@;z<%=SaK-hMv_*X~0+R^yTmjnQXh(ROc7p_!h_rDP1}8%BBk@N?6C~}+MZ>Qx
zBEvape;}ILI>AchR>SEtZ5-z<`X4@|;Zd~9)P99!r^=}-K1gwi<5N#zNsB+aSA#|$
z<3c3suqa~8R^!{vC|;g&vpzw$bIP9AO!#S#Q~36hc`({5qX}r$Rmoi6=sizAb;@R4
ze$F9=;UWv48hj8~dRua}uG78~B&=Sk!4FP>ez+G;pvWJCCE7Mvj#U}#Rs?oxaMax=
zdAdR?(Yfp}I;lM(q*wP1elJA{QHpxiUZV@}R}8%gmYE>V*_6N=AK!ZiQvJDHDNPd1
zgk7(j-BlZ%6u7#t)vpsfQe`W+a^$!YpV)JCA6Iku4T|Kndp!V}Mt@54-=$JMn#fFw
z^cRxK+<g-&2+SPY9G6g1-glUiZ0<;K9+R?7h>41~Q{g<v(G$n}E(i`Jw&8Qrs%o25
zhtK?4esAM$zU+oOyO$5w$F?YNZvaxW5gu@>@<V$D_Db6<Shh1;1GsMU*1iJJS_d5r
zu{>LZx}6moF!C~Q+5q0`DYH$FU%1BuxObSz5-N%No?;TMIDeemek0x=9kMqXVT@Ww
zM>#d-*#x(ebj00<_~UbJRkShgG{>dA1Q9~n`&|Sa<AFR)Vh-5+P(eQa%D~hhP1OHN
zNLXao6<X<^@weZ%6JH@Y9}A*!LKB}T75!)XQ~qehhi^A+dHS~WNd|u@NVn~DAVV%{
z_MIO6L^#2lk2BOGca){HnktqlHGVK`aDNknyFImyKEGi3efkM1?84b9LTQV@mM$e|
zv*5pH%C0Y_z}w0g+#6r3+9&_9)Kj=u`@<KlF)e=pVdz&ypbV7usXE>N-iS9Z(;?K2
z>h_|Jk#ivTu{x{jy%T<W_5u)M_saE3gU^}W*Dgb$gsC!jcy4qESLl=XJYEEQ<KTqg
zdDza%xv3$}cN(fsq9jJ4$%#jks^5JwkJ<+bf|>*@q>ou-TxT7n$&fp2UETg1D+sqj
z1U4U^3_hC;$;V>ULkn_cCOk_$9e8f7zAbQsc28Fog2(oUBTy=*_IJSbgSxS@i?5)%
z>-93l`<2|P;!CR4a=WSG<6>D?q4V%CitR~v%v}qf@(0Tkh$X!oU!#-IyP}meK>`sg
z!r5?P-8H*uydKww<aOL0k=fNdi60PXCiyX-^7NvdYr~sP9P;IUqHE>N+#}Jn7NS0W
z!avB{>_38chs%+nX5hfXcbgsaxD7D#(GHX~i3vtLK6m~?W0246#V;8C0dp99oS<@L
z&<gMLjGlC5B>N&p*`L$0k2D}C7^4tkh<qQ%=5T>K<`H=5k|n4*jtlK*Eg=sHGMQn4
z%7T2{z+hLv5it5M^ykE(&Mpo47_bk6?DlyiCm%S&<xNNc0WlZ;`-8qAe~0r3sn@l|
z#!&zbD`@6D74frn_LnM<7~qXoN<<d-)Py{D^5GQOcF5d_2cDT9)fhjz`#Yb+`oKmT
zyJ}B61o)>s>&I$yDn^|3ir@PIj-F}5y6>9%h-h3e{+=oHtG(pLX18x!e`{{}rX&&c
z+s<Z({A@u;?FYBdo$zNQb1ynIWnOwrlO@#HS5zejL^*y#vNwXx%Z;MQ*Te4jjX-XU
zHQXEq%Ie#6aE<18;Pl5`fs^y1+VeYzIfTcwF+66@VBh8Q*nWEho}BXYBrp96BJ3=|
zi?xCR&m+53u&6Is$N|a(09Ool-t`%U#rZKb@0mCr3bA`V?~R&W8omG1SP*N5jGQ^H
z3UPZs=>WX;gLk4uvqKqsw>kmM&lb$fcz@l_`*-oSP~S%dF<5J(ZqQ%(F;uj-@ziIB
zCnSzZ!`^D+qr(iRDXlIQNjWg$OK#3N)xzIc5}(E^)QEeDNIz1`F@c8h*w>#uO++;n
zjMEGmNDSs`34c0lkA22~QAvkv5r<oFzrTI*RFW;pBgy_5lB3qN53G7oMim%%(3pJL
z#H~g@^jndYt?bL~pC;w`bU?kkPAzwM%OhlvKT*8rk*uy-$~uy74~9_A3c{De_W;IS
z$vd;^=SO6$^ZQd<(=(Iq+MS99>~#`<Bm9vXA>K}C<UVAA?~I>zXY6@64;fmLE=B<b
zT_28G@HsxWC_CXPY4y@Q-|5>H)(ZILY;b6o@DNac1pKW%ZtSQl;_-404&N`Nsz&|w
zBRT7vFP(`Q1Dsf6*RhB~ozcLXDdLsO{xEUe>*kfbju`g9kpsd?oW&C_2!;HEiYID<
zx1;y_VG2vazWYGV__&uwbX9)wi?DBAzb)ga715#kSwv~3$31<&a37l)Px}7wA-j3h
znHoW@L}-Nv#NOS%?;gw!x_#bf0S67hJ+^kZ!=4B5ZFih5*vKRa=m7Fte=WZ7*4C`|
z#bjSF>rLLP0e_UqhsfFxrQ`E`L!u4!zTPkZKxhH)VSl|#^Z4molRsRJU`-PEbcw2)
zx6TWN!<gM$w4Oc-Taf`akhm`@X<gCY#;YvAI|w|`D-xOAo)+>%f)^<Fdo%tv@uN82
zc>@|UQqK@FH0m1EgGlM|f+epIuvZ?|F|%-kFUuB;vTXUgD9gSIgyX*d8I&!yJaDXH
zFW^o{IM2U;V87>BE!A4wcf<{`j-(a1PHJP5#c$qk9sYsaSp0f^W;QVt_VI<o;o+9w
z^O5!Mt?_<MRCC6`)&D&L^Z%R&o9}l|_<Jk$_w~2`!WrP42vNY#eXz-tQvBHcJR{+k
zMglA_0Ba>S#t}PZ9~H8H$CU>&c)zmjeXlh9vi%~_IE3V2NmqH5!5EefFkj}Wp4->;
z`F>Gst1)eOpZ|p0x$S=)`<TI-6&HXzo>T~!C+?aQ3YjKA&CP}x{WRkNCUhUSTKQWv
z{``veo4FU%<v+_~b)PN!$5;EU`|i1j@i;fZB_QX0gn)vuKVgL8fd5D=yBYaHcxtNI
zWQyXx0p4fhfVlu+RQz~B<oDv^m*Dg_5u?5S7DAUtxW)&X*+&TotiRd7Q8B+%>rB&G
z85VYP0%eYT-=2)j<ixJVjGi|bKI`9LIxLcfa=fxvmQ`zCENWZ)v}K7E0ED$Y<pSdV
zXEPuS|3#R8Bkt_?`&|7Stekm}tY?pwRA1ciU}Vn;&w$uQPdhzmAJ5``1F!oXP($Wf
zy*u<o|ELVl>w#e(*POi1ytC<T5{Gz^=`!u}`hjbuECrXMfw9Vd#i-SLJ+YQR{)83x
zwNl*f_>0YjL!n>heOj5luLBH)jxcD{HmJ^z{ft~r-<PFv-?g~gQxV2uqXjU9#74BC
zIgE!dBL;&6QGnk7|C{Ft>8Tu-UOC>(FHOO)ZxzRGgjLlmFVl39Wtq34^}u~DDM!Ai
zuhiOS6;@q?+Gii6D*Foe!6Lq=@gQvA6Zq!aW)QT`pgX!8g@;+#G^V?hEpc_VS)9b5
z;RQ&iow$!Tj~;TS;mZs%8Wya0S@P}k42jDrE!%>OKWEWU8Oe6tzguKC9z~b&Z+|Pa
z?uf10Kl8)OMAN3dir}x+mHY!V_@fVJ;%Sdsx*w}Ket$p<d@-en<`SR9=z_{qiFER8
zR^@fReyuUwKfyhm+`LK%p*_;kmAZ0XY+cIEVK)nQ*5@y8rSnxtbpD_Tg6{k4dJc7n
ztK&1EBI#duc?C&=rFE{**?v3i>y$zF<6hB8TfAEEv|$_U9GtKljVIXe#vWFxjiOG>
z5+%x4)BHXa-Y}Yu;SQA4I0hIrGx6e|-xM12pKthlXZ|vsSOeX;?C7nXG?)82kb$(O
zd_C!u!;q?hSD!bFkm0iTDa!HmnVd421g}E#paxr>Kf-)Szo%PB?K=_3|H}==0f)k6
zz!cm1eWC9%HsM}Gm5Vui>00A?&yybzYRk-EXAz%ci5Kmo{z>n{9{&cozTm&yqVV%%
z)29Ty>Y3zqcpQHSJO(D}!F8@r?r>dTWJ?)0NDH2)d={Yli}Pp?p8ee?ROt&bbg!J-
zpGDo@EC%=K51&jiH|9Ls!d^7NmJ27Y@v6LF)V!sw1uqkx`f>;2;T%t}5XqyEqhF$d
z#Z2|C>P?>HdBl#B6nF#%Ez_><yjNmXg35TCd--qZw0>kLzsy?l^U%l7h|a{?t3n+4
zOphr938&K@XYT|1F{AVjSG4c^#_GVH%8ZLM`m26PbY@`HR)x_%*~uK!MJ=xE%YH1|
z{)xr+us=~lj>i2HaiIw)zt$g)4<>5^!@T(Hm*LT;$FM$$d`8n^;+_NGN8H~piJh&C
zBo{SLUl=h}UOe%V2NXbUdYk=O5U5~qDQgJt_8?TTJFNwzcs_3acc)yokN1<9o_=D$
zS6hS3%ZWP0%V<_{H-2Mi$HI>V-w!X^zol5r{X?Q>PQb+G_gjodZ;(-DZ`Whygv!fk
zpYf)S!J>}Ys?LWKz38{|r9=Js3^k@b`qFN73*~FLhidop!Q_|pgCYi{u?1~(4+&Sg
zwO^OTpU!|iuk`DBlo}&{9UQ^GQu5fv5t{5Ahyh312w`}s(cJSm+wZ*-r@?;7I#mif
zbxbkH;Y<I?RsDk!9R278uYxe~V}Si^J0xM`2R~7f6H$5|&2Qj?K(WM=Z$#l&v}VzJ
zL3O`7$Hz&(&Er?*q2MxbtE+>3IM2<ifSr?FdRt}}hn-z58Nv|~sPk;7DcBfIGN6RA
z9Jp0~hU+eYalKu^Aw|iz-;9q;0p$k2k?XCw1R8?T{Sx=BMQ{6F6rl(g83)W1iB?V&
zEV-7`d}#GMQ(c|$2CQRA%rdqJ3-a{PlHG67f~s4QeA)Y<b2w`+G%Szve7wt5#H~=l
zp$haYC2)qzH8QMXYG{6~6frO#J?Kc&8GI5j)T$3LfLZ&z*atvv9bjzNv(cM>9mL|&
zQG~A3_pe5yq3!LfuBm`m-6}cc*MtP$GN8;;^I4!Mf8JtxVpqy3mJ2}fzOnijZO=EE
zlnzXYi<H4txIZg7UK(gIH$roMj|R*hp~RgLW8}RV{W(Fd3K(vipZ0OuL8ki(FT1d!
zRXf`kG=V`wT;vYL^cA62GvyGdn(+9~@UQ1@oy4!;^)=Sp5BRY1a2{e2t>`O!C@AdL
z=DM=LEj?+r6V2C(B1DAu?l%J2k8z}UpU5Ys5p%fo@fZEg9i|#elMOwjANF7#zbq8*
z{S(XH?X;gJwMy|;57xmu<;fB+IMzNct{#jvu3X$-9!mlvj*8-MATgVVe@Hs7B}Jhq
zivE&F^pPkzOYjW@6p$by3SU2)o~o&to^At;aPJBGtS$DKGbKZkyMuk`K}QC=qI_qA
zmgrFdtxYf^s2+0VZR2_a4DO4j-F4S)!}itDG9`($I~=Ej9w-AH_AZi?(GbYtAd)$)
zx;c^Q8*ebZyl651Qvh?vj|l&HC_JjPUwl2hM1S&KY8R6aZ1wPJ!TUG`X*|3mo3!U<
zJPCp#GaIa9`TTM4dGUPysr+9tq(lqbg@>M>3I`Kq_x0c>f#jNj-oM~wMo3Etj+p+c
zhYL<Z{uRs`Y`4Z8?`70I81F!_$vzRRtUmlS63p9Pe`OiS)h-7>#ko6)*uewy`9uSv
zK6dg2jPGzE4pXfal~hZ&chXs;Id_<Gk`KV#AHVltx!{I(U8A8;jA}g~*{@S`f(&@#
z#%XrO3PxG`9fkpY*eXr@2?B6!#y3u=+p^p@MuU8hk=7e$kaXLE>u@A)-R=9E<NSuL
zNr@aIF66mmyu422AUa$=A-oiQ1%z<Yuz!863PIR5{sO1a(YGOrr0r_oT$Ap+#>)9w
z-VE+GSp}8U(Wikk!f#@hC+aKnfozd*?iXQczAWPU3qT&1ipgdd`W`ernfGZc2~Qz;
zQ5*06@qu@OoProX-)>YYtF^&2!}GB3iSV#xI>Q*9hagOrH=NS?X?~^OVj#E`E>Zeb
z7WwpkicH>|=&^l{M0F|0RU$}!;J@V$V*7o+($%LL+>ffXS7v)@LYd~$Zsjb-LXpIN
zBL~%4g9EnnF<#8uG5~s=?jgI}*?jkm6tKPc7paAld3y!L??b^w%BN13ee*n2HDq)K
zkY=AVpz%ild@-W%f;*RQCtEsvB$D9p8sqOTn<<M&z7R|b7>q{B4(;Kxj`q3PCvl3;
zet6HyFmv~OB08wnf=<~h@u8P#_@Gmg-WosOIq~7_s1*kQPPg_p;l;bx8Q@3+&@UL{
z;^P6pc|9<9(B?0xoy=_Ge?6)A3vm*EW>?e<l`W^<bcLe+J9Y2rGGqyx-9M=bO<^Q^
zvw*c*sdYKDzHtgS)#*~XssE(y7{6a8EoU*@q&4}lqoL*sb5Zm#kDO>hq1buVEbWX!
zd`eWRL*RgAMS$r+;tgXY-5<i5qwS{|m+#|2dhz!l-Y1b*?lI;-qiORf&{Vrvx?zhl
z8wDpB<?Z$*r5i<hdvf*M_PXKg`{l`iCouUt*sAx)!TQccmTL~5s<;!YS?%aN;ShXu
zIOAnUk-y!HzKS+xDdTL}2>g&b!>r)N)dC8VS`G=7$M8?%DFAmnByWlmFH;7OG(3__
z(GCvJT>|(qY&D9&&aQ9%#9k5#D@V*smtp+Wd!*xVh-p#Er4AUx3EVwX`7yV{u>}Tb
zDLSV=Jzx7p)ibAMw>^ThcpkXAcptZKI_+!j+-|WTdd>MAnJ952;MP0!WyEJcz6G1o
z*Ru`Eu`7Mx%5h-)CH`SX>rlZK48iT&jb9r^!Y|UM^t!PDhrsu5Y|<fF2lv4YPWJ&D
z4+`i*R@iB;y~N8G-oYmMe8Z(s-IFwF0^EZ+FXw&r2Z8JsbLI?!4>+Ru1tk~Z3sno9
zWkSOy3SC>>FtICZmj@8ZR>v?_z830cbMF~B7B?ZG5}x+;0y}P7T~$4D`P>EnkM7?i
zPhbZ2zK{P1Jc}?H|Ds~)(4suwBV5`*8a+&hLfkA&_8-4mKkqRc^v!G4rx{#fmH=(W
zA*8TM??3q#G;#6vx&r3X(ZPU=d{@EGL<9T`G+WpP;Wsv6#GPE(8FRyabvpMag^%|&
zCGkju2-Pf7&GlJU@J1I2pvD@|BT&Z#Y|qA<{O%uyNEUm43)Y9UIuz{2m|Tsn2f;%T
zog3)BdkYIS<t(DI2LgqldPN#E3FdwVb!+ec2(bS$RH8@Q&={5I#AOojMA6}Q^6;3U
z58wF}R=L=wEBqfyN+CmKJix~KlH_1rp<b~Y<eHm=OBwc5-4nL7L~h9k`mns9hyJ-P
zU32nJJqLfhJ+&XFCfV<u^F9JdjJ6|u&r`W)Zi6R1?Mr#K`&&bX`f0M^5$Hb{&7ahd
zmXaT8Y0su%_wV8(KTIei5<cMi`g=Tp)kTFj`{Uj)6_fSWBR*TVytyV%fq!FA0NRbK
z+rr7KI`X$Q2_iB4ZgbWr%Ez_T*Zz?kPxoG)3BQpz3PG8`owx&l_Bke@li5o<HITel
zSR0S{%ll_k1d`KUrkv8hL(c=y9Gtm%s<);?tuV<jRAjhy?aquH+&`CBlg84*H0HT)
zjkO1P4<I!>A0L8Z&mcQ}(iyTv3}!TK{V*><GCl%2R(g2UVQW<$D;KVxoj@+68xPG)
zty$Xza@P36J$M?M0pI*t=K)EC$4GU&Iplfyc#rY|SfEBb=NgTGOLWHg7Ua6`4tPer
zf*0dqZlk9Cxe*;ySN&s*w~Z;Z@Hseq%6pq~$3)lg69ODW1b4uP9-zA?td&5V`Te}D
zqeuv;O!WI%L;DdziR~!`ud{;vQ@CBJlKp1Oy~I%ZpOq68$#Pxn-du`CD3e+3dZ_6#
zG4V^=m)0xX9a`>|-{8dM&GsN_dG|>!wKlM8$$zvi-OroSsaA2HWA5aAl>Gb<lLO80
zB~ap0buJ0jm!iYxeh>u$(z%iT9x!)X+6VuaDpNd7MAQz0x0pyGUaY<R;&)A>7uG&E
zZ{Mx8V3twf^K0wDb41H9=-Y~NJUsZxY!2~d&9G(7=aS>V1KD_c&h=wK4ezT8!;7FA
zfxVHX8Z0K`Bi>$0qjkUv!1blJ1)LKMlJ~#I6%xKRr4$+y(c#!I>oJ?pBh-nmk-#U5
zm%S>`_;n4=3rrd+S9vu6Zl;U&cV6qzyk{7(Pp;!_=AX>l`#eTEho+RWZ0y<uLRh$w
zD|e%%_AgcXxYl4BauRLaBiU4c*+PX+-oftO*Wot%)>&*?`#N-GLN}KqOUDyO<8YNE
zo5PG86{GN>+?QJFjpDRoKlS_cxG`symb~CHoP}T7L{b^T&RZ-wgK%Pt{Sa+j>C%PP
zjiU`M*!IZJ#(i-`fqvLkkRQT;Mc2JqU;z{lTBEFoLS%i_DbJzulI)E~qi=}aP7mQ-
z?H|}Uj05r&9Zv>%DangJVZQqDeP1^7ZR^2x(6`$Q6TSs`N^j`>uQ2jOH+CZ2AfI`(
zQnV<dZp|0LhcE@+t%n{xe>~^|UGw@oX+Kxvir>xo4*gZ#F#9hZ?W_C;ofMRNmdeie
z;g_}mO{WLd{sPasBA#DEL@F&9zT@pkf~4sx*m@?;l*-S2J|_>UY+tyOlO_gVo~^ZM
z4g==7z58D+^-6iOq6nTA1wsXdl(yM&SnPnxG4gmvS^2$sFC2A`I0SS@#^2?<!cL>;
zRQ_cq`s|Lk_v4~7-y_T^@U$CGn6#od2^)Bh(u_T?bn`mCf@uR+k_~#GO3~@XBiR$3
zi0b*wKMa|}DkiAar|Y}K0nzq7Vq#karUbsD@W&g}T2U%R&PTh~qwUz-T<*|g?Ppxn
z|ETB?v_Ge-+c$T3%*29HD8p&&;Z8PnkjSrd5i^W-y)AhY9aihY*=cram5f|gysdjm
zVAu9D^ruvw#S;RpCbAyvdQOm&0s19L#@klgJU@~7A%3jsZ6z!hzQ#B)yT7UuHlZ}K
z`~Hoo4Fev|<oV<bb{x)-Z+|5;_oH@kJ|)wL)|Rgk_A-H1i^)2}krrPQ^)JfyAgLk_
zSv@cM9+zRl@z8N^699e_CY_(6_?un^La8A?o{$;&sc{$Se9}>Lxji3GeWr|acKF;r
z)ukfp$l5E<iSw18#_5Tu)hAGVvUGrZ*<V2Hml-TxE~P4^>Tsc8NCah*#6!FGrU#2D
z9^A(--Y*Y9TPKymkh}Jcy#WV`C;HhiV@lq1v$8D1sDKA1vj>{RGGhMzwAoMfa+qw=
zi_8N_D%VSKL)}yQdYB$at|2~rfgs35C^8UE9OYOG%nZ)O&<QjXn+J*}<fZPi^aj}r
zYnw9j6+`FtyXnsa4oY#?$|TdFff@1bwz*VIoFa#Ls_bfZS8h9~1o?d4_`~;-J-7rH
zCFbj`k_v3yu?<TsKX#+nt}AT?bp_VOe#xBi>L}ynJ9`m_{Qj6Lz4*Ecx1g*z>g6@b
zf3MX{vBN0t+0}IBwZIB++k=#T)Tk^ESMgP<1FPzBi?phEla+>fz~=I4%GpAg7J;AM
zf}Z$U1{R>~PrVMDFz(mPq507&DZUr75uoEpr~R7rp3JSk+2gp{uYIuS>ZseBBP8ng
zyYc$IMHo21yz=MUNjh~x`o~x+BLZ$9UpyawG#Y=EJpgaa<9<*0(}y_wV=G=QVOdAD
z-keHjhQAzB(o`~iHi_GgeG>V}`OAOE+t^1jR7%1XlxPO_Mf<*flAqi$uc8xSCTFrq
z><EXlMYtehUR9O|P-3*jpPBOE-Dd4$4P}|cw_Y{!VMVe}H^@i`@9OJKiCM<`N?*Gw
z^S0OdaQ#tVayQ@9YbdBcF|mitT$)L91RF0gG%=(8@*XYOMFcltGslAOne9XOVy*(R
zv&BSu1H)|z-E^<>UAIz6pRE#+JFK5?96wH%kkPzd)j`faEM)QW0e$xwp#m&Q)8yak
z59!1FYL(pSD2iW^hbXq;Jn@eQgz|7XN8+j8FDH_}XI{QOk9kQPBWXOpf!oISsqFrq
z(O+l_x43;~N=js-%i5m)VJoABNUrXWHngS(^HbvUc^#w~$a=e7#!up#&UEP=mT{Hx
z{cC<rhCv(a`}I#oO)IzGg4bVejoHCyBt^Ht`0Psuj;)IZ_O(*3Zb4BBMIZ`d%jbfb
zEcNJ5-;YhKZp^1wj78c0skLAuet=(J8gXYc5CKXZF}5+lA2!=Csil4&<I=)HlP*r2
z=I^h+2dDSk+Vkacy0a|W%LBYmn_y<!S~~+{;HR$%!_L9#R$B%c<Pr2dM$GX%^mr(0
zy0K4opTre@yIw>~?e5N#usMEK4Nk65pGVf|%r6=##xy)MXjQftgF0BEgyG1V2kvFU
zPfL7jAMn>TF+V&BJAcnyFFUP+sVx7vJw|@Nmsoecj6W63VMN!jQ%E<oRs2pJTAWE@
z-QJg(B;1iWnC+{aI!Mh9;(lSG{z@P9FH$EZF);eZ!R?znUl%yalZ^H$mh^2-w?_SN
zRj|7}-0P3<Vv4Q52oT5U3u9H$ueLX9ik>Ayp2=NEbS5xinjA^^J`Q=!U>si@C{%}Y
zn5Q+%P@nz^&JOYI;A*`70FC)Wo`-)uQ}86)LQ&N3A8Si1XVuDjGsU9c%@;ZXu|wUq
za~mN?W=QS|#tgiwbKYLsLqRWek=XH0rV&a?+S)7jE#qk%OqfXD&+2h|PMd(YMXSFb
zCbc&XMJ)iWR+%Ocl(q(x7jitoEa46q9mX~oW#e^Pl_OXmMi5^5(*UpWMt5dDga@bQ
ziim({+v%hun_6%jsg!H{kj3jmZG1N4rioJU@hfK%D3C}pZoiyB9{82cEG`n|PsYIu
zO>j|*6W({80em9+FN2@qzX3B<5ggb#n1pQf3|sK*JV+QdO<#O~vY;!&U9a>^=(*#%
z0iT~BkG{c6?Hq0^s-Pc?9YDn-RoSg5$H{~#l;6p&2SA_n(l5us{yfQK&$C5>Nr0W}
z^dvjO5J)jS7#m=`mSC<?o6DWV#-ECV3r@hD-^68mhav^%wqOe+B2G7<(uW!(8cW^y
z<T$K`Tu-4osz{(Sn5ADKsQC0C6u-%(iGW<>WZTCm;WRpzWA%WnV`9Zql)+5u!LpPk
z9H29;hJm>BAYv|)Al(k-8@tv|;sCM}dn!4=b*wa~7S$QWmBmp&l^<sesw<IC>xbSR
z2HZm0#RC?7GO3@fx{s1cGqLn;7AP4JdEhAaU>WyEsXE1_g8b$q>7%<BaguDho^y?S
zJQ}G4<a`D%2`<I_!MFV{M|>D#+anC47NL_Znah>sz1NGu{o_qehGf<tjY~UX&NmjH
zufe}*cW@BdajwiBjF0LpUp%hpy++e@bI2Rqh=NU4v^;FPP`!OrWoU%Irzi7{Y1Hgm
z+?`K#<3!j_DeAc^CxLhe+w1FP^c~o*o_f7D!MtsE284vq6<|4g2-*Oif(@~rZ*91E
z)A3I$NUIL%&evy7^}A)c@|mLmPy|GAxLp&8c<S7h(*q!T3XioBnJF+_Bg>t01=8ji
ztizY$TIM(In}O!>=Q9Btx2<I^&oh)c0`>qrXOw2Sdy;>>(CSyW!_x~N?_6^&Mr<#O
zcp#y`nt7sxk(TlH+FF9oIEGNS$1@S!_TZPtK+ltvzq6Sj{#Bm`Aq8mfJZ%@d+|XK7
z;xK}4zXUJBiGSI~Vk8iUMCpTXl)-bXhVnYKmmkTbaLO{D*YOxqkzlqO^-1Q>Q`ih4
zlog^cYlqBKl&zqtWQvx6b%h8~-mP+Z@&4sfx<oGl?&Hg&F3ki;!M!X7zcjmdKgT2Y
zh7Um<{|LBFZJ@u5*J@O0!h)~&GeY|Y$f)K(7IW8lpb|sgr~I|(g-Z(~LpnOXl1EZ&
zRPV0`g91+|z2=9L-sRf;L$%G9yVT>K_~VdRGkho+27Vk7`>||{A#nh7k@^=9QJPE@
z^8>ikp2)-?t)uW}`8SmHPN-k(=Vf5*B`CcpA=ZOBxvjvx-kWRH7zzBa(fXZ#7i&`3
zWhg%+1n4Dng^?eR*GJLbg|ERKXCyPQ&vUUSD*Tz@W8IEUKXbT(T87t$n%>;^NqErF
z(Q@5tQ|k<Cekj4nIA?B^xP!Jler~NJ1yF>F{gaJuPxO@5e(74wu*%Ql6g1cM28a`i
zXez0uF^k&~&>lm6(L!KLcKEX?mrITXVA+sqINq-&W|ApE`y|cs>$$==h+8|{pLKV0
zPqKXQg||Bz)CQ{MA_Rk5SwA($mjkm1p1(sr@=fY-{GM3zzyX;P-w-qBjcXhH8C=on
zSD;_&m&z^z2I|?@udJ9%J`Mxauv<7N$yR0zoKf!R24r=sdTNC=?1)1U<)g7DH2Lv(
z7;mrQb0hYP=LtXR>(!4G8@w;vM@l9$(tY<8RC0y>_OSEeKHD_6zcwZIwIO{3g*U#+
zJVGr7U?vcet_+614~2jozK{tB<?j!jdE>FSqu2mqzDc?EZ7VnCYAoB;aSqgHVmz<m
z^(A??CVBx7Gg6LcXNFO>0V_%H_PFE=1`JD}zF=GaEZlcuo4)?L|MnMVPOj}?;BL<o
z+EzAJU*^&>c=_(AY2(qj3g`Ye{Ag{%<VYLSd+y8&Ru8Eh+-i0c3Plp5=k@&b*n(44
zKd%QP{>e<`Y%8MUSyP!9d|dTPA1D$Ds_aN+u<D<I5sEF9k2A6<esKM+Ql0*JFEdzj
ze=5*t@1NU63ZB)LprE@S-8!(h{9UaVuPz@XGM3>!Sn_JB3Df$1e4&3|UcUg6APyZf
zzxwZV+fQ?FYm@N;`OSKa7<J&j-&I$n-;s4mieFIizK<qJqcY<gXkg$8(S(>vABZe~
zjaM^QP5WTT)LKr)&E!u!r*yC)tg5-1`&}C+7@r2wDy2h7+wU`c$_SS?{L=)#5|^xk
zYhIsZZKW>hET91(XRv3VpJ!|P8t@UzF`#OL_<2E~KRsgq_O78$ztDJPAaJb;Ug-RA
z{ct`@zjbkh-|k&A1{c2?d>8vF(QVm0&coQ9GWyKL?-q&xO<+TqaXhsEW3s*PGG$u|
zKc|&beUWtW_sBI-#IR+1;F@e2`=A&;?rE@P;sKFU`gl=Qy2&1Wa4;;o+4krQXEIL7
z+EBB~R7(Yf;5S5S)oK{?TV6A*$`55ZF$kiW)9%nLxUinmgSS+6r_+gmsl;W`ozJSK
z%-hB$ok=0>zm(U9>jNn=!<dK>=(!nH7aKQ}uevMWR>Yj_<I%r&VV$84Px&aOdG@gx
z))_R-_)KlwpY`cwJpp6KUV(8^qWj^6Q|g4T>uclAi*2iZ{gb9c7pqEQdFYIouR0mQ
zm~k;1AzgkzE!pR@hGM0V67?cDGz+V9Z`9M(K+GW7vo9LUTfMWfzb`?gkT(8|FI3Lh
z9f_1_JppBbZ<I+#qU~mAe|6aoq<u{JVa!xNpnkb8Men==FPPNybPA{kw$R|)Bl3D4
zxSe4wh#RX~w{hk3Cq=U-NLwB>NVxb3{%DKy%CEumQ>(^H_Odhzx<~i;MD5w&hPY4n
zmFCucE$T-}daUT(&w@k_d}h!<f&wZL`vAg*0mFyr&EIWgzY4g_KJCL@U~W##jRj<j
zS}|i+?EN`FasU80>Ma^?^_{Pv@@3Dz`P~BvvoCLB2Iq`O-%kJ@&HNJo^`7U`aq0-e
z!lYz$iJh+-Jz<;4>P!U`9xnIe`+5-J3ghXk0`pi-Ze2XTZ@PGKKrLd@+5-)ghN|u3
zr~3EjyZ|wCOFEVOOk)ndc{=nc#pMQV3tgeu?^@R1ua_4Kazyx8X!Z(v5IX$C9d6Tk
zX8)wd_?|Il^OD}&t4{O!i^A-vh7_9hSJl9PCY(17f;yMA@i}c%eCp1f(~`a8gVN~E
z^w8_M3thP;!}XKi*NA1}v-)LeLBuhq5ezqGT8QzI=I?8O?G2U})&2WD6d(02m;3pF
zF_?*{8DD)<HXNQZ|99H7RirSK3&n$=xQGHm_PVdI9vy7_D^w!|N~_y2G(R!@ofePf
zNWKFBg<P$Gf4raeBR#*q+-Z5Zs~1I6;olPGQ0o}J>KmYHJ2o|^BJF6cQA1&GB$9Pz
zzF{+e>M>yrJ^DsFN!b~iissgjv0DG<cEs<yDb;nvstbY!x!17vp;mz`ru$KgP$UAK
zP+@Dv=F<Up_jjxP!OzLQNYdbbMY%?4*66w2zQn<y&FvIXS%VTo5>fCgc<0EJn;Zx9
zAsBv}?^x*+%k|06DYqceygUyAccf{!*7~4gP}_F#V8Gf`QB1Y7l^vvb<mF7mgcX;$
z;hMJ4V1_>Rh$U}nfhsh=F<$W|tKELg1_|vK%}<B9)1C574zR)iBzYa&^)15v=bj|Z
zyDh|Ecpdi2KzB8Qmi!<eJ>J@{n#pQOy7}qxu(;q$=tVtd)A=!N`|V8S9q~ABkO59e
z>6F0v<zMEV%Pz-(TOVzEh&J9UbRsR0Mvqnf8cR?W1wA}(+Y__H4)45L$0ZmS_VCpa
zzi#lpNF6OXIxi{-f=d3Zv3IT6IJGG*g0_`NDWNmEW|#Z@5^b@Y>7TlIe{9x=v&BA0
zCQyyp`nvFiL?Duu=s2i2)E5xS`}xSDlMuh09PafM`OTe!HVAsA9~2h45<IT358lCi
z^~?7}I5btSd(lX{taDn3!{@mi&+lo^k}&9yilk;$G^SpDx3X9aqE()yMqpYmp!p!x
zZrp9TpWcX1uQVW=Z(kSp6MVf7AIKDcV}Sqs`5s(kIGpxQFEK3&w*gQ*L(?2#d}vSd
z@igzY9KwXdnD%8!;30f@w(T90*$&;sG+WnQv>*xWHqsuwiI8s3#ZHqzyysx|fY{<y
zS;po`wn1i;pi(Kv2KT5T4y>xeoR<Uvn;hN0R_fcZW=zTV1Pj$0OcKPd$6U#uG8h_-
zCZ-A3qu2cD>+HcL=1iY4)z6$h@e4=S#M&Iu6}|5a`eg~;KU?Zgs9t9hdMf;Ogw^~H
z2&vx>vv=?HHOU~pQ2{aR^*Fc{f8JqoLP`E%T|y8dosQ?i?N=-b(vRG4>iVa+DNtEV
z^4n{iDMVDT!RzK}x6@9=2Zna8?1L^xoxbn<6=7W70AJSjAhpEQz66$DEt`AH4)2!1
z>gf&H(^YqRF%mrqV#Z<LrG>hHfZ@sEgHrCYPGtU*G#vjVPvLeCALoKk6;}NbcSskL
zqJOJ{PG*mDOFHF?0-Sv4YQH-V&^B;UEY*=Y)!_jjwDJ^C&||FI1#-7W(pATDGdHH*
zTtY3rE!sCvuLu$u+)Ml;^A}q(0)z#Aamf($l6m6Sec$9)4=@%SUa3hUKmB|+%o4yQ
z&1StC{c%4R4%bB!QbBBElx5V@^Qx*%eI~|buM|P5zh~vjWbtJHO7VS5J67r2F}xaz
z9CAf-L^15FjD|&j1Q+Ah;Xxwk?`@Md%9P^9(XIM@r}^Kt{S*pj;xa~~2=4a*$nrs+
zsN}oYD=8>#8P50anWDa`o8W+feHKcZ%!E0W_HZy`{bT=7EjujEI*7@avA>bu<q3c2
zXDvoigEH|&0<vd=cOh_qJ>+1a499R_y29~%KBE}H3%8(o6DCDqG>N<R*Wj*diVD7{
z|G@8vfhi2jP%)P2{SGFX{Lt(>OQirg0zXr<NA_68VQX)l5_e-on>l;qKKl!e!$A@!
z`4R+O0$8@s4ygGgGWQLth-Kg(`HUZT6swM9cZBoYQYk2hA2l~((J?h_lUcLJTzs@+
zEk98iHqh+QA57ln_5Jm|-Dm+DqM`@%hBEPOFDzWGO53~snuZdtaHlp>9FzO;Ybr;2
zZ&3&{p^7(GfT8ij%7C`u+3)^2HVRg%a;k6Ga)g9zw{(xkRpCo2;&xOIO^HEZ5G|bk
z%=X`*NH@0<IXjTv^%}iBHa=SWwRwccM|HnSb8$bvI3`w-(LNGE)Ck9Up}YeA7VNtB
z$jiHrwN#+YeFi1Um7#qE)zMb-)Bf!T;HKSkjf6M;qw|^s$6C9nGzK8qyg>gZle-~!
z(vM$>IieHT1lj$*n!t|SQBCfL-Z{R7<2NVlJMTCPeJt(t(vsu^dNSS|+M$)ao5pGR
z9wrEMqUr3*_oWCEwh-0$Ryri+wDP0-h7HTm+sjJUOt3bmgI(&)q5fn-)peVw?4P^a
zcdSsZ5Pp5`&c$lKC?lMV#dglsI}=Xr>$<7dCGGAx`itF>Q0B4y?t$puGjT4NE8Tb|
z({!jPz=PeBM;swfpS>&=ZCr3dFKg!fx}G2!r_-m+2$H%|W><eLGX?E7jIw~vk9!PC
zhNr8+Gh%n4I@07yC)q#R5XcrV7#^sjbNQ3wyRct}<G_@k-#dN#rs}?Q5|)+6KPA%R
zLOd~0vdU`k(umJPS&Vjn?fkK4j=)y+43OXiTPg8|2q63!HY4@bq<{Bgg(0_Z_H%JP
zy;&A}jB@x%{9<^^BM67@>B}6=3n2YF%%{KQ+jug%>K#JbhUcbuctu_W#GO#DE$>@=
zpwG8+LT}@>KL;xr0gzcfZnsAZu5Y%#-KY)^Sa0Jit?S4A{rcPK3nfr*0F~+UR>BRQ
zT?EtZ_ZhF$M<ib!m!7r2=^cI_!5z<y!(;6B(`uXcyPR(!&<<`YFOSCIkOc_jelsCo
zi`SWTPg$hrp%#>Rk4}lA-OhaQFhp%FJ^kFf&G4c~qhDh0`YopK)l;xaJtKdC!O62p
zPuEfo3(UcwBr8xKlU|}5-N>cTF!IChp9JOhl0};r!<xuF>-{Cw%P(=k{;}WJZ04Ns
z3rZ>Gd+wOWwI3V8M%?s*;jb*zs$eIG(nCBs*6d$7KD%!-6T?TK3v#xbo(@+5$3>*D
zJ;iet#ry7O++);E`p~?C;OGvLk+>H9zNmx+SoHJ>yPsl<-z*F%dbNq$qJW3<wYW0G
zcz9gA9sOaPKx6RJ=jS^x%@r7j{urOc16L9a%;#;|4b@<I9cvTsnw?>rH5OzTz+5Fb
zoc&Bfdt(Y8aS-3mJIPdll^kcm=9LP-BW$<U2{`L(V>ME4jOBgS{DcV~!^GmW9dzM#
z_@ym;skxh~_hvi2P56S#yoSX{xB$xFl}@)m*L6>EB)=aNV<cg4%%1Rmbz=?w3h~7d
zc=-J8VfkbQiNouOyRMJUZbpnks+T>TM2z+5#iS7l&egdOdPMs$tUx+Qn@2d)<b5Zp
zes?)?^vlF(k!l41SvTI}d{fi5Dscq&i+gQdP*1iENXz1+5J!(V@mS;deK#>*73*Wj
zDYdFYbiID{XqIpHIz+T4XxFFMC+A0h-J`x7FGhIORmce-NzRLMWml>6_plD14D2vF
z-2ErF-4gY%3nuqf3Q$dC)k=%xsj8T*&-QT@f$QwVtd5t9e)%)`#_S#EOOKz_7Ne$v
zH9l}Ko0y_Be%cCItsPwr*JJ)$X6?C9=^Ms8Nv`=UZ;~Q%UEROZ%(K&Y>={t9yVh?!
z&@+YimC=N}dXdh{)-**>k`||rPy=^;j~}&33n;V;*7gPt;cpGn!i|>Q<FFJCfSqag
zr}&faPp{;E2vgmBfM3Ml#K8H>t{1^&rn)d%kN%WJcYz(9Zdm6&5;!&ofV10RQ%fNI
zhWBict+~!-q-Tnnw=ShwL%m|mcD%}Z<mlAoDfrytb!cRe<hID3K1PLwUNeHVcpqY@
zW`Wr1D&F=VXe1<FlY3{Q#Wt8akF1KWY_jt@WnVA{^N+q@bdXVuDCb2d6lI7D@v|*l
z4#EWtcAOc`pJ1uRy*Vu@FvH`=M8i4^%R>WyWzPMj)G<6~2N-tZTOD<;0$iKVL96N5
z=|3+=?pa`})%7gT`gza)H3W){pxgFM`-=SUwaLWn#f_DS`%eSaf&eFjjM#QyjOE`R
z3kRo`;Y){8VJ;+#Fl2TpP;mg~<*a@8h@Ja*jW0f%#)H6t;}3z|&!&UqcHoX9DGNFV
z+Zls!-P!%}sy`?IOIYsh{B|FiUQBNgMY_2(yI(It$#p?8lI8dQN>1}-#>yBFi#`1m
zaao2v;<#VB)Hm)-;Uyrw31jfMogv$3(~)PA&ny3x=e=kEhCI??7I<$8?&NXLxS0eC
z^!++QbRjtNNC@?<+AAs@`M6CZd4pe*Dw(K><Rg^&0i=ucD_gEh{Y{(f2B7rQsYJLM
z-@t+UGV>U<x8r(EtTKP`hkKDd@@LI`*c0=#XBy3pt8gHP=|TWl)^*m4aFX|<e3I|`
znLd4jSPo6(9sqskFt>%Y)VF9Tl<FB&niW&q7TSD@ahYC*XH<~c&k&qcvFJq68Lc8S
zs5cmj?OCRHfJd>>ix0)Q`<Sw^$$e=vD;93#QXR<tot0l`UTKE!R&8ZE3T5sa;*S0S
z>EEA_EF>^vX<|r}7PyuyT?GJqcd5W@aYPEry;Ge&(K=$_dYjcx*kBjT`Sa59sWF~}
zvs}Gec?CoL^}X+riz<xJUOv8AzV`jGagMM}!CPH|xrY1S!R*dpxFwZS-=xm7-f!^*
z<et8ULdm~G<FsMgaPB{)&-L47ceWPVgV7ZzOxc~Hk;m6ex)O!NC_JF`e(Q>}xfw4f
zI6gm<KgI%v%bia)U0zRTn3MkGeEb+_Rf4d9nScl=WPxDg<#d3X5e{qJmCMmPB#qbc
z8GeuLr2}|l5os*W0b*UH&CYuS=4vaOP1N*`YyNS)-QZuti|Sp`TA%3m%gSxeq12WY
ztR41a&L<$r@^Qo%vON>~N7C7bmq+p5<Edi(SlyyazdEXUWlF+pxZ}S4%@(t`jA65L
zf1%X|C};DqmGU2NV8b(o`*EV!l781B<rE)7Le9Tli<P)QGxs|BVrL2VImo6!UZE>B
z`!nWDo^=tV4Yka^bCEq>5bd8lK8LNs_}`IfHh3@I-w!F`fw6z7r+920G5|e49O(2$
zdlCPZ0l5E`LC<&pj!K><-qp}s5AZQgvc(*tS1A&<DN^|ic`0j2d4>R1nYsu0cpoR8
zO$XoWIdk~Hzf;|B!0qOO;bP0jAAQs04hr&bIDm+wSg_AU(Q)Q5cYbWFLuDMX0~lr_
zVW<<h(aV@zE_ea1yQl6!>x3B8@|pRTq3`TRijYGC=N@0ZOKsoSSNDDpGBU$tWJD4%
zCSmBXK1SV)R%|e(uY}fG7^e7k&Ft4J@lqJVapv4KhKtr$gRk;w^2ur|j$!z2cFI+G
z5bm^FLJ1wAH+gWmN;eoo6Ya+#tGe$iJCbhY9xgaaU!~XjkgnQ&{e3y-mz`+t2{vY*
zC8w)no)c7_IyuE9qf8GNI*!4;m6%S%qdz6ai&ny6=*a7|3-$Gz<0w{sou-AfUK*xN
zAE$4nA4Tfm-+rPR?pILQEcfxbsC(Eqcdxf-9D3&`{05Hn5kqmGBD_snwy%*^h{mAx
zn(-y`m6>@D0Dvb0CWYmx1y=QUZ7P>ETyHhl)WhpNqOpYtOgYGhkNDhg4uT)bt-b(U
zZX9!x0iXBL2YZDEG;)<~Mtitp1VsT}icv!Agtt=ehc{^zLP}MS=O!5Ew=_ZPHhlRl
zcn0*N6Z8|C7dAgDW7*gX4z2;6cJ1dDBjwKZfR{LV%+2#Zl9pN19)Egr{k{7T0a2Q9
z$iE?M!1Ob5_zg}NHVk8Q@Atc=dUTLKyhJ7_ekhl9dPTW?et!#~;r!=HpQX3{(U`q=
zAc)WIwx5<ZUYBS)IRYHE!%sU>i8ig;k;L$k+#h>u-goH8`+lb*S}Eyt25~Z9QxJoE
zc0JVFv82tGwY@NG^^<qqk(R<o?vBRALh5dv$jfJy_vOMTisKRnff`d0U{kW^&h_KO
z{Md%}%N)FVLX1y^n{RoES`FIC=mX`^2D>#q>!)ABf6pmN)M+9OJnIuqUtT{xRwX53
zSQxQGN%G4Sd@jO#xY(vC-<qdI0iG;e^`iNhp%g6(n>}F71{}|d<yx2xLZtj;DNJdS
z?x#OSr6<$i-Fu4i#skI#l6t@Wm|UxMOG)|m75I=4sh|+X-{ZE5Mg*_K+TbR@sk5<b
z>Z?a@+iSmq)Ug{q!`LHdgQ&#H2`tRnyxvEXJ@A3?xQ9QX_Hb(q;AU4OeS`sIzt%yO
z=Vz_*e8~^Wrc&Azg!UXZ7<Roi79qjB>JaWF%rimh6}&I}e4fif7=+SgH!G`?njq>&
zuc&)MsXRccy`bT0QMG-nFUQ14gk3=;+>IK4I}9g<XUEZlO)Z+O|D2I&Zjr2yb!Jh~
zbNS42aD;`erQ^lS5kN}w$Jq20zn0Q|&o{%(I$UO-m>low^X#9l8is9&B$Zy}>&KCe
zXKGjJ@Lk^sPqgqdbzPEC8HkxM=3&pHtovmw;-XQ)KVpoDqWv$hVIc-H5T%rYQ3@Yl
zjkr@mm3n%QTBT533kS?;^wO8(M{AGce;d+Q-dQWw2Y~8I=2S)J_p;tGnGgSq-Ngl?
zmpsp?TRn*|M`rqf`U(@Zr?z-W9!5tA>6K)!wMtAlvd08NlD#QQjW%`$D9H5qhPtCQ
z5zMFQmiyHei<Xjp4-eWZ-7u`c_(q!ye>cJ1IyKG2zq^C6<*H1#&aLsdE0#lZspsvA
zoD){1h9nIf91<?h>9*y=Jr9SP%;B4~m>3i5_Yz1wkLY%&a?ySEsRG4@P0z;_`Axca
zhb0N_-?aT|(POr2OIH`M?hX1V#qg?e@#t5K_sNeN0ciDD4kNYPxX;<1=FIe8$JpzH
z(={B~_u0uB)ol4NP1eKdFz*=_ytFiMNj^h<JFmHj7n*UG+V$Gd&}Vtb)<e(lNvV`*
zT<m`}Dy!N6Pyq<z5qz)cNt~F<!U0MCwy!grPu~>Hb?^D(7H(uU7UGki>yw&&Se`q<
zosFr>5^iEqc2>!}ML40%zx3JZ=ktJ)aIps<Z(i3lo-exCXj|`iGe60e#O?21U+>8?
zfjtG|O241;N8V7b_cUK$Qq5d3Tk6})EEOs>s1m8xQkPvSVR{zDCks`2N$>9#7>$<p
z!*F{wzxr1^r8vE~ZQ&26%X4Pq*tpu}Q>`z$_?8P``9$IejI}A6nxs1|wVXkZQIpCG
z<NF1XB(@p>p8_mOuuk=!bQ>^9+s`v~Kf9<x3W{RgPK>JfIUF=9eB)P#V@c+^$LW{p
z!)Mrh1oa9l%bH5t8mMgqq2_l_abM+?1RY&?w}~;OzYNxn$0p6-*Qtc)as)iMVJ4t0
zm;G}yXlITwqif=v2VaP1uc+;*%)N7^wIC#cMdOA+?gkN+QoW8W;nt|h<T{wQvJVmO
z=UR-?1D0}S^7?sC07Wj)_Fmk&(XDhjZNY5G=E>oMQ-5kOP;<PR<+{(X2_4BLU*nuY
z=k(UR-)~=V;0oV#4!iH4FK4PL_qZ1Bb-3QY1Omaa-r-pS53&FzPw*J2w+z@9llv9<
zj+Y0`91ajMOwv^FuYIfGlkgIZxX=|2SN)Qk51~c_2LJEiTQ0oKtac1=AEKKSM2|Oe
zTIh%=|2>64dfb=kQXanQOM73Z7dZ>-`myTIU5p>facWV5+82%(?!5KSU;0B_t@l-n
zhtuJZP()SVMbxKGrB``}m!(ek@sK^(6Nc<LIkS$7K)w4A2e}6-(13rr4reD@UB93Y
zep(qwHNPG>TpGhxZ5?^yc<i;#Jyt9?r<6-PlJZ@CoaFY#$bt^0EV}li^^vOEq1Lzx
zj3KsTAJhA@t-DJc4s}+gpVB_p3ykN7_Y}Q|*Ynvn$(7K;{10IUTD?j3d(`OH{oDgw
z7)a~Kalxfopf-@Kfc&EGL=NK*UJ4X}hNbS1w{E{5`>B?W7bAY7<mqvq{U_gXqnCG4
z_Ybtp%@L4Bd<8|eby8J~6{0oG$|@U}?v338GWXekz!Gxlu#xdg2H<Y}u5X9hWDJ)0
z?=4)fudFY8%QUQeO~XE#lh2lowdqSP5)`V=*>c(MbCAvF-LaqYzAW6PWerK#RRXh}
z)`^i1n#KQw>o;eFh$*h`z{?=?+oEF%KnsTd3lJS`_#9-FcU!$?J!?YS9L5fo1O&ft
zAsB17%I32#ZA_b=nU4vZzW4h)3B8cirU?^x>&4TT?+ZDoZOPXRR`We!^QZCAT1Sk5
zY=4%?#fJM;7+bD`4X2mq{9ab<<o*GhFoL;>zzOf^AHRIzn)xaA-R<fg|EMXHn-f#<
zl@5qRARko6cXfK!u_p1I`}`a&Bz}IO>+gyuf!dLQGQyMbCq~!n1lVhNdg=}rz;`E#
zy@$6-XvlR2!-vsf>PsmcgP_O5*(bJFRZJnE$>{j=DeT{rR{Y^0k_sYBu{z1|TgJ>z
ztkTB7sM#T40>QsuC--^T(>1$q#P9T6e}U1C$Zw*`mwv2qH@-h=T&!6@_=|^e)w1oY
z99tEs_BXAo=<IHptL!%S{q4$i3RBnDikknjv8nJPIE`;_ah`^^7cy)xgw3J97pU!u
znuK;2>uWrxmDk>+Rs+t4=1KMHTUQ<NqR)@|TRJ5@5x01f;U4w6!w6WRO_RA1_&M15
zI`|)M_t%cy_Rk!XKbHiU&iADkPijHxt9UvkomPaQD4c)y*<#@_?p`mo(DIxg=WsG@
zB2_l$uliP7b?b-Jxne|L!JMecNWaTFhvhh$gkUL(tp1QM;&>w3o(~Q2Mzl^wkNo$T
z*O(1tHibfnm{sQmjq&Q$BDBLH!69<y)WbP1|DrYJ^U@<CmWGS5!12HUa#DRu1NHd4
zo)EFJI;u*QE9)e&6U7jAN)mMrVM68?IipMOqw%wEZuk<t8$K&zctr%Qx-lblLmCI`
z0V-|-h0iR1j3h?St_uI&Llt-?HEGXMFS=T7fgbebc+u^JnNDR+*E41al9!KWdHVrk
z_k|vX>%0rLFqO^5&~S1xlH`D9f+ZD=1DKCK%P*bE?}l=km+^F}<;qp%F55n{hmQqX
z!sU;$c!4#yBmi|u-h`-N$)tx$@13*Xc>EZ7#tIQmO`W;vT%x?`Y95C%MutuDt;a6@
zaBtXGza@L}Ks-pzd7Ys7{@~YvP8z4S2nSCbd@gsIrb?q@!$Zb<Ou~;<I{O7OS=nW^
z4*f^CI4OB{yg-<Y=Ohycsi@(PB)Wq8yV{#b>1~@<?^8`WfQQk#_97d0MoW39V6D8D
zp=36o?so!-lwi4Ma;cg5z(yCx{z<Qbe7#9po6?wv1;B*LxO^k6#6q{R=b-#@-2s_V
zc)^-Fh{ju67)2<ASLREef~deGYRsbh`Lr<*)&qG({rBD=|2&9^=v6!+0e~%u_T}${
zvG16JoV(LPw_By{SG^+<j49WLuf^18BT~(~JV%37W$8P6><h#cW8}<jQ`V4Uuefv+
z)+1q{yC<IfgA@Zwy8K$0<d3{w-%1)9`!fIgRuRp4(fD+nj;)2ny!hVXKL2EdKFasU
z2ZG9c!2o1;-G-8^A&@N=4T0zY<dA)v7srH(OgcR;KDlV`wYj&Sm)w>X#4;EjfF{ja
z&!Q(6;}sP`1w%UD`NO>hO#|oL>M(l%03(LOkM}gZQ7g{Pp-!D|2hiqto-Cqk&;^^O
z_$+1^NXILnL1!?egNR8XMgCn~_qAB`2UdG{^xG@4*VR1O&+@42rSv8xuDLqkf9C}N
zfQ_J~dRc_~4vZ|*xINGZXg*_1MkG2IC-hj~2ia@)Q>JfGE*TIoS7PbsCbG!n-Gsq%
zO0TYIX`d5h&OPc<0wI4Q^-Fjo#hk=Y%)W56LB~6dlqTGFk<+}7Xtu5a14}ncmV~;T
zE0VbHCwO^OAk%$EcBQFY35@V4rK~I8NtbU!d5^;|{+KKgeQecKpS*rbeDnoQ?8mM;
zY>5}<d^B$7vHJ|lVnv^9KA{GE?2cbDqS~QSFWVi0^541CjAKpD7I{{&1}l5qWuQX{
z*Tb|LAM)`qJYFlzx$ylIA~<e}izFf?P;{Ru;HsFh=0EPzRLu3}VDOK(zO*-TC7gY7
zTt>jnWQnHupc-k0&WPFs)XN?Up1)M!RL4m0V2tpiv^)JyMol&dLhXuExHlJN*;Jgj
z@&~W}T}xr^;RNrT*kg*s>(_ewDJF;2-FHols#?ZRPXW2^RZfmEg=o|A%lKa7?|$T5
z)HQMct(y1L7g#EOE$iKz=LbQq5@?;;AIS=pW6_Q_G_K(MR5}Jqp1gVcnww}mre6tD
z;teZ0e4h8uM|?hC&6lAB<z}s^FU4T8KO6--s-w;2)6HdGe-*$HyIIe(J4l*3OP?y!
z@9b+k!W!VO(ffN{^hSL-)XL#AML+?I>mUc8z)r?RN`LWT2?9BaQZ%~v4dHE(^<`ht
zGYtk1e6lBqN(*H}`TkyigiDXY4Z`~S5SIFWiG>6hrg(TGMxqCi*{ANCBDtcs`OGuN
z(g>6i@nhNSj3Y$@9z?3JBR)BGyRR%?n0hwz&CEP}x_h;<_|1NF`IQzwGm+(lm_}dp
ztKV$t*~X8jNRO?ba~i*|EP1Fa4VNwp!xTzEH9A5<4Hr^KlFyKMfw=vF|0>+Zr@{Q4
zZdhfNRJ(@0hr^jPTcNExThP_-C@uTVq|l7U)tOUlZFl-C((;S?pd*(aGcT9pt5WyF
zdtK~3XS+5FX2qK@L^N?X<9m2~USj^M!UJ^)%Nn+eY6ic@lOwtM`en9PM_~5o%cSSA
z<`nzBp{>MuTK(B-(e+oIv>0$VW*9#{z-v~-%6gu{6{BV<|4@-~nV6*axYM=a4iZIy
zb)Hp+(^?vzc~2V({bR?GFeyh?<PbgoCS1E$Z-|Q~KI|v$I|PS^E>FZ1r$-p2^;$ue
z@>doQ&zng*h6W|KARPE33BkI2jbZwi9*bKCo1Yxxs7Huydy@zO&~Qq(2v~@OwS?uO
z!?GH7=`~hhJ!6XC6&@N~yy4nkxsg5D@qVhYs|Sx(6wuBZFy4oYVPDECNxl?&y$F9$
zoW$djFLfQy3f%fAFrJjvk<k*sPu=vY-$)NOw`7LN?&9bEyaxuwY6P~Yiy5WoYm7w7
zP}9pTFIkB@4&E<LXKzhJ^Z>ow;RY&HFO)$~q<2nvC{&MYgxJ&_4!Nm>oTvUS5clD2
z)r5YYAr-~paPz~+x-W=1EgRy*YuqC^W%AZ9wtw~$GDer^S;~Y=#c?LA?>khk(xGoq
z#{i8D!`SMU?px^}juvF4jSn+p7+KT&UJ_i&f-ImYEZY^qOULgKJBczDS9pHmi}i@9
zJP~z>?nJ|8WV~Vg_Dw*3K`dfGX3hg8xMfU;Y`9^|F!Zc!k6Y1`##f2j`+|b={>~Hz
zq@{g@>~ou{yOqiG<2lO?{`-Y~1E=@-3hV4@s@HpZ{_dlK!rQpIw=6*T_fWLZ?&zb2
zPp&^<`m~}b>6my2EKLHTUEvS9`Kb*vnfetj@9Hq}Q=dPd`!*?Juxt6g)O4j!`wj`;
zbKygkt8n_AF2~aa-}(g?1kTLKY(JH<Hqe82)N9h63XV=Nz`<`DTuw<mTX8uW5QP^*
zbNbcL9bBf<leTV;$^pXjR%!av97!lh!{`CX>W{w`Y<`>N$xG|%m5$2iy}E)2(@+xY
z_u=b2f9FPh#&k%FuexC_X=HreZv8bySWz10@p1e(KKfc$M@iK>?EotwOt=`M@qP&(
zQ9rKfsXZY)#RJh?2fo&a|65-LZ-&eohNadgP3^xlMon8kQx|%YI|`0ybL#yhXTc3A
z6j89)kmLT4g$VeB1bzL?MV<D%eDI?(`9`JJC3u6j*JS9JL9DwkWB7ixh#rJ!BQPu4
zvABEw+~Nc?YR2pF7(UR>3(9y~9>>>2F1*rKHlt39Y@GzG{X*fDjU|3__0FLu0GIeZ
zN`ob~Qv;<0(+`3b2NWru+rpF^7#@3E%0DDuM;yu-0U8Pp?6aRMf$uj7Eoy1z*rzbM
zrqAeUnCYT6ZuCi_iz%a3|D}yzM7baM@~mlcfl<~n&?0#u|3<Mea)}jaNVYEzb{V9T
z1i5E`j5$Wfw|H1b{D&B)gdHms@+2*#R`)r>EH=H`DTfG5So>n;5me{z7r5yxSF_&`
z>5B4*RVSyVWE%@fieHA3R2`w7-Bk>l`{4j=%%YL^?C0CDER3cst^Ysr@OAnr7L|H(
z`g4K0JJvu$C98Wq+^n4Xe$lnoFi>d0*~@w#+<iAX6PQ1PL5lP+rts5vZ@?6rYmgc1
zDL)@wOVdS#d*{Q15sVS5cTcoBi<~?W9?V!X;0B%oG19~SW!{f~ZpNh7^d8Z{3+6aZ
z{ldfHtHsQbg>f$`%2C-Y&hK-L`#=&}-4^9N&KX%zIy)0L2|2cDzbLBj8(lLY3PZ<A
zqsSS9^Q3iFe+Q}1N;UrqgR2B_9ED{Lyr=Ohf5g{z^;$KMQ*_t@pVcQJDl1tg$Tak<
z@twjdD|jakxzOf&*1PMfZ|baTpWg?S(QH`Iv~sG0qd+;+tY)B=w?X>R1oiDi@pd1V
zOLQwjVo0;{Y$(L|i^L?i`$O;Yon#+=3ZL^M94GcY8Xs-82WQU;)Zy3h*HWMP^_25d
zu`kOJ+?IYiP0_#K`($&Ng)J?H{{BQgmBi{PDVOWUru&CerjJ5D{9bkbRea%c9JM1t
zZkUkS4O}<tyMzY9O%+eP6!?YG0`8m?aCF^OmjWjEf4aFi{j05T9}0m`{1R`zeFN|5
zOD)V64uN*cwrYk8hZMnwRr^(PCX<*eqTRnFPQFIO{M2hPd*5;AAH#4Ds?ry$1RVF9
zCQ~4;GkHOp9;}~o+!w{wZ9l*IV~7OUIJPGmKj<y+o9suxJ<OQe7gO#ZOJ~;QnifUj
zzmy=tBZ<BVL5Md^5P~4uUw@}McZ|B{R;3Za-qv1gu5V_%<LS!XYom?fq%sv3J3=?I
z?zM6eu@7?^wE6achzKwCWhJ$iUm96alB00Q;=qa>GlWtPm)K$)4gHY;jRiIP?c(2V
zH<&pOd8Pb``mLTVM=zNnatB}X22!_WP2al!$LM>ZbWoKO`s0XN+2_6-(9%q$;*W&w
zajzB6YP3a<|H1hfdI8iver`tJ@)QZ87rpGOIXJ&Pj_!kiZ1j^)7x(1Cu8E&G<PfC(
zwoHDXJ3t?cMmqcC-nT0fiibFO-qUTo76Ln!s>2$Vm?%Vu!LP%-Xw})db5+z$qpvKB
zax|YU9)OYK74q{dDwLuh?GrbDBKk6yo)@Yjc1|e&JZuKj9G!hW{uGjEv3YrrtA{4p
zVe&X^mn+JY^RIn6_P+Bbt63zJOJW;dHApMq@DMURwV&Yg4Pb~VdytB`UxZ;m>~Em_
zl@5k)u2RHfehsHP4d}dAQe0oJc$!hHf(w!S!0#``Ll@h*h?xDf0|!e8VKs?I?fFWC
zl^T*6XYG?t*;Y7Iay4!#Ka6cjC1MUXB{nd}Z+>n?Lg#@CWHUU1?c|7g8VE(E!e!>j
zs)u?8TkG=hirE`zNpN`^FMPoDE9Km;OSNoj9Fs5J%@4%sx6hG0Ra>--_WRCkzZ340
zJcRDgHUks~Z)L*=|LaKncAPhwB>}zLLxJehG{A#*HW|Zn^Y9VLM-;RZxHi`J2V;{%
zW}T!S$ps~QqctzvwiNH$Z+*Y4|6^y<+rEN2%4O-9Bwz&6!=IXl#bbXzXfeS5NqDA#
z&@1j^7ypTe9=}vDzopXd4|2aBnEiNqh!mBWvGC_e?jO~rH`D4*ArFI%oIpFnMGya^
z9(eBPM2FW!t6ne(mZg%rkyS?iS#Q&~eGADJ?1%TS0eSzt6S=RIoCW{jXSodw#a0b_
z+94HU8Y5JPD5u`s+<pGUj(joC#PQSsc6Ib4I~&Vgl<D?{S7jsqA>bAckiVa>STkk&
zF>bc={vEK;d8Eft8uv^8fCpeVd|gzOGUCHD4ST9XexLGO38x0Sz`%^Hk}}Cdl5Fs1
zv^EOf9cPo+YV$j&$(co<MDcgkq>5~O;cDfTg>Lnp$<F;|Y`>OKxK_6M;C7y{>1@o-
z)4o>U4C-XcgPPv@{YC=kG~zy6pOCe-S^YjH9IW4s##;2x3S`;#7h&W2_piPC?+@{>
zX4Atk5Py0s9J$#2oSdd`u>QSV?CAYNH!hye6TEWHeSToZ!z0NL!L;XqX=6V!E$>Oy
z_YRTkefLFe!M8Y-_iVep#ph%h%*Zyx2d^UsU^|>j$0_2&bN8L!>~6BLr^G*W33S#z
z830;1&US%hbo8E+QxkMNSzAzz?4L9l9H%iZ!|wX~KSx7Ql*x%5_sfnZ5|V-6q<MTz
zBThP>9kBQO6kDY5<lL0Y#jpEpUahuw;P6l8*wUF3>6DGXWI6W~QMHw>awK(IFq?=T
zChO^;5;TbmZ8!51`?sZi;&48omH;D40v-Rdd_Z&UdW<1S$QQxDE0KK&9gG{kdJFb3
zgO#(qUMU@A@Eb)-FL*9jd=*^3dMcCX(->>2oc6E2p9diT^T+wPZ)0jnMCqJ+z_8}8
zZBT!~(3$P`@J$jT`5qMpES4W!gwqgCxNX>ZLhjl0M*cp~g29sx5@(Z&o6mIxmGNmB
zhUf5}GdpY>9^AI!mE-$nz<;icm2kLZ-xc#3_Tbc;KRD*ZQw*l<-4|d-U+bQa1HvCf
z0IOH$%+Ys!n>4u*ulA<SWWCqu_oE0$8`-4ylTo6o6rgLaaU6}zMJEJgqO{g2)9Vi-
zdC=MmoA^fYObCY4aN@q=A4~>3uAL9S>OFf<-|6*@vySUSjN2E%N+g4BnCQe)>!~;D
z5@cdD7HDqS`od#jewvhrKdaj>sW_!||7mr`$(XnUXvTe*<&QIU*^X=bej4%=xWN%L
z9$vrrFeC_%VFiU0h(Zln)79&5`n--u<!V)+A94G|2kDV8o9spGj&578(fEE<dFeE-
zrSrdN2k$hKymD+cJ}DiM*DtWn0M3(7>U4$bl`!G?aqLRP(vemuC9ssG_IAabKt(_T
z>Qh?gWn);=>+?&Ddp_x8H6Hbq3+wwehZjW(?Je8`lA!|U_g2hp>8fAOJ)27qE<f&0
zZrr9rq57`Qpvk(6B{=OSHzV<U?sMO>Ve^BP9%I{m-`_)*%d_)l%|k!HCA@mqo2Xgw
z=h~iZWjX$tI5)5ET3d#nu|q|`%=Fxr`%N`f`(q3nAotZ&(qEF!ih1v=PJODr7##bG
zig<>82;Wn?mh_<ttL%GLK{T!Czr5c#{F(Jdm+W%-{y{;i(%BSPJ>(YSWI(-a4toRG
z@D4i6>KKkin@@B?gZc7PM2Okm?NewyfHHo|rF<Ws<1sJ*eQfFA6??E;k-KMD>vewc
zE#XOZBW2iZsof$$%6dY2SpqssY}h}wpsw+mWBz#|t6}PZ@lnDg^m{s;lPtc%vI(NF
zq4|xN=aJ*8lRcV{BQp$fjfsZ<#)vwV`|sP;HL?J!7d(2V-q!k(L$pjJl4CzXyL^8z
zukN!Ph(U*RJ6+xWiHzpck>8Vj_jA~)T^iZKGKJbFEbERwauv)Q_yD30uvmryW*z`N
zm&?9d4N=x~XQM3oBqN@bbpJSXxW8{zDKfwEH8(E>>bK`DL(c*bxJ_HE^_L@-D@aCI
zoG_%+)Myqj$oQ$rMBmng&<fNu+o!Aurx@WbFft)SJ{^*L?{mVwbrE{~wm)2&@~rA7
zw`i^~?6{>u^5%@H(e?U88$IezEUfEvUzmN5e{)pj@!hFST|fA9=?p}L-z<RAf^Q;F
zZy1s<%yCh(Geqp9fD<Ke=Uo*!2WAR_y#xxMPLJ`|PW3ycFVo(y-aG%ikv7km)n?Y0
zeR}NmZA-{liTC`^Eq~Te`b$XZDK8}neS*LgEyttnafjpmN3R`T6r!=yFfm(;u}8)!
zs2gY*u-B~;$0g=YKQsR2{G%eU{91a6Ku%yW_60!j*rSV1Kz2SUd`69IW-IQa_*EjX
zdVA$?Rr=B8zq}Rihtn9Intj$GwCwftRXvCV=wDyMfghX(Ub48$wPgO0@)`bd*09P|
zkFr%uAEyRD!*uk{Dm5*rdIT@xrX`>lA2*`gZ6bN3Dwx0Sg5nJi(Ak={U@ETyEop9!
z2Dx=bn84>!ddL1EN92})ICTEKt+(8WWbl&GXcb!|Lq8?-)~B|vC-vf4wUJhz*u`29
zl^VpEJGxtZS^Q@EYk9Dx`WvG-enNn~Khdk{iP6>8^o+wWR`ew-ldv0;^Y|;N_(eS>
zucL3gxLaSk!`A}qua&>M=zEz;hNkcCj%DNX0SRftL%~Zqpq_CJCg-3=%u9U&=G$MO
zQ2$IfbWEdt=12iZ%*#%3@YP%C=O*qukTNjGjTKxsQ9QAx#?nEE%0t>;oGuT>@jsLr
zY==081BRV9o<?iJZfKbi?D^fDhIEkNKVFA9G=2cvN9~oL7KbJE%`S;FUmTKeQl>6E
z1_sX8eGO#7tpH?-eXaTNp|9@Q_~K?cWnAt<_+{9$qICc&c%JoZxjJ0T!{dIFhyI5B
z649`@y<A2|wr1@dU%E*m)E(FqfFkolIOq0zkD%F7A<8QFyzI;U@-Y@0fGjU`cy1N5
zN|}zopGDLX$&QQnlUAfQ=30-YM~f?7x-JgDNx<3;NQdk4dHU>&II9fH{xbNxI}#s1
z<#n=>5RZ4XQLg^8a8LTPC9ewM9oJC1uAMgC;3Y3gjPXU%yhuamftPFNDimR9u*Y#<
z#pLHxDMo~}@lRtl$Lh_z7Xh&h-?Ycq#Z?lQMzwk&59T$oe#)O;u%bWoFE%CGp@<GR
zlM(Ot#GScwFOJbosrG;?H(Ku1hvgF-i0auN!L!dr_udwFFvm46FDBw$yv*`W?2Yf(
zSQX}QX+`lIzY8S}S{a9o2fZVP2FyzwUM=s<o1?8izEb@%6iI8WSpV!tyE`o9KE0n5
zcb3QNcD9$>au%av^IgdaH%9znEPj9LXIlBP(73T)Y<7GEXxAHs4o*ILmTF1u!boV(
z6Rws?F;V&3=TkM)&-G2&iOqcHDwQAP<qqZI(~NsJTNp)fDc#S>!Fjv>@4d*;(B8k~
z+dxk3cHns0@8`i^YBj$24m+R2(}pw!*;`L4CfK(gh32@WhT1GdxO%Wi-B|xA-;a_W
z;hw~oSMoxSa+?}!#6`@r1|aRdw5>3R9lNh~p2u9H4^-!W_B+h+!du2~EfM>~k&8Z)
zO4t9YaQ28Gm``rHDrp7@5+DE#k!kHC5c2^0eG_h{hVhqnUxHWp=ZjCF8wRN>==<T7
z4Lr3i685LB;d6Daa|JqO=R7RKWnUfS!B3n=t8&%T9zaT`yG?jL>MnE4?IJHeWpOE5
zKci|NPS3h{B$|Hjz`laOW_F_8>AZYo#>_To;@upIgU#6kk^zS$`%D@rB4>&eRsf^U
zOf>OVo6j$&s$4<%14wv38|x(06&#AZw{t0)1QXI8&Zy{Ot3>@|8qwEa#0Z&_)3=xd
zqVCKCjDd_QYMJMfCHsOXnt`dkE;lDdhcov(jV!NCYwPsB?E{wP9o)};_W>Ib`_8&&
z->b*h6&6nUfQLPn1aAVLNr2R@U4zQh)DD?AB4r80a8N026-507TG01(cj?1LZypfx
z+Po%1sAw3L_WpckGdY|g1-OrF+bi_z3AcuRE7B)y$F6r0$ari^I_C1h`k2Elw(UJQ
zahjQxs5_UZ2@KBWJ!b5ZD+n;RqoQ%i1elh##{vsE%+r%Sb)@I@>C}S%0P1ami?zKe
z%$N8Kl=AbR`tp|xFe_sZy8~f?%IrsjjkK@QCGT4V|AHcb=^A{xO~T>k0*q5?p|y>@
z{c8Vf#{2!p?dPke^xyj0xH8X(MB1WZbxjo-Pv+2H!9P>pzPEi<>=vhMa-^omj`bG{
z@RaaBIH)|f0ZSB=@?IZj|MG#F6s?~tKVfPVhRdb;g4WaNEmx6?>G82HTo+s}nY0X%
z+j><ABpmE;ev%3*40Qh888)jM9KttrHz<T&bVh`3;od^8NmYb^Th~eN9YHC<=bKb%
zr1InRwWPCd?0fCJl;^O4M>T8jce|<jvhqI}T#v-Op5@ew4`Ml3ngDcC_4{ipL_3M8
zU+=m;o<my2D$&+z?RDP()^?h&eISI5Z4wvIU-)OznYmBD%KUsD?|L_~urLD6<BG(&
z{MipF*Bu@gTKn3;Pgttk;*R|1g_HA`{}KTCnPQVxfZ>A5uCQSf%ns>RgPiSw>@QoS
zM%wSZ&(QYkt4~HwqjJte0-dr)kZ`oo3Ex^HAoWV`<A+|g(*!9ljBnWBqCgP&9w}2l
z>}y8&-=2V~tITFbvm@QX6+m~a&N)j{(EE82YSM8*SEBejVoTdYUHS;p>nfiyJpx?X
zX?G1+&5+C$D%N?xXL43nmaYC^f5+ED*U4uzm?9kSrD)e`%3AR|y!H$VTq550<MDP4
zcxh|*(d9MXht)X1nrpO)veDDmM8&>(&F{Dyih_C2t`M(AHtcYv_c~i*Ye^3LtCQ}M
zC+>Pv_r%E?txYJja4CU>RQlTsb}~>&v_M`0SW{2btI8^%m69qM)tBqxc_eG{xD&sF
zV<{W(Q0DV|RN8JIl*=kZfo=3AD1+RJod}C}{WeWBlvm7!Jp@jCicr46OW*JGSkzLH
zafCeM?<<SBT+C#MZ8Q1Q-+`Pe4pclUE-|q5>v2ARPn!q<UW7z<3)-wi_%AX;o8Y5a
znR}|gg5T*l1|`>kn6X`vmA(53dV2VHuR)1c{pcdvWuix3&|#Z`W~?qS=M>*`iniqh
zL3C5LI#p@~xt!?mtxD@-bc*j?1f@8<3!jJUTkq%HNHHe(YlP*6lU|CEc$IB*EFaH3
zvN!Vr)HpiTEh1j?2v;u;)nppijQqvm!bSdQX#Yxo3g&9BfD*Ha$wZx;G_;YLj(C-T
zV?IvZlep!*4U^jS7N51t?@1EpCX(Ag<PQXHgxJ)BMf`n39IhTYY{P6Rl+BF!O5Zrz
zgTavg5eg3{MYMmmdCnW6K)k?rLm9v<1own@o6kjp=TFCSpUow6KVjD}*dyHH<u~Gj
z{*;g7HSGo(lEn{42rAZT?-oDt`-@<$7ah|_x==T%do?y5`t8|_W7i`;alH@@dy+Oy
zIJHITJ|QnZA$882{kZXdzt#1aeR8>+rI=R4gI9&Ydi|b6<eu+fC%32ZE|ajKhn3*3
zwKPA<_eq|AAs_Q2Im7c%%DbsiRp_W0GljqzSe>Tr^nPMl!^~MMoL(Nzi5R~}I{U)z
zw2*ShN}I5J>*|Z{6YVJVq^x=NU3&ZXKKp3!6)hMh5?~qF5|8^w!vc*TEUT9u(|$`@
zqGzK^>eYZtBa4|?WKVrselvGYiF)*6NByYhkN?-kF6!B12IuG&GeJ!OEKnHl!{Me^
zN3+3>`CBf06e4ve?85f-A%W{B$dk^ox*wK@{p?vP!vZhv@aMs{9%|_5Iu>;zNxinS
z2en)O0vdf!eDesGd3W<CQ&)b-JDj;AkO#Rj`cNu>7m^{``twvKG%-CWSnBPKO`>9m
z>=&Tn$Fa9V7%KP&dDhQ&`s6c~BZmRT>-VAO2h~(2V_f9civ3Et;<HSK!21hTB2{#f
z^uOO=|AJF`d-Lu6K!2ZEtNxb#g5PHar0<4Hu-Fjgz6mL5x;xc0dmKkPCX^^V&1iYI
zv1nAyt>qcD@~5U)>bgGO;}LNa;8f?M{fSD>YJlN?sYW(S5X&-z3^Nu_LvGw)-t)SL
z00oE*aeWW)sSYkt@!Qen$ekaT2uF=Fj_h*_58I*m;P{CC9l&i3`c+s-={ED1SVprW
zbxTa^NL-gt6xs{uGb<c~&=6*Nq8BN5`*AwkgP>hv;6J_s?Ea3^o4IM7vwZE>+w{`r
z$Q~EVoI2+BgSa?hlgD$xTF1S(Nz8@uV_AWc+eC{8tiZcVe3NxHJcG>X{$YGI+?sde
z-Tb>$*avw){xdyaUKs<tVY4T3i}8GRDlBUM;?B55AaWfir7CbdeEWUN28bZ6?Pbrw
z8zFj_8E{Y)^Yen<PGKM8rwadcA{@vJAded->oMz4pS*gFo5h#M1<`NE{JE5u;%As%
z-Jk|z8S&lPTqU_jCrC^h`lmgQe+mz2xWR-yHZLkbAD&J#=mo8BuM|Nh|G`&YalP%=
z0e)K8ECuYe`Nv&v#!pyCwJ+@}v)95YC;k%V9$LDsljfzT0`k)%)=%Ju^XHd8cD7LI
zi925DPCX|-rIy}VJwBQrVI+3<gtXU`=BW$mVPOJf^<}N}BXy$_0eqX1e5ptNI_xv2
zc4jn9MU}FFzbTT|Mz&ungWr@;*qv)M)%19kpB{u`1@avAiCRIdJde8rr0d>EVL|U=
zvTDw<RcYN&_X<=Ye~K|M#C?wK`5CP^#ejB{=Su?!&G~XH=1KL5HXpb#qkV)CHEM+m
z$R~RSaP>m>;h1sjv7;N`4WAxl)i2V&ec0*inKQtnRZ|n!q0iMT(qT`KU)>mzK$92`
zws3c4`DP0);!;rpH87}j@e`uvOXu>#feWly8VmhVswl%1!{@i<<Wq}Nd|-}}K^e8M
zeV0tYh{}fD+m{QHwJ(g5^&`!0Y+hd%{S@cv*@eEPbHr!f*D&3BkJjS#7i2s4tMH=e
z1HQRP3r0c}i5S!mXT5!1Hvpp^0G6w{vai02;AfpY7=jF8)BdW?yGaQo-HjNjkR3ku
zDWSy*+$Bl^fruDCthE3u&O}3I%IrsXTwd&Wd##es%hS@@FQ};MKD;}=it){xrgJ&?
z4|l&41u$gGD-25>16SMUEc|GFPv%E2J{HT_XHnUw_w?9rh~&UZEU{F7orLgs)arNE
zZ*hGnheBtZsD@=``5Yazpk3BIT3NV*z=ibV_&;9~w$+*D18Z3V8s?E+O*nff)e51P
zk<66#llnVIPl|98MA9&3q>_vjKq$kD-XOYu_=~o|#zCn2@y}rDL+>#hH_}k<hoQ}#
z?z7kOOXxkun|y<i(6*uldko{8{dLCa!!83RC^!$@=I5Q|1=0+(W$=xUOWp`$O!9Wn
zABZ;i`>pF8{mnjdO;9~mx+z=10h9Rk53lg%vbOMpTmW(qA}C=586VkIteZRkV}BNU
zlWOiolCmhSS=Bw^2@8c&aRX(&Npl#Zt!D`T(Aw%$lw~Ozt==s~Z)xLlsIHv9Gzpd`
z!JNLhvlq>tH4y7SQYhPZ&G~yYuk_!-GSr^aAMo0D30-?=wt%*>1kCFtpKk{^Hm6qC
z)ogjG!lDiQCv;RUILv_lTsI{LeNshx-<*c)f+&J9XGQ~@J`Flf=K*O%&8i2PT++Bo
zQrsm&|I1M*YE&vnxmwveejbH+D<KlE^6~LQ$bX*;e&G>l++_fmM)!OAq~{}NBSWD(
zjAbKQ`$}9tH!bR(>i3G6CRzjJ>I$Yb=iuZl`)Y5$t(P}#&><I5AIkLUBP0^|H0Ab@
zE0Dd-o|IovPn_9?kKA#Rw+TvtPkoeW+K3=U2yl8BA>-GvboK|Ql`pAOU-yCMzb~N`
zu0F#zXo3Mje6@Gzm?+=C4>lj6obqRqY$a*0#fv(fVLgR4@<hbyrAE~fjm-6f83NVK
z$Bz~Gn*}9`k&C9W4-nX_anj1Ln5rW~ZpA(ywtXeAwUNQ4lX}p%pQ$vktS+OKt9t{+
ze@e&-@^2r~Xu=Di`3f&^FROUF7_sn_<6(_oMtjzZg?k!zqcmdWX-R12bFNBeZ2}rg
zzpP24@AdtG*_4=aH*c^b4uf(r_=FUx@|YG6?hce*mFgwU+h_Kye>%|>gb6$Mc_zAW
zqH>kKAA}*slrH|ZBdIS#N2R`h_N|eRw;4k`J6yvWvf!`|H-3-!Kve-K)o{<FD3{ft
zJMIsHw}*d+&m3u!XnD=Np1l6NJaHg!jCkvzz0AZ+l1_@7xkLs3Yqc&gpGWPp8eg>{
z_ekH;6ek-_=UJ~0fm%AW3nnPZPCWFy7Zy1x>Ia|FeydDzm9K>De9`5j67u=@_=%L|
z6Ub<ZS%N|Uuj+f5$I>k>&FLbFH1CVmqy9j50;iv7{&U6EC6>p-MLh-RL^&!iUYz%f
z<*R(RAECj<ygCRB^wM`8-og7)AfOer%pSFbai2I3gE32}3Uhh6{>Y{JE?z)~2L(Jm
zYt1V_NllJ^=dLRoua{T_iS_cr5cys@=7z7gPfUmEkW1){xW3t;n-DYd^rVb7{hie+
zk1kR8Wr>+br?~mooyvR`VILEt%y!iKQeX02P0u{%+l{==?Zt-Yyy-CL9}J(5wn7SE
zVZUW_M@u1WuD$D-l;Jt7+=^v_-RfUjR|KkZh1)$>aEt0=YYlVp>3N&>9s>S_oED)I
z?h#(j6;F4Jt!sx;$+L)2*wuNa0G1q&DH=CTf)#!1vj>?U_GPLTH^9(bQLbw(^uNB`
zV9$*WmJLi-!Vn&Z`#JJ&flN*i_~Km(c?}+JI$R1Cu{S@{?lMup%nhc&Rh$&Ok-69h
z=bj6>z~z!#U#A1XC{g%>M=`MIgB92XEIF<yy+N)Ax_W|I>Vzbk3`0?v2S~%y0QPJ^
zHk8&+dolw**GJI{62&(;z8nA|_nH#O;z#BoxfC#6)({S#t$-Vy;~q7ir<;k^yy^B#
zqMHs=uJCsRClGWS32EYeG9Yrs_lcyqTHlv>%B4%YfA3+PxBhrBi8}@5C7ZyaPXk<)
z6446Yas4wMIi3Cce%ORGd=G%#yg`U2)5uF~abMZ3Wv6Pd!$mXQ0byyG?n3pikw(`!
z9CmFIe~%#7a){<KqqHJl@D0V@D%FSF8TLog)xM;zEJnM%Pkr0QDIr6!)8wF>acXY<
zmwtbHV`Q{ApcKT_{Y*QOHtS0hw7M(;&$69CI&W4A00ZLZUybP1EcHF3lRQCx|Gk`m
zGsk{FI=m{dc{`fF2?jO4rGu0*seTY-!YhvuaNI=#c@b6eUN5iB+<P^}nNbAD0bf7q
zeiMEX`hrz;u~1=E994Zj-E<qSqWNI+13E%F#Ov5f;3xMBt_mIk^Tw;%oO<rx&5o%J
zo`V8_7x+s`FBC0n{$Kv_-8{VblAMbJseA?b$vu8L0#;NId#aOk@f3z8Cy9U;d`}N_
zN*?Gv5ZCs(q&p9(|NR9Mh7?&{nu5El^}sL+EX9b@dwkD1Q)5?D#WBl==JYuY1A4qs
zTk04~&V?H&DBShMRXzkX{rL!e9~b8+2i(u3GM%pZDUpztpoZ&A;Zq-FBFd>Qx2wlQ
zdOz+n#)b(c>`)srBk3v?gzwQmf)3eFJg)>&eNWa@X-|T_nnsuFnpCtE{2JM(Atbtw
z=-7jaW@`~%DYK(Ck)DAp-sPK@6P%tOU-H^Q&~}*5VjCB$W(ADnW|O0B%LQVbWmCW|
z84?u74j7}N^6jp~63lwjD;nuyHORjn64d0qvYHOEE_`C2!JBsp$>r*Aa|UKc9XLvJ
z;Q*!VIbFD+RVAeyDL?!Sm-$O?r^z$m{-|ahmpbyGz+9#K0z{=<W&R%fU6%Y_-5=oK
ztPD~8EVB8{S*=R_@)UG^=EKoX!CpzAH|4t#AFmg`-Q$Pe`cbknT`23(jz4WV2e-My
zqJ6+~!Sn!J3A-Eh$c6&e^nQ!y3!Kb9m4gluK%$ChVPI`n`oE#<SEiu1vG2d-HH?`z
z4NuWp=RD0)ZEP(6USRY4u9twG#<5~5m>VzRT>G>|^>n`xSN-&&+mkqbMalTm7h!|z
z#PzU=Tcyi%^v+H<ngqTh!JQHD!5?jPSgvh)B)j{W?rk`|s&{*HcNTXRmk~Ur)q2|C
zwfWby3RaSW{;dQ2a|cOjc1z2@9fNny*HUU{PdnJ_-y-+PZqcPC-{@Nk2k)GI<m0;?
zrRHh-6sYoV4m~=bE9p(=r(pW&@yMN865xWLkHN<~Wp)-qizZO|<LlQNO5QSU{P!}!
z31}2x%2>(PKFyb}KC#oJcp6CIBYoTycTvj8CX3koG5(z7_^AV4z0v{Dcf=uhf>s=e
z`FlA<fqW{gb9dR6Ca$`u9zF{eNqSie>C)~cnmuZ0kED4y98+C=gV}UIa!LgJKJbdh
z{rGpCd8$vxIG9@v7xDhV2-i?~9K7`eFY7AcPmfVW*uZykPObcbd6CazRJZDfTV^vp
z@k}N`rCGi*#7v9Hgy9)Pw)s9!&@|YPhQEOoxk&NJqk?^1#-GoIp#;o@e_-FDu#J8l
zkxPO9)y%!CpI=~Tv76zEnFEeL{=aF57kn-6fjO4<>#^Ln{1&j5zR2A2wwS@!gxT(@
z`y0S^JsF&%&Q@^!tRVx}p5F&YA5j=T?RQNl^&Zo_b}*<G)gm&6JzCg#!Xg#<{8_FR
zl8njiC_(Rw<`8L7tmHCF@QJEi!tsCfsRfanL)WxzK25o#<CtRQB#Bz$yWhr42se>`
zX>6(~-F*UnV^`p2F?B}00&LNnorl!lIJpYbO!7E8(h`Nw?D%m}iH89=@VNj&FdBCl
zru|smxzXE*c)XlN0ocE!j*sdB$wBnq*Uf-o(+QcyKl(m*(5@`S9bo0nf(wp4#kZCt
z9%lnW*88hC>k%y%FYqs?O@YR@I?pT{G2L4g322Tr>q^|@tHS)<D6@4z5?!Q-+zdP@
z51vC`*vH7bsoBFOLeZ%#l=*@^pk)ra2@f&sj4>J4ttY?worD+m-PeL__NKXB=RTIY
z@F5}!7Vq})@-&`))t@}6zEiC=U)o#zd|jMZ_=QgAdT>wH)74S+FAwKkv|9h>+w_Q?
z!mHf(f_YyIgfYNJbM;%hf>7;?2ep=4A?U6{oe9<=7E>??Bwh&(OjrPeXMw)`OYTQ`
z{N02wC|>MKTV&x82o~(D(#mRZ1LHO7s#O=b)bz*nbfMYLm%#j*T}`?#hKLXlD9Wrm
z8S=1wKI&Jv>;ufp!u<SDUMu_SgQKBx$B7UQ%9@bjnL%S`Ht)pheno+hCS0g=3)B#i
zU8o+H>nnpqV`qo*`|V7%E(En;or$fs)2z?T+xf-KDzGh3aZ`D>7D;+};yS_y0I$Eg
zFylE6=KbNWY{oUqP<IZk!YH_7)bg)eFW`6isTjshGL~}QB7Mhao4x(>)<zxQ76M#r
zM#zUfGnMHR4Qx(qps1f$N1^p&55nCx<Hv)qY(GYXZFOxvlxA=Go=c;ia`7EL(c%n0
zF4kN;LX&R8(5WJ)GhtkDBjCDURwZoW`8$CGswI^EHm<JviaHSB-(hNHght!T42>49
zee_6C$2+asUUA#>Z4B?L^ooeD%mGuMNn^`2Q7C}}BEV6aQ69g1s*`t#*qu*hE<I08
zig+E?%C>f5a#(H~`-P&Ld871&r~}q#`;rzM0H_$rf*%7ntYIX<T>g~3alz_;B@c@4
zSaSL!*W>=j$KE?_M!QL0$;lbA>7Z$c<0~Ifc7gpBlovK4?CT2__TN-^ehlmQvPYpZ
z<oeevC#SmCBf?L#N&hmR|D=FeYwn8yB>wA>x?LxM;G(Px8D_V4;^ep!vis1QTa}yj
zkI23}zq7-wM}D|{di)_3vSXuuU-@sWhL9!SX8CRfGOwE6=bgUGL)%=?%n(Xt-q92}
zNzdlsNc+%%8JQPMw@`hVmMle5r>cI4ti1$VUedssGQIqga^EsdN~|D2NXwF}a!<TB
zF_*k;pgV%egw7q~Hoh{Fa@70&bV-Etj~bbz`=?r*?NE?@V=foDnRS4;A{*-w06Ys#
z3-K`5;z8<4BM7+iMYH#<c4>O~*OixrnbAgWkA9fnQ@SqWOyI+1uYIFzC=s7d_AP02
z_nYPnYCbZgpzf>ja@VlB;91C=hq=bs5VOYxzRT8Ic8~j_$l4QSq8_@Rhd5uCBVn5r
zozCVto?CEs@QU9zY!S4Av3;u~YE<~qJA60tYeHaGjjgT+dx1{ugE74YL}_v(6M5jJ
zMigv(;I!w@2lzyu%qVv3^wX{{sEM{aeR;-MBcBagQUp|nsP`1{&wFhn7e!pM{sMkz
z7PM$&#!~(XdzA5gq5?9u1YhAD#|TSw3`QU0QFoGJsl+EQP^ZFo0hvdEu4Vcov<%dQ
zvgcy#5#wTRXB2t(PafWejf5}XcKvXM;2V1z5+i*Z^2Wj%0G%A0mB00``_XDfdtHMl
z*siV(_sJ8lphNe{|CF|u_y8<L*Bwuj(%#nQVLPR|t7a(abjtgK&vOQGEW`bb)Kqcp
z=@2=RW)3gq1#Cfn%%w-lD8up~Kq-ebsmQ!(O5grStb6A<FL#B}hc9wKFu<R`_3*kM
zB%L@!*)<*D)-GJRKbh_496iEjU@nxi!0K?@)0@(`pOPT{4w@Q@9_`5GvHqqYd0l-t
zr3MqXS}zs3`iZ?p<U8Y(CtF*ZN6vDB;3?!YzfV)Cnf7T>n5~y`2{T^cD57eOjwntH
z7!EkknJKGKK#bq^)O-x0dm8y>d|m&XxwqR}-=0xwtGZbG*7p7jNtJ2^QbI%Q!gDR3
zQr`!wUb^2mzT7)ui&8v3_Z`1<Y?}$kZ<#P6>NBzj-PUW`&ezM0;?Y#Bl2gUsTelj-
z^H{u(g8=Ga2*w_gIY7U7*o;!$WQ3e$7LaToAu>=~TJTs{DqbFZekfk6w-PHf);;_C
z$d4=c{LHg>_H9C?S{P~3PnS{AJ%v>vkNo;mmIPwECmDNx5T*^}kC_|(Ui1OgHU>V#
zi{<LC{{A8?k18%hfC?_Bq>$FS5n>UzmKLz_Lkul)KPWoL%t>0~Rq($k-6lm{0VIw@
z1QmFJJ8(}2unR!?GV~{2*4x|v5bVv{V?HIUy%)@;pSv3fpHB+yU*@&Aqpu<QtPEa(
zD}YZ>Wq-|I-aXu40#xsdd}%`<CUQ3hUiQ9I{=$QnyeXm1`-C`dH6S7qu_l7m`8k-<
zw|y{Wm5e^?J;q&axu)|NaPMl(2rTcJbiA*1#fYc#s@xypZS^_!bu^$}X0CVMQD^Dn
ze6^ozJUzpLCtS@D`K@@KrgOt!&-aYS>4u=#mN2>#=*vA&c8DXn2!nf0xAH2M*X(xD
z6LKiKZJ(q0S;&8n^ng^^sKG32U|Q!InAz)T(D2}cD9%i;!sAy2rOq=>3ph!+&~T(b
z0+_mgo3~a%>UwoN7kHa#TSNBY{8ggeJ<<?;e|jv2U~ab9pNWyXCnDr=FT7Q3ylZL<
zEE-7QRs^5Ux7rLgZvTlBfot-Mp_lz|6N?P*sf@sMMEwj~49vnk#tQX5sINRo53Nn1
za;V}&JQ6A@0OKK*=B>yF3~>>{T^c?FP`Ug?CTruta~?NEA<LRKb^KCtdSBl+Jz;>)
zDDyccr8lB_yb}g@7xp^(%jwfe0&XsRgid(vc9Hhe9xKA@F_mF@m<u>I{|?$?t`$p8
zN?7tCF~Hw=jahSSXHS6WVoo)WJ<y8X;E+S$2nh`YS9sk%j+Lfz^BYL6Q#qh_YlI;w
zo;lsc!t*lc{Fd*J=Nem5XaUe@OZ+tuqvxKT3_twiGB?#pI^Jwod~T)G>tiX%<}dzP
zcL2f5462NzdE`KV3*<Ca2)liIO+Bs%)Ci`HwwbfJ(9p@B?YtYZ_v)%~5nIzO?AET4
z68M(q6L)@f{}Ocd%3!yFVxyMv5T{Gp(@p;{ubkQzZD<qs;8l6wE40$!6!)i2(vDAr
zyhh`H#!nz#;rdCc`(<Yc_?}zcB>edxCAw5|TN)uiV@SnUk^$^+e9URAI^lhnb9ivG
zZ(3@X!gaMez8SvJA6djI+pYIUdN=_RE+<>EK=2I_6XL(+KGq;C|Ez<L0y58b@$vDs
zlb5Qtqo9r;3h`kEM054xqLHk9j!swb?H)8T*M^fx>)XHrI7S&11;AHgFG#lS*Tqu^
z?(kQ0bMy#Z9!}QD=h%J&EG3mh_Wsj`HIKGUn`l1DPjLjNVI&=x^|9<D&_T9XIT-VC
z%0=7npOW+H5mzgJE*}~w!s21=IvRGluIcPAFeEs53Lnt7@W*<ieMLS}$jQ&=0LJpk
zT01nq2c2>5p5FqszCHwii3OWE&Q7=6*W(^ePc!@scqNJj`GVpAYj(s}oAm8&ulat%
zYgF~d?fI<rmrL}3?JbYvpm)!qIt;XNX6`NHAKTr-8h25VUFZTdxJJKG$rwI>qYFE?
zCr;?&b>%<UC<uZd7p+Zy(<c1K*5I1@d!*E1X^=xzoILr7{i%EUSZL90Em!7#MU(tH
zJLWZid7HF#s}?05OxM4SMQk`DE%O{R$XI(FuUnfI?^(ueJ>lU&sy>!53w?!J9<yZi
zRobLAOC1WGJgC6kJrrn98<;PBPrBtgm?rtjDz64t)b)E{EU;_$dH-<*_i_#(kqkja
z=1uOt*nq$bL^6G~8B4B?x<X&*Z|7t1fuYD8tuUSeC@qUA8y#=nXdE1LZsU8x0w{ok
zHWHs<p)XaBhh`8+BTicvQiv|UJeXm+g#kx6Yp+_k6QhM>pR$m&+`AEBdnDfBlw3wL
zn^ToPfMkeD6cQCYN4**6#=Z}2IK=`?#i`QAITI~WZG%0<@O}Ss)p>Wyy*NLv@;(g#
z=e}m=B)>Lm!f>aOlv4(-97pQxyG&(Lchs#jUi&<a*2?I9UedN(v&@I8{q`R37P<um
z=XsV#>(G@bl<z^=@Z=$}H;>0Sc>v2u2xx`=ME3eUJC@|q&TdG<yUX)F-wjINbm|Q{
zY~E8CkK$|kMF&Qy&Ff{s@;^1GQoJe~#G?D;pxADbPjsDdn&8R1HU^~2BmDa)Id&*h
z>$5kpKj=N2yEHPbfwk@77g_4Fsu!eKIPbpIo(Zt^Cw%S4^v-Gfk;|L?f@@&v2#8j%
z9XNJ_^%(0htAtb%2X~&C6Hb7_y$$ktJKu0Z_wVpNcffHdFhho0&i3Q5BB#=PEla^=
zHY-Lzv46(zb%u@li$5>O3QnK5QOPk+B`WM3V8srTzI`4-CM8%R`5n%%rV-z6+$$JS
zJfVuy<9s5s`z0PdHEaB_M-c1Q(hxmv{8$o@bV>P;CF*VcP=&pDJkrrzd4k!aYw9<?
z4e0pALOQ8&u`2(19zhE)N#o;9FWVKXCOZE`IeeEnR?&ga)bwJ5lIV5VLtDcJ@f_)k
z-2QQ@AYW}lzQ8{HDC0Q=*xlOffDt@wGA&R6cR~F_+_g?T10#A$xObmO{z;X77CvC%
z6OkB_Wve(Gj9QLl0KmHhV-L3GpJZv|!LbdGk5|Re&sZ&XiVBoniK_=zwV%@FN4aBh
z5CHLe^R^pRk0$wKAat~k=o`i#oB60of3UP)14Nbmhc0ZBw+4A>?}*k5eGUN)HK`uZ
z#^J8mNcK$7>O2|7w+A#BeGZZ{JcDkM_nRyxaBkM_s63FrgGv?oer>{|vPvf3^YMF3
zj_+PQ-{36}AM?mLB<R1v8@GL&X*_usM2RTIK^eh3E52Gk>O9_-f8D#Y_+QF|+YIbz
z_Iyu;alMJsow;5nph)&`z(5nr{*>}XYQqSv?sn<MgI6BJ%ZY%<X0DDXcr)+5&u0o{
zk85~o=5c|%dTBZfB+X|_$=9hPTN+#0Cs6d3;NQ*D>Nb)uyV8*}0R{bQG;%aNCC?3f
z#SAycxZwSB53}FvVNa`?Dr#iXybuY;L`Ta|K_eMv&6h%ME*kkv*M^*M3zn|RQmyFc
zBlk=42bvjO^CL*7Dn-LV6dv9DNVo@CGU06o&GL#sok_w-75gLH#VsZV`S=N%_r4s@
z9)*I8<+AT{PqdHVdi}+`arlnbX?5U0jVI8|x+jp}SLT18`<vt+E;p?T)AoAWq_;80
z%`jDW1_Md-YRLo+Pw>qjlRW~dTeN8Pp$oh#05;4XjRPyAWtjM``wk%UVwjcp2>6iB
zeP{*R3=@On`gIPlPt|)DEDVs9yF4b%yfTYLuJK@bb>bS@dcLPv#ytG+o_>z^sS0m!
zOSl~|#fb7E1sIE+ZKV)doH`-J@<}|o^=~TFnSWkk^EKPsYBp1_^aU;%zGX)1`3<tA
ze8wfMd85_}m&@wdZ||#Qy2`v*{aAar`-OLkW3iIM7NKUvzZV}d`F0g-=#1T~!1;%=
zJ6P(z(G@fv!0^yK!XGZ}Gq9%ioQ591k}A31kEsJ_UQTV4k@rx4ag|$t_HVhzjr%R7
z7qnvk9JfD7-0pgJHQM)ey@h|h!|9FN@7f~5BT&pj#&(oRJG)T%HUp}Y_i?zfnvHIZ
z;^b%@Ch4F1QBN(?9v`qqIKk7<GBP@wt}%q&^##|kh}y>N_Mxy@L4BUXq$@GnM0f8A
z<+(3T$W17upX+?})sny8u9r3X1fQTiH2YZ#ucB#g_LmDmJk-}`JgMj*&;hBNg5rET
zjr7tUZjlFhq($A>`_Y;oprH9bt6^zM8VoUal|M!TT7^{*V`}JjU+hIUJ_{{R>ys-q
zT4qnweAvg5{dj(_U*}!N21TnYw_mN{LADO#gEwAdw}P>78wW{i!<+mJm{(g-Mw}%O
zCmxjH#`}s9F^E^P<G$v_&!NaJJjI1Vd=hkj4^vjqccDxPFA{^9nJnTB-r5Kgc$i(H
zeA0OYY~`+=uk81!=*4{pHq3+$PA>G%W2;j#7ax?##Tq`bY<dT-ij_l9S4m;v*a4jb
z?kKH>);kp%1k3BP8^?%&_Plx}yWiOnr0~Kd8txw&DUF14s^}Ia(U)H)DRG=IZ=u<5
zt^U_z7-1RFhaMj<LrfQ447+TikHzGt_0nC^X#Gev?w~Ydk&I)+2GXwH78Ci38w&qq
zoi2b=xKt0BD~yt;TR}jm=mt1WxBiP4cK0Yt_Hl%t$D7|WG!fKK(sIB1NRDeq+evtQ
ze2AJ)p@GOFB;0vP5<VC_e7A8d-P>EW!3>a4SqVNC+`LAL{#XlHsaw-ut`q4PZ&Z5J
zhjgeck|M~smel$B3)=?ZpId>5-7R?R3?J(Cd7p5v<!iF+SQz7~VL<Dr?2#!(i$uv9
zh#TjJm)x^jwuU_v7KaFbr`;X2pw=Y6t@-7=xSIx`y2Mh6PYeTRvg0$m2fh~l;;r`I
zD&8U{3VoF<@!}$DC?&L7!W`=QgtfGqW}APp;Hm7mH}=y{a(j&gt@(YD=PbO+Jqq|>
zHgb$|vWs6{(bRXgRT28Xs4lfV)aUyydf3dnR6ydd%9po5W%c?x{z}lf*rIi!r04_d
zujf6mjr(}D=Iu_3Kr<JTox}x0p%oZ}Cv2-eu)(tZbOP)_T=vg{a`2YsSfwlzwph>b
z;1<kS=l4izv)CH03;bI$$A=V3cewQR`&P;y>-g?~BFa}kUCI~ZrTa8PK5|GRZVS`!
z(**$G7sow9>C*zaPwaeraoV;ES5L-$?3HeFqKO%QG87lb{cG+s$RRnNxU7CG*2&nw
znpAZ1ofGZ8MmH8IjM`1IhqYo;mUquKgPYv<%D^I|S+`ME_FX;C%`9rCSN@HEshOTm
zG&PRa&Cj&`7DYe&<-;9{yPJ67_l$rV3_lh{a@+|IKpkYmd$~B+Z176*%W&w)2bj7)
z`5S>XoxN`3t=9O?I~%q3G;R~iO7?!x>UU+h?i=NNGoyvr_+{(OrMdRog6IQX<dp+*
zm^C=lx!q=NJ-f%TG&Ax;7gNb@?uh-~Zw6-|G1*bMUtw|f$M_h!UqS1CY0WF1zX$P4
zJerp<K2t8nU2%fdQMo2gz;xMsPKYJm@;+k`&%FirFapeSqbntm4c|I{fO1b*{tFhv
zbBV=s+hdCdDSdQie!!Oy1)^U<H77e7b2V@3%s%!v@9aIj;U;WQ&fXlsLoYYX!^Got
zlqGquWAI0vJQY&M1Lwd>rw6d{;y`AbNx%OVTG{FJ*HchNujraFPTH84r@+Wge1!2*
z(C(+jerywIR&NM`8>7iKY04++I<U=t2P7YaGo79_1Bgu7@+VbI-Dl;8Z_7>8Dyb&r
zUSfea2-1De*?m*(_!S5y(Z=UO>edw96WO%eTdp%EY6hOxLvDj(Ei#y@c<u;t+O*9-
z9V$o&4)D-P$Uc&_e>AZ#xsf~h9BQIX_hlOS<wr#&`p?Pv9vC)2zhumg-4*W85Yr+L
zaULadzaeul?j$8~>`OGfM90@$pbzmSf10No3)-)Q`+zLauw#O}+&o+@7=!24^3vRW
zB5fx78W{(^suShKD4?aoh5j<IXSn71+34K7!$~#cT8&&yegu^2!k+m4x3qL)8zdc&
z<d*SFrIHqvC0Tx9xWM}8&&j}qzD?gr>c?}@GO-4Sx1JmKi_2#=^f--X+3nLeA}6k=
z-^9hW?vwO+k?fGF?Zu3?-{Ucz19<%MCd~zKt|zT6zMXE~i3twv@%%T=RNt3Xc-$ed
zIa$A<;2dFEqd=5Lzx4UHR2TOq)>WYhHi+2T>V%GiQv|6ihzbH?9_$Z(U>L@p@c)cl
z=ie=Nwea{}EGEgQk4;Ze9T2jjoK7uw;AQsCbLjQ^!J6)<>>-I5-nRBU{j%lr;2rn!
z)HFUFke~ftWG{X@C(3<lfdU2RQ{6v|3n5s#_~a?g+^PzcT)Kq;9>1E(Kv;2@Wzt2C
zbj-g8&OE6{T5hXNeh3<&M+dEQ#mpPzuN{_alnS8R|L!?$y{?}_c6!5?Z4GFZWqc2j
zyyyfv`SSL4bYd0#m<pfY_ePHH?3S<Mb9lP_@6E6W5}<LbG1KUA#{t>TijV&``QS|)
z@J#30d~pRlVFLa4l3Pdn48-&+oMt_8`&`Pl(<!dBMmZe>u~{oh@*{^sX`U}otUIVu
z5;(kLIhQG4t;6Nj7?`+i{S}cLPO!dQo~oI*?3SgiKAZ1QPt6g+U;e53{OR+Wsb~L0
z1Mn+*(5tY#9?#SFqc!oM_wez;r(nWI`y*Je(r3c2`{aC-gHd3P`x<WKp6hYo;h&Rz
z?lORv6Y&J3`D`W4`s0HO&#?D8iUwDF_-vU!6F>S4XW(g)k9FUdBSr^ZQ8ZK`HQSk7
zY2V*9Q)Uzd=Pv(@Y5=x~urH6x^!5{EGLlnjehg?fIoZ~UT`}kK@ztD~;A$GD<2i{t
zS*6&=FZmo4iYh8@5N_XnV1$x$;lGsQH;CB>FxG$f7rRC%z(<+fa#)HG#2~)f(e~Xl
zDdnio#K?F&mtaXN&&Ap`*WJ)CrVrQ1w!6om`vlu@iB7;4(4<%xTbg4|0ouF~2IIZZ
zR(ztnIlRY=O}yXJ>D7#N^uZ7?bcPtAW<VB*wp28-p*g)xEv@8AI@~8?+Ti33E&0;r
zb-~@&*KYNk)Np}WBJGR#7zad6AFl_A<uNc?nP=3}7p3bKrYm4YAI4)!EoF_R`*?rv
zV=r!^Qu*9$bOX0){qESrCaZF^_o|{eIa&K6A=LS>JRH!;;iMe`Am)>P6dk-7Mr>Eg
zoWlONTG9DbzU`)bplDIjXkg*H;0j`SCZ&z;NU5&ucX@OuZ||QMdKe?0guFCDMk7Rn
zuWaSCdz2v0p)v=?#gisZhaWu>4eqR2r!J5#Cyav8&Z>EMn^65d7CrDvk8H0^_=BXN
zvU`?!KUVT^JkYunRegBDB=fcth#OrNcB$I*$Dn!qd1E9kzQR80NSjMHqlaRtZS_Q1
zir4fBQ+WVxDLTH_345#IiWGyArog1LC5nrJ{c^7thzW(8W^fm@`*+zIy`J}pagZK6
zRDH%VMi}<j*GR$BcZDp~k82^hn%(d^9~qxc`s6~-O2K<cfM$yR2u2(IK*5WoqR#5h
z+9LhRjH0dZG_IyLX(%Th$cPt;<!^Ti>8es?S47VFixz6XKDW5O&^?I5n2+V-^Lb$>
zeeJ*u9O1q6A(QtcHoO5aABr$9&u>=f0PkrpjFOq(=ZQ5x<_aiQz`A>Iu&|R@>~pOF
zps0*l)y=C8iL9}*n>XevUbw`|1#%>|pPwA#H)If1&6jU3@_<Gs-eSxPt?)mLGSPc>
zxR|2f6YxIuCz*5d`edCcjO{B=t$=8b!k*O%268*8?xcen`l(+Ogcs4*bKq-)C(CtT
z^xfb6?FO>LMDJI7N!t(jJlXhF#a-;XoH{pK0QOMR?e<_M@J4h8i*ML&0Uh-wniLbp
zw{ai|WE(wI%^B&G@_8dNmpL<rHZDT;D-7Bv+~>fh@0WIBsaWk^m}~aKmJQGQy&Q(U
zsw<*T&u28@$RYE=>+F73t^rL7w!-e6(EFq1I(LDn8gLWY#k%$aEV%!J_7xM}POsxP
zBzi-(l&-b<e(JX(_9Gt+OnsJ(M;PLo9SBjkJ$k%2^zBD=luv|kqWe+QG{CCGw$PLp
zqy22F<DrD<tpDUc;X3@0Fqi(~3ZcoWXpXpp%G%z;>PD2QtnW*G1Jh5_GQ|5ulV)78
zFRT68ZS1{Bi*O@{o!-+vi?(<1dit1lDy?@Fwm(i&n8aXJe;8rDW~P{B7;&Lb#cZ2#
zv|`JG(Vh2&7koDE0x<&w4*#HnBq|mU(z|=7D5H7AI3JEOzv~wHk~;PETl$ZrGuu*>
zS)%YOq0E<}A_~eRgWNHL0x}CceebMZtImI_EkT(wBO`X~FUOxq8ckl^+-%$Ti#(r-
z90K00t5GsY*=RC?>rU2^Ze8pzGvL4v?q2<QM9I7Q=NyZ2L@h5Yo~W}K$NPF`zgsuQ
z418WN_8MfNF5k~k{Lc>nw>rm;r2`u$Qeb&5vxgU1D||!d^O<f3ru~zZwW|-{B)g;X
z{di*6`%mD$c(kPBM#sP9XHVAc?f3cod<RqEtnht$UbLYW#pB12?t9^Av7DI(n3~Dq
zG+cYp+IG$!`s?yS*1x!;q`PP8PUj#m{TVOG@E`Z-nLG@`0$~Pj-g^<+kC}PoT4<CH
zb*VDTG3C3r++)3)>`%q1?tPU85%zsQm3J#-DCFnwymvx0gW;=^HLQCr8I_Mq#|_@8
z0>V_G#pzsLplNdaZBLQG;dgLWhlIxSwYfe~oOzh5_<Gv!20QtrQl4IA22R5_oaI>7
z;jdYr@(=TlY4x0cbC3x01O5GlJMCVgbY!~#RhWR`G^uidzaMi_z)R)ETm{SfE!1cn
z%^rb=rW509_OrUNB&q=4`02(}Pr{0&!z(Dn8UzA|WeKD?IiD+?*4YAH=vi`4$>{sz
zV?~E?0yY7Yyw44L<8vQ*Cv;T-B}D=zl)I0Y5zS-mqdBYYK6ERpAj8=0=+#I6U<ch^
zRSoTQrF!qrJ?lq1J=GMoyu5sNq2vmVvlcJQ5jJx0;4YYDq4zjHUj5rfD=|kFJ5-6@
zxdWN(L{5UaYm8of0DJ^aS+3irqhPBjz4O&>)Wdny9~;>v60~hT#q>v1GbvYX$>r*N
z&GQn?&gsz!<Ko_C2o%d{=<()3rURHq90Vz;?@vujt5?FiPi!XbVw_+J^{1^M@>-cE
z(U|?TZYHn=Z3(yl+6xh+$g;QpY#PiMn8fA=!M%Sidq$nVqA~Cu1-lRrNWry+-(THl
z_K8l-@2-*A0F$l(vJzPZadWo<=5qQ{_~fEoIhOt^01b4|WK)mzGEbu27-Ee+{*q0Q
zWKS3d(~YF)Ut8>9gV-dW*9-Jz#nQhTdunmo$SA9GP)(i~avILn9ZlO4GA*b5Cp9Wi
z=g}U1h^^%rb?h&9HTBm`64Hx)6F(Hzku9%&zS+7fa?jP5^;-5+`7ZbGKgz>&O+%%1
zVD=wyXXt|vbmfwrN|*giYZtitU3-`|2_n$6%>>lK+0r;J9pC`o0tPC9Q3|3qzSeg)
zstV=#K#h*t2=gV#7J{dj^vOL??BwQD_WRUpaVUb;LESk0JJYvY%f%15pzddsf@T1h
z5CsTN>@9~|v*>_nF4p=vt&Aav4re<o+U>1bCOAWAb9sn5xxTi{ZV{H`Hr9XrrU&+P
z6|U2-yFf6(D%8!{3*5vO=|w)?Pxt0wj>c|BdrnU0`Z0yK;p)OL4m&!si8;Ad3a!Mn
zc?(~(C@OpKWB`LROinp-LyC;d6K#5N@P&zqgM2uzCKEm6y^9pF&YZ?{Eu4vOg1Hxx
z9K)MLaSZ3a=F?*vIl3L4uGm<3Wv+jsjy5WiCj&>s?%scs_WfCkUEu7-9oe@f>(mhF
zXstq6t%t|H18UgJ5{zH6%>G)-9)4tgkpEA`l4O}NY%8vocp}Z9Jh`dO+OrRZNYaq_
zc|JHyN0M$I!as`~8w@)*2Uu|QuY5*g-`de3<ZMW%SZKrW%PX?>35^*A{Sfhv*y)gC
zvUvV*?Y=GgyCTtiUt2WP42P`}*1-Z2?YExcTNXNK%T0hL9?J<{ASjKq!CAFYdtbY_
zdw>>mG>ZK&b32N*%#JSBs{^;2kH7~FTA!aqw61x+UVL6vY4v*?_9@*n%oifu(fA5)
z#cVjMFUCpL%CsF4WnYf0pP&@N2(SX!SJEZDcidj5^3}Tf^6|tVUm}y6mClS-ij*v>
zWobOb+_i~v>8v<ouBSGS*h!*ABYRflD$L_<_YsE|cSIhN_sNhZU)m$8c71_cl{}qY
z_lxCf-|Jvt7iP&&KQ!*HTA&QVVFn<6PrWg8x!L8;qOMT**rcS$z>Z(;qF37KL(5Y4
z>9UDGJnG+ge3D3L`TTk@iNq`NuN+eDhEhxPPk+#6|G1Dl7S*TC(SuYQO@r~y0~85~
z{ecuVxc$C6BiU&0Ru1x5&ctk2_GX&D>eVWrZ|3u=1pU{|m|acQA>^Cf8n~hEukWKw
zCI`g;N~=~A^%5%k3r>mb+#@fbCH2Q9H*1!i^I6vJL4$5DAgVj7wn?PZ!GiMnhQ)m0
zZI1b3KS)1V7mg?M&_R0Ir6O0`<-)Y-EdySw7oKCq9bFdM%J<kppZ1dcJ8FxK=ncDo
zLJEr9w~gM>H3$W=374iFiHGom4_B)MW<}E8U#s%ml_%jeXXF~g4qoAZ@G2R})h-wD
zNpWOX=QH1)-R{o-rp?ttQNO-(FF(6qHebl2lxs7P^tvP1vALg#L$ZVhFzxe+R~HS>
zgX<WpQj(7-ch&dn9@Gr0PK*DXvb94K=PPhtpH)Uj$L*3kg;)4j-S*xh(5(3x;>FJ~
zy6H#tIBDJQ70R+&d9NQeX4qi`j5t$xk0Ju>_^PdN^3^f5$rPTWyK~^&?WcbN$?TZh
zjMi+}j_Xx@P~R>okZjY9eNQAl(ABSH@L!VRkI<>zL@4g6M0O*YU*9g9Ygm8W8n)*9
znm7hXS#~wea-=rbLg@>;%7P6B8=R~*Z)T9tFa2@ww$HH>J*8uw{Uu{olrI>4y@F6v
z>>gWmjwAZ}ZndNFVO~l2d2Ne*Pll-s11AlLnVc*M80P3R3yYKiGeTj%I0MYs4V<~1
z5u4XnUDfETy#N>mDP?;uj~<@IX$B_Yd*PM)xfbkmGl@^YqOT+{!_OJKnb6MknJt6e
zp2?{MLg>sqVYGRNJ$b%%&(QkI0YLpmwn!C~J*AY>oHTI2G?QEW%5Kc~JQ))>wXeGI
zzNe~^k!Pl1P?hI%*1VU?*$5bTyxO}R$K|F;PNtZ05^o~dj?O&mKQ*%$dT7PdF1(6|
z`_X*d-dsAtM)K{T`So7u{&Cyfo{q5Xbi6m{auVn?mr~T|6$IrZj%YYq3nP=Y$pFDq
z0{<%*nCeXt6C5s+QF5pke{Py9oz$J-1?)=30N#hmiB#}=ECaEbG|}W{B3uMHEwoji
zgeyf3-TB;-wP@;wroBCn#;1-P#o(y%wxP)IHN%tXNaV~eLV5Vvt&R8uZ|T$hBjCR)
zx@I2h_Iw2EBr0!uxh`}J?rPuNqRwKC+2_<e$SX+tE=P`}k%u}tKio=Fqrx4($MADy
zC^B|3dN~{$=jVM+GK$gP<*()7k!_-iE>gUqCQ_b?M6svcSsgf2)2d`SNs<jr<A6*Z
z*}FZQg$$r7`VyRH2-J8oOmKbudYnyK=iisDRYd_#aL})qFyHflAsmDK_}cxoqj}iH
zA!RNM_x%7ya{7(-p%$Oll1y;Y`NNSZ^@?5{eUcOMfUS;+c~SNlt{|rwKhN*+W$$K`
zgMNLRyee%|<VNY>Aowm0VRuPkTl4L5q$QuQs!r`}iJt6EI~K*|{ybm@l*xnf0%7@`
zm-Hr%tF7Ov<T>ssGQe#u^Fdd)<HysbQ}>B>WB~~q$wXfJG9FK)_wY8$a&1>1gVW07
z*F5$%IVFdXTnD@nzwE;9C28GtK0iPA4>L)twD4Gn&S2n(4}8;SB=1;3{<zm`3XBM_
z?Ojd70_)mBU8MCAe4L@LAFpp`6)3QbsC9Tu8UR4pe?sD~#bS$H_lo)7o#JG}Y;Ldg
zN9_P!zFCqGO>9b;B#zI2hAxts<sF=5f26X^;Xpe3c2Ns96l9F(*LPulwQeQ3@Ai>J
z-VB?`@EW8LDo<!ozzg4+<9rXLOBiZAr!F6*&x^u=g0%(IOMiqnT@Fvb)T-L-SUHoq
z-vxQC*Bdaqt8{@V!a+*jVYMB~q2w~`fhSA*{t#yOGvt;_m6+=53qk3n&^?i@)_z3I
z*Tx5O=Hu8f>Zv)`20V~%;tvn1WY1id|L(@R3EYu-S>(w}=niw>?)p;6x<@KPvgD*4
zLR^+V2l*YZ_pwB~FkYqZYT};CCLa^{Zfi$4FYj3WtR_j2-kw0@9vj_-Gs8W5;oa3*
zwB@QLpt8{qa@fEf|C#*lPfg!lyX1SBVgvXHS_p6GyAW;a1cOiTdn$m&@cs=;`hAa^
z1Glh51q^)FeV4f!;+mkvkJ~r~V5(s{ZWbk8aDQ08T3BMY#TSCa48-=}fQ13Jb$`V#
zo(eDHzQ!w(;1!g3D$ESkX4?~t`8D6!tu<9UjAZz<nnOE5P|-QLX=4@cA<p&AnERHT
zuJ*D&n0G@8Zjk4mu=DVdPHTP<Qy>C=!OjwR?h+}Fhs(f_dZZ=rKiAWF2GYV#=ou7G
zav}I)r+2#sK=|v&5_{FVDfGmnn5N0jZ@PFg4Dc1m^nWl7stfVa==#S*7l@*Mx+xi4
zu0#EV<!0u(r^Ol`3Pbz%2o)pXeChk?Khxchvh?=mCHsKefv31bW3BkBo>#qNieh(q
zW7LwqmAn@k@%L;1+V=N=mT316bv;!GUKb<U%5(hsM!cELZ9K#eHLI#S-Nxh=8S;Ic
z&7)O$XcbwVo$VeSNc*y0RyQ)AF%%H7g9<t)C|YbG93TD6M6)!B2kP`@meOAKw^Ow<
zl&3Z*S6!bz>P=}OKDvkoO{;-|=4#>ykWy+ioSMsM?S1XE-xPXx-2{pFMaV13*0Wt*
z_<lJp)L#P;!^%H8=@{-ghv#J=>R|cW%q&#T9vOL=cIExjX;SHIQt|>T=EnnyYChY&
zHkgNUFhr2HM;7nIJLPCRNPB01uCZY>tB{A3U-@qBmTY79o)<k~)AVScJpNqHjp{ZD
zB1`E!B_!_hNT-#|R~Nq7-FizmVN;Ndvc{bC>rKsifB7y{Q%+~^Jbrez_(-VFct1t+
zjHy@Nq2%EsOp<L6>)(BkfJb5+Gz)ZwYJEQ0^hAZ`doMQJ;&M4$cgc~i{ckC#U)mlu
z#jVBm^vk!te$vrea8IinM8JrR2a8h28~_%G2DSawy-l1GVtA1N(*@7^e3O=3m{)~N
z*~4?LiS`0N(K9mkC)Z|BAiB@WDd=Tw9kx5~|0d_%H+#(~fD_b>=~wPckA=a@Z#G_o
zT`PGB2>f=q9pq$}gnxM=gt&6_nRg-2y%P}GhAxZ_Xc*Kvl9y59X7?O^IvJ79+5_F1
zj#59ERor!8p7piXVcB&={{fg@n{ux+dHEAFHaH^j!Ss3^4$FB1Y0h9WNz=#;8-D9<
z{Em!QZMVcj_CDR`LLYj2rFnAdQ@16`*H^cxDDx3K+``{A`iX=1e4h1;HxK9b+=wSw
zncjTqeLj1uC(=gm*fZrepNFMAelK7S;N0~X2H}b|3W>d>x#Y$BdJUBLL`p>S71cqt
z6X?)hi$#^Q{2MrcJl?hK!&v(rc_{H^Wmsh}Ok_1XWUpM#zHN5On3w&uvyHhq9VN6J
z-<-?z<F_Y(*yNsrN84UI)5c|?_$m^qa-Y;L0(j#z!OH+zWzMQlpWC^Q#-=X20z;<o
z8N&e(jJe~FRGvBHnlNgA_Jk99qBaA2ojnbjpvE+x)B%<O^Kak%*h|Sh%c6$igmB5t
z%Q;qQ<o_ir?wGN;W!A?ex2?Rr#=dL@?&0rWJ|Qc}lG#jQT?*rwsTS#svN(A_LId_6
zCFrN$be7vs`g^o_a{3%>`kpFGK%Omh24~6Nuw#CqT(O=Tw5XgsihI{q;^#Sx!rWf#
z;wr%>xOJZ!W(`SxKs~l1)nc7_d_OS%LaKkCA=BsOaej=q?J@V?G^8FEV~CT&8263-
z_>Mz&DCPQlu|A!f!w#n>cTdO0oqf9t)nr(DDzaI@T&Jos)gZZO%%{uUD?mK{xn0OJ
z3w2t(u<I_-@6Kn-lL;72av0j4Plft)JS1>mL)4nt$1UbUR&BE%WFXeyw((2MeCDXa
zcl8pVUW(e?w(3X|708M0(_N#Y%?!!Sd6{n;z3-3VL)gL`ePN+g#?wo%ZXEpdqDJP)
zh;e#redM5ucQxR=HC$h^$RF+oBm|=V`9y{U!-3f#)80$}%;QU;zfV2ZnUu1gT@26M
zAKgEV!xUe9O1A6EUy*u<wT^S^<HGHrB%`aCGg!}oGm&#U9C~%nM`6ak97gcH{OHiP
z*HKl$r`GH<njfRnbtl+43CaM`pc(*(t{59+ZYnV~%E-CK$_D7Fsq`k^lfHU~hbpex
zteu_B))=r96_@AU+lAL7!ATx%Q}?aY;vqI_P!KX)5O%RA{rKB4!Kqq59s0sUis-q(
ztj5SJ`2zKb_zrO8gU+j13THCIlGF8aAxPJeX%^TRddiY_()V?25dFxAbfx4(S8m&1
zPcO|;4`kpqcd;mNpD=%S^hW=*c^aSZQaQ%RAaU6)x{wh3Q+f^lk0voycE0D?`n><#
z%l)3=1+59}&o8Uj$NK@+x{HTdzPx(I`JhLfOauTVT2au5#*moGovI&TW=n(hi=u~c
z8J;k9H_Pa%ktk_9E>m96<iqr_KsT=Y+4L9wP*~^@F*EHxd-z+#Tz^0E?H?Y}yuner
zHuk{p9OA@=kMo|6KgLKXNf?e~zIg38@{ccEB?p^&8DrfXf>vVS>t52_K5W5=9CI_f
zU9V6G`T9u@f~zOwZThkerCO;s^0fUOE`IRQj*8zI`4}|783)gUm0kYQkj%Va?j0Pg
zwN9>{4*U0Ul5*r825&{=0NO^2LKwl5Xc|GA)x4<BLz^xdN_4%E`>sz>ziQw-@VeLc
zu#3D$E4ujleT;lJj*F}?>Ys9{p7vL7ahsB8j@bv{_=8Y^8}H_Ewh+JE){=&+%xyZh
zp7Z!bQ(z3%3%tSh3wFE<`?14m@PB^Vlqt%~PiI{^eR|lX5d1#mK4I<LY+TG@WYR1{
zMPXmGn?!JNP*(4*z%Y<Z45Z^!)?ut(c=qy<ruqk{vb`NZ8{AP5dQnxQVD@YDTs$-g
zDG5f&9X1nB?CS&dZJFPwkKSFlZN**Q#-j`3HYQ>ZUn-XOpSb>Vu9=>xmL8z3jNflo
zJyV5B!Kb<9ZicHo-}LnYzv9WVk&mm-7^@+Kx#aRr<SKpfeD(_Ppj;Yy8NiNU98M1&
zmM!!A+=td3hzn%ca0u`IMgpv%)~&FUV)+c}@x-iT_54wO1saIbD{3q$8){th{i2iV
zdc2=qNWNcQl$iC_tGQgUVK<iP-2_s3)Z27C%<*Yno-w_C=^9pQ5NsbUCORtyn5rgK
zkNYKPU!GMi3n09w=vvY48h|~IKIm`{BP9-zgWSGOkHNW5GaOS$J@@scqywTFS%|vz
z90)w=rIjm?siZf3zsgIJc_g4T(hh$>%W>?(8vAi4$GJ}5j$6G>C%26!V;UAw1qh-7
zqU%|!Y-nA?<a%?WygUbc9vGioI@l%n?-a6^36rA_8T-sp95<(g&l*Wjtg}JZ$f4)+
z$YLiSbREE{fo3h?gI14?4cgwhRudUDnCp#9l@&Vmf`WN%(4-~VF{Jo*p|&m@B?V(8
zuzLI@+u$FXmx38-`^)=;R2BZ9yU`emnTuur;72MvCyug>@s<Ora4pxC)A<+LD|OdU
zeq{RkEE*gve<$AIFV>z6!vM7_(6iy1`PW~Nz4?QAB+nvi+{%3w*mAV`z$m<>yiaFU
zAm@)+!K5E3@E9;(QTZ7j8=k>7&t9^Fp;vHoc4o<&zaQcb$rV^1)eYl99wFF}+kW|>
z!<z+5C$`hCcK4aNeSd;C&b?B27LZIpEomwxpOXVIf2sqTv4A|A>?kt@EV1~{7g@{(
zZg{YI`ep4UWnxFj#LXldH8s2DeJg$|Q7#2`FS<@epF}Ts-(banMU1(x4-fCzBt5&Q
zcE|H7dK<PI9c3d+@m{_h4`)H8Ppfw|HHenU*$BVi=ONFwQikX1OK66J6sXIcM09^>
zw?Ahaxp3tgKAjINz&RYQG`;eU&m#yXng#m)6;KbA$q!}kI&-Bvz4gc4e82(AbB@@R
z9NOxj&sEOTB&#3n*_Hy$Wv~6(y;@tJ*u6%K`{*wLA8IK~4>Wj{$@iw(`{S)-=xg~7
z4`=?7`U{E<`r)u;&qbOs%BYdvBd>C)EYy=?UAzM=LiLRbyx!IviyloOi-BVN%lH_k
z5uI3`+RtIP#mD@9C<`nS562Iyl+RJTJU{WBr#HK?-M1k}NBWFOSwaFr4lG})mR}&)
zVr!u>7l-sZ7V3(bPjc|T5JJ%`6UzkaXByO4^^(!l8e`qfk>^;Rvgr;(5#i?cr;yC_
z-SyNc%Pw|}pG{S1Xjm%ddg+0rEr=M?;@?&E*l04jk+B@Z7TITPpQmGU65WN&(98V_
zyN-;#Fn`ltwb1F5i>E}-%G_3n2#3A3KE-i|Vc1(ib!E4Oi7^&P73_cN;Q`Bo*WYsj
zH_jrsk(mb)wHbM7eLFbkcq#VH;#TC_9u-r@0waa}ua;tNSnV2~@*vVhCV9p`N6ty+
z0OjKwWc&klytF%)y@h1He*b=uC0xT)@n0lZ606snCZ}x<z0Ws5du>^!n}+CD{`8;o
z@jQ6Nt>|8gXW6y=J;&9KbI##*Ie8dK@UB~mhOQ;Cvzt&A_xq5%+#MHA%dRrPrynkw
zE1Jsqj$lBVnp@Ia_^cQoD7UR5cm@MZt}smPS#XA=@Y0VsVXh;gt~-CQv~t~h#otyF
z?p(U3F}Ey1O0=1OV$tea*Fiv?T(c$@&BqiME^HsAQ!jiEYy_oj_5gJ{T2Hp;&q54r
z-iMj%Psd+>;bdcwlEb*%VG&i13jjywC-YONB{ax9KkUlZVibtm&d+SyC9?XvIuM-i
z8#Jt1KKGZ|NmyKXm|E0XZ5s>wg<U_cM((5!7?vXLlD4jqwT0d`rwGzR<X`swb>d?*
z==}Vz?Z5BL8Cj_-H8)yVG7ZnFHu^S}AkM5NEa}As@EvJUYj&h(LnR)Wf=>Lk;A~-c
z*Y#!c1ONUK<AVMDY?85^7RDCO#GX^S!vrG<3u8tlhnkw=9;E~YAul;%lh23$?C!^i
zLMbmKQy5$|d9kX?;D{_Uwl3d?i@1|t**OiO<QRl)hj*c7_5AF~&N;!~j<5BZ1)3A~
z<<s@Xb9Ksm*fbZzZlvg--$tDUg?arBwIYts-)dRl;GpGJyzl9k`Y5d6Ku(g83D-_I
zqD1LB)W_KsX=u{6g66?b(i2?SQ_G<lxsGIb99K;yiH3f!wjIW#C!<=i`EnplK4|2U
zO5l;LznZnta6Zw$L>6EaBGTj-<vtW|=V?4UD1}iaZ0<Jwc^;R?PGY*)Wq5bmsnBuP
z+j&`&MFvD-YL?dp8Y)l7q8zOhCB1#>bxJH#`E0(gmt}Q-e~y6;6hL7|jd5yrU@n(6
zR=#oowvDDa8yw<XB8-yOz1Qq<yRaTC;qxb)0YuVtDbqZMJM5c$K(4>B4N3g?ImPWg
z5p52S(?zyIs4(-kdEIy3ih7ecl~j}s+9%o>gQK&2Cev@KfK`A<+5A;DT=6uL0P6IK
zj$oTl187To$b%iRQ%>pWEt%Yh12wS;z#F}Y`xzxGaqES<8$Pf~|AIDgkf1?MZG`3m
zwa->`b?s*VG?csj^~A;ec|O6ajF#V&53e0*=45e@9$g%Z_*i~*To(qH+fMM8&q>^Q
zou*~vy0M{}Q0c<!c1DZvvp8=1)D=FT3f7GHbJQ<aRV~&M5S9<(EXm(pX8KV1F^6=9
z-SU_8F^0g+N-R&ZJYUn9TpGmN_Z&htC9qXQStkP>_gz{yd>Z*(UL!pG+8{qhBw%*4
z9g9&G_E1c`SIfTqq%HKZzhZ_Svf=O-B1DzfYTr>`5>`-tcAQ_I;7<K0lM{>5{5W-W
zeRZdAizP`jlDWK04>cLHf-i=ew!_kl-D`98p2)NGUSXzv@$SR<jL8<2XMg$Qd(>I+
z{2qFiEnu*G?@IG>|IwgUKN4fY`|KQu^=|oI=lIJ8bPT@)?fs_}Uvr%iYVQO0{bRo^
z%D~)48b;GGnLeOky8HJy>=ESaLwR-T4>1tH4%=wgLh+LgmjEd)J}*Y+qO*gNwmjt#
zdnTy^ZNfSwL9sx)b;&rh=kaR0>>(58M@1WHHa;qK>?z}p^%6>&m@k|%vF|%=Kt29a
zmT1x!;_wn{;kvzy!i9#_c*IZ3D#^Z_dqM4KNE`jhe8QcA1VlGLus|Q%JP+<7r;zMV
z@+V7vk+Y>)rE$uFxAE0Sj6BfF+;#H-hr{|C@F&A7`S|m9L6f6^n*S=9L9aEjslcpa
z8Td)*;19hlASb<kSMT%*;hW%T<$P@MjBBw6rx`=4&~Llo`pK=besvO1q4jM0TY>}y
zwVO~$Nds9TVYC4Ewe+O5pJ2M$!}G<|pV7h!v4@@<@mi*T_cf}6kfS}%iF>iSucFa&
z3v;A*(2_+Y6n@5Wsq$q0_&3;kq8Q=HE|sY1T}tohdON?a{mDJ<_{R%?fzC|XITAu&
z44Thg9E#pF@_Q^6uS}cw%p>yQ)?ydut@}#bSXSKw>xw-*>kfK*XYvQ^2J*pwK(^n1
zBxpk}rnQn~L_*`1keE~+->(3|U9E|bZxXMH?}N}Vy^9U#B9I?r-9bPl^BFcmXD^t)
zV(&LhsA@}gU*xsmFDJc*lMMY3z+&p7@4lpjZD;W)nRh*WdijHl?7<_RrGRnaLDEt?
zh<YK5(yL5m$P%|U4-56{-Xa;LpVsvwD0&b^;GcW}@j@bzA!CF7QLaINyHLPBZhI8l
zp4)CW0c5Q?eBRD%UX~|IkDkXoy_7xoXF1SLg6&J39i?Pe=g-V<evVvezSJHbLgLQB
z8STREeltYaKNYjS)q3)IY<4%Ak_E>BMh*BH!dU0~wDBCi;?~x7E#FiEiACX(xx+no
zV~fAm=#SfVY|G=@%J!y&;`ssB`ujY}6v8qIIdtwEC^fShU$6>>_1$Y^k^d3`<M#g6
z+4X3v@7WN0*oUkiCEV?I=%hHMyL9oLQy5`dwU4@tF7)^&uQ1e@naj=m7<qA<*jMNm
z;9a@fD`&~_BtAsfiLJ8iX2TOxeb!S=9zZs7ux1WU!<E=w;G{@p(4`<3ORq*nIqNNT
zszYw{`|*V-UmDN7Z`rO-M!7@iu_XK?4Ja@rcwXvozc*hGx@sY}uaw^<$k?6Yu=^>7
z?$OyWoJ#q1_gRJ8X@}qE*MC8|+Wwjr|9%)Jp@U!9Q_T@E*!|t)6Bv5Z^}({7#{~2K
z*Lc2<>0)HT58p;Ee+~I=^}J+|bp!b>OchU_s>rwZSZ<WRKWK;VCP7V#Z4xSRRnJq(
zrt3<|+_?Me*iSHKKJ2>RXYr0Vt-4)&b9nG%%9h^tV|^pekdZ7Bz}k2g3uiTNAmWRG
zI#b!7>fmRZn{v86g(!-~WzzR(5+!RlnauG4iBkF_Iof3tlJYSpDZtM9`~gdjn%S|}
z$tld&IXn%-78p489og7Bp1~hIu9t_RRR;SOfR)ilBopN8Y--^s-b$+CV{?eo0A;-U
z?*=>l?njj$l{tp&*Lekdt0QBvf3nm(Zuq%)Yu({YQy&4VlzXC|zVY>DuLDkuyugXZ
z!TOoNKG>M7i5gkfL<%&>a1fsGxK_)bQDmw{)<Jcty{9Y$$C(GFtR-3uIggi>!V*G4
zJ0|{nuhe8pZx+wK*z|l%(}x6@E=h(!v@LSR?yztAi2kV3ty+3Ba!+TCJugb_pef>t
zRL%<(rkP7p--Q26Rrx8Ap|%Ii#*){l4jHtz-!D|;XOr&9z1yH_`P@jf<nFhJ`@Cs}
zmOn*9ka6TNq_v`+tDMiYPahWNzb!Ll(XZCfbMxy=Y(?D+4IZA+_ZXy$b*U)n?8AP?
zoK7K9%r{mG0oX=ef7l`ejWax}myH)uwz`0jM23^)0((FHF`d(mLZ$ujmU%Q#QSm+H
zgTnkyEVq5f`~lbZi3%l|OlP?QBq(KY6Lo`|To9x87O(#Gz8nWR(ldDRm`E0Im5n9?
zzC(Uf6!P%(dhXc{o>X9hA)QF(>b+s;uQ_mo0j+4g82=?{ZyXwYy3w6{tX8v>lH5w%
z-vKp;kMwx6f4+()td!B;@HM{%{OHgocm7rPYw@JUf$Vnj=9oG;=uyUWe&4wyjt(D7
z^)ydgWQrW`eyi#G>sWohSZ%D;+6*c5NGfvj8ef{v5lya_3s!M*c!?8oqloITyZvU_
zEXeq7^PKY7HLbw68@#Tn<<C?n0nXI?MQwp4f<#8vM1Lz*_=W`I5X4960rP-X?Can%
z?3Eo2>Etcet)Mk-@Z-HD$&N>_p!p}wo;0kOr2WY}j`yKxNN#aO21^>Q6~I$y!zA}?
z_Z%oH+*oxl8nLG;pR=3JN8WBqrvQ<XJR#n_NgPQltJ|Ap9gNSHc%*i_VBeyhsM|e%
zDT@i3&olC@BW94LqYqaly%A+idF3Ns0oMuW)ZdG&lb@`8wee1RAHAx6UHgyb9|qzw
zB_-wJ!LSvd)dLan?q>8E9eca!AYFWw{GK=mt>`?bekMOt;o_h(>x7#{FVz}}ausG4
z<$6}<i5uNsbIb?HUC6t`TzzVr!ivmHd$im^#n8cW73*vUf7T}`r6Y3peS|-fD_W*2
z@FTuo=8&PFHA7t^(z3As+`(mASM*7zPgBgYa3qI@()IjCV&SztUe51HaEyGV2Urlx
z!5935I2hRF3l5mtqe<vbJ44O_o>r;28`hhtSV_pZO%v_^0M<JzT6lx9ix17~HjcN0
zat0K2p<cT<;~kO!OXP<-c`Dt)NBuR63omq|v<BJk0b*Mze&6yHfFyExml9x3W4lbR
zNjfjudVIZWv}SlYzYSIHxK_@qqVdVepdw|p&>uePs7)%m-WQ!*?Wi`cDf6_Hda2In
z!8@b(?FH*!%-2%rAI~3nsDPwf=V?KvM6{kiC*_e?<kYbC1^|lD+76>TBSMd1Qr>M+
z?p?0+^qqu<i7X2al*p)50#7vb^$aw(?w{bvC|fW2WRLh6tvLsJoX^1U!apbZEscJL
zyM#)gT?orr;l3`nHwGC)Bu5=isxVr&xSWESU)bU?7e-c|m?v$GZ}-GC&>>GRquFz<
z{r!A~?OH0s`^OwMwK&!VGSULvwdT>QZtmeduLZ;C9BeN_hA#AH3{pt9CT|26@?Ds#
zW5^tfmShtjhGkH}dU2?8IHWaH`lo045|(tOSQmqe{OxNvj^i6<*ZlUTP76G+>Om$}
z9}>y|_;12oduRAk?*3L#oQ=%)NLeMNA-nUf=}p)c{Tn(X=UQ(*JP1f+YA^xJl+&rz
zuf^Fyjri46i&(MkB)#e*FGOGHrz1~PB;^F7Ol{c5l$RvG=$$5YhDOlc!l%QLTY22(
zEm@nsE9t(Ales*b1tXMb&*k;g28SX*6X4Q)YKjl;IVaRk`Us!LUCw;NzdKrvKVcw%
zO^QBJ_mW(pA+SGFsqA0Lf%d&H`dyxJu$g>WzN0gD6!L~wc4+j&hvFghzuaqtXaZMV
zUcXS45f9g--hI;BTzfM7`I+~}jo*eXs<NeysnC%@EeR(LYJ2<!Ah&Lw#0a^haJF=-
zU_kWBdA?#KTT0HCWoNVFJmb^wb3fR_O&DW|RhKN^K)m<i%V1WT^Cq$Q9sHI(>5!Cz
z{=n;7g*2r&acGKX!|xJ^r$c)-FO+w0JrYjhef$H33n_w!Zis(HXBRaM8#;{sJCN&p
zZ#u8I*AC7st$ms7-P>*zJt7D}b3;s(BMg%Gj@;keD|O{YoL=vxK$GT9yjBPVXuqv&
zEsxGj;N8<F;d{&8dv$^41ImKewPEr_^XrQK^;VG>ZoD}=a8qq%Zu>89)(Gwr<u(HD
zNitWkWl7Mg^G=N8PpAER9W&Ja%^1z%C^4K5xQER@;~72>THf<!^jv%8vI)Bu8a|=!
zvgrFef1d8(c+V85%bb?$G1I}6%EsNkd|zA<-h+~AS3kmhgcVfVOF4+k$rIUV>hbP(
zzhCm>K24~>g)IHpHxpjZGyUs}cz27RRb6Xpr9F2P+NI{jOvFb|%>Wy_qCV~3`=9rF
z2uGb8WA93QG37&L29XD`1}FesXg-~*ZU7I$brE;ZlArMM1RliUWBu}A+@rn9*q1lW
z!<G(Pm6|NR*qYWTZ5H&(A1=>XF-UMF9DgT?PWikvAdDHYT*ix4NuLg(^$v>XuP;0F
zoQ2Vr4q@L-B~4#b2)twU@QjsV7!lIfCb>Ijd)8F%nV``QYr_AfnxDg754%()0l{Bc
z<AYz8WX)YR9~pS)JHPsQ1$hlGzx(Uw^E7YV3)&<1W(23W5vD6CR%@=%!>a_C`e(m&
z>4kjpz%x%YeNq3~W!U-xvL$-I$^Lubb3Mr1Jw>g}di=^aORJ7fD6+1w=uyr)Xg%1*
zcwHmLYrJ}bC_Fp4@uL)hX|kK`k@E~{w~lPw<zy&=EuMpECwb`Eab|xNl_kG|bqFw(
z0xw2;+v!J!Oc-J_?b1ExFphRQtQNJ*uC3v_%G#IA7vOI`y&YZLBC569>N_D>ymy|5
zwLhH56Z^hR@R6XUJfg(%_<U)lUR({jSEvs81%6%W;O@+4fN8I#zn;0*;fNI#TDx5D
zi>BZ6iROwQ`VGtiy1XGsrcdM_>Gh1|$P2Sl17rGi&3@;KR`fB2Ls4j_tO^uXM+*?j
z-5wpyVEUET2Vc%A%<wIj+UUr+!jY1Hh~h+@N5?#L`cJ*#a1@AGuKDD1`dy!@(%N`j
z<MMFij_vbu1(=z;d%=L>jASd<WUq-Z6mQST*{2G-svg$8OmtS5(VQT^!wD-fRw(GX
za*{!4yY4mln`s@^F{~FVD;lVkURR5A!>QfT)lCRqeg-RICQNnD{R{hY3SVlo?Nf~?
zvFE1#!){JGygG|KpkFs08~*pyX#t5&7<UcdVG!d0Oyi5P>hFhfP=6(vyI_ypsl#3;
zC`}2(lYVmt^$Vd;XdROKVzdEQf`(y#&ZjxStOtN3EX_svsR6CKzi4ZEFT<J}$5-MT
z&Zs<2kYfS@cemBYr5Vrf9({1>HI5w*)ir_S@KavDr;ZbLq5h4ub~xd7`NOvkq6pNV
zxZ5rBYu%qd%J=ehQuF<>M=?-aU1^6&W)_di2c9HkA0rXe$|etMw&Nd8T=d%9dks>T
zKCk2^%Z7XP71zz6825lCVK(gya?xQX=yy08xqiYN^%a3s>JAyjTqKL}!I{pC(Az0P
zWb5o>f=fLd(g=7!9xDB!le2KAwpXkU68v5#WJ&R-9IbBP?Xe5G?Dl+61NVJXzcy>-
z0_%W#BDimMEgm3e_hymQkN1R)4$@1aR}ea+mS=-cWpv{K;Ps1g%<v)S{TOL#`0Nf&
zKdeYEt%n4ML`J#SrLImr9cor=7akNzU(3fGxp>2MI5}VIZW$0pkQMAsMgqn>uNpsG
zj(iA9*NxZK!wbIt{<l?Zizmx#slGw1gnU5qGm`oT%V^g_jqC!vhJ<uI=12q}bGDz)
zEPt9n$0T15ku5GJuL3u?KU0k(3OZYq(ge`m7bP#*QvT44dR;EN+jNsBJ8?nzZRF>L
z43YR*M}oI}-T3R<Ki$mblteT|aKDl-T91rpz+WIImqw}jbH737s7%#ipTvjv(dRy1
ze%Zs+Y&6Cr%Z#CL-*~G!gPp=XLHSYz6b-xpoz_a4H3N3arY<*WfcG4SG6%A!6`q^n
z_88f&{_Rxzhu@5K&Uf1~HpDUv<;mIxhnZaY1M(_Q6yY2gTc5lT^DUE9X#viP>C*wE
zY(KQNhV;@rK8iAG46Yw~%3|fx8gte{QbrbE?vy|bG=<7KR4<zjj@ftozTmsK)G~(K
zgRuQA2ppg%#2AeqL1p##_Z!)ZB5Pg(`to_~1u0vu0)hE`%kA6bDPg#0qGU{H{`{&T
zR)EX-c02xlexafA)W{q2F{ba%g4<XG^ZHda%V!Dl;(DGAaFR5C{Qa}fSlZ_A=zL)J
zFDIMPuGp+MiFv|8UX^**=zb+_;=^w=^>S8J<IoFfDlbqWA5wh{p*JKa*qv(#>=>|c
zy}1AeH#{hMc>R8|2PZ9c?%jXYgM*vzro6x<rT9QS<QfbfV6wTC7#n1IEkx9&I&urF
z#oj;dT;VrMVT?q#EpDwF+pk0C(+||r_id9*H~qeAv!FS%T6BU&M9>2?<QQw+OJRq;
z!8gcL597=6EmE8%t@r&zeRWNUGU^8U5tx`?T0?*^O;i6uF-W-;d{lcwoS}jsPVtQa
zh}nX6HFGvT)_%{S-d}dkcmqvgxWi3mzZ8&7j{IY>)y9nhan~Ry>204T=_iY5FnZXx
zWF#B*YS@pmZ%_>Tti_#5%Z=tYmgnq42ZPQz1BUWdrQGL^_?G?Xqop?eN98U(tV}Gl
zVqSr7L*cXNEfBK~zt~YVj}M;j-|3)E)WZxdXrxPic{1g-U=$dUEYZzQtd}>vlJv3L
zkFMbP3OW&z01adnW@b}`mM43S!!Oc~kA;NbLuH&y){xfxt~$drIlLNE*^CC4r1q<J
zylj0%g8X_M)VMS5x#pb%*hfnV8FIZjV}4kG;MXi?ko$a3HO<Sfoi28J3b#2%eBsQI
zMCq*R@cK@mzD?#A*iqB{6%YLck(c`o9>PEcDjeYUMtbq4B7_1o;HWjfDT{5F?oSvc
z1bTc|fYOMyjrTR_l`MGV2X~vdV};2B2ZLZzvX&(hP;ooH<Dj5T&x!ubNrgV*lG$$W
zsD2OM8!nLaGBQ*<9=E)J<26}ED>3Wp*bPkR-R+IGph92mXuMp0BsaoqQtF6X%>mSq
zA!;=K{O7P4ekOPOx?o^1Hpjjr9vA~`@EAYy>fc6~xb07{F?5m2>)R!1+Ieg+>Rft}
zyzS^EGf8wjf`YYT>+s3SA>Qe`DU+JNEaeV@KMbc1s%)uuWP(81%#cuc<hpwzDuj&#
zey0x6cp{nQs*TsPTpeONIr&I4)=MFRKNFz^C9BE<hYhY2a$YY4sVt?lWZvka;CcAi
zm*3~Wd-A1Xc~3#JfZl$t0!1B{_+doawF@p<NYh{8JcP$CqBHSjTO$v3`CeUp*aQh=
znCCanT~G$|kL3t!5l7mDNO6J>xU@wDdwkA~{WnxCt`_woJ{wwbl?pWevHgX(H;j7H
zXJq;dj7)MfiYd2KNp7%%SKoS%Pu5YYU+y8@Th`_ef0_aPc={~CAr~IW{Nr2a)adrt
z*>*<#G?+G~29V@40sB3jt!exzb}c|@%!%M|-L>J+l9Uf%T<OR1&;@NH$ozJX;m*D-
zW$1aSHt2*b%Yf)8^(d*0rvAcs6^O;~Zr=wvnP%10p59-J@PPpy>hT#asC>}3&7m=3
z1{OqjWK4*{1OJ^wYAfMSL{3(kuCDoNZZHYE9>88JVc?jbdh|(h;8bxS@I2M(O9WIv
zku1ukXPTDj`F1CnB&2v6vvH@&;NbGHJVg2Yp6t$h@cr*+c{vr{#+~n8a92pTU(=w{
zSd-uHbgsH?ObhSp_xvW0QQf|AkpA;>`Y=Z_2V1`13=G8!-oPFX$a;%MG9*;aIz`_b
zOvQw&+Lm$Z4N?8uQ<nW_f}}(9{DM$)h0D^nnE<;G^S595d|iBB*u3@kVdg)RyN*7k
zGr(Ckrv=hR-))Y>xe#IqU^Aofe1DFU^2+I$+Szg6`&EJ(>f!06%%6=tS#s1h@-|ZW
zoejl^922gxrkZsVjKF%^RBTh*??(6CXZ|9pW%7h2j}&u4&x@44|Fm1OM^qy1g=NOR
z=q<l*((zG_aH7|+2F=3qN}(G2Bo97*QgZ>K7Yp4H!lja&vGcVBAIUkqbz7wMI*``g
z#k%oiq-$&)fO+1(!7a1mIH+gpyM2ptHyPf8wv;!O>SS~I2*k_Kie%00i}`^VLdvY@
zKrZVw4&zhahzZz$^`HUAO}W1LP^8Oe_QQ~YQ(%z{e=EyihxdOOV`$~3JuD7#3uHhV
zZtZvYy;-zIATLHWHV3gx9SjGhmQi&-_xJS~w*IagDz&UbJ%>6~xePGgu`h3P&C*~O
z%s6=I%yCunh7i28mH~sLZ0vz9uE)!|U^Fed?pniQH8kFth>#o94Q%t#o_j%X%2{Gq
z#n*MAqpZsR#lNiF6cKXx=yVw4rbu8yZiLg`v&Us^S>_Im(@7qaI_EEUW50U}(72>-
zOhz?MPf)tzQLFZ8D0V<pL<UZiVGVx#k)i*Liz3&l!rs16QKY2V1s6`@>y6BE_$`DO
zh+_TpOAdl$CzUwi_l`&%wuY2=wzD(Now+lq<xBR}V@8)=TRu1Rw_lBwq_&K;jBaq;
zFl4k007s(d@W~nwjbBP8D}9E|jP7rJ0KZ8iC8M%9(0xxJ1@dw(i{Da7)NFazZ~DUw
zqCE!fA@BGTiy**Obot1WQ~u5g-HotN@!wsKIYOFXF7joC*XgKi@SQXT=~o<txi^?M
zYHjvk+RF-H9%f)@R2$OtAiq97(;3R+wzBMb@8Ld|M2n`a=cP~%Wy^;zaaGj034XWA
z8c{^hALKny+sTQx@*-Lzj&KgvGWni<-W^=^7(dH_3dIxOCe;iqJ7<f`)l(+>9K6y{
z&iaI$G`S&JD)IfQX)=_E=S*yi9oqNj=)f>!#aduAMb_tVz4_#uws1pfAU=OhJM<==
zXZK7!^#hIhMa>)22!1Eee$4MfhqjDVNW>^RJf%u<N}cD*EpossH1kLF${x9qS)S@T
zBcBK;?Jqm&psDpkMK6B(g8?Z+gUi(wzd8}g#EGKNC56&sui>VUB7tFR@uokepMTLP
zpjfk;lGdkpyb<D(Tz2X7IH*TM!9S?in}1^(z9(;*DHJ+74d~Aptt&S!EeG<7RA2CD
zO3tP8XIk}{egAt~#o>&)w`bIrl*f!1mTffwHHQ7+=PKh-eciM-j4IQI;4Yv+zQZr9
zIJu75Ey9^dXeBV=(AykNk^BwvFAb8J?MhD6uKlT4F-FVE-V6Q&p{YQVlD-5RuCujn
zEs#J)#HW__lU!sHtJuyXF8@yC20J1*<VuoqK5eI~8_f^YYF<L?OCMW}!tNYx%k>*k
z!jE?wHEOab$vZ5hmdA}ZU|)Y0(IC^~Nt50STv12*CKS3;yGQ7J4naS7A$b^<_BFJ)
z$K;NUmdirx7dF@Ep-bSZoGs1ygzc~Q=gn1@WdpYaW5m*@`#v<dytzbOFt)HrOUXgT
z+nG9C`?HY?Dfiag;{;F{wfDL7U^N$X&6fz1Ed@EdPvoWj-6hNOt_S5WRB3P{&34&o
zJi5~_ffiQ{VC4OcjJ)7mEjR^t^O9at%?yhB*hu6q1|6`;zD;wM{2$##zwtYRgCv_b
zrD!90GVvC&=;MX#>EZu((zQ%}RTvf8^OKUvP061~d5l^HNA`PdxB9!%4!$88yN{b{
z*P)DO-B$%)(p|c@Z`p>sOqwsQ0UwG9jv#sd%Y5>hQB6A;4S*E9Ea~TIggfv@t4@A!
zf)pxIjp1nM0dEZDrosut<|9`O???IpBPahDUI*W#7^Jz<Qoiq(v-<7i1z5P41q=}u
zKm6?~-OSuEP!Ces?ZMx3>EvYwI-t0>xxZ^BT_iA7dbbaegZ19~(@asZM6GJIaEpQ}
z`7JbTIoMox*-f|m_oSv*c<cOtH-#9p6L=E1ia%C~L2ZtKdiMqW(zjq^@4HC+^Gkc!
zeL%Olyv<5JjDzS5P4Qh~FDVZgS!5-=Y}fk&%=?9<!r&+}(p#qV;@yPQ`Rig&C%Ux7
zFxA8q#H?Z>WOy<uZfGGwSKvEa3iW37yFQFywobFmJ11E`xMX$x-gy+rh^h%3M_=#B
zFUL8*yU)5%?>8amrH><T;+rQ|G+jT&sN2FfMoN~y^VzIGbp2xw!J2<%QRd_KLuFCw
zW_O=S3=iO%r_U9lJ}dzt5q#z7B^hH-IECRoO=v-U4d$ab$4}v%y?SyN>17*T(dcf1
zQCXR9{dD@BL|6@zzo`{t;~wLA0*R8~t8jZBsV+M;hjq8z-_AD>k?t)2Rw7FneO<=5
zew613JoRP&GhC$TlzzW5BufD%ipOzq69_EHJ3bdOA6~ARNY2W>^A0W?tI=GHW2s_H
zITqR)sq_2$M2dag`48`ywbq5X4P&<ZS%xOw`eG-9zqs>@{fIUA{zps6?2yR;k@G7z
z2T9<a8Kg(Hiyes%pB~cS@)3H=MePhp-NA!!P-JSvvB`@`?R74%C-dGMcS=Qlr=z(Z
z!R6|$y@fYyhmOpf_%T;|eU-HL7)T)Y39Loc$2p$X?**olc&XL8wp`|)d*<-SN}{v3
za5AMQCw#>Ao_`{VH%^+z{n<6*-0rxejW+F=p03F)dId_+!L<vfj`srYE5a|bdV8bM
z@wt%jm=!igey1INy$ZKPKYn8}lMkkIcbHdW?V-)T&vubNSD{K)P06ZTnuTQWXZ!uN
zzoC<c41)2ki!A+5XjJ7AGz+u>(Z_>p+q=%^I97RML+)W(7iAwV8Fc6Z{fWKFVw*GW
zbve9-v+vtoyXPOSepN4I&~;#9&Djl3lUx|b=FcTVc)cn6t<4S487QHgwO+sK!LE4E
zgE%q2)9>9vFny&1IHAMz@ua_4vu~$>%5aQu!<kVBy@&@ra_39r=Oz1g1tlQiR{E&V
z?$uX*55KC))A{3=s&`zm>aalfN*8({8p~t#QlIo|dxA=aZflDMGh}zc<_=6W00oZk
z=v1{5(Ryzm5poDXf2029;|*a(;Mg)C-8b%{c@AF6Pbn5A96rwyUljVA{z?y@3qq!5
zh=<H&T#I})3nmD4SWAz#<wun09C<KKJG+ieGs&+ZMeh3Sh$RFFV@c<@{BTyj>N#8^
zKMD#5>quGjeT?=}xae=mSPR(?!b8Q;v4h-YXA>)V$+E5)tWCG)vO=kH_6}OCbMi@e
z$uPGYPR|#A0NkSDnq;?h+wlZ*O6mzyIeFa+a!C)22W@J&V8pE)cie-oElR$V?tfsm
zXtoi$kUQg>@LNMt77MQk6GNk_;`0o8l~oFz)VH}E<YTz1FIZQ;qtXNZgWUB&`B+f5
zfWb9C&d-&3DY*h`GIK;ItNiS3GH=b8ycaJ{vx`k1(7+6{bw)bej=@!~VWNbbi>Cot
zaz4L}GfvU>av6S>%+xnAAfeLqBk?z64mWuxn@@aZY3<+FJ1&zPG)HvU`pmn~FHq6L
z;BgPLhbwPhp*xo-C|(cM(7KoDVg3rryklCHj?@QOJ1t+;Q!E&Z#+)<PDTtE+xu6?5
zYtEs}i|}4*mK^Diz;NgB)Ep-mc^j`cn>|ewJ|~Q8a9Y6@ysJp^?^vLPrsAQ>gup*5
z=k;il`v^Z5?|i$FO2vFLEr=Y3PMg~?VCZnfqa^j3Hrz+=4|v8wYf8QA#6OBn5IBq1
zd23hR{a~VFo+^M;`;gctb3_IRfI{X7<U<BJ1N%uaO35R;eV*ufJt)_c1>a8;nqY@D
z9v*G~8{hL>-08rSco`;C4%&weqUl9*L)=vjd*25dJaFHxaXQHuozXo#8PQ?qy<Zbq
zJ)mm>%oF7xX=A8PJvPLPv*MQl-QzKnODJ$MUN|R*)tM(UP5Q@O*&NwdHZ|=(mac0{
zRV9f25>en0P!!2Q0pBDGf|9|nzneLCtvPeXjL=<OUA4n;P|9ITv|k346DV10<01c#
zDB5^&591-6IV<Dt0<}rn_Xib4p?T$a(<v|isDpoc$(kZGsbRMro!9y&zRrEbPSmd<
z*RT~E`+2Cyhw2?~x-MEIhU167zF%7RE_*cBKi~5(miId{Z4!RS!d|OVik!CmsZGx3
zPkpnBbKpW4EQh1KpKOk1D8BIsw<Ldyez@EjGBxM#{YsHfd^zX*OXvd5c<bFCjui9<
z7mA^y(}KsU@X2hW2#%+7Em1(tj!uv6*CNNsRr@`LGjfqnQ@%W!zheI}Lnk6XIR-MW
z!3i}dC>!ldz%d@hudAJzZ@ye^E(9Gj7p9wde@nVYAsl?KpM8vB*^+FMpki5gZc6ui
z1^cKN=1+aeuenX34}e{!{{bp!r18j7IkB8r`Blt>dSU(~x_Z=oC|*#J@7G4~?3a%^
z$%m^9g+3>1=<R^RdWag4tBKHD*l)871S;}Wb(LEE9<VnWN5l^49Q_*pES|tP!!5WF
z%L%<wkmlg5S+(*@x$m!IHcpw(d|_zT3DaxH9AqJbeV^S%LrL6BcLIWd9Bu1n+d2xy
z3b~~j_E^dZUPp8u9es^3pCBj@s1PWA(&jvtMkxnj_>keAVNz%Cf{^te;qOVIXQCO0
zm@03+y6A+Lg(|TlSEWTey)8XF+q}SkO7ry<FUv-kjvLkUUJzjcue^25Zy(*V%!7{g
z3s;)&4mc)>1@qPaUB6<ug+KSYV6>w3eSop<2~)*=`#eaQ<SwzGw8sYaALAZknSG)8
z^_x)I+<cR}eXj^A$+?X#x*@^YPR@kMKJ~5L{Wd;!-?dX(rN%_ZWe(Yp?)=c9?C5vo
zHT5|_h`Rd88H8%li`okfZPNBCEg{!FW%-42D`9rMEncl2$miz?f<J>0z4y7vpFvFo
zBNjthX_*{{Dczz--9BpsCgll63*GZ1s|r7>Sp@dXemQSzrIr{$QhXrG$W5PO%xnAi
z{sb9tXb;JhUqut&m^YjS__ExiH@9EEUAvJYV-YRnB0M9LYG^WhRrElMPC{Gs;gPn`
z|5e4!U=P`^r2jg*cp>neuZ(z~EB7pf;vtdL^RZ+}I)Z25GwUue!vu0L{WwvjKO4P_
z&gpQ@oUg+|lIu{->PsU<;gH_pPx9NNtzQ<CAhUq6Jm4vRRJ2Y`Qs}h3d$h@0kpxav
zhs5W(?XCo<#+!c6%$2Z~9Y6c|g6xm@Y4CzS?~@KB-__~Ef}*JE8kKE!%2M_)zIY;j
zU&6`~;QQugRb!!X$plIH<*Tqbh<7_uBYe5E+v^7SQT+P!Q)4Lh+lhObUU0{S6}3Oz
zg@A9?<1rW)W1@gjGbpi~@B-l!Pt65GuQ`ZS-JMZmQ-%}UKthy;{8r%C$6nm!f0e{L
ze&K$RFI`9Sn_XcUhvnTc7Ju7&<%#yV2Nrib<uzv*0sED1&c2%9rBFPzu4gDc_@nL-
zYtlx2y4+>%Yp)RB!*dd%<$^ObRID(kseJ~r0;U_c=MZW7!5s>g;@Jz2Dh=HY7tZNf
zk=NmvZtwm!XJO!}^<6labo8MNfCMk)@Aj)D@#G$~SUFrXi85|{+5{I^70qI)d<41R
zBkJAmc@uNY&Y&>MN-Hwc`FjzOj_fOV%5Sfe>j<3tpda?>2XmDwP~WrtCf_mt9-1#4
zQBoLcs9{^R?&BqKz-#&<>Og%ww4U4@1FS&j$HZJ@eSXEJeKW4}DI<OD@MZ2VG7Dc0
z=^d2piPjFloYy}&*O7LQA8AOZ<j-62I|t3_gCO&)Px@_nzf0>r(6(QZJgv}|!KUxt
zgAxxALu#M7pNxR32tPGEg5-W-9mw)PF;R~D96$n@nm3Hx_!pUjdwlbnO?B_=_Oae8
zykt@)Ny@l#X#1tV$gU%@OL2-pPUR1ftmvf!jJr`Rx;hnw(_>vPMqawQY8;N<g}qP?
zI3ybN7VPmh(~tliVC+3~(zD4k#v8nMASA$^o2#2p0k_69xPP06HyTd#>w7SNnsT|_
zp>hfMETcc`S%;8{CAnu5Q|$E#1*P8`if}0cJ?k#X9#^#l&9E=~>i4l6hJa79<r9{-
zYdKGT0f(m><fl(pI(9wrNN&H+9y9^WzJtn`5wNJ4y4z>x9xIwuKx;KQf9awh{rPai
zeOG-fbF*yV&3J6*6Lr3-XLncw)x&BbDGXQ8_lp-0{Y_{fd`(}6^T!P`^-%bPHysEl
zL8(7aG|H;84{49m)m=WF_&x4*Jhg9$<`01IKO4EnOoGwH`+J~M8_qgp53_4wW?{_s
zb5-FwI#IRb9u&BGXpJ0qhx=s?%%}LNlZgVVlIqO2Or5|p*aO1l1(gh=D@#=g!^Pj~
zMS|4zBlf>H-y4Vf9&^aY<w?+lL>*#I@UIKJ>2l-orR0h+<=JDeucCHy-!<V`=~BJp
zTzs?scuLOt#P6z`w++Vi6;^>UIy*))8o&EgxA$kUSlG2oDLeBZ&Olc87@4J&Asrc<
zc`<GtK$;E6PNjZS25!uTX7es$d&glvyc;xYjT}s09N;nVao^AebQ^wZS!=4XdP1!|
z-%_S|Y4m5mZlW3GYuF&=BCG5!v#fmHbC%z64)-anh1=P<qVe=mbyDFSmeNo>>d;fM
zA%T4NEXszWb2G!!?Nj}NuM$4J@5P$ukvoRPnSOiW;oXZVdDyPA4vG8*S(6eFsj-OW
zXnL-6W`Oq?;_UJ~+&@+9=bxS@c&G-7He*;cr1jK^#A|emtSgE;m??((n_iYvPP{$>
zP~f+LK@LjI$MG!BW8C<!m(Bv*m*Q$YJH}#1_cBUHF}uO0U88t)XyL{BJda#<J3ctm
z1%wmrxRY#OTl$>#u(?Y-46*RQITz7#uTNp0uF1m{@3~Akn(|Xk3hBS39>doA@j3)O
zKMzGE%pp4x%k6u*JhzjtcH)Q1zBBV!A~d>!2E>6!-iWv=`&t754CPl3QslI#fR?(W
zv*3d>7Jz8`@KU0u^q~J7f{%4noS?KENC^jbuSM?<5K4};XYbJdy_moI)%Lui=Ii7}
zG1!%0w5VLb61yBJwdAy#JUTYB!)N<T>Ti52qxY;rzVxdF_XqYxfYmIy4VUKIH1yvK
ziLFV%W%~fYnNMP>RS2POP}iLIYL9w6K7LHhs?!Ul`BoA<ku2161ij^l{_-XAl*)Hu
zIqAf#N)8(oTME9{SE>)E>FDX4e%Gqq=TsW9Cww-)?KcV`zHuW-E^wGWUWl*O&;s0U
zmPd3ESJvHCeD<_cPx<n7v)v3R{7Gi*QYAyxAV!u+`8@j~iYW~PxAhgmq-1mY3cm;p
zWb<~(E%oG^cLL2ScY3}!xM@Kge7Kyfj4UYnmrQS|C*BXgC>}Z1lMht5$nv07?x<^i
zH=*G(YS#QIA9DZK^pt2DJ}Z^B!aI?<93J=jScuI+x8po+Xcl_IpYQ0Rx5T3$45Hlo
znoD!(gc$P+<Xx4Tf6Yn25kog|8SIZ|+aF;(Y?&^P-{St6d*e@1(;J8@_xK$4NPpUw
z@}|DH-UFShUGx&akvO$Ywbpl|i6jR`?Y{@yO(&{isq44B6leJjBOArvD<JBHwjMVX
z@>JXh95d{^U>iRrC~W|SfnPOrG(zf;*;96W-Hj?Zu}DIc7Yg54|MSC@hF#2~kF%@y
zl&N&Nkl_Uw2*FW8=Pr_Amwfa7smS8-7@O*sLD>E?c_>tjaEOU=auDA+(3(<g3@*ED
zXa{|$AcL+?s(!J#m7*mm=4%|N70o3xGp&;w!WDVi<3!-O_pL{HiA!HHTxT89di*IN
z9lp=Kl(Z)!k>Ov+y5uFog*`ZtKgcE%+YJ)*HUt6g!^?dn#W(+IPx8Qx(c3PxUwIGF
zXG5)t0S%OyzUR9aU4{4E@y32GhZ~)?9X7G?UJbk#S;0&t;E5lF!)=&4;6DZX0^7Dx
zTKZ)Y52=D|i?u7Ki2?1qj{Bw+Z1Py?OO9phC_aF@-^;0lU$Ys(eU=uF&3+9ew{e(t
z&@QLTenpHcDj%Eni<3<aAC67MVfF37S<GbU5$(m8eR>vMm5NT)nZCM@e@xD=4TwY<
zCoG>X#C_%~xkcK-LxRW$tD)_y{Kovae0lA==M?@MET_k=11#SuB^b$v!x){gYg@eD
z!uv>H+3)C-PnA#;xABp?D_#wuKeBM;-*~L7kH0;<JHjT660B0f;Pn~mw?bL_4sg5w
zE*0nwo@yppP_4q^y@wS&8Vv*2d@7~K5bVcYFF;tno^%F`&V3J&-KRf{`*Y2F1VRB+
z8LHEiFDcBi`@65h5}5A;m0zV<$=kLddiMIKFR0!CcQA-|2WK;vKe58J=*tqQdzXbM
zE^V`b;o*-bi1=uWJrDQuDi>~&narz&+;(GMLp$zLD>GBh)M<+SQ)br`(G9+#AWxUs
z;!K#)kJ?^%vWS>`VT<@~AK3Ou{mF<E_f$eMZwXE5)lQ*Ro+TY0u2B9FIhT}H?`sk9
zr<;1ioiox6DIy^@%C+BNqke}Y@fEZ(G8I@0GgD|55KYOm<<DH{2Exnb1z_gm3WImy
zb$EPahpf9Ap5aF^2bSH9x{c=Mt8@^KRb3b7Bp&m$gKJCBs0W@$-tPVohd<|ix{GLA
z7qyaa0N<WtnzhvYaWuFZ-4p;CjE9$x9NcOpiWnp~ioxRZJU(CJ*$X~?_=PjgCzh_t
zX*>Ag?WWmh@dJCYhP)cf0Rk1;>-rP=Xs><0F8gm`sep9i6jwhFzgFRSD{2);$~2r%
z&o=!tHFsa?t5$;pYr%h7zT}?_UPy-rcRaxQs>hA*9t4wv-1G<FMb1zC5e(*u6Z$z2
z_R7c6!7uz6RlW$9K2bi$C^|$z;fNJv;`<-=VXcu2XmUJe;A7eO90)y_!gviwrqE>8
zVbiqFZQ0xIghLwx>pky1h&oqniR0Hk>o~4^f9^cvj>&LmLMzGo#TmFCA?X+o#GSN=
z+w4BU_`X>$6OM|k8BG^^e1C<<hcLq{l;u<2Kl3V(-n_^Ek@XB6s!}h`<!3!1_knS*
z)hkL`hfY7uXZErNZ};&__fyGiS1%V5QwbIzzIlGBcbJ$of5h|yk*Lu#<iWe5Dhd)#
z1UA9G(8MpS-iilxn1qgsK~~?}Xv1UD`aw8kc4qMVfAluuZPe3Pgr`$sJE=X@=ZDJK
zAWB10?IA%k`u=)pK0LI3+Vad)(8!<qo-@LkdUOxX;MN~@vPh*qH|8v;zpVT$e%__@
zrQ#TNU;UorncB4YQo{ZhH{lRu1D~Or1QFp_qfZF;1?`oodm$w*i5NLs_ATEDA6j5!
zKj&BAT13J~$8T$oPgqtj@BW$GTn~Dc6wUJ&_VMG4BYDFzb1yCPT~B3ozOf!z(}8m@
z_<b!k_JBYSd*1weZNktmN1w3u+=rHFBDlPGy#C}{hsbb{Y0Z1(q!#P(=sm=N2P{AC
z8SGZW=jjBsFL5GZPY27Q-uR@4vUm<|V_4sDsnkrSyeUXn8mL_Znt%8>gWS5?D7i$n
zhR5^XBy{fSnI5z|^F7j)EUoYe000_V4Q>VdFLcu0`>FUbzTACWgbm4b4*3nP^H%~!
z-Xroqg>mm@MvDRVQJ2Rjth=~Yd_|5Rqrp1gPqFFv21_*LjT_j<X0QMzbh&kO>!~j<
zOdzhw5oIj*b9S<65tAujP4LOwiOb+sR_Wk~@%`#78$O+ETYd{d-oN&e_QW|j!1SYU
zYz6L=aMnRwl=6A{2VfBb$QPP?Y(miHrSOaKe&w*vo=n2q?DWwZ=$h<XIs9x&Rb0}+
zYNmjxN#Pn_D>py=(qY()w(2&nIQ(t{&p+>i>|E>OCqrnMuYwew8)XHl|2?2$fsy?B
z*`SrOco+kd&f2#FFmKIOjLctWN8>b+QOqP_!QOuQ^S*F8=85DE=Ds*tx;~4yqSw^K
z?v%F6u^s<Vkajkro>Ss`NwN*dY=1{A9U~{kc(^&`PTZFA+chtfcNB^NRK)hy!rd)_
z#Lkoh=ARUFlglLKq%3-EDo3%qO~<H%%VIqUx&MG_4+wqeQM*wOc;=u@wM0gRZ5%5P
z4t_Y)I)1ixv#4!oIB~#<407#s;^BZk5A<NY7kFDffWjNaP;%gGjnCv{FDw}j97B*w
zk3I+yd0N>7dP!NnmxugkV#ZF<y;Is_tRP!(A6#69<Gw}reRz>Ub!-m2=a}`uPsXBK
zhE-(`G1c25*7)BMrHK*tlM`+Jo)BT08zKGB!H0)2aVjUOWBkToIL5&Z$e8O&sY3SB
z4EZiyeZo<PN7Y?!={n_O5Z$5-@?DJ}pVRq0#yAr9srvS#H?3t;>+TTMsqx(uR9MEM
zv-f#GFH?tr1<Sh|cL8ycyaHrxlYhd3zy2m(q#V&waZBz1UnHs8+b7?znd+;1=#)Ju
zI_lx@EVC$teZwczX4EYK{5i6WkDe%FzK-d(QDMX;;bn%Bnm|w>F-|iSoM$2{M56#P
z_456=;|*G(Yxt`!F!fjqmj=LRdr;Ant^9-WvOdv6CthciUUL$T9LE=X<s#;THbPC+
zG+6$>P$3>rnJd!oh$1F`@o#5^F1Z2gB&xP&yW9~g;6-7$cGP)U{0nDuqn>H1edZv$
zY#9ZAe+S_@_b*(a@zI|rWUR{L#<i~|^u{LFPE;XlLwL%*eevycB`v2X@{+*cx3d+~
ze;AeAXF>jPU7|rgEt%W(EHS0@TTjpu|5>-oj2!V&K%k9bE`_DHSNH2Y?U5L%@8Uwd
zk_)uuDnVA)_?(Yh2DYew0u~2bus0Xeb2ER7wRMH~y%#DcZ=0;ZudMrf-(+9HR8Q%*
z53vsOSDc*g#i08|Q47?Z-!%I<L!A}!PtxXO#${jV71YI^LJDQ~!&GUtc{V|83|NRc
zw|k}<<T=C7sR(6-0=a|I`w>9h0P9!&K$%Zdepdt|mKv4JJGMFh5<>KVr1wk`(EEva
z;q;)lFRjH|%r%6U48ua|);s><z5e>|!qQ*&q@$N=HfC;qE@Z@Uo|)&LZ-P1ghH2J6
zpVGG5BNX-lh#S_)7_k1r<MBn6*v6s7cb#Q<Hs1XqBJyUvgUbcQtVLro6NV;x0@OdI
zfWO@D5f|*^xg9QyvQO1dv`_Lq^JL0?1c`31tt;OT8tmp-QOmAU$TnSj!(3?*L`Ant
z%d36jK7$1X;2~-*FAjtlIbVFd$DJV*UH$^sdZKdWD67*sdrWoG-TYISYqNAq$D#VF
z^J(nx^v~NrsJljp<WR?~AYa^*e_?%4wDH>_)sPfK_~&u`YY@BHM_V<QMJ@6DXhNQZ
zTM7*h_;)(}iraRV-dy)#bMPK})W#Cx@>L(Dq|3!=M57aL>c77zPL^7=IP^Yp#;YZD
z^<D3O6WeLeop-4;XKl~?)F2+CiFY2rFOa_wgdG?lodQq3F9+VF6SLNH*TglH((X`?
z(Z~8J;V+WVFLG~UY<}NLw`FkTomZlSw{jRwpG)fu*B?q&my^Dc39(SH>uX^q@)%m5
z+&(R>NU9!f>H)_Q!4T5pAh-YXIJc`1L{1=|Cu)*Q-1%@@y83x=zSVC#^=9(RlbDpi
zPl1H|5&93dSVxk!6<q(`Dr>*KGYkW%+Db3+9-r~`@DXCmZt9OkhhAsC#0!G5AX@IL
z3_CvVeUQI>@qRz!gHd%8Zy#-%r1{O(P|N5^x_JZ#LVdMAE<Td%EUVlP)<FDMs)Q$B
z#W2-&%6slaA@TjRP|^Fg$u3W<#ON<dB!Po%Y4W#k&OrTyVXU`aU`e!>IBFHL$j$m#
z%hTrx#gF%dOy#@pZ3on;U0iFN9|*8;NA(Ju$-%gbiWA|kAewoAa@$~ybF<x!!S~}l
zJV(^<*s4XK3%vIsg<=ha1nN_JWY5~Ep2d~{R`LNYpnRFd?cP0SQX6Jio4KS$-u&;R
zM;g#y2OkcmxBzAKxISX=u|}v}9G#3T^WjH3mUuu_9t}iF1Jtk}r;S^sa!SwVP{$Qe
zrpGm!_W<HF_Q5<q%4w;hx9r@vns#32r?J9~2Zx7egehMukS_3FE~2k=J%gGK)Cv!`
zVxBz(?ylJ+2;XMfpAkO{4lJL$xD1{wP*9P+oB)JQ5FUsJU`<#AB}ckS*-=8~;PW3M
zO`(E`d+i3&i25|Hbk5|logD;t(b<`=Shx3TY&Mls>YNosCBhwShlsdKU_b|DzCEvY
zlGCAZ72Q6&T&Bvemw+5Bu#I==W^kE>*YjBh2WMX&ZGO94yCb(x!D7eUDHJ(b&nmX|
zMOKop+;bIKFL}XTEwkb}$VLETqv+eGH}xgIS2s@WGr{dmet8%nRBH;@VQSD%iGF+D
z1>Y(;-B$S#4!A{qoU7XTwnMqX#}d!!Dq)#=K#K?u{u3|mB_ZL+h@ZH^@MjR05)7w+
zI=tFu4`TZfLNk4V3~v*BMs1_z=0u*XpAJDj3%b8Qf8?Bzdav>Y?Y7_rS3nDRk=ew0
z279FSbh#i_;GIyhjis)%82MnIp3moIY%w}wqPU!=3Ic$J$@m^@sg9j#CEekhRRR1%
zm&Yujq<&!c)1y_lKECqno}(-#9mAP&HrvV$!3P2wW?eaX#09ekvknsi2%>PG;G_PD
z&dfgCNGC>WOE2^*$l}T%d-7SWzia!gDR_rNOiB0=wDig=HIIo>*?T(fH-HydHKhE<
z$u0Y+sXT}Xhj-hY2d#2cHMxcf&m((3phY8RB%v11$ImjDCsb9=#E1RyM@S7HsQ7zK
ztDrhv57{k-X~gq^(tGf&AQ4%4Vat8ObG(|?xaTEfMqiBke7E@^uOEV40n4T5_$~sP
zs4f!?!w=kC*W}eQ_VN=1!5bLtwDj%9Tk5K#?@)VI)YopqNk*Q}hOViQ6=%NIQnb{Y
zAH&EF;?h`~a1ZfHhy_UTy8Wa3_7y|@hyN>Po=CvDe@ExxCwKi#1oRu-7uytt#ek?J
zH58AM<S6p3Z6cwq(VU!#`3k!2Q76OcYhJT(C~iUY#E~msxN8;)p`0%uZSA#5asEj{
znNpC!qUCw5(_iYj&CAd7Jt9-X%dhgl<2kyRtyH{hI8X@yu?t3m0@(}1FNNZdTD5QB
zgNTB@S;_ixRaBSTjdMTPGWo-<ysKE``6_c`yMq$c&zIYtv~|)!NGZN|JZykHDSp%=
zlXR~k_?xqeIGPUsa`7lsJG|bFiWL2G*p)ie^VLk$H?%RJq_~P}XgT071Big&rp3|u
z5F`6jj$H*eWc<<HgC)~aW2pS@!LOGI{%t@^o`tfpAgK9++U2_EKew{Z)2DL(L{gjP
z(0^KKg=6&^@{F(;{V7uUNZIxKoNUj$1`zO`o`+}7+4q!dAqveF$-@`!6vU$EhSBoq
z1MNz@Ellvj+w*;+?pX(Mn(4{bXG^=aqys%D9-GCOtt0ZmX;nXVm#|-1^ZLQ-W~@}O
ze7qGcEYD&rL(Cbf3VXKn8+`(0o?M*ObH0j1`jIk%`Lv5)0GfI{4&r@(gLs{f=lf6I
z79Zp|h4Hz4L38Gzk}f+wP`We@^voxZf%2I_ahR#fL)QrQncYr+C+5Lz5Nd{6f9Jlb
zY`DM5o_t|0_DQDGxzk3PNuCeka5e+xWq%^qr8~PmGO}pedYDo@b@@fl7BD*tJ_Loa
zSVr8x_Ou3c!!UiqUYP3uXoV94MC{x@j*#`+uh_TV<MMnhXD||0#;8$rFoT&)bW1hJ
zqk9XUq*Xs5ppbnTPG1UV!2nn8im-MfJdoYd-xnGXe$A+&cx_MVpzC^W;eq)?*E)nS
zIqfsIFwk%2J*|A}%!Gt-v4}_J)sg98vwqA1XjQ<d;-v}a72Z1Xhr4vBrc~V_7YdS3
z_bjzgjj;>3W=>BX_s;ztM4>cq*tWte)Q&y93x1|}tEB?~P$Mxb(J-<Zx>yX`E1C6W
zo)Zem#rBG(AoM2~XUslg&49YGrQB<>O6AXAJszT0Kug#@`W_Hs!iSu$?aUXqzH<2a
zd3vN+qAzDgQk^)TzGE(DGub(J$8I;#i6%@4=}zi#WtJT%gRJi)B15RgLV>F}En}on
zbgEZ9SgL!dV3OCqnI@T<NB%7(%>x@5F$@?emjF}ogAsPPitf|X)3%XSR@rAU^;>q{
zJ~Ue6@DAJifXn;f_ypiI6;O(L@BJF|WGA>xeZS#Nc&W+#!vtsjXljq|;??7|DdY-7
z#6re0e^b}OlY<j%WKUYsf1BF5;T>|ra0t$X_9XmbO2dkiAId*{{vqm8?5{_u^08_v
zzc=^F=rQlmfo;+4-S;Keu22Eg$hwBuj-TeG5a+YYCibgj4(xcX5~5>8ubLN|Ie*UA
z3g!tqx7tvrKgZvwmkV%iI32sg;;}wO2R4r3z05gPy6f3_`AOjM-BXvUbMH3avp?)4
z?ADg|$h8H))x7Ga*C+G)F=t5mU!*|T4)>Gga<9+`pn0zzFCj3&N7lLy>o2?<E@@q%
zwt2tN%*$U{@CUFY-J<omuS1RVTONxRwj*Y5vBxhhL3U{vDNRAQWqYXM(-qDb1m6_i
zkR#hn?Jd+S0oybACfM*<r!o}fXz@F&>oD>MUVp%KY*uLcKz_*6aHTBXyKD2l%ONU)
zKnVe#3&pz%dNLZ-`I>+h6^w2s(L}{gIxkAi@XV738nm-`_beOE*nFkq>lVMf6N5t}
z`o@d?GG?i)0B=sB@N5w-%Dnt)OT2aZ1je2qk4~kLnH&lzZZkUj(MO8klWH4EWU~1L
zP0qA)ydi-46>7zdH-ApzauOboqJ4isFezzx*`Cpsn;<fp^6ObElYLDqO;LwCRlt)^
z=k=U7hkj(|Ca)|sK1Il#HTgxxIF;B1N?KkNCl8+3+_T;fj*~&W`sU6&wsA^R?St%C
zTnofh<u0oULtacH8(eKCXG<(ZCSxVUU;9#YORgM<cn+iQ3&QY~1LP}r)pM6K;K8s`
zz`YTOhKML&*YTkA*Oq%eX4*KhW^g&OAs@ufp2F#pq4uIMUg)K|J<bVJ%la-tC($DX
zxgxwiSezGGp|q^Y?|iL<9(sR<Gl6xrN8Z<62Z}Ae23`odv@nOB!vKA1eYHaw$qEW6
z^z-oXg-4by&kj-ePX%R^E}Dz}j3u9<Gq?8@Otah`&{b?no!G}-{#-ppjC+qD@u;yY
z3QM*Rf(`!fIFrsFe{GX!k6iFus3hu^J}o8OCY{_EtzP}e3a>CN-*chw5q^LcytCK{
zrmojpexnoeH9mXe7H{qpjIrl#ORtzqFkF#RC=&Z%bcL<$s@v1@AWUQx7IUQFp48LV
z521B$LDw;TuvKX&B>**AK~pqa{+zq<%)MF{pfv=)Wsfdl#j4wTq>+#r!`tc&#l!nq
z4xZt@q_BZdu=na4T_<t@Bk9oh`NJ}_E_Q-q{Fb*HMwukqSc`usPvtCNGOAuc-$4R*
zePVHR-oAu)PXzAQ==%OGZ*Km5oq$X7B;_XkaSgQ-e}!XoMnk~Hw1C})exC?Nf1vL}
z<a~--D-VwWp)O#CfM$w2ZS8F$vBjq!oNb&kjuOI1!0?&m^Q8L?2mND#Wc6x={vP&7
zKP&7+abImAB&lWwA4@UBxuGYzAKsBksiB5@JGx^{MTIlWCZtpGa-H`hK#-S$dvGrJ
zWNpbk7^zknXo*>UL#VwbM#Dpl);NfkFMj!_a0EV<a!ITfeoGU1#aNxKYvp7Y?m-Yy
zH$`D3_)2%K#t@a*P{<wCy`0vVJXQK0^BbSH1jlRS%qJF!7pc4OE$Z8~e4JPd#$!nk
zu=FkS8v1#&zY5U47iX1Z7&Wl0S^SR5+n&}85-1a}nu)T{7b&)XH;vk7v7x#P>EJ$Z
zK6;<fz_4L?F6e79KUn?+(7BI#Kz($gSZyj8=a_Bq?;P>UgSH8MO($2I3UX{N_kOLE
zxBRl#>ZCmf1JY^)eT&7Gi@|-$1_$3*fK>p88*doFotVFJ8~mEV5FC-sGUMsB&oJW@
zLnEbr$#uRGwH>&2eWOn~l?JA@vjdbzhVP;5!6x-LgM8N5{JqI1MW!v4dlq(Bc(?~O
z<1p_^_mWZ0Gi%(bZF#w1y+n1iXXE{m@8J?hFS|zn{5AGa#MSQ09W@h@GUf)pDKu%n
z$t!U7iQZq$rf7flk<OmxM2nuI9M1spJ+rHhnh5wf_wgPMd!@j2U1fX+{8r@F;oGTW
z=WcE3k^#hRT)8GTG3QI;5akZBrwzwCyJ=%y&Zl@(Ci+iK>362^2z=Lvb1Jc@RpFKn
zeMdNENe+KQHDlOzl*X?`D`Z^R({+PolpZy&PRzmlUQXH`kCLhNgpbi2%*i3q^;O?6
z8>4fV^C!F^tSPNI2`sN|*-U$3c?Pd0n;MdW@8})^s|dWsG_5vNkPhA*^zg1_lOwx3
zxZz=R(O0NRb(iT!BHk%s1JX>N*;OMr?>I-}-I(l|bFg}8+qu(UmvA3}5Q2uX`rEc~
zS|utKnIYYh3;ou=_CB9wO{W}TsdY2Vd<g!0pJ8B$rgq)w6AxH|fUK7vPd=Har<8-R
zA~?=yJ}ODY?7wr@;i7XOGWz}b^c<8uf8st<2}BrhcQL}y8H%=83Y$wiV0vnr@PUv<
z|J8DeJele;(4!s&8_tllDi9qi;&4Bg+WlLf?Hn2$_bOVjdzs}+{-Bi(dhi#|xV`IZ
z@kp<j$;yei9}dZc9qf5KpP-U{6GwxW7~4Nti3(8@^-J#EKV@7*o}QkA*L|1+<sI7n
zvTUE9u%C#gV)moWhy*%XkcKFdx^CeBX<oty)4!wnN8CQ$Uva`E&{5l8yGUy|ijIG8
z=t7?8hU~OZoFCnaFL1I5{{cz4hfwhjwEpw}?uS%<AzimjoOw?a9kZgaJ;jrMj~HH(
zp;HmUyyqa|`?QE}dhj3OeryQMf7X4wP_R;s2mB_p?`>xB2UN_3OECVl{n!A*NhEtX
zE0V@s3^IQ+-+Uj;5xZYA-VmPvxbxJL9WvF1+1+iorP<fQAYR%PlK_SeLjHZF-slZ)
zX~k=$<APRTH+_QGnmL+Gn`=t%A%T{|Q*_LfhP;Irp@oNA2VQY@b5~I21W;%0G)d(+
z6$-Tp77b+jgNM$=wPULTkh+g~YTDmnw~|t9n{H^pZ0><bgKQ7GGLwBN`l9`Qhv79v
zzLmSe9*p|>@ArF~H|q9)Sg{kbpU;8$&QEqVX;#fj?J_O<HpH9Xvsk<t^?9xi8d`To
zw5N8;(<q7)b<&`HGb4N`!oJioRBD7dTxmW|NCNiI$#7f(#bmh@DFQA?>X$q*E~L2b
zc~;{HIBH26asDNCW<(>zAAdi}tLW1|go^dZc~Kz}=d@QQoEo!2vHSf3{?y(ygFS3!
zhP>1>Q5{fXP)rb?Zp}jg_y}W5B4aXV2#8yAsjK1P;X**G-xeZj;(5MpVUNjuo*SS6
z3%^I$d`RkP&ZykohgQ#*KaJl%^Gxw+dkIZO6OC-~%<>3fCfxr!??R1#<}0ysVQ!YR
zpN(VO@~`wD%_n=M(TCgTaz?I1x;M+Eq8<*=&*2CYt?nqvuga|NgYiD90Ib0rM0nLQ
z)M659in;yD8=LUl|HHo@D+&77^Wjw$##j%5H%Yu8Le*HEx31X(V6u|8Uo!ZKO~TD_
zIN)dt;VOWKiPz82Qp;xmBVK0LK~H`U{ZP^B+crAgUPN*CIg+~wnF7B&p~baiRIeo}
z%`K{Y2V7Ec9K@<4?Gs^GZ25ErS%~?RGwFnTVd*CoD+-V)v_pmLWQYAD6<`J&a2(F3
z^mg3dM4ov3=(q);6^?w)hr<mQ9+D;L{)~_w6Z+`g=)+ZTdng$C`{G+y{(f=oki>^8
zvR7PB5#QvzK+|c?^Y9qNdD>?nc;ZYt=FFdc4?oTMN;)S&BrhLXctc}Z_3|z2LU!O%
zVNuktu+Ya&UQA(?bbMkz#*D%I*&T!Wfwv@n0cwiVtB;`{C;zG8W2FC`g6gzK*r(y=
z{csu0wFA#?vLD6up=7Yiv&2uSPQgJ+3ZCQ4eW30_+{#Qs0bmcfEUmv}8>X!Dv0u})
zyR|~}1H)RI)mAJn+&+9E`koVb?ifO{>&D_D^{!zr+e0veU2qCiDEoVOBD(!qN=9K%
z9jcDquPT1}R`>&M2^ruA`&_f~nHBxl@=b2I1v@Gc+Q!y;j9LnHXM6BNsDC-~2j5)T
zr>G+T1d4C)R~Sxo1!Wh!Z1RA1B4_+1|Ms}|Aw>_*fF%`vlZR;$Ub(045vKn0p>H>z
zk@>2~8CWU4V2s2p0bq)U$=D~u^@ez<d}r8wr4y~c_irs3Q+|F$c~7FT16roN9V!;g
z#`e(fG3njn=z&i}jBc^kF_^ixAm>KqwO(@hTJiS>j!qHp0i4hOzUjc@HePwoj(eP{
zeVtF=bhdxZ{qAg!o-F&z_aqSLgnh&rB-UN7V!n7h?jd8hqIE3HEyW3KO+Mt>q(2%b
zvR`NkcD!V`%5t|3d5zUix)n!`BhGTpigorl)F$3fxBKT6J60Bdll6f;B@QhdHN>AI
zXdHi6=OiRoQ>5$px5mM)jikT_4}f%0v-wcg(D=;Fu_xJkbGY9Hjkvh!N#QSy2)3o<
z?-}iWDxaygD%#Zkx<|XOdQ~N8dJPB-d?YCjnrc_Ofe8PAHA4DWHn%?ZL&A&cyLSEb
zTzOTWyA2p*NO1o-50*$=cUuod)klB4(odjrww#)(qbTIC>a6ZX`PdU|{6NsqNIrW3
zd%qQ`Ges|JkvCzLZ}-0o{T=Yu#Lj<{uEGrL9ZJ9_Y$XZYqmcIDqYIT){Md9lV|pp1
zC)(5~Du9PeQHjea(We)`FUE2~^M{4w#Wn|qPPu&7peZ_wyA*}GQ|<Q<CGCNweb-+_
zH-Z44FXd%%0L&3C?|38|_BZPA@5k<6z|aMFU}_+2pieI>!F@|ybB~(xd=k$2#X+II
z-Xj;diu(yk^X-LLiocduFBbbO<i18X|N4FON04=TZ1aF9tq|*eDG(qP>61VIcuQZM
zUGCyTwQa%JpZ>~k;M-l_KZAbl*FF(}FWO4>xQ}Im!Mspb>-_N#L7G=Kxdbx}$QABo
zsC&-;9#62G#{_OWqWt1IeH3PUb0HUMo@B>>!iS9$uUIgt$A3Obyl*WR5BqlqK6B;h
z5I}u`j_h5;MhS)N|3Trp`OkN9M!5=m<lRSik;z7)(|b}Q%uX%F`^nb5IkYe~s>iv$
zuW-6H-&Mazd3Nc{LvD*X1PwCTLfW|<Ue+!hHR}|x#w>(iPItyvD!B1cayNu|;9}`3
z#c82b=aho)1St&&p+_W}$8wv69Hf>5?duPde(l5A^BlSAfs1b8=XD#KPkZ@{-R#rW
zTa>!nK8V52gvt&nK7>#GN=>f*jtWw!$M<RnU_m{-*gThb-sgs2m1SLfT76$m<FB;U
z-|_AY{O^#8-De!DvMoiZjo$bbaQWomyhP&e8bAA~QCNYLi9AE+vwz=+!|FdD-LO55
zc@5VEUM6JND(wO0;!1GU(9Nkh#A*O3a-2S#qh}`EqqhznK&E_$EV3TiKmXul1h9x8
zStScEEV&c(3!RVdJ`vbDv>i)}Wc%E*^jB}41|D};!Vr0x_V9%DGEXezE)V#d^c7He
z?KRbIbDKyDS$^y8#jE<yoU}wHU>%wPWFdq$3{;Hz*Lbhr>?3eVwWG~dPgLWa8so83
z(Az7UA@1BO5!F(27dI%6Ft;<XKMxPbrF2XJzs<$@n<5JIkd1ikeocxICBX)_Q>8_3
z7#?;9fTrX5f5M+{puKpYFzEY4tyVj_nSZLVZPX>{g+iW{12IW@uoxB|(u*=1EZK+0
zG^%0v6)u^hF4tIIX(D*AxwDypbRi39#9x43y2#<wl0*$mULJB#MKD(jI&)x;LBqL;
zW?R(`SxjZFS@P!ZzLgt~R8wN9x*E3nh)<KQU*S1%K!5fxwNQH5-?5?6#UfQsUJf!T
zt94wHt$ZtG{xvzwd`W=g>#tBq5W6Hd(~y~?gHo{xLj2c{?8lxyHO1$;cBJL{`I9)-
z>HC@W``fkzXG72w_HgFwT5DK+rSYkf9X}dNfm-GID?6fX-dCi^Z@*{_k##TyVSUM=
zS9YLn<w}4A73fg<5gP7vQ(l}1DCp}XjR7bvF9vF9sHF=LC~zl;mcJ}Wb-u(`hK<+e
zOZG9DQLB9S?^Ag=naO&Elgw&+;u-d*j#h(<%2-&s73a@&^Xcu)$syVE1wT3+r_=jR
zeuA={PWqbGPpr1Y=W(GEX}b6nn%M3`p46=Sn7#ebQ|$=7q|@uRY^5YNKXur3LX{?%
zY~yF<KHEJ`kUY8xn+^N;hJC^BZvU=(?t{rBUABhc-=y#Obv=7${}-!ma|e#>K6Ot}
z0G<)EJRXagzRi2VzHUAdPOC9KWtk&`xB$%}+3T=my+`qEQ+&ECu5<QP=`8XYQAm~!
zqlBXNnV^P4pQI>Pd=&FVUbiYxB;p}MG>4e|@9}arA&I7Op`*Ex+U;+6)ZQ!Qt;fOr
zz_~{$!K2ANg&McGh4ia8{I>M<1@o1!UM$T4EPQF}5^8JsFm^KzTb~{+B}=#0pdB@h
zZy`VQbh3qgTlQ5jl*d%O{$xi9x{5oxhCF1l>hbFr8Tvu1OI<js76~V3{k=WIaW+q%
z>f=;%XVefuc2s#PuOu%I-;PwJSOD|kC*7-nfN1F4Z!PxHdYi@e07-KKZn1v-Mg7;G
zr?p(vCm88J8&~Lk8>n?LO!u*b9>i`YEb0>073l;DyCwc1lH&6&RVi7d7MzjA4JXAo
zUXPK=(#K#ohE*I`DB>G9_tP?1&OLk3G@;C!mC>1px?}p>#~6g?8EE!EA56c%e$rBo
z9_j?iXL<*)g(3CHG(XrA{tULuf=|~8#|6#;{pcFZJ5kS-@&1PIT6Ya%El!2gRlvzj
zr)P<pKHeP*e8lqE9h&L!mD?L@3c>DeR%td&k6~0X(6_u}R*CB~#m>(#F?h-+h4%dL
zx<oIiysT4phPTQ0yPmi3>o91#uL{Y33AkXq^xFB8Rl1f6JgL{OW!wjE%0()wx1x#4
zTfv$ikUpStTa@p8kT36A{Vku+4sXU9`0=*T0F{KLe@$O{OlnS=-*iyX^V_KOkIU-?
z5V>3IiNZ^MhW>VbR(lR~eT#u9)O}uj0nMuu4tQKV=h*u$G{x+5^qfw>Lzd|rRCVIG
za#Q&4vwKS8k8xXG-Zq~{;f~53v+Vm)4y~|V7$qXkQLbJlVn0Pjwy$DxvAm&K$HGM*
zN2Q>-32>LnzUETjY8k4N*L6?nwwqDW(!oB%xCjRGuPZD>KrotaMFI?iK;+3I!8SL2
zqGtlI-nWvn0a0xKfO=$6YAyFQeM(l@@(hfE&%PMO!_jF}ik^k<HFxn>^XcDmcwvge
zfl|qhrlQNz?}44!!$wMKi3??8s690H=PY@}EfHyR5dgmv^)6jZ@e9WllI&|Vr@$aQ
z9P{cbpxy^!skUMnJWagG4*A4FL9MP|xSBIo5D5)O{gHf`SiPZQWj(uAzkQLG5?4q*
zdF`A*q*(ehwi@+Yv7(C%Q+lL9deB4%?qz84Pho<4pAEMAz4-bkSJ$P8#qLeV1u(k!
z=KA;K$(|x5_v24H0i>W`>wY^!>pLq4$;mnY`pQ<X4Q(DQVKsYPxh2x&`RCgGjoskI
z^0~TKiGHJ<*@_cWKwQ*&m&LoE4o7PG$n4ih@``>JRZ?mY*{Ju_+$2^^pUx6bC<?!D
z9rq39w`_cR4i7Y05YQ!+t^4r|d{Z>659X+k^Ch#!Rozo7)C}27KfIyykNGY!`O~_m
z$&-#$&T0=Dls=$luw_6&s1G$B2iSnPUbs`Ye5ur6N%vyd7Zi9R0FUN%cgD8t^zD>T
zCAT)P^i@G^U}7E=Y|cDL2S&be11}kh9i{M@OGg5DbuO!$*PAsN&n>{Thl_R22Fyh>
zWq7<@N^FKt-0J=rUA_TNOmggDq%*kjZmmY!g#1n#BV+|*f)dP?%%m$6igW8In{7}Q
z*cU*ThWv!t4dPS<JV}|ayXNLldTV{?hJl<2{nv)Kp!W?2qRwAMtJneh2kFPBFCH9V
zZR*M=#uC<_L4b8{YA3+(_nWEamA@ErFT4G1ojy1{1EG1<7re6zCv?6T?<8CWxLRiu
zV7^V2N8}{g;}O{$jJ41Grj1c>`v5dSv_@NSmc|66wQmS!mkLQ8kR4mUUZ#4!-`PM6
zPfv>P9uWnn(DF7x46MsKm41-|qgPHJ_^^SVlE&p5zlC#hoM|=4u9o9$`c>uY3vb^p
zZqqyMzEKA*wKFFv|H&^__~lLo6gi(?G0y<6JDmE5`Q0XPiMale`E2`Rhezl^1;De9
zwcI#Q*zAlBx5-D+aH{L=xsbai*BX^yV4XCZzH|w^5<b;spVtDFbV{+%zC1`!*2+fm
zIxH;b4zZoEpWw20MbIvm3oT$>?n4_ARMG*yxz~r7)qo5_w3F{|_)Ts<XPp`p-#z)a
zMVt}XSMX<S#rvj<X3z&Xn{2~%Hk;D)%jIK&&@iPi`Mfs@)60rWlEB=SsN`3(yntCd
zTq4ha*xyEikL8aiFl4toppB^TT65@(a&sG7BHE8{k{>4nLYu+x4c>f!d*s&qh_6$k
zPS`VDKVO+0Tw6pYN#*0_-Y%=PezL%Xt=%ug(;<Eo>hD;hU#F48s-EmSfP7L;=j|v<
zpQ;~TH`((aSA-MEhYM;Td*CYK#+RTO!fkHQt~xtXvu9cGjl=KvQb0oZ5t0GV-0PtT
zv>+#bvvDiDpV2OF4NhNg?^)EFCsD5q$pV~jVp+K#@!}p*3I#_#$hm7@p|kHW*9Yo-
z9whTqaIgXNSSe?M>kq8gs8C${QdCbs;<bW-J~N)aY4@YlEWG75=ppjSkQ^KO8qjFJ
zTQ$wQJwG*|5$IDWmYZ?b(z|RxK*Csg@@=7@?JI_HE>#+BY?yrB|43{h(93Xck-gO-
z*_3>}&PH#KVtnjgcgAF72LMMN8Vn4do`pjkKMVNFd@QqaUF^)1+t*8CLrLC$yT*qk
zyiYk(w+KM?J)*2aGA|EXoe3YtBQ8^5TfeuvrPH$paWFNh*h>J-w5BtJ{%BxX=t6vM
zNyx3nKvuq6-d(SP&f7z?80<Srs1V^ics&2T+y=HCS#_%bBcCZ!>W6Q$@vQbJ#brc3
znYahZ-627HLDVV*$ds)n^_c)}8X;CG>cv@t%n26^)1mh54dGpiGSI_V07LCd(9|~2
zJE7{`cv|~_Fdr{cy(RG(XbE97Bc_6OS6Bn21=Gn}ebfg}V%jM0_&a>>evxBq@U!go
zJSq*yR$7}PxHOzHS7=2_kS(t+!tD(OTa;WR|M>i<Cku_rwks*xC)m0dle^XXe<+np
zVb^Cp^p&<~sPX)CPBNe{ouW_2hWmBmPthZpA5Jar?bXLtYf98U&idm+!^WpoNOEM#
z)A0^(pK&_BE_;x^D3T)=HX8836;5H~xR-LqBk_3YNf;J87an-?-|?4a&orWvUvC}g
zlqp@u&?Y@i-^jbw_h=gzdv!eP5?=HeAk6kHGSClQ4}Lnz!2*%s?_vWxB&O#^zcL3S
zx#0UAf$1NeJ!RT&<iAB3fe_OuE32N6u-6z4kgZFfTK=u<8Xabqzv0SWt??T|XnaTV
zLb>Jslz;|4b9h6PL9bc=sh;@y($~JZ#bZpILa@mDeZQ`HZ)3wJi1O_it!J*PZ@#{u
zeP}u#R)y2N#@AZ4>RmCwIonIx>d;XXH^XB7AocXAJ4nN-55fB^#Uq!TUes}e#0Yh`
zdIzTE@9dvz&IZNd=Q+M6YIm60bU#QcIbG9(+S)+QS*QuWp&b*$;J5G(=>;)Lx#=c)
zkyr*kV*o=X(Sukn=c-3<uO_`1`f&mOAF>(ywV8y}6c0S50pR~g_;-MkIh~xXbC*%?
z@lCqr*utALy|V(08r3s7_>ehq;)P;-ln!FbZz|S_$#6Ud0KFfj$!y|f68iKUQX4*R
z{sM=4Qq^(KbWTY}A!<o+yk4RY1V}Civ>2x&md!7UBH30|o<f%AHbKU-6!(UOz0ReB
zbJ9`3`RWL5@n0MPkz5ajjCJZS{^@;&D~v`2$1*4xV6;X%w|LMg^J!hhD2$d^j>t%)
z<3!CB><eJ`%ZwBxj=jxYPe#ujKV<iOd&$H=Ap7;)_!+q)fVF7Rv>V^m6L5(xlrj|%
zSzcQp*`Mo^y8H8JcnhpfFXzt_Vl0c=^JEVZ-Rimg%&+{GKNWqAvYF`(l*2c~<x<%2
zy(o)v-zkH0quc@s@LdSM-l0rdW!AB}O2l-#KF=K=!iVBr(n3g0EU(CCt;_FAgZ|QT
zqfQfBfx`>(DLa+!+Zpz&zJ3U*v~-^xAY;=RQ&ND|{50Guw>@OF+q3cR&rh}w=DEA)
zY&Lc7en}WUf0i{kH1F=R{$k~N1hX+638DJ*J#9ie+TL!a%-_%Bx=K&>KCW=C$V@Ou
zDtHxAH2_C~{2AdV!I2voV~8s6RkeuExkuz>LTDel+Ht*PB(v|n;e5jpzc#jr`c!A*
zz@dOU1#ty5lo7PU7taASo7vaTef$h*)1<uayA;vi%ROxjR<M}?q$z7!cs?~KVC#2#
zzCMy}W8SYbFTj5#y~FMMhQbs!1<^IWeBKoAWY#-T-s<gjBw|IOVEM^KvtDRKL$)B`
zUM4`p3}R!gkC6mAbOajdm0>+E`CE+74V&dwiI|YfF(-HEsboSxy7eFK8HTW{7A{-s
z_sLId9&%6z5YBlMRaaA;{y=dk`)V*?jpTCCoPDd7aH+>#_qzEjy|2haKZgUCG4yNv
z3HR5Hpd#*ds??FebAN1CA$w62r0HyETU8fd-QP08q~%^K!l4NqdEeD?<acFZB&3(C
zcJbqH+XU)sj-q7`icc1V1w4rdA-sV+Y4*Cv9+-;yeIwRGDmAO#pB^~viXJu}4m`v?
zzc{@kyLYYg2C>wJqwVkT>5ZW|-5|YjF7nSkTSgqj!Qvr$d)$zJNFmB4?3cNI%_=M2
zRN??IWz3(S3ZvWWb=ohi;CiN#jUUK{z8%^vpN~2Xu2!O}{#}Q2SF`6anjGb{cQR>0
z4Ir=Pc^+}UKEM;BK3?6+9IfJ=zOLNo1_a%jQH{JZf!QXpzj%#^hp|h`NQH&Ekj%0a
zaP*tdDZiM>P(*@-<^%3?L#K5a+CC|o7Y)PZ)<(glE6>kX<JARo$J&ZWA=kwLCbj4N
zB<r`mU;^dPVCCO*@yk(JRJ21KHB_Q-edw*MGc4CBjTyHBI<N6F`kLmalHi2FvU<8%
zUQqkHe&2cgrij+$P~H_^Q_7A0+ckn&e?}rFQkq2to#t4mF?^rVxL87RHt*`}%kZ7u
zsg%t#!Y4Zf-L5jdr<2po^EdbfQK$AgLA}%>xEIVrnI~93&J1tXZ=s?@X1{&oW&|A6
z&a|9)lf}@=hvYzfneqD`{NKH17gjgUhTluSfriqi4<|yN3QpUp`j4dZT2d5>qUbMy
zNP3hEN)Q3XHwhvjQS#T%rl+cFx~JQSaPJBGtj(TaI%UA*`i!t$JnCPi_QEKi$DVRW
zPfYTF|NMd}QG$nanjg(5xUK1JZ=@z8#tLlmxXLhkdpW(HvJrZK`K4K`Q5Mw+`w{fs
zpk^`ji&{hd*Hx+c2m_O+{648;plly0tTMe%OXZ)t1V+++aqNW$>%Auk%XD84=5z^y
z-&`44WHASWr9_N8fYnh3pFxYrYkkO$=RZ5s;4bqlKN#iD^;rxpB=s*cp1T2sz<r+9
zCMDK&>ps!{qbwe+uQjVbh>jO}ByO{Qu&hprhdXYc(pi8COLUM=oBLC)8-7QT7bRkm
z2)mV%YV(u^STdBt=a{JJe)a={<S@4+L(Rv)hp|_^qq3>H<`A9M4jjr=)@zxqFS*Rw
zg7odUg)J^;5yk!kr2nsJdR5Za9gVS>^u=G*-Ubmg^^W{cgV?9(uFUj0^QRi)E_hy*
zVqj+#n&<S{j4u|y@xCcb3|ew4`1LmWZt;2*dtlq`;Zv!S+Fwj{dpoAF^vprNv-a{m
zzMD4xYU!!uB&V-CVG3kJ5x?kA*Qxaq$H>LW*?%cqY~kS5dja^%-*c>U3bNyoLQ3vG
z&n6M8Q_r7#FS?;XsA#IBW47)>lc@9XH%z8~HLLh4f^CIm#WPKomT%bop3nq1`Rr#q
zo<UO(VHx!NJ8jHUDGv~hX_7299?XJfRLXc>e;&B_`6RAld!=CKctL*RJv+e>p9;)5
zuA>3JLR)*T#&yNe6rtq>|C6{6lR)(L%9Bsg06EB^lOk+<S<L!bGLP`Ss%M9^D8p;U
zGaMs<&n*T1#d7u@6$U603ejJb^I<Oi*r#_JdF)uYGkZsjEX1yde=&tq2hT`OUN5;V
z_jBm%+v0Zy|8Ex1_JDEXDa(SBZ3?9G+Uva+^FY24Q{txlE~`{nZ`(I;8o+YufHV|s
z&im<&oCH6v?`H$8$n@3pZB4;(o%cHI{xmwAgSOWjvz}Pw2NQ9}{6}K7CT~Y+3(i^N
zm<2PJG+1=x5%!~aI1p&SeqVoN@GBIqDEjt#F^Ajv1)m3^yg<Us3UO>BYT5S;HW#Po
zRfSQQ%nQG7rQK%NI<I!}3HDcj>5JFGVT#5&M(X^2oBMi7pZFJgI3Fxxtvs0@HHDp#
z0^Ce@-2;jj)T7G$o<g3Hu0}q<U`gt2m{Dx47k`c9yCSu1V1+}&h;#oK=(R|g>FTCx
z3m;7WE<|sqKv%@MzcMmn0>?N^0IDi_>AG|h7XY+RBv&5anCh0aTg1Kht7flDVR4zT
zCMbmoW9D;qIAfL>|Han`Z#4E#|8QbR8%Ea<)HsUr-Vb%2%YW-xcNg;T8{pRGiTZ!H
z<<IYBm*)vl21m8;u-^UKuA>)H#p<~UudepZq=}n9;{p$rf%|<ldbs24#X)K^{JzHO
z5DDOYuKOY70k0m@--D^Cr4zGpLGv^GrQXt|<$xiQ0m?`mMj_^2I?Nm<s(DZ|+3YW2
zKf3Sw0Osxf(cNibJEaq){N4-(E_&%V@2{GE5To5k4pWWs#5^!gNKDSCe7pz$-2BIO
zfP8L&1+g-H_uO<o0k!%(93K%}HDN=SwbuRR@NCVX(QLt->{$}m?zm1Y4>hIxlLD+8
z*3b4Bp1WTNyL-_zfSnl0nepVL*(TO<yb@3nk=C}7#J2fkc^aNPUjGQ8S9fexr+$^q
z15GAOfv~|IWZ)~v-pdz7wlL!P-}GP&8h6=0y10C3&{uru@%W=?=J!)><kGCwXrAit
zT^*bt4La~i-j?%v&kwhYS=@`F32H0%Bn-BTj7Ia!mw!r6ie>ia+oL)z=-!}%Nx^nY
zE5GwA-f6L)&opLaDi6l1w@kG(1{2N~nS|)$6*}AN$u7$q@7c!#)H{+;aftmnUi%q@
z5nli#r2R)fa`qFFCFS>&gUGU8qFIJK6u;v-ODpc5xZ!Zx{(Yw11%QVAXOhe(p7)q)
zKU&_NeYwulBpf?V04J@BDc|--{ZZuJ*;Z)$Y^aY$Dr4Kel~>JKTV8II{h~TnUN~To
zq$)>I`t7gwQD-V^McgN@Pe_cyt^&dbKvLKbjHDJYm42b7^EyEaf%_A;9OW$wt&9^r
zd(&R~B+$5EU>dI+{p9QU3L&)RelXAXn3>v<gkQMY5<c>0RsPL^G#+W|x4;_xDo<?a
zHzjzQomzse=QPWFw|hw`SKOb+#=u=qpWd$J(j2^l3Vz+k531X(<YW>P(@3P8qQ<*Z
zQLine-o$hXD}VP({V|}>Syr=K{^0w@42=#70oo9Z=ylL|H%Biz*F5tyUG+{!m$B+@
zEC6m__a*>Gr@rulfDQA@?Rd<F`lPxi*dqE%mR)20MY;iVKm2u8bZ&vng1hJZ_!)~V
zT{5xKo4SyE?~#ZV%;vlf=0gj1B-1*aLkg`an0mr{1<36;p0}l=&-*&MY@dU0VJCO~
zz`Fa4{Gm~O<yMsG`6AY60jtWxWKmg{N<~|^9^<9O{WYE>qAp_WD9Tp=*;^!~Bi-z{
zBK8BFER;jreqt-KzD>v%DVxaZ>;s;3qYwc>ByT|fcsO$Rw7;La`3G@0p|V*Wa~aB2
zbrN8r+{oNRo!iuV{dpSpwCDVx1dS$s9HrLezT@2EL?7yABwVq(VYI?XUi7)Dvt|5{
z_P|Z!l#ITNEi1&0b4|c-mQeVq6+fw;NXlpLB{B!q1p!FY=7tNKs7gH4q_2h=3Ffyv
zW!wGyL7~{nXLF5ZPbMD^R6(bj;dQy8rOY|YSB4){{i4guVV3)NxN%frpbw~x*V{|L
z951DmU%9xZuFeKJc^b;#M+^+jciK;Dap4F*$aZu6DO)7Kc{m(!2!+nNZ#nYg-;!kr
zZ^gBSVewln8<zF@8W<X3{fMFtY|=z*@Lx)-5%|q-_A!5DJBqN^Gn}lTtb%79jM7kN
ziL$7vUo@qunaho3URe4xqPZKZMKf3PXi7KuNry6A;@Na#%G3$2z52Tx+OY}mHWMEJ
z0Lrc-_v)(J|G}-@2l63-`x*0L!4~jebdyWEng=VNme6Z<P*tSK6?S!47nB^-rnwNP
z{%>L;Ib1nH-=2P221BI!Z%n7+IDEg-Z9IwLoWP1Gm44pIfXR^JjtobK6S*bx_L_mo
zJAN^+gIGntdMq4!dl#b$f3x+Tys|@Eg|IxDJe6ImHv4L@F~DXZfbrk`j#e##9NM<-
zEkNl*_!<y}oDVSTdFT5Y7U>$I<Tk}@kceYfwNf+=2M<qsy><BeN$>^$q9a_c;(X)y
zW^t@#x{%y(*&zSwAFX#+dHuFNDmf$1-#F-wPA{6}ZyfdbfTh=+ymW+rk`lbrRlSh<
zdvIPEA07186Ttcvlsh4{9G;8y=w6S#yI*Vz#~M^A<mLyzm!v5V)61=~*4sV)Qz~s@
zJK8y_gyS_?vb=<oQop3${31Q;rUGO5dQbqQTKhp;ocqUcfA#dlS@76^FmkYQ2pLXu
z{Rruf?O8tcmD}bo>zFADe~c<v!UvFR!RwuRW@Lz<l_dXWXtHQjsu4H}dBvO=dA{}3
zjATH$^}okRRG9lTBY!E6cob$2hgFI^36+2NF(>9|U`*!lJ+fE03~8dgXUWi+ZcjvO
z2a-4I=J9Lum;FfJe^c9j`T_*qsvBDuUW&Emsre&jch%_MHt~#^p_oxDmY3d(nf9_L
z+C6cOCRrAuj7T;LlB`Q5?`eZy5I?6%uD#J;^l9)aQYgefDWDra`&`Jh-*>B>#wF1J
zPi%mJyO$aSL1P%UDBKhYjtG`DB(RD78C>_cDR8_okFo02oX-GWQ2wxODgKK%och<N
zxy9`A7#)wlfFWch$YrC~foQbeqqu`3W0LjZUXttW=9Im9bC+X1!dg5@Z_gGQ!An7c
zu>hI-o&}T_@{`7Mg9g}TYt}Rk>PfkrmGlaAgz(Mi%E7~eJ#>^myrQiGv9RWIvdGll
zxrP^-`q8d0SRa~O<n4=mXzx8<_X1C9@zhG`lVbAsux;KzB1B`8>e*4Vm$TX)ey_)>
zLyZ%EFRIwvT#q|_HPJsg+z`s!;eC96(e!4y=HAtTr7L=3e*WN$MIdE_g1O-Z3I|U@
z!}9}khg~$0nz6u`r=NF!Uy|b`U!5#%X^AHa6maS{K@Tv~!aG}3_ZxBq&$%JP@oE3O
z-=Aovg6B^Xt|eJV8(qhl39>!45xnaG%*CwN_vpcxd`|nk>i2l|*<`yvFz(KIl0rRa
zVz79%_s<VqO!jv(9DM0U!Q5NCzRw6fm+_$|EF2a^hTh`V#LjhjD%F%fDDC_vn4nUJ
z%{TmG`an-HzRw_@hNupdSHV7B=6m-V$Hx@7rzsFn^o@k+3RYQfs$s<FR{^E*^jrVN
z8sp+dqqw(NnQpI}`aTe|aa4eyKAuw)=XLK;z1afZexEx5fIr*qmt~>7&&VX_mA+)~
z!5g#Rnd+}vbzFm&JFExZyaZZ*9bAI%UvK}80$6!UVqY|s-@cL{%2Oc7e1Yil`1Ar-
z<J!f;lBEL?flAN2{k%*^IJ52a@Ttna5{OdFHS0l0!~`=IKEog-?Ml<-L&fQbuOTMb
zH)cAX)uaiWm(V1>G*ts(9saDlHvQnB<b5pf@kve%I3a$f1HZ16)!$7w#XzJ>-ab&7
z!SH;dZZOuieyHChmp>Z82eAh<w9f)-4N#LeEPlxa`oIfxI-qdz#O3rQ(?1*gTS)!3
zp9~r^ip5DRmdq`>T%p#!!Ho{QpG5iIpMwVb8vu$uU+6cxzIYS${OQ$${!r|_PMB+t
zQ$o<5av3?V?MFA}S&gaUDFgvgV{k^PF`|sd0b&^8dA;Mvo{g9(OdQsEm@m!qd%2-i
zbEJmcANF7yUt4%g%Jdz=`JMGVg%lIy55QMhar$S_STy#%4<T*6prVi48+3MOR{iik
z_s(|>n`}58BAN}c4YiiZz__7{?$5jWJ0i(ESY*6@KJqO_$gT)swzOy7{BhSrKKaaZ
zctOr_7w<BdZTH#4Smk5s;Cw-y=*0N!$)||yVNXW{yG02u{^3zr<Yb`l<&GNBwpqIp
zl2xfX<_2Gq7<JdBP(Wb~*pu2*UE<wtd47Gm^&68GxOeej!S;LWl!NN>%p;{331zL|
z?GRCqYr<~NTa+dhdo|?gPy^cgWr0iC(~47`v|VVuyA5Rl5*_TjnG1D~31P)j0M$Ni
zzuSF#8~HWZKcye}IjZ0^bKmBZB$XZ*)+GJpTY8!Hbuo#nJrA>M9)^6$Dg7+V4$2t_
z&;DZ8OMK8CtDbbLD{!k->X?Q@W#P>FSy||eMLuTR3R>neGQPdIMaX-uJD#?^rV<lT
z^EzkW@laLIDIg{GQvsj{o3cYc-m-Y|MJ*^+9ePxTu%IJuN8D?#J}JPrh-OO4uROfh
z0XA19quins-6GCj^&_EaBYHo_^z?Q0q?!?DToceO+oT=0iV7+1a^D|n9Ga~a`MZBD
zsx%=EEhk`35RGl+JhuabB%lKH{@UbU4y*8V=?S}b<o)mas(*Pr9Tt7&3+8_hs?x)b
zO5*O^88}$zW9{W6cSl$d39pI5<OI>OS$0Q#N%a)XInMqkk84#yRKnel;+y$(a)Tm4
zx^#yql>#NpsZX6Jg#!Mod&$vVG8fmqPUIT~RKOn|Vip{w%5o-sojyxIwZn9D_X^@u
zf`Gu^28}o>+#a?O$k_W;%n!AeUgRjZ(6o+6U>k{}xu{I55~G+*20$Fz@BzsdX0os)
zb0CKR8ed4<jr$E+Ut3)OfhC09FlY?B@e7<tzvd{JNmdg*+W-c~l`AEV^I{KHm%W^X
z8`mlQQ(X99W-}NjYV9kwC3|_<48$Tc5#InCJgqXVLtIL%@86<o9~gSkJ-R6HF!uNB
zsu?gubRKC>P)<)vUdgcfcutzb-H(e%et|*b9ytlf0fg}Qel8OZg94Z>+{WVQ%0i9P
z-b;kc#Fy-^Gn^uGi#x*q-F%LUdw^nI-KGUlFU7kzf=YyUH>iCOO}-8a!Ouds|GY+%
z>|}SWJHjvPvivOTP|f^qtC5)`y4RXuk!@PS3XTDZ`1rIhiAG`u6^%SN2w%&ExbjiD
zTQv(OmUOen3UrcYBq9(ny7VgPU`&i3`81_SKmQ@_F$2QR*_p?wsw|J+In9332bFi7
z_#V!pD9B#+J`~yYb2v}^TFJ}v-UQL%X{tXneVy!+ou%n<OmjPgkh>>18lcXmzPT~;
z1uh=wdKshu-CLd?PANZKoR5L&-4j7m=WB(s_PWAr?W_W+>9=pmYV9Gr<1!bxn9W95
z?(}hJS=U{anW)V4Rtxqr6GkdkO#%wUT<pO()%8D!S8_F|x-{F;Ho4Kv7ax}}tn}Ia
zbF>dP$WY1hK%e?XxNa(RvE=t+#2@Dg!%fXE!dA}Cj9ZwzwC@It{jBb{UaF~8(xJV7
zAExVb<}oTH=ZjdKAMu>|vgBl4)>K8i{`81|RaDAUeW@Yi4x2L%Jj_>)+6xjJB6pAX
z1RnF^v12-h3|T<S=}RQp6o$6(eC72r+iF$sD-T@gX+Ld7%;sC_<=fs|szw1w!ROR$
zS7dHFKdSV}qSbo^6m7u&jfL8I+Bzdl9v?;qEE0XY9a~}F?)<C1V)oa$2S)uk%RGI(
zBr18TyOYEVVf2mz=<~YsxNb3HF5ia-<JG0zJo5f2hbO2)Fd-x46{(_dE8t*q4cYC*
zR>4*}%Af>PtVGh<2AQ)`w=C-Bs1-5&OCq6OdYNEL`bnI+J)z@2sq)T_y8h*(`^GW=
z4cL?SW^R(FV%l3&68QG)Axip9ytDJpwy#rK=oB%HRe#`+`2f>qxs%x7*7)`<B|n`)
zBik=T#r5O+F)QX_lx4~S(7}HMH-=v}dvJ<qw-i)5|4Z$s7QUQMqyAh3-rx3O7Bw?G
zjxc>>$>pqH^XpM4!-U*<yTVY_I(>6K<EAX9HW}ea?u#k*8UJ*D271f7sv%vj)HoEj
z@h;8NyFR5?V&?BxM^It&`~6z9_%*_lwEQ_X2xIb9iA@GD0uNu;ab=}}h4fXB<MNvT
zsucR1;~B)_MfMqcyr9M&Mk$xvI{x<J`<n$*9y3BBCa0tk7G{rg^nmtvMz2sPotelV
z-|dPD_U#sL&FdN;FCWEy-b5pRe@*Mm_4Sv93s7*a4v=m)EwdN`e4qm^8-4_4Zb^)Z
ziHDljBxj3JZ+I<?QTt~&6H(uk-$V9p>*ouC7-4R-$BBrxsMAo6jPM)n{qcW#;=-Z%
z0$Ut!=)3H_>o#%xwV%Idn$4O_nto`&q=8$d;sjr&VU0QG468ZA{O_I3^vol|daly(
zth#5CyYHoWl<<Vhy-{`e#uOmV?0q-!mWs@?8}<NBQB|U=pQZTf*$1g_L9D<;`2sXK
zc}ms~A<1baC~pQ`dqOt%@?eTStO*c!{DxijQMc$U|J<e@N7${7C$qq@Hr@u~GEb^W
zUP*j@&cEX*sAZ*`Z{BRn`IS-2&8lhVMTah2%y@#Ww|s!5HC|6xF3<1LVUl~SoPX%R
zn4k^E`B4ei>_zmveZk@lN81LZp0`gtzc2QE=}eaB#R~VfLU^R-keEVLplKA4>uEf+
z?@SAw!=|G98&0f=hDf^P3uzec`vcpcs$4%I))S>*!xO^Y3!Fm*YE@H`)~>uuZik<Q
zZrAx^rJf+JOwVV>t$6ntLFPB^#B4;uYNPt<Khf*a1TPrB-ec&vytLzzL#ty{?>Rl|
zd|#%lL9uELO;N=!4`H0d&DDH<Zeqg5KHKSgWVcrW6)N~8zx~4Nw+|WLVi;=XBZG8V
zdFD8)^U+z3m_?oPPj6y;^F^?O(MD6z0;*&&_kDL}ik0IQltoYZ-Z&Dz&&y;S>*hIg
zSeBHtFV;Tf8AKJ!$6{b{IQOgJDf!(bny*x4$FbV0SQ>u>@H21T3!jRp`{;c6{K{Fc
z1l=}@mR++Ssl(OJH*OM~-8?-qX#mJ2jKR%tQe~J|(wVo)rxqrESN8iv$=`mvH=Rrp
z>-LcILWRpWu4V}M0L1t~%wm;)uh?njnSV{s0YkxnDr83-K_M<Ku$I#Fyuche?quD+
ztQzibC<c0zcgu1GJpK5JpBD!=U-YOthDkM|4*jLmN0dwLg`nc=fg!M3QXhEmL~{t4
z>#3NT<tTNot(l#|$s4=Y4)M?gm&V&Ye)jHPvq05}aqj(iilt)85L|NHX#p0XT<lls
zt|`bQlN{F)^-@1tRP-rvxdw0_q2=S;^SzugEi><&0jMV>`BzIeR9nU2NT}C`B`1E;
z$7%G`YyBb+ms!IJEdL&KX(Ro%0Oi5<)46luihJ~NzrtH2CLdGT7&pu_hu|)wr$iB%
z2wEIp51+^=nO7Yjw#Qz+xjZNRXJd{h0V0{iEM~rm$Li8oFXnt<7Woy)Fs=46!NnH|
zaVp^4=BE_{Hhy~PiaS_Z?7+a9P>Oluy;pRMOE`Sb*!%W{r9LF=oI{I|u@M|{sO1&g
zM6UP*;X1*K=40YH<VU#X<U&&#T)i()OrHOM7>7;S?SSIKOoZRWyc}?JngIKa1t!v%
z3>em!-{A|Rf=QyKd=_(I;2-?$kl+k}nTu48?WakpDbbinn~u{9KCuvrolUxcmXI4u
z92EbE4CpQ#?T(zyqgp@SVf2JAaCUCXo{g@e#Xqk@q3|G}e}04Xyy!5=nH_WA{KVS@
zKFHGzZqMci=3F#(BBk2fwWDUmu9>!9(Zph|gm(SPQ6Rzemr$Ktz}KVzZ&a{TlcGM~
z!UP2On;4iQktArN-zI1^HU?<rqd32+W-Gs`0Z`LbRl<{kf$M?cDTQpm2hT9B(NMdw
zKIh7221fk#4oD=Sh@^~E*UpqlEl^dXMDBUaZC0OX(ud&nw_Y$Ayys*-9a*C7RX07k
zI96$#*T$x``WAtq=t&dre7P!G77sItwy7R%7lUQ{64Xe89^Cb4=UrpAS0Il{96F~W
zjm4@x@g-)8g6)R_i8}2c=@U~lPg=&<pF2O9fFi;<;~k7!p573!VXi6;CzsMDDBa04
zapzB&+z4?`Ark{`W(u{P2TUp*p3M(VilH~eDjMA+JajX0IJW?2tM7RuM?|rLV`d(m
zd%wORzNpVRxm@a($C8>AIW8<gb7B~c;8NmD_=F%@YufYNJ*HpAa*yyGtV?uin&Wl~
zsMqfU1b84}6#2wCXWeiCkg-F{4W<X-py~y_@AH8a6Q%Bf!HL5hKeSDYx#Fk@L-4-e
z3cC5X%dVBmYR0)PKhl(OMj!My=Ml%noFt#AnkhlJeb={>uxri*eHlxxe{1h!E<_;=
z^0K`to2M@}?p~K)LyEWh9qIDf{|=w<UYYRq8$U6K%eRvd>-D|3U}f-8&KJ5b%{Caq
zLt1+0F_>j=g2x?Yg~{xgCzXe|U^)o<99}N9eBVduY%DY?)XE5v%R9Z%O%;CxEI}(k
zqsrx!4lvzQSbRok1ebk(4ZePeKXpgf*~m9>dk0j$g9A<X9Gb&c!VbK1^+QyQa|`Tz
zKi1Ry9DjEq4X{89&;z;}tFiY@Fy1djOUr&?xS#eariVRy7k*LM#w}km?Q~9M10uf7
zbZ#E`rXNaW>hJPQJMZ5#Tm$}Xo`w6`-z(yQLv(R}+S6k#wfKGDR4<!DlliUC9j+7&
z?*|f4vX)K3){nZy!sJ8@+-?yaY*8FzDsHvw*QEKLHTA06BQknl&KRk)X^eVoI&Dde
zLd$l-xJtFsjZNJzop$jSt|gC+0*S95>fgi9bWcT5ng|(HNi(@dJ3N96Xkw7duIKy;
zTlr7*H%VFNsOo>k0?bR7Eh@(DJk2;I)H2Z`eCDD8*2noCp5ayfHbK7G^g1%Ycx55^
zGm>j!AL6&p7JFQkX_MHVnq;y?EfGGL0oP~cbCCCvljz+N7vEbMtF{VrHyD)AHyW<C
z$$J}D?-ak<_g46-GYCR^w=0p7!|y6ATTD#!{6r-^JCU5N!4xHHew-n2No0e6M72(X
zDi{I=<^6a@w^45x0OAWDGqFIv^ZQCz+doxD1~R8J2ecECF&H*Ku^wFkQ00YqzYTjC
z?3^$8;HAU8*;KmQ<-&bWmOTDCTph~ojjX3cb7T;5UC>XqCht-4)BXu*B6V-7>rj76
z{QX!JX`>t;%qnl!S3(Vr*GJNJ$N1uJu}`C~_R=qzvxN4>3+#UEs7X;c2iN@s9)ZRI
zeVCWYkM86GiY}3`;k>IpFiJw{R#lll)hixDPDHjI=WS|Sc^^X}OXQZpm6RU-pla!Q
zH6Ydp*3VZz$NF$W{@@+^iy_0W`)1|`kpk`^@J|<|W)x?C9|)@vUS!zr6z-iZ@3-5-
z$4I_hV+8JquO8Lqb)tjlyygYGY)(bUhM(nFK8I)2Cl|Tk)Yi->Z%v*u`y$#hp@fan
zv{zhSHtPA7G(-ALaIM3m<?u_dl=q1g;gE``(F_&(dsZ<?wV>RnoQXe5)~DKXu}?6a
z44S6tybuG-67iE4??(_N?J<jxJuI_{>Br5(xxIyzLo4@XUjT2%o{xWX;|N_HuAdQz
z_pkE1|2){*^-ak#M+vuj4OAxA>mW&AYs_zC3$m1!NzwKVj_@Jcymnx3b7(R*TvO3>
zv5ZPM%^@L6$9=O80OEUNjPda+1MDXfKc1o*aFgcfM-etCL6S6UDWV;GCgABVW>8YU
zHfA1m5}nVpf>rpmtb|!$=(+Y7*?DQ49C~%Ef2O18r5pQQP~{S+eaX7)ct#<?A}L7a
z{PvNJUH?QGrz_pARYec8n+0n83N4LbpiW+Js0B)SvTMkkU-wU_*lzaquNOiDDCr2y
zLEzr4@aZx}v&P6Yx{D2CLBEo2v*_iQb#|&RaqbT5u+6{1crIBLz~}aAp+wcj&&_QN
zYV^YABe$X$rtM=A-t<EeZBz8Hs7qW*;qx~DAaWoK(CUF*^6ur!#5~m`_S=2v9|Gi1
zXWPhZ`GK9&HHF)_-S$M0{hAo8I``wR03#a5Zr~f?b^IJ7(YoB_^AdT?ThYqPACocZ
zT`vLmGK)03!~WjQ-f*sIS<MYrIXwz$jnwxKtr*iCY;r#X#q<hUzd8H_8PnZtdhJfu
zsF$hd607=4o}>q5aq(?VE;sMdExt5@fBe$pkpNHXc3tpcwkBE9sG~U$Ts`(R<<3pd
zo-Le;x&+VrQ+~qk=D|c=D}I!-gv%?scL1e3NpyGz<=u+x8*BkjPUB2rc91<W{+`%S
zhIlv(WVO(0@?_ro{mHB05NnmcAW&$g!Cn~3o_llr1KpRD_*pG;NGx?aZ-M8E<i{lf
zRQeC`i5s^oq+bXP?{Nf^j;Vk)jQ;YJdsXe@{Z}4`4CyEQohJId#p@a_ZDoT_3IVhF
zcFBbc8A$sTkLm6GES!EC^Q|iUl*^{!(Q=!wIU_YxRO^q4AdpNb2Z`KmXNow2-fh32
zgHeUZBJ~Tv;pYdY_3}?u#p$uaSTrert`baWo-gaX7d~IC8J-M>WX?ipy3Q&l`fcBj
z9ik|SRxFES_T6(HEcVKFVQ<ffpuV%zlEIOAqC0X8XRU#7%z&%<-MIUfg>|N(yUnf|
zWl(8o#KOZOaI$^Dqn6Wje;k8tX_*p_xz5a$<xryWCGPt~!s~Q08D(DoyL_Pj&c~?Y
z&ZmwjIaVWLaUeTS9e?1+>F--K1ouP7Ds*~1!ftT7+_3PX4xzwKJK--rbW~(Dp2?m*
z(w{nh8Dj*{PqN)63+i+jhm|~ZwJ?HREz;oWVzSBKS-Hyv+6S8<cjO-bmZ!r_N^nL9
z`8<7B=ficqOkv!2j#D9#6fy#U&5r9%<6GDkm$ZwC9}1?ZDJsFA@GaSo1}7suU0>q)
z>|YZtyA=Wi$#|WEU|m*=z)x&{VVYasJ<w^Qqvx@qU*1LaQopWvbM!9PwOsbf<neSy
z*~k(%jXhQC)z*0DvY^B($4`Ga%cm-USo(FE@3j8u9|?xyzwp@p)IUGZll#nlR>mzK
zi4y%zoob+wIDggZO5KnwD}>Yo6ufd&^<&;yKK^{v356vGcGRMR+j?wd>TrAPjWzyw
zr~7M5BA1QTVofT@XeJ~@g5^g(^VYD)=j`PQyDRs*mmBg6U+$xcaPGzQ`#pY_)_JdQ
z4sRs&idh^|&R_*&NA@15dq6+U(_I4e)7EL1{2;3$zv|q4L8lNOtET_5&Y&vkUKk$f
zE(AldBn(1eg%cR9CPu5lSAo@^>V)6jZ84Gc*@j1PfzFvcpGOQ@CCW!NPe-2*ZPW1@
z%&Egx@-ByodlabmEJ9VjOy)*CRynL{=Pis~{@EM-+^RRXFKaL>Ot)X@$Fm>O(YP#E
zb1lS?*lQ?6U)F6zd0Dst$^L+Y*2%aBQAkN=G=qr1y5_K=xx1tSaHg$7V?Uno9QB_{
zkwX9jLQ|Oydp&GYA;x*>F$84BisGswyxa%x=MBU>%ZNxHs{)!YZJupEcreCd|6v5+
zW!OF4pEdIyiF+uKqak0Yy{?~c5#4+J3zLaZML>S<$?4z<!sGqsUiE7gH#?@1mb{+c
zw{%Qip03>iE?rOvQZD6lQud8r9fmU@IJ}Rm8H5Lv*1lyY$xa2n1{CjaBXquOzvaI9
zhP2xMfZu45z%%hrdDU({c$f$D)Rr0d)+j~wVo1|PF9?^OyB^H_L9f&Do%2JrH6_~d
zrU@tE`_7wF9<<EB!Q&R^64x|ro=rPMTsV2OW$gkeWu*I%AcjX~!ZC~VG$g_8x!4X9
z!paOP<%^M`@?LBTf-a1Ud#vo?2ix!wW{$GZhPk*s{y?0<+z*(4G(X$>las)ZdqIub
zcPfm8uWy4X4t=^gPlI9tECt1{0t0P$7{Z76bdl7LYny)hUO$Vd>`oFkv^^X-96RUp
zyd{}l!5}<gQLzs17(@?r$-1vI_r82LOo8R2X_}a7`YqlzKHc;dDy4ha_ku5}+w-<o
ziq4{@Dx&cEx+w$NuEclaPWusvT3wM5k7!&YGsqD~sUIL!i3H-T?19Y9VT)Br!4!-)
zC2op%ZQ|41?uj9D_ywc%h{p;@D2<#&lizrV7Q6l9$KOx;1%7mh{bBZ#(K=qcjWV`s
z9El(30{&;uIx-qg+8_EE+{0YGWvAq}8<qzc|C9%8BEseD&ZdGF>THLvKK<|kDr4>N
z{84*;*(q!-X2yyrFk}%9n8Zzxl4l1A8r|R#aruT<s)X7hSVA4*kCcqyf-dx?9T?0f
z5BIpQ+oPAC@sz;iglnibVq%1D-48}*^L?$w<VKMAC#HJkm*les)+r$QUs}$V{CxlL
z0C(c){z}YQEvDgqojy3|wqQ>9OZ~hn@7{nw6O!}G5TP1qQcyA4l0+*UPLWN-5TreN
zH7gPQ2^6B=yP+_95X3s$ti$oqpk_NF2tSE6)?63}3QYB`T>NNq-&=c69vMa&kGW6J
zo$@WcT#RP>CceY>aj7GC+7<g1jW74vV@T7Fu5Ad~-2VCbuDdj5ec1ZzN}}`?QD*WY
z@{~cmFu|85LO~Brn+_ap4)(=dCuim03<|sK8nOq?iV3vnB35J}CjczIjexSHgcIJi
z!%9~D^BS=YARNw1JsGQpZb0%xWPhrO>w%*Z3d<=4;R)h&_|`b5iVtV%P8Oqlwl)m~
zpx1WZJT>ruyT6goM}2v?H&!esO8B^0T);QJI1i0hfcNz<iUDIYik-P{DzG1}o*HIk
zknFO5KCp7yJ}>-mY7N;8hEN+`CE_qau5<c!y=L$Ivl81q5F)<Sz!c1F-)Ho+Kdpd7
z$kc|euZC_52Ha+}w;$z+g2+udX-5l{wz8U>tD4>U7P=>{UB6x|PeM0{DagX+@f|m0
z3Oz`6|M@|oH?jNLTFSRd|MZ%RQ(6E}akLk@U@?H1+0R$Kll8C`ek5oV$@=w}pJE~2
zzBgga)Ij3&X7TMwne^uJNjl6Bh88md2$yEe&&Bo}v#UoY+?L&{-@IRA`>0u)Lvvmn
zsd8x3dv&LeP|~Oaa68i>8~3d?H)LC-+u(THS|T0pn6(oAg2g#9pIcbEqTcpLgMohe
zI*VNO`D+a9ynR7t!IL{T7dRwE>w!kI-qTn5D(nFp*BG)NSXhp+b2(}}uCg^Tje+Py
zc!Dj&ed(LU0N934O1a#IiDGKUvz|Xo&>f|_U=dOF>=!l!u3LZ!=D*A<)a%D@z#Hdo
zXd}_>WGII6rSF90x3wuMpv8^T-qd2ZaQtHCG!5lsmKOLlO%9={f_j^&?vI>|PvFf}
zVUT-10T1F|%e#7baF@fIG$<IOEYHpWWF19b?syA?jQH%XSL=ElxH|iNwLm<D-+5M;
zgMToN&9^m}@WR>P@MFUggwG??RFN*4)LC4T!>_VgrNqp%*Zjc;7U8AM;bPP*#-sRw
z7V8-Hoj>gpWN_B2p>OnQ?+Yc^9$B4UAqf%4kG_UH>f$q7r~U?H;^*+{nie;xpP2n_
z$@H3=^f!E=iFuIzNPAPLLS($1wR@(?Awi*?x&F+~r#zs5_dys%>3>kK_?w~J2w|Mh
z_xccQ^!7p3=R;fHCUSu^ms_C)8KF9~F<At9wLUT|okH34B;>{GgP-|Mmp3XWxI=&x
z`C?Z4RYw6mkN!P0eRa;Ap0Xm7XJ(?If=eD!HJp05q6w|v-Fknnprqk{T$@>q)Z7oz
zAC>vMuY7JRO`Gq2_Hzo#AMLB!VSst?Yo7ywf2$=jYb##19im1iflFDq%JmRD$rt3w
zXN(~H%x05n10fs6IJmQsyTaJ6=L7sIt863#wYqJ4bl{ocaBm7nQ}cm`MQVFCK7~b*
zTmd+UOV;zH2LGGkeZb3c^H(+`sX&B#9^v}fk`r^9Zch00H2bt5D?r;bu{RZxEd8mf
znD}FHFGe@`JEA`&xl_OWuKm(a^E|!ovr;>p%BF(Xf09%4kOaRDU*Gen{yqrFX$_22
zQruYDO@#>qrZKlczW>_wB|;PTO;2ObLY_N}a5AgA^U>1QOqoVgl8?moBE2>BK2t9s
zhih|~=lp>kVm+0b{#;*oUEl#wfz@O!RLAYr_}}8!UL9IqFY!mT_dz&?KG6<$7QRf~
zW<}_`&F5hUm;WPHK(O9hzeojDWIJT-$!j_!b`5P0e3#DU7NPVeTp6*4QXW51Eejs+
zDU#n|+PXl~sw)ih@EjT@msjzKim!6a>8}Hkvx-zh?c;li1x?9f`=OAb<@wTurItvO
z8u(3gr)yUZ$fz^v>4bmABN_R?%}WdIN)cg+;M%`7`JF|J1f@;vT-BA<ONHDDj_#E-
z!MI1L>WE&X{*2x8UT1Q-Pn`?d>IRVOw@Go5@4y}{Rek=3y)m4=cY0JGq(+!~*wZtq
zT#rP5skB%GZx_G9SHgvwLAC?QZD_l-fDV0Nd~hDCcv?Qyw}#5sDewCdndA}q9o%>n
zj0PLw=p%*);pWXX$?4UR)xo3_5g*=u^aiDoz4w91K<IL!M0u{iERJV5R{XJ`!}5Kt
z?zNkddm<R0;4y;l^an5NIKMQPJC-_|pcQsEYJnJr;3%*R+g`p*u~8i$`UDSK*&8Ly
zS64-1$)U=021k(p5=+^CGyhAH?QM-pNJuS8eCv^mMh_@!(1G@Qw))<dYILuA!1j&5
z1T0lofx>@8!=3RBKpb_3xz_g^o$2yPH{DBg+B5-H$P&jvrMNBLci~2<2WTa&xrpsE
zOr&5sko;5zD8hg&FWvF?CAigQe*o^N3jp_<`EizwS;|qRB>VX5p27U>pD(XF7!Dx0
z7t9{0kB<_)s*Cm4X*jU!LrXxYZ)&dlfN+z9Zhm|b*I3Nerqw5{+>>shwzBs(D}`I`
zFpgL)`eU$)mpuxo65-EqWID~Gre!ijkPSSOX2d~rEZle)kgm@O_K)H6m=78%uTxrC
z0G{sI3uQc9Bhb6AL$w%^Bz4Do?aMv>BxO>pXO)_dU`_PZ{$d}J8<aB@I6QruLcszr
zJ#2$gKg82;nQ#1bVk847TAuIMc6x@-C?((>;Cesqc!weL<@9>KU{FD`pZ<U&{G?D_
zV%MO6*`?G&+6#PwfE7YxuZ3s~`@6n8zvZ`qZ}2C{@uKjn0)7pnFT$}cw_H9+=aY9i
z7{M0w1@|_itL=iioO)Kh6#mZh72L}$t#6>E+_nb>g_Krs72^t~($=KB^p2gRdYnj%
zvt{ATZpcyvmEM<0&gu<(%T*e*vu?b$_g`vENM+wJ)ROO5e-Vvh`kVlj0=JWDJ@=$1
zzc63_NwV~V%ui`>+oR>Ki`Jo>ZQ|Qqxc+tz?3c@JZ}A3qL=3^Ds$L6e2$i_anc@WI
zAA>uQy*K9}VP3S0!V_DL@&7_bQ=@?Wv$cu<$eoa*EA;X6_GO;@Bs?PFajydP1WHH)
zi1;`JnXz%}7l%>_^4m+(VIcH8Sw>8MoV#E4kkZ49fXQQ>=B8G2?C;R)B7~b<u&*8X
zGA<^BJnyS<HDUC+2TsOD7c?iN?B}vw(tYpG%MJ39@)<7An$fLieWW3L#Ji%)^w8tY
zC|Saq2Md_s3pQ_nAujS0>@HzBM!j}dpgXZiBj#no$q7e>j5!Mpxx(HJ$M{>H_S9B!
zxlE<aN|^)y&U&+k-6zq-MWX%s2W-%<h>()+#XWzj2AfSMXqzVgs@FZ0uG8U=Fc#48
z;$hXIyR=88CeY9dS(F+|G^BuqW_4zG4?Sde_8-M~A#}dm5X@YPTyKQa=XJX2w)*+m
zO1v{y@CeuLhA`is?rmE+h`7eg+P4hM7#=Gh9qs-BB6(;v55l+{x#-8~o8w%svQbfN
zKTg<pg}YU|0c(n|7<ry1NYA@7Z_qF^_M{D`mvFr@6^0LVo=0bJdP|Kk^t34wFw^Zv
zdVhp(^SyRFW}ZY49$xH2zds^W2>egAZ#`F9_1g=3FV8WjHJF14wCjB$o_cr9?)x(M
zMvZED&g17;b(c$Kevk9CukKFEb$dt*^NabF6e)GBb5-;>{E4dEm4CVsU_r_E?j4fu
zh2E4%C=HG48TY9#oG;n=`8<3DtYv`a6apr`(!0c-+9J3u>cCk0R(w&l=f1rW#8H$N
z+s<@6wet1b2fd|vRm0-^C%2$XUgrSqTjG_$5q=@}s86Ym*Mma@aeUWMu*%SN-hX?D
zE%AUE!XpPUhbAAB;l^u^19iY3ANJu45U+GSy4m8*m~4|z7$y`R``O?hP3Kv~QoT}%
zSzUCy(3aK=VdbFOTc#E2Kz}X(M^wsfE_6*ckGRuYhF$UIDDLZSJ<Y<;lO<%_={;A6
zK4TG#i!ZBS^<lu-Jjgsa#g9Xj>=|o(0A-W1{oH-={s^eU8|o*{2p6j!`<e4(U+16u
z$@IAN3+T>e{*qZt$0m{vD}jRM-M4W4`KHC>2VOgn_IZ+B_9(e3n8))&#9EEI6yu52
z2z`ww!Z)MuHUqj#!3?^gEAJ@wp4}6~U|VinFm$o-K3*5Tl=by$vfpq+8;B$v5NKN$
zN_rGQL}3u(-c&A4cA>sfmWDOkCKUWiZ9{#gak#IX*n>K=8CT{AOyfg8>)H)=xFxuO
z&_U|juX`Zw6fjcoOSzT;IjEpdSjqPBG(|VyYyampKxBJPxI?Z7yey?Xe&8y{2avde
zg6A5h@loA!T5u!beaqNQm5AJIxEb`OeX(h2E-EgEFHZ}(eYd1DdV~!jy;i#gVi-60
zyy9hsL5e}2^y|x-P$`6)!VeN@g+*w#MW}z5Cj5hx_7j$bo$fJO@c<?f-`UyDg8tFd
zwsVY55Ez+1F+aaEvWlFU3c)?JuXMI&4M+EM|GMLM{s!P~9^3jZy#q+b>xOR?Xei&W
zar4U+@&qiR%CCQQk&6?9*Qtd+oaXwJI5j_n!Sc(4yf5}TDT*Hg_H_44%$f_@tO@Pq
zf^kQ%upF2sk(iY5na8y6-~VYx#$7!RA8Qmx0RNfZAOhB~eA0bAZHkF82LI(B@9uIW
zY7HX<`)Qrid#E<IkzH*m|CSCn<;tGk^j^ww-mi05>EI#eDKBET*e@P+60hP12VPKl
zW8R4K;T9ahzsd6otKQK76BvJ^InD9&hww{>E}!3`okNG1y==<Ab9Po8f4hGmytM^}
zcqyks1w8sC)>y@a{Ug0_x|YG<2s6dwQ#*VZ%}^Ox9$Hc5PKHW>eZf6<PZ8n6-Hh*q
zA^t0Pt$_9o>kBg+6K_On7c(T2;KNo*Bb+}ZOm@gFqMu~!1}Bl%ka%A<Z8<GNwJz5Y
zVcz+Y*8cX+B|+PxK}`)Mf8s5Yh8({WWXG~RKtL1BQzl1*dllkhN4;R$iO>D|?}!Wm
z6b0K@ICBKQrKm$Tdx>n6D%6-)TlFIv%!OoYsnKh@O~>@cKdQZJp>U44r6GS~A{gqb
z<<Iey5xcPidwXL#7g#tIyKBKGcsX%^|4d0CcwS|7Xsq$}ccRCq-Yy$Gxqv^*-RIM|
zvotBotfb2xlbANcV2DZo{?$<AsINY$&l#z`72ST(!Dz9z)1ST<PZNFBxk>)|(d~-=
zzKbXs!>~WuWR=GWJu_P9KW!P<{c?<^=xAFQ6BK?odc3{Y(sB^?uYV4jaZoGm@;OuV
zeoBP<bvOTw5G_4@Xq8XPWI#G+hf;7yoQ1;T_oq9o-|B6#E>VD?$|MAwdqSN`|MvV`
zG-k;8hFzrB=hjrV{voVlA?NRYc&t4w7IKhAO!jaexfFT*wM$WrElw`uY>fX#6tdd9
zs2)TQQy0Ri47m2$z03|aYGd05(s~A?6w8%GdvbYxV#E#~Uw67^_i6>2#3Q52kK#v6
zm*5E{ON)Kyw#rXo8L_g8<`WKTOaxUBuuc<JK1G8G)Tg)>t_LF#m!g&`cc8h~M7>I<
zYtv%`6@Je>yl}R_f0j>$Jj1kyfzg%mv~jg5_d_|AXNz52D#Cx0yLhgCthUA~ce!8b
z<4Figbo1v`dlLJj;Wmz`i!Zo{!t|=Q3>;TwWr)=LKJJ^oV8IFP3(FVSL6vfILTb*Y
z^env!iQDAow=2x2xSc%`0CH!L7E;ek7-@h)g*n{#gO{pI;v2+2!2iA@Nsv@s_c?Rq
z=qJ||Y#U(6T)HWWwYXJ1a55$dFmSVy2ljEh?NAnBy~u_^>Ys#OPiOQyll%R5BhoJ#
zDp1EVM+VSAxLd4Yo6Y-LK!GvuFt76!Zs)o}`}=3zxW9G(uG3B<=HOYNuL!*|c9xBp
zPo#ciPv9>*cgEarl|DKo$AWY?jl<Eyx+-kB#m3hhH7e{|xCPucB|nL^9nvSb7zZnE
zI1mcWwU5c0%Yl&qdvEs`?Ez%>6op@Q9$Ib+q+7lq*C8PG&k;u829}zL%!RVUoS5Ls
z-VC3Fzy+u<{izA|Ju?JKF9IWsS3T<Zd>oNXz_tm0=$7Z{WmKMxku;<63oo9-b5EK2
z{tCk*&%7arNPLm=fP$+KQYlJjJktr#*!^64r3JO`b`!6a#6Etc%mq8%WDI{`a;dYw
zzlrc2{X*Aly<%Gxx6+%Z`LUnM{JGmtwy|Z03pc!PhC?5h4>$sNS?+r4=0>K~bdRfU
z`o~CSkjGLjyqKPYVASie1hZlCT8cxwU*mFhw8f9hgR%M=z6J(UPh}$=0Ho|VcZzuW
z@x>?`IXvD3;Nq7z1VF;O+V{HKS-QB+@5+LJ2ZPt^HUt-Dy0v(5!ss0<kPENcJansm
z+1K^w`{hj0;Us0KByFCrO;L@AGb>tA<RIgm)q_E9XK6@f-G4mOCzw;sAqnB9X^2Ex
zZ_^0_it|gqz+i`6b;Ylmb9j8zQ+Vyp8^11VRkubTFVgKfuluF+IY+RU!Sc91U*8R+
zOTB_&tkAgLJx+<_@^OX^ox)=OKrcqXJ4Z4g<3TH)WYBy=Yksd(jmII#&S@UBLLJqi
zyTowj#wn`2f-O0GQ0)z&<qHy=jSApX&a4xSo5Ia@U#Tq)|5S8QKzLFIzw?Au>Y7wP
z;I(efeu7mf4(K<|FyecPX_v5)_nID<!R1YP8v&-!yz0yqU*?C@!QHM};j)+aV|x@x
zgO#@?5S`()AacuZem|kaK<tt+dZS-jP<bw0PYLOpC-%`%Pt0%>@A+P`YBA!e@%1jw
zqgYm_+4n{EnOWzXZ#R_xS?2@ck3#pz=exw6D4){hVOsz0q|}B!x+i@<c>rr_#s0-x
zAN+?yEgj%qn?1>7slB`O=GlpSZ9gD-bcFGuE(zhQ&HSyGbKp?GO(Tgm5{W;?EiiCP
z{$`Eu;X#xuhOYJ(SDtpMzViJHNm#&Un)_`;h(V_EaEwq&1$LTRS{w`|epvw_fOREZ
z=3qkdBqS4Bx2ZhryD9rHcvWm~b`QZwo8{g{Wf6{^5VGr&um{5kO+^!n$aCe(Y{9_%
z)37CbI=f7!0I0rxJmOP3C8I{WM**CaUi+bMkliR1wSUTZtV*SC6zqK0!}{VX?v$V6
zv54SF*|5Irq%STlh|>6R-9maDDU(Mkjuf7ICIf;@+#k!8vhIOt^8y433R-^d_4{yD
zAG^W0&^HqPo%wyo7v{GSvGID>Mc7kgOv@{x{K!-wz*vG9-6!pEJa|ys*bf@6xW<(v
zK4x_`kOMyKKf7`zJ1Mi=E@xIe&*+KbLFN637ZN*(_U~#O0(RhZhsW<0yhOSqfLDR;
z2d<9z9Sl`}ujWwQS=qe0Yv!LcVlOqAo+X`pq|^{9X`^)u4&#*4=*}GnQ;Owtzq!#t
zEbdTB>bx|#?aSZS5&3L~{W{*xLL-j+iCEJU$i;?m)%O#+Tbe8qdEo%1o#*GP<h8bl
z-vjmYvB{!lhwjm6`7exI;lVrJ2DHbazTWo_C3<-MAy$3#LJtHa7~j&azi#RBe?8db
z4nT8HNfL&|PglEBv_}X){`Z3+a-ZU@ciDB*i^W;5w7JvWAEKY#BO-Osw~=3uSI39T
z=H<%6SYp-!WVF21*j98x*&zQOLpVy;IzahU>kv*vkm`Q@%*?ruR`};Y$Woqt>V|pQ
zV)}5X_LB?^Yd&sS!p98JI81NSshgMchr#^nc3!`<W`D~t1z_p8+()Z3F6BDDGcPyg
zKQ>x)d%|1JJDO0h*TPx4XE2B}8R-jTg2s_fA(#LJX}YuOcUPss<%e-j=Z+B}P`?8p
zOzWQI@9TnlrlT%p6ENCtU?N1<{gvx>`YN#j3M<745AG(OJRD?jtmO&cc;ci%n!Rs3
z!TBswq6vdP8vG7cjl9DU{(4dk#NV6T^O*6xhf%&Tp5QJe@Swf1u9O$2QzHU_$5nMD
z?*WvYcNBVg)a*#={WVklsJd@6<1lSXf3(x~>a~%7qw9aBPUGjC{UhnRwiE?|=r5t<
zM?nEef=KdB6hv}PU%!{xv$GQv5rM9*uDSuW`S4b>eATN~F*gFm4*+d{yfR1!7UeN%
z;r!)MluxgOj_r_+E~B0SG#=1?y5Fa#0B7$<Xuo^hmQqml;bh!BJuYE5@QFv57{1Pb
znmGX#%g;odpj#^hLLDX!_jD;?V&?JVEZgy^oy)1NE4Jjx-yUf!F^Heap*PIh$Li~I
zglNhsv!Fy$=P=MrJR*X}FGPFHn}4`YzcWykXctlPClrO_%tEhlpZVQO@Fp4i;E(6<
z_IFWut@1<F+r#9SamFDT;eykI({#L7@yACY`}S#unlqga?Gxe4Cs3GuXNm{957685
zlI$_(r`;f@8iRBMU!M)(3x{-A^)cy|=iwWMIl%X_KM3S`NN=paejaizu88@P0Rfy)
zSU;J31s@*|kcTjQB)^#iCx+^cJznBU0s-4OQzbmjXdh0&KCm-UGd@L!9OI_G;6PK>
zz`x<~(xUcE(gl-2nld8gCgSY_72GuKY3vcYT3Mg;^)S|E`rGzd2wVFQKYLhXXuFH?
z5F(<3Ydjf5L&Wk&6zUsuuk}jHV$Kebk(23(K0pNJVNxW1kFWk~zwNU-9k%TFhP&?*
z)7JLAG`GX3!3`+{8WOxW=rv$6BOPGfzSv)667Rm_mT6i2-v)4h2b=0g!ErwiJwgD$
zu+7s%&j<U)5*;d**#&y_t^})B)u^&`QRBU<70#n4KBrkA_vm`qupaGv>wG#4wcZ2I
zG_q8!6qkpt&Xcr%kg`f%4+Y*n@bq{eF3WTdWBJ?B7U+GDq!ueS;M7t*m$I1!Z#QVP
zS3or>IeQFoe(;|EJfo8cNK(lR)Rk<2%HSyyC*gaOwVZi2F9F^I7%{?iyKZH6tNE=*
zTa!omZXh81jAH<d9r?QO_|<n6^bm;#4h<I)=!vTAW`I-f4h16!BErT(V1BqmkO#l>
zld!VuhI1~pDNA6E*+k{8v6m924?p?__>%HymQm{6Vbw`eI}sNM3~NdNBZ=c4HSlG%
zML3QHs9@Ch2@TEI*w&-+`Z176Uf;&agoZN!4z$S~IR1J9U0ljKysqNqEjymleX^p6
z4iW$_^?H4oBIIv8r-0A6r!AuZ$;(BkAIGlUH&m`>e?{Nz(I0pX)qU^AUg~zc?3vw3
z9bnG!No4bWyF$Hws-IZnsPFQWluyeJ6yt)V8qRx_Vl9wC7CHOOU$<i*O21X*ygLDG
zn|3d^-n~oC>97Ql#CN{M*P|~G(B!_C=P}b^3&)M-kfyVEySd9DnjiNpuxJC;jyS;A
z+}A|-nNx81a7@(mjb*UxkZ2%~8PSnK9W#5N7A4z<J}!s~zI(upCIswmD=)ng{TN=}
zY1nbq9PB86A+1Qeyzf!aJJH#Q5iCik4y)MbsdzYGM|(QK)ZOzkfcP-=2C&#?Zz6Jc
zx6Ja5S0e3U#nGgYR8yD^IZ*3T2e6PazetN?mXi{wY-W4F6RGWWVk*YbZr}N=bL7>y
zP0!iC8W$;o5$h$hZuBwh_JIy~4_Y(_dwt%+*IV%ECmyWS7X&^&8T~{PaL<omyx2t-
znQkBOYm)YLpwk)-aR`okmP%?Q#MHhWH~(nqdFVjO(h{63ZY@vduzz?Pc+CyX5+_kL
z)ja{kj6}12U$J7BTK}72Au}jj>AHK$H0Gl0a-Dmh-t#t-BkqI8QIp{1*J#7b=#uwM
z$YLw!i>6WO<G$*5d1&?~ZX#EN76cE}(3#!LlTG8aw<UV(2%a9w1d`NAWAwo!?{__v
zy6E{_9iIDWBJjU|SfaC+)}?EqCRZ~Sj{C(7P+EAM6|QK0i{GpKmILuljqVis-1RLi
z7s(v!YBk+n7h6hlE(7-US+GYby?dS$-lh@=RyB0d+xopSdyiXsXw)oE-QiVMINCw#
z0NP()#7jF%D*V0M?b9=lv=)ofCAUK>I5Bm4c6TBJ#eIMIBo40eHrv}XugI|qh$~VR
z&VRlxBY8QBnt)X9=@&ckP$QttszKvoSTa)1rh7&0o*z<QLjaOG!WCzBB%n4Midxud
zu|_3v&IjlDR>?4YvhIzp`V*R_a%C7FRh*NzS_64PN05`RgmKSQQV`hN(NG7SdQd+W
z-O8$inaDT2M~{&$3l1un&^0s`fk>j@^NfY~#9iq@iPap+VWCyQQ_A(aP+>YD+Aq$n
zY<(Wquycf(FmcPiIdj^n$b!ec?BAieMDzIpS;YPlM4lU9g(MzX2Bq8hxlau^Ci-|%
z*n5`^{;$7~H*z2!ufaQ4$MLM>=nXrU_Wt=grdF?GdMt0zMUk4jAG}%KeZwQFXDR>X
z+>Jx6jbHy+?BktO2p<d?=sC(2bxCOIV4mjKb<$uqDwi_*2QNJ7tDqDtOYhlHt%tlW
zv@_Hq-|jh~TvV_wUQ&ZJ*Iym70?e&>4gsAFl}Eg*etUP)=Ix0IM}rM{T7SQyqRx{i
zTR$oL-Db-Q&e|q7@EES&m$RDMZmtrzSx7BH?3yCA$lqvgRjRg+<d#%zVC&A&nsmWq
zFoiDG)%5W#{A?Ralc4!g?e!OY`qX5oS-br*YzRxP^tTM!aUT=_oqzUn_$d2S2M|xb
z<WZ!NO>%r5%nW7ZfC;5%xB^g%qrRV;>-X(m%wNavk(1}3-Bj-yQ33*4E^M{<8Bav`
zcH|37>mYdSPwfM+(h!bNaqspnv=lBmD(a8pbimv!VBItI?DE(3!jo+~!z1C?-8u(!
zi62GGjCx=7r_yt$X>6k-k?Fn<<bgr|PJo5sB|l<c7U37@&HbF%)RWkIc=RVQldfqT
zpC&Q)2&Xtg(-rs6pJ4lU7*r_lT6jX(prReYKnfX-|4uiZgwGTn7f(Ej?)v0O*B_(4
z5FyDnff9;$T1F^i1}uUzh&~I~-$Pmx)hlh7w>><_Jt317WkM^8T<pkxW`Bw#r$9=R
z?tX?5nHaI(hjz4T(}PEaVbm=sf9dPjSC?f?6GBAJN;Y={C_zN^&W7Hglc6b}_n@?q
zifArlGFgC*alUWVNm~4QOYLV`9FP;j&!biWg>7HfvC^Ik;K*xc{gT6L_Q?3mwl33+
zelZvyQRR{#vZ!%^R`Bs!kxKKp`n6MEC+>#0i;mp<fsey&`}+t5%jK$c=Ia!8E|2(1
z<DNJ;ns58RSD{uJ5;#G)^HlU<F|&YKd~MluNEkLRUNG6x=*!Os;}H&=kpB2=7hS*K
zwXcm$fxJygY7fs60bJ&Fg}+*^LyFWf0pA=Ts{V#M60_aTyUA!Sc7iFkTCZ!=>m>=-
z!Vec>*ypa|_!+3hxutN}=-~@kWDKmIsL1uM{)vHUMcjviUDE1wUzcx<C1NRRk2}tt
z1R@v>P&IafuNx#bH~jxe(SDCLRb&a1rr`($XgoPEmwN4$^B5?;<DcYu5~=q58;G;_
zFcO0QFW<dNM_H>XrWa0-7<BRC+-W(#Dyc^&#*_m~WJ=sHxPS{!p)DN|?~tUXRu`3=
zqVPc}c5w`^A6Mt)j-IJady?_E?&hwXGDB1Hxi~L?X!1NeRWDCZY*6Kj@(NSl!=-##
zcH@pG|D?tESkg-luOg$ojhu6?#rR34lX!)?_zw<E>eV6x@G+s$bc!viPH*)StK7@e
zjXq38WV>IC@P@_-!j!k}6`lI&i!KxLewzNK7Z{N{My7uhzq_gTb7X4KNHw?Q=-s_N
z8L^_=2(>>L?Q|-1_DFn*{A%u#)ge26gZJg22Fz5+v=Aycp60{t{<4$HNpzHaNPyE*
zYLfYc%(a(DX7ppsO~MD4723c&8GnJTFF-=M%zL4)W69_h+D*J)I~^NNpW5azG5aQz
z1kS;E`Pg{~<b3;Gpy<e6Aq~rZI<(;e(YiYZE{l0&F$Yu;B%GGR0Z@#Af$Qq%?pgjG
zJMqOFgV(!-gF*!HoU|(6r9J0j8oqFP;Fur_-v!1?UBH*a5N+F|@TFTML95|GM@#}p
z`o1=402dnq_#NzaYQihAI7fJR`e@xu>94pR?$OI&!Sl8UxNm+@Z&aN85+nQo9cv%c
zM@>cHc|Vb5OI-KLmjvm{n76(^<$(ECVz2`)bxPU)7)qhllwg0mBGtUl)*;7}po9`D
zWS{AUDF*N<IOH5J(KnfqL*>Ay&pwM|nAlzgvxCq-{KxT{Lw}Bk*XDCN`L!T@h>21?
z#?9<DHIj?|xew*<_rafO<+YrY>NoCppdf3UQhYwt-zxvQoP93G1XYdv0wa4XdR^TW
zl|s<~-kYGhMR*8j05)<#;E3!;l3g2sB5z#(JR(APyTD-~w$0@{yl9He+&`Rb9u53H
zimTwL!omoIke8X?2iCtYHsn#M&vnv>SHSGF3D~JJzjkmIrD!0N4J(qC2=OpuM*OL4
zk6vNe1%Yhmy2^I^*H3^E$3Xzvdsu+su|sPTfBO~siDG`S0FOaY_HcfrAMNBzVN=3B
z^RF!vg6k5rbm@!i9`Ig5da_);J+Rq>6uV2$lP6e=w=%@3aynIy`zQFmAcou}+lR>f
z;&K)2INtB>gRoJr`h_mZeit@GG;z!6@VIja?HitZEVTu(g?ZNH!4D*iCD_e9*v|6T
zb+`9P7ZhmokVCMRj#$!k1ST+NHN&zQIOiiM@<|A#vl+bDQPOGmH!ziKno?@-DSayP
zkLyOIVox(pC+;6zNWQ^~N$p_fsAq_~P1>VB*^0jg-VmqxnmsB#=AGtA<Uyq+1C(mp
z<LQnh24qoBiNxg3HGB61kQ7v}&NDun6n}GtfUkjx%2AnyibzRT%?ydD-a^YW&(}?c
z4?WiITLXH{3(_`6J%A60=w{hS+h~CoZfOm{8`^1zW&cYb!Y2EA8DF(ezmieU0CtDB
zI$%Ug^ge9y^=(#q{k6~i_NYWV7W!%J_o+=k1)nSF*bvV9gS0%8FB>EAW@;B|pXEUg
zBvgSv$4|c3NEpaWpZm7&#q*uyF&a`dKe)RMVDBy2!uxtUJ%uBp7)1L|&HNq*KVc9f
zSt;{d&(ruY)KHJ+LHxgd503_Tii5-+vAvJI|4^RJ$$94At*o6c7m$MRXnUE`%MsOC
z3lnR5l=qO*n(y(KEBtLob9|0>_zlQl51R#buD0PIRHC_V#?<7=;}f9fi6$1C@{l*|
z9LF@u`;e(VZ5_rAnyTpf%qZ|kqG%{p@TX-M1`vq1s+*SE+-53m-i@EyWv~vCT9yX&
zhGOvPTbb_%u-9_ZT>xl)R;~4;o>$8$JLt-NwBsVK;~I?Ay>TTMHUh9$COBfv_ds#x
z=q7_rDdu-cdXyE+C?Pa1Q6T4}3`Ggi&Xf|4=&ZYJcXNUzzVqelW<|n{giWlQCg30*
ziVr}IQg-8lmV0oSGkp9n8oyO_G5+KyuD-Y-hzbCW6A@VW=c}eiZXRbg|FKit+6$v0
zY=Ro|a+Qsr>|sax<mpYy6%n<7;Z#Q9VT<1H>d&xny6>^oHqLq^PAsNKuL)I_joifg
zRit$%bh3p8O(cJf4jVe-T2OfVA_9xE>eRQkqC~W0cUKnri(3OmcVGOy5_rtnm|?z~
zOnkP0JbxZw#ogW~d(oOby@k+@ug_OT3M5!;^6_)XOJhdoBk?gTrM`K_RYcm&FT!8;
z1eq&fP@^$%%i%(wPANR0-05pm-@L)$3=lF@oLHmop>xE%gr>OT5VN_5CwyT|FSY2|
zPW$+{6cb2_-r)mYn_OT@fGRegf9Im~Ko<OG8Y6}GmN5szx+@`5A01v-JfE*I;^*#|
z5Yew-9$tMC!m8vlN<H??aBKep=0(eopO*=Wq+Tx2d;?o+jurY$O}<KQ`+|&zVCna|
ze6E`t)4%XxLELC$9x$8VAmsrWb&CGTD=f|8$60UHPd<#A(DU8KTwMYD0uG{2C+Pt+
zf_sG3<DZH?-3>3ychG`+9oy$sZi&mWsru(O9n{5U4fbm+d)Rt<pAZ^X!EK@)1gjh4
zFg5WYa<C$~oO^P*VnXZ%&Z#rJb+Eq|)5#C>VIV+lva$UbCiYvoh0JXt72d2g>GVGT
zn(0NsP?S2{n0j;30(-oxr+T;uzLLB=I+?!=tRMC{VNt~ObdTMAfn^YqFQdW!R2A+s
zLZA?jNzv!@RHp#4k>Jb>wnlBXo`7?`O1G>dGA_%9i@=`#BJY`oQ5k%D8cV+9^&U8X
zUhQ1{c(#7dm$ckNhwCl1ce2P(f_FXs?W@FSG)aE$<i&%RLIO$Ac?>)I6$o%D<o5dS
zw76LZpxAeLl3VYIzwfHvJ^>8G@#OeDDP2|#&sz-G>N7Y(6^I>$LzpZNPXh}Awqphx
zp9W3gPjCk5X6d{q8K9sn$#j4-!lGVmk+=6y-bJ9jKn1V8UFcf%PqHP{($ZLGC>K}N
z5w@H1{RkKrpYExg_L^(h*4;V(&Z#hF)*=nUYgu5Zws#MV&x}1X1#{-pa-iRee;xYB
zIgJ<f%h%yM+E(&Qo*6iUY;|?#F6W;D$mp}bMNvQH`@Qpp9@r*$2Tk<m>mpp?S7qHc
z%013ur?Cjxpi^NxW&!ulz{2p{`$rDeYzCseFs7h<?@5WUEXRHQLB8J9@poKn@d`7c
zrwsPuStDa0K)YgXuKBk56n~*vaz~^n-yh>+ekq7>`Z+BIh@Y5mr}|Uvro&&PRJsS9
zBs8CeBXv<8bUwijbPbKGa6siiFAn@wH@BwC+dbZ);wO!sy!geE9ROdx!r1{3Ve|Wj
znCi{dV~ev&<XY%arxw_w*j(no<bL&PO>SN**osig>PiFaSAlQljqhOUsGBhkgYzD)
zU;fp`bNUU){xtJscqSN>Yd9r%ACYS8)qJ#dA!IaLlP$lQkImOV#bsj8g9LaP3vcQ+
z;rtrLuAoN+o(q^~#<%A^G7cKe!3Lxe3F2#?ppW$DownaE4sy+~oK7mtoW9q(y`g`9
zg~CVC8(FYuVn-{g?j-kR&S3Qww2Zpn|IO^piB;7pM4Qeu{Tm*`1Pypo@h}PnUOrUS
z<Gx;<A@Tq;6>A8*sL;s1SW@UQ;~NTmyeEnlN5OeM&2NF`)CSpfj<tcu7(t}MK1|a+
z0+k&(ir`&mhSTpX$<1xX#BVD~mzC-gQu6n~B`?v9{R1H}Rdwwiu`Szv>!wIBgtVnu
z+B;#c{|wdi4HDj|lncg20Zb8I3tVo1ANpn3mkSfTDz7^vTgv78uQkFwA;w<dO(+Tb
zTMd}B80J89183ZWwNXu^wj|nPzvDJB@XxDn&&GHiS4If4@9`K>R#+K@fz-tI&wMFm
zi2&!D{Tw}nAM9XM*<E<CyGDPxE4(WAh#OE3$hzZ~S8smaP%^yVh6tv`5nd>L;vS-2
zFIY^o`;~yj6|?UTJ~^D>kl~b;mHp|2>(f+!By-e;=`IyND4l{Mn!STj!4Y14?pq|`
zYDvXPeZRBW8ba-e`<R2>^2xvC&ewnqHge_h8)9iaUL~WQp;cc>pr$gnc>1yIUZs&<
zdLkbT{uRlU1S-+7dl`&O6u9Dt1m2HN4&y**@xO#^H;IW<1r-`wErZ@pd{meX;)Dbf
z2lQFm$b)|3$qP%vIDxjCKCj#171mOGt`LcYN1;r1&_B?m?5~e2$zf3}F38g0h`_mZ
zpb(;hu|9qjnaAe!TsB4K^6slB<_%B{ewD5ne2Va-lyio)(tW$H=XLU=lzn*X%s=hD
zKg-crYuHmSWg3(?e(R|$O5`-c$U=ov6l`xg(?fo&zA$n3Z!hhbbYPP^i#~rg<@89k
zk82*P%gI<zp{H%}(#;QbsgnMexz?k9z-s9BB=%hSvBkIhJukol>_X9i2tUN-&h$cG
zApK$nVh#M>{ZD*xtrrM_v;@y<S)`xmoJJpTK|j<ubFM#H)#t<e0hvJ~sMar}RT~LS
z=EeQ^2u{<X{+)pM&;rP<;S&R}I`>OI^`c?~abHN@fjCwid8jX0+r8)hNWp#B_rAKi
z9zN0K9l}sFeSOx$U;C4i5^<!b;yxLg@8eUbkg>Ain~7he>?Sm3G_;#D_bIBo`Buuu
zJM8#!*zkZ{;vahI3xX~0%(p1K-V^AgJ<spuUjNiRZwyJ0kv4R48eTtCC~KFY-R<gJ
zuukX3&nM&JoEh`-`l2?z_<-AXDg5^ycSbD_5_We|A@$_A#DP{^x8=py&Xq)8WE;qN
z8iAI-ILhbuWj_&gh~=<?AB3+-5H#Xwb!*kM%V1E919=*L))(hJXSt}zk0mY1zxjSY
z$NI;7rEWv)u|trraPQD(7KyVM@|-L(Ec+Z}7BQVFBl}M5<1-zFj-yTZQ%}ZaHHUU?
zKB<)z0eh@~<X)a^v96QouIXiJixFZv@VsfqY&iN90l}Y*i^#_K!HudvaR)RnKDp9I
znYp9|1gE6q4I0qgoL}=~jMi{yJom5uTomIE_AOVEUEx#nyJhRSGan{Pyph97*X70m
zR*l1ZUYOMdNd@;4)-$JxFkl~6B&Np=_XpO`G^D*zYc-D!Fel&knf*?+I_qD{CPwV<
zfnAJHOYkS}!=Fc};l$w=7biYB{52^`k_ybP!_zp;GGy7E^#rvY^fxCptFmQabe`lC
zIVe#5xhVCYU7rNyWAiglpF9-rHPtRoZWbv_&sh?V@&J0JV0$21BE36vUj>a=sMII7
z0XN<6vR}T8FCRs#owh5avY?3<?-QX&pT7R1-#}GvqW)zSFYkWuv#ts*i&j9|7iujt
zrUKz3y|_d(-<LLC;g)j+$3uT6rRIhtcC*=q3N4*Uc;!D<>FDsr6G@qju#<Rwg^X*T
zzlQMO8Z2X1P?HCZkx5C=Cw_>(%R^;81^Wm`b-7;G@4lMAKHZ{^uH(5E428fWc63b1
zb%c*#xGatPsaZvwGN`_NG)Td4hM{uJ%k$=bTl%waQRmzuXJE}uEUARLS5EC2#se=!
z5rq{x8O@OcgZd_aHn!QC>!SQ1*80PBlVCC}!dm$2z|9>mRb!&gt10QvwsemY4LT~s
zI88h(2nLeW9YvE9l320oGMF9BCymKyT)lx)y$*O|JkVaxm9iY5fi>@bqA%;NA%PLh
zJm2Uh9hblW?5EPDePFQ#&XANqQs8kGt26KYiNh_%HFSl9hA1eu;fsZg$1i{W+>+nd
zQMmqeq}3)M7^dyzXua4B&B^C@ZM`6SL79R2<3rnxMIrmswx74)JyzaVp5K>z4NowJ
zYIm;?Nl-@7__ZUXKlg;%9$OlyzP9(N?J({6-cR{xGSRc~FJBM8<Le{1+Q{Yubm{7M
zpnU7w?E%-eX(b1M-;=5^9l}U8szJ>kPAblmJm0~1Jy8eZeeSQSrFo)kGd$c(n@(y^
z<(^#-)6M5Dbu&?%V>4$zrmhUHKK62w&^=9IITs8EQp`NKN(HcVf2i5pUO}P`S^QAA
zk=u&^vU1O2=YIRLy0b6KUR^vw(DTGLeB(c!{`@Ai+xs!>la3QXI*f<@B*1si<?UUp
zdqgW7r?jUb%k|Ma*;g|vPJx9U14#{{{EKb42n}quUtsTD!6m#1p2}I;dBjo|6#fXE
zZm-oN?vy1m&Ye)|;K>ia!F%Z^o>iYeRDL_089_|J6eKvX!S?0ZMO5}xoEgu&3zp-)
zJIfS%{5Wq4Cqga03|`5&=Q@4zfz&zo^PvjT(3Rp+7cyIZ!U_D5Bq{}-pebu2iou`A
zE^b@1x?#-2kQ6Aqn|9p0@WS<Msex5QY3Xa?@WF^SK13Y{UyWb5Vb4Xj_qk=hNx1(m
z+H*X;7k{dH5U8^ANSB4;`W3&YBcI5Q`XU%c2(Q@u7g<3nw{sw=R1`mDSNTkk7wEYX
zDt(Y{#MP8!C1+sK0Ftt=SlP=6;jn1ltBk%S-lWGbD)#5E%x(@0(KY5&1k>R%Jo~1U
zTk?Kwe)dZ%=Qa?`GlU4V&j25o`0l)PEg=(#m=fsU;<&=|lev@+(n<7ZEa$)cxq=w|
zXhYcH5ysY`MG_q5*XS00Lmqe6W$9O2P)&_>iF{!yOL-2bTlgY;?UzQ?cwM}^px89R
z1=Wcr21!Sm<=a93{y`3~jTK48dQ-uWOV(@n;PecI<wN#3KKrF8uAddnmUK^F*LXSv
zy^84?I%Wp1M-T<(^=#<~)Y3k}HB4!B%|FlE4=${w`uk=h{(eeZ$$&^*sI#HR;2A=-
z8b=s&{<W)}{^vX{1MHN}vdnv$TlssgHuEtDnX$_8f5$r!drD~UbYB7e8PeEXXy+Km
zJ$GS-7&MXJfi(K!bg8)8wGT>*Bm2iHoKLimzGnyMRttwk%|4HrGik>!0Idc1f8+Vt
z*YiB<1sqNeRC$(SKtW!}5%z&i-BMX*v<c9xV}IB+t%PNTJq=Xh#&?-ltMw&c$LxMt
z==(G9WxYHb;$3sSA_#u0V1Gb{eNc<b?TL9$?B!bSCk{ZH+*{rbPlwi>?fNwE(6*L(
zy|IJ{kq*Kp*wD)aG-zNfhTq?eq7N`O@>>av(W}oV^Kks$!o2%z+IS3$_)gx2in?Xy
zM5=OQN&NeU6$18!S3k}TUAA=eMycq^K&#y*oX6N!uX8C)GlYT(<-uPX^kPb9Kc7`y
z66a0y3ahb?4kr^}KCfb!N@(f9JM*=7Dgf5itDG)>*K>U3&=vt2JYO`7DyjL#_3wJ5
z^&1IS?FR|LJ+}8FZs?H@vAMiYCD=?LyjKj2?X)EyA2oAfZK1X-K*sG>P9}3Yu*&my
zYK{FydrFLq`CFBBak6>QtKV>qxj{;9iSTSVyTj#K?##gD7^u{CKiw_<Id;D{7weGq
z<E;en6)<DClO12W10;GKmPdF1v0Z+An>SpofaeYW9IB3t!#;iM!FfiYH*-Zyxz9OG
z@AAs$>9H@Y!(Y)^wIIXED>o7@+|}pK0B}g~F!0<D*3Teks_Yk=WwV%Tzmk!<(J%yi
zEIVbC`*51n*=CV=L4)fdpv#&)9=<`b?MDeT?x6;op#ldCGt%su#wXND_IY|TD}KzV
z*M#5ShD-=R-6qDC&ZG!HWnY>-MDh)UDWRk9O*d2W3cD2KLK1XOVI*mh>BX4rW}{E%
z5^=3pzmKoS-*4T*Ptt4%4XO0}Ouez3Ec2uV@^lyZf>^6{kbpm!j>gSC8Ag}CKI2<t
zu1iea*zwkMkL$AN-W(QG0O-o4qF(}++_u?$CQu07d#GS#^(3e^q~n)t-+JpoZ^sv`
zhH4BAY2GR*_+}ZYb`1GBFHfZ&ufNf(sk|P>(N(((d^(>TNp+<`zo0*=XI^@rgy46p
z#&>mvlxq2Vo`p}%>Edg|o%Jq{%b)e#IQM_91lxJxCLM3K!h#*LO3*3w60-{F2Gno%
z&mzmh(~xX%??S7L1Q0ZEx_y(7<4DhY@DC(6eXLme#g8GiydL6F!q<4Z`YI^dnLex6
zmrDIK^v{I?2F>XGJ+0@rMp-B6#B_oBU-3E^aMZriQPLYydCs0=ZZs$Dt7w`4bW|i>
z+dtU-mxg}$WLdF_ks-Oy(@MUJqI-aEdc`2wqWyR<3}FZ6PIk^wBhlE?d=lqgU5k3%
z25w^@a^1rJ=Ja&e@j0#`#8sd1y?U}8%;?|9f{|B3-B76ss3Hj4!#HM7D`j`LLg9R;
zj+YFlKUNuxKq18caj_FI@?yZkF0z{d*Kv9K{6OvMLBhjFwtMbQ$>mp>14=~3psqZg
z&^cX#BKL3%b0cj-O($~()F|=wp>HmWK#TO63<CFZ!r&3^L`2rd)Op`W|Fz%BiTN`o
z)jQzVH)u(>nTs#Y5v3eRHTbyGAbe!?e};D~{WEVrT@%(lBjp7d%wDoguuxA^2!R})
zRXIEZ7?h?9>C$r1Vjm|utV{7_KdQ&x4#=9NAOV`Or9~e#6mgw!66JeG@iF8#y|)ct
z;5LXDEeE^on@V0tw#wI)v&syz0<lP-Mq{7B2}<|1`Ie$n-xR)IowRklJoa2znfl{C
z8{{=115J7}N5P><zWeRj>d+nC`j(zGkD6?^DWnx7Nj#3y%{gXKpALu){(vdqv2akY
z_KNCvIhVK1oo}$``{rQ*y+ZLpugZ_CiS{@>&-aS#N4B-cwLV{i^s=B+XI@L1xkSW~
z9N5#TZ%g(uZ&ogr5i^?+=5fz_9v8*o(x}O<Y+D#y+TmhKT9>tc8QlZf8V4BL>@&eq
zAC3WQRrbN0sSLzZcRLfu6$)aQTOl3|OC2KV98S_WllinHdA}UG$=&qBJD0i^@-bk%
zI=NKNFe+)EkiU|`>q}pMNjw<lDwi}=sZB3QpV6K}dU{XL;}~HL0DQatBB#LW^UN2)
zO*Jl9<Bi#g+6!A{WA$}?e>eN2B&2KvT|2Kx(S{NryE!hfmWhf~Ql5Tjiq`=P@x!>j
z$ZS5n*9|V8BB6RI8drQnUca$VyU}S)%eR^MBNSK|*4?nAb=flA*7c?+pm&lEq<0L1
z)chl6a6wx+zSLI3JAj3-U#lwwuq#V|6SS$Gy_a28zfKr+A7XBBuMZyxL~BEsg!W4<
z6Xq+^c;m3_ZTPD)!O_<z{44a=VHLQiC+F9#hcYj5DFe+s!O6zn@|0?0e$5H!fsH5i
zQx#r6qZTMH%=(y5-LfJ&=H6a10~^hMd>+ZijPVD)Zh`kZmx{4J7ug5-e%p0cg>ipw
z|4&xpIm-H@l~fRxZLmMIK|gsfx8Yw>#@7sIu`S~%-<D*r1QHUPmf-)4LtRPuulm^o
zpvh_rF3?$@mwAQ!wtPfs!4M6s*U~VXxe#KYP>U-%oje{YQF}LucrITMXwG4gILbdP
zZc&SfFZC*><UMj&7<s6x3TiWPn+KwSa>=1l=##XUfN$EUbZR3hI)=K`1X0-!_3O{f
zjP{#Zc{~)D@G?2GOWX-yq&<nFsb1*eS+4I6B#!RGbw~K+-DFr?Mq_MYE)`r-@y=5C
zK_)rtdMRKe+D;)6@2TIXkANuPb?{TK(23dZ8i<C=5|vDoJ^-yyrMI(TKm$wC>4Mgo
zVz_D7{q#=IQ*(hI?DA!8tx5ZKZ=KTUHzcXh52;#a=a&bNt(y2AY^wVYPA9^%|Im~7
zK1;zd@f)bzmFT_i`BEL#@Qc`UW#m5r3~@R={T?I!Fw^kN%Dm#Vx~G%aT#lnDLF8J?
z9z%q!zl7tkW50br=r{5-I>P;)co>5GEDn!rtgw6my>8igJokhC=v5G!*L&@lpmn(c
ze+L$%F3dY=o^4M<t$DGT(~{-)-oM9Pm=);V%8E<qKl)@XbGh*b%}8CfK+hvh3Vqz~
zz8|En<Y2xQ!Oy*ca6<nfCBM2XO)Qg#;KQMV$SSzP!tV(RLU>G|4R4*L<h{b+*9F$<
zOCXQQg~i~}Qs1-SdrN(pRP>lD9GR&N0uWP3*e7-%wIa8~1Ys1-g|&<KSwL=v>kmv2
zAyu@Gqd66mjw(SuPhaOr|B76Xm%O(4P}1dhyJV|#7>1BjU(YV;%fh?tQ}!cOp_TZ6
z;3NL95B&kUC5>MuP98IaBd&_+zY?3nOL27gvWC7nLSyQ;ipUf8cHL7p>;@T^DT<eI
zu3%jwp<-&U`@P!GT>=>7;S{28KIaFKb9o3Txnqnj;KuC-P#UFJh4O@TzAW$8_OiMc
zs6WZI71c%Q6?${<xAp?xp~cv1{F1W~5fL(fv-#1zeIGq3U(C+NaGUz_TXd(${Cvye
zsaDnD@gAR|Gs6RZ;i(l$8)A8l%fZaG@ty8(7d3;mHr5)C>G_8`pw$!H=*4ugq>kxd
zjQehwaJ{3Ja)$6Hw3s9RD+0I&@klk+NdC%l(7PzxK93go;ac=(5+KK2L+-uzd_^wI
zWY!*Jw()1kNLxZ!dJL(KgONe92yRF5*Cl8<O@r~#nDRYL08{&*cYkX7BFxF|(CtSl
z<+{a_wm!92F_LQP&s0R4;cg`hs9JW*8(oI@a`}wO{7x?<3dM9|EKt&YLA<KGT^d;Y
zY)gCR3@$V4AKdLW{cc+}TLu@5uFlaS{`xM5X)Kp?`s_jPc##>-sYhD(d;7Crs|psO
z_ZRgf!u#92z<inLHqi24YS#k^k`Z98$3~XEm`_i<mz6zP$-5V8sy{tsAoG5sk17tz
zGaPl0zF0(%Fo~s+>~mr*Z^w8jWK;ut>2=OL_i*w8-NI*=l7+S!a^nVXzdN86bp6ri
zqlraWMLxKk@1yO+ov(hwd|2nrk$dpF4I;NZIss)B!<Qua&($cv&hTM=%!a17_0zt;
z_JQTK7$dra9cci_{x(D6B_1y7n^f{}vaK9|XS{6Tco|TK&CB2`4Q55M&)tdIoq9mg
zlGYht4yJNAcVftbiaEm5yO6+GeCR9-qnS=QSFiYE&(W~<I>k3$NXt@MsJrEIfE9`~
z+mRCRrgykO3ykf=^EH}%yFRE)2wj}LSqD(w5=qIWaYS8<&{%bjYG-8nTBf(2h2kCc
z?%|?hx-f`QT=%k7^nLosU-n2J<rvC(#OZh0P#4R!@=I=w6E8aJR+XCjuMh0Rr}<Ym
z_MU9&YT<)*hqts!LhhtLDQ>pBzu!^mIuLG)C}QDqO$&zj2VpLO_yHabhgA#HlnP#5
zwrfEnmugf9C@mY-Lk55JZl>;KjdrJ?s3|pKsMxgImlR^Bck}JTV7y^{TPPbz-oR3s
z$0nL1o%cTTo+N3yCz<9(*s*8C^2`#CwUV~@xt8;FOLb^c_UDEFWW{$8X8KvSV&UH)
z%D2xlC9aOyXj+?@fol9}dH-m1o7)x2&`@LR*^b7fSb`fOSg`M;;MH}9!SKly_u7y9
zV%|eSb3T*JSy5Ii0cpi2m<>SSdmrvNQpDl;0)p7;+Qm5bCVNf&=5Z6Z9ZB@%zCqU#
z?_+t{)9G-3Z`d@On0c5rVo=G7N`rf^#?L>?NqP7&TE)(Nq6I}hU^O9)Zw;;{-Jr*Q
z0GZs+`;y&sweG@^I70?-<N0M7!I@v?U0e-|zY~-kp6PSee>)2*ipZ&>gI}zYeMeE=
zdv0lMHb@*x4V>JgaKVY>h?*AYC4>Ni#R+qqh<jdGuF=AFp9y>I7+^IeAa_1J<l1|v
z!&^`IzDRFfblTwk_3NIgV2no<AM}>qDV;vdB6;P6?%zDeX{aY|Jd9c;jz15KW9c$G
z`C00mm$jE!>|5M@ym-v?T$rIy=-P`d$&>%mFE=bG-F7=2fn|UB`lCf4BiRsLc|D>J
zcZMS1_4*{@05#=bRa)l0<O&b`aVZ$uJPlWk86~&_p#XH!Cx#37Z+^L5$wblKK!|tG
z``w)G1|_N;90#OE4*S4j{#gE3eH>v_Lft(g1(EN2L^V~;9m^_3`Fy}7jANc;;Uooo
z`@<u}{hXSY$iq-SzE_<g15NMXROT|Zo%O#n0U*g8f_e{$ZqVkGPf>E;Py)uwxchvB
zYef4f-uFcLMfQ@q+WQk0w;^w!I>mOWJSLd^1h_-p0KiUMIth-Zdz>WY#=cxU<4Ad{
z`Hw0lQoqm?9j?iUQw40jE}~Z<7k!*G|HLVW92Zvt6J`1yfmXWwsQD6Xt%(Pv=5%J{
z?4}U%DyZEzU<+vd;*3gyRc+MLI^W8!MJSB$We6e7w8*Rdt&#h9L$lBL!<LnP`cblg
zf2LZ@?!lOYnWn4@7g7~lbWVI%fr31GD|m`W)N1&UPyA2DT5#xF1h1`NumbdCyr!5V
zgV&f?b!ENdBk<gONSPN-zyW!4M)MP@K%;wQ-Ne>l063xiP%*FW@J5Q(ak@=J7Q5`D
zf^$wE7?>4!Pf0L;+j4OgVUi9b5W|Ay{ox%hGQga3@*vhL9iRA?@8&oqAaq2JFP5}W
zgrE+_9*75<C(54$M;*t;;1HBubm0u?*U3j7fATgLVo3_=*O#Z2!&2kPhFlxP0b0-}
zLWJ@Q=uu$cC1A*+2svolOQy?57Z|gxnkHk2d%y!2^y_;Epe3B^jLbg7d6tfB$9oe{
zmB<w(qHTq?zBvQ=?h-0r22<7^H8*q;uaA3a;j@j@1>j30b??A|TfmSWH_$#$Yk)#4
z<p<nz$$|vJ|B7T2bDW`p7DwFnTyn3_2Kfm*33ih|p}C&N>#^(>eetf$dSeQS%$#z_
zVvQe|VLqcep5)|cxp@vqT*!6TlOd?-EJ1VbS=cO8Ald`(J`Pl#pBUW7$mUCsPD!Hr
zW7B-Z^Kmfriq!T}3=Uoxu<C>1HYuB2-wn_{nk2}EE$JhjqC+{$p8aD?&FxI(7u1rU
z0fsC6_*Vgqv>xT!qVErzS5?h;Fa5p}<X7KHOWXA6^Cs9+v%w8<k8zOo8?0JNpk9s;
zEk$3rm@GhRh&Q#oBnoJT3qMw<G)X!C!uMP3Y5muG7H+Vq&_1JMX)3eHo!hUnmrYLI
ziSYnv@;`rpO|Xjt(PIQ-v6mS%`dIsMMt2=;fb51z7s-XtdhIDP1{6!+*8XPoASsV#
zjGAV2-L&6Ly1i=EZaiqz&j+1)n^Pe-SYuG)cio;BncHA=`X*@|!VpO%3{`O2Cz*Uy
zKFUdc9xz%2m`(s>x<2bL_&MRQF97|cX5&Y3X2Nh8qI5X^_=914A^aIGfVnL<+pV{!
z^rb8QaBruJpS{bkPe424Xu?t3UiXi(mx@hTl_qq(vqhwi2#?=#DecP$@!}($_mBC(
zFjP^vn*;e?M&e0Ghb#LnFi>~?*05L4aCHap?yF5QuZM=7U@Q|4B%DBCOG6YfSxkk1
z$Ihgx9$_`M3aJ3&>E%&X&t_9vcq$$w^|qG-uMQ=r;a=H-<Ac1<zjBoO^&OW+GH+r;
z9v`b}aQ1i^(AeW+!epkoKq<rjNQbM&4d~Rl@$o)~<##y89YA*6OEFHB>RMUmYN^B@
zCrXhuqsc3Qy1>{23>V4NpjZCUURYu!Y(iat@@cD_Z}S{wWgsX*tY6k4G+906R<jo8
zK#?c&FwqyF8N-tY@brcn#FF3JyXn&P$M0a0^8%^|ih43GlXR+hJO19lsXM5vq<k7R
z+CQag-$TE1Z_Y0xZFV`Gn~XK21MQp#pQ~>@UfH}L`E2za(~QOw65)pS82csAfBeXt
z+2oD-E1`h*S5%f04Ja(Yc!qEGno4Rzdai#MaCQ8?m_3r;iE6=s6;JoiIh${7Nga~-
zjyH)^Xc&f(%K-NHtba-1bOz}cjLvAwLcLcuRa@t}Ntb)|)hNZ-cW>X_M`dyW>*iG2
zJDz&+gqL&B^vCB{*jo27-@fp?pKIv)9qRJi-Hg0bbILh2yX2W<jQ8#Gz3mQd0&#kQ
zx>+Hn;t9&AAk9_mKpHbT4fj|%7u=$~%2N4!91)wpUhjB-G(zQsr%inOrwi;SzZaII
zHC39E4}k$9EiXmiN>Qbm-nTq5Qwe+WJ3p{sS}PTeKY_%>-_X<)bjT>BdTp*)$SSe2
zOg%gS_H0kr(o2V*&(oVdzM_4C{3`)(ZcQbJbAREZD{KxGlrg{S>>h}7sSilWn9y)I
z@6xI!K=LYys4Vf4#0WNsIo<P|SzlEQToQo<I=@(a8R1cZA5=A<1MJA|{b)1rM+UC`
zC*L{-5~DCAXpTOK_fOfF03B~SJ%6*BSUOA$@LAhq_~L|>IPL+Ti`z-om-l{QC6upY
z7&$JRZk!obRA;&lETs#OaSgVA;9vYIgFq*;4{UA2FO^-(0vc9F+|9<0^N>F4CvuAu
zOt0571UT`?O=;85wbfyQW<zA*XeR1IpZ0BC1u`1*O3iN?5Ql4W_>N4&@A(R&J`+>A
zBK)AlFBM@FKuy%CYvO`E0?3&EL<^Y6@}5>uT?~OeoC?u;-5>{-)C--fSrGc_O<$(z
zlzvfnUh{9}A<3i<i0gYsA#JbHzTXxQYJdjjWiYHltU$l_$2E~bO?%(>QqGI8sMnzS
zA++)*(V~}6U86kf&UNO*WMRCMed;}^2iO)Ya36pB*7#c6l+?<@9xPGY`e+1$R+*O5
zs=Zf=A%^@shgCj@X8S@_<;b&_!scNNZU=Yrm_LtKj{{y3m5bI<#BYB4@Tno{1eto*
znA{KldUuX4d(C>!di%Ci?6ss@byr&Wm|-b0QVT#5%k?H5?Z2wa&pefTy!2PA{=Mtc
ze`?B@LESm@V>#fUJIk#g##{;ebtqcOxRIz)(~bQMQNDr>+`YW8Q$P1Jc}jI8Sde#y
z(x<-P;C&}Vf81>s_MO}-39P0a3MUV|F8$V}p|IrBh~9O5^-0h%U-XssU#<tYpY#A+
z?xirf^SSlo>U<`oU^V$A2$r81SC0pYW+oxPe8HhUA%J%B8+0e1$N}}`?-nM`zS+)?
z^}Y-(H8%^OIs%Q`Qiv*WJReYQPJ<3}W)k-5S%3m)^ZrKU%DlfHY?M^5Z>qRKE8PYx
zPaqh=wb#_SYDMwB^)*}rY$9#h1JrxHnA&Hj>+wb$GYTfwHJi%4uClN)*wFlV&Sg98
zXNBNkWk9n6@Y+`vSDJjKGamkFFO_4@WBuhwe{RI7k+?$++snwi?a>Td4kgeE5f@iu
z)I`*2ty{zqY5QcMAQYEO_}VM}7V@h9-JdI(nyN@z^r5}D&eQ7^_El5|0EUgmFLWu&
zkEdv#opA$8Xxu}Y6j&lwJ-_di6c%vJ!eb-#<te@;D|i>&yi49ZDQHmjHX6%2#9)7Q
z?%_M=rkez)-h7aSt4>Ynqdaax^yc5M6?(B`!5*mZIS4TF&Tl`vU@hkze`LYg!juEq
z^y_tFOp<Q3o+<E|LOPI_fbi$?-IBNSc6j=|Nl{!Xl5?rA7yb+8r^UjLXv287fhyf5
zR2ndpa8xK2aR;#!riwk?sP^LwX!^TpN2UtaxuDockmp2coOq!W)Z9?qkQ&KXQh)eV
zea+XdQIXZ)BjYOkNxSd)5Er3_|7Y_G@5UvEX{Ex9&Yvli3-+rxf)Im2D-23YI&_=p
z!Lfa0Ds?)OFg=atCX37jLNMFaV7W=!>kq~{&j~CwOk17@)@CAq@z-MOZppVI7>FFs
zX66g;L;gICFmdh>uJ+dY_FDAj(wv`%3fD{!ucAcT=hL^F_hB|%jg5adkY2|hd!mD{
zetV*DS8`+Q!8;!96+DH9v4)4f*XMhBX8Re4ehx)GUClKOxS(PaA9CK+HxPFh3W-wo
z8w)LYJn?}Bc;yxRBJZ(TX*i(8yqKq}QIoqUr%d15-?oO+v!C&k58>39!&s88XGnbb
z76GEEG+f`{SXQgzJHwyRc7H*I6C1hlKJ%pU4hv$_dEIFJGp!V-^!uV}f|1(|GaHn*
zqZ4dLUlNSm+&kc*w!K*IPXbb!U7z8u0n%f#D=qGEu##KA5q^Qf{$&{Be%#sjvpx8m
z6!48Q!Xb@dQK!SUR3{(yr$<;fhjPo`I8Gq;QHtl%<qo(Ce($E<N+J4D4J9#tFAycg
zv!BwM`r*Xt9d8}>gN-J^<OvAMU0X}vICwt#c&!2|FPCv3as1yY?eqJ(trEM(<4kko
z3CIqKpY9XWknPg<y#IY5YDl{PvSh9RQ!`L-xSNj2AAt?oXCFKv+dmt+?)xYBBYo2e
zCnBgw$LV7sh=u1WNhXw~P071YlIQgUp5)#YW#Q+aNf>?t*vH744wcy!dRZ756XjB(
zw%HwRUCsf}GbK$p#=a0W{)SDGv}{i@@jckX_s>+vGZz$3{aGLGr<|Rt85BDR#q!@>
z;7}rbV;@ZTEo-#{G}4qJqP=>3u-|Xn4CCwau?9Y^t%`huBXp8b<atlPTbn`S6gBi2
zGWX9f&v(;{W_^R-^!)(vgdKkCJj5vz^F0T=+-(@-QJ3Edz%&7zaw0QiJK+1}w<ir=
z!~zl%m8Zj<$Kfc97eArD1*aE0nIMJ(lln^lN?8$GuDQj17~#yH;50;d+h5*&SChk`
z=073CUPhc1-A(YR;BRE_v6S?0wJjWKMjJ+Z2pt`#9+MiL89qN4#gLElY2NRr{?k<h
zjpS62z(gr=UIob20`vXAD(IMK=!#h0FN%}gcmTEo=!h+g{&kPpJ7H3KwDc-)Xdt_r
z)(0cUxs}rn?4ND|NQx*f{;4Gr*e|qx$ipuoo+JG@d=4;4Jy<Myo}Bou_w%=}{Xmz0
z{uCm@pWJk7Nzj<_=w02fx8)RRGOJBOxYBf}vN7D8FyRl*#H^GlCR=<?AfZIcSjdcz
zX;kl<9x%G~<kN~)KUhfji-Yy1DAfu9eXdje{lUxT`t?{QboUe}z3!Lp_9D3_pYUhq
z=QOA6Ky!}+eCFVTj%Nkuk0x_MgHgoQFMr`x{(WXaeB$mBs>B5>8vAI3aL@i~|Cbb$
zSuf|Kx^?129cFx92xRimHek>`$EJG`i-m0P{;J8|0IsSJdoH@+EfP6NuQyRh4tvyi
z&p$$p_Z8!jyumzgAB}t5ynBby+zwpA;WR@vKIg8FXy2^{wNt9ycUF;b0eS5SAbq^-
zgEHSq5CVLXC&t}#vVs3|D#Y2AW)mwB=xRLiFp*ANx5^I~%3_BCplX7J!BBvBx#W5N
z-nY-q{Xp#Py5A2#spI>TF&t|@w1W6yPLNXbBB;9{s35+#tlkHFQXHQoz0VI^l5bg9
zQOQI<Kt?;QpEK!4>V-qb0p7X7C+IzO<Mvq8rPjrSP)XSer{i%y6Wn~^4)}TZ_i*?4
z{Ti)4JA2xY-LzMu?ie*CMofZL&hZb`@UkkV@)LfUl6{6k+a%lmY}KD&qwn|Ns_J`?
z#BY0fMF6n-pgAPHe-5*NxGhyM5XDR#-LCh!2+ih!{d_A*VX(!_9ujD=e{Wp2LaiP4
zz+_mee`7!$HvaJLc=P~w-Bs!LSgd>6L8u#hk*t`r+HODdthkS0x)zcNK=(Z`fB#x-
z{O7T9holC*U{?9M;rv*<TFX?g0cd{@L0KaVZ~<d^KX&<J^jv~(`$M=g0;6*RjgyIg
z@Ap2Q2yVZ6QTw?Cc-r%Xe4#hJ;dD>A7aQ(k!Rp!Saa@lOeWy|wP6zwT*!j;=>Oh-m
za^&{UyuB03<Mb2BL({k#x)!&!K({Quy9*TFZt3(Y_bWZMBqb91UYnFE?(hVUX-`+-
zqN>~{`dlkyQcawWxly>qe;!tw5?NyfG||Dem2!WxF(}`kD75k>usCkj`m=6LiC_wp
zukIi}fgW`J*uy@y9tih1SToqm_G1FVR(n3YEkz7~XL2+HJG|DP2Wj#gcjBhEJD;%o
z;^kP=Gr7<EJsLerdr`1L5iiDD(?9x4=GpyRP78;kk0!6#c`o38EIvQhU2?l?%%Pmv
z9Z4u9>#pW>grO}*8A*kZSl{#C@LV0&p<s`VHeNL=*1OFU34Y{RDOL9E6w(>Eq2iBe
z^CzL~B6Y&r+)UH)S?ZIGUgpVEK^7G%fKT0gMepy*5)F@Z)c^e@52q<|ULWzU+h?py
zNT8_T_(|M7o_}`)P9Pff7BhfjQSqP60<OZc3KF070~JJ%z6n6v2G9w{Bm92rY{_8#
z6&(WS^NA@uQjxKyS*`(^nre}Sp46JR*BW{>k@2ekUl<sY_1TUm_97l2`EFwaIaUuu
zIqXlB9{y(1v=@O%4$vL*9t8s{hKgpoWLRB(U16u-P8~_ZN)(y|LpNIdC!u{{j)H=&
zeJ8|Su(Z#7_+AM9@??Sa@pad-t;^tEr&ja!>!hFya-AfyyOf7H^Ffk$GdveH;9~`e
zKpt7tpzX2S<GRJMe^Q&Jb&DP;JNw7U;2T&{TQI|otNNa_i?l-=FarPdeTL?Hq#yUw
z>(MnhfdZcl_+(I}Sm*^%nZ9hLO6Ex)oeiCsjg}j$aKE$T%RiFNYfDuih@!tl65$a9
zB!eV{H%XE)AOc^14|CVLVa6;p-PKj6_94{8Xkns2zQ2F0k^+6PmuyJ|n{~MJ*U40J
z#**>A%+}<VQ~J1B8qBQmT$ob*8v6b2x3%0ahM}ONOaANT(>zVM!VvEjdq?;l3E+?v
z_a%_1V?)o2v~5q7re<yKAyP1Y-1AANy-9IPnU;gIM+WimH*dzg%CFxJ)18=>XC8Sp
zEVfbW?sF*qbj9Cfw4En@Uy~BWb>6w<l~2OEz04xnAj`(>9~p)tSb%0NyeGd=3NJ4T
zOgiGv?1a#HG;`8C9vAK-ZT9;)O9~+Pf+4BFoFn%G%5`iz-}rk|<^pz|?pAv-fu7H&
z(0Vy_Z5`M#7GIuh=9qr-TS<re>`4S~x7V{};}>rotn79i=6Ux5QyON;5SgU>lejj$
z_eC0;x@}s}><it|ZM|p4iTglhf*?QgA7XnLC;!clZdV`g`mHaLeErb*%Wiy`3#ePS
z7z#V-bawI|#dKPyN3zfB$l_<%ZdTN3`e+IVh3xgjqQx}cRzE{{v)rqRwD%>d3x(&o
zPN!{;9gfJYrk%G=jc^g=d?zgW)$@(G1n6=HF7Nz7waHcAi3Cbvk_(^QWT59Bg)!#l
zlK?xxmMtGSG;0rZ%Yg2k?_r;M0K8o6!l-y}bCeQeP~n6STLOS6;7RH9&2Xs4%V{jg
zpHRH5$Lp~lkzglA>;nmpe>Q(vgEWRZD4b!bSoEk9Nb|%73C}_DM5n+MA_~`ozM^T3
zwu}47tFd*y4Uk;jC8JUqwI0s7F6~R~5Y3{?+V}Su@t@r9gQd@C!QMx3{R8M?Ry0)$
z4rRR#a#aTN1zq;FkdNg$+!7w3mj~+%OteJYF)#M0#syeWcSPwu-pP19p8O$BM7bDh
zI}d!^Z!7{1oA^z(2y^q>VM6Wf8g;=uLr;D++k4qxgoPs8akYTkhaX8@r1CA18;mK=
z#>oHX;wikCWP+d^l)5ned70xccQFi#hy=G2?0OYRK{OE<a5dKM;!SXK)H1=k>?M0Y
z?E5FUtikhg;5h5{Cj3<QQ1T<^g#{Ls%$R7HN8^2A*bxMU6Mt-uPF%joZAu50{oXxv
z&It)T!0JE<?qs1Uc{<+@Fpj|jC_RG3pfCIKUoqPej;r`-xJ9HH(XB3aXE|`=TO%6+
z$E3>fOoKkyDnQJoW%t_WV_D4aK-=$oKUbv9n6;F)?Gd%7?+%7*pJDozg_CE%K(e8&
ze%qFc%s6>8WRenl40ESuh|g^;QX0;@$?;R4CuJ##oxpo3?@9PFLeVEXK|SdER8rnf
z-p9%JiR^dM4hAX;__2GatS@ekC_D}i;9#!8;VBlFrzfSzANC`X_`|-C;?D+fOtQd~
ztQ&;Z6`1z^x$Dm&IFWanhL@bQq8l5JE5iq|`n_u+yCkYP)M1yNtK{?E0Vi%YTQd29
zgEZ3n-ZtAqgA(_a^X!x{&)ytwja!J4JPqBC<e<+v+`au{qU)vJXWFXOh%aw_00XcQ
zx|V;U!G~OUHk#OkkNpSi`5Rq-0_7_Gg7V-YfJ3>rXkmTFv|mZ~-ZaWUc70qopmbW}
z6od-YHDGcI8^68T)kN1I^Er92{K1=|KPH-!gl&7WWL(o-nv&Y<2MVO|>3nNoZ7ec?
z#=VgY!L1*VdzWP1qN_%;5N094JM?EF3|fM@5Na2{_R%Q<piDetiHRY&VEuhpu#U#3
z@a?bSb#cxG$;#?Dp5hh0Kp@+I&wtdkIqJSX&jO0WobUeUHDEV)T#oUhOicKS&-O{N
zhU0f|e%K6mJ}_Ht?RrcsgZxs$iQbWJZ_zj(uW%Ce+h6d4r{!UMnh$JH6mN<gNoK>s
zc!w%S{a%hz54C>gV?vP|;qK2+&=seTn<z3<rj(?I2H&nRSx)|NET9`rZ%IE%RGdE>
zqy*TB$c+Y*ymHw!z~VRaPt57%&!<E=c&m&wY54)FI$a0~sM7{&{yu}QKYE<D)w`ua
z9?ExXiFakaVqRtcaX3GW*;Oc)U-kFt{N^ub6{N2TQ{f6Z;UVcT|594XHqymYfxNQX
z0+rhWbDd&G@a_BYH=YJTye%&M-)?t-EKDOZrJ=~fc?mtU5BHtWrFnkb^X(F}WY^Ny
zZHG6AZ`3_l%pQ(@UHr?9x~uV4ync^;YjjrY_jrhcub*2ebtdui|7<RLnRZE7%JCj}
z1@M#tz{}5tC-f-0ed3N={o?($uc;6Xd$2|%``+}cflq1_Of+BAB7jt2ozV7o*jI;|
zs0C0JD-EtJ0jy2$YfiZW&@7QeVqk$;62oh}_>z|W_I{8qJ6KWBxOW>L@1nL0?yY8b
zI@UPh0Joe)agTj*oPr<41=0u6oY7|VBRfy)Wtx8R7w<SEq~XO*X~TZ9kTd`@Vng}$
zxQAK6>01ize*gS_$kvYga&zwFj}#S~@&x_p_bj!CStuI_3g$=#S3Jx5$fH;&lgh**
z4o1`zs&`{=$HQ0=eim^1;dCd>B*G1aS`Syxwe3|dao|j6L-b|4{c@Sdmh?Z^$33aG
z0GEZS{Pp}G)OpTgW(vy+r@1jk6eRxq*E*ot&g-|WJ<JZ`^F=q1WjMemRPIm{ueMhA
z+e_#kPUJpM9pM>*E1>YAX%D>Q##_z!18Vk#1F1(XLbS*}Kk2?-ESDE~rl415-d<~*
zGvfG}Z|vQpBJFYW`lFMdxwQ?>(3oniI#%z~#*t7Xn3v)GgY(pEa1c5-MH~PSBVxJ*
z@&&1~S>Kclj!850gZ7Vhfx8d-!fw}1ZgU-&UDcC#TO*&plP>s^{<M<)WM%A`<4y}<
za?pLEE8BBnLufL0_VHpdXJIq7w&jP^l3ZU1Y!U|QR{BDUXQJmZjxG9w_)SBW>h!$K
zImIiybiCY8d|0@G5RuTdAII!CvS`5?UG?_eXD9;omReaqppaz#;k3_X`a`?>#Eq8I
ztL6|gypCm1L5pb>SsIyfsX550>Dl&-<|!C#J@J$bF~yQ{z;dAvwYs|3Qx}v$fP3)a
zihJqXs~x*kBHUWTmD6MLP7;U3nL2yL@4N)x`nt6MY7wu`9+G9W!5xC9A{s71EmDIl
zH5D&Kon`*MN{MRpQ?6e7WPwvO57B8<;=cKnPz)lO@jLfX^BuiI%cp*joD~^p37wu;
z*lCtJ_>~F3T7T3ZbkrT=L-uiwIkl~uYtDFay){0p%8!B<uEj$#|0am~cZ?@=yBhU<
zAlCKRw)L-WS<HoTl3Sr-hOf?UxV}I0m+DQ5*O5=Q<r)yP!Gyn(G+S$N2=HcZGU++r
z`=Kp+x_99<27#A(wFy)jp1>Rdc?<N|V=8gv&gzMr33qJ7$TNa4N4$aw!Z}@2a)5y?
zrX)oQS3(JFSB`Pt8h&)3p64<2k0iEYkkKAK6p=^s`z^E4`ntHa9+|-8J-V-V%G*;z
ze9C?}gqQ_iA8n9}QIHjQ5vE5woK-KR9G7IRhG{s0eJ@8%y<QNNu6Mg!cUy5Zm^SwC
z@L%Q`rW4E2KAf&pDX*VT?G{jXZ<lMD`8xZV6p@mOA9<nPLsIbkHGK~Nl3$N@0`vpp
z{pzY38fc(gkRCc+SMC^UQ_c4)lzev>*&C#G)PJqM6r38|(`vu0yY$Jk`sM>naCmdy
z#j~~jioON&5xY22Z4Nh8D=Ei89J180zM;?ZMYOK=T!$l@Fz*QPBr8(=eQuv@ZJ++0
zm*GsxN{2<UL+^G~+@1UI%#A5Np#)!3YF=K}n_kk%nR$xGRdCJj(mK3_aOp1(gv5ww
z9>BUhm2IFT!2I{wXKZrFe~myzxeE86%ldHd)>=lS`hoTuFj&*Fj#66b?X=I#i`;8_
zJwVJ-kU^>1mfHo@$YWGzGEBVbME|9CH4W=}06!bGLHYD32*@CneZzB8%If8auWwOm
z=-#V<UOTrB_i)2~uv|s~A3l~(i+S(Uxkt0{*-}{4yd)jc2N!M?u)>i!FWj*rru+N)
z1tSrrMBV-Pfwf$;^b@En!NT){Y-C3LO{LSbZXUnSIpXh!A_yJ?Z=c@Z!eR5)%-ARQ
zJwMc5Qq@cU$_awn_`L%2wEG*oS~q6oW;aV+>vfCt!iGxW3SLp5U=N!+Q`9P7F5^&`
zULbus+j}S??o)&nYdp*1$Q4F0sG6KY3Ey51wtj9K?pJ|CfOt5yCuT}L7WT4-QuNe0
ziuT#6H{R&0{StI*{lqY1tGB~PIR4jqVDn1Z&>jtUGdYZ?o+oeVa(fHP+CwAEz*ymU
zyojaAGY>9nTBK?3k9COTf|72(%jX7#w{dt`Heb9w17&+_Fy>_VE6Yi#-Mx`A9!^EA
z4H8iI+z*aKPC4o~C!1f#0LFup?}L~C3Q+Ay6F8a**U7oX*uXKEHErbQ`W>?9BI^M{
zoK!5_#_740x?{cjJQ_k3g8#TAaQV;Zk0e2X$QR{hItLo!F2}3t$7v*gqW$BDw^e-E
zt-LYtmFJnrm%e+mmU8jwTcHL=pe?<Fv+kL`?eq0-2YW!(stYN-Q*|teizo`D%f@Vm
z`hAF;<nJRVKUb-_1FgU~8JrpeCf%N+KS0MrFpbq~Ukv0s0R^$FjdU5|R5<mj?j19+
zb%)9V_rtXDUTyNJTmEv($0+nP2DS$yoG^;*bvu1x_JOw9*;qujE@@*D!vh&|3H9kY
zYR}F**awlzl=(b4S5Q_QRDR)YvCp2<yLRa>w(N=zLo$Ug4z^mkd&v07_z3`vuXO1~
zr&uU>VuCL=%WsbngPf4xe~#?_EBapZ$_TeRskcv}Pod+H)f+rVfk7W4$qE{bFJ;}F
z>)948AaQd8^dQ4~PuG0eFKMPM_q{u{M&_I5Zhql3W?jl|>E8U=(@uW3Hk1`lC%3W8
zvEHLfGVaxVn_XSLFyDcnTq9mWd%qO<T+F`nPw6<4(!NK4^v^JU4|6Xu^P!zy_Z#f|
z#wKmeVayo=y^^y!EB0^ty@J-gZ3;Y-+aXVuGXA>r`3?`Or}~MH4}ogqV|GN|d!wp*
zq~;BEcYTj*#dv12cGzGFd)m8VSx0zvI=0Y6R=$THT)AdJrdIUbsVG}&tJ{4mUocOJ
za2)Om{8f+D_6m$V7vrn?T=%cV^;yXB>{W2^?WT9DEuQuUCsL@?A1v{9i*2!wLzj=t
ze2jvmyiQ>a@kHiq{fzyI_-g3U7TW8cxl-Es1?Bd;J8msTvsm*)r_|GsbN+E0xo3d2
zo6^0`<(z%fbRolre$BQtI8It|%lk9^oj+42@9M?Y-}!?=&&2u~8I=C^72?;(1QbQp
z(~#WcD(ZagI1WvW`@9WV30a<gc~Ebso4GiFT6XA0x#D`TdFyv8_j!xHkV~YlV+z9n
z6S+S!K`-JOZq59A#d8YLw;X8iHtZAo&_P-Do%e`GxwjuMZ@p5uC-+$^Iw|You5(GP
zD`L8hzyQ?j?ejy&8L^5#VgkLxMT6-zyYSlU%@tSS`NGFnADcau_g8rXpykX)l+^?I
z;XV%ILi5s1Z;+o>l1X%|1<tv2rrp(NS^$A(6?YrxEfI3MDF&X$hVR*99HD2T2=YBW
zn)!HB5<(dQb~1c!i@Nnv+iWNrSN3zy5tIW<7gbHt(5LP5KG|MgJap!)aWDB!%iq-X
zZa;dBW61CUFpvFSrYJXqkH#g0DS3C3P|Q)#qxNvAx=XU4IPrN{!dR8OhiS+#V~^_$
zuCO`DKplc_0Zv-BFYT!sN)k8I-+bzXhCpXPm0<{fkh}BuA@feR%TgFlx~Q%m&1gj1
zLv23fc@<3ocm8LQ;f6f>1rBW7X@01s76_<yRL*x&XZsHx4CCJ7vi@{QvjeHH$TQ2F
zFLcPY-y_-aCz#<%LApo7XD=cB7l7`4w@x;kw?5he!)+MMU1CY50zy(hRNC_IszM7L
z^rZCTPJR*MmI6bi<k5bbhj-v%>zBKvg|*na7#L4gBZFqpmEPmwE-)D}EAN<_-A6w{
zugSto=rUFh5c5ta8rhlinp@}K{Yi@x0x9KtG?LVuPN&#9grlJW@@et)vn-bJeBEFu
z<U9;cSjggH-994W7aoDkijtqU?iYSs(TcC_2V5<+A^{qJfe=+Z)<WMyp_KM;eUZyX
zW_rAmu;|W5ou5tHP)}bsPdv7_r+|*FH&;GK{mT^jLA81b@Htr;F1Wgt;ZCFCS6{z*
zUltI;O)wGTbL&+H-#xK4_8~B2{Mf_a5O3&^m*eM|J_7n@`2yjg@ADSU!@Y8S8vW|W
zs64)I0JOnqET4YC1uDEG1F(=8n?nR-+$sYs8f%iMoCEV!^Vc|&W9wu8#=bvgm;jXQ
zdP}R(5jeU^_T8>{ysU=WfAcf!pvU8VpOFmf7tJc?iIk;7y&1Fyn?G-Ql*Nm0$l^s&
zE(Y5RGbp*sqOEZj9X?Q>L?Gzvm(U>7Tgt0PQqe-{bP52NIQ?K~PB9^nne^0qZj9de
z2D#+bYT!&)3TAp+KVD5t1U{j%93jNRgd`3JTdZ7Mxa_!)SKSP?rbhQCWu-R9eShse
z7)u_FC~rS+_+sN^0e-+$`#YIi1D;R!zYG&c<@4c6x{$&FMf_ZPH*AjkBGv_$!-X)j
z%YNiHUD(|HRw2H7N7r*q2`B?cA!KH#8K`M2d`Nz0qwi5b#6WFOmEmnUt5*aP5!q<r
z$!pX--sqciD1YYZF6*qr%D<hgDgNAd+k76M>r$Rhg1g5KpW8Cv#l#2p9Vn~-@{3=D
zGOnn1c=4=592Ma+-U1yqj=0Bpsh40MQX_+Zd>hINznd>sa*tAiqu*7N`ci4jwup=X
z9zl28gK5nt1f76wFqLh=fUZ@xcaHE?dBMZQLEpz@-JoEL#fUf@Ym=zCCw$bVi^TDu
z5{7NJQu6G?OXptEG_&x_M7qx}C4DLoVzQ27$1470uRLM?!h`#SE!Y++zQ&YSX%E>|
zVCeQNh=OKdAmrZmaWJdrm(JZR^S0}YISysNHBQ4yL9at7+mPd4fU2*N36??=%=iV_
zhp*d&92(}|yov9nKYOv~E(aem2`UIR@i61;JY(}B6w#wF(GaG(8oC`0C-9CVD1KyM
z$8%|4G-=T6;`h+GAX+UjJ<^0b({ZAd>c6`9oZ)yCWl2|?CXEDZ(iR%4)qmZO_I(A0
z6~fU%x+CH0tBib|B$3Jz>iz5whXj~kqZ+==y7ab><N|k(2syuMyY^q~uE55)wo!I~
zrNAi43urBWmsS=wq~0x(_QG_!?cseCqeRoY$mfdw_{MqW?HW^Ydo>1Y0NdqAU`Z86
zG>{~c&FHHpW|o#8zT5Y?lVO!Hm&4;HX)Aao?l!9Mv%)z6qLCP~7Rds=KgU;#%YiLI
zi^yM}T_T>wh6A4RqJJRh*e8mQwJ^wKqO7FoqA>ly!4@Dm$&M@)`%mDYVqgiYVOWD|
zd!8Y|7}X0GAVLoshao%HD9ru*dtwp70|nS?`~rYeG?leYw8>D65$J?7-`bQ#B1ARY
zdoP50Sonu5cWC58sHfCv-7j*qFB;-9?&MPAjB^OW?TtPkna8A7BQu^g`v$5~jre}D
zWhJ7*Px-)gxS%Q-qE(?qW7dmcCS=?2T(2@UFTWsz`tsV|X$8yNFDM3m{tA^GE|VKh
zBTJ!;{aQ9wJ#dgQjqH&DnJ>uz69CQqg@mz^ykSKj`ezEhCT%>i*YoX9UNz=c>8_V#
zF3&CS`J+YF0(!a%x3*C;J10Nhy2^_Bidk5Er-<G~G8C^?R3(@pVE92ZW1t{yjyt~I
z$acpuG#-)!-rcNQ?rb|FO5l6V8-HRf%8F0k(3(0O6WkzNsy}TI=yrSNN5qyyB+VQ0
zd7Uk08cBP7!+_F<QrDc_pxA&L&e6Dvo{$llDlHNYg?K=1;nage&0cSqsFWyFxclcc
z(Q;oQz!EbVH|G1C)VyWzbM9kb{LJ913ow?hcovv1B4E#8Gu)4VpxtXS>Bws56$EDf
z`BrSFq-5^#mAl_Y6y~hk{M6?8d@#``&N#1hgW~-J&NJTOxTw;zS-+B#dgVFVbj3Y?
z-><S!;%eVrELQXYo-8#{35l1%WP|WqH?4g<v@tZU?7@U$IXW6tn;&NsSWfnZsv#5R
z1M3H`w%78jp8i|`)`=H0H$crZN@8f5-8uHqyNRm-l!qBheVE|cg|nwXzGv(>+N_(U
z^@v6S=W2|LUvdemTl?VxdCVOB=&`Ql`ND}vEY7m0^bF9R=bJ@To2r6g1gbO)xS9Ny
z!1jPB(K+)K9IyS!Um-C1=5V&vLwD=KJF#BS;bh(Rgva|dcxY;n_tT<}{NMyQ!k(Xv
zimiAR_t@vdd&)>yR8UzwgE>K>E%MwJS1{&?)MUfcRfZdGMQ1d=pfb<0{;Sxl!9<Gr
z?7YKOrvhwe9Zj#V6Go3BiQkWPSA?&^?(b>9gJwrOiIw!=qq~zF#<Xp~EINK^u(_#n
zoX!WzAGqUw!5;u-#D9<@u*~$p<a~4)2;xsM1r#)F_Wn94E-wcg(S7L;=AQ3-$DSm$
z;e%);W}q?F8AUg=vQGN$Vj}s1=nFArUd(;$|2D!)XSz2i1KS0Kp1p=}hF)(-LVvd5
zLGr&JeAq6=-bExQ{ZHMBs^(RdKhvv+DC}o<s2kmFy}(o_uBdf`M8<rLWrZ3yIt3**
zoxssMU?(USVgKe6oEat)V5m1mB}#*nb~Baza(yX~xA|6n-tOJZ-u8w-k$DKszTSqn
z6Qy1X&E$xBMdSw^9(t~ftNzPB)nXbE`NM`27P*{wEZzHOJ)iih<?3>v@L;@v6yENz
zA}{ssN!I9GJmco4L-fVa$kWfM!?dUt<_3L4bL|mDG30)H8UzNRcV%ZIX`eJU0n<c9
zxP66e_^5V{s5LW{&b*UoDRD!J<IA(=pI)Pnt{cUaNyk24YxuH$3Y2}&em|q(r7q^@
z9MJM*-+(kf&D)1vLks)oJbX&z;T#K1frA<HUPkt}qJyW9z7L4;CA0q7`lSnIMq^MP
zYOuYn>+iTy!%vA<<Ciz@X%$uiRc^C`;S5^l@J;{Z+IW5?OFcHsOM-5M485^Pow;Fr
zz$4}>GSHv|ZM|?I&Az+S1d&K2{T@RSZc5pE?B6pP2U!dPC2Di$r&*}>df(5*CDzyc
zZYZbguOv7wC!@CtCBiHA7fOGL?%8r_@vAYn8GO|r5*T7pnu_U?c&>hX8G1!^^e=6*
zhm>hLf|ol}e>#%O17Ptds~@G)>BACP-OsL{?N@}Y!aa;|-dXs@WGco7X?Z*@46y!J
zK55NE{Z8KO^IdaiNBk_BuQZX7rA<PWP!Lx>eU;FJmOL_+a*KzDr1+snHbwMB*8{|D
zgXLzqx?;zn&Tm#rseLY{b7a2TQXdcr4c<rJ)UU6f_`X4F*!F@_CO%Bp_r7E|H1OEx
zHB53bW$D?r@d0u9C{!%)Bf2Uhd%!7C>`jTAdwxsquQuR~Wj@eS#u0%U{(k*kd$01%
ze>zMqdHflkDZC2Az#A=r9})&obfNkE`o7zZ!BN!m(Ov(|)!<Ma70Hn}yrTf05?GL@
zy>}zO?5Z{4&+TObE&j6`Cn}%&F=qk>{7^j~DK!O6K|TLzFOTzlUajuaLq=TK?9}8c
z6|wu(vW~-PKiFsLbr}=?Au_isip+Eu5Ldt;6XYMazg{`*BC(Rmnzkpb!!Gw#QlD8!
z&9jl7$8Ttw8NC-BLx$^^`+9(dNHj$-EO6)ZYez|8r~A0lzuB3%I?1~?la@O4{*x6@
zIPb^zzK;+VVW=p!+0Fo=@)INhxX~pCw+Cil5#nQYUxS*G)bNqV6E^Q_sPutlx6kAB
z-5V>#$9wxw<TUt(dhm1akRk*?SFxQ>vd;L`rk4V6OY)!Zo#U113nbZ5JqB<ly7Ckh
zh3IiAttz;qTJ?INzHkx_@FEO3ZUHWM-wkP}$Ju8KmP!@xKwK|$e|kL2h6qo;xGr0n
zy>$E8LQjjX`-%>u7W0p3gQtGY_C~>e={e|+Asycfw?GPA!zRp&F=8&ri^3-u9Y}XB
zAtBcZ{qF<qGtiX(Nu+CO-+}u#&}TU7uy;Fwxlbnfh*l>4I0Jw_S1`^Y5wkB(@~2#w
z@*yJ7DIz7jpYmK{9kFLgG~HeEEbiRIqh80<&uikVbA@Qq&u114Ftzg7tIAD&WCzzf
zstWVa^yhpT`vZ=!awlmUHPYNv>R$oTGWk%_S);=Nnk(*j{f!YO{C(*fEO@|OUG^d+
znoU5BzGq=}Co!mXU!Nf7WEb{kmbKiw=FGfZKiaP$0{ys~#XalykvPt{!G2!!qL9!K
zx8?%thF8&e#g{3lE`VQh!n>7tnt+x4%>&5*BIrB9I6g+<<@jn8MfxTk<vH`VC15)3
zxiD=HYxLH^X6#J~d<-Go>2hlh1=y7g3_q1TD`ev-$4z!Vsp=W#8PlnSdl1hTjCly0
zcU)YO$XMUs$8;5L0F8@2<2QkpzSWYINYCH)**Dm(x%%^<7?sL+u_1C0KVp5?@It82
zmgQCXz6cXJvy&?B8=C>l(dUswXl4-3ZNV)}WlbyLoIh<2mGK_mChW(i$@6k28~G62
z_pQybq~<{5h8e~;{uS^QeI`3U3IwG_dtFr*VTQ!)$m<>!yi}+Ev|!cAGz~vzAKhmO
z?Ms<|JC3K0baf>|-^hPG_riuRNPY(z({Zs!l}vVvm>Te{yr|w%%nnuNH7EqQlv?e6
zG@^Ux!pMk#=#uYZPXDAHt<PI$9Y_xK1^r0<%<pq-FUz468iROd>v!xva3>l=ynOd_
z&H*Qz_9!&-dG7SXferZ<UCEV^lA0_DC~sb`%C@q>o$ty}1HOnPJU?P1v3iuo<u<V#
zC;<oQGh3Af0c5KE^&1_l;m1?Gs&+|}N$=%K?14|D_4}3%KN0Z+*QA-<gNl88dxY1o
zmKY)IR|MnW^Vl>ftaO&#3WoHzfbg2AJu5m)!*z1H3@lxr6(V}RY@qn+_uP=bQ<sQ`
z*-F1KzlOPwdvhio20_<o_#@3sAicakWpjmYaj$T~sf@4Ccb@q8F15ReRN|2S(0){w
zCl3ogr?@AhKLAZZG=`s$K3tWz)?V&#S=);$uu{iA;88f#b3HbXX1t{P)5Pr0JEAIU
zlefOsEp%?@rquK*vFQ6vIL`rd`z6>fyKCKijT09%47|z+63SZjR^AArx;@ZD*pk8d
z7aOC|@HF0k_Wx?t-fSL<STZL^n*b|B<O3Qlm-)!ud)Wxc5U`B%K7-@yK>{aR>7N^o
zq!_yY=^HCGecUPK<I7Y1SV^z^{w>%5ngKx-)x;j;Q?19E)8;{(!%^KNY-AWi|D|=z
z9U}~njxW5@>6B2X9<cyN0sHfdivt`)m)|c=O~fPnN#0a{a4hDxA3cHcxAPyirH>T3
z!of~9qX>W7*){;?{G76wO;_)U7T-fFUDVrh%3xQ}YU92LcfxS_0X|P2VXD%Dt|f-w
z7E7SGS3)xFkv2D=JXnpi3`w*g7JL9;Owvf*ZvDb%0%W;vRzC0TKDP;W@!fcN-kP-_
zoDW}vDRb-$d*KExgBJsjsS_`KjiReuw<Ex*XTE1TSZu-4v)pHdJ`)XQwi7pC2hANZ
z@$6rBc6govW#Tx)wBh(`VOkSp(<vb{&lMV~i9D4|W9~%nEBWYBkr<i+WIE*0^PeJ0
zC!Nk#b*xh3fR1NYeY&?wJJ0#v;HE6TWd4FcL1G3L0p}Mi4`2Z!UsI`lu^MD|G49ZX
zyRnuDH;pTNTtK#~FMjhX;YxHVu+_yQoVCSwQz-wT5T~mEa~L&1t!tr)tapDV^MwhQ
z;u8jnr!!VlN>~+se`OEQ{ocUDx=g4}da88G6jKv+(1$`W@}KNV*`4LYBryj6vrhTr
z9L}pJJ7zq~Gj)Gz`tY-9idTULKJ|YtbUcPCr9Zvt)HUzamJS~JaUW}$I+J7q2%gN@
zf=*}@#!SQD=wAhX(Oj7n5)<>GmtFGG%H5M2=K?PE_#|!|OgA*W(Zm^C0wdZmSQUwe
z+-RTKdw(ML3lv+JM0yHkcKr<+=s^dv|JIjN=}9RXYs)HtyOnjg@y5uVQnHcq^y)B|
zk+w266W<mbYmx}ZQ8%NmfGLJzehgevN_JMx;_AdG`n>jc;|Xp&F_t~UoM9qQCd)pd
zW|S(sNu0T`>Ge}lnR)vuy0-M6H!wTla=nl7gS*}RlPvAa*)Otj)<oh%%pr6@Xigxt
z^FHq5KYx2edhaI(Ab|9U|Ig9^HTx4&X6-1<@G;P}mOQW`fl`sR%1-Bmuk=?j_FlbL
zcKDR2W;1)a<F|`{5rV*Y9UhT$8G+lIVJo&DzHdqv64v~&-k448-;Ytg8%Oe6)bBcI
zh_rjBSJ*yOwej(w*Ey5Y0oqTXp}d#2f4Dk($&?d64<BxX_``Vx{TdeO34JgY*{n{r
zdTSFf<%AsGvyP>CPW&rcwGQ*6mS@y?J}8UVF4h94N0`$_aMCE|E898MZy(B+z)hOp
z;MJFQ95Jse#Ps%-Rd_U9LI<c|iNcZaF$!Ilc)t(i6R@mCfbKx=IP2n`VFT0^#OzY?
zXCV$F!|(?8Tn;t|=cK%6q*41BD?d?x<IB(ak6ry_8E05QN9*kiNcyc3&PcroUJKw_
zM^=i-cCY)|eH01(&=vhYRpX!GyiJZ^E-UWFyNP<QStckoCiw-V&_Gc_VUiaG*_RJ*
zy*S1fyhC~wq92vKGNXN7qc77~@5_Om>-LCt!z3e5WWMT!u%@sUBJM(!pldG4dst*r
zPW1*L%f}Xie;c{{u>vxD8v8UAsMvPIf7V*>Qv=<Y9H<P|U6CyxSPv@etm?_WgD}3V
zR%(S3V$u|O=bE5FHTbGvg$B&H=&x!E6W9Fk3;WderSgX^YBmUN8K)x!@M3KGY3|zL
z$`xogYC}HA_~IhhPrU-IF7y0)YtGfAdXT{WoWoOrvZ}KT^JzYtpt9swNMDw#e)&Qm
zcf{%JGWHVkLh|vSZ@xpqQh}^=_%T;6F&yG{=~m<6-=SEZUn&CT6X-z99=ksw-Anfw
z9naVY2s9EW+vQ;wZId2x@{eYZ-oUnDj+s5Vx;6-4lLhwL@0W3*$U_9#*2DNg@RdZb
z$BWGD=JMO_2(rPUX4UEZ*EqNiT+5<`R}s>rL_d*t@S3ZV+`d2qRE7ZCI=o!WdLQqv
zmH<81@+v=Iivbc#b-7uC!SLRtY~%(AfJ8N_SZiaDzT$fN7;6%%-v~&fk0bTlRSIA6
zab1`>^CqYaPhkrB9qeMmS8M0^jwhW|sRF%Q-2TOT#=PC^LbNZJ?U+7MF4>nL$<WZx
zjyd8cDz9gsEvF}_$`9hb5AKxmJomMs&PPoZ>|FO(6|V~GQ}T3p)ZtXsd4|IKY0S*_
zEk#ddBWbpI(HbrkSO<^S(lyNAzGvT4%Vsmg3@hDOnvlp`E{kEMA=?b7k@s%<q9%eq
zg+x;_oNFOAxx?E3aa6<`dFWne*+19`XdaKJ<OZijbiWDHBZ19i+ZpB94i}}lpI&Y7
z%!ls%3|vclM+g30LTi=}fYF^ATQ->WnNi5+?rBz$tQWIQfBH{NA_{HY(U*P_U-x~e
zlnTa7nOdt}6#s&mI=I<J0><4OrOw%x5KT>MYH^m@erFfBXzpKNP8ue!yej3E8f&Lj
zFtpn)_7&oJYkxbNxh+4|Ri{@azbftaa5aGnXn2G@ZE`zEG^t#&QF!;a=Y+joQ4N|*
zhV`db+nWWQYh~?eu1EQ6Y>VE&^&uVlYO8`iR!_eA)GuCp`l)l$tXRD@iWR+<Fkp3K
zg5-TRkm%nB|Bc{uJAYnpmcytJd~gK}*ao&;_XQ+*c~;0L_(|9ry^})s_F1;N;q&u*
zGlI9h@GL=(FO-BiUy4e!;DC0x=QLPrkRbDKuIYH}2u!W|upi*-W3M>@n<@UD58N;j
z(O~%Ywn+nIsvA=;B(_(HA`wU4P|!X;AF9)lV19Si<Cs=E=HDk!StwzbJsjzZ@Av5I
z#S6{pe^!@I7dRnU;fCmbp9kGlpiF8{Z5b6-a$@61$#Wx{dPochDPM-ui9k?sP=OaY
zp$(kQz+!AO+f4#J7ZAHB)-U0Irz}Sj=;~$r+%Z3s>k0?T;ssRbMqLN#dXj$cw`XrI
zJq)avZ1CbJGeE*0-Ea{p?hQfr+x<j&dSZK1w@s(n4}pBgr@L!SwrP7DmK9@aiqCcX
zs%9T$`W>nvmjC+X7p3f|{B>gzQipoEmb3lMx*r`qT(A+$Q6usJ&B%0n`-~O3#mwp;
z<ug?3h#B?AWo(LOds_baD1~J69<RtGeXHNaHN}O+_0O?t9DhXq^Pz=sHX)L`!uzy#
zEYWiv55T`KJqJB=|LtSt*qUSeYV*s0tN>Kiz549-tE_zfL`S{^jdv^D?zVkOvx3Gd
zKEC#o&Q;MzfCHNL312G&<~M490}&B@U@(h}GXHw7(fN9uU?#7GM+uz_8bP3kl0HS>
zKL^Gl_W60=Gn{iXvkU8w(yx>vd-1M_#2PR9>`4t26YI2mt=A~gkpRFgTKQ+R(Na`?
z1ZBxk;w>z1>PM1m5+90B_T8lmOGUN!=+Cv4_L(w<Mg1(_$>G3E@IabLEBceRjcHX~
z)hV=!JqjA{$6c&}jIaYyI=0#1ZqS&3%3CufsIt+OB9jp(zoN&sPoMbnv%@~dN8Fb{
zex&S{Js;&+*;>)AK3|UaUlv+J-`KC4#xp*KaB;h?nw0uGrcQ|trZL$2<ekiwmJGbB
zRPIR*T3E_`4b?e|w`E_XdG}5}$H=~)#kyPZa5h;^X1TbyuL98dB%Faj7Nm#u?1^Bg
z72XQ~%BGPq^j|77H$doxVf2~}tkP%`-94YhtFDjPgTZBGk)71byPMU77YsAu>%xO>
z?pEiMbFVwKpC$oj8`BNV(cLF-!9}(9u`|-)V_2N>0~0!v-r=(%VmX%xdlcK+Mmq0J
z*GeGnX=eq^UQY(-Z%d+R7@di8(l1~EHO0qAwq}W&r$YU{s+7m;@2TWR>S=c4d0#cI
z)vwKnP=xy$h2(5Dtr6l?+>z03+#X5idgz8XrzGeW8RTyJBqJ1x?DEmn!3aLOuZI>d
z#H#IUMa*>V(cdnAsd(x*d*kErxKfuRO1|#Wy*usu&Hl8z7ren}T;sn`9DaN!=H*~=
z$@g7GrA{F0$zGUwpxesti{Qa#6G7wq5l(obvMLu?y~N#}cP(#yI0`3y+{2!ZndM*O
zK((D*>ti+TW4zK!wTXu6>>b#X)>z0oz!`=-sO$1!4cDu${BP4>5P!xp`kbBqyk4?B
zoL>bMuP74R!JVJxT|LJ6$p-WHVF=$RWFqitp5&Jjy{<kR&SG$552rOvU_SeCFp3mb
z(fkg^w_Fvdn79?8W5@BnFRLO%J$`FYD&~aWRXS}qWtoWU^^vG+b;hX|OKeb-@Sur;
z9^c@0#CU+wN)1C0eMI2?Lvq6d(kSful*(W1B{K1mq4CbkWM8*C4I3w?z5}_V+~7y_
z`!&%m+NYMwDJ9xRgbNH!b<PR$4O@NUDiDd*Qn$wm9k&tN5&4a2UY|})L?`>r4_$#G
z2<A(`;E%U`?I(k;+>IRR%8Hkr0hOkNQV)BH_;e0o**WvMRA)6N%Dwl4{*pA<x8xl<
zektZIKP6qUMkxRw<BQ?F@q#j;yE-<9z#yR?U)u+JDy=$XQ82}^H}HqA-iA_2CHK0&
zY=WbHetZ@l9;{HDrb(BbKKKS_f4{~Ubakd`w%A|<K1<!3KH*ISKg4%lEIJBiSXb`R
z1V(fdn8DaxUgc|EF?p9~?Q@_?nu=>tdRdU{=3hC2ll=7p_dnQa0hio+<-A(V%YHn(
z_w`Eua48+ou5!BzY_@2#a|V#%Aj5$$QtC$ZFCN(><?V1=UZdB4x@S}qAn*B>@*TfO
z^!uFsEytc7=RisnB|;+qaeh?=f?{Y{!(|+QLh>|7v42j2Qe-Wnu>BgyQXC=<uq@=o
z)va!4LXE0R7xm!{Vx#v#0iah7`0TS}$*_!%XB(hd{<|g>9bq*U34TnqYbNX-9SSdS
zpe4*H0*{n=1f%;N$bF}S%*EN*chRt^t_>Z=KhRlr&P4_1Of6#$jdBOEzvM!Rsni7_
zyCjCU#^t|7)33=xyHa6ttqvv$LH@ge?ZUN=-G?H<hW4PQN9Tc~<udB=+(e8NR*%$Q
zC+lss;t`mw(@!J@KC41!W^;Ias?xoSlS;W1-e#TW?fH|BDSuc_u3Zf<>8`o=WWAJE
zvA8Z2rNDYWPu|}^@3hzWvsuy!hrU^HDUj{41Dlk?Z1Wd6;~Z$hIX3s~3vRko=PcFw
znC0jaV*Gt#*{6*Hb`*-$6^~zQ5ug?5FdpD-8~F8Gun$;rKVmXS^(LQ#p-tiIuTQg`
zXdMW9?;a`Si*Xa$rjcNWrGRx08azv!iQEGt1lEK@aF~l(Jenshf54r!9NbQ^;G}C%
zi498j;P1<?bb}q>1uV}({-rEvnMQVhgi8|G*CLav6J|Yy+h2HiCFTPhSaP}G2zilY
zUtINA>&0*h(2@YxqDRfMitt$8(iyp<z{E4l65j%3{2$zt>638#ybqULY8&1Vu0$mk
z535N5eu16yyTmvYb)frcV-x(}Qk(4+!{Bk>=eV|OB3M%K-@aVsPkgzL9F6&!`>?2u
zk5VB$*kgBSn8$_MlFRFcjh2D~@IodH#jvTA-j?_(@k0Hb_%K=|)Wf%bE_Zn8YPrLS
zLl&e0d`i@*dt{3d@W@M#c(@}cv^O($J%@I5r|hm9(y6PQq6r(!NxZ`Ho5;z*5YD$*
zFW#GpB8F19O)|?coq^paA^F##deEuS4;xy2Z<EKCa}>IpIRRFNM}PT741yl!7GPI9
z-F)~a+H=_sv-c{l*qBtK_mgI2`6<PMZK7xa;cQ#TnPYGv=t_ZshWn3RK->S?2iLi{
z3{LUU_9!>kRt+K(^s4*&WnMOE-p8=JuhBj1v<$yhmbF2huT3}J#A#Np)GsTEgMm7w
z8DkqRBq-((@^jyfFq@`rsrAR%5oc(eq=NTm%vef|OfFrVKU51tm6vlsV~KB7B?ND|
z8%Gs?&Kal^Ap3!$ZsafX+tPl2F6m8n(T~sG5gx=e{7B(Hh$P&@toqXH98Fvyo_(Oa
z{Q9oZ639LT{mWQfw##1|w1R%Np7!jM7mrLmV;%LXCC@Jb>(*i7EiaiX)+=DlO=SjG
zV~Z}l0BU%4-mkz3PIoAombv%6mre}5N*hzBMso%N+W33Tk^7_es~8?)<%U+BC6QFm
zslfyM(;{xYMYse|h|+~yvT8}EJvWO)KY~5+IR;=Pzx1LkiFCeSsa$$}r^C&Pj!o4R
z`^z3P6bTcIsyGLqv08tEGs1dadJqnU(YLofi6t6R!PRvM9bQpEa_FM{G{vv=(=RmL
zP)9%yEq$MMKbyPf_m)TL8xs2#Imt@9J3O{eKwKzC8vRpHJ6lbQ3}b5CG>6HWeFHm4
z<qr(8J8a+-f~If7tG@5=ad@J8>bQIUgaWFdC?<iPnpy7%UB*1DB9CZcD-|@R6S_u@
zU3NIh=5~7LSE}{)u;Te_Q;%ov#4#R?SCAp)Ed2JYoyw%Al8TMT!G@D76Grsg<5mjy
zpk6T6Xox*)i4eyQAj2E+uxL%ACFxyRSJv9&5xn;8c`o2s?mXFmUzeK4t=RTU*9UA1
z@UtGJ5)tL<&NmX#v|WG*URfQ_J%`3a7Xd3RN9T!sgb06Lm_^6a0W=`|I(L#+qy8Va
z<B<EZ1LI9KUs;Vtph?WfGdfu6oQUuitZBWX^Lk%kZWl4%_7c$f9%svY#O0QUS2S9$
zD@3l-sy)O`4>B$>%+1mAEoS(&{DQI`o`}oB=EHuj^|zkfr~df2+rM8cdXFh)o(6>E
zw*8u89mvabV;<S)kmHviTr`L_$HBJ);5FMoXto=(aRy7`?Y~$*P#*gXW#^~MvN_H}
zZQG8t0p#p8-v0I83S+XfrSsq4B{`>v(cafKNEbLTG-~$2Yw%CyhlC~~qWMRp_vnH~
zJ=p$yAGal7r0cqi5)}7DOrP{S<347en!=ddH)nCm!9@x`urVdyaQn72#dp-HcgF|M
za9?(AI(JLKbdeai%E{5Uz<Vmwc~=-Ig7`@2UZ395@Z4U9?B}&uD$vox1gQ)gC~+Su
zXW1~vuf=mVVLFq*H*Iw{1DL(L4>z`CrSCsN#%X>_R;ha8NVEVaVTtCwFeG(5?T!0(
zK1VkKC+3!WL&pVgH0z%-9OfQ7PeZ$JZ>rHVowu)B1-{*KF#eioobhXRFYb7LO)|`I
z_eJ-*UoKQXE#$shj^F(|M3a|_`Y_U)52sTK<wQ}P^!5Fs5ASVXiQv4A?1%Uz-K}&F
z-<aWU#FI=<`^50{Lp6B|I(obh^Yc^ve0e_kH)Z&S4W+|S_300$s>{`Fje`8y9_ks!
z0B^Vi$r*v&O@U+{N8&i|@dv#C>stq`2QQTUde89phcI<Wdm7t{m}kZZA*gvI3Gf4*
zsEbdIG^aeBWfznV%=&&j^@pWE>PN*AoC>6uO={W4o)q%|q2lKcU?<q5y^63tp6A2r
zo9*SKS|34w)rQ?rpy@A<imDG9Jqb{(qI%Bi)<Sx9zgs<t?CYY;*`y|ydvm&$@Uq8e
zoR;?BI%Y?>B-F#ncKc&2a?o4iPCwA;VuzTCnN;nEEIN05<<KyG4<x_tfVOz=GDVS>
zH@Mov7K$$-uO)8}Igkl?{u@IQ#8EJ^{6Q#toHCWU8=b{|C%B}qinY(-_Gbo)8x5of
zLhhPh8=E%V%`T;Y{UZyrlXMcE>QlHqa+MWbzsLM524jSxH~a{X$Ab{-2KK@Gyg*-Q
zgE|N!btMA2C7}$KuqvnUu|wrSJZyl$z?IP+x~uidcc;+vv0;X}fvfHxIqkQP84s+Z
z5-E^l>pFIN0-PVV&N;~oB{fte<4DIn=t^6E5pJhwKRVSbOtPCBLcJyUb5Bo&IW6I2
zs*FExDinO)@IHywHF!}!hYMt|6iz0ic(uZSdG3BOU_>lv=+G{#C>4(V>$XpuL5X9o
z)a#Zmz-ryx+&L<&#}+QOk^1CdUQYzGlE#aRj=W2I$5$I!9Hf(8u;DQ0{qcv~-NFj;
zVFd8@bbG12(qc*x7e;2yE3HYC7IH9>l-o#(#p1449XE!|zUy8}GL$NZ=zMWLe}P+^
zT2;M==K^zaO-?ZVjBfMAR^V4w*E5q3-&fk%ClqTK^6LiQ`13fr`t#)ysyR+bB0q*>
zGLzr<p$>DVS#oBb1fvae`*E=D1?U#JSGN1n^zZu);63k?Tpv@f<b#Y!GW!e{8lXqz
zujA6F_8A>9Z!}fW7TG68CQv9(1g;XXY&FBaPW-Dk<8}5a@4^p$cr;lFMTI$GqY;bq
zB`FJ|<87x<fBU}dczeqQNe8N2frzOwxk|F@OCox8JR*P;t>YP;O6=9EXsu0W<*u<~
z`z^J@*S54v795k#=)8n;1vYp%m-A>tu!H8X{mKi62T{TmL{?Te9x?&=%!3v8Tlhw6
z())}|ulhZvji?$GU>NdyLiVBpLY3FAz76u8RUh;(Kr4tLqTr`#He?>z+s8NC=*urz
zEqEk^%tM2^vMS0d&2NwUR2Fo78m>ur{^5bc`^dxrdpU!YPvhUMxlJvS=7Lc}y;!cs
zJw*r}7-mYhW^m#Fpm;aeiP1%F4T$7w)@s%$uTMc!+!;NRAA^yN^XD~<hwDz5C)nsj
zxDP6Ffs69t29Ebcg-hB}RHOmSj-Ssjan^(Pu0L`e<1E4H<;1mgfE3^)BA3VkGFEY-
zeVx!3!%gJj5LYdBAOhUKaBzQy^Z}Xk(OT}auuy;4xcKHgcl9ZFk>YkG<Qu>3amkX;
zYPDaYR?SjpP)_|v_&uJC-SDXn@%99)>wIJi>}EsV873j=y}ec9a5BIBjg#DuD6lbP
z&~BK%PU-8;#|5m=KWCdM3&65%`SmV-xqZ9Nw7drp;pavlb$~=)LDctPf|JGd8Ln<v
z&hyXsdd>T5y!r3U#NbqeLFm@|Ho+`z{A)QtD+<EM5#W4>WIo4Vrujg^)aJQ8Ry{G~
z@7#GdP@5tzuMBAp3(cpo0FDcTOWbn&So(L-P)D|y>p4h253erndw9aU#dksPWvMcY
z15aw_yA5X-)8`GDKUIbMx07}wR<*D(A+mO!xTc2ZyQ0_^g?zy4$zS+GcC|_I14otN
zw!apfEE0Y@3Ghpgafrn(xxTLKk$>l<L#lcQIQxv7@u5xu>r98&=u-)mQ4{l<_A7A(
zzlDh1w;ko%>;4H8$G(OFR5kPBZ@>2`P?P*%o)g~Z&ulmngnB%Do31PSJ>hlsi7Pst
zF_%qiHVrcJq~z!vOYHIvA-T|7M#P^AZgMXN*v6I%E&WY&$6i^-ZJ%Se@4SDyZz08K
z5n|vvI8{+|o+7f`(dgoM@=~W`MwcUw$MwPkX3I-y|LP|ukw9=NbuNpxNcti2-d&9q
zQC_s{w|&@ST|@Tfm-apYx%4^-`$M7#V9PH(!kp#%E>1Rl#1e=g$o>&aRsD4OJBZKy
zWpit^T^`2mg`U;3wQn;*$2D_whtD8~*k#MSWWNBqpvb)lIsuNnB!?HL-H&bfH3SVI
z-P~=r(vA+8kFf`0knX~(uw%iW_GvWx0kHF3bQn5;+1o^)ieR&}!uB((d47G^qJ?lz
zJXIun`Q{a#F*oe<YQCT44a*EN4biQ!IQR#R-=}lW21$?-u}pz%3`)CneZkTclzH*Q
zC;oaLh6e_w{MyC>L#r^9t@Gk!-`9k|=4f;pw(~rYW`ur>I$V*cgq<n52!toKAJtB%
z8H3L2FiM&NxhJYK(W%~?$3X~(4GK*9C*UCM;I~E_#&qaUw!iYR=QpTEU&RXeT((VM
zwsNZSeIsLxuqA!8T9ea;_Rya7X%nW^I#2$p?Gx20+zacXCfn%E#_!FNg=gotFpCP?
z*!3GH<7NV9E5qD!68sx08?b2mre$kP3Q3Fl5l<RZM5ziBNj)+1xLU;>>vaTX0C9x5
zUpv5?Gb?Y?)$xNg--lm)Mr!voGebhlWVEI6`D^ml`P0v93guP%N#zXrxx43a^a1tz
z`G|-!YgARevFmD|hz8vUc!9brpQ>n?uiqRrqiH~gx<||~=;PqRn>1#&{WSIvo%f+7
z(-AuL714`PKs^!$yqbSn`?Uo7K-l#%w^@249QXPJfaP`9QdetD+m~Uy^7d=_2%CcE
z9UE47j^*k7LED!*j4@s%8)4>YUwB*2rV?c6g-j`X>!xAjkmRX{PE@`;XRA0p6xb6N
zc;IpWI6ip8-s>SgA!x>JdD`q}g!G9P-ihQ0jo%BmD-rj&_~^xjb7kKbXWkc=Q*pQe
zAU^0(6Ljg;{H%22&~9b}ijUE(u)}*jzFCREr6^WD%O2Dbo!8}S2z7kZ)BMeg!L`5t
zNII`ARk<Y!zY;lIk})74An2WB0Z9r7ProO<$M{d5-mM~Wty)#HzPSnU#HYvhl`{KG
z>6S7$ko*3PXOe2g;&FfalKDf+0;`S-oG>_swblE6r)rHAp2W(Tf|Bzbb8UEuz8^d5
z#GSz?Cz1}lteYFQhj9_H$S^8ycr9Na0H)=(Ft|PetCctA`ePqI9`}q+2N$~v20sk<
zmEDWDFQNJLiz8GK{DWy!H-!#sehoy{2$G9Ngs<XOq8Me@w7Yk3ewdGrquZEjD8Qq~
zt-i)nPe{SGNr}>*r|t6&`eA}nA9*xdpDsCs<gl|rFn5N{)z>m!KxrvP@6$iE&8j@v
zSGnXk)L!S$#b*O4V09Sl>uSdfv<+9i*e|)i$j!9xaeK>8yJ@06>pnF`DHA;+X{6DO
z9xb`@Ip(SQf^`4|4DQmy7FUzsY6tso@=F`{iY^Q^DTVZUyP&Jy;8Pd=uNf!V6Sf%q
z;(p}HE|R~F0Yx(MLCiS=1P`zEo*C3-{O8gjX^P9ncrI_Owb*y(gJQ#NiboiJFL|*K
z2Nb{~!973QTM7p#xMaJmfVB~}bJ5*n$ssFJSI@zUyR`Q|YpFkOBv7Jwy@bou=X#lr
zu)V8JPbGc>ub1TMzF0C?w|Bi{!2kkNEi6_sUSE?ln2tYD?MYeXHQId}nOc7LArG%t
z7k-@#UmEKDUm%_rAfR9U+pCEfg{{s?(C?cmu%H_8OvTqVqc4Eo*hEhLbur<^-^NLY
z_t;-VDHiXq!!bsJ!dkGzny)mqk@Z26HKISgEFM#n>_2p|9uw!=uHGSNE?e6KY#4uD
zl9sFA{V>EHZUE)Y!Q!$fymSAfHe0}hav~dDR_jko1-EzP0?a5n(eLL{E&q&s*04*5
zs3J8E!l)Mg`_ugDI6D5rv_Ceh&fk+_C69=-(q7hH?lfrT4?~x{U%hxg%3A-V;&cxT
zLf*PpI!T(FdX&Vn=da3tx&3)GmHh9->9B1)^7mh$^{);0&XsaJ9es%KNEUO%z6^B2
z)GerwrwVO(nEA$c=$SDi=ja)4MkD-8L#92p`k*Qfjrbn<5E*$PqZXbaeierIxB@(Z
zFUx(e{%-R_P=sh#dtEQoSuEqH|9gCLL2VNPEYOehz8N1@eMb`;><c%o<h5>!lHqjK
z2~Rj(kh;c)Npy0_W74zJOpPM7sqFoAh1)T-fOqZ|3z6@_0iYn)c+PeCD}$ujGIA2`
zcgGiO0dxz_lWgtkN4X$_=UgxAYseHuA5LrHn}6jWK(=mi)|f4GB<qVLO^=ghCogX+
z4_lHPXhUX8PkHU~=StN8P1`=iUrqfO?$ft?LVGX(>g194FA@)J#ooN9^Y#-uj`+`B
z3mMXY9zDXa_n{j2^lxk3o&%{pYo0HI-|HAaKt@k$j<j{f->okZxA9*?hb!85^R=hc
zDOU&k#W^KPS8~0sp8>ISHU5Xf+CGj5>3+6bM{6-BZ(&a6-r65cRB~R&Gjig|o9}^_
zdJKl{zS>2)xe4p?!Vr~DB%EO1+uxs;$?J42=$gNq3*Q;^A}f=N_K*h98-~}Y;PHEx
zu6Mk>t@ONKqCRco%nGV5{6TLl3&;IjS0_aI@{`nYm)Uh9n4=*DSdhg;^0}Ynt$!4+
z8vT33U*kl=j`Lg%S}brHc<v#I&2kTFTjKRqI^97Jx)Byxo!+<Q@%wG!xuw>?I*h3V
zR)~qGipzzhOc5Zm_}Wo&4d<dey*9u#mz^|jX(w&eX}l(VR`}H(Qlx!F)7T^AGxu6b
z*0#0qVcSAb>GAnfzngR8dq{}E+4AxO#8xm(AK;w#R4x7SupFtzgET@r9v{%Nvfu0R
zT|o?eF7!fa$C)bMiZqq9dUUiGZ090=kzQ)VGcS-zJyqNf5QEaxO6FhGaqtHt<u9di
zGia1&4%jVgZsppmJ}Q~KXU@14js13R-TgkoJm+8-A<*IMz4krcGB)qcPba?>(c=+0
z6~(HC^0D%9Iby*pi{HcLsHpdugOkpAQl7*pL{*y>AN9SbH|6hx>Cs~#Nk^3m=P%Pk
ztt&#ep@kkVz)>0xxE_CQ2fxilI;-}35w<?2p)Kca<mo)V7kwJd`}%SIc2}`f?;%9~
z<pyp`3T}?#mV-;ao+c=Ry$c{9Hek?&#qbAmzk}2$oAVh?bO&&Xp%;HX*+EHq#^p(P
zoXs%|{BYyLKF@vKA1vILt)tY1#(OT<D?nB^T<86S!lOMD1cJT6Ug>x5-+OGdk4-IN
z#X9FQ%#$}({@z@?7d0>Z)QW)g_-d=JP#RK>Q`yL?)aS?eJRp;JC3@Lxa#9K|UBKA}
zB{4HQe3jE*)G=fc`ZEqdS7Sr`oV(}}KHG0)B_V!c++ZzWsLK9+cooyOvo9&AYXj%$
zGe6kFnrAQOt)}KhMYaAzU1vv5_}YDA6_ws}YTqV>%KP^*=K8pp({Zv-M-2^D!a1l9
zvql}Nd~p$J$ffZ5-fML$qbOg%6jZ5c`s~w^NhB};+=YJ;m3582M&FP2OaXDXEkct>
z7<?)4W*}ViqsR$Sy&`;Q9HPrnN~}(v?kxqx7&Qf#pW576hOdIZ7_=VyKRA3Fp*f>2
z`|$M?Yxf(6KF~Tx)Gg05x7?#=zn@~o;9jTR`_X-8T($CJzNkA?2=P~I2jkINF#D|Y
z;<y@a5*>Jn5m|}MDR5HjpW6YFv+fh!YdzJPqXJ7-5+n>n(vt=Vao>;ygOqI&p+qpi
z5l!J;?jggnEx1fHUqzGx+bl7X%t?Qn#mv>LEaT*K@k>2)IaW3mRqBVUn`CF6mNz2q
zhHjtNdgh5HHI+moD0#xV)53~FR!;o{2UFo|Qa-oe>Jce<zv@C?f!q0pB3aL=&&6jN
z+%5`zC6@|zx-{y)R^vtYZdKOTxPJ6A8@#^j+W_~WTxhZMME9@>mGU7uZ#?09@Sp4#
zAoZ275fhoC%NBTE{wz==wBp2?WGM%NUFkU(!t|)KpetVG<@qhNFkcJI>`RN=i95py
zLR}W&<j~zw7BBv{a!29Vh4M1VNHmPm=J{`x^xf6^b)2x@N~8ecbVb!*lfOvPKQ7II
z;io`L(*Aa=c=$C(hcM+$SULTg7uzCP1`}44`szH&#nizj!Wo?KWJ<c>o#gCNn?-yE
zMHff#T6Ee2N#k-%!$(fhK=y<TDF&zLBtVRK#vCSVd&+^gS0Lvf=*B_WH<E#rz#m8B
z=N6og-|nANFqk$gSTI|&3O?eo@zdfmHXJk^F*GeK$wu8C8@s#cKF?>Lo<K8JPr$wA
z2`NC%=kC6Cwbq!q=aa7Ll43yr90y87RIvmGSNExJXA{=~z~ec(dV7R|Hdpg*a|bFH
zs|#8#UxK``6klv5py98GSiza$$pYF(d`w)pmVExYWBB$C6xqOao~Lge-y`^EBKiFK
zp$P+x<A}A-+g*5XEf6%>qpi>!NZSNJ(=m|>VkB6P7~jp`)Qk$TQd*zGfsF2`KbvK8
zsp0%|1CC~D;(K}YA7?r_5}Y#Fc+3}MGvxev^iu53epe;L@8{h1f#KC}{ssxR)O&*c
zK?6Bc>c*hpJw&^)5ri3D^n3au723{tywE1c2iNFzUc@H7zg;vu<E;_5c*2%}!-VCn
zJ=a<??Gyh!lQwU^U<SX$dE!V1&bbG5_CjjNFPDY?aY{8d%InIx@aCKSFS)&uJ(1<w
z^eO=w-FJLoe{qsD9v*%DvonZw&)U?xGVl9750C!-pqaSNFE7mKx_u2CdYCSCOu<jf
z@#a<E552)sw20<YGEfYO<Qy7|<WCTEs_*+h)bpr)C7p3Yw;5WxMYNN{q(HHS!}WJ6
z_vQ1zu3?NEfbMHz5((L(Y2L!(&Q2Wc8LMu@sYF{S?S4y?(P#a$2Vt4$Prc|qHNTNo
zBZx~+kgEablcI&El^yTnOTU`Hc(-08%13{}Hh6yU#eQ}MaTdJr6OttTAe2UX-b&W}
zB)fEMb*0;-oSZCQ!qS*KDj)=K--qgGl8~$7$W^uS{<_@D;T-ilK}at$p0kTKTi=*u
z<v~5x-T<~@7wnJv9%4jh{XyS{dgSxkEJbF{tqs|69ZuUM@w$|Jd;DRpljEPq^wwt6
z0^b}U8?8v@aqzZ^{T#k~Cyne;-N)Rh(E?lvLdJGkplU*yJNx>1cNt&%8YGItF(0fq
zAQqlHeC5mV;EjYAy(F+jn}H@^reJgqr)zTC1B9UOLUpRA;i8GK_&(=H$H<i*u2fx%
zsII#38Jvb+y#*VFrsP*y%rv#lP!1FGYJZPg0{C)FOUw{c)3Noli$4t(X@Xl$A1O4S
zOSh7ynk*6y_E1mwM(iX!<v#^%TwvKn%D1v548z;!cQbB-b^e7Y19&k>+&5MIjDa#)
zghG?$0pdqMo^eX`1AD$o*<ziX{mLfu^CPr_|0|Ct(}9#hd+F^*W$F&5SeIQuq;qx3
z0-4n`@Ep)zDXf4ZRzgH@d!GO7yr4BWzfXkGEHUpp2ZtBnCQgkX#tKt`2cW34UVaOG
zi8S+_BqPtl!_WSs>(otbTq5I(6y4$ob0)N=%um&(i?g?9D_ym!2e^v-oXt@_5f5&?
z`SGrr1Vxd<QJln?%KKTB_EWhPa<x3=<hkFj`qhF9^r&RlI-Pc7H~kJnxcBE|M{gq6
z>l_VR22cqdM8j~X2=w5#naMsi^w~a-em1Nn)iDU+h%JSRMr3dzvRF3%#U&diiAdsH
zD)LVSY~BI@xTm5uz9F7U9>v5p^64%KF8qvd{<g=i`sHJsuxMtk+RjMRCseP;N`vDG
zuYc#u_qbi=vCE#s#c)0e2<Bf3o-*C{Ge|G}jhLi{5_|p9Ba4lprayS_x^5=$)L`0}
zm&{>mV66N|jWbgZ#qFTCTcq{B2xE~P9^OB8B~#l9>a9p8Stjt;$C=_Y;jJoC>MDxI
zrn#qV3HM}AeZDw+bN$@<<SqgPtDNFNHxl)3LXNXF3SHp<RCdhB_H^z1g%0K)MC3Fz
zDo^w?L;i+&UVdSq6|U$2waB>D`F*TatMeEK?b$mx;n02#cU|Nq%SkCowCg%{WIzFC
z2Ro<VZ4@o;=;!e5#AY($>JN!?nihJ5A{+3Bh|s;aA?<VVCpiz??X3Vz39ls@O;rvH
zYr*F;I7-rZqWJikv-be<fUr<B`gm7Pr|Ko2J?(YrWA#7^-d~~%k`7`QE*&=MsB_a_
zl*uJ}Vs0#VaLp0nILM}Bz{jN0Y**6D=j->u5}=Q0V@N)MW**GD;<<KoRezzLjqTxA
zIXAc1PnWGM7>(3stq1kOJ&9_cG|>5kjYa}-iFqO<83|xe&$4HQ*sY{>>(t@pwpA%6
zNhY}c{BG#7{e;^@v-#As>j|V{WLJjffXNq<{%KF8+}w-%pyLP6><dXf=zl*Hd*KZv
zI?T7a;ZN|C-3JSvO=rdS99FLHLuDAa_i@*JO84&Y592pY-}J=is&*3w&qqI$NMj88
zeh|jUV`vZR`{^6s&s2m5=Cbpt<=vw1=!51_|0x<C<(*#c?0&a@$?|vLZuMsGb8mSC
zo6OD6)*Rxsm^m!VzNb-g%#u}8uNgkbeeTYj<{wlgp73kKm+EwRCwFy{++_#h<Du5{
zeYa5K%1mk<Uo;1O)aOcm3pa;Zht=#3T(W9E9*0mUdh}p8X0sAiQK04Z2eTd+TcGhV
z(6r~va-=X6f1l!hPTk2etbs7J^Po3=!2W%qd{(%N!(aENWVvt8@snVNeO{%+$F;p9
zSUgY085OqCDI$nsh^0Y2d5x{L0+l7a^x_`f+>qLQIQx~o6xju)(Qe{NdU&i<Np1or
z^ei!apX8`u1*c}OykL?jw)J6vm|=Q2pX;6a)qU4bSio1Dq<*3$f<aF<2M<43e}g?;
zyq5q%#r|ciSGX{E#c%izYg&^9ojZ+delge3GK2RXSjeY6^=a#YSccxOmZ$du6u-Ag
ze3X(zEKA*qE*WZ#{a@HU1~b*44wkU8i2PQ~*y5`=616=T+_p-_LxQ0)0RAL%Y?x}K
zuh+rs-<Ku;r=Pp>e-4!9p<BK3D_y^GxTo3W_mz|dMtte7$l#kGJHC$PIc9=;{k!WK
zCS(}{QBw*YTuxE=Trd)Hr*ouk|7SvZKqWz>I#++iEotQJR5vN*n`lrzOp0>$j#2PH
zSfQ^n+V+v1vlPR^eBYo^l0d^uEgQ;#8))kc&2ju7kpw{bF$z%~I?&xAY?E(T<dYmN
z;}o-KN>rL=em%<rstnZ(Jy-GcL;m?8K49P75q+@bw|?>it9687g|}~PA7BcU2gqSi
ziWbq+698B%cphH&oFd7GV&M=|G!lCvdP09_0zYw+^QS93w-IhPc=Ot0e|#Ae-ihu@
zfS#|%TdU;btN+UsEzu76pv6zrti5Lm;Z$Q}Tds=5r?9bfrPmP<I_i0zNSkn7_MM^z
z9Cy)vW6v9d)yK=k$<!~$b6PA<8*)!|@!un{Pg|btogczP+)$;2SG}Mm`<%QoAJtlf
zeb-yaUcS})YXF0IVBWENCH6VAoa9kpFCBZBEp5GghXs&2r)nY|a)0uQ{?}$*XC?AV
zZ62B(DR0%EVXD4V$PgRmOkt$IDDqpEk0g*b+orYoiNBX$+1zScr);BLgr!El1cIge
zx4$7TiLY%?syGz)1I@2!D|*@0s*V@`!V}3J0Kl3`keYo)d}!Q?hR6dDvG%E!U@roH
z!+lkojVyG=e|4%=8II?l7k}$wEaiYUH9!dqQ_D*vAQ5qh2{%#SY~VRFO_oepups0G
zspR&&&G|AHQ!L?G(bwSoLcIE{>uYq6xNDoKreh*w7omF_S`XMl-(iurn|RCD>2|xM
z%beDjNZ1ACf<qj`66d&0B*8wpQh8+6KGu)5x$WtlQ8yGx6Hc_ch6g0g9C{y>o?Yil
zMZUfCvRUuK_>ttt>1QEy(Es9KcEFqT@}|EjYr5R88ix@BiIigCix@cj_9t}Y>H%m0
z%GztZ1v5JB$7{8ZsN|Z|VIqqsqPX4D{4CQ`D{S8lUSqEO@e5zLS=F5x5M7V4ao8v#
z6z^!P`8}xfBR_xUldu1#n`YG7kva+U3l*5e-O(g6*6F!s^8xjUR?4<c8>!rxlz%{y
z)<^a&x_;lbZid5jd}S$fUz|f;*sHnG-%r-;{WLnC@gmt%v{w1o{Y1PE0>=hYC`@;c
zKB^0(=64w|#!R9&t_nTGqo;wq5S#OW)cuhLPgX;(XC(-2&KhD7*@eMeF7Kky8h8<W
z+e5s2E`yiBan3Wa6lO$ZQ8a&eQCDlA8E#B@UYqafc;&>OM3g9+tdPFpL+5HAi0FQ9
zhAg{_UI}A73)LA2sO~cj>RW*3uAknY$@@5<Au`_AH2E!Bd;)WO{5y!5SQOQx{Mu5q
zr`KWseoMghQogSzV5YIIUefiOM>kh0R57?s*HK8ZLS+Hg#5ZGWws%2JZr?0+=W^P7
zzf5k^p|O63!)3NTd7seyg$9WU_5eZQ+$n86+K1adO`Kl$<ZX2KvPki44e?RX;Ia1B
zZ~g@i44mADHWzB)hvpJ;;S$A2PkGdBQ(3%j<(jQVM_rM6N7;GH16sc4AHBT?&U?Ew
z^e@Y5^5SmH_=3Znb?R{qm=g>vUbf?&?Dt)_xyEAL%LdzpD>}o8ae3`Wgc8;pJmCs%
zezma}7E5I00PDaT1#?{!X<_rYKi6G+DbtQ$vgOT(FNWoeUquWdV42cBtUB)=TJrDr
z9cJ}&qTd+<fhP;)>ub>5Tg@IUwB7mpcqh4YuwTqyY|+qLe7N(OdI8_{2R?RfREw`$
zCj=NCm+1U_>LdfB>X-ePd}Zb1JqVtE5S|ySK^w!lg7>xGyeID@T)RumpsivTb;wCp
zI7tQ>QrBc=Iax3Gw@Kd{SlklsA^Fnx&sN!gb1zi2I#4hs7ynR(`B{2QVRO3QO_k0b
zC2+m3rK2%EZ75;A^h_S1bl`7J_Q@WT<m`lI-I|MWpJ=7o-z~nAaF0-qk1Od6&jj`Z
zgu)+hbX1524^rI&t-cGeKEt05tbU*Tl!A1u5sYPER)$T-vS8!%CN3=(l$c*Abo2*w
z%1TVz!xfCDApf0Uf{btMRrEfj(gr2O(uZ*WX=t%)i1MIHqr=?_iL^(@Vs-j7bdeHV
zfD!lz{Uxd>TNV~Ws0k`yA7j_Gx70rsOCL9=m0!ldTDh7*s4M3lchu{V_r`P~a#cd3
z?1K{dG477-nm;8|yR@8l<9sxTH#ZVO{W1&p57rD9xh@mT)PA+iSM(w1GXr>EJS8>K
z!jDl8$mH`ZLCu~z8Uzqt^Y;i^2R2(Qk1GZ={n4fw8d5gcUcB-(JiR%{isp+H6y}Mj
z8o6FAByE1j8~QDiklzI@`pp9Nf-=FAi={JF$tkF=Onp>ZgH2-H0_^`546wy@NH$>?
zh-B=fds{R*nqx&<_bkUu@Ey|6q8+U41EmY{$xVmwvvwf^u!`l!0Ms&HsSK3#jCr*W
zrhUJS;RM%b>6la41iahMkm%ugCa;zKZ7Jibl+1`xczJx9`aXWoggL!Q|971clp>QB
z_4LQy!J|5#^2bBZiFb$k;)%Cx0>f<iVqcq7d+qmE@dbZ9B;F<D7at28eVU3kg(j;E
z=cZvmpiHDE{Gy9?beJ_ub{C2@oEHid5HMW6?uZ6L0T%TXz4^7Ev#)`v?u}^zmn0r^
zXFxR77`%PTYSGk5IO297@%B->3f3hN0<qxIPtWITu((|o4Z;!2A@DY6W<9>Z@HI~-
za>6<Ak&)r42mnuT?Vt(-k?jqpAy;e?Y}&iaOM`F<&}VUcW^MGsK=Zp;uAV%&=iGeJ
zK(szP>D9sB$NN@S)z}6jKhO2AV=nL4kv|F1?G??mBZDN$(z}Vh?mwQDry9JQBznC#
z&$v$ob)<|RNLcXf*nwT@@H_NLOgKsKbhL%oS62ju3>0q|O^w0-`746sfHII_DaUy{
zl2+8VrN}R!0Si{pq`DCl_f&h3O9C#3-jhjqnpN)}1gaf@kq;BSr-!XRC<mMoNsHQU
zC5pi5O1N;aZ~M^@IADut1c2=MnZB-jj?S<OD=^wvxSsQ}=BP$=dkRCD{tUU_nujkr
zPAHSU?I~3MC5teG7!T6)fg4?QQugWP@Dka5g7lRSCDyN!;&WSu>~jxyK>9nKI6OC`
z%4GXQzp`eIegk0Ge=9+F<Qq+J=O)-c|EbZRbX_gPUNW`x1pdT~{1MkDuLXV##q5dP
zIny^492`;CN^r^5R(gG|)IJ*S`z!;RUn0%Ku6u@dxeNvpt-w&;t#q2k^+CO6&5!)E
z8fdC|x<c5<7sku-r*j4{%#SV5jPTg*R|X-pZWoW_>)NM}V(O)6{e1Spbo&0tWikB{
z_eD^jd%t7~*T&d`77H1$au3MzgvDrRU(@&8lO1t++b`yIV(jYWmB=<VmwQ3l)!rx~
z!=RIBEEqK2pFrv|PeES9ZLKT6Bc536L*e>`Nu^ifvB1BAY`s5;X5mKk@J@eTpnF)~
zo3kVdSIRzkQAeBE;in?m4swc9?Gx7s056j|%hMGO=9Cxl!s6B1kBD#9eXbrN-S)aH
zH4F2zw0x>YpgsYik?5*`DV_Lw|G3wjE=ml^gls>6h2q}7vH%5bJM;mS{59Vl*uYId
zBNuIc(#XMi)^bquzv5WD-i$ZUP;y~ca%$f(=kh$($H9WZF?u)b_FH5fp1{kJ%kkiI
z;b!}1rSi%bFDbmTya&{)=D$80^^uawNO~_0_QY*+%-^n=lf?}u2d0sO;g{71)`jTs
zoC+`WRWp@-&r5f5*YfF@-RbNpU$(WXuLeQ92&B)r^m8x0Ua1Q_omWjX84}w?#Lb0)
zp_FE3e1CZY7gb-A=8R^DB?0?!poi-(l>^4hpf9UY35qW^8WJP_vI(nkx+7H6ZBfhE
zbGxDip5|-BWXG37?l<>mFAh<k`(<WXZ$Kh#-9Bvkv*v^?LC=BcJQk0|;4mJHT|O%J
z{W`_foX)wy#trHrO_N^i(G<@Q9sNIo?ES7^d;I|*KQ>qK7s9BManI|B=fOo&4y`)p
z3AmSf{2iv?Gr&0O&?upx9Uq$_xWc7mS&W-{aonHS89!v#j*p6SyGiwPAGnhr(Wp`L
zDIezr%~wzUvJt=AWw`@=V`8;C&G(Z+IXAx;4$hbY-yXC#nMG=9dd$U{W5+dn<9X2o
zh#N+=Ldke_Y7O!S1O!{10484d6}oY5!vPrsz7d08x<4K3P{H0?2$K>2=n)-fXgA<b
z!KI{I_bVq9333e#i7~L*ccl(~WNcC#vhitnN&I~TIe6T24WDDw2ba`A(%xUG?Rn-l
zk$83EL6l6Fj^_P>e3kn?CKvIPe=0-jwz1ik)9>M-E#>&=B@W=CnYL&M4ej;(j>?gW
z_M7?WP5tR8{=DDd2C<UCjUnZEDbXyQ4c4g2#iSV^2`P=9T|!dy`2NP5SH8^%629aG
z`Q@9Xs>vsV-jP&lPE_12NT`_uJP$7i(M3A2%P8{n@ZeQIvS<ay-dd&m%|2;45%076
z0_yUP>0iHRCP`@P+2q{9_rOZM)XV7u7u11MUyh;|EP^5^>geakG^U!z=&1L<)n%x1
zDcG~MsJW)UHt1k(Uvh<rTo4Tf>|p-!79N&QyMYas`z(X6!%pwjd<|vdgoh(W4vojQ
zXlGw!c}YYCjUqgiCn|J_>aURYGv@?82jLoO;;@fd7(zEdq(Uq)kMa@bIbf=&0aEtZ
z0CEJ3_RJ9gXGmVIQ34^1c3RPuz`B?>K02IR>prTU&c&(j+vh?-q4W5GeQXaRp26GI
zs$n)D<7@T@v7%2}q-GS#Qu?L4c`kcpNVCr<PX#_{|7%79fSck7<Wgo&(+*`!w_fo2
zR6_yahlvZ@l0kkvL(|<_*Eof{hjJTtb+s%u;RSWQ_*veoAG@@^N^_;zdE1OFZ|Ihf
z*#b47M~CL?D@*Mwy6K>`k@@w6BV3^K)VX+2nea%|4+o><^{KQSrrC47@&n-IxE!6P
zhDoH><=^xf-eIBJs@8+%n4%_rakUQQIg>EXLQsf`0obOa6I!n?IO8@&wWvW~;=UmI
zFZ;s6y7-tkQ@@Wan--uiy{2PQ0N8b1#pQF%PO(#tns@J5XYy$7_NxYxyv26=@ywI^
zGrvk;kz{xxLzn^UiKn9cz&`t^dz^-4D6IK?9g>kcvQ|cNg2b~)@~u7ecZY^(w|dOY
zji|o++n)8|f|Fya;s*IkggD%rT5XoB0bz-Lu7(&?<NdjZogMz*j?R4VQo(k=0ZN~t
zRGb&@!B8Y6z!Bimr~SoxPjPi-TK{0@@Yo?})$fbTW_9%McS0#fbDxLD@lu<tHA%VN
zYnCF<dUk4|lY<v|GxZ@mjtc81?dPUT0}5}(+03wDJlm;#a*jW*UWHjniA@b##`{@u
z&>cC^gCG-)R`ez}oNm({i~xi=-BW<qL>BHLewhhUjq?RDH2gFUST$avOZ`KgS$K>U
z@!F&REL%r<GFg97&o}b{9xFaq8i<lhJv<#MqJ0uz5>AivK~G>@9}UsVcAIQFclphP
zf~;vqZ4ZKeU2@?3f%bygwSU>0JA{U}>Zi~}AMfdNye!ASVsAz1Jt#0e@YVVg_<pe1
z_a<b&1T1E}=8KvlK1SXEe|@98v8Qm)2M{;_>!|{9+%beQx4t)_974?xbxWfRtZ>-e
zxG&7*aB#6J+8YV?s4E-w;3Eg6U!G}3wVf&l)<+E8+@xR~5FDc#{ioPmA7Kzf3xWT^
zf=U*Tg8B9t9pnGdwbhu8s>huk-<yBkznh}U3v9{H7iDE4b`4&w>_oV6;PF>czbx)z
zq$#Hty^oex>nDQJq*`5@kuKRDc_hdyIB`ClTGB|E0p}sAAjD@WDeQuNf3}T3?^kfr
zrpu@D&Q^cpMw4Qg-e^tkF!)C!IJ^!QgLI1Q(>C9{q+RR6@G7TZ4Af5!JOGI!l%QxQ
zzrzOJ$(QJ~jR*3H<WKoSm4nqDNUs$;@lfCVC6s5<V;%DPd7NspM_Cu`NN(KS_y*jL
z`g82%Zxo&KE<pC;3AiNxWpxB{a<VHv7n?d+O5AjeHb2pu-M_V8CROGtFb9KW_teF;
zwtdSzvPza$c4+^NUGP8x@p$UdizkbZhwR6zjMbr8xoyB0P`Uu!=be1^m{8?3tt=*G
z-NCPBp;}}yUNeG!`YXLJ4&vi}7rzh@5d5oC&P`j*qUvtm^EB-lY3HtT#@o*tcV7qe
zHbk%~Mj)it&ya)JGD=YEDEsFZq(i@)ON@0%=813mJ))*=wS*Q@re04x8Fn_jAk2MK
zmPfD!)Pc_ExA%C8!jDcSbhEq;J%h(iKI4DTb#(}B@tqHKI>Sq@d#3~3!+N|X_{KDg
znt=M;RSB`;LQm>mIMQcV&%*sWf;E!8kF?^i$GURb3s{-YxVo_M(Mg^Fz}cX>Z<G~v
z@;d$DhUEReHyQB#ZmO!G$8E*G`#QC%l31R`7P}}8!!P)IAebK#vU^gmhC;i%S^YO4
z-z*8HJ0tM^_B0gO4VBrPkt9Q@1t`G4jXOWbl9wWqgDS_YMUh)ft4enkZj!{F2IBw2
zQJ{+irr9k_J3Rex&fxVN>TPP;D~x;-G!L}fEfUMO>J-1z;|Pg3F}Cd0+0XT~rCzK$
z^y@p+HwjIir-uRvy~W+k!TVgoJCU%o4^Otg(_<D-^grTbjW&}^j+(2F_4byh+u@Ua
zx6{!$dY9C@%ihI=jOS`;5#$HOPe4T4lb`i?dbFxGs7|+l+MizCdp5N{-c8A;g4X=$
z;W@=XFGOh#_a~ja7{Zosw&=$M2HpCU=@n>GPitF9V*YC^B|X}25<+L}08-WRG(1kQ
zDG!pV+ByoziRtwvykGt`B^L`ccvD{DQ_JfDQpiGF9WOYl(0_vS9R<V<W;~X!5;J-`
zESd2kNU+5PHpikzLw~tliS%iC-P<6Q(^YMocWa(`4tT)!tXb_Xli!Hn@7M3b=0iNb
z&}U|aAxx3i_)0xmLbkc14=l-Dkd6t5nFpuw?Omp)o5_r1Ss(V!tSW!$JBDKHA9^RA
zFpKWU3d%+mkMf%PA2#Qx33<X_4==npWP(ec?E{x|Ix>GLZ<sq;+lBk^(q6g#yw1gx
zfa*Y&cfCDOcMzHQ%&-A}66s4)RZh)Qfe;+N4Dy(T{S~`9!h(Y@2$l9L?feEf2)p?a
z39a~ux(k^Wu<N6Uzo``$i;@bXCH~m?&3!(WCvC$to|wv&b38e!E>K0h&STK-bNulI
zUWC8}0+Jcw=MF!Vws`07x^@zg?Kvk-BK0I`w+7BVKsi(war#>OV=F7e``6s8R{(4o
zNlkE6HtqR#X~aqXoQES}WlfNhz8u{i$^4itJ`R2WXyQ9f8n6*D2!zF>;9r<-DX_So
z1+Mci+AYA2zbf}K6KC`BRbU!cq0gd+Ve}LuPi3&iR#@%Fr@QZgYhNrKy#PYyhha5{
zlT8ID_(JLAc3P>IyM%XUPYQHPI>LQ~ymMOjS)O<2@U1HL@?8GZH_lCGp*3^RR5`Sk
z)Lb4?Y86KXR(w~l$@+6ODKgY4Og2(uj%MXgmP2bj={b%CwGr4A^}n)(y`ncFx=F10
zhTi#HS?AN$(GKke6X4>gmNH-H7kb>1UOD;3h*$?cbyrlQ9%vK&$U|3~fpKeX4339n
zk{PG_E!yv*Z!N`)ktVU|(EDcT+vp{8ze_=-4&p-bfeww%Y|QGikxDJP7#amDlTU6u
zHhYQRrU<N3zqbR)`92;)AhvDh(3F_Kb=xT|HY`7ciGRS?>Ha~F!0{3?w_9@oo3B4_
zP<2?&$<MW~W$pn2s<ud2+2|F4pz%t!^CsRf$5rtQK0kTJ{Qd}yaA(4MoBBoopp!7>
zQ!%N=<ceMzgx87%6em-AR4~83J<P3gVpM+2enaxQ<RDCZ_vUaMkw0|Z%n;_Qs6XyL
z5m;~5RquD?{nq2>F=X()yzasL_+xN8a+e=Jq=@h#A)>pgvn`9dKU`NZj3YS_;_WMe
zk*ePasA6mibG{t@qSJcar>G|c&K=vQ#AAZ*#BlW)cS->0p3lW6(+PK<;G2+w`PCTP
zJC9kuoZs3$T<ENW>mFXNwd-|EZ5zpL$<`;bdm*0;1HnxOT_3(N@Va>O_1Z$-DH|K<
zN9kvuhU2Po(cMK@`j&l3_iU2tXTG`gV^O2e^Bl|jgz(#!iQ>nEciH3>UBN-i_x*i*
zaz6a>M;{zwvMzLxb_}G4deE-jl!FV%K0oZ!Zth;-LZ!z}c8l}hSpvDhqtA0<^v90*
zdF3yX+=F}c1?!9Q>}}x{*_-IYfZ+-LO89=^P3u7M&*2z8eEZxROmw01oA8Hx*`t88
z($r5Q9$#vV07V{o_?2pPht_+6Xn<T6;VK(nlv@rp#l=+|eLo;C8|rxrIxtwjQ}Ppt
z)TUVD_FNO~(Ie-s113iK#eM_>EM@kLAhum8`qzK$tIC#~`iMsVt#Q;%M-Y+|%FPeA
zJFKR2lH!R)^3{!c@^}2cl<_lEGk$w!Io$0FmbA1U^2y(;J6_p)NW`0IcR?s{VNhsO
zOTMfhyacD<9bl!&iHJmGjIcTu$NB*HMQqJ1<$R@q{p}&M4iQWL__(KzeoD5U`RF57
zhOKL_eN-|)lO8?uwlRvdq9UOPE20jxKcAlBui;C*rDZ#-XErle<1s7GKA=DEm-guH
z(aXDk&r?91-1n>6p!<5KD}>b^ht<>&wyu=kR@$^q!9!@8Jsl~tJsBy--`l^BV73Xo
z2EU=?&vWsZKA+j=l<u+MygUg4v(0_8UbOd~IEJ#%iz$kUw_4Z!x+6JdkRN(wHa#3)
z(_Q&&<h9!&w0qlA4<7ma_U)-a8}D;mrC(CLAN#FZJsD3!Du1j$Ol;>#A$X_R|M~5F
z&0FR94jkBri;zrvj8WeEB>#Pk4PRiy&9(FF+1{jvXOFB_XI(CZK?Gd2;)xXDapu!O
z&(i@8E|opK?6^J{^5L-ZGaO0jK7Du+|13580+>$=mV;zy)U~woIM`DM)*Z_@Ev21T
zV>qz4oYS&)SI2qF912&Ox3-tM(dWVAnpHDzi9<qQYg-(qtiO-@z_krpsOSL|kK5`|
zyU4#R4cv=3RXTs|7j^>2Muc<9ev_O=$>`(g?g?+G>Q0d@JnI+JR5?2;Ryt?L68Q2v
z?7f>2BB8a7H}qXTl0{tOfn(ld%u&SP$W)1W1~3$Cu|QiMaCI5=IfQDS#^_@)(7DPz
zJ|mw44h1@Q%{1(FKuVI?XU*|?D>|RJU)34u0yHz_)Slak<-MUrh9azYhm5-JNt!R$
zk>8U~6YjTC@4uQlrnjK%&Yfy2e+-#J7<yM?#<bAcZlGaptQAJ{^}GvpxaT^kx)XP2
zKGLFqD0}0s{<l<ew(8zKN|KERPu!#W^;+>j#2<C|4(<11>+9|+ApiQWdzsd{4zk@J
zNcQOP%wSej>7VC+n#e#ajW|emtG_D>$N`1<!E|K6i2br+*Eg->utL`2fzsZ8YuxHc
z+*`X3BgaG&?+q46Qf5u9jcSok^S9qS<j^(ovoB-e-zehe&;Dr(PFQXdaR3wfl70e)
zGzH4fdav#QVB-PArlv}Rec(?%^X|tZd&qe&1;QMerPzM5)?m5>=*yQr8t_b5I4-Xv
zMfGFFj&R|d;{!Oa+3|*ZT^=UO-I6d!iT3-cM&{Ofoi)EM)(0h4Z<mV9oX}fZKw$a&
zW6_!+k|PfF7F&~m=by^jOd>-SqK)fjl(Usz)AYfqZ&{2>ofAOZUJ$qQ6(7tOG@-KQ
z_uixRRHNH<SGdV}(0r+Nxvl;Cx94cX<qVe1c*CzXOPrq(Nr@<18K)oK>}YD?igZX2
z+k?-oXtny>f*8znRK9<~#nJ!V`8EXY%aa;7jI$mE;t)2)^-rrmaQi)XI-sVl8tMCS
zUb9OGqY_oTR>+}Hj|1oxHY7*=u2F2m8R`f1prK1iw!tEfaNIzA;>Q_;sp6ITE=qag
z*<#wV2T}}7euPQGiNrhZ&7;8;(&@V>hYbAN=2c^4u^l!ld$=L&1a5fh;U`0UQ@QRZ
z5ggOU0$bhTo8^Avb6lPcjOu+2PrJScXH9fRxPA4Oa9_enej2a&I#%L}H2C<=D~WK`
z{_PY797iw!kvGH(7*VXrom73meozBYT2+10gY;^zk6ibS2KmQFT0I0WYEgRbfog;o
zxm#MQ!b{$sZ(=G}@1^E5^&s9rZ#!~-Lr?*Q=(nWfAv0&E?|(8@NwRuEE82zUTP8>Z
zsLqaH0dR){w51ev{VcRp{;5?Pw8eXIP4ctu6l)56OGU%E4$X`6GuQ|Br$nCN%of_!
z2WVqW$}X&zP#3%;ql|WYXzz`?eP>g9OC7hI^a<-8DsmA|>U-W{N1@$|xt{}adu?CI
zs0Thde&V79#r*R=aiO)3h+FACuM-L=_#M8+WpuezXis_wRbf5C+@ocu3si|}kImaA
zVL+m`jH2^@@r2Psz|GhhfxP1<zgrya5aoy64S{Tw?#;(atG~{pc|}`jH(&YlR1T}I
zO2ZXau#5W+rXXbc8HE}|!k`h3F#N@yU#SVVmfpjJU9+>b_2O~nc`Da5+b0bt2lE!5
zKz}*0pfhe)vQN_uE%$AHULG9iEV<Z@mWE(PF1q=AiWuRFi3SkFGPuWN1P??|6~!mV
zdrLzIDHf_ieWwe1dOp6H(ZpKtn8e`tMam5OvFiqP{#&Lq3a-b(;BEnoyRq@b`5nn0
zLtY&7V+$u#JR*24%J<4?vORnSl-tyjDz<KiwQ3-Zy5D}znf!bwiL(8CP%h*=pFa>n
z8IygZ7Gs&wFgbc-qtfb6+rI*0#o@Fh#~;o&Xz$r}x&D+&H9t@p_9(21NjE#U=0U*S
z>V;KLX*o5Lc%(z&{bfiwt#1pj6YBb6C!F;h0FXph-(BlWQu+&`4}IBQg*pj9M(JU#
zNTcOrdDVu)rv~5&8ySx9ID#>Hg;6|!sp`l_kf=U(Ae&t8nV<vVR489NG=$f?1XJua
zw$Cs~gjRZc0F;Y$wD1=#5`O+{zkM=`(UCcPmzhd$zwdmqB&1O(%l;jke1ng-Dt)c?
z2SUnSz1zZl9B*W}UOAhFl|aB{{M_xyq0#z$gNH;x2|=goYye+YldJC?J#QNydnQ!r
z6rEWNMaE?lEzR1{^pYJJ__JcSn`i#)zR`>YNERb$*x&cz3@@}v26OvQx8QgEXK&_h
zs@FsPx!(o*!l;51CJGxg`vu<XH5buM8}2=Sc;SSu{$bfKTllBF4B2gH0q!B4P<&;l
z4+LU8(tcBnk9EiBkOAwNw|0Z!0;mHgT2d|_r)ieC_Wn^^P=FsPz1ml7kZmACa6kO8
zM?IQNBpm-Hw)V*SOg5cDKloC)N?hfd>I5|lo{Ip%%J(Ayb=HNV8C)yTMVXey1h8*`
z&P*Y#bjr*j^=(DI&pvS(A=Vh};e;d8p<&*yWuYtxHr~&9yWb$Kz0~_3(Q+#hOs1^;
z{BFE`v4skn*F@akRW?#HHd}Gesa&;zem0FK0ha=^M^3n1!kH3d%+vZIxI&}&7TFF>
z?;qiihlJG8RQj&-Be~hfBqL>8%xKaJYB%76=)UNHEA3wfX-WIY_8B{;Sw_W@QQsaS
zCJrn?4ZC=M)jt+pg(`|Ro*KwWqm#kW?RKUKDYAXPN<~_Ai#Df3^!=yz2YNEkAKHWM
z&|{^>qf=#~0gEtW;Hc#Nj$<Y}qxEq_KLoyOam5RelgFY1mpQj%vGkom_W6UqS3SS;
z4^DI0zL2^a--j>Wc<wLVG(`_d|K7CfW(6cEm{S<#bAgWeu7Z=={?XQ!+<id<wTV(-
zK$P{PYvP>E<_v1Xp&$BON{0Kzp?aR?bs11Y5qcICx076mwRtf`l>*uNy$_zYgCBCK
zXAd4$ubK&W*!`~)%FdVuhb6Xtb29Rm?{{v4J6=LpIDS$i%)?ogQPg|I%4&WP62qxy
zyolSg<pT~{)EqZ6z8$so1awCjTaUFv?zsv#?XVO?A4`$H!k5FBXQ2(V1xba&ybthW
zgB5D&a4b?5`y2oN7opoLZ|GH(^22kY{Dah_e|9}I%*D>t2q?3wwaN$nIt}=g&$CeC
z)R`i5;aRiiT>cs;H8?z}#r{xYt1y%+)+kVS;I_UeF2TNw+mn2@HH1z&I%e}TvsV3|
zqdo3M`Pn*<QWoe1qnAzQ3?UcxnOtN|v2Yw=Fz0K#@#s^z32mUj?`nGD<rfTX=gnQf
z`ET7j*A$|7CQs3|(YffVkoO6bi@G0p>+j2j<dMUgC5!m|!1u>Ss&VP`P*j!Cn#>^=
z<YT?hHPQXh-t}QWOK<ULz2yMEZS{Ujz~r^akq9b}BC~D4+KAG{Va`{V*>|W;R?B^s
zG_BdFM#$R%S4D<D4&r&>7&dy3WFEAoev}{!M_mLkXx}m_pJ$TU-+Rx&)9~Rcob87n
z<|Cwq&UUBw{iLtH5FXCL>`Ev1xfD{XSLeZ!(^DXxKYDdKiyBWyr}=di-!myh?rB2r
z-HFz#J17$lO~Y2?2G)8^i>^M3>~cO_*rLqWrUQR7JD38VITdEd3b;oSw?x9#Z@Ft^
za;ip~J6m-IFn!@JSu;J{$2egZxwE9<c1Im#kCNZ_X}{tqTsRvt>PhZHaa~vPz7&+<
z9PlnCM>ve4JnxZ@SMPT`aodv?1=6=UQ@og?2_nEE2GPbra*Qo2*sa3(I`2#V9{$HC
ze>UBh@BY-xpAJ7EhkE70p~;KLbVhzZ-Aj5MwfvqVTGQP#F28OC`&o?6$P(*+Qd9a&
zYa9#7F@4Lgd*)Am$@PXYx{b)+K1C_{3^%6w&GIIjB?BfFz3sAE!*=9xHO_{HI|-gD
z!ojuIT*@VLlYP7i7IFRLFplJ`YU#LU;egr#r;sDEOh<d+A33;~RgR;V)1(xi`mN<m
ziORnCEGJDC^T;rK%R3ta|ECFm)l<2~9R_^6C>o5vzr61bw=Yv>&7Rp!#4Mll1tu81
z%P2_ne)JA20Gut~hoZx$xeQg?=PXy5s8RE-WLz4gEW|fzN5cMm7*mGDqCudl{pXW>
zo8t<q^z!wZ-tUeDJ4Z5k+^{k>CqoW2?h_SHHjk6m?%%N1x4mslrV;z>6)t^5S_S_X
zvT1VDy$23Y{`UVr&j|bOhifL5+bm)-hSJCva7F(P>ziLfrAn2z1gogDhDEpC3S3e-
zDa?k1eQJA?r*!<Z>*Gs{_Kg?g?<hX`zi%IB8u8cu$R3xZu*~(!?29{zeTe6w5)_4r
zg<Ghy(P00jNgK~gG(I|>pGXjER`+b4gYakp10%qkWPUq*8JxrYMmk_SI8-@6Fei%`
z%H+0w3dCo>qpc?StlNHWzyyPg^Y7ZRx6`zT!4DM;kkmK!AN4De_DxtL5=Qs3Wu7Fp
zaQSaol`H&FU;J?{mi#sgIjAE60K`AR6hFZqYY5Co09xmj=1_>l`I9f?ik}Vp-Z|s4
zve#GSh@ob7Ua%jW=LwbghpOSgdyB7HL%8^R-re8_A8IEStp2CyvV9;LGQHnZEYoMw
zjRfxx|FDA5lrLG%w-BA9zF?`RRAAW<_A*^|MK2PThpGNf1^=B#v|HxH{tWT2U!`_$
z;u{p}AsrO%1Z6k=-UzHFX6m*;u;jkmx*1Ojvrp69;%L-ptM#e#k8OE>t3MN>=Ysbn
zL_4~$ApU}DH8wF(ab(k{H$c_CPKfQ|0k!9scY-Y;V?ravNO;n(Jz!vjBb%L3&U@8{
zCfb|PER00nG6Bg`1io-VAR|+kgRr9CFDr0U>ffXS0*#x$PV(;RyPe?Hl?z{6*YRWx
z-ot;}^>UR1*+nnLZy}Q-mOjm6L3*eu_S^iZ6dfP|96B7EfHYx(@an9CWdA5nj4qC)
z(Atz)gTEbq=Q7!6%JOUhTY!)9TS9g0@K^~f#@_hDiTBPn;d^A71shCd+<fiHY-`{a
z!qhxi>7lafSNT~TEDrsC08V$X^tNvkCoFBtqtoMbyeF$U1rjXk&gAPYF6%S7>_c`C
z^9t>UCXz|bT)mQDX{PVdVyY0Hm>Wj@-Qc{L72%VMY%$Tyomklq*owekXy<D83Ny~t
za?#@mI(I<WA``L+kJ<usB$!|8gRdEfAI<fKU?pp1QRuu=f2X>b8TX(^!P3qmgGlq5
zUZ(r{vjRtW!PYP{_F1e06=Z8ZJ#~R*P6>~gDCB*)p+l#GUn2~$0_yx@$!PDR!PYVV
zRmo$6`gGL2+!O@H@CT~kjh#+>SvM{Git0!HQNyqBj)<~NKRUt*fXme7c@eQi0Rmb*
z9Z}Cs*dIYC*4tAXcV=IL#v-Ef9md@zVk?AK*&LxXW?%j}-lMHHRyUHcdT?KQ`bxxV
zwAXLO;leP-O(GKIm@4U&fGJDnHC6Eeerx1w@_JV=$MkUg9NiS`;|PS>)cSamfhG<2
zc+(I1C%B#}X}$y($V3zFEZWBDHC<SCo%S=~J<WBj4k}c~*#An&pAedBS8~6n`Nu&G
zC@;|2&kg7F7K8wHG?s?(K!yvJE5}r<$&auGOH&1W)VECKLVufM7Z?%5ND78ISxW0>
z@08RHxGo~h&XJiEuBPz;LePjQi3>BC{ac^N9yI97xu5PmMw>sAzsHF=?P0n+Sk`5q
ziJy8`{H&AfZD#^&!2r@bxEFQl=d;#oSwYr^e#fdWw`wy}8l<89ph^-ym&AFx-s$X`
zf3d1Qod~EqdXNwN10Z)L4{`A45k+5>xi!z%ikL}9x^%U)E@Q0W&Fpgwu!7Ln%rn`3
z>1%o?m802C>zO5P<L3$7!@*DqdHH>9aIay_S{S38xOLGDjfYz<_d?cpF;=Qtou7|i
zqfF8F(3hvpL64XS)u?$r>~mU5zAo>y<kg;;e?NI;Yk+K&{+rS+kB*<%_&)XFk(Vnl
zm|*f6=4+o&o;iVDl|$*i#roDu#QeJru_epTCEy4BLIptLotaL23ZyDVig~6_-5U(h
zZ~`pYKDz>15jKWBOc83AXv(}=d66tbl5(1O_c871DXd-SiFxpYU?`8@Y@D&5B*4KS
z#_97@e4W9BxN`u>l_i?@TiSq;OhN-5-+b>xAQBd{-*a_vY`BSy9wTHfZQiH$qp!k&
z)_nAGBU^|OUccYTJ*m+Pr3N#|eW;02Z=Gy246b$8KsjRGR!#5juYGnJrkz!X7~yfP
zsY7!8<>jXK7U3T^tztAxq%zuC(J50Z%z4VEFvHBZ00av_yhzaCA4*1^?x<gV|EiZr
zwQYSCn-6J1uu8Q>A}0{%rTcw6F@Bbiva?5AXhSk!*?zO12lAVY#n?7F_|O*GQPXx?
zb6BMl*28t4#+5iq)zer^;XQ|Tu1=YY?hSZE?UASahaA5@nt1fNk$L<h>^;DmYQA?-
zdsoB;7O-M32}uY61xX+Q0wmNF6eJ-DB&3j@P^}0EC?XcBA}T6PiqcU)6blvv1Oyck
zL3;0;$#>5^&+q#^_x$f8h5$Qz&)ze$X3bjfdS5gJCh+nw#qw2ai5<sYYAQ4pDBZ|X
zeQS3hQSavIXl|{GBa+FWj!L!aQRNV_2bpT+C9uK~EzR7>-j);)I;H6{#Q;!a?g*7R
zu&q7aokU=L0A-?991D^?nQiao#H1@!t2kOBWAHqj@Gv^Vg9MUho+dapS}b!?GF3Cj
zk>TJ0qD>@lA*?Mz;SNHf3QM9u#s`HUcm?1YqL`ZTy(JWi6N1YlvSENg3uTALD3KNd
zb0$iq35<2LF|~w&Q_<}_rF0t;j0f3NH8WMYO(1P00vz;AFAC4}A3l0Jz_eh30W^tj
zPJqq==_x`0NFUS^ZSLe~&xJDtP<^;9%z<hqwWc`gx_c3EHhj2{;b;K>C?GND$P_|3
zGJA;#3V6<~z)l=Z;5zaFU#Du|ap_19a#Wc%nb1+y*&ZBVi3lL=Ote;bd72V%CZ-Zk
zhPk6B$ncml_4x`G3JdkJFx97`AbOTE1fVR%1D;ni8q-RFu+hWA9j&|plM}>)YGR7D
zM%zk=5;qw@Q90@B!hz_L6A8{X1;tw&6*G{hiAWEGE)@D8LWBd!bUYs9qZncc%tXMp
z<2icTxGA{y?lOJ0l3~FTo3RjRzMN_+uxByY5;@5n>%@SPgdT2o`a&iT?19iq3RB@t
zv6q2VH(m&pd8>9oAgBX!g>Xl2zB?Y&9jTmrQzy1u%wp2SL<;~@Pz74h7<Vr_QyCu*
zpjTL`z)Vh{0g(>~&YnT@2E*6hoPm;H*<4S3wjBUP;@E)CP=K)qu@yku>Hz9|aZIk6
zt-YtG1)M~%w`5aU3<_2V)hFTslvLm)19Be(9@o~<&W$Iq;4|<x5EB|s0-_u4Vwk%V
ziI1?eW&_!C&@_~nwUwMkaJQj~(Pl~$8DK8MFm%1-PBgHkk>ijGs;RD-f+95mr3#)L
zxEqNH6b6Y(J09TSAn-hiR-Q<}i--gb_y>Qc2g)AU1RDmF%U4K97JR_&1G4YHwBew(
z48Zga5!k8LI8f>3F1941tdukf%a$!yQWQ=yTN4`r+6w|As@5VPF{uiO%RJ<uQjsDT
z0ir{FH#!0Zf=(6yC<ho~K-Gdd3uw*bX*N;@f#)DWSXz2Hnd_n~q=1jj!vhc*n%hx<
zG?73l6A<`-2$ZMiWGcc5%@O)gvYyo51cU?79tgTf4-OcvER<#v2q+45wB_(rGv1Nr
zMYrOz#WD;MVaqW!HL(G=rc0z-D6F|)yWwT(MMdkGh@mndmh8qAKtO#x(*kFUw~+EJ
zRogzM8^VeT#|yX;HxITwg^8Czz!n@ha^RvIP#{gPwQ{htz(OqCWE3XO2Crc7KnuBK
zoQ;J{tPiD`>6!wDPN}uhokXPDSUB3s>>QNVfc~G%mfJg7c@o4jE|)|#r!hR>5D5ja
z>IqdN&0Pv)pun`o;yoOo93Z}@Yw9M}LwF%Y?m(;7PHGKuaso$^m4)2Pi(p2_JHQok
zg0~1194So5-WE185D8_tn>pHBQa$)=s0<~SQ*d-!2Fe7lM0?1A)RRz1_5?JEI1bv<
z4UaLWfM|%do@yt^G!=L;sn$Y}qetsXRUD&Oxk4-@dIBvhfy^EY(E|$O42T{?U<&h6
zI$2V9atAiheKO|@fR>=lPA&&p)Ih2T!2pC<PE?i~puIB(kWVLfKGEGCjbkIcl|nI!
zrP4`7GYA3{56Shgu)tz1Ss0keTxC(jCK3dn1rWwGD;|i2bGQx|p!td=c{yS544Rk*
z_10&|81`7ey^FHo>e<lD;3Axr8;Q!}NoXi2U1km#1F;SY2^y4F$w6tIg;*g1517L<
z2T~;ZPzA;f;UwX4Oz0r%YQ~VEcvf<xm~Y0i@B|dU5;VaZ<^%&Su$h&DhQ<j!t@RW@
z1sKW`i4dM3vLUpT(utN7B+1kbgi46^0+1sCIy4-zjo93h&XL<wkxqOuz=OeHx^w{>
zh|hRBT7f_e0}Geiuz7NctrRNam=pgYLqYQ(c!5An0uWAHKGNFS&53Jj1~%w$8v$se
zhuoA)P#{rG2#gFy^j1AGz-<LZdx(HMm;?kGp`eHo>TT*}ftNGfVIFh~Z>TBJ!dh%*
z>&PR6u5+;ScGu;a0G>^KgoULZlkEw7Y!f;W0(G=PGelkvOr;)@M6u#fJ?OdsGQ*?W
z5!iZoPqr0B<qWWBcqJKBvf2@4w%~L?2$}`~JYe2Pnm3!S2UxF6?cA*ZrrX_`zy;)K
zwgNGj3pfX&DFKUevsMsvWeSEE@RviFG}Zc~Z;1n&8hbRxi_3(PJozFaAn8@wVZkQc
zoJX=ZQviw<D;b}qYB^We27*v>0jr;lm6g!Ol1j%~2+gfb#GqKpgrigqRe*KV2eZ;b
z;%<rY5Sc){$htOGWI)$Ukr06{kW$X&0ywq<$6aa9<6GNv1Pax{YazFGlaY1J<VX)C
z#}tCVo45mZbU7F^OmCokz)}JsZChJ+iapSqqIfgx84@P|wX!q800JH?+X)1w5D=g+
zAm(7XmQoqT-N71)wz6XjNLW(~u_I^}0!?uMSS}iPkCk}Y!i8eEyM-<trVqew79ehc
zkeYF9*(?c#Nt4>pEUcgyh6#`i;mM)yK$g<o-W#|vSSLp|+?z~-ailO+c17tx&;v5U
z7yw{1!vmsp4>JqAou^Rg=FK*PU<j6OaJs}zA7muua=_k$u?Fl4HZtIGLIEkS5(_iu
zSXtYG)G$L|=*aN4wlzo7Y%!K_cT>J9OlNOLM=21d1SfB{g_$MX0p{&tZOH?b#^7e$
z-H<#Q(^iJT=mAPzK8(*&Kt#57EGJ!pCCv&<e}RJ=g)hVcVQz}|KQyuoim9C)2}v|3
zNdN^G%uG&p5=&4-AxA2MDQw9iE)7NipfR8e#s=3`t)c=BnnadK=(a?dj3$NJIGO{R
zcAf&r{3=wdj8NtFSnD#dAPg!4{;wHQ0_V#;L`ZiUTw*QN6NqpME(*xSIXQSi9DwW%
zo(Oz+w7`qPbc70>bom@TE(HVV`Q?Cb1B()SaIt7I5(4=rQ0d`e!obQ!o?cRrb~eXY
zO8~z!7Wf2M3Mlp#h*hpI2KYN@Qxo6`L4W|b0Ib{$99_T%l64{nArLPEuww~E3?X1l
zJk8*8n7)&c$(Nhh;5iB?)q`WDM4$o7tr>94@JPM~o38-Of%bY9I1xypfRbqkrGqDd
zV6Q6D!Xn6C`fgU17NFS4Qq?giH!oH6htI=X3t$qdDccf*pfN#}zk{AR0Vpx*t5j>T
zST`ppZ!5sjWQIpkq}B|8mV$aP#O`LM-g+c&z?25+0(oS2733CcqR$4B#sr8SR&Fb|
z@W3mG=2$sbWC^yNbbCJD96;3Qmb&`xSfsa*jPRnkN%UA;oRp>nia3srx<HfN2C)AE
zsVA}n*}~S#gDFEwltd-Kb}>vP;QS=2l^e_5+mdEYagzzeXaNg=5cO4=Ei~N(Z!UHt
zaL`zY8;%HA>iG;9obHWLMJ4$hfj5!?b;n~lQYVfGqwmEhC@D%l0-%_zR6!gj%~OIz
zS^{z`lB$pvD@H=ebOjtuG6!0jd<#!tBS_X#OR}C9Rm8D|gBTXW0Z<j%DmhLHT>#mJ
zc%sM%HrL7vi?xShBwPnm0S!zTQ`PeWk#aXK#Rg+VrBek|ni)*OwG{DjR0P772x1=`
zH$6V!^!D<^kYP5CG(Z3iC>wd^csiQ_bRl@QN(>4hmFON~A*f-nC8)-Zp1^`d2hBty
zEtFQKHZ*Tgn*mi>ER>@S*Hm9g=1YL>65&Pq0LX=5C{?>O8zC@QR<<-J76iff)YG%H
z6<B~GI#8-6lX;k%nqWjcEX+z*mqT`w5pd>kh-x<gLOvi%De<6tQJD^o4jc?9;v|86
zq8PAU=+nGuN-P(S0dzJfb8E4U$P9zWpwNI>0LnB$aajWCKM_wc#0#cN)8$hDJ3mA~
z^_0_aK-x~|1;>Mm5KBE0LgZlKMpR%-|4C1=O+=<3M59o7zBURknVk)b$N+#&DZyII
zvOpqmo+6l&4IC>Z6L~7v50KUiu_T%`#1l?s5vW%7LZE2~P@fJ86AV@94(hYyL<QH0
zPv_#{P&kjo#0bG13JJPGN34grIS(LAz{3F~d$vF<M<j6YB9q8~GXrpgU?m8lr#;t7
zz#~JD|6pzuUclM5VS3u@yP4VnjWWeQTy#ttklLbq>62A#A|@c`3xEWGm(d;0@q~!L
z&V*uvWJ}#_34p}k)EuGf1gZsO?w+33b|M%ZCFYrPpah1utu@Bp1^|r!d#Q>19}XKY
zE~r;ESH(c7fPssw+B@2qIk7xJITO>(%0@`FbTb3wlVY+=j1U2F39?9lr-Fm<9Ec@O
zW#Q>u9-T?Hwj!t=6V?>&hH!KT5;SOtH7Jpy+HyeJ%^rmWw5}LA0-(yA0DrNmn>pDD
z<p`vN<#uQpO)m8IAUK%==01YJLSYYRy}_B>0gVsC+S);^pxE*iUMPFA2TfIIf@YD0
z7;h*aDgv=j512RjjRV!(3uNO&c2*E14?<Qs(qyp%O01AWAxtsZ-T^L#0MF5afw%R7
zcye)aoQD|BrNGVL)}}-tEu{;#(^wlvZ(9h7$K_cIm3H)h9)mZLC^G}-ViMF5V&%>i
zd)R=P1yob`pqky0fHeVJ>}F;Z6E46rGgwGRdz=T!(gAQ)DS+;!LLV4Dz>BKu4T8*Q
zGr(#DB|-t73kLz%0&6bA3}ekVm5FI&G!kNBO|Y@Y${d(5eU<~7Zf;BFIiM{80^7-n
zC)A}`K@bQO8F+vYd%CyvKWwNdApEB94zg=7ob^AkbW0)1%7hHJqzZ|07KIFo1VGPt
z66JEKu077e8jL-(DV7BEo`6KN0?M@(!zfmIaI7Vbg`;7KZu(e?r3fg<0`FDN9{G=i
zuPzS_rK9m&z*LODA>}*_i|Fkk1XclUVuqF2Vo(GOO_$?ng%k<QiIy^<0{|nMSfU(+
zEG2-6TVt4ZVvLxG;Nk^vGExb&Edb@18JvkU5%WC}CMH1p4eAb}-+FQs8xV|`P(V4I
z*iH#k`OR<{M9Ly#q)0ZXM*<l)Rm4G+sZz1hqJjP@Sj^Bez?G~rH*QQlDNJFZVnRhb
zNFnwpAqt5CuyUcwOzEn&H%ypF31lbbR^Vt4sf`{HeAfdxD6B5gQ3*0GSP0GBgRE~$
zqf$w_z*PWz3`93D0)cG?FBUWgFzl);+PR~+`T##CW-?41^mJt?6jBwYg?rgZ-K+rW
zhJ|nwc`5}gFABH<8fp#}I`AFu#gqzQssmLuj9?YSvb{|}nB5BwW5S>;@H21?umlq;
zG7EGWnvDZ;x=MtFQeuZxvSCsPLSL8Z!L($mAYWJ+m||F_1Ox!RJphyl2QGj`tL_m+
zBmz(io})_xG#wn4DF(yDsM@TMt3Ku+1MjhBmRuY~<&nbR-~}Q!V=4h(ojKEjf+s=<
zRuHnMlWM4na7;R2BY-=B=Y>XL{wXOygTf~_JF2-igb63gfT%Fj&IGGKNu_{}2}RWP
zQUJ9gscNAoLF@!XsLDG9Us7F!)Px3gQ?-(-N_G>-4h}F~dq4>Sh}TIdG+pIc@*yxJ
z5wIw-lqdy|4FbR6;60frRoR2;4)Ah)P~8UJFu{L}9(VyA3-*;lGM~X^qpZaYs1u1M
z02GF%whrKNqGcHHVxn^Sgi<a994oRj^>p;sWBx-INmTVdMs;hpraUT==Oz;9qiJlo
zC(hmq!&7+5crXM61y*V_&Xj|+BkQu<<oYb2bPa>svg}m>BU`Ek6i^*8sZ0tA=wgE-
zkthrY4<@DsoJ{tF$nC6DaZyJP2_RGl0~Twk%eJ8N%)x=+2aXhK&4dx?NPuKVI-sDc
z=6I=23+O?VQg2haYU~gJ)6qYy4|W(SU-d*(9tlz3THjt*;Hf8e#M|qEQhv4`83rgP
z1whIO0saoY0NWUdp`g8mQaDOAfIYchP?!+>M&*++%?U&^2L)RQC`-YQJP`<r0M#?_
zSEd&*qF5pa7+2L<I7mx#8BE61R}hE@xgEv|411F5BUo#|1mj62gN-3f0n?SLL`|`1
zl!*xgM<L3sotU6h*F?-jk_2+jKgFH;COR<C8(4QwH<r+is{=Fpe}3l5nVuk`3o{$u
zFZ?iP&bB##KFLAu()Dejd>wA<qCVM?=krX~T4w$<Tb8}<`cIdToORP7>ttt~&n#ZD
zbk*~d_<hv9#HQ4Bhk7<GS*^3{X-k$UFI3xNq$jfAS5bQhrk5v^jy#2B#f-PSHUAzu
zZ(ZV?g?o?BT}BN2|9o4zd%>=lS2{3@|LYO|`*U*^Ny$t8hZCs|3k+KV$)NAl2>E*V
zf4pemycJy;EB-Gn`akX5tbXcLCHC;TtpC5ZY1X@K{GabKaGu_d(o&o3<!#;F-L*wN
zGUVnwf2Wvt-v`^5zmCj}#D4nqk)4zBGsZS-*X#ao(T%p-@|JnbJ>=dI{PJ*@)vfe5
zuGWtSrvyDGY*V%Ndt?iFhfZy6X?@cCk`&UIY(AH=>NERp<t<38jeTxcSUG%2u^@NV
zu9S1Tc3yRg9)ElN#@Ny5?j`1Sn(p0e!?e~6$8!vizuot*emNC3Z)&G;gCnJ|zR@u{
zXMHv`B_Klk7?09wmi7DS!UV%_<O?qsUgqpSe?S<8oi&;$nHc;rYH(!2RB~$kGT{yN
z^_$zi<6+ScC%3*&;H6!IF1h^h$yDZ)883)DE1vf|-+1l-G;BdNyv3=WoiZ^s)PxE;
z_#yntY3((azs8QUCQC=Qk3Ur#@T5c*ZYj=bI#y>VN$9ZqKfR$EK>P54r{g^8d^$cY
zOnb5dNqM>Xcuz|XCmpfxk@*AT#_u8)6CFMIh;Z5meD39fT^24^?s-+%{NAw4z=wT%
zK}td1XND3C6YsejpUCos>wRuC?)~%jW@qHCBlC%+O`fo0%kJ))ONl1kJ;0yw;aTeb
z%KLW%qSv1~wWqc;T+esEUVmdv-pTx-&OP2C8HDKa#LxGm=Ly>{wmj)X*3IT#?Ul?M
z`Y=5b*9MqYE^nXxLA)&#iN0+(W0OE$Y|fP*BWr(&!sW7dKW+c}+3`VBt=I7Q+y35d
z_{q8Zd?)O$4r&-V1rMJc-pMd3c@;?M&HMfEuT{{$r%>QOV@jCeJAM>O+cQuZxhrn&
zhZ6hyF89e^v}Fqtj8MerocKHXuXVSX-Fj?RSl3(D+fg>)CY+wL`~D*bMpO#-W6<Y4
zIM1Ah;KvDG3F3KP30Lp<)q22_K07>szpj}$=vs8kU~Iba(dE173xS(^OMGX(50d0x
zbZ`4zeJ83$<b;a?{%dA`T&P(etX_YUzNBk!|I%dF@(<m6+>YP3@ndCbnk^aAK6(Si
z-85PG<kFDx2!@QCm1X<KE^GNav9ja#=BMQYiTOv(r70nIQ^~f&n@*kHv+CEG*a>gB
z%qV^Fo1K5@YjSY;H>l>kpsJjN8v|bI;-B?$N_1u4%o^=l%R7H9W`A|0L;K@7mfwCC
z|Ci;tv=oxD)|%O7sgto27awvc|Jy`O%I6_YV{U<3==#;ZU9aYB?7OpY;oi&gdAhq~
zK@Y!R9~`57_*j;--C}J`PxUk~KCor425yMIJS4z%DiT|937BYOn9j-`{M==l)1ueM
z;+Bq{$p80<S(kBc&U{1YJj1LLr!S_|uYiS~=ie`^^SHa1dPphjs^?$VIUI5*d86Rh
zckQKie$G{}LCd)@8khSbFgcrA9vq8EObQCG(tY^wTf(Gm;Jn{!FYnrdC#7N$Ir|oA
z9VI*FUJd`>fAU^(LtdSH<X@Be_*^`&h-<AS!=02X*e>5&CnE1I)iM~`$_ZXhKj67Y
zduB3o!M^MM!OWS>o(~bzQJg6f@{5Mn+dtcaP!8#g^xU{522-QX$E(W!z7W1vdXlfa
zyfh4RYg=}?CHaxdfvnC6-(N)1tAQQ0?dS47hr0B0XXkwG$z%W38%_GR3GUlBcafB~
zKw9_$*JV0$)wRUdD_|bY)x(2aViUKh#XQ*TP~Ufd<2f6})HUv}t{C)<$7>%{Q%}91
z_<MGK*Oug4i0LochI1E>zImMfyGVQJ?)`n;eiOGO4#p7+wVQh9nQPzMlF)V?{A>SQ
zeV`-J*00)8l<?c=zed5&HN<aMR+C=jPE0rCSf0X3KNFtco8m0_`$wZSY~)BF#3Iu0
zDX0BOl~c7dw|M?+^PYKz?9q0AU^NU*izACVZSIwpjGD2()@UX8{L>+V2acrS!5g!u
z{mvrR+>1Gav<jZL?&9H7RmZO1`mc*0+@6@f^ZA;anHS)7=?Om`eyQTI2X<K82pGH<
z5P(EJB_bvpe;Uo59L28e`m@-egK(i&B8vNf*;6`jDtF-fsq0k9sXeD=T~3|~sw?xV
zI~#wHaIfb6kfigGzxH6uQ(4B{1yXVXC1JeKEwep!PC-rhSI6+koQigz-#7ndIx_s{
ze$iT58^G=qK3E`)Qa5DJ>P9h6d}il-Yk0a<dE(?MFHU-?pO4r+^L3!RyXjiv#eaa|
z=uv*ZygzKB^u4Q(yQn>=BQriL&c5Y+a(dnI;X(3uSDzExo}ZoRoc`*cIUVw7W~}kP
z+o{Uj8B;gjzW?w5E_W?-knO6^e|yh5KJUc~Bd2+H`E&MN-}O3g&aX(u-dU!@d%|o`
zai%D&b<%{}uwwX$<o>gPtr;xY*hQ^xg!2+nHtzBM7o$U`6d6{2OUzpn^RMnZRee}z
z-J6N3k&y13Yfb5&kRFdG6bA*>JdKS@T<Mj%-76cH=U(48tvI~R+ThD*)3f;G@nior
zR}k|a8m_6?axi7|Yld6HXymzjk-JEdj41PSQ&Z|2HZ&x08*PuQ`9Zc2UJNvrVQ+<4
zx7@y44UE_C{5wH5fo;!Y+qQ4xCelZ4rA~cum;%Ryl!l`Q%ZC2E9=KavL}=;r`BF{a
zk+JiQ_7JJJdL*=)bYghVHf~_2Pui_X_~`9_&zRNM13SadJzJA|uNTRWpDH@Y$)D>H
zSw9}h7%$rOT8o;qDeqWjM4V>j^7_1Qgy_rLq2U#Duu7`WJ3aS#_*dtY<y~XF4cd8&
zqaLqIJicbRyT{bo&i2gGZ-ytcpVaOQCY%nsfBeY?NLzf&V>h|*Ut{%n<kAN{=H^ef
z?D<|Aqi3DA%KUKT-Q|Bw6ATVPTR89=4NuxG{#g2|*xGAT20do$F82@VU*87o^dH>}
z-ELF9X?W;%L|&EIsqc%2PshbIx{KP*c4YWxorD#geADM=51ztl!>8v76-=d(YP?bs
z=;^q*yPHJZpQqz*{@Zu+vN<lnoyke)h(2`n#N5}8(Pp#B*9z}uQ4bm9vJnHfuDQSZ
z<u%5g{6>hpyMp#IldL>96#8+%XClM*T($3pl=vHV#`BDQ9k$kg&2^+qEd^F$@^eHR
zZuG3WsHsI4&P|)3R0K3SX_)t2j8}8nI(TwxbIDtu*(Vi~xKkMuK54Jj8m<22g@A{7
zP&HB>JBkK>FGX~9MFoaCV2pQEW(P3LBi;YZ`67!dpKT$J_I|ok@qkgwzH!-id^%I-
zXhzb(uj(oH^=FPZMex**{W^&3Pg6U+-K}%JVStzIrrr5jg%t&bnT6!sVt0>PJ783n
zbR8do{4hD+7TCSLcd>Vq+C1ZP4~yG(|H`}7_+RVH#dOtZ8PnbdecJehL0fDQNz(ZZ
z{i2PJ%=q0}nQ=Ikns@$zb=jto!AZZYt=kx@jVXF>xf(NTnZ<RIs6PRncs1pX%%cm=
zS3NYmIpyE7MZMl_yk>e`-0;=m&%oy2ZhM_sL3o%@IrWt1eP#HxRxPWRmCM@TS$)=s
z?bsqp{h^3c{M!qTOaM(<z)7ml<@%~oqBqpncl{yE&68v?=@HZzmhWKeQ^wVV1!<XO
zsE)i`3@zPSechrjaaR7$dfs7LtuT*`F_h4RN~5G*C*OYmS^wl(XFGKEP)x-|t>z&4
zR?DtQqNRaL;?mKkF(Z4C;eYudOVxp)zkK;DS=pHC{EcZI34e8g^+~faJLT^Jydh=B
z^k@w7VrjU}Cnm7cf!?RLQId=@vJ_`OEq<%9aPKLddEv%6PSZz!mnf2W<*Qu5F%=7}
z^4h5f?X7P7%a)pd{AVzjaVJN-C+Ftn=KQKW=exx+&cLy8(Ms$w*!D2fmf`7p!z;RW
z<r}D(&)v2}3OYQd7M4+lHl2H5jlk;*_MfhPMO`F){70#K;5DH%%7-`b`TIt&!2HLw
ztlg$sJ~ru=(1RNJflZ$_4bX~@zDkXOZ!G!f+d<Jw9^G7vjR~>7uwdV(nxno1wdkOW
z`y$_xww^(xI4qVn^U0fy*2jzwB*jDm+g+Sh{3xY&qw`aH)m?hWg&sU$pP4zM`j?Ut
z(4QBu@TQ<Tr|YV|{r!L0CA){Jfp&LMW6m4NqHSt+wFbFA_SK)-HQOAvIimMU&C7n&
z%;Yc!Ec54P_oW(d_wxwql`O15Ywt;GDdhwN6t3*6{Msn%|251RTeM&seq!j=O~e6q
z)ZXw7*Y<ZlNj&&4F7WSduZjA0#DKmb<>2hn*97!nLeo>VC-@|TjMk_AIiG~P9~>=b
zO&(Cw-VsV)^sDNY&hxfIMjbJBE@zA{{Pa6M=Lze*mrzmMKL&mIxG~V8yCKm$?Zoc;
zEX&E&eLv=Zx^GRFG)EW5zdqzwsiy^8i1Bpi)*bjhNV5Mfp!<bN(CBS$4aj09$;uXu
z-9AAHHB#%F2%0rHb-O)vTS3jk-n@QA{BOPg=o{7BHTyyTY`?u&w|%5Q8rHM&R2u4Y
z_KR%Z+y<wx&4iiCWrNIDp9*pgOz*nM>Du)LvA_P&5tpKX+1F)9dcUoGw?7J37JRke
zd})n7<E-fArHrRp0GOkh{bYqt*rJV}k}(&uJuh$PQXTeD*U4N9OTS-xl<8LvQQ!9S
zP5y#2_V?|-y&m#^XPHH)kpAd7R-^fM_vQSWwDZMbn-WV|36z!8f}2^HtxbxfF4?O$
zYJIvHm2NgU5}N;`x%iM0@qlkf_3rll`xQ3Tg<4zGSy!1ZVVixO`W1luD4baFZ0f^;
z!^XZ_Np@4sAq#bLXU$YD&n?Hp)U?d2iH|m~TXTkDC`+==*+2H;E6QYYw|nbZQrexA
zN%&McR`PZ_M}(G!i5e%5xVqKf${9-rsIC2j*0GJE`JYv@>Xy{K$NJw9fNfHhi(;{G
zqCJ7mncv`-pRflv_5J9?D-FMyOJRSYqoW@`!|Hreour;k@<^7QqEgZ{`iL|(cSTou
zn|n%c=<wEad-%<XwIm&4svP?9O3!5jg!b6j_mQl2`FM}k1tk9h8fAn@dflTh8FVUq
za%X`*m6Uo3RWN$WqPoY!G0(1Wq!k;yXLamL6Tefe;bmEirL|iP!+V-Tljgt=kv2?k
zLYU^E7g}GS_zY=o=rs;BzOV}Wd#Gb=tV`P!x}fdj&J)A8wx5Z)SLmc=bjAoD?dI@i
zgJx~lV*AJtQOnF5r&Ht4F+09b2!0$@zx<`d|0Yb$xjJ@z%P~s!oJgLBwkvbpv!U;E
z^AGpEEOafnk-TN|8|uqdT8^$qXAuWZWa~bAX)`a)C&CP$(eno?PC2>OMJvFfG=6EL
zxFtE@<EJwFVQ-@^J^NaQPh>B!G%Uz>O*qH6<h+NxP2W0@KH^j~y|!?t?B5o9@2Tyo
zr@o=8de7Bw`I6(m#T{E_fCpr+R|DMSmVFybTGns6mG5|UH}AB?kC_yDv2#uhAu@S|
zy6D#59X#Iz{Z)vj-QQmn`RKPBZ8S5g?zb3?xPANC;7=Xjspg$~f9=$Z*AITThj80I
ztdkaUBk=pFv4F9_Qnjtb9R%K#f9HzA(XFKeF2_FHK`UHH2M*M2{j@Np$6fhUNEzE?
z`1`>97@JsAQg6irr|i8028Jdb;+m3M*Ny~Hv}X6r(`7dXx!|LN;YhVjfy!jOj(!|J
zD6G7@z1o}pdxdYj4*tw&L~QSHB_VP0j?Rt;u!jm*Xs+!1#45<8DnqFE(c-GB&RYo4
zj9)z;H_tqOerCM$Qpc<AsCRb<X$4wYMvo1ZTaH~nSW)^i?0an|E_9qZk(>oQs?kT$
z`NyM=%BO$U#dD1$n@(<!hbry&;#S2b7<{GGNqUX1f2iVY$gfKY^VDk48PiW-kIuuO
z6Yshf3%38NimbTPeYrtui0anxdU33-A^zLVt^ZogwkejVoUxG4Em^Ez^DH8L%6kc;
zzdl!NfAc9VVrwcqBa0TCuwWm?E^4v%+6PeHoh4mUFv+rIzR|}_b`6fqoLB#gq*=ZB
zt@&x!Z@A5Lbb5J687{-}W|cK%bKsFjYnDitIBC@@N@yuxaa~?0zeRBy<ViuFPJb;v
z<T5!<Z@aRyuRasMU~81^se&N2it8w2WT)n)d*_Sdc2|v7-Lkb@UB(^UV5_Y$)v)nP
zs0QW&-17>m2=mzUyk}0vXH)C@^@-2r11~jzs^AXXZ>#>|=*;AtksF`BmaIr}hF5+t
zw@*B&>?2-U#&%8?Uit{jjB`G5Q~sy*Z2BTKK%rfN-;<s0<XC7NFsjWCPw*JyHLljE
znJSM8&eWO>D>1fdE<B%~Y`G(+=vY)oO4LXH^G0vfTMhoG-IaUndVMhIEI`;*cqf(g
zlqk<nUr)c7m?hM@w#uu`P3L51%?0bQ?#-w}^u{LNkrmY~#bvUJkdSxRo=hButRBxY
z-25KDRB+&Q&;0A@iIYE*cN{6ZrKi60-V@ea&AMcK-{?j|sqOU95&sH1jliAKpJ!+O
z40ECc8#ggN?^*u)1@vV3&?R=~`N&gV+={g28XuV>Cx#x9G<vwsm3u;In-SeEL*=f;
z0TDIQ5p1JH^2wr+UrSe=C=O|zoet7nI6$vgv;G-Z8I|iMIG#ZtY2K1~^;4Q*_4R)_
z1qW4&P9}lf+kE@vE{m-4`Wp7@VbO7E3W@*li%rFdv}1>{#V10=y;<(PVsT#)uPd_c
zXt5S*)6;~K(v{VoV@I=|obsEBc>1H<Q|$U=UD4k!&wtgXzF;9Q)t5|0w$%%M?y4Q?
z2;NPb@pq{{H%4vvi}`>9Zdz~jAv>p=Hbg}*XR^Ef$epsng@5d_42~LR!=f~jMg6$+
zuf#LjRZ)Ss6S$pzx8N6g6DB5TFM0#Mf5_QPoN?WF<<k>i)KH46+NevB>9}ngmXFl<
zw&%`q>B-}RU2#4)^8FUuH0K|hXYnP(KR7Lio#^?MUom=q(X;Pge2kmoQS;w#)H0^T
zS2yQ{rZmd1_(!{MMIYMvi7NS}Igv&_?`@n@9(W-iAsulo4vBWjDxY<|X|z!B1hupU
zQ<oN+ZPQe!bI<A#@xeB#)7~Jd<HPcflD|LAvg2Saf|>4zPA{k4YgPEvy(^*rPViaL
zV$Eq>^zCoWrBBUAhyCc~xrgl<@4txRHvTB)F0LK@8zz$Vy1jh=jTTVR-dF$e)ip;?
zdvVg)+Bp65j=1ojHK~n1kFqx$xp3PUj!h|4ltt__LB)@rKKpFq545L9dHzUj?1yxd
zV>NqS-hNMA5b=`Nd?rp~M!n83Aq)0!{h=LLBR_3z!QT=g!fA_9NEsdXqdou$Wi+nx
zwq{L#(%ydCt*@a7*X5ik*zVO;x2Ld`N{Vm2>OZ~jbGc%w)o5vw9`9vZXnt~6RB8Ra
z89&p$d#_5L-zh8~q1NQU{L}7Q5jM__=%r0uO%Wl%{;c=<Vd)heoeX;MRQWYm=jr0%
zF2&ej0-o6U36oH#uWU8$(l%P)7_ts}f{<KTaq@_`?a)Xr+EW&_74xdze`cP+Tjz_#
z!++fz2Jb!S)N{$6J7_2ivGvbC<PtJC+T&(c-SeQ+z$jeW3+pNrsDGArl{Xk2TiG4<
z<m#Hzo~|Ntly}=T7=FVFkNVONMtlEu9;%nk5smh&9o{?eMwaq)NmE1TaG1WvU~|j5
z2sM-Kz$L>T*<JGA%h?&#4rFck&F?2iyEZyCykAw7ZxHSLL+^Rsld)A#-M^+e7Adbv
zj@dX(D4&)$s$D1zzsA(v$T~pkow-vc^0@kP$ync9f?vzeiUQf4te2J5TT}N(2VMW;
z9x>h^8(-!hi&~s|!13H@y5%1G8dBx?(9Gd36nOrdS6W`Td>N9fU~fHxag^y6Id^hL
z)C~&`yPzBM20vyh5pO44C-*+^H+k*>V`+!a$ku*i*Od?Txuzw6VSlKI8LAsw{dK9%
z;IHT5%QY&B|4s~{r$6aHg=M?d*X0k41=rhj+&y^3P($|~KB%Lcy3_f>iXAr~;%|#G
zU2jf}fA9Kpv1rz1LvQcfp}?z2JBK7~&$k?LmtOR{8}Y=?_Y>8BY{{a>)X>+)v%BUc
zS;jY3JMRr|Z+NnC5rVyUW;R09-v8!|+0WVKej_(E6?b~gzrlQ$>|cL)==BSv_g_7$
zmb}ehiVyDSiV~Id{8*Jt&wZ7+eMetk3EMHF^H0BKkM~!-nS1c2r@iY;*6LhNx|=)|
zvoCHwuS9+t`YwjnHyT!+X>jPo!S`m0F9&T`^v*jg_|fd=d(99T9<h0+QG{2bZ~Pu-
zrz@<sTPxX3tJ4nM3Qoi)dBVzzs~*vApCJyU6h?i787@*=H{0@pqqpirUPyS0V_C>f
zoU!Mwd7r^e<p%R7c4UYq!+#Wp{+`+r(J~fNID_(n?AO@0qHPl&<+nlRQoN?lYAN&D
zfg4*ryX}`=f3k2OCg;bin&bl2nvO3z=^kDmJgEHh=7HV&YU@oAih%CQY^?%FPvwRS
zb5bMCeLKy38$(*EV=;SrD|Sp@dFOxp^vvNqv4?t_*B`3FT{<^C*@=LU#_Cl4y4KO7
zS<vxRzp?1_qdMBx+dJ!ZGq!g6I-+A|!H%dV=BRazTXI?hrz^4P@3p!w9rl+EIZl_F
zhc^H2a@0=Q-Vlv#@eRwVwE14uT6yu2-=(#vjeHPbL~hLLtNB+>?DVd6s%`HLMRQ5O
zALShE?~D(GJmx`M?pRUR$@}kzw1Yh#kC6EqhgR>DMpl>0a$z46bR{1&rmt<3Un*$;
z{;#4$d{NTlmn_Pu{gv{-wex^iSEJ#}rrGY_hsx6e4!Z@tnFF2Jj(T@3VM`Uq{GyZO
zRD1W&g-lmEs~UKn%AR>s>Fo7yXOjIc4G4d~KUpJ6IDF>t)1&vFAKANP{fRvnZ3b_*
zAYWwc4y(v^wmw>Ddi?v)vrJlpo?o8*ye(IAyGxr~4UX@to2b5)NEi+V8pY(6`+GKB
zJA7X4_U%{AS?PZ+1?X1dqh{Zp^a<g*yiEv$r`T0c<Bu50FK)W>iA~O57nPF|TlQIb
zv=ZO-^v`#<6_lrQ?HjYvf>*d_ys!H|#n(L4nW#zK8LqKq&6&tDT<f)jt^Qj-sO5xc
zRN#$`r{Emz!^eCtnw>NVF8zDI)3MEat@m*M+Q;2r=6C=8I}dmL+n%2tjj{*5Mkixi
zjC79w(woZ|@H<_CTdC1ew0s%5!aUdVJMtR#>`QGI+Jd(!-gMi8?d><7`0Z(ub*<^x
zZxU@itqd&{<Uw0M6m~r&H&2re&P=Yp@VI5~JpSg1p*53QC5q)?_k8X!#-EUDbC$;!
z`-Rdl*o)%aq299%uGdzN>&vGX-BP^Q^=h9U-M->viEUv*^KU?>ouIv$5QmLm99Y?g
z{@Sa-*SRb<xjX9EbK=h0!X`~*zl&%3z1*3N$b@6KN2tL&u`=J!>Be8mRuemI3+^ph
zu}`bfkCb|vG^zK;VcM`vV*5U)UrfkObC|o_P?k+LyphKtsFnteBdbrx{rZqb=`>1O
zU|+lu<y2Go<ygUO^7~k_-_!zT_xN(lV=W)<-~VB>F+r)`B4rJB!2aaBqb|UC7j579
zm*%hC^N};Y-&S@lKNjJqJoj3cZ6ns`KI8K@;X{%%Rlo6AMM~qRwt9KzikU5)XR6LG
z51xu>0JEXnFp!tSK1Gd5Ff*_$80<Y8bjJlviFwqrP5nee{ZoxiQTz9e*kfm!2m4Km
z(k%t4@#d}9c3iJi1F^*~Ms$(!zx?XJc?qg)z-98|#cHc~hu(ae_+y{i5yAIbrsq8E
z^2qG3f#e?F>Y%HA#9*yYF>k-#$X*?#>8n``L^!;8m%+u|v-NAf>M{fEFRY*~I6L6F
zJ4l>y6^<R0w12@zZS1}v1RmUM#&&2f2kLWp)rq1D(`7-4CuXLC{rxxmHOX<PcH41(
za=U}d_ijJts`s?_J^uO!UNO>ul)flEmrIMfPNak$S+rt<R!Cjbo*(t^od4u{Eo5Kc
z8{RTG4E37*c6Z;ip+5DVw>NfIWf>)8jdoYwXz{PSl$+Ym8SY(?FnY3R(WCIV(q|jq
zK@$Cs^^Z3O9`}U`AR+!UD4PR2E#0@-kGkB+^LgqKduH>s{}&5T%zOEeoJMN7#>wcE
z%c(0ngS(p-Ee!Du&2D;mae70S@x>o8dZGFEV<QGS$4)xFW!KeS?g<Z=F_~N#3hA1}
z{voG6T(U^f{q;bu;~7Zf;^83rt!(VyFIlo)qWHmK@<8dE`Ny0dmnU35O!vMXKGyym
z^R{sosr-_5eyMTJ@my`ca%pw@Thn}aiWw{Yd2YbgvT=VTw5gW9DOQ(RYM#7SKHEZT
zSxd*=HcdNmVen8KQZ4+_rqi@CT*#HcfR&psEnB$k;#AM{=rZcNxQJ#6+fDdrE0i&L
z_*rk$dGABF=*Q3IUufm(D>i+*p1!V*apDbg$7NaTS6I_vZ1`tcFRkJIw`YRc)A}>_
zii?P|kJ3#irb+1)AxV{2s$Vai#H~0jT7>g8tX=ukwXhto17We$l8^3dKXgWxb+p32
z-`ce#ZjHNxLEY!C_g^$0AbnuJ_g&#ZRBOG3gq^r98tqLQiSqOq;ck4~HS(yU;knf}
zpA>&>pWdQUvuJm<<{)}{-S(}Rj{)xt9vdq5*W$F3R~);An7=7`wZ%nJ(M5hi*2u4Y
zL)6S=NillQFJo7l<)!NKA|EV1ymIp?ufeS=hAm!KrgroQh_#W+_z9PCe5yvd?Fu^B
zuH1=_p4kyWKJf7P*n|n8UB2C~6P_7eXVCN6d!*->x>c&}<Gq`r_XqE06mR(3e`B)v
za_pzcKHKSIbu}z*58=P!GkU5>LGbfDIu5yb@#0E)<O0U&h+i`X>o&3L(p-u>3EU1-
zKaIEjSGO@B4fa*>yLXmM!;h^Q87MLiS+RM$f${9k#K)M(j8`wRp7s*G%01RiA6;w{
zrnR0v+Y8*E_oJ;zxJ1*m*rhhcx5s~sEG_WgP7UiUec!lHv?De1YDVj(0vqS|Cy!rG
zeq)y5HW2ZS4(3bhCEvpsvu(egU-G;$)9&*2Tfm&<0Ud$0>)&k7O*eeEmeu>MZ08X*
z{d-~LP*(qsB+VyoYj@{*g&RrO8*|fjKWdQ@jy|vG=e_EUwf0Rr=$jx4Twdkdzi<XP
zyIaf9Kbly9OXeLN8Cc@lxZ}5ibW>mF=poWCnG<s+N`36dPT?xeb@8>Qt`xV&7ipGo
zaZ&fE7L%`D-QN5C@#FEG^pWEEnv;`TcaZP=A}IDrz9gIYWv7u>r9|1(5V9jS6B5iu
z*FRcO8TWK{8<sn+)qQ~UqWKM}{MFea%%b2^_-~%t`aZozQnk(qU=ry=(JfHfY|D?_
z^(!hr@<(5B47Pl}hiO4@GAG6?ruyF1k&_o3+6I<4<7H}Eb9FKXaV18tjO90Y@ON;A
zLsZ(giOC5`_Kjm|^E<zscOJaw(OaZxIGcB_H7O{`G_C1E_e*}`s_J6_Zqi9T4^qmS
zC&N7~!L#1hoiioe<Pc3_`l^s$uiWbSr47Sm?=F44p{~Q&b$csQ+j>qfSJVD}yIt&V
zb=~O~CZMQC`7Ctbub(mg{a2FAGT2IB=5v&iD>Lr{X4bcVEOF7g#A&V}7N;30_J=1e
zh|?SC;blr8qUvIhZfHJoqy5hLEyXXx6`dj>JA$Nb7(T<fcDhA99i70yef1p|d~cB0
zUVon-X7ZytD*r$Q<;bcC&5*HdL(4p>aBS})e*L+nhi)bDPo6Bu8699u9c^)T|NXmW
z-=9M9&1ZG_dXsbKU;8e;D}7EbxPN!B?Cn?mJC}H3t@B4jzTss^USh}NJdYXf#)Gpt
zSszEtHg1G_Pug@9DBsPwQ!~n)p4^s&nIPoiU#FbdHI#=iJ&;n|-tb9u45ab@bFrxp
zS4GXs^()GP7U!{Z1Xp)i9Bke)?0THig81D&(e2gYb1BufOoXQ0xHYNCZ?AT8y8ixD
zkNBob)4b|yu0s);XVG7?T4NjkJd<6_J<mVBZ9r{f+VT})TQ}2ZsrJ{xYl6mDg$D*u
z`?P-hQm!7q=ygB;YDf3fSCwZr9DMap0rS|R+Vtgh_pE8exPsX^l6&ut-#jw#v)An`
z)OT>h!J~3bQNvS{psFhLP(CSUVQ61_+kvraza2(zZhY(;zqR)M2i7}-OYBdYm`$}v
zUzb|$4ql0Ga8_DUnITi+%INu0O+-$eIeUfmfp{{I*10R`I@HK>pCO^Xcr9#X>U={*
zsGCcW^u{y#o~WsPb3aUD7HtRdmmAsi>q}hrr3=RggTI?iN4h?DNeU)GHx;_UqPL)y
zU0*Z|`5n~jJu@@ECSI>BBVBkn<jRu|<F8tBX)`U0E2LE;{W;yw+)*>n1nMQj9l-__
zp~2b1-RSpkZ+d%-tzNg$X#a&qW3{cfFHDNXkNUOl<xHrrWWFs=F_d|G{enOxw+5EY
zjH&D33W9A0jVFe&<MYO^hyvGWelA)U;ac+OLK7vcyzfIhr}z8m2dj&tt(|)->is%&
z-(S)?zXN5ocJhz0ebv=9iQ)W-yu~X|2lOpII^u9I%l=GIY5W_~2j%k};>XmDu(G;9
zJEM}}pE^}xF&7`2Eu*&w7Wd~%*?Lt?j}lbdjpfV&55`_~d@)U3@HJy8K4J@|EYj7D
zcviVLeo%CmkW|o9<dj~KfA#*4Y5d};6Srf>4yGx+xdZa@r>U#wx-e27CtTY`LtuJ_
zB=_uYpV3!LhVKm`?Fqx(6L;K+J)J2feEl<dQ)GJlPhq3xy0<+m)K|FVZK8uUBymF0
zdT@E~*)xJ)CC)dVaF9`RnCVnR+1UZ_o?APRs{HVd=kibgN_GTRsB-vZ16Gil+Qg#E
z5wCSGr3q7)cWG7!=LD#I-x!#{sp*>->iiJ>Qg6FoOCD@`mmo~*b7jk}DOtu=BY)HI
z)0jkYsY~3S=+b_JK>vVbOvjbV8qLXoR=v5SelD$7f(kS{5@)r>Dl;G_ltY>*7z6$O
z;LWwZCuZW0-Y!`i?l&1>xBts&EpYC4z&H%N8Mqzu^pt7RBF%;eCQ-tEgKcw$S#Q_O
zy>TUMb4cmi!ugA#%D;Nqhh0}KpQ(GF;m2oG-L+?B$cO>zD?VJm{*G0h)L8XJ^HZWW
z*1zRdpW^TN(2UV4#9QwDOUqKW8Ifuq?==u!()1f>;uu7=Uf1ltw|xJ~jq4b(mt2XE
z!^Vm;>4U$p_uCHi*Inb>_?))Vz~SMxTzmhceT=)=pYB<nza0}$c?X1D2kLA*CM2E<
zE}Tp3xpec6D4X@J^G4GXRIbaji|^k!-C_Sg*Ec-9PHx4v*u)n5sA>DmyogGmCSJ}G
zJ#Lk5QoetYQZSm4N0O<Fm#$oXR&*DUGf|Tky!2g6$ly0+|5h<IAHBe2-BZ-!RkXLY
z+_5}glzcWlZu_*$6|ZYt=l9MR=hyMS|GBt*@67|(>knH!I&WWM@-wZEox3NtY<9Nm
z#uXwKwYRchuxfEjc+ACyiVzyUSNl%^Z@yE4zRvps(!0(baW}zM_*u81nZe?q{O>V^
ziav=v=1Gw&-<NbZW4r6z?b~1MycQR?ck8?M!==wR&;F?S^JDL=ok8{Q8D-3ahSDvK
z6C*EVt{c?HHAfnI`;69kYyG@hY-f};q_uaT%}{pl_LjI}k;ckGW)iQTR$ud|;KyJk
z$mRU1@86+6di~9u&>R_MVg*qZd2O~*ueS)9yqxp2{YY~W?xSt~*27yiL)W>sRc%Zz
zK4dK2a#qg^n`Ebxnd_|K?brHHBfVW7oJc#-9sVS`F57sNR+VN9E#Pv*4^Dg}`oC`~
z3Yv(|T0w9v+f-ZG_i`mY>Il8t<(F@~_OW@czsFXvdX0~tR6Ej-xg?_Ff)Q_`x{cU5
zH0%8gzk@ojrprfDm+(5?gz7dBJWFVtt*O%!yO}d+t7q-E`fj{C`JXTtfQZpt54Int
zJU@dqL5`2Cd3W?=V(|EV*TMp)+KI^^iD!++`^9)?s;*xP%4J6e{WTrJZJn1Fv_hlg
zXv^1h<beCTd8r3?Iy^f6<X&k^>G7yn<9Xy*R4%EnlK4v#Zt6QM4JTc)9`fwfs!_9S
zuRmMI7yKO2no_hqtj{G%S+Sd8k=OSGFF?an96@^ceZTJHMJ;u!F?zwDEmJwv^&i#K
zqRI{s5?=gGpZ~0X3blXz!NAlapB>!&K26H;HEp~1e)gHm-5-UCqg4o|M!2A7(Z2T<
zEZP0kgZbf`{P&jpbeGW65>DB0Q18lw^kb4mMRjQ!CGy^rS&NEaMXz^$@49a8^0u5b
zj>fuIJ?BEM-U}%V<1{R&nm~Zy%!`&f{>Asiw&Vrw#Z@<9@3S{un^;y<`?xayGb<w#
zN2)nud!j3#?X|swB;oMPZ13~=6&|;H?<p>Re;{m9R)ju>a;dR}J{pEcPHt$_+H7Ph
zhT{VEJ->VK$J}dpUQ)lA-nWZ+2^xoAHurU0UA0o{9GJlB3C8m2P08POhs>53OV+rI
zPgcIk4I5o!o3QhK@?Bf~qn9PDD$`316N~j?QF{zRCu<)DLnxtUK@mSk-jIIEk$WP7
zbW`cWeIHHVz41MS)!`b+o(rfNCvn?Lu3mkXdsdIPA>nDdgUN!cQCEUEHgOwF^cgK}
zasJN<%Qv{S<owk)@--iWUoLe>KI=QGeXx7XID5(oY52FPL@oGxqMc3Dz?zmJSkPkW
zj;B5{*YU)+V-`Cui`g|0O!KwBqr=aF^KE*c=LcTaak)9U%0V?hMyxbapS)b<3SGeL
zF`V-hOxjYOsG0{YjyNIHwu(83eOrFtr7KT}aN$;rX%&1Quk%+wHJx|j>)uL!fqb8I
z*2m0O>QlAg+b!BhmzNDiuewhc$DccQK6p;pKw0P~g|M}f|K?);v!Qx#Ti2&x1zyRj
zcAM_V+OgL;k7&|AKjNe+<uXKIygAi>M2j49X~_*?wa)(kf?nZO8LkXd=8&iMv4&n}
zO7!~<T+^<SfaJqp9=<!lv?wdLY?Rfm_~zjCu@%gG%}`OlPh4QI(awOD3k!oHG>e*2
ztNfSuuHw?QapUXxWX&qVt&pno%TBq()Y=BEnESxs%Y0J8{<BrI;#e)%Df8+4Khzv{
z7bZ;Z_fF_%>}X`vaNkj@zCR9u(Wr+4)N=D|I;XCG@Qx1l&7Cz%rZ~rq-7U64mxyMb
z@6;Tw%-uT~^*Uy;hPDwJB)j@NI^8kjRN3!?%Jjy-jm9~q?GLZ5EZ*J#8FDF@TM`$s
zWY=ET{X6ZVu0RjH@jd(cUChrnP#$*h-c*C1ZIJYiy(<cPDSM#3vco4oJ9_Gqi+EkN
zfnfFGlZ$@-EzDaP{yEB4KcJ`L9Mk&4edfw0-<f%SwS4%3h@p+dgC}C(FGqFoFR1~|
zixzF4z4-CP_a8MDmtSZ|Nb{UZ(x_)2o?k}8wYb=(x#qp@xijcAeq!8z=Jrm_oZ+>(
zpLf&yez%z2@0~H3?(f!6tn5JCgl(<lwLHIhrR?%y$^LAYY`CR!;xGKt#C_doS&z1U
zOcCmM6$~Ajc-%N=RxQ6}zxV-pZts~h8PlIi<bRBohF9h5>weFhowK{ENvoBbz0Y-3
ztN)m`Wuq?puk@|4ShHYqc*FDK4CCau&3O{%sK2w775G2dwDrm_55g_p1zeO(v|LKK
zG@0&NRw***>VnfsRB^xUwQH*aW7bw~tg8D~XEY{#u?{|&5092jCG;pMiGFW%OI3J;
zUMqse-qTuse!0hI?yS(sygh`QzI_1ivv|mC+;^N-<R3?RydkOieT4SudGBq!>q2eI
zOfwK^Qr7F)26}_b$(TOph_nYMvpu3()uy=zHf%k1;jrVQ($@PM)Q3@#{3vO<W!v6K
z!q*~FY-0s<=Z{|xoI8p8(zzN($^xogO;hN@mg_1%&E`~oY<yZV`q32yW4#DBDk>j$
zzT?}-9uJP?+xO&Q`9@P`{xg9GkVQ*X2qG(eW^94BadWkEwEE!vYu-Jc-!_{^ifiB7
zG-lE&Q0fP2sj}$Sw{g8z5q+iMPd50BHOT>57k6rh{@B8WZeKcJ`ocjy->K<-qrIR4
zZ-2?BcUPc0U;4MKP8J@}s?Kc3-E6inK8YWi>dBL8!A57p;3FfiuAyK?)v-&*vly6^
zraYo<d;8_69Q2xwql(xYb-i>p0Ptz0cT~~bnI-<|)6<z9Q)bYxT8yi!yF_q2?cmLi
ziE?jW*N3}4)i+i=&=_qgd|na}e^H&u82G)R&5@GccDvU(+YZY-*FI={YISWK>g>q+
z{oAtE?7A2|izmeYEMZmOK7Z-q!sQ`3&U$gjB96p9xs5J90vY|F-c{^twg5lWmS;ZF
zwF7eX2&Z;$$G#HzY;OhLBZmsTM(uffvs~eK1rfSLbD`go=ffID`mB3SKs%pzOsWz0
zvuy6-uTsbM`*kDZj|B<itHfT(1HZ7+w(H~GW9cZ-hL&INQ#WU>Nr{ikn>}u|`FcaM
zQC0h%-ftT1hG`w6uO2+!y2Ao&ch3eS9Ic26oC7AjMzXN2JjG|Uzi)VR_WsdBE`>fp
zBCxkG>8E96Wx?*sx@x(5+o6e0EBo^X9?gi<v_nd5YgcsGCJDCJH-4p81Yh;A%a7`_
z4ZokgN3D5mN6gvzy7y(rxz&_s<3Dw@^9YxO#r*m6yt~Img}%Le3?f6@##W^4h$9>q
zKt{feskI#7tU2HQw|ACzyX}P;xiNX|CO^j$ckln=3?%q`Of>E9n{zoWzWmzEwLOII
zv)dP}A3UHntv-Be`1NOj`PEH_O2!-d@`V43v9AuRYFqoIQ|U&!q(vkb-JO!sNVgzJ
zcPS0hB_N1McO%^$iw0>}boZU?ea=0wzwbWhK4bo|o)vS9`HnY!Z;f>u|AIe)NFPsl
z88YagS6x$7P`Y3K>_yg<YrjiwFe(&!RV>?Vj}p*c;qCoiV{+%J-BZb;8096^3N`)0
zsfaXdk@JR)(yPJw=13y(=72_($=1G<BiFlV<97DR&~Ge8$ra!ue2w}%IgkZDy)Mly
zPy)jJ=@`$p=@WEU#g<Z~0dy%sq=4t54^*_>cU=_;%=m#6#6U+6gwm@7_&wB~?>b&`
zUlmUIxdwwRY#&t)KfDwQd`Rixc72{==`|+_mk_`&EiKK++^#P9y1!<j_Om}cagj!k
zXtH^PcqrcsE9Y6y8oEom<R7@4P3yYjt_tCZY4`fe0t*@sGr3ABppbgvWG7jNS6%<&
z^4pJDv6oaOXeax|@o2_C+UnQ4m=}FocnO9;9KwS?uMP?e7Q}fX>QB?9Xw(hlvFlp{
zO9~}5%Eu#DHCcb<^WP-WDxLCc40tAA19iBM9i|Xjpo&#Q2f5((u02#>Atu0<^W^-J
z?tTyMKriWQuFCh?*@<M$W3MLCy*f;g2T=DH%5cD@Te7V{tB>wdUR)acgKo%Q>#I<r
zI%Do@N2xUJRarvM)1Bl~qw$uwT>0T_ZQO$1Vh&T<zNKYgwPFU6eH_le4(o{eR3`|_
z?N6uKf9;$IzImpf*B5`3fpu&NWRGav4pW~Z(mvF`%<!Z_>Za=3n2IUpXlIoidg%*T
zsflc(4lQLmkmBcl&CNu+T!l0L_LhjiPf1MhVJHCzLENS;s$51J0~I|$Yn649yg~Qm
zuBO{jT;e*5q=e+0*BaI6-BCG&o3|t*ktn8E5%oO@??Z*_{y05L*#kb|q{x)()9joV
z9Z#6G&5qVivW;Rbzz3X9t5dqJXHSb=IqCnZqc?NkemjI26A&^{mi?>B()z1i!R_34
zkwEzLc>A*4H;XljC;rq9?GYThIO{axNC60*KoxKjZ>Vn?j<O8a2DNwd3F|r;e}rUH
z6Vep{!zATZkpc9{T@k|v)807lq>{tz_avM$e=Sn_--|rxK4+GxR}6laeYL4^3rgu`
zXGaDA&3Cf@2cQ{D-Ez>5S6*nfs&0y-)<Ib9(=K!(99|eVSGk;-m2LX{JKsa~I|>m)
zpFO)FL(LA+^SXG(>Vq1ZuwTprQ?Xsw(v&6G{4Kdd`K2wy%~Qz3h@}YjS^|F<$i9)a
zjw3qf$|0dcN`O8q`bcQ&=InU?c02E~2!etKS?&!03`HpiqN``@)s=)`)9a6hMD8Xz
zXge8&6@s~Qj)l9^X_rrn&SQcfq{}hmE{T2KN;alK{~R&>?)$wz*VXl=H&WN-Ews?g
z_lcn0pGt;@1Bz?6kZIB)sJX1WZ-i!7bu4aL+87v7+4=*?w%^vzN+(Yi<cRWsg47dY
z>E$oll1EsWuRWV7nx~j;<;c>6a*kS#VwbM4i6{%uA#$X7j3EzANMM2B#l6_GySR^W
z1wg$oCOFyzeL??|_u6sbT6(dFXa$hzpS*fD^dKXTB&>@0fhFehJnuZJdCI~BuA*OG
zolG<(P^ZF|T&_rNMSjL@wCmt%-WYOmRFi;EA6yth)x|LbK^Kq6Se+_&{@)YmugW?V
zPHJ>cV%N`=R}xP`8Cs4GdyX*iXdf!j_<yT$!s&!_NSv76-i!x$GLe}wlTCMq0oAi-
zZlm1z=9S8MMk}XmJEx%|a-&=wm&qT7<XMJp_|PAR0hL<n;DEqM;_(~XxlITGfw_xr
ze01Nq6OFW9{)8oG0<fTj<O&wOn+dgoug`qbKIN3^$A51!>0_zGjI@cJr!DS^<bZQF
zN>QS&I@CZWwZkpyJTcCwk=OsR8C&MjT0sO9+#ed7l!phuzr}(1<xO93msEfEo*1O}
zz{dflEM?Ck!L;hDx59KSS3Or2mbXY8%jqc)(mPj?N8|)RiP{4se`U7Es<Sx?-NLZq
z?M8eZ%lF4ox>Z|ia*$EgbXr>VC>PGziOM;wkRS8XQI1K~bc;YW!ffaIswVs_HY^-m
zdKzndM{m#pV_2d=26iC6%`YWT_n7P_f{)1);;aq@G?iW?@h%LZvLu9Bkv1I{K1S}L
z_BqBR88P=s)p1PaUyS)vrvdC*PAx6?Q_c}FGwJ+v>dX1hIl*4r1eTA^U)Mq~K_hv7
zs+{rEd~qf=`^C+AO=B;*D%RfU)knMrYM+@i2#yt?8S#-~Rr1jxH4#PzUA@Ju<q2hQ
zW#K6~SFUn!&K0j=LG%UP2iDkH4=bTG`x^YTlSw7yua#T^D`Cr!$gZX6`;Z&}D9KMO
z(xdGv-{S{lyS*H2+_zM^UizkO&dOp<1_yrgPI}#^-|<yl=3>FDA4yPX5aYV`1J)G|
z7qVxZU(1eN&rWfrYynW+%x?PWf?-8Rtm6}C;K-`yh?q@e3XChIb*F$mrzRNLNXkDa
z9-kEnme%rOlf@j$IGt)Z=K^3Q{qjC^I@J>;6m{_cEBn7r^d*2!V@>)$FOHi9<xfp^
zm%S-<+A_IMVkEnAV$q*ObT(4xpzR~jtULLfv@Vd#oVUU5mYDc?V6*+B%z5caXhGj!
zZG#?vx)jIJ3q5%O78_}EvVxTST`d07d%Z|d0Xy%f7pW=?$mfM)ILV~l!ziEFe}%nQ
zTXmB<)S&uAS|=GFq*W*HWWTu?l0ZGq>GWzFL>YF2YVf`%hA}U3=VD~6*5lH<$Y&Lg
zSr9nTZcqQ`I795@e(Brv*w?xl(f+qk^hWIw0<GCYIEy=8i3;dxP<{T>z5bjZeT<!}
zFYhe3n}@n7>M~v*yCv?r4acta#9ghvajgSlty5INb=^_?ay$ZktiXtTJymwN!2!_F
za&K(zA1#(bIuA7bBf~AQs9!hU6qc5@?$KT~k~bJ~r?+=Dp;3U}MQ2kvtJ8QTsG${<
zV(X0@Lp=oGLLqPI4`V;&*?IOi*o_X1p=!hKsbAlqn`Dc+T{Lb=Wh%D!%bkQsx<<97
z&Y6J=Y~FbUp?jesCu#11?@De<KcAha#nwxjR-Rr?*eBS=P`j23JdAfg1Yivn_DBI8
z_`kN;`BFcJ=rqnO;41mObU?R2LPcfN{5f7%AK#Q($45`){9a!x{wjf~)~)h;q($G>
z^)r$RNrdgLY`SEA7KlTsQlxC}7r34%R+EhN)5@8um5E{BE~tEz9cHSZVL!CRuN~%G
zlQq<URjs{B_!+}QX5wiIj4Dmfrd7THRRH?f%&!Bja!(}p7iWp%ty?{R8Pmj+nbNNg
zEQ><b+w1-$lF^O++Ly1`Sk_K=D8X+rhfi45ttSTBxpSGxRwkl+VQIS4OI`A$qA0v6
zQ-A-(fepmHpKhV3UGlc{sK%>E1Vj-c5MKGNMXo8zUyfCtTQ?7=c|%!*jX4#ETJDsW
zEf!F~>O*}v3)$(}F)rF^+eiVoiqjW*BsmXpe7AMff1;Ql8ir%6+XoBZ?Y<5QTn=RF
zvk*K*71fGA#$|2V6E@Oq-I<!L!(*(n)iEL&nv6WoG#g?<+fwBZdWQH;5Pv-bhLehX
z)_V)GmCt(sVYfG6(ZbG^%kBo6Nut_eVkTLtV-u#ZRm+xFM)i@$8KB=a0fjq`s6fvq
zhl_I}=@ZEnf)*$5fdNewR~HtK7!2jH_%m7c;WF1PzhM3P5w(E`JOz)%_Y0KJPXZ4Z
zY&eV0u^W)+-1LD0Vb4ye(NC&l%XfeRr-wPxG#jeLmXj8q*4Ufn3Rh&%fma$Huc#4(
ze~CdsE}Z^nm1k<zokji$2t1ZHh5Wk~02(Fn-NQ<_Y%54vr3s870T4(|P#{X-{rjb^
zIRZJw#+JUj#(2>fULriZNxJVDZ2=E`&mluG+L-Xsdddyd1}Vq=t^?y!<3HS+win$S
znZ8vntGbnYbT+P%?BpfwnZ<-XA1q(5WP9gH3NGh;Kj1|;%zQL>)ej776?Yox^~R0l
zf+BX3e{9xgp%{2)+j&b*7$F+nA^$s*M3TFy)<7<%HJUPJ--KJYL4;wA80zk_XLquQ
z@vz4eu;CKrqZaE85$m?NdZ#;E%&_yC`dYvk(9mD`r8vy=A)UXtetPHFM}XtK4fum}
z%+aA6?Vr<CN5wMtz1a7z-^U>Erp+74^@Bj0_+xlazJ@|AZ6K+oFBv1yqzX16jG|l<
ziC<Q$Imi{JKaT;QB?<1&Hija^puVrIt0}oc?f3o&pN8fnWxx|fy(LGmn#8mIskr*>
z&Ow%9WPD73aMW5aQ{JyU>%3MnIi@kaj3|>&UYst=c(M~48~%uS)u?A=sNM4>(m+$L
z#mG+2b)Ct!bWE*`Pse^O(0(uXq&yf$N()9B3ta2Ck=F_3+?f*}fzMQvZ`oT1*K=&G
zf4ZkF7W5W5>ImptLpO&uZ}Hx0`GDcVKiq4mEj`LNA|eoLyqDD%Iw8Ziv(Q+h%kVae
zd;{T)^RMEE;V?DzX*~87;pj?9B=>D?^?7Cc&!Juiy_0Qq#cW|@p;&s-%T>?hA$s~F
z9(l$-ZRttA5lgJ|^pr#!=t%J==}~GyUutB?T>bfql2&})wyEEkA`B}Plboe`&4Jx)
z3>o`S$YZqk4;AxJ0++}VMeUn*eg3W}#>8oOND9Y`sPAZFakS$^)d=N(`Tmm~bbZ*t
zjo<!w`0usuXpP#@^zvj(^l3DT2JUGTO#xW)q{!~c${+6YN|#(3282$=i4Gklli{fq
zAMAP9K{h5QNRs;x@AZild{|XXu}~JGb2{JUa$m`-EeYz;71v|if@F_SSJVHp=oUVh
zP*Sk#$qy}A>CwB~z9zUr^;ssn1(Ml*M_#$W|3WTmeP1zj2%qawBO`h3meiU_?T1}R
zjEC!gpVs5AX|F1JXoc>iT~Ly@c^qv8jhe;`W&X>8$uCi;-3&IS%R4oo;-XAky$4h4
zcWCvs(+U3@dH<%7pdGa=7P<6j@pSpVw&lW@q2>R_gq8*yr#nF%qM~aBJ|{vkuRXr<
zUz^^q%J#88MRoskgV%AT##;va5}td-P+P;4bWgh~x*VsYsQ$O#^}Hijh6NStPdQFl
zF4IbXK%~p_w2I+k9*X!cTau_j9t{in_;rL=(4w+?4brfm@2VJ>|J2X<ACK(2${f}0
zo5q_*jZ9W<I<L>{T7CripHK7TcRrW!SR5tCXEwX{?+J;^-}Ahhyvb|Dd140s2a{(C
z9pODtq~3)?KPb>b+jPKf$^6K4ZTi0~5c(LE+S#CsRW;W?VqNfguGIg$^Ao%f(=3z)
z@4V1dm@J-M`Yx7jWx2B_gTo|s`Lx5H!#TI3&Pd04k#IJ6cBf)9+tI+)z%^vftAy`i
zv^QiQdHuc?Usd^iWN>+80MUzkoqpvS|McN2k*T!}Hg2zp#5ss;#-0&I$W?N}txKl0
zoOVQo?`l<yXjOxo>Pzc&eq}hir{Q@zp)sK|p-0c6$0GtGIML<p0_&&d5FG|hQYL-U
z&mYCJZs&9MdQu;b19&tOy)^mAoe(n0)gDNwOg3Tf;CCEcYU+?0;0H0xF?U+<;)Y%(
zl|>H?h?mCLyOW^)dmdtxf6Y^^@Sk}!NIh(~(sc>J(u3X;2Xl}2*T5Yn6c3F2?AMj5
zRLGggdOzJBm=xRbMT(C=iE70m56t6bkxwJP6fWm-nUcFKb6o0v@A83<;)yY9F@0c-
zSeCR~b!lE4%X01hPdLEA4VvVSri^Ly@#K}HcSpW|@14#k{Ey$mVKJ8+FN=Q97|r3S
zoi=@+IKmBI#2S>My39hA`uRkTWTSKL38AW9wzNbr>v23iqo7Bdd;|tWL4n&OpLTU}
z`Mxj-Mp41bZ4g~32<Ou_pUHn_^^GG3&eoBs>E)CB&zsOF;J61qvX%)<3a<u^;5f|v
z6ZB|z{$G;<2h6<pbY=Gb@C>54kSO^G%1Vg<bcn&o2!86A8etn41h2JH10Tx$Ss8pZ
zg*wxcqZQ`DoG$xipMr1pFYXk;?|nqZmr<>7VF=E&kWFRSVfDzZZ#;atJ*}c6g4GMV
z#zS@}^@DgIT?A()iN1hGk{P49)LB$UiP%x+Cm168$Le?6Q`ZU;M&e#b%h~AacUQ69
zL`cL}(7R<(TolgFm|z}HGneO9b9xA!wVYb3onLIde0RPqZ@;bSlggvyS4~N;3lQqT
zq>zGThR7*K&_A}2P(BETQsD;N-FHx{a7nL9V#!%-<(>#Kb&StQ%itg*aXg|Y(&mrr
z6*?pKjj-A!NFqq(%xSUt$URJBKO^A2H11?p-~9v8R7Se`han(@h%$ECQP&*yg;OB!
z3dyjfjo2foT7}d6Tc{q;*KK*4jmS^Q)%75OfDC3BX_7t+%JeQxGNVFtBJ*g%;%GH5
zXiz}M&gEAiUc%-;^_U5i$fMx_8W%O!Z2$afl0vf8+7huQ8<X#w2F3k{@Q55IKkU6a
zeR{@~8clN^dSCEi^5E6)zlNcl&o1n2aNN8Am<ldq1#`5Gbr8`M!TAsMAB0Dn{BW`Y
z5&__Kc{)tsmQBjXLrcS0@9OIsY&?^MXqG4?VSx{WsYor4-@S5?OMa{$I^mBj_b5bP
z{3Zd!%kME?2tixngm9FsR8>kgl?7VWc&#T^XNx9>O(yPhAGc$I9I%oad}mrBUf<5x
z*hDLajkEDsJw2iz14k+_^5u`(%N~nq4_lVjlzOXNk7*uzYMw`&^f0C77olIiX%3*e
zT4^7v($qC&CNuc?7ZcGEd*D`glg5nTVmlp=O-JM5L|RmIE!0mRdV^<L2HAHv4n}wb
zi|2DP;L`7j7?PX(4i}}YoJ&1QJT~(p{xoBLVJy`v(JK)E2Fa^R68q7MCC7nsMZv7u
zJjb}Qgabu|p+i3WCp*<r1^)*L@>b|jXU(PtR<Hb*SOk`?^);53-Cpry^|7ea8)eT?
z0arn3j%g7gSQ?MENW9LMgV+bVBijBV^B4Nx<BG?3nzV%fm7}`>BC`xw-^75f3H^BP
zsSz$g@x2HKkC<^>Y1gaY>BW=)lg0p&U-F|zafrTP&@^P9V!?`i$=1B-V4$!8icq2-
zYz}X5*Cu&$aJ2=extPTguYm3*rpK4Q<_ippKUyqn6TyCG=Sx2>+kIXD4J7;70@Y6;
z1C})TUW-BzN);ak4lD?dMGE;jq~V!kYwYk)wtOjW;|l-P`0E=1%Pv08EQQ9lqu)oE
zJoX&`Q)0SWGE|{klYs>YGJb}gis}n~m=+Xu29d2O4gib3U`3&QTBJ+;_F<;MBcB|(
z=<oNxtG!A|cD#o$LCDN#$cqBseADv2O&>D70Zl1{{!rrNo1mC-UYbGEnf*OpNfLKU
z#$OXI>b)zZlqpzuLI@24fnsOjGZI)2E|y6=bgMo~@9t(Jx;X4yHUHtslq!wsPOHw8
z-b!lwavE_Ou@-W!?^q4Xv#bBd@j3xG``|_qdQbSN#)y94y~Ejh=l&?pFIFR|CdX?Z
z89FgR(oPQ6%O#dDAVon2Uy|ECO+?&>$T!^?8ecqmd}Mn8nPYB*Scm0D<)RPa2R^c5
zmnqy?bU!C-!?r&ri~TGvO&Gdl@BD01;f791*5n&T7rB?M6>jv$bJBWHvuW++hxMM|
zOLiTKKJ61yK8ko}^1UNLt6uw50cWTk=d|#tI~QBMwvO_y1LOL=ph+I?mrxT;y?ATt
zC&t%%1bog2H@6GMkW7V7JJ;Gd865AN-+xrOyMAT^Iv0)qrC{9*_98}B>eTg`Zlck<
z#yjSrGSSOO&DRq_-fKTQs;xw_+bc@CG0AIDt~#(D<a?Ugpcf?vju-o|t)Z{u{I#+y
zrSNsbk-J}T@qPWp@J44Qn>-$A*~D?lnFrmQlH=8E_Vkbzg-<Oa%>*A#ye~b+JEFI+
z1wOp;XeaMO?2}yWC}-9YWWbRL*1rxHnQF>*T6?8(S)c@lzTa8*TM(rq(w`IH^Jecv
z$MQ}4UBv!u%5Iv^<<rm$^r4RCY?aEoVessi6SFWfCK!;vZX@L=N7W|}rj32h3k^O`
zC-g6zcO)BkO~v}(<g@L*-PG@P%dd7Py;~jH=umxAq=Hd2hDYVnB*NWb2byF$6X{A9
z9XZ)hNaX$nYOOH5*nl{2=eXch7qmbLK65y3jofu_=d*=5Vuh(|5EQdH-^9<p+meXe
zk&HRM!)Wx(QoQMtEPBft%{Wn@Nmg$MVPF(som9J-3}=0!MSNh?DGs(;BA%rHI@$X#
zGoxI$_+aqfmv0#2es7ne1;9wb0~kqr03(YY0%!nyT8?{9t61AkZ^2CyUYnO==!QwP
zR-sM!wOKB5uu(E|)`v}by8!D`{#$B(ULdSXfxUb_s1at+6I)E)+S+<BcwR~H`-pys
z^LewlZ)?XZi?f+e@(#Jr$3%?t*k)`uuWJxp?vaVY11wNEy<h8Mnr~0SbfNEJ4%A#X
zg#S=hB=n?So{qgX*UKhYFTBHERDUbM*rOx?LjrDupN(AL%$Y4Q((};BLza+B?K|s_
z@8Ul8>OV^H>$9_^DTz(?O}h{n`o{?<<XiADyCEbrKiXO%Oi;n69a;ED;=~zW&V5M(
zxkZupO725$CFyJKL)I39;*mxy+mtF3sd!IGeT!~8#X_?Y;4iYzxTZ%uGl{*ncyLh7
zYK*$<7>DiJ-^#h{vPu+Jn9t(+>zak$A~;$4k!gPvDMVmCI8R@6*etdIH(Qkx?8fjE
zU>~hA25c=f|6X9hMQ}n}tTIGZ)+1eL4z)18UT)o@>W&#8#QizZ(V|Rh-ycU<rrtUE
zT(-obLx-=y8}$+ux9y!i8KyNMr{Nx5-|WKf4x6nM{s}2B@^Nms$h9rY=GtrF)$_dp
zEAx9#EvDHI&%|Zpg*DAzUfmQ^jOIG}OpV$EIWgip2<<3%j@Vti?MxyxGrcwy-6h^{
z!*tl^%h#vi0)U}c`o?2q2w3z{)OO?c2%EdWUQAFttIkgt5LxOsIG2koz)>+^gi&j9
z63Ww~I<WFKX;*0P+gM|NQ>cz1+BGCTmH{$8{B@|wwy0}8T;_=m2ajNIzF*+5I^!-C
zgD~;gL<l|MaC6w^Rh6AKiy!ZXA_-Qup-e&{%*N1%&n=Pa1>t3di`UiW$}6((9S133
zUZU^Mw|3$>zB2!XuU)khQMiNO)>bI^bJ8+EW`cNW(^r@K<NIRnh!1?mtR`Y3k(FPv
zH#HUwCO^+_j^yG&-Z*QP-1&gl7E$R&%H?fNh<W7U^3isuKhNIl{_bpMp*qKh@8Fy%
zdG(fYkDws3P)C0~7Jw)|Sm2)6AS!1~tf#1C7Bj@LJ%S(x^X~PT=v%9syO}Zen&0_g
zCT*+<IA>A>(DE|kh7_#xd#R|4g;zeo!1-;z&@lz+N+Pb53N_s-tQWCwCFLVW^>nY#
znd<I!V6jaL#lzhOUb$@BW7_9Wm(X;&7qy1Ac^hd)l9f6vs=fc%8&S8&ZM;OF_{MHl
z_eM$JB{$S*Q%?kDY~#oeSNHDWG&?1G^6fyo*(@6uYaJd$$N6C6+XZijof#UYlNXGW
zLs~bp$~er*2!d}1f{)a;4aUbijP9eN(1G+TYQ^qrsOFOwq*m8IpQCofMe}EdfiH7!
zT#ydDBU7gCFweto?;9kN-&i<oZ|W0_7S=8csAM_0IuS1g*)gc2-+yZk8;-&lXGp`<
zy^82$Z44^s-?$AscU%~HzU$9CKXjby8Q5UqVdQDMP6Wccb@U5;3e_3ljh;hlY<8oI
zt(Uiprb&*SoTSo5X!F!-?*ddy^O>*@7v$v)Hhcw2j5T*OgQ%q?rn=)zycEge(T%OT
z%e|--u7``3r;GwVU;8mDPf{+{cyO-E6Z@XJ7n5r&+$8eW;XB)Ch2qW*W(h_A;da<m
ze71i{rM`cKm{k5=Jhs=B&H9hW8_UBlQgkn0LY?-#?|OMo^JB3h{2PhK^*V>wj~IMW
zy8gCvLFe{W%=way$ja^{x@M%!ajQ|H-MZ%zO@89b`{!ukjH|7hk+?tRH|a$0lGXZx
z$v`I}!F!^{Hu^3$TD}&>ZePyyl2D4owmwMhL_tfQ+jaS!A}ascIpVH3M-L+zMtg@g
zFQHCnX8z`EWYTEr(p!V65sCcc9*A~wU&{+~hv@8AbEvAf)}7{E+!?1SPl)#2QLbws
z>u4t__^`J2FN1nyve6QK=q0uORFt9MnV2xF49w;tY;CcYw3*CYaR#(lZmNSZ4@o@J
zov1#YG#6GC?R(y&FD>uv;FDd=y?FEBgyA{MMfVf{5lM9CR)2Cje+{v%5zqGXI=39}
z5r2TMrS-`gXrHxLJ^ykz`}>`J?_F)TlKE!WeYp#*y|VfanKuH432^keki3%C-1+OV
zUTZFGyFME==`lRU9d*k)#KIHx^Qt*c|FWZ*53@`IXZ>ZbaXU!h+Et+Og)rOGF1@|X
zJRAtj3``U8*8>+XJ#Loz8}@lNZqqkXT{kWpha6Y;h=aa(3;E=D-4wX7t}TOBhf)WQ
z21Rz7jJNu{V<h)vR79lTc4_*8k1oa>SIewyRWrzVK4`L#U{FK~AeU}L{5-YumX78<
zE6v;JUYnYuRTT6}@Mzu?t#vq|7KT%NA3V5y^CxQ_i)coLg#@f%OMH(m?bV`F>7@hW
zQ!lD>O%1C(k0Tp(=9f<LsAsx$_Qm?f>mvUaW?)Yjw3Ztk`udQpd^L9@cC}udte2^x
zu}UnN1J$WcK!2G1tu4uU$lR#`$`otS;>{hew9n#V=ha;VGQ$T3$PbF=NGR-;`&tXs
zb{DQA)Iu<iF9GRHbwk8I5z71=v}^;rgwvpDx*je+1(RH988MxsxR8rb-y*%ij9^N*
zKN0dpc%l*krT1#Jrrch0OpPN$8_iX=(IXnq-(tQ#SG-LKsE&wITy)oMx;oKy{Zm_Q
zvbx6g!}Xy3maDJn5C74&yX^Q*s=SrSO?caC{=LUbPXzSXg2Anqk^P^<C3FR~J-urF
zWa<c9Jagp+BB)0}Y-%t1WX}84L={P|t4EGb&F;UN<tfI2_LCU!b=(SP{5MkI@4rTF
zG*a$+*9+?<-6q~NoiGyK56f+VJ|%ioAHdRx>3WWFyB^%@aoc#HRN2M8W8L39I3|{)
zmHIU6Ec44R5zcTU_~Z3gACu<2LjBVeoK?G6vt0S88q(XG#Z1FLi@%cQoHnS{5T~Sz
zV(A<|9J>20Vhc2rwpYBw3IQpg29jvlow~k2j)Ho03Grk8PzDQEL|{3GY0Kr-Hd0+H
zfkzx}nBcceD6zIJv1b`(daFb+PtHdcCA~A`17`C1O*ZdO)b7nX$pm}GB5C^WVpLPC
z7Eg!eF0aACKPSsK%;aJq@`OiMl6`TW`->V(QyKVFu>-7q->2pnxWeV4dgxjEhB33p
zH{8#0x(BGR-(NLv^uQ<Ryi*%0UFjOX=02Ol%#MpX-m_BdOCW33o$#`k`Z4$F3cA*~
zbw#BjPsx<eslWg@kbxW}&q{<W>8$@<USV~!$9-UbqDM+Y{iif1zH-^hA;GkBp!I(a
z=h9iel<EGGSlV?{{nAS}|Kjpe4OCR|zF5cGD`70&>ttuq&YSsg{@NjJgLmj-`c8x4
zq%Sy=GW0o1Zpq5_bN)ywXe{zam$^MmB~VEsk+DY2)li-~-*nuRA-#T<Q<7Z}UCRhr
z6$a;LmWWCUz(3Q+eFbLSK#vzSn69_Vi;It!vYy(*!T>iUuMp*rF!aiNH@5bexW)+J
zb=je?p&E>m`67N(k_VO!_8wUfsdatd&~VuEVT)+7AQ|@UEJmv{pZ#41PfGjh23=Y`
zbx6-p^G_1lHRMaHcU5r-d$H{G)G|s+B`-kEav~yaFL>3_za~g4nJ0>Nfr><TfI|6e
znhG_m;I7+R4%wUA+wbyXIb+V|iUMRm3<$bF&0Lp_`5SIn#5&ZvFCm*(DZXE0AM*+n
z@}~qSD(8m2@}7zHqLT7cgLl3)*|_VOT-Ldw904x`BgoF7cq<|9ugMf%2+~4B4{&GH
zq}%fs&Ww!k=J6#d>O^i=k#d-L>H2^9E{jCvoIHn4sQ2m-H$ov3B>IRNnyt4wWQ)G5
z;G`2n5928>{HSX3rNgME*^3rZ+V<AkZ6=Sd6|J2_z_pLg?$qNb{!IKj%actdU<Yan
zx(HSWQAZcCE(izpj)y^<CtoFo%UiuQ@w0{7f@-<#lYIpC)IJ!P4-wb;rH&b1G>!|y
z@pt1dy+<bQ4$hrtS-*P5V%M2Yzc+E@Hq`+88ebiq`oXF_V%>h^(?R6~v?!@MOa<Z$
z>;~)<Y*DZd`lV;fe%n<I*(RPg)4Yi6i-jyRX40I6eF25}<dP?12awfA5ySop)?{q&
z`Fd}!OdAR)37(OrzySBf8hgKVeo!M?MhO;OTDKgwBcR>J|I%(}?0E==T}^1$WJfm*
zywFGaEFQxG=44fH+=ASK)`7xB=sILI0;!ZOr-vt}Y%CR;e_ldr+(1JsQa*5xFApD~
z>~Qe6lI-S>Cb?R$a#)hz>*q9`wTOG@tpNIRV$#duw!LL5%Kg0TAjjNs>bC>`H(?u^
z(b@yQN_h}aIqNii+wgs?pMlrU6*7ZD(mt-se90l;;KB(cxwYw2H8hjeBA(z`ODvft
zNh<E~KeM+yw;x3OdoUkj1EfRLK|j$&C*KA%&wVxQyT_siygnfH)uwW0GRmLX`Ex=C
zC;z7)!wm125d-J`bZA>LAEtBF3v((hMD3k9c6G%kCZh;b%36yOnfaWDFVP)R(-|ch
z{gj`_S)qel6?*-U*<k++a%Eu7SUA}qmt5^eCujq1K!VVuQaD|!0$xCx3JT~d679*#
z>;r|23b3S|C?Pl|c{0)qH`B<*jJb6x_>mNkRK>%y_+F7ODS?wp%{@L#x2F>DYaR@R
z)Ha;Quk}UzVJ4jYQbwn!m|R{VV8B_)2|Uhg*>|XSrBB$!hZSRU!7^hhV+;!e$JBDM
zd=CGrSK!H49v%#7oB`q#NeX$N;_^JR+{VLm$uZW#cE4Mo=Y^#w()-7TvI<Js?AQwh
zRCM%u#$g^*^-4QoTK`|d@q^vBpM9p}`rowxX~8=>h>YgkF#N6bkT)+ptK^<gnR*G?
zS35AR{l{-Qm)hzv7Z0IoW!)db8m~k9cS$B9TO;V=m;dm@`<=YTME-baPqS@3L$>EJ
zml{sD=)#BY8P=yYFOuU}zh0CK`+pT}8}^0OKBiWZ<1ohJn8JRFC&VkO>3W*oBjW^V
zaeoevu+;d%wHNgXr}%bCWI7vmW#)s&_f=!bsGOauG+hGI<gXP_K)mN)Cb*vYmj4l<
z4r*0sYcVVMn{}UyK(!8{Ac2^IXokyA1-7IOyGmBNBA%!{AysOn`jTvM2zPci|MG@^
z2D_1@cdWApc)EsFhciCl9VpjkA?IUkabdI^!a5r@%Uh!v;4Ak@U3h;Bokw6xhI?c;
z**ohh{pH)R<vlaE$_3Vojfz)BT^hN>*TPT9X&>_+6&R4Rl8w-rN*JxV<~`+=N3>oH
z*qMm;44nLh^EQTg)H<9H5Isa`nkPwixJ4!+4U2<XK+K39vdOci$@Q0F^@+s1a2&$a
zO1Ghc9Ncx<pK~?NLL3<&IBPi%Osj=#%#eGTxK#@Jhb+rKC}KoDPMjk4ckMBhcwgiP
z?PCenK92apOe;6g7`r>1t!_y>#&a&SO`eX<<2p}@g6VC)TV-gvwqX(^W6+kGy)w#M
zmhfTzo0#KVzBcud-TUuK*2upoBcE8jV`!Y^jsW*)^GWHdpF7Bu8vj#npfkt;!mnV@
zJ2hi#!56^YGf_UMM*6*}7IsUjs3h9;kebze%tLHgE0FrNho?i$FIEc^`4Pj!;o?~I
z^s?s42;zV=793}tG&H_FYUnQ=l(eyq-qS_8_3tNss>Q^`y)`p^S7jYd=5--#Tf2s5
z0i1l8wll`?^5x4Y^+IiFDXDIYkG8W_@&}je11Towd-GVBm=q2U4j&d=H>Ar=2P}6*
zZ9FUsTLNLNXSqKeWI`63^?98(mrnX&5z(X+6e1wA)rvvSiD{X&D}I!I#immTX>M*t
z<<GyxkmO@vWHi~CEc{$h{^4X(xo2=t-I&dONyuWh%BC>fwS2LXvlI52EWn?3S|$y}
zYzLky8Jyoo^Oyrk+7v{bQ=e$`WO85afV5tmY~H2vBMoVFL*76Vl5k%3f#hIDhqrZo
zg})drX?8wGe-7_eFg}4wOCey;rLuB9sIz9`E0M<F_PVLT!ayV8rB+r}R-1bEjhu-|
z4&fO=rojEln4-yA?^hOfwv+)CJw2BDyYuD=9{U@8#{rHq^AXD0-KyDD!TZZdEN2;6
z+3zJKN?6#~x<#{hEnQ^ZI_a+Kgr}TWAonxt+SM4@aVwoELbFr~6BCosCQo;oZJ{M$
ztwy&>UQ!xCLHz}<Ya6X*uSVYW+!WiG;~_!)_5LI(fM{_MBp{i-cxLzpC2~sNp)o~4
zX3?N$4)yyhU6Bdsf;UQO!A;-zZVuXxioI`TkrjZi#v)_WcE>6T<X;)<5AtlhxLk=8
z9G~6n^1i>;uf5tXC?E;4a=ksBGU<t-k$EZNP9+g$Utdg=k(cf!({#ND>gnr?CFOVP
zHjd<{b(wPr{%HrS#gDD|;?I|fM1T>lE1Yu`Ggy9zGJXm_ww6^^j&3+;MLineTKplf
z=(>@1<b8kcO?sL{$3X()3h;e#65>VsXWtC)7ICTmRTc9`^NKLA1+Qb0hRhS`m!Mn{
z0RV>26iXjLF=1(TGoc$L<kv(1$=5%Mvb$Z)lQ_Yh8?VAzBkr(^F{?`Kmqn&aje~z_
zmWm+5VMt@>LL27VEjE=I{Duh)3wvu6R<PE1z7QJ_07v+yJ6Xi+?&k8t5dV2Mz>_(S
z8-r>SLj4yz#m%b#r5q}^$0BxSDhqTzPN<C*zT>*w5WJ@cx$MO)dR@y0p^^LyAku-o
zvowOGRIs<f5L2@EoYHkkdqyUplLm`-AsB#*B+z_w^yTx3uR%Z^OWh`=@Z0AE^2u-V
zlgZb&#hLUPG|%?t3kHLiI4s9s;&#B4qKcqpWs~~}hh1%EN5*yM;3650jEuyjr?V_C
zFUx!qsgSd^wN+c4n5%W9;o;FLYCO}Xu@=tME;kK7*<W0oU{NPQWZSUwzD{{Y%BOkz
z{P}Y==cC*6MMi;5)EXg(cD-{U)=xdpQ?&`!S*cfG*ad%0Sm9?d7@c?h>_cyDgn#&P
z!(T&1#>L^dUIPCf0BpNs{Se<b3rsMIq1myo#3BEJ=APtSV}zH@x$Ghm3P|2+{m4@K
zF_vlp!&zcDzwXD2j<b9R0e5ME?P^y<AMi;Ga~ODJf|nn#=Vw(hmEz2bXR>|M-~Kie
zooj3jl8H_L#wa>2V$-<mWh{QFjMy5aj`7XU$wc4l^84pbpC6gX>{7AtzHnPZQAT}3
zLyF=H<h+Qj!L+GM9D}|k{!+L(OCoM>LNL+!4t$*U7j#20@bx}@dt<k^K&mVyKA9^|
ztX1cfk0prlZLC;dP*|)FwBL{o7qpS#tyj7BgPi$A5$d0w=Uj73PM;_cmaoW_=G}G*
z_1Iv=a)i2t$s{6P<ZlNoIj()xVDNH3gDCem-CbE-UaUlZ{ox0rytd%JuVw*`(tGYV
z_Jy_SM>}0y^@5x1Ufm80O}wu6?WrZ-a1dU{s=@{Zg0OuuhgJONVQ5&K992<jd@<o1
zzczv!K(%aZimmZoL&{|cMB6b?vOLIJY-TE?#jk}vwYd@`u;|uFNk{~JP8T`B&5DD8
zff;AR2qUL1jS`ZFtJ>pbY8C>s9h_H>><ezs+}~k-A1x*cBpG!22gYB)uzv~3VM@ec
z&)m6OKVt@kq1oDcW`WH+i2m{>B2w}myop>RtJM6>LH`o$4#342tnbu0pLbbg?&#>4
z$TBOb9@H{Rqfz8L6jLK&7V{4yWS8K%T8@$&hYuhTOAyi#a$^>=^*Eb0I|6w5r#U9`
zJi!G8E>RX6c`g_aLg@d4*rgYd%p>z`hsWch1S^odMTp$51x^{-2%$YTnAA-QnP!tr
z4EBT!-lB<|nw%(Kqge05UhRgA!P3@jyv<^hZm23?EMf&buWH7`^SUT05u+tAvMcyM
z<SL~7qzv%7J=OR~n&rpReDi^3P>5UDw*}VWnT`Vl9$zQ(%KQHIyf0Gl?g!=P7Sa*k
zkMy{>xD4AUnBpO+rOe)UmwD}-oj-q2h>?DaBrui_fVK;f$8fSwEo?zh-Y@H8QT1B@
zn5IaKQVdJ@l|NFK2+ST<cVJ0*Xg)YB)u_t5Ugfu-<oA~#HJPLJAq9eWY!kY(ONaje
z6x5mc0N5T36JJr4qg-#_6pq2*sQGDQmXuWi>#=p*h=}rDvL`-_M0`3nk8VKgCw@z=
zPBC5UU@||m$@9Q82}bL*#q#g%%3zD$K9RH{k`cU+1D~2q+?+nQ)o4j-0Rg=dIutlK
zBm~u5Ic54Lav5?FxQM&rrYo6HbPQMw3qSMJMelpv?~?w<WL*>=2~=FZk#|gePtf}*
z;8+nE#)uCa4XZ4^sc34Ni}j_%1r3fMgd&8Ylo=y~9L|so9|wt33KhW@x)oiZOMt6-
z(aXK^xI&6ZUg*PjyGj!OH`Y?bh?o+LA#eO%!Inxhf)|mdLXpVC6e&bd-0w1%Jj8^B
z+gndX#0a@;Q#H=MkBn~Y&Q!|!`TG|Df4Kn@Eh^Q)Y25h?7qi0S^5~~A`B_JM`&)4p
z3QA;3imTv?Pa%W97X+mi5u%^3K)DOSVWA?|$dXqdlrYW1DGPn!Ti4I#Z(+~W&3|TY
zNBq&m3?5q8F!zkVZ@%(5=~JHw*cCU-A8KIfFaa9K<^*!%Hb;`2qr2pp>}0`RuAZG~
za*kL#jbdm>#;2>5HHD>LK_%sgm>_Mo&UAT5vDL~)VOBs9dg>mWTt&X%$;y%-A0)pL
zVbsuZ2(+Fq6X)5baC6!om;Qdo3yAesFsvE>*@*BJC-=RqtgKoua|lyNvM?c=QNT~^
z5l|I8CW(cG1p|LVwqG|HlDL#C0^7>0U2`Fxy#M*`m=piSl0O44;&qkB#d5IBNy~!p
zCWz9d;;m7{jHpx3YEP_MGB=VaP(3h&ukS&@s8Qqu)<DuRNA*K!Cp##O{7}lTEUOsY
zO_TFYbY!$w_yCH%&^&)iMn)!%0EX?^ZNLv$3e>5f^WPp2aH%B|dE)q6d*-FcCQ1e*
zN;FDyYt;6{bbj~rs_GcLLjO3cv0Qo8t*H_&w5*H@n3UfaqV2u|KKy5s!f$Y9f<l50
zg#&N|?k_ho)*6lnkH<Y+^|0xpU=7W(X(2Udo~|+%ONZ((&)o&NOZWrRXa&MuFP{jA
z0XGZ>3J6)*A5IyR_qp^;h%M=6{VX)ABs)({8)dXltbOe{(x^*y+(dn8SH#*lZQBfX
zk#;w}K5_g|h#oVI0I!r{tnqw!oKIC3GUcm^5F&YqFBK_$TZN|@xf?kHLNxPP*0Zb+
z<m%?vCqmpvC@3)|eewDHYSw-7T=O|+rXy#DrIKHqqlnOy8SL+<VA`uP6+)l^bX7uL
zh6Fz%j1eVA8#`mR-r@_J_uWI4Med8ZrzxwCkena*ef<zdL^GiJ-=0LWmm-`B>j>9l
zbVsS6`F*kR<qojwG@Bu1$FL%I%OwARh^bnYKaCL{;Av{xbZLsq20wyAzf-b-DPwC}
z)ZWq2V^!RkyAUkoS2}{CQYS7hPG34uMJ|HSMa4`q;}WNb)?d0GW#jhd1QAn_z$L`Z
zAmqw{Uo;r4&=Lmo9Y!*FKeJ|u(4oIiKxu&PH+~)b(PD}T;;iV3(v~I=xUXkHk7#Rr
z#l+PYDj<z!=RD&xc=`4j9*^iD!T6oeGd_PzkX|C%FTW??S}HRgX`HAu7K0z$5=tY7
z<Ltyqtr$QO0+Ns&`F&ScMK>JS2)JB)YeY7u81Ko6T9k{wewR)7*^N1{Rn*w2$6!Ba
zoPp2$J;@nu)H03RK?HCn@)kzh@x`XVxyODOScHW1Lwv_!VZaFpR7Dt$Dyph#VwhRF
zQ3B8D$H?~#?#aYrgrrI%aYT$UB*>LAy)g*MsfB!mWU3VfF2!~SvT+NG0cYgr=OTyd
zwzai2EIhp2GkTFYRBmCYGTh3NE=)?Vrpt9=HGY-xWo{&Da32CpSk=aJ%6#&ohLcg*
z(IQ<?Wi^^+@_?x;VC~-~^Myg59bVpD@2k0Sxu9nGEqENu(=1U?BDRuV2*Cv~leczx
zMN&cf{8vWM#bgY<X(6|;(P;a|zX0FhKEKfyW59p&B_z~o(eoU+XbZrX>VF7F>!&54
zYG++Y7b}q7<G+ZfA+`=6fnDU`nz&9AHhY0_<EWkZxzIx1Qjhs*K+wl01rvl&Lz%*o
zEcd!vaU3ewXv_gThwH4qixR6=PYx-0BLPEoT@e$21|aG%<AQUJ-<N3L5Jot)g#&=r
zPx&0*179a?3~!79-<Q!jIXRZPqH*w}-wYKAa6%YTxa^8PzZyZCRQX7emUt_`U8Khd
zM<M1aG$$lXjYKIFwT{{fErx-_iSdb?lfn%tS`xqj0dCFu&0gD@g*x`X;boLc6p@2A
zNpe#BGrx(m*Um`JuFxu^zI0sgj|M!5m$X`1T0bMTeUbcL66DnQ3&C&#zDsl<Dn7#@
zf}eI@eBPwpIP5Zt-wQD+NTB~48w@!mavcho9s%vHi6&8}+M`}ZHT_DzD}b1~G%vmh
zdHnVg3Q_P=3a%Q#7u)s$eRkHp5IjThGY?{G@dAZF`N=ol-(7Emm)n91t_B6~Jv8cj
zR-}ZgR>@+>rl@d<0q6T!1RuFS6=uL*juMz{d$?@zi6$C0N9M+HHf4Fi#akg>!y{lR
zB$pQg#}=B;a9k<Q)ah#TdSJJW-`R;n4~VXO1*Cx_GN|Z=5(V^}A1=s-%)JS`F9=Hk
zmtS7-e3ycg+!J5LoMJv<y{5X+T&$X$BuSl|&tRVrGG+8mX$tT|#`WH$<B3%WZJIAM
zxK=V$SWVYBWY4f8Z4D07LB<?sZK~D2JGD7XPfyFt{jLQ5>8}Hm%;owyChRpFg*H<D
z1f&D?l`t>o3G&D*e?)ZktT1N95ZMO@LQ|B8LlS-pHd=w0%jMd_oo_VHFf|GbT_n-d
zjmI9^SPX}PhFC0BuhEUZ9?&%f-$-*tMYRPa;W0HXo+-;QQ7^GTBY^~!zz+B+iX`6Z
z&s!Cg6@JF84rF|Nm1~r&_%S){9}x@lQMeZ<Ao8-JS8Ysqefg4k&x7)R{1S4;F*Ad_
z98Blqw-{9M|G4;S{-Xw1OPPR{5w$Ih9_J_A2Lvom;>>3Ja~qma694DM&5)P>l7aEB
zLh5%Em$thCD|{E@Q0ItEUiVJUZ<A7S*SL-7tV%yNkL<0yjo`=o2j;~(K!#E9&a{5n
z|4QRCO-CmztAq?;`qvDWcPL{cw}k6CZ`)Ab3K-HT@J2rhqv-C^1*GA^SG7ib>+k(B
z_HE(H)1ldZYau!xtdoY$7x9-?Y`K6db0&?ko7&?VwfWFEk6%+Is^7K`addV{5}I>(
z`w~Ln9dU&6INmIk$%bWKfeF%r$8kR41oyvL!;flL-eTc8l@$JQql}^cv7wyoW(N9Z
zuJmB7z=LIrjD??|bmhon>0c4%PP(Yt<0y|<-;gxbz;o8lI&VTOU0TtsK6+p>-hWQk
zgJI8a)U^-`St<TnqS_Kd!p}U7ZD__5kmex)Ay`9Jce!?@4@gsx>&V?`FrNRL`J2Rn
zNXwMfuhxkA#T32;F3RemEg{3MYExWy(I*}{wG#0|Jo*<;X(idu+*tRpi#sc;_Cd>B
zqk;jL?SonXvhH7gE8`P<%Y=ssu^Vg-|I%gxt1YXD0{WP!#`pDaBAUZ-?*E7?R^MOo
z4ENpN337g!;K&Qa1I-;HZ)qOKk9~9HTE3OUmKli1H5auFm{kCs^xUudxk$e|9s|Xi
zK!iZcof49RAJnZlTbK`i^IK_$UjH4uD%CMTGFZjC%^3Ax!o6e+=heq+u(@xSz34q&
zc~8Yl7Udg_i&psaF>vqdkC^`_SGPWJH9KCoB3o!8b{2w+$O*Y<Zany%Iyp$TjNKV$
zO)fqCjhO{Dsqs9^JV5B#JE2SN0uHK=1f}hCDbH`-vs3L7Y2=V}#jf-qX-i;moqk*j
zYWKt<_8PzBcN9`e%=c96qTsKaw<tIICm-7@WSSb%xkXV+Jm=dwEI}^)5ih25taQDw
zK^xn@i_Jlvgpi5u+y6#7G(<KX3saD7cmj`snUb~0l2uYM@fkfq9U*t8&h=nCe3Rn!
zh8_-(AVISyS>kQ^*n&9eE9Cu!@6D%3x21NAZ$PH6P~iUtp#L2Tr-NY;hm5Q0H!Ozr
zys0J&B-wYY%pXyS(xavPw)f_!tx8Et3j;Dp&lmp$GBhYGLC|ntzs`*}0BEPTF^KXc
zY~Ta8Ezv?_n5XR%fzGG3Vd;G%M=Jpt9}uwQpT#!ZIB*b@9x$gek-Ytt(p$ru$rsUJ
z&YH@qgZS^Y`|S86O!}6z$Pg|zYih%R_eNKi&JtP`3Y(EXJ<V`L3Eg7ZOM~+lSzJpw
zBp{zKb60)>IR>S%Nl)LSyH54G^T_8<@(4auFx4jvUyBN@!0#kMp{;1oL!LaDR7)4q
zWAniB(_1dD3ONskp<<w^GIdknE*TSa^$zf<BWU-S=CDk|=Y$>3;EJ3HZ{`lM>sCdt
zmv5G@exF9~WM?BGcnKa{`!1rRHIrfFJF0mk$!0y#v3D+$*1k`t_kq))T5?Jm{uo#=
zfcGUwlb@#Z_!-XEwZ6eWsbM4?JbyWl+eB!jYb?HXNFei_VTah8BaM<A{E8^!uN=GD
zJGMig_?|$FRLbH0Axi%&^gh=#M(Q6`CsuU8zuNLi-4<VSpCSRS))N9jAz#2j;|Gvr
zZ060TfmNaam8u~cpKPcgBkxcTldi-Fa3h-};6jCmWDscX{H}bVWKo)HHtRmDACbDW
zzg~B=`ULr_!wlRqkFu-=d>%e@Jm!pTMJxO##qp8HDIuEA7(=Y-HRTN@&A#->l?OS}
zM956l()=Ukb*kvos&LD0_T`C57lNt8HfUGa4f_;;4TIxsPW1TG@Fb|fv`)Ud2F@qK
z_lo7Ov>P5~taQ7%cR7l>ET?MemSqxP@H_f?AG0%2B5(r)QYg-Uc$!O5Knj7*<aa=#
zmu_&<Y&GQ7gXW6bO#Cc=Z<t+@EofZzxWr@F9`19Q>UV0pJ4iq&t}1a6zID<+_x>j~
z5X<S;d?V07ZKM!F^zu*{wh$9U>E~ZS>EdzoQCZ6u!qn3PR*qwLbsJ6n{^HX<c4o<n
zXYQ})M|T1^7!EElY37{iyj1UhNqh(uwkn962(A2KOIknsLX>DdhkCG^ZuTgB)-<nr
z_O~_scQBBT8ZZ{3_I%-w<^etvVtw%HLMEj{hz$DWotg01E-#hABYhtfCavhDSh1s(
z(ozghAMXbB@GH2NkT=g<s-6ahsh8q}fJZ$Xfi0v5SBzWH-CJ_ZG#59Xg$@B>;`%LB
z@CXST@#BP;xfHO~L@@%hw2$oxkn$GFj1NhJ_VaXp!2lY>At7_i03>#n4@lP%mcu{d
z0bc~*q4J=Y%Pk(g`EW1EzYGF?1To1B<=hMW3Bg?B*-zQqyhcD{{+{|ikeF&+r3>y*
zRM=c_<b1NlVC0K0QmFZH2D0BJ6SU)E8E9OO&1k~%6W5jD`9h!4&IiuvA#W-SA`C3(
zSD~lpt<Yjs!%M*J9gO*pq-(Q=bN-fSpn*U*E@eY6`q-$xUpYo)4d<y~mU-uWk6OLZ
zgnd={XDt7XMRSFIJx)n#b853rbB)*3+I2xvNJTXE=-{7)6;Z7(i20`Vkp*YCGjRJ?
zu02n-L<puytR=ssyvV+?c2vbe6G&<Qw(Mcif$ai6b5!|hSlpHn*3rb8WMLEmSRtYZ
zD>UXsiWducbBTIa_C$O5q{C^4i1TVIAl=oe0NHtw(5@$+Lm>l+vSc9L9iy@foNiuq
z`+T*nxEe<VJTja3dhFL^6gR_sb}sq)D#dQHsU$7t7xDJ?sYzD}(h4A>{*XwoB|W<K
zSqyF<JGi<P@)4(2XVArRc?tRClrj|i1d{>er3J828Z_7X_6`GNHTfpTuQu~n?MDcY
zd61|8ps1H_maddMNtUk6X<GIXA5`@>g+=t=w9&RKka|(WJhuDf<;o`+bsq=h@w%=E
zaV8_ISb|+vD(4ffUO)-Ei|0Uj<;P+otKHEzsbiw7I*jT|x@Yp+3)u4ypUo`0wVe9w
zKu^K479)~~QD?=!GX>J^_qhiDhA#hRp}hy`e~9Fc74IlH*2j}bA|eLW>KCA={^oZ+
zAqxPe(lUx}yK;$UenM0qQ5fbZm6~`@(l3t`Oz2~s@RuBW1U_V5JF^byX)zr=#-V_y
zW)f+t3Dn`&^Dn(9G~W6Ooe^1ce;0+|E`{flrK5l_oH*Yp5R4XibTmz)cM*Q-4%7*|
z@D#8AK0j)kW){D4vvf1;?sf9!QucVpb{N*LRc_Zke#)6ZknX8e0#yQ(N(CiAkfEgM
z>d&dO9BtAptEGL}6r*Y2XQBT@<p?&>Vs4G1`TCGu6qZY$u<6oA7+v|h(Vy`@NB}hR
zaqm~uQ-R8~g|ozU#wazOGfD<!!UmG?cMbgu$y6v?=f~N^uh1!uq<2hME?MoA*RC4U
z2>rE5oaz{j|E>kF=U;N`K8;#Lyb&1R_adLfA-9qD;#lle0XuA{XLQ9pMIYm^&<Oz~
zl}Ytg7Nx#-SC>fyrP<|}uC$QUD4TfWnX~Gfz8oh`7_`{ES6dMa(k_-o_w9!=muuH1
zF^%*Z5oCfa$c=wYz}=2H;!05z|A(@-j;gBb+W+Z}L#uR`l+xWPARQt|NlPEPJETiV
z3F+=m>5x8vbO{_ly5YO=dG7bU_5J<x8)pnLj%Vz%*IIMUb<NK;_r6nKUHb9Ogb2+;
zxp>$CJ|q0tQwn>bCWpn%CM#Kwt!qfdp0V*Jxs@fIjp9A9Pu-7n?EZVB0_J~<0+4t0
zH7m{-+jxI%ga@`Ft(6QE0jVUsI4!r++&3dvcqy6}h$1e8m14p**rV8oW!P`Htz+pA
zQYjZs!0K;!7G!GUrI<yE3B|VdPRfrjQQhtuIX_*@d*pi|3tolmu(n=Pm6hLm^D+Li
zpmVSkzH0KS_PM=3*}5>$Y8OQlXu8*ZxB17o0gCKniDFof_k)vcgq@?F`f^H?&6<=H
z)O_s15)eOJ_sxLFN+xamCf}@U)PA5?kV><=D(w4;)p3?kT6pe?XTj`M#Ys6_qc>!E
z`Z&pHl3?Nx+J-yxLh}58DG4h*XEP1QOlwa$?;Dl(6Ka;@?oL-yAx}xTRAYq?5dbZw
z2LPG{;M*|czHcHhhv{fRr6o0?nVADS*P)?QB!|&WmMLswN*-du=@*S@b9wQ4Zr!F6
zv|l0;$QhCYHVGV5CQwjqiCLwZBXVmte4P{{OPz)4T&@<%mXXhs<+WXh;^k<RrSa1?
zzBDmBZh_N#uE#e)%jGTYD|Z@-d)1|0PG?rEHj3I2q{-Q7>Wl-aBFu)bzHzo57VC)o
zoqjdQ0|%mj_?O38pID6KDr2265}WcGfMa&T#`_JTZKcP<NMW(4YnlfFkm;W5Mh(p1
zg;+V$OmN8bk&rq%4L9zl6z{no9WWmbq?s)zKpLK0neD!^SZw<kh=3fHDKc@AhO0kQ
zrp;D9>Mg-tHut=gT36u^R>*YXG;D(MYrwGA(OaEb>spNV4ZSPtC8D_YR?$3%)XPhN
z-mLTKZ&f=;TA&jbtm;oD_hL~NIWD=~OZOSf`f|5X>+^Ns0zJ9EE!!*ZJF^mN`@L$T
zJ=D3%Vb0R+!!G*q#Su^cT6BBju(M9l;;e|b9KXx{#%pbU``ZSLJ%?D`Ve*VC-^i9@
zI8-e3q^%M7;;0bQkI(GVEf1k5$V0)?sWeS$2|pYz6dkUdiHgsz`oDA^FQq*U)Mq|q
zWdl@%)dxk@hhJB{z#B~`CU^M*Bmzt~3Qjh~PVR6?p3yX;Uksj18pNG0zs${U5x-8K
zmXTI&dOIp?YsZyw#?|Iri=8ocNbOC|wRD*C;a&_^C7>d{)-^^~8Q3}NP_sRFh6O+W
z8FPRY_o}0@LakxYx>8$JDQNeJ{A?`LpDXTd1JYvVW72%|f=82{>VNl6oF(z(2n`5d
zE=d4kgw!kURNf;lx9?<1HkQ3tuYFDoy{_pRZ<=n3OO54A8jj%_Pd`VPtTf&wUUJ-j
zzM0}cZCy9%tMjDQ)#KgubaPh<7j#|7sao6C$S)0IeE7t~82`TTqJ8-`j}zOPP7AwH
zCyc4w=Q?iKXCMA*zfUBAccRpTNT=O0habFDZ#zh?pfzY!tya9-!(o21N>4v<=Aysu
zbeHD2jjwY*8E)ydv&5sq+WJ0M54`w|scY-UC=tJ2{j$EG%$mDXyoas3>`dv8*UqhP
zxHk$O*aq~Td$<q{DH8qoqMs??5V~Q##N>f?F&J?uL@#s$w20qc{!)f*0TmYyFa>%f
z?_RepHxw{Yg`L0kIUhNEvt(=6#+PZUX_)_M@<tm?fOUE8MD)+x%+H->1&9^ZWEQCn
z*Gt<V=PLA<0Ly9q>XU{1c|0Jxe5kFeKQ7o%*L<SD$XV1i;5|9oAlEXK+Vk+~Cb{I^
zrqrZ#naab3K<?fEQMID=b*U}eu#fcp#Z3NjpEC2Nt#MgwRu;w8p%r<-*oRct>Q`wm
zl<4m6aCGk81fM>gQpoVSVZ0g}p4}`4=5e&oU3u=S&n&4k)=56Y-m?AyZ~7yV-!tQE
zkI!KbTv~xPai7O$wipO|Z95L=)k{q`zx#%KJd!WcPdwI^C+uU~>0>g~OX9Zs#cbn2
zKaDC`pJ$@bi(J56&->vBdtg3>#Z70y#6Ygll00wQ_u$2Lb@Jwfz7}Kb&n1iXMA_4>
zht}s2!ne9)vW+t0-Qt@&A(<NcUs*h*fO<3?4_5nIRIZ=1rydz`v<9q+3x};zbb{QP
zh%fOE7!rQI%-Ou-xu-7|PG|BO+hw7Sm+oI+8;SRly2<lcMv!}RS%l_oQIcA5(o}OJ
ze$Qpu<Dmw1N%IM<$*EYMX%)o&E9*9Qg#+a2OAdBxY(WC>xjI?mkHG*Z==kbERd*{R
z|L30+A6)zFOilBCxU6?GS#E|CvnJ*lu&IfMYU;`aGOKI{bIcaBI+S#c>bg0OGyDHc
z=?=jf^1Cyg5M~ljdVVkURoPQDjE|x5liQ1vX$w_-P0BIhd-2*sztv=n#AY%wmc^#N
z!4@sy7@mxD<_qOa3ZCd@eI{ngEPUCJQPLk7BE>#qF>*W)618XJRc^cUAk&l8u|wH>
zNK_THd3ocgdDvlqi%9;2a3rzcn4mPyRM{|A&*OYKPc1p>_&(Zp;1@)pxQAXZv$XZ|
zp@*)w_N7{_Rg)pK_QjUpLaxT1=7)>alVv(Y!gd~W5zlwsdl%7~hJ9|o_^81cH)=to
zf8;}c(u$8LDZ%>)*>IIb)Hi6evRDAn$E80OlujMzm9011R_X9K^X(Elf=?A++>nnA
z38@{#878NxIX}w=fBl$A`Dw3ev$we{o=xOdmuV1N&a?c3!%!gcW{W~dI6z?~9Eebq
zE(8w+`1riid}!0$@;)o-IfH7JUIA3mkh9q$(@pqA@x_9aRDWOlX#6*FFXk~tH@Q}q
zlgqu$-8a&5eGshO2F+EL&DL3wxT)=>BxJKC=GkSpM1^FNwhIgAAJo-kF%_C$b{}NB
z1M4!}rkJQ$w6EG;HC?I9#n!7W-GQT=<RTMY47?4NZfBbvzF{WIo@8xRy<4J^%kT_|
z^j^{AbKfY4j8s<LzE5c_*nKc4yVKUK{ZP0hqGu1tKJ_sPH)cc8=*diU^^1=2dgt{K
zd8V!@`1`C$p)co~oG=A{3kkasqW(SwH78aFHGF6SXI!|}A%Di`4pKO*p!5VpJfmx8
zQp+fmJ>Z=FeHZ_Qt|1fmolFU9*Ju)+spmn;80kr)ak+@gFfY0CnrGYfrN^hc{`To?
zx7EaLIc?Vzld?ssIbz3R!ioBJH$`E$8+4u9cH2aTmuumxRqeUzns-$IRKiD<S?*~-
z)@~JCa^+RpayDIzyIj3zaej9&M9#2^uvuwFmY~98@HH^;jm(d{C4s}LFSv6Ys<oJv
zI|qGz;hU0qxxyDwg1pArdOX*b$ulFxNIyyfzX0oXBMm3O)MZtFnk`h7fm#|f`BS-K
z`~urEHlHo)WMQ*2)vlrPWfrZ>F;|<<BtZI;k#Wn0iiH`M+WVGG;N*DohOI<}*VgBx
zspZ89Casb4J{j}2o@<h|P9}A6QfcfCn=n%%VT9n_cgI~w@rOq7SKf5f_fajLZg<t&
zdD|UitZze9$e$awH)6R}VU2%yHu?egwmaABv2FnVT{lQ)uQMvTcbWbF)U^JG5GEm?
zHdxC>dNKj4rmo2#py2TGIKuHaB0R-KA~;A22b?;ZnX!kG){%c$g#S*teLo;XkqXhV
zz4B4?zCI=@<TWP{sd-`U>eFa8|8|0lLlcWskfwahUBUZm>!PTin8am4h-a`t25@LJ
zzwbX3DT#3tX`xJScIGc_|K=f2b9H<(bwhr4ABDhO|Mk9;?{Mr&n>+W-MTgi9{(@MB
zd^#($j}A+@@F%*56d}2?+Z$6>4(&Uu;FjyD)G98kH?`|IW048WA6g_oe6kC;M7|tK
zCsKah6=l<SJ;S{5CI29C5HIn#Coo@qxdxX6H}^8q>nC?3G&o{&Tp(XdfZXeTd*NlS
z@v9n7_H8^`|9wc3f%E+w5k?#^q8chf&mYt06=noncwKpqcHNmg-z;{un+yz|i$pPF
zk-tv43GW?sD+$1BIY?>OdL9TW9(}V0Hv>OlRm|ue)6OUXjFb__en5?Cjh<im)j^g8
zaE9ztz+`-K95x^9k)5P0>X?tyy1jg~PETX?whsSrk^U{7F-?(L?&Zx*I-#3m_5_vN
zCpV+x6E!#`(Q26544bh9MxXb#$*akj&P{EJ$w@=2-7<NLPi>Tn>z#l{bS756<?oSJ
zSOAw!Z}Z+qXKD^qM1;sj#8A}FjI=f@n4Elm1timDW%RkGvb86NEw0(P@5xd)#O7<P
zO3P@u+Z=1XH%)EgyGWZiBY%P?@_=-u(j<@OTsel@rW>(^yL2Ey2+<=?!6>qat|v5e
zKz;wVYri=GCD=XS2ef@@edM|^<HRFqnOPgT3AqLU491iZXZ{kKvZ(!@1*JC>-1`@h
z=G>q1gjpQ;VgV<r8uCi~+~ly(H&@r-bY2>rzS5gl|8+KSV)$_+|0oVjuWxhHX`<=j
zd_@modd%H9+5HYix;8P|vp#!th5|w%?cYM-JLRmIP*N6xRB-lrU@@gWKu^0wT*yKS
zOJatNZx-E;)08!dHS|r}uOxXhQ7)#>_Ri7i2S;tLj%VuG6o{H-N#|MiXSDW{?$$1f
z>Sy!GMsxu=?2ZWj4?PUnEq-ys5>bO|-g^mM=$_qk81*e|Ik<a~p$gD5nVcNqTA2o`
zqRkmZ%?`jwOE4_dXw6%VobzuN)|+0%X}s7T+NMRhS+WzVb06kwzq%W~iKnY2J4G?4
zj=k^XTIPIYzR3yxUfUfkkHPg5df!JZi}8scELA?Q`s(blsF|U6WarASuY0y5A@)O0
z1o<F%hWWpG#Au<eH(?4hee}auG(4FbTR^44_a9%&4;^H8q?%F{2;-n!VqD8rHEyr^
ztCJ1=PuqXU9l#mfm+VoZGdFj>N2?B{-K<$mU%bkj@@+4P7(z2O8<>f_UHgxYF%3_)
zhaY_oVH8whO^qVJBmd*H#mV5OKSD(_A<|<(UPXwln(0ig#qzaW>}I(4uXD95ppV7J
zws+~F0t7y7GrNQX+RH435qA2#XXpH$Pkr8hPN80l%a`s^#&F8d1cAB9m>st9$rS!5
zt?AQ$FV+zNn3r|uvcJU(Q3JR#8L0UkyDS!9TeyCPWjXdr?MN>U(8Ef5(UcMfdUHG$
z`9qNZK=*y?QBSd~*;MYoC>5LbMAe5?3;&re!`g!E$STzuy7Y7gLP>2!Ka@C6NkQi9
zoRp`@1V%5-Kiyt78pCZEFG~2Hi{02s`kn-w1nj}j$~>xJor#Ab!txN*oQg?ppNd~i
ze*~VaSlj|Gqdud`&;b+NoVyWLZEC*enHL19QNeq_t@63`wdQTQF&TqObU+1$$4VF8
z2{3O+{FWTbu%l4zyf&`;fg*|V{+@B>RxB<c`}Y}Ol>BwN62*qY@;UnYsEF}^3mV@R
z{~Q<d8&$*mIZkOiJ)myAM77hB0jOeo(FYDx&?hvr1_XrXvorRPQfIb1%;<kqGQcCy
zzgRC;gl^Fy!j2Z*CJ(XLnacjR81FR<g^>Pv>-^{*3zIL6$1m~YL-|;X+IytV@qk)^
z5l(79>9WsT^*V*)-+Nd6?-Tid%Y%R&X!}T2$0zsuwTHop$1mHQmGSz!*E=A>;?$AK
zf69NqxZti#-KsuZ96v(1_=iK++|fx`u%khwrndhj+q_23A>@Bu(N_h)B1$h@)NZ(w
zBDsb2lbvR+f@o!(bnI1p0$>$je6$KI?l1+WJIkOc@rx!HnN$DzRU7MeYURTkMCw8Z
zAN`-wE4!dyx;*6S<Hbv)*37;9z;sQn1xf(BA5+u+Q{Up`hT}pPh`j@tEom0Ic#DHa
zeFrNukD~RJ<d4DG`jboV0p6DCU=;Qnp>!y9&!yX$P`PJ_a{J3*xxNb4rg;+Pf6`t9
zs)}msViV}~bZ16F+sPf&wfxmN_ES`(nx71$aDegVaw6Br;EyThi(pCn+NwuMPhBLn
zbV1PwCn8o~4N^FbunYDDs?bsEH>Ufmr1Y8AQh`xPaf(A%eX}#_487~)50R_*;9c%K
zSMJ}d-M143%CNv><-)Rl7b$kQeO>>Ph7_o*ThCNB|0Pt_q6pm4uujk!$=q~)wLdwU
z1t90;4k27{)P6jdOkIQ==a(3tQvbpuK8#R7W&U92>E&M#xc|nKOB6p+WCzoc1A}MZ
zE?kWp$?doKk?MHW_>pSL<~{>$hh^RqH~(dZdB;4GCT;xN52#zi=@J1Yp8R5y=6BIx
z#>CyKxJYdXJkqIzuZ5J7QP&*nfje$79GS^5KXvK-_T(A4pzG`N!(}#7ey3kM-rSPg
zbv6rhqypfC_amP*tnT|`sr`Le-po|Foefk!YK<pbBk=+U4H5uo{A^9NX#P1fb3DN5
z43^d}=^Be@mgzA*0w#r@Et$$@^0%dOu%F}*vgo?DegZ5C{VvO1^vM9ZZQ)EV<gQ*-
zU7eSeC5nVa!eFyd=UjOAXfZJ|HqNus0{n$-FGSd-@9*zfE4Rfo;WQ1m&6Z}LoVI;<
z7cmM{i~j9dta1BuiUV610i2T1tKyU7R2D+H%DL&K*CN^xL+G^aG;GxEye`M5xqJ#<
zh_1$aA;1(kH>Rz+{*|erTxa=8DcP+A=lSgq`3@9MB<ZLaC6-ots3^@R5udi(^99?r
z?QMEFIXMTw6XD_f3}|Gm{pj5QxOjsW)kDD0K>sgO1tSg)&h+lxqj8|9xGYX8f^guI
zS;kHx_s7=*ZC*FIimBXH9~Sv{Ci9hRSq)qko#8%U3twiXjJ#)LV@n1s7|Tj*dl$<-
z$&O<}T395!6o!U|AKnW0Uf-UKB~wZSH#lePch-5O@i~6=1g@vb^U5Lr><;+HL2zeB
zZ1)cxuPAHNyX&+3qmxVVv@}S)tpOLIac|@ic={N?(gz;ymLCRYO5Z3Kdt9IH98ak!
zYqUnsuDnqzEGUSHi2*&LZJXH<tjD@Odmb6wr?<XuTko&;s!RrOX<zvOtmzA*9+dJU
zYbb$@NDOtc3rp=)#@1a#?7=cpZD_30$UHCCWXZRHDYM1CIg^|ZQ0bAqzZ}B9+#Ul1
zoMB%IZT{n4I4e$=0*GB)Q0L1RcmJvn|5OsGCui2|!cthLW|u`3u-9*_5V^mUC~Ld6
zq>a>b-^m-CTW)c4bXyG~YI&9iJPrnJuFb3Yhg~<O^MQ-KedR7&+9l}2e7!9jxz}kd
zE^bYg)hw$UfP0%x<jU!{M)AAoZ=(rcZQwl>07EU-kVtL;k5l}QA9@7#uzfz_;{F)V
zOq_H1n1Dj!=SLQ>%5;dZ-aS1oj_T$6;h2ZpZ4n3H!<wDT9tVVk+d4(h^XQv=jDseb
z2b5#3+AO-|?tB3Y+g>xXwG_J8tTmTFZ9lvoQ7M3<LjAVM35WOE<Kkey)UtTjFEr%H
z8vx{$i;35T?bjq5Peuhcck(ke*T@i(J|n!A-18NgK}Hc=VmcF2CU)>1P8ZOMi;v%&
zw<=G3Im#>X=moNxDT%$mvr#>AN4KUfHM{Y%riE5KiSNiFti%UL@;O1d{!Cvi;8>-h
z=8>MBYUxF0v{GUGe9eFuX0iCmV#e<CqZr0@GFwR{CsH#)N7PD4^mU)3dltsSa*TBS
z*Asl_FKIi7hRATJs?438H^)P40yS*8=;HHqp+dZx3icYhx=f|IwQ+HAxC6t(>Ts}W
zHDA7b(I`w`LFnDKdt%jR^%1(%`i76o<MbzGx`0cW<;}0v?jqq_T&vl#^lo9w>utdH
zfiL;2Gu8*N<P?}k0f4^t{ds+Rp(DuDDAfUDpL%{}h^<|HoPPd{3U_tZz$dZ4zkia7
z6AXn=c6N4Z%)-m~jAaNF2WA7GU&Q@uj8v%s>_N{j$!04_NO=uE&SVQ9wp?J_*0ZEn
z>HHes!GOMGWJVkmaKY{k8is=}efEMXqsirv^>Lsdy<6EiIaY529z8RShix}g_P{S?
z^6N<4Aa-j~2mmtT5)tKJyF(!yv}Cm(7MqxW(+)WY7@+N{oOULdjz-7%LVeu;96$Gw
zk9=m+SM>Fo^NpCuIMOx0+p&osN=!;h0k4}!%gRRP3)66;gXcDBt#=l`3{Re5M}Fki
zyu>h$a5OS9n))Gzu=M?lMDa%*ef<pFb8egY+%2*wKXas2Y;ioaEgQgE=l+o|>V?fb
zrx?PlvdCSoegI%mxM!5zL;8X;3sWhta2VV#c-jdbCLM8Ga0_>Q=K~UAr;nw>+Vj;U
znKLg%vTzZV7{MNHZ$4;Jn8VMev}XYgu{LhtPIm(|G2<$+Q5vC5FoS&P!AhO|x-<b}
z&>29+HCawGoe^2F&6wq$2iO&Jgs^l7ci`=@Q(b*WvfhSPk7;gOij&T`N?LU-)n4z<
zdY$4}v0X>kscf4jztxn2c(X_?rsSv0>UQ$|EY4q}2u#-qQc#M3@DW%H-4O3(@U*#!
zyyPv2NShmW+m(@qHZ*4+x&FBY0B+)r(Ddu9AF>MtsTJ|FvW1-cL(fRKR7b6!8knKj
zP3XI>1~~xO<N!<kkL)xryL$^ntPhfqj?NJOJN~xoUFLzYF)gLdRNFS4iHV6Rv+|bX
z@Y_S52el}dT<L&G5SB47Ypf*-6>M4q1L)m{mZRPxaLuXG`Ju?g563|jTLX&M9jF-F
zY-njiKZ(=w8t7OS;|MYR=+|++z#x0QejU@K1f7L5+X431MBc#c+IquoBxf4{wADQ9
zhDAr_lgzMfzten+M*^|)e+&prP2Czwp}b<85&QAivH?NnxGvPjBu`<|8lIpp^fTmo
zc0K9-5{*JqQxD$Popz}ZA7o7nfRo`@{b6`W#T$fUA7GD2ElCVPm#*{b$Y2e<_IE{E
zRdh760)OR;rR;iZ|BV375a%4h5KGA-VQNYpaA4@w3R{Ykkqkkik+5uU99OJ+^*Npx
zm$LGH6M49G)F|KQT9^spH$15z06e3h5NmYaF4k5d{R$rx|0q}fDiH{yHCFbVKO(w1
zk$tHv_MNo6xMYC^B6rvrRBb}c)#LtZJ23{H5-G}U*wn7;UZG+H2$fpX0aGrr`N*+|
z*^E65P~$)jxR>}Pq!k8|eTLpy=2l2sbmuq@oZBk-y<{p1pwM^i6^fCRGhfMlZpRBh
zig!5FbN1YJaET^#dP>wp*>nnP%0?g`Fc9h4`N>ZranLg{$xDBHme+%iFR5j?-<>8U
zNhm3cZ}YZo=WA*LdoV}uH995X$+JDeUZnMsX~b15E0;%e)l8Rb=lkzv)y@xquTq2C
zw=wu3$NYTNoJC4V`=pi+MGQ5Yd4{5-JR_kU%R2V7i#8)|(9zSkV<oE$AME*#1oCfW
z<guoGfii_#X)ISMjrGJfKONdt8#fe6dQs9jk|RU}J|7$mpS;krt9Bzh2tXJOZ`0=Y
z5QF$hJi(IUeanRd@8M0sg_lv&JGpMRV$|&}xD&+?JzcEz+q$OT{pAL*pA~y)$KYZD
z?_b&;Nu`%v4{E~s1j_-h9NyiTpXb!&%>YtZfshM(HaIYJ9ifC!Qn{{N0y$aDd~#n~
zn&T+npb8qS9P{T%94e%F(T877yd+7XKRVh78wgLyy#nF!yD%n#S3k$bVJRoM08SQE
z3cD8Syr<VNerU5uGJ<Jw1;m*W1-|i%q)H$G3U5Kcytq5hna_6L6>DR#lJ!ly0~Q0B
zF9YnNS#zonGG2KdG^y#>woalb8URn))eny?_}ZCN))?vD&Ql^qtOgN*Jwd1XJtHNI
zb7$dU0mUF%UygnxeIV%+d>>~Z8uTKd(zp8Aepd7fYA5EX8E*?EU8gifKji#qHH2JK
zMX!QDF}GTTo`OR39-!}wPi<%Q96#dbP=G0l5Y9JBgdrc_GZ(<8abTIHJ15~@gT#>f
z8j9Bu?Nx}`Br8|+Zv43^%qhaVg}ErL2V?I#XACbwKL?C-^>Wx!`ghC$%Wn8(Bsl^e
z@4ey4IU*cRT=Y}7e^`KQme<(5jvc<R^0L0Nfo@SpceCyHdA&%E7^AMC5_Z?!Vc61-
z8M8R-7H0NqieRzlaK@1wJ>(F$URbNhYQAVN*E#44#1-PN?p}brL(IWe)A-&tr-H>r
zUSb$Kl1tlo-_O_5K;QF7iZ++B2@}UpTiH+qltG!*)7Qrgi)0+hg#!*va81e7HscTu
z?Gm5D%AT*`i#o$NhZ8#|f4B@OB0qUzjJzPqiM<<Kfhy1=*m--sm1>(-W~R-?-W~&o
zXGKKSHZeIlod&K+T6<<EBx@7eX1FNf2Lm<7ey-JfJT~!MN8>VwIpp{WIgK6Ij)$*W
z=j`s6bu*wAkdttN|3a2Jj_9%&(dl|lKav_nnNJ%!y{-lkoA%KdRX$mBR)PiiIh$ob
zz4akmU@m5IP@apej+!^SuNH~Qd_$l`zGg-M#%-~52TU)6M<K1wpmg6F1-rG*RjgPf
z<^Aqev~7V2t4>(Vz854;b_bo6DBIN8=D$vbRkeVo^F)KFp%2|VktY;sE4;j@Hs~1$
zA!;Oy?lqwpyh4=kA%rZ?kd+J<6#Ibe`(Y3;1sC_EH6OOU;oBI;W|>adYUouvv@2TQ
z0ZTHNE5}>e_`;^$HPG>HjkEEJ9to%2fu8@G;_E>U)v(iV8bTdc0LgctVX5%e#~uu~
zi9QLyTdt#s6I19j@oAxJ5Hk;eC-NtRNUZn;5WE7}Ag;oQqh9;m?AI5cDz4<%hfot1
z?yi7lCfqvxqSqL@5U?!l#4Pz2vcoifz6^wuJP?JE%!SPcQ;3U7O3uG*2|1GFr{^uM
z752xzfA}te%}9x(!WT6vHU;0SkN5IjW&@ohE`|J%idU$&7=GM)=AQzAoS{T@;{;_<
z$%J7hLol<E3>XVWdrtMrJU@r;-$lHOE@0&y7!x=YB(Q-WhhM{>V(-91^jUUY$D}QR
z5Qb)e*kavr#<f#2?QS2>1G`?lOXEDDFGB77FT*){1d-`~1(}C%_?jcDz;qE%wSY+B
zdO?%yNFedb4;|-eBW`cbQ`)u3g)dj&2}WR#U~%{wq|LZ3nH{=<DY?bIOSV_EWeG1#
zfKDV9CXvO%lV+6m@Ot4-@MbY$<*U&{4c`Sgd4U=zFbqfFsB;ejL<7&d!KB}NUY1xq
zc@s$v#W5m*!Wt0=@=Ct$)U?Bx;R^NCZmzBIsX&z3d)iCn^-ZvMKGfTgv`5#^d3IbE
z4Tsd(_@h+nPdqY;3dQp6gX9zq$kpl;p!OU!-o#rPTk;5-A@<2_KMPFHhW@561Prae
zsk_(&^!*{HJqnBZ2qe<~5SURBQ2NE}>!&Y_@*6ypH<GPK`q`HF0rHaMz`QsB(d{{u
zWRaSg$szJ7+WRR`o%`-ZOo2kKBlDg<N(Lb>!74=^i`_;S>c{;0*k`C%Zh{t31!xPc
zFVgs;jy8A#QPLvlZ&zi5sGp6x@lqZ6pfK4X&GVb$Ob0Mv@vg<XV^aB7-|4N`^~FPV
zby-izmA_G2!eFfer%q-Wx@@c!kaXu+M<YrI!)^#QE{?#wFm)ZqN`oXn`xGJ$>NuHe
z7fBc4ZnrmEC=HOog>H2o9XL#!e-T5Ym1Gi=bi@w}IO-6Adcn#(PrLdVQVnOuTec{y
z3NQXF`{hdHY%fZbo+Oo+s{{=K0zo7P!ZQ?ly8?+PT@NZNH8L9*R1Q$|`EL+$&rV*7
zV>qRE3qtxGs8k5^$S$EF1?Wbwf%u^?peYI($oV)}Ipy<cXYD&ZoZ0}m-cVJTH@87=
z*FNuGq*T@uoR$JUVEI#jiZ9cMI0bb_{vW&Lu=@lN<k+jD`^CKM?2Mn2NQv-Oi-abI
zQUtv7yQajYC?%wNPBCGqpOu9jN+I!#TT&H5D4A?nQgdo<*GnCTW*ltwt?~2su*$9*
z$QxuTcqn`<t!^&%7Oyp0Ulv)Y5{L?i0KO7=Ulc()AuNY4+Iy}_#v`S#0Sl!C6iLY-
z_QUyoPTg$q8HPXnXh2NJUR89GW#|>`IIiOpst`?zpGMXcN+L%+cp5j)#ePVI%Y}Xe
zIdl+nW7=b^k@n)B;2wS?7ipV^Q2AqKM<!+9S|J9i=DrK`4RA)Xs?wyGF#Z_Wx=`*D
zHS^M@1cx%1L&gK-!_l5rng^1jd}1^rP7|B-d3^Hld2Lei`@wMkLpKBC9*|E&e@u+)
z&X3`vB{vN)&VQQZw6KD^9RH6_or+*d2+qDn?I8^rjG93=!!jnn{6X`=<z2{^fhC0A
zCMBHy|CI|%1wJ=x-v?GW_BZi_hx6Kh2E}9&e;kYXsgUQWFcw70+py{?6Nr>nCR>TL
zO-&LU`dSQ)iI;FyGWfOs7!Is&0U2)!DIc2Q`+2o>I|}g<KQ-(ff6x_dU-r4Wa3CSC
z*Xj@HYdXnS9rj`BqM^@x9iJ#E-Yze3M4eaCBaqB9fWkmWaNFD@%^<WDNH5-|9q+oA
z<SfNBo~pvC`w@)@$&_vpJ1^vjPnD#TGTJJ*A<#RAqLc_NkTSQ&Kj-PF7E4}IbK0*d
zen~w1Q{{z<AKwc1f3fo};p_+IpW5(n_I1j(2en3j_o?vjCRq1x^<T*fiGPxf83@N4
zyxI`d|8<`pAxhRDzqM{3CJ;k%0upXwCu;0jTl1Qi%;F0u);HlT$oHMG-E#?$e+7J>
zFv*=A@4`8bKWq;oB)Zy>Vr^w!<oYM|=5TKVl{<VaO#`9XnFSS!H7zTv(p$oL87I8?
z$?*C<bT9vI(&2Gr-a8yagfHJe-K~<a!=c+`P@=&V?y#44JQHULR2Vj0xVM`1J9P;y
zn`r1RqonDuz&6AjSFEs-)TgvWUZdSYlSHZLYw6=P%AnMRS5f7~wh;sMY(Fu;N0C}V
z`GV#Q8FNEPoEMZb!P2*~xMXiXBD)UXvp2~Jm3PeNoVxW54KbHOp{%eS7LY78Y^m7`
zz<fsvBN2%xY4uBnlYpuT<c4BTIxf3{CLop`+BP{cXSm<n6n0IizvfxvSGyGJ8^9s9
zK|sY>t2*h9L@bIBONU@M(xDsCL<-DaF%^m$al0ZLA6BhCRaAkXWet(E3!dP{c4FK#
zfF0K`-nRcsY!#Nsk~YkLV<Hk3(G@(>>xnQnW&)J!sta|{CMv643j{{21)AR67eLkk
z|H%vm!f06AD<fU!i-vmFHF7xQjL=!M3_BS~7?L&Fo51|aRmmCd>=0@K4<QO&M4&|g
z?S4dENYK7FM`(iR2KxC|v2d19=6P>nkT2j?UkDBM`<_eCB25mRB%&mJHi6t3hGE8%
z_T80=1j~X~Y@E9cR>_jL)rR_2g$o)2CGQwlNX`sd+PYm`_tVn-y#S~8cHCCu5_T19
zsGfqgWl|EZU8r8c0fez!vTrv(X6L~M$i64PgWu-QND7Gw=qJoI@%PQ=i{$8S(Bz$3
zecqeWVUHg2lH@@4A#m?oigAfGdbTQs@0>m|mH2n$1t+%x>`|{%JQV`ndB##!2pm-~
zyKtRXpv03*v7e4$tZcFvs#naQJPO`-f+}g#W>(A<Zurob@G5xgMFh4{$w^dY3dyYU
z2~%4{y$C0RpYA#<u|0ZgDX9>Zd~)ZytU_6Ig$jtWDYpW=#<#GRWcZ&$;31tH(TyQ|
zA=fqjV==*4<4&MG5Nv>3NSz8h>!k<+>@W_Bbp^AH2m=J?dd+-veZJNW%@A{q&Kmnn
zG)AHawG4G<&2Imk8;#?8`o!xKct>Qo+PYZ+$=9JmDLkNd$_7ipPV7Ab1pE>)kdR7@
zFs>18FEJbr0)Ht*97bI@gGA_39by;y79D~J3VR*m9`+WBq~*ezwU7sJh}PKUvC;1U
zR~)SA0->^iXcn-xTeX$iG`<Aa^?hJoeC~tqxwo?;Snh|KhL^^`;g?U<M*<GP5x^9b
zx6b&B2g!JJ8h~693<l&(qUIg?WJGu#$=&(^4<_jI^8ObEdgkh%s=cqhlukFDalxD(
zLDU4JQY_A&TS<-aY*A?J2(94INm>|2Rr5Lxt(t97Bxy!0%BG`Hp5_vDt3A|V>E`kQ
zT^N+~WeNxEgnLMGt^8j;!7@X^wTqjtGhCoc%W?H5#j?-~*|!I=#yFs3*-CnvBW|zk
zxT0Xz-ARN4nt=cMa$Q3=s#m~Ef;D7G47*>_<7MB#%ao=1l3)scxY-XPWT99c9w6XW
zBEllhhB1($py-MX=6#U}$(YeVA&5G^^-Bo}Whw38z>e()>lymY^Jd$Iq6C26EyzHK
zRhuo+NYVqmsf#dP;RyL#Nd?AgS{99EAZMG|wY@)dk4)Y&kx|D}y)z_(e8qHp?;|^a
z_=cF*F3aJVnhBnY)|z1Zoszh9C&#%(e+L{loOEb#CFz@wc!5I0BG3r9SVHGj@*dPk
zSTv|lcQEFz*DyUwD`>Pr>7B56jRYWbjf<y>L~XV7l8J+^%cUv}qa<3sT`@#iPc8CI
zzCMxIqwgV>>^JwUx!@RMudmp$Fyh$4+Dc4916kqgU;G@GNDm(CL{`z8Z<BW=R}p!K
z`UOkn4Wu3!hr7b;<_sT<CE%b=QfgL#d`eEm5nktlJ5ga#XWE`*DgHdW%Q{HQrEm1y
z6-8hOy=~R&<4Gp^sJHZG&y7T4h4CW#FkqEaOJ@8(J1bz;0KmhUs+Wj;JR)X2QCNh=
zT6sYCyruECRk!cH-lrR*pDDdF4`HUMOPn6)GkOlEYl4vWQ#NGwH6oTb3XAMeusN-y
zG6fZIOi5Bh@HB1tyq3b5`;psZ;iF+m?Oke(P;-m3qT3D6z_EXMs|M*_p&8tE@M%_s
z+Su^i-)&77|Hs3eE2ZE#+uz1PI=^DEs}{X7C-d|2*a~plEs9zecRCuHRTs?*BMKR4
zDa+Y%l1T_eW>=^!<Q{d7QD##V!7-LuPclxsXyM@ap<qakQwZT^t5xuX<d|n(AEdI?
zZZofMD!ke)X2Z0|!JGqo9Zffr+Sopql;;coc~awrBG69csbMoDn&aievw4q&xkFj$
zH}mtcSqlB{W-0Pd)Hp`eh*#bI3jH)IHgHPyr3Q%)sXEW&*7lM1ireCj-&R%Au;paA
z?)~n(Hlx+7SV|flm`)vZywIsgufk=j1qb3R+asSjk`J?)t}avzkhX7~Z+m&Zv$K1%
z7UPd?F#`G$kf8fK3iWc(mFwG)g)Fg6e;skR_V(6R5vQLl*UynE=LhL4p@*S(4^>Mp
zp0dM>UU0jShfue;$20@f1ZZc8RD084IiJp>80!3o_v7(!uz-+;Ch%CBVrEIg-@_&^
zHUA>e_Q0QSSGsYa8?rR^hy!S5Ie19!9R>bT1*v`$jo)vJ%o8s6%BXUnY;?AF+x|lz
zbDl!6{z1w=WmyVX2|P%XPr$7vEmYgp$GGCA+3-tip2E8XHR9X~<DWYNqkkM%M004r
zn^S`U#oxC2lZECq8_)^u%||iFRjp?L*Y*>KD+_GV<Jwg>j6=IbC)9iZ+YDUk{LerH
z)4>>S&!(fhi5P#sX<P+?Kg*~=I8L9NZ2yr@X6@h<@EOT4sTCnYAt#mCD@R|(fKCv$
z!@wbbA^ISR*7T|6AswJ0%HBC$8?0_4ZA{iL{sL^UM>$@O-i}`D*Q1B^Ur+8bDsRlZ
z9|~{y*1aC0F^Cz`;T8aZ<stw7_QIrkH08xGDJaC6-e?Ue?iXjOL5{K$c?$>C4D(MV
z8$Ig|&GwT;9&`y{94L_IVYgxb)4B7}Ia;voymCE5B&+ZMdi2*g{U3jgJ`LcvlG9<Q
z{OSUo+XA!X$RHyIyH_?|7l#84$4Z0<z~8IK&L5tGTz^S6bI}stKADei{cJFF{W&up
zd;h;=gcSmQJ9$YHayz-3Psa_l?GN(0b6dvQ;7qM`MaTbNARGY8lsiT2?g6%Fo!qGM
z76Uzf21MF701j8L_#5)K;&n|BK-i^%S_>x7Gh=<IVj`SpbG)a;{@s%GcPrTcIA&if
z?{&n)=uf<4s5@U+{tqp-Sxeqe{Z~C*Hp~05hh~q|S#f5@&++g9P8U1iSm3Tc!Y}n=
zl7^Ow)lFXVwntRi)wA+}XwJhklQKxc0EZoL{uELT1nH6Ff%4vdXEi6HTNPXZUKOJO
z=dd;#MZZ?d7P|n8%tyRvsy}T%1w3%IfI)DcV>ck4P6S0@8*qA!r~U4}yr$CDwzi&E
z<@!+W(Bq)qM^<I|M<sw)Dl4e4F%pfO&IV4mDLAMr$|}tj|BnJ#jA$!P!CQz*A*9A(
zS5BEFDCulKnfy*q3JSDZo%{^kxhw;zzKfxWs%ce+7WJ_YRev_fjj4kz-SDsQo8YGS
z;rt9}q-gey`i}(w7@31a_q(D9D|4J>7I448lq&+17*BQ+nt(3yB=(0Sp!fd9>rKPO
zn_;AX-|NqWeiZG56E6#jF)(%x?t|1I_L)z|{_S1_e*Zo3e;Q#v*8V?2@$eSE7As1Q
z7M31hX6=On-(lMIbz^-XX=%=t%!TYgm@1#@z^Qc;Hrc<xFF$FetVRPzi@jy}Z1@E?
zr@VjH*U2<G{&vO5iXsEV7HLg2(*sZSHzPTm2t>HBC;PT?bF2ewb4e<%tDJuq*`43@
zF*$?4DE~3^|KkJo3=*AL6Dwj~?9=d=8PRI$^ZpCX;#7Hbgc?=mQk;C&w5w3j-zF@J
z|M7P3`!dj#VJd-+zpY6h{4ZK+s+Lky=?_W@QxvfH!i$>4|Fvh-{_e5R7-U83GV6{e
zQ2W_;8`<Qmj&mDO=*-aSdilq|b;zK;h8&Ii8P@-MSY)%p@PPTk!9XDm{V8GxbZamh
z{%;f0|Ge#46kzoYHXcj*<HLLr((nqzAUf~s)WhY!ea(CKa$-5{?VbrUfNa-#0Z7c6
z=^u_K%vX=!02?OtANb|J^V&}KpH>Hlkm?Z}mK<py{yb5gf8>x^GJp^iIrk4s@_1K8
zyKxu>m41V8c)gmhY#Q_{O#fIRz#J-2`d>(?@r?=j&a=4-^`0mIQ>qMGIa;0lw%MF#
zxBSS%+5C2n5BgmQ!=ec+nGHVs_gD0c6#d<&V9bGhkD&Rlh7jKafyeqnfk<VgEl3x?
z{G*d}RFNBsc<I{r@?SB7{E(?x=8u8QzyZ9;PkAz={`gy(EaFG@vMkmMpo)5bn9A&9
zab7@`x`BP=y)e~(+UQPKqG~Gs^S@pr!?Cdx#{3YXw=6N72<pV0U25+&*2cc#eF@50
zP_93}Kkf+X9No|CQX<u)$oQM|MD~*=tE6^BcFC&930XCFc4vZ;B!LRqgLdY)W)$HR
z{Y8m~%8;5zan(!$YDa?QI%ZKhH-6NZogC8kZH@_rSW0rgH<1amAXi`KuzhHVKbsN_
z^^CL<0g6LjQl<}oOfO#qC@Q;A2)7FTBg7m+BUzWarerg(o`;`~0a7cs;kIAf)`VjM
zDF%oMYovN}sobDcB@BIvdy~(nmmFU&Ye4Lg>*e6>;8pcD6Ysgz-iy{2_X9@-CexdY
z0InIg{h-!7;Pk0PwtjhI+8Ku#*PdUq<t}}mgtgyob?a^LD+m2deJ^_b?AzIWP0`WK
z<lTKtbSuu2MQ^|$>pWm+`qzp&6MdXKj;jshlq|ZRn<dYq!ahu%C1iGqg%n+V@`5_X
zhv5jgFT8#mnBGovkelBtUGO?XrL7LP<CF$_KH%gEM6)^32pg3C97Q0lJfCDWt-J;~
z^(uy;jT#C~&}K|dA|Wr+(kr(<D5p^MZZipR&!;oY|5s|Lcz9zu^Ovh$6s`;xa0{+%
z5C|lFl6uZqrnzC&mzZ#v<R8}(=^yu>X}oK7XZ8H<NF7oL&@R<gR>qwjdlY_1lpt$<
z29B?#m=oO37WKk}Alkt2kl_4WtzR<hfL8R#e+t@B_IfW0!2w$DR^+R<X*a2y<<S|^
zTOCn2zq+vJ65iXwo9$8hJEoDsDFvl#Tn!CBc4PqBp2R0PWM3P^574w-yM0*YpKG!b
z%E-)k1Yk-;H;2Ba{Hy28;=WlBtz?}J;DsLg*cb21;`fe^q0$?Z9%`LkArU|Wn~&gr
z9aB-A-i5`Ih@eCbV`v7Tc)Cb`?sL9ksJzjT0fYBR^6S!2AlXy~+9c!*zpCCMl_yC&
z04oqAy_<8-PF0-nWGN(n$dK>+nrF1Wtd>gsUD$db9!KEq9kCL?eYVsq4vNk*?kAi~
zg1yhNex-+|w=)@Uh|*Gld6oHqSFPLYiVI)QtC!T^A8ldVsDI5EVX>^<&~*6-+C0mb
z<^gwD!z{o<0qTRMr67C-r~+J)fqW78>o-x<Kl}4`>``MM%ntcGa+sQa&T-;eqEPw;
z#(i%NmsKmGP(?&|eu|}<Crb|-yM(yIpb;LL-5>3w0-G1=&$$x=NBM<@((B={Ws!*6
zkjDlO%+q+{^$dK`%4oJV+QMTt+KR)l|BlaS`w&t@N09!4%yG#zaCln|`sFhLjsVZv
zSx*!yVjZLyVx?5G+ySBlS6#mqJ0?OvfE5!3f&S-*Ux@_8^b-MH^Di8{t5?wKGS!*u
zW(IK8hwlY^sR~fNusmjNsnZ<guS&Q>hx`Z#<m>dMjt7_hIbotYeO5ZQP&)Zb=C9$9
z@?nD)KB+002H*)q(|QxMkFp(Md-f;_3@|duw+wG4s6VN4Z;xgk-%^eltj3Nvc%G1<
z%?tT!Eoo03J9Ao=;TreFRi`AdprF9{`%+N+?~kt_c6sRKA<2r`w+k+ji(4s=2Hve&
zxiQjg$iTIjEn#JR3~@4E7^yubb(x{{D_nD0)m}j`4uhGP(e^9OFw#nc$Cokqmptnb
zo`BZDH{+vD*-gK!P!I2#0-4mr`#3j+EgJ~|hD}#IL}*5eryW*f3+|U$?ooziW(Ut1
zk+%w{e_qk=KjmV==JbpvkY8U}!L(0E6@77vEebc1(b$3vE+emsp<pz7)2(!#;l%5*
ziKKD!ZWNtTyu+%*%K$FcNItKkGk2zE3Mt{XOhWV*N1Isk%U&7%W|Rb%rVO&`ktr)>
zDGhEh=my5^w|kR&Ig5L@X&s{G?l?xi%9C^A8l6gI9g)qePP=>7bth&iBbldcSgco^
zWQpA@7GtX5B+3pVT%{;ln1-tQmtSZk<n-uF=ym?QuMl=PL7S%tD`>uxFh(znSqgCl
zOvBZy7Xv<iFDcb%(LWr9Q#h6j?+DWP<-)e$k>=6pr?m4exM%d6xr7n@m2|wPQqvKQ
zD+*aKu{}ShEL6SU6qt$|YKf58BgXZUtD`IHbxyOW=x3}mQczdILG1M&rBP^Rny_%*
z9TNv;f^$<C-1%1mf$$)d%J?N2FRS)@8<;~lbEK?>S}o08`u`n&;BLp*fL0><DPfvn
ztdZ=N(~|PUq3Vbl0(GA`JLYx25d)tPL|TB!JHWHrvcuxvGup1w)*sgCPAglBP&is*
zpE=8lo0!HT1HHvjVU(-59JWl}$RW_<suNM38uk)yRWSZ)U|Rs8tUQ_7OEg)W4)+>x
zl%2TBOFOY?K&y=3If+hu-+$3%2vhWIDmtHj3~mK}8Xm@8Q`e<1>EAQe-*=x<^dRVF
zOCN>_&XrLIF9|jUok9Y(W-<%1>R4WSy;g_!O^FcuG7?un`Eh+-Ue_DmR86~4-b|(T
zD47xs;Rw*nLLt!W7_VNxo>!HlDIB%O+T@j!HLNx>{6}%_a_!odLX2!ZN`&n!+EVAX
zFe!*xWo_IKun?3L4;UXEDa<_FKj$hRENs)g4c3Yf%;6JGS1RAJ33Oiu@I*w4UM2#p
zV`#dgvX=?D%(?yZ+UR(e!4Wf}Fs4RZZEH>b^T2S@Ir^l+c=FhPSO71F)r-hEvGkS)
z-C^!&e@p@avY_J}x%BX=gTW@|6L6JtvHuVYzLPAiXH<hx^`+-~X+&xG6dTc>zk;rq
zUmnN50a}*+5qpM3v(S8%VVtJT>c~aeVCpA7H>wz!?UuC(9rJEqoSc=ct#4||&y~NP
zd>K8}WLt7u-C(4!C)>Z`yaf_?ki0gjP;XQOf?24j@Qti`Ek)&tKp3eUa0lMu`!!va
zL_^%Fxf7S;fRNV#@(V8n2~cWjQk~BC?reHUD}gqwvHZqhF=l4n$$V9~XW<Gf{uoVB
zuuK-M?>Cqyk@s}ISTIUo^TwsaNS9pK&T&LoR&39vKB8JOatc22`!YL*5U5YiQFwOT
zZ2>D$CMN>-lom|Z*SvCQM{fQl2<h`SR!cEg>@p(xQ}VC-0X?G%ZhYHs=t#ZP#h_YS
zY@gcWQIpiIJaak_hn{>DD+~@#@A`1{y<rA$o6KnG7?^rZmzF1<{0M%77M>o_Y{j6d
zQE3}j{eiIFwotSP<-5TZ%$>$t7;E`6tj2%e-p89=fdTgch8xBlc176tJ<MpXCc$LS
z=pwbZtgncH>r}2gYemqQR=|Dlbe7L$7x%aFGx>)p-<aje=*N}s2(0{;-z&fM#y$;w
zRQggj(kX29IY-(^C{E^bSI;OLHnaT0r*R+LZqhmT+o@_eBYI9M*uL_<HSbrj<_?<y
zwj3@xE~bkkGvMS5H?9{<&v*_3JGyr`T28)YCza=n_vuiACvFmK31&|g$CMBC{MmrV
zY=!H}(f++nCE!4ivZ#HBt}kP-RhtA!!$}t$<XL-^W)=p5GzP_F)XhK9IcvwE357d$
z8Ys)_HZzM9X5P~@&AVwHxO4QKX?cg_yV7QE;tPay7eL&SOgw*zYlXJ{1oiK%e-Z19
z&}j$dR|Yz+egomAYW3zr@`sh(foHA+1qye@ia3LHd%MZHpKWtns)$2#?XxR0hUQ@|
z^$kdyDj|kK8u6e1jIJnfg;aJhqQ-ZQ&oj*wzdA93<F@1UI*k?E(JSM3DL8K69K+II
zD$C1*%of%Z^4d#E+K(4Rq|R;$X~5#lvY-PKv4+HSM`mJr)l8GN3H{d(oHbNN+nK+N
zTtV?#Pz|Ws7Crn;JNY?6J4&VT`HgR)={xKdT;B;8I@px=rf2cH|L1xrU*mRIz&MS~
zV0SR7@#JPh#;=Q6F{eIKzPa+``bDmXNvLIA_z~aHn<p8<cUBMx<<WiLu3|Sv*Fa?F
z8m@)@<3(TONYh0}z;Tx`N;LIJSlCsrJ>>z5t_=T84>2VN|F==}wc6Y?>#9+c?W1D~
zC~8#3)LbD0xWu?@Fi^LE6%qwkkcoOFNBFor-4IA%@DV^r6r;z}l||1WuoPcNtu$(@
zJ`PSHy(ST*k%(05w|c#A3DW`#9mxHf0Q;R#RR7Ko{%PMQgc1{K6ca}TcbH3DQ3@Db
zA?a=RoSvwMQCMLOPs>Y!!Nck9Z($!$t!<e_@db25T1F_rWW7zIp`>%~hDM2{*^Fjr
zD%HBD9ePIZfviYhQY0cBvZjXe>uWQRH$}JF8-$V)dwx#b4lGG~kcHm5GdUa4Zyd`9
z>M!u-c$W7c={z{G(5Co_3g1Q8lEEm#d=Cnud0c5;2yO7cqS~Ie1JU@MGZwX53k(Sy
zJ6y+y0M^CaWvEB@c{AUnt|-;_r=qTCe7J06Fzl~dVN0fc#Po_`Tp2&s$`=l+!j$cv
zG$Q*3PMmRWF(;!w=0bKLQEC`tm|<?D5Fj`XV&C0z`5Np{X{ZcV7qRvi$sZPonU&r;
zn!B>Yb(LkJdfFNH<jxFX4{7&%A`H`l?>)6|bwFm!<jQs2_jzsCAKwvwDt|F=Km)cU
zY)QZBP46Y~Y10~|n+=IvOMjB^W{Y_d$&I_7&2eG2hTWJH7~hkA;)|S<(AN2tlagUA
zo%#$B*Gq)<%$Ye0`Eb%rIOJr{XVHU<Hn=(=mD^BV4CD$?pROjU(O_|1HWU+Pg#Hf4
z^;<KTbl8|4+RjO|j&AE|)ya=fQQwtiOc^$RLVH^9$`eL=RHWY7xho&$i4_a2YOvVA
z)3mg~G+Y?j-5U7sBpnYh)|)x7zFL!znuNjJH{T1dj|N-TCsXqE=pHi#7#wrVcSODq
zFbP~paz#B@1L<arZtA3a_a%PsZA#ZLdF2!a;Sg9${M$X|mezj^VLHj%o~r}-fTo^a
zEhLvrNeN`OiMn>mAgV{oq5y@`R#KOxn~=r34HuBMY#P4p85P16Fe-n1g@HlOfMu77
zV?^IN_Dj?A&K{-~#tE)sF?^3v0}lbg@09Xa@zUFwH!vh;spn3Lj`BX?bL>3MJ`v?s
z19*!`DnVkky~eG_^tGQiW(|t<W&FcTpE!oZql-FKVZ1$^om@<=l;p9rnEUx4r_3)1
zyMjg`b~ta9FRT_f*ZU)wcDW))LBIt@>(u1wz?XN_1PUx^VEG1GTfCDs3&%M7o{$v5
zX|otrpQkq;@5Y1$bK2Vr+U|P-?i41XCDFnv;I8}hjgkbNVJpPSp@!+&GX^mC2;Y%A
z>S0n`(oJ~i`e<29GmtwT8n{hqo;EGy2;_Z+nF`obr<2-wsko;-C`-CQ_Bh#}!x6zI
zAb-d2xZlu_i-j<1<TA;7X!@0s9Zi{6)PawJ#i1svFjGir8{%>XUv}gTD_MDQbYJlu
zm44mkPIIl&^d|De$heLJF})BLHOjABNOzjkf3M#{|8vd{wsP4dFh6pPM8v0kf57Ga
zo@_pu`>K8dY$f&j%f4u3w>G!}2;WiisFGBrF{xwX)7q6Vs|?NUEyiVqNSocyv8_Lt
zfLTE(>5G81j$R;7pc%wEum#J2w89F5%N_w+Gi!TrIB9$EkhA=Y9L~20?Za(x81X6%
z!V;3GRw^6(B`J`Lz`}&XP~1FZz*>llhlS`ClIS9>q%9HXy1<aZV4xBfamv16zr)NT
z_N~6YjznaCZQv7!>ZnSQd-eIOKkGpKQ^i~L!~&B}1|hQN5gT|50x+U{UcdIkuDM^$
z7ORDl?<osjUQl}pHQM(#aZdRx!M=;}{$Sc1vU6nAMx%uU|N74VME#1h6)m{It5mD#
zwW6e!iTc3*<LWJ=;@Z}2(I9~U!QCaeJ0ZBcy9WsF?h@P~xVw7=cP$9+P&k3$4#Dls
zweC6h?)@6A@q-`5tU1Q`q<_8lQQ!UCp{R6LALptxB&a-+nf#cz^rP2AkOOLZ0v}Z3
z(=hX{6c4}5*LYXPV_?vE+1^b^{q%V1-S})?oJFtm0yu|GKcb_8-DoC$_zuc(>ZChY
z`I90gT*ZgXy5UUJPwF|d0z@O3Mt>h}VJ~W5UlHGJz}6dXZm_&lhwtsStA2|&jjWZH
z(U-*lHu_2MyZtk#N8aE;x5Q*ca9mA6p^ly&5OP<n@TuKR^c}MY<3vuY_1<n6hk|v@
zDja58%=>o0J0d1!isV44D}+z(J}Bt=Awr<j)2F`qrq~PpnA}}4%<Fp;F-Qrdl#!P^
zF;xKUqeH%aq{(NPcUe%+`9c$KLD6a3Ky^Tdgr2`?m8-l*&4UTE!EuHnLu|j|f|+H%
z(%Pn^N+GJ`oREC*E<e}5DBB6q{2&rl=;e-*RT?@6&Jjac=-uY=0_*sBx}jYmJ*71J
z4@$CSv7bSM&_+X=hX`mGIC%$eUE*&JLuwDo=Z`kg{w{G@u46Z5SKgIk>Y*~uv<!#X
zr0VIe3z(uYPy_DQ9ZNT-YM123BHP<8e${M-V!jdYN0>06<f};|9pUy%F^061z8TCV
zA-aljt1Ec|Yess(x7XL4Bu)MxGAjo5WO>*8!>nn(L+sOcNne>Q<(h${{kp>u#39*7
z?RaE1GuaB3iWL)l`4gTdrDd)0wAy*;VpeKQ4PMuU;p3ge@1w}7w@?TamCn-hm%54O
z>KDr7;C5B3K{m<4Q9NcIRobMNzV-xHV*#0!gpfblm-9*d>da23s;EVnN*E!XagpK^
z@sF=$<l>1jFQaU@l{BPY0>?vavZ{$8<in}|<hNgf9~?=HPoyUi)K95o4wX;JC;!^*
z*GY<*NC9iko64bh@_FYDjTmHVS8Kd&YKn$_3Hx3j$;|8JmG^~DHl-?P&FeaA@b@Oi
zaKh9AGL`R`g}2}K_RiMV^Mu2PpGKcZghEW2E&hz|W>Y<6aoF2$w#H09iO}klV(25a
z>lwVvTI0UYDO6rs2Qqg&lv(wp{~QN1$r@@<R!3Q(tiqI^)hX#sdzsRw-`k0N20JGQ
zQ+&!@ikN>Uw8#wZ%p~|sObU%198mdu;2WHx;$nK67~XnkW)MmkIzRI9@kO_=biHIO
z9_x8i2@$2IRDmu##Xey;ZhI4*2~LE2hV#?z9j4k{D%$k?Nj_$0KTppT>OX`3Jz4XX
z{4m?`O{Zc1dv$sl`)r+x3R^4Y^Sce^-?S=ZC{4a?b!HSYF*&$G-%IMmbJxt3b?g_f
zk~{zRl}7CkaV;=Yx=16ks`NDw3M0Rm<02R)(q^MdLzF{B6N9sE38AWIjFiCPN8M4Q
zA22W}Eu}wPQgZI2w=;f<>_zt1ARl0tv2=8ag++T)FbNs`NbjqC*7L3#3Jo@JFj2O-
zyh~(3?!!9_4$2H^)`XCPCuz0X_VPrX^38G6<!T{=dKGlBkL5Tf{P@km0f(x#RDrLL
zqB8G(3>MHw($iGB;TeUABaYx=z}pH1m}cW+@KZ9XYan5Bs*hffyeg{3Mi$F+2+R!K
zqo&;WiD;RByqFL)-9(c!kyt={s)Y)~_U;cs9UBa?rn~XC*UvnX8=54)luRry&h;hl
z6X}ok8!sNxD_Uh=*wu5kQC8}y+QbalE)wj-w7}q3|2o5zMW?UM<4`*KjreozXOwRC
z^1*KcI$~ht6xp?MfdZ{9M_=Xl66_K8v)F`}C0`;;W21=Mn|2&dVD|dXmo@1-?unnY
z6M@F=8!2q-qGNZ#%6XeItz=|QMaSdqubu3vsilUf_%y<OPdx<yQ98;UqXl6S6w$aR
z!fz@n{?*>POKA}5i(l0&)af|0T=im&dPwH#LN_n=hvKR0ZAh<+V+Ah4fLU4U?N|rK
zh<paI4#}3^rzHK#ZHxaBec65RE{4e??KX_-QF;xEyyj+jNa!Vi6i{y*3lKOoAKL!(
zjTNc4vJXirA4%F=@VsyhekFu-!-<LoCEs$LPZK^M;Vmn3s=UG0;CR#-iLz}X$_R**
zy7-DqNf?hE=>XR?W9d8ZtE^1C;$PH03cj1So`w#lVU`@+VI9w!Ck26K99_rXxAaSF
z9qoNb5eOTYTcuIB=WhWe$Gx((&!mjLP`Vqo0G;!|I=lIelJ)J6lpdF&pFY=!7tAVf
z#6Iz&!7VET8#8oPLS=yg^7Cr^AG=VM>M$xMQ4KceqgCcKf0tw;&t(T>5!9x4eq}JM
zT4G#yR<O6U{@x0)BwFr(Nqc>OY0GvglD%0{sWKiDe~OKb?7z$E>CM=IzuXM%*-~pp
ztX#5+K@kuP>*^|+?Lm5m?=O;e^8NhPH}iPvlF0Rr+JCu&nAj&)w$tIqn=sM+kMn}S
zj&R)ekJ%AJH9~`_DGe7-<lPPL9t@BQzLG1cmuq6ye7WJOdI`H;if*3L)D%9^Z^MlT
z!@Jq9BjNmt&Sb%_w$R}hGE05Qee@HWBoYctKd?-uH$q0%>x8$kz%}zjMnX_ULHjdy
zZoT-J{^KESmxgk%FThgD7ZSiouU?hH{3MN#M}tcGb+cBX)$fI3O`ubyOobu2@<P?*
zHM^%dpy?g%B#BgSO;wZukL3nBa;BT~VBeq4qS_+r$2?CdDFKNb$r{Z4yIO}7aFMb%
z8q}y}W!!7txaMAzj%oXj{{=B*m5=tg#HOIXe6t#+a>+jX=vv7<Ha>Z;r*S1fp+(s9
zi_0e16S3{*KWL>Q%O;1jsHTvX+$+9hAYq*A`M`v5E>0RHPzf!=K(U{(jb!$#*~OGe
zu!lxQVYW+uBJWM(xA&f-!h>1hV7o=e{^)8Yv1Cg5-t#fTNvSoanoC(;`BH>EoF18;
zJUy-bVY0KFgaRa@WkJbM-mJV{Q?XE8)e~>u(8}wOe&8RSXpbSRzFp6x-s?Cg<i)q}
zr2Zahfhha<z&iTqW1?2*O%!gTxcYbHg}zw7ZQ=JA0Ax#_p^Xwy^d;nbV@1D8Bysx#
zh5vZk9|Scc0g*uk@ja#4=qm><L$n2XN(|{oRz=ifr3G|0Y9~?lC{)zSD)~woh>~lX
z)NJ&npY&+?5k9@oK`nDhx4P+0f-42D_-uq%y~2qUHHPkq!>c5A97w#yPyK<_@cpIC
zS$C3M(UZ_(N>5h5L~PTyO8FFsaYuQ!D&`2qE&76mJmpjb6#`kJETy~jTKze4Ql(-E
z1AknR#G{k2Xnf>S1L?<goXkMsZX5tdClm`jMn&aOZj-tjh#a8>4H(6*3vR>P1@**o
zae~^7f8U{@xxdJNJ&64W4Av@XXkH<zs%haJoSgC5&|I#4NP679YD@CO!U-z-@q3gS
z9LRQ!rJ<lZ3y&PVvqQ(A+yI5@S)2{m=<`0uJ6>`}Q{944>6-dh#9xc&FEKcn1z)L4
zPh%+92MSVuPJe~%H~{W>>xBqTV40Y%5s@Uz2%r-#iIN;}WuIB7DGv6{RZ-eM4_lb$
zU-w2HOuv{~o_HQm?z-OXVShZ*#yq|=6nPDbIZp>Q8XsbvXt$u5S~v)whPCf!$?Yqe
z$k&xZyq=+I4PFUdhHli8VY;Nod%Mq<K3z<55xrVfi8c#-M39VDd{G82w;iitY2%eB
z$PKTY_rJV(dR08cHL|2m@!TIW`*@}<w_MzLb#8@4tBn^-%_utY=$j`e;8cCG^88+K
zb5whRuB@30$>e!$!fG<BZN@)LUN@-SVKzy4NcDb)Ri0>C7u2_u)fik<^ogRMbSDYl
zsBeZ2_Y8jh`{tJWht?a?%$`*_a@BMFo(KWH#X|4((sWjbhM&fKrmhxPm$wpAzkQ_?
z^<<?ZhFb+EoDSFWv|H|e2C>W~7Z79lSkE89JU9ArakIRAMB;giT3uqMyV>#}k%%4`
zsG=mw$z~mQz~@}cY3lo{$ku(X$4y1!Zdfz=0=p``5(4Y{dia%S?S;#*cHskwgdEw{
zt;R<pJ|o_f-sD^^ItJaE1#6Jsss1i+fixS5BbSg9GQms<RJL>5R@0-yr)L$sPT6FU
zmOg&rkI!z~`J&|)cRYF?k|G{T&oBGv&t8864%i(rzWkjho*n<yDModiA6M76KF2q*
zHq^OSBNWp4fV5o&PP$yW4A$;B7kX|r<1NgUG&w$6_N>`hje?F3vF)hk*SF=XXa?X?
zHK&^I(H&k}c;yhD8Qh*zPUijj<g7B+jDd+2G2XJ}Syd4-DY9M#k4l+x@d6uG`-nL%
z91Vhi1D+chZDnvjuKCUHZ1D*1{tV&E?}^L<<;n$mY;JRgZfZj|2Zk}?$mhG!DC<7>
za8-Ll1WFWaXEAgpQdHp|5y+d0$}5d?W01rOLn+bML)dB&-{cg<>nCGi2Ae_MF;-$)
z`tp_Z;VhNbKKeJXQrH4c;NyFC#S~O*(wMP<&GI;73K{V<b4p$a^I28}^UTW87!{P5
zhn4<XB+_veeXw-?^i3MUTqxv6F@;RuAcV^|!$O{n>lJO^dUDyCSmS3HWq741+d>+p
zV|hQtq2#PIl_JE!<;KieUwJ|F&Rty*Uyg`{QtBw{KIe!P!${rdM<aVEk_;8Kn%PgK
ziefg(Tu%WWBk6v0y+pCfRUr)f!AUGoQDr$~sxxks^tP&91?-M)wCX1_g|3##sfzXs
z4chhns9Put^|OZwdz+r~zff}Ht8Oqyf~%$}LtY)+ORSB^zV;KHe~s1(qex1@nZF2+
zf%bc$yPsXd9chI3*;tHC^dXXbJGcx~?l=#qfjM0Qk8zp7>#LeycW~8I)>`;W>(+{F
zt?^0$uTry}Bs%IZh$=sR<4wO}yFOU5Tk}{W^LPl3@ymrRU9Sq(Ffc4}+tvySL5<X9
z@D<=9VlzkOdb98T1-;N}mB3x??RcX&nnq@oTMNV(zkOzeUEf@^3-N2-rcw89L+Li?
zL8BCGHEwj}Lp`9Zq2W<GJ@Isu)EXLqzpFRz`)tYSe!zC32G+<4-f5^+GCU`7NE3@M
zP*b^Sf`fGW5}>@c;v;8z^t1Nt%5YmJEeUOpd@>8ZOEOeowV4p~Orgzzy=!btbL)26
zB@#UAxA52se%+a=z|Ff0yteQkw)nI$uqWor4DbJX#$anGNNn^He-7W9Cw2Gru^jdC
z^isKMQ`vnCJM<BNRl7UvI;LVMQQ<u*BhB~}gJFMFdYL*stmWNXu8DHm$;HE!p5CfJ
z{GOZN_-yq!;IDaJfrjO(Z+TbeIq^^Pbgia{e0C3ZUAJO9%8=TXkD#qO(ZF+Bk!Eme
zM09K)snlJ*Vi9+wY2p&$N;ycsN0%RA(?K_gtAmA~2iIwC%^@Og{!;I`hJCo=5K>@}
zF3`+3G(L-7*qDY<!ccHbwm#&nJDcmU_;r`4+v43^>Py7v!r?1n`d<~BdAl`Dl}o3M
zqpQ+*_7*O`aQNlGc)p(R-V<N){dl}N>rdyKTW`?$7OEg9AhALd;LEcbZ{W;(2A@An
zsp>9L8e-mXLNm8j=r5HdFUJ4j_PjjDq}6W>`T6Q>Fq#w}uKc6?h?Dz^*Vmv*3JfCk
zp9yFRENr|#^~84Zzb$6wVJ>}bVw@C!S=G{-7x`3Lqv(sWbzZd}+jnNifO#swbgg*B
zJ&wPL*+V+*rM-M>lTc_##Y}vJGZduI(_bcUw$|;BAhuZ-OQrV~*rKGv?}Zg*?~pPS
zqv3<CI*fxEnM1)WdIB-o#GlV7JMxmvjYba6llvcp0Vom_@uI^bQDbAw2E=DWE7Op?
zF@nCIlO7;ISISF=T#yG{D#RUNGrM+3Gz}1XW517lzb6A7+ILb>N~Y5nnkSBgfYtu6
z9gUho^31c|c_|W)*!Ra;(f*zCX&;2y^;}{$xOP?gAi;5~f`3nL0rglUG34fTL72Dr
zmSjD4hKYc*QpSE}7iVXo+>WN8s8Ul~$^Ini#Doaf{?P>{u=clSdsZ|jt{1%zo>o|7
zR>&F|Wu#arN+b%sJM&=*XZ5E@`o)ZI^H>7E`yOYTP}$50mzfg@2Y*=OrixIZ$b81Y
zbLEii{|+0u0++&CbQKZ8e=M#qe?v9Gi6N&BjZYu`Sr7-Wl~m2(9Gwq?atOo8B;cpw
z5XMug8x^@2#WWUkCH=U1Mzuw2_uDd!wMln1jMJaiZ$>|=O>(3iGbr54Gbz4HU=yV9
z($AD_7qolsz-jp2W<VEH0myQ`RuF;TqJj=681`*nJTlCaIvyp5$Oh@vpX-2B9|^~V
zh9UedRHJ=HrJ$tpO2NkpwJ^tt62frG)7i_A=KDo^*^%gIcz~>T0m)*E=YY6VwG2Vh
zzf|o$SLlUdahx<f>n%r%TU;o&8BXf0g_w^=8TpA(!Qd8#zDplh==>Q&Piq32$E>xD
zZ#*FMr_6knm)BoBLFAh(x52JnJ#B$I%<RWgi(OZ~bzH7<2rf`?2>&n<Joxg9RLEW@
zj0IP*w-H;YU|X&Uw4b#A`3qK;&{1!a^oz-9pc{c}&`kn@#K52LzNOIZ$hkot?H~IN
z&SD);F;I)%>BYg(6MhD<&1iE3Fy8u=`DofNR|t8>rWedxJxUL~`lN20^PmuW$H{{1
z4B!-iqRV#@3gu)af~6EyqDN`3K<6np!k-{gVN4L*N6JHY<1l|E=F4e}KJ?c%QJbZy
zaU%TOS!(j&hW_E3Hjllo645jU3Q8QUZf9~~Hvxy<zWd!c=tY~`^t0yKHaXGPqv_j-
z_~?OT7FYXx|A$TPgtb*CeSyGhXn3P9(e%j-h{*gJEU<^2yqL^yx2dP?M<3gLh=Vu$
zu;rTHA`8KC3|VOm=COm{4G391UX1TktIX%AjT}};1a2rR5RFrg9B6ljlaYJ$R*^Ar
z0nT+(o|Zp;mYi&AE$jw|{|1gkMg4Rg=_C<fpoUPk)-QEaZtH43UJw1A=N3^kFYl-R
z1%<Lq<H!A}PZy-KD05mbsJm5yJ@~723fK}Ok{u5xJBk-{TG%=8)OVc5zGyQN>su&w
z+c}fLP6uU7mdh2Sy4}Mt=E{3Hi=-dLUt0L+&VCQw`4MtxzEvkI$TOyuz3|>Gds`a?
z)q<I_K4SCLK3s37&^L<>Is5Ho{$e}OtF7Ell-Kah)J<yL7$;iS!8Zc7j`Ct^hRq$r
zD8Jfq30+6dbX}WCfUAf5ZTx`c&8sjG-+fo1FEQtD7f$<i9dfSEVHP#(b>-e2oXiC=
z>jJA<bY>nWTm<?IJ3A)Wv!QqJn_ZD#VpsE*hUbjW6F5teBFkzWQq>n-Hl$J#<w(3a
zXG&_SER4_NnzTD_?p@#&&fc#L_TJXz-~Gz4oB`#rho@(H#Kev^(4ZI})qAj6ZtrV<
zvHP%B%@?A&Yb5&Z-qh7@JJ@V9S0&k%Z;53vu5ORPhIUo{8Lruf*J-2iBw|YY&<zP5
z0hGjcP<_Zu?p|HNQ_LJByhqVH=Shk35dmwci(Evk33&v*yF5{P>&}|uupeHzQav#j
zZ3Z1bW<eB}BBr6Jdp?13+q{RshRTZ(XHP)_(ZKx2bN*Gowmyqn(Iy(gg2taJZ_$v!
zuuRX<M4B;aYdq?qBJ#fcL^6IinZocg^n+1_^-h`$F^VXfCUp-RYe8Q!v!`-pauL^2
z_R;_40t|-RFMf}-CZIQx=Krx}taB6`P9PNa4Gn=X(NO)2b>=<sf?y1TxN2w!Qi^z(
zy)@8HvF^#4NXJfz@rcHR4yKEqh%E@@JT9vn&937c41;V_aZBr>3);hsDh5d}l~cq=
zq$qjpq@Nv$@Z<)Q=xK7TKRu*iFw>=sTuKnlH&>Yb@FcIbjnAA<S5YUpe7~6vox&`2
z7^kGcSYb_*I^d(;5^`jLIgwNca1MIm&{-d<vkFaUpmg7g&#03)xE7y)!Lv9hsl;?a
z-(=r0!3~3NtQ1vD{;%4{tbQ?;_CbYW{GyHFL<dE3dUoid_64cny>q%OnroUH$+>0$
zEDXwvTMb|CLQDeA0Hfu<myEg?Pu)i0DGgGEYI&gYM{5Cj0tm*O)*&~0N4E|%%n+06
z8VTDJ^!xQ0&=SqP+a?M)?`1G_^Xp<dvn&x>yTNj^dFs!C`Em^lvjKP4yRgxH-`Y@C
zm%rf$Lgsxg)-a2Cglv?dp4Nh2=rOtkb0bBFD~ra+0&Mk<;zNx{rP%VEA=eZ1yX}IX
zEOr)~kRbJgs0}@{c4x}Jdt-k_(4fv(%oDX@-}e6y(35YjdE?WVuDHYNTn-EOaJ2#o
zN5_NV3GM4Ss_{Gs(!SDL7%IFX^p3A1jKlHF*WC~<gfcp@mETD^gvzBRZmrnN)>n^z
z2u&IHf92NP`yL6GoCOdq$FA$8nZCScjgA~{-ugxFa)dJw2Dn;b`rg5r*DlAir`(Uj
zg<3v3_kFhg{PieMDK%50ot*|WS0Aw(kweU5mj?N5{zvN6XsD2h24nq;lbW0Uc`2=7
zB{UG0t!Am)Kyrj7ei!~LOv43igd}_x92<2;uxhDiqPs`@c=wDd8s@glR;y;TU*??#
zhSjuo(z;eJ&NDXIcB4tL_~b_<lTb<8vx@xko;5tuV_Xy)Zo5+2jysT}liREgd5#Kt
ziaq8ewa>O|0%%<{o0bS@UDR|j5Z0nC;s*jo?xKiQ4?kaVw2y_cpDR;IOTg?e>=8c}
z-bs^a&XsI1jWW3OXVpC9nyenKCoW2zbm}j=M-XEm9;e9<<@KDXph#d{U5Enza{A}o
zyFbn&cCHHB#sF@ysX7FKf1%mVV%euHridgrJ>DgB=(3re9KN*<dSlMkluiZib>9^p
zetH?&SzHK6xpDfvXF9rxo?|qext^xnTT}nDG-=vc0H5Y)>1C6CsV0L5F5vkm;b}Xv
z6gcgO79LUXKnP0VuPoQVkJo(`q2EsmdBIWSr7N*3w8a=2U*^I*luf#Ch-<tFWvoBx
zd)O>GM4pKWaq*txHP8>G626KM?~);ol*e!QNzetKen9AshO(>Lo>(+U8DJa?xz#TN
zO)5}o1c+@`Rg7Z~uH&c~#FJrRgX5UobBuFBA)p(Q<VPgvQuMF#P`Ryg%r)vSK5AA)
z)QNEF(aHv*xZ3iRV$wmZaUTs_eps@OM_a?wvr8vV$Lcw=2SyXhyn}0_;q4!&(J!vx
zFW3%?`UvzQ#I7Lh8X>EkwF!b0?rPi-A~hOBgTI8&F;7K9-+z}1E)ax0TuP)K5hZHN
zyShk{f?Q=p5~JveFn|WA@2#9f6%&CV*OQX_`PA$kB}ut|v3H1gymw;STd5CQa|WLK
z^zfL<bzx#iF?uA?03I4;lD1^B;02G8x+3SVv=CUCF9W!GrhYQ~<&NxsLk-a1^=KJc
zM=&^9_$W{{f4AdY@EA-V{6Qc_!=*2uGQuXzsBIA^Gcb5LHh1SbENL=Tf9h*h9K_(Y
zt!?g0r;#ywDJB|=YG#XMFvpgPZt!QuEcbs#1I2j|UiYU2(#8v|;Ka=Se%%0Eu;OC8
zA;8*7u(TjTWUTbzXCr8WIB&AN*e0mfi6o^`FS0xys=4|#;0b0lAy~wn4+BTh<gg{6
zPti1<oY+W1I?LO^L%o)Cu8Qr5=Qt$w993EH`fjwYy8!JoY7h)-y@3Yf%ic#spA_M;
z_E1*uMM+k)CyJi#d*3HIvpMsH6P1YgcyJ&n8i-7QlDmW1-teZ~!T4mYF2%RUK!{Xp
zGEa1Qv~K$eIa;|;-Yh1s1Do0FS|I$m7>X&`lZQW}$9j_1m6-EAVd|st%d6hOW+}#F
zOlH-5z)?aot=gdmm}}wne5t_cnE8Omyn9yh7IQ(w!(P8XT_-DfO6<$QDz`g2F!Sl{
zZPoy}4&!4nt3vzfrAY0^KhM<f!bjfldR)<#qS!^Z9mkufw|L{Rd$p-DkEF)Rz0}+8
z3(0o7`ph-x(2eW+C?nw2Y?~i>4>-9B9pFg1)s)%R;+KZ%DfU)*;uGB)!!%c?hw*G2
z1&%Hp(`C7Tq_2w`7!dM{Wx<UBx4-bzIQtT;MElgza?;C|^q9@w9(QY6^jPI6l|%4X
zD&TM&_$pfERL@tt-ML>sUwv9}CybLwdfL8rQ0!|cN7bAlF3D~$BX;S`5xnIvk9&N#
z>K~Br`+C~jB3XC-<r}?sw+7;z*14Lr?7-v9q|#eAuAIknNvmO@fZGut&dtVAgks$_
zzEN5`N^aC5>Cqn5%9IQD<B0FBzuGk&wv~s2;m}CY+dyhcp7CV+r_cVDxCe_)i)rw&
z8!bM^?6!IWYM@{?0m5Lyt(r~JWa|JI|7^Ca3>%rnyuqc)^|WN?b{?ik*@aEzH4)9a
zYn)EMF)F&e>mhg;YC4yAF5vnKVx!L5B2?5*y4?8m?udV;g45_znq~BP>x}q)psV)d
z`om$Ui*&*_Wcj$6=IUe`c<Az2a-Lw49(j}+j~Vur3dIjcAzgMEGdEX%Fa4-beOKx|
zF8^A6re=9W*|gIR4Aj%Yb~_UaAnGd{ST#MKd201OWQjSS0~CjAK@Bb>VEZx6+V4}E
zr|+>@^ZeGJj&Il1hhA9UQaoR3JPH)1x4U@O*sdDtl&e&1fYIlEoSxPc!?&{vqqp#d
z4wiucX+m}H2RGMO%bzn(=COw{K&xN0^ecmUpV-vB$-NKn`J9mC!Y|eH-uU8=S*y<u
zqTp*icV_cxBzsELPKvI=*3sDyZU5=hW4uR0WX9)5*iPA0(8%RYm<4Op9zdl^&8Zn@
zHi#f@AW#1IFO^N216rMNCMD9CF^_XIdw{u^UymxnS$nRe4QRv?B0m(zLoPRYd&{Df
zkcC>FCA<NW^Nih}bXm>OlL!+U%<%Zg>TwG9!fdC6!8q*F&?IjLn(-&R?1){2^_le}
z<C(=I$lp*>{dN8sA1s3x=$$7{k?Xh@l{)+sQ174bOjyvRc1ypbgx>Bp9f#{Hs#NYK
z+@lCee3CGLqiqE)8S$yZ?Qiv3?N!*zYi1nSK5fU-rX(Q=+ZYIRivE44!oZK%6<&Jk
zZSt}m8R_N6{cHeWk;a|sRcyKetlE)gri?SYIxW;-HphO9-9e$%zH}Ha!p43n%(S3~
zdgd<4@&0gRSGMmPwsXi#8-#%-f>Yb}7f%k0lS3svN?-f?i7T3Gq~;QVLl1StZJaG-
z@aVO#>)T+CGc>gs2kcbiWsiL<uF1^+qW;7RnEERz`jvv#kmK23NNQ;>Ay*65zlU~v
z)H*ln*Y&g%hI8#0rn`rw?~`i~9rB#<mfM)UlRB*z(S_{vzW2nPYaM-MBo?|CNS(rq
zs=LJ}VgK3xUG~%$ILx;{i9ijpgK@E?0OI>qeTnA+46uoR1zWor=(1MeI`2A*R7BOK
zH_8}#oXxBFeraTCChDqd4S(E>Tac^^s5|%k=vl_TXMc|kmb(;QZs2tA<tcJOQ0n)v
z*T&*H;?i1EVmp6tl&Ab_dEQoiBByp2V|(ZK!C<h<)a-OzU7^hC*#*4{j?0jHU#CJ3
zgS#Rj<>7L`xTplONMc%4@bA3ZzKc7X!rdpBl-Tw8*+KsaEU;;khj(w8E%xBh(AT2`
zkHm4WIn6T-?w(kx#kz&?;0sMY67Gi6`H`i^h#YHdJ1NjWQ?%&}YfUZ(;vKXD_2g!l
z4MttZ^Au@1XFhN9tK{9|RAR-=Z1TGEDVP3Oz}nUO$>&!NYNl5dk(N4R$WtAi%kWFD
z-Y7xWp<{mG(cub&@Kafx)C3$8fH=dXv;D-}bNCX5o^wol+)<VmUnotyRK;dqD*(HB
z6-Htjcu-#E2+a5?nWut%JT6r_tVg{)w=YmXd%2?S+1_KfWgFDHyg-9DzTDu4Ukn!<
z%oP$n#^r`<ZF;W$=}cOy^!yNX%(b7Ti@Zwf<of!!L-yL@N7W5^K&>@;BsBHm@<vhP
z%BxQxE2-u^j;9B;+OjRkg+dViAE!Uj36@fa23qt)+oDIh<{u`B51DY@nQOxk?zc+i
zgGAHdjZ>Xl%YsJHe`ONKl4O4Wm*}sWtD#&ejcxfcJ?9U99FA_)vjF2W2{ehJ5a#{X
zP=riP+8j-3vAkq2zX=WQExae4lUi<0;G#BopVyR+;hWgG%60N1zyIHN4N^VvA@{KI
zMlSDsdJJM;_<BO#t_12^8itGg9SS77a6IeY#CIPLKYhv9Psu!(_KCUjdJQ@Il{AIz
zCzuhR(7THF>W>_g)k2(NGcT0}mz)0g;cgUR)v1fXcw@+vR=1F|)ywU=CxF#%S1{&q
z=G{$JPkicmKu8TkDIHCC+R5i=Qtp7b>#{hL@y;6BKW8P`>KonOaFX&y;rw0(P_Zae
z$7xe0zUMq_4%Y}+H@6b!dnH(0V+YGwDVW!rzPyA_?zP}616;PN0o^Eq{NZ5^>?Mbu
z^EVuexYL1px~i1tZlfOIhm$w3{qFVi<+`gKp#Um*p9kx67Xcnm0AFR-;s?@smtnLw
zjq=sv9Ot0Bp_BktH%A*zt0m0yo1DOIrqTS>>8a^@4U6Y?5583YFKAVF`WhyvRy&v%
z#xSVz+V@PA^W}Aey)uX1>j>Xs3w;TuOQCgL2_jJZhN$Dpbc!~@lNyi&U;oM}M>@XF
zv)q51Ox+*SJLu~8{Bz&NR*ws2K&a%HmdUVoPJQ`6>$0)*Qr4s_vIS^In6&)<;g_rk
zxte|M_Aq69xMf7dzLgB(hUz(AEr=OVG7pFiI+JkaZac(_!eNMAxR(6A2Ry&sLbteC
z;9D<_w#ODqc6N5krQOM6JhlJ#A34Wc(dUy4mv#0=Pq;jF*}*Li@7KB?S#AUFsGiea
zid&tt=3D5j=N-Olo}-H9;h14P-O(9g=b`w+v(2d7yMo_X+gAy_33J}ll<D8UY$;|x
z_>qPw7$kk;KYwvYzV&aw_+(xk?h)yXsN(ylYy#4L#o^m-!s5%&8KVT>(zg>%j>naR
z$RBI+R>II7^jv!um7}Ehz#*$u8E5G5kiXdqF28(S{m|<7o`*S4EyAEZn{zM=mXQsw
z=PP_=_o8wIYD%~P0gl8JdIR>)u<Ib^O|7JPo-bbz@6HT|8-Jf(9349p>DCNIG01Hq
zvK(T+TLcLfyZNF|-O1_TgOXTKE7cjzFg+`8#r3Lhb;TTgpI?SWs<U}Np5GD_RfiK9
zZ93?e#{{gP2^k6A!2_sB?^2Jd%-zYuc2%fpY;Br;Ss99buvb=GktIkK&b^zosAFDY
z?zZbfvtuJ_b;hA5Gg@L*F-SI(L?N2tm@LIP>8U5y4gQRRnjXVXFBSZE0UqnA-T6#O
zp5%gC^Vtyrs71t*ngxL8p11%v#wSDk@*IR<?h3(4e}@w*UQ%vqpN2V9@`cG^H`=03
zt1Py!9)#E|Uh1M47JiT}N~RDXvwnTv|Ln6(hVyhI(q-PBu5o*No8E4VN+N^^{x#Wj
z3HI3EI!VN({K*^O^^~fGB@}kNyy2kvyDD_2{;}*Wfu^TQm9$-Nr(vSnO$v>WI5_ep
zbNjf6d}`tj{Wq%9?wZUv!HZz~$IK{EiB6SfRb;FyMsw^b7ptbFM~U-3hWFsOtNW9!
zM5P^-<>awcdH?>@6ZXJBG(P-y3ijy#NW92mKXf90jS*}{GKiYV`CvL&?qolk9{Yb-
zvq0S;0?RIaf>jX&2$;<4<;ONl0lw_%HnNXiH}!G@9Ij^HW|!@`)7dWEmy(uHa+S9F
zb7oYZ@>-LOV7EbAT|qxq|K*1FB!;fXh-*l#-=E*Fv-wRJ1NZ=Rdx#EyTgy+jfx*r6
z)bqj>@n|ctO_g7Pnxw38MK~5pM7@<dq&rrFrlHEeZx)WZ#p-^z%+xrkjO%)+^Ro3o
zdRP>R9t~CIKJPgX?bM?&LYy&<abpK;kaY`;$C&d;pD()z=&ZBMi64!@fBQz^sxvpd
zTTs0}T6`R^@Fd~8AQrqk4@M3TPEp9i<_M#`V_d#OB_bkrI-6%n7wi<kvFD2&F1V|=
zpJ@eVjm!d)<C@&D5Fx&$2@UQlELB*7Yyr@w<?3UsK`|PmEzJ5B|3_raSA!aJ)0o^Q
zndL!hwwv{KuSho<ZWtQ>f@Fy_EdxSq@cizZ82-!1YjUmDs?X^*z}8z8Ul#XZ62JLj
z?~5M1&=77qu|bF!c>}-_thV$EJ5xhOy%TS&l}PKC)CzN&r&1M&u3WanJJ&j=oU|vl
zIwt!z7<`c<j~6ml{%j`>iTITQ9w!_qr|t3TYgA0P=ce=2hs>AT%ch7bZI{xlCnqNg
zhC=qQDC2k{8rkveY2_7T309sp{zyeGBZYQlmot1Ry&$bdaeUbIwlH+kdG!yNiDE-`
z$!Al!vHJkoE}iFAj0z_$(|1fmEQ@(Sxe9%q)#hSrgP1WJB4*`NqP3wsiqKW(a=sSu
zj6v))P~Koi-`m$mcgf?g)nIHR@KCW=+o!bJ-3xlzG&zdOE0~$KYpfNt*^eEXi=e^d
z^y2mAxmMx+9i3L0UED2KhSKZs)GcG;TU{oqjX!SD%()>*Yv=WUH6(jUoe`ihWK@s#
zcNRbGePZL|hp(mt`yHO#DcyN@+PSRPu}?eVLx$p*hngU5_PPEFg>qg@wMPh%6H*lr
zFLTs*QbATgYESxQ{m;tN?z58eVagJARsln!*G~IajuGUcAnUzg!8}G~^#Xkt&1Y%c
zCtX*YlM<sALosb>GPtIyAYMZMfv&(TNb9#mjPUs4eW3u7p_MM4t!zGr#8)z?9ie(J
z46VY>?x*^UFFY2mQ31DjIEqJ+kOSJ}I!!&5{7S37rGWm1bQWj_gMVT|%s5{jJv`~h
zr+_oa<i%}8eygxL=DtvEIFk@w^<ZAsm5Q9%i@bfnAbH#B90}=EzuxJS_U^U8)uWWu
z@YY6f_{9j}_rzMK@?ALxI_g9;zETh<&L{)|it|s<{cq97H$iB8O837}IpcLx(IYd8
z!A(ukJitr`>GvXBwlB2sdWN)%%w67I|CEQTeNQ!$6+Y#|xXQD~8Kv_+Lw@T=3SJTR
ze%AG_0vAHfVoxhG(~5pMx8$joSH5`B+>NM22?Yd%OR_`dUq$KL1ayD>^S6J7WGOrt
z<bh}N$G9-0x_6C+nt;KOT5YE2o-$iuDk=V@HZMXJp92(?k9|5E{2DL~^!ofoa0+zk
zO&^LE93DyYcGw<zwwHeJ^Dus(<3jgE({Xxp3YpFxNI$|nYSx8gDYX6$Xk^RktJ;$p
zrb0WDO-Qn9`Rpl1!DTHD7`Pnj5dEGj9$>B!Go2vZ`e(9?mMXo~OQU(zroP2OU(7)E
z(EEm<y<=z3;|lBYPr)pWt%I*^b>SA9ygC`|dN*Pk|3ku5lX9YSja^LT4c!S*Y)cf!
zWQo~qDMQRB>yF58J0nH`{R0VP$&6|e<mgDPY?^xw-^Qt}23&EaH4HLjWelS5J6?Y&
zWnuX^yRabM6;f^KHR~o`TG%qn2=YwdN+VX?ejSxex`R7MYW2bg`!et^aT^li5*8(B
zX|d$0>}8mg(3>m`g?e5cKn+d4NM`UzD;o8<;?#!nW4E|bjcF>dJ5-p_H)G?LwI;I5
zKj(VRF!PeC6r}UB)#BPEH(Q)|=n<LajOoVn4G%z(v=aVsoosk7&udt2TNE|!xUO=X
z>#MNM?|(NWfpx8LbgSI8G4E|PZqG~2o7!d{0=qe+q?cB(I(;assh`)H>(phEK|ucv
zYOT#5N<uDKp;66@xJqA4r^n0S+x;i~j(c1jg|o;7pBT&lUpVrSQ5f_R`p&{=s5C|a
z#Ey8O_~(3nhgL7ofrSYe!ZbzITn0(`&GPE=ryjkm?am_e5x10ZnR)K=O_!SeyKEQv
zWhN(MdgbXI-j?`g)@~A^$ljhbw-@Dq#aBY{ZYF%dPQPWwHW^;=k^cXSL{<LDWy+u(
z9f|XwA_7}dOE|8PCNFth1S%)rTnCG91Oeczi_#rq_(va<>J1s_8Qb@pZ!unV?w}$E
z5(Xb3OPV~$-(<6yw=Pr&aUcl6AlZ}3h35@QiN)w}|6{e3L3IqI4O1~K(VIN<*{|T(
zMqfXs&^tOZvL9FNi7sAypsZ$U{<YQXfpq+}ILZ0Ibg$jW*kM1R;=yA0;n~R(mKhML
zE=u{^^e9FU+nkeE<o&nYP!jzY8R%0~P7HLe=^4O6bvd_Uem+k<qL*_|H#|T|Iyo`R
z%27Z~qwO@HfS6oQJjzkoCbj*F<4ex4U2+0}K6m=SSo7G&cgA%57<t$ad2UZ>ApuYJ
zb&#}TDpI9Xx3GA3`8{6<hBa0dw;B{7hB5CBO>S1S%8#AAdft=a(ZrugCN*PKjg3Ui
zU-)5=L`G|ggG@o;5#vnS5jo>vHD^HH@*e`udJ@=KsT2A2g%&CMeP93X+!Vh~#H-?3
zf<{R5t2L)PhAB-nd;vgnBf;R4bu?Wi&{8!zWU;|-A(>RMG@J!k-0jg+gZ^fK0DEol
z%i?-eL=KF{-@&*Tt>~Dgd_FC7Z<cqVQCQ(LJ9jcd+Qp=aJFk=!7-_S@Cn5Sek<&JW
zWohU5yyVfORa8$gpU4Ikhd@bu|E(~sCj9;vozHd*v>N{0s9V$H)-vXL+TVXp&U!MG
z(K}7}iMq+qAELQxe0np<3c}1l>TvKL1srBnvJPod)%Xgsa{TWcBPHcX0l9*aAuaO@
z4dRE4VTJJ>0fvpAnN+@Sr~R!=QN$T_-@0YljZ{D`yGO`iMYSl9i&G18sxG)2F)*<j
z6ABpRH5e6Z0zl7y=-T%_C9s*mPd_rit1K*$slngWT-;TC-*;rXCu-3vy>BwKYJg37
z@XK@K)&GC|pM&HL)gYOZH8c|`{gQ|(JeLUS__Y~JGZ7Pu(;m^2^tk|&x8>DWAB~?R
zCKjZTIW*f*3MU%+m-v$%zbV~of!X4Qg(pLoVFWS5Dc=8Iy}bP4TMPtb2A*spBX=Js
z;jZ}RXq@6KkB_aJEAOE~>F(cpX6)#!Iw87#kTeBY0ido+X2-yr?(}hZaOys7$hEwf
zEh1M<;m+j+roE#3q&(0+_^y{-osP3}HC#VDr1IHQ{jZ9uap@vLTED9_I+QAkxS<SR
z&Vp<(uEa-p^uPTHe$m6SOP-WR0bH%3cG#BCsU=`!rx8rYW(4Rb4VFS6=-ZMJ3@#B2
z7<_iJI&lykH{fWwJSv?C`K$(P(l3ggoOIC*#zFLMn_FW3vP9<CEQLZwu5iO})qpCQ
z1<ry_;y<hqphUL7|164BmBK~K!jf=~$$n?6$yk4%IUwA}`W<pEb27b@N0)a#k}>#a
zY2-Y}2!&LL(tRbhJ1<l-*LjiQ^%mzT<zdV-hBzZ{rss$_dbw2B(NY{*Q9phlC7d}z
z-cdwEOUocY=Iz&G#=w%2V8GDe(C^;^;j}vhk*f9x<-5n0^X61Tap1C_jeu8dPGdgh
z(tjs)2nF=vC--L$l#7aOwSl^?f>R{SifwkY3xMK!?9s`Z8Fam_AqG~wjRVxsoW%hR
z6wPAjfVQ7e>V#1#67mD!86lwdQ4Mdg=V$Il0++;YgYLf;UkNABc-Y_HCy%q;kF_%#
z+v_f^?+KzRvj-%P!0#uFF`#?f?ZjMlQ4CwW%rzwgZ9@oTgv`-7>pwSiP~gI+1i}BS
zP^6n0y<k!WQ-9JA3EdR?3W??TUce(IZ{77=zu@r$S#uhgyRI^X+SM<pnu+v!qtPbP
z5S)&MX;+IHJxhS&{uzR>hV@FZY&Lyn4I5NETWeGKDUJ}mBtuX3L7NboNmd|G32`t^
z)#(4|4}ULedQ>P;0I<%lum8{8;-7H!tM<dUWJpDjssw$Odz0xYO*~g-lUp>;S&o6v
z!t7~#J>u(`nNPe63(quNmm5NiW02?x<=ssh|EC85s}HDsG<49szP<?%uO+}*V3uQp
zU66}z+#mSU-ronm1Z)gGs*jPx_<8IBBhMxBTTG!4nRC-lE<<3#&vhF$FY{j;jEn>A
z7cHnr?Ic~+m-J6};LU5Tj$TU$8eaxmko;}|^5+Lw;f=qk=y+!#4$K`iXHQffc!hfw
zqdy}4k5j~%B~@8We4&@gbU`N|WsX+z!7sUUL3}j{;9Y%HJ$@r!fSK*!G=IDaiz3EN
zTcb7X^fbY*STOQWyQ~r1Cw!fVyY|VNEx4fjx`LfGYYt?_$LHh`e8A;kBv97<zXOzJ
zu<%f1jw&4*pXMBY(s&|Z3ep}wPVU~E1Tp?N+F%&^zgz%|l>F%f6Z|m?0pm}ezdWVE
zB+@6YjbxyPgMTG^8bej%n=*@a1)4ys$)Kt4K_(0+m^DtgW(-%85kl+G_;g-I6BZr-
zY4pMex!3=Gh*VKBQ-CUAVFqCb6@3RD!F$jw8G`V^qrW*iH1~QwX^kVsSMi8W@&b+j
zqrg7a1Yz(UJ^wFj4xWs+pd<-9cDSq+G7t@jM$BjQ<dU^hG9PTK#smS%gp+M(hx2`G
zJ`>b0u<RXgR6?s6MjLc;CNy8ne1Q2Sc)vlN9tcWJcM0=K|GkDq|A6%w?Ntu(Ym*Pp
zzWnqLo^222jml%2G;HoaJ5m36M~0q~ClL(I#mq*D4vh$cLGf%_pA9M9>2>2E8E<8A
z|GH#wbO7L|^pl|f#A5_83yTw&`q)O5LT=9?-)>ns*_lh>zZ2aUX?00p3<dB^P|mtF
z+~h^VqkfvP!s(Jlbl(=Zl1Kj)3j;bABv=%#5HawmA#vj^ZP-CbUR3ReM;<-Sad*NW
zf+pdo&!@LgLY7Uh)WM$V&fWG@o8ba&;rZb_Q?OwhME{x?G_QIr8e9V|6&`t?jmO^e
zfU%?6IkFE3B;C-9-WYn0-6!9Zc2x=DlYYS!B?ugxgijG=;+7c~P!T`T>e*qrrMs<I
zDS7nxHbM4p1jGQxH6TTKV#{R<eS1mSNA>ES6)<XIAx)(K@}vhcxS0M{fkL&Z)lcp{
zAk-ODR5hU~VQpo1wZ;9eOzv*ma$UUl@1}qtLa*5)5}e!^$V2O1Gi@3cMJ_@LV(<2$
zp6p7Hm+Ny6Y24%11-Hr;`i*S1vil(;wl*&>*3-QDsDe`~N|!cWvqFUKmEbH_W9;X(
zv0IXJL;HL+Zw4`w{o{c3<e3s`H{THpV(6f7MFfhSzQ3M;D#q9hNc}F-CkII}TKItc
zS7yITrHN7LBt(*O>;6Vt|ASLslBdO=ku0M{Tpgp`2hlpt*yv~p@q0{l#=lr*h*bIi
z>2mPnI26JbXi%k5{$!g)QG{`EeOPwSLWaYV<}4a)&FtvP>ROv=mj&1wG@t5PrT-gU
z7lV7(`wY*)HceSgy0JOB3_g5z`L`8*Dcd$@+V(J`-ef<;6=s!AiYp;1S;n#jroT7q
z-sj+&&_su?0Ng#lJ47a>(vIQ|B_hyary|JosJO$|;Tg7bi=wsMeJ6(pC#Oo=-XO<q
zT<wG>BS`*4?L@6<O350&%*SrLlF(h>6&zsPHfRVo+-)1%YU7}Oq&s`Rt}$L46D|<O
zHOVxnsHq^TlLwsQ<!p$I^t*oGTdh9OGA_U1^%;M0aB)J=z4!k7Rk_NyT%!-)EBo|o
znjbF-P+w%r{p35eqULw*K!D{W=>9E(0qYD0?W>ML^ykH>T2qf+C%OrR;MBaX<h#Lx
zYzoJ8eWj*(Af&Br%BTo*?Nj<|Mid6wcK4bK2x1Q(IKv@rz&d6-ffb$2(pS)SqCgfC
z$(wmV&u{|UwUvcMqeo)2@nA9o27>swX>KGO?Jdo%#YuKJ(`s7V^?v#npjhxN!r&V*
zG1>j|%GMIF>%SWC8WraqmGBktPI?ag4aNfYCO4J4r}nnFBV$}{e1Bhq%4a_ToVdvS
z@I0<e&Z(-B?2Emz$#SD*d<i68+Hm}zIv6Iy<0wGCBLB|i;8gVF&ve{W!2~tP#UjB&
zJ4jQHj2D)GY-59@&MSb#kvhEJbi~{u5CXcy<NL?m=+YbqbPYj2expmjNlC_l{cam0
z40;9~XmX94FlE1Hg@Z>^gWf~gNPT@izN;>cT4ib7mbGl}D%DkZDWM1w)+7@KPXf9S
z*+t;f5JQYCa{)CiVBd2gLexxxFkIj=^T8W09!UGcSO^|8KKbb#0tA|FLq0dx{at}C
zNW>93`srwV=Fp6TaT)LSrdNU5sem|7EX&U<Lhn@{Ve+m?_rQ>(;w*nuERTru^LZ0z
zer374;r%-qQqWG1OP~^V-jV<NYp+{J_tEQqn=JhIK%&8?EzJ&Z8=U-t!B?vPFmg8)
zbdsJZ`s<F@{~2oxH~MS=C{=uKtHNW{Km$Y$;iZd!51#mm?UR<$$uG~8OZq9T$YV|U
zakY@r@BcZ~`5&hyd~u*`vK2iU1lwHFQb4W7g_y4Y{xAs6AVGI`e`nB$FNdJpyNr$p
z;b+mEABS1$yshUc{5!Jc*)VSh)X$Nf|9szcF$duMguDBq*xjDKN^CB!*!UMZhZn~M
z6L-r_7fJ=4A!NSIt%z{6LvTIzGlHbsaC<><;OuCeI6E8EjutN6iIMFwXu+w1dUMH!
zIiN{;D9G!9y8sMrKE9UyN>}LoP}%*b=Jc+f<__)e#U9X#Wc}NUeCAM2=1-&mjG|ng
zK%ct59MdNt0u~VXAF!rKqe)l<I6uK(+rRv^G`?m}=y(rohu&iEyP8rry-8d&aNNS*
zF!e!Qw0x6&W9fX=oMbG%(f9x33sqBcrW(JGhGsJS4nuDZko(SUKTqHhz0x2G<wl5G
zhTz=NwW>0tFQG75w{Kl6)2{h_)g3KbuvURAkT4mJ#kLr_OCA=+Il9*CkpA<YcpsJv
z?b4UOwFzJXA4-EMoXlto_q`*yvpZ(45T2oWM%acl-kU(`V^r+GQ>F8;V(_#{C=5T>
zt8$!C!mkWy%P)@u<ePqVdnoRBADIlJ6ombwtlWIj8Wr7JZ)n*|twWp0m2BbAjw>wx
zsX-*@^^`bfbueS$Y>sgpX8CejMs}^lxBBVtJJL=CCcD;pU7tJv|0b$PVqRYQD0p6x
zTw^}kToxPwqh=xy$4y#4yT949x#zR_-9y076m-5c($A4yQNRxYzsJxJ(3cNM`RldH
z1I`~*?%SA+t&R*hMrQ#*NG+!5&#b>QdeX2Y4QpiESgZ6z?i~;Z3VMpvV#~zdD~<Hu
zmTRw}uM_M`JZvjgY?y|^0QMmqd=kJfsPTdppr#Sy6NKl^f>qf1T6YXWpdHy;waJf-
zj=gMdacQ3WOsOBG6u3PbT}cejH=!hvwr1zzqdddoyu5m&Fl}u!L}l64sH;Gt0ZJkg
zg-50+DyUJnw%VE?`cT)VFi8tilTkT=SkGE=+8D8r1EKgfk9&(UV-c{y+PVECRsC?>
zrmcTCAz6zH>&yvFbv0bL#1PLI_WcdrBRYlYJreX{Twp*jT2;mNp38&N)fLR(ka&r9
z*>h-A|I7$4*oH*tL$a@`u=E8e=Tgk)YXDoM$*^^4Rg9*11ToAXTeIsg&sNZTzSn3%
z&zD&4?uTkK>dbqA4=+f44q|w5MsYGrt&y=yg<3oOc(aq(hm70?yWjf2!2Us~tbv4O
zOeC*z-~-(;JHGPBq&52V;{Y@3;IWErkbV5ph9c$xv2V-g=1=4YMHHV*8r@yg7vkU|
zmV~dhk!l#G6b?0b>6#~IP%H+5V5~Ja;{GzNX+}ekYP11u?`XXh7^S|s7AP&h%(Ba#
zta<;5s4|Yz(d8M@NBf2Ff%7V|QJVvG{g)l+XUSKQ-WBxvVms>Lu;$0H9^(&Q*;gE{
zU9#_0J_n3a=#NNUu$lQZbNf>i?O=Co83E0_pQJ*QKOkB7M>QMyL4G;=6-HKlGx@f0
zcvj>ry`CAXtahkZ@sc?2R@~X*D7@CQtX2Vx2|%x>2DX1?f!qhn8omJ}d6d(8B8aV>
z6l9b6gt#D-8+U{N9@!mRkKh8Op!LOx4YwmbM98$M+}0Yb5pt<(c__<eNNN#&cje;~
zd+X%tE4s`+7JR-dY{^kH0ys{os+^QFGs$br^!G%Y&~OYXj(P!&&&Xq@%zqfz<x|uj
ze5HKtu=s)kRY$n;nP=1+QuZP9&!_uz0<va)e*j>6Xj26a0;RiTEi(8=1093Rg1J?J
z#yl4l5?{VMFU@?#pP<ZLm*4lHv_voabp9Pg!9J*%!m~6rSV}Lz8L2ZO*K;1B26Bd4
z%6~^w+uK<GGl^58Y<n9hAIpNKhJo~LIheh2<u$ymb;zV*$EIV&f^gQ?x}+Y#X=|rn
zC@V0!mh{6mY~o#tMSW^Cv85V6s60^jgta-UMu0ZB^z3ML0L+`$QzuoDD6xK^JH?%o
zXp@f)Ry0Q@$9w>eHTa#}?SD5EIAUafM*lVQ>GGZWg@98Pf|X4GbdA7b&RIK?1(6*7
ze`I}gbmZ-_ZjwnRwrx&qv%`sP+qP}nwllG9Clfmpb7J5A_P*zyv+wyQYxP>`)!n~(
ztLmwzp0^6W4FtwPsUe-T_WLL?&C%MEwdR9jZ2IB`{L9@sF1fA5Np>#*eD5@(10QGX
zl@SWE!(>%}7Qfd!CQ=n3P*n*U5z?Eh8VTl5CZk@?=BB%E2MGF5t^dR9*^AcGDa7`U
zzcDI`=GPHpS1dQqfwO4Ey;z@Kd3VjwVNlrIzI)gNV-T9Nx?7utp}OK+GRPUBB0L9!
z=l!-8x9$_yl{sL0rWb<6+%_u{!ehl!@Rsa5=7L<HwXgt|6RLZy8*lHwpl@aq&$|4j
z2M4Z6Pxhu+g#K>{egjLzERF$;7_k?w7Qg;y70(3*ybWkYby>a2F)i$m7Z8=g20RTx
z2n`|A=lPHh=FD7JGYGTcseiW-(w7(Ep*87%$7IkC)ZxapNo2?LW$thDW_{}l(Y++^
zCv0>`T-Y~WSngd*L0YV;vf?sQn8OC8t1WvXyq$N9fWA3!W$IIqUPM@$VudP;r(NkU
z#@9oIJ_Hs|w4t9Rjv8zB>>BvM2X{fORS(aSMb&Bs3N)25XnA7EFf!DoTD@R$kW&t4
zOlb_?O)Z9foSZz#2^DNf_xJVZwqP1^HSiBB^)-KA-77gZXf~Z+u3=HNQ0@~|Y}|HM
zZ7gG**%<43sK2PHd&ST7!%DV)f`y*(HEMKiv1<oJBk@4K=gZuzBqlCCB^GWl-8o6v
zQ_<)31`deA6j_%jO8L$!%)4W~LWy?qP0i@l>@?@!wGq5Ch_9ga{{CT;n%{UN<o4fn
zhW-S?aZNk2A_tI=_@DGdANW6KZ)gsfne(%(4emV86DZTW4<u1I%w-V-(FrNxEHVgX
zWpT3K8E}@pv*njZq2+QZ^dGh<IsI5LzP4kB-*s!tb;cp8o_I%Qj1q3B_rp6<91DDM
zHtijM4Q5o$x1pkhsZAa#qVb+11|QT}NghnKb6VVtcfQPbv`i1JAp;TW=@^Ff;1tEg
zrN%$qV-1i>V+&+(urM_0>X?--oVt1Ed63KU$~}S(sUs|YDb97`{$b*U?%jbf#6`um
zb3Sby{JTRg^t$EL{fA=Y3)W`^!XnBFI1W1O3AS<MF`yr^Mdn=DJ&i8IuE=*9$V}-x
zVY}L{hIpX5L{_h4E%isIeAYL$vUI}MLBci|v4{VQd5le|nfq(3ib?(g`~QsuWxxX_
z4PDMdY-;&%{J|}(nnoF;Ws9W=Bs~7SWOIWMjoYpnoM_)x|H6em(8c^Y&gfTWxHQ{Q
znlQmZqvmJZY95;8u@D)^JpJ)FIiyJ>N1WZ5$acooI9$B@iEL7{Jj1y&Mo!!{-S8E#
z?yRF>ak{&~nfJ>u%z##4Kr8%DI2@Dd)9lyKNFTdC3-T*w(ekoc6HDg-i(yo@2)eO#
zFe5$v83K3`2_<0RDBt?$C+E-AqcQ3#JJh}4XGX-pmmWW0EMQC1QUe_y*?<#qfc-k@
z*m@S1XWEMoSAj>J)sVS21NS;#H|4rJ6c|jpYVTg(9hzkN>muHz4AixMX0HhB1A)0`
zbP4!>o~=n@AXV_EUQT=*c*2kxP|=h8kCK9J4=Wr#C5<4R?J_ZgGLO~5bNV11)L(ij
zSDnr(gm;5S%^U0@A*I|o_p|g!>vuax!(*2R=<4t@yDp*=E@7!`H`0%+{le?w#QJ84
zT4G_)f7&UtVZQTV0(3F6^j(8jB}a?(FBJbH+F37L@O*Tio8vc!p`z$dEGkwfbyEPo
zT{18=+%Epcfc{*WCDdH**0f}tt5DlTs>^Y>H6Qf5^AzU+7Y`flxp-Ut$X~ij+gXej
z{2rc@1&nKRrX8?NJCB5;>Dx)@%`-7STI-G1VXV3SqG#(k7T8Q9GTP2a{JL18ou*@P
zA>OKw_`%*}AkFj*Sjl1NjqCiU3pPRlhv;d%FRFJS@vs9fvU`zZbfXA}`1{?jF(&N7
z>iAv769N&Q&n;PX>2qKk95mm(k1F<KFE#D)5PXlIpTH1ST}Z%KS_J~rviSIIwLsV=
z|0s^-cM>~LogL*5?VNId@dpk@W2zR`^QFSOhLu(M;Dlw0GN1y>!smZ-Lm!@JClU|W
zuY)F`CiDf9`jwzna5U)!Ji1@92$_tbB~j5)Sv?IB_7a|Bc!OQG@U+|tu+z%RIaxVk
zsJMh#@*8F*yQkJ51#E1@KL4JCm*TDa=rpNT9M)t+a97MSUd%BsS2X{+ENk!b10;=?
zK0G3}e<iFJ&^ImUT)6_Dgb^#+^k{eHylN`pTKh9PhnCPE7-zYL6#t`T5$F$r4E5ha
zI>#=EDq_*HXkf?yJ~nFsoLCPYLeki)#pvS4y5o^&*;-B~a+o01U<1I$yZh4vFN^^y
z9!6Lchmm}1BrG02t2-J&+`)0tjVD_gV0k*WXiwdZ3e3r?v%pzFoc8kynH{gx^7v)o
zB-Z9l-7WdHF(SU<pV|Wzroo89pX=V0*wxW|w5)e6GZY?|Jt{Vq-|=F#q3rAu_^LWz
zaxOV?(K0ZWfX`j*+C}-L-S^|QZgp+#54ZR8jl<yn8F1z7>ikSYP0sJD!%w}(I|5eg
z)wv8m1Va9<G!ItGrSi3d(Ky6hZWo%=UJmoQ{Dhnw9or$|v$=VZNLV%$9wCt~f{`Io
zzs4hT{7ZWnrV~wPlfIH)l}?Ewj@@B#O+HuYl$w1))N#QH-8vj~<ZkSxg#7KK=>O`P
z{l9_`oN!i(n=XaF!aIs9&+p^KE&99)^_xt(0M7J|P2|JRo{<SIJ;SYSbSj<xm5aZ?
z<`wBPFp&oow2J+UONUFC5(k#NQ=`g`X#d%sV+P05{%gTY6Q-q6Q_Ma4Pw{u-vlVG{
zL1x~Z-hD~zisw~1G%1;Dxc}?fvzUh_Z6btPFKjRDKrUfaG$?@XZ@~eshrV5O&b--Q
zU@5H?$J@WZwdedTh?=mYP$q|W)r}h^iJcdajXW=_9f*O-jUhPt>S5EL8@$TYlm`6s
z-{*R9?c((T*QKd-u{uO-<LK)`2hv$t6u0}%m81J97{wDZg-Bv&3mge)7z{=N^;8r*
zg+xabO*y&JxtN+n2WeH<Jn#@wC~|?A82XfN?V{&pwre_6MnaedJp0yt;416I^k`;k
z<LPMTgFi?1NlVtDP&LFFNwk5O7>cNmxki^KOUG)dJRznoPOp$C{(h(!@P!u`TAp$y
zNo33n!AFE7%&IA4H<Ce>GLZ|G5VvxMK)r0~f-a9jp{S(Nt!rn!Tv-)W6hthHR*?&J
z*dkkoZDZlPl<q&RL9$I#&I8Uk4lxuocl~u6o$cd}F{B|#?70p}CodR|hilKY5&W83
z#T?kAlDcW5tJzo{T>q8Un3lV0a2V^%8_MUAa<F49!rsW-w0k&(CIp_T;|UN26zzm>
z|4~IGHg?%K%L#o?6MI#7d{}^)`di6k9I4iw@W*~g61<TfWCY6pC~+gMk*AA37DU{i
zv=4a~${w5(3@@Mz8PpJQtO}$>#!(wAxjrd-m6}*Tj+ckhwVJ4IDr-g3f<js+%|Gc2
z3nrWFLeSzQ&3B<?u+Q$mo=%%P98L?OKipRKq|P;!|I2F><l{w}Dz8DLn}&UiRlb@(
zKAO<QVvIerm0s7vBo6yy)8W+;gI_n#zpXg%sdAmYWw>>am++;SPBaAgxe(^RMQQHV
zsf<?KZ(#ubs66OUwtrY;JRi=;hlYk&OO(rD(*>#daB*-vmo+Vtde?HYTwJFf8Anid
zy(kcuE!hs7{vtKgJV#3w=Rx;DK^>;cmSyzUQm34~fJvwbOT^tz{W_zR%??+iNwEb>
z*ka6V+z1X0)djkEn)Uhbn#3NJ3S}Fj<W;4>px}j4BnkK&*^Mo4nHSmsdyrt+qU79#
z^9M6JoA-81>-E>~Co&{9qWy)d=-J?b${B+6I71h=Y^j?(3Y!J(pS5vy(gkhs!X-Wi
zBLq}LkB@pd4?i7jZoG$u^Y4cclrGd0hgmc=1a^7|=-c(HHtJIk9b!sg&FG0)=)MVE
zW~OQRfKj?evhhqLMr`xtfaTwdXAe0Ox$wl7LYSLsWDZO^{$oDS|6xrSasO4&Sj)as
z6+wF{ensE|<yVcPqy!q${vSiCU6~q9tb=bxvtw{7X<tGi`0T~40!YQ^qDCLatSx%`
zMr8W}KW)udmI$yjNVxq_f~r|jx!D_1#&E^8KzU-z47Y31=4fF`;XG?w;8lB$WA0iT
z$qkQft@~ZLSCQ~i$BMzcoB48IwAE{XpMBu2eAKKkQhU3P9u7k3N`tg1W!xcy>te&B
zWk6kG_!Fd7RR$HBxD^mt;n{su7MNMBTuBKXEL}$OkpeYvr@2)y0s=VVj}Z(f3*Lk{
z*^8cvj+m0s0-A~M;t~(IHvL*~Tmq&cL$|JXy*7ttOqF<}b{@Ynw~j!l2Bt?u^a50f
z9rRRKFwN>dvre7Agt;vbWQq(N5)eM=%)JG1{?{4f(9P&uhk||pRUtx>&EYj9C;-%0
zsnk51^IoxtIC;+Q-t$9*!@_B^+X9ZFoR<9$7`+(I75~OQWV)Q$jWPjLa_(vZ8c(V+
z!c;8NM!1^Rqv#}pQ2OU3nG-EO$mCJYz=(-}!S$Nn?pf}^XI=CIkaYH#$|<x-j#wS%
zh9vt0Nk^gSDd_tCKWzAKlZpr)A+*7Nv(7?CM3lWiLo6Fji$dj5T~#}pJ{O=jF<i(5
zFE&Bn4U5Ua_(eVkwBwL6YR@wpb~7(TSBZ0AR1$4#*wmu-7X(uqip3DF4Ibm8iQ4Mg
z=1!5+BvQkbJPZm;Ia-xCiR<s-16%EWA)kdt>c`m|q5Qo4+v(l?<*A6A{XJ##+KDdq
ziB&e;E->WXAz6q(ElKGr<w`ff@m3JLsCd^bsGEr4l+2P-MP9u2X?PfK8EW!CLH@Cc
ziF+>B3-!p#no1^XV;<)Yk%wwD0YHsnU172+DcDO;Bo>YQf}WGQlYE6TH#ERCCGt4}
z$&+J|NYCm0IlwE2$IX@16c-gh!+rAL$)t{sCnn=u$gW&va;ZYI>;x@}D_pM<+$L1F
zLWu!RhyPtPS!TI~BAvgG#6w}Bp%H`&><T#&)K1U#29c^NOZoQZzT7|omd`r9Q0)2D
zc+z-9lxA-f@Ut*_0U7issTyxJZLh91xRl(5`VZH?YH4|H)H4r1Fl+a7Y>RHDM?Bnn
zbndi=XSzF?+`C-_rZl+WE3fd$lu8=xw!YV{Qa^%IyNoEJ@?;$Qw|SJ*rePlbJFxz@
zXC^~~&W`)*Fpc5MUL->wiOZ)0ZAtWxE%QW_ZeM;Ik5y;)GrGvILv-OoP-U&}9q`*C
z4lNjX0FaTu2iT+S8Tz3<UTB@otziY^xBv+i&O~d|bzKp%tOm=U#^y7oB*Zz)t=x#K
zeqZQj_md8Hk5ETe7F9r#StLwSt7WW+VRw#1sS$x?uT}`!{|K;1kzxZ$t_CAw5Ob0y
z8UV?;nxpu+9g82dF$v+ke8Nh|l1T>GvQQ``HX4~P5=ULST&9bN{`LEWEt)k^aihg1
z$Hw~NXmog3n%C`0+cTW|kZ+z!cPZ2ovHqMUr4pSenk2cHvV<(!sKHIM+49f+#R>0q
z{No%}DL9NOgr5-fhiuidSo$P5B56LIAVd<>!5gB|I%A5=&??O|(ZXJGpEJq2!A#?7
zUjukLfZC}-4B_-XQx;;k-?w{hw#GSgfF>3p0#E5rnRP;sK|2MKBi)@R;Gp9zUIk9u
zBQ=avp4rfBrnVpm?;_jm`zvet-nH%l|Dd6P=ETjD-{{vsTPy$2fQ(+gXy@@%Bt96~
z2*qB>Q8(jW5|g{l?qvIpR&Cl5gW3hJw`nq)cttoq6MXn56cTE+A%_N&hsRMGc?)W9
z?xeG$cl8ybw{N;p-t9yGiuepRk+0wGQ`qJkXs^KEH_|U3_mk_QU4-Wuh6OsUixfg6
zKcB(P*Pz8USRT0)R8ZLqUgDvd`-j_SI$D+$$mj?~@5dJ0GnJ;08oV24j9q;*Qy=wB
zJdB@aqYbRtT?z1yHY-PuSj(iNonb0@0&i^4;<F}FtslRe(cCLizTvF=3W*7nxOH7%
z79}f=9Ag)9Tzgzha89olzH&A<4yp_DQkhxv=~ekBHbe1Q49zU#a_k-a3AqV}((ZJC
zPOJM2d2K#FSTntp@3vfKF6@uO!~}jxG|UQ02E8x@VtA84cNBjv|12&A;qU;(iEx6)
zMWf4>Xqe#OjPi<R-8zQVUbB}z{fZ`i5384@euAX&Ng<)fQ~IkgnI$wpv7Q~CH12<C
z0Te0*o0>f@Y0oXyyYkvr+g@7SY~?f-**<<EdGi0zTKY~O)iZMeK!Ckrofubvp=ob0
zvLj{=lmvpK96j0TkGd>s?1sTPZpZUoY5$pthZI$!VDgnEV-r&Y_t_^T4@#IpN_e5S
znVP+mi}2<h+o7ZDR>POr5c7BK!R&P@+nt4}p(QK;`8Gc)x}Vp;J;CI|*8{e^!UqF-
zL((&8d}C{2=FsK;O0kh){&zq9H#S0!y1QCKoNM;xAU_f?>%el)k%{^u@PEYrI6q?B
z$T?%<z~Lym?gSVO&0v1xL)xVqEU1U0edj|L;o;P`By`j6v=YpFX+U8bM0w-cQ!%?&
z;`(`(lf|@Feny-&mbFEx$YkZ@IFpJdzoixWBEl;_s1`8WN?{m755MTeU7%v*bpbos
zH(OxAsOe#P=a^(Ls%*EqhJmB@iY$E)rrIBo6DF+e96Hg#4r9#*v5&IPbkzNHGqW*`
zym`d{MRHf09Ajc-xQodN98|Q>6diuEKP&{qTf;)95mO>dXS;e85_%0Jb_-C9T%<pO
zs2wlxFYrpEl6xkzpQVE11YJ=A-PmwsHc{6Oz;L!oW4PzGRomzl=ik3c5DVwmojP~q
zsIEn5R^&npm*UDCuF1$SOff2S(IZ8`yoP~v0;hn1F$2)XtuU5jqjzPM*>Qe7@7caC
z2Cf)gh+Bl`?3f|PXM_-dGhFz)Gxf-Y%k*)uqzbljup&~_A$mg`97oeX@47HuXc8*-
z5cnW-6frP=cYK^85I8izAv_S|RZ-E?49L)R36p-P<X9+u#zzeZcLTXCU}}rBOFaJH
z@%cMwKS6n8hkV)@&^O@A<GSGf1%9iuR;=|5`rfg$VP<iEa!pDkP=nQSIXG(Lfmh=l
zM`(V+c=u95Px{J*XcO7XgYcL>4-ATielufXbnyYhfO8J}i|qv%$zt@Bq_rK*BuWDP
z7L>zS9mSHkDBAU60*9hF^%oCAF09?EDd|rPuFjTt=rrML-)|b#S<<{=#JYG?9>me|
zF}xHP8?+_!pniYJMgD>NxNZNeMIER$To7Y_lu~z=T|l}&JkPq}t=gSXx}R_^4II#C
zm9c)sE!)e>#|K3<StX}vh6To>bLW@_lM~ETYcvJV%@t{tQ}qCZO3xoM?b3fV8nR}C
zLqLq@<m6az(RdjP2?+_St7Gw`%4f5q6=nD<R(PihKIbh5)kg?h7p|N$Xu(mX^cO*&
zkUVC96tT1RkeMnq^0va6&`=)1peq+APK+m(3yYb8(?&l3Qjgioh!oCe{Ri`gqf3Qv
zcDO<w%jpSPI^y84)<l`<QH92x8zS7pN36CFMdTRnt7KZIsiupNv7PvKJP)&cfn810
z`TFK2{ddjs@6;-v0QD>l+{8m&{~h>?$!`9bW}))@?xdm(mnN6tkt^Q2%S+OyHT)TA
zgU~&{jg0Em(HAdsdzuOWy3P<$GwHV1GCK7siRV;z*b<sTWCKfQFV6)UxSpNdh@AMs
zTxAd45s-wb3i8hopwNHH!&cPJ9Z)Py*gx;TI@ug3NGwd<pamv$hu~Z^!{ahN-w?33
z-9I_ta%Ik})n<^O4&idhyJu*y8SxPF$$>ZFXx<%w2s_O8;1ny2L1XE`X9x6-5Va9x
zcjhQ3!{c$h*05&H3T1X8BzjF`91KIVHW!T&MQRQlljc~0<#(-Q84SqL`S}J2bPM2+
z7<_7g09c|7^(QF0Uvcmiuq@d_v`Slc5voyL35L$0?#~L2|DLQ!iG(6Y%_kOaZQ|(o
z9#LOkA699w-fDMkV`Q`_IEC>6AtWy!5IF>}wM4M`ghD_-K#p-1kU$_7A;yVrv>c7a
z@0wgMRIJd2Bp1+7{s~5W&cWJVzobt>3G$aQ<3|cCCqezQtyh&hFS)<JS@S<ejumZi
z(rXeC6cjS}w1Vzd;;M5RmK|pBS48HSg3uaxjkLq73;17_!~@@i1epQu6CMWwPmt%;
zJ9}XN5Q^sRh>g_p$Xasfa}irq7DrqwaQ1sgk&Y1$Sy_a;pAJ}R&pBvFp#H-(wfe1B
zBpT_cexW-51gZ_r8u7g_1#qrp-#!1;Li5g-^ynxq3ek_iWrMSvR&MUyk6hb09~8_Y
zP@unmmk>3nsJ0R*M(efRiQqwAarnHBa{ttTT&h5iz-?7xx?zLS+Hf{DHQ9Zo<HA{v
z0%t1`VjUr&+xkv8Qw4!|?OJ|D03&eiyxLwD+^wS<Mq{(l98@E$Aa+kc>-#wXK{hmc
z+&=fqf~Bofl9)X=6L`qWOsVdii$%f^*h~W7HTlO~DWGf$7EkHXT32Fl*cxvi;7=q4
zITRCM7D7F?+jytYqBe|*`=$;Lhae0L3_MDzUTCa<ILtq0z?Pc$ggBBUEAS<bQlgb5
zg9w&G!HA<<_sfm=5?vWzg%mvF0(YKlBBMU^4=E8Em`3%Y#mJA82?cO4r2~l-a3Lg_
z!g(bilCIpS(o)1uucF()d!r!P?R<#&deKDioYD_O>@;=gRu#lm&&Ib&A$Q|(Ff40h
zshsmJA#pVYqr&X?dVH{tzUG0>qs<Bxn`Q6oxMnBjqx<Ii*izrz6hefmKgB*UzXn?O
zcpU(FY&{OT8<~@6q`H6td_PJnn55RVn#mpn-OkPIi*VB)#N`ozV|bm>+g*3{YhyG%
zLb&gddCeAW_JjTiv+D)tun2z|w^OZuj=;v)AS>^*XkYw!EC+uY6!@GOxb`bPIOw;H
z*V>Fq&hJvDoc&rIi947*Ce-tbdwJSy#@zi~)hBKM^x1p(y@tc%q1cB5d2-c@deiNn
zjD`#A;Mu(zhdmfw+7RCN9Y2<4SC1d*>Boby1t<jFm?pcN#Qakqtm_S<F^#!q1)`Vc
zb7e+1^%4^jRohs@Z~4y5E^ltLZ0%e8RtpYBnd|P<CL(f}5kyRgT+?%BjG2jPxN$yx
zd)hE@!zz>nh9FVB22+Ql)~g27`;nn|j0Bq~#u;&v_V$y%OR)%Apd3xPh2;eKM~Kvt
zux%0K(bvYTbZ+)F#jqeD|MB<izw*}){<{SozqU$rrc5<+xdVm)Tf~cc*Q)&W($ePm
z1I*?XE~KUkcAs8vgh9_YyrbDN)l4OB3xm>?;0;Mx`5Sl&GbdjD=L?O*uclV`%~m_T
zzk@UgFffiTP7W(kg{!n`w~EfhFeG?IOXV~}qPPlf%Dn*S7SMRiGs@Kt1Yv-}P*fPA
z6~a+f<}lJaStg+Laop)!e!emV>WCF<rYMcc4YU7IWwK*9zPJKfw@F|&vi1zubtMUM
zunVxZC+0G^9-9`bCr1D^vWAFeQ*>7n`>Wn=hzgDsE!OaJ`i}zd)yE*k;$U4`^lC=4
z4<JU2EjQ=%>X2t_rt~85aP@?fHvJV}Ocpzkh7FAItof;bv%aM4h_B+{>NGSjt|kpC
zuaN?1YV`iFGzQd$!Cdpz?vSrPoHrhQD?&3q`k$eIcTZ0Ef}bA+@=zZ3Yc8zcHW14U
zZvl3k>wmh&F&)3=!c6oZ&j3^2qwo_%Z`wSS^KJ!Sd0ahdO+o%c-vXdMexNp~k?S8J
zxl!dc{kZjfKaNF)-|h;kt--(9Q0p0{w<`p9TA|2yQQ`^yMWxYQaY{kmR+oJ#bXc8d
zi(1rh4d7;tdM`kr$>`qS4uh>!^D713Yrp4-kGBr&jG}eh1fUMb&l;8Fe5ok;5FvfO
z_4^6D+=)1>(9Nn%y@?_Z$zJpd5PiOe&Yt%s@jvXzjq;8f2?J4_98$wz=7iyXv^GlA
zjXDNR{>`Da++0--X{fV9DtkA)81Ndb*icDCyII!e1@xJ6LqPoCH0@??Fkcx<aT~Yj
zr3vKgSiN~0C0N($_8MveXM@s+K_%SKO#fWbn1syWLdsqJVHFz|pDER&^&6b>JFY-=
zw?A@_RgkF-B(iiobi`a9Yr){%Es{AnGt1@8af-o>)0#g{kHhnUw$4&@D%5;3j9(ob
znOR$ZRRw8wmk*=)29w3-j>bE3OI@<CQL>dGWK$KZO~~OA9NgL+B{+@vNp`|qwI+xh
zVw_{mxdZOO(98ir08CY0xeD=5z&vZAKa=d@X>;@()lzfCq33k}DNf1K4?Wn7q8}C6
zXr84Y&G3S*z#>xZ4mkYKWvsJs{Qlz`0Ioz?ajjn2pClY9(S+4x1s)#0+sNW)7y|zK
zSophyP%x^2F%nxh5b->fr}URmo!q552FKecWS+qQTt^o;T(8l<*Dz|X<a+}d8+dJY
za4vDJe~g*pilUGqdGcjNc7IC)plf|78<2iDW6@(buy{SyYk;R~47L(mzOq-!LjjVY
zB!wx`QmptQDwx8hx_l^TJ|BZm`BI%+>$T_EaDU)8+_Cg2^ZdqbTrl!LX4rn`9u1p~
z8-NZfGxvFR?Tzt*rr2E5MOX1bKY9bmepx=jj6QUVW$WVm=fAQ)-BRU$v8a;mCb31N
zFYKT@iPvMoMhehl&3UFDQea&7o(8t+Ig8zS!c3`Wn9uO^!8?U@@`c}t+$`sf2U<##
zdH!<ht7Y(x)bTy41Wak<gnKTdJ)8YZF^sd5`YxK1cAYPyq;>JN&ViW+nm4pR`cbjU
zI|^wB!9uP$GvdZI9S3<f-JqxXPJ3WwaeXX6VQ}^r98cpY&UJc~7%?yy4V727i!MfI
z^Hb2BGmDf(b2d&mBG&Otpj8hlVc_;p@2uS9b(7Y$Fgnk|w7BiHv^P$fYTp4XhX!!P
zgyAU6=tRATPPW0vxhKX5U7Wb4>O66P<;(c(3z6G%`=mZA=wk~w4EFek#SFWmF%}h?
zW8g11RBqXr(4azd7qFrv_U`MDP`1Av)iko5ghm9wV1fKTQO{l*7G|`<a7Vm4c5|(Q
ztmpIi-Flc!z3UZB*Y|}~`AIuaT7>4pdO^s7=Fx(At~?+d$G2gOT|T@J4vY!4kRl0>
zxgC0(8fN@MQ!x}4EEDzD*&BjpY&w{c7!3V1PADQpEFHR|Z7sd|#+gSp{~Km(Sg0`C
zHEM%c5wudTX6)H)x4*5E9|#+E19veoyPfXzrU<%v9uX4nVjD7VH*Wzf9|d*VL}n$#
zbCE_;<W|$+kgSGy#otsQsVxhZ@F7ACKei(!EYT<-)8pB_?ajPI^B~Nik<I-Hj(&|w
zV)|DEsUm!BjlvpjI9gdtYvULS86$$CK{nR|V2}?mZb79p4dVIUiWyN3Dp9)w5bFau
zBmvwOSt~gF{{6ccDQ4da?HLb*=gLwt8EG$H)$K&|(Gdj=t=Qhl1rbv;p<SwJLWD$6
zg2F3nhS}J4W^AnO;A|g5lzQ642zm?wW*tmWMK%5*3d)$LWIrpUJo>LbX}ifegu$cg
zoQ5DW@&nCvS9vjA74ML&rX_bv%~k}*_ov{X10M|+Q4mU`YFn*t*rbSCWl$(>%>a#m
zYP{P@j>c!Xp$LI*&;n|LR&A0%I(1i4-2YcMwF|MK85_9!A0J}-Q)exhR4-c}5FBut
zn-!IBnM;iUG1<Ge)yO>r%%>r_<d1=Vr>5*UzvT~opSB0wy<6F^VMpBc4GGh<%V8$0
z+NmO^My>nH8<p};Gtej*O!potp60$pDXa5xzv^ZCO`Zs5`+gFN9qUGKE5Y+$9epxq
z(Q>VB?Zit=BkdV85K+trTOo`6BEX>j)BdXhMjH<Ty2`i7sQy$C$M<ClvhD}IKDClO
zEX>(Td)0U4+tk5D6+!1N$;!NnOm&*d?SY%gWL@67$D;BV3s!~AXja3SOtOgl*ZR62
zq4)N}`FVJ*?BH%!*yMySFUO+3S=D@^(=n7jF*lD+z&-(bu>V^Ykp3ewCrr?gy-)|$
z!Dg?EV!5I~9scfvlX@YUnu`r1b%7_IM&t!|ei4kQI&xrJ7(O$*TIlP7dy364Dd_Oh
z0t)##0hsh`Nnc)pZ{i>$x=#cR3Hj~ti!%K_6Skw-nO2tNhtfZO<iJWZxxU(9Mfu6y
ziU8h|&d>iXSj=d>i&GkJ1qNmhJo_T!ycx@X<lx8#GMoE2MwekbxB}!lgdz!yBH{8H
zrVZyR`nY3)$$Zh5^F=L;i4^{6ChX5L9#Z6UmYRd{AK|VZ{gM<sVut<+0O*<q_OsiD
z=ey5eDDLQNxL!}0sj#Z*nKw?)x54pVoCU+e`lIPbbAiKe?!Rjh`?*Uy?llLu;Q_&U
zoWZb=PbB#kPOPW%kjxMpQY1+I?;IIBepCQ5aZ%yBOIqigPxK4?9O5I^xIYG8#(_|e
zrH<DV5UYCJu|A!xjjKc^*~B4RVH0a{Iw8Ljap~y5q)HkC1dR=n7a%uPpabnU$Z&Aa
zA6|LGyaI!QC^Mz^z3-5N@csrt{iK#ox;r*ua)0-JFRg#({$0BqF6e6BoVh}aP@zKe
z;3B_Ne<mI%D2X|3AcOT6nXE>u^|8LG*=$Gan8OrT@}o$cZDpg`>e$xG2=hl|p@)Ke
zcyc_wXSbMDNn3$b$wHK%Yg`COV`bWw1(~B{hZ#yEA(GyY@Ld|Zqb}_VBq~1Oa=WsE
z<p52R3acx^Iog-wdLuK&o@-;;jUFVKOb*(nZjues_~lEk2Bk`DrA^`ct5Y-(+2QFp
z;Dc*WvaWX*i|zA+1zosGUD`X@QgMnvfCWpnQuC_>JNi7|@^Cnr|4m?4i-qJn>%D%y
z1mnlMGxt3yjeIvMX1uM7T9AaAg6`)KA!g%W{}%&2OmD6UKDq7JW%RMJ!t^d)P%VU#
zpJxR}57s~*6YpA?6!o;`api}-o{Aalb^F_+5p(`0+HS|IZ6jcn47u4;RDvvp{PJ@F
zlA*aFO}0Sw6r0`$zrCpvKqDEM-YmJwHVerh*Q2%@+}2nEQ|g=NU(?~-wXhAkUN1fF
z`(|d{U>r!9`J0{aRilLu0@hD9VO{r!V61J;C6iq-4~daX`I{;@&a%A3&`d(_lsa9`
zNkC5y-rl2OZ6S}`NA-3}r;=lX>2m{rv=$b_@~~plI(s5Yr5Em<Q0!tFe0mEB^5|^V
zx&F>9?p`SHe{WAaiXmS)?oBACJV)W-U$;ejXJXYK1F(%$eP`CmPVLwTu}cvhhqZ`f
z)tf1s$J%dqG!?p9f!#jA24wxASg-4WCSYCNP~a_%&DCH8;cc?kML(l0F^h708Eb6K
zm#V4{heW9r$cEZ&f0jq<-A=dG2v3|bbNdp1o+v{M*+X~$f$0_KATV@byBTB&5(0;{
zISzg844jsdRL==tgXi%N=5r{QwmNuI!IkfQw4n;R2N?$_O0lQb{uI9}r9Ror<@3T7
zq7qWBCUw1h8rbESg4|V?l57e}62YKK88m0U7G>EtS`+h=)}z?nvKb{x(lGQpQX9&6
zvWxR&0=?vaf9*%QR!nxwJh+4oe|xe6<ne@r+QG5=nc2{X)f<QzGJJ$Aoj@(gyRvX7
zI(Eei_*2Fs69#Rez80=T`VcvK$bKMVrKmp7Gf)&Rudc~+s!OO>d0P{5oBhyy6Vl7x
z?u2k{F+n_)pF=x{%weYQqRemW2<rG|3=ml>oJfNrHo(p}y_C!5Bpybw*y@N1%h7pc
zlW+TDY|`Wqp<0KpmVV9-Bw#4xFTbOAss~P>3NHY&uXd~LmZf4vpqW2&z|Si=%}7bs
z78oFGRL1g_D)|cmwnqgr8KI8BZI*adZ|l3!LcDBaa{^C6lIY6-T|mP20&Hj<?eKCm
z+YxR`5RZEN>;XH2VKFwVh{fkI^=&^sbs&-VG%V}VZZI)5-rHZBd_LanRp)ji-}dMg
zs9dQH1u6jGG`<^~;qL9~hq>l#^sO~N^9m)Dqu3jk1(x9h`>a^{wz<IZ%R)pyvIb;L
zTw7D_z1Sop3?-xCZm(=9Fc%P1MqfWFu-b|EpSYDe8Bt89&S%u`dmy=^V-v@qw@CCP
zA(-85wQY69%%8m`=E{;t#d?pjDH);~?iR$K`q0><YZj_ogh?FLU#)TkHnYLOdkBbq
zOzD@-)Y6Qen4GHH)<iZLjq1-u#H)5L)UCPGLj!bjb}t0$-L+sS9-I=OQac+cB32Dt
zC<)6c*3S6&#7L}LeD`Bk$xsn;W`@{(I-FyWv8DT&k99ci^H8HM3y!X9l0xiXEq^le
zt7jAGSZ*w_x9a_*@XQ}%aW&`eyC{t%hs{mQYMTaC?;$Oj^X!z3o*B;E8yyMxQ+Gz1
z#Arx{O1gn{>bk4^y+fKYNvS%nRu(|=2aB5J!o*Bk&w|1m>vm{@+0ChY86j~JeR<V9
zq8vtNKWxy9r2x-K@7CCYgESNP-KZRGd7b^;|LNE6_C^4k+PU`*Ko(&cO0{(Qd|#S2
zK@ska9>c6ofJz*yvZQYyLHAi-g;!R0#!G^-*T(c1znS#a&9VO?1{!MGtvu|HUqKIi
z56&6&@VN&VDy8cLr+JEnjrl{^p5YfyVCIPs73#NQgLxXBXe@Vp7{lCi>I!D-o#Q}H
zm#+Eh88#|3F|xAty}1gIrN=mtWe{w<ODN_h^to*NftzuPzJAniEhj?Yfqt$w!L(cm
zYZR!4s7VUFi&Zxk_tC~)E9EQt=U4POi?b1%2~o94tpe-OInX3PI^i1i#^yIpup-$`
zPo&j`T7an;2?a5>G8*#xZL2(I`)-Rb2iP*7kSOZDowjiB6^DEhH1#Pq(jhbNh8yR_
zR(Cv#18#y@T!HRW52K0M-ul(_Sac_35)}y>3#!X{NFPIa4S>X=tQU5<`dY}CS$n<Z
z`zccbV+O$31b4n|H0!2(3n`!E5%DZA%D{6BTR|B#0;mK5u_R}$08)|P$$6?(*tn*R
zgU63M20P-`*qXVG!KrktMMHy?!r2IqN~KF+PGv<GZ701A9UKY^Np<LTyVCKiVcIDa
z8%%9|0O{q6_^(F>j1?;Veo9ifS`)}5)k|jx@M;yx(?p418vEyrD3Zk#b?=o~NG9P6
zP)WZFd1>-{;Dp3<=ge7;34UYvb`Kx}^QTeG>bMi_k?%=R*Qg21i|=rn)$Ktd9pdF_
zF~g4d6G!JE<2y!aud^RCu$PE--Dpb1)POpR#v_o@tf`v|BthLLko4&}jq#_4WQQJU
zJhW|@980#!%_aFzTP6^9Y-ReNucyd{)r>ahOG@xF;lhKt#}G0@_@Qu6LcTt%`YH(D
z$rJ-BB$lo-pu_LZ-{*@}Yd6+;J=P>!F+;^AiwF0gwi=#S(B3`9iI$y?S7_85eyAu$
zMEh)E@5H#J^$@l)f=0EJ==Ym*NPD06M70Kn9<L0Zy8C3l#7|B2*Cu+JTt~pM+};Ke
z&ge{zumq7P)Mes*Su=OOT=MP_Abe&-_`rJK82)I&)mhk%R@(opw4WyK^OTL~pD8j;
zw3toXM)95Ai2x(jdZfDvl|yWj3V%31X{WWGPnRT0O+(g!V@dU_z^nJoG_(DrwP9O5
zwDv_)u4DTh?Qg-&s5o%_SIn;h-a(RNl_xbS2sl8Ogbd7fAZzB?IvrQc7d@`Ix5Qvk
zn&BRrDUV&do(r3hUWPSEhjc0|A4`nE2QBET=Cb6mvAypI@I@c{Y+BvPO0n~i7#MOe
zWu&;Y={}JPe~kdtLdokwwe>={+XK}Z{V!M-|CE;Z6TdukHrtVqt%inFZrdDJ(!I1b
zJdZ#_^0MHV#z~@wZ<pl!GjqXgM;bVLo~+Ei;O-L)ZlUDB-BqWK>>S=SL%o62@;CQt
za}!P6w9odyB+62wIb1VA3p_#8dg~YlT@Pw#TUiZGk9EvW#12D!JKSeaGC=@_?~6{K
ze;O*2ZwoHM=N`BKgIZe$CvjgD&KZYgWX2AyNOS0H!SMh*5kPQ%JwyFznl~GUCrEWm
zS3FAhI{%>))j(Qi<nPsNe|MxnCA&3(FfHWgbX0T#%O&MBWJB}d4sKe3#m+p+o0I;6
ze)g*ggrT9K{BZ~pCnu-DSZtDFhCpvt=<%ozO}ixzYXRaX|9w^QfYnkLAH67Gx5kdW
zuXElh@pZIQhy{w>wXN%z60X`N&evyqD8%neG|4q*{+E-S^SeI%P&F-HE(^|?oSGz=
z%2F%gUfJ@F!Qkx1oZl2A6!tALP7gQKsl)uU*K6nV!B7G7OzZ%#4N^9cUt=8_p}BQx
zLzDUY52YKFL`%9wW!aaA-_IIlyQ01-t{5``w!G7a^;5+2XvK<Z5u$gi1{o+OfT%dP
zm%BSB%^~~LN(UJiX)qZ%c~W0}y$E7Q)0h^t!jB*~g}F3Z8)PVrnt6-RO65vj<spp8
zO>}Ta*`j6MEIox{#gO}wLW`hfyfSb=aelk+Ej01*A&f@WH%NqHzUsJl&k&OTQWjj;
zWScJESYe$U>+<bn&oGqHZXYKXD{nqOVc6<*#xPLO4T;~49K0Y1)i)#zj{FugT*<H;
zT}v6Kt&y8UoAuouZOQ(t-Jn#^B=tJaQ1OEucmeDu2=j_BSE8<@+^m2T@3S}K&y_E)
z^L}9zJe~chmT7CJYskUl(StCZ3U!v@Z$TYgk`C&owX%s&@vs8lci-8*Wg<o-qOtqc
zJcwU%T<^c?kj~WICGFoZ^72Hpq4N0EJ&7OSL~46m^`d7atq_jRni)QWu^1Rj*8OT4
z%_g=rR}~N7C>_?{*n@ljOhM#s{gt%-boy#6t(QTDERE{PgYGH7<FrhKOczqJ6ts+#
zqz{<hPDsr9WhDS1@yHY1P1&q<SA)1T%ajHKPOmdSo_KWi2=eSTUh>(^K3%<<!8e4?
z^1Wl<PYn)5L+%t0?7y@CgJboCWgdmMAWqr@KMmD=UTc5+!#wS=XvoL1{Lr_xh8Kj_
z<C1`6@j(01QfcFXM$x6$xgsLZ*}r<ExiMpkrwU>7h5VZ83m%TZT3eKKJTUbU=tVXG
z)NGro$WL8W-Z-L8o#p0KJpVyupr%Kf?6o$-5%WQ}Q`PG}rg(6xV#n_`8!2p^0L?P<
z_=Dn~#{OI&ln?JpINdj?WO(BVylqou6qHfrcr@bam))B{w?{u6!{+<`6#BKTiI2BG
zi~H^|c;*pA?aI4NdxL@R^#^iDZ-=q<bJy8bF{y0gAEZz{Qo?Mbi|N);uhxf}#?0j6
zQ;0@c-=*Xq=3f`)nJ+7ND>9hshC9(u0K@@MhQO%NB#`sX=#hRZ!yTLG=tFUyYIk47
z?%m@z0e;@BpuZfRaiHXDJG=3Q;p$;#JauKk18f6upkBULtEl<TD@4V`FRr|UJJBBn
z1Z>#wdOo;@rZ`}6wWDE#(tSg5X1nJpxHlv3Y&UklQJ63X?a$LO=(cm9)JF%XL3V-`
z!-^KO(G|nve!z|x?2Mq#;qeE?Z-2YBK3<vk9l%RxUUYcRsxTLDDL5RV^B8un)_O-z
zOibESEkPh^8l1x))jvK9!OhfDXj(j9aQX_cAgzDv)F{`gqTtWHqdub7h_O}b0nnLn
zkm-CuVmBz<*i`^5pIyLnw}LVjDGI!1b)PTYu{`~{3HW6)N&j9@cg1@X5Jux_jjSoS
zJN&D?oibmauUaWk*r$CSW8qYdUC^pqw^piHiOr=XZpj-$RV17wQV<5?l3{vk{Px&C
zeaP(jJ92egN=nw*)zuY&0?D`Yi%+<jyQYz`)mAkhxmmG00_*}*b)Am{>_xF^Sz6&A
zr5WQ|Vj74QP^Yr{?$3g0uZ(7<Q4t<ZG$2otsjAuOPTJS1+3hOKw62UjdT(K&G#-xs
z`<%4ZH&0T?Y->k<>UgXrI1)c9r&l(2bak81aQf4ve5>BHoyrMD5rw>TgoyigCZqg$
z1GV%?z1B}ttg-Q-=x}HTgJ`C3v(a6wrDKbC_ZM4lugd4kC*JNe-^pRxY#gPBFWfUN
zf&hU;8vBV~#sN7W$7U=$aXp7p0206!F@6)?yPg$V?;|<TV^D{wqK<`rYeK9DbpFNx
z6RDdNr1=dXX*?a`(xbSEmC79*)1Tm^@od#x_iNlPA#;27Jgn%r$uS})!j9YMc`~+K
zOC{C|nuJ%!1gj|?8QCKJwS|QrcVdYQ4K<Z)KPwL?Ut?60zB;!4$WA$KKR!SoPwynw
zu$;XIow>P79^6RTZ9b*djYEDr@+uNx!R2&i>hwf?SQdm5y?JAr`(%K9wey*~)wnYa
zwwvu#%(DHwh!fPiGsw&(9F>gB$#LSlb=30Gj$tgY)nl>sqrDS42r%6*O<N!^(sL8;
zEOpiQz0}y<AN0e%`J1dR`SQz;e-PjPbOMbZO^xHNz!ijNO=@=|iQ1O-q4ByL{kQL`
zD<?jSD&<d3Z~m!hxt0X#6(D^ONmG{<k@IV(s;^(R@1j{Uy_o_#YP8efz6y>fviWU+
z(OnlT^wE9@kuV*dQ|kfygpUQm4uVI2(HXJLm8JD^6@~DZg&{CNBr%!kFmGR9lI6hB
zy4#K+br1H=-L^CE9rcQvf<Irwe)+t_eE`>{4a@cq&HU-6D^{7eH_uHnOSw#V@7)Fx
zXX?}b{{WALh;}+w^gLUcKxrxgH46lG@H{wsk<rp4cRxA%{UKRw$hyYr7&<M#fV2a1
zW1P*oiUa)BG3H`-?hFmb)iLb;Bsx9;Tp5@#6I09(g$7Xd&m>B2=X6*OHM_Qswj!Yq
z&-U=H`y-Hd*Au8v8vz(xOhj$In;*c=Yt&4RuzaV+5AC>~umG#4!Qnb?TY~K%9Q;m6
z$XsUB1AC<=)O;?c3MipvOyOPS5(?&n>%D~;cz4?y@NkN6*{<GU9(mHE!4)j^_J6+L
zXZFJM%>ELdDru64YzyHg<};887fPD!HJTbLXmfsH#&J7A;Bd3M-zZE_22f(o3Qsbz
zkRvLD30#D+^x8oHN0YL<f8TSUcDFj6y{X)QavO~8Z`FVuLvww8EBli^S4%7$sAB&J
z8?0au=EiQmcXAN-ljpa=R{09j?zz(ch!zWsQDLM=1`H)9))qvaZcxF}GL!W>XD9mM
z#mSjlG9YUjp;MKkafA$<ShXrZCAkaXJb*(pfhs~XXQatUd>JbsKBRpJVa&Eh_fCpQ
zA{i2m2Mw!a#VV~Txu4sg*)g1aL@H+KoNebAQoBact`N<Kc8BH3KHA#R#bHrNYD4`G
zheCX=XSb<b3Er<Su_7t)3lL{j>X$6x7owv1;Ek25eA5pcliQ0&`JPj;d-Bcbo}s_f
zxoZcI7{QTcj$*q&N&h`i(q9Rb^bZTXqS?t@Bs&GQas5+?Mu_cBrC782tw;+pmPD6D
z`7ifo$kof7Tt?T4Wf`q@^>QM^wwCU9K5a5SvQZ9^N8OwmP{21ftK3fU%(uC-Y(x%$
z28N0q_<flkY~tv#HaiZFKq3CrJ+kW-@@uL*T7G;i-(wi8`1u`=$1Yx?I2GO|pMa25
z$FCp(elrK+f+vI8=d(VJr3X*JK04=KI`ikM_1h3?ol9G90}-{aDtVEg8D#a>DrwrU
z)0#$cO^V@dRMWThkZpOU;aKzrCzB+?Gi9buRE3zhfKO=*1mDY;cp@$J6%RWz|6nWk
zXy{pvdZ92gYlj!t7UQf0uIN5b8_n$Cm)KceaxXZMBb=)-L%UyAn(p1dpUF!iPy$94
z;;&*At+Vr7PU{m;H{Ztz*|wvT*XO#M@z+@!hFg1!B>>2zS-!b8wJX9GaA#-XY)R8Y
zGmoU$if>cFd6eIM2;yAc78RDYC?3Le%uWv-39Ww@V{&mEwio`T^sKlU`G->f6XS12
z2;{msO5=V5lXmq@Ep66HNe0-3{Jq*nQvHJjxAY&PO(sQsb4qcz>m#uC>i4n2h5H)3
z2_RJyO{ALIe0vSt#P?B!<D<)>-|wj9%?7+sG3P=#fGuF_6j;|8eq%0v??(!={Jx;i
zN|TRh1*gZb>!-Fo()lfYfr0@mKt_vr9tv&~1tuH~vJ@fEcDfY_9Msn(FQLU%9KQ=B
zBZiOuT087JAEd<F*fBf(NN>U0-Ow6zMhjBy@;T9dGJ&m%RUcFS_n~U%>|7oM-7DEP
zS5mNXjSTnGyXJbAr=i~7k6=ywPT{MQz#$$r2cuzacds@gVrmFKz3ve9K?<UJ9}dYi
zr?W5*b3WVHrDsy$R-@7?{AdbN*=&BumA>^8W;1MK_LgU}(YW$2DZh$5@t$mO0pf4W
zLVXoqIbnKD7$-OV+E9UbestN9gI2xt2UAoXoInx_ZF|(TODRm&B?4cP+kUt2TQLyq
z-;*kb*AJDCD_nR}u^14h?Ag(XmL;N~S5!;_XQLrvEF(wI77iFl=@b8?B37?nwitD}
zSam2DG>&#outpL7Ts~us0XeL%3DKmmRJl?30Twy{*igdeqefc8m#WZ{l}r+hkOHdG
z$$H6~nV<0>Y%E`Lk@hN8-O6==w+^;0tuO098Q;XxP}+@Hu>)iAxD0*wj!zXx<+%;Z
zNYHrBF>S<7K8@T<O_ZW@xbPwzBv%^@5Dkm=Z}xGC%@?{98VnzKqu1K8U7$Ixfg&0b
zv-J{mQxBP-tFkCPc%}0p8~Xn%b9<H}u6Oss8S%|ZFPpU%@f#eys&8Tv5b$YYLkH$v
zgIh1@)Ba62F#4@4DVo^ltxv3H4=`84S->-cZ~1_BC=>JHvP1-+t!Y_~1f2HtPlbcW
z-$qA0YpMQ*-suJxbwm1{7Qg)nF}6eXo*(d}y*)eprQrq-vZu$<?IN(T4TEPU4?psn
zLyoK%pawp!hRGt!w>YFo<b2--7NrfP<NWle{PM0tW@fXXQ!Tp-$pXo2{6O$7rqb(u
zPi9T`@(6uO(z$4x@sNWA7;x<^y6c?Jt`Abi+sU9hXV!aM8+j_<CT`wuup*{jA5al1
ztn;{TR|}{6ay@cSJ_EU0<P07(jXwSyDNDcd*YWJG1?eyv<+C7!m`K8qhpK%hI}i!t
z?7%}V&VMz5t54K>S0h$480oqsZ#FSa2~&(n4JDEL@U5d?KRJ4yZ0Z~1$^Gk=%q}Q6
zR>Pn&4+L55st3stEYM{`D;lkJ(_D`j)vT+0<@%3EEy5*zZZZnmTtBj*w-FphHt_LE
zp8e#6{*`kZm}_Eecpi6G2`3#cZm{t-P$4V}p*rR9TMaSwpSE+-nH>erz(+(_*LFv?
zET3(g!3g2Lv0q+>V=ty23GLe&vsSV~3qP3B-A-`eW{6O{Gx>nXUcO+5#o>kgjR7s!
zZ9?#*-+`7A&DMQ|4iuXm+Y41+bryQnl}aTSr~2IPz>)Fl{$|OQNSE{4(#F(Xcg5do
zz?At&XhacKuH2oxT4{7mbivYz@p+6~JhUk^c;(~B!n9&T%QT!w&NRF*er>uR5|I~B
zFQFA27><b2w026}_VEC?*m^X=HWQm41~z&MZulJ!E;m}A(#FwH!G%W@cC~V3S*Uxt
z#cEX5kY(;=uU3`nv7Zwq0ODYKW>y?FV92qS&SBhApD?hpfC@MQQ9(?Nlu2n>$-i*0
zus;z`k^W{=6_sUBQI&C)An^b@VZz_UsZ*qQx^?qP6f5gM%5#)v$i^g6mX?;_Aicy}
z3=DKx(FzAtb&vZ3zHtB*xXrR^8`YMfUdaoaGH_tl^JmS{{UXXV%kE$X0WO{3B=4p3
z_&_+*!~gg89Z^O7->yjN89N%nlE&mTkLG-_j&bdbACjdu)$^{g?sbLP*2c{j-Rg1T
zQoCC5e5%83Xx5bSqb1Ug^k2e6_rFN`fH6Bt7V>3ir3zNKDcnQ$ML~zZi9(9gj4ALx
zfinL-G*X7<mT#T8=`;hg2mAqxw$jmnaz;Z@;@&Sqd3jyaxC(#zZPr3t6%7KO3!EmO
zmllP}r;K%&3SB!6Y-7<2Y)0mw_Jk%17g|!(EV6;|+(Q(#3l=3zk9HUoha%|7f%q$g
z_LYoAYSJhv+cDa4^T6P=sDqE5Vag~@mo<M(4c`3hp^1jSQ#Lwuejc`7v0pavP_#f;
zyK;p?UV@^8paIn!ct!^$aKwLoFYtYp3TmCLIRH0mJ}C)B5s=-T8RPu>bA(+&s;CXe
zAo>5W^_Ed_Ma{No<L>V6?(PzTyIVsNNN{T)!GbgdCrEJD;I09JL(mYQad(H{_IA#9
z&N%nJ_xRDjV6gY<T2-@V&8pH@=B&LweqtcVGJ|dJV=&agd`t;NM*A1fF_0MxwI$77
zeI^gssSSWF`CJ$xxbOjt*_jINTHiRs=T>-*bzsd*OY-~6wg%hrKjLZgqi-GeIcrMj
ziYIFu=~!P?I~O^q-zERMK(!T)4x2lb62^Zu)cnrf1oLgmZRZElZ;$k-n6+|(;*fdd
zlp$V<{Vmpyf|1Hs+cmX1v^DR%{dmD2s2MxW?xhAMp5ZmbuM`&(5*g_S9?m|h`??UO
zRGLKL$N-xzbo8`2Ziz_0Zk$b@W$$%CXd<!-6#wvEFx_|xF@RyO(CwukKyX;;dFvDi
zqkdZ0`@Jn$4-MEqWBFWimrL2sK2S39iT#oPomvo}f{EiX)#PO^b30oW7r(!{P5Mh~
zHZ?6zCS@!nu|y=>-%b)Sp*ueNt4xa2rBS%8m0v`Rm8L@d0M;*2fk^K0FInheH#+1j
z>;`8Kh^cC9Z+U(@+Sm7S>R~*&J*}od1s!Hbr>3XXFd|b@PEqNQ>2t+tF$L42FG;CB
z%(xPxIwWb9fZg6-#7lS`{HevNAiu3b+n_J!Pr?Pa1A>c~%rM&0qyuBnJ8z;L&qR60
z>bb+-ON2kg8Wc32%))5|+Z3wHk`6?pzC&^GOJ*8x_9x}cl<1mU*&_4*;%i1&<CoQb
zx2&EZIBV8h)Pz$G`!YXaK%<j@ITQZDaQn||Krn)*IwjnU^{(vqr-fcqW!>|?_IRvR
zwF+!m1}oA7BHRyTtAVxTGBjr4K%dn5CfMWb+=!;TE1hTH?=$Y@oPV$()mUf6uZ_*D
zR&cxTDZh8W;b($M{XR`j21tud34C~1#tzUWg)ZB@F<!uW5r#1M-|eU`I)IbjOg^-c
z#6dN$y;K}U1Ck;vy|;@U0rc-C6Q@-Ei3>8>7Z-+v$<McqtgKg0`t9d?$kK|1joa+G
zz9#BTK8)@1T_I>a2HYZzrVDFDD)e6Oyx}KXj2TzzVT|-Cp7&5uQ4gj~l*^;FhaH*x
zDaVUgy?#ax`5AHK$l&O>wMU8{omkQvPwIg~wjb{();^@eRYROE<Pa^f?(KFGSVAWY
zEhJ=6EYNYs+dZfXLWPs#GV4us>TazM{G1M>6M-+_qu_xY1|x)HheYg1InDkN$2tI#
zuC~_WBf=#>8Z-=RwM98PqGXhRtvzJT@J%g}F2$JQ#y)n#(1-Azdj)d>Ize~7>JhR0
zNF=#Db}qs7X%dS<s3(FhWR1?>s`g(wB<i%Fp~?`cL|1i;TgDxqj!~nK6h0LjBX}}8
z5(WxF${u5qj0h4lt%NkG5_LrDx*1E`pd78pN4V<7gH=9${FoFHg20!iu7QS^n!`|B
zI&9Gpx>jshQu($rPOn`4TALj*mJ#<Rl6m?KfshkFc?|O>;75n>6)tKbY7G|y1`TX}
zgE%O2y5eu0X0-#%WWM#aaP)44c{`uC8=yjvo@ra9l7RSGG7o9h71y7d(A331ivdM>
zyY(<jYhg&YzMQ7v+v(`yqqbMElwbUkYzGhJha<8~7GM3b*WOG^qt@&UIdbIW%Ns!%
zIHSPZE2j+ZWcWzOF&*UO;4KemjehI>p4x0(@p(y{^6`?5<2Pc)laL(HOmpKLkxh%B
zf^aH+J-_IpM3Kh16<@o73!wSm51;6p&-4*lu)sjs$1ALyxj+`FQ@nk2|B;;mwST>;
z6`*p*j5#Jswd@~2k2FvTpVu*&gAOy&->*ouw6^v9{7D&gd9n-)CWcVSjpc+C*sgza
zFE^_Gxsp|XwjA7!e_9JEAmLu#3zmt?>DD?t?OEg?Xl9^1H<dy0Je|ejKc|(Zq`{J*
zNeJ8cIjlEMdY_G<`E<u34)KAbFdCrk=0Ui|4l>uY=GRqJ`gOKR?0p2=3`54E$W<Hc
z-CJOy9{psN<Lx)4DTJEt?@;6aOR5ZupyXqL#lvgT%au<|)U{BaQdb6g{9Z^lG9uZt
zu_zXWH1(H{UWZ9ALti4GG0>Op4t5-GZ7}3QPh>T^iZ36bG9PUHMa2@)Bas&MHGix2
zHV}XJKX{#Kvj5H(uFy!iqo4m}7bW(Ri|cRz=vg{<(;S50KO<o^86K<nVLZg4s++L9
zKP3Iq+eyX)zl$U<)QX5bBv)xUU1U3GT_npIb;p1w9U7lhx~EbdMZ&XkBZMPcY1qY{
zz9-D#?E&5T!&n0JCp<ilGktUXnaD;YQ_ozFN;lUat|4{u^*CXC|0|wEy*EyVQc#+Z
zA9*g+<?a`G33gUU0g9FiD&oyvL|POx!x7A+W7P${^Zr~wa<$VpZR)jpl#=I0rGU=)
z`hSsZJoR$U01yPyZ%6pl58(vjnXrvMYAcjS>F!g6|NTf_mtLD`*6xq}3*v0{W|oe*
z%=Fx<MovZtdTWfa!moB3StEb%2OJVSZ;QE)N@I+VPc!`MpL!eGS_ceK-k;5iXa`tW
z-^T|dOu`GtN4EtO7p#Wf@YA>8zcu!6?114ePF9#c-gwg4l1TTfJ?n=VkX0a=ms}h{
zsh7E<&Iu4F4m6dN+5SLu(p=>+@xA3Qj_dOq{3Y|$PlDFtk~EJk^Jrcl-de9hF5#X}
zs*U<X<7R0Y84DFH1k%)9E9XhEr41(Ej(h`pR+b4?l()L<z;<?!#Ya(mK>v+$K%{3k
zS7qT;&yO{gq&v6qryDiLu^{h5taw<d{(+1f-WxUt!-FliUxukB%HxXf-i>5S1Uz>C
z2<9(aC^N+i!%g30t}5M0LsV_kl@DR%HA2@xBF=pUE1hvbW|aWiI^iwe6~WM^4+M#u
zjawlG-`Cvq2}w*Bv`}Bq9SHjVQ5Q=?D$=cFk!_b`XO8zW{jo!(EXbDpJvr36UY2NF
zpSLdPXPIf`bzuL`)Lk}V_##G#A4NXYCB*NU^Yj<Z*vz*_4^vg~YsdMxKU;zw;%iJk
zKA)_ACY`$4f5TqXbPg&=yfSBR^^Y2f0R)3qPyKZL&@XnJc<|p0ty7Ga>GV1dVmfH{
z*1^O!B5-^e)G1L`yZ`T|T}g7pjt4iJ-6>iNoyLD9!THowQgM%aPxDrHB*y~Jhw&^|
zx8ax=^BumSp`mWrQ~_SVF0jfe>%4a)`RweBwcf&cEf3JC?&jeVWv#zwgc!$B2s=V8
zGOF@5voM#ijcB)u*hPIs;ZLgOVHZ&xhR%+kPnO#lHtyj$Zy&j%mEjy_eQjWC#@b>^
zQNo>j%ii$VPtRD`N6}xKrr-H(;4JfzDR*UrHCx6d1o_(r$($_J_P&0KS&G2YnYy;8
zItpw4NOpcVsuF~1|7VF}P|E_^ZZ^DB$i&QKyUniVgL7&8@#803*O%sBq8D#DEJtG=
z>I{0+WcU&FkM-rm5YZC{w{iZyaYhMKL39^dw72)(8p6ATw`M0Xa78Q<q}{beW;KyR
zj2?EgyAG<P+z8j<QNu#+1sr*78rhV*u1a`3G(Va;mmZ5%_Slx~Eqq=K61_UHlDPK$
z*C6y@$0lWuGlFD(A3WJttJT4rQ~N@;7Y48Ye7F+H{}Nk2>LQ1`A-JF*ja25k(1=lG
zSI~XeQAjXWtSvZqi1S!^P@1lWmW6<N33pyMtXM@YmjCdSfOQa9kgtm`A&rH*x5z8P
zo6aO_s`RL#_A7{O5!Fs)*S%Z|WU}0e3=j<NvD57(^D)B<t2R?J{f>Z!RtX!mdF+3t
zV*Gc98UH^tvfO;e50vWoC29Pff$I;Z#>0~f$DxV@>;bm8XuEr|ysdgv$jDM~7{$|L
zFW57&N>e^pai@hR5zQGD7ljZNhmUJLzxs(WG5eo~xO>k8`J*bNjQv2fvX>AF6BQeO
zI!5yfw`XLW&u<h5p$LVa`)OlPN+pGgH`cj6;@BPCk6~Z#^r<W^I3+!o-l&V{U%{fZ
z>=a)YYU~<)-?-O++k8dA`%W~fRdce|gZ4Y}JL^rHDc`1E6s+plfFA@?Y@%d*Zq$2I
z?QojeHqF~541itllfF8%Y;dB`U7l6WM2c@lrE7KPC4PsDh=P>h2T=*!(*iN8wHj8M
zwu-{U27<cXYoyFe=8%z_F{&8Y`{>}`JSnl?Z=?EPhOXtm?qk;(T_FO-a+I{NvL~yu
zkiAh&n7l!fx6CEH9>t)bW5iB65z(m=6cRdbsIOl<1YtG6m_kqH_B{jHl7Bv-;(2tH
zBs~|;9Zu|2TP^E6u@l)>MRCi&**87T3kz#V#FOKZS2R=o5{gEruZ;G3ZeK7*;Kn61
zH8vvOSmWJSF<i5+WiubDiJB)Qt!i;unQAu|K|qw)+2&QF%YCh?GH~HrJ{34>hFZE4
zF2FKD$H0Zq1OeKU8WVy$YEc+Jy^{FzUb}qs%0$#i9@XfG&><j68W7~D#!>MM|G!KE
z4aj^nnMgzVg+2pa{AU1<qwY~Q)br`)q`ytbA^z*vV38Fc1O+H|Wy=V4129N|KmVx#
zU*fb=0uydUg74D@OB^j*=G&iRHx?b&2j!%br$m_&WN4pLd3~WY5u6k`6Ojl}%=rhp
zMC%FI#`T=&$EGZ5tb>E?pNII@c5JL|Ku1r@2nEcd1uq#Ux1K3!kF}zw^Nn+GJdmc(
zG4yyGbFG^_$#BNEPT+^$x0HQ@+L;6rad3ZM>A(HgxlfeeL()_uK>l_=>D>Tf@%Q(0
znpe^Cn&VsF{ZPd!r{A0IR3Ne@tF}(rdp0#T620N88%5Z~F5LBGVDZuVBB2x<9DKCA
zv~*NoSJ!uYd)okn^154*qDG?)<TLnW^v}TU6N{u$GvZXu`Wny~aL0_?C5pf5oE<*E
zMb1#@yk1)z(A7c(!G`D(6;+-}|9#{23P{5z(~NCwcB%D_94jV;-8TQPsV2ZgjL$X<
zYnQ^n_d-#jnw9_@dvDK|tjLUl!`Z6-ul-R)E%G7ASUnLs1?*LIC|rPyAlhE0vJabq
zvP6pt%7AkE^XCd{Uc-kNmZqZ*P^tDng`1P*^X(%6`)9{s!Y`W{N>%p16&3Bgz9xwj
zzQS5+bL#1@5oO)l_s!?hR;@X=)AHk=L$>VvOe*!4|NdGv=%<S7Hq9$R=Opw*R$1nV
z-^eSAz2*64%@b3n$AgE`mC<@kT0ogHi6vdDimQnK)(O5%S_FbMBn`l!ECMdAlT>Li
z7Z1=6VmCJ_cP*@05C3$4a^Jek-ZJvXPNxtTvHsW3tv*7=0Va9@2DN*dB>CcaU^5Px
zfrBBNp44nut4+yLF6STZv@cX@lW)|pa9Ddv#Y%a*oRxz%6SbxWcTucp9-q5U<HS(U
z9vHf0Og}a4OprX@l`&4lsn>2!S9k9&!#Mt{cc}FWr6kb&Tx+%is!RW`gMBTM9-^p&
z=&^6}nm<kbp5-z-;ibK&bK*2IroV4Um^3~mo4fT52m1<kxrDGVu}(sQHVmdxHJX`~
zl@^sIAD-Rnr>3g<RiB?zOiWz0YTMEA5?Rl#Y5Mo?`1tss(P+$}E%)1p2ep&ENY%2k
zvKEis*ah>?DgUDd2#t!1!|CYgxOii?DzId{aJCue8<CaQ8@@aI3pMA_e|U6M5s-QO
zp8mbIzl|g#BV+8!Q)*#iViJLh^X*<95pHE=<?Qd@P;>6xK20_k+*UKR*~G5sCU!ly
zMAm#IZ8g7}{$$Gj7<jLo^B%Y{x5A?0T&o;zQ4dc1U~SiOi7rzNlQeql(=N7Sk;jf@
zjBILUL~r#_){(Q|1sViojh_3fjGDJIR;30ERCX`debHh~utp*AIkRL|d_=Fa!Me9y
zxn3Ew$!PifjbVVh4?ZnptI$OXL{=>^7DPqtxiNjB8#wVm8q*UPNp53cVt^PMVXrQT
z5D?a1j8D~lut#Mja(kY@uwUxP`&(nMa?N#(KW&4Tj2p0H*>j9G{fTqV=wRJ9n8L{2
z#ts4Z$2!^xpNshaInW6%wp%YO$mK=;OV+PXW-1m=q7Ct&b}b@YEk`@iT3aE{Fd#6o
zl1jY8Bz2Qj!gIOW5BX;0t3)q{j6=@Y`pT|wG`~NJ$-xn)V<N*v_4Ek6m9l)UDmjUL
zwl6j-i|RWHGCiHNC4IP~lhgUq%e(|mX=xQV`svS=eC0lT49L+BCEKW4sIl$Q4~L^4
zaM#WOwsH}rI<|ALM3}8joY24u5fRbP;K;YnjXamGvhiSaOxF`r?##3Y=ev`PG!d6o
zf6X%8y~S#p-vFPn6Kc~%Fc3G`WjD@>HzZf0mp{In%$}#U+WFn7vLoP$90iB6+hwtt
zV`_Uik;Uioz7fBIfJHNUi%mCI@qA-X#+6nS+UPKAJxCL{me3_*iHH;yX~d>iB!6`<
zGu31vG4st04IRB_gos0*CX)bTaV$rsi+sXvzOHPS+q@-6tlqBo<=hrgG9da@9Cg|5
zbct4+mcScSC;qpQgrs~Q2;H|wi0+pLVkl}MS0B8h2g0jyC?!e7+_z8#vPpO>t@pn&
z!Rozv;1S@vGp;%wz6!qAWjX>DzZ~XF&)@lnyImiXe?o|>j?MD^C}n=pzV_#{gi7|K
zSk=l<P?f(Lc&<ujZD$AWDeCTwR09rK)Kd`25(!~^{%R;~v#8DAu<Jdx=sUj{rfhG6
ztbs~?2CwgZxAPB8AD`l~G+lGjNhaV=H@5N?T_=AGtR<M7|61sSy*x;5L9h)6f1pET
z&o4A#t-Gjob`#W}Fr2otm0-2}lP&X^RmxZ7<$pg4&V*7)d4>SqQi#D>^OZ6c3R)`N
zk@@05m4~bAw6LV<;b~d#%f`dIko87iVe`oC0+UxxqRrQ<4macL&{f|69N(7KkFA40
zmFgepaxS46ww;;`l$SS?U&EE8-bIQB&>tycvB&-y5)h5W)Q7Smh6dr{!pnC@B37x_
z+t~iruOPq$v&??$?tzP_u|?#i2ZwJArs@>b0MENk%w|+YSv;2dnep{kR+iT@>;``>
zHPiUP(>r6|h1&E-lGzGE37;P>tGlFeA;uFhM7d`4mzl={4ooUx%rd<aLnocg{oiGY
z?$c*pk)o2C4@Q+Az0gTi3&CQ3x4e=|OKYd6H2Y<8a`yMpWZ$`(rwYy=PP@w6)(3lc
z7aE+RvVVLGYkSYiuaU)%WY+AcGic9EaSY4vkNmm3Z1F{cMJuzrG=brK?Pmz;;Rl2*
z^WE_blyAXE$v!)c)^Guqb&P+qdfjxFz*dCatVw|NzM|5ki@N&8V@7;{{hO5S8&MFK
z8BjSJ$utS2!jR_ND6jFjyLj8+WI+^o`qw}{dJ(3sl3f*t&-yEgGg>eFg!cV!k(Qfo
zyc{F7kiy}_T)lD@Qb}4yBh3P0F`cSW0ZbY~defB3YqFCS<Yx)IAg$k$gNx1Lgq5jS
zVHT7%@Ak3wR>gAP6dn1T^P?f(_y&(3E4V*M`lq0Wsg?}Hn0ZSdsMcGf*=}p&L2QuP
ze|UW_*V+8#f4b6HPI;eoZfNB_@hnAWC8--4bo|duSO;TQz6YzEm0M?u`j9Iu#QnTQ
zD$uU+fjetmTbuKtdL##~p==7JiM&FSNzeBE(<S|pG5lnx?SyZ*F}B44jX+*g9(q{T
zgPKM)kI-?3Yy!>a2~*e&>03{ESyWUwI$Fev*J~%@Yo4$(iCIU>g-9fLLI}T7CXOtn
zL~RZA)TwSL6~nvru&k@D=kJPfY11X;8I{RhxA3-0OY&5lDX0>JP<H)_Qu*wuu{xJk
zX{Ha_xoM*Bzq)TuItc_Ui9WWv<lslBCUeKw^hbWCo4h_<t?r5CGhbMvQ_!xKo+bjl
z!loH8#=#+Kit%^7>9QS&R@qtuL514`U!)IaD>1kT)0vO75!Ze8pyz>qQQINMy7K7D
z;tsP_N^O7l4IZNW{MN(*JMRPGNJ#W6wB^K7V5jr-b~Be2Z4jlB@hrE?9gPaBcH)U_
z>HZ=PBiH98v6*+Bes|imfzR3(m{@adPG<c!6DP~5f^PZfG=pc(2IU5N*fdT4x07_d
z9h73)sj6xGOef3j;oMmgo1b%XY<3S0zV|dCb$twb2nhI2B@WRoR%h$c{3}Bv9~V*G
zGk(<SaX#_+HR<j({JppACh=?DPvajmyIkSSMB3KF*(TsntS4&<Z}aa}macz9t(B-v
zy*%tjYRsMLbvI^XS6v04-Nzt&XlD+y9XPU|`HM{MM^GUQ7I98M7AoJLDt{1=MDvtA
zcKK@CmpYXyvWSo|*D1fj_>t4{D`ICHdGEAGHd6VU!0^Z#+dv0=3Wo27mFb&{%`S=d
z{&p)l^DbDk9dWkg6d_-w3GhGfVMsi<IC@VboGdl=V0^oYCBLMuKEET9`N$c8e_!(+
zSZZ&=74<+csF_sCRb`!BQ?D;yYofjqOO6X3j3rip(*MWb@X5=DW|97+EXazeAt-2Z
znoL8LP}c6nkg#1^KJOh(Q^jP{Z{b~%lI#hEt5<{#?`?(NWoN67=H?36-g|BbuS<mj
z)SOM<P=cuE9`4d$w4AIg2%VTS!i|7=t$spU?<CpDtl4HKnv9*2@(_nqP^Hx*I*baP
zH6$F{U<3P9O`8x5tJ5#j4cob#3Z-fidw=m}5*S5Ss&%?@d)oD)Zzb?<Og@?2AnCGL
z<5vnQDyDuO!1d=;4fHpiF13abkEO3)Wr&Pu)cf_LZ|CL}K;Pc|E&@Q1K6jq5(?YJt
zToqW;E>gQft$8BbqWzBpVFl?$Z1vs!z0DG=R@CjWg<PV)8lOpRW1-Q(ez~rQoCS&Y
z`q$iWg1OkL=l<_I2~knN{r*Hz@gssbFL%bQNPT4BUHgI_u2*LIHkwRKUTpjR?|yi0
ziCm=VFh3J7q#_)j6kv5jnt!_dx%5Tf`q{`acXl!+A<FnV7~G4z?mOu*nk7ZzVi~^F
zT&4R1J(fx=GIy6JUi7t%=ixk747qUMB)Io{V%;`q98M{UWS|diGhrvO28_dH%-=4m
zA4=73j7%1atFnif&vO*I1*^@r-5t4e5N$a`eWZ~bXzS0IEPN7SHO>cpWmbzU1g6pO
zgo{+K=Bn(=t0W5d)j7S!8;oW8t1dCi3Erg+qjEb+RTjnm!>&50`Ad{nn=Jod82aaA
zIPh|7JlK!MBsm&6$NGprt2=!j-GF`JdNkZK0=!GaKo2%jM5dU>zbUaQ$>Ku9_qU<L
zaJ{{pco2TOVfY-SD0!q50Fac%J9zGBE7}B>8&>sIqzNRu>b66i{_f3ics6u;pI8sA
z{T%tB*C~(0B(4MFC5E7rumztJFteVs*4c0#X_w~J^zyrmQ*xTrDL%bCNc&F$lN65@
zTJ^qg5C)8-a76_?J#Yw{lJPmF;)kRf+0U)~U>}SzOyRVQZuQt<1(*0gT<@(U`quXn
zw>g+L+2<{Z5at<Hm=Ybt=4<!HJ1jOk>46VOt4_*I8`pMsOImdNY{4t}5U0g_zy3(o
z?)(C@pf1f40`OokPV_DNk#UeBw$SGwR0(F;uk64<!O~^_hEm;NEoWI|Mzt4dW!3s$
zFtV-U#LhqHpK&ShZJvKYD4DA6=N&Z>z*71})YS50Xn>(7wsL~4n;ty4@H)9rYLT%#
zGLnNzVqOte`_!)S@xQ-;b~;(`?wfD0yOo%OPbQWkE*5*R;U(rCy`yy{o?9ym;WF95
zTs(*e_K0i`fEETLB5G@TOBzur2{i{|DZ(4xPea#VflEe6tXTP&+r%I}7!uy6D@s4a
zy^;=@9cC+x>z%Xk`AP4iZ6Z>v27N%DWi^C6I`9O{nxO>+1polrY01Ow{atA$;(4@0
zb~smUgk8M0wuU-*d2(##6}3KgI0yUTLL+^*l{mScPJhH3r;T7_G$TEqSnj4H=JEF<
zk$dG!5Zp+a;<t%=ufw%^*F1OO1cF1pXtR0uZT*P0-$iN<EUHN=|Dya0@a`Z>cxnC6
zEX0mmelI#}8N_^+BOk|;gDQk2ck$M4vBW5YlJlcskE4}39IHSh6krfu#X^&tE!+f6
z56{}pmru{lDAACsC5QT0eAnI`Gzl35&*PyOU>}Smj6y^lQrD>3eF~q}_8$vp6ov0}
z08n4^A)eY`Vp?ogL>QG<0E=dV@~-}^NwCD+=6I+QjL($A795^0-+Hm_wszW;Y&_ZW
zn&9ujve~xRRHRTC)lNZPsT?>wZ`!cR63c~$hsjtQ23|>3PvZ}JB*ru%b&qk*1{{fr
z2F&FCaw7F|GwwT!25i12;D<Y|j!&Mw0$ijmh81hYs8x-u$FI_F8blECfXf*4ya8c!
zB6dRXgC~6Bhh=gr{j&Up;*h<bFpPf{G|1@+R@cLg0>Px+Q2b}`;-gv;CtFV}QjQt`
zBtSfHH0(W^@RokStJcuKzeATuGhaK}g0~;1<aqiKcmsE`(h<%%FTm#DF?mUA{(MRv
zVAf2q+E5V{X_bQEc454b6B42|L+K?xKOx>%osfA6Z3p0MFV*FZ&#6}2hsc`%<dbJg
z11?{wDqL3KSD{%gb%t(^nZWEUu(P-^|0Bbz*ivnZjy$|MbOj&YLX_UGp*#~gGDhv<
zWF;$0J=ZVyhdecvBgq_rHBoa*kY1X><rZ}qrxI!(Ff^csfQOkOQ5&(YfdI_noP$n(
zL|SQeODW;8GuFHHI?;81Ln(Q;Xf+7VeyPQ6&kGMJjC|%h8(whNnD_B~!NIv(EC1W1
z&Cr+U$3q?_ZAt$NM6bg?I^cmG2?(odG^w=t%x2@<k(fsfWQ;udRXBIDxYwc0pS>xX
z7UQ0rfLZi@;)I%d?+NOb_SP_{4TVI2U+A0(-VdfdP`-BGU8B<+wp2{d$onfY!zzmm
zVRkDV3mJ-LN4|Yi4G+Uwsz~|4SZV`*z87q@DVzSsK+_iOf7V_8|6|>wgpf@0cmci7
zlkfL(L#RK7zLXpAUR_;VU3Fini7@ol`waSRjeHYOmzi=}wWpLe$U6K|W7|uhbNcCs
z4K$rdzidI@6N@#+Fp$A5Z3M*eaOxL{!b$CFODRd;3q_5Tc9O2U9SVS|%GE7Wor13c
zfL=>mTQHb!Bfo~%bxk&T>t;7chOjRU<n!|Uw72p@0!Zdc<iGh<n0NY-T>|GlnkJx7
zjz!7~s(&|z?l0-Kp@>N%EomCfQ0{mC_x)&&jMcGt5vb99TUB4AuOm(qg)nS9OCp?J
zDN=Elw~PbP@l{aI_?Ph}2P@N9UjU-kHN<pSxgGUArYlyz!h=NngpojmomVQ{2QVr4
z6~B-zaq|0)5E9)-hXu=TLa~1Ges~<G68rdX(s*8IR=Us!KYbW@ugUjvx13VK^H4oa
z@U_2P{aEMIecs!0!`t1Qz-~%W92)7q5;FeMCBEcxeVy^lW|x)HUEeIjLVKO<zu?-U
zn#;W@1|euT4s~g3qx}rJmH!nHzukBRB86q(Z>~fMZ)ZPzZbz!#B8_ZOJnS#{c|h4C
z(jfg$*|{XE%J$%JGRHUkerAo-AV4fs-l|_|h*fFY80=AHeqfqJ0ZBEBczP@3IKJ)y
z@S+BT)BB3Ai0)Q9y)c|in+;zk_O`aV-X0p_LGo|raf_Q!C5XG#x&hFa7(`-K%#C;y
z9(30e+o(`0)$)L=!O^5tJ!P?$G>`WMpGAJ*Z_e6dnp&#FIK^Qcrvh?`R%MuGD3wD(
zbRiWU#1Rv=l0gC<TrpzRjCFz4fOA=EoEC*C#XV6QKg{TEVD`uCMG63Ow+ztUlW>_5
zvY4C=K1JX$OcuO~<K5iVKtmVXs`I^kM-<`@@B^j5@Y2xB4!2Ec8=M?*$9z5!RN)+e
zRnY(e%4<7-3D8&>9UembrG)F^UI(GdG2~_O97mhC=bNl1b#EHxz|+MVz&v=lRJT{{
zcw(}s#)&}0oGpA$;{=#6&7t)(t0Iigh9sdTQQYf8g;_iCbcu$Z(0;@D#Wgls6teZs
z-~A5=$YEGemg%K#!q7dR*wI=AybySm4aF~KqP(~_Co2Z@h)9vI6InR;Hv6MUQiZ+P
zo1EwK7gQ7I!|(-JH}+P4AXqFo2KE%bc7;F;H-YcH_gXBamYO<G3_=>qrI9Xpz_-l*
z_-cyz(d*Z`LO8F_BrVZEjK@Tp01E(}iZjIs`y~fr6tX3KU2o68(U)hS>bW7of<yv-
zzxy)u{xMqw1o$(j`gbE&z3wMnFO!XGBt+l2ffnBHPL|bEI>0d+7?gZy{P3(-q5;5%
z#|bq4Ctl=Sq~qZ{v=HDp&}_5brpR}Xqor~j5z1;7P)eA-5p=5Ck-Tnyz+E+T3?G(0
zDK##rh-?|S5Wf}b99hL>u*2#xiuqo?JNkb0Hp3Jp3spi`TA+aI==OJQecwRA*B#qv
z*>hi6$Z#!zZ3ltMt1t`_<%w*m1SU0N!S}xre|)+bz>#^xWj}B=VzH2n?jKLx<XqZM
zWjA1NB)B@7uOCWa2yZjd>F{yGBo{<wQccnpA%``&;hR09cKMv=x3zX>;F`7wM^Y@D
z=$%+|S#|oc`d`zKl9GPB{LFLay#X*$Gbf{f`e6-Vof=@^9<jETmbJ&bOIGc*AD;}D
z<6&(?R)J5A_dm62p&hUrKwAQghnwcLLw8}<{<9tfhc3IMGt!eGw3UY@X4d4WBadft
zfgIoZcD*NTZ>d#aw#uS>Hg3uLWT~u=fp}$Yy=tYy_Y#VC;Jn;c)F(L}LubQ^em*c1
zNyKpmcmtd9OtBACV!~~44H;aLv3a&FP*2n;H$`x~#Mf4el*=uw@1>L)JL5*NYC(u6
z6?lW1erDGd$NjYg&2s?MF1XU`(VVLqNs!0ep3}%kGVYyxk8poul#f>J-B4q{B-nep
zEr)=zu@gf<lZjUG>vUe~;W{kT=F>gl)!}SEfS6=po<G|jv#B>vVtG1m=^MB#b98XQ
zK77Y*!z~P!9_Oh*kS{F}0*BA>b{LY0fP>q(qbpkC$U;^FUo5_G0G6X56rzxt2iqA>
zD;Sus{N(L<^jA7{@F1BZIWdi1^Y-B>bFk%nQ|Ge0y2taicS3ju1<+4VybetSHZ~Rj
z$m1aOUk3Kr;&$-TLCnwX*ya4=BkAT&arR2b`^4{Rop>=!K=yuizt8dlK<t0Xj$QKq
z*DC=SH>)<ItwAe|v(XGv0zaNMy<2lHXlittzd*SwhTe+4rT-%1eE{DkvKM!bp}Zco
zkYiS&g>tJuMwbVxKoHn493_Uxd$8`$j2GRAC2zT9ZpaO4Ue7j3_7@%_DtFJ#87+sp
ztaP+4h^c-K?ZL)yQJFO8aRr;M$N8WmKjLM{1O_mnpFt6jkaz%;_2`PioMW4JxjAPQ
zXz;Q-_Ttj@WQZog>2)}ZMMMmwWFf&w7~ijrxh>iXL#fe;f%3EVgs+c}^=K*|JM?1|
zF_*q^0}vJ2>_&hw&pO5GWKo83^hmp^>-2tkQQ<Zyy|cBhH!On_6eyprkI*Wsq$V<W
z8Xe{gt60#LIRPrv$Y!$2qFw(HvH}F5_xR$FBm3)?dBd@Eq1u3_k4&SaBvq?`HzX2C
z`7ranjMs^B@n$u!dN!&(fK8Uq-27r|INAEGc?zdV{%k1y*ix&<3>M`{UD2M$>53E+
z=t3F)P^Zr(m88n0$#MRVMtMuB-SAO=Jc84|fO@X!{)C@XwF+bd<aHj>e!f1#7|%xE
zG&m>e><f=I+27C0!vm-Z4igo1vif$Lr136fJPvqTdf!OG?*sdKC1=3pEIn0l4!SLt
zL%7OP<y*ffQX4^1|Hjj0Wy0cH_vV(<On7TJ!^nws-Gkj_v{<7Ba`pZG1S{Z*T~J2r
zMABFL<*<6@UD{cg|Iy2(7Uk`O%TjxwmBpNxHmYhOau_;M&o?0lXrzcpm6g#PYbJuo
zd%xp@`zgsFLLE~0*f}{s)1{jcXxt(f>R;#ge7AeM#9CNQeBcEzItL3Oa}1eQb%n2I
zZrM6qrPnd;CN=!7F5Y$oTr!91U2Ki~m@akO<h}FsiD~g)6!xMTUXoa9Q3dMK^Glw3
zW$tfhBzJw!*5oLq{EVHt=_s;7LN=^gRPdO1-~LJ&vnrVeLeS6fu>aG@SKIWoFlmW`
zx>3{L@|&W3q{gI1VV?ToBzN=JwoVclkL1LgloH4|$bxc)4<dl`Kw<C7kmqa$IThP+
zQg$Kr#x{p5Yr*KC{vu6n`&X_wKh~+qD2|c+1ubQ~FW^54Qs&0GvZc_JO&9mnKC#5}
z8=!N(T(T5S#Gm*(yla>ULCBWrdm3!kyp`&dvTi8fUGZsesFkb*Xr8Fg5>Z$MO-qSH
z`Ka%e7NXp!nRejB6k%Vso539i0rPcl?Wc=l@NHSKwHYVTd&@MkCCSvjaT~~VvlUO~
z$&;W2c9U=zs-wvfBC-C}egn<|ShfOiFVwj4L-NQgkEeStuf(9(1mK>Ow(L@gduq#k
zCqwB3a%NT1+|r)DF3&h^^YxZg4rnmy3*QZv5+U^qz{`Bkpd%z}5K|-+jupYWjgx_q
z$t=U92m|QE-bI=d^7ecK{4cxkXk|e%a3R^6u?JIUaS5{NmiGEgI(+y70B6JG?i$OP
z%wc3G;?ffJtt#dD=^=c$%XW#yCCPqs2MaS+%5Oc>haps*%_oe9(1MjR;TRyUyW>AO
zCLWGtXa>GKHMi~8xos*Zt9=nk-;2%{?cGhad;Lk>h;Vm8+y9N+9R98<GU2HY<^)YP
zPjs>tNu1(pgb@u<tppjm#0x1#uKN?-<{Zsz=kr5_e__w~T_qj8|4;6N><YpMM%td(
zskXhVd*K~!f`05sJWrPCB86|5)x-2{#b68Z4?fFsBHUfgzWzi8F!O+$)lPpif0=2W
zK3g9y{EV;@$MG=R-D2A32biR&cciH)_A4iW*Kab1RDOZ`+8#;fy*8E?o6m2D6Sbc^
ziqW1L%cr?wG&J3QxZpuH?$HOvZ<SzQs7`ACIADP=1>}BiFa{+rk$|j`g4&hyF~d@K
zL8*kPbF_&)G2hzZZ!ILVAM~)QE8ppBfEt3cv5j&hv`pgiM3fOo9qhf4HL{eQ6hp&g
zM&G|=qOT?7!N(N<yCQ>(5^5YVgG4TUdbi<%6hJK@*PNh%&p9Z$Mc|VGjlW2fD4^rA
zqh>3_V-F*zcNk$s#^OjvO=cdUS;x+kT^=|>hNNN2(*d2P7dPWE?Z(nBLgUmj)!ZN4
zNj#OKoHgPXnT+gFh1C|i0$wDYZ!Oj)q;W)yc)Z&!(nTd}JXTyiM(5s#+CEdi*2sod
z*Vfox=;%&aq9vvB^u+$C(x9X=0xI^&uDuzkcH@~k?KCE&fm!)-0FC@-%nvG6P&x$+
z?PS8#R>?J%H5&Uuz>+l7yG!~mdYpv#B<W2%AviTRB^bwo39}cdd@Sb0_ux7c!rxyV
zmSplSy&a}G@eDqDC25r-?39l0MJj&Oe%h&b=d>rBM^WT;7}2jO9>uC+AGQ&;(}LDz
zj)~E;oa0HNQ_9OtiLv{-S<OqK6t7bg2%}fJ9>vy*-qWz!4rV{A25C0c^I~`pTph#$
zm7c72Jff4-N~3Da)Ni8R;?B_+3e{7`3P3Y?O2eG5Ldg0#sbM9sZYeJqv!6JUXG_Bf
zE37$zVbvwF1XXF5z`NSL19N`>ad4}bLNk+QaL}U4oTP5!qu!)#^e6P!>9nO{$s2oS
z3Q#94M4-lV^xl=9xE|GSRxXsPzI%R5j{XQXraL4X8uWw@5JLfT1KF>bdt#-kV+{s{
zDY|dgO&|MdEi2&Tv4ZpvrF09~od5dahp6bH%Q}GqNiA(lV^on}VJIbl3T%zTgK?;&
zvXOOEKBZx&I)fm}{EIJSp~R8=3po3Ypmb71_RW9>W+>Sg9mgCuSYzv3l*xHsm)TuF
z^K~V)L<{mq3lc#?hEK(m#i00_0jC7IHTLo<<nsun3b7p=IrAad9i4j7Zb`xb+JcAP
zXSgebQY{7veYnc>9)i67c0Z_o8s(fN;U@5<bw5#ER!B`3#`j6j8XlfWPbduJEu(9m
zyBShNA@0oT=PJTN#o{@`tB;b!)ZsRfDb7h4(xR3$NJ=8E%j#LfjgiIU8AU1TDvQQ|
zIWf?=_ZL{isNDxv5z$bYTqxiOcbj0#uK81@hhi0Q$ApYSU7`4oJY;LeRYHzr#@qJD
z>z17g$spVF$piJJ?&A@mYY{p%Jc<l>?J0sw#ZF?2ZhPgMF)z{hLYMcZ3JgR=(S;F^
zF}05g*>n}rOgwiUuNPg|N2!pKIE<<kTLmi=<e;monEUcSL+OrsNUrsW`1Afp3!sFZ
z&Ja=U@zk>Tjs8!mPC*i{@*qw>CG=|n??8|7)lrCpJ*P33aSceXL=%gOMWM>=D4o`@
zNR>!P=3?z}Up7Cek54m|mo5oqu<(j#JG3YmHzKn8cxIhaLWhdBdQl1vUBdHNQM<3!
z_NIIg?gY7;v2yACgEaN~Owu+?T~yT1sr0lxn(7I$R!=}_plep(>%4YhuB$v;NFEDm
zc~%ug8{~wHs#kO!vqWwx^n9M|Bsw;=S=mc)5G#j#6m<_eCk*E*^caX0^iFw@Q>4W<
zRXz5E#xkic&JyZCVfc1*EvGjo2b-2leg+aU*~9J$a`R?AuA$@GUnMyvm7aLX;k^}w
zooXw*c%Ipd7_mN*V(1Y1cVM05*FkL~$$F}pA`+QWn1?A&%~7EEsAxZJSQDUxFb}8l
z_7H66S;$eQxI3|bI@ag8otHe>sg6^<a^rbC##pMwoDTpq7!@sFJ0B4JJ0u1TfV{Td
zXyv}*POLlH=3sSCbQ(`<ZQOMkZ*TAIKW;$o7>m;;Bq=4O)9L4XH78nv(NByn<N5n+
zK&Cf=&jtH(jTen4jH=C_HJBHX0tu11Z`%R09&*h|HFS!xIWq0lbDdfOrN^V9CH%P8
z2d?mJ`spX@`G+)ojMt6`1)H+ere81GdJh|2i100|z78xuNbWN<Odel}XSPIEo-R5c
z+qO9|!;sZFfo7R&l&J3`VL^pK3$-Vjj$hs<XeMcPEH_hI88Q}mAtHHfqGZ};gs;m`
zWGq{3%n7Bf2(FR@`Uk>mW6{7J1e-<7!NEqm2T5<%TkUSJJ&8EfC-%%s{Ch*D<ZOC*
zLt-~@7z8hxpnqW~oxcOko6?m9rMFlG?_Wj0PgXXRN{nrk4hW87e>Rr*9&2B(hq{fk
z!L(r!tb=3T(8FlW1W{dd_}dBE;zGFYLjvmF9#`ivtXQfxQ`QCEC9+>yAQ<y9KVb@~
za*UWWHAU=PmD3*P@17PN{d*G7qD`K5FD&a6WKWOp-2<Jd@9p!jBBhic;Lgp5Hi^Km
zo%}*lwiP1IC(RCRx9}b7hp<9)3T;kk+X6_DL&2)!gRS-5ohW|Ot^vH?rm!~il-Z9u
zCTa_q>YE>3T+bXbMP1PqBwB1UcU1^EbwEFPtmtm9C^`a&qLa$>=+&-AT~)R~dt8TF
zloCxc3}g5ZXFV97`%&mb9%CFHb8!2QOV)j~EyBUr<5efL0+dK5LX^D}FgQYRWvIkh
z-VW1c^75S&hQfEgXwn?p04grUbmhocY^dfm`eD5kmpVBTmbl^G0`Ld?E-o%W9-@GT
zMd%%k;c+MEKwMV_b<%OoL+x)lGo?6)JSxeVEF-8M=HwuJJDwv`-AA$$2L|s6pz9NU
z2e$Qn&r~9;AuY-7K_$5R4X3z^vCKyp60MLwb=M>QMgcA=j*NKBG|WL8sIxG^Y8o8p
z0m1RIK&INvcLRmpp2m~;`Vt$}Ceu7#MK~>v=+-XR^&ai;_;24x+Pn$~p8WI5-}gn}
zu|HDICFj%n+P6Yk-Q73|e-)y_mE!_6p$3Je`_87D!!I!ERXeKBjvKJrkp~6{IT#i9
zg#T^DO%0!lt)1lWa)4%sr~o!2VV)$)%Lv$1H@%6pqQ)Oy=PxH&CZH5DsbN1sLM~)D
zYif$k4Ny=%T5qKRT+PgxjcF)jLE$1)WC9%yW`p~NbR=4nB9het?u`(t#Bxk1mGCrb
z_eYQ=w8qhIyjS~M-W2I|423!DS`5^VsYwG3n|22}EO$1+&bbAkkuVAwB?j>%R!28K
z3^-mKoWap&U;q9?PIPfhox$f$G!kJ=2Y13Cv=pAG25Z`GZQl;J{>H6zC>tKS#0f>4
z1c@v6L5g&;-ow^w8TEKa?1jcCVVhW#iJx)b@}}?ePMR^f>`m~%gZu%-luijXwt230
zWoImdX3Uw;3xM`XYL5KFmjF^I<io+H;x)}H{po6Js%s%GNg5n&gPlb=+9<z^>2W|x
z0%a~B2p4l_CEOm%5D|1tGmIPll;#rN>Lv&ms!27gk-|BTQczqFUadEo*V2nmN?IC<
z8C#?X@RRH7>Y46^Go;QjHY&3fCI%;DO_gEZ1*yGrJeD01Kq8#)IA5nK362mT9?yDd
z;B^|fWU2<@T)A8LM2PKvYRnvGeqrxXhQrauMt)Cytt-}095+i9-Q^zeR1jMgsZGRQ
z&qvpQ(bm2>Hcg$SjdWK{^J#-}!!k;B&e31JyiN&WKk8>Yin0(DWzi&#;W~G>J~9Wm
z=GwBDg`;Y1gp>SO3-p>Vgr^EoX3VXZtkOsx_9q(%MT7b#%0>RG#;hR#3G2{nFg6?>
zWHgVMC2k$dL)@7(I0pU~WiKZ>g}JDo3g1?ZoIYC4udKN*>8Wx$5jGfV0ibWup;?$9
z(zvV*fIvD!7VWLl86AEzWYwFMpKcrObhgu{rcf#h-L$DQ<NC|#ZLq`NFoOs3{!Ihd
z&HH}+^v)rcKGI;_+unh0i*?OhMD(kVhEhVr`U;GCSuqo1`4yr6p1aME2)czgrY1{U
z)*fTNhf1UuD(@0+FSY<B#T=db7j4)%Y-z><rDfZb9RzTF!C`#!RhjLvA?<P9tEYUk
zJoC{5$L2bvZ{Qd;(h&i|QYpXh%lY*f1tGTq?)%?GO)XtPb~tV_XR~NBFA@mK?H@nz
zp;U(Go9ZBr5<vWd%pNoO@QE7;)Z69g<2JE#bUlw6lD$L!yG;8zRAFuQJ1+QDmC?rd
z6*^K&T&0n)IE0=U^5;vIs1kXW-nt#yE@PaBz!(@+?WaZQ(hRH8KMBbh9B|fKg}mVa
z6S<=ur8oFSU~9j?7<}Yx@)nhEphMKNrpCT!2nTdeG4^|k_QM&QxT_!B8|3aY(vI#o
zr6QG5ks_GGa&{9|P~p_+aCls#oENf-V^R!>^xQ49T$CU^P)mLCO`8juA`R5VR_5pw
z9&}RpCYEZmXVP)uiql(PHx!%)Q{;;PFN<RDaK5o3blF>5H@_ycoK`G{LS5Yni@&;0
zyvsDbY7sI<hZ17%(^B9D?CD?t)vOBfWdanfg21TtTemTNLN2xSX^0X^mX^Wp$CSao
z+GX5L&tJP8>nEwz)2@S$Qn$>)l}p7no3^GFWp7^)Re1nR{A~1Ene{&^h*?Hlpsri5
z^Pa;H?ae7;k7fmTkb(Fvw&}{PwS9b};d>o&AOg}_;sJ^*OD?-;4P~I%qCjOv<%PWF
zgqo$yg0aklNhfcFiP4`Be|rqN%rF<g*KXi*aQ+4c6_aMa>7?9Ix}%b%D(Da)G(RCb
z&_}LWwcjB0Acc>~n;<QYxguqDPNxghFzD4}LKin}m(0Am=Aj5Bixi<`!04w&m-WP%
z`qKBX={f&bcnjA?r7;{d6cjw}1IoluDo+EY!yDV#M{zT^g&N0gJA{Cg<~)@^aV<pX
zpa;924U*c%-18bM=v;xQ0^XP?&)4)1Nj;j_CGe+M5(!F~lbBM>9nXSiV%LsO1Xmd|
z%K3fRba<TkZhoP7JoGXvCFz%QKsIq!G5bKhiITZ5vFXf32p)tU;%#btJI4pJ4CJYW
z|CeBZ4!0bU^@wuag`Vvk3JS|Qinhc9#0Hw?#vhKE5xqw)-bD}s%B4_Q(tnp7?SC$N
zN$hJl>w@*-*7I(*?7wiX1AD`Nk;7fB6ov$ji;9rxN>K|MDQ4_aVd%&@+aka;dokVU
zEIH4UvxTs63TiDpmi(=n^vm#@mO%apHafHj1#~6K9hu?xLkNXvybFg$SiwXOU}t&T
zLA*oWQBxI859<iI+znW(n=%Jsktj|ikVlSFN7}4oTt3&}u%!^>1`Pl!r$AdVrLC-C
zS($0*es4(A83|01Z>qce&e30gWdx4si#$h;^aTyXWhEQ{4{K2iL^?H!x1H)PGGB-9
z^ohWO7t?zTTmZDx>$qNRL6x}fQs$Tc_wqrwHQd0(tN1ldZ3;vOYQvwu`CMNeTPWD9
z@nF>saXIP5k^r_w{m<5@x!z%FDgm|zh(0WI8o<x^P#p;xZqAJJAxioo8if*ckH4Yb
zWoKf{RV6TmK_rEAr6l&yR)`P6<CnYwevl7WFNCdvmnN>(x^L_XFAVh^s|eJnKrKAO
zyag}kQVcwlVJnFPwXwAq8{l|G0rk#*2pgx{@wy}GUUdD{lW~6(?o9uj<IH&dZMHki
zBh^mu8_Z&+WmUq1l20(ZmV$G%BA*bl2ScOzD(+WhtY_(c$cN@@o;lT|g^}!Vz0qYf
zdF2q9dHU-OjYv|p<#mX8Lve#kW?jF%AAlLoUsF1PcbTaqJc(7mkRXouAdG*tWwER%
zQkVaa#7&*S)uTuhqRv3%{b75LGd8QG-js%-EF3(zp93PTQv9#TL7N2lFL(Y_1psJx
zlnw)eCRF3kAO%HU7kni_@!DX94+8RFyQ5<6V?9QV<7@`K=ghR<0-U*Tm8$0oK5`p*
zQq00}wTbA&jFAiB1Uk!rs<~uX2gkc-3tV5W5h|n`jKw}x=y(Q+LMq@c7@QQ%VCNQS
z<{4D^XdDW}w&#4%)rZWcQ`^hoL&!u4Zm)~#e_>_7zs7f?W>Rs?@tp79a~aXlI$Zt>
zgx@;;1;Rdfs$ga2ntDlY&2KXFX}qb!fv@1K>rB}G>l!KjgV}ih4YRjM0i)q$j7R8p
z1CfC|1w!YeYKBq6sAiYEZOa$iy+7W>ExE-VX+EM%2vm=YFs0iL{Rt?2IR1tja7Er|
zL0<5F5P451T`b*GwC<D?+T=YL{dQC5JHEn|(#Mk3!T^LEfOrgAWO<}srRH6j5uh*6
z2#el!^>QOzrj&@ofqS_Y=&tAdv+{7Ho=_RqKyx9DFO5eKf2lBz;~O}%8{#KDvTLh|
zxb;By(_e=0jwZg-FVrRc(u@oXffdHIu~c{w)qR30$Qz2i-c61Gv-W04f<uF&!{tB(
zC`_Uww@y6(7e3;T0A9hIv1S@K)<r4^H(Z@@yPzl5vf8^@-IDK-^UtA9mx_RXxfNMR
z$#wrSg*PA;Cuy0Wf_}f^2uH-n^oev)ZRlQO^Vfc9Hzghs@4k8<ah*PeUp#m9xN?t+
zDz`timEOe?8T89i7Tq~b__I}eunLdj0PoTpo-NplRQBI-;6Gjr&{itY>Y(RtaLW$H
z@6!+imo-ETYBnWb$Hy&cJNkmx`=sXmKfn6ls$EL>a*!Z`D_Zw1h&rGmft6C?w1PQe
zl;VY;sp=6yq4=tQ69w)zCxgY1#ym7SjcVqWdimznH2U$Hus7@XnR3VRzFta?-ngD|
zB|HcxGnp^KZim7VE%#NNQuViT8Bnv4;wfnv*MGv*|NQR?4O%lbT5niK&VU8rX`I&h
zX0uD^Jdq?E(PRVs`ba<StNiC8{pTTR(-D6o7^CNQ%8iyep$=Y8y|d}7?bU>*kx@Dw
z2ys1Jpc10p^%JY{8SK!u8z0zS<a5|E=UhCDaU3`4t0fqliHkXShausT4H`5B{iGqH
zvb9zHUGm>B1n!@21G3flKX|P5_$ryqzsaI%2uie|t)P$O?|7-Y*F>c#$U6S7-}Yma
z4Zm{)`GS@Z&$xmZiq!>m!FCfdW6nM(<zf)g)Sy?NVGVu~@Q(;ng}oxToOZ-Q0|Y3V
zwzB03Lq?1^#E$7mREf2w#sG&wCrf}WVg>^*KBIgV@Lw&_{e3@e^D?}N3*W=QnEW*p
z$6b2pK~5TH>rz`9XZu066Q|N&O8akMcL^YwoZ;w+MUz24Y9GM`>0v5#pjyKR<s5$+
z;urt-QvW5(2J~>B5oL30z?(V}z2@F<dx&e$GLJZIIk(lx<<=k%oo3H6{wA$##;~av
zM5^35v!`=^E14r$4T)FR6FOPuZ?mE&3iiR+P#b|OMc$HZr5<dF!WIv(d4$KSETe@x
zrogc9Oq`2=_zAc>%K!bSnc4+qi6be$Vmml<zxqE#UpwYJzxW_>YZxFsIDKAxpA<M4
z>RN+Ev^Fx`|2{I{gm6&{k+e~|y+Pz;8a|joZc|9Oc{Q80t>x|5uD{lkXvDJ66`M8M
zOKEN&@lH@y#MgHN?YixaCVoKpN_~V;qr#{ze4Y?n&I#7q;e2lR71wl#u?lD|E{uJK
z?#?W4lWsyfXtthcPf?s0Lj9<Rc0c=3E1q7`>bTQ7*mk!P#NQH3SC0~us1$gxKaT!I
zC@jvx--8cAOKy?S<>&-y{y%hmbyQW|_BJWq-6h@99J)bLknWJ~?(S9uq`On3K^jDq
zjzf2MH+&oKy}$c<$N2s`$8m74z2;nV&3K+UA)ETYRYNR+cfn?w|558dJMI_{VeeG@
zDgj4C6oR@(!3Z+I5~3=VqrN0GQ{GV(Oo2?|A~coJQ4}g0g#!N%e3Fcn<M~}<=Xy`)
zxpgPe?V=64k|iL#KkE5MlH?&GYm*{nx*~UH0W2yPr9i^N_rsO1gdT(fBpdyq`IVp=
zLFQj-DnKOy{gVcw1ER@(aN*^?n;R2_6TEOdst%6pjw^=;C1+5m5SL#IUQOl*%+=so
zYX9?jBJjPKz<qCw;1lDLKC`ki2uV%?!I9K~Pf+agZxHUkUL2hV0S2-OZUr-79YSBr
znotE1#DJYn@kU+uzFf6C4!D0@ze-HT!GjtK7;TaM`$E72_+K92i(m@z*A@a_La5OT
zYp~Y9Dg;WDH|2bu2j{Mi2jC|c048!3QwaB$dTRnj4@IW#l&aAGX#BsQ5fLF0(mf1T
z(3_)GN}gj5R~6cp-~Fny0rn(3LB_gMkd8!@RB7E!k;$gWlsuHoW0Ndl+I2}#w&4~!
z2H<t<hL-yO+z|3<c!9PJ*yr*g8r&Up&NtJqC`kT#oj=0r#)trLbeV!P+^xI0?u|*{
z{gs)MFSW$wZPVpNd%o8=gpKZ!c6jD*)1P)u14qbK{W=e^&`6gFfJ^L?Y-9mA0B{Sq
z0~iz#|G86O*uZn0p%O>zgS;TTe`U4)p&9^|6E;xBKj)yOVQf)!d*zj2a1B9}BAhds
zFp5tYNykwSe|GFiyC<4id6L-u6SGQ*gkSl$YC?9PBU49o)2@5sE3%g&M>H%$t0psu
zsF%;aiEnG4vzy&NzQB!}lOXP&dIdOwslXa>sghp(pN;wVT5BL7(?M?C@wbcf?%>8p
zd#1EoB%rl!u$%#aSA(pqI9kaq0T84p!}$3$BcA1*9uB4czZytn_y3kZIW9b)-AJQ_
zZ~rOimuKX?Mh`WS-j?b?jb+oeBeE9syWe8Ivb!fjDrW6jOutsnl_KEWABXQ7!V3(B
z2Au7c5d4r|yU+c;0B%Xw7l{$LZYV_fbpI*W&Z?J8>dX*TFc#Eb>p(~jKmZ0TcjwVF
zt3Tae9TFWZeItA8uNyi)<1^MU;%>3rG38A?`0L5;POnp;<1J>?@33M37{wjJsPLC!
z{Qvb_LWEq*Xuwz8eH&_6a$&s4#U@+8@+UrI@yx#C-bshd{Vwf~&%(uhzH)Tj(HK&*
zz`m<cenk9hnU1NQJ<<9n9W6HR0^>xf)=oH0cmDbT@THdn3P=i(rnk22Lo^aA-X`|Y
zXOAV-r`pV^UfuJa+)~}ZF7f@J2|cx0JTT@5VyC`0Kgj=*v5hRbV-zQUarcPLZ0NWD
zxz>SSMxa7sg=9XAS&mfg@$bA?Iz7<rRL<I%;jm}VBD+EHYTT{&>saZDkEMU<FMQxN
z;8!KqiT+bCFXj(Kg&tb-32ip>tf%Q?vZHi*xSsHIS8<p#Gyoj)7~l1c7lcii3)7RC
z`1_T~uU=Hh`=HSLe^rR`wPBD6tzDS0YTXpy%_RCjoPrXd9X3%Kgh2fAUy~bQ3j}+;
zSBNst|M<s0_~sBQ!>=aN&Rd#y*SX6kx=+`L#C4`3OF_+@S3w4CVx8->Ka#ley(-L(
zYHzA}-E922qial@d&dL+d5T1Afch3K_wL)}|NZa(=)@n#{}V0X_%G7i56kb?Y2oN@
zxA;0<KDZ{8s}p|0i|y(!oImMcM^Yoh>0pX>M3U;HNDOwp1G2oXynY2Zz#GMB^8Xu;
z{jWWUpoT(Y_3V1y`x*($4-*?xNFmeszYm8GM1z;0JE)n?vL;$wf;<}Chs;cL@9!S?
z1osO#xZbs!2XZ&U@FMe8iz<0yDyF|aiV8kY*w-bNiztemAEnM3tel6RAe{)FuAF8<
z=IaSw|D2l-1Jt%*m7(%4lh!Nr$E1m3A7IiPS{$IsOOeC;rE4J~K{O{SM$$?~13x!c
zs`Bw?J=>i27n*#C&S`H9clDKCD`g=stM3GKseYGU{J_P0bXl}4xp2`c;rXNI_tend
zd5uTFX-?ojYqslME~bB<9x-y{mvmCdUpobS=_EyvI0UN<6I5CZlbn-vc-<l@41E)y
zL$*w$G;@OKK<xjxc<yk$<@>E_4yDKZQu=q;dlZt?WirW39pL0#WPr9woSd2_g+EOA
z6*&H_gy=*sK?KSk&DHFq1y`H%s2}fl;UBAuLLSMFY{tQpXhyGn#CU()l5Yo}O2_{3
z0dL8di_aeEmgD=gp|6~TczKxu%?I}r^+=>y4i>;WMgDN^OU*o0rm+KXZp8gNRajH0
zVZ%G&bFt+nw+mdFyuM!$`;v7+jgjcLu4v;(u>8@rlobGc@5*5AUn=0H1O##SdU>ye
zv*zngf1O*cN`rGO%G!mPGl6O?|I?a=!X9)t?M6)EIYmhD%hK@u!+yT36!`o|z8vp%
z^|+H$O}ZLJ-ILA*xWzN|v33DVf@)f0*tm?3zE}^hSPj05?QxbSIel|KH)wJnK>OXw
zg{tzA>0o>7@om$k2vFZTD^9Hs&BS9hFuE)v0XILh#bxuw6Ez-F?DW0WQ52oS{p+BH
z!@Mh!iOZOMldq<NH~Ek!kmh@i^X|10?%|iH8Z28=cDK%oWjm&p>kWnb6B6~GnZ%!+
zi*F2x{q=kUJF5L|=Ee5Hb1;P{h&Ox^&bw}U#E0Sd$biqss<(bg$I|N~fvNmtez)87
zc7lG;sZ<9|_B%(q<kA$4-%2y*Xy2v@xIFOh<nX-HT@pquHQw8Athy^hxA8;*Qnqjz
zAV)~nApKmmLgQEQ2}>pIJM|-pqqQa@x!{Wd#Od&0aZkO{IuqlAnfTA3ugNvyqUH+~
z*=*jcasp^xMw=>f&VPvqAycF*iGH+L)j8&9nNJ&P<e!!wlV99B{ds*Le(}PqedAqy
zV`$>(UshIAqH}79$5i|yUw7QVR@D)ICv&T+(8iC{5e8I31vIboJLd1@U<|YGbdjrd
zccJ{wZN(2UpR@LBSF;OmHYPZ6L2gjlg5ANLARz3%N5wzfyETe2i#|#7uX)nkWpeNk
zgcC8@afx=JR&wR+s0Ry<6Lt?LXZq(}N6<Gp-dCl`$Nn@ME3tD`W6&Y?%&Y^LuW0UY
zy+;*=?tdK+Z`zZCTO{4@en|dgf}tq$*M`>y(o+e}ABKYXu)^2&(>^O?i>+Z>x+sQb
zfAI^Lj6rxY)i7qe;{Uup$cqqSzz^_@@xmYs^otg%wxP_Jif4H7TFaLtqEAlKd2KKO
zJ2QW^fsi-O;&;*j%OL^fmUoVY*EIqFhWWSfaSXdNT)tJi+#Vk@rH;!SPgVKEu8$Qj
z&kpv)3DusG67+cKcsry#L;_7goLyp7Z*3FPK@$jYoEBajr!BUu4pU|?)a(k>!kl%X
z8piK*2ICn;e-b1AFm&kjfsf%zoxWijC7m4h<7^ieGn1Ugln1H(^fcD4f_tbt3t`jp
zXiuO1a=OW3*03Pk^$qC7!;s;GxQpWvLD;Te&3_RQVk#6*h*o1G25%T&q*Bbudp`CC
zPT)^k#bCP0seswP;jNHG(3s7wddF8;fQ$5HK9X?E@sMWg!)2#66ZW;#<O{1bz!1AE
zjqd*p(TS04!3<xosOf3m`E%3qx7cS;mpA74b|m~j$iH*#ZlVy(n-7`%@6GA_dNbia
zSb#roIY!CmwdWJ_Y?RCY;S}x2V&-7KBp%O*)=G+9Pdp?um4@XJ$gBL<_V<!Q0-=e^
zp=Mp17eUNYY}m?D<^7I80SdzuLwu6uJLB1dDb3A#NatxK(XNlM72{^WjIoPitHK}_
z3#N-5q)eg2GxA+=7)J4mX2}*~e`;Q%?MZ(;m9z3>#J&xTcJ^=AaC}OYU!TS!fcqFB
zrL%m+P{8w!n1G{qm_>gJ3CZUUS&PFgW=zuKe2dv{*&F>bAIq3dN}4Y7&pM5>JCpdL
z*=^Q{U1j}@2UzL!>7EDRsJj&pSha6308i52nvx3hp9ZRi@a2tu)?$@O;}e5$g-|`P
z1IQNJYVCD2c~pAbF3098>!$9+nfTo<%*$rN^^XyD>LjxY;G<pou7K4SD-In`#SXAk
z5_Vb7$&_cFj3@kYB&d|zEqM+EPtekMN<yFXbaHhEyNy;B&b>oEEQXaz%qes{o#n3#
z>$QaWG&_+43<$Ey#_eO16-9^R-F!B)BTU`zZb<&N$g?=4nNIgr**{s6kFdlihb@Q&
zdYlPf#XdsLpxOsHUsWWM-twLx`03Z-m=EhoCCkT^sFX65X#jPrSgC<`?_bUw`T)EO
zi2&r%5KoR<ebmii3YoBw7lzw`y(<t%b#NtO{3T+|*nrvp1ZHV-f~~4q8H#|1V=J;s
z)Z)3xJxmIUH&@D{@~>^9(-%63<#`K=Lm7yB>X_3yIXWbUh|MSNAdPmBbf=*+G9QY2
zbg-QvQ;genyj_thkp28dPX65=HxgYB>PysA(6adRXisWKG=;m<_Jh2j`{tc(QpMD}
z(7=QFX32uz%V+KJ#AbUYdnH2n3w4Lm;k6&m6{&F_+Xvx}Ch%6q)<qu9@4xP#lFYuH
z5g!ZkthJpzuppavzi|1b--O8%XD1pr@<!U@LAZD%uzP00T+~QkxWk_Wabu9+P-qk4
zMX`Yd;mL(3`kA^7L`Qght>++<&*KyxhT{4v^&c`^tw=ceY^<pg5;FjFstk+yQ|0>4
zf$01R1K^K&<Md{@n|3eZWrK`EosJvG-uNb~Y_3K|V%{u}p+OyIc$|RU|D-<}j#LW~
z@2c(WcP_CYQX772SL+lowg`$MfMP)?{b7gRY@Qp}_;cl%l_`>QFA4iV%$%A}N1rC~
z7dto>idZ|Rh};usT;&d)FN;SLK&<-T#iBL_#Sq$k?@_PGgv3NvR5wO4RS`G<(;P{Y
z8D28_;Rw2wp^I8;ydZa=2F0(MS_$`TVMwEE@3}th`rUxNfe?}Vk)U#r>`&}L@%Vgz
zM{-l@_3Om4tJ<La`Pu!H!OCY|@9{Yv$2pPJ9o1AOTV3!2DqkFXn{&j7YJf2j*3))y
zUpaTr^MYN0()}P@`N(=*az(xbYm_#MmBxD$RIgLa_Y6tM=On)!-1?ol?0$JHA%jvF
z%%Vn90D{(SqDr0wDp^dp37W?l=Pymqhs;*A1OWMLI<%G~GGYjH)<%b77Y#W2X@un`
zk>4^^>$mz1zEz-utM|8NO|;w_hCY2DmM~#uqyVyVV&tz7UN}Yod{z8x<Je!LSMB=g
z>FMTlfb8_JaXC*pSB!nC@`CEcm6b_=8NPXCGPv5gBy=B~Y~nZ=@Pl094%%$sGs+Pv
zDnE}n3qCV#jF$gMc1w&t3Y<yCH9X+lBL-{7b)6TB%6#F6eODk4w97-aUv85u<D_Rl
z^M?lbwwQHy?5Lh@6UUTxw|ZfuCqS<FYnliShRoxv7j@3t4V0B0UT&`tWX5jjS{V%w
z=L{S-Ao}_ZL|+&{^wriebeq^nWDisHOHX#H$@`4Q)Xhmg!CvvpH((<gXhmj_Lb3Qi
z(0Rms*(>eNAFFkC8bBl#b|#%lb9sN1HZp`QUX7v3W`CMC8u;6VEC8qDDJ-A%8HodI
znSZ}_&{qzR>Q@;;6!y8m(B-zX`b4_{QgxfTYw=S@zRG|o_;h=fZNN@f0Bd=&EQrik
zJ$IzUvdRArjjJD5P->;)?Tm8c-L_Rsf1zFMNUh~56Sd;wPTjj^o1e*aA+zhR^2K)Z
znjAL6oDedfj^CxO>n{rs8|^f`ow1|zFYK3N)8aN4AQo0APQ^#kEgsPm+YVfxT;LN5
zt4m*<CewQr|7^JAOp7WxFJuR<_Y$&FV=0fL*QjQm_EM6pA9<TUpMap*=-Nn_Ze7Ws
z$z~R^rrtPpZLwHDy2YYjxwXMwLex@k8MGxBR*vqa&DZj1o<z?gOl<ocmq;2S(*4?D
z<e1`XQb|4ynakxdTXrZR24DlP7d#$rYSZ<r8+VTd?laqC<bj-Qh?F6aQLvaQ!+BS%
z7^~mzl?$|B`;j{K;FARj2`Q7pk~xU4QKcIR3~bB;P|>MC>yp6%S;-f30z}zDkQ%H8
z55AYwD>>DuBVQ8<)hTh@Dt5u1muol;)k~3t%W9%&E~Tp+zI;c^o&hPW`fGjXcvfxz
z8LPjTV8W=gKwo8xoeg$?xdZUHI~%&=p42MUWHOwXh+TYh!zpgXJgB#+;$1Zh7@H_q
zkU$y4x<G3OGufK`>im+~3OI%&hNxg2+%GOMYJYCJRB>{pzE=#=v5s`#p6obIgRfa{
z%$8tA&Bo0}J(O+eQ%AHSNeZJ{3}vbtZniHxlUTNb#`_SB9~%Vm`TZKaD&50Bl)SHm
z`fkZ1f*_9Vq8Tm*lgS4NwTG3+ucxQ3HAz$4sQA&niY|#2ugE(r#PnS7lt}xEFmfv0
zEu_V2hs9ViGk-oMXmz1q{#-4NaBI(~1KXDW;u=CSt2YwM<ebdEY;m(3PhM)5zjA8-
zv9&=0pvAGd(Olz0cr8Z=r|g0)$35A&pT4sqtH(L7)#(37I#qT3blx|Vva|4&!tZWV
zgSw4)sRc$bOySOONnceuZ$AOyrcBQBq1K7z`@WFw@539iq0^3Rb;H3u=AESm1h;2b
zY`p5F-V64}m5(z7291Zscjk7{&;yF4+x+zw5l7;*d1m?i7MjI`evh`S{m46%tE;~}
zp?|!T0#oI4)@Dc?c5Vm`bOp%_)LHJk908v&=1o5%5Yw#xC=>@&!8oxK0K>3*o^7yE
z;S2fjwzwb1aazhF5$2N!SWh#>5b>Y_U}SNC)F7WWb+$Ql`gpyZuh;6fatieOc<~`R
z-C!!n4{ThZm-=Q&lzHe6z@xSK&&Tt34gs_QHvNjZ7W^5wySnPM_(tYWAM1DceBQKt
zvx8YePWt1F*5E(_T01@PJ$T^r+i)Xt4v-l{XjW$VHhpa~IOX^ICT>I&Y^<F%06F$m
z&6A-#!K{NNEjNo%zb+J0b!YsR^AYHFa^;UN{H++1m#)QO#y$87x_bkx_00*39~Hkm
zgPEf}*<^pXBd6I)XwU$**~uqN6{Jye#mKW0(h;A9h-1E2e-wP!ibgkpG;f|e5kWDh
z``seQPfy!8c>v;4VDSx)-Lk4(PCO2xwE3`sdNZ}U?SnXiAhz0_i&Y$=L8C^{_+hJ`
zoM9e7XO0<><~)vr7MQ&8Ghm0S*SSz1&a8a<9FE;Aq!E`5gqPth{-}2PA$54wbdCr2
zamz+mH(i>i`^WG;XUN$p%wcN=VH=>l2<~t0-Uxjk%6THbF#?xA9i*R|H|u<W=clk-
z>DD5$1ORd6rvwz|4%}@`O#xABW_JQ?Rd&Az4^A5}`j<CmP@&1@BU$utBNw|9V-;F;
zbRggJEfl+@wn)o~A|n6_CszV|Kmi&6#hDH+g_nE~NB&}yA=jneje2i%t2q}2V7GnQ
zzSGe%0u!VGF*~LP;DnGc55#Tp)($T>+AkYE=2bR%9TCc@F@?=3loJ_$)++W@(5(Gz
zBK>Tz&m?nUhk9|>ug)v{BKy~X?17MUQt@K!k>BJXA%Ph4U)s|^E>ip2po-Xt7{nov
zVl)aSt1*6(SZMOq*nDp|ocVK8ZpCp0%j2mH^^>1&0Wrh<w0Evt=sS<=BN9wA#$uT4
zWxrb$l+WG6Ln+k`tJRlAVfw|J*9@HV^YhZ3&m0@6TlnMM)s^>_3=M~OL`WJo5}mj0
zGWW7p4izpH#Isj*R`Iu<J6E3W+jL9q6I6~@PJ5nFud&5<0*v76sc47ud>-8xuH)xB
ztI8B5XHa>)R}r&xkud_g@%V$HaDL+T!}hcZg_d)vjx^fo;)(Z<sE4yxqlc0rf*x{l
zX4~lZlzqm3#=SpJ;5S3$!o_Wv?|A!`(_T|&lWeYSU5Waj;xsL&$iScALj*Dok8_t(
zJ+6zySYPjh#J{(PvQs&8-R}m$1kPQ<bG91~$jC`9ow)%HaYpVpz>bS7P_TJl*)+Ab
zngE!}otbJf{WgzW7?R(Db;f;&lT~^;3Oj)9N@X*G0>)P4k<OI8N3yfC(`<1m<)`tn
zoNr+EyIF;6^SQ-5Fh88DHx$ZV>x*U#R|M{r&k5K|wOCrh9S>*Gd)5H8i%zp9XYU9g
zj9JWmqtD39thE@U1gKkZ0IRky+yAK)rVQY{7z4D|68-iT%&e=U#b~d~JtKg-*yQ)v
zLO294^VDFV|CIRyZxmnJKfL6ueE|Agq0%8($nqn0ZWwlET-l>HNq@$`^OG~FZ#t?p
zQ0ADl*2hAbpKi3epS!VJY_y}}wo~scY-rCNfY~`&+9r(sVZB#?q~o8+@;rhd1wKt(
zg>`@8Xh9%YUXFMp{9@z616ZsHHm|_nOmS0}_dCZ_@db|j<%s!O-ML;u5@^8>Mk8~u
za%!hq%@}=%TRqKhXOe2VMoptXG?#YORkHp}>CGk*>&}p*abRo1&*ZJPBbHcH_jS0~
z(7Ld>uADpMe%`L%1DA($8x7}8t!z`A|72@Kxi?uNRsfF?^LO!}QpkSnrPFJzM+}tG
zP$u2Bv0~A%U+VfwHb5agdnXsM_FE=QE1h?qcB7moNZAIv6#qjk3o*ahc!6AGe(_V!
zc)iYhBJA*=xU2=;1!J`w74F^(&D+HxbVtV9+wKxUxc9#eniHJ_PI;rW&>o=^YGo9t
zhuO$RLG7fiS7f4B6<?G~bx+|#GkXS}`wXNN^DMgBG#l*F5pB0QoRRrCpK06_DR+S|
zED%PNylj8sFVG@9xueBLAUTrT_c0epzZ$X!dY*3?0l@s+?zrikD}nRF3}JtL1WJHZ
ztin3+`+Sf#8(=iz1;e4KQ~n0D@AHcIDh<GHq|>O%aDoJolPD;JoSj|4aN>UF*sO5?
zh`;oCxy2Q!<LS;CFcdG0-7747e0YHBIMq+)|M1f2tEASs;=ufLt&dKpfr(VWBLJ{z
zWy(%?EV|0;?QVyJ-|vq=2TLR$izk{K?E0cYCDarCTrUwLFie<k0^IJdGmv((99xoZ
z#cfg<sUK-6&12Q6_hz6Uf%>|<x6knyEXv#@$2ar4)1s@FdN3)>UDkgBBAHLfUz{*^
zSQ}U&GlO|9=uG4uEhe=JhK{Ma6*&WB-vcTZ5<n00&B3zYmHy3Wu4<dIACo}`Nu_tZ
zdb8mJG?Yr6)(G40H<JWCwU%+2TPRla#b`)9neB*vB!v75pql*^1kL7C_nYTNIE7YZ
zgiixuL70pDE^xO?{yAbLD)M7dG!ZB4p`V4(NTgRneSgwBUv<B~AP`j8EFF_eQIB2W
zvMuncG8zcXwRMcM(ZCAruG6mHMY|y20veKO=R!=^JvQQx*O6dSJ1Kj50e&c!cDRW-
zD#cbuq{Whr`Dxj22DH&v*}DwFs6%(Qt*h)4I-&Lxh<#syjx}Wow#dg<3Y84G)nlSu
zW=9`K2X39WJHKBpG1z4NfwTow!b?yel=%Ip(yeZi;P#se0LptVY|sIFvqlrh2Q;Hm
zk#;_?sDnpD6nkNHiX(Dg?$2lh$pYeL_qwn^Cgw$V8TIh?4o76y)&ZC&?-faLr*{`y
z8!<K9UI@>rK))2m)lGmJjIs_k(&WX%OOd(H^-%q4D!bWhWJk^)Nq1Ibv(%==7sZR#
z;zGz}RY1&7>|FY;Fo`jIWNc6sATW$ZN~lDv11+taoF4vF0qu2%qT&|r{<%J)2m{l8
z1b^&AOO?+0ITcN=q-H${56~DS$4QI6H{ns^X8o60VbRa}T^9!Z6sprP>h{YPZ9-hm
zTzjTR#`{Y3vY|=z17gL;NaQMDUH;X;5WF^d550KF79XUwuQlucfn$D5>joE)4Ht2~
zcKvg+s-OcoqDsW*tC3x2nd~F1Bvvh$KBR5&uLZ}#RY$@n(nT@ZWyy365ALUg<HZX3
z#8k4MULza^Qj9qHB=e~m-dsQ6Txw&a2pCD7-dz$2AR&s~eakLc5FmyIkl$hWxGX^0
zCin7op|lQf3Je96UA8@x!jSi*-?14@JCel+m*{9jO33eupT=YswUNtOTaBb)N3J#g
znl530AW$iLb;2cELN3A>=Y0Q0*e`D@fnEF#ZExI6;u`aQ@C$P^W-4WRqZ?b#e4^^j
z4Y<+gczw5S`$smY*!YBj7r*tHKaBA6P>2><Lyza^?I#`$?hV)Br!md>GaA5o1U#4E
z0NI&hpm7Uyz3cpr*CfekGfL$b(g)f<84UDg1hx>uMQ)&(+YAuuXMmUhXH<1{=!M!G
zf=uv+4ro3z0`Q2TG&D3W)8gaf5xu7i-{JucXe0%t6T??0IBUaMvVo2qbQ)-|RO`w%
z$gt9@TPBYdzRGlEs>N}L$1k*@&4=9=c6~J((R7PWqutN<7rVvT3~(5snSi5P>WA-k
zbh<tuXZrDvMUkO{x$yEW1RhR&1NISSIWYYdZKLQ}S+?Kid5>EcHZpK*?M`J@hF$XX
z8_&UEv{V4<VLs0si`UE%nWRpV|D&RLLrs3ic)rjDYF2=d>Atu;F3Ezc=awhFduhky
z5H$ZI{-^NV@Nkx80r$%9Pw$l6chJA$1XC~U(=-xQ<t<&~AIlVRZ+d+4<4qq2AV)8|
z_}>)0I=SKar6n<@8&DdEhh8EX|IF7oh3Ik6i11%;5ggJ9u(L&r<vom~v6OdAb8A#f
zlqsf!oxue%iDG;oXq2)lp57@NjV<tL+mQ%KtAyU#grN|HQHY1FOqFZ=_(&aHb__I0
zlmZ*sWt7|jw*kucn>8dHV+BTF``)vVD1eP_c%vi$D8DqoMt1~Q-KIb<0yS{rs5Lj=
z=K_@%qW}*%6iTuQ9z?Pjbg4MGo{H8;<-d^@Xt{>BUv5VVegkA&cG%0H5wS<`KK>dw
zd&*-z*r~oA3TnLL8_jjBsI1dJt{UP1Rn#~aR>QeOgw^Dqk8a+swgca@K`vfYMzja}
zTf^@GVC3MS<6m1;t3bYl0HTcoYAVa5qm@0az03PQADnp_2<8j?0S_zaJs}Pd*Z3h=
z@LAz!#VDo&?k)o@N*_M1l9Cdq?VK9WYi+&==#b6eKMe2-)KWRNMsl6QC9&MJ8*C85
z%uKYJoeB|`rNU9fzp}%j>2WjNUmp(u%^}2{fl*oPJq3QL2H|-q(Oc82&l;85p`?Od
zCEH)F2fDgMFS~^N?+<x4<?~FWff|}1nc0hX56%kM1PZ4>-j~lI=FNk}jnG^c>Wk&!
zrpHd#M<c01IY0qmTbvCBS@9P+6RrDBzmaJVkYloH@+UlZoD}?74|It(P}>u0u#Q}v
zw*kag^Tr16pIhrCf&<hi5KM#q9FjR64MBZ?eu%YmL8bC=qnoKnEf*^cU~q5hlHXtf
zzn7=XiDbukPs(FQ47hfM`g4u;WOLsv^Uvl(SYMiJeKj4d@w&8f0R#>-x%6@Yk9LV0
zNit%4f>HGZuw&?8*zJ{`pB@$VXvxVTnw_`Rf7>oJsqlGxdjmMJOgatnk$l>vT6HwI
ztojwig2V&4;^7HE>w`}>GSn}t74e}m1bSGzsis^FekybtN@kC*Q*9aPE=oqomZM3F
zC%X|+i_0|PxT6%`QhGm3a@pEL<FA0!SJc6s2jgPj4yi}b%8P&>#k{>y(>+|jI)>Jl
zZ2dK{hU1_|*+!~59RyI2e^Jv8{FP|#<qj+f$^0jHwf{;}Vb{R_Yd7T%-GPPV<0${D
zOmS(w+F)~eODe@l3?o`arcW<4Ldbp0CfEIBOqo<+S|Gq?c%iy%4B>I}(87M^Fdr^i
z;B+|zniatSBN@bjkZdYI|GN)Di)EQcH4uV#A6W}|UoqJ&Gz9_#mQrF+g+_~u<>%^c
z;0BcJ3W81SO^D|#^V=H9j!&eL&I4FXKNGQ3n*AR6Nrimi@$m3AagB4q&PNN)qZuO8
zg>;pF-fHa?WL+qUqWw%girw*rm%BA13oU9!f5P<9jnSb5Hp`|lqa>VCmT-5l$np!M
zhy;KXIonITE$ZN*!_lW9LL#{ni<jV5OU>g^${f~9arWUgGB1F0X<?_ShI8K8Ahdsd
z5c38e^a_@FVSg)Y9LP7kRgC)!6a#=FR1iShjbR7(3}9;cxiK)QTfyVLlDakw2|#EW
zEwhJwL=&;%(K`j|$A>WTB&qPAqK_ZF{^+SD#R<^Xa@4^VX!mR}ULac$BhC*TRsfwM
z31#jRT)W|5XrKKkI#k<aDq`xaO!^ps7)sKP=~kg?r`I0buJhENx$j;JOe(s0D0lj?
zazP(t09)=~9c(~lwwGivT~Cp5Zr0c|q2rh0xZh<)7$~ry+b)zE{?sDv%ey0(E6qL6
z7nWDN9TEqP?Y7X32;x}~7pwhpWOFvU=>i<H1qU<?w<R*NEm!A&fAqbTvHE$c^60=_
zh*J6|tNX7*2MOqOh2)F7%}aZbQPmHFc-Zqp*~mm=`IXC}tK_v!J#G)!Y8$wF)F0ak
zb<Pv~{-D!N6FYY&id8DLxi-6Vdm<=S0BYLH=?Jid(QWrRy`D-52>#A5FeGK6Y4n!t
zPfkyZ-Jis#h#8H<_oo_t0)v9w>$i!>^zW#p*Iq}SZe0?&;E!UOm4AMtis4B%ahSYJ
zz2N7t32h|p?<<D;x|?|CGFCyH0I42mxgqo>qlQDsi_h)C3r%l$OsadB*L}yuF1HTh
zx`nS!V4DQ9e7^9B{S#{ZUU;2sEO2fOp`rALrq@@5%}0M-GEP>WHluhY&;V}|!3=fw
z6vuovUX2d_wo`vOT179rpU-G}nH5j8I{HT~mYb-HCS170@;>6DA5T?QIS_(Oeg5PK
zz@h+T=R%t&777t}Zvut*D9{8agw5<r{-1P|6$}%uo13oIc9rvJD6hb`yj_|PLeu+~
zy#8mH-|gQZe@clF{lY*kMj8EOcF8+DIu|nkG}QfI=hBPBPH7({(+?`3MpU9QY*7wn
zceQFrh!ePBtiMuVr$_p-O=@4|9*1V?s0#h6HMwYstPCp!h~<2f8>wtCSpv|*29Q-t
z5Ls}L{3I(k^a&t1WpW<Fh(&8_s~+0nt_{BERY6~D{ze;%{i6b3iUc<Joy*SH`OeVt
z&UUz8KM-Fl!fgD6Y}$Z)^8wy-WWMRg{d|8wq31m<`Eos(UcLvQB$WW3k)8Q<7nTSQ
zW@y96)Nc0!L*4T^ApnkXH2z|m@N!1}r3}DcjJ-B&u5q>{kt8V(HJ<4A-(4=ppEO2p
z^M8g^)FR2}W1c8i1;SI1i5%_&PK*0RN(jtg!*yP8>rq|cYDnhp2Y3*4Y)B>n20ZB4
zfCnz}g(~&Q<b(mg$qP%f2@~9g<$)`j>JA4-uHlxW>YSrOvhpe6byNexjQuU8#_e;R
zJIRWQ+VZu$7X<|ctXKfL7#hhg6ciLg9(-P25VoY6vcD!II|768w!NgXatnDL<v47i
z>~Y9PG4g_IefOtj-}J?UqhBA)budpBk9$(v_|2ERInIYc*Fph5G>WL!KJQ*xh0P3M
zG(BRFzo7-;ft}HB+_=z5sM<eJItvH}w8BAf&_HF*&3;~4J-@#qb9+EELth!u?(12*
zqH>d}hLD(uBGC(hS>+A+St=GTJVO7fiqsSs2_o2p(1!Fs!w9&gI~j~=oz7#DZM9uu
zPApe=X8UF<f10GjL%Jlry;F6jl(%frq!)82SlGK`V0;g5TSHsmvVwRBet3PDsv|t*
zEqKWAj${4Qp?oV`hv#AsMa9LGHrR3^G84VZiM#T4@x)xOsE6Vmd{&{-!NNluLw{WN
z)2H(Km6Wo`%=G7Cw?1{>Ot0PK7!hC?Nzj~s6LM_(4N>RM>_FF!AuN7E51+O`xG-o1
zBIxfzBH`0kIB1WHsI(8+ew!pd9Y;K~>7Se}$q47ZXx^d4Bl_(&VnOv$cP{mGj&pTJ
z)&<CEd@Og)9aa<>VG+r;3uwd}Z7cPPn^2Ogt3AE7H4*W2y(EHss^GeRN~LsrQ^h2y
zzOZ*aufUvU?Y8NvED}R%EmWI-WKK=aBK1WhWYqQZuhMk>CVVUfC*$HLU=$G*FtIp*
zs`LMbYV2dwM1dpc-Uz;fpiF}e$@Mg}-uE_9?&->uu63NXZ+bq(Xu8ksqJx3A<@^s8
zfSIK)$*2y$^!&Ey+IC!D-w4;~{NqTB)tV>uXpb*2VlJuq^(dy6YjQR=NR$;H9b}-<
z2Og6U<~mhH&kxDL1NL#Fnvw!wP?b5o+D#4^2F55T-=n2aq*&Yg!Vn81C8aRJ1#x=?
zr$gB4KvKa$UoWF@o+#_<iw;}X;ThiEEt@$z8B0S32p~z5cR*-9Vb$1VYS-pZ?qq~E
z@{E=>Yd3RP5|8G_Dj?_zb$nhz&N^-o2@tma{XMoQf<!&{Q)>!3zP{nVH_Tu&>UVcP
z>}#=50<nQu9p;MM=_p6z;^~|%6h~mp@ITaVk`l_f(bV{HFi4e8a#OXo;@Z+gVTiwR
z1|9SpT039MFtwqAvo}uLF`u1!mqDdBl?6*HF|XUW?fy~sf?ymg+?}jvege;Ean<a^
zej%dJ8e4E{vKsHJG<xzf&<Z*&wc#5PL#P>guTBq6I-LZf=*SKhXz*=$1W9Oq1hADO
zd+4C$G8_;ghm3}1xqicrS;U1shi#ny{I+gVlE%eqMFC~j_O$ql6egP+e?mr)`fn}c
zf=NeL$U7If@0t)dx7zQbZN8*h^CToEGN(@$d(-mr^Mfmx^)aMZ8pH!4v?*PM^bxUf
zbo@Lwg2tBdJXYxq*LW{|8Uq2{gGTqnX?z9spk+Pg`|iTeixC5qLe>}u9`j=~#8N}8
z3yCZL#0)jP6k0?U4HFW<b94p!xZeMNiuP~4YXWfXl8yn{*~__URi#qK;n<)HrBO#C
zny9?HYlhA6t7`_J2jTdq>SE(@y%CeAl<Jif932&1%@}GOVW1#SLAv*Zy`;qr=Npdk
zoTr|gs?(u=AJlWUnrl*w0g*?CDD!Ak1b-?Bc~UmRqm51(+OLWnk-3SB4w`U@$UHWS
z$lP;zdy4)kZW~$|8$xm{ysnUBb#spu>I+|I3}0vN`kn8EExf=LgabDruS>T;H*EpI
z$rMOrCJw^()qJPL`E`o$H6=Se4y({3KKFAo-tRQ-{t$L5TV+sn5S0TFmBR_|$;G}1
zsUT|EuR)BR8C4Q0>mxW3*-|G6frS9`Y?!QU7>_1KRt<4Qp$=Ops_FtEs?O|s++`BU
z<Kjl_T8^;*@R*}$rOMGh@h^^}+yK!uIQa8Xw@nSG%<Xce{>aQb7ak9TzZBB}#wI2}
zA%aAw)p$t$celx7R#!zy@mPbi^)JGE8eA5CB!x6M<GmBST9^4^cw0PUEV>YezBoHG
z<GV8Qh_w{-&|0ezoA>P2uZ6itXZOfSBo5>!Y2DswNQt5^RUK6iK1m|P(yC*DO3NuJ
zL}>d_FUFZ+fw4Bpl-FeR8Y+-JjifgcTd$w@IRdm)1O4M5o}*#L-+T^S+d{lJgyg({
z`k?S?uCZaxcA|CyZ|wfN?A#UW;c`f1-B$3EKDImh(IgEIpdTVp5Y2{ETuXiBca{<@
zPX@0?X|N-1U~W#$bK1H&gIpY5zs840ggGKXl=s7TaN*Re3M2OM(}5*p^<g9j_E3GX
za6S&){N}yF!4J~q@*uhOu~~el@r!i_Wd)pWKVEYja08PKobiAtT{zXx6>>F^fS<|j
zo38(J%omd3M|WxAN+f92qN<d;S{{+~B5cGCEU-ZvP73RUv3`UMR=;HZH^*)x+C5N4
z+W0X1tCmq{@n~USZYl0Ia4PsNn5_rW?&>#Pu|Z)b(((p8i0COI5_SC1g(gf}X!LGS
zG=NdGp6ZQTk_DO2p1`ye&`}tQan*kM&VotlVtlYuti#_3%nG4*dQNnj!3+f2uQ<B8
zR0h&I_%N<)B9y3gW(9W+C5k9!SsKoTLRxn~IGsbzsiE2<HMM?W(GZVA82R0Ix9pZ@
zGOym`L5(VL@X+E*w&Zh+B=LOCG1q8k`Tntu4LI|XhP#C1R<%!?iTh&j7TQjUS2hZ0
zZ1MacZI&QMU%4nq9nE}@han|F*-)>9)8p5KCCgq`?;1c_Mua~xuYB*m+d$=JoTUe;
zl3{~G=M)O7Ce~|=jUx@Or-3uq=I6}#4Wo8F0Ff6d)B!hY^)<FAdM_dB69MRC;2D(!
zjjSI{(J6yh5h~k23Jv%Cwrd+Mo9yAXYbH>~mqfV>VKWboK>{r)Ix9xDwx5Z{4fo;c
zmnje4$d3<!m10mnL6y6~HnR%{0zNlC@pxN~3-s^Ov%iNJnY@~<5)>V6G5%DpCa<-N
zARP~j-kSoEH(8((G$|3)Z$+;sQGm{-pAD9MZvKgr-u)CIu@Eyu;l{1rY+TM@pI}G7
zlL4;9Zhn?&*1HcZtu7lR(zC{d&tQufBqD(p;K7SfNZ8^D+3#c(v2acg1UqkhIytwE
zh^Nw*nlZw<h{yy6B;`wQUvXPUYxH6?*`m`i!o7-zt6HAyc#UUnc;!-`r)aVfb(r}K
zt#1E{f$@T@GAtnGJJ2JSIRM^}2tRw78zNCdr2_+Sk;;$a>5XaE_uiTIRqBK7<i-RF
zQ6g(Os32?k8>mC*C=Q19uAO9CO4BZfRP8K@iuP)>yeM<hC_;QqPAJXm?moXag*G0L
z{1IL*PMQJ3xYk3z&pguiw^2SJ6U&j`41G67gp;><w8>242EVO$nocR9^7?c5A`CMR
z*2hHr^pL11#BaOUVV#EleL>i&k3SiIh<WLsmBt)w%$`fL&T346F($a(gQ1flb5?|0
z?V%`PJHi3eYmiSKVb6F(Ol3zp4(xHcUajRXay`fPR|I^26g<$$g)oxasY8#dU6cQ_
zzeC;J;>Rj8Q)r?Fh=E~<6yv}G?3}!J+TW$kSLUw+i(+k|Hhh)7M}+iZ`#cZ&To4Ju
zhBsDpMxP5CSApLRA4seRNO4<+Yjk5YRig8HX)7#z*xoZp4u+8T!cTq1G~DSwnS?dG
z1h7#aD^A49<jy<kYxcj>VPiVTax?|i2?70v`Vl>24|7vDy?1XC1#bTK{?T)Em0(l)
zs27Y!1t}U1#>fw;8F7suk@cE_)3}Uoxr3I!Z`Jp_E60EP&K$+lbO%(a?zaphZInFf
z<oI=pr|TnP1-YAy&&E~)v<5{qWsCMWKWoq5Lg>UO!3dOV%2C^lepj12E0g(_p(kG2
z$(&``;M*%<ml1aLKoy12IB;wtYLIySK8vb+6wdC2LYl)Rf1c7nj>&ZcyrnqpX{AY$
zT|pl?yI`_aWE6h8+C7CCGQ0{l?1oJy0?tw}MD^Y=o$9idn@ll2$S?mQGV_=4WE4r^
zvSl7V^-XNmQ^2o<JoN($qbVgG?-0lc{V@1v?uo6tM&DscSx;56VY$7U*YR?aaZrU)
zq|n4W!V6aV5o%{-ZQtA(Cqu|SdmAV7hs9OZ2BCJ|sC2eg54NgMg`y>bTw0#v7a{1O
zFZLWDNQqI~xS@eI$O>ao_e~zN+7GO2s<J40{0&{Zde+w86&dF?B`c*xuqE*c@@)Lh
z>Ge7K8B|Q8+{N=hj|Fa7DKs4MtQ;x@PzHY*-iWF+bFSYja_6x`nKX1FblBlN8QvC=
zO6F8LFY3&|3%EaiRU*U~Gh)x!$&pXzKb;1dEI%#x1f(s^D@(6cqa!kJG+bry8j__D
za>+D0Qr?a$(4PTkDKxJkPWy~5hoq7JF!Bd<h$sBx4P!1U{>Os@n@dp%ju_+ZCXi|8
z`<!Ew{qH=Uo^jcWik*bcv%}BB+sp=y2kvJXBdkIlHxFy)L#X=@earOfx4CK;T<fto
z`0bnsaO-jqaE|cF7jGCe*;}kll=>9iKCsyJ(^5S-L9q~bgnWV<p`=yyUAvC_g0@~d
z8?W`4m63{Tja!>9sv*Bj3PbCIfMN1mY$5pzeSh4s479Pi_h&}#P!t5?q!n-bOE}Z3
z2AK$cS~!$(oawR@X0I=4td_!iO?hiYLK!&kjXxAc$>BWleF}(Kpp+e)?us4Fw@vuM
z_0;%v8|Sm}eIov#<V3fl|FfHeyXzZN_(YCtc^DSm(&6<Lhy@S~zB}v5;JX|Hw3X07
zk$~){E;WV70=1RhnLrM_!b4sV^r~$@iADfvrUl;ITDq#XdRTbT_b6L`lJV))sZMCn
zjBn_7L6D9vE31V+Ox41V-Y;M^^sansQoG@uMIrpa?+uRIX3vbJkGMcfU}6D(X!<X(
zANz^!y^NJ-lDV)<mMfryw4suc->1;>*c434{#M4~vF|{3LDLwRW9Mu!Z$*PpH3(z^
zZLgyUC`+z<j2aM2jvKMRk7s_Ws7Eycq(A>h`a=<!JcU(YF}z)LP}pu!e*!x7PEzrL
zaa*%%s#Q;v3*>-GWT_Y!Zo8tS?;tN39dso2Y9S<MuVF6%&m?o@a3*rw`4D2|#`!_v
zbWb3&I)xDC#;a=v={xDkWoP%LNC;I_uSn9D+=W_%T4;<5mAvzhwzG2TsRkia+4d3_
zyX6rbNdbA?dlT)XSw}n59awYj*1>U$^ZCxzR}Q0D!}S${dnYJJktDzSqO@A2y1I-I
z$kP&_@#QRDgEU@!B!%6@HW_eF6{`Kz4nhnfUyu4NbH8Er+dUPvwoZC4N`ZFqfR(=9
zxOfQ*)K`devs-;m_sMaa>mg1Z9_39udp%6CPV=u&YfD~_qp%H3LeJ*)K*+<DHQnI!
z*ZjWnc4=3{$|?3Mkje)!d>oK-1)n)ulq?AX>abR}%W16r!0^AGo3@%j8{@WfCL;H2
zu3r{>F2iaFq<TA_sEQp<<pdsxZVe5yj}~Cl32vq&)z@I3gq%?{>`mp=JfBbmMVuFg
zdg@tP+}?isqN*I!q1Zo!xvbYsm~TJufy-c^NI0-j2<i-J%9)!N{-#4FhvrSvq~L}V
z5SE-c!0q@N_7fW(Q@FC}@lnmh0x_bARGD6@*%pMm3#2yZ`xuVw<*3}RbX5M++A!%2
z=>F5wm946+=pY39F;G(+Bew(s#j!eY-X|1LDBI7Hv^YCZRc$rX^${?lSJg2oIBzxk
zM~dpF-VUX|Jy4b>K?^s9H>SqZwh*ejRVqhII)h$%2xufh^*DDNgbjS)>&sU1A!+(O
z4H;FhT7W1<oph)&8v<4t0GC3_@(Y%eKaO0s)_N>8dfBhPIE+30$YS{rWb5`&i2Erz
zr<fCiI64`|8a7VZgvLKnm6}>v0wPi%G>>--=6)b{ZC8~xJpU@qB(#S$rlsJ51I6{r
zK~RXTB~q-OIJj1k)Yy%wH;~14U8)7&5EP7Ct;RoPru7UaMZbQx|L{%H_wvyj>U!Zl
z2PU@vdizM=xYNokZNMt@RPn{~6aLMuQchDZ=SPVHpIg+E75E9yawnhGJ-i!En*cZ|
z<givFdGx;elbHHg5fxcJx9kXUxnwoRafTmwJzfo8)izY-Q{K@YF3Jq`Et_MC@Dk1m
zw(I0enqc`E%9frVT9H$eSj@rTd&loKX%w8yw!q;}Y6uR{D^5o`cebGgMr&+*2DN17
zUm7|XtUU4r;C4khte@*($g7*J0p8CFG$6n5?E1n(@dJsU=%54pU%fDZyE7DlDONV5
zqZwYxZS#qR9D~6qZ1jzBxh(^yel%ZiTmYg6qO1ch;^cC*JgoL*=8*rk$H{5uHnaiS
z<h_%R;Kn|M0otwCj~VgS%5drv>Dm$|^``f|iW^%5%sP!0WUCXM_FtpxTCZ&9-aX1o
zN>V>9Iumcl>2`MbXNsI%s;QeRNB85Ob&6b&Eg{)<>#+MjP45R!F4j-tq%RZ)r~1|q
z5!WC?9Vrv9OWkj(n;>W51YJWY9)M5F?Vo31BxrY<bV{rk!OKKcUiCqBC{WJxwfC;t
zuAY+A>c{+Wca|2xEg?C2NdEKoX~jj*JRhg3GA+7xajS%;4Afsed?(VZBjEKXC@Fzp
zcrQ{Yy1YZZ5y{>eqyfplSv^|xTR&iP-yg2oApL9yI`v`4!sU2U(a18ZvI?DC%zSy*
z`UfM^XO~<94`&xU98C?q^6SHoL7Uz6E)U)m7})00GZuS-u1bw*IG)M+tBI;s@AZr@
zMq8*ynPe*aqvIg`79lI1BuP}Gx7<8Kzu~;wW=?}f-mT`nLd{-IUSitZys1;?QxD_2
zt!p^St}lwnjA4A6h|_rY=mz`=L;J*9tUD!Sc*GvcoA*hhK7L%aCaG1kG8|V}cblbT
zYq8fm5c)9Q1RU?bD~{J9eC}q--E1>0Z2FQuLj2;$1{OO^EYNuP{ZASzE<gbt2pM3@
z(ABzsoBFC_fK+sfq!EFjD}ap?$>M!w3H#M*&R7<Me23fRE7W8Du#QGjv4uhyH+CUE
z6!s5iz8(j&><&4<-4@Z%IrfXuGTMTeOgE^r<wg{<1pO~C^F_ntDYZU}VoO58N}G%I
zdPB4&C71JM*N6dwl_G&=q4YXKbBo)`$`x48xeOXJHT_NbzHGz_uyBng%X{8avR`g*
z))N$cGRja}Tlq~a;*-gpD%4}ALq5LaDiuEkNhv{|xg-&Odx~jA(>y^O9c`m;ak*sm
zaP2bQz*8GA-W#t)$x6Rq%kuL<&ftaAEN|4dG||A~sC_<gRrWy>Cvr9i!Q62xYft&J
z7<h&vKI^wpy!GL+oD68z{?=-#1fyOr;he7KX@(;*S=_mGc!x+TExnR{J?Yr;E26Y-
zyK(XOHQ@3(#r#KXByR4R3+*AD4y6K<KPvI;+p1~YzR`9^q<+a4Kfo_aKjX?Z$V$Vp
z_ff_fDAvDc7zCUoi>o`0AaeZEM$6j=_HghiHs)%O%@EN#HQ!4bO@x_JS@#_xj|Lt*
zqKSMKA6c+#`qfHo3Tb$CyytRvy@!^Ug4u`7)qK|J)yUJHv1Y16kkk5~x!{e$P?GRs
zr91X#V%v6uy?38ri=Co=78`3FPxK>>rUdi?QCBCMZA)Pki2`iPW;9}y<E1WggZ)CZ
zV8>Iwt;twf<CuvE-c{?=A%domz{RR1&Da~NU`-DJc!qFR3d0J5z8F&+;96{1{@JTo
z;Gb^k{4g(6EJK*P(=+R(T+d~?iL<`l!769<+6<g<#EdchZLSz}KhBA}Eb7Lo9>15i
zRF4eZV*M5&=ry>NUm@Xr*N>U}Y>h?VU7osyp`4Fx1FW>G8#ucZZxN;ZH5!wFymgq|
z=ZNvIh;D1y4zA8_#=@~*KJJeu7vc-1?dPK6r9jbJb~eB5e8z>?+=PI&y1rByn8W8n
z_SiGJTxMc>hfB)qMVQ`j)D=(kJo-_9FXbvXmxmUfDPXcnGU8V*yBD{5CBzgL9<8)|
zOEDv{3r%q?yMf;DNu-Ha98t9@2i(S0O@Z@*g<uenOPKq@+$!}&C42Zz>}bY~G+I(S
zjuSaZ>QLgmzM>6t^E1Ph%I?8Nr&?V92M+}gnQ7Ud70skUk=Xpro}Kj)hKKf@BRW%Z
zq^wFgvgD&>uqUg!oy%V}f!xfzJ^z`x?bL+MmKl(LEnKe>8kPjoTw9nR9^u3mV<f-A
zG;m^3dKwU#D|%k(vb|iwV2(##wQjZC+XH8AYty@08IcH&bvuL6jx>1@>bB5w2NBOH
zxFXcVqU}4KbI6|)^#*IiWF#}^K0YNp7B>$yn-4cezq#Aa$K)!sxXFCIT}^NFzk5L+
zdMou(p`mms4bkiBOwGHa+$eb(Vfbmbq7bP|7(b*^>>XQ(inzIv`uLWinyP<(cAEY0
zP`l2S?0@+xjr(e1n#^C2z?%D@d+D(l+;~#RID_HtMe^`S=M%Jhnw^=Bwj6e`sC%hr
zX8fpmJE17RWkT^mhy&Na=LXXt`}SdNAIZP~r<zQ=uO;YGW$^BO`bgs&k9=ihl?yqh
zs5J;-;SO=Gj_scXK$fjiq>MyI)5@5Cm@K}3>fDjnos&?5wb!!z(ta%*^vX@Lx@*yK
z`-c#^O+g+yF-$rZC`~asbXy8?4Ku=+gE23y5}nYc*({ReO67}-09inup1ma5a09;0
zd)JJ3rJme#p4VJn-c4_eiyf(48{ZBwVx%O6b{kt}AjsLTtU|G(;k`DOL9@b)94jkj
zrQ$<orl5w~<(oo8SMXYw%Cgwm4P)eaLv2QPr4*h3(GXb1KIhS%MH%Zn(YXkltKhr3
zcM#G2@lEg2uMg=pVbcxGWNm`w!Ol1-$#trC3{n|8I*r^4nhV5~HVvfTDT!KNSCq1P
zeM1owvtpq$baV4#2fTh>KK|~Jd6KRtefYEM@p-jkb&GRW7Fn-%<2}C#CZ%oLvKD*{
zd&oop$(p2`f+!ObVTpwxU%yt*UOQew@Nh(Avw;vPzO7`Nv*CAnK=ykwLGuIG00V*5
z4Yi0QEe{R_apHR~1Z15h=1}(u${s<nW158CQp1Q78BFx$B6fk3h3V1JR4v~=-ic6O
z+dB@<mXwTYAdT@BfjM`ZC4ZziVr<WhLg$LUCzF1^KT^M8vw<i3IaJ}XUF7+P#nCA7
z8%_gzo)FHfv1oVKTd7xPNQIYNXKv=UShAmhy38_~?uUZdTm}5;$mYhk!%QNIMhF(a
zbKdA5vDh#pprODdnzu;pTlhF}BbruG{iucvf-V!Hvt+^IYrU>X%a}qJ*zh~G5~z7D
znZrr%&+;TrePBZui`QN+s4Zn5*lwf`VN%*2(dKe{&?>h<o*HN_*?F9_G2VVQjmS)K
z0WudY^bq+WD|>+B+h*xTQZ!fN?nMn_#7-<n6+%-jtAvv}-$KwEhlRLG-FrgbTNGj>
zuoyLRx0isdol83KY28vxSxZGLQYsg%=6E>#h%CZDo!M}IG6Qy~#^O}FfuTtE2{snm
z_y4i=mO*hvTeo(wK!UqNfB?ZExI=Jv2(H0h8h3(AaCdii5AIGk?(VJ)U+0|ny>)NZ
zSNnHYb@$$TtvSbd=2&u7`thb6F=~Qm{mZ}X4FC4^{d{}Ct?pfg+c11@nsPA9o?L#J
zvD-y_d;p1AzdXULvNmwOyllWv8r%l8dXUhUfW5VGj4v~F<(l5#imjL*GB0Z0ryw8f
zo}{`_c~`H1Oh>W`_TP>??5rs0Z|xN7A=*cUhy$~R55O91=iGX)?wT}h<fyx31GjI%
z$f22#Vqo53z;p|NuV&{P4&OuU`pGkY4AL)A`H*v)&5fY1l1;uh=&&#7yr+TEd^=%A
z#c+OoGJfB>%PU&xTVt@5ev-KXHv6MnNgY4m%vs!8(QwDDHuSn_0MXpq+L_6B`xC$F
zv}Hj#%9)spf^IM7Gg>|Jo{^#uQpnasX6mHw#2NO;W=+<zZX)ex*j+WKai;nC+tDQQ
z3VpgPFkK&s4I?XNK>qbW2Np8jSq^k*SAZ=PCoXkUs~kAqN$Rfua`Mu-97heEtp4U_
zq-f6W(SGD7S69;@S$W}4O{8JMda-ZfoP{%kY!kr9RU^#>^aT;{XO^B_^IN%$XsK8o
zcpJ8j1qM|)(*ddvq&_gGj}o0nR-;~o&@s^;_q$DK&7zJrD#6${INnig<S}Ixnu=et
zGPzLfCNsu$Yc+pYd4HY*y`J^_66e8NzU0*+W0UmucrX<wLCI?G9c;*OvBM1Fm>}4a
zmHo^(_NP+xSRQXt6Eb6gUR*_0?<*Q`On{!wzry~jz)`#^0dzK3i$9EAFc?~~<n%oY
zy&#yQP9p_C0`9mVuQRzu8<}kuVJ0G8Fkwbl6&*Dt_#?#T%G>xEwo#!PRrFk02TLUX
ziEwi#>^9>ER+3~bWk7LhHm=i<q%A(X_*aer-ne!Y<;R&KPF8Z8_Y2R>XE|?9tHEHY
zWR#xO)SjMo9MrD@-3-C<O2TgyYJL5XS~Wz*J2L`628io6vW&A-?f*u0_}kKGh<WYO
zQ}`O3qn~w*?Q+7b*5y;60ljU6Al4{<%0+>T9OO0^m~gQ9pGu`Mv?q3F=8*RlZjpSz
zV?qk_w?jYZAu}K%dEw&7*H$OU6Vi6Vn;q=-t&FL>tSf|2j?&R?p6`EVudPS4>h?t3
zAtj2m0;<$(_9dR$Rd+sqE8=%2{h`HXdcNj(^Eoyl&L72QfqL+r-v=EWJZ17Oc#|5!
zycgzKa|QJN*=0(2Z~KHqyn-*NDeqlU%Am_NLg-h;8H;Vzq=CtsJ<&wqUM5J#ODZ-%
z2|1AJN4(Hj!kfBlkj8%vVc9Q#C;-6-b0Kp!LZ=Ns?1fTDLQF<ng>6k4ai(5yLIA{b
z?G2Y%XET+)X3ob;C}(XA;(@_gS{@SdGjaE98Oi+EydJ0}0d#AdU+7`_dB+Jlq16%2
zZ6Hc7j``^KIn#?I5e*YgC*Gh(V}oQg@viAGUqIYO&!Is}a|q!ek~O@B88uFEh!Mgt
zK00p$ONG_Do@{~(dSUe09F{h!exh2R`7Ckyw#4+Ke&-F6${^k{@mX2`N8!k1f017(
zrij(<UUbOCamhwAVi*@8wTnJB&MHEmM~NCrf#{bXVH{x$EPt(MhZ#MXYzZH9g#ca7
zPMI8OG{c=R1B-4Kh?^l%No=2x4&msdKcq=7U>DKO!)g?JVUl*C#*^Yl^@2St_0!}M
z4~`mRKA<N++VJ7YHM8@Jkx&`si8Dc0-K1Bt0jcgw(@1**Q90Sq@;dTyoqvw<J&(be
z2uYpP)hr7URp{>5htu{Zd&!#@b3l`WDG`_z)@@N^&e`i4@Hh0zXIS(~VU>%M-fh1<
zoP<pvOma$_A~1uP7*A=g_LtxN6pbca<TqNjPzLe-qZ~%E9C!Jq1JR7r<>Fm=<qb(q
zt{f-Cvll3u@PF!F-RDxv%d2+YK&)UcC-jyJ8cI3In?G?6D`Gv~A`^^L2hB@=Xc!^R
znPmy2X<PbJTJ1C=&_CJyy??Tvr$5@TjRq+URLZE(I$+{-!n_d7KR2+0#;iu_Tp#?u
zEP(m7b!Ll^lQ0e+8UMJ!6di=P`j2U@g5cG9sxj`dgJ{!K58q`BeK!e{wfM$xJTc<-
zau?QOe?-7@mmM4ygEBN~w{CI-79Te%kezJY(BzK<X>!EG{<!ez(3*W^jTbjO+Fm;3
zHu?DZbA-dy<>&kOV>wyrp}bJD%R!l#5x~o1>6qI|CpMS!Ewl_Ndmif8`&yZxm34#>
zocHb1$BHL+&Z_>ec@jX5l(%`X8{isj&_7ub1G?DoxffJtij^Akd5zb#OTJWpeBMb0
zDb%%CjXWMkWZQ3#V}C6+**b6c*sRpZ68&ke@>&Cc*YmoO;UAbGJ=y3hLHCwh`<ONP
zA0^+C*k30|1a3}A?*CX-8dIU0e(DS`Uh{-Qmi3Isa+(%!7*%=_uZ1Tq&ik||)`9^U
z<CeH8|2ok3@}<L7?Rs<@UC(><)5CRlh-jZMI0YN@aM<%ZPf55x+UgrM0L%ZEUQzmy
zJIM2xARI~lCO*BOYik1S^dd^+pgNF44LJ&ndDk|QgTcjSph=~!EUS0z$8?pu%O)L9
z;rmPP7{(n^D-8ukC<m7>h%w4jtk~(Jt4*l{#!RU@c?nV?R~4gtOTCj54s|F(*&6k>
z$%54X2y!04t1-cuI%(*(^~)qE>-d-5#IH>=3<p(mN10z1qD}i!S9vPmPdW;|wPsPs
z{vhCl#fbO+#OmL2BAs3`DdE5+kb=m^_4l<dhwE%Cg|2mIC|cC~#vtN&^S31~lyd(c
z#BU-L&HDK-&3y~~vP7K;U&*+>b^D5-?#nA`SV)xdle5z3CFIHx7E=8jX0s#?zsR=|
zJ-$6h8<&(m25upS)$MrC4j+RA=VwR8q`1g1$HG-v9v<w*j$6`F2Ikp=Pd-#q?y7$u
zu6~Zi%>08wo`j4Y+EB&Ml|xLRJ}^k0rzL+@aLb6nEoNh7WE1Nl#YmN0oy<FEHN5vk
z3Nz-bye#S>@cftZ$HB?N2N+y?X<CR%^+`HuZwpdo+5W4tUgv?W=HZ}`mNqO+hjQGe
zbY(V$r9^0><8WFH>tzZ{r5`&q5XblHTEYSJVWQa-g?b2{Qnxqo3u*utDwIkW25fJr
zh-zU8!7eL={y_W=Su@GTJMbW|4&)44k}RU%a@`j|4xz8&(poq;UM<ouoDgxZ)sT$i
z?Vgh)^%_NG$NDErcA;mpV!MM(__`k_d9oThuM<m+zS+3`BMgOMsH_E~sC#}u8KN-$
zXbj3BvA1zVrPEKVBaXnS7U|C;Wyw*XegzK|*TMfA@{f+)nK!|pi6HRs{7!EEW~E^C
ztdbwu#Qs{9h4;K!4)XmuafDgwbUm(i|Ng|;WUy21YkXW0qX}ULI^LIf#=Q?b`Fmhs
zy#6>^P@s^uheAE5dLDhjMo0fSpPh~iq-fbOMv5q=iWH*IXYy)xB<y<HrQ~DrNden_
zsZRY5p!73Th>-{KMqTwnEXfl6b|X&lk`K=Y%-ga`bDk%&m^-%Q``hd~F;e|eEng$u
zkM;h<6))453sy4|;&XE<{Ms#=%o6k%5kRcvXixd+#()qVtq+Y?&Zr~u4(ITDb2$K$
z*EHX{?E{=@ag;`1l;ZO0S57G`L~?Fc{q5*T4r!@RBImu|BwMO%xSdl6GML#uv#ryx
z`IV}C(;L{j;S^$FM0yB;cR?0@!FiJvs}UKjOxI95&8AYT^)1Pa0M0rb{zd-O`y;)y
zpo*;7+&Rh$kS$Ug*=DNR-9*11HTccod71y<>m7Qpqr$~vP7|aL1AT1HhzmQ;J+mQY
z;(TPYAG(_-3ZtWy(-w`6UE%(|%vL=28Z2%C)LqktbVo3u-B6KP&?YiFpHe$^ob*0q
zd1KfEzNe}&_RUpy1YQ8a!A!Va(YRECMoPpTif80Ch8J*}VkD*O=6sl~MkUS^J~=i{
zzK~t`lcz2P+_a!s)kxV6RrFz=3vZIXYWN1KZY-Mk1Pml*#q*m}w*BTRvN%1y*3TNI
z;5)^sPxsDfV%EGE6ok|z8ZVY&>%C5vu93l3pC{6lz{||8ktSFt$HN2ZEoj+PpQy18
zcf#O5HW-6t#u!aLe=!#SiXAI9@M~|pF%1bgfMA){E-EyWR(mnej^jEu-PUOP7lFxi
zZUeUIoW(cC85Lf@1MzTr`L*uD<7*QFhuCk(c7=@TyGTpGcn4riBL^_rs3BhS^5yrS
zH<@}XfR)NX7Ox2?5NXl&vj~gyG|f~NSsaJ#g3`%R`sSB$3}`B<mBL?6VZ^l%0AQ<C
zxNq{xIiKYdzA6!Ew1ONK11V|v5Il`0Uw}lt1>}h*0X1HH9TemWMaK)1!cVyy$MdQ^
z)o6@pdYt%q-AC%S)yM?e5Y)frgYbs-pH(s0o`Al6H`PA=YJ>pevsvyGW?O`pmmz)I
zek=5`f4i2^%nGE8o|t45%4fb)PfTgW6e00KenH9TEh60*1kJcgKPzm|$t??pH$)PR
z`}h#8ds=<Y^4xQJt+6$muz{kVN=PNGx8kZhacXJd%5|9<F<+b~<(#Y>2yf(Nc3Gr`
zY<1p`U$!kCo0K1{uKpe{AI)sxJzWwJ@w(ts-}^*;Qef&&1c{EjKe3EIZNL^3ndMIq
z$7`;Q%$&^RJi%0)Hc(&mrZWi!7s<VDZs`%5rBv&Cf%m7X%g!u}nSObJ)jNE~ewb7F
zwEn=256^Ux`t^7vc|N}P60x`$az4vNp+?L?P--S|st_BniDnow&DrQ!L(js16L#b<
z4=xFvk!d7V20YdLDOIJHB7uXF`M{<E?^Q+aW*#E@!mEzJDBMh6i`j{U{$^7&acB3E
zVFAV~B^S^PmwbL0br$XTzGmATAYT?wAi=2jF|+N#-pRCT0g02&B0r8pD$D?a{)zB<
zZGD^^kiv!*g`L@_v`JB}NbgplmNYt1>_~0*Y=YpBQ41o{Fj09Da~uN|E##OFfe0xt
z&rOC<b79uxvm?{r)CW`iiG>8&#fzUFvJ+{I%;#Lqrxe{hTk4`#yXAF7ie$ae91ol&
z+6@%FNF8AklT<?2hIUNWn3U-AmAqGKibnQ`OHq)b5_qtD1F<AqQla@+5L-Oto<Lu&
z&(7YVFo&QSi<WGSv8$hc5oTp@lj<{g!AvQTRCjo1)yty|Gtfh!^Ew6vHW$-T=pq?!
zOzV&Ve{bbNec`l*tOD>8oUK3kVvs(WjbeT0#x-Rd8tycX7(`B$zMSgQ__eczhF|XR
zTihj<=WyuEOp$S?>onJ&7;ST>ceQoqHC6>T4pCBzl}-GFpw+KEHI}JWK>6E@mKfl4
zRxYEBHp*4ZLR9e%)oybCtD$7dAKJd@Z(S%8x}yqbani9q1j{MBD-_esqjx&<W<AO-
zUw#hYEED~_7MQL@R@}=|c33Kl^zuoMNU3{;Y>tCrf>w!9xT9+N2YLT>-EUni2jm+S
zj{eI%L0;4Ghlbeepkhgv(9mf_|FTx%q|Au&uGGau>XBn4GK0VBd-;8J8B0q`=y~7L
zUME%P0NXB;D{9^`7S-|ZlU)kjBx)~MUVN8V2JcTbH`SPtEti&?(Sn>EA^s0)Ln&l+
z<oEqC2-d}KjGfNT+|ijGkzuR?Jx(eYLqO7QgzMlP0%uYgCWV!MdO|5VV7)&mB&6=?
zbt0T0@-p>lJn+$I2GQD!n$qkG*Q<kg=&tTN_BsQJsE;tq<oP>JW}nEy`6pN?IJg0N
zdE`C21(7ppZt$`ABj@#?6J#Brq<ia`5}X`rdATro>VEP;%<?@$9QS&L^19lRU3{Bk
z@(sVxumNJogpJ^vuOB%SeQEPDX(g$>x$XCyc{$faxP1`5F3bk`jF;On4N&WYBgN1a
zb|y+Lev;N1arOd%h${f%KJS=Gk(jDV{HuD;4Jp2>Q}Tks@&|$Jbe=SHgIna`p?dHT
ztFMoFDC^tn=8fEvm&y;w=?G~-few^@fn2aM9{AW5c$5IZfL)|wsipF1iX*;a^HJDQ
zZHs0|Kg!D{h6<n3dCLbhJ!nx0d<_5{EbhB@D#-A_WjThY>d<O@KBPWR8q0*dS-$~a
zs+MZJ)*+CG87`8ABH;HidxNb_T8`ODkz%RpI2;BXC6Jv*?j1BOFDoWQZRI2AjE`l$
zI=#$s)0bmQrllM<&yGbGm>?FsNW+E(=4ChY6~OS0hx6fNTQ(_@)7LmSma{e%u3BNc
z>GPAH&?JROCkIztOB4GfHUTNyQhlDKFL>1DCgd&{r3r^@?@56gUkTR=?8yr;X|ht3
zA~O||pvM-Wu&In*ra#(AGGBHV`?F9$Nz4fkSrQ;>yOQ>R<Mjsp^mMN_hkHFV^}U{1
zTH3yCGfv>!@>OFa=(HpS2Oij_sEMffG9h*6V@IS?nz@S=f;_*IlrH^_+pUHC@CTcQ
zA~gS8D>hv73e>~-fY^4?(71MyzP`u=@ln#X`}ptIS3_HLardDa1Z&+4d}}%>E27GM
ziaMksgrGvW2$y`8Q5h$lXan~gUtYE=s~*)K1&guTfrkVZ6PI_&@jp$lVovn&n;qvR
z$N`}yMeN}^;sgYh-dKuyn5;;+RUeFtVc?V_3%{@_#&eGeekAZncd15Zy?L_1_7X?D
zF{>mXfXE&KUB@RnY<E7E__g)__ClO&$Q#*#QcEGl30I)!K1yGdt_v|)D`apLA<npx
zCJ`B1YJov+a}_sjWd>-(uNcqFJFw&9f800&3RoPUCX$<VFcfOkaSZa<L9P<0FVcXF
z0&c81yDQX(LVvJ(h{<puxtcj~?6TJBa<dbBd2)=Ps;c_8_3B$vH~k)}tmhSL#c~b2
zRdQF@r=4>n-*>|`M%mP-Pg$wXOi4aP0OO>DxUkJjYP{Tp<Qn|W3m?eg9=e7>;}VEj
z;!;xhNtLV7K#FdW<V!{Cl}pAk1@)9iLX}=o?-qhs(u%=k(k?&TqEa;pN1M*eXN||_
z7lu#|C-QZlvrh>LNxhw=TACE5wnLCzl*MJS_|&5m%m`yv<5Q@kHMQJ&)1_g5ISfbt
zbSpNV0_LXE$ZErumydSa43o58dSmLlNKUjXpBtsC*#i19zf=~=8r~kY&s}vNlo1_)
z4!f=_{{!v%F`x}&x239{{**hF#NtiMBIH$4pPD^^0PLRm19hjiXhFZwa_;vOZRlXB
zNg<}Ok^14hFkyXr^iY5#yi?@%7~bH*41<DnQq&8hblKOqLWLoN0u$`IpPX%sGlxNv
z*(kjTsK_RJ<~uIHE3QAh)Vi$W5*7_%vZ5F^S@_GLdWOr7Uj}uQXFho=e=|1<R8+h{
z_SOB<Pn?H*z`M*L23(ZGdvFtARO1jpph^3t9$XdC_BYP)RDgu89bX{F$tkEA$plD7
zI=+V9z_Qjxo5I^Z2!h=_N$jcS^}{%F$@iz8E~i7of#$nohG_7==GFFBT}R6ar<ZE1
zCkwsJ57&BDY2AHz$%U$rMhbJe#Vy&yMIT2tWRyw&5FB`<&1d4p((ks}TpU@o*lyZZ
z<QCJ3-&$5uiVU-3qjv<0!y*if&#1w~MKmG;XDQt+<P{@n$+dRkol-uB>{sU=(T07C
z(vdwEK%W{W)TMBI7(v%v(h@rPgw9(4JIgMee-{vHxh9YmE!8`7m>$<8B`5k7jV3i(
zR~mW%#KIPCC~86w+oHAd2!9DyFo4i*l%2mtL9;}p0BZXwgPxBCwAmZ`<5+v{Pxb0i
z*pM2Ol=aSqarrlBWR>1!VE;jp{omX3J0I^qFj3ype_0~*p)J4CANefDLZ2H=_Az<e
z;8EE#=dUVq4$1<G%h5L<huhT;b^>EiPxgoM=hn@>_J_pIT`pH#xj8TYxaVD3-w^E4
zg=sUG<P|iS+0JHu>-C2mr}uq%l_jcBA&Z#^h&gu&d}BR*h}&gw+b<kY>z^d#>7TR}
zKUI9g){i5X6w(ssAZSkS8AWgXv5OG<)$txuhZ<~Y$D_}>U^t<2T8i4;UaUdAH}7(a
zXDD`a&}WYwtF`OCs1`FA>?wF&&fn~YPY_pkFr#P~*%_Tpd1|Vdy*&|7PxhOKWmXG#
zk>svX*8@CU><|?cI8S-)lM*`}Y>|18QzmCg@L3UB-G76wfS=T-D$Ga>7<c#Se@5G8
z_My%4p_ThA2Sy}U8^4vu824s`eLum=?)G}q;`HVAAriFOh;jUV-Y9%(9r;04X2t5L
zbM4f07+G7F4&cno5T5rztyebG4Hb<|SV0{@9vQ++->+4+ei&#1x$+3twOW+n^XR@k
zu4OJb>f+NeRQEsgAEZKy0S_AlO3eU7QL!yTdGQ^)c~UzlQP1MS8>Ni8`B6a6=LTWp
zs4;TC*0}tioLHQY(&q#3T{1$Ri|3@w?8vWWi0<ZLn|-JXzRzcg%Q@av4nx3M4k|=8
zBsbiStD|%Q*e>9K|E3>-GgsBYfXzBs%+Xs=jr@2c;lL*z3<l)=^Yi0=BOkWg3U&CJ
z(RxQe%mcq$Ss_=}l?iMFbJ(C}xK~2W(<G_$b)PyDb^zE(^uFu;8Z2>X&v}?%+S@;O
z7W@IdSnwT_A<V(JOqiVU8DJe8%>WbS=#K?|e0_%$w!FVCP^qM@7Y4)Tij06R@?h!v
z=BdVEiZbwaw3a){O0D7y4e3V{DRXG3kl~Drqcg(f4Ew`!W5<Svf`d<DsU#Swwq>o$
zzA{bNkOz*K+rE46r<oAvu!n~dD03X8u_ThVCKD}pQc`$G<%$+G=Ay5k@;J*;LTl{!
zMQHd3kh7zi6tr1wLNy?KTn>R^+prN@R$hQqglWV{g*Rplzg>2ww4B5hAbR^f8KCL#
z8vr!umaxgG6#|MaI1#cqEYQ}<`W}&*#$$4mUN)tE<c`LI>hs`BiSR=%mUA4RHvEQ`
z3efND7GBG9w@yxt-N?TWR<p}7kKF0KYPlQg%X!fsdh?w!zOakH3#)g!kcuRF$N6}B
z6bknB>R-PKYr(&tCUTKYtEXe}eEaToKVdpTkeXfd39?D_QtQ75z-SBp^%K~lpE{26
zHQaV0r8thFzPh)HsqaoqN+ioUgN0?c4H}b3s{I3X;`2l}HTm|V94}9xgY$w0>3k!#
z@Z#--ZBXE@ibJ;<W`L6u5@M~^#Gs6=)XKnH)?FV~LiP*euGBM`neS2*iy~&f;}t=L
zI?By0tBH8@<s}Uv7}b#dxE4W*6sMCP?jhzdO5RnVI7DU$z))i~=V`uNpoCr92SjCu
z_5$yo98`AutfO4Ow4(5z%AAVYX3f;OL;%o{2_NME4vxmC*vprli9YL+<(?42OrJ9E
zCm!s~k<15UGNa#{hofP{1KD;(tg~GFZf_qcFzH!zDI*Qtd1kurF0pYm#DPBoy{74V
z(qoz1^c&iO!uHWUULhSqR~q>eS5b=~WWgHO;f__(Zjh3JnnRA-R#RO4Tqgr$6-u88
z7B4=O%FKzff!aJQOy?quAKmsiB-kT%kihfmSj|xmg9zF5v4f+`t36evVDa^HH#d6;
zacSbNKi@nBhtDuuTfSR5LaACe%vg<pHh&$%LvylTryNIx;y5wTgK%8|C^Jq9CED<@
z<XFDJ`~FqvGjVBZey}i&@;_Ddk<Ns}v0QA^w8!50C}|Wd`YsS)DzORjpM6;EPsA;-
zR!r@IXyOgC>~YeP@|mKvLXO!bENP4oTi{O=x@bQu4dRHTw@4XztBW53J$WRX_%R82
zMLnYQ?PZQj`0DpK<=mDAqH@=)#0m?nKr54rMT|Vj>b_vkKT~#2A<mh5|LoV>S50j*
zk?A7j^#5m8FVA=+Ty}h&O6~M<U0d!SOtWl8W+Yk6=kjBG9sN@%dWA^Q=nAzrCM~lJ
zLW>0Ll4?-gUFtYF0F8pFgPBTl3xcyPRGPU*ze8rfWOXnm#q|3`9`1l7uU!P$LDTzD
zTcTC-<yG%5YP{&P<Y=y_$Ai}cx-y2N$<sJdv2jUJ4YxXxq)yb~;nL`s*+GoNB8_(t
zci!+MIv<av0lwqtgW5t{Qer%+88x+=d#grBfO?pu^n?+MvyN^i<qi{X`-ftt{#t-!
zV|==HXo}UyvJW<Hvf&9N*WEz_6_Ooum?-GULUQ$~)O?2igKnR8t(Uh)Q((8g2&Bgi
zkthD~)3?NTelpj1W<1g9BFkoGct~dDBBSF+h5#<SnVH1vMsv5}jvaiB$4I%G(JPvX
z$^O>(Z!YyN?PPTX#7_Z2o^;JmT-!j6z?uZXp{K{{p&LP9Zn1Y*W(mU_1>6^Mt{m(%
zxQ4pt%9rhtG08}U;QV|FqD-RA&CL%I67XE@T=l+;Rma)3B(~-=JfP$Il7NoC))3k&
zb97if^M7bB>)8~z#89JwZ$gI@2+@`yIn6m@Oez<93lMU?flQ`&Xm49dQQx9IcKdKT
zm=cbgv!Q7M3@R$iI>{-M6;*!q=7D12tiKJ9jVN6GtK8IEYE`h?S}%iGshz()`<aL<
zxkrZ%U&}9snuMT)%4+!AAKun@3JtSh@$~VvVH<*x28Dqg%RC?7!wb<vq@zU)<Z|dP
zvpsCqW?RSN<FJH0WZgDXY3kSA)2=QXJpV!#Wk#^W;pgu+x5mEHH}x87q?*hRte@(7
zf$hx}0eWXPtQ(b?0u55FfEz%?^OHiqes>tM46fniU#6M1Urt_c=T?jAQ)4S=P>xS7
z*N~)C<Y8RP05>Q*1x|?Iu_>;VRiLKeio3c|9i>XCo*1u_ddBa9jGg#Q%dNbwbV{?v
z5%!_A*tHRnql}z|0o9kJmDU0{FcM2+%4Uh@SS~JFv!(R|E)0uuFEYECSLNo<3R`Om
z_ikCGv5bosF+sPeDQ2mSd4Vc9^a5}!lLqb~GdvkhwL+K4HS!pUQ&2#W-<V*8Pu!jH
zRp|lkiLK0z5XW`+=P8Sz9V*gUE@|~pa9>YF+2bn*BBNL;q%!*-b#Pf0Qky~aK@c2Q
ztLG>Gt?)q3@TGPL1+n#Ce~bQ~zcsb!BlT}|My>4+f)cxkIh$8`rDa0{$zH!a0p9=~
z@y7}h-y=d7??Km+M-*(*=0V+!%O{8SDb#Re(HHD4fh<tl4Oh{)*7!UxE{YGb^1<pk
z(C+v-Zz?oYAfNO{r-(+5h{oMU{(|1i@puU-aoe@K<*~r^?faw?BQQ5v%E;_INwz{z
z)1J1t#EUlRPQb<*`ef?0OozZIM3R`?mF*&VA)L7J0c+xdy--6{)!=z}DH5b)q;K=|
z!RD_BHgL-5lWHYuFgP%<#>?c;t&u|6mP6u;2R=D?MK*nB<DOeAb`RT|OM6MiQSN?j
z9kGsjpGF+170!~RL>;&~KAhYjo}TVJx;iG}A?5rxlOy3MyGn`gbKl$rmTO=r+S=U3
z(i7$5iAhEfLT;ORpS#->guK`tht7zQNsQ7KAp{l#<;rO-6H&p%>YzEdsguk7NMjTA
zkSAm8FRllX1xv$PwwtvV9WHT%>SB~)%j?R;b|Ri>K}=vX7e6=hLHU8NJJ)xzQhJ}u
zd|ap0t>-u?iV@o7`^mc{%Rc0_Pzw7z+h$jEfN^m3-&f>i-Kw6yoEL)AneApYKn-_H
zCSvb!`gDQK+N&&jil|WJI^Wi1D<aE<$eGjNIYg%b!jU~+W|bz-kJmA5(w|0((50SU
zdSx)k`|P7Jg;zUm(0H0Zn-q_*iCf}@OBtK9nSJw-JD3(K3Z~$UC}@gTA)a|=tB|0>
z(GNjb-$2ocD={qbQNF!Jwi_hzEjZ-%;nw6pK^^#uzf{gHiJg+F-H#<CdP_h+g9Ptl
z;g1vLjVCPr6*rcr!4{uj-~+*IC#5Gmvp8e(=j&hn9IcTRRy#K<_pT5=ZXxB`tkT`M
zyz4)ZoGAwHKAG{#s?m8Dwjc9SQ)AsSEtwIEv^04T6~*1&3BY{ZBylc=<@z+L-COwG
z@;h#9DDhD*V!X{I(*F!CD;^+xEi@r(nNx}LiS)gcw|;z!;<?cGKI|z<g!a)a?e63S
z#DzM<iw+kq0J7P=OV0rAo<#o7;eHrKA<vBei>2vGMD?S@^7KOGqFG*A(EVUb)l=6A
z&iji|LaU}&N~@$PET~peQ6g$#fj=res;H&>5my5@=)t=D07gX$JorLQPl`VnM(l}V
z!g9n_OA$^!M)z#rR98Rq=?LU|-&TOL?1jHtNtvb&CogD!{*h5v0T}E$jg=!O8P17G
z@b%r_{M5P4Hn4%lLqD4XVNt1Bk;i8CoC^m=`5ccRF;{?xm*+cWtf7IEoDX^AAnGSG
z+MLzD7^hqWbSEBRR2(+*v)yrZj#!E6cv0NWzTHh)l)Y0gj09@DN~gI(qzX-285*kL
z8Lt?ha>de5bo<i$=D7++^C!0WskbSg5Dut=T^Codny(kN)n4DEn2b-(VN#w!Fh9HA
zT+wRlJ>SvCGhWCh&oyHviM6!V1evS}VI}b;!ZAND+nS4h{WHcw&Mc`}?*Y`5;v=HP
zoNXbau-l6arJyw%oggf|4ZgE3jLIx5wSr9Di06#rPY^P>Y9wf==hd|6Z~$=7DRs5r
z@)RUo=*!a<3AJECMJeg%8AV$CM<wUr$xU8DIE`!VhZBjm%<y(1u4f5E!4v~%rI@Tv
z5x>-;f|yzZ3hv4}@-Wih!c0Z0tCTh%na6(-jJfafZNvkwwH{y9qZ4N{AQG*3I7Fh2
z#&hX<=E248%wAXSpX|l<<60V|UWw_OF)W+TdFQ@4ZzFa}7dtKZt3v6!*%!^ftL9|v
zi<JDoEWm%K<^7`29(PaluO4!5BwJ#m0hNIe4^o0pa8ID=pa&V$FbmaP;V2ZsSP-ey
zj(st#`d#!?a?TQwwFrlY&fruOdr&TJFuJPJXLa-}L*C`Dod$MhVe`nZV7GGS)`(mC
zVmaD_M050Ems4cyvb9aZz(K11Xa=2Hd_YZI9R~JZqP<HwNrtAy(xc}Ine)j8ey*&v
z1<X!3F`?g2C+xc@P_7$Vumkhq=Wk5|n^g?>G{WNP${~}~(i|EV@kLfAR1j`kr4o@{
z7q+T+-)Jg~D?hy?A$heG`4}TFDmkA<frY(^IEtm!LiP!{Z`1PlOJT184-IOK%EN9|
z6h}J)`?7PUqa7!jg@|poxylLwMY7|rV>oneJlK;ZcHoAYt&J4Rsi5oURIEat``qBq
z%V#8KVh(?FUP0SOm<!)ph%0%wM+GH0I&2n>N&X!v3hS$la{?EneZvkrQg*d2$Vz3)
zD+e$zSA=ZO50|R4J%x6B#Wi-^{m0h)$)Hh#rv3eApNu9vw1B)F;=P^d$ys<ORO`F3
zI)AnqU&Vy1*~U(@$`q%;08}x^F=lTwX-(jt6+uE28a4&zbG!8o{Mw0-6-ixE9oU!M
zxNkTL!9zMADq+W2Xl6$~1c$<@br9PX?%`uQ1Sft$c!oM0Pyg67Wy4YHv~=&i$?o{S
zp$R!8UvjAIh*$tdg+W54G!yH()niR(-ZqU&@2F;Lm)-n&ieb?Rs5OGEn8}&}_fUJF
z2T_2H&bn_~l+KVqqr|By9bmreybPNy>HTfeDSLBsGXK(U8(zZ|7i%Az3^E=!`m~1a
zG;O8mS{WmIvh1`OPRy&2_$+#wpixreae)8n=*LDQ1c%t3ogVy(KM?n{bBV1PM+w@9
zDD^xPZObj(!!o)UamzRP45wU#Y)a0B#K7B)*RIeX=(A|Dn>4XDAjLs~QX0k+RI+3F
zr_5|67H{9Ok}Cg^1es4KrEX{%TRWmBxTQEot5fJo;Ee~LsWe<wu%ITMcdt4<RYyQ+
z6?LL9K3UX}LM#P8&DINz7gb4YLGb!C{qf~eiaz58ItvmCLjPpIxUTz3j1fQg$J>I*
ztK%eOj7tpHDczL3IeqtU<mxwqHh}`Uxqp3mtH9Ufuw7}{$&b#q{+DHsY{5tG8Bzwe
zvyu1%lX>pnibc60t`~)Z<#+PnZ})1#N~!%W1n5&cA6@3#0=|+*Akg-mEL3JcZ*5Ey
zx55?1J@XBBY5~y{BflsEryKFxYAG}v*RvSe<22{9%Ihh3nk~oQxOqzz24@=MUc~!S
zMAu2G@RoQZA-fjp;6by^1+?$t=*|cPog31GwDQfwwJP>TaH62U*eg_Aq4ls+ya`Wp
z9Q?4>>3tCTRN3W)0QWqt`*LHUc$AC8686z;bH{%QzKdkl=wz!XF`B1ezHlA9(jZN3
zV?>$0VM!SkxVG4iqN}QANfzjHb*Faq?7;v;UrT-=1Fc{S3eMuKSKX@>|N8aI_+J0_
zH_V9gFk+u>tPLio4N^zqm*r%T=H&}({F)9Q1>_M$`eY7j@K9n-K>rEh`Q*t4?@|KD
zP**=OWq-7Hb`}-UXX@9L@2T}JzM6|Iw0EhFqtI0B)?<dQ0@a?uC&=2|g@JP8ubqw7
zr_JjVu-Mv)hb$<r{|yD`AXsoPkEmg`YJYE74Zt|%^_E-2#>#9e<|4ov3gNIrj^a>P
z(2+NV8rg&CMnt%_@~bk8S{iipa*Wo)u9}p`TcSgfD_b2wcW@LCzz$);6ZBW8T4@Vn
z7Z!G)k=K`t?LWp_Wry7@3$y<3^pKr7Cc3zT@bJXk-U)skxag$Fjg)`+qkkwv6#7*I
z;DLLjh-uIFa`K*@%geh~zxkq1L`6T*`5@ObWHb3fu#9Q#RpB8pbijCq^B-p#5Llf|
z7{OmC)3ho%);DR)QfJ&$TTLzgU`MUApftc<YBDUhRMKUW5+TA(F`E>c0#SpPoC#hs
zf54=+bA|s>(<#f2(IK8){nBi1!WI&0ov1>h#IqnVn%gu%z!C@i^MSn1Me;$BgJ}eA
z*AAXZYLRbruGyIN)tgEfz+V6;>E>UC^*1^(SB+^1Cgw`-SslP9*(z#uf{+q*CkDDm
zMv$b82p-=>>8sr-tzX6!kOE1iUw&|*a5!AMvt}(J&waG2!PY74x0%KV$mma)AG65i
zX-A`Nb-(C|DLOCBr7C2?^X~bt+rj^d%`hN=hAd^DjH%TPR=*M(!S5Eyr4>D;yH|dj
zsyvdA11syT__CVqzI_bknf_1>vERB)i*x~+fy%50&<VJE#=TMpkQkz|v|~3-ID}oE
z`+BBY5pNKBI}5a;*s(3>=UBbsQ@<5W3dbp>SDhgg&z*Jg8XD~|U4P$N@%9;Ib>91>
z9@0mv<uST(aZ`E782#$}f5zyGKWJnPK*Jtm)?y|nM2&G4P@nOy>fmYS$?!}UW`#)!
z$Dub%5o^Kb{Q46Ei|(j#|Bz~xBWEmfV|VE9`7&KpePyuKpd@3v`K^a1(_<0O<}f(q
zV~(aD=L*}p-1$1~E$Q$&iS6NXTWwZcD2K*^|6F`SEx>%;jniHv1m_I_@g6RdyvvP2
z_g>3lE_r)RQ8p@nMm3}>EmZzSr2=WWA-pveSy}kdRy>65%5XG9NMB(wx=Kkl7gM7k
zJnZ9n)!{;yMJGa8)yf8Hw_X_MI#}nW*x$R&7##Q8eEDbPAILEb2-7Y3?jobCB33g$
z`B7Y=wuLg=;^+yfgSRKpQpt)(+hdc)Br!xNFn-Uw4Q|_6T*nh!Lipu<4tbG=X(B|c
z;|LV8H`z)je)gD3wSphB?2f%fWLoUL)EW^D>bg?n^R(wBOb~8mCU!qd0mftxx3<;7
zydaCBE;ZEjGeDtsV1B5sEXv5=#S%aCG{8ulW5y$oEUS}GXSz%5!!nyy|1fcQW<HD7
z*zkmrsa|Y>t`;tjIt}6pU|zL(@}T+b9M*TS4EO~yOl&O+Ve28(S8Kx^3ZRxaYi5q^
z=SLxi1Pnx`iVv_dSiFg70|S>8p=d!>>|?!FTRgHHhK#i;?zLso#waoD4A;(mu5e(_
z-m9(0`Q60W7*qj)$4BP3*Sd{YP{U|z8Ys2I*G-X;;W-k9F>7I?n+0+J9EHdbW8&eo
z8XUNZW|57QRC-8a7m7)gxP*9$#VRBz*IlI8(&)f}8<pywu-j7hP5bVE2bo#wG~@qG
z6aWf7RkQvns0%3TC%z)2$ibi}Z*(U>PI3`cOH9OD@uqFNKMQ@*@BU1^KPx8W;rKDD
z<Ho(?>WCi6+de1y<8s|S#+<POD}Po})IXeqV&Z3@oBD4AQ6`a~f8$eN$oSOoQhq6_
z+3$%(O^)S)D5-HH7A7Pq++}mhMATLX6{B5@%9e@@NOfMsWW%OyJl_nNh7!k_3G*nM
zBN2a@Zs?UiQzCR;YmUcGP9VS6B7gNFBrmDe8tFgl4ir+d;8s~xe5KW;5D46UQ0yR3
zo=p9oM%^H;=$(+gnqsjkltybspQ-9ZS-2;gD7ssnK|4L$<}#M3ruy9l^)7W0L-+d-
z&K>X<v6l~!@_BS+e@Y9|f+fb_YVSh)P>(Tm-T{p=EMC(`3=9XNXcQGVV2x8#Pear3
z@Z@APn%J{m<&sXniJQ83`sm=?f9Bi%1#8*MkQ+d5ur{uyO1EV>YO^KpT@0vIEw&;X
ztp5Mwwo?O)e8bV8;+aO1gc>|=1Roz4syBClXb*fmSmz|RpzbsMex1-E*LDGsdUc-j
z4SI_YJrlQFkl?Y<%vqzEv3Y0D7o{O=Y?iyNijp|3QPrQygYv8Gtz4|v0ay&FtzulH
z*;EeoqUl|bwkF3lWK-*y*ltiA;dI>>>%@1>KiWpy@V;JQ6Lb{e=Cp;&1$c(e!t-Pj
zh{`~A<$M{{vvFbQAlXCsqa17`7z?c+5-|I&FE#$d$b)f3b%8w`-$~;ksqP#<v3b;K
zkpmj?PjYPUHxEIoMq>b7QpttW%>2tyrNn7}^@skE1!_`u>My^1K9fsLAM~={(g~wk
z@`!6Qg=85SNhBgEEWl}JYwX@>0^Z_w1|3uy_$-Wx9Xh!5*!cz@xs(uzIVzodnaVR+
z?nfLW(^ZR_CvCOP0`%3njZga>BR%UXAUSRMJcH4hvc$&4b%Q<@a0IV!qXM`Ts2&u@
ze$AQZe|#FB!!yZG)Bj8YiFsqjbPoKfuz43Tc|F33C*(K*zxIpYZw?H-Ue={e3QX$$
zieAfRv!eHrkT*sf^6mqtuzByZ-<w%$F|#u!jE?@q1<MbXV{>3@X-Kvma-dp=wzvJp
zi)uG~=k3+5!Sa_d8}AL?a5d~}j=0?951ery&TqkR)zw~$m?P<X@1%(8G`8^U&;bki
z8Cetaxe|XWZPi-9r?Hl-G?F}4jDd%oX@NoprCx4(Jhbrc>d|}P3ho9%<mC5@SO$-u
z8wcAq5~m4Nkj;+jVx3A=brOS5TiV+_jb2Oedy3rYC9zQIg*ESm&hY8#fSye638Fd$
zHv^$fUs|4Vx<OF0l|Q5{n;r%t3ap>o+kdh9=p~VTQL*s$xVsZQ)voQZUYf|lh{s!t
zw39;Dbo|m{k!ZzU%UYYj56|{=cE<+1%`fs<3+DpvKcl(l7_Oo7#uP6^Jp5knZ*Lkh
zuA0ly`T}4JCtltomkI#r)|_3qFFhd%GF^N;rH)5i%IQqEaA-;G)vaB!$}RG+GcyV?
z(jp4$vcM1sPi865mccO&Ua1TbYUdsLPG0=_jDGrjfN<`4Ee1gUN8)4ca(Cw-3|xh5
z?w1X(Y*xbe_%;mv+DimE(0?3Bg`+|@-}p-!*cO~JKEygN2>bY2<@?ZIBk_O#cV`l(
zUo~2dSUnyv$c%zFaT*qI9-0|X6y;C9_SRo_$ZN2ZHVt}A&6RhJMtv~h76^&a@BKT)
zx#Q2WHeIZN_xZC-?4LjWDIhkT2n7lEuuxOsDEo`)^TP#xB-^UV@7^^X-Y&m7Iy%pp
zhLU3-F(AjL-iEsqmbj7Lbyz!8Nk^6G3l^f!iWQPjGiJmNSCJVJ4lB3a#=y_chsvM8
zO<}5aa^S%Yep~P}&8dqaOU-r$wGW?u=agG%&zfzu4&;GVL%-+Gvb;GE^c6T1B*m+x
zXjyPms8s&1`J;Bjfi8gjO5M)YzNAC;0M27q45KZYo{??;1;O){_h38fy-;qB?9RCT
zMbE=0Y~%G*uFhmnU!AC+lB>qxkW}>f2U^V`qZC<Z0Yd(Nqn_CsUUWB+AraxOE5Zmi
z=#i}LK*P6?jm@=z4T|Y*^f-B&A*&1eK{FZP_Hpin`C45o`^0749g=@s-Dm4{(x_K*
zaI)T-ZCpgt^cVf2#aa#ldH(j-cUf1+&3SK56SO*c=dTk(J$cb#6FW80(G0I>S-5CU
z*J1<WxPjVHYUxEFsD!?}R8kw>WFmUNbiwpGxFqU%f&yS$dMVrprC-_Xu;oZz)YSl+
z?ZX4r>G}JpQ$N-<C~y1wt_iNujonbK<DGDW%@P)=n1KJj9N4n6x<mLs(26}BSq_z=
z4kTlbT(PXOh^^I1Hq=E_2@-935Sj;lG$tx!jQvVjzPa@&C`fG)A->gSLpo)pyjmMY
z{R^G`F|n&noFJg+1ys1?(x+y=_~EDhEdH;uzXYMg?QHMa6>LC@n*Ym}_=45@mTL(Y
z6>K^4&5iz*pO=9U^Le7D-cIhXh>CbAMgM2$w>58~*eRc&DPMO~oA#!rw$6^f^d|d-
z8UL3z@fJ@pERO5Vi^;oNbmXDMC_PH6iRS!04es1_^3rB=(8#6%=~|4!&Q<;xWX`uB
z#%^5H5zvi7BJ#IZ(EcD$VP`v$i|>9Dq2k4q%yi-fO}`4{SMRx)?*y+E-?GMt0Fkxs
zHp=M-<)t)R7r|-u@h}7}?LFPO)M@Y@fvfawJn?jBw$0@K7X0`2!R*Gncao*NkUQ^x
zN;}?1`E$J=1}zq;#S9<n>riURUExH-YxB*9a+T$<bqLqgPlFwe4ygF(4rkf3s4cmE
z4D(4`I_EP=(f3pHvyw7Ry_4`?3=hcEi+}j><;(QPMEEa~3Q-5R2?lp*fj^tK^pQ@0
zpHSDG;M<(dKbqm1jeti+CnaQmd{<VES5j2{2oDdLyR-_J-hVSE+RR@cohDLita<P7
zTJS*|im68R@@6~FD?>RLDq0XdZ81EJr^I_GsQND6U$kJ$V_`WET@_KD2MzyPzk>gM
z>IfCfv#%Axh~1L!%l#3VDI}y=y4t7HCzg;)z(+PZ8|FYYR4xvKH(MX^?}*Ne+vhkm
zUd&;cYJa+M9-@urofqw@8?^ZT$yJ8bpT2dQs`5%ts`Mw`%b?W+Y=T2{UZ~23U+m3l
zH}En(g6@|@`?4Moh5L%^FHaD&M`%Sw0}-mT7Y384{J>!t#nJ|SslMwYV$XG~VT?Sh
ztKs%jA{kmIQtUrO_6mZ?k_)PZ3uGj++dSwv$8|S!Kqn^Bs?PQmAHPg4&7j*dMng`Q
z3(gM&2TUx1q1|DS{Ox>R@u#LV3ql5unKpVcjW5J5UZ}PpwSXjldwi)|%bEZ}i6}bv
z6J?2FDToNzzd-gYIwGEe!hS7-IQ4tXN@c`{?2Wtk^(!+QaJNL$p`mwnMEJUb9i>rm
zT@CFZ%1hiR4AFjXFBr1b7qr7Rwe-5E4c!{Y`k`G7u65=3vZqEIL!N`F^~tJbs}=SR
z%`?be)pr`2Xg<S-qvYhhHTS10R|ksh1DY2Z4;wtuA#<tzg8%Gsdumozh|S8B(a_}0
zr9EJPu>M@4y{2gS9+jvw(#97YR;8;lGpqrJZVM40;T5X0zA;({=ZHr!8`+yd0xvIL
z>?&oj^wujJ>>3dXqB)0FBGFXR)sOyg?%K+ky-J1>XL`)35HUZ%G4cPBk5Es%yv5qu
z5QS4dz|-<5gZZvZ)Z<g6b`ciqao}r*3yETvUh$Cw*R@)GW4&y{-Z$G7))ysii1{&e
znKg>R+l-%eXVXDL1~?Q5%j4>qnz~SwyJ#&6BQ65f>Yo1H4N{fGf5r%oA&k_#;6ujc
zaiRE-EU!B-hB`HrF~DSWdHBWwITSHzqc4oO-N!aeYUl=vO>s6f57mqk`-+bUijd5n
zf(CobHOj2kdDz3{B(zW4=U)I1^X`@zer~*@Dg4G}Gx~Z5L9~z!dC!5XP2R-HHUgeR
zPS@1GQG7_^q)HhT0M<G{ky{3h?+CPaW(H}Q!!9ehoL&qS6{^kerr?#7ls@?iG7$+9
z$LyWlZ<kX0HS0h4=jX59!+_=dzOg|Qy}(2hL-ne8x;TF*hRCoRm5+onNvFLTnyA}X
zwctyje+1|mNJ}4SA5dT4rZ+=I<j0xA<G&gg=4O1(C`-VK2J_NXUTl74``;|a6Le6+
zGI4hWU<gDV!E!!g)cF~5T!FuEpUl-M-M+gerDMo4*euy&qUc&RX3)}d<+;48(<+n?
zgrEd(CD39-2MdWdgNBrPCgo-B{NiZCE+nSPwSDVWkQ_(YAcEv@&Edz_T2tIEuNTk9
zNA~_6&zGK|4R~$!Ga(Bpe0AbS4CIb5>YBIEfDit3fK$FG2v}t1=Y9u}*j$eKYQ5fs
zDhCaQZ251OSNDI9<$Sk?At}own@Vc#gzszLSyNMQfBZNkF3=DbQ#}obv(EX(fupge
z22|4!gd5Y+_@zsCACS`ys-X**Eqqv)@lYsQzve%X|A9e9_9-lHHQ)V*<Fn^vr>o=o
zOV|6J75;oPyfG7Z^T?2as{w@p#WWiN2<SSuY1wQ^p{NfVy>E4eDsh_f+-JZT_w_E~
zxoYmB%&Rjj^D}&e_+=2+CN~*c{Yu2^8sji-peM=GAI+O?v*9neX&=P~(6zJXf?E&g
zCxtJvsvHO8C)y`O;acg2&xA|dgMMkZ>aJvUK6Ts=5`DkNsdar9&+<|%G<zu9NB>^*
zJycBQ`f$B9;dORv)p4cxbwi(VHwY^8^ser~>WN!r;H|!TBm9IjAT(;|0y_r(!o3WQ
zH#S+FZt-T?J=V*x6L2x%uwXlE!(;B&QB=4nB~?ivLR}~5SeFp0Rs8C?FdDzXSdw=g
z%asCp`aKi}=BtF(zdNy;eJ$Ad16nfMKuvq}`MJvl*7yn_(5zMI1)hRx(%-u{;(u>2
z4CwC{1Fwc0ZUTWbMaE;|st8NrnMH3f6I6gS0>gH1La6`e@-O<a86$qmhAl6l+kQs|
zxaD_iB&ZyTX)6Wm!8aI;;0&%m)01|SD#X~L*NJiF<S3e52xPuOXSxuI+@9|5_V+5m
zt8%bUX*8WK$<p8_WPNe1Lm=s6UaD~r-0*1*AUzo0uf|lB$3M=UrQ{74qkFlW0B+p)
zJ|LN$WRdVa4=3|E0>3Rc$i8*{wTf90?}1!7;;{7Brez_q8qatxYH+ofG<w=u!@f^P
zc>6y3rE%8Z#zhoRzi-+7oi6@PTy+tA??OLcADRi*EidU8h{daM%8&EqP43|5E?>Sy
zSZ0VoyMs=`7%vNdtIf*pV}rQH>1$jo3-TX&t3mNwufBfuQ#P<bV_0U<5a_)3KVRVA
zm-z3MV}Zs+R2$#^>+{pfhG)ZAW7kWXDJ-BI`A3dGe>7QWCU%q|!VJi_>dkN&(Tb;e
zO)!yFUVjYkV3A~%n^WKH?eB-aU~zO(?FXSXDip;j`ew@rXp<zymEM%vcf-Ff_BT<r
zqOGG0O9i6qZr#|rD@<EK@q<@;t^!TfW7~@-Q$jc_ScDIttrSazcnszO9`0Js!`Ujk
z!m^8ZLSaGjv=pMfrZg5xOcB=U@bGDAX$rZq@6r8k8G3dmgee$p7HEugA`WFGRo@(<
zRRxeRN0=}7uyYb0L&IZ)qoUx@BUmd8%?-bXU`my)4w-7=*Ug3HmL>c$`@w8-rZ$2F
z2>iHR3~EqSEvCDkbo#9%=S}ScyGQqo{TMnyM{GY<t4L?3sY6Y*sF|tSC|VF*BUynY
zp;Z`-UrN1PYQAQ1T6@tgVJoS6;%z$EzAkNKX03UL$E(umb(;mbyH9v7zm|m0c1`G3
z0dhe?DX;1RUEfE-TkEabr8P^xfXWGJ3k!}4*ygT8)065BnjH3AHYS^W^c%fwcIqzr
z8VS|pw7y{RN=euk0xQczk{&NwKQkC(XX%i|>Z<pgjy({mOf`x#Bb9UNiA}PmCxOt%
z-Y1$+snUwLOSb{^KCb45rhD-vMX&af#_PZcd@n8E)frov+<dE#jL9$(2^7}`%&_Pb
zS?-Bl?XmYL8$Ko`3qu;)bYGg8oy7E%7KtBX+}!2Yni_P=x)4D9^4{q6V=D-t|K}oN
zKp=_+Ej<o=uqs)z<+Go4Z9oEpNF=;NiM?I9YgK$OG#$t-d}A`kIiOLjIL{6?>^eqv
zshwAqLXdVmr+p^IfMF4dN^1C+xRReFw?Qjd@R!?<?Z>g+3&##A(x{4UeyeevFP~e$
zlg&r-0NfaXKlYn7+^o%rH#nyDy-S8(%aU1H9pT#51oB$a*7+0dwU;majTE7o7zZN~
z3*aI8jiD!*WVG=Ks?zr_Iy4jX{~ud#85HNbgzc`75Zv9}9fDhMcMtBteQ*fw?(PuW
z-C=Ndhu}6qa39X>uWFzA_ByAYKl5wqotmfm?Y{fEyG>~H^d$Qesh&94l?%IY_qxUk
z;x{Y#*{U~4C!yY7IaYhk=&tqo6IPo!8tAt9H2)rhMp}JghSofB16Wn;abi=M!Y@{l
zl}N?we*eSEgtVqB<9f=Vxo5ow#YC5}<j@l_a{4_+u}^$B`CDW_&0y%BtbCJn5j|+M
zHn^PBDjGJ&RR0yeq1;q<j}LRiDb!6)nG#Nhi>;aUrwHOyTzOd4N}2guNHJdmA+s_O
z_OmIhC`^EE@M1ZsKcR&X+irV|bKbL{K2401VfBoUWfx625er2vqv@hX;A*+g_Eb8)
zeulgGDcO}j+EQ#*LD?%sMHZhB4zgBli_?;&pBvE(N%>|mG@U?OzEecb_Njs5PXdJ<
zY=fGUEcs{#QCXNKDA6ByikzXe&6}Ash(Z1Y!MCKz&|XeCk3%F@M48rk*zMB;@#HLI
zi^<C%l<SARLf!53^Q>`QUj!R^t^Kl^+7|gN%CULiut$fjUVX?0b9)|)0hl02@pR%@
zzn0Ie(Y`jzD$0O*+~t71&zF}U)sR|%#|fA$6T^nm8FL0}>yZ*MmQ&Nq-F~Z}5fft*
ze7b9CxF1kva0K3P_*2lURJYrNR`;*-q=1H+r!Zuxe!ZsdBl&LL5RtRv>S=w^m7m||
zg?8;o;ratOeKUyFcpLXmK&@r1`ShN<$4Spm^=5mZ;{7F17d)5lA#w_nh;xTz6v_QA
z7hkpics7=dF4Fx^GMDX6!W31S($W5-*?J2$ODsGA5BIHqY>9s@W7ph8dSe~`j$b?E
zZP<MPYhkUmbRaHEs2~DTSMgo^Y(a+1W;Xlo_W;SsGZ2pE9tNU*`VF6A_o7ZuQ=gZ4
z(lX=J6Rj78A;D|be1Git3AkbH8XE(>+;PBTGZtS!<0Lu`kRs|xBAtL<E*WGWu4qc-
zXf|aco;WzhcDkc9%W@_8L=%z%)=C&;O-l3=udivu?@wd4JCJtXPc8TmNfhs#^k*5v
z@H6U+6PL?BM~=J`bTg6C5)lpVxl);7V#>rRvw7iGH~q6^7>-X1WSkheOCt@DWfhY+
zAva8Pl4y7IP^kAb`7aBwna<22K13?fD*o8?{hG3{NSiX1XBEpGYKf7Q`pr~ObCG!+
z^@~N9R!CQSg<g*4wz8ckmTyEGZ);4HwuYh~!y`_;8?s<w$6~qM4pPPyNxNdXp~;3{
z#G1FjTib@I!cy79Btv*}4>x7b5>;;4jFm)f6Y0dGpiF`TCm9n$n(FN>U%pr}MT&=#
zaIC{EY%qJi8D6jpKKqx>X%<vkXX4ydJT`OT+g6zGTuO(B0i5uf)_M{Jt8A<^I`X<9
znq_-2xn5vK+_&m;_gQco7j47je4b`fR)$m`3FRLIZ4^BTjc}#d{pf@}G12yivVix9
zmsjVOMq&3d1<<$M!^YjEQ5$vr8QmXc1_nN_{+n-cBY6HxLtQt;7Zxfsvmj9}sQ*0*
zp?!ImFEnb~ujx3%ongX;E`I}RA>V~}C$;I=9iHR31vcQ_6Co->ntTIb2{ZeqNzn`!
zEjuf#YkA0{=}O^^zf8gNyC12j*994|64Z7^ul|fF{*pAEqrSJd*XPMJ8X@p}hf_Q}
zW3idS2Gg<D#1z2A6dB<>l0TLfzx<%GJmnXDG*tnEP<!46ayCNapH_>-g)hKH!!{((
zC^asZ2J*%-E^X!3o{>f_S5vgnL^%SGr;C3kD)K|~jz{IDh=9+Ufz9XNWp{*@Rn%xX
zg7Splew`raSnX7z5cEC=dT5Bm#15`CBW!co(Pp*&>eA<z5wL=Fs@^bxQ>9D-naf?b
z*viQ2p!!QvORh{yYe0ae{TavmONBN&h8_ZcjP8*g>AhcmsT?upBh=I8NE{|`v{KnN
zep8f31t-)U<P-$>URGquW`&0rL5X^IdyIGUjKzDt=@NL-pYqHrC_-(d={pKBh|a&e
z{X7Yt(?Fqg3n;FUhSQH%>m(a#9{4uImpLj)1{uKIdxRM`)?*<bvs+X?7v0s6tfB=b
zpH^V<)adtm&UlhtnkM3m{EVz#F891X>?Y5wPDK6Q+m1XA1w*pb+bf*m;Iel<D|%1f
znwvcAg41exdMRUu;~zNx%e$(s(l&uLbDQZhaDW$$DlR7$Hh_GEH%tTc4ZhwK-sIRl
z({@O4fkh9Z8|mEo9o<cUC;xy2b$D*4N=fp!f?|IC>wIT|MZ|Mrib}2CeMK=edy)x4
zrnkc2m%4f==Z6fHaq!SdiFjlG9rErH((L)A_+_8X{Th4w^?-<47%gOC4RuIS;gu0y
z%^pP+eW>SCl|k0nre~IRvjq-Yu7be5GWj*!>7TaXN!t`DV$XCOu!amM`GwHPT3l)*
zUe_6!Cg+CwR=7JWxmep<nDBeP-+A@eK;*^Z*Dc(@eo~#awV%c@cX!_+<z!boJTcbR
zI;)?gO(+#Dzg?`mm${v5{*G+)vC*UwMy~H2;Op!G<F^h<oQnjlKHmx)EPl(pKMl*s
z5dl{;i|Yav9pu-5t-kz~!mrt@`yKm8p;c+oYF>{fhj-;bz^Uj&lA`$#hEf9GZxSX&
zVWfUu2}#l>TE5V7^ky4ws!FYWhtw}l_2l_+66$oqZ{lyKmPP>UnMdwz>DSvCileqm
z>BMNVa}V7nAlhNexaJp3)Fw?%j7CF78A{t2($GogK$$n)MRdDxO+>^w15ZI6Znk$n
zC?OIr)?fBNJr**Hc=SgbMA}&69H)t+-#2D&A5AeqViTKC=Iw2S=nW?1494m@@ebrX
zfj@P%oAE}Ob56c+XBHdh!^OgXhUuuu=iPH`#{0Fni+OM-g4>ob>0=V4fyIBn;egam
zLUj5LderVs{7z?_T&G*<>^qZ=uN!iQX7Nj-wqX3e4wGkvtI=A~kE2ts+2!P(&vh**
zj|7dNEuB6%sT&-&VJPgNx>omU6!_YnGo@po?v2=KxSjsm;@bH3AcXA+Ug`kTCj5Co
zk|o<R6R$l?4KXF%_uW*@7s<mx=Ke6H`p_Z+^sGPhi^~_yMdTz7sDkewan`!L2xxLS
z!*z)}dPK6$98<p3n=$~9!{!qXSJGCmpFex>XPdcY*544!1H(x9*ZwCd{7;Jb_7&F5
z;&`rWMn`kTeB)@>De4z!DM<nJ_7y>Gg!x<o6r3vlL(o-ub)5L(?X1A=EPSMAQuNa6
zfCzjm4|nZ^B+SEiHy`!+<EP`+<SPlY<qJ&IYA1IdQ73!)!w>Z1?A;;tmq0JB4<C^J
zWqKV#T$wW>d2~b-ki*6gC3TWvcUyO+d8HF7fUoB2Qy=AQF{P{?5(NMr0b#AnoTI=f
z9wKJIBRo<N;C*=`_$wYFv513c;@IAqkiHm3+#MJ9yP;}-P+BkjEX*(A0)MqLu291!
z+-5B>*<OG3?o=v$n)XMYaG;|-b9<xZ{;avlMoT{{;>{zdUpkzuUda&PbB#q;y|M7H
zxUl-Muk|J7A2{Ezzqhw)(j@HREtYvI#Bq|ekzeY`1tux=_}x`_{67`&pg7ADQb%&~
zdG?#2Gvj~K@4OjA+P8AQQ7+_nZ!%dsNfeQ9t>H19*cZ@gj6nSXQz#cTOS?xS^Jbt-
zpCE))@W2)_KRnM#M({Nt5nXSNjob?*U;w?z7cbcTYA7u)MirY>TQjmerJ&hf<~$*d
z9Ls!PxAzO3H@E7rrtE_)kS;_86Hj7J#hge28^Fh&NZu3GFOIxtZahd479oo{PMuO$
zF42cm-+;8HN_<LvlK5G$fFZU=tFVPQvK$8ugV7z;y3el?+j^qLaQ}Uc++jP;_yAV~
z1bb6@<LOR%HI6PBLpM{o>-luE05_R)Xnf*Gf&tc4HuYx_Rx8;gg60%5wCvI{*VBr?
zWzx93dGK0}94QW&@^BOh{%P~`MzWt~#qH=0S;lrMWBRD7j1K;2AK{e_UIMmn&&Vw#
zjh?}SkXT)&|J*SN6)R3Rrog>&L?(_u#laohx$BM22^kGz#$cvmX5{6M3Z|RE0zH7*
zSD?V|RWpZrSb`?Tg-`DgC2REcpF<ztpk4>P=9CRdFv%bb@wlhybiQt{V$3|G@6)WM
zU4OW$X^YhTX|cq>H-c#HXlP|?jK*+gH{#X)uqLavT#g%n_dhDce>8~zNvS_$INL{;
z{@}2vX`zs~ou?JDjhQWhkhhB~!R14~o$eT+e>(dqMDq=RiciPmJs_OWtb>r%Rw3=a
z&>RlWr=HcX!)v@A{Mvk9JxOWpK5>saC1?wj4p`>Z{%KSyy?wbgpd1T0ZA;g%37A!X
zxr+v_l}mSI^zA2^wq5SISS8@^P~Hm9u95ioON8evoVi_SuGT!i`vERjr&Fs5MyJ+9
z!T{(&FFevR+hJzO1?lVob-<Sx5$w0B#B=~V4YFWTTU)TS|KWq((&PkUP_#pDiN_S5
zKn`EPpoqu5<N+<s*l~_j@`%E=`%Vx`I8Aqn1n7w^{BrHHmJHrT?+Z55x}1C^7cH0_
zeubszIpa8?{=_o#9wa;dcOjlpRdSZ@5SVC%+U$#B-U%Rg{~1I<HdkmQ&Mx$UdHhG@
z#E$Rg0tw^9`$B{A@!YhT%#n4IS-xa^<0*BX+C-ctQQ{9Q{)F{((-C7-D~O4K8#e7L
zYs;0{N(JXPf=v`DTSRjN%|AO`L{>^)1FHFH8P>z-CwK_q{c2^idbgnrXl(U<ISfG&
zdiAL;XH>*e5{yPF6Tm^K|5d_IBn614MUp{592+#(TWI9eOEJ5%A@*=Oh^mO2@vQRK
zkQGLmr3ixMFw+>rMZl8%YU`l~m|h`#QV-kYR~7LTjEPaUp=k6kvJ&jZ!>@;)TG&$I
zIbsNaDtz7y`d0lki+AsvtPF@0fJ~p4RPDUcd}zKsN=c<qdHsw}1~9>+d%^xsuy-@K
zl0i@<2w6Q{`U>VNW=easwXa?P@0Ea93?voTyZ|_p6vb(1T;s6ke%X;QVSCLz>(q!v
z8Lj-MPM@V?F3p#6>UrbvbZ<P$j{{{*%2MCWYTaX?cq8?WxtZ#3|4d#dQKqNoZl+?>
zU7X#|3h5c6X&vw7?&G>lNDprVPIn`@d3u3b(gse$k(+@a{!5Z;=NOSt{LKLUgius|
zj^3;Z=#@=HYguw#96#Bn5jzSih^qO&=Wivs^4aZz(`bm<;lb_N#ti#jbOGmMZHH;G
z#a5*h1z1DM#vMTW<xCL-0uoe+f>vpeIP<<~f9D1rOdX>*9gBS&9vEk}-I0s5eCzK?
zQ58`fOzy<sTECe*V8L~}MCWruP1T1xz%=X&Y+vC0sQO1XMO#>h*B<g-kMX9~lTVhj
zOMG7OXjuC$5V!nLh09;FaNgdAUZ5QR{`y$|b57~NtopbR!F#T{5kY4Id7WC$jXasP
zv<{r8XS<GW0ye=*b0^*E$deD7)<*^&l&`lNXaj3zglSk9l6Z_gLnHB#Rk{G25#8Q%
zK7FL{TGazf70~q~ZVXz(u%`*rm+qx#jC7)BlqM&?e}{@1oz8sYH)d6AP0GI5kP$M5
zy}sbn2F9+c7Tgo4BqoJ3GY_TZ#B5h{$cjRRn*9Jq-HeU!yxdFJtfki4KViI6Z%WVi
zeL6Ia>x$LmgyW30P1ghw@m3W<L*WMGONiqIpk~%0x}Rf@&e^{)aK$$|;vJ>hJ$2dt
z$mI#&yw|185=7x-At@uxpLL=~&y;H_M|FE(E#&7aGMnQT$2ue}XQ%xdY2I3@J5Hz*
zOY2%SOHdKYD7T!Zd@bEjm-`uweFV+!kAkZ<m#s+-qsfTs1uUmZ@IG6Jc{X#wnBq8J
zuF}nQ+Abnv4f|o}mSODjc|pPB#BlCRbh#56l)1c0iAmX;pOC4wk7q8amN+PTU1`tI
zk2<2gu?vyNU^tln2AST!?XBWMYEje)ZQyjg@T;&PK0)n{m^XHPBWrW+<NDc9h=~*`
zKe?OC1ACP|`ABPYnXasB&c;^qm8DxvoW!f#C@q4{y}=o89*@S`Mo%t^yWmo?AtvWu
z9dNpv<2Jpg%T=O)#fPXC`G?LzA<@mgCUiZ8bk1FJOH9r0jEA?8H}`S*OTP!~Sd#79
zxs6(N?Caq*B1!I;72O<`AYuD{q*`{m_J#Wo=}VuaMxjOln>!|-*M0I~L(W94+$KZ6
zDii=f=U*>`01Bx;O74Q=$&W&Nlg2^M7VEdo+&>}7J+g;sE34laWjyt^uNTx_Wy`@L
zbiLZWQGGp(X{%PiciQ6XIGXLFd6ie(#SbH!!C^7kp=5px_L;ql)?CXsPUFhcy#`kU
zZ>=Kzi3>d+zr+5eh7|lA|COvxd%lr|oCdW)v{|!))n}^u+lj&Mii@n|=W*?NYq-u9
zrc$?aRJJ+uI}o~3^hn%iVcch2+SHu1VoAoHU?Gb~zoe9NGx$jU+0ys&yHnxtDT3uj
zizRqIw^P}xZC|=KPq-m|_au*bIAD`?h#5Wk9%8$pf0%))yltF)^5uG5k%rt}hdVP3
zA=Mp-5a9nVSg+5QB=CDDK<Kk>Yn|m7I=Z*pNGo^Lo}jnYb~A=b`PAR5Z82~t(>D@7
zd>Q7D@0!?<;&C)0B2_=Lxl!l^Q!7s>c)e*ii(q8I7x+v`>`o}zzAi1=zeG)><Alz5
zPj-xjwwfd|U8Aq87kSAtg!U~y(D-i{om+)#8%Ul#t+t=dk_!5K84bchF8xh{tKN~l
zUPl_WNT+4^igHpKTG7F(kz`aAc0{2_Zu88zH%X2;6jEw3G>v9WIQGI`Z6o?dAc4vg
z2x3!aa+Z<~cLf4nhe)Z{BKFWzZAEJ_T0n=vvQllWGH9AGGEemx@MH^pBr6#}V@Qvz
zk)UT6l<6i)Dhh&yl0fAT{9Z2Kd`MJroy}OVF4NjT-CLiRyeKQ7Xy+MbUD@NiV%0Dr
zT_A%nkDmhh?`*B+nCDIPi#@V|okUG?cgp!9PSP~O`3V;YYN)>phb!j$<OGjXF!)DC
zO}_Piiz;O1VXUX<;8eH;78e&oHzO5jnv~ID^7|S7>ec5;AR=(r-IrCA6L<Tq`H$fB
z`*ayt{_&GOJ~WpML`akT)Q~DU`7ReiX1aB1V073qbth;Vy>y20_#V<}-_ubZX4UHO
zuP_e@`ec6(5Uv~_h4UK0-FuynrwiRK7o)4d>A6;yGcnLl{=cEvM7}OhL9ss{dwdMC
zz-(#J<AvVbmJ77*<MkXR*avBM<o)~zI`9RM<%tr^d!`e=&j6g~BmZo0=M3c4L;}5=
z|8tiQ%w!9vd1il6n)JiA4+n6!4$XY+H~O`?De!QyF><yvLC3ry9XE|`FA?vkgGh`j
z)qo`=HE^6Z$^^UXbV^wkuKZ7E$sabyU5H^$7t?5=W!V+Pp6u(b)!_bUf}Xg(Q2P<m
zG!$U*6L^0S!#GMt=8NXm*a&B4K^nDc)e(^$AI`za%dV&+veQY@{Tr6En^)G8kc16i
z4WZs<TF*qcnVhPd^EH)e2n+E~^gTKwbN`id(qbbHTV#aFk(iSFcW0@Tk!?1Wl^Q9#
zxkMvTfli@pNmXZ##WrnqW35uWU}yMi=mAV~tU|1mJ!WRIF8-vzEpJvIa~{-sdrEbg
zfjDsxblEPuLW9K&O*@Z~&Y0&5poq2iA6^QCvI2yHq!L)wm~fL}$MBc0UM}1!*MTW?
zeRSvP6_KZX<hG0@u@azPl;XB~JA04Vr=~ydsU!wa#Zk#9(?a>Df|zYa$(8D)OQV@9
zHNOMYP=X4A$ika%!bMc33LdG%%Oa6Mi^;H)9)`c2_waa2<5f(9>C4!cQneP+4g9z=
z+8Yb;__~teT91ioH5aaItjoxJxv3O;%UWodY^Q?|C{o>#6d;vwm`#zC7h{R48^J>6
zS=Zt|P1Y(eVSd;ci?d-knJ4lFWb-yZot;&}W)1tOnS^5{#T)qWPUpZ9N87<nT_KUt
z37leyo=2$r+@8O8828nuH6my5GJ%457S%+`^<^1`qy6ClrW$<J`~H>q<u#asIBM(P
zV#}|X?{=^Pe-|eN-as~*3EX)(qiqvXgv6|nM-h<h1w_1{^Y2P5ZyaDx82LLm69O)$
zEaw}qoGzAz5Q*l2%Nwdbl#bnWj6r><#v)Zgm*WcUW;*HS!YC#KOJxztR0={L!Z$(~
zY=B68OYH}JtTDb7v<4&$czAf79#=S<m1=4_y3p^lGYyBrYyeko6G5R=mUYobdlkYR
z;mn`4CTQeq&m!y%vQ|svp>3<Qv%wYOBgy6u<{{5_jf_XrC<_f@41BJxbJT*94@4qd
z7t;Gc5wZHhK5<?Z`Fa%cYhyluwbJ>W>$#T}R>5CY))4ri2Ct-qw@<+5q*GVTMkx$z
z(+(x=XFBPcaJC2?)zDLv!eK8~ebET&MczQ4#JQnf@wbedMy9Y*Q$E5f?N)ey3+&im
zir?93H}b?TYr2DP;jOw`F*zwnG!~r3w1cA^N6^hu>8chPt;NM|B=;{iG6qV{69z=G
zLnXDjBb1cNXlY2o%E{o^OMH}~uo9r#i$-y$S*O+EmMBb$Pezf`Bw9zOVFQ9BK(Mcz
zyCgKps*>%ZQbr_X9`Z|djH}s+p$yZ%Jn+=G<|v^hVulZ$wKbhI--tM(%d@ciizBWP
zBuBUK+pnlRlEiy_KkUX|MS=E^*+ysp8;!rY*M6c{^JV#pkG<LQAsaOg<`*Ah4j`%$
zo%C#5m{$E2_M6U?$M{6RlUuc&o<hV3iE*#Ok90pw41QtsW7v(Ad$i4!$W5GgS)iix
z#%E1iPBtdAwAsvz+`+^14tv3GS%tnbiM9+a)L@Fr0$?oea+Je+TGo~C0RHYN4arP#
zZ_F_;pgYS02)O-Uv6u^L1Rv@)t;%G6LG1}#7EZN-5Vt**H?qXG4bh(oeK$%BfYX4k
zf)J@4Lhv7odAFbhf3NW4yocGs=Y;NhmQj2K3>pM&ksTC8tlmoS-cO14O@W+Fnj@Ee
zb8g3hU&#KB2U!3ww4rI8LwX`u8{>0U!&J-`yDebVRd2pdButr{6t^oo`vXUvA$d0+
z3`E@f?Bt~4dWrhk;#XbyKHzuqbI{W_q~4jSY?6lXhw*HG00H4NX(xy1o5L`3YR#zW
zs?`M^J8g`1Yu=C?g2(Q?{M#oKw$lsglXa}6LlLC2U>5+J$rGKPV}D5CS)<9LIC28T
zmq>}142$PAhx>QR=@v?nI#{a2p)=T0<u@_yoQ%U%>jnu__!YK(OE^hNWo1bNO)j`o
zy0*QpxBXoHwK{u-=~Z=A?}t7{_}z&qlgAlhr)rKE`_Rua9Lfqqky{k%tbr+un4eoI
z3nuvNC8(;Poif<TWJb{D=P=h^oFU|Lyn1PVGkGKtn}P&)^~1m%UkxVQ5*C@Wd>Co@
zH$r6N5^8u&S^)V$EGdAoP>xf@ykHp(+twr(oo7J2j1N{)ip<-@Nu2lZA<iE+xpea(
zv@ZHOb~h0c9hlUDMKX`C1|rGzJyzT$TYP9Y)By>m@VK0%`S|3`hf80#CT2=m-8Clz
zxER(U(J~kkEf?YLLm%|ZhClK{Zsaf@4k{+MF(%@?>8BEUrea3QR%T?IPBHmiY$2J*
zWiR>Tkb)dY;BGBuUypePcz3{Mm$aWr@}pjjEh01dTk`=9P73>bNSsci$7kJ@i~Nzk
znrz3T?~3hz#L*M?kco6p(%u&f{NXktFJK?njVnpu>M8K^o-dR(op+Kz+i6z!RIs^G
zGeSe;9(*k}Au9_&2M;1ZDByod3y8w8LjYwiB&_QW5<%sIEY&#vr(mH&0)OV?mRT~}
z(>bR!`Tyn&&eZ#v@6Jh;9ZbqJy>B41Y)6b(YI{B~%9)N`z-#wWtr+kbw%gbiYvZI6
z5?@`8UY~CWgyS~z`f^%_S0al^1H>!HY3q^yTFxxA-;$7F`#rdCs<<^~@qSGM)u|yT
zjDlxTon2h$MrX{QBUAKz?|EA6c7`XFgp6kUju7!@p~EKnv)d~pqL>e>3JfBhwGs@K
zr6*Fac{Cz?J;~S`eeW((jfO(6p*gV`ng29%x6Uzc_51o?$%$qsDQw6+J%ss!wysQ{
z#;SQAqtz)JlZT=vJf6m;d_EQoy!3feFVhTzsBxp;7;jRi_xAQ*U4}~1$bWu4moS^)
zlUGK?0xAR_t01nCQ`66XimcPSp|U;vf<Z~RZ6@*+j!TNxFL+RgHrn4?h{6AdSc0bP
ztH_1bMm5Fr&=BOOXjEypgyvGzmhNZZ?A=qx=LbJq&tF8NjLfTD=Z7N7%M6*rZz;ik
zk)iOwlo>{yClCyVg)4zC6#pF~+R<FgDKZ`|$ZWd;eEQ-`b;EQcBZ>x}NvUj#G+{BN
zTFz_kDltd~OL%S2jIMGrS`k4R)y6lFsDP$u-8QS7%!*H+$&X#6Lpar0f<Ze9M0{~<
zH;0mF=Q$vaEH{=OfKo!WB=1Owrt_RreIax2g`z4)n(J{u>8u4oNrm=BKVnp(@;@)(
zS2ESM82Ibdl3jc&o=zaUeytUBaYB49*(0yc6&jO0NSXwCDb$^Y=d5wntJS9Pv^get
zn=PR87f#f+C}f3ODOS8p%PDkZSD^HZT?=U3O3b$P8r=C~7q~2&m(3S=>$X&HjB%4p
zmr8UVy}j;B{gv!Q;c4P(`Y<sh^9;#gxQT4IYV!w9xWuBmbb2Ad64KREWZpl27Ptdd
z3Oug6z6BUH=K`~601f}@G}od1MuAF5M@bnYI^1L7*6aV=x)Ux1)cb9^4#6NQ%~}a4
zu533>X+<D9-ZWR2hzRIg-$p04C46W1;C{Q4F0$eD`>zfA*x&Hha(jtec?H+N1JPwW
z#76ht;TEDyiE;Jf8DZ(eY!2&(;+-Bf(;GSSXc8Q$$C{;!)d$OVTwi_a*4Xa&3CX+0
zN3qYfVQ;E5w_MG@f>50vkgjI+cAw{QjQMfw)ZJwU<YUX=@y5t}N(N}t%6TmO2q=9H
z8+rqWXKW$>A6Tv3EMhwNf?m@`3k{c(U)pG{OLxxoENydG;;x0l92RBA{~0v3I5x&W
zK__`!wOdYG+Mjx%NbCpTAo1x*NgCdg>1FdDE`uJ^X^d}+R*1&)V}JL4Y_Oo?fpO~A
z%(jeBpo(Z?UG_&SEZg(Kev32G3Z~Mfgwu$QKl=S8>K(Mz5mTIM1stENdUHjCo_I{W
zU??71(?4}N`ezS|d*=Pz${_oNPX{_g@1|Bu`jQ(_!41tYduX6{Yv5;IRt++DVrjt`
zyozQv;S_#YKH*S84K>`nR4ZuyAU>3_a#`A3>}gSAkvCD3S&|)6(~ss#yOQg`qoz<-
z&B{CChX3Xc>_bC>3>2@Kj?k`;U=bmwLr$<_6MQNp<k{PkK3z=to*%v$&D3-@k0|>X
z)T`|3ur?#XioUNNj|iuq2rEvtZ|zMj8MUCC*dfyPE4@$a;eNUAyt-xvFY0?n>ged)
zb2L5#MHzp+jebn3IDnfN?-*KsGVcy;Qrl=d<BK(|-W(?)<^nmP&C?45E+0BQ?36fw
zk1xg46o8Hoh--lm?9x}?;^&s*kZ_zhh|X{G5a!|SG{@vHd9QF--Ln*Asj&vj2@Wtp
z<7X|e?}l^XxWV<FXNvB+)U)q$0DV&G$rCc{GxdK*dF=Jzr^)6#3GaS+FuyYLzf^SM
z_jcS1r%O6(e7<OK6EhmDl$XDBeeWL2afnQxAvQ+;G6R$6YuT;R?lUC`xR~MzKj9r<
z20gC9)c=<SIQ##kF8@FUj#@1=@V<KinlX3N3>_uAVRPWaAs*qAEk<Z)Xbgn~0nm=8
zq5>-aZQORmTYwbx^x&1xfiJNqD?!@%pCTCJT1{=+{4jIy!*`(xt*@S!5ns6M;BM18
zDcD>pN{1Tf@n&0(f~p-X2oO*9Dd|M`f7_Fi-j3@U_dLyyeHgUoK51{@6_V-Jj$T<@
zmL6eZ+Yaq+j#kyO#}mo8+Fl(lXDNO+A<AmKJnG~%&-T7_TraznfV&XKN&Q)2UoL~V
zHdbhEUiBk)Mq#D7A81LZI3NP8zi{nQ$ao)FhsSUY*U1f?#}aJ()oNirs%pY^3ulPp
zV|#LB$Bg~pY~#dd+dP;msF|d9@E@&kIMWgBOA;(D<3kH$><!D1CbR*9s6Ms|;A*|k
z(zr1liVwviUub{e)saf3n&|PiJ}hQR{r+*aZEkC-kuhD6By#D5&bx|vMvU;=q>F>V
zOk^~XbVC}0fk)QU{tHI3276C#z&BI;!Q!8paH&JHRk&QTDUV;($HdtYCzutv5HTfa
zO5{fzM={}-VvHqCPGDd8)s#&vC?(@0>VCzBPJEiCgpo{^O(u_BhLTofbHkHy(*6>s
zOgPpMQ8E5AF=9_WLPnmvS;`^u4wdR$YracDAh$seo}GJNF+M`}iv&{94|<xVNIObL
zEYpWdgMl&M@G}8IbT8w!c_uk7oeAn?a=?EIL_+xv^#@H|13S}--z(K+dHY^3+P%Yr
zp`4e_Hz$8yZwuC~f9@zmEM1jc$ROzc{Zoi7^=-413Q*CT>@WUV@GHYg$bX@ZV1Zk8
z17htWqY{8g+1DXO=p&eI584k2eLrLyJ{(sfo3)y)_sJ<3@mhjZha-nHg}vIinByur
zrTQOLa^7L8ci|ncE`W8QB8DL$fk6zT;mU0)myS}e&ql)-UjsqQzoPxqAnB}jg#)Ar
z^lBB~ipZ(<2)d>JFli3lTK>jjOk;M;O)VrmxicWO<NrNtd5JB~xxC4KJ1{0|@A)N6
zP|shCg_)=xF6^w4ado<zGHLV8*|7PhB8&p?_6gcued>&~zNz(XYv!+rrPG*aSmcFu
z?Z@tee>mksNLYjUKKc>(j?blML##Eoy8XPy#VV%-rb)1B%k1x9oFdq3<68NFqv5nw
z8fGmLuE=;C8Jl^=@*-0Y?CORhzu<s|-T<nTMlwF9y8A|s98I=25gg1XE~TQ8J&-l2
ztld8SXV-G2@uxRoP;F1lok$Q|e&g9Y_nan6fz1eVs_zeRCyHbyG{Goh<a`)8RxD^<
zYT_j_Y082mG<ssRI2!a19rQ>{GfcJqZ}MEVYtaUJ;^z+$$!3T3{!-K(d*ZPX1#V?6
z9{Z+n&roKd^@&SRcQPIsB4?%?u}@^N;z)rEys&^X3}cQ|;Y5(wO)`Vow@MNb+Obm7
zjNl_`XWUZUuMNb-I##HI#_>#1xcv5JWxp%650Y_9$Qh5uu_Ooh6w!LD6^(bXhtcS%
z%&eDr%!kYqv{M6R&<_$K$SYIVr35(iw{cB=G)b~BNN)86%)RfQ=Ai>;KaVQHt=avF
z{9HB>V1Z@^Pc{b4M&$I!mz7^eU~R%bkZFzfGf-XaUcdy(aP@H~5@VX$t7p<fI3uo<
zip|-TxM=u5vvW;zf*?ot_}EaQ+faxJWl5@dvj1`BY=68lul8R119FdV{uHK4-H}y6
zl9;OqHGdh<>defbpm608jwdsJmC12<L=H=fd=BMAL!BuD%C{Ad9YcQ;{10z8>h3Vt
z<EMp}y+`P0>vcwFj$2QcX|wqsCF_wn6dgYPIpe)w>u=8|ftN%7FUtF0r1y`}m;V!O
zu^`><*zM;x6{*tGuUW0;7|Rt&-y+GAG6|<jFL?E?kKMJ|uLxB!aCBJ@4o;(q@&?@-
z-<OP@!3*CMiGDQBOA_k)@NbL==g|XqlRbS@$v?kpa;H6krD8JjIFH+5SXz-AFVuy<
zd~3%WQaP^oKE?*WgFc&CURpxNc?dW@8a4ePH*;OK4d!)00t*yyg9nx{4{>HYO6v4D
zSPxJ`85@1{!xaeL^mrS16D7vPL33u1?YZm}81;7Ylxod-C9a&&M%IkbvE_evl-Sen
zR_Pb*DR{syy}OFmlCUv_Te@@`jRa$?Od3(l<csM8xs!d#3WOc~!z{v-WyQakEwhzG
zz4#H)w7*i!x8Mey%<j2kMd{5c<iwkyGRZM!z0kidGZ~L!tw1~tB%u`Wcvvzx&92uL
z%}*o>39z!Wg(FTLrjUgy=3ws)q~y@IJ3-4Y%npT1MdWzFUn0z6R3teu<)DlBT`AQD
zLk1e$4T^q_NM>(&u^t4@;VQ;S{E*4~`N@?IQM>?wySXlOFd3GX8ZI#l+TkP1x6|Em
z%{NZDil@qhKh#3o12+*vf}3qIKBSFVe&fp;#`2gBPZrn4(cin0YDa76(F%;UMbdE~
z9!-I#VDd14qW%~bDwc~!jjw1Q`1@}Uh7Dw1ky>xJMOqC%lp8g`Pvm8B84_HH<w|ZR
zC>Qy+yk5?}wXF|plzole747A!Ul0@wWhc9+6!R*7EeOxyQ*VkQ{Qd{Rfdpge>K9)i
z>EMWQr$1k|PQF{Cou}EgWa0wAsLUM?dL4I{v+>j@6%ZB#AA0x)LH++fR{p0|tPk=S
z{2-JSmz;>4I%UwCYugd%ZRekW@5=kN7{bQmuTkl|f;lcTRZTkHcc)O)f(GFR62Ca^
zn=xx}@$~nlwQA-(&pc^dj#2{?W}3J&U2fpeY^v+16B16%)+$tcz<dF8aRv$i1H8_M
zBQ<q&qm%pxSgeE`YpFhRz~=Gp?el7zF{ds!i&Ub!^E=j@^su7bg{m^;?ZN;mKi~_`
zE>N7$eKz7Tl82Em5wpdlp=#}Sqq$l-!c3f$%I8#aDcbLt1-Wd5*lVWaBCKBu{?yrS
zBI=`(DyyFTS;J|$KA5mMaT!t|6uwjx?TBQ?#VY8i=Mmo`mle+vb)tyE<w|5lb*Z~7
zYW==!<v!ldW17Td*bt5p9l@N;UaH(LE{z;Ti2h*N5UZu3BXEd!SE%<A*MVJPcP#Cb
z;fOoPnt-V?4YaB_DV5Pilz=bd>uOTwH0UrF$e9+-Bc{ny&~_rvpk`hGvYanZEJk9h
z%!adR-zv)!;+wtQ@#gjZCAZwZNBQx{kLGBMOHLgZU?KZc5vlAla#9RI$Bi>hUY#})
zGPCje0w>RDi-Sdt{Dz7s3|nR4qya$<g$w~JIlVSqkaAH_I=HpQWI0FcdJIWlhKxi5
z>q~}A{eh_UT5gjuj`H4VFn>8mX1NKx^Q0=025>VRM4>T5J^az`tHa3##Zg-Fcdp4y
zGIrX0@g&>2n}}X1o{M04nXncl9kx*|75r9irzf>OLedQ`mZ<h{RH>xMwD85`-^%p9
zo^Xp2d7gLLAr`H75f>9YqQ~)M8Hw*|o_-C-<WCaHoo(^0RKzgthTG4M{mmD;TwxQQ
ze|89e8&&;aieXC7oafturJH1k3%TqEs2fE8ORYojq)^xc`&?1*!z1yzbI#TFjw3E$
zCG30tG%&UW+5vKTV}})*e6@&aV!Z+;LFiz1vQ$eF1wPiv>Wx7}0XLE%s+6Pi{gI)+
zi((PtQd&Tfav_F1LzC+Y;$SiQO0D-%ox$$AlTz(#*#_tRbfH_5OaDJ)d`*gbZ@Yq{
zEZbtLjZmqKE4aSfI?<i3eRHr2DxA~`XpuQ+spi^FPHa&);9mtFlT?;iMY1CCu5zah
zPL1PDN)0D-3lrhD7*4oCQLFXI<PAwwl~Jp874Zx#7tv>kKdf<NB26}8*>B(n5J7pN
z<v2QDqN7d9?Y~rF%;!u#QD*rI)koTS(g)Rch8U#9P#BE@@u}_A8W%YeZU3NBBC!jJ
zN!k|G)tPdrbNSsNM=&R0`@Ueb><z&}(V{y@;mG1{0jVZ%BZCuH3A3HB^~ol_3U@sz
zbv)w9M~Rf70zCT=_iwP!N2e&NpqZegwF^%1dFIziI|YKn2R7@|tBCkz&V_N^Mfv<F
z<O3IgmFGW8BMNXwcf*l%>nl{PD|o12B(-VkoY*q>ALqb#9B`e5j_K_6ig;Ao7DJtL
z8boR<D(2i|YGf!#Qw86pMGX1lwlZE%Jf=%VGlS^~DCIIoBYBw5L>MHMR`C>CNYsa7
z?4M-d4{rKTjD4K!4AF~y29RN7J3om(3a7<W;JH`E;#y-`tj-(j#J~|!02R$6ArwPg
zh2WbMp?vUn8RLVKZ2a(?Gf%9;EcmEMr$w%s(zDmN`O9%a7T>Z5-on$xuvNU(VUbvD
z-7>HN-z7oTYB`1~Cl39M!CVt?I*4OLDbdKp%UO3`ZCyPApoVr|y1V1T?(BI~qt$kM
znk8+WsvR;{YxF>H>>W}2t81?c%M*IdeN%Yv5I+c!X!i%<!jhfIF{GE`ee=Jy*2q_=
z3VuoJ<?g%HbkLP$DkSU==>GlcU*(hV_G`&Q!T(58JAUIi%<s10`mg8pR><a?KZ$Nu
zjg~u&@T9Gxs84Vc+QeP!>&?^S#1ITu$pjsnS$tC5wj33+X1bJyQb2xmO_q4O{DJeO
zR6O6#<PF<}zh6yn2lNg&-h9aGbe1iaNmmRJ?`LAxmB~UTKmahqtHHQ?aWB01V&e=y
zbcw*&Q1!bl{rR?+LYptnh8dBRj*MYBijoer35}3?lKpK_EGjwQoYz7cUPLhSkRdYT
zdCZ!xS>fPjV&2KiEL)MqVpYm7VeEM4_<8~56_1@K<(BzGQ8tp`j&(?aJ<qp3<D;uB
z*)1zFLe^n0-^RY^b`6L8PRQHRSLCRWmq!5ERZx5srzt$4joJ4nWTF_b#Wuw1gwg9B
zGFn1O-c~$@!ej$BBzm?2c7lseR3)Dt_`sWSX=xxY`UAmc$LAIJekXWHIR7<Ix{r13
z_SW{M=N0}K3>6qEnV=qNh^=XBAG+hm;$+u}K97mr^Mv|&x*OGD!#+4i5gk!D%HRd(
zX!=4N4;jiiom|ekSQ!+1ytr{WkQHyQlQrdkDDySX?UQWOLwbb_KHrD$nFxewUUbB5
zMK)JK4=q4<rgj2<M%lx$CR8&yP4=HVyi>adfWijjVL|IdnOeldc3<P=Gtfn>Gf-uv
z51Mqramudr9mL|>b;(#LapvQzyRP``xaD?A1G(P_tuE#`;nc8$)4zrq4KPN`i4?~|
z7f677EOz`+2wk|g-y6^FdH3Hfe7*^WBxsp&Sj#J7br}!eS)>%tVCgJ-*=g^azyEM(
zc20P}xAYmgr!CT*VW%HS8T`$*7PAcgWV|XeG7`f9E-HCfYN4)Ye^fqKZ#8`}nHnoh
zY~u5+tHh~axUktH?5ExkmO=o-#1&mXXsO(tKm?7)=}FU<n|Z8|p1*Egd_T<<5Im*T
z);<FjWp%%_t5L+LQE|<aou-Q&)N0qIde{0TmkDPBo!<FL!im&ZUY5p*O8s>bw|P1T
zPtMPqqAo=5CI6#i$U<}s;Y9u&b#97buSX-Tf15?>(4Jz@>L3mgk59;R?@v@o-!nZP
zPvOFA*AqFqcp=Eq>2I+=sS$ZM>#xEXh}OW7i7s%S8MD9&0WZy0_$b5<<V`U}`}-$>
z3i#vP-J`=Xy5drGbO9{OL=75z#EiFZJ2UG@WXpE2y1*G1C2C!4heD!SsiWO8*ZKXg
ztl;teIKJrEmQQd)iV+f^(JxTO%T*aOsm%-Ntiu7t$v<Ggfy%3mI|pH&=1ume=1;R8
zZ=aGp5fF5`JYdR@9b%4d6LLYt8oD%)j$mpvJq6pCLTxUS$7!>I0QhMp+s(p#TF4)j
zfZKlfilIpAQN*Kg;}+cH@Z`6Q(uC_u|GB0+C)r*wA*jUmeW%k^6)M|h8}Go({08i;
z_Iy1;V&y+f`(o(H0av|FdTRc5H?Uvz{DuK(WK$IQ;^-0MRD|D{!pm_%OiKx_1!4&@
zXB@%HpJDc66v!kKo*tgdtoY4fnO=$G7$@HT9{ApEwguJnYX=fPxn7yHyxhiTxmy5(
zKFCXK914}6?nqjl=Q+7i7wTb**QQD{91{QToZcY?=mJ#H_YdwbCdS}GS%0|iWm+22
zaIxjosU0<TeoThzUW&-rNGPYS-OhDVPUT5-&Z93TvVU_xtOaRH=7yUtwZOD0J;U}6
zhG68NT=qoBeXu1s`ed3fwcO+!%jDf-<Fv#S$Y0;wWygSK-LfN2H^04O$Yw{Rf65X3
z@J<nmWwh_SwC<YvK`KR)pEb}|eTHTd!dJ#+Lc;*L9py4;>1+z|+*7!`d|4_*jg|Kr
zx&}$e@J~#y_Gj(y#Opiigj3D8ugg}y@5uqNuj87aMYyF*1T4=HLWoPR8KQx)(a~9n
z*ljIA29vas36@--A#<zxUOgcCy_k@_x?5Zimfhm|c=;!)V!%R+1_v4s6tL$0<Sw!o
z$m7cS!6lm~Jx_29z%|9-j|n;=(`9>PVftjv#b-azb5Uyd#r9t(lkij4s+Dv2`IZR8
zde8^*ayQoc>Gj3n*@H9Br#-f|SKrPJu$^JQ?O(0KS=l^7gX8!?5rV7HMkMmK`BJ8x
zo1PrL;5kYW^En75Oo6@8jjV^1X2xjcl9gh*{H_^?J}*HF>-w)Di>1+(BwyH1uM@vU
z;%`(bCNmPh+0D!?uY0Yo5|W;wX9S!DLUVPP|2U!|N`uxJINVi`5soh@yPKmh6s0Ma
zisswpzNx6dHxvhnm9(kv6|p>Ak4<)GJ3I4ZhK+&Nbi<?UWXhP!9B-^F^UwJrBIvNk
zIG)!mwL4sSKQnix2JAb~R7n<L9yMN_qu^~fV`;?^4RRa$jbSJW^j9?7@IHrboO-T#
zxJqFn8!{spdc#R2hb@;OO5IQv!EUg#VMpb~*HJPi23w?yON{K^bj&%S>i>X@)Rl|4
zm`y2OTn5ro=WTN2HnI;Qsw`;NnsacP;&noK-gWyxZ87(vNvU$EVg<Pqx5Z(M=t=mD
z*pD_OWqfc4OmM)TlEfA&!`F{g-ma(SjiH2|@ITDl;rVhX#^Kb$81(K_GxzMHEdnX!
zknRt+RyfF%C*eN9xsRGL8x!yJB#X+FJ}z-Py)C(;YhuoCQ7dh;#tI8R@(ncv(x3Xc
z&v@9o964!5iiXl8uwD7h7_5o-yyoh09}3Dwh(4y&zdeUNol_0A{|QVujLZ(T<JFiU
zAAXb>q~B;hi|&iIDu)FA6iDD_vv$>N_6i%{sN>2+60KhlFV9j2-O-k`IB}}102(z=
z>mV-V_w(SfJ}!FRA9^|CJ&P9z|IK(Jd(KwK0oIKsmAFO<%T`Ob!amPx+b=6HFcyao
z9oNHcPVM?_f-1j}p_!^&?upXajkGmL`a7Ea>%LAVmaYM((d=6WHU0x`keMC-+h+P!
z^Pg~C<nW9y4*C{*_(;|zb#@e?+SoeEru#9N2SClkok_1}Nk}ua&ME(RuXPf5_*G{c
zS3IRVsK>>e#d$6U<9F;RE$_=2qJpz{VWf&7a*CDCF*8$#u{G*Uh1cW~7o|46HZ%R~
zt_zRo?Q7Gk$T$>xYyyt}{|r8lTWfpp=5u4m^UDkaOqo;a0M}I5sGvED<5SA&Stx#u
z*u`(_kxes^F`y@E+foe_Bx9C$J??Zf{=gG^B<_BCnK=DjDpTuc$qLx4Zn|29Q_~Zs
z?g9^=3-DNxXYLx!t_sgtZpJ))3n}ERyuLITI~-Ip`uppX!29Haz<aGFtQ>vW_8Urv
zz7Lj&KDql4RCJ&~qBr7q1;}m?QA(dUGo4zz!~hc`h$}#dY5{W)m`nu9xyPGYZyKfm
zEh<ZMPCPy2_Oklq$wS8VURg4kr#i6s1xEWFDVV@yD}GOuxi|m2@F+Zg_9Ox<ZK5U{
z@8`#mWIL=l$6c*~2^HIG8M!)c%sWPdg>Jvux!SuFL=@waK{{kV-;X;L+Ot+~4f2rK
zt**DcbxckI3*l*`dQ$ttd@xK<=hNxE4|xCXR{V;XD94e`d;eK6$B{-vjY0+P?@LM9
zt>%t;tXj~U_THZsl2ny5$GO`Z0v@Y@oM16_S=zXntImjzo+ri}J^*jwt3Oq}>5e}E
zc1o9h8<Bjz`f?T<Q#Jf)l9iwX{W!_o-m+?Ypi#wtSdB1WlDMjmQWKUH=HI%Ywih)1
zJdCnPOXsbJGW|=V?8w3q@DHHkJ{<ta>3~n2rRlIAD@T1Zs{1&5Rh+BfMiS9v!vM&{
zHmom&>=GPfYvKQQ`tXGGf075(H~fwooccz%+K;fCUKD?{uX}06WT3pt5g`W?0io>H
zuml{Ene*E2(Jd6lqTi!+qdEKzF^92P`&Oxi+RGP8Z=Lb4#PmFMc<LH^DPuCx1Q=?^
z-FUFLZF+~nqMi`3<9ah0)xygCGSl&<-&i!$0}K;F^-OeEHddbOA=O~D@MGKSLdgC@
z4yVE8M!VgX#lNS3<EI~`%t(BQ9gcLSS%S5RwXv8ahXP?myrC7EsG3Wick4jn68;)A
z8*c2j>**$%2D{aA7Z%fx7D+TDqrFEMk4xc?-3XdIa=vn;py6%#<0$5O*!UQZ(uEm}
zqlc^-36Z_}5t8E)9K+$1*=&rFkDTdagK!Jks;56hs#zuT4~s5;@%U7n<B5b>$lY%>
zqyBQ3eb&)TkPrG*F>gGpoTv)`ikmOHpv+w*Cs{2Yi$hT#FlQ)SR@SoB0YxG=rbb@V
z8pqRQw4K<Go?E3)oXCZ?C|#zdid)YE*DF5L693>q+U~uCvOnF7W3Ca$)VJL0`nYyk
z779#EvN6mHSTEq`qi=5%CNJ=`NsjeZ#tOpZ?OTjeJTA9jI>A)FW?=tlbzo{73^{RT
z^v`|a1t$YWkwZYWmVabq$?88?zj26LlZG8L^CWQ35Qs(rsy$tXxVE#q|DmIgbRqW1
zP2Qhr*!xTCxsd^GJ=bpi$y~9ZqA0NPtXio#OAZ(pYPjlMel}YW^tX`5IZ(i-s2w$1
z#0u;x2VE(9iq<#!*)8B*5v~+L@~;q+vhg-aOK`<ZS}CxTz6XZO2cyP8>~%vObFdj9
z>(}b(3$Ih`ukKtd`(&iHo+y(V`yVF91vB=9$IhPATuSx}T)fQ9Dm$d>9riHpah}0x
zy<UOIcL$~BPqrpy#!5S0ix76x>z6rB^S^r<`egC{H;Un>_4%U+rKJa`Xr#$Y-itW@
z<M22#34=jdZYZxD01n7+Q}{KrNCI#f!lE(yQhKx9gtaMH|0`Q>i`+<&mn||aSEf|K
zCIx~S86TV1Il1t#!^1K2?F=T5(NR*5!ge;dmOb;F-~G(w=BQrfb(7I`|Gjzp9j_Mb
zLMQ{5JK7%B4Q{^tfH$#xe_86fU#84`u|&CfF#o&dj)y2rkpN)Yq)oKaX*k4&9vcnb
z?*ROxKwbMgI&of)uSJ73=AXb9xUkJheQjVUlleD?wM4;JZ>Rfa?jObRg|N^mPv~Q$
z92`+&Ni?@FHnmB!B`ChN&j{5@xS`hgw&1@^p(T<|=S&!*(^E(FBgDtut=m+mZJ!X^
zb^$-`NusN=s=$BsO)^X7c9U;sHIft%dQ9H$T4}c%mwtG!EwWMJL8k=ge#YZ@&{XBS
zACO4D%Jqy_q{)$w3K$d@C&u>w3onrej>9eu=H|-0_ijlzWS|5|9~6$UBrN-~rb8Ma
z02UfUC+JIn;NJ=QaqxxDb6l2{R=ivnBSn)4LnQmyqC)f{v)*mqiep&|DdYLu-RNgT
z0{71rQ7y2MRBbMwIUKqJ$W(uMs1=B7XlLh1)YziSUJWzVPJefo!cbK|5_&-iHFO~=
za5ZM5RbziuI}!k(lp&qKs}QGFZB1TI3N*D*Qg^+=S=j2jGKqt`YOk5HhVHn_!p+4h
zygYQ$5GrNyG-fD=wIB=YR<x3~3@zks3}isj)3i9!;+K{jrCMX1<ojB_Jw)=5{>F;o
z?d?!$;m;a<o;pP>yKYQ=eM<;0r+In&VR^;)r=n|{2kh-IM->ho7_zmMo)y4m+QQRm
z%D1%`kYzvoR=JSTXsXRIH?_PLk`o>yvI1@2{V~IvrXG)=hkD1m@vg^m<*DSebDYiX
zcXgXh*e3Lc<^_0rO{3jousWu#H+6&0AHCKumDMedwjFI+xJ%_cb$K=Vmo_~;y>C&k
zKTZuWA!qaPJKZr@vg;Zl!h_$qW8?<os}8&Q__t5!0QQ(@04bFCFId!1<ln!9|ARJ4
z^X2mSY{!*Rm}e<+?z#9r&yj<J3bYv{!H5Asw-<O03Zy(dddESs@~*l5f7trUs5qBx
zTio3tI0W|q!CeyE-5Lw7!Ce}+1c%`6?iQTj?(WjK`|G{WJ@4%E?i=-s9-{~S)mpV`
zt~qDbM<}#|VLpD0sC(@Pc`6SQBnZmc5o>Pl{aF(3uinL<txJn6;Flwn7!nX>R*3~-
zZ-7Z*n}+N1#Dzd^D4c?tF%Q{VQHBNI9yrigHOFpGLVgvEZ60MWc?Z~hFzQjrm&BKl
zl-{|>>1g&bL+$)vh~7j7w>5z47xh6M6N9Q7Dn-8oGoZjvC@`^sF)*kHLZ8R;o+*M=
zmsd15622a*9f1?L5pAKRU4}slKz+w=V7GXfbVJMbZC~&7`Ec#~Om=s+5*bm!pEv&d
zYaA{UlC~T*6uQ0S3>NI>QWIIFVOxx$`NTktxU|x1*?RG+8+D9+>E^$^0H$|9BfPS{
z)A-PA2Rf)^BGjDt2&IsA|GOos!-OAk2%Za+(J|qKP`fexfPFnIELHIBN!_XX{F_Q8
z97u^JNEHf5E{n2Z6X&9Z5%8u?eP#7ZpZ-W&A*RbD0*uX}ol9VZR0nduX1!Ij7>0*B
zd{UR%8cTGZgzXAJBO+~#f#t%&L0U{=LdX96IYp)%K&c8CDc(BdG~-jMX2VgT|L$1h
z?tBN+SFDMV0-qoOS3rYiu7Ow0piiQ~VmJBqV|CI<wX2e!cbx-o&*(0OBy4U~mSpfd
zGu`N(H&Rrrs(4)L@5*Mz^0L{$Vy*xklA!04q#W6?p9F_X_&Nc=yb*VSg5)4%es+FK
zZ$h5V8}wT68(F6#KT9fgs^FwFp?qL{a<QYVnJKb}u(b&Xp(ohyPU?&@9-c8Xde80P
zwz4VHN51A=yUkY`=5ndj3mw}{LR9MOg^=40Sc9}=)U~vIHJ4o_1{XFjKLCypGj@A>
z#>Yf(=MBRM8uo?v%*)G2GuH#;+zPrS0E6VnLlT8#@Z<e^@e9gzj<_%Ft{i9j*Mn)i
zx))C#7<}k9k>k+Irn&Vub#QQkqDB|0+{|MaS6WB531TI2YA|P&fyv^j0m3}ZsG1l=
z|5^$EUKST6nB)N3bJD5mYBpA7oKNi&s>P|*&eZ3wyPxc|H!k@xaVmOWw1LW<^}>Gn
z51TniGv9z)7neK|Qb$Hs4B2j<kx|a<#}-xq+hcY3Oi{@OtC!mP82WrV#uEVq-lv4Y
z^UUR!E2DvQsw!oELTOSeB_EqTXHdGvqkoS&k{0XaTzvD!;aG5qu4kiUZWW`1q5yRB
zc)XB%-<QKsGjQ7L!So77Lgo_jWe^Xt_8Apb5gyOk2lm1zn}CKG=yq}gD-sbbX2X<+
z9nMsUU!Vi08pHuFZrnIcne)F7FAXfYtyUUsFYcZY?Zww~4bF3lpU0>rM1%L|sES_|
za^<6CELKWCCRJ!fyuUUgVE(AF;PZxJ@DaqQ;S;&KVmDatf&^L<;(V`w_(2$_;Gb=l
zvjw4C7NC#|B#&on0eYPcN$|piqg`~x4&I-4=Xknk;kv?ocRFjJ!c`Zz`9+5?i3nv_
z7U}^f%Ccw8jjK9Ty|sc^Jimh7h&z1U5Tr%G7fnOTM}jS%{}d~MltF+F?1}Q?w<H&*
zaG_3$CJD9s<Qp>HNk`3rm`|ClAysP@l|461j$1H^z|ct(7hdv_noqS4SqCQ)wVSN2
zee(Wb1CtgYB<d7as^vrG!iO*^3Iz#e8kd?zu0UB$%%(1Fyb!Fs*nCK<R;eTTPA>G}
zD=P>zB!yUCMgfD>pPt}xYb;~*v)befFK;4k4KuI0P-41Jzz78_+rCpY3ML@~NRHK!
zc#nDAT#MA~fh_=maRNoqRX_u7TTX<S95Wr@ar&J^g9FF44=3V7`d!^Kzw)BCrvo=J
zF><!o7)5nMQ%FMwZsucGUu%4%Qgw=ugs$tcNzXVVmaEfurZxTkst)DKwLRjBP$b%a
zR&H`AvLFaVe(;5{02d-AQ1Mw0<(-3A&N*DSUlYr6CZC1x_?33&BZt)6VWg8Cp4LOz
zM;%VC9b694gO@#?QEiL>?4q4!f7SXh97B&3DgnK|xw8FY?H0N~F_R09Ls+~QtDvcP
zF^A_&qWyiW*>bz^)R~BER~J+{oTt#c@UIm~o4)>pa50`C<73t)({UkjBUrsYQ<oEm
z57zlW46`Nu_wg<TI5RzJyS2`cnQyMymO%>^25VSEwgRNW^IJE#@Hos%gnSiYz3*=!
zOTy}ba?ePPH98W5X**d|TZ?Yw5V(xI+3uLIXM$ltJ<BBVh2HP$)Y)^#)yDk{?jG+j
zsRgLV_aq@!f^cGa*cZFI6lyrRY&Rzg)s38kRnF!nTe*@-TKw5t7xv2Yd7n9<9Nsrw
zS0CNTj$MxfRHD25Rc4(4!ClC#Kdy@H<>G%tK*3}rMUq*C|L)MRD>p=Zualm1?W5+=
zD2wFbnhCz?L4YCo9*Bq4nT4i9j~xzEO>W&P{ki78DQj}8jSQgE3boCJ#X@HZgSv}F
zNUcMUAIF)C7gs~n5En^=Gkdi8$pwq_QGeiYt}KWCIE1GHLRAzBH{Mc01CAd73MM?M
zij4XT3|&1DPQn1-bup)Savr)s=llNFEGHCpKnfc*P-jw%3L!3BWynS37d5F|VQmo6
zpeD13i!7|UyF4%)F|s;dA8>$Mp4&9@GJ?3f`qI;Ge70Jvz-7mv7O_hzU}^ga#AMyB
z_tbbO7(T7YJ1A{<aG>j(A`@^6`SJ3+j518AE<5JD2py4MMKsjh74lH;0uN+bb41)T
zk!-I4V(d9i2d8!v4T!*=?nIWaeTN!PPCLBc>)Y1UX_3~$tIX)@i8KzKMUW_SSO0zF
zV76m=>r!QsfNO0uTQAg?#XlIBX8$g;|3V*wFyK$y;904u`*bma>kUs8r)+?HqKjWK
zp#<=$rl=+3*qwsY6?0dgA-jv$?O=^}W~<ro*<Sf|Z%zR~G1vmcty@W!`Ij07sCUw6
zahvk6I5y@1_xZuqb6ruI_{}!M_wKykAKVGDd&?GdILqzffqD@q3np7r>qvr~908H>
zct}A1FgnD_H5H?y;U@oOJTJ}rV6j5<F3G{cY6N+ruK*U%Vf-6K#k;s)xqcT0>d8Qk
zG(3K>@y6!yp2II5L!6+2QL!%;7%`;lD2$Jm-`}Po?bi<-HuH(>#Ut_n@kvSyy^tAr
z=6J3S%*tr}5xhld?kUX|yMI)fw5k!(KidZO%;LnD4fj?`&_g%{3;4jr)8XnNwTaQp
zZT`7#LvVk>z*1GkVbMfv?3ZzhP5X>)Pjz!CzQ}_Y<Wo|sq@@j!8|*dorGbNG*5aeT
z+~6$9ek@gWfe(2=*tgG><i~TWi+nBFB40nJr0a_I8Yi&Fl7&!E1SUc3-}Vyg=X;~(
z6n|61IP`<x2madBt3)z2Pg-4vQHB<!b*dt~>q=s#?QWlxAerT3PH3_x2bBotaxrKn
zGNBela8V?tI<fE_lA9EKQlvQZfIj5JLSRx$r$MVaGn8JOkv^>Z{y|PwV+XMQT{L#{
zpf1x3I~=PK?q_glx`}Z@NVtj)YLB6ibm)K!yVW82A}^1~fMA>oa$c$+6&u9_gE@aR
zE8qL1K)Uq!r?)8$cLGZwEjylj3Fn}50dE2k;V$eiBL?MOx!izMwP+_iQ3n-?-*Zej
zcIMr2Y@g+8P4bo;D-rqm_LuE;q45ccfSE2Kc^WgNaevI3eb2ZX4RwJR*<Wrf*|75b
z-rx-HY%*<w5K%m3NcmF*Ps}-l5&2VLq?W=VF#nUXSGZsdeRa0Qv1)RF#$=4Xw-)0)
zz>JKjnmd@H&*RGNA6oEJCLm&O_i$|uYb-q_#}hX`-@!_z04+48-}ug(nN(2Sc+Lj>
zyOlm3tAV8P5PI7M4JScmC0<w*#)Wz$k;TF)s_xxtU+*{j9Lzk5FIo?bgmPvY#riEg
z0&QwRsU@IKg;@=i*7=ecX5hCSj#KKEeI$*ABHip#?QC|sgpgo|Q_0|sNVM=L`!*V+
zQPv-QqUm6CAd}#LCY`Sm81~>qz+sHS#Ke>{bKLwbOo9?9N3%mQszTGC6YcLm*zEX9
zW1KLxN<+;-h|iJI6e$5A!<Q_9n5?4IKe(Oq?jzv$h!dy=RgzFaOSM;;s8AN7P`0(s
zi&YZkb;x#3SfUWjZ4jh8XfIOwlbnWzRMHwR)cFr(^UJw*upmmP1Z}8Vuh{k%^7wSN
zWMY<{FH3K^2!zkkJYRBVniMe}x+EKr_$nfVQ4$zNAw-dUtQYxItPV+hQ{ZDD!WDw0
zW+`Maa{SS*DDUFb7*GeXK2kJQ2a_N66VU8mBoxyH@IDV^&xLEX9-<3)JHQjAqENjH
zAtssu5CTyay!Z23C4j?;jAFFM{nVLQnfG5|5oKDMbM=;{tBnKkuZ?6p2~xOp0bY&(
zT2JeF<ZMB3=!bBj5ZUXT3Rp^E!m5c9>PY$5+d^8BzO$T~nE?(;;?fVrb3b<c{^8wx
z8)&lcXaD$WZ}awQ@5|JNViy_^@3nP!Hj^UkNVxwbCtaYkSF67vi`1XAV*(7$AeNTH
z{dX7kcZPXOKy{;QP;wg0RGD=tzg=Lai>eoik~{Z|cOiak|G*IJTZ9%J-zHG6v$=uH
zda<c4;G5O}4*;;g@cc0qf#j!Ol^L0AOyqsKt(N%F!vR{vj+RfiWdj&Nk7|9#%6ndr
zJYXHB<WUPR3cw7Dijl^YmQ7%>gKyD8s?d<AR{<8MxEFKr4Hc+p>CzinR{95*K%N8l
z|E#?o3_dLp@hc|@sziUellxLMMJ}Wez4$=THy|lmG2OkMgHc{_L(0IANTf(A*cWY`
zto*whQoVFG#6(oOQz1HT-S`XQFtjdq2+-JMgNYrJ&Qcyyxd*>2NyaShkCqk}Gba&h
zz0ND2+#jTY=XeC+WjQ)b2^a&kzDxN*rA`H~DtLqSktk8Bpb$4(z4Y?oMqF>*3C(dr
zOu4)qIYPrp%)u1FK-e>6VZu-}O1)Q%wnuNaN2N3bh4Mc5$FbH-id!@u2G=A4U$Hhh
zm#BZ*ttf?LfLM&fcNQew1>-o}y3o;ar1=;iIin4HN~$<5F1d0w)`riTaE=@OBD-U~
z)R>O@^&P5GHc#i;8!M$5-izgW&QTDXA4qAoN;5RnUe>s`BXUtk*k7!2Gj}$fj)Zbf
z1n_~d9LGktm66BP-EJD0Ux@RaX32P1$&_=$d-Ph-_m^MzLeVE*%5u1a^6F0}8yNPG
z7Yy5*fw^cbQqEj50{Au9gT3jHN>YQlR<98Pc!vY9{0{G}!sai$h${PN8S;ube|PyE
zm&l07X>4mI9<7lmX6`h(C`VWian;x_4rXc3ya|Lq_c!RfNRcn6oXNe&y}s}&#|i#5
z+Wn66uVFJ-RdisN#L-rQMn`2F%7+4bRfol4I6i{t-v5X*7Zv7HJ6wxm$VImP9#;V3
zGA0`jo;e8kREoOu=w9e&?K(lSjH{%iAcUcO?(LxJZE@>??Me;{SMBYnM3!S(&z_0v
z5O@cb;8t5*LkoE3ie|9@m46SwMJ}vM1ElGn+}wIrKPq<T+E%2@Apw5K$fY{NnbSa-
zE0jdF_^l448|};IC>H3MJ@`6E^WZXw!K3+04G6e;78-S%k$g!xK}25p_=Ws9B_SIq
zVMNL$_tPjal1L{5&8i`(Dm8y|T!kq+MMzPK-mxNCjS?dkrLT|FhnVxuP=<om!{-nu
zwm!wFyG*t?9w;<(SnczsfWxpI>}hMYbB@ce)M*DhYoRSq)+kpYy4jG-(`Z4qF60r;
zvhK5`(!_a=u1h36iGY!}of8og$j1$(6OF{zpg?9A?Qx7S8uBqNeK<!cMa0|+Ej$sI
z6Nx^1bEx?q(^>E*G8W5z^;@-lqY66Js957sa+^mMu1PMgixNX(u~H$Ev6^G?yaxhN
zRA!j_kkTZK*6Jy;o<J))kYv$w{?9TR_J}DKJ-(Y3p_3?FBAwVrT%+OkLkV_m_~AqH
zf*SooK+m|L_F}v%#b2F*cPk8Kd8jEJ=%tz!Mo2U7wI}h|zPfb0;l?7LzJnHtUv8FO
zW%6UU3GLJ;S~4HxpIo-Gw?q#|X+49dOKa*EjSS1v9a_=6=ZN3#?-t}ft-G|`X`1KH
zSq)beiFw};50MU$s*GcsqW?9{vv`lZMGqnqG(_*>dhf`&UZaCEV!bvl4Nk>bJfH&?
zc9UF<vd}*QkGYwQ-~Zf21}*tq#@#7;q2gCa!Ee;DPUZU8rpUaBei@Sg)kP5d34hyR
zOGbdjFj_i_<F*&H<ztnr%J^BWLJ5J!iJplGM=4Sfu+<1m@0lXuVh0S!>vfd`F7$2F
zsZ65v(ilo3;uFrlRB`ip8i<%CpuOAJ#Vpw8ZSuZh$utkue3M6ZcPHKIQ86yn(1y&C
z6jYv{`*X<JzCYOD!#SOMj=(RFn`&UN1r=?;^EKk8KbYj~vRf$pq~Q>VOrwVIVo&H5
z>`?XdyP%iK0Pe`DUVm`>we-YQu?4QRW}qabvyDzCqFo|GwnDFtXUUhzNK(fMlWMnl
zjrM3nsiHq?TPg*nfuocnlSg?=)RC-+C(6{^q1FQ4jwFpg(ImbOH}m|lov&fDTV0J`
zXnKs3#@^`>QYpbn=eF(XL)^ir!oHNu`cciK4#`Jv#E4(xu^;Pxdq|4zd`|&SOj;2A
zIpgcsC0)bNTd_jKVD(W$&Uf?ceiuGJf<`z3M@ogqz4lUk*K!U4KzQ!r<ofy>D3rrj
zY4PjT;-BhL^l$E$54eSQ&$t_`q(QanvfT%<YhmgG-F>q#G=)ySPE!{3Y)zcvZR^aR
z9QwK1*`cZnZBvD)K?E_Q7QCs4@fv_V_@Y-gaEeI&-xMMHcZw+gCq?-0jOvli80em1
zI2b{6=+pvQrsx^inS9sqwm1B&7fP1(i_SC%r~ECV0b>{#y}iZ#W&Xu<%%noo<eN2V
zUelmOlAsSw4Jka$EDWu<5`_5tv&DJ@mwYs!LqX`6v*G~6Pj&?ut~Ts8SEwu?koFpp
zeh6uIuQUTwhCXaS)egJ!mJesKZFGgKZqAgZ*98a&r-8@Rj;~Y_2vz3yN@Vsc@<#^(
z)B_Q}Mn|1+$n_UQc6OP*VCn9jX{<uLLX3PUV=7~ERXQVMyPu_rSQ!wu&3L-)N!c37
zg$~YDJxwQqKp_Pg9G{ftI=eMK7#Ns~3s<ZbLJ9ioyB|(jSseWtlU0gUdiK=#uDPFQ
zUStnGqzNB+232;c==n)4qKrrain3)JY2PQC09qWj%y4pN0hBC2wvuNQ0Y99u#gt|>
zvz29Cld*6h8@sA$n}Tm3E;thOSguh}@koC!|NjCPyRcBHSgv;6VjgU)^=Zo&kWjIP
z5=LjoWyN}Hq+E;}(&5`yi}-O4r_5$oZJ4pFZSCFuRaRTcU(e$Hq;w%<&kB6Saz(Q#
ziK4GN+ZwQS2^>_Yt#;l&S2z^fMo=(B80^CwNARu~Na`}ovwqIi`rJjx(71|Jpc2}p
z`B~)lN}-yq0s4EA|By+j&)rul6H@-HnCjl0Z1yVr&UtiXej147U|icpdu4y}FU|O<
z*I%Z;LTD=y+v#`04Kfq}4C~2ZI?~6bWtn~vd1>pE%{iTu>=S-OQ0b(>#P-$dN=e4J
zKK^r>Kn>b;?N=lF3$l}=V~16b%L4{;+-q4ib9+)Aqyl{#T5N0=EEk_){MAYgZ&+H|
z`;6-hggijI0LH>X%>UuU|AY5y#mMV=6r$`kta5yuen5DYJ1htj#G8|aZghw=C*o~t
z$RK^A<waVSH8NoiP=F7XKCU)5!RZknyIh-WJ-m|C=D}eLQW+6&y@{+}s4@#!xi|4>
z=JKIyGzA=-O;v$KaYWGKI~H@g4y9B{@8gJ!9Km*ohcKr|xKujEgHEJXA`@G&COgVw
zsVa-g(6hQDV6fDF-M+Y++4KbR2uO&Cj$ZWcHauw`{%%eg9urPOiSe|}EN9CMFt@zK
ze090W*tG^(H0U*dMHwsH_&v`(eRYb}n1rc|L6;maca5c?obJ@3Q5y4?91z!pD6tqd
zq#c`)b%%Dx$<BVyu&uN@w_d2!Xj!~H7Zwv1;sR+M#z(S?<k2|7nGbQb$R3Qf_y0*X
zDkyC%SBoD(FV$aAyx3k(SqE!OdvQC9eRRH3LV&p>8*LqATO##<?7BdeYb-SNrtVca
z|CUsk`FSjy>crpIC%KcB<v+!0V1FHl(mRhEjZZ&+l^iksJ+0lq_HaVvVB1b(8J$6I
z60x;VGs+L_nv&V*3jp~Kbknk<!?df3QN;I@U_>V6XKmO$43hKc0rwk_;xghh{IFaz
zlP6X%xv88r76F<(ow3|rqD9x-1A8N_9=bIqdv9tBrsjBsbek5)s?Ms#J9A+ukz(Gz
zkUlLainf#%)CxvXCSoE)yYJu=VRHU0tUMla1Jh*w5>oz?G=KkbggF#djqQhx$BuZP
z8$NM>JyNjobU^A66)IB!JimlsdOslwq%zquB12A9LseBpyk9R-oq?Ixz>>Q|+q1r8
z!<44MB#(zq!oyN4vj84c89SU*5_Rz52jpd-hRC=4Sy)8mxkTj#T?QRI$RZ-ILDL{1
zqS@L7&@||8ExR)tbj{^Du0b7cj3N3g*N;1UUoBte-ce&@KT<1>)0$@exqIA}7wFW#
zLC`#tycAAyW*=;4FHl;aBkt%p+wQ6O@^D^Wwh;hI1@WRAka;ug@b<W>h5Uag`HzmR
zW$lgtX`GID+{!*mtOC+rzd?!q?d8-JBkNN(eC7S_I@=|KMVx9WV44|NED9z?W^}GU
zog>z0)SzEZe|%a*!6CT8sS3=hJ((pmAZ6@0sto(T`qY1>RR|Rd000<Jb{W1psQkrt
znrk{0maiF1zlChPosc0AQTRD%F|7wPU{)f9=;t8du;M|f0<o|Vv!}ucgeVBCKTG%a
zYlom2E^keSJHWtO*O<8AM!jC5Rc@$tTjx59{k<x$PK%0nF73g5uQ@}1e4YL#_-;aE
z{+b#}G#i^>2D1op7A|;+yRTYV!Jt8l!Q^y=OX^IiG}fU^Ap!8);2I7&kGM(U2Xf?t
zpp=GSLA->4mx38=wYthTzg+Q?&m_9v&-tWMyM+69F!4x3slH`V8Wc!oDd1YX$(X#w
zgsYou)JPxB7c%9Kb|ekB5$${pMEF1h((=84nl~{cABX9K#Ht}oT2NR3?Dh62fQzuP
z{1GqtH?!wv76Uqv8b&;Rw9IiB`v^LUdC&MKu-?}?lXLnHx$j@o8Q?ATTL}<ab&1gu
zBQ|2nPZPp!>|rXHzjTsqvFeK#v;d$`vd+s^8SH)+<w=`kjM~4I5oeU@&IKvh^-DKt
z_6BFEAn>D&njB~Z4#v>tnwS`A_J>A_GbPfS1wKnZT^%S^%Fk~}W`{&dnioP1CnuV$
zH)U+<)UyE#bChg2V|TATs98hJhmYc7{Xp(OSicU5XDQffBfYPkcPbL~aPxQ^2!Ual
zGiN)~YjogDL`~EQb#FjmbVkg&PjJ*pN&7+pK$iPB3T=f-o?Ju7d2;P(M;7aUutmVL
zhe4UQ<I#r9o6<YAPMo2WC|0ClCdAWe2v4uv@Cw(Cs(f`lFxTOu+#%MjckX9ePXxfM
zaiBMkpIwKwX5G0s`nK3m4lRcR$|gAX_7NsW(e*jsu{5F{ZeGqE!MA(i@7U?Qw}9Y7
zTZ@jqUddG)bZQx=6<*9!Fpfl6`9Wyl@<Dp>>t2nCK(A4@AIU5KdMC<2VAr?Zp#U@#
zPq7|_5OXoY|6MK~V@1Av32P!pFd%Hu%Z&_BpXK{f4<IxvIDHKCN607+A^$?|FRZ@%
zwZsQ4vUUX(%T+=-WZAHyKhYYrMaotjE2uGc2>m5@YuVIinuy;<w_zCRf$1=?wo>v6
zmc)wsuky6152ce4M)X>FDNJUlLkL?Qe=y$HE?BhIThKOjv7wFJyZ;abv|V}ciU^Bd
z$T@vjd8o}Kp}BVsJWo}6X?=q=2rX91EvAQaVG6F&<p`iUFG{};nyPL?&ox#nAsXq+
z_>3RoQw{B`Y0$IV@}6T~g!BNAAW2~SGfz4E%K3d6v;3w7a<0QMZY1RbF6#A>$NO$$
zus3hx_wvt*bkkpbFd3vKKB~CpW;r6ex2EvXZq|IhZ@g*uOEJKiRrdM15J#e`@Wfn|
z1nDTVWE8JNAHczu6f5S?WP@ODQhq$(RF8~!(FteeMZ>9JaWNbSpo%3iQI+p%_q-))
zIq@$%-;aZ!oyZb?%^V@vTZpF=@<jU!n9?7h)x!TZ__C%Se~ib{9|W|Uq8~MUysvC6
zDU^T;@dQ=B;7zq<hjo3u5CT9sx(8(Lpk0uTKQt20pIr>b7ZG`{<zU!U*i?JZK=a@w
z7#Dyck2NsSt7&JG-Dl_t;3K;gnZ^vE4Fl(OD&i2v9iC7YiGuyyD9#=#mc=G`Oau;3
z7Ds@WqRG_TN*lpi1wv_y_U2)MLpzc(6_ZSmMFE~LI(^LhD{e8qtLv=DT<5|TsQCBW
z<KE?qyg*uXd$f=tUhp@5>3U+H4+R-=%0+=68;Ozj7fEfZAn{xnyYj)6CP)3f>+<>m
zZndm$U^*C?l9r`i<n>q*%=zFU)z?QdW07h43En|8lDPXX9E3P1l8LL@{0d11SW)&a
zl~rw8*oR;#aEC={bdL`Nhr*~2lmGxUepO$hHQ-a#Sl17~Q&w&u_uRl9Y<g|8yE0kE
zrX><@>5QgTaTQ_rQ|HiDG}b&-u6hQU-~PH}VngCcg^?s-o<4=UmSb28^x%h<{l+Q1
zRtmgipo4RrrzzH(r?Bk0`0|R3)i_V{@;rG|^kDp(rE_AlijjgrXY4tZqejTu<&Tfa
zN^LKV*%HN;qdN%>bh7b$HK$)zNzNcM?KM5K4%K?SL5RAk?BeA**XZ0_OMP-QFuF+3
zd^kET;Pd`{&Du9Mzip>--WmwtFXAYJPTyz}Fg=%3KtSI+SraeW75Qz0vBEP0u2{Kf
zD>d76{NG*xFTXC&OB6a`5$~Hq(Yx#ekvoyQIHy`_FvCLbm3;!wC%oT%oku>}?0%;f
z)A3@SFMB<an=*>PAMtQf9ky<}`a#EJgIv{PNl3`J2O9ZpyO=KU6%VU90&yd}3%jZA
zyzd1RAZ^^4fKI1k_xULZneS{#=uFB-NpdhKCX}7bdmqzl`TGTP`@46*n=P{OYe4pW
zCFa{x3(8y5o;rA2KutJv!o6kG1>|X3uKMAHx?-OhI}D0dH~j$Ig(O?(tP#<^QhM;J
z!t($`+5#Vk?e0iWMM87DY96HBqK-AAvse`jJ%9s(jolrU*!b>RL{n`@1E|FTq$cQ_
z$EQtSSAQYtZjX1pW-Fhtx$b`j3B4eg7jld~R#Jdz>OTKJq3%3wan)Kc&l{?2tjXXl
zA<yDfy;x-&a*EvwMj+PzTQbt(W32E!d73~yp1GpU5bx8PZzN*ZukBN#bqR4#HL)Nf
z$tl;(Gqu5(#OM7Uj5jxp_W)sju`+01ZCA__*L6`P3nn-peMILj>#z+C!~Xm0@oe?H
zZ2_APvMav!k#@Fg)83n1XXkD0WTa!V#>+!|)ioTVg!mu6q)a9lEeOB3!gaB9^^F*>
z&W~9}^T&#LcoEGrMSRkPdgPv;XmHjM&ztJ8o`PjscZj}kaZMC^c$IdWtyDv(b?Pdb
zF#p0l`c{cq<u=&$mcsYWL@Iz5q>IQu`fCzmt&=G_+UqQ5qt7q?q1yFaf9uBqNQJgR
zwBF3k!c6j0yT(M)e+WM%Vo*GG8Hr%aJ8|CfyFZy`lyt^E{aRgAou@$p2NVF){zZ&3
zkVfuaEAxy}obYEp3LNG|=5r|B(AfHjZlN((vwHd4`UctRU2pG-r{-ir_|=Ie2ASaB
z1uc!t;w}F%ZofC-8e$20sdun86u#-@;$oc3HRwxEjHnwtZx;Qho*43h9!e|z-DCe>
z_5^c(3v=M@f*c)FtBw_+tK2W#Y$I`VounT*eY3R-YerMxfK-6rmp&+ShHQI!jo{(D
zI7CX^-Wl`T#A+>K&$uAUdnv}5K#V-rch3e_k@rS4x;@jhP){o@)kZS!urm`h<Nk@U
z7K@(g5?R)%`efgXMx=sUz<g#`!~p7sLCVF5ACJ>M@B2z|r~2>U41geG-pL{KqRS!X
z#KaXx4du<1Qaz|E5?NHv9bmvEm%UVz&)ga_?Uh(4M-R-rDC>P760)n{zF^AKAKv*L
zUi4x=wGe8uuqCZ^<c$2Tj~0BN(ps$Eg0bAv*3-J|l;F@faO=}iZSl$#mF^L-aH`jb
z<@O@(=-?u)*Lj=d^<3R|cPV%Yv$mYj-MF!mk0?)ACVCqKzQmzsy)N-%$B-JPLEee+
z+ISm*z%3nLBh#M+qGhiec04)TsA2-HW%Tv*gsd84Ceo~nzHnq#cB3mmz2z}ds@m^P
zlh~;i7y9yyHKazaq;Es}n}28zdEdy^KM$B+hMZU!Y!HHPDwE3b^m9_MKByN{t4Ctp
zkTAK+zc<9<92Ik7(fp+i-IvzHT^vYu2mF0tRd3j=@`|c4=kX5dDMoL}H&TG-syFQm
zN$F_z>qfvs#b%@Hhz;$W2NoG@R!&L%-6scW_MNHn%?-O>21n}86-#wvU0_4T$K!@l
z;54rO&ty-I>=#a07rcELjQM)zxo_E`eRQgg2<40IiseV^Lb_&?<NpmV$yu?Ca<{*3
z*f#raeXpzUK{@E>_M5gPa{BWDqn)Oy9{QQ!C(dP)QRNLVdxq6pF8qIh{_g{k&7%|d
zdIA@8t`Y4`MmPRdZye;TUW)b;-ET?ze&@Vv!lH{M5miNxJHs6WqeT0CzzkIQKz0zL
zbQqse|5?-F<RV(d$?|4*9nY^8OrS?zM4mffr{eVI%;0X-EBd7MOV`77G9JNV1yt49
z=AR-9ehXH7RHzBxps#g`CXa?q7~Ym_AX|Cmq7m-k;Qp<t8eaiFi3D(DG&Um#`nTFj
zq4D)wqlJcmKT~B{w+1?l9>`8Zp|}fEI1e}rql=@l#^$em6m8y+RNvjuzE!pdKCORw
zsReP|o3_-p!E>Lsgu+@^0meW{1d{~<42?@s&F;1;9ZVaFvMk%jnWTD3fUk6Q1gO?{
z-IiIE#Y=zS(X%8r`;Q=vw&i}nm9gi#nXOmxGFJW0^FRdYPmva++4~m&i5Ko~<?uf{
zk9xdNLb;Iv9nZ5o$|{|5EcQnCQyMpkjd$wZoqfsg@nqzlV}%0-<9r+#0V6BT=FcQi
zkB>Oxw&w#YV?1@-Y|5bppLE-<d{Z<Hk|@$UvC%J|$cWEI1jABNK9zs_$n;!7xY#J~
zb$0EUdN|i1Pxz(4gHb43Y9FOQ(#ygOh|2A#jPqf6Wu=RZlu;594uOBvgx2e5I^3Ga
z=Yn$EcpI}UDoCdwK#w9wjbRTemP04J_=2EMf_}<GjrKd?EVmaf&3Q+mPpU7NNsQcw
zAEp4%;*+c5{#SO9MgLC3erB(4l3s6>eX-yaa_ZN{aMg+&OOOVXnsyT}0_37_L^t|^
zKmh~LW6+%F-pkj&<9HPvLA65OM6v?q%LufbWq`4XP@Cu814o|Dd}0Ot$iB~YnfZKE
z=to)@RBb%lgTl}?2Wnc=+%!lPDIh3a**gbezbGoQ4S4X<#L#%3Cf@jN))Ny}0sk^(
zvf7pMxrKrTtvp0jHP+<zj^EvN8hc!lNvUYWwH--i`;lHT^L@5J(_;DA-dnhy#`m$2
z^p4mkP@&hS#!H+3rTIc&TTN&6y~%C*77lsLT*Z-)Xn`R@RhKVsCJcJfd6!+yP0Fb3
z9Qr2XJB$#rZts1cs?Dko8SC2ze`Db2RQ>{sUfYM@FI_q9>r0H4+s}^&4g*EVM6*Uv
z0TA7`h-nLMf#<__Y-R1l4UGKT+v8^lh_OKNj5z|~Y=-S^7p=xUnsNK{kXCh)tyNP&
z94ACl5;HON;~hNws_p^7`>E3rmFfm_QthWxMsGX7Vk|9Np&{-|=N6o2J!4Q8p7#$c
zzxlU2@jH`nP1PunKBDaBjh-Pw+8Q?x{_h0)Bc~x1pEz6X)lp8gG0|Mjl}fnSN}2@%
z#xxH(dp-w@IoRCZN^g7(-Kx7lX2Ga&aV8}>9T8t+&-CF->L2i6&Y6n1SbB#LX6+d5
zi1H=XM4yqG9sRW6m1_i5VCGdUS88?)wd~%5<`(`nRytQ!o^%xrApgv<TN6)T_Q%*9
z%e59E#+B-yrl}$PzYHhhq4beGF%tNwGmF@4;T>_IeB$!|=CR`HU{db;Z$o9;Q8e-#
zAbA-Q*np|w)Fsnl1kBs&l*Feu>-byBIs)F9@U+sfXF@TOk67k(##M$<1{Ihs2x@(z
zX#8cS_R+siMek%6EL^~w4*dJeJ<fBC;1<QK43Bo6a~W2g%tr#YJ-WvCw~wv9+7Xeo
zauU2<9gN2s%)zCkLI}}egV(CB9^xtRktQ8ndif8IYPKv!Z1z7>PQ;bFo?~!&Vmj9t
z8j>RM<@|YDJE=nC_+!*p&d4vKXh{WP{JpaDA8uEk99(L*b7z9>OTm|F(6Z#WyOTsO
ze1p%93*y~>JqkVF&+Na9&e$|)B4E{Zc&7TwW_;T2C=BCFGk0(TSL4e;VL2AlrgeWW
zXkhpw&@<<FdaP-3{R3n;^)0{bsCbcBI`itY*>ac;xFy)S+0(qZ^cgzgZ)y3|8vO`w
zFK&E!P;MSKQm}X#D=c+e(sNyFYyGXs|3Gu^;ywrBJE04PY<t=Tw_XQHaO%!UuA1YA
zUmZ_GkP}ojE>rl`<*k(B+=|e7&G@*C=^i^b>EDCN#JdF7E(Z&B>9#G<kU#O_$1OT~
zIG?41K15^6V0<(W`{WFd+?%vyDgdCZ<2uNA0cU~iU|?{D9+dnX#y^=|ZyYFUkT(v<
zQZr2w5Go9TxdSK_K%7~Ow@iLL`&o6qpL<%8y!lb61ToGh&c}PGDjpOB9#pT9;l!k5
zkQ0>3rF;AL$7FLwSj(+#*{9@&Ht!u=_^#Zi00T~G$IS^>i<x{Lq&dUEh544+GVAF#
zYq#~@#nht5Rt_fSU&|OK&zhncEc}>N)7wv-XC=qRX0ufW1Z~N_;pYcggCJbr=9(`4
za%NlymyKY|4hFz{FyEoj9R^yKNB4b0ZQS*h<{0?RSCxD0ey1*SzkKkT&~HS5(@#qE
z<MQ0O<^_R^uY<|W?$^xrZrjT|VA#@=^xn{S1H||63HbJu_eInhCCwA6tZ73se}mir
zUXlJmG1HCIS@W^LO1LaGoI?(Q-}mh!YY^h6@Kb?@Z(i-F(fyiK@7;S{ZCBiao_OKY
z%%4rJ;*Jkjx=~HcGX`p$S>uOERy&|H#%+cl=c_cpk5bTE==Krip_KSZQ7D4{%`>(}
zg8N&eFOaosDfv6`V&g{9=bppPMB%4LZQ2^iUmmJ`>GOZ4CBG*D|HD3mHbGYQr$cy%
zuqo~78=YY1O|2<k>Pm@0ht%2JF*o0OzP?+ty0>4>`Dmh4%YXTF!bH}oM0ylR`Dm6f
zT(PnY=(b;su+HIApOnQ8!~5Pko=wAji+r(U1;V6<X=nbWPW|~NO@!{@BOu^GIEJ2V
z0{JN={cHUAyG}*e$$g-5!7o8ml@8jOoSBKqdIk0ry8J^n5P8}h^KfrkfxtRb-x6=v
z0-g3M5sM_Vhes1>@D)?yYRbh=0inQN<D59zmN@4<4UD8$7v#u7u5AOFPzB*oS$5e3
z<{W%$sEq-KseFY*v1adUW_(AR3S97->OEIrOPggu5}jQ6pnD$LFqPnCg!pp#3OuoQ
ze`iRnIUwbolHr2Nl+KpXhBpw>^*dN?Sg=supjY=(Y5Z(Z(B1z*G;V~tSg#R+X*9)6
z<M`6|)qu`8!D_a08=)o27Q6X(E`H?AsR^ls91f#V?>u0-Dfza-2Ju5m`jKS8W;GAp
zE>t<QJl5jsK&~aKYIV)_<I>w_vS5)SXojSk{y&jbn+8P$=NlEF6q6Pbv&C9$>aS$h
z-lcM-B4#?+Rvt%8h9cjz7Xe&PLaT=##csyQFtIjbaqtVGL@fGryC%c35oZLG>O_VU
zoWevh;N;sWA`DJj(IK9dDF0cp!ORHJU#6=`%(2Gmyz@v2d`OQMk|Fi`$55=lSgn5?
zWk7;dW(!)*C!USCQlcM*7MmBxT}M#^yaL0Nt>0Ab23n7|jv8q7X+<`qKXgcB9A+fO
z>;ioZV1=Qd!+xW%#wI>Cl6eG}N!fz^-&A7t8UG}q$%V1q9ahkbyqmU`fiq*{S;F$H
z(R%?wgm`%SA0r0Z3=^#k#7ljk!&$Hb36h`2y8GT}Dl6o>ZehYg*A@O!%7s!d;|vW?
z3tedyhr+Qx`S=;tJlx=g7j@BQEdKFDX&_U^AV=Dt{A!z%h!>zxdfz&1ccn!b_6gF_
zU&1D2uVJR+{)^#XD(zR-kF#VNJFj>ReC>!RQh;xRI19i5`mAuis;`TGDoF_I!PYf6
zK(5?B=7t>VF~R@5vB8K8p(iTxo8pwLiN_`nk?!IjX#HH8|0<6dkfw%<e_&%XKE3M&
zPLQ?LxNk7!k#T_49=_@C$efMURG7vTqQo$w@m7~C>kvrVX$#^>D$jI%4p(}jJBb6(
z(eOm*;V>3L*^lJtqwtim{FVL+oS|W(Kq>IN-k&j}RM7uz_k>{;zg88Z6#1um5=Vvr
z{_h^mQ?l^-F`dx^!5L=jAF7XDjPpLtd4U9qlx(DEpM3)cuw3)S5Ei8aAM#}mc`*dx
zhoL6|hDfmyCf)NdzwG?@PBd+K1O5r4@7FnK+>^&hV(_1WDwDo0vLmQgnp4JR==IAd
z{+Hahixpsl__w*Ml`r|Gmb>XTVMN}Usb{^w#8>O4*UCnyi~0y|N$UqYG(C<kODd64
zl>ya#smlja`{grha1)++<Oy3$5ibx5GnKlY{NIOc$f2}9W@AQ*Fyf6mxPeJ|iG&kE
zFbr|oRipT43X8B{4E={10BuH5qV+qMx42aa^}W+n_LZ7kM;S=h|3wOj`chzuVi$Tb
z6~QV*EAY4kFgAj4t+{W9#F%x4VEqun3L4feY&paiX!5)VRDPEbr@2|I=R5}QL#Dx7
zkoqS@@&kq3No0Ez@K~;$-SNRra{@M8#eW9kLK)$IxkiY7aFoiZWJ&-+!};V^F|`D&
zs*7g_-eV9VgQGKC6cW4s!tc<+!<Y}F3}dC$RJf$#l)<z!xr;Q9!i|XiR+L@})FL~n
z1E0p=ImsryvuQ=H0hw9o4Ro*>78z%_FF`B5JV$M)3#`BFT;E<SJuN{d8z(3&yQl~T
z@w&?aK6L*TF^mAkaDTc8)YH?`3EyHxG91_D!5E**mlv8HqF9bs@KS&+8;_`_A}7WY
z2qcHdMR=k?Gll0wvmnj(@c-9DWP5DpjY4BEW#f+cT$DZzhrbdmuTYIW7wI*x7BZ+{
zkpn_O0spK5o7gl)!~j}&@tQqOFGwh`Zp^tGd{svY`r?kzh_lYuGOJM<^3N~$Bectk
z(6)+7JQ?tVwP}iUa9@K?f?|dA&$#>7AQDI~*0{~LsZbZ*i+!bT*Gc=_6h9bKQ^AmN
z#lZ>+i`#S(LlDy0_D|v&nurN7?fPrfOThot<V*@&SdKzVlK1egm3;$8@@SwZ&g#qm
z)@Fx_U}~8_FZFKKMd9HsngB1_1t{*A$NFawT)Kd()6V8x*}_nV&YIL<di@DnQ^Xu<
zxe6lWXVg*IrT^9|L=>>Afnl}a$Kf<LNl@&GVW(3e{I6Q$ksy);B$?0hL0|BK%x$V!
z5CXeK7MtGKNH@GfN^cpnJr1OJv1A1qXrKT;M16BGyZ<MbohQGXa9V7mD&JTw_&_WU
zR^z}bw<iu*^_-u*Rz?!oD$4sm<Qqh%{sqTALK2a23JKNYz%9XphxF5eP1eanbs)JK
zC19{R5`4@s5^O*k$+G&dQxik%P@kdIwfrcIXVcyj(rYR`TTfE*y`;<VT{mq(c<UWc
z7#lu<*p+*~E+v}^EjFqWYsxnFI*@!r7P==Wpgy$=Xb^Rf@lGFl>sZVKN%m{54Qzz-
zeJ3SW!lj2TBR~P*LGh?2x&v-O|6K^##=XHj*080)58>w1P}R;Ahtr-T^Mi@3!sLOg
z-#)ThS}DnN5#O_t;lZc8{?4~JJjjOPK&e>~#$&9^R}9*}isbJiNfCb-6;Y%X@`H^5
z8B#`QM;dapxUjM6cGuQ>QbGj&f%`>7^l-5a&ph_oGS=mLOGpzhn2$;K42Qf1p>fqF
zOhHddyxN$q5)xvwYn!zS#xhZ33V-iV26t3{5!aU@*N|hOoMh9F{^Ox7j)LR}^Kl63
z)9s+!wMIM;v}lUsC5Rpi+i8b}Du@pS*ELhn3yzE|i&NIw$w{orpksX{X<aD6FgD`h
zkT*`yo9HeMzOYWQ6w$Gjr|&qyXoJ#EBzfD%Kqujcdz|3pc6ru?0D1BdfPp=zrB7gm
zGWJI>ctTCQx19%=fbSK9DGiQD#F0xy?!mV0m<pu)EpE1P>Huk41L@k@WD7V@A8S4v
z|C7AH5b4h%01-MTsfEC#d-ip~8|2?lLF6Zd1D^L%aH6i;N;Fy_AtGMl!30RAJ{a-&
zJaO`UKa4Za1RH`)&Q@E_ZQC4o;Aj*xU)KM!OCtVlmwey^<=CyY63SE6uR%avw(>|=
zQsrRH<?rtPc2-jfj=FE>q0Mxjxy;$QuGH6-VFr9`2>ESq@F^>b60{p^-3GQ_|17a~
zyg8p?t7DUlzq=*>fiQU_@wR500#6))Gvpn+u@v-|N|j+_!ddLkgvf6U!@14%8kE}C
z2b+N-W;}f!j8dQR5a&aUyu~RL#pk!$@d)t)@WcIfo6A7JBRr*;AVoJNM-Dh`F<T1B
zRKaZdGWC#mnfx&PaZFe$!|x|vI(6q0yeQdJXUbrVoJvM8NzfUDkS~q6peq)TL|0c=
ztxSViy?5s6!w3c`X^izkWyiwT;VS8Wx%;lV1Z@_pAtfX6`qw+Wgx~U$Vs$Zc5T)z6
z8OZMa(-i*NFW7`2Q^|uWM$u@nX5{cQnE``d3v8On#+3&1Nv@erE#b<7v^zU$T0D=6
z!R?4a3M1P#G_>JrfugEj-4#yZHYY1pDb?cEAk$@s+FJ1r&*;^%dE4*pmThMaWhr-K
z7j1hHdW)Akl`Uf1sO{vF_S>R&B0CgE@-M4tWSmx9M9DT8XEzI_;?6HOgEveQiXgrF
z5x47y>tQnAXEdz49x1eOH|4D#JdfvuFaqvS*1C*p<r-*QALe%_WGp-7-2=$sA89>*
z?k2se_;^zIyU*Mvu<w7~uc3;c1)~+l&oE?wtWhNX%F4>a*%H;XKvcneMInFc<v5FY
zCmz4jyWdZTXJ=^k_CBU#larINY>|8K43c38>hM$w_#=k?#$E9n@<somq{O!c?mZ^p
zU7fsAWSKa)j=sq*rq<YpH9@%Jx;jV!ybg9Fu9f4SEzDqgD1%<ar~+xhtiJ;CFY{q<
zjx3M<eIH}_`#ZSvVr;7Hd3_4}H5=KK0rbQ#Ecv@)Pc1DpC*S!vU2Xdhs^FN9bG&gs
zr=+B9-;OM}Ki=S`HCYGV2`-y^bVfvk^(80rUtgiGFQQuOju0b?4#%u)2@bN~Kf@|X
zF{+LYl6W-?y44NtX?1YgPqtsSjD48hP`rK;hx#y7zy(H74-s!W=A3GafQojvb5b-C
zzF=C#Ory0{7fbG6h{Bnfndi2$_GI8B`j`LjDp|04o<lh_I0H1c(|z3JsZ6_7OU|ys
z@;blaiizGq#SK;_z@;+Ve-v_GrMExh|Dm!sq6Gj?3ZEu*832RbOU0!8;Y|TsIm+(t
zR1k_}?f$xnKj{qXP<EYCe~>vNTMG=|kfn5};-1<f1dJl{Z|N;gb#=$RL9;I_cn=9#
zc<0|k%%xn5mm!g~5Y*leb1&l8%U%woW_C&C0pByE>9iYROq~b=H-djxW;5?{c(ev8
z4&Qa4qJ&5={LYDk&dtlkd;oFDXwo58NQG8!D&a8cDfvyM8w<^b^9c!eKHp1_p5MJ6
zcJ4el?lPt5rtOq<k|;IG5Qgz#Qi$dhuNA||G`EoN+7k4L_bQj_{Xsb})aa6k%U|j`
zr28m0CPyCsXMKewV)R3D3w+JH>I&<Ly@WfA+NG72R%-9?@-VrtC8G3zz?<6J^EJw4
z!S(rp`x~wiG_YPHEx8lj?s+T!oLjHUp>^r;y6C8YUEB`CiDM#8cHMuItEGTskv8w9
zvRWLlL>Hx%JLX+VN{>UM;1@i@-zgVnLIwt=X@WBwq=krkTMH_NlE+n9(|)f(jo4(h
z=tN{k9e7Wc6X-VF%=vUsE!k}D+qjZ7IUOCZOX#N;0Knin;;8lD;?c#Os+NEYGiy>s
z9rg$8!LDa{P=srTE<pvK=x;DAg9ZZ=qNy9?;fQMNs*Z#U5!Mc;4HrzW&t$d>!kZs`
zEwRa;$)DM5ysI%3z>eNs^P7b~4MwB_TNIdj5P%-ZwZaAmhXcUqqa7qsV>wvOdd0k9
zNI5WUabq9WblJ&~L<jK%tG@s0R((J4md`wc=Fc;OcMApv=eb=6Sge)6c4lx934@`5
zcw0=aZPPqY^(zMJU`sxB(z(u%co8_#Jy2Bz&7Sk<!-raG6{?7@QuksRH1y!DYol}U
z_E!|+x2hcZ1q}iLM+l~hF@Tj_DSFqyLK^;5jXC;yCZD|Z)_md$-L@WqVCeT=e8Z!O
zj!VbO2kU+`;$<I{321}g6)KkB59jbmz~+FJrOr=Mufr#R64xCf0)7)1JsDow`e$@K
zL9f#e*RnYxruSP#8{H1ZIfpgpet1~oX-{(Lo#cTkz)tf1dp*MB!=K}a9|(<XKjy#Q
z4<G*ze6?oG-tW16_@*w&4a~S{XB1)#nbigZ2ynxZi%QqPZnVyq@Gn63+X1Q&OO=Nq
zf}mae4oHF*F*ekrpl2h{s!153f~$Y=N|vWwT`aiXjxeyiB*f!(h=g~R8t@ZW59Mq(
zlmm%8mL$)gGdr#vksm(_lp`6SEHw6;?z`Sm^S(_stC<{AXK^-qVv@#_$$>Y_s#oBn
zDn6}kV_nl8rF8Ne37h$VgB-~fwgMU7U{hNXeGDyn)}^1~lMBi(89o4LVIxN-L*~Kc
z*&e)-Sa~|%)l{_ilg#xH9xa#DW-axg1=G=X&G4DFA&_OA4e&;sHwP5H6#V>tFviU2
zYP7`aS9lD?xHH1S{8*G?&EA}B0d{S^uXYg>3@5{2hgKT4_g}LqA9OSOy`77@xr#C*
z1B_OFv<u>vB|~FdFWz<Ld1l{N+mYGaCw^MEu-zbY7uIpJgN&95dewdJZsg|6js3S5
zVCF<=vBe?A9d4%i&yu6Kcldb`fxi+fXjcB-Tcjrj@-u8p;>XAy1v{?TV=&1~?uS7h
zn^8_uq<P7jjW?&gl6v<y-{Cy~gET~9L~r&(mP26)-__~239SGR)+<qzWS4zg?upXt
zhu=)Fs~!=K8SU&>2X7DC*7s3f-$c;BjXA{6AGM|ii-_Xo`{14=Zg32qDQ=x-{P@G5
zXK~+zl5cmF_+){Bp+belWsd_L2*PU+s=BU8lzk!haC-@of8n%$n~>2x^T!Nao@;#C
zg^eHz7m=Fef$u51&mt3B&A0WCEagID`q9j02zWQ*f&3*Cz_~>z{f2v<?=@da$G`_w
z`1jzM(248Xq|+xd(lwu`4PUJ&QS4{Y$~coH*0L6a*>)f7a>IIHq`+QjE8y`A_UroR
zBa#hke7o)W#I}nrZ2yZ*ht;k}47p~GCbr%I6UM2gM~pYG2lOEKHhd4}p!0b@_GN22
z^yq=*u`8C1Is~Vdgh(zq;$=rW=sP=J|3_ga(LEj9>Y;Be`5cJrFmT=7H4u$eORwFo
zpK2^X3-KOV+QR&|x0`#PVsq=Um#T8^WM8H!MZnrcJXb7hi4nZ2cE|TBd2oH2jt*jv
zpa2XK;FO?HUMyiFprA-R-<?hsE9XsQ0&^gY>y;5SIwZZ@kwmLDdj8DOZ^@7LNt$6%
zF@LywzIdZ5Rw{ssXu*-yN}zFmu3Is{Q_(Gq6Q@Wna=#v^emY-o4gHX8zkLF^R;SnX
zHpbt3EbE&WeRYCQG5m5#vu<kt=+RCO0~?V-fJeeS(lf5;1@D!XlH!G1%eoJ~t1Wv9
zUzc?K$xA|-f!*v6T|$`w(y=>NBlB7)38VMrPN`$@o&obnq#Bs1GV~ArKUBSSP+NV}
zEnEu4-Q5cX+Tt3dI214LUZA)`u;T6%*HT=AyQTzpcXurWg5Nyvz3(^kP5w;I%*mX+
ze|zn<*4cZ0k@My>JJuI^%<EF4RWo(PWZ&LjW#%6Ibvnv4VkR5zkSdJ-3=D>;`v#}4
z$4uz9`x9Tj^~=K9>l;01%bLkf<NNr4VM}Zm<Qi$F<LO04y%7*3em0P=(TZO>Rm<8`
zvmR^I-)?$nq0;r5aBJSmKeFo1ogWh!d^c!3Rq1E$#hwu~wbtDq8{IqwQUNHY3%-TN
zTmQxS$dtJ?3DP^{t-~%0M{2$T53)&wTytRW@Hp#C?kC07qd7NR64$OgF@%7ZroiyT
z6<;$VlB#h^(fG390GW}va}G|;9?uiH8}fA`NoJg$746<bt!}Z4>*5`@tLOYYr`y4I
zUY{~XrAtyg?ynC8$(npl^4e?NzSqf4fsJMR3lGxVsPnJC6rW}8d;hZ-E4%(JRU4d9
zDGKM#495a?72z7eF5;Itf<TqvpJin%VVGq9Y}}aAfLAg^5dwxEI|g1uI`!`gytBSv
zQZC{Aveg*=hC$xSE4|=v$l<V@{^yy2f!@^K+}_DsvOWIGRnlKh_gli?JNeNTw{`SN
zy-Vh&w@cp;Qn=_hEz~Ko_v6Sc3(t;lTcG>oJVIDk_oHZp-v~p?z#k>ib%{N6h90S_
zq4?5X2jJM5na2svRtUSVeNIYQFG(YZ&DJGOSSDwKh}y7Rh%EAbs0@-y`Z*|@SYT|@
zpf0ySIhbi3SGvYy4dtgFro7^!TKNQN(yxF2!}__T^o*3$OhWun?<Vgb{}uC`=-rNx
z!~KI8l1z896Q+juLPEJ!GM9eG&6UxJ`Z%V$H{yp6O0ui%SGfHE<;}gy)oxVwJY=(h
zK|$;DDWsWzyby7FnVqRlW}Q0o&#dzw<DW%e&0g*lE-e>`RsU8v+ikEIIZSM=U0SB?
z*VZ*k3}&e=lCUOx4mYH@-I*LWPZxHiG+2vb-fQ<c6J@&17!ReoC{nKluFD7qJmFWo
z>c%8l8iJgMv??>YBNyz=z6Xg=;F$El)(`oMQ8cbtebuTl*iT?Pexw`MC<cH4g8Btu
zVRgHIXC7?P>w_X;y5Ko~@G=z<b!cZ6&i2Fx-@oUyvwNChO_t<BNZS9Mu|WFur}t_4
z2t{#Lj<5&j`wWbGF1pifQ9p7jA-7G8A|D`dUt*^e9bQ%cVZh00F3&#=zlkSy-olg_
zeB%GM5<GlB`q=nm<85IV4T9BvZ~sg?^{maSgFzEn8}uTIQ!Hki-3xA#&UbFz*Qveb
z=doWCkVc$guW{XRDAnnt|Ne4rulka5reE(Rk~(S>#m4^GiTUTQh0dc`^V2xrXQ$c^
zDT4h4tMW(=U0s>9rwM*VaUAd=$hE0UfuR<Us%>PYeGeFTh4W7(t1<3#{WBw3=i7Pk
z2)e^BxE?Rlwwb#kUv2&OMq7FPrxdGr^my#1L2>Dnk+?6_4P}j_QSJT&d{|0`i$@8|
z-$A50rqd7?Q;2Fo+`qj_$lI&;U3u3OmtQR@mo-nvtp;d_6*nb9l`EtTveAo+(Oa4w
zV~WIHBdKg}%^L1--Oe|t)lAh6bqe`6tfsT4()qnP?au5c%aZ}Ve%Q`*p+z|)3p=-S
zJ}~FS8tds|gzq17-cHOjT-|KBRxWnqIuI#rk0wT^^La6q^OyF$OEqTxxcS(0asQ4H
zAFVpKGms=6K9xMKwN#_tAoF^ERX+N1BCb$4MsGy<JR&|C606{OdAww6q}AJpt>fv&
zBIEHutU@g+`)irV)Y3MRJ6u;zvF9Xy$Tx3k<MXbi8_g=(1P#jeVQ#YT<8g5J&gqnb
z&hv_lpBR8&(pr^tWBv9-t5mOf8fC@r;sG)H;egUn45Pcr{qIKhlw+3vKDA0-{qxk5
z!ZrI+_tfXtdOt%JJoFxVD$|2rd$H_)Yhkt|%KU(U7oJX@@4JtYm4qb!BOsWC-FY*f
zT7-T+lSC3Ve0wrqwUc8m!47`~9WegYo@c$>=qhL6HtXkQE$YXm4qVw=n*M#w0J_ay
z^BbBel0qh&a1ACU&6W>QPr{$%t8(*YKy9Qvw-hljhYu;kIv)znC)<F4m>ePW93Ri1
z&`|Ghy7CKSzticZcqa>bwM*ynnTlWeer;&~N%P8|_q;WHeiVA*v?8nSnyo<?YcdwR
z2#?Yn=^quoj|Jvvp@_4}*ZcnZ8oT1(?EE~eq*0?zq-m=uUyl}f_Nw~G_2U(?J|2=2
z1ph-0n|}s#KAv_MgG)?kXjVk86`s)}S)#t<#*O{|{Oot@JBWSC<6fs=DM+8^4qn5>
z0{T92@lqFp!bRX<#pZ#RWS?>>bJpl-x~3_!-m~$8=f6lSxr;Y59wG?a$+raJbvSkL
zigEEQx!g`iDaM)V8v_I*&bNcoAG2DK&A(%cL;UT%MdQDUv<h6^{ld~Y?L>#%J>RXr
zgg?Iy^y|lS{GMTSJ6^ypw89){5U+PSKYU+#V;J#`$l&Ux*VXs>uXRe92Kva|7-XKP
z-O1#{w8M)sUBig#j{H*ZAC=;#Z<X@NW>58v4*M$ih}z1=3UkOzeY1{66p|&tzTxGh
zg?_1`l%c}AG}6aw)!Hng8q<336?_5$Zyg#D$ek4YpuHS{y%X@JU0O-9&ucr>pS4xP
z&`-PQ3$(Xsegp?{r{Aq@Ye3tYZ6hv7lz%F+Dv89|JWa#Kc410Im`TqG&ldgue<Toe
zhSj^MvW4yM9rQ771OKlBHOx%ndvy_u<2-6YZ8EPz0|_2%70t`%q{Qh~sZV*olFooC
zibIJb0GrdlN2<e*DrD@n@}S%OH#SDV167vxy-82$3n}#3>2nfTijC9r;nnGB)A{8B
zsB~=d6mPE9=F8I6S*-4dnZtqV7Y3CvZ~lJ4TWXGj^8{Pbux`|YRW60)P<U?H^l+zC
z7^FsvV`cGwsVKLf{B7u}m;rxxvnop}oUSP>`X_vj*~grAN?E^nIvxQ`=-P?tzsg7_
z50)@Zj0KZ>#|o#tJ?|Hn4M!skko%d($MptWtksi$ZT=a;C}|Uh(g-Mkt_v_3fr-8C
zJ4+2r;^%)T9(FK5*_x6b@AkUP!-=}z^U#F-zgI`A75x8#bMeox-wu?>x*=0#UR0FV
zXQJ!{HRz3YJ&x>W&Y;?4ZfXGk_}bqFe^*Y&6`qu;ai)LSXrEQ60ZZvNT&=cRAyl!X
zQKZnaY@sI&hjC1{?XL!6x)V`{m)4XkcQorAm=Zd*>m$Fa1l7y5yc-T@Q)=FM-Yp|)
zl%5Ze>{~1xjWWoP6-lk_H^MF;IJtBmIAE`*hA3Vda0tOK5{UHe@KeL2)E6Y1Z%Ayk
zAEMq#fB730s{$TKGl4wl1|UhFM!ZA7`zs-vNr?C7E`$;H8!C(b>p{+#5?|Ju-4K&q
zpWsBYRlU!_c#ikM=&H{I;DE9*`6LoFqgG@3asT<gAd|o38#k_DO*K7do$>+gy(+qp
zhof=KLDXN{$p%gHhO^mnuiPR^B}oq%zD#Bw$tt}qhq3Ob`uj!Dk+G&@1@={hEw1`;
z2cX7F4iCVXzL-l~mGxU%;`-apFo$y)WLmA;nR409I#MjnQ3g_tR!X2R`)lW_@G*{|
zSe!@5-8Q^uGymHGz?MHitnT82Tict4_FCTKfw?Ns10yx*uUoH!d12hAcL9#Z?3G~U
zfN+&QiBm6Fkm|d?++18qZbF8?D-@Q1r<jxixT{s{rb`9|OptehnbALS0qgPhVRTf2
z1By^#zP)N@rza<_{pVZVvV;1xJg;{f{!MQ%7W|@_K4qFrf5O?h`1HCN_c%cNk)F~~
zIe;P!iz-Chs<U*wy+z(}^$sSr3cd8wJiqMfPZzy^huH>vQ{8p`wZUeCd`zD|T<c<t
zz(FeBpJb;SM+x#C@v|D#VA+AAy4xLzTHd#G^f9zRHJ(#DR()LxM<pv{xzTnjw2Ye&
z<hs+MmJWRgPlpc3>Uf&G%k?{ze(EqGJI`_9KlitITUS3};x&;NQAHEZN#Ll(IFVMr
zzjZ}I-LJGG6SyvVF#&tSzs`xy;7Ar1Ys=5@Nf0Yuguiv5>wu?*0UUS7jS2&}b7Out
zkDbHu#&LZWsr1&NKsx^F!?%2#iW89&PcTNz*t+rOpK$?cc)-PN@Z#%)>8PKjsDrl?
zQf89_X7GBx3py#53{mc0Qm>&}yYiWf0p6;QrUFrXPE;i?b<PP9$b7tqESMJ@A3;lt
ziu!hr3}L-n4)yPRyc(cK)Z3i;MW=y0IP9)p-BILN+pzs)Se6jPZF@vvy;L1)+z6i@
z3co0*r&WeljwE_80YTz4`y|lm`eEJc6cx0?)bdRcx3m{^5g(A}|G+}d?+^p0qUScL
zAFFMdq09;9qgq6w9tRqKivH}>7tyR3^aN4qdzke#5?rkUBCV&|-VGRWBd~YeeI)01
z4DmF65_^Ik5G(p!ajtUQ0@GudZlbygaYUZqICRIGR#)A2Q7b)eo)3ANZSMj!*B(92
zAXVBif8EVxHp|G==Nu82ae5D(`8NZZ&o%cTO61Wfxh*BuY~SURyD}cBjJ)^Vg<sFz
z3<O<Ju}=j<vQRd{n#BSny*Col?_oJAlOP3@)8!ZTb6+pY^BgWU&C9)0@2H3e|1saw
zdn@*Jzazh2V$hkq{rvvWv#Y)x_MLEck}?mY)jKn{vn5@7GuO{^VvAbWZB?q>T9O+q
zbKY7rO$1p{E~f&=UeE=c3brKf#FwS*8Tt;aAUAR4sd8LUa>M32j96)#fWdZwiiDEz
z2UK`k7`gN5=@fc#IW|gTsJw(?oc(jev7@1H0pR>i0@RAMBKr;qJ?5_+dGD8oLkc9o
z7jk#4&?*!}6huZ-IVaZnCWniQ^h6%$`SM6d9Pr|r!Piy4Y1wcxJy5eOYI-Tj3SOzq
z+xX%u;oAKpi$@0jW28XW*f)_mr3r!9S#;EZ1EAZmk#PjoD+Pf~BCRSFZtZ)IhF6t5
zQA4Us|M3;;_a2o~Sk!IyTrRFIoK{nn-_Dl1AKy5TaS^k3@KZfVbpGp_l1u(9@)?|i
zvr&Lb^i|v+;j=w}R6RE<W@<;4Xn{Nbd9TI!6q<fB3vXINjh`b9N;*PR0v_b>SP4_f
zd@ib5t`n~gryAJL?<WjfPNuFbIUX(~C(QQh=5(6QWJAJ2x8YrUi}Pj`Y;(oaS*^w)
zs^#A0cH!><^l*jh!uP6p_=Nj;>fmaJUt#Kxw7K-5f#35lQvM^4hOgFT!!%+^G1__F
zh$pEv+8ayVuYM1#KV)6%fn$Vp9;|%TT4oSc(AV8l^1v_AmrcK9PZf=YIpt9p`6BG2
z!km>x5ENbOT(th|dO6(cQm*9%?FKVnp3k^m^;~=A+jftmVxvjP$#J|5Ml_wJfam0=
ztl`y~jjngC-hzX}f{jqO+p?jVun9usf~2{ZV0IGSHXPFPTg{k#^}%^|&-M;NLL?*v
z@g8Hm#qMj|F5f%AUSt2IeHEY)JgNU#)>neN+xA~2iP+yTv6sH~=<l?`eN4vj8;u&|
zjQ^$TmpKMpLfmj6I?J8M`u7s28qZ!WZNJ;W*e6S!KK!Yl^uzkYaTGrAY4;2}i|2<i
z(8A9l#B8JVAj;%lix~pP2uSbVZ9Ug)u$E1}9rbs`{@%@rBIfWweWGm#zE(FH=&5)x
zKYccL5^q-i(GOJC!lwTryJ<JBYv8}7DhwUoA@x3K{EHA=eJVtmW(**WR|=5&W&8xi
z7rx6&<G8q+m@LovrO|p+w=!vE!oJGyPXEx@r5LJf-qP?58<CjyDDj|nJ8ceTzA%A0
z`HuG5jkx-h3$rFb7%>g|D4L|CE66h1zhArCKS;^8dGj7()VG$*T-pr|&+VVS2<T1s
zaTqvsE}Sg2VbBa17@CQwB2iy83hw>+e&gfc==km+NUl#q$e%h-)l!5FeW@AqlEk~O
zZn=4_Q1Adge3#>4@Uw671t0pknQw+UvmD8(n~ZRy0OEDiuEW?cw_?v}Zc#GJO7`BQ
z>{kX4xnrIP`+b6Vs<EAeyjY*h+4Qul`E9GII=^~!pZ$~rdBXhu>@9nUz8}9dD^Va$
zmyX?$s8jmN0!O+Eo$PD4OT!#EcOdy<{s5^L67};i_%L`BMHk0HBn7H^j^ZL#IeHLi
zB7JJGf9dUUF<zz9Y9ZR>sKagj{J>jhGkR9?@|9J<Ssg!LAzO%%{K@tGcmx&s&Um(9
zaC$naw&tL-_!rz#I@E;CB94VruTw9+(xZnI`gkgg0j$O_HlOQcZComC669b|`f7_A
z*hKhs-HmcRfV2>0{rh_l>J}{bLWZk@C?&6py$r9X(ARv~4F^)-6;uv*LT12yT)wSp
z*AFxZ?@EIXBy$&kQ0S>XYoCS6tP4@zDYjBTu&Mvf`V<$aC5L%k&u9~=ai2k%r)<CA
zoUXMRhbleZU5Ffd$dk+syox-2&h<Lt#H8lKwGA+i|0A2Loy&hG#)&r}%t7_|vKC+S
z3NtVaSpH*mHG<P^HomPZ&~TSPpK_inOdT9<h+MxEL(}~t?+qK(yA<tuGNBGz_u}1N
z;eo*KhX{}7r5DuVc)Z5T2XKsTtIEL#Sj7^DygSC#G2;0=p;0~Xs|g?QKwd%f-jOxQ
z9-{e!LK}?zYr_n56B`?AsJ$-rA#Kt54777k$(=DO;J=Ba$H;T_WD!3xIYyQU&mBmu
zw{s9bSXpb!k*_tSAsXG%@OyNm>N+1e%LCnmsm}_&A1?g!L6_E2bkH~9UUlmJOMK4Z
zB%N|z$gAEJ!#NqZ!6=bY2OI2(kOmJR_H>EZWWN#y*X;5gH@d8s8#=6s_U`D##Avp*
zwx~USh4lrzK9evjXa7_#k?aq{nyNMgG!hs|!B25k5(GLA;eP%q4l+2Xa-U8C<n@(X
z+RnaCIZq7=TRwLx#E*L&jPPqLau3%;`$JYe#UL*MIE2PA>jEm{UW$7wUF9c@<-QXN
z?4L#bHJkBTZubjX0?L00|L)+hL?#~7|Mt`=e?1^4ni-^$IyyilDgP&h7>JaZK;}QA
zD(rO4uvl;I=p6VEd(1+Ad{Bi!<m|ew!@8d52o)X{%85OBSPv=SHwYb?q3JtaI56o=
zi;jMT03F*8zQ>UJP&rTwH^Dry!Udzh|8}m=JeiU(D}mFP*hE(1b$IL-oLj#z-cB)p
z#_dJ;H)w$~o0<Z}j~c7DEE!03Ae*W-h^O*cb&Q}2UXO4WbCii6X`}t^A@Fa4xRlX`
zuAmnc4MQ#1f>Zy_?8H~#3eipIYO(A$%cda66+fdWf@+NRecsEsQ*-3GfwbQHG`#-~
z;4lAGQAC8!vNy7>w<~sXi3dah0Y+EFem9Ge*qy6o(`cX_nrpSjJ_R#K7fN2hi{S0W
z!D`dj66G8YuS=775ie{?fu9qikC^JkisDszO$C2PARoE83G5_gWRN8!C5bXzZ%=hG
zX+$a4+CA?WdWu+rzKltIiJ+PoXbf2d_1HC;%w&!&Hhjn6;^xw{u2WtU%HP=RLd8V?
zu#@Pt?M1GfH~J+D+g=0q<4iQif1B`_KZ;HBrN&(!cY}`_1U*dDt-F5h$qkkh1il^9
z=asI9eb<4Wkl&EaVu<-Ya^GHvMx+C$N;gVHGn?(oU9OPA6KEHDO(xAR#2ynf5<`^@
z0kj_&Q3D(wQ2bEtB+fI04>2(C2xKRePOjIE)Jx`ol$!9BG0i%o0=16`b=pmK1o3b7
zl735y`*%Hv?7`5$%?^QDXjiBje|*RMl<m}-W7W+LVtRv`Mlc7t5vF>-yb4e~fZy=*
zVM!TSzlojIYG)^C%_}i`?*TT4WF6dO^3{|Rf$FVR5QIe^-U;8oFd7JNO2iy%^tG*w
z?_KJdrnjFfg@o#7_|Xhz<Dn5S5@zB2bkhvw2ag~1S^lAkc9>m$*6Sj<5YU=ne+h^5
z5HsN68Mr1Rv`xDUe*Ujo{-kw!p}U+I!V<_dw0MHfJl1!MiD`u2zC)RnR9qxdCNhYi
z63cuPrT6H1`lqnFx3|@_;?Q4h*nWAC7qGoMlsxPcj->MCO>A;eXc&urp@z74;P4u^
z<GOGRjTklbWI<L(N2iSI_Mlb<2pi4h#b8R7H|#d*1RhiR<6vUCVVw5$Nl2sGNL<hu
zjZEFk6oO(%a3!bIf`X|aURHi_9GikmOG^SSyAkM?3+<kcC3~yK5rp_i<9KgbSXfB;
z>_{J=C!TS7s-2&+w7e*n24>#J5{F-1kDCgMwpB@*g_kF2ne;ZEU@qq9>(x+%zNJ8U
zXBtpVMkd(WLf_>8{pL&4bX$|+o@6fDe=Te*rYG%IDjc6<MY1OHnTJOh<gb_vOBaH&
zR`%Tt2)3M{ZUcB^O-$Z2RW1j{G$<1868)y_R!wvW6b~#Vpa|_<xU0H^MzKvE?Z+fg
z0=oKV<dr&sP>MxplK;pf4pnT3^4e-!Zm%ysS!lOTBt{+dpRT<V>7NLya|68pFX_f{
zkUSC=hnAQp*m$43KZSsm4}U5D();g0T>SSS9*)^|cXu~)ea_W#7+C7;mbj!Z4S+{Q
zQL6<BA@@7+VubgS@tJ(~%bS_D)oQx~%z3`wkke19+p!JX+<ME@OD<1px>>iw`w|=_
z!?87`&?Rg9E_+di6(ZaPuWtn5z9awpJrYe6R|G@%IZf-S-|t*pU9ZLg7n@-e4qxDd
znKhp=KgpU|&z7pe9xu9`;fFbo?L20Mb`5f8Ffu0TPw`;nvbvEpb_m?LH1~={&hutv
zl*0*ZGM34^*kF^~S1g~*bU0HI|ATpNvo~0$&LZ+3*R;hpIMRA`(b<|>Y&sL2SGs0_
zK}3X#aYoKdGZj9=w5bUnA3tbuQK!grT&`vKhl)~78skT(HdqAd8%8_>#H$VYu`q%r
zuwwMXr<2t89$p*i?vo+fcUg%>I(lhAZaw^INWVQ5-vFyPXuCLw#0=JMI@U11m_bbV
z7GVW*JYs}L@$E0bUtdq1$Um>%In#ekWyJV6IR&jn7ae1YcCoqn3mxCJWZ-_Bov+M}
z`47ORAeEf2m2|Ss)vLTR>U@lpl#NGuUB&AZq#}DKRzZStu9!S=9NfPNI|*HMmK`dJ
z`JV<f=u52l=EV(EAhTXOSNjLdl|sa0yRX`#yjkKDHkESwbCFKo`K)oFT<U0NAeL<|
zvZnimoKg9_{i5qz_bY5CezC)wn;LjXCnYV-@-{42Slhrk^j`ve0wIXr9C&jW*y(e(
zy$CXo!aUmO?xq*W<aewdq{U~SnwlaNaH2gVt2OOMUiG=?jQT<+2w(58VG3to{w}}`
zX54M=C&kNORmfsHOyy{)SK8bwSOM<G8k!s7H2$Rz;D3Zo$-5J={OhHIBuU&UaA#fl
z?F=B&Z>`0d!T;fi*#I6k<$eH<Q&sTTI}(F@x%`cQS1J-?U(oRgoKesO<a%wRO`aTt
zk{GETB+za<-)=pe)M!)7^6JLXh*b|XaD`rghlYm!ZbhBeNO!C>I~r#w30xc#n?dU7
zR6YrZeUwBiv-N3`K^3S_i_^zipQFl4okFwLX=k(o1`Y+40b*b<Yqj*o-(TELnIXPE
z^r>=Babt|tm0G-$(S(xmjGN{ECSd59PHge;M8rz14WhnN2wZ>D*^8Py6f~JY8xoHE
z$YYn)BsOGNb=S}VfI56N+Tno2jmBqkiV0_I*#B^6T`;$jjiS!88_eaga$hG&U-?wg
z(MCl*6G7!kI5Wc)P_-OrZ|g~a--DL^iFh|>NcI?%JUBks`#cf%_ZL6TO~WwPp1KN^
ztloh0=j<7R@QJVGPNCld)sZ^hdnglq{Iq;u9!fhW?77?Sju8{E?X3IsVHQ80N*C|{
zRpfC7q!;B^0$G<^LVNM+iAUF=c`=*3IfB*egQ0|<4-pvc0|nnN)>?@wQb!?8ShmPj
z#@#aZ4)`Mf>jmJ8z3+XR7#&q?(E0dz<9e9EgH$xuh(8k&H~)$JN<K58)})j-iS{Ol
zu2rHY_HHA<I8>z&<y|NvMt^xM6@a)(ukl-VBF_W-o2x;F_<XqgFzN%n>CJAkN-BDu
zOkL>04vi~xvR1{#3LJqqTo{(iYiC?26FUo9s<*1RVASt|ZDUB!PVR*Lo7Z<NJK>g%
zmr=H{U+(m2F3;PYwXNwa?g*EOqtyMucyx9>%vMwCKW!e#h_j+J9d3cwDen~v@8Qb1
z7|H12b17RhKf`73>(XfM@1v^g%6n*#-TQ+)_RkWI9Qd*0jKabOp`8R}q;Fjh#x;o&
z2#L%f+#l63;^{{=4P-?sl)h@qBH2Y!ExYF3Lw<VV==$Ij*!705y(J1PY(8|77TH``
zr{mE5NZKY7@18NgDnx?3XR>73c(tE40<xcQ9u2tv41JVt?usxBhildH)<!hfR;!`&
zN+)!Ti=DVd;~XMh^D*meF|gV!?0yQA!X69W)~P}{$0kv}FyyyP+$Obej_#Ramh1-V
z6oPT_^VRpfuxI+hQ(~u&Z&igDJXWi}pwE*c8Q=l>t%^*}df(FaaG`Sh2>9JOWrE5Z
zAaVO&i@eXhUY~oa8PbJa+R)qQi`6kKyT41+4<0U;ZU|tfZMd<RZ66c1dH@4N*g(l2
z!OBFX9opbH7Aj_pR6?I18}cIWup!Ti>s+yIPR17*I*)P_qoMczi~mpp&yG%<7=2Wn
zxeNk2#AbF3bMshlpQOx6j9{waQOy=FkWCu5wj+v#Di?VsSp4n$YAP&f@&4(00*-zc
z47CcAm~3opVBN2eVnq8f)Pg>@r@iL!BE@|soE^*XGfjV3U53HOp%bdb$jDgw!w7iv
zeox+Y<WqC$MZhyO?cYrXpMB;GrO?eH>~_WR7s<qoidgJL_p4E&U^26cmOBR~>B)P#
z{z(HGzZ*5qqy8Poj;k<w{X-=wGiF}iM#YUoL-6%^%MP~m<RZF!X!C}@zW2stfB5=W
z%#Ha*+l6hu8vSPMlZ6^>)8!A~h+I)#-9tm^Z=(cLeXw7i*zzJ_&-HVFFke@u(H!s<
zE<Bdx<>%jL=fPRtu)WBj!a=TSbI6*B<hSbLcb>LHYuH$}{F+hM3gu}04m@SAKGKNB
z#`rOZxKz}SD?cxi#&mdTNyq5l)^4`odD^j{nUekB+#YLT@bZ~AOCKd3&EP{e#LwI=
z;eFj~gM9y`HoTsrzx}wtOwUxFYK3mA{?HfzwZ_M;9Gl$=`hby|*N`N{K!LJZq5)@7
zG0uOGh2UUk;F7;_E5+*YByIVK9f6GulsT#WF!y#^;lhwGMyOYL>}apaS^eJ+(ous0
z!*`v@JG_25Hu@()E+QVjGN)c5w%OTojyYBrK!VrjOEtHPjirS-k_BdJz%OL`jHpfq
zkLd)XS}AJO@-4)v1lSaB*dj;;b>tG?x4?th1M1lQTx=Ak-|S%Mo?Mk_6e;g+!((cV
z>zRz8JyQ)_vomY3o}!N-;~qE>V%?D<r)+WM=j5C+=l3EnO!w7Wkv1SZt2h<1X)ud>
zyU)9+{NvnW|6HGGDK<K~;&i0Fa)YYVbTJ*?Z0Nqf-uKc7ZJDVqw+?5o0g3p1!d}4z
z@IFiL_@2>3<~(fmQ<lf!0=lx*y2{uX7#QSBX5P1zkIkEh(@nML8)J;z!q;q8Bv>&D
z+FAaMBHE-uBMN(8X!TAqku!v+lhw!%swutLV7s84Q|w(ALoGs11@O@524U7ns*s?c
z<cH(JH?L+>^yejpY`r$sIc-T0xtwKK<s!T?gKpqey29$iSn}b^<AwGaQ?JFzdnvPU
zdoyYpD=@Z*%HdI=H^P#UK0}q)1yf+p?Uj(P%sx%*W+n#&dqoyM#?P!ZlXV>zkZWej
zK}v|HoeO80S<2%^FhDyZam?uP0$6aTZI#P+cZr_VMY86lpBL&MBhc$M@BGEBNi3n|
zO9`gm{>a~@f00f%=$wy;&EN|>9Q}^Oe*boCytvE<0u654%mCELIQY{sjluNPsDZ&~
z6rR)rQ?rViR=$O#mFdtA<Z~4}L<S_UMn50*P)zsaF+9FgTq)J4T2Q#ljq#hS7o#y_
z1QIv?jLi^|R?QhSKNR5B!bTlPu@4o<#=$Hli4bWeR+LATiblOS_s&YvE~5m{2Yp%5
z%VEn}y#Fv|CZ1GtHXeEp6c*w_d&+(of0k>h)hxpOWwQ-Zx2y+Kn3YVXgxx$z7n#K@
zLsC*Mip&)sFsQW~I?x(}3d<F{Sx+Ql#K$?v;V3~nZS%av|M{Ve#FQK~LO|Z0v6(vL
z6pl&uJ8Bx{vlU80oHvkWOdfF2_2@v<)^B7@``s%pv#UR`K;D`#zkr{M3x5X^k0PnQ
zNRG^E8^hLaG?1RhZ5207m88W3<E}*O&zij4i4=Z3t%q;9v?(*piW~R*!!H|0sn&|v
zf|1Vo?8ky5_EfuE@O3AFp};x1J%=nH4`&baS;DX6C7IT;&MM5etkg-FYj+fmyp5*H
zg@ug!f3+#lr^%O=jTit<uQ^-PK{b$JEl0|^F{zE!Il~fVsz$`DNKl2u>fAxOb#zTN
z=#xDbw&iO@`E}YOXrA9D{vtO`0+Ad(?xGQUP9}oNc#LUdZYLHJCj#oP{Z0s6zFdmC
zTe4qiD)V8@n>vh@h(}+afEmb6hk*x!-eG8za*eSuu(4shK5o25^*4gX*}I?c4YK6l
zOtpt05xAamgiyE^Iqe`_tk@CoV<c!SHQJ`3`*|!`rj_}M=r`G^QHa4}mVZlQ5M{>R
z8Lj8F+U)P88Oz+Aug!6P7<w<Na2XK0DCi6yS4`YUw61br*~j5xCl>i0NC3iu_aSO`
zdZHy$C*c$Pj1I8Tk)}G#8U;#NrKEwEqwjH92`)bVc6%?hJ`-M^uX*p@x|j3iscwP%
z1fX*jQL6-Sb%!nd6X^P=B(MB_(3@$SJTN7wUm6_ewXG3FH?x4e__ee~(+!0u%C3C+
z2aj>NY@AxS&6!*J^ye0xKpyn)iP8Y8OsAtC>MSdHf+svN7^2byhN8z(A@pBL`jeW^
zC4<waJ&J=Q5UIWH*?ha)>dOJ;TBP3s{Kx|ND9{wYbE89L+*Qyq&|F~D<4qp-Yd?7r
zgRTa(5SuKsF5Tg2LiV$$jESh%(|6>{M@2qUcjQay3EDpgS<WZ>_+|%Q2$ymzv<>l?
zUo3EO2h;7O`^I|jL$&Id7zI$p0})uY6Q(S*E(Yz=m?+|F2;+0UPL3Q4(5%d#$C%_?
zTa}=DpE7=G;qTH-hJj1<+y~yFgs1G#ey3p_^A9jy+PU`*g<amWU#&FTrWhG7wj+L~
zS|%`U>@)emlYg-35K&361!oFQ9vWAoL(E+L)NeH-jXEE&PF>`?_YlM4WF$%)95fZo
zm_G#+=vx*g1kgE2k7QNA<I0I_HB!#JidZIy{g!}PSpz^XFPy@BGjCd_+eJEq+M`Oe
zilvey$KYvAx*5&ssm3K<-Fdke2%5RaRZR}P+H>r>|4x*Z%dWgy287OOS6s{)F7lse
zTUrw*k;UYxbkc9_luepQ=D0|+3Qbd-pZ~dvK+DZASkmrGf0<Py&&cF!Y+G4D@2|ZS
zh!xg0@-E86;lb{_-_JUxBoDV%b@}s}+mr~1Zbi(9%&z!q4c<zhz8o+dBiDuS1{c_L
z;2FpNs#;%MQ0hy($FWX<o2A-R-1{{**5<6Vp|F`Ndz*^rNUDGzX$^myQA3dVq=KF3
zJba^n?9J_Cn1xTgzxh*enGyE~EtGNKta+oFk0oIc28X?~B1#17D6mR?%V9!jGI8H1
z-v#!_3?O1_=0m0xHh)KgHS>@p{eY3&&7{}FBld-~9Yd!F4+!f{#*u!%7eo}M#85WT
z=IyvyOzyK4#t58Wjw1dRo8_WYV}Ho$U}TzuDGxa?(J$ctkZ1a%F6F()v9^sTM*JBZ
z&4x#;-~*Ol_xAYyZ537cX=<4rr0n?1-QHc(Kl)T0-dYnbVFp-bOgjFO-^<dS=SL-x
zPJ^1TaOh5Yh9W#xHqV=JetbkoEksepkl~4MNaB2MYv_A@ab<XGhe~i3av=7EHsJ@W
ze|Xr1u_d^vM0!G>jGH%aZCvs2h=arqM8j^cEbZB?Fo{1ZaGPt)e6bU@9}o#3GIP5&
znZ=naQ?-j$ALV%4Qs@6>-XcBG7D-R)jW^TDm3xVzHE}^d`w_7v4b580t}+^^-hG1e
zhWakE?yN)LNbl*OiLPA9P9Ktr1%g(TL_Kz0!O$Vp0Iq=X=zDVj&hmU$?Z1eeqiANP
zqn}`8kkTY=Q<?d;f^97K@AaW8u`d1S=Dh5ko3PuBrTER?2z+$Q!j;AhFD}<E2|2Dm
zPL59hw}b!ngnHFW68&inMF`t)>u@@>SmV$BGp(>aZ%n1PW`+KLVZXM^lRu*~Ca`nU
zQ!te-0}LC>FUVzgilI|Rd>?8_8W#y5B)iUrz|2NCsC)&#mtqe{9gGMOj83EWtdZTe
zlVs$lvHvsngA!>~=@m&>U%tymb7rx_!9w5}<Pv8MrN-mQcZKYVy*?Fog#1{jHWY4@
z)3~ApMqdI~1&7jH&Np{?Nttuxy?9MURuP7~obH&7A6k=V`H-kUo9B&DVRI(daj_Kq
z<=}2Yrd3P)t>?!(l5o%twmLcba+7_<ase9F43E}F-8!jI#w`c6*cMu4#rcX~B_!`o
zW*>%jz(G<N#<MLuH-}S&=p_oDTmQhwJ3f2P+#XIL!dZjA-2mI<XJC`f4Aaf&lKN4c
zeUO35vT_b>;1|Pb4^u8ml$8NK(E7idfn4kSf+IMi^R=6o%B6_l_IVrHqMqUWWb>zv
zB+R$~1w(S7<9Zxm8JE0Tu<nAw!O47OLlG8#9eo`s;Cy~%nrkjsNPd9riZNL_aAmGb
zzAOiBo54BvD!z)@W20yMA;@1w6DM3?Fs9Iy<r)o6Yr<ZPBRXJ;2gR@c9lQUbkT0l*
zVfScW!+#6xx#iTrk$k=+&rG9)1|v(DfjJwXpLc{HO$jj!@@GHnO$@UUpBRq@gs6_{
z+po*$cQls{9F+7!C3V|(TZ_m=o4xQ0vcbyz5z|AvyleRJIm5Y@xeFJcLH(KX>mT)-
z6xV$0BtcWC{XR^uUNu|SL<?s7Lm)roZ6U}b*@FCfnzzc1YiO!UIP{X-Hx;yI(d$FL
z@NJzSlh?L*UT*yn79+iNu}TYmWW5M%I%y0;J(<td_O^d~q{wqU<OEyE&r6!pv}{RS
zvwDPlzG(OLH#PRktG_G${z0WFb|P{48tG)K5q2tX>a%#B`B~z0wh|A{lRRE2vIvAI
zTER8Vx#5gC)WG>+^Aa+DIX<&f<L`T&5-RDbjl(jPI@xC6^s)D??z4Uu7OXKC-Krw<
zx*x6aetePA`5++~ba@ujKKaLJjmvs+r}&Pl#$;vPLP}Pe)_rN@ujMM8$0-|SI|!HE
z9a}uvY2vq?00omQczovKQ{TjiM}bnkfbX-5Jasn~Bu(K%(~mzFzm{f0mJNsBd*te6
z2YTzfG=JYCV>0oWupeLER*hD`12`+OeJV=+Yat^ZNFC}O%0U`aN<|iUIq0-us8W)}
z{rfBgz~)N($ARrFjc@DVv|o=?^A;`0mEJLMWv?jzmDWkKf^#l&aSMYlcGNfHJxCn!
zUo?AHsf6w&KT~oJhw0nz<Jo0$)b`Evp7zsl11uj_?dseh2g%LX+FyW+4gwl~SOI!o
zufRz%lM*X@6}^{@T_e%?TT4Tpq-1dZWl>InD2!`@#GQH}Zi*p<j$LlO);|n!YJAI4
zcwmy0&_0~m_*8z?_j-)K+%PlYqp1<efO7zxQk|PvEt3B?m?6GGU~hp<e|snPdLJ(o
zJ7AYY!ZSH@_$4S7X8Swz+{~IC_%ONor4a40H|+<${!<P$9bu9!CWFh25<d&WJ)Ep7
zi5cZdPvBv=msBB6G9vc}!<(@r<)(s8IaCgdU-f)~$NchraDZDa@P}r^YuTeIddtxI
zOM#j+_n<lrOa1q;Zv|tNM_7`1i4F9va$E`Rj*wUiZOVr@zoNtlQh^yX+2`NN2?m*B
z0bTuDOllAgPDZ~L*K`ZAl>)R!Nv>cS4&bd*b>e2>Rd^mIMn9jrm#Bz~K#jmWIM}a*
zgmCDa*=Vi6X;!^|LiXk=@a6s>I#!7Y3sLr4w5fZ`PKL#YSL+1xAp53?r4Gi(tBuze
z?IW5{pmI=Bn<YStu|a_El;VUTH`|A27@otYu0%`6SnjeFS;*4o<xLxFN->dwt|HbD
zyUqiFW`Q&wbE*Zg7eRfB78yf0Nf4Fr$J%|VDcb(ZLe#siNyA+iAAnNtp#`<v18T;=
zeH}7*agxO6a88UZZ4`3*|2Q$eSk0@&l-5<SlKjul&c_MXmlMAP7(5Jem?7^F=xM>q
zW7CNE9fbQmaQ1CtfUk8Ew+@pzM`{rizsRuhsTSy^b62r|DZKo_tVD31hJUO26O+_C
z1X~p3LTM?RYpyd=hF2bw)|}up=e-Gz3pVd!>?YDFAud(>;=`!|K~b*<t?;k+2OB7y
zhq<q1wKk6=%Chyy^FG}&rySY(BTS$u+PX9pNAjO&43(`i+^*whgU=VG?tYVh(Y(z6
zVOfq$z{qWzXucG-2*DnT0C>71na1a@UAmFF81tzt#;VrfUJF}U-uN8I>zxRE%WP!R
z*zs04|M@4;aB$puWew+p>dZ|$>*G$;V!^b|$J8zm2y`;6UuH-E04crMN8dcXy0UUm
z7LB8kgD<lGj*5YE<^3#V*aMfD;M9jl#cg#%30OJs2<h8+s>kcy`LK(YCWDjv$%-mq
zu|33Hb4^Qjp>XSUh&fNg0=W~-AGU?kxRM}ax<8tqm^&~Ge_6L;l@`+!j7!ebQg4?h
z>PN^4_Bw%!CEt)e$t{i=#Th<ejq-d?)-ib|F?3VQ_-+kY&TvW<6#js@G+>y|m@dbf
z=(MS<dLC91n1$>Z7R_MOpMG$+?o;!F0S&z?Az_o&Mv{TEGt9chQq0DwBry#~OAl3W
zz{*OD6g&26i|jE6z{PukPM&?#D7Dkjd5I8#9B`ZE_uhG1(OQb>>hH;=FmR2dk_ZcW
zvuxUDc6(PpA*v3rT*AH$T$kqwtIuPcK8*Zwf!6d(3NMl+$&r!cP)*t_;!jrUb%fMg
zP(ffO-8Z>x5N4-~K+`I8c()JJzK@a-v!rkLALB_&^nzNJ*Jxrw3~i*iNC7SdyrB9q
z9{u%I07sguh%mDBaD19oI;P@u{=+}39j3G8U>GOzI4BeW;H2f0loW-`CMpXY6HJtF
z=I&-xq5QJfJtlY@y_%Nei(`SNf;0CE`rt5uOJrHjXtH*IFDc*DJBiVbO`a{aFbx%w
zy(4K?qLfv<Jiar^yje+;-OXsa$Yl1nRsMIN`B4?N?ZWgpbD}s7^}Zo3!j83(i~l#V
zR)tJ39hx*g*QlD*H(d(0B!0aJp>f1GERlPin)=3{fKL0rT8?(mpC?2^MoCk%e&g<E
z2K(x?WdqQ7`>k`gai32l#0&Uw7zenWf2rYIUAQgc<4`RCUb%6j4Xy>k<uR9<MwTc&
z`SPB&sJAMy^uK9u!cCGd!cw9(`Z^{IJk{=<Gi@*b*D|omzXI@^-o9?Zr}G%!>8*LF
z#sH~9)3xV_LKm+vk9MDe1?&aNl#?g}x<;<Fb1v-&X7FMevdq_57^?NGWOUwKJ{E}|
z8kD$wXxf;GX>kb7X&zrPAUy~`O;>y$Wd+LDEk#Q-ou?GZV_b_Hx6e#b8&%hBJ@kIW
zWXu~K_%ro<1;nE(!~<0Gc(2wfT;A^R(*gKtuKJ4uTfM708@Ri?8{Mdd=DD}0Ui&8k
zUZVH0%xjP8%OX%Q1`ydN`mMz5HHxqPfi*ugiN!w`xSS3?35p%W7Xv6?JsR8T1oEGr
zLb~WYwucAiJb6tGsKhQO@SZNNaGdP|zB*4)r@8l*MlR$(OWPadoZmX<c%8PyYD!}O
zrB8SLn7Nm3i&d4hZY%URjO-(+$o1u0IO4HA=aP8}I5Xsb$O98<3kvcqP(?5fy~PVl
z_jA7V3w6FZ{3R(V<O!eXH>Lt4u#Oy(*GM2OfZK3CaFc%{Yl@(Lqvt?P9%GYIOqVLb
zjzuo-T_xzc|Dm5<p7MOy>iGtkZ-v|Mo;aHyKB=i~Sk$2_=br#80A+y@2s)EB3Y^oB
zb;$?qLy?`yotCKanRtX|`g=r;F+@n@nikPPrXRgz|E;=C{Gty(Y!t7H2y+CIS{HP{
z(~zb2pIuh!N{G~(ohI%|lA$+A+&m_(9dfKw0*ZanVDi{e9_wV)TBTLxLLs!z<Q4E-
z#vz_pc^e2#5S|PHXZ}|hY0#K~rq&_&|CPnt$Q|jYqgDy}&|TC>T%ZIdIgcEkKW3m=
z4SxqUG&lsIlT%JANsci?d^^;h0VEkid4$wCcPibEERUS@>l{@iXAvikK=KLC3ZG3+
z>@X0_Nn0RO7wN}1B~C@lDQCFTqRKC~sRk*lp=1EYg3cJb1e)R=#JNKJcA23e>n3pV
z#6_;Mt)kzKt$#X!b_@8$kz++QbbS9kBr*iO|7{ZLbVrR`c2f5AK$L4b61F6l%XpI0
zZnYZlSU?}+6e2N00X$neMi{Zlb?(Sboe8w<U2*KLnrEp-qh!EmXT&+W8n~ClpUP<r
z%#EdF2l6b3h3>ZMwYQ{tapkQ}HM;5!d_8?Kx0m2;H7414f9C$^J@fT6#-;oR+}Apy
zYwc;z9!Vv39LQ5dPPd5xC;40Eti8E5GEG(p5-9<>`Fpy$|5<F<S~qExPpS$?a~z)L
z%iWqd4dS$IpWyyy42}ThnLNx%{hzPy*gYYs?{m4lWiTEpIW|plWBqkMPO`%=1?=A=
z+rRHKh#+>CsJeiqx%aCRRDV<-u;$wNt#90y%V2XjCrHg^rJ`lYW5&!QfLbFe{8ot~
z1$*!IR+|lEHsW7YE%tKZZ?M=D2?37}ci)=b5YUvJ7|t{^oKsHe&y@`I?qVu>+ZN~x
zdb|kVw$po9ya+hc3dYZe-!gi*X^NkIfLqo)RT0-8FPI9^nxS5(@b$&%mtZC9scM$E
zQ^B~J4gHvuejAw6U$zKaO7-0e9neW6B+iQeC@SSPY*EnvmST*#@w8-~l->0s(Vg`8
zolV@w2V5L`SJ}q*9*1Z>PXau|$x``rnG!g}<U#Vj2^@3<;)sHgwD`h|=%i^mt<2V6
ziVAX&b<tyYMx`Y#$nCX-vD$egW?)BhqOeWGz1H8M-aF&oz^KXo%|H}tRV1vPoEf$-
z8Hcct?F$}{dc#%22`--OB-E)G7-k^Ymz*)edbM~e8`+%PL4I)3O98R|`{CSjvG@Gt
z1CMXLA-LZN26!AhnHp3={M;#?jTXsb6pe%`&qaPLKRRjq^Vzan{x)GYzd6o6#sj#5
z>l#PUS!8`#VugjqPTnU!$|;6Bl8|3;hXo0jNQw?Y?GKsStiiL^1LVOq-914wN3h2n
z)1&`4N4Xz~yY*ueJMt^?r+Bi*c=CAUue{R<1D@N`eL?Uvdx{0m{ipE_zS*ugqI3PC
zCQCXTw;RNeQ#%nWsi=!`fEp=o)wlS-NMJABA5`$E>*c{#n#Xzc!>r*km3wZO|0lcb
zVoyfG!&b?EA-O_LeS%;T2mDXqel;-xSvjexlc+wyuQ`*|j{14+LX~)2rxhZC`s*FL
zz9wG6z!Rq&lW}ICTjDM}zfKT`l;$NR(g*0rJ%M7**Z?^2gaoZ~X0AJ7FU^nDVJ^re
z>CI5Rz!R!2g&J`4XZoL7;^6z+S@C&Gw()snpsuq4+=r%9-eC{VuT*|W4r_WI^<s7#
zB}$z~N`rDPyYGu{!8$*Wpe!s5g-;?`Z~VgcKaC#=PTa&J7w+>H(SwzxoZiSZ#{QlA
zRG4VRVSZGg=-WJzi7{k|X9h9+Bg_uDV->Bi@zxZn*?JP%@p?hX<|D)d9B3~THA|y5
z#2&$|Bg2PK<fm*0al43jS;(QZpJyL9n(5a<)F>1=7VRwfO7ebQLA+Pdbcq$B-zfz{
zBcf0x<(zO+yWDAh7yjtAYuYRfwdH(SUO#?~9_Wbilbvzayuj9h?faEeYYTc<w?}li
zabe03h-Qcqr$Ma`I6>Ecr(@Hf20V{}%mD%K)T9fR8sY?oL9UMtt>yMq`h4K|nq1cN
z>o)Ul-AJm$YwAGk#&+#o$asD9IW-A6d9IFFv9qsR4p8(RfPt65^ELppSyULmkmkeC
zP@U_Hk+8^jWNL5dXH3ee73KxPc&faf!@8vZAt-@xg7P{1KY}s|>1;1Y$K-1uy@yme
z)musZ_=;38w(;O$j-<I*Y(E^b9rApNM-ee5?TbN@a&f8S!k$4@WDto>=1H3A8SNk!
zj&DC>S-n#J{c|^viKlMbHt0YQKUcw=6RU;rQ#X1iqMX@fGBio`ck`Q-o&;H*)EQcZ
z-yva|<l#0U3lf!6CxN*vjNCkkf<sJA@iK-+X<?rDA~)$Kr7U4lbx^JXW(3ai(n;&8
zy_*87vES0s8WA7y$#{tC*}=)VLN^-u3)qhU^8rlDKP7?Le{f?bPe~%t=OL2@j0mJ=
zu@d-!$lvjGG0~*^xi||+u;6u%`Zkw^QXk(09NQ=Sxr17AP4EYSWHKl=b5bFinhc!2
zn~*vZzHZ1f?lbKHG<3!+6PsmgN^6sIN!(E|{QX(=6dLv*pA@rhuud@c^?$tpvuMCT
zxQGQwv(I0c5V>0|yctPU#^u+iyMm~?Fj8bk?hi?92k(&$NB_Y-*%nCt_#QM+>&-~=
zVc8R(`eu>tNP<4<-brr0_TrS;dA?)4;lvdi&oQnF-Ue3Yizd4<UO|9I;!^B%j-jq$
zf>t^;oe8y0eC$WOe+^_Ag-MfQq_EIr!whEzqS~akwJ|`lzcacMBYw+LiDaBEyp3&`
zUN)=XZvyu4#z}np)mqu$6h%%ZO`q->u_N<4VO{G6Mz=N4#g#_#C|egU1xKNQC+L!N
zToyD73Q2O5Y%3nl{w>^j9aM$oqK>Y|G)0j)<qkg$YQEy4V%WtL!>!?H^F&<{xB#Ls
zRaPe&1jopn7o|duCUd`pRS*&I%(v-;k*{RGZ4Q;rV>M`~Lc;g1ZliQtQ~F>?9$qe)
z5e=33?IUxfS!7n5mcGueP8o!IwjmczTJ&n#-oV&azC+^Paa0<hkNDf>8pz^fGw4Yn
z2e!HhH9CZ-;5%ybC11(sZ9nd<Oda%j*{!={3R+=YzRXUwT(|j`lfzxOBT_~WA8wEd
zM4v9~Tk5n?;v;ifqhG+Yp8l%#BYIGwLn;e4iPOQ3OXR?>?>!dtLmx%IHl%-&ALkqO
zer#Vd>rFq$`K`M$kS=P))%PQ`3=3!*upXmLlN&iyqayWcDiWO(E$DgZ<o>+cL20pX
zVK+8BlrC%!Q<Qf)j!kX#R-O=jPBsBCVpEAwKe@{Oi)9h;xIIZim{*=g*6Py7yOb0T
zYbJ|drYrJ1Y3JTQXp149kD|up@tq+E33Chc+V%uGCG66I`f;^x`aneFBCV3SmM!(s
zNI0RbtcRTW-eMdE6tTIC>~=$MR@&t1CJDr^Jqi}k&?u7d34tRV!sMNla&D88Dg_1E
zXD0qMsU>vTTe+k!k-Inn%-($o3OseTyXf+9$~i)&g9&th?^We$FFk?QwUqHQi^{*j
zB){=2c^<f)s6x$qvLzU?<#-ZEX$uOeo9G#Sr6G#gllm(Wyi|uS{s!fEsgk-xhdIwH
znTw)f>K80v4AB5n6F$Okx*)?dBIHfzLSYHMh!$mIBsjW?W0YEi!!9&e1Jl*AePtr2
zDcNFMXOc}}1nbY-$i|Uo0U7iR8rH(0jfI9vPU&Tjr4n}YJ23|dPo6+lNZfBSBv<@~
z*vya-F9*$27>@y8CsQ^2P-LJf!GwOFalAoL>TP1k+XHk+PTN=0SD4rVwfx-dtj3&{
zzG<GE*0;PIXz+Es5yvQ05{LCTgW-Ze<wkFY_ZS&XI*eyVVvv*PcfEI6V$JNQ;}7x_
z;|NK{%Q}e><^heZy{c}E-Co#ein6u{@|^mhISPFd6WH4%UP?)P9=l+sOvvx5_2kjr
z|HIZ<fJGT?{az8JySuwVx}>|iyCfus2I(F^BqgO(a%iNxOKJ!~x`yt)ujf18x#ygF
zA08M6X5fvz*IIk6_5bZG*+fCVHixfRt$>&Nl!+mBWA5hrNveFc!Q_J6!%obXn|-GS
zR)W)E6+E{}r*hJBUn`YJP|^3xv@9waMWp)`Nuj~vm+T)|KL3m<F`~(^VF6EnJctw=
zup~OQ;6>;_LjAITuE3X*)Xa6uN{7RPJqSzF#*ub7mIKpR9v!Wi!betpp9apZH|pB0
zr3&rrl=iYdzFUH#Ow#`PxtDzP+rM#_i^Cv_g9E*{x<BORs0nMM5xO-uB!JWts-`3w
zyI@sNtB*<XUfM?=F*Fp8%Wjd-c=9KgCXf51<t|TgEdK|>1hw3@SApzKI)~9Y^#f^L
z=0KJ=i<5wPF$$b4I(!LTNd7v&KvKgnW{`9JdK)z24iYUL5(flj5}%eNzR%(<qpY|2
z4av4X?Xr5k@i^GbW9t+rxuR^ac)Mb7#!5}y6SsI^8c3JJ!juPMCUPJes*6)oBNb!$
z{`KR??Ksv+E;Lim0&W7Yi(!CFPVqY;`+P&LIvcQLyK|7=a`8j%q2+@Aj4v6Ni##eP
zDMg#GHkv4P3{PCTx6q|-`;gOb$F?VUV4;eA)XP9rgp{!Qwps{>*w>-j_J(fB!#=(w
z*^ow3{w*hIHvW1-q-M~3HyzholBF>bE?Tc$nRk*Ak%kp6#DUEoW+UlRRvg~#Nxf4+
zG^Y|Dh_IDVhc;2xP&gsK?!L|{9HT4+)v8^n=a+`ypT+hPA-y3!QxI6#zO#6iCr>)5
ze$0U<OPIV6p=<{}b4f|=Cq0}{&O0ab$3>X4(!=It<(zB!!XrH*cfX!4gO&~YryFWT
zE)@=hy*@_<g9~hn7~bI8`B{}Y(t_m6lLRKi_0vjmSmg={?!S&<=m~X#J|$WBV!v&W
z{D8Ss?MEx95PQbIF8eELC#kc@8-EA^%z{Mi56My5x(wUW=a0ejyH=lIq0WA$)lh)<
z$f5KdzLl8})jR)mH+nUBo=}9ZARIeKu+MZ~mcTMky?wtfGCRCb_4+ChGEZWZEss8B
z<+|1#VKYZnNzj`NT{>VF4gPjNT2Yi>=Ia=iRvNz&MoeY5%HFUv8}MULKxeD@i)L`o
z(`d(5bKkZ@hk$17nAqo75wja9pi$nz^xih=N4@usZn+^h#S&jRQC-j@@xoi(RGi77
zdTyW@o((^4<XVIZ^k827!xv|n4wNCca~H0UYEQhSk=U{HC8RitN9P-#9Ca^P&h;m2
zxr_?s6iY8ysYwx!Q3m#nq_LP$FZ$}Ed2Na`cwRnWu^+@v5Bf&hEQ=DP#A6|yLOHu?
z;fSUmxG3w)icc71f;ckuianKWv|KJgyV{Sx{i~jTtB3<FP|-F-%Zr>rJt$FD359!g
z(ucB9z)$FQU#EuouTme{i19$42q-p&ER%xQJqY)h*25}5c&?qW>*YBAN7TI3(0T-v
zk1s|jM`3Fhzk6OotQ0g4>S_u2?r{aKwuS}UgLkl;Oxwv0(w#L@j`q3InbgR}!sLFV
zGph%`m*xHiw8=KR-hKV(-K)wC-Zb?19Ied(FI(4KW{533i?a2@v0~dmiiXp>HWtuv
zBE9@X8*s8iF@zOKS=fjqI{(8^9-q6Hcu1)sgj@)<O11_f6kCo~Ea$utV+P@v&f-@r
z+NQ=NpMht4zq(!>rnDW5`Xo{MrQPi}bGo(Un9NYHAAK+QIbKHPLyU0m__uI<V=@X8
zdRSHqG-)RD*84}#iIXI(DekNP79n$5w;B)>^eD4<y$z;NJ<!U@w(j6sYR@3$Xme}#
zTTjW4CL1{BC*h87vaB$04*%5~K#$OWEcPZ|c7E6vlCMyW<wY&|S@h<BfFWO{_O9tL
zv-xJ5zw9vMSGj~qz}2$A#Z|Y}PL>$i6fDaQ*P{2CpjCsf5yp$r7PZQMBoQae1-)3%
z4yf@FEorTP=bSZSe9GJ{rNq#>`f!YO@#Q3PagcwbAlYYgZsZT^z<8FGxbP`7`BnpG
zJIaHOL%2PM+Fut9vf;OVTN2*qBr%-)wwEtjR$uy-edNekLj<%eF~o1v$^dHj{CTe9
zxF9&3V}u%S+`$SFt{M9cEMjc;Z)Dg|E&3*vQ61^25w-c@<z?ATTlFK(rcEa^jlTVe
zFy+5!T{pHg+C`I^po+vVucUUA+Dl$?UDtz6EYnXQ$RN(l?9i}4Jj!|;fC2qnVM|0r
zq#%^TKBY6_Bnl#|Nol#HWBtN1v)RN3cZ4a-oTplP7mdiAqc&hddme8)y3F1SZt>A6
z$_A9wg?eI;jlec{+e?W~B1p=Iy8MG<zidWUvU}Z*8%IjEg+uhYn%yap*j})z?_uj(
z2ijcUU@X)7nJfx#`3X>l@FV(6TxCVOf0otGTp7FUBUK^|zgps)%0@M4JXoEd`)gAm
z6GN@rsWZohrz$yi*8IRWM{ehJuv1S{ubNI~BSj0K3o$sqw?DhH>sZ^nCMc`wXcb0!
z#i4o<3Uwo)X403!{Dy5g;8f!1zXh+uNt7S}qQtvzpy;g}yRTkrtYD^H8f>ZTCDU>#
zcU6z7i{Fr+kWW^3(#byo8o_+~tx3hso5N_iuh1GWkU0jFXw)xn;+_04sLL$Cz`7H8
z_6!^Kcb_XDvZ?)HBUd!FLkEYNDLa83scj9FUg8YaK|_?9=8`58^(5Rc{~7mpUbspP
zb3h%XV4qb&873HZ?rwVt<`WU$hu#b>k*b;j7U_e|dB2t1Um5Jc{v@?`G}#pmwZIGh
zx`aL*wnEYUIq!S!>Wids%X7p!WZVWiP!m>EK_LN~p>_!IM4ndS_MuGVlXP;bIsytS
z9afO1kmK%}B}*b{Rm@FY++k>mhK(pl;A)RS?R(PBXtI>0?fr_ivah#7Gmf<HHE#2b
z{anSLBucy`4pv%3@iwoH;o9lI(UGRZEOMX2DUIlOM3%~FKu&Yz=(oPK+VE%GPFyZz
z<(o(t42O%`T}N7<v)#u<q_X(}E_-;mFBPLTEEqjoeZC%}Wujdx(!}p&d!}1@EdAQ3
zmEGl3UOxX`K^V~IEg&vp@XQ|lv*=6&^a+2NWVKu&u6NK-V<R+7G7k5*(1+noQ#R!9
z-^ZBc28it3rq2!qs?QO@WC9^QEs0cH>U-giCifues3T{$Ta`yFtqDH82wqwv-%DX3
zc5-2zYuBkVy^atQ_Pxe{&dDkH-I=iplpUf(7Rv#l<mP;bT&lC*tEWwshk<~lDc<^r
zk{M{l%`c&>7TdCejQ|tpuO=jcT$qjKgZH-vU?#3Q0d?Q!{-TnGZz7hZ2G)#~?+pk>
z5^b%5bwffwHiM21e_@hY)-QK~lW+NH%zXE<NBO_OO<73nV&Z_kn2J3V<Qe%^->0!b
z3Lhr|%Bd@{1hN_tN>RTLbABsURaXWF#*zt|TAex&%)eI23Ae1B&*yKyA&b*HX1rVQ
zMPEOATct9s|FD|UXt~|Ua@x5oQ4H%5`LH(J;kFuQMkT^ZDBi(?<oqRl{CSxBv?n)Y
z#k|`{%cVC#id{4P-uJhva=@ArVS<gvm)CFL|D5j}cYZuV>Qmt%OlZ3No(MTQ4r8wW
zT#>X(1Z`upRU;{Me^fsTb|4SZhmai_&J3IxB;pg8dBGS6<NvA{iECL7!gwRpeGfKX
zC$}*tLNnWaEI*;kms2dkqgj$H?UvO#2^(S!3<TeU&{q8KQZ!?OHy)(`$*RX&HT!tk
zu>%^)B=(V&Su;(yp<6qkUBs8(%25~8zv<9prx>a=f4z&Gdh;i)FYV}6RI>>}Oiq}c
z7#o@7l-Oo|z_n69r5Yt<V}bo`Bc2p8@?Uw?U*<qiG*E;TEseAEA32XP6U)ObQ+eIb
zK>dx$P$t3aTgcy=*z1`NwHVpcX$I6hq+$X3l91a~^}E10p!J)-K29r8091l0PBAVG
zDo_aQXtHpQKh(!?Tk9&m^I=~7n7K4v%|fI0NRE&D5zMvrjildXzmr0)Rw<Rha-fkJ
z2pz6{$f+QO9A}2=Bpphu>2pg}0rRZQym*OM5R<95!)?3pcH{Vr9PBlObYL!-=N5IT
zGIoQ$IjMoCw<$yMt#H_MLek+;l%1fRV2w2%-`D#KysU2tyCg#Tbav5XarY11pLah_
zCYgsrKToT28nF&?O!hdjkHIE$P0FGtr-t!yiOo5)-hGNb{AIm0MaMj#sxq6HRr%Zw
zTYat3hK2n{1aC|$j)(Ju($QSGNDutzkpVW&vJ19Akuoo!f^@=}NpxKQ?BXWd1AWd-
zaeK4+u$l<1xy!Ru%K=nyO`iH{7wt8|LT10vL%JmJ+QE-rFGri%*D8hEI-G|xkEs7J
zLA1;j2cEJQboETOYRV38l8&Fia*c0ZS+`1?#ep&g11_&`nGaL$<Ce_=&jXU}1j5=f
zjkccjdX9tZ!whM}&TOL+JN&&}`iAMwA%Q(v5<ts%vWnGFJFT{EbIg}dFHF{FsHXnp
zu>grXJW2Of5qKb$s}q_l-uzQlSIhX;z&kWiF}iP7W^IAc{jjBtX#YC@1=;TDbd9P*
z574KaT9!!b!!%k?M=qRe5lH*Nn+q66nVLUKDE}Zqw6yMEBSGaNcZEQ@3qE9ABM@k&
zh)(LW+#?|&X{i*c1D@^=@Vyx#GgFj(PtR9%L*kh3(ht6D(V3<71=2xSk;{`9WE?IB
zEhBrLz<5I+b9X%Z3}`Il$x6-OS#3$=*m7p|RL&Pzo@Ojx47+v7T}W+5Jql4Cgn3zI
zmnYVU4c{>y6qY9z&%c~F#<=YEE7a)4ES+c#uDHRvjwd=YVNGWCqZj|cPSZQ?%QN#d
zsi77_){t3*j+B)nV=9O`0h+Uy%<WRVdiw(}v|-93b{RqdNDW+O{?_XbdVHVPwF_pg
z2AIb!(S}a5V%6@OT<q~@7kT=UfAt}j3)Da(f#_vJKzHF55@f7j`auU%Sf&6PYhqDH
zAbU?hcidiDYW-(~Ke%&P<{&OLp#PyXX|mpC>an1E9>=mY7GE7W9KM6e%&MfqRU>7X
zzIWO*r_C(GExS+jUs>|yyE&<5ior+qT!c;E{2#dphB7PQLGzt8nQ%ZSOMv3dzCj1s
zP@UD3#jKX=B(an$3tL;r;EBq^-JWtF!ZRcVjbSYU38fr#WXJ~5Tr6~|RAAE!=1YEi
z#Hiq_FrKg<n+WuCj}hJfVgY}GLRK(_=^<55cLiIYlb@Q&S5XS@bY4R?j1qI|HcDN0
zSFNBehm;^EXu_j#IeYbIAxQGBzZb^x*$LtdIQAP<d1@R#k!<zPt}Gi69W31aj$L-k
zH5&SD9;{ip3C`zwI%D#qJD1#!D1TLhJ_y{!kL9n9Dqmqqs3fV|SvIS+0p8_QQ(Xr*
zJ2w)C7SaiqJiQ#0yTyu1z*a<VIDSc)?MUaX+Q2rX0vStg*8ZE;a;H|v(Oo9$478?Q
zfCkY@5oQVWh<=B#1(}weJjD*#lEY8M6gHisDxF1z|2flK2XyKEOH661TzIqlO~89K
zDm!hd<&o0V*Pfm*QYFRKnYhrS>T1_jgM`-8G2$-4iX|YYM!}C3*GT7^f0gOu8&F%(
z>e-W&98G~1e<Hi@?x=|M!LyFSRfeRB*lUETSD6U^I?un~sLvj}I~ZKT#QOv&)aBI9
zcB-o}h1t7SKjFlzs>;wzXn$f{+*05zdZ%3dl7={2GVTN}??OKMZ>BjtH9R81V!iha
zu(M7#g73AFAT%U$%v~QHYWo1i(;=pJGLSIL2-dZXx~5<F=-vLI^FT9-T-ajkeagHb
zNdF*Iv=-+j?d^Ks-C(Y@h}Q@zkQeZ+wq(yi@%MgrA7@BYpu`eBi+uUrLY$ui!9cLI
z!FJ19HJ2}-gjS%UvwLHICO7boq03T%RLD={W+#Sl%omz2if~(^jZo@<l2c2()#OEm
z8$e1!3Fzyo&ZXuM3@B^@J;OgPQ*1t|-#twVSRxY3qI%vUvXBe2Q~me}M~*4%I9J|P
zKW|!wU7Se5U%9{N1FpK5TeBT}3!k&0o82<vT^@*ENK$-X1n_Nc;AK0?r2!Ro<ksXu
zj=*;{Q1;?4gJHGXHrcgVh^hBm0-zy=9;~vrB^UIr05a(tYn;i!`@UU31sHBW=l0Cl
zA+<CziE4b-YFV{H$0(zRX*#(!J!_EH_qGh(p+%Y?E4%Qox>AAzDzZ3NhXV0|!4%zV
zzXz&4rp1cLgbe}?Z$K(jKRrZbSH)2;zx1ckA1!|~!-F&jEq=EyvMZ{-{fBJs%x`We
zh8^o0BBW;+ZJU%-=$vhw5WT524Hw|K{EvG5pAP{M@1_m)3MHBjFh%}a@E?E$cm9_J
zZzukUJd=`{nQ0HvH*Vj_sp=gcK`_kkBvpSIUUvPxg8GcBA*OIFEcaRoxF%fZJ3QOt
zIb~ULU-f{eva!9YKXWZ!=lJ700txQiM)&3SP34t0p7AaEz^_YGzW)j)y?yDYB~ecn
zoY~R-rK2)BXRTJV`pWzzra4h~rf7D%zW|!}fl?xw9g6Palok}?#*hBs0e`VCShFK=
z6nMpVK><>Tka91!L4;_9)b|%^u_(gq36w_6qAni17~k69K3aDa>b9q^Sg`mYk~av0
zWhkV94@DPKZVKyvFc<Qv{`iPSqqn_4qj{6BtFG0U>z_XQO!yF{${)D#Q-^&BzL7aq
z5>N77bk5ltj-_054zfx$ae%w#CoiO(QowGZU3Aqx|FK>>UC%y#BH>hqGttq_uTrH2
z?blr@yA^qI!3C2(kw=tBBK7LB!C~kg3H_=#>I4Ku%&IV`A542LRz2o2c0hHuBD<X$
zRENJq45psQfGecaBPXOiD_K6-jAZz0qy9CC#S9QU5hd--QK`d>s0Ap06-L<rb?4AB
zMPz@ef3mcK#lmeoqM*LVS8<$0T4BsY9A>80YiZUZE%pTNDDkRg70ih_LIojB-%Uur
zN)BWAUoYDF3BCZ#nie~5vmXv$$#xpEmX8yMYTzX^+^bhy=AAFhBz;Zi=zwskN7a&{
z?WE}%Z!mL~{G}hP4%2er!0qAj<a+W8a+{c$YPleyvG!i?c<w?BeiO*~T2G!RQbiJ?
zGq!t^1^u3-JEHTSV-Wu3H74*kM6-X?e8v>sDm;vZ?yXjm2L<$c5qAF|)l#eU8v9ZP
zu{~xgE!D<@6!PY)ZOD6mP$ww}0r#vnQ-k7dQP6D&)}fg-Z^VI1F@-vB1JoYW#2;~i
z&fk8Zz+{}qNay+ohF(NKF1+fIn>YV>tX+j**?lnLbb=j%#?&G4fwkON57Vu<4F3jH
z<!`X{FA;%lOg+thJPJBGWPz%b1v$CI!4*&huG~zVzNG@S8rzD9SLjs*y=pQ3<$e3H
zfS(F5!V@e>JpX-$;<5m{;hBUKU<k>=E}ZbfR!g+ajuT5#f~8g4y8t!?U-*h}AhBG5
zmXmZQ2*3)F3KtF(z~GXW-Dm-`1A2t~6SH)<6gM-u7#ovAyePhx_Ky%+C*oZ(w(vB8
zn)0ugF_%^(VZpN+<J&nBbD3I3wKY5pY9wM>*x9;gltCw3)JoScdsuFnHQWC2)_(@!
zz=QfFA~1(8Gg|&XJfH?@b0GaxY(Y0LX3GPBEAoRl%{(~NOCNskk5NnM4A%Rtb@inR
zP=jia6QExVUPPL)r~%$HxO|z3sTVBFD9Bzbe*FQs_-sPEtc{_dN>XpwBF&9H7Um=7
zqwA)j=hJ9nTp>dG0pxsU9d&f+QwuN41n0|Ie;1DicMtkhEPu;VY^^nImr+l$ZR2##
zQ`O@SM(!mohyf>kmP*$lJ<DwDTmN;%L*9pV0{TFR`%r+>YPId;-KC@TG_;xgzv9tS
zR!P*ptE&tbd!4E@fU|PcG-cf%-8gSqPZ4410srf@8y4YAIT(4uRtbhnI0j8O_?WT<
zuoUJPdchxblHfTani~Kf1&`Bp-f!?ls8wzbZSm{>v9QCGu5K4e?lEM!<`Dh6{{H?-
z77Q`|=p5P9v`SunVT=|&fLhgM!ot8-t;)aS2Sj|<cfc*6;~bIs&vOBI4*wfUo;>c6
z^6ovfl>;t&U_}Q^rh9U-<vdkvV3O{2YZMY;lmc;eRBRsmu}>;IPAsKa>K|sPpYAS;
z=U~8~yfx*94;s@D1!A$>H-BTXhI@}jnu-&~goMdG&od?g+`SNVArtdtu}MN_+{dI_
zs)Mk&%eD305iDX%-6Lukjb-VXB&6cWjix=wj%(#{OK{?d-X(1gX#e;kuhW_VIR63l
z_y6f)PR!uLp{IqA(@(%xa&12?phcRw4QuBF?g<#zaBzT#B;@Oc5bzq*rNHJTZAQMK
zF;h18TD^6FJ<R+vwB2<~OiUC?Tp@T|lL=H5)N1`2^M-8r(S_<x*xM7s`UFfJ!6T&5
zY2Wa&R47svGH{3@!0uBvEVe4oa1>SkZSIk(A|R0#CB6JQ;P_sssp9>I3q0}v$MI1C
z`KK*&L`X^^L`BnNeN*+Nng^^&tCYb8I5K#)iQ$r>B6Dc9#qNAno*hGOY4P=zi;Q6i
zrtl621TQ~2JHHbpUn?B!2+?=9c<U0?7l4gVSeD&Hn9RB2MN=G3`R6s9o~btxd4^ld
zJpB8_3>IMd?F*Xvy&);tgLBaLHa-y?d;Zn`DCcZGmdxk+do!Td^55~%R0NJ)V&uN&
zzeyQDC)D^qP+)&aH2)kf54Zs1=fNIWXu1g!O8!OgX(|-G=<e?3bX%8}=vIN3hZW(I
zLel2;2tCR+m2XYMP7&X|GpB*yU!N_VH5<YKurfp83qCLCc|6``{!k8<rByyDDkvU)
z0}r1M$TOm&qZywzf!0k?tjUAR!I6<3K(#*0@QnH<Y(8g?KOduHw0-2@vf9p*4qMo1
zHdK^?*6<^3<@Dkm>|o-v)c2d4;twaIFofC1&h*P2z(DD$_RqnxNB_x-FfIFWfa8C)
zmj@q5=eE0h`X}#ysD%G!qo)7*iA33%SC)1FFQe&d(NX8?h1*8|tp)>gBhv>0PdU$w
z@9rGyrS+wFk@;BT=E}PrVh#m9{}#8|9A~o0vx&e}HGa$MsAQkz1AUP}fJZR>n4i!0
zLQ+I4gS%LTGgGzGzCpm{UwZ^B!=WJmkWQ3sXsHc#W)JjJSI69+EsJVu61W_A24KHI
z&HDk!u@t(X?NOp^A+H}d#{m6>k&*GlL8+?40lr_%yJFriKw(s8%MS*VpV~-4TS(b1
zAHRq5Xt5D=Y}Ly0>iX*}^*@!f&GZ^vNIeVZ<|fBq#N#+UUi7ZjehLus(==d$|B(en
zLYkyu&3{29BpT|eJZyXFM?LgPVagW8xAR8>hM~^U2&;svO<VG%<Q$3tf;E}Iz`@79
zuVGWz@NIPPueUjO$MAUHHU%}Uws^4UvSlVZlgyzSb_69j5qqE+6sHgV1ATDQZrGj;
zgnGZQFuE{F_mOjn{aa1%ur5q_R~a6GA|wOnoeJGwYJfA<-*SsxPYu5}iY5v=K~9k<
z=Hk+;tronH{lr97g3$cVBScguT}2HjkISgH-VN0LVA+PRwA*|cxW^MAZ3~TeJlq9?
zh20WXUw9qg6i!9Q$D>Yu=`o^OC`=Y1Uc(_HJ9PGP&y7M%>ZNkCQrgrG@15H7d@mv;
zCFS;T<5pVHyq1>S<b20jH7}*tJAPuor0-w-0<jvkdz4&tRdg7zHLF$w>EuFJ<l+vc
znyzPn4Im#!sEXBl4bkFfMDYr(!NkjWg)J;Oh)6{fF1uAkk7N8=&%n$kFxBhbT*!U{
zIzXG@lA&7CCot$AUf^y1Pf@?mr8*mfZ#dA4yVX;Fv4~)SC>Si&KcgfZx>5$L-t9GW
z7$Q<Wl`9E|1J9f$ud{DQBB7@+V<wX}%*nk_EL=~lP`C}H2-7k=+>d^1A&6+Gt}Rmd
z`biq*-Ft9akb{p40myzmew+wuHp5<rM<ByTKtnY3)5|fbRXp&nj@qYA?a54Ef7fgJ
zZOuU130BR3qd=V6=+KY`JeVz6E7{GmNffN1tc+@DWfdnbB`N6&gL1K&{G4$pluL#x
z5bt}H`t_M=RStlGLbM+&qwG*g$xk*GAi`Cc=H}=d^n%gx-y$l=wEaoZ<(B(P68m@G
z#E9_H?=*X6UMj1dij^F|M3_Q=uH;e>u<(9`fDZ3{kcVNh&}&udE&^hmN-&4~_H*Iq
zbsyjSS`8=Mku&x-aQG$sn>Uu7A74K46O|dn0k$@%QxQvem`cWDZI(}V=z9HuXO=WC
zKOc;UzHh9&pVaR_ffKvf6@qv%XfhDW^M+^i#jgosw;z-G<sa#_xGy5bUlPWVW(QP>
z&)0k8N-5ERNXHN>&%uMau|A=$XpI;f^wx>zmyE)~E!vE{*g|-x<<w8KAL_&tMv>6b
zK~TiRXflp%|Edf{29TKi+gGDG>r0#bI@)GGflCtHcy%&5ObJ>Kot_e)ecdI5Erfk8
zWBhsCZ8Uwq!OLKg<sh>B%ep(&-*|oJR>-_MoKj{Lz7+LRB%sF27{EmVi|A>^a3~Xn
zYALz!;(b%?wBz8ZpF`A?|0TcJl;D!O)0WPlJ3w#R!WPGKNCF&|MAfFTk>w6Rc8~#(
zHxK|2u&Qm^<G2uL%L7a~Uu*i!jp(5wmhtaoxb{rf0qwU0#Bl2Q7$1kqrF^1^s3dIR
z5d_62Mt2|ZbCwQ~Ck+(0Zul1KCd6vgKZ5C}er+9&W#P4n-7C0Rv(GN>JM_{N8bm#G
zzt~N9iHKZHDKZnE|Bh$Zeq)&ROB!AToR#=)hI!Q2SB7&{2{#$hn#APaUP-=E?B`SZ
zz@9o97BL1y;^Y&MD-8VXIT8zM^Zgbii>~0ppd8%1ZR5tn)o)kV0y(K$Si<9~H4Ogp
zeA=I35R47k?zMoF^73+SLASrYg!3dw!T3;t)K9aS1t@M=eX0Zr=4FpHu0VR2C#)D8
zy4p_1vfiqc<7wC#ySmDMZ*$>$aF~*2-7b9GZvpzf%YNW-%>P#@p+XYx%>k-CIf&5f
z6;H$jmYC8F>sqZfSrRbIU;ed}NnZJq2k+9Dh~-e$Evf}p5_XQl%79J_Y8|hwzc<Vg
zfWna`=A5b9Wd{?N!nOeBkSriawBXLH2E=~>R||HgDgYt0HMC+>p`jOiC7w_ZlnWT?
zLD?>O1y!t8Ri8!LZMNQ6tws6`R}x}7^|L){<+z9skD_%~Em<ae@FCvby_123M`U2)
zTgvX>H}C#pMv$PThgD9T<2!#lo@*$nHs@hKP78s`OS#?NIucWMa8B;s(x(2b6A25a
zZ$?CC^?xiZ?XC{+k2jiUK<B?ulBrN<LHf!MZ{8<9B`-?0e-hv~JoDXII<aBF9@8Yh
z)h4@xTwmQDvG+&t*W_%h$bi6))I*`K*pLUlA=2D=4@*AoN>;DbT<Rx%p@`?ueXG0U
zh;6_EuXp7b(L`+-6&Q^Sw-0{+l)S@`^izLC6-3ufjq`qC6=>K~cQYwPK@-R{!%k*k
z?*156CHi$x7+d`6PV0^fdcIM(c$)@wd#eN#`Qv(;l6Nf#8y_A5=5dA<kP<#u(*?Z8
z2JF8;!`ck9<hs4ZF-(DUT_4Ns3zW$;QDk}oXy_{8$jvBvg?-S+C;6Bmi+2TGXxu>j
zgpvJDzk*YGF5%swP(7xGFe#M<RctCRv5G)SW?bts9IdBAOebaKXS{P<p)cuSFrLyz
zTN}Io%`ZjswYVK2n6Wl^QhcLJaNmGOka>@gD={+p3K8i<3|#E3msb1l#t#$zJu{r2
z2O~OOgKQ<!uLE`<q~`TZ1^wlzl2rR&y8uc^)F=!Jv0zDv0ysx;2%?oMnJ3^TNw?mR
z3Q(g6X=F{qg0;*f)Zf7`@&}*-kQS_6ruFZCffknk1X{FAICaN7gvo@zKzidisl_7k
z=f>aAmT|>&RD|uF^f#o5<+=`KUu=N`ket=t_F0?L#=*`SxN8UyNVS>1*9Bf^-4@C6
z9nZG=hH79^K-O&eDZSkxf#<f;`;0$^trPeu7WsQ-ugBoT`F^|Lw{Bj0>l<pz)f5_7
zy3}Fezx2w8H#%c}t#E>w9e?k#y6k(y0Zc<PvmWs+PsHsihwzJX^-|{ogvo^TTy^Qp
zGwB+V4rheIlb$>@bI#PwNr!o6{4oCk7Vd8#Om%T>J$lkFD^6X<LlKia+gS-2Dz@3s
zfTkOQwxM_{J7n`ZB!`8LX$Rxk$InK0n~JNj#MQ|su~L1X4amk3WlHO$`<1=5nyG1S
zOKCdOfHCKl#qy6=3sS%09vjEvtb+3{;Bf)Hcu1k|hW*-1bYfK>ndQ!0FN>%lhVx~u
z+VTmIboqZ&mUnuadU|)&vap#%=Wstr0t*ase!*5{ex3Hp#o}R3O~HQdr-s`CvM=Hu
zC(wN2f8=@4t@%w7QTsDA26<HS%SoGzzcBL*uAsqx`^JbDDg^iEI7wDN4)D1D-|C2I
z!ER3qy^A88XN*>qbXaiZW-Bd7Rs>$E+G8V^W%S4Wso$Q?0i<VhY;SMR#{3Ka2l8JD
zAE<bD^t{StM#ng_e<A~l%rinuAmb4^x`y<BD<q1R48?!)rPK`Bv@-%}p);fEtyWSn
zk-+mO?wzXNL<y^n15C%*$T2DOToH)q+%#+~@R`kB%rnHrQnkj$^TImGBv~Ud)QPdt
zWDPU|lVFqTJzMDvq(%%y*`AE<^>edaGf7xd05WQIByu6AGRcw+`_G`qpAk(5u~x;E
z9ryYG{Br-U+~dp(0gK4OIXG7g^ISI#Qy9k6)8QbAKv>AsnKh31PBNvo$yuEn?iEpR
zWv|zsx*z;@)%);l5f+KQB=5`pT`ZFCa;6rPs@do|rs`R!hsj{mL!JWIn#}z^nk-qn
z$r7S4db(3M5)yi^^L(9LN`~tU8eFIoiCtLPlv7vL^TdkRJ2{<--=e%Jxk<8;lr!p*
zD8G;}h2SKLm?)9)Pj1WgHMk@K)lLmoJ`mtdF?`FXR?(Igf{SI$dGQjCmWrxvlr|;v
zcHZ0Ns7^UgA=<UQ-d4rs==*)H|Mp7l#FH37G+A5M$K~Po+DW~o<MPS%=9>7?p0zs)
z(3KnP=_TRd`e-sEZ~VS^sv5Zm%!M_!1*^mU1o^}=o1y?*1=8d}s^TA|CECmhl{4S+
zsAFi{82VF6Q(w78Kr@rM`hA`WrN9eGGYiCdVbsx3H|1So)JO>|EG&OguO2E0&MYgw
z^wCZC4_@AHtXhS#T4AMjt=+M${!<m|cT5@7yJh_IG}i%QVk?ix588@m+6t(5HA6W9
zkPRHp9Ncv@h?HUu`VXu8oL41({B2{|{CVmxbGi}*gSL5?C@=y<PEO7Je(hYp>Y%uJ
z>^w$z5_!G2>aRH6XSFpR;!MIBteZ7<UE1%nvh9^Y)fq!p+9MGUk$RawMj%m{zR?ec
zNTGN&;P19SUKv@ZiN$kYa)HLOqT)l%wn#_wKCFr+wZ)D6eb>q%d^Xe#qh`bAKDkhE
zBP~u_bGo&yovkcdKBe@-P~BjjQF*tVI6a|44)}D7aN!(T@>PA30&4ut;4oV6UEr96
zn^kmmh6pFZ@1@TMn8F`sXQx=3-e|qqmfW(V4jM(m{66#X<Q?0lI}TTkwHHF6rQO{h
zCHpDm9>h0(0VN4kGB(Ho?QARZ>>9-9cQMf007s>{0ZJXVZSXK?S5bhu>CG=8%gDhr
z4)40o%;k4!d3X2}R5NOa^kRF`Aj}5R*iciB-r7uVP6W}VRN{LxL#lz&jyi5;ufd9i
zati`1JWaIJJo5T_Y;D~U$hkcHlK{@}J`%<+%l@Re=(riektuCp2g}8)Z!;N)`R{^X
zALY%FaTWc7NbRfp3WdECH}Nco76@41+R%NQWXVs-z{Rh_7oej<5H(D{U4DIDH~w5F
zJV>Gm%(xsKU0vNo*!S{sPhS5v&kO$#6)*?Hnkacv554!&n?6eG(afYC*aKFS0ZCJM
zfMvYUa2bo*?zK_eR7rRTOJd=Zh24xdU#BipkE)qO%b9kNFm2ou$^@4_4R>ozr&B(r
zL`?>o6Xd~*rpeP9LpH*?V2W52<;HeR7WP>z3T(gBm2*^|qMGk{8<RJP1mH+tI>NiV
zSN-WO9vS3dl)dU3`S#-%<=eN2qCXqtI#v`^;HqB*=f1O-$6Rbo@P?A_hbhy`Nb{_9
zEiHQriHaFOUNSxU=WAJp%01o*n{R0h_|Su2$bF>w10O;hMxm<hb<Vhr&H&1qJUL5(
zI!KDzpOl;s3MZ683;Kq$vq>=>Y@MY^FUTk1f=zsogJKyy9ZyC0DwiVoR|BRGxqw02
zNac|gf+MU-RU_}(>Xercb?cFbXeC0wkEk(cs0F(?(DHVNIi9>*G{FDRxBe){(S^|=
zXLUSe8}GD-YX)A5G<!?mY`h-TIES>Eoc~P_Lvy?7{dVuTsMQ1w)z9{kavkAy*WK(B
z7rv{=5qSmfJ{uu7F2uZNYE0pRmxdx@mvv=2JbF&RJ8}vq3Y|SjE|24T3Th=E$qcps
zfUyXmt8Wh;{91{EL@>uJv9TbYtKqe*x!`(-_eIbPe^mE4ZKq6c`*{|5MMi#l;Z&Sx
z;FxtdRx`Ssrz&*>s6W4}HinCkwk%-&ih31IW>SH^6Er5>{1Z6>ulOT1A$9~)P@?|A
z$8j0L`JI}G0mgI*&m>pF(h?OI^u17@BahzY<SHH>9(j+1bz*%@6xf9K$Lew_@uNzI
ze{NP@US5PSFLiF#S0lmn7&43ydr|<o5=#cji}3BsNdJlHEhb8~@qxkx7PM_<2RTWj
z^Eo^8pYpa=!?1vi(kHtEd4zXA)uRESwD2ra_>fP&Bmw2N!rxKDfLIj&hyXekwdR@q
z$zdk32$fLf(sulzp-~{KU1V1YkcHLtwPObxHaH)**KYPx2uK@>t&WY7XTGzwKR&Ep
z{vs3k9AhfAy$&Ygx4iYA5IRh$fN$>{)@_bT%;^%R2t-36SO$~GU0#247Qq2VR410b
zJ-njln5*pc(BXT)M)FysrT-ln5Ij6#RUFeoq_6CG*9P%qp?`M~1|@%$5r{1{ANg8X
zcnY;jEC6;taN<8d`rUH+ONm3GaH=VxRk66cGvw9p@c|yF+(*P_BpiB5I=YCSO*puL
zXsCu(#%q%HNSG7i1k2TcFo|+(PQ<ht@%c_V<LOkQb4DCz>^1juKWklde#Xe<2nVAM
z6${75W@#-ZPkH)2MH3<Bor=pt1B_^Bv*U~b{5Sixg?do?87~tEm-YF#)i@PZ7A{U2
z$#S~O`!Eze_(laSE%vVnOp*J;43>6%x*?cUmOBupO!f~+dU_+Lv*SKA&0ag-&h4kO
z@lV+fRy{;MC39Ot#%7v6JQ(N(*Xu@BdDnNw#C0i;@wEDjMS@tqX}$kB7Yv~gCyVbN
zr@16}FzSmmzxdNY+2};Oi1hj8OHE2`CSGhV>88g{Tw(gqmQ6*ZvzqfHfA%OWacsI|
zp(j2$!=1FP4DMa(2i(uAZ6IMq@wW3<AUTkhI;_cc2|_Cki-wPrznlD!SW5p%bS^xx
zo`qMaq28fu)^E={E}G=LNnmYl++_EsVUSdbhb&Av*A2%d(B<>MhL`Im?adJJAl}mX
z!BJ+R_Fbu*Om7`J%4u70d(;4jtV%sT%1RT7^Upd-w;-k!qYLqe=5s<Z=oL1#RiH<5
zvt=n&RMU6Z)1#KA|CQQ;koB@BEj?X}vBT$eZbPPt8%@mZk=wk+5pPM+Ad`S=<L-gt
zFt<!@SxV4RR!(Hd<4?(gqz%}uF|ILFe<8-`yMr`{>ggB1d!8HH-+bCzk8r`MdD9n1
zh=z&e;&GLaA8?{`wm1Y@IcP1yIBlf?$ot^|FoFequ-mkbdq*7#A?t;niANmC(B^}y
zx2Q0qsM%&?TwMH(se8M8FUfMbt;)wB2Kuo8<hZ<ck_l0+`O=%)liS?JxQS!(gb&_F
z-eRUErV~x?uQzV9Kuurq@a2tpRbfrB+B8KQy<n}RX3GKZSTeXT_&%^?uIA?E6MDkB
z={SRQN_KYi9HC}4#TLV-%M36++0NJ(Z&A?iLNN-KrGpR_KD-r!Rq(7_B@}<fz59j~
zv}ugk{`)taVGiz8!EBTG;oFQTcK+48a|2R}5NHhQ_b#?Dj?O$>VZPyl4DPNc!?>M9
zJzWOkm>i=h({};khOT`j2<&)w8w28&>YCrJ-&2W4kgKVRzI=^^>9v*Dgy}>J3Vo<=
zy6&$9<$V}@ZB+eZ&L>yCq6(Cut>g_Bi{j%-y*#U0p2HsC2(K0cIcb2GWUXuOSl+q^
zJXkpzGo4%AsFDO=9a^!7__f~!D6wR>TE|w=pkoJ%3(A(($;54!cw7ic(5ltt!Be?+
zDIJ!ez(EQt)i*l9uO@XJ6ONi`W8cX?gu=kWnhL+UH{n7R95%Nvy+1zztsqV><=B^^
zeYo_leWb2@-ZEv_e7&7n&LK_~w6JJj<vef}HW@p{hNOu7+Bg*wINOf&=#$NP*xp3g
z<0Rxp9W5+^zwGGq?S4EbP~BSZ^Iw7c?)~seM_muOMd!%Z<xT%6sit1u&X$%x%gh!d
z8;g*>p>C_W#^Sw5=l3$2`7qBw1oWYgT}fg=cgB+gcq#7^U0!xbQGIu~`|uP%H}J^7
zV)lgX@gVrb4ladg;r|(6yLY?$lWspBX`EvqhV}mK?9E1%GO*SCYfYwGG`@UAlY|Q4
zr_RaG*4d(YVJ%0&L>-TAq-ALxA2*K<r`p*R_EolK=Ju)5r<WqDxpU3bL*oQ*cV`P}
zDsj_3j`JrLj3Jezo}a}k8jo|>?nSEjU|z2XA|1CqWymxO<-Fu3+QK?h=ze208Vw+C
zH~I#LSl+eFovMGgC&+}~9Ix=+|D7S|jH?@vaa0|6mAgBj>WeDwvJf?m&>`8v=XSYm
zp?7C<jI`|@L}mFE*iYU5WFW6}vdY_T#@^9QumiEesIMl+di(He1ZHz~Xn>(<6?1*o
zTG{Lzb%BisW9sKf9&B=P!Jj@9r)PmT^g{!VDNm2Th(8M$&qlTFHN6KyQoQf7@;h%J
zwT|=b%Gm<RuN496p(+4caL~5UgGjNYfZ;IAXm$dLtfDIIRaDT<&d-UOt=j!F!A#@t
zq_PO#{S3UnQfGwMk<j9H$C4YSy#o@R+yVC9zNV(+My?nAHfmDWDLBGMQ~~8MJ!8#0
zE>WGum^GV#EN(*A=3a_p7fg8qYVzEypyiC<=OI_8J5g{mrjnCJh(XUdcX5nwkP%mR
z`NU4GfEbzazOs)x8hN{*mXBhY<8yHPkv%O4h9@~~d+y4+9WR8Cs%e+}yeUHsGWJOR
zO)Z%KsHX|f9pB4Crm+p0;r6%+KA>CD%y{i|;R^1sBUoNT<RfvIzPONOp=ma$-;c~H
zwzd?I{rItkh*I7)YOxTFG*37p4y1(0qQ2@c%&9dOJrMn7nYc-*_S7;mF4v+n*qAKv
z5|BlAvcjrWQI@KLBr75{<S_R&Pp7-yTDG64q9EA^C5>z{{)#zvZ@>b_sc+0t?O@?+
zA6#7$DB)I>-rh9Tk4S+A`c@Sn8^8X%(J$vuhGBIuffK97R##UgBc#Gr?d=2k&)O>+
zxkfx9pv_y&SpD=1#KGY0s;=ae0{48VV76A6+I8wmhm+kbGOJnx8%m`S6(k0Q24p_S
zxuVf8+{c{mGtlIlo3RuooJhUnB=!LJd3TW?i%qyU)0UWjgolc$j-w+9M82bWPEcCP
zHfBE>7u+_xg#?*4cEe)(ymJs_DBaupS~!T6vhx&^9$t+6#>e$A2veIe%I#)eZLRb|
z%Jd0O7PU?x+NO7;W`dt{U6xiiT7WR{94>7qZHVS%w$W%`WmQ`@9b9qxz>>G#mN;L1
zBO2)EC3~0R!4)+6LOH7$)3IYUVxbY-_1ylDycI0CVJdQa;>^fa*4Y|m+Vz9CL;rJ&
zYnRi*ee<o;^{+1!0SS%iL1E<{f`l_2B&GpZ<V7X4JeC8CVnO#z%f3rKq&F$J!qkv+
zQl+cQMQ5Mwh~hz!z?U(HM(g8C^nYTaY%@fCjK&$5td4nl6k}Q+sOR`!mPspT-M*C%
z)ao#+)el@PUjnP?I`x`GsnHbZc(mTYM2bo-de2h7a9+0uZ&dxxv%Iei^EnxM=8pIj
z{j%9^>0}mLwmcBn6J6)azy|OyLYLQm-w&3_ihOVPKgx(Me!dpS!?+31k9zSOxY?1|
z?km=$Jx%OuIKVa0yTpFJD*=NxAqO8V@j4x^m;_Ag<M^yGv9qi46QZiFo>v0t@e+gr
zotxPf&F@{@t#gVu!TrU=<s4jn7SUSr)nXd1DYX^GQF66Ibf3)0bTrGI7<y&$19)gQ
z<+T-(3wbHow4602tj1C^uq5JqI!Aekvu82_PUCjm>)*6y8Cf;5b#Ws#cwsM|$yl(N
zjuoPXgl6XXvsJxeK{*)s6g_-hVOffVdP~0m9~+nS`Ez)9ID7-omuPImW$Ny@<!Kum
zo3+UTDJRGjiMLog?BQ%{#K2AZ0tkRbtrOE8V@WR^8XHhd*mc)_qrvR~YlDIK+w0uu
z&O`)DB8#bJ9U>Ppzm-B~u5=}NyiIh7$FHxs&jG)O=qwqyrNjO%ie;>$i8S2TEfIBp
zD#Nrhqsd-my(em4To{&z-LQBi4Jl6u&hl!`>=*T?CKrWkDw74g<VJGtKp1Am^Rbgc
zuzzn&`Rl#yzOQs#FZxHCo$hMCQq1Rp#l=2d^Q&l&c-F5^tu2sOXN*r^v=l`;!pYj#
zex8+8pc3aqDtGhq_Bh5doaL}g4*U6iGyyF`ahD`t-gqdHAGt+{VPk)Kt#fcAs68l#
zY|6_>3RC#y%a@nN<tBN(<F1JV2Y&{c&|`AyiUpxL#V?B@Eqpo>e|uxJ7|mp}fM85s
z+0V}x1?PieUP#U@b&?0;ryyL3@exP`E%w<K!FGN=V<KQdA65N7F9MCMU!H>)i)RC@
zI9CZr`Tq#}W3TO)<T40d<@QCRIijE=zuSvY0cx@mjS?P&ArR}+HvQ{I7ubq7Vc4Bl
z&%m)rgbYVeI7QG()LAUEY-Q4?Epd+JsAvCUM^@7_B$ft$O<|zx@Qt?Z(Csmo+qR_B
z!>L{z^Tx(k*EJ}A(|rit%}p?g!Q$tazab9irfDt;{cS$$YneWOPM_BgF*<CXX}BX7
zS31<NgC6%p<-4P*pXKBt3gzanpsknupogWoVi<qrb+tdI$G&{|&92}>>!o-6Pv4iq
zYDK8uKMkTEnu1*voSoO_A&IZbYxt?0`?Wy#m)(HXXbuh@-Oq0~9mN8D&xJk<is`qb
ze`sw%UabmxJ)o95P&m<U)f?$b=`=xMnlQ>k!1?}D0^hL#c-oHL@(gBYu&^PEVeT`~
zFa2lfxovO<MU0|Jgu>?`d@MM<s_ed8wyN90iy}QYn7{H4{vt%W#^*VgOmzr89eFFJ
zRq`W_FnF!D6w1XQ!}ocH`tef?Csob%)V89oYxDTW865iV{s&SlK^_`h*|SJ+%pWXg
zsjuRec-@*|yr<N;g+I;4riq704jPIghLWcw?NP9#q%mV`gT{Zla3xe(!F+i2tENWl
zq*}~6f<{G2nY=~`-22#5jPk7pz<)Pqplp;->Eh-NXUc9Dglw$f2^#)HNMEJ}oy9;G
zG6tE?uFLwgrj>igyLi^1)#Bv!LP&-(dh6p;UW)kqUU$;4))t9xVaw%cFwGa@%`4j*
zlzlr2?@iuIjJDpX*wH|E{BI0;<#ejhqCWjE7og@GccQdNGsHx$&~06k(UD<c*R+{%
zrnpmI3`^L|$&u|s!yqnsD6Kc~cEcv=2R@lm8qoo;?wTEkx87Rt){@;)EPhj$$TqMU
zLXdw}riH2j!>fl=;;)x8NDaMwOamMtg^msDvk!=|{eHGCCgQHBf{yu({Ze)`nWh3#
z@Az5X(t3FcNSQb@x`|LJ-AP079aXCNScr)BW?GkeVJ)G4C8jW2Av0H?E1x7>fD&wU
z_pJK2#FMukEZWU`)auw(&*^B)0j$~b6;OcKXAD&3NPR8ggM&!Ll2I7VO*x5(86dvN
z@jHJZa&kr{Rw=;<W&shy>wby&sRRojLY`9fDnBJ2bX-Stg|9?`w-j3Ll_#ObH0+n-
zxi*nTOscVU&wBTnRKydxEppkW*Xkz8^u}eY!+^Y|<;X15ChtRUCB=#bau##_n-ECh
zLNkY$s+}|{Q^26gBF1WK>=eKFFcA8fqdPq#@*Eq+=X8)unr<7uRcnoT6hEk{!X(V^
zR;mgHm*$zpHa?#tMxv?8YCbO+G)vC`0V${XjJWGO?DS^0f`JN&q+7m7^vkN1Z#uhK
z)GbCwY}7LsTH|kSVqj_2HR?bES?}42clOyRM#u<_)aJ3)=3sJl%H%1BUB)dh*Q>Rs
zuGK%4rE__ztHo#Ba0V@$BB(xG37Y!fvjp7i`8hp5vB4I+;ZX>JJAbU!9Cbi152%Vd
z>QI;X+GB#-?!+U%RPa4}ZN7EMy+mDX0QY=RBDd5}iIr=Wo$oW>&e;SmATe49PZm4l
zlwcy$FaYCgp=H<GM1rJbWg#zC1dBG=c;H$^;R+WmLv)t{rd0d11-@pMIj1$~u0_6M
z;^y@m6)5~(`Ufjje0!LjdBFJAsuGc!7c-}J9{=>&(kR-Rx+X?hMD9l(lJ0vdE>S&L
zQvi$a=gEl)3}AB`nTcFc33gv;nshJC@1L8^uw%$IkCWV8o}V5k-`A7R?u;mBLr+P^
z3T^ydH3G8&GLYD(rRNjS!9#dU{$52WSi)+m;<lr~d>oj-un&7*@wu7b-~N}|&HbKp
zTGjN3x*^l6*K1VsPh+9={dY|L<1HjYHDH-22Tr>gBKRMk?DdHcNo`m4G0;rmZB*>9
z%=?$egUzl1*N#fEM|I%uoorIIYgI-1qS)E3n4@<Rvc0{bLj%VBawaqb`(*T%3|#H;
zSZ}54Hu1__PZcRy__^zdJ>+s^^Tqqnx!0=ZhEMzE<_5<x!i`G?Zi3R2mKz53#Wnc+
z+Vb-Y4!j;D3Fn@OCkBDEa&Z$KFNx;v!tJI1#>xG6`KVX4e9VZ22#qrN9dJRKl*%s$
z>9BXv-js{F673HY&*1A}vDmT>;8~VR84J>vW;gmjnvi`Mt;!}6<M}CK*(e^&U>Su-
za^NGh@@WhARg~Dao10U!yH**SPV><y<%N-jiJXr>bLEG-ZDa_~VY9{GH0*|lymc6k
z@NqE->WLsECHNHih@=@2qn(>TivG&Ennl3{+GJVU^{1W@YGTPCkr^ZJYidG7es{*x
z@NtKrVJ^1+^pB5m$A$#9*yrDfk?V(`9Rl~UIp;}Z*%!$s0(ZPxk%+dPuhd$H2EU9s
znhp%km<j~ISbt*F#FK$Gz6JR_U&>7}ixCIPEyt}s34{Psi}T6%ns(!q<KQW74Tl0h
zI*UKgyqJgI<~e}qxV_=U6EofYJ($P}^6)zXdVkL)3tJAJux`B^mdbBe7hSFLi`WwN
zWhTkF8}C=y(5&7)U7GTTibz1t*QmqmT9cV9q-icO>OVmL<bncA=LQsaJA9rm$hcO^
z&G@B6o>mbiEUz92+?Fn;ZdMW0YA?8AQV4VDcKFxZ<yJd~tAhL6^H%NH_n#i`cA9*<
z%}W}5w<9nXPQ6*4A{Ne{Z3@RwIGtQMc0K(@gEw_bK-456`NHi_7rxSR8h`o@yaVn>
z_1K=<{!CDKos)Ish2L%}I(uYSVS#RixK&{SQr}J|JS+#ew!d1+UEH#llx!FzBNuYp
zN!sGM*MAh;qb{MVAB$x%Z203%sQ`sPmuSaVLJ9A?J<NH)qD|>EcIGL}Bu(sNcFWhC
zh^F+|N^IWWi7f1{jmyY=qQ4v~CKi?4)GYi|Drsl#H7Z<cVe>{I<S-|qAt|omc~jSj
zQKt9lPN-jXBk`of#LCi=+Fs-H`hL>X*NtQvxuleo9<WjU`v_pGF=7CdvTj+f4}p`B
zk<t52_eBtLzF?O}1>|mkzBI?hkNnAVWK6#k;`X&l=9;P>-t~^(lf3>F5uL+OLdLaS
z^*wq05G_aDl<wR4ofmT_bS2#>Etpjpwc~-Q$(bhIzBba1h$8V^N!#ax6hj&Zvv!zZ
zp&CtR)!f#=&U}XgH#2A(EY>$8H9C5iZiM@BqOr~f;$+!9+hj8+7>=M*JMeupuE4fe
z6^%U8xG{O*b-)ZSclpW!vE4a5-Y6{Dj?k_5s7&$o%5yu7N3AU1w-KB8-Bd?E8g9fN
zU&jzOs;`?)RF@ij1#QtMLY3ctn-6X?4XudEvbvrkTo+6F<Vn<%qO$dviU&Tv5&+{#
zvoH98z+HnRhLrN?gZq{ZdlzrY?>D%A)C<YNc6sRuG6B~(bcoDVuqsoc%$<dDBj_)h
zok{BxQ*EP?3T0wrvpF3aO%;%C^0DIL;=+eVPiAY-PHXr-biD;omH*lWDjm|@jWiMx
zvgsBOq(eeFq+<h;qQIs>x>G`OQ-YKN8<0k7)7_iyzOVmt&Ntur?!Ci|!;H=#?|y&3
z=Xusz&sw_-$iKy%@nM;##S#|tq6u$^u%5ZxOcVHK6N8BPy)?h|t_cY_Q0WMKY-+GJ
zZMGON@Nn6?B0JuZL1Oe+cMo-i?xp#xeaa8-B@sP@zIv2Z_94i*-$v?N_X52X=N>Wj
zJE;b$GA@6OQ}RqlkcvZGAjjMA*xcCeBCC=~@aYo9*Uv>~^GcGJ35V45*PVH5Ydat4
zHJ;Um%*Rd9<NIERQV3qVZO*FJ9~WZ0+wTv8nuLB{vW!}^{FaDo))oz9b_;&D5h)tB
z{9W=|1-6DiA1T=;CR08slOLaNnL9HWI-4xGM>xh!A=e|(M*_;6ZVl4}>acMkExa+Q
zVe6B|)aoKy_1X|CzQ8#aA&3OS_EnF6mY4@tM4K&COfTRI(kmYaT4>$p$@>Sky`wnb
z-zMA^n@`niDq4j1ks5Zpri9Hl93>b6kAdMLkta11Ja4onvyn&{si0q(;*);UfJZna
z8-368XXhi^1AY`;2g-<)1i9Y@{jWU!OX`6PuaT%|_{*AoIYq0shO@U}huzfLM|WHU
z2@ikRuFl#*o7U)`8#cT|L;pnQ-hA{&cK?1qZp~*C7FXlDcj)zb`jbt^^Si)~#Y6AK
zpod%g41(57d<UHM*vj1TEq&m?hn9{Jy8;J(J(dKt$r4Lp+neRd*!kIF9pV6B&ElJ!
zIWV52G=gW}-#kFR(W|iatP`FB-}rITL3s+wg|yZyxF-aNBKugFk_YFQzDP92FGpsF
zwXya_Q+`@sw;FXu%+4A)F12UF{tzxa3H|)}-DsW+U@DGbM;I5~N30^}_N=-%ofx#b
zBrodb5gQx<cU$n@-&lP@4df9$wkK*{9bfufJjjB_gB@8Kc*8<q>4bkslWxqr+Eaic
zXW`;|-(qZYFxq{3%^C<CR@)Ra2CzERN3!bXs8Rz#0JS*zXk3`Q8aF<4w1)KSD`hio
zrtmsV$o=o+uc+yRq;KDXd0B!X*@e8IL~Z>69!NGwF<WtuB2t@qBIwAIMff1j_A^<s
z1nY*lk;2=?xFn5o??$9#g((p9iCl|`B7^n==Ej>WI<0g6x^f}r5@kjq)(x83UQH9^
zVN!>e4~H$h+?CAQ99BN|&b5S${gqW?mP5H{rB#zMW`%P5$=G@o!|$XM6bB?PqEoVZ
zFWMpPw7+5BT>>;l5GSPzA2NadwCKC?DnuTyjHV5Gb>;Ik83!hH+Muhi|2AI2*VmU}
z+BGLbHowMBFhPQ(D~2Rbf54axY@CZf)a(6;2oyCvG7$e{M{_8HnX|Kzn%pJ${^ApT
z%}GpyGGYvU&6(aN36<#M1VB)+Cv{q_$LN0JdSj&LQ&V4I^{b%%(l=P!<)<g(AqLkJ
zwX<^e@(Wf%v4y)(QR4Z(lvQl-bHZ)-7Fe;?@#X^-vwHok(Pn44lPrzVcZXP0xvdrW
zZ;vzqH_XNBkuC~>2ga0#P}_s<y0{^m*S<{mD0f>!&!L;A<b3x2*aP(A<^tNO;-WzU
z9*2$Z56vrPYKVgl?l2Q=rNRMN=grnVW^yjk_!e)^?qQ>O@1@J?0mfrjKm9~C7y89s
ze?RNnR##r;m=E}wBgPGFM`zg#mzIZtttn;U!?ZU<Cw+w6JY^;jM4rI!z$MNm;lftI
zlGvY-__?rd%8_^X_<r%iU<O6p7Nj8Bm!EXsH?AaaZLKXf6FUKl^72?(qXLr??#%ny
zyM=NJp&kCIVT{e!J?{@IEF5UvGr^n7*z<vhs#i<;Qs#%7-q5=!`lE+hFL>>R7Y_ZG
z!JEsG-iN5v@h$Vqc4qM0eEaLC6*tb*H!R-r>ZXhWrl!Ld1lf1{f@XN+rey!{a(qm#
z1`G7^N1{Mce$j@s#tD_<k#bu_{hO(m1@b<)af1mTBiSW$uA#qPL$+NAQ%MLWoD^O?
zZWN$p)`TRPJ7liu`fyLh5lRf6&-~`x`~cB2*Opr!<e@S&dba;8<y}BQ2miu*EY6RR
z-{nZn4s%nl-pukLml(L3%WwFP0og6VmQKwExcu~lYDv!4enB*)6XuJ}4iGCM4&N{>
z9ELH{q^5@UgEU}9I><>L05~mcY%wsRZ_3?HCQh09#-^%yH=2yRL?btL`JGHejmwgx
z<4o<ww-!r)ec7^HbKT)Jt{__V{o#-rb$|Tp5_v~9GP}2guC~vpJoVjqY@?_bN78*R
zW_ULlD+II5M)hvJIA$0)`E@Pg+%@Rh7`BYOokj2ZY`-yR)0!A1OEZqoIWjeK?JX8#
zCgc~xPNzHedn_j7z22L2&zD6gdXXjHu6U|L5{@XO`_t)ODtcjYfZOL6W34s&y|yRY
zM;XQML0f`f!lI3#0c~|Lnt*v>pSD+b>>Jbsq4yUo%bu~p8WvGn^BE4arOJ=Ytiz36
zP`Fo7Gjx$GA-RG^su@r06A3G+3e5<f-0RAk1YVAOinUuC!Bz$4OGjW*2=_>R&F_iu
zS~vTCDIebvOlinU2<nYW2ZGhh!>fvjbYTw0n$v(9Gi{L7YwXUgm!~R1?#Y7aORgRM
zmNM#0I3x0maj0AnvCL{2;m%mCwJMPINcoB|(i_|mt?cJvjn5%E(BCiajOWxY<W0=>
zMWVBKK1@U(lFc!K&HE?;H6Qyfs)G=3YbP*!&~&RQQt@MxMBJ9Ni46v1P>fSVWJ5L~
z4rE-CE{6VZB}6E5OAzAvlq34Oc6=^<vZY*3g7Ht6Ismg7ue!hk&u0JA8&<8I+TRhU
zuYZw<%Vcc1VIk>9WWO;aoV_)Ch;PwB(&#2!21dOshNJDe!_{+dy=heis6(TZ56S|@
z0<14iBvt%p-xqCL-qo;)Ye*!HWfAI3Cyah|<FTsyf#;AP4Tmy;V5I$uzj0sSKBc($
z%t|FG(?+uE!OYE`I4bmXwfwQGAc&_ctlHF~YPNVW;a4B62lLmb&DzBC?UnpFOahUZ
zEKDvvuY>xxd1Hx2n*qF)-8oyF#&&o!FQD4c=VXO4n&o$!F(f?a!<_QNn-5GzkgVMt
z76eV5u#&-j!yYq^s$aKrhcfJJzC#Mi{^bb%;{jLv{!YnfCx*1|?mp<sVMs45R2hMQ
zdtl1-N_EfPkG5$e8hr;YPz;U+TgW!5O>;h$iC|S-G`XSvy)ey~UBCSR^?MG{kY)Ow
zF*Lduhjv`-Q#E=Y^0wO#PLuyyIN7{UK~nycOGAlwBU-oj1>U@aWJh{|HPD;EMQJGK
z2Hwn_<dY3k(;0#|PboXet-r45{IfyjCz<dnns=O?eqc%Vw{cNhhCYfWnml&)Ijq5k
zB|c-4D+5l(^yQDbeYAC?N-l21Lq(wb(zC_^<8#Zs8xL4)T}$WbY0=MgF)vOr&+VVs
zKqwz~`{RROW1g*Zetv$Mpe<ha!YT$nT{jSG^(3;(LnsE*R3NeeMhZGG!BRw&3Yw61
z)_AT*?xP6)**LZj-`!yQvyy4z<XXm?gVUhGL<s(s=@wc6O~lAm&>FD7Zm@KR={Yii
zv(Ec8WK@#t?3M}!(;m-V)VgEq?s%9u-R2<LN7`E43^MP&`2Lbdhz@9M9kw5TmR6&5
zBmfnv=X-fJhq`V!^1_bndm*f=T}l@}AV}G#JgzLMj&l!@u&Tmm?%_OFvp@N(3|XD2
zeX%*w(3bdDlno9+gfT-w^})a1c{Ib}ZQ;+rigR#=HK;OTVge@1#lhbB_4I405PA9>
zQi)}hmKr@+(ec~cwSn}XTMh)E^)eL}w?PxYn9DMnghzfg{#KRW2AAX6Bc4s{FIW`0
zrk2*KTV2GU0HE`pl=B%4Lov%#?H(>*q>Gz2*Nlyz-HrS84oGk#g!XDK(GY{wpmK>J
zE&;Q9Ug#4<Q3EzIiR0ZyPCUq;c0T^GJ?F`s-Ju8Ii1Y16&7AUX^&)W$tjNTeQ6^I~
zpia29F-q@dxJ>O!Pc<7G^RnC2nlQa}ZhlGndm)ru<2_fC7P3<%p4(99&l!De)#I&%
zaSF*M^1h&&X42H8we_8++wgYQ&aTfUYQEPB?3}zxsj(r?Eh6#dcGIEEw*qMRWnt_Z
z3SX&AK;J(anZ($vFvkBzeZ`-kS~9Yk_gdDY-kvln_dEU1w3PsgUxhlH@tOJ%PA?&%
zx!$@Hc~FioofDA-&x5{6CCp4|q^3P>6@7*dZMepL>UrnYU!_2Dl3?<mtaQuc-*Xx@
z4_js&ijHci?=M#@4Yw2Le?vB&gYXJGdi4<E>21Qf!#_T+rOyEOghE`^{&Mw=pLo5g
z%O%a>bERb?ndR0-=BkOFm;3)w>8&N>m3%!ym6QR1T6J?PelW>JkdzB%lDR$g$1B5(
zYFMisS{n9dQ_a&rw^n+Ox(kJTGC`)#CNpt1@1-N@Jp3w?vC9|*iW{-MsKA#jeu%Pi
z_#mg9*!nfcCa0E-S@zfuNDl&}N^w6U@t)wfPl$TfH7z0LC<G-l7(BIfv_>MD^OFPl
zELy_%#LDwvK3&2^TO0x;A(GW&+El@JCd!DPsii$}!?*^f*%|=VEw6&}A2P6kvrL_%
zP{UQcS1pq5C3=$y*h9Z^R=_#CYqdGv^9LE5+))k?2oFlYH>Fk+-cmpc+(|too*Ct-
zL~Zj4g<bT?3@9hIut6U>1xO_yVZN>6oN*-FA{W0EW!0M9giZ?S#R|17wQ|$EjX3##
zYUGD^<dW^Lsf>y6(+g}q8?MhtPbLpJ_j}udvsnowt`Qg8oa;~b)$DvnwIau4`JI%+
z-93Fiw!QrO$(=tRU2iQwEnuhPeaDgbWWz`mHL0y7MLQh%Grx{dZH48BO`*6zI$grA
z$!!9&kdG!O(x|DGd){AlLaQ6SrQMp>E~^uMLn&qj@!Zo<-Lc+izyCQMv{6`7Lvl^-
zuK6`V`WuN(Mr`z~+ZKF{+xZLE+V6$Q)tOhat#99MK84|x=|Gwon3QzNNBNse&n6%>
zj6@~Ar<;mIg-{*NoW_|2e+!y?z~=E{ZY2h!rWG4$l}b?^j!8d;TiW78Jl-OUPzw}>
z8ML;ndHbB<01__YUZ2;92@Y^{WxcyOPuQZ{<z2o6Tl}>xnT3&p>`uv(GM{0(w&2S5
zfv~KSVvFv2nF?i%0g*<fNNa6k0EORS0JG%+XVe4cTmL34WInyfpn&VO+(PJ9Zzqt7
z5Y9(<bo{dyP?lzN`sY<u{mN-mA|xg4p_?5yGmQn{-k#fPsgP@rXGhnWBl`aBn;rUI
zAgM>wk>{xnvrN@fZZ+>d@NNQo#V#1QSyOTrB_H2T7Dd{2$Nm{vQU9}_jY7bZ$hR6g
zAyUBg;==*S>iiYuh~}2FsF7iHYx)q0&kMbXL@EhL9-(m&7HF(23pWBu&53zRrW?1+
zS8e1{_Q!rU_nbveY#$R-{9uf6ck<p)$fvi>O>sX4BeKJ2;^o3{WR}_kDDCB1#^dOv
zVzWWsA!Iw-Y4bI>^pZ4yi@gPuJL2g2WZ=2m&6z!TF-6m`=zy^nVj(nI<?K;V%6K!b
z1EGy*Cn0L1`q2E!X^i0hyiqLy?#5PtTBe4rqKoiK(GeZ$LX+*%V<F9!3HgJ~%FOyg
zNFYU>SBT+74Z5begQ6n5zhv^2%;(Qs`(IuKkLEd)4nlCXNE1MUZ?CP1P?E4EknbGw
z<M*Wf9xKMn8U&J(Zku(a8l;%yQN9{Kck~ibeq)?3AEUSZJmEPu^*xJ-y?#F`&2LO%
zcPHBzjBIAvEtN7Um2#5NomU%{(!sSU&0<e+OFzmx)Npy`D<UKaKjl8!?YK6vuWR8P
zED&YSDM~XYN>`7s)VW;d7nS0Ch@jC5iricEd5)7!JIYGlmH7N6@uH9aVrn-YhqF9U
zuW_h_i@L`~;8RS@cP#40#x%@qkoYFk%G%m5D}L7})`}Mf<<bi<SQdgXS>m8H%a|2x
zobK&7^fpEgVZaU+clu^6`N=eH?pEAkoHR2i5Btz1fbb*ZI`Jsmxf?9Dg?Xv#tcnN(
zJ*k6eXPr-;Z){v`O0I~y(*)2JjZVwp`}(%yGVO5Wm{rcizCHZ#Yc(~*0yCgvm-RCR
z>37NN`^{6L+|;Yq^<yr_@wDgS*|t@R?KDo*>r;(xHzb3AbeTZN6dAw`U?0Z2Z)ty6
z6e7#(#u}tG0|#*qvZY)mw^cc0D7GhNlcOg{)Hh4>)slBfEE60!r*&_T+6$-(!y)=u
zz)~K+^Sme!`x*k9VZ3x$b@pO%w<C<1-+&yr)z;M=pHG_=wq_wWyrtS#Ih-sfpUYMU
zRg{SvNq?oCSBj%ku(7fEL?}*z5~8EP!BK27ZHlyJZj&xd{p+Q-46!gq#wg{JD$}2?
zN+zN@wJ7A@)F&jq5)sOx$}D{UJP)7^=y!KZr1YzU9kYvsw!5o0aBAW}70PEtU}-fS
z28Z`v2JIGHFD8wY?_?PhK$lIU;;ls5=(#cm@jWDd3s+>@na3V}(<KNzd!<O)$N<ZI
z^%!Lgmp*`)Wl&rtIDUOvND(yHWxw{LPjULA>&VcMwUtI-V7vZ385W&~bzDbB9z~<@
zR<}BpbKo<DGz^KfN5$?zM^V`Dzl3|={xCCVe8+q0yg7bZKJRhu^G;1nKr(>B%_&pv
zSuzv5I6-=lmHC)c^-2uxNWOKr!P1c!AWNPM_7?JZeBdaPxc%x#D-b9~l=y|#hFObE
zFK5GHOq}+gxpEov1tV&o*Q`D;;0`v^u#>uPhB(ic1|FT(?f=Nb63P|{1yrHSm~aJ#
zl13i)hAjB?TU<im^KLV)Vh8`}MAOAfZ}=0Y=iFg;7$=`x^K;NRH+f>#U&A|zR|sCz
z$p7O*-7l%k62Twlf~uDaAnmuN1LeQ^xs1a1NPz#NC&VW?xGxiki5HNSkIt7v`*O=@
zv@GCFEx(%y1TWVbh_5&H&Hn)JJ8*Y>U=vDK_?8Wn#*gz&zQnnmrnb7Aq?<#TTcl*|
zeca=w(#pd$dP(Xt=(<B>c~jL<&m%AFDZ^D7ncwm>SrF4kLke&LxkZhe^^VvpkGj6M
z%rcgYk|^~~y~D<S^KLy)7!rfsSv%4wZNe2g@m&6BefcNyeS`8|YABdTh1yfRSr$<`
z>A)Pp{6puoM~K1;Vi6s|qOPMuf=IxSY?G-@?3BOsCaDgW1TYxWb8&I;tg^52Fp_}8
zFa4wzwtwop=z4c)2Aez{;~+VcuHATyCqut4|KOs_g;ifJ=q2fzt1tB)#gV&oLCR2K
zZZ#to+8Xvynhuxh`2A0wR9}|q{R6~!{x2Y=I;?qZ@V^9a34~?Dwkwe_E`1x+?$<s3
z)okKs8WXMJxz2XW)2Sn;{yAHx;<*?Z7vk}SPEqr-jq156fbNk)J|^`iu0=T6XCSPg
z5BaM$!zHj%_H|*z7#fk24GYYqPb3Ok-5NciF0*S)o-``bz)cXe2p_I~KE_ni^RBMd
zJl}mYEXEN=%EM{b;+?HIpKX}Xi5^c=iL@74Pqr6e;aAE7P~VO}SQPLYLe<1I_&<KY
zz^;lEo@jvGwR%0G!iJ}(2R7O{?^(21I5@CS&~e^j(=vHh#2D8(Ew$5@sApSzqw{z_
zT}7)skVY&wb!`vWV#{^hUr>9TZ@zyo);+B7d418E>WIXT)lPiE-1`>;Yn<@wt_LQI
zl3gDY%L)r23VI({<H;#9@xx{Jr+WQs7?MFl8*_iT8r0M&rn`oK6cB2~9E$8KePw(?
zRJJC4@#{gT$$r$nKAKbTR>Cgr*j;J5WPee-h=@f&+06~AFG4|xBELGy_Uu_tsm|HA
zH#sv-sLC^PRyYX~MLlOd+ujj<qFUH9b(ywB=6?iH#B=bKVDp>t|5uU43!TPmA^9ea
zVCWM0Lpi|n@-gEQ5AQ%U(w9<@&u$(USYv_ix0oHv+>jfb9iwdXL%`2`zSkPONs9_8
z5a+aZ`!M?l$Ay=DWRC*L8<H*ROJ)%PU+MX0*8T^R`@1UuD7%p{n`9AIbP^C+YW<aw
zfR?cRg_bB6s`tp#l}$})PV$~pNqZ@9{vQ@~=cZ0=qjp>>C|{vlv(TNbxc-rz;Oz2j
zT>QXARa9kbxt1|vVlPJA#{Xymh{wLFl8+*@!TR!HHHmB*0wNCU1w%$oa=f#DW7Rjm
zD8HCx)Y!2X5$1{4@~0DE^0xcs3^*5<KA+O`9Y}p{yFoNIX9dYNVgheYw@`gB6rC_X
zeM8LGJ;1e*i3mz|lmky<Es^x7UcY5{ldrd&nH|x`g&m^qVirnFPW!o_Q_Id%ApAZO
zyRx%%acfkpxI**h5CT6gLRy!7t+N`hs^a{b8i{Eig2*5Fs+#IQ3y&D@HShPxX*s4L
z6`W&)CN{pnXsLS<Ji&)^cnQ5dSOGS$+bqKAxS~!~kMFWwR#)v+H@WgHpSITTVzJ+U
z&K6tr!5n!$*hQ+2xbhsG<r<{5VABgkmp|}Poj<-?Tx1mQ@D{}Bjavf{O%i%3|GT5(
zuAts)@zJDBq|M06#_X=G&6sjYqyUBl?!^w<aBYEnO}ftNQx!mT@ACu_Nn34J@mM@g
z>H%wv0uVLJ3<jof%rAh&yXWB|t^9@Kd=nvXRG*-AHIgP403>#ruoD#tw#<;iQ)hth
z5-i5Y!I1}=v#}O$7jO=EGSR_yAce=&n}b;{t#hYkhX9mH@WnfKq22!ei{>OEcXXhj
z^`Jup?ar{4bSBxW8}G6W>~wAF;VQv3p>mf_8gt)ksafe&(E}A}*XcL%eAN^}Ew;`m
zptE4tez)oAH<igaa`Goj(V4l~gc|dTNe`cq-_=fP(9f^nNhHQ8BO&NP;I;}c08q0>
z()y8)7;)NW4?kQ3bM1wr7^K2-E8R+@-Gp1K=Q1p}qq%$J^yDe_DZuk49K8JdN?%iU
za}FP!XLam6{d0a}(RaJgIzHU%r)|`+e)^m~&R^W!G-d=v?^HUrk(LciwbS-1b<#%`
zG1@7(Kh;4uU+ZKMNxSu{JizyLhL+(x>Dx6kTx@xDd7K2+a{X$XUFyh0%K`R%U{N9c
zN4Vogf3hfGDUg6#AjA~u!RL432q@X4tEZVkAnM$}o3d%z_Zi*lc(S}w+chre5kwiw
zJEN%MvIW6!E$3GLWQ)G_h3ixrs!?8O1Ug1TJt|l7MU?ZV`k<$-sx*?+F-F;YmNj0d
zL^v9fai#H`%GNdqJ5=VaS0QkF#BKES<)w5mA?UEkSDZf9DUdBmD|un~<}-XOv3_Be
zqxxKJA9mee%UL}8YMTUKH~4DQ-pkhSuj0lSIxZ^m3Dm7#arXi;|Nn9Pu`$;t8i6K5
zyNSTLF`t6~M8c4BS2Nz};p)n#Y%PuC{V60Qjp(D~x?be`8(m%9kH{|)Lq1xBC8eg;
z{X9B*46Au<|JXVlk?mLow}*V($WsG8nM~&&SP~!3_<A-BYpt+eP{k<hkSx8sIopYb
zuon7A{0*C&ZW9131a1+6-7pw`!|3D-Lnl1h6Y>c*#R_WcC!UddrPwVP4gGjAi|d0Y
zOKz=>W`)xOT#jOxqeM=xLa|FcI^7thNRp{o9UQ)n?tFE;17t(&8)EUYY`nEJ5j>Fu
zw5Gn3Vy@<9JG$kW`u_XOqqSzGO4&&&R?1N=)8?ktknCuo%f?t2!d$v-`WH(1t~4wI
ziF8)9Lp_-qfetH?m6tWnO}>j1o@!vario-RpdOMY`6m_!Jtj@i-J?6vian44iw_{~
z7wUmj>p+O^zZ)mle*ipS6DyB{;b%m4u`B7kOV=a=n4Mi90N98bYY*_dq;_J%XwENC
z*aI#(=I77j2&EUPn88V$+I-+bts!Y%w4sORbeYXW&FI4(`i_gS4AZB?3F-0i!IA+t
zc?wZv+^$z+g-ULKS4GxKkFaLVx<+c3)`T)Yc^Dp{uqS>RbwUwfK!OIVXYh6=`M%YK
zFXh>04%W)}%b$@fZ8>CA2$M6SX*8|W(v{*-;Cc1&@F^oxRqizJawDGKEE<?GWAdhj
zGmrTMyjCTU=lAXtdK;tHvwBFu@KLQGT(&B_Lu+8-<=xHk@xY-O64L24ml|bEzUDaX
z@PaAff2gE{zf=-aPl=?DUGJay_BgpRt>p{05{7(Bn&I5RUm}Nraalmu8nhP$fjDjU
z;Ac4Ha_a87C#8_mbMtT+*0Apf&@I=04BC}4XdZU$dLsz<f!+Wef&BsU=N9DEs^BIr
z21)!Q-{27xf4b$<CqVzwEzUpyiY4Fijm}07Oh3x=(T||z%&-W!I~&&!^*+d&tAexh
z`2)H*%7j84Bj*nlpGlhI^M5iZF<P+~TYjPuil>kgpjgI0N#bKrDUhQ$vqPt4%9rza
z#Z!=1K79*p&5`-!Naj%KBV1vzC6>LD{v_T^FJGp^Cb4jFt=-s_VTy{JLN`e%DHecC
zD0(~Ja;%SM6|f|U=^h4@2{krDRGaQG(S3}Zeh4^}8+YTYz*LpVp2I1k`0wRGCtJns
z=|`*f9QUJ`6`6xhKwA$i8Ts3}gJb`F-_@OsXN~rycvl?SqOtL>4IfwWE1%`dPnFks
zCaxNuPiYaZvjHCh7~Ag(SKqx#zEJmvUuyV84E@%&q)LECI84zb5Do?O*O>n1`qfsZ
zu{MRl_HH*|EjoG<x}>qzJZIXAqI&RiH1p;fl90;%7f<wVK0$$v`-BIVcgF&P@%;;w
zr)JkHTvD$sHo`IHjyc9g4&Miwo!({$g8qI0(%NYl#*AQrIJ)kOnDV3Pc9X7)g9VsK
zjPK>{a=?LahxL;$XKYGgpCpF|i7mn>kneBK<$7ajc_O78j=JbdU8nM-2|p`1x~L(c
z%*sX`d~v|}Qkriuk{OavE{si~@eRW}h8P6w9(WHnCFVe~%)7$!ffC1%YEMGko09M+
zj06PO3G_Vgxa(X!EGjBu;NXb3=b?hFGOi|L(#_(`7r&<V-1!4b3!5i*o^MJ>s9&U-
zlvCtg%!sy70z!zH;#!K&Rb_RL9Jj3r=~7o5dQ9}E^73wwSr|gmIRvgmdOyaY1kxY*
z{>=7eU_G&szi#jp+y9@fV^&XPguHMRQUWM?=6KAnM8@SOZ2+Czzy;I?Jad19{|0&z
zv~Y%D8nkXHezt2|q_(}Ec*8>U_etjhzm%9xtHv@Xl$Z+?DtgUv$hFS;KNrd0HtjD%
z;vX!n?u4<vo7KxHTH}PWIigb6_F?A}_=ss<I`3lyt=3MwR<Ok;Bn203iXy~ye%Vid
zV^g9-K`YjrXrKv%fk*QWH4fBh-x<K&Gkm`LgPl`~8U-A*hG!*S8HGu(^U`LJ!gF_`
zEGKfvlu&-&%GQ>di78}3zo-u?thEREMyK@vv1dO#Uh6fap}Cn$o$`ca4`6Z(meN}S
ziNJ6MO<7`5yo_MYC&u`WhrBskTybmC#~KGVYdbIha==fNo=8KOkeMx=J+PkA6M)*i
zVTv6(Ege$9kGuvwVlq&#iR4MqA5z4GLtRHVH@1WXYLc>TwqID5fy@eK7)AtuaX=;*
z-NVzBDI(8LEzRK`;#XJ8ml(P9SN?rlau0q#gYd6Ur3)qS`7BCOh(VG*tahzT;w)fe
zr{#M4aX50lUC|%k0fJ2jaP>HDLMgwtmJQ$pIFz}db>K+#h_8q+NTUGtnm(=0KLtn;
zg#X@o!!p{0Qm}F9`TiU^$y=otOjgQRa{L8-MvaaUe>ryKa0oSjF<zMu@TLzy@{v%`
z;i2ghAVWh#gN{In{(*sjz?T_#fNffQ0eQe5scdmPU77C%dSkO}8#A0%ryGy?#;R@+
z^Y3yDWW)o;BfoT2V|37oV}G%aeV=ukuYZMEkB8X(bB92&=)H`jb)y>*`vUkA(DpnG
z1wn_SvtOcqdUhtv>Er)%FWyD93hriK>XX~23-p{Rzez!hT|=sW-<$u{?H>^$zifyA
zCTwPI>dG{97BB#@xB*GghMpT{H<-rK0iiN-7niwTh&&V1LWajzg<)9klfp4A-+_z-
zht2m4w9Md(ie~f=f9ih_(9*^LRfiA@3rq3xJsKJs!|HKo=u<@n+-4hQk+4FgI7L_2
z8U?n#h1rY!x%6_G+U{<799l6FokqL$&KL-d*0=kI+rv@27r4l%u(}K&YTE<fTj+K1
zfRgg@fTWXbg9F3FN8)$!X~v7!-$J5v)8YE{W8}BcfL+Eu@;ylVnL+nlmqhdF@jCHB
zkC32-eAy~Li$lhMHWY|<{2z!U6IPFh%YSKzxaH}drQ#t`IcA*sz5y^<1D3Gz&-b?_
zMHh(NTCcvQ9c48Yuz_Bdc%3?Qt&M3fqq*){ZN&D&Lw9fP)s^_qEu?=J8+|7_0%Itv
zSODE-6+BCJ!Uu~g9*z|o+gtIQnES?^47;@uUoI5oQgM=0x3o&9&R?vOOjjW#GBenQ
zF`k12(Q1|_br;g78tO#NRo2b&DirqH(zX_Ad3wof3GDDikG1U8nzHo*cY<$eQ*sTk
zJxlSzj)1)f&rnyF6et%16IMl4{32RgENpC+-4H@<yf{0ci|+y^7-?)e0TrdHX=PS&
zO3L4{s;a8#H{nUr7GmG2b}cL-PX%2T#mTirj0MuGo-ndj-`sh>d5#+*=E~%dB;mh!
z^$GSiUe~v8YvTm@pA-AD0rCW9PDLm9)I5?swFSuUlM||tyjB;(>C4L|(s?O}^)ohI
zehvX2Iu)8UsxbLMDHYH_{55m~GX}F~`z^ZVpVqNASHIhMb7%E|&hg91>L+V!)~94&
z+eT2beuz8HYrwsi<8df(cGgNp&;n>EwGn;lRK3LB5;kEeF21i1`XkqVn;5$3>lI^#
zE#cn<F8?)LkVn1pf8!$ASGM05L3?S2ROO5(0?9UM0Rz^{5!`QXfR-q$@ixmSROvA7
zbE!>A)igF^mv<P$oy{8={Xzx9K*s(PY)x=8fi5hCC3ak8m*{i1e6Xba&1ZQf21O2-
z{42B@mECgUhn5wMQr-iv2D>}HP3H;r*HJsXwylapid(r#j{$pC35zeXo#Tzd`=}IX
zU-=#_%M`aWGWDbontNO>cr*W<{*Pwr?TNKl42XptvwsiT?U&^bWxzGdzNhJOg!Tlb
zDG+myfZm(j-z9bFQECN{-hB)5(#z}JYKX)u#crkiQ08Kya=?9so+`ApJ8OL(Y`$O|
zxOjr}dCfB72|c~Pzi7tk<HK5^S+{6C&i49=c%WzrdhP*NThPq#H&TNfZe?Sqw1wqd
zCg_@bj5EvKVc|fH-x?AQRS=5UxkI>|pZfB5p73~qe0;hOlh<91T)Lzrn=2|~)~mQ=
zfA_guS@AX2DF5cC$nSRd3rdtjw*G3`|JQA@jCn<Yqz}m+EX06Xu5sQqyG+-#`FS4$
zQE2VxIVAeV##zpM6j|+CzCh-kj%W9l_l5jB=>Q9>pinw`x`E#7RcsPt-ix9gGT)Fc
zxzT6Oa8NQZEcHC3P`Rwn`;CwHUbZ$clY7Xbi2x_9z1_ZvX55uu*x0^nQf>TrUD9)K
zK1e9j_4Sm5bw7#czC$GL(OR5TNFQxvy5-2T*BPISidZaLvlm*tErH?poJ2AP4gPn#
zNLT(0=!A*ncsf-~`Gn+{l-%G<Yi@0)!&HvRxnEjL!s^84MP1_A^EAK87E&pTafrCj
zYJ3yfuG#80TDKprm7gNy1ngT*QwU8&B~vhuj(_!rn|xVyk?c6L7be5{_{w>x#a`8;
z2BeCjjN5e-NZ)curyfD8nZH(kSTMkvCUr&`oh?M-&6DA*^CaM5*W2KB%%&B(V%YsX
zPUvB2`~yG|P5B&iLjR6!h$3LePq$KB@c)h%KmAbMJ&WKw+ckOrjTrp8)jKB2VjPVJ
zb|IpmcH}GJ)6W`Y9(l3wGEcNkNdt$t!l{VXb@kR%6oed*;uAT>E<;h#$?{7K<FWZa
z1|Egey&^=SAS3=v@%7$1I%HLgd&U$p5;v9CP=V>uY3%Li$tpnC3%XEpGr);?>)z(J
z;IBk(Rd}1Qk6C)6_G-fsVKTB6AcG*7`QbFzSgwe$vcl9B4VY#ItC$J2w8|s6U(g9^
z^{lqmCA>?|)oL;O`@E&96BP>kgTx&+jt^`b6W87yKNmGQ4o?rK-@ERaMIn%KdHLMK
zpIbuy`0vxc_83^Ye8ANDT&RD=-d#!~r8=8o6ae^hI2KoPZ6l7K`mAoILXSQL<xRgC
zSC4yI;$FkBZ+8B0Xnzlo<RmXIPn+csn336u)00uK^9v@}tzST!=;_{2_2qf}o9<o^
z{h@!WS?1HO5Q}hNg{lM1c!4H|09001mbY*dJ71f?B@Cn~P)|ux;1_l0nWau~<0)Ih
z(^appc3sgH?-JpRw0YBo4Xu4VFm=oN#A&yC#^tB_j!Qw05`aJOJ3(-4GpI4l9cGgX
zM<Ns<*(x4p5g-W{cNVLcJVczl-2m9S7HiS+uBg+=eydX5GCt+IR(4pDkbVHV(!fPt
z)3Z3G*!2Wv-*x3&r9lCXRiEyY4yEq%?q$hsstn}x&y5#NE|QF3oDW-nz}}g~l~bz+
zGEe!JdrX@yL(_W@N*6Y(*Uc`gF)>l21y0c|uqjmyKtInVTy5@I_QV^KZ7_q?{aZb)
zzhTPg#8P#iwfEDSd3!`+9LC=r&gBkzCS-rf<x`|we1Bp3^=&am{Vn*G5U@URW;9wF
zL6rk9>+p0}otDONrVc5(;`4OgdN@$^dy?Ie6fSs83eUFunc=~?u9L8?q_4C)`hC#}
zre0`@V>;vYNjg_DfX{A};d5A6tt3!0R$30*<pAFn3A9)pPU~YI#b^qoprFLJU2#$m
z6sf!>7Q1+gU}cu*7ctS%@&M+}ZuaUG*2&39-lT&Qk@VsdXLZD1?>R_RRM!u$y<O#0
zk!Y?k^avVO#yA5)Q1R)oURC8ObwqZpNX8&`r700+gM+98NmXxvYuNqQZ`z{zUL^8o
z+c-sLB$k#(htE7#UY_^#vUWVD{`}#ot~{e;9`h`^mr^h{e8zL<s8zpPy(h!(ZEpia
z75@Z3hZz-i>Wpl9J2oQf%l8!fD-BT@s{CpaSxVvKwiWw5>F6F#pO`z{%dHcr=T-*+
zodVKA>ly=qGn5~%>23aFuyCe2Bj$Pc*I)rOs9J=V0Q#4l@?X&Hzk0jZNJxP8FSL9)
zkQ#XMZlll2aN_$%8`AM!@pINky<rp{q(9EbMnx+npd!JP`bxtYier?GG%3`;Ui~M}
zxKc(_0e3i++7(()7DRTt^2U(i1^P>7mo(1!fW18k?YIc=u}UfW;4Lu&4Ii%7J_`#A
zAS<fK%X<P?ZYhGn!Vd548R?_5cHmHE#W=c{<#z+HN@k_lcefY&(XEVyp1_D^T@-64
ze*+*!Yu}dwyAC@Z@nRI$>W0()!V!QjKVCY#=H$EDdHm|LZKQuLVk0ZyA{K<HU(XG@
z3*Y!wiX-U;GUug+T~#=v;ILN=%lJAmzWAZCtsKx7^UrW(EQhJg@KJU*T-uktlVl7r
zr@u)Gt@F8W#lecFo8d-3JDv)hbI0s>IKuG!@gscl2eP$0<?XLj;uYouK76+C;-X0T
zgo{uk9sgwDuQp&9ssk$I+$w&#7^1-SAolz5SLAsZwHBLbC958o#tra1Qd)lsGrlue
z7JNyEjQrOR3UGmvq(8cj9|^y^41S~&?gU`RDnWgOXh5XP2P|NADct~|*`I*z`ey)}
zY2J?<vKav$Fq1a}p)#Fvk=N2H^!#yecwCNG^*P~*05KM=Uw169T9&a$(CYm5h0oEu
zGhhgjk&#ivQ8tvjBrkKcb1JbONU<9$KwEcDd`i`3Ix-d1_pQ7f>V0T>b$y*5^!NaV
zPV9J!0vavt34*b;ryj}(omN{tG(ylLpP$4u;~;PePZ?~I)7j7SbQ#jNgESI;zUXfs
zWw)=ZDkRu!FHcPUmpD%pxslN4zrlsntkc;SnRN|lP+~$$;jh|oC2S-PqeLlF;mUET
z!_`kkD}=7e@Q6g(?^*~~GlBV3oJ&^AA9B}!?Xm);j&5b-gGVs_UL!J=Lm0r`LAnyY
z#chx7)%&F?bHB@j)yy8Mhx1N1+|$5;CoDS}u{an3S?Pxnv@c%~Jt=FI%$Iu<`698&
zf`7lX+eOyQ5tyEA6i)jT>g5wnYpb7{>*9!tjEtN{R02HgH=N15x*95UT4(VsLj5l4
zR}eIUW4RsWO1Y|;?iXhrYrS!n`?C$_^KH#K&ALoXd423tdJ-`84W;6Vq9&}SImdI=
zaK6*iVb1UU8ow!lG#AR@UAy2@F?&IsYh0PiiQCtUxTE5xEdSK#CT9XZ3Y<?&OiUM|
zyEPs_uvR^B<09Yz|KrEa*14F3`v^J1p}*vdU56x6U8YA1M)%>(l}%sE(VZ}`O=y!@
zdzvBBuUh-;0|1p}#_<Kjk_J0&-M?dnWTSjY|Cyuz0|@+W#kMflw|_9`FU{C@qRa`u
zd#HHP9y7zC6%(JQ38D3?`t^GxDVejk%Az-Gz3etKNi6!V3}oXvqm3YF?y^L@=!C55
zHbp#v!6}6uDTs)P^R>#Noo99{(J66C%gTPObcI8$2gp){Sy|Cuy?TXk8H2Pkc81Q^
zk1YYU-P&GxOioWz^CK>`@G@ZO?A$ovc5>4_%odU{{4Q9AN$%B8V@o7t4ok7;#g<DJ
z>`3k<c5G6l-TkFTyiFz*s<zJ`btN>uar&~Ak_NnsZ&F;mKI=T{{7;7|EC!(85&X_+
zR#N&l;!!2N^t=y5nH}@GheQpBDZ$MnY6{^wPVko+1LUj<M6MPk&;t|z@MH4&{{y<W
zTNw0v|3b1n#?GI@yJNXFa<$8A?kp<Sii#$nC2&HMTEixLW~ROzi;@G@In(HDu?@U9
z=vx2enmrXU5|hc7#6$ph#Rq_YKBBNBVXO6w7|E|+zrs6$q+;nL`ePMTU%y6c_9Ql`
zBh0S@z`l5g@aPFKoeMbB(vYfO)jHmxH&rhVt{LRanL{G-Z7#YuI*DKEu!2$VI#h^P
zWWZHV2_<)0^)6rUOd+Pi3uU@HYU|%E_j^?Tf3YN>l=<5rU0>48vjAjZ_YD@U^oJo?
zWqIom<B>s1d7IH-erNfUON4wUDJaI%tVspYtrF)3Q)f0IHpTt#9x~Vi6&0pVUV`;+
zs(1MtF~}>Dmd>)|xawtf*>5HS3JM6Yt$(&Nj&Xc^9G%2iunGJoef|9w$DS4YJ=8Ap
zhl_0hv<VdHC_q6KWwl=GbTHpM7(m@@J1{f^16(|}wQ1bl-TBNrQHz-@ilR1EqfVl9
z>!N!bhe7Y7eFIhYUj02v(Wkm6rll#Mr6*$)PAgvj3>hEy(2#)G>aFPoL8UUCuS&vE
z&a^}pOSVuiZteH)oU%*k*L^uOm>J;oj|*4aECP%^IXtID{-^E$Kjaqn;lC9Q?4vmW
zQHgYN+}^M$QSz|q&i|%Cmq~yc3hcP-ur}>>$Kt|b6V@56)farD3_!fy@Q>}hRlsX7
zeuhr#k|2l*^dP_bsNA8AAI=@DY-|L+J2WDSGo39|=&?L3(YXz4QK@2jn94djq>43i
zhb>m(36JGa<DbXOiUHHN9t*R{w+?<%jY#SZl79^y7RgICw8Q;P{afcmq!TAr6UuK*
zH&Tvv|22Z2hX?m|<H<DKT!D7bw*_f@$ZQ}V+yh50F^+=bczc7X{Z?W_wMV%*i%egx
zZk!bPe|S-<rC(6rdiBoGa3@5;{_ylk39jhFEgsDmq)&_h6yBT{#~hVRr;v4KXF^2(
z#@lfnE@;~B8t(4z$o#VxgP#8GVfhp#m;U<B?kUp4t!vx8<ob4Ee7T1EP5mIC%wcqB
zMRg_swSf0KyCaBaR*(J}xX0Ebhhiu|(LWQgq29X*FD=CB-tvR(5-k_9x{TjMK*5mZ
ze7Kl+Pwe>99^x02s6fuaKh#=GWOg!_{wnZ}sin&)e%6qeN3|Kr8JcfRh-yS29Q|*0
zN+kDP0xWDRk5gVK7qM%q3rw*Q0Il0<<@>`qF{wTBWX-y%)L4h;eXl9H@59>BwD#1c
z8z$z#olb-AaRnx}H%51@M=6U&sag1%CZAl2qX-2^`vy_j<hdKatg_)B_FujpAQopO
zLa`!}SSO-Q(z=-lu@QIKcU8xgT+sjUSevcORU_WqJ=PyO<Wa8Co(RmecE1({N;5Ni
z(c9>%C65RN9>t@mV#rhgu>OgZal0$bz{O6U@7ByX(@y+u*7yqJb{hZLmQ9;J_NnVv
z_S`(<tenOdU2mm*18*^#<PZd90PNcz<b8b@$9Bp}FXBIc<mPdn`}QiJ?@%s~{^a&3
zBNM~j6Cm0C-;?(1<&Dy&CIcTcFN+*vP;rRdJ!#s@JW?ViWY_i@Y-;>1=9Z>e^aN(P
za+?Q=B_SfLAszOy?c>Eo*(5zx@i=G~CY{7TB{L(p!wB;Y4ozgWpd*|Q;FGiO+uYU^
zvqasHlarGbYkOJ)_UFFaI?#m5GT`!>{P^s(H<e#d5JH<s-Pj&*D{$#-wLZN6x4}!{
zdE0uh2~665p6<8(M+;y`DSrlJ@qYMhFOt@$*Y~D^!Ue!vbG<L5-=zbqSf$Z1lDIO<
zdl-V*EU3BwEtL$vT(mr7vOB{r^-`JG4K+~xSL^!|I1oq=0zAl8Lh&k}o7{2?X8+J2
zhW|X#>f&o%>OE))&+}_AFOTa;c7B531kW2z8=P;V+kJDOC@ZWiBNb+v-0#kN&J^@w
zm&%S)sLA%Y5)&KiD8rVE{YSK{I>JW)JU_gK2jK7$7R7M47S5cH|3=^cQ<a#PwNc&A
zOtLw_!vAgfkSiQdZbSUBhXvf;^j)gw5+c;d+){)6DFq>G->|5b&#YjVM=!iMN4v0w
z{MtV1J>PblAbX`SraZyEk!?R+M0{#`=>${{k(LCiv{pzX21DY|W2F;igO#&NOW9eT
zJu6U6<;BFux8<aX4EH!$f3+FA-=E9{ETfa{7mJE}&%0qn{bn}O)Ff1`9^V-S7C-78
zCRLh1IOrr~WEOy|A}>vJ(MU0jFLc~n!lL8?qi)rjJtdC+U&DAq=kyI+K#J7LFs$w_
z#&7Wn<%>Ufqsns=32&>IP2R^B$d=1CnD%(Re4WvFDumlN;GuYUaymU9$d`JJogwpS
zeG)T%x=AuU<Lg-t9Qp<U5lk#ne>Hv<S50EN8A%%#7JHixocYxvCFukBzqcIzv8((S
zw~>L2oCUYX*8g=c3^4RX#l<1uJ&^l=4KO1+XwUeGOut|54<L6t>@N)NUJr3vfeRam
zsu)BIe?QL6>KZ<EV640jpZ`84Q2NngH!VR70mx0$+kv`v&)@0sf*V;rl7*Gk95B+i
zo2p3XH;whJBq6t*YjheMGI|}ev8o4rn~;(cR#U^*g3GEEt|MMFHPh@-q9L{(4<AeC
z2w~A8QB|VYvnq<d_O-2q0$tz&FVHYcid84e=c&x1eJGvh)hyJ`Q!79DxW@RseDfcF
zPvFy2l4dPeD3#p@gWA}@u^q`(82;_lPD8g+7E7BQqs`ua^H5iT{z%T6>w#?cAI6dS
zi8qY=>0k^W7yTxSUOxg8?q9SPN^cM}$Fq|;-+7UJ0}qY4-S0#L9aGCPc?EnwNIG9N
ztz6>fVqA%jl58P;gzxMg{Z8cq8~gLybz9+TAkzGGlG;ROY({?AI4Xf(z0O8fiYy$#
zlOAyG_+Z}~<W2?}A%tp|OfbrZ6N(R$fW&*$nejMGlc_QLtOU*wGsJ-1K3TV#lM@fK
zk8*?Dl9l{md}c#M1$S`||99twALhWKrrHjm>gO5OG=#xmqJej!%wF4Ya-08|y)E~N
zl~eaaP(SWlrxeJGO&EMVzy2ZLb2imGb-g3bCD*Yqf$Nq*_&DCz`++?_#Zx+lWtQ1)
zvH?3uKr5VSTRH7VWEDti)92qqR@$bVR2kmT-8{2*D-&2?YJN_vO5yZO`f>RscJoYJ
zIet>!$ovVF`n?w(ew#4Hz2apzaiVDtOwhN7K0)JxN9LV!uq#3VP@MpNsC4(jE!k!N
zm((A8&JM<FF~J!5*W39&XCKf@VFIUrK@>Vp@Ke||{qOS?d#4JOvlXG~?;W%b;<vDs
z{Z3Jlm1$KsT?A*;cYGcbLul&G`ZHm`Nc`FZ8o&7NXT`zCv>6HIBST~qy$8b((jXGb
z<iA3VpD2;!hh)f5D3n6PnZ~Hz?ibm~s~EY1KihIecpN@V%*-;p(|x?gS3wuUD3Xx{
zL2FBGfvJlOSgdEJfY3^w<P9Pc7aH8w7W9<t=b|ZfH7Oc(2m}`uP2rm|{%5iecCVC`
zHF&2lAJf}(lr=Ch5dNZH2Gj$<Hehg$Z(v8^-BB0*`ucj7p1PG43n1T+z9W(JmJjUo
z%;XztwCu$LXdM0G+#CnpCi(R*-Rdic1>B*Y3DYT%GDf){P20CS(_G~;J7-Mb^V8Cb
z=nS*(stN1kIFyGH-<)e&yo%;tqe(VDy*$LmuPI$>yG`e$TSSp?2zqn-NsLa-h>a2b
zZF0%15g}-tY!Rdz!eO3|i-}J<7_eZ7c6WX%b$!tB^lGWLj0GV%JcmEL{Bhc)P-g8-
z@%)YCh(DNq0Ucc0psVsekQboip@uVtaZ*y7#FM}5lUvk>m;!GWkehp#`IDcK6{*)3
z5rLACzbd{V{O_+)a#SK~8H8t54Yw{-`}y|*qfnh>IAJ<A+W~O#vNAH}534~*^}rL4
z!qA&{!XD2&&2>tS1m+k>KzZh4+58IA(=?54u<vZx?E~V1d=Oi7QV>^=lLBY;eE_n!
zbLhNg079qSuQXwV5BU>1Zh`mVA~2<|9Q#D-2z8!iT=DvE;ZO^!9VatSNUW}309}=+
z>vFJrTLr@jk<AP$G%+<*2@o`A6N!ad>nS5@^5rL41h%!$Oc<?IOsa9#|LiCrcDFPQ
zDJMG)dP0)PnvSXiS3^kX44Ecve(fI<P3nThG-+)Y9NIan9D+1^r+tO-Q7LFpx63y@
zY)?90Y&!pr8LAg!<14(JI(ddbPO#q@2<?t#@amMKp0Za`QBmGVNO<l(xzObX&$@fq
zS81Pnpu2u~J@0iaIDdY3ZVVpC6HEWe@+!kOpatXb+wr){YXfW4Zz>4+_l>D~h$InB
z@{|hG=YDr(S3ZPqZo_A#`ag`8ugTHU@80DN$L*fV1W4+vT`%h*bkq=t1<HYbg;RKA
z;Ls@0X_SWde7j3=4P#ntapP3h&Y_|UxzZuq{Q@_vJ7hsIA}1CtzqEB-nqNTpR9#s;
zj^X%mBs$7MnbmooQw0GwB5#3YQF_n_4$fw}46I!-5|WK<2Kr`EQrl8tTKydLGt*Ya
z`>K4vlrU0^jf*P^5OlrL+`vRG;j4c?9Sh8ST<dX|KoX|;<Tu?&sx3!!nWIPsf2ZtX
zctT^6D7=DEuD!JM8#agb?gwj7?AP(A=vLqE9MWg<icvA_j_x1bYsf?x$IZKUCsF}V
zqo<!hDz7Kb&_aenZVOiPS2e{mzpbtLQ{m$d>3L?<;)`a9@eI_?OL22o6eXS2r?<#j
zlo&v@qbNI~i(Di`KfNAk{T35d-K5Mv&<NZCtuI!B#BZ<fJ%Lz2XY8ajU(1$oU5gUu
z(F(rQZ$uzXEt-(|GU82j395qCQaapk+6rIAcqf@<ygq!9qs`sD(#aj)^|+x)#~_k0
zQU1d94BRd2a~ipn<};8cu#~%N-dsthN%Rp&VC%ntp3WBdIPXs<J<CVi>_U<`z;V=7
z<6F4wl96n0SI~?Z&_`e<t}pIK){=sLqXA|A8(dQ<c!Yt$f5q5)!K>bR!KiE;P;D5r
z`tY-9<Z$cu0%G`{IC``7Pi(@%DN+wta{P0EqLKy5yleF(asd?r-C>o9l-t=$Zdg4#
zD@k1$lKb?u(6jc+tAcM&?4)@u38kk0HG!m;19cW1E?b37t-v@IHeRJBIEXt<>76S(
zIX;zX;h6&yDH8DY(SsBzYEhwd%=GK-bOxL-l2+z`gjbk!OP|$r)Zu0!!*cEL`aPkP
zQZ%)+s}F%-@!(3X!rLn!SXA2mQ2%OU@iqCBKC`_JOg;IB%09C$fN!O&LjH75wo40P
z{PPq3{*?cGeH4@asfzF{d%>0rFC!_qiFyNU<8YFy^@$vBKufhWRd3*g-RgSnQPb6X
zIyT@aaPjGw6q|vk%Wc6PDHpgEyu~F9+mr#0!^T0G+b#;yipbXN`|7U%@)9{y54a|f
zaU0~_ahJgfH{s4rE9d~;mE=%q){z6Cg4td$^;gmAK(;eVM{WP81>2jJj^U`wJmw|h
z2sylOb*+N?iduEFXZF;c)Q`7e3Hpl$`}Zw#J$NhyGAxJw!qq*uF?6Y!9VvI62TcYq
zjBxkGz?P#&Tzphfm&B(h?n#G6*^N`TQ4I^ZI^)wrf$k=U8s*o%_^GA$b%D3G^|_>#
zI$DXk7bGU{Ew<D+!2REx19P%bK(V70Cd_xAA~mEYcXtXo!47C<UPSuI@MBJJV_D}D
zU5Y$x6i)4f^65!m*=)86;17%mU+HX&U28h!Gf&-!>|O4=0LBBuXJARAKuDpBndvj4
zLdgZJFPkJ5Tb}eFCbxMk3`61Sm$7LKw68x!Wv7)(g8lOg%e>g}KMwG=L<2U|mM^H>
znvE-ro4)`9O=5O-B?}e~P7#2XdhXAX<{$k(T>Vv0TwSy-3@1Q>2MF$N!Ce}6f&~xm
z?(Xi|xH|-QcM_m+cX#*3ov+`s&#wQ}U$d$&`exmXxz-rtF*M;gK?eti)^*$5&zvkQ
ziY(Y%`hWc!G^wlhNPf{BM6@HiDlk9gz!|f<q|(~+EsFfK{L$yhZZMLWYkwExrUv+s
zZqdz81HT-dZkA`OQE<ENp`xs@g!aKcY#$Qm#c>^5(DHq(glPjVE(-YUhymf%{4dx2
zPIe2W1RU{^{*d!GU5KQg!uwpsHl=Z(e<BL;0@sc?tvEPTj2#hyzWGM$JyX?yZFDt&
z#>eL$_UKZ(C3ZXu8jh^zwUf<R1izS)2*N`bYb@#FEdb;!es|5JcE)_;IghcLeiZcQ
z`fSzhZ=9{qS9)UhldmhzXSxO+(=(i^bxs49;hO(F{{KBfs%XC=vdhW#MZpuSkn6wW
z<L&6>HgIR5jgWL6;c@HdhYzh4npM0sTt8ZwKG!)yQZC?Hj+BfCrYD(#Fs?$8@g;)3
z_Vyw|Itz$?@f(aHnaFIh-0@l)8&#t8Q%-#Rzq92AX$1wQKPNnhs!XaykmlfF!>hR>
zK+W-cDL~VZxU%-=d<*CxCFb|~cB?Vdy$ddZE%LA$+i=7n&T<VUQx70&dNG=gH=JCX
zUYfG`OBZ8mr{yP5_V0gpUUo!fsJ^p3+Ijsg8dcVt&G9)tu&F;UUE465<np&k;svMy
zK@Now#Xs-kRmG<Ha&cEe&+NWX2^-BZp(}tfHL=4MN8UY1O4q{;OQHcc=%2IZn|zhs
z@MSM?(y!8NO}}Mwa*LvZ`=m-e@h1;4-Y=0e?kXHU8jor!Id~tp@1;AceB-5WyJvSO
z4I6U7%WB8B+C~uY;Pvg|SXn4X)432a5^!Fp#O<ICZtuI;YqnLGs*PCOF51W==O&A5
z+>>QhZg}*5!#`>SQ6pGtc5?^<&(6k{&ax^8bBS*vPPQ6nE|hNIx|oRAF*R~nPeK7`
zxsf7CjmVHU8|-{X-N||@-bPH6tZ+{I6n_(O*<u%5>8=c+-pM1c4?*co5U*hAP2saQ
z&6~GuQix%R)t@MXc?_*TsPlTk5EXN;!Ar8bZW;Ga?0115h@j%7k%#|kpbO?H{rAhQ
zP)0C9gWv}9Ng}rz@tErCc@ihcHGCfa$=lI|e88n5Lz;rAuJC!O?98`paq=6KNEsUh
z#()5Eq08EQUxPmg^7|pvYh*ennl&f>f0S!TgqMIxsNCFmNjRa;&ar^2d{<YA?NIWH
z#<ac@tbr43PMv)G?o@n=-PX}Iv^GZ(xt%w6rc6z1^Vsz_;<eF^8iBq8mx`p*K1Slv
zS*C8_u=RE|ekkp`$HvncY<&Z(`_V+j5>ZFMew{STm#|vPWikP8uOBZvE$FkIO@<fe
zIbqavK6Jj4^t%JMM*XFy?kAuJIQY8@h7=^SkENK8q-U+ZAqjfj4!z@4D|N>GD3ne8
z%WCfS+oRDrE<y4F0}OcB`>VO2mTN!d_t9IfT;-FwDl<XT_gd}Y(_BoM$G!E`CES*X
z0l7@NlRN;G0EGXgAhRF!(Ivl@a%XH(JneTRMdb6W8coIK(YD;lbLa5>zN;SW(b^3i
z3Vw95n<}?irsAJmLRMi@gY>Ug@G#DJ=>wmiFc(a`3W91D%=o#Tnp`;bTqo(79NQ)Y
zdp6m85Qsc1by^-D1JL;do-uWw-r+S}B4|h6`={B7h*)B1^#o<ZbgL|N&W3L>W@eQ8
zn-3akjRY!gT<6*Y4;8=8le%JnVjJgIJ?o}!h_-+ARJfPE<wt|J?71U0Q^(@_oo86D
z-S6JS8|?@|;r|GSh8x(dg#h~<xuDXWk_qY)?{Wc!xx=#doL`H|9NG#Vm;g+40OTD~
z50RTSSL?AkueWmuc$v#?%ruucPv^)TPFF~@$qf$;rIC#$_tY$8EzvSQr%!|49T(2z
zOzz%gr_9aqi2nXvFknY+s67zktU%ePF<t6^(DLN`<%@mE*I?AZop7$!?H0j`Zam|$
zXqyoT9aArR_|;RF7)?#3w0x-z)f3#dK5%tq|9pQg16gI({-zfflOI-tr<{a*AvBsS
zF(Gm-f$1#>n^dVRjKtF?Y{>!5T&j#kKpu!zL5BmZta2byl}<BYi!)htu-~+;#-Gl1
zGaECzx|$Bb=lueUxGmM|JMitiD316+;F_SL#m-<Nm6+8H{B@=AvN!lN>^l}(S(=pB
zUbPhl)L~x@_OxAIY8+a>Y>#lN<8m7Q@B0^p%J&zy?hhaIs#TZXb64;g`L0I0xvyd}
zQ_l%ib?5sx&pX0ki3-(lYT=Qw$1PRLiMNmRpJGAgAw?P=lbdU9r<jeWbJ^drA&H+n
zddzz>ES)#Y-tXFcxg|uc;?m@B75;hp`_GY8(v><-)QQAxI%SJZT$`Y?^be!UYMaWn
zl*%|>b-fu4McA0!TjJZV&^7!I%!M@_$tA_zqi-!SN+(V){e#SzZ|;Z5B{;56^PP9o
zS>J21iH7Jjr?9p)YX2(t(7~#!de6P*(LYW;fl<-Z4pmW8&<DIzh6G`4^5Vm;rE44^
zL6p?42$+D7`r*LDO-F{FRhw_Nm+!;_8(y?rf}Ekfuh%!$(U(sYiMqIhQ&!Jd+3YnI
z9@Mi6aVa^F{#Mn4cac@zC7e+BL=5{opov~xuA0nVfGjT2%E)QWpgZS->E#>6G$&Q`
z*L+`N<JBdfBMPIMlW{#dxA@HXzHOsp<Gm$Z9}8?E9Kqly-a&nKtW{G%VzA<B5m_GO
z*prgRnKj+KM+>HR=<}azNzS(U7`3~YiwwHPz$4e|*WpYfqElLyVnRhYawY89Vjk3)
zZ_xL{N@p}1od3w>XQ#5e;6s$Y2$swsxm)Y*Qv3VpzVl4sDjy_L7}5(=x#}Qs=--U&
z&V6=6j-qD2$+4pIOl0yUB*sx*v7Yhip<wlr;dNgl>98o4GxN630&Ze9c|u|gA$A+i
zXG`&EX*hvFL6`+%DJJ57AYt^wkoJ11*#=*&V%|))RxbM_yBDOeN$R==gEw2g?!#9f
z>aG6iTT9)Fg;l~<(Y#Qz=wME^R-1{eo<LfY|9g;RQaw89^;^%2t?^TWo<^-DN(|m0
zv)?_EuGc%MnvDWz2m9~25iCu4N_1o5?;FR*qfF54v0p^O<nDv^Xn;@0<NadO>+2i6
zfV&TCOa`ZVH!MsDhAM!LJf?N&?rg0+zNzBfSbdEuWX)qcMj@Ho(ADQG$7*;)_ArV#
z1=|LC(`lDEIK%wkh`TJ7psC+GQEvAK0$mH$&EXC)=CwqeB08~0Y@y^g*8PZ%$D>tH
z^wDzCR;|6SZnG#UFvsIaEtXhrD^qXb>KPFT(R1e38^0O!lHvW>2e!BVDOhQHE{0!o
zRrS;L`LHU;WH)=xoc!^l*i84?-^#A7rBrv{Mmg8gFCW#voTrz2-8Up-Bg#KgZ~57$
z$!|{Y!yGRSsHU7yNzYHWn6tzK@q|?zU$*;*ylR-eyuQ$Ov=NLpg{Je>o!q?n*#C1$
zR4DgQzDmS+X;1{|b+6N^H8M_60fBS0N@sJG+#Jb~e?21nYg;;;_vJ4<cdQ(5tk>M-
zi1$G~F0-f?J=<irhUs*pL%f8J_O11#`fELz$2VNp??Av%T{|37W9?N1EHmD1V|YYq
z+?ybiunPX4|EX9a(l|%fOm)FWWaZibv_60l3%(S$cY@E0g8k7ignH#-gWn|3o-GFY
zo18FTFfx02fcmAW#aR&k%9(hB5Z3*`np9`lUJjW{%uS5ZwTm~GmB<+qE-Q?KW)E3|
zHKYyrQCcf;sJa@S8xky!Rz|ME`(;rEl1N)$f<@=|Bhcst9`Gh8@QDa0auS|9?tC1L
z^21`LJ@&I|gECqvDOB%S##Ix!fUmFbPew?h24pq+-||)R)`%EEK;|s1z9J-H-G*Y*
zLL!BZ`&y@pfDV{t$w4w!cfQmf4_-vtOI(&YTDH5gfQNO7%`@8+?qu7Q++Uf5Y%xam
zUNl;`V6){XkyBmNRRja~(E2C(CG~#ERz)xusG~c3LbvfOk2JwQ2!h7ZiGIxPX&U@1
z0P?>Koxir33s|`p(;aMxq3%Wfy7cbY+AQF`w>J18{;5i*E;x)@8#FoURu8ak5IL*d
zh!0)fIUgm1BRg8z)^UGr<HF_IHrThD<mb(qOA-@!v!&(In~vI=VitJ6N7>Jq&lt^<
z-{yOrqYDn^&|gV>n97$?2=P8yDI|8|e?-DYAyVYovPAlCM!muMEDV{Vt@lG#&;cDK
z3h`iBhDC8vk81q#E4PxqVJ^GZ-WeXNpYwi4E<WjxJLCJxCHsoyCa?Sq3?Yq3klhtA
zc^+@Sd=iEX`<LRSlR`&J+#gVfpP;^#WC|~Kf-Zc9#ey{--A9sdFV<kXK*84Rg>}C%
zlq3_AzsZM*oVfSm`AbS*_hgF=vNU>-YTw@)#{N0TpO><Je$&wG&$6|9B=8rlDnKD8
z0T8-7I>jMLu<w|Zke%0}w1`$^ME-5_|7)atfQm&p^uh1&rTu$3fx~xRu1R@MPey!B
zqP@`?^+X3&pn6VwXg>5xJ_Gx?Gb8(q<Vl*;!;NGe`syeoO5O`rAoMJq!ez5_NOG&X
z!7|Ikumnmkq@>Ixn74!;6iea}nG9H-<yBdE=LoxL^SEHCubhBVl7u)PK$bd6dvkC<
zpj1WkDC%w?76Fi$<nh2Sh~+7dNT8XYL{Q@%y0at6?rv_Qnw8(s85Q2>T$QhHBMr@F
zd+1s}7Dm(WW-WPL&OI^=59>GNj;GyFYkaS&3Zj35524=eW@28Oc;f$Vp-Md1i6@#e
zc$f_+bb@>P=-;0JAPlXV_f+O08R#$jFGRV$rB-&7BqUP9g8X+d!ubaD8q7da@`0^G
z>|f<;sku4*fyCX0<JCw=5{XI|G71WYr^QWUA9U4H`J~sE0DBxrb1NzRaUSjV<o#^*
zN|-sM*Yh#v1YDaKIj64s{Tg|VUA$jSxR73=move^wOKWH*`=Oi+_!=`rqLJxsKJ;0
z?Jm0UY@FkG9%d)7T~!7IU%%)XH5`Di*&bM&`&HLmFL#|!HnbuV6Vn5hH;KFCd3rUf
z4QL@Hq^Y6A4WkN*DQ~5<N_J(u1E!IzrjxrCzw?!87_01I_(grVcj@W{NLAs<%HSeR
zM-(0ttf!W45v|h)9%02}a=%nV8L5cKmSh+LMCoE#>(BoiI;;O1I{E(Z(D`p#$vVKW
zWXo60U|VUqx461yRogTx<)Zam1Ex-fCs>``<XPY6wEfM}m-3*=vvqUX!}Y7)4JYh(
zrS$hTngQJzB4v0d%X-IW<;qJAcUe=466j%DW%)4AUVKBoR@j(*npT&+BABZ)uFNGD
zil9ePT>AF|QeVC9L=C48Qs28MRZqoVmws;>A5QRg%P9&Q3k=+`gcA4!k$;TLZsVsn
zT2R4y{L!gS@JyJ%5iY8^7ma&wqlS*h$I*Ryjjp6g!S1ZmBUci5$sw$`{`S|~+P%qh
z*$;c#82n)SmnQ7lCL?qx%r6SZcPZlszh0XuON#7S`SCRtrkTm2O=J4PW07d>9~`!0
z4#l4M$XuIs>1FHSK@+sX&uAt0q-BREMbBO`+zpi3km3(~PPK?U$C$M;`QZ*Tt-Pb$
zI~Yr1mt+=pJ*%uASoK&^zQoh;CO!VvD-5Z6<wq}1&u5J<LTS73?5jU2gQA1S^ZO3?
zyoy_tuY+kh8R!thGl)M{<n7J5!@l*?9e@nED!1<=fNU>OC`p?iFU#JBnvL6|3LAzS
z>crspF}-6h_h6BY=q?97puBJ5>nq<t%t;6bQ|go70C*D;ZW^9bX6GlIdf|f_*4*>@
z$RK{sYB#LLc)l#9*tPa@bi-~ntw#HDDd@Xha%pP6xvSiE6HpRq@9lC8U8&O+y!pO-
z`Id>K{LU7z>6c!(S2Jzy{*X+K>$&_p$M+aIh4D4ukO;G1{)cIl-!$upK?_TPy0T`Y
z?POAmDUAj^nZ@dXpGGrf#Gjt=-56}5ZIGL3e0<JG2a{k~KiYYWB|#rDc{__Sq~ry_
z@PVQtPj2(M-j552d_3p;)vcb|U>~Nnd-~U?=dLZChEJ%ND44(mD3DX9AUhzjf1)wu
zK|Wdk=WlZu1Jd4Oqiit4NI#8n!b>xiz5XCtuyu<K@POTdFh;F}Hq)_E_({!*h^I}X
zZu$SB5V<b)o@(kSF25g38n8$BLos;A=>&Ia4AJ)Fv)7M!Q<B<D2=D(^)IGw|aQZtX
zs-yk=oLf~>vs1cIaUymbJlI2OduY(@bHkg#Vf9IZO@lLHHyzELowSIuhMaD7c-qLK
z|8hl6UX4-I3uHgLpUv_W)_~gsDrOrM=X%RnW{nE{!vB-$#Kym9aeSQlpOV(G%+vRI
zE5K9t?$)VikBwp%V@9pW)nl>3MI(#FoWH_-Qz39#iyZF1Djq~Za_3wn<D+dJPqMjf
zSx-^eH=tY8cIWS$Hz2Co-@q_(8D!zr&MhyC1ZryP+<m%TjYlo|`t|W_u5bGKxeH$=
zDoqlU>Yv_W%klmHmkY3H0t0hN#Z7^dINUqjs6E4mkBYVt6^#Mwwy{L)7j<=`cz3w;
z#QctF7#4{_oy{iTy7P77yTHFujTl6L;N*<QU08z32($xXH|Ct4nkuEMSj^5YWHxf9
zg@}<{j3cW|1za(R`3x_VrHCCIORoBTNb{A6{?8_&C+AO!b2s@`Lw_ttmGM?S^=pMr
zPzlj^b+T$Yx=5YTBKR_rlF##DX|^CZSp4eROONhHrgV#TahejkaGEx{!POrl3=tFK
z+~PI+RUcXREejLI==ItR>0JpLix(uEiPc#mqv77msB1ga<#1{}@7w^<8vP9};+swE
zT<)r~4r1Sw4&tn63b>m<Xfq~$7be(;bHfE-MVC`GePTvJe}87E)9Vo_B}#k?bN)iB
z23^Vrm`y>DJ2u&Y8uJ4n4%=j$zUljn6|ZMtK3CM1FnCkrH?p;D<o=xR5SbtyjBncm
z^w9GgOBJlj_emvsZL=rR^L^%g*^ScK)Zu;h%<-_`_5CdTXN0!0<hh|=xUd&G_++xc
zxAGq7)Z@pFQvJJ*&BFlCsbz1#R5KerZMs8yR^0?|m!8TM50wZ{u>>E*Vi?!^cFfwf
za#hQc%yzkrR>6laK9BjMolYUabYtmayJO-ZB!a22ro2B^y{-Xd_JHWP9s{;>)<7%r
zNS6dRFjT4fe9_pu#$hq9qPd(pc{i)N;>*2St)&deBz_D;MkMO{j)%m{uc=Ju{EnSJ
ztr=%hQlC#Pt+{q@<eqg*AmHtPc`$bPLcGZA`O8W(4CiQ`4JdDeY_8NE*h74Tv}b~k
z%W1)@ED3w%=8I(4Wgipy64IogQSz{AG)jGU%2ZoYgfR}(j0*YtIq2$g193R7X7+lb
z#KAY<99Z#|mvJ*z?)Omd@nW#j61ih6!N}I5B_}lH(EX@KlTT`r{u_<ekdW1MN(Uxm
zA`hPNH^3{bWc<JwRKCvl(2Ig}JR3`^5dF`P^=hwzt@ZfX*wdLS57UcC3B&wl+kw8X
z5O*Z&iRWxHz5fOX{8x(YE6PaVORd-)PSIv)Xm&aATa7Veu=&m^v|6iWzzij37{Hhw
zqRm*R%p5kF8P|kf#OQ~4$^6udDDHA%e>qS_BIjZ04!5JMQR-z_f<z1mp<3)OHl*F;
z4eY07o>x<<DttUZGt#t{&nj3@?Dq0GEfsM6(a~|@f*Ei^N&=^g7F@%ysdy%&Uni4V
z@YTb3s3l0W6YE(BwO>9(E^PLA>jp)4z_tNxgE=xZKE`6Yn4dw@jh_1#6a;ELTg41p
zJuh&2=+2T72<6~Pz0YPMqkL*LOpqgBrPa10066-GD#}frBL9?um@|P_jUvLMsaV@B
zXthkpCWE2D1OlzVxGOl#reiUoU$t(8nm82P-ufu69Wk8e9VtJVR7AA6sv)6~KZ>Vc
zU!jsuZBwIkRyn7i3c5|IgOn0to%A7##XymxsV3@G&UevWQ-%ohttP`b2Ug6)W!cw>
zsx__)C9Enrl1kyef;)$qy1t@Z*?iSid7N?6`ILn=TN#<EkK^5<{ztkS{@+~};zEH~
z$*2Ib4EoWxzTVyiHTE}kkuwY$SNSj9p_}Kfut1%6gyZ4#wfnu_p5IQR|CLg^&NB*l
z889Me1cO&zKl*B>o~*VJO^`<u^$%hQi4-HUJ%4|KAjuJih|_^fv`7L}*)pyuWc3c2
z1t$^cR4HdWiDcsF%9y9Q=ix#KxY2$>sI=0s79=%7KaL4T2Uqmg@5{h4=YKGn#>$rj
zIc@pJ%o-M%oqu_0HpLdpwD^wf%$!So1;*{jNa3L;aDI};4<B^Ue$uhBj^yXcDarZB
z((_v#Q%%J=+NdW*e~t+j^4n&_4O<;UXY!Hl;gt84i6vuS>b*_16Dy=;Ij?wANM==6
z96955Oq=s?vR}QH>0-de=OEjgiO0d?Ds%l%KLoCf6aVl%<n%S1bOmoZ@ZGM-e$}SG
zccyf#BC1qN|NJI<+cqRL`0Xp6#1X<+VRB2_EQt(Do()RI07*!|-a4v72fz3IlOv}M
z-_SkbU>Z9q5ZnTj$M6pu-jSN6i5&02GmyM`f84Ekii$T-tNOx8cpQjO*C(D_oyJx3
z7!%PFT_(shpS*B%3wIqmYD$Vo48WwgxAle}WVqapFP73tJ($lcZOAOr4bQfGTvEi~
zPJUTZgd=jW)F$;qfFt=be2oDJ{11`OTAwIR@f9H70`$j<<@p^$6S{_ld3Q*n#XSC$
znt-$%Z!h=Y<a_ldA|?S3F1ioxAw8{xsPO9YV%6O;xKcQ69JofLCiNpDNe#jU_&W3x
z7i}sLn`~vDj}5!m*W+Bi`-|*b+~ukyr`q$6i|u51VwUZv(^l)XzwHi0#Xnq6Y}md3
zmz|J;J&sjlSVHqSF;PETMLx=&0a;MWuQevb9d?klu#*4r1qz?ilse3xdXe>fc}ITP
zI#hSRl^96o#?MxnakZVlxlt2}fdt&Kzr8=mf1@;Gdp}`3n*APU-8Q7jU(bWeLxQx7
z<4^Cpi@^2G7$t!tv&rvuoIzO~eaB9J@Fg+M+4G7mF`Mq@;I_qLS!!q6!{hb@udm(%
zC3h8&Z}}l;^}xjBN`5SpN&@H_{DMf2OJdOobAKTt^zqrezpOzC5OL!DXGc-|;0nsS
z+r;z`Jk_wtY}k)BpmTWX!Ubb|=q|;*v*TVM^R#Xrhr_cLJzT{7T0s(y6eu+NNn`eV
zBcaf>`q&5&PsRY`S#|o`-$PMG40@{q*JwMrzDp)(vKTG+>bjScTJWTTb4xz90<^wP
z_o!RtYS&~(+)a6ipPdnKAO-`o%YRmLhf>HT@X~9l9E)tElFh{}mHkBjel6$iL0`U8
znt^};2!T<E2WF3807f!jj?1&5L?r)1TC2+(RA4Ma{T0vvpLLZ>ZGqAAC;j{PbCrr_
z%*iCKtg42G?7=<HkI1ov0#d)lD8PW`+U;BuS>HP&2|c$#+)jMUg&$Cmd7Blg>Lg|f
zK7wX2RF8C4d5hqIT`TNQ4e@Gjzu!RTM6w&Q(VAa1Jt+^pyr9F@jW&BLG`b$H`oY}{
zCk!2vp6c109(E1H5CCKfDG6ggT5mA@3N0T<&5&Pb(hYVC2`_}@-#GXJ5k7qZ`J-fI
z_vbTF!-Qrx!zk-XYQiRllb9eBRB*#?AOqZT5CClDj8~%2+@p=3eHYxL+1;;xvw-Go
z_@!{gED5L6&`1JGnfsAT*a*wG1Bcw6h6l*uKrPMP8Rq8O06rI0chXo?GcOR~$%vak
z5$pm=(m65f>;#jBeqp1|*#OSJoKnh8Ucc_1?wc`b{ah%H8Dhj9sQu-PhCCDnRDUj;
zFeE+8IA!6C0p|!Y^7M>ujZE}<uz!B}2fd`M%)%Z`VSZ%Kj&Q6~3ohN!Yqqh$%)N2-
zw%thiTjC_Rv#uV*k~x~Hwsg+Q);)3%iH4OicoYSfH=^dwsyTK4C7YR&Y>YtkI)eV9
z{lV#W<!vly`jcOeNd3^5-6*ev`G+2#`v+x~)a4*Dmv=vL12JfG(q4EB7~u$ntQ#6`
z$~B}Q2nWJ}fyOhM^h?~_c1h95bE<;2;AwyCiP0eSbATp1W`HJHTw2-?B#;1?Szn03
zsa(ggN<vh~|4Zh0z__k^X``!0PQ;uvPe{K!hs|WpVROXcn0M~JjPF2>-5(iX)UgNn
z*Vk|O%K8k2<**EM?&Wf3F50SZ`ZH~Ux|(6x!l3^L;|=CQM8a_G=*s6znbz$%G-|Gj
zFdJA=hld0Iz>y!nEUU9a#l!7Y&UGhDm@np|eDf$;isx#+q_|t@+Lh(YvdT2ugn&iP
zrvUw@JUZJvxxvWuM9GG98Ve_zC_eJz8|{2lPo6e68?wt6m{&U+;iF1l?(c_&(^?hU
zrq$#yVIRLlMEdNBn|8t{`&kRnsFh<;4>SWQp5jv4N2-*_7qFqYHlK(ZE?9TL`2GWl
z2-VJ4aIC+efYE)lPOSX7{DTSbcL3p9aVm0!oeK@kHAmFh>W(Cq)VrOfZWXNeH@*9;
zIo8I)MC=a)lf&!7@=n^{dgrR6U>}(Nh>zRLLw){QV%!LSTb(-RBeCZ|J^KR;ZZVtH
zl(<nwNmiVA!f)DTWlJc;N&>NSDtzD61BR_M9L(|NT8IN65~H_)3Jw)CZc#WsmUFFV
zl%>8UMH8Gkrb5|@`NC*Y!Kkme{89l@kQ6BFTIl`k6Am(~m7r!qbIth7!@XtN8y;_S
z{@G2WVhf{er3`wG-E81iah+tits~`)U(@bbJ&UdN<qQ?yBr1^^K#Qqvws6KW3%z*B
zRS$sp<EBnoSNV^1T<)KBAo0&gBPrr<X4y-$qIJqeQ)pBR2-T_AP0HrJRsEC7K4;-|
zm5=j~&(EX%rE-NU5ve|Fdh3Jk<@@Y1QUV1nRR^Ep>x(@N1SDAZWvq1k@|C{pG{%ws
zbJ;NjzI{yUs;aq1Y4Xbg?iQ-15&B506Pk>@ad3jDuAhA$UX+bBax}3+Rlc3`jqII%
zjAFVWZ8w(;q*#=KaxS-Gi4<6GSGr}rkBbWq<{G`Ne2I8?Aj2xp^8caCL55Y$Wj3vi
zH3O1_14QHQM9;G{O^w$Ehpq=uP%+u4vc$SQ^^US)xFLGr8W<FJY8%ezO(Bi!D>mU`
zKs29rl?%K5Gb2bteWnItkkZn@P-MYG`r`-Qse+_bml;D!d<@*nf#Egq-M@!)6+5$f
z;h3I0F5U!kDZ_P3O!lgX!N*e*V(i*LV^>nEzIYDB$V4lY_#q|sgbgS>!g>z$8Lq_b
z-$Unmd-ZqWYQwwj@7NA{i#eU(Lo;Xdvpi*G>_pR-#MUR1#$KalJQbMo0RL6X{k<%^
zI%;aV;zf~A<i43UI-ZYeO0!*0K1OW3s;@na>sP<4xW5B;Cq_Z!on0wt6jiZtq(R`z
z)gHX2UxnpxS$c4{U5>1q-lmXzTpwgSD$G)Qq#-55sR92(8uxF3SpmTn(R|25E1&Z^
ze)EtpKRsO@Z#dAkY;39Cgp+um6Y$qZ3GmYw9cT|mPd0=9GC;$_*U#m}9;zjXdFDX8
zXJT{>OI%Y>xdO}r=ibB41-z&$gwHB98bax6I+Yxf1bkl~e`Xrrn7h9T$%3@3A&vd$
zoM!sL;?J}h{_(-s->H}cW-6S{h;sGtfs&64wD)yv{odiEDSgQcdNKcjSif9gyhE1C
zJYyzp$NH@aaeFZ`f6%wa1%EktQ+w%H*_`wjDwS(36frdW|A&$7?wJ<vgGA2$&b8zG
zW7Er;gzTP~UvODq(;NWn;)o`NApd`P>I9usltna_*%v_owc5DqmGGZ33ZxADs(g0E
za=16?3g5{v`4jeACrDeHF8x)m?nxCA+wJa#T~)%CB23YH2{M^N3EbF2w`6#T9=nwI
zZ-&f8{BVPlu65vv0sD(<<W|y-_mt(*u-Dkchy5IManX2qc7&q7L()*^e$R#t^Sn==
zpav7!+Wa6k2v0ji?J@2_3ZcOKWItv+n;&?yED720Frh`LJBNz${+@jCt^3vbCqQH7
zU0$Nez(+fGciT|M8LN32g?NI@zx{#-;6c&vn>GOtDeW3>vxWVag2IEGiq4km5$Ep2
zf5oc;?MSv{e^Q*M<~kIW<WHZ3w}Ppn$F;V&eY3`TQVapUV^$JpNqJd(bEonAM4(_T
z17>kaG~RnnXVU!cX(8hB5TR)X8Ii0o38*Rxb|p)0Vl;EWBU;MqT%Ht*awg{w1fp})
z@5<y6tMT%hC$`sB!)bCFV!<A8C?QxZyn&*!dH7%2t6w{81?k@3Lx+LbiEmGwgp#qa
zQ_Ut{iO$V){GL$NZ>>iE3Q+o-&lMMUXEy)npV-K*tJGu%R-G;)>9p9!OcLQGKCH1;
zJig^)rOC9$??2R9Ksx81;R<niGkOaNiBLz>x_YQ`nX~X$wW6?EvZ^IVkcA1xcR&dm
zPj7DQfXs7J*%ps@Qz4D(4{+VC13JA%Iz}g2q6(IS7B1A`{T;-=)e#KBevu`Id83Lj
zYoag`bVhX&gT6u$`fl37u{Bl~-{wGgpLlFOy<2x=!F**n77!psWN*d3w|YIi)By~4
z9iPU1o%*5Rg-o;@`)}KDGC_4{SuNwX1J35gR7#U;rINsUfe#6p4D-&(z#eo7n(5?G
zD~#<Doaoal1nsiqgQZ%VI9YEcJfqtQfNC{yA%;F`x%u`XG%JkE$_rs4@l+}$ksynF
zdGrs26V)AKJ4HE@n&2s|JE&{rXf}-s?^KGKa@ES*X6ucyl_o1X>z!0R-!g4%v6`P}
zDm7dLlMC_bHT*G)v}59`S*4MQ_4hsV?}}HY>X=q0p8lP`UL-TaBO|g|aw)GTh4Ibz
z^1Wv&*4%)QzrIIiuShXG*vaT0XZa<0{h9uG<gCe#S7#p&q1SSs%M*OV_I;<K>UL~!
z>}uvxi{rJxJ*285heZEC^VyM0Z-a#349%4PFfq=1(J#uKL10B)&_uD}PW2SFsE4G$
z3D~o_0=_tJn*foK$~DmM49K#p#hySyKI$%(T&h=INO*9iixb<yvjA4F14up&`mn5R
zz}Y-&-{OJETt}qJ2k%wY{O&wK4-c|C4K9Z)5^L<)nKj4bm6wYR`XgP=^<TE6o$?4e
zUA=z$oWZ>`Wwv#uW}9wr@XVN;$583hBuIq4^dnS1KXWw`J5Bd!IE8Xq2h#pXVc~Z!
z+V{Y@^`x@N<RE!+$BH_TD{$(N015DW>%V48dyn$x<;C^{a_u?l{zJGL-fRlG75wPU
z&J0@6&)e>oK7tC0%l_tQ)B*`dBwq7S+c(j&W;ch1p8f(`i1JO`wPQ%o84l7FaQc|j
z<daJpT5l+w`<2}G@U`^oRzy7Vu`LrZ<ZEKvyqz_&AMTc5K1liaCS_1hfWZL6H7nWl
zvm!mFZJM^~Kq8G<q#~MY!trG<p}rASu=SdE97Jh#FdmtwlZk5lcDHxHwbis}c6H)(
zEFRLa{(ZU4GZ2cPwP;(`ha;W^dUdu(ee|aL!y_U)2XiA_{Kk}2Kx(ED*-HIsFGG9z
zdJWKx1tC-g3JH9bO<3`6Dy{ak)Y*5Uf;fdpLIA+PlCfV@b;?3VNvu6;fk(6y-u-|O
zk>_w&vu!WCe5FGbP;8hKZDO5oNBA84Y!tR`DMKB(>`2Z})9}lkOAh#6%Sch`{FaX2
zFGr$B&~L}iA4WKt68U%LLkiqty{~%A9I+y&#Np(V1M#`Od4pEU@a7v>6x0?@ew6pA
zPq%(%yaxmSwq^>a&7~jjykhA!B_6}yVbY+bG<(o&5(k{S?_2{P2)2qi2$gfAgta>L
zcGBKI3!_sT&Zec!9vXfXd_dw1`dm_4io~hWCtk=zNsL>F>K~Cveuo1CPi3_>6zCuS
zh4hbbf{8I`qfqimM@6~@oCoHPw^??tENi_{a^SfUW-Va*l6Qw9evSA!=u69>|7?|T
zVH!7fn|Yi`%wz6&CKp(NvVUT(Y=c(&RRuy0bqU?o;GMZqMMRw!m5ZtRA2gg7>YOa=
zDEZ;FUUVH5;8L{2gP&35r1;-mvWSs*`NDj48zWULt+V*NCu0oZk<=KP841_$&qvLa
zWw-g(n6+i-f5RK7+w%A+POr{Ms_%;OTHixwmWH{=G>R76XU9w`?-$$rgv&Ge=kW;s
zrGU6?SO#u}kd_?yY_oZc`D^qcw&7ajZHs&^a&hgBXR+D&YU`}<r-`rMi2$#2xS0IN
zU>h}drLA$QZ1ebpjg{Z_6F&W|-7!bZ?r<l>D0+e$NPO_|{ur*;yjOo+jxUY8{Bu{r
zqjD{EGAVcV7<(=F0if3#Y~#oLlG+gthe)$j3g|c&Tz#zAPmS?EbKd?5h#;qhxANv|
zCJ)1$k0GT94o$pJmaUHf?~aU-nB7@w<KiCm^-V`8NWrb->5G>ows@d>bhvIia8JQL
zqO-p$(Vqj{71&<>KHen1<Q~tkUW(y-05;+%I)uwomMYC{njIwPq^o13s8#f?lU(1%
z6uJW^pB`U5FK_<fysEK)C;sw2_)r;rS~sx<0=KdsQtcmyq&aQ*{>CigJUwRHBMp!k
zzrhGR8A5Z#>dKi*ML?^50fHK{NXN30$BXb^(7ZEfn{R49C}&PzNnP(Z*$_2|{Jw7V
z`1aHCQ@A|R53B1={Qo!#<)+IC=U?BYkjY6uFutoPhXS)jL?laT<;mTG14|Gf;J_yD
z22i?rcF{hZv>3V@>Pe$a(k3F?QH@tuNw`#^yebCMl8|cw8s4}clz97MxFX<6{LcnJ
zV;u6fC9Gt$Ywq%7l7=t#<KXss=b^#zy~P>djrt%@$k+E#IP`&7Xv<%Ch$Y6sf)eT*
z1$Z&~W7_Ll83#JZ0p2A_!gSQ{LnalLn8f<fSE-(r1^GxXaw%Tm5oWY&cbE+~ZPDq|
z?n32XgX@V?O%0$VDjy@4W))V8nuz0KE(-R3JlU{$h-S%_evR6FUUHVX_P4#P#NWWn
zf9droZc2RB=&<qEPScirQVCyMB!Jep`gQ*Dhy4sgQ-24{jlSkZ;re6D;FSz0v;kM3
z<|jhsGN0V49)3A^2vfRR3M2tdj)#UGx?!^d4x=+_A}dyEM&=qzch9}E>{cMqWIB~A
zpK4t5;%mIUsWJjc{+Xv>Dc;SMc?-ektMm<0y*2$TRWrR@V*B&K@!$VLbcskojL2qN
zg)Ps7FnU>@<F+Zjyya2cbqIX@m|WdXy;1(7LFk4|N>+|}%vJgC`Bbqn-W2b$Gm>vr
z0&2hY=WGQUBOgrgNBr2CcaEPIONH9mUd>>~3^+s%2G99*{(*`hI|$AK(_ffwdm}gO
zREVg4v@d6j-FE2_QA@WKuJFnudlkwjC}4<3?YW!(ORA{p#JY{U<v-G$*xwGLtck04
z`^^J{s1gXz)mh_ug8V|ODaed`Q}bBr(f)%$<dm3)b$v@f!ol?Td>WhJO#<PW@U6{a
z<orb)y)57vr5ns~A&1sfIF}uGCnr~7;`wgRdO3Q~RMd$5JD)L}uTBT)ap%O!{FeA%
zN*V8TjDK2^h0<<0v2xH|iGV_-R%+f5lI&l=@@;RStsyYd#_KI&v8*dPmZogwT(!;j
z`nhk;>%#T^d(>)dk?@mamEITaFLF5_g4F9BIB^_0JPB*5$X1*C&vhj)Q_C*;pDI2a
zS-~lv%}<`3-OiayHBQ8&Q2|{)WVH!Fv7L4^s6yTdeF$YPb(52<)#_?srDO5E>zlZ0
zk%SJ_6oZ)R(Y=EB+(b>^XWy8aMTdfC5?6$ZtmC;lMz**|Z9!I@z&Re!U~Iu(TA4cK
zggx3v9cy{)c)k*dNr{EhaWOyyunsSq&=9K#c&M*Ht|KRy?pWV2E2+gHQ{nv<1`Qkx
zpzoMAcQ$YOdh00~Ks+)sPcK42)<_E2@JYQls{WUq7{eflESj2w^BUcX{w)rpBPuPP
zoJCyn2SwcJ73qPTPkO!rpS1pnbiD}xS+i*`)q;uT>e#H7-MYUWV4MHob(x2VEUY$1
zBQm`&vFora4E(5ecT`fox;@`N7mT!Eg%^0m>5)b;<g$FMR=2CxYlB+W7ehOPi$dcq
zRL3kt`-z+M5WtHPX+N;5Doh)x$wJUs&Muz1`+Y1HI-3LeG~WFTmNT)(4t=j!pIyq_
z#r8G<I{VjoI7Vc_&$MC}BW8<Q7`!X<tX5-c+s0ProvXAsJZF-;RaL1N&+VjF%xZ((
z;t{#JWQa!i{n-j)2dq)6FPz=yC}8T&E+f-E53tMj920%heO}6l42zT;URFCtvGn6^
z5^S`yhsep4{c`5$S<AOE1plL7$m>0$%D`uqj96b3Zel81ANm6cJyvT2%=ek%%EtVk
z*voD<1<IC=|A%?;%miUxNc>0l-+rddh|vYbqI{od%c0>5=##Q){KPX^MPvI~!u8Kk
zN87+>_Dn7=@Wn_wc{HLTl{~$PeZv7$tw$7wd$C~J{rqc1e~0I%l3L=<=YP3l&j!#I
zxE?S#F7!Um%*T>j*LJDk$8gRy!Z~QGNFpu&Z%!?!fp5<GPP=OvA=H!OG5A=h1pC{w
zS{?ayu=)sH!O+9hIL`y4w{~d4XYokg?MDc@%Pp}VR`XF<Df%MFR2R$b!C7BfM-TZ+
z(?BXO5b+YIbMNQmUtfLVr<aG_v7!EKJ5krAs38IqHnD`M=NH<&=r*TCghMvr>)*RO
zL)vxP!!k3L@a?U{@BChcb!qdyZX-8a_TBMe_Z&t#YC>&V45Yl+Zeo9~{p8SD!gbQw
zwmKEFQBK?h>^u0pUv4}TW>T+n!`=`cj!xWBXi(Y5<C|FWj{8si?i1r#b1SM*#j0>M
z1VdAG-+~4&C;K;R8a0w9yKTi~-SHWT$uL|GKW<hlmdZp85C8V{DjX;6;Qx?=T(e(|
zv8f6jy318e*}5KIAZwuHWW}n}Orac-rq|7T%RlA2LwC|=NtNxtz!XdL6o4^`4#+Pk
z|7%@@j?{hDiBZYb%5fxN;(%NcRg`H4M&NK^Hm5YDll(Dt6RB$~vEV@Qc%7J}#COc~
zxNN}AqtP^qvGEx-_mEW1{7>h?YHfjMDo7S%Y!4-zw3a?urTOWzbNygS#=yjr;FQf6
z4ivt4o&AcFbKBE5vX!QPE?aQJ_zSaV2?jXiA{gk#gDLdXlPRKmlzoqfPiAd<>DXYa
zl{5|oeyPlti@voyctLHhSjAkwU>-hMaNBOeIsz@3G%Mq>Kl|B^=>Kv7HYaQdo;^q>
zQl`y=C*_>s6sQkOPR)7W7_J$pd`~>lx^n%nGD#dL;9H0?VsIkVE>)quxOO>4{xNk0
z+ZXNoyn1yWoEU=+V~XMgd4VMAd_%m#6Xx-2@&*<JRT5$J9Z7t(fPec!^(*#8#fgb2
zk+T^=7z9FMix)@8ntN;P*04K6Kpp9eoZo-^qSypHvk|)ns?rS5(+ZR08+*kvqxaBE
z0*l-XkmmB5j_he|doWB#PE!WS$x$6~`lg(5g4$+XxNo<uml`AdKAu{7my7=|{ie=h
zhBv2tqT(#pw7hs}q5{91Q$k!we5;alYFqaE|EgT`NzsBs5V)8qvDpMh_Au5F?B1?#
zZia@(BgZEud|#hfK-7B^D};bQ`aHHOaCnOV5?M+W(jnPIUZy)~L&>@K*-NY;{;$BY
zMpDJ=uP|-9QU6Z9QBQiq$5wC|eo!a-1GEf0{>!U2!Bl%lv*JeEW-0pih&~vL)GK%j
ztDb%}suisUt|$ye#0_vWt1QwQH0N!O*_oylY<S&#bJu3PCM3f9@^bS;C~9Hee08!0
zO+OiaIJ#<E(3Xp-Q<=`!ftaZqRHn>K8o*oYWq&@r-?O>^J_l!4W_n}trs95F`F6IM
zlg@s;21PKmJNh-)8n>T~M6DzwiE2;Rei>ClVI%jUw(|1`jw87V@s^ou#wH=@;NP>`
zl(=tq;cjq>14S%+zdrzx{>ttVJUAF<Zng-kb3kXOGMc8HzV^qUl9GRaX1nn2sF&W_
zY@!Q*hRs8UQ>kNu4p2=G;PW8~^(o1C;-R$7n;5r2R(5Y*cDRj{^Wexjg@gM@u=DMN
z`G~vYV`nLykgLbsEfh_8b#Nez`uIJnntHCpI2?Sn|6o&l$gqEK3I&I7n*cDxYrU3W
zAntMmu*8T=x};U8e294_Qp{7<-8`xkeTT$=ZnSupz|=X7+>Kaz{Pf%xAS^Zg?_R&1
zihKnVVVz^pUY~cKP}lfGLa6HnMGzC=6h@t&A|fJ9vURFWDd~*R>9*vY8j|%gH2W|S
zh1PP|AB@sz6kPEu*87*^jnowxKH2@~k;sM9rQZFQB5j5(s}8(AT9_*6hLWhC3SuN<
z3B(iDAg20t*2`p`&d9qbEXeRE3gXv$`SI*UCVwk6!kA%^O_%l;QI~(AQtP?^)%lh1
ze1$!;UM)TwY@^|1fJmf?<j2xQw<uHdE>|!Qr$q_gy|J)T(S{BCvoCjwro~rbiG>bt
zQ6GlYojad@&~Kv+mBB9c*djC7wMT_KtU)q61;y}}QLBDcz)iB$2P+r$9XS@P;wntM
zzx{r`6Qje$P!fGisvFM=*hB~JOuewQND|wAykTqimedug4q>aC*K+48&%xCsNTN#i
zuB8W0oZA#iMv&p4Gr5vQXeC{`<`1_RO->H(J8xlQMS8PluIaqg+AfLQKgSps6ATp1
z7jl_TaUy^|R!%MK9rUgj-X-ogd%kZq8Zdj<pROY)QYPgYhMPALg^Zz<;8SEX^B<~)
z(}}{u@<zcbrx9r!Dz1>h5r)jghxC}{AH{zGgv_Fb%sqLIWe;3m7Q4Scx!HsmN&MF_
z{~;L0h|K;TCOi>y{%_}N#T`F(i`)E*dbt0J-(<!6YF&PXh_ZDeb}@^ajIDL?JWl{_
zS4#?)Q)(FpBZX_P2*f>2@kZl=z9fml;vnXnsO^+qeYbIEf4%VHZ{MoF{&+dgo`upN
zs9WZ2Oqb>XhqZmCS*#&|285A$DgFCe=iL}rvLH7{YN28kzO{qnVDS~)Qp4EN{jDXy
zxzC)wXW#KUrzwrePHYH;pT&4gm|QJeU}*wz=co#}<;%_zWM%u26n^xJ6GZq&rts4R
z9_lbt-S8Rr#de`XA^hwU`a=zbe&TC-?}SnySVs9bF2FAZ@mzpf<4IooomXT9)?h};
z-BG)<*_g*EarfzPc$MW?RBEEd9^|K2(nK4r(4ieEUbFvFw7%D#t&P1NTJ!C4?<Sc0
zJ%cS`W8HAh_n7=mbPPrOeN%=Y;vpQ{rY<?pdczAig6M>?W1_W$&%{#$hiE~jyS>>3
zMv&LR;z7JG#%|tAcFGt@)a!NN4v6k~@AW17)4#@$|InguI}N40%88TF?>?OMgJ{|9
z&!5ES^A_%#>!figr>Fy%h?rP7gXhVIgSYbLQ`rHn6ttneAQpnk;3YJ!;Q|LIg<E*4
zK>{Xw9PiIkw2c0~Hw)BJ<_nGhBgxb0Naay8dYHK6O<2J`JZH^JrJtIn7!q$_rAR`n
z?l98S(MqjHV&|Ve6Cb`QG<Vf1bq#K2^mN$cMyt;pqKj2p4Fv_O6vUoNmCG_Tu4z;p
zehq0$Ja3*RZe1##Xl>D~KSp=Qv{Sji&QO#s<3~-%e%{~n{D0X!+_U}iCi{zvcmDpL
zL_|g5zkQ=(W<~|CZ*J;6X^9J`(aA_llTuTML0psS>+6SxhDaC~#w!xIqw?D!W(_Mp
z8;5OMz^lD_L$ZRssz!jB_H<aF4|>8OH?Kw^y&PX)|MVB|HucLC9xSu{(7YH&q;SQo
z$9R7B4(6}=g9g_Tr#;^FBN6hr>7Crv80G7!{Qy|zc4JmUE;QF+)aZZPt(3x3=BQT9
zw_Kas;T%!y+0nYYVH00sWBg{l1{RCF*%Cv^CG}6{(6TH0Oy>+RzNc4OYX|rSTd&JF
z`ce&acTHJ_7)q+iR#*snWA_!kI7pdxpE#hk*!_+gHOGKTW4+9ltPnnR^cp7Gwv$W&
zyRU^KAYewv?Ze%)6UBQ-a5g`})TdVIUvBu^KK8r}uQ|mfvh_&*lmn4@Z<+HQIWrpb
zw}LY2%-k|`Sp17Z8d&}iN|ek(SPoM^Y>PX^VhwkcA79XVtaL`)K<)XEE+ALgSxgfp
z^b@>tEm7*gzA6*^y|j0dr6tVWA8&R>uIjB6cgFUpDq5_C*M{m|BD(*fQbE|$UH>2f
z@$3eXRrYyhf?cvjkwK9`D=2dgzs5cCl=~v(>S#|<G%kp-u++9KLJ%Udr{b=hGL}A@
zZmeyy<dVAX=@e>_TXhQ=<~@Kl9zW4|r>R}((75t4avw%y(|GXz2fX><p=idoNuoLQ
zi_PQ-Vi*oym*WZ!W;mXDjV&ZzNv!iMyU|t`s*yeD1aR6hdJg-No&`Pb`P}|_EBWYb
zjXUC_wtKCM2@7>I)Si?e7#%Tv#fAvo*SG_-{t<*bIk1zZ$}l1nN_R99EPFx~CQ14a
z$Le`w<<L`Gs8Jtay~BLLkIyEm&IF|X9s0D<WlN9MV{e-a=Fvi-z7pE)&U0}b%9$t~
z!ZPL|9Fy6QnPv9FBIFgDDaM{U>13+w4xSCs%#Ef8zz;edO|ilhDpoxHl%H&N*s{k8
z`200P;;Vk$QPPVGJ5SiHEI?-^gsx>`|2{4uWfF|u1_O&{vCJ+N;YPs|_9^OfqN0pv
zXv`EUy00n!u!UMI!RSBpnHef7oCb|B24581(NwyF#mF2HPr}dqp8CgApLK*jB`ohz
zLa6OEnfGtn*WZZLnuVN&g@cg@qubs>3`WX|-`w4D(!=hXjJ2w-!jwEvO_y`*TvZe=
zRqnb=!QPqbW5W&L<Fh~P)&zqLixG+M$qzvpgIA&{cqGGNk@cvC{B_%EIBT})6}Cxf
zFWWva&zX$jz9~|~2}K*pz3m<#JK0VX**|Vl0_@8bOSGOFKWB>$YEnoba#!7Dr#5HL
zeQ|{((y=a82Va33a1n7pSdnQBl`4X<j@YjV!Y?3*9TZ4VsxK7TVx`gI&k%3031Tpw
zSZ_G24CZSUT)m`qFocVnn3g65QP}+1pEC(Q`3~p}PwhM2I+}*zw9_5`7le;HCm7k?
zh5udOvA~5`JYhC2q>LqIv|>n+-YoOUWg33RHH=mNioy9}1H15_l&cz*Ygl$3WH)%8
z)MP+T3x<v8bY>Qwo+hyZyK7r}J@Y_terQh_66)O@IDA$(C-=BTy=WS8^3457+1;IC
z1$|or%11;Hirm11;C4g=MWu}l7XQbOH{y1b4~gjwX;MMpT+PAMQ4V|>WbjW-jw$i;
z139N_(Nu)QH=+oL2p$t%H%XX2oQ+qFe)N}Ns~ca|rZ$?7QC$tW_Xl6vlP;g{t=>#)
z5&oW?jdQe)i;tpPjYNmtPQCq?o+7+5rpH}xiuqX%fA(Mjf9TN-ky`C7Ncvh|QANCd
z2UfCzZHIm2D3gQK*qA9njge$2F-Wa&uqt_)7A6*7`c!R9m@bmA3f7qj1e5ugsYc@-
zY$!>-ixrj<tq(t4z!p&`%@|^?gw!~!6ksXItWLyk8#B{Pk7UlP-Dj&{_O9DfGNSW~
z@;_Ppcd&hEN@M2?>^Nh1h=?5avt|1T7Wc^=TaVDqId(o`>sxj~7S0ccCQU0t$x;`X
zHsv89I#+cW=3m|KgzRi~7xwp<0LW?(*?eu%{}zcPR$!4tYPRV9X41ouT2ogciNw{L
zouK7`jJ2Iw66$cvPf~`y1_$hvA{X0k!XO<@>W&Zbu*%GP@G9tWL<wl$6<FbI(!7iK
zJEQ8A_B74gJ4QuM1#Q&PM8W%a2y@nN=ZVgia%?3$agd*#7)P#xl*RaRB}(sx>P#!%
zA9VD0a*t%q_50$4HS0~b@w1otGDT9-8sFEk?BO*pqGAUrI3~vTbiro3LN6)N_AeZH
z3g#3aMU-`{Z`@sY90xOLH1cs1EnetLjYoBC<|icr(|6<b7-60AD2%C+9tIqEjr+WW
z*bcthj{aZ#D6eLAeaxpRP)kPpBJT#De5ZXypklQB#OXZUEQGqpL3G4+R6L-OTUuxq
zT$eMRw158}0O&v$zwav#<Mzl(+A+hL<MGH$|2mGo-6ApQHSFA<&ai%sX&N2Cx4-UX
zU2HOKTZC}i*ft6o<T{x~*2<Mw_aE?@VG}`Ej6qUJ9aD?u7@Idk9}%IDG?HFlDe!q4
zH<7;VZ^b{4#$+O}Pj3SH^hOfK)YVXgfH<}5_DIS`htN?ybD$Y>QX;T<O8Yq}3o>DL
zWq4>Nv)b*$And8A;k-b=>2%Y3^jp05rp&;8rdqd2%tykylEF|G2jSiB6I*iSh5yaS
zCO4xy|Cu-ngT9hCj#}6D>}OEt#LnRtPFL*2yjV=^oPNDB5T;2b(u>G)_4BB#jJmj<
zjVwP)%u64N*T%ZYu-rUqNbH=^I@MF=CX<OyojTFJeS7@;N*@YvB5@QQNwSU;XgP_N
zJ+c8o=!k1&KUctjOiRf@7#<qnA`&-^Bo`sV&ebVl-@bk9+__UBdg>#TP3#nQui`cd
zg^t5vC*PXKjy*eAxqLqTdK&26I|SSrgjlSY4KBqmjoqWcZj&$>WON1@tzcPX375u9
zYL<mhK08X!zIW51Ls!0@HJ!cj+qmJ@dl}GYD2HZzM&!tm1hf?{at+GC8sQhlv33J_
z)=bO|8jyYT1i}6KU<~y~7<3aR)oiibuxDodKYQl^CPk6H@n84E-I>jS4eXMW<eX6u
zOaxKR>?vZvd}i<b>j9pgIi7b$L{TwfAc!amB0-Ymys#``a}JZI`~OtUE}H`iy6V>R
z3_C-0g|5`q^?vXBVIMpILvZl%rt`Z?`T8F-8TH`b33I@=PdrMWkt6ZPhLf{&1x0P!
z(tqmJ1f``=TvCR)Zx2+}D49m$UbH#yVZZ!Rip?gznmC@3cibW6|8$>N;|-`j9ZSFN
z_zGN<W#wQ=Jx0#@ZKVCQ1;ts0*`O1wno$fYy2*kzus7|7bZ5tNZ_?JO;}16BJS`cu
z)CC9AFbOzE_+AvbSGbZjsVHUxzIZ#<5DmqfgGKeDi~XNbxS$gLbHv|r#*R!ZB-j*m
zqaTCnN7$Z;Om%UM>c<eI5EN+v!RS%E=!%A>h&wi*3LiYeFOa4O06IbB5#Qqnu-@CB
zANDp~9kK=3Ik8zRfSp_k?6icI7HDaKmKJDffnU-BJ>z}y8Qf6##lTJrW9OH2Q6R0p
z_tKH*%m!WT{C<8A+S=Vd_}v3LlCh(&`}yr~ic=Q*;!vZ`Be(q`Y?G4-den^FQ#Y{V
z)oqm8E~ISq52ztVZ1W-rQ=6y%pi|szE!kIT0fBulTeXkB-1rWUoIjae8R<;w+l%Dz
z5K3HSys~016C*CfWHZubSSS&_+mpR&2hoGOQg%3t{acEOw0jA%_-W-z!M~>%r`ONh
z8N0b<$N)atyNlOTcJulbcQJk5vmD6D#BL74W-=2I97g|Etr-%Zh}q!BX4mP`(Zn5}
ztmMX9N3&yZCVTg1^W3aSL`5`>9njLbjkkc%_f9)j!hyrZWaT<=xO|w5Dsj=loYpad
zr1+3pfLcmg5%U)A<5-r1%O-T>jKPUGoIXDL<{&%w=hG@Wm@z{V>DeWUZ`U5>^KVko
z{5tnu--m=&cKKTz+)g^P?QsA}q`&uxHT3HqLt(L-uuwBo&h8*VqDTI>iD0Xd;r-(n
z+`Coz14_r8mPYB8Ew~OJ!S8Sc*j!bDQ2>*jIuSg05M@R?5#bFVIBPC9xgUIhD<g2&
zV@+yJ_?crc$HzC`kbjaZ#2S&7ZDMPxnSLGIBu4qj_L=$n!L}^TkHA+`%)gFy>1!|L
zmCh-&4|0_Y?44qg$DgEce(T%Zu{VR~-+GOgo(`=Ckg2<dQr@S)&*p6&^78#`+3x23
z`DJwNWMb*34bMF>9xH6N$`yxXA=$Y)cR%1^=Izty)b95y%iPpHO;-eCXK<sJH<_`M
zHftt|QYpoz>$8+LGpYbPHR2m9xkh^Vj#0CW#`5@8<MoXw$}}bEpW9Dav42uvr)STe
z3?4ifV-<smER1Z>Eo{}T64W`F!Hz~x#Z7<Q^bm>!Rl?rAds(}7EiP9;+VNC{{{8zi
zT(DFWMScS7mhjag{wg>fF7gX<$;!+izaXC<eppS~p`VyKwHpSXkMF)(&+uWvoIN&y
z5Sx%NGm?75Lt#N7ZQIxg54U2FGPpXLVx`!j@a=LZn|Fj_3vWe4WIEm2oA`8524lxu
zPv^w8_=3$CEoKzW5LiQ1hzPTzmy}_!TCo@uyyhT;R+^}%&tSxunS&BxM>CqM`!Lr0
zxU+HzijJ0sFq*31KXe42$3bw1cK8M3Mt~XkFsmk9f_Wn)zXf4MC)nk{YYQW@ARFtk
zV;D69Wq7eTd=%#uP_{RX;+5OTNj;2RF%WE0FndL%1>~fo>OSd*NY!;5k)b4CbQY;^
zd`b`+X3dXgGSRACdyX79h}G|vfQ|rm#C-|CN_-J^DQb`pV~mQ?Dx}o}6;uVI67Zd4
zpj>uMNUVw9;v)bYA-@)2>!`w5#VEiY9kb%b7_Os4nD8s2uMHR!lk|C{$+G=ues?+3
zN=1mbDS|l_-H&zd-mKl<^f4(|XcHz(V8n<Kr)miQq4GVHueJa?f2ba9xtW$0Xla4p
zss(x_2w<n-(tkFv^YDV}r<%>y8IciDZ9_uBS{OS&qnGt<mq%bxo&{y<&q!WZl37ZZ
zcbg@!Gi1n!Gx`i3v3%6{i|O3GZ-ciRVC<}Gw%UtczlB2U1-M47#yTt(>*K)~UE9GB
zj;`9#6|oWbqi7C1ej_&1aE`W_Pw1jSgmztCF2SbY^o65Yl2CjF1aT~272Be@*=+m$
zWNPAmzwRKDroDwxHSoX7Zy_~5lhzTD^h-?UzR%`zar_;G+k@yhJOXow6-B)8s0v2A
zg~A=_96qKI6Yj@q@L|bcMOeCq%jf4G`&aSg&@&ma;B6-L9mhwTmg4ey7~iuWe?R*?
z3FN4%7ex^-XI>1d2UYd4H9echR&2oI@pD^PFZPudu-2EwcS~*#_*!Whm%nISy1g3T
ztUAIE8#CCST10V~M-C@}kl1Y|x_69Z$~o=n-y`;TIWCuv`ClJo=e~Sg9zQ)gMKbN8
zZW4?U%o>wHWk9c3y0#C;<@WQ`>zfI&o5{>^aM8IP7~DIS`Cq5vbb1-qKc1vG8+MzB
zFJsn!HgfT~9of7qmsU|hTr|F;JgB(s;Z+Rm8N+FvA{pAJRb{^mS+{}$JV%e>N;@n+
zzTy(Oj*G(uYwJWjNgep9L|9<j7&kJx(e`re*g^i6OVNBjRI{1Tp@Xpx=r6ywj5h@#
zbG2-%jW?Hu(6@t|i$|8ywv~?zkBNVzwqt2tgp|l>C=3oQ=8Z1<h_(3G?J|&H(ut6|
z^gmDI+vgX4n8YDZAiY?VL=A-VWNCEY#C*julgI7H<<+ECztw8OY!Z?yLISe>e7wSk
zfY9}?C`XhpoHrX)q)li&<%@a?3tf}26t3esF%`wy=ky4_0U8#wQL@<#h7-H5rr!U_
zxbCS}KW6;+RJwK+`;CT!)2TCmVJQp0a*~xL038n{rIjq4ng0mqp?mB1J>vH0+;~SG
z7hMp+nWGF?s&L9(Zk5NLb7SzG#>~6MH#+Z6=5zF9wBw1^C&1V_iNMa0$7(ZnlKxQ%
z?9`5Lth;9^Rnp6+%!%jGSQ#fbUXfIf=P?>*C~@~T-F&{OwfGYPJExz1x@7581i`@h
zM7Q(3UdjGwYV-Y^>)PSvLba4mc#bD8EG%Tnk|ok7&#4MkfgMfwfvMs{FgrVwo!hta
z{fcE26=&1CZ#OctG8i@}f?nMWY}>qzHp$_1?;MP(IHg}g0VEtenoY3Xj@cMYR)&k1
z@E{^16m*lqcPozZ-xm*(neX7LX@js?e2f|z!{g8IAtNuE;NWP?q2ZW9?5LUnqaXa<
zB5uCv7Lt=&qv!%IDVGfs&(d<AiHfMZlx3^_jMv4Xj$oh&!7)|ED8Lj&#pn}KxIVn9
z0i&b^l|L#4vjz>V%#F+AAtW?R%AGy%fA<n(43WT&5)(nj`W<8(IDk@G#Lc$$M7TWC
z7{sXQ0pCGVr%jZpA$UbTgGN|rxRjnVX&QcmhQaHXz>@IGWAcmVGID<>05<u67Fdk1
zE-)(iL;P5xbPQ(UzsG=LG)Vx)Am!F7fgJ(r1i&4^-Vy&V<Uj+GY`Plwe}RdaA{4YB
z1;u2>r<gIAf-tKZT1h@~c@YnJxwr7keUqlypv_n|x=&-}mZmFc2nO5@H{5WlhVLIP
z-$VI=u~RvQTYS0yp?tX?7mlkKxGnwL(!W)oSj}lX2tS}Uiz+`sW)-Vh!D3VhvZxrP
z!9c*buus#a%876-SL)Vqdo=lO=<w*2xiws#%6F$<`~FTTup=h%`@5eLy3oxMNNCE_
z(dl$hTvD{Tq@?(+hbF$#po7z<<aZ+1=zFiZ8nmZTl<4}MS=3xAYdXEC5ifk~ba|^;
z_Q#-Mqh_M(Gsa(h4dT;Kh}VB4L2uZZ;fb{M$-Y)>!4J95#`aV`hEOxMhkM|5yGcn&
z;lP0d(t&7DP>^)AD0HloOtF-{eE`EX`Go3QWp(_z87*!a>(*`Lw9`(*P`ZIIb$64h
zTITSOS6D`JLgP+g8_TfLDSKmAw#1*T7TCEji!qnJ#>{i?=E<*L;lG#uADN{&94$y^
zbf<nixp*;?BW|JhI6DTDLU5cNcdip#q7BWfv3p%MW`jb6UBTeV;DOI)@pi9sn6mB*
zuI<*B<r!%#IJ{3*S5;JIO}c_HUAkhn3jJwez2*b20~9wVd$5!&xcY^+NG~hq;*gF^
zNbJZbNA}VtIF#ozHxm<O<I+jJ`P;M>3$>p!2849lhl>yJ`La}mznr>!3yb$&A(bYW
zHl5ps$zqOWm9ctLCUG&rlBJWG>tO1IT_`N}@YTx0j2sY8VqAbxwSH?hyAKpHpl1v_
z_T>>B5yY6G3G7NK;D?Qw@=$xq+3jf+9mM`aMXcJC$rY12vF4{td3Zgde;g%c9-f}P
zjl|es2KQ-2pKejLZ&%mxmz3ho$-#9f4NpcU#<+OWEUj3!)4_&a`CKx-gDk7Dpp}(T
zuy_e&2Le7kEOD)fIC~uCgcjD0d`4)nY>SQ8zY3F5Y<=6ixMWl*$+2FJxh>2()P{w5
zLJX&FaL1(RTojYdbDa)Q;#YX3$WDYo;}W}rutuodb@iRc>*t*>QYb0&Rz@peHmY(Q
z4(b^r*=IG*p=xC%#__jn(@D>EQ0fTeWe+w<fbp#1iE_Nx7oK}-hddpsDy$<8jlx1q
zjOZUv$K=pD%YS!43fXxsuD+lnQ8n0P;(nH`JtmoS;=7oig0&WEH*xx)c)GR=$6#pG
zRZ3&S{iMgQ*_1+d>8DIOuQoeQ+=IsxkXU>5tr8x2s*oF|+8KX#Frz2bc5Cw1|DyTp
zr6Kj!aqR{_(NQ)!wXbd2tZ52gFW0&H#-sf7<pU%ogrD?#ZB7}cD?`XohBR8GCNp-9
zJTVhRolyxeX|t51`>OyuHRH>H&59$HT0m&^^rE8rk*CUi>{J1C>rLNS{--jYqoCZV
zw7z$7qYZo_7n}gFvuf2UCQX_o_wQ4uo-CWY6RGSkzg9@E)npXBphvJ<ZyW^v<)v58
z;Q=+DWGbH-M~@z5(V|5syO`to31FvRzkc|9Uh?zuB-kGpA5X^7bQXN^J|;s67hf`t
zh^R0={cI`8iB`r8HFNmDkElkS_*OQ|CP>eBVYR442Aie77GZ<%#TWU!GJ7jiukOJ`
z=O<vcK+0h^OTIZoafy#h|I&jF$p#dPcx`qjPrbOCW5=BIx#C75`}M(~STPi2k+o(C
z&(4@dx9(k!vvI_8Op}Zj0i=j`!~i%WxHnZP(gsZpFi=z@ieE#(6hfCwQ#GMNCjH_l
z1~aOvA!Iw10w>uyC6weB;_#KwW8?tJJTBTMv_>%mlQ?D)eI`u8>Qo3)%2@i(J9w$X
zC?Y%_rR>%r001BWNkl<ZG`EgfwO~|y7<4b1uAv(RLq^4~Xs9kHMw2R;L0-*|(WBuv
ztN2x2l4%66c6@tMzA+F?AA?ax57#k;fx#%i8U;-luNiz8%4OIpSULe&wg9LTaIB+Y
zQhg}Wzm6H*WW*3@!q&=$%V5H6w`0&8xN?tT5r%7`&H`+b?dd}izJ8Qoyb)c|PrHoG
z88&`c)pUiB7GUSZrfzDUN{*0XJ3%MmE!Q{QQ0liZaB1nEmi}q(<1RGVK!nXen9V?Z
zc*7F$n(o8xD@Ob^8|;`24I9AZmG~%fXcUzBC@AwwL(E^JJ^Caz%-GqU?&0lqMYq2B
zgX2Bk>Rag;xyG_x?;GuhyI+{0q0Ou&%TnQ-vm%pb{5vl{M^dtNm^EYKYrhI0q92&v
z3Ee*%osoeis@Xs_ADSl=KTGNK#;<Z8C-!KE69IMvs3X9g<{WZe$%MC=L}ped@4x>(
zVzYPq?YGyevH*6TefC*GLP8ildNidOD~V8d;3F6{;aaY{?mGVZ*S|90v`|94KQ!r<
zue|+TK3%d6$NndqbbWmn9nCDF(}+j-a_)3S59|1g@@h%kcnhrGa)e&p;u&-4tHdhZ
z`Nz2XnDY9?%)R;*GRv}9xo;(7yNu%SmLz)hjw3YIB#$tyk!HLlUMvx2d=4MGcI6No
z7KBMH<>{sOQC6H!f!D>svLY<10k`JIY%p?e_Yqv${|sV7?2?@m92JZ$K7ydQNK9cN
zc!~-sJ(9-jpUvmxZ@#CM#m1MzFJygD7KvsX;U)`ZelJ<BGTuG1n*-JoK7RR1I<<>#
z{AOFOINk!^tUAhTAMPTrFd$7LjTco_T9OLDrD_;AyfydV&_`N{3YLyw?bw1%a?>CV
z!J{Lr@_SLKhftddqZAs4q7skHH`H#Xv`oB!>+-t*l?1~_Se%H1bHP{;zIX(~M@X=h
zIfM*`f-T61&#%eDZ&9bP5HlgR1~x*X?k+dpG6!pR7V^P2M@UOA#plzR^|t|1%B>=Z
z!*X$G9&2<H=`Y3*5h4BYh~V6xLjK|<_}v~9gMqMNg9#Zp5XJKAA3!y?AzKyL5p^@D
zI=$MtxoS)?NijYSI;}i)IEhblqw55B+E`q?)OkOHLrYlWH1lq;jeJdIxYf<IVP)7(
z(C?1u$MdEyB_rEGkX0OBiG!#BgGb2t2|2+thbD0GIqd=#x^;vvS03SuZ`0VgJqM@T
zkJS>8rg6Ldn9VAKd&M$oOfu(;N|M%7Rf8y})7c-(aW4H*Nyi+z9CIe4Lhr6oTs^rH
zV}~WyDtXdPU$g5#AxmC6n@;7xsko@1*v;%u_VVdBX%v;XrB5kQte7uukDoiP?#^Z7
zJIZ=Cw{SG0h}j>1LTp@SH84wnP;t?b96A)kiq*w*=p4^O_Z48X=E%P4Ht;C>5BjRz
z&f71?aOEZTdT-I`G7w~~?LVVxf~Q|{uxooVuReaUWIX**LsNjAeLFX^a`8uOS+{ER
zk3X(z&}d9Q_FQeoPU4-Fz)tP>#+r7PQYF2(xQ;R!%j36=SCsj9^xKrSch*KBe`d`J
z3JPZEy58vf(H{ZWnLK$iadDN;;B<^Utkq$t@iW`<M3PNZN*S+ICt=N-H;>}t;uFcH
z$=7!5(1E0+)|3|KvUu_5goed1ancl)EdGKH?af?v=@4|SjHS!=$mix6gA9aQ4pLB<
ziNORR!6wQ2`0~44;-by;JuMVP*T^Yw^7XPTR&6NYj4_d%eR?vAYT~=^)7f*NjDma@
zSN^3fJ-S&XnDG5dl{+8$fgJ~&T=}052=6%vkH<;z&NX;;uH_%sO`~m_Hc~1~0yl!G
zqn9&81(7wNVTM6cbi{gHo%J9wAW1@zPJ1M)-|zHLT2z8PDje0Lb8N>!ir1#IaKSgU
z9^Z+JZodSp&%}H0y~i#0-hn}}FzvmCsPUaqR0FY&Y~GzTmM7Z{CBiR!-{^Q%m0-UY
zUG+$ItdW4f9G_(VY8XVl{Tiylh~g8%b%MPUFhVtGf>#vS;|j?*RTr!xFj%~pqE!&j
z6hi>W5<(ZkUycBM0<vqmAo55*J3?+vfIo`SfNoHw4<1vH8Qm6!!(zsi5J6154d2n-
z=%u+b9jb<+dt|$6(ix9XVl&`3hoeXIK<Rt|YWxt^t>40$HLDvOUvItjmW&rbZws)~
z<f$kxl)z4DxsRQ|fUO+M($1igtyVsuTjDF`dQ1DXjE|Q2A>TD+Xu|qoQXwhYOk$*o
zU`wTMFCoX8lKT<aC980Fj^g#_<M9;{WNaAl@e9KMf-tIfg3QT;26ZAS{5+y;J*zE*
z=>=Yn=6NY7t@5ls1@pHtU}xfM>8w8J63@)hyfU!fcaM63oeIWIRT{B;iKs#=ZqC1d
zZD2=Fx$z<3;S+l-p1{>Q-vhNfQdd7$I{$A=)tvPG)6WN`VNJAZ399E&D}5bhR84*&
zz)rlrHo(}aNl<Dgzf1k`SQDr4%rnojapOk$0@b;5=LUftv5}6Bj^@D!A0*sTNQn14
za<#$OWBTAK&BpFrf=O{!;(Qf&ULAiYOnrl;EB4?`eY#24*Vm5k%-_gWcg*9S>1XiN
zgOi$VdpFl{aH92^`^it_7dd!k_Ff*I_yP&`L@s%AEFVl;$d89tawvB{JzDicOBqhj
z5w?J?v~W6V7IF+i)<8k?>Kr<jMRwU<=B|5^l)Qt-r&)+OjO6e{hIZ)1IX#BZDl`OD
z5eNR_LE}MJ{U{a#hG0{`IjOsl)jNLT`Nb>vzfMD>6`sTI<I{}&JlTB|yNdIOG+SwB
z3zG-99~|4u^M^O_!>2dVHYuWIyfk4w$}4j5@PB?{$NqfzJ`-dyaQ>NX88a+_%p4~l
zEjh@p{ROgp2lbBSZ&&poUN9CKnExj_?oQ?PB@Qp|eUZW^OAkswNF27m`tV3Pv<;Qx
z!|nC6bmdXjY|iA;VG$%8+=#!R5QE)@wM{a{s7M@p_v1KtNLJGl9!k_-F2oem0Fku`
z?f!ddzlQ4R_amj)UjM3+0U>ndyCizJYjQqec8wHg5YHS*;<LP%YD_STs_|Th6fTI#
zCBvukZi$VbTox&<A`W5(Tio0lUW!G4J56lQl2QTed`(uKlXsptU9LM~ua}$e;^VJU
zS-(A(@K7_Cp4XngUDdr-zVnwJ;-z`JBrr6he=Dw-&_T)&it+_$^v3*stlySH+eAAz
zUDlN;<Jwi52Y#PMm-FTm7ahbuZ|*C>M-hrkJ-qhOUbgPZr&HTd<~%x**yx~Y<xjln
z8+IQQz|L88Y9pkB17~TUf0xEnv$spj<|pnRNO+h<p05cSzNk~{IGe1G1W=pUPQTW5
z!k5;8!?|Q;msD#fF$bfg>?Fp9a@~C&a`|7|GhyuJ<IjnwUM%GAGYhJ1ET4NUlG~>T
zn1c0%{6aqu%qn2_J}=k)HI%C^t?qxVs952O>pVPq_a*f0k=X3o>tyvyx-zs;#?Io8
z<{&;O%B=NkRyGJG=*Rvu6NM^1c9^9k-c|+JsS)4UD}i9{S4l7DY0WYk%cFV3XP_GU
zC~-GspN#7KseqjeE+np1Y_(>4T8kuwh7U1B0>8&gSwSV}Qj(P?^D&rB1V@A(&oi`D
z(}1FXsQI+1!q^cRJU{m{td6Xc(XF-e2n`LVbz&mAmd4htD<~|m;&hrAIlLp6UECdm
z;Q&8v+r!R1Ci?a2LeKVj=<YQ9f|X*_<bGK<T6y>VT-qgC88y^~uDH=u6FJ#Vf<x>C
z2N_Ux4=$HRUV)L&$WS)_bcnWXjI@atl4}a<c875DJ>Qa&WoFVtFA?6Q4_>^id-X|f
zJbO6jj2wnNC`i^{FoG&rIRdZ|zl^%@l2e88QVx&^={7m16#-nR@~_x?9XWUuZ-JZq
zyrU#_?uv6~KA$}~j}X6^PM7y(;M8##eUP_#KNByVL?$jU266A29pt-Ie2Rj9)mLQx
z``=89??H&}$LI5)nT%L8O{l*~zd9zdXApjS1lXc$7z}=boj!Df5sy(t*Ze5ruc%|W
z6|*V~nA8B%R`~ldoBfz$Okhzk82u=CB^YA}{1X6s1gIkc9UXyfiScK)g`kE;P-IjI
z3JW12IRVGv9h4l~PI!z7Q;-*<U=oQcD!LFvFE@G+EFvo&TO3N#Fih>oqX)M`*HqST
z+}J3vGjnEOITn9gfSnVYwg>Z6vP%NTh_&pz%L$|vIX0JgdvOX;*=uUow|ti7#SWu1
zwBvCD{pMEx<MnB#?b}knKnqkTN4Jch^7g34O+E4UX&YmvbAsi#QDDAvAKTMkpv18r
zlVEtB#NgG$voDeM(U;RD_VVL73xH?OF&A!cz+YZfg_e`CzV%HKhTHYu$jJeAAi&u9
zog73}t!G}|ufy2U58gHso!LOAlQ^zUAS->E(&42!RTJn3ZWF&xKxaUirgV7mcpkOW
zSC6k*xf20)67;n-7(2hViedfbx%6m!5tDiR@h8}|YnQyu#Kgqoz>cuQ4-XH=>2%6Z
z1!G45J0gUJhVsyZ4-yfSL!|yAp6KiF<$X)A9*`pngof|;IIwf*=_XxYUw%HH#_El!
z^zWI7-Bwl3rTMgXQ`)1k_G&KiH~-(~e7Srtm-qQ6Jrf2KZ%^XNxdVCks?~gZU_M9k
z_7fY_j?>gDY1=*U!dLOKCj=LAN{@1+AcciH-XNnWm8jq-lERbd7Tbd)TRY6U5nWiQ
z;gv62Q4vNW!i@w637v2+sv>;rh>x&h^YT+#3XgyB6?6KYO@g)3T6;rbCS7ci>@LY=
zaAZQYsr>q(ZLE*TWx<<MCDY@N)IUv~e<w1Ygbdn$-`ydZFe3Eo63Md<3<>xW0e0*w
z;D7J!WJupwE}z&Dqj;&UWBv=LzrwOjuyy>JhDrDo5&lIgtUasAan(J411^063=83N
zL_D;G=B$)Yug0*bC;f49QDuBizLVJ>?ctj>0gZCOE_&;UQAC9Y$uidbl*My%wn;|C
z9hY^Y<AJrfj#Sq(mz$sRp)O^$Mhqon=wQj<`7@8NO2$rgX)DoQNzq>Zd3he8!5Rl#
z79LA$!=k(>X;LF3*k0(gk4aJa6lpN8B$yvvR=ncGs5}@Ioncltw}h9<gOH}ELQBTZ
z4PPVre9w}<9M4NIy@WjAyhR6i?Zds2&GX@NqouT9MgJYka&Y6!HS9T1$SqfN<FDs;
zA|lKj(C!x=05r%ia`WH!cJc1Q1N7+{#S`}oD9<A>-URs4ZTzPaX!-d0F+_v~9K8s+
zmy8@I7u>oGms{hRzYk>Gu+~-9Eu9HBe#4%FMFC((fR5$!<;gd;G53oUuAJ0?`>yR(
zzNQ7r6Z1rT3oLWZRW-W){lbd1DV%x9%RF>nB>%j>@<4Xq0S_b3$sjkc@<r#4n?iZ!
z(fSW+kEZ*1{T-Fp<~XF(>=UyRx#K3o@fVlk5(9bpJ|2Hg;qvikGi*RR(zA-m$t$Ht
zmpE*}Rh;rPvcEZz_4T({A5J>3lkxIQP%42P^jS*$O_jh-t@vt><T`#-PcKKv3FpyR
z8K*j4nU9g%l$hziDP!l1GtNL*>;K+l+2T$c!sJnXs&$eJh0kjE*l`pTQ=FA|{3Ae}
z6Ac3Fu|<X<fS!=pNG$e%gh?00!}&@n?Q4KKyVEjxd%<$rnof<MogO_-BO*MUqT(M(
zJFuHo-{;V&OCpzE(t~at3emN6KKS?uq0xOAe|8+IYn$|ks>}UUfXS#CtjwOfPZ|M?
z9ub9K7t+P1fGnCW^v+BHMu<Vj;nMKBeKLKJ&4gLx<2SN=lggbBtfbJ`jWcd}089H0
z(r3@Y`=)dKxo6U)Q-xfuV3brGeETIx<Ja8im@rwa(x?mFBz?mKg4h=Y*fIj~P!%J7
zzmGXjyh`hYR!qF+d{)d|#Li87Fd9twEehvPohUYEI5YEDKL1NrAK8Y}2v%b(w=Db)
zhfkP(DJ;MLS~_POrbB2e3?AV_Pm?T~0Dz<h{Mm`x%D(}BITp=JLYa@UAcZWGxEB+;
zpgt+8l!EpPi8ir+RmAgDM^}7UEG85Iju~{!x>tf~N|5laXq3z$$wm^49l`Q37$m4<
zwpxg8+m6Uiohdt#ieb-sx<~nlHM#I9E>s(sBfw-4EFuA5nxx|{UF2zt!X4WaHF+GC
zgg$tD!YITbpF|rrZe;D6H4P5?7GUQ@SB1*!s{%VeKbK!GrPY~9|JBnmdQ0mq)Mv7@
zdh8d!UZq+}YH5L%7HF^qdL&y(imFul_-4-~c)WY1AL~;c+?tsI$<L7x7LaHb{&+SW
zbWq|vxnPpWyWg(?>@<bieySVw=jNZEpL<HB*z~l&N8ock3(C|6eH_<3N2_^5zdU}L
z(&4!pz|I|WP?P|$)0F(7S|0j=8tH4q*Sv)j0e0dw!PsedqxEz9{FkKDbOWXK3;1f;
zIzIT|1DTaLpcN8p=bm>S4v&ZAHf@d{Nap3_keZT0sLjTUFTO}gNx<2-VEDZ7!t?mk
z-$8A4F}_>@>>Oxv)h1jso24uE;!Qm<DK_DoCp)i{Hi;2c4&@s!*6H$+kzI_*Xdt0g
zsPxIv)F9C6?7R|6O5KEpSc!=gvS3Y3{l~g4s`tO>5Y>mf$Nm?e?j^zAo@wt5;C~l?
z&#FTU*?H_o+JyAx%=TAd4_7Jk6iG1Whl5|R?$B3sj_t$94rkFLp&zQ^mq3j{^-GB+
zgX#+aH^TBw{+}10&qZ#2F(oCXM1-q^hA5a#evBqBpZv6jS66(;qM;YkI;egLp1OKq
z@{gbM!vD@^NWbJiRtKGeyIHjSFmpcLFMaEX&^{@I$L|>^CDkgH-uyzBWFG`Toys5%
zmK`oXsYgoqVN)hQ?aY%bA90W_u0O3~IA;z?pl6o|$$SVLlGhI6`r=YATX*M4e>*~w
zO8ger$HfFOuxAWs434K=>k#QMzGm=vH8OJ?Y~Gbe>d_J@QzabT3%NBR@Akj<ce7zz
zj!c#uZ|6V%94e*Vw(ZU5iPyGChKG={y6c+m^v&Idb6<*ds9RsKb?!jq#PKMmKdzip
zQ-+#fQvyDAme%b{EiuZ=%*%6#u=`1KTlmMp4y-H;=edsi`AbX=WqyTsN<#S78B|Rz
zx1wwT0F4WBGA*p6!R<-K^#LiiZ^+4av**hTYTbeuub18ZJsWrC(W^@YpT0Qe_%(Mw
zv4KV3AE9HCokg#Vt5>Q`FxSRUU&g^BC0ufDJ7(S*kR=pBNTYS1_&Mzo?R@gW=;Mr?
zib5{Ab2&Rwinw=LccxxY-G*kujmy}RTEvo9$CU#+fmDL6^Y#}97&|nc=l(vZ-g-5q
zznarEe!s@Ri7&8u$1z3@v#?@OB|u+Vrg76<xy<{xQXZ-2X(kqb97ke&{c~>lnlOC&
zFxLOLh|V2+oIl<oeNlM4M!x)R2shlih*r@WBL;NCWYjQNQ#f+WPpgR2c=^#O&8c~Q
zQC-s2VPq&n8_eT`7&{rS&qPs#ztRe+iCIeg^;LkKn(>Vp(g|RvGQE7xh%y9t)Z7j5
z5I%OeQHj6q<oehVvWq`MitYCb?7Vd}o>#8wN1x6~wZ>^K20qSo@%h#?va_l)_kPL5
zFqlk4w~AyyawJ!GjHDC7$f$bAD=g-M_tF`rZ9Zkd&VT^}88&nT-+uiObKdw5d3i<L
zbnAIsesODb_f`q6e6iSzEwmkDPdDH!-j6}m2)0_#b)N(t{HmD`K2M`vVmKrE$Kcmp
z=mKaEx1$A&Z-mI0kOxCEqbnZibH;#JKQ(mC%ByqIc<QAcM2)_Iev_|6jf%kIbF+2c
zTa+C>j4oI(V$UaV8zI4F5UODsnyZBLpH@O_Jh9z-V>H-g8Hy_Q_W~L*qU!!~WfUVO
zzm5+bw@<_7EoJYjMW|j6N&QAZSd?VA82l=VrsCDyC?*q#{g;sCHJX`x$9?!T;jh!j
z>r+Nz53&&5RWNRY17H_E$>tF<ae{{<$wlI}4H~N7hw5}tvV99~Um5<`IAYtLCK*o%
z<0WC8A`N#0pcB|zN;?v1OQNBc6p+1d3!2G7>)r$L8%zO%3SFcN6eOSi(%M@1#tBHO
zQCvh~=`pVEqH#`V6@%tMHK-^?AEr<PM!SmJXhE|lpoMkC(0VvQ?S|pef~7-jDP5=f
zQFVoln>Mq$5h=E+z|P#cb4f@@V8Ma~zht`nY0@6ZRmiH3u~XARzZv`v%il`h^>;Vg
zKbr?VLs4Y!YJ2Nu?0F(E_nJZb9=8u{sZUFPoTTw6m^$5)DvY6F$*xJLdUXTRMkn+y
zyuj)6a`tH}2r@;=oC-?)tld|7($|OnNg53)UH>A+&dkqlY#SHfYDRFdZK}yAHZyg-
zF;uiveUzTxHvUvfvFWMzU5%nYjjl8UO&O*s?VhX-?4;gX&e&=4n_jg%^xElbl~Hw`
z3>h-wjNXHXFF$?!C3NoIumYR_bp*Im=aZ=B<g59lI)(AYdIw4j1G(+C+hi&2+O=c)
zO*avnl!Qy@=F}4mih@;9nD_SEeD~dVc)eaOyzoNK9XA|%SPcH$W%UC)RqpTUS6481
z{w59`$*0uerhDf~4Q)~M=|ej3(!T-+ZnK{Mnv~RB-hTcvcJ0gJ;TOK)v#+)zSUT^&
zbS0Ng>O*Eu3FlushgTo}3w=%t9Q^#SK9#%wwSX_*zD`=)KKh?!%wMt{aZn^eSg4ih
zR}AI0sUv6|Unyx*^VUV$H$Pm@tMC2D(Tqy}U2R)Oa_iLLTya4^;$lKhvWuxYI^b6v
zA9Z$rmGavTd7LZzKT6NUVe$p5bx3C(`(_$f4|<S;`P*5%<1I$Dy_kf^L>~L*dg4Np
zxv=kzBt>*VRfSIrX}69ltlNb1P$4uR!5m+}(ohlLj`;WqGO7ey3<Q}}tU|N8oUOAj
z`w+K(_$pqHmz5(gCDe4{zD(XfvIqZJ7Ve!s>QB{wjrDI`@hjG6@bbLf<m3k!I|4Wv
zH$0JRrgSD!Fb?V&pJJX0pEZlWKf?008PcatU9{eyAR}XjBrxTywj{;dY5}%oPM-v1
zKK=R-J5vhq3J<_Fg2-3Mzg;@MJ!6I@NXPLN!Qu9?dSezJEIvruu@a%cA%kFL+;Mde
zk`in@H)kjN4;9H<8Q3$L2XE=i(Tp;lcw-xB$4W686?$}v<ob)d(B4plbI)G9*}2j`
zkLGlud40$E%F@ry;QoXR9~uD2o6-FJIsN}j>MwyEDaBSdup|1dbAp@OC*~6y?!%#}
zl=+QBnS|gAd{|;*L0NUVteW=_XY_G(NGXG?0pPLr;Hcbr3(2$bH!iCV?9}KV0T}k1
zvVbma!&v<4SlNHV2hPn8ujRWRGgvk6T;igtIHjzkf5kYx;I`$QH7tQg?&wE&x#XJ5
z?W4z}FRBAO<>`e#sta%XmSb5?UV3maBL|c}8_VOz-}nuCQ;TZ>J74~Al&5Cz;AmzU
zV+O}_|8+g(yc9sGV6**_{*!I_8;##}n-4Q|@{3Xiz+_U`x3M+JNtN?@{(>^5-I7CT
zS><bX?;d8Jm=(de(Y2k1dVLC|r3zN7j>R017!aTI3?Fy>UjgTii|1H+F~>3-bnFm<
z+byif9SrJk<CZ&1NcrJ`M#ooU<FC2IpLAd+YtBqiXH;5PX|t48*Hi*Kwc;C-NT{A(
zw40vw_Ds-cG-GK6Kj_b+t230itExL>se9y{@c;hVfSp55EC0Q)4O519ZLqDDWIEWA
z?__&cF(n=!Vn><P0N`UZ1*FHU=!BRJbZ-^Lkhl<rN16$)(}W;U{JMP^-11ckM~nST
z4cl@Gft>*i9Xga9+qbZ0)mP-@A7jj@7{-nAf+lc7BdgYxl9?S$w=SWW)GVUI6=EXn
zau2O5UNobL1&f`uZWY9UzQU`F2fwOHd_mET<qQ@9TxlpiizLzL2A^b}3UJ2ZvT)t4
zt61<&7U#@*jf8<?&=oU2gGaJl#9SBhWCE!0V?w%-F}M*PYV3-U`S)H;%#e}vKIZ}q
z!QthMW&tMYvK}VQk0$CN)?v+$SNNJUd1++{;kC=h%XRw77v@o9wh2|UfQueYMKOuJ
zmWEk3<1}h`eSZ8VA3=(ZSZ^7RoPQ2|Z@QIH=U+mZ%Oim-VE|Gl-Yawi23^I75uar8
z2;(w8dSMygJ^wI=w{2t4^uICSoXNPn0<H23I&HuYp75QcTctdj>hlCJAEOB^J&)CI
zJ&)7xXUhLQLa|`z2=K@kkfGKvqv+mpe>viJ;JM>1EMVU!ZxXlZV;-H5fQ@45<3~L3
zyk-NI#8&97d*E+9ija20@%V$J>{<X-s(3I5z6m+?H7CH>sQ`KM^Yc%54f-=CNXe~`
zVr%TV)jZ<E^S3k^*eQ$@tjOk3@0NPB^g}b=-<{HV(!Y&?xTs14<<GYCB3KwO{K_FQ
z@_Ks2-*~*#72EPD^9jaKlh4^3ZKnZ(vD1Lf>n{R!W-Yv7rUEk}Bch3n{Czspb~+uD
zmKJX=E-t?7p^2|F=-{-e<3m62U?)`nY!qc=vsq|$eVWqlvFgB1+5>aY^{GuBaJm48
zD)Z25rmqoSS9`rWZ-L(b^ofl&WxTegSuu8mHI=4VaoNve(bt>!@WT)3(W3|VJn#Sx
zxk+zYFsmwiHgD$n=bpo2u`qkKQ0D`0_7ZIR{zfyo_~v(6_QO6(%RF*J9uZcFP>aMu
z@?_;FH_Lo_jD4D&`?8q(+@)M~=Ld2#92;fFZnN;=|E{Ee&(<tjwu_0==J5Q?^ZDDf
z5i;H1W`4noZ?0nIooDf{7ne!vsi+7Wwjh&~2q-LeQC#XGI>N^0ukH+h$1@Om001BW
zNkl<ZJ5_=>NZPdh2*WS<FCMR-5W9u25GzKbK}zWq6ghD?J@Ws)e(web^{H)9*l0ui
z4lfXnu5Z8nGX}N(CmmyZ;q;YC#*WMDWYf`QB!su;zRxC0>4Y=8Uc|8W<B7H<5MqwN
zVhln>$lfTDjU$1ba-c>Pui=Upq%R#Ircn7^NV1i<3wUYeTs9rrjnD6sn%TFt@5kjy
z-3S&hLXCu6pPQ#k_tQIeD{D5y^FpuDl=?i(P&V?xOP4g3{7)Y*4vZgrb(@rdl1^@c
z5Sxkf&rD|WxHbWBr$!JGX1h`fn78mCKkdvdmrV=2&<a*hK&qqiKvp<QA3Z3Z>o4g-
zOk|~`qF`7oTa%9PZIY4WIIi_7{WhtJ%%h@CvR-x*(=X}5xucR~Swi+r_&j;_!@V3%
zuP#eq4>t0zJNnDI2v$yZIdC=p^wx|Wp1>>b?`2<V5u$EgJA`xf1s&<zEh+#!2}!w<
zQoNa&crvo^<mTZoDU)@v#6(INHsO2c&mJlnJN37PXwJSJoLoDuK!Q6WlxQlSmj?5B
zS>sGRvE@A9Ud9z60XAtvApq=rD?!S-7&{edJD&Y1o!f@8;J;&}Z<>^}V(x$TC+P!c
z(<c)N3u$=6Eo9Xu+_a2dog<iaYafym0{7u?`RH~20@}5<GyjFrk_A@g^hz1HZ`P#q
z{M_C2=oHTEe+`#oxoS9X`ZD$%62Q*bYK$Fm&D<{zF#qc`8860QzwS|7Hol!KKOr_)
z${zmS!kmvcaO*>#<8TD5=5L!GkXoxC1v;HNr;kr()0XO1_2R%SCQ9XlIkAiyR=K|r
zOIJ-opjaQi{oaYqrtrec#q8bh<;zdv2oF<nyM+;m!jfe=@4Oqz$1h*?duzga>zl3&
zBSRh5;QgEsV<+pK0Aoi6u|5i5=C4(Nof`3t*#Oo^FLKqh-kXV171*h$esi$lWh0tC
zO^Lg5`>7lxO$ByD9ro<m!`EMb&7nhwewR{gg0Ulj9T5h$4&v_737pZV<IiedA>k&Z
z!mMZk#>xqXt*M#3veCh3DS?B20WAC)z>b(pnHk4ezu{}zChTE&KL-XyV1@z|3Ff_z
za@e)c#gvPZ=-tDB!RM4rm;iWUX2HU2;$v+L=pTk^bV?~P1q<mJ9ztxvgxWo5s#_ow
z7*+AS@k^gFUd_nTuZ#J=M>n%K%g>Z2UnjErAbdUp7UAbo7rS<!WC<B%iz+z%!e@;p
zfgM#du>QX@8F20dl&E+VnRh@oOjG@mJ!A4|m<=Y}!Y@!rG=9GTE&Nzjg@q4IXWV5s
zVC&SEGK&?naK7y*!sB#GSv66P6$@UEA2m$ao%+yCp+w~F<lX=Lm&r5#g{p>9>h}<;
zg4wU(60&nDs2)FxLB%2D(KH34s-l;b;n=m74d1Whth?{QsT-s$v{4wIX<qySsxfI8
zeX0=u#iMIDRX@7HfLiRpv3osfxw-Th{}=qaxWb1pEzl&eBfj{gw3-JKZogm*DOe4D
za#t<JIqwnvJuaSbwG`E2g@`0P(VZ}N>`z$F5qJoZ%6U@Gt{z@;3$Sy76Z!-%Psyod
z?8s+PGZ(fE&)-VF4NYL|419)ya>mZ@PpG%D6PtT~wAAnSC<OiMj;};R8vXk8I$r4V
z{nPPyHrBgRx&0p8J`X<Khr{b^a7D8i%vcP<Z;t_+srs2~)r4M6VM5R9Wq!Tk7;e>m
zQiZ$+Bx_h2IJ$daVICj+RJys);ho0ogSOOnb9L&wR0VdTB(QVx5UF1o5P9>m)9$?X
z1fNy4F4uR?G-KEP0f<lS)4E?;z%NO!FilB*xCXE@V-5&lr-`9P9(r1h^mUX`Gv}rP
zI|<qv;;Tuq{dP;c0Cft3rVt)24m(xJ)-f0iJo4m|lr|tIR9~wa6@`79H}lLh&+z7(
zZxR+3hTG-9m+=8MV}%7!-S;aFQH3S{<m=z!o0a=0+xzeGVglETL)3swnof_g&q!cL
z9Hff>Tl&s*j2zs)nh%dkU}qA4n>JGBRRQdX?;`EzZ%pN!GrC9_HgV|X@%Xv*pP%u@
z`|D|&6iMo8G2AQbD=dYFUGS1T@SSznS=@KiXvtC#l6B($+#VmdJoqVdKH7-IY-Go>
zd+69!99;gfw?>b?^gV|*mZAH5FtO)dxcyEHijk<Gc#anC=V;M>KK$tgt{i+Houm2^
zWC|&NS(H-M7=siFy_xLG*g{^}5z0J;QiD3wYA4(ljy=dqWJoAZcQI@Ct|293KiS1O
zWEbZWqQkh@HjIc&q-R(R;ijf9PrJLf=8LTxxOX%R`S({W9ef#)W-FH;`ikYBUsrAX
z{ko6x-^X|nWB#*m4l(!h1JW6LMTiWyF!{`6CX7xdJXE~62ku84pr)ml@bde6*|Z~9
z&KbcR=#U&rmv&)9M_8mJRqD}FcI+>Zl4>G|!{-|=?ZSoQ+DfSrA(ysdT?TJ|o+9Pj
zM6d^&=+QZxHVJlutVT*oz3e$y$o{lqgxs14aWTO>aZi7e;_cGs$(;H7`SSZCvR>jK
zy+d+{lvxY1nz-?@F6=*4%)ejRipw2fES^3nj{HKm^c|$A3Z2@7N>E40y@~ZH5UQ+i
z0^}(x#a~n+9r79@BT$2_fkA&f{C4Yqt@_ri|0(?46ktabpA_w3>exbhw{ubGS6NsV
z%ok-gDHhX|Fws`V)uC18*y?WY`hlJ5*9%~$V{!<e{%5pge+fyxhhE&m&XmG(V5frN
zT~WL0=>-UR{w>St+CG$-xAdWXk^puT1pBP_<Z@u=`OzHCEM?J(BW&K4&!O}(DgSoY
z)u+*|gD^IzzCN6L!?$vr2Y{WBYVkt$Wq(=;^A@FYD7}>32a4oe9neDnJncDSV5}VP
zzo+r|<>~|cxIL49{X3uoA04Ig*}JV6Hn<Y_{eHERag#HtNj6SyZD7;)i9|*;tW7O|
zouU$rw8K7H#TZzyq>LM<RT_GT@%!{kP7=dLan+OozpM6ZXg?BQ>@*DQ?Ay7S?-zf>
z)^)2!|M=so293t_oDT(vQ^m&)vy_-iDuJEa@r_OEYU$;Qd*XRCR>sMQFGf-RkEo0O
ztB8lzsSG!4kWzH_kBvZl8Vi3UV5j0<V{Hbm=pD+?4iWV27*B}3ap1qPcB(7h<MFU9
zHH+0py?l8{VQZd{8`D4&q^!W-Uj^7vbP3FD-1seBl6Nw^Z<#cVk`iE;SiK(h9da^o
zpoLEDgov78y@S_pW&fcPzFd5O0X<tWd}uUAixQB!)r_p(kVR&Wip>n2It7!E6oS>H
zqWBe@PFS-kmzgs+v0-Zt_V&Fv_kqW-cRNkWet9;pM{^b97cypO_}v~%!beW4c39eU
zKsTBZRb2AG4Rq<)9yP><zg)FeFkb}NA!$Pzm<=j^qk*tKqiNN)o3Q#pQT)6ybs~Rz
z?NdsuRtco!r2K?o?{2(Vg%SvIsSY&7h*vYyZ|aSBeMTHUg}rkhW#C_~!5<QZX0&2-
z7gDt82ZG#g6y1c!;K3t+6;z5sBZ(U@95WVNCB+<Bv49Q(N215Z2LL9AgJav*VRDsX
zmRmy&w<>)01fhquBD{BRJQ#50=90I0C1IVrVsFzOqsNb)eH72Zt>r$1gb|Y;T`{1?
zwkEiJUo>+tMqe5E%Rfc^;yE6k*q89Q2z=3PFm)M0aQpsveFk(P%_jIl0!tLTA!(UV
zn?l<ZU`LE25rnU;7RJtrtqS`qfSun7p&}x0EB!V$4($9i;28>{djHDDm5mzox76o%
zGR|6vUMCMW*tOy<?!V`6)fT3WN1h<7@I#EMLYdb|fvb=rPbm(s1E1K7{LCQ0onTWi
zk=8K6%;H@V48}H$>hL;2=Gf!89yoA-Z5c+4*6@=Gj|^-C*pd5vT^}A571f|WlSY9Z
z!P@z~p35pIzZlrj4?iqU#b=|_safJ%=+l&B0mM`}nmGLM9CQM{f10!qR?kDPmA-Zv
zHRnxJft`45H3{14K=R*6%A}(1ni2$ww{XJ^H*nEK7fCSYh5!5qe!)wT5WkxF_rJ^h
z=FOWYW!Z-GiX_DSZSAF|j{Bc*%^a3~zYp)h$LejL9^;-p4(xpK#??$Xvs<ma7k#^%
ziPPTV`56<dFm@L3;+#O+FPd`=<In6`?%BLDxd4|gxM41fzuUu?Z(qYXr+1N&C1q|p
zpZ*j%`DHAaeKqHv(M2Ba)>LN@0MQF?uIA2%7m^qk%7Gv5mmp7_;WzI8lQI4@zs{J;
z-b5`8VPKn{^h>-OztFALy|fPL#8<oL^8JC&xZ{lHiM1tTPy=mYu)y}5m26D=j)LMm
zgwREFNCM$OQJ92efv}=e{J4B2EZ_SjyV7@{=^Dwwp$v_TXFzxy{la5O3<_!D5pV4t
zc=G6WTpimHVF)7KU&viW!NgdCxNX~a-2d!o2KGs;)xXtp`2+M{1L`78TAzwbynL`Y
zm5;tUB!QZWAlNm3IlB$#j!KlEiwFX=dHv)4Eco`YWa<Q44U8EQ&zVExrGFm5lo9_g
zSPg=Wvv|c(3W@_(_kzjr^2{L;ggtn)L`qEUOD&dht>c0vkTjrYG;z^EQXWl!F)3*!
zeE4N5>$m4hhK_jm6>Np;F6u00)E<9h2YU||$(Q0Y2DOrT2sVTOePbi7e77!xXXorX
zeqX}(Pf4jq0zpEiO)!84_K1?qjX&!A{-xuizVrbpHao8`t>3AAxXsT6Ly8#Ps}z?B
z7MIys;;`Ws-iMnIgv`nXwo)#!*TdMUGJge#IR2*Z0*sx-=hyjs7UR3~d0$Az&Z7T~
zMl~qp<hi)>iH-cYHJ9}to?D%zR>%4vBnT(myqsZuVtDxW-n5DgSV@&Sy!5$nv6Nz)
z|HA2Vj6eF?cDC#;V9MBJ?wZ<-*r*y7Rpt4gJ6!-fB`kS$j078xhbrZZx{G<Wa$^?D
z*JttL)*PZEt^Dh@J`C+0UAJGlX1cz8wJw!GBYW|e%l^ai6}#oU9(zU*@4gm8bW{Ma
z5p(pKTe5lQgX+pxw@(k{xyR}sb5)0x$D_-&<Up#2*cbz0p_O1zX_<jr?kVPfGj1is
zR*x}3Gi|@R#z)2frK=+vW$cJ+H?3I2^eZMdIuZ4p`7=?f06V$>b^!Z81iz+K0d{J|
zH}<|&ExqjPs%10}oP0hyw<$4GGMcbV{qjrxl)#RdbM?RAwGW4(Nj7>V1koWTnAmVT
z(P1_sBb&ySEh;Lapu|CDp_3zpZg%GBtjjjAxmbX^LW(QE&N&X~luL67iLR+(TTh`B
zTYrWP8zv3$vU9RnxpE=Nk((Ji+$Sg}=u*E-W$ijQg{3A2^bI05(vRC~VCSA<+`b@E
z_GOcwQOxL3v2^Hcpu}Y%Ki^HOXfvucgj;U^k<}~Hxb?O%3>?}Kr!z-NwApQK_~?_}
zeDc{3<m45Qe8vQZU3)LK<RnaPCtuIFgYNMWL_~*En48PW6+cj1Qbdo-ZllkIe<dh9
z41A@`yYUi=QV$Uv9fQdpjw*d<3XsBpB4p5n?;F2hy_iWj_c8{YGajQQ1iPv+``XL7
z>V?<v+H7)-|7yl9wA*ozR?c7wg1xNH*@06S07kasw$H!9rI}FOKIUFCk(=IKK(TJZ
zuNrW#U&`(o571VMuUW{mcv+dB4hAcxE`7P-)w%dIGsT5DtbE~7F1Tj~uHZ0quM_v$
z<!pNOS;9RIRJRAWqVkh7507FccF>tz`R^Ag(-aERQrNj<K7%j40yQELZ$SZvKYth3
z!q;dYY#`gMupzsIBE>+Pkz*uC=CVfM&B~zgoA>EnwwvpxOrTYtAt;eacr^i+2{E^d
zkuMlnV((e8|E!H4HwD<Kx&XBRJ14dr@5@%m3cQB=E<!}XR{C$er_s7@8t^m)5xpC|
zuH}N37HDaKQ`-XXK7SVj`*h>pd+)7P(4OoMIhenSBZX_oDEaB6R3y}rNbB&Sbci~O
zPSN8CwY064Z)$2PD}Pu;XuDAutkqSGerW{;wbdJB>;&HJP6n_O8QpYzps6^*uXf$f
z2X^$d$09KBtOQ7!a}ZK&$q!Tqc8)$40Ct)hYUH8UOkYPCHM4Fiup>a7c)c9hk)yO;
z7ImPAQy8x)!H{q>S6y`#S6p$0)Z)GOp@(qze9~9WJMYY8`0x>Q=@I}p>I%Yw?d`YU
z;@or3qjl@n(()_k;6XNT-pr;=n-C6K&m7hkyK8CP8PvEx3GA%chd1@Hdhfr-*Z{C|
z-k7c|o^wr|Ec8XossKCJR!Ffe;KesrbNb-+eD~oE<<d#D+h2e>6Q<5#K(E$pSa_Sv
zfA$9(xbD7B7(1dPOW(b&@*u2^{t-TV&iU(`e7ib@?>@MJGlsUWe<Ys5{yo*>N93Ph
z=w#Hzv*}{*&s9UG@X@AqOzwR%4sS83*}Hgq{bS5H?;YAkoK{{PjU9PEuwvh5#M#<0
zAbAW1)g)h31<S{vsEBiN;pcwi;ct0m)nlM}I6XRvYuogscUVkQXLY03mHE8<_uv-N
zoW-<`ZN;6jU9lRBY%0uRX`6IjoOxcry=g<oSHJWAI~nUsVTp&gK1*TYcLDZGMG)Y~
zwSVcv>4W1Wvu$r`5%)i}NiuN+!{zJ|iCi(EJ#n$tT8`bb^IW{~@jkv=n<0JQ2xiZm
z$A=RgVU<AAy9*9VuqG<p!ZlMmN`OePZmI@xnEk_sEZ+EJKgY5hGD-kQZ#+6o%EvwQ
z{AThB-LmYvr*&uC@c84>R6-hS{?atw`ZT55J&8O--EX+KGZ&0Y4zL7U#>WY-Zvn<m
z{lJdRs&Vm%0!H^N!(~!f?69%S5lpFc?%a3~UDCni;rh^GI+|-cx;~ym`TPwqc9xe*
zv6TZmHJ-m8e3{CFFKnf2yHFOrGA6K|X*#z)vYxNkWblvcdoXQE4N0IH>%)_8?BMlJ
zQkXQRHIMwQFG1#juO-2v=_`O8DaCfW^z$TGHvgNqm!4fBc>eDLq;H&BL5Fj0_?DEz
z<-ktcD!@*S`iq}pP8>K=!jrRivSNJ}*G}okT~kk!^Rv#-4A-}>)*WWt_<^ijw~p&>
ze2d+C1FXHt6M}erMiiYo1lnoaPB-H(&LTad(t>U3<#uMj)bwYFkaYBUbu5<Z?XzjC
z!bcxP^4Pso>IZh~X#cwUuQ{zB>B?|2)ZvXzuqFdLd0$92No9umEG6pvN?@l}d}Bpd
zPcNJJg!5>ujGr5?A4TCtCGz~mKR1V;mF{N(J3p(eW{{|=6kDCuk>G|wICcp*xv%&x
z|EhGgyNIw^2n{w7Vl_#Xf-;Xrkz1qC>1V$)1Q+H&dNDag9&(^n06OAt#rI04&acJT
z89scdJj~BX&tUPwxwMPh&4uUL(bZCPMU?=_;bR(`wz=@S{n)HN?2&eMZ_6ew3Wkn|
zCo~AmMjh2`U{6XJAAWI^*qCto^iJTl*<0AYEsH^e2GYKBFA9sxFq_N_88VWLj6$A$
z=4tlsOJ($3Gif_+GKL@<#@tM{&3=}D-E%8_`t)GQ!i7Be&_78#a+q`e`65X}#-aoT
zV<}5#-krA*nUFw4&jHxu+hH>L5rk*4&lBtw>0eU=L9~wP(u<%7I~q1(JVku++RL0i
z{YK2jQ0!)%7tiX?Q(Z<AQ*2?cy@;o`F2JGabUyz&M&0=jbk#z%=Ha=&Uc&UZ-^Za^
z@OyL?-gPOr6#40C4yRD{bI7Li*p_d>Vxz<4zcTLT2c)!KSy?V$JwA(zXTE^TXreeb
zo83=8$W+ZsSBD>;%gb8aytsb@p0H@TTzC~{TzwaQRi`v{FKa*hnDcJE2bbAG!J+-6
zzx5=S`HwQHbr@^%Jj`6Sl?;Q0E~6)K*8MYZslgQN*@frFMNA!kI%kYNv&rn_y5>R)
zuybk`ECK9f9tU>n1DY%9@Y}~n6l`HY6M&ta-R~tm;p}?czt_Bv=5v2_TXMJ5FVF(N
z{rGF?pSqX^4Uf<Fp1+H%qX%f;zP&uF9X)z<J+EpSIi<VEbL^+kd5|L45lY+{6gpG!
zY7RX9GBn+XNwr}%1QTja!ftLwsI@g=);2^2cO=Hvl^|2yhHphh#cbcP1Hsl2A*2?t
z^UKHA;I<7*u?4naCk5CMH~IUJ#wp)@9<T4uW$frjpS~LOr-jNzvsVojGHHqT)&O>%
zt|G<O1QR|*sg{R+v_|?G@pa9rrUE<h+Nw&%&Z*sVG@82vb`o#l{`>FeoO8~R6ZZTo
zuasxKJ9q5hp?^Ne*s<fd`Q}@W=jC!bu?QM`xhVaXEn9fxk%zhHqKmoYl1t@vR<D;Y
zKL4DIj0^@29LV5aQP`dJ06R5mIpLbO${9NqQf#$vqsO@CB(U?z%U3Yvyq<O5XMnNu
zb~$4wa8U8LnF}Rj=d=H3?<~NhI@UM-JL}2D6G#FHo&ZIHYY0-LEmDC3r2?gf)a_Po
z3w62ey_J8VdZ9vvTgM8e1&TWa4NeGgx6SJLKQo&UhlGX_Xy$qLNp{c7oUt=!X5R08
zzYlNax)B|!ZJ)SfX|x;srj&WJ9)3~&9Y13M-!9$D{@)&^UF&ln46R&ugkd*-%*Y|_
zSUj)h7~?rRt)4|lO3h>7g#Yr7n154XD<nBLg&yJKIGuNxmzLedja}|#Y?pgwsWS?b
z_-5C?85A)VUsDh|jR8-+Hy%2({NLuZkXMw=(excG*!Cu;G7r-?FqFAb!_b#(t}k%?
zPZ#AAUzp2^CZ~Dt#Zkrbe;4?smqGRdta)$2L4Ms(YNRaQn$4Sf@%;T=B&+6=Zx6Fz
z(Q#Q@0kBM)7)kdIftCDQ6u-RrapfsK{qd*-g2Z(5ugAK}bdSEaT{0R(7(F<Q$=A28
z(w~pGE&!r8=j~(bo(%V5#H{DLcL%ZSKnDMOYnPO16NlQ*-PeU)orBJlB`4o5L7ks|
zJ0;VV_}~!dIfBt6m^x2S?<`qH4WafeP|Db;?88u}Rk?FmI{mLG#HxeE1z!AWG1nN>
z5v2*xI=S6Dhdw4tjeI9aU}yU3V#dyxN)-|kW;0*hLQ+~0Pv6slTSk|H^-I>A=7qU?
zq$JA6&-bBIWYuy=>vyDa-^*L^_SEsz-5nX;zsZ?#m0Mt^+t{VWjGY*Ky!51JTX}v?
ztYp~CoERyem#V^uyME*7seG1wFt|Kpr<!gNV8t8%-OnfAALZI1VZ3l(R3%Wf_C5O7
zrC7ZFBv)V88`TlZ`nCV#?)#HCbkwcs6V=hctbh11>MApKyUIUb%H*B*bI(Y!`TJ>D
zvm}%b?FF|OcE;LpICXUHpkOqdlYk=ASZx~Knyb>(w;Q+K(4)%v>#u8#y1kQ|u~V18
z&XO`dcI2+?IVEsp8DOWv^>bCHLVEeG$f#u==ekGjuRBqB3%hof5;CGZMXdID)jmZ7
zuv4MUioqBG%$xyrgcFsL?`6TBvcHS#ZpKTckGw-!V5cHuM|^kt*}0HXY~6eGpnt#q
zWM`$b{*RSxT>B%vd%3uNWMe#x`EC^fQD>K)%xs0_D^Ig;Um6{w%tZHUL}-8soxrSw
z*nmcWDO$2}b<BEY7a3W>w2ts1{`h`eP6I(f-I;L9Oxj)HHp&uU(o;`A&cX#>QD9RU
z|HfQ=y7j^7FpwX+1?S$iJbcG(L`1Y^#y!*cY0)BVE`{4a{1!vY_R_~r{+_iQ+pvu;
z<HqBXMp_13TG4LeUja(F(6|(Y{f5)!LMIKrRBWoA!i~!yG#u~nNHnUJCK?NGjp)P6
zEk@ATs`5d`7FOn-lKwdFUhq5i@OC&<7tO6{{NL;EaO2ZY;?Q{F;j}Vu{9wMDcn`i-
z9jDbiKK%VBemS-mPv1bsy)h3{+g@nYB8+*7Ec)yVM$CBHtwfM~nstv(;aM+l+81fa
zb~*VlCy^hslkg62#n2~S!Mk%bI@N~#WE>k;t!41-Gq5X8au04N@&BIV$uI*=jj$-C
zh*vi3#TFPs)D4sAb@SagR1L|o8?kR)!PC?4pl#dAY817ZAZiQjBqk;@YSbvAqus`k
z4dLu95SIeUxiwoi)Q7eV$l6Vh?dN9fh_W7SbsI-p-C7@t-B5;x7Wmt?z=F3QCN;qg
zrijqGb!&zW9ZH`*eI(d(A%oRwB{?~n<Ht{MGCscCt-M;)J!7X&%L~ZZdH(0SrsxfZ
zSpoh*Exf%;sYZVukNT_e%Gxn@)KhOqpmBWy%77YbnEhqkqw32eK$!>113RbRDh76H
zs>P-$mxo#@efjGZAEZ8gq6c;96TK?tn(;(-=z7-Ytch!#o3T?PiMR{fye^Gk?9Al5
z@4h1<B7!}8_AqSh*fZtdw0RR(w7&u$AGZ~-VBtLW*dyF?&ol|-l!P^Ztf6O*o_Kl+
zw~%0RIM}pd1A@&X@(mBNx`CY<bjPSEWq_S(;+FtBN!y+#q>*=(`MMc9#lX%T{bhSU
z@Z2KF*xB>zLv)M`uC_d<l5=R*`xWVgy&&!dj7A+%!{6dWLKZpuo~uzk4joIU?VvaC
z@-&cl@cDYt-!*Cf+K$V_lspEG|1U2O{~yQF57Q;=Y99M}G`IGAoX@wu&O0}(ltA;*
zj96@H5kAI1f<430Xmkkw5Aj+1SbuB@n@=p}bWQ>x9wB7gvZbG%`Q5Ijhkx*SzqbmV
zc09FbcV=Ey=07GKq4mrr43BAj+4fs)`?)6ZGjgo_`@j38%u@+-N1T()nABFvoIUXJ
zR`wssmS-nd_6cSBq_+6`7^;1qe&3wTM+*;=l5UY{UVp4RzFr2VKetJ;bp)s~^X7I8
zk8a{Ny{KZou-RO^`q3WNY)O%2^7A(E^;<FW`>P-Bk-rI_Kszf8djJ3+07*naRI_JB
z(Xp-Hnf?}%T<?5#0C5;Ef{>OIafOc^m+F?08+UaJCSTjCRFbg<^IJ{Y@j^VO_3ge+
zXNeSBd0<DUQJFa^jXsfu*t80Z3(PDk@WxU@`8Cm3M#aTU-)wrBiqMOS*Pvg7q~OTu
zt4Pf(B5vuJGvlDB$jJ}C34rk!#}e{s-OP(0-WiCgm}w)jx7uAi`ucX3uTLT@*pnF(
zBe-E$Gbz<3u8RYzPk%fvWeBtL?2I1Vl;`e^lB}GPesME)ih-SXV(<~{90e&SIP=A=
zq^4W=_@zE{Zy#8xJ|ph_jid2pfSuy{o=nQe&&z<1kAXA(l~vexG>4bo-@}$Y89Xwj
zJ$K&N27L+htRAdO&edNpzPFlb4~)j&=Ol{#XOdG28GBm_o3>izv#QrAJbJ$mFa9%t
zv~(w(`z4T??)I}KLZ6;SzWSsw&BAmP6u9{4vplXD?oVXv(m2(<bi^F6?~or4Jd(yI
zuT7#=vw#|nuln}<Rac%wrH+A}tY3?L?3^*MdQR~lRtoG?x_+(!NV)W)pH!KLI_n~J
z#5PoAsuD14&v`FY{%pbqV5fWwmN0g-0;s77+?0Sim6<#e5Gf1lNMoWB#*UcF1$ZOI
zr;uPP`TN&1c7zn$>fcweFZO#nwg<aCkLF>}t&=wz)#_&LNI5gnEIR1}R8^fgUBb_f
zkT_P|(r3a;i$lZVBU*k~mWWqi3>n!PEV(J@v_^(sb3Gk9cSWbuNuvd8k(Jvf-^TC1
zt-`x;E3SU_b-X)wLZj-~{=r+^Jg76*54#e*UeEQ{UB{NK+wo}Bj2qwh2#;0~s7?(V
z=DbSu^%GHpo8!QRLE|DJ?jUNR4b`BP7R5S6k1Bu>y`HA6+o98Wplb9i`{!Ludf^SS
zR1chriZ*Tw8y<L&yPEXF;40#!qrZ}%6iNS`Pi;Cxiq(kCWryv*kZTGiutR&aiWkAI
zJl?yu55K?m0bVX6dDeW!zVrx3($X*og>d(RU&t{Bg0&F!z$UVtdIGz~pjV5~o<7E^
zdnWR)uvUZ?LcD6_#gsU<IxRG66~&FOe}E-094t8$?b}Wv210s7qs2=8&NUo*^GROl
z9f3xt<I{bo`FhVGeA~3A?~JDi={69(%Spn<UvR~)W6tX@<7qaZL(=2ylSgfV9h1o<
zrP&)o%~~KX#m(3`*ITQ;TyGZtJ?#$7J!|E1i=6m~wW(0#@Q-3w)NJfJx0CexQjdmm
zT%^@b-MNlw7*92Pp1!OA?38_Y{r&xE-@ZMOk&zPcY2LiK{G4wPAWl|xHkp~3q^D<)
zot<56Rsz`3n0)KBA1^4dBWm*1f&a`>Ro85>j+559)yyRI^}407ki7hyoq2ir4?i>d
z{j)kam7600>S#4PQ8CwPPhIF4*rndCgxx>C?C4WZzx!X{_8QkiEuTlF^cAjG9O=FK
z#mq)kXN??xJK}S;;AZTsEsi2K3uO<U%6ykGF6?y|!pF|NJoNA*j2JOOBD15e8iuW~
z5M5|kshN6lX<aTCGiOfc`R8AxQKQPN6=zNsYJMK(pkOKGCYV6?-g_?*O^Wcb{o&59
zq`uYE&&}95jQ!Y))z-h`@V6ynCwuQKe7%fi-f*S)FaGTyqo;nxThET-fjjyY13Qa(
zXWj<({`vqN1h7+0`z9pk5Z>oCH?VW?ISK5v8}c90GV;mT^-LK8U-kWSEIyOg1KyA_
zE%u`?7SA8&uK&5(r@mcJOvz>7g!w!>_y-DXSp=BF$+2W|AY}_(n+_t}Kaw14I=R*i
zf;^hCE&f-2h<%^lEqc+bc~^qG12O4z7{%t%sq)s+_t}#22jBG?O>@r*vO>k<Fwbsd
zMcPRcEO|6GdNL}c72d)Ou|oLw;cYw|QP#0_&0cq}<!s}P53fe269=ys@A<sY&;NzU
z|5$t;Z_GO&rOryiuzn#tbX$9FdUQQG`8FxnIOfWxOq<vigRWTWPQE8fpAXUO->*2u
z{2z`=$MS+DGyj#o#3vT;>^rd%ToL|s?!7sZe%%^X`+Qlg4qp3sA8WRz%C2nD)XbdO
zz4(6lDL(n`sG#*qmcwIrw5N^mPg309iK!M|et$3fkGkv8rM*AH`!$h=^Cf<N1Pf`#
zO_B7D3M`iFyZoN-3pM`Tj2$07T3!n52&T?GBhnbuDGvt<%L={tBF|R{v()Ut6*k2R
zJm8Z~w1<%As`>j<0y{I-NIx`@ExhI2FZ?u#zRoLjNFcFYD<8i7Pjne}OKJXgn~OVV
zZ)W|DbSc#r9B86N6SG`4o=7MlHPeFA1u;Du@$S<-Fnb85S84i!LI+VdETd&pGvB>E
zKr(hpu7CZ@NuHmxmqz|Zetb6uf8Ub1&Ygbv-K#hz89RfBXjW|K05Z+bt4|XeWRmi6
zBG34w0%GH`$;`3Qwxtj6JSA9gUYFGS>7Dr-c<H@A_+;)7hQ-98*A<bH=HTTwv-$q#
zLK2hR(rbNt8hPe%KY{|Z%y=||ov~KQ+!52vL(_fu*NcH1J7H(sZK<SXz{l@4VaNat
zdVOVI1tLF}OW{O<frp<=C#G9Z9=R(<I<PKXXI}cxznighZfortOR;6G8U(IE?gv;(
zTCG<62cOxGsFkh@a81N3`?uurubf`)UC!iDA)TUJi%ORZBDkQE56V9k|G{t9cyhW>
z5o-bLtXsE^F=NI^N9j|hT$)UBw-j5kkDcl^;8KRID#lI~K#z=9{JR)?QogOiNA{g6
z895i%$4(FW_3y`mFFwI(U&Wo1oAcZ9!&t3$h7W0kmr3{%RB>q`Bh!jb>w&+wSu%6d
zbBZt;?f94-sHz=B)nd1qSiCF?v!5?JVimgfzLhRfUD4^a=yYz0WKmzC&=4PgihF0y
zWZlM1ghmY{`raq;j)=g7ixp2lz?)Cbq<^m-B&H;D+by@UduJ?-x(s0G<Im&Ov>6(g
z%93XvW$28DF@&_lp|g>;cLO^Ye1R=D(>+5d!pDvtol8X**^wc)KZMT9UjiN<PaVzO
zbLL?&1)^x2tbOlAj7wJ#6&MC4Ek7UJM7Cl@)dlg;nvE1%J)|S))z9D0P0znUx@tm2
zi+9RVKAUtkx3=kwvCxLaY2(Y}y`;Icm|J${j!(X(P;0=Fm&3sYAJY4#+p+jI#^|(Q
z*|(Jq4^QXz;84tVg?QD$!t|5G>lA{b1~T!bcd;0~$WKioan(}V4jd|3Mil0f{_D3K
z{rp|V_32E3-pH~Y``LHmG);Q+W$5Ftpl{R)r67mIRX-7upUA&ndJfk)wUW<1sWbpP
z7i!XV=X)?2l7tl7g+Ax1gZzWjH_$cKZBr4OR7gTjsYJ1dUc=zl?)~<vqqzin>gXKm
zHq;fMjtF{3ewB?Wu5a!3FLJ#b3?VOtaZuxP(FP>1UOd-dz4HjEr%M?-HJQ;uLPBWV
zxG_ONLHPOk;p^**pPw59ve|7|g>Sf`A}kgQ1%-ta6cora+u8)r<^#|ged`oq?AMC3
z`q<f%Xyen(Irsi|ZQ%mucdZt6s`kXd4eY4G66}(cV#~}-Co?Nul>WI{qdz=jA$PWp
zQ&ZoMz^N89c52hb7d7rwC3ISO#!k}v;(Kj&E#>l1E2pn?kFqtc4X`6X9RcptmyqR*
zMD>Zm)6<Jpt5-94Ks0Ib$I&$jM=_K-1r~btLRM|jqMy0;+Uq!S<S=d8M3k$B{lrlW
z9v-aPyp8Lxzn;Q^0$i38_&I(@tJG}L7<K!nWq_TkTdCu)5@6?9e7#LoMmhuR%o@c5
zQ~Sv{56rFz>{Ok9LQ)xEC+<0n1|3)4^a-ms9V2J&EWFH>L4=AqZH-N!*XTL)=-ia8
zi%O;J>Px@ZRXLK=@`)KgkDJ;($(0dfS$61KhP9u}zgNxRj=s-JskJmq0`cjGSas+d
z#&@4WWaCJ58V!oD9>j^wZsl}xCP}GDyt?&KKJPy4oW68~#6qs!Mq*JuOHz)JP?*O{
z9R}c22H@G0n#hKnBpz(jO@aw$3#ryZK1$ugsHyGg)h~<yzY31Z>#D&nlYB}Jy~QE3
zWG@s4hr`9vKN5Lw!6EDpw*~x=KEd36Lu)2Ku~GW?5M41Mx(PFGim2Le2#}s-<>UVy
zk<xDB?50U$59Ynnm(9D=nf>k_3G4{=&CHu48PX@DS~;ZbTpO={vY$=6(q$aswEiD=
zcVOQ4N2S!8$h$|!0Pee`9pS|r8ByjFrwe%Ejh&LgQBsHLH%0Q(ZwY+0_yj`EO61q8
zQy?=YMG_t=EGrvAO<TYX?0ECha<_qiw}+ES12Y-eF;5y!|7!7Mex5(hS}=9Yii@c}
zSq$=U`%|h-5OROFJ+YCL%%U@XwZx1e`dF~FZX45rYhs#UEHl<C<}b#?qE!jZ`TB^I
z4;0UWI1tn66v@E3XM7vU*3k<mVikhb=49}c-{lzm`1xK^GO#2F@bTf-cCc+<7NZ6=
z;qj^M%lV|5_{e%rCKa&Y^?tMpb8o^$_-5HjK3{a4%xoKWhbo^L0gxK?8oIXkm(QO7
zcg{68)}|f*in!~yog{kf2Q+PB;>m}-nLgEBXPaGR`z|Y=ewoi_U**g1L4jHZ4=~cJ
zyOGbnbkU<z1gDd7NK8%Vhp){1=e-<0oS!eB=ML@7JoZ2^*Iuo~%j}kRD;pA1jlBCo
z0kJ!ceDmJT_z0tt%Pb^n2AmVvIkayle=J$ZuFdNPZ`!o(oJM08tBKT{b!8-(>#!7x
z`W;&CQ_L}?x}$ZN{rO~-m6cVzUp;&3%Lmx0dfhK;e-0lzZh5w1#!i)t9&xRNsZ$K}
zh<xjbkDb2#`m$xqW_IoPAN{-K5$J1VM{FVyt@QNl;wO$`Q8ikAU7g6OBohICjmgd`
zKv8n(-`9(XmPQoShRdNNG1<t9-xG*z=gayHS~~Z<lfKad$_yg+>7IB8i9O)cPyLf!
zvAgLq@g6#in~E{8F{Z*?w!QltFFrDj?p?aFY1?KVyze279y&~qsSncjhFdUt`{Pk$
z;kS?9rppbJ@eXZ{s&le`)lXQqZ>GqRk4~UbiW7%RgB~sZy#~=H`YKeTfk140_RM2k
z^W-cPQxGan4lMr~-Tqy8o4wE&jhs$S!me>*)dw@=ACI9H88B*8=8hl9gA2bW8zXkn
zttSq%b^aV0JFTc%6{n(*ZnNSrn(^z<ho~DTpmFLb%t>VBOD{6^#n&h_cwlfk$v(V~
zxP_k)s1~3>OFjx&HVYbGe|$Sf6E)&GTv`oTCr_~V`>z>%&rAx;W*pf$q^({==H4y%
z2l`NCbC8*lgF|beQB-$2jGBN`@gz6l82Rg#adqcbOd3BH=Q&(_o@=hC39vJNzS}NV
z0KE;2opZHl`Rfwc$*Eu$Q)1syon6sIxbB^QlwLa?li<vWOe_0S-F^wn1_9)R`5Mk#
z_c3be9%e>>KIaN4LH*bnCG4Ba*yq)w`j@jCtb_J1u&NY_^`%);&aTJq6w-VS!u)jQ
z?3nBN{^i=a1XrwBugkdo|4#M)`aFQ0s-9O*Pcsv5y6Iexa*eMGU`Jyt!`P{V@pmp@
zXY_}OtUp!+8g(%5_pEmBaSmXoGGnKrflz(@?gn-;Y6a|+^r)Kj$rR~hN1<vjN;U5K
zzaXNjPE|thDi7?Wd^``e7Qjx0Jk*NmtGGwmn$-r_33aWdiL;ooQ-X+>WOk9hyHpMN
zN?R<Ze*F03kBqx^6m~D)Qm3JS!{I>a?-~pSY&I)iUfu)*1eEXKyj=2ga@o6oKheD+
z@V75POPK?b8q{yp?Vq`Uoue<5BEc2f$IaMDC428P_<EJu;FZZ=0y}qn&RfrpECqI+
z6Tr?!_O7_!&Dg1?JQCRH`+6~BXSM`(X8-3mo_qUurrq3&xi1wv*FH;q{_*N^UVr}&
z=DjhNDdW1iYfyvwOC0$kkB8daKRc(0m<jXg=5;00dp^kVoRcKjorL=dc^{M1rQR0*
zJ8{X|xj*Jb$%4@uUF7EGk&>Rm-qYJSk#UH$!UT?H@8+%+ZMeHd=UPu3`|>jQEPfxe
z+x5dk>-Kw+l%LO`{493orP0#Mmp%baXk_$|i_gOaSuDvqMvHy{e6nOWm|)_Vj!eH<
zI4Lg%?k>ar`m^IpNSmEbDP;TpEGbhqZg@C-qJkt#L5y#wLuJMKB;Nhv5Jfh(<@~K<
zTF^PtpU2<aB@YP1nTcRO+%qA9juF142g}9nZ7FiHa$^!-EIL72rd1wB-!i%dldo?j
znLrP|yhDOUf>m+t&@gTp)dIh=l5WLkFjl*hQ%Qx)`RXvc4`#`-+;~+pCXH;toAVB^
zey3Y9Zdm^i?i|~OMuA4RF|M%0JC?)4ukJ(~xQj6Us%G3griHxt%sYFCjdSNG<g~84
zGK>jVH^;|Y?@oLPJ--*Lyb{=n_2J{?jqvkwa9!^#hD7C|=v3AenfY(7zhv#yGz4gz
zOz_H<ppFoZsqK6#4)zn03nloWRTMd%b$X2iK|D=5>4&K%^S4mz5e&1Fi3KF3TQKM}
zG!6D3w2>#C9>vmY)r^l5Nd@Q>MS_@O%$L1iVUdH>EGq`BhL9jrx$C0b;&~7Zva+C&
zkk7GLoD!@O<tehc@HOjYJi#b37&MpUcolUG>hdDF`EKd8Yp?O--G2oV(pZO3UlI>>
za+-@TzRBam`FUh!xyUb28QixuKYes7CZmqezu(D%#Y@oX6*g?PNoMVoo15_6kLg52
zn0WfpAlgUT@bpkAvT8VX(vzQ-=Cf!~0l$2D2O*8TYBU}$*7H@{@m~_(4eXRX*sc5o
zE?GDa@j+3Z+p^)08X1k%^f|7}cxvv(+8TJB>-Gt#u4#&I|0U;&_*Y+V0Cvi@xI*V<
z{#+9kTFksrh|jdLH@T45M2p<lGz;(~y0st80tDmVExEQQ#mbVn0tU47;;V^G@iA(M
zO|h}=WD#pmT3K?apj3`c%CZSbwqhx^V*fhgw+ruMr=PUA{bS8aj_g~4uYVQ^2^sY3
z?#sv#0pPOXP>sx;cZ?IKTac4$p)l_lLkIaVd`KYSO^m1xJ4F@~zplzdtGCm&qZj}E
zB9o}T_c375&`QHstlQ?iH<!8ZzfWRXGB-T?F2Vgr;1F!5QwK>~^*xW>HHG$(k-Yrc
zE6o4obF#B@nDExecy;UxIt_;S<80f$mWY^<cm@RHQdAV16`iF(GE+1zaOy;RYH<q2
zo~IugjRBX&j#olFtJbWh$Bh#}D;TCaw2BpNzBFFNCFJH1AHnxC;PUfA=THdNE4+B!
zNTz@F1BC`HTBnNMX{8`N1((f+OT1=P9g0SSMz6uUQ78pk4F=VKHtjfHJ^v!Nz4d?O
zD|#tcsyOUeQcvS_7NI(Ia_qPi2S&3eCjU?z=+WT7cI+VQ7cb`O`yZ!3tKhOZv1cUX
zv=*S^lAJ^h8uTVJMt^^71{1=RBW>Rfiq@^*u{$TyDXNouz5FL8lbQfKvuC@faPhYR
z*r{D(A4rBoX*XU5(J1LLxt}RRwJA{~_=~UW9R);hosLIQ3MqMZwx2FQ-|G(SJ?=SE
zK7IUJJXStVbW3l^&{<Dc3imETuTkW0=K^;!{W`O$+Z$!-TXNoU@#}wPp;kxj?@|?3
zAF+{dQ@Ey`7M+kWE+zn+$gs2Gkb`lZjRbg!_4Vaf|1**`^<;e4b^q44`hD~6qqS!2
zR5gp$HL&B+OaMEA<yU-gQwPsibnCM-cIpV&Da+WY11{uW$brkuOgnF2N4};KzYIca
z7c=$bI^|l`HCItlrz(x7Q~-A77jNil$R$)Lmxr2CA$^7G6(5?~06T8RPKgv-?G_Oi
zGPbH}$n(6GeMho6b?OwuMvum(ild>L1%pOI((&W`zH%k^+<ga1(ue3ZwYQwU_RcR5
zpo{=^<l$Bo!Ohqy26oQM*!i5dW|aYUBx7eIdw(qkcB-kGo3T?2?8Lc&or6cy=rsHt
z^g1oOf4Pr{mepgPn|CEJVBCio^jea)KPmm}T&_VLjNkG(!#&2)u~7#?yqfaGf$xdw
zbT6s-33wRIEZF!mPhR;p1|Ltd3JTc0FOHKbKchP1Xy2p{zKwd2XDej(@|moU8IPa-
z{4Al9iVBz?zn3Q?d&}k)hqbAN`4l;w^1wFFVZ)%&a=0)Hqh8NXNk^odTTD=xWC-of
zNh3Sb!H54EUA$PkTzl>O>SeXL*ttKG?^c|W5@iB_>2`%bcaCdKWJ@0$4wVDPa#*-5
zo=v;c<(k&ptYg;9PV$iZ&Ho-eb7P}HLrjmxTsJg~*3G=-!MW(8l=LDt>_}tr>O^@M
zEkZ<dZ=Ragf#yxjWMo@;?Dd_JQ6oa*Koi#w4P$WcV9BfyYYV|9Iuf5xa+*b!;oIf$
z96p&R<3BjL9nsx_c>1ka;*RIaH}W_E+Kg^dEPo}`R#aL3XWouIV}T|>sB5omDj6Gl
z4rTM=+`STX5<wiaPaWHun4XQ@06;@HXA1~Lo2`e<e8173m=5_2>XeJdsIt1y%oq87
z6baAHH4Kfl4#s%qGRU(459v&%Azbb)aR02ueE8KiDM2Kj`S7M%CQtHaKwlGmdKfXA
z-Q&k<Q_0M9GV%5-jvRv-xAo!4nFA>*axnSf|8XMm1kIXxVzVnW4GiPay9e>h>O*YX
z6A#(~j2?FEb_JWoL~uY5cTDIZjY7^r0KH_J|FQyh^0&=HRi~8E&Ml*vQ_@8>QDnf0
zs=P&^ewGpv<$m$hvv5AZ&Y(eq5Z3yank<`JimhtKj<1KFFQ@fkKxBE}Z6)0`{hLGb
zFn;d%HdXduPLY%MHf6K)Pyt^}XhOKJ+ek=+#c_p9UzA3U#ZkuB&R^?er+bec^zYYC
zvPz4rR(9>&%+jSlqR}4brfa?E+0lf<?&M^Gh862PY1QsVwr*KZNTYq+a${rkWTQG=
z<mT)6V_h~Iwx-j*t(mqhJz4NwGFOiL2UiZerc&FuoG$LV`yLi8UW(T2#n>0;5ZI+R
z4i!!;`-Xmv&D=C{g!IQc?#Aocuwg5DuK>pX-#k29bjGE1aQyoPoH}uc{<luY;2VrX
z3p%F`hXPuSR{8*PX;k!z7Q5;|qq=aZI?y^e{L%ZIN{i>(M`vTv8c>{iY#Puj3aaA7
zCG9SRWs!=i2*6E2t5NYzI?mhE?&P6Gzmw^5qID`bHG-w%lD>Ep!4gshIHRI!94M-a
zPIaO!C}h{y^VqXtBX@uBG1)qA>1RlXBIVt*S{>qmS5XxS>^Ma_jTVDT#hH=Fp%p*l
z@DHTZRX51`xrDDHDZPptv_e6vx~=^kitsDsf}AwsS1+Tr%fch~-Gh&xZ}B)g|H-BS
z*g5~Ut4YdIV5cUrYZphbYrON1;gf%~N*OeZDTG2(FnM0B&d8-zbq4|Jh&+VvoXzq1
z&|(1g5pPtAs{8IXx|<TD4BO!rw{k+;0_W<N=^1F1znv{eV5e*4JZo3uOCYuixmFji
ztSrFCsBmLf584E|6)VJEbME>=j;GtWs)Hv(+88d|b>bz^Q<qH<zj?RzQfyUK{=xt|
zzIEEp(QPg`u=D0DRYm&PDG6r)sp22%^LHV`mUW(tow7ZprhYyEG@pR#*4?VfKB(+@
z{DqE>0CsLI5A38aD3xHS(fu`3mBy3K<e^qdU;cW<kz5;KC)D{zv5%el2Nc>|UReDn
zvT;i+n>KA?%(d6jv{frKdc9n@3hSYg$3e)qh>x&t&PhvS{hBqB(R1(2X;_nf#7}qf
zyxgok{>m@>>w|TC`0BOXHL+*03;@_2P7HdnxKQah{9QM&v*(}qdKYVLR{#v%jGZrd
z>)C6H89OQuJh!wAV@F5;RSo<lB;^v`_g}?~oo6u`ge{fIYwxe+iC0%(_B8PG$2T*u
zcS|=@p*SB^SaNJS#!dGvBt5H;*Pk50!*>c9xEcbCmuS4V=Wpe}A|rQo7>hyYNrBVG
zwAC-*Z*E4nW`k(w=}WK9{W*Cmi<3uB(?YX|4vjmI+-NLzoiD1QB|YyH->kZgcRCl#
z@t^1G;*Ydb^au#WvzWCbvavax6geDnV`k85@z9mZ996u{3kNqc`td8cdQj`jzTav)
zE{m)#mi>{)+;5IbnJEzj_!`yLkG8_n%b{}cST2W7<VgmBm>-7q59Xc;Z6p}9V3C*;
zN`uLuk${k3@A!G^u~?lPKb6nkBROQ}x}_U~1!!_ZD+cv!gkG<e44QA33upGnaX8(x
zQJ|lZPLV#eZ0ap#uY`=-p_6%p1e$2y+J_%jCU82%A{W`OKN>|?h?#p|*e*dLA(eI4
zjjgz0SeOK2#d9tIs>N$g^UmjoW&S#?!ee)|lag=3I7|5HSoq6H=KpX))>Gswm`5`w
zMH126d`6ePw(a|Oi=R`dBQZlyi(ngiy^G&0Ui`1Xmn_%WH<4w>P_Wj{XwO_?Oa+)V
zVm#Ep_v+uRU;m2w9#6>Pv*kzm;iv8Fjy+X87eRo(mdMsR`t&q$%LFevbuh@ox(>aw
zdGxM9eEHLE`gCo^6Eg-#cNuZV(n!lJz{8{`s$B?y0iJRQ2{uqhRv`rz8(NJ9KOYl;
z{$>Oq{a4iQVvXZOO$<re%Y?C$zthd!Kby&W#r;9$b;mZ)PF1`*?>WyU$zPJ}?+5Hu
zz3%^NS|3IVrcM=M$=-ApY)j$GDILz)Cu>hwn7$~Luf~VcDY(=yD>m82r2i!mpJl6t
zvEyWl?`~S?OMMKU^JcY((4$8W`t|E8`5pqu5Fp0yzyHp@{r}^d!O*3h5o=*SOP6J1
z)eUFBkO^$u_y-v&%NRDmLX$uzNog83?au`X;s5|307*naRD`1^{P8gRA@BpeP9Zbf
zgXn>yY1^({xe|$epYX49-@Om8Zo>w={DX+P;bwfoo1?+V-lab<qDwa-n}vhM!Q2nt
z=J?4InEV^jebViC1T_b(i=E$nPENu}dXAomIjp(#1Ef{;I20Fp^f<M`7)!z6a^ccC
z5m<*qQKZkHO&`BUVNMc*Z=H#zQ7~GU7Q0Z?6PXCy6_J+!PV6{@ag9UpVVq>|+RWDF
zKQU~^qiFpa;}p=0M!}`pCDfvkpbj{2p@_Yl%YkCI<2-VZ_1}FB9!C1zG8sc~E9oOo
zFlwEOiq@sz(zxWFSlA!BTpBm=t0<4`L$RDXxSwH<JcnnCE3ms9Skg|D5f_KBI}yN=
z;Ow}89T!gQXzf<WOrfQR!uV@O&^fBJWcAeCw6f|!R9j%@v(G-GNs}i0{PWMX7?pqD
zsQZ&tPFL?={Ja__Bz*%{9C;tlqLdn^&-H4}u6B<g{+10<2j3(-c?EW-%DNMI*vw6_
zPyDvZeD(3`@LT;4dN=cuK+*4gKE>&9&}Zum0-PCVElY-9XEt{ESB=YisYVp%!3%d4
zvF>P*+}{q0FfsB9BVy~gKiSUv>x<-jp>4398@reY_Nlpn+NIhi4duSDEwJ$a9wn`o
zK6a`qQC$N&#_(t<#a5SLKpO>9^~ZDkDaOw1AEvbk2@Rg*;ps6&f0jeQx~x!L=k;f#
z*eaGqRTmmaSDymq2~f|^oW8CrSdyQRNozc@Jg}3#u-H<shBvK{hgvax756BcbDuuZ
zgQ9vzuNpXVJdqu`p7o|pTz??Io%$H;E;9vww{Ya>NxZzg5R1HogakTw?o79C-3Sj4
zm%rO=Hd0elIdI?r>({TBPPZmanj~e~x_9e_Bjr1Mb?(EK+J=ogP7yusBWX21?dG1e
z4EN{96$j*j?)JsgWp<^&&eLb{u@hGY*by5c$^bj}(IK*NwMDB8?6?ma#UlRp$9~}R
z?{~@ai9GI@(47`xe#9r{Fz53v96FXRWnHFC>dCv$kE(6;FUk1%1vdH)`;vu2pGD}G
z3kRhF+_`%3L-Y%e;pJfuQlKd8+;W_eLA!AnLr4!8Dy`U@iWZy0!R~}jw6p#}XCJrE
zjq?p@MTLBtu%AcU^f<39-a4|K_LD=HGB)bG(qGPr#G*FtL@w`qc9?_5g~w2L5Wt3z
zMH8EA;bguf2(aUx@vSAe^3n$fSiL31%}lQl#PcGUE)J&);e@^<ieSRrcvU#V`i0<C
zY%wO%C!`ee(ZXY_-ziu@?%1LXf=wef*;czt9@-A?A1r;2e6uWGI*S(|)aS4DmQ17R
z&uy2Wj5w&h|JF#ZiWYu)+$Vs7nIwRtub0Nl?_OpdPu+b5eWFTPdMO!2ytm*m>vp8e
zI0F0;<-BJ?Ysvf(3?WYs9eS;T$*7f|1~yOiPsb^Tp1HX}9I_j0%n}XKIJn-NL$pT$
zUg8v}A^dGxz-n`_;XoEW`nP5I(%1Oc+sPa~?vS!;C3B2$qY=_r%N6bPY})E#-oI{O
z+%+B8z9*4G$I}_ms|6v!Dzo4IncWA{xw3yF6s?Vwf8-E#g*W3zx8a|!?Zn$l;e{t6
zc<7l!xKw!h{wN~DJM;QSKe6vnF2iF4=&Z2hx70K3FKkdAyrUN}-TGfreUhjhc=<@N
z73}>pQf#>>%F}pU@tz`1mg{-=`vE(Z89Sq*LM2<Ly3p~Z%`BVIg>e6xZDAM374YgG
z*(|*+RLZiIgtaFvjQsR;u`JtP%h+)PJ8qw$ZrxagxVSiW?OKh?9*33$G)@b9_E_jS
z;7&$ecat>mT>A4DC`B9T&{jumoSi~vM+OWULttQ#bfPTT)jmG>`1qmIl{c&q`@3!1
zwzGKgQc_cr(CPJf1_Yro7*I5N3bQh46V?u2vkwkuAqNh{l9!(&{oZ){2cgjkxjV>B
zO_cIyIu9>A{ro{IfGI5+A;eY$M|K{@KQM^Q)C`*UZi!LRvwzcWjCLa#DM{$<g(zlk
zy!{(V(KP{&XcY|_rx0Ni1~zuIxFk@c5&5c4EE(w(S#r^sya)&mLkOFRw2F`jR~;zA
zQb)+I3Xn_yN~()Orvo)31;y8lD=ZkF(5Cn{3Y96{O)h+cibbbbbBMeIb4N>VZmu+N
zJbmIYjoWtM+Lu4T<r9J>C!O?-OYlfKNl-w5=rU9RSe104WCB5xpg;yk_n}?;c2XMd
z&q%P9jMdr#J0-GgnVFgOe8#IE#k&x|PP_H@)5acGs|pI>=AfnxCkM|tldfgL4|F*4
zzWl!KcpmvWUtBkSh07%Ta8(@)-%mcn+Bp?69EZ+KSn{t`GKR|L@V5YV#NIQ<$s4N*
z3Gq@0G%KVPz_=(QEdsRsdvy_cRwv!Uv}}!cGNPS<0j&)}g|Z<uw7_|{Km)K-+H`*k
z*m-Wz-Ln;#<?kOzfPY}IH?Zmq^-8og>(_NlVIlbic{}rRb02<Y^!s(<;8achHUfoD
zP?WQq^quz*K97WoGF1t@p#re;UF|k>74lHiE2OXD9u-Ua!Gc9<_d(}A$Paa{L4Z5;
zF%+szF@)X5Lk~SfQc@Dlnl)qc<jH6>8rH5|%aJ2T$ji%<0FJQg5nxa6-o5$itFQRu
zk3ZzW=)eE{Z?v`qf|cdxRYhqLv1Bh3?_F3febf~p>{>cQ{?_~257~btm8{sOs+G*z
zeIS{x*UaIocg8bebVr%)-yd(_kr#jA(CP<>Xi>eCT6S&`fn8p~+iWCb_mlF_x+IA5
zZQpa6t0sRgEqW`4;2<x4{OBfncM1Pn(QsoXe8$5;<GI4WIk^ri-g+;d+4dP`qc2Ym
zoyO6`Yzj}u(>ExEH2+}~IbCGrXG#xDc1s#@@ynRdGO`@g=6nW_VCOuwZ!NEP8hBn#
z!B?lB!t+*7t{oP6KDWQ@(+Gfd<;D~~{qdw^##9x=^U}GkAGeHYPR9rz>GxyW?Cp}t
zBd`+z(g<DR>^xhQK#xct(ZZYYSBKNHqd#Vk@&^q<V((~tK3^`5XXCC63D8sw!U9#u
zy!n`Qe7PiE%CiYyDc`-*mt6;Pc<MiUr1YD=kAVkniy)>)DWE8rLvQ{!j#ZmeCCDIr
zk~})KEuAAvty4r9cI?aIt<MgTlvX5f?`hI<_xRR~9^8a&do%I%*0Xg_CauEFv}xu|
zBcbQt5UOl}^+jer&krC?=+@UD_-dR?^2(yWNyx7?fI2m3vdb!pcn|MCmWfwb7-1pD
z$<JBJj@=ekuClOeuZ_*ytYl=C9~Z+1wC1jxdeFOTn0&VjUprcTK37lvlHb-QGkJUy
z6rGLvU#4?qj6YA`e+5IvttY@=!_Jk%i5~MSr%pS0?U~kGKXeFVr+>ko{T5#RXItV=
z+nF=(*qJsq8WiTgHIRwd47sG*JyA1|ByG%D%Y4cB*eQscha#ldY8}2qb={|!uSlwO
z%8QhsrofIU-ob+hS+QaTCr+HWtfbhMK0JWvh^i&n_9W)>%JLI@dAoZrP}A_liVSkB
zFn4tM{esW)hbu64gwGwPpl)1HA3NoN9d|99PA3`Z>BJq_Lt^rAoDN}4?m^e?{b}2-
zy^M1xE{?t1S7W!Q;8X(W*?TAvZQB+fT2$W}!f;0TS4~Y#!(tH**NZXEGfX!P8m&TT
zNEn_TMyysV$tlTLtriJR$mlX|S%;M+`zaNdqCx9&k`$Z5^8YSn=(sCc`NJBne`YK`
zUY;D<x{uVIX~b_kj?ro-pk)($gMCO%OTm(!O>S;J2B(UL%ZWj;;h}L#R*V2@v=ZTW
zB0Tn}stc!JTdPjFPjv{nHG>B40AIX)eK804q4;=6hK|nH2ZO&CngD+^!2y{4d?kG2
z4rS^g@m}}u0;V~1=nxOw_aGU$xrBC)=Ehg&V$ph%bLt3bD;6+i=m6TaYb(Jx5sLrF
z_Awd^1O*0SG?~b?igr=(HY&JX`<*|;(*W$$^hrOzc>5CFj2!_pN(No=-x9`c#oudk
z-Sop0l=L_PJazb(w9>zgXB869xmG8IHkSkwG725&8n>h9`uVaPf~C_X?oC;#*rY;E
z7iv*Py@RcBr{eMC9=m1BXK)nI<lx7&IK5cjw>BZeuM-=h-l&uMyT^Ow^3_%Qo^Sp(
z2Yk81%DyB!xAip1^M(KIvJ%xq%iu^oU+%CG=Bv=Jg@Lbk7D=FZY!?$veTCQ0x*H$o
zTmFmPehv3Ozxm<Y_a3X4j2%N*G>Xxu+`Lzl`R#1uHzwljjGd<zW$^Wm{GHi__Njc-
zYgcu1RF!Yc5@1JwIspMyFBEGt>0QLQ|DANjBX`vG{nhlJr=U^aKvk+g9k1(~R-2yy
zc1D*6b~1jh9k4_BJk(0*E8nAHacT<eG;yvWw4MSx;zggQw#L|GEZ=|sJ>P!&EiRV}
zPft&LeSM{4MXgpVt>nc5zM!Ch?Cfm$Ju)(q2Of9;lX@CI+j5jYdDxbcmQO-*u9ST8
z@it0UjF3waA+NxO&E_D`-?Q3LA<86}H=)7aXTTqkS7K@&;h{cftn;hOK!7$zqpn*2
zIKpE1L_#*H=>_EE72)seL8CykET>!2>F*Uj`g$i@zsTetov+8Csw7$SFlmfTSoIc*
zZ+??w$8%_GJwZ^TW@M^nvJ0~DSJUuP3pkmT#NOO=#<gmPNmH|f-RfG`;c~GvBZUZG
zfBXzp>#&zi``)pggmlO!%i`q35e)<SdoyqIDSn)H6aK#EPXG7nWp`}_qeTE03x7F9
z-0{3Kl4ybv(=61J5z)a6>e-k;KZ9h+2;gPH!yBc%ngDr*_6?SCmi>{;wtZP-<=SMv
zg4Gh)+?zqY8_~Z@5Pm-TVyVN*tt>#9oIJY(c9yS8=E%u>=^S1xor3&L^z0PC)iJ>&
zBwN_9GgHn{BEJW3i)8!0EPh^<C^Hph962zQHqE@w+(gt*fI-I--0l>b2754iP^ffj
zUp5Hl&+4tItlge|=Dfq(tmnR4+K`xPk)V-~rt>gqX%+58fbZq&YwOQG2dgb!EXemK
zvj#G3dd0;IpLF^f3(?nqWBNbaG!5yiX#p{>EZY#zpsTuIHmpQ(?U9VZLW@dXo{JOl
z4vrkNlbGTpF3!fnA1zEA6UCMNTG1rfn*lwAL{MIhfSp~-CvxBHMf|ihk4fXad3fqI
zjJe}m5|f-P{-PgCSEey%{$Wf;F^?%23<`5z8OYdSgD<K6b2E0%4(uG-x05wX7P5Qu
zy1|<^t*aBGu?x{is^w@c_W>lJFikPFUUDJIbHVbwd+TgaX8mKRKjL$)@OK1up7`-F
z%>zA|KA`Ejny1|L_-qFq=bR?tk??Y?9iQiqAUvnwx|oceQmHQC>qP(-VqIjjS<z^;
z==G(VCaUTrEj3N<*8&3l3GnwvtI<j3$k~IC;C9C-VKkqKFMoH7g<QR5P@F-xEgT3=
z2=4A~!5JjDySqEV8QdX|;2vafcXtWy7Hn`2Hn>aR&U?;1b-(jfbxqa$n5laD+1<U@
z+N<}{>Y`gR*llf)k34^$fE98Y!2y;=M>M|6>|Lrp8!pDa`<b)NZ{@^!B@p%<%KcEV
zyqM_(zt3BDWg&3<y>hkGcdN5LNX{|{-ptQqtqYk7UCM}OvP~7IS}vBF<DV;(zm(&&
zEn3eUHto0iQb5$?{hV=ido_G?7`uBGvS~TEZH1shZGUCFY_zY=QK9aK?894{e74rg
zWxYUfdAs{lt(C)cHB8(xHk;Z{&iGcqS@fOTOetJ3uhVF~nqKlwJ_LsHA<YI~Bp9d5
z(=_3_;qavJ#IKI-ciabWDU6;LA_72jCK)uL3{5bvlz=y#C!g8jZ)*a=W2%P>U;JLZ
zbMi-x`{Vqumt^J6-z^)+Es-;X$JwARaCh%7{)G=Kvn3=U1}*iR@%0*M5e9}0#A^8n
zwC;xf*#NN2dHlBi2e4;FPjccbtA?+Sx~-00OK((Ixw6xVy?E{NwhbJ6a(@XnP@AO5
z&8jHmt@_hZgzM!&_2`yrFX}??)^vHUx+4~t^Kr?p7hMRkj(RJjVpWubqwd;L%Q{q$
zxz7E2y~ZhHOCXIZ&Ozu0K!dA0KD^m-56p?BT`aYBkkxzI<Rxwp`;)QPaw$^?HS-66
z!r%ODV5WZZi$uH7LJZ0=vtez8mjen!b~w&mX`=@2<S|z52xWK&5DI~1Jzc7{82FC%
zCrEi{duNAI55URE*%WL0BdPN<yNx5K#=)1sfn`^}<>N{3L~U)}&M;=@*CemZ_`Vsg
zl#lI<G`j9jSNorRn|~B^)=-<p&3kj(&m2Q6Gab}99dM6d=;|rrX%t{Kh$Bpy_J|Mt
zt<~!5g>$l|y21m5=34lSZ4&<&X80y~k^#IAoPvZD1yvP~0HRYe?pp%|T0W0)n|IFw
z-QYdxQ4sP{oMjaQQ@$7(+!HFtNVgU%qltY<?3jvEs@u=dYWKY;7bj9|w%Rp_@-+&H
z8`t?+u_!w^UVm#U)Pc2Uh_QJ$pj(n~Urkct-Kgj(uLaN*z>7`(7cp_0AMi-)xOM&@
zSKQ0kn;%3x%%`0N3hKHC1X5Z{e^RFHvcroF<NmX(y^@f&vtRQvFW^6#d=_0Imm$e1
z3O3R+6n=6DG)SLh-4ma+{pNqKM5i<Scy;@abeaPQWX~P!a^|~&oXQ-{8qWaOZ!Py(
zi5Z#H1?mrcjiCzV_FS^R^%<;BhXDas_eijd9}QtY^?3ZHM26TR=G-iH2HcsSxBJ{a
z<?`p;d=3%`wHFpZPZumsVO6yjRSkTnR6gA5x6LeOpmgGXS4Rm_Ff9d-C};fJ{}X9Z
zVFi)wt&h;DjUQZ=n8_)Eee(LsoZF~hav@hwDS~Q_`fF|?D>2bY;>(r6JG!#5BsqXq
z-O<VR_cvrC*v~1#!PQ8WDI3YDRq^(`vkJkP<Mk62INCX%r{N(;U+veP&uGq+sH`ET
zlReToxlgd@J+DZCA;#B=Vg$(6^aofE^K9Dey2=*-1g`B8%A=Tb0g}>CeajKE)*TNd
zyta9?^Rjc#GJcIkdmdX4eY;;}bA)hG2<aRsiSmxna?i|y(+@y133VyNx1kAF{?A{0
zoXg$_RG-&5nJW}K`Cj4+sxk%iW3SR}Ns^4L<;%NQbXu;`@WK7*;->d?FV&)y>_?Tt
zHy=7TrC?A)z$!F#g7`4}Xntst7uV)&(~ImxGty`22v<64h~F7yq>Zb9w`2JG#qEGn
zZF?ThV7{l#KdaDvpUeLg2l<3%A53E)v-U2=qN6C(h{DN#jXVaHv>irxVk8bPGLY{v
zB06nG;xMo8lpSlFc%Q-h%<zpL=U-6zs8eA}CpJy=`I?aw$%G4MckU0mK>dud9vno`
zi)O6zQVVk(YQbv1=Jce)-4S7Jx1WZJXJ?dFYw~}O6>NBPUx4=fca<-TZx8Nd)T~#w
zXLKb@=F83TqyfoqrnlAe8&i2LnNa<0qVuFEDg<dbF6gUi1Y*OjlwkuB!~5^0%2WJL
zU`9ed`@iEb3^gjjQR5cnp`OacNS>~s@}KW@*T0pQewr(EXa22CnUJVX>3O}Y$f?VO
zg%-r8PZZ3DCpFgcuFk`Uaiql(qno(-NKI@xUY?#Xad1AgXp;E2dV?+I93uAG6i!GA
z^SeC3CR=ZA2^a6~3Cn=k-{p7an^)B=a;r0T3T%yl4e1oIA<;4csdgDVP5(gV;9v7l
zVav+Ts7ut}dn(ZEY(;T$W?<LlGT;Q$_c3yILzIBLJ_Eb|Q^j~l*QY=wz|YDn5o;Ar
zvrE*WvnQOUZ{(J19jTKqcS!EW1e8V#OUGH2pVwa08JBYg1ccs($;NK4ZkF5++tLiN
zvH#50pfSI4-P8^h?{u$AJJx5qYMbRVWsd9YZ3AmR6$oDw|2^y75mMjqPY3A?PFz$U
zR7%xzqkGNfcgNxF2!@6>Jw72NAfljX1wK_L)b_A$j}daN10`@0t6}Q_jqSeU%j!R?
zt+>KG76Kqe-2`Avbw}bNoU9K(AgR#UuQ3N&;=>4f2_JtT6=fe0R*T}no1O!WMX3@q
zHg*l__R!0D56xk#<W$}S5?H_pdw81HMM*1W$M5ZS`pMkNCFl3_5Yu^X_r+_ts<JLq
zWBCl-(BGTOi$`A~JF+9O_oX+8QVT|w=HPckL9BC~m0zaMDvbMJO+f@=fz;E2jM_MQ
z#I|DH-gVGOQ?B|+NIdA8RS#B0GrlD)LT|d6uSSU-6l9zx&KwCmFZ9V;@<z<0eQXGP
z((gb&ij6Gon@Umpi9UU!34HGY9hk81=hqsG9~LuPe@H!m0adclVyVz}Wn5QlX&at>
zLhD3OO3cZbF1<NyG}}YCwPqJLFbdf{rqxp*GN3f;u_pT^us4(7Y_IxrT#YCgbYtH_
zM867^M=bD*p-~|m3?`kgwIgsU6e3ZS>W$ZOD;WK7ep7>+w|4gzsrmb{?o)sftZ@F}
z2Y0w&Xp@^Hj<)7_%M&D*vhv!HuPUGvf9xPB3`GiP87$e-_Qyeoii6f)1;*<ZZ^Y<_
zwWC$dfulI_?^8z4RGs59FOGwBf*I=)Dw5RQ#16o|;bdT7Y$N7|`pm3seM?u0{krPX
z^B>r)DW8~IUnIy;=B*58+W7pklpop~w6h$-u<}%={FMG3?9b<!%+fL|#Z;cWs<c}#
zIb*h`iTI!I+iv=P_DdJbp{vdQT|bY<1K87LaF3Zc3eAt9Cvv!;&itUB^CEM_F-`<k
zDPi<HF;1a}pxrFacKHP6y;L(~^!rh|JL>xVC6&{-okEI<MYcZITBEwR&pXq#Bb%|4
z9~x-Dz?4DIXgWV{@pxa;n9T=#e6swg!WW-lp)fj;O0aj;Pl8uUX5nYX6z0oAJz{5Z
zH=NwXRTI@mTK)La_I0j+$bUb;)5zHLX1Ddx-wWeHnC~?^DIln$E-36%;9APCL+;>?
zOBwfPj_d7x-rHl6OTIE630#MHSXUtS%}p4;IbW(@C6diZpFRM4GUJv9FV7*tq*AHz
zjdfQrn@!}MGR;nfHI3zK9~hh1&b3b4JeZc?`>y*0m_x+dlOg9B1EP#tSQ0n|?a=G(
z&E%cI^Y~&Hb$&L|=0FwIK7D3k^KhLdJHxU&o)t*JH9<=#W-dYu7*2NH0`*PmiOQME
zgzrcQ>AsEarCWB=+asEY{ElPwB-1>#pvO-so#XRW!L;2hCLszYUGck6IiD^PnW})u
z<wgct9CvU0a5|$W1Wf%?GQ8OllLjJfk1<CGY1`>~H6*}yUK7mrC&Sl22?@;RHq%$z
z1cT_ci@0nww0UAcy_+M`#X=qtMJ*H7BinXKc^wsV+YR7ZqFV+cm?Nb53iWxt#n1Jq
zK_lQV2}=Qh{7S^qV%k6ZP`C2pva&MWW+m!nj)Hw(P};DV7<b|q$DnUztaa2W0@ATW
zQXU?+CI+(#w@!Y_o&2eK8>f4Q6c&rih!7tV6$d7Pze|=`28k9<5k@*pxJG|8sp4$Z
zz68R{Adjz5_Yq^lom$_`8FB~iJW6dzVUJC&=+;Ci{1U+JBaylYp{qh9=t5F@i=EET
z!D?enG{-hoyD(olDMpMy00C?P8?t5>k<7QdPm8_W$<K)*m9w;cS&xpXe$Pa9kON*=
z-0fHn9Hmj<)txeNj&uYf!msIH#RquhEMPNQMx6t42}SP{_?J3I?8W$Jt@k6IlncoA
zo5{S$)(q}%<?{FG8xYfJW_=;_%T>GHqE$t}%O|_iZkHI)VNj35&rQ?+aIN6}H3O2z
zc2wQn*JG^bz&=8N6+m-J4;zN4Z<ElaC+vddI7h=DakA&b)7vr2%k2-cg<`MUieHI)
zKOnPrRZqyOGQj|}{Cs$}5xmh!M)TQb)W`NyPXZn%6AAN`PHOtt!v|+m<1K?rjhkuR
zu9T*b`GZ|mW4g0|)8W#L#bb)%ysvCsl8<#R>^Hq6L#O0UyT8#14N0*_c!X~_iI~{O
zdshk$i$*ANa`d#XcikY>y(P*fY$8Kl<SO#-_-1`%LR{UXm{ZKons1qZxYvt&T7tc?
z9@c~&hjt~B=7W{AXrkt2_e}E`)6a*+W6~c99Rt3-OcWdXeJ;5iU-yK7bHz;)K7y90
z4hRFfa0R_MINZYN8;!@zZK_hYrS(6#HCAu$6>gte{GLI)AHtpE21jRTtfrbl*26dc
zj(I-#D?>zDiz|>Wx=8v0l83*z-+N(!?Kb+ut}KYIt|eMcl9V#baAQDXhb%9&ltX_<
zGb8nJ>k9oNr(JUkxS1B)1Z-kYUBeMfWq{Mkg{wFFqd+ZSiYa9O%`d8}#oMIhwe#G&
z$I`x6@Jp3pCcD>R!+m%JJtD%c!ygVC2eLrAh-2Z6VNud8VLAV_I>+8e5#Y&HS(V-#
z4w`-a{;#^wbknHHLFf3F1t~|0{gARt%A&Se{0{y)3v|{O59y1g_3oqmDovwuj&z2!
zwdDljv!~OmJ!p-fKmL5fYb#)G?M9vPt7B+1T*y_L06EJk&6|H<{K`!moc%Ok_Gptl
z1s%9^VI*zz)X_8!Yw4p-v=~lv&)-Rb(iy%&LIU%25uhZ-hnY+oQXL+5;v2SQ^z=LJ
z?kw|mbMaK=g_+W~pq76pU%L54!HL@`P<55Ieu2R;=Sg^ZhP;2;_!|zQ@PKEPh`EhI
z7l^p<(=8I8Y+63UNQpNf`a%B~&uP0O&Pm$aC{-m}0uZrZG^(aHC!cGbdV{}A%BF>b
zT%Gc>QZOeaL{rP~kBPzEQ)-cy{FE#%sKhPs+<!2I_1d*nM@|4vvvy9Ctu#T?tAb4r
z-7ZDTP&r-USA3<c=fRiWbm4gXGYYg;mvn=1XKl3_1y`Xrj)yDXF)-%u&j`7K#4`n=
zkxiY!>W=1r^j)^6^x77Dk!cnz`&)HUevwf9_#Z96*v!mEMtb`DC0F6ryFwxykJlcK
z=H^$*y6gwZ2f<Py()N-qE$CW%S(<n|T4cB8tq^qBe_X@NZH!PothkN=ozQ5>f3a&b
zZZ49Ocxf}pBa4fFEHXqe?hIa>!{)#V0~D0`d?xlf*X?5_MVK8oY{i+b$Pt+1<}D3_
z?F6M88a%q46Rb-1st{~8U2<La3%iCtYFlSdJx<0DdB9)va>IhS|J4+Lh=)yLN4C<s
z^&rAD1e#2Nn+V?@oMT#7ln!g-_gb^DbcOwU*dDGA%Jh#NMk?%Qq1O-`=w<g@xI8Ni
z*fk-g-w$t`U;Gbnbp<lAWpa2(!*rNf^)2@fGFV~AFw<Dr_m}+sFf>#c@(gB8IwH!%
z>9w0#azsdJ{|(4c)BAaro^{EA;Ic+-(s<k2#8sOG-unKh+|vsgGWqWo>AkHMcV=^o
zJXr)oiYIi!TdrGlJq9!Z4<4&#7)twa!Yy^!Sw!bora-668ce#w<v#g~^N-qd3Zn*F
z22&bq8C0_OAIt_n7(6P?;!|dyCEf=f`!|z%aPl(l`~z!U&&|fNeaj-bT2cSk;O2|L
z=$46I)<E!I>4K~bT`Zm7N~p=vR$yoyykcGnQ4^$iwV{L>Fb!|Fc7L{JlHkv7U4m<J
z?50<S_mK+son54@Y5%XqEpK5tVhpHa+(6B%yh?Z7WMc{OGfCMMD>1bHK3{4~8z3Ln
zqO{~t4|loLs%He^mn|Ix3uZJ3v+pATA<BEBXHRXIPG_i=yykR@6ikh=|3Gq^Fh-GU
z31=>GS4uN*JL`O#n0^<!V7aSx3vy4~wb`$HZJLpH!dwRrebpd;@Cjaoafkzh)3z-g
zQ!s<D{oBTVx-9y6nP7|1J?J-%mV9xpOx0LnvzE@XJ*jp@MP3vOK>5amsFA&|tECTb
zk90FnrDQkJ5UR=0ROu*s_YMIedTVMu4{rfjyD{aFST#dbr6|OMDZs(H+EQvdYB;A`
z8&+Otj<9%^MmozzxT-LyWo;+&*tn9Ere7)Z!`VQy^QTQOLDL|`FLKsjxW*<qlDiHm
zXE@wvgb%!?g}wgv9KMK9Q-x{~;F#dTjf(v{RInuJFctSN3ZLe*S5WgDZ~V@-<+dJW
z8XLZOra4}j#IiG%pu<Fc*aWj-zIa4nv9fL8l#uB8r_9^ocu_m{2m^Dwib*k(kl%kU
z+<nN}!=YN*FuXz#N{qTo<LHbZt?0)RxW*~@#n5g0mlKX$EAb~fYkEf_R?hNh7dD9s
z5~%9^`>WMFllwQFd1m09Z%dRFsCg#yVYO^nc*cw4efYr+Y;L1dLq_h%=<mNX+(4@<
z)HZBcH{EbHd%8pKXQIG0;pUqs;ypgm8TI-aUGUWSM;-ss5F;@<@EaQL8;oAhvc&YT
zjU1*#z$Utm)6F>&;Hu<K3lHFtbdm4VmnRZP;CRq#@#KB^#-lrXVIOX15B&TCL?SSR
zU-t~b6arg)&_6zTk@q^tbf=$5n)h?PVNTEYJ0!RzeqhUS1blKpiKC<xghlF(Is%T&
zwa1d}D)iU-tx*_@e%Q+VymR{CB-OU70?ug|I9=9aqq~}vSV^^8`BA855W3poD{|xd
z=Gt@VYd0yVs%sbmLcDQh5=ECPwxN_m$mUOs2hN$bJuC$x{rSH0?AO!Z5!2Y_<t9Yq
zNsAX`E(3nL|2)|IbHw7<#Jq0=uN7%djVXKVSvXYF75adYvn9<aXR8&MBs4n_y)nN%
zsRzUU{%#L6!UTTaw=^55uo~S=;^gJx8Ys;gUT?pcD7j|RaZEx^*a~K%QA#RO_Zmk^
z>3Vv4vTJzkKB3_uHye3-7%uQ~YEj7Biq5Kkd0NE-<C&G>RFajElW8LXywH9Q4jP+z
zAEr~$4o?pn=X+ZY`LK+!VT}*a{;1z`^!LezTc@q_zA`_+p}bWGyT<2efia;Xs9y&m
z%bZF$KtoLT@lGX|Rbx*p%IAMB_`cE^I1Gpr)b$qYHf^3acjJDP5buKCoZY|2Zs9{e
zFeH0cDrMaG(4;-*nU)j^a<HH1ST<^8{8LbppHDDwS<E)XgqO${EDYI6)jLjcP6@6W
zy=DZkMc$gRKJG2HwfBA&(=Q)eA0!Kvz*l<okAx}q<?0xzaCyn22tQ^yYmAFN8hFCu
zdg~sGQs%T5;#Vw=+KC(fc4)_?ea>TME3;ierayE&M5c3<^|pv6JsAEW8L<o}aX3@u
zRei;8DLg)~`uAXu7z#k@GBG68FLqSWYVcB-Dds$1Dr)$TG3AMWyF$FS8IdBSP-=}s
zp}T)$qoE2Vn<2&3U6j?gX-;#Q`nlz_37Ht380V_OvkWd)A4wK#8aHc}Qa>VvOps<U
zO2qH{`Sw=GU3+smkOeZj%20Y5)%dnT=0yk9td0(q4B!UKlSTVTkiOl!FhJlshLnxp
zigAGz@a+Ypg%lZEk>NQ?&mqhcjYUy?%0X>yUIzDyPF~@pL*^rGo7blEf`!#nWq~Gl
z6u~2`ULUXPF_7w>>Q8^ePx|{(zx_E!@j#ER@vQ$r>LWA$6Q^;dZM)9C^;=Fm6>D*n
zps_$5?poN4nW?#fp^uM{Idxb)<Ush>hBHneqfi*B6uwJU0RgRbSVJNmXBSUgDh|aX
z3fdb8$b*9xdc#g}NWQ#W;ry80o81fJ{eF3S$1EX~#~~)JRp%iW+NT+OTFT~50lDqd
zYJGG3QQ!C%=;4?i+>YAQcM~-8eGZ8R4XtmuI9|L^ZKqz(Wan%svcefxOb|KRgggRJ
zLr$vtfF51P)zY_iSz#4T@kSxn*y6OgoxU}e`T{jBN5Xm*OS(ue${T)Zx!O<1Vo#Ma
z8-WGh#i+@i>urH9K&W2k$N!o?CIK42m<LFeARXR)i{pKMOOjeubBGWx3oNOLus!t&
zSRbNW<r%&>y-?;@s|WG6d#(fHDN+b;G=xX%pa9O5!Xen!Bs18{J%{(sMf*Y#yi!V?
zMn)`LRJD^xSNgN(@&tf*vG%%2*FuoK1|ywQE=u)W1Ac!V@<2sjwCg;3E8~SIdHrhj
zHLPt=^q<-Sc|!7k`pBs?d&7eigE9szii3DVxSe<4fZ?c9zf+F3Lg{1uAI8I-qB=}7
zpTZSd?$y#>rMWJzTI92txcAav1aF<_adJzh@Vj9i?}N!?*fKE);h-VuGGbb7zGyz7
zCnSR1KOMw-JjW>=h8S61X(+K;8?+2v5@$T7wlZ><QaJ4Xz<b&ZrQf2wN4WUK$%x1k
zzldh&LT7p!rTt$O2<hm)n@aLk?;<FtB%9DNALO!d?5s{S9g&xc)%V4yw4SP&!KuI4
z&vkpo7AIiTrCFu!SmwuMJtOAJI4F7geLl>%98#w4_xS1-N(8ddoVBBoI$HHxikXr@
zvn8$>4)4(){Lv;G(%4(E^!n)Am)v#~$qB@uX8}?PkKdj25QQ(?Q|LK}IW^R2%$SeN
z`8v<Ufq5@z1p~`jf%cRM?j8&SjR}|BmOHrxoN}485wy<-@v_h*5j`}G9t-o^U6x`S
zDSL)_;D+5<a=B2gtx|(L+JTF__<gPZ^Woh=Tgf+kNr$ld<6XvZlYEJtA(UGY@@PAw
z=jEHZfQBvt71FI>^sTI@I9E&&d&Wvi7%U1HtV<r4Lc^#gzTV+D;X_v~Hv?IF;U%aq
zbjXjyUqa>dIRRG0RQ+0yD$lXDq$_B|4S~a_7w@0K#D;%ie!D!}+CocR4Q>@RidYmS
zDR=6TX5LYm|86n4o!E1(o_sQ)WwPiWPO3-7BB!pM91J%)7K;f~S68P1o+4%%@J2K9
zzTg4kjTb-Gt}pd&mQ6j~BjvQWI8@K%8vCp}#gICb{2&JncM-3e9)x^3DAyE=Kz0ut
zul-p~9SD9A8CDKfl;PzHMp6aay_z!iPfOL~ahq0H1QbAQPkljqIT*l``y>DT582T~
z!8eKjTt)1^ew(L4JW~*AhYL_)Q8Pb{;%DmDrv;b^B9I#8;k-W~?fjgQ&UdK~x@&pt
z92>zuoUkU$iqEJ!4>qn}AY4@X7^^B^N!TuB-IcEQqoy9q>AY0JJHds=`p0IH=bzwO
zFJg{@N`yV%lRP!O$7~jErbELe=~&_yL`qGeE?|>dE8B>#fAFh1*XBlnOf9edty87;
zVA6delOkbJ1kI#Ig`(Tw-=&+OFK><QSfmzBKZoLIko(4f7CuwbZe}nV)DSqaZ(5co
zlg^EDHJCsIdkj)_3oMK8;Q=;iJpIZ#AS_myABom!u2sKdv;<N)BqE5P?dzY~kY8qq
zE<0hwj+T|tJaKIt-iXZT350QW<U<K^(OZdKzHCLE`a0m^yW8iNY28(-4~7XkN)DS%
zT$zEmXOX;I?-f&DUEWq&Zcd+6c6aTf(?68T;lsLjI;lc0uBY>GbAR$u%rI|_vgmU?
zQg<D;yK4TT8$pVG-PuvQ+Sxyyl)e1tgL?<`)@{em#p_eI%RpLguGg4h{Yn<4+fYsp
zN987>>K@XHR&G(hIenGNZ&biptSCiJf1DpGk~^YM2>TMr@5pF(m#iB6nwVIbvJM!%
zO^I$+ZcQqA;v&a50S&dERAFTC7lx5&Tk9b~T@R=|CV@E7h$itC2T}}NM0K?^=mrwg
zrsrGIg(?ra=*^)+2_KN5<B=YQ5TQ`+sjvJs4~JKnPVZ`hb(8p$^}$1{HZ#!bCwYlA
zK{z=IEk?D=Khqz$*4!DUSb@}4<xJj{cWpuU-GP-jW-=DYUoIHne-0_<aXd%@407r;
za4klj^GfVdJr2Pbkie@BUs?K|X3|Qs&aS1ye{Vh5H%_NN_iOI?E*Z1|#Hbj!ReeSu
z2RIIH+!<K7wBfNZI&TBWEk>~2BdijFSz!#!4hPUhCH?({(%4OuW!W%B1)cgiE9>?s
zlY{I1a-`SjbRiG{gPJJLdNZOXlsSqoV644CUJ$mpie=D&N|eaGqAZ=&Mtt3PBgR2<
z^eh#xX4s!R;J6Ld*|~T6wf$`P-q&?BB`z_$3gqa>8TR?CtJ+V(1);%=VV+UQ&A)0!
z8wklAxu{xyhi73mA7SfQ!Dwjp*5T=;eG85X;$l>bWaCV`QMBetyI8V#_u-<uMe7f~
zHxF~zQ<Q}|#0^7hQiArwMI!pN##8tJw4bSydt+j@q}Hy{B~AEvW`}3FtayO=?-dk`
zJ#vt&PiG<y{U_bhhI4BDznlciD#Ob=o`xO{f}FS+I31lxRcRrbcOxtc;GpSX+TJt^
zadVCu#WE~lMO@Y-7BGi*_vItPuPHj5Q?0g+QiQP$`*042fPT;SL%jojJ?QBa*l#W~
zX@zWs!1cF^RmQLg<>3>ucsSO4+4s_;hn?u(_yFd)YFrm1XUgC3C8&?J_|uYaKLXgQ
zq=W4yg`sX-s8g%(3DZk>VI;_a($G~?FK<4NGNJfD+8Sh8X*o2ltes$Ge=qxWp%$;r
z=6~UJd$Wl|nU?j*Z;J!SXREDpsAy=QidPN|98H<CR;JuH&-Gju;K{UX`)fkf>J$1`
zx5MLO7RI7Z6BK})+!*7>$aq6h>)o@XRQ|R;RF2I@iPRxw>~EaH{?rZ)-x${R=HP1t
z;v&Iw*F$_SoQI%lg3_~?g_eyuUIv^U`<;o!EA#U|q*HPw8&deQ`uL%1Ewx|oSN$-^
zDuy1BbN3Ev3TLJ9Lz#I4WBzR^Nt|k%)0Z7OX->J4j78pr-DEyE*L<9ECLLWwiY7$?
z<UCIAOnlMLsoUe{-77h)5r2<UYrb?AN{Qbnowyt=`#gTA&<YxvI8}y9Ae%QD7fBnv
zTJWF_$Lh2_)7fZGTCScIun0(IGHoV}xZaa=9p*O&gEmG=bf(M@-S^z|^yPgw192Fh
z{<uS50B}Y_2@5Ex0L;NVue_BnY+^#L7Uy9@5yq>`sX6Q&soOHvfuq`)uC~xjebGnU
zm^}8@X`bB^z)CNpA=K^O3TBnLYiseskcRe6zlf4CjASFIzr+vQRX#hP@RWz(t<miE
zKtyf&=~sMX<Y!G4y<&IC6pQA67OTLsIaCgZi-_CWu5+PN0=w=tXsN<z*4?ErLb<7y
zVusYqO#G^`qKBXPrC#L)OdMM<f#F$PBX{Q_4#Owi2*gmlLV$#C_r7lHIs`oZ(2Qj<
zlF9NZM)%r*kdEg2_Bh<PZlWQwviGx^!TUYmL8;TrM_JI2lp%;_{MoS0yb=${{ZrSo
zMt7K)n0dA_HT>m!q~^o&{jCPPwSRM^;SYd^`@5-R<ny#a486^HWQK#;dgELTuCk|a
z2L{22D3SnO&olL13$E(fn&!XFoH}=gCh9=cdVhMX^3;5!uxRwJ)IH1mvOcS_Qb_Vk
z-(fpsRe-q5_csO1Eqcr)r3zp56&0BW2ippvZY=RiOjTW7B*nB+dP76BT-GJiH=Q3!
z-PD{M;0XT<<Q5~seX*9KG<sDBV}9fbI(G9J{iRuIv9#G%Gj3jb(x(a{wOOR|*3J(f
zVeMz~(S?h&<|Y?;|4Xr{+k}Sr`M|=|l9(o3no^w^=*4}G8jlefs%dXagA6|`Z}}Ib
z4Oh6YO$r6XW&}K60$+D|2b<A!{?6}UOX<FDZGhXKVFTI5rOy9G=Cw$#?D;zYZ>rmk
zL?J3S`se~VBr^&DK{HzMg+p=k&R1{geOhKRP5xUw0gvaM7cRF)bJmAHm2PJe0WARh
zv*9u_&Nc^I5;Eg^VrkF#eroD90n$mpyB`^GyjEUaf&3umRv)g~NY2n_3kW~__@_Xr
z;C|)3NQ)OvvwDk~*6Kz5g2FRVG*a@`R#!ZLcrd1Tj8^!H4-CJSD)Nf1ab;KylCZBQ
zfk%lt$yBAJWSxHfk{tu`L@xPrm-<vb<G<E_cUuI3O2Y4k^@ONjm@%;{hMRWu!)<Y7
z%x8(M{M)AT2FKfj%J4uI3&2(`{L~5E?wR1mAu6^QJR@_KQ1N21;peSS;6#Vvq8@#k
zpSpnlunf`{!pK)k(-}Q#kuhEhO6fMU#*}XyW25|4k!spI@r7X+8njJF#Mh{_)?GJ^
zFr?<(ZSN?!;Zt#i*SKajxtJ0FSpp~{wj;1*{1RSw<NF;(t?xJMKi2*@p4>KJ6f>LS
z78JuR9VClY{p`W3kNA_ijXLp3DA?mMOo}I!eV5ZbcY13!Ng?bF&}tfh?|wetz(GN%
zupfo%?M(t+P)6aGAd4>MjN=;Pv}lg=aC+yhEjEIp{3mhEIxCVaK~evJH<`6BdGSuQ
zy4z)+oi&V$|M-8!hZX1$p4^CJ&=%Yc*r2&C2i8PrCdJn!HU4DgrJUS%pmJeqLmSt+
zqb@{JD+P(5U!~$>m{&+fwX2WmR3Q%u7<~$lh?mu=)Z%cU-pJ}zel%G&K?20(z6*Em
zQi*IBCuyl#w~=3bo&Yw{t+3`xgMUa>{?g{@!61D~xSgM&mDBgO+3Hnvc>Ol<Vl)1I
zU5#U+U)W$KlXg(Q_D)@Eb0#TN5U#5Z+u1PkzQl7Aae_#e;ww^$4uR{rIpHlr@{m<6
zeiDYG;9vx`uA_6kT){Lsmr8-nvaLsT<HS7blxZT(SJ?lI?Q}S|#XS%T0MV`Ca=yX}
zTu*D^Xl?y{>l@LHLfxk0!mY_47{;^mD^84{X?1seV1c;jsLvIV<kFA+tk;=u<H|r;
zd)*w}@+(_6zpgL!g%XyX(<huz3&^y+pLrIzo&**nD?)o$zbPo-j1wiRSoI-oeAeP%
z0pGb{_)5RhwW$ppGn<JktWUP&`mE=cz!z+{V&Lq7Q^d0)uZxp&VK|x123G%che$2|
z#NUSzG&<7*GRhtT*NG3L&#kR(_1F_{_sP=!jWbb${Af-mrS%T9RM#lX$=O_VRjY*~
zzrA^CPRcc^>?H-$oQL0m#2EOLJI|Z?l1yxahAIUC<gXPYV?x5KNTRO1Un1sg2ivi*
z)jJ$Gd(!KI>m4ISOw5Och|Nm#V;cpu`loTV`s0ucEZ8$F2`{WOP1BUxIMu>FtMQz_
zh4Uyc$rVyzC>>P};gUMUA;%rcLql~YcvqgHxRZ!D?w6|S=hvEE=^uoa4)C<PZ+x93
zr6^YGvnrA2)vOd!r0=V``L8Cr477tN3PqVTanasl%=ZKd3wp708$3uA4cTs>mZ1G6
z=m}}7B#t;kSP`RBN#P*uQ19Md2cF~cR~l^)`ohZ#be9myMgoL5)LR@kHC>)dzT*K|
zqOIdTKQGOQ_s@SgQHYYKql7e}dYhGYyRwG24M_f19Q=1Qe1(1cN})p?4sun_YB(E7
z^**Z6e8`dKXH6v}lFE}p0W3x8-#>VWCa>bpD7IA*9a85)`jSj$V5nT0<g0bhy1p>N
zfQ(0_=O!db%yS#_KP0oEYLO+7vU4zX26Dw|nNG*!6Ihh0C8yFqalt@2g4pSnLg<`!
z=Rv4OJ6Q}27293?Uwdq3TfEc#&|ngXGov8USS~CdB?QA6U0uTuVlfP_B|5a7Rna@z
zh{f6s@<dt(YG%1w{Ak3Rn1<l9pa~40)AXPAs6gE{8>j9--ja7bseY{8{^dh*A?N;O
z0pF(2$u18Gre(Afj|b@)m%SU(h78HB@2ViI?G2hW=iE_ej&WVD(J1OC>va*;QfLF-
zH_f9du**Vtl}5k4Oqj?wO?e?1ox_pDXlehZjbNv0O@d_&jf2r)x4;OwVR}6}NrbVs
zQ#VX}S@@lnGxPEop9}<#sHN>5N~*Uwiyi?RrAO;tWSzl}g&oK`?)QhaQT2`1y)Y}K
zia%|?G!+sFR?FMTxE9CY3LqFVe5AXb%PWnF*5Ju0PPMKASoY^fTN^GKh4q}#?Bk6+
zx~0S93nF9tIm|Ma(Djb7>`j1hf2L~Mn`3m0pfJ-TH|Pz|j40`P%?9_JEyy0%h%pZ>
zW*)r!E{CP=5w#Q#%!pa&(Z7w-5^ES(S-z<}=kHX1PpVRaqC)y4`UsFK6YgXtQtNW-
z_nHgje)AEX{x}Jh)uqz`HHHcWe?#04cz~8<tr`Xha<iQ7MNEb0j|06VUf%5pkoTT`
z^pNu11?GFq+~B>QM74`QEax!6A^TzNko2!*_S&uA(TSsX(WlVP{=F=C034vu74@o(
z6}LJV+R0nUaBesG%(ZFVHHP#ckiNYBS%o@ry%0C&&0chK(_8+j%H5ISoP;RSruIBM
zhI;7N<+)f@U>$x^C(1+D-8?n(bfJ3_ZBMw%P>Wj-bSV-$vUou^qJe>lT{g=9#9beL
z|8ycMnjU1q^G&n$^?77(Sy@JfL~T76Ib=wWse)t2@du2|qLJ%)<^x9K4x_D#WB=v!
zPShuD=H2Pl%~}f4rYul_C7cmBHgDb_Umz>?^Y;OQ+11_E(~+&8rW_OU0@H@|pxC3@
z1+&9;Bho{K=@%0~<jX6OUtq>2l{Q4wxgQkfc|-+=F!~dIdTCF(O4M>N6`3gJsG#p>
zfV3tNBtAwPZD=YJj;m*deHXjjW$i;We5`E06nMN_eDp)fr$1D(^RooYw<b*%KFYKW
zZc1%7vKSrB>JmxzanZRQ{qXB?hS<aRv%BML{aV>oZRXhh%5~Dxy=_FNgmZX1*(@xw
zVQNOKxv0?~o|oIGPhScpG>s~0kdZl=ZXFB1+g|^Gr3}q5<;a|^tVXCF(Bu&7{~`48
zvq=gkg>h{C#v;<9-ZTB`!wn}jFDa+#*Di#@4m-?>RLTh~U^egW8r1tSTFb&vg;hU7
z-xS$woC-23tF(}B;21lqtIlX~MoE32%S9~$d$caUK%3ttKD>h}jiV`#5=Ke7fCN0+
zobbAtcyn|$?kx=`<$UiL^qV$6WRlZ`NP6Es=kWiI?2l`VSPY6s{63`IUA(Ewjr&{l
z!@{Jv9uhzeh8?2I0$dVIf_-W?sx6*km*otL=Xz{Ys2}nc*3G@VUaa9WFqY|x^A6ho
zx4?B8JY;UuHJ{7f1a|#7>P5%^SukVOGpsIOAeiMu0H~xhr3n`L4)10-3{88Q?(LXQ
z>Urru`QL@53*Z3h0zHU`;|)R+m>puU3`UG&NUz$FIk<-7F6cxYuDL_j*9{djxsk`l
z#&Xy?^wJ(q)u`jLAF7yJz&sBUJuZ2fI+h7U`kn!Mx|BUQT1#*O>8mDj(R-WW`X*6F
z&g7vbkD9Emhc6R<`7ylgzyB>Un#VBq!9!%%+)l{n$zva=<MqW4hxX2WYxoTuYI(@6
z)8;JjV@AgIJ*9vnN(^V_x@yP33cph_YbQL7FE_&ru|7dC3~9TQJ;I~jxxTlq61MDr
zyRlXzEECf)`v&{l79o(|a<G;@_Sb?zVH8PCQP&r)9%0)ntsnzY9`0ryq67ED!$y#`
zN1XOf#W_|e57za>lx_<#2cgo>tj5*Nb1RRyIrBeOX{MsR2Qb9(1ZoxOr!s<RG@nix
z%vAjpHu|AX6|4^va>-QJzXlOM^oL5mQV@m#Y%xjIKgzlowv$JpByqN6p>S&L#`2f`
zL2?u}>)*Wjo$wh8VNh;78^3k+0-eaU28Uo?OT6@G)oJ4=lNCh3X83%*Ur?s)Iz3;z
za#ln=w(p8b>J??FLwq^th6NW7z^T*<zG|xD(jE;Z0}k=p<t_Q)0UFaq`L!zNi-!iA
z<dM)@kw5Q`nomFTZ_dOaW)8)j71K^gRhuoLxE^j+%-G1CVD#bulai7&5YSYNMSXWI
zZ{<nWw^8zSAq2e-TUz0))c?hILMcz^uvLR|<I&LoBR64|)@k?+R<Ho`@SF@-VB=|P
zlo$Q72mrf{i|G6<V7b5t9AFNgK5we76zMP45S$bpeF)s@LI1rV9W}}ay8qDvV33f+
z9M6|xCq~0n^~c$?Xz7x5AmT!A>f8f34oSav&@9_26qUu59eLm~J#T(4WRv%ysQrUa
zRRZHWV(jN<s2j~3-(yz4B;fQrf>>0h=!$Ci^*)K}o;zh)S~r|j#qII{NV_BAxFJ@!
zO9hD&6ZD8`kSxHYn!MMb^Y{84Rq0pe>LU|--EPbuYHLc|f}t8-pNb(QvSudfoe&=R
z{gfqt<3lzhr-fdNvFqXeV-$rHgX@wBrJH7^Wf_H7X??DVEORQtjtCkOmbs}`{sA3f
zk_)MhvtQAtSQ;?{t(>FUIhLvvmVdP%lkd{3jQ<(}*_^`6dybTX)tZ!O#Y)p~qRA*@
zR&v<aTaiiC2hT7Ilw$X|6-4q;f4E6L?Jj*2W*f)P_Fz(Y@?4`GU(BK*P_(w{l4K#B
z^8`sZ5L_TU0-scb=peF3SX<-AzPt7al#pM|yw6dH{C?0{9jQUmjeX{)74`@?o!{x{
z>4j}Y43$l79>bFhJ}|`FnrUc-6cZN`X=(EI)h2Nxb(n?oloNK?^jnBm%c@uf%3T;h
zM;)P4<Tz~#vQ`WV@)zP{0a1QY?*Ny8?dQ?ExlMM5O>*xbm#a5ZOkfT089NLQdWrst
zEsVHdSy~#wsci>=R`q$Iyq{Bin>L!crGfyUtyAequ7`|SS_4g_fhYc(2}8>J(K0N%
z2}zbiRHegiBhujVh9yjGfJPyZLd<}`+jM0YPbC;iYHDn!Q$x*xO)Pl!Hdks6KKIn2
z+6Sn0PkxV5o|W+c>PFSA+ufZF%%&`~tUoopzx?!T={WZ4B>UR7X<pq}J4F-jMI4tX
zvlTq8dD4_W66(8G8dxhhbr?@L$h!aA2g<|on5%Z76k^#MdKodK*1OfJ)sti_$b|9k
zoJZms=2%E-*I@G9E}E+P$NDukBgTUL7ox6&7uy=5TUNEQM8BZK@anC1=oxLoOJ{*v
zuje6CWDVe}s=8#Vp3gpDb9&DNW!KU}hO_a-y)f2@c=mPO7Px3ceE#vnx^P-Q6Q$&-
zO9jflC(RGnH|$iRqALElpwzSu3ey*}vr3kUe>8HdXYyMCpb=6t`sv4yf&|Nt9Y3n#
z;bepV-+*B87q^qya9a=;xl_=i5^J+c+^5CVXJin<blO!3D22SfzH;jUdob&tkO0#b
z5QhG^2B}r;{ra9--*3Nh4b+MWp@lGOMu{SOe8+y=tVL2{R$%75=K|JC1GEraye58B
zT(`IR3G6$#`%`J~3uX)4lIhXgwXv37F!;hg8sL+^arvz_-Apx7r?u7SO4-nFd&S-X
zq#RZ&brE`p@(FW5h6b~C#29O&G1kb%V^XO1w3m5Ltpc%UrF7&6EFt4Y^AV244<+h1
z(hk$X@6^^s9y%7bGH9Afb>A`5*lXgw0tGJ5)8r-L6`(lfBS;^f(?XspWTxRx{x#jN
zc9x1x5;x&>{h;sld@6Sa_*hv--B<L(<;B<5_EiJXju;21j=yg{zk~9XHh!op|8tNZ
zKOPXek!45nR-9SapZ9x}PvaLTyJG>@J2#$rTLJyb#CtPGj*ovzLgHd{s`b3r-?aU&
z%b%N%f2aKLAC>VT>U%O<UWi{ttVK5_HzaQpSq<zJEa`^F=axf*UQTFs#2h52v0GZ2
zB8Cl||K%LS>Rrl<0%$RGFo!I-^=W@Aw_v_6<G5(4X>)f8z^5e~8Ry(7<Z5OGk_?0E
z2bVF=S4*U==FLX{^V!9|AzytvtdQ|*ae(U|yYA{Rdy%6-9VXPTM~4xss%24t)g%qs
zbD|K8ozsdCO(zbWLjk?Ak<G>f4u%?fQhN7NOG5&l((hs9cfI+!LE^bvUdF@A0@9Qd
zlwTy#VlN9zUft5v49&zlU2tp8%B8cSDn9Ud?wx>dQcUNA#Mt(tkcs0nXPG41)UfGw
zQ3MPe>k&G>h(*sCMWEI*ZJELJ$H(J$y?Y-tg0jpmWn)NZ^dT{Lcz_exc#)iLSC;`i
zfD%5if)xlm?_lZP2zI>yp02G!B_3*j1CH{8YEKYs(Z)6TWU;ploCx*{*Y7HO`4bR*
zTtqH?xBrDaAa0UB{ri2hh4}fTBwuzht3S>;NSwR9Wf%#-$jFG%dG~ROHERerE0P7M
zX)h%B<#VlKR4pHZf*0Q2&H?_3E<~3V3f)V`lGETH;h`CGEctiV$V$WdrzZ<>qd8Z}
zTAvSRp|J#i>U)TJ{owAiSx4qx<-cN^3pld0qRV547E~HbNS(gLJs>|ZlIPD~2s#YQ
z4Y^wfT*=Ftf(*)M0ov-Hz7i8lmQ|?_$IDD|EMksU>FP&Ra1@1wn^Hc*`Kl7M^v>N3
zZoXcp)D<Stc-))DfDj@;(#98?_`oVW052WixIga9qGPzhRgb)XvtfLon-IGwI{efq
zuECyj_onDPshJG@VPViv^rkb8!+#&k|MQ8D1VITT^JV<rABS4?%BV1b4XiMS@caJx
zD;)z;+bFEF*N^ud5V#sJbQCf^2F8FQ3tK6b_k`FYM5oAGiVv{raDgJPmlA^`BNk8B
z2dwx}#KJSLQ^8x)K77M*#8Y-04x>XxM;&*BG|kRna~Yh5GfT$lG=gBTF~8_vo?jkn
zIriVTQZ>vHD5*+U6m~Oev}wgGwopL^0gUs}z7PYEACc$c3*}$%+$s&Noi^b_w(c5b
zpzn$a8ML<Cs_4Yhtwu*kr(|iN((1Q4B@x<n_>=WtWhC}$bG#BNGBT)Q&Q^HU#ROMc
z$FYYBjfR%C^b<)=SK#E}7?kD*+YS9=HV#$>5<H9@KTZA*_Wy56C<n^akWxbU6+DLi
z#w1+Cx6+u|Og-sZ;&ESo6?3)Gz||SCiy>7Y$x(`bkbdWn#!ZN-zFEk;(QQzO;?i>3
z7=*z$hrmswdJ6)RFX%rw(1b|;XSS-|XC@{bEbUlNn^ybds5Ri3lNExxEQ}Fq1VomP
zDXhrY`&Op;c6RgV9j}d_@7MSuF3EcwbA>g~;^HH|?$waL;{x*r!R2zXr@3cOeCSvI
zi%OOpSzs_+vR($2ygl|5{D({)`X4gcB3PrewV}l7SFdG+5RFxmLIll`s8p3Jvl5$K
z!?9YjQsyP^re;Sy-I7pk$OUs(k52&KADXOX+*;<%8Gk>~&OE~J79D`>z)0wBj*~dU
z)y4#g`VPGTiM|!^KpICTOq5UqM)^cE3D|_ewUz<QY(&==K7tb$2o_nzT}SGnc197Y
z=KpZ(y(`{QFq>TmN(NUsKU!m&6rQ{{AoE3>59MuhiI4|r%fiOeel;tt-w)13*JA;~
z9ymA|j<G4eo(YtazV&QS^OJc6{Jv#YeQX5zLypfa5^I5uU#(83m235E2!+1YbNwj_
zl_UK-muuJCSzs0ove7XdEL~G*KpFq^u(x5h68G##j8G{UUtLE%2ntrh!rR<<7_);}
zd;4Jj_*y)1Kxv_FWbfK!$JcSXb(l;X&xYJ(b)9y6&YJvGF66SY-O=Y6eEMNIWXoe-
zHShfJ761v!W_fM0Cj>f<5oBd#^eI^=|L_qQ_+N}+9x9+9$cD-D@zw)?lvrxqpbsgF
zFf9z#YOC);$saZ^*7&w)@v^BsiRlB~>%!kXDYtbkP8Z_qlW{ygEk}@fe9s+``(2BK
z6rw|e=@5+vI7f@c0Dgv#V&<J|yk|oJRCe@+&+q)(2<uyi#xEItLPjI9Od)`~-B1Mu
z@a+@rQO&olecnaZZ9Mw^xKZ|r>rpTmJcXvUnOBERiXHarNE_y5T_UL{!iyeCJv>4h
zHSz%cas1suPb^X10LA}Hlm7P-abZMaZ~}|}F|6@ji)X%?H7W-NiMAUearu7#ii!h-
z<2S3n*&DL8#EW`F_YBwLGlyuRipYC7Qo^n1o-8zjIiqbqX-`1a7RpVU-?PNMD8&Z0
z+;cK!Sq{`O^Xm4<o~9yi`8}32u?^OUEY?&^*3u!vMFZ2UKy4rty!Qql>v%f4iylnh
zYYmkgLOaWww$@fI3S_B~%yYZSR42`jedGjEDIOes`y3*VeGU}OHbQJQ#*CTG`yQmt
ztp~2}Fh||~mkm7+J5~4uTRZ!evv>SFII8SD0)!I(UtR>wkut@%Q-E00wj-T}a1o^G
zYCfVC)Dff?e3N`UNFnrGq9`jvJ9wyMt>zGL;}Is5s&7$Fou%$jryo{!_GC+HicHKi
z6T;ex;dZ#<{SV!Ox#>R}9A*=H4)Q>DA4%_^gZOV)@lH#B?h0qMT7=GV3tY>^M$A^f
zzQhs&4@!)Fv3TkIG;0SjlTd!chw8;|dFoKBiD{z1HC1vX02HV5eiCw`-L9!C48{C6
zKA)c&jr_kKz+e71g_Nm|te_>>)!`tI76<4rD2b-C)E_}=z~3*mHg}ByVMZMxlwe@8
z{FchhYXCE{gl4cYbEbQWR7v{5RUKxx$p3aJTRQXvHk3AuTnUyp0xnaTf{zbBnNCUE
z&CP8d)d7aqQLt>JkBbh_cUcAU+TXqVL*fj2XLjNjA=Yo+GrBrJ;Oen||MYWDnj2&P
z;!jiW@R#H}1Ek00*WE|m5onL3MnjYDRn!1ief-bvvf&2IjusK5v5w-|`JcXF!Zz#c
z%B<Cp=754)(NLv-wXy)M*@Ijvv`ZDD<KpCy;-iA$kiYDI^)DWZGtlUD%}D+aG^M4j
zB^NgP;!FD(*q*>UtaMcM9#an_a2RP-OB&1SBE(BRWm|@+`Dlo!|0?KW=mnT|knVWx
z*0L<B+rwkKur8_FOK=WRi-t|Ek>8)o`;8L=>n^KR1!BS+S-Q(?qnBrj#*L$)RMv{J
zEhllUfW3&LRG^0urTD+_^hHbowh$Rg??au2<EVLc{dPxh;@RUPb5~*>S!eQ%+LmhC
zEI7vawaP}?G1&`goWifqX4B6aAAbG%&%_M8?mRA#M=J1$&g_GR6GPocldV!B1zHEy
zDz%Pq4ux`$RO(iOb(3K*XDP&ghO(3ge0lGJZpU!}DO@`I*?4Q<lUhelnLp@TI+`g^
z1jqkB2=0^1$<PJzfOL#<BulAMwm<n`E}-0R2v#x+*zS&Ulk{IwjsF&GBz!GI#wmN*
zYc+i!-&X_Mal6gr9(}J%PD~6Tc4`wtP7(1u(VS_GpoRVjj^#hmjb=0qLkWS4V{Xa&
zvlnFmAmz~JKQE&r7;!S(BSZR22ZPmC1cwsio6RZ|UvQ0;LUhLvi3DRSY2^ZE8T;8Y
zf|PO-E=wta7ME(udNc`PXO@znuWppTN2L`V-EQ{(FA)asI1xuyoBRi@68`nr@|xn}
z`FnVnPa$e@r2Zd)Fr1^Pki<Y|F}D<WZam`1=!(e0O>0|8Ce43|?XoRE;VV?>xc$2Q
zT4%#JaT>OaxQtj6-z9qars^3qtH24yf3+c?*)i_B^Z4JGXr247pkVF6<jjmpvenA*
zg%AqBm>3pM5f(<y^lEoVzB6K0!EB_P5?Y~%Bf)ywJKXW<#0<3W9w2>$-*A$Y(zRK=
zna|0+e`Vdw*{U!8MUC1};vXoZjwJ3GCsn)v-wyU@gH;`~;B+n<*dqI^P-ay>pOR)=
zkSZ+7jt&q1pG`}NkIhRXoK(%C?HI#Xs|y+V?=VlWP2&Ie-34RAep%qhc!iT+*x0ac
zwqK!&5|#Z^Rh`AhkBhxt6HMQx1ck?Iqu#K{3BfK3$xeFxL(CDR4<&<31HKR;N){m7
zT$sqxgv>?Cw)a1tWKYwRGF4j^O0=^QI@JGcJQoPdN$z}5z5r67C~#yfK%V4CeXa{H
z#cbHq>K{afjtVo4IE`qGZiwDS<|e%VFZlnk^%YQ6ecRV`cT0x|NK1EzNQ;1UcXvvM
zGy;NjN_T^_ba!{drMtg_@4f%S-}?p*$91Utp0oFgx#nDZ?<*197F4)t#1?2ie_=<x
ztmc}JGp1PVrKuBmx>S^u(0aA}ixsYpCaRq9*KB`)cB*H+xB=nB$LWlcP4#h@(>F(8
ztemEjUI@U2gOoJcZJl+!?GbwA6#ctCw+qsBx>=pF>((=e$-D5n5))K(&JD^86?KN|
z?Slc0Kj;@0RNKQTHKyy@!hqZjIDWhl5!&H&1k_>>h9jzT^V(G32i@G!onKDm0Ys%4
zhHbA$ir{Aucu2lnldY|<mwVit8Z8>jIUahHztVnqoB5gPU-QlST~L^Stz;J$#HUO3
z2YCLjmI4}2k^ta|KR@)rjaVOajpC)KXxG=e+PmK^ogAk1)h|h@Jh*<m{uC4NJNA6S
zRO!F8C+IzJPGZ*1g9L8JUWJ*HmU>a$?x!w)dU78@(*Lw?;KIpVg|dJ7RgYvCSEJtg
zkonmH>bcDd3dtwB$w3m7evw+nV%~Y~051tdNg)SmX-6>zH}2!mdu;4YY8sl}xAY7t
z%q)(?kjZYYZo}FY!o=U+_3BqwF<S__KS-Hu>P5!&`o5$I)L_8<uzbcF-gA}`9Ymvi
zoH>CLkHlFkD5H40SZhtve0Ru0$mbSYGQ-P_Ko<rD5eXKM@-uvP%a430Vkv^G0qT_<
zB+MSKEPpad1kw2Mt;zf8?xtQ{xY4h(E1dr$2gi<E(M-0>N+aoE=~6LylD}_lZ^TSX
zovND08FmWr&J7?^$VGsunk*F~SQig<XOAvom@5ijbMN1LPn=Bhi@%QFhHt~I=MMZR
z=$;>J)#>1u5!TRdS4UW&b9?<M(RAXrpe)W8wQ3}u8iTOGfq|8u%+4#W6h|*X+qc4Y
zStloU1O$XVYz~tVQc($s>AU0`ddZ&dcAqmcrY%1-7cq?T8WW)L{i4W=w`C%1xF!}F
zWZy36+1%>{yJc@0LC{@nRTRB+f}eekVrP01XXt8RVFB6-e8)itnkb*K%~$s7d#$_5
z2PEcq<Vyf|MnG&iAYNq(OCIK)5z`q-KTpa#l^lVC^e-~4Es66bnWkkUutWl}`IsJ`
zsZg}*2XP^YWdh@R(0EisqOz9Js7SD+wOu{;*@hkhXuW@K2YuZ8*%^vUtIX#(K9T=1
zE~s@tj$aSOhF`VBU$6x@T7eqGdbm`f>qTiNi%;6`{o1D#V7XfNz4yIC_giCWMSvT~
zfw!=1D8s~rT#cZY$2F6mu{F(fAs_!Ya^_Qr9e?L=D(0UcCt^J0r^XO~AfCI;1o>>6
z|H&(7q&k5xZ)lL*KGDV&&WSK~-e&6q@9#TXErm}5f-@)7{Un5liD;yjpvq~(Uo~(e
zsM}q=Ii<zWq|jxo-lw2pRnj6b;0AFeW4nxXC3A9{*N9Sed_k5Ugc47+qoL)I!~h!6
z>o%OB=gVRYNcldL_(1i7l0N1G!b`L9VOf_r9FN!2-SVzcIJx*mY-XOA!UwdT!NJb#
z_c2k)$sh?t4IS3aYcWh^3tWcT0!32jO&l2`clvhB?qOl?GoQ1z{%MiO8hi~N(%;3<
z&7<u@piNZS$vp?t(a}+O-Bom)P@;X_+C&`aR(J1`nT15=@PXvm*yMNAG_DUj@G+yb
zwl)+WR!#rH)+;Sg)S&Cp8CKyL*PV=@GV|#Yx0D1PX9gG~Jo%$Dsx*&pH{el`hGxK`
zak6#;w@X~x2&gSU6w=(u5|lYP=d8We_NBaTq`)2i<7>b8)%I>j>Z@TmkeuWu(4GCn
z5qZ`&BJH+*_EscosaF)b$K=zR-VUFHgdoJm#u~)o#1AF>;En{BZMuHYnF$`<joPgG
z8gt}#txx`95=niw#DNS#5}pT8Dke8$IUj7-et!j?^qnCBaEhwNk^NRJDH#bO>`>4a
zAIZImBVyf8LT>ZlSB?F;tTd5i1i=UWq<b43H>;dA^rewoZl336rES#@i@1(Xn|mj1
z-`l%!t?1N!JN?AUTpN3JkLAQ>e3FUt_U(kU_z@6J#m<a#au_60>l*dJ*b>@h!H{v1
zq+UeP6?Pv;uFo@NX0Ix0|Ks4b@NSR(0GU}39-PXU^o&~oi>#9+1^hPrj@I_vcm2Bi
zv5|gZOs<AezV^cYp402$?DkWkcQl_LQ(ovkv!jK|;y*JqG9pg}mkxBauLl_j3vh-9
zt%V(+w7?Gsl;i(1c_1!>`F!ff5xN)pW@Neei%iFh0vgOLK1ouy+fZph^7+B}$!u1_
zz<DC}qmxP#j{c+<!BC3yPak%s6++20{m^hW<ehB$I$55Ro<4HH$E#|qD558B*-)Zf
z```M2T<3yBiTHAjjzu7_obIjV0ef0bC=+`&Gg7!@#&@eb(3o~-;XSl$Sw)J0y>xWK
zW_l;8`iIAp816xYJw9ioV5N}ng`;4C5fn0Hvhh=ZZDC8wh`Pn&6C2>V#<GcY6nyf0
zqyXB=iUQcV6bXhDIo)nb>4BFm6lm$scD&sBoWPiMLtkc+MA`KB?XtHjs8m&7&Es$|
zFy4L28f9%_i%*9F+7yY-v$Hp1eL5scNLWss0Bs4>81fnOKf&YAlwNy-1rU)4I#nVd
z@K{0UJ3R|c|NiCUO*#S)HB%wGyBJY8L`30v2?={B>V97*J*$n5bJsVqv8n0*&VF-4
z+6@}S@7_%ISC_f`XPiF+{wGoti6ig~!JTlvcnCpK3>T+PF^`6(*M;c=Ko}<aevpUi
zly$9y$iqAu90Bx<>wL1>d&~9ZPD{;2ZfzVmhX4$+co548!t(cw*2}L^fhX+gZI>(j
zuG{@D+8uzHZ#k_ulO8{CljiWT@x!b|e*L>F#RUKSU81Y2%gQQG4jF+*VHEhruQgl(
zWwAu>fhHjqAeu52(txhP-WC3LY5@3c09Er)hk?2nXLfZpPHC?6p%`$T4@9n)N&g*R
z4ax_Ac*-gk5gJ7|58D{PDw-4k*&f|QS>%O-*}MmK1Ju8sIZ%<(?T&=;llj*!hkt$D
zG3)af7xYfNi=s#0B|?dgPJxpt+ar!tE8o0)^<_+;+;`tXF$bzH3BR_V|4kBL@Ggmh
zSpg}t{Upf+lcwXDnfe&*?H!~-zDP;|GtrRSe8Av*xuEaye+Seuxjh5QzXR$AzzaOy
z&%f6MoWX=?2J7Vm$YGjPl~LfI3JoQ*_Sm^qXX;y~d|Ev@yTS(S<QXN=G9>*QCAm4x
z#&THv-f`%$oBQ2+C3MgH7vdJQrvTDaq<Ab46p>+)gkMb6%6o`LyNhd`53B2l9N+2N
z*4m&W`ke6Y&$5!aOpSnw$>ePhqoA&k&q$6D5Y*sizCb~ILE!OWlCq$9X>$613?=YW
ze^k?-<}?_Na5kK5*x~-?S_Ja?ssL7@jQYjf`51|kItnqc6P17|ovIEH>>bwziRk9e
z=}`%0$j_WCKKmw-`P56VU2%sf{7&zC?e}_cuE7<OBmCwI+}<P*rBGpfWL}!mG3WCN
zR{=~>0_!{k4TyC<!?63MlY@y(WR$IIfAndO@Ct`je`z`^uOMV_p1JD^I+1T+pK%B#
zUPJY{18fkPX1S{oKbvYutv``pGsc~h;p*>bzdDykq`v-sj}Zc8p%=4?77R6E#zvm0
zhlaZhzsT@Gw3}g(Zwl}RVv*f)-=g-R<>{??`m^2>W+wsTFNip&<u)rGD;{N<)SM*G
zKYPpEt}QDM?M})z{MSbONQv%*-Dlz9_MP9K`^Ssd)p7#-q2wk_Sc&gW5Bhy~LI$62
z0syE56q0&?Kc0Wi-Z5{78f{R_o7F;)ml?ZDlcqTG>HY%qBX;mrp-29--5Q~VZ<c(~
z^-Ik$;1GCZ+PC9k0?Hr-LtOVbPShAThY$Gsm$nD2GlcnZP?AxTQET?0wjrN?j&gqq
zoIaYkV{4q=j3nUkR4Pl$#d}xf?NEz~NkEcgL;}g6d;#A73VRcqnwEYL!1e#J*v)Mv
znT)e|hWMbc_m&RyRFMyXkxQ=F+8(Se%CDL*U^C2z`Asl!BS%J##p8!D-@niV6FI<R
zdV|~Vd4ao3pn#T0+mnSKdni{sizFY3uOY3H-xVvM0ay_s$yzq?G4vrp0x@vz34q4y
z|M&c~*ngg1<iVZe2=|xv%n-s5?D7z7oDuUDGXLJrhw3Pcy&Pb34E`vy!Y8Q+wxmz9
z@ZMM7s*aa_8{=Q?4{`{IB+AgspgS#jt&9CS+Z!;$p_yLvFN9D+|Mj0<0P8v;if*mQ
zV@c+xgqOA_*~$k2dkJclGjHzNW8`oDniUiq1FOLdA;-&s>laAb_zA!g|DbHGM)i$e
z_|9|um&3Fn2Pu69shSs8EaY4Hr?td;2V7lxMYKoc8i%Kx;!}W<`CXA1?_Ke0jEX)=
zB|FRmn2Ewm?5ZEbb42eiYaLO9D^jh&LtOUw{B@Cfj3o7`@w90?rRv|!g^ev~3p7El
zFPGr?h0^n(lArU5^02wj)mz=wrmt8|iQMlsxRy0_si^L7dD$M6leru<;4SW^ahHDg
z*kWqrhq(SV73m64O9>CS9=uO%n+v^Hd=XUI_qF|-08)8{&GHhV0I}EQhqt|M_nR)+
zbed<^J_VK2ED`A%FP9v++z**6L^*@^uD{W{Od=tB$KB-|ZYc9I(9(Zz<<Mqm8+d9|
z-+d~+;tk8){<V&Qh`__3tM^yX2WFN8t&A2lp!K+-R4ki>^NJ`A4TqT6#7$Pl-L!n&
zj|S?GP9r4+beFXM=`PVp5gw?23Pk7pvO!uRn-a!##((yn;4}P-=m-X{3U8s+0^@c4
z0M%0ww(BL^eg4W+b`^Nhkl<H;O^G*@hiGd?<PNHxmQ>83B&<Qw&udrt6tnlRz>znC
zrtd#1e||q3_9OocZ)GAB)9fV%Hm82L@KG;&Ok!lFb0u7Qv?#_^@67yb*;<)>NR&N&
zsB)JJ46e5`OPOyI3Gjc5=>}E)ox~+uwc%KS{k)PY4k>}c{<pg)?e`E^I9MTD!%`nK
zqYfEclk|Bsu$`LkUBI=z?2(Cf{?_ZQokyR}u($u+#{V+;K*9N3ExVu}{o=+<!Ejp%
z4Zq7!%m>xn10^ndky;>#{*^up3rn3TonTk|;OqaxO27x7EveS8oe_j(zQJgYK&CgE
zYaj>Vox4fnFG1rDrwH8=gfj2exO<LsPW{PfpP<5EAX(MuU6s(O-wsH0&BfKd+vNWJ
zyQaKftZs0j)}Ejw(FSqWb_=j3R&@x}1zv<%brvjVi+1{?rm7b-6corh+lVI^g!k7H
zRxv>UEI-7AK@bj4b5d^!91qDaHr%H#H>OB3%?L*xHABwf`p;HJALtz%ANAPn&U{u4
zToZbqt@g0=cqVtfKB1)Hb*AaEg+1+SzyqP8tmZq*awuUj&v}0l!0`}rluFdH)>tag
zsXzP+saSbhXP)0<`_r$RwHTLUIj;^8uOEgSN0=>X-h%=jezgJ*#2w<{SB1?L%+Hp-
zLIa`BGPOE7-%atFj&Rv1MchQyr74pJ<PyT({}TQHiSif<JQs&YS<c+&QcYeym>dAM
zzX@&C0%_ZaWGEWeH_AI)9{jK`i0inEz5iHeD>MWU99~%ud!l&4B6kKA)+ndxzQbqU
z-1Fh|&_V5zYd|g?(B2X@ji?0OJF*<M*k*szT|7h#aewb6DF*FY=O|6Gp~)FkkI3I$
z_w{=ndc>H(<0Y)e?PF5i(^un@osW#OgO`m8@vGOXkk`Xw*3qn6_+C42=Kn}KT4cvw
z&f1Y_)1_@`#!WsnsP`FKL|9J0d{YAc5hGZ?c>}TMndwsN7R!YW0#ali+jl%3@Sh;8
zt#NF1if#Y-T*^N>E5F@C!q?g?m9-VOZR^=%KH?-hWDK|SE-$aSeWx2<pJ&XeK~}bU
zhn>JYiE-`L@ks6;C_(+SoLUb)Zv86j-fL-FU?l`yUz27?m$-5^Y#6sCr;f34tBWU5
z={uDi4)cI09ZNLv^}00g{q!s{j=;X$m2PK6r^|UhuI&@%@a&-bV5?Jz{P|%#0h7x$
zwH$lA;j`a(YolL(>3qj~c6_ko<%)q*d|j_K4_N=CP5GaN{+G%H{64Y<KZEULRGg5?
z0B))<st_C&fgq|0`wR|g>HA-#TGxW%e-{x}^iR@hJ~>CtODiQdj2w}jF<|gjU=ZYi
z)75_Sw0xd-mDPCPd1Y^&)Ju6o#hz0AP&6A>y^>IbzL_oGzNPKUn1tp+N}%uK^kT<V
z7%fgmL{RR-I-CL3@1b`ad@lJU;rf|ImXOb1%M(^PQdnpSdh=<tSWU&t>G1qLkO~N~
zHw||ts;TCjL2IXZ@VFLN(s*hqUZ4w(^~tN|BIjl_(=YQa1m(r^x@`i+x(9v3CmSE0
z+BWhdX<WtT<%k5r7S<)AMk*uqz?GC0!*Z65r_EXlkqi5U%W(9@jz?7}n)M+r50+5E
z#Y0m)VW-x#HI&j-5#qjMQIv=nI~>l9Prm)}r@shaOprZ^xj@Cg0;cqKlXI@qx!@BD
z(72$x`Tk|v06uGxuPDu+uSH~nRAVOXsKAy!{DA@6KV82Pg;tY|M3tT0!HbkTcb5{+
z(#Y*R|L+krADVU8wUwn5sbh0=D0MhQj&P9A$8MBq#E^%M0><OR{mQue_6FlI%d553
zmH}Y{2U^~T5d*@RN=RpEcZj1Ve)V!S)5!*UeyvJmW4W~7p7|<kOWmpMPkeVFV}xY)
z_xk}Ydi!0~d3n^`GS2+oRH-S5;mV=7kEdYGj~kx%_M_8yo`c9}C97R;Y7~dmEBSB(
zZg5W~L~3>AE*U2^F%QsfiG_tbl2Ph*vf%EU*5hR+UFU0#f+t&2^S&?=D?L8kJawGP
z;ZD(70~uAXoxY`eH>P{9x+C#sf3St7J%P4YXGDLg(5vItx>@n}k5QG}wHuXXu|oEP
z<HghAV-SV2&dNwM+D(yX^TCqD$wa?3jqfZ$<&%b`t3mOR-zW7bPLl-MNfy-S5X+j_
znszAD*;P$@GB%&KGRKYc<L{j=&&5RIJGsBI!*dw(fe9eeEylzqGW{4yk!CSP_r=*`
z)$<`Ow`~3EkG1TuK>w80lxn6QVKXjezjK0O`Ary}Yfh7&P)j#=(!ZWcaSPW$pt;oi
zU?y^U^)x@LrrWnqxUQm04W@hRa_c9?TPq<bmm(ug=TnMs=HFCOU6snYUH4;-uoSkJ
zzIKq&Sy_w&VL1Ty>6~MM#WsOlXW(`kHo;||ucyU@SOwLj(BQ%7j>hA7N`rDLTr#Ec
zLioLc5Bclj1vlw(W!vw~cefvT?{=^#=a;qINh+T#>JN&0`^5HZa1h@V))|!2k#TBr
zU2-pc`Q#-QTpq6xPHDjY<2cCu&Du6eOYx^LoAoyf_3-9Is}Mt4eVj@mliD8s@o8?V
zTy(!_ie+<y?R@X5IX>U^{Hdar$Vus5;r{xLvfq?$#W(*&1L$6na>UD;P(RSC|A*DT
zmXG)T7@DG1GV^-%Cp4Otg;|rD$no{8Eq2+l76K3dkBbQZlm$!)TM<Q-&XfQf^R|C|
z#cLe`x$Q;}i_4KVquy-hlM*6drj_nj`|U};SR?7?BU|3fi4QJoSD09#@jsqiP&s6O
zD1Vsw@vtQ^bNzr2e2pkK>`KsHome(h-oS(TohcJV*D&VsRxc-+67lhCswd1!Of`>A
z_{X!foMm#;0XCqWnV_UfwdKC56b*He9p}!;vfGhk`Rn#$v!Lzzn>A?76z=-e`ML&>
zsJhj!iX?KV#nZc>lh!n&wcCCk>e;1h8_I9pGD-`ri@alNeV_m@uQ1yftIpL2uDZJh
zvOeP@I`!N-Z%p6NGO5JIm6i~(L6r|UIz!`;)UNC#45dyYDoRm7?Y_Kt$S`=}Fi_Az
z=^uqrbBgzsA8_SlT4cDkBfaim$;q>@72dxlLwPt~v>QmZZ8_C~<2ZY2Bt~82Rz~mS
zSFc4ZY`IrOZ}11ZI-)d><!wJTp2@QX)Z^2w3EkP}wehxox`I!22gw>fq_7-Sx`|SQ
zY`(o@B!JJ?h~QK>JkjzR<<J)20Ny{V-2OF4b)EnG6%!PR=UHK-T89~s)zsdCuP*KP
z`IF|{3BPvryiAM3V;=r>8bR(6Ty-r_x*}kos^Fhc%`;5n8-T{;Uw1m(*^fP~s~np0
zuk>B3cQ-7s>Xr5@SM|)}VOMzINdo`P!mazj<8)AhjTn_!0-DvVzdQS?tc61<Tn>Y7
zwEZ-jANH!4Y7tyNHd%pmb3vM&$G$Dacdr^a#>Wex%_cNu;^gSS<wZ6kv+$p7x>)Uf
zAc5sbz?v;M(#mi!ltl!J9x>$jT|&vf!xd7RH`t0gcj9j~m9oDrck-VcNkM%?XBpF0
zsR-u(+WdJwU$HRyX59I?EZCo<TF8TUHdF3Tr~O#+$^TWfe`jo2vYX-KyNwiq!a9G<
z-o8ucEQXJC0shC>nDa2sn(nTSH_kF?KBitC#L)`O^o~-M%fJfozdruZh3c|#X^Y2w
z`c~|`BnimLHcYD6e__NZK|d%E!hd?!e~O7qQ2GZ3OxBLr8vIx{PAgPWb+IM~h=e<Q
zNhvAWSFy3bzMT6%cYD<-JL+xURwaFlTU<VRV(gfg(Y^Vz?f_IrKo{s{pKZXvEa?+1
z`jK?xCXenVilNLh&;ArVjq`}AU(!^rHuJfBlNv~@iiLD!2=KO&s+YVR&isLnHE>L8
zWa%z=)C<u$=iv%alw{ewS3tyx7)~Pb@&juAj#Wr^CRdA0yCFuZ!H}F#lOr!J*P1!(
zM3aufqc7lOKRKoDoQ)?jghcttl)t{-t7!<iI|@3YE?F<a5uZ8*xD4N?$6&+IWyRkq
z&*ht5=j*ZA1<VA_i8Ta<vplV@xDMwd{GAmNs-R#jEUcp6L$24Qm7`CmuX))w@hxVL
zJsra+qPI&??`6vyT%8U*ur@SX=k3!zY79MGb@NF*6&*aIQ9QOU7@{pp9=kL-gwdiF
zX=2*e%6qzh7-ee=o6DxS_6UyMN{fF~$<A<`=jcr)(}<>EV~aEcX{XA{N|{yJtc69{
z9?wnV&n*XSuh{h*xDB{0*Ea4*A1z`kNqV#_a6*BO0Fw+Tf9U?@)N4=2qi(qdnR1-+
zH)M2l9%q|sJQZSL_~?aQX0!U$Gv!o(n_Vy1bU#Q*6BII?^u#dg%#ox@bTxdsUgwL6
z-4k8FBV)CETqO__#nAhPCSgT1F2U7&;Sc{dPU@xw&0pE`M8Od$F+kh8-J4dNld#ik
zDA6YeQA?%B1Bd?UmE}5*aN(q`c^5aY+nvkiFOn;4ovTawNoDpaPLX!}?Wx%25U|&D
zh7~myN^2<aSGH#@*9zrP=$1GPd!lx1;)!Tc{!y$3q6k}F&CSZZWMm%j<>JA5`7ycV
z2Nz;ev&!Z)g#^6jL7fjG!NToxyI;4r)>0+XEHYRU7lCOw#s)WDRtFecv)8JB^7Vh?
zjyDSg0Gpm`RhFbda9R*hB4*~L!@XmorFRr+z3i9;yX~+=;CW<1umDsx?>NEtwq%NK
z5-O0ccjHIQ7O`SGXr^bkY%Xhu`*BZ*wdSkQ3X_KeMTgFSS)C401Rur9BOW%E4wr0(
z92Bdhc4m4FE1aGav0}Mbcqu$GYP7&-><r?j{SG?%RRG77(r~F%<m{hLKE^RG`&OBw
z+;R;Io$9Flb7zCt>(yq(y7H=c0L3y_xaZkP{;sIM%Meg8#$=c)*~2ZII637>(;Hyp
z(CM4>D=796B?zc9u<ZC?P2Xww0HYErlS!)UNwJXodAzT<8*RExuW4Mq!jM)p^CMLR
z^#vSa%JB5|N{WiHvN{hunMC%hkJj>f2=KMGEmm5Qm=Y+fA<_EigoM6~0yU~id^clW
zOs;$SLj~Km&jxFP;R7I*e@a5-Z=$z)|B;tvC`T;lod9yn(X8$Ze*n?+XJ#s3UajGH
zpRP4k&n6W+Aq;n~W<wfT<_)Up%D=qPNcbFpqPt11*B^YfY?zk64PkMCOR{P$x8Ro_
zDNy`-A)lJ@Bi)BDk0<kcZ~X;XuNI%)erFU5xT$k=u<ks~wwkj^ha0z&R{l*q|5~pf
zuI;B)W3j7LXsFEtHc?yx>xY&>VO3Fs;xhsDYwKU!XYieG#Z|irx$1CPo{p?2Bcj;g
zGu~J2k{o#j#O_-u{s!*%?i1Rm+`6&q{=E5A^14tghRu5ZlIWx~Qkh2oWb&Ky$ym&|
z?LJ@R$}X2R?dQjb)A8#S`cSb5o5?o|8?$fF<9DjXv{{BCXpesc0VLFWD0~bjWqNg}
z6WI5O)sAN{R`})^rhoCA&yZXR0$Cl@v*n<Bs+b~r2<9rMo16c!<Km14R5ujD1#l!D
zB7(v6+FqypC5bMGb5)_W>bvF3m$be?4Agk>RN-9!{I%J;)_onBlvno#^Sc1~R%nyM
z>5O&o(M0uJcp_c@O!a|rGWQoK0OW}teTf$-F8{rR4xnV(Oex(*vDfE2;gDQBI;=ak
zgW=AC+Mj(O-JPg$*ox<CB+`6TNXaX@)_Ty(E5<M=55r|~4LCj=o&e^*P<@-wYvR9i
z_G1Av<U*!a%QKFDz6%Xw0p(~|;Wia0g~$oNvWGg=$M}nl_#|71cGn2C2z3<bKf$4V
z{y|`NanfEteyw{EFNH+PtlV-iA5IZ;DO@~7YC9qiryKl-^zje^v{FXuN|b-ZPB}Ci
zvvLZNKqz>hOF%}!9Pg-pM-8g$`da^zu)2>2<gO<of|{`Zsx;4kpUw^r^e+C<(IP^n
z5D`#P3(9A02_=t#v}slKXNT4cuDUoR1v=wGllC848s{59fSU6Adt_31xc}C@(WB95
zUdpHzKIdu*3STS6PKzqmDqgXC+-7dgk2l`<xA4C|DXiPwzw(*)MY8sm05l??O$6tq
z8UmQg3M7PVKng%%ldyKEf09Hz+JCxdwT>IIGY9_ts>Ms40nPvd8U7!e@_|wX`c$y;
z;4jA=L4xDNb|TLr*PS-#o^yTm#a#meXKDJ$`dJH8_+KsT7$4mD`_>DHZjP+q_ScBO
zgUSbaf7GRV%UuC(qP%SpQK7N7{#Fgp!}|VL4_m<oWTs!fasT8?Tzr5b0L`UaVN*Gj
zNPriRYZ(XdV8wtY+ka{=uD}Sq!?FJsrvEPkxC8-=i}B?tY_6HZTvbnAuz%Sx)6oPd
zNpUx15H|TA?T#g%vViQ$Z$kW+@<$4u3zh6?okPo>3-{v>@$z2-Yn6Z^ybac>+7DoT
zWyfvsD(W@VoVlSZbe~jzWuH`^@qlznH(0J#vOLf>h;#P(e{=YY^@@k*yjub+*)aBB
zqV|6$bj1(?&}O`o8F-7iq~f`KWkoJ<v9W~ids~aDCZKn<wq`OzbIZmvgVIv|+pOVZ
zB$Q63``oJY7mr!=IgFF%r4}Rz;q&2{$K=warYL($4Suc`tL>lJt_PG+2}ytffc^ON
zf71zkaETKXX&-uVCSa?Kz7`QYj_eD0>Df%fyzNyihNO<i*8w(su@$i8e=Zr(^P+de
z<@|#rb4eA1Y#%COeI=<P44RoRXIoL=uLxW^=~xdb6A2|69>xRiFqt`lH&XtOXG}ub
zAsZ1EvFdx}yvjv33cez@q-B}S!7BZf(KK}$ZY7xqgZ_4<f|QK`^;3));+v=#75_9j
zZPARSba@j341abqp&cyrkl)JD^btq_DL5P(Af^|d_@_nlKf%I^Anqq3a$>>g%;QQa
z!DN@$vO1j;pl{)_u+Y$O8Lk{h1AS`0hyaCXx?t=xnwoZ1q~pJ*PcR*mn!W!ze<s*+
z^Ub}gg}=*D{sgULKr9@+Vmlk!lXc0i$0|ICr~Xy<&_UOzJy)OkXG7iMLnqUDR7-Lm
zp<f{_WPBy&C7cC!)mt;K;CyneLdHy^$I6l2L<8<(+v-oH#B>_4zP1nLqz`fb#jATm
z;fu7E{9jXBScIUcl7UPxQDH!YOc7C`SfpO>x<of^KdpkYaw>4a1HZn}9xn{1<p9WL
zJ^AKCe7{In_7sm_djtX6kGSV>r$+5FaF)ZVRnXn0=SdH-YKHA50ZT?k2Ny4<nF!ky
z?<R?&lz8&KnV1%V9tS%@u}(_3RHr+0zzOy{uVX*vcfN6b#{{gLrU}g}$p_(q*@UxK
z>>C~kCr@43v~C)av~F6F3SVnEw$8mdyQAwU@EPfxOZG9gFTP;yBCFbi=wxGKS5ucX
zvHHohsep#0H$%7o^~pa{9R7#a{4&f}M0HkpuO$(m(wfe|A`7JFpFDrQi5bYI%0^c+
zfhQ*d7i+cdgg~hC#wO^jF3xLAD`7}4DRC^mqbX`EEGb#@8m;zeWJTZ22*Tht&5rLq
zw|ksEla+lwJ(#lB!1ri9&OBj2{pjpX`%TK7>mmN-ox3k~(AAkXIEvH#bV%(6f(>*X
zgn%>j6!x^fdjR?*4v$$;>c^n!DM?DqC@eAwwQPj(aYtOf9Wsfb5JeVtju~~y=z>^g
zl|kz8<QzqcgseE%!J_%CJcYg*#iU@~tdtzvtO-kG;spWLt%?b_t+m~+LTJW=mnvnO
z$GP<1)AIVkeDGyNkphimEh?)+8qV_a7!9mavjXOIs#tkGf75%%>^Y&Q5zT^&?<g%7
zo3qH~Otmnpt`KUO6IaHmK?8k6GDU(;UjgGUet6j`EA$BLP&zOpoT+#0iy%_J5z)`6
zf9-)&0;b|k+lsyN=k+wefj_o}LLB%KS%%?k%-MdLjV{<fPgW6X)jlGwN%l)YBlJRX
z5+*$rWA8*oE=dZ>2u@m$1z)^I>P!^o3d$=D+AN$bJDNqAKeSB0!m6l}rta2&nH;E>
zk7%Zg{eVzdZ&pYf)nd(&S;dXiN8}?Zqoi7Vr1x1mXEx$WRw-jdM@&SYFChX%&nz6F
zTOM6U#gjqN;cuvIw@b%wZ4qsC;Ff~Hq8E#_<KTqGdz;;bAXh@1X#cr1cqp}^zbk9P
z%)F+_x7w99X=^7X)~~nzjM=P}jg%8p62w)H<1Skyw$xiK6BX1|XW3VYgr;dRO1wZe
zEo(fzXzRQysirkW3y!JSxV=3WKhA4?#-Zx5kM#6@uhU8J`b!<epV@gaSw3Y7t+o18
z;@fN7ijo?+62EXC-8h^<{u^bsWtbR07(?Fg1a6)xV(zdh3CY#AOsk(&`tj88&Femx
zvC%zg9egzN<wdVuM7$WNN2}tS&fm4qD#o8VaN4k(_pjA<f%xHBS-zsuqH7Z*u}vc=
zxXnmaXq&l&6q<Fm*DgsrL2Xd?mJQ$j?ziJoW~1$EyNLz2npb=BA=PnBY-IVKBD+h<
z8cembd^twyv3R#tsy<pUb~C>&H&bLB?E?*DTa)1<{j_-Sp~B#Biu=`Pp<LiVbj@4g
zp+imUz->>P@4l1E<nAT2dKPPPJA|8n0=PVR-0FP~hudUF#!e#sIT_$3g2C9w<K^p?
zpT5OV@d|85q>QAz0c<7LQ7-kXBH|z~K*(n<Kkl8_`|xaZm0R5sZ+R8@uDg7R;hkF`
zOh7=?Ej3psZLAL5BiPcaVjwQ;48xQ_U6pP_KPO<tGNcrnxn683a~kZHls*h7G#cpK
z&>rxYBJx3`4A>E%hJ}PdHMbuSRq$^v!2zff#qxS5;lfZcX$=UhkklVzeamUgatF$3
z#ce>$A93~->7M4sn6SGylUIzC8?C7r^Nss7SRL3yFH-VDzVlR(r8(dF^Kj5uh3BNe
z+oDy@dWXmA1H(5l;>8_n=1adv2H-hWmhRol_>eIje|)KTg**1BJ26$R4f0*!iCj2#
zHlW-N+`|YkNNw3j6H2MJ)XW{S8@He>ZofqQWO@0Hg9q}*Xkrv-bo@0T$RX+6L+^k6
zkW>(w*EhwuS<NL^I7j1W_~_-RsJR-RlUn5RTq~wlntivd_cmGH)_SjAdc=Qv0RZyg
zbnGOCUDNhJ18KnYCcClJixifP>}WzC+r+aY%1kW#Z6ib0d!O0aOsC(SNX~F;2?CFZ
zMFi7qIcoL-)V;vLCqqeI!Z*(QHeWWiXC&s5Ge%JQ!2uml%dHyuJQ}r6=(i<eMxxz?
z*!mg`zjI=}{pr<_a2klrB(KzO(n8O42DmLYED%Oi%$!VxT0u+ApJsZXT@#hJjo&%4
zA@S|~aaw7a{@E32&$yNWYLh>B){<xCJUgbC(x=#rsvSZ)BTPL^jOg#PxO>5ppyeA1
z3wGK-6cS`h>0!I9s1Mt668*L%83*C3CHK%jza!Rh%gkpj@`NIU(<^2!66UsN^=8=j
z(=o7CH1HI!H%ZIHXZ!4jogFVV1SOg6hT$_2eJF8_sW;KOvjabsEjcqsFl*UsgJ_vk
zq>viDT$&3?a1XlWXS0@>X(uXB7qKGn@|$b%JkIXkVtz|`c#xj8WuOW9=-H4xcnztS
zX)Dsg>J>jrdEoKT6ql>Fk1>0b{{Qg|Gz6EXtlP&7?0(Xaem^`Gx(3w&96aPM&z~^;
zW4Xq^`Vo_zRzJPsSq<4l>olAmY(hNWByN86SqSJyurL_~ZybckorH^N#z(G>W7;#<
zsZ}H8PKoNplFy?+&k2{X5Jpf^C`a3rqE<2!Jbp5IuM^sEttQ7cI<hhKIkBjV-nM{Y
z(O{n-oAuRXZaP6M?g!Q8+h5^4-Q!DeAf%_22X>O(vq+s`WcxYCQ+YG?$%)<Ix(h8d
z&~C4S%hqcx%}ew9DpPtzH$$Di>Pnm59e7DeDW8r*LEF_=pj%tM8fz`sQ5wCjUp(a-
zC&sTpwvmYi2=`U1JfP)=7&)$YcPOoKD$CwQkA7-ZY)N4~^N)}<mTIB)xe*<D>=f+$
z;9T($VrJqvk7tv{lG5)x4?Yk}h${=Eo%w%&^yThHjm@0GZ*T}LzFOi?3ow?*4h($_
zUfeN$L@(txHCf$G4ZUE#i6h@cB!^z2(@nG|O;V3mE9Y5adNb_Fju@LdxU9<ifUFVC
zv%I{;sqzKysKgU)oA$H=|4`nHtsrvU+69tP@o65`n2hTk=Zxft$)`utkwSMg7qx_O
zMpCfNqc0Gq+xthwgdnKQH`e_xbLGFXfkO_2R@=}rO0nu2i2m7_p72-GP(n6*KNcXD
zrl)r@O2<W@l<AVnE4m>HN`76ZusO-W@c51g-WFganDxtRtHW3Jf(0##Z^PLAK%9Xi
zCvx$5$d#ui>)AkqdS&56#maoL6BierSNEDzm4|o<D?KTYMUEhme~Be;GyJqferOz7
zF)=q68`8QsyfPbYD{?t#b2-h`VO#QG{f$=O^;gUh_md|19p33d<`l-?yYX6Ly~b&G
zj_|K>Bi*(bAIwOs!r%5u9oN=s>FiE_sb5h^@VG#x=5|LgmL>F&!UngSj^f!4jZ^{p
z-=5l%=W*9dVACurk)?K(Z8M<QCb9Wz^S*|NOPLuVPDhUKwtj!|2$xfC8d?z9n97Li
zHArw;l)>XSB99;*=*WXt(d#=Wa1YZrmIwg%68IDzh?cE&M(JS`i@_KMTFQO$EFK--
zUixCKz+FXKjW94m!>mYwYP7@dNzJ#VmF3r#Jm}`$X!@=L9pq7ULQ^!~7;?~$85`X?
z^zp3Oq;?1;$0ke3DpvX6BETJD?7Lzm-`#FeSpd(4GJ*1Dnvm?TA?v!z{5%METC-n!
zBhe0~n{N=6)2J;Vo#1#!@f&&OAbFr~?#edjCudsh_hX58YEFZ?8t(K?ZtDLD00iuz
z8PvLEJ?UY2GPvjY&_Qr$y5@O;z4;G$#dO9TAK4TXm=Xq}`qdVhFg4|al6jO1iQd&G
zPxhf5pisvm%vdV_&dDaHzf%-kyeK1Any#+g&Y0kjU6TkogyN|ROoemqNzn(ef<@zl
z7sTQNcSEBSH4#CMA;qzXkazCJ_@pI+JH59mYLJfxFOW3J)~4J^KlFn@>tmGbTp%Yx
zzSwTXaxpQ}lftJ5NR-Wk*1eV%zsyRi45fl77Cl0vMK{K(2F@Z6OD?yZt1dseNA#~W
zrs+Wh+3Dw|>W^pGJ8#lUdv?Z2#!FKCnjwSO*(ejvw{g9K2KSr&7a4MBF`4!%dg~lV
z6)(Y{eX{yXekB%XP(g7yeu+_mD6D*#a5y+Hv?=QERI#>S^GU`V*dqvstx?tyu{}GA
z5UlD6R$PnZLppSU<SD+AIqVQJ<N9Fyz7%WJ4m{Sb!V&G4>FuJqUHZh<Z`(>pXq+d_
zPpdFa)Yx-r&A(zS%`g4CnT*@lEiVrkXUI4!kBfbZywXdE_Cy}iu65qN-49jeW|!(0
z-<@qILm&uK^~?;W@6@h48!fjd1zV^04PZ)L;NF<{@hzGVM?UCso_OZQ>0((>8_gfP
zvBq*0H9VjLeB1m5DE^nD--lrzug;*ySB`;)7bhs>2K_SD$^FjbBy3ybjz3fW<2<j?
z27}T#Qdm4l?Tvo=8+LXS_>-@alED%N2Cp-#)$)|yZp~!GO3UWL6?O&|6i5ME4caYO
z+YR1TBvruZLt?$9#9*mFk55Ie-&=csG5Oh;dZ88NppdGS$Zi{Lr2O8UZD;r}BY2d|
z^>#9NCk5Wp3MH1AJ7Ea7O-VI4F|8)cX#SEt-uiy)>0J<tP|9VdG|Wh`U=k^*3>G>q
z1UKW=ew_XrK{k7a_Sw#l+Unuq%f)R|7t84@J3<2un_AMzZbVww%aoi|&Jr<LW{yxl
zwVW}nT8@|j^=-M#_5eSu>Hh6^Da(!PUQWk*CM+pRRs}VW>+SfcT2B_YD}vx}?Ue(L
zF?<GinT~_hAfRh?WKXXQ$O%zV$sv_gk>w3sR1t)&UM*UKx8cnosqAb+;VAe7w*$f*
zy|v>buVz%4Dx9;UFK|$S?R;>1MVv0+Y~O3DKYJ8w7RIgy*uvu_5rW@Vx_hX~M_!1%
z*-@%UUmc191RLkCPo{Yu#kGY3SGXXD3vRVY5?P(x%n~%YFP!1v*ai8O=Uu40eXEQ!
z8AGv(2i^C>Ot0<9Az6H2atyO>^0s96V{LpQCVw1Ic1N)OWUL$4@+2}1(`iKs{~${Q
zkB2_;>IYU3c=@PMuH(LRN_IKt%r3&Gn}q*Qs#l?2884?0Hn4)GaqDwGoY@UoUvnKu
zg>({~L7wFFG=MD<=cA2fi0L1pDr6iR8%HN1Lav^RV@XXNpu$D<Y}>WlN1H(>)%V<Z
zhpt=+9S}fCO-m~#W64IRObc>?{r0XRYQ~)!D|+>$%4$be_>LujVkQGSsDY`zWxAtb
z*L`cK-0B=j=k{q!;oRNBw6SA$e=quJgo2+e;*NCNP_P^f4}XznlpJju&LI{|51%YD
zS5$suL1B3Xf_HTbKy+UCj1PxG_f;o6$}L8tS^b|E6LXvw;XF0_V@0y4WZV4Y?$LR?
zG=??UHa31Z?h6mJY?Bq;xKP^PY1m#MUvC#oD`<WW)LvjBQJ?k-o!gTds0Yp~ze6(l
zc7BHXIIy=(_r-xrDs*Ud-pdn8-;dal?Nc6IODidAxaR?A9xW}_H?hwS#*y9Y$r|Yu
zJ4Pg(J2GS-(%IFFgL-54CDyucue~LXcBq@4C}B_jnSxI$m!r`|xUgHSuOmSW*62hN
z#Zb!pZKtlA+f}aXX%4jKP+Np`Tu;78M2e^;jFxKIXd%xVv@(&ho#{gH%3jYLtFxMR
z`XB-5$@|?Nyk=(-mr#`}?5dp&_(L=s8Z)L<153!B&2cTL#E?PEi62QRuapHP<``jl
ze9{<~{QfSTpQFSM@iT1S)TZ0TOe@mF$@p6Lk-@pqb6QnB*EC=EKGiQ}gedQ1ol29-
zW8t?<OleY(4;O`+G^h~HvPYRFq--L7Rq4@5)N~@RINwJ(w<8aoB04GoDrvHBZ%<TI
zv~|^{bq@?A3(M+2MF6qEPLV0SiKY{zDKCtQJi(mrEezh&48A>tlaZN;ap72PGgCCu
z^_#+e2Tu^2sDeK5PIMK)DNnhxZ{XNYb@%AOuyJ?FjZrIDX!s@#+GxM$WT11MegF(^
zCl(F@RQy=Fg5s3@I3Wtbo7!jmF_HZMfWvwd*JWJap%kY)PvAdzDmxrvZ7rWMiAOXN
z_LJ0O=0<FD6n`v{*EwZ0(i<H!ytW$bzBam8{@j$LJ&+t(9xvBXF5;e{l#fP`7L59I
z|L*c=Ddf@5&i3&fUUfhmsons~q5MQ<ortRp7CjoD&ea0i!4{s=^_;W_2N5BHP$z$(
zPYPkwxK&5_C`ha2=`;;#FREjwVBhQO-Ip`Eid$3!0wO;8jSC9wnU9-Z1+2XpXB$Ir
zVeF`1*Vz|Mg}4=BcAHs-mnv^fWyD%IBTeXeMx)Ce79gmi#!0t+$Qp~nTZIr`B_sq@
zc{xVlSm_VpA!vh%L-43<3`u+|G3=9+TAt$O-kZxf$>yS=oIi86fD6qMXLIVQUnhog
z1`0^hAa7aC!r^)K>nsWl)BXFesZfq40)(Jz`%kU}|DQ6C5bGGuN!g>xq#lfJyvrmb
zJlts#*VN(gJXWQ07NT<W*Ki&Oy{B7O<F8gz+_ai2{u?PmHdpba&+Xu#k=;oZoXqn9
z-I?Mysus#f_?&P*npmR0#X=Q!B7{zMDHi+)dxM9BoL3W4hWIXwa0Jm;I<O~DujlF!
z(n$o`-(Q+kpA|pzu9X-aF@PIiwh;f*<|JLQqJjc?vJ+3$$%*7(GnAR79&X_>OCTx?
zNM85IYicIS*ntb28avAUmztH3Pp1!S4iX}!5@?dIxumjO4Wn2;vbPN(@S{J)Og?ey
z(xI44k^nB3^+RtdqIGF$cO*r(&jQbZn0ao*#1!Vt$>u^vGdd!P@0QQ<ZFQGCs~tCC
zUSY8j#{s{~wpg~|W!tyzG{gKU{?9j5z$JWOLPWl-wT!M|^{$Uco68jB<QRzY4Ennx
zRaP`pa2xj*g919+kxyc2kA4{u!RK}1_PLQ13}mma_#TnEq!XtmwjA2ff87Kv>&$mm
z5AaFKOAufJl?VdfghKvg-IG^Z_kgRj5CJAG!dKr!KgF^KCu?{*l&Af@g)~gaCK;%l
z&lEjpm)Wns2ZpB)!FKQe(Emorb3Qv`z!rk+<YA)`xn8ZjkVX*7IK*03<0F1#LYYbu
zjbl<9RlBW|>)D%jXTctU^EhFJz-|f!U*Up3`caeE*+f)6a78+O_3++xqpL;#+}j+2
zD06&%J8oLX-c~F(eBb(QO)89|Bq@p$_d&w3&;N&uVo*-^EW<1eU=ZIgD5sd5+7&AG
z^=?_>v$)~YEFvRGwW<qZo+*E2ZhJd|!)d|Z6NhjvCD)nLAzsF6u57m#j549DlGQc>
zmfO)gmOt4aXOqW<H_nLoR>8k!6|2mP66s>Hj5dobbfhgqCV<zF)S&zU9X%RmG~c_q
z&HEuJGQBRF&}kGw(--A)eGJ)0ms7U;UlFqDIzj0}YiC_JolRFrV>M`l4={PkZ&sR?
z@FN2{)M=ak@Gd0;9jkCo2v&(9qB#hhc0K!K@0*>tVfbnx(0{zrnwJkxxrZe-oh}}4
zs8mwV4a81|SZI@dJy%*Sau7gGPxnx%OU#Ppnd-(2LU9%Q4A1X!7kRzfqRryX@))AM
zqO-*Qok1pFk)>Nk%IwWl$qg)UJmzu&^Ap2@>ytGZ9DPOxlvBamKBl7**r+H_ePI7n
zmXbv-qUu|A=Q90jwd3Vde*KcPajJ+ihe$<v<TTpSX7sE3TN;=|RjD4PaH^}g6%UaQ
zRNgHgC~eMGC$I>M%ip=Myp|0x-5oss-YfwY#2?=}jCiN^bMVZWAzxEYvbU=(;;L{D
zMN3P&4)#4Wy(VX|yJ7=-f#*8$IsefH_f&kB2@wWT1Ftdhca1ZnbcwL)BcyFPc}(|R
zQE$WN>eSpg001eN87QXX#4|KK%RwZ~n&FT<wX(D2`m|mqMU^O+Btie1o8Y9tNg`5A
zO!U>4B$3U&TkXBZgaRnKY|lDhqTEGa7TDTWy&`Zv`P8^cSg!i|sD7-n`2!~W@VxvI
z-%dTB4l6(55^s$+ewxLBXy{)-RR$yUpK|IkI4fVtHiBo0MZ$fc^b>>;L$Xk4icV(3
zurnkC$zn51sM~@xn5Fs|TUU!j?A*Mv&q*NRQVYKM??42!vHJL?$e9(n6fd+Z6Vqcd
zQHXz)h*5`lXSact9<9NZ#d^wKLM*3_>ReXo>5n)i+DS>u)x<H8D=Wyl!>1(%0N@?k
z3g<Iq*@smRrKhUF+z+`;`U;5Yk}#}r5N<qTzad7djQe_sk^B?`GW8ko;yecF&b=Os
znK)hP;{{D;w6ssCYpkwOet5#_%w4n?(9C8!G7oTl1S;Ek_F}_o7ogMMD#456JMSYB
zIhz7K%(vE|j3%CE5+pd}G}-B7Wr?Ur95qMJ9+rm{FDGdJV%-fUDuRRyta7v!Y_!K#
z1sIlt%)N(FK0nEPz&|OWd!NqbawQ=ByBJu|Sg9p7dj+dGmUc2TQ>zG5kf5wvY_bnA
zgy6<lG<kxOh2rvWI4&)cb)rC+>L0R)zuO|5g(!8#(0BBzCRSJDvUIB^^iR$?1Wo4_
zDCAu>Osfw|Qgl)TQap-AW=n|F(m3kIKW3mD^!}I6E@hMAxobE%`QI1<UgFIG?eSA@
zymJgWKGk#<opT0$wii{ROeDAFbb%~3MF1jnGQ`I(DARiR%ZR9%4ttV<=10hwQMkfc
zhyqH=c=+ImF~Pz~@^|krq~gGYbbWy9gE<X?v#IvzKiN#A`h05+Gh|}h(XHx9pE4k0
zFvm;(5X46g-|2>)i!i)){<TTI5L<GXICMto$$l&d)E;1yDcBZqH#nHnYqo%qds;V#
zk%ak&`Y=D(JDJGO^(MNiHbx>2q)x)-w57`{#QE`~cY!Yij|ftzuS-Qt8tLuSm&lKd
zO?$Q)!sbi&MjJ!rSHt3_C$4yAYEyjhDrNSM1Mt7@C;T|ej0wivuMF9$tLE^Op906K
zCzawlEbJyj^Qmb&*($9KX+|?M)%iE%KYsFY)b<D)+<zQY3>uBkO+N`jAqoF+b|l{7
zBQnogo*+Zb<ppDy6Hs(1TgC7lJooyyLC@x@ChFGLCQ52nsI4io1QDV9sh+QuI#DPa
z?KEa(>jhzwND+<?$@`YFptrS5>Gq!j5h0p9>rhZPx^zJJM;Dp*H>)l>HsoDY)liO)
z=ZK#OP@H&aWdw~@)k~ftome|(B?!{m8=4A#H8>G#aUsNAi0!}$x~=);b81IN?o!~c
zUFHu5>|Iy!47bR|uNY{uyhb)sFsnxbNa&xoRwT&*8$DZ3AI=T(MBHr3FbDEiJpb1`
zd=BMT$els*Z)>o5vDM*Zl{tNh%tf$Kp3d3G$tlo^$8{GBG1HYLT368&G&RHf`lRwE
z&4QhHGPA0K$3%q*h@h+0;Df+|eKBPf{C6A#9T04KdP;PH2-&IW9Ob7|0)Cx?$-5F?
zINFK6z6>&IH3^2F%~ScEStTBMpx*2Q+#!seFSfjpA63|XWu&J<5)<J~R8TBpMQF`@
z>r$DtsRzw7w#1fbk_{%$=HhfLc|iS1{iyQ_c($y7q}=Mjt#)#Yv{M1_dUw$uNVj!R
zu~SNJO>Y1=EFB0F6&k2mda)}27n^7~KF3(*x)>iEF4qo746WEL3B7v<O5fu$pH?(r
zjMPMMf)<BvzsKWL;yWCOS!h5gj=e)ipREvAQh6G1+`Mj^n5x%LkDz}KJe%oE>aw~Y
zv|rUghDZcaz7q;~>Ss^Q7RIz?p!Dv1!z;kxQ{DK~jQ}cPf^BLVpr+Kqd(~X+<O|Ld
zt7zw7(5;!_Ms+-lKYS7D@j#4n>w7&LJy!6r+s~7suwS;<hWX|4bYVb+C>bbUI^Fk)
z1I3B_IB*V(N__%Z18ZZgeIlk`9l$pf@i>#2)QQL&TRFXf<YJZm;>fq-j%a^dKAno<
zD5(!%iuLRh=Ks%v%TuqQgLuy-+j+3xZoadWb|8_7RTnaGBme9`TQPp#Y@4rp$pr{r
zYjEJ}e+v(<M)ef6p9BvJutQ{d`s9wfXMG<=cJ-L-HYBsN$HIBR+1S{CU1mCRGaofW
zH?j?Wcl~DSp%_6{8-)*A@%MWKDGA%mfphA_v_X4-^{fhp4ImlcybtaS%An?g$n8Wj
z6ej6`l@V{UVlqSbsaT8Qbg*H(EAPeUM6osXYc%WE6<~nndDPC-#Dr-d-N834Rbf={
zmvwM`%LiTW;Ko>wYkIaVoMFGHWK9H%v*34nG<8$Wd1|E81J*SCDk-Q}?H+FIJMZ3f
zU51sYe3u@x2qrdiVdp^W5XqNDJWp7pE|C^@cnZcOq}*|UoQElJUN5!Z0;DR?;thqL
zP<+G>ygkbRhvt^#y!I``Hi4U``x&SjEeN*8zQOA<!N|7qzMogxscfY5Qa;d-)ug1N
zLqt+-mjJAsGMbz29GJwE&f9=^<j!zr(i9n^!Yiw!777sin)0zfTv4N>ZUiUUkz*!W
zgFOpIx_gX30Pb214Non;7NJ(o73OnqJ^%iSWJ$^_CUFO#@xk(@@$jDJ63e$@I;3~h
zjJ*XF=fUS~Mes~S|9n#ylRrsHrRA(3NHiB;+ERO}WI@E~@{9JLny@$RNIrtgAo{~&
z#xf(Om~Q<(dyRW#>dBH`O}hcpAq$)8cYeNgO|6xxkC8I{ZC$c;dR(HmvyS#h5T5lx
zfCS|{SwR=bojjn98anAcF~J)4iVsIB2Scgs{{BW-wOE;Y!|wNvUR3Nif4H~?nz(PI
z+`7(ly0~IJP?QEJR8X8cap1DAxLm<}7Nv8C!85ja*M>Y`H8`OfCs979o#e@-A?YuG
zsmfH(RJwDR6%=NCjp$w}XHkFPb&P{p<@jR^nC}0Nt*?xVE6UQv-Q5Za9tZ@N!ab1S
zmH@$nJB7OyA!yLx8r*`rTX1&>?(Y6>rh8`IboaliKeblfbM85Nf3|Hf<uzL(!^%aW
z8u}+yIYh6%r}|AOD9E=Z@cL5z>hFl1*VWJcvgmTyu=dlXFMsv+3Qn0G<&<$x^YBzf
zu4PBO`?F8{C<LkySQN%dv2=m25XigvT_tn|>DgK2$n+q@?rcwgrJGP|w0jABf}MB-
z84v`(&~Q9j@ssv|RDSkw1q0?;lp$p@-l8n0KCw3_+Z4r>>*l5L(+dr+^#bb{=sAe7
z59-R1^wTZclZ(|zcikD=*eV8=KdsKNV@*y9ca3BsALT}ZV8NH3yrY{amh@UOEN_)R
zXl%g*fXfqf#{O8l<N$la{kZC5<~<*<ABZMp-=MigwSDFxL(l<e-)^;wnF`U#8>aN+
z8${r{ImdQmbNsFO<Rr-PNY1_>r*H#qrGyH!U&^}~Kbu|A5sDUDoSsJT{h{}%Wpj#|
z@8jw89^TMl;>;_=McKX)e~}!(9rLKIs?B|Nb)$*p(z(ugCjD0{@h{-m(Xt^!1-y#(
zak_y_Q8g_y@yN+ljmPc*8Hz%wHm~uPqfbqfqQ5-?`2JTczppiR2``IG6zR8;6>sX;
zL1mXL3=NI==z%SaZ4(m{u{=$2^PoiMpQwlYsV;LUhhnHdCJ|kdjQcPTqqC=gDFc}W
zY<|Do_)>|{48DazD{o8+?xO;GY<qrinc1JV`}8A_hD0_Z742@8HIWz!asE9lC=Pld
zZ(ExwM!rjMqrfb;+McR*^?0kpfl)<tg*I2-HMz5`Gw6nt()M+!?>2l!6;CDeZ}plD
z{i)NzksZoEj+i*bHzd6&sU(&#$2HO@t{*jtc&E&yfpLgH9yf9nDB2ceF+1F0^Q~*L
zl;CjX(@m4vqPsT5QGTY?G86_YPd`U1fJdDRsw=1z8E%&O<x?Yz21q;&vxnhYSkU_g
z{0gh;UbRKkVCE)otk8tIZ&YKI0J$a2=MztQL$%h}Q`0YF+4e}!rwXyzf_T(Sk1t$C
zx}o*$>)qKGy$tn}%LY3$T1=>UW+)q0<*J{!3)2uB>9pxOC~q7JevWpr$aa|*_O0*P
z{RvyTYyD|)(ZKCfQI_GycqoP(z)1v!ABe%l7*bB=aokiM8Xhr#KnjNU@q>rbHkjX}
zaJNjg!Vm7%mL2)01w4AsogY~quKthCWZ5PDw)<ap!{4vWIDW=`ZxG23h*nMn=1`Ym
zfl|}SV-<;H|2GW^r>?NK;3g+2H41=(1rL}QF(=@y;{$m_01}2oy4>vIw9fwrLHHXR
zKVdY-j-u1+T3%890F(|x|Heibi9H(a60EuJPB<|<6q@-cEggOtwYI_2CNdJ`KK&%l
z4*BNiF6VHFU^PW<vDMq^+n<N#V;^MgI5w(b^CB#Mi0t7{UrsgDT_5v_7V`cD%Zj{J
zg@sy%C+Npi8G#c4RwI?%{45tf&%z25vRl_E4)goTdB^;ZJR<SN+Oto$UR%KSY#aJA
zdp6dPGk|P)HJ|fHSwY-RUD=U@Cq@wu4-4M@IWk^3U~$KfZXbqk;NbscY`Qm<KKHRl
z3|qhzWm`F#OBU^3WO|l{5!)XWAb=2ra;z+0iye6oSXL8D!Q5w+ld^0ju7An4J4b4;
z<B|3Yb?mmO8w;%H_upE84I<>vEOmbp_zB^K2#)RZ!5vuQ3Bh)lCRU%W48+@c?C9zu
zbAu5a`(dR{gFDq4t9@-eN&o6+3=THs_BPl?e?aMHoA*xgP*PkFTzLuOH~bZls{I5f
z-~ed!RN&)mYJ!7@CVN71X}*l7!Or5eFTA%nj^^P)ZLlc!j2b(qKHtCIBY$40Wa?E+
zE>uo>jFy7HYnK85cLvS^m>rXBOyoMR4g|S(?|MxW^|sGvP~a#Okttk|`whh)Tqc~P
zQcW!anB?sf#R3SpSg(Y$;T-c(#NohYtUS>*jWKV~Ud8bWOG(lzoH0yxx0i*5Ov7q3
zEx%i#RF8|7WQ#SP>lVO4w0l=2;kqm#9NT7)-@V;k^qNHhQECm_?c-<5UcRfc>o|FH
zcT1Bdd&Z@Xk%mPxF;DyQSp{{*`iUIUrviv1<C~8JxYLSnC>!$>jWv<hM$W3`WF65;
zwDi7Ru8I)v8xu`=F-B2#rug1s0w|{2@ljMDS)kyPZo6W|6+|TId*>4Go(dY0H2_CP
zLyhE8!=~p8>v)X^X&mI2<`~J84oghzcfR5}l&oO20O1CPnPwe7e`S`>in5KOHQH&p
z9AZ@9zaIwOtd7Se*nG4^fZs=$BhKJkAKyd?pXhILJowz_g8Y_BlxU78e?idq{#=ol
zR{%m6J-JY`f!gXkRYU7fBYz=tan(&-FPRy#e{S8TJbg^Gl!cY&F<I!bvI+s1jj#D}
z<v;!vJUG2jZ-*Kq4|XjjZA|m$mfQR(oRe_=*@bz?|9-lE^^VGA&~vk2Wp}omT`IIh
zyHP&RNZ;jKytfhoY<?H4I0N_0a27Jh04_}@oAL?|A^`%x<)u*A^FDXiw@0EA4H!Td
zvY^sLuvIvSHPnF<Mg~{jCZ9moSd2iVa)=tEV!N#?wd*59*<xM78PaJ+=GzeocBYZL
z_-yx~$riLgv+U+oJr~p>qh*7t|CR|@zH3}k<vvDg-WI;<yq@Sp&(;{yf^Up?VnIv+
zkMGn`{in_ur^zgeLRhAgH4)%*(mTHklU%(fEQ+F(IOnMvd%3IY+<~dB`W_hof_C{o
zJ~f@rKiC=dCA=85|1qpLT`T9fJ}<^8{JM`zhVZMO7)wvg$7V2@qV;}tjxo%i0u6Ql
z@HHRT4pxhgLvQ<%(B=|N{zwwt>`m140?8OnB31*WwO%kj&oPJFdUGMm+4l0uVEu|?
zPcB>;VX{WyAqajh3$szu@g7v{8Y-ve@vwKI`cB&hgxZgQ=92yo6cGV+sammZ8_P$i
z!DU770mo<Pg_UV`qzA?&mqo#19_8Ha+n@)%frKU8L(;<cZ?Z*$lQsD{PO<<J>2$T3
z<M8j7v|hfSY(>@MH+t{&*qXtqn0@dT+P$pTZT@Gg4{r6w`3G1Z4r2PEGMu+g9q{=+
zwAxZ4ZHJqmRhGZ1)~o#eyEBJL0OE(~{RElih^7rwOcip6>$WuEgnhcdGUKu9?|{$0
z4C41En+-!~fXg3A?>p8*&MYq!H}b+@%iu+9QT=XE38slfljmxeT%qK${)J**iq&6d
z8*ue#F(oZ6>H1_%LMR`XkYMmodt`m+)5SnjrnOo&=b;@nKW(s6X@qZ%74{AGuwH-Y
zmZmGS>Qk18!_WrLPy7<ID|?i=+p@14C*oPF&kMbAwq@P#Z6w2Iva|Ggi{wYTRF@yQ
zZ$?oMDZp`1-{uE0023k#3GpbH!X=3V!?_CIA~1YtDjUGvEk9mcIi3$Bwr^&8TT%7w
zq2(c7lmhhfku9noJdTIT!fBNQmO>3xXjc);gb;bsbgD$ZD`^>_X!1cn>;@+kgqRB`
zaK!r-tfD_y27EuP^>Ii_r}SaY5hOoU7Oc@49Jb-MOe-tBIx*iDiv&3yM+fGEX|*dh
zn5UB;Zs=x5fU7#|S8D<4bNxvTz;MR>j*zfCDJLSvpSx3dCY}1IH=?aXGrjaxh52m$
ztAu(I>zn=4+v1O|bsGlxP315d8UOlfw-cUf!A7~lX#F<_Aw?_5(75-74^tis`Nmop
z7?Ag0W&Y9smibew__!ub|3gKrEW^5lp}FMzyyVsy#N;yLP1nMejofUSVGJcn0EdH2
zpvy=qbh3)Z5ox_C>pjG5f2u}jGh0V6;&qYohtc$mgnoYJ!6e-y9g~)oWb4<~cRb@a
zQ4GzdKn)S(Zoc*0CBvw|BEi@hcI_&f%=+~U?|{$Nk2;n{*pp86R|ry}^XSnwK<zSi
z>A$Js&eP195>;Q!YB4`Lcc&Nrwahr^8DQME5m9xEK$m+Zb9qLK!)jwUrApPftmr3u
zV)lko=|cIOqG(*Q#;I92!|pg9$y?%;(~etM2JlR8L|6M3*@gU*i^3R~<6aZm>O7Jh
z*Pn2h8?&)NS0tOllx-Zu)qMjj50*HT2gNWN?E7ORR~MD7O^(UsyJ`)LNq_#7<(!kW
zVKQATb3_NYN~2TgpOI?2FcqT;u34-anoLPwhJO6_kGk!Vj0Tb(HHx#_r68-6f-gr+
zECGn%?>c5vetX&;8^|996LrB8H+2-x1Sh4QNz=#f#^cAlJYICOk?JXZ`XDx<ide1B
zfx|t+ZL7^kFGhY~fOYb0bO--C>y+6<c#7&$T{$j1QQ1Wy6mUB02`#P9Z<2l%7y_vC
zox?RM75$GxCT(XS<jEb1BFlaZ-y%Yn3>$FzD~;<U>3&WY)%K@1KWRU#V#>+O_0*3W
zpFTC7{P9Cc>55$If*S9~YrSG%NEjA>I?4tqs)(ruQqH(Oqd-0)UXps#ta$OowM?jd
z{1|dFYiEGy<#9DEz2LVd3N;=#ih2$J6;6gvBE|8Fw7h7v6}X5;Jm4R<E==4C6CT#1
zlWlaplVqbTN|7v_X%;nJJ|~$-+SDJbE~25Y$>tzO$XviSQ{GS28Q&=+_UsloF@Ig_
z`@DtOeD!E&SX1p>In?wZzI1VVf|HRnLF;_#8iRfET0#TH0BX60Q;>Bppk-=qKRw$s
zCjgFxrF2{us;Gf8{yxR3LEhjpLrm_V(TF5#Raz2>m8bJyZ;5t1rya6P_yu5xx>CWL
ze`szLD<CdDYz9yRcmIY4ml)?XwRnkdtHnqDpnWa?+y<b`j6#klVOjs`oKJk{t7QF+
zB_0)-m~Lm>35;fuQzNmlvW`bX>8B*y@7<bvqIZ5{Zwz4PSDqlQFT}J*=HCnZAGU!P
zRquJ^OSkQmg(-__j2-xO_+5`lQm1JxkE@Yg(9Unxpmtgt?IWdXE{Ai!smLyFluup$
zy#g0YWEx|eqp6GJW%zA6o<;7>N~@D&nvdKJ%)`*_>`+WhP1Otx!JiYTv7^15E=$3w
zG8+Y^{`rMULUs4%nb-y_5WsO^5&H)fG7<VPE=Ma7FV?rP178d4-B-LGS2I=v=4}I)
z*GxpwIaEF^IbL{~Tn&hM2f`{MKAHEA4{BpykdI2L=>;xSx8m5fkpG@?o|=x^Xgc8o
z#wg}p4~l!Z48}pS>SdONWitU`-%PY|eoOXpPSin4ZJk;4%#LOk=uqAJ;>G^@O0<1{
z8|JK*xyT!z9d7)n-YOhUEFM>=!L2~_DvzUiX2il7mM3~}IKNSBDG7D=W+)?be@niN
z@OWIMq6$F!ZZEzmtvQS5utckB_jDVs(JE~uqWd7`{nmNaWUtkGaSsPM#K~=FtMtL@
zNMm%>Fq}PnPrQ5gGs&OKabKvu29EDKq7wuUxvj`dpI!zm0QEe<7zo49t#KWcMQs-&
zTklAkenwBPe$+QHYG)j~ZSVv6Le3Cf%qe^i((k}#)JL}7J&1Boh%Dva4KVJEvxaip
z2s8N*p|cM4)bf5i`L<d%J9?3Y%WAFJ$jx(9gb6usp^j{^Ys%lX2qsJsWO;hvkBjY=
zTesxzVl0OSM@*RKet#e;5mD)f!IpN+O`cxL8toMD5*WVV^$qN)8`*76&0k|h(kK7d
z65WplX9n$dZw~c9*iD}TK=%L~9@qlje~_m%2r64fe{eMcx1>--hIbU!Q-v-Z7%0;j
zP0$(+nl8n2oOXuhFK!?8^*b$VBxz6pV#I_~*#ZPzh8<rE;uR#@=#A)#UZUuyjf);M
zmE)P}c$`rfQ`Zn*^`zcJC+fgW^g9pZv|g%5&E)lVidlI19<7&R|06UI^im!Km<#SU
z+A_~4+j44a(Gb+V5YyJpsn{sV0&OdQAd0cUwc1Oz{Be9Dc`8_xtlMYu)>*F~%+kAk
z8<)d=QL|Zb*PLUJU)zXx(0YrI;d_dOHkvA>D}ncOv=NbS*@24l;R|$F1Z+j)KQl*4
zQQWy0`+e>b!7dEr`sa=6Fi5_Kmq8%FpDaKa!MUIn3zo{m*ZDJ1h?ff%_e|v{7I?|Y
zR<<w9D@>;3$l%ui;TSM;Y%%lrp+~01?em%PH(5cxJl>cFCU5`i5ka%kz8LC(BenFN
zOO<a6X}uYZ{F^YZ7^Ar<pYHyb)3KL6ek5{obG*A<V42>|su6PBSmp3&=V?uLeb_-T
zMCrweL*-rw6r9i&hCK#Q``!4Rqkq#V>iQq6Qp5B`Zcgn9lm}36M5f`SmDt09ccPA^
zq*Y)|0{jG=w#67?VYBh?kZ-!)MRLJ(74~8=1t+5)Du3cdlP~UVJ+U`BX@#F_c0do^
zP6|izTNoe&fSBm7a7D$%xP*kkD<4}NHrRK>ioer}>!VI)tor>dBDxm|#Bn(Bek)_H
ztg9Pzv{+l^A@n0qhDN~3KD6xp?fb5d$d}pdFB3R8OECeeh3_n;7Z}tn!DUEg_xytF
z%+m`xsKe4c9{WIBJ*LZzJ-kDyGWa>f<ND3BT_d@U3&EjsY3cofWy#aJvDaCY28r($
zyZvHzUZ|41zwYsCK|78V1CA6L&WGZYOnvE?WG1G#BHqGR-Z#e!MC=reevhAC>>j_v
z@Axl~XtF@}*Om1^9!la@5GF$MCrbw6$j$XE0;{;65hD3yf(PYFefZ$w)6RMXB#&Ju
z`Eg#}k09<jcklOtc(l5+jH#W=rMoAMbkQ5Ahi>q^T+Z?dpNChYdym;FF2;NFD{N0*
zSC=JjSUe5$I0!XClCAc4PkXb4KNK$KPFcL;_~GWgmd-1wz(!S6!^Q0saDZW^XrN!(
z1!5c5=KjJj`&Johp!lUaq`_W>zR%rxzk0=~z6%5ZZFh0!HUFW8KSpyy0FQdroGJ#(
zSF(O0UY5lN%{vhSOCPP<^jCP~zIXdBrL5kC4QadjJ;(L|Rli=PnD;z0#qtfjx;#C@
zht#0UOKyIUB9M9r#}EkX;7|!9K1o=Y6w5@8#S!Il(33Zi_2<D0Q2)*>FAbbGG2wBc
z2!Q!PZN^+o;ezWdsa2>co;OV``6kfj;>P~59yR8Qmx&F8e8IlcUZlA(S82@ec8ha}
zg&Y!@9#U|d9+O?fRgMi{aK#^a9Nq?nY+pJa3!|P!$M#YYV>Y-sN3c=q*V+B0Pe8uC
zc^B-{w`aU%UIRIy4R(buDaXADAb|Rr0K_=RzCNgvWhsG+M4}7TIoVbDr+3J{y{&1Y
zyfb&_W>s)9k!^5JCyi7VKfIszaDMUn3aA7R6F(}A(&Z`A`bkET!wCTZ+(ap;xQ4@Q
zB!qMi;}&S*_@+l_%&^310>mdLXwUk*dE}y0E69ZK=4iyE{1{34M*eo^Kfd_CpPDyd
zjBZ%8T3j|T8y%>*olJD)M3IEJGzW{?f(G7A3Q8xl16lh)pGJ>Rm*i~lA*61`Dxb~t
zLfA+dNeY}yJ@5hrj>iR`lIwaxxR(CHsp(;*3X#-QasOVjqe#G(-+60-?w>gMd$z>G
zNs07IzOcNPnG{hAgzQant!yDGHk}rQr`h*7hOYlQ*j_=rcf|h7$%L7r)_NSSR3icS
zJ87Xs(p!gDC7S3(EU#5mJYePX;1)<gc(Hg{%7xkyAT91dP>jY_*5dlFpLFVqq4r^L
zPB1a#{a;*v<qv6Cl4ATs%AMBC*{@Q<(bEe?B9FG;ph$9bG*Bt3@a}Voi%Y0bx1}ws
zhYfh$$Wlu=W9))($a+Ayb~SMRPbT-;hhu7Pp2v_H4;dq%wwmPpoHJ@x!*ON`6;7di
zo24KDtHE+<vRp-!wq3Pl+^sdBH}vAqh{K850A=`VC}xagNY2ZJ-5nVxtH_CEg;Un8
zQ0?Q5RjPmkcjnVIz~`xzr$ywxE!L<mtEYV7*W0-HjB*GFk$Wr;0HYLk<m^VU!`C5q
z$+Fa)K8A`oD?6&Pp1I9Xh6+g>Xe-KLuI#{kF#$JLo}H(aDxMXUIi2k9vxVJov8Lc$
zZ?iy9i&{6T)8Z;#OB~!p9A|V+e#iLCJ6=`E7i{auV<a$w9+Nkjv}fTk0JQOCu49>@
z;NUVjVi&gY&0+~aM>Oj9EmS;s(Uc&*>5ukgBk@$dmoexL4^ul5jxGT|=tv5<go}wC
z*C8J!x8i5p_niYi=Oqia&ft~V_sy>A2+W;9Oz(F7Ls?fqaEj)#B6|5?njN|o$17vN
z*Wfv0<y}gN2|<$gs4|)lj~6CV4&JABHc7XK2fzM-4}QMD1}K=hQr@8qQ7WQXQmhor
ze8qHw^2T~?V5pfSaZVt0BHvE~K;*FbE|Xo;4LTrcAZv{PR?q0Ob^0}B86!{Hz2Imb
zMJ0WtwMs3K*J%-tCQ0dqg4BTbMWwy*WVXYESG-VjV`6}>gC@lF>`!DWvYj_PA~<78
z`|MK#%W|wH1JF)$H<)T9l^<AZYnUQ-fWijG(VCNw7fqR#Gjm0pFC0yO{$#18xJ+7<
z<zBUq9HtD{&PTcWYW%s+DbE6))n}>`)mg<^wMNA9CUpE0_vN6B#(=waQSltX!0gbv
zLB5JLz|{qcW2a2NT$)a46spt67Y9nL4cZazY8<&eH2Df*v&2}6O6137t!zt?i6>X0
zV$4`G@$v$i`#P+i3(w+@`#f;`>XJ|jAp{>0R{Mt8{x!+f$;H&60m&0ogqT6bvE6))
zjUNi0hzoD%j=<!Hw?%*>u5~85xv2x|E4z5&pwqVD0FPa51Ld(TND1Ot5V$#WW`?2E
z-s?S~qyNs(PN&XEzYh=<ifKC9%8e*y#v;H&IJ0Rv*qcm03HYW7md+AK+UE;bs71G7
z>j0vkr~eWCu#Um^Ejs->rju4A298Y2PY@?asAEDFD_uU>2s-oh)`Ld|r+KJ1V-wjL
zKs7y{|1eBx#7oei)Ng)Y+f9i_%%A-FHw!;LUYt3Wmh*KH>T$g;m<`a)hCIJ#nj|b6
z-F<i^;8rjcCs!~T45mHQG`D0iyq(=?|4~)Zy=%~FO<}~SkJ_Z`508w!c6+ulBpw&H
zK*c<7Ea7b0X_YM2fmQmPP=$2O-9S)k$KALZ9iD)yJ+Bk!Z@D^F!srjOINASazrKh6
zd9oUpm%2UYX0m5;1(hZ)nmTMOjIDc*xj#*<Ts7-{H;b3*hOR=gkZ3@IR*NZm-b`#v
zlz&CFGEEQ|cJy3{CyRBAWq#-n3|T1sMk#*c!<Hz)-(z<UwBXgq)w$#kQXKhMdD^sf
zm>raRo_M+Lj%I`pR!9PlOs)JI@^{xN{**w^H?&NPDBu?m@#BZ!(9tAkgnETB#HDQn
zc+Xqg3at(X$n#VT;$*PkHuECvm%Q1(;pqfi+QWc1qyMsT)<4oGGTuSlnj0Xw&bBM}
z3J-Q=<6O8(!#W#Rc%Ja!R?A1{>mR5t%~6qQ@ZvwjvTJl?_dP4y)2`b`>WW{G?gOYx
z=4x!vea%^;1G^R-|HC?$`RPZ3W+RTi^eHO2l>-J$MN!rjBn;UK<8t=ivu3I!D@Hb6
ztc~7q>0Ac9`+E-pV!|$K3+I5{YPk<efnln@aED@0F_zrmz^~xJ7%wo2j81pTZz!c9
zJlVWY2!qc@1zhT#idf%B`8t=HuvxFJ=4y`sNv1|6f$c{A3PRKRPGU#|0Vbdl6?Hte
zwzXdtvpp(tuUQHJhzO*@t$G2)feExbe84DEf5PI^|8}=Tvz(1m!q5Y@;GC-``C(2S
z48=P%Z%*O>d@qM!7{Z<%!@|<**RJ*cAjd(1bm2V#P_mrpVi_j>k_`wD2b)|`1%;P9
zA5pT~8SIR$fZT5K@>NtcJ9|}_^sp$3=fjPmHypBx8HXKXQamrV{J(s$Rk?muINw>3
zBsmp|_6g?Nz?D`>e)9yh<i(X2e`e5-AWSp*86y-z1gsj1KaiS*nNcSvc!qvRLfi{h
zOHLGkXsxcRJyuilJX^qJ)Da}l@TVN#6M2${&KrR5oM*DT08K7%#o+uQ75+n(@cjdt
zmUk*grk0&;+Kxy{L{6}1M~aRt**Db!mDfCB*Sg^J_Q)ok{FXR}G>BdR$ZWX*y}!H+
zyZ&M65W_^q)1~1vhCMVe%`Xb!<o|fI|LHr6g*yVfq)Mp0=CwPBRjm$Q+*zu`Z^S2z
zG?1<SVehhvloWxf%o0x`<o5P~Gi8XWyg*D(?@hQ2{-z@-XVould0w=9xpayEK2DSX
zbUfvIo`K3P7{;bEmQF+0PMXjHVK0JTQEd{<<^dv#{-J}t;=(>~m&r^78A4xaq1apn
z_!)5_Qyq!W<IbS@_Z<OgWpgt1foWZJpV6OU0!8Y|A|qr~J?zX!QZM({InZF18*@Gh
ztpvQ4Ox-Q&*uadK_q>q?!Xz83^8dV5F-^ZVKBZa}Uz+B-wIupAIuLW=%Pt(DCt8N>
zrkE!mZ1rU|1W<TeH+i=Nq&0(X+Y-|y+QbEtoF4F`4s>~hEng3wU85^ee<BZbcNGn-
zUhz)p^|iTEotjo(Tg%t)&3uahj{gGoX#w+Byt4T|QHWceRc*aF<=}c6U7WwN-yLFv
zZ>1QS{@`SEDrU<H4@L+KfE=30FrRhySNn~M7YI7@&KX9g-Pax$sl=Rr>5FW6GoTkI
zhAqS`Tki*Qodx)ayV=^r$}fv7r`t1UTh|ue-t>OlmhH~0EobmiiL3Z?F@ID}aw(cC
z42%mRKZso*phKn{Nde#nG3~dfM}In&E1<aBWjgEq4|h7>>py3TtLN+qmtQ|bej>sx
zY*k}RRG^p99d!OkluY}6^}x#gb**w*@xNOO4ghO`R;daS?iS;@{qe4dl$6XXW&u=u
zhW7@(yd>cT1tnq@7R=l#WS4u3#QP{b{Q(=*P3f-^2ThbwI774X74!Qi>NyH%V<n>p
z=SKa8*Zky0(k2|Iylb%>i!p!uf0TOyBp6>cJ1_)ltrvpAemMd@g;%bZ1O*$Pw)0Mk
zo}e4`fOpbGqp0=Hx8T;2$I_)K%&Cs}Tn^Ld{!%veGj`7%7iG!>DntLq=ZGNroLH`W
z)6TqvWy~&_%%VoPpQ@{TXBw#Q<QhE~RJT`PYp`9vl?y|zcj9c1rp~$w3X3q@%zsc*
z(+lH2A=l_L2DXnB&1$w=)=;<LPUyN$g5(s3+da!!C6D{hZZm#3RazVo%e`0ZIUUD8
zJsxc9i-B*788?G@#WSqbk-_g6?QORgCK^mXM}wO&rxPF{xk#Y@jPgD*mAIGQz&j=e
zmdtTuXdl0)9n+t(C`~d0xBX*9VYv6Rsj&wyS%zwZie;_A`hTJNE4sJBNgR#8l*|It
zz7_UH<~~^Ivx%(?K;*&(5T+}#qL&0OTcq@KWHn8n+@n)|3M+5;=q-znMGt+YWEW`g
zWuj}Z2C^XB?3TOUw9dwx(I-`c;UL>z%mVh;Z^P0tfbDVyf&9l3u>P-ftK`-LaMNiM
zf$$OUjSBP0zA9Ep_DMT;UbReH`wy7Un^{({{*SSs{(sQ?kB#VuV-nn);Op`i3Zh~{
z-X>6DB$+=fJkne0993qAH3?DzG(<dne45z7H9F-DdmI1f!)k%KyPu+J`#itLe<~M>
zDV?A@!eT*VSw)mTS{Deb!c=tx`53bWOVejgDMKfvrTHBm`B}f9hiqcV{`Nbo_~y*=
zv_lH)64&K7JBnG>SI~mnXBO?^*Irn7KawMZZt0{z3p-V%bx4t$1XEY?l2?UrZA$_R
zS&7tpjRJBFTj`lQhx?I4Rj6i4l#<>yAKKMo6xccF3B8dpZ0k;d7I1wvqcsX$dWSl;
z!Dq&7q%9>+J+^&BgUjdZmA-FeZX9<wiLbzlr#mUu$>P_kArTB11&8}?6_YD+k{N>?
zw=~32%4VF3^zRoT6J@vnGj>Qoeu%LT2qH>VL-e-3B-BPc*Pi`D{=Hs=fe8rzA`k<e
zS%q~nV=@yqA}UG!UC=EafNH@bKNQZ%sg%=#t5DuQuRK@qi-)XEAJ+7$LzKP4;aD=t
zn9$vtI?0<WR{BK%A4;}7xoy-w%G0!3)^a?$C5zpEQU+A=2V)2SY!<vA=yy9=04@Jh
z5Y83QauPb)<f019?eU77Wz7D!7GUr0KPWK7{LpR@zzcKfI@nS$&mJfAqai10y)f*W
z{Cs~^zfc|9dcWp32br_8w9GZcj!sVFEIfqCyG$e>7ytncfg`CxJcFP#N;ZZI6rNaK
zK}AcekIpPw)>#5a8fY4_v_6p$pphN|Ws@pAN&t#Vu8<}ifDZt?Uq{S_tRZJI4q<6e
zUg8I+Bq7yEV#VNWZ--(ZJ=?>kx4PE@d)q{H%s0l?7qM<#CjaK<q4I%&G&QpV=<}gP
z#*xKiZgH99f-rVa8sK7ISNJxvUMl*?j?#)ihTv1)diF)=vWa-{$g(EM(0r`R*3P9;
zO8UTle~u;rDUt%rxBBq5A63DajGXNBTn(F3dudX&@|}cGLpj0@Ih@lGPCZSi<ex9^
zRS{MiguZr=Iqr?kLJ>U<+4#6*vBaqy&&F<!NeX)YVnSlJ7_CB923Kxy5%#VJV?IC?
zfKU`ucfE$-VjkhCSl08`uKLCmu&YMr4oXRT8#XP1k_B)jIT>%?po%90NhOOm8S$y#
zvVP!ef1rd@TuTmk6Q?YT$Esb=#mS7N#`*oRRWWV8;vWUSs8<sivWsonFXKMV=P_+F
zw9&rx{|#>WM^Rvp2&dW3I7ibLN$}k+Kff7D{RqKD2E$T?83+Q7oGfo9Q?cPaVJ1N*
z3SMX|;TtNEb=BP5pAvbh9Okt7p9BvX{hKWu=RhtLqCTlb1#12vBnZj^O1F(k`ycVZ
zEY;TrH4D0h3x9$nk@%&Mo3eC1szx>oyGOHZmQX4k7Yt^FAE0yIKBfkyqqS|7WW5Xc
zFh4%_yLr}oPrkIXr8ly?CH7nX=2M+Y<+IKU1&{YV4TJnnB@y=Yh(+i(Nt?634V%}8
zi1a^zxZ>+y2xmeKJF_S|yd!=_+&2BB?U6u|jr1#v4@cGB#=28}<yjNYUvqi7*O^|%
zy_=<dL1nMv2Mt7p9T{q9r#0`I@`}r~2q3?wMxpC@Ue<~Ep6oB10JVF~`-!E&<?|4G
z;B??dSE9D6Aa7BgB%sb)X?Ch7Qk$gx!3Cwp7I2$M<$as<*JkL=3s^b;|MFXY0y#Qa
zrqhL_OR+|0g+<_vzHGXgcD$hrFSF4rS2L0c#{-mj$_5tI#f?X|EkoN=ewRl;n_c}g
zidQ5U;;B`s!Jht%RMwwHb#BEV00H{`5Fl0r==n^T*E^XT;rHbpu!)YBL`y_p5oEav
zJUAxr*gPYBvr8Kn_H{?im+YDC{0|ufO>iO|kqPaJKzK{~^=lM30J+}{4Q83kIvNDY
zq%OCihJ+xIe2__)F}s}O=<gqr3i>p>zp1PY0&%VZY938xn5Hyavc~;`w|rO;^e~dh
zm?08{e#=II?+IuaZ;k7^Y^$;>s!7}*u(MaJrKHs9?y>sC<=Z&ysW15$C7k!*lfPU#
zc&k0=tgCA$AA+@f#qe*(lhD4hGjscYX10w~TN}64hEge96~CiqqjU+O<r&MpG%|kJ
z7>c>?j%cH>KtGn8Ivw{ZWmzJ_opZn2gOXT#Kaajh>DlmvBMEP!Av!nm6Ho~F&1QIG
z<n$`_9xf8|y?NOjm%KeJw=-;yRuIH+0V3f;=We@ya@)l1kK0yN@(gUDUB8yT3pPUX
zr1ajtswl0bExr0LZ=fm0?srj9UjL_fBgq)lD_+Jx?n|BPw0G}VG0DZ#FPQ{T?xWc*
z1>Xqc3C3fbP?UAuueWcj4In)7@*xHqNxXm=sSO+3E1fuI<{V}(mus-s09Wx`T^VT&
zO5F!{Ugd#6Tcx*9%Y8Xz=tOf&AY*DaI4d$&(l8LWScw3UZtxAfCoRwGSD7Md<4J*O
zBg!#R9sj<nK@zYT27Sww_+f~UeTt>Z$wJ3kK5hO$kl-d+N01t{HtT029OT}k8&JCN
zyuk!y7J<Bt9Lt&1(c(}6o7b<44Ql2A7!L^|rD=qmJ?S5}X;MHSuQkt{j}NH-dA7Fr
z9o7-#2ie*UD%*|fUeQ-kAw?ylRjCampTi_1CZB!qc3NO4IuV0VN{~9oP6`9UxL|+F
zk4%YU^iHH$hvEasFVJL==>69EnHg?!N$W1pjUt^cm^^Hb-?uTyh8*=!nXG#Can0uO
z=}6QFP}Tzq->?Q(VZX}~AMNW?xT#r9TGh$afH+;ZFR{3@%g(aU4#k&_hWfq82b|Jx
zXN8l+Z7)2QRz;_$lk8C8xvXKK1g&uN-gXLZ1pEH4T>LXz2Crr#TXD}R0LV7!V(SOe
zl8EvkpuXLlt-Q49=pK3x+P>Z+HLI@zfjf4$3YGW;U2-9fU1>Bw@GCES+r)FOpPXiJ
zZI}p`Jgum{@Id+t@gspmfSc=%*a`$g()9Fcbb+&BHekA+G!SfkARaxinzSqm@`en5
zgnvAm9d`lpd(_2O{)4CjB_59Qq(I~!^7)=$=6dQGavq;XVvV88MJ{<oXtSe;_I-*>
zSQEErv1QH9kGUVTbiu^%PBPU=6SJbxl9eLKfsyuf@9XWaVX&wcu!AK414TrCznqDg
znQ^-xY?&Z9yPrbHB_Hrpz#uRp^lN|TCH{k(rOcH1Q(gX*0XK>LrMZYAr6|(39=Ko$
ztm2+91(`@miPg2Y0t6KM^?D|+*M))bF3gcrF+Jhs(v7{HzRx;=MJF?VI``YU+>YNX
ziyD1ZE0dWhNx}8J(-6PH?o&KA*!jUH+S!_>W53<4VxC>o58}WAbTZASZ8uq39(Lhr
z+@%)i#PVpB8_*Yn%OGYD0FQ(^%7h2YA3ZQ%X7GCTEeS`l`j*Q2rO8);Sg<~eML^>|
zuZ(nQ?2#>T$PH2mZqCs#VoguS1o(~O)2>%!%>`kj?+1!#ejI=OXeebl_9VG{Hg1IP
zV~&FH{f)e`p-OfmvtIILE7vULhynEauH1&*c(_(;E&+9aiR0>{ZaP;v7rlWoZvUP6
z<Vht^Pag_TPknS8PBGk>is7YXQqJ;8!-NEUM0Y)Oz8~L${}0d#@ejDqRPp+dKZT~R
zDw^|;XDtEQJNF3}pLXIuW$)<hn{%jItWYMlCfj4ZO!gZT;tENtSM~UL&Y4B0ZzCxL
z`z?2H!fCYe@yQ2alq4kJjEs!5i|G6<Py8le#)}VRrP*RT%sIvN^?~plvQ%MDBnX5j
z8ugU|F#!lPJW;+k0c|%wxnqki<L8ZoI|8Im1;>)EGFnTwha*pJ$xYXNR|U8083jw1
zEu(pbc;BNvCT-->eO;qmcia}N0fgWO27Bv`0EG)V1s0SAGg-nv(6e?eV#g=&-DFu8
zkho(-w!YgT)cmsT)W6TiWM1KPJmt`Q^PBT;5`Y#NujqTrxa<har@!ufAn9TE;yze1
z5JZU7tfh>ogWPeHL`Qrp_}R+TVnGm(R7L*L!Q_){2#UMDUE$<{4hk}u?XQ`-3+R9R
z#@FHeH&=det#M!sq>il}$cdTht-LN7)*1MNh3HQUC#QFWwZFR#?+?~Pgyag}RuMT$
zun!zzOY=>wT>zZOXXE^w{Fs}ae=mFl6<|*QAV_VH+DL$FvqGNMwl|gX^s~O1m}Hv&
zOv^uUZ^%sW@oxtYv^g5gT~=8pShXv6f;5q^g#}9>lxe#+>ysea2Rf&7^BTc|d9|y!
zu+sUYZF_#hw<OAHYVh9%I+ujef-yKr$JjloRXwnSaN^+<46t=vx3*9hD^U-vXZZ3>
z(WfPlW%@bfX`!{`wj{xpQKdUH#7cMhzS2)CX$7LqZOj_vd7maP$=${qoP_q?8|(x#
z9!suVQ{m9(={sAQ*Uf+Y&6B5!3NbO6WW;I$X%-XCzBr1H8T9Shw_Edee6a#XEIJXz
z$rA$ZrWDKb+sXW<MQ4IzuebEUd3v<SqX8dG4|(QxzbeZv95C`|Hf!3Rc^*(4aw|xW
zZRv})gacIwk9X|;3J{7!m2<BotNQ-uYNKjbbL@eb#q4#e_9B8a9)z^sd*6vf_)oH5
z@BT>dGfaG0h~UJtcj?yeOS*9R<MgSo|5@(so_V+Q?+Aw9%}z)P2pqvYn>%GCyjhb~
z28#)i0o<qd{hoMpF`Jp5_kuO}Az@W>b*_x?+zdIWSo!es!QTPweN0lEeInzdAg`Y{
z7Nhp-x}YGp@HA)o%Se=|2VW{S1g#LIzjvn`8qS>ind?o?>Cn6FpfkRr-wF=)Cs?|?
zcl((gk!?<TtVfZvA5Uj09j89QyDnl_l+<mce}6-w=OO+2^!M(iL1V~=41j!at65st
z+Ly<2S@>KV)+mvX{x>h=lb4(UG*#%Gpoh)DW?>0C!j-U=PZBKXhB}iA2%;fL^Zqc`
z<SYc*y!MkX$c(IJ`!x77`<(a6m+c_l548|=`Pymj-%@5EiyG_r{{gbk{fp!d{GyFt
z*h4)bw`?$GRF`dL3;?|&&r6-C5-==dk(9Qe*|#h*;3hMung@)SdOWUDaA3AfeB7)6
z&0=ZiYOIAMgv;N%@HDTGJc?1ElTnZIS&d9ylz<d0GZ^ke;T!@id+B}R>i#CxTyT6j
ztL&FmYar=T6EiazTn>8EcNa3&c&^R~i~l{x-p=J_nFLFWA>%_K+q`IT>1}TB4BMYI
zgTAIX1dG~D-`|$&>NCW5Q%h=rD)2wK`jnI$cik2X80+yZ3usG+*X`GV%(Q)0Ugi6m
z!#VR^_1~FgDrOLXkg1B>-1rYx5xr8sC^E27ls8$#M1@12q81g^?5!~Ap&Z(Psh<Q+
zmLDeCI2=8NGKve63ETZU-M(#@!{{y=wGOrdL&)zn0z`h@At*8+Y{BV8lPjDnNKo`r
z4O?ZY`NaBm_rQMmQ0J_hYW1p#%5GQH;A)<%gk`2{p`#J}y!!*_)U^V?zh#m+Qo5j=
z4uKi{(gI2WSe&dZ8;`~r1I7=`l10CqsCb!bzGjkHoS0f_3l64}Ah-jT{_Z9Io!95{
z#p+SA3rYaWmrxclQHMGF_;Q$r=&asH-eVUO9UYBBSAT&VM$Cl3sLX^Fy#9G<ncjaL
ztEWXQMp-_FIyk%ITa%|fI$igTZ|lbu7yNZP8poYfiaGC-;gq}K=DH@Q)u&cRj_(<a
zt(BZauB{0L_^V0gM_Cp4`m!NM|NqomAdML19rcv{6I)8tw%nG%QR>n}cG`~;>z71R
z*}*bnbtUbrg=)Rl5to*VE()*%#})`QsKxfFap_sUCgqh~hh1PAXEt56!?;NLf5l?2
zw0Q=4gP*%A1AU=38kq305P6-rVpViS9$&hCa~zzTk%^RY`->KKFJp03B}3bQ6Rw|9
zu@w4@jI!L(US~A<E$|KtV3=9&z|(F~lz5w=aRD1gR-e6ZJ>}U6gUm${@A^9x)gO|R
zZipR#YWB2v>(|$EYv#l5*%-s7e~E;BMSmDRKQrHhU|(CQ0BZ$4uqW=|o@ZdK*0*ZP
zh!XW`_8#$h{4?vTz8w7Co@~&`cYL9=5ifq<$At(DT#1oB4NRkwO7`2FK)a7)WSKzr
z_NeaYo<d+?IM0Mva7GPnuiEWZ5IVhvCi+fYoCFEkeNx~ekT;Dt?<|u}WQn4M#S0Yx
zB9DzC>8<|dnTP7ZWeK`G<GYm5tSjzDg3{=)gXP8WigFl5tozPKq<dXM^@2+D{sw#t
z{Ub0sl+|A^O4#8rnD6r)(w|a&gIuiGM}fVPq3H1mI3BJ=hTqXvF>oDez#}k<5OeDs
zi5N6<7#k+sQK|=nM2|<Hy+$?!+8qBU<v3c*1VxJaFxRi9wB~aiYF_^$k{+XoEg!H?
ze!RoMe^8$LiW*k(U(5QP0T$Oo=n39oa*~e(#>$CnvrZv0m3M%7lWw@M<8!Q7Dqd*6
zh0lGvi?hW?zAyONJr>yRoc}k#-M?Fc8i+mb9T8l+j_*`VjQ|Cw@k<Wl|Nq1Jy5WFv
z<CQS+8vl|J-HqmN9}Kc;B3OeOp|c?92)VCzcL!z78JRA4eP#xJ2M!dNf46%SY%;)V
zkj^@9R)d6u&_1*zgfvRjQuJBqqWyq))c)b#wAuZNVu1BKt=0-0)91!l?}vx7wV0#+
zcX|Ak|338U|1YKc@1KxkLXaSI=>>q~k)_V1`2}8SEEcQ5pozrM#dm#*so`lk#&^Ga
zC<af;wTn^Di5_|91ZeO5DHt&~-$~Gq6&gxwFU}eDhP~;K!YjW?H$POzsnTj%^IauC
zO-x5&A9z!0U}a`EXE$<7(;qEBo?Lx!*0Z@d#TLx6qgd!c!TF`*f-!39#q7Bjld!e?
zqUTDs7A{Q@+Qe7>TIC(fjh%kq94ts(C;WkGUT|a4XO=xJIKBq+*Vd!HmlfIKe@~Nj
zkf6>!DaGg^V(e;<{r?lbfzMI_Vo4m?#A#H=810CHyH1C66~0eik82x8o-;dv`Y$RF
zV$Kc=ItEE+S7wdcY;<SAorMnzlF#Aa&agM>eJKMn%CUh!7!sGWn;W&Vm^n6aadEe^
zOAgh!Tq*fQb$zeKn{>Mvp$2-^?~J-@Ro=^-^={kz_f11m-xR$u-@`pVttEA>SKUYk
z^8PYY$W=_Fd`dGT;eBZ_6;{nt{H99S`eHOP(c4K+F>bc0zD51r!Ru<Bc_McZMon#!
zy-f5MVQA=NfsxN)!zsnJ#YAD(O0$Rm)!=rf<Z4Vsg&gI4k&$UzEcC|c;zZ%}anHEf
z_Xg?UIyLIohUI?2%5M;l!&->81uYBxKjuC9-zxfbDtb}T)c)6Ww*Ng>#AtDTR#a_1
z+M9vi>pG8hATY=@Dt5X(J*N>jued8T_3_W@9d^=03B$z@x_Drvgl-_e$kcVT74$ZH
zUZCMaUAl6m%XSxkVtpxDx}P_C>hi2J_+lCIe%{eX1^N2u79Tx7QbJ4&CK<B()MNWy
z1O4ag8=1SJ8q6cS7|Uz+K<dtrdWGcYC3HwiHG0i*XGf(fq{ilX6SrW#g3$5#Bt`j#
zP;2OXeuKlLvzgrp=lst~sny!jJ6AVfx2O-$G8)fguMoXtUwwi+7EQ_3@kxvmQm7d|
z@;4OLN!gp=uZ4vRN(k7-F^bn`S9c_3(TuND&9nYg$GVs+Q*ISab&j?`eP>*8QSJ0v
zLg9K^xvcSLzXB(`$w0bJ3!@DR8U}{O=Bd|>%<!9e{V@CJT63c`{zQ|MP&e%3C9%bY
zyh@`*4wKP%;@U!0Sr1mWM^Az~H1A?v6(uTBWg9MzuMN$Ei@I7y@7u1K)b5abJYGhI
zI}i%`d7a0(&2(Gr$*MGMq7G@6{(DvM2>nlk(#R7>*P~NdM$+tE1$~y%up{V;V$96`
zchP`+aOySO&}L)VgOu&1uRG<U%@;o_@MSMJeswBBS7`0GI@@;VT;nW%1l4}xbYf)~
z(nsDv^!cbuG%N1VCqLI>3Zh(U_<G$Ef{2eI;qoRs^{uUMNhk8C>uuo&KEf~7!)23l
zhBi4xxWu8`&$p+~pvdDz)V|-MB%M~Ic3Ka}NJit%#PnVSt|jK?zk_J>)XAmWJ<g`!
z)5tVBvqi7FmV`(-zYN&UjV>O*Cu^~Ut=4AvrFoOdElMlnXoZHdkf94iCCJKnDs>|d
z63qO*qk{{oUUU;ZqB~DVVOv8*k!<2tF$y1*wbN~Klle-NoKmDUNY<bFhB!nq6*~%g
z^VU>Kss3dnWXb|Gb^CRU!6?;XPtd$%fgwPpiBj@xXd{bkRTS&9#t{LBmGjBW?ZYEi
zs;~nI+tb3@*%Mfvnq1UZufT9MnV(Q9kSI;L&H~)*{e)-tdH>?jODz|{R#za3XgbVr
z;n#41ZVoJ4ny|kMgo49m#B$1V3ayM~$MCq@P`=`>OqcMzer3<wZ5E%jQ1{qNBb6RY
z2#4ta1IFG2NsoNI>_Hj)bP_+|`-tGO2kMR2Ug6&!-mvTPdt;C%yoBuyzNn^jb5uF5
z&~0tvV%aoePRwSE5`9>_=?)=u($FzUsR;X;&4JSw&tER3`)GBf%5Awk{Wia=kyq+1
zfmu95?~|Y*layTAuiL1%DGZQ-R3o39Bog5nU^W5{DV*JEb4Xnx@k*;t-m&oBgqc`!
zwZ{$}I%+pJu*E=pvxL#2NlD=X?w2@JWZx`qOa6Nc{&SmA%OiBU9O_aWm!NaH9GWYp
z1)Z^jz$(ee`qfS*!Jv=3t*!@T$*zYv-EenjUeBvJBpmLzNUqPQBV1aUo|7jrB5Im7
zp{unI2Jc<>pi!Txl=I(#YyPy_@0*9h8_ne+{^qHCoJGYk3x0I>^lhII#V%}p)NP~C
zJmNRiUP_Sm!IhPgO5*%Q%zM~WKy*N?<k~T4rZi^NZ4%#R+OzakF0B_f?LI<=42q%s
z)|5bqazz?=`!(d=qG~}d&fSH4+=vIC9r;3Wf61|BHC})AGDI1?8f=d&P;a4>xwZ_(
z`0?wN)=B^guRBfer43Zlvo>qjbxVCU54($zT_R(qCJu(~Jq4$UrbOIkgZtGwX(VVa
zB4fctvaJ>pZ%>Vdx0g}<p&QXbbXcbix$pX<^XMRvFvn5Did3q449U&yW?Swc8g>~P
zF55@NLM@yANWyi%w`EH@RY{|o{~=0*Hb2w-$_R;}skTII{dalWiK;O(8@5AhXo}nd
zYiBeHDI1qow%GXh0=3s*B0IqXgtxc>*49T;0#e*}g%B<NX-kwH5u2Dcdk6Z{U{=+{
zP?}!p-Z99F=~V*5Sicv}O(F^frzT%{s_Y<DnDJ%!mVEQ>YFWC`QiX<DkIZ)8<CUjD
z#tba<##*+x41TQM5td%=Y3^6-zFIt7VWr1TTYsu>VloRSA23l18hr_w+z-C>K70S@
zek(XaAsRFi@j7cpsWd)Ec6&G>r*69P6P1+u`xKEJM`w$pm+$CGOLC5i`ubEQbB>o>
zTB_y&y0O>7@wc?uD;>)^Q+rJq6gk^XDBxGsU!C6HYi7SU#UQ&W#=DS`OXY3Ee%7th
z2GN$)`5T-0zPoT|MU56CK=r!34$we5K#BVPkQjs(|7fPKO1a#IDXPC}(9qMG+qz5f
z0Avzj>{AML7f-4E48Xs~`Zf=NG~|o;xKVxlwe^;JdShIYHI;`{QkS7~fx*<dvE3Mt
z1Sro?t=s2x|4(Tr*NO0IXKoxOINpkp()Q(ahWv9nP-hT3fq?_IDP58yTNZtDL<h&c
zmAQl{_ed>YGXFVeJRf4Sg|#<clKjcMY&<g<Es&lqYO)V2vu_Mlo5wfIu{aJ=lqHe=
zb&Sh%$$)jCp32v5*{=`#xImg6m)Jz5=_Yg_<hVQ)jH<&|qI?{;bcgmDDwm;Iqb`E`
z(LC`~`_(78vN$5p!+J_KJx8++SDZtU|C@t^ER9519KI;l1dZ}l40s>g%+4s&;TYL8
zNyk*Vr;Y7rTYj^Yg}k>;Tbgp(Rc(<gy^VQQ(Ojc^1*%QBbgo0q5Z~fd(NfE}_K9I=
zyt!JXhwxH^1F449OHhgyJGFN&YsEW@e8)8uVrJixPkt#{YzC+G`s1xWAGys}V9B*c
z`r`6ZDn@N$EzJ&W1MT-N9pXw=xrUfC&o^=*%8J-)(}xeQZd(<N!&4g(ehsr}SbFI+
z!b!nQNTJ~>!NEOpST3k)l!wB)+UcqoURJAeR-tZ}Etg6Rf6e^<`h%eJAs61&@6FEh
zH?lY+B%w5Ez7nHrvD6!{j9;bF>3-~g1%Vu&griOGzjlq`PYoyLHKi%DNt>v5JdSgO
z3<$;i@)~i|6?B3N4omF)?H(Hs!)JDd#gi|Ud3tl9ww~!w_?f!}kHy4`Uh6|C-p9B_
zIRtjpzU|A17CevcH*}`M*?X2NrH<gQq-;;8yDK*E(0fy-oIyX1-vV^rOu9=d0@)@a
zH`ZrBHahD}A3F=4i()s6L&n#)Uv#A~&=sQbw^L@>RD`6W31m}IK0EbdtIQ@1ebv-M
zHX81<AbI<R$j5w)qKsvG{f3^4!(>T!snG}3sTULLs#$*~ryjg8I;s`ChL0N?jIbWi
zKK|5X|M<uD_WriOGi`}H{9<@O*!pPVW4+_EK17M&#$a&dNx4FsdAb?d)h^rcu9@F?
zS<TxvNQ+FfADTFtQ2?ctQcigI>43YF#?R7(VJ{x@-L$Jjo-*L}&z)uib&k#^B`sWR
zX_|L+QN7cFV93>RIEUKKE30dY*Qxs#`AP<chW>{Qml<sw8dBYRvkim^C5v!6U~e{&
zQCGW4r$Gj8>lLJd@ATga)x6_9geaGK%GzeucUEX$L45AK2+eAQ-sApwb#Z+)xYHkZ
zC2GjZ+1FF&4J78);Tn4WpZdlRq4O0^QN_lu2CGPQEaucVtg$s*Tzm@Amn30tjzfmW
zE4{X|^9GN~)ti{li7;CE?H=JjcB%+pxtXJ=(67~Foy>>uE+Z!`R~i4e7NGd8Hr}<o
zgm`HZmv}H8K8@V<e47>5J$O_(65}HVzSbc3POJHJLz`o(+%6aMf>G_Ge$aR4JuXt}
z(5l=&b$RNoM7Y-S2~Mht#14v&4PRm$U;1m+j$fD(qgfNa{ZYN>OE6!m1;fF^SC~FI
z)`+nO1c!qDA6s7;RmZk;n;^km6WoJaaCe8`Zh=5>cemi~ZVB$eHMj<M2=4B-k=LAi
z&pqLMZ;bt;2eNy0*{Yf~Yc;9{oztV>9<EcFuINYt%gIc1DwS{wG~+o%_)oAIFTzms
zwY?~jbNJ*Rl&e{qu|-K0dVo2SE+&yS9p5W{9=f-{QK3&N8YYUsLva$0t9Ljg=Dc`Y
z2oWYh;;Pr5=Qp5COh=@zxZaDocR4I$Hu<;;!}$)~M&i3eUjYO$WlF3_hqK51&Uc9K
zxDDrpkRB+G-^6*d09*KUaq)Q%*wzf<&LxGZD690;INg{qd}VP7P^V=vkww_+9d}Dm
z1wJIo)M~lJW0Q3FK$~V`pooxehuYAQtUm~=MW4n63|GaQz0Z~v47mKFgGYgQDDPq{
z{E9|-)vZ&%M$)L;n~^!**+|Q<`7=tjKxl;INr5`|52EWRc9nsxDg`=P8x0ARQ}Hw<
zsYh;qy72UmI}77GEbcM$<exHzbYW0b>6~DtweKj>Odp}u7Y~0Ik<0SJ-_v9&DV3|i
zJk;t9h-1vt8KP7&(Fn+H8O-<?OmcsqBc2vNdfz~9NF>)&I_tDKNt`vL+Th8(+^SNR
ze)o&(eVw`>LjTryU3w#?5L|Gb6G#;I&TSuy)=12O25sSym{UW2flzb!iLACvq=650
zz|Q<Bv(jVTipo8o#x+!&*?nA4NQe0_<Gtn20lvw=!os(P_#uiP(*kUtVx9(h_A;gD
z`Or)SStYf6lYeX}WfCYfBE1cC<OzIx#8IW!W`4zf*^s?S0#|BqmQ3w3u4PmjX4_T+
zJ_!!7J6=3exD(e@XQ}t)SXS+*kw>XF44OU#n&jc^^cI@B7`@)+64iF&F>~*HaC;=0
z*C0<XTcU-xS#_Zr3bMJGccni!5PPhgy62agcUbafHmt{EO;8ATiS@&P2>N?1c!l!%
zw1bIn2#!hYkrDX!P(W5FJoT=<Gf7m*OWHi~q$K8tY-?(t@mJ^@6bu+7>Se|&E$6b<
zVxa2{zcWw9Y|s_`Zmi*x9alj5?6<+jf4!jTQw)DW$8eHGy0-KyV*uHxsI3`)!k*qG
z&8wCaE%QR)Zz*kw&|UbyRk-wU%Evv8YRBR-;qQ%^7L1QRTKP7bNy*9CIzKX}JYxt9
z&r`a0cx++6I#?7f5<TJnE{8xsVeQJcJ^I!p`DS^<rEwse7|sxw6os^RnODcuV@dov
zNy(wD!{b%7$k!vXw0ygLESZI3BdSG-sv^@x2t!FOCz8owBhEo!`1<hrxAA1hd<36L
z@rnK!>E0;JdHgFfI9yaZnJ)N3DeASAD3N0t4%=dPjvuNGly!kYXbR=rH8j~%!VJ+B
zhU?p<%801y9}-86cr=t$vs(>qggeH9al{unh~2e#p33j)B;o}n!+>@_W3~A-d$Z@Q
zbU<0Gh!9Hr*#>=ymJAApiC<dpYy<Id?$NKJLLp82qrmxa4QkaOc2(h^WcF(6GF{$$
zh<B7#gp>_V!Y8947fz2~Tiz?T7NNSDCiInLtfg1?DRcNf+JL}?IN4N=(gnNm;wL19
z8DLl_K1JC?LrT6a-n&fkoK7#@Pc%62MwCpVQfc%Zs3SSgv4|w1T3l)qyV4&{Nw@Ax
z5($=r%MVup8}z=qRCZ>Cc`!EpRHVg5Y#VkkCKw<YJ8I7a)usMpca){(hAQ;O_o|e)
zcVyux*+(nOn##)}xc3&1=rn3=s<dgr%ofX=sztw)Ve=S)6TnmJYe)?<t5>B4=E;62
zWrlS=@wnLQ2JAK2Z#ftErfsFoJ4_4xB3Wm$8+ygv>^8B&iCPyQ)&QL!!9g=whMHIA
z(%TyC=?jv&!%FQ9S(nAE-fTs!3UYS6y{9DGA@3%JyR~gY7myni!bE{;ScZ}N^_uK@
zdWJrOGW$|0bdq+aA!upL!NY%xG>H1O96oQ9nZ&&ADrf}jqQ<Q(Xi*y~f`uWj!i*Rj
z<m{&3*($Zi%&(ONDsL5#)NDy5Eg?SY<ju`nYdTY|)H@S5x6>}f55Z=3Q?7TJ5!_mj
zvCcWelS4b(bl2aUi*efs&5xXVP-!I@uqoH!?!FlFP;O<rZH^g{rOj70-0n_Konb7I
zGroAs^e!XgSm}4+#J6sz&s6+&=Os=HNN5d-O&0BQioFb7pHb&oih>FDSi6oayw=vm
ztUj17VajOix4GSKHon<cp_6~2mv5wb6Lteha_8h1B;NCRYU_8s%O#Ve<pY|ZXryZD
z<6I4%rk0ngEWXX@B&d+1+S=yVf<sSZ{GD|?Nso+B^xE?3>O)f!n}=_<CCoXi$EsEI
zp=a1(-D%xz5_fZ8k<}>y)W>FNvP-X9L{g5&jV3>I7&Gc+sjlx-M7j&pbft@VsGpSZ
zy<v*`jPI8$%G5abvF;zQ)d7gG2o&hfhSHmqa4c7>TW01$D8w5`x}n=MG^fl}O?)oa
zRZzZK^sNHTU?KwJPt+6u@Vc0Mpabx5n$Rm3{b!4px*!I*u#!iKu7-c6uz*FQIFeGj
zF~Pxgu6ffyxVW{b3I?KMEI+p6Z7xN16H%fvNnqkvi&(=jlZT#G5fb(enyq*9x)3X;
zK{T9Uz_YSfRZxKPBoc{cI}$dgqD7$k<w@XB0L+GeI?V+>6t}8x_wcg)q`Iiqne4L9
z*RNJBJ6#&H#W1?VIa(1H6`1KlxQeTxX$^D-Q<*2Uh=xS65i}f5kUAahXptZgwvJl&
z4-FEn5+|3%vpY95MG?9C^7%7fVRw`)0(DNk0hv9{y%dAWyx_*lsa?FE2rgq4G}RC-
zZE2kN`OKJRQRLZVU62;)G!T1&k{j(~iTtD3HM<V0cUM?ytV!U>?34Y=CeF5l-jfNc
zidPC@uE^od<#%NE6G!?VqZx+<aa8r)8idM9nn&d{C~cS+zD;C&n5Q0-ppMZ6&MS9a
ztwz-`9Fq(gVzK$6-DIuNpcFRP*s>iDE_ucrTu%h2m6Ei5)k}5%;{l1xA2>G3L}~8C
zzZnx#_G~V$KYGzRZ3|*ti&57WDjJz121^{%+>FJvw2N9js(j&F`hX8w3L%9)9QFN(
zD2yI0*R?9q_HYKf|2$ufe5mK~QY-5QX9~kNIABAT_e~qphcTnL7tTVTK63m0$#C^i
z3S0PE4TYuKBA=tAqi9<SlOXp81LgUUvki0O11M&FOBOdzkkpj!N8cnF*a5wrO71w)
z<<!wyRNTJwqNA?HhE9X$9IpKi7n8KHuJAVWF9~E-u#63-RHht?Jo+a%7dTACPmSy%
z)x??VRZ(<EVE*^qbCo6tqSuzC_#dL&T7x>GVY<mXBK#XmW|T5hMLU8+#7T%-*_k$f
z<axAIsnx81yStCK&Yuvyl)t98*$+-t!bgsBD;VlUQN#>PHJ0KP<6<fLW^3QS?Vms|
zQ^vebjMxz2Atv%ctG#x)*%6Wi<fM4~c_dl$fg15`BBh=6>7ofu1`h@`+o96&Q>%OS
zKs58LOAe}|@Mxh<(`x`N4$p<UrW6oK<Ia6^@w4xgSuc?aLpGE9D<?u~(PMDM`QXVT
zHoGaV?e>ExjJTVlxzEB@cv6iaLYWRHQeu0He5Is=;ZO_)jtXsO+UEYs@qXy*-}8m6
z)yLCNSR)x<g}#P;S!kfh3w!&u&Ppd&vn_k?{2Z7Mm@Fb#q<u$5I5w*;JpE?#DSxqe
z4cF|-&MF=lB6RPOoaLJ%U)CjkO0Un~e57Ay`wQH<#53qvp&Ov3%?u!38W3V##zH*W
zp_H#>+A4j(QHK34U&eg9m=Nf)@j6T~(s#0x8#5tc;E-l}tRsHlb|WPk6y?r$^B-J|
zY@FEc!->12`2V;01IE7pubxH_tItUQo+fpWnHaT3NIJy%{G_1^7A)6T2Ch5@15-yt
zWibhrgP5Z(%4frN-r5ngxvMWAlkC|XS1t2n`s^9QX!%D$OcX0&{&CEA-H@B7JNU5Z
zl);1BvQ)iM+^f`r0W_^a#Uj*iu$J@LHfsD&V3W56Fe|Ne+x!8z`|B-4Bh4QEVv7h2
zGI3S#4#jOGl?rGPk32sXS*&L@b7NNzW!`p+_GB)nf`&Z!gxF&|12)0ajk~!Rlck%7
zyo}^fVvD&KDf>%*RlD$yC=U!);*z&;p>^fj3dCuSh=uv$!Ay)*-t@ky^=}Q~Nvk9L
zS<IKRBV7e~f$SHvlst0B1bK>dD4pi#AaR*L#{oBgW|Wp7hNVW!$ABr6{OEcHLq@F-
znkB?^200i>n93mU#B#k#Jxjh)0%GA5iXR_|NCF*AP&d29Y&3>aKP(bzg^ZGO6bg@O
zwYf*2f{RqdfAo&&6vrGU+xRBc=4h&~g*i<Il>{APqg@@K%29qw+#FOSDg1QN)fzNJ
zOeNJyi_%J#uQZa4wxU#=4eLYMP)Ayl7j!#DS@n}<CeH@(T`9iJt3D7hgCy5CgdW6%
zC|?aVS>L{DsUuBP-VatjImoAiU0x{qIST%%8~(ANq-qg=LzJP<`r1e3o9AlOL}VXS
zbJ$Pz5{7;HL)oatng-=$*&RpN1ZP5n_G40|J0wj-dJGr7Vo<>+F2<&)(1x{*@N^Gi
z$xVH7E6vm>hJ4chosuJ8Ot+^)tUoDyg92sl>{3g5@ts?Z@OGXqgEw!UYIVH}ftolI
zdRd5k$WQ3&P<DigGk3XmEA+MiPo;Y<PD!bS@1g5X=I@*J>v&16=qmFiX%+%E1pI)!
z8md*VTeyM>Q>@{%j+<!kO8s7e60HwVuODCU%>H;X&X2b?=VL1i54OW3QN@2Sp1<N_
zTiMC>NMbNU@zmr7Jd<0cBRX!0k4<b{<uIDjP6eZ*RR0I-m-#$DRQI@0;|ph+R6aB>
zt0%ZySoE)oml_3HrAGB-g#|;UeMi)pC~KZN^)>`)ZgujR-Nds}(Pnkpk=c8%VczCb
zK`KxOnrt03#I20C>|PH@(CCAGzVFhf$y^{Fm0<tqqI+az>v3>rmOju%j;MRf9aG^P
zQ*62JL)~}VW;N-DNqi*{!GYp<Wo{P$%}>laupK`nW8={;1e0q_qk1mBXbE7b3aeV{
zMg9~A;yAJdvk`Q(`(KlDKa|b)pZ}{<7sXGC%cXLcWcKxp@{OjTvjrF|m(7RXb-xM{
zK_Bkmv>qZM+)GZ|{4rea=!I0bX#Pp)z8ug3Te;w`WaI=wikX21#Um>Ch#*;ojbH~G
zPZJlrjmvZ#)wrO143t@6;TU9#o-)6Jnw$M&T1ysn=c7rh3*+!;NU?@Mcw8<njnGKj
zW_ChS;cx6iU8Oen83aaQyOH2cj|vTmqz8tPMpL5}C+wR=QTZEQroWY8NQOP;skTz~
ziORkNpO9(^e?hfT5{9-(7FVycXN|yHw6NX^UQw?1&z;|{bBXn1k?-Kfn`=`HR;o&(
zUd!@V!~Jli$|5FGaqDo8d|zXkjEbOTRQA!p#`)Os;L$7{6`J(h_n<(xVLrtOew4T0
zX;JY9c5y%>Q9+?1T|-g6DeP56Sa6RngmC?9TFjUy9j3AV9q0nN*1=2zm%x0Ny9rSz
zwy0wmfQKu>9mIZhQYAtp<2LDTro@;TJ<Bm6A`Fz%DS#ldkmt@h4>ri33F;qc$;Yta
z9mr|k*oht?g{gGd>2V|DgaI8=92J`BV%{~uW9O!M#{|mQ%1d~rRh*f(cwXYNwElvq
zQ$!N<5a);Z-o#dhEyyi8c@?!#uEie6C<M~`mCzz?gkB_d#dUoQGnBIP$@(BDXl?y4
zT($)&$H8w8o52=WGQQN?E?@4`T7f`Rlm*W`t3c{7&#D@)^Q>Iq$npqM={u#)SrfZ>
zWRlP4cT?<6TckbGw-^S2S0Wki%UL2II@5&}e7;=I^@M?264}gdvnO9|DmRR+!=?08
zY*xn*+jgx6XMC*TjE-r(X-YA<@J58(5TbdInafcab=3aH!C&NdB1aCW5lTnL#9cuQ
zB$;sYm*j$x^+qB)9}sD&X7=wXNf0=0!UAwOGKYS=`FxJO_0^vTkF6lqHoadf;o&py
zKqtUe!7!eW_TaMK9fH|J*5<IPLapDt3o6QbXQAh9+ZGZld$t>Jm4zITPM<w!@PBJ&
zh>i%15{qzLu1tl)F9@Rw$6X6E_6J=XS}=8GH-raW>c%d_sDwTcGW;>4QfoIV+Hc&a
zk<_h+G%E@QYS5>;#mbQ~kn6f;If|z`>itVnF9!+lZB}4OwUYgD;<VJ)sBY;(3vH`s
z^BsOh4f7R_s-uF*XuW4vwG?R;T<)P<$4gZ)us>#{qRHN1(X2CPMbw$t{*e5kq{;Rm
zEEUvb8he6PH!Ww;NR_B{tWxta-v%e1k5+LyjVdf=BP#}S<G)zuKsu=hmcZx7jcBUC
z6m~JXG~TaxPrOQ?k+*!p4X5vFk8)<EBB*VKA6lLBP?f%MpF0<%`4Y$UDL$?NtsV(A
z-;@nPxLs1@?dVExER|GJr)i+C7+*lF4^75BRUrYls&w8f9vRMFU!tG}wcxcjYB})s
zeZ$mq3-6JbjKT4WswUFECuY$|*_6#U!OM7etJC@RKG=4<KgU^EWRpC#N{x2fOhmY-
zdqR8Cx0St1xC`w%k|Az1M?;4b#)fhjFS(8B%@g%UVHlq08qV4#MpXnSGs;4f+aOHi
zePWvZ7$xeo`C`zcT9ZZQz?iXC^*t9eR=NDbG)-!Gn$}_Cg<xQw1Hv#4ZQ8>4r6!}r
zqWJ9me70trJ_935d!-QQW9=tpH4Sxvd^o`$^Rn11`fp${sIz6sJ`J_?M!v5!K8`5e
zyX=EuCUh81X2Kj~HSfHnPE_h+v4Jq@#a(QY3JB$LIAD-WEdJIp8iB+63ZMmKEmts(
z380i3kh*6sDsH5pCg%8G?9bQ3*5WtiE>_vn4ziFQ(a|auBxuTZJybQ6#MKiK2L{F9
zd6jsB&n!{Ns~n-NZN%-XhLGcDxMLUido>s<4QCDzq6c>>`CBIY5vQTkT&3H(^ml?W
z8Iw)!b`<8?tc~Kw72f;7B2na6X#x3_jZE4$Kn?mc8w;ZI`52I1smWEtEN66-)-g;K
z81HZ<7lHSyFxLB#MgM*6j%-)~?)Huv!0PHf15r<#`Zh!Q(Tj>+fOAl7ueLtFIUX4e
zf|UCc0BI{hXGMvm!NjO(Epp3iyEl98mcWu!uV0X0)b8B0w<$-&0fY^~+>qO;*hADc
z@w1WYGIfRE_q~V*Dza!c0uq+wD14+FdRmw$5-A?KUC0@7Ty?cSsrBzR3SIlhh()yU
z4&4x${qM&8GceQdiVjgDOs0Gbslqb-6Jkf5x?8COGu<K?f&{C|{YOd^shTvfF@5;Y
zEK3*cWNC*7i7Pi|)P8*7+>m%uwxmE17ske!T@`cYt}n*)>y|)H$;zW;541-W7wG}Z
zumOcHkZuES!XyM*90<LVQ_2xIC=jWSi_{98xxb)b9Cp+yIo;ixr_zvp@&;dF#cxa6
zDcKV+$p&=A1lUU0(=T}Ha)WCW2=}9rN{jGESE$yN>2w|9B+A#Qkks&7X-OKf%16-4
z%tkwkBjT$6Jm&dS1zY;wgTr<~lOtOALcMkqdT3~9tW4HKsceiNCbefqP|c;*({w>5
zAV~9~*E9Zyj9_JOR2FSt`He%4t&uRBa1o}cMazQEh+tAMGRdv2u;EyULBPNc%NJ6O
zX^>8Ueyp{*l}?NB%yhUCfKjt<Nk2l$;qP|`eK48OUrQq!Fd;cg!MrSb7Xc{eNJgPh
z{D!3*>6p<-oM5rdO%rb+OM?1?)eOuGowoP+iq7b~^Zm)|=Pq6BHl5Hh;xE7OU&x6P
z?{$i#zio{q9)0`8*Kd;>9+*HcYrDf@G9whgDFt*L-&w)5O#kRclKdEdQj}s~4&Y-{
zG=;dD#fF$<(<;Ra!oL?n;%LnJl=D26V_nE*D#-OBlOIw!pK1}PD}e?)nJnv5YXPb+
z8ELj7zRhMjdo$J({#+o3nIn~e@}3sEMfJe#=QO!fsX2cqcj0Bt-PvH7yOPxB7s>zg
zA*6!n2t#Svx&LUKJ}jJRPV^d+PuJ_l^Mq%A{c!oeth`VIwIXv7tR4H|n$+sR`?rbI
z+fO2?8q2Gx#AKDO`Mi8kaL=4JcNwrV`<tEJ!H>IvcT`Ay;e*?gYdQX9ds9_kB{ygr
zzUDOEymz7AOY9H#F)%6=kwT$1JhfYnpONfCA(FtQ%mr1;--gtt*9TH>%jt`6_o%gQ
zLc?M>Dcw44$-R56&X9;~WFwC${q{R9CmtwFc*(b03A(077Lw7v!+mox%35PBZVZ=;
z_`rULNAOZU1X_=nKZt?s^H$Ppptqezbe}+jA8I}2vEv-~%ftklhn%Cj2*c**RqS=8
z*|`Q8`<K<_YR}MA(Jp$F-fH62vAnQ@fL~&k#AXrP&{7{KI%EO>m*7eHGFICg#jsHA
z@L(G>$PYn9xn^_=v<l<BD49h3!M0m1l$WcCL#NgvqHxJH*o8{@s%S^p0^(;$M07%<
zNH_w%(Go*Tu(R8+i=&85hQ(_te{x+XUacXO&hW2vy<982Yhx!gDqGAGJpA3}fmdqg
zk>8=$;=JdRt(}T}W-O7e;GYg{8}C&R`L(psKiRn0s8c2BXc22a@fYKV?2&@P0Sltf
za|bq5X&L?#A+j!@Ef&Osx!^Z48ed(V_4EjVaxWa6m9;|L$S09LgPL(00Mh#6$Wq%k
z?Jmb%Hh$@jM(rOQmEu4{L-UtCZNhCqD1bZ^-_N=c*%kh7^u$O=Na%~vrZ14d;l}6T
zSIM23q1P4mA?_xOpfw3Sh-G%t*@O=%u5#>`-c$iufP(dMk}ARJt3O)oUuCG;iJ|!j
zbH}^op#SR5`_;Co8A&X4wP>2U5xKuufGW!i&ES85KBm#dQ`&crp)Xd}#w5!EKNGX4
zIPXZ1vuI6B8j4*IPk!h|)vKiyuXqF+Ej3Y&qfv!~(|)==s77~OGbMG#e-YLReS)C<
zNe<wh-q_P|;$;bznY5-uoZWSDSvj|W-XG$xYdP8YViXX+`*~Br!>uot0a3o4g!Y!{
zbLW-f^}3MV+#4W~A(iFFZ2c9h{(jp}h4docUo=)k1cq-aN3rb-Ew7|_<@X=GZ};Lw
zZYu3mh`y({paNaQ2A^?^;zDbos-Gsw9q*X6?kMX*YW3(B$jnnoks=S*_RmqKLh{50
zWgnEBKa}?6v_ivn2xA6yGgj?Hf;*p|aWt|P=Ga0{SuF`1F6Fv7pwp_W1nVo1BOUuV
zS?S`OK}bL|kJMQybvVNKki%_)_Y8OJ1x#3P%?fO4#W2`oJ@VYC(_yZ<oE(?F=?#RY
zjae7NeM9WouXs<KC7zKJ<vagaY!x-m8c$^Wb&E8L^&OnEevQN;C(`k6rXZOPVcSUY
z;p75z7zu~-0Z6j0AT;7?+x>Zw`eO&h4xO@QNM-C|k%=^-(0OoDt@vxG%`y~5afnQy
z|6f=uUeFvR(xY^?C0@|<+=IXsAohNHjH6Hz<*uPnwLMVmpR^W%5sxM*Xlde7XXpk*
zb5erA%^wu;44>2d#5>&jn-Pnb<yZSWaz**eLcL#kZDugiowaT}#ki{|2;anxdb^xq
zsbnK{r;{M^P!dn~)mRu=S{8Ji|HfHtw#C1N!$3*^i3-+fx491!f|)>x*NY~{GC|2T
zKIL{DQbZng_DsuaXDS?NwZU_NK77Ru);Z=;j>t%Jf$M7UledKm-x(8Zh#{w2L=OA?
zOyTVVD7>-&g%^t&>#sofXEo?90v2t3@FgZ<dcgm5UdkU&4#+MT>pIXJH}1dxNG{G-
zMq0i<Q7`kU|3WYVu$=h8dLT9^FN?9{iXnF{lB<f`S)aL*+F@ADxlK3kvkOQ|<d?ui
zrUdIrA7vAHV~aE~e|DFW1n-8QfA5<(tt;160FFlO9<Ik``K8>jUm{ik>9Q`o9kVPV
zXk*e5TW!|o?*g=Rn@m3?_Q<|h{hqM8>xR<%%xpt;Wu<w-NL8U%8pg8Og#V(eOG_@5
ze7nG^bkiCE+dxhfMY<7VV*@h4c$|9-M0FQ-k4pQ{BO<sU5!6%x!O{<jo)Y_0?I&EZ
z%o--A(_T=!1*$?t$l>W2uC4}t_AD>KKE-R)R|!Mdej*dvN?*D%I-l%tU~mA|)*cc$
zxq&P`Pgh_MyZ%3W&tLmcE7dcp_-B`hA#Q2kaQ5ff;K&7Fr)qM+h^`<Z3L?$#>IetP
zSD7#RV}>*>olF0fWih_?^5P?vGRn@-B3RPSbRsdFtqd{?PUmTE;l<8aV&nDWPA=c9
zL9X1}nu4P`7zaqFN;-%(5#kLto7_x>!$z~J8H;Reaz@s!eP$@1&#>squCOrIhNDl+
ziJc{)DK11VVq66=Wz5kWiP`7AOCo@(5dmJM5^ywJFew?00PP0~0r6hRFBUOZ?kDc~
zKrb4VQ&yM`MiE0*#GlP3L1GC969^l#6r<(Z+PF(Uv>V9Dwv%lDPB-Y@1qdjAW}ZHM
zXhA<K{UAUeQvCIE4JgjgR;8}O#Al-!gv=5LsMzQJ<^l{U1pgot`0$qnl9GX~$wr@8
zX?UWe2xD3<2AXp`CB`vSl>a53a+shM%~dZ}Nm56yOMVVcfSJEfWU&51@`Ms-(8{wm
zbBip2>3-jT1bjYoG%_NGVd{^V(fs-;v^e?jInf;(-@H;S`i<@a=LwoKAxre%(2Me4
z#6j9wzxna(1^f!cgfRP=JTBiB31ZBA1OCb^2t83|n=DAaI$HP&c1sy-)~;u=L`0<D
zu;`d0yx_i*I)G)vav9V*I5NIYE43)qv%uosH5GilwY`s|Yt{CHm*5^0S=1B-BWvKY
zf?4{zh+4kTGRe45mz52Fxy?_#%|h(<*sRyqOpWKo_X=n5AFHs~*gw%-I3))I`LV)m
zFgNFs#IyJP^EttQ_NPCXRTt>OOG*+K-G#U=52j3TqGT%UR9#8gkbN6n@yv4^N@sxo
zKA_rtkKh)IOW>IFXY%BU%D&l(^gBf*KpEETfcF}LvP98ydi0qKn+0%TGymqoc8_Em
z7QYmKKXTA$Wo$=ZB?;Gl*l5@FOy18kx^940(rq3gK6`q8F7jJp?sTu4IV|}B$Mk8E
zoGzu??$5vz#a|D>$x;&Zg90&E(aYHWEwW?C*aTE<uGC<o{?>akqnBm|%t26tMcW;G
zDGffBlnuHXt3*?sfDQueEWuo(1sY&Qixf?ooPv&+Gs(V(H%*`Y<!S$u*DIP-9(=gG
zFyRE;hSTlUeFhd5I5fBbykYE@xAD0VBt(tClX}(D6l^T^q*0!Gf32}xc=IDYBE3G<
z2xx+RWAWo;?Rrd4l`rbJPHOX%TV#nc{)hYj>>4CsAjkXQ_Vjm!PI=|CzLHb>0fT`Z
zi1|n_v>e6nP6W_xm>tdX9k=?2(iLabw<@HgwG^#U7ux_d;@1Z|dm7z_B!k-r3^Nvi
zCEw+*ZsTm_IxE|EpHEMYXqC!m(9tkUB2z`rX#TMZ;E7Lye^!Dw0n|8J2uR3mJ3zL;
zYmHLhg#Z6nU=+3kxgE$Uln=+%XYal%fPHv!jqtM<$<z3u`QdN#wP^-`qaCpH;ReUp
ztEjf1fhoBBF(CH`D3=&i?z&J0+a;osO-d+uJ%=xs(hcEgp%WU-qgmwouI9*BKNeH8
zNEVhWx})oP%H+?_nm2z^$8gTMP`U$Wy?6l&S`s!`iHXnjBZ$otpaUL}H1qID{>6<?
z(}OHxPXgC<4=I4<vh9#Emir{Wop~~}PE@tk=jYQlB+x*`(pFDf^6~~9#0;QB0kszE
zl=;PP+DP#Dd~6C8mRh`_LY8IhP948@Z)}`+KVVXtE(X6?m^fiAG^s{!L?WuAJ7C|_
zLySdioE;Ikj~in=VTa4F^CJ!vYo;v55lfp81cA(AEo+J!@()e(D-cxxToyH6V=y4C
z%5GeA>q4*I<$XW?+sRJ*^{roUe^RU%(rI?3c<g$_3+eHLRSFQo0u_96EW_i&$#80i
ztocyV$Gxz!id^Ly`)PVLc8BV0qx=-U9F3N|_uEQn)07tL1z6mFhAI9}#Mb9~khqIA
zkX)>#J$_AW$}=Hx@BMU0$k!LfF>)rAVY%cxy3_xSk|jT@BQ5s9_znbd#nPn*nnYGq
zR8*T+yPqkMW1Is6_g&dP47{o0!{e&twhJqIQqUJGa&<n&1h`Wnd^0qN(<kl$ts=uu
z9)9+3nL4QgYGC2|1pkO%{9r^d5O3ZT;6_9eEOi6L*2&o%S|?q@IfmeQgvV%>NbeV)
z+zK>WbMByj=_3K!zd@3BU;GIpqnxiA&P9jW?gyxld9D=xwly-*D&o4ldA=v{fv@?J
z?rLlzpV#i7YaGzp^h*NU{Z**!4G^FJ2$&Y}u>~VPlF9uRt9_&WA00&b!>}6;`7*_O
z@lR=lf4qXT<4~BD=s*kB22zE8c0nI!aYAYR-p_V3xa3;`nJ`@BoWEPfE)(3zfswKY
z8GTnhU^+|*`jg8UtwxiwYL3EhY@SeH*riOHGc?f2YHjKqI6Zc!6kh+OA0x+jCnvvE
zn4cpN$}8!MFDC@d8_ggJut97|72y|>Bt-^?z@DLcLs$h%$m)-0``;0i|18qyhJU4J
z^9TFRR>(QUVtNFD)3%Voss6{=mpeH?z<qx}y4oJuU#2)4ERj+Y`iIyFTT$3O^tc+U
zO9q$aPA&9iUsfsNz7RK^q%erC=Jv^ek$(J~{*Ms(!A=8S1*G3Fp_)Ve;TFK|`wED^
zKG;P3`V^uJRj4lnDhZ6vaN}XK{<#Kkh!{eEIxJy5YS1_s5wS^)Wk=K2_NkP-PxE9U
zsVw921)briDh0p(b}`axod0bC|G78`2JR~xKu`YhPf(!p<=*s(1XxvN_<PXbgHQi?
z9+*VnN&LASPxCf`V(r(*3Zg%sv+_T3-q;GU`;VOYkm2(6;{W`U=WApWV4#mUJcR43
zh<69#_M1P1!vBeUWvdbF3<@ol5qP_gt;CSW=jA`6ByhdP2MFQRD{RdJ4oHkZM4!O_
zblp~OV1@MFy+VKf5csc8X~561#ZoS)zE#9t^rZ2S|IdPbz6k@;R(NM|75|6EU)<>5
z1Dop}Zgc#9C=A%0VS!c2XLo!2`@X5beP_wjg!gp+%QlnvR(C-D=QAr11G1(JX9Y>V
zu<6rG;6HEpL}79Q&>c~`7%HRx6yzA8_4=7QuDxCNE!vT6Z)6iekSGSX|BDBBe(bR4
z#}-PirVbIGt-NaUMt@Y*!@qdvO=r^i>G;pJuEp_Z1tYi*o&RKZdHX7FjPrUId|~YS
zXYEJN5KJEYfBRePv%!;_kgqm&pgQ6<PycLpLx_P|1ecb6l^*c~9QXaY9DE7NnPA1k
z`}+0s#SPW9522!2bA_od1?z8=FDXot%S)68!Z27)|ES_Godk(I4}79nDim=7x}rJZ
zux-Wz(_GGdWtj37hSOaJKMm=L_RE>;%H_{}pBcZ}pCh2x$571#U2_jVM`*y0^4}qi
zY;2M|#HV-2ev`Kmd!Z*nA2o77+zGEK0`~sW>Xw?PSGR^tRNYD)1CncKbNT$wfhSjm
z9bS<5AL@wWhgp>VK{LLF7?2LZ*=NrBhXP;0kO~4TMqSP7aY%fTCuo(swLh*O)my$9
z5&PrI_`&3fSBw+zRdE-QznJ2z+5qk#+=cgVI}ZX>#}1aBBxgW#P+gLW(V*)jH}w0Z
zKcJ%c7_%Op_F1ac^EBGr(jYc8tS!Pg<*)btMk38Q`a%7t%>dWWK_?x8{mW@-e@};O
zCRMNA_7A>RmgqyG|G5Kj;qws&BIVo9+acpDKlLR4MJ-kSN4-x>TfhlGbi)5i!}-B<
zV}b81m*9&|(?oOJW3>p4{+#y;+IQn|YTJ9-L(+F}W~2QUP}MbfQqsv|-w2c^?-}TI
z8$oyHaUk17sdxToNLa4mjcb^uzv}D%tvEOx_}(tw4x3RvnOT$NGS)^+bzCUp4aygS
zBHV)Jt|IU;rt|{F(d@+4(OzgKik}8Gs{$?5I#zP(uaHTrZRwTkDk4wY-S=(W;wttJ
zharqcKB?IEqi}4YJRprZHDr5vpGvf>ir85(_K3T>FNZ4HWWCaT*VQ(->CyQwWtT*>
z5-sVU&I{P^8w#@*zXQU==V#k~Ypqb20fd~lCcpyL*nDO(1ZM4j!p$6mazE0+RTo>J
z<sw{N&gfsgk&B~_!QBi|>-q9qS7WYOCgbFMCR>-eiM}+X7nrP$;*TLgj;^r#S11s-
z^`6!Lm)Sc5!B)2UU4;JvwqM2iX)G^gwMsSVoO>w+KYkj4#KGOk)l_zW!FFFpJMQ^i
z{;l~vxUYRu<q{f!hl90cCY8eZ`X~p1wAv*i-rj7M4Tf3g;ntRrSKRRx`p7cG<Mq<l
zp}ttMx0sKY_?k#=1`2F$==}yLhx=oPvtpBPFW@0<$vZcvl1ZkPqOLnH-CC5q7G|n~
zr%(4(azOSw`L`D*F0ZN{Zp72~_U4EBGI`WX7On7Gp!tv0%jFsJAw74o8%{$8wgsXP
z8CV|d{l^}d@_HgO<?h`h2HZE?B{a^vJ6n-5zU|>0C7%AbjJkh_v-Ya0*!-VGJzqq9
zfj$Y8$ay<Zz7YN7pDyYh+@G&3_E@azK?Y?j-gvIJ{8m@#@ImQ!mM@}lV6e%_{^|}H
zU)=tku!UC@3mnro#>kULpst3TJ~|bQUc_W?ql(q{I`k+kcIJg6OS|}D2#2<#r};p%
z<OZeBZ>K4}uTOBeZ#$NNw8MFcab_g*b$_2pqyfLqfL9Vb#@0*G$Z(JlOnPHmENd7d
zz7aUJ7D<4;mI2({VrcU8xY=I(vJ+hSxRqmfRjGqY@>2AQx5jV*%0A;>GJX4UxTK<P
zDwD6OH?VH`f#UJ~)GnoId}T)niizJ8j^a8N+F@AXV^u~{GTVlD1fzqt+wArCigO1q
z*^`48LIENYArKW|E9%W=A>t|&IZ4i3KKMRz*yaYjX(dM*4t&CFjh(%$uq<cO2y-d4
z#Bc1J<89)*ceo+(#C;UB@Tz5D#y$8&(yT+bc-0w(a6FbL3adnE`Tc699m0`sr#qF1
z)`GFJxCPa|8Wf#o9NNStS|bynl{}QggReN<+8YIF^^v<AQkH%Y`8(+MzLQVi*sM^E
z{6IqR?#FWX5NME@JKyESczaooki-3|%dWgmfZs%WFF{374wmC%@}W0XN(EZy`Qa}&
zJW)CqKi>wL(H0;7hR_Dk!?3|p0gE^vmix7_Ux0Lg+-2|NO}C+2d=|3bgR#d(|1G-R
zb?lCo9RAhANmoV$-s950d{!L$IWY{g37ILi|GOeZ*hd$r*$`TH(41oj;$=Nq#g-L)
z^`pq~$tWCG`{12d^Vp&Y{eAOXGNg~s&#lg-0_`4H#4DqE+Yy4-KAfAwj1z+PuTQSV
zhypgf2=wvk!J}_`dy6ti;Kp<9eKy*!kf0&J{OrXu4$dQaU_ujy79qBbvVTN3^UUDi
zbPms>mw}oY9XGj@K*OkBBi2EvLlLpM26I<PUk!R3Bm+<^%n{0uc@X$RHpq*XHKHqQ
z6EMjuYFNAbi#?q$=|%}X;lCJ#7LmoQFEnGC5`a?fKAIn$Pvn|sZ`6ZGUtLkkOzGN(
zdU+$#FTEjBoPU}}k7-F0n@^vgRx17Odb=~3nKm>3C9Iki+NyZtDcmn@eT73et@S7{
z8*aJiw+g(RAI<L2$1-c%8Y|~@ERAKI7Pyc}?hraGd|)4px&e*{kZ?B`z<-gj0=XYx
zf{c-txR<3$b0Ku2yJ=02S{R4tw4u2_&OQM43gh#WiH$xei%7)j{l2k`PQwJ;A;n%D
z=sp&*6SJjLdgi)d_e*f1m7n!qO6I)E?ZU<^3vD{8QKO8PUw|gB-tmzAdqoD0c^UWc
z^SXQMb$$MdyHsTvpPJkWLI&vfvs*A3&9GhCGt%M)#aNuIN7p^|${F?63%V_33X7;7
z?-sIjIBZ@Ez`WDWYw6h%BH%M~Ld!>=WgwUN7P#_LU6=jR1>gMXZnN}c#=m-xhfJE~
zf`0&={A4!mEvpK-^BpJhTb!L`&Epu%8mRr>G(@2W0&wP;X^1BKI{~FfeDivjmh{cn
zm{1T5CGoW6_O;BowGTUDLvt6ed+9+`l|_o$IAjdL*5vDBZdW*AUo1im5+5qMwU?br
zOU)jyME7mVPo%`S!psdqE2()_oA0#?4yj_e-VW1_WaW?oBY>Xq6s!m5J$R9?$mTyd
zN@nlfI7~p*mq525&K)f-(M_Jhl@mN{w}xBei@2WDlRWP(ge%b+xLgk%ht$Av2Em0t
zWnY{r!SDMVH3Z-l?=4AzT$P8{9Phb{2)y@*e<ax|j(xR(deB%VxndrTB%ztv{Fr4Q
zVe9cWv$*@l+pmo?>(kgq-|vH9R4AiM*#KCPm|S5okKvRkkwyGKPY3VbVtzx5jcnFT
zofMq_c{F`-h@8=Zhw$V$q3`yI#_V=N^fVG6mTX}iCo?_2+lNDv02N%SfO%eJi$}UP
zNYl95F8Vf?BF^QbJ}^Z^AgU869TsC*>NI^;u}sWObeAt{(t+o!9evGX)ZG0`?D4B(
z-zo7>5I<A(ciQop891)&_&P4;Vvm|r=!TJ#>00dNe%WAF;w68T42%8}VO;%ufV441
z(JR%Y)%&eI^;+Ql+-~xoS08bXVzMvh4rqTtZ{fSuu0pcDITV)?Rl@y`)6fEf=wz|z
zcicxnHXUUM{k~UruOi@IqxTQ|F|Ru#UWgfBrb_{7!`fyAX^AK#n&TOrj9R#{8IZky
zivM}v#+%hUROh;CWV|&pJY_S06I7h9r4Ls>;=o_`cCF`B0krwcG=gVhBD<Tu+<GI2
zAOXHgte11TqV!fR7)J_fAy>%4Y;%vpy&VgDYgd~<j@8)T0#;F|pmrY#EUN8NvF31o
z58k?hP2`GPP6<zYUsGt2EjOV>aXZS^v=ZEs7nVP?(v@N?g3?63^cz`53ykn-#K_6L
z4D#1%@n8w<N4s`^s4<rYik`=<LdQ8a>U3L7hX+zBZLMVd09$g!Pm=qmnQ1ammteDH
zvAhKw;sklaW==*zUe%BEIG-Xj&D4tz2Y#QgqX{vmu&ZZ}$Wh9d1?phm85?oB$Nt7m
zez$iW{TODNsu29840KtB%OM7mC`Tw?n5q_?ah<k4$SYsJYJ|7eSuLEOFLH$~!H?Ex
zq1PYhZt;!l+yy<-pX`Way*r+e8ejKPA5w1nQ29l}iA%hNBX#e#9NV;9N2<YfnE-Nr
zM}+fjzWba~44ywOpQc$XG>B2}aRGW;-r1nX0tikLk=|l^kE^g;mSxn0UJQ(H?ap?H
z62FNB{ZVQDr@WB^wv(>>G4U)5Mrf|X;vA19vdowmGmh^L?zA>R@EqCwLfxN<Bjq@%
z(4O3HK)Sm33?J!bo0k$$u4;|id-$B-T4D``MryHtlapygxcSw%T}DLzR-DLjrIb=S
zyaode-+WR^jT>m!SCGh*GWxwU8D(w8lo_FWDU>V+=6}SWpyxiKbuAV=?ApGvO7Pa^
zw3g2lVXUsudC3rPD}oT2kRTSJl>9F5+hc~#OCHbnpM$j($KUN0Gaq0qM%?NtX=;X9
zWHNPt7E*W!5PW66)ZKLZ9gG#$vP>VIs|d!R{&X}{*#@0wvAqjtMRg<f2@i&;db|)0
zrf9p82*^ONP<qO2LlC@s<Ek1H#M+dX7f=|CNFIMlm(kXf@53IL;)Pmld7tt6Y0&&D
zoD<l`3uB&CDQY~1tGa8+*=Wxu8A)(vW;AK-Yn^}}IP)EE5JX#5R_BC~HAm@{D;|qa
zjBze4i+@jy=eYK7oWQ+`@hZ0x3Y@2`u(vjy(up0oV_f8=q&4NzD0*D-dgqNRa|yPX
z{C)S-0^d&AtMAmVZ3QQXV5{D`ce#LImr?&0$a*W9w#Ts|KoYtOgmT<_&n?N6DTbnb
zjBg@5yGyWDX9LTnpR@WBO(OIu=lAXyR`t%9m3=Ecd%OH8_o)A3eA{^x>#v0Bn<LMn
z2WpTO?L|lXaKFjNTqWDi2mUnH?~S{ik$9Pzh~L{JzH)ZzbRO0tQK47<%$~cuXT|_E
zcdf#CVlNK8iEWzg=#rq<Gk=%*4uM*2FS2bdl8NWS0rGGV0!_W*$^MDMbq;CMbuS<-
z-^&QdKnTVxj84+%9&i@2wj-zelE<VEXIwipOXk+YGtKgTR<#$xUzckL>FRI8=)zk>
zqoQ$rhrfQzo7j!YkB3(E`T9Uw7k01RnvYaC-Pnksg7BkvX~MJMO5)YT{8J)G?4Eru
zw&I8GqU_y%z8+}1-j@DVEa$=}aXXyLrSm$@Z%-Sub9~GQR9I+qoU_x98)0uhMY0`(
zk9oE7LM%2Nc8Ei*pElGEyv|K*3*7gK)W0h4Sy7$!7{F@5nb&iq*A!}t^JWnsn74Fw
z(!8*uF}HU<;YOZI_2hlr#o<*R&UeT?7%K_c_`uX2TIXYZBTs*To1BXH8ID}>35mm#
z`2JxgGR(B}>L`|Q!}PR2zGmPx_?Fw(Br)=W+3kQaZqz!AV=;+C&#p&Ph#L=@>iuPs
zU$3|&g!FrN{KB7Jz==Q+*Zb_j>+KTnW&UbWeA%@H;Y?Bbnr``_O8%IW1rkDbLg2_+
zg_(&^I7r*1^?L=Vq}12t%TNNszKS#Vr=3pym1dIfrc%yYbk_RF_{h|PtcgS#gd=XU
zM3kxTdB>Ls56tZ=d*$MV(V<&!j_W8$Vv?V(PaV%v2qc{*;JEO;zV$X}zDD*D4GH2v
z<D93e6tX=%;N1<K|4dW)DWB~t-E^QFnops-KHQ?myC6vq9jZF%wjS1`u?IeVk`HkM
zr60t-G9VugM!%QUpb~wPzJCD!N<S4!L(KZy71uil@1kQ;Xy!ule$IJ?BqeMtl&tX~
z89x90*e&Gn;)QAikqx7S%RLja`n!F|xLCOH)uww_c~U2-mWmH~9+K!!x=fRJWmqAI
zL*v&bH>h&b>g7&zH%I+J)9cHgsE+0gl@r?!6aH+gS7ufo?;8<7d^vM!9$Yx8wH;r_
zuD*KSLG9?t%Md(TNMdQin;Q8M;(fd^ZeeGsDW-kHIu)vD#Rt*eTBeg0eWgrgntd!6
zbjsz?$=Bhjw0lj};bQn|;OQC7^mga{=j^Zlq16C+7|7<c+CxTUw4V_<g+lng>nu-q
zOY#L#pm&4;eeW_06`pnp_k>s|t-OQ*lTP+2GA?v*Jo}@p2XB0chtBGW2p_zuX{rA!
zN`RK!wfIZty=ouWk=^*uZy`GG)!3M(DC(dp&cD%{B20y1`aBu>7mnpG%%wiQUlO4|
z;8r_+#f78jzOV~<#68AkB7A}@FW~n3n8FPBPCs{xOq}`mU}4ib9HLs}wvQ*0>8oqJ
zXUZO}ZA-5cFrQc?ZErR#a<Ob{<-|*ICDl{7fo<4Mf{{1VCNsp*z3?X7BoQ@tVMiod
z$_f1AO)P`G!)MNor?||#r69Ih$04Y2YV}Y3Kb86x?iyeh$h+(1NHphG5;GNZc4yhF
zc~)|<rhPeLE_f^$_QFx;8mFavAUzKCxNG0R?Usk-*Jqh>kq7n&)P@FKpSTc~Eg~^g
z@U@5^5204l%XqY~*I0?ZW5)pOlc;xOdj3O)r?3%z0GIP3fTTrjKs$fK=pFWE0R8%C
zE@3HI(fOhRMJ|T{j!K*9jJ19zrcbdNhM_45rt8Oltjlw{Z&a?AkEyRevoZNz^JAMg
z{rB?=C$+UL1eq^U*IQPnqLFjQA4yf2(sWZW$r_uLA}~-~gb$*t_KqXJaP5}ziv7BR
zZy!EC(?%YDD8PbWYWnOQ9uHH-2hSf^cpO*USugHU{PnwFS(p*K%@lzJd24sLm@A54
zNDwA**q07bXPRz{AE#MJTIq-J6{uDAX;+AYj?M-PH<Ja5<Q$&MAe2(_W`vr7$R;Li
z|7<26-J(&uo{oh2pek062(Y<dHkJ~cq!asws&->Ue{%tnD#zf!F`aX48Q~5xqeTN)
zKsJ*&e)S}vAT-lmel9gKHhJlU;|mqy$S{FECi{LjX`SoWXq<Un6_~7hX|_kBA-11n
zWWyKmeG1stY6OO&J;Fu4i<KevrA@>Cg&Fi$o?H9*+0shDSlkoui5YGIX-e;Z(iDE-
ze;;h;Nw|yhDe_M+7(l+((4Jv-lMkrYn(!UN53cQQ*<@sh#a4@Day-Jkz=X}cxYGIh
zYAC-s&t52&m7fxCx}*qAR0q=y<jIx?a)i#6s-VAvE!vcq`UzHLwxB*-+)yI?QY&YC
zCYhKkGdO`w&*a<FH_ELwKlvsU_P1ll?p?0P#RI&h49xD9wI*KA5J0Xx{@^D|LGS+@
zp~Tu=2ZG$QJ`~8Br?AsdL?4WWN6LVt8f({bMA*JVfE{o8I6nV&%H+cYIJl472v{^%
ztj^CUV&bpRlEgzBgP$U_pYA$<y7^byBih$8UTANB5;Lta)c$ZS{tj7Za=EKQc}^Z*
znLv*diwwiB=RsV%qmW*k3RG!>xZSoC%>J@X*B?GMWTtSc6W3HgkMY6e<}He<4^5HR
zp|uX^$J50ZqPBc1C*a*9Y&MINj^I|m@HoGmSzX?LENXkJm|9rb><qNi2V+S=hdk?n
zS%i2+iPHG1H!U6n{z6zn$6^&O7bXz_X<|L+B$GJE$9%zikLPpPcJ3UlL`PPVvl3hk
zi&pFTNakXR2@ba)%GXau`V%iSMp%iwf)v}u6r<Zf@J4@IN4o$+@NXpEkG%y+%WEZ4
z+T>TX!uZk2-TGzke&o#SWAJ7q;Z@$1XiGu>!M%6$&41C?19m!YzzCv^yLmc^vi#GJ
z$4LkR@aVqT5QW2;$g7Fxz7irzLjpSyfPMz}gOILYN80<HkmBKS-M7E&8<9paJlFi#
z>*(d0yMHsVai*#KP01hri=q61KSN7A_k|$-1>_1ow@HY?Rk$t83ac=*vnDv4EVlix
zIIy}VRI1cp1{2QLNKiHh@UU1&b_dp1FIrnbF@^P9Obv>Yt~df~`svr3_l%_e{o&_u
z#O=UzeAyVk1{Vf4hnJ1Ce_(H}q>5MrPvTvS7XWsY60|crJfiBX%^z*<22u>V1B!p{
z_Iz9Zds5)ZJR_uhO_dq+DM0Q&omEUECTs9_e;#g}FW+z7M?n&k;5YL+KQS~uoZqcn
zwu8WrBkv!-Q6NJt6Yz|O8W>wAEw=-xbwMVDIdF8*-_HVEkh(s%CLWM`J)safWHl+O
zM|fv;{Fz!d5}nlo7WxCv{brz!kpOpoh`ttEB5?8AcwnSEj>O*$T#;}Ej*)yC^fCV5
z-ua)4Aed(i+xHV{dFS69Wh<p(<RZvRiM0>29)IA@KK`Nr=q!lCSey6<&JOf3Spl<>
zaJx4sxelGSoKmLR^>(i_?NLiFdD-e-^Ys>c1LzUvT<Q5Jq}-n`88pC=iwQuBpf6_4
za}_}OJ7EODT)|qEGg1DcACQ`W^*>2ueglmRQ%HlMz;LnAWp)d&siyI*9@*d5gM9qw
zq-s-MtV<klA^_x96FsB8?j$@|EJ0}|BZ~d~)tsV^M6JsCOycCc_ZqaVduzI}3l0vh
zZ)7BjOp0s<0R{%9XK9IVc1dv&5_{}$!#&5tw~TtftyzIc+HnlHZ$HC_#lhnXpTnK;
zDmpJdvWryo1-Tan6%5cMlSq99!jQBXpt;yQU;Vd{CKQtf<po*N@#q1HV$oDlDt`n&
z+Z@Cqpc@mf(cd0UcLr@C3=RE?X0>>?(HD)@V7nPISy`p{;CeY)p)XWzF+(@ryV&Re
zN1wqbmR$9j#6#Md>uBK`iPPaAXu;{|YeTARerI<mRy4WHJHz2Lj#*FDGOhMGX5*9g
zeee)W%8>Dh2nI&R_SBhjMuQ%BcmhT+6&00e)BSzb@{^TSAr>fNH|cLwZ>&LA7WVto
z7+j7AVF^E1*4O>=WK#6b;wbwv`Mm1$A8t-bmRdbR!`?EB*1DLs6)6|%bp@dmD10}K
zi<oeXC~QDMNB6f_sBQ1>hpDZt9WxC*6(HVIDqQm~({9WW8BEZh#!6j(>Q0B27f>^x
zIp5eBBXPdpVYJ;IMkq$7wB88fa=kjhutdA)Kx~6L0e$Sa<K2n2c^{CT)Y?$N`-f3J
z_qWuZ+uPHl<fS199mAJ<==Se-NOvJy)^hFE59WS+#re52HY^Drblg2Lfrhv{?l~=u
z6iFeT4gh^AnJi|Q)mAh3241&hLl0sR*soLLSg|?nljieP%QLL`+_8;E(jzB1i02E#
z3``9Bfg$Lp8<I(FEP5UP{#f$W)Ae3cx8>Fc29q;GXE(Q8uP0BnhEF0D>xQeI?Y;q~
zHcdw1@7V3GaADEkBU>`#b31zrfJ5mGCeWI;#ZfA*O}6DnlZYXbG0<pNL1@-mh8Iw;
zT0VLFdS}0L!o1Xa?*IM!=eYewyKO{R_gI1^$79jW0ohgj<va)KG)@Ot)pBhlr?x1M
z*xS)cAu;x*df^5ST_!evuLoC$O3-oJ>Pi%TBtDN|#$v-t<0;Z)u`0cW1tag5-Uz%e
zHwNIid^V`vAsC>N)_UwG`Xk{WSV5fiKqP`3m0$1bUC#67o2*wm3Uu3E8;xWHVA1Oa
zEckD@jg#$;yoTk3ks2NA86;U};O-aim6cxBRU>#2s-pN00PjQN(u!3o{U5zS{}))n
z)(o@6WqLZ9PZUH5{76IyFv6sIyoAl<9Hp_CC~{BWIT}bAm;XQ}om9_XO&sC7{r}p!
z&S<!zEu1Kk=#$ZVZ&4G5sL=@{1VO}z7SV|wy>~{7-U*^dl<1uhLiEn)-RO++Zq|E0
zBJ0hsJ2U6pd)L|f?DOsZD??f;IKTn^9_4<vFUhr_bjB(nA(5Dze9zvz2YlL93I~Q1
z%33WwocbP7)9iIa(|lF^5FHD*CB4zjz{D&dX5J&;3ADKMBbK!XSoFl**g=2lCAemC
z-*RI<D+!Oz7mSDc`ud|88ig+dgp*V<#3LAFLl-71P0MR)f~u+<6JxD!u05W+PgdBQ
z7H~($vZ`bnc4EIDD<*$kWgX$XCmJni1FL#FTc)qinJ7U!Tj$)JDe0$4%c_zHv<ZLr
z$UvS-+tGZy>l}xa(ZS$qBJ=LdEP>JHh*{4kF-lm2ONd+q#o|g|LLzFbED>VGF%w0l
zsX|UkNjXZJg#MUy`Gw1yI)?|cVI-YbsMBaJT}Zojn4gqP;m&l8LC-?#KJxg<{{2Uy
ziO3oFQ<gTr?xpTtwWVFp4&JUTpZN3XZ;D1hFuDBWe5sVMtmB;&n}ZysHEuHgvzwi?
z2ilsW6oC@<Em>}OSQ>=gERss?aTvs<=-DsL%<;!7i131ZpWC4k3#_pVY<*rSeyR}~
zs)L)I{nSZzxHpRkOBv6e?aA)p&5VaAI5f}J+eR#k;KPL5PSxD;p5p*){`~s5`h=&b
zlsTvIp}m}CFluGd>r#5_yXOu?s#5&dS}$Cu-w+T?rXW$w4c|AN;5S5R`yEgR_q+}B
zO`SVA@uOEGLPc-BA5gPGfGFcDH_PHHF35H7nW>ZH7HUdVWfy{)Yj6bz;E*;=8wktm
zL{-?He*7F6D!i4GGfH1=gmTg-d5yQ%B+^$}&NvPpU@-o4b5T(bOTdDA=YTTHm)<kB
z{R=5({>0RDb<eY?mPzI)<mSsC?W_i+TMyqjc>qy(AD;N+2WqMrnD&ko!ZD2m1+^N^
zS9QrC?m{px4?^+lbw<52DnV<}kEa`cvN)vK&U;!=y-!4jtdX?iM!(WUg38NzaVd_3
zH^p>G(}bPn-oGdN=&<)0XWFDMPSY9AdE$lae5cprx!6fcI8s;D#LX~tu<}T?@)cM8
zcy+f971tlm{zb}D7|h^^LJ2^=!+lXFoq#At&bit1nIUALRsz<SBKL7|{lAxk!Ig@b
z3_4^$@!HN}ojpX7@Tc9tstnJ-&M=a;{t^Zjm1JXe(?-(_O;3gfg-!lNr{$g@WonuJ
z6v5#*v-+kvEBaLOE2^i47%VEO-bt13T4x&{ZjK#GO@8GTay#MtqEU*GW7CCX@QveH
z%f1Z6CC@HgjUk{Oi_=JoS4!Z{k~;see|Rbnh{%Q2%}~>Z292MG$7bHM_0B0O@wJ3Q
zM*9mjqwGvqU}vSg=kY^X9wO?^d8N=4!}5245ZoOZa%iIB83@Udk1||nxf>i7(P<PV
z7C33YN@r)04YlOoM@nwJ;(}T;7p|*F#pmi5X%?}B5^<-}v&hQlm<_*ksV+@`a(Xse
zBtYj^``rkDT{cbzujYn*mBAda3JHNAsR;+)U{>Z*i#QaU;IcM6ff+HDn`B};t;%+Y
z@RZd-wg)mq%8V@IgdI2E&Y@`6uk0^76o~^b?qM;qn_<;CZ3TiD<-T~=Se`!?ll_er
zNg+nzhc$gO)^y(qn!?}uWz=G@&e0-;w{{$vfa<z{C7fu_kMB&?)NB;xO6xX$tP*}7
zNh=Zgu0PpeAocr1l?AIW>S$<ubF3uHaVtlYs7mWG<&xR(X9o8k!X7aWEB;WSU2)hM
zpXbF!oUCIYF9*-7lGnuD@80zE4+~AFzj%;a8*0Sb4o%isq!Bsi7n-oTbzIs$1MnV|
zt?CEeShnruYLJl|Ez@0)Q->y_p?5A>Y^SDOv%>Sr-Pt<B^+AI~0gKO&MfXiihxhX|
zKs$TwN+&J=RuqL5(9j5|4)sGxhghM>!B*4GE%~kXiQ-0qK))q(3B370ywQF-DYcxg
z2)mt4%`?;uj+xePjXT=qZ+*DWl#;o0*lL`u?8o7)G9)3L4?e7n7hPE00K%=k-c#)8
z0lr)rtZX4cpSuWMYHF}lPo&3FAVtuoE2(l#waT0r+IjM!I}(`C(((zAeLkG`l%_Z)
zhgXj!{cMlcL3(6fM?><O+b(rZR>Wn+TX9F0F;YsQ_a$tak4YfbQ@K~)xEb!BoeOk*
zU3oP48A@3%?Y=1WB^0V#V=WLuiGB}Prd=*VLjg1ZgTYAFPPQk}x5i7<gVgdPdA8=n
zlD>Zl2g??xG{0>Urpk?Tv}+~Rx0HNJO8V1dPb{2<IHb1LW#r=~yMMzNL0<xoR>g+j
z>HN4ygiH(gt~^Q4bhXC=_0P&(0U11qjeK+ZOj(?x%}JargDegy1@qeEbQ(5TgOFT!
zxN3gyh}p0$!1XB;3XSkkM)^oOb7i7eC9pjFJfrRx1vq^$K9a2jPQ5_xG!cV|^2PhK
z!bAiKY}Vkg9Qlaqjg(*$1X^rGd}EYx>RNxS_^aw*n~;di%&{q2kVt@E?F<7W!x5F8
z@`FAwaG(Kjr$8;|o)goK%>05lWSfKw7Cted{mm7LX_X_C=d?GM(@gvHf?5ujHgKX=
z$lu@pZSV4rWQgi6*nl4SI#<CU^#!zlBx3lBiBfKEYS*rqn`UvP)>q+cn)LMjqoZ;I
zKIdJklnT^FKCRWoRQ(GZQCcE@Etm%}o(E;NeAMpQdQKFdxdv0Z``3G+B#v!URTjrp
zk!ivvuHo|GR3Wbg#75O>3|Cl5))ed7A}Ar+xhvrONQ;02;kEwMr#Jv?ksFV>qFLq#
z>dGzn5UO@ZTCBDW3@v*o1j9nEM8H?EF%NfiPiPeSwApVXl{*h6{wN#;XVVzgI3f{4
z!|{=6&3JLd%jRe_(ld?*!)#$BJd&uB9f8s4inUN7-t6qI&6<tos}tRCHm5Ol6vjYL
z0=j3z0nAL60a~+lY-$aO!gf+pF!k{;PWN$_g9jLxVo^#7Jd68T(!nn#LiM@z<+9oW
z)EZxFhEogTdt6|oOu;9sc6`#sJtzWkX~Ol(U{CUH9;b4D&1`b-d=5p2Sgxz)>YWq2
zoo=g1n%wx<3>NFC6FWVR=gxCf*eu<P^vq{(#;3j}8U3Out^J-2ViVcwMZmJPlE=fP
zTkTtvQUp!g8Y|N}RdYF0#iim`NaMvJ<&q1+r{+xNM#NaY<Js7#wmkn`sw=Mo|7N42
zqVlmc*ig-=tDt@<R<p<vmqj_XfT80zv(o+<_{I9!WxbMVM@L72lA;VIX#VH0x6YF|
zS!>V<?vV2D^pGBAoUO;68J-vH!c8-hvy3af@zO{`Sw7nZI^xpT-|l<Y*NadHSmttb
z+x1*tqoA|DWK+QmDpbnixxR_PHf=~hf@^f3_V293XOq599Chwzi|!qr-8vnC>O<LV
zdcEX(%{O=J9QPuRx5jg3m8|SGkIVpIH^xF#JS+LZ8>n`j83WPn&i*#vU=wpvY?<_%
zL!&pbaiqGW&ZMoq-3p=mh6NN2TAwQs$?l4jef~T&6#567KnIBJ%m8d&ryrf0U)inV
zqCnC1e0P^n^0_~?T~*Kb`I~)oni3fGQdgALT1v;Ojo*1kO*#$lqrWB!n{bSk>KQpp
z(1Y?{-@7+wr=RUcev{#OIm8`Ctti6TRjQ3d*m~yXLQ{#@Ut**{tUFF6sM>eSn&sL9
zn_QevERP5t3?YdU;<o7pm_%nv@5fJ)b$0;e{vMtt&bYnos9@f05S+&yc7t`bGz5E(
ztlbQ>6Rhz(LotYbI2Ik~T6=-UUMjuEwk=ck=FWK#8m8RNRQmongrG0u{iMaMBY@5a
z>yI}J-8*^y%Qr$N4&_)Z7#+2@jMhhCFV-k`Vgj1Qc-8r7N^v}QLUQsfoa}=LSDiPo
znq7On<xdVeKnrNMQyMs4uSo{6UGL8%F-l6oPP%egZ{Y_Vab=k}moeN$X2UFXNYtaU
zhEP(N3k}ds{-puyiUW4Gpyi;MJV|_pJHoEv%#hMQFu-8C+6oX48f$)y7JX7Bt{}mn
zZ${Taw1!<jlalZC&ClzTCgG59_^<XSX9K6;`pEY%;Wsia!I6<&fZAz`=umVt3@%@q
z9@I+1(5+!X%$y%`&{>`zD4ktEItKS`i?u7>r18A$ARlaSy+eUIpBy=#G|k9qwVyjX
z=quA${+PQg!Dn^haI|%rEL$JZzrFJD*I1FMGxl7)bJ>^x3kP<IE>__g#0-G}b#**g
zj^g<8NAtoFztBD%RSb?A*U&>W5hlbdJtcLd3@K+^+nuc;jen#isj3R^JeFyx{kZc5
zn@mMERU<e!l)~tBoZuA4E@-k(mP+YB-6iY}8#lWhRU`6Zi=$LA^&61pYxzbroxr@r
z4c&2P3eUhGOUP{%w|Y<EWvh~ZJj7}WQ6XQn<$GCS)XixqO~Gy*o8mRoF;P&VU1wQX
zry)ZGZ!{?m3$}}S$jdE$mm9&KEF#}243sZuOmgJxJuX4L8Y#TbARo~Nr(dM#W)N3!
z4~y-Fxf77_-mz&Gn;0Qtgs?!<i#K}bG6Y|2ZC#n$#Br;4ao6{!G<!$mTebQ|ja(T6
zWw-h7@!OQ5I2w_11$F)aHuQ(4KoAMv_@T~%5DsjkuJG!KdIbt5L{>*s?Pv!yPUm|9
zk~DgV24~Xm$7Rzei^(u>bC+i#YVJ*=gv|PMtsVL&ZoR;PG?6UD*w2L42)UT8#C-K9
zQ=a*JkW{OOs2@Qwj@A@UAERO6Z;xLElW@Puy&;v)5K6Ot(_A|6ZFjbQ!`%+K<UsT>
zc<<&?G_GEp;B#$Ac`W_AsYgUk2h(7Dl+rB|O(fL2Ez&6JMd|xA#fgn6GO<U>0v44V
zBA2r=-l7N6qM{;W(!&`chtE#R$b>SRu{kr!bfXr;8=)w8aP8r!R>ehxhvGPkEKF%4
zxqv;}*iI`{2*1OX*Yi>+Jhb5oa}f@|u0>Acr2;UmQ|j=*q>uOQGcTwQvn&<lW!Z5R
zGjSqkB&94#sb23VzBJQs@-q(^ev`?jQi!=7zjTg_HdmGjSy*V|_<giK3I1K((n9jN
zx$irI%Ehz|1KP)e+9R7kONdza@Nm}*FE3R;F#=^h7y5C{i;#QBXK5_s-#NoJfMe%C
zhL+G6au_9X?QLn!;|3y^tqu1w_1%qU$Q}#h5w)SfSt7GzSJY)*Nvr+*Gc1^pK{b&S
zRA)@U<kx%&#mN2<o1Y0-Jtk`Ha)fPg*M0%o`k=(JK-iM$Kx&8&I+nSxDCk~*&o;aL
zL5E^^I9VZkUv7_7-L@kG`=(6zW1GtTuaS6)TH}Cbj3b}aDCSqHS0DItAgYB>E*EA*
zo1NI7QsIGeO3{uJ;@g{+Q2I1-6=Lj_Qf)PDe$iSp=MEmXxeNrg2Tga>gj*@xTyN&`
zg@Py%M=?$*q~x*ELHLv9;KjnXtx_CLC9q18lGjzg`E3#3q8)sYNaSYXV}yvf_+9BB
zyitA|hV7m!M)rPgSY7ePPPk$2MJ%cd^?hwSAhF4*Y>DU8@3@iM?wy#^34+ONO~v8r
zw0U&Llt}Sh$m7C+7!gjEDr$mlEJ1Vlp@y$iwUwBs%F1Ypb|Yet*FP{2F{<^k5N-kc
zteh5DJ}9WnqZr!tqRw&|B_VN>7@)X&b{UI+;F`{`Z5s=>A_@MnJ>vtxyphs)^1GJd
zH8o}P!^a+m`q)R$Dz|<XWr)Z}mo({P44_hFDhxa6%wobnY>jcLbL85u4IrW<tdma6
zqA_3Dc>^`;{O>8UvaI|}dQ$6x%-&@+Y;ZbQR)n&$+|al#gP`ZkH)SvLLS+waW@>$G
z@Ts2R5fDJTjfu7_bWfiO95-My<tZib<r%~pF{NquZVbQ92nNeV^M7D|9yfSo@RAAh
zQ>8t-W10e}_4x^XbfdWS>;*U`eGBnRqDVyQBr5vD@usFDk%E4%_W1eL>AVHDpaI<u
z+pA)>-cODd@9XX>YZhrrpC7F335S3EHBdntY4%0H;62Qk-o1ZwR6#{WF0VJ9j+<7o
zk7Z+z$#L#8H08)vYaF{^L+8nGoaN)WuVvBq(MOB4Y83pK*%xHs1$y<>8^0e19wcv@
zF-Ta96&LQ(`$dm1bAuO|N;wS}j(c6Z&R}&epnUb0M~;iT+uN3ckmYOy0?uz6!#yxn
zWx~ICalA#*y~@nR)$h>Y$oU*s`?S9S-+*B}-ldv!9*clRV-0?uNLCS@oczW2ebVnd
zHN;{Nax4B(fmU-9`*r_hNQy$JP=)#E7n9IOAf1T1JQ(P}-+3roR@3_mSc8!WMzpnb
zF*km^3`fiDi3+`06X!>#!q;P`b(hwAP1TX$jiPT_t5M8hq+2j$hSVRmp>Xz6E^^W>
zyPun6eRc@Xht_iDk|BNle0&tBUE)V=mG7V>`nwk7^Szp1);)H=wI0mXQ9ij&!=Um3
zOcwHFnAJZ2n81qw|G05HQB*ynkE@cz3!6)2a#6d22a3_pnppOAi}Vj1Zw_CsnGC%l
z>Fd;_#|MG1wG~>_?kgm>_?J8&q*uh~8PKbHdwq$CKO~yJK8;o`%^w^==fg>;P{<aU
zW{^blL&H+XyGQy~biFsm*9gFrZz-Kt!y{wBY7@odCXaTW)G|8n{ZQpR=?-c)7^CTO
z^+oZ76AtO`-)g5rLHly5^hEVmL=GJ+l~AUIL5y9NZ7S$o(Aj#tQ2CP~33hhAfh>{s
zu3JH-cOERe0^01sC86mHENI(6tJmFCHD=vyvcl1RFN%J|{Er}Hbj2~@Ueq*|kc2Ve
z!e!5S^daM#e3OLnG|DIx#hY3vbQwvTdfHJUZ<|0TE@AR(3A5~WULTV!7MeS+fy)dj
zT1^18SLU<3bYf`|KYZ+3P~L}k*6t3Vr(y{a*wXY6A3h63*<y>Ft`vI5|LwH_u8pw(
zAIYTTQ`$G}Oxu^^d)3D++C99*_b<ha4E#hN7vB%Z>O$Yc8o){=cuIS4<-He#f8a{j
z>47m&J6sV<K%+Y$dkez#fC0KLhZy{vRB>@bU5uWbL|9SoGbLY5v6@o07ya!5gSUtQ
z+Kqiwi;K{0wdYwR@Ox~|*<n}bmcV<WkfWpEbiL%9vcC0(A@&pBzZi*bo=`~B@!`OC
z{5m7A@7*d*53ro#{`%h=gDM^1zaUzMZktT{Z4Aftz(wn;yO$eh5$|wr`85}AFq#gv
zqxjcWlMaNE8vw}rsKU!M+w0{^L#oz)XbXR)^5+F(j}CjP@C@=bgVM<~4%OotYU!hn
z!e{?>WA$udT)P)woJcs|-N3{)nHpV>$DzAX&1@;qn+7u+3WHDn=}ps80mLWRZ6kjW
zmpmbLs^e!5*bJJMJdqlh0E=ARq@c~uG0sdpO7UW)?E?I1>z^l6X*t(q2Qu8f7EtK(
zv}f1wv^|0t-yMyrAI_IEcim*cckW=gD#}P|Kn+;6L_d|^%I;!<+W`L3AA-_X3&Q5y
z+rbw3Q&}grP32vdd5}trq67P&K;+(X`&rNBy~V3ml;0`v%%<ik))s(SjmFlxQ&dV7
zPA=}%U_Vu#aJ7xXDNeez_6iH)Kr)MchR<sEW<#ULReI?jc)E79&t;|(AA9zaJj&~k
zhp7G|uLR<4#^1#F@W5x!-0E4feT$y1Qulx!2zlogkJ0&9{&8he8mz4-_3K`^)@d!#
zsgvT|I8kUuIdn^Kd&DQy_c#4bv}GwY#K=?RnHT)k7uip*Ul_0|CAtv)!*vkA>KY5p
zJiIU|4xr9y=FWfD!n~p<q<2GK#`yN;Z#hDh+LD2(L{}wclUgW>DBT$US^t6Gl@^hs
zg=iU&xyjA#5W?DHNx7Yj#RTsLX!~OcJymbEPkDl`RG+~LD^!0nNJ>y$?al@ebXYS-
znb@qmORP+@tVU;)k1@;Vi)?XuE4uHw;NEf$-@`h+^kmDBw;{e{Elt>OAzu5ez@xg(
z;~_H#uAynw^F6yfN?1oS{j*jmMQ;L@)7W?7rCZi*D&lhOrGIb2<-336R14i#oLgr<
zT>cMZFrp_7&jO1w%-FK^_aspTU=j_J-Wc>2a%HmR0XF{(4i}9@f;Rvd^sQ{>C*-(9
z7VLfr=ibijbBzSVu&7|}_H808zXopnVQ28EO8ftI{(X=m&0%o~UTnsR49%p=N&WH_
zBw`IouF%8khrZ;4d@HWVOG8Ewjy25#-M{kPBV9ekT%vbF&|j@O$}~~8t+95y;u<LZ
zO+5v=`G*UBicQoPsBt^#3BIxl6){>-_4)2q1~+Hx_9ne)OW0peXgT*kWL=XU2wFY7
z13Ykn4asZMCF1T`=M@Di{wIfhfd{zr4}Fa8VQVm4!_rIq2%hmY7Olp*b8qH5*FduR
z)rGj{1||-q+B2=&l#o6H7yplZT>}qf{E@H8ztDlNe(0UjoEhl1UKz--r_2AtJ{zEg
z<G=UHzoY(}j87N#=X3=T5&ToV?r+)jziXe=Klu>(^4{bB1ZDicv467MVr5lD!*B2N
j+Z6!*`$`{@TW;<YY)Yav<NIyi0X~YdDl(-~Z+-s*ubVzm


From afc1d5e4c6801e987233b5426f6877e1fe398151 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 20 Feb 2023 16:22:16 +0800
Subject: [PATCH 091/760] [KYUUBI #4372] Support to return null value for
 OperationsResource rowset

### _Why are the changes needed?_

With restful api, for query `select cast(null as int) c1`

#### Before
the result is `0`

#### After
the result is `null`.
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4372 from turboFei/null_value.

Closes #4372

b15f1eb12 [fwang12] nit
5f1685591 [fwang12] fix
45c60dded [fwang12] check is set

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../server/api/v1/OperationsResource.scala    | 42 +++++++++++++++----
 .../api/v1/OperationsResourceSuite.scala      | 24 +++++++++++
 2 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index 99f1afdc3..015da7657 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -183,19 +183,47 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
             i.getSetField.name(),
             i.getSetField match {
               case TColumnValue._Fields.STRING_VAL =>
-                i.getStringVal.getFieldValue(TStringValue._Fields.VALUE)
+                if (i.getStringVal.isSetValue) {
+                  i.getStringVal.getFieldValue(TStringValue._Fields.VALUE)
+                } else {
+                  null
+                }
               case TColumnValue._Fields.BOOL_VAL =>
-                i.getBoolVal.getFieldValue(TBoolValue._Fields.VALUE)
+                if (i.getBoolVal.isSetValue) {
+                  i.getBoolVal.getFieldValue(TBoolValue._Fields.VALUE)
+                } else {
+                  null
+                }
               case TColumnValue._Fields.BYTE_VAL =>
-                i.getByteVal.getFieldValue(TByteValue._Fields.VALUE)
+                if (i.getByteVal.isSetValue) {
+                  i.getByteVal.getFieldValue(TByteValue._Fields.VALUE)
+                } else {
+                  null
+                }
               case TColumnValue._Fields.DOUBLE_VAL =>
-                i.getDoubleVal.getFieldValue(TDoubleValue._Fields.VALUE)
+                if (i.getDoubleVal.isSetValue) {
+                  i.getDoubleVal.getFieldValue(TDoubleValue._Fields.VALUE)
+                } else {
+                  null
+                }
               case TColumnValue._Fields.I16_VAL =>
-                i.getI16Val.getFieldValue(TI16Value._Fields.VALUE)
+                if (i.getI16Val.isSetValue) {
+                  i.getI16Val.getFieldValue(TI16Value._Fields.VALUE)
+                } else {
+                  null
+                }
               case TColumnValue._Fields.I32_VAL =>
-                i.getI32Val.getFieldValue(TI32Value._Fields.VALUE)
+                if (i.getI32Val.isSetValue) {
+                  i.getI32Val.getFieldValue(TI32Value._Fields.VALUE)
+                } else {
+                  null
+                }
               case TColumnValue._Fields.I64_VAL =>
-                i.getI64Val.getFieldValue(TI64Value._Fields.VALUE)
+                if (i.getI64Val.isSetValue) {
+                  i.getI64Val.getFieldValue(TI64Value._Fields.VALUE)
+                } else {
+                  null
+                }
             })
         }).asJava)
       })
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
index 238203b0b..328d012a7 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
@@ -126,6 +126,30 @@ class OperationsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper
     assert(logRowSet.getRowCount == 1)
   }
 
+  test("test get result row set with null value") {
+    val opHandleStr = getOpHandleStr(
+      s"""
+         |select
+         |cast(null as string) as c1,
+         |cast(null as boolean) as c2,
+         |cast(null as byte) as c3,
+         |cast(null as double) as c4,
+         |cast(null as short) as c5,
+         |cast(null as int) as c6,
+         |cast(null as bigint) as c7
+         |""".stripMargin)
+    checkOpState(opHandleStr, FINISHED)
+    val response = webTarget.path(
+      s"api/v1/operations/$opHandleStr/rowset")
+      .queryParam("maxrows", "2")
+      .queryParam("fetchorientation", "FETCH_NEXT")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(200 == response.getStatus)
+    val logRowSet = response.readEntity(classOf[ResultRowSet])
+    assert(logRowSet.getRows.asScala.head.getFields.asScala.forall(_.getValue == null))
+    assert(logRowSet.getRowCount == 1)
+  }
+
   def getOpHandleStr(statement: String = "show tables"): String = {
     val sessionHandle = fe.be.openSession(
       HIVE_CLI_SERVICE_PROTOCOL_V2,

From 0dce65d3867e728fdd6b6894ae4efcd6ff4f7362 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 20 Feb 2023 17:05:32 +0800
Subject: [PATCH 092/760] [KYUUBI #4373] Using SVN_STAGING_REPO instead of
 SVN_STAGING_REPO in the release script to fix echo message

### _Why are the changes needed?_

The uploading destination is the svn repo location, not the local temp folder.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4373 from pan3793/minor.

Closes #4373

96aa1d4c9 [Cheng Pan] Fix echo messeage in release script

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/release/release.sh b/build/release/release.sh
index 4afac3865..504bcfaf1 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -85,7 +85,7 @@ upload_svn_staging() {
 
   svn add "${SVN_STAGING_DIR}/${RELEASE_TAG}"
 
-  echo "Uploading release tarballs to ${SVN_STAGING_DIR}/${RELEASE_TAG}"
+  echo "Uploading release tarballs to ${SVN_STAGING_REPO}/${RELEASE_TAG}"
   (
     cd "${SVN_STAGING_DIR}" && \
     svn commit --username "${ASF_USERNAME}" --password "${ASF_PASSWORD}" --message "Apache Kyuubi ${RELEASE_TAG}"

From ae374c1b3064b3278f23924a48eaff344f648676 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 20 Feb 2023 19:31:30 +0800
Subject: [PATCH 093/760] [KYUUBI #4152][FOLLOWUP] LDAP configurations should
 be server-only

### _Why are the changes needed?_

Filter out the LDAP configurations to suppress potential security issues.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4383 from pan3793/auth-conf.

Closes #4152

032245f8 [Cheng Pan] [KYUUBI #4152] LDAP configurations should be server-only

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 05b6a056f..fcf50ffa8 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -773,6 +773,7 @@ object KyuubiConf {
       .doc("User-defined authentication implementation of " +
         "org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider")
       .version("1.3.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -780,6 +781,7 @@ object KyuubiConf {
     buildConf("kyuubi.authentication.ldap.url")
       .doc("SPACE character separated LDAP connection URL(s).")
       .version("1.0.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -788,6 +790,7 @@ object KyuubiConf {
       .withAlternative("kyuubi.authentication.ldap.base.dn")
       .doc("LDAP base DN.")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -795,6 +798,7 @@ object KyuubiConf {
     buildConf("kyuubi.authentication.ldap.domain")
       .doc("LDAP domain.")
       .version("1.0.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -804,6 +808,7 @@ object KyuubiConf {
         "this directory. Use %s where the actual group name is to be substituted for. " +
         "For example: CN=%s,CN=Groups,DC=subdomain,DC=domain,DC=com.")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -813,6 +818,7 @@ object KyuubiConf {
         "Use %s where the actual group name is to be substituted for. " +
         "For example: CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com.")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -821,6 +827,7 @@ object KyuubiConf {
       .doc("COMMA-separated list of LDAP Group names (short name not full DNs). " +
         "For example: HiveAdmins,HadoopAdmins,Administrators")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .toSequence()
       .createWithDefault(Nil)
@@ -830,6 +837,7 @@ object KyuubiConf {
       .doc("COMMA-separated list of LDAP usernames (just short names, not full DNs). " +
         "For example: hiveuser,impalauser,hiveadmin,hadoopadmin")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .toSequence()
       .createWithDefault(Nil)
@@ -839,6 +847,7 @@ object KyuubiConf {
       .doc("LDAP attribute name whose values are unique in this LDAP server. " +
         "For example: uid or CN.")
       .version("1.2.0")
+      .serverOnly
       .stringConf
       .createWithDefault("uid")
 
@@ -848,6 +857,7 @@ object KyuubiConf {
         "names for the user, group, and contact objects that are members of the group. " +
         "For example: member, uniqueMember or memberUid")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createWithDefault("member")
 
@@ -857,6 +867,7 @@ object KyuubiConf {
         "a direct member, except for the primary group, which is represented by the " +
         "primaryGroupId. For example: memberOf")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -865,6 +876,7 @@ object KyuubiConf {
       .doc("LDAP attribute name on the group entry that is to be used in LDAP group searches. " +
         "For example: group, groupOfNames or groupOfUniqueNames.")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createWithDefault("groupOfNames")
 
@@ -878,6 +890,7 @@ object KyuubiConf {
         "(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)" +
         "(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com))))`")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -889,6 +902,7 @@ object KyuubiConf {
         "the user being authenticated will be used as the bind user. " +
         "For example: CN=bindUser,CN=Users,DC=subdomain,DC=domain,DC=com")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -898,6 +912,7 @@ object KyuubiConf {
         "user being authenticated. If the username is specified, this parameter must also be " +
         "specified.")
       .version("1.7.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -905,6 +920,7 @@ object KyuubiConf {
     buildConf("kyuubi.authentication.jdbc.driver.class")
       .doc("Driver class name for JDBC Authentication Provider.")
       .version("1.6.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -912,6 +928,7 @@ object KyuubiConf {
     buildConf("kyuubi.authentication.jdbc.url")
       .doc("JDBC URL for JDBC Authentication Provider.")
       .version("1.6.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -919,6 +936,7 @@ object KyuubiConf {
     buildConf("kyuubi.authentication.jdbc.user")
       .doc("Database user for JDBC Authentication Provider.")
       .version("1.6.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -926,6 +944,7 @@ object KyuubiConf {
     buildConf("kyuubi.authentication.jdbc.password")
       .doc("Database password for JDBC Authentication Provider.")
       .version("1.6.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -937,6 +956,7 @@ object KyuubiConf {
         "The SQL statement must start with the `SELECT` clause. " +
         "Available placeholders are `${user}` and `${password}`.")
       .version("1.6.0")
+      .serverOnly
       .stringConf
       .createOptional
 
@@ -975,6 +995,7 @@ object KyuubiConf {
       " <li>auth-conf - authentication plus integrity and confidentiality protection. This is" +
       " applicable only if Kyuubi is configured to use Kerberos authentication.</li> </ul>")
     .version("1.0.0")
+    .serverOnly
     .stringConf
     .checkValues(SaslQOP.values.map(_.toString))
     .transform(_.toLowerCase(Locale.ROOT))

From e5ade907f4fcec0a1a093ac57c3335530aa61779 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Tue, 21 Feb 2023 08:44:20 +0800
Subject: [PATCH 094/760] [KYUUBI #4352] Support System.gc() with periodic GC
 interval

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4382 from lightning-L/kyuubi-4352.

Closes #4352

2beb1ef40 [Tianlin Liao] update config name
a9eb126d8 [Tianlin Liao] update config setting
75cdfbb02 [Tianlin Liao] [KYUUBI #4352] Support System.gc() with periodic GC interval

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                   | 25 ++++++-----
 .../org/apache/kyuubi/config/KyuubiConf.scala |  8 ++++
 .../apache/kyuubi/server/KyuubiServer.scala   |  3 ++
 .../kyuubi/server/PeriodicGCService.scala     | 45 +++++++++++++++++++
 4 files changed, 69 insertions(+), 12 deletions(-)
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/server/PeriodicGCService.scala

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 1e0567860..3603ac8f2 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -449,18 +449,19 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Server
 
-|                           Key                            |      Default      |                                                                                                                    Meaning                                                                                                                     |  Type  | Since |
-|----------------------------------------------------------|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------|
-| kyuubi.server.batch.limit.connections.per.ipaddress      | &lt;undefined&gt; | Maximum kyuubi server batch connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                           | int    | 1.7.0 |
-| kyuubi.server.batch.limit.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int    | 1.7.0 |
-| kyuubi.server.batch.limit.connections.per.user.ipaddress | &lt;undefined&gt; | Maximum kyuubi server batch connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                | int    | 1.7.0 |
-| kyuubi.server.info.provider                              | ENGINE            | The server information provider name, some clients may rely on this information to check the server compatibilities and functionalities. <li>SERVER: Return Kyuubi server information.</li> <li>ENGINE: Return Kyuubi engine information.</li> | string | 1.6.1 |
-| kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int    | 1.6.0 |
-| kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int    | 1.6.0 |
-| kyuubi.server.limit.connections.per.user.ipaddress       | &lt;undefined&gt; | Maximum kyuubi server connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                      | int    | 1.6.0 |
-| kyuubi.server.limit.connections.user.unlimited.list                         || The maximum connections of the user in the white list will not be limited.                                                                                                                                                                     | seq    | 1.7.0 |
-| kyuubi.server.name                                       | &lt;undefined&gt; | The name of Kyuubi Server.                                                                                                                                                                                                                     | string | 1.5.0 |
-| kyuubi.server.redaction.regex                            | &lt;undefined&gt; | Regex to decide which Kyuubi contain sensitive information. When this regex matches a property key or value, the value is redacted from the various logs.                                                                                              || 1.6.0 |
+|                           Key                            |      Default      |                                                                                                                    Meaning                                                                                                                     |   Type   | Since |
+|----------------------------------------------------------|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.server.batch.limit.connections.per.ipaddress      | &lt;undefined&gt; | Maximum kyuubi server batch connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                           | int      | 1.7.0 |
+| kyuubi.server.batch.limit.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int      | 1.7.0 |
+| kyuubi.server.batch.limit.connections.per.user.ipaddress | &lt;undefined&gt; | Maximum kyuubi server batch connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                | int      | 1.7.0 |
+| kyuubi.server.info.provider                              | ENGINE            | The server information provider name, some clients may rely on this information to check the server compatibilities and functionalities. <li>SERVER: Return Kyuubi server information.</li> <li>ENGINE: Return Kyuubi engine information.</li> | string   | 1.6.1 |
+| kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int      | 1.6.0 |
+| kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int      | 1.6.0 |
+| kyuubi.server.limit.connections.per.user.ipaddress       | &lt;undefined&gt; | Maximum kyuubi server connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                      | int      | 1.6.0 |
+| kyuubi.server.limit.connections.user.unlimited.list                         || The maximum connections of the user in the white list will not be limited.                                                                                                                                                                     | seq      | 1.7.0 |
+| kyuubi.server.name                                       | &lt;undefined&gt; | The name of Kyuubi Server.                                                                                                                                                                                                                     | string   | 1.5.0 |
+| kyuubi.server.periodicGC.interval                        | PT30M             | How often to trigger a garbage collection.                                                                                                                                                                                                     | duration | 1.7.0 |
+| kyuubi.server.redaction.regex                            | &lt;undefined&gt; | Regex to decide which Kyuubi contain sensitive information. When this regex matches a property key or value, the value is redacted from the various logs.                                                                                                || 1.6.0 |
 
 ### Session
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index fcf50ffa8..faa86b203 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2412,6 +2412,14 @@ object KyuubiConf {
       .regexConf
       .createOptional
 
+  val SERVER_PERIODIC_GC_INTERVAL: ConfigEntry[Long] =
+    buildConf("kyuubi.server.periodicGC.interval")
+      .doc("How often to trigger a garbage collection.")
+      .version("1.7.0")
+      .serverOnly
+      .timeConf
+      .createWithDefaultString("PT30M")
+
   val OPERATION_SPARK_LISTENER_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.operation.spark.listener.enabled")
       .doc("When set to true, Spark engine registers an SQLOperationListener before executing " +
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index a27e18bbf..e81240a96 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -169,6 +169,9 @@ class KyuubiServer(name: String) extends Serverable(name) {
     val kinit = new KinitAuxiliaryService()
     addService(kinit)
 
+    val periodicGCService = new PeriodicGCService
+    addService(periodicGCService)
+
     if (conf.get(MetricsConf.METRICS_ENABLED)) {
       addService(new MetricsSystem)
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/PeriodicGCService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/PeriodicGCService.scala
new file mode 100644
index 000000000..a4035b689
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/PeriodicGCService.scala
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server
+
+import java.util.concurrent.TimeUnit
+
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.service.AbstractService
+import org.apache.kyuubi.util.ThreadUtils
+
+class PeriodicGCService(name: String) extends AbstractService(name) {
+  def this() = this(classOf[PeriodicGCService].getSimpleName)
+
+  private val gcTrigger = ThreadUtils.newDaemonSingleThreadScheduledExecutor("periodic-gc-trigger")
+
+  override def start(): Unit = {
+    startGcTrigger()
+    super.start()
+  }
+
+  override def stop(): Unit = {
+    super.stop()
+    ThreadUtils.shutdown(gcTrigger)
+  }
+
+  private def startGcTrigger(): Unit = {
+    val interval = conf.get(KyuubiConf.SERVER_PERIODIC_GC_INTERVAL)
+    gcTrigger.scheduleWithFixedDelay(() => System.gc(), interval, interval, TimeUnit.MILLISECONDS)
+  }
+}

From 7eac6ea0f9437386d1ba2b58902269187e6a52c5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 21 Feb 2023 09:47:45 +0800
Subject: [PATCH 095/760] [KYUUBI #4385] [DOCS] Refine release process

### _Why are the changes needed?_

Refine the release process docs, including

- rename "major release" to "feature release", the latter is more meaningful
- clarify the release manager should commit first, then go back to continue the rest release process.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
<img width="1377" alt="image" src="https://user-images.githubusercontent.com/26535726/220105136-37b65fe6-0217-4e59-8736-9a0375da84c0.png">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4385 from pan3793/release-doc.

Closes #4385

b8c5089d [Cheng Pan] [DOCS] Refine release process

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/community/release.md | 46 +++++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 14 deletions(-)

diff --git a/docs/community/release.md b/docs/community/release.md
index ffbdda9c1..163c575ff 100644
--- a/docs/community/release.md
+++ b/docs/community/release.md
@@ -43,7 +43,7 @@ The release process consists of several steps:
 
 1. Decide to release
 2. Prepare for the release
-3. Cut branch off for __major__ release
+3. Cut branch off for __feature__ release
 4. Build a release candidate
 5. Vote on the release candidate
 6. If necessary, fix any issues and go back to step 3.
@@ -153,12 +153,12 @@ gpg --keyserver hkp://keyserver.ubuntu.com --send-keys ${PUBLIC_KEY} # send publ
 gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys ${PUBLIC_KEY} # verify
 ```
 
-## Cut branch if for major release
+## Cut branch if for feature release
 
 Kyuubi use version pattern `{MAJOR_VERSION}.{MINOR_VERSION}.{PATCH_VERSION}[-{OPTIONAL_SUFFIX}]`, e.g. `1.7.0`.
-__Major Release__ means `MAJOR_VERSION` or `MINOR_VERSION` changed, and __Patch Release__ means `PATCH_VERSION` changed.
+__Feature Release__ means `MAJOR_VERSION` or `MINOR_VERSION` changed, and __Patch Release__ means `PATCH_VERSION` changed.
 
-The main step towards preparing a major release is to create a release branch. This is done via standard Git branching
+The main step towards preparing a feature release is to create a release branch. This is done via standard Git branching
 mechanism and should be announced to the community once the branch is created.
 
 > Note: If you are releasing a patch version, you can ignore this step.
@@ -171,29 +171,47 @@ After cutting release branch, don't forget bump version in `master` branch.
 
 > Don't forget to switch to the release branch!
 
-1. Set environment variables.
+- Set environment variables.
 
 ```shell
 export RELEASE_VERSION=<release version, e.g. 1.7.0>
 export RELEASE_RC_NO=<RC number, e.g. 0>
+export NEXT_VERSION=<e.g. 1.7.1>
 ```
 
-2. Bump version.
+- Bump version, and create a git tag for the release candidate.
+
+Considering that other committers may merge PRs during your release period, you should accomplish the version change
+first, and then come back to the release candidate tag to continue the rest release process.
+
+The tag pattern is `v${RELEASE_VERSION}-rc${RELEASE_RC_NO}`, e.g. `v1.7.0-rc0`
+
+> NOTE: After all the voting passed, be sure to create a final tag with the pattern: `v${RELEASE_VERSION}`
 
 ```shell
+# Bump to the release version
 build/mvn versions:set -DgenerateBackupPoms=false -DnewVersion="${RELEASE_VERSION}"
-
 git commit -am "[RELEASE] Bump ${RELEASE_VERSION}"
-```
 
-3. Create a git tag for the release candidate.
+# Create tag
+git tag v${RELEASE_VERSION}-rc${RELEASE_RC_NO}
 
-The tag pattern is `v${RELEASE_VERSION}-rc${RELEASE_RC_NO}`, e.g. `v1.7.0-rc0`
+# Prepare for the next development version
+build/mvn versions:set -DgenerateBackupPoms=false -DnewVersion="${NEXT_VERSION}-SNAPSHOT"
+git commit -am "[RELEASE] Bump ${NEXT_VERSION}-SNAPSHOT"
 
-> NOTE: After all the voting passed, be sure to create a final tag with the pattern: `v${RELEASE_VERSION}`
+# Push branch to apache remote repo
+git push apache
+
+# Push tag to apache remote repo
+git push apache v${RELEASE_VERSION}-rc${RELEASE_RC_NO}
+
+# Go back to release candidate tag 
+git checkout v${RELEASE_VERSION}-rc${RELEASE_RC_NO}
+```
 
-4. Package the release binaries & sources, and upload them to the Apache staging SVN repo. Publish jars to the Apache
-   staging Maven repo.
+- Package source and binary artifacts, and upload them to the Apache staging SVN repo. Publish jars to the Apache
+  staging Maven repo.
 
 ```shell
 build/release/release.sh publish
@@ -201,7 +219,7 @@ build/release/release.sh publish
 
 To make your release available in the staging repository, you must close the staging repo in the [Apache Nexus](https://repository.apache.org/#stagingRepositories). Until you close, you can re-run deploying to staging multiple times. But once closed, it will create a new staging repo. So ensure you close this, so that the next RC (if need be) is on a new repo. Once everything is good, close the staging repository on Apache Nexus.
 
-5. Generate a pre-release note from GitHub for the subsequent voting.
+- Generate a pre-release note from GitHub for the subsequent voting.
 
 Goto the [release page](https://github.com/apache/kyuubi/releases) and click the "Draft a new release" button, then it would jump to a new page to prepare the release.
 

From 89cc8c1679590cc7032a4056004424fe5ed721f9 Mon Sep 17 00:00:00 2001
From: Hanna Liashchuk <g.liashchuk@temabit.com>
Date: Tue, 21 Feb 2023 10:17:34 +0800
Subject: [PATCH 096/760] [KYUUBI #4267] Show warning if SessionHandle is
 invalid

### _Why are the changes needed?_
If SessionManager tries to close a session, that was previously closed - it throws an error `org.apache.kyuubi.KyuubiSQLException: Invalid SessionHandle` which causes spark session exit with non-zero code.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4386 from hanna-liashchuk/catch-invalid-sessionhandle.

Closes #4267

bf364bad [Hanna Liashchuk] Show warning if SessionHandle is invalid

Authored-by: Hanna Liashchuk <g.liashchuk@temabit.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/session/SparkSQLSessionManager.scala      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
index 76c6a6505..cb8702df3 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
@@ -164,7 +164,12 @@ class SparkSQLSessionManager private (name: String, spark: SparkSession)
         }
       }
     }
-    super.closeSession(sessionHandle)
+    try {
+      super.closeSession(sessionHandle)
+    } catch {
+      case e: KyuubiSQLException =>
+        warn(s"Error closing session ${sessionHandle}", e)
+    }
     if (shareLevel == ShareLevel.CONNECTION) {
       info("Session stopped due to shared level is Connection.")
       stopSession()

From 81f16dfb17d9e30bc86f137e2d2c0c9dce7ef8d1 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 21 Feb 2023 10:26:47 +0800
Subject: [PATCH 097/760] [KYUUBI #4374] Release uploading should include
 kyuubi-spark-connector-hive

### _Why are the changes needed?_

The module is missed because it's only included when `spark-3.3` is activated.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4374 from pan3793/release.

Closes #4374

ffc0dc22 [Cheng Pan] fix
d21738f1 [Cheng Pan] Release uploading should include kyuubi-spark-connector-hive

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/build/release/release.sh b/build/release/release.sh
index 504bcfaf1..fefcce6a9 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -94,8 +94,6 @@ upload_svn_staging() {
 }
 
 upload_nexus_staging() {
-  ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided \
-    -s "${KYUUBI_DIR}/build/release/asf-settings.xml"
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.1 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-1 -am
@@ -103,8 +101,7 @@ upload_nexus_staging() {
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-2 -am
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.3 \
-    -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
-    -pl extensions/spark/kyuubi-extension-spark-3-3 -am
+    -s "${KYUUBI_DIR}/build/release/asf-settings.xml"
 }
 
 finalize_svn() {

From 16c779284d6392424d76b8eb38b0a124f01f0c68 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 21 Feb 2023 10:28:47 +0800
Subject: [PATCH 098/760] [KYUUBI #4377] Grant execute permission to release
 scripts

### _Why are the changes needed?_

The release-related shell scripts should have execution permission.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4377 from pan3793/x.

Closes #4377

fb727adc [Cheng Pan] Grant execute permission to release scripts

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/script/announce.sh        | 0
 build/release/script/dev_kyuubi_vote.sh | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 build/release/script/announce.sh
 mode change 100644 => 100755 build/release/script/dev_kyuubi_vote.sh

diff --git a/build/release/script/announce.sh b/build/release/script/announce.sh
old mode 100644
new mode 100755
diff --git a/build/release/script/dev_kyuubi_vote.sh b/build/release/script/dev_kyuubi_vote.sh
old mode 100644
new mode 100755

From d288a2bd33d00811392d7aca2594b5b184f268f8 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 21 Feb 2023 13:00:04 +0800
Subject: [PATCH 099/760] [KYUUBI #3951][FOLLOWUP] Audit the rest request
 params

### _Why are the changes needed?_

Before:
```
user=anonymous(auth:BASIC) ip=127.0.0.1 proxyIp=null    method=GET      uri=/api/v1/operations/5e286c5d-2880-443f-a4e8-633964dcd699/rowset      protocol=HTTP/1.1       status=200
```

After:

```
user=anonymous(auth:BASIC) ip=127.0.0.1 proxyIp=null    method=GET      uri=/api/v1/operations/5e286c5d-2880-443f-a4e8-633964dcd699/rowset      params=maxrows=2&fetchorientation=FETCH_NEXT       protocol=HTTP/1.1       status=200
```

```
params=maxrows=2&fetchorientation=FETCH_NEXT
```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4389 from turboFei/rest_params.

Closes #3951

6ffc1adbd [fwang12] comments
61e12b1b1 [fwang12] nit
0632860d2 [fwang12] Audit the request params

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../server/http/authentication/AuthenticationAuditLogger.scala   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
index ac1ee2a63..ac74c449b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
@@ -35,6 +35,7 @@ object AuthenticationAuditLogger extends Logging {
     sb.append(s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}").append("\t")
     sb.append(s"method=${request.getMethod}").append("\t")
     sb.append(s"uri=${request.getRequestURI}").append("\t")
+    sb.append(s"params=${request.getQueryString}").append("\t")
     sb.append(s"protocol=${request.getProtocol}").append("\t")
     sb.append(s"status=${response.getStatus}")
     info(sb.toString())

From 3b73e1d64af8cb6351936d277ff57d98faa30c41 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Tue, 21 Feb 2023 17:24:53 +0800
Subject: [PATCH 100/760] [KYUUBI #4391] Improve code for hive-connector
 FileWriterFactory

### _Why are the changes needed?_

This pr aims to improve code for hive-connector FileWriterFactory, the main goal is to reduce duplicate copies of spark code.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4391 from Yikf/improve-code.

Closes #4391

7991f145 [Yikf] improve code for hive-connector FileWriterFactory

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../hive/write/FileWriterFactory.scala         | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
index c8e8f9b69..6ebb55f14 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
@@ -19,7 +19,6 @@ package org.apache.kyuubi.spark.connector.hive.write
 
 import java.util.Date
 
-import org.apache.hadoop.mapred.JobID
 import org.apache.hadoop.mapreduce.{TaskAttemptID, TaskID, TaskType}
 import org.apache.hadoop.mapreduce.task.TaskAttemptContextImpl
 import org.apache.spark.internal.io.FileCommitProtocol
@@ -35,7 +34,7 @@ case class FileWriterFactory(
     description: WriteJobDescription,
     committer: FileCommitProtocol) extends DataWriterFactory {
 
-  private val jobTrackerId = sparkHadoopWriterUtils.createJobTrackerID(new Date)
+  @transient private lazy val jobId = sparkHadoopWriterUtils.createJobID(new Date, 0)
 
   override def createWriter(partitionId: Int, realTaskId: Long): DataWriter[InternalRow] = {
     val taskAttemptContext = createTaskAttemptContext(partitionId)
@@ -48,7 +47,6 @@ case class FileWriterFactory(
   }
 
   private def createTaskAttemptContext(partitionId: Int): TaskAttemptContextImpl = {
-    val jobId = createJobID(jobTrackerId, 0)
     val taskId = new TaskID(jobId, TaskType.MAP, partitionId)
     val taskAttemptId = new TaskAttemptID(taskId, 0)
     // Set up the configuration object
@@ -61,18 +59,4 @@ case class FileWriterFactory(
 
     new TaskAttemptContextImpl(hadoopConf, taskAttemptId)
   }
-
-  /**
-   * Create a job ID.
-   *
-   * @param jobTrackerID unique job track id
-   * @param id job number
-   * @return a job ID
-   */
-  def createJobID(jobTrackerID: String, id: Int): JobID = {
-    if (id < 0) {
-      throw new IllegalArgumentException("Job number is negative")
-    }
-    new JobID(jobTrackerID, id)
-  }
 }

From 3191fa22fc034ce4a33ced66bdbcacc8c5f58bbb Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 21 Feb 2023 22:00:43 +0800
Subject: [PATCH 101/760] [KYUUBI #4106][FOLLOWUP] Rename conf key of uploaded
 batch resource

### _Why are the changes needed?_

As discussed https://github.com/apache/kyuubi/pull/4144#discussion_r1112957149, we should put the conf key into namespace `kyuubi.batch.`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4394 from pan3793/4106-followup.

Closes #4106

27c9ed870 [Cheng Pan] nit
66283ac4b [Cheng Pan] [KYUUBI #4106][FOLLOUP] Rename conf key of uploaded batch resource

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala     | 2 +-
 .../scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala | 2 +-
 .../org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
index 335253925..dfbdd9449 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
@@ -25,8 +25,8 @@ object KyuubiReservedKeys {
   final val KYUUBI_SESSION_SIGN_PUBLICKEY = "kyuubi.session.sign.publickey"
   final val KYUUBI_SESSION_USER_SIGN = "kyuubi.session.user.sign"
   final val KYUUBI_SESSION_REAL_USER_KEY = "kyuubi.session.real.user"
-  final val KYUUBI_SESSION_BATCH_RESOURCE_UPLOADED_KEY = "kyuubi.session.batch.resource.uploaded"
   final val KYUUBI_SESSION_CONNECTION_URL_KEY = "kyuubi.session.connection.url"
+  final val KYUUBI_BATCH_RESOURCE_UPLOADED_KEY = "kyuubi.batch.resource.uploaded"
   final val KYUUBI_STATEMENT_ID_KEY = "kyuubi.statement.id"
   final val KYUUBI_ENGINE_ID = "kyuubi.engine.id"
   final val KYUUBI_ENGINE_NAME = "kyuubi.engine.name"
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index d308c26d5..924e7b89c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -214,10 +214,10 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     val ipAddress = fe.getIpAddress
     request.setConf(
       (request.getConf.asScala ++ Map(
+        KYUUBI_BATCH_RESOURCE_UPLOADED_KEY -> isResourceFromUpload.toString,
         KYUUBI_CLIENT_IP_KEY -> ipAddress,
         KYUUBI_SERVER_IP_KEY -> fe.host,
         KYUUBI_SESSION_CONNECTION_URL_KEY -> fe.connectionUrl,
-        KYUUBI_SESSION_BATCH_RESOURCE_UPLOADED_KEY -> isResourceFromUpload.toString,
         KYUUBI_SESSION_REAL_USER_KEY -> fe.getRealUser())).asJava)
     val sessionHandle = sessionManager.openBatchSession(
       userName,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
index 5ed851ce0..7864d61f3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
@@ -79,7 +79,7 @@ class KyuubiBatchSessionImpl(
 
   // whether the resource file is from uploading
   private[kyuubi] val isResourceUploaded: Boolean = batchRequest.getConf
-    .getOrDefault(KyuubiReservedKeys.KYUUBI_SESSION_BATCH_RESOURCE_UPLOADED_KEY, "false").toBoolean
+    .getOrDefault(KyuubiReservedKeys.KYUUBI_BATCH_RESOURCE_UPLOADED_KEY, "false").toBoolean
 
   private[kyuubi] lazy val batchJobSubmissionOp = sessionManager.operationManager
     .newBatchJobSubmissionOperation(

From f0acff315c68356f5138f99fdf0438e565ce5f06 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 22 Feb 2023 23:00:30 +0800
Subject: [PATCH 102/760] [KYUUBI #4392] [ARROW] Assign a new execution id for
 arrow-based result
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

assign a new execution id for arrow-based result, so that we can track the arrow-based queries on the UI tab.

```sql
set kyuubi.operation.result.format=arrow;
select 1;
```

Before this PR:

![截屏2023-02-21 下午5 23 08](https://user-images.githubusercontent.com/8537877/220303920-fbaf978b-ead7-4708-9094-bcc84e8fb47c.png)

![截屏2023-02-21 下午5 23 19](https://user-images.githubusercontent.com/8537877/220303966-cb8dfeae-cd10-4c4f-add6-2650619fc5f9.png)

After this PR:
![截屏2023-02-22 上午10 21 53](https://user-images.githubusercontent.com/8537877/220504608-f67a5f70-8c64-4e3b-89c2-c2ea54676217.png)

![截屏2023-02-21 下午5 20 50](https://user-images.githubusercontent.com/8537877/220304021-9b845f44-96c3-41f2-a48a-a428f8c4823f.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4392 from cfmcgrady/arrow-execution-id-2.

Closes #4392

481118a4 [Fu Chen] enable ut
c90674ee [Fu Chen] address comment
6cc7af44 [Fu Chen] address comment
3f8a3ab8 [Fu Chen] fix ut
223a2469 [Fu Chen] add KyuubiSparkContextHelper
bb7b28f5 [Fu Chen] fix style
879a1502 [Fu Chen] unnecessary changes
a2b04f83 [Fu Chen] fix

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/ExecuteStatement.scala    | 114 ++++++++++++------
 .../spark/operation/SparkOperation.scala      |  16 +--
 .../operation/SparkSQLOperationManager.scala  |  19 ++-
 .../kyuubi/engine/spark/schema/RowSet.scala   |  21 ++--
 .../SparkArrowbasedOperationSuite.scala       |  36 +++++-
 .../engine/spark/schema/RowSetSuite.scala     |   9 +-
 .../spark/KyuubiSparkContextHelper.scala      |  30 +++++
 .../kyuubi/operation/SparkQueryTests.scala    |   4 +-
 8 files changed, 178 insertions(+), 71 deletions(-)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index 2b90525c1..6ebcce377 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -22,13 +22,14 @@ import java.util.concurrent.RejectedExecutionException
 import scala.collection.JavaConverters._
 
 import org.apache.spark.sql.DataFrame
+import org.apache.spark.sql.execution.SQLExecution
 import org.apache.spark.sql.kyuubi.SparkDatasetHelper
 import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_RESULT_MAX_ROWS
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil._
-import org.apache.kyuubi.operation.{ArrayFetchIterator, IterableFetchIterator, OperationState}
+import org.apache.kyuubi.operation.{ArrayFetchIterator, FetchIterator, IterableFetchIterator, OperationState}
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
@@ -62,49 +63,49 @@ class ExecuteStatement(
     OperationLog.removeCurrentOperationLog()
   }
 
-  private def executeStatement(): Unit = withLocalProperties {
+  protected def incrementalCollectResult(resultDF: DataFrame): Iterator[Any] = {
+    resultDF.toLocalIterator().asScala
+  }
+
+  protected def fullCollectResult(resultDF: DataFrame): Array[_] = {
+    resultDF.collect()
+  }
+
+  protected def takeResult(resultDF: DataFrame, maxRows: Int): Array[_] = {
+    resultDF.take(maxRows)
+  }
+
+  protected def collectAsIterator(resultDF: DataFrame): FetchIterator[_] = {
+    val resultMaxRows = spark.conf.getOption(OPERATION_RESULT_MAX_ROWS.key).map(_.toInt)
+      .getOrElse(session.sessionManager.getConf.get(OPERATION_RESULT_MAX_ROWS))
+    if (incrementalCollect) {
+      if (resultMaxRows > 0) {
+        warn(s"Ignore ${OPERATION_RESULT_MAX_ROWS.key} on incremental collect mode.")
+      }
+      info("Execute in incremental collect mode")
+      new IterableFetchIterator[Any](new Iterable[Any] {
+        override def iterator: Iterator[Any] = incrementalCollectResult(resultDF)
+      })
+    } else {
+      val internalArray = if (resultMaxRows <= 0) {
+        info("Execute in full collect mode")
+        fullCollectResult(resultDF)
+      } else {
+        info(s"Execute with max result rows[$resultMaxRows]")
+        takeResult(resultDF, resultMaxRows)
+      }
+      new ArrayFetchIterator(internalArray)
+    }
+  }
+
+  protected def executeStatement(): Unit = withLocalProperties {
     try {
       setState(OperationState.RUNNING)
       info(diagnostics)
       Thread.currentThread().setContextClassLoader(spark.sharedState.jarClassLoader)
       addOperationListener()
       result = spark.sql(statement)
-
-      val resultMaxRows = spark.conf.getOption(OPERATION_RESULT_MAX_ROWS.key).map(_.toInt)
-        .getOrElse(session.sessionManager.getConf.get(OPERATION_RESULT_MAX_ROWS))
-      iter = if (incrementalCollect) {
-        if (resultMaxRows > 0) {
-          warn(s"Ignore ${OPERATION_RESULT_MAX_ROWS.key} on incremental collect mode.")
-        }
-        info("Execute in incremental collect mode")
-        def internalIterator(): Iterator[Any] = if (arrowEnabled) {
-          SparkDatasetHelper.toArrowBatchRdd(convertComplexType(result)).toLocalIterator
-        } else {
-          result.toLocalIterator().asScala
-        }
-        new IterableFetchIterator[Any](new Iterable[Any] {
-          override def iterator: Iterator[Any] = internalIterator()
-        })
-      } else {
-        val internalArray = if (resultMaxRows <= 0) {
-          info("Execute in full collect mode")
-          if (arrowEnabled) {
-            SparkDatasetHelper.toArrowBatchRdd(convertComplexType(result)).collect()
-          } else {
-            result.collect()
-          }
-        } else {
-          info(s"Execute with max result rows[$resultMaxRows]")
-          if (arrowEnabled) {
-            // this will introduce shuffle and hurt performance
-            val limitedResult = result.limit(resultMaxRows)
-            SparkDatasetHelper.toArrowBatchRdd(convertComplexType(limitedResult)).collect()
-          } else {
-            result.take(resultMaxRows)
-          }
-        }
-        new ArrayFetchIterator(internalArray)
-      }
+      iter = collectAsIterator(result)
       setCompiledStateIfNeeded()
       setState(OperationState.FINISHED)
     } catch {
@@ -171,3 +172,40 @@ class ExecuteStatement(
       s"__kyuubi_operation_result_format__=$resultFormat",
       s"__kyuubi_operation_result_arrow_timestampAsString__=$timestampAsString")
 }
+
+class ArrowBasedExecuteStatement(
+    session: Session,
+    override val statement: String,
+    override val shouldRunAsync: Boolean,
+    queryTimeout: Long,
+    incrementalCollect: Boolean)
+  extends ExecuteStatement(session, statement, shouldRunAsync, queryTimeout, incrementalCollect) {
+
+  override protected def incrementalCollectResult(resultDF: DataFrame): Iterator[Any] = {
+    SparkDatasetHelper.toArrowBatchRdd(convertComplexType(resultDF)).toLocalIterator
+  }
+
+  override protected def fullCollectResult(resultDF: DataFrame): Array[_] = {
+    SparkDatasetHelper.toArrowBatchRdd(convertComplexType(resultDF)).collect()
+  }
+
+  override protected def takeResult(resultDF: DataFrame, maxRows: Int): Array[_] = {
+    // this will introduce shuffle and hurt performance
+    val limitedResult = resultDF.limit(maxRows)
+    SparkDatasetHelper.toArrowBatchRdd(convertComplexType(limitedResult)).collect()
+  }
+
+  /**
+   * assign a new execution id for arrow-based operation.
+   */
+  override protected def collectAsIterator(resultDF: DataFrame): FetchIterator[_] = {
+    SQLExecution.withNewExecutionId(resultDF.queryExecution, Some("collectAsArrow")) {
+      resultDF.queryExecution.executedPlan.resetMetrics()
+      super.collectAsIterator(resultDF)
+    }
+  }
+
+  override protected def isArrowBasedOperation: Boolean = true
+
+  override val resultFormat = "arrow"
+}
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index a6a7fc896..eb58407d4 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -245,7 +245,7 @@ abstract class SparkOperation(session: Session)
           case FETCH_FIRST => iter.fetchAbsolute(0);
         }
         resultRowSet =
-          if (arrowEnabled) {
+          if (isArrowBasedOperation) {
             if (iter.hasNext) {
               val taken = iter.next().asInstanceOf[Array[Byte]]
               RowSet.toTRowSet(taken, getProtocolVersion)
@@ -257,8 +257,7 @@ abstract class SparkOperation(session: Session)
             RowSet.toTRowSet(
               taken.toSeq.asInstanceOf[Seq[Row]],
               resultSchema,
-              getProtocolVersion,
-              timeZone)
+              getProtocolVersion)
           }
         resultRowSet.setStartRowOffset(iter.getPosition)
       } catch onError(cancel = true)
@@ -268,16 +267,9 @@ abstract class SparkOperation(session: Session)
 
   override def shouldRunAsync: Boolean = false
 
-  protected def arrowEnabled: Boolean = {
-    resultFormat.equalsIgnoreCase("arrow") &&
-    // TODO: (fchen) make all operation support arrow
-    getClass.getCanonicalName == classOf[ExecuteStatement].getCanonicalName
-  }
+  protected def isArrowBasedOperation: Boolean = false
 
-  protected def resultFormat: String = {
-    // TODO: respect the config of the operation ExecuteStatement, if it was set.
-    spark.conf.get("kyuubi.operation.result.format", "thrift")
-  }
+  protected def resultFormat: String = "thrift"
 
   protected def timestampAsString: Boolean = {
     spark.conf.get("kyuubi.operation.result.arrow.timestampAsString", "false").toBoolean
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
index 5c5ed0f98..4743f147c 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
@@ -82,7 +82,24 @@ class SparkSQLOperationManager private (name: String) extends OperationManager(n
             case NoneMode =>
               val incrementalCollect = spark.conf.getOption(OPERATION_INCREMENTAL_COLLECT.key)
                 .map(_.toBoolean).getOrElse(operationIncrementalCollectDefault)
-              new ExecuteStatement(session, statement, runAsync, queryTimeout, incrementalCollect)
+              // TODO: respect the config of the operation ExecuteStatement, if it was set.
+              val resultFormat = spark.conf.get("kyuubi.operation.result.format", "thrift")
+              resultFormat.toLowerCase match {
+                case "arrow" =>
+                  new ArrowBasedExecuteStatement(
+                    session,
+                    statement,
+                    runAsync,
+                    queryTimeout,
+                    incrementalCollect)
+                case _ =>
+                  new ExecuteStatement(
+                    session,
+                    statement,
+                    runAsync,
+                    queryTimeout,
+                    incrementalCollect)
+              }
             case mode =>
               new PlanOnlyStatement(session, statement, mode)
           }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
index 7be70403d..4f935ce49 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/schema/RowSet.scala
@@ -18,7 +18,6 @@
 package org.apache.kyuubi.engine.spark.schema
 
 import java.nio.ByteBuffer
-import java.time.ZoneId
 
 import scala.collection.JavaConverters._
 
@@ -61,16 +60,15 @@ object RowSet {
   def toTRowSet(
       rows: Seq[Row],
       schema: StructType,
-      protocolVersion: TProtocolVersion,
-      timeZone: ZoneId): TRowSet = {
+      protocolVersion: TProtocolVersion): TRowSet = {
     if (protocolVersion.getValue < TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6.getValue) {
-      toRowBasedSet(rows, schema, timeZone)
+      toRowBasedSet(rows, schema)
     } else {
-      toColumnBasedSet(rows, schema, timeZone)
+      toColumnBasedSet(rows, schema)
     }
   }
 
-  def toRowBasedSet(rows: Seq[Row], schema: StructType, timeZone: ZoneId): TRowSet = {
+  def toRowBasedSet(rows: Seq[Row], schema: StructType): TRowSet = {
     val rowSize = rows.length
     val tRows = new java.util.ArrayList[TRow](rowSize)
     var i = 0
@@ -80,7 +78,7 @@ object RowSet {
       var j = 0
       val columnSize = row.length
       while (j < columnSize) {
-        val columnValue = toTColumnValue(j, row, schema, timeZone)
+        val columnValue = toTColumnValue(j, row, schema)
         tRow.addToColVals(columnValue)
         j += 1
       }
@@ -90,21 +88,21 @@ object RowSet {
     new TRowSet(0, tRows)
   }
 
-  def toColumnBasedSet(rows: Seq[Row], schema: StructType, timeZone: ZoneId): TRowSet = {
+  def toColumnBasedSet(rows: Seq[Row], schema: StructType): TRowSet = {
     val rowSize = rows.length
     val tRowSet = new TRowSet(0, new java.util.ArrayList[TRow](rowSize))
     var i = 0
     val columnSize = schema.length
     while (i < columnSize) {
       val field = schema(i)
-      val tColumn = toTColumn(rows, i, field.dataType, timeZone)
+      val tColumn = toTColumn(rows, i, field.dataType)
       tRowSet.addToColumns(tColumn)
       i += 1
     }
     tRowSet
   }
 
-  private def toTColumn(rows: Seq[Row], ordinal: Int, typ: DataType, timeZone: ZoneId): TColumn = {
+  private def toTColumn(rows: Seq[Row], ordinal: Int, typ: DataType): TColumn = {
     val nulls = new java.util.BitSet()
     typ match {
       case BooleanType =>
@@ -186,8 +184,7 @@ object RowSet {
   private def toTColumnValue(
       ordinal: Int,
       row: Row,
-      types: StructType,
-      timeZone: ZoneId): TColumnValue = {
+      types: StructType): TColumnValue = {
     types(ordinal).dataType match {
       case BooleanType =>
         val boolValue = new TBoolValue
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 60cc52891..30cdeca5a 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -19,8 +19,14 @@ package org.apache.kyuubi.engine.spark.operation
 
 import java.sql.Statement
 
+import org.apache.spark.KyuubiSparkContextHelper
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
+import org.apache.spark.sql.execution.QueryExecution
+import org.apache.spark.sql.util.QueryExecutionListener
+
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
+import org.apache.kyuubi.engine.spark.{SparkSQLEngine, WithSparkSQLEngine}
+import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.SparkDataTypeTests
 
 class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests {
@@ -85,6 +91,34 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     }
   }
 
+  test("assign a new execution id for arrow-based result") {
+    var plan: LogicalPlan = null
+
+    val listener = new QueryExecutionListener {
+      override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
+        plan = qe.analyzed
+      }
+      override def onFailure(funcName: String, qe: QueryExecution, exception: Exception): Unit = {}
+    }
+    withJdbcStatement() { statement =>
+      // since all the new sessions have their owner listener bus, we should register the listener
+      // in the current session.
+      SparkSQLEngine.currentEngine.get
+        .backendService
+        .sessionManager
+        .allSessions()
+        .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.register(listener))
+
+      val result = statement.executeQuery("select 1 as c1")
+      assert(result.next())
+      assert(result.getInt("c1") == 1)
+    }
+
+    KyuubiSparkContextHelper.waitListenerBus(spark)
+    spark.listenerManager.unregister(listener)
+    assert(plan.isInstanceOf[Project])
+  }
+
   private def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
     val query =
       s"""
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala
index a999563ea..5d2ba4a0d 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/schema/RowSetSuite.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.engine.spark.schema
 import java.nio.ByteBuffer
 import java.nio.charset.StandardCharsets
 import java.sql.{Date, Timestamp}
-import java.time.{Instant, LocalDate, ZoneId}
+import java.time.{Instant, LocalDate}
 
 import scala.collection.JavaConverters._
 
@@ -96,10 +96,9 @@ class RowSetSuite extends KyuubiFunSuite {
     .add("q", "timestamp")
 
   private val rows: Seq[Row] = (0 to 10).map(genRow) ++ Seq(Row.fromSeq(Seq.fill(17)(null)))
-  private val zoneId: ZoneId = ZoneId.systemDefault()
 
   test("column based set") {
-    val tRowSet = RowSet.toColumnBasedSet(rows, schema, zoneId)
+    val tRowSet = RowSet.toColumnBasedSet(rows, schema)
     assert(tRowSet.getColumns.size() === schema.size)
     assert(tRowSet.getRowsSize === 0)
 
@@ -204,7 +203,7 @@ class RowSetSuite extends KyuubiFunSuite {
   }
 
   test("row based set") {
-    val tRowSet = RowSet.toRowBasedSet(rows, schema, zoneId)
+    val tRowSet = RowSet.toRowBasedSet(rows, schema)
     assert(tRowSet.getColumnCount === 0)
     assert(tRowSet.getRowsSize === rows.size)
     val iter = tRowSet.getRowsIterator
@@ -250,7 +249,7 @@ class RowSetSuite extends KyuubiFunSuite {
 
   test("to row set") {
     TProtocolVersion.values().foreach { proto =>
-      val set = RowSet.toTRowSet(rows, schema, proto, zoneId)
+      val set = RowSet.toTRowSet(rows, schema, proto)
       if (proto.getValue < TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6.getValue) {
         assert(!set.isSetColumns, proto.toString)
         assert(set.isSetRows, proto.toString)
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala
new file mode 100644
index 000000000..8293123ea
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark
+
+import org.apache.spark.sql.SparkSession
+
+/**
+ * A place to invoke non-public APIs of [[SparkContext]], for test only.
+ */
+object KyuubiSparkContextHelper {
+
+  def waitListenerBus(spark: SparkSession): Unit = {
+    spark.sparkContext.listenerBus.waitUntilEmpty()
+  }
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
index e297e6281..a42b05473 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
@@ -433,13 +433,13 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
         expectedFormat = "thrift")
       checkStatusAndResultSetFormatHint(
         sql = "set kyuubi.operation.result.format=arrow",
-        expectedFormat = "arrow")
+        expectedFormat = "thrift")
       checkStatusAndResultSetFormatHint(
         sql = "SELECT 1",
         expectedFormat = "arrow")
       checkStatusAndResultSetFormatHint(
         sql = "set kyuubi.operation.result.format=thrift",
-        expectedFormat = "thrift")
+        expectedFormat = "arrow")
       checkStatusAndResultSetFormatHint(
         sql = "set kyuubi.operation.result.format",
         expectedFormat = "thrift")

From e4d0962d5dd6b5fcf1599b633dcd0597bc4491cd Mon Sep 17 00:00:00 2001
From: edddddy <rmrfall@qq.com>
Date: Thu, 23 Feb 2023 01:49:24 +0800
Subject: [PATCH 103/760] [KYUUBI #4399] Remove redundant config in Trino
 frontend

### _Why are the changes needed?_

It seems to be redundant to keep these configurations in the Trino frontend module. Thus, to my mind, removing them make things better.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4399 from edddddy/master.

Closes #4399

81dab6b2 [edddddy] remove some redundant config in Trino front-end

Authored-by: edddddy <rmrfall@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/server/KyuubiTrinoFrontendService.scala       | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala
index fca8b8a87..573bb948f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala
@@ -64,15 +64,6 @@ class KyuubiTrinoFrontendService(override val serverable: Serverable)
   private def startInternal(): Unit = {
     val contextHandler = ApiRootResource.getServletHandler(this)
     server.addHandler(contextHandler)
-
-    server.addStaticHandler("org/apache/kyuubi/ui/static", "/static/")
-    server.addRedirectHandler("/", "/static/")
-    server.addRedirectHandler("/static", "/static/")
-    server.addStaticHandler("META-INF/resources/webjars/swagger-ui/4.9.1/", "/swagger-static/")
-    server.addStaticHandler("org/apache/kyuubi/ui/swagger", "/swagger/")
-    server.addRedirectHandler("/docs", "/swagger/")
-    server.addRedirectHandler("/docs/", "/swagger/")
-    server.addRedirectHandler("/swagger", "/swagger/")
   }
 
   override def start(): Unit = synchronized {

From 27a8674f756ca41dece6f5d76a792d186b0d5040 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Thu, 23 Feb 2023 09:17:10 +0800
Subject: [PATCH 104/760] [KYUUBI #4388] Limit the max rows for get nextRowSet
 api

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4395 from lightning-L/kyuubi-4388.

Closes #4388

4f4ae8e59 [Tianlin Liao] create as optional
6b85f6ae6 [Tianlin Liao] refactor
7c2cd5661 [Tianlin Liao] rename conf
2f00da0f4 [Tianlin Liao] throw error in AbstractBackendService to enable it for all kinds of clients
3feabf78c [Tianlin Liao] [KYUUBI #4388] Limit the max rows for get nextRowSet api

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                        |  1 +
 .../org/apache/kyuubi/config/KyuubiConf.scala      |  9 +++++++++
 .../kyuubi/service/AbstractBackendService.scala    |  9 ++++++++-
 .../kyuubi/server/api/v1/OperationsResource.scala  |  6 ++++--
 .../server/api/v1/OperationsResourceSuite.scala    | 14 ++++++++++++++
 5 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 3603ac8f2..da5faadf5 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -455,6 +455,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.server.batch.limit.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int      | 1.7.0 |
 | kyuubi.server.batch.limit.connections.per.user.ipaddress | &lt;undefined&gt; | Maximum kyuubi server batch connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                | int      | 1.7.0 |
 | kyuubi.server.info.provider                              | ENGINE            | The server information provider name, some clients may rely on this information to check the server compatibilities and functionalities. <li>SERVER: Return Kyuubi server information.</li> <li>ENGINE: Return Kyuubi engine information.</li> | string   | 1.6.1 |
+| kyuubi.server.limit.client.fetch.max.rows                | &lt;undefined&gt; | Max rows limit for getting result row set operation. If the max rows specified by client-side is larger than the limit, request will fail directly.                                                                                            | int      | 1.8.0 |
 | kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user.ipaddress       | &lt;undefined&gt; | Maximum kyuubi server connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                      | int      | 1.6.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index faa86b203..ced1bd612 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2396,6 +2396,15 @@ object KyuubiConf {
       .intConf
       .createOptional
 
+  val SERVER_LIMIT_CLIENT_FETCH_MAX_ROWS: OptionalConfigEntry[Int] =
+    buildConf("kyuubi.server.limit.client.fetch.max.rows")
+      .doc("Max rows limit for getting result row set operation. If the max rows specified " +
+        "by client-side is larger than the limit, request will fail directly.")
+      .version("1.8.0")
+      .serverOnly
+      .intConf
+      .createOptional
+
   val SESSION_PROGRESS_ENABLE: ConfigEntry[Boolean] =
     buildConf("kyuubi.operation.progress.enabled")
       .doc("Whether to enable the operation progress. When true," +
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
index b9e254508..171e04901 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
@@ -21,7 +21,7 @@ import java.util.concurrent.{ExecutionException, TimeoutException, TimeUnit}
 
 import scala.concurrent.CancellationException
 
-import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TGetResultSetMetadataResp, TProtocolVersion, TRowSet}
+import org.apache.hive.service.rpc.thrift._
 
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.operation.{OperationHandle, OperationStatus}
@@ -35,6 +35,7 @@ abstract class AbstractBackendService(name: String)
   extends CompositeService(name) with BackendService {
 
   private lazy val timeout = conf.get(KyuubiConf.OPERATION_STATUS_POLLING_TIMEOUT)
+  private lazy val maxRowsLimit = conf.get(KyuubiConf.SERVER_LIMIT_CLIENT_FETCH_MAX_ROWS)
 
   override def openSession(
       protocol: TProtocolVersion,
@@ -201,6 +202,12 @@ abstract class AbstractBackendService(name: String)
       orientation: FetchOrientation,
       maxRows: Int,
       fetchLog: Boolean): TRowSet = {
+    maxRowsLimit.foreach(limit =>
+      if (maxRows > limit) {
+        throw new IllegalArgumentException(s"Max rows for fetching results " +
+          s"operation should not exceed the limit: $limit")
+      })
+
     sessionManager.operationManager
       .getOperation(operationHandle)
       .getSession
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index 015da7657..70a6d3a28 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -28,8 +28,7 @@ import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
 import org.apache.hive.service.rpc.thrift._
 
-import org.apache.kyuubi.KyuubiSQLException
-import org.apache.kyuubi.Logging
+import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.operation.{FetchOrientation, KyuubiOperation, OperationHandle}
@@ -229,6 +228,9 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
       })
       new ResultRowSet(rows.asJava, rows.size)
     } catch {
+      case e: IllegalArgumentException =>
+        error(e.getMessage, e)
+        throw new BadRequestException(e.getMessage)
       case NonFatal(e) =>
         val errorMsg = s"Error getting result row set for operation handle $operationHandleStr"
         error(errorMsg, e)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
index 328d012a7..51701b231 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
@@ -29,12 +29,16 @@ import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KyuubiFunSuite, RestFrontendTestHelper}
 import org.apache.kyuubi.client.api.v1.dto._
+import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.operation.{ExecuteStatement, OperationState}
 import org.apache.kyuubi.operation.OperationState.{FINISHED, OperationState}
 
 class OperationsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
+  override protected lazy val conf: KyuubiConf = KyuubiConf()
+    .set(KyuubiConf.SERVER_LIMIT_CLIENT_FETCH_MAX_ROWS, 5000)
+
   test("get an operation event") {
     val catalogsHandleStr = getOpHandleStr("")
     checkOpState(catalogsHandleStr, FINISHED)
@@ -126,6 +130,16 @@ class OperationsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper
     assert(logRowSet.getRowCount == 1)
   }
 
+  test("test invalid max rows") {
+    val opHandleStr = getOpHandleStr("select \"test\", 1, 0.32d, true")
+    checkOpState(opHandleStr, FINISHED)
+    val response = webTarget.path(
+      s"api/v1/operations/$opHandleStr/rowset")
+      .queryParam("maxrows", "10000")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(400 == response.getStatus)
+  }
+
   test("test get result row set with null value") {
     val opHandleStr = getOpHandleStr(
       s"""

From 171473ec718aeabe7d9e8e61fc63e2009e43cbd7 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 23 Feb 2023 09:21:34 +0800
Subject: [PATCH 105/760] [KYUUBI #3957][FOLLOWUP] Rename the config prefix
 from kyuubi.server.batch.limit to kyuubi.server.limit.batch

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4398 from turboFei/rename_batch_limit.

Closes #3957

28228e4ed [fwang12] 3957 followup
ef1ad6ea5 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                                 | 6 +++---
 .../main/scala/org/apache/kyuubi/config/KyuubiConf.scala    | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index da5faadf5..82c8111b6 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -451,10 +451,10 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 |                           Key                            |      Default      |                                                                                                                    Meaning                                                                                                                     |   Type   | Since |
 |----------------------------------------------------------|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.server.batch.limit.connections.per.ipaddress      | &lt;undefined&gt; | Maximum kyuubi server batch connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                           | int      | 1.7.0 |
-| kyuubi.server.batch.limit.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int      | 1.7.0 |
-| kyuubi.server.batch.limit.connections.per.user.ipaddress | &lt;undefined&gt; | Maximum kyuubi server batch connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                | int      | 1.7.0 |
 | kyuubi.server.info.provider                              | ENGINE            | The server information provider name, some clients may rely on this information to check the server compatibilities and functionalities. <li>SERVER: Return Kyuubi server information.</li> <li>ENGINE: Return Kyuubi engine information.</li> | string   | 1.6.1 |
+| kyuubi.server.limit.batch.connections.per.ipaddress      | &lt;undefined&gt; | Maximum kyuubi server batch connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                           | int      | 1.7.0 |
+| kyuubi.server.limit.batch.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int      | 1.7.0 |
+| kyuubi.server.limit.batch.connections.per.user.ipaddress | &lt;undefined&gt; | Maximum kyuubi server batch connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                | int      | 1.7.0 |
 | kyuubi.server.limit.client.fetch.max.rows                | &lt;undefined&gt; | Max rows limit for getting result row set operation. If the max rows specified by client-side is larger than the limit, request will fail directly.                                                                                            | int      | 1.8.0 |
 | kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int      | 1.6.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index ced1bd612..70919d6e8 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2370,7 +2370,7 @@ object KyuubiConf {
       .createWithDefault(Nil)
 
   val SERVER_LIMIT_BATCH_CONNECTIONS_PER_USER: OptionalConfigEntry[Int] =
-    buildConf("kyuubi.server.batch.limit.connections.per.user")
+    buildConf("kyuubi.server.limit.batch.connections.per.user")
       .doc("Maximum kyuubi server batch connections per user." +
         " Any user exceeding this limit will not be allowed to connect.")
       .version("1.7.0")
@@ -2379,7 +2379,7 @@ object KyuubiConf {
       .createOptional
 
   val SERVER_LIMIT_BATCH_CONNECTIONS_PER_IPADDRESS: OptionalConfigEntry[Int] =
-    buildConf("kyuubi.server.batch.limit.connections.per.ipaddress")
+    buildConf("kyuubi.server.limit.batch.connections.per.ipaddress")
       .doc("Maximum kyuubi server batch connections per ipaddress." +
         " Any user exceeding this limit will not be allowed to connect.")
       .version("1.7.0")
@@ -2388,7 +2388,7 @@ object KyuubiConf {
       .createOptional
 
   val SERVER_LIMIT_BATCH_CONNECTIONS_PER_USER_IPADDRESS: OptionalConfigEntry[Int] =
-    buildConf("kyuubi.server.batch.limit.connections.per.user.ipaddress")
+    buildConf("kyuubi.server.limit.batch.connections.per.user.ipaddress")
       .doc("Maximum kyuubi server batch connections per user:ipaddress combination." +
         " Any user-ipaddress exceeding this limit will not be allowed to connect.")
       .version("1.7.0")

From fafd017df53bbd529f49b3d7c036363711d8ee02 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 23 Feb 2023 11:45:58 +0800
Subject: [PATCH 106/760] [KYUUBI #4397] [BUILD] `build/dist` supports
 `--web-ui`

### _Why are the changes needed?_

```
Usage:
+----------------------------------------------------------------------------------------------+
| ./build/dist [--name <custom_name>] [--tgz] [--web-ui] [--flink-provided] [--hive-provided]  |
|              [--spark-provided] [--mvn <maven_executable>] <maven build options>             |
+----------------------------------------------------------------------------------------------+
name:           -  custom binary name, using project version if undefined
tgz:            -  whether to make a whole bundled package
web-ui:         -  whether to include web ui
flink-provided: -  whether to make a package without Flink binary
hive-provided:  -  whether to make a package without Hive binary
spark-provided: -  whether to make a package without Spark binary
mvn:            -  external maven executable location

```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

Create binary artifacts using `build/dist --tgz --web-ui` and run, then open `http://0.0.0.0:10099/ui`

<img width="1401" alt="image" src="https://user-images.githubusercontent.com/26535726/220753103-ce801f12-f394-4ece-92a4-1902e93c62c7.png">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4397 from pan3793/webui-build.

Closes #4397

97901d63e [Cheng Pan] doc
37d5e2ad3 [Cheng Pan] mirror-cdn
c5751dd5b [Cheng Pan] remove unused dep
d308defb7 [Cheng Pan] nit
9abca4705 [Cheng Pan] nit
c1d184afd [Cheng Pan] nit
7091d5bf5 [Cheng Pan] regex
f0ac16b3c [Cheng Pan] [BUILD] `build/dist` support --web-ui

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .gitignore                                    |  1 +
 .rat-excludes                                 |  2 +
 bin/kyuubi                                    | 16 ++++++--
 build/dist                                    | 25 ++++++++---
 build/release/create-package.sh               |  2 +-
 docs/develop_tools/distribution.md            | 11 ++---
 kyuubi-server/pom.xml                         | 41 +++++++++++++++++++
 .../src/main/resources/dist/index.html        | 28 +++++++++++++
 .../server/KyuubiRestFrontendService.scala    | 18 ++++++--
 .../authentication/AuthenticationFilter.scala |  1 -
 kyuubi-server/web-ui/.gitignore               |  1 +
 kyuubi-server/web-ui/README.md                |  2 +-
 kyuubi-server/web-ui/index.html               |  2 +-
 kyuubi-server/web-ui/package-lock.json        |  4 +-
 kyuubi-server/web-ui/package.json             |  2 +-
 kyuubi-server/web-ui/src/router/index.ts      |  2 +-
 kyuubi-server/web-ui/vite.config.ts           |  1 +
 pom.xml                                       | 30 +++++++++++++-
 18 files changed, 163 insertions(+), 26 deletions(-)
 create mode 100644 kyuubi-server/src/main/resources/dist/index.html

diff --git a/.gitignore b/.gitignore
index bb2df4fd0..9a115ab0a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -56,6 +56,7 @@ hs_err_pid*
 spark-warehouse/
 metastore_db
 derby.log
+rest-audit.log
 **/dependency-reduced-pom.xml
 metrics/report.json
 metrics/.report.json.crc
diff --git a/.rat-excludes b/.rat-excludes
index 2906e7cea..7a841cf9c 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -51,6 +51,8 @@ build/scala-*/**
 **/metadata-store-schema*.sql
 **/*.derby.sql
 **/*.mysql.sql
+**/node/**
+**/web-ui/dist/**
 **/pnpm-lock.yaml
 **/node_modules/**
 **/gen/*
diff --git a/bin/kyuubi b/bin/kyuubi
index 414bdeb86..09c8e9373 100755
--- a/bin/kyuubi
+++ b/bin/kyuubi
@@ -87,10 +87,18 @@ if [[ -z "$KYUUBI_JAR_DIR" ]]; then
   fi
 fi
 
-if [[ -z ${YARN_CONF_DIR} ]]; then
-  KYUUBI_CLASSPATH="${KYUUBI_JAR_DIR}/*:${KYUUBI_CONF_DIR}:${HADOOP_CONF_DIR}"
-else
-  KYUUBI_CLASSPATH="${KYUUBI_JAR_DIR}/*:${KYUUBI_CONF_DIR}:${HADOOP_CONF_DIR}:${YARN_CONF_DIR}"
+## Find the WebUI dist
+if [[ -z "$KYUUBI_WEBUI_DIR" ]]; then
+  KYUUBI_WEBUI_DIR="$KYUUBI_HOME/web-ui"
+  if [[ ! -d ${KYUUBI_WEBUI_DIR} ]]; then
+  echo -e "\nCandidate Kyuubi WebUI dist $KYUUBI_WEBUI_DIR doesn't exist, searching development environment..."
+    KYUUBI_WEBUI_DIR="$KYUUBI_HOME/kyuubi-server/web-ui"
+  fi
+fi
+
+KYUUBI_CLASSPATH="${KYUUBI_CONF_DIR}:${KYUUBI_WEBUI_DIR}:${KYUUBI_JAR_DIR}/*:${HADOOP_CONF_DIR}"
+if [[ -n ${YARN_CONF_DIR} ]]; then
+  KYUUBI_CLASSPATH="${KYUUBI_CLASSPATH}:${YARN_CONF_DIR}"
 fi
 
 cmd="${RUNNER} ${KYUUBI_JAVA_OPTS} -cp ${KYUUBI_CLASSPATH} $CLASS"
diff --git a/build/dist b/build/dist
index 7b51886df..0620c7d08 100755
--- a/build/dist
+++ b/build/dist
@@ -31,6 +31,7 @@ set -x
 KYUUBI_HOME="$(cd "`dirname "$0"`/.."; pwd)"
 DISTDIR="$KYUUBI_HOME/dist"
 MAKE_TGZ=false
+ENABLE_WEBUI=false
 FLINK_PROVIDED=false
 SPARK_PROVIDED=false
 HIVE_PROVIDED=false
@@ -42,15 +43,16 @@ function usage {
   echo "./build/dist - Tool for making binary distributions of Kyuubi"
   echo ""
   echo "Usage:"
-  echo "+------------------------------------------------------------------------------------------------------+"
-  echo "| ./build/dist [--name <custom_name>] [--tgz] [--flink-provided] [--spark-provided] [--hive-provided]  |"
-  echo "|              [--mvn <maven_executable>] <maven build options>                                        |"
-  echo "+------------------------------------------------------------------------------------------------------+"
+  echo "+----------------------------------------------------------------------------------------------+"
+  echo "| ./build/dist [--name <custom_name>] [--tgz] [--web-ui] [--flink-provided] [--hive-provided]  |"
+  echo "|              [--spark-provided] [--mvn <maven_executable>] <maven build options>             |"
+  echo "+----------------------------------------------------------------------------------------------+"
   echo "name:           -  custom binary name, using project version if undefined"
   echo "tgz:            -  whether to make a whole bundled package"
+  echo "web-ui:         -  whether to include web ui"
   echo "flink-provided: -  whether to make a package without Flink binary"
-  echo "spark-provided: -  whether to make a package without Spark binary"
   echo "hive-provided:  -  whether to make a package without Hive binary"
+  echo "spark-provided: -  whether to make a package without Spark binary"
   echo "mvn:            -  external maven executable location"
   echo ""
 }
@@ -67,6 +69,9 @@ while (( "$#" )); do
     --tgz)
       MAKE_TGZ=true
       ;;
+    --web-ui)
+      ENABLE_WEBUI=true
+      ;;
     --flink-provided)
       FLINK_PROVIDED=true
       ;;
@@ -212,6 +217,10 @@ fi
 
 MVN_DIST_OPT="-DskipTests"
 
+if [[ "$ENABLE_WEBUI" == "true" ]]; then
+  MVN_DIST_OPT="$MVN_DIST_OPT -Pweb-ui"
+fi
+
 if [[ "$SPARK_PROVIDED" == "true" ]]; then
   MVN_DIST_OPT="$MVN_DIST_OPT -Pspark-provided"
 fi
@@ -321,6 +330,12 @@ for SPARK_EXTENSION_VERSION in ${SPARK_EXTENSION_VERSIONS[@]}; do
   fi
 done
 
+if [[ "$ENABLE_WEBUI" == "true" ]]; then
+  # Copy web ui dist
+  mkdir -p "$DISTDIR/web-ui"
+  cp -r "$KYUUBI_HOME/kyuubi-server/web-ui/dist" "$DISTDIR/web-ui/"
+fi
+
 if [[ "$FLINK_PROVIDED" != "true" ]]; then
   # Copy flink binary dist
   FLINK_BUILTIN="$(find "$KYUUBI_HOME/externals/kyuubi-download/target" -name 'flink-*' -type d)"
diff --git a/build/release/create-package.sh b/build/release/create-package.sh
index c98e7c0f8..28a89165e 100755
--- a/build/release/create-package.sh
+++ b/build/release/create-package.sh
@@ -75,7 +75,7 @@ package_binary() {
 
   echo "Creating binary release tarball ${BIN_TGZ_FILE}"
 
-  ${KYUUBI_DIR}/build/dist --tgz --spark-provided --flink-provided --hive-provided
+  ${KYUUBI_DIR}/build/dist --tgz --web-ui --spark-provided --flink-provided --hive-provided
 
   cp "${BIN_TGZ_FILE}" "${RELEASE_DIR}"
 
diff --git a/docs/develop_tools/distribution.md b/docs/develop_tools/distribution.md
index abc2ac91b..217f0a417 100644
--- a/docs/develop_tools/distribution.md
+++ b/docs/develop_tools/distribution.md
@@ -26,15 +26,16 @@ For more information on usage, run `./build/dist --help`
 ./build/dist - Tool for making binary distributions of Kyuubi
 
 Usage:
-+------------------------------------------------------------------------------------------------------+
-| ./build/dist [--name <custom_name>] [--tgz] [--flink-provided] [--spark-provided] [--hive-provided]  |
-|              [--mvn <maven_executable>] <maven build options>                                        |
-+------------------------------------------------------------------------------------------------------+
++----------------------------------------------------------------------------------------------+
+| ./build/dist [--name <custom_name>] [--tgz] [--web-ui] [--flink-provided] [--hive-provided]  |
+|              [--spark-provided] [--mvn <maven_executable>] <maven build options>             |
++----------------------------------------------------------------------------------------------+
 name:           -  custom binary name, using project version if undefined
 tgz:            -  whether to make a whole bundled package
+web-ui:         -  whether to include web ui
 flink-provided: -  whether to make a package without Flink binary
-spark-provided: -  whether to make a package without Spark binary
 hive-provided:  -  whether to make a package without Hive binary
+spark-provided: -  whether to make a package without Spark binary
 mvn:            -  external maven executable location
 ```
 
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 53b8a9601..aebce5dda 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -543,6 +543,47 @@
                     </execution>
                 </executions>
             </plugin>
+
+            <plugin>
+                <groupId>com.github.eirslett</groupId>
+                <artifactId>frontend-maven-plugin</artifactId>
+                <configuration>
+                    <workingDirectory>web-ui</workingDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>install node and pnpm</id>
+                        <goals>
+                            <goal>install-node-and-pnpm</goal>
+                        </goals>
+                        <configuration>
+                            <skip>${webui.skip}</skip>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>pnpm install</id>
+                        <goals>
+                            <goal>pnpm</goal>
+                        </goals>
+                        <phase>generate-resources</phase>
+                        <configuration>
+                            <skip>${webui.skip}</skip>
+                            <arguments>install</arguments>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>pnpm run build</id>
+                        <goals>
+                            <goal>pnpm</goal>
+                        </goals>
+                        <phase>package</phase>
+                        <configuration>
+                            <skip>${webui.skip}</skip>
+                            <arguments>run build</arguments>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
         <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
         <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
diff --git a/kyuubi-server/src/main/resources/dist/index.html b/kyuubi-server/src/main/resources/dist/index.html
new file mode 100644
index 000000000..ab54fc14a
--- /dev/null
+++ b/kyuubi-server/src/main/resources/dist/index.html
@@ -0,0 +1,28 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <title>Apache Kyuubi Dashboard</title>
+  </head>
+  <body>
+    <div>This is a dummy page for development.</div>
+  </body>
+</html>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 29f4cf304..7019d8a6a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -26,14 +26,14 @@ import javax.ws.rs.core.Response.Status
 
 import com.google.common.annotations.VisibleForTesting
 import org.apache.hadoop.conf.Configuration
-import org.eclipse.jetty.servlet.FilterHolder
+import org.eclipse.jetty.servlet.{ErrorPageErrorHandler, FilterHolder}
 
 import org.apache.kyuubi.{KyuubiException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_REST_BIND_HOST, FRONTEND_REST_BIND_PORT, FRONTEND_REST_MAX_WORKER_THREADS, METADATA_RECOVERY_THREADS}
+import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.server.api.v1.ApiRootResource
 import org.apache.kyuubi.server.http.authentication.{AuthenticationFilter, KyuubiHttpAuthenticationFactory}
-import org.apache.kyuubi.server.ui.JettyServer
+import org.apache.kyuubi.server.ui.{JettyServer, JettyUtils}
 import org.apache.kyuubi.service.{AbstractFrontendService, Serverable, Service, ServiceUtils}
 import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
 import org.apache.kyuubi.session.{KyuubiSessionManager, SessionHandle}
@@ -95,6 +95,18 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
     server.addRedirectHandler("/docs", "/swagger/")
     server.addRedirectHandler("/docs/", "/swagger/")
     server.addRedirectHandler("/swagger", "/swagger/")
+
+    installWebUI()
+  }
+
+  private def installWebUI(): Unit = {
+    val servletHandler = JettyUtils.createStaticHandler("dist", "/ui")
+    // HTML5 Web History Mode requires redirect any url path under Web UI Servlet to the main page.
+    // See more details at https://router.vuejs.org/guide/essentials/history-mode.html#html5-mode
+    val errorHandler = new ErrorPageErrorHandler
+    errorHandler.addErrorPage(404, "/")
+    servletHandler.setErrorHandler(errorHandler)
+    server.addHandler(servletHandler)
   }
 
   private def startBatchChecker(): Unit = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index 740937d8e..3c4065a7b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -79,7 +79,6 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
 
   override def init(filterConfig: FilterConfig): Unit = {
     initAuthHandlers()
-    super.init(filterConfig)
   }
 
   private[kyuubi] def getMatchedHandler(authorization: String): Option[AuthenticationHandler] = {
diff --git a/kyuubi-server/web-ui/.gitignore b/kyuubi-server/web-ui/.gitignore
index be5bdb236..c6cab4b86 100644
--- a/kyuubi-server/web-ui/.gitignore
+++ b/kyuubi-server/web-ui/.gitignore
@@ -14,6 +14,7 @@
  # limitations under the License.
 
 .DS_Store
+node
 node_modules
 /dist
 /coverage
diff --git a/kyuubi-server/web-ui/README.md b/kyuubi-server/web-ui/README.md
index 6d808ecde..f93373414 100644
--- a/kyuubi-server/web-ui/README.md
+++ b/kyuubi-server/web-ui/README.md
@@ -15,7 +15,7 @@ npm install
 
 ### Development Project
 
-To do this you can change the VITE_APP_DEV_WEB_URL parameter variable as the service url in `.env.development` in the project root directory, such as http://127.0. 0.1:8090
+To do this you can change the VITE_APP_DEV_WEB_URL parameter variable as the service url in `.env.development` in the project root directory, such as http://127.0.0.1:8090
 
 ```shell
 npm run dev
diff --git a/kyuubi-server/web-ui/index.html b/kyuubi-server/web-ui/index.html
index bd4f50672..2c4579eb0 100644
--- a/kyuubi-server/web-ui/index.html
+++ b/kyuubi-server/web-ui/index.html
@@ -22,7 +22,7 @@
     <meta charset="UTF-8" />
     <link rel="icon" type="image/svg+xml" href="/favicon.ico" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Vite + Vue + TS</title>
+    <title>Apache Kyuubi Dashboard</title>
   </head>
   <body>
     <div id="app"></div>
diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index 77a3991e5..0a2feeba1 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "kyuubi-ui",
-  "version": "1.7.0-SNAPSHOT",
+  "version": "1.8.0-SNAPSHOT",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "kyuubi-ui",
-      "version": "1.7.0-SNAPSHOT",
+      "version": "1.8.0-SNAPSHOT",
       "dependencies": {
         "@element-plus/icons-vue": "^2.0.9",
         "axios": "^0.27.2",
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index 2ae37cdb9..63fdc7221 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -1,7 +1,7 @@
 {
   "name": "kyuubi-ui",
   "private": true,
-  "version": "1.7.0-SNAPSHOT",
+  "version": "1.8.0-SNAPSHOT",
   "type": "module",
   "scripts": {
     "dev": "vue-tsc --noEmit && vite --port 9090",
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 836dbc5d0..207a22d56 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -44,7 +44,7 @@ const routes = [
 ]
 
 const router = createRouter({
-  history: createWebHistory(),
+  history: createWebHistory('/ui'),
   routes
 })
 
diff --git a/kyuubi-server/web-ui/vite.config.ts b/kyuubi-server/web-ui/vite.config.ts
index 1b3e99a12..92af99741 100644
--- a/kyuubi-server/web-ui/vite.config.ts
+++ b/kyuubi-server/web-ui/vite.config.ts
@@ -20,6 +20,7 @@ import Vue from '@vitejs/plugin-vue'
 import path from 'path'
 
 export default defineConfig({
+  base: '/ui/',
   plugins: [Vue()],
   resolve: {
     alias: [
diff --git a/pom.xml b/pom.xml
index 1a583eb78..ecb397a03 100644
--- a/pom.xml
+++ b/pom.xml
@@ -202,6 +202,11 @@
         <trino.tpch.version>1.1</trino.tpch.version>
         <zookeeper.version>3.4.14</zookeeper.version>
 
+        <!-- webui -->
+        <webui.skip>true</webui.skip>
+        <node.version>v16.19.1</node.version>
+        <pnpm.version>v7.27.1</pnpm.version>
+
         <!-- apply to kyuubi-hive-jdbc/kyuubi-hive-beeline module -->
         <hive.client.jline.version>2.12</hive.client.jline.version>
         <hive.client.supercsv.version>2.2.0</hive.client.supercsv.version>
@@ -215,6 +220,7 @@
         <maven.plugin.download.version>1.6.8</maven.plugin.download.version>
         <maven.plugin.download.cache.path></maven.plugin.download.cache.path>
         <maven.plugin.enforcer.mojo.rules.version>1.6.1</maven.plugin.enforcer.mojo.rules.version>
+        <maven.plugin.frontend.version>1.12.1</maven.plugin.frontend.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
         <maven.plugin.surefire.version>3.0.0-M8</maven.plugin.surefire.version>
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
@@ -1991,6 +1997,9 @@
                             <fileset>
                                 <directory>${project.basedir}/spark-warehouse</directory>
                             </fileset>
+                            <fileset>
+                                <directory>${project.basedir}/web-ui/dist</directory>
+                            </fileset>
                         </filesets>
                     </configuration>
                 </plugin>
@@ -2144,6 +2153,16 @@
                         </dependency>
                     </dependencies>
                 </plugin>
+
+                <plugin>
+                    <groupId>com.github.eirslett</groupId>
+                    <artifactId>frontend-maven-plugin</artifactId>
+                    <version>${maven.plugin.frontend.version}</version>
+                    <configuration>
+                        <nodeVersion>${node.version}</nodeVersion>
+                        <pnpmVersion>${pnpm.version}</pnpmVersion>
+                    </configuration>
+                </plugin>
             </plugins>
         </pluginManagement>
 
@@ -2228,9 +2247,11 @@
     <profiles>
         <profile>
             <id>mirror-cdn</id>
-            <!-- this profile works only for latest apache releases -->
             <properties>
+                <!-- the apache cdn mirror works only for latest apache releases -->
                 <apache.archive.dist>https://dlcdn.apache.org</apache.archive.dist>
+                <nodeDownloadRoot>https://npmmirror.com/mirrors/node/</nodeDownloadRoot>
+                <pnpmDownloadRoot>https://registry.npmmirror.com/pnpm/-/</pnpmDownloadRoot>
             </properties>
         </profile>
 
@@ -2421,6 +2442,13 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>web-ui</id>
+            <properties>
+                <webui.skip>false</webui.skip>
+            </properties>
+        </profile>
+
         <profile>
             <id>apache-release</id>
             <build>

From 3016f431bf0d4b881d8a1979aa13b23432a58468 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Thu, 23 Feb 2023 17:04:29 +0800
Subject: [PATCH 107/760] [KYUUBI #4402] [ARROW] Make arrow-based query metrics
 trackable in SQL UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Currently, the SQL metrics are missing from the SQL UI tab, this is because we mistakenly bound QueryExecution in [PR-4392](https://github.com/apache/kyuubi/pull/4392), before this PR, it was `resultDF.queryExecution` that was bound to `SQLExecution.withNewExecutionId()`, But the executed Dataset is `resultDF.select(cols: _*)`, this PR passed the correct QueryExecution `resultDF.select(cols: _*).queryExecution` to solve this problem.

```sql
set kyuubi.operation.result.format=arrow;
select 1;
```

Before this PR:

![截屏2023-02-23 下午1 47 34](https://user-images.githubusercontent.com/8537877/220832155-4277ccf7-1cfe-40db-a6e5-e1ed4a6d2e29.png)

After this PR:

![截屏2023-02-23 下午2 07 23](https://user-images.githubusercontent.com/8537877/220832184-b9871b4b-f408-42ac-91ca-30e5cd503b24.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4402 from cfmcgrady/arrow-metrics.

Closes #4402

e0cde3b1 [Fu Chen] fix style
b35cbfdc [Fu Chen] fix
542414ef [Fu Chen] make arrow-based query metrics trackable in SQL UI

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/ExecuteStatement.scala    | 79 +++++++++++--------
 .../SparkArrowbasedOperationSuite.scala       | 51 ++++++++++--
 2 files changed, 88 insertions(+), 42 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index 6ebcce377..fa517a8b1 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -21,6 +21,7 @@ import java.util.concurrent.RejectedExecutionException
 
 import scala.collection.JavaConverters._
 
+import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.DataFrame
 import org.apache.spark.sql.execution.SQLExecution
 import org.apache.spark.sql.kyuubi.SparkDatasetHelper
@@ -75,29 +76,6 @@ class ExecuteStatement(
     resultDF.take(maxRows)
   }
 
-  protected def collectAsIterator(resultDF: DataFrame): FetchIterator[_] = {
-    val resultMaxRows = spark.conf.getOption(OPERATION_RESULT_MAX_ROWS.key).map(_.toInt)
-      .getOrElse(session.sessionManager.getConf.get(OPERATION_RESULT_MAX_ROWS))
-    if (incrementalCollect) {
-      if (resultMaxRows > 0) {
-        warn(s"Ignore ${OPERATION_RESULT_MAX_ROWS.key} on incremental collect mode.")
-      }
-      info("Execute in incremental collect mode")
-      new IterableFetchIterator[Any](new Iterable[Any] {
-        override def iterator: Iterator[Any] = incrementalCollectResult(resultDF)
-      })
-    } else {
-      val internalArray = if (resultMaxRows <= 0) {
-        info("Execute in full collect mode")
-        fullCollectResult(resultDF)
-      } else {
-        info(s"Execute with max result rows[$resultMaxRows]")
-        takeResult(resultDF, resultMaxRows)
-      }
-      new ArrayFetchIterator(internalArray)
-    }
-  }
-
   protected def executeStatement(): Unit = withLocalProperties {
     try {
       setState(OperationState.RUNNING)
@@ -163,14 +141,33 @@ class ExecuteStatement(
     }
   }
 
-  def convertComplexType(df: DataFrame): DataFrame = {
-    SparkDatasetHelper.convertTopLevelComplexTypeToHiveString(df, timestampAsString)
-  }
-
   override def getResultSetMetadataHints(): Seq[String] =
     Seq(
       s"__kyuubi_operation_result_format__=$resultFormat",
       s"__kyuubi_operation_result_arrow_timestampAsString__=$timestampAsString")
+
+  private def collectAsIterator(resultDF: DataFrame): FetchIterator[_] = {
+    val resultMaxRows = spark.conf.getOption(OPERATION_RESULT_MAX_ROWS.key).map(_.toInt)
+      .getOrElse(session.sessionManager.getConf.get(OPERATION_RESULT_MAX_ROWS))
+    if (incrementalCollect) {
+      if (resultMaxRows > 0) {
+        warn(s"Ignore ${OPERATION_RESULT_MAX_ROWS.key} on incremental collect mode.")
+      }
+      info("Execute in incremental collect mode")
+      new IterableFetchIterator[Any](new Iterable[Any] {
+        override def iterator: Iterator[Any] = incrementalCollectResult(resultDF)
+      })
+    } else {
+      val internalArray = if (resultMaxRows <= 0) {
+        info("Execute in full collect mode")
+        fullCollectResult(resultDF)
+      } else {
+        info(s"Execute with max result rows[$resultMaxRows]")
+        takeResult(resultDF, resultMaxRows)
+      }
+      new ArrayFetchIterator(internalArray)
+    }
+  }
 }
 
 class ArrowBasedExecuteStatement(
@@ -182,30 +179,42 @@ class ArrowBasedExecuteStatement(
   extends ExecuteStatement(session, statement, shouldRunAsync, queryTimeout, incrementalCollect) {
 
   override protected def incrementalCollectResult(resultDF: DataFrame): Iterator[Any] = {
-    SparkDatasetHelper.toArrowBatchRdd(convertComplexType(resultDF)).toLocalIterator
+    collectAsArrow(convertComplexType(resultDF)) { rdd =>
+      rdd.toLocalIterator
+    }
   }
 
   override protected def fullCollectResult(resultDF: DataFrame): Array[_] = {
-    SparkDatasetHelper.toArrowBatchRdd(convertComplexType(resultDF)).collect()
+    collectAsArrow(convertComplexType(resultDF)) { rdd =>
+      rdd.collect()
+    }
   }
 
   override protected def takeResult(resultDF: DataFrame, maxRows: Int): Array[_] = {
     // this will introduce shuffle and hurt performance
     val limitedResult = resultDF.limit(maxRows)
-    SparkDatasetHelper.toArrowBatchRdd(convertComplexType(limitedResult)).collect()
+    collectAsArrow(convertComplexType(limitedResult)) { rdd =>
+      rdd.collect()
+    }
   }
 
   /**
-   * assign a new execution id for arrow-based operation.
+   * refer to org.apache.spark.sql.Dataset#withAction(), assign a new execution id for arrow-based
+   * operation, so that we can track the arrow-based queries on the UI tab.
    */
-  override protected def collectAsIterator(resultDF: DataFrame): FetchIterator[_] = {
-    SQLExecution.withNewExecutionId(resultDF.queryExecution, Some("collectAsArrow")) {
-      resultDF.queryExecution.executedPlan.resetMetrics()
-      super.collectAsIterator(resultDF)
+  private def collectAsArrow[T](df: DataFrame)(action: RDD[Array[Byte]] => T): T = {
+    SQLExecution.withNewExecutionId(df.queryExecution, Some("collectAsArrow")) {
+      df.queryExecution.executedPlan.resetMetrics()
+      action(SparkDatasetHelper.toArrowBatchRdd(df))
     }
   }
 
   override protected def isArrowBasedOperation: Boolean = true
 
   override val resultFormat = "arrow"
+
+  private def convertComplexType(df: DataFrame): DataFrame = {
+    SparkDatasetHelper.convertTopLevelComplexTypeToHiveString(df, timestampAsString)
+  }
+
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 30cdeca5a..ae6237bb5 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -103,22 +103,41 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     withJdbcStatement() { statement =>
       // since all the new sessions have their owner listener bus, we should register the listener
       // in the current session.
-      SparkSQLEngine.currentEngine.get
-        .backendService
-        .sessionManager
-        .allSessions()
-        .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.register(listener))
+      registerListener(listener)
 
       val result = statement.executeQuery("select 1 as c1")
       assert(result.next())
       assert(result.getInt("c1") == 1)
     }
-
     KyuubiSparkContextHelper.waitListenerBus(spark)
-    spark.listenerManager.unregister(listener)
+    unregisterListener(listener)
     assert(plan.isInstanceOf[Project])
   }
 
+  test("arrow-based query metrics") {
+    var queryExecution: QueryExecution = null
+
+    val listener = new QueryExecutionListener {
+      override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
+        queryExecution = qe
+      }
+      override def onFailure(funcName: String, qe: QueryExecution, exception: Exception): Unit = {}
+    }
+    withJdbcStatement() { statement =>
+      registerListener(listener)
+      val result = statement.executeQuery("select 1 as c1")
+      assert(result.next())
+      assert(result.getInt("c1") == 1)
+    }
+
+    KyuubiSparkContextHelper.waitListenerBus(spark)
+    unregisterListener(listener)
+
+    val metrics = queryExecution.executedPlan.collectLeaves().head.metrics
+    assert(metrics.contains("numOutputRows"))
+    assert(metrics("numOutputRows").value === 1)
+  }
+
   private def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
     val query =
       s"""
@@ -140,4 +159,22 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     assert(resultSet.next())
     assert(resultSet.getString("col") === expect)
   }
+
+  private def registerListener(listener: QueryExecutionListener): Unit = {
+    // since all the new sessions have their owner listener bus, we should register the listener
+    // in the current session.
+    SparkSQLEngine.currentEngine.get
+      .backendService
+      .sessionManager
+      .allSessions()
+      .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.register(listener))
+  }
+
+  private def unregisterListener(listener: QueryExecutionListener): Unit = {
+    SparkSQLEngine.currentEngine.get
+      .backendService
+      .sessionManager
+      .allSessions()
+      .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.unregister(listener))
+  }
 }

From 86dc59c4cf878df78dd1c0be65e281946641fc8c Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 24 Feb 2023 08:27:23 +0800
Subject: [PATCH 108/760] [KYUUBI #3876][FOLLOWUP] Update the rest api docs for
 open session response

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4396 from turboFei/rest_doc.

Closes #3876

de23e30e5 [fwang12] nit
41bd4ca4e [fwang12] save:

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/client/rest/rest_api.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index 02a914277..59e2d8535 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -99,9 +99,10 @@ Create a session
 
 #### Response Body
 
-| Name       | Description                   | Type   |
-|:-----------|:------------------------------|:-------|
-| identifier | The session handle identifier | String |
+| Name           | Description                                                                                        | Type   |
+|:---------------|:---------------------------------------------------------------------------------------------------|:-------|
+| identifier     | The session handle identifier                                                                      | String |
+| kyuubiInstance | The Kyuubi instance that holds the session and to call for the following operations in the session | String |
 
 ### DELETE /sessions/${sessionHandle}
 

From 0175e4649a66c7e0e7cda5914e730382c5c763b0 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Fri, 24 Feb 2023 13:20:13 +0800
Subject: [PATCH 109/760] [KYUUBI #4407] Adapt slf4j-2.x

### _Why are the changes needed?_

to adapt slf4j-2.x, Spark bumped the slf4j to version 2.0.3 in https://github.com/apache/spark/pull/37844.

https://github.com/apache/kyuubi/pull/4381#discussion_r1116449560

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4407 from cfmcgrady/spark34-slf4j.

Closes #4407

ecf1488c [Fu Chen] unused import
f4098b97 [Fu Chen] fix ut

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/scala/org/apache/kyuubi/Logging.scala       | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
index d70df0952..1df598132 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
@@ -22,7 +22,6 @@ import org.apache.logging.log4j.core.{Logger => Log4jLogger, LoggerContext}
 import org.apache.logging.log4j.core.config.DefaultConfiguration
 import org.slf4j.{Logger, LoggerFactory}
 import org.slf4j.bridge.SLF4JBridgeHandler
-import org.slf4j.impl.StaticLoggerBinder
 
 import org.apache.kyuubi.util.ClassUtils
 
@@ -117,16 +116,16 @@ object Logging {
     // This distinguishes the log4j 1.2 binding, currently
     // org.slf4j.impl.Log4jLoggerFactory, from the log4j 2.0 binding, currently
     // org.apache.logging.slf4j.Log4jLoggerFactory
-    val binderClass = StaticLoggerBinder.getSingleton.getLoggerFactoryClassStr
-    "org.slf4j.impl.Log4jLoggerFactory".equals(binderClass)
+    "org.slf4j.impl.Log4jLoggerFactory"
+      .equals(LoggerFactory.getILoggerFactory.getClass.getName)
   }
 
   private[kyuubi] def isLog4j2: Boolean = {
     // This distinguishes the log4j 1.2 binding, currently
     // org.slf4j.impl.Log4jLoggerFactory, from the log4j 2.0 binding, currently
     // org.apache.logging.slf4j.Log4jLoggerFactory
-    val binderClass = StaticLoggerBinder.getSingleton.getLoggerFactoryClassStr
-    "org.apache.logging.slf4j.Log4jLoggerFactory".equals(binderClass)
+    "org.apache.logging.slf4j.Log4jLoggerFactory"
+      .equals(LoggerFactory.getILoggerFactory.getClass.getName)
   }
 
   /**

From b39caed98f56d5d99dca2a07eb3aa1c56d2ffb88 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Fri, 24 Feb 2023 13:35:36 +0800
Subject: [PATCH 110/760] =?UTF-8?q?[KYUUBI=20#4406]=20Revert=20"[KYUUBI=20?=
 =?UTF-8?q?#4305][Bug]=20Backport=20HIVE-15820:=20comment=20at=20the=20hea?=
 =?UTF-8?q?d=20=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

…of beeline -e"

This reverts commit c489e29697c73e3eec96aa3ff602e40f9a2c798a.

### _Why are the changes needed?_

https://github.com/apache/kyuubi/pull/4333#issuecomment-1441438302

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4406 from cfmcgrady/revert-4333.

Closes #4406

Closes #4305

c7fff72a [Fu Chen] Revert "[KYUUBI #4305][Bug] Backport HIVE-15820: comment at the head of beeline -e"

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../java/org/apache/hive/beeline/KyuubiBeeLine.java |  6 ------
 .../org/apache/hive/beeline/KyuubiCommands.java     |  6 ++----
 .../org/apache/hive/beeline/KyuubiBeeLineTest.java  | 13 -------------
 3 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 92b96ccb4..7ca767148 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -29,7 +29,6 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
-import org.apache.hive.common.util.HiveStringUtils;
 
 public class KyuubiBeeLine extends BeeLine {
   public static final String KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER =
@@ -193,9 +192,4 @@ int initArgs(String[] args) {
     }
     return code;
   }
-
-  @Override
-  boolean dispatch(String line) {
-    return super.dispatch(HiveStringUtils.removeComments(line));
-  }
 }
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 1a15638f1..aaa32739a 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -23,7 +23,6 @@
 import java.sql.*;
 import java.util.*;
 import org.apache.hive.beeline.logs.KyuubiBeelineInPlaceUpdateStream;
-import org.apache.hive.common.util.HiveStringUtils;
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement;
 import org.apache.kyuubi.jdbc.hive.Utils;
 import org.apache.kyuubi.jdbc.hive.logs.InPlaceUpdateStream;
@@ -500,7 +499,7 @@ public boolean connect(Properties props) throws IOException {
 
   @Override
   public String handleMultiLineCmd(String line) throws IOException {
-    line = HiveStringUtils.removeComments(line);
+    int[] startQuote = {-1};
     Character mask =
         (System.getProperty("jline.terminal", "").equals("jline.UnsupportedTerminal"))
             ? null
@@ -531,8 +530,7 @@ public String handleMultiLineCmd(String line) throws IOException {
       if (extra == null) { // it happens when using -f and the line of cmds does not end with ;
         break;
       }
-      extra = HiveStringUtils.removeComments(extra);
-      if (extra != null && !extra.isEmpty()) {
+      if (!extra.isEmpty()) {
         line += "\n" + extra;
       }
     }
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
index d571d9362..b144c95c6 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
@@ -29,17 +29,4 @@ public void testKyuubiBeelineWithoutArgs() {
     int result = kyuubiBeeLine.initArgs(new String[0]);
     assertEquals(0, result);
   }
-
-  @Test
-  public void testKyuubiBeelineComment() {
-    KyuubiBeeLine kyuubiBeeLine = new KyuubiBeeLine();
-    int result = kyuubiBeeLine.initArgsFromCliVars(new String[] {"-e", "--comment show database;"});
-    assertEquals(0, result);
-    result = kyuubiBeeLine.initArgsFromCliVars(new String[] {"-e", "--comment\n show database;"});
-    assertEquals(1, result);
-    result =
-        kyuubiBeeLine.initArgsFromCliVars(
-            new String[] {"-e", "--comment line 1 \n    --comment line 2 \n show database;"});
-    assertEquals(1, result);
-  }
 }

From 0c88e7564fcc90d9155e4c85bee30d647a125b32 Mon Sep 17 00:00:00 2001
From: Luning Wang <wang4luning@gmail.com>
Date: Fri, 24 Feb 2023 13:46:15 +0800
Subject: [PATCH 111/760] [KYUUBI #4379][BUILD] Exclude python virtual
 environments in the spotless maven plugin

### _Why are the changes needed?_

Exclude python virtual environments in the spotless maven plugin

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4384 from a49a/exclude-py-check.

Closes #4379

5f7db6a0 [Luning Wang] change path more general
a2c5abf2 [Luning Wang] [KYUUBI #4379][BUILD] Exclude python virtual environments in the spotless maven plugin

Authored-by: Luning Wang <wang4luning@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pom.xml b/pom.xml
index ecb397a03..2ebed48b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2083,6 +2083,9 @@
                                 <include>*/README.md</include>
                                 <include>docker/playground/README.md</include>
                             </includes>
+                            <excludes>
+                                <exclude>docs/*/lib/python*/**/*.md</exclude>
+                            </excludes>
                             <flexmark>
                                 <version>${flexmark.version}</version>
                             </flexmark>

From 427771017462a2e32f87296d3215d90b774736d0 Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Fri, 24 Feb 2023 15:37:08 +0800
Subject: [PATCH 112/760] [KYUUBI #4393] [Kyuubi #4332] Fix some bugs with
 `Groupby` and `CacheTable`

close #4332
### _Why are the changes needed?_

For the case where the table name has been resolved and an `Expand` logical plan exists
```
InsertIntoHiveTable `default`.`t1`, org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe, false, false, [a, b]
+- Aggregate [a#0], [a#0, ansi_cast((count(if ((gid#9 = 1)) spark_catalog.default.t2.`b`#10 else null) * count(if ((gid#9 = 2)) spark_catalog.default.t2.`c`#11 else null)) as string) AS b#8]
   +- Aggregate [a#0, spark_catalog.default.t2.`b`#10, spark_catalog.default.t2.`c`#11, gid#9], [a#0, spark_catalog.default.t2.`b`#10, spark_catalog.default.t2.`c`#11, gid#9]
      +- Expand [ArrayBuffer(a#0, b#1, null, 1), ArrayBuffer(a#0, null, c#2, 2)], [a#0, spark_catalog.default.t2.`b`#10, spark_catalog.default.t2.`c`#11, gid#9]
         +- HiveTableRelation [`default`.`t2`, org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe, Data Cols: [a#0, b#1, c#2], Partition Cols: []]
```
For the case `CacheTable` with `window` function
```
InsertIntoHiveTable `default`.`t1`, org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe, true, false, [a, b]
+- Project [a#98, b#99]
   +- InMemoryRelation [a#98, b#99, rank#100], StorageLevel(disk, memory, deserialized, 1 replicas)
         +- *(2) Filter (isnotnull(rank#4) AND (rank#4 = 1))
            +- Window [row_number() windowspecdefinition(a#9, b#10 ASC NULLS FIRST, specifiedwindowframe(RowFrame, unboundedpreceding$(), currentrow$())) AS rank#4], [a#9], [b#10 ASC NULLS FIRST]
               +- *(1) Sort [a#9 ASC NULLS FIRST, b#10 ASC NULLS FIRST], false, 0
                  +- Exchange hashpartitioning(a#9, 200), ENSURE_REQUIREMENTS, [id=#38]
                     +- Scan hive default.t2 [a#9, b#10], HiveTableRelation [`default`.`t2`, org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe, Data Cols: [a#9, b#10], Partition Cols: []]

```

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4393 from iodone/kyuubi-4332.

Closes #4393

d2afdabd [odone] fix cache table bug
443af798 [odone] fix some bugs with groupby

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../helper/SparkSQLLineageParseHelper.scala   |  39 +++++-
 .../SparkSQLLineageParserHelperSuite.scala    | 119 ++++++++++++++++++
 2 files changed, 155 insertions(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index f70e09126..a58653113 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -25,8 +25,7 @@ import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.TableIdentifier
 import org.apache.spark.sql.catalyst.analysis.{NamedRelation, PersistedView, ViewType}
 import org.apache.spark.sql.catalyst.catalog.{CatalogStorageFormat, CatalogTable, HiveTableRelation}
-import org.apache.spark.sql.catalyst.expressions.{Alias, Attribute, AttributeSet, Expression, NamedExpression}
-import org.apache.spark.sql.catalyst.expressions.ScalarSubquery
+import org.apache.spark.sql.catalyst.expressions.{Alias, Attribute, AttributeSet, Expression, NamedExpression, ScalarSubquery}
 import org.apache.spark.sql.catalyst.expressions.aggregate.Count
 import org.apache.spark.sql.catalyst.plans.{LeftAnti, LeftSemi}
 import org.apache.spark.sql.catalyst.plans.logical._
@@ -128,7 +127,7 @@ trait LineageParser {
           exp.toAttribute,
           if (!containsCountAll(exp.child)) references
           else references + exp.toAttribute.withName(AGGREGATE_COUNT_COLUMN_IDENTIFIER))
-      case a: Attribute => a -> a.references
+      case a: Attribute => a -> AttributeSet(a)
     }
     ListMap(exps: _*)
   }
@@ -149,6 +148,9 @@ trait LineageParser {
             attr.withQualifier(attr.qualifier.init)
           case attr if attr.name.equalsIgnoreCase(AGGREGATE_COUNT_COLUMN_IDENTIFIER) =>
             attr.withQualifier(qualifier)
+          case attr if isNameWithQualifier(attr, qualifier) =>
+            val newName = attr.name.split('.').last.stripPrefix("`").stripSuffix("`")
+            attr.withName(newName).withQualifier(qualifier)
         })
       }
     } else {
@@ -160,6 +162,12 @@ trait LineageParser {
     }
   }
 
+  private def isNameWithQualifier(attr: Attribute, qualifier: Seq[String]): Boolean = {
+    val nameTokens = attr.name.split('.')
+    val namespace = nameTokens.init.mkString(".")
+    nameTokens.length > 1 && namespace.endsWith(qualifier.mkString("."))
+  }
+
   private def mergeRelationColumnLineage(
       parentColumnsLineage: AttributeMap[AttributeSet],
       relationOutput: Seq[Attribute],
@@ -327,6 +335,31 @@ trait LineageParser {
           joinColumnsLineage(parentColumnsLineage, getSelectColumnLineage(p.aggregateExpressions))
         p.children.map(extractColumnsLineage(_, nextColumnsLineage)).reduce(mergeColumnsLineage)
 
+      case p: Expand =>
+        val references =
+          p.projections.transpose.map(_.flatMap(x => x.references)).map(AttributeSet(_))
+
+        val childColumnsLineage = ListMap(p.output.zip(references): _*)
+        val nextColumnsLineage =
+          joinColumnsLineage(parentColumnsLineage, childColumnsLineage)
+        p.children.map(extractColumnsLineage(_, nextColumnsLineage)).reduce(mergeColumnsLineage)
+
+      case p: Window =>
+        val windowColumnsLineage =
+          ListMap(p.windowExpressions.map(exp => (exp.toAttribute, exp.references)): _*)
+
+        val nextColumnsLineage = if (parentColumnsLineage.isEmpty) {
+          ListMap(p.child.output.map(attr => (attr, attr.references)): _*) ++ windowColumnsLineage
+        } else {
+          parentColumnsLineage.map {
+            case (k, _) if windowColumnsLineage.contains(k) =>
+              k -> windowColumnsLineage(k)
+            case (k, attrs) =>
+              k -> AttributeSet(attrs.flatten(attr =>
+                windowColumnsLineage.getOrElse(attr, AttributeSet(attr))))
+          }
+        }
+        p.children.map(extractColumnsLineage(_, nextColumnsLineage)).reduce(mergeColumnsLineage)
       case p: Join =>
         p.joinType match {
           case LeftSemi | LeftAnti =>
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index 6652be9ea..050f3ddc9 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -1094,6 +1094,125 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
+  test("test group by") {
+    withTable("t1", "t2", "v2_catalog.db.t1", "v2_catalog.db.t2") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
+      spark.sql("CREATE TABLE t2 (a string, b string, c string) USING hive")
+      spark.sql("CREATE TABLE v2_catalog.db.t1 (a string, b string, c string)")
+      spark.sql("CREATE TABLE v2_catalog.db.t2 (a string, b string, c string)")
+      val ret0 =
+        exectractLineage(
+          s"insert into table t1 select a," +
+            s"concat_ws('/', collect_set(b))," +
+            s"count(distinct(b)) * count(distinct(c))" +
+            s"from t2 group by a")
+      assert(ret0 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set("default.t2.a")),
+          ("default.t1.b", Set("default.t2.b")),
+          ("default.t1.c", Set("default.t2.b", "default.t2.c")))))
+
+      val ret1 =
+        exectractLineage(
+          s"insert into table v2_catalog.db.t1 select a," +
+            s"concat_ws('/', collect_set(b))," +
+            s"count(distinct(b)) * count(distinct(c))" +
+            s"from v2_catalog.db.t2 group by a")
+      assert(ret1 == Lineage(
+        List("v2_catalog.db.t2"),
+        List("v2_catalog.db.t1"),
+        List(
+          ("v2_catalog.db.t1.a", Set("v2_catalog.db.t2.a")),
+          ("v2_catalog.db.t1.b", Set("v2_catalog.db.t2.b")),
+          ("v2_catalog.db.t1.c", Set("v2_catalog.db.t2.b", "v2_catalog.db.t2.c")))))
+
+      val ret2 =
+        exectractLineage(
+          s"insert into table v2_catalog.db.t1 select a," +
+            s"count(distinct(b+c))," +
+            s"count(distinct(b)) * count(distinct(c))" +
+            s"from v2_catalog.db.t2 group by a")
+      assert(ret2 == Lineage(
+        List("v2_catalog.db.t2"),
+        List("v2_catalog.db.t1"),
+        List(
+          ("v2_catalog.db.t1.a", Set("v2_catalog.db.t2.a")),
+          ("v2_catalog.db.t1.b", Set("v2_catalog.db.t2.b", "v2_catalog.db.t2.c")),
+          ("v2_catalog.db.t1.c", Set("v2_catalog.db.t2.b", "v2_catalog.db.t2.c")))))
+    }
+  }
+
+  test("test grouping sets") {
+    withTable("t1", "t2") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
+      spark.sql("CREATE TABLE t2 (a string, b string, c string, d string) USING hive")
+      val ret0 =
+        exectractLineage(
+          s"insert into table t1 select a,b,GROUPING__ID " +
+            s"from t2 group by a,b,c,d grouping sets ((a,b,c), (a,b,d))")
+      assert(ret0 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set("default.t2.a")),
+          ("default.t1.b", Set("default.t2.b")),
+          ("default.t1.c", Set()))))
+    }
+  }
+
+  test("test catch table with window function") {
+    withTable("t1", "t2") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string) USING hive")
+      spark.sql("CREATE TABLE t2 (a string, b string) USING hive")
+
+      spark.sql(
+        s"cache table c1 select * from (" +
+          s"select a, b, row_number() over (partition by a order by b asc ) rank from t2)" +
+          s" where rank=1")
+      val ret0 = exectractLineage("insert overwrite table t1 select a, b from c1")
+      assert(ret0 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set("default.t2.a")),
+          ("default.t1.b", Set("default.t2.b")))))
+
+      val ret1 = exectractLineage("insert overwrite table t1 select a, rank from c1")
+      assert(ret1 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set("default.t2.a")),
+          ("default.t1.b", Set("default.t2.a", "default.t2.b")))))
+
+      spark.sql(
+        s"cache table c2 select * from (" +
+          s"select b, a, row_number() over (partition by a order by b asc ) rank from t2)" +
+          s" where rank=1")
+      val ret2 = exectractLineage("insert overwrite table t1 select a, b from c2")
+      assert(ret2 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set("default.t2.a")),
+          ("default.t1.b", Set("default.t2.b")))))
+
+      spark.sql(
+        s"cache table c3 select * from (" +
+          s"select a as aa, b as bb, row_number() over (partition by a order by b asc ) rank" +
+          s" from t2) where rank=1")
+      val ret3 = exectractLineage("insert overwrite table t1 select aa, bb from c3")
+      assert(ret3 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set("default.t2.a")),
+          ("default.t1.b", Set("default.t2.b")))))
+    }
+  }
+
   private def exectractLineageWithoutExecuting(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)

From c0241052ae156971a07ee30d89bc4a02d6115d3e Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 25 Feb 2023 14:04:38 +0800
Subject: [PATCH 113/760] [KYUUBI #4412] Align the server session handle and
 engine session handle for Spark engine

### _Why are the changes needed?_

Align the server session handle and engine session handle for Spark engine.

It make it easy to recovery the engine session in any kyuubi instance easy.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4412 from turboFei/server_engine_handle_align.

Closes #4412

a20e0f155 [fwang12] fix
9d590e38b [fwang12] fix
94267e583 [fwang12] save
7012c2bef [fwang12] align

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../session/SparkSQLSessionManager.scala      | 31 ++++++++++---------
 .../spark/session/SparkSessionImpl.scala      |  5 ++-
 .../kyuubi/config/KyuubiReservedKeys.scala    |  1 +
 .../client/KyuubiSyncThriftClient.scala       |  3 ++
 .../kyuubi/session/KyuubiSessionImpl.scala    |  7 +++--
 .../KyuubiOperationPerUserSuite.scala         |  9 ++++++
 6 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
index cb8702df3..091149d21 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
@@ -24,6 +24,7 @@ import org.apache.spark.sql.SparkSession
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.ShareLevel._
 import org.apache.kyuubi.engine.spark.{KyuubiSparkUtil, SparkSQLEngine}
@@ -135,21 +136,23 @@ class SparkSQLSessionManager private (name: String, spark: SparkSession)
       password: String,
       ipAddress: String,
       conf: Map[String, String]): Session = {
-    val sparkSession =
-      try {
-        getOrNewSparkSession(user)
-      } catch {
-        case e: Exception => throw KyuubiSQLException(e)
-      }
+    getSessionOption(SessionHandle.fromUUID(conf(KYUUBI_SESSION_HANDLE_KEY))).getOrElse {
+      val sparkSession =
+        try {
+          getOrNewSparkSession(user)
+        } catch {
+          case e: Exception => throw KyuubiSQLException(e)
+        }
 
-    new SparkSessionImpl(
-      protocol,
-      user,
-      password,
-      ipAddress,
-      conf,
-      this,
-      sparkSession)
+      new SparkSessionImpl(
+        protocol,
+        user,
+        password,
+        ipAddress,
+        conf,
+        this,
+        sparkSession)
+    }
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index 5bf1ec084..30155c8f2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -21,13 +21,14 @@ import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtoco
 import org.apache.spark.sql.{AnalysisException, SparkSession}
 
 import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.spark.events.SessionEvent
 import org.apache.kyuubi.engine.spark.operation.SparkSQLOperationManager
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.engine.spark.udf.KDFRegistry
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
-import org.apache.kyuubi.session.{AbstractSession, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
 
 class SparkSessionImpl(
     protocol: TProtocolVersion,
@@ -39,6 +40,8 @@ class SparkSessionImpl(
     val spark: SparkSession)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
+  override val handle: SessionHandle = SessionHandle.fromUUID(conf(KYUUBI_SESSION_HANDLE_KEY))
+
   private def setModifiableConfig(key: String, value: String): Unit = {
     try {
       spark.conf.set(key, value)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
index dfbdd9449..85874d3b9 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
@@ -33,6 +33,7 @@ object KyuubiReservedKeys {
   final val KYUUBI_ENGINE_URL = "kyuubi.engine.url"
   final val KYUUBI_ENGINE_SUBMIT_TIME_KEY = "kyuubi.engine.submit.time"
   final val KYUUBI_ENGINE_CREDENTIALS_KEY = "kyuubi.engine.credentials"
+  final val KYUUBI_SESSION_HANDLE_KEY = "kyuubi.session.handle"
   final val KYUUBI_SESSION_ENGINE_LAUNCH_HANDLE_GUID =
     "kyuubi.session.engine.launch.handle.guid"
   final val KYUUBI_SESSION_ENGINE_LAUNCH_HANDLE_SECRET =
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index babe73745..dbca8ca32 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -53,6 +53,9 @@ class KyuubiSyncThriftClient private (
 
   private val lock = new ReentrantLock()
 
+  // Visible for testing.
+  private[kyuubi] def remoteSessionHandle: TSessionHandle = _remoteSessionHandle
+
   @volatile private var _aliveProbeSessionHandle: TSessionHandle = _
   @volatile private var remoteEngineBroken: Boolean = false
   private val engineAliveProbeClient = engineAliveProbeProtocol.map(new TCLIService.Client(_))
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index ce94b0275..e4203b301 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -27,7 +27,7 @@ import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.client.KyuubiSyncThriftClient
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_CREDENTIALS_KEY, KYUUBI_SESSION_SIGN_PUBLICKEY, KYUUBI_SESSION_USER_SIGN}
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_CREDENTIALS_KEY, KYUUBI_SESSION_HANDLE_KEY, KYUUBI_SESSION_SIGN_PUBLICKEY, KYUUBI_SESSION_USER_SIGN}
 import org.apache.kyuubi.engine.{EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.events.{EventBus, KyuubiSessionEvent}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider._
@@ -121,11 +121,12 @@ class KyuubiSessionImpl(
   private[kyuubi] def openEngineSession(extraEngineLog: Option[OperationLog] = None): Unit =
     handleSessionException {
       withDiscoveryClient(sessionConf) { discoveryClient =>
-        var openEngineSessionConf = optimizedConf
+        var openEngineSessionConf =
+          optimizedConf ++ Map(KYUUBI_SESSION_HANDLE_KEY -> handle.identifier.toString)
         if (engineCredentials.nonEmpty) {
           sessionConf.set(KYUUBI_ENGINE_CREDENTIALS_KEY, engineCredentials)
           openEngineSessionConf =
-            optimizedConf ++ Map(KYUUBI_ENGINE_CREDENTIALS_KEY -> engineCredentials)
+            openEngineSessionConf ++ Map(KYUUBI_ENGINE_CREDENTIALS_KEY -> engineCredentials)
         }
 
         if (sessionConf.get(SESSION_USER_SIGN_ENABLED)) {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 2ece2379a..26fc89ba2 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -364,4 +364,13 @@ class KyuubiOperationPerUserSuite
     val snapshot = MetricsSystem.histogramSnapshot(metric).get
     assert(snapshot.getMax > 0 && snapshot.getMedian > 0)
   }
+
+  test("align the server session handle and engine session handle for Spark engine") {
+    withJdbcStatement() { _ =>
+      val session =
+        server.backendService.sessionManager.allSessions().head.asInstanceOf[KyuubiSessionImpl]
+      val engineSessionHandle = SessionHandle.apply(session.client.remoteSessionHandle)
+      assert(session.handle === engineSessionHandle)
+    }
+  }
 }

From 787f86c88af91eb1a13a29b56e86bf391fc2d099 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 25 Feb 2023 22:05:42 +0800
Subject: [PATCH 114/760] [KYUUBI #4412][FOLLOWUP] Fallback to new engine
 session handle for UT

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4414 from turboFei/get_or_else.

Closes #4412

e7d45ef24 [fwang12] refactor
f8583ec94 [fwang12] use different handle for alive probe
33a776cf0 [fwang12] launch sync
967ae41fa [fwang12] [KYUUBI #4412][FOLLOWUP] Fallback to new engine session handle for UT

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../spark/session/SparkSQLSessionManager.scala     |  3 ++-
 .../engine/spark/session/SparkSessionImpl.scala    |  3 ++-
 .../kyuubi/client/KyuubiSyncThriftClient.scala     |  5 ++++-
 .../ServerJsonLoggingEventHandlerSuite.scala       |  4 ++--
 .../operation/KyuubiOperationPerUserSuite.scala    | 14 +++++++++-----
 5 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
index 091149d21..677af9a03 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
@@ -136,7 +136,8 @@ class SparkSQLSessionManager private (name: String, spark: SparkSession)
       password: String,
       ipAddress: String,
       conf: Map[String, String]): Session = {
-    getSessionOption(SessionHandle.fromUUID(conf(KYUUBI_SESSION_HANDLE_KEY))).getOrElse {
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).flatMap(
+      getSessionOption).getOrElse {
       val sparkSession =
         try {
           getOrNewSparkSession(user)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index 30155c8f2..78164ff5f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -40,7 +40,8 @@ class SparkSessionImpl(
     val spark: SparkSession)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
-  override val handle: SessionHandle = SessionHandle.fromUUID(conf(KYUUBI_SESSION_HANDLE_KEY))
+  override val handle: SessionHandle =
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
 
   private def setModifiableConfig(key: String, value: String): Unit = {
     try {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index dbca8ca32..e3e66960b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.client
 
+import java.util.UUID
 import java.util.concurrent.{ExecutorService, ScheduledExecutorService, TimeUnit}
 import java.util.concurrent.locks.ReentrantLock
 
@@ -183,7 +184,9 @@ class KyuubiSyncThriftClient private (
     engineAliveProbeClient.foreach { aliveProbeClient =>
       val sessionName = SessionHandle.apply(_remoteSessionHandle).identifier + "_aliveness_probe"
       Utils.tryLogNonFatalError {
-        req.setConfiguration((configs ++ Map(KyuubiConf.SESSION_NAME.key -> sessionName)).asJava)
+        req.setConfiguration((configs ++ Map(
+          KyuubiConf.SESSION_NAME.key -> sessionName,
+          KYUUBI_SESSION_HANDLE_KEY -> UUID.randomUUID().toString)).asJava)
         val resp = aliveProbeClient.OpenSession(req)
         ThriftUtils.verifyTStatus(resp.getStatus)
         _aliveProbeSessionHandle = resp.getSessionHandle
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
index d0c9924dc..df8ea1083 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
@@ -157,7 +157,7 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
     }
   }
 
-  test("engine session id is not same with server session id") {
+  test("engine session id is same with server session id") {
     val name = UUID.randomUUID().toString
     withSessionConf()(Map.empty)(Map(KyuubiConf.SESSION_NAME.key -> name)) {
       withJdbcStatement() { statement =>
@@ -181,7 +181,7 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
         val res2 = statement.executeQuery(
           s"SELECT * FROM `json`.`$engineSessionEventPath` " +
             s"where sessionId = '$serverSessionId' limit 1")
-        assert(!res2.next())
+        assert(res2.next())
       }
     }
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 26fc89ba2..56700759c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -366,11 +366,15 @@ class KyuubiOperationPerUserSuite
   }
 
   test("align the server session handle and engine session handle for Spark engine") {
-    withJdbcStatement() { _ =>
-      val session =
-        server.backendService.sessionManager.allSessions().head.asInstanceOf[KyuubiSessionImpl]
-      val engineSessionHandle = SessionHandle.apply(session.client.remoteSessionHandle)
-      assert(session.handle === engineSessionHandle)
+    withSessionConf(Map(
+      KyuubiConf.SESSION_ENGINE_LAUNCH_ASYNC.key -> "false"))(Map.empty)(Map.empty) {
+      withJdbcStatement() { _ =>
+        val session =
+          server.backendService.sessionManager.allSessions().head.asInstanceOf[KyuubiSessionImpl]
+        eventually(timeout(10.seconds)) {
+          assert(session.handle === SessionHandle.apply(session.client.remoteSessionHandle))
+        }
+      }
     }
   }
 }

From ceaa2bf3cbd8bbec5562f2a776884a6ec8e4ece6 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 26 Feb 2023 17:10:18 +0800
Subject: [PATCH 115/760] [KYUUBI #4413] [BUILD] Build docker image should
 include web UI

### _Why are the changes needed?_

`bin/docker-image-tool.sh` should include `web-ui` when build image

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

```
build/dist --web-ui
cd dist
bin/docker-image-tool.sh -t test build
cat > conf/kyuubi-defaults.conf << EOF
kyuubi.frontend.protocols REST
EOF
docker run --rm -v $PWD/conf:/opt/kyuubi/conf -p10099:10099 kyuubi:test
```

![image](https://user-images.githubusercontent.com/26535726/221345080-6cc7f06b-0c02-4dda-8e8d-51a36ca5ea33.png)

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4413 from pan3793/web-ui-package.

Closes #4413

787f89515 [Cheng Pan] [BUILD] Build docker image should include web UI

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/dist        | 6 +++---
 docker/Dockerfile | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/build/dist b/build/dist
index 0620c7d08..c155dce3f 100755
--- a/build/dist
+++ b/build/dist
@@ -247,14 +247,15 @@ echo -e "\$ ${BUILD_COMMAND[@]}\n"
 rm -rf "$DISTDIR"
 mkdir -p "$DISTDIR/pid"
 mkdir -p "$DISTDIR/logs"
-mkdir -p "$DISTDIR/jars"
 mkdir -p "$DISTDIR/work"
+mkdir -p "$DISTDIR/jars"
+mkdir -p "$DISTDIR/beeline-jars"
+mkdir -p "$DISTDIR/web-ui"
 mkdir -p "$DISTDIR/externals/engines/flink"
 mkdir -p "$DISTDIR/externals/engines/spark"
 mkdir -p "$DISTDIR/externals/engines/trino"
 mkdir -p "$DISTDIR/externals/engines/hive"
 mkdir -p "$DISTDIR/externals/engines/jdbc"
-mkdir -p "$DISTDIR/beeline-jars"
 echo "Kyuubi $VERSION $GITREVSTRING built for" > "$DISTDIR/RELEASE"
 echo "Java $JAVA_VERSION" >> "$DISTDIR/RELEASE"
 echo "Scala $SCALA_VERSION" >> "$DISTDIR/RELEASE"
@@ -332,7 +333,6 @@ done
 
 if [[ "$ENABLE_WEBUI" == "true" ]]; then
   # Copy web ui dist
-  mkdir -p "$DISTDIR/web-ui"
   cp -r "$KYUUBI_HOME/kyuubi-server/web-ui/dist" "$DISTDIR/web-ui/"
 fi
 
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 190500825..0440022de 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -60,6 +60,7 @@ COPY LICENSE NOTICE RELEASE ${KYUUBI_HOME}/
 COPY bin ${KYUUBI_HOME}/bin
 COPY jars ${KYUUBI_HOME}/jars
 COPY beeline-jars ${KYUUBI_HOME}/beeline-jars
+COPY web-ui ${KYUUBI_HOME}/web-ui
 COPY externals/engines/spark ${KYUUBI_HOME}/externals/engines/spark
 
 WORKDIR ${KYUUBI_HOME}

From 43309b86f1997b028e8fde5cb4e6449d818f4f73 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sun, 26 Feb 2023 20:51:54 +0800
Subject: [PATCH 116/760] [KYUUBI #4415] Align the server/engine
 ExecuteStatement operation handle for Spark engine

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4415 from turboFei/operation_handle_align.

Closes #4415

71721797a [fwang12] refactor
c8b667a89 [fwang12] refactor
d3fbf05f3 [fwang12] stmt handle

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../spark/operation/ExecuteStatement.scala       | 16 ++++++++++++----
 .../operation/SparkSQLOperationManager.scala     | 11 ++++++++---
 .../kyuubi/config/KyuubiReservedKeys.scala       |  1 +
 .../kyuubi/operation/AbstractOperation.scala     |  2 +-
 .../kyuubi/operation/ExecuteStatement.scala      |  3 ++-
 .../kyuubi/operation/KyuubiOperation.scala       |  3 +++
 .../operation/KyuubiOperationPerUserSuite.scala  |  8 +++++++-
 7 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index fa517a8b1..b29d2ca9a 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -30,7 +30,7 @@ import org.apache.spark.sql.types._
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_RESULT_MAX_ROWS
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil._
-import org.apache.kyuubi.operation.{ArrayFetchIterator, FetchIterator, IterableFetchIterator, OperationState}
+import org.apache.kyuubi.operation.{ArrayFetchIterator, FetchIterator, IterableFetchIterator, OperationHandle, OperationState}
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
@@ -39,7 +39,8 @@ class ExecuteStatement(
     override val statement: String,
     override val shouldRunAsync: Boolean,
     queryTimeout: Long,
-    incrementalCollect: Boolean)
+    incrementalCollect: Boolean,
+    override protected val handle: OperationHandle)
   extends SparkOperation(session) with Logging {
 
   private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
@@ -175,8 +176,15 @@ class ArrowBasedExecuteStatement(
     override val statement: String,
     override val shouldRunAsync: Boolean,
     queryTimeout: Long,
-    incrementalCollect: Boolean)
-  extends ExecuteStatement(session, statement, shouldRunAsync, queryTimeout, incrementalCollect) {
+    incrementalCollect: Boolean,
+    override protected val handle: OperationHandle)
+  extends ExecuteStatement(
+    session,
+    statement,
+    shouldRunAsync,
+    queryTimeout,
+    incrementalCollect,
+    handle) {
 
   override protected def incrementalCollectResult(resultDF: DataFrame): Iterator[Any] = {
     collectAsArrow(convertComplexType(resultDF)) { rdd =>
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
index 4743f147c..8fd58b338 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
@@ -23,10 +23,11 @@ import scala.collection.JavaConverters._
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_OPERATION_HANDLE_KEY
 import org.apache.kyuubi.engine.spark.repl.KyuubiSparkILoop
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
-import org.apache.kyuubi.operation.{NoneMode, Operation, OperationManager, PlanOnlyMode}
+import org.apache.kyuubi.operation.{NoneMode, Operation, OperationHandle, OperationManager, PlanOnlyMode}
 import org.apache.kyuubi.session.{Session, SessionHandle}
 
 class SparkSQLOperationManager private (name: String) extends OperationManager(name) {
@@ -70,6 +71,8 @@ class SparkSQLOperationManager private (name: String) extends OperationManager(n
     val lang = OperationLanguages(confOverlay.getOrElse(
       OPERATION_LANGUAGE.key,
       spark.conf.get(OPERATION_LANGUAGE.key, operationLanguageDefault)))
+    val opHandle = confOverlay.get(KYUUBI_OPERATION_HANDLE_KEY).map(
+      OperationHandle.apply).getOrElse(OperationHandle())
     val operation =
       lang match {
         case OperationLanguages.SQL =>
@@ -91,14 +94,16 @@ class SparkSQLOperationManager private (name: String) extends OperationManager(n
                     statement,
                     runAsync,
                     queryTimeout,
-                    incrementalCollect)
+                    incrementalCollect,
+                    opHandle)
                 case _ =>
                   new ExecuteStatement(
                     session,
                     statement,
                     runAsync,
                     queryTimeout,
-                    incrementalCollect)
+                    incrementalCollect,
+                    opHandle)
               }
             case mode =>
               new PlanOnlyStatement(session, statement, mode)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
index 85874d3b9..8b42e659f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
@@ -42,4 +42,5 @@ object KyuubiReservedKeys {
   final val KYUUBI_OPERATION_GET_CURRENT_CATALOG = "kyuubi.operation.get.current.catalog"
   final val KYUUBI_OPERATION_SET_CURRENT_DATABASE = "kyuubi.operation.set.current.database"
   final val KYUUBI_OPERATION_GET_CURRENT_DATABASE = "kyuubi.operation.get.current.database"
+  final val KYUUBI_OPERATION_HANDLE_KEY = "kyuubi.operation.handle"
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
index 9cdd6a8f0..d50cb8e24 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
@@ -36,7 +36,7 @@ abstract class AbstractOperation(session: Session) extends Operation with Loggin
 
   final protected val opType: String = getClass.getSimpleName
   final protected val createTime = System.currentTimeMillis()
-  final private val handle = OperationHandle()
+  protected val handle = OperationHandle()
   final private val operationTimeout: Long = {
     session.sessionManager.getConf.get(OPERATION_IDLE_TIMEOUT)
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala
index b09c2b174..4767cbf12 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala
@@ -63,7 +63,8 @@ class ExecuteStatement(
       // We need to avoid executing query in sync mode, because there is no heartbeat mechanism
       // in thrift protocol, in sync mode, we cannot distinguish between long-run query and
       // engine crash without response before socket read timeout.
-      _remoteOpHandle = client.executeStatement(statement, confOverlay, true, queryTimeout)
+      _remoteOpHandle =
+        client.executeStatement(statement, confOverlay ++ operationHandleConf, true, queryTimeout)
       setHasResultSet(_remoteOpHandle.isHasResultSet)
     } catch onError()
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
index a6b960847..106a11e4b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
@@ -26,6 +26,7 @@ import org.apache.thrift.TException
 import org.apache.thrift.transport.TTransportException
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_OPERATION_HANDLE_KEY
 import org.apache.kyuubi.events.{EventBus, KyuubiOperationEvent}
 import org.apache.kyuubi.metrics.MetricsConstants.{OPERATION_FAIL, OPERATION_OPEN, OPERATION_STATE, OPERATION_TOTAL}
 import org.apache.kyuubi.metrics.MetricsSystem
@@ -46,6 +47,8 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
 
   protected[operation] lazy val client = session.asInstanceOf[KyuubiSessionImpl].client
 
+  protected val operationHandleConf = Map(KYUUBI_OPERATION_HANDLE_KEY -> handle.identifier.toString)
+
   @volatile protected var _remoteOpHandle: TOperationHandle = _
 
   def remoteOpHandle(): TOperationHandle = _remoteOpHandle
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 56700759c..40bb165b8 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -365,7 +365,7 @@ class KyuubiOperationPerUserSuite
     assert(snapshot.getMax > 0 && snapshot.getMedian > 0)
   }
 
-  test("align the server session handle and engine session handle for Spark engine") {
+  test("align the server/engine session/executeStatement handle for Spark engine") {
     withSessionConf(Map(
       KyuubiConf.SESSION_ENGINE_LAUNCH_ASYNC.key -> "false"))(Map.empty)(Map.empty) {
       withJdbcStatement() { _ =>
@@ -374,6 +374,12 @@ class KyuubiOperationPerUserSuite
         eventually(timeout(10.seconds)) {
           assert(session.handle === SessionHandle.apply(session.client.remoteSessionHandle))
         }
+        val opHandle = session.executeStatement("SELECT engine_id()", Map.empty, true, 0L)
+        eventually(timeout(10.seconds)) {
+          val operation = session.sessionManager.operationManager.getOperation(
+            opHandle).asInstanceOf[KyuubiOperation]
+          assert(opHandle == OperationHandle.apply(operation.remoteOpHandle()))
+        }
       }
     }
   }

From 59c1875bc16a4fa5a1f8e3e9d1c0c0ad77431e7e Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Sun, 26 Feb 2023 21:09:57 +0800
Subject: [PATCH 117/760] [KYUUBI #4376] Support to config the kyuubi service
 administrator with kyuubi conf

### _Why are the changes needed?_

Close #4376

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4405 from lightning-L/kyuubi-4376.

Closes #4376

1a01a75a8 [Tianlin Liao] rename and refactor
7324cab3d [Tianlin Liao] [KYUUBI #4376] Support to config the kyuubi service administrator with kyuubi conf

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                   |  1 +
 .../org/apache/kyuubi/config/KyuubiConf.scala | 10 +++++++++
 .../kyuubi/server/api/v1/AdminResource.scala  | 13 ++++++++----
 .../server/api/v1/AdminResourceSuite.scala    | 21 +++++++++++++++++++
 4 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 82c8111b6..dac72825e 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -451,6 +451,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 |                           Key                            |      Default      |                                                                                                                    Meaning                                                                                                                     |   Type   | Since |
 |----------------------------------------------------------|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.server.administrators                                                || Comma-separated list of Kyuubi service administrators. We use this config to grant admin permission to any service accounts.                                                                                                                   | seq      | 1.8.0 |
 | kyuubi.server.info.provider                              | ENGINE            | The server information provider name, some clients may rely on this information to check the server compatibilities and functionalities. <li>SERVER: Return Kyuubi server information.</li> <li>ENGINE: Return Kyuubi engine information.</li> | string   | 1.6.1 |
 | kyuubi.server.limit.batch.connections.per.ipaddress      | &lt;undefined&gt; | Maximum kyuubi server batch connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                           | int      | 1.7.0 |
 | kyuubi.server.limit.batch.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int      | 1.7.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 70919d6e8..517d92db3 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2429,6 +2429,16 @@ object KyuubiConf {
       .timeConf
       .createWithDefaultString("PT30M")
 
+  val SERVER_ADMINISTRATORS: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.server.administrators")
+      .doc("Comma-separated list of Kyuubi service administrators. " +
+        "We use this config to grant admin permission to any service accounts.")
+      .version("1.8.0")
+      .serverOnly
+      .stringConf
+      .toSequence()
+      .createWithDefault(Nil)
+
   val OPERATION_SPARK_LISTENER_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.operation.spark.listener.enabled")
       .doc("When set to true, Spark engine registers an SQLOperationListener before executing " +
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 6e05ee27c..104dd1045 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -41,7 +41,8 @@ import org.apache.kyuubi.server.api.ApiRequestContext
 @Tag(name = "Admin")
 @Produces(Array(MediaType.APPLICATION_JSON))
 private[v1] class AdminResource extends ApiRequestContext with Logging {
-  private lazy val administrator = Utils.currentUser
+  private lazy val administrators = fe.getConf.get(KyuubiConf.SERVER_ADMINISTRATORS).toSet +
+    Utils.currentUser
 
   @ApiResponse(
     responseCode = "200",
@@ -54,7 +55,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Receive refresh Kyuubi server hadoop conf request from $userName/$ipAddress")
-    if (!userName.equals(administrator)) {
+    if (!isAdministrator(userName)) {
       throw new NotAllowedException(
         s"$userName is not allowed to refresh the Kyuubi server hadoop conf")
     }
@@ -73,7 +74,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Receive refresh user defaults conf request from $userName/$ipAddress")
-    if (!userName.equals(administrator)) {
+    if (!isAdministrator(userName)) {
       throw new NotAllowedException(
         s"$userName is not allowed to refresh the user defaults conf")
     }
@@ -92,7 +93,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Receive refresh unlimited users request from $userName/$ipAddress")
-    if (!userName.equals(administrator)) {
+    if (!isAdministrator(userName)) {
       throw new NotAllowedException(
         s"$userName is not allowed to refresh the unlimited users")
     }
@@ -212,4 +213,8 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       engine.getUser,
       engine.getSubdomain)
   }
+
+  private def isAdministrator(userName: String): Boolean = {
+    administrators.contains(userName);
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index d7cd4840e..ffd4a9140 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -37,6 +37,9 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
   private val engineMgr = new KyuubiApplicationManager()
 
+  override protected lazy val conf: KyuubiConf = KyuubiConf()
+    .set(KyuubiConf.SERVER_ADMINISTRATORS, Seq("admin001"))
+
   override def beforeAll(): Unit = {
     super.beforeAll()
     engineMgr.initialize(KyuubiConf())
@@ -64,6 +67,24 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .post(null)
     assert(200 == response.getStatus)
+
+    val admin001AuthHeader = new String(
+      Base64.getEncoder.encode("admin001".getBytes()),
+      "UTF-8")
+    response = webTarget.path("api/v1/admin/refresh/hadoop_conf")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $admin001AuthHeader")
+      .post(null)
+    assert(200 == response.getStatus)
+
+    val admin002AuthHeader = new String(
+      Base64.getEncoder.encode("admin002".getBytes()),
+      "UTF-8")
+    response = webTarget.path("api/v1/admin/refresh/hadoop_conf")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $admin002AuthHeader")
+      .post(null)
+    assert(405 == response.getStatus)
   }
 
   test("refresh user defaults config of the kyuubi server") {

From 15a83e16eb302917fa71fd8c11cd11125550c28c Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Mon, 27 Feb 2023 01:01:51 +0800
Subject: [PATCH 118/760] [KYUUBI #4381] Refine unit tests to adapt Spark-3.4

### _Why are the changes needed?_

1. get spark engine runtime version instead of compile version
2. moved `PySparkTests` from the module `kyuubi-spark-sql-engine` to `kyuubi-server` to ensure that the python progress loading library PYSPARK has the same version as the launched Spark engine. see https://github.com/apache/kyuubi/pull/4381#issuecomment-1442871106

### _How was this patch tested?_

Pass Github Action.

Closes #4381 from cfmcgrady/spark-3.4.0.

Closes #4381

2711f51b3 [Fu Chen] remove verify spark-3.4 binary
a93b6d13e [Fu Chen] mv PySparkTests and enabled
6d5aad537 [Fu Chen] fix style
2da641561 [Fu Chen] fix style
3c9e300ce [Fu Chen] spark compile version -> runtime version
a8e7b7481 [Fu Chen] unused import
6be502ca6 [Fu Chen] fix ut
c1a1e1a8e [Fu Chen] skip pyspark tests
0049c23b7 [Fu Chen] verify spark-3.4.0 binary

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/SparkOperationSuite.scala |  7 ++-
 .../operation/IcebergMetadataTests.scala      | 10 ++--
 .../kyuubi/operation/SparkDataTypeTests.scala | 46 +++++++++----------
 .../kyuubi/operation/SparkQueryTests.scala    |  3 +-
 .../apache/kyuubi/util/SparkVersionUtil.scala | 19 ++++++--
 .../kyuubi/engine/spark}/PySparkTests.scala   |  8 ++--
 6 files changed, 51 insertions(+), 42 deletions(-)
 rename {externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation => kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark}/PySparkTests.scala (96%)

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
index 30bbf8b77..af514ceb3 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
@@ -39,7 +39,6 @@ import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.{HiveMetadataTests, SparkQueryTests}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
-import org.apache.kyuubi.util.SparkVersionUtil.isSparkVersionAtLeast
 
 class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with SparkQueryTests {
 
@@ -93,12 +92,12 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
       .add("c17", "struct<X: string>", nullable = true, "17")
 
     // since spark3.3.0
-    if (SPARK_ENGINE_VERSION >= "3.3") {
+    if (SPARK_ENGINE_RUNTIME_VERSION >= "3.3") {
       schema = schema.add("c18", "interval day", nullable = true, "18")
         .add("c19", "interval year", nullable = true, "19")
     }
     // since spark3.4.0
-    if (SPARK_ENGINE_VERSION >= "3.4") {
+    if (SPARK_ENGINE_RUNTIME_VERSION >= "3.4") {
       schema = schema.add("c20", "timestamp_ntz", nullable = true, "20")
     }
 
@@ -511,7 +510,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
       val status = tOpenSessionResp.getStatus
       val errorMessage = status.getErrorMessage
       assert(status.getStatusCode === TStatusCode.ERROR_STATUS)
-      if (isSparkVersionAtLeast("3.4")) {
+      if (SPARK_ENGINE_RUNTIME_VERSION >= "3.4") {
         assert(errorMessage.contains("[SCHEMA_NOT_FOUND]"))
         assert(errorMessage.contains(s"The schema `$dbName` cannot be found."))
       } else {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
index d14224a84..e3bb4ccb7 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
@@ -17,11 +17,11 @@
 
 package org.apache.kyuubi.operation
 
-import org.apache.kyuubi.IcebergSuiteMixin
+import org.apache.kyuubi.{IcebergSuiteMixin, SPARK_COMPILE_VERSION}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
-import org.apache.kyuubi.util.SparkVersionUtil.isSparkVersionAtLeast
+import org.apache.kyuubi.util.SparkVersionUtil
 
-trait IcebergMetadataTests extends HiveJDBCTestHelper with IcebergSuiteMixin {
+trait IcebergMetadataTests extends HiveJDBCTestHelper with IcebergSuiteMixin with SparkVersionUtil {
 
   test("get catalogs") {
     withJdbcStatement() { statement =>
@@ -153,11 +153,11 @@ trait IcebergMetadataTests extends HiveJDBCTestHelper with IcebergSuiteMixin {
       "date",
       "timestamp",
       // SPARK-37931
-      if (isSparkVersionAtLeast("3.3")) "struct<X: bigint, Y: double>"
+      if (SPARK_ENGINE_RUNTIME_VERSION >= "3.3") "struct<X: bigint, Y: double>"
       else "struct<`X`: bigint, `Y`: double>",
       "binary",
       // SPARK-37931
-      if (isSparkVersionAtLeast("3.3")) "struct<X: string>" else "struct<`X`: string>")
+      if (SPARK_COMPILE_VERSION >= "3.3") "struct<X: string>" else "struct<`X`: string>")
     val cols = dataTypes.zipWithIndex.map { case (dt, idx) => s"c$idx" -> dt }
     val (colNames, _) = cols.unzip
 
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
index 3164ae496..f0dd3e723 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
@@ -19,15 +19,16 @@ package org.apache.kyuubi.operation
 
 import java.sql.{Date, Timestamp}
 
-import org.apache.kyuubi.engine.SemanticVersion
+import org.apache.kyuubi.util.SparkVersionUtil
 
-trait SparkDataTypeTests extends HiveJDBCTestHelper {
-  protected lazy val SPARK_ENGINE_VERSION = sparkEngineMajorMinorVersion
+trait SparkDataTypeTests extends HiveJDBCTestHelper with SparkVersionUtil {
 
   def resultFormat: String = "thrift"
 
   test("execute statement - select null") {
-    assume(resultFormat == "thrift" || (resultFormat == "arrow" && SPARK_ENGINE_VERSION >= "3.2"))
+    assume(
+      resultFormat == "thrift" ||
+        (resultFormat == "arrow" && SPARK_ENGINE_RUNTIME_VERSION >= "3.2"))
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("SELECT NULL AS col")
       assert(resultSet.next())
@@ -199,7 +200,7 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
   }
 
   test("execute statement - select timestamp_ntz") {
-    assume(SPARK_ENGINE_VERSION >= "3.4")
+    assume(SPARK_ENGINE_RUNTIME_VERSION >= "3.4")
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery(
         "SELECT make_timestamp_ntz(2022, 03, 24, 18, 08, 31.8888) AS col")
@@ -213,7 +214,9 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
   }
 
   test("execute statement - select daytime interval") {
-    assume(resultFormat == "thrift" || (resultFormat == "arrow" && SPARK_ENGINE_VERSION >= "3.3"))
+    assume(
+      resultFormat == "thrift" ||
+        (resultFormat == "arrow" && SPARK_ENGINE_RUNTIME_VERSION >= "3.3"))
     withJdbcStatement() { statement =>
       Map(
         "interval 1 day 1 hour -60 minutes 30 seconds" ->
@@ -242,7 +245,7 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
           assert(resultSet.next())
           val result = resultSet.getString("col")
           val metaData = resultSet.getMetaData
-          if (SPARK_ENGINE_VERSION < "3.2") {
+          if (SPARK_ENGINE_RUNTIME_VERSION < "3.2") {
             // for spark 3.1 and backwards
             assert(result === kv._2._2)
             assert(metaData.getPrecision(1) === Int.MaxValue)
@@ -258,7 +261,9 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
   }
 
   test("execute statement - select year/month interval") {
-    assume(resultFormat == "thrift" || (resultFormat == "arrow" && SPARK_ENGINE_VERSION >= "3.3"))
+    assume(
+      resultFormat == "thrift" ||
+        (resultFormat == "arrow" && SPARK_ENGINE_RUNTIME_VERSION >= "3.3"))
     withJdbcStatement() { statement =>
       Map(
         "INTERVAL 2022 YEAR" -> Tuple2("2022-0", "2022 years"),
@@ -271,7 +276,7 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
         assert(resultSet.next())
         val result = resultSet.getString("col")
         val metaData = resultSet.getMetaData
-        if (SPARK_ENGINE_VERSION < "3.2") {
+        if (SPARK_ENGINE_RUNTIME_VERSION < "3.2") {
           // for spark 3.1 and backwards
           assert(result === kv._2._2)
           assert(metaData.getPrecision(1) === Int.MaxValue)
@@ -287,7 +292,9 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
   }
 
   test("execute statement - select array") {
-    assume(resultFormat == "thrift" || (resultFormat == "arrow" && SPARK_ENGINE_VERSION >= "3.2"))
+    assume(
+      resultFormat == "thrift" ||
+        (resultFormat == "arrow" && SPARK_ENGINE_RUNTIME_VERSION >= "3.2"))
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery(
         "SELECT array() AS col1, array(1) AS col2, array(null) AS col3")
@@ -305,7 +312,9 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
   }
 
   test("execute statement - select map") {
-    assume(resultFormat == "thrift" || (resultFormat == "arrow" && SPARK_ENGINE_VERSION >= "3.2"))
+    assume(
+      resultFormat == "thrift" ||
+        (resultFormat == "arrow" && SPARK_ENGINE_RUNTIME_VERSION >= "3.2"))
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery(
         "SELECT map() AS col1, map(1, 2, 3, 4) AS col2, map(1, null) AS col3")
@@ -323,7 +332,9 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
   }
 
   test("execute statement - select struct") {
-    assume(resultFormat == "thrift" || (resultFormat == "arrow" && SPARK_ENGINE_VERSION >= "3.2"))
+    assume(
+      resultFormat == "thrift" ||
+        (resultFormat == "arrow" && SPARK_ENGINE_RUNTIME_VERSION >= "3.2"))
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery(
         "SELECT struct('1', '2') AS col1," +
@@ -342,15 +353,4 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper {
       assert(metaData.getScale(2) == 0)
     }
   }
-
-  def sparkEngineMajorMinorVersion: SemanticVersion = {
-    var sparkRuntimeVer = ""
-    withJdbcStatement() { stmt =>
-      val result = stmt.executeQuery("SELECT version()")
-      assert(result.next())
-      sparkRuntimeVer = result.getString(1)
-      assert(!result.next())
-    }
-    SemanticVersion(sparkRuntimeVer)
-  }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
index a42b05473..ff8b12481 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
@@ -28,7 +28,6 @@ import org.apache.hive.service.rpc.thrift.{TExecuteStatementReq, TFetchResultsRe
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.util.SparkVersionUtil.isSparkVersionAtLeast
 
 trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
 
@@ -187,7 +186,7 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
     withJdbcStatement("t") { statement =>
       try {
         val assertTableOrViewNotfound: (Exception, String) => Unit = (e, tableName) => {
-          if (isSparkVersionAtLeast("3.4")) {
+          if (SPARK_ENGINE_RUNTIME_VERSION >= "3.4") {
             assert(e.getMessage.contains("[TABLE_OR_VIEW_NOT_FOUND]"))
             assert(e.getMessage.contains(s"The table or view `$tableName` cannot be found."))
           } else {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
index cd8409d10..785015cc3 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
@@ -17,13 +17,22 @@
 
 package org.apache.kyuubi.util
 
-import org.apache.kyuubi.SPARK_COMPILE_VERSION
 import org.apache.kyuubi.engine.SemanticVersion
+import org.apache.kyuubi.operation.HiveJDBCTestHelper
 
-object SparkVersionUtil {
-  lazy val sparkSemanticVersion: SemanticVersion = SemanticVersion(SPARK_COMPILE_VERSION)
+trait SparkVersionUtil {
+  this: HiveJDBCTestHelper =>
 
-  def isSparkVersionAtLeast(ver: String): Boolean = {
-    sparkSemanticVersion.isVersionAtLeast(ver)
+  protected lazy val SPARK_ENGINE_RUNTIME_VERSION = sparkEngineMajorMinorVersion
+
+  def sparkEngineMajorMinorVersion: SemanticVersion = {
+    var sparkRuntimeVer = ""
+    withJdbcStatement() { stmt =>
+      val result = stmt.executeQuery("SELECT version()")
+      assert(result.next())
+      sparkRuntimeVer = result.getString(1)
+      assert(!result.next())
+    }
+    SemanticVersion(sparkRuntimeVer)
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/PySparkTests.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
similarity index 96%
rename from externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/PySparkTests.scala
rename to kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
index e2dd2609d..6af7e21e2 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/PySparkTests.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
@@ -24,17 +24,19 @@ import java.util.Properties
 
 import scala.sys.process._
 
-import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
+import org.apache.kyuubi.WithKyuubiServer
+import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.jdbc.KyuubiHiveDriver
 import org.apache.kyuubi.jdbc.hive.{KyuubiSQLException, KyuubiStatement}
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.tags.PySparkTest
 
 @PySparkTest
-class PySparkTests extends WithSparkSQLEngine with HiveJDBCTestHelper {
+class PySparkTests extends WithKyuubiServer with HiveJDBCTestHelper {
 
   override protected def jdbcUrl: String = getJdbcUrl
-  override def withKyuubiConf: Map[String, String] = Map.empty
+
+  override protected val conf: KyuubiConf = new KyuubiConf
 
   test("pyspark support") {
     val code = "print(1)"

From 83af5ba814d9742bd461d8e9aed55ae6cc8fc731 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 27 Feb 2023 11:25:56 +0800
Subject: [PATCH 119/760] [KYUUBI #4419] Implement simple
 EngineSecuritySecretProvider

### _Why are the changes needed?_

This PR implements a simple `EngineSecuritySecretProvider` beside the existing zookeeper implementation, which simplifies the user threshold to use RESTful API w/ HA mode, and this PR also allows the user set `kyuubi.engine.security.secret.provider` using short name 'simple' or 'zookeeper' as well as the full class name.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4419 from pan3793/simple-secret-provider.

Closes #4419

32b1f966a [Cheng Pan] Update kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
1af12b99d [Cheng Pan] nit
28a228eea [Cheng Pan] nit
65f14494c [Cheng Pan] Implement simple EngineSecuritySecretProvider

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala | 19 +++++++++++++++++--
 .../EngineSecuritySecretProvider.scala        | 17 ++++++++++++++++-
 .../InternalSecurityAccessorSuite.scala       |  5 ++---
 .../server/api/v1/BatchesResourceSuite.scala  |  7 +++----
 4 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 517d92db3..f59cb2d98 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2068,8 +2068,23 @@ object KyuubiConf {
         "subclass of `EngineSecuritySecretProvider`.")
       .version("1.5.0")
       .stringConf
-      .createWithDefault(
-        "org.apache.kyuubi.service.authentication.ZooKeeperEngineSecuritySecretProviderImpl")
+      .transform {
+        case "simple" =>
+          "org.apache.kyuubi.service.authentication.SimpleEngineSecuritySecretProviderImpl"
+        case "zookeeper" =>
+          "org.apache.kyuubi.service.authentication.ZooKeeperEngineSecuritySecretProviderImpl"
+        case other => other
+      }
+      .createWithDefault("zookeeper")
+
+  val SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.security.secret.provider.simple.secret")
+      .internal
+      .doc("The secret key used for internal security access. Only take affects when " +
+        s"${ENGINE_SECURITY_SECRET_PROVIDER.key} is 'simple'")
+      .version("1.7.0")
+      .stringConf
+      .createOptional
 
   val ENGINE_SECURITY_CRYPTO_KEY_LENGTH: ConfigEntry[Int] =
     buildConf("kyuubi.engine.security.crypto.keyLength")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala
index 5bd9e4092..2bcfe9a67 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala
@@ -18,7 +18,7 @@
 package org.apache.kyuubi.service.authentication
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER
+import org.apache.kyuubi.config.KyuubiConf._
 
 trait EngineSecuritySecretProvider {
 
@@ -33,6 +33,21 @@ trait EngineSecuritySecretProvider {
   def getSecret(): String
 }
 
+class SimpleEngineSecuritySecretProviderImpl extends EngineSecuritySecretProvider {
+
+  private var _conf: KyuubiConf = _
+
+  override def initialize(conf: KyuubiConf): Unit = _conf = conf
+
+  override def getSecret(): String = {
+    _conf.get(SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET).getOrElse {
+      throw new IllegalArgumentException(
+        s"${SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET.key} must be configured " +
+          s"when ${ENGINE_SECURITY_SECRET_PROVIDER.key} is `simple`.")
+    }
+  }
+}
+
 object EngineSecuritySecretProvider {
   def create(conf: KyuubiConf): EngineSecuritySecretProvider = {
     val providerClass = Class.forName(conf.get(ENGINE_SECURITY_SECRET_PROVIDER))
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessorSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessorSuite.scala
index e6c4c8506..e92ac7e61 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessorSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessorSuite.scala
@@ -22,9 +22,8 @@ import org.apache.kyuubi.config.KyuubiConf
 
 class InternalSecurityAccessorSuite extends KyuubiFunSuite {
   private val conf = KyuubiConf()
-  conf.set(
-    KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER,
-    classOf[UserDefinedEngineSecuritySecretProvider].getCanonicalName)
+    .set(KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER, "simple")
+    .set(KyuubiConf.SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET, "ENGINE____SECRET")
 
   test("test encrypt/decrypt, issue token/auth token") {
     Seq("AES/CBC/PKCS5PADDING", "AES/CTR/NoPadding").foreach { cipher =>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index c77d364f3..ce05cbd6b 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -43,15 +43,14 @@ import org.apache.kyuubi.operation.OperationState.OperationState
 import org.apache.kyuubi.server.KyuubiRestFrontendService
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 import org.apache.kyuubi.server.metadata.api.Metadata
-import org.apache.kyuubi.service.authentication.{KyuubiAuthenticationFactory, UserDefinedEngineSecuritySecretProvider}
+import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
 import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionManager, SessionHandle, SessionType}
 
 class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper with BatchTestHelper {
   override protected lazy val conf: KyuubiConf = KyuubiConf()
     .set(KyuubiConf.ENGINE_SECURITY_ENABLED, true)
-    .set(
-      KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER,
-      classOf[UserDefinedEngineSecuritySecretProvider].getName)
+    .set(KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER, "simple")
+    .set(KyuubiConf.SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET, "ENGINE____SECRET")
     .set(
       KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST,
       Seq(Paths.get(sparkBatchTestResource.get).getParent.toString))

From 5aed270c453516fd3559aa668e56b2e1badf1c93 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Mon, 27 Feb 2023 14:50:39 +0800
Subject: [PATCH 120/760] [KYUUBI #4202] Fix reference resolution when data
 masking enabled for V2 relations

### _Why are the changes needed?_

Follow up to close #4304 with a complete solution.

Before this PR, we did row filtering, and data masking in the same analyzer rule as both of them added patterns upon the scans, which are leaf nodes.

After this, we separate them into two different rules. Because the filtering still adds filter patterns upon the leaves, but the masking now adds masker expressions upon the leaves first and later on the root of a query.

The reason why we move the maskers from leaves to the root is to fix attribute resolution errors. The errors #4202 occur when we try to insert a node with resolved expressions between the root and its child, while if the parents are resolved ahead, the newly added expressions may become missing attributes. The new approach can avoid the bug.

The full data masking rule contains two separate stages.

 * Step1: RuleApplyDataMaskingStage0
    - lookup the full plan for supported scans
    - once found, get masker configuration from external column by column
    - use spark sql parser to generate an unresolved expression for each masker
    - add a projection with new output on the right top of the original scan if the output has      changed
    - Add DataMaskingStage0Marker to track the original expression and its masker expression.

 * Step2: Spark native rules will resolve our newly added maskers

 * Step3: RuleApplyDataMaskingStage1
   - It will fulfill the missing attributes with a related masker expression buffered by DataMaskingStage0Marker.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4358 from yaooqinn/PR_4304.

Closes #4202

18d6a9b4a [Kent Yao] nit
fc11f0250 [liangbowen] nit
39a72afb6 [Kent Yao] fix 3.0
ad1209abe [Kent Yao] iceberg catalog 3.1
c0db77d93 [Kent Yao] jdbc catalog 3.1
75ee799d4 [Kent Yao] perm view
7f8b929a7 [liangbowen] unused imports
a03fc690a [liangbowen] skip cleanup derby test db in iceberg suite
20ffed95e [liangbowen] sort union result
d397cc1d6 [Kent Yao] add more tests for data masking
72143798f [Kent Yao] add more tests for data masking
96f521574 [Kent Yao] new approach temp commit
5271f7d0e [Kent Yao] addr
ce5ac0c32 [Kent Yao] Update extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyRowFilter.scala
7776b807e [Kent Yao] fix
aecbc0080 [Kent Yao] fix
0f710a4b2 [Kent Yao] [KYUUBI #4202] Fix Datamasking for V2 relations
213705145 [Kent Yao] Merge branch 'master' into PR_4304
138dd0d63 [Kent Yao] [KYUUBI #4202] Fix Datamasking for V2 relations
42ca7e4d9 [Kent Yao] [KYUUBI #4202] Fix Datamasking for V2 relations
fd3bec37d [Kent Yao] [KYUUBI #4202] Fix Datamasking for V2 relations
5880da8b6 [liangbowen] add ut for v2jdbc
ce49feef5 [liangbowen] add ut of column masking for iceberg

Lead-authored-by: Kent Yao <yao@apache.org>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../main/resources/table_command_spec.json    |  17 ++
 .../authz/ranger/RangerSparkExtension.scala   |   6 +-
 .../RuleApplyRowFilterAndDataMasking.scala    |  90 ------
 .../spark/authz/ranger/RuleHelper.scala       |  52 ++++
 .../authz/ranger/SparkRangerAdminPlugin.scala |   3 +-
 .../datamasking/DataMaskingStage0Marker.scala |  37 +++
 .../datamasking/DataMaskingStage1Marker.scala |  31 ++
 .../RuleApplyDataMaskingStage0.scala          |  74 +++++
 .../RuleApplyDataMaskingStage1.scala          |  84 ++++++
 .../rowfilter/RowFilterMarker.scala}          |  10 +-
 .../ranger/rowfilter/RuleApplyRowFilter.scala |  50 ++++
 .../authz/util/RuleEliminateMarker.scala      |  16 +-
 .../test/resources/sparkSql_hive_jenkins.json |   7 +-
 .../spark/authz/SparkSessionProvider.scala    |  24 ++
 .../spark/authz/gen/TableCommands.scala       |   8 +
 .../ranger/RangerSparkExtensionSuite.scala    | 159 -----------
 ...ableCatalogRangerSparkExtensionSuite.scala |   2 +-
 .../DataMaskingForHiveHiveParquetSuite.scala  |  23 ++
 .../DataMaskingForHiveParquetSuite.scala      |  23 ++
 .../DataMaskingForIcebergSuite.scala          |  64 +++++
 .../DataMaskingForInMemoryParquetSuite.scala  |  24 ++
 .../DataMaskingForJDBCV2Suite.scala           |  65 +++++
 .../datamasking/DataMaskingTestBase.scala     | 267 ++++++++++++++++++
 23 files changed, 875 insertions(+), 261 deletions(-)
 delete mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyRowFilterAndDataMasking.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util/RowFilterAndDataMaskingMarker.scala => ranger/rowfilter/RowFilterMarker.scala} (80%)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveHiveParquetSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveParquetSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForInMemoryParquetSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index d36690bcf..f1c2297b3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1176,6 +1176,23 @@
   } ],
   "opType" : "TRUNCATETABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.execution.datasources.CreateTable",
+  "tableDescs" : [ {
+    "fieldName" : "tableDesc",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "CREATETABLE",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanOptionQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.CreateTempViewUsing",
   "tableDescs" : [ ],
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
index 5708dfeaf..f8e941d9d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSessionExtensions
 
+import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
+import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RuleApplyRowFilter
 import org.apache.kyuubi.plugin.spark.authz.util.{RuleEliminateMarker, RuleEliminateViewMarker}
 
 /**
@@ -42,7 +44,9 @@ class RangerSparkExtension extends (SparkSessionExtensions => Unit) {
     v1.injectCheckRule(AuthzConfigurationChecker)
     v1.injectResolutionRule(_ => new RuleReplaceShowObjectCommands())
     v1.injectResolutionRule(_ => new RuleApplyPermanentViewMarker())
-    v1.injectResolutionRule(new RuleApplyRowFilterAndDataMasking(_))
+    v1.injectResolutionRule(RuleApplyRowFilter)
+    v1.injectResolutionRule(RuleApplyDataMaskingStage0)
+    v1.injectResolutionRule(RuleApplyDataMaskingStage1)
     v1.injectOptimizerRule(_ => new RuleEliminateMarker())
     v1.injectOptimizerRule(new RuleAuthorization(_))
     v1.injectOptimizerRule(_ => new RuleEliminateViewMarker())
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyRowFilterAndDataMasking.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyRowFilterAndDataMasking.scala
deleted file mode 100644
index b6961c924..000000000
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyRowFilterAndDataMasking.scala
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.plugin.spark.authz.ranger
-
-import org.apache.spark.sql.SparkSession
-import org.apache.spark.sql.catalyst.expressions.Alias
-import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, Project}
-import org.apache.spark.sql.catalyst.rules.Rule
-
-import org.apache.kyuubi.plugin.spark.authz.ObjectType
-import org.apache.kyuubi.plugin.spark.authz.serde._
-import org.apache.kyuubi.plugin.spark.authz.util.{PermanentViewMarker, RowFilterAndDataMaskingMarker}
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-
-class RuleApplyRowFilterAndDataMasking(spark: SparkSession) extends Rule[LogicalPlan] {
-  private def mapChildren(plan: LogicalPlan)(f: LogicalPlan => LogicalPlan): LogicalPlan = {
-    val newChildren = plan match {
-      case cmd if isKnownTableCommand(cmd) =>
-        val tableCommandSpec = getTableCommandSpec(cmd)
-        val queries = tableCommandSpec.queries(cmd)
-        cmd.children.map {
-          case c if queries.contains(c) => f(c)
-          case other => other
-        }
-      case _ =>
-        plan.children.map(f)
-    }
-    plan.withNewChildren(newChildren)
-  }
-
-  override def apply(plan: LogicalPlan): LogicalPlan = {
-    mapChildren(plan) {
-      case p: RowFilterAndDataMaskingMarker => p
-      case scan if isKnownScan(scan) && scan.resolved =>
-        val tables = getScanSpec(scan).tables(scan, spark)
-        tables.headOption.map(applyFilterAndMasking(scan, _)).getOrElse(scan)
-      case other => apply(other)
-    }
-  }
-
-  private def applyFilterAndMasking(
-      plan: LogicalPlan,
-      table: Table): LogicalPlan = {
-    val ugi = getAuthzUgi(spark.sparkContext)
-    val opType = operationType(plan)
-    val parse = spark.sessionState.sqlParser.parseExpression _
-    val are = AccessResource(ObjectType.TABLE, table.database.orNull, table.table, null)
-    val art = AccessRequest(are, ugi, opType, AccessType.SELECT)
-    val filterExprStr = SparkRangerAdminPlugin.getFilterExpr(art)
-    val newOutput = plan.output.map { attr =>
-      val are =
-        AccessResource(ObjectType.COLUMN, table.database.orNull, table.table, attr.name)
-      val art = AccessRequest(are, ugi, opType, AccessType.SELECT)
-      val maskExprStr = SparkRangerAdminPlugin.getMaskingExpr(art)
-      if (maskExprStr.isEmpty) {
-        attr
-      } else {
-        val maskExpr = parse(maskExprStr.get)
-        plan match {
-          case _: PermanentViewMarker =>
-            Alias(maskExpr, attr.name)(exprId = attr.exprId)
-          case _ =>
-            Alias(maskExpr, attr.name)()
-        }
-      }
-    }
-
-    if (filterExprStr.isEmpty) {
-      Project(newOutput, RowFilterAndDataMaskingMarker(plan))
-    } else {
-      val filterExpr = parse(filterExprStr.get)
-      Project(newOutput, Filter(filterExpr, RowFilterAndDataMaskingMarker(plan)))
-    }
-  }
-}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
new file mode 100644
index 000000000..3cfe2b940
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger
+
+import org.apache.hadoop.security.UserGroupInformation
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.Expression
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.rules.Rule
+
+import org.apache.kyuubi.plugin.spark.authz.serde.{getTableCommandSpec, isKnownTableCommand}
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
+
+trait RuleHelper extends Rule[LogicalPlan] {
+
+  def spark: SparkSession
+
+  final protected val parse: String => Expression = spark.sessionState.sqlParser.parseExpression _
+
+  protected def mapChildren(plan: LogicalPlan)(f: LogicalPlan => LogicalPlan): LogicalPlan = {
+    val newChildren = plan match {
+      case cmd if isKnownTableCommand(cmd) =>
+        val tableCommandSpec = getTableCommandSpec(cmd)
+        val queries = tableCommandSpec.queries(cmd)
+        cmd.children.map {
+          case c if queries.contains(c) => f(c)
+          case other => other
+        }
+      case _ =>
+        plan.children.map(f)
+    }
+    plan.withNewChildren(newChildren)
+  }
+
+  def ugi: UserGroupInformation = AuthZUtils.getAuthzUgi(spark.sparkContext)
+
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 3d46563aa..78e59ff89 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -18,8 +18,7 @@
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
-import scala.collection.mutable.LinkedHashMap
+import scala.collection.mutable.{ArrayBuffer, LinkedHashMap}
 
 import org.apache.hadoop.util.ShutdownHookManager
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
new file mode 100644
index 000000000..b43149383
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+import org.apache.spark.sql.catalyst.expressions.{Attribute, ExprId}
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
+
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+case class DataMaskingStage0Marker(child: LogicalPlan, scan: LogicalPlan)
+  extends UnaryNode with WithInternalChild {
+
+  def exprToMaskers(): Map[ExprId, Attribute] = {
+    scan.output.map(_.exprId).zip(child.output).flatMap { case (id, expr) =>
+      if (id == expr.exprId) None else Some(id -> expr)
+    }.toMap
+  }
+
+  override def output: Seq[Attribute] = child.output
+
+  override def withNewChildInternal(newChild: LogicalPlan): LogicalPlan = copy(child = newChild)
+
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
new file mode 100644
index 000000000..aed0ac693
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
+
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+
+case class DataMaskingStage1Marker(child: LogicalPlan) extends UnaryNode with WithInternalChild {
+
+  override def output: Seq[Attribute] = child.output
+
+  override def withNewChildInternal(newChild: LogicalPlan): LogicalPlan = copy(child = newChild)
+
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
new file mode 100644
index 000000000..de125550a
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.Alias
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
+
+import org.apache.kyuubi.plugin.spark.authz.ObjectType
+import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
+import org.apache.kyuubi.plugin.spark.authz.ranger._
+import org.apache.kyuubi.plugin.spark.authz.serde._
+
+/**
+ * The full data masking rule contains two separate stages.
+ *
+ * Step1: RuleApplyDataMaskingStage0
+ *   - lookup the full plan for supported scans
+ *   - once found, get masker configuration from external column by column
+ *   - use spark sql parser to generate an unresolved expression for each masker
+ *   - add a projection with new output on the right top of the original scan if the output has
+ *     changed
+ *   - Add DataMaskingStage0Marker to track the original expression and its masker expression.
+ *
+ * Step2: Spark native rules will resolve our newly added maskers
+ *
+ * Step3: [[RuleApplyDataMaskingStage1]]
+ */
+case class RuleApplyDataMaskingStage0(spark: SparkSession) extends RuleHelper {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    val newPlan = mapChildren(plan) {
+      case p: DataMaskingStage0Marker => p
+      case p: DataMaskingStage1Marker => p
+      case scan if isKnownScan(scan) && scan.resolved =>
+        val tables = getScanSpec(scan).tables(scan, spark)
+        tables.headOption.map(applyMasking(scan, _)).getOrElse(scan)
+      case other => apply(other)
+    }
+    newPlan
+  }
+
+  private def applyMasking(
+      plan: LogicalPlan,
+      table: Table): LogicalPlan = {
+    val newOutput = plan.output.map { attr =>
+      val are =
+        AccessResource(ObjectType.COLUMN, table.database.orNull, table.table, attr.name)
+      val art = AccessRequest(are, ugi, QUERY, AccessType.SELECT)
+      val maskExprStr = SparkRangerAdminPlugin.getMaskingExpr(art)
+      maskExprStr.map(parse).map(Alias(_, attr.name)()).getOrElse(attr)
+    }
+    if (newOutput == plan.output) {
+      plan
+    } else {
+      DataMaskingStage0Marker(Project(newOutput, plan), plan)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
new file mode 100644
index 000000000..9589be2e9
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.NamedExpression
+import org.apache.spark.sql.catalyst.plans.logical.{Command, LogicalPlan}
+
+import org.apache.kyuubi.plugin.spark.authz.ranger.RuleHelper
+import org.apache.kyuubi.plugin.spark.authz.serde._
+
+/**
+ * See [[RuleApplyDataMaskingStage0]] also.
+ *
+ * This is the second step for data masking. It will fulfill the missing attributes that
+ * have a related masker expression buffered by DataMaskingStage0Marker.
+ */
+case class RuleApplyDataMaskingStage1(spark: SparkSession) extends RuleHelper {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+
+    plan match {
+      case marker0: DataMaskingStage0Marker => marker0
+      case marker1: DataMaskingStage1Marker => marker1
+      case cmd if isKnownTableCommand(cmd) =>
+        val tableCommandSpec = getTableCommandSpec(cmd)
+        val queries = tableCommandSpec.queries(cmd)
+        cmd.mapChildren {
+          case marker0: DataMaskingStage0Marker => marker0
+          case marker1: DataMaskingStage1Marker => marker1
+          case query if queries.contains(query) && query.resolved =>
+            applyDataMasking(query)
+          case o => o
+        }
+      case cmd: Command if cmd.childrenResolved =>
+        cmd.mapChildren(applyDataMasking)
+      case cmd: Command => cmd
+      case other if other.resolved => applyDataMasking(other)
+      case other => other
+    }
+  }
+
+  private def applyDataMasking(plan: LogicalPlan): LogicalPlan = {
+    assert(plan.resolved, "the current masking approach relies on a resolved plan")
+    def replaceOriginExprWithMasker(plan: LogicalPlan): LogicalPlan = plan match {
+      case m: DataMaskingStage0Marker => m
+      case m: DataMaskingStage1Marker => m
+      case p =>
+        val maskerExprs = p.collect {
+          case marker: DataMaskingStage0Marker if marker.resolved => marker.exprToMaskers()
+        }.flatten.toMap
+        if (maskerExprs.isEmpty) {
+          p
+        } else {
+          val t = p.transformExpressionsUp {
+            case e: NamedExpression => maskerExprs.getOrElse(e.exprId, e)
+          }
+          t.withNewChildren(t.children.map(replaceOriginExprWithMasker))
+        }
+    }
+    val newPlan = replaceOriginExprWithMasker(plan)
+
+    if (newPlan == plan) {
+      plan
+    } else {
+      DataMaskingStage1Marker(newPlan)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RowFilterAndDataMaskingMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
similarity index 80%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RowFilterAndDataMaskingMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
index 357e9bfc2..8817958b5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RowFilterAndDataMaskingMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
@@ -15,17 +15,17 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-case class RowFilterAndDataMaskingMarker(child: LogicalPlan) extends UnaryNode
-  with WithInternalChild {
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+
+case class RowFilterMarker(child: LogicalPlan) extends UnaryNode with WithInternalChild {
 
   override def output: Seq[Attribute] = child.output
 
-  override def withNewChildInternal(newChild: LogicalPlan): LogicalPlan =
-    copy(child = newChild)
+  override def withNewChildInternal(newChild: LogicalPlan): LogicalPlan = copy(child = newChild)
 
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
new file mode 100644
index 000000000..22bcfae49
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
+
+import org.apache.kyuubi.plugin.spark.authz.ObjectType
+import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
+import org.apache.kyuubi.plugin.spark.authz.ranger._
+import org.apache.kyuubi.plugin.spark.authz.serde._
+
+case class RuleApplyRowFilter(spark: SparkSession) extends RuleHelper {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    val newPlan = mapChildren(plan) {
+      case p: RowFilterMarker => p
+      case scan if isKnownScan(scan) && scan.resolved =>
+        val tables = getScanSpec(scan).tables(scan, spark)
+        tables.headOption.map(applyFilter(scan, _)).getOrElse(scan)
+      case other => apply(other)
+    }
+    newPlan
+  }
+
+  private def applyFilter(
+      plan: LogicalPlan,
+      table: Table): LogicalPlan = {
+    val are = AccessResource(ObjectType.TABLE, table.database.orNull, table.table, null)
+    val art = AccessRequest(are, ugi, QUERY, AccessType.SELECT)
+    val filterExpr = SparkRangerAdminPlugin.getFilterExpr(art).map(parse)
+    val filtered = filterExpr.foldLeft(plan)((p, expr) => Filter(expr, RowFilterMarker(p)))
+    filtered
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
index d2da72570..448439b84 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
@@ -17,11 +17,25 @@
 
 package org.apache.kyuubi.plugin.spark.authz.util
 
+import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
+import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
+import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RowFilterMarker
+
 class RuleEliminateMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
-    plan.transformUp { case rf: RowFilterAndDataMaskingMarker => rf.child }
+    plan.transformUp { case p =>
+      p.transformExpressionsUp {
+        case p: SubqueryExpression =>
+          p.withNewPlan(apply(p.plan))
+      } match {
+        case marker0: DataMaskingStage0Marker => marker0.child
+        case marker1: DataMaskingStage1Marker => marker1.child
+        case rf: RowFilterMarker => rf.child
+        case other => other
+      }
+    }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
index b5b069c46..84b0e30eb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
@@ -280,7 +280,8 @@
           "values": [
             "default",
             "spark_catalog",
-            "iceberg_ns"
+            "iceberg_ns",
+            "ns1"
           ],
           "isExcludes": false,
           "isRecursive": false
@@ -900,7 +901,9 @@
         "database": {
           "values": [
             "default",
-            "spark_catalog"
+            "spark_catalog",
+            "iceberg_ns",
+            "ns1"
           ],
           "isExcludes": false,
           "isRecursive": false
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index 0ab88917b..a1f2d7197 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -71,4 +71,28 @@ trait SparkSessionProvider {
 
   protected val sql: String => DataFrame = spark.sql
 
+  protected def doAs[T](user: String, f: => T): T = {
+    UserGroupInformation.createRemoteUser(user).doAs[T](
+      new PrivilegedExceptionAction[T] {
+        override def run(): T = f
+      })
+  }
+  protected def withCleanTmpResources[T](res: Seq[(String, String)])(f: => T): T = {
+    try {
+      f
+    } finally {
+      res.foreach {
+        case (t, "table") => doAs("admin", sql(s"DROP TABLE IF EXISTS $t"))
+        case (db, "database") => doAs("admin", sql(s"DROP DATABASE IF EXISTS $db"))
+        case (fn, "function") => doAs("admin", sql(s"DROP FUNCTION IF EXISTS $fn"))
+        case (view, "view") => doAs("admin", sql(s"DROP VIEW IF EXISTS $view"))
+        case (cacheTable, "cache") => if (isSparkV32OrGreater) {
+            doAs("admin", sql(s"UNCACHE TABLE IF EXISTS $cacheTable"))
+          }
+        case (_, e) =>
+          throw new RuntimeException(s"the resource whose resource type is $e cannot be cleared")
+      }
+    }
+  }
+
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index d24583e76..a8b8121e2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -346,6 +346,13 @@ object TableCommands {
     TableCommandSpec(cmd, Nil, CREATEVIEW)
   }
 
+  val CreateTable = {
+    val cmd = "org.apache.spark.sql.execution.datasources.CreateTable"
+    val tableDesc = TableDesc("tableDesc", classOf[CatalogTableTableExtractor])
+    val queryDesc = QueryDesc("query", "LogicalPlanOptionQueryExtractor")
+    TableCommandSpec(cmd, Seq(tableDesc), CREATETABLE, queryDescs = Seq(queryDesc))
+  }
+
   val CreateDataSourceTable = {
     val cmd = "org.apache.spark.sql.execution.command.CreateDataSourceTableCommand"
     val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
@@ -607,6 +614,7 @@ object TableCommands {
     CreateHiveTableAsSelect,
     CreateHiveTableAsSelect.copy(classname =
       "org.apache.spark.sql.hive.execution.OptimizedCreateHiveTableAsSelectCommand"),
+    CreateTable,
     CreateTableLike,
     CreateTableV2,
     CreateTableV2.copy(classname =
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 8f95a3f9f..48f374255 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -17,12 +17,8 @@
 
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
-import java.security.PrivilegedExceptionAction
-import java.sql.Timestamp
-
 import scala.util.Try
 
-import org.apache.commons.codec.digest.DigestUtils
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.{Row, SparkSessionExtensions}
 import org.apache.spark.sql.catalyst.analysis.NoSuchTableException
@@ -43,13 +39,6 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
   // scalastyle:on
   override protected val extension: SparkSessionExtensions => Unit = new RangerSparkExtension
 
-  protected def doAs[T](user: String, f: => T): T = {
-    UserGroupInformation.createRemoteUser(user).doAs[T](
-      new PrivilegedExceptionAction[T] {
-        override def run(): T = f
-      })
-  }
-
   override def afterAll(): Unit = {
     spark.stop()
     super.afterAll()
@@ -62,24 +51,6 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     s"Permission denied: user [$user] does not have [$privilege] privilege on [$resource]"
   }
 
-  protected def withCleanTmpResources[T](res: Seq[(String, String)])(f: => T): T = {
-    try {
-      f
-    } finally {
-      res.foreach {
-        case (t, "table") => doAs("admin", sql(s"DROP TABLE IF EXISTS $t"))
-        case (db, "database") => doAs("admin", sql(s"DROP DATABASE IF EXISTS $db"))
-        case (fn, "function") => doAs("admin", sql(s"DROP FUNCTION IF EXISTS $fn"))
-        case (view, "view") => doAs("admin", sql(s"DROP VIEW IF EXISTS $view"))
-        case (cacheTable, "cache") => if (isSparkV32OrGreater) {
-            doAs("admin", sql(s"UNCACHE TABLE IF EXISTS $cacheTable"))
-          }
-        case (_, e) =>
-          throw new RuntimeException(s"the resource whose resource type is $e cannot be cleared")
-      }
-    }
-  }
-
   /**
    * Drops temporary view `viewNames` after calling `f`.
    */
@@ -324,135 +295,6 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     }
   }
 
-  test("data masking") {
-    val db = "default"
-    val table = "src"
-    val col = "key"
-    val create =
-      s"CREATE TABLE IF NOT EXISTS $db.$table" +
-        s" ($col int, value1 int, value2 string, value3 string, value4 timestamp, value5 string)" +
-        s" USING $format"
-
-    withCleanTmpResources(Seq(
-      (s"$db.${table}2", "table"),
-      (s"$db.$table", "table"))) {
-      doAs("admin", assert(Try { sql(create) }.isSuccess))
-      doAs(
-        "admin",
-        sql(
-          s"INSERT INTO $db.$table SELECT 1, 1, 'hello', 'world', " +
-            s"timestamp'2018-11-17 12:34:56', 'World'"))
-      doAs(
-        "admin",
-        sql(
-          s"INSERT INTO $db.$table SELECT 20, 2, 'kyuubi', 'y', " +
-            s"timestamp'2018-11-17 12:34:56', 'world'"))
-      doAs(
-        "admin",
-        sql(
-          s"INSERT INTO $db.$table SELECT 30, 3, 'spark', 'a'," +
-            s" timestamp'2018-11-17 12:34:56', 'world'"))
-
-      doAs(
-        "kent",
-        assert(sql(s"SELECT key FROM $db.$table order by key").collect() ===
-          Seq(Row(1), Row(20), Row(30))))
-
-      Seq(
-        s"SELECT value1, value2, value3, value4, value5 FROM $db.$table",
-        s"SELECT value1 as key, value2, value3, value4, value5 FROM $db.$table",
-        s"SELECT max(value1), max(value2), max(value3), max(value4), max(value5) FROM $db.$table",
-        s"SELECT coalesce(max(value1), 1), coalesce(max(value2), 1), coalesce(max(value3), 1), " +
-          s"coalesce(max(value4), timestamp '2018-01-01 22:33:44'), coalesce(max(value5), 1) " +
-          s"FROM $db.$table",
-        s"SELECT value1, value2, value3, value4, value5 FROM $db.$table WHERE value2 in" +
-          s" (SELECT value2 as key FROM $db.$table)")
-        .foreach { q =>
-          doAs(
-            "bob", {
-              withClue(q) {
-                assert(sql(q).collect() ===
-                  Seq(
-                    Row(
-                      DigestUtils.md5Hex("1"),
-                      "xxxxx",
-                      "worlx",
-                      Timestamp.valueOf("2018-01-01 00:00:00"),
-                      "Xorld")))
-              }
-            })
-        }
-      doAs(
-        "bob", {
-          sql(s"CREATE TABLE $db.src2 using $format AS SELECT value1 FROM $db.$table")
-          assert(sql(s"SELECT value1 FROM $db.${table}2").collect() ===
-            Seq(Row(DigestUtils.md5Hex("1"))))
-        })
-    }
-  }
-
-  test("[KYUUBI #3581]: data masking on permanent view") {
-    assume(isSparkV31OrGreater)
-
-    val db = "default"
-    val table = "src"
-    val permView = "perm_view"
-    val col = "key"
-    val create =
-      s"CREATE TABLE IF NOT EXISTS $db.$table" +
-        s" ($col int, value1 int, value2 string)" +
-        s" USING $format"
-
-    val createView =
-      s"CREATE OR REPLACE VIEW $db.$permView" +
-        s" AS SELECT * FROM $db.$table"
-
-    withCleanTmpResources(Seq(
-      (s"$db.$table", "table"),
-      (s"$db.$permView", "view"))) {
-      doAs("admin", assert(Try { sql(create) }.isSuccess))
-      doAs("admin", assert(Try { sql(createView) }.isSuccess))
-      doAs(
-        "admin",
-        sql(
-          s"INSERT INTO $db.$table SELECT 1, 1, 'hello'"))
-
-      Seq(
-        s"SELECT value1, value2 FROM $db.$permView")
-        .foreach { q =>
-          doAs(
-            "perm_view_user", {
-              withClue(q) {
-                assert(sql(q).collect() ===
-                  Seq(
-                    Row(
-                      DigestUtils.md5Hex("1"),
-                      "hello")))
-              }
-            })
-        }
-    }
-  }
-
-  test("KYUUBI #2390: RuleEliminateMarker stays in analyze phase for data masking") {
-    val db = "default"
-    val table = "src"
-    val create =
-      s"CREATE TABLE IF NOT EXISTS $db.$table (key int, value1 int) USING $format"
-
-    withCleanTmpResources(Seq((s"$db.$table", "table"))) {
-      doAs("admin", sql(create))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 1, 1"))
-      // scalastyle: off
-      doAs(
-        "bob", {
-          assert(sql(s"select * from $db.$table").collect() ===
-            Seq(Row(1, DigestUtils.md5Hex("1"))))
-          assert(Try(sql(s"select * from $db.$table").show(1)).isSuccess)
-        })
-    }
-  }
-
   test("show tables") {
     val db = "default2"
     val table = "src"
@@ -680,7 +522,6 @@ class InMemoryCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
 
 class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   override protected val catalogImpl: String = "hive"
-
   test("table stats must be specified") {
     val table = "hive_src"
     withCleanTmpResources(Seq((table, "table"))) {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 9f980c27a..73a13bc1c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -104,7 +104,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     val e1 = intercept[AccessControlException](
       doAs("someone", sql(s"select city, id from $catalogV2.$namespace1.$table1").explain()))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
-      s" on [$namespace1/$table1/id]"))
+      s" on [$namespace1/$table1/city]"))
   }
 
   test("[KYUUBI #4255] DESCRIBE TABLE") {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveHiveParquetSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveHiveParquetSuite.scala
new file mode 100644
index 000000000..ccc694f9b
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveHiveParquetSuite.scala
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+class DataMaskingForHiveHiveParquetSuite extends DataMaskingTestBase {
+  override protected val catalogImpl: String = "hive"
+  override protected def format: String = "USING hive OPTIONS(fileFormat='parquet')"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveParquetSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveParquetSuite.scala
new file mode 100644
index 000000000..ba254abbd
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForHiveParquetSuite.scala
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+class DataMaskingForHiveParquetSuite extends DataMaskingTestBase {
+  override protected val catalogImpl: String = "hive"
+  override protected def format: String = "USING parquet"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
new file mode 100644
index 000000000..99b7eb973
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+import org.apache.spark.SparkConf
+import org.scalatest.Outcome
+
+import org.apache.kyuubi.Utils
+
+class DataMaskingForIcebergSuite extends DataMaskingTestBase {
+  override protected val extraSparkConf: SparkConf = {
+    val conf = new SparkConf()
+
+    if (isSparkV31OrGreater) {
+      conf
+        .set("spark.sql.defaultCatalog", "testcat")
+        .set(
+          "spark.sql.catalog.testcat",
+          "org.apache.iceberg.spark.SparkCatalog")
+        .set(s"spark.sql.catalog.testcat.type", "hadoop")
+        .set(
+          "spark.sql.catalog.testcat.warehouse",
+          Utils.createTempDir("iceberg-hadoop").toString)
+    }
+    conf
+
+  }
+
+  override protected val catalogImpl: String = "in-memory"
+
+  override protected def format: String = "USING iceberg"
+
+  override def beforeAll(): Unit = {
+    if (isSparkV31OrGreater) {
+      super.beforeAll()
+    }
+  }
+
+  override def afterAll(): Unit = {
+    if (isSparkV31OrGreater) {
+      super.afterAll()
+    }
+  }
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSparkV31OrGreater)
+    test()
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForInMemoryParquetSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForInMemoryParquetSuite.scala
new file mode 100644
index 000000000..1bfb71e79
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForInMemoryParquetSuite.scala
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+class DataMaskingForInMemoryParquetSuite extends DataMaskingTestBase {
+
+  override protected val catalogImpl: String = "in-memory"
+  override protected def format: String = "USING parquet"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
new file mode 100644
index 000000000..894daeaf7
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+import java.sql.DriverManager
+
+import scala.util.Try
+
+import org.apache.spark.SparkConf
+import org.scalatest.Outcome
+
+class DataMaskingForJDBCV2Suite extends DataMaskingTestBase {
+  override protected val extraSparkConf: SparkConf = {
+    val conf = new SparkConf()
+    if (isSparkV31OrGreater) {
+      conf
+        .set("spark.sql.defaultCatalog", "testcat")
+        .set(
+          "spark.sql.catalog.testcat",
+          "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+        .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
+        .set(
+          s"spark.sql.catalog.testcat.driver",
+          "org.apache.derby.jdbc.AutoloadedDriver")
+    }
+    conf
+  }
+
+  override protected val catalogImpl: String = "in-memory"
+
+  override protected def format: String = ""
+
+  override def beforeAll(): Unit = {
+    if (isSparkV31OrGreater) super.beforeAll()
+  }
+
+  override def afterAll(): Unit = {
+    if (isSparkV31OrGreater) {
+      super.afterAll()
+      // cleanup db
+      Try {
+        DriverManager.getConnection(s"jdbc:derby:memory:testcat;shutdown=true")
+      }
+    }
+  }
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSparkV31OrGreater)
+    test()
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
new file mode 100644
index 000000000..c13362617
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -0,0 +1,267 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+
+// scalastyle:off
+import java.sql.Timestamp
+
+import scala.util.Try
+
+import org.apache.commons.codec.digest.DigestUtils.md5Hex
+import org.apache.spark.sql.{Row, SparkSessionExtensions}
+import org.scalatest.{Assertion, BeforeAndAfterAll}
+import org.scalatest.funsuite.AnyFunSuite
+
+import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
+import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
+
+/**
+ * Base trait for data masking tests, derivative classes shall name themselves following:
+ *  DataMaskingFor CatalogImpl?  FileFormat? Additions? Suite
+ */
+trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with BeforeAndAfterAll {
+// scalastyle:on
+  override protected val extension: SparkSessionExtensions => Unit = new RangerSparkExtension
+
+  private def setup(): Unit = {
+    sql(s"CREATE TABLE IF NOT EXISTS default.src" +
+      "(key int," +
+      " value1 int," +
+      " value2 string," +
+      " value3 string," +
+      " value4 timestamp," +
+      " value5 string)" +
+      s" $format")
+
+    // NOTICE: `bob` has a row filter `key < 20`
+    sql("INSERT INTO default.src " +
+      "SELECT 1, 1, 'hello', 'world', timestamp'2018-11-17 12:34:56', 'World'")
+    sql("INSERT INTO default.src " +
+      "SELECT 20, 2, 'kyuubi', 'y', timestamp'2018-11-17 12:34:56', 'world'")
+    sql("INSERT INTO default.src " +
+      "SELECT 30, 3, 'spark', 'a', timestamp'2018-11-17 12:34:56', 'world'")
+    sql(s"CREATE TABLE default.unmasked $format AS SELECT * FROM default.src")
+  }
+
+  private def cleanup(): Unit = {
+    sql("DROP TABLE IF EXISTS default.src")
+    sql("DROP TABLE IF EXISTS default.unmasked")
+  }
+
+  override def beforeAll(): Unit = {
+    doAs("admin", setup())
+    super.beforeAll()
+  }
+  override def afterAll(): Unit = {
+    doAs("admin", cleanup())
+    spark.stop
+    super.afterAll()
+  }
+
+  protected def checkAnswer(user: String, query: String, result: Seq[Row]): Assertion = {
+    doAs(user, assert(sql(query).collect() === result))
+  }
+
+  test("simple query with a user doesn't have mask rules") {
+    checkAnswer("kent", "SELECT key FROM default.src order by key", Seq(Row(1), Row(20), Row(30)))
+  }
+
+  test("simple query with a user has mask rules") {
+    val result =
+      Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
+    checkAnswer("bob", "SELECT value1, value2, value3, value4, value5 FROM default.src", result)
+    checkAnswer(
+      "bob",
+      "SELECT value1 as key, value2, value3, value4, value5 FROM default.src",
+      result)
+  }
+
+  test("star") {
+    val result =
+      Seq(Row(1, md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
+    checkAnswer("bob", "SELECT * FROM default.src", result)
+  }
+
+  test("simple udf") {
+    val result =
+      Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
+    checkAnswer(
+      "bob",
+      "SELECT max(value1), max(value2), max(value3), max(value4), max(value5) FROM default.src",
+      result)
+  }
+
+  test("complex udf") {
+    val result =
+      Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
+    checkAnswer(
+      "bob",
+      "SELECT coalesce(max(value1), 1), coalesce(max(value2), 1), coalesce(max(value3), 1), " +
+        "coalesce(max(value4), timestamp '2018-01-01 22:33:44'), coalesce(max(value5), 1) " +
+        "FROM default.src",
+      result)
+  }
+
+  test("in subquery") {
+    val result =
+      Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
+    checkAnswer(
+      "bob",
+      "SELECT value1, value2, value3, value4, value5 FROM default.src WHERE value2 in " +
+        "(SELECT value2 as key FROM default.src)",
+      result)
+  }
+
+  test("create a unmasked table as select from a masked one") {
+    withCleanTmpResources(Seq(("default.src2", "table"))) {
+      doAs("bob", sql(s"CREATE TABLE default.src2 $format AS SELECT value1 FROM default.src"))
+      checkAnswer("bob", "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1"))))
+    }
+  }
+
+  test("insert into a unmasked table from a masked one") {
+    withCleanTmpResources(Seq(("default.src2", "table"), ("default.src3", "table"))) {
+      doAs("bob", sql(s"CREATE TABLE default.src2 (value1 string) $format"))
+      doAs("bob", sql(s"INSERT INTO default.src2 SELECT value1 from default.src"))
+      doAs("bob", sql(s"INSERT INTO default.src2 SELECT value1 as v from default.src"))
+      checkAnswer("bob", "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
+      doAs("bob", sql(s"CREATE TABLE default.src3 (k int, value string) $format"))
+      doAs("bob", sql(s"INSERT INTO default.src3 SELECT key, value1 from default.src"))
+      doAs("bob", sql(s"INSERT INTO default.src3 SELECT key, value1 as v from default.src"))
+      checkAnswer("bob", "SELECT value FROM default.src3", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
+    }
+  }
+
+  test("join on an unmasked table") {
+    val s = "SELECT a.value1, b.value1 FROM default.src a" +
+      " join default.unmasked b on a.value1=b.value1"
+    checkAnswer("bob", s, Nil)
+    checkAnswer("bob", s, Nil) // just for testing query multiple times, don't delete it
+  }
+
+  test("self join on a masked table") {
+    val s = "SELECT a.value1, b.value1 FROM default.src a" +
+      " join default.src b on a.value1=b.value1"
+    checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    // just for testing query multiple times, don't delete it
+    checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
+  }
+
+  test("self join on a masked table and filter the masked column with original value") {
+    val s = "SELECT a.value1, b.value1 FROM default.src a" +
+      " join default.src b on a.value1=b.value1" +
+      " where a.value1='1' and b.value1='1'"
+    checkAnswer("bob", s, Nil)
+    checkAnswer("bob", s, Nil) // just for testing query multiple times, don't delete it
+  }
+
+  test("self join on a masked table and filter the masked column with masked value") {
+    // scalastyle:off
+    val s = "SELECT a.value1, b.value1 FROM default.src a" +
+      " join default.src b on a.value1=b.value1" +
+      s" where a.value1='${md5Hex("1")}' and b.value1='${md5Hex("1")}'"
+    // TODO: The v1 an v2 relations generate different implicit type cast rules for filters
+    // so the bellow test failed in derivative classes that us v2 data source, e.g., DataMaskingForIcebergSuite
+    // For the issue itself, we might need check the spark logic first
+    // DataMaskingStage1Marker Project [value1#178, value1#183]
+    // +- Project [value1#178, value1#183]
+    //   +- Filter ((cast(value1#178 as int) = cast(c4ca4238a0b923820dcc509a6f75849b as int)) AND (cast(value1#183 as int) = cast(c4ca4238a0b923820dcc509a6f75849b as int)))
+    //      +- Join Inner, (value1#178 = value1#183)
+    //         :- SubqueryAlias a
+    //         :  +- SubqueryAlias testcat.default.src
+    //         :     +- Filter (key#166 < 20)
+    //         :        +- RowFilterMarker
+    //         :           +- DataMaskingStage0Marker RelationV2[key#166, value1#167, value2#168, value3#169, value4#170, value5#171] default.src
+    //         :              +- Project [key#166, md5(cast(cast(value1#167 as string) as binary)) AS value1#178, regexp_replace(regexp_replace(regexp_replace(value2#168, [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1) AS value2#179, regexp_replace(regexp_replace(regexp_replace(value3#169, [A-Z], X, 5), [a-z], x, 5), [0-9], n, 5) AS value3#180, date_trunc(YEAR, value4#170, Some(Asia/Shanghai)) AS value4#181, concat(regexp_replace(regexp_replace(regexp_replace(left(value5#171, (length(value5#171) - 4)), [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1), right(value5#171, 4)) AS value5#182]
+    //         :                 +- RelationV2[key#166, value1#167, value2#168, value3#169, value4#170, value5#171] default.src
+    //         +- SubqueryAlias b
+    //            +- SubqueryAlias testcat.default.src
+    //               +- Filter (key#172 < 20)
+    //                  +- RowFilterMarker
+    //                     +- DataMaskingStage0Marker RelationV2[key#172, value1#173, value2#174, value3#175, value4#176, value5#177] default.src
+    //                        +- Project [key#172, md5(cast(cast(value1#173 as string) as binary)) AS value1#183, regexp_replace(regexp_replace(regexp_replace(value2#174, [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1) AS value2#184, regexp_replace(regexp_replace(regexp_replace(value3#175, [A-Z], X, 5), [a-z], x, 5), [0-9], n, 5) AS value3#185, date_trunc(YEAR, value4#176, Some(Asia/Shanghai)) AS value4#186, concat(regexp_replace(regexp_replace(regexp_replace(left(value5#177, (length(value5#177) - 4)), [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1), right(value5#177, 4)) AS value5#187]
+    //                           +- RelationV2[key#172, value1#173, value2#174, value3#175, value4#176, value5#177] default.src
+    //
+    //
+    // Project [value1#143, value1#148]
+    // +- Filter ((value1#143 = c4ca4238a0b923820dcc509a6f75849b) AND (value1#148 = c4ca4238a0b923820dcc509a6f75849b))
+    //   +- Join Inner, (value1#143 = value1#148)
+    //      :- SubqueryAlias a
+    //      :  +- SubqueryAlias spark_catalog.default.src
+    //      :     +- Filter (key#60 < 20)
+    //      :        +- RowFilterMarker
+    //      :           +- DataMaskingStage0Marker Relation default.src[key#60,value1#61,value2#62,value3#63,value4#64,value5#65] parquet
+    //      :              +- Project [key#60, md5(cast(cast(value1#61 as string) as binary)) AS value1#143, regexp_replace(regexp_replace(regexp_replace(value2#62, [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1) AS value2#144, regexp_replace(regexp_replace(regexp_replace(value3#63, [A-Z], X, 5), [a-z], x, 5), [0-9], n, 5) AS value3#145, date_trunc(YEAR, value4#64, Some(Asia/Shanghai)) AS value4#146, concat(regexp_replace(regexp_replace(regexp_replace(left(value5#65, (length(value5#65) - 4)), [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1), right(value5#65, 4)) AS value5#147]
+    //      :                 +- Relation default.src[key#60,value1#61,value2#62,value3#63,value4#64,value5#65] parquet
+    //      +- SubqueryAlias b
+    //         +- SubqueryAlias spark_catalog.default.src
+    //            +- Filter (key#153 < 20)
+    //               +- RowFilterMarker
+    //                  +- DataMaskingStage0Marker Relation default.src[key#60,value1#61,value2#62,value3#63,value4#64,value5#65] parquet
+    //                     +- Project [key#153, md5(cast(cast(value1#154 as string) as binary)) AS value1#148, regexp_replace(regexp_replace(regexp_replace(value2#155, [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1) AS value2#149, regexp_replace(regexp_replace(regexp_replace(value3#156, [A-Z], X, 5), [a-z], x, 5), [0-9], n, 5) AS value3#150, date_trunc(YEAR, value4#157, Some(Asia/Shanghai)) AS value4#151, concat(regexp_replace(regexp_replace(regexp_replace(left(value5#158, (length(value5#158) - 4)), [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1), right(value5#158, 4)) AS value5#152]
+    //                        +- Relation default.src[key#153,value1#154,value2#155,value3#156,value4#157,value5#158] parquet
+    // checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    //
+    //
+    // scalastyle:on
+
+    // So here we use value2 to avoid type casting
+    val s2 = "SELECT a.value1, b.value1 FROM default.src a" +
+      " join default.src b on a.value1=b.value1" +
+      s" where a.value2='xxxxx' and b.value2='xxxxx'"
+    checkAnswer("bob", s2, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    // just for testing query multiple times, don't delete it
+    checkAnswer("bob", s2, Seq(Row(md5Hex("1"), md5Hex("1"))))
+  }
+
+  test("union an unmasked table") {
+    val s = """
+      SELECT value1 from (
+           SELECT a.value1 FROM default.src a
+           union
+          (SELECT b.value1 FROM default.unmasked b)
+      ) c order by value1
+      """
+    checkAnswer("bob", s, Seq(Row("1"), Row("2"), Row("3"), Row(md5Hex("1"))))
+  }
+
+  test("union a masked table") {
+    val s = "SELECT a.value1 FROM default.src a union" +
+      " (SELECT b.value1 FROM default.src b)"
+    checkAnswer("bob", s, Seq(Row(md5Hex("1"))))
+  }
+
+  test("KYUUBI #3581: permanent view should lookup rule on itself not the   ") {
+    assume(isSparkV31OrGreater)
+    val supported = doAs(
+      "perm_view_user",
+      Try(sql("CREATE OR REPLACE VIEW default.perm_view AS SELECT * FROM default.src")).isSuccess)
+    assume(supported, s"view support for '$format' has not been implemented yet")
+
+    withCleanTmpResources(Seq(("default.perm_view", "view"))) {
+      checkAnswer(
+        "perm_view_user",
+        "SELECT value1, value2 FROM default.src where key < 20",
+        Seq(Row(1, "hello")))
+      checkAnswer(
+        "perm_view_user",
+        "SELECT value1, value2 FROM default.perm_view where key < 20",
+        Seq(Row(md5Hex("1"), "hello")))
+    }
+  }
+}

From 7a9eb969ffe3b72323cd3d4eee6a7c89fd81e4ec Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 27 Feb 2023 19:08:52 +0800
Subject: [PATCH 121/760] [KYUUBI #4410] Improve
 `kyuubi-defaults.conf.template`

### _Why are the changes needed?_

This PR changes the `kyuubi-defaults.conf.template` because

- remove deprecated conf `kyuubi.frontend.bind.port`
- add some properties which were frequently asked by users

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="825" alt="image" src="https://user-images.githubusercontent.com/26535726/221521262-9de7d4e0-ca68-4718-a186-fad5f71b5e5a.png">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4410 from pan3793/conf-template.

Closes #4410

aab459753 [Cheng Pan] nit
d3d8a9a28 [Cheng Pan] nit
e278fa98d [Cheng Pan] update
169db65d4 [Cheng Pan] nit
15a1f656a [Cheng Pan] Improve kyuubi-defaults.conf.template

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 conf/kyuubi-defaults.conf.template            |  15 +-
 docs/deployment/settings.md                   | 172 +-----------------
 .../config/AllKyuubiConfiguration.scala       |  13 +-
 3 files changed, 22 insertions(+), 178 deletions(-)

diff --git a/conf/kyuubi-defaults.conf.template b/conf/kyuubi-defaults.conf.template
index d3e6026d9..6522e32e4 100644
--- a/conf/kyuubi-defaults.conf.template
+++ b/conf/kyuubi-defaults.conf.template
@@ -18,9 +18,18 @@
 ## Kyuubi Configurations
 
 #
-# kyuubi.authentication           NONE
-# kyuubi.frontend.bind.host       localhost
-# kyuubi.frontend.bind.port       10009
+# kyuubi.authentication                    NONE
+#
+# kyuubi.frontend.bind.host                10.0.0.1
+# kyuubi.frontend.protocols                THRIFT_BINARY
+# kyuubi.frontend.thrift.binary.bind.port  10009
+#
+# kyuubi.engine.type                       SPARK_SQL
+# kyuubi.engine.share.level                USER
+# kyuubi.session.engine.initialize.timeout PT3M
+#
+# kyuubi.ha.addresses                      zk1:2181,zk2:2181,zk3:2181
+# kyuubi.ha.namespace                      kyuubi
 #
 
 # Details in https://kyuubi.readthedocs.io/en/master/deployment/settings.html
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index dac72825e..1b593bde1 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -22,113 +22,12 @@ Kyuubi provides several ways to configure the system and corresponding engines.
 
 ## Environments
 
-You can configure the environment variables in `$KYUUBI_HOME/conf/kyuubi-env.sh`, e.g, `JAVA_HOME`, then this java runtime will be used both for Kyuubi server instance and the applications it launches. You can also change the variable in the subprocess's env configuration file, e.g.`$SPARK_HOME/conf/spark-env.sh` to use more specific ENV for SQL engine applications.
-
-```bash
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# - JAVA_HOME               Java runtime to use. By default use "java" from PATH.
-#
-#
-# - KYUUBI_CONF_DIR         Directory containing the Kyuubi configurations to use.
-#                           (Default: $KYUUBI_HOME/conf)
-# - KYUUBI_LOG_DIR          Directory for Kyuubi server-side logs.
-#                           (Default: $KYUUBI_HOME/logs)
-# - KYUUBI_PID_DIR          Directory stores the Kyuubi instance pid file.
-#                           (Default: $KYUUBI_HOME/pid)
-# - KYUUBI_MAX_LOG_FILES    Maximum number of Kyuubi server logs can rotate to.
-#                           (Default: 5)
-# - KYUUBI_JAVA_OPTS        JVM options for the Kyuubi server itself in the form "-Dx=y".
-#                           (Default: none).
-# - KYUUBI_CTL_JAVA_OPTS    JVM options for the Kyuubi ctl itself in the form "-Dx=y".
-#                           (Default: none).
-# - KYUUBI_BEELINE_OPTS     JVM options for the Kyuubi BeeLine in the form "-Dx=Y".
-#                           (Default: none)
-# - KYUUBI_NICENESS         The scheduling priority for Kyuubi server.
-#                           (Default: 0)
-# - KYUUBI_WORK_DIR_ROOT    Root directory for launching sql engine applications.
-#                           (Default: $KYUUBI_HOME/work)
-# - HADOOP_CONF_DIR         Directory containing the Hadoop / YARN configuration to use.
-# - YARN_CONF_DIR           Directory containing the YARN configuration to use.
-#
-# - SPARK_HOME              Spark distribution which you would like to use in Kyuubi.
-# - SPARK_CONF_DIR          Optional directory where the Spark configuration lives.
-#                           (Default: $SPARK_HOME/conf)
-# - FLINK_HOME              Flink distribution which you would like to use in Kyuubi.
-# - FLINK_CONF_DIR          Optional directory where the Flink configuration lives.
-#                           (Default: $FLINK_HOME/conf)
-# - FLINK_HADOOP_CLASSPATH  Required Hadoop jars when you use the Kyuubi Flink engine.
-# - HIVE_HOME               Hive distribution which you would like to use in Kyuubi.
-# - HIVE_CONF_DIR           Optional directory where the Hive configuration lives.
-#                           (Default: $HIVE_HOME/conf)
-# - HIVE_HADOOP_CLASSPATH   Required Hadoop jars when you use the Kyuubi Hive engine.
-#
-
-
-## Examples ##
-
-# export JAVA_HOME=/usr/jdk64/jdk1.8.0_152
-# export SPARK_HOME=/opt/spark
-# export FLINK_HOME=/opt/flink
-# export HIVE_HOME=/opt/hive
-# export FLINK_HADOOP_CLASSPATH=/path/to/hadoop-client-runtime-3.3.2.jar:/path/to/hadoop-client-api-3.3.2.jar
-# export HIVE_HADOOP_CLASSPATH=${HADOOP_HOME}/share/hadoop/common/lib/commons-collections-3.2.2.jar:${HADOOP_HOME}/share/hadoop/client/hadoop-client-runtime-3.1.0.jar:${HADOOP_HOME}/share/hadoop/client/hadoop-client-api-3.1.0.jar:${HADOOP_HOME}/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar
-# export HADOOP_CONF_DIR=/usr/ndp/current/mapreduce_client/conf
-# export YARN_CONF_DIR=/usr/ndp/current/yarn/conf
-# export KYUUBI_JAVA_OPTS="-Xmx10g -XX:+UnlockDiagnosticVMOptions -XX:ParGCCardsPerStrideChunk=4096 -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:CMSInitiatingOccupancyFraction=70 -XX:+UseCMSInitiatingOccupancyOnly -XX:+CMSClassUnloadingEnabled -XX:+CMSParallelRemarkEnabled -XX:+UseCondCardMark -XX:MaxDirectMemorySize=1024m  -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=./logs -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintTenuringDistribution -Xloggc:./logs/kyuubi-server-gc-%t.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=5M -XX:NewRatio=3 -XX:MetaspaceSize=512m"
-# export KYUUBI_BEELINE_OPTS="-Xmx2g -XX:+UnlockDiagnosticVMOptions -XX:ParGCCardsPerStrideChunk=4096 -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:CMSInitiatingOccupancyFraction=70 -XX:+UseCMSInitiatingOccupancyOnly -XX:+CMSClassUnloadingEnabled -XX:+CMSParallelRemarkEnabled -XX:+UseCondCardMark"
-```
-
+You can configure the environment variables in `$KYUUBI_HOME/conf/kyuubi-env.sh`, e.g, `JAVA_HOME`, then this java runtime will be used both for Kyuubi server instance and the applications it launches. You can also change the variable in the subprocess's env configuration file, e.g.`$SPARK_HOME/conf/spark-env.sh` to use more specific ENV for SQL engine applications. see `$KYUUBI_HOME/conf/kyuubi-env.sh.template` as an example.
 For the environment variables that only needed to be transferred into engine side, you can set it with a Kyuubi configuration item formatted `kyuubi.engineEnv.VAR_NAME`. For example, with `kyuubi.engineEnv.SPARK_DRIVER_MEMORY=4g`, the environment variable `SPARK_DRIVER_MEMORY` with value `4g` would be transferred into engine side. With `kyuubi.engineEnv.SPARK_CONF_DIR=/apache/confs/spark/conf`, the value of `SPARK_CONF_DIR` on the engine side is set to `/apache/confs/spark/conf`.
 
 ## Kyuubi Configurations
 
-You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`. For example:
-
-```bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-## Kyuubi Configurations
-
-#
-# kyuubi.authentication           NONE
-# kyuubi.frontend.bind.host       localhost
-# kyuubi.frontend.bind.port       10009
-#
-
-# Details in https://kyuubi.readthedocs.io/en/master/deployment/settings.html
-```
+You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`, see `$KYUUBI_HOME/conf/kyuubi-defaults.conf.template` as an example.
 
 ### Authentication
 
@@ -584,72 +483,7 @@ Please refer to the Flink official online documentation for [SET Statements](htt
 
 ## Logging
 
-Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`.
-
-```bash
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~     http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!-- Provide log4j2.xml.template to fix `ERROR Filters contains invalid attributes "onMatch", "onMismatch"`, see KYUUBI-2247 -->
-<!-- Extra logging related to initialization of Log4j.
- Set to debug or trace if log4j initialization is failing. -->
-<Configuration status="INFO">
-    <Properties>
-        <Property name="restAuditLogPath">rest-audit.log</Property>
-        <Property name="restAuditLogFilePattern">rest-audit-%d{yyyy-MM-dd}-%i.log</Property>
-    </Properties>
-    <Appenders>
-        <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
-            <Filters>
-                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
-            </Filters>
-        </Console>
-        <RollingFile name="restAudit" fileName="${sys:restAuditLogPath}"
-                     filePattern="${sys:restAuditLogFilePattern}">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="51200KB" />
-            </Policies>
-            <DefaultRolloverStrategy max="10"/>
-        </RollingFile>
-    </Appenders>
-    <Loggers>
-        <Root level="INFO">
-            <AppenderRef ref="stdout"/>
-        </Root>
-        <Logger name="org.apache.kyuubi.ctl.ServiceControlCli" level="error" additivity="false">
-            <AppenderRef ref="stdout"/>
-        </Logger>
-        <!--
-        <Logger name="org.apache.kyuubi.server.mysql.codec" level="trace" additivity="false">
-            <AppenderRef ref="stdout"/>
-        </Logger>
-        -->
-        <Logger name="org.apache.hive.beeline.KyuubiBeeLine" level="error" additivity="false">
-            <AppenderRef ref="stdout"/>
-        </Logger>
-        <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
-            <AppenderRef ref="restAudit" />
-        </Logger>
-    </Loggers>
-</Configuration>
-```
+Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`, see `$KYUUBI_HOME/conf/log4j2.xml.template` as an example.
 
 ## Other Configurations
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 1d0e09544..bb183c00c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -75,9 +75,8 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
          | e.g, `JAVA_HOME`, then this java runtime will be used both for Kyuubi server instance and
          | the applications it launches. You can also change the variable in the subprocess's env
          | configuration file, e.g.`$SPARK_HOME/conf/spark-env.sh` to use more specific ENV for
-         | SQL engine applications.
+         | SQL engine applications. see `$KYUUBI_HOME/conf/kyuubi-env.sh.template` as an example.
          | """)
-      .fileWithBlock(Paths.get(kyuubiHome, "conf", "kyuubi-env.sh.template"))
       .line(
         """
         | For the environment variables that only needed to be transferred into engine
@@ -89,8 +88,9 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
         | """)
       .line("## Kyuubi Configurations")
       .line(""" You can configure the Kyuubi properties in
-         | `$KYUUBI_HOME/conf/kyuubi-defaults.conf`. For example: """)
-      .fileWithBlock(Paths.get(kyuubiHome, "conf", "kyuubi-defaults.conf.template"))
+         | `$KYUUBI_HOME/conf/kyuubi-defaults.conf`, see
+         | `$KYUUBI_HOME/conf/kyuubi-defaults.conf.template` as an example.
+         | """)
 
     KyuubiConf.getConfigEntries().asScala
       .toStream
@@ -188,8 +188,9 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
     builder
       .line("## Logging")
       .line("""Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging.
-        | You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`.""")
-      .fileWithBlock(Paths.get(kyuubiHome, "conf", "log4j2.xml.template"))
+        | You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`, see
+        | `$KYUUBI_HOME/conf/log4j2.xml.template` as an example.
+        | """)
 
     builder
       .lines("""

From 0a7c45b8eec4998bb8ff35e65e2b805ea7370bf1 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 27 Feb 2023 20:57:19 +0800
Subject: [PATCH 122/760] [KYUUBI #4412][FOLLOWUP] Align the server/engine
 session handle for flink/hive/trino/jdbc engines

### _Why are the changes needed?_

#4412 follow up

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4422 from turboFei/align_session_id.

Closes #4412

319373296 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../session/FlinkSQLSessionManager.scala      | 20 +++++---
 .../flink/session/FlinkSessionImpl.scala      |  6 ++-
 .../hive/session/HiveSessionManager.scala     | 50 +++++++++++--------
 .../engine/jdbc/session/JdbcSessionImpl.scala |  6 ++-
 .../jdbc/session/JdbcSessionManager.scala     |  6 ++-
 .../trino/session/TrinoSessionImpl.scala      |  6 ++-
 .../trino/session/TrinoSessionManager.scala   |  6 ++-
 7 files changed, 65 insertions(+), 35 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
index 8a3fc7446..07971e39f 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
@@ -21,6 +21,7 @@ import org.apache.flink.table.client.gateway.context.DefaultContext
 import org.apache.flink.table.client.gateway.local.LocalExecutor
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.flink.operation.FlinkSQLOperationManager
 import org.apache.kyuubi.session.{Session, SessionHandle, SessionManager}
 
@@ -43,14 +44,17 @@ class FlinkSQLSessionManager(engineContext: DefaultContext)
       password: String,
       ipAddress: String,
       conf: Map[String, String]): Session = {
-    new FlinkSessionImpl(
-      protocol,
-      user,
-      password,
-      ipAddress,
-      conf,
-      this,
-      executor)
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).flatMap(
+      getSessionOption).getOrElse {
+      new FlinkSessionImpl(
+        protocol,
+        user,
+        password,
+        ipAddress,
+        conf,
+        this,
+        executor)
+    }
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
index 03d9ce42e..75087b48c 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
@@ -26,8 +26,9 @@ import org.apache.flink.table.client.gateway.local.LocalExecutor
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 
 import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.flink.FlinkEngineUtils
-import org.apache.kyuubi.session.{AbstractSession, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
 
 class FlinkSessionImpl(
     protocol: TProtocolVersion,
@@ -39,6 +40,9 @@ class FlinkSessionImpl(
     val executor: LocalExecutor)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
+  override val handle: SessionHandle =
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
+
   lazy val sessionContext: SessionContext = {
     FlinkEngineUtils.getSessionContext(executor, handle.identifier.toString)
   }
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionManager.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionManager.scala
index dc807429c..d09912770 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionManager.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionManager.scala
@@ -28,6 +28,7 @@ import org.apache.hive.service.cli.session.{HiveSessionImplwithUGI => ImportedHi
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_SHARE_LEVEL
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.hive.HiveSQLEngine
 import org.apache.kyuubi.engine.hive.operation.HiveOperationManager
@@ -72,33 +73,38 @@ class HiveSessionManager(engine: HiveSQLEngine) extends SessionManager("HiveSess
       password: String,
       ipAddress: String,
       conf: Map[String, String]): Session = {
-    val sessionHandle = SessionHandle()
-    val hive = {
-      val sessionWithUGI = new ImportedHiveSessionImpl(
-        new ImportedSessionHandle(sessionHandle.toTSessionHandle, protocol),
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).flatMap(
+      getSessionOption).getOrElse {
+      val sessionHandle =
+        conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
+      val hive = {
+        val sessionWithUGI = new ImportedHiveSessionImpl(
+          new ImportedSessionHandle(sessionHandle.toTSessionHandle, protocol),
+          protocol,
+          user,
+          password,
+          HiveSQLEngine.hiveConf,
+          ipAddress,
+          null,
+          Seq(ipAddress).asJava)
+        val proxy = HiveSessionProxy.getProxy(sessionWithUGI, sessionWithUGI.getSessionUgi)
+        sessionWithUGI.setProxySession(proxy)
+        proxy
+      }
+      hive.setSessionManager(internalSessionManager)
+      hive.setOperationManager(internalSessionManager.getOperationManager)
+      operationLogRoot.foreach(dir => hive.setOperationLogSessionDir(new File(dir)))
+      new HiveSessionImpl(
         protocol,
         user,
         password,
-        HiveSQLEngine.hiveConf,
         ipAddress,
-        null,
-        Seq(ipAddress).asJava)
-      val proxy = HiveSessionProxy.getProxy(sessionWithUGI, sessionWithUGI.getSessionUgi)
-      sessionWithUGI.setProxySession(proxy)
-      proxy
+        conf,
+        this,
+        sessionHandle,
+        hive)
     }
-    hive.setSessionManager(internalSessionManager)
-    hive.setOperationManager(internalSessionManager.getOperationManager)
-    operationLogRoot.foreach(dir => hive.setOperationLogSessionDir(new File(dir)))
-    new HiveSessionImpl(
-      protocol,
-      user,
-      password,
-      ipAddress,
-      conf,
-      this,
-      sessionHandle,
-      hive)
+
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
index 63fb2dd07..f8cd40412 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
@@ -23,8 +23,9 @@ import scala.util.{Failure, Success, Try}
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 
 import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.jdbc.connection.ConnectionProvider
-import org.apache.kyuubi.session.{AbstractSession, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
 
 class JdbcSessionImpl(
     protocol: TProtocolVersion,
@@ -35,6 +36,9 @@ class JdbcSessionImpl(
     sessionManager: SessionManager)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
+  override val handle: SessionHandle =
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
+
   private[jdbc] var sessionConnection: Connection = _
 
   private var databaseMetaData: DatabaseMetaData = _
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionManager.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionManager.scala
index db8f60c3c..09958e050 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionManager.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionManager.scala
@@ -20,6 +20,7 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_SHARE_LEVEL
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.jdbc.JdbcSQLEngine
 import org.apache.kyuubi.engine.jdbc.operation.JdbcOperationManager
@@ -46,7 +47,10 @@ class JdbcSessionManager(name: String)
       password: String,
       ipAddress: String,
       conf: Map[String, String]): Session = {
-    new JdbcSessionImpl(protocol, user, password, ipAddress, conf, this)
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).flatMap(
+      getSessionOption).getOrElse {
+      new JdbcSessionImpl(protocol, user, password, ipAddress, conf, this)
+    }
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index a19d74d58..81f973b1b 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -30,11 +30,12 @@ import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtoco
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.Utils.currentUser
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.trino.{TrinoConf, TrinoContext, TrinoStatement}
 import org.apache.kyuubi.engine.trino.event.TrinoSessionEvent
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
-import org.apache.kyuubi.session.{AbstractSession, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
 
 class TrinoSessionImpl(
     protocol: TProtocolVersion,
@@ -45,6 +46,9 @@ class TrinoSessionImpl(
     sessionManager: SessionManager)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
+  override val handle: SessionHandle =
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
+
   var trinoContext: TrinoContext = _
   private var clientSession: ClientSession = _
   private var catalogName: String = null
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionManager.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionManager.scala
index 6d56d5c05..e18b8f758 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionManager.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionManager.scala
@@ -20,6 +20,7 @@ package org.apache.kyuubi.engine.trino.session
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_SHARE_LEVEL
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.trino.TrinoSqlEngine
 import org.apache.kyuubi.engine.trino.operation.TrinoOperationManager
@@ -36,7 +37,10 @@ class TrinoSessionManager
       password: String,
       ipAddress: String,
       conf: Map[String, String]): Session = {
-    new TrinoSessionImpl(protocol, user, password, ipAddress, conf, this)
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).flatMap(
+      getSessionOption).getOrElse {
+      new TrinoSessionImpl(protocol, user, password, ipAddress, conf, this)
+    }
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {

From d086d79fbb52463f1dfbb4872b88682d5e2d2047 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Tue, 28 Feb 2023 14:11:59 +0800
Subject: [PATCH 123/760] [KYUUBI #4404] Support to list/close sessions in
 AdminResource

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4423 from lightning-L/kyuubi-4404.

Closes #4404

1570303a1 [Tianlin Liao] add response message
e5921c992 [Tianlin Liao] [KYUUBI #4404] Support to list/close sessions in AdminResource

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/server/api/v1/AdminResource.scala  | 51 ++++++++++++++++++-
 .../server/api/v1/AdminResourceSuite.scala    | 46 ++++++++++++++++-
 2 files changed, 94 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 104dd1045..a85cef16d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -24,12 +24,12 @@ import javax.ws.rs.core.{MediaType, Response}
 import scala.collection.JavaConverters._
 import scala.collection.mutable.ListBuffer
 
-import io.swagger.v3.oas.annotations.media.Content
+import io.swagger.v3.oas.annotations.media.{ArraySchema, Content, Schema}
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
-import org.apache.kyuubi.client.api.v1.dto.Engine
+import org.apache.kyuubi.client.api.v1.dto.{Engine, SessionData}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.ha.HighAvailabilityConf.HA_NAMESPACE
@@ -37,6 +37,7 @@ import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceNodeInfo}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.server.KyuubiServer
 import org.apache.kyuubi.server.api.ApiRequestContext
+import org.apache.kyuubi.session.SessionHandle
 
 @Tag(name = "Admin")
 @Produces(Array(MediaType.APPLICATION_JSON))
@@ -102,6 +103,52 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     Response.ok(s"Refresh the unlimited users successfully.").build()
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(
+      mediaType = MediaType.APPLICATION_JSON,
+      array = new ArraySchema(schema = new Schema(implementation = classOf[SessionData])))),
+    description = "get the list of all live sessions")
+  @GET
+  @Path("sessions")
+  def sessions(): Seq[SessionData] = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Received listing all live sessions request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to list all live sessions")
+    }
+    fe.be.sessionManager.allSessions().map { session =>
+      new SessionData(
+        session.handle.identifier.toString,
+        session.user,
+        session.ipAddress,
+        session.conf.asJava,
+        session.createTime,
+        session.lastAccessTime - session.createTime,
+        session.getNoOperationTime)
+    }.toSeq
+  }
+
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
+    description = "Close a session")
+  @DELETE
+  @Path("sessions/{sessionHandle}")
+  def closeSession(@PathParam("sessionHandle") sessionHandleStr: String): Response = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Received closing a session request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to close the session $sessionHandleStr")
+    }
+    fe.be.closeSession(SessionHandle.fromUUID(sessionHandleStr))
+    Response.ok(s"Session $sessionHandleStr is closed successfully.").build()
+  }
+
   @ApiResponse(
     responseCode = "200",
     content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index ffd4a9140..9c050ba31 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -18,13 +18,17 @@
 package org.apache.kyuubi.server.api.v1
 
 import java.util.{Base64, UUID}
+import javax.ws.rs.client.Entity
 import javax.ws.rs.core.{GenericType, MediaType}
 
+import scala.collection.JavaConverters._
+
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite, RestFrontendTestHelper, Utils}
-import org.apache.kyuubi.client.api.v1.dto.Engine
+import org.apache.kyuubi.client.api.v1.dto.{Engine, SessionData, SessionHandle, SessionOpenRequest}
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
 import org.apache.kyuubi.engine.{ApplicationState, EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.EngineType.SPARK_SQL
 import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, USER}
@@ -123,6 +127,46 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     assert(200 == response.getStatus)
   }
 
+  test("list/close sessions") {
+    val requestObj = new SessionOpenRequest(
+      1,
+      Map("testConfig" -> "testValue").asJava)
+
+    var response = webTarget.path("api/v1/sessions")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
+
+    val adminUser = Utils.currentUser
+    val encodeAuthorization = new String(
+      Base64.getEncoder.encode(
+        s"$adminUser:".getBytes()),
+      "UTF-8")
+
+    // get session list
+    var response2 = webTarget.path("api/v1/admin/sessions").request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    assert(200 == response2.getStatus)
+    val sessions1 = response2.readEntity(new GenericType[Seq[SessionData]]() {})
+    assert(sessions1.nonEmpty)
+    assert(sessions1.head.getConf.get(KYUUBI_SESSION_CONNECTION_URL_KEY) === fe.connectionUrl)
+
+    // close an opened session
+    val sessionHandle = response.readEntity(classOf[SessionHandle]).getIdentifier
+    response = webTarget.path(s"api/v1/admin/sessions/$sessionHandle").request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .delete()
+    assert(200 == response.getStatus)
+
+    // get session list again
+    response2 = webTarget.path("api/v1/admin/sessions").request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    assert(200 == response2.getStatus)
+    val sessions2 = response2.readEntity(classOf[Seq[SessionData]])
+    assert(sessions2.isEmpty)
+  }
+
   test("delete engine - user share level") {
     val id = UUID.randomUUID().toString
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, USER.toString)

From 5b3ab9ca924b789b4f10f91600ffed684265e958 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 28 Feb 2023 08:54:33 +0000
Subject: [PATCH 124/760] [KYUUBI #4424][REST] Catch No Node Exception, when
 list kyuubi engines

### _Why are the changes needed?_

Close #4424

Catch No Node Exception, when list kyuubi engines

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

![WX20230227-184957](https://user-images.githubusercontent.com/52876270/221544376-2f0d6b4b-0bc4-446e-abb1-d0c79211aea4.png)

Closes #4425 from zwangsheng/kyuubi-4424.

Closes #4424

3052b157 [zwangsheng] [Kyuubi #4424] Fix scala style
74825cf8 [zwangsheng] [Kyuubi #4424] Throw User Friendly Exception
7e8363cc [zwangsheng] [Kyuubi #4424] Remove usless file & catch subException
4a3c469a [zwangsheng] [Kyuubi #4424] Catch cacth No Node Exception, when list kyuubi engines

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../kyuubi/server/api/v1/AdminResource.scala    | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index a85cef16d..2aae7076c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -27,6 +27,7 @@ import scala.collection.mutable.ListBuffer
 import io.swagger.v3.oas.annotations.media.{ArraySchema, Content, Schema}
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
+import org.apache.zookeeper.KeeperException.NoNodeException
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
 import org.apache.kyuubi.client.api.v1.dto.{Engine, SessionData}
@@ -207,9 +208,19 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
         }
       case None =>
         withDiscoveryClient(fe.getConf) { discoveryClient =>
-          discoveryClient.getChildren(engineSpace).map { child =>
-            info(s"Listing engine nodes for $engineSpace/$child")
-            engineNodes ++= discoveryClient.getServiceNodesInfo(s"$engineSpace/$child")
+          try {
+            discoveryClient.getChildren(engineSpace).map { child =>
+              info(s"Listing engine nodes for $engineSpace/$child")
+              engineNodes ++= discoveryClient.getServiceNodesInfo(s"$engineSpace/$child")
+            }
+          } catch {
+            case nne: NoNodeException =>
+              error(
+                s"No such engine for user: $userName, " +
+                  s"engine type: $engineType, share level: $shareLevel, subdomain: $subdomain",
+                nne)
+              throw new NotFoundException(s"No such engine for user: $userName, " +
+                s"engine type: $engineType, share level: $shareLevel, subdomain: $subdomain")
           }
         }
     }

From 835454de630c3b791623287d96829870b8052cc2 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 28 Feb 2023 21:14:36 +0800
Subject: [PATCH 125/760] [KYUUBI #4418] Allow disable metadata operation async
 retry and fail fast on unrecoverable DB error

### _Why are the changes needed?_

The key changes are

1. allow disabling metadata operation retry
2. always fail fast on "duplicated key on unique index" error

Currently, when metadata operations failed, we always do async retry, to tolerate long-time metadata store outages w/o blocking the submission request, but it can not guarantee metadata consistency eventually, e.g. when inserting data violates the unique key restriction, it will never succeed, and block any following update request for the batch job, in such cases, the client gets succeed response but the metadata can not be updated correctly.

We should distinguish between recoverable and unrecoverable errors, for unrecoverable errors, we should fail fast, but the fact is it's hard to enumerate all recoverable nor unrecoverable errors, in this PR, we just enumerate the "duplicated key" as unrecoverable errors, and provide a switch to disable async retry so that the error can propagate to client correctly.

Some configurations are renamed w/ the `async.` prefix(the original key still takes effect) because we may introduce the sync retry logic in the future.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4418 from pan3793/sync-retry.

Closes #4418

ce58ac58c [Cheng Pan] revert migration-guide.md
c2d8377a4 [Cheng Pan] simplify

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |   5 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  37 ++-
 .../server/metadata/MetadataManager.scala     | 139 +++++-----
 .../server/metadata/MetadataRequest.scala     |   2 +-
 .../metadata/MetadataManagerSuite.scala       | 241 ++++++++++--------
 5 files changed, 234 insertions(+), 190 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 1b593bde1..cd8f5b770 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -302,9 +302,10 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.metadata.cleaner.interval                | PT30M                                                    | The interval to check and clean expired metadata.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | duration | 1.6.0 |
 | kyuubi.metadata.max.age                         | PT72H                                                    | The maximum age of metadata, the metadata exceeding the age will be cleaned.                                                                                                                                                                                                                                                                                                                                                                                                                                                            | duration | 1.6.0 |
 | kyuubi.metadata.recovery.threads                | 10                                                       | The number of threads for recovery from the metadata store when the Kyuubi server restarts.                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.6.0 |
+| kyuubi.metadata.request.async.retry.enabled     | true                                                     | Whether to retry in async when metadata request failed. When true, return success response immediately even the metadata request failed, and schedule it in background until success, to tolerate long-time metadata store outages w/o blocking the submission request.                                                                                                                                                                                                                                                                 | boolean  | 1.7.0 |
+| kyuubi.metadata.request.async.retry.queue.size  | 65536                                                    | The maximum queue size for buffering metadata requests in memory when the external metadata storage is down. Requests will be dropped if the queue exceeds. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                | int      | 1.6.0 |
+| kyuubi.metadata.request.async.retry.threads     | 10                                                       | Number of threads in the metadata request async retry manager thread pool. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.6.0 |
 | kyuubi.metadata.request.retry.interval          | PT5S                                                     | The interval to check and trigger the metadata request retry tasks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.0 |
-| kyuubi.metadata.request.retry.queue.size        | 65536                                                    | The maximum queue size for buffering metadata requests in memory when the external metadata storage is down. Requests will be dropped if the queue exceeds.                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.6.0 |
-| kyuubi.metadata.request.retry.threads           | 10                                                       | Number of threads in the metadata request retry manager thread pool. The metadata store might be unavailable sometimes and the requests will fail, tolerant for this case and unblock the main thread, we support retrying the failed requests in an async way.                                                                                                                                                                                                                                                                         | int      | 1.6.0 |
 | kyuubi.metadata.store.class                     | org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStore | Fully qualified class name for server metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.database.schema.init | true                                                     | Whether to init the JDBC metadata store database schema.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.6.0 |
 | kyuubi.metadata.store.jdbc.database.type        | DERBY                                                    | The database type for server jdbc metadata store.<ul> <li>DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index f59cb2d98..f61cfeaa7 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1568,16 +1568,6 @@ object KyuubiConf {
       .intConf
       .createWithDefault(10)
 
-  val METADATA_REQUEST_RETRY_THREADS: ConfigEntry[Int] =
-    buildConf("kyuubi.metadata.request.retry.threads")
-      .doc("Number of threads in the metadata request retry manager thread pool. The metadata" +
-        " store might be unavailable sometimes and the requests will fail, tolerant for this" +
-        " case and unblock the main thread, we support retrying the failed requests" +
-        " in an async way.")
-      .version("1.6.0")
-      .intConf
-      .createWithDefault(10)
-
   val METADATA_REQUEST_RETRY_INTERVAL: ConfigEntry[Long] =
     buildConf("kyuubi.metadata.request.retry.interval")
       .doc("The interval to check and trigger the metadata request retry tasks.")
@@ -1585,10 +1575,31 @@ object KyuubiConf {
       .timeConf
       .createWithDefault(Duration.ofSeconds(5).toMillis)
 
-  val METADATA_REQUEST_RETRY_QUEUE_SIZE: ConfigEntry[Int] =
-    buildConf("kyuubi.metadata.request.retry.queue.size")
+  val METADATA_REQUEST_ASYNC_RETRY_ENABLED: ConfigEntry[Boolean] =
+    buildConf("kyuubi.metadata.request.async.retry.enabled")
+      .doc("Whether to retry in async when metadata request failed. When true, return " +
+        "success response immediately even the metadata request failed, and schedule " +
+        "it in background until success, to tolerate long-time metadata store outages " +
+        "w/o blocking the submission request.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val METADATA_REQUEST_ASYNC_RETRY_THREADS: ConfigEntry[Int] =
+    buildConf("kyuubi.metadata.request.async.retry.threads")
+      .withAlternative("kyuubi.metadata.request.retry.threads")
+      .doc("Number of threads in the metadata request async retry manager thread pool. Only " +
+        s"take affect when ${METADATA_REQUEST_ASYNC_RETRY_ENABLED.key} is `true`.")
+      .version("1.6.0")
+      .intConf
+      .createWithDefault(10)
+
+  val METADATA_REQUEST_ASYNC_RETRY_QUEUE_SIZE: ConfigEntry[Int] =
+    buildConf("kyuubi.metadata.request.async.retry.queue.size")
+      .withAlternative("kyuubi.metadata.request.retry.queue.size")
       .doc("The maximum queue size for buffering metadata requests in memory when the external" +
-        " metadata storage is down. Requests will be dropped if the queue exceeds.")
+        " metadata storage is down. Requests will be dropped if the queue exceeds. Only" +
+        s" take affect when ${METADATA_REQUEST_ASYNC_RETRY_ENABLED.key} is `true`.")
       .version("1.6.0")
       .intConf
       .createWithDefault(65536)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
index 5cecd2ab1..35abc1b30 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
@@ -37,44 +37,55 @@ class MetadataManager extends AbstractService("MetadataManager") {
   private var _metadataStore: MetadataStore = _
 
   // Visible for testing.
-  private[metadata] val identifierRequestsRetryRefs =
+  private[metadata] val identifierRequestsAsyncRetryRefs =
     new ConcurrentHashMap[String, MetadataRequestsRetryRef]()
 
   // Visible for testing.
-  private[metadata] val identifierRequestsRetryingCounts =
+  private[metadata] val identifierRequestsAsyncRetryingCounts =
     new ConcurrentHashMap[String, AtomicInteger]()
 
-  private val requestsRetryTrigger =
-    ThreadUtils.newDaemonSingleThreadScheduledExecutor("metadata-requests-retry-trigger")
+  private lazy val requestsRetryInterval =
+    conf.get(KyuubiConf.METADATA_REQUEST_RETRY_INTERVAL)
 
-  private var requestsRetryExecutor: ThreadPoolExecutor = _
+  private lazy val requestsAsyncRetryEnabled =
+    conf.get(KyuubiConf.METADATA_REQUEST_ASYNC_RETRY_ENABLED)
 
-  private var maxMetadataRequestsRetryRefs: Int = _
+  private lazy val requestsAsyncRetryTrigger =
+    ThreadUtils.newDaemonSingleThreadScheduledExecutor("metadata-requests-async-retry-trigger")
 
-  private val metadataCleaner =
+  private lazy val requestsAsyncRetryExecutor: ThreadPoolExecutor =
+    ThreadUtils.newDaemonFixedThreadPool(
+      conf.get(KyuubiConf.METADATA_REQUEST_ASYNC_RETRY_THREADS),
+      "metadata-requests-async-retry")
+
+  private lazy val cleanerEnabled = conf.get(KyuubiConf.METADATA_CLEANER_ENABLED)
+
+  private lazy val metadataCleaner =
     ThreadUtils.newDaemonSingleThreadScheduledExecutor("metadata-cleaner")
 
   override def initialize(conf: KyuubiConf): Unit = {
     _metadataStore = MetadataManager.createMetadataStore(conf)
-    val retryExecutorNumThreads =
-      conf.get(KyuubiConf.METADATA_REQUEST_RETRY_THREADS)
-    requestsRetryExecutor = ThreadUtils.newDaemonFixedThreadPool(
-      retryExecutorNumThreads,
-      "metadata-requests-retry-executor")
-    maxMetadataRequestsRetryRefs = conf.get(KyuubiConf.METADATA_REQUEST_RETRY_QUEUE_SIZE)
     super.initialize(conf)
   }
 
   override def start(): Unit = {
     super.start()
-    startMetadataRequestsRetryTrigger()
-    startMetadataCleaner()
+    if (requestsAsyncRetryEnabled) {
+      startMetadataRequestsAsyncRetryTrigger()
+    }
+    if (cleanerEnabled) {
+      startMetadataCleaner()
+    }
   }
 
   override def stop(): Unit = {
-    ThreadUtils.shutdown(requestsRetryTrigger)
-    ThreadUtils.shutdown(requestsRetryExecutor)
-    ThreadUtils.shutdown(metadataCleaner)
+    if (requestsAsyncRetryEnabled) {
+      ThreadUtils.shutdown(requestsAsyncRetryTrigger)
+      ThreadUtils.shutdown(requestsAsyncRetryExecutor)
+    }
+    if (cleanerEnabled) {
+      ThreadUtils.shutdown(metadataCleaner)
+    }
     _metadataStore.close()
     super.stop()
   }
@@ -93,11 +104,22 @@ class MetadataManager extends AbstractService("MetadataManager") {
     }
   }
 
-  def insertMetadata(metadata: Metadata, retryOnError: Boolean = true): Unit = {
+  protected def unrecoverableDBErr(cause: Throwable): Boolean = {
+    val unrecoverableKeywords = Seq(
+      "duplicate key value in a unique or primary key constraint or unique index", // Derby
+      "Duplicate entry" // MySQL
+    )
+    unrecoverableKeywords.exists(cause.getMessage.contains)
+  }
+
+  def insertMetadata(metadata: Metadata, asyncRetryOnError: Boolean = true): Unit = {
     try {
       withMetadataRequestMetrics(_metadataStore.insertMetadata(metadata))
     } catch {
-      case e: Throwable if retryOnError =>
+      // stop to retry when encounter duplicated key error.
+      case rethrow: Throwable if unrecoverableDBErr(rethrow) =>
+        throw rethrow
+      case e: Throwable if requestsAsyncRetryEnabled && asyncRetryOnError =>
         error(s"Error inserting metadata for session ${metadata.identifier}", e)
         addMetadataRetryRequest(InsertMetadata(metadata))
     }
@@ -156,11 +178,11 @@ class MetadataManager extends AbstractService("MetadataManager") {
     withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size, true))
   }
 
-  def updateMetadata(metadata: Metadata, retryOnError: Boolean = true): Unit = {
+  def updateMetadata(metadata: Metadata, asyncRetryOnError: Boolean = true): Unit = {
     try {
       withMetadataRequestMetrics(_metadataStore.updateMetadata(metadata))
     } catch {
-      case e: Throwable if retryOnError =>
+      case e: Throwable if requestsAsyncRetryEnabled && asyncRetryOnError =>
         error(s"Error updating metadata for session ${metadata.identifier}", e)
         addMetadataRetryRequest(UpdateMetadata(metadata))
     }
@@ -171,35 +193,33 @@ class MetadataManager extends AbstractService("MetadataManager") {
   }
 
   private def startMetadataCleaner(): Unit = {
-    val cleanerEnabled = conf.get(KyuubiConf.METADATA_CLEANER_ENABLED)
     val stateMaxAge = conf.get(METADATA_MAX_AGE)
-
-    if (cleanerEnabled) {
-      val interval = conf.get(KyuubiConf.METADATA_CLEANER_INTERVAL)
-      val cleanerTask: Runnable = () => {
-        try {
-          withMetadataRequestMetrics(_metadataStore.cleanupMetadataByAge(stateMaxAge))
-        } catch {
-          case e: Throwable => error("Error cleaning up the metadata by age", e)
-        }
+    val interval = conf.get(KyuubiConf.METADATA_CLEANER_INTERVAL)
+    val cleanerTask: Runnable = () => {
+      try {
+        withMetadataRequestMetrics(_metadataStore.cleanupMetadataByAge(stateMaxAge))
+      } catch {
+        case e: Throwable => error("Error cleaning up the metadata by age", e)
       }
-
-      metadataCleaner.scheduleWithFixedDelay(
-        cleanerTask,
-        interval,
-        interval,
-        TimeUnit.MILLISECONDS)
     }
+
+    metadataCleaner.scheduleWithFixedDelay(
+      cleanerTask,
+      interval,
+      interval,
+      TimeUnit.MILLISECONDS)
   }
 
   def addMetadataRetryRequest(request: MetadataRequest): Unit = {
-    if (identifierRequestsRetryRefs.size() > maxMetadataRequestsRetryRefs) {
+    val maxRequestsAsyncRetryRefs: Int =
+      conf.get(KyuubiConf.METADATA_REQUEST_ASYNC_RETRY_QUEUE_SIZE)
+    if (identifierRequestsAsyncRetryRefs.size() > maxRequestsAsyncRetryRefs) {
       throw new KyuubiException(
         "The number of metadata requests retry instances exceeds the limitation:" +
-          maxMetadataRequestsRetryRefs)
+          maxRequestsAsyncRetryRefs)
     }
     val identifier = request.metadata.identifier
-    val ref = identifierRequestsRetryRefs.computeIfAbsent(
+    val ref = identifierRequestsAsyncRetryRefs.computeIfAbsent(
       identifier,
       identifier => {
         val ref = new MetadataRequestsRetryRef
@@ -207,30 +227,29 @@ class MetadataManager extends AbstractService("MetadataManager") {
         ref
       })
     ref.addRetryingMetadataRequest(request)
-    identifierRequestsRetryRefs.putIfAbsent(identifier, ref)
+    identifierRequestsAsyncRetryRefs.putIfAbsent(identifier, ref)
     MetricsSystem.tracing(_.markMeter(MetricsConstants.METADATA_REQUEST_RETRYING))
   }
 
   def getMetadataRequestsRetryRef(identifier: String): MetadataRequestsRetryRef = {
-    identifierRequestsRetryRefs.get(identifier)
+    identifierRequestsAsyncRetryRefs.get(identifier)
   }
 
   def deRegisterRequestsRetryRef(identifier: String): Unit = {
-    identifierRequestsRetryRefs.remove(identifier)
-    identifierRequestsRetryingCounts.remove(identifier)
+    identifierRequestsAsyncRetryRefs.remove(identifier)
+    identifierRequestsAsyncRetryingCounts.remove(identifier)
   }
 
-  private def startMetadataRequestsRetryTrigger(): Unit = {
-    val interval = conf.get(KyuubiConf.METADATA_REQUEST_RETRY_INTERVAL)
+  private def startMetadataRequestsAsyncRetryTrigger(): Unit = {
     val triggerTask = new Runnable {
       override def run(): Unit = {
-        identifierRequestsRetryRefs.forEach { (id, ref) =>
+        identifierRequestsAsyncRetryRefs.forEach { (id, ref) =>
           if (!ref.hasRemainingRequests()) {
-            identifierRequestsRetryRefs.remove(id)
-            identifierRequestsRetryingCounts.remove(id)
+            identifierRequestsAsyncRetryRefs.remove(id)
+            identifierRequestsAsyncRetryingCounts.remove(id)
           } else {
-            val retryingCount =
-              identifierRequestsRetryingCounts.computeIfAbsent(id, _ => new AtomicInteger(0))
+            val retryingCount = identifierRequestsAsyncRetryingCounts
+              .computeIfAbsent(id, _ => new AtomicInteger(0))
 
             if (retryingCount.get() == 0) {
               val retryTask = new Runnable {
@@ -241,12 +260,9 @@ class MetadataManager extends AbstractService("MetadataManager") {
                     while (request != null) {
                       request match {
                         case insert: InsertMetadata =>
-                          insertMetadata(insert.metadata, retryOnError = false)
-
+                          insertMetadata(insert.metadata, asyncRetryOnError = false)
                         case update: UpdateMetadata =>
-                          updateMetadata(update.metadata, retryOnError = false)
-
-                        case _ =>
+                          updateMetadata(update.metadata, asyncRetryOnError = false)
                       }
                       ref.metadataRequests.remove(request)
                       MetricsSystem.tracing(_.markMeter(
@@ -265,22 +281,21 @@ class MetadataManager extends AbstractService("MetadataManager") {
 
               try {
                 retryingCount.incrementAndGet()
-                requestsRetryExecutor.submit(retryTask)
+                requestsAsyncRetryExecutor.submit(retryTask)
               } catch {
                 case e: Throwable =>
                   error(s"Error submitting metadata retry requests for $id", e)
                   retryingCount.decrementAndGet()
               }
             }
-
           }
         }
       }
     }
-    requestsRetryTrigger.scheduleWithFixedDelay(
+    requestsAsyncRetryTrigger.scheduleWithFixedDelay(
       triggerTask,
-      interval,
-      interval,
+      requestsRetryInterval,
+      requestsRetryInterval,
       TimeUnit.MILLISECONDS)
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataRequest.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataRequest.scala
index dcee6466b..2c121edfe 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataRequest.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataRequest.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.server.metadata
 
 import org.apache.kyuubi.server.metadata.api.Metadata
 
-trait MetadataRequest {
+sealed trait MetadataRequest {
   def metadata: Metadata
 }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
index d8a8af202..75c935a3d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
@@ -25,103 +25,152 @@ import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KyuubiException, KyuubiFunSuite}
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
+import org.apache.kyuubi.metrics.MetricsConstants._
 import org.apache.kyuubi.server.metadata.api.Metadata
 import org.apache.kyuubi.session.SessionType
 
 class MetadataManagerSuite extends KyuubiFunSuite {
-  val metadataManager = new MetadataManager()
-  val metricsSystem = new MetricsSystem()
-  val conf = KyuubiConf().set(KyuubiConf.METADATA_REQUEST_RETRY_INTERVAL, 100L)
-
-  override def beforeAll(): Unit = {
-    super.beforeAll()
-    metricsSystem.initialize(conf)
-    metricsSystem.start()
-    metadataManager.initialize(conf)
-    metadataManager.start()
-  }
 
-  override def afterAll(): Unit = {
-    metadataManager.getBatches(null, null, null, 0, 0, 0, Int.MaxValue).foreach { batch =>
-      metadataManager.cleanupMetadataById(batch.getId)
+  test("fail fast on duplicated key") {
+    Seq("true", "false").foreach { enableAsyncRetry =>
+      withMetadataManager(Map(
+        METADATA_REQUEST_ASYNC_RETRY_ENABLED.key -> enableAsyncRetry,
+        METADATA_REQUEST_RETRY_INTERVAL.key -> "100")) { metadataManager =>
+        val metadata = newMetadata()
+        metadataManager.insertMetadata(metadata)
+        Seq(true, false).foreach { asyncRetryOnError =>
+          intercept[KyuubiException] {
+            metadataManager.insertMetadata(metadata, asyncRetryOnError)
+          }
+        }
+      }
     }
-    metadataManager.stop()
-    metricsSystem.stop()
-    super.afterAll()
   }
 
-  override protected def afterEach(): Unit = {
-    eventually(timeout(5.seconds), interval(200.milliseconds)) {
-      assert(MetricsSystem.counterValue(
-        MetricsConstants.METADATA_REQUEST_OPENED).getOrElse(0L) === 0)
+  test("async retry the metadata store requests") {
+    withMetadataManager(
+      Map(
+        METADATA_REQUEST_ASYNC_RETRY_ENABLED.key -> "true",
+        METADATA_REQUEST_RETRY_INTERVAL.key -> "100"),
+      () =>
+        new MetadataManager {
+          override protected def unrecoverableDBErr(cause: Throwable): Boolean = false
+        }) { metadataManager =>
+      val metadata = newMetadata()
+      metadataManager.insertMetadata(metadata)
+      metadataManager.insertMetadata(metadata, asyncRetryOnError = true)
+      val retryRef = metadataManager.getMetadataRequestsRetryRef(metadata.identifier)
+      val metadataToUpdate = metadata.copy(state = "RUNNING")
+      retryRef.addRetryingMetadataRequest(UpdateMetadata(metadataToUpdate))
+      eventually(timeout(3.seconds)) {
+        assert(retryRef.hasRemainingRequests())
+        assert(metadataManager.getBatch(metadata.identifier).getState === "PENDING")
+      }
+
+      val metadata2 = metadata.copy(identifier = UUID.randomUUID().toString)
+      val metadata2ToUpdate = metadata2.copy(
+        engineId = "app_id",
+        engineName = "app_name",
+        engineUrl = "app_url",
+        engineState = "app_state",
+        state = "RUNNING")
+
+      metadataManager.addMetadataRetryRequest(InsertMetadata(metadata2))
+      metadataManager.addMetadataRetryRequest(UpdateMetadata(metadata2ToUpdate))
+
+      val retryRef2 = metadataManager.getMetadataRequestsRetryRef(metadata2.identifier)
+
+      eventually(timeout(3.seconds)) {
+        assert(!retryRef2.hasRemainingRequests())
+        assert(metadataManager.getBatch(metadata2.identifier).getState === "RUNNING")
+      }
+
+      metadataManager.identifierRequestsAsyncRetryRefs.clear()
+      eventually(timeout(3.seconds)) {
+        metadataManager.identifierRequestsAsyncRetryingCounts.asScala.forall(_._2.get() == 0)
+      }
+      metadataManager.identifierRequestsAsyncRetryingCounts.clear()
     }
   }
 
-  test("retry the metadata store requests") {
-    val metadata = Metadata(
-      identifier = UUID.randomUUID().toString,
-      sessionType = SessionType.BATCH,
-      realUser = "kyuubi",
-      username = "kyuubi",
-      ipAddress = "127.0.0.1",
-      kyuubiInstance = "localhost:10009",
-      state = "PENDING",
-      resource = "intern",
-      className = "org.apache.kyuubi.SparkWC",
-      requestName = "kyuubi_batch",
-      requestConf = Map("spark.master" -> "local"),
-      requestArgs = Seq("100"),
-      createTime = System.currentTimeMillis(),
-      engineType = "spark",
-      clusterManager = Some("local"))
-    metadataManager.insertMetadata(metadata)
-    intercept[KyuubiException] {
-      metadataManager.insertMetadata(metadata, retryOnError = false)
-    }
-    metadataManager.insertMetadata(metadata, retryOnError = true)
-    val retryRef = metadataManager.getMetadataRequestsRetryRef(metadata.identifier)
-    val metadataToUpdate = metadata.copy(state = "RUNNING")
-    retryRef.addRetryingMetadataRequest(UpdateMetadata(metadataToUpdate))
-    eventually(timeout(3.seconds)) {
-      assert(retryRef.hasRemainingRequests())
-      assert(metadataManager.getBatch(metadata.identifier).getState === "PENDING")
-    }
-
-    val metadata2 = metadata.copy(identifier = UUID.randomUUID().toString)
-    val metadata2ToUpdate = metadata2.copy(
-      engineId = "app_id",
-      engineName = "app_name",
-      engineUrl = "app_url",
-      engineState = "app_state",
-      state = "RUNNING")
-
-    metadataManager.addMetadataRetryRequest(InsertMetadata(metadata2))
-    metadataManager.addMetadataRetryRequest(UpdateMetadata(metadata2ToUpdate))
-
-    val retryRef2 = metadataManager.getMetadataRequestsRetryRef(metadata2.identifier)
-
-    eventually(timeout(3.seconds)) {
-      assert(!retryRef2.hasRemainingRequests())
-      assert(metadataManager.getBatch(metadata2.identifier).getState === "RUNNING")
+  test("async metadata request metrics") {
+    withMetadataManager(Map(
+      METADATA_REQUEST_ASYNC_RETRY_ENABLED.key -> "true",
+      METADATA_REQUEST_RETRY_INTERVAL.key -> "100")) { metadataManager =>
+      val totalRequests = MetricsSystem.meterValue(METADATA_REQUEST_TOTAL).getOrElse(0L)
+      val failedRequests = MetricsSystem.meterValue(METADATA_REQUEST_FAIL).getOrElse(0L)
+      val retryingRequests = MetricsSystem.meterValue(METADATA_REQUEST_RETRYING).getOrElse(0L)
+
+      val metadata = newMetadata()
+      metadataManager.insertMetadata(metadata)
+
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL)
+          .getOrElse(0L) - totalRequests === 1)
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL)
+          .getOrElse(0L) - failedRequests === 0)
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_RETRYING)
+          .getOrElse(0L) - retryingRequests === 0)
+
+      val invalidMetadata = metadata.copy(kyuubiInstance = null)
+      intercept[Exception](metadataManager.insertMetadata(invalidMetadata, false))
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL)
+          .getOrElse(0L) - totalRequests === 2)
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL)
+          .getOrElse(0L) - failedRequests === 1)
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_RETRYING)
+          .getOrElse(0L) - retryingRequests === 0)
+
+      metadataManager.insertMetadata(invalidMetadata, true)
+
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL)
+          .getOrElse(0L) - totalRequests === 3)
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL)
+          .getOrElse(0L) - failedRequests === 2)
+      assert(
+        MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_RETRYING)
+          .getOrElse(0L) - retryingRequests === 1)
     }
+  }
 
-    metadataManager.identifierRequestsRetryRefs.clear()
-    eventually(timeout(3.seconds)) {
-      metadataManager.identifierRequestsRetryingCounts.asScala.forall(_._2.get() == 0)
+  private def withMetadataManager(
+      confOverlay: Map[String, String],
+      newMetadataMgr: () => MetadataManager = () => new MetadataManager())(
+      f: MetadataManager => Unit): Unit = {
+    val metricsSystem = new MetricsSystem()
+    val metadataManager = newMetadataMgr()
+    val conf = KyuubiConf()
+    confOverlay.foreach { case (k, v) => conf.set(k, v) }
+    try {
+      metricsSystem.initialize(conf)
+      metricsSystem.start()
+      metadataManager.initialize(conf)
+      metadataManager.start()
+      f(metadataManager)
+    } finally {
+      metadataManager.getBatches(null, null, null, 0, 0, 0, Int.MaxValue).foreach { batch =>
+        metadataManager.cleanupMetadataById(batch.getId)
+      }
+      // ensure no metadata request leak
+      eventually(timeout(5.seconds), interval(200.milliseconds)) {
+        assert(MetricsSystem.counterValue(METADATA_REQUEST_OPENED).getOrElse(0L) === 0)
+      }
+      metadataManager.stop()
+      metricsSystem.stop()
     }
-    metadataManager.identifierRequestsRetryingCounts.clear()
   }
 
-  test("metadata request metrics") {
-    val totalRequests =
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL).getOrElse(0L)
-    val failedRequests =
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL).getOrElse(0L)
-    val retryingRequests =
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_RETRYING).getOrElse(0L)
-
-    val metadata = Metadata(
+  private def newMetadata(): Metadata = {
+    Metadata(
       identifier = UUID.randomUUID().toString,
       sessionType = SessionType.BATCH,
       realUser = "kyuubi",
@@ -137,37 +186,5 @@ class MetadataManagerSuite extends KyuubiFunSuite {
       createTime = System.currentTimeMillis(),
       engineType = "spark",
       clusterManager = Some("local"))
-    metadataManager.insertMetadata(metadata)
-
-    assert(
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL).getOrElse(
-        0L) - totalRequests === 1)
-    assert(
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL).getOrElse(
-        0L) - failedRequests === 0)
-    assert(MetricsSystem.meterValue(
-      MetricsConstants.METADATA_REQUEST_RETRYING).getOrElse(0L) - retryingRequests === 0)
-
-    val invalidMetadata = metadata.copy(kyuubiInstance = null)
-    intercept[Exception](metadataManager.insertMetadata(invalidMetadata, false))
-    assert(
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL).getOrElse(
-        0L) - totalRequests === 2)
-    assert(
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL).getOrElse(
-        0L) - failedRequests === 1)
-    assert(MetricsSystem.meterValue(
-      MetricsConstants.METADATA_REQUEST_RETRYING).getOrElse(0L) - retryingRequests === 0)
-
-    metadataManager.insertMetadata(invalidMetadata, true)
-
-    assert(
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL).getOrElse(
-        0L) - totalRequests === 3)
-    assert(
-      MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_FAIL).getOrElse(
-        0L) - failedRequests === 2)
-    assert(MetricsSystem.meterValue(
-      MetricsConstants.METADATA_REQUEST_RETRYING).getOrElse(0L) - retryingRequests === 1)
   }
 }

From abc0a1d9f0973a2d9b5bdcbf92a814d9b2d6b3b3 Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Wed, 1 Mar 2023 10:05:14 +0800
Subject: [PATCH 126/760] [KYUUBI #4429] Add support for `OneRelation`

### _Why are the changes needed?_

The `LogicalPlan` of SQL with `OneRowRelation`:
```
select 1,2,(select count(distinct" +
        " ifnull(get_json_object(a, '$.b.imei'), get_json_object(a, '$.b.android_id'))) from t2)
```

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4429 from iodone/kyuubi-count.

Closes #4429

c3759239 [odone] add OneRowRelation

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../helper/SparkSQLLineageParseHelper.scala     | 12 ++++++++++++
 .../SparkSQLLineageParserHelperSuite.scala      | 17 +++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index a58653113..cfd155527 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -402,6 +402,18 @@ trait LineageParser {
       case p: LocalRelation =>
         joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(LOCAL_TABLE_IDENTIFIER))
 
+      case _: OneRowRelation =>
+        parentColumnsLineage.map {
+          case (k, attrs) =>
+            k -> AttributeSet(attrs.map {
+              case attr
+                  if attr.qualifier.nonEmpty && attr.qualifier.last.equalsIgnoreCase(
+                    SUBQUERY_COLUMN_IDENTIFIER) =>
+                attr.withQualifier(attr.qualifier.init)
+              case attr => attr
+            })
+        }
+
       case p: InMemoryRelation =>
         // get logical plan from cachedPlan
         val cachedTableLogical = findSparkPlanLogicalLink(Seq(p.cacheBuilder.cachedPlan))
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index 050f3ddc9..4e1edc5c1 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -1213,6 +1213,23 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
+  test("test count()") {
+    withTable("t1", "t2") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
+      spark.sql("CREATE TABLE t2 (a string, b string, c string) USING hive")
+      val ret0 = exectractLineage("insert into t1 select 1,2,(select count(distinct" +
+        " ifnull(get_json_object(a, '$.b.imei'), get_json_object(a, '$.b.android_id'))) from t2)")
+
+      assert(ret0 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set()),
+          ("default.t1.b", Set()),
+          ("default.t1.c", Set("default.t2.a")))))
+    }
+  }
+
   private def exectractLineageWithoutExecuting(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)

From 19b4b0a3fd73fb5ecb3f39264fe55d46ffe7489a Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Wed, 1 Mar 2023 16:16:55 +0800
Subject: [PATCH 127/760] [KYUUBI #4432] jobId across tasks should be
 consistent to meet the contract expected by Hadoop committers

### _Why are the changes needed?_

jobId across tasks should be consistent to meet the contract expected by Hadoop committers

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4432 from Yikf/jobid.

Closes #4432

4e7401c91 [Yikf] jobId across tasks should be consistent

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../hive/write/FileWriterFactory.scala        | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
index 6ebb55f14..3b86d43c7 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.spark.connector.hive.write
 
 import java.util.Date
 
+import org.apache.hadoop.mapred.JobID
 import org.apache.hadoop.mapreduce.{TaskAttemptID, TaskID, TaskType}
 import org.apache.hadoop.mapreduce.task.TaskAttemptContextImpl
 import org.apache.spark.internal.io.FileCommitProtocol
@@ -34,7 +35,12 @@ case class FileWriterFactory(
     description: WriteJobDescription,
     committer: FileCommitProtocol) extends DataWriterFactory {
 
-  @transient private lazy val jobId = sparkHadoopWriterUtils.createJobID(new Date, 0)
+  // SPARK-42478: jobId across tasks should be consistent to meet the contract
+  // expected by Hadoop committers, but `JobId` cannot be serialized.
+  // thus, persist the serializable jobTrackerID in the class and make jobId a
+  // transient lazy val which recreates it each time to ensure jobId is unique.
+  private[this] val jobTrackerID = sparkHadoopWriterUtils.createJobTrackerID(new Date)
+  @transient private lazy val jobId = createJobID(jobTrackerID, 0)
 
   override def createWriter(partitionId: Int, realTaskId: Long): DataWriter[InternalRow] = {
     val taskAttemptContext = createTaskAttemptContext(partitionId)
@@ -59,4 +65,18 @@ case class FileWriterFactory(
 
     new TaskAttemptContextImpl(hadoopConf, taskAttemptId)
   }
+
+  /**
+   * Create a job ID.
+   *
+   * @param jobTrackerID unique job track id
+   * @param id job number
+   * @return a job ID
+   */
+  def createJobID(jobTrackerID: String, id: Int): JobID = {
+    if (id < 0) {
+      throw new IllegalArgumentException("Job number is negative")
+    }
+    new JobID(jobTrackerID, id)
+  }
 }

From 885d0c7bbc17ea93f652a84344e0bbc6047fd6da Mon Sep 17 00:00:00 2001
From: wxmimperio <wxmimperio@outlook.com>
Date: Thu, 2 Mar 2023 11:28:22 +0800
Subject: [PATCH 128/760] [KYUUBI #4435] Change kyuubi.operation.result.format
 log level to debug

### _Why are the changes needed?_

There is no need to log kyuubi.operation.result.format information every time a statement is executed.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4435 from imperio-wxm/master.

Closes #4435

2dd4fb744 [Cheng Pan] Update kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
e32c6fea6 [Cheng Pan] Update kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
1d9c5ed2b [wxmimperio] Change kyuubi.operation.result.format log level to debug

Lead-authored-by: wxmimperio <wxmimperio@outlook.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
index b452ca6aa..cbe32eca6 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiStatement.java
@@ -212,7 +212,7 @@ private boolean executeWithConfOverlay(String sql, Map<String, String> confOverl
 
     String resultFormat =
         properties.getOrDefault("__kyuubi_operation_result_format__", DEFAULT_RESULT_FORMAT);
-    LOG.info("kyuubi.operation.result.format: " + resultFormat);
+    LOG.debug("kyuubi.operation.result.format: {}", resultFormat);
     switch (resultFormat) {
       case "arrow":
         boolean timestampAsString =
@@ -275,7 +275,7 @@ public boolean executeAsync(String sql) throws SQLException {
 
     String resultFormat =
         properties.getOrDefault("__kyuubi_operation_result_format__", DEFAULT_RESULT_FORMAT);
-    LOG.info("kyuubi.operation.result.format: " + resultFormat);
+    LOG.debug("kyuubi.operation.result.format: {}", resultFormat);
     switch (resultFormat) {
       case "arrow":
         boolean timestampAsString =

From efbaaff6fbe0a11a38e0cb13421175f92bb0bc45 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 2 Mar 2023 17:42:52 +0800
Subject: [PATCH 129/760] [KYUUBI #4390] Allow user to provide batch id on
 submitting batch job

### _Why are the changes needed?_

This PR proposes to allow the user to provide a batch id on submitting a batch job. If the batch id already existed in metastore, Kyuubi ignores this submission and just returns the existing one, w/ a marker in response, this could avoid duplicated batch job submission.

Talking about the implementation, the key things are

How does the user set the custom batch id?

- User can optionally set the `kyuubi.batch.id` in `conf: Map[String, String]`, and the value must be a UUID, for Java users, it can be generated by `UUID.randomUUID().toString()`

How does the Kyuubi Server detect the duplication?

- It's simple in single Kyuubi Server instance case, Kyuubi just needs to look up the metastore before creating a batch job
- In HA mode, suppose the user requests to create the batch jobs w/ the same batch id concurrently, multiple Kyuubi Servers may process the request and try to insert to metastore DB at the same time, but only the first insertion success, others will fail w/ "duplicated key", Kyuubi Server needs to catch this error and return the existing batch job information instead of creating a new one.

How does the user know if the returned batch job is new created or duplicated?

- a new field `batchInfo: Map[String, String]` is added to the response, and for duplicated batch job, `"kyuubi.batch.duplicated": "true"` will be contained.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4390 from pan3793/batch-id.

Closes #4390

b6917babf [Cheng Pan] move constant to rest client
79ef1b5d8 [Cheng Pan] flaky test
f82228506 [Cheng Pan] it
88bdfa50a [Cheng Pan] ut
fd8bc222a [Cheng Pan] ut
c820f5e43 [Cheng Pan] Support user provided batch id on batch job submission

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/SparkOnKubernetesTestsSuite.scala   | 11 ++-
 .../org/apache/kyuubi/util/JdbcUtils.scala    |  8 ++
 .../kyuubi/client/api/v1/dto/Batch.java       | 18 ++++-
 .../client/api/v1/dto/BatchRequest.java       |  6 +-
 .../apache/kyuubi/client/util/BatchUtils.java |  9 +++
 .../kyuubi/client/RestClientTestUtils.java    | 53 ++++++-------
 .../server/api/v1/BatchesResource.scala       | 76 ++++++++++++++-----
 .../server/metadata/MetadataManager.scala     | 14 ++--
 .../session/KyuubiBatchSessionImpl.scala      | 13 ++--
 .../kyuubi/WithKyuubiServerOnYarn.scala       | 15 +++-
 .../ServerJsonLoggingEventHandlerSuite.scala  | 24 +++---
 .../server/api/v1/BatchesResourceSuite.scala  | 34 ++++++++-
 .../server/rest/client/BatchCliSuite.scala    |  8 +-
 13 files changed, 200 insertions(+), 89 deletions(-)

diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 019de840d..14db8b408 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -17,13 +17,16 @@
 
 package org.apache.kyuubi.kubernetes.test.spark
 
+import java.util.UUID
+
 import scala.collection.JavaConverters._
 import scala.concurrent.duration._
 
 import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.net.NetUtils
 
-import org.apache.kyuubi.{BatchTestHelper, KyuubiException, Logging, Utils, WithKyuubiServer, WithSimpleDFSService}
+import org.apache.kyuubi._
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_HOST
 import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationOperation, KubernetesApplicationOperation}
@@ -134,7 +137,8 @@ class KyuubiOperationKubernetesClusterClientModeSuite
     server.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
 
   test("Spark Client Mode On Kubernetes Kyuubi KubernetesApplicationOperation Suite") {
-    val batchRequest = newSparkBatchRequest(conf.getAll)
+    val batchRequest = newSparkBatchRequest(conf.getAll ++ Map(
+      KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))
 
     val sessionHandle = sessionManager.openBatchSession(
       "kyuubi",
@@ -193,7 +197,8 @@ class KyuubiOperationKubernetesClusterClusterModeSuite
       "spark.kubernetes.driver.pod.name",
       driverPodNamePrefix + "-" + System.currentTimeMillis())
 
-    val batchRequest = newSparkBatchRequest(conf.getAll)
+    val batchRequest = newSparkBatchRequest(conf.getAll ++ Map(
+      KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))
 
     val sessionHandle = sessionManager.openBatchSession(
       "runner",
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala
index df72ee339..b89580f4c 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala
@@ -104,4 +104,12 @@ object JdbcUtils extends Logging {
       case _ => "(empty)"
     }
   }
+
+  def isDuplicatedKeyDBErr(cause: Throwable): Boolean = {
+    val duplicatedKeyKeywords = Seq(
+      "duplicate key value in a unique or primary key constraint or unique index", // Derby
+      "Duplicate entry" // MySQL
+    )
+    duplicatedKeyKeywords.exists(cause.getMessage.contains)
+  }
 }
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Batch.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Batch.java
index 43fbf10af..b318b709d 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Batch.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Batch.java
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.client.api.v1.dto;
 
+import java.util.Collections;
+import java.util.Map;
 import java.util.Objects;
 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@@ -35,6 +37,7 @@ public class Batch {
   private String state;
   private long createTime;
   private long endTime;
+  private Map<String, String> batchInfo = Collections.emptyMap();
 
   public Batch() {}
 
@@ -51,7 +54,8 @@ public Batch(
       String kyuubiInstance,
       String state,
       long createTime,
-      long endTime) {
+      long endTime,
+      Map<String, String> batchInfo) {
     this.id = id;
     this.user = user;
     this.batchType = batchType;
@@ -65,6 +69,7 @@ public Batch(
     this.state = state;
     this.createTime = createTime;
     this.endTime = endTime;
+    this.batchInfo = batchInfo;
   }
 
   public String getId() {
@@ -171,6 +176,17 @@ public void setEndTime(long endTime) {
     this.endTime = endTime;
   }
 
+  public Map<String, String> getBatchInfo() {
+    if (batchInfo == null) {
+      return Collections.emptyMap();
+    }
+    return batchInfo;
+  }
+
+  public void setBatchInfo(Map<String, String> batchInfo) {
+    this.batchInfo = batchInfo;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/BatchRequest.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/BatchRequest.java
index f10a8fdb5..f45821fc2 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/BatchRequest.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/BatchRequest.java
@@ -29,8 +29,8 @@ public class BatchRequest {
   private String resource;
   private String className;
   private String name;
-  private Map<String, String> conf;
-  private List<String> args;
+  private Map<String, String> conf = Collections.emptyMap();
+  private List<String> args = Collections.emptyList();
 
   public BatchRequest() {}
 
@@ -54,8 +54,6 @@ public BatchRequest(String batchType, String resource, String className, String
     this.resource = resource;
     this.className = className;
     this.name = name;
-    this.conf = Collections.emptyMap();
-    this.args = Collections.emptyList();
   }
 
   public String getBatchType() {
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/BatchUtils.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/BatchUtils.java
index 59f5967a0..f7efaad9d 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/BatchUtils.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/BatchUtils.java
@@ -20,6 +20,7 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;
+import org.apache.kyuubi.client.api.v1.dto.Batch;
 
 public final class BatchUtils {
   /** The batch has not been submitted to resource manager yet. */
@@ -40,6 +41,10 @@ public final class BatchUtils {
   public static List<String> terminalBatchStates =
       Arrays.asList(FINISHED_STATE, ERROR_STATE, CANCELED_STATE);
 
+  public static String KYUUBI_BATCH_ID_KEY = "kyuubi.batch.id";
+
+  public static String KYUUBI_BATCH_DUPLICATED_KEY = "kyuubi.batch.duplicated";
+
   public static boolean isPendingState(String state) {
     return PENDING_STATE.equalsIgnoreCase(state);
   }
@@ -55,4 +60,8 @@ public static boolean isFinishedState(String state) {
   public static boolean isTerminalState(String state) {
     return state != null && terminalBatchStates.contains(state.toUpperCase(Locale.ROOT));
   }
+
+  public static boolean isDuplicatedSubmission(Batch batch) {
+    return "true".equalsIgnoreCase(batch.getBatchInfo().get(KYUUBI_BATCH_DUPLICATED_KEY));
+  }
 }
diff --git a/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/RestClientTestUtils.java b/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/RestClientTestUtils.java
index 82413e2a4..1ac0278bf 100644
--- a/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/RestClientTestUtils.java
+++ b/kyuubi-rest-client/src/test/java/org/apache/kyuubi/client/RestClientTestUtils.java
@@ -45,35 +45,31 @@ public static CloseBatchResponse generateTestCloseBatchResp() {
   }
 
   public static Batch generateTestBatch(String id) {
-    Batch batch =
-        new Batch(
-            id,
-            TEST_USERNAME,
-            "spark",
-            "batch_name",
-            0,
-            id,
-            null,
-            "RUNNING",
-            null,
-            "192.168.31.130:64573",
-            "RUNNING",
-            BATCH_CREATE_TIME,
-            0);
-
-    return batch;
+    return new Batch(
+        id,
+        TEST_USERNAME,
+        "spark",
+        "batch_name",
+        0,
+        id,
+        null,
+        "RUNNING",
+        null,
+        "192.168.31.130:64573",
+        "RUNNING",
+        BATCH_CREATE_TIME,
+        0,
+        Collections.emptyMap());
   }
 
   public static BatchRequest generateTestBatchRequest() {
-    BatchRequest batchRequest =
-        new BatchRequest(
-            "spark",
-            "/MySpace/kyuubi-spark-sql-engine_2.12-1.6.0-SNAPSHOT.jar",
-            "org.apache.kyuubi.engine.spark.SparkSQLEngine",
-            "test_batch",
-            Collections.singletonMap("spark.driver.memory", "16m"),
-            Collections.emptyList());
-    return batchRequest;
+    return new BatchRequest(
+        "spark",
+        "/MySpace/kyuubi-spark-sql-engine_2.12-1.6.0-SNAPSHOT.jar",
+        "org.apache.kyuubi.engine.spark.SparkSQLEngine",
+        "test_batch",
+        Collections.singletonMap("spark.driver.memory", "16m"),
+        Collections.emptyList());
   }
 
   public static GetBatchesResponse generateTestBatchesResponse() {
@@ -87,9 +83,8 @@ public static GetBatchesResponse generateTestBatchesResponse() {
   public static OperationLog generateTestOperationLog() {
     List<String> logs =
         Arrays.asList(
-            "13:15:13.523 INFO org.apache.curator.framework.state."
-                + "ConnectionStateManager: State change: CONNECTED",
-            "13:15:13.528 INFO org.apache.kyuubi." + "engine.EngineRef: Launching engine:");
+            "13:15:13.523 INFO ConnectionStateManager: State change: CONNECTED",
+            "13:15:13.528 INFO EngineRef: Launching engine:");
     return new OperationLog(logs, 2);
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 924e7b89c..edfc05616 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -19,13 +19,14 @@ package org.apache.kyuubi.server.api.v1
 
 import java.io.InputStream
 import java.util
-import java.util.{Collections, Locale}
+import java.util.{Collections, Locale, UUID}
 import java.util.concurrent.ConcurrentHashMap
 import javax.ws.rs._
 import javax.ws.rs.core.MediaType
 import javax.ws.rs.core.Response.Status
 
 import scala.collection.JavaConverters._
+import scala.util.{Failure, Success, Try}
 import scala.util.control.NonFatal
 
 import io.swagger.v3.oas.annotations.media.{Content, Schema}
@@ -36,6 +37,7 @@ import org.glassfish.jersey.media.multipart.{FormDataContentDisposition, FormDat
 import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.client.exception.KyuubiRestException
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.engine.{ApplicationInfo, KyuubiApplicationManager}
@@ -45,6 +47,7 @@ import org.apache.kyuubi.server.api.v1.BatchesResource._
 import org.apache.kyuubi.server.metadata.MetadataManager
 import org.apache.kyuubi.server.metadata.api.Metadata
 import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionManager, SessionHandle}
+import org.apache.kyuubi.util.JdbcUtils
 
 @Tag(name = "Batch")
 @Produces(Array(MediaType.APPLICATION_JSON))
@@ -105,7 +108,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       session.connectionUrl,
       batchOpStatus.state.toString,
       session.createTime,
-      batchOpStatus.completed)
+      batchOpStatus.completed,
+      Map.empty[String, String].asJava)
   }
 
   private def buildBatch(
@@ -142,7 +146,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
         metadata.kyuubiInstance,
         currentBatchState,
         metadata.createTime,
-        metadata.endTime)
+        metadata.endTime,
+        Map.empty[String, String].asJava)
     }.getOrElse(MetadataManager.buildBatch(metadata))
   }
 
@@ -210,22 +215,55 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     }
     request.setBatchType(request.getBatchType.toUpperCase(Locale.ROOT))
 
-    val userName = fe.getSessionUser(request.getConf.asScala.toMap)
-    val ipAddress = fe.getIpAddress
-    request.setConf(
-      (request.getConf.asScala ++ Map(
-        KYUUBI_BATCH_RESOURCE_UPLOADED_KEY -> isResourceFromUpload.toString,
-        KYUUBI_CLIENT_IP_KEY -> ipAddress,
-        KYUUBI_SERVER_IP_KEY -> fe.host,
-        KYUUBI_SESSION_CONNECTION_URL_KEY -> fe.connectionUrl,
-        KYUUBI_SESSION_REAL_USER_KEY -> fe.getRealUser())).asJava)
-    val sessionHandle = sessionManager.openBatchSession(
-      userName,
-      "anonymous",
-      ipAddress,
-      request.getConf.asScala.toMap,
-      request)
-    buildBatch(sessionManager.getBatchSessionImpl(sessionHandle))
+    val userProvidedBatchId = request.getConf.asScala.get(KYUUBI_BATCH_ID_KEY)
+    userProvidedBatchId.foreach { batchId =>
+      try UUID.fromString(batchId)
+      catch {
+        case NonFatal(e) =>
+          throw new IllegalArgumentException(s"$KYUUBI_BATCH_ID_KEY=$batchId must be an UUID", e)
+      }
+    }
+
+    userProvidedBatchId.flatMap { batchId =>
+      Option(sessionManager.getBatchFromMetadataStore(batchId))
+    } match {
+      case Some(batch) =>
+        markDuplicated(batch)
+      case None =>
+        val userName = fe.getSessionUser(request.getConf.asScala.toMap)
+        val ipAddress = fe.getIpAddress
+        val batchId = userProvidedBatchId.getOrElse(UUID.randomUUID().toString)
+        request.setConf(
+          (request.getConf.asScala ++ Map(
+            KYUUBI_BATCH_ID_KEY -> batchId,
+            KYUUBI_BATCH_RESOURCE_UPLOADED_KEY -> isResourceFromUpload.toString,
+            KYUUBI_CLIENT_IP_KEY -> ipAddress,
+            KYUUBI_SERVER_IP_KEY -> fe.host,
+            KYUUBI_SESSION_CONNECTION_URL_KEY -> fe.connectionUrl,
+            KYUUBI_SESSION_REAL_USER_KEY -> fe.getRealUser())).asJava)
+
+        Try {
+          sessionManager.openBatchSession(
+            userName,
+            "anonymous",
+            ipAddress,
+            request.getConf.asScala.toMap,
+            request)
+        } match {
+          case Success(sessionHandle) =>
+            buildBatch(sessionManager.getBatchSessionImpl(sessionHandle))
+          case Failure(cause) if JdbcUtils.isDuplicatedKeyDBErr(cause) =>
+            val batch = sessionManager.getBatchFromMetadataStore(batchId)
+            assert(batch != null, s"can not find duplicated batch $batchId from metadata store")
+            markDuplicated(batch)
+        }
+    }
+  }
+
+  private def markDuplicated(batch: Batch): Batch = {
+    warn(s"duplicated submission: ${batch.getId}, ignore and return the existing batch.")
+    batch.setBatchInfo(Map(KYUUBI_BATCH_DUPLICATED_KEY -> "true").asJava)
+    batch
   }
 
   @ApiResponse(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
index 35abc1b30..88a7f4e4e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
@@ -20,6 +20,8 @@ package org.apache.kyuubi.server.metadata
 import java.util.concurrent.{ConcurrentHashMap, ThreadPoolExecutor, TimeUnit}
 import java.util.concurrent.atomic.AtomicInteger
 
+import scala.collection.JavaConverters._
+
 import org.apache.kyuubi.{KyuubiException, Logging}
 import org.apache.kyuubi.client.api.v1.dto.Batch
 import org.apache.kyuubi.config.KyuubiConf
@@ -29,7 +31,7 @@ import org.apache.kyuubi.operation.OperationState
 import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.service.AbstractService
 import org.apache.kyuubi.session.SessionType
-import org.apache.kyuubi.util.{ClassUtils, ThreadUtils}
+import org.apache.kyuubi.util.{ClassUtils, JdbcUtils, ThreadUtils}
 
 class MetadataManager extends AbstractService("MetadataManager") {
   import MetadataManager._
@@ -105,11 +107,8 @@ class MetadataManager extends AbstractService("MetadataManager") {
   }
 
   protected def unrecoverableDBErr(cause: Throwable): Boolean = {
-    val unrecoverableKeywords = Seq(
-      "duplicate key value in a unique or primary key constraint or unique index", // Derby
-      "Duplicate entry" // MySQL
-    )
-    unrecoverableKeywords.exists(cause.getMessage.contains)
+    // cover other cases in the future
+    JdbcUtils.isDuplicatedKeyDBErr(cause)
   }
 
   def insertMetadata(metadata: Metadata, asyncRetryOnError: Boolean = true): Unit = {
@@ -334,6 +333,7 @@ object MetadataManager extends Logging {
       batchMetadata.kyuubiInstance,
       batchState,
       batchMetadata.createTime,
-      batchMetadata.endTime)
+      batchMetadata.endTime,
+      Map.empty[String, String].asJava)
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
index 7864d61f3..228890a1e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
@@ -17,13 +17,12 @@
 
 package org.apache.kyuubi.session
 
-import java.util.UUID
-
 import scala.collection.JavaConverters._
 
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.client.api.v1.dto.BatchRequest
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.engine.KyuubiApplicationManager
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
@@ -50,9 +49,10 @@ class KyuubiBatchSessionImpl(
     sessionManager) {
   override val sessionType: SessionType = SessionType.BATCH
 
-  override val handle: SessionHandle = recoveryMetadata.map { metadata =>
-    SessionHandle(UUID.fromString(metadata.identifier))
-  }.getOrElse(SessionHandle())
+  override val handle: SessionHandle = {
+    val batchId = recoveryMetadata.map(_.identifier).getOrElse(conf(KYUUBI_BATCH_ID_KEY))
+    SessionHandle.fromUUID(batchId)
+  }
 
   override def createTime: Long = recoveryMetadata.map(_.createTime).getOrElse(super.createTime)
 
@@ -105,7 +105,7 @@ class KyuubiBatchSessionImpl(
   }
 
   private val sessionEvent = KyuubiSessionEvent(this)
-  recoveryMetadata.map(metadata => sessionEvent.engineId = metadata.engineId)
+  recoveryMetadata.foreach(metadata => sessionEvent.engineId = metadata.engineId)
   EventBus.post(sessionEvent)
 
   override def getSessionEvent: Option[KyuubiSessionEvent] = {
@@ -146,6 +146,7 @@ class KyuubiBatchSessionImpl(
         engineType = batchRequest.getBatchType,
         clusterManager = batchJobSubmissionOp.builder.clusterManager())
 
+      // there is a chance that operation failed w/ duplicated key error
       sessionManager.insertMetadata(metaData)
     }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index 27e769d29..3bc6bb1c5 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -17,9 +17,12 @@
 
 package org.apache.kyuubi
 
+import java.util.UUID
+
 import scala.collection.JavaConverters._
 import scala.concurrent.duration._
 
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.FrontendProtocol
@@ -104,7 +107,10 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
 
   test("open batch session") {
     val batchRequest =
-      newSparkBatchRequest(Map("spark.master" -> "local", "spark.executor.instances" -> "1"))
+      newSparkBatchRequest(Map(
+        "spark.master" -> "local",
+        "spark.executor.instances" -> "1",
+        KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))
 
     val sessionHandle = sessionManager.openBatchSession(
       "kyuubi",
@@ -162,7 +168,9 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
   }
 
   test("prevent dead loop if the batch job submission process it not alive") {
-    val batchRequest = newSparkBatchRequest(Map("spark.submit.deployMode" -> "invalid"))
+    val batchRequest = newSparkBatchRequest(Map(
+      "spark.submit.deployMode" -> "invalid",
+      KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))
 
     val sessionHandle = sessionManager.openBatchSession(
       "kyuubi",
@@ -188,7 +196,8 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       "spark.submit.deployMode" -> "cluster",
       "spark.sql.defaultCatalog=spark_catalog" -> "spark_catalog",
       "spark.sql.catalog.spark_catalog.type" -> "invalid_type",
-      "kyuubi.session.engine.initialize.timeout" -> "PT10m"))(Map.empty) {
+      "kyuubi.session.engine.initialize.timeout" -> "PT10M",
+      KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))(Map.empty) {
       val startTime = System.currentTimeMillis()
       val exception = intercept[Exception] {
         withJdbcStatement() { _ => }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
index df8ea1083..3bdc9cd38 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
@@ -28,8 +28,10 @@ import com.fasterxml.jackson.databind.ObjectMapper
 import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.{FileSystem, Path}
 import org.apache.hive.service.rpc.thrift.{TOpenSessionReq, TStatusCode}
+import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi._
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.operation.OperationState._
@@ -138,7 +140,7 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
       Utils.currentUser,
       "kyuubi",
       "127.0.0.1",
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       batchRequest)
     withSessionConf()(Map.empty)(Map("spark.sql.shuffle.partitions" -> "2")) {
       withJdbcStatement() { statement =>
@@ -277,15 +279,17 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
       }
     }
 
-    val serverSessionEventPath =
-      Paths.get(serverLogRoot, "kyuubi_session", s"day=$currentDate")
-    withJdbcStatement() { statement =>
-      val res = statement.executeQuery(
-        s"SELECT * FROM `json`.`$serverSessionEventPath` " +
-          s"where sessionName = '$name' and exception is not null limit 1")
-      assert(res.next())
-      val exception = res.getObject("exception")
-      assert(exception.toString.contains("Invalid maximum heap size: -Xmxabc"))
+    eventually(timeout(2.minutes), interval(10.seconds)) {
+      val serverSessionEventPath =
+        Paths.get(serverLogRoot, "kyuubi_session", s"day=$currentDate")
+      withJdbcStatement() { statement =>
+        val res = statement.executeQuery(
+          s"SELECT * FROM `json`.`$serverSessionEventPath` " +
+            s"where sessionName = '$name' and exception is not null limit 1")
+        assert(res.next())
+        val exception = res.getObject("exception")
+        assert(exception.toString.contains("Invalid maximum heap size: -Xmxabc"))
+      }
     }
   }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index ce05cbd6b..055496ff3 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -33,6 +33,8 @@ import org.glassfish.jersey.media.multipart.file.FileDataBodyPart
 
 import org.apache.kyuubi.{BatchTestHelper, KyuubiFunSuite, RestFrontendTestHelper}
 import org.apache.kyuubi.client.api.v1.dto._
+import org.apache.kyuubi.client.util.BatchUtils
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.engine.{ApplicationInfo, KyuubiApplicationManager}
@@ -226,6 +228,30 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     }
   }
 
+  test("open batch session w/ batch id") {
+    val batchId = UUID.randomUUID().toString
+    val reqObj = newSparkBatchRequest(Map(
+      "spark.master" -> "local",
+      KYUUBI_BATCH_ID_KEY -> batchId))
+
+    val resp1 = webTarget.path("api/v1/batches")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(reqObj, MediaType.APPLICATION_JSON_TYPE))
+    assert(200 == resp1.getStatus)
+    val batch1 = resp1.readEntity(classOf[Batch])
+    assert(batch1.getId === batchId)
+
+    val resp2 = webTarget.path("api/v1/batches")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(reqObj, MediaType.APPLICATION_JSON_TYPE))
+    assert(200 == resp2.getStatus)
+    val batch2 = resp2.readEntity(classOf[Batch])
+    assert(batch2.getId === batchId)
+
+    assert(batch1.getCreateTime === batch2.getCreateTime)
+    assert(BatchUtils.isDuplicatedSubmission(batch2))
+  }
+
   test("get batch session list") {
     val sessionManager = server.frontendServices.head
       .be.sessionManager.asInstanceOf[KyuubiSessionManager]
@@ -250,7 +276,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
@@ -272,7 +298,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
@@ -282,7 +308,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
@@ -672,7 +698,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
         "kyuubi",
         "kyuubi",
         InetAddress.getLocalHost.getCanonicalHostName,
-        Map.empty,
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
         newSparkBatchRequest(Map("spark.jars" -> "disAllowPath")))
     }
     val sessionHandleRegex = "\\[[\\S]*\\]".r
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
index 9d0a9b15a..ff807ef02 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
@@ -21,6 +21,7 @@ import java.io.File
 import java.net.InetAddress
 import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Paths}
+import java.util.UUID
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.hadoop.shaded.com.nimbusds.jose.util.StandardCharset
@@ -28,6 +29,7 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{BatchTestHelper, RestClientTestHelper, Utils}
+import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ctl.{CtlConf, TestPrematureExit}
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
@@ -256,7 +258,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         "",
@@ -278,7 +280,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         "",
@@ -288,7 +290,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map.empty,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         "",

From 5fab9b710ae048f165d4467d0368eb5d41ed50c1 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 2 Mar 2023 18:00:19 +0800
Subject: [PATCH 130/760] [KYUUBI #4274] [FOLLOWUP] Increase maximum degree of
 concurrency for mvnd in CI jobs

### _Why are the changes needed?_

- concurrent execution and smart builder is shipped with `mvnd`, but the CI log shows they are not activated
- increase maximum degree of concurrency and utilize `SmartBuilder` feature in `mvnd`. `-Dmvnd.minThreads` is set as fallback and it will be ignored if `--threads` or `-Dmvnd.threads` is used.

#### Before:
(https://github.com/apache/kyuubi/actions/runs/4276652363/jobs/7444896450#step:6:64)
```
[INFO] Build maximum degree of concurrency is 1
```

#### After:
(https://github.com/apache/kyuubi/actions/runs/4279322563/jobs/7449912132#step:8:64)
```
[INFO] Using the SmartBuilder implementation with a thread count of 4
[INFO] Build maximum degree of concurrency is 4
```
(https://github.com/apache/kyuubi/actions/runs/4279322563/jobs/7449912132#step:8:553)
```
[INFO] Segment walltime 13 s, segment projects service time 36 s, effective/maximum degree of concurrency 2.63/4
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4420 from bowenliang123/mvnd-smart.

Closes #4274

64f0cc53e [liangbowen] update
391da26d3 [liangbowen] quite in dep and style jobs
c776356a5 [liangbowen] use -Dmvnd.minThreads
d10bfb70c [liangbowen] use -Dmvnd.minThreads
f793d2b6b [liangbowen] warn
bbb929fe3 [liangbowen] quiet
a5e6d4914 [liangbowen] logging warn level
3cfbaad45 [liangbowen] enable quite option and cancel redirect stderr
09442ff69 [liangbowen] update
ca5f855fa [liangbowen] try to redirect stderr
0ebdd18d4 [liangbowen] set completion and print MAVEN_CLI_OPTS
d3b2c9656 [liangbowen] revert explicitly setting `mvnd.noBuffering`
e2eca0140 [liangbowen] revert explicitly setting `mvnd.noBuffering`
dba25e327 [liangbowen] explicitly set `mvnd.noBuffering` to false prevent displaying events continuously
b7583f936 [liangbowen] shell
d60ebd047 [liangbowen] change mvnd cache key
2cc576ef8 [liangbowen] dep
bbd6414c9 [liangbowen] move multithread setting to mvnd's MAVEN_CLI_OPTS
347b58c8c [liangbowen] increase concurrency for spotless check
15c5519e4 [liangbowen] increase concurrency

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/actions/setup-mvnd/action.yaml | 6 +++++-
 .github/workflows/dep.yml              | 2 +-
 .github/workflows/style.yml            | 6 +++---
 build/mvnd                             | 7 ++++++-
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/actions/setup-mvnd/action.yaml b/.github/actions/setup-mvnd/action.yaml
index d7497e332..55c8139ff 100644
--- a/.github/actions/setup-mvnd/action.yaml
+++ b/.github/actions/setup-mvnd/action.yaml
@@ -17,6 +17,7 @@
 
 name: 'setup-mvnd'
 description: 'Setup the maven daemon'
+continue-on-error: true
 runs:
   using: composite
   steps:
@@ -26,7 +27,10 @@ runs:
         path: |
           build/maven-mvnd-*
           build/apache-maven-*
-        key: setup-mvnd-${{ runner.os }}-mvnd
+        key: setup-mvnd-${{ runner.os }}
+    - name: Check Maven
+      run: build/mvn -v
+      shell: bash
     - name: Check Mvnd
       run: build/mvnd -v
       shell: bash
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index ebda6b47e..72f5c915d 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -50,7 +50,7 @@ jobs:
       - name: Check kyuubi modules available
         id: modules-check
         run: >-
-          build/mvnd dependency:resolve validate
+          build/mvnd dependency:resolve validate -q
           -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile"
           -Pfast -Denforcer.skip=false
           -pl kyuubi-ctl,kyuubi-server,kyuubi-assembly -am
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 9ff484824..93fce5c4e 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -54,7 +54,7 @@ jobs:
           cache: 'pip'
       - name: Check kyuubi modules available
         id: modules-check
-        run: build/mvnd dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true ${{ matrix.profiles }}
+        run: build/mvnd dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true -q ${{ matrix.profiles }}
         continue-on-error: true
 
       - name: Install
@@ -69,7 +69,7 @@ jobs:
 
       - name: Scalastyle with maven
         id: scalastyle-check
-        run: build/mvnd scalastyle:check ${{ matrix.profiles }}
+        run: build/mvnd scalastyle:check -q ${{ matrix.profiles }}
       - name: Print scalastyle error report
         if: failure() && steps.scalastyle-check.outcome != 'success'
         run: >-
@@ -83,7 +83,7 @@ jobs:
         run: |
           SPOTLESS_BLACK_VERSION=$(build/mvn help:evaluate -Dexpression=spotless.python.black.version -q -DforceStdout)
           pip install black==$SPOTLESS_BLACK_VERSION
-          build/mvnd spotless:check ${{ matrix.profiles }} -Pspotless-python
+          build/mvnd spotless:check -q ${{ matrix.profiles }} -Pspotless-python
       - name: setup npm
         uses: actions/setup-node@v3
         with:
diff --git a/build/mvnd b/build/mvnd
index 493ee43ad..9af3429f3 100755
--- a/build/mvnd
+++ b/build/mvnd
@@ -25,7 +25,7 @@ _CALLING_DIR="$(pwd)"
 _COMPILE_JVM_OPTS="-Xms2g -Xmx2g -XX:ReservedCodeCacheSize=1g -Xss128m"
 
 if [ "$CI" ]; then
-  export MAVEN_CLI_OPTS="--no-transfer-progress --errors --fail-fast"
+  export MAVEN_CLI_OPTS="-Dmvnd.minThreads=8 --no-transfer-progress --errors --fail-fast -Dstyle.color=always"
 fi
 
 # Installs any application tarball given a URL, the expected tarball name,
@@ -131,4 +131,9 @@ cd "${_CALLING_DIR}"
 export MAVEN_OPTS=${MAVEN_OPTS:-"$_COMPILE_JVM_OPTS"}
 
 echo "Using \`mvnd\` from path: $MVND_BIN" 1>&2
+
+if [ "$MAVEN_CLI_OPTS" != "" ]; then
+  echo "MAVEN_CLI_OPTS=$MAVEN_CLI_OPTS"
+fi
+
 ${MVND_BIN} $MAVEN_CLI_OPTS "$@"

From 355ed803b6d8b55c7b076640d48fcf01b951782f Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 3 Mar 2023 11:16:10 +0800
Subject: [PATCH 131/760] [KYUUBI #4437] [Authz] Fix dependencies conflict by
 replacing `jersey-bundle` with `jersey-client`

### _Why are the changes needed?_

- `jerysey-bundle` 1.x , which is depended by `ranger-plugins-common`, contains `javax.ws.rs.*` (like `javax.ws.rs.core.*`) packages that conflicted to `jarkarta.ws.rs-api-2.1.6.jar` in Spark 3.0+ jars
- exclude `jerysey-bundle` 1.x and include `jersey-client` 1.19.4 to align with `ranger-plugins-common`

Diff in Authz dependency jar list:
```diff
gethostname4j-1.0.0.jar
jackson-jaxrs-1.9.13.jar
- jersey-bundle-1.19.3.jar
+ jersey-client-1.19.4.jar
+ jersey-core-1.19.4.jar
jetty-client-9.4.50.v20221201.jar
jetty-http-9.4.50.v20221201.jar
jetty-io-9.4.50.v20221201.jar
jetty-util-9.4.50.v20221201.jar
jna-5.7.0.jar
jna-platform-5.7.0.jar
ranger-plugins-audit-2.3.0.jar
ranger-plugins-common-2.3.0.jar
ranger-plugins-cred-2.3.0.jar
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4437 from bowenliang123/authz-jerseyclient.

Closes #4437

23e7eed5a [liangbowen] fixing conflicts in `javax.ws.rs.*`packages by excluding `jersey-bundle` and including `jersey-client` with `jsr311-api` excluded

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 extensions/spark/kyuubi-spark-authz/pom.xml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 84f76e49e..8df1b9465 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -32,7 +32,9 @@
     <url>https://kyuubi.apache.org/</url>
 
     <properties>
+        <!-- the following components' version may need to tune to align w/ the ranger.version-->
         <gethostname4j.version>1.0.0</gethostname4j.version>
+        <jersey.client.version>1.19.4</jersey.client.version>
         <jna.version>5.7.0</jna.version>
     </properties>
 
@@ -42,6 +44,10 @@
             <artifactId>ranger-plugins-common</artifactId>
             <version>${ranger.version}</version>
             <exclusions>
+                <exclusion>
+                    <groupId>com.sun.jersey</groupId>
+                    <artifactId>jersey-bundle</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.ranger</groupId>
                     <artifactId>ranger-plugin-classloader</artifactId>
@@ -101,6 +107,18 @@
             </exclusions>
         </dependency>
 
+        <dependency>
+            <groupId>com.sun.jersey</groupId>
+            <artifactId>jersey-client</artifactId>
+            <version>${jersey.client.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>javax.ws.rs</groupId>
+                    <artifactId>jsr311-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
         <dependency>
             <groupId>com.kstruct</groupId>
             <artifactId>gethostname4j</artifactId>

From b7496d2db04c42060843b7eb7aafc75c08382532 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Fri, 3 Mar 2023 22:09:07 +0800
Subject: [PATCH 132/760] [KYUUBI #4439] add list/close operation method for
 AdminResouce

### _Why are the changes needed?_

close #4439

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4440 from lightning-L/kyuubi-4439.

Closes #4439

14d3ebd80 [Tianlin Liao] [KYUUBI #4439] add list/close operation method for AdminResouce

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/operation/OperationManager.scala   |  4 ++
 .../kyuubi/server/api/v1/AdminResource.scala  | 43 +++++++++++++++++++
 .../server/api/v1/AdminResourceSuite.scala    | 40 +++++++++++++++++
 3 files changed, 87 insertions(+)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
index fe38263db..df45e6dee 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.operation
 
+import scala.collection.JavaConverters._
+
 import org.apache.hive.service.rpc.thrift._
 
 import org.apache.kyuubi.KyuubiSQLException
@@ -41,6 +43,8 @@ abstract class OperationManager(name: String) extends AbstractService(name) {
 
   def getOperationCount: Int = handleToOperation.size()
 
+  def allOperations(): Iterable[Operation] = handleToOperation.values().asScala
+
   override def initialize(conf: KyuubiConf): Unit = {
     LogDivertAppender.initialize(skipOperationLog)
     super.initialize(conf)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 2aae7076c..ceb7179b8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -33,9 +33,11 @@ import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
 import org.apache.kyuubi.client.api.v1.dto.{Engine, SessionData}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.ha.HighAvailabilityConf.HA_NAMESPACE
 import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceNodeInfo}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
+import org.apache.kyuubi.operation.{KyuubiOperation, OperationHandle}
 import org.apache.kyuubi.server.KyuubiServer
 import org.apache.kyuubi.server.api.ApiRequestContext
 import org.apache.kyuubi.session.SessionHandle
@@ -150,6 +152,47 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     Response.ok(s"Session $sessionHandleStr is closed successfully.").build()
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(
+      mediaType = MediaType.APPLICATION_JSON,
+      array = new ArraySchema(schema = new Schema(implementation =
+        classOf[KyuubiOperationEvent])))),
+    description =
+      "get the list of all active operation events")
+  @GET
+  @Path("operations")
+  def listOperations(): Seq[KyuubiOperationEvent] = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Received listing all of the active operations request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to list all the operations")
+    }
+    fe.be.sessionManager.operationManager.allOperations()
+      .map(operation => KyuubiOperationEvent(operation.asInstanceOf[KyuubiOperation])).toSeq
+  }
+
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
+    description = "close an operation")
+  @DELETE
+  @Path("operations/{operationHandle}")
+  def closeOperation(@PathParam("operationHandle") operationHandleStr: String): Response = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Received close an operation request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to close the operation $operationHandleStr")
+    }
+    val operationHandle = OperationHandle(operationHandleStr)
+    fe.be.closeOperation(operationHandle)
+    Response.ok(s"Operation $operationHandleStr is closed successfully.").build()
+  }
+
   @ApiResponse(
     responseCode = "200",
     content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 9c050ba31..8aaf6c512 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -23,6 +23,7 @@ import javax.ws.rs.core.{GenericType, MediaType}
 
 import scala.collection.JavaConverters._
 
+import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V2
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite, RestFrontendTestHelper, Utils}
@@ -32,6 +33,7 @@ import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL
 import org.apache.kyuubi.engine.{ApplicationState, EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.EngineType.SPARK_SQL
 import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, USER}
+import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.DiscoveryPaths
@@ -167,6 +169,44 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     assert(sessions2.isEmpty)
   }
 
+  test("list/close operations") {
+    val sessionHandle = fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+    val operation = fe.be.getCatalogs(sessionHandle)
+
+    val adminUser = Utils.currentUser
+    val encodeAuthorization = new String(
+      Base64.getEncoder.encode(
+        s"$adminUser:".getBytes()),
+      "UTF-8")
+
+    // list operations
+    var response = webTarget.path("api/v1/admin/operations").request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    assert(200 == response.getStatus)
+    var operations = response.readEntity(new GenericType[Seq[KyuubiOperationEvent]]() {})
+    assert(operations.nonEmpty)
+    assert(operations.map(op => op.statementId).contains(operation.identifier.toString))
+
+    // close operation
+    response = webTarget.path(s"api/v1/admin/operations/${operation.identifier}").request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .delete()
+    assert(200 == response.getStatus)
+
+    // list again
+    response = webTarget.path("api/v1/admin/operations").request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    operations = response.readEntity(new GenericType[Seq[KyuubiOperationEvent]]() {})
+    assert(!operations.map(op => op.statementId).contains(operation.identifier.toString))
+  }
+
   test("delete engine - user share level") {
     val id = UUID.randomUUID().toString
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, USER.toString)

From 3d65f2711faa5dc9173130557e2d33adab04b5c7 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 4 Mar 2023 18:41:34 +0800
Subject: [PATCH 133/760] [KYUUBI #4443] Do not set engine session init sql for
 alive probe session

### _Why are the changes needed?_

Prevent duplicate queries on UI.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4443 from turboFei/alive_session_conf.

Closes #4443

1ec571643 [fwang12] do not init for alive probe

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/client/KyuubiSyncThriftClient.scala      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index e3e66960b..12a4c824c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -186,7 +186,8 @@ class KyuubiSyncThriftClient private (
       Utils.tryLogNonFatalError {
         req.setConfiguration((configs ++ Map(
           KyuubiConf.SESSION_NAME.key -> sessionName,
-          KYUUBI_SESSION_HANDLE_KEY -> UUID.randomUUID().toString)).asJava)
+          KYUUBI_SESSION_HANDLE_KEY -> UUID.randomUUID().toString,
+          KyuubiConf.ENGINE_SESSION_INITIALIZE_SQL.key -> "")).asJava)
         val resp = aliveProbeClient.OpenSession(req)
         ThriftUtils.verifyTStatus(resp.getStatus)
         _aliveProbeSessionHandle = resp.getSessionHandle

From b40fea20e99332c7e46640d53beb6103c476c7ef Mon Sep 17 00:00:00 2001
From: yeatsliao <liaoyt66066@gmail.com>
Date: Mon, 6 Mar 2023 10:38:53 +0800
Subject: [PATCH 134/760] [KYUUBI #4171] Support skip retrieving table's
 properties to speed up GetTables operation

### _Why are the changes needed?_

`GetTables` operation is too slow because it queries table details info one by one, but then only a table comment is used to construct a result row, which i think could be optional.
This PR add an optional config which can control this operation. By default, `GetTables` operation queries all message. Otherwise, `GetTables` operation just return table identifiers.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4444 from liaoyt/master.

Closes #4171

af5e60e36 [yeatsliao] rename config
0c9985e32 [yeatsliao] add doc
5e8687cb3 [yeatsliao] Supports ignore table comment when list all tables.

Authored-by: yeatsliao <liaoyt66066@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   | 35 ++++++++++---------
 .../engine/spark/operation/GetTables.scala    | 15 +++++++-
 .../engine/spark/shim/CatalogShim_v2_4.scala  |  3 +-
 .../engine/spark/shim/CatalogShim_v3_0.scala  | 10 +++---
 .../engine/spark/shim/SparkCatalogShim.scala  |  3 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  7 ++++
 6 files changed, 49 insertions(+), 24 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index cd8f5b770..1ba684f27 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -329,23 +329,24 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Operation
 
-|                       Key                       |                                     Default                                     |                                                                                                                                                                                                                                                 Meaning                                                                                                                                                                                                                                                  |   Type   | Since |
-|-------------------------------------------------|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.operation.idle.timeout                   | PT3H                                                                            | Operation will be closed when it's not accessed for this duration of time                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.0.0 |
-| kyuubi.operation.interrupt.on.cancel            | true                                                                            | When true, all running tasks will be interrupted if one cancels a query. When false, all running tasks will remain until finished.                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.2.0 |
-| kyuubi.operation.language                       | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
-| kyuubi.operation.log.dir.root                   | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
-| kyuubi.operation.plan.only.excludes             | ResetCommand,SetCommand,SetNamespaceCommand,UseStatement,SetCatalogAndNamespace | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | seq      | 1.5.0 |
-| kyuubi.operation.plan.only.mode                 | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
-| kyuubi.operation.plan.only.output.style         | plain                                                                           | Configures the planOnly output style. The value can be 'plain' or 'json', and the default value is 'plain'. This configuration supports only the output styles of the Spark engine                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
-| kyuubi.operation.progress.enabled               | false                                                                           | Whether to enable the operation progress. When true, the operation progress will be returned in `GetOperationStatus`.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
-| kyuubi.operation.query.timeout                  | &lt;undefined&gt;                                                               | Timeout for query executions at server-side, take effect with client-side timeout(`java.sql.Statement.setQueryTimeout`) together, a running query will be cancelled automatically if timeout. It's off by default, which means only client-side take full control of whether the query should timeout or not. If set, client-side timeout is capped at this point. To cancel the queries right away without waiting for task to finish, consider enabling kyuubi.operation.interrupt.on.cancel together. | duration | 1.2.0 |
-| kyuubi.operation.result.arrow.timestampAsString | false                                                                           | When true, arrow-based rowsets will convert columns of type timestamp to strings for transmission.                                                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.7.0 |
-| kyuubi.operation.result.format                  | thrift                                                                          | Specify the result format, available configs are: <ul> <li>THRIFT: the result will convert to TRow at the engine driver side. </li> <li>ARROW: the result will be encoded as Arrow at the executor side before collecting by the driver, and deserialized at the client side. note that it only takes effect for kyuubi-hive-jdbc clients now.</li></ul>                                                                                                                                                 | string   | 1.7.0 |
-| kyuubi.operation.result.max.rows                | 0                                                                               | Max rows of Spark query results. Rows exceeding the limit would be ignored. By setting this value to 0 to disable the max rows limit.                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.6.0 |
-| kyuubi.operation.scheduler.pool                 | &lt;undefined&gt;                                                               | The scheduler pool of job. Note that, this config should be used after changing Spark config spark.scheduler.mode=FAIR.                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.1.1 |
-| kyuubi.operation.spark.listener.enabled         | true                                                                            | When set to true, Spark engine registers an SQLOperationListener before executing the statement, logging a few summary statistics when each stage completes.                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.6.0 |
-| kyuubi.operation.status.polling.timeout         | PT5S                                                                            | Timeout(ms) for long polling asynchronous running sql query's status                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.0.0 |
+|                       Key                        |                                     Default                                     |                                                                                                                                                                                                                                                 Meaning                                                                                                                                                                                                                                                  |   Type   | Since |
+|--------------------------------------------------|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.operation.getTables.ignoreTableProperties | false                                                                           | Speed up the `GetTables` operation by returning table identities only.                                                                                                                                                                                                                                                                                                                                                                                                                                   | boolean  | 1.8.0 |
+| kyuubi.operation.idle.timeout                    | PT3H                                                                            | Operation will be closed when it's not accessed for this duration of time                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.0.0 |
+| kyuubi.operation.interrupt.on.cancel             | true                                                                            | When true, all running tasks will be interrupted if one cancels a query. When false, all running tasks will remain until finished.                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.2.0 |
+| kyuubi.operation.language                        | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
+| kyuubi.operation.log.dir.root                    | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
+| kyuubi.operation.plan.only.excludes              | ResetCommand,SetCommand,SetNamespaceCommand,UseStatement,SetCatalogAndNamespace | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | seq      | 1.5.0 |
+| kyuubi.operation.plan.only.mode                  | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
+| kyuubi.operation.plan.only.output.style          | plain                                                                           | Configures the planOnly output style. The value can be 'plain' or 'json', and the default value is 'plain'. This configuration supports only the output styles of the Spark engine                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
+| kyuubi.operation.progress.enabled                | false                                                                           | Whether to enable the operation progress. When true, the operation progress will be returned in `GetOperationStatus`.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
+| kyuubi.operation.query.timeout                   | &lt;undefined&gt;                                                               | Timeout for query executions at server-side, take effect with client-side timeout(`java.sql.Statement.setQueryTimeout`) together, a running query will be cancelled automatically if timeout. It's off by default, which means only client-side take full control of whether the query should timeout or not. If set, client-side timeout is capped at this point. To cancel the queries right away without waiting for task to finish, consider enabling kyuubi.operation.interrupt.on.cancel together. | duration | 1.2.0 |
+| kyuubi.operation.result.arrow.timestampAsString  | false                                                                           | When true, arrow-based rowsets will convert columns of type timestamp to strings for transmission.                                                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.7.0 |
+| kyuubi.operation.result.format                   | thrift                                                                          | Specify the result format, available configs are: <ul> <li>THRIFT: the result will convert to TRow at the engine driver side. </li> <li>ARROW: the result will be encoded as Arrow at the executor side before collecting by the driver, and deserialized at the client side. note that it only takes effect for kyuubi-hive-jdbc clients now.</li></ul>                                                                                                                                                 | string   | 1.7.0 |
+| kyuubi.operation.result.max.rows                 | 0                                                                               | Max rows of Spark query results. Rows exceeding the limit would be ignored. By setting this value to 0 to disable the max rows limit.                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.6.0 |
+| kyuubi.operation.scheduler.pool                  | &lt;undefined&gt;                                                               | The scheduler pool of job. Note that, this config should be used after changing Spark config spark.scheduler.mode=FAIR.                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.1.1 |
+| kyuubi.operation.spark.listener.enabled          | true                                                                            | When set to true, Spark engine registers an SQLOperationListener before executing the statement, logging a few summary statistics when each stage completes.                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.6.0 |
+| kyuubi.operation.status.polling.timeout          | PT5S                                                                            | Timeout(ms) for long polling asynchronous running sql query's status                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.0.0 |
 
 ### Server
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala
index 4093c61c1..40642b825 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.engine.spark.operation
 
 import org.apache.spark.sql.types.StructType
 
+import org.apache.kyuubi.config.KyuubiConf.OPERATION_GET_TABLES_IGNORE_TABLE_PROPERTIES
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
@@ -32,6 +33,12 @@ class GetTables(
     tableTypes: Set[String])
   extends SparkOperation(session) {
 
+  protected val ignoreTableProperties =
+    spark.conf.getOption(OPERATION_GET_TABLES_IGNORE_TABLE_PROPERTIES.key) match {
+      case Some(s) => s.toBoolean
+      case _ => session.sessionManager.getConf.get(OPERATION_GET_TABLES_IGNORE_TABLE_PROPERTIES)
+    }
+
   override def statement: String = {
     super.statement +
       s" [catalog: $catalog," +
@@ -68,7 +75,13 @@ class GetTables(
       val tablePattern = toJavaRegex(tableName)
       val sparkShim = SparkCatalogShim()
       val catalogTablesAndViews =
-        sparkShim.getCatalogTablesOrViews(spark, catalog, schemaPattern, tablePattern, tableTypes)
+        sparkShim.getCatalogTablesOrViews(
+          spark,
+          catalog,
+          schemaPattern,
+          tablePattern,
+          tableTypes,
+          ignoreTableProperties)
 
       val allTableAndViews =
         if (tableTypes.exists("VIEW".equalsIgnoreCase)) {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
index 0f6195acf..ea72dd156 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
@@ -64,7 +64,8 @@ class CatalogShim_v2_4 extends SparkCatalogShim {
       catalogName: String,
       schemaPattern: String,
       tablePattern: String,
-      tableTypes: Set[String]): Seq[Row] = {
+      tableTypes: Set[String],
+      ignoreTableProperties: Boolean): Seq[Row] = {
     val catalog = spark.sessionState.catalog
     val databases = catalog.listDatabases(schemaPattern)
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
index a663ba636..27c524f30 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
@@ -150,7 +150,8 @@ class CatalogShim_v3_0 extends CatalogShim_v2_4 {
       catalogName: String,
       schemaPattern: String,
       tablePattern: String,
-      tableTypes: Set[String]): Seq[Row] = {
+      tableTypes: Set[String],
+      ignoreTableProperties: Boolean = false): Seq[Row] = {
     val catalog = getCatalog(spark, catalogName)
     val namespaces = listNamespacesWithPattern(catalog, schemaPattern)
     catalog match {
@@ -160,16 +161,17 @@ class CatalogShim_v3_0 extends CatalogShim_v2_4 {
           SESSION_CATALOG,
           schemaPattern,
           tablePattern,
-          tableTypes)
+          tableTypes,
+          ignoreTableProperties)
       case tc: TableCatalog =>
         val tp = tablePattern.r.pattern
         val identifiers = namespaces.flatMap { ns =>
           tc.listTables(ns).filter(i => tp.matcher(quoteIfNeeded(i.name())).matches())
         }
         identifiers.map { ident =>
-          val table = tc.loadTable(ident)
           // TODO: restore view type for session catalog
-          val comment = table.properties().getOrDefault(TableCatalog.PROP_COMMENT, "")
+          val comment = if (ignoreTableProperties) ""
+          else tc.loadTable(ident).properties().getOrDefault(TableCatalog.PROP_COMMENT, "")
           val schema = ident.namespace().map(quoteIfNeeded).mkString(".")
           val tableName = quoteIfNeeded(ident.name())
           Row(catalog.name(), schema, tableName, "TABLE", comment, null, null, null, null, null)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala
index bc5792823..83c806523 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala
@@ -69,7 +69,8 @@ trait SparkCatalogShim extends Logging {
       catalogName: String,
       schemaPattern: String,
       tablePattern: String,
-      tableTypes: Set[String]): Seq[Row]
+      tableTypes: Set[String],
+      ignoreTableProperties: Boolean): Seq[Row]
 
   def getTempViews(
       spark: SparkSession,
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index f61cfeaa7..c836b0165 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2713,4 +2713,11 @@ object KyuubiConf {
       .version("1.7.0")
       .timeConf
       .createWithDefault(Duration.ofSeconds(60).toMillis)
+
+  val OPERATION_GET_TABLES_IGNORE_TABLE_PROPERTIES: ConfigEntry[Boolean] =
+    buildConf("kyuubi.operation.getTables.ignoreTableProperties")
+      .doc("Speed up the `GetTables` operation by returning table identities only.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
 }

From 489d8a3c664d48a253162fd63a67d502c49473be Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 6 Mar 2023 11:20:16 +0800
Subject: [PATCH 135/760] [KYUUBI #4447] Bump log4j from 2.19.0 to 2.20.0

### _Why are the changes needed?_

- log4j 2.20.0 release notes: https://logging.apache.org/log4j/2.x/release-notes/2.20.0.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4447 from bowenliang123/log4j-2.20.0.

Closes #4447

c9bc9aa95 [liangbowen] bump log4j from 2.19.0 to 2.20.0

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 8 ++++----
 pom.xml            | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 7932c5cdf..e2e3e7ecf 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -127,10 +127,10 @@ kubernetes-model-scheduling/5.12.1//kubernetes-model-scheduling-5.12.1.jar
 kubernetes-model-storageclass/5.12.1//kubernetes-model-storageclass-5.12.1.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.9.3//libthrift-0.9.3.jar
-log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar
-log4j-api/2.19.0//log4j-api-2.19.0.jar
-log4j-core/2.19.0//log4j-core-2.19.0.jar
-log4j-slf4j-impl/2.19.0//log4j-slf4j-impl-2.19.0.jar
+log4j-1.2-api/2.20.0//log4j-1.2-api-2.20.0.jar
+log4j-api/2.20.0//log4j-api-2.20.0.jar
+log4j-core/2.20.0//log4j-core-2.20.0.jar
+log4j-slf4j-impl/2.20.0//log4j-slf4j-impl-2.20.0.jar
 logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
 metrics-core/4.2.8//metrics-core-4.2.8.jar
 metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
diff --git a/pom.xml b/pom.xml
index 2ebed48b3..e95b4904e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -170,7 +170,7 @@
         <kubernetes-client.version>5.12.1</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>
-        <log4j.version>2.19.0</log4j.version>
+        <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
         <netty.version>4.1.87.Final</netty.version>
         <parquet.version>1.10.1</parquet.version>

From cc4ec5a5d5c9ec5e9699acf8d6c0e195e439b7b6 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 6 Mar 2023 13:05:46 +0800
Subject: [PATCH 136/760] [KYUUBI #4448] Bump Netty from 4.1.87.Final to
 4.1.89.Final

### _Why are the changes needed?_

- Netty 4.1.89.Final: https://netty.io/news/2023/02/13/4-1-89-Final.html
- Netty 4.1.88.Final: https://netty.io/news/2023/02/12/4-1-88-Final.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4448 from bowenliang123/netty-4.1.89.

Closes #4448

8854bb3ea [liangbowen] bump netty to 4.1.89.Final

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 34 +++++++++++++++++-----------------
 pom.xml            |  2 +-
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index e2e3e7ecf..ff2550804 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -137,23 +137,23 @@ metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
 metrics-json/4.2.8//metrics-json-4.2.8.jar
 metrics-jvm/4.2.8//metrics-jvm-4.2.8.jar
 mimepull/1.9.15//mimepull-1.9.15.jar
-netty-all/4.1.87.Final//netty-all-4.1.87.Final.jar
-netty-buffer/4.1.87.Final//netty-buffer-4.1.87.Final.jar
-netty-codec-dns/4.1.87.Final//netty-codec-dns-4.1.87.Final.jar
-netty-codec-http/4.1.87.Final//netty-codec-http-4.1.87.Final.jar
-netty-codec-http2/4.1.87.Final//netty-codec-http2-4.1.87.Final.jar
-netty-codec-socks/4.1.87.Final//netty-codec-socks-4.1.87.Final.jar
-netty-codec/4.1.87.Final//netty-codec-4.1.87.Final.jar
-netty-common/4.1.87.Final//netty-common-4.1.87.Final.jar
-netty-handler-proxy/4.1.87.Final//netty-handler-proxy-4.1.87.Final.jar
-netty-handler/4.1.87.Final//netty-handler-4.1.87.Final.jar
-netty-resolver-dns/4.1.87.Final//netty-resolver-dns-4.1.87.Final.jar
-netty-resolver/4.1.87.Final//netty-resolver-4.1.87.Final.jar
-netty-transport-classes-epoll/4.1.87.Final//netty-transport-classes-epoll-4.1.87.Final.jar
-netty-transport-native-epoll/4.1.87.Final/linux-aarch_64/netty-transport-native-epoll-4.1.87.Final-linux-aarch_64.jar
-netty-transport-native-epoll/4.1.87.Final/linux-x86_64/netty-transport-native-epoll-4.1.87.Final-linux-x86_64.jar
-netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar
-netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar
+netty-all/4.1.89.Final//netty-all-4.1.89.Final.jar
+netty-buffer/4.1.89.Final//netty-buffer-4.1.89.Final.jar
+netty-codec-dns/4.1.89.Final//netty-codec-dns-4.1.89.Final.jar
+netty-codec-http/4.1.89.Final//netty-codec-http-4.1.89.Final.jar
+netty-codec-http2/4.1.89.Final//netty-codec-http2-4.1.89.Final.jar
+netty-codec-socks/4.1.89.Final//netty-codec-socks-4.1.89.Final.jar
+netty-codec/4.1.89.Final//netty-codec-4.1.89.Final.jar
+netty-common/4.1.89.Final//netty-common-4.1.89.Final.jar
+netty-handler-proxy/4.1.89.Final//netty-handler-proxy-4.1.89.Final.jar
+netty-handler/4.1.89.Final//netty-handler-4.1.89.Final.jar
+netty-resolver-dns/4.1.89.Final//netty-resolver-dns-4.1.89.Final.jar
+netty-resolver/4.1.89.Final//netty-resolver-4.1.89.Final.jar
+netty-transport-classes-epoll/4.1.89.Final//netty-transport-classes-epoll-4.1.89.Final.jar
+netty-transport-native-epoll/4.1.89.Final/linux-aarch_64/netty-transport-native-epoll-4.1.89.Final-linux-aarch_64.jar
+netty-transport-native-epoll/4.1.89.Final/linux-x86_64/netty-transport-native-epoll-4.1.89.Final-linux-x86_64.jar
+netty-transport-native-unix-common/4.1.89.Final//netty-transport-native-unix-common-4.1.89.Final.jar
+netty-transport/4.1.89.Final//netty-transport-4.1.89.Final.jar
 okhttp-urlconnection/3.14.9//okhttp-urlconnection-3.14.9.jar
 okhttp/3.12.12//okhttp-3.12.12.jar
 okio/1.15.0//okio-1.15.0.jar
diff --git a/pom.xml b/pom.xml
index e95b4904e..ed5eb48d6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -172,7 +172,7 @@
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
-        <netty.version>4.1.87.Final</netty.version>
+        <netty.version>4.1.89.Final</netty.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>
         <prometheus.version>0.16.0</prometheus.version>

From dee07f0c21c20354cc0667941dda5a007a6ac03b Mon Sep 17 00:00:00 2001
From: yuan <yuanfuyuan@mafengwo.com>
Date: Tue, 7 Mar 2023 10:32:27 +0800
Subject: [PATCH 137/760] [KYUUBI #4078] [FOLLOWUP] fix shellcheck violations
 in scripts of /bin folder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
<!--
fix-#4057 info: modify the shellcheck errors file in ./bin
1. "$" is a array, we want use string to compare. so modify "$" => "$*"
2. `tty` mean execute the command, we can use $(tty) replace it
3. param $# is a number, compare number should use -gt/-lt,not >/<
4. not sure the /bin/kyuubi line 63 'exit -1' need modify? so the directory bin only have a shellcheck note in /bin/kyuubi
-->
- fix shellcheck violations in scripts of /bin folder
- enable shellcheck rule checks

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4162 from davidyuan1223/master.

Closes #4078

c48ad38c7 [yuanfuyuan] remove the used blank lines
55a0a43c5 [xiaoyuandajian] Merge pull request #10 from xiaoyuandajian/fix-#4057
cb1193576 [yuan] Merge remote-tracking branch 'origin/fix-#4057' into fix-#4057
86e4e1ce0 [yuan] fix-#4057 info: modify the shellcheck errors file in ./bin 1. "$@" is a array, we want use string to compare. so update "$@" => "$*" 2. `tty` mean execute the command, we can use $(tty) replace it 3. param $# is a number, compare number should use -gt/-lt,not >/< 4. not sure the /bin/kyuubi line 63 'exit -1' need modify? so the directory bin only have a shellcheck note in /bin/kyuubi
dd39efdeb [袁福元] fix-#4057 info: 1. "$@" is a array, we want use string to compare. so update "$@" => "$*" 2. `tty` mean execute the command, we can use $(tty) replace it 3. param $# is a number, compare number should use -gt/-lt,not >/<

Lead-authored-by: yuan <yuanfuyuan@mafengwo.com>
Co-authored-by: 袁福元 <yuanfuyuan@mafengwo.com>
Co-authored-by: xiaoyuandajian <51512358+xiaoyuandajian@users.noreply.github.com>
Co-authored-by: yuanfuyuan <1406957364@qq.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 bin/docker-image-tool.sh | 3 +--
 bin/kyuubi               | 3 +--
 bin/kyuubi-logo          | 7 ++-----
 bin/stop-application.sh  | 3 +--
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/bin/docker-image-tool.sh b/bin/docker-image-tool.sh
index f3efc8bf5..14d5fe7b0 100755
--- a/bin/docker-image-tool.sh
+++ b/bin/docker-image-tool.sh
@@ -200,8 +200,7 @@ Examples:
 EOF
 }
 
-# shellcheck disable=SC2199
-if [[ "$@" = *--help ]] || [[ "$@" = *-h ]]; then
+if [[ "$*" = *--help ]] || [[ "$*" = *-h ]]; then
   usage
   exit 0
 fi
diff --git a/bin/kyuubi b/bin/kyuubi
index 09c8e9373..9bcca2c46 100755
--- a/bin/kyuubi
+++ b/bin/kyuubi
@@ -30,8 +30,7 @@ function usage() {
   echo "    -h | --help  - Show this help message"
 }
 
-# shellcheck disable=SC2199
-if [[ "$@" = *--help ]] || [[ "$@" = *-h ]]; then
+if [[ "$*" = *--help ]] || [[ "$*" = *-h ]]; then
   usage
   exit 0
 fi
diff --git a/bin/kyuubi-logo b/bin/kyuubi-logo
index 15a45a4bb..1f95ca02e 100755
--- a/bin/kyuubi-logo
+++ b/bin/kyuubi-logo
@@ -15,18 +15,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
 # Bugzilla 37848: When no TTY is available, don't output to console
 have_tty=0
-# shellcheck disable=SC2006
-if [[ "`tty`" != "not a tty" ]]; then
+if [[ "$(tty)" != "not a tty" ]]; then
     have_tty=1
 fi
 
 # Bugzilla 37848: When no TTY is available, don't output to console
 have_tty=0
-# shellcheck disable=SC2006
-if [[ "`tty`" != "not a tty" ]]; then
+if [[ "$(tty)" != "not a tty" ]]; then
     have_tty=1
 fi
 
diff --git a/bin/stop-application.sh b/bin/stop-application.sh
index b208ab505..000eb4cdd 100755
--- a/bin/stop-application.sh
+++ b/bin/stop-application.sh
@@ -16,8 +16,7 @@
 # limitations under the License.
 #
 
-# shellcheck disable=SC2071
-if [[ $# < 1 ]] ; then
+if [[ $# -lt 1 ]] ; then
   echo "USAGE: $0 <application_id>"
   exit 1
 fi

From a4a16ebda25c48df2d3f55717bb92255f67dce0c Mon Sep 17 00:00:00 2001
From: edddddy <rmrfall@qq.com>
Date: Tue, 7 Mar 2023 11:49:36 +0800
Subject: [PATCH 138/760] [KYUUBI #4466] Use bitnami/minio docker image

### _Why are the changes needed?_

As the latest official minio docker image has already supported amd/arm64, it seems better to use that one.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4466 from edddddy/official-minio.

Closes #4466

d409d6a05 [edddddy] use official minio docker image

Authored-by: edddddy <rmrfall@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docker/playground/compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/playground/compose.yml b/docker/playground/compose.yml
index 069624ee2..14658d894 100644
--- a/docker/playground/compose.yml
+++ b/docker/playground/compose.yml
@@ -17,7 +17,7 @@
 
 services:
   minio:
-    image: alekcander/bitnami-minio-multiarch:RELEASE.2022-05-26T05-48-41Z
+    image: bitnami/minio:2023-debian-11
     environment:
       MINIO_ROOT_USER: minio
       MINIO_ROOT_PASSWORD: minio_minio

From 8af07fa47d7fca926a97267fe95b52b4eba42ea5 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Tue, 7 Mar 2023 13:58:43 +0800
Subject: [PATCH 139/760] [KYUUBI #4462] Fix variable usage issue in
 `SessionManager#stop`

### _Why are the changes needed?_

Fix variable usage issue in `SessionManager#stop`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4462 from Yikf/sessionmanager.

Closes #4462

d4340d4ec [Yikf] fix variable usage issue

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/session/SessionManager.scala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
index f8e77dd63..aa46b8d6f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
@@ -288,9 +288,9 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
     shutdown = true
     val shutdownTimeout: Long =
       if (isServer) {
-        conf.get(ENGINE_EXEC_POOL_SHUTDOWN_TIMEOUT)
-      } else {
         conf.get(SERVER_EXEC_POOL_SHUTDOWN_TIMEOUT)
+      } else {
+        conf.get(ENGINE_EXEC_POOL_SHUTDOWN_TIMEOUT)
       }
 
     ThreadUtils.shutdown(timeoutChecker, Duration(shutdownTimeout, TimeUnit.MILLISECONDS))

From ab52c9d4ee36a224cd02e798cb838036d093d544 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 7 Mar 2023 14:00:49 +0800
Subject: [PATCH 140/760] [KYUUBI #4461] [CI][K8S]Add `Kyuubi Kubernetes IT`
 Module to CI style check

### _Why are the changes needed?_

Add `Kyuubi Kubernetes IT` Module to CI style check

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

- [X] Run CI

Closes #4461 from zwangsheng/ci/add_kubernetes.

Closes #4461

7ebac75b0 [zwangsheng] fix style for kubernetes-it
c1754d452 [zwangsheng] Add Kyuubi Kubernetes IT Module to CI style check

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/style.yml                    | 2 +-
 integration-tests/kyuubi-kubernetes-it/pom.xml | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 93fce5c4e..717cbbc70 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -34,7 +34,7 @@ jobs:
     strategy:
       matrix:
         profiles:
-          - '-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.3,spark-3.2,spark-3.1,tpcds'
+          - '-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.3,spark-3.2,spark-3.1,tpcds,kubernetes-it'
 
     steps:
       - uses: actions/checkout@v3
diff --git a/integration-tests/kyuubi-kubernetes-it/pom.xml b/integration-tests/kyuubi-kubernetes-it/pom.xml
index ef56a770f..9d92a1f4b 100644
--- a/integration-tests/kyuubi-kubernetes-it/pom.xml
+++ b/integration-tests/kyuubi-kubernetes-it/pom.xml
@@ -15,17 +15,15 @@
   ~ See the License for the specific language governing permissions and
   ~ limitations under the License.
   -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
         <version>1.8.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
-    <modelVersion>4.0.0</modelVersion>
 
     <artifactId>kubernetes-integration-tests_2.12</artifactId>
     <name>Kyuubi Test Kubernetes IT</name>

From 889dbc6bf0533ff3b599b4551d4b3ae0544203ca Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 7 Mar 2023 14:01:37 +0800
Subject: [PATCH 141/760] [KYUUBI #4450] Ignore unknown fields `policyPriority`
 when reading policy json file

### _Why are the changes needed?_

To fix #4450.
- allow ignoring unknown fields in policy file for testing which brought by Ranger version changes

```
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "policyPriority" (class org.apache.ranger.plugin.model.RangerPolicy), not marked as ignorable (21 known properties: "denyPolicyItems", "resources", "guid", "resourceSignature", "name", "policyType", "allowExceptions", "policyItems", "isAuditEnabled", "updatedBy", "service", "updateTime", "isEnabled", "version", "id", "description", "createdBy", "createTime", "denyExceptions", "dataMaskPolicyItems", "rowFilterPolicyItems"])
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4455 from bowenliang123/authz-unknown-fields.

Closes #4450

592a9545d [liangbowen] ignore unknown fields in json mapper

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/plugin/spark/authz/ranger/RangerLocalClient.scala    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerLocalClient.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerLocalClient.scala
index d25ea716a..d7473a580 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerLocalClient.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerLocalClient.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import java.text.SimpleDateFormat
 
+import com.fasterxml.jackson.databind.DeserializationFeature
 import com.fasterxml.jackson.databind.json.JsonMapper
 import org.apache.ranger.admin.client.RangerAdminRESTClient
 import org.apache.ranger.plugin.util.ServicePolicies
@@ -27,6 +28,7 @@ class RangerLocalClient extends RangerAdminRESTClient with RangerClientHelper {
 
   private val mapper = new JsonMapper()
     .setDateFormat(new SimpleDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z"))
+    .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
 
   private val policies: ServicePolicies = {
     val loader = Thread.currentThread().getContextClassLoader

From 1bc05e5e45838cbff206db7438ba7f357bf127a7 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 7 Mar 2023 14:02:26 +0800
Subject: [PATCH 142/760] [KYUUBI #4453][Improvement][K8S] Bump Kubernetes
 Client Version to 6.4.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Close #4453

kubernetes client [compare](https://github.com/fabric8io/kubernetes-client/compare/v5.12.1...v6.4.1)

version | K8s 1.26.0 | K8s 1.25.3 | K8s 1.24.7 | K8s 1.23.13 | K8s 1.22.1 | K8s 1.21.1 | K8s 1.20.2 | K8s 1.19.1 | K8s 1.18.0 | K8s 1.17.0 | K8s 1.16.0 | K8s 1.15.3 | K8s 1.14.2 | K8s 1.12.0 | K8s 1.11.0 | K8s 1.10.0 | K8s 1.9.0
--|-- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | --
kubernetes-client 6.4.1 |   | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -
kubernetes-client 5.12.1 |   |   |   | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

- [x] [Run ci test]

Closes #4456 from zwangsheng/bump/kubernetes-client-6.4.1.

Closes #4453

39039f0f9 [zwangsheng] [KYUUBI #4453] Remove dup dependence
4a5b27ce8 [zwangsheng] [KYUUBI #4453] IT test with same logic
95a292f99 [zwangsheng] [KYUUBI #4453] Fix Dependency
e4bf0107e [zwangsheng] [KYUUBI #4453] Init Bump

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList                            | 47 ++++++++++---------
 .../kyuubi-kubernetes-it/pom.xml              |  6 ---
 .../kyuubi/kubernetes/test/MiniKube.scala     | 21 +++++++--
 .../test/WithKyuubiServerOnKubernetes.scala   |  4 +-
 kyuubi-server/pom.xml                         |  5 ++
 .../KubernetesApplicationOperation.scala      | 28 +++++------
 .../apache/kyuubi/util/KubernetesUtils.scala  |  7 ++-
 pom.xml                                       | 12 ++++-
 8 files changed, 79 insertions(+), 51 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index ff2550804..509e28405 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -22,7 +22,6 @@ annotations/4.1.1.4//annotations-4.1.1.4.jar
 antlr-runtime/3.5.3//antlr-runtime-3.5.3.jar
 antlr4-runtime/4.9.3//antlr4-runtime-4.9.3.jar
 aopalliance-repackaged/2.6.1//aopalliance-repackaged-2.6.1.jar
-automaton/1.11-8//automaton-1.11-8.jar
 classgraph/4.8.138//classgraph-4.8.138.jar
 commons-codec/1.15//commons-codec-1.15.jar
 commons-collections/3.2.2//commons-collections-3.2.2.jar
@@ -37,7 +36,6 @@ error_prone_annotations/2.14.0//error_prone_annotations-2.14.0.jar
 failsafe/2.4.4//failsafe-2.4.4.jar
 failureaccess/1.0.1//failureaccess-1.0.1.jar
 fliptables/1.0.2//fliptables-1.0.2.jar
-generex/1.0.2//generex-1.0.2.jar
 grpc-api/1.48.0//grpc-api-1.48.0.jar
 grpc-context/1.48.0//grpc-context-1.48.0.jar
 grpc-core/1.48.0//grpc-core-1.48.0.jar
@@ -104,27 +102,30 @@ jetty-util-ajax/9.4.50.v20221201//jetty-util-ajax-9.4.50.v20221201.jar
 jetty-util/9.4.50.v20221201//jetty-util-9.4.50.v20221201.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
-kubernetes-client/5.12.1//kubernetes-client-5.12.1.jar
-kubernetes-model-admissionregistration/5.12.1//kubernetes-model-admissionregistration-5.12.1.jar
-kubernetes-model-apiextensions/5.12.1//kubernetes-model-apiextensions-5.12.1.jar
-kubernetes-model-apps/5.12.1//kubernetes-model-apps-5.12.1.jar
-kubernetes-model-autoscaling/5.12.1//kubernetes-model-autoscaling-5.12.1.jar
-kubernetes-model-batch/5.12.1//kubernetes-model-batch-5.12.1.jar
-kubernetes-model-certificates/5.12.1//kubernetes-model-certificates-5.12.1.jar
-kubernetes-model-common/5.12.1//kubernetes-model-common-5.12.1.jar
-kubernetes-model-coordination/5.12.1//kubernetes-model-coordination-5.12.1.jar
-kubernetes-model-core/5.12.1//kubernetes-model-core-5.12.1.jar
-kubernetes-model-discovery/5.12.1//kubernetes-model-discovery-5.12.1.jar
-kubernetes-model-events/5.12.1//kubernetes-model-events-5.12.1.jar
-kubernetes-model-extensions/5.12.1//kubernetes-model-extensions-5.12.1.jar
-kubernetes-model-flowcontrol/5.12.1//kubernetes-model-flowcontrol-5.12.1.jar
-kubernetes-model-metrics/5.12.1//kubernetes-model-metrics-5.12.1.jar
-kubernetes-model-networking/5.12.1//kubernetes-model-networking-5.12.1.jar
-kubernetes-model-node/5.12.1//kubernetes-model-node-5.12.1.jar
-kubernetes-model-policy/5.12.1//kubernetes-model-policy-5.12.1.jar
-kubernetes-model-rbac/5.12.1//kubernetes-model-rbac-5.12.1.jar
-kubernetes-model-scheduling/5.12.1//kubernetes-model-scheduling-5.12.1.jar
-kubernetes-model-storageclass/5.12.1//kubernetes-model-storageclass-5.12.1.jar
+kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar
+kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar
+kubernetes-httpclient-okhttp/6.4.1//kubernetes-httpclient-okhttp-6.4.1.jar
+kubernetes-model-admissionregistration/6.4.1//kubernetes-model-admissionregistration-6.4.1.jar
+kubernetes-model-apiextensions/6.4.1//kubernetes-model-apiextensions-6.4.1.jar
+kubernetes-model-apps/6.4.1//kubernetes-model-apps-6.4.1.jar
+kubernetes-model-autoscaling/6.4.1//kubernetes-model-autoscaling-6.4.1.jar
+kubernetes-model-batch/6.4.1//kubernetes-model-batch-6.4.1.jar
+kubernetes-model-certificates/6.4.1//kubernetes-model-certificates-6.4.1.jar
+kubernetes-model-common/6.4.1//kubernetes-model-common-6.4.1.jar
+kubernetes-model-coordination/6.4.1//kubernetes-model-coordination-6.4.1.jar
+kubernetes-model-core/6.4.1//kubernetes-model-core-6.4.1.jar
+kubernetes-model-discovery/6.4.1//kubernetes-model-discovery-6.4.1.jar
+kubernetes-model-events/6.4.1//kubernetes-model-events-6.4.1.jar
+kubernetes-model-extensions/6.4.1//kubernetes-model-extensions-6.4.1.jar
+kubernetes-model-flowcontrol/6.4.1//kubernetes-model-flowcontrol-6.4.1.jar
+kubernetes-model-gatewayapi/6.4.1//kubernetes-model-gatewayapi-6.4.1.jar
+kubernetes-model-metrics/6.4.1//kubernetes-model-metrics-6.4.1.jar
+kubernetes-model-networking/6.4.1//kubernetes-model-networking-6.4.1.jar
+kubernetes-model-node/6.4.1//kubernetes-model-node-6.4.1.jar
+kubernetes-model-policy/6.4.1//kubernetes-model-policy-6.4.1.jar
+kubernetes-model-rbac/6.4.1//kubernetes-model-rbac-6.4.1.jar
+kubernetes-model-scheduling/6.4.1//kubernetes-model-scheduling-6.4.1.jar
+kubernetes-model-storageclass/6.4.1//kubernetes-model-storageclass-6.4.1.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.9.3//libthrift-0.9.3.jar
 log4j-1.2-api/2.20.0//log4j-1.2-api-2.20.0.jar
diff --git a/integration-tests/kyuubi-kubernetes-it/pom.xml b/integration-tests/kyuubi-kubernetes-it/pom.xml
index 9d92a1f4b..a796ccab5 100644
--- a/integration-tests/kyuubi-kubernetes-it/pom.xml
+++ b/integration-tests/kyuubi-kubernetes-it/pom.xml
@@ -60,12 +60,6 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>io.fabric8</groupId>
-            <artifactId>kubernetes-client</artifactId>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-client-minicluster</artifactId>
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/MiniKube.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/MiniKube.scala
index cd373873a..f4cd557bb 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/MiniKube.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/MiniKube.scala
@@ -17,7 +17,11 @@
 
 package org.apache.kyuubi.kubernetes.test
 
-import io.fabric8.kubernetes.client.{Config, DefaultKubernetesClient}
+import io.fabric8.kubernetes.client.{Config, KubernetesClient, KubernetesClientBuilder}
+import io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory
+import okhttp3.{Dispatcher, OkHttpClient}
+
+import org.apache.kyuubi.util.ThreadUtils
 
 /**
  * This code copied from Aapache Spark
@@ -44,7 +48,7 @@ object MiniKube {
     executeMinikube(true, "ip").head
   }
 
-  def getKubernetesClient: DefaultKubernetesClient = {
+  def getKubernetesClient: KubernetesClient = {
     // only the three-part version number is matched (the optional suffix like "-beta.0" is dropped)
     val versionArrayOpt = "\\d+\\.\\d+\\.\\d+".r
       .findFirstIn(minikubeVersionString.split(VERSION_PREFIX)(1))
@@ -65,7 +69,18 @@ object MiniKube {
             "For minikube version a three-part version number is expected (the optional " +
             "non-numeric suffix is intentionally dropped)")
     }
+    // https://github.com/fabric8io/kubernetes-client/issues/3547
+    val dispatcher = new Dispatcher(
+      ThreadUtils.newDaemonCachedThreadPool("kubernetes-dispatcher"))
+    val factoryWithCustomDispatcher = new OkHttpClientFactory() {
+      override protected def additionalConfig(builder: OkHttpClient.Builder): Unit = {
+        builder.dispatcher(dispatcher)
+      }
+    }
 
-    new DefaultKubernetesClient(Config.autoConfigure("minikube"))
+    new KubernetesClientBuilder()
+      .withConfig(Config.autoConfigure("minikube"))
+      .withHttpClientFactory(factoryWithCustomDispatcher)
+      .build()
   }
 }
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/WithKyuubiServerOnKubernetes.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/WithKyuubiServerOnKubernetes.scala
index ed9cbce09..595fdd431 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/WithKyuubiServerOnKubernetes.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/WithKyuubiServerOnKubernetes.scala
@@ -18,14 +18,14 @@
 package org.apache.kyuubi.kubernetes.test
 
 import io.fabric8.kubernetes.api.model.Pod
-import io.fabric8.kubernetes.client.DefaultKubernetesClient
+import io.fabric8.kubernetes.client.KubernetesClient
 
 import org.apache.kyuubi.KyuubiFunSuite
 
 trait WithKyuubiServerOnKubernetes extends KyuubiFunSuite {
   protected def connectionConf: Map[String, String] = Map.empty
 
-  lazy val miniKubernetesClient: DefaultKubernetesClient = MiniKube.getKubernetesClient
+  lazy val miniKubernetesClient: KubernetesClient = MiniKube.getKubernetesClient
   lazy val kyuubiPod: Pod = miniKubernetesClient.pods().withName("kyuubi-test").get()
   lazy val kyuubiServerIp: String = kyuubiPod.getStatus.getPodIP
   lazy val miniKubeIp: String = MiniKube.getIp
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index aebce5dda..83698fa5a 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -92,6 +92,11 @@
             <artifactId>kubernetes-client</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>io.fabric8</groupId>
+            <artifactId>kubernetes-httpclient-okhttp</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.hive</groupId>
             <artifactId>hive-metastore</artifactId>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index bee69b117..1dd5ff83f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -17,9 +17,10 @@
 
 package org.apache.kyuubi.engine
 
-import io.fabric8.kubernetes.api.model.{Pod, PodList}
+import java.util
+
+import io.fabric8.kubernetes.api.model.Pod
 import io.fabric8.kubernetes.client.KubernetesClient
-import io.fabric8.kubernetes.client.dsl.FilterWatchListDeletable
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
@@ -58,17 +59,17 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
       debug(s"Deleting application info from Kubernetes cluster by $tag tag")
       try {
         // Need driver only
-        val operation = findDriverPodByTag(tag)
-        val podList = operation.list().getItems
+        val podList = findDriverPodByTag(tag)
         if (podList.size() != 0) {
-          toApplicationState(podList.get(0).getStatus.getPhase) match {
+          val targetPod = podList.get(0)
+          toApplicationState(targetPod.getStatus.getPhase) match {
             case FAILED | UNKNOWN =>
               (
                 false,
-                s"Target Pod ${podList.get(0).getMetadata.getName} is in FAILED or UNKNOWN status")
+                s"Target Pod ${targetPod.getMetadata.getName} is in FAILED or UNKNOWN status")
             case _ =>
               (
-                operation.delete(),
+                !kubernetesClient.pods.withName(targetPod.getMetadata.getName).delete().isEmpty,
                 s"Operation of deleted appId: ${podList.get(0).getMetadata.getName} is completed")
           }
         } else {
@@ -88,8 +89,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     if (kubernetesClient != null) {
       debug(s"Getting application info from Kubernetes cluster by $tag tag")
       try {
-        val operation = findDriverPodByTag(tag)
-        val podList = operation.list().getItems
+        val podList = findDriverPodByTag(tag)
         if (podList.size() != 0) {
           val pod = podList.get(0)
           val info = ApplicationInfo(
@@ -114,14 +114,14 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     }
   }
 
-  private def findDriverPodByTag(tag: String): FilterWatchListDeletable[Pod, PodList] = {
-    val operation = kubernetesClient.pods()
-      .withLabel(KubernetesApplicationOperation.LABEL_KYUUBI_UNIQUE_KEY, tag)
-    val size = operation.list().getItems.size()
+  private def findDriverPodByTag(tag: String): util.List[Pod] = {
+    val podList = kubernetesClient.pods()
+      .withLabel(KubernetesApplicationOperation.LABEL_KYUUBI_UNIQUE_KEY, tag).list().getItems
+    val size = podList.size()
     if (size != 1) {
       warn(s"Get Tag: ${tag} Driver Pod In Kubernetes size: ${size}, we expect 1")
     }
-    operation
+    podList
   }
 
   override def stop(): Unit = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
index 921aa04ae..0c934b51d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
@@ -22,7 +22,7 @@ import java.io.File
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.google.common.base.Charsets
 import com.google.common.io.Files
-import io.fabric8.kubernetes.client.{Config, ConfigBuilder, DefaultKubernetesClient, KubernetesClient}
+import io.fabric8.kubernetes.client.{Config, ConfigBuilder, KubernetesClient, KubernetesClientBuilder}
 import io.fabric8.kubernetes.client.Config.autoConfigure
 import io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory
 import okhttp3.{Dispatcher, OkHttpClient}
@@ -93,7 +93,10 @@ object KubernetesUtils extends Logging {
 
     debug("Kubernetes client config: " +
       new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(config))
-    Some(new DefaultKubernetesClient(factoryWithCustomDispatcher.createHttpClient(config), config))
+    Some(new KubernetesClientBuilder()
+      .withHttpClientFactory(factoryWithCustomDispatcher)
+      .withConfig(config)
+      .build())
   }
 
   implicit private class OptionConfigurableConfigBuilder(val configBuilder: ConfigBuilder)
diff --git a/pom.xml b/pom.xml
index ed5eb48d6..2082499dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -167,7 +167,7 @@
         <jetty.version>9.4.50.v20221201</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
-        <kubernetes-client.version>5.12.1</kubernetes-client.version>
+        <kubernetes-client.version>6.4.1</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.20.0</log4j.version>
@@ -595,6 +595,16 @@
                 <artifactId>kubernetes-client</artifactId>
                 <version>${kubernetes-client.version}</version>
             </dependency>
+            <!--
+                according to kubernetes-client MIGRATION-v6.md, we should include this dependency
+                for doing any customization to OkHttp clients.
+                https://github.com/fabric8io/kubernetes-client/blob/master/doc/MIGRATION-v6.md#okhttp-httpclient
+            -->
+            <dependency>
+                <groupId>io.fabric8</groupId>
+                <artifactId>kubernetes-httpclient-okhttp</artifactId>
+                <version>${kubernetes-client.version}</version>
+            </dependency>
 
             <!--
               because of THRIFT-4805, we don't upgrade to libthrift:0.12.0,

From 331042964fba9d162e5360723eec39faade39b8e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 7 Mar 2023 14:04:41 +0800
Subject: [PATCH 143/760] [KYUUBI #4464] Simplify and improve log for
 JDBCMetadataStore

### _Why are the changes needed?_

1. enhance the log to include parameters for the prepared statement
2. remove redundant spaces from SQL
3. simplify code by using `JdbcUtils`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4464 from pan3793/jdbc.

Closes #4464

c3ae84f35 [Cheng Pan] Simplify and improve log for JDBCMetadataStore

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../metadata/jdbc/JDBCMetadataStore.scala     | 100 ++++++++----------
 1 file changed, 45 insertions(+), 55 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index f6caa9c1a..488039e2b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -39,6 +39,7 @@ import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.server.metadata.jdbc.DatabaseType._
 import org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStoreConf._
 import org.apache.kyuubi.session.SessionType
+import org.apache.kyuubi.util.JdbcUtils
 
 class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   import JDBCMetadataStore._
@@ -68,11 +69,10 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   hikariConfig.setPoolName("jdbc-metadata-store-pool")
 
   @VisibleForTesting
-  private[kyuubi] val hikariDataSource = new HikariDataSource(hikariConfig)
+  implicit private[kyuubi] val hikariDataSource = new HikariDataSource(hikariConfig)
   private val mapper = new ObjectMapper().registerModule(DefaultScalaModule)
 
-  private val terminalStates =
-    OperationState.terminalStates.map(x => s"'${x.toString}'").mkString(", ")
+  private val terminalStates = OperationState.terminalStates.map(x => s"'$x'").mkString(", ")
 
   if (conf.get(METADATA_STORE_JDBC_DATABASE_SCHEMA_INIT)) {
     initSchema()
@@ -81,7 +81,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   private def initSchema(): Unit = {
     getInitSchema(dbType).foreach { schema =>
       val ddlStatements = schema.trim.split(";")
-      withConnection() { connection =>
+      JdbcUtils.withConnection { connection =>
         Utils.tryLogNonFatalError {
           ddlStatements.foreach { ddlStatement =>
             execute(connection, ddlStatement)
@@ -122,7 +122,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
           inputStream.close()
         }
       }
-    }.headOption
+    }
   }
 
   def getSchemaVersion(schemaUrl: String): (Int, Int, Int) =
@@ -168,7 +168,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
          |VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
          |""".stripMargin
 
-    withConnection() { connection =>
+    JdbcUtils.withConnection { connection =>
       execute(
         connection,
         query,
@@ -198,7 +198,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
         s"SELECT $METADATA_ALL_COLUMNS FROM $METADATA_TABLE WHERE identifier = ?"
       }
 
-    withConnection() { connection =>
+    JdbcUtils.withConnection { connection =>
       withResultSet(connection, query, identifier) { rs =>
         buildMetadata(rs, stateOnly).headOption.orNull
       }
@@ -219,44 +219,44 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     }
     val whereConditions = ListBuffer[String]()
     Option(filter.sessionType).foreach { sessionType =>
-      whereConditions += " session_type = ?"
+      whereConditions += "session_type = ?"
       params += sessionType.toString
     }
     Option(filter.engineType).filter(_.nonEmpty).foreach { engineType =>
-      whereConditions += " UPPER(engine_type) = ? "
+      whereConditions += "UPPER(engine_type) = ?"
       params += engineType.toUpperCase(Locale.ROOT)
     }
     Option(filter.username).filter(_.nonEmpty).foreach { username =>
-      whereConditions += " user_name = ? "
+      whereConditions += "user_name = ?"
       params += username
     }
     Option(filter.state).filter(_.nonEmpty).foreach { state =>
-      whereConditions += " state = ? "
+      whereConditions += "state = ?"
       params += state.toUpperCase(Locale.ROOT)
     }
     Option(filter.kyuubiInstance).filter(_.nonEmpty).foreach { kyuubiInstance =>
-      whereConditions += " kyuubi_instance = ? "
+      whereConditions += "kyuubi_instance = ?"
       params += kyuubiInstance
     }
     if (filter.createTime > 0) {
-      whereConditions += " create_time >= ? "
+      whereConditions += "create_time >= ?"
       params += filter.createTime
     }
     if (filter.endTime > 0) {
-      whereConditions += " end_time > 0 "
-      whereConditions += " end_time <= ? "
+      whereConditions += "end_time > 0"
+      whereConditions += "end_time <= ?"
       params += filter.endTime
     }
     if (filter.peerInstanceClosed) {
-      whereConditions += " peer_instance_closed = ? "
+      whereConditions += "peer_instance_closed = ?"
       params += filter.peerInstanceClosed
     }
     if (whereConditions.nonEmpty) {
-      queryBuilder.append(whereConditions.mkString(" WHERE ", " AND ", " "))
+      queryBuilder.append(whereConditions.mkString(" WHERE ", " AND ", ""))
     }
-    queryBuilder.append(" ORDER BY key_id ")
+    queryBuilder.append(" ORDER BY key_id")
     val query = databaseAdaptor.addLimitAndOffsetToQuery(queryBuilder.toString(), size, from)
-    withConnection() { connection =>
+    JdbcUtils.withConnection { connection =>
       withResultSet(connection, query, params: _*) { rs =>
         buildMetadata(rs, stateOnly)
       }
@@ -270,49 +270,49 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     queryBuilder.append(s"UPDATE $METADATA_TABLE")
     val setClauses = ListBuffer[String]()
     Option(metadata.state).foreach { _ =>
-      setClauses += " state = ? "
+      setClauses += "state = ?"
       params += metadata.state
     }
     if (metadata.endTime > 0) {
-      setClauses += " end_time = ? "
+      setClauses += "end_time = ?"
       params += metadata.endTime
     }
     if (metadata.engineOpenTime > 0) {
-      setClauses += " engine_open_time = ? "
+      setClauses += "engine_open_time = ?"
       params += metadata.engineOpenTime
     }
     Option(metadata.engineId).foreach { _ =>
-      setClauses += " engine_id = ? "
+      setClauses += "engine_id = ?"
       params += metadata.engineId
     }
     Option(metadata.engineName).foreach { _ =>
-      setClauses += " engine_name = ? "
+      setClauses += "engine_name = ?"
       params += metadata.engineName
     }
     Option(metadata.engineUrl).foreach { _ =>
-      setClauses += " engine_url = ? "
+      setClauses += "engine_url = ?"
       params += metadata.engineUrl
     }
     Option(metadata.engineState).foreach { _ =>
-      setClauses += " engine_state = ? "
+      setClauses += "engine_state = ?"
       params += metadata.engineState
     }
     metadata.engineError.foreach { error =>
-      setClauses += " engine_error = ? "
+      setClauses += "engine_error = ?"
       params += error
     }
     if (metadata.peerInstanceClosed) {
-      setClauses += " peer_instance_closed = ? "
+      setClauses += "peer_instance_closed = ?"
       params += metadata.peerInstanceClosed
     }
     if (setClauses.nonEmpty) {
-      queryBuilder.append(setClauses.mkString(" SET ", " , ", " "))
+      queryBuilder.append(setClauses.mkString(" SET ", ", ", ""))
     }
-    queryBuilder.append(" WHERE identifier = ? ")
+    queryBuilder.append(" WHERE identifier = ?")
     params += metadata.identifier
 
     val query = queryBuilder.toString()
-    withConnection() { connection =>
+    JdbcUtils.withConnection { connection =>
       withUpdateCount(connection, query, params: _*) { updateCount =>
         if (updateCount == 0) {
           throw new KyuubiException(
@@ -324,7 +324,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 
   override def cleanupMetadataByIdentifier(identifier: String): Unit = {
     val query = s"DELETE FROM $METADATA_TABLE WHERE identifier = ?"
-    withConnection() { connection =>
+    JdbcUtils.withConnection { connection =>
       execute(connection, query, identifier)
     }
   }
@@ -332,7 +332,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   override def cleanupMetadataByAge(maxAge: Long): Unit = {
     val minEndTime = System.currentTimeMillis() - maxAge
     val query = s"DELETE FROM $METADATA_TABLE WHERE state IN ($terminalStates) AND end_time < ?"
-    withConnection() { connection =>
+    JdbcUtils.withConnection { connection =>
       execute(connection, query, minEndTime)
     }
   }
@@ -403,7 +403,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   }
 
   private def execute(conn: Connection, sql: String, params: Any*): Unit = {
-    debug(s"executing sql $sql")
+    debug(s"execute sql: $sql, with params: ${params.mkString(", ")}")
     var statement: PreparedStatement = null
     try {
       statement = conn.prepareStatement(sql)
@@ -411,7 +411,9 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       statement.execute()
     } catch {
       case e: SQLException =>
-        throw new KyuubiException(s"Error executing $sql:" + e.getMessage, e)
+        throw new KyuubiException(
+          s"Error executing sql: $sql, with params: ${params.mkString(", ")}. ${e.getMessage}",
+          e)
     } finally {
       if (statement != null) {
         Utils.tryLogNonFatalError(statement.close())
@@ -423,7 +425,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       conn: Connection,
       sql: String,
       params: Any*)(f: ResultSet => T): T = {
-    debug(s"executing sql $sql with result set")
+    debug(s"executeQuery sql: $sql, with params: ${params.mkString(", ")}")
     var statement: PreparedStatement = null
     var resultSet: ResultSet = null
     try {
@@ -433,7 +435,9 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       f(resultSet)
     } catch {
       case e: SQLException =>
-        throw new KyuubiException(e.getMessage, e)
+        throw new KyuubiException(
+          s"Error executing sql: $sql, with params: ${params.mkString(", ")}. ${e.getMessage}",
+          e)
     } finally {
       if (resultSet != null) {
         Utils.tryLogNonFatalError(resultSet.close())
@@ -448,7 +452,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       conn: Connection,
       sql: String,
       params: Any*)(f: Int => T): T = {
-    debug(s"executing sql $sql with update count")
+    debug(s"executeUpdate sql: $sql, with params: ${params.mkString(", ")}")
     var statement: PreparedStatement = null
     try {
       statement = conn.prepareStatement(sql)
@@ -456,7 +460,9 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       f(statement.executeUpdate())
     } catch {
       case e: SQLException =>
-        throw new KyuubiException(e.getMessage, e)
+        throw new KyuubiException(
+          s"Error executing sql: $sql, with params: ${params.mkString(", ")}. ${e.getMessage}",
+          e)
     } finally {
       if (statement != null) {
         Utils.tryLogNonFatalError(statement.close())
@@ -479,22 +485,6 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     }
   }
 
-  private def withConnection[T](autoCommit: Boolean = true)(f: Connection => T): T = {
-    var connection: Connection = null
-    try {
-      connection = hikariDataSource.getConnection
-      connection.setAutoCommit(autoCommit)
-      f(connection)
-    } catch {
-      case e: SQLException =>
-        throw new KyuubiException(e.getMessage, e)
-    } finally {
-      if (connection != null) {
-        Utils.tryLogNonFatalError(connection.close())
-      }
-    }
-  }
-
   private def valueAsString(obj: Any): String = {
     mapper.writeValueAsString(obj)
   }

From 39eac5a7805d4e9c14c2852cc00bec1c480723f9 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 7 Mar 2023 14:55:07 +0800
Subject: [PATCH 144/760] [KYUUBI #4438] Render the batch info map in
 kyuubi-ctl

### _Why are the changes needed?_

Close #4438
Follow up of #4390
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4463 from turboFei/render_batch.

Closes #4438

b5ae211bc [fwang12] render batch info

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../src/main/scala/org/apache/kyuubi/ctl/util/Render.scala     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
index aba6df35a..2d4879e42 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
@@ -111,6 +111,9 @@ private[ctl] object Render {
 
   private def buildBatchAppInfo(batch: Batch, showDiagnostic: Boolean = true): List[String] = {
     val batchAppInfo = ListBuffer[String]()
+    batch.getBatchInfo.asScala.foreach { case (key, value) =>
+      batchAppInfo += s"$key: $value"
+    }
     if (batch.getAppStartTime > 0) {
       batchAppInfo += s"App Start Time:" +
         s" ${millisToDateString(batch.getAppStartTime, "yyyy-MM-dd HH:mm:ss")}"

From 222a3345f2d615df3c32270c5a546db0f5f4a23c Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 7 Mar 2023 15:43:23 +0800
Subject: [PATCH 145/760] [KYUUBI #4439][FOLLOWUP] Add dto class for operation
 data

### _Why are the changes needed?_

- add dto for operation data, which is programming friendly
- show exception for session data

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4468 from turboFei/session_op_dto.

Closes #4439

fa905e70c [fwang12] fix ut
5c1c7c845 [fwang12] save
2d20215a0 [fwang12] comments
46cd2384e [fwang12] saev

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../main/scala/org/apache/kyuubi/Utils.scala  |  15 ++
 .../client/api/v1/dto/OperationData.java      | 158 ++++++++++++++++++
 .../kyuubi/client/api/v1/dto/SessionData.java |  13 +-
 .../apache/kyuubi/server/api/ApiUtils.scala   |  56 +++++++
 .../kyuubi/server/api/v1/AdminResource.scala  |  26 +--
 .../server/api/v1/SessionsResource.scala      |  13 +-
 .../server/api/v1/AdminResourceSuite.scala    |  11 +-
 7 files changed, 258 insertions(+), 34 deletions(-)
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
index 7ab312fa1..e4fb23936 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
@@ -387,4 +387,19 @@ object Utils extends Logging {
     Option(Thread.currentThread().getContextClassLoader).getOrElse(getKyuubiClassLoader)
 
   def isOnK8s: Boolean = Files.exists(Paths.get("/var/run/secrets/kubernetes.io"))
+
+  /**
+   * Return a nice string representation of the exception. It will call "printStackTrace" to
+   * recursively generate the stack trace including the exception and its causes.
+   */
+  def prettyPrint(e: Throwable): String = {
+    if (e == null) {
+      ""
+    } else {
+      // Use e.printStackTrace here because e.getStackTrace doesn't include the cause
+      val stringWriter = new StringWriter()
+      e.printStackTrace(new PrintWriter(stringWriter))
+      stringWriter.toString
+    }
+  }
 }
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
new file mode 100644
index 000000000..bc7af4ac9
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+import java.util.Objects;
+import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
+import org.apache.commons.lang3.builder.ToStringStyle;
+
+public class OperationData {
+  private String identifier;
+  private String statement;
+  private String state;
+  private Long createTime;
+  private Long startTime;
+  private Long completeTime;
+  private String exception;
+  private String sessionId;
+  private String sessionUser;
+  private String sessionType;
+
+  public OperationData() {}
+
+  public OperationData(
+      String identifier,
+      String statement,
+      String state,
+      Long createTime,
+      Long startTime,
+      Long completeTime,
+      String exception,
+      String sessionId,
+      String sessionUser,
+      String sessionType) {
+    this.identifier = identifier;
+    this.statement = statement;
+    this.state = state;
+    this.createTime = createTime;
+    this.startTime = startTime;
+    this.completeTime = completeTime;
+    this.exception = exception;
+    this.sessionId = sessionId;
+    this.sessionUser = sessionUser;
+    this.sessionType = sessionType;
+  }
+
+  public String getIdentifier() {
+    return identifier;
+  }
+
+  public void setIdentifier(String identifier) {
+    this.identifier = identifier;
+  }
+
+  public String getStatement() {
+    return statement;
+  }
+
+  public void setStatement(String statement) {
+    this.statement = statement;
+  }
+
+  public String getState() {
+    return state;
+  }
+
+  public void setState(String state) {
+    this.state = state;
+  }
+
+  public Long getCreateTime() {
+    return createTime;
+  }
+
+  public void setCreateTime(Long createTime) {
+    this.createTime = createTime;
+  }
+
+  public Long getStartTime() {
+    return startTime;
+  }
+
+  public void setStartTime(Long startTime) {
+    this.startTime = startTime;
+  }
+
+  public Long getCompleteTime() {
+    return completeTime;
+  }
+
+  public void setCompleteTime(Long completeTime) {
+    this.completeTime = completeTime;
+  }
+
+  public String getException() {
+    return exception;
+  }
+
+  public void setException(String exception) {
+    this.exception = exception;
+  }
+
+  public String getSessionId() {
+    return sessionId;
+  }
+
+  public void setSessionId(String sessionId) {
+    this.sessionId = sessionId;
+  }
+
+  public String getSessionUser() {
+    return sessionUser;
+  }
+
+  public void setSessionUser(String sessionUser) {
+    this.sessionUser = sessionUser;
+  }
+
+  public String getSessionType() {
+    return sessionType;
+  }
+
+  public void setSessionType(String sessionType) {
+    this.sessionType = sessionType;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+    SessionData that = (SessionData) o;
+    return Objects.equals(getIdentifier(), that.getIdentifier());
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(getIdentifier());
+  }
+
+  @Override
+  public String toString() {
+    return ReflectionToStringBuilder.toString(this, ToStringStyle.JSON_STYLE);
+  }
+}
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
index bae6f39da..233fee721 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
@@ -31,6 +31,7 @@ public class SessionData {
   private Long createTime;
   private Long duration;
   private Long idleTime;
+  private String exception;
 
   public SessionData() {}
 
@@ -41,7 +42,8 @@ public SessionData(
       Map<String, String> conf,
       Long createTime,
       Long duration,
-      Long idleTime) {
+      Long idleTime,
+      String exception) {
     this.identifier = identifier;
     this.user = user;
     this.ipAddr = ipAddr;
@@ -49,6 +51,7 @@ public SessionData(
     this.createTime = createTime;
     this.duration = duration;
     this.idleTime = idleTime;
+    this.exception = exception;
   }
 
   public String getIdentifier() {
@@ -110,6 +113,14 @@ public void setIdleTime(Long idleTime) {
     this.idleTime = idleTime;
   }
 
+  public String getException() {
+    return exception;
+  }
+
+  public void setException(String exception) {
+    this.exception = exception;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
new file mode 100644
index 000000000..dbdd34ead
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.api
+
+import scala.collection.JavaConverters._
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.client.api.v1.dto.{OperationData, SessionData}
+import org.apache.kyuubi.events.KyuubiOperationEvent
+import org.apache.kyuubi.operation.KyuubiOperation
+import org.apache.kyuubi.session.KyuubiSession
+
+object ApiUtils {
+
+  def sessionData(session: KyuubiSession): SessionData = {
+    new SessionData(
+      session.handle.identifier.toString,
+      session.user,
+      session.ipAddress,
+      session.conf.asJava,
+      session.createTime,
+      session.lastAccessTime - session.createTime,
+      session.getNoOperationTime,
+      session.getSessionEvent.flatMap(_.exception).map(Utils.prettyPrint).getOrElse(""))
+  }
+
+  def operationData(operation: KyuubiOperation): OperationData = {
+    val opEvent = KyuubiOperationEvent(operation)
+    new OperationData(
+      opEvent.statementId,
+      opEvent.statement,
+      opEvent.state,
+      opEvent.createTime,
+      opEvent.startTime,
+      opEvent.completeTime,
+      opEvent.exception.map(Utils.prettyPrint).getOrElse(""),
+      opEvent.sessionId,
+      opEvent.sessionUser,
+      opEvent.sessionType)
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index ceb7179b8..4418bc8d6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -30,17 +30,16 @@ import io.swagger.v3.oas.annotations.tags.Tag
 import org.apache.zookeeper.KeeperException.NoNodeException
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
-import org.apache.kyuubi.client.api.v1.dto.{Engine, SessionData}
+import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, SessionData}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.ha.HighAvailabilityConf.HA_NAMESPACE
 import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceNodeInfo}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.operation.{KyuubiOperation, OperationHandle}
 import org.apache.kyuubi.server.KyuubiServer
-import org.apache.kyuubi.server.api.ApiRequestContext
-import org.apache.kyuubi.session.SessionHandle
+import org.apache.kyuubi.server.api.{ApiRequestContext, ApiUtils}
+import org.apache.kyuubi.session.{KyuubiSession, SessionHandle}
 
 @Tag(name = "Admin")
 @Produces(Array(MediaType.APPLICATION_JSON))
@@ -122,15 +121,8 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       throw new NotAllowedException(
         s"$userName is not allowed to list all live sessions")
     }
-    fe.be.sessionManager.allSessions().map { session =>
-      new SessionData(
-        session.handle.identifier.toString,
-        session.user,
-        session.ipAddress,
-        session.conf.asJava,
-        session.createTime,
-        session.lastAccessTime - session.createTime,
-        session.getNoOperationTime)
+    fe.be.sessionManager.allSessions().map { case session =>
+      ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])
     }.toSeq
   }
 
@@ -157,12 +149,12 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     content = Array(new Content(
       mediaType = MediaType.APPLICATION_JSON,
       array = new ArraySchema(schema = new Schema(implementation =
-        classOf[KyuubiOperationEvent])))),
+        classOf[OperationData])))),
     description =
-      "get the list of all active operation events")
+      "get the list of all active operations")
   @GET
   @Path("operations")
-  def listOperations(): Seq[KyuubiOperationEvent] = {
+  def listOperations(): Seq[OperationData] = {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Received listing all of the active operations request from $userName/$ipAddress")
@@ -171,7 +163,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
         s"$userName is not allowed to list all the operations")
     }
     fe.be.sessionManager.operationManager.allOperations()
-      .map(operation => KyuubiOperationEvent(operation.asInstanceOf[KyuubiOperation])).toSeq
+      .map(operation => ApiUtils.operationData(operation.asInstanceOf[KyuubiOperation])).toSeq
   }
 
   @ApiResponse(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index 84b19eb00..600ac3c87 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -35,7 +35,7 @@ import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.events.KyuubiEvent
 import org.apache.kyuubi.operation.OperationHandle
-import org.apache.kyuubi.server.api.ApiRequestContext
+import org.apache.kyuubi.server.api.{ApiRequestContext, ApiUtils}
 import org.apache.kyuubi.session.KyuubiSession
 import org.apache.kyuubi.session.SessionHandle
 
@@ -54,15 +54,8 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     description = "get the list of all live sessions")
   @GET
   def sessions(): Seq[SessionData] = {
-    sessionManager.allSessions().map { session =>
-      new SessionData(
-        session.handle.identifier.toString,
-        session.user,
-        session.ipAddress,
-        session.conf.asJava,
-        session.createTime,
-        session.lastAccessTime - session.createTime,
-        session.getNoOperationTime)
+    sessionManager.allSessions().map { case session =>
+      ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])
     }.toSeq
   }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 8aaf6c512..0fc912e7a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -27,13 +27,12 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROT
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite, RestFrontendTestHelper, Utils}
-import org.apache.kyuubi.client.api.v1.dto.{Engine, SessionData, SessionHandle, SessionOpenRequest}
+import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, SessionData, SessionHandle, SessionOpenRequest}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
 import org.apache.kyuubi.engine.{ApplicationState, EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.EngineType.SPARK_SQL
 import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, USER}
-import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.DiscoveryPaths
@@ -189,9 +188,9 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .get()
     assert(200 == response.getStatus)
-    var operations = response.readEntity(new GenericType[Seq[KyuubiOperationEvent]]() {})
+    var operations = response.readEntity(new GenericType[Seq[OperationData]]() {})
     assert(operations.nonEmpty)
-    assert(operations.map(op => op.statementId).contains(operation.identifier.toString))
+    assert(operations.map(op => op.getIdentifier).contains(operation.identifier.toString))
 
     // close operation
     response = webTarget.path(s"api/v1/admin/operations/${operation.identifier}").request()
@@ -203,8 +202,8 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     response = webTarget.path("api/v1/admin/operations").request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .get()
-    operations = response.readEntity(new GenericType[Seq[KyuubiOperationEvent]]() {})
-    assert(!operations.map(op => op.statementId).contains(operation.identifier.toString))
+    operations = response.readEntity(new GenericType[Seq[OperationData]]() {})
+    assert(!operations.map(op => op.getIdentifier).contains(operation.identifier.toString))
   }
 
   test("delete engine - user share level") {

From bc96038f8f2d2d28b74b8278b07890ab69847c3a Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Wed, 8 Mar 2023 09:54:06 +0800
Subject: [PATCH 146/760] [KYUUBI #4433] Fix the case with `create a view from
 view`

close #4433
### _Why are the changes needed?_

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4470 from iodone/kyuubi-4433.

Closes #4433

ca3e9e99 [odone] fix create a view from view

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../helper/SparkSQLLineageParseHelper.scala   |  5 +++++
 .../SparkSQLLineageParserHelperSuite.scala    | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index cfd155527..1224da023 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -414,6 +414,11 @@ trait LineageParser {
             })
         }
 
+      case p: View =>
+        val viewColumnsLineage =
+          extractColumnsLineage(p.child, ListMap[Attribute, AttributeSet]())
+        mergeRelationColumnLineage(parentColumnsLineage, p.output, viewColumnsLineage)
+
       case p: InMemoryRelation =>
         // get logical plan from cachedPlan
         val cachedTableLogical = findSparkPlanLogicalLink(Seq(p.cacheBuilder.cachedPlan))
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index 4e1edc5c1..6180980c8 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -1230,6 +1230,25 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
+  test("test create view from view") {
+    withTable("t1") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
+      spark.sql("CREATE VIEW t2 as select * from t1")
+      val ret0 =
+        exectractLineage(
+          s"create or replace view view_tst comment 'view'" +
+            s" as select a as k,b" +
+            s" from t2" +
+            s" where a in ('HELLO') and c = 'HELLO'")
+      assert(ret0 == Lineage(
+        List("default.t1"),
+        List("default.view_tst"),
+        List(
+          ("default.view_tst.k", Set("default.t1.a")),
+          ("default.view_tst.b", Set("default.t1.b")))))
+    }
+  }
+
   private def exectractLineageWithoutExecuting(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)

From 86f7537a8e2203dd39e9b634cc6cc95dbd3ff326 Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Wed, 8 Mar 2023 09:57:12 +0800
Subject: [PATCH 147/760] [KYUUBI #4451] Skip etcd test if no docker env

### _Why are the changes needed?_

Skip etcd test if no docker env.

It would fail if no docker env
```
org.apache.kyuubi.ha.client.etcd.EtcdDiscoveryClientSuite *** ABORTED ***
  java.lang.IllegalStateException: Could not find a valid Docker environment. Please see logs and check configuration
  at org.testcontainers.dockerclient.DockerClientProviderStrategy.lambda$getFirstValidStrategy$6(DockerClientProviderStrategy.java:257)
  at java.util.Optional.orElseThrow(Optional.java:290)
  at org.testcontainers.dockerclient.DockerClientProviderStrategy.getFirstValidStrategy(DockerClientProviderStrategy.java:247)
  at org.testcontainers.DockerClientFactory.getOrInitializeStrategy(DockerClientFactory.java:135)
  at org.testcontainers.DockerClientFactory.client(DockerClientFactory.java:171)
  at org.testcontainers.containers.Network$NetworkImpl.create(Network.java:69)
  at org.testcontainers.containers.Network$NetworkImpl.getId(Network.java:62)
  at io.etcd.jetcd.launcher.EtcdClusterImpl.start(EtcdClusterImpl.java:72)
  at org.apache.kyuubi.ha.client.etcd.EtcdDiscoveryClientSuite.beforeAll(EtcdDiscoveryClientSuite.scala:48)
```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4451 from ulysses-you/skip-etcd.

Closes #4451

a5e65adb4 [ulysses-you] isDockerAvailable
39baad662 [ulysses-you] Skip etcd test is no docker env

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../etcd/EtcdDiscoveryClientSuite.scala       | 32 ++++++++++++++-----
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClientSuite.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClientSuite.scala
index 5b8855c1e..de48a3495 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClientSuite.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClientSuite.scala
@@ -22,6 +22,9 @@ import java.nio.charset.StandardCharsets
 import scala.collection.JavaConverters._
 
 import io.etcd.jetcd.launcher.{Etcd, EtcdCluster}
+import org.scalactic.source.Position
+import org.scalatest.Tag
+import org.testcontainers.DockerClientFactory
 
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ADDRESSES, HA_CLIENT_CLASS}
@@ -41,25 +44,38 @@ class EtcdDiscoveryClientSuite extends DiscoveryClientTests {
   var conf: KyuubiConf = KyuubiConf()
     .set(HA_CLIENT_CLASS, classOf[EtcdDiscoveryClient].getName)
 
+  private val hasDockerEnv = DockerClientFactory.instance().isDockerAvailable
+
   override def beforeAll(): Unit = {
-    etcdCluster = new Etcd.Builder()
-      .withNodes(2)
-      .build()
-    etcdCluster.start()
-    conf = new KyuubiConf()
-      .set(HA_CLIENT_CLASS, classOf[EtcdDiscoveryClient].getName)
-      .set(HA_ADDRESSES, getConnectString)
+    if (hasDockerEnv) {
+      etcdCluster = new Etcd.Builder()
+        .withNodes(2)
+        .build()
+      etcdCluster.start()
+      conf = new KyuubiConf()
+        .set(HA_CLIENT_CLASS, classOf[EtcdDiscoveryClient].getName)
+        .set(HA_ADDRESSES, getConnectString)
+    }
     super.beforeAll()
   }
 
   override def afterAll(): Unit = {
     super.afterAll()
-    if (etcdCluster != null) {
+    if (hasDockerEnv && etcdCluster != null) {
       etcdCluster.close()
       etcdCluster = null
     }
   }
 
+  override protected def test(
+      testName: String,
+      testTags: Tag*)(testFun: => Any)(implicit pos: Position): Unit = {
+    if (hasDockerEnv) {
+      super.test(testName, testTags: _*)(testFun)
+    }
+    // skip test
+  }
+
   test("etcd test: set, get and delete") {
     withDiscoveryClient(conf) { discoveryClient =>
       val path = "/kyuubi"

From 68b34be4926783c9e35c38969e07cb4f919e0532 Mon Sep 17 00:00:00 2001
From: maruilei <maruilei@58.com>
Date: Wed, 8 Mar 2023 19:29:47 +0800
Subject: [PATCH 148/760] [KYUUBI #4452] Strip the redundant leading and
 tailing slash of getZooKeeperNamespace.

### _Why are the changes needed?_

As described in the discussion:  <https://github.com/apache/kyuubi/discussions/4436>

When the zk namespace contains leading and trailing slashes, the exception will cause the client connection to fail, and the exception prompt information is not clear.

So we strip the redundant leading and tailing slashes of getZooKeeperNamespace and add exception stack information at the same time.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4454 from merrily01/zk-namespace.

Closes #4452

62290545e [maruilei] Address comments.
cee43cd61 [maruilei] [KYUUBI #4452] Strip the redundant leading and tailing slash of getZooKeeperNamespace.

Authored-by: maruilei <maruilei@58.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../jdbc/hive/ZooKeeperHiveClientHelper.java  |  5 +-
 .../hive/ZooKeeperHiveClientHelperTest.java   | 59 +++++++++++++++++++
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelperTest.java

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
index 349fc8dfb..41fadfa2f 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.jdbc.hive;
 
+import com.google.common.annotations.VisibleForTesting;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
@@ -32,12 +33,14 @@ class ZooKeeperHiveClientHelper {
   // Pattern for key1=value1;key2=value2
   private static final Pattern kvPattern = Pattern.compile("([^=;]*)=([^;]*);?");
 
-  private static String getZooKeeperNamespace(JdbcConnectionParams connParams) {
+  @VisibleForTesting
+  protected static String getZooKeeperNamespace(JdbcConnectionParams connParams) {
     String zooKeeperNamespace =
         connParams.getSessionVars().get(JdbcConnectionParams.ZOOKEEPER_NAMESPACE);
     if ((zooKeeperNamespace == null) || (zooKeeperNamespace.isEmpty())) {
       zooKeeperNamespace = JdbcConnectionParams.ZOOKEEPER_DEFAULT_NAMESPACE;
     }
+    zooKeeperNamespace = zooKeeperNamespace.replaceAll("^/+", "").replaceAll("/+$", "");
     return zooKeeperNamespace;
   }
 
diff --git a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelperTest.java b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelperTest.java
new file mode 100644
index 000000000..d1fd78f47
--- /dev/null
+++ b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelperTest.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.jdbc.hive;
+
+import static org.apache.kyuubi.jdbc.hive.Utils.extractURLComponents;
+import static org.junit.Assert.assertEquals;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Properties;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class ZooKeeperHiveClientHelperTest {
+
+  private String uri;
+
+  @Parameterized.Parameters
+  public static Collection<String[]> data() {
+    return Arrays.asList(
+        new String[][] {
+          {"jdbc:hive2://hostname:10018/db;zooKeeperNamespace=zookeeper/namespace"},
+          {"jdbc:hive2://hostname:10018/db;zooKeeperNamespace=/zookeeper/namespace"},
+          {"jdbc:hive2://hostname:10018/db;zooKeeperNamespace=zookeeper/namespace/"},
+          {"jdbc:hive2://hostname:10018/db;zooKeeperNamespace=/zookeeper/namespace/"},
+          {"jdbc:hive2://hostname:10018/db;zooKeeperNamespace=///zookeeper/namespace///"}
+        });
+  }
+
+  public ZooKeeperHiveClientHelperTest(String uri) {
+    this.uri = uri;
+  }
+
+  @Test
+  public void testGetZooKeeperNamespace() throws JdbcUriParseException {
+    JdbcConnectionParams jdbcConnectionParams = extractURLComponents(uri, new Properties());
+    assertEquals(
+        "zookeeper/namespace",
+        ZooKeeperHiveClientHelper.getZooKeeperNamespace(jdbcConnectionParams));
+  }
+}

From 17466ea41ab15766c0cc01473c18b1c56d6cbffb Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 8 Mar 2023 21:28:10 +0800
Subject: [PATCH 149/760] [KYUUBI #4479] Restore JDBC Kerberos authentication
 behavior for UGI.doAs

### _Why are the changes needed?_

A typical use case of Hadoop UGI w/ Kyuubi Hive JDBC is
```
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
ugi.doAs(() -> {
  Connection conn = DriverManager.getConnection(
        "jdbc:kyuubi://host:10009/default;principal=kyuubi_HOST/ABC.ORG");
  ...
});
```

After https://github.com/apache/kyuubi/pull/3023, Kyuubi Hive JDBC implements the Kerberos authentication by using JDK directly instead of Hadoop `UserGroupInformation`, but it also introduce a breaking change for Hadoop users, including the above case. As workaround, user should add `kerberosAuthType=fromSubject` alongside w/ `principal=kyuubi_HOST/ABC.ORG` to make it work.

This PR propose to restore the behavior before https://github.com/apache/kyuubi/pull/3023 by handling UGI.doAs explicitly.

And this PR makes the `clientPrincipal` `clientKeytab` as the highest priority, so in below cases, `clientPrincipal` `clientKeytab` take effects instead of UGI.

```
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
ugi.doAs(() -> {
  Connection conn = DriverManager.getConnection(
        "jdbc:kyuubi://host:10009/default;principal=kyuubi_HOST/ABC.ORG;" +
        "clientPrincipal=tom_HOST/ABC.ORG;clientKeytab=/path/xxx.keytab");
  ...
});
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4479 from pan3793/detect-ugi.

Closes #4479

0e169abc6 [Cheng Pan] nit
19036e3d7 [Cheng Pan] reorder
e8faf9c56 [Cheng Pan] Restore JDBC kerberos authentication behavior for UGI.doAs

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/jdbc/hive/KyuubiConnection.java    | 41 ++++++++++++-------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index 0932ea565..2a485b24e 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -30,10 +30,7 @@
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.KeyStore;
-import java.security.SecureRandom;
+import java.security.*;
 import java.sql.*;
 import java.util.*;
 import java.util.Map.Entry;
@@ -43,6 +40,7 @@
 import javax.net.ssl.TrustManagerFactory;
 import javax.security.auth.Subject;
 import javax.security.sasl.Sasl;
+import org.apache.commons.lang3.ClassUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.hive.service.rpc.thrift.*;
 import org.apache.http.HttpRequestInterceptor;
@@ -813,11 +811,16 @@ private boolean isSaslAuthMode() {
     return !AUTH_SIMPLE.equalsIgnoreCase(sessConfMap.get(AUTH_TYPE));
   }
 
-  private boolean isFromSubjectAuthMode() {
-    return isSaslAuthMode()
-        && hasSessionValue(AUTH_PRINCIPAL)
-        && AUTH_KERBEROS_AUTH_TYPE_FROM_SUBJECT.equalsIgnoreCase(
-            sessConfMap.get(AUTH_KERBEROS_AUTH_TYPE));
+  private boolean isHadoopUserGroupInformationDoAs() {
+    try {
+      @SuppressWarnings("unchecked")
+      Class<? extends Principal> HadoopUserClz =
+          (Class<? extends Principal>) ClassUtils.getClass("org.apache.hadoop.security.User");
+      Subject subject = Subject.getSubject(AccessController.getContext());
+      return subject != null && !subject.getPrincipals(HadoopUserClz).isEmpty();
+    } catch (ClassNotFoundException e) {
+      return false;
+    }
   }
 
   private boolean isKeytabAuthMode() {
@@ -827,6 +830,16 @@ && hasSessionValue(AUTH_KYUUBI_CLIENT_PRINCIPAL)
         && hasSessionValue(AUTH_KYUUBI_CLIENT_KEYTAB);
   }
 
+  private boolean isFromSubjectAuthMode() {
+    return isSaslAuthMode()
+        && hasSessionValue(AUTH_PRINCIPAL)
+        && !hasSessionValue(AUTH_KYUUBI_CLIENT_PRINCIPAL)
+        && !hasSessionValue(AUTH_KYUUBI_CLIENT_KEYTAB)
+        && (AUTH_KERBEROS_AUTH_TYPE_FROM_SUBJECT.equalsIgnoreCase(
+                sessConfMap.get(AUTH_KERBEROS_AUTH_TYPE))
+            || isHadoopUserGroupInformationDoAs());
+  }
+
   private boolean isTgtCacheAuthMode() {
     return isSaslAuthMode()
         && hasSessionValue(AUTH_PRINCIPAL)
@@ -843,15 +856,15 @@ private boolean isKerberosAuthMode() {
   }
 
   private Subject createSubject() {
-    if (isFromSubjectAuthMode()) {
+    if (isKeytabAuthMode()) {
+      String principal = sessConfMap.get(AUTH_KYUUBI_CLIENT_PRINCIPAL);
+      String keytab = sessConfMap.get(AUTH_KYUUBI_CLIENT_KEYTAB);
+      return KerberosAuthenticationManager.getKeytabAuthentication(principal, keytab).getSubject();
+    } else if (isFromSubjectAuthMode()) {
       AccessControlContext context = AccessController.getContext();
       return Subject.getSubject(context);
     } else if (isTgtCacheAuthMode()) {
       return KerberosAuthenticationManager.getTgtCacheAuthentication().getSubject();
-    } else if (isKeytabAuthMode()) {
-      String principal = sessConfMap.get(AUTH_KYUUBI_CLIENT_PRINCIPAL);
-      String keytab = sessConfMap.get(AUTH_KYUUBI_CLIENT_KEYTAB);
-      return KerberosAuthenticationManager.getKeytabAuthentication(principal, keytab).getSubject();
     } else {
       // This should never happen
       throw new IllegalArgumentException("Unsupported auth mode");

From d2a0fe2b60b6b20406ce7c02a553807b2ffdfc6e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 8 Mar 2023 22:35:40 +0800
Subject: [PATCH 150/760] [KYUUBI #4481] Setup and use cached maven in CI jobs

### _Why are the changes needed?_

- Setup and use cached `build/mvn` in CI jobs, to prevent repeatedly downloading mvn from remote

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4481 from bowenliang123/setup-maven.

Closes #4481

3906430da [liangbowen] ignore occasional mvnd failure
366806256 [liangbowen] setup cached build/maven

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/actions/setup-mvnd/action.yaml |  5 ++---
 .github/workflows/dep.yml              |  2 +-
 .github/workflows/license.yml          |  2 +-
 .github/workflows/master.yml           | 16 ++++++++++++++++
 .github/workflows/nightly.yml          |  2 ++
 .github/workflows/style.yml            |  2 +-
 6 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/.github/actions/setup-mvnd/action.yaml b/.github/actions/setup-mvnd/action.yaml
index 55c8139ff..dac05c024 100644
--- a/.github/actions/setup-mvnd/action.yaml
+++ b/.github/actions/setup-mvnd/action.yaml
@@ -16,8 +16,7 @@
 #
 
 name: 'setup-mvnd'
-description: 'Setup the maven daemon'
-continue-on-error: true
+description: 'Setup Maven and Mvnd'
 runs:
   using: composite
   steps:
@@ -32,5 +31,5 @@ runs:
       run: build/mvn -v
       shell: bash
     - name: Check Mvnd
-      run: build/mvnd -v
+      run: build/mvnd -v || true
       shell: bash
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index 72f5c915d..09197951a 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -45,7 +45,7 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Mvnd
+      - name: Setup Maven and Mvnd
         uses: ./.github/actions/setup-mvnd
       - name: Check kyuubi modules available
         id: modules-check
diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index a490def91..e62605e7f 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -42,7 +42,7 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Mvnd
+      - name: Setup Maven and Mvnd
         uses: ./.github/actions/setup-mvnd
       - run: >-
           build/mvnd org.apache.rat:apache-rat-plugin:check
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index a70117826..4d48e5b3b 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -77,6 +77,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Setup Python
@@ -131,6 +133,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Kyuubi AuthZ with supported Spark versions
@@ -182,6 +186,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build Flink with maven w/o linters
@@ -228,6 +234,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Hive with maven w/o linters
@@ -265,6 +273,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test JDBC with maven w/o linters
@@ -302,6 +312,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Trino with maven w/o linters
@@ -334,6 +346,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Run TPC-DS Tests
@@ -471,6 +485,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: zookeeper integration tests
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 149da6d82..b53a7d292 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -43,6 +43,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven and Mvnd
+        uses: ./.github/actions/setup-mvnd
       - name: Build with Maven
         run: ./build/mvn clean install ${{ matrix.profiles }} -Dmaven.javadoc.skip=true -V
       - name: Upload test logs
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 717cbbc70..bfaf22e2e 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -45,7 +45,7 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Mvnd
+      - name: Setup Maven and Mvnd
         uses: ./.github/actions/setup-mvnd
       - name: Setup Python 3
         uses: actions/setup-python@v4

From f47c21c306ada2a84094dfe81ca3590b1a80de2e Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 9 Mar 2023 00:18:45 +0800
Subject: [PATCH 151/760] [KYUUBI #4482] Support to disable batch resource
 upload function

### _Why are the changes needed?_

Support to disable batch resource upload in server side for service stability.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4482 from turboFei/batches.

Closes #4482

b5cbfb506 [fwang12] version
6219ae2c9 [fwang12] save
e83963675 [fwang12] disable

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../main/scala/org/apache/kyuubi/config/KyuubiConf.scala  | 8 ++++++++
 .../org/apache/kyuubi/server/api/v1/BatchesResource.scala | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index c836b0165..70479ce30 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1511,6 +1511,14 @@ object KyuubiConf {
       .timeConf
       .createWithDefault(Duration.ofSeconds(5).toMillis)
 
+  val BATCH_RESOURCE_UPLOAD_ENABLED: ConfigEntry[Boolean] =
+    buildConf("kyuubi.batch.resource.upload.enabled")
+      .internal
+      .doc("Whether to enable Kyuubi batch resource upload function.")
+      .version("1.7.1")
+      .booleanConf
+      .createWithDefault(true)
+
   val SERVER_EXEC_POOL_SIZE: ConfigEntry[Int] =
     buildConf("kyuubi.backend.server.exec.pool.size")
       .doc("Number of threads in the operation execution thread pool of Kyuubi server")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index edfc05616..0ef3c8bac 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -184,6 +184,9 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       @FormDataParam("batchRequest") batchRequest: BatchRequest,
       @FormDataParam("resourceFile") resourceFileInputStream: InputStream,
       @FormDataParam("resourceFile") resourceFileMetadata: FormDataContentDisposition): Batch = {
+    require(
+      fe.getConf.get(KyuubiConf.BATCH_RESOURCE_UPLOAD_ENABLED),
+      "Batch resource upload function is not enabled.")
     require(
       batchRequest != null,
       "batchRequest is required and please check the content type" +

From 3595d5f65e9c85e5388620683d59876b89d1aa6b Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Thu, 9 Mar 2023 00:28:49 +0800
Subject: [PATCH 152/760] [KYUUBI #4471] Prompted command for docs generation
 should skip Java tests

### _Why are the changes needed?_

Notify user fix setting.md with mvn opt ~`-DskipTests`~  `-Dtest=none` to skip unrelated java test.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4471 from zwangsheng/unit/skip_when_modify_setting.

Closes #4471

f0d7993f5 [zwangsheng] Put -Dtest=none befor
58bd24571 [zwangsheng] Skip Java Test Case with Recommand -Dtest=none
3f2ace38d [zwangsheng] Notifiy user fix setting md with skip unit test mvn opts

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/test/scala/org/apache/kyuubi/MarkdownUtils.scala      | 2 +-
 .../org/apache/kyuubi/config/AllKyuubiConfiguration.scala     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
index 45568df25..25a768b75 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
@@ -50,7 +50,7 @@ object MarkdownUtils {
         withClue(s"$markdown out of date, as line ${index + 1} is not expected." +
           " Please update doc with KYUUBI_UPDATE=1 build/mvn clean test" +
           s" -pl $module -am -Pflink-provided,spark-provided,hive-provided" +
-          s" -DwildcardSuites=$agent") {
+          s" -Dtest=none -DwildcardSuites=$agent ") {
           assertResult(str2)(str1)
         }
       }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index bb183c00c..9fff482d4 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -35,12 +35,12 @@ import org.apache.kyuubi.zookeeper.ZookeeperConf
  *
  * To run the entire test suite:
  * {{{
- *   build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
+ *   build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -Dtest=none -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
  * }}}
  *
  * To re-generate golden files for entire suite, run:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
+ *   KYUUBI_UPDATE=1 build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -Dtest=none -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
  * }}}
  */
 // scalastyle:on line.size.limit

From a47bf6e633eacdf23bc1e29718109272a2e02209 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Mar 2023 02:15:47 +0800
Subject: [PATCH 153/760] [KYUUBI #4483] Enable REST frontend protocol by
 default

### _Why are the changes needed?_

REST frontend protocol was introduced in Kyuubi 1.4.0 https://github.com/apache/kyuubi/pull/1349, more and more users are using REST in recent days, and to simplify the planned Web UI developments, I think we should enable the REST by default for master(1.8.0-SNAPSHOT).

I do not remove the "experiment" because we don't have strong confident to ensure the API stability in this time, I would like to defer it until the community has confident to mark it as stable.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4483 from pan3793/enable-rest.

Closes #4483

66fef0224 [Cheng Pan] http
91a29b453 [Cheng Pan] nit
29a4826da [Cheng Pan] Enable REST frontend protocol in default

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/values.yaml                     |   2 +-
 conf/kyuubi-defaults.conf.template            |   3 +-
 docs/deployment/settings.md                   | 118 +++++++++---------
 .../org/apache/kyuubi/config/KyuubiConf.scala |   4 +-
 .../server/KyuubiRestFrontendService.scala    |   2 +-
 5 files changed, 66 insertions(+), 63 deletions(-)

diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index ddd16a9b7..48d5573f8 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -80,7 +80,7 @@ server:
 
   # REST API protocol (experimental)
   rest:
-    enabled: false
+    enabled: true
     port: 10099
     service:
       type: ClusterIP
diff --git a/conf/kyuubi-defaults.conf.template b/conf/kyuubi-defaults.conf.template
index 6522e32e4..c93971d91 100644
--- a/conf/kyuubi-defaults.conf.template
+++ b/conf/kyuubi-defaults.conf.template
@@ -21,8 +21,9 @@
 # kyuubi.authentication                    NONE
 #
 # kyuubi.frontend.bind.host                10.0.0.1
-# kyuubi.frontend.protocols                THRIFT_BINARY
+# kyuubi.frontend.protocols                THRIFT_BINARY,REST
 # kyuubi.frontend.thrift.binary.bind.port  10009
+# kyuubi.frontend.rest.bind.port           10099
 #
 # kyuubi.engine.type                       SPARK_SQL
 # kyuubi.engine.share.level                USER
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 1ba684f27..b34aa4c48 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -182,65 +182,65 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Frontend
 
-|                          Key                           |      Default      |                                                                                                                                                                                                                                                           Meaning                                                                                                                                                                                                                                                           |   Type   | Since |
-|--------------------------------------------------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.frontend.backoff.slot.length                    | PT0.1S            | (deprecated) Time to back off during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
-| kyuubi.frontend.bind.host                              | &lt;undefined&gt; | Hostname or IP of the machine on which to run the frontend services.                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.0.0 |
-| kyuubi.frontend.bind.port                              | 10009             | (deprecated) Port of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                       | int      | 1.0.0 |
-| kyuubi.frontend.connection.url.use.hostname            | true              | When true, frontend services prefer hostname, otherwise, ip address. Note that, the default value is set to `false` when engine running on Kubernetes to prevent potential network issues.                                                                                                                                                                                                                                                                                                                                  | boolean  | 1.5.0 |
-| kyuubi.frontend.login.timeout                          | PT20S             | (deprecated) Timeout for Thrift clients during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                        | duration | 1.0.0 |
-| kyuubi.frontend.max.message.size                       | 104857600         | (deprecated) Maximum message size in bytes a Kyuubi server will accept.                                                                                                                                                                                                                                                                                                                                                                                                                                                     | int      | 1.0.0 |
-| kyuubi.frontend.max.worker.threads                     | 999               | (deprecated) Maximum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.0.0 |
-| kyuubi.frontend.min.worker.threads                     | 9                 | (deprecated) Minimum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.0.0 |
-| kyuubi.frontend.mysql.bind.host                        | &lt;undefined&gt; | Hostname or IP of the machine on which to run the MySQL frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
-| kyuubi.frontend.mysql.bind.port                        | 3309              | Port of the machine on which to run the MySQL frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.4.0 |
-| kyuubi.frontend.mysql.max.worker.threads               | 999               | Maximum number of threads in the command execution thread pool for the MySQL frontend service                                                                                                                                                                                                                                                                                                                                                                                                                               | int      | 1.4.0 |
-| kyuubi.frontend.mysql.min.worker.threads               | 9                 | Minimum number of threads in the command execution thread pool for the MySQL frontend service                                                                                                                                                                                                                                                                                                                                                                                                                               | int      | 1.4.0 |
-| kyuubi.frontend.mysql.netty.worker.threads             | &lt;undefined&gt; | Number of thread in the netty worker event loop of MySQL frontend service. Use min(cpu_cores, 8) in default.                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.4.0 |
-| kyuubi.frontend.mysql.worker.keepalive.time            | PT1M              | Time(ms) that an idle async thread of the command execution thread pool will wait for a new task to arrive before terminating in MySQL frontend service                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.4.0 |
-| kyuubi.frontend.protocols                              | THRIFT_BINARY     | A comma-separated list for all frontend protocols <ul> <li>THRIFT_BINARY - HiveServer2 compatible thrift binary protocol.</li> <li>THRIFT_HTTP - HiveServer2 compatible thrift http protocol.</li> <li>REST - Kyuubi defined REST API(experimental).</li>  <li>MYSQL - MySQL compatible text protocol(experimental).</li>  <li>TRINO - Trino compatible http protocol(experimental).</li> </ul>                                                                                                                             | seq      | 1.4.0 |
-| kyuubi.frontend.proxy.http.client.ip.header            | X-Real-IP         | The HTTP header to record the real client IP address. If your server is behind a load balancer or other proxy, the server will see this load balancer or proxy IP address as the client IP address, to get around this common issue, most load balancers or proxies offer the ability to record the real remote IP address in an HTTP header that will be added to the request for other devices to use. Note that, because the header value can be specified to any IP address, so it will not be used for authentication. | string   | 1.6.0 |
-| kyuubi.frontend.rest.bind.host                         | &lt;undefined&gt; | Hostname or IP of the machine on which to run the REST frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.4.0 |
-| kyuubi.frontend.rest.bind.port                         | 10099             | Port of the machine on which to run the REST frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                              | int      | 1.4.0 |
-| kyuubi.frontend.rest.max.worker.threads                | 999               | Maximum number of threads in the frontend worker thread pool for the rest frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.6.2 |
-| kyuubi.frontend.ssl.keystore.algorithm                 | &lt;undefined&gt; | SSL certificate keystore algorithm.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.7.0 |
-| kyuubi.frontend.ssl.keystore.password                  | &lt;undefined&gt; | SSL certificate keystore password.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.7.0 |
-| kyuubi.frontend.ssl.keystore.path                      | &lt;undefined&gt; | SSL certificate keystore location.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.7.0 |
-| kyuubi.frontend.ssl.keystore.type                      | &lt;undefined&gt; | SSL certificate keystore type.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.7.0 |
-| kyuubi.frontend.thrift.backoff.slot.length             | PT0.1S            | Time to back off during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.4.0 |
-| kyuubi.frontend.thrift.binary.bind.host                | &lt;undefined&gt; | Hostname or IP of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.4.0 |
-| kyuubi.frontend.thrift.binary.bind.port                | 10009             | Port of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.4.0 |
-| kyuubi.frontend.thrift.binary.ssl.disallowed.protocols | SSLv2,SSLv3       | SSL versions to disallow for Kyuubi thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | seq      | 1.7.0 |
-| kyuubi.frontend.thrift.binary.ssl.enabled              | false             | Set this to true for using SSL encryption in thrift binary frontend server.                                                                                                                                                                                                                                                                                                                                                                                                                                                 | boolean  | 1.7.0 |
-| kyuubi.frontend.thrift.binary.ssl.include.ciphersuites                    || A comma-separated list of include SSL cipher suite names for thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq      | 1.7.0 |
-| kyuubi.frontend.thrift.http.allow.user.substitution    | true              | Allow alternate user to be specified as part of open connection request when using HTTP transport mode.                                                                                                                                                                                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
-| kyuubi.frontend.thrift.http.bind.host                  | &lt;undefined&gt; | Hostname or IP of the machine on which to run the thrift frontend service via http protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
-| kyuubi.frontend.thrift.http.bind.port                  | 10010             | Port of the machine on which to run the thrift frontend service via http protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                          | int      | 1.6.0 |
-| kyuubi.frontend.thrift.http.compression.enabled        | true              | Enable thrift http compression via Jetty compression support                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.6.0 |
-| kyuubi.frontend.thrift.http.cookie.auth.enabled        | true              | When true, Kyuubi in HTTP transport mode, will use cookie-based authentication mechanism                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
-| kyuubi.frontend.thrift.http.cookie.domain              | &lt;undefined&gt; | Domain for the Kyuubi generated cookies                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.6.0 |
-| kyuubi.frontend.thrift.http.cookie.is.httponly         | true              | HttpOnly attribute of the Kyuubi generated cookie.                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | boolean  | 1.6.0 |
-| kyuubi.frontend.thrift.http.cookie.max.age             | 86400             | Maximum age in seconds for server side cookie used by Kyuubi in HTTP mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.6.0 |
-| kyuubi.frontend.thrift.http.cookie.path                | &lt;undefined&gt; | Path for the Kyuubi generated cookies                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
-| kyuubi.frontend.thrift.http.max.idle.time              | PT30M             | Maximum idle time for a connection on the server when in HTTP mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                         | duration | 1.6.0 |
-| kyuubi.frontend.thrift.http.path                       | cliservice        | Path component of URL endpoint when in HTTP mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
-| kyuubi.frontend.thrift.http.request.header.size        | 6144              | Request header size in bytes, when using HTTP transport mode. Jetty defaults used.                                                                                                                                                                                                                                                                                                                                                                                                                                          | int      | 1.6.0 |
-| kyuubi.frontend.thrift.http.response.header.size       | 6144              | Response header size in bytes, when using HTTP transport mode. Jetty defaults used.                                                                                                                                                                                                                                                                                                                                                                                                                                         | int      | 1.6.0 |
-| kyuubi.frontend.thrift.http.ssl.exclude.ciphersuites                      || A comma-separated list of exclude SSL cipher suite names for thrift http frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                          | seq      | 1.7.0 |
-| kyuubi.frontend.thrift.http.ssl.keystore.password      | &lt;undefined&gt; | SSL certificate keystore password.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
-| kyuubi.frontend.thrift.http.ssl.keystore.path          | &lt;undefined&gt; | SSL certificate keystore location.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
-| kyuubi.frontend.thrift.http.ssl.protocol.blacklist     | SSLv2,SSLv3       | SSL Versions to disable when using HTTP transport mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | seq      | 1.6.0 |
-| kyuubi.frontend.thrift.http.use.SSL                    | false             | Set this to true for using SSL encryption in http mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
-| kyuubi.frontend.thrift.http.xsrf.filter.enabled        | false             | If enabled, Kyuubi will block any requests made to it over HTTP if an X-XSRF-HEADER header is not present                                                                                                                                                                                                                                                                                                                                                                                                                   | boolean  | 1.6.0 |
-| kyuubi.frontend.thrift.login.timeout                   | PT20S             | Timeout for Thrift clients during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.4.0 |
-| kyuubi.frontend.thrift.max.message.size                | 104857600         | Maximum message size in bytes a Kyuubi server will accept.                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.4.0 |
-| kyuubi.frontend.thrift.max.worker.threads              | 999               | Maximum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.4.0 |
-| kyuubi.frontend.thrift.min.worker.threads              | 9                 | Minimum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.4.0 |
-| kyuubi.frontend.thrift.worker.keepalive.time           | PT1M              | Keep-alive time (in milliseconds) for an idle worker thread                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | duration | 1.4.0 |
-| kyuubi.frontend.trino.bind.host                        | &lt;undefined&gt; | Hostname or IP of the machine on which to run the TRINO frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.7.0 |
-| kyuubi.frontend.trino.bind.port                        | 10999             | Port of the machine on which to run the TRINO frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.7.0 |
-| kyuubi.frontend.trino.max.worker.threads               | 999               | Maximum number of threads in the frontend worker thread pool for the Trino frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.7.0 |
-| kyuubi.frontend.worker.keepalive.time                  | PT1M              | (deprecated) Keep-alive time (in milliseconds) for an idle worker thread                                                                                                                                                                                                                                                                                                                                                                                                                                                    | duration | 1.0.0 |
+|                          Key                           |      Default       |                                                                                                                                                                                                                                                           Meaning                                                                                                                                                                                                                                                           |   Type   | Since |
+|--------------------------------------------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.frontend.backoff.slot.length                    | PT0.1S             | (deprecated) Time to back off during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
+| kyuubi.frontend.bind.host                              | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the frontend services.                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.0.0 |
+| kyuubi.frontend.bind.port                              | 10009              | (deprecated) Port of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                       | int      | 1.0.0 |
+| kyuubi.frontend.connection.url.use.hostname            | true               | When true, frontend services prefer hostname, otherwise, ip address. Note that, the default value is set to `false` when engine running on Kubernetes to prevent potential network issues.                                                                                                                                                                                                                                                                                                                                  | boolean  | 1.5.0 |
+| kyuubi.frontend.login.timeout                          | PT20S              | (deprecated) Timeout for Thrift clients during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                        | duration | 1.0.0 |
+| kyuubi.frontend.max.message.size                       | 104857600          | (deprecated) Maximum message size in bytes a Kyuubi server will accept.                                                                                                                                                                                                                                                                                                                                                                                                                                                     | int      | 1.0.0 |
+| kyuubi.frontend.max.worker.threads                     | 999                | (deprecated) Maximum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.0.0 |
+| kyuubi.frontend.min.worker.threads                     | 9                  | (deprecated) Minimum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.0.0 |
+| kyuubi.frontend.mysql.bind.host                        | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the MySQL frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
+| kyuubi.frontend.mysql.bind.port                        | 3309               | Port of the machine on which to run the MySQL frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.4.0 |
+| kyuubi.frontend.mysql.max.worker.threads               | 999                | Maximum number of threads in the command execution thread pool for the MySQL frontend service                                                                                                                                                                                                                                                                                                                                                                                                                               | int      | 1.4.0 |
+| kyuubi.frontend.mysql.min.worker.threads               | 9                  | Minimum number of threads in the command execution thread pool for the MySQL frontend service                                                                                                                                                                                                                                                                                                                                                                                                                               | int      | 1.4.0 |
+| kyuubi.frontend.mysql.netty.worker.threads             | &lt;undefined&gt;  | Number of thread in the netty worker event loop of MySQL frontend service. Use min(cpu_cores, 8) in default.                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.4.0 |
+| kyuubi.frontend.mysql.worker.keepalive.time            | PT1M               | Time(ms) that an idle async thread of the command execution thread pool will wait for a new task to arrive before terminating in MySQL frontend service                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.4.0 |
+| kyuubi.frontend.protocols                              | THRIFT_BINARY,REST | A comma-separated list for all frontend protocols <ul> <li>THRIFT_BINARY - HiveServer2 compatible thrift binary protocol.</li> <li>THRIFT_HTTP - HiveServer2 compatible thrift http protocol.</li> <li>REST - Kyuubi defined REST API(experimental).</li>  <li>MYSQL - MySQL compatible text protocol(experimental).</li>  <li>TRINO - Trino compatible http protocol(experimental).</li> </ul>                                                                                                                             | seq      | 1.4.0 |
+| kyuubi.frontend.proxy.http.client.ip.header            | X-Real-IP          | The HTTP header to record the real client IP address. If your server is behind a load balancer or other proxy, the server will see this load balancer or proxy IP address as the client IP address, to get around this common issue, most load balancers or proxies offer the ability to record the real remote IP address in an HTTP header that will be added to the request for other devices to use. Note that, because the header value can be specified to any IP address, so it will not be used for authentication. | string   | 1.6.0 |
+| kyuubi.frontend.rest.bind.host                         | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the REST frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.4.0 |
+| kyuubi.frontend.rest.bind.port                         | 10099              | Port of the machine on which to run the REST frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                              | int      | 1.4.0 |
+| kyuubi.frontend.rest.max.worker.threads                | 999                | Maximum number of threads in the frontend worker thread pool for the rest frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.6.2 |
+| kyuubi.frontend.ssl.keystore.algorithm                 | &lt;undefined&gt;  | SSL certificate keystore algorithm.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.7.0 |
+| kyuubi.frontend.ssl.keystore.password                  | &lt;undefined&gt;  | SSL certificate keystore password.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.7.0 |
+| kyuubi.frontend.ssl.keystore.path                      | &lt;undefined&gt;  | SSL certificate keystore location.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.7.0 |
+| kyuubi.frontend.ssl.keystore.type                      | &lt;undefined&gt;  | SSL certificate keystore type.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.7.0 |
+| kyuubi.frontend.thrift.backoff.slot.length             | PT0.1S             | Time to back off during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.4.0 |
+| kyuubi.frontend.thrift.binary.bind.host                | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.4.0 |
+| kyuubi.frontend.thrift.binary.bind.port                | 10009              | Port of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.4.0 |
+| kyuubi.frontend.thrift.binary.ssl.disallowed.protocols | SSLv2,SSLv3        | SSL versions to disallow for Kyuubi thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | seq      | 1.7.0 |
+| kyuubi.frontend.thrift.binary.ssl.enabled              | false              | Set this to true for using SSL encryption in thrift binary frontend server.                                                                                                                                                                                                                                                                                                                                                                                                                                                 | boolean  | 1.7.0 |
+| kyuubi.frontend.thrift.binary.ssl.include.ciphersuites                     || A comma-separated list of include SSL cipher suite names for thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq      | 1.7.0 |
+| kyuubi.frontend.thrift.http.allow.user.substitution    | true               | Allow alternate user to be specified as part of open connection request when using HTTP transport mode.                                                                                                                                                                                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
+| kyuubi.frontend.thrift.http.bind.host                  | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the thrift frontend service via http protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
+| kyuubi.frontend.thrift.http.bind.port                  | 10010              | Port of the machine on which to run the thrift frontend service via http protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                          | int      | 1.6.0 |
+| kyuubi.frontend.thrift.http.compression.enabled        | true               | Enable thrift http compression via Jetty compression support                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.6.0 |
+| kyuubi.frontend.thrift.http.cookie.auth.enabled        | true               | When true, Kyuubi in HTTP transport mode, will use cookie-based authentication mechanism                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
+| kyuubi.frontend.thrift.http.cookie.domain              | &lt;undefined&gt;  | Domain for the Kyuubi generated cookies                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.6.0 |
+| kyuubi.frontend.thrift.http.cookie.is.httponly         | true               | HttpOnly attribute of the Kyuubi generated cookie.                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | boolean  | 1.6.0 |
+| kyuubi.frontend.thrift.http.cookie.max.age             | 86400              | Maximum age in seconds for server side cookie used by Kyuubi in HTTP mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.6.0 |
+| kyuubi.frontend.thrift.http.cookie.path                | &lt;undefined&gt;  | Path for the Kyuubi generated cookies                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
+| kyuubi.frontend.thrift.http.max.idle.time              | PT30M              | Maximum idle time for a connection on the server when in HTTP mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                         | duration | 1.6.0 |
+| kyuubi.frontend.thrift.http.path                       | cliservice         | Path component of URL endpoint when in HTTP mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
+| kyuubi.frontend.thrift.http.request.header.size        | 6144               | Request header size in bytes, when using HTTP transport mode. Jetty defaults used.                                                                                                                                                                                                                                                                                                                                                                                                                                          | int      | 1.6.0 |
+| kyuubi.frontend.thrift.http.response.header.size       | 6144               | Response header size in bytes, when using HTTP transport mode. Jetty defaults used.                                                                                                                                                                                                                                                                                                                                                                                                                                         | int      | 1.6.0 |
+| kyuubi.frontend.thrift.http.ssl.exclude.ciphersuites                       || A comma-separated list of exclude SSL cipher suite names for thrift http frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                          | seq      | 1.7.0 |
+| kyuubi.frontend.thrift.http.ssl.keystore.password      | &lt;undefined&gt;  | SSL certificate keystore password.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
+| kyuubi.frontend.thrift.http.ssl.keystore.path          | &lt;undefined&gt;  | SSL certificate keystore location.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
+| kyuubi.frontend.thrift.http.ssl.protocol.blacklist     | SSLv2,SSLv3        | SSL Versions to disable when using HTTP transport mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | seq      | 1.6.0 |
+| kyuubi.frontend.thrift.http.use.SSL                    | false              | Set this to true for using SSL encryption in http mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
+| kyuubi.frontend.thrift.http.xsrf.filter.enabled        | false              | If enabled, Kyuubi will block any requests made to it over HTTP if an X-XSRF-HEADER header is not present                                                                                                                                                                                                                                                                                                                                                                                                                   | boolean  | 1.6.0 |
+| kyuubi.frontend.thrift.login.timeout                   | PT20S              | Timeout for Thrift clients during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.4.0 |
+| kyuubi.frontend.thrift.max.message.size                | 104857600          | Maximum message size in bytes a Kyuubi server will accept.                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.4.0 |
+| kyuubi.frontend.thrift.max.worker.threads              | 999                | Maximum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.4.0 |
+| kyuubi.frontend.thrift.min.worker.threads              | 9                  | Minimum number of threads in the frontend worker thread pool for the thrift frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.4.0 |
+| kyuubi.frontend.thrift.worker.keepalive.time           | PT1M               | Keep-alive time (in milliseconds) for an idle worker thread                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | duration | 1.4.0 |
+| kyuubi.frontend.trino.bind.host                        | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the TRINO frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.7.0 |
+| kyuubi.frontend.trino.bind.port                        | 10999              | Port of the machine on which to run the TRINO frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.7.0 |
+| kyuubi.frontend.trino.max.worker.threads               | 999                | Maximum number of threads in the frontend worker thread pool for the Trino frontend service                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.7.0 |
+| kyuubi.frontend.worker.keepalive.time                  | PT1M               | (deprecated) Keep-alive time (in milliseconds) for an idle worker thread                                                                                                                                                                                                                                                                                                                                                                                                                                                    | duration | 1.0.0 |
 
 ### Ha
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 70479ce30..bd8fdaa2a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -391,7 +391,9 @@ object KyuubiConf {
       .checkValue(
         _.forall(FrontendProtocols.values.map(_.toString).contains),
         s"the frontend protocol should be one or more of ${FrontendProtocols.values.mkString(",")}")
-      .createWithDefault(Seq(FrontendProtocols.THRIFT_BINARY.toString))
+      .createWithDefault(Seq(
+        FrontendProtocols.THRIFT_BINARY.toString,
+        FrontendProtocols.REST.toString))
 
   val FRONTEND_BIND_HOST: OptionalConfigEntry[String] = buildConf("kyuubi.frontend.bind.host")
     .doc("Hostname or IP of the machine on which to run the frontend services.")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 7019d8a6a..5a991a08a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -174,7 +174,6 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
         server.start()
         recoverBatchSessions()
         isStarted.set(true)
-        info(s"$getName has started at ${server.getServerUri}")
         startBatchChecker()
         startInternal()
       } catch {
@@ -182,6 +181,7 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
       }
     }
     super.start()
+    info(s"Exposing REST endpoint at: http://${server.getServerUri}")
   }
 
   override def stop(): Unit = synchronized {

From 8289523e37d4001a82250ca9c9dd501ddda2f2fe Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Thu, 9 Mar 2023 12:07:59 +0800
Subject: [PATCH 154/760] [KYUUBI #4484] [K8S][HELM] Set specific Kyuubi
 version to the chart appVersion

### _Why are the changes needed?_
The change is needed to use stable released version of Kyuubi instead of night/dev builds by default.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4484 from dnskr/helm_set_specific_release_version.

Closes #4484

4c979c6eb [dnskr] [K8S][HELM] Set specific Kyuubi version to the chart appVersion

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/kyuubi/Chart.yaml b/charts/kyuubi/Chart.yaml
index 6b377ecc5..0abec9e5e 100644
--- a/charts/kyuubi/Chart.yaml
+++ b/charts/kyuubi/Chart.yaml
@@ -20,7 +20,7 @@ name: kyuubi
 description: A Helm chart for Kyuubi server
 type: application
 version: 0.1.0
-appVersion: "master-snapshot"
+appVersion: 1.7.0
 home: https://kyuubi.apache.org
 icon: https://raw.githubusercontent.com/apache/kyuubi/master/docs/imgs/logo.png
 sources:

From 85b2736cc38b2ad1d31900970b2531e03d1a6440 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Thu, 9 Mar 2023 13:41:31 +0800
Subject: [PATCH 155/760] [KYUUBI #4446] Fix connections blocked by Flink
 insert statements

### _Why are the changes needed?_
Flink 1.15 refactors the result fetching of insert statements and now `TableResult.await()` would block till the insert finishes. We could remove this line because the insert results are immediately available as other non-job statements.

Flink JIRA: https://issues.apache.org/jira/browse/FLINK-24461
Critical changes: https://github.com/apache/flink/pull/17441/files#diff-ec88f0e06d880b53e2f152113ab1a4240a820cbb7248815c5f9ecf9ab4fce4caR108

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4485 from link3280/KYUUBI-4446.

Closes #4446

256176c3b [Paul Lin] [KYUUBI #4446] Update comments
3cb982ca4 [Paul Lin] [KYUUBI #4446] Add comments
d4c194ee5 [Paul Lin] [KYUUBI #4446] Fix connections blocked by Flink insert statements

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/flink/operation/ExecuteStatement.scala       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index 93d013556..8ec794ffb 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -161,7 +161,8 @@ class ExecuteStatement(
       .build(executor)
     val result = executeOperation.invoke[TableResult](sessionId, operation)
     jobId = result.getJobClient.asScala.map(_.getJobID)
-    result.await()
+    // after FLINK-24461, TableResult#await() would block insert statements
+    // until the job finishes, instead of returning row affected immediately
     resultSet = ResultSet.fromTableResult(result)
   }
 

From dd9b58ae810e618ca1ea68bcb9000a4ce8adb0a3 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 9 Mar 2023 19:02:08 +0800
Subject: [PATCH 156/760] [KYUUBI #4488] [KSHC] Keep object original name
 defined in HiveBridgeHelper

### _Why are the changes needed?_

Respect Java/Scala coding conventions in KSHC (Kyuubi Spark Hive Connector).

For singleton(`object` in Scala) invoking, use `AbcUtils.method(...)` instead of `abcUtils.method(...)`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4488 from pan3793/shc-rename.

Closes #4488

ec9a80198 [Cheng Pan] nit
84d3bb413 [Cheng Pan] Keep object orignal name defined in HiveBridgeHelper

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/connector/hive/HiveTable.scala      |  4 ++--
 .../connector/hive/HiveTableCatalog.scala     |  8 +++----
 .../hive/read/FilePartitionReader.scala       |  6 ++---
 .../connector/hive/read/HiveFileIndex.scala   |  6 ++---
 .../hive/read/HivePartitionedReader.scala     |  6 ++---
 .../connector/hive/read/HiveReader.scala      |  6 ++---
 .../spark/connector/hive/read/HiveScan.scala  |  4 ++--
 .../hive/write/FileWriterFactory.scala        |  4 ++--
 .../connector/hive/write/HiveWrite.scala      |  4 ++--
 .../kyuubi/connector/HiveBridgeHelper.scala   | 23 ++++++++-----------
 10 files changed, 33 insertions(+), 38 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTable.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTable.scala
index 3d1d4f8c4..ee6d5fc23 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTable.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTable.scala
@@ -31,7 +31,7 @@ import org.apache.spark.sql.connector.catalog.TableCapability.{BATCH_READ, BATCH
 import org.apache.spark.sql.connector.expressions.Transform
 import org.apache.spark.sql.connector.read.ScanBuilder
 import org.apache.spark.sql.connector.write.{LogicalWriteInfo, WriteBuilder}
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{logicalExpressions, BucketSpecHelper}
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{BucketSpecHelper, LogicalExpressions}
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
@@ -68,7 +68,7 @@ case class HiveTable(
   override def partitioning: Array[Transform] = {
     val partitions = new mutable.ArrayBuffer[Transform]()
     catalogTable.partitionColumnNames.foreach { col =>
-      partitions += logicalExpressions.identity(logicalExpressions.reference(Seq(col)))
+      partitions += LogicalExpressions.identity(LogicalExpressions.reference(Seq(col)))
     }
     catalogTable.bucketSpec.foreach { spec =>
       partitions += spec.asTransform
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index 4d0f48e57..c4d71dbba 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -38,7 +38,7 @@ import org.apache.spark.sql.connector.catalog.NamespaceChange.RemoveProperty
 import org.apache.spark.sql.connector.expressions.Transform
 import org.apache.spark.sql.execution.datasources.DataSource
 import org.apache.spark.sql.hive.HiveUDFExpressionBuilder
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{catalogV2Util, postExternalCatalogEvent, HiveMetastoreCatalog, HiveSessionCatalog}
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper._
 import org.apache.spark.sql.internal.StaticSQLConf.CATALOG_IMPLEMENTATION
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
@@ -198,8 +198,8 @@ class HiveTableCatalog(sparkSession: SparkSession)
           throw new NoSuchTableException(ident)
       }
 
-    val properties = catalogV2Util.applyPropertiesChanges(catalogTable.properties, changes)
-    val schema = catalogV2Util.applySchemaChanges(
+    val properties = CatalogV2Util.applyPropertiesChanges(catalogTable.properties, changes)
+    val schema = CatalogV2Util.applySchemaChanges(
       catalogTable.schema,
       changes)
     val comment = properties.get(TableCatalog.PROP_COMMENT)
@@ -319,7 +319,7 @@ class HiveTableCatalog(sparkSession: SparkSession)
 
         val metadata = catalog.getDatabaseMetadata(db).toMetadata
         catalog.alterDatabase(
-          toCatalogDatabase(db, catalogV2Util.applyNamespaceChanges(metadata, changes)))
+          toCatalogDatabase(db, CatalogV2Util.applyNamespaceChanges(metadata, changes)))
 
       case _ =>
         throw new NoSuchNamespaceException(namespace)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
index dc1fad27e..d0cd680d4 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
@@ -23,7 +23,7 @@ import org.apache.parquet.io.ParquetDecodingException
 import org.apache.spark.internal.Logging
 import org.apache.spark.sql.connector.read.PartitionReader
 import org.apache.spark.sql.execution.datasources.SchemaColumnConvertNotSupportedException
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.inputFileBlockHolder
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.InputFileBlockHolder
 import org.apache.spark.sql.internal.SQLConf
 
 // scalastyle:off line.size.limit
@@ -90,7 +90,7 @@ class FilePartitionReader[T](readers: Iterator[HivePartitionedFileReader[T]])
     if (currentReader != null) {
       currentReader.close()
     }
-    inputFileBlockHolder.unset()
+    InputFileBlockHolder.unset()
   }
 
   private def getNextReader(): HivePartitionedFileReader[T] = {
@@ -98,7 +98,7 @@ class FilePartitionReader[T](readers: Iterator[HivePartitionedFileReader[T]])
     logInfo(s"Reading file $reader")
     // Sets InputFileBlockHolder for the file block's information
     val file = reader.file
-    inputFileBlockHolder.set(file.filePath, file.start, file.length)
+    InputFileBlockHolder.set(file.filePath, file.start, file.length)
     reader
   }
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
index 768d7ccea..82199e6f2 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
@@ -29,7 +29,7 @@ import org.apache.spark.sql.catalyst.catalog.{CatalogTable, CatalogTablePartitio
 import org.apache.spark.sql.catalyst.expressions.{AttributeReference, BoundReference, Expression, Predicate}
 import org.apache.spark.sql.connector.catalog.CatalogPlugin
 import org.apache.spark.sql.execution.datasources._
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.hiveClientImpl
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.HiveClientImpl
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.spark.connector.hive.{HiveTableCatalog, KyuubiHiveConnectorException}
@@ -50,7 +50,7 @@ class HiveCatalogFileIndex(
 
   private val fileStatusCache = FileStatusCache.getOrCreate(sparkSession)
 
-  private lazy val hiveTable: Table = hiveClientImpl.toHiveTable(table)
+  private lazy val hiveTable: Table = HiveClientImpl.toHiveTable(table)
 
   private val baseLocation: Option[URI] = table.storage.locationUri
 
@@ -111,7 +111,7 @@ class HiveCatalogFileIndex(
   }
 
   private def buildBindPartition(partition: CatalogTablePartition): BindPartition =
-    BindPartition(partition, hiveClientImpl.toHivePartition(partition, hiveTable))
+    BindPartition(partition, HiveClientImpl.toHivePartition(partition, hiveTable))
 
   override def partitionSpec(): PartitionSpec = {
     throw notSupportOperator("partitionSpec")
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
index 8270679c2..4c1690524 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
@@ -33,7 +33,7 @@ import org.apache.spark.sql.catalyst.expressions.{Attribute, SpecificInternalRow
 import org.apache.spark.sql.catalyst.util.DateTimeUtils
 import org.apache.spark.sql.connector.read.PartitionReader
 import org.apache.spark.sql.execution.datasources.PartitionedFile
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hadoopTableReader, hiveShim}
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{HadoopTableReader, HiveShim}
 import org.apache.spark.unsafe.types.UTF8String
 import org.apache.spark.util.SerializableConfiguration
 
@@ -108,7 +108,7 @@ case class HivePartitionedReader(
           row.update(ordinal, UTF8String.fromString(oi.getPrimitiveJavaObject(value).getValue))
       case oi: HiveDecimalObjectInspector =>
         (value: Any, row: InternalRow, ordinal: Int) =>
-          row.update(ordinal, hiveShim.toCatalystDecimal(oi, value))
+          row.update(ordinal, HiveShim.toCatalystDecimal(oi, value))
       case oi: TimestampObjectInspector =>
         (value: Any, row: InternalRow, ordinal: Int) =>
           row.setLong(ordinal, DateTimeUtils.fromJavaTimestamp(oi.getPrimitiveJavaObject(value)))
@@ -120,7 +120,7 @@ case class HivePartitionedReader(
           row.update(ordinal, oi.getPrimitiveJavaObject(value))
       case oi =>
         logDebug("HiveInspector class: " + oi.getClass.getName + ", charset: " + charset)
-        val unwrapper = hadoopTableReader.unwrapperFor(oi)
+        val unwrapper = HadoopTableReader.unwrapperFor(oi)
         (value: Any, row: InternalRow, ordinal: Int) => row(ordinal) = unwrapper(value)
     }
   }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala
index 995c7e722..54f6e80c0 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala
@@ -30,7 +30,7 @@ import org.apache.hadoop.io.Writable
 import org.apache.hadoop.mapred.{InputFormat, JobConf}
 import org.apache.hadoop.util.ReflectionUtils
 import org.apache.spark.sql.catalyst.expressions.AttributeReference
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hiveShim, hiveTableUtil}
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{HiveShim, HiveTableUtil}
 import org.apache.spark.sql.types.StructType
 
 object HiveReader {
@@ -46,7 +46,7 @@ object HiveReader {
     addColumnMetadataToConf(tableDesc, hiveConf, dataSchema, readDataSchema)
     // Copy hive table properties to hiveConf. For example,
     // initial job conf to read files with specified format
-    hiveTableUtil.configureJobPropertiesForStorageHandler(tableDesc, hiveConf, false)
+    HiveTableUtil.configureJobPropertiesForStorageHandler(tableDesc, hiveConf, false)
   }
 
   private def addColumnMetadataToConf(
@@ -60,7 +60,7 @@ object HiveReader {
     val neededColumnIDs =
       readDataSchema.map(field => Integer.valueOf(dataSchema.fields.indexOf(field)))
 
-    hiveShim.appendReadColumns(hiveConf, neededColumnIDs, neededColumnNames)
+    HiveShim.appendReadColumns(hiveConf, neededColumnIDs, neededColumnNames)
 
     val deserializer = tableDesc.getDeserializerClass.newInstance
     deserializer.initialize(hiveConf, tableDesc.getProperties)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
index b52a69222..64fcf23f8 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
@@ -32,7 +32,7 @@ import org.apache.spark.sql.connector.read.PartitionReaderFactory
 import org.apache.spark.sql.execution.PartitionedFileUtil
 import org.apache.spark.sql.execution.datasources.{FilePartition, PartitionedFile}
 import org.apache.spark.sql.execution.datasources.v2.FileScan
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.hiveClientImpl
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.HiveClientImpl
 import org.apache.spark.sql.sources.Filter
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.util.SerializableConfiguration
@@ -58,7 +58,7 @@ case class HiveScan(
     val hiveConf = sparkSession.sessionState.newHadoopConf()
     addCatalogTableConfToConf(hiveConf, catalogTable)
 
-    val table = hiveClientImpl.toHiveTable(catalogTable)
+    val table = HiveClientImpl.toHiveTable(catalogTable)
     HiveReader.initializeHiveConf(table, hiveConf, dataSchema, readDataSchema)
     val broadcastHiveConf =
       sparkSession.sparkContext.broadcast(new SerializableConfiguration(hiveConf))
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
index 3b86d43c7..a58565d9d 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/FileWriterFactory.scala
@@ -26,7 +26,7 @@ import org.apache.spark.internal.io.FileCommitProtocol
 import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.connector.write.{DataWriter, DataWriterFactory}
 import org.apache.spark.sql.execution.datasources.{DynamicPartitionDataSingleWriter, SingleDirectoryDataWriter, WriteJobDescription}
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.sparkHadoopWriterUtils
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.SparkHadoopWriterUtils
 
 /**
  * This class is rewritten because of SPARK-42478, which affects Spark 3.3.2
@@ -39,7 +39,7 @@ case class FileWriterFactory(
   // expected by Hadoop committers, but `JobId` cannot be serialized.
   // thus, persist the serializable jobTrackerID in the class and make jobId a
   // transient lazy val which recreates it each time to ensure jobId is unique.
-  private[this] val jobTrackerID = sparkHadoopWriterUtils.createJobTrackerID(new Date)
+  private[this] val jobTrackerID = SparkHadoopWriterUtils.createJobTrackerID(new Date)
   @transient private lazy val jobId = createJobID(jobTrackerID, 0)
 
   override def createWriter(partitionId: Int, realTaskId: Long): DataWriter[InternalRow] = {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
index 2d72327b4..62db1fa0a 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
@@ -38,7 +38,7 @@ import org.apache.spark.sql.execution.datasources.{BasicWriteJobStatsTracker, Wr
 import org.apache.spark.sql.execution.datasources.v2.FileBatchWrite
 import org.apache.spark.sql.execution.metric.SQLMetric
 import org.apache.spark.sql.hive.execution.{HiveFileFormat, HiveOptions}
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hiveClientImpl, FileSinkDesc, StructTypeHelper}
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{FileSinkDesc, HiveClientImpl, StructTypeHelper}
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.util.SerializableConfiguration
 
@@ -56,7 +56,7 @@ case class HiveWrite(
 
   private val options = info.options()
 
-  private val hiveTable = hiveClientImpl.toHiveTable(table)
+  private val hiveTable = HiveClientImpl.toHiveTable(table)
 
   private val hadoopConf = hiveTableCatalog.hadoopConfiguration()
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
index 1a11790d8..ce1e445fc 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
@@ -20,16 +20,11 @@ package org.apache.spark.sql.hive.kyuubi.connector
 import scala.collection.mutable
 
 import org.apache.spark.SparkContext
-import org.apache.spark.internal.io.SparkHadoopWriterUtils
-import org.apache.spark.rdd.InputFileBlockHolder
 import org.apache.spark.sql.catalyst.catalog.{BucketSpec, ExternalCatalogEvent}
 import org.apache.spark.sql.catalyst.expressions.{AttributeReference, Literal}
 import org.apache.spark.sql.catalyst.util.quoteIfNeeded
-import org.apache.spark.sql.connector.catalog.CatalogV2Util
-import org.apache.spark.sql.connector.expressions.{BucketTransform, FieldReference, IdentityTransform, LogicalExpressions, Transform}
+import org.apache.spark.sql.connector.expressions.{BucketTransform, FieldReference, IdentityTransform, Transform}
 import org.apache.spark.sql.connector.expressions.LogicalExpressions.{bucket, reference}
-import org.apache.spark.sql.hive.{HadoopTableReader, HiveShim, HiveTableUtil}
-import org.apache.spark.sql.hive.client.HiveClientImpl
 import org.apache.spark.sql.types.{DataType, DoubleType, FloatType, StructType}
 
 object HiveBridgeHelper {
@@ -42,14 +37,14 @@ object HiveBridgeHelper {
   type InsertIntoHiveTable = org.apache.spark.sql.hive.execution.InsertIntoHiveTable
 
   val hive = org.apache.spark.sql.hive.client.hive
-  val logicalExpressions: LogicalExpressions.type = LogicalExpressions
-  val hiveClientImpl: HiveClientImpl.type = HiveClientImpl
-  val sparkHadoopWriterUtils: SparkHadoopWriterUtils.type = SparkHadoopWriterUtils
-  val catalogV2Util: CatalogV2Util.type = CatalogV2Util
-  val hiveTableUtil: HiveTableUtil.type = HiveTableUtil
-  val hiveShim: HiveShim.type = HiveShim
-  val inputFileBlockHolder: InputFileBlockHolder.type = InputFileBlockHolder
-  val hadoopTableReader: HadoopTableReader.type = HadoopTableReader
+  val LogicalExpressions = org.apache.spark.sql.connector.expressions.LogicalExpressions
+  val HiveClientImpl = org.apache.spark.sql.hive.client.HiveClientImpl
+  val SparkHadoopWriterUtils = org.apache.spark.internal.io.SparkHadoopWriterUtils
+  val CatalogV2Util = org.apache.spark.sql.connector.catalog.CatalogV2Util
+  val HiveTableUtil = org.apache.spark.sql.hive.HiveTableUtil
+  val HiveShim = org.apache.spark.sql.hive.HiveShim
+  val InputFileBlockHolder = org.apache.spark.rdd.InputFileBlockHolder
+  val HadoopTableReader = org.apache.spark.sql.hive.HadoopTableReader
 
   def postExternalCatalogEvent(sc: SparkContext, event: ExternalCatalogEvent): Unit = {
     sc.listenerBus.post(event)

From 4d630c30dac3c3cfba52c0ed59c01f2714ad5920 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Thu, 9 Mar 2023 19:34:54 +0800
Subject: [PATCH 157/760] [KYUUBI #4472] add session/operation methods in
 AdminRestApi

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4476 from lightning-L/kyuubi-4472.

Closes #4472

329b40c81 [Tianlin Liao] minor fix
72eaa05de [Tianlin Liao] [KYUUBI #4472] add session/operation methods in AdminRestApi

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/client/AdminRestApi.java    | 27 ++++++++
 .../rest/client/AdminRestApiSuite.scala       | 62 +++++++++++++++++++
 2 files changed, 89 insertions(+)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index b8bfe7ee1..c81af593a 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -22,6 +22,8 @@
 import java.util.List;
 import java.util.Map;
 import org.apache.kyuubi.client.api.v1.dto.Engine;
+import org.apache.kyuubi.client.api.v1.dto.OperationData;
+import org.apache.kyuubi.client.api.v1.dto.SessionData;
 
 public class AdminRestApi {
   private KyuubiRestClient client;
@@ -72,6 +74,31 @@ public List<Engine> listEngines(
     return Arrays.asList(result);
   }
 
+  public List<SessionData> listSessions() {
+    SessionData[] result =
+        this.getClient()
+            .get(API_BASE_PATH + "/sessions", null, SessionData[].class, client.getAuthHeader());
+    return Arrays.asList(result);
+  }
+
+  public String closeSession(String sessionHandleStr) {
+    String url = String.format("%s/sessions/%s", API_BASE_PATH, sessionHandleStr);
+    return this.getClient().delete(url, null, client.getAuthHeader());
+  }
+
+  public List<OperationData> listOperations() {
+    OperationData[] result =
+        this.getClient()
+            .get(
+                API_BASE_PATH + "/operations", null, OperationData[].class, client.getAuthHeader());
+    return Arrays.asList(result);
+  }
+
+  public String closeOperation(String operationHandleStr) {
+    String url = String.format("%s/operations/%s", API_BASE_PATH, operationHandleStr);
+    return this.getClient().delete(url, null, client.getAuthHeader());
+  }
+
   private IRestClient getClient() {
     return this.client.getHttpClient();
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
index ab1a10202..5165573ed 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
@@ -21,6 +21,8 @@ import java.util.UUID
 
 import scala.collection.JavaConverters.asScalaBufferConverter
 
+import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V2
+
 import org.apache.kyuubi.{KYUUBI_VERSION, RestClientTestHelper}
 import org.apache.kyuubi.client.{AdminRestApi, KyuubiRestClient}
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
@@ -84,4 +86,64 @@ class AdminRestApiSuite extends RestClientTestHelper {
     engines = adminRestApi.listEngines("spark_sql", "user", "default", "").asScala
     assert(engines.size == 0)
   }
+
+  test("list/close session") {
+    fe.be.sessionManager.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    val spnegoKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.SPNEGO)
+        .spnegoHost("localhost")
+        .build()
+    val adminRestApi = new AdminRestApi(spnegoKyuubiRestClient)
+
+    // list sessions
+    var sessions = adminRestApi.listSessions().asScala
+    assert(sessions.nonEmpty)
+    assert(sessions.head.getUser == "admin")
+
+    // close session
+    val response = adminRestApi.closeSession(sessions.head.getIdentifier)
+    assert(response.contains("success"))
+
+    // list again
+    sessions = adminRestApi.listSessions().asScala
+    assert(sessions.isEmpty)
+  }
+
+  test("list/close operation") {
+    val sessionHandle = fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+    val operation = fe.be.getCatalogs(sessionHandle)
+
+    val spnegoKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.SPNEGO)
+        .spnegoHost("localhost")
+        .build()
+    val adminRestApi = new AdminRestApi(spnegoKyuubiRestClient)
+
+    // list operations
+    var operations = adminRestApi.listOperations().asScala
+    assert(operations.nonEmpty)
+    assert(operations.map(op => op.getIdentifier).contains(operation.identifier.toString))
+
+    // close operation
+    val response = adminRestApi.closeOperation(operation.identifier.toString)
+    assert(response.contains("success"))
+
+    // list again
+    operations = adminRestApi.listOperations().asScala
+    assert(!operations.map(op => op.getIdentifier).contains(operation.identifier.toString))
+
+  }
 }

From 61a6096043821a2da61363e173090cabfecb58a1 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 10 Mar 2023 11:05:32 +0800
Subject: [PATCH 158/760] [KYUUBI #4489] [REST] Fix missing
 `org.apache.commons.logging` by including `jcl-over-slf4j` dependency in REST
 client

### _Why are the changes needed?_

- To fix missing package `org.apache.commons.logging` used by  `org.apache.httpcomponents:httpclient`in `kyuubi-rest-client`

![image](https://user-images.githubusercontent.com/1935105/224203940-246db855-0ffa-469e-8a67-58143e6e99e3.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4489 from bowenliang123/httpclient-commonlogging.

Closes #4489

ccaff9b62 [liangbowen] Include `jcl-over-slf4j` dependency
740e56158 [liangbowen] Revert "skip excluding commons-logging in rest-client"
4d9ad5dcf [liangbowen] skip excluding commons-logging in rest-client

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 kyuubi-rest-client/pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kyuubi-rest-client/pom.xml b/kyuubi-rest-client/pom.xml
index 6ba88e8dc..a9ceb9bb3 100644
--- a/kyuubi-rest-client/pom.xml
+++ b/kyuubi-rest-client/pom.xml
@@ -82,6 +82,11 @@
             <artifactId>slf4j-api</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-slf4j-impl</artifactId>

From 454aed67d743692d6ebd84012cf59462b92f259d Mon Sep 17 00:00:00 2001
From: Alex <zoulimin@kanzhun.com>
Date: Fri, 10 Mar 2023 09:16:21 +0000
Subject: [PATCH 159/760] [KYUUBI #4491] Fix Trino typo

### _Why are the changes needed?_
fix trino typos

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4491 from Kiss736921/fix_trino_typos.

Closes #4491

73eb20f3a [Alex] fix trino typos

Authored-by: Alex <zoulimin@kanzhun.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index e81240a96..a7f2e8178 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -157,7 +157,7 @@ class KyuubiServer(name: String) extends Serverable(name) {
         warn("MYSQL frontend protocol is experimental.")
         new KyuubiMySQLFrontendService(this)
       case TRINO =>
-        warn("Trio frontend protocol is experimental.")
+        warn("Trino frontend protocol is experimental.")
         new KyuubiTrinoFrontendService(this)
       case other =>
         throw new UnsupportedOperationException(s"Frontend protocol $other is not supported yet.")

From 1bef628ab365e035a6baaf5c3d66f6efdece7e06 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Fri, 10 Mar 2023 23:04:04 +0800
Subject: [PATCH 160/760] [KYUUBI #4493] [AUTHZ][TEST] Enable Tests for Spark
 3.1 with iceberg tables

### _Why are the changes needed?_

Enable Tests for Spark 3.1 with iceberg tables

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4493 from yaooqinn/it.

Closes #4493

b40e9de05 [Kent Yao] [AUTHZ][TEST] Enable Tests for Spark 3.1 with iceberg tables
29a94addd [Kent Yao] [AUTHZ][TEST] Enable Tests for Spark 3.1 with iceberg tables

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 ...IcebergCatalogPrivilegesBuilderSuite.scala |  6 +++---
 ...bergCatalogRangerSparkExtensionSuite.scala | 21 ++++++++-----------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index d89d0696f..813970389 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -26,7 +26,7 @@ import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
 class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val catalogImpl: String = "hive"
   override protected val sqlExtensions: String =
-    if (isSparkV32OrGreater) {
+    if (isSparkV31OrGreater) {
       "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions"
     } else ""
   override protected def format = "iceberg"
@@ -38,7 +38,7 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val supportsPartitionManagement = false
 
   override def beforeAll(): Unit = {
-    if (isSparkV32OrGreater) {
+    if (isSparkV31OrGreater) {
       spark.conf.set(
         s"spark.sql.catalog.$catalogV2",
         "org.apache.iceberg.spark.SparkCatalog")
@@ -51,7 +51,7 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV32OrGreater)
+    assume(isSparkV31OrGreater)
     test()
   }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index 909c26d36..6b1cedf78 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 // scalastyle:off
 import scala.util.Try
 
+import org.scalatest.Outcome
+
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 
@@ -29,7 +31,7 @@ import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   override protected val catalogImpl: String = "hive"
   override protected val sqlExtensions: String =
-    if (isSparkV32OrGreater)
+    if (isSparkV31OrGreater)
       "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions"
     else ""
 
@@ -38,8 +40,13 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   val table1 = "table1"
   val outputTable1 = "outputTable1"
 
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSparkV31OrGreater)
+    test()
+  }
+
   override def beforeAll(): Unit = {
-    if (isSparkV32OrGreater) {
+    if (isSparkV31OrGreater) {
       spark.conf.set(
         s"spark.sql.catalog.$catalogV2",
         "org.apache.iceberg.spark.SparkCatalog")
@@ -74,8 +81,6 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   }
 
   test("[KYUUBI #3515] MERGE INTO") {
-    assume(isSparkV32OrGreater)
-
     val mergeIntoSql =
       s"""
          |MERGE INTO $catalogV2.$namespace1.$outputTable1 AS target
@@ -115,8 +120,6 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   }
 
   test("[KYUUBI #3515] UPDATE TABLE") {
-    assume(isSparkV32OrGreater)
-
     // UpdateTable
     val e1 = intercept[AccessControlException](
       doAs(
@@ -133,8 +136,6 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   }
 
   test("[KYUUBI #3515] DELETE FROM TABLE") {
-    assume(isSparkV32OrGreater)
-
     // DeleteFromTable
     val e6 = intercept[AccessControlException](
       doAs("someone", sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2")))
@@ -145,8 +146,6 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   }
 
   test("[KYUUBI #3666] Support {OWNER} variable for queries run on CatalogV2") {
-    assume(isSparkV32OrGreater)
-
     val table = "owner_variable"
     val select = s"SELECT key FROM $catalogV2.$namespace1.$table"
 
@@ -224,11 +223,9 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   }
 
   test("[KYUUBI #4255] DESCRIBE TABLE") {
-    assume(isSparkV32OrGreater)
     val e1 = intercept[AccessControlException](
       doAs("someone", sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1]"))
   }
-
 }

From f420238f4f171bab9a04860c5cf7f6b2181621ec Mon Sep 17 00:00:00 2001
From: miaowang <miaowang@gaojihealth.com>
Date: Sat, 11 Mar 2023 00:19:04 +0800
Subject: [PATCH 161/760] [KYUUBI #4494] `bin/kyuubi` should use `exec` to run
 Kyuubi server

### _Why are the changes needed?_

The difference between w/ and w/o `exec` in shell script

https://www.baeldung.com/linux/exec-command-in-shell-script

> When using exec, however, the command following exec replaces the current shell. This means no subshell is created and the current process is replaced with this new command.

We must do this change to make `bin/kyuubi` suitable for Cloudera Manager.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4494 from wangmiao1002/master.

Closes #4494

ed9320447 [miaowang] Modify script run_kyuubi mode

Authored-by: miaowang <miaowang@gaojihealth.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 bin/kyuubi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/kyuubi b/bin/kyuubi
index 9bcca2c46..9132aae39 100755
--- a/bin/kyuubi
+++ b/bin/kyuubi
@@ -155,7 +155,7 @@ function start_kyuubi() {
 
 function run_kyuubi() {
   echo "Starting $CLASS"
-  nice -n "${KYUUBI_NICENESS:-0}" ${cmd}
+  exec nice -n "${KYUUBI_NICENESS:-0}" ${cmd}
 }
 
 function stop_kyuubi() {

From 316c9fd537f0482e81a3b7e44893509ee7ff1ebd Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 14 Mar 2023 14:01:49 +0800
Subject: [PATCH 162/760] [KYUUBI #4506] Return sessionType in session data

### _Why are the changes needed?_

As title.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4506 from turboFei/session_data_type.

Closes #4506

9617ee68c [fwang12] Session type

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/client/api/v1/dto/SessionData.java       | 13 ++++++++++++-
 .../org/apache/kyuubi/server/api/ApiUtils.scala     |  3 ++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
index 233fee721..97da4d942 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
@@ -32,6 +32,7 @@ public class SessionData {
   private Long duration;
   private Long idleTime;
   private String exception;
+  private String sessionType;
 
   public SessionData() {}
 
@@ -43,7 +44,8 @@ public SessionData(
       Long createTime,
       Long duration,
       Long idleTime,
-      String exception) {
+      String exception,
+      String sessionType) {
     this.identifier = identifier;
     this.user = user;
     this.ipAddr = ipAddr;
@@ -52,6 +54,7 @@ public SessionData(
     this.duration = duration;
     this.idleTime = idleTime;
     this.exception = exception;
+    this.sessionType = sessionType;
   }
 
   public String getIdentifier() {
@@ -121,6 +124,14 @@ public void setException(String exception) {
     this.exception = exception;
   }
 
+  public String getSessionType() {
+    return sessionType;
+  }
+
+  public void setSessionType(String sessionType) {
+    this.sessionType = sessionType;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
index dbdd34ead..7a0582613 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -36,7 +36,8 @@ object ApiUtils {
       session.createTime,
       session.lastAccessTime - session.createTime,
       session.getNoOperationTime,
-      session.getSessionEvent.flatMap(_.exception).map(Utils.prettyPrint).getOrElse(""))
+      session.getSessionEvent.flatMap(_.exception).map(Utils.prettyPrint).getOrElse(""),
+      session.sessionType.toString)
   }
 
   def operationData(operation: KyuubiOperation): OperationData = {

From 5c93a8c1995aa03a2fac00e372293c5f15ee6435 Mon Sep 17 00:00:00 2001
From: minyk <minykreva@gmail.com>
Date: Tue, 14 Mar 2023 14:06:53 +0800
Subject: [PATCH 163/760] [KYUUBI #4496] Call `super.clusterManager()` when
 `batchConf` does not have `spark.master`

### _Why are the changes needed?_

`defaultMaster` finds `spark.master` config from the `spark-defaults.conf` file directly, so it bypasses spark configurations from the `kyuubi-defaults.conf`.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4505 from minyk/kyuubi-4496.

Closes #4496

7bfc6f844 [minyk] call super.clusterManager() instead of defaultMaster

Authored-by: minyk <minykreva@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
index 98f9ea5a3..4c0365841 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
@@ -77,6 +77,6 @@ class SparkBatchProcessBuilder(
   override protected def module: String = "kyuubi-spark-batch-submit"
 
   override def clusterManager(): Option[String] = {
-    batchConf.get(MASTER_KEY).orElse(defaultMaster)
+    batchConf.get(MASTER_KEY).orElse(super.clusterManager())
   }
 }

From d626c9fbd83c9a3e41b72cf6fe0e786aafa31172 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 14 Mar 2023 14:12:16 +0800
Subject: [PATCH 164/760] [KYUUBI #4501] Allow administrator to specify the
 user for engine admin

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4501 from turboFei/engine_admin.

Closes #4501

82a0b9687 [fwang12] get username

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/server/api/v1/AdminResource.scala  | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 4418bc8d6..e5401ca41 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -196,7 +196,11 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       @QueryParam("sharelevel") shareLevel: String,
       @QueryParam("subdomain") subdomain: String,
       @QueryParam("hive.server2.proxy.user") hs2ProxyUser: String): Response = {
-    val userName = fe.getSessionUser(hs2ProxyUser)
+    val userName = if (isAdministrator(fe.getRealUser())) {
+      Option(hs2ProxyUser).getOrElse(fe.getRealUser())
+    } else {
+      fe.getSessionUser(hs2ProxyUser)
+    }
     val engine = getEngine(userName, engineType, shareLevel, subdomain, "default")
     val engineSpace = getEngineSpace(engine)
 
@@ -230,7 +234,11 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       @QueryParam("sharelevel") shareLevel: String,
       @QueryParam("subdomain") subdomain: String,
       @QueryParam("hive.server2.proxy.user") hs2ProxyUser: String): Seq[Engine] = {
-    val userName = fe.getSessionUser(hs2ProxyUser)
+    val userName = if (isAdministrator(fe.getRealUser())) {
+      Option(hs2ProxyUser).getOrElse(fe.getRealUser())
+    } else {
+      fe.getSessionUser(hs2ProxyUser)
+    }
     val engine = getEngine(userName, engineType, shareLevel, subdomain, "")
     val engineSpace = getEngineSpace(engine)
 

From 8267108e7f4ff282aa0f56639a81a1bdf992ff6d Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Tue, 14 Mar 2023 14:21:17 +0800
Subject: [PATCH 165/760] [KYUUBI #4497] [TEST] Add RowFilteringTestBase to
 improve the test coverage

### _Why are the changes needed?_

Add RowFilteringTestBase to improve the test coverage

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4497 from yaooqinn/rf.

Closes #4497

4d1834b71 [Kent Yao] [TEST] Add RowFilteringTestBase to improve the test coverage
f661fc902 [Kent Yao] [TEST] Add RowFilteringTestBase to improve the test coverage

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/authz/SparkSessionProvider.scala    |   7 +-
 .../ranger/RangerSparkExtensionSuite.scala    |  79 +-----------
 .../datamasking/DataMaskingTestBase.scala     |   8 +-
 .../RowFilteringForHiveHiveParquetSuite.scala |  23 ++++
 .../RowFilteringForHiveParquetSuite.scala     |  23 ++++
 .../RowFilteringForIcebergSuite.scala         |  63 +++++++++
 .../RowFilteringForInMemoryParquetSuite.scala |  24 ++++
 .../RowFilteringForJDBCV2Suite.scala          |  66 ++++++++++
 .../rowfiltering/RowFilteringTestBase.scala   | 121 ++++++++++++++++++
 9 files changed, 329 insertions(+), 85 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveHiveParquetSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveParquetSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForInMemoryParquetSuite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index a1f2d7197..ce8d6bc0c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -22,7 +22,8 @@ import java.security.PrivilegedExceptionAction
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SparkConf
-import org.apache.spark.sql.{DataFrame, SparkSession, SparkSessionExtensions}
+import org.apache.spark.sql.{DataFrame, Row, SparkSession, SparkSessionExtensions}
+import org.scalatest.Assertions.convertToEqualizer
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
@@ -95,4 +96,8 @@ trait SparkSessionProvider {
     }
   }
 
+  protected def checkAnswer(user: String, query: String, result: Seq[Row]): Unit = {
+    doAs(user, assert(sql(query).collect() === result))
+  }
+
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 48f374255..9cd647cdd 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 import scala.util.Try
 
 import org.apache.hadoop.security.UserGroupInformation
-import org.apache.spark.sql.{Row, SparkSessionExtensions}
+import org.apache.spark.sql.SparkSessionExtensions
 import org.apache.spark.sql.catalyst.analysis.NoSuchTableException
 import org.apache.spark.sql.catalyst.catalog.HiveTableRelation
 import org.apache.spark.sql.catalyst.plans.logical.Statistics
@@ -218,83 +218,6 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     doAs("admin", assert(Try(sql(create0)).isSuccess))
   }
 
-  test("row level filter") {
-    val db = "default"
-    val table = "src"
-    val col = "key"
-    val create = s"CREATE TABLE IF NOT EXISTS $db.$table ($col int, value int) USING $format"
-
-    withCleanTmpResources(Seq((s"$db.${table}2", "table"), (s"$db.$table", "table"))) {
-      doAs("admin", assert(Try { sql(create) }.isSuccess))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 1, 1"))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 20, 2"))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 30, 3"))
-
-      doAs(
-        "kent",
-        assert(sql(s"SELECT key FROM $db.$table order by key").collect() ===
-          Seq(Row(1), Row(20), Row(30))))
-
-      Seq(
-        s"SELECT value FROM $db.$table",
-        s"SELECT value as key FROM $db.$table",
-        s"SELECT max(value) FROM $db.$table",
-        s"SELECT coalesce(max(value), 1) FROM $db.$table",
-        s"SELECT value FROM $db.$table WHERE value in (SELECT value as key FROM $db.$table)")
-        .foreach { q =>
-          doAs(
-            "bob", {
-              withClue(q) {
-                assert(sql(q).collect() === Seq(Row(1)))
-              }
-            })
-        }
-      doAs(
-        "bob", {
-          sql(s"CREATE TABLE $db.src2 using $format AS SELECT value FROM $db.$table")
-          assert(sql(s"SELECT value FROM $db.${table}2").collect() === Seq(Row(1)))
-        })
-    }
-  }
-
-  test("[KYUUBI #3581]: row level filter on permanent view") {
-    assume(isSparkV31OrGreater)
-
-    val db = "default"
-    val table = "src"
-    val permView = "perm_view"
-    val col = "key"
-    val create = s"CREATE TABLE IF NOT EXISTS $db.$table ($col int, value int) USING $format"
-    val createView =
-      s"CREATE OR REPLACE VIEW $db.$permView" +
-        s" AS SELECT * FROM $db.$table"
-
-    withCleanTmpResources(Seq(
-      (s"$db.$table", "table"),
-      (s"$db.$permView", "view"))) {
-      doAs("admin", assert(Try { sql(create) }.isSuccess))
-      doAs("admin", assert(Try { sql(createView) }.isSuccess))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 1, 1"))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 20, 2"))
-      doAs("admin", sql(s"INSERT INTO $db.$table SELECT 30, 3"))
-
-      Seq(
-        s"SELECT value FROM $db.$permView",
-        s"SELECT value as key FROM $db.$permView",
-        s"SELECT max(value) FROM $db.$permView",
-        s"SELECT coalesce(max(value), 1) FROM $db.$permView",
-        s"SELECT value FROM $db.$permView WHERE value in (SELECT value as key FROM $db.$permView)")
-        .foreach { q =>
-          doAs(
-            "perm_view_user", {
-              withClue(q) {
-                assert(sql(q).collect() === Seq(Row(1)))
-              }
-            })
-        }
-    }
-  }
-
   test("show tables") {
     val db = "default2"
     val table = "src"
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
index c13362617..3585397c6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -24,7 +24,7 @@ import scala.util.Try
 
 import org.apache.commons.codec.digest.DigestUtils.md5Hex
 import org.apache.spark.sql.{Row, SparkSessionExtensions}
-import org.scalatest.{Assertion, BeforeAndAfterAll}
+import org.scalatest.BeforeAndAfterAll
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
@@ -73,10 +73,6 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     super.afterAll()
   }
 
-  protected def checkAnswer(user: String, query: String, result: Seq[Row]): Assertion = {
-    doAs(user, assert(sql(query).collect() === result))
-  }
-
   test("simple query with a user doesn't have mask rules") {
     checkAnswer("kent", "SELECT key FROM default.src order by key", Seq(Row(1), Row(20), Row(30)))
   }
@@ -246,7 +242,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     checkAnswer("bob", s, Seq(Row(md5Hex("1"))))
   }
 
-  test("KYUUBI #3581: permanent view should lookup rule on itself not the   ") {
+  test("KYUUBI #3581: permanent view should lookup rule on itself not the raw table") {
     assume(isSparkV31OrGreater)
     val supported = doAs(
       "perm_view_user",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveHiveParquetSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveHiveParquetSuite.scala
new file mode 100644
index 000000000..142a2f825
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveHiveParquetSuite.scala
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfiltering
+
+class RowFilteringForHiveHiveParquetSuite extends RowFilteringTestBase {
+  override protected val catalogImpl: String = "hive"
+  override protected def format: String = "USING hive OPTIONS(fileFormat='parquet')"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveParquetSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveParquetSuite.scala
new file mode 100644
index 000000000..9727643cf
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForHiveParquetSuite.scala
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfiltering
+
+class RowFilteringForHiveParquetSuite extends RowFilteringTestBase {
+  override protected val catalogImpl: String = "hive"
+  override protected def format: String = "USING parquet"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
new file mode 100644
index 000000000..2120b1952
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfiltering
+
+import org.apache.spark.SparkConf
+import org.scalatest.Outcome
+
+import org.apache.kyuubi.Utils
+class RowFilteringForIcebergSuite extends RowFilteringTestBase {
+  override protected val extraSparkConf: SparkConf = {
+    val conf = new SparkConf()
+
+    if (isSparkV31OrGreater) {
+      conf
+        .set("spark.sql.defaultCatalog", "testcat")
+        .set(
+          "spark.sql.catalog.testcat",
+          "org.apache.iceberg.spark.SparkCatalog")
+        .set(s"spark.sql.catalog.testcat.type", "hadoop")
+        .set(
+          "spark.sql.catalog.testcat.warehouse",
+          Utils.createTempDir("iceberg-hadoop").toString)
+    }
+    conf
+
+  }
+
+  override protected val catalogImpl: String = "in-memory"
+
+  override protected def format: String = "USING iceberg"
+
+  override def beforeAll(): Unit = {
+    if (isSparkV31OrGreater) {
+      super.beforeAll()
+    }
+  }
+
+  override def afterAll(): Unit = {
+    if (isSparkV31OrGreater) {
+      super.afterAll()
+    }
+  }
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSparkV31OrGreater)
+    test()
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForInMemoryParquetSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForInMemoryParquetSuite.scala
new file mode 100644
index 000000000..9baaa2a31
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForInMemoryParquetSuite.scala
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfiltering
+
+class RowFilteringForInMemoryParquetSuite extends RowFilteringTestBase {
+
+  override protected val catalogImpl: String = "in-memory"
+  override protected def format: String = "USING parquet"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
new file mode 100644
index 000000000..cfdb7dadc
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfiltering
+
+import java.sql.DriverManager
+
+import scala.util.Try
+
+import org.apache.spark.SparkConf
+import org.scalatest.Outcome
+
+class RowFilteringForJDBCV2Suite extends RowFilteringTestBase {
+  override protected val extraSparkConf: SparkConf = {
+    val conf = new SparkConf()
+    if (isSparkV31OrGreater) {
+      conf
+        .set("spark.sql.defaultCatalog", "testcat")
+        .set(
+          "spark.sql.catalog.testcat",
+          "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+        .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
+        .set(
+          s"spark.sql.catalog.testcat.driver",
+          "org.apache.derby.jdbc.AutoloadedDriver")
+    }
+    conf
+  }
+
+  override protected val catalogImpl: String = "in-memory"
+
+  override protected def format: String = ""
+
+  override def beforeAll(): Unit = {
+    if (isSparkV31OrGreater) super.beforeAll()
+  }
+
+  override def afterAll(): Unit = {
+    if (isSparkV31OrGreater) {
+      super.afterAll()
+      // cleanup db
+      Try {
+        DriverManager.getConnection(s"jdbc:derby:memory:testcat;shutdown=true")
+      }
+    }
+  }
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSparkV31OrGreater)
+    test()
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
new file mode 100644
index 000000000..a73690724
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfiltering
+
+// scalastyle:off
+import scala.util.Try
+
+import org.apache.spark.sql.{Row, SparkSessionExtensions}
+import org.scalatest.BeforeAndAfterAll
+import org.scalatest.funsuite.AnyFunSuite
+
+import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
+import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
+
+/**
+ * Base trait for row filtering tests, derivative classes shall name themselves following:
+ *  RowFilteringFor CatalogImpl?  FileFormat? Additions? Suite
+ */
+trait RowFilteringTestBase extends AnyFunSuite with SparkSessionProvider with BeforeAndAfterAll {
+// scalastyle:on
+  override protected val extension: SparkSessionExtensions => Unit = new RangerSparkExtension
+
+  private def setup(): Unit = {
+    sql(s"CREATE TABLE IF NOT EXISTS default.src(key int, value int) $format")
+    sql("INSERT INTO default.src SELECT 1, 1")
+    sql("INSERT INTO default.src SELECT 20, 2")
+    sql("INSERT INTO default.src SELECT 30, 3")
+  }
+
+  private def cleanup(): Unit = {
+    sql("DROP TABLE IF EXISTS default.src")
+  }
+
+  override def beforeAll(): Unit = {
+    doAs("admin", setup())
+    super.beforeAll()
+  }
+  override def afterAll(): Unit = {
+    doAs("admin", cleanup())
+    spark.stop
+    super.afterAll()
+  }
+
+  test("user without row filtering rule") {
+    checkAnswer(
+      "kent",
+      "SELECT key FROM default.src order order by key",
+      Seq(Row(1), Row(20), Row(30)))
+  }
+
+  test("simple query projecting filtering column") {
+    checkAnswer("bob", "SELECT key FROM default.src", Seq(Row(1)))
+  }
+
+  test("simple query projecting non filtering column") {
+    checkAnswer("bob", "SELECT value FROM default.src", Seq(Row(1)))
+  }
+
+  test("simple query projecting non filtering column with udf max") {
+    checkAnswer("bob", "SELECT max(value) FROM default.src", Seq(Row(1)))
+  }
+
+  test("simple query projecting non filtering column with udf coalesce") {
+    checkAnswer("bob", "SELECT coalesce(max(value), 1) FROM default.src", Seq(Row(1)))
+  }
+
+  test("in subquery") {
+    checkAnswer(
+      "bob",
+      "SELECT value FROM default.src WHERE value in (SELECT value as key FROM default.src)",
+      Seq(Row(1)))
+  }
+
+  test("ctas") {
+    withCleanTmpResources(Seq(("default.src2", "table"))) {
+      doAs("bob", sql(s"CREATE TABLE default.src2 $format AS SELECT value FROM default.src"))
+      val query = "select value from default.src2"
+      checkAnswer("admin", query, Seq(Row(1)))
+      checkAnswer("bob", query, Seq(Row(1)))
+    }
+  }
+
+  test("[KYUUBI #3581]: row level filter on permanent view") {
+    assume(isSparkV31OrGreater)
+    val supported = doAs(
+      "perm_view_user",
+      Try(sql("CREATE OR REPLACE VIEW default.perm_view AS SELECT * FROM default.src")).isSuccess)
+    assume(supported, s"view support for '$format' has not been implemented yet")
+
+    withCleanTmpResources(Seq((s"default.perm_view", "view"))) {
+      checkAnswer(
+        "admin",
+        "SELECT key FROM default.perm_view order order by key",
+        Seq(Row(1), Row(20), Row(30)))
+      checkAnswer("bob", "SELECT key FROM default.perm_view", Seq(Row(1)))
+      checkAnswer("bob", "SELECT value FROM default.perm_view", Seq(Row(1)))
+      checkAnswer("bob", "SELECT max(value) FROM default.perm_view", Seq(Row(1)))
+      checkAnswer("bob", "SELECT coalesce(max(value), 1) FROM default.perm_view", Seq(Row(1)))
+      checkAnswer(
+        "bob",
+        "SELECT value FROM default.perm_view WHERE value in " +
+          "(SELECT value as key FROM default.perm_view)",
+        Seq(Row(1)))
+    }
+  }
+}

From b23c87c318a67445abb65252e547844471a65b3d Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 14 Mar 2023 23:01:43 +0800
Subject: [PATCH 166/760] [KYUUBI #4467][K8S][BATCH] Tolerate Driver Pod
 ephemerally invisible after submitting

### _Why are the changes needed?_

The following discussion assumes using Spark cluster mode w/ `waitCompletion=false`.

In Spark on Yarn, the application is visible immediately after `spark-submit` is returned, but things are different in Spark on K8s, Driver Pod is ephemerally invisible after submitting, so NOT_FOUND is returned instead of UNKNOWN or PENDING.

To tolerate the above case, `kyuubi.engine.submit.timeout` is introduced, ApplicationManager will report UNKNOWN instead of NOT_FOUND during the Driver Pod scheduling period.

More detail in #4467
1. Remove `KubernetesApplicationOperation`'s `JpsApplicationOperation` for handle Client Deploy Mode(`YarnApplicationOperation` doesn't handle this either)
2. Add engine submit timeout for `KubernetesApplicationOperation` to return Unknown status when not found driver pod in time range.
3. GetApplicationInfo with it's submit time

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4469 from zwangsheng/4467.

Closes #4467

562b67463 [zwangsheng] [KYUUBI #4467] Fix Setting.md
362c43d1b [zwangsheng] [KYUUBI #4467] Fix Setting.md
ac69f4d81 [zwangsheng] [KYUUBI #4467] Add Config Desc
d2b9fb660 [zwangsheng] [KYUUBI #4467] save tab
eac880fcf [zwangsheng] [KYUUBI #4467] Ingnore Kubernetes Operation for client mode test
7a20b97a4 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
aa4c7716a [zwangsheng] [KYUUBI #4467] Ingnore Kubernetes Operation for client mode test
c5bd888ab [zwangsheng] [KYUUBI #4467] note it test
a86dcefba [zwangsheng] [KYUUBI #4467] Using default none
aed7f8794 [Cheng Pan] Update docs/deployment/settings.md
490df7dc0 [zwangsheng] [KYUUBI #4467] fix complie
33f3a5be8 [zwangsheng] [KYUUBI #4467] fix comments
4745790cf [zwangsheng] [KYUUBI #4467] Fix IT Test
924cfe38e [zwangsheng] [KYUUBI #4467] Fix Setting.md
5f8aeaacc [zwangsheng] [KYUUBI #4467] KubernetesApplicationOperation Wait if not fount driver pod in limit time range

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  1 +
 .../spark/SparkOnKubernetesTestsSuite.scala   |  3 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  9 +++
 .../kyuubi/engine/ApplicationOperation.scala  |  3 +-
 .../org/apache/kyuubi/engine/EngineRef.scala  |  5 +-
 .../engine/JpsApplicationOperation.scala      |  2 +-
 .../KubernetesApplicationOperation.scala      | 73 +++++++++++--------
 .../engine/KyuubiApplicationManager.scala     |  5 +-
 .../engine/YarnApplicationOperation.scala     |  2 +-
 .../kyuubi/operation/BatchJobSubmission.scala | 10 ++-
 .../server/api/v1/BatchesResource.scala       |  3 +-
 11 files changed, 77 insertions(+), 39 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index b34aa4c48..a2474a506 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -160,6 +160,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.spark.python.env.archive                   | &lt;undefined&gt;         | Portable Python env archive used for Spark engine Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.7.0 |
 | kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.7.0 |
 | kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.7.0 |
+| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not invisible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.7.1 |
 | kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | seq      | 1.7.0 |
 | kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
 | kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 14db8b408..831504608 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -125,6 +125,7 @@ class SparkClusterModeOnKubernetesSuite
   override protected def jdbcUrl: String = getJdbcUrl
 }
 
+// [KYUUBI #4467] KubernetesApplicationOperator doesn't support client mode
 class KyuubiOperationKubernetesClusterClientModeSuite
   extends SparkClientModeOnKubernetesSuiteBase {
   private lazy val k8sOperation: KubernetesApplicationOperation = {
@@ -136,7 +137,7 @@ class KyuubiOperationKubernetesClusterClientModeSuite
   private def sessionManager: KyuubiSessionManager =
     server.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
 
-  test("Spark Client Mode On Kubernetes Kyuubi KubernetesApplicationOperation Suite") {
+  ignore("Spark Client Mode On Kubernetes Kyuubi KubernetesApplicationOperation Suite") {
     val batchRequest = newSparkBatchRequest(conf.getAll ++ Map(
       KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index bd8fdaa2a..1b7737344 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2541,6 +2541,15 @@ object KyuubiConf {
       .booleanConf
       .createWithDefault(true)
 
+  val ENGINE_SUBMIT_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.engine.submit.timeout")
+      .doc("Period to tolerant Driver Pod ephemerally invisible after submitting. " +
+        "In some Resource Managers, e.g. K8s, the Driver Pod is not invisible immediately " +
+        "after `spark-submit` is returned.")
+      .version("1.7.1")
+      .timeConf
+      .createWithDefaultString("PT30S")
+
   /**
    * Holds information about keys that have been deprecated.
    *
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
index 93d495895..00db372ce 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
@@ -56,9 +56,10 @@ trait ApplicationOperation {
    * Get the engine/application status by the unique application tag
    *
    * @param tag the unique application tag for engine instance.
+   * @param submitTime engine submit to resourceManager time
    * @return [[ApplicationInfo]]
    */
-  def getApplicationInfoByTag(tag: String): ApplicationInfo
+  def getApplicationInfoByTag(tag: String, submitTime: Option[Long] = None): ApplicationInfo
 }
 
 object ApplicationState extends Enumeration {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 84b7707e8..1f38ea3c2 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -216,7 +216,10 @@ private[kyuubi] class EngineRef(
         // check the engine application state from engine manager and fast fail on engine terminate
         if (exitValue == Some(0)) {
           Option(engineManager).foreach { engineMgr =>
-            engineMgr.getApplicationInfo(builder.clusterManager(), engineRefId).foreach { appInfo =>
+            engineMgr.getApplicationInfo(
+              builder.clusterManager(),
+              engineRefId,
+              Some(started)).foreach { appInfo =>
               if (ApplicationState.isTerminated(appInfo.state)) {
                 MetricsSystem.tracing { ms =>
                   ms.incCount(MetricRegistry.name(ENGINE_FAIL, appUser))
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
index bd482b86b..ce2e05461 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
@@ -84,7 +84,7 @@ class JpsApplicationOperation extends ApplicationOperation {
     killJpsApplicationByTag(tag, true)
   }
 
-  override def getApplicationInfoByTag(tag: String): ApplicationInfo = {
+  override def getApplicationInfoByTag(tag: String, submitTime: Option[Long]): ApplicationInfo = {
     val commandOption = getEngine(tag)
     if (commandOption.nonEmpty) {
       val idAndCmd = commandOption.get
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 1dd5ff83f..d0820b9ae 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -32,16 +32,15 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
 
   @volatile
   private var kubernetesClient: KubernetesClient = _
-  private var jpsOperation: JpsApplicationOperation = _
 
-  override def initialize(conf: KyuubiConf): Unit = {
-    jpsOperation = new JpsApplicationOperation
-    jpsOperation.initialize(conf)
+  private var submitTimeout: Long = _
 
+  override def initialize(conf: KyuubiConf): Unit = {
     info("Start initializing Kubernetes Client.")
     kubernetesClient = KubernetesUtils.buildKubernetesClient(conf) match {
       case Some(client) =>
         info(s"Initialized Kubernetes Client connect to: ${client.getMasterUrl}")
+        submitTimeout = conf.get(KyuubiConf.ENGINE_SUBMIT_TIMEOUT)
         client
       case None =>
         warn("Fail to init Kubernetes Client for Kubernetes Application Operation")
@@ -50,6 +49,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   }
 
   override def isSupported(clusterManager: Option[String]): Boolean = {
+    // TODO add deploy mode to check whether is supported
     kubernetesClient != null && clusterManager.nonEmpty &&
     clusterManager.get.toLowerCase.startsWith("k8s")
   }
@@ -73,8 +73,9 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
                 s"Operation of deleted appId: ${podList.get(0).getMetadata.getName} is completed")
           }
         } else {
-          // client mode
-          jpsOperation.killApplicationByTag(tag)
+          (
+            false,
+            s"Target Pod(tag: $tag) is not found, due to pod have been deleted or not created")
         }
       } catch {
         case e: Exception =>
@@ -85,32 +86,44 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     }
   }
 
-  override def getApplicationInfoByTag(tag: String): ApplicationInfo = {
-    if (kubernetesClient != null) {
-      debug(s"Getting application info from Kubernetes cluster by $tag tag")
-      try {
-        val podList = findDriverPodByTag(tag)
-        if (podList.size() != 0) {
-          val pod = podList.get(0)
-          val info = ApplicationInfo(
-            // spark pods always tag label `spark-app-selector:<spark-app-id>`
-            id = pod.getMetadata.getLabels.get(SPARK_APP_ID_LABEL),
-            name = pod.getMetadata.getName,
-            state = KubernetesApplicationOperation.toApplicationState(pod.getStatus.getPhase),
-            error = Option(pod.getStatus.getReason))
-          debug(s"Successfully got application info by $tag: $info")
-          info
-        } else {
-          // client mode
-          jpsOperation.getApplicationInfoByTag(tag)
-        }
-      } catch {
-        case e: Exception =>
-          error(s"Failed to get application with $tag, due to ${e.getMessage}")
+  override def getApplicationInfoByTag(tag: String, submitTime: Option[Long]): ApplicationInfo = {
+    if (kubernetesClient == null) {
+      throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
+    }
+    debug(s"Getting application info from Kubernetes cluster by $tag tag")
+    try {
+      val podList = findDriverPodByTag(tag)
+      if (podList.size() != 0) {
+        val pod = podList.get(0)
+        val info = ApplicationInfo(
+          // spark pods always tag label `spark-app-selector:<spark-app-id>`
+          id = pod.getMetadata.getLabels.get(SPARK_APP_ID_LABEL),
+          name = pod.getMetadata.getName,
+          state = KubernetesApplicationOperation.toApplicationState(pod.getStatus.getPhase),
+          error = Option(pod.getStatus.getReason))
+        debug(s"Successfully got application info by $tag: $info")
+        return info
+      }
+      // Kyuubi should wait second if pod is not be created
+      submitTime match {
+        case Some(time) =>
+          val elapsedTime = System.currentTimeMillis() - time
+          if (elapsedTime > submitTimeout) {
+            error(s"Can't find target driver pod by tag: $tag, " +
+              s"elapsed time: ${elapsedTime}ms exceeds ${submitTimeout}ms.")
+            ApplicationInfo(id = null, name = null, ApplicationState.NOT_FOUND)
+          } else {
+            warn("Wait for driver pod to be created, " +
+              s"elapsed time: ${elapsedTime}ms, return UNKNOWN status")
+            ApplicationInfo(id = null, name = null, ApplicationState.UNKNOWN)
+          }
+        case None =>
           ApplicationInfo(id = null, name = null, ApplicationState.NOT_FOUND)
       }
-    } else {
-      throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
+    } catch {
+      case e: Exception =>
+        error(s"Failed to get application with $tag, due to ${e.getMessage}")
+        ApplicationInfo(id = null, name = null, ApplicationState.NOT_FOUND)
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index 70c130012..9b23e550d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -84,10 +84,11 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
 
   def getApplicationInfo(
       clusterManager: Option[String],
-      tag: String): Option[ApplicationInfo] = {
+      tag: String,
+      submitTime: Option[Long] = None): Option[ApplicationInfo] = {
     val operation = operations.find(_.isSupported(clusterManager))
     operation match {
-      case Some(op) => Some(op.getApplicationInfoByTag(tag))
+      case Some(op) => Some(op.getApplicationInfoByTag(tag, submitTime))
       case None => None
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
index b38b1daa2..e836e65da 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
@@ -75,7 +75,7 @@ class YarnApplicationOperation extends ApplicationOperation with Logging {
     }
   }
 
-  override def getApplicationInfoByTag(tag: String): ApplicationInfo = {
+  override def getApplicationInfoByTag(tag: String, submitTime: Option[Long]): ApplicationInfo = {
     if (yarnClient != null) {
       debug(s"Getting application info from Yarn cluster by $tag tag")
       val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index f061d977d..883afcf58 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -105,8 +105,16 @@ class BatchJobSubmission(
   override protected def currentApplicationInfo: Option[ApplicationInfo] = {
     if (isTerminal(state) && _applicationInfo.nonEmpty) return _applicationInfo
     // only the ApplicationInfo with non-empty id is valid for the operation
+    val submitTime = if (_appStartTime <= 0) {
+      System.currentTimeMillis()
+    } else {
+      _appStartTime
+    }
     val applicationInfo =
-      applicationManager.getApplicationInfo(builder.clusterManager(), batchId).filter(_.id != null)
+      applicationManager.getApplicationInfo(
+        builder.clusterManager(),
+        batchId,
+        Some(submitTime)).filter(_.id != null)
     applicationInfo.foreach { _ =>
       if (_appStartTime <= 0) {
         _appStartTime = System.currentTimeMillis()
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 0ef3c8bac..4814996a4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -296,7 +296,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
               error(s"Error redirecting get batch[$batchId] to ${metadata.kyuubiInstance}", e)
               val batchAppStatus = sessionManager.applicationManager.getApplicationInfo(
                 metadata.clusterManager,
-                batchId)
+                batchId,
+                Some(metadata.createTime))
               buildBatch(metadata, batchAppStatus)
           }
         }

From e53da12419ec34dd134e80f2c96c9619e48cda7e Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 15 Mar 2023 11:13:07 +0800
Subject: [PATCH 167/760] [KYUUBI #4516] Return kyuubi instance in SessionData
 and OperationData

### _Why are the changes needed?_

It is helpful, because now kyuubi gateway does not support multiple nodes ha.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4516 from turboFei/kyuubi_instance.

Closes #4516

a679dc524 [fwang12] return kyuubi instance

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/client/api/v1/dto/OperationData.java     | 13 ++++++++++++-
 .../kyuubi/client/api/v1/dto/SessionData.java       | 13 ++++++++++++-
 .../org/apache/kyuubi/server/api/ApiUtils.scala     |  6 ++++--
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
index bc7af4ac9..1b99bb2c6 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
@@ -32,6 +32,7 @@ public class OperationData {
   private String sessionId;
   private String sessionUser;
   private String sessionType;
+  private String kyuubiInstance;
 
   public OperationData() {}
 
@@ -45,7 +46,8 @@ public OperationData(
       String exception,
       String sessionId,
       String sessionUser,
-      String sessionType) {
+      String sessionType,
+      String kyuubiInstance) {
     this.identifier = identifier;
     this.statement = statement;
     this.state = state;
@@ -56,6 +58,7 @@ public OperationData(
     this.sessionId = sessionId;
     this.sessionUser = sessionUser;
     this.sessionType = sessionType;
+    this.kyuubiInstance = kyuubiInstance;
   }
 
   public String getIdentifier() {
@@ -138,6 +141,14 @@ public void setSessionType(String sessionType) {
     this.sessionType = sessionType;
   }
 
+  public String getKyuubiInstance() {
+    return kyuubiInstance;
+  }
+
+  public void setKyuubiInstance(String kyuubiInstance) {
+    this.kyuubiInstance = kyuubiInstance;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
index 97da4d942..ce5eaae50 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
@@ -33,6 +33,7 @@ public class SessionData {
   private Long idleTime;
   private String exception;
   private String sessionType;
+  private String kyuubiInstance;
 
   public SessionData() {}
 
@@ -45,7 +46,8 @@ public SessionData(
       Long duration,
       Long idleTime,
       String exception,
-      String sessionType) {
+      String sessionType,
+      String kyuubiInstance) {
     this.identifier = identifier;
     this.user = user;
     this.ipAddr = ipAddr;
@@ -55,6 +57,7 @@ public SessionData(
     this.idleTime = idleTime;
     this.exception = exception;
     this.sessionType = sessionType;
+    this.kyuubiInstance = kyuubiInstance;
   }
 
   public String getIdentifier() {
@@ -132,6 +135,14 @@ public void setSessionType(String sessionType) {
     this.sessionType = sessionType;
   }
 
+  public String getKyuubiInstance() {
+    return kyuubiInstance;
+  }
+
+  public void setKyuubiInstance(String kyuubiInstance) {
+    this.kyuubiInstance = kyuubiInstance;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
index 7a0582613..3e7e36eac 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -37,7 +37,8 @@ object ApiUtils {
       session.lastAccessTime - session.createTime,
       session.getNoOperationTime,
       session.getSessionEvent.flatMap(_.exception).map(Utils.prettyPrint).getOrElse(""),
-      session.sessionType.toString)
+      session.sessionType.toString,
+      session.connectionUrl)
   }
 
   def operationData(operation: KyuubiOperation): OperationData = {
@@ -52,6 +53,7 @@ object ApiUtils {
       opEvent.exception.map(Utils.prettyPrint).getOrElse(""),
       opEvent.sessionId,
       opEvent.sessionUser,
-      opEvent.sessionType)
+      opEvent.sessionType,
+      operation.getSession.asInstanceOf[KyuubiSession].connectionUrl)
   }
 }

From ba0eac70abb3945f7c2006d87a403fb0c5e2890f Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 15 Mar 2023 14:03:32 +0800
Subject: [PATCH 168/760] [KYUUBI #4518] Return engine id in SessionData and
 post kyuubi instance in KyuubiOperationEvent

### _Why are the changes needed?_

As title.

BTW, for KyuubiSessionEvents, you can get kyuubiInstance from serverIP.
```
 * param serverIP A unique Kyuubi server id, e.g. kyuubi server ip address and port,
 *                 it is useful if has multi-instance Kyuubi Server
 ```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4518 from turboFei/instance_follow.

Closes #4518

2ad4c1646 [fwang12] event

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/client/api/v1/dto/SessionData.java       | 13 ++++++++++++-
 .../apache/kyuubi/events/KyuubiOperationEvent.scala |  7 +++++--
 .../org/apache/kyuubi/server/api/ApiUtils.scala     |  6 ++++--
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
index ce5eaae50..ae7dfdec9 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionData.java
@@ -34,6 +34,7 @@ public class SessionData {
   private String exception;
   private String sessionType;
   private String kyuubiInstance;
+  private String engineId;
 
   public SessionData() {}
 
@@ -47,7 +48,8 @@ public SessionData(
       Long idleTime,
       String exception,
       String sessionType,
-      String kyuubiInstance) {
+      String kyuubiInstance,
+      String engineId) {
     this.identifier = identifier;
     this.user = user;
     this.ipAddr = ipAddr;
@@ -58,6 +60,7 @@ public SessionData(
     this.exception = exception;
     this.sessionType = sessionType;
     this.kyuubiInstance = kyuubiInstance;
+    this.engineId = engineId;
   }
 
   public String getIdentifier() {
@@ -143,6 +146,14 @@ public void setKyuubiInstance(String kyuubiInstance) {
     this.kyuubiInstance = kyuubiInstance;
   }
 
+  public String getEngineId() {
+    return engineId;
+  }
+
+  public void setEngineId(String engineId) {
+    this.engineId = engineId;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala
index 74a3a3fad..7147cb424 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala
@@ -42,6 +42,7 @@ import org.apache.kyuubi.session.KyuubiSession
  * @param sessionId the identifier of the parent session
  * @param sessionUser the authenticated client user
  * @param sessionType the type of the parent session
+ * @param kyuubiInstance the parent session connection url
  */
 case class KyuubiOperationEvent private (
     statementId: String,
@@ -56,7 +57,8 @@ case class KyuubiOperationEvent private (
     exception: Option[Throwable],
     sessionId: String,
     sessionUser: String,
-    sessionType: String) extends KyuubiEvent {
+    sessionType: String,
+    kyuubiInstance: String) extends KyuubiEvent {
 
   // operation events are partitioned by the date when the corresponding operations are
   // created.
@@ -85,6 +87,7 @@ object KyuubiOperationEvent {
       status.exception,
       session.handle.identifier.toString,
       session.user,
-      session.sessionType.toString)
+      session.sessionType.toString,
+      session.connectionUrl)
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
index 3e7e36eac..ebbf04c90 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -28,6 +28,7 @@ import org.apache.kyuubi.session.KyuubiSession
 object ApiUtils {
 
   def sessionData(session: KyuubiSession): SessionData = {
+    val sessionEvent = session.getSessionEvent
     new SessionData(
       session.handle.identifier.toString,
       session.user,
@@ -36,9 +37,10 @@ object ApiUtils {
       session.createTime,
       session.lastAccessTime - session.createTime,
       session.getNoOperationTime,
-      session.getSessionEvent.flatMap(_.exception).map(Utils.prettyPrint).getOrElse(""),
+      sessionEvent.flatMap(_.exception).map(Utils.prettyPrint).getOrElse(""),
       session.sessionType.toString,
-      session.connectionUrl)
+      session.connectionUrl,
+      sessionEvent.map(_.engineId).getOrElse(""))
   }
 
   def operationData(operation: KyuubiOperation): OperationData = {

From a027b6e0a187010c4d720f2619137d0625894362 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Wed, 15 Mar 2023 14:04:14 +0800
Subject: [PATCH 169/760] [KYUUBI #4498] list sessions/operations with
 conditions

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4507 from lightning-L/kyuubi-4498.

Closes #4498

6e3101288 [Tianlin Liao] [KYUUBI #4498] list sessions/operations with conditions

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/server/api/v1/AdminResource.scala  | 19 ++++--
 .../server/api/v1/AdminResourceSuite.scala    | 64 +++++++++++++++++++
 2 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index e5401ca41..ee63243cc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -27,6 +27,7 @@ import scala.collection.mutable.ListBuffer
 import io.swagger.v3.oas.annotations.media.{ArraySchema, Content, Schema}
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
+import org.apache.commons.lang3.StringUtils
 import org.apache.zookeeper.KeeperException.NoNodeException
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
@@ -113,7 +114,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     description = "get the list of all live sessions")
   @GET
   @Path("sessions")
-  def sessions(): Seq[SessionData] = {
+  def sessions(@QueryParam("users") users: String): Seq[SessionData] = {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Received listing all live sessions request from $userName/$ipAddress")
@@ -121,7 +122,12 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       throw new NotAllowedException(
         s"$userName is not allowed to list all live sessions")
     }
-    fe.be.sessionManager.allSessions().map { case session =>
+    var sessions = fe.be.sessionManager.allSessions()
+    if (StringUtils.isNotBlank(users)) {
+      val usersSet = users.split(",").toSet
+      sessions = sessions.filter(session => usersSet.contains(session.user))
+    }
+    sessions.map { case session =>
       ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])
     }.toSeq
   }
@@ -154,7 +160,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       "get the list of all active operations")
   @GET
   @Path("operations")
-  def listOperations(): Seq[OperationData] = {
+  def listOperations(@QueryParam("users") users: String): Seq[OperationData] = {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Received listing all of the active operations request from $userName/$ipAddress")
@@ -162,7 +168,12 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       throw new NotAllowedException(
         s"$userName is not allowed to list all the operations")
     }
-    fe.be.sessionManager.operationManager.allOperations()
+    var operations = fe.be.sessionManager.operationManager.allOperations()
+    if (StringUtils.isNotBlank(users)) {
+      val usersSet = users.split(",").toSet
+      operations = operations.filter(operation => usersSet.contains(operation.getSession.user))
+    }
+    operations
       .map(operation => ApiUtils.operationData(operation.asInstanceOf[KyuubiOperation])).toSeq
   }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 0fc912e7a..0e0a2415a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -168,6 +168,70 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     assert(sessions2.isEmpty)
   }
 
+  test("list sessions/operations with filter") {
+    fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "test_user_1",
+      "xxxxxx",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "test_user_2",
+      "xxxxxx",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    val adminUser = Utils.currentUser
+    val encodeAuthorization = new String(
+      Base64.getEncoder.encode(
+        s"$adminUser:".getBytes()),
+      "UTF-8")
+
+    // list sessions
+    var response = webTarget.path("api/v1/admin/sessions")
+      .queryParam("users", "admin")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    var sessions = response.readEntity(classOf[Seq[SessionData]])
+    assert(200 == response.getStatus)
+    assert(sessions.size == 2)
+
+    response = webTarget.path("api/v1/admin/sessions")
+      .queryParam("users", "test_user_1,test_user_2")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    sessions = response.readEntity(classOf[Seq[SessionData]])
+    assert(200 == response.getStatus)
+    assert(sessions.size == 2)
+
+    // list operations
+    response = webTarget.path("api/v1/admin/operations")
+      .queryParam("users", "test_user_1,test_user_2")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    val operations = response.readEntity(classOf[Seq[OperationData]])
+    assert(operations.size == 2)
+  }
+
   test("list/close operations") {
     val sessionHandle = fe.be.openSession(
       HIVE_CLI_SERVICE_PROTOCOL_V2,

From 7b8ca1235c842accb81f195bc0dc9db006cbbf8a Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 15 Mar 2023 15:08:11 +0800
Subject: [PATCH 170/760] [KYUUBI #4519] Update metadata when batch application
 state changed

### _Why are the changes needed?_

Kyuubi Server should update the metadata store when the batch application state changes, otherwise the peers see the outdated application state.

The following inconsistent happened on a dual Kyuubi Server deployment
```
23/03/15 11:15:36 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: null
23/03/15 11:15:41 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: null, appStatus: null
23/03/15 11:15:46 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:15:51 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:15:56 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:01 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:06 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:11 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:16 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:21 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: RUNNING
23/03/15 11:16:26 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:31 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: RUNNING
23/03/15 11:16:37 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:42 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: RUNNING
23/03/15 11:16:47 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: PENDING
23/03/15 11:16:52 batchId: e0b06788-46c0-484e-8648-deb08fc5dbd2, appId: spark-934bd65c1de14fceb22411986dc5fe99, appStatus: RUNNING
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4519 from pan3793/batch-metadata.

Closes #4519

6b9b3e706 [Cheng Pan] Update metadata when batch application state changed

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/operation/BatchJobSubmission.scala   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 883afcf58..3cbb16907 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -300,6 +300,7 @@ class BatchJobSubmission(
         val newApplicationStatus = currentApplicationInfo
         if (newApplicationStatus.map(_.state) != _applicationInfo.map(_.state)) {
           _applicationInfo = newApplicationStatus
+          updateBatchMetadata()
           info(s"Batch report for $batchId, ${_applicationInfo}")
         }
       }

From 38cf59d47be8f6d1b45562259c9e6342215888de Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 15 Mar 2023 17:08:59 +0800
Subject: [PATCH 171/760] [KYUUBI #4502] Reduce build concurency
 mvnd.minThreads in CI builds

### _Why are the changes needed?_

- to fix mvnd failure in `Install` step of `Sytle Check` job in (https://github.com/apache/kyuubi/actions/runs/4403008223/jobs/7711886893#step:7:1012)
- by lowering `mvnd.minThreads` to reduce memory pressure in concurrent builds

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4502 from bowenliang123/sytle-mvn.

Closes #4502

a3ddb6270 [liangbowen] lower `mvnd.minThreads`

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 build/mvnd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/mvnd b/build/mvnd
index 9af3429f3..81a6f5c20 100755
--- a/build/mvnd
+++ b/build/mvnd
@@ -25,7 +25,7 @@ _CALLING_DIR="$(pwd)"
 _COMPILE_JVM_OPTS="-Xms2g -Xmx2g -XX:ReservedCodeCacheSize=1g -Xss128m"
 
 if [ "$CI" ]; then
-  export MAVEN_CLI_OPTS="-Dmvnd.minThreads=8 --no-transfer-progress --errors --fail-fast -Dstyle.color=always"
+  export MAVEN_CLI_OPTS="-Dmvnd.minThreads=4 --no-transfer-progress --errors --fail-fast -Dstyle.color=always"
 fi
 
 # Installs any application tarball given a URL, the expected tarball name,

From 6aac3e66fefecd1df5244e568ad5ad452af130da Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 15 Mar 2023 20:57:31 +0800
Subject: [PATCH 172/760] [KYUUBI #4513] Bump Kyuubi 1.7.0 in Playground

### _Why are the changes needed?_

Upgrade Kyuubi 1.7.0 and enable REST protocol

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4513 from pan3793/playground.

Closes #4513

96d25daf8 [Cheng Pan] expose 10099
d163353a9 [Cheng Pan] Bump Kyuubi 1.7.0 in Playground

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docker/playground/.env                      | 2 +-
 docker/playground/compose.yml               | 1 +
 docker/playground/conf/kyuubi-defaults.conf | 4 +++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docker/playground/.env b/docker/playground/.env
index abd897192..d03cdddff 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -19,7 +19,7 @@ AWS_JAVA_SDK_VERSION=1.12.239
 HADOOP_VERSION=3.3.1
 HIVE_VERSION=2.3.9
 ICEBERG_VERSION=1.1.0
-KYUUBI_VERSION=1.6.1-incubating
+KYUUBI_VERSION=1.7.0
 KYUUBI_HADOOP_VERSION=3.3.4
 POSTGRES_VERSION=12
 POSTGRES_JDBC_VERSION=42.3.4
diff --git a/docker/playground/compose.yml b/docker/playground/compose.yml
index 14658d894..b0d2b1ea8 100644
--- a/docker/playground/compose.yml
+++ b/docker/playground/compose.yml
@@ -68,6 +68,7 @@ services:
     ports:
       - 4040-4050:4040-4050
       - 10009:10009
+      - 10099:10099
     volumes:
       - ./conf/core-site.xml:/etc/hadoop/conf/core-site.xml
       - ./conf/hive-site.xml:/etc/hive/conf/hive-site.xml
diff --git a/docker/playground/conf/kyuubi-defaults.conf b/docker/playground/conf/kyuubi-defaults.conf
index 4906c5de4..15b3fbf6e 100644
--- a/docker/playground/conf/kyuubi-defaults.conf
+++ b/docker/playground/conf/kyuubi-defaults.conf
@@ -18,8 +18,10 @@
 ## Kyuubi Configurations
 
 kyuubi.authentication=NONE
-kyuubi.frontend.thrift.binary.bind.host=0.0.0.0
+kyuubi.frontend.bind.host=0.0.0.0
+kyuubi.frontend.protocols=THRIFT_BINARY,REST
 kyuubi.frontend.thrift.binary.bind.port=10009
+kyuubi.frontend.rest.bind.port=10099
 kyuubi.ha.addresses=zookeeper:2181
 kyuubi.session.engine.idle.timeout=PT5M
 kyuubi.operation.incremental.collect=true

From 0f45f26a354490c763eec186dacf0615b783b9dd Mon Sep 17 00:00:00 2001
From: Alex <zoulimin@kanzhun.com>
Date: Thu, 16 Mar 2023 01:35:46 +0800
Subject: [PATCH 173/760] [KYUUBI #4492] Correct engine subdomain calculation
 in `kyuubi-ctl`

### _Why are the changes needed?_

The CONNECTION share level engines always use a UUID as the subdomain in registering path, kyuubi-ctl's wrong subdomain calculation causes a failure on listing engines.
```
./kyuubi-ctl list engine --zk-quorum xxx --namespace kyuubi --user xxx
```
```
2023-03-10 13:53:32.939 INFO org.apache.curator.framework.state.ConnectionStateManager: State change: CONNECTED
2023-03-10 13:53:32.945 ERROR org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient: Failed to get service node info
org.apache.zookeeper.KeeperException$NoNodeException: KeeperErrorCode = NoNode for /kyuubi_1.7.0_CONNECTION_SPARK_SQL/xxx/default
	at org.apache.zookeeper.KeeperException.create(KeeperException.java:114) ~[zookeeper-3.4.14.jar:3.4.14-4c25d480e66aadd371de8bd2fd8da255ac140bcf]
	at org.apache.zookeeper.KeeperException.create(KeeperException.java:54) ~[zookeeper-3.4.14.jar:3.4.14-4c25d480e66aadd371de8bd2fd8da255ac140bcf]
	at org.apache.zookeeper.ZooKeeper.getChildren(ZooKeeper.java:1659) ~[zookeeper-3.4.14.jar:3.4.14-4c25d480e66aadd371de8bd2fd8da255ac140bcf]
	at org.apache.curator.framework.imps.GetChildrenBuilderImpl$3.call(GetChildrenBuilderImpl.java:230) ~[curator-framework-2.12.0.jar:?]
	at org.apache.curator.framework.imps.GetChildrenBuilderImpl$3.call(GetChildrenBuilderImpl.java:219) ~[curator-framework-2.12.0.jar:?]
	at org.apache.curator.RetryLoop.callWithRetry(RetryLoop.java:109) ~[curator-client-2.12.0.jar:?]
	at org.apache.curator.framework.imps.GetChildrenBuilderImpl.pathInForeground(GetChildrenBuilderImpl.java:216) ~[curator-framework-2.12.0.jar:?]
	at org.apache.curator.framework.imps.GetChildrenBuilderImpl.forPath(GetChildrenBuilderImpl.java:207) ~[curator-framework-2.12.0.jar:?]
	at org.apache.curator.framework.imps.GetChildrenBuilderImpl.forPath(GetChildrenBuilderImpl.java:40) ~[curator-framework-2.12.0.jar:?]
	at org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient.getServiceNodesInfo(ZookeeperDiscoveryClient.scala:214) ~[kyuubi-ha_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.util.CtlUtils$.getServiceNodes(CtlUtils.scala:63) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.util.CtlUtils$.$anonfun$listZkServerNodes$1(CtlUtils.scala:86) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.util.CtlUtils$.$anonfun$listZkServerNodes$1$adapted(CtlUtils.scala:80) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ha.client.DiscoveryClientProvider$.withDiscoveryClient(DiscoveryClientProvider.scala:36) ~[kyuubi-ha_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.util.CtlUtils$.listZkServerNodes(CtlUtils.scala:80) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cmd.list.ListCommand.doRun(ListCommand.scala:32) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cmd.list.ListCommand.doRun(ListCommand.scala:24) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cmd.Command.run(Command.scala:47) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cli.ControlCli.doAction(ControlCli.scala:46) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cli.ControlCli$$anon$1.doAction(ControlCli.scala:79) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cli.ControlCli$.main(ControlCli.scala:87) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
	at org.apache.kyuubi.ctl.cli.ControlCli.main(ControlCli.scala) ~[kyuubi-ctl_2.12-1.7.0.jar:1.7.0]
2023-03-10 13:53:32.949 INFO org.apache.curator.framework.imps.CuratorFrameworkImpl: backgroundOperationsLoop exiting
2023-03-10 13:53:32.952 INFO org.apache.zookeeper.ZooKeeper: Session: 0x500011010ecc76e closed
2023-03-10 13:53:32.953 INFO org.apache.zookeeper.ClientCnxn: EventThread shut down for session: 0x500011010ecc76e
```
### _How was this patch tested?_

- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

  buid model kyuubi-ctl and deploy to my environment and run : kyuubi-ctl list engine -zk xxx:2181 -n kyuubi -u xxx
  get correct result.

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4492 from Kiss736921/fix_list_engine_error.

Closes #4492

29b87ed57 [Alex] change param name engine to engineNode
9e87b0853 [Alex] optimize get cmd architecture and complete delete engine for all share level
20544c296 [Cheng Pan] ctl should handle server and engine nodes seperately
9000129df [Alex] fix list engine no node exception

Lead-authored-by: Alex <zoulimin@kanzhun.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../ctl/cmd/create/CreateServerCommand.scala  |  2 +-
 .../kyuubi/ctl/cmd/delete/DeleteCommand.scala | 31 +-----
 .../ctl/cmd/delete/DeleteEngineCommand.scala  | 30 ++++++
 .../ctl/cmd/delete/DeleteServerCommand.scala  | 30 +++++-
 .../kyuubi/ctl/cmd/get/GetCommand.scala       |  8 +-
 .../kyuubi/ctl/cmd/get/GetEngineCommand.scala | 10 ++
 .../kyuubi/ctl/cmd/get/GetServerCommand.scala | 11 ++-
 .../kyuubi/ctl/cmd/list/ListCommand.scala     |  8 +-
 .../ctl/cmd/list/ListEngineCommand.scala      |  5 +
 .../ctl/cmd/list/ListServerCommand.scala      |  8 +-
 .../org/apache/kyuubi/ctl/util/CtlUtils.scala | 99 ++++++++++---------
 .../apache/kyuubi/ctl/ControlCliSuite.scala   | 85 ++++++++++------
 12 files changed, 212 insertions(+), 115 deletions(-)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala
index 66f75fc5f..f4d4ce2ea 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala
@@ -56,7 +56,7 @@ class CreateServerCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeI
     withDiscoveryClient(kyuubiConf) { discoveryClient =>
       val fromNamespace =
         DiscoveryPaths.makePath(null, kyuubiConf.get(HA_NAMESPACE))
-      val toNamespace = CtlUtils.getZkNamespace(kyuubiConf, normalizedCliConfig)
+      val toNamespace = CtlUtils.getZkServerNamespace(kyuubiConf, normalizedCliConfig)
 
       val currentServerNodes = discoveryClient.getServiceNodesInfo(fromNamespace)
       val exposedServiceNodes = ListBuffer[ServiceNodeInfo]()
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala
index 69479259a..ddbe083ce 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala
@@ -16,15 +16,13 @@
  */
 package org.apache.kyuubi.ctl.cmd.delete
 
-import scala.collection.mutable.ListBuffer
-
 import org.apache.kyuubi.ctl.cmd.Command
 import org.apache.kyuubi.ctl.opt.CliConfig
-import org.apache.kyuubi.ctl.util.{CtlUtils, Render, Validator}
-import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
+import org.apache.kyuubi.ctl.util.{Render, Validator}
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-class DeleteCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+abstract class DeleteCommand(cliConfig: CliConfig)
+  extends Command[Seq[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     Validator.validateZkArguments(normalizedCliConfig)
@@ -35,28 +33,7 @@ class DeleteCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](
   /**
    * Delete zookeeper service node with specified host port.
    */
-  def doRun(): Seq[ServiceNodeInfo] = {
-    withDiscoveryClient(conf) { discoveryClient =>
-      val znodeRoot = CtlUtils.getZkNamespace(conf, normalizedCliConfig)
-      val hostPortOpt =
-        Some((normalizedCliConfig.zkOpts.host, normalizedCliConfig.zkOpts.port.toInt))
-      val nodesToDelete = CtlUtils.getServiceNodes(discoveryClient, znodeRoot, hostPortOpt)
-
-      val deletedNodes = ListBuffer[ServiceNodeInfo]()
-      nodesToDelete.foreach { node =>
-        val nodePath = s"$znodeRoot/${node.nodeName}"
-        info(s"Deleting zookeeper service node:$nodePath")
-        try {
-          discoveryClient.delete(nodePath)
-          deletedNodes += node
-        } catch {
-          case e: Exception =>
-            error(s"Failed to delete zookeeper service node:$nodePath", e)
-        }
-      }
-      deletedNodes
-    }
-  }
+  def doRun(): Seq[ServiceNodeInfo]
 
   def render(nodes: Seq[ServiceNodeInfo]): Unit = {
     val title = "Deleted zookeeper service nodes"
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala
index 7be607467..ab6e81e24 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala
@@ -16,7 +16,12 @@
  */
 package org.apache.kyuubi.ctl.cmd.delete
 
+import scala.collection.mutable.ListBuffer
+
 import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.CtlUtils
+import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 class DeleteEngineCommand(cliConfig: CliConfig) extends DeleteCommand(cliConfig) {
 
@@ -28,4 +33,29 @@ class DeleteEngineCommand(cliConfig: CliConfig) extends DeleteCommand(cliConfig)
       fail("Must specify user name for engine, please use -u or --user.")
     }
   }
+
+  def doRun(): Seq[ServiceNodeInfo] = {
+    withDiscoveryClient(conf) { discoveryClient =>
+      val hostPortOpt =
+        Some((cliConfig.zkOpts.host, cliConfig.zkOpts.port.toInt))
+      val candidateNodes = CtlUtils.listZkEngineNodes(conf, normalizedCliConfig, hostPortOpt)
+      hostPortOpt.map { case (host, port) =>
+        candidateNodes.filter { cn => cn.host == host && cn.port == port }
+      }.getOrElse(candidateNodes)
+      val deletedNodes = ListBuffer[ServiceNodeInfo]()
+      candidateNodes.foreach { node =>
+        val engineNode = discoveryClient.getChildren(node.namespace)(0)
+        val nodePath = s"${node.namespace}/$engineNode"
+        info(s"Deleting zookeeper service node:$nodePath")
+        try {
+          discoveryClient.delete(nodePath)
+          deletedNodes += node
+        } catch {
+          case e: Exception =>
+            error(s"Failed to delete zookeeper service node:$nodePath", e)
+        }
+      }
+      deletedNodes
+    }
+  }
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala
index 6debba4d5..197b78645 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala
@@ -16,6 +16,34 @@
  */
 package org.apache.kyuubi.ctl.cmd.delete
 
+import scala.collection.mutable.ListBuffer
+
 import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.CtlUtils
+import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
+
+class DeleteServerCommand(cliConfig: CliConfig) extends DeleteCommand(cliConfig) {
+  override def doRun(): Seq[ServiceNodeInfo] = {
+    withDiscoveryClient(conf) { discoveryClient =>
+      val znodeRoot = CtlUtils.getZkServerNamespace(conf, normalizedCliConfig)
+      val hostPortOpt =
+        Some((normalizedCliConfig.zkOpts.host, normalizedCliConfig.zkOpts.port.toInt))
+      val nodesToDelete = CtlUtils.getServiceNodes(discoveryClient, znodeRoot, hostPortOpt)
 
-class DeleteServerCommand(cliConfig: CliConfig) extends DeleteCommand(cliConfig) {}
+      val deletedNodes = ListBuffer[ServiceNodeInfo]()
+      nodesToDelete.foreach { node =>
+        val nodePath = s"$znodeRoot/${node.nodeName}"
+        info(s"Deleting zookeeper service node:$nodePath")
+        try {
+          discoveryClient.delete(nodePath)
+          deletedNodes += node
+        } catch {
+          case e: Exception =>
+            error(s"Failed to delete zookeeper service node:$nodePath", e)
+        }
+      }
+      deletedNodes
+    }
+  }
+}
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala
index d78f0b995..af8285105 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala
@@ -18,10 +18,10 @@ package org.apache.kyuubi.ctl.cmd.get
 
 import org.apache.kyuubi.ctl.cmd.Command
 import org.apache.kyuubi.ctl.opt.CliConfig
-import org.apache.kyuubi.ctl.util.{CtlUtils, Render, Validator}
+import org.apache.kyuubi.ctl.util.{Render, Validator}
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-class GetCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+abstract class GetCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     Validator.validateZkArguments(normalizedCliConfig)
@@ -29,9 +29,7 @@ class GetCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cli
     mergeArgsIntoKyuubiConf()
   }
 
-  def doRun(): Seq[ServiceNodeInfo] = {
-    CtlUtils.listZkServerNodes(conf, normalizedCliConfig, filterHostPort = true)
-  }
+  def doRun(): Seq[ServiceNodeInfo]
 
   def render(nodes: Seq[ServiceNodeInfo]): Unit = {
     val title = "Zookeeper service nodes"
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala
index 4d9101625..13f4d00c8 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala
@@ -17,6 +17,8 @@
 package org.apache.kyuubi.ctl.cmd.get
 
 import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.CtlUtils
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 class GetEngineCommand(cliConfig: CliConfig) extends GetCommand(cliConfig) {
 
@@ -28,4 +30,12 @@ class GetEngineCommand(cliConfig: CliConfig) extends GetCommand(cliConfig) {
       fail("Must specify user name for engine, please use -u or --user.")
     }
   }
+
+  override def doRun(): Seq[ServiceNodeInfo] = {
+    CtlUtils.listZkEngineNodes(
+      conf,
+      normalizedCliConfig,
+      Some((cliConfig.zkOpts.host, cliConfig.zkOpts.port.toInt)))
+  }
+
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala
index 71b868453..faa76b219 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala
@@ -17,5 +17,14 @@
 package org.apache.kyuubi.ctl.cmd.get
 
 import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.CtlUtils
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-class GetServerCommand(cliConfig: CliConfig) extends GetCommand(cliConfig) {}
+class GetServerCommand(cliConfig: CliConfig) extends GetCommand(cliConfig) {
+  override def doRun(): Seq[ServiceNodeInfo] = {
+    CtlUtils.listZkServerNodes(
+      conf,
+      normalizedCliConfig,
+      Some((cliConfig.zkOpts.host, cliConfig.zkOpts.port.toInt)))
+  }
+}
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala
index 0cfeb8e4e..e5a3a6882 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala
@@ -18,19 +18,17 @@ package org.apache.kyuubi.ctl.cmd.list
 
 import org.apache.kyuubi.ctl.cmd.Command
 import org.apache.kyuubi.ctl.opt.CliConfig
-import org.apache.kyuubi.ctl.util.{CtlUtils, Render, Validator}
+import org.apache.kyuubi.ctl.util.{Render, Validator}
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-class ListCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+abstract class ListCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     Validator.validateZkArguments(normalizedCliConfig)
     mergeArgsIntoKyuubiConf()
   }
 
-  def doRun(): Seq[ServiceNodeInfo] = {
-    CtlUtils.listZkServerNodes(conf, normalizedCliConfig, filterHostPort = false)
-  }
+  def doRun(): Seq[ServiceNodeInfo]
 
   def render(nodes: Seq[ServiceNodeInfo]): Unit = {
     val title = "Zookeeper service nodes"
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListEngineCommand.scala
index 6a78a9e97..8a26b4cc9 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListEngineCommand.scala
@@ -17,6 +17,8 @@
 package org.apache.kyuubi.ctl.cmd.list
 
 import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.CtlUtils
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 class ListEngineCommand(cliConfig: CliConfig) extends ListCommand(cliConfig) {
 
@@ -28,4 +30,7 @@ class ListEngineCommand(cliConfig: CliConfig) extends ListCommand(cliConfig) {
       fail("Must specify user name for engine, please use -u or --user.")
     }
   }
+
+  override def doRun(): Seq[ServiceNodeInfo] =
+    CtlUtils.listZkEngineNodes(conf, normalizedCliConfig, None)
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala
index 8c3219ece..56e8f4695 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala
@@ -17,5 +17,11 @@
 package org.apache.kyuubi.ctl.cmd.list
 
 import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.CtlUtils
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-class ListServerCommand(cliConfig: CliConfig) extends ListCommand(cliConfig) {}
+class ListServerCommand(cliConfig: CliConfig) extends ListCommand(cliConfig) {
+  override def doRun(): Seq[ServiceNodeInfo] = {
+    CtlUtils.listZkServerNodes(conf, normalizedCliConfig, None)
+  }
+}
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/CtlUtils.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/CtlUtils.scala
index fdcc127f1..8ce1d611a 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/CtlUtils.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/CtlUtils.scala
@@ -25,48 +25,35 @@ import org.yaml.snakeyaml.Yaml
 import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_SHARE_LEVEL, ENGINE_SHARE_LEVEL_SUBDOMAIN, ENGINE_TYPE}
-import org.apache.kyuubi.ctl.opt.{CliConfig, ControlObject}
+import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ha.client.{DiscoveryClient, DiscoveryPaths, ServiceNodeInfo}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 
 object CtlUtils {
 
-  private[ctl] def getZkNamespace(conf: KyuubiConf, cliConfig: CliConfig): String = {
-    cliConfig.resource match {
-      case ControlObject.SERVER =>
-        DiscoveryPaths.makePath(null, cliConfig.zkOpts.namespace)
-      case ControlObject.ENGINE =>
-        val engineType = Some(cliConfig.engineOpts.engineType)
-          .filter(_ != null).filter(_.nonEmpty)
-          .getOrElse(conf.get(ENGINE_TYPE))
-        val engineSubdomain = Some(cliConfig.engineOpts.engineSubdomain)
-          .filter(_ != null).filter(_.nonEmpty)
-          .getOrElse(conf.get(ENGINE_SHARE_LEVEL_SUBDOMAIN).getOrElse("default"))
-        val engineShareLevel = Some(cliConfig.engineOpts.engineShareLevel)
-          .filter(_ != null).filter(_.nonEmpty)
-          .getOrElse(conf.get(ENGINE_SHARE_LEVEL))
-        // The path of the engine defined in zookeeper comes from
-        // org.apache.kyuubi.engine.EngineRef#engineSpace
-        DiscoveryPaths.makePath(
-          s"${cliConfig.zkOpts.namespace}_" +
-            s"${cliConfig.zkOpts.version}_" +
-            s"${engineShareLevel}_${engineType}",
-          cliConfig.engineOpts.user,
-          engineSubdomain)
-    }
+  private[ctl] def getZkServerNamespace(conf: KyuubiConf, cliConfig: CliConfig): String = {
+    DiscoveryPaths.makePath(null, cliConfig.zkOpts.namespace)
   }
 
-  private[ctl] def getServiceNodes(
-      discoveryClient: DiscoveryClient,
-      znodeRoot: String,
-      hostPortOpt: Option[(String, Int)]): Seq[ServiceNodeInfo] = {
-    val serviceNodes = discoveryClient.getServiceNodesInfo(znodeRoot)
-    hostPortOpt match {
-      case Some((host, port)) => serviceNodes.filter { sn =>
-          sn.host == host && sn.port == port
-        }
-      case _ => serviceNodes
-    }
+  private[ctl] def getZkEngineNamespaceAndSubdomain(
+      conf: KyuubiConf,
+      cliConfig: CliConfig): (String, Option[String]) = {
+    val engineType = Some(cliConfig.engineOpts.engineType)
+      .filter(_ != null).filter(_.nonEmpty)
+      .getOrElse(conf.get(ENGINE_TYPE))
+    val engineShareLevel = Some(cliConfig.engineOpts.engineShareLevel)
+      .filter(_ != null).filter(_.nonEmpty)
+      .getOrElse(conf.get(ENGINE_SHARE_LEVEL))
+    val engineSubdomain = Option(cliConfig.engineOpts.engineSubdomain)
+      .filter(_.nonEmpty).orElse(conf.get(ENGINE_SHARE_LEVEL_SUBDOMAIN))
+    // The path of the engine defined in zookeeper comes from
+    // org.apache.kyuubi.engine.EngineRef#engineSpace
+    val rootPath = DiscoveryPaths.makePath(
+      s"${cliConfig.zkOpts.namespace}_" +
+        s"${cliConfig.zkOpts.version}_" +
+        s"${engineShareLevel}_${engineType}",
+      cliConfig.engineOpts.user)
+    (rootPath, engineSubdomain)
   }
 
   /**
@@ -75,17 +62,41 @@ object CtlUtils {
   private[ctl] def listZkServerNodes(
       conf: KyuubiConf,
       cliConfig: CliConfig,
-      filterHostPort: Boolean): Seq[ServiceNodeInfo] = {
-    var nodes = Seq.empty[ServiceNodeInfo]
+      hostPortOpt: Option[(String, Int)]): Seq[ServiceNodeInfo] = {
     withDiscoveryClient(conf) { discoveryClient =>
-      val znodeRoot = getZkNamespace(conf, cliConfig)
-      val hostPortOpt =
-        if (filterHostPort) {
-          Some((cliConfig.zkOpts.host, cliConfig.zkOpts.port.toInt))
-        } else None
-      nodes = getServiceNodes(discoveryClient, znodeRoot, hostPortOpt)
+      val znodeRoot = getZkServerNamespace(conf, cliConfig)
+      getServiceNodes(discoveryClient, znodeRoot, hostPortOpt)
     }
-    nodes
+  }
+
+  /**
+   * List Kyuubi engine nodes info.
+   */
+  private[ctl] def listZkEngineNodes(
+      conf: KyuubiConf,
+      cliConfig: CliConfig,
+      hostPortOpt: Option[(String, Int)]): Seq[ServiceNodeInfo] = {
+    withDiscoveryClient(conf) { discoveryClient =>
+      val (znodeRoot, subdomainOpt) = getZkEngineNamespaceAndSubdomain(conf, cliConfig)
+      val candidates = discoveryClient.getChildren(znodeRoot)
+      val matched = subdomainOpt match {
+        case Some(subdomain) => candidates.filter(_ == subdomain)
+        case None => candidates
+      }
+      matched.flatMap { subdomain =>
+        getServiceNodes(discoveryClient, s"$znodeRoot/$subdomain", hostPortOpt)
+      }
+    }
+  }
+
+  private[ctl] def getServiceNodes(
+      discoveryClient: DiscoveryClient,
+      znodeRoot: String,
+      hostPortOpt: Option[(String, Int)]): Seq[ServiceNodeInfo] = {
+    val serviceNodes = discoveryClient.getServiceNodesInfo(znodeRoot)
+    hostPortOpt.map { case (host, port) =>
+      serviceNodes.filter { sn => sn.host == host && sn.port == port }
+    }.getOrElse(serviceNodes)
   }
 
   private[ctl] def loadYamlAsMap(cliConfig: CliConfig): JMap[String, Object] = {
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliSuite.scala
index d27f3ec2a..43a694a08 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliSuite.scala
@@ -199,20 +199,23 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
     }
   }
 
-  test("test get zk namespace for different service type") {
-    val arg1 = Array(
+  test("test get zk server namespace") {
+    val args = Array(
       "list",
       "server",
       "--zk-quorum",
       zkServer.getConnectString,
       "--namespace",
       namespace)
-    val scArgs1 = new ControlCliArguments(arg1)
-    assert(CtlUtils.getZkNamespace(
-      scArgs1.command.conf,
-      scArgs1.command.normalizedCliConfig) == s"/$namespace")
+    val scArgs = new ControlCliArguments(args)
+    assert(
+      CtlUtils.getZkServerNamespace(
+        scArgs.command.conf,
+        scArgs.command.normalizedCliConfig) === s"/$namespace")
+  }
 
-    val arg2 = Array(
+  test("test get zk engine namespace") {
+    val args = Array(
       "list",
       "engine",
       "--zk-quorum",
@@ -221,9 +224,11 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       namespace,
       "--user",
       user)
-    val scArgs2 = new ControlCliArguments(arg2)
-    assert(CtlUtils.getZkNamespace(scArgs2.command.conf, scArgs2.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user/default")
+    val scArgs = new ControlCliArguments(args)
+    val expected = (s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs.command.conf,
+      scArgs.command.normalizedCliConfig) === expected)
   }
 
   test("test list zk service nodes info") {
@@ -364,8 +369,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--user",
       user)
     val scArgs1 = new ControlCliArguments(arg1)
-    assert(CtlUtils.getZkNamespace(scArgs1.command.conf, scArgs1.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user/default")
+    val expected1 = (s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs1.command.conf,
+      scArgs1.command.normalizedCliConfig) === expected1)
 
     val arg2 = Array(
       "list",
@@ -379,8 +386,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-type",
       "FLINK_SQL")
     val scArgs2 = new ControlCliArguments(arg2)
-    assert(CtlUtils.getZkNamespace(scArgs2.command.conf, scArgs2.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_FLINK_SQL/$user/default")
+    val expected2 = (s"/${namespace}_${KYUUBI_VERSION}_USER_FLINK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs2.command.conf,
+      scArgs2.command.normalizedCliConfig) === expected2)
 
     val arg3 = Array(
       "list",
@@ -394,8 +403,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-type",
       "TRINO")
     val scArgs3 = new ControlCliArguments(arg3)
-    assert(CtlUtils.getZkNamespace(scArgs3.command.conf, scArgs3.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_TRINO/$user/default")
+    val expected3 = (s"/${namespace}_${KYUUBI_VERSION}_USER_TRINO/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs3.command.conf,
+      scArgs3.command.normalizedCliConfig) === expected3)
 
     val arg4 = Array(
       "list",
@@ -411,8 +422,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-subdomain",
       "sub_1")
     val scArgs4 = new ControlCliArguments(arg4)
-    assert(CtlUtils.getZkNamespace(scArgs4.command.conf, scArgs4.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user/sub_1")
+    val expected4 = (s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user", Some("sub_1"))
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs4.command.conf,
+      scArgs4.command.normalizedCliConfig) === expected4)
 
     val arg5 = Array(
       "list",
@@ -430,8 +443,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-subdomain",
       "sub_1")
     val scArgs5 = new ControlCliArguments(arg5)
-    assert(CtlUtils.getZkNamespace(scArgs5.command.conf, scArgs5.command.normalizedCliConfig) ==
-      s"/${namespace}_1.5.0_USER_SPARK_SQL/$user/sub_1")
+    val expected5 = (s"/${namespace}_1.5.0_USER_SPARK_SQL/$user", Some("sub_1"))
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs5.command.conf,
+      scArgs5.command.normalizedCliConfig) === expected5)
   }
 
   test("test get zk namespace for different share level engines") {
@@ -445,8 +460,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--user",
       user)
     val scArgs1 = new ControlCliArguments(arg1)
-    assert(CtlUtils.getZkNamespace(scArgs1.command.conf, scArgs1.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user/default")
+    val expected1 = (s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs1.command.conf,
+      scArgs1.command.normalizedCliConfig) === expected1)
 
     val arg2 = Array(
       "list",
@@ -460,8 +477,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-share-level",
       "CONNECTION")
     val scArgs2 = new ControlCliArguments(arg2)
-    assert(CtlUtils.getZkNamespace(scArgs2.command.conf, scArgs2.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL/$user/default")
+    val expected2 = (s"/${namespace}_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs2.command.conf,
+      scArgs2.command.normalizedCliConfig) === expected2)
 
     val arg3 = Array(
       "list",
@@ -475,8 +494,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-share-level",
       "USER")
     val scArgs3 = new ControlCliArguments(arg3)
-    assert(CtlUtils.getZkNamespace(scArgs3.command.conf, scArgs3.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user/default")
+    val expected3 = (s"/${namespace}_${KYUUBI_VERSION}_USER_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs3.command.conf,
+      scArgs3.command.normalizedCliConfig) === expected3)
 
     val arg4 = Array(
       "list",
@@ -490,8 +511,10 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-share-level",
       "GROUP")
     val scArgs4 = new ControlCliArguments(arg4)
-    assert(CtlUtils.getZkNamespace(scArgs4.command.conf, scArgs4.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_GROUP_SPARK_SQL/$user/default")
+    val expected4 = (s"/${namespace}_${KYUUBI_VERSION}_GROUP_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs4.command.conf,
+      scArgs4.command.normalizedCliConfig) === expected4)
 
     val arg5 = Array(
       "list",
@@ -505,7 +528,9 @@ class ControlCliSuite extends KyuubiFunSuite with TestPrematureExit {
       "--engine-share-level",
       "SERVER")
     val scArgs5 = new ControlCliArguments(arg5)
-    assert(CtlUtils.getZkNamespace(scArgs5.command.conf, scArgs5.command.normalizedCliConfig) ==
-      s"/${namespace}_${KYUUBI_VERSION}_SERVER_SPARK_SQL/$user/default")
+    val expected5 = (s"/${namespace}_${KYUUBI_VERSION}_SERVER_SPARK_SQL/$user", None)
+    assert(CtlUtils.getZkEngineNamespaceAndSubdomain(
+      scArgs5.command.conf,
+      scArgs5.command.normalizedCliConfig) === expected5)
   }
 }

From 41e9505722ffe69a83fe43cce60cfbbb445e2a35 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Thu, 16 Mar 2023 10:12:44 +0800
Subject: [PATCH 174/760] [KYUUBI #4525][KSHC] Partitioning predicates should
 take effect to filter data

### _Why are the changes needed?_

This PR aims to close https://github.com/apache/kyuubi/issues/4525.

The root cause of this problem is that Apache Spark does predicate push-down in `V2ScanRelationPushDown`, but the spark-hive-connector does not apply push-down predicates for data filtering.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4528 from Yikf/KYUUBI-4525.

Closes #4525

a65a1873f [Yikf] Partitioning predicates should take effect to filter data

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../connector/hive/read/HiveScanBuilder.scala |  4 +++-
 .../spark/connector/hive/HiveQuerySuite.scala | 24 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScanBuilder.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScanBuilder.scala
index 8e90cc3ab..89836e712 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScanBuilder.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScanBuilder.scala
@@ -37,6 +37,8 @@ case class HiveScanBuilder(
       catalogTable = table,
       dataSchema = dataSchema,
       readDataSchema = readDataSchema(),
-      readPartitionSchema = readPartitionSchema())
+      readPartitionSchema = readPartitionSchema(),
+      partitionFilters = partitionFilters,
+      dataFilters = dataFilters)
   }
 }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
index e61325647..16ea03234 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
@@ -107,6 +107,30 @@ class HiveQuerySuite extends KyuubiHiveTest {
     }
   }
 
+  test("[KYUUBI #4525] Partitioning predicates should take effect to filter data") {
+    withSparkSession(Map("hive.exec.dynamic.partition.mode" -> "nonstrict")) { spark =>
+      val table = "hive.default.employee"
+      withTempPartitionedTable(spark, table) {
+        spark.sql(
+          s"""
+             | INSERT OVERWRITE
+             | $table
+             | VALUES("yi", "2022", "0808"),("yi", "2023", "0316")
+             |""".stripMargin).collect()
+
+        checkQueryResult(
+          s"select * from $table where year = '2022'",
+          spark,
+          Array(Row.apply("yi", "2022", "0808")))
+
+        checkQueryResult(
+          s"select * from $table where year = '2023'",
+          spark,
+          Array(Row.apply("yi", "2023", "0316")))
+      }
+    }
+  }
+
   test("Partitioned table insert and all static insert") {
     withSparkSession() { spark =>
       val table = "hive.default.employee"

From 25e7b225536b9584e466433c9b6a02a2ce558c0c Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Thu, 16 Mar 2023 12:58:41 +0800
Subject: [PATCH 175/760] [KYUUBI #4330] Non-temporary views do not resolve to
 a specific real table

close #4330

### _Why are the changes needed?_

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4503 from iodone/kyuubi-4330.

Closes #4330

d2c48e7a [odone] Instead of `optimizedPlan` with `analyzedPlan`
12614d19 [odone] add skip permenent view support

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/lineage.md      | 32 ++++++--
 ...erationLineageQueryExecutionListener.scala |  2 +-
 .../helper/SparkSQLLineageParseHelper.scala   | 18 ++++-
 .../spark/kyuubi/lineage/LineageConf.scala    | 31 ++++++++
 .../kyuubi/lineage/SparkContextHelper.scala   |  8 ++
 .../events/OperationLineageEventSuite.scala   | 40 ++++++++++
 .../SparkSQLLineageParserHelperSuite.scala    | 77 ++++++++++++++-----
 7 files changed, 177 insertions(+), 31 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala

diff --git a/docs/extensions/engines/spark/lineage.md b/docs/extensions/engines/spark/lineage.md
index 8f2f76c9f..0f4b0c458 100644
--- a/docs/extensions/engines/spark/lineage.md
+++ b/docs/extensions/engines/spark/lineage.md
@@ -168,13 +168,31 @@ Add `org.apache.kyuubi.plugin.lineage.SparkOperationLineageQueryExecutionListene
 spark.sql.queryExecutionListeners=org.apache.kyuubi.plugin.lineage.SparkOperationLineageQueryExecutionListener
 ```
 
-### Settings for Lineage Logger and Path
+### Optional configuration
 
-#### Lineage Logger Path
+#### Whether to Skip Permanent View Resolution
 
-The location of all the engine operation lineage events go for the builtin JSON logger.
-We first need set `kyuubi.engine.event.loggers` to `JSON`.
-All operation lineage events will be written in the unified event json logger path, which be setting with
-`kyuubi.engine.event.json.log.path`. We can get the lineage logger from the `operation_lineage` dir in the
-`kyuubi.engine.event.json.log.path`.
+If enabled, lineage resolution will stop at permanent views and treats them as physical tables. We need
+to add one configurations.
+
+```properties
+spark.kyuubi.plugin.lineage.skip.parsing.permanent.view.enabled=true
+```
+
+### Get Lineage Events from SparkListener
+
+All lineage events will be sent to the `SparkListenerBus`. To handle lineage events, a new `SparkListener` needs to be added.
+Example for Adding `SparkListener`:
+
+```scala
+spark.sparkContext.addSparkListener(new SparkListener {
+      override def onOtherEvent(event: SparkListenerEvent): Unit = {
+        event match {
+          case lineageEvent: OperationLineageEvent =>
+            // Your processing logic
+          case _ =>
+        }
+      }
+    })
+```
 
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala
index c27d2eb8b..01deb0a44 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala
@@ -28,7 +28,7 @@ class SparkOperationLineageQueryExecutionListener extends QueryExecutionListener
 
   override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
     val lineage =
-      SparkSQLLineageParseHelper(qe.sparkSession).transformToLineage(qe.id, qe.optimizedPlan)
+      SparkSQLLineageParseHelper(qe.sparkSession).transformToLineage(qe.id, qe.analyzed)
     val event = OperationLineageEvent(qe.id, System.currentTimeMillis(), lineage, None)
     SparkContextHelper.postEventToSparkListenerBus(event)
   }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index 1224da023..7106dfb8c 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -21,6 +21,7 @@ import scala.collection.immutable.ListMap
 import scala.util.{Failure, Success, Try}
 
 import org.apache.spark.internal.Logging
+import org.apache.spark.kyuubi.lineage.{LineageConf, SparkContextHelper}
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.TableIdentifier
 import org.apache.spark.sql.catalyst.analysis.{NamedRelation, PersistedView, ViewType}
@@ -324,6 +325,10 @@ trait LineageParser {
         }
         ListMap(targetColumnsWithTargetTable.zip(sourceColumnsLineage.values).toSeq: _*)
 
+      case p if p.nodeName == "WithCTE" =>
+        val optimized = sparkSession.sessionState.optimizer.execute(p)
+        extractColumnsLineage(optimized, parentColumnsLineage)
+
       // For query
       case p: Project =>
         val nextColumnsLineage =
@@ -360,6 +365,7 @@ trait LineageParser {
           }
         }
         p.children.map(extractColumnsLineage(_, nextColumnsLineage)).reduce(mergeColumnsLineage)
+
       case p: Join =>
         p.joinType match {
           case LeftSemi | LeftAnti =>
@@ -415,9 +421,15 @@ trait LineageParser {
         }
 
       case p: View =>
-        val viewColumnsLineage =
-          extractColumnsLineage(p.child, ListMap[Attribute, AttributeSet]())
-        mergeRelationColumnLineage(parentColumnsLineage, p.output, viewColumnsLineage)
+        if (!p.isTempView && SparkContextHelper.getConf(
+            LineageConf.SKIP_PARSING_PERMANENT_VIEW_ENABLED)) {
+          val viewName = p.desc.qualifiedName
+          joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(viewName))
+        } else {
+          val viewColumnsLineage =
+            extractColumnsLineage(p.child, ListMap[Attribute, AttributeSet]())
+          mergeRelationColumnLineage(parentColumnsLineage, p.output, viewColumnsLineage)
+        }
 
       case p: InMemoryRelation =>
         // get logical plan from cachedPlan
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
new file mode 100644
index 000000000..777e70121
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.kyuubi.lineage
+
+import org.apache.spark.internal.config.ConfigBuilder
+
+object LineageConf {
+
+  val SKIP_PARSING_PERMANENT_VIEW_ENABLED =
+    ConfigBuilder("spark.kyuubi.plugin.lineage.skip.parsing.permanent.view.enabled")
+      .doc("Whether to skip the lineage parsing of permanent views")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/SparkContextHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/SparkContextHelper.scala
index e6272364f..6e0f0e5c8 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/SparkContextHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/SparkContextHelper.scala
@@ -18,6 +18,7 @@
 package org.apache.spark.kyuubi.lineage
 
 import org.apache.spark.SparkContext
+import org.apache.spark.internal.config.ConfigEntry
 import org.apache.spark.scheduler.SparkListenerEvent
 import org.apache.spark.sql.SparkSession
 
@@ -31,4 +32,11 @@ object SparkContextHelper {
     sc.listenerBus.post(event)
   }
 
+  def getConf[T](entry: ConfigEntry[T]): T = {
+    globalSparkContext.getConf.get(entry)
+  }
+
+  def setConf[T](entry: ConfigEntry[T], value: T): Unit = {
+    globalSparkContext.conf.set(entry, value)
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
index 6eeebbd3c..1057bd74e 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
@@ -19,7 +19,10 @@ package org.apache.kyuubi.plugin.lineage.events
 
 import java.util.concurrent.{CountDownLatch, TimeUnit}
 
+import scala.collection.immutable.List
+
 import org.apache.spark.SparkConf
+import org.apache.spark.kyuubi.lineage.LineageConf.SKIP_PARSING_PERMANENT_VIEW_ENABLED
 import org.apache.spark.scheduler.{SparkListener, SparkListenerEvent}
 import org.apache.spark.sql.SparkListenerExtensionTest
 
@@ -40,6 +43,7 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
       .set(
         "spark.sql.queryExecutionListeners",
         "org.apache.kyuubi.plugin.lineage.SparkOperationLineageQueryExecutionListener")
+      .set(SKIP_PARSING_PERMANENT_VIEW_ENABLED.key, "true")
   }
 
   test("operation lineage event capture: for execute sql") {
@@ -116,4 +120,40 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
     }
   }
 
+  test("test for skip parsing permanent view") {
+    val countDownLatch = new CountDownLatch(1)
+    var actual: Lineage = null
+    spark.sparkContext.addSparkListener(new SparkListener {
+      override def onOtherEvent(event: SparkListenerEvent): Unit = {
+        event match {
+          case lineageEvent: OperationLineageEvent =>
+            lineageEvent.lineage.foreach {
+              case lineage if lineage.inputTables.nonEmpty && lineage.outputTables.isEmpty =>
+                actual = lineage
+                countDownLatch.countDown()
+            }
+          case _ =>
+        }
+      }
+    })
+
+    withTable("t1") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
+      spark.sql("CREATE VIEW t2 as select * from t1")
+      spark.sql(
+        s"select a as k, b" +
+          s" from t2" +
+          s" where a in ('HELLO') and c = 'HELLO'").collect()
+
+      val expected = Lineage(
+        List("default.t2"),
+        List(),
+        List(
+          ("k", Set("default.t2.a")),
+          ("b", Set("default.t2.b"))))
+      countDownLatch.await(20, TimeUnit.SECONDS)
+      assert(actual == expected)
+    }
+  }
+
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index 6180980c8..ed61a1b5f 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -21,6 +21,7 @@ import scala.collection.immutable.List
 import scala.reflect.io.File
 
 import org.apache.spark.SparkConf
+import org.apache.spark.kyuubi.lineage.{LineageConf, SparkContextHelper}
 import org.apache.spark.sql.{DataFrame, SparkListenerExtensionTest, SparkSession, SQLContext}
 import org.apache.spark.sql.catalyst.TableIdentifier
 import org.apache.spark.sql.catalyst.catalog.{CatalogStorageFormat, CatalogTable, CatalogTableType}
@@ -932,8 +933,8 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       df0.cache()
       val df1 = spark.sql("select a, b from table1")
       val df = df0.join(df1).select(df0("a0").alias("aa"), df1("b").alias("bb"))
-      val optimized = df.queryExecution.optimizedPlan
-      val ret1 = SparkSQLLineageParseHelper(spark).transformToLineage(0, optimized).get
+      val analyzed = df.queryExecution.analyzed
+      val ret1 = SparkSQLLineageParseHelper(spark).transformToLineage(0, analyzed).get
       assert(ret1 == Lineage(
         List("default.table0", "default.table1"),
         List(),
@@ -1091,6 +1092,19 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         List(
           ("aa", Set("default.table1.a", "default.table0.a")),
           ("bb", Set("default.table1.b")))))
+
+      val sql11 =
+        """
+          |select tmp.a, b from (select * from table1) tmp;
+          |""".stripMargin
+
+      val ret11 = exectractLineage(sql11)
+      assert(ret11 == Lineage(
+        List("default.table1"),
+        List(),
+        List(
+          ("a", Set("default.table1.a")),
+          ("b", Set("default.table1.b")))))
     }
   }
 
@@ -1162,7 +1176,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
-  test("test catch table with window function") {
+  test("test cache table with window function") {
     withTable("t1", "t2") { _ =>
       spark.sql("CREATE TABLE t1 (a string, b string) USING hive")
       spark.sql("CREATE TABLE t2 (a string, b string) USING hive")
@@ -1233,19 +1247,43 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   test("test create view from view") {
     withTable("t1") { _ =>
       spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
-      spark.sql("CREATE VIEW t2 as select * from t1")
-      val ret0 =
-        exectractLineage(
-          s"create or replace view view_tst comment 'view'" +
-            s" as select a as k,b" +
-            s" from t2" +
-            s" where a in ('HELLO') and c = 'HELLO'")
-      assert(ret0 == Lineage(
-        List("default.t1"),
-        List("default.view_tst"),
-        List(
-          ("default.view_tst.k", Set("default.t1.a")),
-          ("default.view_tst.b", Set("default.t1.b")))))
+      withView("t2") { _ =>
+        spark.sql("CREATE VIEW t2 as select * from t1")
+        val ret0 =
+          exectractLineage(
+            s"create or replace view view_tst comment 'view'" +
+              s" as select a as k,b" +
+              s" from t2" +
+              s" where a in ('HELLO') and c = 'HELLO'")
+        assert(ret0 == Lineage(
+          List("default.t1"),
+          List("default.view_tst"),
+          List(
+            ("default.view_tst.k", Set("default.t1.a")),
+            ("default.view_tst.b", Set("default.t1.b")))))
+      }
+    }
+  }
+
+  test("test for skip parsing permanent view") {
+    withTable("t1") { _ =>
+      SparkContextHelper.setConf(LineageConf.SKIP_PARSING_PERMANENT_VIEW_ENABLED, true)
+      spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
+      withView("t2") { _ =>
+        spark.sql("CREATE VIEW t2 as select * from t1")
+        val ret0 =
+          exectractLineage(
+            s"select a as k, b" +
+              s" from t2" +
+              s" where a in ('HELLO') and c = 'HELLO'")
+
+        assert(ret0 == Lineage(
+          List("default.t2"),
+          List(),
+          List(
+            ("k", Set("default.t2.a")),
+            ("b", Set("default.t2.b")))))
+      }
     }
   }
 
@@ -1253,15 +1291,14 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)
     spark.sessionState.analyzer.checkAnalysis(analyzed)
-    val optimized = spark.sessionState.optimizer.execute(analyzed)
-    SparkSQLLineageParseHelper(spark).transformToLineage(0, optimized).get
+    SparkSQLLineageParseHelper(spark).transformToLineage(0, analyzed).get
   }
 
   private def exectractLineage(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val qe = spark.sessionState.executePlan(parsed)
-    val optimized = qe.optimizedPlan
-    SparkSQLLineageParseHelper(spark).transformToLineage(0, optimized).get
+    val analyzed = qe.analyzed
+    SparkSQLLineageParseHelper(spark).transformToLineage(0, analyzed).get
   }
 
 }

From 709899f8666a4cf23a3b504f288a031b0fddfd17 Mon Sep 17 00:00:00 2001
From: Yikf <yikaifei@apache.org>
Date: Thu, 16 Mar 2023 14:26:20 +0800
Subject: [PATCH 176/760] [KYUUBI #4532] [AUTHZ] Displays the columns involved
 in extracting the aggregation operator

### _Why are the changes needed?_

This PR aims to display the columns involved in extracting the aggregation operator.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4532 from Yikf/agg-authZ.

Closes #4532

6a3468f11 [Yikf] Displays the columns involved in extracting the aggregation operator

Authored-by: Yikf <yikaifei@apache.org>
Signed-off-by: Yikf <yikaifei@apache.org>
---
 .../spark/authz/PrivilegesBuilder.scala       |  6 +++
 .../spark/authz/PrivilegesBuilderSuite.scala  | 42 +++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 51f5694e1..b8220ea27 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -95,6 +95,12 @@ object PrivilegesBuilder {
         val cols = conditionList ++ sortCols
         buildQuery(s.child, privilegeObjects, projectionList, cols, spark)
 
+      case a: Aggregate =>
+        val aggCols =
+          (a.aggregateExpressions ++ a.groupingExpressions).flatMap(e => collectLeaves(e))
+        val cols = conditionList ++ aggCols
+        buildQuery(a.child, privilegeObjects, projectionList, cols, spark)
+
       case scan if isKnownScan(scan) && scan.resolved =>
         getScanSpec(scan).tables(scan, spark).foreach(mergeProjection(_, scan))
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index b014aaaca..439290917 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -1645,6 +1645,48 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.CREATE)
   }
+
+  test("KYUUBI #4532: Displays the columns involved in extracting the aggregation operator") {
+    // case1: There is no project operator involving all columns.
+    val plan1 = sql(s"SELECT COUNT(key), MAX(value) FROM $reusedPartTable GROUP BY pid")
+      .queryExecution.optimizedPlan
+    val (in1, out1, _) = PrivilegesBuilder.build(plan1, spark)
+    assert(in1.size === 1)
+    assert(out1.isEmpty)
+    val pi1 = in1.head
+    assert(pi1.columns.size === 3)
+    assert(pi1.columns === Seq("key", "value", "pid"))
+
+    // case2: Some columns are involved, and the group column is not selected.
+    val plan2 = sql(s"SELECT COUNT(key) FROM $reusedPartTable GROUP BY pid")
+      .queryExecution.optimizedPlan
+    val (in2, out2, _) = PrivilegesBuilder.build(plan2, spark)
+    assert(in2.size === 1)
+    assert(out2.isEmpty)
+    val pi2 = in2.head
+    assert(pi2.columns.size === 2)
+    assert(pi2.columns === Seq("key", "pid"))
+
+    // case3: Some columns are involved, and the group column is selected.
+    val plan3 = sql(s"SELECT COUNT(key), pid FROM $reusedPartTable GROUP BY pid")
+      .queryExecution.optimizedPlan
+    val (in3, out3, _) = PrivilegesBuilder.build(plan3, spark)
+    assert(in3.size === 1)
+    assert(out3.isEmpty)
+    val pi3 = in3.head
+    assert(pi3.columns.size === 2)
+    assert(pi3.columns === Seq("key", "pid"))
+
+    // case4: HAVING & GROUP clause
+    val plan4 = sql(s"SELECT COUNT(key) FROM $reusedPartTable GROUP BY pid HAVING MAX(key) > 1000")
+      .queryExecution.optimizedPlan
+    val (in4, out4, _) = PrivilegesBuilder.build(plan4, spark)
+    assert(in4.size === 1)
+    assert(out4.isEmpty)
+    val pi4 = in4.head
+    assert(pi4.columns.size === 2)
+    assert(pi4.columns === Seq("key", "pid"))
+  }
 }
 
 case class SimpleInsert(userSpecifiedSchema: StructType)(@transient val sparkSession: SparkSession)

From 47376c9ff2a24218ce0de6dde792581e59e8c6dc Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 16 Mar 2023 17:04:02 +0800
Subject: [PATCH 177/760] [KYUUBI #3739][FOLLOWUP][REST] Remove unused
 parameters in SessionsResource rest docs

### _Why are the changes needed?_

as title.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4521 from turboFei/rest_docs.

Closes #3739

589237ca6 [fwang12] save
8e7d9bec6 [fwang12] final
35b67ba1e [fwang12] doc
40163311f [fwang12] save
5711d3d72 [fwang12] fix
bab07902f [fwang12] fix ut
d58c2753a [fwang12] save
989eaffd5 [fwang12] remove
2960602bc [fwang12] remove outdate docs

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/client/rest/rest_api.md                  | 10 ++-----
 docs/deployment/migration-guide.md            |  6 +++-
 .../client/api/v1/dto/SessionOpenRequest.java | 17 ++---------
 .../server/api/v1/SessionsResource.scala      |  6 +++-
 .../KyuubiRestAuthenticationSuite.scala       |  9 ++----
 .../server/api/v1/AdminResourceSuite.scala    |  4 +--
 .../server/api/v1/SessionsResourceSuite.scala | 30 +++++++------------
 7 files changed, 30 insertions(+), 52 deletions(-)

diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index 59e2d8535..c622c401e 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -89,13 +89,9 @@ Create a session
 
 #### Request Parameters
 
-| Name            | Description                              | Type   |
-|:----------------|:-----------------------------------------|:-------|
-| protocolVersion | The protocol version of Hive CLI service | Int    |
-| user            | The user name                            | String |
-| password        | The user password                        | String |
-| ipAddr          | The user client IP address               | String |
-| configs         | The configuration of the session         | Map    |
+| Name    | Description                      | Type |
+|:--------|:---------------------------------|:-----|
+| configs | The configuration of the session | Map  |
 
 #### Response Body
 
diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index 42905340e..2ebf16ac4 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -17,6 +17,10 @@
 
 # Kyuubi Migration Guide
 
+## Upgrading from Kyuubi 1.7.0 to 1.7.1
+
+* Since Kyuubi 1.7.1, `protocolVersion` is removed from the request parameters of the REST API `Open(create) a session`. All removed or unknown parameters will be silently ignored and affects nothing.
+
 ## Upgrading from Kyuubi 1.6 to 1.7
 
 * In Kyuubi 1.7, `kyuubi.ha.zookeeper.engine.auth.type` does not fallback to `kyuubi.ha.zookeeper.auth.type`.  
@@ -24,7 +28,7 @@
 * Since Kyuubi 1.7, Kyuubi returns engine's information for `GetInfo` request instead of server. To restore the previous behavior, set `kyuubi.server.info.provider` to `SERVER`.
 * Since Kyuubi 1.7, Kyuubi session type `SQL` is refactored to `INTERACTIVE`, because Kyuubi supports not only `SQL` session, but also `SCALA` and `PYTHON` sessions.
   User need to use `INTERACTIVE` sessionType to look up the session event.
-* Since Kyuubi 1.7, the REST API of `Open(create) a session` will not contains parameters `user` `password` and `IpAddr`. User and password should be set in `Authorization` of http request if needed.
+* Since Kyuubi 1.7, the REST API of `Open(create) a session` will not contain parameters `user` `password` and `IpAddr`. User and password should be set in `Authorization` of http request if needed.
 
 ## Upgrading from Kyuubi 1.6.0 to 1.6.1
 
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionOpenRequest.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionOpenRequest.java
index 2d23aac57..06eb29e97 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionOpenRequest.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/SessionOpenRequest.java
@@ -24,24 +24,14 @@
 import org.apache.commons.lang3.builder.ToStringStyle;
 
 public class SessionOpenRequest {
-  private int protocolVersion;
   private Map<String, String> configs;
 
   public SessionOpenRequest() {}
 
-  public SessionOpenRequest(int protocolVersion, Map<String, String> configs) {
-    this.protocolVersion = protocolVersion;
+  public SessionOpenRequest(Map<String, String> configs) {
     this.configs = configs;
   }
 
-  public int getProtocolVersion() {
-    return protocolVersion;
-  }
-
-  public void setProtocolVersion(int protocolVersion) {
-    this.protocolVersion = protocolVersion;
-  }
-
   public Map<String, String> getConfigs() {
     if (null == configs) {
       return Collections.emptyMap();
@@ -58,13 +48,12 @@ public boolean equals(Object o) {
     if (this == o) return true;
     if (o == null || getClass() != o.getClass()) return false;
     SessionOpenRequest that = (SessionOpenRequest) o;
-    return getProtocolVersion() == that.getProtocolVersion()
-        && Objects.equals(getConfigs(), that.getConfigs());
+    return Objects.equals(getConfigs(), that.getConfigs());
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(getProtocolVersion(), getConfigs());
+    return Objects.hash(getConfigs());
   }
 
   @Override
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index 600ac3c87..253c738c4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -137,7 +137,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     val userName = fe.getSessionUser(request.getConfigs.asScala.toMap)
     val ipAddress = fe.getIpAddress
     val handle = fe.be.openSession(
-      TProtocolVersion.findByValue(request.getProtocolVersion),
+      SessionsResource.SESSION_PROTOCOL_VERSION,
       userName,
       "",
       ipAddress,
@@ -398,3 +398,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     }
   }
 }
+
+object SessionsResource {
+  final val SESSION_PROTOCOL_VERSION = TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V1
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
index 64707ce01..61de82251 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
@@ -25,7 +25,6 @@ import javax.ws.rs.core.MediaType
 import scala.collection.JavaConverters._
 
 import org.apache.hadoop.security.UserGroupInformation
-import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.RestClientTestHelper
 import org.apache.kyuubi.client.api.v1.dto.{SessionHandle, SessionOpenCount, SessionOpenRequest}
@@ -129,11 +128,9 @@ class KyuubiRestAuthenticationSuite extends RestClientTestHelper {
     val proxyUser = "user1"
     UserGroupInformation.loginUserFromKeytab(testPrincipal, testKeytab)
     var token = generateToken(hostName)
-    val sessionOpenRequest = new SessionOpenRequest(
-      TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11.getValue,
-      Map(
-        KyuubiConf.ENGINE_SHARE_LEVEL.key -> "CONNECTION",
-        "hive.server2.proxy.user" -> proxyUser).asJava)
+    val sessionOpenRequest = new SessionOpenRequest(Map(
+      KyuubiConf.ENGINE_SHARE_LEVEL.key -> "CONNECTION",
+      "hive.server2.proxy.user" -> proxyUser).asJava)
 
     var response = webTarget.path("api/v1/sessions")
       .request()
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 0e0a2415a..0e2eb1094 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -129,9 +129,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   }
 
   test("list/close sessions") {
-    val requestObj = new SessionOpenRequest(
-      1,
-      Map("testConfig" -> "testValue").asJava)
+    val requestObj = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
 
     var response = webTarget.path("api/v1/sessions")
       .request(MediaType.APPLICATION_JSON_TYPE)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
index dcd4d5904..7e5eb5247 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
@@ -48,9 +48,7 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   }
 
   test("open/close and count session") {
-    val requestObj = new SessionOpenRequest(
-      1,
-      Map("testConfig" -> "testValue").asJava)
+    val requestObj = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
 
     var response = webTarget.path("api/v1/sessions")
       .request(MediaType.APPLICATION_JSON_TYPE)
@@ -81,9 +79,7 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   }
 
   test("getSessionList") {
-    val requestObj = new SessionOpenRequest(
-      1,
-      Map("testConfig" -> "testValue").asJava)
+    val requestObj = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
 
     var response = webTarget.path("api/v1/sessions")
       .request(MediaType.APPLICATION_JSON_TYPE)
@@ -109,9 +105,7 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   }
 
   test("get session event") {
-    val sessionOpenRequest = new SessionOpenRequest(
-      1,
-      Map("testConfig" -> "testValue").asJava)
+    val sessionOpenRequest = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
 
     val user = "kyuubi".getBytes()
 
@@ -147,9 +141,9 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     val failedConnections =
       MetricsSystem.counterValue(MetricsConstants.REST_CONN_FAIL).getOrElse(0L)
 
-    val requestObj = new SessionOpenRequest(
-      1,
-      Map("testConfig" -> "testValue", KyuubiConf.SERVER_INFO_PROVIDER.key -> "SERVER").asJava)
+    val requestObj = new SessionOpenRequest(Map(
+      "testConfig" -> "testValue",
+      KyuubiConf.SERVER_INFO_PROVIDER.key -> "SERVER").asJava)
 
     var response: Response = webTarget.path("api/v1/sessions")
       .request(MediaType.APPLICATION_JSON_TYPE)
@@ -188,9 +182,7 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   }
 
   test("submit operation and get operation handle") {
-    val requestObj = new SessionOpenRequest(
-      1,
-      Map("testConfig" -> "testValue").asJava)
+    val requestObj = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
 
     var response: Response = webTarget.path("api/v1/sessions")
       .request(MediaType.APPLICATION_JSON_TYPE)
@@ -280,11 +272,9 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   }
 
   test("post session exception if failed to open engine session") {
-    val requestObj = new SessionOpenRequest(
-      1,
-      Map(
-        "spark.master" -> "invalid",
-        KyuubiConf.ENGINE_SHARE_LEVEL.key -> ShareLevel.CONNECTION.toString).asJava)
+    val requestObj = new SessionOpenRequest(Map(
+      "spark.master" -> "invalid",
+      KyuubiConf.ENGINE_SHARE_LEVEL.key -> ShareLevel.CONNECTION.toString).asJava)
 
     var response = webTarget.path("api/v1/sessions")
       .request(MediaType.APPLICATION_JSON_TYPE)

From 427df68312b4a38b59541546ee73d876e43438be Mon Sep 17 00:00:00 2001
From: maruilei <maruilei@58.com>
Date: Thu, 16 Mar 2023 18:15:32 +0800
Subject: [PATCH 178/760] [KYUUBI #4526][FOLLOWUP] Defer evaluation for
 GroupProvider

### _Why are the changes needed?_

As described in the discussion: https://github.com/apache/kyuubi/discussions/4512

Since the pr https://github.com/apache/kyuubi/pull/3897 , we introduced the feature of `Supplying pluggable GroupProvider`.

But now when we create a new EngineRef, no matter which engine share level is used, getGroupNames will always be called.

This may cause users to encounter some confusion stack trace when they do not use the GROUP engine share level.

So we solve the problem through moving the `sessionManager.groupProvider.primaryGroup` to the inside of `EngineRef.appUser`, to ensure that the feature of `Supplying pluggable GroupProvider` is only valid for the GROUP engine share level.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4527 from merrily01/branch-1.7-groupProvider.

Closes #4526

0a858a921 [maruilei] Address comments.
c63a0f97b [maruilei] [KYUUBI #4526][FOLLOWUP] Ensure that the feature of `Supplying pluggable GroupProvider` is only valid for the GROUP engine share level.

Authored-by: maruilei <maruilei@58.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/EngineRef.scala  |  6 +-
 .../kyuubi/session/KyuubiSessionImpl.scala    |  2 +-
 .../apache/kyuubi/engine/EngineRefTests.scala | 67 +++++++++++++------
 .../engine/EngineRefWithZookeeperSuite.scala  | 17 ++++-
 .../server/api/v1/AdminResourceSuite.scala    | 22 ++++--
 .../server/rest/client/AdminCtlSuite.scala    |  5 +-
 .../rest/client/AdminRestApiSuite.scala       |  4 +-
 7 files changed, 90 insertions(+), 33 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 1f38ea3c2..e2ddb4221 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.engine
 
 import java.util.concurrent.TimeUnit
 
+import scala.collection.JavaConverters._
 import scala.util.Random
 
 import com.codahale.metrics.MetricRegistry
@@ -40,6 +41,7 @@ import org.apache.kyuubi.ha.client.{DiscoveryClient, DiscoveryClientProvider, Di
 import org.apache.kyuubi.metrics.MetricsConstants.{ENGINE_FAIL, ENGINE_TIMEOUT, ENGINE_TOTAL}
 import org.apache.kyuubi.metrics.MetricsSystem
 import org.apache.kyuubi.operation.log.OperationLog
+import org.apache.kyuubi.plugin.GroupProvider
 
 /**
  * The description and functionality of an engine at server side
@@ -51,7 +53,7 @@ import org.apache.kyuubi.operation.log.OperationLog
 private[kyuubi] class EngineRef(
     conf: KyuubiConf,
     user: String,
-    primaryGroup: String,
+    groupProvider: GroupProvider,
     engineRefId: String,
     engineManager: KyuubiApplicationManager)
   extends Logging {
@@ -85,7 +87,7 @@ private[kyuubi] class EngineRef(
   // Launcher of the engine
   private[kyuubi] val appUser: String = shareLevel match {
     case SERVER => Utils.currentUser
-    case GROUP => primaryGroup
+    case GROUP => groupProvider.primaryGroup(user, conf.getAll.asJava)
     case _ => user
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index e4203b301..80df5c44d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -77,7 +77,7 @@ class KyuubiSessionImpl(
   lazy val engine: EngineRef = new EngineRef(
     sessionConf,
     user,
-    sessionManager.groupProvider.primaryGroup(user, optimizedConf.asJava),
+    sessionManager.groupProvider,
     handle.identifier.toString,
     sessionManager.applicationManager)
   private[kyuubi] val launchEngineOp = sessionManager.operationManager
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
index 5ca8723f5..8b050684a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
@@ -20,6 +20,8 @@ package org.apache.kyuubi.engine
 import java.util.UUID
 import java.util.concurrent.Executors
 
+import scala.collection.JavaConverters._
+
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
@@ -33,6 +35,7 @@ import org.apache.kyuubi.ha.client.DiscoveryClientProvider
 import org.apache.kyuubi.ha.client.DiscoveryPaths
 import org.apache.kyuubi.metrics.MetricsConstants.ENGINE_TOTAL
 import org.apache.kyuubi.metrics.MetricsSystem
+import org.apache.kyuubi.plugin.PluginLoader
 import org.apache.kyuubi.util.NamedThreadFactory
 
 trait EngineRefTests extends KyuubiFunSuite {
@@ -68,7 +71,9 @@ trait EngineRefTests extends KyuubiFunSuite {
     Seq(None, Some("suffix")).foreach { domain =>
       conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, CONNECTION.toString)
       domain.foreach(conf.set(KyuubiConf.ENGINE_SHARE_LEVEL_SUBDOMAIN.key, _))
-      val engine = new EngineRef(conf, user, "grp", id, null)
+      conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+      val engine = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
       assert(engine.engineSpace ===
         DiscoveryPaths.makePath(
           s"kyuubi_${KYUUBI_VERSION}_${CONNECTION}_${engineType}",
@@ -82,7 +87,9 @@ trait EngineRefTests extends KyuubiFunSuite {
     val id = UUID.randomUUID().toString
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, USER.toString)
     conf.set(KyuubiConf.ENGINE_TYPE, FLINK_SQL.toString)
-    val appName = new EngineRef(conf, user, "grp", id, null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val appName = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(appName.engineSpace ===
       DiscoveryPaths.makePath(
         s"kyuubi_${KYUUBI_VERSION}_${USER}_$FLINK_SQL",
@@ -94,7 +101,7 @@ trait EngineRefTests extends KyuubiFunSuite {
       k =>
         conf.unset(KyuubiConf.ENGINE_SHARE_LEVEL_SUBDOMAIN)
         conf.set(k.key, "abc")
-        val appName2 = new EngineRef(conf, user, "grp", id, null)
+        val appName2 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
         assert(appName2.engineSpace ===
           DiscoveryPaths.makePath(
             s"kyuubi_${KYUUBI_VERSION}_${USER}_${FLINK_SQL}",
@@ -108,8 +115,12 @@ trait EngineRefTests extends KyuubiFunSuite {
     val id = UUID.randomUUID().toString
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, GROUP.toString)
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
-    val primaryGroupName = "primary_grp"
-    val engineRef = new EngineRef(conf, user, primaryGroupName, id, null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val primaryGroupName =
+      PluginLoader.loadGroupProvider(conf).primaryGroup(user, Map.empty[String, String].asJava)
+
+    val engineRef = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engineRef.engineSpace ===
       DiscoveryPaths.makePath(
         s"kyuubi_${KYUUBI_VERSION}_GROUP_SPARK_SQL",
@@ -122,7 +133,7 @@ trait EngineRefTests extends KyuubiFunSuite {
       k =>
         conf.unset(k)
         conf.set(k.key, "abc")
-        val engineRef2 = new EngineRef(conf, user, primaryGroupName, id, null)
+        val engineRef2 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
         assert(engineRef2.engineSpace ===
           DiscoveryPaths.makePath(
             s"kyuubi_${KYUUBI_VERSION}_${GROUP}_${SPARK_SQL}",
@@ -137,7 +148,9 @@ trait EngineRefTests extends KyuubiFunSuite {
     val id = UUID.randomUUID().toString
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, SERVER.toString)
     conf.set(KyuubiConf.ENGINE_TYPE, FLINK_SQL.toString)
-    val appName = new EngineRef(conf, user, "grp", id, null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val appName = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(appName.engineSpace ===
       DiscoveryPaths.makePath(
         s"kyuubi_${KYUUBI_VERSION}_${SERVER}_${FLINK_SQL}",
@@ -146,7 +159,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     assert(appName.defaultEngineName === s"kyuubi_${SERVER}_${FLINK_SQL}_${user}_default_$id")
 
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL_SUBDOMAIN.key, "abc")
-    val appName2 = new EngineRef(conf, user, "grp", id, null)
+    val appName2 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(appName2.engineSpace ===
       DiscoveryPaths.makePath(
         s"kyuubi_${KYUUBI_VERSION}_${SERVER}_${FLINK_SQL}",
@@ -161,31 +174,33 @@ trait EngineRefTests extends KyuubiFunSuite {
     // set subdomain and disable engine pool
     conf.set(ENGINE_SHARE_LEVEL_SUBDOMAIN.key, "abc")
     conf.set(ENGINE_POOL_SIZE, -1)
-    val engine1 = new EngineRef(conf, user, "grp", id, null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine1 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine1.subdomain === "abc")
 
     // unset subdomain and disable engine pool
     conf.unset(ENGINE_SHARE_LEVEL_SUBDOMAIN)
     conf.set(ENGINE_POOL_SIZE, -1)
-    val engine2 = new EngineRef(conf, user, "grp", id, null)
+    val engine2 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine2.subdomain === "default")
 
     // set subdomain and 1 <= engine pool size < threshold
     conf.set(ENGINE_SHARE_LEVEL_SUBDOMAIN.key, "abc")
     conf.set(ENGINE_POOL_SIZE, 1)
-    val engine3 = new EngineRef(conf, user, "grp", id, null)
+    val engine3 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine3.subdomain === "abc")
 
     // unset subdomain and 1 <= engine pool size < threshold
     conf.unset(ENGINE_SHARE_LEVEL_SUBDOMAIN)
     conf.set(ENGINE_POOL_SIZE, 3)
-    val engine4 = new EngineRef(conf, user, "grp", id, null)
+    val engine4 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine4.subdomain.startsWith("engine-pool-"))
 
     // unset subdomain and engine pool size > threshold
     conf.unset(ENGINE_SHARE_LEVEL_SUBDOMAIN)
     conf.set(ENGINE_POOL_SIZE, 100)
-    val engine5 = new EngineRef(conf, user, "grp", id, null)
+    val engine5 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     val engineNumber = Integer.parseInt(engine5.subdomain.substring(12))
     val threshold = ENGINE_POOL_SIZE_THRESHOLD.defaultVal.get
     assert(engineNumber <= threshold)
@@ -195,7 +210,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     val enginePoolName = "test-pool"
     conf.set(ENGINE_POOL_NAME, enginePoolName)
     conf.set(ENGINE_POOL_SIZE, 3)
-    val engine6 = new EngineRef(conf, user, "grp", id, null)
+    val engine6 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine6.subdomain.startsWith(s"$enginePoolName-"))
 
     conf.unset(ENGINE_SHARE_LEVEL_SUBDOMAIN)
@@ -206,7 +221,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     conf.set(HighAvailabilityConf.HA_ADDRESSES, getConnectString())
     conf.set(ENGINE_POOL_SELECT_POLICY, "POLLING")
     (0 until (10)).foreach { i =>
-      val engine7 = new EngineRef(conf, user, "grp", id, null)
+      val engine7 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
       val engineNumber = Integer.parseInt(engine7.subdomain.substring(pool_name.length + 1))
       assert(engineNumber == (i % conf.get(ENGINE_POOL_SIZE)))
     }
@@ -219,7 +234,9 @@ trait EngineRefTests extends KyuubiFunSuite {
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "engine_test")
     conf.set(HighAvailabilityConf.HA_ADDRESSES, getConnectString())
-    val engine = new EngineRef(conf, user, id, "grp", null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
 
     var port1 = 0
     var port2 = 0
@@ -261,6 +278,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     conf.set(KyuubiConf.ENGINE_INIT_TIMEOUT, 3000L)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "engine_test2")
     conf.set(HighAvailabilityConf.HA_ADDRESSES, getConnectString())
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val beforeEngines = MetricsSystem.counterValue(ENGINE_TOTAL).getOrElse(0L)
     val start = System.currentTimeMillis()
@@ -272,7 +290,12 @@ trait EngineRefTests extends KyuubiFunSuite {
         executor.execute(() => {
           DiscoveryClientProvider.withDiscoveryClient(cloned) { client =>
             try {
-              new EngineRef(cloned, user, "grp", id, null).getOrCreate(client)
+              new EngineRef(
+                cloned,
+                user,
+                PluginLoader.loadGroupProvider(conf),
+                id,
+                null).getOrCreate(client)
             } finally {
               times(i) = System.currentTimeMillis()
             }
@@ -300,20 +323,22 @@ trait EngineRefTests extends KyuubiFunSuite {
     conf.set(ENGINE_SHARE_LEVEL_SUBDOMAIN.key, "abc")
     conf.set(ENGINE_POOL_IGNORE_SUBDOMAIN, false)
     conf.set(ENGINE_POOL_SIZE, -1)
-    val engine1 = new EngineRef(conf, user, "grp", id, null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine1 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine1.subdomain === "abc")
 
     conf.set(ENGINE_POOL_SIZE, 1)
-    val engine2 = new EngineRef(conf, user, "grp", id, null)
+    val engine2 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine2.subdomain === "abc")
 
     conf.unset(ENGINE_SHARE_LEVEL_SUBDOMAIN)
-    val engine3 = new EngineRef(conf, user, "grp", id, null)
+    val engine3 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine3.subdomain.startsWith("engine-pool-"))
 
     conf.set(ENGINE_SHARE_LEVEL_SUBDOMAIN.key, "abc")
     conf.set(ENGINE_POOL_IGNORE_SUBDOMAIN, true)
-    val engine4 = new EngineRef(conf, user, "grp", id, null)
+    val engine4 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
     assert(engine4.subdomain.startsWith("engine-pool-"))
   }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefWithZookeeperSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefWithZookeeperSuite.scala
index 8695e13c4..40fc81870 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefWithZookeeperSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefWithZookeeperSuite.scala
@@ -29,6 +29,7 @@ import org.apache.kyuubi.engine.EngineType.SPARK_SQL
 import org.apache.kyuubi.engine.ShareLevel.USER
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider
+import org.apache.kyuubi.plugin.PluginLoader
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 import org.apache.kyuubi.zookeeper.ZookeeperConf
 
@@ -62,6 +63,8 @@ class EngineRefWithZookeeperSuite extends EngineRefTests {
     conf.set(KyuubiConf.ENGINE_INIT_TIMEOUT, 3000L)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "engine_test1")
     conf.set(HighAvailabilityConf.HA_ADDRESSES, getConnectString())
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
     val conf1 = conf.clone
     conf1.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     val conf2 = conf.clone
@@ -74,7 +77,12 @@ class EngineRefWithZookeeperSuite extends EngineRefTests {
       executor.execute(() => {
         DiscoveryClientProvider.withDiscoveryClient(conf1) { client =>
           try {
-            new EngineRef(conf1, user, "grp", UUID.randomUUID().toString, null)
+            new EngineRef(
+              conf1,
+              user,
+              PluginLoader.loadGroupProvider(conf),
+              UUID.randomUUID().toString,
+              null)
               .getOrCreate(client)
           } finally {
             times(0) = System.currentTimeMillis()
@@ -84,7 +92,12 @@ class EngineRefWithZookeeperSuite extends EngineRefTests {
       executor.execute(() => {
         DiscoveryClientProvider.withDiscoveryClient(conf2) { client =>
           try {
-            new EngineRef(conf2, user, "grp", UUID.randomUUID().toString, null)
+            new EngineRef(
+              conf2,
+              user,
+              PluginLoader.loadGroupProvider(conf),
+              UUID.randomUUID().toString,
+              null)
               .getOrCreate(client)
           } finally {
             times(1) = System.currentTimeMillis()
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 0e2eb1094..e7281dc5a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -36,6 +36,7 @@ import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, USER}
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.DiscoveryPaths
+import org.apache.kyuubi.plugin.PluginLoader
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 
 class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
@@ -275,7 +276,10 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
-    val engine = new EngineRef(conf.clone, Utils.currentUser, "grp", id, null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
 
     val engineSpace = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_USER_SPARK_SQL",
@@ -320,9 +324,11 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val id = UUID.randomUUID().toString
-    val engine = new EngineRef(conf.clone, Utils.currentUser, "grp", id, null)
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
     val engineSpace = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
       Utils.currentUser,
@@ -358,7 +364,10 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
-    val engine = new EngineRef(conf.clone, Utils.currentUser, id, "grp", null)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
 
     val engineSpace = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_USER_SPARK_SQL",
@@ -403,6 +412,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val engineSpace = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
@@ -410,14 +420,16 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       "")
 
     val id1 = UUID.randomUUID().toString
-    val engine1 = new EngineRef(conf.clone, Utils.currentUser, "grp", id1, null)
+    val engine1 =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id1, null)
     val engineSpace1 = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
       Utils.currentUser,
       id1)
 
     val id2 = UUID.randomUUID().toString
-    val engine2 = new EngineRef(conf.clone, Utils.currentUser, "grp", id2, null)
+    val engine2 =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id2, null)
     val engineSpace2 = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
       Utils.currentUser,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
index f7cbb2001..389b67e47 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
@@ -26,6 +26,7 @@ import org.apache.kyuubi.engine.EngineRef
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.DiscoveryPaths
+import org.apache.kyuubi.plugin.PluginLoader
 
 class AdminCtlSuite extends RestClientTestHelper with TestPrematureExit {
   override def beforeAll(): Unit = {
@@ -53,8 +54,10 @@ class AdminCtlSuite extends RestClientTestHelper with TestPrematureExit {
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.AUTHENTICATION_METHOD, Seq("LDAP", "CUSTOM"))
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
     val user = ldapUser
-    val engine = new EngineRef(conf.clone, user, "grp", id, null)
+    val engine = new EngineRef(conf.clone, user, PluginLoader.loadGroupProvider(conf), id, null)
 
     val engineSpace = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_USER_SPARK_SQL",
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
index 5165573ed..b79e62a12 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
@@ -30,6 +30,7 @@ import org.apache.kyuubi.engine.EngineRef
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.DiscoveryPaths
+import org.apache.kyuubi.plugin.PluginLoader
 
 class AdminRestApiSuite extends RestClientTestHelper {
   test("refresh kyuubi server hadoop conf") {
@@ -48,8 +49,9 @@ class AdminRestApiSuite extends RestClientTestHelper {
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.AUTHENTICATION_METHOD, Seq("LDAP", "CUSTOM"))
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
     val user = ldapUser
-    val engine = new EngineRef(conf.clone, user, "grp", id, null)
+    val engine = new EngineRef(conf.clone, user, PluginLoader.loadGroupProvider(conf), id, null)
 
     val engineSpace = DiscoveryPaths.makePath(
       s"kyuubi_test_${KYUUBI_VERSION}_USER_SPARK_SQL",

From b7290dc6a923bcea76dd969f2d27e17921a8e7f3 Mon Sep 17 00:00:00 2001
From: He Zhao <hezhao2@cisco.com>
Date: Thu, 16 Mar 2023 21:59:02 +0800
Subject: [PATCH 179/760] [KYUUBI #4537][UI] Enable Vite proxy server for web
 ui development

### _Why are the changes needed?_

As title and close #4537

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

![popo_2023-03-16  16-03-22](https://user-images.githubusercontent.com/52876270/225552935-525d80d6-520f-4570-9aaf-adc4f97dea44.jpg)

Closes #4538 from zwangsheng/KYUUBI_4537.

Closes #4537

2cae68044 [zwangsheng] [KYUUBI #4537] fix
19fc9bd8b [zwangsheng] [KYUUBI #4537] Set 0.0.0.0 for mac & windows
e8cff7853 [zwangsheng] [KYUUBI #4537] Set 0.0.0.0 for mac & windows
8af446ab0 [zwangsheng] [KYUUBI #4537] Remove test code
2897749ef [zwangsheng] [KYUUBI #4537] Remove test code
e714637e2 [zwangsheng] [KYUUBI #4537][Improvement][UI] Enabled Vite Server Proxy for developer work in local with front and backend server

Lead-authored-by: He Zhao <hezhao2@cisco.com>
Co-authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/Utils.scala  |  5 +++
 .../server/KyuubiRestFrontendService.scala    |  5 ++-
 kyuubi-server/web-ui/.env.development         |  2 +-
 kyuubi-server/web-ui/src/utils/request.ts     |  2 +-
 kyuubi-server/web-ui/vite.config.ts           | 41 ++++++++++++-------
 5 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
index e4fb23936..3a03682ff 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
@@ -221,6 +221,11 @@ object Utils extends Logging {
    */
   val isWindows: Boolean = SystemUtils.IS_OS_WINDOWS
 
+  /**
+   * Whether the underlying operating system is MacOS.
+   */
+  val isMac: Boolean = SystemUtils.IS_OS_MAC
+
   /**
    * Indicates whether Kyuubi is currently running unit tests.
    */
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 5a991a08a..cd191afe8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -58,7 +58,10 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
 
   lazy val host: String = conf.get(FRONTEND_REST_BIND_HOST)
     .getOrElse {
-      if (conf.get(KyuubiConf.FRONTEND_CONNECTION_URL_USE_HOSTNAME)) {
+      if (Utils.isWindows || Utils.isMac) {
+        warn(s"Kyuubi Server run in Windows or Mac environment, binding $getName to 0.0.0.0")
+        "0.0.0.0"
+      } else if (conf.get(KyuubiConf.FRONTEND_CONNECTION_URL_USE_HOSTNAME)) {
         Utils.findLocalInetAddress.getCanonicalHostName
       } else {
         Utils.findLocalInetAddress.getHostAddress
diff --git a/kyuubi-server/web-ui/.env.development b/kyuubi-server/web-ui/.env.development
index d8297cf36..d1d91dd38 100644
--- a/kyuubi-server/web-ui/.env.development
+++ b/kyuubi-server/web-ui/.env.development
@@ -15,4 +15,4 @@
 
 NODE_ENV=development
 
-VITE_APP_DEV_WEB_URL='/'
+VITE_APP_DEV_WEB_URL='http://0.0.0.0:10099/'
diff --git a/kyuubi-server/web-ui/src/utils/request.ts b/kyuubi-server/web-ui/src/utils/request.ts
index 375e8f9cc..6171ed9cd 100644
--- a/kyuubi-server/web-ui/src/utils/request.ts
+++ b/kyuubi-server/web-ui/src/utils/request.ts
@@ -19,7 +19,7 @@ import axios, { AxiosResponse } from 'axios'
 
 // create an axios instance
 const service = axios.create({
-  baseURL: import.meta.env.VITE_APP_DEV_WEB_URL, // url = base url + request url
+  baseURL: '/', // url = base url + request url
   // withCredentials: true, // send cookies when cross-domain requests
   timeout: 60000 // request timeout
 })
diff --git a/kyuubi-server/web-ui/vite.config.ts b/kyuubi-server/web-ui/vite.config.ts
index 92af99741..b6786a0c1 100644
--- a/kyuubi-server/web-ui/vite.config.ts
+++ b/kyuubi-server/web-ui/vite.config.ts
@@ -15,24 +15,35 @@
  * limitations under the License.
  */
 
-import { defineConfig } from 'vite'
+import { defineConfig, loadEnv } from 'vite'
 import Vue from '@vitejs/plugin-vue'
 import path from 'path'
 
-export default defineConfig({
-  base: '/ui/',
-  plugins: [Vue()],
-  resolve: {
-    alias: [
-      {
-        find: '@',
-        replacement: path.resolve(__dirname, 'src')
-      },
-      // resolve warning of vue-i18n
-      {
-        find: 'vue-i18n',
-        replacement: 'vue-i18n/dist/vue-i18n.cjs.js'
+export default defineConfig(({ mode }) => {
+  const env = loadEnv(mode, process.cwd(), '')
+  return {
+    base: '/ui/',
+    plugins: [Vue()],
+    resolve: {
+      alias: [
+        {
+          find: '@',
+          replacement: path.resolve(__dirname, 'src')
+        },
+        // resolve warning of vue-i18n
+        {
+          find: 'vue-i18n',
+          replacement: 'vue-i18n/dist/vue-i18n.cjs.js'
+        }
+      ]
+    },
+    server: {
+      proxy: {
+        '/api': {
+          target: env['VITE_APP_DEV_WEB_URL'],
+          changeOrigin: true
+        }
       }
-    ]
+    }
   }
 })

From 58a4f58a1f47e14ff8f73c8c0b874ccb54ac21b7 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Thu, 16 Mar 2023 22:11:11 +0800
Subject: [PATCH 180/760] [KYUUBI #3420][SPARK] Expose UI url on registering
 engine service

### _Why are the changes needed?_

see detail in KYUUBI #3436

Splitting it out of a giant PR https://github.com/apache/kyuubi/pull/4002 to perfect

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4459 from zwangsheng/3420.

Closes #3420

2fd9b3131 [zwangsheng] [KYUUBI #3420]Fouce on spark web ui
3fbee02b7 [zwangsheng] [KYUUBI #3420] With inter config and expose explicit conf
09841d17b [zwangsheng] [KYUUBI #3420] Fix style
b47c3e5d1 [zwangsheng] [KYUUBI #3420] Fix unit test
b3ab3e23b [zwangsheng] [KYUUBI #3420] Expose more spark engine info
69292abf4 [zwangsheng] [KYUUBI #3420] Using common test case
cf889b09b [zwangsheng] [KYUUBI #3420] Fix unit test
1a0ac582f [zwangsheng] [KYUUBI #3420] Fix style
daf41de2d [zwangsheng] [KYUUBI #4453] Add etcd test
ab1038369 [zwangsheng] [KYUUBI #3420 Add Spark Web UI Url in zk node]

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/SparkTBinaryFrontendService.scala   |  8 ++-
 .../spark/SparkEngineRegisterSuite.scala      | 50 +++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkEngineRegisterSuite.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
index d4eaf3454..49cb9b3ef 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
@@ -94,7 +94,13 @@ class SparkTBinaryFrontendService(
   }
 
   override def attributes: Map[String, String] = {
-    Map(KYUUBI_ENGINE_ID -> KyuubiSparkUtil.engineId)
+    val attributes = Map(
+      KYUUBI_ENGINE_ID -> KyuubiSparkUtil.engineId)
+    // TODO Support Spark Web UI Enabled SSL
+    sc.uiWebUrl match {
+      case Some(url) => attributes ++ Map(KYUUBI_ENGINE_URL -> url.split("//").last)
+      case None => attributes
+    }
   }
 }
 
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkEngineRegisterSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkEngineRegisterSuite.scala
new file mode 100644
index 000000000..8c636af76
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkEngineRegisterSuite.scala
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.spark
+
+import java.util.UUID
+
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_ID, KYUUBI_ENGINE_URL}
+
+trait SparkEngineRegisterSuite extends WithDiscoverySparkSQLEngine {
+
+  override def withKyuubiConf: Map[String, String] =
+    super.withKyuubiConf ++ Map("spark.ui.enabled" -> "true")
+
+  override val namespace: String = s"/kyuubi/deregister_test/${UUID.randomUUID.toString}"
+
+  test("Spark Engine Register Zookeeper with spark ui info") {
+    withDiscoveryClient(client => {
+      val info = client.getChildren(namespace).head.split(";")
+      assert(info.exists(_.startsWith(KYUUBI_ENGINE_ID)))
+      assert(info.exists(_.startsWith(KYUUBI_ENGINE_URL)))
+    })
+  }
+}
+
+class ZookeeperSparkEngineRegisterSuite extends SparkEngineRegisterSuite
+  with WithEmbeddedZookeeper {
+
+  override def withKyuubiConf: Map[String, String] =
+    super.withKyuubiConf ++ zookeeperConf
+}
+
+class EtcdSparkEngineRegisterSuite extends SparkEngineRegisterSuite
+  with WithEtcdCluster {
+  override def withKyuubiConf: Map[String, String] = super.withKyuubiConf ++ etcdConf
+}

From 4d67dac437a5358b816eb7d0d926ec259c2fbb6f Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Fri, 17 Mar 2023 12:31:36 +0800
Subject: [PATCH 181/760] [KYUUBI #4546] Fully exclude `metrics` dir from git

### _Why are the changes needed?_

Follow our attitude towards other excluded folders, exclude the entire `metrics` folder.
Like in `.gitignore`
```
embedded_zookeeper/
```

`metrics` dir will be created in source code when run `KyuubiServer` in local IDE.

Close #4546

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4547 from zwangsheng/KYUUBI_4546.

Closes #4546

8f13670e6 [zwangsheng] [KYUUBI #4546] Ignore full metrics dir in git version control

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .gitignore | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9a115ab0a..190294d06 100644
--- a/.gitignore
+++ b/.gitignore
@@ -58,8 +58,7 @@ metastore_db
 derby.log
 rest-audit.log
 **/dependency-reduced-pom.xml
-metrics/report.json
-metrics/.report.json.crc
+metrics/
 /kyuubi-ha/embedded_zookeeper/
 embedded_zookeeper/
 /externals/kyuubi-spark-sql-engine/operation_logs/

From 04155f2d690552a038980d022363ef1d7c36fc5c Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Fri, 17 Mar 2023 13:13:16 +0800
Subject: [PATCH 182/760] [KYUUBI #4331] [KYUUBI #4431] Lineage supports
 `Union` and `MergeInto`

close #4331
close #4431

### _Why are the changes needed?_

Because `optimizedPlan` has been replaced by `analyzedPlan`, iceberg tables do not need to be additionally processed when new logical plans are generated during some optimization stages. They can be treated as regular tables.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4543 from iodone/fix-4431.

Closes #4331

Closes #4431

2adddcc5 [odone] fix `Union` and `MergeInto` bug

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../helper/SparkSQLLineageParseHelper.scala   | 24 ++++++++++++-------
 .../SparkSQLLineageParserHelperSuite.scala    | 21 +++++++++++++++-
 2 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index 7106dfb8c..dd085f404 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -312,7 +312,7 @@ trait LineageParser {
         val nextColumnsLlineage = ListMap(allAssignments.map { assignment =>
           (
             assignment.key.asInstanceOf[Attribute],
-            AttributeSet(assignment.value.asInstanceOf[Attribute]))
+            assignment.value.references)
         }: _*)
         val targetTable = getPlanField[LogicalPlan]("targetTable", plan)
         val sourceTable = getPlanField[LogicalPlan]("sourceTable", plan)
@@ -376,14 +376,22 @@ trait LineageParser {
         }
 
       case p: Union =>
-        // merge all children in to one derivedColumns
-        val childrenUnion =
-          p.children.map(extractColumnsLineage(_, ListMap[Attribute, AttributeSet]())).map(
-            _.values).reduce {
-            (left, right) =>
-              left.zip(right).map(attr => attr._1 ++ attr._2)
+        val childrenColumnsLineage =
+          // support for the multi-insert statement
+          if (p.output.isEmpty) {
+            p.children
+              .map(extractColumnsLineage(_, ListMap[Attribute, AttributeSet]()))
+              .reduce(mergeColumnsLineage)
+          } else {
+            // merge all children in to one derivedColumns
+            val childrenUnion =
+              p.children.map(extractColumnsLineage(_, ListMap[Attribute, AttributeSet]())).map(
+                _.values).reduce {
+                (left, right) =>
+                  left.zip(right).map(attr => attr._1 ++ attr._2)
+              }
+            ListMap(p.output.zip(childrenUnion): _*)
           }
-        val childrenColumnsLineage = ListMap(p.output.zip(childrenUnion): _*)
         joinColumnsLineage(parentColumnsLineage, childrenColumnsLineage)
 
       case p: LogicalRelation if p.catalogTable.nonEmpty =>
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index ed61a1b5f..0c69885da 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -172,7 +172,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         "WHEN MATCHED THEN " +
         "  UPDATE SET target.name = source.name, target.price = source.price " +
         "WHEN NOT MATCHED THEN " +
-        "  INSERT (id, name, price) VALUES (source.id, source.name, source.price)")
+        "  INSERT (id, name, price) VALUES (cast(source.id as int), source.name, source.price)")
       assert(ret0 == Lineage(
         List("v2_catalog.db.source_t"),
         List("v2_catalog.db.target_t"),
@@ -1287,6 +1287,25 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
+  test("test the statement with FROM xxx INSERT xxx") {
+    withTable("t1", "t2", "t3") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string) USING hive")
+      spark.sql("CREATE TABLE t2 (a string, b string) USING hive")
+      spark.sql("CREATE TABLE t3 (a string, b string) USING hive")
+      val ret0 = exectractLineage("from (select a,b from t1)" +
+        " insert overwrite table t2 select a,b where a=1" +
+        " insert overwrite table t3 select a,b where b=1")
+      assert(ret0 == Lineage(
+        List("default.t1"),
+        List("default.t2", "default.t3"),
+        List(
+          ("default.t2.a", Set("default.t1.a")),
+          ("default.t2.b", Set("default.t1.b")),
+          ("default.t3.a", Set("default.t1.a")),
+          ("default.t3.b", Set("default.t1.b")))))
+    }
+  }
+
   private def exectractLineageWithoutExecuting(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)

From 7709cd18a7febb4cbf2b7e0d1170ad11dd01f301 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 17 Mar 2023 13:16:13 +0800
Subject: [PATCH 183/760] [KYUUBI #4504] [Authz] [Bug] Fix source table
 privilege requirement when querying permanent view in Spark 3.1 and below

### _Why are the changes needed?_

To fix #4504.
- add ut for querying the second column of permenant view with multi-column source table (in purpose for reproducing cases for Spark 3.1 and below)
- make user RuleAuthorization check only once, by marking `KYUUBI_AUTHZ_TAG` tag on plan's children and itself , to prevent penetration checks to source table of perm view

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4529 from bowenliang123/4504-authz-permview.

Closes #4504

b5f9bedcf [liangbowen] minor update
3efba2d23 [liangbowen] update ut and policy
a7584d9d9 [liangbowen] update
c0c11558e [liangbowen] update
ee208d71d [liangbowen] update
3c7804e76 [liangbowen] fix ut
5ab0d1a1f [liangbowen] check RuleAuthorization run only once

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../authz/ranger/RuleAuthorization.scala      | 29 ++++++---
 .../test/resources/sparkSql_hive_jenkins.json | 61 +++++++++++++++++++
 .../ranger/RangerSparkExtensionSuite.scala    | 54 +++++++++++++---
 3 files changed, 125 insertions(+), 19 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
index 1c73acc49..3d53174f3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
@@ -27,16 +27,15 @@ import org.apache.spark.sql.catalyst.trees.TreeNodeTag
 
 import org.apache.kyuubi.plugin.spark.authz._
 import org.apache.kyuubi.plugin.spark.authz.ObjectType._
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
+import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization._
 import org.apache.kyuubi.plugin.spark.authz.ranger.SparkRangerAdminPlugin._
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._;
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 class RuleAuthorization(spark: SparkSession) extends Rule[LogicalPlan] {
-  override def apply(plan: LogicalPlan): LogicalPlan = plan match {
-    case p if !plan.getTagValue(KYUUBI_AUTHZ_TAG).contains(true) =>
-      RuleAuthorization.checkPrivileges(spark, p)
-      p.setTagValue(KYUUBI_AUTHZ_TAG, true)
-      p
-    case p => p // do nothing if checked privileges already.
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    plan match {
+      case plan if isAuthChecked(plan) => plan // do nothing if checked privileges already.
+      case p => checkPrivileges(spark, p)
+    }
   }
 }
 
@@ -44,7 +43,7 @@ object RuleAuthorization {
 
   val KYUUBI_AUTHZ_TAG = TreeNodeTag[Boolean]("__KYUUBI_AUTHZ_TAG")
 
-  def checkPrivileges(spark: SparkSession, plan: LogicalPlan): Unit = {
+  private def checkPrivileges(spark: SparkSession, plan: LogicalPlan): LogicalPlan = {
     val auditHandler = new SparkRangerAuditHandler
     val ugi = getAuthzUgi(spark.sparkContext)
     val (inputs, outputs, opType) = PrivilegesBuilder.build(plan, spark)
@@ -94,5 +93,17 @@ object RuleAuthorization {
         verify(Seq(req), auditHandler)
       }
     }
+    markAuthChecked(plan)
+  }
+
+  private def markAuthChecked(plan: LogicalPlan): LogicalPlan = {
+    plan.transformUp { case p =>
+      p.setTagValue(KYUUBI_AUTHZ_TAG, true)
+      p
+    }
+  }
+
+  private def isAuthChecked(plan: LogicalPlan): Boolean = {
+    plan.find(_.getTagValue(KYUUBI_AUTHZ_TAG).contains(true)).nonEmpty
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
index 84b0e30eb..250df2ddc 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
@@ -1151,6 +1151,67 @@
       "guid": "b3f1f1e0-2bd6-4b20-8a32-a531006ae151",
       "isEnabled": true,
       "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "someone_access_perm_view",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "perm_view"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "user_perm_view_only"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 123,
+      "guid": "2fb6099d-e421-41df-9d24-f2f47bed618e",
+      "isEnabled": true,
+      "version": 5
     }
   ],
   "serviceDef": {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 9cd647cdd..3aa551c42 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -521,27 +521,61 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("[KYUUBI #3326] check persisted view and skip shadowed table") {
+    val db1 = "default"
     val table = "hive_src"
     val permView = "perm_view"
-    val db1 = "default"
-    val db2 = "db2"
 
     withCleanTmpResources(Seq(
       (s"$db1.$table", "table"),
-      (s"$db2.$permView", "view"),
-      (db2, "database"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int)"))
-
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $db2"))
-      doAs("admin", sql(s"CREATE VIEW $db2.$permView AS SELECT * FROM $table"))
+      (s"$db1.$permView", "view"))) {
+      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      doAs("admin", sql(s"CREATE VIEW $db1.$permView AS SELECT * FROM $db1.$table"))
 
+      // KYUUBI #3326: with no privileges to the permanent view or the source table
       val e1 = intercept[AccessControlException](
-        doAs("someone", sql(s"select * from $db2.$permView")).show(0))
+        doAs(
+          "someone", {
+            sql(s"select * from $db1.$permView").collect()
+          }))
+      if (isSparkV31OrGreater) {
+        assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$permView/id]"))
+      } else {
+        assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
+      }
+    }
+  }
+
+  test("KYUUBI #4504: query permanent view with privilege to permanent view only") {
+    val db1 = "default"
+    val table = "hive_src"
+    val permView = "perm_view"
+    val userPermViewOnly = "user_perm_view_only"
+
+    withCleanTmpResources(Seq(
+      (s"$db1.$table", "table"),
+      (s"$db1.$permView", "view"))) {
+      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      doAs("admin", sql(s"CREATE VIEW $db1.$permView AS SELECT * FROM $db1.$table"))
+
+      // query all columns of the permanent view
+      // with access privileges to the permanent view but no privilege to the source table
+      val sql1 = s"SELECT * FROM $db1.$permView"
       if (isSparkV31OrGreater) {
-        assert(e1.getMessage.contains(s"does not have [select] privilege on [$db2/$permView/id]"))
+        doAs(userPermViewOnly, { sql(sql1).collect() })
       } else {
+        val e1 = intercept[AccessControlException](doAs(userPermViewOnly, { sql(sql1).collect() }))
         assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
       }
+
+      // query the second column of permanent view with multiple columns
+      // with access privileges to the permanent view but no privilege to the source table
+      val sql2 = s"SELECT name FROM $db1.$permView"
+      if (isSparkV31OrGreater) {
+        doAs(userPermViewOnly, { sql(sql2).collect() })
+      } else {
+        val e2 = intercept[AccessControlException](doAs(userPermViewOnly, { sql(sql2).collect() }))
+        assert(e2.getMessage.contains(s"does not have [select] privilege on [$db1/$table/name]"))
+      }
     }
   }
 

From f1eb449c42b820b8ad3f4d388bb6320acf70bb1b Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 17 Mar 2023 13:39:30 +0800
Subject: [PATCH 184/760] [KYUUBI #4544] Initial implement Kyuubi Chat Engine
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Introduce a brand new CHAT engine, it's supposed to support different backends, e.g. ChatGPT, 文心一言, etc.

This PR implements the following providers:

- ECHO, simply replies a welcome message.
- GPT: a.k.a ChatGPT, powered by OpenAI, which requires a API key for authentication. https://platform.openai.com/account/api-keys

Add the following configurations in `kyuubi-defaults.conf`
```
kyuubi.engine.chat.provider=[ECHO|GPT]
kyuubi.engine.chat.gpt.apiKey=<chat-gpt-api-key>
```

Open an ECHO beeline chat engine.
```
beeline -u 'jdbc:hive2://localhost:10009/?kyuubi.engine.type=CHAT;kyuubi.engine.chat.provider=ECHO'
```

```
Connecting to jdbc:hive2://localhost:10009/
Connected to: Kyuubi Chat Engine (version 1.8.0-SNAPSHOT)
Driver: Kyuubi Project Hive JDBC Client (version 1.7.0)
Beeline version 1.7.0 by Apache Kyuubi
0: jdbc:hive2://localhost:10009/> Hello, Kyuubi!;
+----------------------------------------+
|                 reply                  |
+----------------------------------------+
| This is ChatKyuubi, nice to meet you!  |
+----------------------------------------+
1 row selected (0.397 seconds)
```

Open a ChatGPT beeline chat engine. (make sure your network can connect the open API and configure the API key)
```
beeline -u 'jdbc:hive2://localhost:10009/?kyuubi.engine.type=CHAT;kyuubi.engine.chat.provider=GPT'
```

<img width="1109" alt="image" src="https://user-images.githubusercontent.com/26535726/225813625-a002e6e2-3b0d-4194-b061-2e215d58ba94.png">

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4544 from pan3793/chatgpt.

Closes #4544

87bdebb6d [Cheng Pan] nit
f7dee18f3 [Cheng Pan] Update docs
9beb55162 [cxzl25] chat api (#1)
af38bdc7c [Cheng Pan] update docs
9aa6d83a6 [Cheng Pan] Initial implement Kyuubi Chat Engine

Lead-authored-by: Cheng Pan <chengpan@apache.org>
Co-authored-by: cxzl25 <cxzl25@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/dist                                    |  13 ++
 docs/deployment/settings.md                   | 113 +++++++--------
 externals/kyuubi-chat-engine/pom.xml          |  89 ++++++++++++
 .../engine/chat/ChatBackendService.scala      |  28 ++++
 .../kyuubi/engine/chat/ChatEngine.scala       |  86 ++++++++++++
 .../chat/ChatTBinaryFrontendService.scala     |  34 +++++
 .../engine/chat/operation/ChatOperation.scala | 100 ++++++++++++++
 .../chat/operation/ChatOperationManager.scala | 130 ++++++++++++++++++
 .../chat/operation/ExecuteStatement.scala     |  66 +++++++++
 .../chat/provider/ChatGPTProvider.scala       |  84 +++++++++++
 .../engine/chat/provider/ChatProvider.scala   |  59 ++++++++
 .../engine/chat/provider/EchoProvider.scala   |  28 ++++
 .../kyuubi/engine/chat/provider/Message.scala |  20 +++
 .../kyuubi/engine/chat/schema/RowSet.scala    | 108 +++++++++++++++
 .../engine/chat/schema/SchemaHelper.scala     |  56 ++++++++
 .../engine/chat/session/ChatSessionImpl.scala |  68 +++++++++
 .../chat/session/ChatSessionManager.scala     |  71 ++++++++++
 .../src/test/resources/log4j2-test.xml        |  42 ++++++
 .../kyuubi/engine/chat/WithChatEngine.scala   |  60 ++++++++
 .../chat/operation/ChatOperationSuite.scala   |  40 ++++++
 .../org/apache/kyuubi/config/KyuubiConf.scala |  46 +++++++
 .../org/apache/kyuubi/engine/EngineType.scala |   2 +-
 .../org/apache/kyuubi/engine/EngineRef.scala  |   5 +-
 .../engine/chat/ChatProcessBuilder.scala      | 115 ++++++++++++++++
 pom.xml                                       |   3 +-
 25 files changed, 1409 insertions(+), 57 deletions(-)
 create mode 100644 externals/kyuubi-chat-engine/pom.xml
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatBackendService.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatEngine.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatTBinaryFrontendService.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationManager.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ExecuteStatement.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/Message.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/RowSet.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/SchemaHelper.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala
 create mode 100644 externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionManager.scala
 create mode 100644 externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml
 create mode 100644 externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/WithChatEngine.scala
 create mode 100644 externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationSuite.scala
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala

diff --git a/build/dist b/build/dist
index c155dce3f..e0dae3479 100755
--- a/build/dist
+++ b/build/dist
@@ -256,6 +256,7 @@ mkdir -p "$DISTDIR/externals/engines/spark"
 mkdir -p "$DISTDIR/externals/engines/trino"
 mkdir -p "$DISTDIR/externals/engines/hive"
 mkdir -p "$DISTDIR/externals/engines/jdbc"
+mkdir -p "$DISTDIR/externals/engines/chat"
 echo "Kyuubi $VERSION $GITREVSTRING built for" > "$DISTDIR/RELEASE"
 echo "Java $JAVA_VERSION" >> "$DISTDIR/RELEASE"
 echo "Scala $SCALA_VERSION" >> "$DISTDIR/RELEASE"
@@ -313,6 +314,18 @@ for jar in $(ls "$DISTDIR/jars/"); do
   fi
 done
 
+# Copy chat engines
+cp "$KYUUBI_HOME/externals/kyuubi-chat-engine/target/kyuubi-chat-engine_${SCALA_VERSION}-${VERSION}.jar" "$DISTDIR/externals/engines/chat/"
+cp -r "$KYUUBI_HOME"/externals/kyuubi-chat-engine/target/scala-$SCALA_VERSION/jars/*.jar "$DISTDIR/externals/engines/chat/"
+
+# Share the jars w/ server to reduce binary size
+# shellcheck disable=SC2045
+for jar in $(ls "$DISTDIR/jars/"); do
+  if [[ -f "$DISTDIR/externals/engines/chat/$jar" ]]; then
+    (cd $DISTDIR/externals/engines/chat; ln -snf "../../../jars/$jar" "$DISTDIR/externals/engines/chat/$jar")
+  fi
+done
+
 # Copy kyuubi tools
 if [[ -f "$KYUUBI_HOME/tools/spark-block-cleaner/target/spark-block-cleaner_${SCALA_VERSION}-${VERSION}.jar" ]]; then
   mkdir -p "$DISTDIR/tools/spark-block-cleaner/kubernetes"
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index a2474a506..9c5f76712 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -118,60 +118,65 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Engine
 
-|                           Key                            |          Default          |                                                                                                                                                                                                                                                                                                                                                                                                                                         Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                         |   Type   | Since |
-|----------------------------------------------------------|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.engine.connection.url.use.hostname                | true                      | (deprecated) When true, the engine registers with hostname to zookeeper. When Spark runs on K8s with cluster mode, set to false to ensure that server can connect to engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.3.0 |
-| kyuubi.engine.deregister.exception.classes                                          || A comma-separated list of exception classes. If there is any exception thrown, whose class matches the specified classes, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | seq      | 1.2.0 |
-| kyuubi.engine.deregister.exception.messages                                         || A comma-separated list of exception messages. If there is any exception thrown, whose message or stacktrace matches the specified message list, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | seq      | 1.2.0 |
-| kyuubi.engine.deregister.exception.ttl                   | PT30M                     | Time to live(TTL) for exceptions pattern specified in kyuubi.engine.deregister.exception.classes and kyuubi.engine.deregister.exception.messages to deregister engines. Once the total error count hits the kyuubi.engine.deregister.job.max.failures within the TTL, an engine will deregister itself and wait for self-terminated. Otherwise, we suppose that the engine has recovered from temporary failures.                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | duration | 1.2.0 |
-| kyuubi.engine.deregister.job.max.failures                | 4                         | Number of failures of job before deregistering the engine.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | int      | 1.2.0 |
-| kyuubi.engine.event.json.log.path                        | file:///tmp/kyuubi/events | The location where all the engine events go for the built-in JSON logger.<ul><li>Local Path: start with 'file://'</li><li>HDFS Path: start with 'hdfs://'</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.3.0 |
-| kyuubi.engine.event.loggers                              | SPARK                     | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a subclass of `org.apache.kyuubi.events.handler.CustomEventHandlerProvider` which has a zero-arg constructor.                                                                                                                                                                                                                                                                                 | seq      | 1.3.0 |
-| kyuubi.engine.flink.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Flink SQL engine, for configuring the location of hadoop client jars, etc                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
-| kyuubi.engine.flink.java.options                         | &lt;undefined&gt;         | The extra Java options for the Flink SQL engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.6.0 |
-| kyuubi.engine.flink.memory                               | 1g                        | The heap memory for the Flink SQL engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
-| kyuubi.engine.hive.event.loggers                         | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | seq      | 1.7.0 |
-| kyuubi.engine.hive.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Hive query engine, for configuring location of the hadoop client jars and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
-| kyuubi.engine.hive.java.options                          | &lt;undefined&gt;         | The extra Java options for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
-| kyuubi.engine.hive.memory                                | 1g                        | The heap memory for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.6.0 |
-| kyuubi.engine.initialize.sql                             | SHOW DATABASES            | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SHOW DATABASES` to eagerly active HiveClient. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | seq      | 1.2.0 |
-| kyuubi.engine.jdbc.connection.password                   | &lt;undefined&gt;         | The password is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
-| kyuubi.engine.jdbc.connection.properties                                            || The additional properties are used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.6.0 |
-| kyuubi.engine.jdbc.connection.provider                   | &lt;undefined&gt;         | The connection provider is used for getting a connection from the server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
-| kyuubi.engine.jdbc.connection.url                        | &lt;undefined&gt;         | The server url that engine will connect to                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
-| kyuubi.engine.jdbc.connection.user                       | &lt;undefined&gt;         | The user is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.6.0 |
-| kyuubi.engine.jdbc.driver.class                          | &lt;undefined&gt;         | The driver class for JDBC engine connection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.6.0 |
-| kyuubi.engine.jdbc.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the JDBC query engine, for configuring the location of the JDBC driver and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
-| kyuubi.engine.jdbc.java.options                          | &lt;undefined&gt;         | The extra Java options for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
-| kyuubi.engine.jdbc.memory                                | 1g                        | The heap memory for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.6.0 |
-| kyuubi.engine.jdbc.type                                  | &lt;undefined&gt;         | The short name of JDBC type                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.6.0 |
-| kyuubi.engine.operation.convert.catalog.database.enabled | true                      | When set to true, The engine converts the JDBC methods of set/get Catalog and set/get Schema to the implementation of different engines                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | boolean  | 1.6.0 |
-| kyuubi.engine.operation.log.dir.root                     | engine_operation_logs     | Root directory for query operation log at engine-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.4.0 |
-| kyuubi.engine.pool.name                                  | engine-pool               | The name of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.5.0 |
-| kyuubi.engine.pool.selectPolicy                          | RANDOM                    | The select policy of an engine from the corresponding engine pool engine for a session. <ul><li>RANDOM - Randomly use the engine in the pool</li><li>POLLING - Polling use the engine in the pool</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.7.0 |
-| kyuubi.engine.pool.size                                  | -1                        | The size of the engine pool. Note that, if the size is less than 1, the engine pool will not be enabled; otherwise, the size of the engine pool will be min(this, kyuubi.engine.pool.size.threshold).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.4.0 |
-| kyuubi.engine.pool.size.threshold                        | 9                         | This parameter is introduced as a server-side parameter controlling the upper limit of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.4.0 |
-| kyuubi.engine.session.initialize.sql                                                || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | seq      | 1.3.0 |
-| kyuubi.engine.share.level                                | USER                      | Engines will be shared in different levels, available configs are: <ul> <li>CONNECTION: engine will not be shared but only used by the current client connection</li> <li>USER: engine will be shared by all sessions created by a unique username, see also kyuubi.engine.share.level.subdomain</li> <li>GROUP: the engine will be shared by all sessions created by all users belong to the same primary group name. The engine will be launched by the group name as the effective username, so here the group name is in value of special user who is able to visit the computing resources/data of the team. It follows the [Hadoop GroupsMapping](https://reurl.cc/xE61Y5) to map user to a primary group. If the primary group is not found, it fallback to the USER level. <li>SERVER: the App will be shared by Kyuubi servers</li></ul>                                       | string   | 1.2.0 |
-| kyuubi.engine.share.level.sub.domain                     | &lt;undefined&gt;         | (deprecated) - Using kyuubi.engine.share.level.subdomain instead                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.2.0 |
-| kyuubi.engine.share.level.subdomain                      | &lt;undefined&gt;         | Allow end-users to create a subdomain for the share level of an engine. A subdomain is a case-insensitive string values that must be a valid zookeeper subpath. For example, for the `USER` share level, an end-user can share a certain engine within a subdomain, not for all of its clients. End-users are free to create multiple engines in the `USER` share level. When disable engine pool, use 'default' if absent.                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.4.0 |
-| kyuubi.engine.single.spark.session                       | false                     | When set to true, this engine is running in a single session mode. All the JDBC/ODBC connections share the temporary views, function registries, SQL configuration and the current database.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | boolean  | 1.3.0 |
-| kyuubi.engine.spark.event.loggers                        | SPARK                     | A comma-separated list of engine loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | seq      | 1.7.0 |
-| kyuubi.engine.spark.python.env.archive                   | &lt;undefined&gt;         | Portable Python env archive used for Spark engine Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.7.0 |
-| kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.7.0 |
-| kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.7.0 |
-| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not invisible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | duration | 1.7.1 |
-| kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | seq      | 1.7.0 |
-| kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
-| kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
-| kyuubi.engine.trino.memory                               | 1g                        | The heap memory for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
-| kyuubi.engine.type                                       | SPARK_SQL                 | Specify the detailed engine supported by Kyuubi. The engine type bindings to SESSION scope. This configuration is experimental. Currently, available configs are: <ul> <li>SPARK_SQL: specify this engine type will launch a Spark engine which can provide all the capacity of the Apache Spark. Note, it's a default engine type.</li> <li>FLINK_SQL: specify this engine type will launch a Flink engine which can provide all the capacity of the Apache Flink.</li> <li>TRINO: specify this engine type will launch a Trino engine which can provide all the capacity of the Trino.</li> <li>HIVE_SQL: specify this engine type will launch a Hive engine which can provide all the capacity of the Hive Server2.</li> <li>JDBC: specify this engine type will launch a JDBC engine which can provide a MySQL protocol connector, for now we only support Doris dialect.</li></ul> | string   | 1.4.0 |
-| kyuubi.engine.ui.retainedSessions                        | 200                       | The number of SQL client sessions kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | int      | 1.4.0 |
-| kyuubi.engine.ui.retainedStatements                      | 200                       | The number of statements kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | int      | 1.4.0 |
-| kyuubi.engine.ui.stop.enabled                            | true                      | When true, allows Kyuubi engine to be killed from the Spark Web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | boolean  | 1.3.0 |
-| kyuubi.engine.user.isolated.spark.session                | true                      | When set to false, if the engine is running in a group or server share level, all the JDBC/ODBC connections will be isolated against the user. Including the temporary views, function registries, SQL configuration, and the current database. Note that, it does not affect if the share level is connection or user.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | boolean  | 1.6.0 |
-| kyuubi.engine.user.isolated.spark.session.idle.interval  | PT1M                      | The interval to check if the user-isolated Spark session is timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | duration | 1.6.0 |
-| kyuubi.engine.user.isolated.spark.session.idle.timeout   | PT6H                      | If kyuubi.engine.user.isolated.spark.session is false, we will release the Spark session if its corresponding user is inactive after this configured timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.6.0 |
+|                           Key                            |          Default          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |   Type   | Since |
+|----------------------------------------------------------|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.engine.chat.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Chat engine, for configuring the location of the SDK and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.8.0 |
+| kyuubi.engine.chat.gpt.apiKey                            | &lt;undefined&gt;         | The key to access OpenAI open API, which could be got at https://platform.openai.com/account/api-keys                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.8.0 |
+| kyuubi.engine.chat.java.options                          | &lt;undefined&gt;         | The extra Java options for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
+| kyuubi.engine.chat.memory                                | 1g                        | The heap memory for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
+| kyuubi.engine.chat.provider                              | ECHO                      | The provider for the Chat engine. Candidates: <ul> <li>ECHO: simply replies a welcome message.</li> <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
+| kyuubi.engine.connection.url.use.hostname                | true                      | (deprecated) When true, the engine registers with hostname to zookeeper. When Spark runs on K8s with cluster mode, set to false to ensure that server can connect to engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.3.0 |
+| kyuubi.engine.deregister.exception.classes                                          || A comma-separated list of exception classes. If there is any exception thrown, whose class matches the specified classes, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.2.0 |
+| kyuubi.engine.deregister.exception.messages                                         || A comma-separated list of exception messages. If there is any exception thrown, whose message or stacktrace matches the specified message list, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq      | 1.2.0 |
+| kyuubi.engine.deregister.exception.ttl                   | PT30M                     | Time to live(TTL) for exceptions pattern specified in kyuubi.engine.deregister.exception.classes and kyuubi.engine.deregister.exception.messages to deregister engines. Once the total error count hits the kyuubi.engine.deregister.job.max.failures within the TTL, an engine will deregister itself and wait for self-terminated. Otherwise, we suppose that the engine has recovered from temporary failures.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | duration | 1.2.0 |
+| kyuubi.engine.deregister.job.max.failures                | 4                         | Number of failures of job before deregistering the engine.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.2.0 |
+| kyuubi.engine.event.json.log.path                        | file:///tmp/kyuubi/events | The location where all the engine events go for the built-in JSON logger.<ul><li>Local Path: start with 'file://'</li><li>HDFS Path: start with 'hdfs://'</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.3.0 |
+| kyuubi.engine.event.loggers                              | SPARK                     | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a subclass of `org.apache.kyuubi.events.handler.CustomEventHandlerProvider` which has a zero-arg constructor.                                                                                                                                                                                                                                                                                                                                                    | seq      | 1.3.0 |
+| kyuubi.engine.flink.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Flink SQL engine, for configuring the location of hadoop client jars, etc                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.6.0 |
+| kyuubi.engine.flink.java.options                         | &lt;undefined&gt;         | The extra Java options for the Flink SQL engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.6.0 |
+| kyuubi.engine.flink.memory                               | 1g                        | The heap memory for the Flink SQL engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
+| kyuubi.engine.hive.event.loggers                         | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
+| kyuubi.engine.hive.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Hive query engine, for configuring location of the hadoop client jars and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
+| kyuubi.engine.hive.java.options                          | &lt;undefined&gt;         | The extra Java options for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
+| kyuubi.engine.hive.memory                                | 1g                        | The heap memory for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.engine.initialize.sql                             | SHOW DATABASES            | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SHOW DATABASES` to eagerly active HiveClient. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.2.0 |
+| kyuubi.engine.jdbc.connection.password                   | &lt;undefined&gt;         | The password is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.properties                                            || The additional properties are used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | seq      | 1.6.0 |
+| kyuubi.engine.jdbc.connection.provider                   | &lt;undefined&gt;         | The connection provider is used for getting a connection from the server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.url                        | &lt;undefined&gt;         | The server url that engine will connect to                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.user                       | &lt;undefined&gt;         | The user is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.engine.jdbc.driver.class                          | &lt;undefined&gt;         | The driver class for JDBC engine connection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
+| kyuubi.engine.jdbc.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the JDBC query engine, for configuring the location of the JDBC driver and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.6.0 |
+| kyuubi.engine.jdbc.java.options                          | &lt;undefined&gt;         | The extra Java options for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
+| kyuubi.engine.jdbc.memory                                | 1g                        | The heap memory for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.engine.jdbc.type                                  | &lt;undefined&gt;         | The short name of JDBC type                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
+| kyuubi.engine.operation.convert.catalog.database.enabled | true                      | When set to true, The engine converts the JDBC methods of set/get Catalog and set/get Schema to the implementation of different engines                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
+| kyuubi.engine.operation.log.dir.root                     | engine_operation_logs     | Root directory for query operation log at engine-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.4.0 |
+| kyuubi.engine.pool.name                                  | engine-pool               | The name of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.5.0 |
+| kyuubi.engine.pool.selectPolicy                          | RANDOM                    | The select policy of an engine from the corresponding engine pool engine for a session. <ul><li>RANDOM - Randomly use the engine in the pool</li><li>POLLING - Polling use the engine in the pool</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.7.0 |
+| kyuubi.engine.pool.size                                  | -1                        | The size of the engine pool. Note that, if the size is less than 1, the engine pool will not be enabled; otherwise, the size of the engine pool will be min(this, kyuubi.engine.pool.size.threshold).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | int      | 1.4.0 |
+| kyuubi.engine.pool.size.threshold                        | 9                         | This parameter is introduced as a server-side parameter controlling the upper limit of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.4.0 |
+| kyuubi.engine.session.initialize.sql                                                || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.3.0 |
+| kyuubi.engine.share.level                                | USER                      | Engines will be shared in different levels, available configs are: <ul> <li>CONNECTION: engine will not be shared but only used by the current client connection</li> <li>USER: engine will be shared by all sessions created by a unique username, see also kyuubi.engine.share.level.subdomain</li> <li>GROUP: the engine will be shared by all sessions created by all users belong to the same primary group name. The engine will be launched by the group name as the effective username, so here the group name is in value of special user who is able to visit the computing resources/data of the team. It follows the [Hadoop GroupsMapping](https://reurl.cc/xE61Y5) to map user to a primary group. If the primary group is not found, it fallback to the USER level. <li>SERVER: the App will be shared by Kyuubi servers</li></ul>                                                                                                          | string   | 1.2.0 |
+| kyuubi.engine.share.level.sub.domain                     | &lt;undefined&gt;         | (deprecated) - Using kyuubi.engine.share.level.subdomain instead                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.2.0 |
+| kyuubi.engine.share.level.subdomain                      | &lt;undefined&gt;         | Allow end-users to create a subdomain for the share level of an engine. A subdomain is a case-insensitive string values that must be a valid zookeeper subpath. For example, for the `USER` share level, an end-user can share a certain engine within a subdomain, not for all of its clients. End-users are free to create multiple engines in the `USER` share level. When disable engine pool, use 'default' if absent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.4.0 |
+| kyuubi.engine.single.spark.session                       | false                     | When set to true, this engine is running in a single session mode. All the JDBC/ODBC connections share the temporary views, function registries, SQL configuration and the current database.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | boolean  | 1.3.0 |
+| kyuubi.engine.spark.event.loggers                        | SPARK                     | A comma-separated list of engine loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | seq      | 1.7.0 |
+| kyuubi.engine.spark.python.env.archive                   | &lt;undefined&gt;         | Portable Python env archive used for Spark engine Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.7.0 |
+| kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.7.0 |
+| kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.7.0 |
+| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not invisible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.7.1 |
+| kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
+| kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
+| kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
+| kyuubi.engine.trino.memory                               | 1g                        | The heap memory for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
+| kyuubi.engine.type                                       | SPARK_SQL                 | Specify the detailed engine supported by Kyuubi. The engine type bindings to SESSION scope. This configuration is experimental. Currently, available configs are: <ul> <li>SPARK_SQL: specify this engine type will launch a Spark engine which can provide all the capacity of the Apache Spark. Note, it's a default engine type.</li> <li>FLINK_SQL: specify this engine type will launch a Flink engine which can provide all the capacity of the Apache Flink.</li> <li>TRINO: specify this engine type will launch a Trino engine which can provide all the capacity of the Trino.</li> <li>HIVE_SQL: specify this engine type will launch a Hive engine which can provide all the capacity of the Hive Server2.</li> <li>JDBC: specify this engine type will launch a JDBC engine which can provide a MySQL protocol connector, for now we only support Doris dialect.</li> <li>CHAT: specify this engine type will launch a Chat engine.</li></ul> | string   | 1.4.0 |
+| kyuubi.engine.ui.retainedSessions                        | 200                       | The number of SQL client sessions kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.4.0 |
+| kyuubi.engine.ui.retainedStatements                      | 200                       | The number of statements kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | int      | 1.4.0 |
+| kyuubi.engine.ui.stop.enabled                            | true                      | When true, allows Kyuubi engine to be killed from the Spark Web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | boolean  | 1.3.0 |
+| kyuubi.engine.user.isolated.spark.session                | true                      | When set to false, if the engine is running in a group or server share level, all the JDBC/ODBC connections will be isolated against the user. Including the temporary views, function registries, SQL configuration, and the current database. Note that, it does not affect if the share level is connection or user.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
+| kyuubi.engine.user.isolated.spark.session.idle.interval  | PT1M                      | The interval to check if the user-isolated Spark session is timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | duration | 1.6.0 |
+| kyuubi.engine.user.isolated.spark.session.idle.timeout   | PT6H                      | If kyuubi.engine.user.isolated.spark.session is false, we will release the Spark session if its corresponding user is inactive after this configured timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | duration | 1.6.0 |
 
 ### Event
 
diff --git a/externals/kyuubi-chat-engine/pom.xml b/externals/kyuubi-chat-engine/pom.xml
new file mode 100644
index 000000000..7e2178918
--- /dev/null
+++ b/externals/kyuubi-chat-engine/pom.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.kyuubi</groupId>
+        <artifactId>kyuubi-parent</artifactId>
+        <version>1.8.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>kyuubi-chat-engine_2.12</artifactId>
+    <packaging>jar</packaging>
+    <name>Kyuubi Project Engine Chat</name>
+    <url>https://kyuubi.apache.org/</url>
+
+    <dependencies>
+        <!-- kyuubi dependency -->
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-ha_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>${hive.jdbc.artifact}</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>prepare-test-jar</id>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                        <phase>test-compile</phase>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
+
+</project>
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatBackendService.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatBackendService.scala
new file mode 100644
index 000000000..fdc710e2c
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatBackendService.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat
+
+import org.apache.kyuubi.engine.chat.session.ChatSessionManager
+import org.apache.kyuubi.service.AbstractBackendService
+import org.apache.kyuubi.session.SessionManager
+
+class ChatBackendService
+  extends AbstractBackendService("ChatBackendService") {
+
+  override val sessionManager: SessionManager = new ChatSessionManager()
+
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatEngine.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatEngine.scala
new file mode 100644
index 000000000..c1fdea953
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatEngine.scala
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat
+
+import ChatEngine.currentEngine
+
+import org.apache.kyuubi.{Logging, Utils}
+import org.apache.kyuubi.Utils.{addShutdownHook, JDBC_ENGINE_SHUTDOWN_PRIORITY}
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ZK_CONN_RETRY_POLICY
+import org.apache.kyuubi.ha.client.RetryPolicies
+import org.apache.kyuubi.service.Serverable
+import org.apache.kyuubi.util.SignalRegister
+
+class ChatEngine extends Serverable("ChatEngine") {
+
+  override val backendService = new ChatBackendService()
+  override val frontendServices = Seq(new ChatTBinaryFrontendService(this))
+
+  override def start(): Unit = {
+    super.start()
+    // Start engine self-terminating checker after all services are ready and it can be reached by
+    // all servers in engine spaces.
+    backendService.sessionManager.startTerminatingChecker(() => {
+      currentEngine.foreach(_.stop())
+    })
+  }
+
+  override protected def stopServer(): Unit = {}
+}
+
+object ChatEngine extends Logging {
+
+  val kyuubiConf: KyuubiConf = KyuubiConf()
+
+  var currentEngine: Option[ChatEngine] = None
+
+  def startEngine(): Unit = {
+    currentEngine = Some(new ChatEngine())
+    currentEngine.foreach { engine =>
+      engine.initialize(kyuubiConf)
+      engine.start()
+      addShutdownHook(
+        () => {
+          engine.stop()
+        },
+        JDBC_ENGINE_SHUTDOWN_PRIORITY + 1)
+    }
+  }
+
+  def main(args: Array[String]): Unit = {
+    SignalRegister.registerLogger(logger)
+
+    try {
+      Utils.fromCommandLineArgs(args, kyuubiConf)
+      kyuubiConf.setIfMissing(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+      kyuubiConf.setIfMissing(HA_ZK_CONN_RETRY_POLICY, RetryPolicies.N_TIME.toString)
+
+      startEngine()
+    } catch {
+      case t: Throwable if currentEngine.isDefined =>
+        currentEngine.foreach { engine =>
+          engine.stop()
+        }
+        error("Failed to create Chat Engine", t)
+        throw t
+      case t: Throwable =>
+        error("Failed to create Chat Engine.", t)
+        throw t
+    }
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatTBinaryFrontendService.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatTBinaryFrontendService.scala
new file mode 100644
index 000000000..80702c97c
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/ChatTBinaryFrontendService.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat
+
+import org.apache.kyuubi.ha.client.{EngineServiceDiscovery, ServiceDiscovery}
+import org.apache.kyuubi.service.{Serverable, Service, TBinaryFrontendService}
+
+class ChatTBinaryFrontendService(override val serverable: Serverable)
+  extends TBinaryFrontendService("ChatTBinaryFrontend") {
+
+  /**
+   * An optional `ServiceDiscovery` for [[FrontendService]] to expose itself
+   */
+  override lazy val discoveryService: Option[Service] =
+    if (ServiceDiscovery.supportServiceDiscovery(conf)) {
+      Some(new EngineServiceDiscovery(this))
+    } else {
+      None
+    }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
new file mode 100644
index 000000000..38527cbf1
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat.operation
+
+import org.apache.hive.service.rpc.thrift._
+
+import org.apache.kyuubi.{KyuubiSQLException, Utils}
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.engine.chat.schema.{RowSet, SchemaHelper}
+import org.apache.kyuubi.operation.{AbstractOperation, FetchIterator, OperationState}
+import org.apache.kyuubi.operation.FetchOrientation.{FETCH_FIRST, FETCH_NEXT, FETCH_PRIOR, FetchOrientation}
+import org.apache.kyuubi.session.Session
+
+abstract class ChatOperation(session: Session) extends AbstractOperation(session) {
+
+  protected var iter: FetchIterator[Array[String]] = _
+
+  protected lazy val conf: KyuubiConf = session.sessionManager.getConf
+
+  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+    validateDefaultFetchOrientation(order)
+    assertState(OperationState.FINISHED)
+    setHasResultSet(true)
+    order match {
+      case FETCH_NEXT =>
+        iter.fetchNext()
+      case FETCH_PRIOR =>
+        iter.fetchPrior(rowSetSize)
+      case FETCH_FIRST =>
+        iter.fetchAbsolute(0)
+    }
+
+    val taken = iter.take(rowSetSize)
+    val resultRowSet = RowSet.toTRowSet(taken.toSeq, 1, getProtocolVersion)
+    resultRowSet.setStartRowOffset(iter.getPosition)
+    resultRowSet
+  }
+
+  override def cancel(): Unit = {
+    cleanup(OperationState.CANCELED)
+  }
+
+  override def close(): Unit = {
+    cleanup(OperationState.CLOSED)
+  }
+
+  protected def onError(cancel: Boolean = false): PartialFunction[Throwable, Unit] = {
+    // We should use Throwable instead of Exception since `java.lang.NoClassDefFoundError`
+    // could be thrown.
+    case e: Throwable =>
+      state.synchronized {
+        val errMsg = Utils.stringifyException(e)
+        if (state == OperationState.TIMEOUT) {
+          val ke = KyuubiSQLException(s"Timeout operating $opType: $errMsg")
+          setOperationException(ke)
+          throw ke
+        } else if (isTerminalState(state)) {
+          setOperationException(KyuubiSQLException(errMsg))
+          warn(s"Ignore exception in terminal state with $statementId: $errMsg")
+        } else {
+          error(s"Error operating $opType: $errMsg", e)
+          val ke = KyuubiSQLException(s"Error operating $opType: $errMsg", e)
+          setOperationException(ke)
+          setState(OperationState.ERROR)
+          throw ke
+        }
+      }
+  }
+
+  override protected def beforeRun(): Unit = {
+    setState(OperationState.PENDING)
+    setHasResultSet(true)
+  }
+
+  override protected def afterRun(): Unit = {}
+
+  override def getResultSetMetadata: TGetResultSetMetadataResp = {
+    val tTableSchema = SchemaHelper.stringTTableSchema("reply")
+    val resp = new TGetResultSetMetadataResp
+    resp.setSchema(tTableSchema)
+    resp.setStatus(OK_STATUS)
+    resp
+  }
+
+  override def shouldRunAsync: Boolean = false
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationManager.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationManager.scala
new file mode 100644
index 000000000..1e8916517
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationManager.scala
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat.operation
+
+import java.util
+
+import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.engine.chat.provider.ChatProvider
+import org.apache.kyuubi.operation.{Operation, OperationManager}
+import org.apache.kyuubi.session.Session
+
+class ChatOperationManager(
+    conf: KyuubiConf,
+    chatProvider: ChatProvider) extends OperationManager("ChatOperationManager") {
+
+  override def newExecuteStatementOperation(
+      session: Session,
+      statement: String,
+      confOverlay: Map[String, String],
+      runAsync: Boolean,
+      queryTimeout: Long): Operation = {
+    val executeStatement =
+      new ExecuteStatement(
+        session,
+        statement,
+        runAsync,
+        queryTimeout,
+        chatProvider)
+    addOperation(executeStatement)
+  }
+
+  override def newGetTypeInfoOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetCatalogsOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetSchemasOperation(
+      session: Session,
+      catalog: String,
+      schema: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetTablesOperation(
+      session: Session,
+      catalogName: String,
+      schemaName: String,
+      tableName: String,
+      tableTypes: util.List[String]): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetTableTypesOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetColumnsOperation(
+      session: Session,
+      catalogName: String,
+      schemaName: String,
+      tableName: String,
+      columnName: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetFunctionsOperation(
+      session: Session,
+      catalogName: String,
+      schemaName: String,
+      functionName: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetPrimaryKeysOperation(
+      session: Session,
+      catalogName: String,
+      schemaName: String,
+      tableName: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetCrossReferenceOperation(
+      session: Session,
+      primaryCatalog: String,
+      primarySchema: String,
+      primaryTable: String,
+      foreignCatalog: String,
+      foreignSchema: String,
+      foreignTable: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def getQueryId(operation: Operation): String = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newSetCurrentCatalogOperation(session: Session, catalog: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetCurrentCatalogOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newSetCurrentDatabaseOperation(session: Session, database: String): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+
+  override def newGetCurrentDatabaseOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ExecuteStatement.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ExecuteStatement.scala
new file mode 100644
index 000000000..754a51932
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ExecuteStatement.scala
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat.operation
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.engine.chat.provider.ChatProvider
+import org.apache.kyuubi.operation.{ArrayFetchIterator, OperationState}
+import org.apache.kyuubi.operation.log.OperationLog
+import org.apache.kyuubi.session.Session
+
+class ExecuteStatement(
+    session: Session,
+    override val statement: String,
+    override val shouldRunAsync: Boolean,
+    queryTimeout: Long,
+    chatProvider: ChatProvider)
+  extends ChatOperation(session) with Logging {
+
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
+  override protected def runInternal(): Unit = {
+    addTimeoutMonitor(queryTimeout)
+    if (shouldRunAsync) {
+      val asyncOperation = new Runnable {
+        override def run(): Unit = {
+          executeStatement()
+        }
+      }
+      val chatSessionManager = session.sessionManager
+      val backgroundHandle = chatSessionManager.submitBackgroundOperation(asyncOperation)
+      setBackgroundHandle(backgroundHandle)
+    } else {
+      executeStatement()
+    }
+  }
+
+  private def executeStatement(): Unit = {
+    setState(OperationState.RUNNING)
+
+    try {
+      val reply = chatProvider.ask(session.handle.identifier.toString, statement)
+      iter = new ArrayFetchIterator(Array(Array(reply)))
+
+      setState(OperationState.FINISHED)
+    } catch {
+      onError(true)
+    } finally {
+      shutdownTimeoutMonitor()
+    }
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
new file mode 100644
index 000000000..f948eb154
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.provider
+
+import java.util
+import java.util.concurrent.TimeUnit
+
+import com.google.common.cache.{CacheBuilder, CacheLoader, LoadingCache}
+import org.apache.http.HttpStatus
+import org.apache.http.client.methods.HttpPost
+import org.apache.http.entity.StringEntity
+import org.apache.http.impl.client.{CloseableHttpClient, HttpClientBuilder}
+import org.apache.http.util.EntityUtils
+
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.engine.chat.provider.ChatProvider.mapper
+
+class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
+
+  val token = conf.get(KyuubiConf.ENGINE_CHAT_GPT_API_KEY).get
+
+  val httpClient: CloseableHttpClient = HttpClientBuilder.create().build()
+
+  private val chatHistory: LoadingCache[String, util.ArrayDeque[Message]] =
+    CacheBuilder.newBuilder()
+      .expireAfterWrite(10, TimeUnit.MINUTES)
+      .build(new CacheLoader[String, util.ArrayDeque[Message]] {
+        override def load(sessionId: String): util.ArrayDeque[Message] =
+          new util.ArrayDeque[Message]
+      })
+
+  override def open(sessionId: String): Unit = {
+    chatHistory.getIfPresent(sessionId)
+  }
+
+  override def ask(sessionId: String, q: String): String = {
+    val messages = chatHistory.get(sessionId)
+    messages.addLast(Message("user", q))
+
+    val request = new HttpPost("https://api.openai.com/v1/chat/completions")
+    request.addHeader("Content-Type", "application/json")
+    request.addHeader("Authorization", "Bearer " + token)
+
+    val req = Map(
+      "messages" -> messages,
+      "model" -> "gpt-3.5-turbo",
+      "max_tokens" -> 200,
+      "temperature" -> 0.5,
+      "top_p" -> 1)
+
+    request.setEntity(new StringEntity(mapper.writeValueAsString(req)))
+    val responseEntity = httpClient.execute(request)
+    val respJson = mapper.readTree(EntityUtils.toString(responseEntity.getEntity))
+    val statusCode = responseEntity.getStatusLine.getStatusCode
+    if (responseEntity.getStatusLine.getStatusCode == HttpStatus.SC_OK) {
+      val replyMessage = mapper.treeToValue[Message](
+        respJson.get("choices").get(0).get("message"))
+      messages.addLast(replyMessage)
+      replyMessage.content
+    } else {
+      messages.removeLast()
+      s"Chat failed. Status: $statusCode. ${respJson.get("error").get("message").asText}"
+    }
+  }
+
+  override def close(sessionId: String): Unit = {
+    chatHistory.invalidate(sessionId)
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
new file mode 100644
index 000000000..af1ba434b
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.provider
+
+import scala.util.control.NonFatal
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.scala.{ClassTagExtensions, DefaultScalaModule}
+
+import org.apache.kyuubi.{KyuubiException, Logging}
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.reflection.DynConstructors
+
+trait ChatProvider {
+
+  def open(sessionId: String): Unit
+
+  def ask(sessionId: String, q: String): String
+
+  def close(sessionId: String): Unit
+}
+
+object ChatProvider extends Logging {
+
+  val mapper: ObjectMapper with ClassTagExtensions =
+    new ObjectMapper().registerModule(DefaultScalaModule) :: ClassTagExtensions
+
+  def load(conf: KyuubiConf): ChatProvider = {
+    val groupProviderClass = conf.get(KyuubiConf.ENGINE_CHAT_PROVIDER)
+    try {
+      DynConstructors.builder(classOf[ChatProvider])
+        .impl(groupProviderClass, classOf[KyuubiConf])
+        .impl(groupProviderClass)
+        .buildChecked
+        .newInstanceChecked(conf)
+    } catch {
+      case _: ClassCastException =>
+        throw new KyuubiException(
+          s"Class $groupProviderClass is not a child of '${classOf[ChatProvider].getName}'.")
+      case NonFatal(e) =>
+        throw new IllegalArgumentException(s"Error while instantiating '$groupProviderClass': ", e)
+    }
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala
new file mode 100644
index 000000000..31ad3b8e3
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.provider
+
+class EchoProvider extends ChatProvider {
+
+  override def open(sessionId: String): Unit = {}
+
+  override def ask(sessionId: String, q: String): String =
+    "This is ChatKyuubi, nice to meet you!"
+
+  override def close(sessionId: String): Unit = {}
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/Message.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/Message.scala
new file mode 100644
index 000000000..e2162be9f
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/Message.scala
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.provider
+
+case class Message(role: String, content: String)
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/RowSet.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/RowSet.scala
new file mode 100644
index 000000000..3bb4ba7df
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/RowSet.scala
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.schema
+
+import java.util
+
+import org.apache.hive.service.rpc.thrift._
+
+import org.apache.kyuubi.util.RowSetUtils._
+
+object RowSet {
+
+  def emptyTRowSet(): TRowSet = {
+    new TRowSet(0, new java.util.ArrayList[TRow](0))
+  }
+
+  def toTRowSet(
+      rows: Seq[Array[String]],
+      columnSize: Int,
+      protocolVersion: TProtocolVersion): TRowSet = {
+    if (protocolVersion.getValue < TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6.getValue) {
+      toRowBasedSet(rows, columnSize)
+    } else {
+      toColumnBasedSet(rows, columnSize)
+    }
+  }
+
+  def toRowBasedSet(rows: Seq[Array[String]], columnSize: Int): TRowSet = {
+    val rowSize = rows.length
+    val tRows = new java.util.ArrayList[TRow](rowSize)
+    var i = 0
+    while (i < rowSize) {
+      val row = rows(i)
+      val tRow = new TRow()
+      var j = 0
+      val columnSize = row.length
+      while (j < columnSize) {
+        val columnValue = stringTColumnValue(j, row)
+        tRow.addToColVals(columnValue)
+        j += 1
+      }
+      i += 1
+      tRows.add(tRow)
+    }
+    new TRowSet(0, tRows)
+  }
+
+  def toColumnBasedSet(rows: Seq[Array[String]], columnSize: Int): TRowSet = {
+    val rowSize = rows.length
+    val tRowSet = new TRowSet(0, new util.ArrayList[TRow](rowSize))
+    var i = 0
+    while (i < columnSize) {
+      val tColumn = toTColumn(rows, i)
+      tRowSet.addToColumns(tColumn)
+      i += 1
+    }
+    tRowSet
+  }
+
+  private def toTColumn(rows: Seq[Array[String]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[String](rows, ordinal, nulls, "")
+    TColumn.stringVal(new TStringColumn(values, nulls))
+  }
+
+  private def getOrSetAsNull[String](
+      rows: Seq[Array[String]],
+      ordinal: Int,
+      nulls: util.BitSet,
+      defaultVal: String): util.List[String] = {
+    val size = rows.length
+    val ret = new util.ArrayList[String](size)
+    var idx = 0
+    while (idx < size) {
+      val row = rows(idx)
+      val isNull = row(ordinal) == null
+      if (isNull) {
+        nulls.set(idx, true)
+        ret.add(idx, defaultVal)
+      } else {
+        ret.add(idx, row(ordinal))
+      }
+      idx += 1
+    }
+    ret
+  }
+
+  private def stringTColumnValue(ordinal: Int, row: Array[String]): TColumnValue = {
+    val tStringValue = new TStringValue
+    if (row(ordinal) != null) tStringValue.setValue(row(ordinal))
+    TColumnValue.stringVal(tStringValue)
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/SchemaHelper.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/SchemaHelper.scala
new file mode 100644
index 000000000..8ccfdda2f
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/schema/SchemaHelper.scala
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.schema
+
+import java.util.Collections
+
+import org.apache.hive.service.rpc.thrift._
+
+object SchemaHelper {
+
+  def stringTTypeQualifiers: TTypeQualifiers = {
+    val ret = new TTypeQualifiers()
+    val qualifiers = Collections.emptyMap[String, TTypeQualifierValue]()
+    ret.setQualifiers(qualifiers)
+    ret
+  }
+
+  def stringTTypeDesc: TTypeDesc = {
+    val typeEntry = new TPrimitiveTypeEntry(TTypeId.STRING_TYPE)
+    typeEntry.setTypeQualifiers(stringTTypeQualifiers)
+    val tTypeDesc = new TTypeDesc()
+    tTypeDesc.addToTypes(TTypeEntry.primitiveEntry(typeEntry))
+    tTypeDesc
+  }
+
+  def stringTColumnDesc(fieldName: String, pos: Int): TColumnDesc = {
+    val tColumnDesc = new TColumnDesc()
+    tColumnDesc.setColumnName(fieldName)
+    tColumnDesc.setTypeDesc(stringTTypeDesc)
+    tColumnDesc.setPosition(pos)
+    tColumnDesc
+  }
+
+  def stringTTableSchema(fieldsName: String*): TTableSchema = {
+    val tTableSchema = new TTableSchema()
+    fieldsName.zipWithIndex.foreach { case (f, i) =>
+      tTableSchema.addToColumns(stringTColumnDesc(f, i))
+    }
+    tTableSchema
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala
new file mode 100644
index 000000000..29f420768
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat.session
+
+import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
+
+import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiSQLException}
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
+
+class ChatSessionImpl(
+    protocol: TProtocolVersion,
+    user: String,
+    password: String,
+    ipAddress: String,
+    conf: Map[String, String],
+    sessionManager: SessionManager)
+  extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
+
+  override val handle: SessionHandle =
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
+
+  private val chatProvider = sessionManager.asInstanceOf[ChatSessionManager].chatProvider
+
+  override def open(): Unit = {
+    info(s"Starting to open chat session.")
+    chatProvider.open(handle.identifier.toString)
+    super.open()
+    info(s"The chat session is started.")
+  }
+
+  override def getInfo(infoType: TGetInfoType): TGetInfoValue = withAcquireRelease() {
+    infoType match {
+      case TGetInfoType.CLI_SERVER_NAME | TGetInfoType.CLI_DBMS_NAME =>
+        TGetInfoValue.stringValue("Kyuubi Chat Engine")
+      case TGetInfoType.CLI_DBMS_VER =>
+        TGetInfoValue.stringValue(KYUUBI_VERSION)
+      case TGetInfoType.CLI_ODBC_KEYWORDS => TGetInfoValue.stringValue("Unimplemented")
+      case TGetInfoType.CLI_MAX_COLUMN_NAME_LEN =>
+        TGetInfoValue.lenValue(128)
+      case TGetInfoType.CLI_MAX_SCHEMA_NAME_LEN =>
+        TGetInfoValue.lenValue(128)
+      case TGetInfoType.CLI_MAX_TABLE_NAME_LEN =>
+        TGetInfoValue.lenValue(128)
+      case _ => throw KyuubiSQLException(s"Unrecognized GetInfoType value: $infoType")
+    }
+  }
+
+  override def close(): Unit = {
+    chatProvider.close(handle.identifier.toString)
+    super.close()
+  }
+
+}
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionManager.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionManager.scala
new file mode 100644
index 000000000..33a9dd450
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionManager.scala
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat.session
+
+import org.apache.hive.service.rpc.thrift.TProtocolVersion
+
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.ENGINE_SHARE_LEVEL
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
+import org.apache.kyuubi.engine.ShareLevel
+import org.apache.kyuubi.engine.chat.ChatEngine
+import org.apache.kyuubi.engine.chat.operation.ChatOperationManager
+import org.apache.kyuubi.engine.chat.provider.ChatProvider
+import org.apache.kyuubi.operation.OperationManager
+import org.apache.kyuubi.session.{Session, SessionHandle, SessionManager}
+
+class ChatSessionManager(name: String)
+  extends SessionManager(name) {
+
+  def this() = this(classOf[ChatSessionManager].getSimpleName)
+
+  override protected def isServer: Boolean = false
+
+  lazy val chatProvider: ChatProvider = ChatProvider.load(conf)
+
+  override lazy val operationManager: OperationManager =
+    new ChatOperationManager(conf, chatProvider)
+
+  override def initialize(conf: KyuubiConf): Unit = {
+    this.conf = conf
+    super.initialize(conf)
+  }
+
+  override protected def createSession(
+      protocol: TProtocolVersion,
+      user: String,
+      password: String,
+      ipAddress: String,
+      conf: Map[String, String]): Session = {
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID)
+      .flatMap(getSessionOption).getOrElse {
+        new ChatSessionImpl(protocol, user, password, ipAddress, conf, this)
+      }
+  }
+
+  override def closeSession(sessionHandle: SessionHandle): Unit = {
+    super.closeSession(sessionHandle)
+    if (conf.get(ENGINE_SHARE_LEVEL) == ShareLevel.CONNECTION.toString) {
+      info("Session stopped due to shared level is Connection.")
+      stopSession()
+    }
+  }
+
+  private def stopSession(): Unit = {
+    ChatEngine.currentEngine.foreach(_.stop())
+  }
+}
diff --git a/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml
new file mode 100644
index 000000000..585a12c6f
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!-- Extra logging related to initialization of Log4j. 
+ Set to debug or trace if log4j initialization is failing. -->
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="stdout" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <Filters>
+                <ThresholdFilter level="FATAL"/>
+                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+        </Console>
+        <File name="file" fileName="target/unit-tests.log">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <Filters>
+                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+        </File>
+    </Appenders>
+    <Loggers>
+        <Root level="INFO">
+            <AppenderRef ref="file"/>
+        </Root>
+    </Loggers>
+</Configuration>
diff --git a/externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/WithChatEngine.scala b/externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/WithChatEngine.scala
new file mode 100644
index 000000000..287fdde2f
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/WithChatEngine.scala
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.engine.chat
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+trait WithChatEngine extends KyuubiFunSuite {
+
+  protected var engine: ChatEngine = _
+  protected var connectionUrl: String = _
+
+  protected val kyuubiConf: KyuubiConf = ChatEngine.kyuubiConf
+
+  def withKyuubiConf: Map[String, String]
+
+  override def beforeAll(): Unit = {
+    super.beforeAll()
+    startChatEngine()
+  }
+
+  override def afterAll(): Unit = {
+    stopChatEngine()
+    super.afterAll()
+  }
+
+  def stopChatEngine(): Unit = {
+    if (engine != null) {
+      engine.stop()
+      engine = null
+    }
+  }
+
+  def startChatEngine(): Unit = {
+    withKyuubiConf.foreach { case (k, v) =>
+      System.setProperty(k, v)
+      kyuubiConf.set(k, v)
+    }
+    ChatEngine.startEngine()
+    engine = ChatEngine.currentEngine.get
+    connectionUrl = engine.frontendServices.head.connectionUrl
+  }
+
+  protected def jdbcConnectionUrl: String = s"jdbc:hive2://$connectionUrl/;"
+
+}
diff --git a/externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationSuite.scala b/externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationSuite.scala
new file mode 100644
index 000000000..b14407a26
--- /dev/null
+++ b/externals/kyuubi-chat-engine/src/test/scala/org/apache/kyuubi/engine/chat/operation/ChatOperationSuite.scala
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat.operation
+
+import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.engine.chat.WithChatEngine
+import org.apache.kyuubi.operation.HiveJDBCTestHelper
+
+class ChatOperationSuite extends HiveJDBCTestHelper with WithChatEngine {
+
+  override def withKyuubiConf: Map[String, String] = Map(
+    ENGINE_CHAT_PROVIDER.key -> "echo")
+
+  override protected def jdbcUrl: String = jdbcConnectionUrl
+
+  test("test echo chat provider") {
+    withJdbcStatement() { stmt =>
+      val result = stmt.executeQuery("Hello, Kyuubi")
+      assert(result.next())
+      val expected = "This is ChatKyuubi, nice to meet you!"
+      assert(result.getString("reply") === expected)
+      assert(!result.next())
+    }
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 1b7737344..b39bee307 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1817,6 +1817,7 @@ object KyuubiConf {
       " all the capacity of the Hive Server2.</li>" +
       " <li>JDBC: specify this engine type will launch a JDBC engine which can provide" +
       " a MySQL protocol connector, for now we only support Doris dialect.</li>" +
+      " <li>CHAT: specify this engine type will launch a Chat engine.</li>" +
       "</ul>")
     .version("1.4.0")
     .stringConf
@@ -2621,6 +2622,51 @@ object KyuubiConf {
     Map(configs.map { cfg => cfg.key -> cfg }: _*)
   }
 
+  val ENGINE_CHAT_MEMORY: ConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.memory")
+      .doc("The heap memory for the Chat engine")
+      .version("1.8.0")
+      .stringConf
+      .createWithDefault("1g")
+
+  val ENGINE_CHAT_JAVA_OPTIONS: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.java.options")
+      .doc("The extra Java options for the Chat engine")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_CHAT_PROVIDER: ConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.provider")
+      .doc("The provider for the Chat engine. Candidates: <ul>" +
+        " <li>ECHO: simply replies a welcome message.</li>" +
+        " <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li>" +
+        "</ul>")
+      .version("1.8.0")
+      .stringConf
+      .transform {
+        case "ECHO" | "echo" => "org.apache.kyuubi.engine.chat.provider.EchoProvider"
+        case "GPT" | "gpt" | "ChatGPT" => "org.apache.kyuubi.engine.chat.provider.ChatGPTProvider"
+        case other => other
+      }
+      .createWithDefault("ECHO")
+
+  val ENGINE_CHAT_GPT_API_KEY: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.gpt.apiKey")
+      .doc("The key to access OpenAI open API, which could be got at " +
+        "https://platform.openai.com/account/api-keys")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_CHAT_EXTRA_CLASSPATH: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.extra.classpath")
+      .doc("The extra classpath for the Chat engine, for configuring the location " +
+        "of the SDK and etc.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
   val ENGINE_JDBC_MEMORY: ConfigEntry[String] =
     buildConf("kyuubi.engine.jdbc.memory")
       .doc("The heap memory for the JDBC query engine")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/engine/EngineType.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/engine/EngineType.scala
index 88680a8c7..3d850ba14 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/engine/EngineType.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/engine/EngineType.scala
@@ -23,5 +23,5 @@ package org.apache.kyuubi.engine
 object EngineType extends Enumeration {
   type EngineType = Value
 
-  val SPARK_SQL, FLINK_SQL, TRINO, HIVE_SQL, JDBC = Value
+  val SPARK_SQL, FLINK_SQL, CHAT, TRINO, HIVE_SQL, JDBC = Value
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index e2ddb4221..5f3af28f8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -29,8 +29,9 @@ import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiSQLException, Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_ENGINE_SUBMIT_TIME_KEY
-import org.apache.kyuubi.engine.EngineType.{EngineType, FLINK_SQL, HIVE_SQL, JDBC, SPARK_SQL, TRINO}
+import org.apache.kyuubi.engine.EngineType._
 import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, GROUP, SERVER, ShareLevel}
+import org.apache.kyuubi.engine.chat.ChatProcessBuilder
 import org.apache.kyuubi.engine.flink.FlinkProcessBuilder
 import org.apache.kyuubi.engine.hive.HiveProcessBuilder
 import org.apache.kyuubi.engine.jdbc.JdbcProcessBuilder
@@ -192,6 +193,8 @@ private[kyuubi] class EngineRef(
         new HiveProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case JDBC =>
         new JdbcProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
+      case CHAT =>
+        new ChatProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
     }
 
     MetricsSystem.tracing(_.incCount(ENGINE_TOTAL))
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala
new file mode 100644
index 000000000..532c5dddf
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.chat
+
+import java.io.File
+import java.nio.file.{Files, Paths}
+import java.util
+
+import scala.collection.JavaConverters._
+import scala.collection.mutable.ArrayBuffer
+
+import com.google.common.annotations.VisibleForTesting
+
+import org.apache.kyuubi.{Logging, SCALA_COMPILE_VERSION, Utils}
+import org.apache.kyuubi.Utils.REDACTION_REPLACEMENT_TEXT
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
+import org.apache.kyuubi.engine.ProcBuilder
+import org.apache.kyuubi.operation.log.OperationLog
+
+class ChatProcessBuilder(
+    override val proxyUser: String,
+    override val conf: KyuubiConf,
+    val engineRefId: String,
+    val extraEngineLog: Option[OperationLog] = None)
+  extends ProcBuilder with Logging {
+
+  @VisibleForTesting
+  def this(proxyUser: String, conf: KyuubiConf) {
+    this(proxyUser, conf, "")
+  }
+
+  /**
+   * The short name of the engine process builder, we use this for form the engine jar paths now
+   * see `mainResource`
+   */
+  override def shortName: String = "chat"
+
+  override protected def module: String = "kyuubi-chat-engine"
+
+  /**
+   * The class containing the main method
+   */
+  override protected def mainClass: String = "org.apache.kyuubi.engine.chat.ChatEngine"
+
+  override protected val commands: Array[String] = {
+    val buffer = new ArrayBuffer[String]()
+    buffer += executable
+
+    val memory = conf.get(ENGINE_CHAT_MEMORY)
+    buffer += s"-Xmx$memory"
+
+    val javaOptions = conf.get(ENGINE_CHAT_JAVA_OPTIONS)
+    javaOptions.foreach(buffer += _)
+
+    buffer += "-cp"
+    val classpathEntries = new util.LinkedHashSet[String]
+    mainResource.foreach(classpathEntries.add)
+    mainResource.foreach { path =>
+      val parent = Paths.get(path).getParent
+      val chatDevDepDir = parent
+        .resolve(s"scala-$SCALA_COMPILE_VERSION")
+        .resolve("jars")
+      if (Files.exists(chatDevDepDir)) {
+        // add dev classpath
+        classpathEntries.add(s"$chatDevDepDir${File.separator}*")
+      } else {
+        // add prod classpath
+        classpathEntries.add(s"$parent${File.separator}*")
+      }
+    }
+
+    val extraCp = conf.get(ENGINE_CHAT_EXTRA_CLASSPATH)
+    extraCp.foreach(classpathEntries.add)
+    buffer += classpathEntries.asScala.mkString(File.pathSeparator)
+    buffer += mainClass
+
+    buffer += "--conf"
+    buffer += s"$KYUUBI_SESSION_USER_KEY=$proxyUser"
+
+    for ((k, v) <- conf.getAll) {
+      buffer += "--conf"
+      buffer += s"$k=$v"
+    }
+    buffer.toArray
+  }
+
+  override def toString: String = {
+    if (commands == null) {
+      super.toString()
+    } else {
+      Utils.redactCommandLineArgs(conf, commands).map {
+        case arg if arg.contains(ENGINE_CHAT_GPT_API_KEY.key) =>
+          s"${ENGINE_CHAT_GPT_API_KEY.key}=$REDACTION_REPLACEMENT_TEXT"
+        case arg => arg
+      }.mkString("\n")
+    }
+  }
+}
diff --git a/pom.xml b/pom.xml
index 2082499dc..a2de5d29d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,10 +60,11 @@
         <module>extensions/spark/kyuubi-spark-connector-tpcds</module>
         <module>extensions/spark/kyuubi-spark-connector-tpch</module>
         <module>extensions/spark/kyuubi-spark-lineage</module>
+        <module>externals/kyuubi-chat-engine</module>
         <module>externals/kyuubi-download</module>
         <module>externals/kyuubi-flink-sql-engine</module>
-        <module>externals/kyuubi-jdbc-engine</module>
         <module>externals/kyuubi-hive-sql-engine</module>
+        <module>externals/kyuubi-jdbc-engine</module>
         <module>externals/kyuubi-spark-sql-engine</module>
         <module>externals/kyuubi-trino-engine</module>
         <module>integration-tests</module>

From 6ded07974eebcbd8cbba4167a25c80e4549014d6 Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Fri, 17 Mar 2023 21:48:58 +0800
Subject: [PATCH 185/760] [KYUUBI #4548] Kyuubi Chat Engine supports Chinese
 questions and HTTP proxy

### _Why are the changes needed?_

- Support Chinese question
- Support proxy settings
- Support setting timeout

<img width="1228" alt="image" src="https://user-images.githubusercontent.com/3898450/225851246-8762a451-9743-4c1d-8a33-cc49a926dfec.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4548 from cxzl25/chatgpt_followup.

Closes #4548

1d5715442 [Cheng Pan] Update externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
7add6a733 [Cheng Pan] Update externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
55974f298 [sychen] fix
2d360e102 [sychen] typo
19b5d0814 [sychen] doc
bdf8e29b6 [sychen] 1.utf8;2.proxy;timeout

Lead-authored-by: sychen <sychen@ctrip.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  3 ++
 .../chat/provider/ChatGPTProvider.scala       | 33 ++++++++++++++-----
 .../org/apache/kyuubi/config/KyuubiConf.scala | 25 ++++++++++++++
 3 files changed, 53 insertions(+), 8 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 9c5f76712..db6e3d246 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -122,6 +122,9 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 |----------------------------------------------------------|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
 | kyuubi.engine.chat.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Chat engine, for configuring the location of the SDK and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.8.0 |
 | kyuubi.engine.chat.gpt.apiKey                            | &lt;undefined&gt;         | The key to access OpenAI open API, which could be got at https://platform.openai.com/account/api-keys                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.8.0 |
+| kyuubi.engine.chat.gpt.http.connect.timeout              | PT2M                      | The timeout[ms] for establishing the connection with the Chat GPT server. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.8.0 |
+| kyuubi.engine.chat.gpt.http.proxy                        | &lt;undefined&gt;         | HTTP proxy url for API calling in Chat GPT engine. e.g. http://127.0.0.1:1087                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.8.0 |
+| kyuubi.engine.chat.gpt.http.socket.timeout               | PT2M                      | The timeout[ms] for waiting for data packets after Chat GPT server connection is established. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.8.0 |
 | kyuubi.engine.chat.java.options                          | &lt;undefined&gt;         | The extra Java options for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
 | kyuubi.engine.chat.memory                                | 1g                        | The heap memory for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
 | kyuubi.engine.chat.provider                              | ECHO                      | The provider for the Chat engine. Candidates: <ul> <li>ECHO: simply replies a welcome message.</li> <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
index f948eb154..28ef36bb4 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -21,9 +21,10 @@ import java.util
 import java.util.concurrent.TimeUnit
 
 import com.google.common.cache.{CacheBuilder, CacheLoader, LoadingCache}
-import org.apache.http.HttpStatus
+import org.apache.http.{HttpHost, HttpStatus}
+import org.apache.http.client.config.RequestConfig
 import org.apache.http.client.methods.HttpPost
-import org.apache.http.entity.StringEntity
+import org.apache.http.entity.{ContentType, StringEntity}
 import org.apache.http.impl.client.{CloseableHttpClient, HttpClientBuilder}
 import org.apache.http.util.EntityUtils
 
@@ -32,9 +33,25 @@ import org.apache.kyuubi.engine.chat.provider.ChatProvider.mapper
 
 class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
 
-  val token = conf.get(KyuubiConf.ENGINE_CHAT_GPT_API_KEY).get
+  private val gptApiKey = conf.get(KyuubiConf.ENGINE_CHAT_GPT_API_KEY).getOrElse {
+    throw new IllegalArgumentException(
+      s"'${KyuubiConf.ENGINE_CHAT_GPT_API_KEY.key}' must be configured, " +
+        s"which could be got at https://platform.openai.com/account/api-keys")
+  }
 
-  val httpClient: CloseableHttpClient = HttpClientBuilder.create().build()
+  private val httpClient: CloseableHttpClient = HttpClientBuilder.create().build()
+
+  private val requestConfig = {
+    val connectTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_CONNECT_TIMEOUT).asInstanceOf[Int]
+    val socketTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_SOCKET_TIMEOUT).asInstanceOf[Int]
+    val builder: RequestConfig.Builder = RequestConfig.custom()
+      .setConnectTimeout(connectTimeout)
+      .setSocketTimeout(socketTimeout)
+    conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_PROXY).foreach { url =>
+      builder.setProxy(HttpHost.create(url))
+    }
+    builder.build()
+  }
 
   private val chatHistory: LoadingCache[String, util.ArrayDeque[Message]] =
     CacheBuilder.newBuilder()
@@ -53,8 +70,7 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
     messages.addLast(Message("user", q))
 
     val request = new HttpPost("https://api.openai.com/v1/chat/completions")
-    request.addHeader("Content-Type", "application/json")
-    request.addHeader("Authorization", "Bearer " + token)
+    request.addHeader("Authorization", "Bearer " + gptApiKey)
 
     val req = Map(
       "messages" -> messages,
@@ -62,8 +78,9 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
       "max_tokens" -> 200,
       "temperature" -> 0.5,
       "top_p" -> 1)
-
-    request.setEntity(new StringEntity(mapper.writeValueAsString(req)))
+    val entity = new StringEntity(mapper.writeValueAsString(req), ContentType.APPLICATION_JSON)
+    request.setEntity(entity)
+    request.setConfig(requestConfig)
     val responseEntity = httpClient.execute(request)
     val respJson = mapper.readTree(EntityUtils.toString(responseEntity.getEntity))
     val statusCode = responseEntity.getStatusLine.getStatusCode
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index b39bee307..35626eea5 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2667,6 +2667,31 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
+  val ENGINE_CHAT_GPT_HTTP_PROXY: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.gpt.http.proxy")
+      .doc("HTTP proxy url for API calling in Chat GPT engine. e.g. http://127.0.0.1:1087")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_CHAT_GPT_HTTP_CONNECT_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.engine.chat.gpt.http.connect.timeout")
+      .doc("The timeout[ms] for establishing the connection with the Chat GPT server. " +
+        "A timeout value of zero is interpreted as an infinite timeout.")
+      .version("1.8.0")
+      .timeConf
+      .checkValue(_ >= 0, "must be 0 or positive number")
+      .createWithDefault(Duration.ofSeconds(120).toMillis)
+
+  val ENGINE_CHAT_GPT_HTTP_SOCKET_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.engine.chat.gpt.http.socket.timeout")
+      .doc("The timeout[ms] for waiting for data packets after Chat GPT server " +
+        "connection is established. A timeout value of zero is interpreted as an infinite timeout.")
+      .version("1.8.0")
+      .timeConf
+      .checkValue(_ >= 0, "must be 0 or positive number")
+      .createWithDefault(Duration.ofSeconds(120).toMillis)
+
   val ENGINE_JDBC_MEMORY: ConfigEntry[String] =
     buildConf("kyuubi.engine.jdbc.memory")
       .doc("The heap memory for the JDBC query engine")

From 067c6010a668c1ed9e83a991e589fb886304c959 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sat, 18 Mar 2023 15:34:16 +0800
Subject: [PATCH 186/760] [KYUUBI #4554] [CHAT] Code improvement in
 ChatGPTProvider

### _Why are the changes needed?_

- set authentication as default header in client construction instead of  request construction
- handle response's status code in scala style
- transforming config's long value to int with `.intValue` instead of `asInstanceOf` casting
- fix var name to `response`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4554 from bowenliang123/chatgpt-http.

Closes #4554

114484a4d [liangbowen] httpclient improvement in ChatGPTProvider

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../chat/provider/ChatGPTProvider.scala       | 42 +++++++++++--------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
index 28ef36bb4..a4cdb7c94 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -20,12 +20,15 @@ package org.apache.kyuubi.engine.chat.provider
 import java.util
 import java.util.concurrent.TimeUnit
 
+import scala.collection.JavaConverters._
+
 import com.google.common.cache.{CacheBuilder, CacheLoader, LoadingCache}
-import org.apache.http.{HttpHost, HttpStatus}
+import org.apache.http.{HttpHeaders, HttpHost, HttpStatus}
 import org.apache.http.client.config.RequestConfig
 import org.apache.http.client.methods.HttpPost
 import org.apache.http.entity.{ContentType, StringEntity}
 import org.apache.http.impl.client.{CloseableHttpClient, HttpClientBuilder}
+import org.apache.http.message.BasicHeader
 import org.apache.http.util.EntityUtils
 
 import org.apache.kyuubi.config.KyuubiConf
@@ -39,11 +42,16 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
         s"which could be got at https://platform.openai.com/account/api-keys")
   }
 
-  private val httpClient: CloseableHttpClient = HttpClientBuilder.create().build()
+  private val httpClient: CloseableHttpClient = {
+    HttpClientBuilder.create()
+      .setDefaultHeaders(List(
+        new BasicHeader(HttpHeaders.AUTHORIZATION, s"Bearer $gptApiKey")).asJava)
+      .build()
+  }
 
-  private val requestConfig = {
-    val connectTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_CONNECT_TIMEOUT).asInstanceOf[Int]
-    val socketTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_SOCKET_TIMEOUT).asInstanceOf[Int]
+  private val requestConfig: RequestConfig = {
+    val connectTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_CONNECT_TIMEOUT).intValue()
+    val socketTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_SOCKET_TIMEOUT).intValue()
     val builder: RequestConfig.Builder = RequestConfig.custom()
       .setConnectTimeout(connectTimeout)
       .setSocketTimeout(socketTimeout)
@@ -70,8 +78,6 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
     messages.addLast(Message("user", q))
 
     val request = new HttpPost("https://api.openai.com/v1/chat/completions")
-    request.addHeader("Authorization", "Bearer " + gptApiKey)
-
     val req = Map(
       "messages" -> messages,
       "model" -> "gpt-3.5-turbo",
@@ -81,17 +87,17 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
     val entity = new StringEntity(mapper.writeValueAsString(req), ContentType.APPLICATION_JSON)
     request.setEntity(entity)
     request.setConfig(requestConfig)
-    val responseEntity = httpClient.execute(request)
-    val respJson = mapper.readTree(EntityUtils.toString(responseEntity.getEntity))
-    val statusCode = responseEntity.getStatusLine.getStatusCode
-    if (responseEntity.getStatusLine.getStatusCode == HttpStatus.SC_OK) {
-      val replyMessage = mapper.treeToValue[Message](
-        respJson.get("choices").get(0).get("message"))
-      messages.addLast(replyMessage)
-      replyMessage.content
-    } else {
-      messages.removeLast()
-      s"Chat failed. Status: $statusCode. ${respJson.get("error").get("message").asText}"
+    val response = httpClient.execute(request)
+    val respJson = mapper.readTree(EntityUtils.toString(response.getEntity))
+    response.getStatusLine.getStatusCode match {
+      case HttpStatus.SC_OK =>
+        val replyMessage = mapper.treeToValue[Message](
+          respJson.get("choices").get(0).get("message"))
+        messages.addLast(replyMessage)
+        replyMessage.content
+      case errorStatusCode =>
+        messages.removeLast()
+        s"Chat failed. Status: $errorStatusCode. ${respJson.get("error").get("message").asText}"
     }
   }
 

From 06e69ddb2b9b522f9fabef61a59969159acb74b0 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sat, 18 Mar 2023 21:54:45 +0800
Subject: [PATCH 187/760] [KYUUBI #4295] Introduce `super-linter` action for
 linting JSON, XML, ENV files and bash_exec

### _Why are the changes needed?_

- introduce `action/super-linter` with multiple linters, (https://github.com/marketplace/actions/super-linter)
- using the smaller size version of image `github/super-linter/slim` for faster image pulling
- enable linting for `bash_exec` for checking executable of bash scripts, with fixed `tools/spark-block-cleaner/kubernetes/docker/entrypoint.sh`
- enable  integrity checks for JSON files in JSONC style
- enable integrity checks for XML files
- enable linting for ENV files

### _How was this patch tested?_
- [x] Pass CI jobs

Closes #4295 from bowenliang123/superlinter-action.

Closes #4295

321d24912 [liangbowen] update
497bf801c [liangbowen] use JSONC instead of JSON to support comments
43787e233 [liangbowen] use superlinter

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/style.yml                   | 26 ++++++++++++++++++-
 .../kubernetes/docker/entrypoint.sh           |  0
 2 files changed, 25 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 tools/spark-block-cleaner/kubernetes/docker/entrypoint.sh

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index bfaf22e2e..040cdfb3e 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -38,6 +38,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
       - name: Setup JDK 8
         uses: actions/setup-java@v3
         with:
@@ -104,10 +106,32 @@ jobs:
           echo "---------------------------------------------------------------------------------"
 
   shellcheck:
-    name: Shellcheck
+    name: Super Linter and Shellcheck
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
+      - name: Super Linter Checks
+        uses: github/super-linter/slim@v4
+        env:
+          CREATE_LOG_FILE: true
+          ERROR_ON_MISSING_EXEC_BIT: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          IGNORE_GENERATED_FILES: true
+          IGNORE_GITIGNORED_FILES: true
+          LINTER_RULES_PATH: /
+          LOG_LEVEL: NOTICE
+          SUPPRESS_POSSUM: true
+          VALIDATE_BASH_EXEC: true
+          VALIDATE_ENV: true
+          VALIDATE_JSONC: true
+          VALIDATE_POWERSHELL: true
+          VALIDATE_XML: true
+      - name: Upload Super Linter logs
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: super-linter-log
+          path: super-linter.log
       - name: check bin directory
         uses: ludeeus/action-shellcheck@1.1.0
         with:
diff --git a/tools/spark-block-cleaner/kubernetes/docker/entrypoint.sh b/tools/spark-block-cleaner/kubernetes/docker/entrypoint.sh
old mode 100644
new mode 100755

From c03664b8d8169f0d8b8b369e0bf96a5291e8361c Mon Sep 17 00:00:00 2001
From: Chao Chen <chenchao4@grgbanking.com>
Date: Sun, 19 Mar 2023 17:12:07 +0800
Subject: [PATCH 188/760] [KYUUBI #4517] [FLINK] Fix multiple executions lead
 to abnormal results on Flink 1.14

Fix bug in flink 1.14 version, multiple executions lead to abnormal results

### _Why are the changes needed?_

Fix bug in flink 1.14 version, multiple executions lead to abnormal results

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [X] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4517 from waywtdcc/flink1.14_result_ok_error.

Closes #4517

96ce6129c [Cheng Pan] ut
1bd9d1e2f [Cheng Pan] nit
5e5bccc91 [Cheng Pan] Migrate Flink engine Java code to Scala
4afb02064 [chenchao4] Fix bug in flink 1.14 version, multiple executions lead to abnormal results
3d5dc64c5 [chenchao4] Fix bug in flink 1.14 version, multiple executions lead to abnormal results
c084864bd [chenchao4] Fix bug in flink 1.14 version, multiple executions lead to abnormal results
954d76062 [chenchao4] Fix bug in flink 1.14 version, multiple executions lead to abnormal results
d63ec55f2 [chenchao4] Fix bug in flink 1.14 version, multiple executions lead to abnormal results

Lead-authored-by: Chao Chen <chenchao4@grgbanking.com>
Co-authored-by: chenchao4 <Chenchao123>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/flink/result/Constants.java |  28 ---
 .../kyuubi/engine/flink/result/ResultSet.java | 178 ------------------
 .../engine/flink/result/Constants.scala       |  24 +++
 .../engine/flink/result/ResultSet.scala       | 139 ++++++++++++++
 .../flink/operation/FlinkOperationSuite.scala |  19 +-
 5 files changed, 170 insertions(+), 218 deletions(-)
 delete mode 100644 externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/Constants.java
 delete mode 100644 externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/ResultSet.java
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/Constants.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala

diff --git a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/Constants.java b/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/Constants.java
deleted file mode 100644
index b683eb76a..000000000
--- a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/Constants.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.flink.result;
-
-/** Constant column names. */
-public class Constants {
-
-  public static final String TABLE_TYPE = "TABLE";
-  public static final String VIEW_TYPE = "VIEW";
-
-  public static final String[] SUPPORTED_TABLE_TYPES = new String[] {TABLE_TYPE, VIEW_TYPE};
-}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/ResultSet.java b/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/ResultSet.java
deleted file mode 100644
index 66f03a159..000000000
--- a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/kyuubi/engine/flink/result/ResultSet.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.flink.result;
-
-import com.google.common.collect.Iterators;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Objects;
-import javax.annotation.Nullable;
-import org.apache.flink.table.api.ResultKind;
-import org.apache.flink.table.api.TableResult;
-import org.apache.flink.table.catalog.Column;
-import org.apache.flink.table.catalog.ResolvedSchema;
-import org.apache.flink.types.Row;
-import org.apache.flink.util.Preconditions;
-import org.apache.kyuubi.operation.ArrayFetchIterator;
-import org.apache.kyuubi.operation.FetchIterator;
-
-/**
- * A set of one statement execution result containing result kind, columns, rows of data and change
- * flags for streaming mode.
- */
-public class ResultSet {
-
-  private final ResultKind resultKind;
-  private final List<Column> columns;
-  private final FetchIterator<Row> data;
-
-  // null in batch mode
-  //
-  // list of boolean in streaming mode,
-  // true if the corresponding row is an append row, false if its a retract row
-  private final List<Boolean> changeFlags;
-
-  private ResultSet(
-      ResultKind resultKind,
-      List<Column> columns,
-      FetchIterator<Row> data,
-      @Nullable List<Boolean> changeFlags) {
-    this.resultKind = Preconditions.checkNotNull(resultKind, "resultKind must not be null");
-    this.columns = Preconditions.checkNotNull(columns, "columns must not be null");
-    this.data = Preconditions.checkNotNull(data, "data must not be null");
-    this.changeFlags = changeFlags;
-    if (changeFlags != null) {
-      Preconditions.checkArgument(
-          Iterators.size((Iterator<?>) data) == changeFlags.size(),
-          "the size of data and the size of changeFlags should be equal");
-    }
-  }
-
-  public List<Column> getColumns() {
-    return columns;
-  }
-
-  public FetchIterator<Row> getData() {
-    return data;
-  }
-
-  @Override
-  public boolean equals(Object o) {
-    if (this == o) {
-      return true;
-    }
-    if (o == null || getClass() != o.getClass()) {
-      return false;
-    }
-    ResultSet resultSet = (ResultSet) o;
-    return resultKind.equals(resultSet.resultKind)
-        && columns.equals(resultSet.columns)
-        && data.equals(resultSet.data)
-        && Objects.equals(changeFlags, resultSet.changeFlags);
-  }
-
-  @Override
-  public int hashCode() {
-    return Objects.hash(resultKind, columns, data, changeFlags);
-  }
-
-  @Override
-  public String toString() {
-    return "ResultSet{"
-        + "resultKind="
-        + resultKind
-        + ", columns="
-        + columns
-        + ", data="
-        + data
-        + ", changeFlags="
-        + changeFlags
-        + '}';
-  }
-
-  public static ResultSet fromTableResult(TableResult tableResult) {
-    ResolvedSchema schema = tableResult.getResolvedSchema();
-    // collect all rows from table result as list
-    // this is ok as TableResult contains limited rows
-    List<Row> rows = new ArrayList<>();
-    tableResult.collect().forEachRemaining(rows::add);
-    return builder()
-        .resultKind(tableResult.getResultKind())
-        .columns(schema.getColumns())
-        .data(rows.toArray(new Row[0]))
-        .build();
-  }
-
-  public static Builder builder() {
-    return new Builder();
-  }
-
-  /** Builder for {@link ResultSet}. */
-  public static class Builder {
-    private ResultKind resultKind = null;
-    private List<Column> columns = null;
-    private FetchIterator<Row> data = null;
-    private List<Boolean> changeFlags = null;
-
-    private Builder() {}
-
-    /** Set {@link ResultKind}. */
-    public Builder resultKind(ResultKind resultKind) {
-      this.resultKind = resultKind;
-      return this;
-    }
-
-    /** Set columns. */
-    public Builder columns(Column... columns) {
-      this.columns = Arrays.asList(columns);
-      return this;
-    }
-
-    /** Set columns. */
-    public Builder columns(List<Column> columns) {
-      this.columns = columns;
-      return this;
-    }
-
-    /** Set data. */
-    public Builder data(FetchIterator<Row> data) {
-      this.data = data;
-      return this;
-    }
-
-    /** Set data. */
-    public Builder data(Row[] data) {
-      this.data = new ArrayFetchIterator<>(data);
-      return this;
-    }
-
-    /** Set change flags. */
-    public Builder changeFlags(List<Boolean> changeFlags) {
-      this.changeFlags = changeFlags;
-      return this;
-    }
-
-    /** Returns a {@link ResultSet} instance. */
-    public ResultSet build() {
-      return new ResultSet(resultKind, columns, data, changeFlags);
-    }
-  }
-}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/Constants.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/Constants.scala
new file mode 100644
index 000000000..ca582b2e3
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/Constants.scala
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.result
+
+object Constants {
+  val TABLE_TYPE: String = "TABLE"
+  val VIEW_TYPE: String = "VIEW"
+  val SUPPORTED_TABLE_TYPES: Array[String] = Array[String](TABLE_TYPE, VIEW_TYPE)
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
new file mode 100644
index 000000000..323d157b1
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.result
+
+import java.util
+import java.util.Collections
+
+import scala.collection.JavaConverters._
+
+import com.google.common.collect.Iterators
+import org.apache.flink.table.api.{DataTypes, ResultKind, TableResult}
+import org.apache.flink.table.api.internal.TableResultImpl
+import org.apache.flink.table.catalog.{Column, ResolvedSchema}
+import org.apache.flink.types.Row
+
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils._
+import org.apache.kyuubi.operation.{ArrayFetchIterator, FetchIterator}
+import org.apache.kyuubi.reflection.{DynFields, DynMethods}
+
+case class ResultSet(
+    resultKind: ResultKind,
+    columns: util.List[Column],
+    data: FetchIterator[Row],
+    // null in batch mode
+    // list of boolean in streaming mode,
+    // true if the corresponding row is an append row, false if its a retract row
+    changeFlags: Option[util.List[Boolean]]) {
+
+  require(resultKind != null, "resultKind must not be null")
+  require(columns != null, "columns must not be null")
+  require(data != null, "data must not be null")
+  changeFlags.foreach { flags =>
+    require(
+      Iterators.size(data.asInstanceOf[util.Iterator[_]]) == flags.size,
+      "the size of data and the size of changeFlags should be equal")
+  }
+
+  def getColumns: util.List[Column] = columns
+
+  def getData: FetchIterator[Row] = data
+}
+
+/**
+ * A set of one statement execution result containing result kind, columns, rows of data and change
+ * flags for streaming mode.
+ */
+object ResultSet {
+
+  private lazy val TABLE_RESULT_OK = DynFields.builder()
+    .hiddenImpl(classOf[TableResultImpl], "TABLE_RESULT_OK") // for Flink 1.14
+    .buildStatic[TableResult]
+    .get
+
+  def fromTableResult(tableResult: TableResult): ResultSet = {
+    // FLINK-25558, if execute multiple SQLs that return OK, the second and latter results
+    // would be empty, which affects Flink 1.14
+    val fixedTableResult: TableResult =
+      if (isFlinkVersionAtMost("1.14") && tableResult == TABLE_RESULT_OK) {
+        // FLINK-24461 executeOperation method changes the return type
+        // from TableResult to TableResultInternal
+        val builder = TableResultImpl.builder
+          .resultKind(ResultKind.SUCCESS)
+          .schema(ResolvedSchema.of(Column.physical("result", DataTypes.STRING)))
+          .data(Collections.singletonList(Row.of("OK")))
+        // FLINK-24461 the return type of TableResultImpl.Builder#build changed
+        // from TableResult to TableResultInternal
+        DynMethods.builder("build")
+          .impl(classOf[TableResultImpl.Builder])
+          .build(builder)
+          .invoke[TableResult]()
+      } else {
+        tableResult
+      }
+    val schema = fixedTableResult.getResolvedSchema
+    // collect all rows from table result as list
+    // this is ok as TableResult contains limited rows
+    val rows = fixedTableResult.collect.asScala.toArray
+    builder.resultKind(fixedTableResult.getResultKind)
+      .columns(schema.getColumns)
+      .data(rows)
+      .build
+  }
+
+  def builder: Builder = new ResultSet.Builder
+
+  class Builder {
+    private var resultKind: ResultKind = _
+    private var columns: util.List[Column] = _
+    private var data: FetchIterator[Row] = _
+    private var changeFlags: Option[util.List[Boolean]] = None
+
+    def resultKind(resultKind: ResultKind): ResultSet.Builder = {
+      this.resultKind = resultKind
+      this
+    }
+
+    def columns(columns: Column*): ResultSet.Builder = {
+      this.columns = columns.asJava
+      this
+    }
+
+    def columns(columns: util.List[Column]): ResultSet.Builder = {
+      this.columns = columns
+      this
+    }
+
+    def data(data: FetchIterator[Row]): ResultSet.Builder = {
+      this.data = data
+      this
+    }
+
+    def data(data: Array[Row]): ResultSet.Builder = {
+      this.data = new ArrayFetchIterator[Row](data)
+      this
+    }
+
+    def changeFlags(changeFlags: util.List[Boolean]): ResultSet.Builder = {
+      this.changeFlags = Some(changeFlags)
+      this
+    }
+
+    def build: ResultSet = new ResultSet(resultKind, columns, data, changeFlags)
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index d0522d3ea..70eb84ddb 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -876,20 +876,15 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
   }
 
   test("execute statement - create/drop catalog") {
-    withJdbcStatement()({ statement =>
-      val createResult = {
+    withJdbcStatement() { statement =>
+      val createResult =
         statement.executeQuery("create catalog cat_a with ('type'='generic_in_memory')")
-      }
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(createResult.next())
-        assert(createResult.getString(1) === "OK")
-      }
+      assert(createResult.next())
+      assert(createResult.getString(1) === "OK")
       val dropResult = statement.executeQuery("drop catalog cat_a")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(dropResult.next())
-        assert(dropResult.getString(1) === "OK")
-      }
-    })
+      assert(dropResult.next())
+      assert(dropResult.getString(1) === "OK")
+    }
   }
 
   test("execute statement - set/get catalog") {

From 24e87ef21a4aeb3eaf2a951533b591b56d5f9a52 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 19 Mar 2023 19:24:41 +0800
Subject: [PATCH 189/760] [KYUUBI #4556] [CHAT] Refactor ChatGPTProvider to use
 `openai-java` client

### _Why are the changes needed?_

- use Java SDK `openai-java` for ChatGPT which is popular and listed in official website, https://github.com/TheoKanning/openai-java
- Focus on lifecycle in ChatGPTProvider, and prevent handling lower-level concepts in details, like POJO mapping, HTTP request handling.
- follow the changes from upstream changes from OpenAI

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4556 from bowenliang123/chatgpt-third.

Closes #4556

ecf1e2cf6 [liangbowen] manually add `openai-gpt3-java:*` and its dependency to LICENSE-binary
53b8375a5 [liangbowen] refactor ChatGPTProvider to use `openai-java` SDK

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 LICENSE-binary                                |  5 ++
 externals/kyuubi-chat-engine/pom.xml          |  5 +-
 .../chat/provider/ChatGPTProvider.scala       | 87 ++++++++-----------
 pom.xml                                       |  7 ++
 4 files changed, 53 insertions(+), 51 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 92daf62ab..feab9965e 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -319,6 +319,8 @@ io.swagger.core.v3:swagger-models
 io.vertx:vertx-core
 io.vertx:vertx-grpc
 org.apache.zookeeper:zookeeper
+com.squareup.retrofit2:retrofit
+com.squareup.okhttp3:okhttp
 
 BSD
 ------------
@@ -356,6 +358,9 @@ org.codehaus.mojo:animal-sniffer-annotations
 org.slf4j:slf4j-api
 org.slf4j:jcl-over-slf4j
 org.slf4j:jul-over-slf4j
+com.theokanning.openai-gpt3-java:api
+com.theokanning.openai-gpt3-java:client
+com.theokanning.openai-gpt3-java:service
 
 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/*
 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css
diff --git a/externals/kyuubi-chat-engine/pom.xml b/externals/kyuubi-chat-engine/pom.xml
index 7e2178918..28779f450 100644
--- a/externals/kyuubi-chat-engine/pom.xml
+++ b/externals/kyuubi-chat-engine/pom.xml
@@ -45,8 +45,9 @@
         </dependency>
 
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
+            <groupId>com.theokanning.openai-gpt3-java</groupId>
+            <artifactId>service</artifactId>
+            <version>${openai.java.version}</version>
         </dependency>
 
         <dependency>
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
index a4cdb7c94..2e4bf3f8d 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -17,22 +17,20 @@
 
 package org.apache.kyuubi.engine.chat.provider
 
+import java.net.{InetSocketAddress, Proxy, URL}
+import java.time.Duration
 import java.util
 import java.util.concurrent.TimeUnit
 
 import scala.collection.JavaConverters._
 
 import com.google.common.cache.{CacheBuilder, CacheLoader, LoadingCache}
-import org.apache.http.{HttpHeaders, HttpHost, HttpStatus}
-import org.apache.http.client.config.RequestConfig
-import org.apache.http.client.methods.HttpPost
-import org.apache.http.entity.{ContentType, StringEntity}
-import org.apache.http.impl.client.{CloseableHttpClient, HttpClientBuilder}
-import org.apache.http.message.BasicHeader
-import org.apache.http.util.EntityUtils
+import com.theokanning.openai.OpenAiApi
+import com.theokanning.openai.completion.chat.{ChatCompletionRequest, ChatMessage}
+import com.theokanning.openai.service.OpenAiService
+import com.theokanning.openai.service.OpenAiService.{defaultClient, defaultObjectMapper, defaultRetrofit}
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.chat.provider.ChatProvider.mapper
 
 class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
 
@@ -42,31 +40,32 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
         s"which could be got at https://platform.openai.com/account/api-keys")
   }
 
-  private val httpClient: CloseableHttpClient = {
-    HttpClientBuilder.create()
-      .setDefaultHeaders(List(
-        new BasicHeader(HttpHeaders.AUTHORIZATION, s"Bearer $gptApiKey")).asJava)
-      .build()
-  }
+  private val openAiService: OpenAiService = {
+    val builder = defaultClient(
+      gptApiKey,
+      Duration.ofMillis(conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_SOCKET_TIMEOUT)))
+      .newBuilder
+      .connectTimeout(Duration.ofMillis(conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_CONNECT_TIMEOUT)))
 
-  private val requestConfig: RequestConfig = {
-    val connectTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_CONNECT_TIMEOUT).intValue()
-    val socketTimeout = conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_SOCKET_TIMEOUT).intValue()
-    val builder: RequestConfig.Builder = RequestConfig.custom()
-      .setConnectTimeout(connectTimeout)
-      .setSocketTimeout(socketTimeout)
-    conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_PROXY).foreach { url =>
-      builder.setProxy(HttpHost.create(url))
+    conf.get(KyuubiConf.ENGINE_CHAT_GPT_HTTP_PROXY) match {
+      case Some(httpProxyUrl) =>
+        val url = new URL(httpProxyUrl)
+        val proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(url.getHost, url.getPort))
+        builder.proxy(proxy)
+      case _ =>
     }
-    builder.build()
+
+    val retrofit = defaultRetrofit(builder.build(), defaultObjectMapper)
+    val api = retrofit.create(classOf[OpenAiApi])
+    new OpenAiService(api)
   }
 
-  private val chatHistory: LoadingCache[String, util.ArrayDeque[Message]] =
+  private val chatHistory: LoadingCache[String, util.ArrayDeque[ChatMessage]] =
     CacheBuilder.newBuilder()
       .expireAfterWrite(10, TimeUnit.MINUTES)
-      .build(new CacheLoader[String, util.ArrayDeque[Message]] {
-        override def load(sessionId: String): util.ArrayDeque[Message] =
-          new util.ArrayDeque[Message]
+      .build(new CacheLoader[String, util.ArrayDeque[ChatMessage]] {
+        override def load(sessionId: String): util.ArrayDeque[ChatMessage] =
+          new util.ArrayDeque[ChatMessage]
       })
 
   override def open(sessionId: String): Unit = {
@@ -75,29 +74,19 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
 
   override def ask(sessionId: String, q: String): String = {
     val messages = chatHistory.get(sessionId)
-    messages.addLast(Message("user", q))
-
-    val request = new HttpPost("https://api.openai.com/v1/chat/completions")
-    val req = Map(
-      "messages" -> messages,
-      "model" -> "gpt-3.5-turbo",
-      "max_tokens" -> 200,
-      "temperature" -> 0.5,
-      "top_p" -> 1)
-    val entity = new StringEntity(mapper.writeValueAsString(req), ContentType.APPLICATION_JSON)
-    request.setEntity(entity)
-    request.setConfig(requestConfig)
-    val response = httpClient.execute(request)
-    val respJson = mapper.readTree(EntityUtils.toString(response.getEntity))
-    response.getStatusLine.getStatusCode match {
-      case HttpStatus.SC_OK =>
-        val replyMessage = mapper.treeToValue[Message](
-          respJson.get("choices").get(0).get("message"))
-        messages.addLast(replyMessage)
-        replyMessage.content
-      case errorStatusCode =>
+    try {
+      messages.addLast(new ChatMessage("user", q))
+      val completionRequest = ChatCompletionRequest.builder()
+        .messages(messages.asScala.toList.asJava)
+        .model("gpt-3.5-turbo")
+        .build()
+      val responseText = openAiService.createChatCompletion(completionRequest).getChoices.asScala
+        .map(c => c.getMessage.getContent).mkString
+      responseText
+    } catch {
+      case e: Throwable =>
         messages.removeLast()
-        s"Chat failed. Status: $errorStatusCode. ${respJson.get("error").get("message").asText}"
+        s"Chat failed. Error: ${e.getMessage}"
     }
   }
 
diff --git a/pom.xml b/pom.xml
index a2de5d29d..7f6d1ed71 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,6 +174,7 @@
         <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
         <netty.version>4.1.89.Final</netty.version>
+        <openai.java.version>0.11.1</openai.java.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>
         <prometheus.version>0.16.0</prometheus.version>
@@ -1658,6 +1659,12 @@
                 <artifactId>py4j</artifactId>
                 <version>${py4j.version}</version>
             </dependency>
+
+            <dependency>
+                <groupId>com.theokanning.openai-gpt3-java</groupId>
+                <artifactId>service</artifactId>
+                <version>${openai.java.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

From 301a05af5918cbd0eb90c9ddd1a9390b9d93dbe6 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 19 Mar 2023 22:27:58 +0800
Subject: [PATCH 190/760] [KYUUBI #4558] [CHAT] Make ChatGPT model ID
 configurable

### _Why are the changes needed?_

- Make ChatGPT model ID configurable

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4558 from bowenliang123/chatgpt-model.

Closes #4558

63f8ee30d [liangbowen] nit
3012ccaaa [liangbowen] make chatgpt model configurable

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/deployment/settings.md                               | 1 +
 .../kyuubi/engine/chat/provider/ChatGPTProvider.scala     | 2 +-
 .../main/scala/org/apache/kyuubi/config/KyuubiConf.scala  | 8 ++++++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index db6e3d246..30f557704 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -125,6 +125,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.chat.gpt.http.connect.timeout              | PT2M                      | The timeout[ms] for establishing the connection with the Chat GPT server. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.8.0 |
 | kyuubi.engine.chat.gpt.http.proxy                        | &lt;undefined&gt;         | HTTP proxy url for API calling in Chat GPT engine. e.g. http://127.0.0.1:1087                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.8.0 |
 | kyuubi.engine.chat.gpt.http.socket.timeout               | PT2M                      | The timeout[ms] for waiting for data packets after Chat GPT server connection is established. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.8.0 |
+| kyuubi.engine.chat.gpt.model                             | gpt-3.5-turbo             | ID of the model used in ChatGPT. Available models refer to OpenAI's [Model overview](https://platform.openai.com/docs/models/overview).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.8.0 |
 | kyuubi.engine.chat.java.options                          | &lt;undefined&gt;         | The extra Java options for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
 | kyuubi.engine.chat.memory                                | 1g                        | The heap memory for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
 | kyuubi.engine.chat.provider                              | ECHO                      | The provider for the Chat engine. Candidates: <ul> <li>ECHO: simply replies a welcome message.</li> <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
index 2e4bf3f8d..cdea89d2a 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -77,8 +77,8 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
     try {
       messages.addLast(new ChatMessage("user", q))
       val completionRequest = ChatCompletionRequest.builder()
+        .model(conf.get(KyuubiConf.ENGINE_CHAT_GPT_MODEL))
         .messages(messages.asScala.toList.asJava)
-        .model("gpt-3.5-turbo")
         .build()
       val responseText = openAiService.createChatCompletion(completionRequest).getChoices.asScala
         .map(c => c.getMessage.getContent).mkString
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 35626eea5..359ee1ba5 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2659,6 +2659,14 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
+  val ENGINE_CHAT_GPT_MODEL: ConfigEntry[String] =
+    buildConf("kyuubi.engine.chat.gpt.model")
+      .doc("ID of the model used in ChatGPT. Available models refer to OpenAI's " +
+        "[Model overview](https://platform.openai.com/docs/models/overview).")
+      .version("1.8.0")
+      .stringConf
+      .createWithDefault("gpt-3.5-turbo")
+
   val ENGINE_CHAT_EXTRA_CLASSPATH: OptionalConfigEntry[String] =
     buildConf("kyuubi.engine.chat.extra.classpath")
       .doc("The extra classpath for the Chat engine, for configuring the location " +

From 391be269c3dd3072ea9b27ced9fb895e89bf2bf1 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 20 Mar 2023 17:06:54 +0800
Subject: [PATCH 191/760] [KYUUBI #4559] [CHAT] Pretty chat engine launch
 command

### _Why are the changes needed?_

```
2023-03-20 03:31:12.571 INFO org.apache.kyuubi.engine.EngineRef: Launching engine:
/Users/chengpan/.sdkman/candidates/java/current/bin/java \
	-Xmx1g \
	-cp /Users/chengpan/Projects/apache-kyuubi/externals/kyuubi-chat-engine/target/kyuubi-chat-engine_2.12-1.8.0-SNAPSHOT.jar:/Users/chengpan/Projects/apache-kyuubi/externals/kyuubi-chat-engine/target/scala-2.12/jars/* \
	org.apache.kyuubi.engine.chat.ChatEngine \
	--conf kyuubi.session.user=chengpan \
	--conf hive.server2.thrift.resultset.default.fetch.size=1000 \
	--conf kyuubi.client.ipAddress=10.221.96.184 \
	--conf kyuubi.engine.submit.time=1679254587454 \
	--conf kyuubi.engine.type=CHAT \
	--conf kyuubi.ha.addresses=10.221.96.184:2181 \
	--conf kyuubi.ha.engine.ref.id=1a19e1e5-d8d3-49eb-bee0-3c806212134b \
	--conf kyuubi.ha.namespace=/kyuubi_1.8.0-SNAPSHOT_USER_CHAT/chengpan/default \
	--conf kyuubi.ha.zookeeper.auth.type=NONE \
	--conf kyuubi.server.ipAddress=10.221.96.184 \
	--conf kyuubi.session.connection.url=10.221.96.184:10009 \
	--conf kyuubi.session.real.user=chengpan
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4559 from pan3793/gpt-cmd.

Closes #4559

1ba70f02d [Cheng Pan] nit
34aecc1b0 [Cheng Pan] nit
f4815866d [Cheng Pan] nit
526c79f15 [Cheng Pan] nit
28bd9d9fa [Cheng Pan] [CHAT] Pretty chat engine launch command

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala
index 532c5dddf..3e4a20de3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/chat/ChatProcessBuilder.scala
@@ -94,7 +94,7 @@ class ChatProcessBuilder(
     buffer += "--conf"
     buffer += s"$KYUUBI_SESSION_USER_KEY=$proxyUser"
 
-    for ((k, v) <- conf.getAll) {
+    conf.getAll.foreach { case (k, v) =>
       buffer += "--conf"
       buffer += s"$k=$v"
     }
@@ -106,10 +106,11 @@ class ChatProcessBuilder(
       super.toString()
     } else {
       Utils.redactCommandLineArgs(conf, commands).map {
+        case arg if arg.startsWith("-") || arg == mainClass => s"\\\n\t$arg"
         case arg if arg.contains(ENGINE_CHAT_GPT_API_KEY.key) =>
           s"${ENGINE_CHAT_GPT_API_KEY.key}=$REDACTION_REPLACEMENT_TEXT"
         case arg => arg
-      }.mkString("\n")
+      }.mkString(" ")
     }
   }
 }

From 465e23a0f67088f0f24467cc531abcce27896403 Mon Sep 17 00:00:00 2001
From: "xu.guo" <xu.guo@brgroup.com>
Date: Mon, 20 Mar 2023 17:13:28 +0800
Subject: [PATCH 192/760] [KYUUBI #4508][BEELINE] Beeline should reset stdin
 after consuming init SQL file

### _Why are the changes needed?_

To fix #4508 .

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4510 from thomasg19930417/master.

Closes #4508

f8405eb93 [Cheng Pan] Update kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
3ad46c1d6 [Cheng Pan] Update kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
31fa80771 [xu.guo] Merge branch 'master' of https://github.com/thomasg19930417/kyuubi
41e090d66 [thomasgx] Merge branch 'apache:master' into master
ba82229a8 [xu.guo] Move initializeConsoleReader to KyuubiCommands#connect
e06927b78 [xu.guo] Replace create new  consoleReader instance with  call initializeConsoleReader
86f2e5078 [xu.guo] Fix code style
b0c472229 [xu.guo] Fix Beeline with -i run sql faild
042987aa6 [xu.guo] Fix Beeline with -i run sql faild

Lead-authored-by: xu.guo <xu.guo@brgroup.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: thomasgx <570736711@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/java/org/apache/hive/beeline/KyuubiCommands.java  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index aaa32739a..bf368ce0d 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -485,6 +485,9 @@ public boolean connect(Properties props) throws IOException {
         beeLine.updateOptsForCli();
       }
       beeLine.runInit();
+      if (beeLine.getOpts().getInitFiles() != null) {
+        beeLine.initializeConsoleReader(null);
+      }
 
       beeLine.setCompletions();
       beeLine.getOpts().setLastConnectedUrl(url);

From 7727a6267de6583833c9bd5cfaa6c8ebe0982354 Mon Sep 17 00:00:00 2001
From: Binjie Yang <52876270+zwangsheng@users.noreply.github.com>
Date: Tue, 21 Mar 2023 20:49:50 +0800
Subject: [PATCH 193/760] [KYUUBI #4565] [UI] Fix out-date `README.md` about
 `Development Project`

### _Why are the changes needed?_

 Fix out-date `README.md` about `Development Project`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4565 from zwangsheng/doc/fix_web_ui_readme.

Closes #4565

a08698845 [Binjie Yang] Update kyuubi-server/web-ui/README.md
5b3e25313 [Binjie Yang] Update kyuubi-server/web-ui/README.md
10adf17fb [Binjie Yang] Update kyuubi-server/web-ui/README.md
a7ee5a4fe [zwangsheng] [UI] Fix out-date README.md about run dev
b4d4f6076 [zwangsheng] [UI] Fix out-date README.md about run dev

Lead-authored-by: Binjie Yang <52876270+zwangsheng@users.noreply.github.com>
Co-authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 kyuubi-server/web-ui/README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/web-ui/README.md b/kyuubi-server/web-ui/README.md
index f93373414..b892a6902 100644
--- a/kyuubi-server/web-ui/README.md
+++ b/kyuubi-server/web-ui/README.md
@@ -15,7 +15,15 @@ npm install
 
 ### Development Project
 
-To do this you can change the VITE_APP_DEV_WEB_URL parameter variable as the service url in `.env.development` in the project root directory, such as http://127.0.0.1:8090
+Notice:
+
+Before you start the Web UI project, please make sure the Kyuubi server has been started.
+
+Kyuubi Web UI will proxy the requests to Kyuubi server,  with the default endpoint path to`http://localhost:10099`. Modify `VITE_APP_DEV_WEB_URL` in `.env.development` for customizing targeted endpoint path.
+
+#### Why proxy to http://localhost:10099
+
+Currently kyuubi server binds on `http://0.0.0.0:10099` in case your are running kyuubi server in MacOS or Windows(If in linux, you should config kyuubi server `kyuubi.frontend.rest.bind.host=0.0.0.0`, or change `VITE_APP_DEV_WEB_URL` in `.env.development`).
 
 ```shell
 npm run dev

From e00f6b5bf45a461cb8a887c4944c205f2c16902e Mon Sep 17 00:00:00 2001
From: Alex <zoulimin@kanzhun.com>
Date: Tue, 21 Mar 2023 20:58:01 +0800
Subject: [PATCH 194/760] [KYUUBI #4568] Make kyuubi-ctl doc enable variable
 'release' automatic substitution

### _Why are the changes needed?_
Kyuubi-ctl doc kyuubi version not convert automatic. The version of doc is 1.8.0-SNAPSHOT, but  kyuubi version is 1.6.0-SNAPSHOT.

<img width="1911" alt="image" src="https://user-images.githubusercontent.com/43542750/226536654-23a28284-76ef-4c03-bb47-24146a92a94f.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
<img width="1920" alt="image" src="https://user-images.githubusercontent.com/43542750/226536803-08a6d89e-e6fd-4134-b438-052d87fdb0a3.png">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4568 from Kiss736921/optimize_ctl_doc.

Closes #4568

eb10a9e3b [Alex] Update docs/tools/kyuubi-ctl.rst
2006a59b3 [Alex] Update docs/tools/kyuubi-ctl.rst
2501e119f [Alex] convert kyuubi-ctl.md to kyuubi-ctl.rst to enable variable 'release' automatic substitution

Lead-authored-by: Alex <zoulimin@kanzhun.com>
Co-authored-by: Alex <43542750+Kiss736921@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/tools/kyuubi-ctl.md  | 183 --------------------------------
 docs/tools/kyuubi-ctl.rst | 213 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 213 insertions(+), 183 deletions(-)
 delete mode 100644 docs/tools/kyuubi-ctl.md
 create mode 100644 docs/tools/kyuubi-ctl.rst

diff --git a/docs/tools/kyuubi-ctl.md b/docs/tools/kyuubi-ctl.md
deleted file mode 100644
index aae67584e..000000000
--- a/docs/tools/kyuubi-ctl.md
+++ /dev/null
@@ -1,183 +0,0 @@
-<!--
-- Licensed to the Apache Software Foundation (ASF) under one or more
-- contributor license agreements.  See the NOTICE file distributed with
-- this work for additional information regarding copyright ownership.
-- The ASF licenses this file to You under the Apache License, Version 2.0
-- (the "License"); you may not use this file except in compliance with
-- the License.  You may obtain a copy of the License at
--
--   http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--->
-
-# Managing kyuubi servers and engines Tool
-
-## Usage
-
-```shell
-bin/kyuubi-ctl --help
-```
-
-Output
-
-```shell
-kyuubi 1.6.0-SNAPSHOT
-Usage: kyuubi-ctl [create|get|delete|list] [options]
-
-  -zk, --zk-quorum <value>
-                           The connection string for the zookeeper ensemble, using zk quorum manually.
-  -n, --namespace <value>  The namespace, using kyuubi-defaults/conf if absent.
-  -s, --host <value>       Hostname or IP address of a service.
-  -p, --port <value>       Listening port of a service.
-  -v, --version <value>    Using the compiled KYUUBI_VERSION default, change it if the active service is running in another.
-  -b, --verbose            Print additional debug output.
-
-Command: create [server]
-
-Command: create server
-	Expose Kyuubi server instance to another domain.
-
-Command: get [server|engine] [options]
-	Get the service/engine node info, host and port needed.
-Command: get server
-	Get Kyuubi server info of domain
-Command: get engine
-	Get Kyuubi engine info belong to a user.
-  -u, --user <value>       The user name this engine belong to.
-  -et, --engine-type <value>
-                           The engine type this engine belong to.
-  -es, --engine-subdomain <value>
-                           The engine subdomain this engine belong to.
-  -esl, --engine-share-level <value>
-                           The engine share level this engine belong to.
-
-Command: delete [server|engine] [options]
-	Delete the specified service/engine node, host and port needed.
-Command: delete server
-	Delete the specified service node for a domain
-Command: delete engine
-	Delete the specified engine node for user.
-  -u, --user <value>       The user name this engine belong to.
-  -et, --engine-type <value>
-                           The engine type this engine belong to.
-  -es, --engine-subdomain <value>
-                           The engine subdomain this engine belong to.
-  -esl, --engine-share-level <value>
-                           The engine share level this engine belong to.
-
-Command: list [server|engine] [options]
-	List all the service/engine nodes for a particular domain.
-Command: list server
-	List all the service nodes for a particular domain
-Command: list engine
-	List all the engine nodes for a user
-  -u, --user <value>       The user name this engine belong to.
-  -et, --engine-type <value>
-                           The engine type this engine belong to.
-  -es, --engine-subdomain <value>
-                           The engine subdomain this engine belong to.
-  -esl, --engine-share-level <value>
-                           The engine share level this engine belong to.
-
-  -h, --help               Show help message and exit.
-```
-
-## Manage kyuubi servers
-
-You can specify the zookeeper address(`--zk-quorum`) and namespace(`--namespace`), version(`--version`) parameters to query a specific kyuubi server cluster.
-
-### List server
-
-List all the service nodes for a particular domain.
-
-```shell
-bin/kyuubi-ctl list server
-```
-
-### Create server
-
-Expose Kyuubi server instance to another domain.
-
-First read `kyuubi.ha.zookeeper.namespace` in `conf/kyuubi-defaults.conf`, if there are server instances under this namespace, register them in the new namespace specified by the `--namespace` parameter.
-
-```shell
-bin/kyuubi-ctl create server --namespace XXX
-```
-
-### Get server
-
-Get Kyuubi server info of domain.
-
-```shell
-bin/kyuubi-ctl get server --host XXX --port YYY
-```
-
-### Delete server
-
-Delete the specified service node for a domain.
-
-After the server node is deleted, the kyuubi server stops opening new sessions and waits for all currently open sessions to be closed before the process exits.
-
-```shell
-bin/kyuubi-ctl delete server --host XXX --port YYY
-```
-
-## Manage kyuubi engines
-
-You can also specify the engine type(`--engine-type`), engine share level subdomain(`--engine-subdomain`) and engine share level(`--engine-share-level`).
-
-If not specified, the configuration item `kyuubi.engine.type` of `kyuubi-defaults.conf` read, the default value is `SPARK_SQL`, `kyuubi.engine.share.level.subdomain`, the default value is `default`, `kyuubi.engine.share.level`, the default value is `USER`.
-
-If the engine pool mode is enabled through `kyuubi.engine.pool.size`, the subdomain consists of `kyuubi.engine.pool.name` and a number below size, e.g. `engine-pool-0` .
-
-`--engine-share-level` supports the following enum values.
-* CONNECTION
-
-The engine Ref Id (UUID) must be specified via `--engine-subdomain`.
-* USER:
-
-Default Value.
-* GROUP:
-
-The `--user` parameter is the group name corresponding to the user.
-* SERVER:
-
-The `--user` parameter is the user who started the kyuubi server.
-
-### List engine
-
-List all the engine nodes for a user.
-
-```shell
-bin/kyuubi-ctl list engine --user AAA
-```
-
-The management share level is SERVER, the user who starts the kyuubi server is A, the engine is TRINO, and the subdomain is adhoc.
-
-```shell
-bin/kyuubi-ctl list engine --user A --engine-type TRINO --engine-subdomain adhoc --engine-share-level SERVER
-```
-
-### Get engine
-
-Get Kyuubi engine info belong to a user.
-
-```shell
-bin/kyuubi-ctl get engine --user AAA --host XXX --port YYY
-```
-
-### Delete engine
-
-Delete the specified engine node for user.
-
-After the engine node is deleted, the kyuubi engine stops opening new sessions and waits for all currently open sessions to be closed before the process exits.
-
-```shell
-bin/kyuubi-ctl delete engine --user AAA --host XXX --port YYY
-```
-
diff --git a/docs/tools/kyuubi-ctl.rst b/docs/tools/kyuubi-ctl.rst
new file mode 100644
index 000000000..4a9308fed
--- /dev/null
+++ b/docs/tools/kyuubi-ctl.rst
@@ -0,0 +1,213 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Administrator CLI
+=================
+
+.. _usage:
+
+Usage
+-----
+.. code-block:: bash
+
+   bin/kyuubi-ctl --help
+
+Output
+
+.. parsed-literal::
+
+    kyuubi |release|
+    Usage: kyuubi-ctl [create|get|delete|list] [options]
+
+      -zk, --zk-quorum <value>
+                               The connection string for the zookeeper ensemble, using zk quorum manually.
+      -n, --namespace <value>  The namespace, using kyuubi-defaults/conf if absent.
+      -s, --host <value>       Hostname or IP address of a service.
+      -p, --port <value>       Listening port of a service.
+      -v, --version <value>    Using the compiled KYUUBI_VERSION default, change it if the active service is running in another.
+      -b, --verbose            Print additional debug output.
+
+    Command: create [server]
+
+    Command: create server
+    	    Expose Kyuubi server instance to another domain.
+
+    Command: get [server|engine] [options]
+    	    Get the service/engine node info, host and port needed.
+    Command: get server
+    	    Get Kyuubi server info of domain
+    Command: get engine
+    	    Get Kyuubi engine info belong to a user.
+      -u, --user <value>       The user name this engine belong to.
+      -et, --engine-type <value>
+                               The engine type this engine belong to.
+      -es, --engine-subdomain <value>
+                               The engine subdomain this engine belong to.
+      -esl, --engine-share-level <value>
+                               The engine share level this engine belong to.
+
+    Command: delete [server|engine] [options]
+    	    Delete the specified service/engine node, host and port needed.
+    Command: delete server
+    	    Delete the specified service node for a domain
+    Command: delete engine
+    	    Delete the specified engine node for user.
+      -u, --user <value>       The user name this engine belong to.
+      -et, --engine-type <value>
+                               The engine type this engine belong to.
+      -es, --engine-subdomain <value>
+                               The engine subdomain this engine belong to.
+      -esl, --engine-share-level <value>
+                               The engine share level this engine belong to.
+
+    Command: list [server|engine] [options]
+    	    List all the service/engine nodes for a particular domain.
+    Command: list server
+    	    List all the service nodes for a particular domain
+    Command: list engine
+    	    List all the engine nodes for a user
+      -u, --user <value>       The user name this engine belong to.
+      -et, --engine-type <value>
+                               The engine type this engine belong to.
+      -es, --engine-subdomain <value>
+                               The engine subdomain this engine belong to.
+      -esl, --engine-share-level <value>
+                               The engine share level this engine belong to.
+
+      -h, --help               Show help message and exit.
+
+.. _manage_kyuubi_servers:
+
+Manage kyuubi servers
+---------------------
+
+You can specify the zookeeper address(``--zk-quorum``) and namespace(``--namespace``), version(``--version``) parameters to query a specific kyuubi server cluster.
+
+.. _list_servers:
+
+List server
+***********
+
+List all the service nodes for a particular domain.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl list server
+
+.. _create_servers:
+
+Create server
+***********
+Expose Kyuubi server instance to another domain.
+
+First read ``kyuubi.ha.zookeeper.namespace`` in ``conf/kyuubi-defaults.conf``, if there are server instances under this namespace, register them in the new namespace specified by the ``--namespace`` parameter.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl create server --namespace XXX
+
+.. _get_servers:
+
+Get server
+***********
+
+Get Kyuubi server info of domain.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl get server --host XXX --port YYY
+
+.. _delete_servers:
+
+Delete server
+***********
+
+Delete the specified service node for a domain.
+
+After the server node is deleted, the kyuubi server stops opening new sessions and waits for all currently open sessions to be closed before the process exits.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl delete server --host XXX --port YYY
+
+.. _manage_kyuubi_engines:
+
+Manage kyuubi engines
+---------------------
+
+You can also specify the engine type(``--engine-type``), engine share level subdomain(``--engine-subdomain``) and engine share level(``--engine-share-level``).
+
+If not specified, the configuration item ``kyuubi.engine.type`` of ``kyuubi-defaults.conf`` read, the default value is ``SPARK_SQL``, ``kyuubi.engine.share.level.subdomain``, the default value is ``default``, ``kyuubi.engine.share.level``, the default value is ``USER``.
+
+If the engine pool mode is enabled through ``kyuubi.engine.pool.size``, the subdomain consists of ``kyuubi.engine.pool.name`` and a number below size, e.g. ``engine-pool-0`` .
+
+``--engine-share-level`` supports the following enum values.
+
+- CONNECTION
+
+The engine Ref Id (UUID) must be specified via ``--engine-subdomain``.
+
+- USER:
+
+Default Value.
+
+- GROUP:
+
+The ``--user`` parameter is the group name corresponding to the user.
+
+- SERVER:
+
+The ``--user`` parameter is the user who started the kyuubi server.
+
+.. _list_engines:
+
+List engine
+***********
+
+List all the engine nodes for a user.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl list engine --user AAA
+
+The management share level is SERVER, the user who starts the kyuubi server is A, the engine is TRINO, and the subdomain is adhoc.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl list engine --user A --engine-type TRINO --engine-subdomain adhoc --engine-share-level SERVER
+
+.. _get_engines:
+
+Get engine
+***********
+
+Get Kyuubi engine info belong to a user.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl get engine --user AAA --host XXX --port YYY
+
+.. _delete_engines:
+
+Delete engine
+*************
+
+Delete the specified engine node for user.
+
+After the engine node is deleted, the kyuubi engine stops opening new sessions and waits for all currently open sessions to be closed before the process exits.
+
+.. code-block:: bash
+
+   bin/kyuubi-ctl delete engine --user AAA --host XXX --port YYY
\ No newline at end of file

From 824aba60708c0973ee638eeb97d296e2f8dc737e Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 21 Mar 2023 21:05:57 +0800
Subject: [PATCH 195/760] [KYUUBI #3646][Improvement][UI] Front-end style
 should bracket same line

### _Why are the changes needed?_

Should bracket same line.

According to https://github.com/npetruzzelli/prettier-config-standard, should set true to bracketSameLine and also drop jsxBracketSameLine, which been deprecated.

Close #3646

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

- [x] CI

Closes #4571 from zwangsheng/KYUUBI_4570.

Closes #3646

2b61d1173 [zwangsheng] [KYUUBI #3646] bracket same line

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/.prettierrc                         | 2 +-
 kyuubi-server/web-ui/src/components/menu/index.vue       | 9 +++------
 .../web-ui/src/views/layout/components/header/index.vue  | 3 +--
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/kyuubi-server/web-ui/.prettierrc b/kyuubi-server/web-ui/.prettierrc
index 1fceefb98..01db7f49b 100644
--- a/kyuubi-server/web-ui/.prettierrc
+++ b/kyuubi-server/web-ui/.prettierrc
@@ -4,7 +4,7 @@
   "vueIndentScriptAndStyle": true,
   "singleQuote": true,
   "quoteProps": "as-needed",
-  "jsxBracketSameLine": false,
+  "bracketSameLine": true,
   "jsxSingleQuote": true,
   "arrowParens": "always",
   "htmlWhitespaceSensitivity": "strict",
diff --git a/kyuubi-server/web-ui/src/components/menu/index.vue b/kyuubi-server/web-ui/src/components/menu/index.vue
index b563b491e..d6d4d1b56 100644
--- a/kyuubi-server/web-ui/src/components/menu/index.vue
+++ b/kyuubi-server/web-ui/src/components/menu/index.vue
@@ -21,14 +21,12 @@
     class="el-menu-container"
     :collapse="isCollapse"
     :default-active="activePath"
-    :router="true"
-  >
+    :router="true">
     <template v-for="(menu, index) in menus">
       <el-menu-item
         v-if="!menu.children || menu.children.length === 0"
         :key="index + '-1'"
-        :index="menu.router"
-      >
+        :index="menu.router">
         <el-icon>
           <component :is="menu.icon" />
         </el-icon>
@@ -44,8 +42,7 @@
         <el-menu-item
           v-for="(child, index2) in menu.children"
           :key="index2"
-          :index="child.router"
-        >
+          :index="child.router">
           <el-icon :size="16">
             <component :is="child.icon" />
           </el-icon>
diff --git a/kyuubi-server/web-ui/src/views/layout/components/header/index.vue b/kyuubi-server/web-ui/src/views/layout/components/header/index.vue
index 5c9bb2a3a..ada2a8605 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/header/index.vue
+++ b/kyuubi-server/web-ui/src/views/layout/components/header/index.vue
@@ -33,8 +33,7 @@
           <el-dropdown-item
             v-for="(locale, key) in locales"
             :key="key"
-            :command="locale.key"
-          >
+            :command="locale.key">
             {{ locale.label }}
           </el-dropdown-item>
         </el-dropdown-menu>

From c4f3195bd63466bf4c29432d76574b4dbd823890 Mon Sep 17 00:00:00 2001
From: wForget <643348094@qq.com>
Date: Wed, 22 Mar 2023 09:46:14 +0800
Subject: [PATCH 196/760] [KYUUBI #3929] Refactor lineage plugin to add
 LineageDispatcher

### _Why are the changes needed?_

Refactor lineage plugin to add LineageDispatcher.

close #3929

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3919 from wForget/dev-lineage-dispatcher.

Closes #3929

5df2aa2f [wforget] add doc
98683ebc [wforget] fix
7b97b2e0 [wForget] rebase
4b046868 [wForget] separate LineageDispatcherType class file
e14cf838 [wForget] Refactor lineage plugin to add LineageDispatcher

Lead-authored-by: wForget <643348094@qq.com>
Co-authored-by: wforget <643348094@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/lineage.md      | 16 ++++++-
 extensions/spark/kyuubi-spark-lineage/pom.xml | 15 ++++--
 ...rationLineageEvent.scala => Lineage.scala} | 10 +---
 .../plugin/lineage/LineageDispatcher.scala    | 43 +++++++++++++++++
 .../lineage/LineageDispatcherType.scala       | 24 ++++++++++
 ...erationLineageQueryExecutionListener.scala | 13 ++---
 .../dispatcher/KyuubiEventDispatcher.scala    | 48 +++++++++++++++++++
 .../dispatcher/SparkEventDispatcher.scala     | 43 +++++++++++++++++
 .../helper/SparkSQLLineageParseHelper.scala   |  2 +-
 .../spark/kyuubi/lineage/LineageConf.scala    | 16 +++++++
 .../events/OperationLineageEventSuite.scala   | 33 +++++++++----
 .../SparkSQLLineageParserHelperSuite.scala    |  2 +-
 12 files changed, 234 insertions(+), 31 deletions(-)
 rename extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/{events/OperationLineageEvent.scala => Lineage.scala} (88%)
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/KyuubiEventDispatcher.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/SparkEventDispatcher.scala

diff --git a/docs/extensions/engines/spark/lineage.md b/docs/extensions/engines/spark/lineage.md
index 0f4b0c458..cd38be4ba 100644
--- a/docs/extensions/engines/spark/lineage.md
+++ b/docs/extensions/engines/spark/lineage.md
@@ -179,9 +179,18 @@ to add one configurations.
 spark.kyuubi.plugin.lineage.skip.parsing.permanent.view.enabled=true
 ```
 
-### Get Lineage Events from SparkListener
+### Get Lineage Events
 
-All lineage events will be sent to the `SparkListenerBus`. To handle lineage events, a new `SparkListener` needs to be added.
+The lineage dispatchers are used to dispatch lineage events, configured via `spark.kyuubi.plugin.lineage.dispatchers`.
+
+<ul>
+  <li>SPARK_EVENT (by default): send lineage event to spark event bus</li>
+  <li>KYUUBI_EVENT: send lineage event to kyuubi event bus</li>
+</ul>
+
+#### Get Lineage Events from SparkListener
+
+When using the `SPARK_EVENT` dispatcher, the lineage events will be sent to the `SparkListenerBus`. To handle lineage events, a new `SparkListener` needs to be added.
 Example for Adding `SparkListener`:
 
 ```scala
@@ -196,3 +205,6 @@ spark.sparkContext.addSparkListener(new SparkListener {
     })
 ```
 
+#### Get Lineage Events from Kyuubi EventHandler
+
+When using the `KYUUBI_EVENT` dispatcher, the lineage events will be sent to the Kyuubi `EventBus`. Refer to [Kyuubi Event Handler](../../server/events) to handle kyuubi events.
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index c8f9b30bd..bc13480d7 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -38,15 +38,22 @@
         </dependency>
 
         <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <scope>test</scope>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
-            <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
+            <artifactId>kyuubi-events_${scala.binary.version}</artifactId>
             <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
             <scope>test</scope>
         </dependency>
 
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEvent.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala
similarity index 88%
rename from extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEvent.scala
rename to extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala
index c69b45709..4bd0bd0b1 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEvent.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala
@@ -15,9 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.lineage.events
-
-import org.apache.spark.scheduler.SparkListenerEvent
+package org.apache.kyuubi.plugin.lineage
 
 case class ColumnLineage(column: String, originalColumns: Set[String])
 
@@ -60,9 +58,3 @@ object Lineage {
     new Lineage(inputTables, outputTables, newColumnLineage)
   }
 }
-
-case class OperationLineageEvent(
-    executionId: Long,
-    eventTime: Long,
-    lineage: Option[Lineage],
-    exception: Option[Throwable]) extends SparkListenerEvent
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala
new file mode 100644
index 000000000..8f5dc0d9e
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage
+
+import org.apache.spark.sql.execution.QueryExecution
+
+import org.apache.kyuubi.plugin.lineage.dispatcher.{KyuubiEventDispatcher, SparkEventDispatcher}
+
+trait LineageDispatcher {
+
+  def send(qe: QueryExecution, lineage: Option[Lineage]): Unit
+
+  def onFailure(qe: QueryExecution, exception: Exception): Unit = {}
+
+}
+
+object LineageDispatcher {
+
+  def apply(dispatcherType: String): LineageDispatcher = {
+    LineageDispatcherType.withName(dispatcherType) match {
+      case LineageDispatcherType.SPARK_EVENT => new SparkEventDispatcher()
+      case LineageDispatcherType.KYUUBI_EVENT => new KyuubiEventDispatcher()
+      case _ => throw new UnsupportedOperationException(
+          s"Unsupported lineage dispatcher: $dispatcherType.")
+    }
+  }
+
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala
new file mode 100644
index 000000000..d6afea152
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage
+
+object LineageDispatcherType extends Enumeration {
+  type LineageDispatcherType = Value
+
+  val SPARK_EVENT, KYUUBI_EVENT = Value
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala
index 01deb0a44..b83117cde 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/SparkOperationLineageQueryExecutionListener.scala
@@ -17,24 +17,25 @@
 
 package org.apache.kyuubi.plugin.lineage
 
-import org.apache.spark.kyuubi.lineage.SparkContextHelper
+import org.apache.spark.kyuubi.lineage.{LineageConf, SparkContextHelper}
 import org.apache.spark.sql.execution.QueryExecution
 import org.apache.spark.sql.util.QueryExecutionListener
 
-import org.apache.kyuubi.plugin.lineage.events.OperationLineageEvent
 import org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParseHelper
 
 class SparkOperationLineageQueryExecutionListener extends QueryExecutionListener {
 
+  private lazy val dispatchers: Seq[LineageDispatcher] = {
+    SparkContextHelper.getConf(LineageConf.DISPATCHERS).map(LineageDispatcher(_))
+  }
+
   override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
     val lineage =
       SparkSQLLineageParseHelper(qe.sparkSession).transformToLineage(qe.id, qe.analyzed)
-    val event = OperationLineageEvent(qe.id, System.currentTimeMillis(), lineage, None)
-    SparkContextHelper.postEventToSparkListenerBus(event)
+    dispatchers.foreach(_.send(qe, lineage))
   }
 
   override def onFailure(funcName: String, qe: QueryExecution, exception: Exception): Unit = {
-    val event = OperationLineageEvent(qe.id, System.currentTimeMillis(), None, Some(exception))
-    SparkContextHelper.postEventToSparkListenerBus(event)
+    dispatchers.foreach(_.onFailure(qe, exception))
   }
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/KyuubiEventDispatcher.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/KyuubiEventDispatcher.scala
new file mode 100644
index 000000000..6a9e65948
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/KyuubiEventDispatcher.scala
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher
+
+import org.apache.spark.sql.execution.QueryExecution
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.events.{EventBus, KyuubiEvent}
+import org.apache.kyuubi.plugin.lineage.{Lineage, LineageDispatcher}
+
+class KyuubiEventDispatcher extends LineageDispatcher {
+
+  override def send(qe: QueryExecution, lineage: Option[Lineage]): Unit = {
+    val event = OperationLineageKyuubiEvent(qe.id, System.currentTimeMillis(), lineage, None)
+    EventBus.post(event)
+  }
+
+  override def onFailure(qe: QueryExecution, exception: Exception): Unit = {
+    val event =
+      OperationLineageKyuubiEvent(qe.id, System.currentTimeMillis(), None, Some(exception))
+    EventBus.post(event)
+  }
+
+}
+
+case class OperationLineageKyuubiEvent(
+    executionId: Long,
+    eventTime: Long,
+    lineage: Option[Lineage],
+    exception: Option[Throwable]) extends KyuubiEvent {
+  override def partitions: Seq[(String, String)] =
+    ("day", Utils.getDateFromTimestamp(eventTime)) :: Nil
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/SparkEventDispatcher.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/SparkEventDispatcher.scala
new file mode 100644
index 000000000..36fbbb7d4
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/SparkEventDispatcher.scala
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher
+
+import org.apache.spark.kyuubi.lineage.SparkContextHelper
+import org.apache.spark.scheduler.SparkListenerEvent
+import org.apache.spark.sql.execution.QueryExecution
+
+import org.apache.kyuubi.plugin.lineage.{Lineage, LineageDispatcher}
+
+class SparkEventDispatcher extends LineageDispatcher {
+
+  override def send(qe: QueryExecution, lineage: Option[Lineage]): Unit = {
+    val event = OperationLineageSparkEvent(qe.id, System.currentTimeMillis(), lineage, None)
+    SparkContextHelper.postEventToSparkListenerBus(event)
+  }
+
+  override def onFailure(qe: QueryExecution, exception: Exception): Unit = {
+    val event = OperationLineageSparkEvent(qe.id, System.currentTimeMillis(), None, Some(exception))
+    SparkContextHelper.postEventToSparkListenerBus(event)
+  }
+}
+
+case class OperationLineageSparkEvent(
+    executionId: Long,
+    eventTime: Long,
+    lineage: Option[Lineage],
+    exception: Option[Throwable]) extends SparkListenerEvent
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index dd085f404..793572611 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -36,7 +36,7 @@ import org.apache.spark.sql.execution.columnar.InMemoryRelation
 import org.apache.spark.sql.execution.datasources.LogicalRelation
 import org.apache.spark.sql.execution.datasources.v2.{DataSourceV2Relation, DataSourceV2ScanRelation}
 
-import org.apache.kyuubi.plugin.lineage.events.Lineage
+import org.apache.kyuubi.plugin.lineage.Lineage
 import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
 
 trait LineageParser {
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
index 777e70121..6fb5399c0 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
@@ -19,6 +19,8 @@ package org.apache.spark.kyuubi.lineage
 
 import org.apache.spark.internal.config.ConfigBuilder
 
+import org.apache.kyuubi.plugin.lineage.LineageDispatcherType
+
 object LineageConf {
 
   val SKIP_PARSING_PERMANENT_VIEW_ENABLED =
@@ -28,4 +30,18 @@ object LineageConf {
       .booleanConf
       .createWithDefault(false)
 
+  val DISPATCHERS = ConfigBuilder("spark.kyuubi.plugin.lineage.dispatchers")
+    .doc("The lineage dispatchers are implementations of " +
+      "`org.apache.kyuubi.plugin.lineage.LineageDispatcher` for dispatching lineage events.<ul>" +
+      "<li>SPARK_EVENT: send lineage event to spark event bus</li>" +
+      "<li>KYUUBI_EVENT: send lineage event to kyuubi event bus</li>" +
+      "</ul>")
+    .version("1.8.0")
+    .stringConf
+    .toSequence
+    .checkValue(
+      _.toSet.subsetOf(LineageDispatcherType.values.map(_.toString)),
+      "Unsupported lineage dispatchers")
+    .createWithDefault(Seq(LineageDispatcherType.SPARK_EVENT.toString))
+
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
index 1057bd74e..67e94ad0b 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
@@ -22,11 +22,14 @@ import java.util.concurrent.{CountDownLatch, TimeUnit}
 import scala.collection.immutable.List
 
 import org.apache.spark.SparkConf
-import org.apache.spark.kyuubi.lineage.LineageConf.SKIP_PARSING_PERMANENT_VIEW_ENABLED
+import org.apache.spark.kyuubi.lineage.LineageConf._
 import org.apache.spark.scheduler.{SparkListener, SparkListenerEvent}
 import org.apache.spark.sql.SparkListenerExtensionTest
 
 import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.events.EventBus
+import org.apache.kyuubi.plugin.lineage.Lineage
+import org.apache.kyuubi.plugin.lineage.dispatcher.{OperationLineageKyuubiEvent, OperationLineageSparkEvent}
 import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
 
 class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtensionTest {
@@ -43,19 +46,21 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
       .set(
         "spark.sql.queryExecutionListeners",
         "org.apache.kyuubi.plugin.lineage.SparkOperationLineageQueryExecutionListener")
+      .set(DISPATCHERS.key, "SPARK_EVENT,KYUUBI_EVENT")
       .set(SKIP_PARSING_PERMANENT_VIEW_ENABLED.key, "true")
   }
 
   test("operation lineage event capture: for execute sql") {
-    val countDownLatch = new CountDownLatch(1)
-    var actual: Lineage = null
+    val countDownLatch = new CountDownLatch(2)
+    // get lineage from spark event
+    var actualSparkEventLineage: Lineage = null
     spark.sparkContext.addSparkListener(new SparkListener {
       override def onOtherEvent(event: SparkListenerEvent): Unit = {
         event match {
-          case lineageEvent: OperationLineageEvent =>
+          case lineageEvent: OperationLineageSparkEvent =>
             lineageEvent.lineage.foreach {
               case lineage if lineage.inputTables.nonEmpty =>
-                actual = lineage
+                actualSparkEventLineage = lineage
                 countDownLatch.countDown()
             }
           case _ =>
@@ -63,6 +68,16 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
       }
     })
 
+    // get lineage from kyuubi event
+    var actualKyuubiEventLineage: Lineage = null
+    EventBus.register[OperationLineageKyuubiEvent] { lineageEvent: OperationLineageKyuubiEvent =>
+      lineageEvent.lineage.foreach {
+        case lineage if lineage.inputTables.nonEmpty =>
+          actualKyuubiEventLineage = lineage
+          countDownLatch.countDown()
+      }
+    }
+
     withTable("test_table0") { _ =>
       spark.sql("create table test_table0(a string, b string)")
       spark.sql("select a as col0, b as col1 from test_table0").collect()
@@ -73,7 +88,8 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
           ("col0", Set("default.test_table0.a")),
           ("col1", Set("default.test_table0.b"))))
       countDownLatch.await(20, TimeUnit.SECONDS)
-      assert(actual == expected)
+      assert(actualSparkEventLineage == expected)
+      assert(actualKyuubiEventLineage == expected)
     }
   }
 
@@ -90,7 +106,8 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
     spark.sparkContext.addSparkListener(new SparkListener {
       override def onOtherEvent(event: SparkListenerEvent): Unit = {
         event match {
-          case lineageEvent: OperationLineageEvent if executionId == lineageEvent.executionId =>
+          case lineageEvent: OperationLineageSparkEvent
+              if executionId == lineageEvent.executionId =>
             lineageEvent.lineage.foreach { lineage =>
               assert(lineage == expected)
               countDownLatch.countDown()
@@ -126,7 +143,7 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
     spark.sparkContext.addSparkListener(new SparkListener {
       override def onOtherEvent(event: SparkListenerEvent): Unit = {
         event match {
-          case lineageEvent: OperationLineageEvent =>
+          case lineageEvent: OperationLineageSparkEvent =>
             lineageEvent.lineage.foreach {
               case lineage if lineage.inputTables.nonEmpty && lineage.outputTables.isEmpty =>
                 actual = lineage
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index 0c69885da..c25c94d39 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -29,7 +29,7 @@ import org.apache.spark.sql.sources.{BaseRelation, InsertableRelation, SchemaRel
 import org.apache.spark.sql.types.{IntegerType, StringType, StructType}
 
 import org.apache.kyuubi.KyuubiFunSuite
-import org.apache.kyuubi.plugin.lineage.events.Lineage
+import org.apache.kyuubi.plugin.lineage.Lineage
 import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
 
 class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite

From 141919308eef3aef36023581ac6927e12b5e26fa Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Wed, 22 Mar 2023 13:42:03 +0800
Subject: [PATCH 197/760] [KYUUBI #4523] support close engine session
 gracefully

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4545 from lightning-L/kyuubi-4523.

Closes #4523

2ee634cd5 [Tianlin Liao] modify conf description; add test case
12b930456 [Tianlin Liao] refer to HIVE-13415
c8a9db6a2 [Tianlin Liao] minor fix
9942d2515 [Tianlin Liao] move logic to SessionManager.closeSession
62b990b3e [Tianlin Liao] [KYUUBI #4523] support close engine session gracefully

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                   |  1 +
 .../org/apache/kyuubi/config/KyuubiConf.scala |  8 ++++
 .../kyuubi/service/TFrontendService.scala     | 11 +++++-
 .../KyuubiTBinaryFrontendServiceSuite.scala   | 39 ++++++++++++++++++-
 4 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 30f557704..e7d939b9b 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -381,6 +381,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 |                         Key                          |         Default         |                                                                                                                                                                                                         Meaning                                                                                                                                                                                                          |   Type   | Since |
 |------------------------------------------------------|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
 | kyuubi.session.check.interval                        | PT5M                    | The check interval for session timeout.                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
+| kyuubi.session.close.on.disconnect                   | true                    | Session will be closed when client disconnects from kyuubi gateway. Set this to false to have session outlive its parent connection.                                                                                                                                                                                                                                                                                     | boolean  | 1.8.0 |
 | kyuubi.session.conf.advisor                          | &lt;undefined&gt;       | A config advisor plugin for Kyuubi Server. This plugin can provide some custom configs for different users or session configs and overwrite the session configs before opening a new session. This config value should be a subclass of `org.apache.kyuubi.plugin.SessionConfAdvisor` which has a zero-arg constructor.                                                                                                  | string   | 1.5.0 |
 | kyuubi.session.conf.file.reload.interval             | PT10M                   | When `FileSessionConfAdvisor` is used, this configuration defines the expired time of `$KYUUBI_CONF_DIR/kyuubi-session-<profile>.conf` in the cache. After exceeding this value, the file will be reloaded.                                                                                                                                                                                                              | duration | 1.7.0 |
 | kyuubi.session.conf.ignore.list                                               || A comma-separated list of ignored keys. If the client connection contains any of them, the key and the corresponding value will be removed silently during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                  | seq      | 1.2.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 359ee1ba5..5a576a819 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1358,6 +1358,14 @@ object KyuubiConf {
     .version("1.2.0")
     .fallbackConf(SESSION_TIMEOUT)
 
+  val SESSION_CLOSE_ON_DISCONNECT: ConfigEntry[Boolean] =
+    buildConf("kyuubi.session.close.on.disconnect")
+      .doc("Session will be closed when client disconnects from kyuubi gateway. " +
+        "Set this to false to have session outlive its parent connection.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(true)
+
   val BATCH_SESSION_IDLE_TIMEOUT: ConfigEntry[Long] = buildConf("kyuubi.batch.session.idle.timeout")
     .doc("Batch session idle timeout, it will be closed when it's not accessed for this duration")
     .version("1.6.2")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
index 16d5c24f9..e541c37c0 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
@@ -31,7 +31,7 @@ import org.apache.thrift.transport.TTransport
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging, Utils}
 import org.apache.kyuubi.Utils.stringifyException
-import org.apache.kyuubi.config.KyuubiConf.FRONTEND_CONNECTION_URL_USE_HOSTNAME
+import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_CONNECTION_URL_USE_HOSTNAME, SESSION_CLOSE_ON_DISCONNECT}
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
 import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
@@ -608,7 +608,14 @@ abstract class TFrontendService(name: String)
       if (handle != null) {
         info(s"Session [$handle] disconnected without closing properly, close it now")
         try {
-          be.closeSession(handle)
+          val needToClose = be.sessionManager.getSession(handle).conf
+            .get(SESSION_CLOSE_ON_DISCONNECT.key).getOrElse("true").toBoolean
+          if (needToClose) {
+            be.closeSession(handle)
+          } else {
+            warn(s"Session not actually closed because configuration " +
+              s"${SESSION_CLOSE_ON_DISCONNECT.key} is set to false")
+          }
         } catch {
           case e: KyuubiSQLException =>
             error("Failed closing session", e)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendServiceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendServiceSuite.scala
index 69c10e730..5c54cbbb4 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendServiceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendServiceSuite.scala
@@ -17,7 +17,9 @@
 
 package org.apache.kyuubi.server
 
-import org.apache.hive.service.rpc.thrift.TOpenSessionReq
+import scala.collection.JavaConverters._
+
+import org.apache.hive.service.rpc.thrift.{TOpenSessionReq, TSessionHandle}
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KyuubiFunSuite, Utils, WithKyuubiServer}
@@ -79,4 +81,39 @@ class KyuubiTBinaryFrontendServiceSuite extends WithKyuubiServer with KyuubiFunS
         MetricsConstants.THRIFT_BINARY_CONN_OPEN).getOrElse(0L) - openConnections === 0)
     }
   }
+
+  test("do not close session when disconnect") {
+    val sessionCount = server.backendService.sessionManager.allSessions().size
+    var handle: TSessionHandle = null
+    TClientTestUtils.withThriftClient(server.frontendServices.head) {
+      client =>
+        val req = new TOpenSessionReq()
+        req.setUsername(Utils.currentUser)
+        req.setPassword("anonymous")
+        req.setConfiguration(Map("kyuubi.session.close.on.disconnect" -> "false").asJava)
+        val resp = client.OpenSession(req)
+        handle = resp.getSessionHandle
+
+        assert(server.backendService.sessionManager.allSessions().size - sessionCount == 1)
+    }
+    Thread.sleep(3000L)
+    assert(server.backendService.sessionManager.allSessions().size - sessionCount == 1)
+  }
+
+  test("close session when disconnect - default behavior") {
+    val sessionCount = server.backendService.sessionManager.allSessions().size
+    var handle: TSessionHandle = null
+    TClientTestUtils.withThriftClient(server.frontendServices.head) {
+      client =>
+        val req = new TOpenSessionReq()
+        req.setUsername(Utils.currentUser)
+        req.setPassword("anonymous")
+        val resp = client.OpenSession(req)
+        handle = resp.getSessionHandle
+
+        assert(server.backendService.sessionManager.allSessions().size - sessionCount == 1)
+    }
+    Thread.sleep(3000L)
+    assert(server.backendService.sessionManager.allSessions().size == sessionCount)
+  }
 }

From da000c6054b873c5e1dc2a2d3c912eb0f7002533 Mon Sep 17 00:00:00 2001
From: phyyou <gydudwls@gmail.com>
Date: Wed, 22 Mar 2023 16:31:31 +0800
Subject: [PATCH 198/760] [KYUUBI #4576] Multi arch build for ARM support in
 Docker Hub
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Close #4576

* Setup QEMU and Buildx.
* Use action docker/build-push-actionv4.
* build multi platform (amd64, arm64)
* build cache for faster build ✨

### _Why are the changes needed?_

Based on This [Disscussion](https://github.com/apache/kyuubi/discussions/4487) and [Issue](https://github.com/apache/kyuubi/issues/4576)

Update publish-snapshot-docker workflow

### _How was this patch tested?_
now test in progress...

![image](https://user-images.githubusercontent.com/34825352/226776684-4d57dd0e-141a-44a0-a023-8eb43b57bdba.png)

https://github.com/phyyou/_kyuubi/actions/runs/4485366649/jobs/7886838765

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4577 from phyyou/feat/buildx-at-docker-hub-snapshot.

Closes #4576

b75b05e9d [phyyou] chore(build): Chore on workflow yml
11353e7df [phyyou] build: Update publish snapshot docker workflow

Authored-by: phyyou <gydudwls@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/publish-snapshot-docker.yml | 21 +++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/publish-snapshot-docker.yml b/.github/workflows/publish-snapshot-docker.yml
index 5c9c04d27..3afccee7a 100644
--- a/.github/workflows/publish-snapshot-docker.yml
+++ b/.github/workflows/publish-snapshot-docker.yml
@@ -29,14 +29,23 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build Kyuubi Docker Image
-        run: docker build --tag apache/kyuubi:master-snapshot --file build/Dockerfile .
-      - name: Docker image
-        run: docker images
-      - name: Push Docker image
-        run: docker push apache/kyuubi:master-snapshot
+      - name: Build and Push Kyuubi Docker Image
+        uses: docker/build-push-action@v4
+        with:
+          # build cache on Github Actions, See: https://docs.docker.com/build/cache/backends/gha/#using-dockerbuild-push-action
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          context: .
+          file: build/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: apache/kyuubi:master-snapshot

From f9701b03d72e65bb2655eb26a9c114295cf22606 Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Wed, 22 Mar 2023 17:27:11 +0800
Subject: [PATCH 199/760] [KYUUBI #4579] Fix the unstable situation of test
 cases for Trino-Fronted-Service

### _Why are the changes needed?_

In the cancellation implementation of Trino frontend service, closing the operation will also close the session. There is no need to check the status of the operation here.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4579 from iodone/trino-fronted-test-fix.

Closes #4579

75e02dd1 [odone] Fix the unstable situation of test cases.

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../server/trino/api/v1/StatementResourceSuite.scala       | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
index 5740f6d38..44602759c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
@@ -26,7 +26,6 @@ import io.trino.client.{QueryError, QueryResults}
 import io.trino.client.ProtocolHeaders.TRINO_HEADERS
 
 import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException, TrinoRestFrontendTestHelper}
-import org.apache.kyuubi.operation.{OperationHandle, OperationState}
 import org.apache.kyuubi.server.trino.api.{Query, TrinoContext}
 import org.apache.kyuubi.server.trino.api.v1.dto.Ok
 import org.apache.kyuubi.session.SessionHandle
@@ -72,6 +71,7 @@ class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHe
   test("query cancel") {
     val response = webTarget.path("v1/statement")
       .request().post(Entity.entity("select 1", MediaType.TEXT_PLAIN_TYPE))
+    assert(response.getStatus == 200)
     val qr = response.readEntity(classOf[QueryResults])
     val sessionManager = fe.be.sessionManager
     val sessionHandle =
@@ -84,16 +84,13 @@ class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHe
           case Array(_, value) => SessionHandle.fromUUID(TrinoContext.urlDecode(value))
         }.get
     sessionManager.getSession(sessionHandle)
-    val operationHandle = OperationHandle(qr.getId)
-    val operation = sessionManager.operationManager.getOperation(operationHandle)
-    assert(response.getStatus == 200)
+
     val path = qr.getNextUri.getPath
     val nextResponse = webTarget.path(path).request().header(
       TRINO_HEADERS.requestSession(),
       s"${Query.KYUUBI_SESSION_ID}=${TrinoContext.urlEncode(sessionHandle.identifier.toString)}")
       .delete()
     assert(nextResponse.getStatus == 204)
-    assert(operation.getStatus.state == OperationState.CLOSED)
     val exception = intercept[KyuubiSQLException](sessionManager.getSession(sessionHandle))
     assert(exception.getMessage === s"Invalid $sessionHandle")
   }

From 06f38846277427c9908647212b5b5b5f3dea9506 Mon Sep 17 00:00:00 2001
From: Alex <zoulimin@kanzhun.com>
Date: Wed, 22 Mar 2023 19:36:43 +0800
Subject: [PATCH 200/760] [KYUUBI #4575] Fix the empty last line may causes the
 session to exit directly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
If the last line of the file is a blank line, there may be a cmd whose content is empty but the length is not 0 after split by ";". When running to this cmd, it will return false, causing the session to exit directly.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible
vim test.sql and write :
<img width="527" alt="image" src="https://user-images.githubusercontent.com/43542750/226647817-855d866e-836c-4c60-bc81-0bb192d3d6ff.png">
then start beeline and source this file successfully and session won't exit：
<img width="745" alt="image" src="https://user-images.githubusercontent.com/43542750/226652451-823891f3-2768-4165-8816-c052461d1f9c.png">
<img width="598" alt="image" src="https://user-images.githubusercontent.com/43542750/226650769-25a8becf-4655-41ec-bf91-7ae7e28b7d34.png">

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4575 from Kiss736921/fix_file_empty_last_line.

Closes #4575

ff3fcb189 [Alex] fix the empty last line may causes the session to exit directly

Authored-by: Alex <zoulimin@kanzhun.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../src/main/java/org/apache/hive/beeline/KyuubiCommands.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index bf368ce0d..68f16f0ba 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -93,8 +93,9 @@ private boolean sourceFileInternal(File sourceFile) throws IOException {
           lines += "\n" + extra;
         }
       }
-      String[] cmds = lines.split(";");
+      String[] cmds = lines.split(beeLine.getOpts().getDelimiter());
       for (String c : cmds) {
+        c = c.trim();
         if (!executeInternal(c, false)) {
           return false;
         }

From acdfa6ce1d9cb4ced28ccfffd2179e5f197e0885 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 22 Mar 2023 23:09:24 +0800
Subject: [PATCH 201/760] [KYUUBI #4581] [TEST] Add KyuubiCommands parse python
 snippets unit test

### _Why are the changes needed?_

to resolve https://github.com/apache/kyuubi/pull/4333#issuecomment-1442793799

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4581 from cfmcgrady/beeline-parser-python-ut.

Closes #4581

9bffa033b [Fu Chen] add KyuubiCommands parse python snippets unit test

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 kyuubi-hive-beeline/pom.xml                   |  6 +++
 .../apache/hive/beeline/KyuubiCommands.java   |  4 +-
 .../hive/beeline/KyuubiCommandsTest.java      | 45 +++++++++++++++++++
 pom.xml                                       |  8 ++++
 4 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java

diff --git a/kyuubi-hive-beeline/pom.xml b/kyuubi-hive-beeline/pom.xml
index 151616243..beacba438 100644
--- a/kyuubi-hive-beeline/pom.xml
+++ b/kyuubi-hive-beeline/pom.xml
@@ -115,6 +115,12 @@
             <artifactId>commons-io</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>commons-lang</groupId>
             <artifactId>commons-lang</artifactId>
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 68f16f0ba..311cb6a95 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -19,6 +19,7 @@
 
 import static org.apache.kyuubi.jdbc.hive.JdbcConnectionParams.*;
 
+import com.google.common.annotations.VisibleForTesting;
 import java.io.*;
 import java.sql.*;
 import java.util.*;
@@ -277,7 +278,8 @@ private boolean execute(String line, boolean call, boolean entireLineAsCommand)
    * quotations. It iterates through each character in the line and checks to see if it is a ;, ',
    * or "
    */
-  private List<String> getCmdList(String line, boolean entireLineAsCommand) {
+  @VisibleForTesting
+  public List<String> getCmdList(String line, boolean entireLineAsCommand) {
     List<String> cmdList = new ArrayList<String>();
     if (entireLineAsCommand) {
       cmdList.add(line);
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
new file mode 100644
index 000000000..ecb8d65f5
--- /dev/null
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hive.beeline;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.util.List;
+import jline.console.ConsoleReader;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class KyuubiCommandsTest {
+  @Test
+  public void testParsePythonSnippets() throws IOException {
+    ConsoleReader reader = Mockito.mock(ConsoleReader.class);
+    String pythonSnippets = "for i in [1, 2, 3]:\n" + "    print(i)\n";
+    Mockito.when(reader.readLine()).thenReturn(pythonSnippets);
+
+    KyuubiBeeLine beeline = new KyuubiBeeLine();
+    beeline.setConsoleReader(reader);
+    KyuubiCommands commands = new KyuubiCommands(beeline);
+    String line = commands.handleMultiLineCmd(pythonSnippets);
+
+    List<String> cmdList = commands.getCmdList(line, false);
+    assertEquals(cmdList.size(), 1);
+    assertEquals(cmdList.get(0), pythonSnippets);
+  }
+}
diff --git a/pom.xml b/pom.xml
index 7f6d1ed71..ff20f6656 100644
--- a/pom.xml
+++ b/pom.xml
@@ -173,6 +173,7 @@
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
+        <mockito.version>4.6.1</mockito.version>
         <netty.version>4.1.89.Final</netty.version>
         <openai.java.version>0.11.1</openai.java.version>
         <parquet.version>1.10.1</parquet.version>
@@ -1109,6 +1110,13 @@
                 <version>${scalatestplus.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>org.mockito</groupId>
+                <artifactId>mockito-core</artifactId>
+                <version>${mockito.version}</version>
+                <scope>test</scope>
+            </dependency>
+
             <dependency>
                 <groupId>junit</groupId>
                 <artifactId>junit</artifactId>

From 3771dc9bf221513fe37103e58aa27fbb52263481 Mon Sep 17 00:00:00 2001
From: "guanhua.lgh" <guanhua.lgh@alibaba-inc.com>
Date: Thu, 23 Mar 2023 13:00:08 +0800
Subject: [PATCH 202/760] [KYUUBI #4583] [DOCS] Rename Flink Table Store to
 Apache Paimon (Incubating)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

… `Connectors for Spark SQL Query Engine `

### _Why are the changes needed?_

To update docs.
Update Flink Table Store to Apache Paimon (Incubating) in docs `Connectors for Spark SQL Query Engine `

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4583 from huage1994/docss-3067.

Closes #4583

5eaf76b84 [guanhua.lgh] [DOC] Update Flink Table Store  to Apache Paimon (Incubating) in docs `Connectors for Spark SQL Query Engine `

Authored-by: guanhua.lgh <guanhua.lgh@alibaba-inc.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/connector/spark/flink_table_store.rst |  90 -----------------
 docs/connector/spark/index.rst             |   4 +-
 docs/connector/spark/paimon.rst            | 110 +++++++++++++++++++++
 3 files changed, 112 insertions(+), 92 deletions(-)
 delete mode 100644 docs/connector/spark/flink_table_store.rst
 create mode 100644 docs/connector/spark/paimon.rst

diff --git a/docs/connector/spark/flink_table_store.rst b/docs/connector/spark/flink_table_store.rst
deleted file mode 100644
index ee4c2b352..000000000
--- a/docs/connector/spark/flink_table_store.rst
+++ /dev/null
@@ -1,90 +0,0 @@
-.. Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-..    http://www.apache.org/licenses/LICENSE-2.0
-
-.. Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-`Flink Table Store`_
-==========
-
-Flink Table Store is a unified storage to build dynamic tables for both streaming and batch processing in Flink,
-supporting high-speed data ingestion and timely data query.
-
-.. tip::
-   This article assumes that you have mastered the basic knowledge and operation of `Flink Table Store`_.
-   For the knowledge about Flink Table Store not mentioned in this article,
-   you can obtain it from its `Official Documentation`_.
-
-By using kyuubi, we can run SQL queries towards Flink Table Store which is more
-convenient, easy to understand, and easy to expand than directly using
-spark to manipulate Flink Table Store.
-
-Flink Table Store Integration
--------------------
-
-To enable the integration of kyuubi spark sql engine and Flink Table Store through
-Apache Spark Datasource V2 and Catalog APIs, you need to:
-
-- Referencing the Flink Table Store :ref:`dependencies<spark-flink-table-store-deps>`
-- Setting the spark extension and catalog :ref:`configurations<spark-flink-table-store-conf>`
-
-.. _spark-flink-table-store-deps:
-
-Dependencies
-************
-
-The **classpath** of kyuubi spark sql engine with Flink Table Store supported consists of
-
-1. kyuubi-spark-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
-2. a copy of spark distribution
-3. flink-table-store-spark-<version>.jar (example: flink-table-store-spark-0.2.jar), which can be found in the `Maven Central`_
-
-In order to make the Flink Table Store packages visible for the runtime classpath of engines, we can use one of these methods:
-
-1. Put the Flink Table Store packages into ``$SPARK_HOME/jars`` directly
-2. Set ``spark.jars=/path/to/flink-table-store-spark``
-
-.. warning::
-   Please mind the compatibility of different Flink Table Store and Spark versions, which can be confirmed on the page of `Flink Table Store multi engine support`_.
-
-.. _spark-flink-table-store-conf:
-
-Configurations
-**************
-
-To activate functionality of Flink Table Store, we can set the following configurations:
-
-.. code-block:: properties
-
-   spark.sql.catalog.tablestore=org.apache.flink.table.store.spark.SparkCatalog
-   spark.sql.catalog.tablestore.warehouse=file:/tmp/warehouse
-
-Flink Table Store Operations
-------------------
-
-Flink Table Store supports reading table store tables through Spark.
-A common scenario is to write data with Flink and read data with Spark.
-You can follow this document `Flink Table Store Quick Start`_  to write data to a table store table
-and then use kyuubi spark sql engine to query the table with the following SQL ``SELECT`` statement.
-
-
-.. code-block:: sql
-
-   select * from table_store.default.word_count;
-
-
-
-.. _Flink Table Store: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Flink Table Store Quick Start: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/try-table-store/quick-start/
-.. _Official Documentation: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Maven Central: https://mvnrepository.com/artifact/org.apache.flink
-.. _Flink Table Store multi engine support: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/engines/overview/
diff --git a/docs/connector/spark/index.rst b/docs/connector/spark/index.rst
index 790e804f2..d1503443c 100644
--- a/docs/connector/spark/index.rst
+++ b/docs/connector/spark/index.rst
@@ -23,7 +23,7 @@ By default, it provides accessibility to hive warehouses with various file forma
 supported, such as parquet, orc, json, etc.
 
 Also，it can easily integrate with other third-party libraries, such as Hudi,
-Iceberg, Delta Lake, Kudu, Flink Table Store, HBase，Cassandra, etc.
+Iceberg, Delta Lake, Kudu, Apache Paimon (Incubating), HBase，Cassandra, etc.
 
 We also provide sample data sources like TDC-DS, TPC-H for testing and benchmarking
 purpose.
@@ -37,7 +37,7 @@ purpose.
     iceberg
     kudu
     hive
-    flink_table_store
+    paimon
     tidb
     tpcds
     tpch
diff --git a/docs/connector/spark/paimon.rst b/docs/connector/spark/paimon.rst
new file mode 100644
index 000000000..14e741955
--- /dev/null
+++ b/docs/connector/spark/paimon.rst
@@ -0,0 +1,110 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+`Apache Paimon (Incubating)`_
+==========
+
+Apache Paimon(incubating) is a streaming data lake platform that supports high-speed data ingestion, change data tracking and efficient real-time analytics.
+
+.. tip::
+   This article assumes that you have mastered the basic knowledge and operation of `Apache Paimon (Incubating)`_.
+   For the knowledge about Apache Paimon (Incubating) not mentioned in this article,
+   you can obtain it from its `Official Documentation`_.
+
+By using kyuubi, we can run SQL queries towards Apache Paimon (Incubating) which is more
+convenient, easy to understand, and easy to expand than directly using
+spark to manipulate Apache Paimon (Incubating).
+
+Apache Paimon (Incubating) Integration
+-------------------
+
+To enable the integration of kyuubi spark sql engine and Apache Paimon (Incubating), you need to set the following configurations:
+
+- Referencing the Apache Paimon (Incubating) :ref:`dependencies<spark-paimon-deps>`
+- Setting the spark extension and catalog :ref:`configurations<spark-paimon-conf>`
+
+.. _spark-paimon-deps:
+
+Dependencies
+************
+
+The **classpath** of kyuubi spark sql engine with Apache Paimon (Incubating) consists of
+
+1. kyuubi-spark-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
+2. a copy of spark distribution
+3. paimon-spark-<version>.jar (example: paimon-spark-3.3-0.4-20230323.002035-5.jar), which can be found in the `Apache Paimon (Incubating) Supported Engines Spark3`_
+
+In order to make the Apache Paimon (Incubating) packages visible for the runtime classpath of engines, we can use one of these methods:
+
+1. Put the Apache Paimon (Incubating) packages into ``$SPARK_HOME/jars`` directly
+2. Set ``spark.jars=/path/to/paimon-spark-<version>.jar``
+
+.. warning::
+   Please mind the compatibility of different Apache Paimon (Incubating) and Spark versions, which can be confirmed on the page of `Apache Paimon (Incubating) multi engine support`_.
+
+.. _spark-paimon-conf:
+
+Configurations
+**************
+
+To activate functionality of Apache Paimon (Incubating), we can set the following configurations:
+
+.. code-block:: properties
+
+   spark.sql.catalog.paimon=org.apache.paimon.spark.SparkCatalog
+   spark.sql.catalog.paimon.warehouse=file:/tmp/paimon
+
+Apache Paimon (Incubating) Operations
+------------------
+
+
+Taking ``CREATE NAMESPACE`` as a example,
+
+.. code-block:: sql
+
+   CREATE DATABASE paimon.default;
+   USE paimon.default;
+
+Taking ``CREATE TABLE`` as a example,
+
+.. code-block:: sql
+
+   create table my_table (
+       k int,
+       v string
+   ) tblproperties (
+       'primary-key' = 'k'
+   );
+
+Taking ``SELECT`` as a example,
+
+.. code-block:: sql
+
+   SELECT * FROM my_table;
+
+
+Taking ``INSERT`` as a example,
+
+.. code-block:: sql
+
+   INSERT INTO my_table VALUES (1, 'Hi Again'), (3, 'Test');
+
+
+
+
+.. _Apache Paimon (Incubating): https://paimon.apache.org/
+.. _Official Documentation: https://paimon.apache.org/docs/master/
+.. _Apache Paimon (Incubating) Supported Engines Spark3: https://paimon.apache.org/docs/master/engines/spark3/
+.. _Apache Paimon (Incubating) multi engine support: https://paimon.apache.org/docs/master/engines/overview/

From e39bddab911f9eab824de95c67ff12bd86b87d00 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 23 Mar 2023 13:00:49 +0800
Subject: [PATCH 203/760] [KYUUBI #4541] Support to customize the attributes to
 expose for Spark engine

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4541 from turboFei/expose.

Closes #4541

f882b4dda [fwang12] engine register attributes

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../engine/spark/SparkTBinaryFrontendService.scala       | 7 +++++--
 .../main/scala/org/apache/kyuubi/config/KyuubiConf.scala | 9 +++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
index 49cb9b3ef..854a28e85 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
@@ -27,6 +27,7 @@ import org.apache.spark.SparkContext
 import org.apache.spark.kyuubi.SparkContextHelper
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
+import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.ha.client.{EngineServiceDiscovery, ServiceDiscovery}
 import org.apache.kyuubi.service.{Serverable, Service, TBinaryFrontendService}
@@ -94,8 +95,10 @@ class SparkTBinaryFrontendService(
   }
 
   override def attributes: Map[String, String] = {
-    val attributes = Map(
-      KYUUBI_ENGINE_ID -> KyuubiSparkUtil.engineId)
+    val extraAttributes = conf.get(KyuubiConf.ENGINE_SPARK_REGISTER_ATTRIBUTES).map { attr =>
+      attr -> KyuubiSparkUtil.globalSparkContext.getConf.get(attr, "")
+    }.toMap
+    val attributes = extraAttributes ++ Map(KYUUBI_ENGINE_ID -> KyuubiSparkUtil.engineId)
     // TODO Support Spark Web UI Enabled SSL
     sc.uiWebUrl match {
       case Some(url) => attributes ++ Map(KYUUBI_ENGINE_URL -> url.split("//").last)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 5a576a819..5e7755952 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2764,6 +2764,15 @@ object KyuubiConf {
       .stringConf
       .createWithDefault("bin/python")
 
+  val ENGINE_SPARK_REGISTER_ATTRIBUTES: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.engine.spark.register.attributes")
+      .internal
+      .doc("The extra attributes to expose when registering for Spark engine.")
+      .version("1.8.0")
+      .stringConf
+      .toSequence()
+      .createWithDefault(Seq("spark.driver.memory", "spark.executor.memory"))
+
   val ENGINE_HIVE_EVENT_LOGGERS: ConfigEntry[Seq[String]] =
     buildConf("kyuubi.engine.hive.event.loggers")
       .doc("A comma-separated list of engine history loggers, where engine/session/operation etc" +

From cb962304e538e660aabef2fe6bc2f224746d0ed8 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Thu, 23 Mar 2023 18:01:16 +0800
Subject: [PATCH 204/760] [KYUUBI #4563] [Improvement] Format error log output
 in case of metrics json file not found

### _Why are the changes needed?_

Before
```log
2023-03-20 10:02:04.718 ERROR org.apache.kyuubi.metrics.JsonReporterService: Error writing metrics to json file/pathi/metrics/report.json
```

After
```log
2023-03-20 10:02:04.718 ERROR org.apache.kyuubi.metrics.JsonReporterService: Error writing metrics to json file: /path/metrics/report.json
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4563 from zwangsheng/fix/format_json_file_not_found_error.

Closes #4563

7b37616a3 [Binjie Yang] Update kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/JsonReporterService.scala
daace3598 [zwangsheng] [Improvement] Format error log output in case of metrics json file not found

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Binjie Yang <52876270+zwangsheng@users.noreply.github.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../scala/org/apache/kyuubi/metrics/JsonReporterService.scala   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/JsonReporterService.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/JsonReporterService.scala
index cb0ef7404..7b172fc1e 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/JsonReporterService.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/JsonReporterService.scala
@@ -65,7 +65,7 @@ class JsonReporterService(registry: MetricRegistry)
             Files.setPosixFilePermissions(tmpPath, PosixFilePermissions.fromString("rwxr--r--"))
             Files.move(tmpPath, reportPath, StandardCopyOption.REPLACE_EXISTING)
           } catch {
-            case NonFatal(e) => error("Error writing metrics to json file" + reportPath, e)
+            case NonFatal(e) => error(s"Error writing metrics to json file: $reportPath", e)
           } finally {
             if (writer != null) writer.close()
           }

From b942656f00a85bc49b91ab72de06ebf18279038c Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 23 Mar 2023 18:08:51 +0800
Subject: [PATCH 205/760] [KYUUBI #4572] Bump Iceberg from 1.1.0 to 1.2.0

### _Why are the changes needed?_

- Iceberg 1.2.0 release notes: https://github.com/apache/iceberg/releases/tag/apache-iceberg-1.2.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4572 from bowenliang123/iceberg-1.2.0.

Closes #4572

f4bb2a1d3 [liangbowen] bump iceberg from 1.1.0 to 1.2.0

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ff20f6656..057a09b42 100644
--- a/pom.xml
+++ b/pom.xml
@@ -159,7 +159,7 @@
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
         <hudi.version>0.12.0</hudi.version>
-        <iceberg.version>1.1.0</iceberg.version>
+        <iceberg.version>1.2.0</iceberg.version>
         <jackson.version>2.14.2</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>

From 351bab3676a77b919eacb33865744dd363643495 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 23 Mar 2023 18:11:03 +0800
Subject: [PATCH 206/760] [KYUUBI #4584] Post the session exception to EventBus
 in time

### _Why are the changes needed?_

When session exception thrown, post it to event bus in time.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4584 from turboFei/handle_post.

Closes #4584

920ee29a4 [fwang12] post exception in time

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../scala/org/apache/kyuubi/session/KyuubiSession.scala    | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
index 18597dac9..7316e367b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
@@ -20,7 +20,7 @@ import com.codahale.metrics.MetricRegistry
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_SESSION_CONNECTION_URL_KEY, KYUUBI_SESSION_REAL_USER_KEY}
-import org.apache.kyuubi.events.KyuubiSessionEvent
+import org.apache.kyuubi.events.{EventBus, KyuubiSessionEvent}
 import org.apache.kyuubi.metrics.MetricsConstants.{CONN_OPEN, CONN_TOTAL}
 import org.apache.kyuubi.metrics.MetricsSystem
 import org.apache.kyuubi.session.SessionType.SessionType
@@ -49,7 +49,10 @@ abstract class KyuubiSession(
       f
     } catch {
       case t: Throwable =>
-        getSessionEvent.foreach(_.exception = Some(t))
+        getSessionEvent.foreach { sessionEvent =>
+          sessionEvent.exception = Some(t)
+          EventBus.post(sessionEvent)
+        }
         throw t
     }
   }

From dbb741fc5b0d2fd4b0640ff70ea12aca75864166 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 23 Mar 2023 19:07:57 +0800
Subject: [PATCH 207/760] [KYUUBI #4557][HELM] Kyuubi server should bind Pod IP
 by default

### _Why are the changes needed?_

Fix #4557.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

After changing, the Kyuubi Server correctly binds the Pod IP.
```
KyuubiTBinaryFrontendService#64 - Starting and exposing JDBC connection at: jdbc:hive2://10.88.224.214:10009/
```

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4561 from pan3793/helm-host.

Closes #4557

018a3a067 [Cheng Pan] [KYUUBI #4557][HELM] Kyuubi server should bind Pod IP by default

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/kyuubi-configmap.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index 7a96daaf7..4964e651c 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -34,7 +34,7 @@ data:
   kyuubi-defaults.conf: |
     ## Helm chart provided Kyuubi configurations
     kyuubi.kubernetes.namespace={{ .Release.Namespace }}
-    kyuubi.frontend.bind.host=localhost
+    kyuubi.frontend.connection.url.use.hostname=false
     kyuubi.frontend.thrift.binary.bind.port={{ .Values.server.thriftBinary.port }}
     kyuubi.frontend.thrift.http.bind.port={{ .Values.server.thriftHttp.port }}
     kyuubi.frontend.rest.bind.port={{ .Values.server.rest.port }}

From 1457a2f82aea2513d0261c6699e735f853d0418c Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Thu, 23 Mar 2023 20:48:47 +0800
Subject: [PATCH 208/760] [KYUUBI #4587] [SPARK][EXT] Take care of table cache
 query stage

### _Why are the changes needed?_

compatible with Spark3.5

see https://issues.apache.org/jira/browse/SPARK-42101

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4587 from ulysses-you/FinalStageConfigIsolation.

Closes #4587

d456f9c99 [Cheng Pan] Update extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
34db59d6e [ulysses-you] take care of table cache query stage

Lead-authored-by: ulysses-you <ulyssesyou18@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
index 360a2645e..fee65b350 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
@@ -133,7 +133,9 @@ case class FinalStageConfigIsolation(session: SparkSession) extends Rule[SparkPl
           reusedExchangeExec
 
         // query stage is leaf node so we need to transform it manually
-        case queryStage: QueryStageExec =>
+        // compatible with Spark 3.5:
+        // SPARK-42101: table cache is a independent query stage, so do not need include it.
+        case queryStage: QueryStageExec if queryStage.nodeName != "TableCacheQueryStage" =>
           queryStageNum += 1
           collectNumber(queryStage.plan)
           queryStage

From 6f803c0015876171990ce366b6ffc274468aad25 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 24 Mar 2023 11:34:08 +0800
Subject: [PATCH 209/760] [KYUUBI #4560] [KSHC] Support Kerberized HMS in
 cluster mode w/o keytab

### _Why are the changes needed?_

This PR aims to make Kyuubi Spark Hive Connector(KSHC) support kerberized HMS in cluster mode w/o keytab(which is the typical use case in Kyuubi) by implementing a `HadoopDelegationTokenProvider`.

To enable access to an kerberized HMS using KSHC, the minimal configurations are
```
spark.sql.catalog.warm=org.apache.kyuubi.spark.connector.hive.HiveTableCatalog
spark.sql.catalog.warm.hive.metastore.uris=<thrift-uris>
```
then it's able to run federation query across metastores
```
SELECT * FROM spark_catalog.db1.tbl1 JOIN warm.db2.tbl2 ON ...
```

In addition, it allows disabling token renewal for each catalog explicitly
```
spark.sql.catalog.warm.delegation.token.renewal.enabled=false
```

The current implementation has some limitations:

the catalog configuration must be present on the Spark application bootstrap, which means the catalog configurations should be set in `spark-defaults.conf` or append as `--conf` like:
```
spark-[sql|shell|submit] \
  --conf spark.sql.catalog.xxx=org.apache.kyuubi.spark.connector.hive.HiveTableCatalog
  --conf spark.sql.catalog.xxx.hive.abc=xyz
```

but does not work for dynamic registering through SET statement, e.g. `SET spark.sql.catalog.xxx=`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

```
> (select count(*) from hive_2.mammut.test_7) union ( select count(*) from spark_catalog.test.test01 limit 1);
+-----------+
| count(1)  |
+-----------+
| 4         |
| 1         |
+-----------+
2 rows selected (8.378 seconds)
```

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4560 from pan3793/shc-token.

Closes #4560

fe8cd0c6d [Cheng Pan] Centralized metastore token signature fallback logic
851159559 [Cheng Pan] comments
fc3b4d596 [Cheng Pan] hive.metastore.token.signature fallback to hive.metastore.uris
fb7eb033f [Cheng Pan] unused import
858b39024 [Cheng Pan] New catalog property delegation.token.renewal.enabled
28ec5a543 [Cheng Pan] disable hms client retry
52044d474 [Cheng Pan] update comments
33b241831 [Cheng Pan] [KSHC] Support Kerberos by implementing KyuubiHiveConnectorDelegationTokenProvider

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 ...ark.security.HadoopDelegationTokenProvider |  18 ++
 .../connector/hive/HiveTableCatalog.scala     |   7 +-
 ...HiveConnectorDelegationTokenProvider.scala | 205 ++++++++++++++++++
 .../kyuubi/connector/HiveBridgeHelper.scala   |   2 +
 4 files changed, 229 insertions(+), 3 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-connector-hive/src/main/resources/META-INF/services/org.apache.spark.security.HadoopDelegationTokenProvider
 create mode 100644 extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveConnectorDelegationTokenProvider.scala

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/resources/META-INF/services/org.apache.spark.security.HadoopDelegationTokenProvider b/extensions/spark/kyuubi-spark-connector-hive/src/main/resources/META-INF/services/org.apache.spark.security.HadoopDelegationTokenProvider
new file mode 100644
index 000000000..8d93dd80a
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/resources/META-INF/services/org.apache.spark.security.HadoopDelegationTokenProvider
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorDelegationTokenProvider
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index c4d71dbba..d4e0f5ea2 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -44,6 +44,7 @@ import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.spark.connector.hive.HiveTableCatalog.{toCatalogDatabase, CatalogDatabaseHelper, IdentifierHelper, NamespaceHelper}
+import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorDelegationTokenProvider.metastoreTokenSignature
 
 /**
  * A [[TableCatalog]] that wrap HiveExternalCatalog to as V2 CatalogPlugin instance to access Hive.
@@ -73,9 +74,9 @@ class HiveTableCatalog(sparkSession: SparkSession)
 
   private lazy val hadoopConf: Configuration = {
     val conf = sparkSession.sessionState.newHadoopConf()
-    catalogOptions.asScala.foreach {
-      case (k, v) => conf.set(k, v)
-      case _ =>
+    catalogOptions.asScala.foreach { case (k, v) => conf.set(k, v) }
+    if (catalogOptions.containsKey("hive.metastore.uris")) {
+      conf.set("hive.metastore.token.signature", metastoreTokenSignature(catalogOptions))
     }
     conf
   }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveConnectorDelegationTokenProvider.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveConnectorDelegationTokenProvider.scala
new file mode 100644
index 000000000..118f4f6b9
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveConnectorDelegationTokenProvider.scala
@@ -0,0 +1,205 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.spark.connector.hive
+
+import java.lang.reflect.UndeclaredThrowableException
+import java.security.PrivilegedExceptionAction
+import java.util
+
+import scala.collection.JavaConverters._
+import scala.collection.mutable
+import scala.util.control.NonFatal
+
+import org.apache.hadoop.conf.Configuration
+import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier
+import org.apache.hadoop.hive.conf.HiveConf
+import org.apache.hadoop.hive.metastore.{HiveMetaStoreClient, IMetaStoreClient}
+import org.apache.hadoop.io.Text
+import org.apache.hadoop.security.{Credentials, SecurityUtil, UserGroupInformation}
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod
+import org.apache.hadoop.security.token.Token
+import org.apache.spark.SparkConf
+import org.apache.spark.internal.Logging
+import org.apache.spark.security.HadoopDelegationTokenProvider
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper._
+
+import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorDelegationTokenProvider.metastoreTokenSignature
+
+class KyuubiHiveConnectorDelegationTokenProvider
+  extends HadoopDelegationTokenProvider with Logging {
+
+  logInfo(s"Hadoop Delegation Token provider for service [$serviceName] is initialized.")
+
+  override def serviceName: String = "kyuubi-hive-connector"
+
+  private val classNotFoundErrorStr = "You are attempting to use the " +
+    s"${getClass.getCanonicalName}, but your Spark distribution is not built with Hive libraries."
+
+  private def hiveConf(
+      sparkConf: SparkConf,
+      hadoopConf: Configuration,
+      hiveCatalogName: String): Option[HiveConf] = {
+    try {
+      val hiveConf = new HiveConf(hadoopConf, classOf[HiveConf])
+      sparkConf.getAllWithPrefix(s"spark.sql.catalog.$hiveCatalogName.")
+        .foreach { case (k, v) => hiveConf.set(k, v) }
+      // The `RetryingHiveMetaStoreClient` may block the subsequent token obtaining,
+      // and `obtainDelegationTokens` is scheduled frequently, it's fine to disable
+      // the Hive retry mechanism.
+      hiveConf.set("hive.metastore.fastpath", "false")
+      Some(hiveConf)
+    } catch {
+      case NonFatal(e) =>
+        logWarning("Fail to create Hive Configuration", e)
+        None
+      case e: NoClassDefFoundError =>
+        logWarning(classNotFoundErrorStr, e)
+        None
+    }
+  }
+
+  private def extractHiveCatalogNames(sparkConf: SparkConf): Set[String] = sparkConf
+    .getAllWithPrefix("spark.sql.catalog.")
+    .filter { case (_, v) => v == classOf[HiveTableCatalog].getName }
+    .flatMap { case (k, _) => k.stripPrefix("spark.sql.catalog.").split("\\.").headOption }
+    .distinct.toSet
+
+  // The current implementation has the following limitations:
+  // the v2 catalog is kind of SQL API, and we can not get SQLConf here, thus only those
+  // configurations present in the Spark application bootstrap will take effect, e.g.
+  // `spark-defaults.conf` or `spark-submit --conf k=v` will take effect, but dynamically
+  // register by SET statement will not.
+  override def delegationTokensRequired(
+      sparkConf: SparkConf,
+      hadoopConf: Configuration): Boolean = {
+    val hiveCatalogNames = extractHiveCatalogNames(sparkConf)
+    logDebug(s"Recognized Kyuubi Hive Connector catalogs: $hiveCatalogNames")
+    hiveCatalogNames.exists { hiveCatalogName =>
+      hiveConf(sparkConf, hadoopConf, hiveCatalogName).exists { remoteHmsConf =>
+        delegationTokensRequired(sparkConf, remoteHmsConf, hiveCatalogName)
+      }
+    }
+  }
+
+  private def delegationTokensRequired(
+      sparkConf: SparkConf,
+      hiveConf: HiveConf,
+      hiveCatalogName: String): Boolean = {
+    val tokenRenewalEnabled = sparkConf.getBoolean(
+      s"spark.sql.catalog.$hiveCatalogName.delegation.token.renewal.enabled",
+      true)
+    val metastoreUris =
+      sparkConf.get(s"spark.sql.catalog.$hiveCatalogName.hive.metastore.uris", "")
+    val tokenAlias = new Text(metastoreUris)
+    val currentToken = UserGroupInformation.getCurrentUser.getCredentials.getToken(tokenAlias)
+    tokenRenewalEnabled && metastoreUris.nonEmpty && currentToken == null &&
+    SecurityUtil.getAuthenticationMethod(hiveConf) != AuthenticationMethod.SIMPLE &&
+    hiveConf.getBoolean("hive.metastore.sasl.enabled", false) &&
+    (SparkHadoopUtil.get.isProxyUser(UserGroupInformation.getCurrentUser) ||
+      (!Utils.isClientMode(sparkConf) && !sparkConf.contains("spark.kerberos.keytab")))
+  }
+
+  override def obtainDelegationTokens(
+      hadoopConf: Configuration,
+      sparkConf: SparkConf,
+      creds: Credentials): Option[Long] = {
+    val hmsClients: mutable.HashSet[IMetaStoreClient] = mutable.HashSet.empty
+    try {
+      val hiveCatalogNames = extractHiveCatalogNames(sparkConf)
+      logDebug(s"Recognized Hive catalogs: $hiveCatalogNames")
+
+      val requireTokenCatalogs = hiveCatalogNames.filter { hiveCatalogName =>
+        hiveConf(sparkConf, hadoopConf, hiveCatalogName).exists { remoteHmsConf =>
+          delegationTokensRequired(sparkConf, remoteHmsConf, hiveCatalogName)
+        }
+      }
+      logDebug(s"Require token Hive catalogs: $requireTokenCatalogs")
+
+      requireTokenCatalogs.foreach { hiveCatalogName =>
+        // one token request failure should not block the subsequent token obtaining
+        Utils.tryLogNonFatalError {
+          hiveConf(sparkConf, hadoopConf, hiveCatalogName).foreach { remoteHmsConf =>
+            val metastoreUrisKey = s"spark.sql.catalog.$hiveCatalogName.hive.metastore.uris"
+            val metastoreUris = sparkConf.get(metastoreUrisKey, "")
+            assert(metastoreUris.nonEmpty)
+
+            val catalogOptions =
+              sparkConf.getAllWithPrefix(s"spark.sql.catalog.$hiveCatalogName.").toMap
+            val tokenSignature = metastoreTokenSignature(catalogOptions.asJava)
+
+            val principalKey = "hive.metastore.kerberos.principal"
+            val principal = remoteHmsConf.getTrimmed(principalKey, "")
+            require(principal.nonEmpty, s"Hive principal $principalKey undefined")
+
+            val currentUser = UserGroupInformation.getCurrentUser
+            logInfo(s"Getting Hive delegation token for ${currentUser.getUserName} against " +
+              s"$principal at $metastoreUris")
+
+            doAsRealUser {
+              val hmsClient = new HiveMetaStoreClient(remoteHmsConf, null, false)
+              hmsClients += hmsClient
+              val tokenStr = hmsClient.getDelegationToken(currentUser.getUserName, principal)
+              val hive2Token = new Token[DelegationTokenIdentifier]()
+              hive2Token.decodeFromUrlString(tokenStr)
+              hive2Token.setService(new Text(tokenSignature))
+              logDebug(s"Get Token from hive metastore: ${hive2Token.toString}")
+              val tokenAlias = new Text(metastoreUris)
+              creds.addToken(tokenAlias, hive2Token)
+            }
+          }
+        }
+      }
+      None
+    } catch {
+      case _: NoClassDefFoundError =>
+        logWarning(classNotFoundErrorStr)
+        None
+    } finally {
+      hmsClients.foreach { hmsClient => Utils.tryLogNonFatalError { hmsClient.close() } }
+    }
+  }
+
+  /**
+   * Run some code as the real logged in user (which may differ from the current user, for
+   * example, when using proxying).
+   */
+  private def doAsRealUser[T](fn: => T): T = {
+    val currentUser = UserGroupInformation.getCurrentUser
+    val realUser = Option(currentUser.getRealUser).getOrElse(currentUser)
+
+    // For some reason the Scala-generated anonymous class ends up causing an
+    // UndeclaredThrowableException, even if you annotate the method with @throws.
+    try {
+      realUser.doAs(new PrivilegedExceptionAction[T]() {
+        override def run(): T = fn
+      })
+    } catch {
+      case e: UndeclaredThrowableException => throw Option(e.getCause).getOrElse(e)
+    }
+  }
+}
+
+object KyuubiHiveConnectorDelegationTokenProvider {
+
+  // fallback to `hive.metastore.uris` if `hive.metastore.token.signature` is absent
+  def metastoreTokenSignature(catalogOptions: util.Map[String, String]): String = {
+    assert(catalogOptions.containsKey("hive.metastore.uris"))
+    val metastoreUris = catalogOptions.get("hive.metastore.uris")
+    catalogOptions.getOrDefault("hive.metastore.token.signature", metastoreUris)
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
index ce1e445fc..349edd327 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
@@ -45,6 +45,8 @@ object HiveBridgeHelper {
   val HiveShim = org.apache.spark.sql.hive.HiveShim
   val InputFileBlockHolder = org.apache.spark.rdd.InputFileBlockHolder
   val HadoopTableReader = org.apache.spark.sql.hive.HadoopTableReader
+  val SparkHadoopUtil = org.apache.spark.deploy.SparkHadoopUtil
+  val Utils = org.apache.spark.util.Utils
 
   def postExternalCatalogEvent(sc: SparkContext, event: ExternalCatalogEvent): Unit = {
     sc.listenerBus.post(event)

From 0d5eaa2d0b6fc58348aef23c7407e7529c2873ab Mon Sep 17 00:00:00 2001
From: He Zhao <hezhao2@cisco.com>
Date: Fri, 24 Mar 2023 11:43:15 +0800
Subject: [PATCH 210/760] [KYUUBI #3646][UI] Init Session Statistic Page

### _Why are the changes needed?_

Init Session Statistic Page

Close #3646

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

![popo_2023-03-20  17-47-24](https://user-images.githubusercontent.com/52876270/226303508-ab55d7d5-62c5-4062-bfab-70c483517e99.jpg)

Closes #4564 from zwangsheng/KYUUBI_3646.

Closes #3646

cbe0842ba [zwangsheng] [KYUUBI #3646] fix style
930cbb12a [zwangsheng] [KYUUBI #3646] bracket same line
d2ab1d5fd [zwangsheng] [KYUUBI #3646] Fix i18n about status
7f059e2df [zwangsheng] [KYUUBI #3646] Fix i18n about status
452c3ee5a [zwangsheng] [KYUUBI #3646] Remove unused style class
8967652bc [zwangsheng] [KYUUBI #3646] Add date fns license
70f2472c2 [zwangsheng] [KYUUBI #3646] install date-fns
8a3e845ff [zwangsheng] [KYUUBI #3646][UI] Init Session Statistic Page

Lead-authored-by: He Zhao <hezhao2@cisco.com>
Co-authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 LICENSE-binary                                |   2 +
 kyuubi-server/web-ui/.eslintrc                |   3 +
 kyuubi-server/web-ui/package.json             |   1 +
 kyuubi-server/web-ui/pnpm-lock.yaml           |   7 ++
 kyuubi-server/web-ui/src/api/session/index.ts |  32 ++++++
 .../web-ui/src/locales/en_US/index.ts         |  13 ++-
 .../web-ui/src/locales/zh_CN/index.ts         |  13 ++-
 kyuubi-server/web-ui/src/router/index.ts      |   2 +
 .../web-ui/src/router/session/index.ts        |  26 +++++
 .../web-ui/src/views/common/use-table.ts      |  78 +++++++++++++
 .../views/layout/components/aside/types.ts    |  10 ++
 .../session/session-statistics/index.vue      | 104 ++++++++++++++++++
 12 files changed, 289 insertions(+), 2 deletions(-)
 create mode 100644 kyuubi-server/web-ui/src/api/session/index.ts
 create mode 100644 kyuubi-server/web-ui/src/router/session/index.ts
 create mode 100644 kyuubi-server/web-ui/src/views/common/use-table.ts
 create mode 100644 kyuubi-server/web-ui/src/views/session/session-statistics/index.vue

diff --git a/LICENSE-binary b/LICENSE-binary
index feab9965e..a52ea95fb 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -456,6 +456,8 @@ is auto-generated by `pnpm licenses list --prod`.
 ├────────────────────────────────────┼──────────────┤
 │ csstype                            │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ date-fns                           │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ dayjs                              │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ delayed-stream                     │ MIT          │
diff --git a/kyuubi-server/web-ui/.eslintrc b/kyuubi-server/web-ui/.eslintrc
index ebbf40199..f2bff2cd6 100644
--- a/kyuubi-server/web-ui/.eslintrc
+++ b/kyuubi-server/web-ui/.eslintrc
@@ -69,6 +69,9 @@
       "exports": "never",
       "functions": "never"
     }],
+    "prettier/prettier": ["error", {
+      "bracketSameLine": true
+    }],
     "vue/multi-word-component-names": "off",
     "vue/component-definition-name-casing": "off",
     "vue/require-valid-default-prop": "off",
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index 63fdc7221..131e69b7f 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -17,6 +17,7 @@
   "dependencies": {
     "@element-plus/icons-vue": "^2.0.9",
     "axios": "^0.27.2",
+    "date-fns": "^2.29.3",
     "element-plus": "^2.2.12",
     "pinia": "^2.0.18",
     "pinia-plugin-persistedstate": "^2.1.1",
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 61fc5124d..1926352ab 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -12,6 +12,7 @@ specifiers:
   '@vue/eslint-config-typescript': ^11.0.0
   '@vue/test-utils': ^2.0.2
   axios: ^0.27.2
+  date-fns: ^2.29.3
   element-plus: ^2.2.12
   eslint: ^8.21.0
   eslint-plugin-prettier: ^4.2.1
@@ -32,6 +33,7 @@ specifiers:
 dependencies:
   '@element-plus/icons-vue': 2.0.9_vue@3.2.37
   axios: 0.27.2
+  date-fns: 2.29.3
   element-plus: 2.2.13_vue@3.2.37
   pinia: 2.0.18_j6bzmzd4ujpabbp5objtwxyjp4
   pinia-plugin-persistedstate: 2.1.1_pinia@2.0.18
@@ -907,6 +909,11 @@ packages:
       whatwg-url: 11.0.0
     dev: true
 
+  /date-fns/2.29.3:
+    resolution: {integrity: sha512-dDCnyH2WnnKusqvZZ6+jA1O51Ibt8ZMRNkDZdyAyK4YfbDwa/cEmuztzG5pk6hqlp9aSBPYcjOlktquahGwGeA==}
+    engines: {node: '>=0.11'}
+    dev: false
+
   /dayjs/1.11.5:
     resolution: {integrity: sha512-CAdX5Q3YW3Gclyo5Vpqkgpj8fSdLQcRuzfX6mC6Phy0nfJ0eGYOeS7m4mt2plDWLAtA4TqTakvbboHvUxfe4iA==}
     dev: false
diff --git a/kyuubi-server/web-ui/src/api/session/index.ts b/kyuubi-server/web-ui/src/api/session/index.ts
new file mode 100644
index 000000000..6af5a817f
--- /dev/null
+++ b/kyuubi-server/web-ui/src/api/session/index.ts
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import request from '@/utils/request'
+
+export function getAllSessions() {
+  return request({
+    url: 'api/v1/sessions',
+    method: 'get'
+  })
+}
+
+export function deleteSession(sessionId: string) {
+  return request({
+    url: `api/v1/sessions/${sessionId}`,
+    method: 'delete'
+  })
+}
diff --git a/kyuubi-server/web-ui/src/locales/en_US/index.ts b/kyuubi-server/web-ui/src/locales/en_US/index.ts
index 92df340d8..99e851651 100644
--- a/kyuubi-server/web-ui/src/locales/en_US/index.ts
+++ b/kyuubi-server/web-ui/src/locales/en_US/index.ts
@@ -16,5 +16,16 @@
  */
 
 export default {
-  test: 'test'
+  test: 'test',
+  user: 'User',
+  client_ip: 'Client IP',
+  kyuubi_instance: 'Kyuubi Instance',
+  session_id: 'Session ID',
+  create_time: 'Create Time',
+  operation: 'Operation',
+  delete_confirm: 'Delete Confirm',
+  message: {
+    delete_succeeded: 'Delete {name} Succeeded',
+    delete_failed: 'Delete {name} Failed'
+  }
 }
diff --git a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
index 7272109f5..016aaa8e7 100644
--- a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
+++ b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
@@ -16,5 +16,16 @@
  */
 
 export default {
-  test: '测试'
+  test: '测试',
+  user: '用户',
+  client_ip: '客户端地址',
+  kyuubi_instance: '服务端地址',
+  session_id: 'Session ID',
+  create_time: '创建时间',
+  operation: '操作',
+  delete_confirm: '确认删除',
+  message: {
+    delete_succeeded: '删除 {name} 成功',
+    delete_failed: '删除 {name} 失败'
+  }
 }
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 207a22d56..4d01da552 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -20,6 +20,7 @@ import overviewRoutes from './overview'
 import workloadRoutes from './workload'
 import operationRoutes from './operation'
 import contactRoutes from './contact'
+import sessionRoutes from './session'
 
 const routes = [
   {
@@ -36,6 +37,7 @@ const routes = [
     redirect: 'overview',
     children: [
       ...overviewRoutes,
+      ...sessionRoutes,
       ...workloadRoutes,
       ...operationRoutes,
       ...contactRoutes
diff --git a/kyuubi-server/web-ui/src/router/session/index.ts b/kyuubi-server/web-ui/src/router/session/index.ts
new file mode 100644
index 000000000..fca49f211
--- /dev/null
+++ b/kyuubi-server/web-ui/src/router/session/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const routes = [
+  {
+    path: '/session/session-statistics',
+    name: 'session-statistics',
+    component: () => import('@/views/session/session-statistics/index.vue')
+  }
+]
+
+export default routes
diff --git a/kyuubi-server/web-ui/src/views/common/use-table.ts b/kyuubi-server/web-ui/src/views/common/use-table.ts
new file mode 100644
index 000000000..441feb1f1
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/common/use-table.ts
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { ref, Ref } from 'vue'
+
+export function useTable() {
+  const list: Ref<any[]> = ref([])
+  const tableData: Ref<any[]> = ref([])
+  const loading = ref(false)
+  const currentPage = ref(1)
+  const pageSize = ref(10)
+  const totalPage = ref(1)
+
+  const handleSizeChange = (val: number) => {
+    if (
+      currentPage.value === 1 ||
+      (currentPage.value > 1 && totalPage.value > (currentPage.value - 1) * val)
+    ) {
+      loading.value = true
+      setTimeout(() => {
+        setTableData()
+      }, 200)
+    }
+  }
+
+  const handleCurrentChange = () => {
+    loading.value = true
+    setTimeout(() => {
+      setTableData()
+    }, 200)
+  }
+
+  const setTableData = () => {
+    tableData.value = [...list.value].splice(
+      (currentPage.value - 1) * pageSize.value,
+      pageSize.value
+    )
+    loading.value = false
+  }
+
+  const getList = (func: Function, data?: any) => {
+    loading.value = true
+    func(data)
+      .then((res: any[]) => (list.value = res || []))
+      .catch(() => (list.value = []))
+      .finally(() => {
+        currentPage.value = 1
+        pageSize.value = 10
+        totalPage.value = list.value.length
+        setTableData()
+      })
+  }
+
+  return {
+    tableData,
+    loading,
+    currentPage,
+    pageSize,
+    totalPage,
+    handleSizeChange,
+    handleCurrentChange,
+    getList
+  }
+}
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
index ddd32bef4..71d1d0128 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
@@ -21,6 +21,16 @@ export const MENUS = [
     icon: 'Odometer',
     router: '/overview'
   },
+  {
+    label: 'Session Management',
+    icon: 'List',
+    children: [
+      {
+        label: 'Session Statistics',
+        router: '/session/session-statistics'
+      }
+    ]
+  },
   {
     label: 'Workload',
     icon: 'List',
diff --git a/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue b/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue
new file mode 100644
index 000000000..40a9b7568
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue
@@ -0,0 +1,104 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<template>
+  <!-- TODO we need search here -->
+  <el-card>
+    <el-table
+      v-loading="loading"
+      :data="tableData"
+      max-height="500px"
+      style="width: 100%">
+      <el-table-column prop="user" :label="$t('user')" width="160px" />
+      <!-- TODO need jump to engine page -->
+      <el-table-column prop="engineId" :label="$t('engine_ip')" width="160px" />
+      <el-table-column prop="ipAddr" :label="$t('client_ip')" width="160px" />
+      <el-table-column
+        prop="kyuubiInstance"
+        :label="$t('kyuubi_instance')"
+        width="180px" />
+      <!-- TODO need jump to session page -->
+      <el-table-column
+        prop="identifier"
+        :label="$t('session_id')"
+        width="300px" />
+      <el-table-column :label="$t('create_time')" width="200">
+        <template #default="scope">
+          {{
+            scope.row.createTime != null && scope.row.createTime > -1
+              ? format(scope.row.createTime, 'yyyy-MM-dd HH:mm:ss')
+              : '-'
+          }}
+        </template>
+      </el-table-column>
+      <el-table-column fixed="right" :label="$t('operation')">
+        <template #default="scope">
+          <el-popconfirm
+            :title="$t('delete_confirm')"
+            @confirm="handleDeleteSession(scope.row.identifier)">
+            <template #reference>
+              <span>
+                <el-tooltip
+                  effect="dark"
+                  :content="$t('delete')"
+                  placement="top">
+                  <template #default>
+                    <el-button type="danger" icon="Delete" circle />
+                  </template>
+                </el-tooltip>
+              </span>
+            </template>
+          </el-popconfirm>
+        </template>
+      </el-table-column>
+    </el-table>
+  </el-card>
+</template>
+
+<script lang="ts" setup>
+  import { format } from 'date-fns'
+  import { getAllSessions, deleteSession } from '@/api/session'
+  import { ElMessage } from 'element-plus'
+  import { useI18n } from 'vue-i18n'
+  import { useTable } from '@/views/common/use-table'
+  const { t } = useI18n()
+  const { tableData, loading, getList: _getList } = useTable()
+  const handleDeleteSession = (sessionId: string) => {
+    deleteSession(sessionId)
+      .then(() => {
+        // need add delete success or failed logic after api support
+        ElMessage({
+          message: t('message.delete_succeeded', { name: 'session' }),
+          type: 'success'
+        })
+      })
+      .catch(() => {
+        ElMessage({
+          message: t('message.delete_failed', { name: 'session' }),
+          type: 'error'
+        })
+      })
+      .finally(() => {
+        getList()
+      })
+  }
+  const getList = () => {
+    _getList(getAllSessions)
+  }
+  getList()
+</script>

From e21ec213c5248c3372b3e79d3b55a511e700d8cb Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 24 Mar 2023 14:53:53 +0800
Subject: [PATCH 211/760] [KYUUBI #4593] [DOCS] Keep promote the release step
 update-to-date

### _Why are the changes needed?_

Kyuubi website dropped the old way for update docs, we should update the docs to keep it reflect this change.

Ref: https://github.com/apache/kyuubi-website/commit/cbc7df12097b5485511937cdcd47f0ad73f01857#diff-87c53e762995c279bfb9cba355186bc80fdf748d4cd29b3898d06368d7eeb99fR340

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4593 from pan3793/doc.

Closes #4593

0dfcd47e4 [Cheng Pan] [DOCS] Keep promote the release step update-to-date

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/community/release.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/community/release.md b/docs/community/release.md
index 163c575ff..8252669c0 100644
--- a/docs/community/release.md
+++ b/docs/community/release.md
@@ -275,8 +275,7 @@ Fork and clone [Apache Kyuubi website](https://github.com/apache/kyuubi-website)
 
 1. Add a new markdown file in `src/zh/news/`, `src/en/news/`
 2. Add a new markdown file in `src/zh/release/`, `src/en/release/`
-3. Follow [Build Document](../develop_tools/build_document.md) to build documents, then copy `apache/kyuubi`'s
-   folder `docs/_build/html` to `apache/kyuubi-website`'s folder `content/docs/r{RELEASE_VERSION}`
+3. Update `releases` defined in `hugo.toml`'s `[params]` part.
 
 ### Create an Announcement
 

From 46d23ffd5649097909feb6ef6cc48b4a12804eff Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 24 Mar 2023 15:37:51 +0800
Subject: [PATCH 212/760] [KYUUBI #4594] Support PUT method in REST client

### _Why are the changes needed?_

We have api that need `PUT` method.
<img width="802" alt="image" src="https://user-images.githubusercontent.com/6757692/227441606-100bb7ff-2a51-400d-a1c9-dcd4217da305.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4594 from turboFei/support_put.

Closes #4594

26fab9e26 [fwang12] add put in rest client

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/client/IRestClient.java     |  4 ++++
 .../java/org/apache/kyuubi/client/RestClient.java | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/IRestClient.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/IRestClient.java
index 66897df54..0eaffebd2 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/IRestClient.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/IRestClient.java
@@ -32,6 +32,10 @@ public interface IRestClient extends AutoCloseable {
 
   String post(String path, String body, String authHeader);
 
+  <T> T put(String path, String body, Class<T> type, String authHeader);
+
+  String put(String path, String body, String authHeader);
+
   <T> T delete(String path, Map<String, Object> params, Class<T> type, String authHeader);
 
   String delete(String path, Map<String, Object> params, String authHeader);
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
index 20e57b963..6447d5477 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
@@ -126,6 +126,21 @@ public <T> T post(
     return JsonUtils.fromJson(responseJson, type);
   }
 
+  @Override
+  public <T> T put(String path, String body, Class<T> type, String authHeader) {
+    String responseJson = put(path, body, authHeader);
+    return JsonUtils.fromJson(responseJson, type);
+  }
+
+  @Override
+  public String put(String path, String body, String authHeader) {
+    RequestBuilder putRequestBuilder = RequestBuilder.put();
+    if (body != null) {
+      putRequestBuilder.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
+    }
+    return doRequest(buildURI(path), authHeader, putRequestBuilder);
+  }
+
   @Override
   public <T> T delete(String path, Map<String, Object> params, Class<T> type, String authHeader) {
     String responseJson = delete(path, params, authHeader);

From 17e1d624a9a02e760f4b31bb77085ad7f9c4f02e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 24 Mar 2023 16:53:43 +0800
Subject: [PATCH 213/760] [KYUUBI #4387] Remove support for Flink 1.14

### _Why are the changes needed?_

As discussed before, Kyuubi is going to support the latest 3 Flink versions, and to reduce the complexity of supporting Flink 1.17 https://github.com/apache/kyuubi/pull/4368, we are going to remove support Flink 1.14 first.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4588 from pan3793/rm-flink-1.14.

Closes #4387

97d263324 [Cheng Pan] Remove support for Flink 1.14

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  |   5 -
 externals/kyuubi-flink-sql-engine/pom.xml     |  12 +-
 .../engine/flink/FlinkEngineUtils.scala       |   2 +-
 .../flink/operation/ExecuteStatement.scala    |  23 +--
 .../engine/flink/result/ResultSet.scala       |  38 +----
 .../flink/operation/FlinkOperationSuite.scala | 132 ++++++------------
 integration-tests/kyuubi-flink-it/pom.xml     |   2 +-
 pom.xml                                       |  23 +--
 8 files changed, 69 insertions(+), 168 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 4d48e5b3b..ddbccc0fd 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -161,16 +161,11 @@ jobs:
           - 8
           - 11
         flink:
-          - '1.14'
           - '1.15'
           - '1.16'
         flink-archive: [ "" ]
         comment: [ "normal" ]
         include:
-          - java: 8
-            flink: '1.16'
-            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.14.6 -Dflink.archive.name=flink-1.14.6-bin-scala_2.12.tgz'
-            comment: 'verify-on-flink-1.14-binary'
           - java: 8
             flink: '1.16'
             flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.15.3 -Dflink.archive.name=flink-1.15.3-bin-scala_2.12.tgz'
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index 4d7167c1c..f3633b904 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -59,19 +59,19 @@
 
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-streaming-java${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-streaming-java</artifactId>
             <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-clients${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-clients</artifactId>
             <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-sql-client${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-sql-client</artifactId>
             <scope>provided</scope>
         </dependency>
 
@@ -89,7 +89,7 @@
 
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-table-api-java-bridge${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-table-api-java-bridge</artifactId>
             <scope>provided</scope>
         </dependency>
 
@@ -101,7 +101,7 @@
 
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-table-runtime${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-table-runtime</artifactId>
             <scope>provided</scope>
         </dependency>
 
@@ -128,7 +128,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-test-utils${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-test-utils</artifactId>
             <scope>test</scope>
         </dependency>
     </dependencies>
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
index e271944a7..69fc8c695 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
@@ -40,7 +40,7 @@ object FlinkEngineUtils extends Logging {
   val EMBEDDED_MODE_CLIENT_OPTIONS: Options = getEmbeddedModeClientOptions(new Options);
 
   val SUPPORTED_FLINK_VERSIONS: Array[SemanticVersion] =
-    Array("1.14", "1.15", "1.16").map(SemanticVersion.apply)
+    Array("1.15", "1.16").map(SemanticVersion.apply)
 
   def checkFlinkVersion(): Unit = {
     val flinkVersion = EnvironmentInformation.getVersion
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index 8ec794ffb..db7876b6c 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -24,7 +24,7 @@ import scala.collection.JavaConverters._
 import scala.collection.mutable.ArrayBuffer
 
 import org.apache.flink.api.common.JobID
-import org.apache.flink.table.api.{ResultKind, TableResult}
+import org.apache.flink.table.api.ResultKind
 import org.apache.flink.table.client.gateway.TypedResult
 import org.apache.flink.table.data.{GenericArrayData, GenericMapData, RowData}
 import org.apache.flink.table.data.binary.{BinaryArrayData, BinaryMapData}
@@ -120,18 +120,8 @@ class ExecuteStatement(
           case TypedResult.ResultType.PAYLOAD =>
             (1 to result.getPayload).foreach { page =>
               if (rows.size < resultMaxRows) {
-                // FLINK-24461 retrieveResultPage method changes the return type from Row to RowData
-                val retrieveResultPage = DynMethods.builder("retrieveResultPage")
-                  .impl(executor.getClass, classOf[String], classOf[Int])
-                  .build(executor)
-                val _page = Integer.valueOf(page)
-                if (isFlinkVersionEqualTo("1.14")) {
-                  val result = retrieveResultPage.invoke[util.List[Row]](resultId, _page)
-                  rows ++= result.asScala
-                } else if (isFlinkVersionAtLeast("1.15")) {
-                  val result = retrieveResultPage.invoke[util.List[RowData]](resultId, _page)
-                  rows ++= result.asScala.map(r => convertToRow(r, dataTypes))
-                }
+                val result = executor.retrieveResultPage(resultId, page)
+                rows ++= result.asScala.map(r => convertToRow(r, dataTypes))
               } else {
                 loop = false
               }
@@ -154,12 +144,7 @@ class ExecuteStatement(
   }
 
   private def runOperation(operation: Operation): Unit = {
-    // FLINK-24461 executeOperation method changes the return type
-    // from TableResult to TableResultInternal
-    val executeOperation = DynMethods.builder("executeOperation")
-      .impl(executor.getClass, classOf[String], classOf[Operation])
-      .build(executor)
-    val result = executeOperation.invoke[TableResult](sessionId, operation)
+    val result = executor.executeOperation(sessionId, operation)
     jobId = result.getJobClient.asScala.map(_.getJobID)
     // after FLINK-24461, TableResult#await() would block insert statements
     // until the job finishes, instead of returning row affected immediately
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
index 323d157b1..136733812 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
@@ -18,19 +18,15 @@
 package org.apache.kyuubi.engine.flink.result
 
 import java.util
-import java.util.Collections
 
 import scala.collection.JavaConverters._
 
 import com.google.common.collect.Iterators
-import org.apache.flink.table.api.{DataTypes, ResultKind, TableResult}
-import org.apache.flink.table.api.internal.TableResultImpl
-import org.apache.flink.table.catalog.{Column, ResolvedSchema}
+import org.apache.flink.table.api.{ResultKind, TableResult}
+import org.apache.flink.table.catalog.Column
 import org.apache.flink.types.Row
 
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils._
 import org.apache.kyuubi.operation.{ArrayFetchIterator, FetchIterator}
-import org.apache.kyuubi.reflection.{DynFields, DynMethods}
 
 case class ResultSet(
     resultKind: ResultKind,
@@ -61,36 +57,12 @@ case class ResultSet(
  */
 object ResultSet {
 
-  private lazy val TABLE_RESULT_OK = DynFields.builder()
-    .hiddenImpl(classOf[TableResultImpl], "TABLE_RESULT_OK") // for Flink 1.14
-    .buildStatic[TableResult]
-    .get
-
   def fromTableResult(tableResult: TableResult): ResultSet = {
-    // FLINK-25558, if execute multiple SQLs that return OK, the second and latter results
-    // would be empty, which affects Flink 1.14
-    val fixedTableResult: TableResult =
-      if (isFlinkVersionAtMost("1.14") && tableResult == TABLE_RESULT_OK) {
-        // FLINK-24461 executeOperation method changes the return type
-        // from TableResult to TableResultInternal
-        val builder = TableResultImpl.builder
-          .resultKind(ResultKind.SUCCESS)
-          .schema(ResolvedSchema.of(Column.physical("result", DataTypes.STRING)))
-          .data(Collections.singletonList(Row.of("OK")))
-        // FLINK-24461 the return type of TableResultImpl.Builder#build changed
-        // from TableResult to TableResultInternal
-        DynMethods.builder("build")
-          .impl(classOf[TableResultImpl.Builder])
-          .build(builder)
-          .invoke[TableResult]()
-      } else {
-        tableResult
-      }
-    val schema = fixedTableResult.getResolvedSchema
+    val schema = tableResult.getResolvedSchema
     // collect all rows from table result as list
     // this is ok as TableResult contains limited rows
-    val rows = fixedTableResult.collect.asScala.toArray
-    builder.resultKind(fixedTableResult.getResultKind)
+    val rows = tableResult.collect.asScala.toArray
+    builder.resultKind(tableResult.getResultKind)
       .columns(schema.getColumns)
       .data(rows)
       .build
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 70eb84ddb..a38476f4d 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -30,7 +30,6 @@ import org.scalatest.time.SpanSugar._
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils._
 import org.apache.kyuubi.engine.flink.WithFlinkSQLEngine
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
@@ -758,26 +757,18 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
 
   test("execute statement - select array") {
     withJdbcStatement() { statement =>
-      val resultSet =
-        statement.executeQuery("select array ['v1', 'v2', 'v3']")
+      val resultSet = statement.executeQuery("select array ['v1', 'v2', 'v3']")
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.ARRAY)
       assert(resultSet.next())
-      if (isFlinkVersionEqualTo("1.14")) {
-        val expected = """["v1","v2","v3"]"""
-        assert(resultSet.getObject(1).toString == expected)
-      }
-      if (isFlinkVersionAtLeast("1.15")) {
-        val expected = "[v1,v2,v3]"
-        assert(resultSet.getObject(1).toString == expected)
-      }
+      val expected = "[v1,v2,v3]"
+      assert(resultSet.getObject(1).toString == expected)
     }
   }
 
   test("execute statement - select map") {
     withJdbcStatement() { statement =>
-      val resultSet =
-        statement.executeQuery("select map ['k1', 'v1', 'k2', 'v2']")
+      val resultSet = statement.executeQuery("select map ['k1', 'v1', 'k2', 'v2']")
       assert(resultSet.next())
       assert(resultSet.getString(1) == "{k1=v1, k2=v2}")
       val metaData = resultSet.getMetaData
@@ -787,17 +778,10 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
 
   test("execute statement - select row") {
     withJdbcStatement() { statement =>
-      val resultSet =
-        statement.executeQuery("select (1, '2', true)")
+      val resultSet = statement.executeQuery("select (1, '2', true)")
       assert(resultSet.next())
-      if (isFlinkVersionEqualTo("1.14")) {
-        val expected = """{INT NOT NULL:1,CHAR(1) NOT NULL:"2",BOOLEAN NOT NULL:true}"""
-        assert(resultSet.getString(1) == expected)
-      }
-      if (isFlinkVersionAtLeast("1.15")) {
-        val expected = """{INT NOT NULL:1,CHAR(1) NOT NULL:2,BOOLEAN NOT NULL:true}"""
-        assert(resultSet.getString(1) == expected)
-      }
+      val expected = """{INT NOT NULL:1,CHAR(1) NOT NULL:2,BOOLEAN NOT NULL:true}"""
+      assert(resultSet.getString(1) == expected)
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.STRUCT)
     }
@@ -807,25 +791,20 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("select encode('kyuubi', 'UTF-8')")
       assert(resultSet.next())
-      if (isFlinkVersionEqualTo("1.14")) {
-        assert(resultSet.getString(1) == "kyuubi")
-      }
-      if (isFlinkVersionAtLeast("1.15")) {
-        // TODO: validate table results after FLINK-28882 is resolved
-        assert(resultSet.getString(1) == "k")
-      }
+      // TODO: validate table results after FLINK-28882 is resolved
+      assert(resultSet.getString(1) == "k")
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.BINARY)
     }
   }
 
   test("execute statement - select float") {
-    withJdbcStatement()({ statement =>
+    withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("SELECT cast(0.1 as float)")
       assert(resultSet.next())
       assert(resultSet.getString(1) == "0.1")
       assert(resultSet.getFloat(1) == 0.1f)
-    })
+    }
   }
 
   test("execute statement - select count") {
@@ -905,30 +884,24 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
   }
 
   test("execute statement - create/alter/drop database") {
-    withJdbcStatement()({ statement =>
+    withJdbcStatement() { statement =>
       val createResult = statement.executeQuery("create database db_a")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(createResult.next())
-        assert(createResult.getString(1) === "OK")
-      }
+      assert(createResult.next())
+      assert(createResult.getString(1) === "OK")
       val alterResult = statement.executeQuery("alter database db_a set ('k1' = 'v1')")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(alterResult.next())
-        assert(alterResult.getString(1) === "OK")
-      }
+      assert(alterResult.next())
+      assert(alterResult.getString(1) === "OK")
       val dropResult = statement.executeQuery("drop database db_a")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(dropResult.next())
-        assert(dropResult.getString(1) === "OK")
-      }
-    })
+      assert(dropResult.next())
+      assert(dropResult.getString(1) === "OK")
+    }
   }
 
   test("execute statement - set/get database") {
     withSessionConf()(
       Map(ENGINE_OPERATION_CONVERT_CATALOG_DATABASE_ENABLED.key -> "true"))(
       Map.empty) {
-      withJdbcStatement()({ statement =>
+      withJdbcStatement() { statement =>
         statement.executeQuery("create database db_a")
         val schema = statement.getConnection.getSchema
         assert(schema == "default_database")
@@ -936,54 +909,41 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
         val changedSchema = statement.getConnection.getSchema
         assert(changedSchema == "db_a")
         assert(statement.execute("drop database db_a"))
-      })
+      }
     }
   }
 
   test("execute statement - create/alter/drop table") {
-    withJdbcStatement()({ statement =>
-      val createResult = {
+    withJdbcStatement() { statement =>
+      val createResult =
         statement.executeQuery("create table tbl_a (a string) with ('connector' = 'blackhole')")
-      }
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(createResult.next())
-        assert(createResult.getString(1) === "OK")
-      }
+      assert(createResult.next())
+      assert(createResult.getString(1) === "OK")
       val alterResult = statement.executeQuery("alter table tbl_a rename to tbl_b")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(alterResult.next())
-        assert(alterResult.getString(1) === "OK")
-      }
+      assert(alterResult.next())
+      assert(alterResult.getString(1) === "OK")
       val dropResult = statement.executeQuery("drop table tbl_b")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(dropResult.next())
-        assert(dropResult.getString(1) === "OK")
-      }
-    })
+      assert(dropResult.next())
+      assert(dropResult.getString(1) === "OK")
+    }
   }
 
   test("execute statement - create/alter/drop view") {
-    withMultipleConnectionJdbcStatement()({ statement =>
+    withMultipleConnectionJdbcStatement() { statement =>
       val createResult = statement.executeQuery("create view view_a as select 1")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(createResult.next())
-        assert(createResult.getString(1) === "OK")
-      }
+      assert(createResult.next())
+      assert(createResult.getString(1) === "OK")
       val alterResult = statement.executeQuery("alter view view_a rename to view_b")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(alterResult.next())
-        assert(alterResult.getString(1) === "OK")
-      }
+      assert(alterResult.next())
+      assert(alterResult.getString(1) === "OK")
       val dropResult = statement.executeQuery("drop view view_b")
-      if (isFlinkVersionAtLeast("1.15")) {
-        assert(dropResult.next())
-        assert(dropResult.getString(1) === "OK")
-      }
-    })
+      assert(dropResult.next())
+      assert(dropResult.getString(1) === "OK")
+    }
   }
 
   test("execute statement - insert into") {
-    withMultipleConnectionJdbcStatement()({ statement =>
+    withMultipleConnectionJdbcStatement() { statement =>
       statement.executeQuery("create table tbl_a (a int) with ('connector' = 'blackhole')")
       val resultSet = statement.executeQuery("insert into tbl_a select 1")
       val metadata = resultSet.getMetaData
@@ -991,11 +951,11 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
       assert(metadata.getColumnType(1) == java.sql.Types.BIGINT)
       assert(resultSet.next())
       assert(resultSet.getLong(1) == -1L)
-    })
+    }
   }
 
   test("execute statement - set properties") {
-    withMultipleConnectionJdbcStatement()({ statement =>
+    withMultipleConnectionJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("set table.dynamic-table-options.enabled = true")
       val metadata = resultSet.getMetaData
       assert(metadata.getColumnName(1) == "key")
@@ -1003,21 +963,21 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
       assert(resultSet.next())
       assert(resultSet.getString(1) == "table.dynamic-table-options.enabled")
       assert(resultSet.getString(2) == "true")
-    })
+    }
   }
 
   test("execute statement - show properties") {
-    withMultipleConnectionJdbcStatement()({ statement =>
+    withMultipleConnectionJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("set")
       val metadata = resultSet.getMetaData
       assert(metadata.getColumnName(1) == "key")
       assert(metadata.getColumnName(2) == "value")
       assert(resultSet.next())
-    })
+    }
   }
 
   test("execute statement - reset property") {
-    withMultipleConnectionJdbcStatement()({ statement =>
+    withMultipleConnectionJdbcStatement() { statement =>
       statement.executeQuery("set pipeline.jars = my.jar")
       statement.executeQuery("reset pipeline.jars")
       val resultSet = statement.executeQuery("set")
@@ -1031,7 +991,7 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
         }
       }
       assert(success)
-    })
+    }
   }
 
   test("execute statement - select udf") {
diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml
index 8ccc14e5e..c6a55c62c 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -75,7 +75,7 @@
 
         <dependency>
             <groupId>org.apache.flink</groupId>
-            <artifactId>flink-table-runtime${flink.module.scala.suffix}</artifactId>
+            <artifactId>flink-table-runtime</artifactId>
             <scope>test</scope>
         </dependency>
 
diff --git a/pom.xml b/pom.xml
index 057a09b42..e4e1aa5f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,7 +137,6 @@
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>
         <flink.version>1.16.1</flink.version>
-        <flink.module.scala.suffix></flink.module.scala.suffix>
         <flink.archive.name>flink-${flink.version}-bin-scala_${scala.binary.version}.tgz</flink.archive.name>
         <flink.archive.mirror>${apache.archive.dist}/flink/flink-${flink.version}</flink.archive.mirror>
         <flink.archive.download.skip>false</flink.archive.download.skip>
@@ -1572,13 +1571,13 @@
 
             <dependency>
                 <groupId>org.apache.flink</groupId>
-                <artifactId>flink-streaming-java${flink.module.scala.suffix}</artifactId>
+                <artifactId>flink-streaming-java</artifactId>
                 <version>${flink.version}</version>
             </dependency>
 
             <dependency>
                 <groupId>org.apache.flink</groupId>
-                <artifactId>flink-clients${flink.module.scala.suffix}</artifactId>
+                <artifactId>flink-clients</artifactId>
                 <version>${flink.version}</version>
             </dependency>
 
@@ -1596,7 +1595,7 @@
 
             <dependency>
                 <groupId>org.apache.flink</groupId>
-                <artifactId>flink-table-api-java-bridge${flink.module.scala.suffix}</artifactId>
+                <artifactId>flink-table-api-java-bridge</artifactId>
                 <version>${flink.version}</version>
             </dependency>
 
@@ -1608,7 +1607,7 @@
 
             <dependency>
                 <groupId>org.apache.flink</groupId>
-                <artifactId>flink-table-runtime${flink.module.scala.suffix}</artifactId>
+                <artifactId>flink-table-runtime</artifactId>
                 <version>${flink.version}</version>
                 <scope>provided</scope>
             </dependency>
@@ -1621,13 +1620,13 @@
 
             <dependency>
                 <groupId>org.apache.flink</groupId>
-                <artifactId>flink-sql-client${flink.module.scala.suffix}</artifactId>
+                <artifactId>flink-sql-client</artifactId>
                 <version>${flink.version}</version>
             </dependency>
 
             <dependency>
                 <groupId>org.apache.flink</groupId>
-                <artifactId>flink-test-utils${flink.module.scala.suffix}</artifactId>
+                <artifactId>flink-test-utils</artifactId>
                 <version>${flink.version}</version>
                 <exclusions>
                     <exclusion>
@@ -2389,19 +2388,10 @@
             </repositories>
         </profile>
 
-        <profile>
-            <id>flink-1.14</id>
-            <properties>
-                <flink.version>1.14.6</flink.version>
-                <flink.module.scala.suffix>_${scala.binary.version}</flink.module.scala.suffix>
-            </properties>
-        </profile>
-
         <profile>
             <id>flink-1.15</id>
             <properties>
                 <flink.version>1.15.3</flink.version>
-                <flink.module.scala.suffix></flink.module.scala.suffix>
             </properties>
         </profile>
 
@@ -2409,7 +2399,6 @@
             <id>flink-1.16</id>
             <properties>
                 <flink.version>1.16.1</flink.version>
-                <flink.module.scala.suffix></flink.module.scala.suffix>
             </properties>
         </profile>
 

From b8f452692a212353fa77d921326a53f8b9feac6c Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Fri, 24 Mar 2023 18:24:53 +0800
Subject: [PATCH 214/760] [KYUUBI #4592] Support eagerly kill redundant
 executors

### _Why are the changes needed?_

This pr adds a new rule `FinalStageResourceManager` to eagerly kill redundant executors

We first get the final stage partition which is the actually required cores, then kill the redundant executors. The priority of kill executors follow:
  1. kill executor who is younger than other (The older the JIT works better)
  2. kill executor who produces less shuffle data first

The reason why add this feature is that, if the previous stage contains lots executors but final stage has less, then the tasks of final stage would be scheduled randomly in all exists executors which may cause resource waste. e.g., each executor only run 1 or 2 tasks but holds 4 or 5 cores.

### _How was this patch tested?_
test manually

- test for the kill executor
<img width="755" alt="image" src="https://user-images.githubusercontent.com/12025282/227203809-9fe0731c-f97f-40d2-ac7f-b892a2a35289.png">

Closes #4592 from ulysses-you/eagerly-kill-executors.

Closes #4592

f35208bfd [ulysses-you] nit
ec627ee4f [ulysses-you] nit
28d4230f8 [ulysses-you] address comments
f2492cec6 [ulysses-you] nit
f44e48451 [ulysses-you] Support eagerly kill redundant executors

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/rules.md        |   2 +
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |   3 +
 .../spark/FinalStageResourceManager.scala     | 204 ++++++++++++++++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  16 ++
 4 files changed, 225 insertions(+)
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala

diff --git a/docs/extensions/engines/spark/rules.md b/docs/extensions/engines/spark/rules.md
index 5c8c04869..f06ecf256 100644
--- a/docs/extensions/engines/spark/rules.md
+++ b/docs/extensions/engines/spark/rules.md
@@ -83,4 +83,6 @@ Kyuubi provides some configs to make these feature easy to use.
 | spark.sql.optimizer.inferRebalanceAndSortOrdersMaxColumns           | 3             | The max columns of inferred columns.                                                                                                                                                                                                                                                                                                                 | 1.7.0 |
 | spark.sql.optimizer.insertRepartitionBeforeWriteIfNoShuffle.enabled | false         | When true, add repartition even if the original plan does not have shuffle.                                                                                                                                                                                                                                                                          | 1.7.0 |
 | spark.sql.optimizer.finalStageConfigIsolationWriteOnly.enabled      | true          | When true, only enable final stage isolation for writing.                                                                                                                                                                                                                                                                                            | 1.7.0 |
+| spark.sql.finalWriteStage.eagerlyKillExecutors.enabled              | false         | When true, eagerly kill redundant executors before running final write stage.                                                                                                                                                                                                                                                                        | 1.8.0 |
+| spark.sql.finalWriteStage.retainExecutorsFactor                     | 1.2           | If the target executors * factor < active executors, and target executors * factor > min executors, then inject kill executors or inject custom resource profile.                                                                                                                                                                                    | 1.8.0 |
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index ef9da41be..0d034c26c 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.sql
 
+import org.apache.spark.FinalStageResourceManager
 import org.apache.spark.sql.SparkSessionExtensions
 
 import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxPartitionStrategy}
@@ -39,5 +40,7 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
     // watchdog extension
     extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
     extensions.injectPlannerStrategy(MaxPartitionStrategy)
+
+    extensions.injectQueryStagePrepRule(FinalStageResourceManager)
   }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala
new file mode 100644
index 000000000..8eae5d0e2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala
@@ -0,0 +1,204 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive._
+import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeExec}
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, MarkNumOutputColumnsRule}
+
+/**
+ * This rule assumes the final write stage has less cores requirement than previous, otherwise
+ * this rule would take no effect.
+ *
+ * It provide a feature:
+ * 1. Kill redundant executors before running final write stage
+ */
+case class FinalStageResourceManager(session: SparkSession) extends Rule[SparkPlan] {
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED)) {
+      return plan
+    }
+
+    if (!MarkNumOutputColumnsRule.isWrite(session, plan)) {
+      return plan
+    }
+
+    val sc = session.sparkContext
+    val dra = sc.getConf.getBoolean("spark.dynamicAllocation.enabled", false)
+    val coresPerExecutor = sc.getConf.getInt("spark.executor.cores", 1)
+    val minExecutors = sc.getConf.getInt("spark.dynamicAllocation.minExecutors", 0)
+    val maxExecutors = sc.getConf.getInt("spark.dynamicAllocation.maxExecutors", Int.MaxValue)
+    val factor = conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_PARTITION_FACTOR)
+    val hasImprovementRoom = maxExecutors - 1 > minExecutors * factor
+    // Fast fail if:
+    // 1. DRA off
+    // 2. only work with yarn and k8s
+    // 3. maxExecutors is not bigger than minExecutors * factor
+    if (!dra || !sc.schedulerBackend.isInstanceOf[CoarseGrainedSchedulerBackend] ||
+      !hasImprovementRoom) {
+      return plan
+    }
+
+    val stage = findFinalRebalanceStage(plan)
+    if (stage.isEmpty) {
+      return plan
+    }
+
+    // Since we are in `prepareQueryStage`, the AQE shuffle read has not been applied.
+    // So we need to apply it by self.
+    val shuffleRead = queryStageOptimizerRules.foldLeft(stage.get.asInstanceOf[SparkPlan]) {
+      case (latest, rule) => rule.apply(latest)
+    }
+    shuffleRead match {
+      case AQEShuffleReadExec(stage: ShuffleQueryStageExec, partitionSpecs) =>
+        // The condition whether inject custom resource profile:
+        // - target executors < active executors
+        // - target executors > min executors
+        val numActiveExecutors = sc.getExecutorIds().length
+        val targetCores = partitionSpecs.length
+        val targetExecutors = (math.ceil(targetCores.toFloat / coresPerExecutor) * factor).toInt
+          .max(1)
+        val hasBenefits = targetExecutors < numActiveExecutors && targetExecutors > minExecutors
+        if (hasBenefits) {
+          val shuffleId = stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleDependency.shuffleId
+          val numReduce = stage.plan.asInstanceOf[ShuffleExchangeExec].numPartitions
+          // Now, there is only a final rebalance stage waiting to execute and all tasks of previous
+          // stage are finished. Kill redundant existed executors eagerly so the tasks of final
+          // stage can be centralized scheduled.
+          killExecutors(sc, targetExecutors, shuffleId, numReduce)
+        } else {
+          logInfo(s"Has no benefits to kill executors or inject custom resource profile, " +
+            s"active executors: $numActiveExecutors, min executor: $minExecutors, " +
+            s"target executors: $targetExecutors.")
+        }
+
+      case _ =>
+    }
+
+    plan
+  }
+
+  /**
+   * The priority of kill executors follow:
+   * 1. kill executor who is younger than other (The older the JIT works better)
+   * 2. kill executor who produces less shuffle data first
+   */
+  private def findExecutorToKill(
+      sc: SparkContext,
+      targetExecutors: Int,
+      shuffleId: Int,
+      numReduce: Int): Seq[String] = {
+    val tracker = SparkEnv.get.mapOutputTracker.asInstanceOf[MapOutputTrackerMaster]
+    val shuffleStatus = tracker.shuffleStatuses(shuffleId)
+    val executorToBlockSize = new mutable.HashMap[String, Long]
+    shuffleStatus.withMapStatuses { mapStatus =>
+      mapStatus.foreach { status =>
+        var i = 0
+        var sum = 0L
+        while (i < numReduce) {
+          sum += status.getSizeForBlock(i)
+          i += 1
+        }
+        executorToBlockSize.getOrElseUpdate(status.location.executorId, sum)
+      }
+    }
+
+    val backend = sc.schedulerBackend.asInstanceOf[CoarseGrainedSchedulerBackend]
+    val executorsWithRegistrationTs = backend.getExecutorsWithRegistrationTs()
+    val existedExecutors = executorsWithRegistrationTs.keys.toSet
+    val expectedNumExecutorToKill = existedExecutors.size - targetExecutors
+    if (expectedNumExecutorToKill < 1) {
+      return Seq.empty
+    }
+
+    val executorIdsToKill = new ArrayBuffer[String]()
+    // We first kill executor who does not hold shuffle block. It would happen because
+    // the last stage is running fast and finished in a short time. The existed executors are
+    // from previous stages that have not been killed by DRA, so we can not find it by tracking
+    // shuffle status.
+    // We should evict executors by their alive time first and retain all of executors which
+    // have better locality for shuffle block.
+    val numExecutorToKillWithNoShuffle = expectedNumExecutorToKill - executorToBlockSize.size
+    executorsWithRegistrationTs.toSeq.sortBy(_._2).foreach { case (id, _) =>
+      if (executorIdsToKill.length < numExecutorToKillWithNoShuffle &&
+        !executorToBlockSize.contains(id)) {
+        executorIdsToKill.append(id)
+      }
+    }
+
+    // Evict the rest executors according to the shuffle block size
+    executorToBlockSize.toSeq.sortBy(_._2).foreach { case (id, _) =>
+      if (executorIdsToKill.length < expectedNumExecutorToKill) {
+        executorIdsToKill.append(id)
+      }
+    }
+
+    executorIdsToKill.toSeq
+  }
+
+  private def killExecutors(
+      sc: SparkContext,
+      targetExecutors: Int,
+      shuffleId: Int,
+      numReduce: Int): Unit = {
+    val executorAllocationClient = sc.schedulerBackend.asInstanceOf[ExecutorAllocationClient]
+
+    val executorsToKill = findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+    logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
+      s"[${executorsToKill.mkString(", ")}].")
+
+    // Note, `SparkContext#killExecutors` does not allow with ARD enabled,
+    // see `https://github.com/apache/spark/pull/20604`.
+    // It may cause the status in `ExecutorAllocationManager` inconsistent with
+    // `CoarseGrainedSchedulerBackend` for a while. But it should be synchronous finally.
+    executorAllocationClient.killExecutors(
+      executorIds = executorsToKill,
+      adjustTargetNumExecutors = false,
+      countFailures = false,
+      force = false)
+  }
+
+  @tailrec
+  private def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
+    plan match {
+      case p: ProjectExec => findFinalRebalanceStage(p.child)
+      case f: FilterExec => findFinalRebalanceStage(f.child)
+      case s: SortExec if !s.global => findFinalRebalanceStage(s.child)
+      case stage: ShuffleQueryStageExec
+          if stage.isMaterialized &&
+            stage.plan.isInstanceOf[ShuffleExchangeExec] &&
+            stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleOrigin != ENSURE_REQUIREMENTS =>
+        Some(stage)
+      case _ => None
+    }
+  }
+
+  @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
+    OptimizeSkewInRebalancePartitions,
+    CoalesceShufflePartitions(session),
+    OptimizeShuffleWithLocalRead)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index 0fe9f649e..15634ee35 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -190,4 +190,20 @@ object KyuubiSQLConf {
       .version("1.7.0")
       .booleanConf
       .createWithDefault(true)
+
+  val FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED =
+    buildConf("spark.sql.finalWriteStage.eagerlyKillExecutors.enabled")
+      .doc("When true, eagerly kill redundant executors before running final write stage.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_PARTITION_FACTOR =
+    buildConf("spark.sql.finalWriteStage.retainExecutorsFactor")
+      .doc("If the target executors * factor < active executors, and " +
+        "target executors * factor > min executors, then kill redundant executors.")
+      .version("1.8.0")
+      .doubleConf
+      .checkValue(_ >= 1, "must be bigger than or equal to 1")
+      .createWithDefault(1.2)
 }

From 0ebeddae39951ef59ba8c0b4b8aa106791b680a4 Mon Sep 17 00:00:00 2001
From: phyyou <gydudwls@gmail.com>
Date: Fri, 24 Mar 2023 21:30:13 +0800
Subject: [PATCH 215/760] [KYUUBI #4589] [HELM] Update template on port-foward
 usage guide NOTES.txt

- Fix Stale Docs URL in Helm Chart
- ~~Update kyuubiDefaults structure~~
- Update NOTES.txt
  - When kyuubi.kyuubiConf.kyuubiDefaults."kyuubi.frontend.bind.host" set localhost, render port-forward example  in NOTES.txt for development usage guide
- ~~Add extraFiles for config mount~~
  - ~~extraFiles for another file mount in kyuubi conf directory.~~

### _Why are the changes needed?_

Based on https://github.com/apache/kyuubi/issues/4561#issuecomment-1481026954_

> I think Helm chart notes had been wrong from this commit.

>https://github.com/apache/kyuubi/blob/dbb741fc5b0d2fd4b0640ff70ea12aca75864166/charts/kyuubi/templates/NOTES.txt#L33-L34

> Can we delete this note or update this note  if `--address` option is work like this? :
> ```suggestion
>  - To access {{ $.Release.Name }}-{{ $name | kebabcase }} service from outside the cluster for debugging, run the following > >
> command:
>     kubectl port-forward svc/{{ $.Release.Name }}-{{ $name | kebabcase }} {{ tpl $frontend.service.port $ }}:{{ tpl >?> >$frontend.service.port $ }} -n {{ $.Release.Namespace }} --address <your-ip>
> ```

~~and more changes:~~
- ~~Update `.Values.kyuubiConf.kyuubiDefaults` to dict for more variant usage in templates. (like NOTES.txt changes)~~
- ~~Add extraFiles in configmap for like mounting hive-site-xml on kyuubi config directory.~~

### _How was this patch tested?_

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4589 from phyyou/feat/helm-chart-improve.

Closes #4589

d7ee29e95 [phyyou] Fix regex when no equal sign
0b86f280a [phyyou] Update condition for edge case
4edf904f5 [phyyou] chore
aabe93ca9 [PHYYOU] Update kyuubiDefaults example guide in Helm Chart
4de896446 [phyyou] Add README.md for Kyuubi Helm Chart (It from airflow chart README.md)
abacd3277 [phyyou] Add Example Usecases in kyuubiConf
ebcb2310a [phyyou] Update empty string to nil
2533a9306 [phyyou] Revert extraFiles
56fa525a5 [phyyou] Revert kyuubiConf Structure Update Update NOTES.txt for Reverted values
966e74c50 [phyyou] fix: template => include
03d698442 [phyyou] Fix: Add EOF
e6affddf7 [phyyou] Add extraFiles for config mount
b0963fd48 [phyyou] Update NOTES.txt;
ac9766ab9 [phyyou] Update kyuubiDefaults structure
77eaa05ac [phyyou] Fix Stale Docs URL

Lead-authored-by: phyyou <gydudwls@gmail.com>
Co-authored-by: PHYYOU <34825352+phyyou@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/README.md           | 43 +++++++++++++++++++++++++++++++
 charts/kyuubi/templates/NOTES.txt |  4 +++
 charts/kyuubi/values.yaml         | 25 +++++++++++++++---
 docker/kyuubi-configmap.yaml      |  2 +-
 4 files changed, 70 insertions(+), 4 deletions(-)
 create mode 100644 charts/kyuubi/README.md

diff --git a/charts/kyuubi/README.md b/charts/kyuubi/README.md
new file mode 100644
index 000000000..ef54c3226
--- /dev/null
+++ b/charts/kyuubi/README.md
@@ -0,0 +1,43 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ -->
+
+# Helm Chart for Apache Kyuubi
+
+[Apache Kyuubi](https://airflow.apache.org/) is a distributed and multi-tenant gateway to provide serverless SQL on Data Warehouses and Lakehouses.
+
+
+## Introduction
+
+This chart will bootstrap an [Kyuubi](https://kyuubi.apache.org) deployment on a [Kubernetes](http://kubernetes.io)
+cluster using the [Helm](https://helm.sh) package manager.
+
+## Requirements
+
+- Kubernetes cluster
+- Helm 3.0+
+
+<!-- ## Features -->
+
+## Documentation
+
+Configuration guide documentation for Kyuubi lives [on the website](https://kyuubi.readthedocs.io/en/master/deployment/settings.html#kyuubi-configurations). (Not just for Helm Chart)
+
+## Contributing
+
+Want to help build Apache Kyuubi? Check out our [contributing documentation](https://kyuubi.readthedocs.io/en/master/community/CONTRIBUTING.html).
\ No newline at end of file
diff --git a/charts/kyuubi/templates/NOTES.txt b/charts/kyuubi/templates/NOTES.txt
index 0da72d0eb..2693f5ef6 100644
--- a/charts/kyuubi/templates/NOTES.txt
+++ b/charts/kyuubi/templates/NOTES.txt
@@ -30,9 +30,13 @@ In order to check the release status, use:
 {{ $name | snakecase | upper }}:
 - To access {{ $.Release.Name }}-{{ $name | kebabcase }} service within the cluster, use the following URL:
     {{ $.Release.Name }}-{{ $name | kebabcase }}.{{ $.Release.Namespace }}.svc.cluster.local
+{{- if $.Values.kyuubiConf.kyuubiDefaults }}
+{{- if regexMatch "(^|\\s)kyuubi.frontend.bind.host\\s*=?\\s*(localhost|127\\.0\\.0\\.1)($|\\s)" $.Values.kyuubiConf.kyuubiDefaults }}
 - To access {{ $.Release.Name }}-{{ $name | kebabcase }} service from outside the cluster for debugging, run the following command:
     kubectl port-forward svc/{{ $.Release.Name }}-{{ $name | kebabcase }} {{ tpl $frontend.service.port $ }}:{{ tpl $frontend.service.port $ }} -n {{ $.Release.Namespace }}
   and use 127.0.0.1:{{ tpl $frontend.service.port $ }}
+{{- end }}
+{{- end }}
 {{- if eq $frontend.service.type "NodePort" }}
 - To access {{ $.Release.Name }}-{{ $name | kebabcase }} service from outside the cluster through configured NodePort, run the following commands:
     export NODE_PORT=$(kubectl get service {{ $.Release.Name }}-{{ $name | kebabcase }} -n {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}")
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index 48d5573f8..876aa0fe4 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -101,15 +101,34 @@ server:
 kyuubiConfDir: /opt/kyuubi/conf
 kyuubiConf:
   # The value (templated string) is used for kyuubi-env.sh file
-  # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#environments for more details
+  # Example:
+  #
+  # kyuubiEnv: |
+  #   export JAVA_HOME=/usr/jdk64/jdk1.8.0_152
+  #   export SPARK_HOME=/opt/spark
+  #   export FLINK_HOME=/opt/flink
+  #   export HIVE_HOME=/opt/hive
+  #
+  # See example at conf/kyuubi-env.sh.template and https://kyuubi.readthedocs.io/en/master/deployment/settings.html#environments for more details
   kyuubiEnv: ~
 
   # The value (templated string) is used for kyuubi-defaults.conf file
-  # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#kyuubi-configurations for more details
+  # Example:
+  #
+  # kyuubiDefaults: |
+  #   kyuubi.authentication=NONE
+  #   kyuubi.frontend.bind.host=10.0.0.1
+  #   kyuubi.engine.type=SPARK_SQL
+  #   kyuubi.engine.share.level=USER
+  #   kyuubi.session.engine.initialize.timeout=PT3M
+  #   kyuubi.ha.addresses=zk1:2181,zk2:2181,zk3:2181
+  #   kyuubi.ha.namespace=kyuubi
+  #
+  # See https://kyuubi.readthedocs.io/en/master/deployment/settings.html#kyuubi-configurations for more details
   kyuubiDefaults: ~
 
   # The value (templated string) is used for log4j2.xml file
-  # See https://kyuubi.apache.org/docs/latest/deployment/settings.html#logging for more details
+  # See example at conf/log4j2.xml.template https://kyuubi.readthedocs.io/en/master/deployment/settings.html#logging for more details
   log4j2: ~
 
 # Environment variables (templated)
diff --git a/docker/kyuubi-configmap.yaml b/docker/kyuubi-configmap.yaml
index 13835493b..9b7993596 100644
--- a/docker/kyuubi-configmap.yaml
+++ b/docker/kyuubi-configmap.yaml
@@ -52,4 +52,4 @@ data:
     # kyuubi.frontend.bind.port       10009
     #
 
-    # Details in https://kyuubi.apache.org/docs/latest/deployment/settings.html
+    # Details in https://kyuubi.readthedocs.io/en/master/deployment/settings.html

From e9cb434974695bf90f8b99897c10a69555dcd655 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 24 Mar 2023 21:32:02 +0800
Subject: [PATCH 216/760] [KYUUBI #4598] Bump Flink-1.15 from 1.15.3 to 1.15.4

### _Why are the changes needed?_

- Flink 1.15.4 release note: https://flink.apache.org/2023/03/15/apache-flink-1.15.4-release-announcement/

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4598 from bowenliang123/flink-1.15.4.

Closes #4598

40ea2396f [liangbowen] bump flink-1.15 from 1.15.3 to 1.15.4

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml | 2 +-
 pom.xml                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index ddbccc0fd..b8b3f7072 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -168,7 +168,7 @@ jobs:
         include:
           - java: 8
             flink: '1.16'
-            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.15.3 -Dflink.archive.name=flink-1.15.3-bin-scala_2.12.tgz'
+            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.15.4 -Dflink.archive.name=flink-1.15.4-bin-scala_2.12.tgz'
             comment: 'verify-on-flink-1.15-binary'
     steps:
       - uses: actions/checkout@v3
diff --git a/pom.xml b/pom.xml
index e4e1aa5f7..b2b0341e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2391,7 +2391,7 @@
         <profile>
             <id>flink-1.15</id>
             <properties>
-                <flink.version>1.15.3</flink.version>
+                <flink.version>1.15.4</flink.version>
             </properties>
         </profile>
 

From cee2f00f91b6da567cffd7f241066291fac72711 Mon Sep 17 00:00:00 2001
From: Xieming LI <risyomei@gmail.com>
Date: Sat, 25 Mar 2023 11:07:02 +0800
Subject: [PATCH 217/760] [KYUUBI #4480] Engine alive probe should close thrift
 connection on engine lost

### _Why are the changes needed?_

As described in https://github.com/apache/kyuubi/issues/4457, when the backend engine becomes unresponsive,
the beeline will hang because `client.getOperationStatus(_remoteOpHandle)` in `ExecuteStatement #waitStatementComplete()` would never receive any response.

https://github.com/apache/kyuubi/blob/43309b86f1997b028e8fde5cb4e6449d818f4f73/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala#L101-L105

While the EngineAliveProbe can identify engine failure, it does not resolve the underlying issue of the thrift client waiting for a response, causing the beeline to remain unresponsive. The only way to resolve this state of suspension is by interrupting the thrift client thread.

https://github.com/apache/kyuubi/blob/3d65f2711faa5dc9173130557e2d33adab04b5c7/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala#L84

This pull request introduces a new logic to the EngineAliveProbe feature, whereby upon detecting an engine failure, it deliberately closes the thrift connection. This creates an exception that can then be handled by the error handling mechanism introduced in apache#646, thereby allowing for a graceful shutdown of the session handle.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

I am very happy to add a test case but I am not aware of how to simulate a state of unresponsive.
Otherwise, I can implement test like this:
https://github.com/apache/kyuubi/blob/43309b86f1997b028e8fde5cb4e6449d818f4f73/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala#L169

- [x] Add screenshots for manual tests if appropriate

1. Execute a query with beeline
```
$ beeline -u 'jdbc:hive2://<KyuubiServer>:10009/default?socketTimeout=60000;#spark.yarn.queue=shared' -n jpz3032 -p <password> -f test.sql
```
2. Go to ResourceManager and Identify the ApplicationMaster
<img width="2091" alt="Screenshot 2023-03-08 at 12 13 31" src="https://user-images.githubusercontent.com/4378066/223610552-6a35dc6a-891a-415b-b142-a2b104da2c1f.png">

3. ssh into the host and restart the NodeManager
```
[<user><NodeManager> ~]$ sudo -i
[root<NodeManager> :~]# /usr/sbin/reboot
Connection to <NodeManager>  closed by remote host.
Connection to <NodeManager>  closed.
```
4. Check the kyuubi server log: the session is terminated with error
```
2023-03-14 10:56:10.330 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[4b23657a-cacb-4ead-8abd-50920dd73de9] in RUNNING_STATE
2023-03-14 10:56:15.332 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[4b23657a-cacb-4ead-8abd-50920dd73de9] in RUNNING_STATE
2023-03-14 10:56:20.333 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[4b23657a-cacb-4ead-8abd-50920dd73de9] in RUNNING_STATE
```
After 3 consecutive alive probe fails, Engine is marked dead.
```
2023-03-14 10:56:40.089 WARN org.apache.kyuubi.client.KyuubiSyncThriftClient: The engine[Some(application_1676285123186_0447)] alive probe fails
org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.readLength(TSaslTransport.java:376) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.readFrame(TSaslTransport.java:453) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.read(TSaslTransport.java:435) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslClientTransport.read(TSaslClientTransport.java:37) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:77) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.recv_GetInfo(TCLIService.java:222) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.GetInfo(TCLIService.java:209) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.$anonfun$run$1(KyuubiSyncThriftClient.scala:93) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.$anonfun$run$1$adapted(KyuubiSyncThriftClient.scala:87) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at scala.Option.foreach(Option.scala:407) ~[scala-library-2.12.17.jar:?]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.run(KyuubiSyncThriftClient.scala:87) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:1.8.0_362]
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) ~[?:1.8.0_362]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) ~[?:1.8.0_362]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_362]
        at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_362]
Caused by: java.net.SocketTimeoutException: Read timed out
        at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_362]
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_362]
        at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[?:1.8.0_362]
        at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345) ~[?:1.8.0_362]
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127) ~[libthrift-0.9.3.jar:0.9.3]
        ... 23 more
2023-03-14 10:57:00.100 WARN org.apache.kyuubi.client.KyuubiSyncThriftClient: The engine[Some(application_1676285123186_0447)] alive probe fails
org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.readLength(TSaslTransport.java:376) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.readFrame(TSaslTransport.java:453) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.read(TSaslTransport.java:435) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslClientTransport.read(TSaslClientTransport.java:37) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:77) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.recv_GetInfo(TCLIService.java:222) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.GetInfo(TCLIService.java:209) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.$anonfun$run$1(KyuubiSyncThriftClient.scala:93) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.$anonfun$run$1$adapted(KyuubiSyncThriftClient.scala:87) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at scala.Option.foreach(Option.scala:407) ~[scala-library-2.12.17.jar:?]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.run(KyuubiSyncThriftClient.scala:87) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:1.8.0_362]
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) ~[?:1.8.0_362]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) ~[?:1.8.0_362]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_362]
        at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_362]
Caused by: java.net.SocketTimeoutException: Read timed out
        at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_362]
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_362]
        at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[?:1.8.0_362]
        at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345) ~[?:1.8.0_362]
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127) ~[libthrift-0.9.3.jar:0.9.3]
        ... 23 more
2023-03-14 10:57:20.111 WARN org.apache.kyuubi.client.KyuubiSyncThriftClient: The engine[Some(application_1676285123186_0447)] alive probe fails
org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.readLength(TSaslTransport.java:376) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.readFrame(TSaslTransport.java:453) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslTransport.read(TSaslTransport.java:435) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TSaslClientTransport.read(TSaslClientTransport.java:37) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:77) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.recv_GetInfo(TCLIService.java:222) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.GetInfo(TCLIService.java:209) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.$anonfun$run$1(KyuubiSyncThriftClient.scala:93) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.$anonfun$run$1$adapted(KyuubiSyncThriftClient.scala:87) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at scala.Option.foreach(Option.scala:407) ~[scala-library-2.12.17.jar:?]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient$$anon$1.run(KyuubiSyncThriftClient.scala:87) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:1.8.0_362]
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) ~[?:1.8.0_362]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) ~[?:1.8.0_362]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_362]
        at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_362]
Caused by: java.net.SocketTimeoutException: Read timed out
        at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_362]
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_362]
        at java.net.SocketInputStream.read(SocketInputStream.java:171) ~[?:1.8.0_362]
        at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) ~[?:1.8.0_362]
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345) ~[?:1.8.0_362]
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127) ~[libthrift-0.9.3.jar:0.9.3]
        ... 23 more
2023-03-14 10:57:20.112 ERROR org.apache.kyuubi.client.KyuubiSyncThriftClient: Mark the engine[Some(application_1676285123186_0447)] not alive with no recent alive probe success: 60034 ms exceeds timeout 60000 ms
```
Now force closing the thrift client to generate an exception.
```
2023-03-14 10:58:10.112 WARN org.apache.kyuubi.client.KyuubiSyncThriftClient: Removing Clients for TSessionHandle(sessionId:THandleIdentifier(guid:10 94 8A 85 00 DD 43 5D 85 58 91 84 61 81 A5 A4, secret:C2 EE 5B 97 3E A0 41 FC AC 16 9B D7 08 ED 8F 38))
2023-03-14 10:58:10.114 INFO org.apache.kyuubi.operation.ExecuteStatement: Processing jpz3032's query[4b23657a-cacb-4ead-8abd-50920dd73de9]: RUNNING_STATE -> ERROR_STATE, time taken: 139.861 seconds
2023-03-14 10:58:10.119 WARN org.apache.kyuubi.operation.ExecuteStatement: Error closing THandleIdentifier(guid:65 95 B2 11 0C F1 45 7E B4 0B F8 D3 21 26 C1 05, secret:C2 EE 5B 97 3E A0 41 FC AC 16 9B D7 08 ED 8F 38): connection does not exist
org.apache.kyuubi.KyuubiSQLException: connection does not exist
        at org.apache.kyuubi.KyuubiSQLException$.connectionDoesNotExist(KyuubiSQLException.scala:90) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.withLockAcquired(KyuubiSyncThriftClient.scala:139) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.withLockAcquiredAsyncRequest(KyuubiSyncThriftClient.scala:145) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.closeOperation(KyuubiSyncThriftClient.scala:393) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.operation.KyuubiOperation.liftedTree3$1(KyuubiOperation.scala:136) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.operation.KyuubiOperation.close(KyuubiOperation.scala:135) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.operation.OperationManager.closeOperation(OperationManager.scala:126) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.session.AbstractSession.$anonfun$closeOperation$1(AbstractSession.scala:224) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[scala-library-2.12.17.jar:?]
        at org.apache.kyuubi.session.AbstractSession.withAcquireRelease(AbstractSession.scala:82) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.session.AbstractSession.closeOperation(AbstractSession.scala:222) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.service.AbstractBackendService.closeOperation(AbstractBackendService.scala:188) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.server.KyuubiServer$$anon$1.org$apache$kyuubi$server$BackendServiceMetric$$super$closeOperation(KyuubiServer.scala:138) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.server.BackendServiceMetric.$anonfun$closeOperation$1(BackendServiceMetric.scala:169) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[scala-library-2.12.17.jar:?]
        at org.apache.kyuubi.metrics.MetricsSystem$.timerTracing(MetricsSystem.scala:111) ~[kyuubi-metrics_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.server.BackendServiceMetric.closeOperation(BackendServiceMetric.scala:169) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.server.BackendServiceMetric.closeOperation$(BackendServiceMetric.scala:167) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.server.KyuubiServer$$anon$1.closeOperation(KyuubiServer.scala:138) ~[kyuubi-server_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.kyuubi.service.TFrontendService.CloseOperation(TFrontendService.scala:498) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.hive.service.rpc.thrift.TCLIService$Processor$CloseOperation.getResult(TCLIService.java:1797) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Processor$CloseOperation.getResult(TCLIService.java:1782) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.kyuubi.service.authentication.TSetIpAddressProcessor.process(TSetIpAddressProcessor.scala:36) ~[kyuubi-common_2.12-1.7.0-SNAPSHOT.jar:1.7.0-SNAPSHOT]
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286) ~[libthrift-0.9.3.jar:0.9.3]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_362]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_362]
        at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_362]
2023-03-14 10:58:10.130 INFO org.apache.kyuubi.server.KyuubiTBinaryFrontendService: Received request of closing SessionHandle [7c5bd429-49a2-46c2-ba50-02825140e4c6]
2023-03-14 10:58:10.130 INFO org.apache.kyuubi.session.KyuubiSessionManager: jpz3032's session with SessionHandle [7c5bd429-49a2-46c2-ba50-02825140e4c6] is closed, current opening sessions 0
2023-03-14 10:58:10.131 INFO org.apache.kyuubi.server.KyuubiTBinaryFrontendService: Finished closing SessionHandle [7c5bd429-49a2-46c2-ba50-02825140e4c6]
```

5. Beeline Logs
Beeline finished with errors (as expected)

```
2023-03-14 10:56:15.332 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[4b23657a-cacb-4ead-8abd-50920dd73de9] in RUNNING_STATE
2023-03-14 10:56:20.333 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[4b23657a-cacb-4ead-8abd-50920dd73de9] in RUNNING_STATE
2023-03-14 10:58:10.114 INFO org.apache.kyuubi.operation.ExecuteStatement: Processing jpz3032's query[4b23657a-cacb-4ead-8abd-50920dd73de9]: RUNNING_STATE -> ERROR_STATE, time taken: 139.861 seconds
Error: org.apache.kyuubi.KyuubiSQLException: Error operating ExecuteStatement: org.apache.thrift.transport.TTransportException: java.net.SocketException: Socket closed
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129)
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
        at org.apache.thrift.transport.TSaslTransport.readLength(TSaslTransport.java:376)
        at org.apache.thrift.transport.TSaslTransport.readFrame(TSaslTransport.java:453)
        at org.apache.thrift.transport.TSaslTransport.read(TSaslTransport.java:435)
        at org.apache.thrift.transport.TSaslClientTransport.read(TSaslClientTransport.java:37)
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
        at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429)
        at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318)
        at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:77)
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.recv_GetOperationStatus(TCLIService.java:475)
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.GetOperationStatus(TCLIService.java:462)
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.$anonfun$getOperationStatus$1(KyuubiSyncThriftClient.scala:377)
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.$anonfun$withLockAcquiredAsyncRequest$2(KyuubiSyncThriftClient.scala:151)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:750)
Caused by: java.net.SocketException: Socket closed
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
        at java.net.SocketInputStream.read(SocketInputStream.java:171)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
        ... 20 more

        at org.apache.kyuubi.KyuubiSQLException$.apply(KyuubiSQLException.scala:69)
        at org.apache.kyuubi.operation.KyuubiOperation$$anonfun$onError$1.applyOrElse(KyuubiOperation.scala:76)
        at org.apache.kyuubi.operation.KyuubiOperation$$anonfun$onError$1.applyOrElse(KyuubiOperation.scala:57)
        at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:38)
        at org.apache.kyuubi.operation.ExecuteStatement.waitStatementComplete(ExecuteStatement.scala:144)
        at org.apache.kyuubi.operation.ExecuteStatement.$anonfun$runInternal$1(ExecuteStatement.scala:161)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:750)
Caused by: org.apache.thrift.transport.TTransportException: java.net.SocketException: Socket closed
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129)
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
        at org.apache.thrift.transport.TSaslTransport.readLength(TSaslTransport.java:376)
        at org.apache.thrift.transport.TSaslTransport.readFrame(TSaslTransport.java:453)
        at org.apache.thrift.transport.TSaslTransport.read(TSaslTransport.java:435)
        at org.apache.thrift.transport.TSaslClientTransport.read(TSaslClientTransport.java:37)
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
        at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429)
        at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318)
        at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:77)
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.recv_GetOperationStatus(TCLIService.java:475)
        at org.apache.hive.service.rpc.thrift.TCLIService$Client.GetOperationStatus(TCLIService.java:462)
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.$anonfun$getOperationStatus$1(KyuubiSyncThriftClient.scala:377)
        at org.apache.kyuubi.client.KyuubiSyncThriftClient.$anonfun$withLockAcquiredAsyncRequest$2(KyuubiSyncThriftClient.scala:151)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        ... 3 more
Caused by: java.net.SocketException: Socket closed
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
        at java.net.SocketInputStream.read(SocketInputStream.java:171)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
        ... 20 more (state=,code=0)
Closing: 0: jdbc:hive2://lndcndevms1510.nhnjp.ism:10009/default?socketTimeout=60000;#spark.yarn.queue=shared
```

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

The kyuubi-server suite wasn't working even before this PR.

Closes #4480 from risyomei/feature/kill-when-engine-fail.

Closes #4480

f61102274 [risyomei] Fixed Test messages(3)
3ed6886f1 [risyomei] Fixed Test messages(2)
30675d088 [risyomei] Fixed Test messages
d80cfcb45 [Xieming LI] Merge remote-tracking branch 'origin/master' into feature/kill-when-engine-fail
3b320e1e2 [Xieming LI] Make sure thread is shut down
5ee9ddf5e [Xieming LI] Commit for work
8c854cc6d [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
564e09cf6 [Xieming LI] Fixed based on Comment
ae1a02552 [Xieming LI] Fixed unused import
1b50a5986 [Xieming LI] rebase origin/master
d9f9e3c93 [Xieming LI] Optimized logic based on PR comment
a5422855f [Xieming LI] Fixe based on comment
04b9ff3a3 [Xieming LI] Added an option to kill the thrift connection when Engine is considered dead
3571d68fd [Xieming LI] Fixe based on comment
e40fcfcd4 [Xieming LI] Added an option to kill the thrift connection when Engine is considered dead

Lead-authored-by: Xieming LI <risyomei@gmail.com>
Co-authored-by: risyomei <risyomei@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/client/KyuubiSyncThriftClient.scala     | 14 ++++++++++++++
 .../operation/KyuubiOperationPerUserSuite.scala    |  6 ++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index 12a4c824c..8b8561fa9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -59,6 +59,7 @@ class KyuubiSyncThriftClient private (
 
   @volatile private var _aliveProbeSessionHandle: TSessionHandle = _
   @volatile private var remoteEngineBroken: Boolean = false
+  @volatile private var clientClosedOnEngineBroken: Boolean = false
   private val engineAliveProbeClient = engineAliveProbeProtocol.map(new TCLIService.Client(_))
   private var engineAliveThreadPool: ScheduledExecutorService = _
   @volatile private var engineLastAlive: Long = _
@@ -109,6 +110,18 @@ class KyuubiSyncThriftClient private (
           }
         } else {
           shutdownAsyncRequestExecutor()
+          warn(s"Removing Clients for ${_remoteSessionHandle}")
+          Seq(protocol).union(engineAliveProbeProtocol.toSeq).foreach { tProtocol =>
+            Utils.tryLogNonFatalError {
+              if (tProtocol.getTransport.isOpen) {
+                tProtocol.getTransport.close()
+              }
+            }
+            clientClosedOnEngineBroken = true
+            Option(engineAliveThreadPool).foreach { pool =>
+              ThreadUtils.shutdown(pool, Duration(engineAliveProbeInterval, TimeUnit.MILLISECONDS))
+            }
+          }
         }
       }
     }
@@ -199,6 +212,7 @@ class KyuubiSyncThriftClient private (
   }
 
   def closeSession(): Unit = {
+    if (clientClosedOnEngineBroken) return
     try {
       if (_remoteSessionHandle != null) {
         val req = new TCloseSessionReq(_remoteSessionHandle)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 40bb165b8..21bf56b4f 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -200,9 +200,11 @@ class KyuubiOperationPerUserSuite
         val executeStmtResp = client.ExecuteStatement(executeStmtReq)
         assert(executeStmtResp.getStatus.getStatusCode === TStatusCode.ERROR_STATUS)
         assert(executeStmtResp.getStatus.getErrorMessage.contains(
-          "java.net.SocketException: Connection reset") ||
+          "java.net.SocketException") ||
           executeStmtResp.getStatus.getErrorMessage.contains(
-            "Caused by: java.net.SocketException: Broken pipe (Write failed)"))
+            "org.apache.thrift.transport.TTransportException") ||
+          executeStmtResp.getStatus.getErrorMessage.contains(
+            "connection does not exist"))
         val elapsedTime = System.currentTimeMillis() - startTime
         assert(elapsedTime < 20 * 1000)
         assert(session.client.asyncRequestInterrupted)

From 8a526ced4ab3b02d84bc532c43aac1426fc2f5fa Mon Sep 17 00:00:00 2001
From: "guanhua.lgh" <guanhua.lgh@alibaba-inc.com>
Date: Sun, 26 Mar 2023 18:11:48 +0800
Subject: [PATCH 218/760] [KYUUBI #4608] [DOCS] Rename Flink Table Store to
 Apache Paimon (Incubating)  in docs `Connectors for Trino SQL Query Engine`

### _Why are the changes needed?_

To update docs.
This PR is tot rename Flink Table Store to Apache Paimon (Incubating)  in docs under `Connectors for Trino SQL Query Engine`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4608 from huage1994/docs2.

Closes #4608

61926b7c0 [guanhua.lgh] [DOCS] Rename Flink Table Store to Apache Paimon (Incubating)  in docs under `Connectors for Trino SQL Query Engine`

Authored-by: guanhua.lgh <guanhua.lgh@alibaba-inc.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/connector/trino/flink_table_store.rst | 94 ----------------------
 docs/connector/trino/index.rst             |  2 +-
 docs/connector/trino/paimon.rst            | 92 +++++++++++++++++++++
 3 files changed, 93 insertions(+), 95 deletions(-)
 delete mode 100644 docs/connector/trino/flink_table_store.rst
 create mode 100644 docs/connector/trino/paimon.rst

diff --git a/docs/connector/trino/flink_table_store.rst b/docs/connector/trino/flink_table_store.rst
deleted file mode 100644
index 8dd0c4061..000000000
--- a/docs/connector/trino/flink_table_store.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-.. Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-..    http://www.apache.org/licenses/LICENSE-2.0
-
-.. Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-`Flink Table Store`_
-==========
-
-Flink Table Store is a unified storage to build dynamic tables for both streaming and batch processing in Flink,
-supporting high-speed data ingestion and timely data query.
-
-.. tip::
-   This article assumes that you have mastered the basic knowledge and operation of `Flink Table Store`_.
-   For the knowledge about Flink Table Store not mentioned in this article,
-   you can obtain it from its `Official Documentation`_.
-
-By using kyuubi, we can run SQL queries towards Flink Table Store which is more
-convenient, easy to understand, and easy to expand than directly using
-trino to manipulate Flink Table Store.
-
-Flink Table Store Integration
--------------------
-
-To enable the integration of kyuubi trino sql engine and Flink Table Store, you need to:
-
-- Referencing the Flink Table Store :ref:`dependencies<trino-flink-table-store-deps>`
-- Setting the trino extension and catalog :ref:`configurations<trino-flink-table-store-conf>`
-
-.. _trino-flink-table-store-deps:
-
-Dependencies
-************
-
-The **classpath** of kyuubi trino sql engine with Flink Table Store supported consists of
-
-1. kyuubi-trino-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
-2. a copy of trino distribution
-3. flink-table-store-trino-<version>.jar (example: flink-table-store-trino-0.2.jar), which code can be found in the `Source Code`_
-4. flink-shaded-hadoop-2-uber-2.8.3-10.0.jar, which code can be found in the `Pre-bundled Hadoop 2.8.3`_
-
-In order to make the Flink Table Store packages visible for the runtime classpath of engines, we can use these methods:
-
-1. Build the flink-table-store-trino-<version>.jar by reference to `Flink Table Store Trino README`_
-2. Put the flink-table-store-trino-<version>.jar and flink-shaded-hadoop-2-uber-2.8.3-10.0.jar packages into ``$TRINO_SERVER_HOME/plugin/tablestore`` directly
-
-.. warning::
-   Please mind the compatibility of different Flink Table Store and Trino versions, which can be confirmed on the page of `Flink Table Store multi engine support`_.
-
-.. _trino-flink-table-store-conf:
-
-Configurations
-**************
-
-To activate functionality of Flink Table Store, we can set the following configurations:
-
-Catalogs are registered by creating a catalog properties file in the $TRINO_SERVER_HOME/etc/catalog directory.
-For example, create $TRINO_SERVER_HOME/etc/catalog/tablestore.properties with the following contents to mount the tablestore connector as the tablestore catalog:
-
-.. code-block:: properties
-
-   connector.name=tablestore
-   warehouse=file:///tmp/warehouse
-
-Flink Table Store Operations
-------------------
-
-Flink Table Store supports reading table store tables through Trino.
-A common scenario is to write data with Flink and read data with Trino.
-You can follow this document `Flink Table Store Quick Start`_  to write data to a table store table
-and then use kyuubi trino sql engine to query the table with the following SQL ``SELECT`` statement.
-
-
-.. code-block:: sql
-
-   SELECT * FROM tablestore.default.t1
-
-
-.. _Flink Table Store: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Flink Table Store Quick Start: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/try-table-store/quick-start/
-.. _Official Documentation: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Source Code: https://github.com/JingsongLi/flink-table-store-trino
-.. _Flink Table Store multi engine support: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/engines/overview/
-.. _Pre-bundled Hadoop 2.8.3: https://repo.maven.apache.org/maven2/org/apache/flink/flink-shaded-hadoop-2-uber/2.8.3-10.0/flink-shaded-hadoop-2-uber-2.8.3-10.0.jar
-.. _Flink Table Store Trino README: https://github.com/JingsongLi/flink-table-store-trino#readme
diff --git a/docs/connector/trino/index.rst b/docs/connector/trino/index.rst
index f5d651d45..290966a5c 100644
--- a/docs/connector/trino/index.rst
+++ b/docs/connector/trino/index.rst
@@ -19,6 +19,6 @@ Connectors For Trino SQL Engine
 .. toctree::
     :maxdepth: 2
 
-    flink_table_store
+    paimon
     hudi
     iceberg
\ No newline at end of file
diff --git a/docs/connector/trino/paimon.rst b/docs/connector/trino/paimon.rst
new file mode 100644
index 000000000..5ac892234
--- /dev/null
+++ b/docs/connector/trino/paimon.rst
@@ -0,0 +1,92 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+`Apache Paimon (Incubating)`_
+==========
+
+Apache Paimon(incubating) is a streaming data lake platform that supports high-speed data ingestion, change data tracking and efficient real-time analytics.
+
+.. tip::
+   This article assumes that you have mastered the basic knowledge and operation of `Apache Paimon (Incubating)`_.
+   For the knowledge about Apache Paimon (Incubating) not mentioned in this article,
+   you can obtain it from its `Official Documentation`_.
+
+By using kyuubi, we can run SQL queries towards Apache Paimon (Incubating) which is more
+convenient, easy to understand, and easy to expand than directly using
+trino to manipulate Apache Paimon (Incubating).
+
+Apache Paimon (Incubating) Integration
+-------------------
+
+To enable the integration of kyuubi trino sql engine and Apache Paimon (Incubating), you need to:
+
+- Referencing the Apache Paimon (Incubating) :ref:`dependencies<trino-paimon-deps>`
+- Setting the trino extension and catalog :ref:`configurations<trino-paimon-conf>`
+
+.. _trino-paimon-deps:
+
+Dependencies
+************
+
+The **classpath** of kyuubi trino sql engine with Apache Paimon (Incubating) supported consists of
+
+1. kyuubi-trino-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
+2. a copy of trino distribution
+3. paimon-trino-<version>.jar (example: paimon-trino-0.2.jar), which code can be found in the `Source Code`_
+4. flink-shaded-hadoop-2-uber-<version>.jar, which code can be found in the `Pre-bundled Hadoop`_
+
+In order to make the Apache Paimon (Incubating) packages visible for the runtime classpath of engines, you need to:
+
+1. Build the paimon-trino-<version>.jar by reference to `Apache Paimon (Incubating) Trino README`_
+2. Put the paimon-trino-<version>.jar and flink-shaded-hadoop-2-uber-<version>.jar packages into ``$TRINO_SERVER_HOME/plugin/tablestore`` directly
+
+.. warning::
+   Please mind the compatibility of different Apache Paimon (Incubating) and Trino versions, which can be confirmed on the page of `Apache Paimon (Incubating) multi engine support`_.
+
+.. _trino-paimon-conf:
+
+Configurations
+**************
+
+To activate functionality of Apache Paimon (Incubating), we can set the following configurations:
+
+Catalogs are registered by creating a catalog properties file in the $TRINO_SERVER_HOME/etc/catalog directory.
+For example, create $TRINO_SERVER_HOME/etc/catalog/tablestore.properties with the following contents to mount the tablestore connector as the tablestore catalog:
+
+.. code-block:: properties
+
+   connector.name=tablestore
+   warehouse=file:///tmp/warehouse
+
+Apache Paimon (Incubating) Operations
+------------------
+
+Apache Paimon (Incubating) supports reading table store tables through Trino.
+A common scenario is to write data with Spark or Flink and read data with Trino.
+You can follow this document `Apache Paimon (Incubating) Engines Flink Quick Start`_  to write data to a table store table
+and then use kyuubi trino sql engine to query the table with the following SQL ``SELECT`` statement.
+
+
+.. code-block:: sql
+
+   SELECT * FROM tablestore.default.t1
+
+.. _Apache Paimon (Incubating): https://paimon.apache.org/
+.. _Apache Paimon (Incubating) multi engine support: https://paimon.apache.org/docs/master/engines/overview/
+.. _Apache Paimon (Incubating) Engines Flink Quick Start: https://paimon.apache.org/docs/master/engines/flink/#quick-start
+.. _Official Documentation: https://paimon.apache.org/docs/master/
+.. _Source Code: https://github.com/JingsongLi/paimon-trino
+.. _Pre-bundled Hadoop: https://flink.apache.org/downloads/#additional-components
+.. _Apache Paimon (Incubating) Trino README: https://github.com/JingsongLi/paimon-trino#readme

From 5289d1c2d8e48105dad1e7b1f29c126f2ca19975 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Sun, 26 Mar 2023 18:19:46 +0800
Subject: [PATCH 219/760] [KYUUBI #4605] [K8S][HELM] Set IfNotPresent
 pullPolicy by default

### _Why are the changes needed?_
The change is needed to avoid pulling immutable image `apache/kyuubi:1.7.0` from image registry each time pod created.
Current `pullPolicy: Always` was important when mutable image `apache/kyuubi:master-snapshot` was used.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4605 from dnskr/chart_pullPolicy.

Closes #4605

0f323ab46 [dnskr] [K8S][HELM] Set IfNotPresent pullPolicy by default

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index 876aa0fe4..e2a59bc91 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -24,7 +24,7 @@ replicaCount: 2
 
 image:
   repository: apache/kyuubi
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
   tag: ~
 
 imagePullSecrets: []

From e6aab78f65a4badab6ffaea693e8e615284b8688 Mon Sep 17 00:00:00 2001
From: "guanhua.lgh" <guanhua.lgh@alibaba-inc.com>
Date: Sun, 26 Mar 2023 18:30:22 +0800
Subject: [PATCH 220/760] [KYUUBI #4607]  [DOCS] Rename Flink Table Store to
 Apache Paimon (Incubating) in docs `Connectors for Hive SQL Query Engine`

### _Why are the changes needed?_

To update docs.
Rename Flink Table Store to Apache Paimon (Incubating) and update in docs under `Connectors for Hive SQL Query Engine` .

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4607 from huage1994/docss.

Closes #4607

695d83772 [guanhua.lgh]  [DOCS] Rename Flink Table Store to Apache Paimon (Incubating) and update in docs under  `Connectors for Hive SQL Query Engine`

Authored-by: guanhua.lgh <guanhua.lgh@alibaba-inc.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/connector/hive/index.rst                 |  2 +-
 .../{flink_table_store.rst => paimon.rst}     | 53 +++++++++----------
 2 files changed, 27 insertions(+), 28 deletions(-)
 rename docs/connector/hive/{flink_table_store.rst => paimon.rst} (52%)

diff --git a/docs/connector/hive/index.rst b/docs/connector/hive/index.rst
index 961e1bc8b..d96f8b041 100644
--- a/docs/connector/hive/index.rst
+++ b/docs/connector/hive/index.rst
@@ -19,5 +19,5 @@ Connectors for Hive SQL Query Engine
 .. toctree::
     :maxdepth: 2
 
-    flink_table_store
+    paimon
     iceberg
diff --git a/docs/connector/hive/flink_table_store.rst b/docs/connector/hive/paimon.rst
similarity index 52%
rename from docs/connector/hive/flink_table_store.rst
rename to docs/connector/hive/paimon.rst
index 893262189..000d2d7e8 100644
--- a/docs/connector/hive/flink_table_store.rst
+++ b/docs/connector/hive/paimon.rst
@@ -13,30 +13,29 @@
    See the License for the specific language governing permissions and
    limitations under the License.
 
-`Flink Table Store`_
+`Apache Paimon (Incubating)`_
 ==========
 
-Flink Table Store is a unified storage to build dynamic tables for both streaming and batch processing in Flink,
-supporting high-speed data ingestion and timely data query.
+Apache Paimon(incubating) is a streaming data lake platform that supports high-speed data ingestion, change data tracking and efficient real-time analytics.
 
 .. tip::
-   This article assumes that you have mastered the basic knowledge and operation of `Flink Table Store`_.
-   For the knowledge about Flink Table Store not mentioned in this article,
+   This article assumes that you have mastered the basic knowledge and operation of `Apache Paimon (Incubating)`_.
+   For the knowledge about Apache Paimon (Incubating) not mentioned in this article,
    you can obtain it from its `Official Documentation`_.
 
-By using Kyuubi, we can run SQL queries towards Flink Table Store which is more
+By using Kyuubi, we can run SQL queries towards Apache Paimon (Incubating) which is more
 convenient, easy to understand, and easy to expand than directly using
-Hive to manipulate Flink Table Store.
+Hive to manipulate Apache Paimon (Incubating).
 
-Flink Table Store Integration
+Apache Paimon (Incubating) Integration
 -------------------
 
-To enable the integration of kyuubi flink sql engine and Flink Table Store, you need to:
+To enable the integration of kyuubi hive sql engine and Apache Paimon (Incubating), you need to:
 
-- Referencing the Flink Table Store :ref:`dependencies<hive-flink-table-store-deps>`
-- Setting the environment variable :ref:`configurations<hive-flink-table-store-conf>`
+- Referencing the Apache Paimon (Incubating) :ref:`dependencies<hive-paimon-deps>`
+- Setting the environment variable :ref:`configurations<hive-paimon-conf>`
 
-.. _hive-flink-table-store-deps:
+.. _hive-paimon-deps:
 
 Dependencies
 ************
@@ -45,37 +44,37 @@ The **classpath** of kyuubi hive sql engine with Iceberg supported consists of
 
 1. kyuubi-hive-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
 2. a copy of hive distribution
-3. flink-table-store-hive-connector-<flink-table-store.version>_<hive.binary.version>.jar (example: flink-table-store-hive-connector-0.4.0_3.1.jar), which can be found in the `Installation Table Store in Hive`_
+3. paimon-hive-connector-<hive.binary.version>-<paimon.version>.jar (example: paimon-hive-connector-3.1-0.4-SNAPSHOT.jar), which can be found in the `Apache Paimon (Incubating) Supported Engines Hive`_
 
 In order to make the Hive packages visible for the runtime classpath of engines, we can use one of these methods:
 
-1. You can create an auxlib folder under the root directory of Hive, and copy flink-table-store-hive-connector-0.4.0_3.1.jar into auxlib.
+1. You can create an auxlib folder under the root directory of Hive, and copy paimon-hive-connector-3.1-<paimon.version>.jar into auxlib.
 2. Execute ADD JAR statement in the Kyuubi to add dependencies to Hive’s auxiliary classpath. For example:
 
 .. code-block:: sql
 
-   ADD JAR /path/to/flink-table-store-hive-connector-0.4.0_3.1.jar;
+   ADD JAR /path/to/paimon-hive-connector-3.1-<paimon.version>.jar;
 
 .. warning::
     The second method is not recommended. If you’re using the MR execution engine and running a join statement, you may be faced with the exception
     ``org.apache.hive.com.esotericsoftware.kryo.kryoexception: unable to find class.``
 
 .. warning::
-   Please mind the compatibility of different Flink Table Store and Hive versions, which can be confirmed on the page of `Flink Table Store multi engine support`_.
+   Please mind the compatibility of different Apache Paimon (Incubating) and Hive versions, which can be confirmed on the page of `Apache Paimon (Incubating) multi engine support`_.
 
-.. _hive-flink-table-store-conf:
+.. _hive-paimon-conf:
 
 Configurations
 **************
 
 If you are using HDFS, make sure that the environment variable HADOOP_HOME or HADOOP_CONF_DIR is set.
 
-Flink Table Store  Operations
+Apache Paimon (Incubating)  Operations
 ------------------
 
-Flink Table Store only supports only reading table store tables through Hive.
-A common scenario is to write data with Flink and read data with Hive.
-You can follow this document `Flink Table Store Quick Start`_  to write data to a table store table
+Apache Paimon (Incubating) only supports only reading table store tables through Hive.
+A common scenario is to write data with Spark or Flink and read data with Hive.
+You can follow this document `Apache Paimon (Incubating) Quick Start with Paimon Hive Catalog`_  to write data to a table which can also be accessed directly from Hive.
 and then use Kyuubi Hive SQL engine to query the table with the following SQL ``SELECT`` statement.
 
 Taking ``Query Data`` as an example,
@@ -89,13 +88,13 @@ Taking ``Query External Table`` as an example,
 .. code-block:: sql
 
     CREATE EXTERNAL TABLE external_test_table
-    STORED BY 'org.apache.flink.table.store.hive.TableStoreHiveStorageHandler'
+    STORED BY 'org.apache.paimon.hive.PaimonStorageHandler'
     LOCATION '/path/to/table/store/warehouse/default.db/test_table';
 
     SELECT a, b FROM test_table ORDER BY a;
 
-.. _Flink Table Store: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Flink Table Store Quick Start: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/try-table-store/quick-start/
-.. _Official Documentation: https://nightlies.apache.org/flink/flink-table-store-docs-release-0.4/docs/engines/hive/
-.. _Installation Table Store in Hive: https://nightlies.apache.org/flink/flink-table-store-docs-release-0.4/docs/engines/hive/#installation
-.. _Flink Table Store multi engine support: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/engines/overview/
+.. _Apache Paimon (Incubating): https://paimon.apache.org/
+.. _Official Documentation: https://paimon.apache.org/docs/master/
+.. _Apache Paimon (Incubating) Quick Start with Paimon Hive Catalog: https://paimon.apache.org/docs/master/engines/hive/#quick-start-with-paimon-hive-catalog
+.. _Apache Paimon (Incubating) Supported Engines Hive: https://paimon.apache.org/docs/master/engines/hive/
+.. _Apache Paimon (Incubating) multi engine support: https://paimon.apache.org/docs/master/engines/overview/

From 9d2b82b27529519b7e914387609e467a2c9177d6 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 26 Mar 2023 18:43:20 +0800
Subject: [PATCH 221/760] [KYUUBI #4600] Bump Iceberg 1.2.0 for playground

### _Why are the changes needed?_

Bump Iceberg 1.2.0 for playground

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4600 from pan3793/playground-iceberg.

Closes #4600

064828102 [Cheng Pan] Bump Iceberg 1.2.0 for playground

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docker/playground/.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/playground/.env b/docker/playground/.env
index d03cdddff..b4cff0b05 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -18,7 +18,7 @@
 AWS_JAVA_SDK_VERSION=1.12.239
 HADOOP_VERSION=3.3.1
 HIVE_VERSION=2.3.9
-ICEBERG_VERSION=1.1.0
+ICEBERG_VERSION=1.2.0
 KYUUBI_VERSION=1.7.0
 KYUUBI_HADOOP_VERSION=3.3.4
 POSTGRES_VERSION=12

From 76448490b2fd549825b715c3ea429e20b1d7b24a Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 26 Mar 2023 18:44:37 +0800
Subject: [PATCH 222/760] [KYUUBI #4601] Bump Hadoop 3.3.5 for playground

### _Why are the changes needed?_

Hadoop 3.3.5 brings back ARM64 support.
https://www.mail-archive.com/common-devhadoop.apache.org/msg39131.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4601 from pan3793/playground-hadoop.

Closes #4601

765def7a5 [Cheng Pan] Bump Hadoop 3.3.5 for playground

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docker/playground/.env | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/playground/.env b/docker/playground/.env
index b4cff0b05..ea2145511 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -15,8 +15,8 @@
 # limitations under the License.
 #
 
-AWS_JAVA_SDK_VERSION=1.12.239
-HADOOP_VERSION=3.3.1
+AWS_JAVA_SDK_VERSION=1.12.316
+HADOOP_VERSION=3.3.5
 HIVE_VERSION=2.3.9
 ICEBERG_VERSION=1.2.0
 KYUUBI_VERSION=1.7.0

From 5e541fa09f92ea8b8ac637e71d1ce0adff1f6f3f Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 26 Mar 2023 20:07:02 +0800
Subject: [PATCH 223/760] [KYUUBI #4599] [DOCS] Simplify project version
 evaluation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

`build/mvn` is slow than `grep`, the change is aim to simplify and speed up the project version evaluation in `docs/conf.py`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

```
(apache-kyuubi) ➜  docs git:(doc-beeline) ✗ python
Python 3.8.12 (default, Sep 17 2021, 20:21:14)
[Clang 12.0.0 (clang-1200.0.32.29)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> subprocess.getoutput("grep 'kyuubi-parent' -C1 ../pom.xml | grep '<version>' | awk -F '[<>]' '{print $3}'")
'1.8.0-SNAPSHOT'
>>>
```

Closes #4599 from pan3793/doc-version.

Closes #4599

7458aef5b [Cheng Pan] [DOCS] Simplify project version calculation

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/conf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/conf.py b/docs/conf.py
index 3df98c6e3..dcf038314 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -64,7 +64,7 @@
 author = 'Apache Kyuubi Community'
 
 # The full version, including alpha/beta/rc tags
-release = subprocess.getoutput("cd .. && build/mvn help:evaluate -Dexpression=project.version|grep -v Using|grep -v INFO|grep -v WARNING|tail -n 1").split('\n')[-1]
+release = subprocess.getoutput("grep 'kyuubi-parent' -C1 ../pom.xml | grep '<version>' | awk -F '[<>]' '{print $3}'")
 
 
 # -- General configuration ---------------------------------------------------

From 5c90e843b1f710c8784723dae71aca427f0f25a3 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Sun, 26 Mar 2023 21:01:59 +0800
Subject: [PATCH 224/760] [KYUUBI #4606] [K8S][HELM] Add command and args
 configuration support

### _Why are the changes needed?_
The change allows to change default command to launch Kyuubi and pass additional command line arguments.
It's needed if the chart user wants to print message, create files or similar in main container (`kyuubi-server`) when pod starts.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4606 from dnskr/add_command_and_args.

Closes #4606

5e0ba5be2 [dnskr] [K8S][HELM] Add command and args configuration support

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/kyuubi-deployment.yaml | 6 ++++++
 charts/kyuubi/values.yaml                      | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index 998a87776..43899b6fc 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -50,6 +50,12 @@ spec:
         - name: kyuubi-server
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.command }}
+          command: {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+          {{- with .Values.args }}
+          args: {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
           {{- with .Values.env }}
           env: {{- tpl (toYaml .) $ | nindent 12 }}
           {{- end }}
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index e2a59bc91..7eca72113 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -131,6 +131,11 @@ kyuubiConf:
   # See example at conf/log4j2.xml.template https://kyuubi.readthedocs.io/en/master/deployment/settings.html#logging for more details
   log4j2: ~
 
+# Command to launch Kyuubi server (templated)
+command: ~
+# Arguments to launch Kyuubi server (templated)
+args: ~
+
 # Environment variables (templated)
 env: []
 envFrom: []

From 932f7ab926ee5b6760306f446b511da4328108d2 Mon Sep 17 00:00:00 2001
From: "guanhua.lgh" <guanhua.lgh@alibaba-inc.com>
Date: Mon, 27 Mar 2023 13:04:42 +0800
Subject: [PATCH 225/760] [KYUUBI #4614] [DOCS] Rename Flink Table Store to
 Apache Paimon (Incubating) in docs `Connectors for Flink SQL Query Engine`

### _Why are the changes needed?_

To update docs.
Rename Flink Table Store to Apache Paimon (Incubating) in docs `Connectors for Flink SQL Query Engine`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4614 from huage1994/docs3.

Closes #4614

50f8b2c6f [Kent Yao] Update docs/connector/flink/paimon.rst
2b34c4724 [guanhua.lgh] typos
7d6488351 [guanhua.lgh] [DOCS] Rename Flink Table Store to Apache Paimon (Incubating) in docs under `Connectors for Flink SQL Query Engine`

Lead-authored-by: guanhua.lgh <guanhua.lgh@alibaba-inc.com>
Co-authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/connector/flink/index.rst                |  2 +-
 .../{flink_table_store.rst => paimon.rst}     | 55 +++++++++----------
 2 files changed, 28 insertions(+), 29 deletions(-)
 rename docs/connector/flink/{flink_table_store.rst => paimon.rst} (51%)

diff --git a/docs/connector/flink/index.rst b/docs/connector/flink/index.rst
index c9d91091f..e7d40fd43 100644
--- a/docs/connector/flink/index.rst
+++ b/docs/connector/flink/index.rst
@@ -19,6 +19,6 @@ Connectors For Flink SQL Query Engine
 .. toctree::
     :maxdepth: 2
 
-    flink_table_store
+    paimon
     hudi
     iceberg
diff --git a/docs/connector/flink/flink_table_store.rst b/docs/connector/flink/paimon.rst
similarity index 51%
rename from docs/connector/flink/flink_table_store.rst
rename to docs/connector/flink/paimon.rst
index 14c576bf3..b67101488 100644
--- a/docs/connector/flink/flink_table_store.rst
+++ b/docs/connector/flink/paimon.rst
@@ -13,57 +13,56 @@
    See the License for the specific language governing permissions and
    limitations under the License.
 
-`Flink Table Store`_
-==========
+`Apache Paimon (Incubating)`_
+=============================
 
-Flink Table Store is a unified storage to build dynamic tables for both streaming and batch processing in Flink,
-supporting high-speed data ingestion and timely data query.
+Apache Paimon (Incubating) is a streaming data lake platform that supports high-speed data ingestion, change data tracking, and efficient real-time analytics.
 
 .. tip::
-   This article assumes that you have mastered the basic knowledge and operation of `Flink Table Store`_.
-   For the knowledge about Flink Table Store not mentioned in this article,
+   This article assumes that you have mastered the basic knowledge and operation of `Apache Paimon (Incubating)`_.
+   For the knowledge not mentioned in this article,
    you can obtain it from its `Official Documentation`_.
 
-By using kyuubi, we can run SQL queries towards Flink Table Store which is more
-convenient, easy to understand, and easy to expand than directly using
-flink to manipulate Flink Table Store.
+By using kyuubi, we can run SQL queries towards Apache Paimon (Incubating) which is more
+convenient, easy to understand, and easy to expand than directly using flink.
 
-Flink Table Store Integration
--------------------
+Apache Paimon (Incubating) Integration
+--------------------------------------
 
-To enable the integration of kyuubi flink sql engine and Flink Table Store, you need to:
+To enable the integration of kyuubi flink sql engine and Apache Paimon (Incubating), you need to:
 
-- Referencing the Flink Table Store :ref:`dependencies<flink-table-store-deps>`
+- Referencing the Apache Paimon (Incubating) :ref:`dependencies<flink-paimon-deps>`
 
-.. _flink-table-store-deps:
+.. _flink-paimon-deps:
 
 Dependencies
 ************
 
-The **classpath** of kyuubi flink sql engine with Flink Table Store supported consists of
+The **classpath** of kyuubi flink sql engine with Apache Paimon (Incubating) supported consists of
 
 1. kyuubi-flink-sql-engine-\ |release|\ _2.12.jar, the engine jar deployed with Kyuubi distributions
 2. a copy of flink distribution
-3. flink-table-store-dist-<version>.jar (example: flink-table-store-dist-0.2.jar), which can be found in the `Maven Central`_
+3. paimon-flink-<version>.jar (example: paimon-flink-1.16-0.4-SNAPSHOT.jar), which can be found in the `Apache Paimon (Incubating) Supported Engines Flink`_
+4. flink-shaded-hadoop-2-uber-<version>.jar, which code can be found in the `Pre-bundled Hadoop Jar`_
 
-In order to make the Flink Table Store packages visible for the runtime classpath of engines, we can use these methods:
+In order to make the Apache Paimon (Incubating) packages visible for the runtime classpath of engines, you need to:
 
-1. Put the Flink Table Store packages into ``$FLINK_HOME/lib`` directly
+1. Put the Apache Paimon (Incubating) packages into ``$FLINK_HOME/lib`` directly
 2. Setting the HADOOP_CLASSPATH environment variable or copy the `Pre-bundled Hadoop Jar`_ to flink/lib.
 
 .. warning::
-   Please mind the compatibility of different Flink Table Store and Flink versions, which can be confirmed on the page of `Flink Table Store multi engine support`_.
+   Please mind the compatibility of different Apache Paimon (Incubating) and Flink versions, which can be confirmed on the page of `Apache Paimon (Incubating) multi engine support`_.
 
-Flink Table Store Operations
-------------------
+Apache Paimon (Incubating) Operations
+-------------------------------------
 
 Taking ``CREATE CATALOG`` as a example,
 
 .. code-block:: sql
 
    CREATE CATALOG my_catalog WITH (
-     'type'='table-store',
-     'warehouse'='hdfs://nn:8020/warehouse/path' -- or 'file:///tmp/foo/bar'
+       'type'='paimon',
+       'warehouse'='file:/tmp/paimon'
    );
 
    USE CATALOG my_catalog;
@@ -104,8 +103,8 @@ Taking ``Rescale Bucket`` as a example,
    INSERT OVERWRITE my_table PARTITION (dt = '2022-01-01');
 
 
-.. _Flink Table Store: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Official Documentation: https://nightlies.apache.org/flink/flink-table-store-docs-stable/
-.. _Maven Central: https://mvnrepository.com/artifact/org.apache.flink/flink-table-store-dist
-.. _Pre-bundled Hadoop Jar: https://flink.apache.org/downloads.html
-.. _Flink Table Store multi engine support: https://nightlies.apache.org/flink/flink-table-store-docs-stable/docs/engines/overview/
+.. _Apache Paimon (Incubating): https://paimon.apache.org/
+.. _Official Documentation: https://paimon.apache.org/docs/master/
+.. _Apache Paimon (Incubating) Supported Engines Flink: https://paimon.apache.org/docs/master/engines/flink/#preparing-paimon-jar-file
+.. _Pre-bundled Hadoop Jar: https://flink.apache.org/downloads/#additional-components
+.. _Apache Paimon (Incubating) multi engine support: https://paimon.apache.org/docs/master/engines/overview/

From 6fd3353c780e50c9129fbebe849b19424450476d Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Mon, 27 Mar 2023 17:16:52 +0800
Subject: [PATCH 226/760] [KYUUBI #4609] get engineRefId in KyuubiConnection

### _Why are the changes needed?_

Close #4609
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4610 from lightning-L/kyuubi-4609.

Closes #4609

c40fd71ed [Tianlin Liao] fix test case
8f2d96cf0 [Tianlin Liao] [KYUUBI #4609] get engineRefId in KyuubiConnection

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java | 7 +++++++
 .../main/scala/org/apache/kyuubi/engine/EngineRef.scala    | 2 ++
 .../kyuubi/operation/KyuubiApplicationOperation.scala      | 6 +++++-
 .../scala/org/apache/kyuubi/operation/LaunchEngine.scala   | 5 +++++
 .../operation/KyuubiOperationPerConnectionSuite.scala      | 1 +
 .../apache/kyuubi/server/BackendServiceMetricSuite.scala   | 2 +-
 6 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index 2a485b24e..f9935d23e 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -107,6 +107,7 @@ public class KyuubiConnection implements SQLConnection, KyuubiLoggable {
   private String engineId = "";
   private String engineName = "";
   private String engineUrl = "";
+  private String engineRefId = "";
 
   private boolean isBeeLineMode;
 
@@ -1370,6 +1371,8 @@ private void fetchLaunchEngineResult() {
           engineName = value;
         } else if ("url".equals(key)) {
           engineUrl = value;
+        } else if ("refId".equals(key)) {
+          engineRefId = value;
         }
       }
     } catch (Exception e) {
@@ -1388,4 +1391,8 @@ public String getEngineName() {
   public String getEngineUrl() {
     return engineUrl;
   }
+
+  public String getEngineRefId() {
+    return engineRefId;
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 5f3af28f8..63b37f1c5 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -85,6 +85,8 @@ private[kyuubi] class EngineRef(
 
   private var builder: ProcBuilder = _
 
+  private[kyuubi] def getEngineRefId(): String = engineRefId
+
   // Launcher of the engine
   private[kyuubi] val appUser: String = shareLevel match {
     case SERVER => Utils.currentUser
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
index b864f0101..605c4cca6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
@@ -33,6 +33,10 @@ abstract class KyuubiApplicationOperation(session: Session) extends KyuubiOperat
 
   protected def currentApplicationInfo: Option[ApplicationInfo]
 
+  protected def applicationInfoMap: Option[Map[String, String]] = {
+    currentApplicationInfo.map(_.toMap)
+  }
+
   override def getResultSetMetadata: TGetResultSetMetadataResp = {
     val schema = new TTableSchema()
     Seq("key", "value").zipWithIndex.foreach { case (colName, position) =>
@@ -51,7 +55,7 @@ abstract class KyuubiApplicationOperation(session: Session) extends KyuubiOperat
   }
 
   override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
-    currentApplicationInfo.map(_.toMap).map { state =>
+    applicationInfoMap.map { state =>
       val tRow = new TRowSet(0, new JArrayList[TRow](state.size))
       Seq(state.keys, state.values.map(Option(_).getOrElse(""))).map(_.toSeq.asJava).foreach {
         col =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala
index 3d9b4937f..fb4f39e26 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala
@@ -68,4 +68,9 @@ class LaunchEngine(session: KyuubiSessionImpl, override val shouldRunAsync: Bool
 
     if (!shouldRunAsync) getBackgroundHandle.get()
   }
+
+  override protected def applicationInfoMap: Option[Map[String, String]] = {
+    super.applicationInfoMap.map { _ + ("refId" -> session.engine.getEngineRefId()) }
+  }
+
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index 669475b6c..d04afbfb5 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -137,6 +137,7 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
       assert(connection.getEngineId.startsWith("local-"))
       assert(connection.getEngineName.startsWith("kyuubi"))
       assert(connection.getEngineUrl.nonEmpty)
+      assert(connection.getEngineRefId.nonEmpty)
       val stmt = connection.createStatement()
       try {
         stmt.execute("select engine_name()")
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
index 53a53ef1d..a58d1842c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
@@ -78,7 +78,7 @@ class BackendServiceMetricSuite extends WithKyuubiServer with HiveJDBCTestHelper
 
       val meters2 =
         objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile).get("meters")
-      assert(meters2.get(MetricsConstants.BS_FETCH_RESULT_ROWS_RATE).get("count").asInt() == 7)
+      assert(meters2.get(MetricsConstants.BS_FETCH_RESULT_ROWS_RATE).get("count").asInt() == 8)
       assert(meters2.get(MetricsConstants.BS_FETCH_LOG_ROWS_RATE).get("count").asInt() >= logRows1)
 
       statement.executeQuery("DROP TABLE stu_test")

From b2fe49343e223f0e20c30e915883bed5f39f5f2b Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 27 Mar 2023 18:35:30 +0800
Subject: [PATCH 227/760] [KYUUBI #4620] [KSHC] Cut off transitive dependencies

### _Why are the changes needed?_

Remove all transitive dependencies to make the down stream project easy to consume.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4620 from pan3793/kshc.

Closes #4620

407f669f5 [Cheng Pan] [KSHC] Cut off transitive dependenices

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/kyuubi-spark-connector-hive/pom.xml | 48 ++++++-------------
 1 file changed, 15 insertions(+), 33 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/pom.xml b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
index 37e3d8409..b75db929d 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
@@ -32,7 +32,6 @@
     <url>https://kyuubi.apache.org/</url>
 
     <dependencies>
-
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
             <artifactId>kyuubi-spark-connector-common_${scala.binary.version}</artifactId>
@@ -40,34 +39,34 @@
         </dependency>
 
         <dependency>
-            <groupId>org.apache.kyuubi</groupId>
-            <artifactId>kyuubi-spark-connector-common_${scala.binary.version}</artifactId>
-            <version>${project.version}</version>
-            <type>test-jar</type>
-            <scope>test</scope>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>org.scala-lang</groupId>
-            <artifactId>scala-library</artifactId>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-hive_${scala.binary.version}</artifactId>
             <scope>provided</scope>
         </dependency>
 
         <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-api</artifactId>
             <scope>provided</scope>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-sql_${scala.binary.version}</artifactId>
-            <scope>provided</scope>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-spark-connector-common_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
         </dependency>
 
         <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
+            <groupId>org.scalatestplus</groupId>
+            <artifactId>scalacheck-1-17_${scala.binary.version}</artifactId>
+            <scope>test</scope>
         </dependency>
 
         <dependency>
@@ -84,17 +83,6 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-hive_${scala.binary.version}</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.scalatestplus</groupId>
-            <artifactId>scalacheck-1-17_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-sql_${scala.binary.version}</artifactId>
@@ -117,15 +105,10 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-client-api</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-client-runtime</artifactId>
-            <scope>runtime</scope>
+            <scope>test</scope>
         </dependency>
 
         <!--
@@ -153,7 +136,6 @@
     </dependencies>
 
     <build>
-
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>

From 0ea5795d547aef6ac961bdc0f0d42c470ac9c5c6 Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Tue, 28 Mar 2023 09:16:25 +0800
Subject: [PATCH 228/760] [KYUUBI #4430] Lineage supports the `lateral view
 explode` statement

close #4430
### _Why are the changes needed?_

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4566 from iodone/kyuubi-4430.

Closes #4430

9986113b7 [odone] add lateral view support

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../helper/SparkSQLLineageParseHelper.scala   | 13 ++++++
 .../SparkSQLLineageParserHelperSuite.scala    | 44 ++++++++++++++++++-
 2 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index 793572611..f060cc994 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -349,6 +349,19 @@ trait LineageParser {
           joinColumnsLineage(parentColumnsLineage, childColumnsLineage)
         p.children.map(extractColumnsLineage(_, nextColumnsLineage)).reduce(mergeColumnsLineage)
 
+      case p: Generate =>
+        val generateColumnsLineageWithId =
+          ListMap(p.generatorOutput.map(attrRef => (attrRef.toAttribute.exprId, p.references)): _*)
+
+        val nextColumnsLineage = parentColumnsLineage.map {
+          case (key, attrRefs) =>
+            key -> AttributeSet(attrRefs.flatMap(attr =>
+              generateColumnsLineageWithId.getOrElse(
+                attr.exprId,
+                AttributeSet(attr))))
+        }
+        p.children.map(extractColumnsLineage(_, nextColumnsLineage)).reduce(mergeColumnsLineage)
+
       case p: Window =>
         val windowColumnsLineage =
           ListMap(p.windowExpressions.map(exp => (exp.toAttribute, exp.references)): _*)
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index c25c94d39..96003f051 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -1276,7 +1276,6 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
             s"select a as k, b" +
               s" from t2" +
               s" where a in ('HELLO') and c = 'HELLO'")
-
         assert(ret0 == Lineage(
           List("default.t2"),
           List(),
@@ -1306,6 +1305,49 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
+  test("test lateral view explode") {
+    withTable("t1", "t2") { _ =>
+      spark.sql("CREATE TABLE t1 (a string, b string, c string, d string) USING hive")
+      spark.sql("CREATE TABLE t2 (a string, b string, c string, d string) USING hive")
+
+      val ret0 = exectractLineage("insert into t1 select 1, t2.b, cc.action, t2.d " +
+        "from t2 lateral view explode(split(c,'\\},\\{')) cc as action")
+      assert(ret0 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set()),
+          ("default.t1.b", Set("default.t2.b")),
+          ("default.t1.c", Set("default.t2.c")),
+          ("default.t1.d", Set("default.t2.d")))))
+
+      val ret1 = exectractLineage("insert into t1 select 1, t2.b, cc.action0, dd.action1 " +
+        "from t2 " +
+        "lateral view explode(split(c,'\\},\\{')) cc as action0 " +
+        "lateral view explode(split(d,'\\},\\{')) dd as action1")
+      assert(ret1 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set()),
+          ("default.t1.b", Set("default.t2.b")),
+          ("default.t1.c", Set("default.t2.c")),
+          ("default.t1.d", Set("default.t2.d")))))
+
+      val ret2 = exectractLineage("insert into t1 select 1, t2.b, dd.pos, dd.action1 " +
+        "from t2 " +
+        "lateral view posexplode(split(d,'\\},\\{')) dd as pos, action1")
+      assert(ret2 == Lineage(
+        List("default.t2"),
+        List("default.t1"),
+        List(
+          ("default.t1.a", Set()),
+          ("default.t1.b", Set("default.t2.b")),
+          ("default.t1.c", Set("default.t2.d")),
+          ("default.t1.d", Set("default.t2.d")))))
+    }
+  }
+
   private def exectractLineageWithoutExecuting(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)

From f3986d2d677b70eae9bf5515eef47e88e3748a41 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 28 Mar 2023 09:44:49 +0800
Subject: [PATCH 229/760] [KYUUBI #4618][REST] Admin Resource list operations
 with sessionHandle filter

### _Why are the changes needed?_

Close #4618
`api/v1/admin/operations` add queryParams sessionHandle

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4621 from zwangsheng/KYUUBI_4618.

Closes #4618

1f1e40213 [zwangsheng] [KYUUBI #4618][REST] Admin Resource list operations with sessionhandle filter

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/server/api/v1/AdminResource.scala       |  8 +++++++-
 .../kyuubi/server/api/v1/AdminResourceSuite.scala  | 14 +++++++++++---
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index ee63243cc..0d8b31b2c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -160,7 +160,9 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       "get the list of all active operations")
   @GET
   @Path("operations")
-  def listOperations(@QueryParam("users") users: String): Seq[OperationData] = {
+  def listOperations(
+      @QueryParam("users") users: String,
+      @QueryParam("sessionHandle") sessionHandle: String): Seq[OperationData] = {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val ipAddress = fe.getIpAddress
     info(s"Received listing all of the active operations request from $userName/$ipAddress")
@@ -173,6 +175,10 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       val usersSet = users.split(",").toSet
       operations = operations.filter(operation => usersSet.contains(operation.getSession.user))
     }
+    if (StringUtils.isNotBlank(sessionHandle)) {
+      operations = operations.filter(operation =>
+        operation.getSession.handle.equals(SessionHandle.fromUUID(sessionHandle)))
+    }
     operations
       .map(operation => ApiUtils.operationData(operation.asInstanceOf[KyuubiOperation])).toSeq
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index e7281dc5a..a10994d7e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -189,7 +189,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       "localhost",
       Map("testConfig" -> "testValue"))
 
-    fe.be.openSession(
+    val sessionHandle = fe.be.openSession(
       HIVE_CLI_SERVICE_PROTOCOL_V2,
       "test_user_2",
       "xxxxxx",
@@ -227,8 +227,17 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .get()
-    val operations = response.readEntity(classOf[Seq[OperationData]])
+    var operations = response.readEntity(classOf[Seq[OperationData]])
     assert(operations.size == 2)
+
+    response = webTarget.path("api/v1/admin/operations")
+      .queryParam("sessionHandle", sessionHandle.identifier)
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .get()
+    operations = response.readEntity(classOf[Seq[OperationData]])
+    assert(200 == response.getStatus)
+    assert(operations.size == 1)
   }
 
   test("list/close operations") {
@@ -479,5 +488,4 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       }
     }
   }
-
 }

From 1811c909e0bfeab4fe65174e4bd9695f2bd50c17 Mon Sep 17 00:00:00 2001
From: Derick Cypho <derickamaze@gmail.com>
Date: Tue, 28 Mar 2023 16:40:35 +0800
Subject: [PATCH 230/760] [KYUUBI #4624] [Docs] Fix table headers in
 kyuubi_vs_hive.md

### _Why are the changes needed?_

Fix the Markdown formatting for the table that demonstrates the difference between Kyuubi and HiveServer2.
The before table is as shown down below:
![image](https://user-images.githubusercontent.com/55829354/228123507-6ac2c7a9-d398-4e93-8315-a0a2b0df7287.png)
Document readability improvement.

Closes #4624 from DerickCypho/patch-1.

Closes #4624

4e9394a9c [Bowen Liang] Update docs/overview/kyuubi_vs_hive.md
a9935bfa2 [Bowen Liang] Update docs/overview/kyuubi_vs_hive.md
44c21e23e [Bowen Liang] Update docs/overview/kyuubi_vs_hive.md
776782590 [Bowen Liang] Update docs/overview/kyuubi_vs_hive.md
95b367e33 [DerickCypho] Fix table headers in kyuubi_vs_hive.md
6e42f9d8b [DerickCypho] Fix table headers for kyuubi_vs_hive.md
6684d2f46 [DerickCypho] Update kyuubi_vs_hive.md

Lead-authored-by: Derick Cypho <derickamaze@gmail.com>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Co-authored-by: DerickCypho <55829354+DerickCypho@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/overview/kyuubi_vs_hive.md | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/docs/overview/kyuubi_vs_hive.md b/docs/overview/kyuubi_vs_hive.md
index 43ffac146..80038c178 100644
--- a/docs/overview/kyuubi_vs_hive.md
+++ b/docs/overview/kyuubi_vs_hive.md
@@ -32,16 +32,14 @@ have multiple reducer stages.
 
 ## Differences Between Kyuubi and HiveServer2
 
-- 
-
-|             Kyuubi             |                                   HiveServer2                                   |
-|--------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| ** Language **                 | Spark SQL                                                                       | Hive QL                                                                                                                                                            |
-| ** Optimizer **                | Spark SQL Catalyst                                                              | Hive Optimizer                                                                                                                                                     |
-| ** Engine **                   | up to Spark 3.x                                                                 | MapReduce/[up to Spark 2.3](https://cwiki.apache.org/confluence/display/Hive/Hive+on+Spark%3A+Getting+Started#HiveonSpark:GettingStarted-VersionCompatibility)/Tez |
-| ** Performance **              | High                                                                            | Low                                                                                                                                                                |
-| ** Compatibility with Spark ** | Good                                                                            | Bad(need to rebuild on a specific version)                                                                                                                         |
-| ** Data Types **               | [Spark Data Types](https://spark.apache.org/docs/latest/sql-ref-datatypes.html) | [Hive Data Types](https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Types)                                                                           |
+|                              |                                     Kyuubi                                      |                                                                            HiveServer2                                                                             |
+|------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Language**                 | Spark SQL                                                                       | Hive QL                                                                                                                                                            |
+| **Optimizer**                | Spark SQL Catalyst                                                              | Hive Optimizer                                                                                                                                                     |
+| **Engine**                   | up to Spark 3.x                                                                 | MapReduce/[up to Spark 2.3](https://cwiki.apache.org/confluence/display/Hive/Hive+on+Spark%3A+Getting+Started#HiveonSpark:GettingStarted-VersionCompatibility)/Tez |
+| **Performance**              | High                                                                            | Low                                                                                                                                                                |
+| **Compatibility with Spark** | Good                                                                            | Bad(need to rebuild on a specific version)                                                                                                                         |
+| **Data Types**               | [Spark Data Types](https://spark.apache.org/docs/latest/sql-ref-datatypes.html) | [Hive Data Types](https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Types)                                                                           |
 
 ## Performance
 

From 6a7c57140dfe86656cf5e235a8ef2d610ce6cd26 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 28 Mar 2023 18:10:14 +0800
Subject: [PATCH 231/760] [KYUUBI #4626] [UI][CI] Fix Web UI Ci check fail with
 pnpm the lockfile needs updates

### _Why are the changes needed?_

After pnpm released 8.X version

We should specify pnpm version when npm install.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
- [x] CI with Web UI Build Check & Web UI Style Check

Closes #4626 from zwangsheng/fix/web_ui_ci.

Closes #4626

f7fdc0676 [Cheng Pan] Update .github/workflows/web-ui.yml
61bc10124 [Cheng Pan] Update .github/workflows/style.yml
7d9353218 [zwangsheng] Specify pnpm version
d678c6cb6 [zwangsheng] for feature version
6d83c2b01 [zwangsheng] revert
bbc4b4c2c [zwangsheng] Specify pnpm version

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/style.yml  | 2 +-
 .github/workflows/web-ui.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 040cdfb3e..2824e5972 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -93,7 +93,7 @@ jobs:
       - name: Web UI Style with node
         run: |
           cd ./kyuubi-server/web-ui
-          npm install pnpm -g
+          npm install pnpm@7 -g
           pnpm install
           pnpm run lint
           echo "---------------------------------------Notice------------------------------------"
diff --git a/.github/workflows/web-ui.yml b/.github/workflows/web-ui.yml
index d99078990..2a48eeaa1 100644
--- a/.github/workflows/web-ui.yml
+++ b/.github/workflows/web-ui.yml
@@ -28,7 +28,7 @@ jobs:
       - name: npm run coverage & build
         run: |
           cd ./kyuubi-server/web-ui
-          npm install pnpm -g
+          npm install pnpm@7 -g
           pnpm install
           pnpm run coverage
           pnpm run build

From 6d8fe6c381a96165026ec8f3427cfa7c4db46497 Mon Sep 17 00:00:00 2001
From: maruilei <maruilei@58.com>
Date: Tue, 28 Mar 2023 18:14:39 +0800
Subject: [PATCH 232/760] [KYUUBI #4627] [Docs] Fix a typo in rest_api.md.

### _Why are the changes needed?_

`GET /batches/{batchId}` should be `GET /batches/${batchId}`

Affected versions 1.6/1.7/master

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4627 from merrily01/master-typo.

Closes #4627

ac386f640 [maruilei] [Docs] Fix a typo in rest_api.md.

Authored-by: maruilei <maruilei@58.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/rest/rest_api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index c622c401e..a531b9c78 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -397,7 +397,7 @@ curl --location --request POST 'http://localhost:10099/api/v1/batches' \
 
 The created [Batch](#batch) object.
 
-### GET /batches/{batchId}
+### GET /batches/${batchId}
 
 Returns the batch information.
 

From 3815bc4a71560606eff632887152d51272215f15 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Tue, 28 Mar 2023 21:56:51 +0800
Subject: [PATCH 233/760] [KYUUBI #4611] support all sessions api in
 SessionRestApi

### _Why are the changes needed?_

Close #4611

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4612 from lightning-L/kyuubi-4602.

Closes #4611

9ad95c6ad [Tianlin Liao] fix
0b3792e3e [Tianlin Liao] fix
7db90d570 [Tianlin Liao] [KYUUBI #4611] support all sessions api in SessionRestApi

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/client/SessionRestApi.java  |  99 ++++-
 .../kyuubi/client/api/v1/dto/KyuubiEvent.java |  20 +
 .../client/api/v1/dto/KyuubiSessionEvent.java | 361 ++++++++++++++++++
 .../client/api/v1/dto/OperationHandle.java    |  60 +++
 .../server/api/v1/SessionsResource.scala      |  28 +-
 .../server/api/v1/SessionsResourceSuite.scala |  10 +-
 .../rest/client/SessionRestApiSuite.scala     | 157 +++++++-
 7 files changed, 708 insertions(+), 27 deletions(-)
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationHandle.java

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/SessionRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/SessionRestApi.java
index fbb424102..a4c3bb7ab 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/SessionRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/SessionRestApi.java
@@ -20,7 +20,8 @@
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
-import org.apache.kyuubi.client.api.v1.dto.SessionData;
+import org.apache.kyuubi.client.api.v1.dto.*;
+import org.apache.kyuubi.client.util.JsonUtils;
 
 public class SessionRestApi {
 
@@ -41,6 +42,102 @@ public List<SessionData> listSessions() {
     return Arrays.asList(result);
   }
 
+  public SessionHandle openSession(SessionOpenRequest sessionOpenRequest) {
+    return this.getClient()
+        .post(
+            API_BASE_PATH,
+            JsonUtils.toJson(sessionOpenRequest),
+            SessionHandle.class,
+            client.getAuthHeader());
+  }
+
+  public String closeSession(String sessionHandleStr) {
+    String path = String.format("%s/%s", API_BASE_PATH, sessionHandleStr);
+    return this.getClient().delete(path, new HashMap<>(), client.getAuthHeader());
+  }
+
+  public KyuubiSessionEvent getSessionEvent(String sessionHandleStr) {
+    String path = String.format("%s/%s", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .get(path, new HashMap<>(), KyuubiSessionEvent.class, client.getAuthHeader());
+  }
+
+  public InfoDetail getSessionInfo(String sessionHandleStr, int infoType) {
+    String path = String.format("%s/%s/info/%s", API_BASE_PATH, sessionHandleStr, infoType);
+    return this.getClient().get(path, new HashMap<>(), InfoDetail.class, client.getAuthHeader());
+  }
+
+  public int getOpenSessionCount() {
+    String path = String.format("%s/count", API_BASE_PATH);
+    return this.getClient()
+        .get(path, new HashMap<>(), SessionOpenCount.class, client.getAuthHeader())
+        .getOpenSessionCount();
+  }
+
+  public ExecPoolStatistic getExecPoolStatistic() {
+    String path = String.format("%s/execPool/statistic", API_BASE_PATH);
+    return this.getClient()
+        .get(path, new HashMap<>(), ExecPoolStatistic.class, client.getAuthHeader());
+  }
+
+  public OperationHandle executeStatement(String sessionHandleStr, StatementRequest request) {
+    String path = String.format("%s/%s/operations/statement", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getTypeInfo(String sessionHandleStr) {
+    String path = String.format("%s/%s/operations/typeInfo", API_BASE_PATH, sessionHandleStr);
+    return this.getClient().post(path, "", OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getCatalogs(String sessionHandleStr) {
+    String path = String.format("%s/%s/operations/catalogs", API_BASE_PATH, sessionHandleStr);
+    return this.getClient().post(path, "", OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getSchemas(String sessionHandleStr, GetSchemasRequest request) {
+    String path = String.format("%s/%s/operations/schemas", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getTables(String sessionHandleStr, GetTablesRequest request) {
+    String path = String.format("%s/%s/operations/tables", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getTableTypes(String sessionHandleStr) {
+    String path = String.format("%s/%s/operations/tableTypes", API_BASE_PATH, sessionHandleStr);
+    return this.getClient().post(path, "", OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getColumns(String sessionHandleStr, GetColumnsRequest request) {
+    String path = String.format("%s/%s/operations/columns", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getFunctions(String sessionHandleStr, GetFunctionsRequest request) {
+    String path = String.format("%s/%s/operations/functions", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getPrimaryKeys(String sessionHandleStr, GetPrimaryKeysRequest request) {
+    String path = String.format("%s/%s/operations/primaryKeys", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
+  public OperationHandle getCrossReference(
+      String sessionHandleStr, GetCrossReferenceRequest request) {
+    String path = String.format("%s/%s/operations/crossReference", API_BASE_PATH, sessionHandleStr);
+    return this.getClient()
+        .post(path, JsonUtils.toJson(request), OperationHandle.class, client.getAuthHeader());
+  }
+
   private IRestClient getClient() {
     return this.client.getHttpClient();
   }
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java
new file mode 100644
index 000000000..8de125089
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+public interface KyuubiEvent {}
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java
new file mode 100644
index 000000000..4c3cbcfd5
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java
@@ -0,0 +1,361 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+import java.util.Map;
+
+public class KyuubiSessionEvent implements KyuubiEvent {
+
+  private String sessionId;
+
+  private int clientVersion;
+
+  private String sessionType;
+
+  private String sessionName;
+
+  private String remoteSessionId;
+
+  private String engineId;
+
+  private String user;
+
+  private String clientIp;
+
+  private String serverIp;
+
+  private Map<String, String> conf;
+
+  private long eventTime;
+
+  private long openedTime;
+
+  private long startTime;
+
+  private long endTime;
+
+  private int totalOperations;
+
+  private Throwable exception;
+
+  public KyuubiSessionEvent() {}
+
+  public KyuubiSessionEvent(
+      String sessionId,
+      int clientVersion,
+      String sessionType,
+      String sessionName,
+      String remoteSessionId,
+      String engineId,
+      String user,
+      String clientIp,
+      String serverIp,
+      Map<String, String> conf,
+      long eventTime,
+      long openedTime,
+      long startTime,
+      long endTime,
+      int totalOperations,
+      Throwable exception) {
+    this.sessionId = sessionId;
+    this.clientVersion = clientVersion;
+    this.sessionType = sessionType;
+    this.sessionName = sessionName;
+    this.remoteSessionId = remoteSessionId;
+    this.engineId = engineId;
+    this.user = user;
+    this.clientIp = clientIp;
+    this.serverIp = serverIp;
+    this.conf = conf;
+    this.eventTime = eventTime;
+    this.openedTime = openedTime;
+    this.startTime = startTime;
+    this.endTime = endTime;
+    this.totalOperations = totalOperations;
+    this.exception = exception;
+  }
+
+  public static KyuubiSessionEvent.KyuubiSessionEventBuilder builder() {
+    return new KyuubiSessionEvent.KyuubiSessionEventBuilder();
+  }
+
+  public static class KyuubiSessionEventBuilder {
+    private String sessionId;
+
+    private int clientVersion;
+
+    private String sessionType;
+
+    private String sessionName;
+
+    private String remoteSessionId;
+
+    private String engineId;
+
+    private String user;
+
+    private String clientIp;
+
+    private String serverIp;
+
+    private Map<String, String> conf;
+
+    private long eventTime;
+
+    private long openedTime;
+
+    private long startTime;
+
+    private long endTime;
+
+    private int totalOperations;
+
+    private Throwable exception;
+
+    public KyuubiSessionEventBuilder() {}
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder sessionId(final String sessionId) {
+      this.sessionId = sessionId;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder remoteSessionId(
+        final String remoteSessionId) {
+      this.remoteSessionId = remoteSessionId;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder clientVersion(final int clientVersion) {
+      this.clientVersion = clientVersion;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder sessionType(final String sessionType) {
+      this.sessionType = sessionType;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder sessionName(final String sessionName) {
+      this.sessionName = sessionName;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder engineId(final String engineId) {
+      this.engineId = engineId;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder user(final String user) {
+      this.user = user;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder clientIp(final String clientIp) {
+      this.clientIp = clientIp;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder serverIp(final String serverIp) {
+      this.serverIp = serverIp;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder conf(final Map<String, String> conf) {
+      this.conf = conf;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder eventTime(final long eventTime) {
+      this.eventTime = eventTime;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder openedTime(final long openedTime) {
+      this.openedTime = openedTime;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder startTime(final long startTime) {
+      this.startTime = startTime;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder endTime(final long endTime) {
+      this.endTime = endTime;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder totalOperations(final int totalOperations) {
+      this.totalOperations = totalOperations;
+      return this;
+    }
+
+    public KyuubiSessionEvent.KyuubiSessionEventBuilder exception(final Throwable exception) {
+      this.exception = exception;
+      return this;
+    }
+
+    public KyuubiSessionEvent build() {
+      return new KyuubiSessionEvent(
+          sessionId,
+          clientVersion,
+          sessionType,
+          sessionName,
+          remoteSessionId,
+          engineId,
+          user,
+          clientIp,
+          serverIp,
+          conf,
+          eventTime,
+          openedTime,
+          startTime,
+          endTime,
+          totalOperations,
+          exception);
+    }
+  }
+
+  public String getSessionId() {
+    return sessionId;
+  }
+
+  public void setSessionId(String sessionId) {
+    this.sessionId = sessionId;
+  }
+
+  public int getClientVersion() {
+    return clientVersion;
+  }
+
+  public void setClientVersion(int clientVersion) {
+    this.clientVersion = clientVersion;
+  }
+
+  public String getSessionType() {
+    return sessionType;
+  }
+
+  public void setSessionType(String sessionType) {
+    this.sessionType = sessionType;
+  }
+
+  public String getSessionName() {
+    return sessionName;
+  }
+
+  public void setSessionName(String sessionName) {
+    this.sessionName = sessionName;
+  }
+
+  public String getRemoteSessionId() {
+    return remoteSessionId;
+  }
+
+  public void setRemoteSessionId(String remoteSessionId) {
+    this.remoteSessionId = remoteSessionId;
+  }
+
+  public String getEngineId() {
+    return engineId;
+  }
+
+  public void setEngineId(String engineId) {
+    this.engineId = engineId;
+  }
+
+  public String getUser() {
+    return user;
+  }
+
+  public void setUser(String user) {
+    this.user = user;
+  }
+
+  public String getClientIp() {
+    return clientIp;
+  }
+
+  public void setClientIp(String clientIp) {
+    this.clientIp = clientIp;
+  }
+
+  public String getServerIp() {
+    return serverIp;
+  }
+
+  public void setServerIp(String serverIp) {
+    this.serverIp = serverIp;
+  }
+
+  public Map<String, String> getConf() {
+    return conf;
+  }
+
+  public void setConf(Map<String, String> conf) {
+    this.conf = conf;
+  }
+
+  public long getEventTime() {
+    return eventTime;
+  }
+
+  public void setEventTime(long eventTime) {
+    this.eventTime = eventTime;
+  }
+
+  public long getOpenedTime() {
+    return openedTime;
+  }
+
+  public void setOpenedTime(long openedTime) {
+    this.openedTime = openedTime;
+  }
+
+  public long getStartTime() {
+    return startTime;
+  }
+
+  public void setStartTime(long startTime) {
+    this.startTime = startTime;
+  }
+
+  public long getEndTime() {
+    return endTime;
+  }
+
+  public void setEndTime(long endTime) {
+    this.endTime = endTime;
+  }
+
+  public int getTotalOperations() {
+    return totalOperations;
+  }
+
+  public void setTotalOperations(int totalOperations) {
+    this.totalOperations = totalOperations;
+  }
+
+  public Throwable getException() {
+    return exception;
+  }
+
+  public void setException(Throwable exception) {
+    this.exception = exception;
+  }
+}
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationHandle.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationHandle.java
new file mode 100644
index 000000000..394e6c157
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationHandle.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+import java.util.Objects;
+import java.util.UUID;
+import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
+import org.apache.commons.lang3.builder.ToStringStyle;
+
+public class OperationHandle {
+
+  private UUID identifier;
+
+  public OperationHandle() {}
+
+  public OperationHandle(UUID identifier) {
+    this.identifier = identifier;
+  }
+
+  public UUID getIdentifier() {
+    return identifier;
+  }
+
+  public void setIdentifier(UUID identifier) {
+    this.identifier = identifier;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+    OperationHandle that = (OperationHandle) o;
+    return Objects.equals(identifier, that.identifier);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(identifier);
+  }
+
+  @Override
+  public String toString() {
+    return ReflectionToStringBuilder.toString(this, ToStringStyle.JSON_STYLE);
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index 253c738c4..d55ff9449 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -33,11 +33,9 @@ import org.apache.kyuubi.Logging
 import org.apache.kyuubi.client.api.v1.dto
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
-import org.apache.kyuubi.events.KyuubiEvent
 import org.apache.kyuubi.operation.OperationHandle
 import org.apache.kyuubi.server.api.{ApiRequestContext, ApiUtils}
-import org.apache.kyuubi.session.KyuubiSession
-import org.apache.kyuubi.session.SessionHandle
+import org.apache.kyuubi.session.{KyuubiSession, SessionHandle}
 
 @Tag(name = "Session")
 @Produces(Array(MediaType.APPLICATION_JSON))
@@ -63,14 +61,32 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     responseCode = "200",
     content = Array(new Content(
       mediaType = MediaType.APPLICATION_JSON,
-      schema = new Schema(implementation = classOf[KyuubiEvent]))),
+      schema = new Schema(implementation = classOf[dto.KyuubiSessionEvent]))),
     description = "get a session event via session handle identifier")
   @GET
   @Path("{sessionHandle}")
-  def sessionInfo(@PathParam("sessionHandle") sessionHandleStr: String): KyuubiEvent = {
+  def sessionInfo(@PathParam("sessionHandle") sessionHandleStr: String): dto.KyuubiSessionEvent = {
     try {
       sessionManager.getSession(sessionHandleStr)
-        .asInstanceOf[KyuubiSession].getSessionEvent.get
+        .asInstanceOf[KyuubiSession].getSessionEvent.map(event =>
+          dto.KyuubiSessionEvent.builder
+            .sessionId(event.sessionId)
+            .clientVersion(event.clientVersion)
+            .sessionType(event.sessionType)
+            .sessionName(event.sessionName)
+            .user(event.user)
+            .clientIp(event.clientIP)
+            .serverIp(event.serverIP)
+            .conf(event.conf.asJava)
+            .remoteSessionId(event.remoteSessionId)
+            .engineId(event.engineId)
+            .eventTime(event.eventTime)
+            .openedTime(event.openedTime)
+            .startTime(event.startTime)
+            .endTime(event.endTime)
+            .totalOperations(event.totalOperations)
+            .exception(event.exception.getOrElse(null))
+            .build).get
     } catch {
       case NonFatal(e) =>
         error(s"Invalid $sessionHandleStr", e)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
index 7e5eb5247..8e86b7458 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
@@ -28,11 +28,11 @@ import scala.collection.JavaConverters._
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KyuubiFunSuite, RestFrontendTestHelper}
+import org.apache.kyuubi.client.api.v1.dto
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
 import org.apache.kyuubi.engine.ShareLevel
-import org.apache.kyuubi.events.KyuubiSessionEvent
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.operation.OperationHandle
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
@@ -121,10 +121,10 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     // get session event
     var response = webTarget.path(s"api/v1/sessions/$sessionHandle").request().get()
     assert(200 == sessionOpenResp.getStatus)
-    val sessions = response.readEntity(classOf[KyuubiSessionEvent])
-    assert(sessions.conf("testConfig").equals("testValue"))
-    assert(sessions.sessionType.equals(SessionType.INTERACTIVE.toString))
-    assert(sessions.user.equals("kyuubi"))
+    val sessions = response.readEntity(classOf[dto.KyuubiSessionEvent])
+    assert(sessions.getConf.get("testConfig").equals("testValue"))
+    assert(sessions.getSessionType.equals(SessionType.INTERACTIVE.toString))
+    assert(sessions.getUser.equals("kyuubi"))
 
     // close an opened session
     response = webTarget.path(s"api/v1/sessions/$sessionHandle").request().delete()
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
index 1edfb5e53..ed116d077 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
@@ -17,21 +17,153 @@
 
 package org.apache.kyuubi.server.rest.client
 
-import scala.collection.JavaConverters.asScalaBufferConverter
+import java.util
 
-import org.apache.hive.service.rpc.thrift.TProtocolVersion
+import scala.collection.JavaConverters._
+
+import org.apache.hive.service.rpc.thrift.TGetInfoType
 
 import org.apache.kyuubi.RestClientTestHelper
 import org.apache.kyuubi.client.{KyuubiRestClient, SessionRestApi}
+import org.apache.kyuubi.client.api.v1.dto
+import org.apache.kyuubi.client.api.v1.dto._
+import org.apache.kyuubi.client.exception.KyuubiRestException
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.session.SessionType
 
 class SessionRestApiSuite extends RestClientTestHelper {
-  test("list session") {
-    fe.be.sessionManager.openSession(
-      TProtocolVersion.findByValue(1),
-      "admin",
-      "123456",
-      "localhost",
-      Map("testConfig" -> "testValue"))
+  test("get/close/list/count session") {
+    withSessionRestApi { sessionRestApi =>
+      {
+        // open session
+        val sessionOpenRequest = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
+        sessionRestApi.openSession(sessionOpenRequest)
+
+        // list sessions
+        var sessions = sessionRestApi.listSessions().asScala
+        assert(sessions.size == 1)
+        val sessionHandle = sessions(0).getIdentifier
+
+        // get open session count
+        var sessionCount = sessionRestApi.getOpenSessionCount
+        assert(sessionCount == 1)
+
+        // close session
+        sessionRestApi.closeSession(sessionHandle)
+
+        // list sessions again
+        sessions = sessionRestApi.listSessions().asScala
+        assert(sessions.isEmpty)
+
+        // get open session count again
+        sessionCount = sessionRestApi.getOpenSessionCount
+        assert(sessionCount == 0)
+      }
+    }
+  }
+
+  test("get session event") {
+    withSessionRestApi { sessionRestApi =>
+      // open session
+      val sessionOpenRequest = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
+      val sessionHandle = sessionRestApi.openSession(sessionOpenRequest)
+
+      // get session event
+      val kyuubiEvent = sessionRestApi.getSessionEvent(
+        sessionHandle.getIdentifier.toString).asInstanceOf[dto.KyuubiSessionEvent]
+      assert(kyuubiEvent.getConf.get("testConfig").equals("testValue"))
+      assert(kyuubiEvent.getSessionType.equals(SessionType.INTERACTIVE.toString))
+    }
+  }
+
+  test("get info type") {
+    withSessionRestApi { sessionRestApi =>
+      // open session
+      val sessionOpenRequest = new SessionOpenRequest(
+        Map("testConfig" -> "testValue", KyuubiConf.SERVER_INFO_PROVIDER.key -> "SERVER").asJava)
+      val sessionHandle = sessionRestApi.openSession(sessionOpenRequest)
+
+      // get session info
+      val info = sessionRestApi.getSessionInfo(
+        sessionHandle.getIdentifier.toString,
+        TGetInfoType.CLI_SERVER_NAME.getValue)
+      assert(info.getInfoType.equals("CLI_SERVER_NAME"))
+      assert(info.getInfoValue.equals("Apache Kyuubi"))
+    }
+  }
+
+  test("submit operation") {
+    withSessionRestApi { sessionRestApi =>
+      // open session
+      val sessionOpenRequest = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
+      val sessionHandle = sessionRestApi.openSession(sessionOpenRequest)
+      val sessionHandleStr = sessionHandle.getIdentifier.toString
+
+      // execute statement
+      val op1 = sessionRestApi.executeStatement(
+        sessionHandleStr,
+        new StatementRequest("show tables", true, 3000))
+      assert(op1.getIdentifier != null)
+
+      // get type info
+      val op2 = sessionRestApi.getTypeInfo(sessionHandleStr)
+      assert(op2.getIdentifier != null)
+
+      // get catalogs
+      val op3 = sessionRestApi.getCatalogs(sessionHandleStr)
+      assert(op3.getIdentifier != null)
+
+      // get schemas
+      val op4 = sessionRestApi.getSchemas(
+        sessionHandleStr,
+        new GetSchemasRequest("spark_catalog", "default"))
+      assert(op4.getIdentifier != null)
+
+      // get tables
+      val tableTypes = new util.ArrayList[String]()
+      val op5 = sessionRestApi.getTables(
+        sessionHandleStr,
+        new GetTablesRequest("spark_catalog", "default", "default", tableTypes))
+      assert(op5.getIdentifier != null)
+
+      // get table types
+      val op6 = sessionRestApi.getTableTypes(sessionHandleStr)
+      assert(op6.getIdentifier != null)
+
+      // get columns
+      val op7 = sessionRestApi.getColumns(
+        sessionHandleStr,
+        new GetColumnsRequest("spark_catalog", "default", "default", "default"))
+      assert(op7.getIdentifier != null)
+
+      // get function
+      val op8 = sessionRestApi.getFunctions(
+        sessionHandleStr,
+        new GetFunctionsRequest("default", "default", "default"))
+      assert(op8.getIdentifier != null)
+
+      // get primary keys
+      assertThrows[KyuubiRestException] {
+        sessionRestApi.getPrimaryKeys(
+          sessionHandleStr,
+          new GetPrimaryKeysRequest("spark_catalog", "default", "default"))
+      }
+
+      // get cross reference
+      val getCrossReferenceReq = new GetCrossReferenceRequest(
+        "spark_catalog",
+        "default",
+        "default",
+        "spark_catalog",
+        "default",
+        "default")
+      assertThrows[KyuubiRestException] {
+        sessionRestApi.getCrossReference(sessionHandleStr, getCrossReferenceReq)
+      }
+    }
+  }
+
+  def withSessionRestApi[T](f: SessionRestApi => T): T = {
     val basicKyuubiRestClient: KyuubiRestClient =
       KyuubiRestClient.builder(baseUri.toString)
         .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.BASIC)
@@ -39,12 +171,7 @@ class SessionRestApiSuite extends RestClientTestHelper {
         .password(ldapUserPasswd)
         .socketTimeout(30000)
         .build()
-
     val sessionRestApi = new SessionRestApi(basicKyuubiRestClient)
-    val sessions = sessionRestApi.listSessions().asScala
-    assert(sessions.size == 1)
-    assert(sessions(0).getUser == "admin")
-    assert(sessions(0).getIpAddr == "localhost")
-    assert(sessions(0).getConf.toString == "{testConfig=testValue}")
+    f(sessionRestApi)
   }
 }

From 27d05b6168f06c64cf62be93e4ec01fcad906e8c Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 30 Mar 2023 00:01:02 +0800
Subject: [PATCH 234/760] [KYUUBI #4628] Add Dependency management
 ISSUE_TEMPLATE

### _Why are the changes needed?_

Add Dependency management ISSUE_TEMPLATE as behaviors about upgrading artifacts are frequent

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4628 from yaooqinn/depy.

Closes #4628

595a2d3fd [Kent Yao] address commment
4f5106d2f [Kent Yao] Add Dependency Management Issue Template
0d3724a9e [Kent Yao] Add Dependency Management Issue Template
71d2a7908 [Kent Yao] Add Dependency Management Issue Template
c431fc1c4 [Kent Yao] Add Dependency Management Issue Template
da1e5e085 [Kent Yao] Add Dependency Management Issue Template
65c1545f1 [Kent Yao] Add Dependency Management Issue Template

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/ISSUE_TEMPLATE/dependency.yml | 110 ++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/dependency.yml

diff --git a/.github/ISSUE_TEMPLATE/dependency.yml b/.github/ISSUE_TEMPLATE/dependency.yml
new file mode 100644
index 000000000..8189f9930
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/dependency.yml
@@ -0,0 +1,110 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# See https://gh-community.github.io/issue-template-feedback/structured/
+
+name: Dependency
+title: ":arrow_up: Upgrade <artifact> from <current version> to <target version>"
+description: Keep upstream dependencies fresh and stable
+labels: [ "kind:build, priority:major, good first issue, help wanted" ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for finding the time to report the issue! We really appreciate the community's efforts to improve Kyuubi.
+
+        It doesn't really matter whether what you are reporting is a bug or not, just feel free to share the problem you have
+        encountered with the community. For best practices, if it is indeed a bug, please try your best to provide the reproducible
+        steps. If you want to ask questions or share ideas, please [subscribe to our mailing list](mailto:dev-subscribe@kyuubi.apache.org)
+        and send emails to [our mailing list](mailto:dev@kyuubi.apache.org), you can also head to our
+        [Discussions](https://github.com/apache/kyuubi/discussions) tab.
+
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: The Code of Conduct helps create a safe space for everyone. We require that everyone agrees to it.
+      options:
+        - label: >
+            I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: Search before asking
+      options:
+        - label: >
+            I have searched in the [issues](https://github.com/apache/kyuubi/issues?q=is%3Aissue) and found no similar
+            issues.
+          required: true
+
+  - type: dropdown
+    id: priority
+    attributes:
+      label: Why do we need to upgrade this artifact?
+      options:
+        - Common Vulnerabilities and Exposures (CVE)
+        - Bugfixes
+        - Usage of New Features
+        - Performance Improvements
+        - Regular Updates
+    validations:
+      required: true
+
+  - type: input
+    id: artifact
+    attributes:
+      label: Artifact Name
+      description: Which artifact shall be upgraded?
+      placeholder: e.g. spark-sql
+      value: https://mvnrepository.com/search?q=
+    validations:
+      required: true
+
+  - type: input
+    id: versions
+    attributes:
+      label: Target Version
+      description: Which version shall be upgraded?
+      placeholder: e.g. 1.2.1
+    validations:
+      required: true
+
+  - type: textarea
+    id: changes
+    attributes:
+      label: Notable Changes
+      description: Please provide notable changes, or release notes if any
+    validations:
+      required: false
+
+  - type: checkboxes
+    attributes:
+      label: Are you willing to submit PR?
+      description: >
+        A pull request is optional, but we are glad to help you in the contribution process
+        especially if you already know a good understanding of how to implement the fix.
+        Kyuubi is a community-driven project and we love to bring new contributors in.
+      options:
+        - label: Yes. I would be willing to submit a PR with guidance from the Kyuubi community to fix.
+        - label: No. I cannot submit a PR at this time.
+
+  - type: markdown
+    attributes:
+      label: Tips For PR Contributors
+      value: >
+        After changing the corresponding dependency version and before submitting your pull request,
+        it is necessary to execute `build/dependency.sh --replace` locally to update `dev/dependencyList`.

From 9ca00c8aa750c962213c3b27f583f238ef065005 Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Thu, 30 Mar 2023 13:04:51 +0800
Subject: [PATCH 235/760] [KYUUBI #4615] Support stage level schedule for final
 write stage

### _Why are the changes needed?_

Add a new rule `InjectCustomResourceProfile` to  support custom resource profile for final write stage.
It now supports executor configs:

```
executor core
executor memory
executor memory overhead
executor off heap memory
```

### _How was this patch tested?_

add test and manully test

<img width="778" alt="image" src="https://user-images.githubusercontent.com/12025282/226606147-82a29b8c-1a31-4842-97a7-fe702d80e190.png">

Closes #4615 from ulysses-you/resource-profile.

Closes #4615

852b207cd [ulysses-you] Support stage level schedule for final write stag

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/rules.md        |  49 ++++----
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |   4 +-
 .../{ => sql}/FinalStageResourceManager.scala |  28 +++--
 .../sql/InjectCustomResourceProfile.scala     |  60 ++++++++++
 .../execution/CustomResourceProfileExec.scala | 112 ++++++++++++++++++
 .../sql/InjectResourceProfileSuite.scala      |  79 ++++++++++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  40 +++++++
 .../sql/KyuubiSparkSQLExtensionTest.scala     |   2 +
 8 files changed, 338 insertions(+), 36 deletions(-)
 rename extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/{ => sql}/FinalStageResourceManager.scala (93%)
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala

diff --git a/docs/extensions/engines/spark/rules.md b/docs/extensions/engines/spark/rules.md
index f06ecf256..a4bda5d53 100644
--- a/docs/extensions/engines/spark/rules.md
+++ b/docs/extensions/engines/spark/rules.md
@@ -63,26 +63,31 @@ Now, you can enjoy the Kyuubi SQL Extension.
 
 Kyuubi provides some configs to make these feature easy to use.
 
-|                                Name                                 | Default Value |                                                                                                                                                                     Description                                                                                                                                                                      | Since |
-|---------------------------------------------------------------------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|
-| spark.sql.optimizer.insertRepartitionBeforeWrite.enabled            | true          | Add repartition node at the top of query plan. An approach of merging small files.                                                                                                                                                                                                                                                                   | 1.2.0 |
-| spark.sql.optimizer.insertRepartitionNum                            | none          | The partition number if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. If AQE is disabled, the default value is `spark.sql.shuffle.partitions`. If AQE is enabled, the default value is none that means depend on AQE.                                                                                                       | 1.2.0 |
-| spark.sql.optimizer.dynamicPartitionInsertionRepartitionNum         | 100           | The partition number of each dynamic partition if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. We will repartition by dynamic partition columns to reduce the small file but that can cause data skew. This config is to extend the partition of dynamic partition column to avoid skew but may generate some small files. | 1.2.0 |
-| spark.sql.optimizer.forceShuffleBeforeJoin.enabled                  | false         | Ensure shuffle node exists before shuffled join (shj and smj) to make AQE `OptimizeSkewedJoin` works (complex scenario join, multi table join).                                                                                                                                                                                                      | 1.2.0 |
-| spark.sql.optimizer.finalStageConfigIsolation.enabled               | false         | If true, the final stage support use different config with previous stage. The prefix of final stage config key should be `spark.sql.finalStage.`. For example, the raw spark config: `spark.sql.adaptive.advisoryPartitionSizeInBytes`, then the final stage config should be: `spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`.        | 1.2.0 |
-| spark.sql.analyzer.classification.enabled                           | false         | When true, allows Kyuubi engine to judge this SQL's classification and set `spark.sql.analyzer.classification` back into sessionConf. Through this configuration item, Spark can optimizing configuration dynamic.                                                                                                                                   | 1.4.0 |
-| spark.sql.optimizer.insertZorderBeforeWriting.enabled               | true          | When true, we will follow target table properties to insert zorder or not. The key properties are: 1) `kyuubi.zorder.enabled`: if this property is true, we will insert zorder before writing data. 2) `kyuubi.zorder.cols`: string split by comma, we will zorder by these cols.                                                                    | 1.4.0 |
-| spark.sql.optimizer.zorderGlobalSort.enabled                        | true          | When true, we do a global sort using zorder. Note that, it can cause data skew issue if the zorder columns have less cardinality. When false, we only do local sort using zorder.                                                                                                                                                                    | 1.4.0 |
-| spark.sql.watchdog.maxPartitions                                    | none          | Set the max partition number when spark scans a data source. Enable MaxPartitionStrategy by specifying this configuration. Add maxPartitions Strategy to avoid scan excessive partitions on partitioned table, it's optional that works with defined                                                                                                 | 1.4.0 |
-| spark.sql.optimizer.dropIgnoreNonExistent                           | false         | When true, do not report an error if DROP DATABASE/TABLE/VIEW/FUNCTION/PARTITION specifies a non-existent database/table/view/function/partition                                                                                                                                                                                                     | 1.5.0 |
-| spark.sql.optimizer.rebalanceBeforeZorder.enabled                   | false         | When true, we do a rebalance before zorder in case data skew. Note that, if the insertion is dynamic partition we will use the partition columns to rebalance. Note that, this config only affects with Spark 3.3.x.                                                                                                                                 | 1.6.0 |
-| spark.sql.optimizer.rebalanceZorderColumns.enabled                  | false         | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do rebalance before Z-Order. If it's dynamic partition insert, the rebalance expression will include both partition columns and Z-Order columns. Note that, this config only affects with Spark 3.3.x.                                                                 | 1.6.0 |
-| spark.sql.optimizer.twoPhaseRebalanceBeforeZorder.enabled           | false         | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do two phase rebalance before Z-Order for the dynamic partition write. The first phase rebalance using dynamic partition column; The second phase rebalance using dynamic partition column Z-Order columns. Note that, this config only affects with Spark 3.3.x.      | 1.6.0 |
-| spark.sql.optimizer.zorderUsingOriginalOrdering.enabled             | false         | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do sort by the original ordering i.e. lexicographical order. Note that, this config only affects with Spark 3.3.x.                                                                                                                                                     | 1.6.0 |
-| spark.sql.optimizer.inferRebalanceAndSortOrders.enabled             | false         | When ture, infer columns for rebalance and sort orders from original query, e.g. the join keys from join. It can avoid compression ratio regression.                                                                                                                                                                                                 | 1.7.0 |
-| spark.sql.optimizer.inferRebalanceAndSortOrdersMaxColumns           | 3             | The max columns of inferred columns.                                                                                                                                                                                                                                                                                                                 | 1.7.0 |
-| spark.sql.optimizer.insertRepartitionBeforeWriteIfNoShuffle.enabled | false         | When true, add repartition even if the original plan does not have shuffle.                                                                                                                                                                                                                                                                          | 1.7.0 |
-| spark.sql.optimizer.finalStageConfigIsolationWriteOnly.enabled      | true          | When true, only enable final stage isolation for writing.                                                                                                                                                                                                                                                                                            | 1.7.0 |
-| spark.sql.finalWriteStage.eagerlyKillExecutors.enabled              | false         | When true, eagerly kill redundant executors before running final write stage.                                                                                                                                                                                                                                                                        | 1.8.0 |
-| spark.sql.finalWriteStage.retainExecutorsFactor                     | 1.2           | If the target executors * factor < active executors, and target executors * factor > min executors, then inject kill executors or inject custom resource profile.                                                                                                                                                                                    | 1.8.0 |
+|                                Name                                 |             Default Value              |                                                                                                                                                                     Description                                                                                                                                                                      | Since |
+|---------------------------------------------------------------------|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|
+| spark.sql.optimizer.insertRepartitionBeforeWrite.enabled            | true                                   | Add repartition node at the top of query plan. An approach of merging small files.                                                                                                                                                                                                                                                                   | 1.2.0 |
+| spark.sql.optimizer.insertRepartitionNum                            | none                                   | The partition number if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. If AQE is disabled, the default value is `spark.sql.shuffle.partitions`. If AQE is enabled, the default value is none that means depend on AQE.                                                                                                       | 1.2.0 |
+| spark.sql.optimizer.dynamicPartitionInsertionRepartitionNum         | 100                                    | The partition number of each dynamic partition if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. We will repartition by dynamic partition columns to reduce the small file but that can cause data skew. This config is to extend the partition of dynamic partition column to avoid skew but may generate some small files. | 1.2.0 |
+| spark.sql.optimizer.forceShuffleBeforeJoin.enabled                  | false                                  | Ensure shuffle node exists before shuffled join (shj and smj) to make AQE `OptimizeSkewedJoin` works (complex scenario join, multi table join).                                                                                                                                                                                                      | 1.2.0 |
+| spark.sql.optimizer.finalStageConfigIsolation.enabled               | false                                  | If true, the final stage support use different config with previous stage. The prefix of final stage config key should be `spark.sql.finalStage.`. For example, the raw spark config: `spark.sql.adaptive.advisoryPartitionSizeInBytes`, then the final stage config should be: `spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`.        | 1.2.0 |
+| spark.sql.analyzer.classification.enabled                           | false                                  | When true, allows Kyuubi engine to judge this SQL's classification and set `spark.sql.analyzer.classification` back into sessionConf. Through this configuration item, Spark can optimizing configuration dynamic.                                                                                                                                   | 1.4.0 |
+| spark.sql.optimizer.insertZorderBeforeWriting.enabled               | true                                   | When true, we will follow target table properties to insert zorder or not. The key properties are: 1) `kyuubi.zorder.enabled`: if this property is true, we will insert zorder before writing data. 2) `kyuubi.zorder.cols`: string split by comma, we will zorder by these cols.                                                                    | 1.4.0 |
+| spark.sql.optimizer.zorderGlobalSort.enabled                        | true                                   | When true, we do a global sort using zorder. Note that, it can cause data skew issue if the zorder columns have less cardinality. When false, we only do local sort using zorder.                                                                                                                                                                    | 1.4.0 |
+| spark.sql.watchdog.maxPartitions                                    | none                                   | Set the max partition number when spark scans a data source. Enable MaxPartitionStrategy by specifying this configuration. Add maxPartitions Strategy to avoid scan excessive partitions on partitioned table, it's optional that works with defined                                                                                                 | 1.4.0 |
+| spark.sql.optimizer.dropIgnoreNonExistent                           | false                                  | When true, do not report an error if DROP DATABASE/TABLE/VIEW/FUNCTION/PARTITION specifies a non-existent database/table/view/function/partition                                                                                                                                                                                                     | 1.5.0 |
+| spark.sql.optimizer.rebalanceBeforeZorder.enabled                   | false                                  | When true, we do a rebalance before zorder in case data skew. Note that, if the insertion is dynamic partition we will use the partition columns to rebalance. Note that, this config only affects with Spark 3.3.x.                                                                                                                                 | 1.6.0 |
+| spark.sql.optimizer.rebalanceZorderColumns.enabled                  | false                                  | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do rebalance before Z-Order. If it's dynamic partition insert, the rebalance expression will include both partition columns and Z-Order columns. Note that, this config only affects with Spark 3.3.x.                                                                 | 1.6.0 |
+| spark.sql.optimizer.twoPhaseRebalanceBeforeZorder.enabled           | false                                  | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do two phase rebalance before Z-Order for the dynamic partition write. The first phase rebalance using dynamic partition column; The second phase rebalance using dynamic partition column Z-Order columns. Note that, this config only affects with Spark 3.3.x.      | 1.6.0 |
+| spark.sql.optimizer.zorderUsingOriginalOrdering.enabled             | false                                  | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do sort by the original ordering i.e. lexicographical order. Note that, this config only affects with Spark 3.3.x.                                                                                                                                                     | 1.6.0 |
+| spark.sql.optimizer.inferRebalanceAndSortOrders.enabled             | false                                  | When ture, infer columns for rebalance and sort orders from original query, e.g. the join keys from join. It can avoid compression ratio regression.                                                                                                                                                                                                 | 1.7.0 |
+| spark.sql.optimizer.inferRebalanceAndSortOrdersMaxColumns           | 3                                      | The max columns of inferred columns.                                                                                                                                                                                                                                                                                                                 | 1.7.0 |
+| spark.sql.optimizer.insertRepartitionBeforeWriteIfNoShuffle.enabled | false                                  | When true, add repartition even if the original plan does not have shuffle.                                                                                                                                                                                                                                                                          | 1.7.0 |
+| spark.sql.optimizer.finalStageConfigIsolationWriteOnly.enabled      | true                                   | When true, only enable final stage isolation for writing.                                                                                                                                                                                                                                                                                            | 1.7.0 |
+| spark.sql.finalWriteStage.eagerlyKillExecutors.enabled              | false                                  | When true, eagerly kill redundant executors before running final write stage.                                                                                                                                                                                                                                                                        | 1.8.0 |
+| spark.sql.finalWriteStage.retainExecutorsFactor                     | 1.2                                    | If the target executors * factor < active executors, and target executors * factor > min executors, then inject kill executors or inject custom resource profile.                                                                                                                                                                                    | 1.8.0 |
+| spark.sql.finalWriteStage.resourceIsolation.enabled                 | false                                  | When true, make final write stage resource isolation using custom RDD resource profile.                                                                                                                                                                                                                                                              | 1.2.0 |
+| spark.sql.finalWriteStageExecutorCores                              | fallback spark.executor.cores          | Specify the executor core request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                             | 1.8.0 |
+| spark.sql.finalWriteStageExecutorMemory                             | fallback spark.executor.memory         | Specify the executor on heap memory request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                   | 1.8.0 |
+| spark.sql.finalWriteStageExecutorMemoryOverhead                     | fallback spark.executor.memoryOverhead | Specify the executor memory overhead request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                  | 1.8.0 |
+| spark.sql.finalWriteStageExecutorOffHeapMemory                      | NONE                                   | Specify the executor off heap memory request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                  | 1.8.0 |
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index 0d034c26c..0db9b3ab8 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -17,8 +17,7 @@
 
 package org.apache.kyuubi.sql
 
-import org.apache.spark.FinalStageResourceManager
-import org.apache.spark.sql.SparkSessionExtensions
+import org.apache.spark.sql.{FinalStageResourceManager, InjectCustomResourceProfile, SparkSessionExtensions}
 
 import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxPartitionStrategy}
 
@@ -42,5 +41,6 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
     extensions.injectPlannerStrategy(MaxPartitionStrategy)
 
     extensions.injectQueryStagePrepRule(FinalStageResourceManager)
+    extensions.injectQueryStagePrepRule(InjectCustomResourceProfile)
   }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
similarity index 93%
rename from extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala
rename to extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index 8eae5d0e2..f568f9df8 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -15,14 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.spark
+package org.apache.spark.sql
 
 import scala.annotation.tailrec
 import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 
+import org.apache.spark.{ExecutorAllocationClient, MapOutputTrackerMaster, SparkContext, SparkEnv}
 import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
-import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
 import org.apache.spark.sql.execution.adaptive._
@@ -37,7 +37,8 @@ import org.apache.kyuubi.sql.{KyuubiSQLConf, MarkNumOutputColumnsRule}
  * It provide a feature:
  * 1. Kill redundant executors before running final write stage
  */
-case class FinalStageResourceManager(session: SparkSession) extends Rule[SparkPlan] {
+case class FinalStageResourceManager(session: SparkSession)
+  extends Rule[SparkPlan] with FinalRebalanceStageHelper {
   override def apply(plan: SparkPlan): SparkPlan = {
     if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED)) {
       return plan
@@ -77,12 +78,13 @@ case class FinalStageResourceManager(session: SparkSession) extends Rule[SparkPl
       case AQEShuffleReadExec(stage: ShuffleQueryStageExec, partitionSpecs) =>
         // The condition whether inject custom resource profile:
         // - target executors < active executors
-        // - target executors > min executors
+        // - active executors - target executors > min executors
         val numActiveExecutors = sc.getExecutorIds().length
         val targetCores = partitionSpecs.length
         val targetExecutors = (math.ceil(targetCores.toFloat / coresPerExecutor) * factor).toInt
           .max(1)
-        val hasBenefits = targetExecutors < numActiveExecutors && targetExecutors > minExecutors
+        val hasBenefits = targetExecutors < numActiveExecutors &&
+          (numActiveExecutors - targetExecutors) > minExecutors
         if (hasBenefits) {
           val shuffleId = stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleDependency.shuffleId
           val numReduce = stage.plan.asInstanceOf[ShuffleExchangeExec].numPartitions
@@ -171,7 +173,7 @@ case class FinalStageResourceManager(session: SparkSession) extends Rule[SparkPl
     logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
       s"[${executorsToKill.mkString(", ")}].")
 
-    // Note, `SparkContext#killExecutors` does not allow with ARD enabled,
+    // Note, `SparkContext#killExecutors` does not allow with DRA enabled,
     // see `https://github.com/apache/spark/pull/20604`.
     // It may cause the status in `ExecutorAllocationManager` inconsistent with
     // `CoarseGrainedSchedulerBackend` for a while. But it should be synchronous finally.
@@ -182,8 +184,15 @@ case class FinalStageResourceManager(session: SparkSession) extends Rule[SparkPl
       force = false)
   }
 
+  @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
+    OptimizeSkewInRebalancePartitions,
+    CoalesceShufflePartitions(session),
+    OptimizeShuffleWithLocalRead)
+}
+
+trait FinalRebalanceStageHelper {
   @tailrec
-  private def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
+  final protected def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
     plan match {
       case p: ProjectExec => findFinalRebalanceStage(p.child)
       case f: FilterExec => findFinalRebalanceStage(f.child)
@@ -196,9 +205,4 @@ case class FinalStageResourceManager(session: SparkSession) extends Rule[SparkPl
       case _ => None
     }
   }
-
-  @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
-    OptimizeSkewInRebalancePartitions,
-    CoalesceShufflePartitions(session),
-    OptimizeShuffleWithLocalRead)
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
new file mode 100644
index 000000000..30c042b2a
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{CustomResourceProfileExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive._
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, MarkNumOutputColumnsRule}
+
+/**
+ * Inject custom resource profile for final write stage, so we can specify custom
+ * executor resource configs.
+ */
+case class InjectCustomResourceProfile(session: SparkSession)
+  extends Rule[SparkPlan] with FinalRebalanceStageHelper {
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED)) {
+      return plan
+    }
+
+    if (!MarkNumOutputColumnsRule.isWrite(session, plan)) {
+      return plan
+    }
+
+    val stage = findFinalRebalanceStage(plan)
+    if (stage.isEmpty) {
+      return plan
+    }
+
+    // TODO: Ideally, We can call `CoarseGrainedSchedulerBackend.requestTotalExecutors` eagerly
+    //   to reduce the task submit pending time, but it may lose task locality.
+    //
+    // By default, it would request executors when catch stage submit event.
+    injectCustomResourceProfile(plan, stage.get.id)
+  }
+
+  private def injectCustomResourceProfile(plan: SparkPlan, id: Int): SparkPlan = {
+    plan match {
+      case stage: ShuffleQueryStageExec if stage.id == id =>
+        CustomResourceProfileExec(stage)
+      case _ => plan.mapChildren(child => injectCustomResourceProfile(child, id))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
new file mode 100644
index 000000000..3698140fb
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.execution
+
+import org.apache.spark.network.util.{ByteUnit, JavaUtils}
+import org.apache.spark.rdd.RDD
+import org.apache.spark.resource.{ExecutorResourceRequests, ResourceProfileBuilder}
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.expressions.{Attribute, SortOrder}
+import org.apache.spark.sql.catalyst.plans.physical.Partitioning
+import org.apache.spark.sql.execution.metric.{SQLMetric, SQLMetrics}
+import org.apache.spark.sql.vectorized.ColumnarBatch
+import org.apache.spark.util.Utils
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * This node wraps the final executed plan and inject custom resource profile to the RDD.
+ * It assumes that, the produced RDD would create the `ResultStage` in `DAGScheduler`,
+ * so it makes resource isolation between previous and final stage.
+ *
+ * Note that, Spark does not support config `minExecutors` for each resource profile.
+ * Which means, it would retain `minExecutors` for each resource profile.
+ * So, suggest set `spark.dynamicAllocation.minExecutors` to 0 if enable this feature.
+ */
+case class CustomResourceProfileExec(child: SparkPlan) extends UnaryExecNode {
+  override def output: Seq[Attribute] = child.output
+  override def outputPartitioning: Partitioning = child.outputPartitioning
+  override def outputOrdering: Seq[SortOrder] = child.outputOrdering
+  override def supportsColumnar: Boolean = child.supportsColumnar
+  override def supportsRowBased: Boolean = child.supportsRowBased
+  override protected def doCanonicalize(): SparkPlan = child.canonicalized
+
+  private val executorCores = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_CORES).getOrElse(
+    sparkContext.getConf.getInt("spark.executor.cores", 1))
+  private val executorMemory = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_MEMORY).getOrElse(
+    sparkContext.getConf.get("spark.executor.memory", "2G"))
+  private val executorMemoryOverhead =
+    conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_MEMORY_OVERHEAD)
+      .getOrElse(sparkContext.getConf.get("spark.executor.memoryOverhead", "1G"))
+  private val executorOffHeapMemory = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_OFF_HEAP_MEMORY)
+
+  override lazy val metrics: Map[String, SQLMetric] = {
+    val base = Map(
+      "executorCores" -> SQLMetrics.createMetric(sparkContext, "executor cores"),
+      "executorMemory" -> SQLMetrics.createMetric(sparkContext, "executor memory (MiB)"),
+      "executorMemoryOverhead" -> SQLMetrics.createMetric(
+        sparkContext,
+        "executor memory overhead (MiB)"))
+    val addition = executorOffHeapMemory.map(_ =>
+      "executorOffHeapMemory" ->
+        SQLMetrics.createMetric(sparkContext, "executor off heap memory (MiB)")).toMap
+    base ++ addition
+  }
+
+  private def wrapResourceProfile[T](rdd: RDD[T]): RDD[T] = {
+    if (Utils.isTesting) {
+      // do nothing for local testing
+      return rdd
+    }
+
+    metrics("executorCores") += executorCores
+    metrics("executorMemory") += JavaUtils.byteStringAs(executorMemory, ByteUnit.MiB)
+    metrics("executorMemoryOverhead") += JavaUtils.byteStringAs(
+      executorMemoryOverhead,
+      ByteUnit.MiB)
+    executorOffHeapMemory.foreach(m =>
+      metrics("executorOffHeapMemory") += JavaUtils.byteStringAs(m, ByteUnit.MiB))
+
+    val executionId = sparkContext.getLocalProperty(SQLExecution.EXECUTION_ID_KEY)
+    SQLMetrics.postDriverMetricUpdates(sparkContext, executionId, metrics.values.toSeq)
+
+    val resourceProfileBuilder = new ResourceProfileBuilder()
+    val executorResourceRequests = new ExecutorResourceRequests()
+    executorResourceRequests.cores(executorCores)
+    executorResourceRequests.memory(executorMemory)
+    executorResourceRequests.memoryOverhead(executorMemoryOverhead)
+    executorOffHeapMemory.foreach(executorResourceRequests.offHeapMemory)
+    resourceProfileBuilder.require(executorResourceRequests)
+    rdd.withResources(resourceProfileBuilder.build())
+    rdd
+  }
+
+  override protected def doExecute(): RDD[InternalRow] = {
+    val rdd = child.execute()
+    wrapResourceProfile(rdd)
+  }
+
+  override protected def doExecuteColumnar(): RDD[ColumnarBatch] = {
+    val rdd = child.executeColumnar()
+    wrapResourceProfile(rdd)
+  }
+
+  override protected def withNewChildInternal(newChild: SparkPlan): SparkPlan = {
+    this.copy(child = newChild)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
new file mode 100644
index 000000000..b0767b187
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.scheduler.{SparkListener, SparkListenerEvent}
+import org.apache.spark.sql.execution.ui.SparkListenerSQLAdaptiveExecutionUpdate
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class InjectResourceProfileSuite extends KyuubiSparkSQLExtensionTest {
+  private def checkCustomResourceProfile(sqlString: String, exists: Boolean): Unit = {
+    @volatile var lastEvent: SparkListenerSQLAdaptiveExecutionUpdate = null
+    val listener = new SparkListener {
+      override def onOtherEvent(event: SparkListenerEvent): Unit = {
+        event match {
+          case e: SparkListenerSQLAdaptiveExecutionUpdate => lastEvent = e
+          case _ =>
+        }
+      }
+    }
+
+    spark.sparkContext.addSparkListener(listener)
+    try {
+      sql(sqlString).collect()
+      spark.sparkContext.listenerBus.waitUntilEmpty()
+      assert(lastEvent != null)
+      var current = lastEvent.sparkPlanInfo
+      var shouldStop = false
+      while (!shouldStop) {
+        if (current.nodeName != "CustomResourceProfile") {
+          if (current.children.isEmpty) {
+            assert(!exists)
+            shouldStop = true
+          } else {
+            current = current.children.head
+          }
+        } else {
+          assert(exists)
+          shouldStop = true
+        }
+      }
+    } finally {
+      spark.sparkContext.removeSparkListener(listener)
+    }
+  }
+
+  test("Inject resource profile") {
+    withTable("t") {
+      withSQLConf(
+        "spark.sql.adaptive.forceApply" -> "true",
+        KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+        KyuubiSQLConf.FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED.key -> "true") {
+
+        sql("CREATE TABLE t (c1 int, c2 string) USING PARQUET")
+
+        checkCustomResourceProfile("INSERT INTO TABLE t VALUES(1, 'a')", false)
+        checkCustomResourceProfile("SELECT 1", false)
+        checkCustomResourceProfile(
+          "INSERT INTO TABLE t SELECT /*+ rebalance */ * FROM VALUES(1, 'a')",
+          true)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index 15634ee35..4df924b51 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -206,4 +206,44 @@ object KyuubiSQLConf {
       .doubleConf
       .checkValue(_ >= 1, "must be bigger than or equal to 1")
       .createWithDefault(1.2)
+
+  val FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED =
+    buildConf("spark.sql.finalWriteStage.resourceIsolation.enabled")
+      .doc(
+        "When true, make final write stage resource isolation using custom RDD resource profile.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_EXECUTOR_CORES =
+    buildConf("spark.sql.finalWriteStage.executorCores")
+      .doc("Specify the executor core request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .intConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_MEMORY =
+    buildConf("spark.sql.finalWriteStage.executorMemory")
+      .doc("Specify the executor on heap memory request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_MEMORY_OVERHEAD =
+    buildConf("spark.sql.finalWriteStage.executorMemoryOverhead")
+      .doc("Specify the executor memory overhead request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_OFF_HEAP_MEMORY =
+    buildConf("spark.sql.finalWriteStage.executorOffHeapMemory")
+      .doc("Specify the executor off heap memory request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
 }
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
index fd81948c6..e58ac726c 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
@@ -29,6 +29,8 @@ import org.apache.kyuubi.sql.KyuubiSQLConf
 trait KyuubiSparkSQLExtensionTest extends QueryTest
   with SQLTestUtils
   with AdaptiveSparkPlanHelper {
+  sys.props.put("spark.testing", "1")
+
   private var _spark: Option[SparkSession] = None
   protected def spark: SparkSession = _spark.getOrElse {
     throw new RuntimeException("test spark session don't initial before using it.")

From 97aedf50488b86187fb14ae92c3d380ddc2c3749 Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Thu, 30 Mar 2023 15:39:44 +0800
Subject: [PATCH 236/760] [KYUUBI #4636] Improve eagerly kill redundant
 executors

### _Why are the changes needed?_

This pr improves the behavoir of kill redundant executors.
1. support kill executors even if AQE can not optimize shuffle read. e.g., people call `.repartition(2)`
2. fix a issue that avoid always kill executors which holds shuffle data

### _How was this patch tested?_
test manually

Closes #4636 from ulysses-you/kill-executors.

Closes #4636

19ac808d3 [ulysses-you] Improve eagerly kill redundant executors

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../spark/sql/FinalStageResourceManager.scala | 59 ++++++++++---------
 1 file changed, 31 insertions(+), 28 deletions(-)

diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index f568f9df8..2bf7ae6b7 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -64,41 +64,45 @@ case class FinalStageResourceManager(session: SparkSession)
       return plan
     }
 
-    val stage = findFinalRebalanceStage(plan)
-    if (stage.isEmpty) {
+    val stageOpt = findFinalRebalanceStage(plan)
+    if (stageOpt.isEmpty) {
       return plan
     }
 
     // Since we are in `prepareQueryStage`, the AQE shuffle read has not been applied.
     // So we need to apply it by self.
-    val shuffleRead = queryStageOptimizerRules.foldLeft(stage.get.asInstanceOf[SparkPlan]) {
+    val shuffleRead = queryStageOptimizerRules.foldLeft(stageOpt.get.asInstanceOf[SparkPlan]) {
       case (latest, rule) => rule.apply(latest)
     }
-    shuffleRead match {
+    val (targetCores, stage) = shuffleRead match {
       case AQEShuffleReadExec(stage: ShuffleQueryStageExec, partitionSpecs) =>
-        // The condition whether inject custom resource profile:
-        // - target executors < active executors
-        // - active executors - target executors > min executors
-        val numActiveExecutors = sc.getExecutorIds().length
-        val targetCores = partitionSpecs.length
-        val targetExecutors = (math.ceil(targetCores.toFloat / coresPerExecutor) * factor).toInt
-          .max(1)
-        val hasBenefits = targetExecutors < numActiveExecutors &&
-          (numActiveExecutors - targetExecutors) > minExecutors
-        if (hasBenefits) {
-          val shuffleId = stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleDependency.shuffleId
-          val numReduce = stage.plan.asInstanceOf[ShuffleExchangeExec].numPartitions
-          // Now, there is only a final rebalance stage waiting to execute and all tasks of previous
-          // stage are finished. Kill redundant existed executors eagerly so the tasks of final
-          // stage can be centralized scheduled.
-          killExecutors(sc, targetExecutors, shuffleId, numReduce)
-        } else {
-          logInfo(s"Has no benefits to kill executors or inject custom resource profile, " +
-            s"active executors: $numActiveExecutors, min executor: $minExecutors, " +
-            s"target executors: $targetExecutors.")
-        }
-
+        (partitionSpecs.length, stage)
+      case stage: ShuffleQueryStageExec =>
+        // we can still kill executors if no AQE shuffle read, e.g., `.repartition(2)`
+        (stage.shuffle.numPartitions, stage)
       case _ =>
+        // it should never happen in current Spark, but to be safe do nothing if happens
+        logWarning("BUG, Please report to Apache Kyuubi community")
+        return plan
+    }
+    // The condition whether inject custom resource profile:
+    // - target executors < active executors
+    // - active executors - target executors > min executors
+    val numActiveExecutors = sc.getExecutorIds().length
+    val targetExecutors = (math.ceil(targetCores.toFloat / coresPerExecutor) * factor).toInt
+      .max(1)
+    val hasBenefits = targetExecutors < numActiveExecutors &&
+      (numActiveExecutors - targetExecutors) > minExecutors
+    logInfo(s"The snapshot of current executors view, " +
+      s"active executors: $numActiveExecutors, min executor: $minExecutors, " +
+      s"target executors: $targetExecutors, has benefits: $hasBenefits")
+    if (hasBenefits) {
+      val shuffleId = stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleDependency.shuffleId
+      val numReduce = stage.plan.asInstanceOf[ShuffleExchangeExec].numPartitions
+      // Now, there is only a final rebalance stage waiting to execute and all tasks of previous
+      // stage are finished. Kill redundant existed executors eagerly so the tasks of final
+      // stage can be centralized scheduled.
+      killExecutors(sc, targetExecutors, shuffleId, numReduce)
     }
 
     plan
@@ -144,9 +148,8 @@ case class FinalStageResourceManager(session: SparkSession)
     // shuffle status.
     // We should evict executors by their alive time first and retain all of executors which
     // have better locality for shuffle block.
-    val numExecutorToKillWithNoShuffle = expectedNumExecutorToKill - executorToBlockSize.size
     executorsWithRegistrationTs.toSeq.sortBy(_._2).foreach { case (id, _) =>
-      if (executorIdsToKill.length < numExecutorToKillWithNoShuffle &&
+      if (executorIdsToKill.length < expectedNumExecutorToKill &&
         !executorToBlockSize.contains(id)) {
         executorIdsToKill.append(id)
       }

From 0fdf145e29816a4feb8f5dfdcce90afeb6b2474a Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 30 Mar 2023 19:13:49 +0800
Subject: [PATCH 237/760] [KYUUBI #4639] Support to specify confOverlay when
 executing statement with RESTful API

### _Why are the changes needed?_

As title.

With this pr, customer can execute SCALA code with `confOverlay`.
```
kyuubi.operation.language=SCALA
```
execute PYTHON code with
```
kyuubi.operation.language=PYTHON
```
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4639 from turboFei/init_scala.

Closes #4639

cdf828f9a [fwang12] add ut
f4f2bc883 [fwang12] doc
2fe8a1659 [fwang12] save
f840cb4d9 [fwang12] conf overlay
eb49537ea [fwang12] conf overlay

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/client/rest/rest_api.md                  | 11 +++++-----
 docs/deployment/migration-guide.md            |  1 +
 .../client/api/v1/dto/StatementRequest.java   | 20 +++++++++++++++++++
 .../server/api/v1/SessionsResource.scala      |  2 +-
 .../server/api/v1/SessionsResourceSuite.scala | 16 +++++++++++++--
 5 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index a531b9c78..fbff59f05 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -110,11 +110,12 @@ Create an operation with EXECUTE_STATEMENT type
 
 #### Request Body
 
-| Name         | Description                                                    | Type    |
-|:-------------|:---------------------------------------------------------------|:--------|
-| statement    | The SQL statement that you execute                             | String  |
-| runAsync     | The flag indicates whether the query runs synchronously or not | Boolean |
-| queryTimeout | The interval of query time out                                 | Long    |
+| Name         | Description                                                    | Type           |
+|:-------------|:---------------------------------------------------------------|:---------------|
+| statement    | The SQL statement that you execute                             | String         |
+| runAsync     | The flag indicates whether the query runs synchronously or not | Boolean        |
+| queryTimeout | The interval of query time out                                 | Long           |
+| confOverlay  | The conf to overlay only for current operation                 | Map of key=val |
 
 #### Response Body
 
diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index 2ebf16ac4..fc916048c 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -20,6 +20,7 @@
 ## Upgrading from Kyuubi 1.7.0 to 1.7.1
 
 * Since Kyuubi 1.7.1, `protocolVersion` is removed from the request parameters of the REST API `Open(create) a session`. All removed or unknown parameters will be silently ignored and affects nothing.
+* Since Kyuubi 1.7.1, `confOverlay` is supported in the request parameters of the REST API `Create an operation with EXECUTE_STATEMENT type`.
 
 ## Upgrading from Kyuubi 1.6 to 1.7
 
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/StatementRequest.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/StatementRequest.java
index 436017f3c..f2dc060d5 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/StatementRequest.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/StatementRequest.java
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.client.api.v1.dto;
 
+import java.util.Collections;
+import java.util.Map;
 import java.util.Objects;
 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@@ -25,13 +27,20 @@ public class StatementRequest {
   private String statement;
   private boolean runAsync;
   private Long queryTimeout;
+  private Map<String, String> confOverlay;
 
   public StatementRequest() {}
 
   public StatementRequest(String statement, boolean runAsync, Long queryTimeout) {
+    this(statement, runAsync, queryTimeout, Collections.emptyMap());
+  }
+
+  public StatementRequest(
+      String statement, boolean runAsync, Long queryTimeout, Map<String, String> confOverlay) {
     this.statement = statement;
     this.runAsync = runAsync;
     this.queryTimeout = queryTimeout;
+    this.confOverlay = confOverlay;
   }
 
   public String getStatement() {
@@ -58,6 +67,17 @@ public void setQueryTimeout(Long queryTimeout) {
     this.queryTimeout = queryTimeout;
   }
 
+  public Map<String, String> getConfOverlay() {
+    if (confOverlay == null) {
+      return Collections.emptyMap();
+    }
+    return confOverlay;
+  }
+
+  public void setConfOverlay(Map<String, String> confOverlay) {
+    this.confOverlay = confOverlay;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index d55ff9449..81d1a2709 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -191,7 +191,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
       fe.be.executeStatement(
         sessionHandleStr,
         request.getStatement,
-        Map.empty,
+        request.getConfOverlay.asScala.toMap,
         request.isRunAsync,
         request.getQueryTimeout)
     } catch {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
index 8e86b7458..07a711de6 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.server.api.v1
 
 import java.nio.charset.StandardCharsets
 import java.util
-import java.util.Base64
+import java.util.{Base64, Collections}
 import javax.ws.rs.client.Entity
 import javax.ws.rs.core.{GenericType, MediaType, Response}
 
@@ -192,7 +192,7 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
     val pathPrefix = s"api/v1/sessions/$sessionHandle"
 
-    val statementReq = new StatementRequest("show tables", true, 3000)
+    var statementReq = new StatementRequest("show tables", true, 3000)
     response = webTarget
       .path(s"$pathPrefix/operations/statement").request(MediaType.APPLICATION_JSON_TYPE)
       .post(Entity.entity(statementReq, MediaType.APPLICATION_JSON_TYPE))
@@ -200,6 +200,18 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     var operationHandle = response.readEntity(classOf[OperationHandle])
     assert(operationHandle !== null)
 
+    statementReq = new StatementRequest(
+      "spark.sql(\"show tables\")",
+      true,
+      3000,
+      Collections.singletonMap(KyuubiConf.OPERATION_LANGUAGE.key, "SCALA"))
+    response = webTarget
+      .path(s"$pathPrefix/operations/statement").request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(statementReq, MediaType.APPLICATION_JSON_TYPE))
+    assert(200 == response.getStatus)
+    operationHandle = response.readEntity(classOf[OperationHandle])
+    assert(operationHandle !== null)
+
     response = webTarget.path(s"$pathPrefix/operations/typeInfo").request()
       .post(Entity.entity(null, MediaType.APPLICATION_JSON_TYPE))
     assert(200 == response.getStatus)

From e7a5d2014ecbca67f4b4a46cb51b29ef8a3b28a6 Mon Sep 17 00:00:00 2001
From: Ruguo Yu <jiang7chengzitc@163.com>
Date: Thu, 30 Mar 2023 19:38:44 +0800
Subject: [PATCH 238/760] [KYUUBI #4635] Support flink time type in query
 operation

Followup #1704, support flink `time` type in query operation

- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4635 from yuruguo/support-flink-time-type.

Closes #4635

9f9a3e72d [Ruguo Yu] [Kyuubi #1704] Support flink time type in query operation

Authored-by: Ruguo Yu <jiang7chengzitc@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/flink/operation/ExecuteStatement.scala  |  5 ++++-
 .../apache/kyuubi/engine/flink/schema/RowSet.scala |  1 +
 .../flink/operation/FlinkOperationSuite.scala      | 14 ++++++++++++++
 .../scala/org/apache/kyuubi/util/RowSetUtils.scala | 12 +++++++++++-
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index db7876b6c..0438b98d1 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
-import java.time.LocalDate
+import java.time.{LocalDate, LocalTime}
 import java.util
 
 import scala.collection.JavaConverters._
@@ -190,6 +190,9 @@ class ExecuteStatement(
         case _: DateType =>
           val date = RowSetUtils.formatLocalDate(LocalDate.ofEpochDay(r.getInt(i)))
           row.setField(i, date)
+        case _: TimeType =>
+          val time = RowSetUtils.formatLocalTime(LocalTime.ofNanoOfDay(r.getLong(i) * 1000 * 1000))
+          row.setField(i, time)
         case t: TimestampType =>
           val ts = RowSetUtils
             .formatLocalDateTime(r.getTimestamp(i, t.getPrecision)
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
index 2b3ae50b7..ad83f9c2b 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
@@ -307,6 +307,7 @@ object RowSet {
     case _: MapType => TTypeId.MAP_TYPE
     case _: RowType => TTypeId.STRUCT_TYPE
     case _: BinaryType => TTypeId.BINARY_TYPE
+    case _: TimeType => TTypeId.STRING_TYPE
     case t @ (_: ZonedTimestampType | _: LocalZonedTimestampType | _: MultisetType |
         _: YearMonthIntervalType | _: DayTimeIntervalType) =>
       throw new IllegalArgumentException(
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index a38476f4d..5026fd411 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -755,6 +755,20 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
     }
   }
 
+  test("execute statement - select time") {
+    withJdbcStatement() { statement =>
+      val resultSet =
+        statement.executeQuery(
+          "select time '00:00:03', time '00:00:05.123456789'")
+      val metaData = resultSet.getMetaData
+      assert(metaData.getColumnType(1) === java.sql.Types.VARCHAR)
+      assert(metaData.getColumnType(2) === java.sql.Types.VARCHAR)
+      assert(resultSet.next())
+      assert(resultSet.getString(1) == "00:00:03")
+      assert(resultSet.getString(2) == "00:00:05.123")
+    }
+  }
+
   test("execute statement - select array") {
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("select array ['v1', 'v2', 'v3']")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala
index fca79c0f2..f320fd902 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/RowSetUtils.scala
@@ -18,7 +18,7 @@
 package org.apache.kyuubi.util
 
 import java.nio.ByteBuffer
-import java.time.{Instant, LocalDate, LocalDateTime, ZoneId}
+import java.time.{Instant, LocalDate, LocalDateTime, LocalTime, ZoneId}
 import java.time.chrono.IsoChronology
 import java.time.format.DateTimeFormatterBuilder
 import java.time.temporal.ChronoField
@@ -41,6 +41,12 @@ private[kyuubi] object RowSetUtils {
 
   private lazy val legacyDateFormatter = FastDateFormat.getInstance("yyyy-MM-dd", Locale.US)
 
+  private lazy val timeFormatter = createDateTimeFormatterBuilder()
+    .appendPattern("HH:mm:ss")
+    .appendFraction(ChronoField.NANO_OF_SECOND, 0, 9, true)
+    .toFormatter(Locale.US)
+    .withChronology(IsoChronology.INSTANCE)
+
   private lazy val timestampFormatter = createDateTimeFormatterBuilder()
     .appendPattern("yyyy-MM-dd HH:mm:ss")
     .appendFraction(ChronoField.NANO_OF_SECOND, 0, 9, true)
@@ -59,6 +65,10 @@ private[kyuubi] object RowSetUtils {
     dateFormatter.format(ld)
   }
 
+  def formatLocalTime(lt: LocalTime): String = {
+    timeFormatter.format(lt)
+  }
+
   def formatLocalDateTime(ldt: LocalDateTime): String = {
     timestampFormatter.format(ldt)
   }

From 2b5db300971d14912e9caa19b760c14bf033d003 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 30 Mar 2023 19:45:56 +0800
Subject: [PATCH 239/760] [KYUUBI #4638] Update dependency.yml as label in not
 permitted in markdown block

### _Why are the changes needed?_

bugfix for issue template

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4638 from yaooqinn/yaooqinn-patch-1.

Closes #4638

a4f5f569b [Kent Yao] Update dependency.yml as label in not permitted in markdown block

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/ISSUE_TEMPLATE/dependency.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/dependency.yml b/.github/ISSUE_TEMPLATE/dependency.yml
index 8189f9930..e71c7d1c6 100644
--- a/.github/ISSUE_TEMPLATE/dependency.yml
+++ b/.github/ISSUE_TEMPLATE/dependency.yml
@@ -104,7 +104,6 @@ body:
 
   - type: markdown
     attributes:
-      label: Tips For PR Contributors
       value: >
         After changing the corresponding dependency version and before submitting your pull request,
         it is necessary to execute `build/dependency.sh --replace` locally to update `dev/dependencyList`.

From 36927551c19535422d4201b957c863881833a539 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Thu, 30 Mar 2023 19:48:15 +0800
Subject: [PATCH 240/760] [KYUUBI #4632] [CI] Add rule for labeler to tag
 `module:ui`

### _Why are the changes needed?_

Current Labeler mis-tags `module:server` to changes about web-ui.

We should give `module:ui` tag to ui-related PR.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4632 from zwangsheng/ci/labeler_tag_ui.

Closes #4632

33e379d5e [zwangsheng] to low case
801fdc95a [zwangsheng] Add rule fot labeler tag UI

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/labeler.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/labeler.yml b/.github/labeler.yml
index bbc64ed66..ecec12532 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -102,7 +102,8 @@
 
 "module:server":
   - "bin/kyuubi"
-  - "kyuubi-server/**/*"
+  - "kyuubi-server/src/**/*"
+  - "kyuubi-server/pom.xml"
   - "extension/server/kyuubi-server-plugin/**/*"
 
 "module:spark":
@@ -121,3 +122,6 @@
 
 "module:authz":
   - "extensions/spark/kyuubi-spark-authz/**/*"
+
+"module:ui":
+  - "kyuubi-server/web-ui/**/*"

From ca93a4e5c23f044fcd7afd5d05a5529f063a84e6 Mon Sep 17 00:00:00 2001
From: yehere <867171931@qq.com>
Date: Thu, 30 Mar 2023 20:37:55 +0800
Subject: [PATCH 241/760] [KYUUBI #4325] Support replace preparedStatement for
 Trino-jdbc

### _Why are the changes needed?_

close #4325

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4417 from yehere/kyuubi-4325.

Closes #4325

7b2864b53 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc,update the dependency file, run './build/dependency.sh --replace'
749b1c15c [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc,Code optimization
33ea9ba2b [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc,Code optimization
568418a21 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc,Add test case for DEALLOCATE PREPARE
358a8e3b8 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc,Support DEALLOCATE PREPARE
7d4a32402 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc
91392add6 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc
63bf8c462 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc
f5b7fb786 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc
b0476a79d [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc
1a8f147a0 [yehere] [KYUUBI #4325] Support replace preparedStatement for Trino-jdbc

Authored-by: yehere <867171931@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 dev/dependencyList                            |  5 ++
 .../it/trino/server/TrinoFrontendSuite.scala  | 32 +++++++---
 .../kyuubi/operation/JDBCTestHelper.scala     | 33 ++++++++++-
 .../jdbc/hive/KyuubiPreparedStatement.java    | 54 +----------------
 .../org/apache/kyuubi/jdbc/hive/Utils.java    | 57 ++++++++++++++++++
 kyuubi-server/pom.xml                         |  6 ++
 .../kyuubi/sql/KyuubiTrinoFeBaseLexer.g4      | 21 +++++++
 .../kyuubi/sql/KyuubiTrinoFeBaseParser.g4     | 11 ++++
 .../kyuubi/server/trino/api/Query.scala       | 58 ++++++++++++++++++-
 .../server/trino/api/TrinoContext.scala       | 12 +++-
 .../trino/api/v1/StatementResource.scala      | 43 +++++++++++++-
 .../trino/KyuubiTrinoFeAstBuilder.scala       | 19 +++++-
 .../parser/trino/KyuubiTrinoFeParser.scala    |  1 +
 .../sql/plan/trino/TrinoFeOperations.scala    | 15 +++++
 .../trino/KyuubiTrinoFeParserSuite.scala      | 20 ++++++-
 .../trino/api/TrinoClientApiSuite.scala       |  1 +
 16 files changed, 317 insertions(+), 71 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 509e28405..ab7697d35 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -22,6 +22,10 @@ annotations/4.1.1.4//annotations-4.1.1.4.jar
 antlr-runtime/3.5.3//antlr-runtime-3.5.3.jar
 antlr4-runtime/4.9.3//antlr4-runtime-4.9.3.jar
 aopalliance-repackaged/2.6.1//aopalliance-repackaged-2.6.1.jar
+arrow-format/11.0.0//arrow-format-11.0.0.jar
+arrow-memory-core/11.0.0//arrow-memory-core-11.0.0.jar
+arrow-memory-netty/11.0.0//arrow-memory-netty-11.0.0.jar
+arrow-vector/11.0.0//arrow-vector-11.0.0.jar
 classgraph/4.8.138//classgraph-4.8.138.jar
 commons-codec/1.15//commons-codec-1.15.jar
 commons-collections/3.2.2//commons-collections-3.2.2.jar
@@ -35,6 +39,7 @@ derby/10.14.2.0//derby-10.14.2.0.jar
 error_prone_annotations/2.14.0//error_prone_annotations-2.14.0.jar
 failsafe/2.4.4//failsafe-2.4.4.jar
 failureaccess/1.0.1//failureaccess-1.0.1.jar
+flatbuffers-java/1.12.0//flatbuffers-java-1.12.0.jar
 fliptables/1.0.2//fliptables-1.0.2.jar
 grpc-api/1.48.0//grpc-api-1.48.0.jar
 grpc-context/1.48.0//grpc-context-1.48.0.jar
diff --git a/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala b/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
index bd8bf3eda..4a175a28b 100644
--- a/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
+++ b/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
@@ -26,18 +26,37 @@ import org.apache.kyuubi.operation.SparkMetadataTests
 /**
  * This test is for Trino jdbc driver with Kyuubi Server and Spark engine:
  *
- *  -------------------------------------------------------------
- *  |                JDBC                                       |
- *  |  Trino-driver  ---->  Kyuubi Server  -->  Spark Engine    |
- *  |                                                           |
- *  -------------------------------------------------------------
+ * -------------------------------------------------------------
+ * |                JDBC                                       |
+ * |  Trino-driver  ---->  Kyuubi Server  -->  Spark Engine    |
+ * |                                                           |
+ * -------------------------------------------------------------
  */
 class TrinoFrontendSuite extends WithKyuubiServer with SparkMetadataTests {
-  // TODO: Add more test cases
+
+  test("execute statement - select 11 where 1=1") {
+    withJdbcStatement() { statement =>
+      val resultSet = statement.executeQuery("SELECT 11  where 1<1")
+      while (resultSet.next()) {
+        assert(resultSet.getInt(1) === 11)
+      }
+    }
+  }
+
+  test("execute preparedStatement - select 11 where 1 = 1") {
+    withJdbcPrepareStatement("select 11 where 1 = ? ") { statement =>
+      statement.setInt(1, 1)
+      val rs = statement.executeQuery()
+      while (rs.next()) {
+        assert(rs.getInt(1) == 11)
+      }
+    }
+  }
 
   override protected val conf: KyuubiConf = {
     KyuubiConf().set(KyuubiConf.FRONTEND_PROTOCOLS, Seq("TRINO"))
   }
+
   override protected def jdbcUrl: String = {
     s"jdbc:trino://${server.frontendServices.head.connectionUrl}/;"
   }
@@ -47,7 +66,6 @@ class TrinoFrontendSuite extends WithKyuubiServer with SparkMetadataTests {
 
   override def beforeAll(): Unit = {
     super.beforeAll()
-
     // eagerly start spark engine before running test, it's a workaround for trino jdbc driver
     // since it does not support changing http connect timeout
     try {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala
index 663fd1816..97330837d 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.operation
 
-import java.sql.{DriverManager, SQLException, Statement}
+import java.sql.{DriverManager, PreparedStatement, SQLException, Statement}
 import java.util.Locale
 
 import org.apache.kyuubi.KyuubiFunSuite
@@ -75,6 +75,31 @@ trait JDBCTestHelper extends KyuubiFunSuite {
     }
   }
 
+  def withMultipleConnectionJdbcPrepareStatement(
+      sql: String,
+      tableNames: String*)(fs: (PreparedStatement => Unit)*): Unit = {
+    val connections = fs.map { _ => DriverManager.getConnection(jdbcUrlWithConf, user, password) }
+    val statements = connections.map(_.prepareStatement(sql))
+
+    try {
+      statements.zip(fs).foreach { case (s, f) => f(s) }
+    } finally {
+      tableNames.foreach { name =>
+        if (name.toUpperCase(Locale.ROOT).startsWith("VIEW")) {
+          statements.head.execute(s"DROP VIEW IF EXISTS $name")
+        } else {
+          statements.head.execute(s"DROP TABLE IF EXISTS $name")
+        }
+      }
+      info("Closing statements")
+      statements.foreach(_.close())
+      info("Closed statements")
+      info("Closing connections")
+      connections.foreach(_.close())
+      info("Closed connections")
+    }
+  }
+
   def withDatabases(dbNames: String*)(fs: (Statement => Unit)*): Unit = {
     val connections = fs.map { _ => DriverManager.getConnection(jdbcUrlWithConf, user, password) }
     val statements = connections.map(_.createStatement())
@@ -97,4 +122,10 @@ trait JDBCTestHelper extends KyuubiFunSuite {
   def withJdbcStatement(tableNames: String*)(f: Statement => Unit): Unit = {
     withMultipleConnectionJdbcStatement(tableNames: _*)(f)
   }
+
+  def withJdbcPrepareStatement(
+      sql: String,
+      tableNames: String*)(f: PreparedStatement => Unit): Unit = {
+    withMultipleConnectionJdbcPrepareStatement(sql, tableNames: _*)(f)
+  }
 }
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java
index 43c2a030b..a0d4f3bfd 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java
@@ -26,9 +26,7 @@
 import java.sql.Timestamp;
 import java.sql.Types;
 import java.text.MessageFormat;
-import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Scanner;
 import org.apache.hive.service.rpc.thrift.TCLIService;
 import org.apache.hive.service.rpc.thrift.TSessionHandle;
@@ -81,57 +79,7 @@ public int executeUpdate() throws SQLException {
   /** update the SQL string with parameters set by setXXX methods of {@link PreparedStatement} */
   private String updateSql(final String sql, HashMap<Integer, String> parameters)
       throws SQLException {
-    List<String> parts = splitSqlStatement(sql);
-
-    StringBuilder newSql = new StringBuilder(parts.get(0));
-    for (int i = 1; i < parts.size(); i++) {
-      if (!parameters.containsKey(i)) {
-        throw new KyuubiSQLException("Parameter #" + i + " is unset");
-      }
-      newSql.append(parameters.get(i));
-      newSql.append(parts.get(i));
-    }
-    return newSql.toString();
-  }
-
-  /**
-   * Splits the parametered sql statement at parameter boundaries.
-   *
-   * <p>taking into account ' and \ escaping.
-   *
-   * <p>output for: 'select 1 from ? where a = ?' ['select 1 from ',' where a = ','']
-   */
-  private List<String> splitSqlStatement(String sql) {
-    List<String> parts = new ArrayList<>();
-    int apCount = 0;
-    int off = 0;
-    boolean skip = false;
-
-    for (int i = 0; i < sql.length(); i++) {
-      char c = sql.charAt(i);
-      if (skip) {
-        skip = false;
-        continue;
-      }
-      switch (c) {
-        case '\'':
-          apCount++;
-          break;
-        case '\\':
-          skip = true;
-          break;
-        case '?':
-          if ((apCount & 1) == 0) {
-            parts.add(sql.substring(off, i));
-            off = i + 1;
-          }
-          break;
-        default:
-          break;
-      }
-    }
-    parts.add(sql.substring(off, sql.length()));
-    return parts;
+    return Utils.updateSql(sql, parameters);
   }
 
   @Override
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
index 1daa322ec..ac9b29664 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
@@ -22,6 +22,7 @@
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.UnknownHostException;
+import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.util.*;
 import java.util.regex.Matcher;
@@ -89,6 +90,62 @@ static void verifySuccess(TStatus status, boolean withInfo) throws SQLException
     throw new KyuubiSQLException(status);
   }
 
+  /**
+   * Splits the parametered sql statement at parameter boundaries.
+   *
+   * <p>taking into account ' and \ escaping.
+   *
+   * <p>output for: 'select 1 from ? where a = ?' ['select 1 from ',' where a = ','']
+   */
+  static List<String> splitSqlStatement(String sql) {
+    List<String> parts = new ArrayList<>();
+    int apCount = 0;
+    int off = 0;
+    boolean skip = false;
+
+    for (int i = 0; i < sql.length(); i++) {
+      char c = sql.charAt(i);
+      if (skip) {
+        skip = false;
+        continue;
+      }
+      switch (c) {
+        case '\'':
+          apCount++;
+          break;
+        case '\\':
+          skip = true;
+          break;
+        case '?':
+          if ((apCount & 1) == 0) {
+            parts.add(sql.substring(off, i));
+            off = i + 1;
+          }
+          break;
+        default:
+          break;
+      }
+    }
+    parts.add(sql.substring(off, sql.length()));
+    return parts;
+  }
+
+  /** update the SQL string with parameters set by setXXX methods of {@link PreparedStatement} */
+  public static String updateSql(final String sql, HashMap<Integer, String> parameters)
+      throws SQLException {
+    List<String> parts = splitSqlStatement(sql);
+
+    StringBuilder newSql = new StringBuilder(parts.get(0));
+    for (int i = 1; i < parts.size(); i++) {
+      if (!parameters.containsKey(i)) {
+        throw new KyuubiSQLException("Parameter #" + i + " is unset");
+      }
+      newSql.append(parameters.get(i));
+      newSql.append(parts.get(i));
+    }
+    return newSql.toString();
+  }
+
   public static JdbcConnectionParams parseURL(String uri)
       throws JdbcUriParseException, SQLException, ZooKeeperHiveClientException {
     return parseURL(uri, new Properties());
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 83698fa5a..7408ac5dd 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -36,6 +36,12 @@
             <version>${project.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-hive-jdbc</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
             <artifactId>kyuubi-events_${scala.binary.version}</artifactId>
diff --git a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4 b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4
index 0cc02de64..83810a073 100644
--- a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4
+++ b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseLexer.g4
@@ -43,6 +43,10 @@ FALSE: 'FALSE';
 LIKE: 'LIKE';
 IN: 'IN';
 WHERE: 'WHERE';
+EXECUTE: 'EXECUTE';
+PREPARE: 'PREPARE';
+DEALLOCATE: 'DEALLOCATE';
+USING: 'USING';
 
 ESCAPE: 'ESCAPE';
 AUTO_INCREMENT: 'AUTO_INCREMENT';
@@ -98,7 +102,16 @@ SOURCE_DATA_TYPE: 'SOURCE_DATA_TYPE';
 IS_AUTOINCREMENT: 'IS_AUTOINCREMENT';
 IS_GENERATEDCOLUMN: 'IS_GENERATEDCOLUMN';
 VARCHAR: 'VARCHAR';
+TINYINT: 'TINYINT';
 SMALLINT: 'SMALLINT';
+INTEGER: 'INTEGER';
+BIGINT: 'BIGINT';
+REAL: 'REAL';
+DOUBLE: 'DOUBLE';
+DECIMAL: 'DECIMAL';
+DATE: 'DATE';
+TIME: 'TIME';
+TIMESTAMP: 'TIMESTAMP';
 CAST: 'CAST';
 AS: 'AS';
 KEY_SEQ: 'KEY_SEQ';
@@ -114,6 +127,10 @@ STRING
     : '\'' ( ~'\'' | '\'\'' )* '\''
     ;
 
+STRING_MARK
+    : '\''
+    ;
+
 SIMPLE_COMMENT
     : '--' ~[\r\n]* '\r'? '\n'? -> channel(HIDDEN)
     ;
@@ -125,6 +142,10 @@ BRACKETED_COMMENT
 WS  : [ \r\n\t]+ -> channel(HIDDEN)
     ;
 
+IDENTIFIER
+    : [A-Za-z_$0-9\u0080-\uFFFF]*?[A-Za-z_$\u0080-\uFFFF]+?[A-Za-z_$0-9\u0080-\uFFFF]*
+    ;
+
 // Catch-all for anything we can't recognize.
 // We use this to be able to ignore and recover all the text
 // when splitting statements with DelimiterLexer
diff --git a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4 b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4
index 6af00af5d..72811e592 100644
--- a/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4
+++ b/kyuubi-server/src/main/antlr4/org/apache/kyuubi/sql/KyuubiTrinoFeBaseParser.g4
@@ -54,9 +54,20 @@ statement
       CAST LEFT_PAREN NULL AS SMALLINT RIGHT_PAREN KEY_SEQ COMMA
       CAST LEFT_PAREN NULL AS VARCHAR RIGHT_PAREN PK_NAME
       WHERE FALSE                                                                                       #getPrimaryKeys
+    | EXECUTE IDENTIFIER (USING parameterList)?                                                         #execute
+    | PREPARE IDENTIFIER FROM statement                                                                 #prepare
+    | DEALLOCATE PREPARE IDENTIFIER                                                                     #deallocate
     | .*?                                                                                               #passThrough
     ;
 
+anyStr
+    : ( ~',' )*
+    ;
+
+parameterList
+    : (TINYINT|SMALLINT|INTEGER|BIGINT|DOUBLE|REAL|DECIMAL|DATE|TIME|TIMESTAMP)? anyStr (',' (TINYINT|SMALLINT|INTEGER|BIGINT|DOUBLE|REAL|DECIMAL|DATE|TIME|TIMESTAMP)? anyStr)*
+    ;
+
 tableCatalogFilter
      : (TABLE_CAT | TABLE_CATALOG) IS NULL                                                           #nullCatalog
      | (TABLE_CAT | TABLE_CATALOG) EQ catalog=STRING+                                                #catalogFilter
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
index 925875579..4e768b04a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
@@ -30,12 +30,13 @@ import scala.collection.mutable
 import Slug.Context.{EXECUTING_QUERY, QUEUED_QUERY}
 import com.google.common.hash.Hashing
 import io.trino.client.QueryResults
-import org.apache.hive.service.rpc.thrift.TProtocolVersion
+import org.apache.hive.service.rpc.thrift.{TBoolValue, TColumnDesc, TColumnValue, TGetResultSetMetadataResp, TPrimitiveTypeEntry, TProtocolVersion, TRow, TRowSet, TTableSchema, TTypeDesc, TTypeEntry, TTypeId}
 
-import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
+import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle, OperationState, OperationStatus}
 import org.apache.kyuubi.operation.OperationState.{FINISHED, INITIALIZED, OperationState, PENDING}
 import org.apache.kyuubi.server.trino.api.Query.KYUUBI_SESSION_ID
 import org.apache.kyuubi.service.BackendService
+import org.apache.kyuubi.service.TFrontendService.OK_STATUS
 import org.apache.kyuubi.session.SessionHandle
 
 case class Query(
@@ -85,6 +86,45 @@ case class Query(
     }
   }
 
+  def getPrepareQueryResults(
+      token: Long,
+      uriInfo: UriInfo,
+      maxWait: Long = 0): QueryResults = {
+    val status = OperationStatus(OperationState.FINISHED, 0, 0, 0, 0, false)
+    val nextUri = null
+    val queryHtmlUri = uriInfo.getRequestUriBuilder
+      .replacePath("ui/query.html").replaceQuery(queryId.getQueryId).build()
+
+    val columns = new TGetResultSetMetadataResp()
+    columns.setStatus(OK_STATUS)
+    val tColumnDesc = new TColumnDesc()
+    tColumnDesc.setColumnName("result")
+    val desc = new TTypeDesc
+    desc.addToTypes(TTypeEntry.primitiveEntry(new TPrimitiveTypeEntry(TTypeId.BOOLEAN_TYPE)))
+    tColumnDesc.setTypeDesc(desc)
+    tColumnDesc.setPosition(0)
+    val schema = new TTableSchema()
+    schema.addToColumns(tColumnDesc)
+    columns.setSchema(schema)
+
+    val rows = new java.util.ArrayList[TRow]
+    val trow = new TRow()
+    val value = new TBoolValue()
+    value.setValue(true)
+    trow.addToColVals(TColumnValue.boolVal(value))
+    rows.add(trow)
+    val rowSet = new TRowSet(0, rows)
+
+    TrinoContext.createQueryResults(
+      queryId.getQueryId,
+      nextUri,
+      queryHtmlUri,
+      status,
+      Option(columns),
+      Option(rowSet),
+      updateType = "PREPARE")
+  }
+
   def getLastToken: Long = this.lastToken.get()
 
   def getSlug: Slug = this.slug
@@ -152,6 +192,20 @@ object Query {
     Query(QueryId(operationHandle), updatedContext, backendService)
   }
 
+  def apply(
+      statementId: String,
+      statement: String,
+      context: TrinoContext,
+      backendService: BackendService): Query = {
+    val sessionHandle = getOrCreateSession(context, backendService)
+    val sessionWithId =
+      context.session + (KYUUBI_SESSION_ID -> sessionHandle.identifier.toString)
+    Query(
+      queryId = QueryId(new OperationHandle(UUID.randomUUID())),
+      context.copy(preparedStatement = Map(statementId -> statement), session = sessionWithId),
+      backendService)
+  }
+
   def apply(id: String, context: TrinoContext, backendService: BackendService): Query = {
     Query(QueryId(id), context, backendService)
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
index 8c85f31d7..16fc0388a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
@@ -187,14 +187,20 @@ object TrinoContext {
       queryHtmlUri: URI,
       queryStatus: OperationStatus,
       columns: Option[TGetResultSetMetadataResp] = None,
-      data: Option[TRowSet] = None): QueryResults = {
+      data: Option[TRowSet] = None,
+      updateType: String = null): QueryResults = {
 
     val columnList = columns match {
       case Some(value) => convertTColumn(value)
       case None => null
     }
     val rowList = data match {
-      case Some(value) => convertTRowSet(value)
+      case Some(value) =>
+        Option(updateType) match {
+          case Some("PREPARE") =>
+            ImmutableList.of(ImmutableList.of(true).asInstanceOf[util.List[Object]])
+          case _ => convertTRowSet(value)
+        }
       case None => null
     }
 
@@ -214,7 +220,7 @@ object TrinoContext {
         .setElapsedTimeMillis(0).setQueuedTimeMillis(0).build(),
       toQueryError(queryStatus),
       defaultWarning,
-      null,
+      updateType,
       0L)
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
index e051dbb23..124b84688 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.server.trino.api.v1
 
+import java.util
+import java.util.UUID
 import javax.ws.rs._
 import javax.ws.rs.core.{Context, HttpHeaders, MediaType, Response, UriInfo}
 import javax.ws.rs.core.MediaType.TEXT_PLAIN_TYPE
@@ -32,16 +34,21 @@ import io.swagger.v3.oas.annotations.tags.Tag
 import io.trino.client.QueryResults
 
 import org.apache.kyuubi.Logging
+import org.apache.kyuubi.jdbc.hive.Utils
+import org.apache.kyuubi.operation.OperationHandle
 import org.apache.kyuubi.server.trino.api.{ApiRequestContext, KyuubiTrinoOperationTranslator, Query, QueryId, Slug, TrinoContext}
 import org.apache.kyuubi.server.trino.api.Slug.Context.{EXECUTING_QUERY, QUEUED_QUERY}
 import org.apache.kyuubi.server.trino.api.v1.dto.Ok
 import org.apache.kyuubi.service.BackendService
+import org.apache.kyuubi.sql.parser.trino.KyuubiTrinoFeParser
+import org.apache.kyuubi.sql.plan.trino.{Deallocate, ExecuteForPreparing, Prepare}
 
 @Tag(name = "Statement")
 @Produces(Array(MediaType.APPLICATION_JSON))
 private[v1] class StatementResource extends ApiRequestContext with Logging {
 
   lazy val translator = new KyuubiTrinoOperationTranslator(fe.be)
+  lazy val parser = new KyuubiTrinoFeParser()
 
   @ApiResponse(
     responseCode = "200",
@@ -73,9 +80,39 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
     val trinoContext = TrinoContext(headers, remoteAddr)
 
     try {
-      val query = Query(statement, trinoContext, translator, fe.be)
-      val qr = query.getQueryResults(query.getLastToken, uriInfo)
-      TrinoContext.buildTrinoResponse(qr, query.context)
+      parser.parsePlan(statement) match {
+        case Prepare(statementId, _) =>
+          val query = Query(
+            statementId,
+            statement.split(s"$statementId FROM")(1),
+            trinoContext,
+            fe.be)
+          val qr = query.getPrepareQueryResults(query.getLastToken, uriInfo)
+          TrinoContext.buildTrinoResponse(qr, query.context)
+        case ExecuteForPreparing(statementId, parameters) =>
+          val parametersMap = new util.HashMap[Integer, String]()
+          for (i <- 0 until parameters.size) {
+            parametersMap.put(i + 1, parameters(i))
+          }
+          trinoContext.preparedStatement.get(statementId).map { originSql =>
+            val realSql = Utils.updateSql(originSql, parametersMap)
+            val query = Query(realSql, trinoContext, translator, fe.be)
+            val qr = query.getQueryResults(query.getLastToken, uriInfo)
+            TrinoContext.buildTrinoResponse(qr, query.context)
+          }.get
+        case Deallocate(statementId) =>
+          info(s"DEALLOCATE PREPARE ${statementId}")
+          val query = Query(
+            QueryId(new OperationHandle(UUID.randomUUID())),
+            trinoContext,
+            fe.be)
+          val qr = query.getPrepareQueryResults(query.getLastToken, uriInfo)
+          TrinoContext.buildTrinoResponse(qr, query.context)
+        case _ =>
+          val query = Query(statement, trinoContext, translator, fe.be)
+          val qr = query.getQueryResults(query.getLastToken, uriInfo)
+          TrinoContext.buildTrinoResponse(qr, query.context)
+      }
     } catch {
       case e: Exception =>
         val errorMsg =
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala
index 061985c1c..8d1e38519 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeAstBuilder.scala
@@ -25,7 +25,7 @@ import org.apache.kyuubi.sql.KyuubiTrinoFeBaseParser._
 import org.apache.kyuubi.sql.KyuubiTrinoFeBaseParserBaseVisitor
 import org.apache.kyuubi.sql.parser.KyuubiParser.unescapeSQLString
 import org.apache.kyuubi.sql.plan.{KyuubiTreeNode, PassThroughNode}
-import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
+import org.apache.kyuubi.sql.plan.trino.{Deallocate, ExecuteForPreparing, GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo, Prepare}
 
 class KyuubiTrinoFeAstBuilder extends KyuubiTrinoFeBaseParserBaseVisitor[AnyRef] {
 
@@ -123,4 +123,21 @@ class KyuubiTrinoFeAstBuilder extends KyuubiTrinoFeBaseParserBaseVisitor[AnyRef]
   override def visitTypesFilter(ctx: TypesFilterContext): List[String] = {
     ctx.stringLit().asScala.map(v => unescapeSQLString(v.getText)).toList
   }
+
+  override def visitExecute(ctx: ExecuteContext): KyuubiTreeNode = {
+    val parameters = Option(ctx.parameterList()) match {
+      case Some(para) =>
+        para.anyStr().asScala.toList.map(p => p.getText.substring(1, p.getText.length - 1))
+      case None => List[String]()
+    }
+    ExecuteForPreparing(ctx.IDENTIFIER().getText, parameters)
+  }
+
+  override def visitPrepare(ctx: PrepareContext): KyuubiTreeNode = {
+    Prepare(ctx.IDENTIFIER().getText, ctx.statement().getText)
+  }
+
+  override def visitDeallocate(ctx: DeallocateContext): KyuubiTreeNode = {
+    Deallocate(ctx.IDENTIFIER().getText)
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeParser.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeParser.scala
index 987288b0f..5dececf20 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeParser.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/parser/trino/KyuubiTrinoFeParser.scala
@@ -56,4 +56,5 @@ class KyuubiTrinoFeParser extends KyuubiParserBase[KyuubiTrinoFeBaseParser] {
   }
 
   override def parseTree(parser: KyuubiTrinoFeBaseParser): ParseTree = parser.singleStatement()
+
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala
index 6136995ab..8d02a74c6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/trino/TrinoFeOperations.scala
@@ -59,3 +59,18 @@ case class GetColumns(
 case class GetPrimaryKeys() extends KyuubiTreeNode {
   override def name(): String = "Get Primary Keys"
 }
+
+case class ExecuteForPreparing(statementId: String, parameters: List[String])
+  extends KyuubiTreeNode {
+  override def name(): String = "Execute For Preparing"
+}
+
+case class Prepare(statementId: String, sql: String)
+  extends KyuubiTreeNode {
+  override def name(): String = "Prepare Sql"
+}
+
+case class Deallocate(statementId: String)
+  extends KyuubiTreeNode {
+  override def name(): String = "Deallocate Prepare"
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala
index bbced0b61..205a6a7be 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/parser/trino/KyuubiTrinoFeParserSuite.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.parser.trino
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.sql.parser.trino.KyuubiTrinoFeParser
 import org.apache.kyuubi.sql.plan.{KyuubiTreeNode, PassThroughNode}
-import org.apache.kyuubi.sql.plan.trino.{GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
+import org.apache.kyuubi.sql.plan.trino.{Deallocate, ExecuteForPreparing, GetCatalogs, GetColumns, GetPrimaryKeys, GetSchemas, GetTables, GetTableTypes, GetTypeInfo}
 
 class KyuubiTrinoFeParserSuite extends KyuubiFunSuite {
   val parser = new KyuubiTrinoFeParser()
@@ -369,4 +369,22 @@ class KyuubiTrinoFeParserSuite extends KyuubiFunSuite {
 
     assert(kyuubiTreeNode.isInstanceOf[GetPrimaryKeys])
   }
+
+  test("Support PreparedStatement for Trino Fe (ExecuteForPreparing)") {
+    val kyuubiTreeNode = parse(
+      """
+        | EXECUTE statement1 USING INTEGER '1'
+        |""".stripMargin)
+
+    assert(kyuubiTreeNode.isInstanceOf[ExecuteForPreparing])
+  }
+
+  test("Support PreparedStatement for Trino Fe (Deallocate)") {
+    val kyuubiTreeNode = parse(
+      """
+        | DEALLOCATE PREPARE statement1
+        |""".stripMargin)
+
+    assert(kyuubiTreeNode.isInstanceOf[Deallocate])
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
index 13e10a112..478bf9174 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoClientApiSuite.scala
@@ -114,6 +114,7 @@ class TrinoClientApiSuite extends KyuubiFunSuite with TrinoRestFrontendTestHelpe
         (false, List[List[Any]]())
       }
     }
+
     Iterator.continually(getData(trino)).takeWhile(_._1).flatMap(_._2).toList
   }
 

From 4c2f1e6abe0c6aaebb5e79e6bd164bf8a0733d5f Mon Sep 17 00:00:00 2001
From: wangyepeng2 <yepeng.wang@convertlab.com>
Date: Fri, 31 Mar 2023 02:42:56 +0800
Subject: [PATCH 242/760] [KYUUBI #3872][BATCH]  Skip setting proxy user when
 keytab is provided

### _Why are the changes needed?_

Fix #3872

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4640 from wangyepeng2/proxy_user_fix.

Closes #3872

c7228b916 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
b6f41d1b5 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
ecf3b3b18 [wangyepeng2] change function name to setupKerberos
63fc5deef [wangyepeng2] fix:spark batch submit should not set proxy user when keytab is used

Lead-authored-by: wangyepeng2 <yepeng.wang@convertlab.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: wangyepeng2 <44561824+wangyepeng2@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/SparkBatchProcessBuilder.scala  |  4 +---
 .../engine/spark/SparkProcessBuilder.scala       | 16 ++++++++++------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
index 4c0365841..4a613278d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
@@ -56,9 +56,7 @@ class SparkBatchProcessBuilder(
       buffer += s"${convertConfigKey(k)}=$v"
     }
 
-    setSparkUserName(proxyUser, buffer)
-    buffer += PROXY_USER
-    buffer += proxyUser
+    setupKerberos(buffer)
 
     assert(mainResource.isDefined)
     buffer += mainResource.get
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index 874a36c00..b74eab77d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -121,6 +121,16 @@ class SparkProcessBuilder(
       buffer += s"${convertConfigKey(k)}=$v"
     }
 
+    setupKerberos(buffer)
+
+    mainResource.foreach { r => buffer += r }
+
+    buffer.toArray
+  }
+
+  override protected def module: String = "kyuubi-spark-sql-engine"
+
+  protected def setupKerberos(buffer: ArrayBuffer[String]): Unit = {
     // if the keytab is specified, PROXY_USER is not supported
     tryKeytab() match {
       case None =>
@@ -130,14 +140,8 @@ class SparkProcessBuilder(
       case Some(name) =>
         setSparkUserName(name, buffer)
     }
-
-    mainResource.foreach { r => buffer += r }
-
-    buffer.toArray
   }
 
-  override protected def module: String = "kyuubi-spark-sql-engine"
-
   private def tryKeytab(): Option[String] = {
     val principal = conf.getOption(PRINCIPAL)
     val keytab = conf.getOption(KEYTAB)

From 92f191a660699414c02ed94c6834253d6a42318d Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 31 Mar 2023 13:49:36 +0800
Subject: [PATCH 243/760] [KYUUBI #4617] [AUTHZ] Collect results for filtered
 show objects ahead to prevent holding unserializable spark plan

### _Why are the changes needed?_

To fix #4617.
- The reason for issue #4617 is that delegated SparkPlan is not serilizable when execution
- Collect results for filtered show objects ahead in FilterDataSourceV2Strategy to prevent holding the delegated plan

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4634 from bowenliang123/4617-filter.

Closes #4617

fe00ef58a [liangbowen] rename results to result
65ce03a51 [liangbowen] fix 4617

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../ranger/FilterDataSourceV2Strategy.scala   |  7 ++--
 .../ranger/FilteredShowObjectsExec.scala      | 36 +++++++++++++------
 .../ranger/RangerSparkExtensionSuite.scala    |  2 ++
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
index 1109464ac..d39aacdcf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
@@ -25,10 +25,13 @@ import org.apache.kyuubi.plugin.spark.authz.util.ObjectFilterPlaceHolder
 class FilterDataSourceV2Strategy(spark: SparkSession) extends Strategy {
   override def apply(plan: LogicalPlan): Seq[SparkPlan] = plan match {
     case ObjectFilterPlaceHolder(child) if child.nodeName == "ShowNamespaces" =>
-      spark.sessionState.planner.plan(child).map(FilteredShowNamespaceExec).toSeq
+      spark.sessionState.planner.plan(child)
+        .map(FilteredShowNamespaceExec(_, spark.sparkContext)).toSeq
 
     case ObjectFilterPlaceHolder(child) if child.nodeName == "ShowTables" =>
-      spark.sessionState.planner.plan(child).map(FilteredShowTablesExec).toSeq
+      spark.sessionState.planner.plan(child)
+        .map(FilteredShowTablesExec(_, spark.sparkContext)).toSeq
+
     case _ => Nil
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
index 7cc777d9b..67519118e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
@@ -17,6 +17,7 @@
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
+import org.apache.spark.SparkContext
 import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.catalyst.expressions.Attribute
@@ -26,24 +27,29 @@ import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
 
 trait FilteredShowObjectsExec extends LeafExecNode {
-  def delegated: SparkPlan
+  def result: Array[InternalRow]
 
-  final override def output: Seq[Attribute] = delegated.output
-
-  final private lazy val result = {
-    delegated.executeCollect().filter(isAllowed(_, AuthZUtils.getAuthzUgi(sparkContext)))
-  }
+  override def output: Seq[Attribute]
 
   final override def doExecute(): RDD[InternalRow] = {
     sparkContext.parallelize(result, 1)
   }
+}
 
-  protected def isAllowed(r: InternalRow, ugi: UserGroupInformation): Boolean
+trait FilteredShowObjectsCheck {
+  def isAllowed(r: InternalRow, ugi: UserGroupInformation): Boolean
 }
 
-case class FilteredShowNamespaceExec(delegated: SparkPlan) extends FilteredShowObjectsExec {
+case class FilteredShowNamespaceExec(result: Array[InternalRow], output: Seq[Attribute])
+  extends FilteredShowObjectsExec {}
+object FilteredShowNamespaceExec extends FilteredShowObjectsCheck {
+  def apply(delegated: SparkPlan, sc: SparkContext): FilteredShowNamespaceExec = {
+    val result = delegated.executeCollect()
+      .filter(isAllowed(_, AuthZUtils.getAuthzUgi(sc)))
+    new FilteredShowNamespaceExec(result, delegated.output)
+  }
 
-  override protected def isAllowed(r: InternalRow, ugi: UserGroupInformation): Boolean = {
+  override def isAllowed(r: InternalRow, ugi: UserGroupInformation): Boolean = {
     val database = r.getString(0)
     val resource = AccessResource(ObjectType.DATABASE, database, null, null)
     val request = AccessRequest(resource, ugi, OperationType.SHOWDATABASES, AccessType.USE)
@@ -52,8 +58,16 @@ case class FilteredShowNamespaceExec(delegated: SparkPlan) extends FilteredShowO
   }
 }
 
-case class FilteredShowTablesExec(delegated: SparkPlan) extends FilteredShowObjectsExec {
-  override protected def isAllowed(r: InternalRow, ugi: UserGroupInformation): Boolean = {
+case class FilteredShowTablesExec(result: Array[InternalRow], output: Seq[Attribute])
+  extends FilteredShowObjectsExec {}
+object FilteredShowTablesExec extends FilteredShowObjectsCheck {
+  def apply(delegated: SparkPlan, sc: SparkContext): FilteredShowNamespaceExec = {
+    val result = delegated.executeCollect()
+      .filter(isAllowed(_, AuthZUtils.getAuthzUgi(sc)))
+    new FilteredShowNamespaceExec(result, delegated.output)
+  }
+
+  override def isAllowed(r: InternalRow, ugi: UserGroupInformation): Boolean = {
     val database = r.getString(0)
     val table = r.getString(1)
     val isTemp = r.getBoolean(2)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 3aa551c42..4ccf15cba 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -233,6 +233,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
       doAs("admin", assert(sql(s"show tables from $db").collect().length === 2))
       doAs("bob", assert(sql(s"show tables from $db").collect().length === 0))
       doAs("i_am_invisible", assert(sql(s"show tables from $db").collect().length === 0))
+      doAs("i_am_invisible", assert(sql(s"show tables from $db").limit(1).isEmpty))
     }
   }
 
@@ -247,6 +248,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
 
       doAs("bob", assert(sql(s"SHOW DATABASES").collect().length == 1))
       doAs("bob", assert(sql(s"SHOW DATABASES").collectAsList().get(0).getString(0) == "default"))
+      doAs("i_am_invisible", assert(sql(s"SHOW DATABASES").limit(1).isEmpty))
     }
   }
 

From d9e14f239d5f27c3149519b70665fe36feaf0b3f Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Fri, 31 Mar 2023 15:21:59 +0800
Subject: [PATCH 244/760] [KYUUBI #4623][K8S] KubernetesApplicationOperation
 uses Informer instead of list

### _Why are the changes needed?_

Close #4623

To reduce the pressure on the Api Server (which use the kubernetes client polls with label to find the `spark driver pod` when multiple Rest Application are running at the same time), use informer, the kubernetes-recommended method of maintaining the application state.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
- [x] Run CI

Closes #4625 from zwangsheng/KYUUBI_4623.

Closes #4623

a415bef7f [Cheng Pan] nit
136d0db4d [Cheng Pan] 171
b5d3c237a [Cheng Pan] re-generate conf
bf14ad870 [Cheng Pan] nit
9ee7e04f9 [Cheng Pan] nit
301162ea0 [Cheng Pan] nit
1d426922b [Cheng Pan] nit
b95d7a650 [Cheng Pan] improve
cc8d2c7f4 [zwangsheng] fix comments
d017bafdf [zwangsheng] Set resycn 0
28f9a70d9 [zwangsheng] Reorder func & slow get app info
22d9c1662 [zwangsheng] fix setting
8e0940334 [zwangsheng] fix comments
10965d3df [zwangsheng] Rename fileter function => isSparkEnginePod
b02677154 [zwangsheng] rename
78c9fdb17 [zwangsheng] fix comments
6d31f70d1 [zwangsheng] Fix IT Test
f43bba2b9 [zwangsheng] fix
17e4f55eb [zwangsheng] debug
be8da790e [zwangsheng] debug
0db45a513 [zwangsheng] retest
a93786abc [zwangsheng] Fix style
652ee837e [zwangsheng] Add Setting & Debug
4add7e4e2 [zwangsheng] improve
1f4341237 [zwangsheng] remove unused import
35acd6106 [zwangsheng] fix compile
05dfc598e [zwangsheng] [KYUUBI #4623][Improvement][K8S] Remove cached app info when out of time
4ab530e99 [zwangsheng] [KYUUBI #4623][Improvement][K8S] kubernetesApplicationOperation Using Informer instead of list

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  25 +--
 .../spark/SparkOnKubernetesTestsSuite.scala   |  17 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  11 +-
 .../kyuubi/engine/ApplicationOperation.scala  |   5 +
 .../KubernetesApplicationOperation.scala      | 190 ++++++++++++------
 5 files changed, 160 insertions(+), 88 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index e7d939b9b..960f2c328 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -169,7 +169,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.spark.python.env.archive                   | &lt;undefined&gt;         | Portable Python env archive used for Spark engine Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.7.0 |
 | kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.7.0 |
 | kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.7.0 |
-| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not invisible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.7.1 |
+| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not visible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.7.1 |
 | kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
 | kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
 | kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
@@ -292,17 +292,18 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Kubernetes
 
-|                      Key                      |      Default      |                                                                                                      Meaning                                                                                                      |  Type   | Since |
-|-----------------------------------------------|-------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|-------|
-| kyuubi.kubernetes.authenticate.caCertFile     | &lt;undefined&gt; | Path to the CA cert file for connecting to the Kubernetes API server over TLS from the kyuubi. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                                          | string  | 1.7.0 |
-| kyuubi.kubernetes.authenticate.clientCertFile | &lt;undefined&gt; | Path to the client cert file for connecting to the Kubernetes API server over TLS from the kyuubi. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                                      | string  | 1.7.0 |
-| kyuubi.kubernetes.authenticate.clientKeyFile  | &lt;undefined&gt; | Path to the client key file for connecting to the Kubernetes API server over TLS from the kyuubi. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                                       | string  | 1.7.0 |
-| kyuubi.kubernetes.authenticate.oauthToken     | &lt;undefined&gt; | The OAuth token to use when authenticating against the Kubernetes API server. Note that unlike, the other authentication options, this must be the exact string value of the token to use for the authentication. | string  | 1.7.0 |
-| kyuubi.kubernetes.authenticate.oauthTokenFile | &lt;undefined&gt; | Path to the file containing the OAuth token to use when authenticating against the Kubernetes API server. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                               | string  | 1.7.0 |
-| kyuubi.kubernetes.context                     | &lt;undefined&gt; | The desired context from your kubernetes config file used to configure the K8s client for interacting with the cluster.                                                                                           | string  | 1.6.0 |
-| kyuubi.kubernetes.master.address              | &lt;undefined&gt; | The internal Kubernetes master (API server) address to be used for kyuubi.                                                                                                                                        | string  | 1.7.0 |
-| kyuubi.kubernetes.namespace                   | default           | The namespace that will be used for running the kyuubi pods and find engines.                                                                                                                                     | string  | 1.7.0 |
-| kyuubi.kubernetes.trust.certificates          | false             | If set to true then client can submit to kubernetes cluster only with token                                                                                                                                       | boolean | 1.7.0 |
+|                         Key                         |      Default      |                                                                                                      Meaning                                                                                                      |   Type   | Since |
+|-----------------------------------------------------|-------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.kubernetes.authenticate.caCertFile           | &lt;undefined&gt; | Path to the CA cert file for connecting to the Kubernetes API server over TLS from the kyuubi. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                                          | string   | 1.7.0 |
+| kyuubi.kubernetes.authenticate.clientCertFile       | &lt;undefined&gt; | Path to the client cert file for connecting to the Kubernetes API server over TLS from the kyuubi. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                                      | string   | 1.7.0 |
+| kyuubi.kubernetes.authenticate.clientKeyFile        | &lt;undefined&gt; | Path to the client key file for connecting to the Kubernetes API server over TLS from the kyuubi. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                                       | string   | 1.7.0 |
+| kyuubi.kubernetes.authenticate.oauthToken           | &lt;undefined&gt; | The OAuth token to use when authenticating against the Kubernetes API server. Note that unlike, the other authentication options, this must be the exact string value of the token to use for the authentication. | string   | 1.7.0 |
+| kyuubi.kubernetes.authenticate.oauthTokenFile       | &lt;undefined&gt; | Path to the file containing the OAuth token to use when authenticating against the Kubernetes API server. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                               | string   | 1.7.0 |
+| kyuubi.kubernetes.context                           | &lt;undefined&gt; | The desired context from your kubernetes config file used to configure the K8s client for interacting with the cluster.                                                                                           | string   | 1.6.0 |
+| kyuubi.kubernetes.master.address                    | &lt;undefined&gt; | The internal Kubernetes master (API server) address to be used for kyuubi.                                                                                                                                        | string   | 1.7.0 |
+| kyuubi.kubernetes.namespace                         | default           | The namespace that will be used for running the kyuubi pods and find engines.                                                                                                                                     | string   | 1.7.0 |
+| kyuubi.kubernetes.terminatedApplicationRetainPeriod | PT5M              | The period for which the Kyuubi server retains application information after the application terminates.                                                                                                          | duration | 1.7.1 |
+| kyuubi.kubernetes.trust.certificates                | false             | If set to true then client can submit to kubernetes cluster only with token                                                                                                                                       | boolean  | 1.7.0 |
 
 ### Metadata
 
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 831504608..9ddcc5937 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -208,19 +208,18 @@ class KyuubiOperationKubernetesClusterClusterModeSuite
       batchRequest.getConf.asScala.toMap,
       batchRequest)
 
-    val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSessionImpl]
-    val batchJobSubmissionOp = session.batchJobSubmissionOp
-
-    eventually(timeout(3.minutes), interval(50.milliseconds)) {
-      val appInfo = batchJobSubmissionOp.getOrFetchCurrentApplicationInfo
-      assert(appInfo.nonEmpty)
-      assert(appInfo.exists(_.state == RUNNING))
-      assert(appInfo.exists(_.name.startsWith(driverPodNamePrefix)))
+    // wait for driver pod start
+    eventually(timeout(3.minutes), interval(5.second)) {
+      // trigger k8sOperation init here
+      val appInfo = k8sOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
+      assert(appInfo.state == RUNNING)
+      assert(appInfo.name.startsWith(driverPodNamePrefix))
     }
 
     val killResponse = k8sOperation.killApplicationByTag(sessionHandle.identifier.toString)
     assert(killResponse._1)
-    assert(killResponse._2 startsWith "Operation of deleted appId:")
+    assert(killResponse._2 endsWith "is completed")
+    assert(killResponse._2 contains sessionHandle.identifier.toString)
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
       val appInfo = k8sOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 5e7755952..b5229e2ad 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1171,6 +1171,15 @@ object KyuubiConf {
       .booleanConf
       .createWithDefault(false)
 
+  val KUBERNETES_TERMINATED_APPLICATION_RETAIN_PERIOD: ConfigEntry[Long] =
+    buildConf("kyuubi.kubernetes.terminatedApplicationRetainPeriod")
+      .doc("The period for which the Kyuubi server retains application information after " +
+        "the application terminates.")
+      .version("1.7.1")
+      .timeConf
+      .checkValue(_ > 0, "must be positive number")
+      .createWithDefault(Duration.ofMinutes(5).toMillis)
+
   // ///////////////////////////////////////////////////////////////////////////////////////////////
   //                                 SQL Engine Configuration                                    //
   // ///////////////////////////////////////////////////////////////////////////////////////////////
@@ -2553,7 +2562,7 @@ object KyuubiConf {
   val ENGINE_SUBMIT_TIMEOUT: ConfigEntry[Long] =
     buildConf("kyuubi.engine.submit.timeout")
       .doc("Period to tolerant Driver Pod ephemerally invisible after submitting. " +
-        "In some Resource Managers, e.g. K8s, the Driver Pod is not invisible immediately " +
+        "In some Resource Managers, e.g. K8s, the Driver Pod is not visible immediately " +
         "after `spark-submit` is returned.")
       .version("1.7.1")
       .timeConf
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
index 00db372ce..a2b3d0f76 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
@@ -100,6 +100,11 @@ case class ApplicationInfo(
   }
 }
 
+object ApplicationInfo {
+  val NOT_FOUND: ApplicationInfo = ApplicationInfo(null, null, ApplicationState.NOT_FOUND)
+  val UNKNOWN: ApplicationInfo = ApplicationInfo(null, null, ApplicationState.UNKNOWN)
+}
+
 object ApplicationOperation {
   val NOT_FOUND = "APPLICATION_NOT_FOUND"
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index d0820b9ae..83792f52f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -17,30 +17,54 @@
 
 package org.apache.kyuubi.engine
 
-import java.util
+import java.util.concurrent.{ConcurrentHashMap, TimeUnit}
 
+import com.google.common.cache.{Cache, CacheBuilder, RemovalNotification}
 import io.fabric8.kubernetes.api.model.Pod
 import io.fabric8.kubernetes.client.KubernetesClient
+import io.fabric8.kubernetes.client.informers.{ResourceEventHandler, SharedIndexInformer}
 
-import org.apache.kyuubi.Logging
+import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.ApplicationState.{ApplicationState, FAILED, FINISHED, PENDING, RUNNING, UNKNOWN}
-import org.apache.kyuubi.engine.KubernetesApplicationOperation.{toApplicationState, SPARK_APP_ID_LABEL}
+import org.apache.kyuubi.engine.ApplicationState.{isTerminated, ApplicationState, FAILED, FINISHED, NOT_FOUND, PENDING, RUNNING, UNKNOWN}
+import org.apache.kyuubi.engine.KubernetesApplicationOperation.{toApplicationState, LABEL_KYUUBI_UNIQUE_KEY, SPARK_APP_ID_LABEL}
 import org.apache.kyuubi.util.KubernetesUtils
 
 class KubernetesApplicationOperation extends ApplicationOperation with Logging {
 
   @volatile
   private var kubernetesClient: KubernetesClient = _
-
+  private var enginePodInformer: SharedIndexInformer[Pod] = _
   private var submitTimeout: Long = _
 
+  // key is kyuubi_unique_key
+  private val appInfoStore: ConcurrentHashMap[String, ApplicationInfo] =
+    new ConcurrentHashMap[String, ApplicationInfo]
+  // key is kyuubi_unique_key
+  private var cleanupTerminatedAppInfoTrigger: Cache[String, ApplicationState] = _
+
   override def initialize(conf: KyuubiConf): Unit = {
     info("Start initializing Kubernetes Client.")
     kubernetesClient = KubernetesUtils.buildKubernetesClient(conf) match {
       case Some(client) =>
         info(s"Initialized Kubernetes Client connect to: ${client.getMasterUrl}")
         submitTimeout = conf.get(KyuubiConf.ENGINE_SUBMIT_TIMEOUT)
+        // Disable resync, see https://github.com/fabric8io/kubernetes-client/discussions/5015
+        enginePodInformer = client.pods()
+          .withLabel(LABEL_KYUUBI_UNIQUE_KEY)
+          .inform(new SparkEnginePodEventHandler)
+        info("Start Kubernetes Client Informer.")
+        // Defer cleaning terminated application information
+        val retainPeriod = conf.get(KyuubiConf.KUBERNETES_TERMINATED_APPLICATION_RETAIN_PERIOD)
+        cleanupTerminatedAppInfoTrigger = CacheBuilder.newBuilder()
+          .expireAfterWrite(retainPeriod, TimeUnit.MILLISECONDS)
+          .removalListener((notification: RemovalNotification[String, ApplicationState]) => {
+            Option(appInfoStore.remove(notification.getKey)).foreach { removed =>
+              info(s"Remove terminated application ${removed.id} with " +
+                s"tag ${notification.getKey} and state ${removed.state}")
+            }
+          })
+          .build()
         client
       case None =>
         warn("Fail to init Kubernetes Client for Kubernetes Application Operation")
@@ -55,34 +79,26 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   }
 
   override def killApplicationByTag(tag: String): KillResponse = {
-    if (kubernetesClient != null) {
-      debug(s"Deleting application info from Kubernetes cluster by $tag tag")
-      try {
-        // Need driver only
-        val podList = findDriverPodByTag(tag)
-        if (podList.size() != 0) {
-          val targetPod = podList.get(0)
-          toApplicationState(targetPod.getStatus.getPhase) match {
-            case FAILED | UNKNOWN =>
-              (
-                false,
-                s"Target Pod ${targetPod.getMetadata.getName} is in FAILED or UNKNOWN status")
-            case _ =>
-              (
-                !kubernetesClient.pods.withName(targetPod.getMetadata.getName).delete().isEmpty,
-                s"Operation of deleted appId: ${podList.get(0).getMetadata.getName} is completed")
-          }
-        } else {
+    if (kubernetesClient == null) {
+      throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
+    }
+    debug(s"Deleting application info from Kubernetes cluster by $tag tag")
+    try {
+      val info = appInfoStore.getOrDefault(tag, ApplicationInfo.NOT_FOUND)
+      debug(s"Application info[tag: $tag] is in ${info.state}")
+      info.state match {
+        case NOT_FOUND | FAILED | UNKNOWN =>
           (
             false,
-            s"Target Pod(tag: $tag) is not found, due to pod have been deleted or not created")
-        }
-      } catch {
-        case e: Exception =>
-          (false, s"Failed to terminate application with $tag, due to ${e.getMessage}")
+            s"Target application[tag: $tag] is in ${info.state} status")
+        case _ =>
+          (
+            !kubernetesClient.pods.withName(info.name).delete().isEmpty,
+            s"Operation of deleted application[appId: ${info.id} ,tag: $tag] is completed")
       }
-    } else {
-      throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
+    } catch {
+      case e: Exception =>
+        (false, s"Failed to terminate application with $tag, due to ${e.getMessage}")
     }
   }
 
@@ -92,59 +108,101 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     }
     debug(s"Getting application info from Kubernetes cluster by $tag tag")
     try {
-      val podList = findDriverPodByTag(tag)
-      if (podList.size() != 0) {
-        val pod = podList.get(0)
-        val info = ApplicationInfo(
-          // spark pods always tag label `spark-app-selector:<spark-app-id>`
-          id = pod.getMetadata.getLabels.get(SPARK_APP_ID_LABEL),
-          name = pod.getMetadata.getName,
-          state = KubernetesApplicationOperation.toApplicationState(pod.getStatus.getPhase),
-          error = Option(pod.getStatus.getReason))
-        debug(s"Successfully got application info by $tag: $info")
-        return info
-      }
-      // Kyuubi should wait second if pod is not be created
-      submitTime match {
-        case Some(time) =>
-          val elapsedTime = System.currentTimeMillis() - time
+      val appInfo = appInfoStore.getOrDefault(tag, ApplicationInfo.NOT_FOUND)
+      (appInfo.state, submitTime) match {
+        // Kyuubi should wait second if pod is not be created
+        case (NOT_FOUND, Some(_submitTime)) =>
+          val elapsedTime = System.currentTimeMillis - _submitTime
           if (elapsedTime > submitTimeout) {
             error(s"Can't find target driver pod by tag: $tag, " +
               s"elapsed time: ${elapsedTime}ms exceeds ${submitTimeout}ms.")
-            ApplicationInfo(id = null, name = null, ApplicationState.NOT_FOUND)
+            ApplicationInfo.NOT_FOUND
           } else {
             warn("Wait for driver pod to be created, " +
               s"elapsed time: ${elapsedTime}ms, return UNKNOWN status")
-            ApplicationInfo(id = null, name = null, ApplicationState.UNKNOWN)
+            ApplicationInfo.UNKNOWN
           }
-        case None =>
-          ApplicationInfo(id = null, name = null, ApplicationState.NOT_FOUND)
+        case (NOT_FOUND, None) =>
+          ApplicationInfo.NOT_FOUND
+        case _ =>
+          debug(s"Successfully got application info by $tag: $appInfo")
+          appInfo
       }
     } catch {
       case e: Exception =>
         error(s"Failed to get application with $tag, due to ${e.getMessage}")
-        ApplicationInfo(id = null, name = null, ApplicationState.NOT_FOUND)
+        ApplicationInfo.NOT_FOUND
     }
   }
 
-  private def findDriverPodByTag(tag: String): util.List[Pod] = {
-    val podList = kubernetesClient.pods()
-      .withLabel(KubernetesApplicationOperation.LABEL_KYUUBI_UNIQUE_KEY, tag).list().getItems
-    val size = podList.size()
-    if (size != 1) {
-      warn(s"Get Tag: ${tag} Driver Pod In Kubernetes size: ${size}, we expect 1")
+  override def stop(): Unit = {
+    Utils.tryLogNonFatalError {
+      if (enginePodInformer != null) {
+        enginePodInformer.stop()
+        enginePodInformer = null
+      }
     }
-    podList
-  }
 
-  override def stop(): Unit = {
-    if (kubernetesClient != null) {
-      try {
+    Utils.tryLogNonFatalError {
+      if (kubernetesClient != null) {
         kubernetesClient.close()
-      } catch {
-        case e: Exception => error(e.getMessage)
+        kubernetesClient = null
       }
     }
+
+    if (cleanupTerminatedAppInfoTrigger != null) {
+      cleanupTerminatedAppInfoTrigger.cleanUp()
+      cleanupTerminatedAppInfoTrigger = null
+    }
+  }
+
+  private class SparkEnginePodEventHandler extends ResourceEventHandler[Pod] {
+
+    override def onAdd(pod: Pod): Unit = {
+      if (isSparkEnginePod(pod)) {
+        updateApplicationState(pod)
+      }
+    }
+
+    override def onUpdate(oldPod: Pod, newPod: Pod): Unit = {
+      if (isSparkEnginePod(newPod)) {
+        updateApplicationState(newPod)
+        val appState = toApplicationState(newPod.getStatus.getPhase)
+        if (isTerminated(appState)) {
+          markApplicationTerminated(newPod)
+        }
+      }
+    }
+
+    override def onDelete(pod: Pod, deletedFinalStateUnknown: Boolean): Unit = {
+      if (isSparkEnginePod(pod)) {
+        updateApplicationState(pod)
+        markApplicationTerminated(pod)
+      }
+    }
+  }
+
+  private def isSparkEnginePod(pod: Pod): Boolean = {
+    val labels = pod.getMetadata.getLabels
+    labels.containsKey(LABEL_KYUUBI_UNIQUE_KEY) && labels.containsKey(SPARK_APP_ID_LABEL)
+  }
+
+  private def updateApplicationState(pod: Pod): Unit = {
+    val appState = toApplicationState(pod.getStatus.getPhase)
+    debug(s"Driver Informer changes pod: ${pod.getMetadata.getName} to state: $appState")
+    appInfoStore.put(
+      pod.getMetadata.getLabels.get(LABEL_KYUUBI_UNIQUE_KEY),
+      ApplicationInfo(
+        id = pod.getMetadata.getLabels.get(SPARK_APP_ID_LABEL),
+        name = pod.getMetadata.getName,
+        state = appState,
+        error = Option(pod.getStatus.getReason)))
+  }
+
+  private def markApplicationTerminated(pod: Pod): Unit = {
+    cleanupTerminatedAppInfoTrigger.put(
+      pod.getMetadata.getLabels.get(LABEL_KYUUBI_UNIQUE_KEY),
+      toApplicationState(pod.getStatus.getPhase))
   }
 }
 
@@ -161,10 +219,10 @@ object KubernetesApplicationOperation extends Logging {
     case "Running" => RUNNING
     case "Succeeded" => FINISHED
     case "Failed" | "Error" => FAILED
-    case "Unknown" => ApplicationState.UNKNOWN
+    case "Unknown" => UNKNOWN
     case _ =>
       warn(s"The kubernetes driver pod state: $state is not supported, " +
         "mark the application state as UNKNOWN.")
-      ApplicationState.UNKNOWN
+      UNKNOWN
   }
 }

From 4e9e647a18ea4982dd325fd974808f5f4511f108 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 31 Mar 2023 17:54:25 +0800
Subject: [PATCH 245/760] [KYUUBI #4623][FOLLOWUP] Remove unused import

### _Why are the changes needed?_

```
Error: ] /home/runner/work/kyuubi/kyuubi/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala:37: Unused import
Error: [ERROR] one error found
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4645 from pan3793/followup.

Closes #4623

de03bb5ad [Cheng Pan] [KYUUBI #4623][FOLLOUP] Remove unused import

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 9ddcc5937..5141ff4d7 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -34,7 +34,7 @@ import org.apache.kyuubi.engine.ApplicationState.{FAILED, NOT_FOUND, RUNNING}
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
 import org.apache.kyuubi.kubernetes.test.MiniKube
 import org.apache.kyuubi.operation.SparkQueryTests
-import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionManager}
+import org.apache.kyuubi.session.KyuubiSessionManager
 import org.apache.kyuubi.util.Validator.KUBERNETES_EXECUTOR_POD_NAME_PREFIX
 import org.apache.kyuubi.zookeeper.ZookeeperConf.ZK_CLIENT_PORT_ADDRESS
 

From 726a831c3ec8f9f5754e936211536160e21023ef Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Fri, 31 Mar 2023 18:56:52 +0800
Subject: [PATCH 246/760] [KYUUBI #4644] Manually terminate the Py4JServer
 during engine shutdown

### _Why are the changes needed?_

Due to the Py4JServer initiating with a non-daemon thread, there is a possibility of it impeding the engine's termination. Therefore, it is imperative to manually terminate the Py4JServer during engine shutdown.

```
"Thread-23" #96 prio=5 os_prio=0 cpu=7.93ms elapsed=187532.67s tid=0x00007fee840cf000 nid=0x8f runnable  [0x00007fedca6bf000]
   java.lang.Thread.State: RUNNABLE
	at java.net.PlainSocketImpl.socketAccept(java.base11.0.16/Native Method)
	at java.net.AbstractPlainSocketImpl.accept(java.base11.0.16/Unknown Source)
	at java.net.ServerSocket.implAccept(java.base11.0.16/Unknown Source)
	at java.net.ServerSocket.accept(java.base11.0.16/Unknown Source)
	at py4j.GatewayServer.run(GatewayServer.java:685)
	at java.lang.Thread.run(java.base11.0.16/Unknown Source)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4644 from cfmcgrady/pyserver-non-daemon.

Closes #4644

d4f1a57a6 [Fu Chen] synchronized
cdc9630a7 [Fu Chen] shutdown Py4JServer

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/session/SparkSQLSessionManager.scala      |  2 ++
 .../api/python/KyuubiPythonGatewayServer.scala      | 13 +++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
index 677af9a03..79f38ce35 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSQLSessionManager.scala
@@ -20,6 +20,7 @@ package org.apache.kyuubi.engine.spark.session
 import java.util.concurrent.{ScheduledExecutorService, TimeUnit}
 
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
+import org.apache.spark.api.python.KyuubiPythonGatewayServer
 import org.apache.spark.sql.SparkSession
 
 import org.apache.kyuubi.KyuubiSQLException
@@ -94,6 +95,7 @@ class SparkSQLSessionManager private (name: String, spark: SparkSession)
 
   override def stop(): Unit = {
     super.stop()
+    KyuubiPythonGatewayServer.shutdown()
     userIsolatedSparkSessionThread.foreach(_.shutdown())
   }
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/api/python/KyuubiPythonGatewayServer.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/api/python/KyuubiPythonGatewayServer.scala
index 7e15ffe05..8cf8d685c 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/api/python/KyuubiPythonGatewayServer.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/api/python/KyuubiPythonGatewayServer.scala
@@ -30,10 +30,12 @@ object KyuubiPythonGatewayServer extends Logging {
 
   val CONNECTION_FILE_PATH = Utils.createTempDir() + "/connection.info"
 
-  def start(): Unit = {
+  private var gatewayServer: Py4JServer = _
+
+  def start(): Unit = synchronized {
 
     val sparkConf = new SparkConf()
-    val gatewayServer: Py4JServer = new Py4JServer(sparkConf)
+    gatewayServer = new Py4JServer(sparkConf)
 
     gatewayServer.start()
     val boundPort: Int = gatewayServer.getListeningPort
@@ -65,4 +67,11 @@ object KyuubiPythonGatewayServer extends Logging {
       System.exit(1)
     }
   }
+
+  def shutdown(): Unit = synchronized {
+    if (gatewayServer != null) {
+      logInfo("shutting down the python gateway server.")
+      gatewayServer.shutdown()
+    }
+  }
 }

From b818c6fd84e04c5a3aa13a789bceb805c29c63aa Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 3 Apr 2023 11:45:10 +0800
Subject: [PATCH 247/760] [KYUUBI #4647] Bump Maven from 3.8.7 to 3.9.1 and
 Mvnd from 0.9.0 to 1.0-m6

### _Why are the changes needed?_

- bump Maven from 3.8.7 to 3.9.1, 3.9.1 fixed the performance issue [MNG-7677](https://issues.apache.org/jira/browse/MNG-7677) in 3.9.0, release notes: https://maven.apache.org/docs/3.9.1/release-notes.html
-  Mvnd from 0.9.0 to 1.0-m6 (with embedded maven 3.9.1), release notes: https://github.com/apache/maven-mvnd/releases/tag/1.0-m6

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4647 from bowenliang123/maven-3.9.1.

Closes #4647

f803394df [liangbowen] remove property
efd199f7a [liangbowen] fix
87e18d70a [Bowen Liang] Update build/mvnd
10f4a25ff [liangbowen] bump Maven from 3.8.7 to 3.9.1, and Mvnd from 0.9.0 to 1.0-m6 (with embedded maven 3.9.1)

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 build/mvnd | 9 +++++----
 pom.xml    | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/build/mvnd b/build/mvnd
index 81a6f5c20..f0c72332f 100755
--- a/build/mvnd
+++ b/build/mvnd
@@ -94,8 +94,9 @@ function get_os_arch() {
 # Determine the Mvnd version from the root pom.xml file and
 # install mvnd under the build/ folder if needed.
 function install_mvnd() {
-  local MVND_VERSION=$(grep "<mvnd.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
   local MVN_VERSION=$(grep "<maven.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
+  local MVND_VERSION=$(grep "<mvnd.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
+  local MVND_MVN_SHORT_VERSION=$(echo "$MVN_VERSION" | awk -F . '{print $1$2}')
   MVND_BIN="$(command -v mvnd)"
   if [ "$MVND_BIN" ]; then
     local MVND_DETECTED_VERSION="$(mvnd -v 2>&1 | grep '(mvnd)' | awk '{print $5}')"
@@ -111,10 +112,10 @@ function install_mvnd() {
 
     install_app \
       "${APACHE_MIRROR}/maven/mvnd/${MVND_VERSION}" \
-      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}.tar.gz" \
-      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
+      "maven-mvnd-${MVND_VERSION}-m${MVND_MVN_SHORT_VERSION}-${OS_TYPE}-${ARCH}.tar.gz" \
+      "maven-mvnd-${MVND_VERSION}-m${MVND_MVN_SHORT_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
 
-    MVND_BIN="${_DIR}/maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
+    MVND_BIN="${_DIR}/maven-mvnd-${MVND_VERSION}-m${MVND_MVN_SHORT_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
   else
     if [ "$(version $MVN_DETECTED_VERSION)" -ne "$(version $MVN_VERSION)" ]; then
       echo "Mvnd $MVND_DETECTED_VERSION embedded maven version $MVN_DETECTED_VERSION is not equivalent to $MVN_VERSION required in pom."
diff --git a/pom.xml b/pom.xml
index b2b0341e2..09ee14c08 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,8 +109,8 @@
 
     <properties>
         <java.version>1.8</java.version>
-        <maven.version>3.8.7</maven.version>
-        <mvnd.version>0.9.0</mvnd.version>
+        <maven.version>3.9.1</maven.version>
+        <mvnd.version>1.0-m6</mvnd.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <scala.version>2.12.17</scala.version>

From a947dcb792b17f3fa40f03ec03397b6670b0b32a Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 3 Apr 2023 18:51:27 +0800
Subject: [PATCH 248/760] [KYUUBI #4655] [DOCS] Enrich docs for Kyuubi Hive
 JDBC driver

### _Why are the changes needed?_

Update the outdated words for Kyuubi Hive JDBC driver, and supply more details about Kerberos authentication.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="1400" alt="image" src="https://user-images.githubusercontent.com/26535726/229476374-d662c3b2-c1bc-44e9-a717-92f401586feb.png">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4655 from pan3793/docs-v2.

Closes #4655

9d2cb4875 [Cheng Pan] Update docs/quick_start/quick_start_with_jdbc.md
00af58e27 [Cheng Pan] address comments
48bf21664 [Cheng Pan] Update docs/quick_start/quick_start_with_jupyter.md
054e2bea0 [Cheng Pan] nit
a0a80b818 [Cheng Pan] nit
41ff97de3 [Cheng Pan] [DOCS] Enrich docs for Kyuubi Hive JDBC Driver

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 README.md                                    |   2 +-
 docs/appendix/terminology.md                 |   4 +-
 docs/client/jdbc/hive_jdbc.md                |  14 +--
 docs/client/jdbc/kyuubi_jdbc.rst             | 115 ++++++++++++++-----
 docs/extensions/server/authentication.rst    |   4 +-
 docs/quick_start/quick_start_with_helm.md    |   2 +-
 docs/quick_start/quick_start_with_jdbc.md    | 114 +++++++++---------
 docs/quick_start/quick_start_with_jupyter.md |   2 +-
 8 files changed, 159 insertions(+), 98 deletions(-)

diff --git a/README.md b/README.md
index e54f6fac0..43efc4c66 100644
--- a/README.md
+++ b/README.md
@@ -84,7 +84,7 @@ HiveServer2 can identify and authenticate a caller, and then if the caller also
 
 Kyuubi extends the use of STS in a multi-tenant model based on a unified interface and relies on the concept of multi-tenancy to interact with cluster managers to finally gain the ability of resources sharing/isolation and data security. The loosely coupled architecture of the Kyuubi server and engine dramatically improves the client concurrency and service stability of the service itself.
 
-#### DataLake/LakeHouse Support
+#### DataLake/Lakehouse Support
 
 The vision of Kyuubi is to unify the portal and become an easy-to-use data lake management platform. Different kinds of workloads, such as ETL processing and BI analytics, can be supported by one platform, using one copy of data, with one SQL interface.
 
diff --git a/docs/appendix/terminology.md b/docs/appendix/terminology.md
index b81fa25fe..b349d77c7 100644
--- a/docs/appendix/terminology.md
+++ b/docs/appendix/terminology.md
@@ -129,9 +129,9 @@ As an enterprise service, SLA commitment is essential. Deploying Kyuubi in High
 </em>
 </p>
 
-## DataLake & LakeHouse
+## DataLake & Lakehouse
 
-Kyuubi unifies DataLake & LakeHouse access in the simplest pure SQL way, meanwhile it's also the securest way with authentication and SQL standard authorization.
+Kyuubi unifies DataLake & Lakehouse access in the simplest pure SQL way, meanwhile it's also the securest way with authentication and SQL standard authorization.
 
 ### Apache Iceberg
 
diff --git a/docs/client/jdbc/hive_jdbc.md b/docs/client/jdbc/hive_jdbc.md
index 42d2f7b5a..00498dfaa 100644
--- a/docs/client/jdbc/hive_jdbc.md
+++ b/docs/client/jdbc/hive_jdbc.md
@@ -19,14 +19,18 @@
 
 ## Instructions
 
-Kyuubi does not provide its own JDBC Driver so far,
-as it is fully compatible with Hive JDBC and ODBC drivers that let you connect to popular Business Intelligence (BI) tools to query,
-analyze and visualize data though Spark SQL engines.
+Kyuubi is fully compatible with Hive JDBC and ODBC drivers that let you connect to popular Business Intelligence (BI)
+tools to query, analyze and visualize data though Spark SQL engines.
+
+It's recommended to use [Kyuubi JDBC driver](./kyuubi_jdbc.html) for new applications.
 
 ## Install Hive JDBC
 
 For programing, the easiest way to get `hive-jdbc` is from [the maven central](https://mvnrepository.com/artifact/org.apache.hive/hive-jdbc). For example,
 
+The following sections demonstrate how to use Hive JDBC driver 2.3.8 to connect Kyuubi Server, actually, any version
+less or equals 3.1.x should work fine.
+
 - **maven**
 
 ```xml
@@ -76,7 +80,3 @@ jdbc:hive2://<host>:<port>/<dbName>;<sessionVars>?<kyuubiConfs>#<[spark|hive]Var
 jdbc:hive2://localhost:10009/default;hive.server2.proxy.user=proxy_user?kyuubi.engine.share.level=CONNECTION;spark.ui.enabled=false#var_x=y
 ```
 
-## Unsupported Hive Features
-
-- Connect to HiveServer2 using HTTP transport. ```transportMode=http```
-
diff --git a/docs/client/jdbc/kyuubi_jdbc.rst b/docs/client/jdbc/kyuubi_jdbc.rst
index fdc40d599..305200d0d 100644
--- a/docs/client/jdbc/kyuubi_jdbc.rst
+++ b/docs/client/jdbc/kyuubi_jdbc.rst
@@ -17,14 +17,14 @@ Kyuubi Hive JDBC Driver
 =======================
 
 .. versionadded:: 1.4.0
-   Since 1.4.0, kyuubi community maintains a forked hive jdbc driver module and provides both shaded and non-shaded packages.
+   Kyuubi community maintains a forked Hive JDBC driver module and provides both shaded and non-shaded packages.
 
-This packages aims to support some missing functionalities of the original hive jdbc.
-For kyuubi engines that support multiple catalogs, it provides meta APIs for better support.
-The behaviors of the original hive jdbc have remained.
+This packages aims to support some missing functionalities of the original Hive JDBC driver.
+For Kyuubi engines that support multiple catalogs, it provides meta APIs for better support.
+The behaviors of the original Hive JDBC driver have remained.
 
-To access a Hive data warehouse or new lakehouse formats, such as Apache Iceberg/Hudi, delta lake using the kyuubi jdbc driver for Apache kyuubi, you need to configure
-the following:
+To access a Hive data warehouse or new Lakehouse formats, such as Apache Iceberg/Hudi, Delta Lake using the Kyuubi JDBC driver
+for Apache kyuubi, you need to configure the following:
 
 - The list of driver library files - :ref:`referencing-libraries`.
 - The Driver or DataSource class - :ref:`registering_class`.
@@ -46,28 +46,28 @@ In the code, specify the artifact `kyuubi-hive-jdbc-shaded` from `Maven Central`
 Maven
 ^^^^^
 
-.. code-block:: xml
+.. parsed-literal::
 
    <dependency>
        <groupId>org.apache.kyuubi</groupId>
        <artifactId>kyuubi-hive-jdbc-shaded</artifactId>
-       <version>1.5.2-incubating</version>
+       <version>\ |release|\</version>
    </dependency>
 
-Sbt
+sbt
 ^^^
 
-.. code-block:: sbt
+.. parsed-literal::
 
-   libraryDependencies += "org.apache.kyuubi" % "kyuubi-hive-jdbc-shaded" % "1.5.2-incubating"
+   libraryDependencies += "org.apache.kyuubi" % "kyuubi-hive-jdbc-shaded" % "\ |release|\"
 
 
 Gradle
 ^^^^^^
 
-.. code-block:: gradle
+.. parsed-literal::
 
-   implementation group: 'org.apache.kyuubi', name: 'kyuubi-hive-jdbc-shaded', version: '1.5.2-incubating'
+   implementation group: 'org.apache.kyuubi', name: 'kyuubi-hive-jdbc-shaded', version: '\ |release|\'
 
 Using the Driver in a JDBC Application
 **************************************
@@ -92,11 +92,9 @@ connection for JDBC:
 
 .. code-block:: java
 
-   private static Connection connectViaDM() throws Exception
-   {
-      Connection connection = null;
-      connection = DriverManager.getConnection(CONNECTION_URL);
-      return connection;
+   private static Connection newKyuubiConnection() throws Exception {
+     Connection connection = DriverManager.getConnection(CONNECTION_URL);
+     return connection;
    }
 
 .. _building_url:
@@ -112,12 +110,13 @@ accessing. The following is the format of the connection URL for the Kyuubi Hive
 
 .. code-block:: jdbc
 
-   jdbc:subprotocol://host:port/schema;<clientProperties;><[#|?]sessionProperties>
+   jdbc:subprotocol://host:port[/catalog]/[schema];<clientProperties;><[#|?]sessionProperties>
 
 - subprotocol: kyuubi or hive2
 - host: DNS or IP address of the kyuubi server
 - port: The number of the TCP port that the server uses to listen for client requests
-- dbName: Optional database name to set the current database to run the query against, use `default` if absent.
+- catalog: Optional catalog name to set the current catalog to run the query against.
+- schema: Optional database name to set the current database to run the query against, use `default` if absent.
 - clientProperties: Optional `semicolon(;)` separated `key=value` parameters identified and affect the client behavior locally. e.g., user=foo;password=bar.
 - sessionProperties: Optional `semicolon(;)` separated `key=value` parameters used to configure the session, operation or background engines.
   For instance, `kyuubi.engine.share.level=CONNECTION` determines the background engine instance is used only by the current connection. `spark.ui.enabled=false` disables the Spark UI of the engine.
@@ -127,7 +126,7 @@ accessing. The following is the format of the connection URL for the Kyuubi Hive
    - Properties are case-sensitive
    - Do not duplicate properties in the connection URL
 
-Connection URL over Http
+Connection URL over HTTP
 ************************
 
 .. versionadded:: 1.6.0
@@ -145,16 +144,78 @@ Connection URL over Service Discovery
 
    jdbc:subprotocol://<zookeeper quorum>/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=kyuubi
 
-- zookeeper quorum is the corresponding zookeeper cluster configured by `kyuubi.ha.zookeeper.quorum` at the server side.
-- zooKeeperNamespace is  the corresponding namespace configured by `kyuubi.ha.zookeeper.namespace` at the server side.
+- zookeeper quorum is the corresponding zookeeper cluster configured by `kyuubi.ha.addresses` at the server side.
+- zooKeeperNamespace is  the corresponding namespace configured by `kyuubi.ha.namespace` at the server side.
 
-Authentication
---------------
+Kerberos Authentication
+-----------------------
+Since 1.6.0, Kyuubi JDBC driver implements the Kerberos authentication based on JAAS framework instead of `Hadoop UserGroupInformation`_,
+which means it does not forcibly rely on Hadoop dependencies to connect a kerberized Kyuubi Server.
 
+Kyuubi JDBC driver supports different approaches to connect a kerberized Kyuubi Server. First of all, please follow
+the `krb5.conf instruction`_ to setup ``krb5.conf`` properly.
 
-DataTypes
----------
+Authentication by Principal and Keytab
+**************************************
+
+.. versionadded:: 1.6.0
+
+.. tip::
+
+   It's the simplest way w/ minimal setup requirements for Kerberos authentication.
+
+It's straightforward to use principal and keytab for Kerberos authentication, just simply configure them in the JDBC URL.
+
+.. code-block::
+   jdbc:subprotocol://<zookeeper quorum>/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=kyuubi
+   jdbc:kyuubi://host:port/schema;clientKeytab=<clientKeytab>;clientPrincipal=<clientPrincipal>;serverPrincipal=<serverPrincipal>
+
+- clientKeytab: path of Kerberos ``keytab`` file for client authentication
+- clientPrincipal: Kerberos ``principal`` for client authentication
+- serverPrincipal: Kerberos ``principal`` configured by `kyuubi.kinit.principal` at the server side. ``serverPrincipal`` is available
+  since 1.7.0, for previous versions, use ``principal`` instead.
+
+Authentication by Principal and TGT Cache
+*****************************************
+
+Another typical usage of Kerberos authentication is using `kinit` to generate the TGT cache first, then the application
+does Kerberos authentication through the TGT cache.
+
+.. code-block::
+
+   jdbc:kyuubi://host:port/schema;serverPrincipal=<serverPrincipal>
+
+Authentication by `Hadoop UserGroupInformation`_ ``doAs`` (programing only)
+***************************************************************************
+
+.. tip::
+
+  This approach allows project which already uses `Hadoop UserGroupInformation`_ for Kerberos authentication to easily
+  connect the kerberized Kyuubi Server. This approach does not work between [1.6.0, 1.7.0], and got fixed in 1.7.1.
+
+.. code-block::
+
+  String jdbcUrl = "jdbc:kyuubi://host:port/schema;serverPrincipal=<serverPrincipal>"
+  UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab);
+  ugi.doAs((PrivilegedExceptionAction<String>) () -> {
+    Connection conn = DriverManager.getConnection(jdbcUrl);
+    ...
+  });
+
+Authentication by Subject (programing only)
+*******************************************
+
+.. code-block:: java
+
+   String jdbcUrl = "jdbc:kyuubi://host:port/schema;serverPrincipal=<serverPrincipal>;kerberosAuthType=fromSubject"
+   Subject kerberizedSubject = ...;
+   Subject.doAs(kerberizedSubject, (PrivilegedExceptionAction<String>) () -> {
+     Connection conn = DriverManager.getConnection(jdbcUrl);
+     ...
+   });
 
 .. _Maven Central: https://mvnrepository.com/artifact/org.apache.kyuubi/kyuubi-hive-jdbc-shaded
 .. _JDBC Applications: ../bi_tools/index.html
 .. _java.sql.DriverManager: https://docs.oracle.com/javase/8/docs/api/java/sql/DriverManager.html
+.. _Hadoop UserGroupInformation: https://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/UserGroupInformation.html
+.. _krb5.conf instruction: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html
\ No newline at end of file
diff --git a/docs/extensions/server/authentication.rst b/docs/extensions/server/authentication.rst
index ab238040c..7a83b07c2 100644
--- a/docs/extensions/server/authentication.rst
+++ b/docs/extensions/server/authentication.rst
@@ -49,12 +49,12 @@ To create custom Authenticator class derived from the above interface, we need t
 
 - Referencing the library
 
-.. code-block:: xml
+.. parsed-literal::
 
    <dependency>
       <groupId>org.apache.kyuubi</groupId>
       <artifactId>kyuubi-common_2.12</artifactId>
-      <version>1.5.2-incubating</version>
+      <version>\ |release|\</version>
       <scope>provided</scope>
    </dependency>
 
diff --git a/docs/quick_start/quick_start_with_helm.md b/docs/quick_start/quick_start_with_helm.md
index a2de54445..0733a4de7 100644
--- a/docs/quick_start/quick_start_with_helm.md
+++ b/docs/quick_start/quick_start_with_helm.md
@@ -15,7 +15,7 @@
 - limitations under the License.
 -->
 
-# Getting Started With Kyuubi on Kubernetes
+# Getting Started with Helm
 
 ## Running Kyuubi with Helm
 
diff --git a/docs/quick_start/quick_start_with_jdbc.md b/docs/quick_start/quick_start_with_jdbc.md
index c22cc1b65..c40958191 100644
--- a/docs/quick_start/quick_start_with_jdbc.md
+++ b/docs/quick_start/quick_start_with_jdbc.md
@@ -15,82 +15,82 @@
 - limitations under the License.
 -->
 
-# Getting Started With Hive JDBC
+# Getting Started with Hive JDBC
 
-## How to install JDBC driver
+## How to get the Kyuubi JDBC driver
 
-Kyuubi JDBC driver is fully compatible with the 2.3.* version of hive JDBC driver, so we reuse hive JDBC driver to connect to Kyuubi server.
+Kyuubi Thrift API is fully compatible w/ HiveServer2, so technically, it allows to use any Hive JDBC driver to connect
+Kyuubi Server. But it's recommended to use [Kyuubi Hive JDBC driver](../client/jdbc/kyuubi_jdbc), which is forked from
+Hive 3.1.x JDBC driver, aims to support some missing functionalities of the original Hive JDBC driver.
 
-Add repository to your maven configuration file which may reside in `$MAVEN_HOME/conf/settings.xml`.
+The driver is available from Maven Central:
 
 ```xml
-<repositories>
-  <repository>
-    <id>central maven repo</id>
-    <name>central maven repo https</name>
-    <url>https://repo.maven.apache.org/maven2</url>
-  </repository>
-</repositories>
-```
-
-You can add below dependency to your `pom.xml` file in your application.
-
-```xml
-<!-- https://mvnrepository.com/artifact/org.apache.hive/hive-jdbc -->
-<dependency>
-    <groupId>org.apache.hive</groupId>
-    <artifactId>hive-jdbc</artifactId>
-    <version>2.3.7</version>
-</dependency>
 <dependency>
-    <groupId>org.apache.hadoop</groupId>
-    <artifactId>hadoop-common</artifactId>
-    <!-- keep consistent with the build hadoop version -->
-    <version>2.7.4</version>
+    <groupId>org.apache.kyuubi</groupId>
+    <artifactId>kyuubi-hive-jdbc-shaded</artifactId>
+    <version>1.7.0</version>
 </dependency>
 ```
 
-## Use JDBC driver with kerberos
+## Connect to non-kerberized Kyuubi Server
 
 The below java code is using a keytab file to login and connect to Kyuubi server by JDBC.
 
 ```java
 package org.apache.kyuubi.examples;
   
-import java.io.IOException;
-import java.security.PrivilegedExceptionAction;
 import java.sql.*;
 
-import org.apache.hadoop.security.UserGroupInformation;
- 
-public class JDBCTest {
- 
-    private static String driverName = "org.apache.hive.jdbc.HiveDriver";
-    private static String kyuubiJdbcUrl = "jdbc:hive2://localhost:10009/default;";
- 
-    public static void main(String[] args) throws ClassNotFoundException, SQLException {
-        String principal = args[0]; // kerberos principal
-        String keytab = args[1]; // keytab file location
-        Configuration configuration = new Configuration();
-        configuration.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos");
-        UserGroupInformation.setConfiguration(configuration);
-        UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab);
- 
-        Class.forName(driverName);
-        Connection conn = ugi.doAs(new PrivilegedExceptionAction<Connection>(){
-            public Connection run() throws SQLException {
-                return DriverManager.getConnection(kyuubiJdbcUrl);
-            }
-        });
-        Statement st = conn.createStatement();
-        ResultSet res = st.executeQuery("show databases");
-        while (res.next()) {
-            System.out.println(res.getString(1));
+public class KyuubiJDBC {
+
+  private static String driverName = "org.apache.kyuubi.jdbc.KyuubiHiveDriver";
+  private static String kyuubiJdbcUrl = "jdbc:kyuubi://localhost:10009/default;";
+
+  public static void main(String[] args) throws SQLException {
+    try (Connection conn = DriverManager.getConnection(kyuubiJdbcUrl)) {
+      try (Statement stmt = conn.createStatement()) {
+        try (ResultSet rs = st.executeQuery("show databases")) {
+          while (rs.next()) {
+            System.out.println(rs.getString(1));
+          }
+        }   
+      }
+    }
+  }
+}
+```
+
+## Connect to Kerberized Kyuubi Server
+
+The following Java code uses a keytab file to login and connect to Kyuubi Server by JDBC.
+
+```java
+package org.apache.kyuubi.examples;
+
+import java.sql.*;
+
+public class KyuubiJDBCDemo {
+
+  private static String driverName = "org.apache.kyuubi.jdbc.KyuubiHiveDriver";
+  private static String kyuubiJdbcUrlTemplate = "jdbc:kyuubi://localhost:10009/default;" +
+          "clientPrincipal=%s;clientKeytab=%s;serverPrincipal=%s";
+
+  public static void main(String[] args) throws SQLException {
+    String clientPrincipal = args[0]; // Kerberos principal
+    String clientKeytab = args[1];    // Keytab file location
+    String serverPrincipal = arg[2];  // Kerberos principal used by Kyuubi Server
+    String kyuubiJdbcUrl = String.format(kyuubiJdbcUrl, clientPrincipal, clientKeytab, serverPrincipal);
+    try (Connection conn = DriverManager.getConnection(kyuubiJdbcUrl)) {
+      try (Statement stmt = conn.createStatement()) {
+        try (ResultSet rs = st.executeQuery("show databases")) {
+          while (rs.next()) {
+            System.out.println(rs.getString(1));
+          }
         }
-        res.close();
-        st.close();
-        conn.close();
+      }
     }
+  }
 }
 ```
 
diff --git a/docs/quick_start/quick_start_with_jupyter.md b/docs/quick_start/quick_start_with_jupyter.md
index 44b3faa57..608da9284 100644
--- a/docs/quick_start/quick_start_with_jupyter.md
+++ b/docs/quick_start/quick_start_with_jupyter.md
@@ -15,5 +15,5 @@
 - limitations under the License.
 -->
 
-# Getting Started With Hive Jupyter Lap
+# Getting Started with Jupyter Lap
 

From d7c1c94f23af5c9b37be2ea298e22bb5e63ae35f Mon Sep 17 00:00:00 2001
From: "xu.guo" <xu.guo@brgroup.com>
Date: Tue, 4 Apr 2023 09:36:05 +0800
Subject: [PATCH 249/760] [KYUUBI #4619] Fix beeline with -e When there are
 other SQL statements before the source statement, the source statement cannot
 be executed normally

### _Why are the changes needed?_

When using beeline -e, if there is a newline or space between the source statement and the previous sql, the source statement will be misjudged as a sql statement and sent to the server for execution
![image](https://user-images.githubusercontent.com/20243868/227915694-42445ecb-7d0e-4ebe-8e8c-b2a25fe069a1.png)

![image](https://user-images.githubusercontent.com/20243868/227915440-fcc540d8-a265-4050-82de-3ffa25c7abc2.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4619 from thomasg19930417/master.

Closes #4619

a2bfc0f0a [xu.guo] Fix When there are other sql before the source statement, the source statement cannot be executed normally
1ec0b8124 [xu.guo] Fix When there are other sql before the source statement, the source statement cannot be executed normally
9abba3cf5 [thomasgx] Merge branch 'apache:master' into master
f8405eb93 [Cheng Pan] Update kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
3ad46c1d6 [Cheng Pan] Update kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
31fa80771 [xu.guo] Merge branch 'master' of https://github.com/thomasg19930417/kyuubi
41e090d66 [thomasgx] Merge branch 'apache:master' into master
ba82229a8 [xu.guo] Move initializeConsoleReader to KyuubiCommands#connect
e06927b78 [xu.guo] Replace create new  consoleReader instance with  call initializeConsoleReader
86f2e5078 [xu.guo] Fix code style
b0c472229 [xu.guo] Fix Beeline with -i run sql faild
042987aa6 [xu.guo] Fix Beeline with -i run sql faild

Lead-authored-by: xu.guo <xu.guo@brgroup.com>
Co-authored-by: thomasgx <570736711@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../src/main/java/org/apache/hive/beeline/KyuubiCommands.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 311cb6a95..9ce4cb6f7 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -54,12 +54,14 @@ private String[] tokenizeCmd(String cmd) {
   }
 
   private boolean isSourceCMD(String cmd) {
+    cmd = cmd.trim();
     if (cmd == null || cmd.isEmpty()) return false;
     String[] tokens = tokenizeCmd(cmd);
     return tokens[0].equalsIgnoreCase("source");
   }
 
   private boolean sourceFile(String cmd) {
+    cmd = cmd.trim();
     String[] tokens = tokenizeCmd(cmd);
     String cmd_1 = getFirstCmd(cmd, tokens[0].length());
 

From f0796ec0783b386ef3530da73ac744e375986ca5 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Tue, 4 Apr 2023 10:56:43 +0800
Subject: [PATCH 250/760] [KYUUBI #4522] `use:catalog` should execute before
 than `use:database`

### _Why are the changes needed?_

close #4522

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4648 from lsm1/fix/kyuubi_4522.

Closes #4522

e06046899 [senmiaoliu] use foreach
bd83d6623 [senmiaoliu] spilt narmalizedConf
4d8445aac [senmiaoliu] avoid sort
eda34d480 [senmiaoliu] use catalog first

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../flink/session/FlinkSessionImpl.scala      | 45 +++++++++++--------
 .../spark/session/SparkSessionImpl.scala      | 41 ++++++++++-------
 .../trino/session/TrinoSessionImpl.scala      |  8 +++-
 3 files changed, 58 insertions(+), 36 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
index 75087b48c..a4b6a8a90 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
@@ -57,25 +57,34 @@ class FlinkSessionImpl(
 
   override def open(): Unit = {
     executor.openSession(handle.identifier.toString)
-    normalizedConf.foreach {
-      case ("use:catalog", catalog) =>
-        val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-        try {
-          tableEnv.useCatalog(catalog)
-        } catch {
-          case NonFatal(e) =>
+
+    val (useCatalogAndDatabaseConf, otherConf) = normalizedConf.partition { case (k, _) =>
+      Array("use:catalog", "use:database").contains(k)
+    }
+
+    useCatalogAndDatabaseConf.get("use:catalog").foreach { catalog =>
+      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
+      try {
+        tableEnv.useCatalog(catalog)
+      } catch {
+        case NonFatal(e) =>
+          throw e
+      }
+    }
+
+    useCatalogAndDatabaseConf.get("use:database").foreach { database =>
+      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
+      try {
+        tableEnv.useDatabase(database)
+      } catch {
+        case NonFatal(e) =>
+          if (database != "default") {
             throw e
-        }
-      case ("use:database", database) =>
-        val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-        try {
-          tableEnv.useDatabase(database)
-        } catch {
-          case NonFatal(e) =>
-            if (database != "default") {
-              throw e
-            }
-        }
+          }
+      }
+    }
+
+    otherConf.foreach {
       case (key, value) => setModifiableConfig(key, value)
     }
     super.open()
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index 78164ff5f..96fc43e85 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -54,22 +54,31 @@ class SparkSessionImpl(
   private val sessionEvent = SessionEvent(this)
 
   override def open(): Unit = {
-    normalizedConf.foreach {
-      case ("use:catalog", catalog) =>
-        try {
-          SparkCatalogShim().setCurrentCatalog(spark, catalog)
-        } catch {
-          case e if e.getMessage.contains("Cannot find catalog plugin class for catalog") =>
-            warn(e.getMessage())
-        }
-      case ("use:database", database) =>
-        try {
-          SparkCatalogShim().setCurrentDatabase(spark, database)
-        } catch {
-          case e
-              if database == "default" && e.getMessage != null &&
-                e.getMessage.contains("not found") =>
-        }
+
+    val (useCatalogAndDatabaseConf, otherConf) = normalizedConf.partition { case (k, _) =>
+      Array("use:catalog", "use:database").contains(k)
+    }
+
+    useCatalogAndDatabaseConf.get("use:catalog").foreach { catalog =>
+      try {
+        SparkCatalogShim().setCurrentCatalog(spark, catalog)
+      } catch {
+        case e if e.getMessage.contains("Cannot find catalog plugin class for catalog") =>
+          warn(e.getMessage())
+      }
+    }
+
+    useCatalogAndDatabaseConf.get("use:database").foreach { database =>
+      try {
+        SparkCatalogShim().setCurrentDatabase(spark, database)
+      } catch {
+        case e
+            if database == "default" && e.getMessage != null &&
+              e.getMessage.contains("not found") =>
+      }
+    }
+
+    otherConf.foreach {
       case (key, value) => setModifiableConfig(key, value)
     }
     KDFRegistry.registerAll(spark)
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index 81f973b1b..1a96bed73 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -57,10 +57,14 @@ class TrinoSessionImpl(
   private val sessionEvent = TrinoSessionEvent(this)
 
   override def open(): Unit = {
-    normalizedConf.foreach {
+
+    val (useCatalogAndDatabaseConf, _) = normalizedConf.partition { case (k, _) =>
+      Array("use:catalog", "use:database").contains(k)
+    }
+
+    useCatalogAndDatabaseConf.foreach {
       case ("use:catalog", catalog) => catalogName = catalog
       case ("use:database", database) => databaseName = database
-      case _ => // do nothing
     }
 
     val httpClient = new OkHttpClient.Builder().build()

From 0c6ba949302161f74be69051ceef57add3fedca1 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 4 Apr 2023 11:05:06 +0800
Subject: [PATCH 251/760] [KYUUBI #4622][UI] Session api use admin api for
 security

### _Why are the changes needed?_

Close #4622

Currently, we don't have a login for the UI, so we can't differentiate between users.

So, we currently maintain a cautious attitude towards the kyuubi ui open API(especially the ability to delete resources) and choose `AdminResource`, which helps us filter non-Admin requests (although the current strategy is not perfect, it is a safe and quick step).

Change api `api/v1/XXX` => `api/v1/admin/XXX`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4631 from zwangsheng/KYUUBI_4622.

Closes #4622

3a611896f [zwangsheng] [KYUUBI #4622][UI] Session api use admin resource for security

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/src/api/session/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/web-ui/src/api/session/index.ts b/kyuubi-server/web-ui/src/api/session/index.ts
index 6af5a817f..5f3c74fef 100644
--- a/kyuubi-server/web-ui/src/api/session/index.ts
+++ b/kyuubi-server/web-ui/src/api/session/index.ts
@@ -19,14 +19,14 @@ import request from '@/utils/request'
 
 export function getAllSessions() {
   return request({
-    url: 'api/v1/sessions',
+    url: 'api/v1/admin/sessions',
     method: 'get'
   })
 }
 
 export function deleteSession(sessionId: string) {
   return request({
-    url: `api/v1/sessions/${sessionId}`,
+    url: `api/v1/admin/sessions/${sessionId}`,
     method: 'delete'
   })
 }

From 7a83901ea24a8035fbbed8de1e20b05712becfef Mon Sep 17 00:00:00 2001
From: Karsonnel <747100667@qq.com>
Date: Tue, 4 Apr 2023 13:46:01 +0800
Subject: [PATCH 252/760] [KYUUBI #4658] [Authz] [Bug] Fix
 InsertIntoHiveDirCommand classname so that we can extract the query in it
 when authorization.

### _Why are the changes needed?_

To fix https://github.com/apache/kyuubi/issues/4658.

### _How was this patch tested?_

Add ut that will run a InsertHiveDirCommand which query from a no permission table

- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4660 from Karsonnel/4658-authz-insert.

Closes #4658

1dfb60ea4 [Karsonnel] fix style
8063ec067 [Karsonnel] Update PrivilegesBuilderSuite.scala
4c6c8e1e2 [Karsonnel] add a test in privilegeBuilderSuite
5c652d3df [root] fix InsertIntoHiveDirCommand classname

Lead-authored-by: Karsonnel <747100667@qq.com>
Co-authored-by: root <root@example.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    |  2 +-
 .../spark/authz/PrivilegesBuilderSuite.scala  | 28 ++++++++++++++++++-
 .../spark/authz/gen/TableCommands.scala       |  2 +-
 .../ranger/RangerSparkExtensionSuite.scala    | 17 +++++++++++
 4 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index f1c2297b3..81ccd8da0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1244,7 +1244,7 @@
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
 }, {
-  "classname" : "org.apache.spark.sql.execution.datasources.InsertIntoHiveDirCommand",
+  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
   "tableDescs" : [ ],
   "opType" : "QUERY",
   "queryDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 439290917..e9483eb34 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -1546,7 +1546,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     }
   }
 
-  test("InsertIntoHiveDirCommand") {
+  test("InsertIntoDataSourceDirCommand") {
     assume(!isSparkV2)
     val tableDirectory = getClass.getResource("/").getPath + "table_directory"
     val directory = File(tableDirectory).createDirectory()
@@ -1572,6 +1572,32 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(out.isEmpty)
   }
 
+  test("InsertIntoHiveDirCommand") {
+    assume(!isSparkV2)
+    val tableDirectory = getClass.getResource("/").getPath + "table_directory"
+    val directory = File(tableDirectory).createDirectory()
+    val plan = sql(
+      s"""
+         |INSERT OVERWRITE DIRECTORY '$directory.path'
+         |ROW FORMAT DELIMITED FIELDS TERMINATED BY ','
+         |SELECT * FROM $reusedPartTable""".stripMargin)
+      .queryExecution.analyzed
+    val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
+    assert(operationType === QUERY)
+    assert(in.size === 1)
+    val po0 = in.head
+    assert(po0.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assert(po0.dbname equalsIgnoreCase reusedDb)
+    assert(po0.objectName equalsIgnoreCase reusedPartTable.split("\\.").last)
+    assert(po0.columns === Seq("key", "value", "pid"))
+    checkTableOwner(po0)
+    val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
+    assert(accessType0 === AccessType.SELECT)
+
+    assert(out.isEmpty)
+  }
+
   test("InsertIntoHiveTableCommand") {
     assume(!isSparkV2)
     val tableName = "InsertIntoHiveTable"
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index a8b8121e2..7bf01b43f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -637,7 +637,7 @@ object TableCommands {
       "org.apache.spark.sql.execution.datasources.SaveIntoDataSourceCommand"),
     InsertIntoHadoopFsRelationCommand,
     InsertIntoDataSourceDir.copy(classname =
-      "org.apache.spark.sql.execution.datasources.InsertIntoHiveDirCommand"),
+      "org.apache.spark.sql.execution.datasources.InsertIntoDataSourceDirCommand"),
     InsertIntoHiveTable,
     LoadData,
     MergeIntoTable,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 4ccf15cba..2d108615e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -707,4 +707,21 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       sql(s"SHOW TABLES IN $db").queryExecution.optimizedPlan.stats
     }
   }
+
+  test("[KYUUBI #4658] INSERT OVERWRITE DIRECTORY did check query permission") {
+    val db1 = "default"
+    val table = "src"
+
+    withCleanTmpResources(Seq((s"$db1.$table", "table"))) {
+      doAs("bob", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      val e1 = intercept[AccessControlException](
+        doAs(
+          "someone",
+          sql(
+            s"""INSERT OVERWRITE DIRECTORY '/tmp/test_dir' ROW FORMAT DELIMITED FIELDS
+               | TERMINATED BY ','
+               | SELECT * FROM $db1.$table;""".stripMargin)))
+      assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id"))
+    }
+  }
 }

From 82c53924d5d2ad3628fd19be38fd4d6617ce9724 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 4 Apr 2023 16:19:45 +0800
Subject: [PATCH 253/760] [KYUUBI #4657] Building rest client to kyuubi
 instance including original host urls

### _Why are the changes needed?_

Usually, the host url to create a batch is the load balancer uri.

To reduce the internal rest redirection when fetching log, we support to call the kyuubi instance that created the batch directly.

It is better to add original host urls when building the rest client to kyuubi instance, in case that there is firewall to the kyuubi instance directly.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4657 from turboFei/direct_connect.

Closes #4657

084fdfb49 [fwang12] host urls
689ff8f8c [fwang12] rest client

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../scala/org/apache/kyuubi/ctl/RestClientFactory.scala   | 5 ++++-
 .../java/org/apache/kyuubi/client/KyuubiRestClient.java   | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala
index bbaa5f668..75b490a4a 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala
@@ -18,6 +18,8 @@ package org.apache.kyuubi.ctl
 
 import java.util.{Map => JMap}
 
+import scala.collection.JavaConverters._
+
 import org.apache.commons.lang3.StringUtils
 
 import org.apache.kyuubi.KyuubiException
@@ -45,7 +47,8 @@ object RestClientFactory {
       kyuubiRestClient: KyuubiRestClient,
       kyuubiInstance: String)(f: KyuubiRestClient => Unit): Unit = {
     val kyuubiInstanceRestClient = kyuubiRestClient.clone()
-    kyuubiInstanceRestClient.setHostUrls(s"http://${kyuubiInstance}")
+    val hostUrls = Seq(s"http://$kyuubiInstance") ++ kyuubiRestClient.getHostUrls.asScala
+    kyuubiInstanceRestClient.setHostUrls(hostUrls.asJava)
     try {
       f(kyuubiInstanceRestClient)
     } finally {
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/KyuubiRestClient.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/KyuubiRestClient.java
index dbcc89b16..c83eff7e0 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/KyuubiRestClient.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/KyuubiRestClient.java
@@ -30,6 +30,8 @@ public class KyuubiRestClient implements AutoCloseable, Cloneable {
 
   private RestClientConf conf;
 
+  private List<String> hostUrls;
+
   private List<String> baseUrls;
 
   private ApiVersion version;
@@ -77,14 +79,20 @@ public void setHostUrls(List<String> hostUrls) {
     if (hostUrls.isEmpty()) {
       throw new IllegalArgumentException("hostUrls cannot be blank.");
     }
+    this.hostUrls = hostUrls;
     List<String> baseUrls = initBaseUrls(hostUrls, version);
     this.httpClient = RetryableRestClient.getRestClient(baseUrls, this.conf);
   }
 
+  public List<String> getHostUrls() {
+    return hostUrls;
+  }
+
   private KyuubiRestClient() {}
 
   private KyuubiRestClient(Builder builder) {
     this.version = builder.version;
+    this.hostUrls = builder.hostUrls;
     this.baseUrls = initBaseUrls(builder.hostUrls, builder.version);
 
     RestClientConf conf = new RestClientConf();

From 061545b2bd632586d8d8367ff6d90dea3949e52f Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Tue, 4 Apr 2023 17:06:57 +0800
Subject: [PATCH 254/760] [KYUUBI #4664] Fix empty relation when kill executors

### _Why are the changes needed?_

This pr fixes a corner case when repartition on a local relation. e.g.,
```
Repartition
      |
LocalRelation
```

it would throw exception since there is no a actually shuffle happen
```
java.util.NoSuchElementException: key not found: 3
	at scala.collection.MapLike.default(MapLike.scala:235)
	at scala.collection.MapLike.default$(MapLike.scala:234)
	at scala.collection.AbstractMap.default(Map.scala:63)
	at scala.collection.MapLike.apply(MapLike.scala:144)
	at scala.collection.MapLike.apply$(MapLike.scala:143)
	at scala.collection.AbstractMap.apply(Map.scala:63)
	at org.apache.spark.sql.FinalStageResourceManager.findExecutorToKill(FinalStageResourceManager.scala:122)
	at org.apache.spark.sql.FinalStageResourceManager.killExecutors(FinalStageResourceManager.scala:175)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4664 from ulysses-you/kill-executors-followup.

Closes #4664

3811eaee9 [ulysses-you] Fix empty relation

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../apache/spark/sql/FinalStageResourceManager.scala | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index 2bf7ae6b7..ca3f762e1 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -69,6 +69,7 @@ case class FinalStageResourceManager(session: SparkSession)
       return plan
     }
 
+    // TODO: move this to query stage optimizer when updating Spark to 3.5.x
     // Since we are in `prepareQueryStage`, the AQE shuffle read has not been applied.
     // So we need to apply it by self.
     val shuffleRead = queryStageOptimizerRules.foldLeft(stageOpt.get.asInstanceOf[SparkPlan]) {
@@ -119,7 +120,11 @@ case class FinalStageResourceManager(session: SparkSession)
       shuffleId: Int,
       numReduce: Int): Seq[String] = {
     val tracker = SparkEnv.get.mapOutputTracker.asInstanceOf[MapOutputTrackerMaster]
-    val shuffleStatus = tracker.shuffleStatuses(shuffleId)
+    val shuffleStatusOpt = tracker.shuffleStatuses.get(shuffleId)
+    if (shuffleStatusOpt.isEmpty) {
+      return Seq.empty
+    }
+    val shuffleStatus = shuffleStatusOpt.get
     val executorToBlockSize = new mutable.HashMap[String, Long]
     shuffleStatus.withMapStatuses { mapStatus =>
       mapStatus.foreach { status =>
@@ -175,6 +180,9 @@ case class FinalStageResourceManager(session: SparkSession)
     val executorsToKill = findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
     logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
       s"[${executorsToKill.mkString(", ")}].")
+    if (executorsToKill.isEmpty) {
+      return
+    }
 
     // Note, `SparkContext#killExecutors` does not allow with DRA enabled,
     // see `https://github.com/apache/spark/pull/20604`.
@@ -201,7 +209,7 @@ trait FinalRebalanceStageHelper {
       case f: FilterExec => findFinalRebalanceStage(f.child)
       case s: SortExec if !s.global => findFinalRebalanceStage(s.child)
       case stage: ShuffleQueryStageExec
-          if stage.isMaterialized &&
+          if stage.isMaterialized && stage.mapStats.isDefined &&
             stage.plan.isInstanceOf[ShuffleExchangeExec] &&
             stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleOrigin != ENSURE_REQUIREMENTS =>
         Some(stage)

From 473907c7291baf2a0de7dbc4b9a4a5717f5376cf Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Wed, 5 Apr 2023 00:03:28 +0800
Subject: [PATCH 255/760] [KYUUBI #4653] [KYUUBI 4650][Improvement]
 LogDivertAppender supports reading RollingFileAppender pattern

### _Why are the changes needed?_

close #4650

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4653 from lsm1/features/kyuubi_4650.

Closes #4653

79962aa16 [senmiaoliu] reformat
e4bb73281 [senmiaoliu] respect user log pattern

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/operation/log/Log4j12DivertAppender.scala | 2 +-
 .../apache/kyuubi/operation/log/Log4j2DivertAppender.scala  | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala
index df2ef93d8..6ea853485 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j12DivertAppender.scala
@@ -30,7 +30,7 @@ class Log4j12DivertAppender extends WriterAppender {
 
   final private val lo = Logger.getRootLogger
     .getAllAppenders.asScala
-    .find(_.isInstanceOf[ConsoleAppender])
+    .find(ap => ap.isInstanceOf[ConsoleAppender] || ap.isInstanceOf[RollingFileAppender])
     .map(_.asInstanceOf[Appender].getLayout)
     .getOrElse(new PatternLayout("%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n"))
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
index dc4b24a8c..1c6c1dcc6 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
@@ -24,7 +24,7 @@ import scala.collection.JavaConverters._
 
 import org.apache.logging.log4j.LogManager
 import org.apache.logging.log4j.core.{Filter, LogEvent, StringLayout}
-import org.apache.logging.log4j.core.appender.{AbstractWriterAppender, ConsoleAppender, WriterManager}
+import org.apache.logging.log4j.core.appender.{AbstractWriterAppender, ConsoleAppender, RollingFileAppender, WriterManager}
 import org.apache.logging.log4j.core.filter.AbstractFilter
 import org.apache.logging.log4j.core.layout.PatternLayout
 
@@ -91,7 +91,9 @@ object Log4j2DivertAppender {
   def initLayout(): StringLayout = {
     LogManager.getRootLogger.asInstanceOf[org.apache.logging.log4j.core.Logger]
       .getAppenders.values().asScala
-      .find(ap => ap.isInstanceOf[ConsoleAppender] && ap.getLayout.isInstanceOf[StringLayout])
+      .find(ap =>
+        (ap.isInstanceOf[ConsoleAppender] || ap.isInstanceOf[RollingFileAppender]) &&
+          ap.getLayout.isInstanceOf[StringLayout])
       .map(_.getLayout.asInstanceOf[StringLayout])
       .getOrElse(PatternLayout.newBuilder().withPattern(
         "%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n").build())

From 015b800156d7e0e56ba1246fe6a3781950620e3a Mon Sep 17 00:00:00 2001
From: He Zhao <hezhao2@cisco.com>
Date: Wed, 5 Apr 2023 17:31:10 +0800
Subject: [PATCH 256/760] [KYUUBI #3650][UI] Add Operation Statistics Page

### _Why are the changes needed?_

Close #3650

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

![popo_2023-04-04  15-50-15](https://user-images.githubusercontent.com/52876270/229724723-c6ddc892-0a1c-4d38-acf6-f2c6c8bf20b2.jpg)

Closes #4663 from zwangsheng/KYUUBI_3650.

Closes #3650

277e544e6 [Cheng Pan] Update kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
688cfb44e [zwangsheng] i18n
ed314d7c8 [zwangsheng] [KYUUBI #3650][UI] Add Operation Statistics Page
c1965031a [zwangsheng] [KYUUBI #3650][UI] Add Operation Statistics Page
65779b878 [zwangsheng] [KYUUBI #3650][UI] Add Operation Statistics Page

Lead-authored-by: He Zhao <hezhao2@cisco.com>
Co-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../web-ui/src/api/operation/index.ts         |  38 +++++
 .../web-ui/src/locales/en_US/index.ts         |  14 +-
 .../web-ui/src/locales/zh_CN/index.ts         |  14 +-
 .../web-ui/src/router/operation/index.ts      |   5 +
 kyuubi-server/web-ui/src/utils/unit.ts        |  39 +++++
 .../views/layout/components/aside/types.ts    |   5 +
 .../operation/operation-statistics/index.vue  | 144 ++++++++++++++++++
 7 files changed, 257 insertions(+), 2 deletions(-)
 create mode 100644 kyuubi-server/web-ui/src/api/operation/index.ts
 create mode 100644 kyuubi-server/web-ui/src/utils/unit.ts
 create mode 100644 kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue

diff --git a/kyuubi-server/web-ui/src/api/operation/index.ts b/kyuubi-server/web-ui/src/api/operation/index.ts
new file mode 100644
index 000000000..51a3b5394
--- /dev/null
+++ b/kyuubi-server/web-ui/src/api/operation/index.ts
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import request from '@/utils/request'
+
+export function getAllOperations() {
+  return request({
+    url: 'api/v1/admin/operations',
+    method: 'get'
+  })
+}
+
+export function actionOnOperation(
+  operationId: string,
+  data: {
+    action: 'CANCEL' | 'CLOSE'
+  }
+) {
+  return request({
+    url: `api/v1/operations/${operationId}`,
+    method: 'put',
+    data
+  })
+}
diff --git a/kyuubi-server/web-ui/src/locales/en_US/index.ts b/kyuubi-server/web-ui/src/locales/en_US/index.ts
index 99e851651..d50f22915 100644
--- a/kyuubi-server/web-ui/src/locales/en_US/index.ts
+++ b/kyuubi-server/web-ui/src/locales/en_US/index.ts
@@ -21,11 +21,23 @@ export default {
   client_ip: 'Client IP',
   kyuubi_instance: 'Kyuubi Instance',
   session_id: 'Session ID',
+  operation_id: 'Operation ID',
   create_time: 'Create Time',
   operation: 'Operation',
   delete_confirm: 'Delete Confirm',
+  close_confirm: 'Close Confirm',
+  cancel_confirm: 'Cancel Confirm',
+  start_time: 'State Time',
+  complete_time: 'Completed Time',
+  state: 'State',
+  duration: 'Duration',
+  statement: 'Statement',
   message: {
     delete_succeeded: 'Delete {name} Succeeded',
-    delete_failed: 'Delete {name} Failed'
+    delete_failed: 'Delete {name} Failed',
+    close_succeeded: 'Close {name} Succeeded',
+    close_failed: 'Close {name} Failed',
+    cancel_succeeded: 'Cancel {name} Succeeded',
+    cancel_failed: 'Cancel {name} Failed'
   }
 }
diff --git a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
index 016aaa8e7..443d129cc 100644
--- a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
+++ b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
@@ -21,11 +21,23 @@ export default {
   client_ip: '客户端地址',
   kyuubi_instance: '服务端地址',
   session_id: 'Session ID',
+  operation_id: 'Operation ID',
   create_time: '创建时间',
   operation: '操作',
   delete_confirm: '确认删除',
+  close_confirm: '确认关闭',
+  cancel_confirm: '确认取消',
+  start_time: '开始时间',
+  complete_time: '完成时间',
+  state: '状态',
+  duration: '运行时间',
+  statement: 'Statement',
   message: {
     delete_succeeded: '删除 {name} 成功',
-    delete_failed: '删除 {name} 失败'
+    delete_failed: '删除 {name} 失败',
+    close_succeeded: '关闭 {name} 成功',
+    close_failed: '关闭 {name} 失败',
+    cancel_succeeded: '取消 {name} 成功',
+    cancel_failed: '取消 {name} 失败'
   }
 }
diff --git a/kyuubi-server/web-ui/src/router/operation/index.ts b/kyuubi-server/web-ui/src/router/operation/index.ts
index 03ba4c285..8d6dfbd91 100644
--- a/kyuubi-server/web-ui/src/router/operation/index.ts
+++ b/kyuubi-server/web-ui/src/router/operation/index.ts
@@ -25,6 +25,11 @@ const routes = [
     path: '/operation/completedJobs',
     name: 'operation-completedJobs',
     component: () => import('@/views/operation/completedJobs/index.vue')
+  },
+  {
+    path: '/operation/operation-statistics',
+    name: 'operation-statistics',
+    component: () => import('@/views/operation/operation-statistics/index.vue')
   }
 ]
 
diff --git a/kyuubi-server/web-ui/src/utils/unit.ts b/kyuubi-server/web-ui/src/utils/unit.ts
new file mode 100644
index 000000000..7e43e48f9
--- /dev/null
+++ b/kyuubi-server/web-ui/src/utils/unit.ts
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+function millTransfer(val: number) {
+  return secondTransfer(val / 1000)
+}
+
+function secondTransfer(val: number) {
+  const h = Math.floor(val / 3600)
+  const min = Math.floor((val - 3600 * h) / 60)
+  const sec = Math.round(val - 3600 * h - 60 * min)
+  return h === 0
+    ? min == 0
+      ? `${sec} sec`
+      : sec === 0
+      ? `${min} min`
+      : `${min} min ${sec} sec`
+    : sec === 0
+    ? min !== 0
+      ? `${h} hour ${min} min`
+      : `${h} hour`
+    : `${h} hour ${min} min ${sec} sec`
+}
+
+export { millTransfer, secondTransfer }
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
index 71d1d0128..4772c1a4e 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
@@ -61,6 +61,11 @@ export const MENUS = [
     label: 'Operation',
     icon: 'List',
     children: [
+      {
+        label: 'Operation Statistics',
+        icon: 'VideoPlay',
+        router: '/operation/operation-statistics'
+      },
       {
         label: 'Running Jobs',
         icon: 'VideoPlay',
diff --git a/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue b/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
new file mode 100644
index 000000000..ff6706c72
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
@@ -0,0 +1,144 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<template>
+  <el-card class="table-container">
+    <el-table v-loading="loading" :data="tableData" style="width: 100%">
+      <el-table-column prop="sessionUser" :label="$t('user')" width="160" />
+      <el-table-column
+        prop="identifier"
+        :label="$t('operation_id')"
+        width="300" />
+      <el-table-column prop="statement" :label="$t('statement')" width="160" />
+      <el-table-column prop="state" :label="$t('state')" width="160" />
+      <el-table-column :label="$t('start_time')" width="160">
+        <template #default="scope">
+          {{
+            scope.row.startTime != null && scope.row.startTime > 0
+              ? format(scope.row.startTime, 'yyyy-MM-dd HH:mm:ss')
+              : '-'
+          }}
+        </template>
+      </el-table-column>
+      <el-table-column :label="$t('complete_time')" width="160">
+        <template #default="scope">
+          {{
+            scope.row.completeTime != null && scope.row.completeTime > 0
+              ? format(scope.row.completeTime, 'yyyy-MM-dd HH:mm:ss')
+              : '-'
+          }}
+        </template>
+      </el-table-column>
+      <el-table-column :label="$t('duration')" width="140">
+        <template #default="scope">{{
+          scope.row.startTime != null &&
+          scope.row.completeTime != null &&
+          scope.row.startTime > 0 &&
+          scope.row.completeTime > 0
+            ? millTransfer(scope.row.completeTime - scope.row.startTime)
+            : '-'
+        }}</template>
+      </el-table-column>
+      <el-table-column fixed="right" :label="$t('operation')" width="110">
+        <template #default="scope">
+          <el-space wrap>
+            <el-popconfirm
+              v-if="!isTerminalState(scope.row.state)"
+              :title="$t('cancel_confirm')"
+              @confirm="handleOperate(scope.row.identifier, 'CANCEL')">
+              <template #reference>
+                <span>
+                  <el-tooltip
+                    effect="dark"
+                    :content="$t('cancel')"
+                    placement="top">
+                    <template #default>
+                      <el-button type="danger" icon="Remove" circle />
+                    </template>
+                  </el-tooltip>
+                </span>
+              </template>
+            </el-popconfirm>
+            <el-popconfirm
+              :title="$t('close_confirm')"
+              @confirm="handleOperate(scope.row.identifier, 'CLOSE')">
+              <template #reference>
+                <span>
+                  <el-tooltip
+                    effect="dark"
+                    :content="$t('close')"
+                    placement="top">
+                    <template #default>
+                      <el-button type="danger" icon="CircleClose" circle />
+                    </template>
+                  </el-tooltip>
+                </span>
+              </template>
+            </el-popconfirm>
+          </el-space>
+        </template>
+      </el-table-column>
+    </el-table>
+  </el-card>
+</template>
+
+<script lang="ts" setup>
+  import { getAllOperations, actionOnOperation } from '@/api/operation'
+  import { millTransfer } from '@/utils/unit'
+  import { format } from 'date-fns'
+  import { useI18n } from 'vue-i18n'
+  import { ElMessage } from 'element-plus'
+  import { useTable } from '@/views/common/use-table'
+
+  const { t } = useI18n()
+  const { tableData, loading, getList: _getList } = useTable()
+  const handleOperate = (operationId: string, action: 'CANCEL' | 'CLOSE') => {
+    actionOnOperation(operationId, { action: action }).then(() => {
+      // TODO add delete success or failed logic after api support
+      ElMessage({
+        message: t(`${action.toLowerCase()}_succeeded`, {
+          operationId: operationId
+        }),
+        type: 'success'
+      })
+      getList()
+    })
+  }
+  const getList = () => {
+    _getList(getAllOperations)
+  }
+
+  const terminalStates = new Set([
+    'FINISHED_STATE',
+    'CLOSED_STATE',
+    'CANCELED_STATE',
+    'TIMEOUT_STATE',
+    'ERROR_STATE'
+  ])
+
+  function isTerminalState(state: string): Boolean {
+    return terminalStates.has(state)
+  }
+  getList()
+</script>
+<style lang="scss" scoped>
+  header {
+    display: flex;
+    justify-content: flex-end;
+  }
+</style>

From 1241a3891431cda602269bd49dcb8621ad77bbb5 Mon Sep 17 00:00:00 2001
From: Ruguo Yu <jiang7chengzitc@163.com>
Date: Thu, 6 Apr 2023 09:49:33 +0800
Subject: [PATCH 257/760] [KYUUBI #4666] Support flink varbinary type in query
 operation

### _Why are the changes needed?_
closed #1770
Support flink `varbinary` type in query operation

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4666 from yuruguo/support-flink-varbinary-type.

Closes #4666

e05675e03 [Ruguo Yu] Support flink varbinary type in query operation

Authored-by: Ruguo Yu <jiang7chengzitc@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/flink/operation/ExecuteStatement.scala      |  2 +-
 .../org/apache/kyuubi/engine/flink/schema/RowSet.scala |  3 ++-
 .../engine/flink/operation/FlinkOperationSuite.scala   | 10 ++++++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index 0438b98d1..de104150f 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -177,7 +177,7 @@ class ExecuteStatement(
               row.setField(i, d.toObjectArray(arrayType.getElementType))
             case _ =>
           }
-        case _: BinaryType =>
+        case _: BinaryType | _: VarBinaryType =>
           row.setField(i, r.getBinary(i))
         case _: BigIntType =>
           row.setField(i, r.getLong(i))
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
index ad83f9c2b..13cf5e717 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
@@ -307,6 +307,7 @@ object RowSet {
     case _: MapType => TTypeId.MAP_TYPE
     case _: RowType => TTypeId.STRUCT_TYPE
     case _: BinaryType => TTypeId.BINARY_TYPE
+    case _: VarBinaryType => TTypeId.BINARY_TYPE
     case _: TimeType => TTypeId.STRING_TYPE
     case t @ (_: ZonedTimestampType | _: LocalZonedTimestampType | _: MultisetType |
         _: YearMonthIntervalType | _: DayTimeIntervalType) =>
@@ -369,7 +370,7 @@ object RowSet {
         // Only match string in nested type values
         "\"" + s + "\""
 
-      case (bin: Array[Byte], _: BinaryType) =>
+      case (bin: Array[Byte], _ @(_: BinaryType | _: VarBinaryType)) =>
         new String(bin, StandardCharsets.UTF_8)
 
       case (other, _) =>
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 5026fd411..8345d4f9f 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -812,6 +812,16 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
     }
   }
 
+  test("execute statement - select varbinary") {
+    withJdbcStatement() { statement =>
+      val resultSet = statement.executeQuery("select cast('kyuubi' as varbinary)")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) == "kyuubi")
+      val metaData = resultSet.getMetaData
+      assert(metaData.getColumnType(1) === java.sql.Types.BINARY)
+    }
+  }
+
   test("execute statement - select float") {
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("SELECT cast(0.1 as float)")

From 6760c955cf57461389200ff08c78da7be71627fa Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Fri, 7 Apr 2023 12:07:47 +0800
Subject: [PATCH 258/760] [KYUUBI #4669] LDAP authentication allows auth user
 contains domain when bind.dn/pw enabled

### _Why are the changes needed?_

Now, with binduser and bindpw enabled, the user authentication pass is incompatible with the domain user.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4669 from dev-lpq/ldap_auth.

Closes #4669

b4d158718 [pengqli] LDAP authentication allows user contains domain UT
d365bdcb4 [pengqli] support LDAP authentication user has domain

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../LdapAuthenticationProviderImpl.scala      |  7 ++---
 .../authentication/ldap/LdapUtils.scala       | 15 ++++++++++-
 .../LdapAuthenticationProviderImplSuite.scala | 27 +++++++++++++++++++
 3 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
index 06d08f3e4..d885da55b 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
@@ -27,6 +27,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.service.ServiceUtils
 import org.apache.kyuubi.service.authentication.LdapAuthenticationProviderImpl.FILTER_FACTORIES
 import org.apache.kyuubi.service.authentication.ldap._
+import org.apache.kyuubi.service.authentication.ldap.LdapUtils.getUserName
 
 class LdapAuthenticationProviderImpl(
     conf: KyuubiConf,
@@ -70,7 +71,8 @@ class LdapAuthenticationProviderImpl(
       if (usedBind) {
         // If we used the bind user, then we need to authenticate again,
         // this time using the full user name we got during the bind process.
-        createDirSearch(search.findUserDn(user), password)
+        val username = getUserName(user)
+        createDirSearch(search.findUserDn(username), password)
       }
     } catch {
       case e: NamingException =>
@@ -108,8 +110,7 @@ class LdapAuthenticationProviderImpl(
 
   @throws[AuthenticationException]
   private def applyFilter(client: DirSearch, user: String): Unit = filterOpt.foreach { filter =>
-    val username = if (LdapUtils.hasDomain(user)) LdapUtils.extractUserName(user) else user
-    filter.apply(client, username)
+    filter.apply(client, getUserName(user))
   }
 }
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala
index a48f9f48f..e304e96f7 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/LdapUtils.scala
@@ -105,12 +105,25 @@ object LdapUtils extends Logging {
    * </pre>
    *
    * @param userName username
-   * @return true if `userName`` contains `@<domain>` part
+   * @return true if `userName` contains `@<domain>` part
    */
   def hasDomain(userName: String): Boolean = {
     ServiceUtils.indexOfDomainMatch(userName) > 0
   }
 
+  /**
+   * Get the username part in the provided user.
+   * <br>
+   * <b>Example:</b>
+   * <br>
+   * For user "user1@mycorp.com" this method will return "user1"
+   *
+   * @param user user
+   * @return the username part in the provided user
+   */
+  def getUserName(user: String): String =
+    if (LdapUtils.hasDomain(user)) LdapUtils.extractUserName(user) else user
+
   /**
    * Detects DN names.
    * <br>
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
index 718fc6f6e..d822408b9 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
@@ -27,6 +27,7 @@ import org.scalatestplus.mockito.MockitoSugar.mock
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.service.authentication.ldap.{DirSearch, DirSearchFactory, LdapSearchFactory}
+import org.apache.kyuubi.service.authentication.ldap.LdapUtils.getUserName
 
 class LdapAuthenticationProviderImplSuite extends WithLdapServer {
 
@@ -311,6 +312,32 @@ class LdapAuthenticationProviderImplSuite extends WithLdapServer {
     verify(search, times(1)).findUserDn(mockEq(authUser))
   }
 
+  test("AuthenticateWithBindDomainUserPasses") {
+    val bindUser = "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val bindPass = "Blah"
+    val authFullUser = "cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com"
+    val authUser = "user1@mydomain.com"
+    val authPass = "Blah2"
+    conf.set(AUTHENTICATION_LDAP_BIND_USER, bindUser)
+    conf.set(AUTHENTICATION_LDAP_BIND_PASSWORD, bindPass)
+
+    val username = getUserName(authUser)
+    when(search.findUserDn(mockEq(username))).thenReturn(authFullUser)
+
+    auth = new LdapAuthenticationProviderImpl(conf, factory)
+    auth.authenticate(authUser, authPass)
+
+    verify(factory, times(1)).getInstance(
+      isA(classOf[KyuubiConf]),
+      mockEq(bindUser),
+      mockEq(bindPass))
+    verify(factory, times(1)).getInstance(
+      isA(classOf[KyuubiConf]),
+      mockEq(authFullUser),
+      mockEq(authPass))
+    verify(search, times(1)).findUserDn(mockEq(username))
+  }
+
   test("AuthenticateWithBindUserFailsOnAuthentication") {
     val bindUser = "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"
     val bindPass = "Blah"

From 794ba2bba49b5e9ee4e0a84988b136a97309b83b Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 7 Apr 2023 13:42:18 +0800
Subject: [PATCH 259/760] [KYUUBI #4672][Authz] Remove Support for Apache
 Ranger 0.6.0

### _Why are the changes needed?_

As issue [RANGER-4672](https://github.com/apache/kyuubi/issues/4672) reported unresovled failures on Ranger 0.6.0, update docs for unsupported Ranger version 0.6.0.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4673 from bowenliang123/drop-ranger-0.6.0.

Closes #4672

5049596c0 [liangbowen] update README.md
f9ea53449 [liangbowen] drop support for Ranger 0.6.0

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/security/authorization/spark/build.md    | 22 +++++++++----------
 extensions/spark/kyuubi-spark-authz/README.md |  2 +-
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md
index 3886f08df..8520d853e 100644
--- a/docs/security/authorization/spark/build.md
+++ b/docs/security/authorization/spark/build.md
@@ -68,17 +68,17 @@ build/mvn clean package -pl :kyuubi-spark-authz_2.12 -DskipTests -Dranger.versio
 
 The available `ranger.version`s are shown in the following table.
 
-| Ranger Version | Supported | Remark |
-|:--------------:|:---------:|:------:|
-|     2.3.x      |     √     |   -    |
-|     2.2.x      |     √     |   -    |
-|     2.1.x      |     √     |   -    |
-|     2.0.x      |     √     |   -    |
-|     1.2.x      |     √     |   -    |
-|     1.1.x      |     √     |   -    |
-|     1.0.x      |     √     |   -    |
-|     0.7.x      |     √     |   -    |
-|     0.6.x      |     √     |   -    |
+| Ranger Version | Supported |                                          Remark                                           |
+|:--------------:|:---------:|:-----------------------------------------------------------------------------------------:|
+|     2.3.x      |     √     |                                             -                                             |
+|     2.2.x      |     √     |                                             -                                             |
+|     2.1.x      |     √     |                                             -                                             |
+|     2.0.x      |     √     |                                             -                                             |
+|     1.2.x      |     √     |                                             -                                             |
+|     1.1.x      |     √     |                                             -                                             |
+|     1.0.x      |     √     |                                             -                                             |
+|     0.7.x      |     √     |                                             -                                             |
+|     0.6.x      |     X     | [RANGER-4672](https://github.com/apache/kyuubi/issues/4672) reported unresolved failures. |
 
 Currently, all ranger releases are supported.
 
diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index 554797ee0..5aafaf31e 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -52,5 +52,5 @@ build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dran
 - [x] 1.1.x
 - [x] 1.0.x
 - [x] 0.7.x
-- [x] 0.6.x
+- [ ] 0.6.x
 

From 871dd1fadf8abfd35121bc3edf5186410b7bb20e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 7 Apr 2023 16:16:36 +0800
Subject: [PATCH 260/760] [KYUUBI #4585] Authz policy file generation

### _Why are the changes needed?_

- generate Authz policy file for testing to focus on  manage all the policies in the generator
- auto-increased `id` and related `guid` for each policy
- list and reused users, resources, for evaluation impacts when policy changes
- add `policies_base.json` as base template file of authz template including decoration details and service def

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4585 from bowenliang123/authz-policy-gen.

Closes #4585

c8040553b [liangbowen] authz policy json file gen

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 extensions/spark/kyuubi-spark-authz/pom.xml   |   35 +-
 .../authz/gen/PolicyJsonFileGenerator.scala   |  357 ++
 .../spark/authz/gen/RangerGenWrapper.scala    |  184 ++
 .../src/test/resources/policies_base.json     | 1678 ++++++++++
 .../test/resources/sparkSql_hive_jenkins.json | 2926 ++++++++---------
 5 files changed, 3555 insertions(+), 1625 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/resources/policies_base.json

diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 8df1b9465..0ecb54659 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -321,7 +321,6 @@
     </dependencies>
 
     <build>
-
         <testResources>
             <testResource>
                 <directory>${project.basedir}/src/test/resources</directory>
@@ -331,4 +330,38 @@
         <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
     </build>
 
+    <profiles>
+        <profile>
+            <id>genpolicy</id>
+            <activation>
+                <!-- activated when Ranger version is identical to required-->
+                <property>
+                    <name>ranger.version</name>
+                    <value>2.3.0</value>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>build-helper-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>add-test-source</id>
+                                <goals>
+                                    <goal>add-test-source</goal>
+                                </goals>
+                                <phase>generate-sources</phase>
+                                <configuration>
+                                    <sources>
+                                        <source>src/test/gen/scala</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
new file mode 100644
index 000000000..ce0e5fd70
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -0,0 +1,357 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.gen
+
+import java.nio.file.Paths
+import java.util.UUID
+import java.util.concurrent.atomic.AtomicLong
+
+import scala.language.implicitConversions
+
+import com.fasterxml.jackson.annotation.JsonInclude.Include
+import com.fasterxml.jackson.databind.{JsonNode, ObjectMapper}
+import com.fasterxml.jackson.databind.json.JsonMapper
+import com.fasterxml.jackson.databind.node.ObjectNode
+import com.fasterxml.jackson.module.scala.DefaultScalaModule
+import org.apache.ranger.plugin.model.RangerPolicy
+
+import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess.allowTypes
+import org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator.RangerAccessType.{all, alter, create, drop, index, lock, read, select, update, use, write, RangerAccessType}
+import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions.getRangerObject
+
+/**
+ * Generates the policy file to test/main/resources dir.
+ *
+ * Usage:
+ * build/mvn scala:run -pl :kyuubi-spark-authz_2.12
+ * -DmainClass=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
+ */
+private object PolicyJsonFileGenerator {
+  def main(args: Array[String]): Unit = {
+    writeRangerServicePolicesJson()
+  }
+
+  final private val mapper: ObjectMapper = JsonMapper.builder()
+    .addModule(DefaultScalaModule)
+    .serializationInclusion(Include.NON_NULL)
+    .build()
+
+  def writeRangerServicePolicesJson(): Unit = {
+    val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
+      .split("target").head
+    val policyFileName = "sparkSql_hive_jenkins.json"
+    val policyFile = Paths.get(pluginHome, "src", "test", "resources", policyFileName).toFile
+    // scalastyle:off println
+    println(s"Writing ranger policies to $policyFileName.")
+    // scalastyle:on println
+    mapper.writerWithDefaultPrettyPrinter().writeValue(policyFile, servicePolicies)
+  }
+
+  private def servicePolicies: JsonNode = {
+    val inputStream = Thread.currentThread().getContextClassLoader
+      .getResourceAsStream("policies_base.json")
+    val rootObjNode = mapper.readTree(inputStream).asInstanceOf[ObjectNode]
+    val policies = genPolicies
+    // scalastyle:off println
+    println(s"Generated ${policies.size} policies.")
+    // scalastyle:on println
+    rootObjNode.set("policies", mapper.readTree(mapper.writeValueAsString(policies)))
+  }
+
+  private def genPolicies: Iterable[RangerPolicy] = {
+    List[RangerPolicy](
+      // access for all
+      policyAccessForAllUrl,
+      policyAccessForAllDbTableColumns,
+      policyAccessForAllDbUdf,
+      // access
+      policyAccessForDbAllColumns,
+      policyAccessForDefaultDbSrcTable,
+      policyAccessForDefaultBobUse,
+      policyAccessForDefaultBobSelect,
+      policyAccessForPermViewAccessOnly,
+      // row filter
+      policyFilterForSrcTableKeyLessThan20,
+      policyFilterForPermViewKeyLessThan20,
+      // data masking
+      policyMaskForPermView,
+      policyMaskForPermViewUser,
+      policyMaskNullifyForValue2,
+      policyMaskShowFirst4ForValue3,
+      policyMaskDateShowYearForValue4,
+      policyMaskShowFirst4ForValue5)
+      // fill the id and guid with auto-increased index
+      .map(p => {
+        val id = policyIdCounter.incrementAndGet()
+        p.setId(id)
+        p.setGuid(UUID.nameUUIDFromBytes(id.toString.getBytes()).toString)
+        p
+      })
+  }
+
+  final private lazy val policyIdCounter = new AtomicLong(0)
+
+  // resource template
+  private def databaseRes(values: List[String]) =
+    "database" -> KRangerPolicyResource(values = values).get
+  private def tableRes(values: List[String]) =
+    "table" -> KRangerPolicyResource(values = values).get
+  private def columnRes(values: List[String]) =
+    "column" -> KRangerPolicyResource(values = values).get
+
+  // users
+  private val admin = "admin"
+  private val bob = "bob"
+  private val kent = "kent"
+  private val permViewUser = "perm_view_user"
+  private val ownerPlaceHolder = "{OWNER}"
+  private val createOnlyUser = "create_only_user"
+  private val defaultTableOwner = "default_table_owner"
+  private val permViewOnlyUser = "user_perm_view_only"
+
+  // db
+  private val defaultDb = "default"
+  private val sparkCatalog = "spark_catalog"
+  private val icebergNamespace = "iceberg_ns"
+  private val namespace1 = "ns1"
+
+  // access type
+  object RangerAccessType extends Enumeration {
+    type RangerAccessType = Value
+    val select, update, create, drop, alter, index, lock, all, read, write, use = Value
+  }
+  implicit def actionTypeStr(t: RangerAccessType): String = t.toString
+
+  // resources
+  private val allDatabaseRes = databaseRes(List("*"))
+  private val allTableRes = tableRes(List("*"))
+  private val allColumnRes = columnRes(List("*"))
+  private val srcTableRes = tableRes(List("src"))
+
+  // policy type
+  private val POLICY_TYPE_ACCESS: Int = 0
+  private val POLICY_TYPE_DATAMASK: Int = 1
+  private val POLICY_TYPE_ROWFILTER: Int = 2
+
+  // policies
+  private val policyAccessForAllUrl = KRangerPolicy(
+    name = "all - url",
+    description = "Policy for all - url",
+    resources = Map("url" -> KRangerPolicyResource(
+      values = List("*"),
+      isRecursive = true)),
+    policyItems = List(KRangerPolicyItem(
+      users = List(admin),
+      accesses = allowTypes(select, update, create, drop, alter, index, lock, all, read, write),
+      delegateAdmin = true)))
+
+  private val policyAccessForAllDbTableColumns = KRangerPolicy(
+    name = "all - database, table, column",
+    description = "Policy for all - database, table, column",
+    resources = Map(allDatabaseRes, allTableRes, allColumnRes),
+    policyItems = List(KRangerPolicyItem(
+      users = List(admin),
+      accesses = allowTypes(select, update, create, drop, alter, index, lock, all, read, write),
+      delegateAdmin = true)))
+
+  private val policyAccessForAllDbUdf = KRangerPolicy(
+    name = "all - database, udf",
+    description = "Policy for all - database, udf",
+    resources = Map(allDatabaseRes, "udf" -> KRangerPolicyResource(values = List("*"))),
+    policyItems = List(KRangerPolicyItem(
+      users = List(admin),
+      accesses = allowTypes(select, update, create, drop, alter, index, lock, all, read, write),
+      delegateAdmin = true)))
+
+  private val policyAccessForDbAllColumns = KRangerPolicy(
+    name = "all - database, udf",
+    description = "Policy for all - database, udf",
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog, icebergNamespace, namespace1)),
+      allTableRes,
+      allColumnRes),
+    policyItems = List(
+      KRangerPolicyItem(
+        users = List(bob, permViewUser, ownerPlaceHolder),
+        accesses = allowTypes(select, update, create, drop, alter, index, lock, all, read, write),
+        delegateAdmin = true),
+      KRangerPolicyItem(
+        users = List(defaultTableOwner, createOnlyUser),
+        accesses = allowTypes(create),
+        delegateAdmin = true)))
+
+  private val policyAccessForDefaultDbSrcTable = KRangerPolicy(
+    name = "default_kent",
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog)),
+      srcTableRes,
+      columnRes(List("key"))),
+    policyItems = List(
+      KRangerPolicyItem(
+        users = List(kent),
+        accesses = allowTypes(select, update, create, drop, alter, index, lock, all, read, write),
+        delegateAdmin = true),
+      KRangerPolicyItem(
+        users = List(defaultTableOwner, createOnlyUser),
+        accesses = allowTypes(create),
+        delegateAdmin = true)))
+
+  private val policyFilterForSrcTableKeyLessThan20 = KRangerPolicy(
+    name = "src_key_less_than_20",
+    policyType = POLICY_TYPE_ROWFILTER,
+    resources = Map(
+      databaseRes(List(defaultDb)),
+      srcTableRes),
+    rowFilterPolicyItems = List(
+      KRangerRowFilterPolicyItem(
+        rowFilterInfo = KRangerPolicyItemRowFilterInfo(filterExpr = "key<20"),
+        accesses = allowTypes(select),
+        users = List(bob, permViewUser))))
+
+  private val policyFilterForPermViewKeyLessThan20 = KRangerPolicy(
+    name = "perm_view_key_less_than_20",
+    policyType = POLICY_TYPE_ROWFILTER,
+    resources = Map(
+      databaseRes(List(defaultDb)),
+      tableRes(List("perm_view"))),
+    rowFilterPolicyItems = List(
+      KRangerRowFilterPolicyItem(
+        rowFilterInfo = KRangerPolicyItemRowFilterInfo(filterExpr = "key<20"),
+        accesses = allowTypes(select),
+        users = List(permViewUser))))
+
+  private val policyAccessForDefaultBobUse = KRangerPolicy(
+    name = "default_bob_use",
+    resources = Map(
+      databaseRes(List("default_bob", sparkCatalog)),
+      tableRes(List("table_use*")),
+      allColumnRes),
+    policyItems = List(
+      KRangerPolicyItem(
+        users = List(bob),
+        accesses = allowTypes(update),
+        delegateAdmin = true)))
+
+  private val policyAccessForDefaultBobSelect = KRangerPolicy(
+    name = "default_bob_select",
+    resources = Map(
+      databaseRes(List("default_bob", sparkCatalog)),
+      tableRes(List("table_select*")),
+      allColumnRes),
+    policyItems = List(
+      KRangerPolicyItem(
+        users = List(bob),
+        accesses = allowTypes(select, use),
+        delegateAdmin = true)))
+
+  private val policyMaskForPermView = KRangerPolicy(
+    name = "src_value_hash_perm_view",
+    policyType = POLICY_TYPE_DATAMASK,
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog)),
+      srcTableRes,
+      columnRes(List("value1"))),
+    dataMaskPolicyItems = List(
+      KRangerDataMaskPolicyItem(
+        dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_HASH"),
+        users = List(bob),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+
+  private val policyMaskForPermViewUser = KRangerPolicy(
+    name = "src_value_hash",
+    policyType = POLICY_TYPE_DATAMASK,
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog)),
+      tableRes(List("perm_view")),
+      columnRes(List("value1"))),
+    dataMaskPolicyItems = List(
+      KRangerDataMaskPolicyItem(
+        dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_HASH"),
+        users = List(permViewUser),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+
+  private val policyMaskNullifyForValue2 = KRangerPolicy(
+    name = "src_value2_nullify",
+    policyType = POLICY_TYPE_DATAMASK,
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog, icebergNamespace, namespace1)),
+      srcTableRes,
+      columnRes(List("value2"))),
+    dataMaskPolicyItems = List(
+      KRangerDataMaskPolicyItem(
+        dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK"),
+        users = List(bob),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+
+  private val policyMaskShowFirst4ForValue3 = KRangerPolicy(
+    name = "src_value3_sf4",
+    policyType = POLICY_TYPE_DATAMASK,
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog)),
+      srcTableRes,
+      columnRes(List("value3"))),
+    dataMaskPolicyItems = List(
+      KRangerDataMaskPolicyItem(
+        dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_SHOW_FIRST_4"),
+        users = List(bob),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+
+  private val policyMaskDateShowYearForValue4 = KRangerPolicy(
+    name = "src_value4_sf4",
+    policyType = POLICY_TYPE_DATAMASK,
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog)),
+      srcTableRes,
+      columnRes(List("value4"))),
+    dataMaskPolicyItems = List(
+      KRangerDataMaskPolicyItem(
+        dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_DATE_SHOW_YEAR"),
+        users = List(bob),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+
+  private val policyMaskShowFirst4ForValue5 = KRangerPolicy(
+    name = "src_value5_sf4",
+    policyType = POLICY_TYPE_DATAMASK,
+    resources = Map(
+      databaseRes(List(defaultDb, sparkCatalog)),
+      srcTableRes,
+      columnRes(List("value5"))),
+    dataMaskPolicyItems = List(
+      KRangerDataMaskPolicyItem(
+        dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_SHOW_LAST_4"),
+        users = List(bob),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+
+  private val policyAccessForPermViewAccessOnly = KRangerPolicy(
+    name = "someone_access_perm_view",
+    resources = Map(
+      databaseRes(List(defaultDb)),
+      tableRes(List("perm_view")),
+      allColumnRes),
+    policyItems = List(
+      KRangerPolicyItem(
+        users = List(permViewOnlyUser),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
new file mode 100644
index 000000000..56a68b82f
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
@@ -0,0 +1,184 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.plugin.spark.authz.gen
+
+import scala.collection.convert.ImplicitConversions._
+import scala.language.implicitConversions
+
+import org.apache.ranger.plugin.model.RangerPolicy
+import org.apache.ranger.plugin.model.RangerPolicy._
+
+trait RangerObjectGenerator[T] {
+  def get: T
+}
+
+object RangerClassConversions {
+  implicit def getRangerObject[T](g: RangerObjectGenerator[T]): T = g.get
+}
+
+case class KRangerPolicy(
+    service: String = "hive_jenkins",
+    name: String,
+    policyType: Int = 0,
+    description: String = "",
+    isAuditEnabled: Boolean = true,
+    resources: Map[String, RangerPolicyResource] = Map.empty,
+    conditions: List[RangerPolicyItemCondition] = List.empty,
+    policyItems: List[RangerPolicyItem] = List.empty,
+    denyPolicyItems: List[RangerPolicyItem] = List.empty,
+    allowExceptions: List[RangerPolicyItem] = List.empty,
+    denyExceptions: List[RangerPolicyItem] = List.empty,
+    dataMaskPolicyItems: List[RangerDataMaskPolicyItem] = List.empty,
+    rowFilterPolicyItems: List[RangerRowFilterPolicyItem] = List.empty,
+    id: Int = 0,
+    guid: String = "",
+    isEnabled: Boolean = true,
+    version: Int = 1) extends RangerObjectGenerator[RangerPolicy] {
+  override def get: RangerPolicy = {
+    val p = new RangerPolicy()
+    p.setService(service)
+    p.setName(name)
+    p.setPolicyType(policyType)
+    p.setDescription(description)
+    p.setIsAuditEnabled(isAuditEnabled)
+    p.setResources(resources)
+    p.setConditions(conditions)
+    p.setPolicyItems(policyItems)
+    p.setAllowExceptions(allowExceptions)
+    p.setDenyExceptions(denyExceptions)
+    p.setDataMaskPolicyItems(dataMaskPolicyItems)
+    p.setRowFilterPolicyItems(rowFilterPolicyItems)
+    p.setId(id)
+    p.setGuid(guid)
+    p.setIsAuditEnabled(isEnabled)
+    p.setVersion(version)
+    p
+  }
+}
+
+case class KRangerPolicyResource(
+    values: List[String] = List.empty,
+    isExcludes: Boolean = false,
+    isRecursive: Boolean = false) extends RangerObjectGenerator[RangerPolicyResource] {
+  override def get: RangerPolicyResource = {
+    val r = new RangerPolicyResource()
+    r.setValues(values)
+    r.setIsExcludes(isExcludes)
+    r.setIsRecursive(isRecursive)
+    r
+  }
+}
+
+case class KRangerPolicyItemCondition(
+    `type`: String,
+    values: List[String]) extends RangerObjectGenerator[RangerPolicyItemCondition] {
+  override def get: RangerPolicyItemCondition = {
+    val c = new RangerPolicyItemCondition()
+    c.setType(`type`)
+    c.setValues(values)
+    c
+  }
+}
+
+case class KRangerPolicyItem(
+    accesses: List[RangerPolicyItemAccess] = List.empty,
+    users: List[String] = List.empty,
+    groups: List[String] = List.empty,
+    conditions: List[RangerPolicyItemCondition] = List.empty,
+    delegateAdmin: Boolean = false) extends RangerObjectGenerator[RangerPolicyItem] {
+  override def get: RangerPolicyItem = {
+    val i = new RangerPolicyItem()
+    i.setAccesses(accesses)
+    i.setUsers(users)
+    i.setGroups(groups)
+    i.setConditions(conditions)
+    i.setDelegateAdmin(delegateAdmin)
+    i
+  }
+}
+
+case class KRangerPolicyItemAccess(
+    `type`: String,
+    isAllowed: Boolean) extends RangerObjectGenerator[RangerPolicyItemAccess] {
+  override def get: RangerPolicyItemAccess = {
+    val a = new RangerPolicyItemAccess
+    a.setType(`type`)
+    a.setIsAllowed(isAllowed)
+    a
+  }
+}
+
+object KRangerPolicyItemAccess {
+  def allowTypes(types: String*): List[RangerPolicyItemAccess] =
+    types.map(t => KRangerPolicyItemAccess(t, isAllowed = true).get).toList
+}
+
+case class KRangerDataMaskPolicyItem(
+    dataMaskInfo: RangerPolicyItemDataMaskInfo,
+    accesses: List[RangerPolicyItemAccess] = List.empty,
+    users: List[String] = List.empty,
+    groups: List[String] = List.empty,
+    conditions: List[RangerPolicyItemCondition] = List.empty,
+    delegateAdmin: Boolean = false) extends RangerObjectGenerator[RangerDataMaskPolicyItem] {
+  override def get: RangerDataMaskPolicyItem = {
+    val i = new RangerDataMaskPolicyItem
+    i.setDataMaskInfo(dataMaskInfo)
+    i.setAccesses(accesses)
+    i.setUsers(users)
+    i.setGroups(groups)
+    i.setConditions(conditions)
+    i.setDelegateAdmin(delegateAdmin)
+    i
+  }
+}
+
+case class KRangerPolicyItemDataMaskInfo(
+    dataMaskType: String) extends RangerObjectGenerator[RangerPolicyItemDataMaskInfo] {
+  override def get: RangerPolicyItemDataMaskInfo = {
+    val i = new RangerPolicyItemDataMaskInfo
+    i.setDataMaskType(dataMaskType)
+    i
+  }
+}
+
+case class KRangerRowFilterPolicyItem(
+    rowFilterInfo: RangerPolicyItemRowFilterInfo,
+    accesses: List[RangerPolicyItemAccess] = List.empty,
+    users: List[String] = List.empty,
+    groups: List[String] = List.empty,
+    conditions: List[RangerPolicyItemCondition] = List.empty,
+    delegateAdmin: Boolean = false) extends RangerObjectGenerator[RangerRowFilterPolicyItem] {
+  override def get: RangerRowFilterPolicyItem = {
+    val i = new RangerRowFilterPolicyItem
+    i.setRowFilterInfo(rowFilterInfo)
+    i.setAccesses(accesses)
+    i.setUsers(users)
+    i.setGroups(groups)
+    i.setConditions(conditions)
+    i.setDelegateAdmin(delegateAdmin)
+    i
+  }
+}
+
+case class KRangerPolicyItemRowFilterInfo(
+    filterExpr: String) extends RangerObjectGenerator[RangerPolicyItemRowFilterInfo] {
+  override def get: RangerPolicyItemRowFilterInfo = {
+    val i = new RangerPolicyItemRowFilterInfo
+    i.setFilterExpr(filterExpr)
+    i
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/policies_base.json b/extensions/spark/kyuubi-spark-authz/src/test/resources/policies_base.json
new file mode 100644
index 000000000..aea5d2a9c
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/policies_base.json
@@ -0,0 +1,1678 @@
+{
+  "serviceName": "hive_jenkins",
+  "serviceId": 1,
+  "policyVersion": 85,
+  "policyUpdateTime": "20190429-21:36:09.000-+0800",
+  "policies": [
+    {
+      "service": "hive_jenkins",
+      "name": "all - url",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "Policy for all - url",
+      "isAuditEnabled": true,
+      "resources": {
+        "url": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": true
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            },
+            {
+              "type": "update",
+              "isAllowed": true
+            },
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "drop",
+              "isAllowed": true
+            },
+            {
+              "type": "alter",
+              "isAllowed": true
+            },
+            {
+              "type": "index",
+              "isAllowed": true
+            },
+            {
+              "type": "lock",
+              "isAllowed": true
+            },
+            {
+              "type": "all",
+              "isAllowed": true
+            },
+            {
+              "type": "read",
+              "isAllowed": true
+            },
+            {
+              "type": "write",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "admin"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": true
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [],
+      "id": 1,
+      "guid": "cf7e6725-492f-434f-bffe-6bb4e3147246",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "all - database, table, column",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "Policy for all - database, table, column",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            },
+            {
+              "type": "update",
+              "isAllowed": true
+            },
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "drop",
+              "isAllowed": true
+            },
+            {
+              "type": "alter",
+              "isAllowed": true
+            },
+            {
+              "type": "index",
+              "isAllowed": true
+            },
+            {
+              "type": "lock",
+              "isAllowed": true
+            },
+            {
+              "type": "all",
+              "isAllowed": true
+            },
+            {
+              "type": "read",
+              "isAllowed": true
+            },
+            {
+              "type": "write",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "admin"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": true
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [],
+      "id": 2,
+      "guid": "3b96138a-af4d-48bc-9544-58c5bfa1979b",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "all - database, udf",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "Policy for all - database, udf",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "udf": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            },
+            {
+              "type": "update",
+              "isAllowed": true
+            },
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "drop",
+              "isAllowed": true
+            },
+            {
+              "type": "alter",
+              "isAllowed": true
+            },
+            {
+              "type": "index",
+              "isAllowed": true
+            },
+            {
+              "type": "lock",
+              "isAllowed": true
+            },
+            {
+              "type": "all",
+              "isAllowed": true
+            },
+            {
+              "type": "read",
+              "isAllowed": true
+            },
+            {
+              "type": "write",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "admin"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": true
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [],
+      "id": 3,
+      "guid": "db08fbb0-61da-4f33-8144-ccd89816151d",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "default",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog",
+            "iceberg_ns",
+            "ns1"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            },
+            {
+              "type": "update",
+              "isAllowed": true
+            },
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "drop",
+              "isAllowed": true
+            },
+            {
+              "type": "alter",
+              "isAllowed": true
+            },
+            {
+              "type": "index",
+              "isAllowed": true
+            },
+            {
+              "type": "lock",
+              "isAllowed": true
+            },
+            {
+              "type": "all",
+              "isAllowed": true
+            },
+            {
+              "type": "read",
+              "isAllowed": true
+            },
+            {
+              "type": "write",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob",
+            "perm_view_user",
+            "{OWNER}"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        },
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": false
+            },
+            {
+              "type": "update",
+              "isAllowed": false
+            },
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "drop",
+              "isAllowed": false
+            },
+            {
+              "type": "alter",
+              "isAllowed": false
+            },
+            {
+              "type": "index",
+              "isAllowed": false
+            },
+            {
+              "type": "lock",
+              "isAllowed": false
+            },
+            {
+              "type": "all",
+              "isAllowed": false
+            },
+            {
+              "type": "read",
+              "isAllowed": false
+            },
+            {
+              "type": "write",
+              "isAllowed": false
+            }
+          ],
+          "users": [
+            "default_table_owner",
+            "create_only_user"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 5,
+      "guid": "2db6099d-e4f1-41df-9d24-f2f47bed618e",
+      "isEnabled": true,
+      "version": 5
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "default_kent",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "key"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            },
+            {
+              "type": "update",
+              "isAllowed": true
+            },
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "drop",
+              "isAllowed": true
+            },
+            {
+              "type": "alter",
+              "isAllowed": true
+            },
+            {
+              "type": "index",
+              "isAllowed": true
+            },
+            {
+              "type": "lock",
+              "isAllowed": true
+            },
+            {
+              "type": "all",
+              "isAllowed": true
+            },
+            {
+              "type": "read",
+              "isAllowed": true
+            },
+            {
+              "type": "write",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "kent"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 5,
+      "guid": "fd24db19-f7cc-4e13-a8ba-bbd5a07a2d8d",
+      "isEnabled": true,
+      "version": 5
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_key _less_than_20",
+      "policyType": 2,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [
+        {
+          "rowFilterInfo": {
+            "filterExpr": "key\u003c20"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "serviceType": "hive",
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 4,
+      "guid": "f588a9ed-f7b1-48f7-9d0d-c12cf2b9b7ed",
+      "isEnabled": true,
+      "version": 26
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_key_less_than_20_perm_view",
+      "policyType": 2,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "perm_view"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [
+        {
+          "rowFilterInfo": {
+            "filterExpr": "key\u003c20"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "perm_view_user"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "serviceType": "hive",
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 22,
+      "guid": "c240a7ea-9d26-4db2-b925-d5dbe49bd447 \n",
+      "isEnabled": true,
+      "version": 26
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "default_bob_use",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default_bob",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "table_use*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "update",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 5,
+      "guid": "2eb6099d-e4f1-41df-9d24-f2f47bed618e",
+      "isEnabled": true,
+      "version": 5
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "default_bob_select",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default_bob",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "table_select*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            },
+            {
+              "type": "use",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 5,
+      "guid": "2fb6099d-e4f1-41df-9d24-f2f47bed618e",
+      "isEnabled": true,
+      "version": 5
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_value_hash_perm_view",
+      "policyType": 1,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "value1"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK_HASH"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 5,
+      "guid": "ed1868a1-bf79-4721-a3d5-6815cc7d4986",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_value_hash",
+      "policyType": 1,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "value1"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "perm_view"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK_HASH"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "perm_view_user"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 20,
+      "guid": "bfeddeab-50d0-4902-985f-42559efa39c3",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_value2_nullify",
+      "policyType": 1,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog",
+            "iceberg_ns",
+            "ns1"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "value2"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 6,
+      "guid": "98a04cd7-8d14-4466-adc9-126d87a3af69",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_value3_sf4",
+      "policyType": 1,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "value3"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK_SHOW_FIRST_4"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 7,
+      "guid": "9d50a525-b24c-4cf5-a885-d10d426368d1",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_value4_sf4",
+      "policyType": 1,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "value4"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK_DATE_SHOW_YEAR"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 8,
+      "guid": "9d50a526-b24c-4cf5-a885-d10d426368d1",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "src_value5_show_last_4",
+      "policyType": 1,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default",
+            "spark_catalog"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "value5"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "src"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK_SHOW_LAST_4"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 32,
+      "guid": "b3f1f1e0-2bd6-4b20-8a32-a531006ae151",
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "hive_jenkins",
+      "name": "someone_access_perm_view",
+      "policyType": 0,
+      "policyPriority": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "default"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "perm_view"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "user_perm_view_only"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "options": {},
+      "validitySchedules": [],
+      "policyLabels": [
+        ""
+      ],
+      "id": 123,
+      "guid": "2fb6099d-e421-41df-9d24-f2f47bed618e",
+      "isEnabled": true,
+      "version": 5
+    }
+  ],
+  "serviceDef": {
+    "name": "hive",
+    "implClass": "org.apache.ranger.services.hive.RangerServiceHive",
+    "label": "Hive Server2",
+    "description": "Hive Server2",
+    "options": {
+      "enableDenyAndExceptionsInPolicies": "true"
+    },
+    "configs": [
+      {
+        "itemId": 1,
+        "name": "username",
+        "type": "string",
+        "mandatory": true,
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Username"
+      },
+      {
+        "itemId": 2,
+        "name": "password",
+        "type": "password",
+        "mandatory": true,
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Password"
+      },
+      {
+        "itemId": 3,
+        "name": "jdbc.driverClassName",
+        "type": "string",
+        "mandatory": true,
+        "defaultValue": "org.apache.hive.jdbc.HiveDriver",
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": ""
+      },
+      {
+        "itemId": 4,
+        "name": "jdbc.url",
+        "type": "string",
+        "mandatory": true,
+        "defaultValue": "",
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"1.For Remote Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;\u003cbr\u003e2.For Embedded Mode (no host or port), eg.\u003cbr\u003ejdbc:hive2:///;initFile\u003d\u0026lt;file\u0026gt;\u003cbr\u003e3.For HTTP Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;/;\u003cbr\u003etransportMode\u003dhttp;httpPath\u003d\u0026lt;httpPath\u0026gt;\u003cbr\u003e4.For SSL Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;/;ssl\u003dtrue;\u003cbr\u003esslTrustStore\u003dtStore;trustStorePassword\u003dpw\u003cbr\u003e5.For ZooKeeper Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;/;serviceDiscoveryMode\u003d\u003cbr\u003ezooKeeper;zooKeeperNamespace\u003dhiveserver2\u003cbr\u003e6.For Kerberos Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;/;\u003cbr\u003eprincipal\u003dhive/domain@EXAMPLE.COM\u003cbr\u003e\"}"
+      },
+      {
+        "itemId": 5,
+        "name": "commonNameForCertificate",
+        "type": "string",
+        "mandatory": false,
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Common Name for Certificate"
+      }
+    ],
+    "resources": [
+      {
+        "itemId": 1,
+        "name": "database",
+        "type": "string",
+        "level": 10,
+        "mandatory": true,
+        "lookupSupported": true,
+        "recursiveSupported": false,
+        "excludesSupported": true,
+        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions": {
+          "wildCard": "true",
+          "ignoreCase": "true"
+        },
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Hive Database",
+        "description": "Hive Database",
+        "accessTypeRestrictions": [],
+        "isValidLeaf": false
+      },
+      {
+        "itemId": 5,
+        "name": "url",
+        "type": "string",
+        "level": 10,
+        "mandatory": true,
+        "lookupSupported": false,
+        "recursiveSupported": true,
+        "excludesSupported": false,
+        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+        "matcherOptions": {
+          "wildCard": "true",
+          "ignoreCase": "false"
+        },
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "URL",
+        "description": "URL",
+        "accessTypeRestrictions": [],
+        "isValidLeaf": true
+      },
+      {
+        "itemId": 2,
+        "name": "table",
+        "type": "string",
+        "level": 20,
+        "parent": "database",
+        "mandatory": true,
+        "lookupSupported": true,
+        "recursiveSupported": false,
+        "excludesSupported": true,
+        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions": {
+          "wildCard": "true",
+          "ignoreCase": "true"
+        },
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Hive Table",
+        "description": "Hive Table",
+        "accessTypeRestrictions": [],
+        "isValidLeaf": false
+      },
+      {
+        "itemId": 3,
+        "name": "udf",
+        "type": "string",
+        "level": 20,
+        "parent": "database",
+        "mandatory": true,
+        "lookupSupported": true,
+        "recursiveSupported": false,
+        "excludesSupported": true,
+        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions": {
+          "wildCard": "true",
+          "ignoreCase": "true"
+        },
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Hive UDF",
+        "description": "Hive UDF",
+        "accessTypeRestrictions": [],
+        "isValidLeaf": true
+      },
+      {
+        "itemId": 4,
+        "name": "column",
+        "type": "string",
+        "level": 30,
+        "parent": "table",
+        "mandatory": true,
+        "lookupSupported": true,
+        "recursiveSupported": false,
+        "excludesSupported": true,
+        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions": {
+          "wildCard": "true",
+          "ignoreCase": "true"
+        },
+        "validationRegEx": "",
+        "validationMessage": "",
+        "uiHint": "",
+        "label": "Hive Column",
+        "description": "Hive Column",
+        "accessTypeRestrictions": [],
+        "isValidLeaf": true
+      }
+    ],
+    "accessTypes": [
+      {
+        "itemId": 1,
+        "name": "select",
+        "label": "select",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 2,
+        "name": "update",
+        "label": "update",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 3,
+        "name": "create",
+        "label": "Create",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 4,
+        "name": "drop",
+        "label": "Drop",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 5,
+        "name": "alter",
+        "label": "Alter",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 6,
+        "name": "index",
+        "label": "Index",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 7,
+        "name": "lock",
+        "label": "Lock",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 8,
+        "name": "all",
+        "label": "All",
+        "impliedGrants": [
+          "select",
+          "update",
+          "create",
+          "drop",
+          "alter",
+          "index",
+          "lock",
+          "read",
+          "write"
+        ]
+      },
+      {
+        "itemId": 9,
+        "name": "read",
+        "label": "Read",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 10,
+        "name": "write",
+        "label": "Write",
+        "impliedGrants": []
+      }
+    ],
+    "policyConditions": [],
+    "contextEnrichers": [],
+    "enums": [],
+    "dataMaskDef": {
+      "maskTypes": [
+        {
+          "itemId": 1,
+          "name": "MASK",
+          "label": "Redact",
+          "description": "Replace lowercase with \u0027x\u0027, uppercase with \u0027X\u0027, digits with \u00270\u0027",
+          "transformer": "mask({col})",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 2,
+          "name": "MASK_SHOW_LAST_4",
+          "label": "Partial mask: show last 4",
+          "description": "Show last 4 characters; replace rest with \u0027x\u0027",
+          "transformer": "mask_show_last_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 3,
+          "name": "MASK_SHOW_FIRST_4",
+          "label": "Partial mask: show first 4",
+          "description": "Show first 4 characters; replace rest with \u0027x\u0027",
+          "transformer": "mask_show_first_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 4,
+          "name": "MASK_HASH",
+          "label": "Hash",
+          "description": "Hash the value",
+          "transformer": "mask_hash({col})",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 5,
+          "name": "MASK_NULL",
+          "label": "Nullify",
+          "description": "Replace with NULL",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 6,
+          "name": "MASK_NONE",
+          "label": "Unmasked (retain original value)",
+          "description": "No masking",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 12,
+          "name": "MASK_DATE_SHOW_YEAR",
+          "label": "Date: show only year",
+          "description": "Date: show only year",
+          "transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, 1, 0, -1)",
+          "dataMaskOptions": {}
+        },
+        {
+          "itemId": 13,
+          "name": "CUSTOM",
+          "label": "Custom",
+          "description": "Custom",
+          "dataMaskOptions": {}
+        }
+      ],
+      "accessTypes": [
+        {
+          "itemId": 1,
+          "name": "select",
+          "label": "select",
+          "impliedGrants": []
+        }
+      ],
+      "resources": [
+        {
+          "itemId": 1,
+          "name": "database",
+          "type": "string",
+          "level": 10,
+          "mandatory": true,
+          "lookupSupported": true,
+          "recursiveSupported": false,
+          "excludesSupported": false,
+          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+          "matcherOptions": {
+            "wildCard": "false",
+            "ignoreCase": "true"
+          },
+          "validationRegEx": "",
+          "validationMessage": "",
+          "uiHint": "{ \"singleValue\":true }",
+          "label": "Hive Database",
+          "description": "Hive Database",
+          "accessTypeRestrictions": [],
+          "isValidLeaf": false
+        },
+        {
+          "itemId": 2,
+          "name": "table",
+          "type": "string",
+          "level": 20,
+          "parent": "database",
+          "mandatory": true,
+          "lookupSupported": true,
+          "recursiveSupported": false,
+          "excludesSupported": false,
+          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+          "matcherOptions": {
+            "wildCard": "false",
+            "ignoreCase": "true"
+          },
+          "validationRegEx": "",
+          "validationMessage": "",
+          "uiHint": "{ \"singleValue\":true }",
+          "label": "Hive Table",
+          "description": "Hive Table",
+          "accessTypeRestrictions": [],
+          "isValidLeaf": false
+        },
+        {
+          "itemId": 4,
+          "name": "column",
+          "type": "string",
+          "level": 30,
+          "parent": "table",
+          "mandatory": true,
+          "lookupSupported": true,
+          "recursiveSupported": false,
+          "excludesSupported": false,
+          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+          "matcherOptions": {
+            "wildCard": "false",
+            "ignoreCase": "true"
+          },
+          "validationRegEx": "",
+          "validationMessage": "",
+          "uiHint": "{ \"singleValue\":true }",
+          "label": "Hive Column",
+          "description": "Hive Column",
+          "accessTypeRestrictions": [],
+          "isValidLeaf": true
+        }
+      ]
+    },
+    "rowFilterDef": {
+      "accessTypes": [
+        {
+          "itemId": 1,
+          "name": "select",
+          "label": "select",
+          "impliedGrants": []
+        }
+      ],
+      "resources": [
+        {
+          "itemId": 1,
+          "name": "database",
+          "type": "string",
+          "level": 10,
+          "mandatory": true,
+          "lookupSupported": true,
+          "recursiveSupported": false,
+          "excludesSupported": false,
+          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+          "matcherOptions": {
+            "wildCard": "false",
+            "ignoreCase": "true"
+          },
+          "validationRegEx": "",
+          "validationMessage": "",
+          "uiHint": "{ \"singleValue\":true }",
+          "label": "Hive Database",
+          "description": "Hive Database",
+          "accessTypeRestrictions": [],
+          "isValidLeaf": false
+        },
+        {
+          "itemId": 2,
+          "name": "table",
+          "type": "string",
+          "level": 20,
+          "parent": "database",
+          "mandatory": true,
+          "lookupSupported": true,
+          "recursiveSupported": false,
+          "excludesSupported": false,
+          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+          "matcherOptions": {
+            "wildCard": "false",
+            "ignoreCase": "true"
+          },
+          "validationRegEx": "",
+          "validationMessage": "",
+          "uiHint": "{ \"singleValue\":true }",
+          "label": "Hive Table",
+          "description": "Hive Table",
+          "accessTypeRestrictions": [],
+          "isValidLeaf": true
+        }
+      ]
+    },
+    "id": 3,
+    "guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
+    "isEnabled": true,
+    "createTime": "20190401-20:14:36.000-+0800",
+    "updateTime": "20190401-20:14:36.000-+0800",
+    "version": 1
+  },
+  "auditMode": "audit-default"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
index 250df2ddc..0b2acff5a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
@@ -1,1675 +1,1353 @@
 {
-  "serviceName": "hive_jenkins",
-  "serviceId": 1,
-  "policyVersion": 85,
-  "policyUpdateTime": "20190429-21:36:09.000-+0800",
-  "policies": [
-    {
-      "service": "hive_jenkins",
-      "name": "all - url",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "Policy for all - url",
-      "isAuditEnabled": true,
-      "resources": {
-        "url": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": true
-        }
-      },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            },
-            {
-              "type": "update",
-              "isAllowed": true
-            },
-            {
-              "type": "create",
-              "isAllowed": true
-            },
-            {
-              "type": "drop",
-              "isAllowed": true
-            },
-            {
-              "type": "alter",
-              "isAllowed": true
-            },
-            {
-              "type": "index",
-              "isAllowed": true
-            },
-            {
-              "type": "lock",
-              "isAllowed": true
-            },
-            {
-              "type": "all",
-              "isAllowed": true
-            },
-            {
-              "type": "read",
-              "isAllowed": true
-            },
-            {
-              "type": "write",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "admin"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": true
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [],
-      "id": 1,
-      "guid": "cf7e6725-492f-434f-bffe-6bb4e3147246",
-      "isEnabled": true,
-      "version": 1
-    },
-    {
-      "service": "hive_jenkins",
-      "name": "all - database, table, column",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "Policy for all - database, table, column",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
-      },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            },
-            {
-              "type": "update",
-              "isAllowed": true
-            },
-            {
-              "type": "create",
-              "isAllowed": true
-            },
-            {
-              "type": "drop",
-              "isAllowed": true
-            },
-            {
-              "type": "alter",
-              "isAllowed": true
-            },
-            {
-              "type": "index",
-              "isAllowed": true
-            },
-            {
-              "type": "lock",
-              "isAllowed": true
-            },
-            {
-              "type": "all",
-              "isAllowed": true
-            },
-            {
-              "type": "read",
-              "isAllowed": true
-            },
-            {
-              "type": "write",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "admin"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": true
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [],
-      "id": 2,
-      "guid": "3b96138a-af4d-48bc-9544-58c5bfa1979b",
-      "isEnabled": true,
-      "version": 1
+  "serviceName" : "hive_jenkins",
+  "serviceId" : 1,
+  "policyVersion" : 85,
+  "policyUpdateTime" : "20190429-21:36:09.000-+0800",
+  "policies" : [ {
+    "id" : 1,
+    "guid" : "c4ca4238-a0b9-3382-8dcc-509a6f75849b",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "all - url",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "Policy for all - url",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "url" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : true
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "all - database, udf",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "Policy for all - database, udf",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "udf": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      }, {
+        "type" : "update",
+        "isAllowed" : true
+      }, {
+        "type" : "create",
+        "isAllowed" : true
+      }, {
+        "type" : "drop",
+        "isAllowed" : true
+      }, {
+        "type" : "alter",
+        "isAllowed" : true
+      }, {
+        "type" : "index",
+        "isAllowed" : true
+      }, {
+        "type" : "lock",
+        "isAllowed" : true
+      }, {
+        "type" : "all",
+        "isAllowed" : true
+      }, {
+        "type" : "read",
+        "isAllowed" : true
+      }, {
+        "type" : "write",
+        "isAllowed" : true
+      } ],
+      "users" : [ "admin" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 2,
+    "guid" : "c81e728d-9d4c-3f63-af06-7f89cc14862c",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "all - database, table, column",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "Policy for all - database, table, column",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            },
-            {
-              "type": "update",
-              "isAllowed": true
-            },
-            {
-              "type": "create",
-              "isAllowed": true
-            },
-            {
-              "type": "drop",
-              "isAllowed": true
-            },
-            {
-              "type": "alter",
-              "isAllowed": true
-            },
-            {
-              "type": "index",
-              "isAllowed": true
-            },
-            {
-              "type": "lock",
-              "isAllowed": true
-            },
-            {
-              "type": "all",
-              "isAllowed": true
-            },
-            {
-              "type": "read",
-              "isAllowed": true
-            },
-            {
-              "type": "write",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "admin"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": true
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [],
-      "id": 3,
-      "guid": "db08fbb0-61da-4f33-8144-ccd89816151d",
-      "isEnabled": true,
-      "version": 1
-    },
-    {
-      "service": "hive_jenkins",
-      "name": "default",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog",
-            "iceberg_ns",
-            "ns1"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+      "column" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            },
-            {
-              "type": "update",
-              "isAllowed": true
-            },
-            {
-              "type": "create",
-              "isAllowed": true
-            },
-            {
-              "type": "drop",
-              "isAllowed": true
-            },
-            {
-              "type": "alter",
-              "isAllowed": true
-            },
-            {
-              "type": "index",
-              "isAllowed": true
-            },
-            {
-              "type": "lock",
-              "isAllowed": true
-            },
-            {
-              "type": "all",
-              "isAllowed": true
-            },
-            {
-              "type": "read",
-              "isAllowed": true
-            },
-            {
-              "type": "write",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob",
-            "perm_view_user",
-            "{OWNER}"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }, {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": false
-            },
-            {
-              "type": "update",
-              "isAllowed": false
-            },
-            {
-              "type": "create",
-              "isAllowed": true
-            },
-            {
-              "type": "drop",
-              "isAllowed": false
-            },
-            {
-              "type": "alter",
-              "isAllowed": false
-            },
-            {
-              "type": "index",
-              "isAllowed": false
-            },
-            {
-              "type": "lock",
-              "isAllowed": false
-            },
-            {
-              "type": "all",
-              "isAllowed": false
-            },
-            {
-              "type": "read",
-              "isAllowed": false
-            },
-            {
-              "type": "write",
-              "isAllowed": false
-            }
-          ],
-          "users": [
-            "default_table_owner",
-            "create_only_user"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 5,
-      "guid": "2db6099d-e4f1-41df-9d24-f2f47bed618e",
-      "isEnabled": true,
-      "version": 5
+      "table" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "default_kent",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "key"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      }, {
+        "type" : "update",
+        "isAllowed" : true
+      }, {
+        "type" : "create",
+        "isAllowed" : true
+      }, {
+        "type" : "drop",
+        "isAllowed" : true
+      }, {
+        "type" : "alter",
+        "isAllowed" : true
+      }, {
+        "type" : "index",
+        "isAllowed" : true
+      }, {
+        "type" : "lock",
+        "isAllowed" : true
+      }, {
+        "type" : "all",
+        "isAllowed" : true
+      }, {
+        "type" : "read",
+        "isAllowed" : true
+      }, {
+        "type" : "write",
+        "isAllowed" : true
+      } ],
+      "users" : [ "admin" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 3,
+    "guid" : "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "all - database, udf",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "Policy for all - database, udf",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            },
-            {
-              "type": "update",
-              "isAllowed": true
-            },
-            {
-              "type": "create",
-              "isAllowed": true
-            },
-            {
-              "type": "drop",
-              "isAllowed": true
-            },
-            {
-              "type": "alter",
-              "isAllowed": true
-            },
-            {
-              "type": "index",
-              "isAllowed": true
-            },
-            {
-              "type": "lock",
-              "isAllowed": true
-            },
-            {
-              "type": "all",
-              "isAllowed": true
-            },
-            {
-              "type": "read",
-              "isAllowed": true
-            },
-            {
-              "type": "write",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "kent"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 5,
-      "guid": "fd24db19-f7cc-4e13-a8ba-bbd5a07a2d8d",
-      "isEnabled": true,
-      "version": 5
+      "udf" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "src_key _less_than_20",
-      "policyType": 2,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      }, {
+        "type" : "update",
+        "isAllowed" : true
+      }, {
+        "type" : "create",
+        "isAllowed" : true
+      }, {
+        "type" : "drop",
+        "isAllowed" : true
+      }, {
+        "type" : "alter",
+        "isAllowed" : true
+      }, {
+        "type" : "index",
+        "isAllowed" : true
+      }, {
+        "type" : "lock",
+        "isAllowed" : true
+      }, {
+        "type" : "all",
+        "isAllowed" : true
+      }, {
+        "type" : "read",
+        "isAllowed" : true
+      }, {
+        "type" : "write",
+        "isAllowed" : true
+      } ],
+      "users" : [ "admin" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 4,
+    "guid" : "a87ff679-a2f3-371d-9181-a67b7542122c",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "all - database, udf",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "Policy for all - database, udf",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog", "iceberg_ns", "ns1" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [
-        {
-          "rowFilterInfo": {
-            "filterExpr": "key\u003c20"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "serviceType": "hive",
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 4,
-      "guid": "f588a9ed-f7b1-48f7-9d0d-c12cf2b9b7ed",
-      "isEnabled": true,
-      "version": 26
-    },{
-      "service": "hive_jenkins",
-      "name": "src_key_less_than_20_perm_view",
-      "policyType": 2,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "perm_view"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+      "column" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [
-        {
-          "rowFilterInfo": {
-            "filterExpr": "key\u003c20"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "perm_view_user"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "serviceType": "hive",
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 22,
-      "guid": "c240a7ea-9d26-4db2-b925-d5dbe49bd447 \n",
-      "isEnabled": true,
-      "version": 26
+      "table" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "default_bob_use",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default_bob",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "table_use*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      }, {
+        "type" : "update",
+        "isAllowed" : true
+      }, {
+        "type" : "create",
+        "isAllowed" : true
+      }, {
+        "type" : "drop",
+        "isAllowed" : true
+      }, {
+        "type" : "alter",
+        "isAllowed" : true
+      }, {
+        "type" : "index",
+        "isAllowed" : true
+      }, {
+        "type" : "lock",
+        "isAllowed" : true
+      }, {
+        "type" : "all",
+        "isAllowed" : true
+      }, {
+        "type" : "read",
+        "isAllowed" : true
+      }, {
+        "type" : "write",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob", "perm_view_user", "{OWNER}" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    }, {
+      "accesses" : [ {
+        "type" : "create",
+        "isAllowed" : true
+      } ],
+      "users" : [ "default_table_owner", "create_only_user" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 5,
+    "guid" : "e4da3b7f-bbce-3345-9777-2b0674a318d5",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "default_kent",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "update",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 5,
-      "guid": "2eb6099d-e4f1-41df-9d24-f2f47bed618e",
-      "isEnabled": true,
-      "version": 5
-    },
-    {
-      "service": "hive_jenkins",
-      "name": "default_bob_select",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default_bob",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "table_select*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+      "column" : {
+        "values" : [ "key" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            },
-            {
-              "type": "use",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 5,
-      "guid": "2fb6099d-e4f1-41df-9d24-f2f47bed618e",
-      "isEnabled": true,
-      "version": 5
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "src_value_hash_perm_view",
-      "policyType": 1,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "value1"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      }, {
+        "type" : "update",
+        "isAllowed" : true
+      }, {
+        "type" : "create",
+        "isAllowed" : true
+      }, {
+        "type" : "drop",
+        "isAllowed" : true
+      }, {
+        "type" : "alter",
+        "isAllowed" : true
+      }, {
+        "type" : "index",
+        "isAllowed" : true
+      }, {
+        "type" : "lock",
+        "isAllowed" : true
+      }, {
+        "type" : "all",
+        "isAllowed" : true
+      }, {
+        "type" : "read",
+        "isAllowed" : true
+      }, {
+        "type" : "write",
+        "isAllowed" : true
+      } ],
+      "users" : [ "kent" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    }, {
+      "accesses" : [ {
+        "type" : "create",
+        "isAllowed" : true
+      } ],
+      "users" : [ "default_table_owner", "create_only_user" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 6,
+    "guid" : "1679091c-5a88-3faf-afb5-e6087eb1b2dc",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "default_bob_use",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default_bob", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [
-        {
-          "dataMaskInfo": {
-            "dataMaskType": "MASK_HASH"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 5,
-      "guid": "ed1868a1-bf79-4721-a3d5-6815cc7d4986",
-      "isEnabled": true,
-      "version": 1
-    },{
-      "service": "hive_jenkins",
-      "name": "src_value_hash",
-      "policyType": 1,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "value1"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "perm_view"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+      "column" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [
-        {
-          "dataMaskInfo": {
-            "dataMaskType": "MASK_HASH"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "perm_view_user"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 20,
-      "guid": "bfeddeab-50d0-4902-985f-42559efa39c3",
-      "isEnabled": true,
-      "version": 1
+      "table" : {
+        "values" : [ "table_use*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "src_value2_nullify",
-      "policyType": 1,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog",
-            "iceberg_ns",
-            "ns1"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "value2"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "update",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 7,
+    "guid" : "8f14e45f-ceea-367a-9a36-dedd4bea2543",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "default_bob_select",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default_bob", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [
-        {
-          "dataMaskInfo": {
-            "dataMaskType": "MASK"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 6,
-      "guid": "98a04cd7-8d14-4466-adc9-126d87a3af69",
-      "isEnabled": true,
-      "version": 1
-    },
-    {
-      "service": "hive_jenkins",
-      "name": "src_value3_sf4",
-      "policyType": 1,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "value3"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+      "column" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [
-        {
-          "dataMaskInfo": {
-            "dataMaskType": "MASK_SHOW_FIRST_4"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 7,
-      "guid": "9d50a525-b24c-4cf5-a885-d10d426368d1",
-      "isEnabled": true,
-      "version": 1
+      "table" : {
+        "values" : [ "table_select*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "src_value4_sf4",
-      "policyType": 1,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "value4"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      }, {
+        "type" : "use",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 8,
+    "guid" : "c9f0f895-fb98-3b91-99f5-1fd0297e236d",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "someone_access_perm_view",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [
-        {
-          "dataMaskInfo": {
-            "dataMaskType": "MASK_DATE_SHOW_YEAR"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 8,
-      "guid": "9d50a526-b24c-4cf5-a885-d10d426368d1",
-      "isEnabled": true,
-      "version": 1
+      "column" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      },
+      "table" : {
+        "values" : [ "perm_view" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "src_value5_show_last_4",
-      "policyType": 1,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default",
-            "spark_catalog"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "value5"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "src"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "user_perm_view_only" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 9,
+    "guid" : "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_key_less_than_20",
+    "policyType" : 2,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [
-        {
-          "dataMaskInfo": {
-            "dataMaskType": "MASK_SHOW_LAST_4"
-          },
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "bob"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 32,
-      "guid": "b3f1f1e0-2bd6-4b20-8a32-a531006ae151",
-      "isEnabled": true,
-      "version": 1
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    {
-      "service": "hive_jenkins",
-      "name": "someone_access_perm_view",
-      "policyType": 0,
-      "policyPriority": 0,
-      "description": "",
-      "isAuditEnabled": true,
-      "resources": {
-        "database": {
-          "values": [
-            "default"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "column": {
-          "values": [
-            "*"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        },
-        "table": {
-          "values": [
-            "perm_view"
-          ],
-          "isExcludes": false,
-          "isRecursive": false
-        }
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob", "perm_view_user" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : false,
+      "rowFilterInfo" : {
+        "filterExpr" : "key<20"
+      }
+    } ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 10,
+    "guid" : "d3d94468-02a4-3259-b55d-38e6d163e820",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "perm_view_key_less_than_20",
+    "policyType" : 2,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      "policyItems": [
-        {
-          "accesses": [
-            {
-              "type": "select",
-              "isAllowed": true
-            }
-          ],
-          "users": [
-            "user_perm_view_only"
-          ],
-          "groups": [],
-          "conditions": [],
-          "delegateAdmin": false
-        }
-      ],
-      "denyPolicyItems": [],
-      "allowExceptions": [],
-      "denyExceptions": [],
-      "dataMaskPolicyItems": [],
-      "rowFilterPolicyItems": [],
-      "options": {},
-      "validitySchedules": [],
-      "policyLabels": [
-        ""
-      ],
-      "id": 123,
-      "guid": "2fb6099d-e421-41df-9d24-f2f47bed618e",
-      "isEnabled": true,
-      "version": 5
-    }
-  ],
-  "serviceDef": {
-    "name": "hive",
-    "implClass": "org.apache.ranger.services.hive.RangerServiceHive",
-    "label": "Hive Server2",
-    "description": "Hive Server2",
-    "options": {
-      "enableDenyAndExceptionsInPolicies": "true"
+      "table" : {
+        "values" : [ "perm_view" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
     },
-    "configs": [
-      {
-        "itemId": 1,
-        "name": "username",
-        "type": "string",
-        "mandatory": true,
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Username"
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "perm_view_user" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : false,
+      "rowFilterInfo" : {
+        "filterExpr" : "key<20"
+      }
+    } ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 11,
+    "guid" : "6512bd43-d9ca-36e0-ac99-0b0a82652dca",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_value_hash_perm_view",
+    "policyType" : 1,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 2,
-        "name": "password",
-        "type": "password",
-        "mandatory": true,
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Password"
+      "column" : {
+        "values" : [ "value1" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 3,
-        "name": "jdbc.driverClassName",
-        "type": "string",
-        "mandatory": true,
-        "defaultValue": "org.apache.hive.jdbc.HiveDriver",
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": ""
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
+    },
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true,
+      "dataMaskInfo" : {
+        "dataMaskType" : "MASK_HASH"
+      }
+    } ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 12,
+    "guid" : "c20ad4d7-6fe9-3759-aa27-a0c99bff6710",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_value_hash",
+    "policyType" : 1,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 4,
-        "name": "jdbc.url",
-        "type": "string",
-        "mandatory": true,
-        "defaultValue": "",
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"1.For Remote Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;\u003cbr\u003e2.For Embedded Mode (no host or port), eg.\u003cbr\u003ejdbc:hive2:///;initFile\u003d\u0026lt;file\u0026gt;\u003cbr\u003e3.For HTTP Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;/;\u003cbr\u003etransportMode\u003dhttp;httpPath\u003d\u0026lt;httpPath\u0026gt;\u003cbr\u003e4.For SSL Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;/;ssl\u003dtrue;\u003cbr\u003esslTrustStore\u003dtStore;trustStorePassword\u003dpw\u003cbr\u003e5.For ZooKeeper Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;/;serviceDiscoveryMode\u003d\u003cbr\u003ezooKeeper;zooKeeperNamespace\u003dhiveserver2\u003cbr\u003e6.For Kerberos Mode, eg.\u003cbr\u003ejdbc:hive2://\u0026lt;host\u0026gt;:\u0026lt;port\u0026gt;/;\u003cbr\u003eprincipal\u003dhive/domain@EXAMPLE.COM\u003cbr\u003e\"}"
+      "column" : {
+        "values" : [ "value1" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 5,
-        "name": "commonNameForCertificate",
-        "type": "string",
-        "mandatory": false,
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Common Name for Certificate"
+      "table" : {
+        "values" : [ "perm_view" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       }
-    ],
-    "resources": [
-      {
-        "itemId": 1,
-        "name": "database",
-        "type": "string",
-        "level": 10,
-        "mandatory": true,
-        "lookupSupported": true,
-        "recursiveSupported": false,
-        "excludesSupported": true,
-        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-        "matcherOptions": {
-          "wildCard": "true",
-          "ignoreCase": "true"
-        },
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Hive Database",
-        "description": "Hive Database",
-        "accessTypeRestrictions": [],
-        "isValidLeaf": false
+    },
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "perm_view_user" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true,
+      "dataMaskInfo" : {
+        "dataMaskType" : "MASK_HASH"
+      }
+    } ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 13,
+    "guid" : "c51ce410-c124-310e-8db5-e4b97fc2af39",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_value2_nullify",
+    "policyType" : 1,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog", "iceberg_ns", "ns1" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 5,
-        "name": "url",
-        "type": "string",
-        "level": 10,
-        "mandatory": true,
-        "lookupSupported": false,
-        "recursiveSupported": true,
-        "excludesSupported": false,
-        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
-        "matcherOptions": {
-          "wildCard": "true",
-          "ignoreCase": "false"
-        },
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "URL",
-        "description": "URL",
-        "accessTypeRestrictions": [],
-        "isValidLeaf": true
+      "column" : {
+        "values" : [ "value2" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 2,
-        "name": "table",
-        "type": "string",
-        "level": 20,
-        "parent": "database",
-        "mandatory": true,
-        "lookupSupported": true,
-        "recursiveSupported": false,
-        "excludesSupported": true,
-        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-        "matcherOptions": {
-          "wildCard": "true",
-          "ignoreCase": "true"
-        },
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Hive Table",
-        "description": "Hive Table",
-        "accessTypeRestrictions": [],
-        "isValidLeaf": false
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
+    },
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true,
+      "dataMaskInfo" : {
+        "dataMaskType" : "MASK"
+      }
+    } ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 14,
+    "guid" : "aab32389-22bc-325a-af60-6eb525ffdc56",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_value3_sf4",
+    "policyType" : 1,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 3,
-        "name": "udf",
-        "type": "string",
-        "level": 20,
-        "parent": "database",
-        "mandatory": true,
-        "lookupSupported": true,
-        "recursiveSupported": false,
-        "excludesSupported": true,
-        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-        "matcherOptions": {
-          "wildCard": "true",
-          "ignoreCase": "true"
-        },
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Hive UDF",
-        "description": "Hive UDF",
-        "accessTypeRestrictions": [],
-        "isValidLeaf": true
+      "column" : {
+        "values" : [ "value3" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 4,
-        "name": "column",
-        "type": "string",
-        "level": 30,
-        "parent": "table",
-        "mandatory": true,
-        "lookupSupported": true,
-        "recursiveSupported": false,
-        "excludesSupported": true,
-        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-        "matcherOptions": {
-          "wildCard": "true",
-          "ignoreCase": "true"
-        },
-        "validationRegEx": "",
-        "validationMessage": "",
-        "uiHint": "",
-        "label": "Hive Column",
-        "description": "Hive Column",
-        "accessTypeRestrictions": [],
-        "isValidLeaf": true
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       }
-    ],
-    "accessTypes": [
-      {
-        "itemId": 1,
-        "name": "select",
-        "label": "select",
-        "impliedGrants": []
+    },
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true,
+      "dataMaskInfo" : {
+        "dataMaskType" : "MASK_SHOW_FIRST_4"
+      }
+    } ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 15,
+    "guid" : "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_value4_sf4",
+    "policyType" : 1,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 2,
-        "name": "update",
-        "label": "update",
-        "impliedGrants": []
+      "column" : {
+        "values" : [ "value4" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 3,
-        "name": "create",
-        "label": "Create",
-        "impliedGrants": []
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
+    },
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true,
+      "dataMaskInfo" : {
+        "dataMaskType" : "MASK_DATE_SHOW_YEAR"
+      }
+    } ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 16,
+    "guid" : "c74d97b0-1eae-357e-84aa-9d5bade97baf",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
+    "name" : "src_value5_sf4",
+    "policyType" : 1,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default", "spark_catalog" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 4,
-        "name": "drop",
-        "label": "Drop",
-        "impliedGrants": []
+      "column" : {
+        "values" : [ "value5" ],
+        "isExcludes" : false,
+        "isRecursive" : false
       },
-      {
-        "itemId": 5,
-        "name": "alter",
-        "label": "Alter",
-        "impliedGrants": []
+      "table" : {
+        "values" : [ "src" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
+    },
+    "conditions" : [ ],
+    "policyItems" : [ ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "bob" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true,
+      "dataMaskInfo" : {
+        "dataMaskType" : "MASK_SHOW_LAST_4"
+      }
+    } ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  } ],
+  "serviceDef" : {
+    "name" : "hive",
+    "implClass" : "org.apache.ranger.services.hive.RangerServiceHive",
+    "label" : "Hive Server2",
+    "description" : "Hive Server2",
+    "options" : {
+      "enableDenyAndExceptionsInPolicies" : "true"
+    },
+    "configs" : [ {
+      "itemId" : 1,
+      "name" : "username",
+      "type" : "string",
+      "mandatory" : true,
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Username"
+    }, {
+      "itemId" : 2,
+      "name" : "password",
+      "type" : "password",
+      "mandatory" : true,
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Password"
+    }, {
+      "itemId" : 3,
+      "name" : "jdbc.driverClassName",
+      "type" : "string",
+      "mandatory" : true,
+      "defaultValue" : "org.apache.hive.jdbc.HiveDriver",
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : ""
+    }, {
+      "itemId" : 4,
+      "name" : "jdbc.url",
+      "type" : "string",
+      "mandatory" : true,
+      "defaultValue" : "",
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "{\"TextFieldWithIcon\":true, \"info\": \"1.For Remote Mode, eg.<br>jdbc:hive2://&lt;host&gt;:&lt;port&gt;<br>2.For Embedded Mode (no host or port), eg.<br>jdbc:hive2:///;initFile=&lt;file&gt;<br>3.For HTTP Mode, eg.<br>jdbc:hive2://&lt;host&gt;:&lt;port&gt;/;<br>transportMode=http;httpPath=&lt;httpPath&gt;<br>4.For SSL Mode, eg.<br>jdbc:hive2://&lt;host&gt;:&lt;port&gt;/;ssl=true;<br>sslTrustStore=tStore;trustStorePassword=pw<br>5.For ZooKeeper Mode, eg.<br>jdbc:hive2://&lt;host&gt;/;serviceDiscoveryMode=<br>zooKeeper;zooKeeperNamespace=hiveserver2<br>6.For Kerberos Mode, eg.<br>jdbc:hive2://&lt;host&gt;:&lt;port&gt;/;<br>principal=hive/domain@EXAMPLE.COM<br>\"}"
+    }, {
+      "itemId" : 5,
+      "name" : "commonNameForCertificate",
+      "type" : "string",
+      "mandatory" : false,
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Common Name for Certificate"
+    } ],
+    "resources" : [ {
+      "itemId" : 1,
+      "name" : "database",
+      "type" : "string",
+      "level" : 10,
+      "mandatory" : true,
+      "lookupSupported" : true,
+      "recursiveSupported" : false,
+      "excludesSupported" : true,
+      "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+      "matcherOptions" : {
+        "wildCard" : "true",
+        "ignoreCase" : "true"
       },
-      {
-        "itemId": 6,
-        "name": "index",
-        "label": "Index",
-        "impliedGrants": []
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Hive Database",
+      "description" : "Hive Database",
+      "accessTypeRestrictions" : [ ],
+      "isValidLeaf" : false
+    }, {
+      "itemId" : 5,
+      "name" : "url",
+      "type" : "string",
+      "level" : 10,
+      "mandatory" : true,
+      "lookupSupported" : false,
+      "recursiveSupported" : true,
+      "excludesSupported" : false,
+      "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+      "matcherOptions" : {
+        "wildCard" : "true",
+        "ignoreCase" : "false"
       },
-      {
-        "itemId": 7,
-        "name": "lock",
-        "label": "Lock",
-        "impliedGrants": []
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "URL",
+      "description" : "URL",
+      "accessTypeRestrictions" : [ ],
+      "isValidLeaf" : true
+    }, {
+      "itemId" : 2,
+      "name" : "table",
+      "type" : "string",
+      "level" : 20,
+      "parent" : "database",
+      "mandatory" : true,
+      "lookupSupported" : true,
+      "recursiveSupported" : false,
+      "excludesSupported" : true,
+      "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+      "matcherOptions" : {
+        "wildCard" : "true",
+        "ignoreCase" : "true"
       },
-      {
-        "itemId": 8,
-        "name": "all",
-        "label": "All",
-        "impliedGrants": [
-          "select",
-          "update",
-          "create",
-          "drop",
-          "alter",
-          "index",
-          "lock",
-          "read",
-          "write"
-        ]
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Hive Table",
+      "description" : "Hive Table",
+      "accessTypeRestrictions" : [ ],
+      "isValidLeaf" : false
+    }, {
+      "itemId" : 3,
+      "name" : "udf",
+      "type" : "string",
+      "level" : 20,
+      "parent" : "database",
+      "mandatory" : true,
+      "lookupSupported" : true,
+      "recursiveSupported" : false,
+      "excludesSupported" : true,
+      "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+      "matcherOptions" : {
+        "wildCard" : "true",
+        "ignoreCase" : "true"
       },
-      {
-        "itemId": 9,
-        "name": "read",
-        "label": "Read",
-        "impliedGrants": []
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Hive UDF",
+      "description" : "Hive UDF",
+      "accessTypeRestrictions" : [ ],
+      "isValidLeaf" : true
+    }, {
+      "itemId" : 4,
+      "name" : "column",
+      "type" : "string",
+      "level" : 30,
+      "parent" : "table",
+      "mandatory" : true,
+      "lookupSupported" : true,
+      "recursiveSupported" : false,
+      "excludesSupported" : true,
+      "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+      "matcherOptions" : {
+        "wildCard" : "true",
+        "ignoreCase" : "true"
       },
-      {
-        "itemId": 10,
-        "name": "write",
-        "label": "Write",
-        "impliedGrants": []
-      }
-    ],
-    "policyConditions": [],
-    "contextEnrichers": [],
-    "enums": [],
-    "dataMaskDef": {
-      "maskTypes": [
-        {
-          "itemId": 1,
-          "name": "MASK",
-          "label": "Redact",
-          "description": "Replace lowercase with \u0027x\u0027, uppercase with \u0027X\u0027, digits with \u00270\u0027",
-          "transformer": "mask({col})",
-          "dataMaskOptions": {}
-        },
-        {
-          "itemId": 2,
-          "name": "MASK_SHOW_LAST_4",
-          "label": "Partial mask: show last 4",
-          "description": "Show last 4 characters; replace rest with \u0027x\u0027",
-          "transformer": "mask_show_last_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
-          "dataMaskOptions": {}
-        },
-        {
-          "itemId": 3,
-          "name": "MASK_SHOW_FIRST_4",
-          "label": "Partial mask: show first 4",
-          "description": "Show first 4 characters; replace rest with \u0027x\u0027",
-          "transformer": "mask_show_first_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
-          "dataMaskOptions": {}
-        },
-        {
-          "itemId": 4,
-          "name": "MASK_HASH",
-          "label": "Hash",
-          "description": "Hash the value",
-          "transformer": "mask_hash({col})",
-          "dataMaskOptions": {}
+      "validationRegEx" : "",
+      "validationMessage" : "",
+      "uiHint" : "",
+      "label" : "Hive Column",
+      "description" : "Hive Column",
+      "accessTypeRestrictions" : [ ],
+      "isValidLeaf" : true
+    } ],
+    "accessTypes" : [ {
+      "itemId" : 1,
+      "name" : "select",
+      "label" : "select",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 2,
+      "name" : "update",
+      "label" : "update",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 3,
+      "name" : "create",
+      "label" : "Create",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 4,
+      "name" : "drop",
+      "label" : "Drop",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 5,
+      "name" : "alter",
+      "label" : "Alter",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 6,
+      "name" : "index",
+      "label" : "Index",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 7,
+      "name" : "lock",
+      "label" : "Lock",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 8,
+      "name" : "all",
+      "label" : "All",
+      "impliedGrants" : [ "select", "update", "create", "drop", "alter", "index", "lock", "read", "write" ]
+    }, {
+      "itemId" : 9,
+      "name" : "read",
+      "label" : "Read",
+      "impliedGrants" : [ ]
+    }, {
+      "itemId" : 10,
+      "name" : "write",
+      "label" : "Write",
+      "impliedGrants" : [ ]
+    } ],
+    "policyConditions" : [ ],
+    "contextEnrichers" : [ ],
+    "enums" : [ ],
+    "dataMaskDef" : {
+      "maskTypes" : [ {
+        "itemId" : 1,
+        "name" : "MASK",
+        "label" : "Redact",
+        "description" : "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
+        "transformer" : "mask({col})",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 2,
+        "name" : "MASK_SHOW_LAST_4",
+        "label" : "Partial mask: show last 4",
+        "description" : "Show last 4 characters; replace rest with 'x'",
+        "transformer" : "mask_show_last_n({col}, 4, 'x', 'x', 'x', -1, '1')",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 3,
+        "name" : "MASK_SHOW_FIRST_4",
+        "label" : "Partial mask: show first 4",
+        "description" : "Show first 4 characters; replace rest with 'x'",
+        "transformer" : "mask_show_first_n({col}, 4, 'x', 'x', 'x', -1, '1')",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 4,
+        "name" : "MASK_HASH",
+        "label" : "Hash",
+        "description" : "Hash the value",
+        "transformer" : "mask_hash({col})",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 5,
+        "name" : "MASK_NULL",
+        "label" : "Nullify",
+        "description" : "Replace with NULL",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 6,
+        "name" : "MASK_NONE",
+        "label" : "Unmasked (retain original value)",
+        "description" : "No masking",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 12,
+        "name" : "MASK_DATE_SHOW_YEAR",
+        "label" : "Date: show only year",
+        "description" : "Date: show only year",
+        "transformer" : "mask({col}, 'x', 'x', 'x', -1, '1', 1, 0, -1)",
+        "dataMaskOptions" : { }
+      }, {
+        "itemId" : 13,
+        "name" : "CUSTOM",
+        "label" : "Custom",
+        "description" : "Custom",
+        "dataMaskOptions" : { }
+      } ],
+      "accessTypes" : [ {
+        "itemId" : 1,
+        "name" : "select",
+        "label" : "select",
+        "impliedGrants" : [ ]
+      } ],
+      "resources" : [ {
+        "itemId" : 1,
+        "name" : "database",
+        "type" : "string",
+        "level" : 10,
+        "mandatory" : true,
+        "lookupSupported" : true,
+        "recursiveSupported" : false,
+        "excludesSupported" : false,
+        "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions" : {
+          "wildCard" : "false",
+          "ignoreCase" : "true"
         },
-        {
-          "itemId": 5,
-          "name": "MASK_NULL",
-          "label": "Nullify",
-          "description": "Replace with NULL",
-          "dataMaskOptions": {}
+        "validationRegEx" : "",
+        "validationMessage" : "",
+        "uiHint" : "{ \"singleValue\":true }",
+        "label" : "Hive Database",
+        "description" : "Hive Database",
+        "accessTypeRestrictions" : [ ],
+        "isValidLeaf" : false
+      }, {
+        "itemId" : 2,
+        "name" : "table",
+        "type" : "string",
+        "level" : 20,
+        "parent" : "database",
+        "mandatory" : true,
+        "lookupSupported" : true,
+        "recursiveSupported" : false,
+        "excludesSupported" : false,
+        "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions" : {
+          "wildCard" : "false",
+          "ignoreCase" : "true"
         },
-        {
-          "itemId": 6,
-          "name": "MASK_NONE",
-          "label": "Unmasked (retain original value)",
-          "description": "No masking",
-          "dataMaskOptions": {}
+        "validationRegEx" : "",
+        "validationMessage" : "",
+        "uiHint" : "{ \"singleValue\":true }",
+        "label" : "Hive Table",
+        "description" : "Hive Table",
+        "accessTypeRestrictions" : [ ],
+        "isValidLeaf" : false
+      }, {
+        "itemId" : 4,
+        "name" : "column",
+        "type" : "string",
+        "level" : 30,
+        "parent" : "table",
+        "mandatory" : true,
+        "lookupSupported" : true,
+        "recursiveSupported" : false,
+        "excludesSupported" : false,
+        "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions" : {
+          "wildCard" : "false",
+          "ignoreCase" : "true"
         },
-        {
-          "itemId": 12,
-          "name": "MASK_DATE_SHOW_YEAR",
-          "label": "Date: show only year",
-          "description": "Date: show only year",
-          "transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, 1, 0, -1)",
-          "dataMaskOptions": {}
-        },
-        {
-          "itemId": 13,
-          "name": "CUSTOM",
-          "label": "Custom",
-          "description": "Custom",
-          "dataMaskOptions": {}
-        }
-      ],
-      "accessTypes": [
-        {
-          "itemId": 1,
-          "name": "select",
-          "label": "select",
-          "impliedGrants": []
-        }
-      ],
-      "resources": [
-        {
-          "itemId": 1,
-          "name": "database",
-          "type": "string",
-          "level": 10,
-          "mandatory": true,
-          "lookupSupported": true,
-          "recursiveSupported": false,
-          "excludesSupported": false,
-          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-          "matcherOptions": {
-            "wildCard": "false",
-            "ignoreCase": "true"
-          },
-          "validationRegEx": "",
-          "validationMessage": "",
-          "uiHint": "{ \"singleValue\":true }",
-          "label": "Hive Database",
-          "description": "Hive Database",
-          "accessTypeRestrictions": [],
-          "isValidLeaf": false
-        },
-        {
-          "itemId": 2,
-          "name": "table",
-          "type": "string",
-          "level": 20,
-          "parent": "database",
-          "mandatory": true,
-          "lookupSupported": true,
-          "recursiveSupported": false,
-          "excludesSupported": false,
-          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-          "matcherOptions": {
-            "wildCard": "false",
-            "ignoreCase": "true"
-          },
-          "validationRegEx": "",
-          "validationMessage": "",
-          "uiHint": "{ \"singleValue\":true }",
-          "label": "Hive Table",
-          "description": "Hive Table",
-          "accessTypeRestrictions": [],
-          "isValidLeaf": false
-        },
-        {
-          "itemId": 4,
-          "name": "column",
-          "type": "string",
-          "level": 30,
-          "parent": "table",
-          "mandatory": true,
-          "lookupSupported": true,
-          "recursiveSupported": false,
-          "excludesSupported": false,
-          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-          "matcherOptions": {
-            "wildCard": "false",
-            "ignoreCase": "true"
-          },
-          "validationRegEx": "",
-          "validationMessage": "",
-          "uiHint": "{ \"singleValue\":true }",
-          "label": "Hive Column",
-          "description": "Hive Column",
-          "accessTypeRestrictions": [],
-          "isValidLeaf": true
-        }
-      ]
+        "validationRegEx" : "",
+        "validationMessage" : "",
+        "uiHint" : "{ \"singleValue\":true }",
+        "label" : "Hive Column",
+        "description" : "Hive Column",
+        "accessTypeRestrictions" : [ ],
+        "isValidLeaf" : true
+      } ]
     },
-    "rowFilterDef": {
-      "accessTypes": [
-        {
-          "itemId": 1,
-          "name": "select",
-          "label": "select",
-          "impliedGrants": []
-        }
-      ],
-      "resources": [
-        {
-          "itemId": 1,
-          "name": "database",
-          "type": "string",
-          "level": 10,
-          "mandatory": true,
-          "lookupSupported": true,
-          "recursiveSupported": false,
-          "excludesSupported": false,
-          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-          "matcherOptions": {
-            "wildCard": "false",
-            "ignoreCase": "true"
-          },
-          "validationRegEx": "",
-          "validationMessage": "",
-          "uiHint": "{ \"singleValue\":true }",
-          "label": "Hive Database",
-          "description": "Hive Database",
-          "accessTypeRestrictions": [],
-          "isValidLeaf": false
+    "rowFilterDef" : {
+      "accessTypes" : [ {
+        "itemId" : 1,
+        "name" : "select",
+        "label" : "select",
+        "impliedGrants" : [ ]
+      } ],
+      "resources" : [ {
+        "itemId" : 1,
+        "name" : "database",
+        "type" : "string",
+        "level" : 10,
+        "mandatory" : true,
+        "lookupSupported" : true,
+        "recursiveSupported" : false,
+        "excludesSupported" : false,
+        "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions" : {
+          "wildCard" : "false",
+          "ignoreCase" : "true"
+        },
+        "validationRegEx" : "",
+        "validationMessage" : "",
+        "uiHint" : "{ \"singleValue\":true }",
+        "label" : "Hive Database",
+        "description" : "Hive Database",
+        "accessTypeRestrictions" : [ ],
+        "isValidLeaf" : false
+      }, {
+        "itemId" : 2,
+        "name" : "table",
+        "type" : "string",
+        "level" : 20,
+        "parent" : "database",
+        "mandatory" : true,
+        "lookupSupported" : true,
+        "recursiveSupported" : false,
+        "excludesSupported" : false,
+        "matcher" : "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+        "matcherOptions" : {
+          "wildCard" : "false",
+          "ignoreCase" : "true"
         },
-        {
-          "itemId": 2,
-          "name": "table",
-          "type": "string",
-          "level": 20,
-          "parent": "database",
-          "mandatory": true,
-          "lookupSupported": true,
-          "recursiveSupported": false,
-          "excludesSupported": false,
-          "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
-          "matcherOptions": {
-            "wildCard": "false",
-            "ignoreCase": "true"
-          },
-          "validationRegEx": "",
-          "validationMessage": "",
-          "uiHint": "{ \"singleValue\":true }",
-          "label": "Hive Table",
-          "description": "Hive Table",
-          "accessTypeRestrictions": [],
-          "isValidLeaf": true
-        }
-      ]
+        "validationRegEx" : "",
+        "validationMessage" : "",
+        "uiHint" : "{ \"singleValue\":true }",
+        "label" : "Hive Table",
+        "description" : "Hive Table",
+        "accessTypeRestrictions" : [ ],
+        "isValidLeaf" : true
+      } ]
     },
-    "id": 3,
-    "guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
-    "isEnabled": true,
-    "createTime": "20190401-20:14:36.000-+0800",
-    "updateTime": "20190401-20:14:36.000-+0800",
-    "version": 1
+    "id" : 3,
+    "guid" : "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
+    "isEnabled" : true,
+    "createTime" : "20190401-20:14:36.000-+0800",
+    "updateTime" : "20190401-20:14:36.000-+0800",
+    "version" : 1
   },
-  "auditMode": "audit-default"
-}
+  "auditMode" : "audit-default"
+}
\ No newline at end of file

From b315123a6b6dfa7b03a5ab7875856bdfd4e0eaed Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Fri, 7 Apr 2023 18:51:48 +0800
Subject: [PATCH 261/760] [KYUUBI #1652] Support Flink yarn application mode

### _Why are the changes needed?_
Flink yarn application mode is crucial for the production usage of Flink engine.

To test this PR locally, we should:

1) set `flink.execution.target=yarn-application` in `kyuubi-defaults.conf`.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4604 from link3280/KYUUBI-1652.

Closes #1652

49b454f1e [Paul Lin] [KYUUBI #1652] Delay access to thrift services to stablize tests
b91b64bf6 [Paul Lin] Revert "[KYUUBI #1652] Avoid hadoop conf injecting into kyuubi conf"
c9f710b0f [Paul Lin] [KYUUBI #1652] Avoid hadoop conf injecting into kyuubi conf
cde8a5477 [Paul Lin] [KYUUBI #1652] Improve docs
edba0ec79 [Paul Lin] [KYUUBI #1652] Improve codestyle
e03e055ae [Paul Lin] [KYUUBI #1652] Update docs according to the comments
490559cd8 [Paul Lin] [KYUUBI #1652] Update docs
769d1a8fa [Paul Lin] [KYUUBI #1652] Move zookeeper to test scope
bafb3f5a4 [Paul Lin] [KYUUBI #1652] Fix flink-it test
dd40c72b8 [Paul Lin] [KYUUBI #1652] Update docs
36c993fc2 [Paul Lin] [KYUUBI #1652] Fix javax.activation not found in flink-it
2a751bdd6 [Paul Lin] [KYUUBI #1652] Introduce EmbeddedZookeeper in Flink yarn tests
0933b7082 [Paul Lin] [KYUUBI #1652] Fix spotless issue
b858f7df6 [Paul Lin] [KYUUBI #1652] Fix Flink submit timeout because failing to find hadoop conf
15801b598 [Paul Lin] [KYUUBI #1652] Replace unused jaxb
b210615e4 [Paul Lin] Update externals/kyuubi-flink-sql-engine/pom.xml
24b23da2c [Paul Lin] [KYUUBI #1652] Update jaxb scope to test
240efae1a [Paul Lin] [KYUUBI #1652] Update jaxb scope to runtime
0e9a508b6 [Paul Lin] [KYUUBI #1652] Update jaxb scope to runtime
b5dbd3346 [Paul Lin] [KYUUBI #1652] Fix jdk11 jaxb ClassNotFoundException
72ba3ee6d [Paul Lin] [KYUUBI #1652] Update tm memory to 1gb
4e10ea21f [Paul Lin] [KYUUBI #1652] Refactor flink engin tests
e9cec4a65 [Paul Lin] [KYUUBI #1652] Add flink-it tests
6eb9fd3ad [Paul Lin] [KYUUBI #1652] Fix ProcessBuilder tests
6aca061e6 [Paul Lin] [KYUUBI #1652] Fix ClassNotFoundException
7581a2a0d [Paul Lin] [KYUUBI #1652] Fix missing minicluster
412c34571 [Paul Lin] [KYUUBI #1652] Remove flink-yarn dependencies
0eafbd7b0 [Paul Lin] Update externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
ee2c64d04 [Paul Lin] [KYUUBI #1652] Add Flink YARN application tests
a72627393 [Paul Lin] [KYUUBI #1652] Avoid flink-yarn dependencies
a75cb2579 [Paul Lin] [KYUUBI #1652] Fix test issue
b7e173f30 [Paul Lin] [KYUUBI #1652] Replace file-based Kyuubi conf with cli args
693ad6529 [Paul Lin] [KYUUBI #1652] Removed unused imports
68e0081e1 [Paul Lin] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
ba021de9d [Paul Lin] [KYUUBI #1652] Search flink-sql.* jars and add them to pipeline jars
0846babbd [Paul Lin] [KYUUBI #1652] Avoid Scala bug
56413fe83 [Paul Lin] [KYUUBI #1652] Improve tmp files cleanup
8bdb672c4 [Paul Lin] [KYUUBI #1652] Explicitly load Kyuubi conf on Flink engine start
0b6325000 [Paul Lin] [KYUUBI #1652] Fix test failures
0ba03e439 [Paul Lin] [KYUUBI #1652] Fix wrong Flink args
00f036b04 [Paul Lin] [KYUUBI #1652] Remove unused util methods
dfd2777ac [Paul Lin] [KYUUBI ##1652] Support Flink yarn application mode

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |   7 +-
 externals/kyuubi-flink-sql-engine/pom.xml     |  38 +++
 .../executors/EmbeddedExecutorFactory.java    | 125 +++++++++
 ...ink.core.execution.PipelineExecutorFactory |  16 ++
 .../kyuubi/engine/flink/FlinkSQLEngine.scala  |  24 +-
 .../flink/operation/ExecuteStatement.scala    |   9 +-
 .../engine/flink/result/ResultSet.scala       |  17 +-
 .../flink/WithDiscoveryFlinkSQLEngine.scala   |  65 +++++
 ...ne.scala => WithFlinkSQLEngineLocal.scala} |  23 +-
 .../flink/WithFlinkSQLEngineOnYarn.scala      | 265 ++++++++++++++++++
 .../engine/flink/WithFlinkTestResources.scala |  41 +++
 .../operation/FlinkOperationLocalSuite.scala  |  33 +++
 .../operation/FlinkOperationOnYarnSuite.scala |  26 ++
 .../flink/operation/FlinkOperationSuite.scala |  54 ++--
 .../operation/PlanOnlyOperationSuite.scala    |   4 +-
 integration-tests/kyuubi-flink-it/pom.xml     |  31 ++
 .../WithKyuubiServerAndYarnMiniCluster.scala  | 145 ++++++++++
 .../operation/FlinkOperationSuiteOnYarn.scala | 113 ++++++++
 .../org/apache/kyuubi/config/KyuubiConf.scala |  14 +-
 .../kyuubi/ha/client/ServiceDiscovery.scala   |   1 +
 .../org/apache/kyuubi/engine/EngineRef.scala  |   2 +-
 .../engine/KyuubiApplicationManager.scala     |   8 +-
 .../engine/flink/FlinkProcessBuilder.scala    | 188 ++++++++-----
 .../flink/FlinkProcessBuilderSuite.scala      |  74 ++++-
 .../kyuubi/server/MiniYarnService.scala       |   6 +-
 25 files changed, 1190 insertions(+), 139 deletions(-)
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/resources/META-INF/services/org.apache.flink.core.execution.PipelineExecutorFactory
 create mode 100644 externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala
 rename externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/{WithFlinkSQLEngine.scala => WithFlinkSQLEngineLocal.scala} (79%)
 create mode 100644 externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
 create mode 100644 integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/WithKyuubiServerAndYarnMiniCluster.scala
 create mode 100644 integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 960f2c328..b12185c3c 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -136,9 +136,10 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.deregister.job.max.failures                | 4                         | Number of failures of job before deregistering the engine.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.2.0 |
 | kyuubi.engine.event.json.log.path                        | file:///tmp/kyuubi/events | The location where all the engine events go for the built-in JSON logger.<ul><li>Local Path: start with 'file://'</li><li>HDFS Path: start with 'hdfs://'</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.3.0 |
 | kyuubi.engine.event.loggers                              | SPARK                     | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a subclass of `org.apache.kyuubi.events.handler.CustomEventHandlerProvider` which has a zero-arg constructor.                                                                                                                                                                                                                                                                                                                                                    | seq      | 1.3.0 |
-| kyuubi.engine.flink.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Flink SQL engine, for configuring the location of hadoop client jars, etc                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.6.0 |
-| kyuubi.engine.flink.java.options                         | &lt;undefined&gt;         | The extra Java options for the Flink SQL engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.6.0 |
-| kyuubi.engine.flink.memory                               | 1g                        | The heap memory for the Flink SQL engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
+| kyuubi.engine.flink.application.jars                     | &lt;undefined&gt;         | A comma-separated list of the local jars to be shipped with the job to the cluster. For example, SQL UDF jars. Only effective in yarn application mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.8.0 |
+| kyuubi.engine.flink.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Flink SQL engine, for configuring the location of hadoop client jars, etc. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
+| kyuubi.engine.flink.java.options                         | &lt;undefined&gt;         | The extra Java options for the Flink SQL engine. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.6.0 |
+| kyuubi.engine.flink.memory                               | 1g                        | The heap memory for the Flink SQL engine. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.6.0 |
 | kyuubi.engine.hive.event.loggers                         | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
 | kyuubi.engine.hive.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Hive query engine, for configuring location of the hadoop client jars and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
 | kyuubi.engine.hive.java.options                          | &lt;undefined&gt;         | The extra Java options for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index f3633b904..0e499f978 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -126,11 +126,49 @@
             <version>${project.version}</version>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-zookeeper_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.flink</groupId>
             <artifactId>flink-test-utils</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-minicluster</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.activation</groupId>
+            <artifactId>jakarta.activation-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.xml.bind</groupId>
+            <artifactId>jakarta.xml.bind-api</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java b/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
new file mode 100644
index 000000000..69d69a55c
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.flink.client.deployment.application.executors;
+
+import static org.apache.flink.util.Preconditions.checkNotNull;
+import static org.apache.flink.util.Preconditions.checkState;
+
+import java.util.Collection;
+import java.util.concurrent.ConcurrentLinkedQueue;
+import org.apache.flink.annotation.Internal;
+import org.apache.flink.api.common.JobID;
+import org.apache.flink.api.common.time.Time;
+import org.apache.flink.client.cli.ClientOptions;
+import org.apache.flink.client.deployment.application.EmbeddedJobClient;
+import org.apache.flink.configuration.Configuration;
+import org.apache.flink.configuration.DeploymentOptions;
+import org.apache.flink.core.execution.PipelineExecutor;
+import org.apache.flink.core.execution.PipelineExecutorFactory;
+import org.apache.flink.runtime.dispatcher.DispatcherGateway;
+import org.apache.flink.util.concurrent.ScheduledExecutor;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** Copied from Apache Flink to exposed the DispatcherGateway for Kyuubi statements. */
+@Internal
+public class EmbeddedExecutorFactory implements PipelineExecutorFactory {
+
+  private static Collection<JobID> bootstrapJobIds;
+
+  private static Collection<JobID> submittedJobIds;
+
+  private static DispatcherGateway dispatcherGateway;
+
+  private static ScheduledExecutor retryExecutor;
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(EmbeddedExecutorFactory.class);
+
+  public EmbeddedExecutorFactory() {
+    LOGGER.debug(
+        "{} loaded in thread {} with classloader {}.",
+        this.getClass().getCanonicalName(),
+        Thread.currentThread().getName(),
+        this.getClass().getClassLoader().toString());
+  }
+
+  /**
+   * Creates an {@link EmbeddedExecutorFactory}.
+   *
+   * @param submittedJobIds a list that is going to be filled with the job ids of the new jobs that
+   *     will be submitted. This is essentially used to return the submitted job ids to the caller.
+   * @param dispatcherGateway the dispatcher of the cluster which is going to be used to submit
+   *     jobs.
+   */
+  public EmbeddedExecutorFactory(
+      final Collection<JobID> submittedJobIds,
+      final DispatcherGateway dispatcherGateway,
+      final ScheduledExecutor retryExecutor) {
+    // there should be only one instance of EmbeddedExecutorFactory
+    LOGGER.debug(
+        "{} initiated in thread {} with classloader {}.",
+        this.getClass().getCanonicalName(),
+        Thread.currentThread().getName(),
+        this.getClass().getClassLoader().toString());
+    checkState(EmbeddedExecutorFactory.submittedJobIds == null);
+    checkState(EmbeddedExecutorFactory.dispatcherGateway == null);
+    checkState(EmbeddedExecutorFactory.retryExecutor == null);
+    // submittedJobIds would be always 1, because we create a new list to avoid concurrent access
+    // issues
+    EmbeddedExecutorFactory.submittedJobIds =
+        new ConcurrentLinkedQueue<>(checkNotNull(submittedJobIds));
+    EmbeddedExecutorFactory.bootstrapJobIds = submittedJobIds;
+    EmbeddedExecutorFactory.dispatcherGateway = checkNotNull(dispatcherGateway);
+    EmbeddedExecutorFactory.retryExecutor = checkNotNull(retryExecutor);
+  }
+
+  @Override
+  public String getName() {
+    return EmbeddedExecutor.NAME;
+  }
+
+  @Override
+  public boolean isCompatibleWith(final Configuration configuration) {
+    // override Flink's implementation to allow usage in Kyuubi
+    LOGGER.debug("matching execution target: {}", configuration.get(DeploymentOptions.TARGET));
+    return configuration.get(DeploymentOptions.TARGET).equalsIgnoreCase("yarn-application")
+        && configuration.toMap().getOrDefault("yarn.tags", "").toLowerCase().contains("kyuubi");
+  }
+
+  @Override
+  public PipelineExecutor getExecutor(final Configuration configuration) {
+    checkNotNull(configuration);
+    Collection<JobID> executorJobIDs;
+    if (bootstrapJobIds.size() > 0) {
+      LOGGER.info("Submitting new Kyuubi job. Job already submitted: {}.", submittedJobIds.size());
+      executorJobIDs = submittedJobIds;
+    } else {
+      LOGGER.info("Bootstrapping Flink SQL engine.");
+      executorJobIDs = bootstrapJobIds;
+    }
+    return new EmbeddedExecutor(
+        executorJobIDs,
+        dispatcherGateway,
+        (jobId, userCodeClassloader) -> {
+          final Time timeout =
+              Time.milliseconds(configuration.get(ClientOptions.CLIENT_TIMEOUT).toMillis());
+          return new EmbeddedJobClient(
+              jobId, dispatcherGateway, retryExecutor, timeout, userCodeClassloader);
+        });
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/resources/META-INF/services/org.apache.flink.core.execution.PipelineExecutorFactory b/externals/kyuubi-flink-sql-engine/src/main/resources/META-INF/services/org.apache.flink.core.execution.PipelineExecutorFactory
new file mode 100644
index 000000000..c394c07a7
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/resources/META-INF/services/org.apache.flink.core.execution.PipelineExecutorFactory
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+org.apache.flink.client.deployment.application.executors.EmbeddedExecutorFactory
\ No newline at end of file
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 06fdc65ae..42061a369 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -28,6 +28,7 @@ import scala.collection.mutable.ListBuffer
 
 import org.apache.flink.client.cli.{DefaultCLI, GenericCLI}
 import org.apache.flink.configuration.{Configuration, DeploymentOptions, GlobalConfiguration}
+import org.apache.flink.table.api.TableEnvironment
 import org.apache.flink.table.client.SqlClientException
 import org.apache.flink.table.client.gateway.context.DefaultContext
 import org.apache.flink.util.JarUtils
@@ -71,9 +72,12 @@ object FlinkSQLEngine extends Logging {
   def main(args: Array[String]): Unit = {
     SignalRegister.registerLogger(logger)
 
+    info(s"Flink SQL engine classpath: ${System.getProperty("java.class.path")}")
+
     FlinkEngineUtils.checkFlinkVersion()
 
     try {
+      kyuubiConf.loadFileDefaults()
       Utils.fromCommandLineArgs(args, kyuubiConf)
       val flinkConfDir = sys.env.getOrElse(
         "FLINK_CONF_DIR", {
@@ -100,6 +104,11 @@ object FlinkSQLEngine extends Logging {
             val appName = s"kyuubi_${user}_flink_${Instant.now}"
             flinkConf.setString("yarn.application.name", appName)
           }
+          if (flinkConf.containsKey("high-availability.cluster-id")) {
+            flinkConf.setString(
+              "yarn.application.id",
+              flinkConf.toMap.get("high-availability.cluster-id"))
+          }
         case "kubernetes-application" =>
           if (!flinkConf.containsKey("kubernetes.cluster-id")) {
             val appName = s"kyuubi-${user}-flink-${Instant.now}"
@@ -122,7 +131,11 @@ object FlinkSQLEngine extends Logging {
       kyuubiConf.setIfMissing(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
 
       startEngine(engineContext)
-      info("started engine...")
+      info("Flink engine started")
+
+      if ("yarn-application".equalsIgnoreCase(executionTarget)) {
+        bootstrapFlinkApplicationExecutor(flinkConf)
+      }
 
       // blocking main thread
       countDownLatch.await()
@@ -146,6 +159,15 @@ object FlinkSQLEngine extends Logging {
     }
   }
 
+  private def bootstrapFlinkApplicationExecutor(flinkConf: Configuration) = {
+    // trigger an execution to initiate EmbeddedExecutor
+    info("Running initial Flink SQL in application mode.")
+    val tableEnv = TableEnvironment.create(flinkConf)
+    val res = tableEnv.executeSql("select 'kyuubi'")
+    res.await()
+    info("Initial Flink SQL finished.")
+  }
+
   private def discoverDependencies(
       jars: Seq[URL],
       libraries: Seq[URL]): List[URL] = {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index de104150f..10ad5bf6d 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -28,7 +28,7 @@ import org.apache.flink.table.api.ResultKind
 import org.apache.flink.table.client.gateway.TypedResult
 import org.apache.flink.table.data.{GenericArrayData, GenericMapData, RowData}
 import org.apache.flink.table.data.binary.{BinaryArrayData, BinaryMapData}
-import org.apache.flink.table.operations.{Operation, QueryOperation}
+import org.apache.flink.table.operations.{ModifyOperation, Operation, QueryOperation}
 import org.apache.flink.table.operations.command._
 import org.apache.flink.table.types.DataType
 import org.apache.flink.table.types.logical._
@@ -80,6 +80,7 @@ class ExecuteStatement(
       val operation = executor.parseStatement(sessionId, statement)
       operation match {
         case queryOperation: QueryOperation => runQueryOperation(queryOperation)
+        case modifyOperation: ModifyOperation => runModifyOperation(modifyOperation)
         case setOperation: SetOperation =>
           resultSet = OperationUtils.runSetOperation(setOperation, executor, sessionId)
         case resetOperation: ResetOperation =>
@@ -143,6 +144,12 @@ class ExecuteStatement(
     }
   }
 
+  private def runModifyOperation(operation: ModifyOperation): Unit = {
+    val result = executor.executeOperation(sessionId, operation)
+    jobId = result.getJobClient.asScala.map(_.getJobID)
+    resultSet = ResultSet.fromJobId(jobId.orNull)
+  }
+
   private def runOperation(operation: Operation): Unit = {
     val result = executor.executeOperation(sessionId, operation)
     jobId = result.getJobClient.asScala.map(_.getJobID)
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
index 136733812..09c401988 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
@@ -22,7 +22,8 @@ import java.util
 import scala.collection.JavaConverters._
 
 import com.google.common.collect.Iterators
-import org.apache.flink.table.api.{ResultKind, TableResult}
+import org.apache.flink.api.common.JobID
+import org.apache.flink.table.api.{DataTypes, ResultKind, TableResult}
 import org.apache.flink.table.catalog.Column
 import org.apache.flink.types.Row
 
@@ -68,6 +69,20 @@ object ResultSet {
       .build
   }
 
+  def fromJobId(jobID: JobID): ResultSet = {
+    val data: Array[Row] = if (jobID != null) {
+      Array(Row.of(jobID.toString))
+    } else {
+      // should not happen
+      Array(Row.of("(Empty Job ID)"))
+    }
+    builder
+      .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
+      .columns(Column.physical("result", DataTypes.STRING()))
+      .data(data)
+      .build;
+  }
+
   def builder: Builder = new ResultSet.Builder
 
   class Builder {
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala
new file mode 100644
index 000000000..aebcce6c5
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink
+
+import java.util.UUID
+
+import org.apache.kyuubi.config.KyuubiConf.{ENGINE_SHARE_LEVEL, ENGINE_TYPE}
+import org.apache.kyuubi.engine.ShareLevel
+import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
+import org.apache.kyuubi.ha.client.{DiscoveryClient, DiscoveryClientProvider}
+
+trait WithDiscoveryFlinkSQLEngine extends WithFlinkSQLEngineOnYarn {
+
+  override protected def engineRefId: String = UUID.randomUUID().toString
+
+  def namespace: String = "/kyuubi/flink-yarn-application-test"
+
+  def shareLevel: String = ShareLevel.USER.toString
+
+  def engineType: String = "flink"
+
+  override def withKyuubiConf: Map[String, String] = {
+    Map(
+      HA_NAMESPACE.key -> namespace,
+      HA_ENGINE_REF_ID.key -> engineRefId,
+      ENGINE_TYPE.key -> "FLINK_SQL",
+      ENGINE_SHARE_LEVEL.key -> shareLevel)
+  }
+
+  def withDiscoveryClient(f: DiscoveryClient => Unit): Unit = {
+    DiscoveryClientProvider.withDiscoveryClient(conf)(f)
+  }
+
+  def getFlinkEngineServiceUrl: String = {
+    var hostPort: Option[(String, Int)] = None
+    var retries = 0
+    while (hostPort.isEmpty && retries < 5) {
+      withDiscoveryClient(client => hostPort = client.getServerHost(namespace))
+      retries += 1
+      Thread.sleep(1000L)
+    }
+    if (hostPort.isEmpty) {
+      throw new RuntimeException("Time out retrieving Flink engine service url.")
+    }
+    // delay the access to thrift service because the thrift service
+    // may not be ready although it's registered
+    Thread.sleep(3000L)
+    s"jdbc:hive2://${hostPort.get._1}:${hostPort.get._2}"
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
similarity index 79%
rename from externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngine.scala
rename to externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
index fbfb8df29..c8435f9c5 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
@@ -24,32 +24,20 @@ import org.apache.flink.configuration.{Configuration, RestOptions}
 import org.apache.flink.runtime.minicluster.{MiniCluster, MiniClusterConfiguration}
 import org.apache.flink.table.client.gateway.context.DefaultContext
 
-import org.apache.kyuubi.{KyuubiFunSuite, Utils}
+import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
 
-trait WithFlinkSQLEngine extends KyuubiFunSuite {
+trait WithFlinkSQLEngineLocal extends KyuubiFunSuite with WithFlinkTestResources {
 
   protected val flinkConfig = new Configuration()
   protected var miniCluster: MiniCluster = _
   protected var engine: FlinkSQLEngine = _
   // conf will be loaded until start flink engine
   def withKyuubiConf: Map[String, String]
-  val kyuubiConf: KyuubiConf = FlinkSQLEngine.kyuubiConf
+  protected val kyuubiConf: KyuubiConf = FlinkSQLEngine.kyuubiConf
 
   protected var connectionUrl: String = _
 
-  protected val GENERATED_UDF_CLASS: String = "LowerUDF"
-
-  protected val GENERATED_UDF_CODE: String =
-    s"""
-      public class $GENERATED_UDF_CLASS extends org.apache.flink.table.functions.ScalarFunction {
-        public String eval(String str) {
-          return str.toLowerCase();
-        }
-      }
-     """
-
   override def beforeAll(): Unit = {
     startMiniCluster()
     startFlinkEngine()
@@ -67,11 +55,6 @@ trait WithFlinkSQLEngine extends KyuubiFunSuite {
       System.setProperty(k, v)
       kyuubiConf.set(k, v)
     }
-    val udfJar = TestUserClassLoaderJar.createJarFile(
-      Utils.createTempDir("test-jar").toFile,
-      "test-classloader-udf.jar",
-      GENERATED_UDF_CLASS,
-      GENERATED_UDF_CODE)
     val engineContext = new DefaultContext(
       List(udfJar.toURI.toURL).asJava,
       flinkConfig,
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
new file mode 100644
index 000000000..3847087b3
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
@@ -0,0 +1,265 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink
+
+import java.io.{File, FilenameFilter, FileWriter}
+import java.lang.ProcessBuilder.Redirect
+import java.net.URI
+import java.nio.file.{Files, Paths}
+
+import scala.collection.JavaConverters._
+import scala.collection.mutable.{ArrayBuffer, ListBuffer}
+
+import org.apache.hadoop.conf.Configuration
+import org.apache.hadoop.hdfs.MiniDFSCluster
+import org.apache.hadoop.yarn.conf.YarnConfiguration
+import org.apache.hadoop.yarn.server.MiniYARNCluster
+
+import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite, SCALA_COMPILE_VERSION, Utils}
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.{ENGINE_FLINK_APPLICATION_JARS, KYUUBI_HOME}
+import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ADDRESSES
+import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
+import org.apache.kyuubi.zookeeper.ZookeeperConf.{ZK_CLIENT_PORT, ZK_CLIENT_PORT_ADDRESS}
+
+trait WithFlinkSQLEngineOnYarn extends KyuubiFunSuite with WithFlinkTestResources {
+
+  protected def engineRefId: String
+
+  protected val conf: KyuubiConf = new KyuubiConf(false)
+
+  private var hdfsCluster: MiniDFSCluster = _
+
+  private var yarnCluster: MiniYARNCluster = _
+
+  private var zkServer: EmbeddedZookeeper = _
+
+  def withKyuubiConf: Map[String, String]
+
+  private val yarnConf: YarnConfiguration = {
+    val yarnConfig = new YarnConfiguration()
+
+    // configurations copied from org.apache.flink.yarn.YarnTestBase
+    yarnConfig.setInt(YarnConfiguration.RM_SCHEDULER_MINIMUM_ALLOCATION_MB, 32)
+    yarnConfig.setInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_MB, 4096)
+
+    yarnConfig.setBoolean(YarnConfiguration.RM_SCHEDULER_INCLUDE_PORT_IN_NODE_NAME, true)
+    yarnConfig.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, 2)
+    yarnConfig.setInt(YarnConfiguration.RM_MAX_COMPLETED_APPLICATIONS, 2)
+    yarnConfig.setInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_VCORES, 4)
+    yarnConfig.setInt(YarnConfiguration.DEBUG_NM_DELETE_DELAY_SEC, 3600)
+    yarnConfig.setBoolean(YarnConfiguration.LOG_AGGREGATION_ENABLED, false)
+    // memory is overwritten in the MiniYARNCluster.
+    // so we have to change the number of cores for testing.
+    yarnConfig.setInt(YarnConfiguration.NM_VCORES, 666)
+    yarnConfig.setFloat(YarnConfiguration.NM_MAX_PER_DISK_UTILIZATION_PERCENTAGE, 99.0f)
+    yarnConfig.setInt(YarnConfiguration.RESOURCEMANAGER_CONNECT_RETRY_INTERVAL_MS, 1000)
+    yarnConfig.setInt(YarnConfiguration.RESOURCEMANAGER_CONNECT_MAX_WAIT_MS, 5000)
+
+    // capacity-scheduler.xml is missing in hadoop-client-minicluster so this is a workaround
+    yarnConfig.set("yarn.scheduler.capacity.root.queues", "default,four_cores_queue")
+
+    yarnConfig.setInt("yarn.scheduler.capacity.root.default.capacity", 100)
+    yarnConfig.setFloat("yarn.scheduler.capacity.root.default.user-limit-factor", 1)
+    yarnConfig.setInt("yarn.scheduler.capacity.root.default.maximum-capacity", 100)
+    yarnConfig.set("yarn.scheduler.capacity.root.default.state", "RUNNING")
+    yarnConfig.set("yarn.scheduler.capacity.root.default.acl_submit_applications", "*")
+    yarnConfig.set("yarn.scheduler.capacity.root.default.acl_administer_queue", "*")
+
+    yarnConfig.setInt("yarn.scheduler.capacity.root.four_cores_queue.maximum-capacity", 100)
+    yarnConfig.setInt("yarn.scheduler.capacity.root.four_cores_queue.maximum-applications", 10)
+    yarnConfig.setInt("yarn.scheduler.capacity.root.four_cores_queue.maximum-allocation-vcores", 4)
+    yarnConfig.setFloat("yarn.scheduler.capacity.root.four_cores_queue.user-limit-factor", 1)
+    yarnConfig.set("yarn.scheduler.capacity.root.four_cores_queue.acl_submit_applications", "*")
+    yarnConfig.set("yarn.scheduler.capacity.root.four_cores_queue.acl_administer_queue", "*")
+
+    yarnConfig.setInt("yarn.scheduler.capacity.node-locality-delay", -1)
+    // Set bind host to localhost to avoid java.net.BindException
+    yarnConfig.set(YarnConfiguration.RM_BIND_HOST, "localhost")
+    yarnConfig.set(YarnConfiguration.NM_BIND_HOST, "localhost")
+
+    yarnConfig
+  }
+
+  override def beforeAll(): Unit = {
+    zkServer = new EmbeddedZookeeper()
+    conf.set(ZK_CLIENT_PORT, 0).set(ZK_CLIENT_PORT_ADDRESS, "localhost")
+    zkServer.initialize(conf)
+    zkServer.start()
+    conf.set(HA_ADDRESSES, zkServer.getConnectString)
+
+    hdfsCluster = new MiniDFSCluster.Builder(new Configuration)
+      .numDataNodes(1)
+      .checkDataNodeAddrConfig(true)
+      .checkDataNodeHostConfig(true)
+      .build()
+
+    val hdfsServiceUrl = s"hdfs://localhost:${hdfsCluster.getNameNodePort}"
+    yarnConf.set("fs.defaultFS", hdfsServiceUrl)
+    yarnConf.addResource(hdfsCluster.getConfiguration(0))
+
+    val cp = System.getProperty("java.class.path")
+    // exclude kyuubi flink engine jar that has SPI for EmbeddedExecutorFactory
+    // which can't be initialized on the client side
+    val hadoopJars = cp.split(":").filter(s => !s.contains("flink") && !s.contains("log4j"))
+    val hadoopClasspath = hadoopJars.mkString(":")
+    yarnConf.set(YarnConfiguration.YARN_APPLICATION_CLASSPATH, hadoopClasspath)
+
+    yarnCluster = new MiniYARNCluster("flink-engine-cluster", 1, 1, 1)
+    yarnCluster.init(yarnConf)
+    yarnCluster.start()
+
+    val hadoopConfDir = Utils.createTempDir().toFile
+    val writer = new FileWriter(new File(hadoopConfDir, "core-site.xml"))
+    yarnCluster.getConfig.writeXml(writer)
+    writer.close()
+
+    val envs = scala.collection.mutable.Map[String, String]()
+    val kyuubiExternals = Utils.getCodeSourceLocation(getClass)
+      .split("externals").head
+    val flinkHome = {
+      val candidates = Paths.get(kyuubiExternals, "externals", "kyuubi-download", "target")
+        .toFile.listFiles(f => f.getName.contains("flink"))
+      if (candidates == null) None else candidates.map(_.toPath).headOption
+    }
+    if (flinkHome.isDefined) {
+      envs("FLINK_HOME") = flinkHome.get.toString
+      envs("FLINK_CONF_DIR") = Paths.get(flinkHome.get.toString, "conf").toString
+    }
+    envs("HADOOP_CLASSPATH") = hadoopClasspath
+    envs("HADOOP_CONF_DIR") = hadoopConfDir.getAbsolutePath
+
+    startFlinkEngine(envs.toMap)
+
+    super.beforeAll()
+  }
+
+  private def startFlinkEngine(envs: Map[String, String]): Unit = {
+    val processBuilder: ProcessBuilder = new ProcessBuilder
+    processBuilder.environment().putAll(envs.asJava)
+
+    conf.set(ENGINE_FLINK_APPLICATION_JARS, udfJar.getAbsolutePath)
+    val flinkExtraJars = extraFlinkJars(envs("FLINK_HOME"))
+    val command = new ArrayBuffer[String]()
+
+    command += s"${envs("FLINK_HOME")}${File.separator}bin/flink"
+    command += "run-application"
+    command += "-t"
+    command += "yarn-application"
+    command += s"-Dyarn.ship-files=${flinkExtraJars.mkString(";")}"
+    command += s"-Dyarn.tags=KYUUBI,$engineRefId"
+    command += "-Djobmanager.memory.process.size=1g"
+    command += "-Dtaskmanager.memory.process.size=1g"
+    command += "-Dcontainerized.master.env.FLINK_CONF_DIR=."
+    command += "-Dcontainerized.taskmanager.env.FLINK_CONF_DIR=."
+    command += s"-Dcontainerized.master.env.HADOOP_CONF_DIR=${envs("HADOOP_CONF_DIR")}"
+    command += s"-Dcontainerized.taskmanager.env.HADOOP_CONF_DIR=${envs("HADOOP_CONF_DIR")}"
+    command += "-Dexecution.target=yarn-application"
+    command += "-c"
+    command += "org.apache.kyuubi.engine.flink.FlinkSQLEngine"
+    command += s"${mainResource(envs).get}"
+
+    for ((k, v) <- withKyuubiConf) {
+      conf.set(k, v)
+    }
+
+    for ((k, v) <- conf.getAll) {
+      command += "--conf"
+      command += s"$k=$v"
+    }
+
+    processBuilder.command(command.toList.asJava)
+    processBuilder.redirectOutput(Redirect.INHERIT)
+    processBuilder.redirectError(Redirect.INHERIT)
+
+    info(s"staring flink yarn-application cluster for engine $engineRefId..")
+    val process = processBuilder.start()
+    process.waitFor()
+    info(s"flink yarn-application cluster for engine $engineRefId has started")
+  }
+
+  def extraFlinkJars(flinkHome: String): Array[String] = {
+    // locate flink sql jars
+    val flinkExtraJars = new ListBuffer[String]
+    val flinkSQLJars = Paths.get(flinkHome)
+      .resolve("opt")
+      .toFile
+      .listFiles(new FilenameFilter {
+        override def accept(dir: File, name: String): Boolean = {
+          name.toLowerCase.startsWith("flink-sql-client") ||
+          name.toLowerCase.startsWith("flink-sql-gateway")
+        }
+      }).map(f => f.getAbsolutePath).sorted
+    flinkExtraJars ++= flinkSQLJars
+
+    val userJars = conf.get(ENGINE_FLINK_APPLICATION_JARS)
+    userJars.foreach(jars => flinkExtraJars ++= jars.split(","))
+    flinkExtraJars.toArray
+  }
+
+  /**
+   * Copied form org.apache.kyuubi.engine.ProcBuilder
+   * The engine jar or other runnable jar containing the main method
+   */
+  def mainResource(env: Map[String, String]): Option[String] = {
+    // 1. get the main resource jar for user specified config first
+    val module = "kyuubi-flink-sql-engine"
+    val shortName = "flink"
+    val jarName = s"${module}_$SCALA_COMPILE_VERSION-$KYUUBI_VERSION.jar"
+    conf.getOption(s"kyuubi.session.engine.$shortName.main.resource").filter { userSpecified =>
+      // skip check exist if not local file.
+      val uri = new URI(userSpecified)
+      val schema = if (uri.getScheme != null) uri.getScheme else "file"
+      schema match {
+        case "file" => Files.exists(Paths.get(userSpecified))
+        case _ => true
+      }
+    }.orElse {
+      // 2. get the main resource jar from system build default
+      env.get(KYUUBI_HOME).toSeq
+        .flatMap { p =>
+          Seq(
+            Paths.get(p, "externals", "engines", shortName, jarName),
+            Paths.get(p, "externals", module, "target", jarName))
+        }
+        .find(Files.exists(_)).map(_.toAbsolutePath.toFile.getCanonicalPath)
+    }.orElse {
+      // 3. get the main resource from dev environment
+      val cwd = Utils.getCodeSourceLocation(getClass).split("externals")
+      assert(cwd.length > 1)
+      Option(Paths.get(cwd.head, "externals", module, "target", jarName))
+        .map(_.toAbsolutePath.toFile.getCanonicalPath)
+    }
+  }
+
+  override def afterAll(): Unit = {
+    super.afterAll()
+    if (yarnCluster != null) {
+      yarnCluster.stop()
+      yarnCluster = null
+    }
+    if (hdfsCluster != null) {
+      hdfsCluster.shutdown()
+      hdfsCluster = null
+    }
+    if (zkServer != null) {
+      zkServer.stop()
+      zkServer = null
+    }
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
new file mode 100644
index 000000000..6a85654f0
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
+
+trait WithFlinkTestResources {
+
+  protected val GENERATED_UDF_CLASS: String = "LowerUDF"
+
+  protected val GENERATED_UDF_CODE: String =
+    s"""
+      public class $GENERATED_UDF_CLASS extends org.apache.flink.table.functions.ScalarFunction {
+        public String eval(String str) {
+          return str.toLowerCase();
+        }
+      }
+     """
+
+  protected val udfJar = TestUserClassLoaderJar.createJarFile(
+    Utils.createTempDir("test-jar").toFile,
+    "test-classloader-udf.jar",
+    GENERATED_UDF_CLASS,
+    GENERATED_UDF_CODE)
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
new file mode 100644
index 000000000..e4e6a5c67
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.operation
+
+import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.engine.flink.WithFlinkSQLEngineLocal
+import org.apache.kyuubi.operation.NoneMode
+
+class FlinkOperationLocalSuite extends FlinkOperationSuite
+  with WithFlinkSQLEngineLocal {
+
+  override def withKyuubiConf: Map[String, String] =
+    Map(OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name)
+
+  override protected def jdbcUrl: String =
+    s"jdbc:hive2://${engine.frontendServices.head.connectionUrl}/;"
+
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
new file mode 100644
index 000000000..b43e83db6
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.operation
+
+import org.apache.kyuubi.engine.flink.WithDiscoveryFlinkSQLEngine
+
+class FlinkOperationOnYarnSuite extends FlinkOperationSuite
+  with WithDiscoveryFlinkSQLEngine {
+
+  protected def jdbcUrl: String = getFlinkEngineServiceUrl
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 8345d4f9f..77ce3b3ee 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -25,34 +25,17 @@ import scala.collection.JavaConverters._
 import org.apache.flink.api.common.JobID
 import org.apache.flink.table.types.logical.LogicalTypeRoot
 import org.apache.hive.service.rpc.thrift._
-import org.scalatest.concurrent.PatienceConfiguration.Timeout
-import org.scalatest.time.SpanSugar._
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.flink.WithFlinkSQLEngine
+import org.apache.kyuubi.engine.flink.WithFlinkTestResources
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
-import org.apache.kyuubi.operation.{HiveJDBCTestHelper, NoneMode}
+import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
-import org.apache.kyuubi.service.ServiceState._
 
-class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
-  override def withKyuubiConf: Map[String, String] =
-    Map(OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name)
-
-  override protected def jdbcUrl: String =
-    s"jdbc:hive2://${engine.frontendServices.head.connectionUrl}/;"
-
-  ignore("release session if shared level is CONNECTION") {
-    logger.info(s"jdbc url is $jdbcUrl")
-    assert(engine.getServiceState == STARTED)
-    withJdbcStatement() { _ => }
-    eventually(Timeout(20.seconds)) {
-      assert(engine.getServiceState == STOPPED)
-    }
-  }
+abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTestResources {
 
   test("get catalogs") {
     withJdbcStatement() { statement =>
@@ -784,7 +767,8 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("select map ['k1', 'v1', 'k2', 'v2']")
       assert(resultSet.next())
-      assert(resultSet.getString(1) == "{k1=v1, k2=v2}")
+      assert(List("{k1=v1, k2=v2}", "{k2=v2, k1=v1}")
+        .contains(resultSet.getString(1)))
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.JAVA_OBJECT)
     }
@@ -966,16 +950,34 @@ class FlinkOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
     }
   }
 
-  test("execute statement - insert into") {
+  test("execute statement - batch insert into") {
     withMultipleConnectionJdbcStatement() { statement =>
       statement.executeQuery("create table tbl_a (a int) with ('connector' = 'blackhole')")
       val resultSet = statement.executeQuery("insert into tbl_a select 1")
       val metadata = resultSet.getMetaData
-      assert(metadata.getColumnName(1) == "default_catalog.default_database.tbl_a")
-      assert(metadata.getColumnType(1) == java.sql.Types.BIGINT)
+      assert(metadata.getColumnName(1) === "result")
+      assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
       assert(resultSet.next())
-      assert(resultSet.getLong(1) == -1L)
-    }
+      assert(resultSet.getString(1).length == 32)
+    };
+  }
+
+  test("execute statement - streaming insert into") {
+    withMultipleConnectionJdbcStatement()({ statement =>
+      // Flink currently doesn't support stop job statement, thus use a finite stream
+      statement.executeQuery(
+        "create table tbl_a (a int) with (" +
+          "'connector' = 'datagen', " +
+          "'rows-per-second'='10', " +
+          "'number-of-rows'='100')")
+      statement.executeQuery("create table tbl_b (a int) with ('connector' = 'blackhole')")
+      val resultSet = statement.executeQuery("insert into tbl_b select * from tbl_a")
+      val metadata = resultSet.getMetaData
+      assert(metadata.getColumnName(1) === "result")
+      assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
+      assert(resultSet.next())
+      assert(resultSet.getString(1).length == 32)
+    })
   }
 
   test("execute statement - set properties") {
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala
index 1194f3582..1657f21f6 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala
@@ -20,10 +20,10 @@ package org.apache.kyuubi.engine.flink.operation
 import java.sql.Statement
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.flink.WithFlinkSQLEngine
+import org.apache.kyuubi.engine.flink.WithFlinkSQLEngineLocal
 import org.apache.kyuubi.operation.{AnalyzeMode, ExecutionMode, HiveJDBCTestHelper, ParseMode, PhysicalMode}
 
-class PlanOnlyOperationSuite extends WithFlinkSQLEngine with HiveJDBCTestHelper {
+class PlanOnlyOperationSuite extends WithFlinkSQLEngineLocal with HiveJDBCTestHelper {
 
   override def withKyuubiConf: Map[String, String] =
     Map(
diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml
index c6a55c62c..eada7841c 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -79,6 +79,37 @@
             <scope>test</scope>
         </dependency>
 
+        <!-- YARN -->
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-minicluster</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.activation</groupId>
+            <artifactId>jakarta.activation-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.xml.bind</groupId>
+            <artifactId>jakarta.xml.bind-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
     </dependencies>
 
 </project>
diff --git a/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/WithKyuubiServerAndYarnMiniCluster.scala b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/WithKyuubiServerAndYarnMiniCluster.scala
new file mode 100644
index 000000000..de9a8ae2d
--- /dev/null
+++ b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/WithKyuubiServerAndYarnMiniCluster.scala
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.it.flink
+
+import java.io.{File, FileWriter}
+import java.nio.file.Paths
+
+import org.apache.hadoop.yarn.conf.YarnConfiguration
+
+import org.apache.kyuubi.{KyuubiFunSuite, Utils, WithKyuubiServer}
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.KYUUBI_ENGINE_ENV_PREFIX
+import org.apache.kyuubi.server.{MiniDFSService, MiniYarnService}
+
+trait WithKyuubiServerAndYarnMiniCluster extends KyuubiFunSuite with WithKyuubiServer {
+
+  val kyuubiHome: String = Utils.getCodeSourceLocation(getClass).split("integration-tests").head
+
+  override protected val conf: KyuubiConf = new KyuubiConf(false)
+
+  protected var miniHdfsService: MiniDFSService = _
+
+  protected var miniYarnService: MiniYarnService = _
+
+  private val yarnConf: YarnConfiguration = {
+    val yarnConfig = new YarnConfiguration()
+
+    // configurations copied from org.apache.flink.yarn.YarnTestBase
+    yarnConfig.setInt(YarnConfiguration.RM_SCHEDULER_MINIMUM_ALLOCATION_MB, 32)
+    yarnConfig.setInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_MB, 4096)
+
+    yarnConfig.setBoolean(YarnConfiguration.RM_SCHEDULER_INCLUDE_PORT_IN_NODE_NAME, true)
+    yarnConfig.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, 2)
+    yarnConfig.setInt(YarnConfiguration.RM_MAX_COMPLETED_APPLICATIONS, 2)
+    yarnConfig.setInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_VCORES, 4)
+    yarnConfig.setInt(YarnConfiguration.DEBUG_NM_DELETE_DELAY_SEC, 3600)
+    yarnConfig.setBoolean(YarnConfiguration.LOG_AGGREGATION_ENABLED, false)
+    // memory is overwritten in the MiniYARNCluster.
+    // so we have to change the number of cores for testing.
+    yarnConfig.setInt(YarnConfiguration.NM_VCORES, 666)
+    yarnConfig.setFloat(YarnConfiguration.NM_MAX_PER_DISK_UTILIZATION_PERCENTAGE, 99.0f)
+    yarnConfig.setInt(YarnConfiguration.RESOURCEMANAGER_CONNECT_RETRY_INTERVAL_MS, 1000)
+    yarnConfig.setInt(YarnConfiguration.RESOURCEMANAGER_CONNECT_MAX_WAIT_MS, 5000)
+
+    // capacity-scheduler.xml is missing in hadoop-client-minicluster so this is a workaround
+    yarnConfig.set("yarn.scheduler.capacity.root.queues", "default,four_cores_queue")
+
+    yarnConfig.setInt("yarn.scheduler.capacity.root.default.capacity", 100)
+    yarnConfig.setFloat("yarn.scheduler.capacity.root.default.user-limit-factor", 1)
+    yarnConfig.setInt("yarn.scheduler.capacity.root.default.maximum-capacity", 100)
+    yarnConfig.set("yarn.scheduler.capacity.root.default.state", "RUNNING")
+    yarnConfig.set("yarn.scheduler.capacity.root.default.acl_submit_applications", "*")
+    yarnConfig.set("yarn.scheduler.capacity.root.default.acl_administer_queue", "*")
+
+    yarnConfig.setInt("yarn.scheduler.capacity.root.four_cores_queue.maximum-capacity", 100)
+    yarnConfig.setInt("yarn.scheduler.capacity.root.four_cores_queue.maximum-applications", 10)
+    yarnConfig.setInt("yarn.scheduler.capacity.root.four_cores_queue.maximum-allocation-vcores", 4)
+    yarnConfig.setFloat("yarn.scheduler.capacity.root.four_cores_queue.user-limit-factor", 1)
+    yarnConfig.set("yarn.scheduler.capacity.root.four_cores_queue.acl_submit_applications", "*")
+    yarnConfig.set("yarn.scheduler.capacity.root.four_cores_queue.acl_administer_queue", "*")
+
+    yarnConfig.setInt("yarn.scheduler.capacity.node-locality-delay", -1)
+    // Set bind host to localhost to avoid java.net.BindException
+    yarnConfig.set(YarnConfiguration.RM_BIND_HOST, "localhost")
+    yarnConfig.set(YarnConfiguration.NM_BIND_HOST, "localhost")
+
+    yarnConfig
+  }
+
+  override def beforeAll(): Unit = {
+    miniHdfsService = new MiniDFSService()
+    miniHdfsService.initialize(conf)
+    miniHdfsService.start()
+
+    val hdfsServiceUrl = s"hdfs://localhost:${miniHdfsService.getDFSPort}"
+    yarnConf.set("fs.defaultFS", hdfsServiceUrl)
+    yarnConf.addResource(miniHdfsService.getHadoopConf)
+
+    val cp = System.getProperty("java.class.path")
+    // exclude kyuubi flink engine jar that has SPI for EmbeddedExecutorFactory
+    // which can't be initialized on the client side
+    val hadoopJars = cp.split(":").filter(s => !s.contains("flink"))
+    val hadoopClasspath = hadoopJars.mkString(":")
+    yarnConf.set("yarn.application.classpath", hadoopClasspath)
+
+    miniYarnService = new MiniYarnService()
+    miniYarnService.setYarnConf(yarnConf)
+    miniYarnService.initialize(conf)
+    miniYarnService.start()
+
+    val hadoopConfDir = Utils.createTempDir().toFile
+    val writer = new FileWriter(new File(hadoopConfDir, "core-site.xml"))
+    yarnConf.writeXml(writer)
+    writer.close()
+
+    val flinkHome = {
+      val candidates = Paths.get(kyuubiHome, "externals", "kyuubi-download", "target")
+        .toFile.listFiles(f => f.getName.contains("flink"))
+      if (candidates == null) None else candidates.map(_.toPath).headOption
+    }
+    if (flinkHome.isEmpty) {
+      throw new IllegalStateException(s"Flink home not found in $kyuubiHome/externals")
+    }
+
+    conf.set(s"$KYUUBI_ENGINE_ENV_PREFIX.KYUUBI_HOME", kyuubiHome)
+    conf.set(s"$KYUUBI_ENGINE_ENV_PREFIX.FLINK_HOME", flinkHome.get.toString)
+    conf.set(
+      s"$KYUUBI_ENGINE_ENV_PREFIX.FLINK_CONF_DIR",
+      s"${flinkHome.get.toString}${File.separator}conf")
+    conf.set(s"$KYUUBI_ENGINE_ENV_PREFIX.HADOOP_CLASSPATH", hadoopClasspath)
+    conf.set(s"$KYUUBI_ENGINE_ENV_PREFIX.HADOOP_CONF_DIR", hadoopConfDir.getAbsolutePath)
+    conf.set(s"flink.containerized.master.env.HADOOP_CLASSPATH", hadoopClasspath)
+    conf.set(s"flink.containerized.master.env.HADOOP_CONF_DIR", hadoopConfDir.getAbsolutePath)
+    conf.set(s"flink.containerized.taskmanager.env.HADOOP_CONF_DIR", hadoopConfDir.getAbsolutePath)
+
+    super.beforeAll()
+  }
+
+  override def afterAll(): Unit = {
+    super.afterAll()
+    if (miniYarnService != null) {
+      miniYarnService.stop()
+      miniYarnService = null
+    }
+    if (miniHdfsService != null) {
+      miniHdfsService.stop()
+      miniHdfsService = null
+    }
+  }
+}
diff --git a/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala
new file mode 100644
index 000000000..afa4dce8f
--- /dev/null
+++ b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.it.flink.operation
+
+import org.apache.hive.service.rpc.thrift.{TGetInfoReq, TGetInfoType}
+
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.it.flink.WithKyuubiServerAndYarnMiniCluster
+import org.apache.kyuubi.operation.HiveJDBCTestHelper
+import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_CAT
+
+class FlinkOperationSuiteOnYarn extends WithKyuubiServerAndYarnMiniCluster
+  with HiveJDBCTestHelper {
+
+  override protected def jdbcUrl: String = {
+    // delay the access to thrift service because the thrift service
+    // may not be ready although it's registered
+    Thread.sleep(3000L)
+    getJdbcUrl
+  }
+
+  override def beforeAll(): Unit = {
+    conf
+      .set(s"$KYUUBI_ENGINE_ENV_PREFIX.$KYUUBI_HOME", kyuubiHome)
+      .set(ENGINE_TYPE, "FLINK_SQL")
+      .set("flink.execution.target", "yarn-application")
+      .set("flink.parallelism.default", "6")
+    super.beforeAll()
+  }
+
+  test("get catalogs for flink sql") {
+    withJdbcStatement() { statement =>
+      val meta = statement.getConnection.getMetaData
+      val catalogs = meta.getCatalogs
+      val expected = Set("default_catalog").toIterator
+      while (catalogs.next()) {
+        assert(catalogs.getString(TABLE_CAT) === expected.next())
+      }
+      assert(!expected.hasNext)
+      assert(!catalogs.next())
+    }
+  }
+
+  test("execute statement - create/alter/drop table") {
+    withJdbcStatement() { statement =>
+      statement.executeQuery("create table tbl_a (a string) with ('connector' = 'blackhole')")
+      assert(statement.execute("alter table tbl_a rename to tbl_b"))
+      assert(statement.execute("drop table tbl_b"))
+    }
+  }
+
+  test("execute statement - select column name with dots") {
+    withJdbcStatement() { statement =>
+      val resultSet = statement.executeQuery("select 'tmp.hello'")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === "tmp.hello")
+    }
+  }
+
+  test("set kyuubi conf into flink conf") {
+    withJdbcStatement() { statement =>
+      val resultSet = statement.executeQuery("SET")
+      // Flink does not support set key without value currently,
+      // thus read all rows to find the desired one
+      var success = false
+      while (resultSet.next() && !success) {
+        if (resultSet.getString(1) == "parallelism.default" &&
+          resultSet.getString(2) == "6") {
+          success = true
+        }
+      }
+      assert(success)
+    }
+  }
+
+  test("server info provider - server") {
+    withSessionConf(Map(KyuubiConf.SERVER_INFO_PROVIDER.key -> "SERVER"))()() {
+      withSessionHandle { (client, handle) =>
+        val req = new TGetInfoReq()
+        req.setSessionHandle(handle)
+        req.setInfoType(TGetInfoType.CLI_DBMS_NAME)
+        assert(client.GetInfo(req).getInfoValue.getStringValue === "Apache Kyuubi")
+      }
+    }
+  }
+
+  test("server info provider - engine") {
+    withSessionConf(Map(KyuubiConf.SERVER_INFO_PROVIDER.key -> "ENGINE"))()() {
+      withSessionHandle { (client, handle) =>
+        val req = new TGetInfoReq()
+        req.setSessionHandle(handle)
+        req.setInfoType(TGetInfoType.CLI_DBMS_NAME)
+        assert(client.GetInfo(req).getInfoValue.getStringValue === "Apache Flink")
+      }
+    }
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index b5229e2ad..2634bb4ab 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2367,14 +2367,14 @@ object KyuubiConf {
 
   val ENGINE_FLINK_MEMORY: ConfigEntry[String] =
     buildConf("kyuubi.engine.flink.memory")
-      .doc("The heap memory for the Flink SQL engine")
+      .doc("The heap memory for the Flink SQL engine. Only effective in yarn session mode.")
       .version("1.6.0")
       .stringConf
       .createWithDefault("1g")
 
   val ENGINE_FLINK_JAVA_OPTIONS: OptionalConfigEntry[String] =
     buildConf("kyuubi.engine.flink.java.options")
-      .doc("The extra Java options for the Flink SQL engine")
+      .doc("The extra Java options for the Flink SQL engine. Only effective in yarn session mode.")
       .version("1.6.0")
       .stringConf
       .createOptional
@@ -2382,11 +2382,19 @@ object KyuubiConf {
   val ENGINE_FLINK_EXTRA_CLASSPATH: OptionalConfigEntry[String] =
     buildConf("kyuubi.engine.flink.extra.classpath")
       .doc("The extra classpath for the Flink SQL engine, for configuring the location" +
-        " of hadoop client jars, etc")
+        " of hadoop client jars, etc. Only effective in yarn session mode.")
       .version("1.6.0")
       .stringConf
       .createOptional
 
+  val ENGINE_FLINK_APPLICATION_JARS: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.flink.application.jars")
+      .doc("A comma-separated list of the local jars to be shipped with the job to the cluster. " +
+        "For example, SQL UDF jars. Only effective in yarn application mode.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
   val SERVER_LIMIT_CONNECTIONS_PER_USER: OptionalConfigEntry[Int] =
     buildConf("kyuubi.server.limit.connections.per.user")
       .doc("Maximum kyuubi server connections per user." +
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/ServiceDiscovery.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/ServiceDiscovery.scala
index bdb9b12fe..a1b1466d1 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/ServiceDiscovery.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/ServiceDiscovery.scala
@@ -60,6 +60,7 @@ abstract class ServiceDiscovery(
 
   override def start(): Unit = {
     discoveryClient.registerService(conf, namespace, this)
+    info(s"Registered $name in namespace ${_namespace}.")
     super.start()
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 63b37f1c5..b2b3ce909 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -187,7 +187,7 @@ private[kyuubi] class EngineRef(
         conf.setIfMissing(SparkProcessBuilder.APP_KEY, defaultEngineName)
         new SparkProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case FLINK_SQL =>
-        conf.setIfMissing(FlinkProcessBuilder.APP_KEY, defaultEngineName)
+        conf.setIfMissing(FlinkProcessBuilder.YARN_APP_KEY, defaultEngineName)
         new FlinkProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case TRINO =>
         new TrinoProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index 9b23e550d..02aed2866 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -105,10 +105,10 @@ object KyuubiApplicationManager {
     conf.set("spark.kubernetes.driver.label." + LABEL_KYUUBI_UNIQUE_KEY, tag)
   }
 
-  private def setupFlinkK8sTag(tag: String, conf: KyuubiConf): Unit = {
-    val originalTag = conf.getOption(FlinkProcessBuilder.TAG_KEY).map(_ + ",").getOrElse("")
+  private def setupFlinkYarnTag(tag: String, conf: KyuubiConf): Unit = {
+    val originalTag = conf.getOption(FlinkProcessBuilder.YARN_TAG_KEY).map(_ + ",").getOrElse("")
     val newTag = s"${originalTag}KYUUBI" + Some(tag).filterNot(_.isEmpty).map("," + _).getOrElse("")
-    conf.set(FlinkProcessBuilder.TAG_KEY, newTag)
+    conf.set(FlinkProcessBuilder.YARN_TAG_KEY, newTag)
   }
 
   val uploadWorkDir: Path = {
@@ -178,7 +178,7 @@ object KyuubiApplicationManager {
         setupSparkK8sTag(applicationTag, conf)
       case ("FLINK", _) =>
         // running flink on other platforms is not yet supported
-        setupFlinkK8sTag(applicationTag, conf)
+        setupFlinkYarnTag(applicationTag, conf)
       // other engine types are running locally yet
       case _ =>
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
index b8146c4d2..8642d87d7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
@@ -21,7 +21,7 @@ import java.io.{File, FilenameFilter}
 import java.nio.file.{Files, Paths}
 
 import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
+import scala.collection.mutable.{ArrayBuffer, ListBuffer}
 
 import com.google.common.annotations.VisibleForTesting
 
@@ -50,88 +50,150 @@ class FlinkProcessBuilder(
 
   val flinkHome: String = getEngineHome(shortName)
 
+  val flinkExecutable: String = {
+    Paths.get(flinkHome, "bin", FLINK_EXEC_FILE).toFile.getCanonicalPath
+  }
+
   override protected def module: String = "kyuubi-flink-sql-engine"
 
   override protected def mainClass: String = "org.apache.kyuubi.engine.flink.FlinkSQLEngine"
 
   override def env: Map[String, String] = conf.getEnvs +
-    (FLINK_PROXY_USER_KEY -> proxyUser)
+    ("FLINK_CONF_DIR" -> conf.getEnvs.getOrElse(
+      "FLINK_CONF_DIR",
+      s"$flinkHome${File.separator}conf"))
+
+  override def clusterManager(): Option[String] = Some("yarn")
 
   override protected val commands: Array[String] = {
     KyuubiApplicationManager.tagApplication(engineRefId, shortName, clusterManager(), conf)
-    val buffer = new ArrayBuffer[String]()
-    buffer += executable
-
-    val memory = conf.get(ENGINE_FLINK_MEMORY)
-    buffer += s"-Xmx$memory"
-    val javaOptions = conf.get(ENGINE_FLINK_JAVA_OPTIONS)
-    if (javaOptions.isDefined) {
-      buffer += javaOptions.get
-    }
 
-    buffer += "-cp"
-    val classpathEntries = new java.util.LinkedHashSet[String]
-    // flink engine runtime jar
-    mainResource.foreach(classpathEntries.add)
-    // flink sql client jar
-    val flinkSqlClientPath = Paths.get(flinkHome)
-      .resolve("opt")
-      .toFile
-      .listFiles(new FilenameFilter {
-        override def accept(dir: File, name: String): Boolean = {
-          name.toLowerCase.startsWith("flink-sql-client")
+    // flink.execution.target are required in Kyuubi conf currently
+    val executionTarget = conf.getOption("flink.execution.target")
+    executionTarget match {
+      case Some("yarn-application") =>
+        val buffer = new ArrayBuffer[String]()
+        buffer += flinkExecutable
+        buffer += "run-application"
+
+        val flinkExtraJars = new ListBuffer[String]
+        // locate flink sql jars
+        val flinkSqlJars = Paths.get(flinkHome)
+          .resolve("opt")
+          .toFile
+          .listFiles(new FilenameFilter {
+            override def accept(dir: File, name: String): Boolean = {
+              name.toLowerCase.startsWith("flink-sql-client") ||
+              name.toLowerCase.startsWith("flink-sql-gateway")
+            }
+          }).map(f => f.getAbsolutePath).sorted
+        flinkExtraJars ++= flinkSqlJars
+
+        val userJars = conf.get(ENGINE_FLINK_APPLICATION_JARS)
+        userJars.foreach(jars => flinkExtraJars ++= jars.split(","))
+
+        buffer += "-t"
+        buffer += "yarn-application"
+        buffer += s"-Dyarn.ship-files=${flinkExtraJars.mkString(";")}"
+        buffer += s"-Dyarn.tags=${conf.getOption(YARN_TAG_KEY).get}"
+        buffer += "-Dcontainerized.master.env.FLINK_CONF_DIR=."
+
+        val customFlinkConf = conf.getAllWithPrefix("flink", "")
+        customFlinkConf.foreach { case (k, v) =>
+          buffer += s"-D$k=$v"
         }
-      }).head.getAbsolutePath
-    classpathEntries.add(flinkSqlClientPath)
-
-    // jars from flink lib
-    classpathEntries.add(s"$flinkHome${File.separator}lib${File.separator}*")
-
-    // classpath contains flink configurations, default to flink.home/conf
-    classpathEntries.add(env.getOrElse("FLINK_CONF_DIR", s"$flinkHome${File.separator}conf"))
-    // classpath contains hadoop configurations
-    env.get("HADOOP_CONF_DIR").foreach(classpathEntries.add)
-    env.get("YARN_CONF_DIR").foreach(classpathEntries.add)
-    env.get("HBASE_CONF_DIR").foreach(classpathEntries.add)
-    val hadoopCp = env.get(FLINK_HADOOP_CLASSPATH_KEY)
-    hadoopCp.foreach(classpathEntries.add)
-    val extraCp = conf.get(ENGINE_FLINK_EXTRA_CLASSPATH)
-    extraCp.foreach(classpathEntries.add)
-    if (hadoopCp.isEmpty && extraCp.isEmpty) {
-      warn(s"The conf of ${FLINK_HADOOP_CLASSPATH_KEY} and ${ENGINE_FLINK_EXTRA_CLASSPATH.key}" +
-        s" is empty.")
-      debug("Detected development environment")
-      mainResource.foreach { path =>
-        val devHadoopJars = Paths.get(path).getParent
-          .resolve(s"scala-$SCALA_COMPILE_VERSION")
-          .resolve("jars")
-        if (!Files.exists(devHadoopJars)) {
-          throw new KyuubiException(s"The path $devHadoopJars does not exists. " +
-            s"Please set ${FLINK_HADOOP_CLASSPATH_KEY} or ${ENGINE_FLINK_EXTRA_CLASSPATH.key} " +
-            s"for configuring location of hadoop client jars, etc")
+
+        buffer += "-c"
+        buffer += s"$mainClass"
+        buffer += s"${mainResource.get}"
+
+        buffer += "--conf"
+        buffer += s"$KYUUBI_SESSION_USER_KEY=$proxyUser"
+        conf.getAll.foreach { case (k, v) =>
+          if (k.startsWith("kyuubi.")) {
+            buffer += "--conf"
+            buffer += s"$k=$v"
+          }
         }
-        classpathEntries.add(s"$devHadoopJars${File.separator}*")
-      }
-    }
-    buffer += classpathEntries.asScala.mkString(File.pathSeparator)
-    buffer += mainClass
 
-    buffer += "--conf"
-    buffer += s"$KYUUBI_SESSION_USER_KEY=$proxyUser"
+        buffer.toArray
+
+      case _ =>
+        val buffer = new ArrayBuffer[String]()
+        buffer += executable
 
-    for ((k, v) <- conf.getAll) {
-      buffer += "--conf"
-      buffer += s"$k=$v"
+        val memory = conf.get(ENGINE_FLINK_MEMORY)
+        buffer += s"-Xmx$memory"
+        val javaOptions = conf.get(ENGINE_FLINK_JAVA_OPTIONS)
+        if (javaOptions.isDefined) {
+          buffer += javaOptions.get
+        }
+
+        buffer += "-cp"
+        val classpathEntries = new java.util.LinkedHashSet[String]
+        // flink engine runtime jar
+        mainResource.foreach(classpathEntries.add)
+        // flink sql client jar
+        val flinkSqlClientPath = Paths.get(flinkHome)
+          .resolve("opt")
+          .toFile
+          .listFiles(new FilenameFilter {
+            override def accept(dir: File, name: String): Boolean = {
+              name.toLowerCase.startsWith("flink-sql-client")
+            }
+          }).head.getAbsolutePath
+        classpathEntries.add(flinkSqlClientPath)
+
+        // jars from flink lib
+        classpathEntries.add(s"$flinkHome${File.separator}lib${File.separator}*")
+
+        // classpath contains flink configurations, default to flink.home/conf
+        classpathEntries.add(env.getOrElse("FLINK_CONF_DIR", s"$flinkHome${File.separator}conf"))
+        // classpath contains hadoop configurations
+        env.get("HADOOP_CONF_DIR").foreach(classpathEntries.add)
+        env.get("YARN_CONF_DIR").foreach(classpathEntries.add)
+        env.get("HBASE_CONF_DIR").foreach(classpathEntries.add)
+        val hadoopCp = env.get(FLINK_HADOOP_CLASSPATH_KEY)
+        hadoopCp.foreach(classpathEntries.add)
+        val extraCp = conf.get(ENGINE_FLINK_EXTRA_CLASSPATH)
+        extraCp.foreach(classpathEntries.add)
+        if (hadoopCp.isEmpty && extraCp.isEmpty) {
+          warn(s"The conf of ${FLINK_HADOOP_CLASSPATH_KEY} and " +
+            s"${ENGINE_FLINK_EXTRA_CLASSPATH.key} is empty.")
+          debug("Detected development environment.")
+          mainResource.foreach { path =>
+            val devHadoopJars = Paths.get(path).getParent
+              .resolve(s"scala-$SCALA_COMPILE_VERSION")
+              .resolve("jars")
+            if (!Files.exists(devHadoopJars)) {
+              throw new KyuubiException(s"The path $devHadoopJars does not exists. " +
+                s"Please set ${FLINK_HADOOP_CLASSPATH_KEY} or ${ENGINE_FLINK_EXTRA_CLASSPATH.key}" +
+                s" for configuring location of hadoop client jars, etc.")
+            }
+            classpathEntries.add(s"$devHadoopJars${File.separator}*")
+          }
+        }
+        buffer += classpathEntries.asScala.mkString(File.pathSeparator)
+        buffer += mainClass
+
+        buffer += "--conf"
+        buffer += s"$KYUUBI_SESSION_USER_KEY=$proxyUser"
+
+        conf.getAll.foreach { case (k, v) =>
+          buffer += "--conf"
+          buffer += s"$k=$v"
+        }
+        buffer.toArray
     }
-    buffer.toArray
   }
 
   override def shortName: String = "flink"
 }
 
 object FlinkProcessBuilder {
-  final val APP_KEY = "yarn.application.name"
-  final val TAG_KEY = "yarn.tags"
+  final val FLINK_EXEC_FILE = "flink"
+  final val YARN_APP_KEY = "yarn.application.name"
+  final val YARN_TAG_KEY = "yarn.tags"
   final val FLINK_HADOOP_CLASSPATH_KEY = "FLINK_HADOOP_CLASSPATH"
   final val FLINK_PROXY_USER_KEY = "HADOOP_PROXY_USER"
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
index 7ee38d4ef..53450b589 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.engine.flink
 
 import java.io.File
+import java.nio.file.{Files, Paths}
 
 import scala.collection.JavaConverters._
 import scala.collection.immutable.ListMap
@@ -25,18 +26,36 @@ import scala.util.matching.Regex
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.{ENGINE_FLINK_EXTRA_CLASSPATH, ENGINE_FLINK_JAVA_OPTIONS, ENGINE_FLINK_MEMORY}
+import org.apache.kyuubi.config.KyuubiConf.{ENGINE_FLINK_APPLICATION_JARS, ENGINE_FLINK_EXTRA_CLASSPATH, ENGINE_FLINK_JAVA_OPTIONS, ENGINE_FLINK_MEMORY}
 import org.apache.kyuubi.engine.flink.FlinkProcessBuilder._
 
 class FlinkProcessBuilderSuite extends KyuubiFunSuite {
-  private def conf = KyuubiConf().set("kyuubi.on", "off")
+  private def sessionModeConf = KyuubiConf()
+    .set("flink.execution.target", "yarn-session")
+    .set("kyuubi.on", "off")
     .set(ENGINE_FLINK_MEMORY, "512m")
     .set(
       ENGINE_FLINK_JAVA_OPTIONS,
       "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005")
 
+  private def applicationModeConf = KyuubiConf()
+    .set("flink.execution.target", "yarn-application")
+    .set(ENGINE_FLINK_APPLICATION_JARS, tempUdfJar.toString)
+    .set("kyuubi.on", "off")
+
+  private val tempFlinkHome = Files.createTempDirectory("flink-home").toFile
+  private val tempOpt =
+    Files.createDirectories(Paths.get(tempFlinkHome.toPath.toString, "opt")).toFile
+  Files.createFile(Paths.get(tempOpt.toPath.toString, "flink-sql-client-1.16.1.jar"))
+  Files.createFile(Paths.get(tempOpt.toPath.toString, "flink-sql-gateway-1.16.1.jar"))
+  private val tempUsrLib =
+    Files.createDirectories(Paths.get(tempFlinkHome.toPath.toString, "usrlib")).toFile
+  private val tempUdfJar =
+    Files.createFile(Paths.get(tempUsrLib.toPath.toString, "test-udf.jar"))
+
   private def envDefault: ListMap[String, String] = ListMap(
-    "JAVA_HOME" -> s"${File.separator}jdk")
+    "JAVA_HOME" -> s"${File.separator}jdk",
+    "FLINK_HOME" -> s"${tempFlinkHome.toPath}")
   private def envWithoutHadoopCLASSPATH: ListMap[String, String] = envDefault +
     ("HADOOP_CONF_DIR" -> s"${File.separator}hadoop${File.separator}conf") +
     ("YARN_CONF_DIR" -> s"${File.separator}yarn${File.separator}conf") +
@@ -44,11 +63,12 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
   private def envWithAllHadoop: ListMap[String, String] = envWithoutHadoopCLASSPATH +
     (FLINK_HADOOP_CLASSPATH_KEY -> s"${File.separator}hadoop")
   private def confStr: String = {
-    conf.clone.set("yarn.tags", "KYUUBI").getAll
+    sessionModeConf.clone.set("yarn.tags", "KYUUBI").getAll
       .map { case (k, v) => s"\\\\\\n\\t--conf $k=$v" }
       .mkString(" ")
   }
-  private def matchActualAndExpected(builder: FlinkProcessBuilder): Unit = {
+
+  private def matchActualAndExpectedSessionMode(builder: FlinkProcessBuilder): Unit = {
     val actualCommands = builder.toString
     val classpathStr = constructClasspathStr(builder)
     val expectedCommands =
@@ -59,6 +79,27 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     assert(matcher.matches())
   }
 
+  private def matchActualAndExpectedApplicationMode(builder: FlinkProcessBuilder): Unit = {
+    val actualCommands = builder.toString
+    val expectedCommands =
+      escapePaths(s"${builder.flinkExecutable} run-application ") +
+        s"-t yarn-application " +
+        s"-Dyarn.ship-files=.*\\/flink-sql-client.*jar;.*\\/flink-sql-gateway.*jar;$tempUdfJar " +
+        s"-Dyarn\\.tags=KYUUBI " +
+        s"-Dcontainerized\\.master\\.env\\.FLINK_CONF_DIR=\\. " +
+        s"-Dexecution.target=yarn-application " +
+        s"-c org\\.apache\\.kyuubi\\.engine\\.flink\\.FlinkSQLEngine " +
+        s".*kyuubi-flink-sql-engine_.*jar" +
+        s"(?: \\\\\\n\\t--conf \\S+=\\S+)+"
+    val regex = new Regex(expectedCommands)
+    val matcher = regex.pattern.matcher(actualCommands)
+    assert(matcher.matches())
+  }
+
+  private def escapePaths(path: String): String = {
+    path.replaceAll("/", "\\/")
+  }
+
   private def constructClasspathStr(builder: FlinkProcessBuilder) = {
     val classpathEntries = new java.util.LinkedHashSet[String]
     builder.mainResource.foreach(classpathEntries.add)
@@ -69,11 +110,11 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     classpathEntries.add(s"$flinkHome$flinkConfPathSuffix")
     val envMap = builder.env
     envMap.foreach { case (k, v) =>
-      if (!k.equals("JAVA_HOME")) {
+      if (!k.equals("JAVA_HOME") && !k.equals("FLINK_HOME")) {
         classpathEntries.add(v)
       }
     }
-    val extraCp = conf.get(ENGINE_FLINK_EXTRA_CLASSPATH)
+    val extraCp = sessionModeConf.get(ENGINE_FLINK_EXTRA_CLASSPATH)
     extraCp.foreach(classpathEntries.add)
     val classpathStr = classpathEntries.asScala.mkString(File.pathSeparator)
     classpathStr
@@ -86,18 +127,25 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
   private val flinkConfPathSuffix = s"${File.separator}conf"
   private val mainClassStr = "org.apache.kyuubi.engine.flink.FlinkSQLEngine"
 
-  test("all hadoop related environment variables are configured") {
-    val builder = new FlinkProcessBuilder("vinoyang", conf) {
+  test("session mode - all hadoop related environment variables are configured") {
+    val builder = new FlinkProcessBuilder("vinoyang", sessionModeConf) {
       override def env: Map[String, String] = envWithAllHadoop
     }
-    matchActualAndExpected(builder)
+    matchActualAndExpectedSessionMode(builder)
   }
 
-  test("only FLINK_HADOOP_CLASSPATH environment variables are configured") {
-    val builder = new FlinkProcessBuilder("vinoyang", conf) {
+  test("session mode - only FLINK_HADOOP_CLASSPATH environment variables are configured") {
+    val builder = new FlinkProcessBuilder("vinoyang", sessionModeConf) {
       override def env: Map[String, String] = envDefault +
         (FLINK_HADOOP_CLASSPATH_KEY -> s"${File.separator}hadoop")
     }
-    matchActualAndExpected(builder)
+    matchActualAndExpectedSessionMode(builder)
+  }
+
+  test("application mode - default env") {
+    val builder = new FlinkProcessBuilder("paullam", applicationModeConf) {
+      override def env: Map[String, String] = envDefault
+    }
+    matchActualAndExpectedApplicationMode(builder)
   }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/MiniYarnService.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/MiniYarnService.scala
index 1a73cc24c..68a175efc 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/MiniYarnService.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/MiniYarnService.scala
@@ -34,7 +34,7 @@ import org.apache.kyuubi.service.AbstractService
 class MiniYarnService extends AbstractService("TestMiniYarnService") {
 
   private val hadoopConfDir: File = Utils.createTempDir().toFile
-  private val yarnConf: YarnConfiguration = {
+  private var yarnConf: YarnConfiguration = {
     val yarnConfig = new YarnConfiguration()
     // Disable the disk utilization check to avoid the test hanging when people's disks are
     // getting full.
@@ -71,6 +71,10 @@ class MiniYarnService extends AbstractService("TestMiniYarnService") {
   }
   private val yarnCluster: MiniYARNCluster = new MiniYARNCluster(getName, 1, 1, 1)
 
+  def setYarnConf(yarnConf: YarnConfiguration): Unit = {
+    this.yarnConf = yarnConf
+  }
+
   override def initialize(conf: KyuubiConf): Unit = {
     yarnCluster.init(yarnConf)
     super.initialize(conf)

From 5faebb1e75b57491ca655e0ba6fceacde5ef9459 Mon Sep 17 00:00:00 2001
From: Karsonnel <747100667@qq.com>
Date: Fri, 7 Apr 2023 18:54:14 +0800
Subject: [PATCH 262/760] [KYUUBI #4658][FOLLOWUP] Improve unit tests

### _Why are the changes needed?_

To allow up the reviewer's comment in  https://github.com/apache/kyuubi/issues/4660.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4661 from Karsonnel/4658-authz-insert-follow-up.

Closes #4658

3ce7efc3d [Karsonnel] add e2e test for InsertIntoDatasourceCommand
2c8e3469a [Karsonnel] rename test
1349c2b02 [Karsonnel] fix test assert text
d2f04ca45 [Karsonnel] fix test
8f86bb14b [Karsonnel] Resolve reviewer's comment in pr #4660

Authored-by: Karsonnel <747100667@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../ranger/RangerSparkExtensionSuite.scala    | 25 ++++++++++++++++---
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 2d108615e..beef36d5d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -708,20 +708,37 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
     }
   }
 
-  test("[KYUUBI #4658] INSERT OVERWRITE DIRECTORY did check query permission") {
+  test("[KYUUBI #4658] insert overwrite hive directory") {
     val db1 = "default"
     val table = "src"
 
     withCleanTmpResources(Seq((s"$db1.$table", "table"))) {
-      doAs("bob", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
-      val e1 = intercept[AccessControlException](
+      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      val e = intercept[AccessControlException](
         doAs(
           "someone",
           sql(
             s"""INSERT OVERWRITE DIRECTORY '/tmp/test_dir' ROW FORMAT DELIMITED FIELDS
                | TERMINATED BY ','
                | SELECT * FROM $db1.$table;""".stripMargin)))
-      assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id"))
+      assert(e.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
+    }
+  }
+
+  test("[KYUUBI #4658] insert overwrite datasource directory") {
+    val db1 = "default"
+    val table = "src"
+
+    withCleanTmpResources(Seq((s"$db1.$table", "table"))) {
+      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      val e = intercept[AccessControlException](
+        doAs(
+          "someone",
+          sql(
+            s"""INSERT OVERWRITE DIRECTORY '/tmp/test_dir'
+               | USING parquet
+               | SELECT * FROM $db1.$table;""".stripMargin)))
+      assert(e.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
     }
   }
 }

From 1a651254cb9dec71082e9cfadd58a4dbbd976d1f Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Mon, 10 Apr 2023 09:43:30 +0800
Subject: [PATCH 263/760] [KYUUBI #4662] [ARROW] Arrow serialization should not
 introduce extra shuffle for outermost limit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

The fundamental concept is to execute a job similar to the way in which `CollectLimitExec.executeCollect()` operates.

```sql
select * from parquet.`parquet/tpcds/sf1000/catalog_sales` limit 20;
```

Before this PR:
![截屏2023-04-04 下午3 20 34](https://user-images.githubusercontent.com/8537877/229717946-87c480c6-9550-4d00-bc96-14d59d7ce9f7.png)

![截屏2023-04-04 下午3 20 54](https://user-images.githubusercontent.com/8537877/229717973-bf6da5af-74e7-422a-b9fa-8b7bebd43320.png)

After this PR:

![截屏2023-04-04 下午3 17 05](https://user-images.githubusercontent.com/8537877/229718016-6218d019-b223-4deb-b596-6f0431d33d2a.png)

![截屏2023-04-04 下午3 17 16](https://user-images.githubusercontent.com/8537877/229718046-ea07cd1f-5ffc-42ba-87d5-08085feb4b16.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4662 from cfmcgrady/arrow-collect-limit-exec-2.

Closes #4662

82c912ed6 [Fu Chen] close vector
130bcb141 [Fu Chen] finally close
facc13f78 [Fu Chen] exclude rule OptimizeLimitZero
370083910 [Fu Chen] SparkArrowbasedOperationSuite adapt Spark-3.1.x
6064ab961 [Fu Chen] limit = 0 test case
6d596fcce [Fu Chen] address comment
8280783c3 [Fu Chen] add `isStaticConfigKey` to adapt Spark-3.1.x
22cc70fba [Fu Chen] add ut
b72bc6fb2 [Fu Chen] add offset support to adapt Spark-3.4.x
9ffb44fb2 [Fu Chen] make toBatchIterator private
c83cf3f5e [Fu Chen] SparkArrowbasedOperationSuite adapt Spark-3.1.x
573a262ed [Fu Chen] fix
4cef20481 [Fu Chen] SparkArrowbasedOperationSuite adapt Spark-3.1.x
d70aee36b [Fu Chen] SparkPlan.session -> SparkSession.active to adapt Spark-3.1.x
e3bf84c03 [Fu Chen] refactor
81886f01c [Fu Chen] address comment
2286afc6b [Fu Chen] reflective calla AdaptiveSparkPlanExec.finalPhysicalPlan
03d074732 [Fu Chen] address comment
25e4f056c [Fu Chen] add docs
885cf2c71 [Fu Chen] infer row size by schema.defaultSize
4e7ca54df [Fu Chen] unnecessarily changes
ee5a7567a [Fu Chen] revert unnecessarily changes
6c5b1eb61 [Fu Chen] add ut
4212a8967 [Fu Chen] refactor and add ut
ed8c6928b [Fu Chen] refactor
008867122 [Fu Chen] refine
8593d856a [Fu Chen] driver slice last batch
a5849430a [Fu Chen] arrow take

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 externals/kyuubi-spark-sql-engine/pom.xml     |   7 +
 .../spark/operation/ExecuteStatement.scala    |  32 +-
 .../arrow/KyuubiArrowConverters.scala         | 321 ++++++++++++++++++
 .../spark/sql/kyuubi/SparkDatasetHelper.scala | 160 ++++++++-
 .../SparkArrowbasedOperationSuite.scala       | 260 +++++++++++++-
 .../spark/KyuubiSparkContextHelper.scala      |   2 +
 pom.xml                                       |   4 +-
 7 files changed, 753 insertions(+), 33 deletions(-)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala

diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 5b227cb5e..8c984e4ca 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -65,6 +65,13 @@
             <scope>provided</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-sql_${scala.binary.version}</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-repl_${scala.binary.version}</artifactId>
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index b29d2ca9a..ca30f5300 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -21,10 +21,8 @@ import java.util.concurrent.RejectedExecutionException
 
 import scala.collection.JavaConverters._
 
-import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.DataFrame
-import org.apache.spark.sql.execution.SQLExecution
-import org.apache.spark.sql.kyuubi.SparkDatasetHelper
+import org.apache.spark.sql.kyuubi.SparkDatasetHelper._
 import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
@@ -187,34 +185,15 @@ class ArrowBasedExecuteStatement(
     handle) {
 
   override protected def incrementalCollectResult(resultDF: DataFrame): Iterator[Any] = {
-    collectAsArrow(convertComplexType(resultDF)) { rdd =>
-      rdd.toLocalIterator
-    }
+    toArrowBatchLocalIterator(convertComplexType(resultDF))
   }
 
   override protected def fullCollectResult(resultDF: DataFrame): Array[_] = {
-    collectAsArrow(convertComplexType(resultDF)) { rdd =>
-      rdd.collect()
-    }
+    executeCollect(convertComplexType(resultDF))
   }
 
   override protected def takeResult(resultDF: DataFrame, maxRows: Int): Array[_] = {
-    // this will introduce shuffle and hurt performance
-    val limitedResult = resultDF.limit(maxRows)
-    collectAsArrow(convertComplexType(limitedResult)) { rdd =>
-      rdd.collect()
-    }
-  }
-
-  /**
-   * refer to org.apache.spark.sql.Dataset#withAction(), assign a new execution id for arrow-based
-   * operation, so that we can track the arrow-based queries on the UI tab.
-   */
-  private def collectAsArrow[T](df: DataFrame)(action: RDD[Array[Byte]] => T): T = {
-    SQLExecution.withNewExecutionId(df.queryExecution, Some("collectAsArrow")) {
-      df.queryExecution.executedPlan.resetMetrics()
-      action(SparkDatasetHelper.toArrowBatchRdd(df))
-    }
+    executeCollect(convertComplexType(resultDF.limit(maxRows)))
   }
 
   override protected def isArrowBasedOperation: Boolean = true
@@ -222,7 +201,6 @@ class ArrowBasedExecuteStatement(
   override val resultFormat = "arrow"
 
   private def convertComplexType(df: DataFrame): DataFrame = {
-    SparkDatasetHelper.convertTopLevelComplexTypeToHiveString(df, timestampAsString)
+    convertTopLevelComplexTypeToHiveString(df, timestampAsString)
   }
-
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
new file mode 100644
index 000000000..dd6163ec9
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -0,0 +1,321 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.execution.arrow
+
+import java.io.{ByteArrayInputStream, ByteArrayOutputStream}
+import java.nio.channels.Channels
+
+import scala.collection.JavaConverters._
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.arrow.vector._
+import org.apache.arrow.vector.ipc.{ArrowStreamWriter, ReadChannel, WriteChannel}
+import org.apache.arrow.vector.ipc.message.{IpcOption, MessageSerializer}
+import org.apache.spark.TaskContext
+import org.apache.spark.internal.Logging
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.{InternalRow, SQLConfHelper}
+import org.apache.spark.sql.catalyst.expressions.UnsafeRow
+import org.apache.spark.sql.execution.CollectLimitExec
+import org.apache.spark.sql.types._
+import org.apache.spark.sql.util.ArrowUtils
+import org.apache.spark.util.Utils
+
+object KyuubiArrowConverters extends SQLConfHelper with Logging {
+
+  type Batch = (Array[Byte], Long)
+
+  /**
+   * this method is to slice the input Arrow record batch byte array `bytes`, starting from `start`
+   * and taking `length` number of elements.
+   */
+  def slice(
+      schema: StructType,
+      timeZoneId: String,
+      bytes: Array[Byte],
+      start: Int,
+      length: Int): Array[Byte] = {
+    val in = new ByteArrayInputStream(bytes)
+    val out = new ByteArrayOutputStream(bytes.length)
+
+    var vectorSchemaRoot: VectorSchemaRoot = null
+    var slicedVectorSchemaRoot: VectorSchemaRoot = null
+
+    val sliceAllocator = ArrowUtils.rootAllocator.newChildAllocator(
+      "slice",
+      0,
+      Long.MaxValue)
+    val arrowSchema = ArrowUtils.toArrowSchema(schema, timeZoneId)
+    vectorSchemaRoot = VectorSchemaRoot.create(arrowSchema, sliceAllocator)
+    try {
+      val recordBatch = MessageSerializer.deserializeRecordBatch(
+        new ReadChannel(Channels.newChannel(in)),
+        sliceAllocator)
+      val vectorLoader = new VectorLoader(vectorSchemaRoot)
+      vectorLoader.load(recordBatch)
+      recordBatch.close()
+      slicedVectorSchemaRoot = vectorSchemaRoot.slice(start, length)
+
+      val unloader = new VectorUnloader(slicedVectorSchemaRoot)
+      val writeChannel = new WriteChannel(Channels.newChannel(out))
+      val batch = unloader.getRecordBatch()
+      MessageSerializer.serialize(writeChannel, batch)
+      batch.close()
+      out.toByteArray()
+    } finally {
+      in.close()
+      out.close()
+      if (vectorSchemaRoot != null) {
+        vectorSchemaRoot.getFieldVectors.asScala.foreach(_.close())
+        vectorSchemaRoot.close()
+      }
+      if (slicedVectorSchemaRoot != null) {
+        slicedVectorSchemaRoot.getFieldVectors.asScala.foreach(_.close())
+        slicedVectorSchemaRoot.close()
+      }
+      sliceAllocator.close()
+    }
+  }
+
+  /**
+   * Forked from `org.apache.spark.sql.execution.SparkPlan#executeTake()`, the algorithm can be
+   * summarized in the following steps:
+   * 1. If the limit specified in the CollectLimitExec object is 0, the function returns an empty
+   *    array of batches.
+   * 2. Otherwise, execute the child query plan of the CollectLimitExec object to obtain an RDD of
+   *    data to collect.
+   * 3. Use an iterative approach to collect data in batches until the specified limit is reached.
+   *    In each iteration, it selects a subset of the partitions of the RDD to scan and tries to
+   *    collect data from them.
+   * 4. For each partition subset, we use the runJob method of the Spark context to execute a
+   *    closure that scans the partition data and converts it to Arrow batches.
+   * 5. Check if the collected data reaches the specified limit. If not, it selects another subset
+   *    of partitions to scan and repeats the process until the limit is reached or all partitions
+   *    have been scanned.
+   * 6. Return an array of all the collected Arrow batches.
+   *
+   * Note that:
+   * 1. The returned Arrow batches row count >= limit, if the input df has more than the `limit`
+   *    row count
+   * 2. We don't implement the `takeFromEnd` logical
+   *
+   * @return
+   */
+  def takeAsArrowBatches(
+      collectLimitExec: CollectLimitExec,
+      maxRecordsPerBatch: Long,
+      maxEstimatedBatchSize: Long,
+      timeZoneId: String): Array[Batch] = {
+    val n = collectLimitExec.limit
+    val schema = collectLimitExec.schema
+    if (n == 0) {
+      return new Array[Batch](0)
+    } else {
+      val limitScaleUpFactor = Math.max(conf.limitScaleUpFactor, 2)
+      // TODO: refactor and reuse the code from RDD's take()
+      val childRDD = collectLimitExec.child.execute()
+      val buf = new ArrayBuffer[Batch]
+      var bufferedRowSize = 0L
+      val totalParts = childRDD.partitions.length
+      var partsScanned = 0
+      while (bufferedRowSize < n && partsScanned < totalParts) {
+        // The number of partitions to try in this iteration. It is ok for this number to be
+        // greater than totalParts because we actually cap it at totalParts in runJob.
+        var numPartsToTry = limitInitialNumPartitions
+        if (partsScanned > 0) {
+          // If we didn't find any rows after the previous iteration, multiply by
+          // limitScaleUpFactor and retry. Otherwise, interpolate the number of partitions we need
+          // to try, but overestimate it by 50%. We also cap the estimation in the end.
+          if (buf.isEmpty) {
+            numPartsToTry = partsScanned * limitScaleUpFactor
+          } else {
+            val left = n - bufferedRowSize
+            // As left > 0, numPartsToTry is always >= 1
+            numPartsToTry = Math.ceil(1.5 * left * partsScanned / bufferedRowSize).toInt
+            numPartsToTry = Math.min(numPartsToTry, partsScanned * limitScaleUpFactor)
+          }
+        }
+
+        val partsToScan =
+          partsScanned.until(math.min(partsScanned + numPartsToTry, totalParts).toInt)
+
+        // TODO: SparkPlan.session introduced in SPARK-35798, replace with SparkPlan.session once we
+        // drop Spark-3.1.x support.
+        val sc = SparkSession.active.sparkContext
+        val res = sc.runJob(
+          childRDD,
+          (it: Iterator[InternalRow]) => {
+            val batches = toBatchIterator(
+              it,
+              schema,
+              maxRecordsPerBatch,
+              maxEstimatedBatchSize,
+              n,
+              timeZoneId)
+            batches.map(b => b -> batches.rowCountInLastBatch).toArray
+          },
+          partsToScan)
+
+        var i = 0
+        while (bufferedRowSize < n && i < res.length) {
+          var j = 0
+          val batches = res(i)
+          while (j < batches.length && n > bufferedRowSize) {
+            val batch = batches(j)
+            val (_, batchSize) = batch
+            buf += batch
+            bufferedRowSize += batchSize
+            j += 1
+          }
+          i += 1
+        }
+        partsScanned += partsToScan.size
+      }
+
+      buf.toArray
+    }
+  }
+
+  /**
+   * Spark introduced the config `spark.sql.limit.initialNumPartitions` since 3.4.0. see SPARK-40211
+   */
+  private def limitInitialNumPartitions: Int = {
+    conf.getConfString("spark.sql.limit.initialNumPartitions", "1")
+      .toInt
+  }
+
+  /**
+   * Different from [[org.apache.spark.sql.execution.arrow.ArrowConverters.toBatchIterator]],
+   * each output arrow batch contains this batch row count.
+   */
+  private def toBatchIterator(
+      rowIter: Iterator[InternalRow],
+      schema: StructType,
+      maxRecordsPerBatch: Long,
+      maxEstimatedBatchSize: Long,
+      limit: Long,
+      timeZoneId: String): ArrowBatchIterator = {
+    new ArrowBatchIterator(
+      rowIter,
+      schema,
+      maxRecordsPerBatch,
+      maxEstimatedBatchSize,
+      limit,
+      timeZoneId,
+      TaskContext.get)
+  }
+
+  /**
+   * This class ArrowBatchIterator is derived from
+   * [[org.apache.spark.sql.execution.arrow.ArrowConverters.ArrowBatchWithSchemaIterator]],
+   * with two key differences:
+   *   1. there is no requirement to write the schema at the batch header
+   *   2. iteration halts when `rowCount` equals `limit`
+   */
+  private[sql] class ArrowBatchIterator(
+      rowIter: Iterator[InternalRow],
+      schema: StructType,
+      maxRecordsPerBatch: Long,
+      maxEstimatedBatchSize: Long,
+      limit: Long,
+      timeZoneId: String,
+      context: TaskContext)
+    extends Iterator[Array[Byte]] {
+
+    protected val arrowSchema = ArrowUtils.toArrowSchema(schema, timeZoneId)
+    private val allocator =
+      ArrowUtils.rootAllocator.newChildAllocator(
+        s"to${this.getClass.getSimpleName}",
+        0,
+        Long.MaxValue)
+
+    private val root = VectorSchemaRoot.create(arrowSchema, allocator)
+    protected val unloader = new VectorUnloader(root)
+    protected val arrowWriter = ArrowWriter.create(root)
+
+    Option(context).foreach {
+      _.addTaskCompletionListener[Unit] { _ =>
+        root.close()
+        allocator.close()
+      }
+    }
+
+    override def hasNext: Boolean = (rowIter.hasNext && rowCount < limit) || {
+      root.close()
+      allocator.close()
+      false
+    }
+
+    var rowCountInLastBatch: Long = 0
+    var rowCount: Long = 0
+
+    override def next(): Array[Byte] = {
+      val out = new ByteArrayOutputStream()
+      val writeChannel = new WriteChannel(Channels.newChannel(out))
+
+      rowCountInLastBatch = 0
+      var estimatedBatchSize = 0L
+      Utils.tryWithSafeFinally {
+
+        // Always write the first row.
+        while (rowIter.hasNext && (
+            // For maxBatchSize and maxRecordsPerBatch, respect whatever smaller.
+            // If the size in bytes is positive (set properly), always write the first row.
+            rowCountInLastBatch == 0 && maxEstimatedBatchSize > 0 ||
+              // If the size in bytes of rows are 0 or negative, unlimit it.
+              estimatedBatchSize <= 0 ||
+              estimatedBatchSize < maxEstimatedBatchSize ||
+              // If the size of rows are 0 or negative, unlimit it.
+              maxRecordsPerBatch <= 0 ||
+              rowCountInLastBatch < maxRecordsPerBatch ||
+              rowCount < limit)) {
+          val row = rowIter.next()
+          arrowWriter.write(row)
+          estimatedBatchSize += (row match {
+            case ur: UnsafeRow => ur.getSizeInBytes
+            // Trying to estimate the size of the current row
+            case _: InternalRow => schema.defaultSize
+          })
+          rowCountInLastBatch += 1
+          rowCount += 1
+        }
+        arrowWriter.finish()
+        val batch = unloader.getRecordBatch()
+        MessageSerializer.serialize(writeChannel, batch)
+
+        // Always write the Ipc options at the end.
+        ArrowStreamWriter.writeEndOfStream(writeChannel, IpcOption.DEFAULT)
+
+        batch.close()
+      } {
+        arrowWriter.reset()
+      }
+
+      out.toByteArray
+    }
+  }
+
+  // for testing
+  def fromBatchIterator(
+      arrowBatchIter: Iterator[Array[Byte]],
+      schema: StructType,
+      timeZoneId: String,
+      context: TaskContext): Iterator[InternalRow] = {
+    ArrowConverters.fromBatchIterator(arrowBatchIter, schema, timeZoneId, context)
+  }
+}
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 1a5429373..1c8d32c48 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -17,18 +17,75 @@
 
 package org.apache.spark.sql.kyuubi
 
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.spark.TaskContext
+import org.apache.spark.internal.Logging
+import org.apache.spark.network.util.{ByteUnit, JavaUtils}
 import org.apache.spark.rdd.RDD
-import org.apache.spark.sql.{DataFrame, Dataset, Row}
+import org.apache.spark.sql.{DataFrame, Dataset, Row, SparkSession}
+import org.apache.spark.sql.execution.{CollectLimitExec, SparkPlan, SQLExecution}
+import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
+import org.apache.spark.sql.execution.arrow.{ArrowConverters, KyuubiArrowConverters}
 import org.apache.spark.sql.functions._
 import org.apache.spark.sql.types._
 
+import org.apache.kyuubi.engine.spark.KyuubiSparkUtil
 import org.apache.kyuubi.engine.spark.schema.RowSet
+import org.apache.kyuubi.reflection.DynMethods
+
+object SparkDatasetHelper extends Logging {
+
+  def executeCollect(df: DataFrame): Array[Array[Byte]] = withNewExecutionId(df) {
+    executeArrowBatchCollect(df.queryExecution.executedPlan)
+  }
+
+  def executeArrowBatchCollect: SparkPlan => Array[Array[Byte]] = {
+    case adaptiveSparkPlan: AdaptiveSparkPlanExec =>
+      executeArrowBatchCollect(finalPhysicalPlan(adaptiveSparkPlan))
+    // TODO: avoid extra shuffle if `offset` > 0
+    case collectLimit: CollectLimitExec if offset(collectLimit) > 0 =>
+      logWarning("unsupported offset > 0, an extra shuffle will be introduced.")
+      toArrowBatchRdd(collectLimit).collect()
+    case collectLimit: CollectLimitExec if collectLimit.limit >= 0 =>
+      doCollectLimit(collectLimit)
+    case collectLimit: CollectLimitExec if collectLimit.limit < 0 =>
+      executeArrowBatchCollect(collectLimit.child)
+    case plan: SparkPlan =>
+      toArrowBatchRdd(plan).collect()
+  }
 
-object SparkDatasetHelper {
   def toArrowBatchRdd[T](ds: Dataset[T]): RDD[Array[Byte]] = {
     ds.toArrowBatchRdd
   }
 
+  /**
+   * Forked from [[Dataset.toArrowBatchRdd(plan: SparkPlan)]].
+   * Convert to an RDD of serialized ArrowRecordBatches.
+   */
+  def toArrowBatchRdd(plan: SparkPlan): RDD[Array[Byte]] = {
+    val schemaCaptured = plan.schema
+    // TODO: SparkPlan.session introduced in SPARK-35798, replace with SparkPlan.session once we
+    // drop Spark-3.1.x support.
+    val maxRecordsPerBatch = SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch
+    val timeZoneId = SparkSession.active.sessionState.conf.sessionLocalTimeZone
+    plan.execute().mapPartitionsInternal { iter =>
+      val context = TaskContext.get()
+      ArrowConverters.toBatchIterator(
+        iter,
+        schemaCaptured,
+        maxRecordsPerBatch,
+        timeZoneId,
+        context)
+    }
+  }
+
+  def toArrowBatchLocalIterator(df: DataFrame): Iterator[Array[Byte]] = {
+    withNewExecutionId(df) {
+      toArrowBatchRdd(df).toLocalIterator
+    }
+  }
+
   def convertTopLevelComplexTypeToHiveString(
       df: DataFrame,
       timestampAsString: Boolean): DataFrame = {
@@ -68,11 +125,108 @@ object SparkDatasetHelper {
    * Fork from Apache Spark-3.3.1 org.apache.spark.sql.catalyst.util.quoteIfNeeded to adapt to
    * Spark-3.1.x
    */
-  def quoteIfNeeded(part: String): String = {
+  private def quoteIfNeeded(part: String): String = {
     if (part.matches("[a-zA-Z0-9_]+") && !part.matches("\\d+")) {
       part
     } else {
       s"`${part.replace("`", "``")}`"
     }
   }
+
+  private lazy val maxBatchSize: Long = {
+    // respect spark connect config
+    KyuubiSparkUtil.globalSparkContext
+      .getConf
+      .getOption("spark.connect.grpc.arrow.maxBatchSize")
+      .orElse(Option("4m"))
+      .map(JavaUtils.byteStringAs(_, ByteUnit.MiB))
+      .get
+  }
+
+  private def doCollectLimit(collectLimit: CollectLimitExec): Array[Array[Byte]] = {
+    // TODO: SparkPlan.session introduced in SPARK-35798, replace with SparkPlan.session once we
+    // drop Spark-3.1.x support.
+    val timeZoneId = SparkSession.active.sessionState.conf.sessionLocalTimeZone
+    val maxRecordsPerBatch = SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch
+
+    val batches = KyuubiArrowConverters.takeAsArrowBatches(
+      collectLimit,
+      maxRecordsPerBatch,
+      maxBatchSize,
+      timeZoneId)
+
+    // note that the number of rows in the returned arrow batches may be >= `limit`, perform
+    // the slicing operation of result
+    val result = ArrayBuffer[Array[Byte]]()
+    var i = 0
+    var rest = collectLimit.limit
+    while (i < batches.length && rest > 0) {
+      val (batch, size) = batches(i)
+      if (size <= rest) {
+        result += batch
+        // returned ArrowRecordBatch has less than `limit` row count, safety to do conversion
+        rest -= size.toInt
+      } else { // size > rest
+        result += KyuubiArrowConverters.slice(collectLimit.schema, timeZoneId, batch, 0, rest)
+        rest = 0
+      }
+      i += 1
+    }
+    result.toArray
+  }
+
+  /**
+   * This method provides a reflection-based implementation of
+   * [[AdaptiveSparkPlanExec.finalPhysicalPlan]] that enables us to adapt to the Spark runtime
+   * without patching SPARK-41914.
+   *
+   * TODO: Once we drop support for Spark 3.1.x, we can directly call
+   * [[AdaptiveSparkPlanExec.finalPhysicalPlan]].
+   */
+  def finalPhysicalPlan(adaptiveSparkPlanExec: AdaptiveSparkPlanExec): SparkPlan = {
+    withFinalPlanUpdate(adaptiveSparkPlanExec, identity)
+  }
+
+  /**
+   * A reflection-based implementation of [[AdaptiveSparkPlanExec.withFinalPlanUpdate]].
+   */
+  private def withFinalPlanUpdate[T](
+      adaptiveSparkPlanExec: AdaptiveSparkPlanExec,
+      fun: SparkPlan => T): T = {
+    val getFinalPhysicalPlan = DynMethods.builder("getFinalPhysicalPlan")
+      .hiddenImpl(adaptiveSparkPlanExec.getClass)
+      .build()
+    val plan = getFinalPhysicalPlan.invoke[SparkPlan](adaptiveSparkPlanExec)
+    val result = fun(plan)
+    val finalPlanUpdate = DynMethods.builder("finalPlanUpdate")
+      .hiddenImpl(adaptiveSparkPlanExec.getClass)
+      .build()
+    finalPlanUpdate.invoke[Unit](adaptiveSparkPlanExec)
+    result
+  }
+
+  /**
+   * offset support was add since Spark-3.4(set SPARK-28330), to ensure backward compatibility with
+   * earlier versions of Spark, this function uses reflective calls to the "offset".
+   */
+  private def offset(collectLimitExec: CollectLimitExec): Int = {
+    Option(
+      DynMethods.builder("offset")
+        .impl(collectLimitExec.getClass)
+        .orNoop()
+        .build()
+        .invoke[Int](collectLimitExec))
+      .getOrElse(0)
+  }
+
+  /**
+   * refer to org.apache.spark.sql.Dataset#withAction(), assign a new execution id for arrow-based
+   * operation, so that we can track the arrow-based queries on the UI tab.
+   */
+  private def withNewExecutionId[T](df: DataFrame)(body: => T): T = {
+    SQLExecution.withNewExecutionId(df.queryExecution, Some("collectAsArrow")) {
+      df.queryExecution.executedPlan.resetMetrics()
+      body
+    }
+  }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index ae6237bb5..2ef29b398 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -18,16 +18,28 @@
 package org.apache.kyuubi.engine.spark.operation
 
 import java.sql.Statement
+import java.util.{Set => JSet}
 
 import org.apache.spark.KyuubiSparkContextHelper
+import org.apache.spark.scheduler.{SparkListener, SparkListenerJobStart}
+import org.apache.spark.sql.{QueryTest, Row, SparkSession}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
-import org.apache.spark.sql.execution.QueryExecution
+import org.apache.spark.sql.execution.{CollectLimitExec, QueryExecution, SparkPlan}
+import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
+import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
+import org.apache.spark.sql.execution.exchange.Exchange
+import org.apache.spark.sql.execution.joins.{BroadcastHashJoinExec, SortMergeJoinExec}
+import org.apache.spark.sql.functions.col
+import org.apache.spark.sql.internal.SQLConf
+import org.apache.spark.sql.kyuubi.SparkDatasetHelper
 import org.apache.spark.sql.util.QueryExecutionListener
 
+import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.{SparkSQLEngine, WithSparkSQLEngine}
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.SparkDataTypeTests
+import org.apache.kyuubi.reflection.DynFields
 
 class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests {
 
@@ -138,6 +150,155 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     assert(metrics("numOutputRows").value === 1)
   }
 
+  test("SparkDatasetHelper.executeArrowBatchCollect should return expect row count") {
+    val returnSize = Seq(
+      0, // spark optimizer guaranty the `limit != 0`, it's just for the sanity check
+      7, // less than one partition
+      10, // equal to one partition
+      13, // between one and two partitions, run two jobs
+      20, // equal to two partitions
+      29, // between two and three partitions
+      1000, // all partitions
+      1001) // more than total row count
+
+    def runAndCheck(sparkPlan: SparkPlan, expectSize: Int): Unit = {
+      val arrowBinary = SparkDatasetHelper.executeArrowBatchCollect(sparkPlan)
+      val rows = KyuubiArrowConverters.fromBatchIterator(
+        arrowBinary.iterator,
+        sparkPlan.schema,
+        "",
+        KyuubiSparkContextHelper.dummyTaskContext())
+      assert(rows.size == expectSize)
+    }
+
+    val excludedRules = Seq(
+      "org.apache.spark.sql.catalyst.optimizer.EliminateLimits",
+      "org.apache.spark.sql.catalyst.optimizer.OptimizeLimitZero",
+      "org.apache.spark.sql.execution.adaptive.AQEPropagateEmptyRelation").mkString(",")
+    withSQLConf(
+      SQLConf.OPTIMIZER_EXCLUDED_RULES.key -> excludedRules,
+      SQLConf.ADAPTIVE_OPTIMIZER_EXCLUDED_RULES.key -> excludedRules) {
+      // aqe
+      // outermost AdaptiveSparkPlanExec
+      spark.range(1000)
+        .repartitionByRange(100, col("id"))
+        .createOrReplaceTempView("t_1")
+      spark.sql("select * from t_1")
+        .foreachPartition { p: Iterator[Row] =>
+          assert(p.length == 10)
+          ()
+        }
+      returnSize.foreach { size =>
+        val df = spark.sql(s"select * from t_1 limit $size")
+        val headPlan = df.queryExecution.executedPlan.collectLeaves().head
+        if (SPARK_ENGINE_RUNTIME_VERSION >= "3.2") {
+          assert(headPlan.isInstanceOf[AdaptiveSparkPlanExec])
+          val finalPhysicalPlan =
+            SparkDatasetHelper.finalPhysicalPlan(headPlan.asInstanceOf[AdaptiveSparkPlanExec])
+          assert(finalPhysicalPlan.isInstanceOf[CollectLimitExec])
+        }
+        if (size > 1000) {
+          runAndCheck(df.queryExecution.executedPlan, 1000)
+        } else {
+          runAndCheck(df.queryExecution.executedPlan, size)
+        }
+      }
+
+      // outermost CollectLimitExec
+      spark.range(0, 1000, 1, numPartitions = 100)
+        .createOrReplaceTempView("t_2")
+      spark.sql("select * from t_2")
+        .foreachPartition { p: Iterator[Row] =>
+          assert(p.length == 10)
+          ()
+        }
+      returnSize.foreach { size =>
+        val df = spark.sql(s"select * from t_2 limit $size")
+        val plan = df.queryExecution.executedPlan
+        assert(plan.isInstanceOf[CollectLimitExec])
+        if (size > 1000) {
+          runAndCheck(df.queryExecution.executedPlan, 1000)
+        } else {
+          runAndCheck(df.queryExecution.executedPlan, size)
+        }
+      }
+    }
+  }
+
+  test("aqe should work properly") {
+
+    val s = spark
+    import s.implicits._
+
+    spark.sparkContext.parallelize(
+      (1 to 100).map(i => TestData(i, i.toString))).toDF()
+      .createOrReplaceTempView("testData")
+    spark.sparkContext.parallelize(
+      TestData2(1, 1) ::
+        TestData2(1, 2) ::
+        TestData2(2, 1) ::
+        TestData2(2, 2) ::
+        TestData2(3, 1) ::
+        TestData2(3, 2) :: Nil,
+      2).toDF()
+      .createOrReplaceTempView("testData2")
+
+    withSQLConf(
+      SQLConf.ADAPTIVE_EXECUTION_ENABLED.key -> "true",
+      SQLConf.SHUFFLE_PARTITIONS.key -> "5",
+      SQLConf.AUTO_BROADCASTJOIN_THRESHOLD.key -> "80") {
+      val (plan, adaptivePlan) = runAdaptiveAndVerifyResult(
+        """
+          |SELECT * FROM(
+          |  SELECT * FROM testData join testData2 ON key = a where value = '1'
+          |) LIMIT 1
+          |""".stripMargin)
+      val smj = plan.collect { case smj: SortMergeJoinExec => smj }
+      val bhj = adaptivePlan.collect { case bhj: BroadcastHashJoinExec => bhj }
+      assert(smj.size == 1)
+      assert(bhj.size == 1)
+    }
+  }
+
+  test("result offset support") {
+    assume(SPARK_ENGINE_RUNTIME_VERSION > "3.3")
+    var numStages = 0
+    val listener = new SparkListener {
+      override def onJobStart(jobStart: SparkListenerJobStart): Unit = {
+        numStages = jobStart.stageInfos.length
+      }
+    }
+    withJdbcStatement() { statement =>
+      withSparkListener(listener) {
+        withPartitionedTable("t_3") {
+          statement.executeQuery("select * from t_3 limit 10 offset 10")
+        }
+        KyuubiSparkContextHelper.waitListenerBus(spark)
+      }
+    }
+    // the extra shuffle be introduced if the `offset` > 0
+    assert(numStages == 2)
+  }
+
+  test("arrow serialization should not introduce extra shuffle for outermost limit") {
+    var numStages = 0
+    val listener = new SparkListener {
+      override def onJobStart(jobStart: SparkListenerJobStart): Unit = {
+        numStages = jobStart.stageInfos.length
+      }
+    }
+    withJdbcStatement() { statement =>
+      withSparkListener(listener) {
+        withPartitionedTable("t_3") {
+          statement.executeQuery("select * from t_3 limit 1000")
+        }
+        KyuubiSparkContextHelper.waitListenerBus(spark)
+      }
+    }
+    // Should be only one stage since there is no shuffle.
+    assert(numStages == 1)
+  }
+
   private def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
     val query =
       s"""
@@ -177,4 +338,101 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
       .allSessions()
       .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.unregister(listener))
   }
+
+  private def withSparkListener[T](listener: SparkListener)(body: => T): T = {
+    withAllSessions(s => s.sparkContext.addSparkListener(listener))
+    try {
+      body
+    } finally {
+      withAllSessions(s => s.sparkContext.removeSparkListener(listener))
+    }
+
+  }
+
+  private def withPartitionedTable[T](viewName: String)(body: => T): T = {
+    withAllSessions { spark =>
+      spark.range(0, 1000, 1, numPartitions = 100)
+        .createOrReplaceTempView(viewName)
+    }
+    try {
+      body
+    } finally {
+      withAllSessions { spark =>
+        spark.sql(s"DROP VIEW IF EXISTS $viewName")
+      }
+    }
+  }
+
+  private def withAllSessions(op: SparkSession => Unit): Unit = {
+    SparkSQLEngine.currentEngine.get
+      .backendService
+      .sessionManager
+      .allSessions()
+      .map(_.asInstanceOf[SparkSessionImpl].spark)
+      .foreach(op(_))
+  }
+
+  private def runAdaptiveAndVerifyResult(query: String): (SparkPlan, SparkPlan) = {
+    val dfAdaptive = spark.sql(query)
+    val planBefore = dfAdaptive.queryExecution.executedPlan
+    val result = dfAdaptive.collect()
+    withSQLConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED.key -> "false") {
+      val df = spark.sql(query)
+      QueryTest.checkAnswer(df, df.collect().toSeq)
+    }
+    val planAfter = dfAdaptive.queryExecution.executedPlan
+    val adaptivePlan = planAfter.asInstanceOf[AdaptiveSparkPlanExec].executedPlan
+    val exchanges = adaptivePlan.collect {
+      case e: Exchange => e
+    }
+    assert(exchanges.isEmpty, "The final plan should not contain any Exchange node.")
+    (dfAdaptive.queryExecution.sparkPlan, adaptivePlan)
+  }
+
+  /**
+   * Sets all SQL configurations specified in `pairs`, calls `f`, and then restores all SQL
+   * configurations.
+   */
+  protected def withSQLConf(pairs: (String, String)*)(f: => Unit): Unit = {
+    val conf = SQLConf.get
+    val (keys, values) = pairs.unzip
+    val currentValues = keys.map { key =>
+      if (conf.contains(key)) {
+        Some(conf.getConfString(key))
+      } else {
+        None
+      }
+    }
+    (keys, values).zipped.foreach { (k, v) =>
+      if (isStaticConfigKey(k)) {
+        throw new KyuubiException(s"Cannot modify the value of a static config: $k")
+      }
+      conf.setConfString(k, v)
+    }
+    try f
+    finally {
+      keys.zip(currentValues).foreach {
+        case (key, Some(value)) => conf.setConfString(key, value)
+        case (key, None) => conf.unsetConf(key)
+      }
+    }
+  }
+
+  /**
+   * This method provides a reflection-based implementation of [[SQLConf.isStaticConfigKey]] to
+   * adapt Spark-3.1.x
+   *
+   * TODO: Once we drop support for Spark 3.1.x, we can directly call
+   * [[SQLConf.isStaticConfigKey()]].
+   */
+  private def isStaticConfigKey(key: String): Boolean = {
+    val staticConfKeys = DynFields.builder()
+      .hiddenImpl(SQLConf.getClass, "staticConfKeys")
+      .build[JSet[String]](SQLConf)
+      .get()
+    staticConfKeys.contains(key)
+  }
 }
+
+case class TestData(key: Int, value: String)
+case class TestData2(a: Int, b: Int)
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala
index 8293123ea..1b662eadf 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/KyuubiSparkContextHelper.scala
@@ -27,4 +27,6 @@ object KyuubiSparkContextHelper {
   def waitListenerBus(spark: SparkSession): Unit = {
     spark.sparkContext.listenerBus.waitUntilEmpty()
   }
+
+  def dummyTaskContext(): TaskContextImpl = TaskContext.empty()
 }
diff --git a/pom.xml b/pom.xml
index 09ee14c08..1fba6edea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -538,8 +538,8 @@
                         <artifactId>hadoop-client</artifactId>
                     </exclusion>
                     <!--
-                      The module is only used in Kyuubi Spark Extensions, so we don't care about which
-                      version of Log4j it depends on.
+                      The module is only used in Kyuubi Spark Extensions and Engine Spark SQL, so we
+                      don't care about which version of Log4j it depends on.
                      -->
                 </exclusions>
             </dependency>

From a834ed3efb19c94035b38e7f03a442d3ce9b5423 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Mon, 10 Apr 2023 10:26:28 +0800
Subject: [PATCH 264/760] [KYUUBI #4530]  [AUTHZ] Support non-English chars for
 MASK, MASK_SHOW_FIRST_4, and MASK_SHOW_FIRST_4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
To fix https://github.com/apache/kyuubi/issues/4530.
1. The reason for issue https://github.com/apache/kyuubi/issues/4530  is that MASK_SHOW_FIRST_4 and MASK_SHOW_LAST_4 mask types are currently implemented using the regexp_replace method, which only replaces English letters and digits, but ignores other languages, such as Chinese.
2. To fix this issue, I modified the regexp_replace method to replace no-english characters to 'U' letters, so they will also be masked properly.

### _How was this patch tested?_

- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4643 from huangzhir/fixbug-datamask.

Closes #4530

abe45b278 [huangzhir] fix nit
f74e582ed [huangzhir] Move the data preparation to setup，some tests were modified due to changes in the data.
fb3f89e15 [huangzhir] 1. Modified test methods to perform end-to-end testing. 2. Mask data should not ignore spaces.
bb6406c81 [huangzhir] Rollback unnecessary changes, add tests using SQL queries, and modify the Scala style checking code.
7754d74fd [huangzhir] Switching the plan.Replace all characters except English letters and numbers with a single character 'U'.Preserve the " " character.
a905817a0 [huangzhir] fix
ce23bcd1b [huangzhir] Regression testing is to keep the original tests unchanged, and only add the "regexp_replace" test method.
a39f185dd [huangzhir] 1. Use a ‘密’ replacer for it Chinese chars 2. Use a separate ut cases for testing this regexp_replace method.
94b05db89 [huangzhir] [KYUUBI #4530] [AUTHZ] fixbug support MASK_SHOW_FIRST_4 和 MASK_SHOW_FIRST_4 chinese data mask
0fc1065ca [huangzhir] fixbug support MASK_SHOW_FIRST_4 和 MASK_SHOW_FIRST_4 chinese data mask

Authored-by: huangzhir <306824224@qq.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../authz/ranger/SparkRangerAdminPlugin.scala |   3 +-
 .../ranger/SparkRangerAdminPluginSuite.scala  |   9 +-
 .../datamasking/DataMaskingTestBase.scala     | 103 ++++++++++++++----
 3 files changed, 92 insertions(+), 23 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 78e59ff89..8332b27f0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -136,7 +136,8 @@ object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
     val upper = s"regexp_replace($expr, '[A-Z]', 'X'$pos)"
     val lower = s"regexp_replace($upper, '[a-z]', 'x'$pos)"
     val digits = s"regexp_replace($lower, '[0-9]', 'n'$pos)"
-    digits
+    val other = s"regexp_replace($digits, '[^A-Za-z0-9]', 'U'$pos)"
+    other
   }
 
   /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala
index 8711a7287..3338a3314 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala
@@ -50,11 +50,14 @@ class SparkRangerAdminPluginSuite extends AnyFunSuite {
     }
     assert(getMaskingExpr(buildAccessRequest(bob, "value1")).get === "md5(cast(value1 as string))")
     assert(getMaskingExpr(buildAccessRequest(bob, "value2")).get ===
-      "regexp_replace(regexp_replace(regexp_replace(value2, '[A-Z]', 'X'), '[a-z]', 'x')," +
-      " '[0-9]', 'n')")
+      "regexp_replace(regexp_replace(regexp_replace(regexp_replace(value2, '[A-Z]', 'X')," +
+      " '[a-z]', 'x'), '[0-9]', 'n'), '[^A-Za-z0-9]', 'U')")
     assert(getMaskingExpr(buildAccessRequest(bob, "value3")).get contains "regexp_replace")
     assert(getMaskingExpr(buildAccessRequest(bob, "value4")).get === "date_trunc('YEAR', value4)")
-    assert(getMaskingExpr(buildAccessRequest(bob, "value5")).get contains "regexp_replace")
+    assert(getMaskingExpr(buildAccessRequest(bob, "value5")).get ===
+      "concat(regexp_replace(regexp_replace(regexp_replace(regexp_replace(" +
+      "left(value5, length(value5) - 4), '[A-Z]', 'X'), '[a-z]', 'x')," +
+      " '[0-9]', 'n'), '[^A-Za-z0-9]', 'U'), right(value5, 4))")
 
     Seq("admin", "alice").foreach { user =>
       val ugi = UserGroupInformation.createRemoteUser(user)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
index 3585397c6..29a709311 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -55,6 +55,17 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
       "SELECT 20, 2, 'kyuubi', 'y', timestamp'2018-11-17 12:34:56', 'world'")
     sql("INSERT INTO default.src " +
       "SELECT 30, 3, 'spark', 'a', timestamp'2018-11-17 12:34:56', 'world'")
+
+    // scalastyle:off
+    val value1 = "hello WORD 123 ~!@# AßþΔЙקم๗ቐあア叶葉엽"
+    val value2 = "AßþΔЙקم๗ቐあア叶葉엽 hello WORD 123 ~!@#"
+    // AßþΔЙקم๗ቐあア叶葉엽 reference https://zh.wikipedia.org/zh-cn/Unicode#XML.E5.92.8CUnicode
+    // scalastyle:on
+    sql(s"INSERT INTO default.src " +
+      s"SELECT 10, 4, '$value1', '$value1', timestamp'2018-11-17 12:34:56', '$value1'")
+    sql("INSERT INTO default.src " +
+      s"SELECT 11, 5, '$value2', '$value2', timestamp'2018-11-17 12:34:56', '$value2'")
+
     sql(s"CREATE TABLE default.unmasked $format AS SELECT * FROM default.src")
   }
 
@@ -74,23 +85,30 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   }
 
   test("simple query with a user doesn't have mask rules") {
-    checkAnswer("kent", "SELECT key FROM default.src order by key", Seq(Row(1), Row(20), Row(30)))
+    checkAnswer(
+      "kent",
+      "SELECT key FROM default.src order by key",
+      Seq(Row(1), Row(10), Row(11), Row(20), Row(30)))
   }
 
   test("simple query with a user has mask rules") {
     val result =
       Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
-    checkAnswer("bob", "SELECT value1, value2, value3, value4, value5 FROM default.src", result)
     checkAnswer(
       "bob",
-      "SELECT value1 as key, value2, value3, value4, value5 FROM default.src",
+      "SELECT value1, value2, value3, value4, value5 FROM default.src " +
+        "where key = 1",
+      result)
+    checkAnswer(
+      "bob",
+      "SELECT value1 as key, value2, value3, value4, value5 FROM default.src where key = 1",
       result)
   }
 
   test("star") {
     val result =
       Seq(Row(1, md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
-    checkAnswer("bob", "SELECT * FROM default.src", result)
+    checkAnswer("bob", "SELECT * FROM default.src where key = 1", result)
   }
 
   test("simple udf") {
@@ -98,7 +116,8 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
       Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
     checkAnswer(
       "bob",
-      "SELECT max(value1), max(value2), max(value3), max(value4), max(value5) FROM default.src",
+      "SELECT max(value1), max(value2), max(value3), max(value4), max(value5) FROM default.src" +
+        " where key = 1",
       result)
   }
 
@@ -109,7 +128,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
       "bob",
       "SELECT coalesce(max(value1), 1), coalesce(max(value2), 1), coalesce(max(value3), 1), " +
         "coalesce(max(value4), timestamp '2018-01-01 22:33:44'), coalesce(max(value5), 1) " +
-        "FROM default.src",
+        "FROM default.src where key = 1",
       result)
   }
 
@@ -119,13 +138,16 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     checkAnswer(
       "bob",
       "SELECT value1, value2, value3, value4, value5 FROM default.src WHERE value2 in " +
-        "(SELECT value2 as key FROM default.src)",
+        "(SELECT value2 as key FROM default.src where key = 1)",
       result)
   }
 
   test("create a unmasked table as select from a masked one") {
     withCleanTmpResources(Seq(("default.src2", "table"))) {
-      doAs("bob", sql(s"CREATE TABLE default.src2 $format AS SELECT value1 FROM default.src"))
+      doAs(
+        "bob",
+        sql(s"CREATE TABLE default.src2 $format AS SELECT value1 FROM default.src " +
+          s"where key = 1"))
       checkAnswer("bob", "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1"))))
     }
   }
@@ -133,12 +155,24 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   test("insert into a unmasked table from a masked one") {
     withCleanTmpResources(Seq(("default.src2", "table"), ("default.src3", "table"))) {
       doAs("bob", sql(s"CREATE TABLE default.src2 (value1 string) $format"))
-      doAs("bob", sql(s"INSERT INTO default.src2 SELECT value1 from default.src"))
-      doAs("bob", sql(s"INSERT INTO default.src2 SELECT value1 as v from default.src"))
+      doAs(
+        "bob",
+        sql(s"INSERT INTO default.src2 SELECT value1 from default.src " +
+          s"where key = 1"))
+      doAs(
+        "bob",
+        sql(s"INSERT INTO default.src2 SELECT value1 as v from default.src " +
+          s"where key = 1"))
       checkAnswer("bob", "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
       doAs("bob", sql(s"CREATE TABLE default.src3 (k int, value string) $format"))
-      doAs("bob", sql(s"INSERT INTO default.src3 SELECT key, value1 from default.src"))
-      doAs("bob", sql(s"INSERT INTO default.src3 SELECT key, value1 as v from default.src"))
+      doAs(
+        "bob",
+        sql(s"INSERT INTO default.src3 SELECT key, value1 from default.src  " +
+          s"where key = 1"))
+      doAs(
+        "bob",
+        sql(s"INSERT INTO default.src3 SELECT key, value1 as v from default.src " +
+          s"where key = 1"))
       checkAnswer("bob", "SELECT value FROM default.src3", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
     }
   }
@@ -152,7 +186,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
 
   test("self join on a masked table") {
     val s = "SELECT a.value1, b.value1 FROM default.src a" +
-      " join default.src b on a.value1=b.value1"
+      " join default.src b on a.value1=b.value1 where a.key = 1 and b.key = 1 "
     checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
     // just for testing query multiple times, don't delete it
     checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
@@ -228,17 +262,18 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   test("union an unmasked table") {
     val s = """
       SELECT value1 from (
-           SELECT a.value1 FROM default.src a
+           SELECT a.value1 FROM default.src a where a.key = 1
            union
           (SELECT b.value1 FROM default.unmasked b)
       ) c order by value1
       """
-    checkAnswer("bob", s, Seq(Row("1"), Row("2"), Row("3"), Row(md5Hex("1"))))
+    doAs("bob", sql(s).show)
+    checkAnswer("bob", s, Seq(Row("1"), Row("2"), Row("3"), Row("4"), Row("5"), Row(md5Hex("1"))))
   }
 
   test("union a masked table") {
-    val s = "SELECT a.value1 FROM default.src a union" +
-      " (SELECT b.value1 FROM default.src b)"
+    val s = "SELECT a.value1 FROM default.src a where a.key = 1 union" +
+      " (SELECT b.value1 FROM default.src b where b.key = 1)"
     checkAnswer("bob", s, Seq(Row(md5Hex("1"))))
   }
 
@@ -252,12 +287,42 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     withCleanTmpResources(Seq(("default.perm_view", "view"))) {
       checkAnswer(
         "perm_view_user",
-        "SELECT value1, value2 FROM default.src where key < 20",
+        "SELECT value1, value2 FROM default.src where key = 1",
         Seq(Row(1, "hello")))
       checkAnswer(
         "perm_view_user",
-        "SELECT value1, value2 FROM default.perm_view where key < 20",
+        "SELECT value1, value2 FROM default.perm_view where key = 1",
         Seq(Row(md5Hex("1"), "hello")))
     }
   }
+
+  // This test only includes a small subset of UCS-2 characters.
+  // But in theory, it should work for all characters
+  test("test MASK,MASK_SHOW_FIRST_4,MASK_SHOW_LAST_4 rule  with non-English character set") {
+    val s1 = s"SELECT * FROM default.src where key = 10"
+    val s2 = s"SELECT * FROM default.src where key = 11"
+    // scalastyle:off
+    checkAnswer(
+      "bob",
+      s1,
+      Seq(Row(
+        10,
+        md5Hex("4"),
+        "xxxxxUXXXXUnnnUUUUUUXUUUUUUUUUUUUU",
+        "hellxUXXXXUnnnUUUUUUXUUUUUUUUUUUUU",
+        Timestamp.valueOf("2018-01-01 00:00:00"),
+        "xxxxxUXXXXUnnnUUUUUUXUUUUUUUUUア叶葉엽")))
+    checkAnswer(
+      "bob",
+      s2,
+      Seq(Row(
+        11,
+        md5Hex("5"),
+        "XUUUUUUUUUUUUUUxxxxxUXXXXUnnnUUUUU",
+        "AßþΔUUUUUUUUUUUxxxxxUXXXXUnnnUUUUU",
+        Timestamp.valueOf("2018-01-01 00:00:00"),
+        "XUUUUUUUUUUUUUUxxxxxUXXXXUnnnU~!@#")))
+    // scalastyle:on
+  }
+
 }

From 91a2ab3665f44ade8aa768a9bf125bcd8a71478f Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Mon, 10 Apr 2023 11:41:37 +0800
Subject: [PATCH 265/760] [KYUUBI #4678] Improve FinalStageResourceManager kill
 executors

### _Why are the changes needed?_

This pr change two things:
1. add a config to kill executors if the plan contains table caches. It's not always safe to kill executors if the cache is referenced by two write-like plan.
2. force adjustTargetNumExecutors when killing executors. YarnAllocator` might re-request original target executors if DRA has not updated target executors yet. Note, DRA would re-adjust executors if there are more tasks to be executed, so we are safe. It's better to adjuest target num executor once we kill executors.

### _How was this patch tested?_
These issues are found during my POC

Closes #4678 from ulysses-you/skip-cache.

Closes #4678

b12620954 [ulysses-you] Improve kill executors

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/rules.md        |  1 +
 .../spark/sql/FinalStageResourceManager.scala | 28 +++++++++++++++++--
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  7 +++++
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/docs/extensions/engines/spark/rules.md b/docs/extensions/engines/spark/rules.md
index a4bda5d53..46e8dd3d1 100644
--- a/docs/extensions/engines/spark/rules.md
+++ b/docs/extensions/engines/spark/rules.md
@@ -84,6 +84,7 @@ Kyuubi provides some configs to make these feature easy to use.
 | spark.sql.optimizer.insertRepartitionBeforeWriteIfNoShuffle.enabled | false                                  | When true, add repartition even if the original plan does not have shuffle.                                                                                                                                                                                                                                                                          | 1.7.0 |
 | spark.sql.optimizer.finalStageConfigIsolationWriteOnly.enabled      | true                                   | When true, only enable final stage isolation for writing.                                                                                                                                                                                                                                                                                            | 1.7.0 |
 | spark.sql.finalWriteStage.eagerlyKillExecutors.enabled              | false                                  | When true, eagerly kill redundant executors before running final write stage.                                                                                                                                                                                                                                                                        | 1.8.0 |
+| spark.sql.finalWriteStage.skipKillingExecutorsForTableCache         | true                                   | When true, skip killing executors if the plan has table caches.                                                                                                                                                                                                                                                                                      | 1.8.0 |
 | spark.sql.finalWriteStage.retainExecutorsFactor                     | 1.2                                    | If the target executors * factor < active executors, and target executors * factor > min executors, then inject kill executors or inject custom resource profile.                                                                                                                                                                                    | 1.8.0 |
 | spark.sql.finalWriteStage.resourceIsolation.enabled                 | false                                  | When true, make final write stage resource isolation using custom RDD resource profile.                                                                                                                                                                                                                                                              | 1.2.0 |
 | spark.sql.finalWriteStageExecutorCores                              | fallback spark.executor.cores          | Specify the executor core request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                             | 1.8.0 |
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index ca3f762e1..7a0ae1592 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -26,6 +26,7 @@ import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
 import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
 import org.apache.spark.sql.execution.adaptive._
+import org.apache.spark.sql.execution.columnar.InMemoryTableScanExec
 import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeExec}
 
 import org.apache.kyuubi.sql.{KyuubiSQLConf, MarkNumOutputColumnsRule}
@@ -69,6 +70,13 @@ case class FinalStageResourceManager(session: SparkSession)
       return plan
     }
 
+    // It's not safe to kill executors if this plan contains table cache.
+    // If the executor loses then the rdd would re-compute those partition.
+    if (hasTableCache(plan) &&
+      conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE)) {
+      return plan
+    }
+
     // TODO: move this to query stage optimizer when updating Spark to 3.5.x
     // Since we are in `prepareQueryStage`, the AQE shuffle read has not been applied.
     // So we need to apply it by self.
@@ -188,9 +196,18 @@ case class FinalStageResourceManager(session: SparkSession)
     // see `https://github.com/apache/spark/pull/20604`.
     // It may cause the status in `ExecutorAllocationManager` inconsistent with
     // `CoarseGrainedSchedulerBackend` for a while. But it should be synchronous finally.
+    //
+    // We should adjust target num executors, otherwise `YarnAllocator` might re-request original
+    // target executors if DRA has not updated target executors yet.
+    // Note, DRA would re-adjust executors if there are more tasks to be executed, so we are safe.
+    //
+    //  * We kill executor
+    //      * YarnAllocator re-request target executors
+    //         * DRA can not release executors since they are new added
+    // ----------------------------------------------------------------> timeline
     executorAllocationClient.killExecutors(
       executorIds = executorsToKill,
-      adjustTargetNumExecutors = false,
+      adjustTargetNumExecutors = true,
       countFailures = false,
       force = false)
   }
@@ -201,7 +218,7 @@ case class FinalStageResourceManager(session: SparkSession)
     OptimizeShuffleWithLocalRead)
 }
 
-trait FinalRebalanceStageHelper {
+trait FinalRebalanceStageHelper extends AdaptiveSparkPlanHelper {
   @tailrec
   final protected def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
     plan match {
@@ -216,4 +233,11 @@ trait FinalRebalanceStageHelper {
       case _ => None
     }
   }
+
+  final protected def hasTableCache(plan: SparkPlan): Boolean = {
+    find(plan) {
+      case _: InMemoryTableScanExec => true
+      case _ => false
+    }.isDefined
+  }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index 4df924b51..aeee45869 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -198,6 +198,13 @@ object KyuubiSQLConf {
       .booleanConf
       .createWithDefault(false)
 
+  val FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE =
+    buildConf("spark.sql.finalWriteStage.skipKillingExecutorsForTableCache")
+      .doc("When true, skip killing executors if the plan has table caches.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(true)
+
   val FINAL_WRITE_STAGE_PARTITION_FACTOR =
     buildConf("spark.sql.finalWriteStage.retainExecutorsFactor")
       .doc("If the target executors * factor < active executors, and " +

From d7532c5fd5b8fdf4931d1365520191b14e422491 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 10 Apr 2023 13:12:34 +0800
Subject: [PATCH 266/760] [KYUUBI #4615] Bump Ranger from 2.3.0 to 2.4.0

### _Why are the changes needed?_

To close #4615
- bump Ranger version to 2.4.0, release notes: https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.4.0+-+Release+Notes
- #4585 fixed duplication and conflict in policy file
- update docs

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4675 from bowenliang123/ranger-2.4.0.

Closes #4615

d403bc324 [liangbowen] bump ranger from 2.3.0 to 2.4.0

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/security/authorization/spark/build.md    | 1 +
 extensions/spark/kyuubi-spark-authz/README.md | 5 +++--
 extensions/spark/kyuubi-spark-authz/pom.xml   | 2 +-
 pom.xml                                       | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md
index 8520d853e..ea45f5d6b 100644
--- a/docs/security/authorization/spark/build.md
+++ b/docs/security/authorization/spark/build.md
@@ -70,6 +70,7 @@ The available `ranger.version`s are shown in the following table.
 
 | Ranger Version | Supported |                                          Remark                                           |
 |:--------------:|:---------:|:-----------------------------------------------------------------------------------------:|
+|     2.4.x      |     √     |                                             -                                             |
 |     2.3.x      |     √     |                                             -                                             |
 |     2.2.x      |     √     |                                             -                                             |
 |     2.1.x      |     √     |                                             -                                             |
diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index 5aafaf31e..eb3804a65 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -26,7 +26,7 @@
 ## Build
 
 ```shell
-build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dranger.version=2.3.0
+build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dranger.version=2.4.0
 ```
 
 ### Supported Apache Spark Versions
@@ -44,7 +44,8 @@ build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dran
 
 `-Dranger.version=`
 
-- [x] 2.3.x (default)
+- [x] 2.4.x (default)
+- [x] 2.3.x
 - [x] 2.2.x
 - [x] 2.1.x
 - [x] 2.0.x
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 0ecb54659..fc96a2809 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -337,7 +337,7 @@
                 <!-- activated when Ranger version is identical to required-->
                 <property>
                     <name>ranger.version</name>
-                    <value>2.3.0</value>
+                    <value>2.4.0</value>
                 </property>
             </activation>
             <build>
diff --git a/pom.xml b/pom.xml
index 1fba6edea..f17ced3e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -180,7 +180,7 @@
         <prometheus.version>0.16.0</prometheus.version>
         <protobuf.version>3.21.7</protobuf.version>
         <py4j.version>0.10.7</py4j.version>
-        <ranger.version>2.3.0</ranger.version>
+        <ranger.version>2.4.0</ranger.version>
         <scalatest.version>3.2.15</scalatest.version>
         <scalatestplus.version>3.2.15.0</scalatestplus.version>
         <scopt.version>4.1.0</scopt.version>

From f5ef4018eeb1b6495afbc48dcfe7b2f004e8abce Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Mon, 10 Apr 2023 13:16:20 +0800
Subject: [PATCH 267/760] [KYUUBI #3654][UI] Add Engine Manager Page

### _Why are the changes needed?_

Close #3654

Add Engine Manager Page for UI

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

![popo_2023-04-07  14-19-01](https://user-images.githubusercontent.com/52876270/230553293-a935533c-792f-47e6-9c3d-e91bf469452e.jpg)

Closes #4674 from zwangsheng/KYUUBI_3654.

Closes #3654

b18c7d2d9 [zwangsheng] fix style
75b61350a [zwangsheng] fix style
a064203fc [zwangsheng] I18n
da61ea2fe [zwangsheng] [KYUUBI #3654][UI] Engine Manager Page

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/src/api/engine/index.ts  |  35 ++++
 kyuubi-server/web-ui/src/api/engine/types.ts  |  25 +++
 .../web-ui/src/locales/en_US/index.ts         |  18 +-
 .../web-ui/src/locales/zh_CN/index.ts         |  18 +-
 .../web-ui/src/router/engine/index.ts         |  26 +++
 kyuubi-server/web-ui/src/router/index.ts      |   2 +
 kyuubi-server/web-ui/src/utils/engine.ts      |  26 +++
 .../web-ui/src/views/engine/index.vue         | 166 ++++++++++++++++++
 .../views/layout/components/aside/types.ts    |  10 ++
 .../operation/operation-statistics/index.vue  |  10 +-
 .../session/session-statistics/index.vue      |   6 +-
 11 files changed, 326 insertions(+), 16 deletions(-)
 create mode 100644 kyuubi-server/web-ui/src/api/engine/index.ts
 create mode 100644 kyuubi-server/web-ui/src/api/engine/types.ts
 create mode 100644 kyuubi-server/web-ui/src/router/engine/index.ts
 create mode 100644 kyuubi-server/web-ui/src/utils/engine.ts
 create mode 100644 kyuubi-server/web-ui/src/views/engine/index.vue

diff --git a/kyuubi-server/web-ui/src/api/engine/index.ts b/kyuubi-server/web-ui/src/api/engine/index.ts
new file mode 100644
index 000000000..ff6dc038d
--- /dev/null
+++ b/kyuubi-server/web-ui/src/api/engine/index.ts
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import request from '@/utils/request'
+import { IEngineSearch } from './types'
+
+export function getAllEngines(params: IEngineSearch) {
+  return request({
+    url: 'api/v1/admin/engine',
+    method: 'get',
+    params
+  })
+}
+
+export function deleteEngine(params: IEngineSearch) {
+  return request({
+    url: 'api/v1/admin/engine',
+    method: 'delete',
+    params
+  })
+}
diff --git a/kyuubi-server/web-ui/src/api/engine/types.ts b/kyuubi-server/web-ui/src/api/engine/types.ts
new file mode 100644
index 000000000..86a05dd29
--- /dev/null
+++ b/kyuubi-server/web-ui/src/api/engine/types.ts
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+interface IEngineSearch {
+  type: null | string
+  sharelevel: null | string
+  'hive.server2.proxy.user': null | string
+  subdomain?: null | string
+}
+
+export { IEngineSearch }
diff --git a/kyuubi-server/web-ui/src/locales/en_US/index.ts b/kyuubi-server/web-ui/src/locales/en_US/index.ts
index d50f22915..dc1986939 100644
--- a/kyuubi-server/web-ui/src/locales/en_US/index.ts
+++ b/kyuubi-server/web-ui/src/locales/en_US/index.ts
@@ -23,15 +23,25 @@ export default {
   session_id: 'Session ID',
   operation_id: 'Operation ID',
   create_time: 'Create Time',
-  operation: 'Operation',
-  delete_confirm: 'Delete Confirm',
-  close_confirm: 'Close Confirm',
-  cancel_confirm: 'Cancel Confirm',
   start_time: 'State Time',
   complete_time: 'Completed Time',
   state: 'State',
   duration: 'Duration',
   statement: 'Statement',
+  engine_address: 'Engine Address',
+  engine_id: 'Engine ID',
+  engine_type: 'Engine Type',
+  share_level: 'Share Level',
+  version: 'Version',
+  operation: {
+    text: 'Operation',
+    delete_confirm: 'Delete Confirm',
+    close_confirm: 'Close Confirm',
+    cancel_confirm: 'Cancel Confirm',
+    close: 'Close',
+    cancel: 'Cancel',
+    delete: 'Delete'
+  },
   message: {
     delete_succeeded: 'Delete {name} Succeeded',
     delete_failed: 'Delete {name} Failed',
diff --git a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
index 443d129cc..87b15cc4d 100644
--- a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
+++ b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
@@ -23,15 +23,25 @@ export default {
   session_id: 'Session ID',
   operation_id: 'Operation ID',
   create_time: '创建时间',
-  operation: '操作',
-  delete_confirm: '确认删除',
-  close_confirm: '确认关闭',
-  cancel_confirm: '确认取消',
   start_time: '开始时间',
   complete_time: '完成时间',
   state: '状态',
   duration: '运行时间',
   statement: 'Statement',
+  engine_address: 'Engine 地址',
+  engine_id: 'Engine ID',
+  engine_type: 'Engine 类型',
+  share_level: '共享级别',
+  version: '版本',
+  operation: {
+    text: '操作',
+    delete_confirm: '确认删除',
+    close_confirm: '确认关闭',
+    cancel_confirm: '确认取消',
+    close: '关闭',
+    cancel: '取消',
+    delete: '删除'
+  },
   message: {
     delete_succeeded: '删除 {name} 成功',
     delete_failed: '删除 {name} 失败',
diff --git a/kyuubi-server/web-ui/src/router/engine/index.ts b/kyuubi-server/web-ui/src/router/engine/index.ts
new file mode 100644
index 000000000..22b056a32
--- /dev/null
+++ b/kyuubi-server/web-ui/src/router/engine/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const routes = [
+  {
+    path: '/engine/engine-statistics',
+    name: 'engine-statistics',
+    component: () => import('@/views/engine/index.vue')
+  }
+]
+
+export default routes
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 4d01da552..241cdf506 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -21,6 +21,7 @@ import workloadRoutes from './workload'
 import operationRoutes from './operation'
 import contactRoutes from './contact'
 import sessionRoutes from './session'
+import engineRoutes from './engine'
 
 const routes = [
   {
@@ -40,6 +41,7 @@ const routes = [
       ...sessionRoutes,
       ...workloadRoutes,
       ...operationRoutes,
+      ...engineRoutes,
       ...contactRoutes
     ]
   }
diff --git a/kyuubi-server/web-ui/src/utils/engine.ts b/kyuubi-server/web-ui/src/utils/engine.ts
new file mode 100644
index 000000000..da6646191
--- /dev/null
+++ b/kyuubi-server/web-ui/src/utils/engine.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+function getEngineType() {
+  return ['SPARK_SQL', 'FLINK_SQL', 'TRINO', 'HIVE_SQL', 'JDBC']
+}
+
+function getShareLevel() {
+  return ['CONNECTION', 'USER', 'GROUP', 'SERVER']
+}
+
+export { getEngineType, getShareLevel }
diff --git a/kyuubi-server/web-ui/src/views/engine/index.vue b/kyuubi-server/web-ui/src/views/engine/index.vue
new file mode 100644
index 000000000..cecbde709
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/engine/index.vue
@@ -0,0 +1,166 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+<template>
+  <el-card :body-style="{ padding: '10px 14px' }" class="filter_card">
+    <header>
+      <el-space class="search-box">
+        <el-select
+          v-model="searchParam.type"
+          :placeholder="$t('engine_type')"
+          clearable
+          style="width: 210px"
+          @change="getList">
+          <el-option
+            v-for="item in getEngineType()"
+            :key="item"
+            :label="item"
+            :value="item" />
+        </el-select>
+        <el-select
+          v-model="searchParam.sharelevel"
+          :placeholder="$t('share_level')"
+          clearable
+          style="width: 210px"
+          @change="getList">
+          <el-option
+            v-for="item in getShareLevel()"
+            :key="item"
+            :label="item"
+            :value="item" />
+        </el-select>
+        <el-input
+          v-model="searchParam['hive.server2.proxy.user']"
+          :placeholder="$t('user')"
+          style="width: 210px"
+          @keyup.enter="getList" />
+        <el-button type="primary" icon="Search" @click="getList" />
+      </el-space>
+    </header>
+  </el-card>
+  <el-card class="table-container">
+    <el-table v-loading="loading" :data="tableData" style="width: 100%">
+      <el-table-column
+        prop="instance"
+        :label="$t('engine_address')"
+        min-width="20%" />
+      <el-table-column :label="$t('engine_id')" min-width="20%">
+        <template #default="scope">
+          <span>{{
+            scope.row.attributes && scope.row.attributes['kyuubi.engine.id']
+              ? scope.row.attributes['kyuubi.engine.id']
+              : '-'
+          }}</span>
+        </template>
+      </el-table-column>
+      <el-table-column
+        prop="engineType"
+        :label="$t('engine_type')"
+        min-width="20%" />
+      <el-table-column
+        prop="sharelevel"
+        :label="$t('share_level')"
+        min-width="20%" />
+
+      <el-table-column prop="user" :label="$t('user')" min-width="15%" />
+      <el-table-column prop="version" :label="$t('version')" min-width="15%" />
+      <el-table-column fixed="right" :label="$t('operation.text')" width="120">
+        <template #default="scope">
+          <el-space wrap>
+            <el-popconfirm
+              :title="$t('operation.delete_confirm')"
+              @confirm="handleDeleteEngine(scope.row)">
+              <template #reference>
+                <span>
+                  <el-tooltip
+                    effect="dark"
+                    :content="$t('operation.delete')"
+                    placement="top">
+                    <template #default>
+                      <el-button type="danger" icon="Delete" circle />
+                    </template>
+                  </el-tooltip>
+                </span>
+              </template>
+            </el-popconfirm>
+          </el-space>
+        </template>
+      </el-table-column>
+    </el-table>
+  </el-card>
+</template>
+
+<script lang="ts" setup>
+  import { reactive } from 'vue'
+  import { getAllEngines, deleteEngine } from '@/api/engine'
+  import { IEngineSearch } from '@/api/engine/types'
+  import { useTable } from '@/views/common/use-table'
+  import { ElMessage } from 'element-plus'
+  import { useI18n } from 'vue-i18n'
+  import { getEngineType, getShareLevel } from '@/utils/engine'
+
+  const { t } = useI18n()
+  const { tableData, loading, getList: _getList } = useTable()
+  // default search params
+  const searchParam: IEngineSearch = reactive({
+    type: 'SPARK_SQL',
+    sharelevel: 'USER',
+    'hive.server2.proxy.user': 'anonymous'
+  })
+  const getList = () => {
+    _getList(getAllEngines, searchParam)
+  }
+  const init = () => {
+    getList()
+  }
+
+  function handleDeleteEngine(row: any) {
+    deleteEngine({
+      type: row?.engineType,
+      sharelevel: row?.sharelevel,
+      'hive.server2.proxy.user': row?.user,
+      subdomain: row?.subdomain
+    })
+      .then(() => {
+        ElMessage({
+          message: t('delete_succeeded', { name: 'engine' }),
+          type: 'success'
+        })
+      })
+      .catch(() => {
+        ElMessage({
+          message: t('delete_failed', { name: 'engine' }),
+          type: 'error'
+        })
+      })
+      .finally(() => {
+        getList()
+      })
+  }
+
+  init()
+</script>
+
+<style scoped lang="scss">
+  header {
+    display: flex;
+    justify-content: flex-end;
+  }
+  .filter_card {
+    margin-bottom: 10px;
+  }
+</style>
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
index 4772c1a4e..72b150fa8 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
@@ -31,6 +31,16 @@ export const MENUS = [
       }
     ]
   },
+  {
+    label: 'Engine Management',
+    icon: 'List',
+    children: [
+      {
+        label: 'Engine Statistics',
+        router: '/engine/engine-statistics'
+      }
+    ]
+  },
   {
     label: 'Workload',
     icon: 'List',
diff --git a/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue b/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
index ff6706c72..992257eb8 100644
--- a/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
+++ b/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
@@ -54,18 +54,18 @@
             : '-'
         }}</template>
       </el-table-column>
-      <el-table-column fixed="right" :label="$t('operation')" width="110">
+      <el-table-column fixed="right" :label="$t('operation.text')" width="110">
         <template #default="scope">
           <el-space wrap>
             <el-popconfirm
               v-if="!isTerminalState(scope.row.state)"
-              :title="$t('cancel_confirm')"
+              :title="$t('operation.cancel_confirm')"
               @confirm="handleOperate(scope.row.identifier, 'CANCEL')">
               <template #reference>
                 <span>
                   <el-tooltip
                     effect="dark"
-                    :content="$t('cancel')"
+                    :content="$t('operation.cancel')"
                     placement="top">
                     <template #default>
                       <el-button type="danger" icon="Remove" circle />
@@ -75,13 +75,13 @@
               </template>
             </el-popconfirm>
             <el-popconfirm
-              :title="$t('close_confirm')"
+              :title="$t('operation.close_confirm')"
               @confirm="handleOperate(scope.row.identifier, 'CLOSE')">
               <template #reference>
                 <span>
                   <el-tooltip
                     effect="dark"
-                    :content="$t('close')"
+                    :content="$t('operation.close')"
                     placement="top">
                     <template #default>
                       <el-button type="danger" icon="CircleClose" circle />
diff --git a/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue b/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue
index 40a9b7568..327664dd1 100644
--- a/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue
+++ b/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue
@@ -46,16 +46,16 @@
           }}
         </template>
       </el-table-column>
-      <el-table-column fixed="right" :label="$t('operation')">
+      <el-table-column fixed="right" :label="$t('operation.text')">
         <template #default="scope">
           <el-popconfirm
-            :title="$t('delete_confirm')"
+            :title="$t('operation.delete_confirm')"
             @confirm="handleDeleteSession(scope.row.identifier)">
             <template #reference>
               <span>
                 <el-tooltip
                   effect="dark"
-                  :content="$t('delete')"
+                  :content="$t('operation.delete')"
                   placement="top">
                   <template #default>
                     <el-button type="danger" icon="Delete" circle />

From 458d92540ea0f26ec53af2ffbba2d8937bd64aea Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Mon, 10 Apr 2023 14:19:20 +0800
Subject: [PATCH 268/760] [KYUUBI #4590] Bump delta from 2.2.0 to 2.3.0

### _Why are the changes needed?_

test against delta-2.3.0

https://github.com/delta-io/delta/releases/tag/v2.3.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4590 from cfmcgrady/delta-2.3.0.

Closes #4590

cbabf2191 [Fu Chen] delta 2.3.0
f05faf09a [Fu Chen] fix
62cd94728 [Fu Chen] test against delta-2.3.0rc1

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f17ced3e2..820216814 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,7 @@
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <curator.version>2.12.0</curator.version>
         <etcd.version>0.7.3</etcd.version>
-        <delta.version>2.2.0</delta.version>
+        <delta.version>2.3.0</delta.version>
         <failsafe.verion>2.4.4</failsafe.verion>
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>

From f0615a9aab0a5b755c16ee0b966a5ea59b98bd10 Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Mon, 10 Apr 2023 16:47:28 +0800
Subject: [PATCH 269/760] [KYUUBI #4683] Update
 `spark.sql.finalWriteStage.resourceIsolation.enabled` version

### _Why are the changes needed?_

fix the wrong version

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4683 from ulysses-you/followup.

Closes #4683

8e5d46fda [ulysses-you] update version

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/rules.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/extensions/engines/spark/rules.md b/docs/extensions/engines/spark/rules.md
index 46e8dd3d1..8fa636c31 100644
--- a/docs/extensions/engines/spark/rules.md
+++ b/docs/extensions/engines/spark/rules.md
@@ -86,7 +86,7 @@ Kyuubi provides some configs to make these feature easy to use.
 | spark.sql.finalWriteStage.eagerlyKillExecutors.enabled              | false                                  | When true, eagerly kill redundant executors before running final write stage.                                                                                                                                                                                                                                                                        | 1.8.0 |
 | spark.sql.finalWriteStage.skipKillingExecutorsForTableCache         | true                                   | When true, skip killing executors if the plan has table caches.                                                                                                                                                                                                                                                                                      | 1.8.0 |
 | spark.sql.finalWriteStage.retainExecutorsFactor                     | 1.2                                    | If the target executors * factor < active executors, and target executors * factor > min executors, then inject kill executors or inject custom resource profile.                                                                                                                                                                                    | 1.8.0 |
-| spark.sql.finalWriteStage.resourceIsolation.enabled                 | false                                  | When true, make final write stage resource isolation using custom RDD resource profile.                                                                                                                                                                                                                                                              | 1.2.0 |
+| spark.sql.finalWriteStage.resourceIsolation.enabled                 | false                                  | When true, make final write stage resource isolation using custom RDD resource profile.                                                                                                                                                                                                                                                              | 1.8.0 |
 | spark.sql.finalWriteStageExecutorCores                              | fallback spark.executor.cores          | Specify the executor core request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                             | 1.8.0 |
 | spark.sql.finalWriteStageExecutorMemory                             | fallback spark.executor.memory         | Specify the executor on heap memory request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                   | 1.8.0 |
 | spark.sql.finalWriteStageExecutorMemoryOverhead                     | fallback spark.executor.memoryOverhead | Specify the executor memory overhead request for final write stage. It would be passed to the RDD resource profile.                                                                                                                                                                                                                                  | 1.8.0 |

From fa60e4c70be38bd87fefe50558277fa90a632c1e Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 12 Apr 2023 15:25:08 +0800
Subject: [PATCH 270/760] [KYUUBI #4691] [REST] Configure
 FAIL_ON_UNKNOWN_PROPERTIES to false for KyuubiScalaObjectMapper

### _Why are the changes needed?_

Do not failed on unknown properties in server side.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4691 from turboFei/ignore.

Closes #4691

a03cb5be0 [fwang12] Ignore
c406878e7 [fwang12] Fast return batch info when post batches

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/server/api/KyuubiScalaObjectMapper.scala  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/KyuubiScalaObjectMapper.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/KyuubiScalaObjectMapper.scala
index 776c35ba7..724da1209 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/KyuubiScalaObjectMapper.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/KyuubiScalaObjectMapper.scala
@@ -19,11 +19,13 @@ package org.apache.kyuubi.server.api
 
 import javax.ws.rs.ext.ContextResolver
 
-import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.databind.{DeserializationFeature, ObjectMapper}
 import com.fasterxml.jackson.module.scala.DefaultScalaModule
 
 class KyuubiScalaObjectMapper extends ContextResolver[ObjectMapper] {
-  private val mapper = new ObjectMapper().registerModule(DefaultScalaModule)
+  private val mapper = new ObjectMapper()
+    .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
+    .registerModule(DefaultScalaModule)
 
   override def getContext(aClass: Class[_]): ObjectMapper = mapper
 }

From 1029fd674d66a69d9ee4437713f22d20ca8efe01 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Wed, 12 Apr 2023 18:05:03 +0800
Subject: [PATCH 271/760] Revert "[KYUUBI #4647] Bump Maven from 3.8.7 to 3.9.1
 and Mvnd from 0.9.0 to 1.0-m6"

This reverts commit b818c6fd84e04c5a3aa13a789bceb805c29c63aa.
---
 build/mvnd | 9 ++++-----
 pom.xml    | 4 ++--
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/build/mvnd b/build/mvnd
index f0c72332f..81a6f5c20 100755
--- a/build/mvnd
+++ b/build/mvnd
@@ -94,9 +94,8 @@ function get_os_arch() {
 # Determine the Mvnd version from the root pom.xml file and
 # install mvnd under the build/ folder if needed.
 function install_mvnd() {
-  local MVN_VERSION=$(grep "<maven.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
   local MVND_VERSION=$(grep "<mvnd.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
-  local MVND_MVN_SHORT_VERSION=$(echo "$MVN_VERSION" | awk -F . '{print $1$2}')
+  local MVN_VERSION=$(grep "<maven.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
   MVND_BIN="$(command -v mvnd)"
   if [ "$MVND_BIN" ]; then
     local MVND_DETECTED_VERSION="$(mvnd -v 2>&1 | grep '(mvnd)' | awk '{print $5}')"
@@ -112,10 +111,10 @@ function install_mvnd() {
 
     install_app \
       "${APACHE_MIRROR}/maven/mvnd/${MVND_VERSION}" \
-      "maven-mvnd-${MVND_VERSION}-m${MVND_MVN_SHORT_VERSION}-${OS_TYPE}-${ARCH}.tar.gz" \
-      "maven-mvnd-${MVND_VERSION}-m${MVND_MVN_SHORT_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
+      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}.tar.gz" \
+      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
 
-    MVND_BIN="${_DIR}/maven-mvnd-${MVND_VERSION}-m${MVND_MVN_SHORT_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
+    MVND_BIN="${_DIR}/maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
   else
     if [ "$(version $MVN_DETECTED_VERSION)" -ne "$(version $MVN_VERSION)" ]; then
       echo "Mvnd $MVND_DETECTED_VERSION embedded maven version $MVN_DETECTED_VERSION is not equivalent to $MVN_VERSION required in pom."
diff --git a/pom.xml b/pom.xml
index 820216814..bbbabc62b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,8 +109,8 @@
 
     <properties>
         <java.version>1.8</java.version>
-        <maven.version>3.9.1</maven.version>
-        <mvnd.version>1.0-m6</mvnd.version>
+        <maven.version>3.8.7</maven.version>
+        <mvnd.version>0.9.0</mvnd.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <scala.version>2.12.17</scala.version>

From cbde82cfc47af8fe1fdc015e65303d072e89eaf2 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 12 Apr 2023 20:07:54 +0800
Subject: [PATCH 272/760] Revert "[KYUUBI #4502] Reduce build concurency
 mvnd.minThreads in CI builds"

This reverts commit 38cf59d47be8f6d1b45562259c9e6342215888de.
---
 build/mvnd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/mvnd b/build/mvnd
index 81a6f5c20..9af3429f3 100755
--- a/build/mvnd
+++ b/build/mvnd
@@ -25,7 +25,7 @@ _CALLING_DIR="$(pwd)"
 _COMPILE_JVM_OPTS="-Xms2g -Xmx2g -XX:ReservedCodeCacheSize=1g -Xss128m"
 
 if [ "$CI" ]; then
-  export MAVEN_CLI_OPTS="-Dmvnd.minThreads=4 --no-transfer-progress --errors --fail-fast -Dstyle.color=always"
+  export MAVEN_CLI_OPTS="-Dmvnd.minThreads=8 --no-transfer-progress --errors --fail-fast -Dstyle.color=always"
 fi
 
 # Installs any application tarball given a URL, the expected tarball name,

From af82f4dfb885090eb0f16db4529ee9dce8d11fb5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 12 Apr 2023 20:08:49 +0800
Subject: [PATCH 273/760] Revert "[KYUUBI #4481] Setup and use cached maven in
 CI jobs"

This reverts commit d2a0fe2b60b6b20406ce7c02a553807b2ffdfc6e.
---
 .github/actions/setup-mvnd/action.yaml |  5 +++--
 .github/workflows/dep.yml              |  2 +-
 .github/workflows/license.yml          |  2 +-
 .github/workflows/master.yml           | 16 ----------------
 .github/workflows/nightly.yml          |  2 --
 .github/workflows/style.yml            |  2 +-
 6 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/.github/actions/setup-mvnd/action.yaml b/.github/actions/setup-mvnd/action.yaml
index dac05c024..55c8139ff 100644
--- a/.github/actions/setup-mvnd/action.yaml
+++ b/.github/actions/setup-mvnd/action.yaml
@@ -16,7 +16,8 @@
 #
 
 name: 'setup-mvnd'
-description: 'Setup Maven and Mvnd'
+description: 'Setup the maven daemon'
+continue-on-error: true
 runs:
   using: composite
   steps:
@@ -31,5 +32,5 @@ runs:
       run: build/mvn -v
       shell: bash
     - name: Check Mvnd
-      run: build/mvnd -v || true
+      run: build/mvnd -v
       shell: bash
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index 09197951a..72f5c915d 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -45,7 +45,7 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
+      - name: Setup Mvnd
         uses: ./.github/actions/setup-mvnd
       - name: Check kyuubi modules available
         id: modules-check
diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index e62605e7f..a490def91 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -42,7 +42,7 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
+      - name: Setup Mvnd
         uses: ./.github/actions/setup-mvnd
       - run: >-
           build/mvnd org.apache.rat:apache-rat-plugin:check
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index b8b3f7072..8d8eaa009 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -77,8 +77,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Setup Python
@@ -133,8 +131,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Kyuubi AuthZ with supported Spark versions
@@ -181,8 +177,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build Flink with maven w/o linters
@@ -229,8 +223,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Hive with maven w/o linters
@@ -268,8 +260,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test JDBC with maven w/o linters
@@ -307,8 +297,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Trino with maven w/o linters
@@ -341,8 +329,6 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Run TPC-DS Tests
@@ -480,8 +466,6 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: zookeeper integration tests
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index b53a7d292..149da6d82 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -43,8 +43,6 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Build with Maven
         run: ./build/mvn clean install ${{ matrix.profiles }} -Dmaven.javadoc.skip=true -V
       - name: Upload test logs
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 2824e5972..6ca1903e1 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -47,7 +47,7 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Maven and Mvnd
+      - name: Setup Mvnd
         uses: ./.github/actions/setup-mvnd
       - name: Setup Python 3
         uses: actions/setup-python@v4

From 1c6965270a10dc792a528ec74a8214efd8d6afa3 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 12 Apr 2023 20:09:25 +0800
Subject: [PATCH 274/760] Revert "[KYUUBI #4274] [FOLLOWUP] Increase maximum
 degree of concurrency for mvnd in CI jobs"

This reverts commit 5fab9b710ae048f165d4467d0368eb5d41ed50c1.
---
 .github/actions/setup-mvnd/action.yaml | 6 +-----
 .github/workflows/dep.yml              | 2 +-
 .github/workflows/style.yml            | 6 +++---
 build/mvnd                             | 7 +------
 4 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/.github/actions/setup-mvnd/action.yaml b/.github/actions/setup-mvnd/action.yaml
index 55c8139ff..d7497e332 100644
--- a/.github/actions/setup-mvnd/action.yaml
+++ b/.github/actions/setup-mvnd/action.yaml
@@ -17,7 +17,6 @@
 
 name: 'setup-mvnd'
 description: 'Setup the maven daemon'
-continue-on-error: true
 runs:
   using: composite
   steps:
@@ -27,10 +26,7 @@ runs:
         path: |
           build/maven-mvnd-*
           build/apache-maven-*
-        key: setup-mvnd-${{ runner.os }}
-    - name: Check Maven
-      run: build/mvn -v
-      shell: bash
+        key: setup-mvnd-${{ runner.os }}-mvnd
     - name: Check Mvnd
       run: build/mvnd -v
       shell: bash
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index 72f5c915d..ebda6b47e 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -50,7 +50,7 @@ jobs:
       - name: Check kyuubi modules available
         id: modules-check
         run: >-
-          build/mvnd dependency:resolve validate -q
+          build/mvnd dependency:resolve validate
           -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile"
           -Pfast -Denforcer.skip=false
           -pl kyuubi-ctl,kyuubi-server,kyuubi-assembly -am
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 6ca1903e1..562e93120 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -56,7 +56,7 @@ jobs:
           cache: 'pip'
       - name: Check kyuubi modules available
         id: modules-check
-        run: build/mvnd dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true -q ${{ matrix.profiles }}
+        run: build/mvnd dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true ${{ matrix.profiles }}
         continue-on-error: true
 
       - name: Install
@@ -71,7 +71,7 @@ jobs:
 
       - name: Scalastyle with maven
         id: scalastyle-check
-        run: build/mvnd scalastyle:check -q ${{ matrix.profiles }}
+        run: build/mvnd scalastyle:check ${{ matrix.profiles }}
       - name: Print scalastyle error report
         if: failure() && steps.scalastyle-check.outcome != 'success'
         run: >-
@@ -85,7 +85,7 @@ jobs:
         run: |
           SPOTLESS_BLACK_VERSION=$(build/mvn help:evaluate -Dexpression=spotless.python.black.version -q -DforceStdout)
           pip install black==$SPOTLESS_BLACK_VERSION
-          build/mvnd spotless:check -q ${{ matrix.profiles }} -Pspotless-python
+          build/mvnd spotless:check ${{ matrix.profiles }} -Pspotless-python
       - name: setup npm
         uses: actions/setup-node@v3
         with:
diff --git a/build/mvnd b/build/mvnd
index 9af3429f3..493ee43ad 100755
--- a/build/mvnd
+++ b/build/mvnd
@@ -25,7 +25,7 @@ _CALLING_DIR="$(pwd)"
 _COMPILE_JVM_OPTS="-Xms2g -Xmx2g -XX:ReservedCodeCacheSize=1g -Xss128m"
 
 if [ "$CI" ]; then
-  export MAVEN_CLI_OPTS="-Dmvnd.minThreads=8 --no-transfer-progress --errors --fail-fast -Dstyle.color=always"
+  export MAVEN_CLI_OPTS="--no-transfer-progress --errors --fail-fast"
 fi
 
 # Installs any application tarball given a URL, the expected tarball name,
@@ -131,9 +131,4 @@ cd "${_CALLING_DIR}"
 export MAVEN_OPTS=${MAVEN_OPTS:-"$_COMPILE_JVM_OPTS"}
 
 echo "Using \`mvnd\` from path: $MVND_BIN" 1>&2
-
-if [ "$MAVEN_CLI_OPTS" != "" ]; then
-  echo "MAVEN_CLI_OPTS=$MAVEN_CLI_OPTS"
-fi
-
 ${MVND_BIN} $MAVEN_CLI_OPTS "$@"

From 6431225b441193647c6134ab2587bd4f96d87638 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 12 Apr 2023 20:13:38 +0800
Subject: [PATCH 275/760] Revert "[KYUUBI #4274] [INFRA] Introduce `mvnd`  to
 speed up CI jobs of Dependency, Licence and Style Check"

This reverts commit d862272645dab08878c8f99158977b622227e784.
---
 .github/actions/setup-mvnd/action.yaml |  32 ------
 .github/workflows/dep.yml              |   7 +-
 .github/workflows/license.yml          |   4 +-
 .github/workflows/style.yml            |  16 ++-
 .gitignore                             |   1 -
 .rat-excludes                          |   1 -
 build/mvnd                             | 134 -------------------------
 pom.xml                                |   1 -
 8 files changed, 10 insertions(+), 186 deletions(-)
 delete mode 100644 .github/actions/setup-mvnd/action.yaml
 delete mode 100755 build/mvnd

diff --git a/.github/actions/setup-mvnd/action.yaml b/.github/actions/setup-mvnd/action.yaml
deleted file mode 100644
index d7497e332..000000000
--- a/.github/actions/setup-mvnd/action.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-name: 'setup-mvnd'
-description: 'Setup the maven daemon'
-runs:
-  using: composite
-  steps:
-    - name: Cache Mvnd
-      uses: actions/cache@v3
-      with:
-        path: |
-          build/maven-mvnd-*
-          build/apache-maven-*
-        key: setup-mvnd-${{ runner.os }}-mvnd
-    - name: Check Mvnd
-      run: build/mvnd -v
-      shell: bash
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index ebda6b47e..47e0d7023 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -26,7 +26,6 @@ on:
       # when pom or dependency workflow changes
       - '**/pom.xml'
       - '.github/workflows/dep.yml'
-      - .github/actions/setup-mvnd/*.yaml
 
 concurrency:
   group: dep-${{ github.head_ref || github.run_id }}
@@ -45,12 +44,10 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Check kyuubi modules available
         id: modules-check
         run: >-
-          build/mvnd dependency:resolve validate
+          build/mvn dependency:resolve validate
           -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile"
           -Pfast -Denforcer.skip=false
           -pl kyuubi-ctl,kyuubi-server,kyuubi-assembly -am
@@ -60,7 +57,7 @@ jobs:
           MAVEN_OPTS: -Dorg.slf4j.simpleLogger.defaultLogLevel=error
         if: steps.modules-check.conclusion == 'success' && steps.modules-check.outcome == 'failure'
         run: >-
-          build/mvnd clean install
+          build/mvn clean install
           -Pflink-provided,spark-provided,hive-provided
           -Dmaven.javadoc.skip=true
           -Drat.skip=true
diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index a490def91..17591dacb 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -42,10 +42,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Mvnd
-        uses: ./.github/actions/setup-mvnd
       - run: >-
-          build/mvnd org.apache.rat:apache-rat-plugin:check
+          build/mvn org.apache.rat:apache-rat-plugin:check
           -Ptpcds -Pspark-block-cleaner -Pkubernetes-it
           -Pspark-3.1 -Pspark-3.2 -Pspark-3.3
       - name: Upload rat report
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 562e93120..e45b826fc 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -47,16 +47,14 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
-      - name: Setup Mvnd
-        uses: ./.github/actions/setup-mvnd
       - name: Setup Python 3
         uses: actions/setup-python@v4
         with:
           python-version: '3.9'
           cache: 'pip'
-      - name: Check kyuubi modules available
+      - name: Check kyuubi modules avaliable
         id: modules-check
-        run: build/mvnd dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true ${{ matrix.profiles }}
+        run: build/mvn dependency:resolve -DincludeGroupIds="org.apache.kyuubi" -DincludeScope="compile" -DexcludeTransitive=true ${{ matrix.profiles }}
         continue-on-error: true
 
       - name: Install
@@ -65,13 +63,13 @@ jobs:
         if: steps.modules-check.conclusion == 'success' && steps.modules-check.outcome == 'failure'
         run: |
           MVN_OPT="-DskipTests -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip"
-          build/mvnd clean install ${MVN_OPT} -Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.2,tpcds
-          build/mvnd clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
-          build/mvnd clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-kudu,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
+          build/mvn clean install ${MVN_OPT} -Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.2,tpcds
+          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
+          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-kudu,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
 
       - name: Scalastyle with maven
         id: scalastyle-check
-        run: build/mvnd scalastyle:check ${{ matrix.profiles }}
+        run: build/mvn scalastyle:check ${{ matrix.profiles }}
       - name: Print scalastyle error report
         if: failure() && steps.scalastyle-check.outcome != 'success'
         run: >-
@@ -85,7 +83,7 @@ jobs:
         run: |
           SPOTLESS_BLACK_VERSION=$(build/mvn help:evaluate -Dexpression=spotless.python.black.version -q -DforceStdout)
           pip install black==$SPOTLESS_BLACK_VERSION
-          build/mvnd spotless:check ${{ matrix.profiles }} -Pspotless-python
+          build/mvn spotless:check ${{ matrix.profiles }} -Pspotless-python
       - name: setup npm
         uses: actions/setup-node@v3
         with:
diff --git a/.gitignore b/.gitignore
index 190294d06..a43859338 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,7 +40,6 @@
 .scala_dependencies
 .settings
 build/apache-maven*
-build/maven-mvnd*
 build/release/tmp
 build/scala*
 build/test
diff --git a/.rat-excludes b/.rat-excludes
index 7a841cf9c..645c673d0 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -32,7 +32,6 @@
 NOTICE*
 docs/**
 build/apache-maven-*/**
-build/maven-mvnd-*/**
 build/scala-*/**
 **/**/operation_logs/**/**
 **/**/server_operation_logs/**/**
diff --git a/build/mvnd b/build/mvnd
deleted file mode 100755
index 493ee43ad..000000000
--- a/build/mvnd
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Determine the current working directory
-_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-# Preserve the calling directory
-_CALLING_DIR="$(pwd)"
-# Options used during compilation
-_COMPILE_JVM_OPTS="-Xms2g -Xmx2g -XX:ReservedCodeCacheSize=1g -Xss128m"
-
-if [ "$CI" ]; then
-  export MAVEN_CLI_OPTS="--no-transfer-progress --errors --fail-fast"
-fi
-
-# Installs any application tarball given a URL, the expected tarball name,
-# and, optionally, a checkable binary path to determine if the binary has
-# already been installed
-## Arg1 - URL
-## Arg2 - Tarball Name
-## Arg3 - Checkable Binary
-install_app() {
-  local remote_tarball="$1/$2"
-  local local_tarball="${_DIR}/$2"
-  local binary="${_DIR}/$3"
-
-  # setup `curl` and `wget` silent options if we're running on Jenkins
-  local curl_opts="-L"
-  local wget_opts=""
-  curl_opts="--progress-bar ${curl_opts}"
-  wget_opts="--progress=bar:force ${wget_opts}"
-
-  if [ -z "$3" ] || [ ! -f "$binary" ]; then
-    # check if we already have the tarball
-    # check if we have curl installed
-    # download application
-    rm -f "$local_tarball"
-    [ ! -f "${local_tarball}" ] && [ "$(command -v curl)" ] && \
-      echo "exec: curl ${curl_opts} ${remote_tarball}" 1>&2 && \
-      curl ${curl_opts} "${remote_tarball}" > "${local_tarball}"
-    # if the file still doesn't exist, lets try `wget` and cross our fingers
-    [ ! -f "${local_tarball}" ] && [ "$(command -v wget)" ] && \
-      echo "exec: wget ${wget_opts} ${remote_tarball}" 1>&2 && \
-      wget ${wget_opts} -O "${local_tarball}" "${remote_tarball}"
-    # if both were unsuccessful, exit
-    [ ! -f "${local_tarball}" ] && \
-      echo -n "ERROR: Cannot download $2 with cURL or wget; " && \
-      echo "please install manually and try again." && \
-      exit 2
-    cd "${_DIR}" && tar -xzf "$2"
-    rm -rf "$local_tarball"
-  fi
-}
-
-function get_os_type() {
-  local unameOsOut=$(uname -s)
-  local osType
-  case "${unameOsOut}" in
-  Linux*) osType=linux ;;
-  Darwin*) osType=darwin ;;
-  CYGWIN*) osType=windows ;;
-  MINGW*) osType=windows ;;
-  *) osType="UNKNOWN:${unameOsOut}" ;;
-  esac
-  echo "$osType"
-}
-
-function get_os_arch() {
-  local unameArchOut="$(uname -m)"
-  local arch
-  case "${unameArchOut}" in
-  x86_64*) arch=amd64 ;;
-  arm64*) arch=aarch64 ;;
-  *) arch="UNKNOWN:${unameOsOut}" ;;
-  esac
-  echo "$arch"
-}
-
-# Determine the Mvnd version from the root pom.xml file and
-# install mvnd under the build/ folder if needed.
-function install_mvnd() {
-  local MVND_VERSION=$(grep "<mvnd.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
-  local MVN_VERSION=$(grep "<maven.version>" "${_DIR}/../pom.xml" | head -n1 | awk -F '[<>]' '{print $3}')
-  MVND_BIN="$(command -v mvnd)"
-  if [ "$MVND_BIN" ]; then
-    local MVND_DETECTED_VERSION="$(mvnd -v 2>&1 | grep '(mvnd)' | awk '{print $5}')"
-    local MVN_DETECTED_VERSION="$(mvnd -v 2>&1 | grep 'Apache Maven' | awk 'NR==2 {print $3}')"
-  fi
-  # See simple version normalization: http://stackoverflow.com/questions/16989598/bash-comparing-version-numbers
-  function version { echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }'; }
-
-  if [ $(version $MVND_DETECTED_VERSION) -ne $(version $MVND_VERSION) ]; then
-    local APACHE_MIRROR=${APACHE_MIRROR:-'https://downloads.apache.org'}
-    local OS_TYPE=$(get_os_type)
-    local ARCH=$(get_os_arch)
-
-    install_app \
-      "${APACHE_MIRROR}/maven/mvnd/${MVND_VERSION}" \
-      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}.tar.gz" \
-      "maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
-
-    MVND_BIN="${_DIR}/maven-mvnd-${MVND_VERSION}-${OS_TYPE}-${ARCH}/bin/mvnd"
-  else
-    if [ "$(version $MVN_DETECTED_VERSION)" -ne "$(version $MVN_VERSION)" ]; then
-      echo "Mvnd $MVND_DETECTED_VERSION embedded maven version $MVN_DETECTED_VERSION is not equivalent to $MVN_VERSION required in pom."
-      exit 1
-    fi
-  fi
-}
-
-install_mvnd
-
-cd "${_CALLING_DIR}"
-
-# Set any `mvn` options if not already present
-export MAVEN_OPTS=${MAVEN_OPTS:-"$_COMPILE_JVM_OPTS"}
-
-echo "Using \`mvnd\` from path: $MVND_BIN" 1>&2
-${MVND_BIN} $MAVEN_CLI_OPTS "$@"
diff --git a/pom.xml b/pom.xml
index bbbabc62b..aa4a83a56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,6 @@
     <properties>
         <java.version>1.8</java.version>
         <maven.version>3.8.7</maven.version>
-        <mvnd.version>0.9.0</mvnd.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <scala.version>2.12.17</scala.version>

From 72c2b601da0bd5dda21b48040c69511ede97fb00 Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Thu, 13 Apr 2023 09:48:06 +0800
Subject: [PATCH 276/760] [KYUUBI #4697] [K8S][HELM] Add template rendering
 info to README

### _Why are the changes needed?_

The user wants to test the template rendering so they can see the output. Debugging templates provide a quick way of viewing the generated content without YAML parse errors blocking.
There are two ways to render templates.
locally with `helm template --debug ../kyuubi`
on the server side with `helm install --dry-run --debug --generate-name ../kyuubi`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4697 from dev-lpq/helm_rendering.

Closes #4697

d83693df1 [Cheng Pan] Update charts/kyuubi/README.md
709d0b0a3 [pengqli] helm add template rendering
bce8ad9c6 [pengqli] helm add template rendering

Lead-authored-by: pengqli <pengqli@cisco.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/charts/kyuubi/README.md b/charts/kyuubi/README.md
index ef54c3226..a01fafde1 100644
--- a/charts/kyuubi/README.md
+++ b/charts/kyuubi/README.md
@@ -32,6 +32,20 @@ cluster using the [Helm](https://helm.sh) package manager.
 - Kubernetes cluster
 - Helm 3.0+
 
+## Template rendering
+
+When you want to test the template rendering, but not actually install anything. [Debugging templates](https://helm.sh/docs/chart_template_guide/debugging/) provide a quick way of viewing the generated content without YAML parse errors blocking.
+
+There are two ways to render templates. It will return the rendered template to you so you can see the output.
+
+- Local rendering chart templates
+```shell
+helm template --debug ../kyuubi
+```
+- Server side rendering chart templates
+```shell
+helm install --dry-run --debug --generate-name ../kyuubi
+```
 <!-- ## Features -->
 
 ## Documentation

From a9d3e11926ec828f8439ce5017e1aa8b62183b3e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 13 Apr 2023 13:06:29 +0800
Subject: [PATCH 277/760] [KYUUBI #4652] Upgrade Hadoop from 3.3.4 to 3.3.5

### _Why are the changes needed?_

Upgrade Hadoop from 3.3.4 to 3.3.5, close #4652

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4689 from huapan123456/master.

Closes #4652

810af9848 [Cheng Pan] fix
380786e9f [Cheng Pan] nit
7c5f18ef9 [Cheng Pan] nit
2d308943b [Cheng Pan] nit
76869d822 [Cheng Pan] handle HDFS-16591
36142c787 [huapan] fix(KYUUBI #4652): the position of JaasConfiguration has changed on hadoop-clint-api-3.3.5
1b5de6dfe [huapan] feat(KYUUBI #4652): upgrade hadoop-version from 3.3.4 to 3.3.5
f9d34c716 [huapan] feat(KYUUBI #4652): upgrade hadoop-client-api from 3.3.4 to 3.3.5

Lead-authored-by: Cheng Pan <chengpan@apache.org>
Co-authored-by: huapan <huapan@52tt.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList                            |  4 +-
 .../zookeeper/ZookeeperClientProvider.scala   | 66 +++++++++----------
 .../ZookeeperDiscoveryClientSuite.scala       |  9 +--
 pom.xml                                       |  2 +-
 4 files changed, 41 insertions(+), 40 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index ab7697d35..fc9913604 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -51,8 +51,8 @@ grpc-protobuf/1.48.0//grpc-protobuf-1.48.0.jar
 grpc-stub/1.48.0//grpc-stub-1.48.0.jar
 gson/2.9.0//gson-2.9.0.jar
 guava/31.1-jre//guava-31.1-jre.jar
-hadoop-client-api/3.3.4//hadoop-client-api-3.3.4.jar
-hadoop-client-runtime/3.3.4//hadoop-client-runtime-3.3.4.jar
+hadoop-client-api/3.3.5//hadoop-client-api-3.3.5.jar
+hadoop-client-runtime/3.3.5//hadoop-client-runtime-3.3.5.jar
 hive-common/3.1.3//hive-common-3.1.3.jar
 hive-metastore/3.1.3//hive-metastore-3.1.3.jar
 hive-serde/3.1.3//hive-serde-3.1.3.jar
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
index 8dd32d6b6..b7297d969 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.ha.client.zookeeper
 
 import java.io.{File, IOException}
+import java.nio.charset.StandardCharsets
 import javax.security.auth.login.Configuration
 
 import scala.util.Random
@@ -26,13 +27,13 @@ import com.google.common.annotations.VisibleForTesting
 import org.apache.curator.framework.{CuratorFramework, CuratorFrameworkFactory}
 import org.apache.curator.retry._
 import org.apache.hadoop.security.UserGroupInformation
-import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.JaasConfiguration
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.HighAvailabilityConf._
 import org.apache.kyuubi.ha.client.{AuthTypes, RetryPolicies}
 import org.apache.kyuubi.ha.client.RetryPolicies._
+import org.apache.kyuubi.reflection.DynConstructors
 import org.apache.kyuubi.util.KyuubiHadoopUtils
 
 object ZookeeperClientProvider extends Logging {
@@ -65,10 +66,8 @@ object ZookeeperClientProvider extends Logging {
       .aclProvider(new ZookeeperACLProvider(conf))
       .retryPolicy(retryPolicy)
 
-    conf.get(HA_ZK_AUTH_DIGEST) match {
-      case Some(anthString) =>
-        builder.authorization("digest", anthString.getBytes("UTF-8"))
-      case _ =>
+    conf.get(HA_ZK_AUTH_DIGEST).foreach { authString =>
+      builder.authorization("digest", authString.getBytes(StandardCharsets.UTF_8))
     }
 
     builder.build()
@@ -103,46 +102,47 @@ object ZookeeperClientProvider extends Logging {
    */
   @throws[Exception]
   def setUpZooKeeperAuth(conf: KyuubiConf): Unit = {
-    def setupZkAuth(): Unit = {
-      val keyTabFile = getKeyTabFile(conf)
-      val maybePrincipal = conf.get(HA_ZK_AUTH_PRINCIPAL)
-      val kerberized = maybePrincipal.isDefined && keyTabFile.isDefined
-      if (UserGroupInformation.isSecurityEnabled && kerberized) {
-        if (!new File(keyTabFile.get).exists()) {
-          throw new IOException(s"${HA_ZK_AUTH_KEYTAB.key}: $keyTabFile does not exists")
+    def setupZkAuth(): Unit = (conf.get(HA_ZK_AUTH_PRINCIPAL), getKeyTabFile(conf)) match {
+      case (Some(principal), Some(keytab)) if UserGroupInformation.isSecurityEnabled =>
+        if (!new File(keytab).exists()) {
+          throw new IOException(s"${HA_ZK_AUTH_KEYTAB.key}: $keytab does not exists")
         }
         System.setProperty("zookeeper.sasl.clientconfig", "KyuubiZooKeeperClient")
-        var principal = maybePrincipal.get
-        principal = KyuubiHadoopUtils.getServerPrincipal(principal)
-        val jaasConf = new JaasConfiguration("KyuubiZooKeeperClient", principal, keyTabFile.get)
+        val serverPrincipal = KyuubiHadoopUtils.getServerPrincipal(principal)
+        // HDFS-16591 makes breaking change on JaasConfiguration
+        val jaasConf = DynConstructors.builder()
+          .impl( // Hadoop 3.3.5 and above
+            "org.apache.hadoop.security.authentication.util.JaasConfiguration",
+            classOf[String],
+            classOf[String],
+            classOf[String])
+          .impl( // Hadoop 3.3.4 and previous
+            // scalastyle:off
+            "org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.JaasConfiguration",
+            // scalastyle:on
+            classOf[String],
+            classOf[String],
+            classOf[String])
+          .build[Configuration]()
+          .newInstance("KyuubiZooKeeperClient", serverPrincipal, keytab)
         Configuration.setConfiguration(jaasConf)
-      }
+      case _ =>
     }
 
-    if (conf.get(HA_ENGINE_REF_ID).isEmpty
-      && AuthTypes.withName(conf.get(HA_ZK_AUTH_TYPE)) == AuthTypes.KERBEROS) {
+    if (conf.get(HA_ENGINE_REF_ID).isEmpty &&
+      AuthTypes.withName(conf.get(HA_ZK_AUTH_TYPE)) == AuthTypes.KERBEROS) {
       setupZkAuth()
-    } else if (conf.get(HA_ENGINE_REF_ID).nonEmpty && AuthTypes
-        .withName(conf.get(HA_ZK_ENGINE_AUTH_TYPE)) == AuthTypes.KERBEROS) {
+    } else if (conf.get(HA_ENGINE_REF_ID).nonEmpty &&
+      AuthTypes.withName(conf.get(HA_ZK_ENGINE_AUTH_TYPE)) == AuthTypes.KERBEROS) {
       setupZkAuth()
     }
-
   }
 
   @VisibleForTesting
   def getKeyTabFile(conf: KyuubiConf): Option[String] = {
-    val zkAuthKeytab = conf.get(HA_ZK_AUTH_KEYTAB)
-    if (zkAuthKeytab.isDefined) {
-      val zkAuthKeytabPath = zkAuthKeytab.get
-      val relativeFileName = new File(zkAuthKeytabPath).getName
-      if (new File(relativeFileName).exists()) {
-        Some(relativeFileName)
-      } else {
-        Some(zkAuthKeytabPath)
-      }
-    } else {
-      None
+    conf.get(HA_ZK_AUTH_KEYTAB).map { fullPath =>
+      val filename = new File(fullPath).getName
+      if (new File(filename).exists()) filename else fullPath
     }
   }
-
 }
diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
index bbd8b94ac..e3f5546a9 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
@@ -37,6 +37,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.HighAvailabilityConf._
 import org.apache.kyuubi.ha.client._
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
+import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider._
 import org.apache.kyuubi.service._
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 import org.apache.kyuubi.zookeeper.ZookeeperConf.ZK_CLIENT_PORT
@@ -117,7 +118,7 @@ abstract class ZookeeperDiscoveryClientSuite extends DiscoveryClientTests
       conf.set(HA_ZK_AUTH_PRINCIPAL.key, principal)
       conf.set(HA_ZK_AUTH_TYPE.key, AuthTypes.KERBEROS.toString)
 
-      ZookeeperClientProvider.setUpZooKeeperAuth(conf)
+      setUpZooKeeperAuth(conf)
       val configuration = Configuration.getConfiguration
       val entries = configuration.getAppConfigurationEntry("KyuubiZooKeeperClient")
 
@@ -129,9 +130,9 @@ abstract class ZookeeperDiscoveryClientSuite extends DiscoveryClientTests
       assert(options("useKeyTab").toString.toBoolean)
 
       conf.set(HA_ZK_AUTH_KEYTAB.key, s"${keytab.getName}")
-      val e = intercept[IOException](ZookeeperClientProvider.setUpZooKeeperAuth(conf))
-      assert(e.getMessage ===
-        s"${HA_ZK_AUTH_KEYTAB.key}: ${ZookeeperClientProvider.getKeyTabFile(conf)} does not exists")
+      val e = intercept[IOException](setUpZooKeeperAuth(conf))
+      assert(
+        e.getMessage === s"${HA_ZK_AUTH_KEYTAB.key}: ${getKeyTabFile(conf).get} does not exists")
     }
   }
 
diff --git a/pom.xml b/pom.xml
index aa4a83a56..1c702091c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -143,7 +143,7 @@
         <grpc.version>1.48.0</grpc.version>
         <guava.version>31.1-jre</guava.version>
         <guava.failureaccess.version>1.0.1</guava.failureaccess.version>
-        <hadoop.version>3.3.4</hadoop.version>
+        <hadoop.version>3.3.5</hadoop.version>
         <hikaricp.version>4.0.3</hikaricp.version>
         <derby.version>10.14.2.0</derby.version>
         <fliptables.verion>1.0.2</fliptables.verion>

From 52251ddae2c3c4c5940fb97d44d4d5ab85ad8538 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 13 Apr 2023 16:08:32 +0800
Subject: [PATCH 278/760] [KYUUBI #4677] [AUTHZ] Check generated policy file in
 test suite

### _Why are the changes needed?_

- add ut to check generated Ranger policy file in #4585
- manually activated `genpolicy` profile in CI builds, as the property based activation not auto-triggered  as expectedly with property `ranger.version=2.4.0` set in project parent pom
- Support regenerated policy file within the same test suite, by running
`KYUUBI_UPDATE=1 build/mvn clean test -pl :kyuubi-spark-authz_2.12 -Dtest=none -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator -Pgenpolicy`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4677 from bowenliang123/authz-check-policy-gen.

Closes #4677

a372bdfd4 [liangbowen] remove unnecessary profile used in style workflow
7562c88f2 [liangbowen] include in spotless
37b674223 [liangbowen] update policy id
724ec5e28 [liangbowen] replace counter by using zipWithIndex
d322980e7 [liangbowen] extract KRangerPolicyResource object to simplify resource assembly
42c37606a [liangbowen] nit
18a8f4c51 [liangbowen] add usage comments
4ee254d6d [liangbowen] fix issue name in docs
d3cb08d21 [liangbowen] improve file reading
37e4c9c9f [Bowen Liang] Merge branch 'master' into authz-check-policy-gen
6366c50e4 [liangbowen] rename profile to `gen-policy` and remove activation rule by property setting
892faf5ef [liangbowen] update clue
266baa71a [liangbowen] update
cb94e8014 [liangbowen] update
de1f36531 [liangbowen] cleanup
e88c75d46 [liangbowen] check policy file gen

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml                  |   2 +-
 docs/security/authorization/spark/build.md    |   2 +-
 extensions/spark/kyuubi-spark-authz/pom.xml   |   9 +-
 .../authz/gen/PolicyJsonFileGenerator.scala   | 152 +++++++++---------
 .../spark/authz/gen/RangerGenWrapper.scala    |  27 ++++
 .../test/resources/sparkSql_hive_jenkins.json |  64 ++++----
 pom.xml                                       |   1 +
 7 files changed, 142 insertions(+), 115 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 8d8eaa009..ae5b8188d 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -32,7 +32,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  MVN_OPT: -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Pjdbc-shaded -Dmaven.plugin.download.cache.path=/tmp/engine-archives
+  MVN_OPT: -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Pjdbc-shaded,gen-policy -Dmaven.plugin.download.cache.path=/tmp/engine-archives
   KUBERNETES_VERSION: v1.26.1
   MINIKUBE_VERSION: v1.29.0
 
diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md
index ea45f5d6b..7e38f2eed 100644
--- a/docs/security/authorization/spark/build.md
+++ b/docs/security/authorization/spark/build.md
@@ -79,7 +79,7 @@ The available `ranger.version`s are shown in the following table.
 |     1.1.x      |     √     |                                             -                                             |
 |     1.0.x      |     √     |                                             -                                             |
 |     0.7.x      |     √     |                                             -                                             |
-|     0.6.x      |     X     | [RANGER-4672](https://github.com/apache/kyuubi/issues/4672) reported unresolved failures. |
+|     0.6.x      |     X     | [KYUUBI-4672](https://github.com/apache/kyuubi/issues/4672) reported unresolved failures. |
 
 Currently, all ranger releases are supported.
 
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index fc96a2809..27417109d 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -332,14 +332,7 @@
 
     <profiles>
         <profile>
-            <id>genpolicy</id>
-            <activation>
-                <!-- activated when Ranger version is identical to required-->
-                <property>
-                    <name>ranger.version</name>
-                    <value>2.4.0</value>
-                </property>
-            </activation>
+            <id>gen-policy</id>
             <build>
                 <plugins>
                     <plugin>
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
index ce0e5fd70..8dbc802b8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -17,49 +17,71 @@
 
 package org.apache.kyuubi.plugin.spark.authz.gen
 
-import java.nio.file.Paths
+import java.nio.charset.StandardCharsets
+import java.nio.file.{Files, Paths, StandardOpenOption}
 import java.util.UUID
-import java.util.concurrent.atomic.AtomicLong
-
-import scala.language.implicitConversions
 
 import com.fasterxml.jackson.annotation.JsonInclude.Include
 import com.fasterxml.jackson.databind.{JsonNode, ObjectMapper}
 import com.fasterxml.jackson.databind.json.JsonMapper
 import com.fasterxml.jackson.databind.node.ObjectNode
 import com.fasterxml.jackson.module.scala.DefaultScalaModule
+import org.apache.commons.io.FileUtils
 import org.apache.ranger.plugin.model.RangerPolicy
+// scalastyle:off
+import org.scalatest.funsuite.AnyFunSuite
 
-import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess.allowTypes
-import org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator.RangerAccessType.{all, alter, create, drop, index, lock, read, select, update, use, write, RangerAccessType}
-import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions.getRangerObject
+import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess._
+import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyResource._
+import org.apache.kyuubi.plugin.spark.authz.gen.RangerAccessType._
+import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions._
 
 /**
  * Generates the policy file to test/main/resources dir.
  *
- * Usage:
- * build/mvn scala:run -pl :kyuubi-spark-authz_2.12
- * -DmainClass=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
+ * To run the test suite:
+ * build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
+ * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
+ *
+ * To regenerate the ranger policy file:
+ * KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
+ * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
  */
-private object PolicyJsonFileGenerator {
-  def main(args: Array[String]): Unit = {
-    writeRangerServicePolicesJson()
-  }
-
+class PolicyJsonFileGenerator extends AnyFunSuite {
+  // scalastyle:on
   final private val mapper: ObjectMapper = JsonMapper.builder()
     .addModule(DefaultScalaModule)
     .serializationInclusion(Include.NON_NULL)
     .build()
 
-  def writeRangerServicePolicesJson(): Unit = {
+  test("check ranger policy file") {
     val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
       .split("target").head
     val policyFileName = "sparkSql_hive_jenkins.json"
-    val policyFile = Paths.get(pluginHome, "src", "test", "resources", policyFileName).toFile
-    // scalastyle:off println
-    println(s"Writing ranger policies to $policyFileName.")
-    // scalastyle:on println
-    mapper.writerWithDefaultPrettyPrinter().writeValue(policyFile, servicePolicies)
+    val policyFilePath =
+      Paths.get(pluginHome, "src", "test", "resources", policyFileName)
+    val generatedStr = mapper.writerWithDefaultPrettyPrinter()
+      .writeValueAsString(servicePolicies)
+
+    if (sys.env.get("KYUUBI_UPDATE").contains("1")) {
+      // scalastyle:off println
+      println(s"Writing ranger policies to $policyFileName.")
+      // scalastyle:on println
+      Files.write(
+        policyFilePath,
+        generatedStr.getBytes(StandardCharsets.UTF_8),
+        StandardOpenOption.CREATE,
+        StandardOpenOption.TRUNCATE_EXISTING)
+    } else {
+      val existedFileContent =
+        FileUtils.readFileToString(policyFilePath.toFile, StandardCharsets.UTF_8)
+      withClue("Please regenerate the ranger policy file by running"
+        + "`KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy"
+        + " -pl :kyuubi-spark-authz_2.12 -Dtest=none"
+        + " -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator`.") {
+        assert(generatedStr.equals(existedFileContent))
+      }
+    }
   }
 
   private def servicePolicies: JsonNode = {
@@ -96,24 +118,15 @@ private object PolicyJsonFileGenerator {
       policyMaskDateShowYearForValue4,
       policyMaskShowFirst4ForValue5)
       // fill the id and guid with auto-increased index
-      .map(p => {
-        val id = policyIdCounter.incrementAndGet()
-        p.setId(id)
-        p.setGuid(UUID.nameUUIDFromBytes(id.toString.getBytes()).toString)
-        p
-      })
+      .zipWithIndex
+      .map {
+        case (p, index) =>
+          p.setId(index)
+          p.setGuid(UUID.nameUUIDFromBytes(index.toString.getBytes()).toString)
+          p
+      }
   }
 
-  final private lazy val policyIdCounter = new AtomicLong(0)
-
-  // resource template
-  private def databaseRes(values: List[String]) =
-    "database" -> KRangerPolicyResource(values = values).get
-  private def tableRes(values: List[String]) =
-    "table" -> KRangerPolicyResource(values = values).get
-  private def columnRes(values: List[String]) =
-    "column" -> KRangerPolicyResource(values = values).get
-
   // users
   private val admin = "admin"
   private val bob = "bob"
@@ -130,18 +143,11 @@ private object PolicyJsonFileGenerator {
   private val icebergNamespace = "iceberg_ns"
   private val namespace1 = "ns1"
 
-  // access type
-  object RangerAccessType extends Enumeration {
-    type RangerAccessType = Value
-    val select, update, create, drop, alter, index, lock, all, read, write, use = Value
-  }
-  implicit def actionTypeStr(t: RangerAccessType): String = t.toString
-
   // resources
-  private val allDatabaseRes = databaseRes(List("*"))
-  private val allTableRes = tableRes(List("*"))
-  private val allColumnRes = columnRes(List("*"))
-  private val srcTableRes = tableRes(List("src"))
+  private val allDatabaseRes = databaseRes("*")
+  private val allTableRes = tableRes("*")
+  private val allColumnRes = columnRes("*")
+  private val srcTableRes = tableRes("src")
 
   // policy type
   private val POLICY_TYPE_ACCESS: Int = 0
@@ -182,7 +188,7 @@ private object PolicyJsonFileGenerator {
     name = "all - database, udf",
     description = "Policy for all - database, udf",
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog, icebergNamespace, namespace1)),
+      databaseRes(defaultDb, sparkCatalog, icebergNamespace, namespace1),
       allTableRes,
       allColumnRes),
     policyItems = List(
@@ -198,9 +204,9 @@ private object PolicyJsonFileGenerator {
   private val policyAccessForDefaultDbSrcTable = KRangerPolicy(
     name = "default_kent",
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog)),
+      databaseRes(defaultDb, sparkCatalog),
       srcTableRes,
-      columnRes(List("key"))),
+      columnRes("key")),
     policyItems = List(
       KRangerPolicyItem(
         users = List(kent),
@@ -215,7 +221,7 @@ private object PolicyJsonFileGenerator {
     name = "src_key_less_than_20",
     policyType = POLICY_TYPE_ROWFILTER,
     resources = Map(
-      databaseRes(List(defaultDb)),
+      databaseRes(defaultDb),
       srcTableRes),
     rowFilterPolicyItems = List(
       KRangerRowFilterPolicyItem(
@@ -227,8 +233,8 @@ private object PolicyJsonFileGenerator {
     name = "perm_view_key_less_than_20",
     policyType = POLICY_TYPE_ROWFILTER,
     resources = Map(
-      databaseRes(List(defaultDb)),
-      tableRes(List("perm_view"))),
+      databaseRes(defaultDb),
+      tableRes("perm_view")),
     rowFilterPolicyItems = List(
       KRangerRowFilterPolicyItem(
         rowFilterInfo = KRangerPolicyItemRowFilterInfo(filterExpr = "key<20"),
@@ -238,8 +244,8 @@ private object PolicyJsonFileGenerator {
   private val policyAccessForDefaultBobUse = KRangerPolicy(
     name = "default_bob_use",
     resources = Map(
-      databaseRes(List("default_bob", sparkCatalog)),
-      tableRes(List("table_use*")),
+      databaseRes("default_bob", sparkCatalog),
+      tableRes("table_use*"),
       allColumnRes),
     policyItems = List(
       KRangerPolicyItem(
@@ -250,8 +256,8 @@ private object PolicyJsonFileGenerator {
   private val policyAccessForDefaultBobSelect = KRangerPolicy(
     name = "default_bob_select",
     resources = Map(
-      databaseRes(List("default_bob", sparkCatalog)),
-      tableRes(List("table_select*")),
+      databaseRes("default_bob", sparkCatalog),
+      tableRes("table_select*"),
       allColumnRes),
     policyItems = List(
       KRangerPolicyItem(
@@ -263,9 +269,9 @@ private object PolicyJsonFileGenerator {
     name = "src_value_hash_perm_view",
     policyType = POLICY_TYPE_DATAMASK,
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog)),
+      databaseRes(defaultDb, sparkCatalog),
       srcTableRes,
-      columnRes(List("value1"))),
+      columnRes("value1")),
     dataMaskPolicyItems = List(
       KRangerDataMaskPolicyItem(
         dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_HASH"),
@@ -277,9 +283,9 @@ private object PolicyJsonFileGenerator {
     name = "src_value_hash",
     policyType = POLICY_TYPE_DATAMASK,
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog)),
-      tableRes(List("perm_view")),
-      columnRes(List("value1"))),
+      databaseRes(defaultDb, sparkCatalog),
+      tableRes("perm_view"),
+      columnRes("value1")),
     dataMaskPolicyItems = List(
       KRangerDataMaskPolicyItem(
         dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_HASH"),
@@ -291,9 +297,9 @@ private object PolicyJsonFileGenerator {
     name = "src_value2_nullify",
     policyType = POLICY_TYPE_DATAMASK,
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog, icebergNamespace, namespace1)),
+      databaseRes(defaultDb, sparkCatalog, icebergNamespace, namespace1),
       srcTableRes,
-      columnRes(List("value2"))),
+      columnRes("value2")),
     dataMaskPolicyItems = List(
       KRangerDataMaskPolicyItem(
         dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK"),
@@ -305,9 +311,9 @@ private object PolicyJsonFileGenerator {
     name = "src_value3_sf4",
     policyType = POLICY_TYPE_DATAMASK,
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog)),
+      databaseRes(defaultDb, sparkCatalog),
       srcTableRes,
-      columnRes(List("value3"))),
+      columnRes("value3")),
     dataMaskPolicyItems = List(
       KRangerDataMaskPolicyItem(
         dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_SHOW_FIRST_4"),
@@ -319,9 +325,9 @@ private object PolicyJsonFileGenerator {
     name = "src_value4_sf4",
     policyType = POLICY_TYPE_DATAMASK,
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog)),
+      databaseRes(defaultDb, sparkCatalog),
       srcTableRes,
-      columnRes(List("value4"))),
+      columnRes("value4")),
     dataMaskPolicyItems = List(
       KRangerDataMaskPolicyItem(
         dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_DATE_SHOW_YEAR"),
@@ -333,9 +339,9 @@ private object PolicyJsonFileGenerator {
     name = "src_value5_sf4",
     policyType = POLICY_TYPE_DATAMASK,
     resources = Map(
-      databaseRes(List(defaultDb, sparkCatalog)),
+      databaseRes(defaultDb, sparkCatalog),
       srcTableRes,
-      columnRes(List("value5"))),
+      columnRes("value5")),
     dataMaskPolicyItems = List(
       KRangerDataMaskPolicyItem(
         dataMaskInfo = KRangerPolicyItemDataMaskInfo(dataMaskType = "MASK_SHOW_LAST_4"),
@@ -346,8 +352,8 @@ private object PolicyJsonFileGenerator {
   private val policyAccessForPermViewAccessOnly = KRangerPolicy(
     name = "someone_access_perm_view",
     resources = Map(
-      databaseRes(List(defaultDb)),
-      tableRes(List("perm_view")),
+      databaseRes(defaultDb),
+      tableRes("perm_view"),
       allColumnRes),
     policyItems = List(
       KRangerPolicyItem(
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
index 56a68b82f..14405f816 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
@@ -22,6 +22,8 @@ import scala.language.implicitConversions
 import org.apache.ranger.plugin.model.RangerPolicy
 import org.apache.ranger.plugin.model.RangerPolicy._
 
+import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions.getRangerObject
+
 trait RangerObjectGenerator[T] {
   def get: T
 }
@@ -83,6 +85,17 @@ case class KRangerPolicyResource(
   }
 }
 
+object KRangerPolicyResource {
+  def databaseRes(values: String*): (String, RangerPolicyResource) =
+    "database" -> KRangerPolicyResource(values.toList)
+
+  def tableRes(values: String*): (String, RangerPolicyResource) =
+    "table" -> KRangerPolicyResource(values.toList)
+
+  def columnRes(values: String*): (String, RangerPolicyResource) =
+    "column" -> KRangerPolicyResource(values.toList)
+}
+
 case class KRangerPolicyItemCondition(
     `type`: String,
     values: List[String]) extends RangerObjectGenerator[RangerPolicyItemCondition] {
@@ -182,3 +195,17 @@ case class KRangerPolicyItemRowFilterInfo(
     i
   }
 }
+
+object RangerAccessType {
+  val select = "select"
+  val update = "update"
+  val create = "create"
+  val drop = "drop"
+  val alter = "alter"
+  val index = "index"
+  val lock = "lock"
+  val all = "all"
+  val read = "read"
+  val write = "write"
+  val use = "use"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
index 0b2acff5a..6c160d321 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
@@ -4,8 +4,8 @@
   "policyVersion" : 85,
   "policyUpdateTime" : "20190429-21:36:09.000-+0800",
   "policies" : [ {
-    "id" : 1,
-    "guid" : "c4ca4238-a0b9-3382-8dcc-509a6f75849b",
+    "id" : 0,
+    "guid" : "cfcd2084-95d5-35ef-a6e7-dff9f98764da",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -70,8 +70,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 2,
-    "guid" : "c81e728d-9d4c-3f63-af06-7f89cc14862c",
+    "id" : 1,
+    "guid" : "c4ca4238-a0b9-3382-8dcc-509a6f75849b",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -146,8 +146,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 3,
-    "guid" : "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3",
+    "id" : 2,
+    "guid" : "c81e728d-9d4c-3f63-af06-7f89cc14862c",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -217,8 +217,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 4,
-    "guid" : "a87ff679-a2f3-371d-9181-a67b7542122c",
+    "id" : 3,
+    "guid" : "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -303,8 +303,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 5,
-    "guid" : "e4da3b7f-bbce-3345-9777-2b0674a318d5",
+    "id" : 4,
+    "guid" : "a87ff679-a2f3-371d-9181-a67b7542122c",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -389,8 +389,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 6,
-    "guid" : "1679091c-5a88-3faf-afb5-e6087eb1b2dc",
+    "id" : 5,
+    "guid" : "e4da3b7f-bbce-3345-9777-2b0674a318d5",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -438,8 +438,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 7,
-    "guid" : "8f14e45f-ceea-367a-9a36-dedd4bea2543",
+    "id" : 6,
+    "guid" : "1679091c-5a88-3faf-afb5-e6087eb1b2dc",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -490,8 +490,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 8,
-    "guid" : "c9f0f895-fb98-3b91-99f5-1fd0297e236d",
+    "id" : 7,
+    "guid" : "8f14e45f-ceea-367a-9a36-dedd4bea2543",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -539,8 +539,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 9,
-    "guid" : "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26",
+    "id" : 8,
+    "guid" : "c9f0f895-fb98-3b91-99f5-1fd0297e236d",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -586,8 +586,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 10,
-    "guid" : "d3d94468-02a4-3259-b55d-38e6d163e820",
+    "id" : 9,
+    "guid" : "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -633,8 +633,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 11,
-    "guid" : "6512bd43-d9ca-36e0-ac99-0b0a82652dca",
+    "id" : 10,
+    "guid" : "d3d94468-02a4-3259-b55d-38e6d163e820",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -685,8 +685,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 12,
-    "guid" : "c20ad4d7-6fe9-3759-aa27-a0c99bff6710",
+    "id" : 11,
+    "guid" : "6512bd43-d9ca-36e0-ac99-0b0a82652dca",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -737,8 +737,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 13,
-    "guid" : "c51ce410-c124-310e-8db5-e4b97fc2af39",
+    "id" : 12,
+    "guid" : "c20ad4d7-6fe9-3759-aa27-a0c99bff6710",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -789,8 +789,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 14,
-    "guid" : "aab32389-22bc-325a-af60-6eb525ffdc56",
+    "id" : 13,
+    "guid" : "c51ce410-c124-310e-8db5-e4b97fc2af39",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -841,8 +841,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 15,
-    "guid" : "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3",
+    "id" : 14,
+    "guid" : "aab32389-22bc-325a-af60-6eb525ffdc56",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -893,8 +893,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 16,
-    "guid" : "c74d97b0-1eae-357e-84aa-9d5bade97baf",
+    "id" : 15,
+    "guid" : "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
diff --git a/pom.xml b/pom.xml
index 1c702091c..09b2e45de 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2075,6 +2075,7 @@
                             <includes>
                                 <include>src/main/scala/**/*.scala</include>
                                 <include>src/test/scala/**/*.scala</include>
+                                <include>src/test/gen/scala/**/*.scala</include>
                             </includes>
                             <scalafmt>
                                 <version>${spotless.scala.scalafmt.version}</version>

From 1603342de3fa253145a7d41cc67ca4f30e5de72d Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 13 Apr 2023 23:26:15 +0800
Subject: [PATCH 279/760] [KYUUBI #4278] Use new Apache 'closer.lua' syntax to
 obtain Maven

### _Why are the changes needed?_

Use official download link and provide a way to fallback.

- Doc reference: https://infra.apache.org/release-download-pages.html#download-scripts

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

```shell
build/mvn compile
exec: curl --progress-bar -L https://www.apache.org/dyn/closer.lua/maven/maven-3/3.8.7/binaries/apache-maven-3.8.7-bin.tar.gz?action=download
```

Closes #4704 from yaooqinn/4278.

Closes #4278

27a1fc284 [Kent Yao] [KYUUBI #4278] Use new Apache 'closer.lua' syntax to obtain Maven

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/mvn | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/build/mvn b/build/mvn
index 67aa02b4f..cd6c0c796 100755
--- a/build/mvn
+++ b/build/mvn
@@ -35,7 +35,7 @@ fi
 ## Arg2 - Tarball Name
 ## Arg3 - Checkable Binary
 install_app() {
-  local remote_tarball="$1/$2"
+  local remote_tarball="$1/$2$4"
   local local_tarball="${_DIR}/$2"
   local binary="${_DIR}/$3"
 
@@ -77,12 +77,25 @@ install_mvn() {
   # See simple version normalization: http://stackoverflow.com/questions/16989598/bash-comparing-version-numbers
   function version { echo "$@" | awk -F. '{ printf("%03d%03d%03d\n", $1,$2,$3); }'; }
   if [ $(version $MVN_DETECTED_VERSION) -ne $(version $MVN_VERSION) ]; then
-    local APACHE_MIRROR=${APACHE_MIRROR:-'https://archive.apache.org/dist/'}
+    local APACHE_MIRROR=${APACHE_MIRROR:-'https://www.apache.org/dyn/closer.lua'}
+    local MIRROR_URL_QUERY="?action=download"
+    local MVN_TARBALL="apache-maven-${MVN_VERSION}-bin.tar.gz"
+    local FILE_PATH="maven/maven-3/${MVN_VERSION}/binaries"
+
+    if [ $(command -v curl) ]; then
+      if ! curl -L --output /dev/null --silent --head --fail "${APACHE_MIRROR}/${FILE_PATH}/${MVN_TARBALL}${MIRROR_URL_QUERY}" ; then
+        # Fall back to archive.apache.org for older Maven
+        echo "Falling back to archive.apache.org to download Maven"
+        APACHE_MIRROR="https://archive.apache.org/dist"
+        MIRROR_URL_QUERY=""
+      fi
+    fi
 
     install_app \
-      "${APACHE_MIRROR}/maven/maven-3/${MVN_VERSION}/binaries" \
-      "apache-maven-${MVN_VERSION}-bin.tar.gz" \
-      "apache-maven-${MVN_VERSION}/bin/mvn"
+      "${APACHE_MIRROR}/${FILE_PATH}" \
+      "${MVN_TARBALL}" \
+      "apache-maven-${MVN_VERSION}/bin/mvn" \
+      "${MIRROR_URL_QUERY}"
 
     MVN_BIN="${_DIR}/apache-maven-${MVN_VERSION}/bin/mvn"
   fi

From b0afe7b5d63c47bcf6b484730aa3cf97acd74516 Mon Sep 17 00:00:00 2001
From: huapan <huapan@52tt.com>
Date: Fri, 14 Apr 2023 11:58:19 +0800
Subject: [PATCH 280/760] [KYUUBI #4696] Upgrade scalafmt from 3.7.1 to 3.7.3

### _Why are the changes needed?_

Close #4696

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4705 from huapan123456/feat-upgrade-scalafmt.

Closes #4696

434f94ddb [huapan] update(#4696): add some comment
7f8d7bd50 [huapan] fix(#4696): fix all
41dba1e6f [huapan] feat(#4696): upgrade scalafmt from 3.7.1 to 3.7.3

Authored-by: huapan <huapan@52tt.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .scalafmt.conf | 2 +-
 pom.xml        | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.scalafmt.conf b/.scalafmt.conf
index e682a17f7..1bcf16de7 100644
--- a/.scalafmt.conf
+++ b/.scalafmt.conf
@@ -1,4 +1,4 @@
-version = 3.7.1
+version = 3.7.3
 runner.dialect=scala212
 project.git=true
 
diff --git a/pom.xml b/pom.xml
index 09b2e45de..f772bd1b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -245,7 +245,8 @@
         <spotless.java.googlejavaformat.version>1.7</spotless.java.googlejavaformat.version>
         <spotless.python.includes></spotless.python.includes>
         <spotless.python.black.version>22.3.0</spotless.python.black.version>
-        <spotless.scala.scalafmt.version>3.7.1</spotless.scala.scalafmt.version>
+        <!-- Please also update .scalafmt.conf when you change it here -->
+        <spotless.scala.scalafmt.version>3.7.3</spotless.scala.scalafmt.version>
 
         <distMgmtReleaseId>apache.releases.https</distMgmtReleaseId>
         <distMgmtReleaseName>Apache Release Distribution Repository</distMgmtReleaseName>

From c0e967f1c500bc46d7038fa4f453f735d39eab1c Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Fri, 14 Apr 2023 11:59:31 +0800
Subject: [PATCH 281/760] [KYUUBI #4707] [K8S][HELM] Fix README typo and minor
 reformatting

### _Why are the changes needed?_
The changes are needed to fix the link to Kyuubi web site and follow common template formatting style.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4707 from dnskr/fix_readme_typo_and_reformatting.

Closes #4707

cb5d24ace [dnskr] [K8S][HELM] Fix README typo and minor reformatting

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/README.md                        |  2 +-
 charts/kyuubi/templates/_helpers.tpl           | 18 +++++++++---------
 charts/kyuubi/templates/kyuubi-configmap.yaml  |  2 +-
 charts/kyuubi/templates/kyuubi-deployment.yaml |  4 +++-
 charts/kyuubi/templates/kyuubi-service.yaml    |  3 +--
 5 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/charts/kyuubi/README.md b/charts/kyuubi/README.md
index a01fafde1..a1e5c4b62 100644
--- a/charts/kyuubi/README.md
+++ b/charts/kyuubi/README.md
@@ -19,7 +19,7 @@
 
 # Helm Chart for Apache Kyuubi
 
-[Apache Kyuubi](https://airflow.apache.org/) is a distributed and multi-tenant gateway to provide serverless SQL on Data Warehouses and Lakehouses.
+[Apache Kyuubi](https://kyuubi.apache.org) is a distributed and multi-tenant gateway to provide serverless SQL on Data Warehouses and Lakehouses.
 
 
 ## Introduction
diff --git a/charts/kyuubi/templates/_helpers.tpl b/charts/kyuubi/templates/_helpers.tpl
index cd4865a12..07e66d5f1 100644
--- a/charts/kyuubi/templates/_helpers.tpl
+++ b/charts/kyuubi/templates/_helpers.tpl
@@ -20,14 +20,14 @@ A comma separated string of enabled frontend protocols, e.g. "REST,THRIFT_BINARY
 For details, see 'kyuubi.frontend.protocols': https://kyuubi.readthedocs.io/en/master/deployment/settings.html#frontend
 */}}
 {{- define "kyuubi.frontend.protocols" -}}
-{{- $protocols := list }}
-{{- range $name, $frontend := .Values.server }}
-  {{- if $frontend.enabled }}
-    {{- $protocols = $name | snakecase | upper | append $protocols }}
+  {{- $protocols := list }}
+  {{- range $name, $frontend := .Values.server }}
+    {{- if $frontend.enabled }}
+      {{- $protocols = $name | snakecase | upper | append $protocols }}
+    {{- end }}
   {{- end }}
-{{- end }}
-{{- if not $protocols }}
-  {{ fail "At least one frontend protocol must be enabled!" }}
-{{- end }}
-{{- $protocols |  join "," }}
+  {{- if not $protocols }}
+    {{ fail "At least one frontend protocol must be enabled!" }}
+  {{- end }}
+  {{- $protocols |  join "," }}
 {{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index 4964e651c..596ec493e 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -43,7 +43,7 @@ data:
 
     ## User provided Kyuubi configurations
     {{- with .Values.kyuubiConf.kyuubiDefaults }}
-    {{- tpl . $ | nindent 4 }}
+      {{- tpl . $ | nindent 4 }}
     {{- end }}
   {{- with .Values.kyuubiConf.log4j2 }}
   log4j2.xml: |
diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index 43899b6fc..52468df4e 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -42,7 +42,9 @@ spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets: {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if or .Values.serviceAccount.name .Values.serviceAccount.create }}
       serviceAccountName: {{ .Values.serviceAccount.name | default .Release.Name }}
+      {{- end }}
       {{- with .Values.initContainers }}
       initContainers: {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
@@ -90,7 +92,7 @@ spec:
             successThreshold: {{ .Values.probe.readiness.successThreshold }}
           {{- end }}
           {{- with .Values.resources }}
-          resources:  {{- toYaml . | nindent 12 }}
+          resources: {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
             - name: conf
diff --git a/charts/kyuubi/templates/kyuubi-service.yaml b/charts/kyuubi/templates/kyuubi-service.yaml
index 963f1fcc7..3cea30b70 100644
--- a/charts/kyuubi/templates/kyuubi-service.yaml
+++ b/charts/kyuubi/templates/kyuubi-service.yaml
@@ -28,8 +28,7 @@ metadata:
     app.kubernetes.io/version: {{ $.Values.image.tag | default $.Chart.AppVersion | quote }}
     app.kubernetes.io/managed-by: {{ $.Release.Service }}
   {{- with $frontend.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
+  annotations: {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
   type: {{ $frontend.service.type }}

From 0f82625109957bfa8628725a37caf2efb91901ec Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Fri, 14 Apr 2023 12:01:36 +0800
Subject: [PATCH 282/760] [KYUUBI #4706] [K8S][HELM] Use template comments for
 the chart license header

### _Why are the changes needed?_
The changes are needed to avoid rendering license headers when debugging the chart templates.

According to [Comments (YAML Comments vs. Template Comments)](https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments):
> YAML comments may be used when it is useful for Helm users to (possibly) see the comments during debugging

Since there is no value in seeing license during debug, it's a good idea to use Template comments instead of YAML comments.

### Before
```shell
$ helm template test charts/kyuubi
---
# Source: kyuubi/templates/kyuubi-serviceaccount.yaml
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apiVersion: v1
kind: ServiceAccount
metadata:
  name: test
  labels:
    helm.sh/chart: kyuubi-0.1.0
    app.kubernetes.io/name: kyuubi
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "1.7.0"
    app.kubernetes.io/managed-by: Helm
---
```
### After
```shell
$ helm template test charts/kyuubi
---
# Source: kyuubi/templates/kyuubi-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: test
  labels:
    helm.sh/chart: kyuubi-0.1.0
    app.kubernetes.io/name: kyuubi
    app.kubernetes.io/instance: test
    app.kubernetes.io/version: "1.7.0"
    app.kubernetes.io/managed-by: Helm
---
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4706 from dnskr/chart_license_header.

Closes #4706

cabaa62b6 [dnskr] [K8S][HELM] Use template comments for the chart license header

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/kyuubi-configmap.yaml | 32 +++++++++----------
 .../kyuubi/templates/kyuubi-deployment.yaml   | 32 +++++++++----------
 charts/kyuubi/templates/kyuubi-role.yaml      | 32 +++++++++----------
 .../kyuubi/templates/kyuubi-rolebinding.yaml  | 32 +++++++++----------
 charts/kyuubi/templates/kyuubi-service.yaml   | 32 +++++++++----------
 .../templates/kyuubi-serviceaccount.yaml      | 32 +++++++++----------
 6 files changed, 96 insertions(+), 96 deletions(-)

diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index 596ec493e..22d6562b8 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index 52468df4e..b30913dd0 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
diff --git a/charts/kyuubi/templates/kyuubi-role.yaml b/charts/kyuubi/templates/kyuubi-role.yaml
index fcb5a9f6e..7e0a810a1 100644
--- a/charts/kyuubi/templates/kyuubi-role.yaml
+++ b/charts/kyuubi/templates/kyuubi-role.yaml
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 {{- if .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/charts/kyuubi/templates/kyuubi-rolebinding.yaml b/charts/kyuubi/templates/kyuubi-rolebinding.yaml
index 8f74efc2d..e7dd0d64b 100644
--- a/charts/kyuubi/templates/kyuubi-rolebinding.yaml
+++ b/charts/kyuubi/templates/kyuubi-rolebinding.yaml
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 {{- if .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/charts/kyuubi/templates/kyuubi-service.yaml b/charts/kyuubi/templates/kyuubi-service.yaml
index 3cea30b70..ddc2e230f 100644
--- a/charts/kyuubi/templates/kyuubi-service.yaml
+++ b/charts/kyuubi/templates/kyuubi-service.yaml
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 {{- range $name, $frontend := .Values.server }}
 {{- if $frontend.enabled }}
diff --git a/charts/kyuubi/templates/kyuubi-serviceaccount.yaml b/charts/kyuubi/templates/kyuubi-serviceaccount.yaml
index 770d50136..bbfa22e35 100644
--- a/charts/kyuubi/templates/kyuubi-serviceaccount.yaml
+++ b/charts/kyuubi/templates/kyuubi-serviceaccount.yaml
@@ -1,19 +1,19 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
 
 {{- if .Values.serviceAccount.create }}
 apiVersion: v1

From 46bddc3864d322f56069672c7639f2624587f68c Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Fri, 14 Apr 2023 16:47:43 +0800
Subject: [PATCH 283/760] [KYUUBI #4688] Fix the failure to read the operation
 log after executing catalog and database operation

### _Why are the changes needed?_

Now `GetCurrentCatalog`/`GetCurrentDatabase`/`SetCurrentCatalog`/`SetCurrentDatabase`is executed through the statement, and the jdbc client will try to obtain the operation log corresponding to the statement.
At present, these operations do not generate operation logs, so the engine log will be throw exception(`failed to generate operation log`).

```java
23/04/10 20:25:23 INFO GetCurrentCatalog: Processing anonymous's query[8218e7ed-b4a4-41ad-a1cc-6f82bf3d55bb]: INITIALIZED_STATE -> RUNNING_STATE, statement:
GetCurrentCatalog
23/04/10 20:25:23 INFO GetCurrentCatalog: Processing anonymous's query[8218e7ed-b4a4-41ad-a1cc-6f82bf3d55bb]: RUNNING_STATE -> FINISHED_STATE, time taken: 0.002 seconds
23/04/10 20:25:23 ERROR SparkTBinaryFrontendService: Error fetching results:
org.apache.kyuubi.KyuubiSQLException: OperationHandle [8218e7ed-b4a4-41ad-a1cc-6f82bf3d55bb] failed to generate operation log
        at org.apache.kyuubi.KyuubiSQLException$.apply(KyuubiSQLException.scala:69)
        at org.apache.kyuubi.operation.OperationManager.$anonfun$getOperationLogRowSet$2(OperationManager.scala:146)
        at scala.Option.getOrElse(Option.scala:189)
```

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4688 from cxzl25/op_log_catalog.

Closes #4688

8ebc0f570 [sychen] Fix the failure to read the operation log after executing Catalog and database operation

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../flink/operation/GetCurrentCatalog.scala   |  6 ++++++
 .../flink/operation/GetCurrentDatabase.scala  |  6 ++++++
 .../flink/operation/SetCurrentCatalog.scala   |  6 ++++++
 .../flink/operation/SetCurrentDatabase.scala  |  6 ++++++
 .../spark/operation/GetCurrentCatalog.scala   |  5 +++++
 .../spark/operation/GetCurrentDatabase.scala  |  5 +++++
 .../spark/operation/SetCurrentCatalog.scala   |  5 +++++
 .../spark/operation/SetCurrentDatabase.scala  |  5 +++++
 .../trino/operation/GetCurrentCatalog.scala   |  5 +++++
 .../trino/operation/GetCurrentDatabase.scala  |  5 +++++
 .../trino/operation/SetCurrentCatalog.scala   |  5 +++++
 .../trino/operation/SetCurrentDatabase.scala  |  5 +++++
 .../kyuubi/operation/log/OperationLog.scala   |  2 ++
 .../operation/log/OperationLogSuite.scala     | 21 +++++++++++++++++++
 14 files changed, 87 insertions(+)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala
index 988072e8d..3e42e9aa6 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala
@@ -18,11 +18,17 @@
 package org.apache.kyuubi.engine.flink.operation
 
 import org.apache.kyuubi.engine.flink.result.ResultSetUtil
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_CAT
 import org.apache.kyuubi.session.Session
 
 class GetCurrentCatalog(session: Session) extends FlinkOperation(session) {
 
+  private val operationLog: OperationLog =
+    OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala
index 8315a18d3..014ca2ea3 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala
@@ -18,11 +18,17 @@
 package org.apache.kyuubi.engine.flink.operation
 
 import org.apache.kyuubi.engine.flink.result.ResultSetUtil
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_SCHEM
 import org.apache.kyuubi.session.Session
 
 class GetCurrentDatabase(session: Session) extends FlinkOperation(session) {
 
+  private val operationLog: OperationLog =
+    OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala
index 489cc6384..60214b2cd 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala
@@ -17,11 +17,17 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class SetCurrentCatalog(session: Session, catalog: String)
   extends FlinkOperation(session) {
 
+  private val operationLog: OperationLog =
+    OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala
index 0d3598405..7610ab2f1 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala
@@ -17,11 +17,17 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class SetCurrentDatabase(session: Session, database: String)
   extends FlinkOperation(session) {
 
+  private val operationLog: OperationLog =
+    OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala
index 66d707ec0..96e013284 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala
@@ -21,11 +21,16 @@ import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.IterableFetchIterator
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_CAT
 import org.apache.kyuubi.session.Session
 
 class GetCurrentCatalog(session: Session) extends SparkOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def resultSchema: StructType = {
     new StructType()
       .add(TABLE_CAT, "string", nullable = true, "Catalog name.")
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala
index bcf3ad2a5..10b325d76 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala
@@ -21,11 +21,16 @@ import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.IterableFetchIterator
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_SCHEM
 import org.apache.kyuubi.session.Session
 
 class GetCurrentDatabase(session: Session) extends SparkOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def resultSchema: StructType = {
     new StructType()
       .add(TABLE_SCHEM, "string", nullable = true, "Schema name.")
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala
index 4e8c0aa69..7571c3e32 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala
@@ -20,10 +20,15 @@ package org.apache.kyuubi.engine.spark.operation
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class SetCurrentCatalog(session: Session, catalog: String) extends SparkOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def resultSchema: StructType = {
     new StructType()
   }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala
index 0a21bc839..2112f544a 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala
@@ -20,11 +20,16 @@ package org.apache.kyuubi.engine.spark.operation
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class SetCurrentDatabase(session: Session, database: String)
   extends SparkOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def resultSchema: StructType = {
     new StructType()
   }
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentCatalog.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentCatalog.scala
index 3d8c7fd6c..504a53a41 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentCatalog.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentCatalog.scala
@@ -23,11 +23,16 @@ import io.trino.client.ClientStandardTypes.VARCHAR
 import io.trino.client.ClientTypeSignature.VARCHAR_UNBOUNDED_LENGTH
 
 import org.apache.kyuubi.operation.IterableFetchIterator
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class GetCurrentCatalog(session: Session)
   extends TrinoOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val session = trinoContext.clientSession.get
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentDatabase.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentDatabase.scala
index 3bf2987b4..3ab598ef0 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentDatabase.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/GetCurrentDatabase.scala
@@ -23,11 +23,16 @@ import io.trino.client.ClientStandardTypes.VARCHAR
 import io.trino.client.ClientTypeSignature.VARCHAR_UNBOUNDED_LENGTH
 
 import org.apache.kyuubi.operation.IterableFetchIterator
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class GetCurrentDatabase(session: Session)
   extends TrinoOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val session = trinoContext.clientSession.get
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentCatalog.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentCatalog.scala
index 09ba4262f..16836b0a9 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentCatalog.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentCatalog.scala
@@ -19,11 +19,16 @@ package org.apache.kyuubi.engine.trino.operation
 
 import io.trino.client.ClientSession
 
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class SetCurrentCatalog(session: Session, catalog: String)
   extends TrinoOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val session = trinoContext.clientSession.get
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentDatabase.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentDatabase.scala
index f25cc9e0c..aa4697f5f 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentDatabase.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/SetCurrentDatabase.scala
@@ -19,11 +19,16 @@ package org.apache.kyuubi.engine.trino.operation
 
 import io.trino.client.ClientSession
 
+import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
 class SetCurrentDatabase(session: Session, database: String)
   extends TrinoOperation(session) {
 
+  private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
+
+  override def getOperationLog: Option[OperationLog] = Option(operationLog)
+
   override protected def runInternal(): Unit = {
     try {
       val session = trinoContext.clientSession.get
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
index e6312d0fb..3791c08d2 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
@@ -195,6 +195,8 @@ class OperationLog(path: Path) {
   }
 
   def close(): Unit = synchronized {
+    if (!initialized) return
+
     closeExtraReaders()
 
     trySafely {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
index fe3cbc7fc..b333b59fd 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
@@ -297,4 +297,25 @@ class OperationLogSuite extends KyuubiFunSuite {
       Utils.deleteDirectoryRecursively(extraFile.toFile)
     }
   }
+
+  test("Closing the unwritten operation log should not throw an exception") {
+    val sessionManager = new NoopSessionManager
+    sessionManager.initialize(KyuubiConf())
+    val sHandle = sessionManager.openSession(
+      TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10,
+      "kyuubi",
+      "passwd",
+      "localhost",
+      Map.empty)
+    val session = sessionManager.getSession(sHandle)
+    OperationLog.createOperationLogRootDirectory(session)
+    val oHandle = OperationHandle()
+
+    val log = OperationLog.createOperationLog(session, oHandle)
+    val tRowSet = log.read(1)
+    assert(tRowSet == ThriftUtils.newEmptyRowSet)
+    // close the operation log without writing
+    log.close()
+    session.close()
+  }
 }

From 7b94196ab1fb5d5cb636b20cd76f08dd41b2b2dc Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Fri, 14 Apr 2023 16:52:54 +0800
Subject: [PATCH 284/760] [KYUUBI #4681][Engine] Set thread
 `CreateSparkTimeoutChecker` daemon

### _Why are the changes needed?_

Close #4681

Set `CreateSparkTimeoutChecker` in `SparkSQLEngine` daemon.

Exit when spark session initialize fail.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4682 from zwangsheng/KYUUBI_4681.

Closes #4681

1928a67ec [zwangsheng] Add thread name
57f1914e4 [zwangsheng] Add thread name
71ff31a2b [zwangsheng] revert
4e8a619b2 [zwangsheng] DEBUG
ea23fae11 [zwangsheng] Change Init Timeout => 10M
3a89acc64 [zwangsheng] fix comments
565d1c90a [zwangsheng] [KYUUBI #4681][Engine] Set thread  daemon

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/spark/SparkSQLEngine.scala     | 6 ++++--
 .../kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala | 1 +
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index 42e7c44a1..6f8aa2ec0 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -359,7 +359,7 @@ object SparkSQLEngine extends Logging {
 
   private def startInitTimeoutChecker(startTime: Long, timeout: Long): Unit = {
     val mainThread = Thread.currentThread()
-    new Thread(
+    val checker = new Thread(
       () => {
         while (System.currentTimeMillis() - startTime < timeout && !sparkSessionCreated.get()) {
           Thread.sleep(500)
@@ -368,7 +368,9 @@ object SparkSQLEngine extends Logging {
           mainThread.interrupt()
         }
       },
-      "CreateSparkTimeoutChecker").start()
+      "CreateSparkTimeoutChecker")
+    checker.setDaemon(true)
+    checker.start()
   }
 
   private def isOnK8sClusterMode: Boolean = {
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 5141ff4d7..74090bc40 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -57,6 +57,7 @@ abstract class SparkOnKubernetesSuiteBase
       .set("spark.kubernetes.executor.request.cores", "250m")
       .set("kyuubi.kubernetes.context", "minikube")
       .set("kyuubi.frontend.protocols", "THRIFT_BINARY,REST")
+      .set("kyuubi.session.engine.initialize.timeout", "PT10M")
   }
 }
 

From db46b5b320ffc3e58f84a0c3bb0d113783b9612b Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Fri, 14 Apr 2023 20:46:28 +0800
Subject: [PATCH 285/760] [KYUUBI #4711] JDBC client should catch task failed
 exception instead of NPE in the incremental mode

### _Why are the changes needed?_

Since the job was lazily submitted in the incremental mode, the engine should not catch the task failed exception even though the operation is in the terminal state.

Before this PR:

```
0: jdbc:hive2://0.0.0.0:10009/> set kyuubi.operation.incremental.collect=true;
+---------------------------------------+--------+
|                  key                  | value  |
+---------------------------------------+--------+
| kyuubi.operation.incremental.collect  | true   |
+---------------------------------------+--------+
0: jdbc:hive2://0.0.0.0:10009/> SELECT raise_error('custom error message');
Error:  (state=,code=0)
0: jdbc:hive2://0.0.0.0:10009/>
```

kyuubi server log

```
2023-04-14 18:47:50.185 ERROR org.apache.kyuubi.server.KyuubiTBinaryFrontendService: Error fetching results:
java.lang.NullPointerException: null
	at org.apache.kyuubi.server.BackendServiceMetric.$anonfun$fetchResults$1(BackendServiceMetric.scala:191) ~[classes/:?]
	at org.apache.kyuubi.metrics.MetricsSystem$.timerTracing(MetricsSystem.scala:111) ~[classes/:?]
	at org.apache.kyuubi.server.BackendServiceMetric.fetchResults(BackendServiceMetric.scala:187) ~[classes/:?]
	at org.apache.kyuubi.server.BackendServiceMetric.fetchResults$(BackendServiceMetric.scala:182) ~[classes/:?]
	at org.apache.kyuubi.server.KyuubiServer$$anon$1.fetchResults(KyuubiServer.scala:147) ~[classes/:?]
	at org.apache.kyuubi.service.TFrontendService.FetchResults(TFrontendService.scala:530) [classes/:?]
```

After this PR:

```
0: jdbc:hive2://0.0.0.0:10009/> set kyuubi.operation.incremental.collect=true;
+---------------------------------------+--------+
|                  key                  | value  |
+---------------------------------------+--------+
| kyuubi.operation.incremental.collect  | true   |
+---------------------------------------+--------+
0: jdbc:hive2://0.0.0.0:10009/> SELECT raise_error('custom error message');
Error: org.apache.spark.SparkException: Job aborted due to stage failure: Task 0 in stage 3.0 failed 1 times, most recent failure: Lost task 0.0 in stage 3.0 (TID 3) (0.0.0.0 executor driver): java.lang.RuntimeException: custom error message
        at org.apache.spark.sql.catalyst.expressions.GeneratedClass$GeneratedIteratorForCodegenStage1.project_doConsume_0$(Unknown Source)
        at org.apache.spark.sql.catalyst.expressions.GeneratedClass$GeneratedIteratorForCodegenStage1.processNext(Unknown Source)
        at org.apache.spark.sql.execution.BufferedRowIterator.hasNext(BufferedRowIterator.java:43)
        at org.apache.spark.sql.execution.WholeStageCodegenExec$$anon$1.hasNext(WholeStageCodegenExec.scala:760)
        at org.apache.spark.sql.execution.SparkPlan.$anonfun$getByteArrayRdd$1(SparkPlan.scala:364)
        at org.apache.spark.rdd.RDD.$anonfun$mapPartitionsInternal$2(RDD.scala:890)
        at org.apache.spark.rdd.RDD.$anonfun$mapPartitionsInternal$2$adapted(RDD.scala:890)
        at org.apache.spark.rdd.MapPartitionsRDD.compute(MapPartitionsRDD.scala:52)
        at org.apache.spark.rdd.RDD.computeOrReadCheckpoint(RDD.scala:365)
        at org.apache.spark.rdd.RDD.iterator(RDD.scala:329)
        at org.apache.spark.rdd.MapPartitionsRDD.compute(MapPartitionsRDD.scala:52)
        at org.apache.spark.rdd.RDD.computeOrReadCheckpoint(RDD.scala:365)
        at org.apache.spark.rdd.RDD.iterator(RDD.scala:329)
        at org.apache.spark.scheduler.ResultTask.runTask(ResultTask.scala:90)
        at org.apache.spark.scheduler.Task.run(Task.scala:136)
        at org.apache.spark.executor.Executor$TaskRunner.$anonfun$run$3(Executor.scala:548)
        at org.apache.spark.util.Utils$.tryWithSafeFinally(Utils.scala:1504)
        at org.apache.spark.executor.Executor$TaskRunner.run(Executor.scala:551)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)

Driver stacktrace:
        at org.apache.spark.scheduler.DAGScheduler.failJobAndIndependentStages(DAGScheduler.scala:2672)
        at org.apache.spark.scheduler.DAGScheduler.$anonfun$abortStage$2(DAGScheduler.scala:2608)
        at org.apache.spark.scheduler.DAGScheduler.$anonfun$abortStage$2$adapted(DAGScheduler.scala:2607)
        at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
        at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
        at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
        at org.apache.spark.scheduler.DAGScheduler.abortStage(DAGScheduler.scala:2607)
        at org.apache.spark.scheduler.DAGScheduler.$anonfun$handleTaskSetFailed$1(DAGScheduler.scala:1182)
        at org.apache.spark.scheduler.DAGScheduler.$anonfun$handleTaskSetFailed$1$adapted(DAGScheduler.scala:1182)
        at scala.Option.foreach(Option.scala:407)
        at org.apache.spark.scheduler.DAGScheduler.handleTaskSetFailed(DAGScheduler.scala:1182)
        at org.apache.spark.scheduler.DAGSchedulerEventProcessLoop.doOnReceive(DAGScheduler.scala:2860)
        at org.apache.spark.scheduler.DAGSchedulerEventProcessLoop.onReceive(DAGScheduler.scala:2802)
        at org.apache.spark.scheduler.DAGSchedulerEventProcessLoop.onReceive(DAGScheduler.scala:2791)
        at org.apache.spark.util.EventLoop$$anon$1.run(EventLoop.scala:49)
        at org.apache.spark.scheduler.DAGScheduler.runJob(DAGScheduler.scala:952)
        at org.apache.spark.SparkContext.runJob(SparkContext.scala:2228)
        at org.apache.spark.SparkContext.runJob(SparkContext.scala:2249)
        at org.apache.spark.SparkContext.runJob(SparkContext.scala:2268)
        at org.apache.spark.rdd.RDD.collectPartition$1(RDD.scala:1036)
        at org.apache.spark.rdd.RDD.$anonfun$toLocalIterator$3(RDD.scala:1038)
        at org.apache.spark.rdd.RDD.$anonfun$toLocalIterator$3$adapted(RDD.scala:1038)
        at scala.collection.Iterator$$anon$11.nextCur(Iterator.scala:486)
        at scala.collection.Iterator$$anon$11.hasNext(Iterator.scala:492)
        at scala.collection.Iterator$$anon$11.hasNext(Iterator.scala:491)
        at scala.collection.Iterator$$anon$10.hasNext(Iterator.scala:460)
        at org.apache.kyuubi.operation.IterableFetchIterator.hasNext(FetchIterator.scala:97)
        at scala.collection.Iterator$SliceIterator.hasNext(Iterator.scala:268)
        at scala.collection.Iterator.toStream(Iterator.scala:1417)
        at scala.collection.Iterator.toStream$(Iterator.scala:1416)
        at scala.collection.AbstractIterator.toStream(Iterator.scala:1431)
        at scala.collection.TraversableOnce.toSeq(TraversableOnce.scala:354)
        at scala.collection.TraversableOnce.toSeq$(TraversableOnce.scala:354)
        at scala.collection.AbstractIterator.toSeq(Iterator.scala:1431)
        at org.apache.kyuubi.engine.spark.operation.SparkOperation.$anonfun$getNextRowSet$1(SparkOperation.scala:265)
        at org.apache.kyuubi.engine.spark.operation.SparkOperation.$anonfun$withLocalProperties$1(SparkOperation.scala:155)
        at org.apache.spark.sql.execution.SQLExecution$.withSQLConfPropagated(SQLExecution.scala:169)
        at org.apache.kyuubi.engine.spark.operation.SparkOperation.withLocalProperties(SparkOperation.scala:139)
        at org.apache.kyuubi.engine.spark.operation.SparkOperation.getNextRowSet(SparkOperation.scala:243)
        at org.apache.kyuubi.operation.OperationManager.getOperationNextRowSet(OperationManager.scala:141)
        at org.apache.kyuubi.session.AbstractSession.fetchResults(AbstractSession.scala:240)
        at org.apache.kyuubi.service.AbstractBackendService.fetchResults(AbstractBackendService.scala:214)
        at org.apache.kyuubi.service.TFrontendService.FetchResults(TFrontendService.scala:530)
        at org.apache.hive.service.rpc.thrift.TCLIService$Processor$FetchResults.getResult(TCLIService.java:1837)
        at org.apache.hive.service.rpc.thrift.TCLIService$Processor$FetchResults.getResult(TCLIService.java:1822)
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at org.apache.kyuubi.service.authentication.TSetIpAddressProcessor.process(TSetIpAddressProcessor.scala:36)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: custom error message
        at org.apache.spark.sql.catalyst.expressions.GeneratedClass$GeneratedIteratorForCodegenStage1.project_doConsume_0$(Unknown Source)
        at org.apache.spark.sql.catalyst.expressions.GeneratedClass$GeneratedIteratorForCodegenStage1.processNext(Unknown Source)
        at org.apache.spark.sql.execution.BufferedRowIterator.hasNext(BufferedRowIterator.java:43)
        at org.apache.spark.sql.execution.WholeStageCodegenExec$$anon$1.hasNext(WholeStageCodegenExec.scala:760)
        at org.apache.spark.sql.execution.SparkPlan.$anonfun$getByteArrayRdd$1(SparkPlan.scala:364)
        at org.apache.spark.rdd.RDD.$anonfun$mapPartitionsInternal$2(RDD.scala:890)
        at org.apache.spark.rdd.RDD.$anonfun$mapPartitionsInternal$2$adapted(RDD.scala:890)
        at org.apache.spark.rdd.MapPartitionsRDD.compute(MapPartitionsRDD.scala:52)
        at org.apache.spark.rdd.RDD.computeOrReadCheckpoint(RDD.scala:365)
        at org.apache.spark.rdd.RDD.iterator(RDD.scala:329)
        at org.apache.spark.rdd.MapPartitionsRDD.compute(MapPartitionsRDD.scala:52)
        at org.apache.spark.rdd.RDD.computeOrReadCheckpoint(RDD.scala:365)
        at org.apache.spark.rdd.RDD.iterator(RDD.scala:329)
        at org.apache.spark.scheduler.ResultTask.runTask(ResultTask.scala:90)
        at org.apache.spark.scheduler.Task.run(Task.scala:136)
        at org.apache.spark.executor.Executor$TaskRunner.$anonfun$run$3(Executor.scala:548)
        at org.apache.spark.util.Utils$.tryWithSafeFinally(Utils.scala:1504)
        at org.apache.spark.executor.Executor$TaskRunner.run(Executor.scala:551)
        ... 3 more (state=,code=0)
0: jdbc:hive2://0.0.0.0:10009/>
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4711 from cfmcgrady/incremental-show-error-msg.

Closes #4711

66bb527ce [Fu Chen] JDBC client should catch task failed exception in the incremental mode

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/operation/SparkOperation.scala      |  5 +++--
 .../KyuubiOperationPerConnectionSuite.scala          | 12 +++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index eb58407d4..cb7510a89 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -181,8 +181,9 @@ abstract class SparkOperation(session: Session)
           setOperationException(ke)
           throw ke
         } else if (isTerminalState(state)) {
-          setOperationException(KyuubiSQLException(errMsg))
-          warn(s"Ignore exception in terminal state with $statementId: $errMsg")
+          val ke = KyuubiSQLException(errMsg)
+          setOperationException(ke)
+          throw ke
         } else {
           error(s"Error operating $opType: $errMsg", e)
           val ke = KyuubiSQLException(s"Error operating $opType: $errMsg", e)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index d04afbfb5..d0f1f065d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -31,7 +31,7 @@ import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.config.KyuubiConf.SESSION_CONF_ADVISOR
 import org.apache.kyuubi.engine.ApplicationState
 import org.apache.kyuubi.jdbc.KyuubiHiveDriver
-import org.apache.kyuubi.jdbc.hive.KyuubiConnection
+import org.apache.kyuubi.jdbc.hive.{KyuubiConnection, KyuubiSQLException}
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.plugin.SessionConfAdvisor
 import org.apache.kyuubi.session.{KyuubiSessionManager, SessionType}
@@ -281,6 +281,16 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
       assert(rs.getString(2) === KYUUBI_VERSION)
     }
   }
+
+  test("JDBC client should catch task failed exception in the incremental mode") {
+    withJdbcStatement() { statement =>
+      statement.executeQuery(s"set ${KyuubiConf.OPERATION_INCREMENTAL_COLLECT.key}=true;")
+      val resultSet = statement.executeQuery(
+        "SELECT raise_error('client should catch this exception');")
+      val e = intercept[KyuubiSQLException](resultSet.next())
+      assert(e.getMessage.contains("client should catch this exception"))
+    }
+  }
 }
 
 class TestSessionConfAdvisor extends SessionConfAdvisor {

From 93ba8f762f35e5467dbb6cd51ef4e82ba2f74d05 Mon Sep 17 00:00:00 2001
From: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Date: Mon, 17 Apr 2023 09:14:20 +0800
Subject: [PATCH 286/760] [KYUUBI #4712] Bump Spark from 3.2.3 to 3.2.4

### _Why are the changes needed?_

Fixes #4712

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4718 from anurag-rajawat/upgrade-spark.

Closes #4712

79dcf1b79 [Anurag Rajawat] Bump Spark from 3.2.3 to 3.2.4

Authored-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml                  |   2 +-
 ...plugin.spark.authz.serde.FunctionExtractor |   1 +
 ...in.spark.authz.serde.FunctionTypeExtractor |   1 +
 .../src/main/resources/scan_command_spec.json |  29 ---
 .../src/main/resources/scan_spec.json         |  89 ++++++++
 .../main/resources/table_command_spec.json    |  16 +-
 .../spark/authz/PrivilegesBuilder.scala       |  23 ++
 .../spark/authz/serde/CommandSpec.scala       |  16 +-
 .../authz/serde/functionExtractors.scala      |  22 ++
 .../authz/serde/functionTypeExtractors.scala  |  36 +++-
 .../plugin/spark/authz/serde/package.scala    |  20 +-
 .../FunctionPrivilegesBuilderSuite.scala      | 196 ++++++++++++++++++
 .../authz/gen/JsonSpecFileGenerator.scala     |   9 +-
 .../kyuubi/plugin/spark/authz/gen/Scans.scala |  28 ++-
 .../spark/authz/gen/TableCommands.scala       |   2 +-
 pom.xml                                       |   2 +-
 16 files changed, 436 insertions(+), 56 deletions(-)
 delete mode 100644 extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index ae5b8188d..ece87e265 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -61,7 +61,7 @@ jobs:
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.3 -Dspark.archive.name=spark-3.2.3-bin-hadoop3.2.tgz'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.2-binary'
     env:
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
index 4686bb033..2facb004a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
@@ -17,4 +17,5 @@
 
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionInfoFunctionExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.FunctionIdentifierFunctionExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.QualifiedNameStringFunctionExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.StringFunctionExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
index 475f47afc..3bb0ee6c2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
@@ -17,4 +17,5 @@
 
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionInfoFunctionTypeExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.FunctionIdentifierFunctionTypeExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.FunctionNameFunctionTypeExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.TempMarkerFunctionTypeExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
deleted file mode 100644
index 9a6aef4ed..000000000
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
+++ /dev/null
@@ -1,29 +0,0 @@
-[ {
-  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
-  "scanDescs" : [ {
-    "fieldName" : "catalogTable",
-    "fieldExtractor" : "CatalogTableTableExtractor",
-    "catalogDesc" : null
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.catalog.HiveTableRelation",
-  "scanDescs" : [ {
-    "fieldName" : "tableMeta",
-    "fieldExtractor" : "CatalogTableTableExtractor",
-    "catalogDesc" : null
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.execution.datasources.LogicalRelation",
-  "scanDescs" : [ {
-    "fieldName" : "catalogTable",
-    "fieldExtractor" : "CatalogTableOptionTableExtractor",
-    "catalogDesc" : null
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.execution.datasources.v2.DataSourceV2Relation",
-  "scanDescs" : [ {
-    "fieldName" : null,
-    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
-    "catalogDesc" : null
-  } ]
-} ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json
new file mode 100644
index 000000000..3273ccbea
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json
@@ -0,0 +1,89 @@
+[ {
+  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
+  "scanDescs" : [ {
+    "fieldName" : "catalogTable",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "catalogDesc" : null
+  } ],
+  "functionDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.catalog.HiveTableRelation",
+  "scanDescs" : [ {
+    "fieldName" : "tableMeta",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "catalogDesc" : null
+  } ],
+  "functionDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.execution.datasources.LogicalRelation",
+  "scanDescs" : [ {
+    "fieldName" : "catalogTable",
+    "fieldExtractor" : "CatalogTableOptionTableExtractor",
+    "catalogDesc" : null
+  } ],
+  "functionDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.execution.datasources.v2.DataSourceV2Relation",
+  "scanDescs" : [ {
+    "fieldName" : null,
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "catalogDesc" : null
+  } ],
+  "functionDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveGenericUDF",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveGenericUDTF",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveSimpleUDF",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveUDAFFunction",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+} ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 81ccd8da0..3d6fcd93b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1243,14 +1243,6 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
-  "tableDescs" : [ ],
-  "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.RefreshTable",
   "tableDescs" : [ {
@@ -1293,6 +1285,14 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
+  "tableDescs" : [ ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveTable",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index b8220ea27..98e436189 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -235,4 +235,27 @@ object PrivilegesBuilder {
     }
     (inputObjs, outputObjs, opType)
   }
+
+  /**
+   * Build input  privilege objects from a Spark's LogicalPlan for hive permanent functions
+   *
+   * For `Command`s and other queries, build inputs.
+   *
+   * @param plan A Spark LogicalPlan
+   */
+  def buildFunctionPrivileges(
+      plan: LogicalPlan,
+      spark: SparkSession): PrivilegesAndOpType = {
+    val inputObjs = new ArrayBuffer[PrivilegeObject]
+    plan transformAllExpressions {
+      case hiveFunction: Expression if isKnowFunction(hiveFunction) =>
+        val functionSpec: ScanSpec = getFunctionSpec(hiveFunction)
+        if (functionSpec.functionDescs.exists(!_.functionTypeDesc.get.skip(hiveFunction, spark))) {
+          functionSpec.functions(hiveFunction).foreach(func =>
+            inputObjs += PrivilegeObject(func))
+        }
+        hiveFunction
+    }
+    (inputObjs, Seq.empty, OperationType.QUERY)
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
index e96ef8cbf..32ad30e21 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import com.fasterxml.jackson.annotation.JsonIgnore
 import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.slf4j.LoggerFactory
 
@@ -94,7 +95,8 @@ case class TableCommandSpec(
 
 case class ScanSpec(
     classname: String,
-    scanDescs: Seq[ScanDesc]) extends CommandSpec {
+    scanDescs: Seq[ScanDesc],
+    functionDescs: Seq[FunctionDesc] = Seq.empty) extends CommandSpec {
   override def opType: String = OperationType.QUERY.toString
   def tables: (LogicalPlan, SparkSession) => Seq[Table] = (plan, spark) => {
     scanDescs.flatMap { td =>
@@ -107,4 +109,16 @@ case class ScanSpec(
       }
     }
   }
+
+  def functions: (Expression) => Seq[Function] = (expr) => {
+    functionDescs.flatMap { fd =>
+      try {
+        Some(fd.extract(expr))
+      } catch {
+        case e: Exception =>
+          LOG.debug(fd.error(expr, e))
+          None
+      }
+    }
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
index 894a6cb8f..729521200 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
@@ -20,12 +20,23 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 import org.apache.spark.sql.catalyst.FunctionIdentifier
 import org.apache.spark.sql.catalyst.expressions.ExpressionInfo
 
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
+
 trait FunctionExtractor extends (AnyRef => Function) with Extractor
 
 object FunctionExtractor {
   val functionExtractors: Map[String, FunctionExtractor] = {
     loadExtractorsToMap[FunctionExtractor]
   }
+
+  def buildFunctionIdentFromQualifiedName(qualifiedName: String): (String, Option[String]) = {
+    val parts: Array[String] = qualifiedName.split("\\.", 2)
+    if (parts.length == 1) {
+      (qualifiedName, None)
+    } else {
+      (parts.last, Some(parts.head))
+    }
+  }
 }
 
 /**
@@ -37,6 +48,17 @@ class StringFunctionExtractor extends FunctionExtractor {
   }
 }
 
+/**
+ *  * String
+ */
+class QualifiedNameStringFunctionExtractor extends FunctionExtractor {
+  override def apply(v1: AnyRef): Function = {
+    val qualifiedName: String = v1.asInstanceOf[String]
+    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
+    Function(database, funcName)
+  }
+}
+
 /**
  * org.apache.spark.sql.catalyst.FunctionIdentifier
  */
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
index 4c5e9dc84..193a00fa5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
@@ -19,8 +19,11 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.FunctionIdentifier
+import org.apache.spark.sql.catalyst.catalog.SessionCatalog
 
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType.{FunctionType, PERMANENT, SYSTEM, TEMP}
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.getFunctionType
 
 object FunctionType extends Enumeration {
   type FunctionType = Value
@@ -33,6 +36,17 @@ object FunctionTypeExtractor {
   val functionTypeExtractors: Map[String, FunctionTypeExtractor] = {
     loadExtractorsToMap[FunctionTypeExtractor]
   }
+
+  def getFunctionType(fi: FunctionIdentifier, catalog: SessionCatalog): FunctionType = {
+    fi match {
+      case permanent if catalog.isPersistentFunction(permanent) =>
+        PERMANENT
+      case system if catalog.isRegisteredFunction(system) =>
+        SYSTEM
+      case _ =>
+        TEMP
+    }
+  }
 }
 
 /**
@@ -66,14 +80,18 @@ class FunctionIdentifierFunctionTypeExtractor extends FunctionTypeExtractor {
   override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
     val catalog = spark.sessionState.catalog
     val fi = v1.asInstanceOf[FunctionIdentifier]
-    if (catalog.isTemporaryFunction(fi)) {
-      TEMP
-    } else if (catalog.isPersistentFunction(fi)) {
-      PERMANENT
-    } else if (catalog.isRegisteredFunction(fi)) {
-      SYSTEM
-    } else {
-      TEMP
-    }
+    getFunctionType(fi, catalog)
+  }
+}
+
+/**
+ * String
+ */
+class FunctionNameFunctionTypeExtractor extends FunctionTypeExtractor {
+  override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
+    val catalog: SessionCatalog = spark.sessionState.catalog
+    val qualifiedName: String = v1.asInstanceOf[String]
+    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
+    getFunctionType(FunctionIdentifier(funcName, database), catalog)
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
index a52a558a0..07f91a95d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
@@ -66,9 +66,10 @@ package object serde {
   }
 
   final private lazy val SCAN_SPECS: Map[String, ScanSpec] = {
-    val is = getClass.getClassLoader.getResourceAsStream("scan_command_spec.json")
+    val is = getClass.getClassLoader.getResourceAsStream("scan_spec.json")
     mapper.readValue(is, new TypeReference[Array[ScanSpec]] {})
-      .map(e => (e.classname, e)).toMap
+      .map(e => (e.classname, e))
+      .filter(t => t._2.scanDescs.nonEmpty).toMap
   }
 
   def isKnownScan(r: AnyRef): Boolean = {
@@ -79,6 +80,21 @@ package object serde {
     SCAN_SPECS(r.getClass.getName)
   }
 
+  final private lazy val FUNCTION_SPECS: Map[String, ScanSpec] = {
+    val is = getClass.getClassLoader.getResourceAsStream("scan_spec.json")
+    mapper.readValue(is, new TypeReference[Array[ScanSpec]] {})
+      .map(e => (e.classname, e))
+      .filter(t => t._2.functionDescs.nonEmpty).toMap
+  }
+
+  def isKnowFunction(r: AnyRef): Boolean = {
+    FUNCTION_SPECS.contains(r.getClass.getName)
+  }
+
+  def getFunctionSpec(r: AnyRef): ScanSpec = {
+    FUNCTION_SPECS(r.getClass.getName)
+  }
+
   def operationType(plan: LogicalPlan): OperationType = {
     val classname = plan.getClass.getName
     TABLE_COMMAND_SPECS.get(classname)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
new file mode 100644
index 000000000..e8da4e871
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz
+
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.scalatest.{BeforeAndAfterAll, BeforeAndAfterEach}
+// scalastyle:off
+import org.scalatest.funsuite.AnyFunSuite
+
+import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
+import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+
+abstract class FunctionPrivilegesBuilderSuite extends AnyFunSuite
+  with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
+  // scalastyle:on
+
+  protected def withTable(t: String)(f: String => Unit): Unit = {
+    try {
+      f(t)
+    } finally {
+      sql(s"DROP TABLE IF EXISTS $t")
+    }
+  }
+
+  protected def withDatabase(t: String)(f: String => Unit): Unit = {
+    try {
+      f(t)
+    } finally {
+      sql(s"DROP DATABASE IF EXISTS $t")
+    }
+  }
+
+  protected def checkColumns(plan: LogicalPlan, cols: Seq[String]): Unit = {
+    val (in, out, _) = PrivilegesBuilder.build(plan, spark)
+    assert(out.isEmpty, "Queries shall not check output privileges")
+    val po = in.head
+    assert(po.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assert(po.columns === cols)
+  }
+
+  protected def checkColumns(query: String, cols: Seq[String]): Unit = {
+    checkColumns(sql(query).queryExecution.optimizedPlan, cols)
+  }
+
+  protected val reusedDb: String = getClass.getSimpleName
+  protected val reusedDb2: String = getClass.getSimpleName + "2"
+  protected val reusedTable: String = reusedDb + "." + getClass.getSimpleName
+  protected val reusedTableShort: String = reusedTable.split("\\.").last
+  protected val reusedPartTable: String = reusedTable + "_part"
+  protected val reusedPartTableShort: String = reusedPartTable.split("\\.").last
+  protected val functionCount = 3
+  protected val functionNamePrefix = "kyuubi_fun_"
+  protected val tempFunNamePrefix = "kyuubi_temp_fun_"
+
+  override def beforeAll(): Unit = {
+    sql(s"CREATE DATABASE IF NOT EXISTS $reusedDb")
+    sql(s"CREATE DATABASE IF NOT EXISTS $reusedDb2")
+    sql(s"CREATE TABLE IF NOT EXISTS $reusedTable" +
+      s" (key int, value string) USING parquet")
+    sql(s"CREATE TABLE IF NOT EXISTS $reusedPartTable" +
+      s" (key int, value string, pid string) USING parquet" +
+      s"  PARTITIONED BY(pid)")
+    // scalastyle:off
+    (0 until functionCount).foreach { index =>
+      {
+        sql(s"CREATE FUNCTION ${reusedDb}.${functionNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
+        sql(s"CREATE FUNCTION ${reusedDb2}.${functionNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
+        sql(s"CREATE TEMPORARY FUNCTION ${tempFunNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
+      }
+    }
+    sql(s"USE ${reusedDb2}")
+    // scalastyle:on
+    super.beforeAll()
+  }
+
+  override def afterAll(): Unit = {
+    Seq(reusedTable, reusedPartTable).foreach { t =>
+      sql(s"DROP TABLE IF EXISTS $t")
+    }
+
+    Seq(reusedDb, reusedDb2).foreach { db =>
+      (0 until functionCount).foreach { index =>
+        sql(s"DROP FUNCTION ${db}.${functionNamePrefix}${index}")
+      }
+      sql(s"DROP DATABASE IF EXISTS ${db}")
+    }
+
+    spark.stop()
+    super.afterAll()
+  }
+}
+
+class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite {
+
+  override protected val catalogImpl: String = "hive"
+
+  test("Function Call Query") {
+    val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
+      s"kyuubi_fun_2(value), " +
+      s"${reusedDb}.kyuubi_fun_0(value), " +
+      s"kyuubi_temp_fun_1('data2')," +
+      s"kyuubi_temp_fun_2(key) " +
+      s"FROM $reusedTable").queryExecution.analyzed
+    val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
+    assert(inputs.size === 3)
+    inputs.foreach { po =>
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+      assert(po.dbname startsWith reusedDb.toLowerCase)
+      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+      val accessType = ranger.AccessType(po, QUERY, isInput = true)
+      assert(accessType === AccessType.SELECT)
+    }
+  }
+
+  test("Function Call Query with Quoted Name") {
+    val plan = sql(s"SELECT `kyuubi_fun_1`('data'), " +
+      s"`kyuubi_fun_2`(value), " +
+      s"`${reusedDb}`.`kyuubi_fun_0`(value), " +
+      s"`kyuubi_temp_fun_1`('data2')," +
+      s"`kyuubi_temp_fun_2`(key) " +
+      s"FROM $reusedTable").queryExecution.analyzed
+    val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
+    assert(inputs.size === 3)
+    inputs.foreach { po =>
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+      assert(po.dbname startsWith reusedDb.toLowerCase)
+      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+      val accessType = ranger.AccessType(po, QUERY, isInput = true)
+      assert(accessType === AccessType.SELECT)
+    }
+  }
+
+  test("Simple Function Call Query") {
+    val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
+      s"kyuubi_fun_0('value'), " +
+      s"${reusedDb}.kyuubi_fun_0('value'), " +
+      s"${reusedDb}.kyuubi_fun_2('value'), " +
+      s"kyuubi_temp_fun_1('data2')," +
+      s"kyuubi_temp_fun_2('key') ").queryExecution.analyzed
+    val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
+    assert(inputs.size === 4)
+    inputs.foreach { po =>
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+      assert(po.dbname startsWith reusedDb.toLowerCase)
+      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+      val accessType = ranger.AccessType(po, QUERY, isInput = true)
+      assert(accessType === AccessType.SELECT)
+    }
+  }
+
+  test("Function Call In CAST Command") {
+    val table = "castTable"
+    withTable(table) { table =>
+      val plan = sql(s"CREATE TABLE ${table} " +
+        s"SELECT kyuubi_fun_1('data') col1, " +
+        s"${reusedDb2}.kyuubi_fun_2(value) col2, " +
+        s"kyuubi_fun_0(value) col3, " +
+        s"kyuubi_fun_2('value') col4, " +
+        s"${reusedDb}.kyuubi_fun_2('value') col5, " +
+        s"${reusedDb}.kyuubi_fun_1('value') col6, " +
+        s"kyuubi_temp_fun_1('data2') col7, " +
+        s"kyuubi_temp_fun_2(key) col8 " +
+        s"FROM ${reusedTable} WHERE ${reusedDb2}.kyuubi_fun_1(key)='123'").queryExecution.analyzed
+      val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
+      assert(inputs.size === 7)
+      inputs.foreach { po =>
+        assert(po.actionType === PrivilegeObjectActionType.OTHER)
+        assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+        assert(po.dbname startsWith reusedDb.toLowerCase)
+        assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+        val accessType = ranger.AccessType(po, QUERY, isInput = true)
+        assert(accessType === AccessType.SELECT)
+      }
+    }
+  }
+
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index 7c7ed138b..e20cd13d7 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -34,13 +34,16 @@ object JsonSpecFileGenerator {
     writeCommandSpecJson("database", DatabaseCommands.data)
     writeCommandSpecJson("table", TableCommands.data ++ IcebergCommands.data)
     writeCommandSpecJson("function", FunctionCommands.data)
-    writeCommandSpecJson("scan", Scans.data)
+    writeCommandSpecJson("scan", Scans.data, isScanResource = true)
   }
 
-  def writeCommandSpecJson[T <: CommandSpec](commandType: String, specArr: Array[T]): Unit = {
+  def writeCommandSpecJson[T <: CommandSpec](
+      commandType: String,
+      specArr: Array[T],
+      isScanResource: Boolean = false): Unit = {
     val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
       .split("target").head
-    val filename = s"${commandType}_command_spec.json"
+    val filename = s"${commandType}${if (isScanResource) "" else "_command"}_spec.json"
     val writer = {
       val p = Paths.get(pluginHome, "src", "main", "resources", filename)
       Files.newBufferedWriter(p, StandardCharsets.UTF_8)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index 7bd8260bb..b2c1868a2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.plugin.spark.authz.gen
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType._
 
 object Scans {
 
@@ -57,9 +58,34 @@ object Scans {
     ScanSpec(r, Seq(tableDesc))
   }
 
+  val HiveSimpleUDF = {
+    ScanSpec(
+      "org.apache.spark.sql.hive.HiveSimpleUDF",
+      Seq.empty,
+      Seq(FunctionDesc(
+        "name",
+        classOf[QualifiedNameStringFunctionExtractor],
+        functionTypeDesc = Some(FunctionTypeDesc(
+          "name",
+          classOf[FunctionNameFunctionTypeExtractor],
+          Seq(TEMP, SYSTEM))),
+        isInput = true)))
+  }
+
+  val HiveGenericUDF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDF")
+
+  val HiveUDAFFunction = HiveSimpleUDF.copy(classname =
+    "org.apache.spark.sql.hive.HiveUDAFFunction")
+
+  val HiveGenericUDTF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDTF")
+
   val data: Array[ScanSpec] = Array(
     HiveTableRelation,
     LogicalRelation,
     DataSourceV2Relation,
-    PermanentViewMarker)
+    PermanentViewMarker,
+    HiveSimpleUDF,
+    HiveGenericUDF,
+    HiveUDAFFunction,
+    HiveGenericUDTF)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 7bf01b43f..4f971ba62 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -637,7 +637,7 @@ object TableCommands {
       "org.apache.spark.sql.execution.datasources.SaveIntoDataSourceCommand"),
     InsertIntoHadoopFsRelationCommand,
     InsertIntoDataSourceDir.copy(classname =
-      "org.apache.spark.sql.execution.datasources.InsertIntoDataSourceDirCommand"),
+      "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand"),
     InsertIntoHiveTable,
     LoadData,
     MergeIntoTable,
diff --git a/pom.xml b/pom.xml
index f772bd1b4..520b181d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2337,7 +2337,7 @@
                 <module>extensions/spark/kyuubi-extension-spark-3-2</module>
             </modules>
             <properties>
-                <spark.version>3.2.3</spark.version>
+                <spark.version>3.2.4</spark.version>
                 <spark.binary.version>3.2</spark.binary.version>
                 <delta.version>2.0.2</delta.version>
                 <spark.archive.name>spark-${spark.version}-bin-hadoop3.2.tgz</spark.archive.name>

From 3ac8df83243836623b20fbb3d9fadd5f14dd8560 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 17 Apr 2023 09:42:25 +0800
Subject: [PATCH 287/760] [KYUUBI #4695] Bump super-linter action from v4 to v5

### _Why are the changes needed?_

- super-liner action v5.0.0 release notes: https://github.com/github/super-linter/releases/tag/v5.0.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4695 from bowenliang123/superlinter-v5.

Closes #4695

7cd3095a9 [liangbowen] update
7826c8043 [liangbowen] update
89e7b3d7d [liangbowen] bump superlinter to v5

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/style.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index e45b826fc..78cbe655a 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -109,7 +109,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Super Linter Checks
-        uses: github/super-linter/slim@v4
+        uses: github/super-linter/slim@v5
         env:
           CREATE_LOG_FILE: true
           ERROR_ON_MISSING_EXEC_BIT: true

From 57b06112657f1fd87447098e166205074426a908 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Mon, 17 Apr 2023 09:44:47 +0800
Subject: [PATCH 288/760] [KYUUBI #4713][TEST] Fix false positive result in
 SchedulerPoolSuite

### _Why are the changes needed?_

fix issuse https://github.com/apache/kyuubi/issues/4713

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4714 from huangzhir/fixtest-schedulerpool.

Closes #4713

e66ede214 [huangzhir] fixbug TEST SchedulerPoolSuite  a false positive result

Authored-by: huangzhir <306824224@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/SchedulerPoolSuite.scala      | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
index af8c90cf2..d42b7f4d5 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.engine.spark
 
 import java.util.concurrent.Executors
 
+import scala.concurrent.duration.SECONDS
+
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobEnd, SparkListenerJobStart}
 import org.scalatest.concurrent.PatienceConfiguration.Timeout
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
@@ -80,6 +82,7 @@ class SchedulerPoolSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
         threads.execute(() => {
           priority match {
             case 0 =>
+              // job name job2
               withJdbcStatement() { statement =>
                 statement.execute("SET kyuubi.operation.scheduler.pool=p0")
                 statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
@@ -92,17 +95,18 @@ class SchedulerPoolSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
                 statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
                   " FROM range(1, 3, 1, 2)")
               }
+              // make sure this job name job1
+              Thread.sleep(1000)
           }
         })
       }
       threads.shutdown()
-      eventually(Timeout(20.seconds)) {
-        // We can not ensure that job1 is started before job2 so here using abs.
-        assert(Math.abs(job1StartTime - job2StartTime) < 1000)
-        // Job1 minShare is 2(total resource) so that job2 should be allocated tasks after
-        // job1 finished.
-        assert(job2FinishTime - job1FinishTime >= 1000)
-      }
+      threads.awaitTermination(20, SECONDS)
+      // because after job1 submitted, sleep 1s, so job1 should be started before job2
+      assert(job1StartTime < job2StartTime)
+      // job2 minShare is 2(total resource) so that job1 should be allocated tasks after
+      // job2 finished.
+      assert(job2FinishTime < job1FinishTime)
     } finally {
       spark.sparkContext.removeSparkListener(listener)
     }

From cdbe05fa4c6a18cd52185f3152b8648f676b240d Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Mon, 17 Apr 2023 16:52:54 +0800
Subject: [PATCH 289/760] [KYUUBI #4720] [ARROW] Fix
 java.lang.NoSuchFieldError: IpcOption.DEFAULT for Spark-3.1/3.2

### _Why are the changes needed?_

`IpcOption.DEFAULT` was introduced in [ARROW-11081](https://github.com/apache/arrow/pull/9053)(ARROW-4.0.0), add `ARROW_IPC_OPTION_DEFAULT` for adapt Spark-3.1/3.2

```
Caused by: java.lang.NoSuchFieldError: DEFAULT
	at org.apache.spark.sql.execution.arrow.KyuubiArrowConverters$ArrowBatchIterator.$anonfun$next$1(KyuubiArrowConverters.scala:304)
	at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
	at org.apache.spark.util.Utils$.tryWithSafeFinally(Utils.scala:1491)
	at org.apache.spark.sql.execution.arrow.KyuubiArrowConverters$ArrowBatchIterator.next(KyuubiArrowConverters.scala:308)
	at org.apache.spark.sql.execution.arrow.KyuubiArrowConverters$ArrowBatchIterator.next(KyuubiArrowConverters.scala:231)
	at scala.collection.Iterator.foreach(Iterator.scala:943)
	at scala.collection.Iterator.foreach$(Iterator.scala:943)
	at org.apache.spark.sql.execution.arrow.KyuubiArrowConverters$ArrowBatchIterator.foreach(KyuubiArrowConverters.scala:231)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4720 from cfmcgrady/arrow-ipc-option.

Closes #4720

2c80e670e [Fu Chen] fix style
a8294f637 [Fu Chen] add ARROW_IPC_OPTION_DEFAULT

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 .../spark/sql/execution/arrow/KyuubiArrowConverters.scala    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index dd6163ec9..2feadbced 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -299,7 +299,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
         MessageSerializer.serialize(writeChannel, batch)
 
         // Always write the Ipc options at the end.
-        ArrowStreamWriter.writeEndOfStream(writeChannel, IpcOption.DEFAULT)
+        ArrowStreamWriter.writeEndOfStream(writeChannel, ARROW_IPC_OPTION_DEFAULT)
 
         batch.close()
       } {
@@ -318,4 +318,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       context: TaskContext): Iterator[InternalRow] = {
     ArrowConverters.fromBatchIterator(arrowBatchIter, schema, timeZoneId, context)
   }
+
+  // IpcOption.DEFAULT was introduced in ARROW-11081(ARROW-4.0.0), add this for adapt Spark-3.1/3.2
+  final private val ARROW_IPC_OPTION_DEFAULT = new IpcOption()
 }

From 17514a3acaf5e6b4c3a424e839e07854e674dd4c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 17 Apr 2023 16:55:56 +0800
Subject: [PATCH 290/760] Revert "[KYUUBI #4713][TEST] Fix false positive
 result in SchedulerPoolSuite"

This reverts commit 57b06112657f1fd87447098e166205074426a908.
---
 .../engine/spark/SchedulerPoolSuite.scala      | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
index d42b7f4d5..af8c90cf2 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
@@ -19,8 +19,6 @@ package org.apache.kyuubi.engine.spark
 
 import java.util.concurrent.Executors
 
-import scala.concurrent.duration.SECONDS
-
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobEnd, SparkListenerJobStart}
 import org.scalatest.concurrent.PatienceConfiguration.Timeout
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
@@ -82,7 +80,6 @@ class SchedulerPoolSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
         threads.execute(() => {
           priority match {
             case 0 =>
-              // job name job2
               withJdbcStatement() { statement =>
                 statement.execute("SET kyuubi.operation.scheduler.pool=p0")
                 statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
@@ -95,18 +92,17 @@ class SchedulerPoolSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
                 statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
                   " FROM range(1, 3, 1, 2)")
               }
-              // make sure this job name job1
-              Thread.sleep(1000)
           }
         })
       }
       threads.shutdown()
-      threads.awaitTermination(20, SECONDS)
-      // because after job1 submitted, sleep 1s, so job1 should be started before job2
-      assert(job1StartTime < job2StartTime)
-      // job2 minShare is 2(total resource) so that job1 should be allocated tasks after
-      // job2 finished.
-      assert(job2FinishTime < job1FinishTime)
+      eventually(Timeout(20.seconds)) {
+        // We can not ensure that job1 is started before job2 so here using abs.
+        assert(Math.abs(job1StartTime - job2StartTime) < 1000)
+        // Job1 minShare is 2(total resource) so that job2 should be allocated tasks after
+        // job1 finished.
+        assert(job2FinishTime - job1FinishTime >= 1000)
+      }
     } finally {
       spark.sparkContext.removeSparkListener(listener)
     }

From 553b2aafe7a29546ee410f44640d8e92cdf58951 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Mon, 17 Apr 2023 20:11:22 +0800
Subject: [PATCH 291/760] [KYUUBI #4367] Support Flink 1.17

### _Why are the changes needed?_

Support Flink 1.17 and Flink SQL gateway.

1. Drop Flink 1.15
2. Migrate API to Flink SQL Gateway
3. Support Flink 1.17

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4368 from link3280/flink-1.17.

Closes #4367

8eb4da6c0 [Paul Lin] [KYUUBI #4367] Fix test failure
81a10f6be [Paul Lin] [KYUUBI #4367] Fix test failure
23d87ba1d [Paul Lin] [KYUUBI #4367] Rename delegation package to shim
5c9d0aa84 [Paul Lin] [KYUUBI #4367] Improve code style
56567fcd7 [Paul Lin] [KYUUBI #4367] Improve java.long.Long usage
417d37b27 [Paul Lin] Update externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
08f89991a [Paul Lin] [KYUUBI #4367] Fix ambiguous reference
ed950600c [Paul Lin] [KYUUBI #4367] Fix spotless
7b28eaf11 [Paul Lin] [KYUUBI #4367] Improve code style for iterations
c2a23d571 [Paul Lin] [KYUUBI #4367] Improve code style for error messages and iterations
7e36e70c7 [Paul Lin] [KYUUBI #4367] Improve code style for java.lang.Boolean
4ef8c5209 [Paul Lin] [KYUUBI #4367] Improve code style for java.util.*
8530aec2a [Paul Lin] [KYUUBI #4367] Remove unnecessary classes
1c41e4400 [Paul Lin] [KYUUBI #4367] Remove unnecessary variables
33eeb37ee [Paul Lin] [KYUUBI #4367] Remove unnecessary reflection code
e1e5cd2cf [Paul Lin] [KYUUBI #4367] Fix IncompatibleClassChangeError
3520a5153 [Paul Lin] [KYUUBI #4367] Fix IncompatibleClassChangeError
42cce7a54 [Paul Lin] [KYUUBI #4367] Replace vanilla reflection with kyuubi refection tools
20e9913e3 [Paul Lin] [KYUUBI #4367] Fix FlinkProcessBuilder test error
a02e01adf [Paul Lin] [KYUUBI #4367] Improve code style
20e1a559e [Paul Lin] [KYUUBI #4367] Use kyuubi refection tools
9b2072e45 [Paul Lin] [KYUUBI #4367] Improve flink version match
7ce1e9a12 [Paul Lin] [KYUUBI #4367] Fix local engine tagged as YARN app
fd0c88d15 [Paul Lin] Revert "[KYUUBI #4367] Filter out non kyuubi prefixed conf in flink login engine"
f71c6014e [Paul Lin] [KYUUBI #4367] Fix local engine tagged as YARN app
b7d46f57d [Paul Lin] [KYUUBI #4367] Filter out non kyuubi prefixed conf in flink login engine
47beb1a78 [Paul Lin] [KYUUBI #4367] Refactor Flink engine tests
7e1a198ca [Paul Lin] [KYUUBI #4367] Fix flink sql gateway jar not included in local mode
e851d9732 [Paul Lin] [KYUUBI #4367] Disable query id test for flink 1.16
7291e27fa [Paul Lin] [KYUUBI #4367] Remove profile for flink-1.15
54cfe3bbc [Paul Lin] [KYUUBI #4367] Fix udf not found in local flink engine tests
1a7833bf2 [Paul Lin] [KYUUBI #4367] Fix test failure in PlanOnlyStatementSuit
700ee04db [Paul Lin] [KYUUBI #4367] Fix FLINK_CONF_DIR not set in ut
b685ff139 [Paul Lin] [KYUUBI #4367] Improve code style
29728c042 [Paul Lin] [KYUUBI #4367] Fix Flink conf dir not found
799c93876 [Paul Lin] [KYUUBI #4367] Fix NoSuchFieldException
614ecc335 [Paul Lin] [KYUUBI #4367] Fix reflection failures
6a08d0bbe [Paul Lin] [KYUUBI #4367] Fix NPE in dependencies
d289495c0 [Paul Lin] [KYUUBI #4367] Flink FlinkSQLEngine capabilities with Flink 1.16
ef6f4d4ff [Paul Lin] [KYUUBI #4367] Remove support for Flink 1.15
e18b3c2ed [Paul Lin] [KYUUBI #4367] Fix Flink SessionManager compatibility issue
49e0a94be [Paul Lin] feat: Support Flink 1.17

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  |   8 +-
 externals/kyuubi-flink-sql-engine/pom.xml     |   6 +
 .../engine/flink/FlinkEngineUtils.scala       | 151 +++++++++----
 .../engine/flink/FlinkSQLBackendService.scala |   2 +-
 .../kyuubi/engine/flink/FlinkSQLEngine.scala  |  55 +----
 .../flink/operation/ExecuteStatement.scala    | 203 +-----------------
 .../flink/operation/FlinkOperation.scala      |  13 +-
 .../operation/FlinkSQLOperationManager.scala  |  14 +-
 .../engine/flink/operation/GetCatalogs.scala  |   6 +-
 .../engine/flink/operation/GetColumns.scala   |  11 +-
 .../flink/operation/GetCurrentCatalog.scala   |   3 +-
 .../flink/operation/GetCurrentDatabase.scala  |   3 +-
 .../engine/flink/operation/GetFunctions.scala |  18 +-
 .../flink/operation/GetPrimaryKeys.scala      |  19 +-
 .../engine/flink/operation/GetSchemas.scala   |  11 +-
 .../engine/flink/operation/GetTables.scala    |   6 +-
 .../flink/operation/OperationUtils.scala      | 172 ---------------
 .../flink/operation/PlanOnlyStatement.scala   |  28 +--
 .../flink/operation/SetCurrentCatalog.scala   |   4 +-
 .../flink/operation/SetCurrentDatabase.scala  |   4 +-
 .../engine/flink/result/ResultSet.scala       |  13 +-
 .../engine/flink/result/ResultSetUtil.scala   |  71 ++++++
 .../session/FlinkSQLSessionManager.scala      |  33 ++-
 .../flink/session/FlinkSessionImpl.scala      |  21 +-
 .../engine/flink/shim/FlinkResultSet.scala    |  78 +++++++
 .../flink/shim/FlinkSessionManager.scala      | 130 +++++++++++
 .../flink/WithDiscoveryFlinkSQLEngine.scala   |  26 +--
 .../flink/WithFlinkSQLEngineLocal.scala       | 190 +++++++++++++---
 .../flink/WithFlinkSQLEngineOnYarn.scala      |   2 +-
 .../engine/flink/WithFlinkTestResources.scala |   7 +-
 .../operation/FlinkOperationLocalSuite.scala  |  30 ++-
 .../operation/FlinkOperationOnYarnSuite.scala |  25 ++-
 .../flink/operation/FlinkOperationSuite.scala |  61 ++++--
 .../operation/PlanOnlyOperationSuite.scala    |  22 +-
 .../engine/KyuubiApplicationManager.scala     |   2 +-
 .../engine/flink/FlinkProcessBuilder.scala    |  21 +-
 .../flink/FlinkProcessBuilderSuite.scala      |   5 +-
 pom.xml                                       |  16 +-
 38 files changed, 844 insertions(+), 646 deletions(-)
 delete mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/OperationUtils.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index ece87e265..04ecb1a60 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -157,15 +157,15 @@ jobs:
           - 8
           - 11
         flink:
-          - '1.15'
           - '1.16'
+          - '1.17'
         flink-archive: [ "" ]
         comment: [ "normal" ]
         include:
           - java: 8
-            flink: '1.16'
-            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.15.4 -Dflink.archive.name=flink-1.15.4-bin-scala_2.12.tgz'
-            comment: 'verify-on-flink-1.15-binary'
+            flink: '1.17'
+            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.16.1 -Dflink.archive.name=flink-1.16.1-bin-scala_2.12.tgz'
+            comment: 'verify-on-flink-1.16-binary'
     steps:
       - uses: actions/checkout@v3
       - name: Tune Runner VM
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index 0e499f978..c73310a64 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -75,6 +75,12 @@
             <scope>provided</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.flink</groupId>
+            <artifactId>flink-sql-gateway</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.flink</groupId>
             <artifactId>flink-table-common</artifactId>
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
index 69fc8c695..f9289ea81 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
@@ -18,29 +18,37 @@
 package org.apache.kyuubi.engine.flink
 
 import java.io.File
+import java.lang.{Boolean => JBoolean}
 import java.net.URL
+import java.util.{ArrayList => JArrayList, Collections => JCollections, List => JList}
 
 import scala.collection.JavaConverters._
+import scala.collection.convert.ImplicitConversions._
 
-import org.apache.commons.cli.{CommandLine, DefaultParser, Option, Options, ParseException}
+import org.apache.commons.cli.{CommandLine, DefaultParser, Options}
+import org.apache.flink.api.common.JobID
+import org.apache.flink.client.cli.{CustomCommandLine, DefaultCLI, GenericCLI}
+import org.apache.flink.configuration.Configuration
 import org.apache.flink.core.fs.Path
 import org.apache.flink.runtime.util.EnvironmentInformation
 import org.apache.flink.table.client.SqlClientException
-import org.apache.flink.table.client.cli.CliOptions
+import org.apache.flink.table.client.cli.CliOptionsParser
 import org.apache.flink.table.client.cli.CliOptionsParser._
-import org.apache.flink.table.client.gateway.context.SessionContext
-import org.apache.flink.table.client.gateway.local.LocalExecutor
+import org.apache.flink.table.gateway.service.context.{DefaultContext, SessionContext}
+import org.apache.flink.table.gateway.service.result.ResultFetcher
+import org.apache.flink.table.gateway.service.session.Session
+import org.apache.flink.util.JarUtils
 
-import org.apache.kyuubi.Logging
+import org.apache.kyuubi.{KyuubiException, Logging}
 import org.apache.kyuubi.engine.SemanticVersion
+import org.apache.kyuubi.reflection.{DynConstructors, DynFields, DynMethods}
 
 object FlinkEngineUtils extends Logging {
 
-  val MODE_EMBEDDED = "embedded"
-  val EMBEDDED_MODE_CLIENT_OPTIONS: Options = getEmbeddedModeClientOptions(new Options);
+  val EMBEDDED_MODE_CLIENT_OPTIONS: Options = getEmbeddedModeClientOptions(new Options)
 
   val SUPPORTED_FLINK_VERSIONS: Array[SemanticVersion] =
-    Array("1.15", "1.16").map(SemanticVersion.apply)
+    Array("1.16", "1.17").map(SemanticVersion.apply)
 
   def checkFlinkVersion(): Unit = {
     val flinkVersion = EnvironmentInformation.getVersion
@@ -62,47 +70,106 @@ object FlinkEngineUtils extends Logging {
   def isFlinkVersionEqualTo(targetVersionString: String): Boolean =
     SemanticVersion(EnvironmentInformation.getVersion).isVersionEqualTo(targetVersionString)
 
-  def parseCliOptions(args: Array[String]): CliOptions = {
-    val (mode, modeArgs) =
-      if (args.isEmpty || args(0).startsWith("-")) (MODE_EMBEDDED, args)
-      else (args(0), args.drop(1))
-    val options = parseEmbeddedModeClient(modeArgs)
-    if (mode == MODE_EMBEDDED) {
-      if (options.isPrintHelp) {
-        printHelpEmbeddedModeClient()
+  /**
+   * Copied and modified from [[org.apache.flink.table.client.cli.CliOptionsParser]]
+   * to avoid loading flink-python classes which we doesn't support yet.
+   */
+  private def discoverDependencies(
+      jars: JList[URL],
+      libraries: JList[URL]): JList[URL] = {
+    val dependencies: JList[URL] = new JArrayList[URL]
+    try { // find jar files
+      for (url <- jars) {
+        JarUtils.checkJarFile(url)
+        dependencies.add(url)
       }
-      options
+      // find jar files in library directories
+      libraries.foreach { libUrl =>
+        val dir: File = new File(libUrl.toURI)
+        if (!dir.isDirectory) throw new SqlClientException(s"Directory expected: $dir")
+        if (!dir.canRead) throw new SqlClientException(s"Directory cannot be read: $dir")
+        val files: Array[File] = dir.listFiles
+        if (files == null) throw new SqlClientException(s"Directory cannot be read: $dir")
+        files.filter { f => f.isFile && f.getAbsolutePath.toLowerCase.endsWith(".jar") }
+          .foreach { f =>
+            val url: URL = f.toURI.toURL
+            JarUtils.checkJarFile(url)
+            dependencies.add(url)
+          }
+      }
+    } catch {
+      case e: Exception =>
+        throw new SqlClientException("Could not load all required JAR files.", e)
+    }
+    dependencies
+  }
+
+  def getDefaultContext(
+      args: Array[String],
+      flinkConf: Configuration,
+      flinkConfDir: String): DefaultContext = {
+    val parser = new DefaultParser
+    val line = parser.parse(EMBEDDED_MODE_CLIENT_OPTIONS, args, true)
+    val jars: JList[URL] = Option(checkUrls(line, CliOptionsParser.OPTION_JAR))
+      .getOrElse(JCollections.emptyList())
+    val libDirs: JList[URL] = Option(checkUrls(line, CliOptionsParser.OPTION_LIBRARY))
+      .getOrElse(JCollections.emptyList())
+    val dependencies: JList[URL] = discoverDependencies(jars, libDirs)
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      val commandLines: JList[CustomCommandLine] =
+        Seq(new GenericCLI(flinkConf, flinkConfDir), new DefaultCLI).asJava
+      DynConstructors.builder()
+        .impl(
+          classOf[DefaultContext],
+          classOf[Configuration],
+          classOf[JList[CustomCommandLine]])
+        .build()
+        .newInstance(flinkConf, commandLines)
+        .asInstanceOf[DefaultContext]
+    } else if (FlinkEngineUtils.isFlinkVersionEqualTo("1.17")) {
+      DynMethods.builder("load")
+        .impl(
+          classOf[DefaultContext],
+          classOf[Configuration],
+          classOf[JList[URL]],
+          classOf[Boolean],
+          classOf[Boolean])
+        .buildStatic()
+        .invoke[DefaultContext](
+          flinkConf,
+          dependencies,
+          new JBoolean(true),
+          new JBoolean(false))
     } else {
-      throw new SqlClientException("Other mode is not supported yet.")
+      throw new KyuubiException(
+        s"Flink version ${EnvironmentInformation.getVersion} are not supported currently.")
     }
   }
 
-  def getSessionContext(localExecutor: LocalExecutor, sessionId: String): SessionContext = {
-    val method = classOf[LocalExecutor].getDeclaredMethod("getSessionContext", classOf[String])
-    method.setAccessible(true)
-    method.invoke(localExecutor, sessionId).asInstanceOf[SessionContext]
+  def getSessionContext(session: Session): SessionContext = {
+    DynFields.builder()
+      .hiddenImpl(classOf[Session], "sessionContext")
+      .build()
+      .get(session)
+      .asInstanceOf[SessionContext]
   }
 
-  def parseEmbeddedModeClient(args: Array[String]): CliOptions =
+  def getResultJobId(resultFetch: ResultFetcher): Option[JobID] = {
+    if (FlinkEngineUtils.isFlinkVersionAtMost("1.16")) {
+      return None
+    }
     try {
-      val parser = new DefaultParser
-      val line = parser.parse(EMBEDDED_MODE_CLIENT_OPTIONS, args, true)
-      val jarUrls = checkUrls(line, OPTION_JAR)
-      val libraryUrls = checkUrls(line, OPTION_LIBRARY)
-      new CliOptions(
-        line.hasOption(OPTION_HELP.getOpt),
-        checkSessionId(line),
-        checkUrl(line, OPTION_INIT_FILE),
-        checkUrl(line, OPTION_FILE),
-        if (jarUrls != null && jarUrls.nonEmpty) jarUrls.asJava else null,
-        if (libraryUrls != null && libraryUrls.nonEmpty) libraryUrls.asJava else null,
-        line.getOptionValue(OPTION_UPDATE.getOpt),
-        line.getOptionValue(OPTION_HISTORY.getOpt),
-        null)
+      Option(DynFields.builder()
+        .hiddenImpl(classOf[ResultFetcher], "jobID")
+        .build()
+        .get(resultFetch)
+        .asInstanceOf[JobID])
     } catch {
-      case e: ParseException =>
-        throw new SqlClientException(e.getMessage)
+      case _: NullPointerException => None
+      case e: Throwable =>
+        throw new IllegalStateException("Unexpected error occurred while fetching query ID", e)
     }
+  }
 
   def checkSessionId(line: CommandLine): String = {
     val sessionId = line.getOptionValue(OPTION_SESSION.getOpt)
@@ -111,13 +178,13 @@ object FlinkEngineUtils extends Logging {
     } else sessionId
   }
 
-  def checkUrl(line: CommandLine, option: Option): URL = {
-    val urls: List[URL] = checkUrls(line, option)
+  def checkUrl(line: CommandLine, option: org.apache.commons.cli.Option): URL = {
+    val urls: JList[URL] = checkUrls(line, option)
     if (urls != null && urls.nonEmpty) urls.head
     else null
   }
 
-  def checkUrls(line: CommandLine, option: Option): List[URL] = {
+  def checkUrls(line: CommandLine, option: org.apache.commons.cli.Option): JList[URL] = {
     if (line.hasOption(option.getOpt)) {
       line.getOptionValues(option.getOpt).distinct.map((url: String) => {
         checkFilePath(url)
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLBackendService.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLBackendService.scala
index d049e3c80..9802f1955 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLBackendService.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLBackendService.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.engine.flink
 
-import org.apache.flink.table.client.gateway.context.DefaultContext
+import org.apache.flink.table.gateway.service.context.DefaultContext
 
 import org.apache.kyuubi.engine.flink.session.FlinkSQLSessionManager
 import org.apache.kyuubi.service.AbstractBackendService
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 42061a369..48a354b0f 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -18,22 +18,17 @@
 package org.apache.kyuubi.engine.flink
 
 import java.io.File
-import java.net.URL
 import java.nio.file.Paths
 import java.time.Instant
 import java.util.concurrent.CountDownLatch
 
 import scala.collection.JavaConverters._
-import scala.collection.mutable.ListBuffer
 
-import org.apache.flink.client.cli.{DefaultCLI, GenericCLI}
 import org.apache.flink.configuration.{Configuration, DeploymentOptions, GlobalConfiguration}
 import org.apache.flink.table.api.TableEnvironment
-import org.apache.flink.table.client.SqlClientException
-import org.apache.flink.table.client.gateway.context.DefaultContext
-import org.apache.flink.util.JarUtils
+import org.apache.flink.table.gateway.service.context.DefaultContext
 
-import org.apache.kyuubi.{KyuubiSQLException, Logging, Utils}
+import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.Utils.{addShutdownHook, currentUser, FLINK_ENGINE_SHUTDOWN_PRIORITY}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.flink.FlinkSQLEngine.{countDownLatch, currentEngine}
@@ -118,18 +113,9 @@ object FlinkSQLEngine extends Logging {
           debug(s"Skip generating app name for execution target $other")
       }
 
-      val cliOptions = FlinkEngineUtils.parseCliOptions(args)
-      val jars = if (cliOptions.getJars != null) cliOptions.getJars.asScala else List.empty
-      val libDirs =
-        if (cliOptions.getLibraryDirs != null) cliOptions.getLibraryDirs.asScala else List.empty
-      val dependencies = discoverDependencies(jars, libDirs)
-      val engineContext = new DefaultContext(
-        dependencies.asJava,
-        flinkConf,
-        Seq(new GenericCLI(flinkConf, flinkConfDir), new DefaultCLI).asJava)
-
       kyuubiConf.setIfMissing(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
 
+      val engineContext = FlinkEngineUtils.getDefaultContext(args, flinkConf, flinkConfDir)
       startEngine(engineContext)
       info("Flink engine started")
 
@@ -146,7 +132,7 @@ object FlinkSQLEngine extends Logging {
           engine.stop()
         }
       case t: Throwable =>
-        error("Create FlinkSQL Engine Failed", t)
+        error("Failed to create FlinkSQL Engine", t)
     }
   }
 
@@ -167,37 +153,4 @@ object FlinkSQLEngine extends Logging {
     res.await()
     info("Initial Flink SQL finished.")
   }
-
-  private def discoverDependencies(
-      jars: Seq[URL],
-      libraries: Seq[URL]): List[URL] = {
-    try {
-      var dependencies: ListBuffer[URL] = ListBuffer()
-      // find jar files
-      jars.foreach { url =>
-        JarUtils.checkJarFile(url)
-        dependencies = dependencies += url
-      }
-      // find jar files in library directories
-      libraries.foreach { libUrl =>
-        val dir: File = new File(libUrl.toURI)
-        if (!dir.isDirectory) throw new SqlClientException("Directory expected: " + dir)
-        else if (!dir.canRead) throw new SqlClientException("Directory cannot be read: " + dir)
-        val files: Array[File] = dir.listFiles
-        if (files == null) throw new SqlClientException("Directory cannot be read: " + dir)
-        files.foreach { f =>
-          // only consider jars
-          if (f.isFile && f.getAbsolutePath.toLowerCase.endsWith(".jar")) {
-            val url: URL = f.toURI.toURL
-            JarUtils.checkJarFile(url)
-            dependencies = dependencies += url
-          }
-        }
-      }
-      dependencies.toList
-    } catch {
-      case e: Exception =>
-        throw KyuubiSQLException(s"Could not load all required JAR files.", e)
-    }
-  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index 10ad5bf6d..4042756b6 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -17,32 +17,15 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
-import java.time.{LocalDate, LocalTime}
-import java.util
-
-import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
-
 import org.apache.flink.api.common.JobID
-import org.apache.flink.table.api.ResultKind
-import org.apache.flink.table.client.gateway.TypedResult
-import org.apache.flink.table.data.{GenericArrayData, GenericMapData, RowData}
-import org.apache.flink.table.data.binary.{BinaryArrayData, BinaryMapData}
-import org.apache.flink.table.operations.{ModifyOperation, Operation, QueryOperation}
-import org.apache.flink.table.operations.command._
-import org.apache.flink.table.types.DataType
-import org.apache.flink.table.types.logical._
-import org.apache.flink.types.Row
+import org.apache.flink.table.gateway.api.operation.OperationHandle
 
 import org.apache.kyuubi.Logging
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils._
-import org.apache.kyuubi.engine.flink.result.ResultSet
-import org.apache.kyuubi.engine.flink.schema.RowSet.toHiveString
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.engine.flink.result.ResultSetUtil
 import org.apache.kyuubi.operation.OperationState
 import org.apache.kyuubi.operation.log.OperationLog
-import org.apache.kyuubi.reflection.DynMethods
 import org.apache.kyuubi.session.Session
-import org.apache.kyuubi.util.RowSetUtils
 
 class ExecuteStatement(
     session: Session,
@@ -77,22 +60,11 @@ class ExecuteStatement(
   private def executeStatement(): Unit = {
     try {
       setState(OperationState.RUNNING)
-      val operation = executor.parseStatement(sessionId, statement)
-      operation match {
-        case queryOperation: QueryOperation => runQueryOperation(queryOperation)
-        case modifyOperation: ModifyOperation => runModifyOperation(modifyOperation)
-        case setOperation: SetOperation =>
-          resultSet = OperationUtils.runSetOperation(setOperation, executor, sessionId)
-        case resetOperation: ResetOperation =>
-          resultSet = OperationUtils.runResetOperation(resetOperation, executor, sessionId)
-        case addJarOperation: AddJarOperation if isFlinkVersionAtMost("1.15") =>
-          resultSet = OperationUtils.runAddJarOperation(addJarOperation, executor, sessionId)
-        case removeJarOperation: RemoveJarOperation =>
-          resultSet = OperationUtils.runRemoveJarOperation(removeJarOperation, executor, sessionId)
-        case showJarsOperation: ShowJarsOperation if isFlinkVersionAtMost("1.15") =>
-          resultSet = OperationUtils.runShowJarOperation(showJarsOperation, executor, sessionId)
-        case operation: Operation => runOperation(operation)
-      }
+      val resultFetcher = executor.executeStatement(
+        new OperationHandle(getHandle.identifier),
+        statement)
+      jobId = FlinkEngineUtils.getResultJobId(resultFetcher)
+      resultSet = ResultSetUtil.fromResultFetcher(resultFetcher, resultMaxRows)
       setState(OperationState.FINISHED)
     } catch {
       onError(cancel = true)
@@ -100,163 +72,4 @@ class ExecuteStatement(
       shutdownTimeoutMonitor()
     }
   }
-
-  private def runQueryOperation(operation: QueryOperation): Unit = {
-    var resultId: String = null
-    try {
-      val resultDescriptor = executor.executeQuery(sessionId, operation)
-      val dataTypes = resultDescriptor.getResultSchema.getColumnDataTypes.asScala.toList
-
-      resultId = resultDescriptor.getResultId
-
-      val rows = new ArrayBuffer[Row]()
-      var loop = true
-
-      while (loop) {
-        Thread.sleep(50) // slow the processing down
-
-        val pageSize = Math.min(500, resultMaxRows)
-        val result = executor.snapshotResult(sessionId, resultId, pageSize)
-        result.getType match {
-          case TypedResult.ResultType.PAYLOAD =>
-            (1 to result.getPayload).foreach { page =>
-              if (rows.size < resultMaxRows) {
-                val result = executor.retrieveResultPage(resultId, page)
-                rows ++= result.asScala.map(r => convertToRow(r, dataTypes))
-              } else {
-                loop = false
-              }
-            }
-          case TypedResult.ResultType.EOS => loop = false
-          case TypedResult.ResultType.EMPTY =>
-        }
-      }
-
-      resultSet = ResultSet.builder
-        .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
-        .columns(resultDescriptor.getResultSchema.getColumns)
-        .data(rows.slice(0, resultMaxRows).toArray[Row])
-        .build
-    } finally {
-      if (resultId != null) {
-        cleanupQueryResult(resultId)
-      }
-    }
-  }
-
-  private def runModifyOperation(operation: ModifyOperation): Unit = {
-    val result = executor.executeOperation(sessionId, operation)
-    jobId = result.getJobClient.asScala.map(_.getJobID)
-    resultSet = ResultSet.fromJobId(jobId.orNull)
-  }
-
-  private def runOperation(operation: Operation): Unit = {
-    val result = executor.executeOperation(sessionId, operation)
-    jobId = result.getJobClient.asScala.map(_.getJobID)
-    // after FLINK-24461, TableResult#await() would block insert statements
-    // until the job finishes, instead of returning row affected immediately
-    resultSet = ResultSet.fromTableResult(result)
-  }
-
-  private def cleanupQueryResult(resultId: String): Unit = {
-    try {
-      executor.cancelQuery(sessionId, resultId)
-    } catch {
-      case t: Throwable =>
-        warn(s"Failed to clean result set $resultId in session $sessionId", t)
-    }
-  }
-
-  private[this] def convertToRow(r: RowData, dataTypes: List[DataType]): Row = {
-    val row = Row.withPositions(r.getRowKind, r.getArity)
-    for (i <- 0 until r.getArity) {
-      val dataType = dataTypes(i)
-      dataType.getLogicalType match {
-        case arrayType: ArrayType =>
-          val arrayData = r.getArray(i)
-          if (arrayData == null) {
-            row.setField(i, null)
-          }
-          arrayData match {
-            case d: GenericArrayData =>
-              row.setField(i, d.toObjectArray)
-            case d: BinaryArrayData =>
-              row.setField(i, d.toObjectArray(arrayType.getElementType))
-            case _ =>
-          }
-        case _: BinaryType | _: VarBinaryType =>
-          row.setField(i, r.getBinary(i))
-        case _: BigIntType =>
-          row.setField(i, r.getLong(i))
-        case _: BooleanType =>
-          row.setField(i, r.getBoolean(i))
-        case _: VarCharType | _: CharType =>
-          row.setField(i, r.getString(i))
-        case t: DecimalType =>
-          row.setField(i, r.getDecimal(i, t.getPrecision, t.getScale).toBigDecimal)
-        case _: DateType =>
-          val date = RowSetUtils.formatLocalDate(LocalDate.ofEpochDay(r.getInt(i)))
-          row.setField(i, date)
-        case _: TimeType =>
-          val time = RowSetUtils.formatLocalTime(LocalTime.ofNanoOfDay(r.getLong(i) * 1000 * 1000))
-          row.setField(i, time)
-        case t: TimestampType =>
-          val ts = RowSetUtils
-            .formatLocalDateTime(r.getTimestamp(i, t.getPrecision)
-              .toLocalDateTime)
-          row.setField(i, ts)
-        case _: TinyIntType =>
-          row.setField(i, r.getByte(i))
-        case _: SmallIntType =>
-          row.setField(i, r.getShort(i))
-        case _: IntType =>
-          row.setField(i, r.getInt(i))
-        case _: FloatType =>
-          row.setField(i, r.getFloat(i))
-        case mapType: MapType =>
-          val mapData = r.getMap(i)
-          if (mapData != null && mapData.size > 0) {
-            val keyType = mapType.getKeyType
-            val valueType = mapType.getValueType
-            mapData match {
-              case d: BinaryMapData =>
-                val kvArray = toArray(keyType, valueType, d)
-                val map: util.Map[Any, Any] = new util.HashMap[Any, Any]
-                for (i <- kvArray._1.indices) {
-                  val value: Any = kvArray._2(i)
-                  map.put(kvArray._1(i), value)
-                }
-                row.setField(i, map)
-              case d: GenericMapData => // TODO
-            }
-          } else {
-            row.setField(i, null)
-          }
-        case _: DoubleType =>
-          row.setField(i, r.getDouble(i))
-        case t: RowType =>
-          val fieldDataTypes = DynMethods.builder("getFieldDataTypes")
-            .impl(classOf[DataType], classOf[DataType])
-            .buildStatic
-            .invoke[util.List[DataType]](dataType)
-            .asScala.toList
-          val internalRowData = r.getRow(i, t.getFieldCount)
-          val internalRow = convertToRow(internalRowData, fieldDataTypes)
-          row.setField(i, internalRow)
-        case t =>
-          val hiveString = toHiveString((row.getField(i), t))
-          row.setField(i, hiveString)
-      }
-    }
-    row
-  }
-
-  private[this] def toArray(
-      keyType: LogicalType,
-      valueType: LogicalType,
-      arrayData: BinaryMapData): (Array[_], Array[_]) = {
-
-    arrayData.keyArray().toObjectArray(keyType) -> arrayData.valueArray().toObjectArray(valueType)
-  }
-
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
index 2859d659e..d734cea05 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
@@ -21,8 +21,9 @@ import java.io.IOException
 
 import scala.collection.JavaConverters.collectionAsScalaIterableConverter
 
-import org.apache.flink.table.client.gateway.Executor
-import org.apache.flink.table.client.gateway.context.SessionContext
+import org.apache.flink.configuration.Configuration
+import org.apache.flink.table.gateway.service.context.SessionContext
+import org.apache.flink.table.gateway.service.operation.OperationExecutor
 import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet, TTableSchema}
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
@@ -36,12 +37,16 @@ import org.apache.kyuubi.session.Session
 
 abstract class FlinkOperation(session: Session) extends AbstractOperation(session) {
 
+  protected val flinkSession: org.apache.flink.table.gateway.service.session.Session =
+    session.asInstanceOf[FlinkSessionImpl].fSession
+
+  protected val executor: OperationExecutor = flinkSession.createExecutor(
+    Configuration.fromMap(flinkSession.getSessionConfig))
+
   protected val sessionContext: SessionContext = {
     session.asInstanceOf[FlinkSessionImpl].sessionContext
   }
 
-  protected val executor: Executor = session.asInstanceOf[FlinkSessionImpl].executor
-
   protected val sessionId: String = session.handle.identifier.toString
 
   protected var resultSet: ResultSet = _
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala
index d7b5e297d..712c13596 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala
@@ -23,6 +23,7 @@ import scala.collection.JavaConverters._
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.session.FlinkSessionImpl
 import org.apache.kyuubi.operation.{NoneMode, Operation, OperationManager, PlanOnlyMode}
@@ -44,7 +45,8 @@ class FlinkSQLOperationManager extends OperationManager("FlinkSQLOperationManage
       runAsync: Boolean,
       queryTimeout: Long): Operation = {
     val flinkSession = session.asInstanceOf[FlinkSessionImpl]
-    if (flinkSession.sessionContext.getConfigMap.getOrDefault(
+    val sessionConfig = flinkSession.fSession.getSessionConfig
+    if (sessionConfig.getOrDefault(
         ENGINE_OPERATION_CONVERT_CATALOG_DATABASE_ENABLED.key,
         operationConvertCatalogDatabaseDefault.toString).toBoolean) {
       val catalogDatabaseOperation = processCatalogDatabase(session, statement, confOverlay)
@@ -53,11 +55,13 @@ class FlinkSQLOperationManager extends OperationManager("FlinkSQLOperationManage
       }
     }
 
-    val mode = PlanOnlyMode.fromString(flinkSession.sessionContext.getConfigMap.getOrDefault(
-      OPERATION_PLAN_ONLY_MODE.key,
-      operationModeDefault))
+    val mode = PlanOnlyMode.fromString(
+      sessionConfig.getOrDefault(
+        OPERATION_PLAN_ONLY_MODE.key,
+        operationModeDefault))
 
-    flinkSession.sessionContext.set(OPERATION_PLAN_ONLY_MODE.key, mode.name)
+    val sessionContext = FlinkEngineUtils.getSessionContext(flinkSession.fSession)
+    sessionContext.set(OPERATION_PLAN_ONLY_MODE.key, mode.name)
     val resultMaxRows =
       flinkSession.normalizedConf.getOrElse(
         ENGINE_FLINK_MAX_ROWS.key,
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCatalogs.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCatalogs.scala
index 11dd760e4..245371681 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCatalogs.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCatalogs.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import scala.collection.convert.ImplicitConversions._
+
 import org.apache.kyuubi.engine.flink.result.ResultSetUtil
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_CAT
 import org.apache.kyuubi.session.Session
@@ -25,8 +27,8 @@ class GetCatalogs(session: Session) extends FlinkOperation(session) {
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-      val catalogs = tableEnv.listCatalogs.toList
+      val catalogManager = sessionContext.getSessionState.catalogManager
+      val catalogs = catalogManager.listCatalogs.toList
       resultSet = ResultSetUtil.stringListToResultSet(catalogs, TABLE_CAT)
     } catch onError()
   }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetColumns.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetColumns.scala
index 6ce2a6ac7..b1a7c0c3e 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetColumns.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetColumns.scala
@@ -21,7 +21,7 @@ import scala.collection.JavaConverters._
 
 import org.apache.commons.lang3.StringUtils
 import org.apache.flink.table.api.{DataTypes, ResultKind}
-import org.apache.flink.table.catalog.Column
+import org.apache.flink.table.catalog.{Column, ObjectIdentifier}
 import org.apache.flink.table.types.logical._
 import org.apache.flink.types.Row
 
@@ -40,17 +40,17 @@ class GetColumns(
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
 
       val catalogName =
-        if (StringUtils.isEmpty(catalogNameOrEmpty)) tableEnv.getCurrentCatalog
+        if (StringUtils.isEmpty(catalogNameOrEmpty)) executor.getCurrentCatalog
         else catalogNameOrEmpty
 
       val schemaNameRegex = toJavaRegex(schemaNamePattern)
       val tableNameRegex = toJavaRegex(tableNamePattern)
       val columnNameRegex = toJavaRegex(columnNamePattern).r
 
-      val columns = tableEnv.getCatalog(catalogName).asScala.toArray.flatMap { flinkCatalog =>
+      val catalogManager = sessionContext.getSessionState.catalogManager
+      val columns = catalogManager.getCatalog(catalogName).asScala.toArray.flatMap { flinkCatalog =>
         SchemaHelper.getSchemasWithPattern(flinkCatalog, schemaNameRegex)
           .flatMap { schemaName =>
             SchemaHelper.getFlinkTablesWithPattern(
@@ -60,7 +60,8 @@ class GetColumns(
               tableNameRegex)
               .filter { _._2.isDefined }
               .flatMap { case (tableName, _) =>
-                val flinkTable = tableEnv.from(s"`$catalogName`.`$schemaName`.`$tableName`")
+                val flinkTable = catalogManager.getTable(
+                  ObjectIdentifier.of(catalogName, schemaName, tableName)).get()
                 val resolvedSchema = flinkTable.getResolvedSchema
                 resolvedSchema.getColumns.asScala.toArray.zipWithIndex
                   .filter { case (column, _) =>
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala
index 3e42e9aa6..5f82de4a6 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentCatalog.scala
@@ -31,8 +31,7 @@ class GetCurrentCatalog(session: Session) extends FlinkOperation(session) {
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-      val catalog = tableEnv.getCurrentCatalog
+      val catalog = executor.getCurrentCatalog
       resultSet = ResultSetUtil.stringListToResultSet(List(catalog), TABLE_CAT)
     } catch onError()
   }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala
index 014ca2ea3..107609c06 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetCurrentDatabase.scala
@@ -31,8 +31,7 @@ class GetCurrentDatabase(session: Session) extends FlinkOperation(session) {
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-      val database = tableEnv.getCurrentDatabase
+      val database = sessionContext.getSessionState.catalogManager.getCurrentDatabase
       resultSet = ResultSetUtil.stringListToResultSet(List(database), TABLE_SCHEM)
     } catch onError()
   }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetFunctions.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetFunctions.scala
index ab870ab79..85f34a29a 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetFunctions.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetFunctions.scala
@@ -20,9 +20,10 @@ package org.apache.kyuubi.engine.flink.operation
 import java.sql.DatabaseMetaData
 
 import scala.collection.JavaConverters._
+import scala.collection.convert.ImplicitConversions._
 
 import org.apache.commons.lang3.StringUtils
-import org.apache.flink.table.api.{DataTypes, ResultKind, TableEnvironment}
+import org.apache.flink.table.api.{DataTypes, ResultKind}
 import org.apache.flink.table.catalog.Column
 import org.apache.flink.types.Row
 
@@ -42,17 +43,20 @@ class GetFunctions(
     try {
       val schemaPattern = toJavaRegex(schemaName)
       val functionPattern = toJavaRegex(functionName)
-      val tableEnv: TableEnvironment = sessionContext.getExecutionContext.getTableEnvironment
+      val functionCatalog = sessionContext.getSessionState.functionCatalog
+      val catalogManager = sessionContext.getSessionState.catalogManager
+
       val systemFunctions = filterPattern(
-        tableEnv.listFunctions().diff(tableEnv.listUserDefinedFunctions()),
+        functionCatalog.getFunctions
+          .diff(functionCatalog.getUserDefinedFunctions),
         functionPattern)
         .map { f =>
           Row.of(null, null, f, null, Integer.valueOf(DatabaseMetaData.functionResultUnknown), null)
-        }
-      val catalogFunctions = tableEnv.listCatalogs()
+        }.toArray
+      val catalogFunctions = catalogManager.listCatalogs()
         .filter { c => StringUtils.isEmpty(catalogName) || c == catalogName }
         .flatMap { c =>
-          val catalog = tableEnv.getCatalog(c).get()
+          val catalog = catalogManager.getCatalog(c).get()
           filterPattern(catalog.listDatabases().asScala, schemaPattern)
             .flatMap { d =>
               filterPattern(catalog.listFunctions(d).asScala, functionPattern)
@@ -66,7 +70,7 @@ class GetFunctions(
                     null)
                 }
             }
-        }
+        }.toArray
       resultSet = ResultSet.builder.resultKind(ResultKind.SUCCESS_WITH_CONTENT)
         .columns(
           Column.physical(FUNCTION_CAT, DataTypes.STRING()),
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetPrimaryKeys.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetPrimaryKeys.scala
index b534feb1f..5b9060cf1 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetPrimaryKeys.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetPrimaryKeys.scala
@@ -21,8 +21,9 @@ import scala.collection.JavaConverters._
 
 import org.apache.commons.lang3.StringUtils
 import org.apache.flink.table.api.{DataTypes, ResultKind}
-import org.apache.flink.table.catalog.Column
+import org.apache.flink.table.catalog.{Column, ObjectIdentifier}
 import org.apache.flink.types.Row
+import org.apache.flink.util.FlinkException
 
 import org.apache.kyuubi.engine.flink.result.ResultSet
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
@@ -37,22 +38,25 @@ class GetPrimaryKeys(
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
+      val catalogManager = sessionContext.getSessionState.catalogManager
 
       val catalogName =
-        if (StringUtils.isEmpty(catalogNameOrEmpty)) tableEnv.getCurrentCatalog
+        if (StringUtils.isEmpty(catalogNameOrEmpty)) catalogManager.getCurrentCatalog
         else catalogNameOrEmpty
 
       val schemaName =
         if (StringUtils.isEmpty(schemaNameOrEmpty)) {
-          if (catalogName != tableEnv.getCurrentCatalog) {
-            tableEnv.getCatalog(catalogName).get().getDefaultDatabase
+          if (catalogName != executor.getCurrentCatalog) {
+            catalogManager.getCatalog(catalogName).get().getDefaultDatabase
           } else {
-            tableEnv.getCurrentDatabase
+            catalogManager.getCurrentDatabase
           }
         } else schemaNameOrEmpty
 
-      val flinkTable = tableEnv.from(s"`$catalogName`.`$schemaName`.`$tableName`")
+      val flinkTable = catalogManager
+        .getTable(ObjectIdentifier.of(catalogName, schemaName, tableName))
+        .orElseThrow(() =>
+          new FlinkException(s"Table `$catalogName`.`$schemaName`.`$tableName`` not found."))
 
       val resolvedSchema = flinkTable.getResolvedSchema
       val primaryKeySchema = resolvedSchema.getPrimaryKey
@@ -102,5 +106,4 @@ class GetPrimaryKeys(
     )
     // format: on
   }
-
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetSchemas.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetSchemas.scala
index 6715b2320..f56ddd8b1 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetSchemas.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetSchemas.scala
@@ -18,9 +18,10 @@
 package org.apache.kyuubi.engine.flink.operation
 
 import scala.collection.JavaConverters._
+import scala.collection.convert.ImplicitConversions._
 
 import org.apache.commons.lang3.StringUtils
-import org.apache.flink.table.api.{DataTypes, ResultKind, TableEnvironment}
+import org.apache.flink.table.api.{DataTypes, ResultKind}
 import org.apache.flink.table.catalog.Column
 import org.apache.flink.types.Row
 
@@ -35,14 +36,14 @@ class GetSchemas(session: Session, catalogName: String, schema: String)
   override protected def runInternal(): Unit = {
     try {
       val schemaPattern = toJavaRegex(schema)
-      val tableEnv: TableEnvironment = sessionContext.getExecutionContext.getTableEnvironment
-      val schemas = tableEnv.listCatalogs()
+      val catalogManager = sessionContext.getSessionState.catalogManager
+      val schemas = catalogManager.listCatalogs()
         .filter { c => StringUtils.isEmpty(catalogName) || c == catalogName }
         .flatMap { c =>
-          val catalog = tableEnv.getCatalog(c).get()
+          val catalog = catalogManager.getCatalog(c).get()
           filterPattern(catalog.listDatabases().asScala, schemaPattern)
             .map { d => Row.of(d, c) }
-        }
+        }.toArray
       resultSet = ResultSet.builder.resultKind(ResultKind.SUCCESS_WITH_CONTENT)
         .columns(
           Column.physical(TABLE_SCHEM, DataTypes.STRING()),
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetTables.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetTables.scala
index a4e55715a..325a50167 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetTables.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/GetTables.scala
@@ -37,16 +37,16 @@ class GetTables(
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
+      val catalogManager = sessionContext.getSessionState.catalogManager
 
       val catalogName =
-        if (StringUtils.isEmpty(catalogNameOrEmpty)) tableEnv.getCurrentCatalog
+        if (StringUtils.isEmpty(catalogNameOrEmpty)) catalogManager.getCurrentCatalog
         else catalogNameOrEmpty
 
       val schemaNameRegex = toJavaRegex(schemaNamePattern)
       val tableNameRegex = toJavaRegex(tableNamePattern)
 
-      val tables = tableEnv.getCatalog(catalogName).asScala.toArray.flatMap { flinkCatalog =>
+      val tables = catalogManager.getCatalog(catalogName).asScala.toArray.flatMap { flinkCatalog =>
         SchemaHelper.getSchemasWithPattern(flinkCatalog, schemaNameRegex)
           .flatMap { schemaName =>
             SchemaHelper.getFlinkTablesWithPattern(
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/OperationUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/OperationUtils.scala
deleted file mode 100644
index 7d624948c..000000000
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/OperationUtils.scala
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.flink.operation
-
-import java.util
-
-import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
-
-import org.apache.flink.table.api.{DataTypes, ResultKind}
-import org.apache.flink.table.catalog.Column
-import org.apache.flink.table.client.gateway.Executor
-import org.apache.flink.table.operations.command._
-import org.apache.flink.types.Row
-
-import org.apache.kyuubi.engine.flink.result.{ResultSet, ResultSetUtil}
-import org.apache.kyuubi.engine.flink.result.ResultSetUtil.successResultSet
-import org.apache.kyuubi.reflection.DynMethods
-
-object OperationUtils {
-
-  /**
-   * Runs a SetOperation with executor. Returns when SetOperation is executed successfully.
-   *
-   * @param setOperation Set operation.
-   * @param executor A gateway for communicating with Flink and other external systems.
-   * @param sessionId Id of the session.
-   * @return A ResultSet of SetOperation execution.
-   */
-  def runSetOperation(
-      setOperation: SetOperation,
-      executor: Executor,
-      sessionId: String): ResultSet = {
-    if (setOperation.getKey.isPresent) {
-      val key: String = setOperation.getKey.get.trim
-
-      if (setOperation.getValue.isPresent) {
-        val newValue: String = setOperation.getValue.get.trim
-        executor.setSessionProperty(sessionId, key, newValue)
-      }
-
-      val value = executor.getSessionConfigMap(sessionId).getOrDefault(key, "")
-      ResultSet.builder
-        .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
-        .columns(
-          Column.physical("key", DataTypes.STRING()),
-          Column.physical("value", DataTypes.STRING()))
-        .data(Array(Row.of(key, value)))
-        .build
-    } else {
-      // show all properties if set without key
-      val properties: util.Map[String, String] = executor.getSessionConfigMap(sessionId)
-
-      val entries = ArrayBuffer.empty[Row]
-      properties.forEach((key, value) => entries.append(Row.of(key, value)))
-
-      if (entries.nonEmpty) {
-        val prettyEntries = entries.sortBy(_.getField(0).asInstanceOf[String])
-        ResultSet.builder
-          .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
-          .columns(
-            Column.physical("key", DataTypes.STRING()),
-            Column.physical("value", DataTypes.STRING()))
-          .data(prettyEntries.toArray)
-          .build
-      } else {
-        ResultSet.builder
-          .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
-          .columns(
-            Column.physical("key", DataTypes.STRING()),
-            Column.physical("value", DataTypes.STRING()))
-          .data(Array[Row]())
-          .build
-      }
-    }
-  }
-
-  /**
-   * Runs a ResetOperation with executor. Returns when ResetOperation is executed successfully.
-   *
-   * @param resetOperation Reset operation.
-   * @param executor A gateway for communicating with Flink and other external systems.
-   * @param sessionId Id of the session.
-   * @return A ResultSet of ResetOperation execution.
-   */
-  def runResetOperation(
-      resetOperation: ResetOperation,
-      executor: Executor,
-      sessionId: String): ResultSet = {
-    if (resetOperation.getKey.isPresent) {
-      // reset the given property
-      executor.resetSessionProperty(sessionId, resetOperation.getKey.get())
-    } else {
-      // reset all properties
-      executor.resetSessionProperties(sessionId)
-    }
-    successResultSet
-  }
-
-  /**
-   * Runs a AddJarOperation with the executor. Currently only jars on local filesystem
-   * are supported.
-   *
-   * @param addJarOperation Add-jar operation.
-   * @param executor A gateway for communicating with Flink and other external systems.
-   * @param sessionId Id of the session.
-   * @return A ResultSet of AddJarOperation execution.
-   */
-  def runAddJarOperation(
-      addJarOperation: AddJarOperation,
-      executor: Executor,
-      sessionId: String): ResultSet = {
-    // Removed by FLINK-27790
-    val addJar = DynMethods.builder("addJar")
-      .impl(executor.getClass, classOf[String], classOf[String])
-      .build(executor)
-    addJar.invoke[Void](sessionId, addJarOperation.getPath)
-    successResultSet
-  }
-
-  /**
-   * Runs a RemoveJarOperation with the executor. Only jars added by AddJarOperation could
-   * be removed.
-   *
-   * @param removeJarOperation Remove-jar operation.
-   * @param executor A gateway for communicating with Flink and other external systems.
-   * @param sessionId Id of the session.
-   * @return A ResultSet of RemoveJarOperation execution.
-   */
-  def runRemoveJarOperation(
-      removeJarOperation: RemoveJarOperation,
-      executor: Executor,
-      sessionId: String): ResultSet = {
-    executor.removeJar(sessionId, removeJarOperation.getPath)
-    successResultSet
-  }
-
-  /**
-   * Runs a ShowJarsOperation with the executor. Returns the jars of the current session.
-   *
-   * @param showJarsOperation Show-jar operation.
-   * @param executor A gateway for communicating with Flink and other external systems.
-   * @param sessionId Id of the session.
-   * @return A ResultSet of ShowJarsOperation execution.
-   */
-  def runShowJarOperation(
-      showJarsOperation: ShowJarsOperation,
-      executor: Executor,
-      sessionId: String): ResultSet = {
-    // Removed by FLINK-27790
-    val listJars = DynMethods.builder("listJars")
-      .impl(executor.getClass, classOf[String])
-      .build(executor)
-    val jars = listJars.invoke[util.List[String]](sessionId)
-    ResultSetUtil.stringListToResultSet(jars.asScala.toList, "jar")
-  }
-}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala
index afe04a307..4f5d8218f 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala
@@ -17,10 +17,11 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import com.google.common.base.Preconditions
 import org.apache.flink.table.api.TableEnvironment
+import org.apache.flink.table.gateway.api.operation.OperationHandle
 import org.apache.flink.table.operations.command._
 
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils.isFlinkVersionAtMost
 import org.apache.kyuubi.engine.flink.result.ResultSetUtil
 import org.apache.kyuubi.operation.{ExecutionMode, ParseMode, PhysicalMode, PlanOnlyMode, UnknownMode}
 import org.apache.kyuubi.operation.PlanOnlyMode.{notSupportedModeError, unknownModeError}
@@ -46,18 +47,19 @@ class PlanOnlyStatement(
 
   override protected def runInternal(): Unit = {
     try {
-      val operation = executor.parseStatement(sessionId, statement)
+      val operations = executor.getTableEnvironment.getParser.parse(statement)
+      Preconditions.checkArgument(
+        operations.size() == 1,
+        "Plan-only mode supports single statement only",
+        null)
+      val operation = operations.get(0)
       operation match {
-        case setOperation: SetOperation =>
-          resultSet = OperationUtils.runSetOperation(setOperation, executor, sessionId)
-        case resetOperation: ResetOperation =>
-          resultSet = OperationUtils.runResetOperation(resetOperation, executor, sessionId)
-        case addJarOperation: AddJarOperation if isFlinkVersionAtMost("1.15") =>
-          resultSet = OperationUtils.runAddJarOperation(addJarOperation, executor, sessionId)
-        case removeJarOperation: RemoveJarOperation =>
-          resultSet = OperationUtils.runRemoveJarOperation(removeJarOperation, executor, sessionId)
-        case showJarsOperation: ShowJarsOperation if isFlinkVersionAtMost("1.15") =>
-          resultSet = OperationUtils.runShowJarOperation(showJarsOperation, executor, sessionId)
+        case _: SetOperation | _: ResetOperation | _: AddJarOperation | _: RemoveJarOperation |
+            _: ShowJarsOperation =>
+          val resultFetcher = executor.executeStatement(
+            new OperationHandle(getHandle.identifier),
+            statement)
+          resultSet = ResultSetUtil.fromResultFetcher(resultFetcher);
         case _ => explainOperation(statement)
       }
     } catch {
@@ -66,7 +68,7 @@ class PlanOnlyStatement(
   }
 
   private def explainOperation(statement: String): Unit = {
-    val tableEnv: TableEnvironment = sessionContext.getExecutionContext.getTableEnvironment
+    val tableEnv: TableEnvironment = executor.getTableEnvironment
     val explainPlans =
       tableEnv.explainSql(statement).split(s"$lineSeparator$lineSeparator")
     val operationPlan = mode match {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala
index 60214b2cd..f279ccda6 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentCatalog.scala
@@ -30,8 +30,8 @@ class SetCurrentCatalog(session: Session, catalog: String)
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-      tableEnv.useCatalog(catalog)
+      val catalogManager = sessionContext.getSessionState.catalogManager
+      catalogManager.setCurrentCatalog(catalog)
       setHasResultSet(false)
     } catch onError()
   }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala
index 7610ab2f1..70535e834 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/SetCurrentDatabase.scala
@@ -30,8 +30,8 @@ class SetCurrentDatabase(session: Session, database: String)
 
   override protected def runInternal(): Unit = {
     try {
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
-      tableEnv.useDatabase(database)
+      val catalogManager = sessionContext.getSessionState.catalogManager
+      catalogManager.setCurrentDatabase(database)
       setHasResultSet(false)
     } catch onError()
   }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
index 09c401988..b90be09ff 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
@@ -23,7 +23,7 @@ import scala.collection.JavaConverters._
 
 import com.google.common.collect.Iterators
 import org.apache.flink.api.common.JobID
-import org.apache.flink.table.api.{DataTypes, ResultKind, TableResult}
+import org.apache.flink.table.api.{DataTypes, ResultKind}
 import org.apache.flink.table.catalog.Column
 import org.apache.flink.types.Row
 
@@ -58,17 +58,6 @@ case class ResultSet(
  */
 object ResultSet {
 
-  def fromTableResult(tableResult: TableResult): ResultSet = {
-    val schema = tableResult.getResolvedSchema
-    // collect all rows from table result as list
-    // this is ok as TableResult contains limited rows
-    val rows = tableResult.collect.asScala.toArray
-    builder.resultKind(tableResult.getResultKind)
-      .columns(schema.getColumns)
-      .data(rows)
-      .build
-  }
-
   def fromJobId(jobID: JobID): ResultSet = {
     val data: Array[Row] = if (jobID != null) {
       Array(Row.of(jobID.toString))
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
index ded271cf1..d6bc2bada 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
@@ -17,14 +17,25 @@
 
 package org.apache.kyuubi.engine.flink.result;
 
+import scala.collection.convert.ImplicitConversions._
+import scala.collection.mutable.ListBuffer
+
 import org.apache.flink.table.api.DataTypes
 import org.apache.flink.table.api.ResultKind
 import org.apache.flink.table.catalog.Column
+import org.apache.flink.table.data.RowData
+import org.apache.flink.table.data.conversion.DataStructureConverters
+import org.apache.flink.table.gateway.service.result.ResultFetcher
+import org.apache.flink.table.types.DataType
 import org.apache.flink.types.Row
 
+import org.apache.kyuubi.engine.flink.shim.FlinkResultSet
+
 /** Utility object for building ResultSet. */
 object ResultSetUtil {
 
+  private val FETCH_ROWS_PER_SECOND = 1000
+
   /**
    * Build a ResultSet with a column name and a list of String values.
    *
@@ -54,4 +65,64 @@ object ResultSetUtil {
       .columns(Column.physical("result", DataTypes.STRING))
       .data(Array[Row](Row.of("OK")))
       .build
+
+  def fromResultFetcher(resultFetcher: ResultFetcher, maxRows: Int): ResultSet = {
+    val schema = resultFetcher.getResultSchema
+    val resultRowData = ListBuffer.newBuilder[RowData]
+    var fetched: FlinkResultSet = null
+    var token: Long = 0
+    var rowNum: Int = 0
+    do {
+      fetched = new FlinkResultSet(resultFetcher.fetchResults(token, FETCH_ROWS_PER_SECOND))
+      val data = fetched.getData
+      val slice = data.slice(0, maxRows - rowNum)
+      resultRowData ++= slice
+      rowNum += slice.size
+      token = fetched.getNextToken
+      try Thread.sleep(1000L)
+      catch {
+        case _: InterruptedException => fetched.getNextToken == null
+      }
+    } while (
+      fetched.getNextToken != null &&
+        rowNum < maxRows &&
+        fetched.getResultType != org.apache.flink.table.gateway.api.results.ResultSet.ResultType.EOS
+    )
+    val dataTypes = resultFetcher.getResultSchema.getColumnDataTypes
+    ResultSet.builder
+      .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
+      .columns(schema.getColumns)
+      .data(resultRowData.result().map(rd => convertToRow(rd, dataTypes.toList)).toArray)
+      .build
+  }
+
+  def fromResultFetcher(resultFetcher: ResultFetcher): ResultSet = {
+    val schema = resultFetcher.getResultSchema
+    val resultRowData = ListBuffer.newBuilder[RowData]
+    var fetched: FlinkResultSet = null
+    var token: Long = 0
+    do {
+      fetched = new FlinkResultSet(resultFetcher.fetchResults(token, FETCH_ROWS_PER_SECOND))
+      resultRowData ++= fetched.getData
+      token = fetched.getNextToken
+      try Thread.sleep(1000L)
+      catch {
+        case _: InterruptedException =>
+      }
+    } while (
+      fetched.getNextToken != null &&
+        fetched.getResultType != org.apache.flink.table.gateway.api.results.ResultSet.ResultType.EOS
+    )
+    val dataTypes = resultFetcher.getResultSchema.getColumnDataTypes
+    ResultSet.builder
+      .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
+      .columns(schema.getColumns)
+      .data(resultRowData.result().map(rd => convertToRow(rd, dataTypes.toList)).toArray)
+      .build
+  }
+
+  private[this] def convertToRow(r: RowData, dataTypes: List[DataType]): Row = {
+    val converter = DataStructureConverters.getConverter(DataTypes.ROW(dataTypes: _*))
+    converter.toExternal(r).asInstanceOf[Row]
+  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
index 07971e39f..71caaa67a 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
@@ -17,12 +17,17 @@
 
 package org.apache.kyuubi.engine.flink.session
 
-import org.apache.flink.table.client.gateway.context.DefaultContext
-import org.apache.flink.table.client.gateway.local.LocalExecutor
+import scala.collection.JavaConverters._
+import scala.collection.JavaConverters.mapAsJavaMap
+
+import org.apache.flink.table.gateway.api.session.SessionEnvironment
+import org.apache.flink.table.gateway.rest.util.SqlGatewayRestAPIVersion
+import org.apache.flink.table.gateway.service.context.DefaultContext
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.flink.operation.FlinkSQLOperationManager
+import org.apache.kyuubi.engine.flink.shim.FlinkSessionManager
 import org.apache.kyuubi.session.{Session, SessionHandle, SessionManager}
 
 class FlinkSQLSessionManager(engineContext: DefaultContext)
@@ -31,11 +36,11 @@ class FlinkSQLSessionManager(engineContext: DefaultContext)
   override protected def isServer: Boolean = false
 
   val operationManager = new FlinkSQLOperationManager()
-  val executor = new LocalExecutor(engineContext)
+  val sessionManager = new FlinkSessionManager(engineContext)
 
   override def start(): Unit = {
     super.start()
-    executor.start()
+    sessionManager.start()
   }
 
   override protected def createSession(
@@ -46,19 +51,33 @@ class FlinkSQLSessionManager(engineContext: DefaultContext)
       conf: Map[String, String]): Session = {
     conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).flatMap(
       getSessionOption).getOrElse {
-      new FlinkSessionImpl(
+      val flinkInternalSession = sessionManager.openSession(
+        SessionEnvironment.newBuilder
+          .setSessionEndpointVersion(SqlGatewayRestAPIVersion.V1)
+          .addSessionConfig(mapAsJavaMap(conf))
+          .build)
+      val sessionConfig = flinkInternalSession.getSessionConfig
+      sessionConfig.putAll(conf.asJava)
+      val session = new FlinkSessionImpl(
         protocol,
         user,
         password,
         ipAddress,
         conf,
         this,
-        executor)
+        flinkInternalSession)
+      session
     }
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {
     super.closeSession(sessionHandle)
-    executor.closeSession(sessionHandle.toString)
+    sessionManager.closeSession(
+      new org.apache.flink.table.gateway.api.session.SessionHandle(sessionHandle.identifier))
+  }
+
+  override def stop(): Unit = synchronized {
+    sessionManager.stop()
+    super.stop()
   }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
index a4b6a8a90..09f5ac943 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
@@ -19,10 +19,12 @@ package org.apache.kyuubi.engine.flink.session
 
 import scala.util.control.NonFatal
 
+import org.apache.flink.configuration.Configuration
 import org.apache.flink.runtime.util.EnvironmentInformation
 import org.apache.flink.table.client.gateway.SqlExecutionException
-import org.apache.flink.table.client.gateway.context.SessionContext
-import org.apache.flink.table.client.gateway.local.LocalExecutor
+import org.apache.flink.table.gateway.api.operation.OperationHandle
+import org.apache.flink.table.gateway.service.context.SessionContext
+import org.apache.flink.table.gateway.service.session.{Session => FSession}
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 
 import org.apache.kyuubi.KyuubiSQLException
@@ -37,14 +39,15 @@ class FlinkSessionImpl(
     ipAddress: String,
     conf: Map[String, String],
     sessionManager: SessionManager,
-    val executor: LocalExecutor)
+    val fSession: FSession)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
   override val handle: SessionHandle =
-    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
+    conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID)
+      .getOrElse(SessionHandle.fromUUID(fSession.getSessionHandle.getIdentifier.toString))
 
   lazy val sessionContext: SessionContext = {
-    FlinkEngineUtils.getSessionContext(executor, handle.identifier.toString)
+    FlinkEngineUtils.getSessionContext(fSession)
   }
 
   private def setModifiableConfig(key: String, value: String): Unit = {
@@ -56,16 +59,15 @@ class FlinkSessionImpl(
   }
 
   override def open(): Unit = {
-    executor.openSession(handle.identifier.toString)
+    val executor = fSession.createExecutor(Configuration.fromMap(fSession.getSessionConfig))
 
     val (useCatalogAndDatabaseConf, otherConf) = normalizedConf.partition { case (k, _) =>
       Array("use:catalog", "use:database").contains(k)
     }
 
     useCatalogAndDatabaseConf.get("use:catalog").foreach { catalog =>
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
       try {
-        tableEnv.useCatalog(catalog)
+        executor.executeStatement(OperationHandle.create, s"USE CATALOG $catalog")
       } catch {
         case NonFatal(e) =>
           throw e
@@ -73,9 +75,8 @@ class FlinkSessionImpl(
     }
 
     useCatalogAndDatabaseConf.get("use:database").foreach { database =>
-      val tableEnv = sessionContext.getExecutionContext.getTableEnvironment
       try {
-        tableEnv.useDatabase(database)
+        executor.executeStatement(OperationHandle.create, s"USE $database")
       } catch {
         case NonFatal(e) =>
           if (database != "default") {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
new file mode 100644
index 000000000..e3dd0f081
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.shim
+
+import java.lang.{Long => JLong}
+import java.util
+
+import org.apache.flink.table.data.RowData
+import org.apache.flink.table.gateway.api.results.ResultSet.ResultType
+
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.reflection.DynMethods
+
+class FlinkResultSet(resultSet: AnyRef) {
+
+  def getData: util.List[RowData] = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("getData")
+        .impl("org.apache.flink.table.gateway.api.results.ResultSet")
+        .build()
+        .invoke(resultSet)
+        .asInstanceOf[util.List[RowData]]
+    } else {
+      DynMethods.builder("getData")
+        .impl("org.apache.flink.table.gateway.api.results.ResultSetImpl")
+        .build()
+        .invoke(resultSet)
+        .asInstanceOf[util.List[RowData]]
+    }
+  }
+
+  def getNextToken: JLong = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("getNextToken")
+        .impl("org.apache.flink.table.gateway.api.results.ResultSet")
+        .build()
+        .invoke(resultSet)
+        .asInstanceOf[JLong]
+    } else {
+      DynMethods.builder("getNextToken")
+        .impl("org.apache.flink.table.gateway.api.results.ResultSetImpl")
+        .build()
+        .invoke(resultSet)
+        .asInstanceOf[JLong]
+    }
+  }
+
+  def getResultType: ResultType = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("getResultType")
+        .impl("org.apache.flink.table.gateway.api.results.ResultSet")
+        .build()
+        .invoke(resultSet)
+        .asInstanceOf[ResultType]
+    } else {
+      DynMethods.builder("getResultType")
+        .impl("org.apache.flink.table.gateway.api.results.ResultSetImpl")
+        .build()
+        .invoke(resultSet)
+        .asInstanceOf[ResultType]
+    }
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
new file mode 100644
index 000000000..e34819dd6
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.shim
+
+import org.apache.flink.table.gateway.api.session.{SessionEnvironment, SessionHandle}
+import org.apache.flink.table.gateway.service.context.DefaultContext
+import org.apache.flink.table.gateway.service.session.Session
+
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.reflection.{DynConstructors, DynMethods}
+
+class FlinkSessionManager(engineContext: DefaultContext) {
+
+  val sessionManager: AnyRef = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynConstructors.builder().impl(
+        "org.apache.flink.table.gateway.service.session.SessionManager",
+        classOf[DefaultContext])
+        .build()
+        .newInstance(engineContext)
+    } else {
+      DynConstructors.builder().impl(
+        "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
+        classOf[DefaultContext])
+        .build()
+        .newInstance(engineContext)
+    }
+  }
+
+  def start(): Unit = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("start")
+        .impl("org.apache.flink.table.gateway.service.session.SessionManager")
+        .build()
+        .invoke(sessionManager)
+    } else {
+      DynMethods.builder("start")
+        .impl("org.apache.flink.table.gateway.service.session.SessionManagerImpl")
+        .build()
+        .invoke(sessionManager)
+    }
+  }
+
+  def stop(): Unit = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("stop")
+        .impl("org.apache.flink.table.gateway.service.session.SessionManager")
+        .build()
+        .invoke(sessionManager)
+    } else {
+      DynMethods.builder("stop")
+        .impl("org.apache.flink.table.gateway.service.session.SessionManagerImpl")
+        .build()
+        .invoke(sessionManager)
+    }
+  }
+
+  def getSession(sessionHandle: SessionHandle): Session = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("getSession")
+        .impl(
+          "org.apache.flink.table.gateway.service.session.SessionManager",
+          classOf[SessionHandle])
+        .build()
+        .invoke(sessionManager, sessionHandle)
+        .asInstanceOf[Session]
+    } else {
+      DynMethods.builder("getSession")
+        .impl(
+          "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
+          classOf[SessionHandle])
+        .build()
+        .invoke(sessionManager, sessionHandle)
+        .asInstanceOf[Session]
+    }
+  }
+
+  def openSession(environment: SessionEnvironment): Session = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("openSession")
+        .impl(
+          "org.apache.flink.table.gateway.service.session.SessionManager",
+          classOf[SessionEnvironment])
+        .build()
+        .invoke(sessionManager, environment)
+        .asInstanceOf[Session]
+    } else {
+      DynMethods.builder("openSession")
+        .impl(
+          "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
+          classOf[SessionEnvironment])
+        .build()
+        .invoke(sessionManager, environment)
+        .asInstanceOf[Session]
+    }
+  }
+
+  def closeSession(sessionHandle: SessionHandle): Unit = {
+    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      DynMethods.builder("closeSession")
+        .impl(
+          "org.apache.flink.table.gateway.service.session.SessionManager",
+          classOf[SessionHandle])
+        .build()
+        .invoke(sessionManager, sessionHandle)
+    } else {
+      DynMethods.builder("closeSession")
+        .impl(
+          "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
+          classOf[SessionHandle])
+        .build()
+        .invoke(sessionManager, sessionHandle)
+    }
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala
index aebcce6c5..c352429ea 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithDiscoveryFlinkSQLEngine.scala
@@ -17,30 +17,14 @@
 
 package org.apache.kyuubi.engine.flink
 
-import java.util.UUID
-
-import org.apache.kyuubi.config.KyuubiConf.{ENGINE_SHARE_LEVEL, ENGINE_TYPE}
-import org.apache.kyuubi.engine.ShareLevel
-import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
+import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.client.{DiscoveryClient, DiscoveryClientProvider}
 
-trait WithDiscoveryFlinkSQLEngine extends WithFlinkSQLEngineOnYarn {
-
-  override protected def engineRefId: String = UUID.randomUUID().toString
-
-  def namespace: String = "/kyuubi/flink-yarn-application-test"
+trait WithDiscoveryFlinkSQLEngine {
 
-  def shareLevel: String = ShareLevel.USER.toString
+  protected def namespace: String
 
-  def engineType: String = "flink"
-
-  override def withKyuubiConf: Map[String, String] = {
-    Map(
-      HA_NAMESPACE.key -> namespace,
-      HA_ENGINE_REF_ID.key -> engineRefId,
-      ENGINE_TYPE.key -> "FLINK_SQL",
-      ENGINE_SHARE_LEVEL.key -> shareLevel)
-  }
+  protected def conf: KyuubiConf
 
   def withDiscoveryClient(f: DiscoveryClient => Unit): Unit = {
     DiscoveryClientProvider.withDiscoveryClient(conf)(f)
@@ -49,7 +33,7 @@ trait WithDiscoveryFlinkSQLEngine extends WithFlinkSQLEngineOnYarn {
   def getFlinkEngineServiceUrl: String = {
     var hostPort: Option[(String, Int)] = None
     var retries = 0
-    while (hostPort.isEmpty && retries < 5) {
+    while (hostPort.isEmpty && retries < 10) {
       withDiscoveryClient(client => hostPort = client.getServerHost(namespace))
       retries += 1
       Thread.sleep(1000L)
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
index c8435f9c5..0001f31ae 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
@@ -17,58 +17,167 @@
 
 package org.apache.kyuubi.engine.flink
 
+import java.io.{File, FilenameFilter}
+import java.lang.ProcessBuilder.Redirect
+import java.net.URI
+import java.nio.file.{Files, Paths}
+
 import scala.collection.JavaConverters._
+import scala.collection.mutable.ArrayBuffer
 
-import org.apache.flink.client.cli.{CustomCommandLine, DefaultCLI}
 import org.apache.flink.configuration.{Configuration, RestOptions}
 import org.apache.flink.runtime.minicluster.{MiniCluster, MiniClusterConfiguration}
-import org.apache.flink.table.client.gateway.context.DefaultContext
 
-import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiException, KyuubiFunSuite, SCALA_COMPILE_VERSION, Utils}
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ADDRESSES
+import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
+import org.apache.kyuubi.zookeeper.ZookeeperConf.{ZK_CLIENT_PORT, ZK_CLIENT_PORT_ADDRESS}
 
 trait WithFlinkSQLEngineLocal extends KyuubiFunSuite with WithFlinkTestResources {
 
   protected val flinkConfig = new Configuration()
+
   protected var miniCluster: MiniCluster = _
-  protected var engine: FlinkSQLEngine = _
-  // conf will be loaded until start flink engine
+
+  protected var engineProcess: Process = _
+
+  private var zkServer: EmbeddedZookeeper = _
+
+  protected val conf: KyuubiConf = FlinkSQLEngine.kyuubiConf
+
+  protected def engineRefId: String
+
   def withKyuubiConf: Map[String, String]
-  protected val kyuubiConf: KyuubiConf = FlinkSQLEngine.kyuubiConf
 
   protected var connectionUrl: String = _
 
   override def beforeAll(): Unit = {
+    withKyuubiConf.foreach { case (k, v) =>
+      if (k.startsWith("flink.")) {
+        flinkConfig.setString(k.stripPrefix("flink."), v)
+      }
+    }
+    withKyuubiConf.foreach { case (k, v) =>
+      System.setProperty(k, v)
+      conf.set(k, v)
+    }
+
+    zkServer = new EmbeddedZookeeper()
+    conf.set(ZK_CLIENT_PORT, 0).set(ZK_CLIENT_PORT_ADDRESS, "localhost")
+    zkServer.initialize(conf)
+    zkServer.start()
+    conf.set(HA_ADDRESSES, zkServer.getConnectString)
+
+    val envs = scala.collection.mutable.Map[String, String]()
+    val kyuubiExternals = Utils.getCodeSourceLocation(getClass)
+      .split("externals").head
+    val flinkHome = {
+      val candidates = Paths.get(kyuubiExternals, "externals", "kyuubi-download", "target")
+        .toFile.listFiles(f => f.getName.contains("flink"))
+      if (candidates == null) None else candidates.map(_.toPath).headOption
+    }
+    if (flinkHome.isDefined) {
+      envs("FLINK_HOME") = flinkHome.get.toString
+      envs("FLINK_CONF_DIR") = Paths.get(flinkHome.get.toString, "conf").toString
+    }
+    envs("JAVA_HOME") = System.getProperty("java.home")
+    envs("JAVA_EXEC") = Paths.get(envs("JAVA_HOME"), "bin", "java").toString
+
     startMiniCluster()
-    startFlinkEngine()
+    startFlinkEngine(envs.toMap)
     super.beforeAll()
   }
 
   override def afterAll(): Unit = {
     super.afterAll()
-    stopFlinkEngine()
-    miniCluster.close()
+    if (engineProcess != null) {
+      engineProcess.destroy()
+      engineProcess = null
+    }
+    if (miniCluster != null) {
+      miniCluster.close()
+      miniCluster = null
+    }
+    if (zkServer != null) {
+      zkServer.stop()
+      zkServer = null
+    }
   }
 
-  def startFlinkEngine(): Unit = {
-    withKyuubiConf.foreach { case (k, v) =>
-      System.setProperty(k, v)
-      kyuubiConf.set(k, v)
+  def startFlinkEngine(envs: Map[String, String]): Unit = {
+    val flinkHome = envs("FLINK_HOME")
+    val processBuilder: ProcessBuilder = new ProcessBuilder
+    processBuilder.environment().putAll(envs.asJava)
+
+    conf.set(ENGINE_FLINK_EXTRA_CLASSPATH, udfJar.getAbsolutePath)
+    val command = new ArrayBuffer[String]()
+
+    command += envs("JAVA_EXEC")
+
+    val memory = conf.get(ENGINE_FLINK_MEMORY)
+    command += s"-Xmx$memory"
+    val javaOptions = conf.get(ENGINE_FLINK_JAVA_OPTIONS)
+    if (javaOptions.isDefined) {
+      command += javaOptions.get
     }
-    val engineContext = new DefaultContext(
-      List(udfJar.toURI.toURL).asJava,
-      flinkConfig,
-      List[CustomCommandLine](new DefaultCLI).asJava)
-    FlinkSQLEngine.startEngine(engineContext)
-    engine = FlinkSQLEngine.currentEngine.get
-    connectionUrl = engine.frontendServices.head.connectionUrl
-  }
 
-  def stopFlinkEngine(): Unit = {
-    if (engine != null) {
-      engine.stop()
-      engine = null
+    command += "-cp"
+    val classpathEntries = new java.util.LinkedHashSet[String]
+    // flink engine runtime jar
+    mainResource(envs).foreach(classpathEntries.add)
+    // flink sql jars
+    Paths.get(flinkHome)
+      .resolve("opt")
+      .toFile
+      .listFiles(new FilenameFilter {
+        override def accept(dir: File, name: String): Boolean = {
+          name.toLowerCase.startsWith("flink-sql-client") ||
+          name.toLowerCase.startsWith("flink-sql-gateway")
+        }
+      }).foreach(jar => classpathEntries.add(jar.getAbsolutePath))
+
+    // jars from flink lib
+    classpathEntries.add(s"$flinkHome${File.separator}lib${File.separator}*")
+
+    // classpath contains flink configurations, default to flink.home/conf
+    classpathEntries.add(envs.getOrElse("FLINK_CONF_DIR", ""))
+    // classpath contains hadoop configurations
+    val cp = System.getProperty("java.class.path")
+    // exclude kyuubi flink engine jar that has SPI for EmbeddedExecutorFactory
+    // which can't be initialized on the client side
+    val hadoopJars = cp.split(":").filter(s => !s.contains("flink"))
+    hadoopJars.foreach(classpathEntries.add)
+    val extraCp = conf.get(ENGINE_FLINK_EXTRA_CLASSPATH)
+    extraCp.foreach(classpathEntries.add)
+    if (hadoopJars.isEmpty && extraCp.isEmpty) {
+      mainResource(envs).foreach { path =>
+        val devHadoopJars = Paths.get(path).getParent
+          .resolve(s"scala-$SCALA_COMPILE_VERSION")
+          .resolve("jars")
+        if (!Files.exists(devHadoopJars)) {
+          throw new KyuubiException(s"The path $devHadoopJars does not exists. " +
+            s"Please set FLINK_HADOOP_CLASSPATH or ${ENGINE_FLINK_EXTRA_CLASSPATH.key}" +
+            s" for configuring location of hadoop client jars, etc.")
+        }
+        classpathEntries.add(s"$devHadoopJars${File.separator}*")
+      }
+    }
+    command += classpathEntries.asScala.mkString(File.pathSeparator)
+    command += "org.apache.kyuubi.engine.flink.FlinkSQLEngine"
+
+    conf.getAll.foreach { case (k, v) =>
+      command += "--conf"
+      command += s"$k=$v"
     }
+
+    processBuilder.command(command.toList.asJava)
+    processBuilder.redirectOutput(Redirect.INHERIT)
+    processBuilder.redirectError(Redirect.INHERIT)
+
+    info(s"staring flink local engine...")
+    engineProcess = processBuilder.start()
   }
 
   private def startMiniCluster(): Unit = {
@@ -84,4 +193,35 @@ trait WithFlinkSQLEngineLocal extends KyuubiFunSuite with WithFlinkTestResources
 
   protected def getJdbcUrl: String = s"jdbc:hive2://$connectionUrl/;"
 
+  def mainResource(env: Map[String, String]): Option[String] = {
+    val module = "kyuubi-flink-sql-engine"
+    val shortName = "flink"
+    // 1. get the main resource jar for user specified config first
+    val jarName = s"${module}_$SCALA_COMPILE_VERSION-$KYUUBI_VERSION.jar"
+    conf.getOption(s"kyuubi.session.engine.$shortName.main.resource").filter {
+      userSpecified =>
+        // skip check exist if not local file.
+        val uri = new URI(userSpecified)
+        val schema = if (uri.getScheme != null) uri.getScheme else "file"
+        schema match {
+          case "file" => Files.exists(Paths.get(userSpecified))
+          case _ => true
+        }
+    }.orElse {
+      // 2. get the main resource jar from system build default
+      env.get(KYUUBI_HOME).toSeq
+        .flatMap { p =>
+          Seq(
+            Paths.get(p, "externals", "engines", shortName, jarName),
+            Paths.get(p, "externals", module, "target", jarName))
+        }
+        .find(Files.exists(_)).map(_.toAbsolutePath.toFile.getCanonicalPath)
+    }.orElse {
+      // 3. get the main resource from dev environment
+      val cwd = Utils.getCodeSourceLocation(getClass).split("externals")
+      assert(cwd.length > 1)
+      Option(Paths.get(cwd.head, "externals", module, "target", jarName))
+        .map(_.toAbsolutePath.toFile.getCanonicalPath)
+    }
+  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
index 3847087b3..553574e65 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
@@ -49,7 +49,7 @@ trait WithFlinkSQLEngineOnYarn extends KyuubiFunSuite with WithFlinkTestResource
 
   private var zkServer: EmbeddedZookeeper = _
 
-  def withKyuubiConf: Map[String, String]
+  def withKyuubiConf: Map[String, String] = testExtraConf
 
   private val yarnConf: YarnConfiguration = {
     val yarnConfig = new YarnConfiguration()
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
index 6a85654f0..3ea02774e 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.engine.flink
 
+import java.io.File
+
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
 
@@ -33,9 +35,12 @@ trait WithFlinkTestResources {
       }
      """
 
-  protected val udfJar = TestUserClassLoaderJar.createJarFile(
+  protected val udfJar: File = TestUserClassLoaderJar.createJarFile(
     Utils.createTempDir("test-jar").toFile,
     "test-classloader-udf.jar",
     GENERATED_UDF_CLASS,
     GENERATED_UDF_CODE)
+
+  protected val testExtraConf: Map[String, String] = Map(
+    "flink.pipeline.name" -> "test-job")
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
index e4e6a5c67..0f4b38d36 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
@@ -17,17 +17,35 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import java.util.UUID
+
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.flink.WithFlinkSQLEngineLocal
+import org.apache.kyuubi.engine.ShareLevel
+import org.apache.kyuubi.engine.flink.{WithDiscoveryFlinkSQLEngine, WithFlinkSQLEngineLocal}
+import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
 import org.apache.kyuubi.operation.NoneMode
 
 class FlinkOperationLocalSuite extends FlinkOperationSuite
-  with WithFlinkSQLEngineLocal {
+  with WithDiscoveryFlinkSQLEngine with WithFlinkSQLEngineLocal {
+
+  protected def jdbcUrl: String = getFlinkEngineServiceUrl
+
+  override def withKyuubiConf: Map[String, String] = {
+    Map(
+      "flink.execution.target" -> "remote",
+      HA_NAMESPACE.key -> namespace,
+      HA_ENGINE_REF_ID.key -> engineRefId,
+      ENGINE_TYPE.key -> "FLINK_SQL",
+      ENGINE_SHARE_LEVEL.key -> shareLevel,
+      OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name) ++ testExtraConf
+  }
+
+  override protected def engineRefId: String = UUID.randomUUID().toString
+
+  def namespace: String = "/kyuubi/flink-local-engine-test"
 
-  override def withKyuubiConf: Map[String, String] =
-    Map(OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name)
+  def shareLevel: String = ShareLevel.USER.toString
 
-  override protected def jdbcUrl: String =
-    s"jdbc:hive2://${engine.frontendServices.head.connectionUrl}/;"
+  def engineType: String = "flink"
 
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
index b43e83db6..931d500f7 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
@@ -17,10 +17,31 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
-import org.apache.kyuubi.engine.flink.WithDiscoveryFlinkSQLEngine
+import java.util.UUID
+
+import org.apache.kyuubi.config.KyuubiConf.{ENGINE_SHARE_LEVEL, ENGINE_TYPE}
+import org.apache.kyuubi.engine.ShareLevel
+import org.apache.kyuubi.engine.flink.{WithDiscoveryFlinkSQLEngine, WithFlinkSQLEngineOnYarn}
+import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
 
 class FlinkOperationOnYarnSuite extends FlinkOperationSuite
-  with WithDiscoveryFlinkSQLEngine {
+  with WithDiscoveryFlinkSQLEngine with WithFlinkSQLEngineOnYarn {
 
   protected def jdbcUrl: String = getFlinkEngineServiceUrl
+
+  override def withKyuubiConf: Map[String, String] = {
+    Map(
+      HA_NAMESPACE.key -> namespace,
+      HA_ENGINE_REF_ID.key -> engineRefId,
+      ENGINE_TYPE.key -> "FLINK_SQL",
+      ENGINE_SHARE_LEVEL.key -> shareLevel) ++ testExtraConf
+  }
+
+  override protected def engineRefId: String = UUID.randomUUID().toString
+
+  def namespace: String = "/kyuubi/flink-yarn-application-test"
+
+  def shareLevel: String = ShareLevel.USER.toString
+
+  def engineType: String = "flink"
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 77ce3b3ee..908e407a9 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -23,12 +23,13 @@ import java.util.UUID
 import scala.collection.JavaConverters._
 
 import org.apache.flink.api.common.JobID
+import org.apache.flink.configuration.PipelineOptions
 import org.apache.flink.table.types.logical.LogicalTypeRoot
 import org.apache.hive.service.rpc.thrift._
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.flink.WithFlinkTestResources
+import org.apache.kyuubi.engine.flink.{FlinkEngineUtils, WithFlinkTestResources}
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
@@ -758,7 +759,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.ARRAY)
       assert(resultSet.next())
-      val expected = "[v1,v2,v3]"
+      val expected = "[\"v1\",\"v2\",\"v3\"]"
       assert(resultSet.getObject(1).toString == expected)
     }
   }
@@ -778,7 +779,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("select (1, '2', true)")
       assert(resultSet.next())
-      val expected = """{INT NOT NULL:1,CHAR(1) NOT NULL:2,BOOLEAN NOT NULL:true}"""
+      val expected = """{INT NOT NULL:1,CHAR(1) NOT NULL:"2",BOOLEAN NOT NULL:true}"""
       assert(resultSet.getString(1) == expected)
       val metaData = resultSet.getMetaData
       assert(metaData.getColumnType(1) === java.sql.Types.STRUCT)
@@ -955,7 +956,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       statement.executeQuery("create table tbl_a (a int) with ('connector' = 'blackhole')")
       val resultSet = statement.executeQuery("insert into tbl_a select 1")
       val metadata = resultSet.getMetaData
-      assert(metadata.getColumnName(1) === "result")
+      assert(metadata.getColumnName(1) === "job id")
       assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
       assert(resultSet.next())
       assert(resultSet.getString(1).length == 32)
@@ -973,7 +974,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       statement.executeQuery("create table tbl_b (a int) with ('connector' = 'blackhole')")
       val resultSet = statement.executeQuery("insert into tbl_b select * from tbl_a")
       val metadata = resultSet.getMetaData
-      assert(metadata.getColumnName(1) === "result")
+      assert(metadata.getColumnName(1) === "job id")
       assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
       assert(resultSet.next())
       assert(resultSet.getString(1).length == 32)
@@ -984,11 +985,9 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
     withMultipleConnectionJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("set table.dynamic-table-options.enabled = true")
       val metadata = resultSet.getMetaData
-      assert(metadata.getColumnName(1) == "key")
-      assert(metadata.getColumnName(2) == "value")
+      assert(metadata.getColumnName(1) == "result")
       assert(resultSet.next())
-      assert(resultSet.getString(1) == "table.dynamic-table-options.enabled")
-      assert(resultSet.getString(2) == "true")
+      assert(resultSet.getString(1) == "OK")
     }
   }
 
@@ -1003,16 +1002,17 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
   }
 
   test("execute statement - reset property") {
+    val originalName = "test-job" // defined in WithFlinkTestResource
     withMultipleConnectionJdbcStatement() { statement =>
-      statement.executeQuery("set pipeline.jars = my.jar")
-      statement.executeQuery("reset pipeline.jars")
+      statement.executeQuery(s"set ${PipelineOptions.NAME.key()} = wrong-name")
+      statement.executeQuery(s"reset ${PipelineOptions.NAME.key()}")
       val resultSet = statement.executeQuery("set")
       // Flink does not support set key without value currently,
       // thus read all rows to find the desired one
       var success = false
       while (resultSet.next()) {
-        if (resultSet.getString(1) == "pipeline.jars" &&
-          !resultSet.getString(2).contains("my.jar")) {
+        if (resultSet.getString(1) == PipelineOptions.NAME.key() &&
+          resultSet.getString(2).equals(originalName)) {
           success = true
         }
       }
@@ -1066,7 +1066,31 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
     }
   }
 
-  test("execute statement - add/remove/show jar") {
+  test("execute statement - add/show jar") {
+    val jarName = s"newly-added-${UUID.randomUUID()}.jar"
+    val newJar = TestUserClassLoaderJar.createJarFile(
+      Utils.createTempDir("add-jar-test").toFile,
+      jarName,
+      GENERATED_UDF_CLASS,
+      GENERATED_UDF_CODE).toPath
+
+    withMultipleConnectionJdbcStatement()({ statement =>
+      statement.execute(s"add jar '$newJar'")
+
+      val showJarsResultAdded = statement.executeQuery("show jars")
+      var exists = false
+      while (showJarsResultAdded.next()) {
+        if (showJarsResultAdded.getString(1).contains(jarName)) {
+          exists = true
+        }
+      }
+      assert(exists)
+    })
+  }
+
+  // ignored because Flink gateway doesn't support remove-jar statements
+  // see org.apache.flink.table.gateway.service.operation.OperationExecutor#callRemoveJar(..)
+  ignore("execute statement - remove jar") {
     val jarName = s"newly-added-${UUID.randomUUID()}.jar"
     val newJar = TestUserClassLoaderJar.createJarFile(
       Utils.createTempDir("add-jar-test").toFile,
@@ -1136,9 +1160,12 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       assert(stmt.asInstanceOf[KyuubiStatement].getQueryId === null)
       stmt.executeQuery("insert into tbl_a values (1)")
       val queryId = stmt.asInstanceOf[KyuubiStatement].getQueryId
-      assert(queryId !== null)
-      // parse the string to check if it's valid Flink job id
-      assert(JobID.fromHexString(queryId) !== null)
+      // Flink 1.16 doesn't support query id via ResultFetcher
+      if (FlinkEngineUtils.isFlinkVersionAtLeast("1.17")) {
+        assert(queryId !== null)
+        // parse the string to check if it's valid Flink job id
+        assert(JobID.fromHexString(queryId) !== null)
+      }
     }
   }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala
index 1657f21f6..17c49464f 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyOperationSuite.scala
@@ -18,21 +18,33 @@
 package org.apache.kyuubi.engine.flink.operation
 
 import java.sql.Statement
+import java.util.UUID
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.flink.WithFlinkSQLEngineLocal
+import org.apache.kyuubi.engine.flink.{WithDiscoveryFlinkSQLEngine, WithFlinkSQLEngineLocal}
+import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
 import org.apache.kyuubi.operation.{AnalyzeMode, ExecutionMode, HiveJDBCTestHelper, ParseMode, PhysicalMode}
 
-class PlanOnlyOperationSuite extends WithFlinkSQLEngineLocal with HiveJDBCTestHelper {
+class PlanOnlyOperationSuite extends WithFlinkSQLEngineLocal
+  with HiveJDBCTestHelper with WithDiscoveryFlinkSQLEngine {
+
+  override protected def engineRefId: String = UUID.randomUUID().toString
+
+  override protected def namespace: String = "/kyuubi/flink-plan-only-test"
+
+  def engineType: String = "flink"
 
   override def withKyuubiConf: Map[String, String] =
     Map(
+      "flink.execution.target" -> "remote",
+      HA_NAMESPACE.key -> namespace,
+      HA_ENGINE_REF_ID.key -> engineRefId,
+      KyuubiConf.ENGINE_TYPE.key -> "FLINK_SQL",
       KyuubiConf.ENGINE_SHARE_LEVEL.key -> "user",
       KyuubiConf.OPERATION_PLAN_ONLY_MODE.key -> ParseMode.name,
-      KyuubiConf.ENGINE_SHARE_LEVEL_SUBDOMAIN.key -> "plan-only")
+      KyuubiConf.ENGINE_SHARE_LEVEL_SUBDOMAIN.key -> "plan-only") ++ testExtraConf
 
-  override protected def jdbcUrl: String =
-    s"jdbc:hive2://${engine.frontendServices.head.connectionUrl}/;"
+  override protected def jdbcUrl: String = getFlinkEngineServiceUrl
 
   test("Plan only operation with system defaults") {
     withJdbcStatement() { statement =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index 02aed2866..8c92b77ef 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -176,7 +176,7 @@ object KyuubiApplicationManager {
         // if the master is not identified ahead, add all tags
         setupSparkYarnTag(applicationTag, conf)
         setupSparkK8sTag(applicationTag, conf)
-      case ("FLINK", _) =>
+      case ("FLINK", Some("YARN")) =>
         // running flink on other platforms is not yet supported
         setupFlinkYarnTag(applicationTag, conf)
       // other engine types are running locally yet
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
index 8642d87d7..d8d46e427 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
@@ -54,6 +54,9 @@ class FlinkProcessBuilder(
     Paths.get(flinkHome, "bin", FLINK_EXEC_FILE).toFile.getCanonicalPath
   }
 
+  // flink.execution.target are required in Kyuubi conf currently
+  val executionTarget: Option[String] = conf.getOption("flink.execution.target")
+
   override protected def module: String = "kyuubi-flink-sql-engine"
 
   override protected def mainClass: String = "org.apache.kyuubi.engine.flink.FlinkSQLEngine"
@@ -63,13 +66,17 @@ class FlinkProcessBuilder(
       "FLINK_CONF_DIR",
       s"$flinkHome${File.separator}conf"))
 
-  override def clusterManager(): Option[String] = Some("yarn")
+  override def clusterManager(): Option[String] = {
+    executionTarget match {
+      case Some("yarn-application") => Some("yarn")
+      case _ => None
+    }
+  }
 
   override protected val commands: Array[String] = {
     KyuubiApplicationManager.tagApplication(engineRefId, shortName, clusterManager(), conf)
 
     // flink.execution.target are required in Kyuubi conf currently
-    val executionTarget = conf.getOption("flink.execution.target")
     executionTarget match {
       case Some("yarn-application") =>
         val buffer = new ArrayBuffer[String]()
@@ -133,16 +140,16 @@ class FlinkProcessBuilder(
         val classpathEntries = new java.util.LinkedHashSet[String]
         // flink engine runtime jar
         mainResource.foreach(classpathEntries.add)
-        // flink sql client jar
-        val flinkSqlClientPath = Paths.get(flinkHome)
+        // flink sql jars
+        Paths.get(flinkHome)
           .resolve("opt")
           .toFile
           .listFiles(new FilenameFilter {
             override def accept(dir: File, name: String): Boolean = {
-              name.toLowerCase.startsWith("flink-sql-client")
+              name.toLowerCase.startsWith("flink-sql-client") ||
+              name.toLowerCase.startsWith("flink-sql-gateway")
             }
-          }).head.getAbsolutePath
-        classpathEntries.add(flinkSqlClientPath)
+          }).sorted.foreach(jar => classpathEntries.add(jar.getAbsolutePath))
 
         // jars from flink lib
         classpathEntries.add(s"$flinkHome${File.separator}lib${File.separator}*")
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
index 53450b589..45272618d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
@@ -63,7 +63,7 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
   private def envWithAllHadoop: ListMap[String, String] = envWithoutHadoopCLASSPATH +
     (FLINK_HADOOP_CLASSPATH_KEY -> s"${File.separator}hadoop")
   private def confStr: String = {
-    sessionModeConf.clone.set("yarn.tags", "KYUUBI").getAll
+    sessionModeConf.clone.getAll
       .map { case (k, v) => s"\\\\\\n\\t--conf $k=$v" }
       .mkString(" ")
   }
@@ -106,6 +106,7 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
 
     val flinkHome = builder.flinkHome
     classpathEntries.add(s"$flinkHome$flinkSqlClientJarPathSuffixRegex")
+    classpathEntries.add(s"$flinkHome$flinkSqlGatewayJarPathSuffixRegex")
     classpathEntries.add(s"$flinkHome$flinkLibPathSuffixRegex")
     classpathEntries.add(s"$flinkHome$flinkConfPathSuffix")
     val envMap = builder.env
@@ -123,6 +124,8 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
   private val javaPath = s"${envDefault("JAVA_HOME")}${File.separator}bin${File.separator}java"
   private val flinkSqlClientJarPathSuffixRegex = s"${File.separator}opt${File.separator}" +
     s"flink-sql-client-.*.jar"
+  private val flinkSqlGatewayJarPathSuffixRegex = s"${File.separator}opt${File.separator}" +
+    s"flink-sql-gateway-.*.jar"
   private val flinkLibPathSuffixRegex = s"${File.separator}lib${File.separator}\\*"
   private val flinkConfPathSuffix = s"${File.separator}conf"
   private val mainClassStr = "org.apache.kyuubi.engine.flink.FlinkSQLEngine"
diff --git a/pom.xml b/pom.xml
index 520b181d5..1feae0322 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
         <failsafe.verion>2.4.4</failsafe.verion>
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>
-        <flink.version>1.16.1</flink.version>
+        <flink.version>1.17.0</flink.version>
         <flink.archive.name>flink-${flink.version}-bin-scala_${scala.binary.version}.tgz</flink.archive.name>
         <flink.archive.mirror>${apache.archive.dist}/flink/flink-${flink.version}</flink.archive.mirror>
         <flink.archive.download.skip>false</flink.archive.download.skip>
@@ -1624,6 +1624,12 @@
                 <version>${flink.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>org.apache.flink</groupId>
+                <artifactId>flink-sql-gateway</artifactId>
+                <version>${flink.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>org.apache.flink</groupId>
                 <artifactId>flink-test-utils</artifactId>
@@ -2390,16 +2396,16 @@
         </profile>
 
         <profile>
-            <id>flink-1.15</id>
+            <id>flink-1.16</id>
             <properties>
-                <flink.version>1.15.4</flink.version>
+                <flink.version>1.16.1</flink.version>
             </properties>
         </profile>
 
         <profile>
-            <id>flink-1.16</id>
+            <id>flink-1.17</id>
             <properties>
-                <flink.version>1.16.1</flink.version>
+                <flink.version>1.17.0</flink.version>
             </properties>
         </profile>
 

From 8d0b3ff50cd8a59733731663741c8d59dc8ef3c6 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 17 Apr 2023 20:26:12 +0800
Subject: [PATCH 292/760] [KYUUBI #4387][DOCS][FOLLOWUP] Update Flink version
 requirements

### _Why are the changes needed?_

Update docs to mention that Kyuubi requires Flink 1.15+ now

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4721 from pan3793/doc.

Closes #4387

4fdd9082b [Cheng Pan] [KYUUBI #4387][DOCS][FOLLOUP] Update Flink version requirements

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start.rst b/docs/quick_start/quick_start.rst
index db564edb9..fb1b12c2d 100644
--- a/docs/quick_start/quick_start.rst
+++ b/docs/quick_start/quick_start.rst
@@ -44,7 +44,7 @@ pre-installed and the `JAVA_HOME` is correctly set to each component.
                    Engine lib                   - Kyuubi Engine
                    Beeline                      - Kyuubi Hive Beeline
   **Spark**        Engine       >=3.0.0         A Spark distribution
-  **Flink**        Engine       >=1.14.0        A Flink distribution
+  **Flink**        Engine       >=1.15.0        A Flink distribution
   **Trino**        Engine       >=363           A Trino cluster
   **Doris**        Engine       N/A             A Doris cluster
   **Hive**         Engine       - 3.1.x         - A Hive distribution

From b3dc4f8e3050b5341b34cb9f5f4f704d8b2c0fdf Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 17 Apr 2023 20:44:21 +0800
Subject: [PATCH 293/760] [KYUUBI #4722] [DOCS] Kyuubi requires Spark 3.1 and
 above now

### _Why are the changes needed?_

Kyuubi requires Spark 3.1 and above since 1.7.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4722 from pan3793/spark-3.1.

Closes #4722

e2b4c9ca2 [Cheng Pan] [DOCS] Kyuubi requires Spark 3.1 and above now

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start.rst b/docs/quick_start/quick_start.rst
index fb1b12c2d..388aaf217 100644
--- a/docs/quick_start/quick_start.rst
+++ b/docs/quick_start/quick_start.rst
@@ -43,7 +43,7 @@ pre-installed and the `JAVA_HOME` is correctly set to each component.
   **Kyuubi**       Gateway      \ |release| \   - Kyuubi Server
                    Engine lib                   - Kyuubi Engine
                    Beeline                      - Kyuubi Hive Beeline
-  **Spark**        Engine       >=3.0.0         A Spark distribution
+  **Spark**        Engine       >=3.1           A Spark distribution
   **Flink**        Engine       >=1.15.0        A Flink distribution
   **Trino**        Engine       >=363           A Trino cluster
   **Doris**        Engine       N/A             A Doris cluster

From a4cdb26ca7f4ffd39e08b0c842b9759cd56eb6d7 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 17 Apr 2023 23:02:18 +0800
Subject: [PATCH 294/760] [KYUUBI #4367][DOCS][FOLLOWUP] Kyuubi requires Flink
 1.16/1.17

### _Why are the changes needed?_

Kyuubi requires Flink 1.16/1.17 now

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4723 from pan3793/flink-1.17.

Closes #4367

1e64dcbf1 [Cheng Pan] [KYUUBI #4367][DOCS][FOLLOWUP] Kyuubi requries Flink 1.16/1.17

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start.rst b/docs/quick_start/quick_start.rst
index 388aaf217..2cf5f567f 100644
--- a/docs/quick_start/quick_start.rst
+++ b/docs/quick_start/quick_start.rst
@@ -44,7 +44,7 @@ pre-installed and the `JAVA_HOME` is correctly set to each component.
                    Engine lib                   - Kyuubi Engine
                    Beeline                      - Kyuubi Hive Beeline
   **Spark**        Engine       >=3.1           A Spark distribution
-  **Flink**        Engine       >=1.15.0        A Flink distribution
+  **Flink**        Engine       1.16/1.17       A Flink distribution
   **Trino**        Engine       >=363           A Trino cluster
   **Doris**        Engine       N/A             A Doris cluster
   **Hive**         Engine       - 3.1.x         - A Hive distribution

From a9a4766778d6894561efb32cdb1c3e73d6714b87 Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Mon, 17 Apr 2023 23:03:49 +0800
Subject: [PATCH 295/760] [KYUUBI #4698] [K8S][HELM] Centralize Kyuubi labels
 definition

### _Why are the changes needed?_

It's a default implementation created by helm create chart_name. Label info is relatively fixed and is frequently used in templates, reducing code redundancy. Define common tags that make yaml cleaner and easy to read.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4698 from dev-lpq/helm_define_lables.

Closes #4698

7f60391c5 [pengqli] change the labels comment
5b246dd94 [pengqli] Merge branch 'master' into helm_define_lables
f480772f0 [pengqli] change the kyuubi labels name
e98d1d9a5 [pengqli] define Kyuubi labels template

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/_helpers.tpl           | 18 ++++++++++++++++++
 charts/kyuubi/templates/kyuubi-configmap.yaml  |  6 +-----
 charts/kyuubi/templates/kyuubi-deployment.yaml | 12 +++---------
 charts/kyuubi/templates/kyuubi-role.yaml       |  6 +-----
 .../kyuubi/templates/kyuubi-rolebinding.yaml   |  6 +-----
 charts/kyuubi/templates/kyuubi-service.yaml    |  9 ++-------
 .../templates/kyuubi-serviceaccount.yaml       |  6 +-----
 7 files changed, 27 insertions(+), 36 deletions(-)

diff --git a/charts/kyuubi/templates/_helpers.tpl b/charts/kyuubi/templates/_helpers.tpl
index 07e66d5f1..4c9da32b9 100644
--- a/charts/kyuubi/templates/_helpers.tpl
+++ b/charts/kyuubi/templates/_helpers.tpl
@@ -31,3 +31,21 @@ For details, see 'kyuubi.frontend.protocols': https://kyuubi.readthedocs.io/en/m
   {{- end }}
   {{- $protocols |  join "," }}
 {{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kyuubi.selectorLabels" -}}
+app.kubernetes.io/name: {{ .Chart.Name }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "kyuubi.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+{{ include "kyuubi.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index 22d6562b8..3e7281083 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -20,11 +20,7 @@ kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}
   labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kyuubi.labels" . | nindent 4 }}
 data:
   {{- with .Values.kyuubiConf.kyuubiEnv }}
   kyuubi-env.sh: |
diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index b30913dd0..beca0998a 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -20,22 +20,16 @@ kind: Deployment
 metadata:
   name: {{ .Release.Name }}
   labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kyuubi.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ .Chart.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "kyuubi.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ .Chart.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- include "kyuubi.selectorLabels" . | nindent 8 }}
       annotations:
         checksum/conf: {{ include (print $.Template.BasePath "/kyuubi-configmap.yaml") . | sha256sum }}
     spec:
diff --git a/charts/kyuubi/templates/kyuubi-role.yaml b/charts/kyuubi/templates/kyuubi-role.yaml
index 7e0a810a1..5ee8c1dff 100644
--- a/charts/kyuubi/templates/kyuubi-role.yaml
+++ b/charts/kyuubi/templates/kyuubi-role.yaml
@@ -21,10 +21,6 @@ kind: Role
 metadata:
   name: {{ .Release.Name }}
   labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kyuubi.labels" . | nindent 4 }}
 rules: {{- toYaml .Values.rbac.rules | nindent 2 }}
 {{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-rolebinding.yaml b/charts/kyuubi/templates/kyuubi-rolebinding.yaml
index e7dd0d64b..0f9dbd049 100644
--- a/charts/kyuubi/templates/kyuubi-rolebinding.yaml
+++ b/charts/kyuubi/templates/kyuubi-rolebinding.yaml
@@ -21,11 +21,7 @@ kind: RoleBinding
 metadata:
   name: {{ .Release.Name }}
   labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kyuubi.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Values.serviceAccount.name | default .Release.Name }}
diff --git a/charts/kyuubi/templates/kyuubi-service.yaml b/charts/kyuubi/templates/kyuubi-service.yaml
index ddc2e230f..64c8b06ac 100644
--- a/charts/kyuubi/templates/kyuubi-service.yaml
+++ b/charts/kyuubi/templates/kyuubi-service.yaml
@@ -22,11 +22,7 @@ kind: Service
 metadata:
   name: {{ $.Release.Name }}-{{ $name | kebabcase }}
   labels:
-    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
-    app.kubernetes.io/name: {{ $.Chart.Name }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-    app.kubernetes.io/version: {{ $.Values.image.tag | default $.Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ $.Release.Service }}
+    {{- include "kyuubi.labels" $ | nindent 4 }}
   {{- with $frontend.service.annotations }}
   annotations: {{- toYaml . | nindent 4 }}
   {{- end }}
@@ -40,8 +36,7 @@ spec:
       nodePort: {{ $frontend.service.nodePort }}
       {{- end }}
   selector:
-    app.kubernetes.io/name: {{ $.Chart.Name }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
+    {{- include "kyuubi.selectorLabels" $ | nindent 4 }}
 ---
 {{- end }}
 {{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-serviceaccount.yaml b/charts/kyuubi/templates/kyuubi-serviceaccount.yaml
index bbfa22e35..a8e282a1f 100644
--- a/charts/kyuubi/templates/kyuubi-serviceaccount.yaml
+++ b/charts/kyuubi/templates/kyuubi-serviceaccount.yaml
@@ -21,9 +21,5 @@ kind: ServiceAccount
 metadata:
   name: {{ .Values.serviceAccount.name | default .Release.Name }}
   labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kyuubi.labels" . | nindent 4 }}
 {{- end }}

From 258172fde921f572d343eb10710d098222c83a98 Mon Sep 17 00:00:00 2001
From: Deng An <36296995+packyan@users.noreply.github.com>
Date: Tue, 18 Apr 2023 00:31:47 +0800
Subject: [PATCH 296/760] Revert "[KYUUBI #4712] Bump Spark from 3.2.3 to
 3.2.4"

This reverts commit 93ba8f762f35e5467dbb6cd51ef4e82ba2f74d05.
---
 .github/workflows/master.yml                  |   2 +-
 ...plugin.spark.authz.serde.FunctionExtractor |   1 -
 ...in.spark.authz.serde.FunctionTypeExtractor |   1 -
 .../src/main/resources/scan_command_spec.json |  29 +++
 .../src/main/resources/scan_spec.json         |  89 --------
 .../main/resources/table_command_spec.json    |  16 +-
 .../spark/authz/PrivilegesBuilder.scala       |  23 --
 .../spark/authz/serde/CommandSpec.scala       |  16 +-
 .../authz/serde/functionExtractors.scala      |  22 --
 .../authz/serde/functionTypeExtractors.scala  |  36 +---
 .../plugin/spark/authz/serde/package.scala    |  20 +-
 .../FunctionPrivilegesBuilderSuite.scala      | 196 ------------------
 .../authz/gen/JsonSpecFileGenerator.scala     |   9 +-
 .../kyuubi/plugin/spark/authz/gen/Scans.scala |  28 +--
 .../spark/authz/gen/TableCommands.scala       |   2 +-
 pom.xml                                       |   2 +-
 16 files changed, 56 insertions(+), 436 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
 delete mode 100644 extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json
 delete mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 04ecb1a60..90d51fa95 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -61,7 +61,7 @@ jobs:
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.3 -Dspark.archive.name=spark-3.2.3-bin-hadoop3.2.tgz'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.2-binary'
     env:
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
index 2facb004a..4686bb033 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
@@ -17,5 +17,4 @@
 
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionInfoFunctionExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.FunctionIdentifierFunctionExtractor
-org.apache.kyuubi.plugin.spark.authz.serde.QualifiedNameStringFunctionExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.StringFunctionExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
index 3bb0ee6c2..475f47afc 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
@@ -17,5 +17,4 @@
 
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionInfoFunctionTypeExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.FunctionIdentifierFunctionTypeExtractor
-org.apache.kyuubi.plugin.spark.authz.serde.FunctionNameFunctionTypeExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.TempMarkerFunctionTypeExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
new file mode 100644
index 000000000..9a6aef4ed
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
@@ -0,0 +1,29 @@
+[ {
+  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
+  "scanDescs" : [ {
+    "fieldName" : "catalogTable",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "catalogDesc" : null
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.catalog.HiveTableRelation",
+  "scanDescs" : [ {
+    "fieldName" : "tableMeta",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "catalogDesc" : null
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.execution.datasources.LogicalRelation",
+  "scanDescs" : [ {
+    "fieldName" : "catalogTable",
+    "fieldExtractor" : "CatalogTableOptionTableExtractor",
+    "catalogDesc" : null
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.execution.datasources.v2.DataSourceV2Relation",
+  "scanDescs" : [ {
+    "fieldName" : null,
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "catalogDesc" : null
+  } ]
+} ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json
deleted file mode 100644
index 3273ccbea..000000000
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_spec.json
+++ /dev/null
@@ -1,89 +0,0 @@
-[ {
-  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
-  "scanDescs" : [ {
-    "fieldName" : "catalogTable",
-    "fieldExtractor" : "CatalogTableTableExtractor",
-    "catalogDesc" : null
-  } ],
-  "functionDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.catalog.HiveTableRelation",
-  "scanDescs" : [ {
-    "fieldName" : "tableMeta",
-    "fieldExtractor" : "CatalogTableTableExtractor",
-    "catalogDesc" : null
-  } ],
-  "functionDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.execution.datasources.LogicalRelation",
-  "scanDescs" : [ {
-    "fieldName" : "catalogTable",
-    "fieldExtractor" : "CatalogTableOptionTableExtractor",
-    "catalogDesc" : null
-  } ],
-  "functionDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.execution.datasources.v2.DataSourceV2Relation",
-  "scanDescs" : [ {
-    "fieldName" : null,
-    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
-    "catalogDesc" : null
-  } ],
-  "functionDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.HiveGenericUDF",
-  "scanDescs" : [ ],
-  "functionDescs" : [ {
-    "fieldName" : "name",
-    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
-    "databaseDesc" : null,
-    "functionTypeDesc" : {
-      "fieldName" : "name",
-      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
-      "skipTypes" : [ "TEMP", "SYSTEM" ]
-    },
-    "isInput" : true
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.HiveGenericUDTF",
-  "scanDescs" : [ ],
-  "functionDescs" : [ {
-    "fieldName" : "name",
-    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
-    "databaseDesc" : null,
-    "functionTypeDesc" : {
-      "fieldName" : "name",
-      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
-      "skipTypes" : [ "TEMP", "SYSTEM" ]
-    },
-    "isInput" : true
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.HiveSimpleUDF",
-  "scanDescs" : [ ],
-  "functionDescs" : [ {
-    "fieldName" : "name",
-    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
-    "databaseDesc" : null,
-    "functionTypeDesc" : {
-      "fieldName" : "name",
-      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
-      "skipTypes" : [ "TEMP", "SYSTEM" ]
-    },
-    "isInput" : true
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.HiveUDAFFunction",
-  "scanDescs" : [ ],
-  "functionDescs" : [ {
-    "fieldName" : "name",
-    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
-    "databaseDesc" : null,
-    "functionTypeDesc" : {
-      "fieldName" : "name",
-      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
-      "skipTypes" : [ "TEMP", "SYSTEM" ]
-    },
-    "isInput" : true
-  } ]
-} ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 3d6fcd93b..81ccd8da0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1243,6 +1243,14 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
+  "tableDescs" : [ ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.RefreshTable",
   "tableDescs" : [ {
@@ -1285,14 +1293,6 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
-  "tableDescs" : [ ],
-  "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveTable",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 98e436189..b8220ea27 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -235,27 +235,4 @@ object PrivilegesBuilder {
     }
     (inputObjs, outputObjs, opType)
   }
-
-  /**
-   * Build input  privilege objects from a Spark's LogicalPlan for hive permanent functions
-   *
-   * For `Command`s and other queries, build inputs.
-   *
-   * @param plan A Spark LogicalPlan
-   */
-  def buildFunctionPrivileges(
-      plan: LogicalPlan,
-      spark: SparkSession): PrivilegesAndOpType = {
-    val inputObjs = new ArrayBuffer[PrivilegeObject]
-    plan transformAllExpressions {
-      case hiveFunction: Expression if isKnowFunction(hiveFunction) =>
-        val functionSpec: ScanSpec = getFunctionSpec(hiveFunction)
-        if (functionSpec.functionDescs.exists(!_.functionTypeDesc.get.skip(hiveFunction, spark))) {
-          functionSpec.functions(hiveFunction).foreach(func =>
-            inputObjs += PrivilegeObject(func))
-        }
-        hiveFunction
-    }
-    (inputObjs, Seq.empty, OperationType.QUERY)
-  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
index 32ad30e21..e96ef8cbf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
@@ -19,7 +19,6 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import com.fasterxml.jackson.annotation.JsonIgnore
 import org.apache.spark.sql.SparkSession
-import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.slf4j.LoggerFactory
 
@@ -95,8 +94,7 @@ case class TableCommandSpec(
 
 case class ScanSpec(
     classname: String,
-    scanDescs: Seq[ScanDesc],
-    functionDescs: Seq[FunctionDesc] = Seq.empty) extends CommandSpec {
+    scanDescs: Seq[ScanDesc]) extends CommandSpec {
   override def opType: String = OperationType.QUERY.toString
   def tables: (LogicalPlan, SparkSession) => Seq[Table] = (plan, spark) => {
     scanDescs.flatMap { td =>
@@ -109,16 +107,4 @@ case class ScanSpec(
       }
     }
   }
-
-  def functions: (Expression) => Seq[Function] = (expr) => {
-    functionDescs.flatMap { fd =>
-      try {
-        Some(fd.extract(expr))
-      } catch {
-        case e: Exception =>
-          LOG.debug(fd.error(expr, e))
-          None
-      }
-    }
-  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
index 729521200..894a6cb8f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
@@ -20,23 +20,12 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 import org.apache.spark.sql.catalyst.FunctionIdentifier
 import org.apache.spark.sql.catalyst.expressions.ExpressionInfo
 
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
-
 trait FunctionExtractor extends (AnyRef => Function) with Extractor
 
 object FunctionExtractor {
   val functionExtractors: Map[String, FunctionExtractor] = {
     loadExtractorsToMap[FunctionExtractor]
   }
-
-  def buildFunctionIdentFromQualifiedName(qualifiedName: String): (String, Option[String]) = {
-    val parts: Array[String] = qualifiedName.split("\\.", 2)
-    if (parts.length == 1) {
-      (qualifiedName, None)
-    } else {
-      (parts.last, Some(parts.head))
-    }
-  }
 }
 
 /**
@@ -48,17 +37,6 @@ class StringFunctionExtractor extends FunctionExtractor {
   }
 }
 
-/**
- *  * String
- */
-class QualifiedNameStringFunctionExtractor extends FunctionExtractor {
-  override def apply(v1: AnyRef): Function = {
-    val qualifiedName: String = v1.asInstanceOf[String]
-    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
-    Function(database, funcName)
-  }
-}
-
 /**
  * org.apache.spark.sql.catalyst.FunctionIdentifier
  */
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
index 193a00fa5..4c5e9dc84 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
@@ -19,11 +19,8 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.FunctionIdentifier
-import org.apache.spark.sql.catalyst.catalog.SessionCatalog
 
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType.{FunctionType, PERMANENT, SYSTEM, TEMP}
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.getFunctionType
 
 object FunctionType extends Enumeration {
   type FunctionType = Value
@@ -36,17 +33,6 @@ object FunctionTypeExtractor {
   val functionTypeExtractors: Map[String, FunctionTypeExtractor] = {
     loadExtractorsToMap[FunctionTypeExtractor]
   }
-
-  def getFunctionType(fi: FunctionIdentifier, catalog: SessionCatalog): FunctionType = {
-    fi match {
-      case permanent if catalog.isPersistentFunction(permanent) =>
-        PERMANENT
-      case system if catalog.isRegisteredFunction(system) =>
-        SYSTEM
-      case _ =>
-        TEMP
-    }
-  }
 }
 
 /**
@@ -80,18 +66,14 @@ class FunctionIdentifierFunctionTypeExtractor extends FunctionTypeExtractor {
   override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
     val catalog = spark.sessionState.catalog
     val fi = v1.asInstanceOf[FunctionIdentifier]
-    getFunctionType(fi, catalog)
-  }
-}
-
-/**
- * String
- */
-class FunctionNameFunctionTypeExtractor extends FunctionTypeExtractor {
-  override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
-    val catalog: SessionCatalog = spark.sessionState.catalog
-    val qualifiedName: String = v1.asInstanceOf[String]
-    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
-    getFunctionType(FunctionIdentifier(funcName, database), catalog)
+    if (catalog.isTemporaryFunction(fi)) {
+      TEMP
+    } else if (catalog.isPersistentFunction(fi)) {
+      PERMANENT
+    } else if (catalog.isRegisteredFunction(fi)) {
+      SYSTEM
+    } else {
+      TEMP
+    }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
index 07f91a95d..a52a558a0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
@@ -66,10 +66,9 @@ package object serde {
   }
 
   final private lazy val SCAN_SPECS: Map[String, ScanSpec] = {
-    val is = getClass.getClassLoader.getResourceAsStream("scan_spec.json")
+    val is = getClass.getClassLoader.getResourceAsStream("scan_command_spec.json")
     mapper.readValue(is, new TypeReference[Array[ScanSpec]] {})
-      .map(e => (e.classname, e))
-      .filter(t => t._2.scanDescs.nonEmpty).toMap
+      .map(e => (e.classname, e)).toMap
   }
 
   def isKnownScan(r: AnyRef): Boolean = {
@@ -80,21 +79,6 @@ package object serde {
     SCAN_SPECS(r.getClass.getName)
   }
 
-  final private lazy val FUNCTION_SPECS: Map[String, ScanSpec] = {
-    val is = getClass.getClassLoader.getResourceAsStream("scan_spec.json")
-    mapper.readValue(is, new TypeReference[Array[ScanSpec]] {})
-      .map(e => (e.classname, e))
-      .filter(t => t._2.functionDescs.nonEmpty).toMap
-  }
-
-  def isKnowFunction(r: AnyRef): Boolean = {
-    FUNCTION_SPECS.contains(r.getClass.getName)
-  }
-
-  def getFunctionSpec(r: AnyRef): ScanSpec = {
-    FUNCTION_SPECS(r.getClass.getName)
-  }
-
   def operationType(plan: LogicalPlan): OperationType = {
     val classname = plan.getClass.getName
     TABLE_COMMAND_SPECS.get(classname)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
deleted file mode 100644
index e8da4e871..000000000
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.plugin.spark.authz
-
-import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
-import org.scalatest.{BeforeAndAfterAll, BeforeAndAfterEach}
-// scalastyle:off
-import org.scalatest.funsuite.AnyFunSuite
-
-import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
-import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-
-abstract class FunctionPrivilegesBuilderSuite extends AnyFunSuite
-  with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
-  // scalastyle:on
-
-  protected def withTable(t: String)(f: String => Unit): Unit = {
-    try {
-      f(t)
-    } finally {
-      sql(s"DROP TABLE IF EXISTS $t")
-    }
-  }
-
-  protected def withDatabase(t: String)(f: String => Unit): Unit = {
-    try {
-      f(t)
-    } finally {
-      sql(s"DROP DATABASE IF EXISTS $t")
-    }
-  }
-
-  protected def checkColumns(plan: LogicalPlan, cols: Seq[String]): Unit = {
-    val (in, out, _) = PrivilegesBuilder.build(plan, spark)
-    assert(out.isEmpty, "Queries shall not check output privileges")
-    val po = in.head
-    assert(po.actionType === PrivilegeObjectActionType.OTHER)
-    assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.columns === cols)
-  }
-
-  protected def checkColumns(query: String, cols: Seq[String]): Unit = {
-    checkColumns(sql(query).queryExecution.optimizedPlan, cols)
-  }
-
-  protected val reusedDb: String = getClass.getSimpleName
-  protected val reusedDb2: String = getClass.getSimpleName + "2"
-  protected val reusedTable: String = reusedDb + "." + getClass.getSimpleName
-  protected val reusedTableShort: String = reusedTable.split("\\.").last
-  protected val reusedPartTable: String = reusedTable + "_part"
-  protected val reusedPartTableShort: String = reusedPartTable.split("\\.").last
-  protected val functionCount = 3
-  protected val functionNamePrefix = "kyuubi_fun_"
-  protected val tempFunNamePrefix = "kyuubi_temp_fun_"
-
-  override def beforeAll(): Unit = {
-    sql(s"CREATE DATABASE IF NOT EXISTS $reusedDb")
-    sql(s"CREATE DATABASE IF NOT EXISTS $reusedDb2")
-    sql(s"CREATE TABLE IF NOT EXISTS $reusedTable" +
-      s" (key int, value string) USING parquet")
-    sql(s"CREATE TABLE IF NOT EXISTS $reusedPartTable" +
-      s" (key int, value string, pid string) USING parquet" +
-      s"  PARTITIONED BY(pid)")
-    // scalastyle:off
-    (0 until functionCount).foreach { index =>
-      {
-        sql(s"CREATE FUNCTION ${reusedDb}.${functionNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
-        sql(s"CREATE FUNCTION ${reusedDb2}.${functionNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
-        sql(s"CREATE TEMPORARY FUNCTION ${tempFunNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
-      }
-    }
-    sql(s"USE ${reusedDb2}")
-    // scalastyle:on
-    super.beforeAll()
-  }
-
-  override def afterAll(): Unit = {
-    Seq(reusedTable, reusedPartTable).foreach { t =>
-      sql(s"DROP TABLE IF EXISTS $t")
-    }
-
-    Seq(reusedDb, reusedDb2).foreach { db =>
-      (0 until functionCount).foreach { index =>
-        sql(s"DROP FUNCTION ${db}.${functionNamePrefix}${index}")
-      }
-      sql(s"DROP DATABASE IF EXISTS ${db}")
-    }
-
-    spark.stop()
-    super.afterAll()
-  }
-}
-
-class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite {
-
-  override protected val catalogImpl: String = "hive"
-
-  test("Function Call Query") {
-    val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
-      s"kyuubi_fun_2(value), " +
-      s"${reusedDb}.kyuubi_fun_0(value), " +
-      s"kyuubi_temp_fun_1('data2')," +
-      s"kyuubi_temp_fun_2(key) " +
-      s"FROM $reusedTable").queryExecution.analyzed
-    val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
-    assert(inputs.size === 3)
-    inputs.foreach { po =>
-      assert(po.actionType === PrivilegeObjectActionType.OTHER)
-      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
-      assert(po.dbname startsWith reusedDb.toLowerCase)
-      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
-      val accessType = ranger.AccessType(po, QUERY, isInput = true)
-      assert(accessType === AccessType.SELECT)
-    }
-  }
-
-  test("Function Call Query with Quoted Name") {
-    val plan = sql(s"SELECT `kyuubi_fun_1`('data'), " +
-      s"`kyuubi_fun_2`(value), " +
-      s"`${reusedDb}`.`kyuubi_fun_0`(value), " +
-      s"`kyuubi_temp_fun_1`('data2')," +
-      s"`kyuubi_temp_fun_2`(key) " +
-      s"FROM $reusedTable").queryExecution.analyzed
-    val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
-    assert(inputs.size === 3)
-    inputs.foreach { po =>
-      assert(po.actionType === PrivilegeObjectActionType.OTHER)
-      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
-      assert(po.dbname startsWith reusedDb.toLowerCase)
-      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
-      val accessType = ranger.AccessType(po, QUERY, isInput = true)
-      assert(accessType === AccessType.SELECT)
-    }
-  }
-
-  test("Simple Function Call Query") {
-    val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
-      s"kyuubi_fun_0('value'), " +
-      s"${reusedDb}.kyuubi_fun_0('value'), " +
-      s"${reusedDb}.kyuubi_fun_2('value'), " +
-      s"kyuubi_temp_fun_1('data2')," +
-      s"kyuubi_temp_fun_2('key') ").queryExecution.analyzed
-    val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
-    assert(inputs.size === 4)
-    inputs.foreach { po =>
-      assert(po.actionType === PrivilegeObjectActionType.OTHER)
-      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
-      assert(po.dbname startsWith reusedDb.toLowerCase)
-      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
-      val accessType = ranger.AccessType(po, QUERY, isInput = true)
-      assert(accessType === AccessType.SELECT)
-    }
-  }
-
-  test("Function Call In CAST Command") {
-    val table = "castTable"
-    withTable(table) { table =>
-      val plan = sql(s"CREATE TABLE ${table} " +
-        s"SELECT kyuubi_fun_1('data') col1, " +
-        s"${reusedDb2}.kyuubi_fun_2(value) col2, " +
-        s"kyuubi_fun_0(value) col3, " +
-        s"kyuubi_fun_2('value') col4, " +
-        s"${reusedDb}.kyuubi_fun_2('value') col5, " +
-        s"${reusedDb}.kyuubi_fun_1('value') col6, " +
-        s"kyuubi_temp_fun_1('data2') col7, " +
-        s"kyuubi_temp_fun_2(key) col8 " +
-        s"FROM ${reusedTable} WHERE ${reusedDb2}.kyuubi_fun_1(key)='123'").queryExecution.analyzed
-      val (inputs, _, _) = PrivilegesBuilder.buildFunctionPrivileges(plan, spark)
-      assert(inputs.size === 7)
-      inputs.foreach { po =>
-        assert(po.actionType === PrivilegeObjectActionType.OTHER)
-        assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
-        assert(po.dbname startsWith reusedDb.toLowerCase)
-        assert(po.objectName startsWith functionNamePrefix.toLowerCase)
-        val accessType = ranger.AccessType(po, QUERY, isInput = true)
-        assert(accessType === AccessType.SELECT)
-      }
-    }
-  }
-
-}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index e20cd13d7..7c7ed138b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -34,16 +34,13 @@ object JsonSpecFileGenerator {
     writeCommandSpecJson("database", DatabaseCommands.data)
     writeCommandSpecJson("table", TableCommands.data ++ IcebergCommands.data)
     writeCommandSpecJson("function", FunctionCommands.data)
-    writeCommandSpecJson("scan", Scans.data, isScanResource = true)
+    writeCommandSpecJson("scan", Scans.data)
   }
 
-  def writeCommandSpecJson[T <: CommandSpec](
-      commandType: String,
-      specArr: Array[T],
-      isScanResource: Boolean = false): Unit = {
+  def writeCommandSpecJson[T <: CommandSpec](commandType: String, specArr: Array[T]): Unit = {
     val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
       .split("target").head
-    val filename = s"${commandType}${if (isScanResource) "" else "_command"}_spec.json"
+    val filename = s"${commandType}_command_spec.json"
     val writer = {
       val p = Paths.get(pluginHome, "src", "main", "resources", filename)
       Files.newBufferedWriter(p, StandardCharsets.UTF_8)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index b2c1868a2..7bd8260bb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -18,7 +18,6 @@
 package org.apache.kyuubi.plugin.spark.authz.gen
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType._
 
 object Scans {
 
@@ -58,34 +57,9 @@ object Scans {
     ScanSpec(r, Seq(tableDesc))
   }
 
-  val HiveSimpleUDF = {
-    ScanSpec(
-      "org.apache.spark.sql.hive.HiveSimpleUDF",
-      Seq.empty,
-      Seq(FunctionDesc(
-        "name",
-        classOf[QualifiedNameStringFunctionExtractor],
-        functionTypeDesc = Some(FunctionTypeDesc(
-          "name",
-          classOf[FunctionNameFunctionTypeExtractor],
-          Seq(TEMP, SYSTEM))),
-        isInput = true)))
-  }
-
-  val HiveGenericUDF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDF")
-
-  val HiveUDAFFunction = HiveSimpleUDF.copy(classname =
-    "org.apache.spark.sql.hive.HiveUDAFFunction")
-
-  val HiveGenericUDTF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDTF")
-
   val data: Array[ScanSpec] = Array(
     HiveTableRelation,
     LogicalRelation,
     DataSourceV2Relation,
-    PermanentViewMarker,
-    HiveSimpleUDF,
-    HiveGenericUDF,
-    HiveUDAFFunction,
-    HiveGenericUDTF)
+    PermanentViewMarker)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 4f971ba62..7bf01b43f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -637,7 +637,7 @@ object TableCommands {
       "org.apache.spark.sql.execution.datasources.SaveIntoDataSourceCommand"),
     InsertIntoHadoopFsRelationCommand,
     InsertIntoDataSourceDir.copy(classname =
-      "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand"),
+      "org.apache.spark.sql.execution.datasources.InsertIntoDataSourceDirCommand"),
     InsertIntoHiveTable,
     LoadData,
     MergeIntoTable,
diff --git a/pom.xml b/pom.xml
index 1feae0322..8c3f71976 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2343,7 +2343,7 @@
                 <module>extensions/spark/kyuubi-extension-spark-3-2</module>
             </modules>
             <properties>
-                <spark.version>3.2.4</spark.version>
+                <spark.version>3.2.3</spark.version>
                 <spark.binary.version>3.2</spark.binary.version>
                 <delta.version>2.0.2</delta.version>
                 <spark.archive.name>spark-${spark.version}-bin-hadoop3.2.tgz</spark.archive.name>

From 8c7b457d88c97fafd5a4108a282192500ea7cf4e Mon Sep 17 00:00:00 2001
From: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Date: Mon, 17 Apr 2023 09:14:20 +0800
Subject: [PATCH 297/760] [KYUUBI #4712] Bump Spark from 3.2.3 to 3.2.4

### _Why are the changes needed?_

Fixes #4712

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4718 from anurag-rajawat/upgrade-spark.

Closes #4712

79dcf1b79 [Anurag Rajawat] Bump Spark from 3.2.3 to 3.2.4

Authored-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml | 2 +-
 pom.xml                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 90d51fa95..04ecb1a60 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -61,7 +61,7 @@ jobs:
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.3 -Dspark.archive.name=spark-3.2.3-bin-hadoop3.2.tgz'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.2-binary'
     env:
diff --git a/pom.xml b/pom.xml
index 8c3f71976..1feae0322 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2343,7 +2343,7 @@
                 <module>extensions/spark/kyuubi-extension-spark-3-2</module>
             </modules>
             <properties>
-                <spark.version>3.2.3</spark.version>
+                <spark.version>3.2.4</spark.version>
                 <spark.binary.version>3.2</spark.binary.version>
                 <delta.version>2.0.2</delta.version>
                 <spark.archive.name>spark-${spark.version}-bin-hadoop3.2.tgz</spark.archive.name>

From f6331a2a0fc0650ba0970d58f90a7a7c8e908095 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 18 Apr 2023 13:44:23 +0800
Subject: [PATCH 298/760] [KYUUBI #3653][REST] AdminResource add list kyuubi
 server api

### _Why are the changes needed?_

Add List Kyuubi Server Api for `AdminResource`

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4670 from zwangsheng/KYUUBI_3653.

Closes #3653

b91a6c617 [zwangsheng] fxi
4271d0fd0 [zwangsheng] fix comments
e14f8cd55 [zwangsheng] [KYUUBI #3653][REST] AdminResource add list server api

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/client/api/v1/dto/ServerData.java  | 129 ++++++++++++++++++
 .../apache/kyuubi/server/api/ApiUtils.scala   |  14 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  31 ++++-
 .../server/api/v1/AdminResourceSuite.scala    | 104 +++++++-------
 4 files changed, 219 insertions(+), 59 deletions(-)
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
new file mode 100644
index 000000000..d64d43a72
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+import java.util.Map;
+import java.util.Objects;
+
+public class ServerData {
+  private String nodeName;
+  private String namespace;
+  private String instance;
+  private String host;
+  private int port;
+  private Map<String, String> attributes;
+  private String status;
+
+  public ServerData(
+      String nodeName,
+      String namespace,
+      String instance,
+      String host,
+      int port,
+      Map<String, String> attributes,
+      String status) {
+    this.nodeName = nodeName;
+    this.namespace = namespace;
+    this.instance = instance;
+    this.host = host;
+    this.port = port;
+    this.attributes = attributes;
+    this.status = status;
+  }
+
+  public String getNodeName() {
+    return nodeName;
+  }
+
+  public ServerData setNodeName(String nodeName) {
+    this.nodeName = nodeName;
+    return this;
+  }
+
+  public String getNamespace() {
+    return namespace;
+  }
+
+  public ServerData setNamespace(String namespace) {
+    this.namespace = namespace;
+    return this;
+  }
+
+  public String getInstance() {
+    return instance;
+  }
+
+  public ServerData setInstance(String instance) {
+    this.instance = instance;
+    return this;
+  }
+
+  public String getHost() {
+    return host;
+  }
+
+  public ServerData setHost(String host) {
+    this.host = host;
+    return this;
+  }
+
+  public int getPort() {
+    return port;
+  }
+
+  public ServerData setPort(int port) {
+    this.port = port;
+    return this;
+  }
+
+  public Map<String, String> getAttributes() {
+    return attributes;
+  }
+
+  public ServerData setAttributes(Map<String, String> attributes) {
+    this.attributes = attributes;
+    return this;
+  }
+
+  public String getStatus() {
+    return status;
+  }
+
+  public ServerData setStatus(String status) {
+    this.status = status;
+    return this;
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(nodeName, namespace, instance, port, attributes, status);
+  }
+
+  @Override
+  public boolean equals(Object obj) {
+    if (this == obj) return true;
+    if (obj == null || getClass() != obj.getClass()) return false;
+    ServerData server = (ServerData) obj;
+    return port == server.port
+        && Objects.equals(nodeName, server.nodeName)
+        && Objects.equals(namespace, server.namespace)
+        && Objects.equals(instance, server.instance)
+        && Objects.equals(host, server.host)
+        && Objects.equals(status, server.status);
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
index ebbf04c90..1f2cb309b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -20,8 +20,9 @@ package org.apache.kyuubi.server.api
 import scala.collection.JavaConverters._
 
 import org.apache.kyuubi.Utils
-import org.apache.kyuubi.client.api.v1.dto.{OperationData, SessionData}
+import org.apache.kyuubi.client.api.v1.dto.{OperationData, ServerData, SessionData}
 import org.apache.kyuubi.events.KyuubiOperationEvent
+import org.apache.kyuubi.ha.client.ServiceNodeInfo
 import org.apache.kyuubi.operation.KyuubiOperation
 import org.apache.kyuubi.session.KyuubiSession
 
@@ -58,4 +59,15 @@ object ApiUtils {
       opEvent.sessionType,
       operation.getSession.asInstanceOf[KyuubiSession].connectionUrl)
   }
+
+  def serverData(nodeInfo: ServiceNodeInfo): ServerData = {
+    new ServerData(
+      nodeInfo.nodeName,
+      nodeInfo.namespace,
+      nodeInfo.instance,
+      nodeInfo.host,
+      nodeInfo.port,
+      nodeInfo.attributes.asJava,
+      "Running")
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 0d8b31b2c..113660a41 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -31,7 +31,7 @@ import org.apache.commons.lang3.StringUtils
 import org.apache.zookeeper.KeeperException.NoNodeException
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
-import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, SessionData}
+import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, ServerData, SessionData}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.ha.HighAvailabilityConf.HA_NAMESPACE
@@ -296,6 +296,35 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
         node.attributes.asJava))
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(
+      new Content(
+        mediaType = MediaType.APPLICATION_JSON,
+        array = new ArraySchema(schema = new Schema(implementation =
+          classOf[OperationData])))),
+    description = "list all live kyuubi servers")
+  @GET
+  @Path("server")
+  def listServers(): Seq[ServerData] = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Received list all live kyuubi servers request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to list all live kyuubi servers")
+    }
+    val kyuubiConf = fe.getConf
+    val servers = ListBuffer[ServerData]()
+    val serverSpec = DiscoveryPaths.makePath(null, kyuubiConf.get(HA_NAMESPACE))
+    withDiscoveryClient(kyuubiConf) { discoveryClient =>
+      discoveryClient.getServiceNodesInfo(serverSpec).map(nodeInfo => {
+        servers += ApiUtils.serverData(nodeInfo)
+      })
+    }
+    servers
+  }
+
   private def getEngine(
       userName: String,
       engineType: String,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index a10994d7e..b7650627e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.server.api.v1
 
+import java.nio.charset.StandardCharsets
 import java.util.{Base64, UUID}
 import javax.ws.rs.client.Entity
 import javax.ws.rs.core.{GenericType, MediaType}
@@ -24,19 +25,22 @@ import javax.ws.rs.core.{GenericType, MediaType}
 import scala.collection.JavaConverters._
 
 import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V2
+import org.mockito.Mockito.lenient
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
+import org.scalatestplus.mockito.MockitoSugar.mock
 
 import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite, RestFrontendTestHelper, Utils}
-import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, SessionData, SessionHandle, SessionOpenRequest}
+import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, ServerData, SessionData, SessionHandle, SessionOpenRequest}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
 import org.apache.kyuubi.engine.{ApplicationState, EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.EngineType.SPARK_SQL
 import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, USER}
 import org.apache.kyuubi.ha.HighAvailabilityConf
+import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceDiscovery}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
-import org.apache.kyuubi.ha.client.DiscoveryPaths
 import org.apache.kyuubi.plugin.PluginLoader
+import org.apache.kyuubi.server.KyuubiRestFrontendService
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 
 class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
@@ -46,6 +50,13 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   override protected lazy val conf: KyuubiConf = KyuubiConf()
     .set(KyuubiConf.SERVER_ADMINISTRATORS, Seq("admin001"))
 
+  private val encodeAuthorization: String = {
+    new String(
+      Base64.getEncoder.encode(
+        s"${Utils.currentUser}:".getBytes()),
+      StandardCharsets.UTF_8)
+  }
+
   override def beforeAll(): Unit = {
     super.beforeAll()
     engineMgr.initialize(KyuubiConf())
@@ -63,11 +74,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .post(null)
     assert(405 == response.getStatus)
 
-    val adminUser = Utils.currentUser
-    val encodeAuthorization = new String(
-      Base64.getEncoder.encode(
-        s"$adminUser:".getBytes()),
-      "UTF-8")
     response = webTarget.path("api/v1/admin/refresh/hadoop_conf")
       .request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
@@ -76,7 +82,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
     val admin001AuthHeader = new String(
       Base64.getEncoder.encode("admin001".getBytes()),
-      "UTF-8")
+      StandardCharsets.UTF_8)
     response = webTarget.path("api/v1/admin/refresh/hadoop_conf")
       .request()
       .header(AUTHORIZATION_HEADER, s"BASIC $admin001AuthHeader")
@@ -85,7 +91,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
     val admin002AuthHeader = new String(
       Base64.getEncoder.encode("admin002".getBytes()),
-      "UTF-8")
+      StandardCharsets.UTF_8)
     response = webTarget.path("api/v1/admin/refresh/hadoop_conf")
       .request()
       .header(AUTHORIZATION_HEADER, s"BASIC $admin002AuthHeader")
@@ -99,11 +105,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .post(null)
     assert(405 == response.getStatus)
 
-    val adminUser = Utils.currentUser
-    val encodeAuthorization = new String(
-      Base64.getEncoder.encode(
-        s"$adminUser:".getBytes()),
-      "UTF-8")
     response = webTarget.path("api/v1/admin/refresh/user_defaults_conf")
       .request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
@@ -117,11 +118,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .post(null)
     assert(405 == response.getStatus)
 
-    val adminUser = Utils.currentUser
-    val encodeAuthorization = new String(
-      Base64.getEncoder.encode(
-        s"$adminUser:".getBytes()),
-      "UTF-8")
     response = webTarget.path("api/v1/admin/refresh/unlimited_users")
       .request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
@@ -136,12 +132,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       .request(MediaType.APPLICATION_JSON_TYPE)
       .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
 
-    val adminUser = Utils.currentUser
-    val encodeAuthorization = new String(
-      Base64.getEncoder.encode(
-        s"$adminUser:".getBytes()),
-      "UTF-8")
-
     // get session list
     var response2 = webTarget.path("api/v1/admin/sessions").request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
@@ -196,12 +186,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       "localhost",
       Map("testConfig" -> "testValue"))
 
-    val adminUser = Utils.currentUser
-    val encodeAuthorization = new String(
-      Base64.getEncoder.encode(
-        s"$adminUser:".getBytes()),
-      "UTF-8")
-
     // list sessions
     var response = webTarget.path("api/v1/admin/sessions")
       .queryParam("users", "admin")
@@ -249,12 +233,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       Map("testConfig" -> "testValue"))
     val operation = fe.be.getCatalogs(sessionHandle)
 
-    val adminUser = Utils.currentUser
-    val encodeAuthorization = new String(
-      Base64.getEncoder.encode(
-        s"$adminUser:".getBytes()),
-      "UTF-8")
-
     // list operations
     var response = webTarget.path("api/v1/admin/operations").request()
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
@@ -301,11 +279,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(client.pathExists(engineSpace))
       assert(client.getChildren(engineSpace).size == 1)
 
-      val adminUser = Utils.currentUser
-      val encodeAuthorization = new String(
-        Base64.getEncoder.encode(
-          s"$adminUser:".getBytes()),
-        "UTF-8")
       val response = webTarget.path("api/v1/admin/engine")
         .queryParam("sharelevel", "USER")
         .queryParam("type", "spark_sql")
@@ -349,11 +322,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(client.pathExists(engineSpace))
       assert(client.getChildren(engineSpace).size == 1)
 
-      val adminUser = Utils.currentUser
-      val encodeAuthorization = new String(
-        Base64.getEncoder.encode(
-          s"$adminUser:".getBytes()),
-        "UTF-8")
       val response = webTarget.path("api/v1/admin/engine")
         .queryParam("sharelevel", "connection")
         .queryParam("type", "spark_sql")
@@ -389,11 +357,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(client.pathExists(engineSpace))
       assert(client.getChildren(engineSpace).size == 1)
 
-      val adminUser = Utils.currentUser
-      val encodeAuthorization = new String(
-        Base64.getEncoder.encode(
-          s"$adminUser:".getBytes()),
-        "UTF-8")
       val response = webTarget.path("api/v1/admin/engine")
         .queryParam("type", "spark_sql")
         .request(MediaType.APPLICATION_JSON_TYPE)
@@ -453,11 +416,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(client.pathExists(engineSpace1))
       assert(client.pathExists(engineSpace2))
 
-      val adminUser = Utils.currentUser
-      val encodeAuthorization = new String(
-        Base64.getEncoder.encode(
-          s"$adminUser:".getBytes()),
-        "UTF-8")
       val response = webTarget.path("api/v1/admin/engine")
         .queryParam("type", "spark_sql")
         .request(MediaType.APPLICATION_JSON_TYPE)
@@ -488,4 +446,36 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       }
     }
   }
+
+  test("list server") {
+    // Mock Kyuubi Server
+    val serverDiscovery = mock[ServiceDiscovery]
+    lenient.when(serverDiscovery.fe).thenReturn(fe)
+    val namespace = conf.get(HighAvailabilityConf.HA_NAMESPACE)
+    withDiscoveryClient(conf) { client =>
+      client.registerService(conf, namespace, serverDiscovery)
+
+      val response = webTarget.path("api/v1/admin/server")
+        .request()
+        .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+        .get
+
+      assert(200 == response.getStatus)
+      val result = response.readEntity(new GenericType[Seq[ServerData]]() {})
+      assert(result.size == 1)
+      val testServer = result.head
+      val export = fe.asInstanceOf[KyuubiRestFrontendService]
+
+      assert(namespace.equals(testServer.getNamespace.replaceFirst("/", "")))
+      assert(export.host.equals(testServer.getHost))
+      assert(export.connectionUrl.equals(testServer.getInstance()))
+      assert(!testServer.getAttributes.isEmpty)
+      val attributes = testServer.getAttributes
+      assert(attributes.containsKey("serviceUri") &&
+        attributes.get("serviceUri").equals(fe.connectionUrl))
+      assert(attributes.containsKey("version"))
+      assert(attributes.containsKey("sequence"))
+      assert("Running".equals(testServer.getStatus))
+    }
+  }
 }

From 4581920a31dc5a66b379a2737c14d129b2165397 Mon Sep 17 00:00:00 2001
From: Deng An <packyande@gmail.com>
Date: Tue, 18 Apr 2023 23:48:21 +0800
Subject: [PATCH 299/760] [KYUUBI #4716] [KYUUBI 4715] [AUTHZ] Fix the
 incorrect class name of InsertIntoHiveDirCommand in table spec generator

### _Why are the changes needed?_

to close #4715

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4716 from packyan/improve_prevent_edit_auto_generated_files.

Closes #4716

b6fff8fe7 [Deng An]  fix the inconsistency in the spec json file

Authored-by: Deng An <packyande@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/resources/table_command_spec.json   | 16 ++++++++--------
 .../plugin/spark/authz/gen/TableCommands.scala   |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 81ccd8da0..3d6fcd93b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1243,14 +1243,6 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
-}, {
-  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
-  "tableDescs" : [ ],
-  "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.RefreshTable",
   "tableDescs" : [ {
@@ -1293,6 +1285,14 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
+  "tableDescs" : [ ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveTable",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 7bf01b43f..4f971ba62 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -637,7 +637,7 @@ object TableCommands {
       "org.apache.spark.sql.execution.datasources.SaveIntoDataSourceCommand"),
     InsertIntoHadoopFsRelationCommand,
     InsertIntoDataSourceDir.copy(classname =
-      "org.apache.spark.sql.execution.datasources.InsertIntoDataSourceDirCommand"),
+      "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand"),
     InsertIntoHiveTable,
     LoadData,
     MergeIntoTable,

From 2c2f6f9e93cad8ec436f6a658efadfe275cb0073 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 19 Apr 2023 15:48:09 +0800
Subject: [PATCH 300/760] [KYUUBI #4734] [Docs] Fix typo in docs of custom
 event handler

### _Why are the changes needed?_

- to fix typo in dependency reference in doc of custom event handler

![image](https://user-images.githubusercontent.com/1935105/233002453-76b04fc1-72a2-4171-b39f-05e558970c4f.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4734 from bowenliang123/fix-event-doc.

Closes #4734

470c6d1a8 [Bowen Liang] Update docs/extensions/server/events.rst
afbe163b3 [liangbowen] use the `release` directive
1a5542f54 [liangbowen] fix doc of custom event handler

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/extensions/server/events.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/extensions/server/events.rst b/docs/extensions/server/events.rst
index 832c1e5df..aee7d4899 100644
--- a/docs/extensions/server/events.rst
+++ b/docs/extensions/server/events.rst
@@ -51,12 +51,12 @@ To create custom EventHandlerProvider class derived from the above interface, we
 
 - Referencing the library
 
-.. code-block:: xml
+.. parsed-literal::
 
    <dependency>
       <groupId>org.apache.kyuubi</groupId>
-      <artifactId>kyuubi-event_2.12</artifactId>
-      <version>1.7.0-incubating</version>
+      <artifactId>kyuubi-events_2.12</artifactId>
+      <version>\ |release|\</version>
       <scope>provided</scope>
    </dependency>
 

From 609018a6b2f5480f7e7c5fd20e314ceaf2dc83b9 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 19 Apr 2023 17:48:14 +0800
Subject: [PATCH 301/760] [KYUUBI #4727] [DOC] kyuubi-spark-lineage has no
 transitive deps

### _Why are the changes needed?_

Update outdated docs

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4727 from pan3793/lineage-doc.

Closes #4727

b6843b282 [Cheng Pan] [DOC] kyuubi-spark-lineage has no transitive deps

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: odone <odone.zhang@gmail.com>
---
 docs/extensions/engines/spark/lineage.md        | 5 ++---
 extensions/spark/kyuubi-spark-lineage/README.md | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/extensions/engines/spark/lineage.md b/docs/extensions/engines/spark/lineage.md
index cd38be4ba..665929e9f 100644
--- a/docs/extensions/engines/spark/lineage.md
+++ b/docs/extensions/engines/spark/lineage.md
@@ -101,13 +101,12 @@ Kyuubi Spark Lineage Listener Extension is built using [Apache Maven](https://ma
 To build it, `cd` to the root direct of kyuubi project and run:
 
 ```shell
-build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -DskipTests
+build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -am -DskipTests
 ```
 
 After a while, if everything goes well, you will get the plugin finally in two parts:
 
 - The main plugin jar, which is under `./extensions/spark/kyuubi-spark-lineage/target/kyuubi-spark-lineage_${scala.binary.version}-${project.version}.jar`
-- The least transitive dependencies needed, which are under `./extensions/spark/kyuubi-spark-lineage/target/scala-${scala.binary.version}/jars`
 
 ### Build against Different Apache Spark Versions
 
@@ -118,7 +117,7 @@ Sometimes, it may be incompatible with other Spark distributions, then you may n
 For example,
 
 ```shell
-build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -DskipTests -Dspark.version=3.1.2
+build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -am -DskipTests -Dspark.version=3.1.2
 ```
 
 The available `spark.version`s are shown in the following table.
diff --git a/extensions/spark/kyuubi-spark-lineage/README.md b/extensions/spark/kyuubi-spark-lineage/README.md
index 34f2733b4..5365f2d77 100644
--- a/extensions/spark/kyuubi-spark-lineage/README.md
+++ b/extensions/spark/kyuubi-spark-lineage/README.md
@@ -26,7 +26,7 @@
 ## Build
 
 ```shell
-build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -Dspark.version=3.2.1
+build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -am -Dspark.version=3.2.1
 ```
 
 ### Supported Apache Spark Versions

From 2ed0990b7304ca5986ab116e02f7508e3d732549 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 19 Apr 2023 18:06:06 +0800
Subject: [PATCH 302/760] [KYUUBI #4676] [AUTHZ] Reuse users and namespaces in
 both tests and policy file generation

### _Why are the changes needed?_

- align the same list of users and namespaces used in tests and in policy file generation, as users and namespaces are the most important elements of Ranger policy's conditions and resources.
- help to improve and simplify the decision in Authz testing and make a clear view of what's exactly tested and authorized, and very handy and easy to see the usage link in IDE
- reduce possible abuse and untracable uses of authorized and unauthorized users, rules, resources. (We have up to 4 unauthorized users in separated tests!)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4676 from bowenliang123/authz-gen-common.

Closes #4676

dc535a4d8 [liangbowen] authz-gen-common

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../authz/gen/PolicyJsonFileGenerator.scala   |  20 +-
 .../spark/authz/gen/RangerGenWrapper.scala    |   2 +-
 .../spark/authz/PrivilegesBuilderSuite.scala  |  40 +--
 .../spark/authz/RangerTestResources.scala     |  45 +++
 .../spark/authz/SparkSessionProvider.scala    |  12 +-
 .../authz/V2CommandsPrivilegesSuite.scala     |   9 +-
 ...bergCatalogRangerSparkExtensionSuite.scala |  46 ++--
 .../ranger/RangerSparkExtensionSuite.scala    | 260 +++++++++---------
 .../ranger/SparkRangerAdminPluginSuite.scala  |  10 +-
 ...ableCatalogRangerSparkExtensionSuite.scala |  60 ++--
 .../datamasking/DataMaskingTestBase.scala     |  75 ++---
 .../rowfiltering/RowFilteringTestBase.scala   |  37 +--
 12 files changed, 329 insertions(+), 287 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
index 8dbc802b8..e53d77197 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -31,7 +31,9 @@ import org.apache.ranger.plugin.model.RangerPolicy
 // scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
-import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess.allowTypes
 import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyResource._
 import org.apache.kyuubi.plugin.spark.authz.gen.RangerAccessType._
 import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions._
@@ -127,22 +129,6 @@ class PolicyJsonFileGenerator extends AnyFunSuite {
       }
   }
 
-  // users
-  private val admin = "admin"
-  private val bob = "bob"
-  private val kent = "kent"
-  private val permViewUser = "perm_view_user"
-  private val ownerPlaceHolder = "{OWNER}"
-  private val createOnlyUser = "create_only_user"
-  private val defaultTableOwner = "default_table_owner"
-  private val permViewOnlyUser = "user_perm_view_only"
-
-  // db
-  private val defaultDb = "default"
-  private val sparkCatalog = "spark_catalog"
-  private val icebergNamespace = "iceberg_ns"
-  private val namespace1 = "ns1"
-
   // resources
   private val allDatabaseRes = databaseRes("*")
   private val allTableRes = tableRes("*")
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
index 14405f816..71bce3759 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/RangerGenWrapper.scala
@@ -22,7 +22,7 @@ import scala.language.implicitConversions
 import org.apache.ranger.plugin.model.RangerPolicy
 import org.apache.ranger.plugin.model.RangerPolicy._
 
-import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions.getRangerObject
+import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions._
 
 trait RangerObjectGenerator[T] {
   def get: T
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index e9483eb34..af4a7c262 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -30,6 +30,8 @@ import org.scalatest.{BeforeAndAfterAll, BeforeAndAfterEach}
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isSparkVersionAtMost
@@ -122,8 +124,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === "default")
-    assert(po.objectName === "default")
+    assert(po.dbname === defaultDb)
+    assert(po.objectName === defaultDb)
     assert(po.columns.isEmpty)
   }
 
@@ -365,7 +367,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === (if (isSparkV2) null else "default"))
+    assert(po.dbname === (if (isSparkV2) null else defaultDb))
     assert(po.objectName === "AlterViewAsCommand")
     checkTableOwner(po)
     assert(po.columns.isEmpty)
@@ -521,7 +523,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === (if (isSparkV2) null else "default"))
+    assert(po.dbname === (if (isSparkV2) null else defaultDb))
     assert(po.objectName === "CreateViewCommand")
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -541,7 +543,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === (if (isSparkV2) null else "default"))
+      assert(po.dbname === (if (isSparkV2) null else defaultDb))
       assert(po.objectName === tableName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -588,7 +590,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
     assert(po.catalog.isEmpty)
-    val db = if (isSparkV33OrGreater) "default" else null
+    val db = if (isSparkV33OrGreater) defaultDb else null
     assert(po.dbname === db)
     assert(po.objectName === "CreateFunctionCommand")
     assert(po.columns.isEmpty)
@@ -620,7 +622,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
     assert(po.catalog.isEmpty)
-    val db = if (isSparkV33OrGreater) "default" else null
+    val db = if (isSparkV33OrGreater) defaultDb else null
     assert(po.dbname === db)
     assert(po.objectName === "DropFunctionCommand")
     assert(po.columns.isEmpty)
@@ -641,7 +643,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
     assert(po.catalog.isEmpty)
-    val db = if (isSparkV33OrGreater) "default" else null
+    val db = if (isSparkV33OrGreater) defaultDb else null
     assert(po.dbname === db)
     assert(po.objectName === "RefreshFunctionCommand")
     assert(po.columns.isEmpty)
@@ -1267,8 +1269,8 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === "default")
-    assert(po.objectName === "default")
+    assert(po.dbname === defaultDb)
+    assert(po.objectName === defaultDb)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.ALTER)
@@ -1296,7 +1298,7 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === (if (isSparkV2) null else "default"))
+    assert(po.dbname === (if (isSparkV2) null else defaultDb))
     assert(po.objectName === "CreateDataSourceTableAsSelectCommand")
     if (catalogImpl == "hive") {
       assert(po.columns === Seq("key", "value"))
@@ -1328,7 +1330,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === "default")
+      assert(po.dbname === defaultDb)
       assert(po.objectName === t)
       assert(po.columns.head === "pid")
       checkTableOwner(po)
@@ -1350,7 +1352,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === "default")
+      assert(po.dbname === defaultDb)
       assert(po.objectName === "CreateTableCommand")
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1382,7 +1384,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === "default")
+    assert(po.dbname === defaultDb)
     assert(po.objectName === "CreateHiveTableAsSelectCommand")
     assert(po.columns === Seq("key", "value"))
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1493,7 +1495,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.INSERT)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase "default")
+        assert(po.dbname equalsIgnoreCase defaultDb)
         assert(po.objectName equalsIgnoreCase tableName)
         assert(po.columns.isEmpty)
         checkTableOwner(po)
@@ -1536,7 +1538,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.INSERT)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase "default")
+        assert(po.dbname equalsIgnoreCase defaultDb)
         assert(po.objectName equalsIgnoreCase tableName)
         assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
@@ -1618,7 +1620,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.INSERT)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase "default")
+        assert(po.dbname equalsIgnoreCase defaultDb)
         assert(po.objectName equalsIgnoreCase tableName)
         assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
@@ -1639,7 +1641,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       val po0 = in.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.dbname === "default")
+      assert(po0.dbname === defaultDb)
       assert(po0.objectName === t)
       assert(po0.columns.isEmpty)
       checkTableOwner(po0)
@@ -1665,7 +1667,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === "default")
+    assert(po.dbname === defaultDb)
     assert(po.objectName === "OptimizedCreateHiveTableAsSelectCommand")
     assert(po.columns === Seq("a"))
     val accessType = ranger.AccessType(po, operationType, isInput = false)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
new file mode 100644
index 000000000..2297f73f9
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz
+
+object RangerTestUsers {
+  // authorized users used in policy generation
+  val admin = "admin"
+  val alice = "alice"
+  val bob = "bob"
+  val kent = "kent"
+  val permViewUser = "perm_view_user"
+  val ownerPlaceHolder = "{OWNER}"
+  val createOnlyUser = "create_only_user"
+  val defaultTableOwner = "default_table_owner"
+  val permViewOnlyUser = "user_perm_view_only"
+
+  // non-authorized users
+  val invisibleUser = "i_am_invisible"
+  val denyUser = "denyuser"
+  val denyUser2 = "denyuser2"
+  val someone = "someone"
+}
+
+object RangerTestNamespace {
+  val defaultDb = "default"
+  val sparkCatalog = "spark_catalog"
+  val icebergNamespace = "iceberg_ns"
+  val namespace1 = "ns1"
+  val namespace2 = "ns2"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index ce8d6bc0c..6b1087930 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -26,6 +26,7 @@ import org.apache.spark.sql.{DataFrame, Row, SparkSession, SparkSessionExtension
 import org.scalatest.Assertions.convertToEqualizer
 
 import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 trait SparkSessionProvider {
@@ -39,7 +40,6 @@ trait SparkSessionProvider {
   protected val extension: SparkSessionExtensions => Unit = _ => Unit
   protected val sqlExtensions: String = ""
 
-  protected val defaultTableOwner = "default_table_owner"
   protected val extraSparkConf: SparkConf = new SparkConf()
 
   protected lazy val spark: SparkSession = {
@@ -83,12 +83,12 @@ trait SparkSessionProvider {
       f
     } finally {
       res.foreach {
-        case (t, "table") => doAs("admin", sql(s"DROP TABLE IF EXISTS $t"))
-        case (db, "database") => doAs("admin", sql(s"DROP DATABASE IF EXISTS $db"))
-        case (fn, "function") => doAs("admin", sql(s"DROP FUNCTION IF EXISTS $fn"))
-        case (view, "view") => doAs("admin", sql(s"DROP VIEW IF EXISTS $view"))
+        case (t, "table") => doAs(admin, sql(s"DROP TABLE IF EXISTS $t"))
+        case (db, "database") => doAs(admin, sql(s"DROP DATABASE IF EXISTS $db"))
+        case (fn, "function") => doAs(admin, sql(s"DROP FUNCTION IF EXISTS $fn"))
+        case (view, "view") => doAs(admin, sql(s"DROP VIEW IF EXISTS $view"))
         case (cacheTable, "cache") => if (isSparkV32OrGreater) {
-            doAs("admin", sql(s"UNCACHE TABLE IF EXISTS $cacheTable"))
+            doAs(admin, sql(s"UNCACHE TABLE IF EXISTS $cacheTable"))
           }
         case (_, e) =>
           throw new RuntimeException(s"the resource whose resource type is $e cannot be cleared")
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index dede81426..0ad6b3fea 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -23,6 +23,7 @@ import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.execution.QueryExecution
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
 import org.apache.kyuubi.plugin.spark.authz.serde.{Database, DB_COMMAND_SPECS}
 
@@ -688,8 +689,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.get === sparkSessionCatalogName)
-    assert(po.dbname === "default")
-    assert(po.objectName === "default")
+    assert(po.dbname === defaultDb)
+    assert(po.objectName === defaultDb)
     assert(po.columns.isEmpty)
   }
 
@@ -732,8 +733,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.get === sparkSessionCatalogName)
-    assert(po.dbname === "default")
-    assert(po.objectName === "default")
+    assert(po.dbname === defaultDb)
+    assert(po.objectName === defaultDb)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.ALTER)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index 6b1cedf78..ba6992362 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -23,6 +23,8 @@ import org.scalatest.Outcome
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 
 /**
  * Tests for RangerSparkExtensionSuite
@@ -36,7 +38,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
     else ""
 
   val catalogV2 = "local"
-  val namespace1 = "iceberg_ns"
+  val namespace1 = icebergNamespace
   val table1 = "table1"
   val outputTable1 = "outputTable1"
 
@@ -57,18 +59,18 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
 
       super.beforeAll()
 
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1" +
           " (id int, name string, city string) USING iceberg"))
 
       doAs(
-        "admin",
+        admin,
         sql(s"INSERT INTO $catalogV2.$namespace1.$table1" +
           " (id , name , city ) VALUES (1, 'liangbowen','Guangzhou')"))
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
           " (id int, name string, city string) USING iceberg"))
     }
@@ -93,7 +95,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
     // MergeIntoTable:  Using a MERGE INTO Statement
     val e1 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(mergeIntoSql)))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1/id]"))
@@ -104,7 +106,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
         true)
       val e2 = intercept[AccessControlException](
         doAs(
-          "someone",
+          someone,
           sql(mergeIntoSql)))
       assert(e2.getMessage.contains(s"does not have" +
         s" [select] privilege" +
@@ -116,21 +118,21 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
         false)
     }
 
-    doAs("admin", sql(mergeIntoSql))
+    doAs(admin, sql(mergeIntoSql))
   }
 
   test("[KYUUBI #3515] UPDATE TABLE") {
     // UpdateTable
     val e1 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"UPDATE $catalogV2.$namespace1.$table1 SET city='Guangzhou' " +
           " WHERE id=1")))
     assert(e1.getMessage.contains(s"does not have [update] privilege" +
       s" on [$namespace1/$table1]"))
 
     doAs(
-      "admin",
+      admin,
       sql(s"UPDATE $catalogV2.$namespace1.$table1 SET city='Guangzhou' " +
         " WHERE id=1"))
   }
@@ -138,11 +140,11 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   test("[KYUUBI #3515] DELETE FROM TABLE") {
     // DeleteFromTable
     val e6 = intercept[AccessControlException](
-      doAs("someone", sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2")))
+      doAs(someone, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2")))
     assert(e6.getMessage.contains(s"does not have [update] privilege" +
       s" on [$namespace1/$table1]"))
 
-    doAs("admin", sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2"))
+    doAs(admin, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2"))
   }
 
   test("[KYUUBI #3666] Support {OWNER} variable for queries run on CatalogV2") {
@@ -163,7 +165,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
         }.isSuccess))
 
       doAs(
-        "create_only_user", {
+        createOnlyUser, {
           val e = intercept[AccessControlException](sql(select).collect())
           assert(e.getMessage === errorMessage("select", s"$namespace1/$table/key"))
         })
@@ -178,17 +180,17 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
       (s"$catalogV2.default.src", "table"),
       (s"$catalogV2.default.outputTable2", "table"))) {
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.default.src" +
           " (id int, name string, key string) USING iceberg"))
       doAs(
-        "admin",
+        admin,
         sql(s"INSERT INTO $catalogV2.default.src" +
           " (id , name , key ) VALUES " +
           "(1, 'liangbowen1','10')" +
           ", (2, 'liangbowen2','20')"))
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable2" +
           " (id int, name string, key string) USING iceberg"))
 
@@ -200,20 +202,20 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
            |WHEN NOT MATCHED THEN INSERT (id, name, key) VALUES (source.id, source.name, source.key)
         """.stripMargin
 
-      doAs("admin", sql(mergeIntoSql))
+      doAs(admin, sql(mergeIntoSql))
       doAs(
-        "admin", {
+        admin, {
           val countOutputTable =
             sql(s"select count(1) from $catalogV2.$namespace1.$outputTable2").collect()
           val rowCount = countOutputTable(0).get(0)
           assert(rowCount === 2)
         })
-      doAs("admin", sql(s"truncate table $catalogV2.$namespace1.$outputTable2"))
+      doAs(admin, sql(s"truncate table $catalogV2.$namespace1.$outputTable2"))
 
       // source table with row filter `key`<20
-      doAs("bob", sql(mergeIntoSql))
+      doAs(bob, sql(mergeIntoSql))
       doAs(
-        "admin", {
+        admin, {
           val countOutputTable =
             sql(s"select count(1) from $catalogV2.$namespace1.$outputTable2").collect()
           val rowCount = countOutputTable(0).get(0)
@@ -224,7 +226,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
 
   test("[KYUUBI #4255] DESCRIBE TABLE") {
     val e1 = intercept[AccessControlException](
-      doAs("someone", sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
+      doAs(someone, sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1]"))
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index beef36d5d..6424832ea 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -31,6 +31,8 @@ import org.scalatest.BeforeAndAfterAll
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessionProvider}
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.getFieldVal
 
@@ -88,7 +90,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
   }
 
   test("[KYUUBI #3226] RuleAuthorization: Should check privileges once only.") {
-    val logicalPlan = doAs("admin", sql("SHOW TABLES").queryExecution.logical)
+    val logicalPlan = doAs(admin, sql("SHOW TABLES").queryExecution.logical)
     val rule = new RuleAuthorization(spark)
 
     (1 until 10).foreach { i =>
@@ -116,7 +118,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     withCleanTmpResources(Seq((testTable, "table"))) {
       // create tmp table
       doAs(
-        "admin", {
+        admin, {
           sql(create)
 
           // session1: first query, should auth once.[LogicalRelation]
@@ -155,18 +157,18 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     val e = intercept[AccessControlException](sql(create))
     assert(e.getMessage === errorMessage("create", "mydb"))
     withCleanTmpResources(Seq((testDb, "database"))) {
-      doAs("admin", assert(Try { sql(create) }.isSuccess))
-      doAs("admin", assert(Try { sql(alter) }.isSuccess))
+      doAs(admin, assert(Try { sql(create) }.isSuccess))
+      doAs(admin, assert(Try { sql(alter) }.isSuccess))
       val e1 = intercept[AccessControlException](sql(alter))
       assert(e1.getMessage === errorMessage("alter", "mydb"))
       val e2 = intercept[AccessControlException](sql(drop))
       assert(e2.getMessage === errorMessage("drop", "mydb"))
-      doAs("kent", Try(sql("SHOW DATABASES")).isSuccess)
+      doAs(kent, Try(sql("SHOW DATABASES")).isSuccess)
     }
   }
 
   test("auth: tables") {
-    val db = "default"
+    val db = defaultDb
     val table = "src"
     val col = "key"
 
@@ -178,14 +180,14 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     assert(e.getMessage === errorMessage("create"))
 
     withCleanTmpResources(Seq((s"$db.$table", "table"))) {
-      doAs("bob", assert(Try { sql(create0) }.isSuccess))
-      doAs("bob", assert(Try { sql(alter0) }.isSuccess))
+      doAs(bob, assert(Try { sql(create0) }.isSuccess))
+      doAs(bob, assert(Try { sql(alter0) }.isSuccess))
 
       val e1 = intercept[AccessControlException](sql(drop0))
       assert(e1.getMessage === errorMessage("drop"))
-      doAs("bob", assert(Try { sql(alter0) }.isSuccess))
-      doAs("bob", assert(Try { sql(select).collect() }.isSuccess))
-      doAs("kent", assert(Try { sql(s"SELECT key FROM $db.$table").collect() }.isSuccess))
+      doAs(bob, assert(Try { sql(alter0) }.isSuccess))
+      doAs(bob, assert(Try { sql(select).collect() }.isSuccess))
+      doAs(kent, assert(Try { sql(s"SELECT key FROM $db.$table").collect() }.isSuccess))
 
       Seq(
         select,
@@ -196,10 +198,10 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
         s"SELECT key FROM $db.$table WHERE value in (SELECT value as key FROM $db.$table)")
         .foreach { q =>
           doAs(
-            "kent", {
+            kent, {
               withClue(q) {
                 val e = intercept[AccessControlException](sql(q).collect())
-                assert(e.getMessage === errorMessage("select", "default/src/value", "kent"))
+                assert(e.getMessage === errorMessage("select", "default/src/value", kent))
               }
             })
         }
@@ -207,15 +209,15 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
   }
 
   test("auth: functions") {
-    val db = "default"
+    val db = defaultDb
     val func = "func"
     val create0 = s"CREATE FUNCTION IF NOT EXISTS $db.$func AS 'abc.mnl.xyz'"
     doAs(
-      "kent", {
+      kent, {
         val e = intercept[AccessControlException](sql(create0))
         assert(e.getMessage === errorMessage("create", "default/func"))
       })
-    doAs("admin", assert(Try(sql(create0)).isSuccess))
+    doAs(admin, assert(Try(sql(create0)).isSuccess))
   }
 
   test("show tables") {
@@ -226,14 +228,14 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
         (s"$db.$table", "table"),
         (s"$db.${table}for_show", "table"),
         (s"$db", "database"))) {
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $db"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.$table (key int) USING $format"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.${table}for_show (key int) USING $format"))
-
-      doAs("admin", assert(sql(s"show tables from $db").collect().length === 2))
-      doAs("bob", assert(sql(s"show tables from $db").collect().length === 0))
-      doAs("i_am_invisible", assert(sql(s"show tables from $db").collect().length === 0))
-      doAs("i_am_invisible", assert(sql(s"show tables from $db").limit(1).isEmpty))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $db"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.$table (key int) USING $format"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.${table}for_show (key int) USING $format"))
+
+      doAs(admin, assert(sql(s"show tables from $db").collect().length === 2))
+      doAs(bob, assert(sql(s"show tables from $db").collect().length === 0))
+      doAs(invisibleUser, assert(sql(s"show tables from $db").collect().length === 0))
+      doAs(invisibleUser, assert(sql(s"show tables from $db").limit(1).isEmpty))
     }
   }
 
@@ -241,19 +243,19 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     val db = "default2"
 
     withCleanTmpResources(Seq((db, "database"))) {
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $db"))
-      doAs("admin", assert(sql(s"SHOW DATABASES").collect().length == 2))
-      doAs("admin", assert(sql(s"SHOW DATABASES").collectAsList().get(0).getString(0) == "default"))
-      doAs("admin", assert(sql(s"SHOW DATABASES").collectAsList().get(1).getString(0) == s"$db"))
-
-      doAs("bob", assert(sql(s"SHOW DATABASES").collect().length == 1))
-      doAs("bob", assert(sql(s"SHOW DATABASES").collectAsList().get(0).getString(0) == "default"))
-      doAs("i_am_invisible", assert(sql(s"SHOW DATABASES").limit(1).isEmpty))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $db"))
+      doAs(admin, assert(sql(s"SHOW DATABASES").collect().length == 2))
+      doAs(admin, assert(sql(s"SHOW DATABASES").collectAsList().get(0).getString(0) == defaultDb))
+      doAs(admin, assert(sql(s"SHOW DATABASES").collectAsList().get(1).getString(0) == s"$db"))
+
+      doAs(bob, assert(sql(s"SHOW DATABASES").collect().length == 1))
+      doAs(bob, assert(sql(s"SHOW DATABASES").collectAsList().get(0).getString(0) == defaultDb))
+      doAs(invisibleUser, assert(sql(s"SHOW DATABASES").limit(1).isEmpty))
     }
   }
 
   test("show functions") {
-    val default = "default"
+    val default = defaultDb
     val db3 = "default3"
     val function1 = "function1"
 
@@ -261,41 +263,41 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
       (s"$default.$function1", "function"),
       (s"$db3.$function1", "function"),
       (db3, "database"))) {
-      doAs("admin", sql(s"CREATE FUNCTION $function1 AS 'Function1'"))
-      doAs("admin", assert(sql(s"show user functions $default.$function1").collect().length == 1))
-      doAs("bob", assert(sql(s"show user functions $default.$function1").collect().length == 0))
+      doAs(admin, sql(s"CREATE FUNCTION $function1 AS 'Function1'"))
+      doAs(admin, assert(sql(s"show user functions $default.$function1").collect().length == 1))
+      doAs(bob, assert(sql(s"show user functions $default.$function1").collect().length == 0))
 
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $db3"))
-      doAs("admin", sql(s"CREATE FUNCTION $db3.$function1 AS 'Function1'"))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $db3"))
+      doAs(admin, sql(s"CREATE FUNCTION $db3.$function1 AS 'Function1'"))
 
-      doAs("admin", assert(sql(s"show user functions $db3.$function1").collect().length == 1))
-      doAs("bob", assert(sql(s"show user functions $db3.$function1").collect().length == 0))
+      doAs(admin, assert(sql(s"show user functions $db3.$function1").collect().length == 1))
+      doAs(bob, assert(sql(s"show user functions $db3.$function1").collect().length == 0))
 
-      doAs("admin", assert(sql(s"show system functions").collect().length > 0))
-      doAs("bob", assert(sql(s"show system functions").collect().length > 0))
+      doAs(admin, assert(sql(s"show system functions").collect().length > 0))
+      doAs(bob, assert(sql(s"show system functions").collect().length > 0))
 
-      val adminSystemFunctionCount = doAs("admin", sql(s"show system functions").collect().length)
-      val bobSystemFunctionCount = doAs("bob", sql(s"show system functions").collect().length)
+      val adminSystemFunctionCount = doAs(admin, sql(s"show system functions").collect().length)
+      val bobSystemFunctionCount = doAs(bob, sql(s"show system functions").collect().length)
       assert(adminSystemFunctionCount == bobSystemFunctionCount)
     }
   }
 
   test("show columns") {
-    val db = "default"
+    val db = defaultDb
     val table = "src"
     val col = "key"
     val create = s"CREATE TABLE IF NOT EXISTS $db.$table ($col int, value int) USING $format"
 
     withCleanTmpResources(Seq((s"$db.$table", "table"))) {
-      doAs("admin", sql(create))
+      doAs(admin, sql(create))
 
-      doAs("admin", assert(sql(s"SHOW COLUMNS IN $table").count() == 2))
-      doAs("admin", assert(sql(s"SHOW COLUMNS IN $db.$table").count() == 2))
-      doAs("admin", assert(sql(s"SHOW COLUMNS IN $table IN $db").count() == 2))
+      doAs(admin, assert(sql(s"SHOW COLUMNS IN $table").count() == 2))
+      doAs(admin, assert(sql(s"SHOW COLUMNS IN $db.$table").count() == 2))
+      doAs(admin, assert(sql(s"SHOW COLUMNS IN $table IN $db").count() == 2))
 
-      doAs("kent", assert(sql(s"SHOW COLUMNS IN $table").count() == 1))
-      doAs("kent", assert(sql(s"SHOW COLUMNS IN $db.$table").count() == 1))
-      doAs("kent", assert(sql(s"SHOW COLUMNS IN $table IN $db").count() == 1))
+      doAs(kent, assert(sql(s"SHOW COLUMNS IN $table").count() == 1))
+      doAs(kent, assert(sql(s"SHOW COLUMNS IN $db.$table").count() == 1))
+      doAs(kent, assert(sql(s"SHOW COLUMNS IN $table IN $db").count() == 1))
     }
   }
 
@@ -310,24 +312,24 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
       (s"$db.${table}_select2", "table"),
       (s"$db.${table}_select3", "table"),
       (s"$db", "database"))) {
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $db"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_use1 (key int) USING $format"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_use2 (key int) USING $format"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_select1 (key int) USING $format"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_select2 (key int) USING $format"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_select3 (key int) USING $format"))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $db"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_use1 (key int) USING $format"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_use2 (key int) USING $format"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_select1 (key int) USING $format"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_select2 (key int) USING $format"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.${table}_select3 (key int) USING $format"))
 
       doAs(
-        "admin",
+        admin,
         assert(sql(s"show table extended from $db like '$table*'").collect().length === 5))
       doAs(
-        "bob",
+        bob,
         assert(sql(s"show tables from $db").collect().length === 5))
       doAs(
-        "bob",
+        bob,
         assert(sql(s"show table extended from $db like '$table*'").collect().length === 3))
       doAs(
-        "i_am_invisible",
+        invisibleUser,
         assert(sql(s"show table extended from $db like '$table*'").collect().length === 0))
     }
   }
@@ -339,48 +341,48 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     val globalTempView2 = "global_temp_view2"
 
     // create or replace view
-    doAs("denyuser", sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)"))
+    doAs(denyUser, sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)"))
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE GLOBAL TEMPORARY VIEW $globalTempView AS SELECT * FROM values(1)"))
 
     // rename view
-    doAs("denyuser2", sql(s"ALTER VIEW $tempView RENAME TO $tempView2"))
+    doAs(denyUser2, sql(s"ALTER VIEW $tempView RENAME TO $tempView2"))
     doAs(
-      "denyuser2",
+      denyUser2,
       sql(s"ALTER VIEW global_temp.$globalTempView RENAME TO global_temp.$globalTempView2"))
 
-    doAs("admin", sql(s"DROP VIEW IF EXISTS $tempView2"))
-    doAs("admin", sql(s"DROP VIEW IF EXISTS global_temp.$globalTempView2"))
-    doAs("admin", assert(sql("show tables from global_temp").collect().length == 0))
+    doAs(admin, sql(s"DROP VIEW IF EXISTS $tempView2"))
+    doAs(admin, sql(s"DROP VIEW IF EXISTS global_temp.$globalTempView2"))
+    doAs(admin, assert(sql("show tables from global_temp").collect().length == 0))
   }
 
   test("[KYUUBI #3426] Drop temp view should be skipped permission check") {
     val tempView = "temp_view"
     val globalTempView = "global_temp_view"
-    doAs("denyuser", sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)"))
+    doAs(denyUser, sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)"))
 
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE OR REPLACE TEMPORARY VIEW $tempView" +
         s" AS select * from values(1)"))
 
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE GLOBAL TEMPORARY VIEW $globalTempView AS SELECT * FROM values(1)"))
 
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE OR REPLACE GLOBAL TEMPORARY VIEW $globalTempView" +
         s" AS select * from values(1)"))
 
     // global_temp will contain the temporary view, even if it is not global
-    doAs("admin", assert(sql("show tables from global_temp").collect().length == 2))
+    doAs(admin, assert(sql("show tables from global_temp").collect().length == 2))
 
-    doAs("denyuser2", sql(s"DROP VIEW IF EXISTS $tempView"))
-    doAs("denyuser2", sql(s"DROP VIEW IF EXISTS global_temp.$globalTempView"))
+    doAs(denyUser2, sql(s"DROP VIEW IF EXISTS $tempView"))
+    doAs(denyUser2, sql(s"DROP VIEW IF EXISTS global_temp.$globalTempView"))
 
-    doAs("admin", assert(sql("show tables from global_temp").collect().length == 0))
+    doAs(admin, assert(sql("show tables from global_temp").collect().length == 0))
   }
 
   test("[KYUUBI #3428] AlterViewAsCommand should be skipped permission check") {
@@ -388,26 +390,26 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     val globalTempView = "global_temp_view"
 
     // create or replace view
-    doAs("denyuser", sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)"))
+    doAs(denyUser, sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)"))
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE OR REPLACE TEMPORARY VIEW $tempView" +
         s" AS select * from values(1)"))
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE GLOBAL TEMPORARY VIEW $globalTempView AS SELECT * FROM values(1)"))
     doAs(
-      "denyuser",
+      denyUser,
       sql(s"CREATE OR REPLACE GLOBAL TEMPORARY VIEW $globalTempView" +
         s" AS select * from values(1)"))
 
     // rename view
-    doAs("denyuser2", sql(s"ALTER VIEW $tempView AS SELECT * FROM values(1)"))
-    doAs("denyuser2", sql(s"ALTER VIEW global_temp.$globalTempView AS SELECT * FROM values(1)"))
+    doAs(denyUser2, sql(s"ALTER VIEW $tempView AS SELECT * FROM values(1)"))
+    doAs(denyUser2, sql(s"ALTER VIEW global_temp.$globalTempView AS SELECT * FROM values(1)"))
 
-    doAs("admin", sql(s"DROP VIEW IF EXISTS $tempView"))
-    doAs("admin", sql(s"DROP VIEW IF EXISTS global_temp.$globalTempView"))
-    doAs("admin", assert(sql("show tables from global_temp").collect().length == 0))
+    doAs(admin, sql(s"DROP VIEW IF EXISTS $tempView"))
+    doAs(admin, sql(s"DROP VIEW IF EXISTS global_temp.$globalTempView"))
+    doAs(admin, assert(sql("show tables from global_temp").collect().length == 0))
   }
 
   test("[KYUUBI #3343] pass temporary view creation") {
@@ -416,28 +418,28 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
 
     withTempView(tempView) {
       doAs(
-        "denyuser",
+        denyUser,
         assert(Try(sql(s"CREATE TEMPORARY VIEW $tempView AS select * from values(1)")).isSuccess))
 
       doAs(
-        "denyuser",
+        denyUser,
         Try(sql(s"CREATE OR REPLACE TEMPORARY VIEW $tempView" +
           s" AS select * from values(1)")).isSuccess)
     }
 
     withGlobalTempView(globalTempView) {
       doAs(
-        "denyuser",
+        denyUser,
         Try(
           sql(
             s"CREATE GLOBAL TEMPORARY VIEW $globalTempView AS SELECT * FROM values(1)")).isSuccess)
 
       doAs(
-        "denyuser",
+        denyUser,
         Try(sql(s"CREATE OR REPLACE GLOBAL TEMPORARY VIEW $globalTempView" +
           s" AS select * from values(1)")).isSuccess)
     }
-    doAs("admin", assert(sql("show tables from global_temp").collect().length == 0))
+    doAs(admin, assert(sql("show tables from global_temp").collect().length == 0))
   }
 }
 
@@ -450,9 +452,9 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   test("table stats must be specified") {
     val table = "hive_src"
     withCleanTmpResources(Seq((table, "table"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $table (id int)"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $table (id int)"))
       doAs(
-        "admin", {
+        admin, {
           val hiveTableRelation = sql(s"SELECT * FROM $table")
             .queryExecution.optimizedPlan.collectLeaves().head.asInstanceOf[HiveTableRelation]
           assert(getFieldVal[Option[Statistics]](hiveTableRelation, "tableStats").nonEmpty)
@@ -463,9 +465,9 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   test("HiveTableRelation should be able to be converted to LogicalRelation") {
     val table = "hive_src"
     withCleanTmpResources(Seq((table, "table"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $table (id int) STORED AS PARQUET"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $table (id int) STORED AS PARQUET"))
       doAs(
-        "admin", {
+        admin, {
           val relation = sql(s"SELECT * FROM $table")
             .queryExecution.optimizedPlan.collectLeaves().head
           assert(relation.isInstanceOf[LogicalRelation])
@@ -483,7 +485,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       (s"$db.$table1", "table"),
       (s"$db", "database"))) {
       doAs(
-        "admin", {
+        admin, {
           sql(s"CREATE DATABASE IF NOT EXISTS $db")
           sql(s"CREATE TABLE IF NOT EXISTS $db.$table1(id int) STORED AS PARQUET")
           sql(s"INSERT INTO $db.$table1 SELECT 1")
@@ -504,16 +506,16 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       (adminPermView, "view"),
       (permView, "view"),
       (table, "table"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $table (id int)"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $table (id int)"))
 
-      doAs("admin", sql(s"CREATE VIEW ${adminPermView} AS SELECT * FROM $table"))
+      doAs(admin, sql(s"CREATE VIEW ${adminPermView} AS SELECT * FROM $table"))
 
       val e1 = intercept[AccessControlException](
-        doAs("someone", sql(s"CREATE VIEW $permView AS SELECT 1 as a")))
+        doAs(someone, sql(s"CREATE VIEW $permView AS SELECT 1 as a")))
       assert(e1.getMessage.contains(s"does not have [create] privilege on [default/$permView]"))
 
       val e2 = intercept[AccessControlException](
-        doAs("someone", sql(s"CREATE VIEW $permView AS SELECT * FROM $table")))
+        doAs(someone, sql(s"CREATE VIEW $permView AS SELECT * FROM $table")))
       if (isSparkV32OrGreater) {
         assert(e2.getMessage.contains(s"does not have [select] privilege on [default/$table/id]"))
       } else {
@@ -523,20 +525,20 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("[KYUUBI #3326] check persisted view and skip shadowed table") {
-    val db1 = "default"
+    val db1 = defaultDb
     val table = "hive_src"
     val permView = "perm_view"
 
     withCleanTmpResources(Seq(
       (s"$db1.$table", "table"),
       (s"$db1.$permView", "view"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
-      doAs("admin", sql(s"CREATE VIEW $db1.$permView AS SELECT * FROM $db1.$table"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      doAs(admin, sql(s"CREATE VIEW $db1.$permView AS SELECT * FROM $db1.$table"))
 
       // KYUUBI #3326: with no privileges to the permanent view or the source table
       val e1 = intercept[AccessControlException](
         doAs(
-          "someone", {
+          someone, {
             sql(s"select * from $db1.$permView").collect()
           }))
       if (isSparkV31OrGreater) {
@@ -548,16 +550,16 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("KYUUBI #4504: query permanent view with privilege to permanent view only") {
-    val db1 = "default"
+    val db1 = defaultDb
     val table = "hive_src"
     val permView = "perm_view"
-    val userPermViewOnly = "user_perm_view_only"
+    val userPermViewOnly = permViewOnlyUser
 
     withCleanTmpResources(Seq(
       (s"$db1.$table", "table"),
       (s"$db1.$permView", "view"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
-      doAs("admin", sql(s"CREATE VIEW $db1.$permView AS SELECT * FROM $db1.$table"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      doAs(admin, sql(s"CREATE VIEW $db1.$permView AS SELECT * FROM $db1.$table"))
 
       // query all columns of the permanent view
       // with access privileges to the permanent view but no privilege to the source table
@@ -582,7 +584,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("[KYUUBI #3371] support throws all disallowed privileges in exception") {
-    val db1 = "default"
+    val db1 = defaultDb
     val srcTable1 = "hive_src1"
     val srcTable2 = "hive_src2"
     val sinkTable1 = "hive_sink1"
@@ -592,17 +594,17 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       (s"$db1.$srcTable2", "table"),
       (s"$db1.$sinkTable1", "table"))) {
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $db1.$srcTable1" +
           s" (id int, name string, city string)"))
 
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $db1.$srcTable2" +
           s" (id int, age int)"))
 
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $db1.$sinkTable1" +
           s" (id int, age int, name string, city string)"))
 
@@ -611,14 +613,14 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
         s" FROM $db1.$srcTable1 as tb1" +
         s" JOIN $db1.$srcTable2 as tb2" +
         s" on tb1.id = tb2.id"
-      val e1 = intercept[AccessControlException](doAs("someone", sql(insertSql1)))
+      val e1 = intercept[AccessControlException](doAs(someone, sql(insertSql1)))
       assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$srcTable1/id]"))
 
       try {
         SparkRangerAdminPlugin.getRangerConf.setBoolean(
           s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
           true)
-        val e2 = intercept[AccessControlException](doAs("someone", sql(insertSql1)))
+        val e2 = intercept[AccessControlException](doAs(someone, sql(insertSql1)))
         assert(e2.getMessage.contains(s"does not have" +
           s" [select] privilege on" +
           s" [$db1/$srcTable1/id,$db1/$srcTable1/name,$db1/$srcTable1/city," +
@@ -637,7 +639,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   test("[KYUUBI #3411] skip checking cache table") {
     if (isSparkV32OrGreater) { // cache table sql supported since 3.2.0
 
-      val db1 = "default"
+      val db1 = defaultDb
       val srcTable1 = "hive_src1"
       val cacheTable1 = "cacheTable1"
       val cacheTable2 = "cacheTable2"
@@ -652,23 +654,23 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
         (s"$db1.$cacheTable4", "cache"))) {
 
         doAs(
-          "admin",
+          admin,
           sql(s"CREATE TABLE IF NOT EXISTS $db1.$srcTable1" +
             s" (id int, name string, city string)"))
 
         val e1 = intercept[AccessControlException](
-          doAs("someone", sql(s"CACHE TABLE $cacheTable2 select * from $db1.$srcTable1")))
+          doAs(someone, sql(s"CACHE TABLE $cacheTable2 select * from $db1.$srcTable1")))
         assert(
           e1.getMessage.contains(s"does not have [select] privilege on [$db1/$srcTable1/id]"))
 
-        doAs("admin", sql(s"CACHE TABLE $cacheTable3 SELECT 1 AS a, 2 AS b "))
-        doAs("someone", sql(s"CACHE TABLE $cacheTable4 select 1 as a, 2 as b "))
+        doAs(admin, sql(s"CACHE TABLE $cacheTable3 SELECT 1 AS a, 2 AS b "))
+        doAs(someone, sql(s"CACHE TABLE $cacheTable4 select 1 as a, 2 as b "))
       }
     }
   }
 
   test("[KYUUBI #3608] Support {OWNER} variable for queries") {
-    val db = "default"
+    val db = defaultDb
     val table = "owner_variable"
 
     val select = s"SELECT key FROM $db.$table"
@@ -687,7 +689,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
         }.isSuccess))
 
       doAs(
-        "create_only_user", {
+        createOnlyUser, {
           val e = intercept[AccessControlException](sql(select).collect())
           assert(e.getMessage === errorMessage("select", s"$db/$table/key"))
         })
@@ -701,22 +703,22 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       Seq(
         (s"$db.$table", "table"),
         (s"$db", "database"))) {
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $db"))
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db.$table (key int) USING $format"))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $db"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db.$table (key int) USING $format"))
       sql("SHOW DATABASES").queryExecution.optimizedPlan.stats
       sql(s"SHOW TABLES IN $db").queryExecution.optimizedPlan.stats
     }
   }
 
   test("[KYUUBI #4658] insert overwrite hive directory") {
-    val db1 = "default"
+    val db1 = defaultDb
     val table = "src"
 
     withCleanTmpResources(Seq((s"$db1.$table", "table"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
       val e = intercept[AccessControlException](
         doAs(
-          "someone",
+          someone,
           sql(
             s"""INSERT OVERWRITE DIRECTORY '/tmp/test_dir' ROW FORMAT DELIMITED FIELDS
                | TERMINATED BY ','
@@ -726,14 +728,14 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("[KYUUBI #4658] insert overwrite datasource directory") {
-    val db1 = "default"
+    val db1 = defaultDb
     val table = "src"
 
     withCleanTmpResources(Seq((s"$db1.$table", "table"))) {
-      doAs("admin", sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table (id int, name string)"))
       val e = intercept[AccessControlException](
         doAs(
-          "someone",
+          someone,
           sql(
             s"""INSERT OVERWRITE DIRECTORY '/tmp/test_dir'
                | USING parquet
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala
index 3338a3314..301ae87c5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPluginSuite.scala
@@ -22,6 +22,8 @@ import org.apache.hadoop.security.UserGroupInformation
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.SparkRangerAdminPlugin._
 
 class SparkRangerAdminPluginSuite extends AnyFunSuite {
@@ -29,13 +31,13 @@ class SparkRangerAdminPluginSuite extends AnyFunSuite {
 
   test("get filter expression") {
     val bob = UserGroupInformation.createRemoteUser("bob")
-    val are = AccessResource(ObjectType.TABLE, "default", "src", null)
+    val are = AccessResource(ObjectType.TABLE, defaultDb, "src", null)
     def buildAccessRequest(ugi: UserGroupInformation): AccessRequest = {
       AccessRequest(are, ugi, OperationType.QUERY, AccessType.SELECT)
     }
     val maybeString = getFilterExpr(buildAccessRequest(bob))
     assert(maybeString.get === "key<20")
-    Seq("admin", "alice").foreach { user =>
+    Seq(admin, alice).foreach { user =>
       val ugi = UserGroupInformation.createRemoteUser(user)
       val maybeString = getFilterExpr(buildAccessRequest(ugi))
       assert(maybeString.isEmpty)
@@ -45,7 +47,7 @@ class SparkRangerAdminPluginSuite extends AnyFunSuite {
   test("get data masker") {
     val bob = UserGroupInformation.createRemoteUser("bob")
     def buildAccessRequest(ugi: UserGroupInformation, column: String): AccessRequest = {
-      val are = AccessResource(ObjectType.COLUMN, "default", "src", column)
+      val are = AccessResource(ObjectType.COLUMN, defaultDb, "src", column)
       AccessRequest(are, ugi, OperationType.QUERY, AccessType.SELECT)
     }
     assert(getMaskingExpr(buildAccessRequest(bob, "value1")).get === "md5(cast(value1 as string))")
@@ -59,7 +61,7 @@ class SparkRangerAdminPluginSuite extends AnyFunSuite {
       "left(value5, length(value5) - 4), '[A-Z]', 'X'), '[a-z]', 'x')," +
       " '[0-9]', 'n'), '[^A-Za-z0-9]', 'U'), right(value5, 4))")
 
-    Seq("admin", "alice").foreach { user =>
+    Seq(admin, alice).foreach { user =>
       val ugi = UserGroupInformation.createRemoteUser(user)
       val maybeString = getMaskingExpr(buildAccessRequest(ugi, "value1"))
       assert(maybeString.isEmpty)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 73a13bc1c..07fe0ae5a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -22,6 +22,8 @@ import scala.util.Try
 
 // scalastyle:off
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 
 /**
  * Tests for RangerSparkExtensionSuite
@@ -32,8 +34,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
   val catalogV2 = "testcat"
   val jdbcCatalogV2 = "jdbc2"
-  val namespace1 = "ns1"
-  val namespace2 = "ns2"
   val table1 = "table1"
   val table2 = "table2"
   val outputTable1 = "outputTable1"
@@ -54,13 +54,13 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
       super.beforeAll()
 
-      doAs("admin", sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1" +
           " (id int, name string, city string)"))
       doAs(
-        "admin",
+        admin,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
           " (id int, name string, city string)"))
     }
@@ -82,7 +82,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     // create database
     val e1 = intercept[AccessControlException](
-      doAs("someone", sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace2").explain()))
+      doAs(someone, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace2").explain()))
     assert(e1.getMessage.contains(s"does not have [create] privilege" +
       s" on [$namespace2]"))
   }
@@ -92,7 +92,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     // create database
     val e1 = intercept[AccessControlException](
-      doAs("someone", sql(s"DROP DATABASE IF EXISTS $catalogV2.$namespace2").explain()))
+      doAs(someone, sql(s"DROP DATABASE IF EXISTS $catalogV2.$namespace2").explain()))
     assert(e1.getMessage.contains(s"does not have [drop] privilege" +
       s" on [$namespace2]"))
   }
@@ -102,7 +102,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     // select
     val e1 = intercept[AccessControlException](
-      doAs("someone", sql(s"select city, id from $catalogV2.$namespace1.$table1").explain()))
+      doAs(someone, sql(s"select city, id from $catalogV2.$namespace1.$table1").explain()))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1/city]"))
   }
@@ -110,7 +110,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   test("[KYUUBI #4255] DESCRIBE TABLE") {
     assume(isSparkV31OrGreater)
     val e1 = intercept[AccessControlException](
-      doAs("someone", sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
+      doAs(someone, sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1]"))
   }
@@ -120,14 +120,14 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     // CreateTable
     val e2 = intercept[AccessControlException](
-      doAs("someone", sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2")))
+      doAs(someone, sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2")))
     assert(e2.getMessage.contains(s"does not have [create] privilege" +
       s" on [$namespace1/$table2]"))
 
     // CreateTableAsSelect
     val e21 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2" +
           s" AS select * from $catalogV2.$namespace1.$table1")))
     assert(e21.getMessage.contains(s"does not have [select] privilege" +
@@ -139,7 +139,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     // DropTable
     val e3 = intercept[AccessControlException](
-      doAs("someone", sql(s"DROP TABLE $catalogV2.$namespace1.$table1")))
+      doAs(someone, sql(s"DROP TABLE $catalogV2.$namespace1.$table1")))
     assert(e3.getMessage.contains(s"does not have [drop] privilege" +
       s" on [$namespace1/$table1]"))
   }
@@ -150,7 +150,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // AppendData: Insert Using a VALUES Clause
     val e4 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"INSERT INTO $catalogV2.$namespace1.$outputTable1 (id, name, city)" +
           s" VALUES (1, 'bowenliang123', 'Guangzhou')")))
     assert(e4.getMessage.contains(s"does not have [update] privilege" +
@@ -159,7 +159,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // AppendData: Insert Using a TABLE Statement
     val e42 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"INSERT INTO $catalogV2.$namespace1.$outputTable1 (id, name, city)" +
           s" TABLE $catalogV2.$namespace1.$table1")))
     assert(e42.getMessage.contains(s"does not have [select] privilege" +
@@ -168,7 +168,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // AppendData: Insert Using a SELECT Statement
     val e43 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"INSERT INTO $catalogV2.$namespace1.$outputTable1 (id, name, city)" +
           s" SELECT * from $catalogV2.$namespace1.$table1")))
     assert(e43.getMessage.contains(s"does not have [select] privilege" +
@@ -177,7 +177,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // OverwriteByExpression: Insert Overwrite
     val e44 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"INSERT OVERWRITE $catalogV2.$namespace1.$outputTable1 (id, name, city)" +
           s" VALUES (1, 'bowenliang123', 'Guangzhou')")))
     assert(e44.getMessage.contains(s"does not have [update] privilege" +
@@ -199,7 +199,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // MergeIntoTable:  Using a MERGE INTO Statement
     val e1 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(mergeIntoSql)))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1/id]"))
@@ -210,7 +210,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
         true)
       val e2 = intercept[AccessControlException](
         doAs(
-          "someone",
+          someone,
           sql(mergeIntoSql)))
       assert(e2.getMessage.contains(s"does not have" +
         s" [select] privilege" +
@@ -229,7 +229,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // UpdateTable
     val e5 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"UPDATE $catalogV2.$namespace1.$table1 SET city='Hangzhou' " +
           " WHERE id=1")))
     assert(e5.getMessage.contains(s"does not have [update] privilege" +
@@ -241,7 +241,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     // DeleteFromTable
     val e6 = intercept[AccessControlException](
-      doAs("someone", sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=1")))
+      doAs(someone, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=1")))
     assert(e6.getMessage.contains(s"does not have [update] privilege" +
       s" on [$namespace1/$table1]"))
   }
@@ -252,7 +252,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // CacheTable
     val e7 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"CACHE TABLE $cacheTable1" +
           s" AS select * from $catalogV2.$namespace1.$table1")))
     if (isSparkV32OrGreater) {
@@ -269,7 +269,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     val e1 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"TRUNCATE TABLE $catalogV2.$namespace1.$table1")))
     assert(e1.getMessage.contains(s"does not have [update] privilege" +
       s" on [$namespace1/$table1]"))
@@ -280,7 +280,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
 
     val e1 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"MSCK REPAIR TABLE $catalogV2.$namespace1.$table1")))
     assert(e1.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1/$table1]"))
@@ -292,7 +292,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // AddColumns
     val e61 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"ALTER TABLE $catalogV2.$namespace1.$table1 ADD COLUMNS (age int) ").explain()))
     assert(e61.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1/$table1]"))
@@ -300,7 +300,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // DropColumns
     val e62 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"ALTER TABLE $catalogV2.$namespace1.$table1 DROP COLUMNS city ").explain()))
     assert(e62.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1/$table1]"))
@@ -308,7 +308,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // RenameColumn
     val e63 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"ALTER TABLE $catalogV2.$namespace1.$table1 RENAME COLUMN city TO city2 ").explain()))
     assert(e63.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1/$table1]"))
@@ -316,7 +316,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // AlterColumn
     val e64 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"ALTER TABLE $catalogV2.$namespace1.$table1 " +
           s"ALTER COLUMN city COMMENT 'city' ")))
     assert(e64.getMessage.contains(s"does not have [alter] privilege" +
@@ -329,7 +329,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // CommentOnNamespace
     val e1 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"COMMENT ON DATABASE $catalogV2.$namespace1 IS 'xYz' ").explain()))
     assert(e1.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1]"))
@@ -337,7 +337,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // CommentOnNamespace
     val e2 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"COMMENT ON NAMESPACE $catalogV2.$namespace1 IS 'xYz' ").explain()))
     assert(e2.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1]"))
@@ -345,7 +345,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     // CommentOnTable
     val e3 = intercept[AccessControlException](
       doAs(
-        "someone",
+        someone,
         sql(s"COMMENT ON TABLE $catalogV2.$namespace1.$table1 IS 'xYz' ").explain()))
     assert(e3.getMessage.contains(s"does not have [alter] privilege" +
       s" on [$namespace1/$table1]"))
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
index 29a709311..bae269e7a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -17,16 +17,17 @@
 
 package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
-// scalastyle:off
 import java.sql.Timestamp
 
 import scala.util.Try
 
+// scalastyle:off
 import org.apache.commons.codec.digest.DigestUtils.md5Hex
 import org.apache.spark.sql.{Row, SparkSessionExtensions}
 import org.scalatest.BeforeAndAfterAll
 import org.scalatest.funsuite.AnyFunSuite
 
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
 import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
 
@@ -75,18 +76,18 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   }
 
   override def beforeAll(): Unit = {
-    doAs("admin", setup())
+    doAs(admin, setup())
     super.beforeAll()
   }
   override def afterAll(): Unit = {
-    doAs("admin", cleanup())
+    doAs(admin, cleanup())
     spark.stop
     super.afterAll()
   }
 
   test("simple query with a user doesn't have mask rules") {
     checkAnswer(
-      "kent",
+      kent,
       "SELECT key FROM default.src order by key",
       Seq(Row(1), Row(10), Row(11), Row(20), Row(30)))
   }
@@ -95,12 +96,12 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     val result =
       Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
     checkAnswer(
-      "bob",
+      bob,
       "SELECT value1, value2, value3, value4, value5 FROM default.src " +
         "where key = 1",
       result)
     checkAnswer(
-      "bob",
+      bob,
       "SELECT value1 as key, value2, value3, value4, value5 FROM default.src where key = 1",
       result)
   }
@@ -108,14 +109,14 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   test("star") {
     val result =
       Seq(Row(1, md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
-    checkAnswer("bob", "SELECT * FROM default.src where key = 1", result)
+    checkAnswer(bob, "SELECT * FROM default.src where key = 1", result)
   }
 
   test("simple udf") {
     val result =
       Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
     checkAnswer(
-      "bob",
+      bob,
       "SELECT max(value1), max(value2), max(value3), max(value4), max(value5) FROM default.src" +
         " where key = 1",
       result)
@@ -125,7 +126,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     val result =
       Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
     checkAnswer(
-      "bob",
+      bob,
       "SELECT coalesce(max(value1), 1), coalesce(max(value2), 1), coalesce(max(value3), 1), " +
         "coalesce(max(value4), timestamp '2018-01-01 22:33:44'), coalesce(max(value5), 1) " +
         "FROM default.src where key = 1",
@@ -136,7 +137,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     val result =
       Seq(Row(md5Hex("1"), "xxxxx", "worlx", Timestamp.valueOf("2018-01-01 00:00:00"), "Xorld"))
     checkAnswer(
-      "bob",
+      bob,
       "SELECT value1, value2, value3, value4, value5 FROM default.src WHERE value2 in " +
         "(SELECT value2 as key FROM default.src where key = 1)",
       result)
@@ -145,59 +146,59 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   test("create a unmasked table as select from a masked one") {
     withCleanTmpResources(Seq(("default.src2", "table"))) {
       doAs(
-        "bob",
+        bob,
         sql(s"CREATE TABLE default.src2 $format AS SELECT value1 FROM default.src " +
           s"where key = 1"))
-      checkAnswer("bob", "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1"))))
+      checkAnswer(bob, "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1"))))
     }
   }
 
   test("insert into a unmasked table from a masked one") {
     withCleanTmpResources(Seq(("default.src2", "table"), ("default.src3", "table"))) {
-      doAs("bob", sql(s"CREATE TABLE default.src2 (value1 string) $format"))
+      doAs(bob, sql(s"CREATE TABLE default.src2 (value1 string) $format"))
       doAs(
-        "bob",
+        bob,
         sql(s"INSERT INTO default.src2 SELECT value1 from default.src " +
           s"where key = 1"))
       doAs(
-        "bob",
+        bob,
         sql(s"INSERT INTO default.src2 SELECT value1 as v from default.src " +
           s"where key = 1"))
-      checkAnswer("bob", "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
-      doAs("bob", sql(s"CREATE TABLE default.src3 (k int, value string) $format"))
+      checkAnswer(bob, "SELECT value1 FROM default.src2", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
+      doAs(bob, sql(s"CREATE TABLE default.src3 (k int, value string) $format"))
       doAs(
-        "bob",
+        bob,
         sql(s"INSERT INTO default.src3 SELECT key, value1 from default.src  " +
           s"where key = 1"))
       doAs(
-        "bob",
+        bob,
         sql(s"INSERT INTO default.src3 SELECT key, value1 as v from default.src " +
           s"where key = 1"))
-      checkAnswer("bob", "SELECT value FROM default.src3", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
+      checkAnswer(bob, "SELECT value FROM default.src3", Seq(Row(md5Hex("1")), Row(md5Hex("1"))))
     }
   }
 
   test("join on an unmasked table") {
     val s = "SELECT a.value1, b.value1 FROM default.src a" +
       " join default.unmasked b on a.value1=b.value1"
-    checkAnswer("bob", s, Nil)
-    checkAnswer("bob", s, Nil) // just for testing query multiple times, don't delete it
+    checkAnswer(bob, s, Nil)
+    checkAnswer(bob, s, Nil) // just for testing query multiple times, don't delete it
   }
 
   test("self join on a masked table") {
     val s = "SELECT a.value1, b.value1 FROM default.src a" +
       " join default.src b on a.value1=b.value1 where a.key = 1 and b.key = 1 "
-    checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    checkAnswer(bob, s, Seq(Row(md5Hex("1"), md5Hex("1"))))
     // just for testing query multiple times, don't delete it
-    checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    checkAnswer(bob, s, Seq(Row(md5Hex("1"), md5Hex("1"))))
   }
 
   test("self join on a masked table and filter the masked column with original value") {
     val s = "SELECT a.value1, b.value1 FROM default.src a" +
       " join default.src b on a.value1=b.value1" +
       " where a.value1='1' and b.value1='1'"
-    checkAnswer("bob", s, Nil)
-    checkAnswer("bob", s, Nil) // just for testing query multiple times, don't delete it
+    checkAnswer(bob, s, Nil)
+    checkAnswer(bob, s, Nil) // just for testing query multiple times, don't delete it
   }
 
   test("self join on a masked table and filter the masked column with masked value") {
@@ -245,7 +246,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     //                  +- DataMaskingStage0Marker Relation default.src[key#60,value1#61,value2#62,value3#63,value4#64,value5#65] parquet
     //                     +- Project [key#153, md5(cast(cast(value1#154 as string) as binary)) AS value1#148, regexp_replace(regexp_replace(regexp_replace(value2#155, [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1) AS value2#149, regexp_replace(regexp_replace(regexp_replace(value3#156, [A-Z], X, 5), [a-z], x, 5), [0-9], n, 5) AS value3#150, date_trunc(YEAR, value4#157, Some(Asia/Shanghai)) AS value4#151, concat(regexp_replace(regexp_replace(regexp_replace(left(value5#158, (length(value5#158) - 4)), [A-Z], X, 1), [a-z], x, 1), [0-9], n, 1), right(value5#158, 4)) AS value5#152]
     //                        +- Relation default.src[key#153,value1#154,value2#155,value3#156,value4#157,value5#158] parquet
-    // checkAnswer("bob", s, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    // checkAnswer(bob, s, Seq(Row(md5Hex("1"), md5Hex("1"))))
     //
     //
     // scalastyle:on
@@ -254,9 +255,9 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     val s2 = "SELECT a.value1, b.value1 FROM default.src a" +
       " join default.src b on a.value1=b.value1" +
       s" where a.value2='xxxxx' and b.value2='xxxxx'"
-    checkAnswer("bob", s2, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    checkAnswer(bob, s2, Seq(Row(md5Hex("1"), md5Hex("1"))))
     // just for testing query multiple times, don't delete it
-    checkAnswer("bob", s2, Seq(Row(md5Hex("1"), md5Hex("1"))))
+    checkAnswer(bob, s2, Seq(Row(md5Hex("1"), md5Hex("1"))))
   }
 
   test("union an unmasked table") {
@@ -267,30 +268,30 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
           (SELECT b.value1 FROM default.unmasked b)
       ) c order by value1
       """
-    doAs("bob", sql(s).show)
-    checkAnswer("bob", s, Seq(Row("1"), Row("2"), Row("3"), Row("4"), Row("5"), Row(md5Hex("1"))))
+    doAs(bob, sql(s).show)
+    checkAnswer(bob, s, Seq(Row("1"), Row("2"), Row("3"), Row("4"), Row("5"), Row(md5Hex("1"))))
   }
 
   test("union a masked table") {
     val s = "SELECT a.value1 FROM default.src a where a.key = 1 union" +
       " (SELECT b.value1 FROM default.src b where b.key = 1)"
-    checkAnswer("bob", s, Seq(Row(md5Hex("1"))))
+    checkAnswer(bob, s, Seq(Row(md5Hex("1"))))
   }
 
   test("KYUUBI #3581: permanent view should lookup rule on itself not the raw table") {
     assume(isSparkV31OrGreater)
     val supported = doAs(
-      "perm_view_user",
+      permViewUser,
       Try(sql("CREATE OR REPLACE VIEW default.perm_view AS SELECT * FROM default.src")).isSuccess)
     assume(supported, s"view support for '$format' has not been implemented yet")
 
     withCleanTmpResources(Seq(("default.perm_view", "view"))) {
       checkAnswer(
-        "perm_view_user",
+        permViewUser,
         "SELECT value1, value2 FROM default.src where key = 1",
         Seq(Row(1, "hello")))
       checkAnswer(
-        "perm_view_user",
+        permViewUser,
         "SELECT value1, value2 FROM default.perm_view where key = 1",
         Seq(Row(md5Hex("1"), "hello")))
     }
@@ -303,7 +304,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
     val s2 = s"SELECT * FROM default.src where key = 11"
     // scalastyle:off
     checkAnswer(
-      "bob",
+      bob,
       s1,
       Seq(Row(
         10,
@@ -313,7 +314,7 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
         Timestamp.valueOf("2018-01-01 00:00:00"),
         "xxxxxUXXXXUnnnUUUUUUXUUUUUUUUUア叶葉엽")))
     checkAnswer(
-      "bob",
+      bob,
       s2,
       Seq(Row(
         11,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
index a73690724..3236c97b1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
@@ -24,6 +24,7 @@ import org.apache.spark.sql.{Row, SparkSessionExtensions}
 import org.scalatest.BeforeAndAfterAll
 import org.scalatest.funsuite.AnyFunSuite
 
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
 import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
 
@@ -47,72 +48,72 @@ trait RowFilteringTestBase extends AnyFunSuite with SparkSessionProvider with Be
   }
 
   override def beforeAll(): Unit = {
-    doAs("admin", setup())
+    doAs(admin, setup())
     super.beforeAll()
   }
   override def afterAll(): Unit = {
-    doAs("admin", cleanup())
+    doAs(admin, cleanup())
     spark.stop
     super.afterAll()
   }
 
   test("user without row filtering rule") {
     checkAnswer(
-      "kent",
+      kent,
       "SELECT key FROM default.src order order by key",
       Seq(Row(1), Row(20), Row(30)))
   }
 
   test("simple query projecting filtering column") {
-    checkAnswer("bob", "SELECT key FROM default.src", Seq(Row(1)))
+    checkAnswer(bob, "SELECT key FROM default.src", Seq(Row(1)))
   }
 
   test("simple query projecting non filtering column") {
-    checkAnswer("bob", "SELECT value FROM default.src", Seq(Row(1)))
+    checkAnswer(bob, "SELECT value FROM default.src", Seq(Row(1)))
   }
 
   test("simple query projecting non filtering column with udf max") {
-    checkAnswer("bob", "SELECT max(value) FROM default.src", Seq(Row(1)))
+    checkAnswer(bob, "SELECT max(value) FROM default.src", Seq(Row(1)))
   }
 
   test("simple query projecting non filtering column with udf coalesce") {
-    checkAnswer("bob", "SELECT coalesce(max(value), 1) FROM default.src", Seq(Row(1)))
+    checkAnswer(bob, "SELECT coalesce(max(value), 1) FROM default.src", Seq(Row(1)))
   }
 
   test("in subquery") {
     checkAnswer(
-      "bob",
+      bob,
       "SELECT value FROM default.src WHERE value in (SELECT value as key FROM default.src)",
       Seq(Row(1)))
   }
 
   test("ctas") {
     withCleanTmpResources(Seq(("default.src2", "table"))) {
-      doAs("bob", sql(s"CREATE TABLE default.src2 $format AS SELECT value FROM default.src"))
+      doAs(bob, sql(s"CREATE TABLE default.src2 $format AS SELECT value FROM default.src"))
       val query = "select value from default.src2"
-      checkAnswer("admin", query, Seq(Row(1)))
-      checkAnswer("bob", query, Seq(Row(1)))
+      checkAnswer(admin, query, Seq(Row(1)))
+      checkAnswer(bob, query, Seq(Row(1)))
     }
   }
 
   test("[KYUUBI #3581]: row level filter on permanent view") {
     assume(isSparkV31OrGreater)
     val supported = doAs(
-      "perm_view_user",
+      permViewUser,
       Try(sql("CREATE OR REPLACE VIEW default.perm_view AS SELECT * FROM default.src")).isSuccess)
     assume(supported, s"view support for '$format' has not been implemented yet")
 
     withCleanTmpResources(Seq((s"default.perm_view", "view"))) {
       checkAnswer(
-        "admin",
+        admin,
         "SELECT key FROM default.perm_view order order by key",
         Seq(Row(1), Row(20), Row(30)))
-      checkAnswer("bob", "SELECT key FROM default.perm_view", Seq(Row(1)))
-      checkAnswer("bob", "SELECT value FROM default.perm_view", Seq(Row(1)))
-      checkAnswer("bob", "SELECT max(value) FROM default.perm_view", Seq(Row(1)))
-      checkAnswer("bob", "SELECT coalesce(max(value), 1) FROM default.perm_view", Seq(Row(1)))
+      checkAnswer(bob, "SELECT key FROM default.perm_view", Seq(Row(1)))
+      checkAnswer(bob, "SELECT value FROM default.perm_view", Seq(Row(1)))
+      checkAnswer(bob, "SELECT max(value) FROM default.perm_view", Seq(Row(1)))
+      checkAnswer(bob, "SELECT coalesce(max(value), 1) FROM default.perm_view", Seq(Row(1)))
       checkAnswer(
-        "bob",
+        bob,
         "SELECT value FROM default.perm_view WHERE value in " +
           "(SELECT value as key FROM default.perm_view)",
         Seq(Row(1)))

From cba1be97399c2f8370fd1120059916511591e2cf Mon Sep 17 00:00:00 2001
From: packyan <packyande@gmail.com>
Date: Thu, 20 Apr 2023 09:41:08 +0800
Subject: [PATCH 303/760] [KYUUBI #4717] [AUTHZ] Check Authz plugin's spec json
 files in UT

### _Why are the changes needed?_

to close #4715

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4717 from packyan/imporve_authz_spec_json_should_be_generated_in_each_build.

Closes #4717

88e70daa7 [Deng An] Update JsonSpecFileGenerator.scala
d195a6db7 [Deng An] Merge branch 'master' into imporve_authz_spec_json_should_be_generated_in_each_build
a078c8c53 [packyan] add ut for check or generate spec json files.

Lead-authored-by: packyan <packyande@gmail.com>
Co-authored-by: Deng An <36296995+packyan@users.noreply.github.com>
Co-authored-by: Deng An <packy@Dengs-MBP.lan>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../authz/gen/JsonSpecFileGenerator.scala     | 55 ++++++++++++++-----
 1 file changed, 41 insertions(+), 14 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index 7c7ed138b..c95685f34 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -18,37 +18,64 @@
 package org.apache.kyuubi.plugin.spark.authz.gen
 
 import java.nio.charset.StandardCharsets
-import java.nio.file.{Files, Paths}
+import java.nio.file.{Files, Paths, StandardOpenOption}
+
+import org.apache.commons.io.FileUtils
+//scalastyle:off
+import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.serde.{mapper, CommandSpec}
 
 /**
  * Generates the default command specs to src/main/resources dir.
  *
- * Usage:
- * mvn scala:run -DmainClass=this class -pl :kyuubi-spark-authz_2.12
+ * To run the test suite:
+ * build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
+ * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator
+ *
+ * To regenerate the ranger policy file:
+ * KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
+ * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator
  */
-object JsonSpecFileGenerator {
 
-  def main(args: Array[String]): Unit = {
+class JsonSpecFileGenerator extends AnyFunSuite {
+  // scalastyle:on
+  test("check spec json files") {
     writeCommandSpecJson("database", DatabaseCommands.data)
     writeCommandSpecJson("table", TableCommands.data ++ IcebergCommands.data)
     writeCommandSpecJson("function", FunctionCommands.data)
     writeCommandSpecJson("scan", Scans.data)
   }
 
-  def writeCommandSpecJson[T <: CommandSpec](commandType: String, specArr: Array[T]): Unit = {
+  def writeCommandSpecJson[T <: CommandSpec](
+      commandType: String,
+      specArr: Array[T]): Unit = {
     val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
       .split("target").head
     val filename = s"${commandType}_command_spec.json"
-    val writer = {
-      val p = Paths.get(pluginHome, "src", "main", "resources", filename)
-      Files.newBufferedWriter(p, StandardCharsets.UTF_8)
+    val filePath = Paths.get(pluginHome, "src", "main", "resources", filename)
+
+    val generatedStr = mapper.writerWithDefaultPrettyPrinter()
+      .writeValueAsString(specArr.sortBy(_.classname))
+
+    if (sys.env.get("KYUUBI_UPDATE").contains("1")) {
+      // scalastyle:off println
+      println(s"writing ${specArr.length} specs to $filename")
+      // scalastyle:on println
+      Files.write(
+        filePath,
+        generatedStr.getBytes(StandardCharsets.UTF_8),
+        StandardOpenOption.CREATE,
+        StandardOpenOption.TRUNCATE_EXISTING)
+    } else {
+      val existedFileContent =
+        FileUtils.readFileToString(filePath.toFile, StandardCharsets.UTF_8)
+      withClue(s"Check $filename failed. Please regenerate the ranger policy file by running"
+        + "`KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy"
+        + " -pl :kyuubi-spark-authz_2.12 -Dtest=none"
+        + " -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator`.") {
+        assert(generatedStr.equals(existedFileContent))
+      }
     }
-    // scalastyle:off println
-    println(s"writing ${specArr.length} specs to $filename")
-    // scalastyle:on println
-    mapper.writerWithDefaultPrettyPrinter().writeValue(writer, specArr.sortBy(_.classname))
-    writer.close()
   }
 }

From c6571344b9623f7db7acaeb04bfcc2eeecb493e1 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 20 Apr 2023 17:44:15 +0800
Subject: [PATCH 304/760] [KYUUBI #4737] Restore Project & Community Status in
 README.md

### _Why are the changes needed?_

This PR adds back those Project & Community Status badges to readme

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

https://github.com/apache/kyuubi/tree/yaooqinn-patch-2#project--community-status

Closes #4737 from yaooqinn/yaooqinn-patch-2.

Closes #4737

128f802fc [Kent Yao] Restore Project & Community Status in README.md

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 README.md | 55 ++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 43efc4c66..976d2d7c7 100644
--- a/README.md
+++ b/README.md
@@ -20,20 +20,20 @@
 </p>
 
 <p align="center">
+  <a href="https://github.com/apache/kyuubi/blob/master/LICENSE">
+    <img src="https://img.shields.io/github/license/apache/kyuubi?style=plastic" />
+  </a>
   <a href="https://kyuubi.apache.org/releases.html">
-    <img src="https://img.shields.io/github/v/release/apache/kyuubi" />
+    <img src="https://img.shields.io/github/v/release/apache/kyuubi?style=plastic" />
   </a>
-  <a href="https://github.com/apache/kyuubi/pulls">
-    <img src="https://img.shields.io/github/issues-pr-closed/apache/kyuubi" />
-  </a>
-  <a href="https://github.com/apache/kyuubi/pulse">
-    <img src="https://img.shields.io/tokei/lines/github/apache/kyuubi" />
+  <a href="https://hub.docker.com/r/apache/kyuubi">
+    <img src="https://img.shields.io/docker/pulls/apache/kyuubi?style=plastic">
   </a>
   <a href="https://github.com/apache/kyuubi/graphs/contributors">
-    <img src="https://img.shields.io/github/contributors/apache/kyuubi" />
+    <img src="https://img.shields.io/github/contributors/apache/kyuubi?style=plastic" />
   </a>
   <a class="github-button" href="https://github.com/apache/kyuubi" data-icon="octicon-star" aria-label="Star apache/kyuubi on GitHub">
-    <img src="https://img.shields.io/github/stars/apache/kyuubi?style=social" />
+    <img src="https://img.shields.io/github/stars/apache/kyuubi?style=plastic" />
   </a>
 </p>
 <p align="center">
@@ -49,8 +49,6 @@
 Apache Kyuubi™ is a distributed and multi-tenant gateway to provide serverless
 SQL on data warehouses and lakehouses.
 
-<https://kyuubi.apache.org/>
-
 ## What is Kyuubi?
 
 Kyuubi provides a pure SQL gateway through Thrift JDBC/ODBC interface for end-users to manipulate large-scale data with pre-programmed and extensible Spark SQL engines. This "out-of-the-box" model minimizes the barriers and costs for end-users to use Spark at the client side. At the server-side, Kyuubi server and engines' multi-tenant architecture provides the administrators a way to achieve computing resource isolation, data security, high availability, high client concurrency, etc.
@@ -105,11 +103,7 @@ and others would not be possible without your help.
 
 ![](./docs/imgs/kyuubi_ecosystem.drawio.png)
 
-## Online Documentation
-
-Since Kyuubi 1.3.0-incubating, the Kyuubi online documentation is hosted by [https://kyuubi.apache.org/](https://kyuubi.apache.org/).
-You can find the latest Kyuubi documentation on [this web page](https://kyuubi.readthedocs.io/en/master/).
-For 1.2 and earlier versions, please check the [Readthedocs](https://kyuubi.readthedocs.io/en/v1.2.0/) directly.
+## Online Documentation <a href='https://kyuubi.readthedocs.io/en/master/?badge=master?style=plastic'> <img src='https://readthedocs.org/projects/kyuubi/badge/?version=master' alt='Documentation Status' /> </a>
 
 ## Quick Start
 
@@ -117,9 +111,32 @@ Ready? [Getting Started](https://kyuubi.readthedocs.io/en/master/quick_start/) w
 
 ## [Contributing](./CONTRIBUTING.md)
 
-## Contributor over time
+## Project & Community Status
 
-[![Contributor over time](https://contributor-graph-api.apiseven.com/contributors-svg?chart=contributorOverTime&repo=apache/kyuubi)](https://api7.ai/contributor-graph?chart=contributorOverTime&repo=apache/kyuubi)
+<p align="center">
+  <a href="https://github.com/apache/kyuubi/issues?q=is%3Aissue+is%3Aclosed">
+    <img src="http://isitmaintained.com/badge/resolution/apache/kyuubi.svg" />
+  </a>
+  <a href="https://github.com/apache/kyuubi/issues">
+    <img src="http://isitmaintained.com/badge/open/apache/incubator-kyuubi.svg" />
+  </a>
+  <a href="https://github.com/apache/kyuubi/pulls">
+    <img src="https://img.shields.io/github/issues-pr-closed/apache/kyuubi?style=plastic" />
+  </a>
+  <img src="https://img.shields.io/github/commit-activity/y/apache/kyuubi?style=plastic">
+  <img src="https://img.shields.io/github/commit-activity/m/apache/kyuubi?style=plastic">
+  <img src="https://codecov.io/gh/apache/kyuubi/branch/master/graph/badge.svg" />
+  <a href="https://github.com/apache/kyuubi/actions/workflows/master.yml">
+    <img src="https://img.shields.io/github/actions/workflow/status/apache/kyuubi/master.yml?style=plastic">
+  </a>
+  <img src="https://img.shields.io/github/languages/top/apache/kyuubi?style=plastic">
+  <a href="https://github.com/apache/kyuubi/pulse">
+    <img src="https://img.shields.io/tokei/lines/github/apache/kyuubi?style=plastic" />
+  </a>
+</p>
+<p align="center">
+  <img src="https://contributor-graph-api.apiseven.com/contributors-svg?chart=contributorOverTime&repo=apache/kyuubi" />
+</p>
 
 ## Aside
 
@@ -127,7 +144,3 @@ The project took its name from a character of a popular Japanese manga - `Naruto
 The character is named `Kyuubi Kitsune/Kurama`, which is a nine-tailed fox in mythology.
 `Kyuubi` spread the power and spirit of fire, which is used here to represent the powerful [Apache Spark](http://spark.apache.org).
 Its nine tails stand for end-to-end multi-tenancy support of this project.
-
-## License
-
-This project is licensed under the Apache 2.0 License. See the [LICENSE](./LICENSE) file for details.

From ec8596c9eee9b31c8d715ee4f53d53cd8b441304 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 20 Apr 2023 17:47:52 +0800
Subject: [PATCH 305/760] [KYUUBI #4731] Support batch session conf advisor

### _Why are the changes needed?_

As title.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4731 from turboFei/batch_session_conf_overlay.

Closes #4731

5cf73d1db [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../session/KyuubiBatchSessionImpl.scala      | 23 +++++++++++++++----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
index 228890a1e..94859a08c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
@@ -68,14 +68,27 @@ class KyuubiBatchSessionImpl(
   override val sessionIdleTimeoutThreshold: Long =
     sessionManager.getConf.get(KyuubiConf.BATCH_SESSION_IDLE_TIMEOUT)
 
-  // TODO: Support batch conf advisor
   override val normalizedConf: Map[String, String] = {
     sessionConf.getBatchConf(batchRequest.getBatchType) ++
       sessionManager.validateBatchConf(batchRequest.getConf.asScala.toMap)
   }
 
+  private val optimizedConf: Map[String, String] = {
+    val confOverlay = sessionManager.sessionConfAdvisor.getConfOverlay(
+      user,
+      normalizedConf.asJava)
+    if (confOverlay != null) {
+      val overlayConf = new KyuubiConf(false)
+      confOverlay.asScala.foreach { case (k, v) => overlayConf.set(k, v) }
+      normalizedConf ++ overlayConf.getBatchConf(batchRequest.getBatchType)
+    } else {
+      warn(s"the server plugin return null value for user: $user, ignore it")
+      normalizedConf
+    }
+  }
+
   override lazy val name: Option[String] = Option(batchRequest.getName).orElse(
-    normalizedConf.get(KyuubiConf.SESSION_NAME.key))
+    optimizedConf.get(KyuubiConf.SESSION_NAME.key))
 
   // whether the resource file is from uploading
   private[kyuubi] val isResourceUploaded: Boolean = batchRequest.getConf
@@ -88,7 +101,7 @@ class KyuubiBatchSessionImpl(
       name.orNull,
       batchRequest.getResource,
       batchRequest.getClassName,
-      normalizedConf,
+      optimizedConf,
       batchRequest.getArgs.asScala,
       recoveryMetadata)
 
@@ -115,7 +128,7 @@ class KyuubiBatchSessionImpl(
   override def checkSessionAccessPathURIs(): Unit = {
     KyuubiApplicationManager.checkApplicationAccessPaths(
       batchRequest.getBatchType,
-      normalizedConf,
+      optimizedConf,
       sessionManager.getConf)
     if (batchRequest.getResource != SparkProcessBuilder.INTERNAL_RESOURCE
       && !isResourceUploaded) {
@@ -140,7 +153,7 @@ class KyuubiBatchSessionImpl(
         resource = batchRequest.getResource,
         className = batchRequest.getClassName,
         requestName = name.orNull,
-        requestConf = normalizedConf,
+        requestConf = optimizedConf,
         requestArgs = batchRequest.getArgs.asScala,
         createTime = createTime,
         engineType = batchRequest.getBatchType,

From b4d67e48372ea670d31170908ca59e6b9c7b7bc6 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Thu, 20 Apr 2023 17:54:06 +0800
Subject: [PATCH 306/760] [KYUUBI #4713][TEST] Fix false positive result in
 SchedulerPoolSuite (#4714)

### _Why are the changes needed?_

fix issuse https://github.com/apache/kyuubi/issues/4713


### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4714 from huangzhir/fixtest-schedulerpool.

Closes #4713

Authored-by: huangzhir <306824224@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/SchedulerPoolSuite.scala     | 53 ++++++++++---------
 1 file changed, 28 insertions(+), 25 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
index af8c90cf2..43bd3f4db 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.engine.spark
 
 import java.util.concurrent.Executors
 
+import scala.concurrent.duration.SECONDS
+
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobEnd, SparkListenerJobStart}
 import org.scalatest.concurrent.PatienceConfiguration.Timeout
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
@@ -76,33 +78,34 @@ class SchedulerPoolSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
       eventually(Timeout(3.seconds)) {
         assert(job0Started)
       }
-      Seq(1, 0).foreach { priority =>
-        threads.execute(() => {
-          priority match {
-            case 0 =>
-              withJdbcStatement() { statement =>
-                statement.execute("SET kyuubi.operation.scheduler.pool=p0")
-                statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
-                  "FROM range(1, 3, 1, 2)")
-              }
-
-            case 1 =>
-              withJdbcStatement() { statement =>
-                statement.execute("SET kyuubi.operation.scheduler.pool=p1")
-                statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
-                  " FROM range(1, 3, 1, 2)")
-              }
-          }
-        })
+      threads.execute(() => {
+        // job name job1
+        withJdbcStatement() { statement =>
+          statement.execute("SET kyuubi.operation.scheduler.pool=p1")
+          statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
+            " FROM range(1, 3, 1, 2)")
+        }
+      })
+      // make sure job1 started before job2
+      eventually(Timeout(2.seconds)) {
+        assert(job1StartTime > 0)
       }
+
+      threads.execute(() => {
+        // job name job2
+        withJdbcStatement() { statement =>
+          statement.execute("SET kyuubi.operation.scheduler.pool=p0")
+          statement.execute("SELECT java_method('java.lang.Thread', 'sleep', 1500l)" +
+            "FROM range(1, 3, 1, 2)")
+        }
+      })
       threads.shutdown()
-      eventually(Timeout(20.seconds)) {
-        // We can not ensure that job1 is started before job2 so here using abs.
-        assert(Math.abs(job1StartTime - job2StartTime) < 1000)
-        // Job1 minShare is 2(total resource) so that job2 should be allocated tasks after
-        // job1 finished.
-        assert(job2FinishTime - job1FinishTime >= 1000)
-      }
+      threads.awaitTermination(20, SECONDS)
+      // job1 should be started before job2
+      assert(job1StartTime < job2StartTime)
+      // job2 minShare is 2(total resource) so that job1 should be allocated tasks after
+      // job2 finished.
+      assert(job2FinishTime < job1FinishTime)
     } finally {
       spark.sparkContext.removeSparkListener(listener)
     }

From f4a56efec24d8ecfc0c6f3c025f658017f7ca1d0 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Thu, 20 Apr 2023 17:57:22 +0800
Subject: [PATCH 307/760] [KYUUBI #3652][UI] Add Kyuubi Server Management page

### _Why are the changes needed?_

Close #3652

Add Kyuubi Server Management page

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

![popo_2023-04-18  14-41-43](https://user-images.githubusercontent.com/52876270/232692881-4f1228df-ccc7-4cfb-8dfb-33ff00f3a194.jpg)

Closes #4726 from zwangsheng/KYUUBI_3652.

Closes #3652

702bb5505 [zwangsheng] remvoe usless code
15f8214f2 [zwangsheng] [KYUUBI #3652][UI] Add Kyuubi Server Manangement page

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/src/api/server/index.ts  | 25 +++++++++
 .../web-ui/src/locales/en_US/index.ts         |  1 +
 .../web-ui/src/locales/zh_CN/index.ts         |  3 +-
 kyuubi-server/web-ui/src/router/index.ts      |  2 +
 .../web-ui/src/router/server/index.ts         | 26 ++++++++++
 .../views/layout/components/aside/types.ts    | 10 ++++
 .../views/server/server-statistics/index.vue  | 52 +++++++++++++++++++
 7 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-server/web-ui/src/api/server/index.ts
 create mode 100644 kyuubi-server/web-ui/src/router/server/index.ts
 create mode 100644 kyuubi-server/web-ui/src/views/server/server-statistics/index.vue

diff --git a/kyuubi-server/web-ui/src/api/server/index.ts b/kyuubi-server/web-ui/src/api/server/index.ts
new file mode 100644
index 000000000..e2d74d7db
--- /dev/null
+++ b/kyuubi-server/web-ui/src/api/server/index.ts
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import request from '@/utils/request'
+
+export function getAllServer() {
+  return request({
+    url: 'api/v1/admin/server',
+    method: 'get'
+  })
+}
diff --git a/kyuubi-server/web-ui/src/locales/en_US/index.ts b/kyuubi-server/web-ui/src/locales/en_US/index.ts
index dc1986939..0501078d0 100644
--- a/kyuubi-server/web-ui/src/locales/en_US/index.ts
+++ b/kyuubi-server/web-ui/src/locales/en_US/index.ts
@@ -19,6 +19,7 @@ export default {
   test: 'test',
   user: 'User',
   client_ip: 'Client IP',
+  server_ip: 'Server IP',
   kyuubi_instance: 'Kyuubi Instance',
   session_id: 'Session ID',
   operation_id: 'Operation ID',
diff --git a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
index 87b15cc4d..0e7521794 100644
--- a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
+++ b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
@@ -19,7 +19,8 @@ export default {
   test: '测试',
   user: '用户',
   client_ip: '客户端地址',
-  kyuubi_instance: '服务端地址',
+  server_ip: '服务端地址',
+  kyuubi_instance: '服务端实例',
   session_id: 'Session ID',
   operation_id: 'Operation ID',
   create_time: '创建时间',
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 241cdf506..ce9960ba6 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -22,6 +22,7 @@ import operationRoutes from './operation'
 import contactRoutes from './contact'
 import sessionRoutes from './session'
 import engineRoutes from './engine'
+import serverRoutes from './server'
 
 const routes = [
   {
@@ -42,6 +43,7 @@ const routes = [
       ...workloadRoutes,
       ...operationRoutes,
       ...engineRoutes,
+      ...serverRoutes,
       ...contactRoutes
     ]
   }
diff --git a/kyuubi-server/web-ui/src/router/server/index.ts b/kyuubi-server/web-ui/src/router/server/index.ts
new file mode 100644
index 000000000..c06240485
--- /dev/null
+++ b/kyuubi-server/web-ui/src/router/server/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const router = [
+  {
+    path: '/server/server-statistics',
+    name: 'server-statistics',
+    component: () => import('@/views/server/server-statistics/index.vue')
+  }
+]
+
+export default router
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
index 72b150fa8..46ea825a9 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
@@ -41,6 +41,16 @@ export const MENUS = [
       }
     ]
   },
+  {
+    label: 'Server Management',
+    icon: 'List',
+    children: [
+      {
+        label: 'Server Statistics',
+        router: '/server/server-statistics'
+      }
+    ]
+  },
   {
     label: 'Workload',
     icon: 'List',
diff --git a/kyuubi-server/web-ui/src/views/server/server-statistics/index.vue b/kyuubi-server/web-ui/src/views/server/server-statistics/index.vue
new file mode 100644
index 000000000..266c833d7
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/server/server-statistics/index.vue
@@ -0,0 +1,52 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+<template>
+  <el-card class="table-container">
+    <el-table v-loading="loading" :data="tableData" style="width: 100%">
+      <el-table-column prop="host" :label="$t('server_ip')" min-width="20%" />
+      <el-table-column
+        prop="namespace"
+        :label="$t('namespace')"
+        min-width="20%" />
+      <el-table-column
+        prop="instance"
+        :label="$t('kyuubi_instance')"
+        min-width="20%" />
+      <el-table-column prop="attributes.version" :label="$t('version')" />
+      <el-table-column prop="status" :label="$t('state')" min-width="20%" />
+    </el-table>
+  </el-card>
+</template>
+
+<script lang="ts" setup>
+  import { getAllServer } from '@/api/server'
+  import { useTable } from '@/views/common/use-table'
+
+  const { tableData, loading, getList: _getList } = useTable()
+  const getList = () => {
+    _getList(getAllServer)
+  }
+  getList()
+</script>
+
+<style scoped lang="scss">
+  header {
+    display: flex;
+    justify-content: flex-end;
+  }
+</style>

From 9086b28bc392a928e7cd68aa03b69f3e60d73643 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Thu, 20 Apr 2023 17:58:27 +0800
Subject: [PATCH 308/760] [KYUUBI #4710] [ARROW] LocalTableScanExec should not
 trigger job
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Before this PR:

![截屏2023-04-14 下午5 19 52](https://user-images.githubusercontent.com/8537877/232003579-95c56f56-1fd7-4c8a-a13f-58d4bc16fef1.png)

After this PR:

![截屏2023-04-14 下午5 18 16](https://user-images.githubusercontent.com/8537877/232003652-77b38d08-c741-4977-bf69-6eb70f6d991a.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4710 from cfmcgrady/arrow-local-table-scan-exec.

Closes #4710

e4c2891d1 [Fu Chen] fix ci
1049200ea [Fu Chen] fix style
4d45fe8b7 [Fu Chen] add assert
b8bd5b5a7 [Fu Chen] LocalTableScanExec should not trigger job

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../arrow/KyuubiArrowConverters.scala         |   8 +-
 .../spark/sql/kyuubi/SparkDatasetHelper.scala |  15 +-
 .../SparkArrowbasedOperationSuite.scala       | 139 +++++++++++-------
 3 files changed, 103 insertions(+), 59 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index 2feadbced..8a34943cc 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -203,7 +203,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
    * Different from [[org.apache.spark.sql.execution.arrow.ArrowConverters.toBatchIterator]],
    * each output arrow batch contains this batch row count.
    */
-  private def toBatchIterator(
+  def toBatchIterator(
       rowIter: Iterator[InternalRow],
       schema: StructType,
       maxRecordsPerBatch: Long,
@@ -226,6 +226,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
    * with two key differences:
    *   1. there is no requirement to write the schema at the batch header
    *   2. iteration halts when `rowCount` equals `limit`
+   * Note that `limit < 0` means no limit, and return all rows the in the iterator.
    */
   private[sql] class ArrowBatchIterator(
       rowIter: Iterator[InternalRow],
@@ -255,7 +256,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       }
     }
 
-    override def hasNext: Boolean = (rowIter.hasNext && rowCount < limit) || {
+    override def hasNext: Boolean = (rowIter.hasNext && (rowCount < limit || limit < 0)) || {
       root.close()
       allocator.close()
       false
@@ -283,7 +284,8 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
               // If the size of rows are 0 or negative, unlimit it.
               maxRecordsPerBatch <= 0 ||
               rowCountInLastBatch < maxRecordsPerBatch ||
-              rowCount < limit)) {
+              rowCount < limit ||
+              limit < 0)) {
           val row = rowIter.next()
           arrowWriter.write(row)
           estimatedBatchSize += (row match {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 1c8d32c48..10b178324 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -24,7 +24,7 @@ import org.apache.spark.internal.Logging
 import org.apache.spark.network.util.{ByteUnit, JavaUtils}
 import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.{DataFrame, Dataset, Row, SparkSession}
-import org.apache.spark.sql.execution.{CollectLimitExec, SparkPlan, SQLExecution}
+import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, SparkPlan, SQLExecution}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
 import org.apache.spark.sql.execution.arrow.{ArrowConverters, KyuubiArrowConverters}
 import org.apache.spark.sql.functions._
@@ -51,6 +51,8 @@ object SparkDatasetHelper extends Logging {
       doCollectLimit(collectLimit)
     case collectLimit: CollectLimitExec if collectLimit.limit < 0 =>
       executeArrowBatchCollect(collectLimit.child)
+    case localTableScan: LocalTableScanExec =>
+      doLocalTableScan(localTableScan)
     case plan: SparkPlan =>
       toArrowBatchRdd(plan).collect()
   }
@@ -175,6 +177,17 @@ object SparkDatasetHelper extends Logging {
     result.toArray
   }
 
+  def doLocalTableScan(localTableScan: LocalTableScanExec): Array[Array[Byte]] = {
+    localTableScan.longMetric("numOutputRows").add(localTableScan.rows.size)
+    KyuubiArrowConverters.toBatchIterator(
+      localTableScan.rows.iterator,
+      localTableScan.schema,
+      SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch,
+      maxBatchSize,
+      -1,
+      SparkSession.active.sessionState.conf.sessionLocalTimeZone).toArray
+  }
+
   /**
    * This method provides a reflection-based implementation of
    * [[AdaptiveSparkPlanExec.finalPhysicalPlan]] that enables us to adapt to the Spark runtime
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 2ef29b398..27310992f 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -23,8 +23,8 @@ import java.util.{Set => JSet}
 import org.apache.spark.KyuubiSparkContextHelper
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobStart}
 import org.apache.spark.sql.{QueryTest, Row, SparkSession}
-import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
-import org.apache.spark.sql.execution.{CollectLimitExec, QueryExecution, SparkPlan}
+import org.apache.spark.sql.catalyst.plans.logical.Project
+import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, QueryExecution, SparkPlan}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
 import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
 import org.apache.spark.sql.execution.exchange.Exchange
@@ -104,48 +104,29 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
   }
 
   test("assign a new execution id for arrow-based result") {
-    var plan: LogicalPlan = null
-
-    val listener = new QueryExecutionListener {
-      override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
-        plan = qe.analyzed
+    val listener = new SQLMetricsListener
+    withJdbcStatement() { statement =>
+      withSparkListener(listener) {
+        val result = statement.executeQuery("select 1 as c1")
+        assert(result.next())
+        assert(result.getInt("c1") == 1)
       }
-      override def onFailure(funcName: String, qe: QueryExecution, exception: Exception): Unit = {}
     }
-    withJdbcStatement() { statement =>
-      // since all the new sessions have their owner listener bus, we should register the listener
-      // in the current session.
-      registerListener(listener)
 
-      val result = statement.executeQuery("select 1 as c1")
-      assert(result.next())
-      assert(result.getInt("c1") == 1)
-    }
-    KyuubiSparkContextHelper.waitListenerBus(spark)
-    unregisterListener(listener)
-    assert(plan.isInstanceOf[Project])
+    assert(listener.queryExecution.analyzed.isInstanceOf[Project])
   }
 
   test("arrow-based query metrics") {
-    var queryExecution: QueryExecution = null
-
-    val listener = new QueryExecutionListener {
-      override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
-        queryExecution = qe
-      }
-      override def onFailure(funcName: String, qe: QueryExecution, exception: Exception): Unit = {}
-    }
+    val listener = new SQLMetricsListener
     withJdbcStatement() { statement =>
-      registerListener(listener)
-      val result = statement.executeQuery("select 1 as c1")
-      assert(result.next())
-      assert(result.getInt("c1") == 1)
+      withSparkListener(listener) {
+        val result = statement.executeQuery("select 1 as c1")
+        assert(result.next())
+        assert(result.getInt("c1") == 1)
+      }
     }
 
-    KyuubiSparkContextHelper.waitListenerBus(spark)
-    unregisterListener(listener)
-
-    val metrics = queryExecution.executedPlan.collectLeaves().head.metrics
+    val metrics = listener.queryExecution.executedPlan.collectLeaves().head.metrics
     assert(metrics.contains("numOutputRows"))
     assert(metrics("numOutputRows").value === 1)
   }
@@ -273,7 +254,6 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
         withPartitionedTable("t_3") {
           statement.executeQuery("select * from t_3 limit 10 offset 10")
         }
-        KyuubiSparkContextHelper.waitListenerBus(spark)
       }
     }
     // the extra shuffle be introduced if the `offset` > 0
@@ -292,13 +272,49 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
         withPartitionedTable("t_3") {
           statement.executeQuery("select * from t_3 limit 1000")
         }
-        KyuubiSparkContextHelper.waitListenerBus(spark)
       }
     }
     // Should be only one stage since there is no shuffle.
     assert(numStages == 1)
   }
 
+  test("LocalTableScanExec should not trigger job") {
+    val listener = new JobCountListener
+    withJdbcStatement("view_1") { statement =>
+      withSparkListener(listener) {
+        withAllSessions { s =>
+          import s.implicits._
+          Seq((1, "a")).toDF("c1", "c2").createOrReplaceTempView("view_1")
+          val plan = s.sql("select * from view_1").queryExecution.executedPlan
+          assert(plan.isInstanceOf[LocalTableScanExec])
+        }
+        val resultSet = statement.executeQuery("select * from view_1")
+        assert(resultSet.next())
+        assert(!resultSet.next())
+      }
+    }
+    assert(listener.numJobs == 0)
+  }
+
+  test("LocalTableScanExec metrics") {
+    val listener = new SQLMetricsListener
+    withJdbcStatement("view_1") { statement =>
+      withSparkListener(listener) {
+        withAllSessions { s =>
+          import s.implicits._
+          Seq((1, "a")).toDF("c1", "c2").createOrReplaceTempView("view_1")
+        }
+        val result = statement.executeQuery("select * from view_1")
+        assert(result.next())
+        assert(!result.next())
+      }
+    }
+
+    val metrics = listener.queryExecution.executedPlan.collectLeaves().head.metrics
+    assert(metrics.contains("numOutputRows"))
+    assert(metrics("numOutputRows").value === 1)
+  }
+
   private def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
     val query =
       s"""
@@ -321,32 +337,30 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     assert(resultSet.getString("col") === expect)
   }
 
-  private def registerListener(listener: QueryExecutionListener): Unit = {
-    // since all the new sessions have their owner listener bus, we should register the listener
-    // in the current session.
-    SparkSQLEngine.currentEngine.get
-      .backendService
-      .sessionManager
-      .allSessions()
-      .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.register(listener))
-  }
-
-  private def unregisterListener(listener: QueryExecutionListener): Unit = {
-    SparkSQLEngine.currentEngine.get
-      .backendService
-      .sessionManager
-      .allSessions()
-      .foreach(_.asInstanceOf[SparkSessionImpl].spark.listenerManager.unregister(listener))
+  // since all the new sessions have their owner listener bus, we should register the listener
+  // in the current session.
+  private def withSparkListener[T](listener: QueryExecutionListener)(body: => T): T = {
+    withAllSessions(s => s.listenerManager.register(listener))
+    try {
+      val result = body
+      KyuubiSparkContextHelper.waitListenerBus(spark)
+      result
+    } finally {
+      withAllSessions(s => s.listenerManager.unregister(listener))
+    }
   }
 
+  // since all the new sessions have their owner listener bus, we should register the listener
+  // in the current session.
   private def withSparkListener[T](listener: SparkListener)(body: => T): T = {
     withAllSessions(s => s.sparkContext.addSparkListener(listener))
     try {
-      body
+      val result = body
+      KyuubiSparkContextHelper.waitListenerBus(spark)
+      result
     } finally {
       withAllSessions(s => s.sparkContext.removeSparkListener(listener))
     }
-
   }
 
   private def withPartitionedTable[T](viewName: String)(body: => T): T = {
@@ -432,6 +446,21 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
       .get()
     staticConfKeys.contains(key)
   }
+
+  class JobCountListener extends SparkListener {
+    var numJobs = 0
+    override def onJobStart(jobStart: SparkListenerJobStart): Unit = {
+      numJobs += 1
+    }
+  }
+
+  class SQLMetricsListener extends QueryExecutionListener {
+    var queryExecution: QueryExecution = null
+    override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
+      queryExecution = qe
+    }
+    override def onFailure(funcName: String, qe: QueryExecution, exception: Exception): Unit = {}
+  }
 }
 
 case class TestData(key: Int, value: String)

From a59e27a7ae72fed6a92feedc7c503187ff80caf1 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 20 Apr 2023 20:14:19 +0800
Subject: [PATCH 309/760] [KYUUBI #4719] Support submission timeout for yarn
 application manager and get the applicationInfo in-memory

### _Why are the changes needed?_

To prevent the create batch operation stuck.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4719 from turboFei/yarn_app_mgr.

Closes #4719

1b0da9315 [fwang12] check timeout

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../engine/YarnApplicationOperation.scala     | 17 +++++-
 .../kyuubi/operation/BatchJobSubmission.scala | 61 +++++++++----------
 .../KyuubiApplicationOperation.scala          |  4 +-
 .../kyuubi/operation/LaunchEngine.scala       |  2 +-
 .../server/api/v1/BatchesResource.scala       |  2 +-
 .../kyuubi/WithKyuubiServerOnYarn.scala       | 10 +--
 6 files changed, 54 insertions(+), 42 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
index e836e65da..446314208 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
@@ -32,8 +32,10 @@ import org.apache.kyuubi.util.KyuubiHadoopUtils
 class YarnApplicationOperation extends ApplicationOperation with Logging {
 
   @volatile private var yarnClient: YarnClient = _
+  private var submitTimeout: Long = _
 
   override def initialize(conf: KyuubiConf): Unit = {
+    submitTimeout = conf.get(KyuubiConf.ENGINE_SUBMIT_TIMEOUT)
     val yarnConf = KyuubiHadoopUtils.newYarnConfiguration(conf)
     // YarnClient is thread-safe
     val c = YarnClient.createYarnClient()
@@ -81,7 +83,20 @@ class YarnApplicationOperation extends ApplicationOperation with Logging {
       val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
       if (reports.isEmpty) {
         debug(s"Application with tag $tag not found")
-        ApplicationInfo(id = null, name = null, state = ApplicationState.NOT_FOUND)
+        submitTime match {
+          case Some(_submitTime) =>
+            val elapsedTime = System.currentTimeMillis - _submitTime
+            if (elapsedTime > submitTimeout) {
+              error(s"Can't find target yarn application by tag: $tag, " +
+                s"elapsed time: ${elapsedTime}ms exceeds ${submitTimeout}ms.")
+              ApplicationInfo.NOT_FOUND
+            } else {
+              warn("Wait for yarn application to be submitted, " +
+                s"elapsed time: ${elapsedTime}ms, return UNKNOWN status")
+              ApplicationInfo.UNKNOWN
+            }
+          case _ => ApplicationInfo.NOT_FOUND
+        }
       } else {
         val report = reports.get(0)
         val info = ApplicationInfo(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 3cbb16907..a723ab4b0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -71,10 +71,7 @@ class BatchJobSubmission(
   private[kyuubi] val batchId: String = session.handle.identifier.toString
 
   @volatile private var _applicationInfo: Option[ApplicationInfo] = None
-  def getOrFetchCurrentApplicationInfo: Option[ApplicationInfo] = _applicationInfo match {
-    case Some(_) => _applicationInfo
-    case None => currentApplicationInfo
-  }
+  def getApplicationInfo: Option[ApplicationInfo] = _applicationInfo
 
   private var killMessage: KillResponse = (false, "UNKNOWN")
   def getKillMessage: KillResponse = killMessage
@@ -102,9 +99,8 @@ class BatchJobSubmission(
     }
   }
 
-  override protected def currentApplicationInfo: Option[ApplicationInfo] = {
+  override protected def currentApplicationInfo(): Option[ApplicationInfo] = {
     if (isTerminal(state) && _applicationInfo.nonEmpty) return _applicationInfo
-    // only the ApplicationInfo with non-empty id is valid for the operation
     val submitTime = if (_appStartTime <= 0) {
       System.currentTimeMillis()
     } else {
@@ -114,8 +110,8 @@ class BatchJobSubmission(
       applicationManager.getApplicationInfo(
         builder.clusterManager(),
         batchId,
-        Some(submitTime)).filter(_.id != null)
-    applicationInfo.foreach { _ =>
+        Some(submitTime))
+    applicationId(applicationInfo).foreach { _ =>
       if (_appStartTime <= 0) {
         _appStartTime = System.currentTimeMillis()
       }
@@ -123,6 +119,10 @@ class BatchJobSubmission(
     applicationInfo
   }
 
+  private def applicationId(applicationInfo: Option[ApplicationInfo]): Option[String] = {
+    applicationInfo.filter(_.id != null).map(_.id).orElse(None)
+  }
+
   private[kyuubi] def killBatchApplication(): KillResponse = {
     applicationManager.killApplication(builder.clusterManager(), batchId)
   }
@@ -168,8 +168,8 @@ class BatchJobSubmission(
   private def setStateIfNotCanceled(newState: OperationState): Unit = state.synchronized {
     if (state != CANCELED) {
       setState(newState)
-      _applicationInfo.filter(_.id != null).foreach { ai =>
-        session.getSessionEvent.foreach(_.engineId = ai.id)
+      applicationId(_applicationInfo).foreach { appId =>
+        session.getSessionEvent.foreach(_.engineId = appId)
       }
       if (newState == RUNNING) {
         session.onEngineOpened()
@@ -198,14 +198,10 @@ class BatchJobSubmission(
           // submitted batch application.
           recoveryMetadata.map { metadata =>
             if (metadata.state == OperationState.PENDING.toString) {
-              _applicationInfo = currentApplicationInfo
-              _applicationInfo.map(_.id) match {
-                case Some(null) =>
-                  submitAndMonitorBatchJob()
-                case Some(appId) =>
-                  monitorBatchJob(appId)
-                case None =>
-                  submitAndMonitorBatchJob()
+              _applicationInfo = currentApplicationInfo()
+              applicationId(_applicationInfo) match {
+                case Some(appId) => monitorBatchJob(appId)
+                case None => submitAndMonitorBatchJob()
               }
             } else {
               monitorBatchJob(metadata.engineId)
@@ -240,10 +236,11 @@ class BatchJobSubmission(
     try {
       info(s"Submitting $batchType batch[$batchId] job:\n$builder")
       val process = builder.start
-      _applicationInfo = currentApplicationInfo
       while (!applicationFailed(_applicationInfo) && process.isAlive) {
+        updateApplicationInfoMetadataIfNeeded()
         if (!appStatusFirstUpdated) {
-          if (_applicationInfo.isDefined) {
+          // only the ApplicationInfo with non-empty id indicates that batch is RUNNING
+          if (applicationId(_applicationInfo).isDefined) {
             setStateIfNotCanceled(OperationState.RUNNING)
             updateBatchMetadata()
             appStatusFirstUpdated = true
@@ -257,7 +254,6 @@ class BatchJobSubmission(
           }
         }
         process.waitFor(applicationCheckInterval, TimeUnit.MILLISECONDS)
-        _applicationInfo = currentApplicationInfo
       }
 
       if (applicationFailed(_applicationInfo)) {
@@ -269,10 +265,7 @@ class BatchJobSubmission(
           throw new KyuubiException(s"Process exit with value ${process.exitValue()}")
         }
 
-        Option(_applicationInfo.map(_.id)).foreach {
-          case Some(appId) => monitorBatchJob(appId)
-          case _ =>
-        }
+        applicationId(_applicationInfo).foreach(monitorBatchJob)
       }
     } finally {
       builder.close()
@@ -283,7 +276,7 @@ class BatchJobSubmission(
   private def monitorBatchJob(appId: String): Unit = {
     info(s"Monitoring submitted $batchType batch[$batchId] job: $appId")
     if (_applicationInfo.isEmpty) {
-      _applicationInfo = currentApplicationInfo
+      _applicationInfo = currentApplicationInfo()
     }
     if (state == OperationState.PENDING) {
       setStateIfNotCanceled(OperationState.RUNNING)
@@ -297,12 +290,7 @@ class BatchJobSubmission(
       // TODO: add limit for max batch job submission lifetime
       while (_applicationInfo.isDefined && !applicationTerminated(_applicationInfo)) {
         Thread.sleep(applicationCheckInterval)
-        val newApplicationStatus = currentApplicationInfo
-        if (newApplicationStatus.map(_.state) != _applicationInfo.map(_.state)) {
-          _applicationInfo = newApplicationStatus
-          updateBatchMetadata()
-          info(s"Batch report for $batchId, ${_applicationInfo}")
-        }
+        updateApplicationInfoMetadataIfNeeded()
       }
 
       if (applicationFailed(_applicationInfo)) {
@@ -311,6 +299,15 @@ class BatchJobSubmission(
     }
   }
 
+  private def updateApplicationInfoMetadataIfNeeded(): Unit = {
+    val newApplicationStatus = currentApplicationInfo()
+    if (newApplicationStatus.map(_.state) != _applicationInfo.map(_.state)) {
+      _applicationInfo = newApplicationStatus
+      updateBatchMetadata()
+      info(s"Batch report for $batchId, ${_applicationInfo}")
+    }
+  }
+
   def getOperationLogRowSet(
       order: FetchOrientation,
       from: Int,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
index 605c4cca6..fc109f499 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
@@ -31,10 +31,10 @@ import org.apache.kyuubi.util.ThriftUtils
 
 abstract class KyuubiApplicationOperation(session: Session) extends KyuubiOperation(session) {
 
-  protected def currentApplicationInfo: Option[ApplicationInfo]
+  protected def currentApplicationInfo(): Option[ApplicationInfo]
 
   protected def applicationInfoMap: Option[Map[String, String]] = {
-    currentApplicationInfo.map(_.toMap)
+    currentApplicationInfo().map(_.toMap)
   }
 
   override def getResultSetMetadata: TGetResultSetMetadataResp = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala
index fb4f39e26..758dccb9d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/LaunchEngine.scala
@@ -33,7 +33,7 @@ class LaunchEngine(session: KyuubiSessionImpl, override val shouldRunAsync: Bool
     }
   override def getOperationLog: Option[OperationLog] = Option(_operationLog)
 
-  override protected def currentApplicationInfo: Option[ApplicationInfo] = {
+  override protected def currentApplicationInfo(): Option[ApplicationInfo] = {
     Option(client).map { cli =>
       ApplicationInfo(
         cli.engineId.orNull,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 4814996a4..a7af369a7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -74,7 +74,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
   private def buildBatch(session: KyuubiBatchSessionImpl): Batch = {
     val batchOp = session.batchJobSubmissionOp
     val batchOpStatus = batchOp.getStatus
-    val batchAppStatus = batchOp.getOrFetchCurrentApplicationInfo
+    val batchAppStatus = batchOp.getApplicationInfo
 
     val name = Option(batchOp.batchName).getOrElse(batchAppStatus.map(_.name).orNull)
     var appId: String = null
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index 3bc6bb1c5..f2ec60fea 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -123,7 +123,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
     val batchJobSubmissionOp = session.batchJobSubmissionOp
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
-      val appInfo = batchJobSubmissionOp.getOrFetchCurrentApplicationInfo
+      val appInfo = batchJobSubmissionOp.getApplicationInfo
       assert(appInfo.nonEmpty)
       assert(appInfo.exists(_.id.startsWith("application_")))
     }
@@ -158,7 +158,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
     val appUrl = rows("url")
     val appError = rows("error")
 
-    val appInfo2 = batchJobSubmissionOp.getOrFetchCurrentApplicationInfo.get
+    val appInfo2 = batchJobSubmissionOp.getApplicationInfo.get
     assert(appId === appInfo2.id)
     assert(appName === appInfo2.name)
     assert(appState === appInfo2.state.toString)
@@ -183,9 +183,9 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
     val batchJobSubmissionOp = session.batchJobSubmissionOp
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
-      assert(batchJobSubmissionOp.getOrFetchCurrentApplicationInfo.exists(_.id == null))
-      assert(batchJobSubmissionOp.getOrFetchCurrentApplicationInfo.exists(
-        _.state == ApplicationState.NOT_FOUND))
+      assert(batchJobSubmissionOp.getApplicationInfo.exists(_.id == null))
+      assert(batchJobSubmissionOp.getApplicationInfo.exists(
+        _.state == ApplicationState.UNKNOWN))
       assert(batchJobSubmissionOp.getStatus.state === OperationState.ERROR)
     }
   }

From 6876f82053fe68eb247c6958b2af052072e0a3b5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 20 Apr 2023 22:59:20 +0800
Subject: [PATCH 310/760] [KYUUBI #4744] [TEST] Remove Hudi integration tests

### _Why are the changes needed?_

This PR aims to remove Hudi integration tests from the Kyuubi project.

Actually, there is no obvious benefit to running Hudi tests w/ Kyuubi, since the real work happens on the compute engine and Hudi integration. Besides, Hudi's horrible dependency management brings significant maintenance efforts to the Kyuubi community.

This change only affects tests, does not affect any functionality.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4744 from pan3793/remove-hudi.

Closes #4744

ea99f747e [Cheng Pan] Remove Hudi integration tests

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  |   4 +-
 externals/kyuubi-spark-sql-engine/pom.xml     |  36 ----
 .../operation/SparkHudiOperationSuite.scala   |  30 ---
 .../java/org/apache/kyuubi/tags/HudiTest.java |  29 ---
 .../org/apache/kyuubi/HudiSuiteMixin.scala    |  43 ----
 .../kyuubi/operation/HudiMetadataTests.scala  | 193 ------------------
 kyuubi-server/pom.xml                         |  36 ----
 .../datalake/HudiOperationSuite.scala         |  34 ---
 pom.xml                                       | 162 +--------------
 9 files changed, 6 insertions(+), 561 deletions(-)
 delete mode 100644 externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkHudiOperationSuite.scala
 delete mode 100644 kyuubi-common/src/test/java/org/apache/kyuubi/tags/HudiTest.java
 delete mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/HudiSuiteMixin.scala
 delete mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HudiMetadataTests.scala
 delete mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/operation/datalake/HudiOperationSuite.scala

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 04ecb1a60..6bafea0dc 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -57,12 +57,12 @@ jobs:
           - java: 8
             spark: '3.3'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.1.3 -Dspark.archive.name=spark-3.1.3-bin-hadoop3.2.tgz'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.3'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.2-binary'
     env:
       SPARK_LOCAL_IP: localhost
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 8c984e4ca..62fe39c00 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -146,42 +146,6 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.parquet</groupId>
-            <artifactId>parquet-avro</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-avro_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-common</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-spark-common_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-spark_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-spark3.1.x_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>io.delta</groupId>
             <artifactId>delta-core_${scala.binary.version}</artifactId>
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkHudiOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkHudiOperationSuite.scala
deleted file mode 100644
index c5e8be37a..000000000
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkHudiOperationSuite.scala
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.spark.operation
-
-import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
-import org.apache.kyuubi.operation.HudiMetadataTests
-import org.apache.kyuubi.tags.HudiTest
-
-@HudiTest
-class SparkHudiOperationSuite extends WithSparkSQLEngine with HudiMetadataTests {
-
-  override protected def jdbcUrl: String = getJdbcUrl
-
-  override def withKyuubiConf: Map[String, String] = extraConfigs
-}
diff --git a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/HudiTest.java b/kyuubi-common/src/test/java/org/apache/kyuubi/tags/HudiTest.java
deleted file mode 100644
index 346f146fa..000000000
--- a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/HudiTest.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.tags;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-import org.scalatest.TagAnnotation;
-
-@TagAnnotation
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.METHOD, ElementType.TYPE})
-public @interface HudiTest {}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/HudiSuiteMixin.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/HudiSuiteMixin.scala
deleted file mode 100644
index 17cc5d27f..000000000
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/HudiSuiteMixin.scala
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi
-
-import java.nio.file.Path
-
-trait HudiSuiteMixin extends DataLakeSuiteMixin {
-
-  override protected def format: String = "hudi"
-
-  override protected def catalog: String = "spark_catalog"
-
-  override protected def warehouse: Path = Utils.createTempDir()
-
-  override protected def extraJars: String = {
-    System.getProperty("java.class.path")
-      .split(":")
-      .filter(i => i.contains("hudi") || i.contains("spark-avro"))
-      .mkString(",")
-  }
-
-  override protected def extraConfigs = Map(
-    "spark.sql.catalogImplementation" -> "in-memory",
-    "spark.sql.defaultCatalog" -> catalog,
-    "spark.sql.extensions" -> "org.apache.spark.sql.hudi.HoodieSparkSessionExtension",
-    "spark.serializer" -> "org.apache.spark.serializer.KryoSerializer",
-    "spark.jars" -> extraJars)
-}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HudiMetadataTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HudiMetadataTests.scala
deleted file mode 100644
index e6870a4e3..000000000
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/HudiMetadataTests.scala
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.operation
-
-import org.apache.kyuubi.HudiSuiteMixin
-import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
-
-trait HudiMetadataTests extends HiveJDBCTestHelper with HudiSuiteMixin {
-
-  test("get catalogs") {
-    withJdbcStatement() { statement =>
-      val metaData = statement.getConnection.getMetaData
-      val catalogs = metaData.getCatalogs
-      catalogs.next()
-      assert(catalogs.getString(TABLE_CAT) === "spark_catalog")
-      assert(!catalogs.next())
-    }
-  }
-
-  test("get schemas") {
-    val dbs = Seq("db1", "db2", "db33", "db44")
-    val dbDflts = Seq("default", "global_temp")
-
-    val catalog = "spark_catalog"
-    withDatabases(dbs: _*) { statement =>
-      dbs.foreach(db => statement.execute(s"CREATE DATABASE IF NOT EXISTS $db"))
-      val metaData = statement.getConnection.getMetaData
-
-      Seq("", "*", "%", null, ".*", "_*", "_%", ".%") foreach { pattern =>
-        checkGetSchemas(metaData.getSchemas(catalog, pattern), dbs ++ dbDflts, catalog)
-      }
-
-      Seq("db%", "db.*") foreach { pattern =>
-        checkGetSchemas(metaData.getSchemas(catalog, pattern), dbs, catalog)
-      }
-
-      Seq("db_", "db.") foreach { pattern =>
-        checkGetSchemas(metaData.getSchemas(catalog, pattern), dbs.take(2), catalog)
-      }
-
-      checkGetSchemas(metaData.getSchemas(catalog, "db1"), Seq("db1"), catalog)
-      checkGetSchemas(metaData.getSchemas(catalog, "db_not_exist"), Seq.empty, catalog)
-    }
-  }
-
-  test("get tables") {
-    val table = "table_1_test"
-    val schema = "default"
-    val tableType = "TABLE"
-
-    withJdbcStatement(table) { statement =>
-      statement.execute(
-        s"""
-           | create table $table (
-           |  id int,
-           |  name string,
-           |  price double,
-           |  ts long
-           | ) using $format
-           | options (
-           |   primaryKey = 'id',
-           |   preCombineField = 'ts',
-           |   hoodie.bootstrap.index.class =
-           |   'org.apache.hudi.common.bootstrap.index.NoOpBootstrapIndex'
-           | )
-       """.stripMargin)
-
-      val metaData = statement.getConnection.getMetaData
-      val rs1 = metaData.getTables(null, null, null, null)
-      assert(rs1.next())
-      val catalogName = rs1.getString(TABLE_CAT)
-      assert(catalogName === "spark_catalog" || catalogName === null)
-      assert(rs1.getString(TABLE_SCHEM) === schema)
-      assert(rs1.getString(TABLE_NAME) == table)
-      assert(rs1.getString(TABLE_TYPE) == tableType)
-      assert(!rs1.next())
-
-      val rs2 = metaData.getTables(null, null, "table%", Array("TABLE"))
-      assert(rs2.next())
-      assert(rs2.getString(TABLE_NAME) == table)
-      assert(!rs2.next())
-
-      val rs3 = metaData.getTables(null, "default", "*", Array("VIEW"))
-      assert(!rs3.next())
-    }
-  }
-
-  test("get columns type") {
-    val dataTypes = Seq(
-      "boolean",
-      "int",
-      "bigint",
-      "float",
-      "double",
-      "decimal(38,20)",
-      "decimal(10,2)",
-      "string",
-      "array<bigint>",
-      "array<string>",
-      "date",
-      "timestamp",
-      "struct<`X`: bigint, `Y`: double>",
-      "binary",
-      "struct<`X`: string>")
-    val cols = dataTypes.zipWithIndex.map { case (dt, idx) => s"c$idx" -> dt }
-    val (colNames, _) = cols.unzip
-
-    val metadataCols = Seq(
-      "_hoodie_commit_time",
-      "_hoodie_commit_seqno",
-      "_hoodie_record_key",
-      "_hoodie_partition_path",
-      "_hoodie_file_name")
-
-    val defaultPkCol = "uuid"
-
-    val reservedCols = metadataCols :+ defaultPkCol
-
-    val tableName = "hudi_get_col_operation"
-    val ddl =
-      s"""
-         |CREATE TABLE IF NOT EXISTS $catalog.$defaultSchema.$tableName (
-         |  $defaultPkCol string,
-         |  ${cols.map { case (cn, dt) => cn + " " + dt }.mkString(",\n")}
-         |)
-         |USING hudi""".stripMargin
-
-    withJdbcStatement(tableName) { statement =>
-      statement.execute(ddl)
-
-      val metaData = statement.getConnection.getMetaData
-
-      Seq("%", null, ".*", "c.*") foreach { columnPattern =>
-        val rowSet = metaData.getColumns(catalog, defaultSchema, tableName, columnPattern)
-
-        import java.sql.Types._
-        val expectedJavaTypes = Seq(
-          BOOLEAN,
-          INTEGER,
-          BIGINT,
-          FLOAT,
-          DOUBLE,
-          DECIMAL,
-          DECIMAL,
-          VARCHAR,
-          ARRAY,
-          ARRAY,
-          DATE,
-          TIMESTAMP,
-          STRUCT,
-          BINARY,
-          STRUCT)
-
-        var pos = 0
-        while (rowSet.next()) {
-          assert(rowSet.getString(TABLE_CAT) === catalog)
-          assert(rowSet.getString(TABLE_SCHEM) === defaultSchema)
-          assert(rowSet.getString(TABLE_NAME) === tableName)
-          rowSet.getString(COLUMN_NAME) match {
-            case name if reservedCols.contains(name) =>
-              assert(rowSet.getInt(DATA_TYPE) === VARCHAR)
-              assert(rowSet.getString(TYPE_NAME) equalsIgnoreCase "STRING")
-            case _ =>
-              assert(rowSet.getString(COLUMN_NAME) === colNames(pos))
-              assert(rowSet.getInt(DATA_TYPE) === expectedJavaTypes(pos))
-              assert(rowSet.getString(TYPE_NAME) equalsIgnoreCase dataTypes(pos))
-              pos += 1
-          }
-        }
-
-        assert(pos === dataTypes.size, "all columns should have been verified")
-      }
-
-      val rowSet = metaData.getColumns(catalog, "*", "not_exist", "not_exist")
-      assert(!rowSet.next())
-    }
-  }
-}
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 7408ac5dd..c4585b131 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -427,42 +427,6 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-avro_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.parquet</groupId>
-            <artifactId>parquet-avro</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-common</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-spark-common_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-spark_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hudi</groupId>
-            <artifactId>hudi-spark3.1.x_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>io.delta</groupId>
             <artifactId>delta-core_${scala.binary.version}</artifactId>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/datalake/HudiOperationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/datalake/HudiOperationSuite.scala
deleted file mode 100644
index 0c507504d..000000000
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/datalake/HudiOperationSuite.scala
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.operation.datalake
-
-import org.apache.kyuubi.WithKyuubiServer
-import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.operation.HudiMetadataTests
-import org.apache.kyuubi.tags.HudiTest
-
-@HudiTest
-class HudiOperationSuite extends WithKyuubiServer with HudiMetadataTests {
-  override protected val conf: KyuubiConf = {
-    val kyuubiConf = KyuubiConf().set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 20000L)
-    extraConfigs.foreach { case (k, v) => kyuubiConf.set(k, v) }
-    kyuubiConf
-  }
-
-  override def jdbcUrl: String = getJdbcUrl
-}
diff --git a/pom.xml b/pom.xml
index 1feae0322..a6e5d2df5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -156,7 +156,6 @@
         <hive.archive.download.skip>false</hive.archive.download.skip>
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
-        <hudi.version>0.12.0</hudi.version>
         <iceberg.version>1.2.0</iceberg.version>
         <jackson.version>2.14.2</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
@@ -225,7 +224,7 @@
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
         <maven.plugin.surefire.version>3.0.0-M8</maven.plugin.surefire.version>
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
-        <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
+        <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>
         <maven.plugin.spotless.version>2.30.0</maven.plugin.spotless.version>
         <maven.plugin.jacoco.version>0.8.7</maven.plugin.jacoco.version>
@@ -1240,159 +1239,6 @@
                 <version>${iceberg.version}</version>
             </dependency>
 
-            <!-- Hudi dependency  -->
-            <dependency>
-                <groupId>org.apache.parquet</groupId>
-                <artifactId>parquet-avro</artifactId>
-                <version>${parquet.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.spark</groupId>
-                <artifactId>spark-avro_${scala.binary.version}</artifactId>
-                <version>${spark.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.hudi</groupId>
-                <artifactId>hudi-common</artifactId>
-                <version>${hudi.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.core</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hbase</groupId>
-                        <artifactId>hbase-server</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hbase</groupId>
-                        <artifactId>hbase-client</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.hudi</groupId>
-                <artifactId>hudi-spark-common_${scala.binary.version}</artifactId>
-                <version>${hudi.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.scala-lang</groupId>
-                        <artifactId>scala-library</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hudi</groupId>
-                        <artifactId>hudi-timeline-service</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>io.dropwizard.metrics</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>io.prometheus</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.logging.log4j</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.curator</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hadoop</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hbase</groupId>
-                        <artifactId>hbase-server</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hbase</groupId>
-                        <artifactId>hbase-client</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.orc</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hudi</groupId>
-                        <artifactId>hudi-aws</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>commons-logging</groupId>
-                        <artifactId>commons-logging</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.core</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.hudi</groupId>
-                <artifactId>hudi-spark_${scala.binary.version}</artifactId>
-                <version>${hudi.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.scala-lang</groupId>
-                        <artifactId>scala-library</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hudi</groupId>
-                        <artifactId>hudi-spark-common_2.11</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hudi</groupId>
-                        <artifactId>hudi-spark2_2.11</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hudi</groupId>
-                        <artifactId>hudi-spark2-common</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.curator</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.core</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.module</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.logging.log4j</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.hudi</groupId>
-                <artifactId>hudi-spark3.1.x_${scala.binary.version}</artifactId>
-                <version>${hudi.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.apache.hudi</groupId>
-                        <artifactId>hudi-spark-common_2.11</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.scala-lang</groupId>
-                        <artifactId>scala-library</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.core</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
             <dependency>
                 <groupId>io.delta</groupId>
                 <artifactId>delta-core_${scala.binary.version}</artifactId>
@@ -2347,7 +2193,7 @@
                 <spark.binary.version>3.2</spark.binary.version>
                 <delta.version>2.0.2</delta.version>
                 <spark.archive.name>spark-${spark.version}-bin-hadoop3.2.tgz</spark.archive.name>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 
@@ -2360,7 +2206,7 @@
                 <module>extensions/spark/kyuubi-spark-connector-kudu</module>
             </modules>
             <properties>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 
@@ -2370,7 +2216,7 @@
                 <spark.version>3.5.0-SNAPSHOT</spark.version>
                 <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
                 <threeten.version>1.7.0</threeten.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
             </properties>
             <dependencyManagement>
                 <dependencies>

From ccacb33c690f4853dab45854dc8063b23c4251a0 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 21 Apr 2023 10:49:21 +0800
Subject: [PATCH 311/760] [KYUUBI #4739] Add operation lock instead of locking
 state Enumeration

### _Why are the changes needed?_

We meet an issue that cause all the operation stuck when closing operation.

Because now all the operations try to lock a Scala Enumeration val.

And if one of them stuck, all the others will be keep stuck.

In this pr, I add a lock for each operation.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4739 from turboFei/op_lock.

Closes #4739

535400a42 [fwang12] revert
a93438927 [fwang12] lockInterruptibly
274abc9db [fwang12] utils
ceda7314f [fwang12] op lock

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../engine/chat/operation/ChatOperation.scala       |  2 +-
 .../engine/flink/operation/FlinkOperation.scala     |  4 ++--
 .../engine/hive/operation/HiveOperation.scala       |  2 +-
 .../engine/jdbc/operation/JdbcOperation.scala       |  2 +-
 .../engine/spark/operation/ExecutePython.scala      |  7 +------
 .../engine/spark/operation/SparkOperation.scala     |  6 +++---
 .../kyuubi/engine/spark/repl/KyuubiSparkILoop.scala |  9 +++------
 .../engine/trino/operation/TrinoOperation.scala     |  4 ++--
 .../src/main/scala/org/apache/kyuubi/Utils.scala    | 10 ++++++++++
 .../apache/kyuubi/operation/AbstractOperation.scala |  9 +++++++--
 .../kyuubi/client/KyuubiSyncThriftClient.scala      | 13 +++++--------
 .../kyuubi/operation/BatchJobSubmission.scala       |  4 ++--
 .../apache/kyuubi/operation/KyuubiOperation.scala   |  8 ++++----
 13 files changed, 42 insertions(+), 38 deletions(-)

diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
index 38527cbf1..bb6e8a8a3 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
@@ -62,7 +62,7 @@ abstract class ChatOperation(session: Session) extends AbstractOperation(session
     // We should use Throwable instead of Exception since `java.lang.NoClassDefFoundError`
     // could be thrown.
     case e: Throwable =>
-      state.synchronized {
+      withLockRequired {
         val errMsg = Utils.stringifyException(e)
         if (state == OperationState.TIMEOUT) {
           val ke = KyuubiSQLException(s"Timeout operating $opType: $errMsg")
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
index d734cea05..eee2fdc98 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
@@ -57,7 +57,7 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
   }
 
   override protected def afterRun(): Unit = {
-    state.synchronized {
+    withLockRequired {
       if (!isTerminalState(state)) {
         setState(OperationState.FINISHED)
       }
@@ -114,7 +114,7 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
     // We should use Throwable instead of Exception since `java.lang.NoClassDefFoundError`
     // could be thrown.
     case e: Throwable =>
-      state.synchronized {
+      withLockRequired {
         val errMsg = Utils.stringifyException(e)
         if (state == OperationState.TIMEOUT) {
           val ke = KyuubiSQLException(s"Timeout operating $opType: $errMsg")
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
index 81affdff3..c02569784 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
@@ -46,7 +46,7 @@ abstract class HiveOperation(session: Session) extends AbstractOperation(session
   }
 
   override def afterRun(): Unit = {
-    state.synchronized {
+    withLockRequired {
       if (!isTerminalState(state)) {
         setState(OperationState.FINISHED)
       }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
index 6cac42f49..f4d1c27e7 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
@@ -66,7 +66,7 @@ abstract class JdbcOperation(session: Session) extends AbstractOperation(session
     // We should use Throwable instead of Exception since `java.lang.NoClassDefFoundError`
     // could be thrown.
     case e: Throwable =>
-      state.synchronized {
+      withLockRequired {
         val errMsg = Utils.stringifyException(e)
         if (state == OperationState.TIMEOUT) {
           val ke = KyuubiSQLException(s"Timeout operating $opType: $errMsg")
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
index d2627fd99..17cc967e6 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
@@ -180,12 +180,7 @@ case class SessionPythonWorker(
     new BufferedReader(new InputStreamReader(workerProcess.getInputStream), 1)
   private val lock = new ReentrantLock()
 
-  private def withLockRequired[T](block: => T): T = {
-    try {
-      lock.lock()
-      block
-    } finally lock.unlock()
-  }
+  private def withLockRequired[T](block: => T): T = Utils.withLockRequired(lock)(block)
 
   /**
    * Run the python code and return the response. This method maybe invoked internally,
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index cb7510a89..6b2a5d9eb 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -101,7 +101,7 @@ abstract class SparkOperation(session: Session)
     super.getStatus
   }
 
-  override def cleanup(targetState: OperationState): Unit = state.synchronized {
+  override def cleanup(targetState: OperationState): Unit = withLockRequired {
     operationListener.foreach(_.cleanup())
     if (!isTerminalState(state)) {
       setState(targetState)
@@ -174,7 +174,7 @@ abstract class SparkOperation(session: Session)
     // could be thrown.
     case e: Throwable =>
       if (cancel && !spark.sparkContext.isStopped) spark.sparkContext.cancelJobGroup(statementId)
-      state.synchronized {
+      withLockRequired {
         val errMsg = Utils.stringifyException(e)
         if (state == OperationState.TIMEOUT) {
           val ke = KyuubiSQLException(s"Timeout operating $opType: $errMsg")
@@ -201,7 +201,7 @@ abstract class SparkOperation(session: Session)
   }
 
   override protected def afterRun(): Unit = {
-    state.synchronized {
+    withLockRequired {
       if (!isTerminalState(state)) {
         setState(OperationState.FINISHED)
       }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
index 27090fae4..a5437df92 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
@@ -29,6 +29,8 @@ import org.apache.spark.repl.SparkILoop
 import org.apache.spark.sql.{DataFrame, SparkSession}
 import org.apache.spark.util.MutableURLClassLoader
 
+import org.apache.kyuubi.Utils
+
 private[spark] case class KyuubiSparkILoop private (
     spark: SparkSession,
     output: ByteArrayOutputStream)
@@ -124,10 +126,5 @@ private[spark] object KyuubiSparkILoop {
   }
 
   private val lock = new ReentrantLock()
-  private def withLockRequired[T](block: => T): T = {
-    try {
-      lock.lock()
-      block
-    } finally lock.unlock()
-  }
+  private def withLockRequired[T](block: => T): T = Utils.withLockRequired(lock)(block)
 }
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
index 6e40f65f2..bff058605 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
@@ -75,7 +75,7 @@ abstract class TrinoOperation(session: Session) extends AbstractOperation(sessio
   }
 
   override protected def afterRun(): Unit = {
-    state.synchronized {
+    withLockRequired {
       if (!isTerminalState(state)) {
         setState(OperationState.FINISHED)
       }
@@ -108,7 +108,7 @@ abstract class TrinoOperation(session: Session) extends AbstractOperation(sessio
     // could be thrown.
     case e: Throwable =>
       if (cancel && trino.isRunning) trino.cancelLeafStage()
-      state.synchronized {
+      withLockRequired {
         val errMsg = Utils.stringifyException(e)
         if (state == OperationState.TIMEOUT) {
           val ke = KyuubiSQLException(s"Timeout operating $opType: $errMsg")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
index 3a03682ff..06c572130 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
@@ -24,6 +24,7 @@ import java.nio.file.{Files, Path, Paths, StandardCopyOption}
 import java.text.SimpleDateFormat
 import java.util.{Date, Properties, TimeZone, UUID}
 import java.util.concurrent.atomic.AtomicLong
+import java.util.concurrent.locks.Lock
 
 import scala.collection.JavaConverters._
 import scala.sys.process._
@@ -407,4 +408,13 @@ object Utils extends Logging {
       stringWriter.toString
     }
   }
+
+  def withLockRequired[T](lock: Lock)(block: => T): T = {
+    try {
+      lock.lock()
+      block
+    } finally {
+      lock.unlock()
+    }
+  }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
index d50cb8e24..2e52757a2 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
@@ -18,13 +18,14 @@
 package org.apache.kyuubi.operation
 
 import java.util.concurrent.{Future, ScheduledExecutorService, TimeUnit}
+import java.util.concurrent.locks.ReentrantLock
 
 import scala.collection.JavaConverters._
 
 import org.apache.commons.lang3.StringUtils
 import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TProgressUpdateResp, TProtocolVersion, TRowSet, TStatus, TStatusCode}
 
-import org.apache.kyuubi.{KyuubiSQLException, Logging}
+import org.apache.kyuubi.{KyuubiSQLException, Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_IDLE_TIMEOUT
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.operation.OperationState._
@@ -45,7 +46,11 @@ abstract class AbstractOperation(session: Session) extends Operation with Loggin
 
   private var statementTimeoutCleaner: Option[ScheduledExecutorService] = None
 
-  protected def cleanup(targetState: OperationState): Unit = state.synchronized {
+  private val lock: ReentrantLock = new ReentrantLock()
+
+  protected def withLockRequired[T](block: => T): T = Utils.withLockRequired(lock)(block)
+
+  protected def cleanup(targetState: OperationState): Unit = withLockRequired {
     if (!isTerminalState(state)) {
       setState(targetState)
       Option(getBackgroundHandle).foreach(_.cancel(true))
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index 8b8561fa9..587fd5756 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -136,14 +136,11 @@ class KyuubiSyncThriftClient private (
   /**
    * Lock every rpc call to send them sequentially
    */
-  private def withLockAcquired[T](block: => T): T = {
-    try {
-      lock.lock()
-      if (!protocol.getTransport.isOpen) {
-        throw KyuubiSQLException.connectionDoesNotExist()
-      }
-      block
-    } finally lock.unlock()
+  private def withLockAcquired[T](block: => T): T = Utils.withLockRequired(lock) {
+    if (!protocol.getTransport.isOpen) {
+      throw KyuubiSQLException.connectionDoesNotExist()
+    }
+    block
   }
 
   private def withLockAcquiredAsyncRequest[T](block: => T): T = withLockAcquired {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index a723ab4b0..e6433cdc9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -165,7 +165,7 @@ class BatchJobSubmission(
   override def getOperationLog: Option[OperationLog] = Option(_operationLog)
 
   // we can not set to other state if it is canceled
-  private def setStateIfNotCanceled(newState: OperationState): Unit = state.synchronized {
+  private def setStateIfNotCanceled(newState: OperationState): Unit = withLockRequired {
     if (state != CANCELED) {
       setState(newState)
       applicationId(_applicationInfo).foreach { appId =>
@@ -318,7 +318,7 @@ class BatchJobSubmission(
     }
   }
 
-  override def close(): Unit = state.synchronized {
+  override def close(): Unit = withLockRequired {
     if (!isClosedOrCanceled) {
       try {
         getOperationLog.foreach(_.close())
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
index 106a11e4b..e0475394e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
@@ -59,7 +59,7 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
 
   protected def onError(action: String = "operating"): PartialFunction[Throwable, Unit] = {
     case e: Throwable =>
-      state.synchronized {
+      withLockRequired {
         if (isTerminalState(state)) {
           warn(s"Ignore exception in terminal state with $statementId", e)
         } else {
@@ -101,14 +101,14 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
   }
 
   override protected def afterRun(): Unit = {
-    state.synchronized {
+    withLockRequired {
       if (!isTerminalState(state)) {
         setState(OperationState.FINISHED)
       }
     }
   }
 
-  override def cancel(): Unit = state.synchronized {
+  override def cancel(): Unit = withLockRequired {
     if (!isClosedOrCanceled) {
       setState(OperationState.CANCELED)
       MetricsSystem.tracing(_.decCount(MetricRegistry.name(OPERATION_OPEN, opType)))
@@ -123,7 +123,7 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
     }
   }
 
-  override def close(): Unit = state.synchronized {
+  override def close(): Unit = withLockRequired {
     if (!isClosedOrCanceled) {
       setState(OperationState.CLOSED)
       MetricsSystem.tracing(_.decCount(MetricRegistry.name(OPERATION_OPEN, opType)))

From 8d424ef435dc198f16905bcdb7d4b722f6577466 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 21 Apr 2023 17:57:01 +0800
Subject: [PATCH 312/760] [KYUUBI #4746] Do not recreate async request executor
 if has been shutdown

### _Why are the changes needed?_

After #4480, there should be only one asyncRequestExecutor in one KyuubiSyncThriftClient

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4746 from turboFei/engine_alive.

Closes #4746

9d2fa5fe9 [fwang12] fix typo
d90263b65 [fwang12] check
38aefdf39 [fwang12] close protocol first
6eb61780f [fwang12] do not renew executor
64e66a857 [fwang12] close protocol first

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../client/KyuubiSyncThriftClient.scala       | 23 ++++++++-----------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index 587fd5756..c02851715 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -64,7 +64,9 @@ class KyuubiSyncThriftClient private (
   private var engineAliveThreadPool: ScheduledExecutorService = _
   @volatile private var engineLastAlive: Long = _
 
-  private var asyncRequestExecutor: ExecutorService = _
+  private lazy val asyncRequestExecutor: ExecutorService =
+    ThreadUtils.newDaemonSingleThreadScheduledExecutor(
+      "async-request-executor-" + SessionHandle(_remoteSessionHandle))
 
   @VisibleForTesting
   @volatile private[kyuubi] var asyncRequestInterrupted: Boolean = false
@@ -72,11 +74,6 @@ class KyuubiSyncThriftClient private (
   @VisibleForTesting
   private[kyuubi] def getEngineAliveProbeProtocol: Option[TProtocol] = engineAliveProbeProtocol
 
-  private def newAsyncRequestExecutor(): ExecutorService = {
-    ThreadUtils.newDaemonSingleThreadScheduledExecutor(
-      "async-request-executor-" + _remoteSessionHandle)
-  }
-
   private def shutdownAsyncRequestExecutor(): Unit = {
     Option(asyncRequestExecutor).filterNot(_.isShutdown).foreach(ThreadUtils.shutdown(_))
     asyncRequestInterrupted = true
@@ -109,7 +106,6 @@ class KyuubiSyncThriftClient private (
             }
           }
         } else {
-          shutdownAsyncRequestExecutor()
           warn(s"Removing Clients for ${_remoteSessionHandle}")
           Seq(protocol).union(engineAliveProbeProtocol.toSeq).foreach { tProtocol =>
             Utils.tryLogNonFatalError {
@@ -117,10 +113,11 @@ class KyuubiSyncThriftClient private (
                 tProtocol.getTransport.close()
               }
             }
-            clientClosedOnEngineBroken = true
-            Option(engineAliveThreadPool).foreach { pool =>
-              ThreadUtils.shutdown(pool, Duration(engineAliveProbeInterval, TimeUnit.MILLISECONDS))
-            }
+          }
+          clientClosedOnEngineBroken = true
+          shutdownAsyncRequestExecutor()
+          Option(engineAliveThreadPool).foreach { pool =>
+            ThreadUtils.shutdown(pool, Duration(engineAliveProbeInterval, TimeUnit.MILLISECONDS))
           }
         }
       }
@@ -144,8 +141,8 @@ class KyuubiSyncThriftClient private (
   }
 
   private def withLockAcquiredAsyncRequest[T](block: => T): T = withLockAcquired {
-    if (asyncRequestExecutor == null || asyncRequestExecutor.isShutdown) {
-      asyncRequestExecutor = newAsyncRequestExecutor()
+    if (asyncRequestExecutor.isShutdown) {
+      throw KyuubiSQLException.connectionDoesNotExist()
     }
 
     val task = asyncRequestExecutor.submit(() => {

From 2c55a1fdafc4ca1bae2a131bfb84d7d736166585 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Fri, 21 Apr 2023 20:44:10 +0800
Subject: [PATCH 313/760] [KYUUBI #4749]  Fix flaky test issues in
 SchedulerPoolSuite

### _Why are the changes needed?_

To fix issue https://github.com/apache/kyuubi/issues/4713, a PR  https://github.com/apache/kyuubi/pull/4714 was submitted, but it had Flaky test issues. After 50 local tests, it succeeded 38 times and failed 12 times.
This PR addresses the issue of flaky tests.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4749 from huangzhir/fixtest-schedulerpool.

Closes #4749

2d2e14069 [huangzhir] call KyuubiSparkContextHelper.waitListenerBus() to make sure there are no more events in the spark event queue
52a34d287 [fwang12] [KYUUBI #4746] Do not recreate async request executor if has been shutdown
d4558ea82 [huangzhir] Merge branch 'master' into fixtest-schedulerpool
44c4cefff [huangzhir] make sure the SparkListener has received the finished events for job1 and job2.
8a753e924 [huangzhir] make sure job1 started before job2
e66ede214 [huangzhir] fixbug TEST SchedulerPoolSuite  a false positive result

Lead-authored-by: huangzhir <306824224@qq.com>
Co-authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
index 43bd3f4db..a07f7d783 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SchedulerPoolSuite.scala
@@ -21,6 +21,7 @@ import java.util.concurrent.Executors
 
 import scala.concurrent.duration.SECONDS
 
+import org.apache.spark.KyuubiSparkContextHelper
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobEnd, SparkListenerJobStart}
 import org.scalatest.concurrent.PatienceConfiguration.Timeout
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
@@ -101,6 +102,8 @@ class SchedulerPoolSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
       })
       threads.shutdown()
       threads.awaitTermination(20, SECONDS)
+      // make sure the SparkListener has received the finished events for job1 and job2.
+      KyuubiSparkContextHelper.waitListenerBus(spark)
       // job1 should be started before job2
       assert(job1StartTime < job2StartTime)
       // job2 minShare is 2(total resource) so that job1 should be allocated tasks after

From 83c4bed076ee5b95a66c83ff31244315eba25bac Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 23 Apr 2023 09:52:34 +0800
Subject: [PATCH 314/760] [KYUUBI #4747] [INFRA] Install and cache build/mvn in
 CI builds

### _Why are the changes needed?_

- introduce a custom action for installing and caching Maven, to prevent repeatedly downloading Maven binary from remote.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4747 from bowenliang123/cache-maven.

Closes #4747

bbd9e1f4c [liangbowen] fix cache path
dc342180e [liangbowen] add action for caching maven in ci builds

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/actions/setup-maven/action.yaml | 30 +++++++++++++++++++++++++
 .github/workflows/dep.yml               |  2 ++
 .github/workflows/master.yml            | 16 +++++++++++++
 .github/workflows/nightly.yml           |  2 ++
 .github/workflows/style.yml             |  2 ++
 5 files changed, 52 insertions(+)
 create mode 100644 .github/actions/setup-maven/action.yaml

diff --git a/.github/actions/setup-maven/action.yaml b/.github/actions/setup-maven/action.yaml
new file mode 100644
index 000000000..4aabd401f
--- /dev/null
+++ b/.github/actions/setup-maven/action.yaml
@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: setup-maven
+description: 'Install and cache maven'
+runs:
+  using: composite
+  steps:
+    - name: Restore cached Maven
+      uses: actions/cache@v3
+      with:
+        path: build/apache-maven-*
+        key: setup-maven-${{ hashFiles('pom.xml') }}
+    - name: Install Maven
+      shell: bash
+      run: build/mvn -v
diff --git a/.github/workflows/dep.yml b/.github/workflows/dep.yml
index 47e0d7023..f39e5e6a2 100644
--- a/.github/workflows/dep.yml
+++ b/.github/workflows/dep.yml
@@ -44,6 +44,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Check kyuubi modules available
         id: modules-check
         run: >-
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 6bafea0dc..f8febf9ed 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -79,6 +79,8 @@ jobs:
           check-latest: false
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Setup Python
         uses: actions/setup-python@v4
         with:
@@ -131,6 +133,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Kyuubi AuthZ with supported Spark versions
@@ -177,6 +181,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build Flink with maven w/o linters
@@ -223,6 +229,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Hive with maven w/o linters
@@ -260,6 +268,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test JDBC with maven w/o linters
@@ -297,6 +307,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Build and test Trino with maven w/o linters
@@ -329,6 +341,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: Run TPC-DS Tests
@@ -466,6 +480,8 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Cache Engine Archives
         uses: ./.github/actions/cache-engine-archives
       - name: zookeeper integration tests
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 149da6d82..5ff634da6 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -43,6 +43,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Build with Maven
         run: ./build/mvn clean install ${{ matrix.profiles }} -Dmaven.javadoc.skip=true -V
       - name: Upload test logs
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 78cbe655a..b045de397 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -47,6 +47,8 @@ jobs:
           java-version: 8
           cache: 'maven'
           check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
       - name: Setup Python 3
         uses: actions/setup-python@v4
         with:

From 06dd7d3754ee210f7744e46030965a6f5df1953b Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 23 Apr 2023 10:10:13 +0800
Subject: [PATCH 315/760] [KYUUBI #4407][FOLLOWUP] Adapt SLF4J2

### _Why are the changes needed?_

`StaticLoggerBinder.getSingleton.getLoggerFactoryClassStr` is not valid in SLF4J, this is a missing place in the original PR.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4750 from pan3793/4407.

Closes #4407

6b8fe9603 [Cheng Pan] [KYUUBI #4407][FOLLOWUP] Adapt SLF4J2

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/operation/log/LogDivertAppender.scala  | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/LogDivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/LogDivertAppender.scala
index 7d2989303..58bca992c 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/LogDivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/LogDivertAppender.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.operation.log
 
-import org.slf4j.impl.StaticLoggerBinder
+import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.Logging
 
@@ -30,9 +30,8 @@ object LogDivertAppender extends Logging {
         Log4j12DivertAppender.initialize()
       } else {
         warn(s"Unsupported SLF4J binding" +
-          s" ${StaticLoggerBinder.getSingleton.getLoggerFactoryClassStr}")
+          s" ${LoggerFactory.getILoggerFactory.getClass.getName}")
       }
     }
-
   }
 }

From 4ca025b3cff696dd886bcf3225714043efa9b123 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Sun, 23 Apr 2023 16:07:17 +0800
Subject: [PATCH 316/760] [KYUUBI #4702] [ARROW] CommandResultExec should not
 trigger job
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Before this PR:

![截屏2023-04-13 下午2 34 55](https://user-images.githubusercontent.com/8537877/231674710-afc39cae-0141-4f81-a10b-44e07e9753ba.png)

After this PR:

![截屏2023-04-13 下午2 33 19](https://user-images.githubusercontent.com/8537877/231674757-8c59006a-0d76-4382-9d68-182ef7533738.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4702 from cfmcgrady/arrow-command-result-exec.

Closes #4702

8da308f33 [Fu Chen] address comment
aa35be498 [Fu Chen] address comment
625d5848a [Fu Chen] rebase master
263417e03 [Fu Chen] Merge remote-tracking branch 'apache/master' into arrow-command-result-exec
49f23ce9f [Fu Chen] to refine
e39747f10 [Fu Chen] revert unnecessarily changes.
29acf104c [Fu Chen] CommandResultExec should not trigger job

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/sql/kyuubi/SparkDatasetHelper.scala | 38 +++++++++++++++++++
 .../SparkArrowbasedOperationSuite.scala       | 33 ++++++++++++++++
 2 files changed, 71 insertions(+)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 10b178324..6bd96676f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -24,7 +24,9 @@ import org.apache.spark.internal.Logging
 import org.apache.spark.network.util.{ByteUnit, JavaUtils}
 import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.{DataFrame, Dataset, Row, SparkSession}
+import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, SparkPlan, SQLExecution}
+import org.apache.spark.sql.execution.{CollectLimitExec, SparkPlan, SQLExecution}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
 import org.apache.spark.sql.execution.arrow.{ArrowConverters, KyuubiArrowConverters}
 import org.apache.spark.sql.functions._
@@ -51,6 +53,9 @@ object SparkDatasetHelper extends Logging {
       doCollectLimit(collectLimit)
     case collectLimit: CollectLimitExec if collectLimit.limit < 0 =>
       executeArrowBatchCollect(collectLimit.child)
+    // TODO: replace with pattern match once we drop Spark 3.1 support.
+    case command: SparkPlan if isCommandResultExec(command) =>
+      doCommandResultExec(command)
     case localTableScan: LocalTableScanExec =>
       doLocalTableScan(localTableScan)
     case plan: SparkPlan =>
@@ -177,6 +182,17 @@ object SparkDatasetHelper extends Logging {
     result.toArray
   }
 
+  def doCommandResultExec(command: SparkPlan): Array[Array[Byte]] = {
+    KyuubiArrowConverters.toBatchIterator(
+      // TODO: replace with `command.rows.iterator` once we drop Spark 3.1 support.
+      commandResultExecRowsMethod.invoke[Seq[InternalRow]](command).iterator,
+      command.schema,
+      SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch,
+      maxBatchSize,
+      -1,
+      SparkSession.active.sessionState.conf.sessionLocalTimeZone).toArray
+  }
+
   def doLocalTableScan(localTableScan: LocalTableScanExec): Array[Array[Byte]] = {
     localTableScan.longMetric("numOutputRows").add(localTableScan.rows.size)
     KyuubiArrowConverters.toBatchIterator(
@@ -232,6 +248,28 @@ object SparkDatasetHelper extends Logging {
       .getOrElse(0)
   }
 
+  private def isCommandResultExec(sparkPlan: SparkPlan): Boolean = {
+    // scalastyle:off line.size.limit
+    // the CommandResultExec was introduced in SPARK-35378 (Spark 3.2), after SPARK-35378 the
+    // physical plan of runnable command is CommandResultExec.
+    // for instance:
+    // ```
+    // scala> spark.sql("show tables").queryExecution.executedPlan
+    // res0: org.apache.spark.sql.execution.SparkPlan =
+    // CommandResult <empty>, [namespace#0, tableName#1, isTemporary#2]
+    //   +- ShowTables [namespace#0, tableName#1, isTemporary#2], V2SessionCatalog(spark_catalog), [default]
+    //
+    // scala > spark.sql("show tables").queryExecution.executedPlan.getClass
+    // res1: Class[_ <: org.apache.spark.sql.execution.SparkPlan] = class org.apache.spark.sql.execution.CommandResultExec
+    // ```
+    // scalastyle:on line.size.limit
+    sparkPlan.getClass.getName == "org.apache.spark.sql.execution.CommandResultExec"
+  }
+
+  private lazy val commandResultExecRowsMethod = DynMethods.builder("rows")
+    .impl("org.apache.spark.sql.execution.CommandResultExec")
+    .build()
+
   /**
    * refer to org.apache.spark.sql.Dataset#withAction(), assign a new execution id for arrow-based
    * operation, so that we can track the arrow-based queries on the UI tab.
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 27310992f..057d8c6ff 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -278,6 +278,39 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     assert(numStages == 1)
   }
 
+  test("CommandResultExec should not trigger job") {
+    val listener = new JobCountListener
+    val l2 = new SQLMetricsListener
+    val nodeName = spark.sql("SHOW TABLES").queryExecution.executedPlan.getClass.getName
+    if (SPARK_ENGINE_RUNTIME_VERSION < "3.2") {
+      assert(nodeName == "org.apache.spark.sql.execution.command.ExecutedCommandExec")
+    } else {
+      assert(nodeName == "org.apache.spark.sql.execution.CommandResultExec")
+    }
+    withJdbcStatement("table_1") { statement =>
+      statement.executeQuery(s"CREATE TABLE table_1 (id bigint) USING parquet")
+      withSparkListener(listener) {
+        withSparkListener(l2) {
+          val resultSet = statement.executeQuery("SHOW TABLES")
+          assert(resultSet.next())
+          assert(resultSet.getString("tableName") == "table_1")
+          KyuubiSparkContextHelper.waitListenerBus(spark)
+        }
+      }
+    }
+
+    if (SPARK_ENGINE_RUNTIME_VERSION < "3.2") {
+      // Note that before Spark 3.2, a LocalTableScan SparkPlan will be submitted, and the issue of
+      // preventing LocalTableScan from triggering a job submission was addressed in [KYUUBI #4710].
+      assert(l2.queryExecution.executedPlan.getClass.getName ==
+        "org.apache.spark.sql.execution.LocalTableScanExec")
+    } else {
+      assert(l2.queryExecution.executedPlan.getClass.getName ==
+        "org.apache.spark.sql.execution.CommandResultExec")
+    }
+    assert(listener.numJobs == 0)
+  }
+
   test("LocalTableScanExec should not trigger job") {
     val listener = new JobCountListener
     withJdbcStatement("view_1") { statement =>

From d0a7ca4ba80c2995aac2143a940ece14be12527f Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Sun, 23 Apr 2023 17:39:59 +0800
Subject: [PATCH 317/760] [KYUUBI #4754] [ARROW] Use
 `KyuubiArrowConveters#toBatchIterator` instead of
 `ArrowConveters#toBatchIterator`

### _Why are the changes needed?_

to adapt Spark 3.4

the signature of function `ArrowConveters#toBatchIterator` is changed in https://github.com/apache/spark/pull/38618 (since Spark 3.4)

Before Spark 3.4:

```
private[sql] def toBatchIterator(
    rowIter: Iterator[InternalRow],
    schema: StructType,
    maxRecordsPerBatch: Int,
    timeZoneId: String,
    context: TaskContext): Iterator[Array[Byte]]
```

Spark 3.4

```
private[sql] def toBatchIterator(
    rowIter: Iterator[InternalRow],
    schema: StructType,
    maxRecordsPerBatch: Long,
    timeZoneId: String,
    context: TaskContext): ArrowBatchIterator
```

the return type is changed from `Iterator[Array[Byte]]` to `ArrowBatchIterator`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4754 from cfmcgrady/arrow-spark34.

Closes #4754

a3c58d0ad [Fu Chen] fix ci
32704c577 [Fu Chen] Revert "fix ci"
e32311a03 [Fu Chen] fix ci
a76af6209 [Cheng Pan] Update externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
453b6a6b8 [Cheng Pan] Update externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
74a9f7a9d [Cheng Pan] Update externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
4ce5844af [Fu Chen] adapt Spark 3.4

Lead-authored-by: Fu Chen <cfmcgrady@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/sql/kyuubi/SparkDatasetHelper.scala    | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 6bd96676f..285a28a60 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -19,7 +19,6 @@ package org.apache.spark.sql.kyuubi
 
 import scala.collection.mutable.ArrayBuffer
 
-import org.apache.spark.TaskContext
 import org.apache.spark.internal.Logging
 import org.apache.spark.network.util.{ByteUnit, JavaUtils}
 import org.apache.spark.rdd.RDD
@@ -28,7 +27,7 @@ import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, SparkPlan, SQLExecution}
 import org.apache.spark.sql.execution.{CollectLimitExec, SparkPlan, SQLExecution}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
-import org.apache.spark.sql.execution.arrow.{ArrowConverters, KyuubiArrowConverters}
+import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
 import org.apache.spark.sql.functions._
 import org.apache.spark.sql.types._
 
@@ -73,17 +72,20 @@ object SparkDatasetHelper extends Logging {
   def toArrowBatchRdd(plan: SparkPlan): RDD[Array[Byte]] = {
     val schemaCaptured = plan.schema
     // TODO: SparkPlan.session introduced in SPARK-35798, replace with SparkPlan.session once we
-    // drop Spark-3.1.x support.
+    // drop Spark 3.1 support.
     val maxRecordsPerBatch = SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch
     val timeZoneId = SparkSession.active.sessionState.conf.sessionLocalTimeZone
+    // note that, we can't pass the lazy variable `maxBatchSize` directly, this is because input
+    // arguments are serialized and sent to the executor side for execution.
+    val maxBatchSizePerBatch = maxBatchSize
     plan.execute().mapPartitionsInternal { iter =>
-      val context = TaskContext.get()
-      ArrowConverters.toBatchIterator(
+      KyuubiArrowConverters.toBatchIterator(
         iter,
         schemaCaptured,
         maxRecordsPerBatch,
-        timeZoneId,
-        context)
+        maxBatchSizePerBatch,
+        -1,
+        timeZoneId)
     }
   }
 

From 19d5a9a371bf17a0b9d5145e5fb2793baa034456 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Sun, 23 Apr 2023 17:51:44 +0800
Subject: [PATCH 318/760] [KYUUBI #4641] Add MaxFileSizeStrategy to limit max
 scan file size

### _Why are the changes needed?_

Add MaxFileSizeStrategy to limit max scan file size.
close #4641

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4642 from wForget/KYUUBI-4641.

Closes #4641

14a680f8e [wforget] comment
d2a393d97 [wforget] comment
b1ef4c52c [wforget] fix
d9e94bd8e [wforget] fix style
8a9121131 [wforget] use optional value
094eb61e3 [wforget] combine
89e2cb4d0 [wforget] [KYUUBI-4641] Add MaxFileSizeStrategy to limit max scan file size

Authored-by: wforget <643348094@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/extensions/engines/spark/rules.md        |   3 +-
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |   4 +-
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |   4 +-
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |   4 +-
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  13 +-
 .../watchdog/KyuubiWatchDogException.scala    |   5 +
 .../sql/watchdog/MaxPartitionStrategy.scala   | 185 -----------
 .../kyuubi/sql/watchdog/MaxScanStrategy.scala | 303 ++++++++++++++++++
 .../apache/spark/sql/WatchDogSuiteBase.scala  | 123 ++++++-
 9 files changed, 450 insertions(+), 194 deletions(-)
 delete mode 100644 extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxPartitionStrategy.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala

diff --git a/docs/extensions/engines/spark/rules.md b/docs/extensions/engines/spark/rules.md
index 8fa636c31..50bf087a8 100644
--- a/docs/extensions/engines/spark/rules.md
+++ b/docs/extensions/engines/spark/rules.md
@@ -73,7 +73,8 @@ Kyuubi provides some configs to make these feature easy to use.
 | spark.sql.analyzer.classification.enabled                           | false                                  | When true, allows Kyuubi engine to judge this SQL's classification and set `spark.sql.analyzer.classification` back into sessionConf. Through this configuration item, Spark can optimizing configuration dynamic.                                                                                                                                   | 1.4.0 |
 | spark.sql.optimizer.insertZorderBeforeWriting.enabled               | true                                   | When true, we will follow target table properties to insert zorder or not. The key properties are: 1) `kyuubi.zorder.enabled`: if this property is true, we will insert zorder before writing data. 2) `kyuubi.zorder.cols`: string split by comma, we will zorder by these cols.                                                                    | 1.4.0 |
 | spark.sql.optimizer.zorderGlobalSort.enabled                        | true                                   | When true, we do a global sort using zorder. Note that, it can cause data skew issue if the zorder columns have less cardinality. When false, we only do local sort using zorder.                                                                                                                                                                    | 1.4.0 |
-| spark.sql.watchdog.maxPartitions                                    | none                                   | Set the max partition number when spark scans a data source. Enable MaxPartitionStrategy by specifying this configuration. Add maxPartitions Strategy to avoid scan excessive partitions on partitioned table, it's optional that works with defined                                                                                                 | 1.4.0 |
+| spark.sql.watchdog.maxPartitions                                    | none                                   | Set the max partition number when spark scans a data source. Enable maxPartition Strategy by specifying this configuration. Add maxPartitions Strategy to avoid scan excessive partitions on partitioned table, it's optional that works with defined                                                                                                | 1.4.0 |
+| spark.sql.watchdog.maxFileSize                                      | none                                   | Set the maximum size in bytes of files when spark scans a data source. Enable maxFileSize Strategy by specifying this configuration. Add maxFileSize Strategy to avoid scan excessive size of files, it's optional that works with defined                                                                                                           | 1.8.0 |
 | spark.sql.optimizer.dropIgnoreNonExistent                           | false                                  | When true, do not report an error if DROP DATABASE/TABLE/VIEW/FUNCTION/PARTITION specifies a non-existent database/table/view/function/partition                                                                                                                                                                                                     | 1.5.0 |
 | spark.sql.optimizer.rebalanceBeforeZorder.enabled                   | false                                  | When true, we do a rebalance before zorder in case data skew. Note that, if the insertion is dynamic partition we will use the partition columns to rebalance. Note that, this config only affects with Spark 3.3.x.                                                                                                                                 | 1.6.0 |
 | spark.sql.optimizer.rebalanceZorderColumns.enabled                  | false                                  | When true and `spark.sql.optimizer.rebalanceBeforeZorder.enabled` is true, we do rebalance before Z-Order. If it's dynamic partition insert, the rebalance expression will include both partition columns and Z-Order columns. Note that, this config only affects with Spark 3.3.x.                                                                 | 1.6.0 |
diff --git a/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index cd312de95..f952b56f3 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.sql
 import org.apache.spark.sql.SparkSessionExtensions
 
 import org.apache.kyuubi.sql.sqlclassification.KyuubiSqlClassification
-import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxPartitionStrategy}
+import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxScanStrategy}
 
 // scalastyle:off line.size.limit
 /**
@@ -40,6 +40,6 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
 
     // watchdog extension
     extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
-    extensions.injectPlannerStrategy(MaxPartitionStrategy)
+    extensions.injectPlannerStrategy(MaxScanStrategy)
   }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index ef9da41be..97e777042 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.sql
 
 import org.apache.spark.sql.SparkSessionExtensions
 
-import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxPartitionStrategy}
+import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxScanStrategy}
 
 // scalastyle:off line.size.limit
 /**
@@ -38,6 +38,6 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
 
     // watchdog extension
     extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
-    extensions.injectPlannerStrategy(MaxPartitionStrategy)
+    extensions.injectPlannerStrategy(MaxScanStrategy)
   }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index 0db9b3ab8..5d3464228 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.sql
 
 import org.apache.spark.sql.{FinalStageResourceManager, InjectCustomResourceProfile, SparkSessionExtensions}
 
-import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxPartitionStrategy}
+import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxScanStrategy}
 
 // scalastyle:off line.size.limit
 /**
@@ -38,7 +38,7 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
 
     // watchdog extension
     extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
-    extensions.injectPlannerStrategy(MaxPartitionStrategy)
+    extensions.injectPlannerStrategy(MaxScanStrategy)
 
     extensions.injectQueryStagePrepRule(FinalStageResourceManager)
     extensions.injectQueryStagePrepRule(InjectCustomResourceProfile)
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index aeee45869..cb2f1130e 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.sql
 
+import org.apache.spark.network.util.ByteUnit
 import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.internal.SQLConf._
 
@@ -138,13 +139,23 @@ object KyuubiSQLConf {
   val WATCHDOG_MAX_PARTITIONS =
     buildConf("spark.sql.watchdog.maxPartitions")
       .doc("Set the max partition number when spark scans a data source. " +
-        "Enable MaxPartitionStrategy by specifying this configuration. " +
+        "Enable maxPartitions Strategy by specifying this configuration. " +
         "Add maxPartitions Strategy to avoid scan excessive partitions " +
         "on partitioned table, it's optional that works with defined")
       .version("1.4.0")
       .intConf
       .createOptional
 
+  val WATCHDOG_MAX_FILE_SIZE =
+    buildConf("spark.sql.watchdog.maxFileSize")
+      .doc("Set the maximum size in bytes of files when spark scans a data source. " +
+        "Enable maxFileSize Strategy by specifying this configuration. " +
+        "Add maxFileSize Strategy to avoid scan excessive size of files," +
+        " it's optional that works with defined")
+      .version("1.8.0")
+      .bytesConf(ByteUnit.BYTE)
+      .createOptional
+
   val WATCHDOG_FORCED_MAXOUTPUTROWS =
     buildConf("spark.sql.watchdog.forcedMaxOutputRows")
       .doc("Add ForcedMaxOutputRows rule to avoid huge output rows of non-limit query " +
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
index b3c58afdf..e44309192 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
@@ -23,3 +23,8 @@ final class MaxPartitionExceedException(
     private val reason: String = "",
     private val cause: Throwable = None.orNull)
   extends KyuubiSQLExtensionException(reason, cause)
+
+final class MaxFileSizeExceedException(
+    private val reason: String = "",
+    private val cause: Throwable = None.orNull)
+  extends KyuubiSQLExtensionException(reason, cause)
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxPartitionStrategy.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxPartitionStrategy.scala
deleted file mode 100644
index 61ab07adf..000000000
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxPartitionStrategy.scala
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.sql.watchdog
-
-import org.apache.hadoop.fs.Path
-import org.apache.spark.sql.{PruneFileSourcePartitionHelper, SparkSession, Strategy}
-import org.apache.spark.sql.catalyst.SQLConfHelper
-import org.apache.spark.sql.catalyst.catalog.{CatalogTable, HiveTableRelation}
-import org.apache.spark.sql.catalyst.planning.ScanOperation
-import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
-import org.apache.spark.sql.execution.SparkPlan
-import org.apache.spark.sql.execution.datasources.{CatalogFileIndex, HadoopFsRelation, InMemoryFileIndex, LogicalRelation}
-import org.apache.spark.sql.types.StructType
-
-import org.apache.kyuubi.sql.KyuubiSQLConf
-
-/**
- * Add maxPartitions Strategy to avoid scan excessive partitions on partitioned table
- * 1 Check if scan exceed maxPartition
- * 2 Check if Using partitionFilter on partitioned table
- * This Strategy Add Planner Strategy after LogicalOptimizer
- */
-case class MaxPartitionStrategy(session: SparkSession)
-  extends Strategy
-  with SQLConfHelper
-  with PruneFileSourcePartitionHelper {
-  override def apply(plan: LogicalPlan): Seq[SparkPlan] = {
-    val maxScanPartitionsOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS)
-
-    if (maxScanPartitionsOpt.isDefined) {
-      checkRelationMaxPartitions(plan, maxScanPartitionsOpt.get)
-    }
-    Nil
-  }
-
-  private def checkRelationMaxPartitions(
-      plan: LogicalPlan,
-      maxScanPartitions: Int): Unit = {
-    plan match {
-      case ScanOperation(_, _, relation: HiveTableRelation) if relation.isPartitioned =>
-        relation.prunedPartitions match {
-          case Some(prunedPartitions) =>
-            if (prunedPartitions.size > maxScanPartitions) {
-              throw new MaxPartitionExceedException(
-                s"""
-                   |SQL job scan hive partition: ${prunedPartitions.size}
-                   |exceed restrict of hive scan maxPartition $maxScanPartitions
-                   |You should optimize your SQL logical according partition structure
-                   |or shorten query scope such as p_date, detail as below:
-                   |Table: ${relation.tableMeta.qualifiedName}
-                   |Owner: ${relation.tableMeta.owner}
-                   |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
-                   |""".stripMargin)
-            }
-          case _ =>
-            val totalPartitions = session
-              .sessionState.catalog.externalCatalog.listPartitionNames(
-                relation.tableMeta.database,
-                relation.tableMeta.identifier.table)
-            if (totalPartitions.size > maxScanPartitions) {
-              throw new MaxPartitionExceedException(
-                s"""
-                   |Your SQL job scan a whole huge table without any partition filter,
-                   |You should optimize your SQL logical according partition structure
-                   |or shorten query scope such as p_date, detail as below:
-                   |Table: ${relation.tableMeta.qualifiedName}
-                   |Owner: ${relation.tableMeta.owner}
-                   |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
-                   |""".stripMargin)
-            }
-        }
-      case ScanOperation(
-            _,
-            filters,
-            relation @ LogicalRelation(
-              fsRelation @ HadoopFsRelation(
-                fileIndex: InMemoryFileIndex,
-                partitionSchema,
-                _,
-                _,
-                _,
-                _),
-              _,
-              _,
-              _)) if fsRelation.partitionSchema.nonEmpty =>
-        val (partitionKeyFilters, dataFilter) =
-          getPartitionKeyFiltersAndDataFilters(
-            fsRelation.sparkSession,
-            relation,
-            partitionSchema,
-            filters,
-            relation.output)
-        val prunedPartitionSize = fileIndex.listFiles(
-          partitionKeyFilters.toSeq,
-          dataFilter)
-          .size
-        if (prunedPartitionSize > maxScanPartitions) {
-          throw maxPartitionExceedError(
-            prunedPartitionSize,
-            maxScanPartitions,
-            relation.catalogTable,
-            fileIndex.rootPaths,
-            fsRelation.partitionSchema)
-        }
-      case ScanOperation(
-            _,
-            filters,
-            logicalRelation @ LogicalRelation(
-              fsRelation @ HadoopFsRelation(
-                catalogFileIndex: CatalogFileIndex,
-                partitionSchema,
-                _,
-                _,
-                _,
-                _),
-              _,
-              _,
-              _)) if fsRelation.partitionSchema.nonEmpty =>
-        val (partitionKeyFilters, _) =
-          getPartitionKeyFiltersAndDataFilters(
-            fsRelation.sparkSession,
-            logicalRelation,
-            partitionSchema,
-            filters,
-            logicalRelation.output)
-
-        val prunedPartitionSize =
-          catalogFileIndex.filterPartitions(
-            partitionKeyFilters.toSeq)
-            .partitionSpec()
-            .partitions
-            .size
-        if (prunedPartitionSize > maxScanPartitions) {
-          throw maxPartitionExceedError(
-            prunedPartitionSize,
-            maxScanPartitions,
-            logicalRelation.catalogTable,
-            catalogFileIndex.rootPaths,
-            fsRelation.partitionSchema)
-        }
-      case _ =>
-    }
-  }
-
-  def maxPartitionExceedError(
-      prunedPartitionSize: Int,
-      maxPartitionSize: Int,
-      tableMeta: Option[CatalogTable],
-      rootPaths: Seq[Path],
-      partitionSchema: StructType): Throwable = {
-    val truncatedPaths =
-      if (rootPaths.length > 5) {
-        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
-      } else {
-        rootPaths.mkString(",")
-      }
-
-    new MaxPartitionExceedException(
-      s"""
-         |SQL job scan data source partition: $prunedPartitionSize
-         |exceed restrict of data source scan maxPartition $maxPartitionSize
-         |You should optimize your SQL logical according partition structure
-         |or shorten query scope such as p_date, detail as below:
-         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
-         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
-         |RootPaths: $truncatedPaths
-         |Partition Structure: ${partitionSchema.map(_.name).mkString(", ")}
-         |""".stripMargin)
-  }
-}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
new file mode 100644
index 000000000..0ee693fcb
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
@@ -0,0 +1,303 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.hadoop.fs.Path
+import org.apache.spark.sql.{PruneFileSourcePartitionHelper, SparkSession, Strategy}
+import org.apache.spark.sql.catalyst.SQLConfHelper
+import org.apache.spark.sql.catalyst.catalog.{CatalogTable, HiveTableRelation}
+import org.apache.spark.sql.catalyst.planning.ScanOperation
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.datasources.{CatalogFileIndex, HadoopFsRelation, InMemoryFileIndex, LogicalRelation}
+import org.apache.spark.sql.types.StructType
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/**
+ * Add MaxScanStrategy to avoid scan excessive partitions or files
+ * 1. Check if scan exceed maxPartition of partitioned table
+ * 2. Check if scan exceed maxFileSize (calculated by hive table and partition statistics)
+ * This Strategy Add Planner Strategy after LogicalOptimizer
+ * @param session
+ */
+case class MaxScanStrategy(session: SparkSession)
+  extends Strategy
+  with SQLConfHelper
+  with PruneFileSourcePartitionHelper {
+  override def apply(plan: LogicalPlan): Seq[SparkPlan] = {
+    val maxScanPartitionsOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS)
+    val maxFileSizeOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE)
+    if (maxScanPartitionsOpt.isDefined || maxFileSizeOpt.isDefined) {
+      checkScan(plan, maxScanPartitionsOpt, maxFileSizeOpt)
+    }
+    Nil
+  }
+
+  private def checkScan(
+      plan: LogicalPlan,
+      maxScanPartitionsOpt: Option[Int],
+      maxFileSizeOpt: Option[Long]): Unit = {
+    plan match {
+      case ScanOperation(_, _, relation: HiveTableRelation) =>
+        if (relation.isPartitioned) {
+          relation.prunedPartitions match {
+            case Some(prunedPartitions) =>
+              if (maxScanPartitionsOpt.exists(_ < prunedPartitions.size)) {
+                throw new MaxPartitionExceedException(
+                  s"""
+                     |SQL job scan hive partition: ${prunedPartitions.size}
+                     |exceed restrict of hive scan maxPartition ${maxScanPartitionsOpt.get}
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+              lazy val scanFileSize = prunedPartitions.flatMap(_.stats).map(_.sizeInBytes).sum
+              if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+                throw partTableMaxFileExceedError(
+                  scanFileSize,
+                  maxFileSizeOpt.get,
+                  Some(relation.tableMeta),
+                  prunedPartitions.flatMap(_.storage.locationUri).map(_.toString),
+                  relation.partitionCols.map(_.name))
+              }
+            case _ =>
+              lazy val scanPartitions: Int = session
+                .sessionState.catalog.externalCatalog.listPartitionNames(
+                  relation.tableMeta.database,
+                  relation.tableMeta.identifier.table).size
+              if (maxScanPartitionsOpt.exists(_ < scanPartitions)) {
+                throw new MaxPartitionExceedException(
+                  s"""
+                     |Your SQL job scan a whole huge table without any partition filter,
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+
+              lazy val scanFileSize: BigInt =
+                relation.tableMeta.stats.map(_.sizeInBytes).getOrElse {
+                  session
+                    .sessionState.catalog.externalCatalog.listPartitions(
+                      relation.tableMeta.database,
+                      relation.tableMeta.identifier.table).flatMap(_.stats).map(_.sizeInBytes).sum
+                }
+              if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+                throw new MaxFileSizeExceedException(
+                  s"""
+                     |Your SQL job scan a whole huge table without any partition filter,
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+          }
+        } else {
+          lazy val scanFileSize = relation.tableMeta.stats.map(_.sizeInBytes).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              Some(relation.tableMeta))
+          }
+        }
+      case ScanOperation(
+            _,
+            filters,
+            relation @ LogicalRelation(
+              fsRelation @ HadoopFsRelation(
+                fileIndex: InMemoryFileIndex,
+                partitionSchema,
+                _,
+                _,
+                _,
+                _),
+              _,
+              _,
+              _)) =>
+        if (fsRelation.partitionSchema.nonEmpty) {
+          val (partitionKeyFilters, dataFilter) =
+            getPartitionKeyFiltersAndDataFilters(
+              fsRelation.sparkSession,
+              relation,
+              partitionSchema,
+              filters,
+              relation.output)
+          val prunedPartitions = fileIndex.listFiles(
+            partitionKeyFilters.toSeq,
+            dataFilter)
+          if (maxScanPartitionsOpt.exists(_ < prunedPartitions.size)) {
+            throw maxPartitionExceedError(
+              prunedPartitions.size,
+              maxScanPartitionsOpt.get,
+              relation.catalogTable,
+              fileIndex.rootPaths,
+              fsRelation.partitionSchema)
+          }
+          lazy val scanFileSize = prunedPartitions.flatMap(_.files).map(_.getLen).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw partTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              relation.catalogTable,
+              fileIndex.rootPaths.map(_.toString),
+              fsRelation.partitionSchema.map(_.name))
+          }
+        } else {
+          lazy val scanFileSize = fileIndex.sizeInBytes
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              relation.catalogTable)
+          }
+        }
+      case ScanOperation(
+            _,
+            filters,
+            logicalRelation @ LogicalRelation(
+              fsRelation @ HadoopFsRelation(
+                catalogFileIndex: CatalogFileIndex,
+                partitionSchema,
+                _,
+                _,
+                _,
+                _),
+              _,
+              _,
+              _)) =>
+        if (fsRelation.partitionSchema.nonEmpty) {
+          val (partitionKeyFilters, _) =
+            getPartitionKeyFiltersAndDataFilters(
+              fsRelation.sparkSession,
+              logicalRelation,
+              partitionSchema,
+              filters,
+              logicalRelation.output)
+
+          val fileIndex = catalogFileIndex.filterPartitions(
+            partitionKeyFilters.toSeq)
+
+          lazy val prunedPartitionSize = fileIndex.partitionSpec().partitions.size
+          if (maxScanPartitionsOpt.exists(_ < prunedPartitionSize)) {
+            throw maxPartitionExceedError(
+              prunedPartitionSize,
+              maxScanPartitionsOpt.get,
+              logicalRelation.catalogTable,
+              catalogFileIndex.rootPaths,
+              fsRelation.partitionSchema)
+          }
+
+          lazy val scanFileSize = fileIndex
+            .listFiles(Nil, Nil).flatMap(_.files).map(_.getLen).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw partTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              logicalRelation.catalogTable,
+              catalogFileIndex.rootPaths.map(_.toString),
+              fsRelation.partitionSchema.map(_.name))
+          }
+        } else {
+          lazy val scanFileSize = catalogFileIndex.sizeInBytes
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              logicalRelation.catalogTable)
+          }
+        }
+      case _ =>
+    }
+  }
+
+  def maxPartitionExceedError(
+      prunedPartitionSize: Int,
+      maxPartitionSize: Int,
+      tableMeta: Option[CatalogTable],
+      rootPaths: Seq[Path],
+      partitionSchema: StructType): Throwable = {
+    val truncatedPaths =
+      if (rootPaths.length > 5) {
+        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
+      } else {
+        rootPaths.mkString(",")
+      }
+
+    new MaxPartitionExceedException(
+      s"""
+         |SQL job scan data source partition: $prunedPartitionSize
+         |exceed restrict of data source scan maxPartition $maxPartitionSize
+         |You should optimize your SQL logical according partition structure
+         |or shorten query scope such as p_date, detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |RootPaths: $truncatedPaths
+         |Partition Structure: ${partitionSchema.map(_.name).mkString(", ")}
+         |""".stripMargin)
+  }
+
+  private def partTableMaxFileExceedError(
+      scanFileSize: Number,
+      maxFileSize: Long,
+      tableMeta: Option[CatalogTable],
+      rootPaths: Seq[String],
+      partitions: Seq[String]): Throwable = {
+    val truncatedPaths =
+      if (rootPaths.length > 5) {
+        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
+      } else {
+        rootPaths.mkString(",")
+      }
+
+    new MaxFileSizeExceedException(
+      s"""
+         |SQL job scan file size in bytes: $scanFileSize
+         |exceed restrict of table scan maxFileSize $maxFileSize
+         |You should optimize your SQL logical according partition structure
+         |or shorten query scope such as p_date, detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |RootPaths: $truncatedPaths
+         |Partition Structure: ${partitions.mkString(", ")}
+         |""".stripMargin)
+  }
+
+  private def nonPartTableMaxFileExceedError(
+      scanFileSize: Number,
+      maxFileSize: Long,
+      tableMeta: Option[CatalogTable]): Throwable = {
+    new MaxFileSizeExceedException(
+      s"""
+         |SQL job scan file size in bytes: $scanFileSize
+         |exceed restrict of table scan maxFileSize $maxFileSize
+         |detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |Location: ${tableMeta.map(_.location).getOrElse("")}
+         |""".stripMargin)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
index e6ecd28c9..6254829f2 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
@@ -17,10 +17,15 @@
 
 package org.apache.spark.sql
 
+import java.io.File
+
+import scala.collection.JavaConverters._
+
+import org.apache.commons.io.FileUtils
 import org.apache.spark.sql.catalyst.plans.logical.{GlobalLimit, LogicalPlan}
 
 import org.apache.kyuubi.sql.KyuubiSQLConf
-import org.apache.kyuubi.sql.watchdog.MaxPartitionExceedException
+import org.apache.kyuubi.sql.watchdog.{MaxFileSizeExceedException, MaxPartitionExceedException}
 
 trait WatchDogSuiteBase extends KyuubiSparkSQLExtensionTest {
   override protected def beforeAll(): Unit = {
@@ -477,4 +482,120 @@ trait WatchDogSuiteBase extends KyuubiSparkSQLExtensionTest {
       }
     }
   }
+
+  private def checkMaxFileSize(tableSize: Long, nonPartTableSize: Long): Unit = {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> tableSize.toString) {
+      checkAnswer(sql("SELECT count(distinct(p)) FROM test"), Row(10) :: Nil)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> (tableSize / 2).toString) {
+      sql("SELECT * FROM test where p=1").queryExecution.sparkPlan
+
+      sql(s"SELECT * FROM test WHERE p in (${Range(0, 3).toList.mkString(",")})")
+        .queryExecution.sparkPlan
+
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test where p != 1").queryExecution.sparkPlan)
+
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test").queryExecution.sparkPlan)
+
+      intercept[MaxFileSizeExceedException](sql(
+        s"SELECT * FROM test WHERE p in (${Range(0, 6).toList.mkString(",")})")
+        .queryExecution.sparkPlan)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> nonPartTableSize.toString) {
+      checkAnswer(sql("SELECT count(*) FROM test_non_part"), Row(10000) :: Nil)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> (nonPartTableSize - 1).toString) {
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test_non_part").queryExecution.sparkPlan)
+    }
+  }
+
+  test("watchdog with scan maxFileSize -- hive") {
+    Seq(false).foreach { convertMetastoreParquet =>
+      withTable("test", "test_non_part", "temp") {
+        spark.range(10000).selectExpr("id as col")
+          .createOrReplaceTempView("temp")
+
+        // partitioned table
+        sql(
+          s"""
+             |CREATE TABLE test(i int)
+             |PARTITIONED BY (p int)
+             |STORED AS parquet""".stripMargin)
+        for (part <- Range(0, 10)) {
+          sql(
+            s"""
+               |INSERT OVERWRITE TABLE test PARTITION (p='$part')
+               |select col from temp""".stripMargin)
+        }
+
+        val tablePath = new File(spark.sessionState.catalog.externalCatalog
+          .getTable("default", "test").location)
+        val tableSize = FileUtils.listFiles(tablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // non-partitioned table
+        sql(
+          s"""
+             |CREATE TABLE test_non_part(i int)
+             |STORED AS parquet""".stripMargin)
+        sql(
+          s"""
+             |INSERT OVERWRITE TABLE test_non_part
+             |select col from temp""".stripMargin)
+        sql("ANALYZE TABLE test_non_part COMPUTE STATISTICS")
+
+        val nonPartTablePath = new File(spark.sessionState.catalog.externalCatalog
+          .getTable("default", "test_non_part").location)
+        val nonPartTableSize = FileUtils.listFiles(nonPartTablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(nonPartTableSize > 0)
+
+        // check
+        withSQLConf("spark.sql.hive.convertMetastoreParquet" -> convertMetastoreParquet.toString) {
+          checkMaxFileSize(tableSize, nonPartTableSize)
+        }
+      }
+    }
+  }
+
+  test("watchdog with scan maxFileSize -- data source") {
+    withTempDir { dir =>
+      withTempView("test", "test_non_part") {
+        // partitioned table
+        val tablePath = new File(dir, "test")
+        spark.range(10).selectExpr("id", "id as p")
+          .write
+          .partitionBy("p")
+          .mode("overwrite")
+          .parquet(tablePath.getCanonicalPath)
+        spark.read.load(tablePath.getCanonicalPath).createOrReplaceTempView("test")
+
+        val tableSize = FileUtils.listFiles(tablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // non-partitioned table
+        val nonPartTablePath = new File(dir, "test_non_part")
+        spark.range(10000).selectExpr("id", "id as p")
+          .write
+          .mode("overwrite")
+          .parquet(nonPartTablePath.getCanonicalPath)
+        spark.read.load(nonPartTablePath.getCanonicalPath).createOrReplaceTempView("test_non_part")
+
+        val nonPartTableSize = FileUtils.listFiles(nonPartTablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // check
+        checkMaxFileSize(tableSize, nonPartTableSize)
+      }
+    }
+  }
 }

From ab1f67cb3193e607d4d90fd19e2d747cfa3be6cc Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 23 Apr 2023 20:17:20 +0800
Subject: [PATCH 319/760] [KYUUBI #4741] Kyuubi Spark Engine/TPC connectors
 support Spark 3.4

### _Why are the changes needed?_

- Add CI for Spark 3.4
- Kyuubi Spark TPC-DS/H connectors support Spark 3.4

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4741 from pan3793/spark-3.4.

Closes #4741

84a2d6ad7 [Cheng Pan] log
b9b2ec1fb [Cheng Pan] Add spark-3.4 profile

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  |  12 ++
 .../spark/kyuubi-extension-spark-3-1/pom.xml  |  13 +-
 .../spark/kyuubi-extension-spark-3-2/pom.xml  |  13 +-
 .../kyuubi-extension-spark-common/pom.xml     |  13 +-
 extensions/spark/kyuubi-spark-authz/README.md |   1 +
 .../kyuubi-spark-connector-common/pom.xml     |  13 +-
 .../connector/tpcds/TPCDSCatalogSuite.scala   |   3 +-
 .../connector/tpch/TPCHCatalogSuite.scala     |   3 +-
 .../spark/kyuubi-spark-lineage/README.md      |   1 +
 extensions/spark/kyuubi-spark-lineage/pom.xml |   6 +-
 pom.xml                                       | 139 +++++++-----------
 11 files changed, 122 insertions(+), 95 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f8febf9ed..aeb0a14bb 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -50,6 +50,7 @@ jobs:
           - '3.1'
           - '3.2'
           - '3.3'
+          - '3.4'
         spark-archive: [""]
         exclude-tags: [""]
         comment: ["normal"]
@@ -64,6 +65,11 @@ jobs:
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.2-binary'
+          - java: 8
+            spark: '3.3'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.4.0 -Dspark.archive.name=spark-3.4.0-bin-hadoop3.tgz'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
+            comment: 'verify-on-spark-3.4-binary'
     env:
       SPARK_LOCAL_IP: localhost
     steps:
@@ -88,6 +94,12 @@ jobs:
       - name: Build and test Kyuubi and Spark with maven w/o linters
         run: |
           TEST_MODULES="dev/kyuubi-codecov"
+          if [[ "${{ matrix.spark }}" == "3.4" ]]; then
+            # FIXME: Spark 3.4 supports authz plugin
+            TEST_MODULES="$TEST_MODULES,!extensions/spark/kyuubi-spark-authz"
+            # FIXME: Spark 3.4 supports lineage plugin
+            TEST_MODULES="$TEST_MODULES,!extensions/spark/kyuubi-spark-lineage"
+          fi
           ./build/mvn clean install ${MVN_OPT} -pl ${TEST_MODULES} -am \
           -Pspark-${{ matrix.spark }} ${{ matrix.spark-archive }} ${{ matrix.exclude-tags }}
       - name: Code coverage
diff --git a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
index 9f218f9d0..a36dffaef 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
@@ -125,10 +125,21 @@
             <artifactId>jakarta.xml.bind-api</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-1.2-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
-
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
index a80040aca..3f8019fa9 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
@@ -125,10 +125,21 @@
             <artifactId>jakarta.xml.bind-api</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-1.2-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
-
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/extensions/spark/kyuubi-extension-spark-common/pom.xml b/extensions/spark/kyuubi-extension-spark-common/pom.xml
index 6d4bd1443..e11600408 100644
--- a/extensions/spark/kyuubi-extension-spark-common/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-common/pom.xml
@@ -110,10 +110,21 @@
             <artifactId>jakarta.xml.bind-api</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-1.2-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
-
         <plugins>
             <plugin>
                 <groupId>org.antlr</groupId>
diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index eb3804a65..617a40a16 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -34,6 +34,7 @@ build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dran
 `-Dspark.version=`
 
 - [x] master
+- [ ] 3.4.x
 - [x] 3.3.x (default)
 - [x] 3.2.x
 - [x] 3.1.x
diff --git a/extensions/spark/kyuubi-spark-connector-common/pom.xml b/extensions/spark/kyuubi-spark-connector-common/pom.xml
index 1cba0ccdd..e36361753 100644
--- a/extensions/spark/kyuubi-spark-connector-common/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-common/pom.xml
@@ -87,10 +87,21 @@
             <artifactId>scalacheck-1-17_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-1.2-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
-
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
index 8a37d95e8..55a7fa3e9 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
@@ -170,7 +170,8 @@ class TPCDSCatalogSuite extends KyuubiFunSuite {
       val exception = intercept[AnalysisException] {
         spark.table("tpcds.sf1.nonexistent_table")
       }
-      assert(exception.message === "Table or view not found: tpcds.sf1.nonexistent_table")
+      assert(exception.message.contains("Table or view not found")
+        || exception.message.contains("TABLE_OR_VIEW_NOT_FOUND"))
     }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
index ee817ecae..0fdfc2689 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
@@ -158,7 +158,8 @@ class TPCHCatalogSuite extends KyuubiFunSuite {
       val exception = intercept[AnalysisException] {
         spark.table("tpch.sf1.nonexistent_table")
       }
-      assert(exception.message === "Table or view not found: tpch.sf1.nonexistent_table")
+      assert(exception.message.contains("Table or view not found")
+        || exception.message.contains("TABLE_OR_VIEW_NOT_FOUND"))
     }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/README.md b/extensions/spark/kyuubi-spark-lineage/README.md
index 5365f2d77..a713221ac 100644
--- a/extensions/spark/kyuubi-spark-lineage/README.md
+++ b/extensions/spark/kyuubi-spark-lineage/README.md
@@ -34,6 +34,7 @@ build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -am -Dspark.version=3.2.1
 `-Dspark.version=`
 
 - [x] master
+- [ ] 3.4.x
 - [x] 3.3.x (default)
 - [x] 3.2.x
 - [x] 3.1.x
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index bc13480d7..8583dfec0 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -85,10 +85,14 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
-
         <testResources>
             <testResource>
                 <directory>${project.basedir}/src/test/resources</directory>
diff --git a/pom.xml b/pom.xml
index a6e5d2df5..ae6dc2e29 100644
--- a/pom.xml
+++ b/pom.xml
@@ -196,6 +196,8 @@
         <swagger.version>2.2.1</swagger.version>
         <swagger-ui.version>4.9.1</swagger-ui.version>
         <testcontainers-scala.version>0.40.12</testcontainers-scala.version>
+        <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
+        <threeten.version>1.7.0</threeten.version>
         <thrift.version>0.9.3</thrift.version>
         <trino.client.version>363</trino.client.version>
         <trino.tpcds.version>1.4</trino.tpcds.version>
@@ -403,19 +405,15 @@
 
             <dependency>
                 <groupId>org.apache.spark</groupId>
-                <artifactId>spark-repl_${scala.binary.version}</artifactId>
+                <artifactId>spark-core_${scala.binary.version}</artifactId>
                 <version>${spark.version}</version>
                 <exclusions>
-                    <!--
-                      Use Hadoop Shaded Client to gain more clean transitive dependencies
-                     -->
+                    <!-- Use Hadoop Shaded Client to gain more clean transitive dependencies -->
                     <exclusion>
                         <groupId>org.apache.hadoop</groupId>
                         <artifactId>hadoop-client</artifactId>
                     </exclusion>
-                    <!--
-                      Use log4j2
-                     -->
+                    <!--  Use log4j2 -->
                     <exclusion>
                         <groupId>log4j</groupId>
                         <artifactId>log4j</artifactId>
@@ -424,54 +422,51 @@
                         <groupId>org.slf4j</groupId>
                         <artifactId>slf4j-log4j12</artifactId>
                     </exclusion>
+                    <!-- SPARK-40511 upgrade SLF4J2, which is not compatible w/ SLF4J1 -->
+                    <exclusion>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-slf4j2-impl</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
 
+            <dependency>
+                <groupId>org.apache.spark</groupId>
+                <artifactId>spark-repl_${scala.binary.version}</artifactId>
+                <version>${spark.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>org.apache.spark</groupId>
                 <artifactId>spark-sql_${scala.binary.version}</artifactId>
                 <version>${spark.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.spark</groupId>
+                <artifactId>spark-hive_${scala.binary.version}</artifactId>
+                <version>${spark.version}</version>
                 <exclusions>
-                    <!--
-                      Use Hadoop Shaded Client to gain more clean transitive dependencies
-                     -->
+                    <!-- Use Hadoop Shaded Client to gain more clean transitive dependencies -->
                     <exclusion>
                         <groupId>org.apache.hadoop</groupId>
-                        <artifactId>hadoop-client</artifactId>
-                    </exclusion>
-                    <!--
-                      Use log4j2
-                     -->
-                    <exclusion>
-                        <groupId>log4j</groupId>
-                        <artifactId>log4j</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.slf4j</groupId>
-                        <artifactId>slf4j-log4j12</artifactId>
+                        <artifactId>hadoop-common</artifactId>
                     </exclusion>
                 </exclusions>
             </dependency>
 
             <dependency>
                 <groupId>org.apache.spark</groupId>
-                <artifactId>spark-hive_${scala.binary.version}</artifactId>
+                <artifactId>spark-core_${scala.binary.version}</artifactId>
                 <version>${spark.version}</version>
+                <type>test-jar</type>
                 <exclusions>
-                    <!--
-                      Use Hadoop Shaded Client to gain more clean transitive dependencies
-                     -->
+                    <!-- Use Hadoop Shaded Client to gain more clean transitive dependencies -->
                     <exclusion>
                         <groupId>org.apache.hadoop</groupId>
                         <artifactId>hadoop-client</artifactId>
                     </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.hadoop</groupId>
-                        <artifactId>hadoop-common</artifactId>
-                    </exclusion>
-                    <!--
-                      Use log4j2
-                     -->
+                    <!--  Use log4j2 -->
                     <exclusion>
                         <groupId>log4j</groupId>
                         <artifactId>log4j</artifactId>
@@ -480,26 +475,11 @@
                         <groupId>org.slf4j</groupId>
                         <artifactId>slf4j-log4j12</artifactId>
                     </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.spark</groupId>
-                <artifactId>spark-core_${scala.binary.version}</artifactId>
-                <version>${spark.version}</version>
-                <type>test-jar</type>
-                <exclusions>
-                    <!--
-                      Use Hadoop Shaded Client to gain more clean transitive dependencies
-                     -->
+                    <!-- SPARK-40511 upgrade SLF4J2, which is not compatible w/ SLF4J1 -->
                     <exclusion>
-                        <groupId>org.apache.hadoop</groupId>
-                        <artifactId>hadoop-client</artifactId>
+                        <groupId>org.apache.logging.log4j</groupId>
+                        <artifactId>log4j-slf4j2-impl</artifactId>
                     </exclusion>
-                    <!--
-                      The module is only used in Kyuubi Spark Extensions, we should respect
-                      the Spark bundled log4j.
-                     -->
                 </exclusions>
             </dependency>
 
@@ -508,19 +488,6 @@
                 <artifactId>spark-catalyst_${scala.binary.version}</artifactId>
                 <version>${spark.version}</version>
                 <type>test-jar</type>
-                <exclusions>
-                    <!--
-                      Use Hadoop Shaded Client to gain more clean transitive dependencies
-                     -->
-                    <exclusion>
-                        <groupId>org.apache.hadoop</groupId>
-                        <artifactId>hadoop-client</artifactId>
-                    </exclusion>
-                    <!--
-                      The module is only used in Kyuubi Spark Extensions, so we don't care about which
-                      version of Log4j it depends on.
-                     -->
-                </exclusions>
             </dependency>
 
             <dependency>
@@ -528,19 +495,6 @@
                 <artifactId>spark-sql_${scala.binary.version}</artifactId>
                 <version>${spark.version}</version>
                 <type>test-jar</type>
-                <exclusions>
-                    <!--
-                      Use Hadoop Shaded Client to gain more clean transitive dependencies
-                     -->
-                    <exclusion>
-                        <groupId>org.apache.hadoop</groupId>
-                        <artifactId>hadoop-client</artifactId>
-                    </exclusion>
-                    <!--
-                      The module is only used in Kyuubi Spark Extensions and Engine Spark SQL, so we
-                      don't care about which version of Log4j it depends on.
-                     -->
-                </exclusions>
             </dependency>
 
             <dependency>
@@ -1524,6 +1478,12 @@
                 <artifactId>service</artifactId>
                 <version>${openai.java.version}</version>
             </dependency>
+
+            <dependency>
+                <groupId>org.threeten</groupId>
+                <artifactId>threeten-extra</artifactId>
+                <version>${threeten.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -2210,23 +2170,26 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>spark-3.4</id>
+            <modules>
+                <module>extensions/spark/kyuubi-spark-connector-hive</module>
+                <module>extensions/spark/kyuubi-spark-connector-kudu</module>
+            </modules>
+            <properties>
+                <spark.version>3.4.0</spark.version>
+                <!-- FIXME: used for constructing Iceberg artifact name, correct it once Iceberg supports Spark 3.4 -->
+                <spark.binary.version>3.3</spark.binary.version>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
+            </properties>
+        </profile>
+
         <profile>
             <id>spark-master</id>
             <properties>
                 <spark.version>3.5.0-SNAPSHOT</spark.version>
-                <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
-                <threeten.version>1.7.0</threeten.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
             </properties>
-            <dependencyManagement>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.threeten</groupId>
-                        <artifactId>threeten-extra</artifactId>
-                        <version>${threeten.version}</version>
-                    </dependency>
-                </dependencies>
-            </dependencyManagement>
             <repositories>
                 <repository>
                     <releases>

From 6ba8b99151adeee2fbdc7127a1ec1b0a087d4787 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Mon, 24 Apr 2023 09:47:15 +0800
Subject: [PATCH 320/760] [KYUUBI #4753] [KYUUBI 4752][Improvement]
 KyuubiConf.unset should not log deprecation warning

### _Why are the changes needed?_

close #4752

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4753 from lsm1/features/kyuubi_4752.

Closes #4753

8527a2bca [senmiaoliu] remove log deprecation warning in unset

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 2634bb4ab..e90dbe239 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -103,7 +103,6 @@ case class KyuubiConf(loadSysDefault: Boolean = true) extends Logging {
 
   /** unset a parameter from the configuration */
   def unset(key: String): KyuubiConf = {
-    logDeprecationWarning(key)
     settings.remove(key)
     this
   }

From 7b97d2fa4139ec77b95e7f822eae569ebc6341a9 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 24 Apr 2023 15:55:03 +0800
Subject: [PATCH 321/760] [KYUUBI #4655][DOCS][FOLLOWUP] Recover the missing
 JDBC URL

### _Why are the changes needed?_

Before:
<img width="835" alt="image" src="https://user-images.githubusercontent.com/26535726/233932083-3a96a48d-bcef-40c7-bef0-07f52c9bad01.png">

After:
<img width="813" alt="image" src="https://user-images.githubusercontent.com/26535726/233932630-5a87d3f4-c1d6-4076-b3a3-fd56c098b07f.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4759 from pan3793/4655.

Closes #4655

911944d28 [Cheng Pan] fix
1cc9d9591 [Cheng Pan] [KYUUBI #4655][DOCS][FOLLOWUP] Recover the missing code-block

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/jdbc/kyuubi_jdbc.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/client/jdbc/kyuubi_jdbc.rst b/docs/client/jdbc/kyuubi_jdbc.rst
index 305200d0d..ab59859aa 100644
--- a/docs/client/jdbc/kyuubi_jdbc.rst
+++ b/docs/client/jdbc/kyuubi_jdbc.rst
@@ -167,7 +167,7 @@ Authentication by Principal and Keytab
 It's straightforward to use principal and keytab for Kerberos authentication, just simply configure them in the JDBC URL.
 
 .. code-block::
-   jdbc:subprotocol://<zookeeper quorum>/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=kyuubi
+
    jdbc:kyuubi://host:port/schema;clientKeytab=<clientKeytab>;clientPrincipal=<clientPrincipal>;serverPrincipal=<serverPrincipal>
 
 - clientKeytab: path of Kerberos ``keytab`` file for client authentication

From efe81ac0b149e80e01b7fbcc233aefe91145dbda Mon Sep 17 00:00:00 2001
From: remzi <13716567376yh@gmail.com>
Date: Mon, 24 Apr 2023 23:48:16 +0800
Subject: [PATCH 322/760] [KYUUBI #4738] `AdminResource.getEngineSpace` should
 use primary group name on GROUP share level

### _Why are the changes needed?_

Closes #4738

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4740 from HaoYang670/4738_fix_GROUP_REST_get_engine.

Closes #4738

d044b2ac2 [remzi] fmt
68630250a [remzi] add tests
47f2dc205 [remzi] Merge remote-tracking branch 'upstream/master' into 4738_fix_GROUP_REST_get_engine
60d40f5b7 [remzi] fix style
c077fcd84 [remzi] fix style
1126c1c72 [remzi] Merge remote-tracking branch 'upstream/master' into 4738_fix_GROUP_REST_get_engine
1b03ef559 [remzi] address review comments
dbb6b17ec [remzi] restore gitignore
df528ff5b [remzi] ignore scala metals things
91789f968 [remzi] use group name

Authored-by: remzi <13716567376yh@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/KyuubiRestFrontendService.scala    |  2 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  8 +-
 .../server/api/v1/AdminResourceSuite.scala    | 94 ++++++++++++++++++-
 3 files changed, 101 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index cd191afe8..c9d571008 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -52,7 +52,7 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
 
   private def hadoopConf: Configuration = KyuubiServer.getHadoopConf()
 
-  private def sessionManager = be.sessionManager.asInstanceOf[KyuubiSessionManager]
+  private[kyuubi] def sessionManager = be.sessionManager.asInstanceOf[KyuubiSessionManager]
 
   private val batchChecker = ThreadUtils.newDaemonSingleThreadScheduledExecutor("batch-checker")
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 113660a41..cf8478021 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -355,9 +355,15 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
 
   private def getEngineSpace(engine: Engine): String = {
     val serverSpace = fe.getConf.get(HA_NAMESPACE)
+    val appUser = engine.getSharelevel match {
+      case "GROUP" =>
+        fe.sessionManager.groupProvider.primaryGroup(engine.getUser, fe.getConf.getAll.asJava)
+      case _ => engine.getUser
+    }
+
     DiscoveryPaths.makePath(
       s"${serverSpace}_${engine.getVersion}_${engine.getSharelevel}_${engine.getEngineType}",
-      engine.getUser,
+      appUser,
       engine.getSubdomain)
   }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index b7650627e..f7a086de4 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -35,7 +35,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
 import org.apache.kyuubi.engine.{ApplicationState, EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.EngineType.SPARK_SQL
-import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, USER}
+import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, GROUP, USER}
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceDiscovery}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
@@ -300,6 +300,52 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     }
   }
 
+  test("delete engine - group share level") {
+    val id = UUID.randomUUID().toString
+    conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, GROUP.toString)
+    conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
+    conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+    conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
+    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
+
+    val engineSpace = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_GROUP_SPARK_SQL",
+      fe.asInstanceOf[KyuubiRestFrontendService].sessionManager.groupProvider.primaryGroup(
+        Utils.currentUser,
+        null),
+      "default")
+
+    withDiscoveryClient(conf) { client =>
+      engine.getOrCreate(client)
+
+      assert(client.pathExists(engineSpace))
+      assert(client.getChildren(engineSpace).size == 1)
+
+      val response = webTarget.path("api/v1/admin/engine")
+        .queryParam("sharelevel", "GROUP")
+        .queryParam("type", "spark_sql")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+        .delete()
+
+      assert(200 == response.getStatus)
+      assert(client.pathExists(engineSpace))
+      eventually(timeout(5.seconds), interval(100.milliseconds)) {
+        assert(client.getChildren(engineSpace).size == 0, s"refId same with $id?")
+      }
+
+      // kill the engine application
+      engineMgr.killApplication(None, id)
+      eventually(timeout(30.seconds), interval(100.milliseconds)) {
+        assert(engineMgr.getApplicationInfo(None, id).exists(_.state == ApplicationState.NOT_FOUND))
+      }
+    }
+  }
+
   test("delete engine - connection share level") {
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, CONNECTION.toString)
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
@@ -378,6 +424,52 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     }
   }
 
+  test("list engine - group share level") {
+    val id = UUID.randomUUID().toString
+    conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, GROUP.toString)
+    conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
+    conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+    conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
+    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
+
+    val engineSpace = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_GROUP_SPARK_SQL",
+      fe.asInstanceOf[KyuubiRestFrontendService].sessionManager.groupProvider.primaryGroup(
+        Utils.currentUser,
+        null),
+      "")
+
+    withDiscoveryClient(conf) { client =>
+      engine.getOrCreate(client)
+
+      assert(client.pathExists(engineSpace))
+      assert(client.getChildren(engineSpace).size == 1)
+
+      val response = webTarget.path("api/v1/admin/engine")
+        .queryParam("type", "spark_sql")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+        .get
+
+      assert(200 == response.getStatus)
+      val engines = response.readEntity(new GenericType[Seq[Engine]]() {})
+      assert(engines.size == 1)
+      assert(engines(0).getEngineType == "SPARK_SQL")
+      assert(engines(0).getSharelevel == "GROUP")
+      assert(engines(0).getSubdomain == "default")
+
+      // kill the engine application
+      engineMgr.killApplication(None, id)
+      eventually(timeout(30.seconds), interval(100.milliseconds)) {
+        assert(engineMgr.getApplicationInfo(None, id).exists(_.state == ApplicationState.NOT_FOUND))
+      }
+    }
+  }
+
   test("list engine - connection share level") {
     conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, CONNECTION.toString)
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)

From e1e57e52336c9d7c60e9983b1beed2dd20af75e7 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 25 Apr 2023 02:16:28 +0800
Subject: [PATCH 323/760] [KYUUBI #4763] [DOCS] Fix the Kyuubi JDBC kerberos
 parameters

### _Why are the changes needed?_

The Kerberos-related parameters in Kyuubi JDBC driver are

- `kyuubiClientPrincipal`
- `kyuubiClientKeytab`
- `principal`. Since 1.7.0, `kyuubiServerPrincipal` is added as an alias

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4763 from pan3793/kerberos-doc.

Closes #4763

7400e3a08 [Cheng Pan] nit
021c73174 [Cheng Pan] nit
337fb1229 [Cheng Pan] fix
4c4907bc8 [Cheng Pan] fix
d2478eeb7 [Cheng Pan] nit
3b0899d3e [Cheng Pan] nit
8dfdb6bde [Cheng Pan] [DOCS] Fix the Kyuubi JDBC kerberos parameters

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/advanced/kerberos.md          |  2 +-
 docs/client/jdbc/kyuubi_jdbc.rst          | 16 ++++++++--------
 docs/quick_start/quick_start_with_jdbc.md |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/client/advanced/kerberos.md b/docs/client/advanced/kerberos.md
index 4962dd2c8..a9cb55812 100644
--- a/docs/client/advanced/kerberos.md
+++ b/docs/client/advanced/kerberos.md
@@ -242,5 +242,5 @@ jdbc:hive2://<kyuubi_server_address>:<kyuubi_server_port>/<db>;kyuubiServerPrinc
 - `principal` is inherited from Hive JDBC Driver and is a little ambiguous, and we could use `kyuubiServerPrincipal` as its alias.
 - `kyuubi_server_principal` is the value of `kyuubi.kinit.principal` set in `kyuubi-defaults.conf`.
 - As a command line argument, JDBC URL should be quoted to avoid being split into 2 commands by ";".
-- As to DBeaver, `<db>;principal=<kyuubi_server_principal>` should be set as the `Database/Schema` argument.
+- As to DBeaver, `<db>;principal=<kyuubi_server_principal>` or `<db>;kyuubiServerPrincipal=<kyuubi_server_principal>` should be set as the `Database/Schema` argument.
 
diff --git a/docs/client/jdbc/kyuubi_jdbc.rst b/docs/client/jdbc/kyuubi_jdbc.rst
index ab59859aa..d4270ea8a 100644
--- a/docs/client/jdbc/kyuubi_jdbc.rst
+++ b/docs/client/jdbc/kyuubi_jdbc.rst
@@ -168,12 +168,12 @@ It's straightforward to use principal and keytab for Kerberos authentication, ju
 
 .. code-block::
 
-   jdbc:kyuubi://host:port/schema;clientKeytab=<clientKeytab>;clientPrincipal=<clientPrincipal>;serverPrincipal=<serverPrincipal>
+   jdbc:kyuubi://host:port/schema;kyuubiClientPrincipal=<clientPrincipal>;kyuubiClientKeytab=<clientKeytab>;kyuubiServerPrincipal=<serverPrincipal>
 
-- clientKeytab: path of Kerberos ``keytab`` file for client authentication
-- clientPrincipal: Kerberos ``principal`` for client authentication
-- serverPrincipal: Kerberos ``principal`` configured by `kyuubi.kinit.principal` at the server side. ``serverPrincipal`` is available
-  since 1.7.0, for previous versions, use ``principal`` instead.
+- kyuubiClientPrincipal: Kerberos ``principal`` for client authentication
+- kyuubiClientKeytab: path of Kerberos ``keytab`` file for client authentication
+- kyuubiServerPrincipal: Kerberos ``principal`` configured by `kyuubi.kinit.principal` at the server side. ``kyuubiServerPrincipal`` is available
+  as an alias of ``principal`` since 1.7.0, use ``principal`` for previous versions.
 
 Authentication by Principal and TGT Cache
 *****************************************
@@ -183,7 +183,7 @@ does Kerberos authentication through the TGT cache.
 
 .. code-block::
 
-   jdbc:kyuubi://host:port/schema;serverPrincipal=<serverPrincipal>
+   jdbc:kyuubi://host:port/schema;kyuubiServerPrincipal=<serverPrincipal>
 
 Authentication by `Hadoop UserGroupInformation`_ ``doAs`` (programing only)
 ***************************************************************************
@@ -195,7 +195,7 @@ Authentication by `Hadoop UserGroupInformation`_ ``doAs`` (programing only)
 
 .. code-block::
 
-  String jdbcUrl = "jdbc:kyuubi://host:port/schema;serverPrincipal=<serverPrincipal>"
+  String jdbcUrl = "jdbc:kyuubi://host:port/schema;kyuubiServerPrincipal=<serverPrincipal>"
   UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab);
   ugi.doAs((PrivilegedExceptionAction<String>) () -> {
     Connection conn = DriverManager.getConnection(jdbcUrl);
@@ -207,7 +207,7 @@ Authentication by Subject (programing only)
 
 .. code-block:: java
 
-   String jdbcUrl = "jdbc:kyuubi://host:port/schema;serverPrincipal=<serverPrincipal>;kerberosAuthType=fromSubject"
+   String jdbcUrl = "jdbc:kyuubi://host:port/schema;kyuubiServerPrincipal=<serverPrincipal>;kerberosAuthType=fromSubject"
    Subject kerberizedSubject = ...;
    Subject.doAs(kerberizedSubject, (PrivilegedExceptionAction<String>) () -> {
      Connection conn = DriverManager.getConnection(jdbcUrl);
diff --git a/docs/quick_start/quick_start_with_jdbc.md b/docs/quick_start/quick_start_with_jdbc.md
index c40958191..c7001db64 100644
--- a/docs/quick_start/quick_start_with_jdbc.md
+++ b/docs/quick_start/quick_start_with_jdbc.md
@@ -74,7 +74,7 @@ public class KyuubiJDBCDemo {
 
   private static String driverName = "org.apache.kyuubi.jdbc.KyuubiHiveDriver";
   private static String kyuubiJdbcUrlTemplate = "jdbc:kyuubi://localhost:10009/default;" +
-          "clientPrincipal=%s;clientKeytab=%s;serverPrincipal=%s";
+          "kyuubiClientPrincipal=%s;kyuubiClientKeytab=%s;kyuubiServerPrincipal=%s";
 
   public static void main(String[] args) throws SQLException {
     String clientPrincipal = args[0]; // Kerberos principal

From b0d07f7086556be3d3b4246f7674673d95359f78 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Tue, 25 Apr 2023 02:17:38 +0800
Subject: [PATCH 324/760] [KYUUBI #3887][FOLLOWUP] Fix kyuubiServerPrincipal
 logic in KyuubiCommands

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4764 from lightning-L/kyuubi-3887-followup.

Closes #3887

42a123282 [Tianlin Liao] [KYUUBI #3887][FOLLOWUP] fix kyuubiServerPrincipal logic in KyuubiCommands

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/java/org/apache/hive/beeline/KyuubiCommands.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 9ce4cb6f7..9557f2567 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -467,7 +467,7 @@ public boolean connect(Properties props) throws IOException {
 
     beeLine.info("Connecting to " + url);
     if (Utils.parsePropertyFromUrl(url, AUTH_PRINCIPAL) == null
-        || Utils.parsePropertyFromUrl(url, AUTH_KYUUBI_SERVER_PRINCIPAL) == null) {
+        && Utils.parsePropertyFromUrl(url, AUTH_KYUUBI_SERVER_PRINCIPAL) == null) {
       String urlForPrompt = url.substring(0, url.contains(";") ? url.indexOf(';') : url.length());
       if (username == null) {
         username = beeLine.getConsoleReader().readLine("Enter username for " + urlForPrompt + ": ");

From f3c037d6f37a3538b0031b329401cbf38859cc47 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 25 Apr 2023 11:31:55 +0800
Subject: [PATCH 325/760] [KYUUBI #4652][FOLLOWUP] Fix JaasConfiguration
 ClassNotFoundException for Hadoop 3.3.4 and previous

### _Why are the changes needed?_

JaasConfiguration is a static class.

Before:
<img width="1151" alt="image" src="https://user-images.githubusercontent.com/6757692/234147288-d1251e5b-7c23-4746-80fb-335945c408c7.png">

After:
<img width="1189" alt="image" src="https://user-images.githubusercontent.com/6757692/234147251-e0007ac8-bb9e-49a5-95eb-3ea0b9671996.png">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4765 from turboFei/zk_not_found.

Closes #4652

77dceb2bc [fwang12] fix class not found issue

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
index b7297d969..806aff95f 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
@@ -118,7 +118,7 @@ object ZookeeperClientProvider extends Logging {
             classOf[String])
           .impl( // Hadoop 3.3.4 and previous
             // scalastyle:off
-            "org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.JaasConfiguration",
+            "org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager$JaasConfiguration",
             // scalastyle:on
             classOf[String],
             classOf[String],

From 79d6645fcd65cbbb55bb296827ab5cf33823bfd2 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Tue, 25 Apr 2023 20:01:59 +0800
Subject: [PATCH 326/760] [KYUUBI #4745] Support Flink's LocalZonedTimestamp
 DataType

### _Why are the changes needed?_

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4751 from link3280/KYUUBI-4745.

Closes #4745

e1e900bbe [Paul Lin] [KYUUBI #4745] Replace hive's timestamp format with the kyuubi's
0693d1f15 [Paul Lin] [KYUUBI #4745] Pin time zone in tests
462b39f2f [Paul Lin] [KYUUBI #4745] Improve variable naming
5f9976d81 [Paul Lin] [KYUUBI #4745] Support Flink's LocalZonedTimestamp DataType

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../flink/operation/FlinkOperation.scala      |  7 +++
 .../kyuubi/engine/flink/schema/RowSet.scala   | 63 ++++++++++++++++---
 .../flink/operation/FlinkOperationSuite.scala | 17 +++++
 .../engine/flink/result/ResultSetSuite.scala  | 11 ++--
 4 files changed, 84 insertions(+), 14 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
index eee2fdc98..422ae7d4b 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.engine.flink.operation
 
 import java.io.IOException
+import java.time.ZoneId
 
 import scala.collection.JavaConverters.collectionAsScalaIterableConverter
 
@@ -100,9 +101,15 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
       case FETCH_FIRST => resultSet.getData.fetchAbsolute(0);
     }
     val token = resultSet.getData.take(rowSetSize)
+    val timeZone = Option(flinkSession.getSessionConfig.get("table.local-time-zone"))
+    val zoneId = timeZone match {
+      case Some(tz) => ZoneId.of(tz)
+      case None => ZoneId.systemDefault()
+    }
     val resultRowSet = RowSet.resultSetToTRowSet(
       token.toList,
       resultSet,
+      zoneId,
       getProtocolVersion)
     resultRowSet.setStartRowOffset(resultSet.getData.getPosition)
     resultRowSet
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
index 13cf5e717..c446396d5 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/schema/RowSet.scala
@@ -21,7 +21,9 @@ import java.{lang, util}
 import java.nio.ByteBuffer
 import java.nio.charset.StandardCharsets
 import java.sql.{Date, Timestamp}
-import java.time.{LocalDate, LocalDateTime}
+import java.time.{Instant, LocalDate, LocalDateTime, ZonedDateTime, ZoneId}
+import java.time.format.{DateTimeFormatter, DateTimeFormatterBuilder, TextStyle}
+import java.time.temporal.ChronoField
 import java.util.Collections
 
 import scala.collection.JavaConverters._
@@ -42,15 +44,16 @@ object RowSet {
   def resultSetToTRowSet(
       rows: Seq[Row],
       resultSet: ResultSet,
+      zoneId: ZoneId,
       protocolVersion: TProtocolVersion): TRowSet = {
     if (protocolVersion.getValue < TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6.getValue) {
-      toRowBaseSet(rows, resultSet)
+      toRowBaseSet(rows, resultSet, zoneId)
     } else {
-      toColumnBasedSet(rows, resultSet)
+      toColumnBasedSet(rows, resultSet, zoneId)
     }
   }
 
-  def toRowBaseSet(rows: Seq[Row], resultSet: ResultSet): TRowSet = {
+  def toRowBaseSet(rows: Seq[Row], resultSet: ResultSet, zoneId: ZoneId): TRowSet = {
     val rowSize = rows.size
     val tRows = new util.ArrayList[TRow](rowSize)
     var i = 0
@@ -60,7 +63,7 @@ object RowSet {
       val columnSize = row.getArity
       var j = 0
       while (j < columnSize) {
-        val columnValue = toTColumnValue(j, row, resultSet)
+        val columnValue = toTColumnValue(j, row, resultSet, zoneId)
         tRow.addToColVals(columnValue)
         j += 1
       }
@@ -71,14 +74,14 @@ object RowSet {
     new TRowSet(0, tRows)
   }
 
-  def toColumnBasedSet(rows: Seq[Row], resultSet: ResultSet): TRowSet = {
+  def toColumnBasedSet(rows: Seq[Row], resultSet: ResultSet, zoneId: ZoneId): TRowSet = {
     val size = rows.length
     val tRowSet = new TRowSet(0, new util.ArrayList[TRow](size))
     val columnSize = resultSet.getColumns.size()
     var i = 0
     while (i < columnSize) {
       val field = resultSet.getColumns.get(i)
-      val tColumn = toTColumn(rows, i, field.getDataType.getLogicalType)
+      val tColumn = toTColumn(rows, i, field.getDataType.getLogicalType, zoneId)
       tRowSet.addToColumns(tColumn)
       i += 1
     }
@@ -88,7 +91,8 @@ object RowSet {
   private def toTColumnValue(
       ordinal: Int,
       row: Row,
-      resultSet: ResultSet): TColumnValue = {
+      resultSet: ResultSet,
+      zoneId: ZoneId): TColumnValue = {
 
     val column = resultSet.getColumns.get(ordinal)
     val logicalType = column.getDataType.getLogicalType
@@ -153,6 +157,12 @@ object RowSet {
                 s"for type ${t.getClass}.")
         }
         TColumnValue.stringVal(tStringValue)
+      case _: LocalZonedTimestampType =>
+        val tStringValue = new TStringValue
+        val fieldValue = row.getField(ordinal)
+        tStringValue.setValue(TIMESTAMP_LZT_FORMATTER.format(
+          ZonedDateTime.ofInstant(fieldValue.asInstanceOf[Instant], zoneId)))
+        TColumnValue.stringVal(tStringValue)
       case t =>
         val tStringValue = new TStringValue
         if (row.getField(ordinal) != null) {
@@ -166,7 +176,11 @@ object RowSet {
     ByteBuffer.wrap(bitSet.toByteArray)
   }
 
-  private def toTColumn(rows: Seq[Row], ordinal: Int, logicalType: LogicalType): TColumn = {
+  private def toTColumn(
+      rows: Seq[Row],
+      ordinal: Int,
+      logicalType: LogicalType,
+      zoneId: ZoneId): TColumn = {
     val nulls = new java.util.BitSet()
     // for each column, determine the conversion class by sampling the first non-value value
     // if there's no row, set the entire column empty
@@ -211,6 +225,12 @@ object RowSet {
                 s"for type ${t.getClass}.")
         }
         TColumn.stringVal(new TStringColumn(values, nulls))
+      case _: LocalZonedTimestampType =>
+        val values = getOrSetAsNull[Instant](rows, ordinal, nulls, Instant.EPOCH)
+          .toArray().map(v =>
+            TIMESTAMP_LZT_FORMATTER.format(
+              ZonedDateTime.ofInstant(v.asInstanceOf[Instant], zoneId)))
+        TColumn.stringVal(new TStringColumn(values.toList.asJava, nulls))
       case _ =>
         var i = 0
         val rowSize = rows.length
@@ -303,13 +323,14 @@ object RowSet {
     case _: DecimalType => TTypeId.DECIMAL_TYPE
     case _: DateType => TTypeId.DATE_TYPE
     case _: TimestampType => TTypeId.TIMESTAMP_TYPE
+    case _: LocalZonedTimestampType => TTypeId.TIMESTAMPLOCALTZ_TYPE
     case _: ArrayType => TTypeId.ARRAY_TYPE
     case _: MapType => TTypeId.MAP_TYPE
     case _: RowType => TTypeId.STRUCT_TYPE
     case _: BinaryType => TTypeId.BINARY_TYPE
     case _: VarBinaryType => TTypeId.BINARY_TYPE
     case _: TimeType => TTypeId.STRING_TYPE
-    case t @ (_: ZonedTimestampType | _: LocalZonedTimestampType | _: MultisetType |
+    case t @ (_: ZonedTimestampType | _: MultisetType |
         _: YearMonthIntervalType | _: DayTimeIntervalType) =>
       throw new IllegalArgumentException(
         "Flink data type `%s` is not supported currently".format(t.asSummaryString()),
@@ -377,4 +398,26 @@ object RowSet {
         other.toString
     }
   }
+
+  /** should stay in sync with org.apache.kyuubi.jdbc.hive.common.TimestampTZUtil */
+  var TIMESTAMP_LZT_FORMATTER: DateTimeFormatter = {
+    val builder = new DateTimeFormatterBuilder
+    // Date part
+    builder.append(DateTimeFormatter.ofPattern("yyyy-MM-dd"))
+    // Time part
+    builder
+      .optionalStart
+      .appendLiteral(" ")
+      .append(DateTimeFormatter.ofPattern("HH:mm:ss"))
+      .optionalStart
+      .appendFraction(ChronoField.NANO_OF_SECOND, 1, 9, true)
+      .optionalEnd
+      .optionalEnd
+
+    // Zone part
+    builder.optionalStart.appendLiteral(" ").optionalEnd
+    builder.optionalStart.appendZoneText(TextStyle.NARROW).optionalEnd
+
+    builder.toFormatter
+  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 908e407a9..00e26c528 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -739,6 +739,23 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
     }
   }
 
+  test("execute statement - select timestamp with local time zone") {
+    withJdbcStatement() { statement =>
+      statement.executeQuery("CREATE VIEW T1 AS SELECT TO_TIMESTAMP_LTZ(4001, 3)")
+      statement.executeQuery("SET 'table.local-time-zone' = 'UTC'")
+      val resultSetUTC = statement.executeQuery("SELECT * FROM T1")
+      val metaData = resultSetUTC.getMetaData
+      assert(metaData.getColumnType(1) === java.sql.Types.OTHER)
+      assert(resultSetUTC.next())
+      assert(resultSetUTC.getString(1) === "1970-01-01 00:00:04.001 UTC")
+
+      statement.executeQuery("SET 'table.local-time-zone' = 'America/Los_Angeles'")
+      val resultSetPST = statement.executeQuery("SELECT * FROM T1")
+      assert(resultSetPST.next())
+      assert(resultSetPST.getString(1) === "1969-12-31 16:00:04.001 America/Los_Angeles")
+    }
+  }
+
   test("execute statement - select time") {
     withJdbcStatement() { statement =>
       val resultSet =
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/result/ResultSetSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/result/ResultSetSuite.scala
index 9190456b3..9ee5c658b 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/result/ResultSetSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/result/ResultSetSuite.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.engine.flink.result
 
+import java.time.ZoneId
+
 import org.apache.flink.table.api.{DataTypes, ResultKind}
 import org.apache.flink.table.catalog.Column
 import org.apache.flink.table.data.StringData
@@ -44,9 +46,10 @@ class ResultSetSuite extends KyuubiFunSuite {
       .data(rowsNew)
       .build
 
-    assert(RowSet.toRowBaseSet(rowsNew, resultSetNew)
-      === RowSet.toRowBaseSet(rowsOld, resultSetOld))
-    assert(RowSet.toColumnBasedSet(rowsNew, resultSetNew)
-      === RowSet.toColumnBasedSet(rowsOld, resultSetOld))
+    val timeZone = ZoneId.of("America/Los_Angeles")
+    assert(RowSet.toRowBaseSet(rowsNew, resultSetNew, timeZone)
+      === RowSet.toRowBaseSet(rowsOld, resultSetOld, timeZone))
+    assert(RowSet.toColumnBasedSet(rowsNew, resultSetNew, timeZone)
+      === RowSet.toColumnBasedSet(rowsOld, resultSetOld, timeZone))
   }
 }

From 0b72a6151cf8441e51592a5eb7c4b7816898e41a Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 25 Apr 2023 22:22:16 +0800
Subject: [PATCH 327/760] [KYUUBI #4772] Bump Jersey from 2.39 to 2.39.1

### _Why are the changes needed?_

- Jersey 2.39.1 release note: https://github.com/eclipse-ee4j/jersey/releases/tag/2.39.1
    - https://github.com/eclipse-ee4j/jersey/pull/5282

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4772 from bowenliang123/jersey-2.39.1.

Closes #4772

356753565 [liangbowen] update dependencyList
e3d3f11bd [liangbowen] bump jersey from 2.39 to 2.39.1

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 16 ++++++++--------
 pom.xml            |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index fc9913604..0abcc5196 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -86,14 +86,14 @@ jakarta.ws.rs-api/2.1.6//jakarta.ws.rs-api-2.1.6.jar
 jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar
 javassist/3.25.0-GA//javassist-3.25.0-GA.jar
 jcl-over-slf4j/1.7.36//jcl-over-slf4j-1.7.36.jar
-jersey-client/2.39//jersey-client-2.39.jar
-jersey-common/2.39//jersey-common-2.39.jar
-jersey-container-servlet-core/2.39//jersey-container-servlet-core-2.39.jar
-jersey-entity-filtering/2.39//jersey-entity-filtering-2.39.jar
-jersey-hk2/2.39//jersey-hk2-2.39.jar
-jersey-media-json-jackson/2.39//jersey-media-json-jackson-2.39.jar
-jersey-media-multipart/2.39//jersey-media-multipart-2.39.jar
-jersey-server/2.39//jersey-server-2.39.jar
+jersey-client/2.39.1//jersey-client-2.39.1.jar
+jersey-common/2.39.1//jersey-common-2.39.1.jar
+jersey-container-servlet-core/2.39.1//jersey-container-servlet-core-2.39.1.jar
+jersey-entity-filtering/2.39.1//jersey-entity-filtering-2.39.1.jar
+jersey-hk2/2.39.1//jersey-hk2-2.39.1.jar
+jersey-media-json-jackson/2.39.1//jersey-media-json-jackson-2.39.1.jar
+jersey-media-multipart/2.39.1//jersey-media-multipart-2.39.1.jar
+jersey-server/2.39.1//jersey-server-2.39.1.jar
 jetcd-api/0.7.3//jetcd-api-0.7.3.jar
 jetcd-common/0.7.3//jetcd-common-0.7.3.jar
 jetcd-core/0.7.3//jetcd-core-0.7.3.jar
diff --git a/pom.xml b/pom.xml
index ae6dc2e29..9ff452a48 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,7 +161,7 @@
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
-        <jersey.version>2.39</jersey.version>
+        <jersey.version>2.39.1</jersey.version>
         <jetty.version>9.4.50.v20221201</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>

From b7012aa206eb836073987cb6c8aa59ec4421c174 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 26 Apr 2023 17:59:24 +0800
Subject: [PATCH 328/760] [KYUUBI #4710][ARROW][FOLLOWUP] Post driver-side
 metrics for LocalTableScanExec/CommandResultExec

### _Why are the changes needed?_

to resolve https://github.com/apache/kyuubi/pull/4710#discussion_r1168600486

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4769 from cfmcgrady/arrow-send-driver-metrics.

Closes #4710

a952d088b [Fu Chen] refactor
a5645de90 [Fu Chen] address comment
6749630ee [Fu Chen] update
2dff41eeb [Fu Chen] add SparkMetricsTestUtils
8c772bca7 [Fu Chen] ut
4e3cd7d11 [Fu Chen] metrics

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../spark/sql/kyuubi/SparkDatasetHelper.scala | 37 ++++++++----
 .../SparkArrowbasedOperationSuite.scala       | 60 +++++++++++++++++--
 .../metric/SparkMetricsTestUtils.scala        | 53 ++++++++++++++++
 3 files changed, 134 insertions(+), 16 deletions(-)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/sql/execution/metric/SparkMetricsTestUtils.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 285a28a60..8f8aef560 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -19,6 +19,7 @@ package org.apache.spark.sql.kyuubi
 
 import scala.collection.mutable.ArrayBuffer
 
+import org.apache.spark.SparkContext
 import org.apache.spark.internal.Logging
 import org.apache.spark.network.util.{ByteUnit, JavaUtils}
 import org.apache.spark.rdd.RDD
@@ -28,6 +29,7 @@ import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, Spa
 import org.apache.spark.sql.execution.{CollectLimitExec, SparkPlan, SQLExecution}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
 import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
+import org.apache.spark.sql.execution.metric.{SQLMetric, SQLMetrics}
 import org.apache.spark.sql.functions._
 import org.apache.spark.sql.types._
 
@@ -184,26 +186,36 @@ object SparkDatasetHelper extends Logging {
     result.toArray
   }
 
-  def doCommandResultExec(command: SparkPlan): Array[Array[Byte]] = {
+  private lazy val commandResultExecRowsMethod = DynMethods.builder("rows")
+    .impl("org.apache.spark.sql.execution.CommandResultExec")
+    .build()
+
+  private def doCommandResultExec(command: SparkPlan): Array[Array[Byte]] = {
+    val spark = SparkSession.active
+    // TODO: replace with `command.rows` once we drop Spark 3.1 support.
+    val rows = commandResultExecRowsMethod.invoke[Seq[InternalRow]](command)
+    command.longMetric("numOutputRows").add(rows.size)
+    sendDriverMetrics(spark.sparkContext, command.metrics)
     KyuubiArrowConverters.toBatchIterator(
-      // TODO: replace with `command.rows.iterator` once we drop Spark 3.1 support.
-      commandResultExecRowsMethod.invoke[Seq[InternalRow]](command).iterator,
+      rows.iterator,
       command.schema,
-      SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch,
+      spark.sessionState.conf.arrowMaxRecordsPerBatch,
       maxBatchSize,
       -1,
-      SparkSession.active.sessionState.conf.sessionLocalTimeZone).toArray
+      spark.sessionState.conf.sessionLocalTimeZone).toArray
   }
 
-  def doLocalTableScan(localTableScan: LocalTableScanExec): Array[Array[Byte]] = {
+  private def doLocalTableScan(localTableScan: LocalTableScanExec): Array[Array[Byte]] = {
+    val spark = SparkSession.active
     localTableScan.longMetric("numOutputRows").add(localTableScan.rows.size)
+    sendDriverMetrics(spark.sparkContext, localTableScan.metrics)
     KyuubiArrowConverters.toBatchIterator(
       localTableScan.rows.iterator,
       localTableScan.schema,
-      SparkSession.active.sessionState.conf.arrowMaxRecordsPerBatch,
+      spark.sessionState.conf.arrowMaxRecordsPerBatch,
       maxBatchSize,
       -1,
-      SparkSession.active.sessionState.conf.sessionLocalTimeZone).toArray
+      spark.sessionState.conf.sessionLocalTimeZone).toArray
   }
 
   /**
@@ -268,10 +280,6 @@ object SparkDatasetHelper extends Logging {
     sparkPlan.getClass.getName == "org.apache.spark.sql.execution.CommandResultExec"
   }
 
-  private lazy val commandResultExecRowsMethod = DynMethods.builder("rows")
-    .impl("org.apache.spark.sql.execution.CommandResultExec")
-    .build()
-
   /**
    * refer to org.apache.spark.sql.Dataset#withAction(), assign a new execution id for arrow-based
    * operation, so that we can track the arrow-based queries on the UI tab.
@@ -282,4 +290,9 @@ object SparkDatasetHelper extends Logging {
       body
     }
   }
+
+  private def sendDriverMetrics(sc: SparkContext, metrics: Map[String, SQLMetric]): Unit = {
+    val executionId = sc.getLocalProperty(SQLExecution.EXECUTION_ID_KEY)
+    SQLMetrics.postDriverMetricUpdates(sc, executionId, metrics.values.toSeq)
+  }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 057d8c6ff..9273ab879 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -18,7 +18,7 @@
 package org.apache.kyuubi.engine.spark.operation
 
 import java.sql.Statement
-import java.util.{Set => JSet}
+import java.util.{Locale, Set => JSet}
 
 import org.apache.spark.KyuubiSparkContextHelper
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobStart}
@@ -29,6 +29,7 @@ import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
 import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
 import org.apache.spark.sql.execution.exchange.Exchange
 import org.apache.spark.sql.execution.joins.{BroadcastHashJoinExec, SortMergeJoinExec}
+import org.apache.spark.sql.execution.metric.SparkMetricsTestUtils
 import org.apache.spark.sql.functions.col
 import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.kyuubi.SparkDatasetHelper
@@ -41,7 +42,8 @@ import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.SparkDataTypeTests
 import org.apache.kyuubi.reflection.DynFields
 
-class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests {
+class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests
+  with SparkMetricsTestUtils {
 
   override protected def jdbcUrl: String = getJdbcUrl
 
@@ -58,6 +60,16 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     withJdbcStatement() { statement =>
       checkResultSetFormat(statement, "arrow")
     }
+    spark.catalog.listTables()
+      .collect()
+      .foreach { table =>
+        if (table.isTemporary) {
+          spark.catalog.dropTempView(table.name)
+        } else {
+          spark.sql(s"DROP TABLE IF EXISTS ${table.name}")
+        }
+        ()
+      }
   }
 
   test("detect resultSet format") {
@@ -288,13 +300,12 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
       assert(nodeName == "org.apache.spark.sql.execution.CommandResultExec")
     }
     withJdbcStatement("table_1") { statement =>
-      statement.executeQuery(s"CREATE TABLE table_1 (id bigint) USING parquet")
+      statement.executeQuery("CREATE TABLE table_1 (id bigint) USING parquet")
       withSparkListener(listener) {
         withSparkListener(l2) {
           val resultSet = statement.executeQuery("SHOW TABLES")
           assert(resultSet.next())
           assert(resultSet.getString("tableName") == "table_1")
-          KyuubiSparkContextHelper.waitListenerBus(spark)
         }
       }
     }
@@ -348,6 +359,33 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     assert(metrics("numOutputRows").value === 1)
   }
 
+  test("post LocalTableScanExec driver-side metrics") {
+    val expectedMetrics = Map(
+      0L -> (("LocalTableScan", Map("number of output rows" -> "2"))))
+    withTables("view_1") {
+      val s = spark
+      import s.implicits._
+      Seq((1, "a"), (2, "b")).toDF("c1", "c2").createOrReplaceTempView("view_1")
+      val df = spark.sql("SELECT * FROM view_1")
+      val metrics = getSparkPlanMetrics(df)
+      assert(metrics == expectedMetrics)
+    }
+  }
+
+  test("post CommandResultExec driver-side metrics") {
+    spark.sql("show tables").show(truncate = false)
+    assume(SPARK_ENGINE_RUNTIME_VERSION >= "3.2")
+    val expectedMetrics = Map(
+      0L -> (("CommandResult", Map("number of output rows" -> "2"))))
+    withTables("table_1", "table_2") {
+      spark.sql("CREATE TABLE table_1 (id bigint) USING parquet")
+      spark.sql("CREATE TABLE table_2 (id bigint) USING parquet")
+      val df = spark.sql("SHOW TABLES")
+      val metrics = getSparkPlanMetrics(df)
+      assert(metrics == expectedMetrics)
+    }
+  }
+
   private def checkResultSetFormat(statement: Statement, expectFormat: String): Unit = {
     val query =
       s"""
@@ -465,6 +503,20 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     }
   }
 
+  private def withTables[T](tableNames: String*)(f: => T): T = {
+    try {
+      f
+    } finally {
+      tableNames.foreach { name =>
+        if (name.toUpperCase(Locale.ROOT).startsWith("VIEW")) {
+          spark.sql(s"DROP VIEW IF EXISTS $name")
+        } else {
+          spark.sql(s"DROP TABLE IF EXISTS $name")
+        }
+      }
+    }
+  }
+
   /**
    * This method provides a reflection-based implementation of [[SQLConf.isStaticConfigKey]] to
    * adapt Spark-3.1.x
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/sql/execution/metric/SparkMetricsTestUtils.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/sql/execution/metric/SparkMetricsTestUtils.scala
new file mode 100644
index 000000000..7ab06f0ef
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/sql/execution/metric/SparkMetricsTestUtils.scala
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.execution.metric
+
+import org.apache.spark.sql.DataFrame
+import org.apache.spark.sql.execution.SparkPlanInfo
+import org.apache.spark.sql.execution.ui.SparkPlanGraph
+import org.apache.spark.sql.kyuubi.SparkDatasetHelper
+
+import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
+
+trait SparkMetricsTestUtils {
+  this: WithSparkSQLEngine =>
+
+  private lazy val statusStore = spark.sharedState.statusStore
+  private def currentExecutionIds(): Set[Long] = {
+    spark.sparkContext.listenerBus.waitUntilEmpty(10000)
+    statusStore.executionsList.map(_.executionId).toSet
+  }
+
+  protected def getSparkPlanMetrics(df: DataFrame): Map[Long, (String, Map[String, Any])] = {
+    val previousExecutionIds = currentExecutionIds()
+    SparkDatasetHelper.executeCollect(df)
+    spark.sparkContext.listenerBus.waitUntilEmpty(10000)
+    val executionIds = currentExecutionIds().diff(previousExecutionIds)
+    assert(executionIds.size === 1)
+    val executionId = executionIds.head
+    val metricValues = statusStore.executionMetrics(executionId)
+    SparkPlanGraph(SparkPlanInfo.fromSparkPlan(df.queryExecution.executedPlan)).allNodes
+      .map { node =>
+        val nodeMetrics = node.metrics.map { metric =>
+          val metricValue = metricValues(metric.accumulatorId)
+          (metric.name, metricValue)
+        }.toMap
+        (node.id, node.name -> nodeMetrics)
+      }.toMap
+  }
+}

From 94c72734ca2d64328f99715ed648305d73a0718b Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 27 Apr 2023 10:25:01 +0800
Subject: [PATCH 329/760] [KYUUBI #4767] Correct the submit time for
 BatchJobSubmission and check applicationInfo if submitted application

### _Why are the changes needed?_

- if the kyuubi instance is unreachable, we should not transfer the  batch metadata create time as batch submit time
  - we should always wait the kyuubi instance recovery
  - here using a fake submit time to prevent that the batch be marked  as terminated if application state is NOT_FOUND
- Inside the BatchJobSubmission, using the first get application info time as batch submit time.

In this pr, I also record whether the batch operation submit batch.

If it did submit batch application and the app is not started, we need to mark the batch state as ERROR.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4767 from turboFei/submit_time.

Closes #4767

9d4df0f91 [fwang12] save
3e56a39cb [fwang12] runtime exception -> kyuubi exception
5cac15ec5 [fwang12] nit
92d5000be [fwang12] nit
3678f8f2c [fwang12] wait the app to monitor
d51fb2636 [fwang12] save
708ad20ce [fwang12] refactor
98d49c64e [fwang12] wait
1adbefd59 [fwang12] revert
f3e4f2a11 [fwang12] wait app id ready before monitoring
a3bfe6f56 [fwang12] check app started
7530b5118 [fwang12] check submit app and final state
a41e81d0e [fwang12] refactor
e4217da03 [fwang12] _app start time
3d1e8f022 [fwang12] fake submit timeout
06c8f0a22 [fwang12] correct submit time

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/operation/BatchJobSubmission.scala | 44 +++++++++++--------
 .../server/api/v1/BatchesResource.scala       |  3 +-
 2 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index e6433cdc9..702a9a917 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -78,6 +78,9 @@ class BatchJobSubmission(
 
   @volatile private var _appStartTime = recoveryMetadata.map(_.engineOpenTime).getOrElse(0L)
   def appStartTime: Long = _appStartTime
+  def appStarted: Boolean = _appStartTime > 0
+
+  private lazy val _submitTime = if (appStarted) _appStartTime else System.currentTimeMillis
 
   @VisibleForTesting
   private[kyuubi] val builder: ProcBuilder = {
@@ -101,16 +104,11 @@ class BatchJobSubmission(
 
   override protected def currentApplicationInfo(): Option[ApplicationInfo] = {
     if (isTerminal(state) && _applicationInfo.nonEmpty) return _applicationInfo
-    val submitTime = if (_appStartTime <= 0) {
-      System.currentTimeMillis()
-    } else {
-      _appStartTime
-    }
     val applicationInfo =
       applicationManager.getApplicationInfo(
         builder.clusterManager(),
         batchId,
-        Some(submitTime))
+        Some(_submitTime))
     applicationId(applicationInfo).foreach { _ =>
       if (_appStartTime <= 0) {
         _appStartTime = System.currentTimeMillis()
@@ -142,21 +140,20 @@ class BatchJobSubmission(
 
     if (isTerminalState(state)) {
       if (_applicationInfo.isEmpty) {
-        _applicationInfo =
-          Option(ApplicationInfo(id = null, name = null, state = ApplicationState.NOT_FOUND))
+        _applicationInfo = Some(ApplicationInfo.NOT_FOUND)
       }
     }
 
-    _applicationInfo.foreach { status =>
+    _applicationInfo.foreach { appInfo =>
       val metadataToUpdate = Metadata(
         identifier = batchId,
         state = state.toString,
         engineOpenTime = appStartTime,
-        engineId = status.id,
-        engineName = status.name,
-        engineUrl = status.url.orNull,
-        engineState = status.state.toString,
-        engineError = status.error,
+        engineId = appInfo.id,
+        engineName = appInfo.name,
+        engineUrl = appInfo.url.orNull,
+        engineState = appInfo.state.toString,
+        engineError = appInfo.error,
         endTime = endTime)
       session.sessionManager.updateMetadata(metadataToUpdate)
     }
@@ -258,14 +255,25 @@ class BatchJobSubmission(
 
       if (applicationFailed(_applicationInfo)) {
         process.destroyForcibly()
-        throw new RuntimeException(s"Batch job failed: ${_applicationInfo}")
+        throw new KyuubiException(s"Batch job failed: ${_applicationInfo}")
       } else {
         process.waitFor()
         if (process.exitValue() != 0) {
           throw new KyuubiException(s"Process exit with value ${process.exitValue()}")
         }
 
-        applicationId(_applicationInfo).foreach(monitorBatchJob)
+        while (!appStarted && applicationId(_applicationInfo).isEmpty &&
+          !applicationTerminated(_applicationInfo)) {
+          Thread.sleep(applicationCheckInterval)
+          updateApplicationInfoMetadataIfNeeded()
+        }
+
+        applicationId(_applicationInfo) match {
+          case Some(appId) => monitorBatchJob(appId)
+          case None if !appStarted =>
+            throw new KyuubiException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
+          case None =>
+        }
       }
     } finally {
       builder.close()
@@ -284,7 +292,7 @@ class BatchJobSubmission(
     if (_applicationInfo.isEmpty) {
       info(s"The $batchType batch[$batchId] job: $appId not found, assume that it has finished.")
     } else if (applicationFailed(_applicationInfo)) {
-      throw new RuntimeException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
+      throw new KyuubiException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
     } else {
       updateBatchMetadata()
       // TODO: add limit for max batch job submission lifetime
@@ -294,7 +302,7 @@ class BatchJobSubmission(
       }
 
       if (applicationFailed(_applicationInfo)) {
-        throw new RuntimeException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
+        throw new KyuubiException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
       }
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index a7af369a7..38ce0e297 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -297,7 +297,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
               val batchAppStatus = sessionManager.applicationManager.getApplicationInfo(
                 metadata.clusterManager,
                 batchId,
-                Some(metadata.createTime))
+                // prevent that the batch be marked as terminated if application state is NOT_FOUND
+                Some(metadata.engineOpenTime).filter(_ > 0).orElse(Some(System.currentTimeMillis)))
               buildBatch(metadata, batchAppStatus)
           }
         }

From 5032901dfc1a0b2762fe93244433e598ce997603 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 27 Apr 2023 19:58:10 +0800
Subject: [PATCH 330/760] [KYUUBI #4768] [INFRA] Guidelines for Document and
 Code contributions

### _Why are the changes needed?_

Guidelines for Document and Code Contributions.

- code style
- documentation style
- quick starts
- sphinx-copybutton for copy button in code blocks
- add kind:minor,help wanted,good first issue to doc issue template

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="1325" alt="image" src="https://user-images.githubusercontent.com/8326978/234193368-473e2a1d-2deb-4d91-901a-19cea58a489b.png">

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4768 from yaooqinn/guide.

Closes #4768

3a0bd395b [Kent Yao] Update docs/contributing/doc/build.rst
8fe4f6d14 [Kent Yao] Update docs/contributing/doc/build.rst
a753bdde5 [Kent Yao] Guidelines for Document and Code contributions
f8393fe8d [Kent Yao] Guidelines for Document and Code contributions
8f2d3ce82 [Kent Yao] Guidelines for Document and Code contributions
4f3a2128b [Kent Yao] Guidelines for Document and Code contributions

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 ...provement-report.yml => documentation.yml} |  49 +++----
 docs/conf.py                                  |   2 +
 .../code}/building.md                         |  12 +-
 .../code}/debugging.md                        |   2 +-
 .../code}/developer.md                        |  10 --
 .../code}/distribution.md                     |   2 +-
 docs/contributing/code/get_started.rst        |  70 +++++++++
 .../code}/idea_setup.md                       |   0
 .../code}/index.rst                           |  10 +-
 docs/contributing/code/style.rst              |  39 +++++
 .../code}/testing.md                          |   0
 docs/contributing/doc/build.rst               |  96 +++++++++++++
 docs/contributing/doc/get_started.rst         | 117 +++++++++++++++
 docs/contributing/doc/index.rst               |  44 ++++++
 docs/contributing/doc/style.rst               | 135 ++++++++++++++++++
 docs/develop_tools/build_document.md          |  76 ----------
 docs/index.rst                                |   8 +-
 docs/requirements.txt                         |   2 +
 18 files changed, 545 insertions(+), 129 deletions(-)
 rename .github/ISSUE_TEMPLATE/{doc-improvement-report.yml => documentation.yml} (67%)
 rename docs/{develop_tools => contributing/code}/building.md (93%)
 rename docs/{develop_tools => contributing/code}/debugging.md (98%)
 rename docs/{develop_tools => contributing/code}/developer.md (91%)
 rename docs/{develop_tools => contributing/code}/distribution.md (98%)
 create mode 100644 docs/contributing/code/get_started.rst
 rename docs/{develop_tools => contributing/code}/idea_setup.md (100%)
 rename docs/{develop_tools => contributing/code}/index.rst (84%)
 create mode 100644 docs/contributing/code/style.rst
 rename docs/{develop_tools => contributing/code}/testing.md (100%)
 create mode 100644 docs/contributing/doc/build.rst
 create mode 100644 docs/contributing/doc/get_started.rst
 create mode 100644 docs/contributing/doc/index.rst
 create mode 100644 docs/contributing/doc/style.rst
 delete mode 100644 docs/develop_tools/build_document.md

diff --git a/.github/ISSUE_TEMPLATE/doc-improvement-report.yml b/.github/ISSUE_TEMPLATE/documentation.yml
similarity index 67%
rename from .github/ISSUE_TEMPLATE/doc-improvement-report.yml
rename to .github/ISSUE_TEMPLATE/documentation.yml
index 668ddb256..87b87a6cd 100644
--- a/.github/ISSUE_TEMPLATE/doc-improvement-report.yml
+++ b/.github/ISSUE_TEMPLATE/documentation.yml
@@ -15,16 +15,11 @@
 # limitations under the License.
 #
 
-name: Doc Improvement Report
-title: "[DOCS] "
+name: Documentation fixes or improvement
+title: ":memo: Fix/Add <what> for <which> page"
 description: Fix errors, or improve the content or refactor architecture of online documentation
-labels: ["kind:documentation"]
+labels: ["kind:documentation,kind:minor,help wanted,good first issue"]
 body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for finding the time to report the problem! We really appreciate the community efforts to improve Kyuubi.
-
   - type: checkboxes
     attributes:
       label: Code of Conduct
@@ -43,22 +38,25 @@ body:
             issues.
           required: true
 
-  - type: textarea
+  - type: dropdown
+    id: priority
     attributes:
-      label: Which parts of the documentation do you think need improvement?
-      description: Please describe the details with documentation you have.
-      placeholder: >
-        Please include links to the documentation that you want to improve and possibly screenshots showing
-        the details. Explain why do you think it needs to improve. Make sure you include view of the target
-        audience of the documentation. Please explain why you think the docs are wrong.
+      label: What type of changes will we make to the documentation?
+      options:
+        - Bugfixes
+        - Usage of New Feature
+        - Showcase
+        - Refactoring
+        - Typo, layout, grammar, spelling, punctuation errors, etc.
+    validations:
+      required: true
 
   - type: input
     id: versions
     attributes:
       label: Affects Version(s)
       description: Which versions of Kyuubi Documentation are affected by this issue?
-      placeholder: >
-        e.g. master/1.5.0/1.4.1/...
+      placeholder: e.g. master/1.5.0/1.4.1/...
     validations:
       required: true
 
@@ -67,20 +65,9 @@ body:
       label: Improving the documentation
       description: How do you think the documentation can be improved?
       placeholder: >
-        Please explain how you think the documentation could be improved. Ideally specify where a new or missing
-        documentation should be added and what kind of information should be included. Sometimes people
-        writing the documentation do not realise that some assumptions they have might not be in the heads
-        of the reader, so try to explain exactly what you would like to see in the docs and why.
-
-  - type: textarea
-    attributes:
-      label: Anything else
-      description: Anything else we need to know?
-      placeholder: >
-        How often does this problem occur? (Once? Every time? Only when certain conditions are met?)
-        Any relevant logs to include? Put them here inside fenced
-        ``` ``` blocks or inside a foldable details tag if it's long:
-        <details><summary>x.log</summary> lots of stuff </details>
+        Please include links to the documentation that you want to improve and possibly screenshots showing
+        the details. Explain why do you think it needs to improve. Make sure you include view of the target
+        audience of the documentation. Please explain why you think the docs are wrong.
 
   - type: checkboxes
     attributes:
diff --git a/docs/conf.py b/docs/conf.py
index dcf038314..eaac1aced 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -77,9 +77,11 @@
     'sphinx.ext.napoleon',
     'sphinx.ext.mathjax',
     'recommonmark',
+    'sphinx_copybutton',
     'sphinx_markdown_tables',
     'sphinx_togglebutton',
     'notfound.extension',
+    'sphinxemoji.sphinxemoji',
 ]
 
 master_doc = 'index'
diff --git a/docs/develop_tools/building.md b/docs/contributing/code/building.md
similarity index 93%
rename from docs/develop_tools/building.md
rename to docs/contributing/code/building.md
index d4582dc8d..8c5c5aeec 100644
--- a/docs/develop_tools/building.md
+++ b/docs/contributing/code/building.md
@@ -15,9 +15,9 @@
 - limitations under the License.
 -->
 
-# Building Kyuubi
+# Building From Source
 
-## Building Kyuubi with Apache Maven
+## Building With Maven
 
 **Kyuubi** is built based on [Apache Maven](https://maven.apache.org),
 
@@ -33,7 +33,7 @@ If you want to test it manually, you can start Kyuubi directly from the Kyuubi p
 bin/kyuubi start
 ```
 
-## Building a Submodule Individually
+## Building A Submodule Individually
 
 For instance, you can build the Kyuubi Common module using:
 
@@ -49,7 +49,7 @@ For instance, you can build the Kyuubi Common module using:
 build/mvn clean package -pl kyuubi-common,kyuubi-ha -DskipTests
 ```
 
-## Skipping Some modules
+## Skipping Some Modules
 
 For instance, you can build the Kyuubi modules without Kyuubi Codecov and Assembly modules using:
 
@@ -57,7 +57,7 @@ For instance, you can build the Kyuubi modules without Kyuubi Codecov and Assemb
 mvn clean install -pl '!dev/kyuubi-codecov,!kyuubi-assembly' -DskipTests
 ```
 
-## Building Kyuubi against Different Apache Spark versions
+## Building Kyuubi Against Different Apache Spark Versions
 
 Since v1.1.0, Kyuubi support building with different Spark profiles,
 
@@ -67,7 +67,7 @@ Since v1.1.0, Kyuubi support building with different Spark profiles,
 | -Pspark-3.2 | No      | 1.4.0 |
 | -Pspark-3.3 | Yes     | 1.6.0 |
 
-## Building with Apache dlcdn site
+## Building With Apache dlcdn Site
 
 By default, we use `https://archive.apache.org/dist/` to download the built-in release packages of engines,
 such as Spark or Flink.
diff --git a/docs/develop_tools/debugging.md b/docs/contributing/code/debugging.md
similarity index 98%
rename from docs/develop_tools/debugging.md
rename to docs/contributing/code/debugging.md
index faf7173e4..d3fb6d16f 100644
--- a/docs/develop_tools/debugging.md
+++ b/docs/contributing/code/debugging.md
@@ -35,7 +35,7 @@ In the IDE, you set the corresponding parameters(host&port) in debug configurati
 
 <div align=center>
 
-![](../imgs/idea_debug.png)
+![](../../imgs/idea_debug.png)
 
 </div>
 
diff --git a/docs/develop_tools/developer.md b/docs/contributing/code/developer.md
similarity index 91%
rename from docs/develop_tools/developer.md
rename to docs/contributing/code/developer.md
index 329e219de..8b52057e8 100644
--- a/docs/develop_tools/developer.md
+++ b/docs/contributing/code/developer.md
@@ -24,16 +24,6 @@
 build/mvn versions:set -DgenerateBackupPoms=false
 ```
 
-## Update Document Version
-
-Whenever project version updates, please also update the document version at `docs/conf.py` to target the upcoming release.
-
-For example,
-
-```python
-release = '1.2.0'
-```
-
 ## Update Dependency List
 
 Kyuubi uses the `dev/dependencyList` file to indicate what upstream dependencies will actually go to the server-side classpath.
diff --git a/docs/develop_tools/distribution.md b/docs/contributing/code/distribution.md
similarity index 98%
rename from docs/develop_tools/distribution.md
rename to docs/contributing/code/distribution.md
index 217f0a417..23c9c6542 100644
--- a/docs/develop_tools/distribution.md
+++ b/docs/contributing/code/distribution.md
@@ -15,7 +15,7 @@
 - limitations under the License.
 -->
 
-# Building a Runnable Distribution
+# Building A Runnable Distribution
 
 To create a Kyuubi distribution like those distributed by [Kyuubi Release Page](https://kyuubi.apache.org/releases.html),
 and that is laid out to be runnable, use `./build/dist` in the project root directory.
diff --git a/docs/contributing/code/get_started.rst b/docs/contributing/code/get_started.rst
new file mode 100644
index 000000000..33981a8cd
--- /dev/null
+++ b/docs/contributing/code/get_started.rst
@@ -0,0 +1,70 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Get Started
+===========
+
+Good First Issues
+-----------------
+
+.. image:: https://img.shields.io/github/issues/apache/kyuubi/good%20first%20issue?color=green&label=Good%20first%20issue&logo=gfi&logoColor=red&style=for-the-badge
+   :alt: GitHub issues by-label
+   :target: `Good First Issues`_
+
+**Good First Issue** is initiative to curate easy pickings for first-time
+contributors. It helps you locate suitable development tasks with beginner's
+skills required, and finally make your first contribution to Kyuubi.
+
+After solving one or more good first issues, you should be able to
+
+- Find efficient ways to communicate with the community and get help
+- Setup `develop environment`_ on your machine
+- `Build`_ Kyuubi from source
+- `Run tests`_ locally
+- `Submit a pull request`_ through Github
+- Be listed in `Apache Kyuubi contributors`_
+- And most importantly, you can move to the next level and try some tricky issues
+
+.. note:: Don't linger too long at this stage.
+  :class: dropdown, toggle
+
+Help Wanted Issues
+------------------
+
+.. image:: https://img.shields.io/github/issues/apache/kyuubi/help%20wanted?color=brightgreen&label=HELP%20WANTED&style=for-the-badge
+   :alt: GitHub issues by-label
+   :target: `Help Wanted Issues`_
+
+Issues that maintainers labeled as help wanted are mostly
+
+- sub-tasks of an ongoing shorthanded umbrella
+- non-urgent improvements
+- bug fixes for corner cases
+- feature requests not covered by current technology stack of kyuubi community
+
+Since these problems are not urgent, you can take your time when fixing them.
+
+.. note:: Help wanted issues may contain easy pickings and tricky ones.
+  :class: dropdown, toggle
+
+
+.. _Good First Issues: https://github.com/apache/kyuubi/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
+.. _develop environment: idea_setup.html
+.. _Build: build.html
+.. _Run tests: testing.html
+.. _Submit a pull request: https://kyuubi.apache.org/pull_request.html
+.. _Apache Kyuubi contributors: https://github.com/apache/kyuubi/graphs/contributors
+.. _Help Wanted Issues: https://github.com/apache/kyuubi/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22
+
diff --git a/docs/develop_tools/idea_setup.md b/docs/contributing/code/idea_setup.md
similarity index 100%
rename from docs/develop_tools/idea_setup.md
rename to docs/contributing/code/idea_setup.md
diff --git a/docs/develop_tools/index.rst b/docs/contributing/code/index.rst
similarity index 84%
rename from docs/develop_tools/index.rst
rename to docs/contributing/code/index.rst
index c56321cb3..25a6e421b 100644
--- a/docs/develop_tools/index.rst
+++ b/docs/contributing/code/index.rst
@@ -13,15 +13,19 @@
    See the License for the specific language governing permissions and
    limitations under the License.
 
-Develop Tools
-=============
+Contributing Code
+=================
+
+These sections explain the process, guidelines, and tools for contributing
+code to the Kyuubi project.
 
 .. toctree::
     :maxdepth: 2
 
+    get_started
+    style
     building
     distribution
-    build_document
     testing
     debugging
     developer
diff --git a/docs/contributing/code/style.rst b/docs/contributing/code/style.rst
new file mode 100644
index 000000000..d967e8959
--- /dev/null
+++ b/docs/contributing/code/style.rst
@@ -0,0 +1,39 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Code Style Guide
+================
+
+Code is written once by its author, but read and modified multiple times by
+lots of other engineers. As most bugs actually come from future modification
+of the code, we need to optimize our codebase for long-term, global
+readability and maintainability. The best way to achieve this is to write
+simple code.
+
+Kyuubi's source code is multilingual, specific code style will be applied to
+corresponding language.
+
+Scala Coding Style Guide
+------------------------
+
+Kyuubi adopts the `Databricks Scala Coding Style Guide`_ for scala codes.
+
+Java Coding Style Guide
+-----------------------
+
+Kyuubi adopts the `Google Java style`_ for java codes.
+
+.. _Databricks Scala Coding Style Guide: https://github.com/databricks/scala-style-guide
+.. _Google Java style: https://google.github.io/styleguide/javaguide.html
\ No newline at end of file
diff --git a/docs/develop_tools/testing.md b/docs/contributing/code/testing.md
similarity index 100%
rename from docs/develop_tools/testing.md
rename to docs/contributing/code/testing.md
diff --git a/docs/contributing/doc/build.rst b/docs/contributing/doc/build.rst
new file mode 100644
index 000000000..4ec2362f3
--- /dev/null
+++ b/docs/contributing/doc/build.rst
@@ -0,0 +1,96 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Building Documentation
+======================
+
+Follow the steps below and learn how to build the Kyuubi documentation as the
+one you are watching now.
+
+Setup Environment
+-----------------
+
+- Firstly, install ``virtualenv``, this is optional but recommended as it is useful
+  to create an independent environment to resolve dependency issues for building
+  the documentation.
+
+.. code-block:: sh
+   :caption: Install virtualenv
+
+   $ pip install virtualenv
+
+- Switch to the ``docs`` root directory.
+
+.. code-block:: sh
+   :caption: Switch to docs
+
+   $ cd $KYUUBI_SOURCE_PATH/docs
+
+- Create a virtual environment named 'kyuubi' or anything you like using ``virtualenv``
+  if it's not existing.
+
+.. code-block:: sh
+   :caption: New virtual environment
+
+   $ virtualenv kyuubi
+
+- Activate the virtual environment,
+
+.. code-block:: sh
+   :caption: Activate virtual environment
+
+   $ source ./kyuubi/bin/activate
+
+Install All Dependencies
+------------------------
+
+Install all dependencies enumerated in the ``requirements.txt``.
+
+.. code-block:: sh
+   :caption: Install dependencies
+
+   $ pip install -r requirements.txt
+
+
+Create Documentation
+--------------------
+
+Make sure you are in the ``$KYUUBI_SOURCE_PATH/docs`` directory.
+
+Linux & MacOS
+~~~~~~~~~~~~~
+
+.. code-block:: sh
+   :caption: Sphinx build on Unix-like OS
+
+   $ make html
+
+Windows
+~~~~~~~
+
+.. code-block:: sh
+   :caption: Sphinx build on Windows
+
+   $ make.bat html
+
+
+If the build process succeed, the HTML pages are in
+``$KYUUBI_SOURCE_PATH/docs/_build/html``.
+
+View Locally
+------------
+
+Open the `$KYUUBI_SOURCE_PATH/docs/_build/html/index.html` file in your
+favorite web browser.
diff --git a/docs/contributing/doc/get_started.rst b/docs/contributing/doc/get_started.rst
new file mode 100644
index 000000000..f262695b7
--- /dev/null
+++ b/docs/contributing/doc/get_started.rst
@@ -0,0 +1,117 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Get Started
+===========
+
+.. image:: https://img.shields.io/github/issues/apache/kyuubi/kind:documentation?color=green&logo=gfi&logoColor=red&style=for-the-badge
+   :alt: GitHub issues by-label
+
+
+Trivial Fixes
+-------------
+
+For typos, layout, grammar, spelling, punctuation errors and other similar issues
+or changes that occur within a single file, it is acceptable to make edits directly
+on the page being viewed. When viewing a source file on kyuubi's
+`Github repository`_, a simple click on the ``edit icon`` or keyboard shortcut
+``e`` will activate the editor. Similarly, when viewing files on `Read The Docs`_
+platform, clicking on the ``suggest edit`` button will lead you to the editor.
+These methods do not require any local development environment setup and
+are convenient for making quick fixes.
+
+Upon completion of the editing process, opt the ``commit changes`` option,
+adhere to the provided instructions to submit a pull request,
+and await feedback from the designated reviewer.
+
+Major Fixes
+-----------
+
+For significant modifications that affect multiple files, it is advisable to
+clone the repository to a local development environment, implement the necessary
+changes, and conduct thorough testing prior to submitting a pull request.
+
+
+`Fork`_ The Repository
+~~~~~~~~~~~~~~~~~~~~~~
+
+Clone The Forked Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block::
+   :caption: Clone the repository
+
+   $ git clone https://github.com/your_username/kyuubi.git
+
+Replace "your_username" with your GitHub username. This will create a local
+copy of your forked repository on your machine. You will see the ``master``
+branch if you run ``git branch`` in the ``kyuubi`` folder.
+
+Create A New Branch
+~~~~~~~~~~~~~~~~~~~
+
+.. code-block::
+   :caption: Create a new branch
+
+   $ git checkout -b guide
+   Switched to a new branch 'guide'
+
+Editing And Testing
+~~~~~~~~~~~~~~~~~~~
+
+Make the necessary changes to the documentation files using a text editor.
+`Build and verify`_ the changes you have made to see if they look fine.
+
+.. note::
+   :class: dropdown, toggle
+
+Create A Pull Request
+~~~~~~~~~~~~~~~~~~~~~
+
+Once you have made the changes,
+
+- Commit them with a descriptive commit message using the command:
+
+.. code-block::
+   :caption: commit the changes
+
+   $ git commit -m "Description of changes made"
+
+- Push the changes to your forked repository using the command
+
+.. code-block::
+   :caption: push the changes
+
+   $ git push origin guide
+
+- `Create A Pull Request`_ with a descriptive PR title and description.
+
+- Polishing the PR with comments of reviews addressed
+
+Report Only
+-----------
+
+If you don't have time to fix the doc issue and submit a pull request on your own,
+`reporting a document issue`_ also helps. Please follow some basic rules:
+
+- Use the title field to clearly describe the issue
+- Choose the documentation report template
+- Fill out the required field in the documentation report
+
+.. _Home Page: https://kyuubi.apache.org
+.. _Fork: https://github.com/apache/kyuubi/fork
+.. _Build and verify: build.html
+.. _Create A Pull Request: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request
+.. _reporting a document issue: https://github.com/apache/kyuubi/issues/new/choose
\ No newline at end of file
diff --git a/docs/contributing/doc/index.rst b/docs/contributing/doc/index.rst
new file mode 100644
index 000000000..bf6ae41bd
--- /dev/null
+++ b/docs/contributing/doc/index.rst
@@ -0,0 +1,44 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Contributing Documentations
+===========================
+
+The project documentation is crucial for users and contributors. This guide
+outlines the contribution guidelines for Apache Kyuubi documentation.
+
+Kyuubi's documentation source files are maintained in the same `github repository`_
+as the code base, which ensures updating code and documentation synchronously.
+All documentation source files can be found in the sub-folder named ``docs``.
+
+Kyuubi's documentation is published and hosted on `Read The Docs`_ platform by
+version. with each version having its own dedicated page. To access a specific
+version of the document, simply navigate to the "Docs" tab on our Home Page.
+
+We welcome any contributions to the documentation, including but not limited to
+writing, translation, report doc issues on Github, reposting.
+
+
+.. toctree::
+    :maxdepth: 2
+
+    get_started
+    style
+    build
+
+.. _Github repository: https://github.com/apache/kyuubi
+.. _Restructured Text: https://en.wikipedia.org/wiki/ReStructuredText
+.. _Read The Docs: https://kyuubi.rtfd.io
+.. _Home Page: https://kyuubi.apache.org
\ No newline at end of file
diff --git a/docs/contributing/doc/style.rst b/docs/contributing/doc/style.rst
new file mode 100644
index 000000000..14cc2b8ac
--- /dev/null
+++ b/docs/contributing/doc/style.rst
@@ -0,0 +1,135 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+.. Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Documentation Style Guide
+=========================
+
+This guide contains guidelines, not rules. While guidelines are important
+to follow, they are not hard and fast rules. It's important to use your
+own judgement and discretion when creating content, and to depart from the
+guidelines when necessary to improve the quality and effectiveness of your
+content. Ultimately, the goal is to create content that is clear, concise,
+and useful to your audience, and sometimes deviating from the guidelines
+may be necessary to achieve that goal.
+
+Goals
+-----
+
+- Source text files are readable and portable
+- Source diagram files are editable
+- Source files are maintainable over time and across community
+
+License Header
+--------------
+
+All original documents should include the ASF license header. All reproduced
+or quoted content should be authorized and attributed to the source.
+
+If you are about to quote some from commercial materials, please refer to
+`ASF 3RD PARTY LICENSE POLICY`_, or consult the Apache Kyuubi PMC to avoid
+legality issues.
+
+General Style
+-------------
+
+- Use `ReStructuredText`_ or `Markdown`_ format for text, avoid HTML hacks
+- Use `draw.io`_ for drawing or editing an image, and export it as PNG for
+  referencing in document. A pull request should commit both of them
+- Use Kyuubi for short instead of Apache Kyuubi after the first time in the
+  same page
+- Character line limit: 78, except unbreakable ones
+- Prefer lists to tables
+- Prefer unordered list than ordered
+
+ReStructuredText
+----------------
+
+Headings
+~~~~~~~~
+
+- Use **Pascal Case**, every word starts with an uppercase letter,
+  e.g., 'Documentation Style Guide'
+- Use a max of **three levels**
+ - Split into multiple files when there comes an H4
+ - Prefer `directive rubric`_ than H4
+- Use underline-only adornment styles, **DO NOT** use overline
+ - The length of underline characters **SHOULD** match the title
+ - H1 should be underlined with '='
+ - H2 should be underlined with '-'
+ - H3 should be underlined with '~'
+ - H4 should be underlined with '^', but it's better to avoid using H4
+- **DO NOT** use numbering for sections
+- **DO NOT** use "Kyuubi" in titles if possible
+
+Links
+~~~~~
+
+- Define links with short descriptive phrases, group them at the bottom of the file
+
+.. note::
+  :class: dropdown, toggle
+
+  .. code-block::
+     :caption: Recommended
+
+     Please refer to `Apache Kyuubi Home Page`_.
+
+     .. _Apache Kyuubi Home Page: https://kyuubi.apache.org/
+
+  .. code-block::
+     :caption: Not recommended
+
+     Please refer to `Apache Kyuubi Home Page <https://kyuubi.apache.org/>`_.
+
+
+Markdown
+--------
+
+Headings
+~~~~~~~~
+
+- Use **Pascal Case**, every word starts with an uppercase letter,
+  e.g., 'Documentation Style Guide'
+- Use a max of **three levels**
+ - Split into multiple files when there comes an H4
+- **DO NOT** use numbering for sections
+- **DO NOT** use "Kyuubi" in titles if possible
+
+Images
+------
+
+Use images only when they provide helpful visual explanations of information
+otherwise difficult to express with words
+
+Third-party references
+----------------------
+
+If the preceding references don't provide explicit guidance, then see these
+third-party references, depending on the nature of your question:
+
+- `Google developer documentation style`_
+- `Apple Style Guide`_
+- `Red Hat supplementary style guide for product documentation`_
+
+.. References
+
+.. _ASF 3RD PARTY LICENSE POLICY: https://www.apache.org/legal/resolved.html#asf-3rd-party-license-policy
+.. _directive rubric :https://www.sphinx-doc.org/en/master/usage/restructuredtext/directives.html#directive-rubric
+.. _ReStructuredText: https://docutils.sourceforge.io/rst.html
+.. _Markdown: https://en.wikipedia.org/wiki/Markdown
+.. _draw.io: https://www.diagrams.net/
+.. _Google developer documentation style: https://developers.google.com/style
+.. _Apple Style Guide: https://help.apple.com/applestyleguide/
+.. _Red Hat supplementary style guide for product documentation: https://redhat-documentation.github.io/supplementary-style-guide/
diff --git a/docs/develop_tools/build_document.md b/docs/develop_tools/build_document.md
deleted file mode 100644
index 0be5a1807..000000000
--- a/docs/develop_tools/build_document.md
+++ /dev/null
@@ -1,76 +0,0 @@
-<!--
-- Licensed to the Apache Software Foundation (ASF) under one or more
-- contributor license agreements.  See the NOTICE file distributed with
-- this work for additional information regarding copyright ownership.
-- The ASF licenses this file to You under the Apache License, Version 2.0
-- (the "License"); you may not use this file except in compliance with
-- the License.  You may obtain a copy of the License at
--
--   http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--->
-
-# Building Kyuubi Documentation
-
-Follow the steps below and learn how to build the Kyuubi documentation as the one you are watching now.
-
-## Install & Activate `virtualenv`
-
-Firstly, install `virtualenv`, this is optional but recommended as it is useful to create an independent environment to resolve dependency issues for building the documentation.
-
-```bash
-pip install virtualenv
-```
-
-Switch to the `docs` root directory.
-
-```bash
-cd $KYUUBI_SOURCE_PATH/docs
-```
-
-Create a virtual environment named 'kyuubi' or anything you like using `virtualenv` if it's not existing.
-
-```bash
-virtualenv kyuubi
-```
-
-Activate it,
-
-```bash
-source ./kyuubi/bin/activate
-```
-
-## Install all dependencies
-
-Install all dependencies enumerated in the `requirements.txt`.
-
-```bash
-pip install -r requirements.txt
-```
-
-## Create Documentation
-
-Make sure you are in the `$KYUUBI_SOURCE_PATH/docs` directory.
-
-linux & macos
-
-```bash
-make html
-```
-
-windows
-
-```bash
-make.bat html
-```
-
-If the build process succeed, the HTML pages are in `$KYUUBI_SOURCE_PATH/docs/_build/html`.
-
-## View Locally
-
-Open the `$KYUUBI_SOURCE_PATH/docs/_build/html/index.html` file in your favorite web browser.
diff --git a/docs/index.rst b/docs/index.rst
index fbd299e7b..7f6e0a248 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -216,7 +216,13 @@ What's Next
    :caption: Contributing
    :maxdepth: 2
 
-   develop_tools/index
+   contributing/code/index
+   contributing/doc/index
+
+.. toctree::
+   :caption: Community
+   :maxdepth: 2
+
    community/index
 
 .. toctree::
diff --git a/docs/requirements.txt b/docs/requirements.txt
index ecc8116e7..8e1f5c471 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -24,3 +24,5 @@ sphinx-book-theme==0.3.3
 sphinx-markdown-tables==0.0.17
 sphinx-notfound-page==0.8.3
 sphinx-togglebutton===0.3.2
+sphinxemoji===0.2.0
+sphinx-copybutton===0.5.2

From 4762edc6228f0e1a405f4e0d6b4beaca7d4c63e1 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Thu, 27 Apr 2023 20:33:43 +0800
Subject: [PATCH 331/760] [KYUUBI #4757][UI] Move Statistics to Management Menu

### _Why are the changes needed?_

Close #4757
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4758 from zwangsheng/KYUUBI_4757.

Closes #4757

2daa5fc84 [zwangsheng] fix comments
b1d5177ce [zwangsheng] [KYUUBI #4757][UI] Move Statistics to Management Menu

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../web-ui/src/router/engine/index.ts         | 26 -------------
 kyuubi-server/web-ui/src/router/index.ts      |  8 +---
 .../router/{server => management}/index.ts    | 21 ++++++++--
 .../web-ui/src/router/operation/index.ts      |  5 ---
 .../web-ui/src/router/session/index.ts        | 26 -------------
 .../views/layout/components/aside/types.ts    | 39 +++++++------------
 .../views/{ => management}/engine/index.vue   |  0
 .../operation}/index.vue                      |  0
 .../server}/index.vue                         |  0
 .../session}/index.vue                        |  0
 10 files changed, 33 insertions(+), 92 deletions(-)
 delete mode 100644 kyuubi-server/web-ui/src/router/engine/index.ts
 rename kyuubi-server/web-ui/src/router/{server => management}/index.ts (62%)
 delete mode 100644 kyuubi-server/web-ui/src/router/session/index.ts
 rename kyuubi-server/web-ui/src/views/{ => management}/engine/index.vue (100%)
 rename kyuubi-server/web-ui/src/views/{operation/operation-statistics => management/operation}/index.vue (100%)
 rename kyuubi-server/web-ui/src/views/{server/server-statistics => management/server}/index.vue (100%)
 rename kyuubi-server/web-ui/src/views/{session/session-statistics => management/session}/index.vue (100%)

diff --git a/kyuubi-server/web-ui/src/router/engine/index.ts b/kyuubi-server/web-ui/src/router/engine/index.ts
deleted file mode 100644
index 22b056a32..000000000
--- a/kyuubi-server/web-ui/src/router/engine/index.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-const routes = [
-  {
-    path: '/engine/engine-statistics',
-    name: 'engine-statistics',
-    component: () => import('@/views/engine/index.vue')
-  }
-]
-
-export default routes
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index ce9960ba6..cad831705 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -20,9 +20,7 @@ import overviewRoutes from './overview'
 import workloadRoutes from './workload'
 import operationRoutes from './operation'
 import contactRoutes from './contact'
-import sessionRoutes from './session'
-import engineRoutes from './engine'
-import serverRoutes from './server'
+import managementRoutes from './management'
 
 const routes = [
   {
@@ -39,11 +37,9 @@ const routes = [
     redirect: 'overview',
     children: [
       ...overviewRoutes,
-      ...sessionRoutes,
       ...workloadRoutes,
       ...operationRoutes,
-      ...engineRoutes,
-      ...serverRoutes,
+      ...managementRoutes,
       ...contactRoutes
     ]
   }
diff --git a/kyuubi-server/web-ui/src/router/server/index.ts b/kyuubi-server/web-ui/src/router/management/index.ts
similarity index 62%
rename from kyuubi-server/web-ui/src/router/server/index.ts
rename to kyuubi-server/web-ui/src/router/management/index.ts
index c06240485..a87ff6052 100644
--- a/kyuubi-server/web-ui/src/router/server/index.ts
+++ b/kyuubi-server/web-ui/src/router/management/index.ts
@@ -17,9 +17,24 @@
 
 const router = [
   {
-    path: '/server/server-statistics',
-    name: 'server-statistics',
-    component: () => import('@/views/server/server-statistics/index.vue')
+    path: '/management/engine',
+    name: 'engine',
+    component: () => import('@/views/management/engine/index.vue')
+  },
+  {
+    path: '/management/server',
+    name: 'server',
+    component: () => import('@/views/management/server/index.vue')
+  },
+  {
+    path: '/management/session',
+    name: 'session',
+    component: () => import('@/views/management/session/index.vue')
+  },
+  {
+    path: '/management/operation',
+    name: 'operation',
+    component: () => import('@/views/management/operation/index.vue')
   }
 ]
 
diff --git a/kyuubi-server/web-ui/src/router/operation/index.ts b/kyuubi-server/web-ui/src/router/operation/index.ts
index 8d6dfbd91..03ba4c285 100644
--- a/kyuubi-server/web-ui/src/router/operation/index.ts
+++ b/kyuubi-server/web-ui/src/router/operation/index.ts
@@ -25,11 +25,6 @@ const routes = [
     path: '/operation/completedJobs',
     name: 'operation-completedJobs',
     component: () => import('@/views/operation/completedJobs/index.vue')
-  },
-  {
-    path: '/operation/operation-statistics',
-    name: 'operation-statistics',
-    component: () => import('@/views/operation/operation-statistics/index.vue')
   }
 ]
 
diff --git a/kyuubi-server/web-ui/src/router/session/index.ts b/kyuubi-server/web-ui/src/router/session/index.ts
deleted file mode 100644
index fca49f211..000000000
--- a/kyuubi-server/web-ui/src/router/session/index.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-const routes = [
-  {
-    path: '/session/session-statistics',
-    name: 'session-statistics',
-    component: () => import('@/views/session/session-statistics/index.vue')
-  }
-]
-
-export default routes
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
index 46ea825a9..697ee40cf 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
@@ -22,32 +22,24 @@ export const MENUS = [
     router: '/overview'
   },
   {
-    label: 'Session Management',
+    label: 'Management',
     icon: 'List',
     children: [
       {
-        label: 'Session Statistics',
-        router: '/session/session-statistics'
-      }
-    ]
-  },
-  {
-    label: 'Engine Management',
-    icon: 'List',
-    children: [
+        label: 'Session',
+        router: '/management/session'
+      },
       {
-        label: 'Engine Statistics',
-        router: '/engine/engine-statistics'
-      }
-    ]
-  },
-  {
-    label: 'Server Management',
-    icon: 'List',
-    children: [
+        label: 'Operation',
+        router: '/management/operation'
+      },
       {
-        label: 'Server Statistics',
-        router: '/server/server-statistics'
+        label: 'Engine',
+        router: '/management/engine'
+      },
+      {
+        label: 'Server',
+        router: '/management/server'
       }
     ]
   },
@@ -81,11 +73,6 @@ export const MENUS = [
     label: 'Operation',
     icon: 'List',
     children: [
-      {
-        label: 'Operation Statistics',
-        icon: 'VideoPlay',
-        router: '/operation/operation-statistics'
-      },
       {
         label: 'Running Jobs',
         icon: 'VideoPlay',
diff --git a/kyuubi-server/web-ui/src/views/engine/index.vue b/kyuubi-server/web-ui/src/views/management/engine/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/engine/index.vue
rename to kyuubi-server/web-ui/src/views/management/engine/index.vue
diff --git a/kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue b/kyuubi-server/web-ui/src/views/management/operation/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/operation/operation-statistics/index.vue
rename to kyuubi-server/web-ui/src/views/management/operation/index.vue
diff --git a/kyuubi-server/web-ui/src/views/server/server-statistics/index.vue b/kyuubi-server/web-ui/src/views/management/server/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/server/server-statistics/index.vue
rename to kyuubi-server/web-ui/src/views/management/server/index.vue
diff --git a/kyuubi-server/web-ui/src/views/session/session-statistics/index.vue b/kyuubi-server/web-ui/src/views/management/session/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/session/session-statistics/index.vue
rename to kyuubi-server/web-ui/src/views/management/session/index.vue

From 430f6d5901cfb79267db93dffaa3dc3bb598592f Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 28 Apr 2023 09:59:48 +0800
Subject: [PATCH 332/760] [KYUUBI #4777] Deregister event handlers when
 stopping server with event handler made auto-closeable

### _Why are the changes needed?_

- deregister event handlers when stopping Kyuubiserver, by deregister them from EventBus's handler Registry
- change `EventHandler` from `type` to `trait` and make it extending  `AutoCloseable`
- implement `close` method in `JsonLoggingEventHandler` for closing writers and streams

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4777 from bowenliang123/closable-eventlogger.

Closes #4777

db1ad5d73 [liangbowen] make EventBus.deregisterAll method synchronized
648471ba1 [liangbowen] update
d28931d3c [liangbowen] re-register event loggers in ut
7121fa33a [liangbowen] make EventHandler closable, and de-register all event handlers when stopping server

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../org/apache/kyuubi/events/EventBus.scala      | 16 ++++++++++++++++
 .../events/handler/JsonLoggingEventHandler.scala | 16 ++++++++++++++--
 .../apache/kyuubi/events/handler/package.scala   |  6 +++++-
 .../org/apache/kyuubi/server/KyuubiServer.scala  |  4 +++-
 .../ServerJsonLoggingEventHandlerSuite.scala     |  2 ++
 5 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventBus.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventBus.scala
index e854e40a7..063f1719e 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventBus.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventBus.scala
@@ -40,6 +40,8 @@ sealed trait EventBus {
   def register[T <: KyuubiEvent: ClassTag](eventHandler: EventHandler[T]): EventBus
 
   def registerAsync[T <: KyuubiEvent: ClassTag](eventHandler: EventHandler[T]): EventBus
+
+  def deregisterAll(): Unit = {}
 }
 
 object EventBus extends Logging {
@@ -68,6 +70,10 @@ object EventBus extends Logging {
   def registerAsync[T <: KyuubiEvent: ClassTag](et: EventHandler[T]): EventBus =
     defaultEventBus.registerAsync[T](et)
 
+  def deregisterAll(): Unit = synchronized {
+    defaultEventBus.deregisterAll()
+  }
+
   private case class EventBusLive() extends EventBus {
     private[this] lazy val eventHandlerRegistry = new Registry
     private[this] lazy val asyncEventHandlerRegistry = new Registry
@@ -96,6 +102,11 @@ object EventBus extends Logging {
       asyncEventHandlerRegistry.register(et)
       this
     }
+
+    override def deregisterAll(): Unit = {
+      eventHandlerRegistry.deregisterAll()
+      asyncEventHandlerRegistry.deregisterAll()
+    }
   }
 
   private class Registry {
@@ -122,5 +133,10 @@ object EventBus extends Logging {
       } yield parent
       clazz :: parents
     }
+
+    def deregisterAll(): Unit = {
+      eventHandlers.values.flatten.foreach(_.close())
+      eventHandlers.clear()
+    }
   }
 }
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/JsonLoggingEventHandler.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/JsonLoggingEventHandler.scala
index f6f74de9a..77d80b152 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/JsonLoggingEventHandler.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/JsonLoggingEventHandler.scala
@@ -65,6 +65,17 @@ class JsonLoggingEventHandler(
     stream.foreach(_.hflush())
   }
 
+  override def close(): Unit = {
+    writers.values.foreach { case (writer, stream) =>
+      writer.flush()
+      stream.foreach(_.hflush())
+      writer.close()
+      stream.foreach(_.close())
+    }
+    writers.clear()
+    fs = null
+  }
+
   private def getOrUpdate(event: KyuubiEvent): Logger = synchronized {
     val partitions = event.partitions.map(kv => s"${kv._1}=${kv._2}").mkString(Path.SEPARATOR)
     writers.getOrElseUpdate(
@@ -108,6 +119,7 @@ class JsonLoggingEventHandler(
 }
 
 object JsonLoggingEventHandler {
-  val JSON_LOG_DIR_PERM: FsPermission = new FsPermission(Integer.parseInt("770", 8).toShort)
-  val JSON_LOG_FILE_PERM: FsPermission = new FsPermission(Integer.parseInt("660", 8).toShort)
+  private val JSON_LOG_DIR_PERM: FsPermission = new FsPermission(Integer.parseInt("770", 8).toShort)
+  private val JSON_LOG_FILE_PERM: FsPermission =
+    new FsPermission(Integer.parseInt("660", 8).toShort)
 }
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/package.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/package.scala
index 41cf001ed..69e1fdcee 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/package.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/package.scala
@@ -18,5 +18,9 @@
 package org.apache.kyuubi.events
 
 package object handler {
-  type EventHandler[T <: KyuubiEvent] = T => Unit
+  trait EventHandler[T <: KyuubiEvent] extends AutoCloseable {
+    def apply(event: T): Unit
+
+    def close(): Unit = {}
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index a7f2e8178..8bcd8d084 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -193,5 +193,7 @@ class KyuubiServer(name: String) extends Serverable(name) {
     ServerEventHandlerRegister.registerEventLoggers(conf)
   }
 
-  override protected def stopServer(): Unit = {}
+  override protected def stopServer(): Unit = {
+    EventBus.deregisterAll()
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
index 3bdc9cd38..7c79d6a87 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
@@ -33,6 +33,7 @@ import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 import org.apache.kyuubi._
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.events.ServerEventHandlerRegister
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.operation.OperationState._
 import org.apache.kyuubi.server.KyuubiServer
@@ -197,6 +198,7 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
     server.initialize(conf)
     server.start()
     server.stop()
+    ServerEventHandlerRegister.registerEventLoggers(conf) // register event loggers again
 
     val hostName = InetAddress.getLocalHost.getCanonicalHostName
     val kyuubiServerInfoPath =

From 71d680bef7f38e932ec611cd92a8534aa717a940 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Tue, 2 May 2023 16:59:15 +0800
Subject: [PATCH 333/760] [KYUUBI #4742][DOCS] Add docs for Flink application
 mode

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4782 from link3280/KYUUBI-4742.

Closes #4742

10d33dc1d [Cheng Pan] Update docs/deployment/engine_on_yarn.md
268f9e008 [Cheng Pan] Update docs/deployment/engine_on_yarn.md
f5f55be8d [Paul Lin] [KYUUBI #4742][docs] Address comments
077b08c9b [Paul Lin] [KYUUBI #4742][docs] Apply spotless
9df25c1b2 [Paul Lin] [KYUUBI #4742][docs] Improve languages
ad367df52 [Paul Lin] [KYUUBI #4742][docs] Improve docs
6c0462493 [Paul Lin] [KYUUBI #4742][docs] Improve languages
865a4b518 [Paul Lin] [KYUUBI #4742][docs] Improve languages
79a4da217 [Paul Lin] [KYUUBI #4742][docs] Update docs
bdc88949a [Paul Lin] [KYUUBI #4742][docs] Apply spotless
134e3a7fa [Paul Lin] [KYUUBI #4742][docs] Reformat table
cde778ef5 [Paul Lin] [KYUUBI #4742][docs] Add docs for Flink application mode

Lead-authored-by: Paul Lin <paullin3280@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/engine_on_yarn.md | 78 ++++++++++++++++++++++++-------
 1 file changed, 60 insertions(+), 18 deletions(-)

diff --git a/docs/deployment/engine_on_yarn.md b/docs/deployment/engine_on_yarn.md
index 6812afa46..66177bb0f 100644
--- a/docs/deployment/engine_on_yarn.md
+++ b/docs/deployment/engine_on_yarn.md
@@ -15,13 +15,13 @@
 - limitations under the License.
 -->
 
-# Deploy Kyuubi engines on Yarn
+# Deploy Kyuubi engines on YARN
 
-## Deploy Kyuubi Spark Engine on Yarn
+## Deploy Kyuubi Spark Engine on YARN
 
 ### Requirements
 
-When you want to deploy Kyuubi's Spark SQL engines on YARN, you'd better have cognition upon the following things.
+To deploy Kyuubi's Spark SQL engines on YARN, you'd better have cognition upon the following things.
 
 - Knowing the basics about [Running Spark on YARN](https://spark.apache.org/docs/latest/running-on-yarn.html)
 - A binary distribution of Spark which is built with YARN support
@@ -113,11 +113,11 @@ so `spark.kerberos.keytab` and `spark.kerberos.principal` should not use now.
 
 Instead, you can schedule a periodically `kinit` process via `crontab` task on the local machine that hosts Kyuubi server or simply use [Kyuubi Kinit](settings.html#kinit).
 
-## Deploy Kyuubi Flink Engine on Yarn
+## Deploy Kyuubi Flink Engine on YARN
 
 ### Requirements
 
-When you want to deploy Kyuubi's Flink SQL engines on YARN, you'd better have cognition upon the following things.
+To deploy Kyuubi's Flink SQL engines on YARN, you'd better have cognition upon the following things.
 
 - Knowing the basics about [Running Flink on YARN](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/resource-providers/yarn)
 - A binary distribution of Flink which is built with YARN support
@@ -127,13 +127,59 @@ When you want to deploy Kyuubi's Flink SQL engines on YARN, you'd better have co
 - An active Object Storage cluster, e.g. [HDFS](https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html), S3 and [Minio](https://min.io/) etc.
 - Setup Hadoop client configurations at the machine the Kyuubi server locates
 
-### Yarn Session Mode
+### Flink Deployment Modes
+
+Currently, Flink supports two deployment modes on YARN: [YARN Application Mode](https://nightlies.apache.org/flink/flink-docs-release-1.17/docs/deployment/resource-providers/yarn/#application-mode) and [YARN Session Mode](https://nightlies.apache.org/flink/flink-docs-release-1.17/docs/deployment/resource-providers/yarn/#application-mode).
+
+- YARN Application Mode: In this mode, Kyuubi starts a dedicated Flink application cluster and runs the SQL engine on it.
+- YARN Session Mode: In this mode, Kyuubi starts the Flink SQL engine locally and connects to a running Flink YARN session cluster.
+
+As Kyuubi has to know the deployment mode before starting the SQL engine, it's required to specify the deployment mode in Kyuubi configuration.
+
+```properties
+# candidates: yarn-application, yarn-session
+flink.execution.target=yarn-application
+```
+
+### YARN Application Mode
+
+#### Flink Configurations
+
+Since the Flink SQL engine runs inside the JobManager, it's recommended to tune the resource configurations of the JobManager based on your workload.
+
+The related Flink configurations are listed below (see more details at [Flink Configuration](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/config/#yarn)):
+
+|              Name              | Default |                                        Meaning                                         |
+|--------------------------------|---------|----------------------------------------------------------------------------------------|
+| yarn.appmaster.vcores          | 1       | The number of virtual cores (vcores) used by the JobManager (YARN application master). |
+| jobmanager.memory.process.size | (none)  | Total size of the memory of the JobManager process.                                    |
+
+```bash
+
+#### Environment
+
+Either `HADOOP_CONF_DIR` or `YARN_CONF_DIR` is configured and points to the Hadoop client configurations directory, usually, `$HADOOP_HOME/etc/hadoop`.
+
+You could verify your setup by the following command:
+
+```bash
+# we assume to be in the root directory of 
+# the unzipped Flink distribution
+
+# (0) export HADOOP_CLASSPATH
+export HADOOP_CLASSPATH=`hadoop classpath`
+
+# (1) submit a Flink job and ensure it runs successfully
+./bin/flink run -m yarn-cluster ./examples/streaming/WordCount.jar
+```
+
+### YARN Session Mode
 
 #### Flink Configurations
 
 ```bash
 execution.target: yarn-session
-# Yarn Session Cluster application id.
+# YARN Session Cluster application id.
 yarn.application.id: application_00000000XX_00XX
 ```
 
@@ -194,23 +240,19 @@ To use Hadoop vanilla jars, please configure $KYUUBI_HOME/conf/kyuubi-env.sh as
 $ echo "export FLINK_HADOOP_CLASSPATH=`hadoop classpath`" >> $KYUUBI_HOME/conf/kyuubi-env.sh
 ```
 
-### Deployment Modes Supported by Flink on YARN
-
-For experiment use, we recommend deploying Kyuubi Flink SQL engine in [Session Mode](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/resource-providers/yarn/#session-mode).
-At present, [Application Mode](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/resource-providers/yarn/#application-mode) and [Per-Job Mode (deprecated)](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/resource-providers/yarn/#per-job-mode-deprecated) are not supported for Flink engine.
-
 ### Kerberos
 
-As Kyuubi Flink SQL engine wraps the Flink SQL client that currently does not support [Flink Kerberos Configuration](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/#security-kerberos-login-keytab),
-so `security.kerberos.login.keytab` and `security.kerberos.login.principal` should not use now.
+With regard to YARN application mode, Kerberos is supported natively by Flink, see [Flink Kerberos Configuration](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/#security-kerberos-login-keytab) for details.
 
-Instead, you can schedule a periodically `kinit` process via `crontab` task on the local machine that hosts Kyuubi server or simply use [Kyuubi Kinit](settings.html#kinit).
+With regard to YARN session mode, `security.kerberos.login.keytab` and `security.kerberos.login.principal` are not effective, as Kyuubi Flink SQL engine mainly relies on Flink SQL client which currently does not support [Flink Kerberos Configuration](https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/#security-kerberos-login-keytab),
+
+As a workaround, you can schedule a periodically `kinit` process via `crontab` task on the local machine that hosts Kyuubi server or simply use [Kyuubi Kinit](settings.html#kinit).
 
-## Deploy Kyuubi Hive Engine on Yarn
+## Deploy Kyuubi Hive Engine on YARN
 
 ### Requirements
 
-When you want to deploy Kyuubi's Hive SQL engines on YARN, you'd better have cognition upon the following things.
+To deploy Kyuubi's Hive SQL engines on YARN, you'd better have cognition upon the following things.
 
 - Knowing the basics about [Running Hive on YARN](https://cwiki.apache.org/confluence/display/Hive/GettingStarted)
 - A binary distribution of Hive
@@ -239,7 +281,7 @@ $ $HIVE_HOME/bin/beeline -u 'jdbc:hive2://localhost:10000/default'
 0: jdbc:hive2://localhost:10000/default> INSERT INTO TABLE pokes VALUES (1, 'hello');
 ```
 
-If the `Hive SQL` passes and there is a job in Yarn Web UI, It indicates the hive environment is normal.
+If the `Hive SQL` passes and there is a job in YARN Web UI, it indicates the hive environment is good.
 
 #### Required Environment Variable
 

From e4fe4814ec6d8f888997deb7f46fe3d608fa607d Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 3 May 2023 18:39:22 +0800
Subject: [PATCH 334/760] [KYUUBI #4783] Use pnpm v8 and update pnpm lockfile
 to v6 schema

### _Why are the changes needed?_

- v8 is now the stable version of pnpm
- lockfile v6 is used by default since pnpm v8.0, which improves the readability of the lockfile by removing hashes from package IDs and more resistant to git merge conflicts (https://github.com/pnpm/pnpm/releases/tag/v8.0.0)
- pnpm 8 supports nodejs 16 and 18 (https://pnpm.io/installation#compatibility)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4783 from bowenliang123/pnpm8.

Closes #4783

8b3db3820 [liangbowen] use pnpm v8 and update lock file to v6

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/style.yml         |   2 +-
 .github/workflows/web-ui.yml        |   2 +-
 kyuubi-server/web-ui/README.md      |   2 +-
 kyuubi-server/web-ui/pnpm-lock.yaml | 926 ++++++++++++++--------------
 pom.xml                             |   2 +-
 5 files changed, 472 insertions(+), 462 deletions(-)

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index b045de397..e2e6fd70e 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -93,7 +93,7 @@ jobs:
       - name: Web UI Style with node
         run: |
           cd ./kyuubi-server/web-ui
-          npm install pnpm@7 -g
+          npm install pnpm@8 -g
           pnpm install
           pnpm run lint
           echo "---------------------------------------Notice------------------------------------"
diff --git a/.github/workflows/web-ui.yml b/.github/workflows/web-ui.yml
index 2a48eeaa1..65fb47594 100644
--- a/.github/workflows/web-ui.yml
+++ b/.github/workflows/web-ui.yml
@@ -28,7 +28,7 @@ jobs:
       - name: npm run coverage & build
         run: |
           cd ./kyuubi-server/web-ui
-          npm install pnpm@7 -g
+          npm install pnpm@8 -g
           pnpm install
           pnpm run coverage
           pnpm run build
diff --git a/kyuubi-server/web-ui/README.md b/kyuubi-server/web-ui/README.md
index b892a6902..abac83e9f 100644
--- a/kyuubi-server/web-ui/README.md
+++ b/kyuubi-server/web-ui/README.md
@@ -45,7 +45,7 @@ npm run prettier
 
 ### Recommend
 
-If you want to save disk space and boost installation speed, we recommend using `pnpm 7.x.x` to instead of npm.
+If you want to save disk space and boost installation speed, we recommend using `pnpm 8.x.x` to instead of npm.
 You can learn how to install the corresponding version from its official website.
 
 - [pnpm](https://pnpm.io/)
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 1926352ab..6776a3fb5 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -1,85 +1,111 @@
-lockfileVersion: 5.4
-
-specifiers:
-  '@element-plus/icons-vue': ^2.0.9
-  '@iconify-json/ep': ^1.1.6
-  '@types/node': ^18.7.1
-  '@typescript-eslint/eslint-plugin': ^5.33.0
-  '@typescript-eslint/parser': ^5.33.0
-  '@vitejs/plugin-vue': ^3.0.0
-  '@vitest/coverage-c8': ^0.22.0
-  '@vue/eslint-config-prettier': ^7.0.0
-  '@vue/eslint-config-typescript': ^11.0.0
-  '@vue/test-utils': ^2.0.2
-  axios: ^0.27.2
-  date-fns: ^2.29.3
-  element-plus: ^2.2.12
-  eslint: ^8.21.0
-  eslint-plugin-prettier: ^4.2.1
-  eslint-plugin-vue: ^9.3.0
-  jsdom: ^20.0.0
-  pinia: ^2.0.18
-  pinia-plugin-persistedstate: ^2.1.1
-  prettier: ^2.7.1
-  sass: ^1.54.4
-  typescript: ^4.6.4
-  vite: ^3.0.0
-  vitest: ^0.22.0
-  vue: ^3.2.37
-  vue-i18n: ^9.2.2
-  vue-router: ^4.1.3
-  vue-tsc: ^0.38.4
+lockfileVersion: '6.0'
 
 dependencies:
-  '@element-plus/icons-vue': 2.0.9_vue@3.2.37
-  axios: 0.27.2
-  date-fns: 2.29.3
-  element-plus: 2.2.13_vue@3.2.37
-  pinia: 2.0.18_j6bzmzd4ujpabbp5objtwxyjp4
-  pinia-plugin-persistedstate: 2.1.1_pinia@2.0.18
-  vue: 3.2.37
-  vue-i18n: 9.2.2_vue@3.2.37
-  vue-router: 4.1.3_vue@3.2.37
+  '@element-plus/icons-vue':
+    specifier: ^2.0.9
+    version: 2.0.9(vue@3.2.37)
+  axios:
+    specifier: ^0.27.2
+    version: 0.27.2
+  date-fns:
+    specifier: ^2.29.3
+    version: 2.29.3
+  element-plus:
+    specifier: ^2.2.12
+    version: 2.2.13(vue@3.2.37)
+  pinia:
+    specifier: ^2.0.18
+    version: 2.0.18(typescript@4.7.4)(vue@3.2.37)
+  pinia-plugin-persistedstate:
+    specifier: ^2.1.1
+    version: 2.1.1(pinia@2.0.18)
+  vue:
+    specifier: ^3.2.37
+    version: 3.2.37
+  vue-i18n:
+    specifier: ^9.2.2
+    version: 9.2.2(vue@3.2.37)
+  vue-router:
+    specifier: ^4.1.3
+    version: 4.1.3(vue@3.2.37)
 
 devDependencies:
-  '@iconify-json/ep': 1.1.7
-  '@types/node': 18.7.6
-  '@typescript-eslint/eslint-plugin': 5.33.1_vsoshirnpb7xw6mr7xomgfas2i
-  '@typescript-eslint/parser': 5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq
-  '@vitejs/plugin-vue': 3.0.3_vite@3.0.8+vue@3.2.37
-  '@vitest/coverage-c8': 0.22.0_jsdom@20.0.0+sass@1.54.4
-  '@vue/eslint-config-prettier': 7.0.0_2xd4q2tc5cqa5as7uugqhp6oue
-  '@vue/eslint-config-typescript': 11.0.0_4py5zxx5ck6utobkmozwvrmyiy
-  '@vue/test-utils': 2.0.2_vue@3.2.37
-  eslint: 8.22.0
-  eslint-plugin-prettier: 4.2.1_2xd4q2tc5cqa5as7uugqhp6oue
-  eslint-plugin-vue: 9.3.0_eslint@8.22.0
-  jsdom: 20.0.0
-  prettier: 2.7.1
-  sass: 1.54.4
-  typescript: 4.7.4
-  vite: 3.0.8_sass@1.54.4
-  vitest: 0.22.0_jsdom@20.0.0+sass@1.54.4
-  vue-tsc: 0.38.9_typescript@4.7.4
+  '@iconify-json/ep':
+    specifier: ^1.1.6
+    version: 1.1.7
+  '@types/node':
+    specifier: ^18.7.1
+    version: 18.7.6
+  '@typescript-eslint/eslint-plugin':
+    specifier: ^5.33.0
+    version: 5.33.1(@typescript-eslint/parser@5.33.1)(eslint@8.22.0)(typescript@4.7.4)
+  '@typescript-eslint/parser':
+    specifier: ^5.33.0
+    version: 5.33.1(eslint@8.22.0)(typescript@4.7.4)
+  '@vitejs/plugin-vue':
+    specifier: ^3.0.0
+    version: 3.0.3(vite@3.0.8)(vue@3.2.37)
+  '@vitest/coverage-c8':
+    specifier: ^0.22.0
+    version: 0.22.0(jsdom@20.0.0)(sass@1.54.4)
+  '@vue/eslint-config-prettier':
+    specifier: ^7.0.0
+    version: 7.0.0(eslint@8.22.0)(prettier@2.7.1)
+  '@vue/eslint-config-typescript':
+    specifier: ^11.0.0
+    version: 11.0.0(eslint-plugin-vue@9.3.0)(eslint@8.22.0)(typescript@4.7.4)
+  '@vue/test-utils':
+    specifier: ^2.0.2
+    version: 2.0.2(vue@3.2.37)
+  eslint:
+    specifier: ^8.21.0
+    version: 8.22.0
+  eslint-plugin-prettier:
+    specifier: ^4.2.1
+    version: 4.2.1(eslint-config-prettier@8.5.0)(eslint@8.22.0)(prettier@2.7.1)
+  eslint-plugin-vue:
+    specifier: ^9.3.0
+    version: 9.3.0(eslint@8.22.0)
+  jsdom:
+    specifier: ^20.0.0
+    version: 20.0.0
+  prettier:
+    specifier: ^2.7.1
+    version: 2.7.1
+  sass:
+    specifier: ^1.54.4
+    version: 1.54.4
+  typescript:
+    specifier: ^4.6.4
+    version: 4.7.4
+  vite:
+    specifier: ^3.0.0
+    version: 3.0.8(sass@1.54.4)
+  vitest:
+    specifier: ^0.22.0
+    version: 0.22.0(jsdom@20.0.0)(sass@1.54.4)
+  vue-tsc:
+    specifier: ^0.38.4
+    version: 0.38.9(typescript@4.7.4)
 
 packages:
 
-  /@babel/helper-string-parser/7.18.10:
+  /@babel/helper-string-parser@7.18.10:
     resolution: {integrity: sha512-XtIfWmeNY3i4t7t4D2t02q50HvqHybPqW2ki1kosnvWCwuCMeo81Jf0gwr85jy/neUdg5XDdeFE/80DXiO+njw==}
     engines: {node: '>=6.9.0'}
 
-  /@babel/helper-validator-identifier/7.18.6:
+  /@babel/helper-validator-identifier@7.18.6:
     resolution: {integrity: sha512-MmetCkz9ej86nJQV+sFCxoGGrUbU3q02kgLciwkrt9QqEB7cP39oKEY0PakknEO0Gu20SskMRi+AYZ3b1TpN9g==}
     engines: {node: '>=6.9.0'}
 
-  /@babel/parser/7.18.11:
+  /@babel/parser@7.18.11:
     resolution: {integrity: sha512-9JKn5vN+hDt0Hdqn1PiJ2guflwP+B6Ga8qbDuoF0PzzVhrzsKIJo8yGqVk6CmMHiMei9w1C1Bp9IMJSIK+HPIQ==}
     engines: {node: '>=6.0.0'}
     hasBin: true
     dependencies:
       '@babel/types': 7.18.10
 
-  /@babel/types/7.18.10:
+  /@babel/types@7.18.10:
     resolution: {integrity: sha512-MJvnbEiiNkpjo+LknnmRrqbY1GPUUggjv+wQVjetM/AONoupqRALB7I6jGqNUAZsKcRIEu2J6FRFvsczljjsaQ==}
     engines: {node: '>=6.9.0'}
     dependencies:
@@ -87,16 +113,16 @@ packages:
       '@babel/helper-validator-identifier': 7.18.6
       to-fast-properties: 2.0.0
 
-  /@bcoe/v8-coverage/0.2.3:
+  /@bcoe/v8-coverage@0.2.3:
     resolution: {integrity: sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==}
     dev: true
 
-  /@ctrl/tinycolor/3.4.1:
+  /@ctrl/tinycolor@3.4.1:
     resolution: {integrity: sha512-ej5oVy6lykXsvieQtqZxCOaLT+xD4+QNarq78cIYISHmZXshCvROLudpQN3lfL8G0NL7plMSSK+zlyvCaIJ4Iw==}
     engines: {node: '>=10'}
     dev: false
 
-  /@element-plus/icons-vue/2.0.9_vue@3.2.37:
+  /@element-plus/icons-vue@2.0.9(vue@3.2.37):
     resolution: {integrity: sha512-okdrwiVeKBmW41Hkl0eMrXDjzJwhQMuKiBOu17rOszqM+LS/yBYpNQNV5Jvoh06Wc+89fMmb/uhzf8NZuDuUaQ==}
     peerDependencies:
       vue: ^3.2.0
@@ -104,7 +130,7 @@ packages:
       vue: 3.2.37
     dev: false
 
-  /@esbuild/linux-loong64/0.14.54:
+  /@esbuild/linux-loong64@0.14.54:
     resolution: {integrity: sha512-bZBrLAIX1kpWelV0XemxBZllyRmM6vgFQQG2GdNb+r3Fkp0FOh1NJSvekXDs7jq70k4euu1cryLMfU+mTXlEpw==}
     engines: {node: '>=12'}
     cpu: [loong64]
@@ -113,7 +139,7 @@ packages:
     dev: true
     optional: true
 
-  /@eslint/eslintrc/1.3.0:
+  /@eslint/eslintrc@1.3.0:
     resolution: {integrity: sha512-UWW0TMTmk2d7hLcWD1/e2g5HDM/HQ3csaLSqXCfqwh4uNDuNqlaKWXmEsL4Cs41Z0KnILNvwbHAah3C2yt06kw==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dependencies:
@@ -130,17 +156,17 @@ packages:
       - supports-color
     dev: true
 
-  /@floating-ui/core/0.7.3:
+  /@floating-ui/core@0.7.3:
     resolution: {integrity: sha512-buc8BXHmG9l82+OQXOFU3Kr2XQx9ys01U/Q9HMIrZ300iLc8HLMgh7dcCqgYzAzf4BkoQvDcXf5Y+CuEZ5JBYg==}
     dev: false
 
-  /@floating-ui/dom/0.5.4:
+  /@floating-ui/dom@0.5.4:
     resolution: {integrity: sha512-419BMceRLq0RrmTSDxn8hf9R3VCJv2K9PUfugh5JyEFmdjzDo+e8U5EdR8nzKq8Yj1htzLm3b6eQEEam3/rrtg==}
     dependencies:
       '@floating-ui/core': 0.7.3
     dev: false
 
-  /@humanwhocodes/config-array/0.10.4:
+  /@humanwhocodes/config-array@0.10.4:
     resolution: {integrity: sha512-mXAIHxZT3Vcpg83opl1wGlVZ9xydbfZO3r5YfRSH6Gpp2J/PfdBP0wbDa2sO6/qRbcalpoevVyW6A/fI6LfeMw==}
     engines: {node: '>=10.10.0'}
     dependencies:
@@ -151,25 +177,25 @@ packages:
       - supports-color
     dev: true
 
-  /@humanwhocodes/gitignore-to-minimatch/1.0.2:
+  /@humanwhocodes/gitignore-to-minimatch@1.0.2:
     resolution: {integrity: sha512-rSqmMJDdLFUsyxR6FMtD00nfQKKLFb1kv+qBbOVKqErvloEIJLo5bDTJTQNTYgeyp78JsA7u/NPi5jT1GR/MuA==}
     dev: true
 
-  /@humanwhocodes/object-schema/1.2.1:
+  /@humanwhocodes/object-schema@1.2.1:
     resolution: {integrity: sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==}
     dev: true
 
-  /@iconify-json/ep/1.1.7:
+  /@iconify-json/ep@1.1.7:
     resolution: {integrity: sha512-GhXWVKalXFlrGgfrCXAgqBre5hv3pPAknuxyywmjamcrL5gl5Mq9WOZtuhb4cB6cJ5pMiKOMtegt73FheqWscA==}
     dependencies:
       '@iconify/types': 1.1.0
     dev: true
 
-  /@iconify/types/1.1.0:
+  /@iconify/types@1.1.0:
     resolution: {integrity: sha512-Jh0llaK2LRXQoYsorIH8maClebsnzTcve+7U3rQUSnC11X4jtPnFuyatqFLvMxZ8MLG8dB4zfHsbPfuvxluONw==}
     dev: true
 
-  /@intlify/core-base/9.2.2:
+  /@intlify/core-base@9.2.2:
     resolution: {integrity: sha512-JjUpQtNfn+joMbrXvpR4hTF8iJQ2sEFzzK3KIESOx+f+uwIjgw20igOyaIdhfsVVBCds8ZM64MoeNSx+PHQMkA==}
     engines: {node: '>= 14'}
     dependencies:
@@ -179,14 +205,14 @@ packages:
       '@intlify/vue-devtools': 9.2.2
     dev: false
 
-  /@intlify/devtools-if/9.2.2:
+  /@intlify/devtools-if@9.2.2:
     resolution: {integrity: sha512-4ttr/FNO29w+kBbU7HZ/U0Lzuh2cRDhP8UlWOtV9ERcjHzuyXVZmjyleESK6eVP60tGC9QtQW9yZE+JeRhDHkg==}
     engines: {node: '>= 14'}
     dependencies:
       '@intlify/shared': 9.2.2
     dev: false
 
-  /@intlify/message-compiler/9.2.2:
+  /@intlify/message-compiler@9.2.2:
     resolution: {integrity: sha512-IUrQW7byAKN2fMBe8z6sK6riG1pue95e5jfokn8hA5Q3Bqy4MBJ5lJAofUsawQJYHeoPJ7svMDyBaVJ4d0GTtA==}
     engines: {node: '>= 14'}
     dependencies:
@@ -194,12 +220,12 @@ packages:
       source-map: 0.6.1
     dev: false
 
-  /@intlify/shared/9.2.2:
+  /@intlify/shared@9.2.2:
     resolution: {integrity: sha512-wRwTpsslgZS5HNyM7uDQYZtxnbI12aGiBZURX3BTR9RFIKKRWpllTsgzHWvj3HKm3Y2Sh5LPC1r0PDCKEhVn9Q==}
     engines: {node: '>= 14'}
     dev: false
 
-  /@intlify/vue-devtools/9.2.2:
+  /@intlify/vue-devtools@9.2.2:
     resolution: {integrity: sha512-+dUyqyCHWHb/UcvY1MlIpO87munedm3Gn6E9WWYdWrMuYLcoIoOEVDWSS8xSwtlPU+kA+MEQTP6Q1iI/ocusJg==}
     engines: {node: '>= 14'}
     dependencies:
@@ -207,28 +233,28 @@ packages:
       '@intlify/shared': 9.2.2
     dev: false
 
-  /@istanbuljs/schema/0.1.3:
+  /@istanbuljs/schema@0.1.3:
     resolution: {integrity: sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==}
     engines: {node: '>=8'}
     dev: true
 
-  /@jridgewell/resolve-uri/3.1.0:
+  /@jridgewell/resolve-uri@3.1.0:
     resolution: {integrity: sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==}
     engines: {node: '>=6.0.0'}
     dev: true
 
-  /@jridgewell/sourcemap-codec/1.4.14:
+  /@jridgewell/sourcemap-codec@1.4.14:
     resolution: {integrity: sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==}
     dev: true
 
-  /@jridgewell/trace-mapping/0.3.15:
+  /@jridgewell/trace-mapping@0.3.15:
     resolution: {integrity: sha512-oWZNOULl+UbhsgB51uuZzglikfIKSUBO/M9W2OfEjn7cmqoAiCgmv9lyACTUacZwBz0ITnJ2NqjU8Tx0DHL88g==}
     dependencies:
       '@jridgewell/resolve-uri': 3.1.0
       '@jridgewell/sourcemap-codec': 1.4.14
     dev: true
 
-  /@nodelib/fs.scandir/2.1.5:
+  /@nodelib/fs.scandir@2.1.5:
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
     dependencies:
@@ -236,12 +262,12 @@ packages:
       run-parallel: 1.2.0
     dev: true
 
-  /@nodelib/fs.stat/2.0.5:
+  /@nodelib/fs.stat@2.0.5:
     resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==}
     engines: {node: '>= 8'}
     dev: true
 
-  /@nodelib/fs.walk/1.2.8:
+  /@nodelib/fs.walk@1.2.8:
     resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==}
     engines: {node: '>= 8'}
     dependencies:
@@ -249,52 +275,52 @@ packages:
       fastq: 1.13.0
     dev: true
 
-  /@sxzz/popperjs-es/2.11.7:
+  /@sxzz/popperjs-es@2.11.7:
     resolution: {integrity: sha512-Ccy0NlLkzr0Ex2FKvh2X+OyERHXJ88XJ1MXtsI9y9fGexlaXaVTPzBCRBwIxFkORuOb+uBqeu+RqnpgYTEZRUQ==}
     dev: false
 
-  /@tootallnate/once/2.0.0:
+  /@tootallnate/once@2.0.0:
     resolution: {integrity: sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==}
     engines: {node: '>= 10'}
     dev: true
 
-  /@types/chai-subset/1.3.3:
+  /@types/chai-subset@1.3.3:
     resolution: {integrity: sha512-frBecisrNGz+F4T6bcc+NLeolfiojh5FxW2klu669+8BARtyQv2C/GkNW6FUodVe4BroGMP/wER/YDGc7rEllw==}
     dependencies:
       '@types/chai': 4.3.3
     dev: true
 
-  /@types/chai/4.3.3:
+  /@types/chai@4.3.3:
     resolution: {integrity: sha512-hC7OMnszpxhZPduX+m+nrx+uFoLkWOMiR4oa/AZF3MuSETYTZmFfJAHqZEM8MVlvfG7BEUcgvtwoCTxBp6hm3g==}
     dev: true
 
-  /@types/istanbul-lib-coverage/2.0.4:
+  /@types/istanbul-lib-coverage@2.0.4:
     resolution: {integrity: sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==}
     dev: true
 
-  /@types/json-schema/7.0.11:
+  /@types/json-schema@7.0.11:
     resolution: {integrity: sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==}
     dev: true
 
-  /@types/lodash-es/4.17.6:
+  /@types/lodash-es@4.17.6:
     resolution: {integrity: sha512-R+zTeVUKDdfoRxpAryaQNRKk3105Rrgx2CFRClIgRGaqDTdjsm8h6IYA8ir584W3ePzkZfst5xIgDwYrlh9HLg==}
     dependencies:
       '@types/lodash': 4.14.183
     dev: false
 
-  /@types/lodash/4.14.183:
+  /@types/lodash@4.14.183:
     resolution: {integrity: sha512-UXavyuxzXKMqJPEpFPri6Ku5F9af6ZJXUneHhvQJxavrEjuHkFp2YnDWHcxJiG7hk8ZkWqjcyNeW1s/smZv5cw==}
     dev: false
 
-  /@types/node/18.7.6:
+  /@types/node@18.7.6:
     resolution: {integrity: sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A==}
     dev: true
 
-  /@types/web-bluetooth/0.0.14:
+  /@types/web-bluetooth@0.0.14:
     resolution: {integrity: sha512-5d2RhCard1nQUC3aHcq/gHzWYO6K0WJmAbjO7mQJgCQKtZpgXxv1rOM6O/dBDhDYYVutk1sciOgNSe+5YyfM8A==}
     dev: false
 
-  /@typescript-eslint/eslint-plugin/5.33.1_vsoshirnpb7xw6mr7xomgfas2i:
+  /@typescript-eslint/eslint-plugin@5.33.1(@typescript-eslint/parser@5.33.1)(eslint@8.22.0)(typescript@4.7.4):
     resolution: {integrity: sha512-S1iZIxrTvKkU3+m63YUOxYPKaP+yWDQrdhxTglVDVEVBf+aCSw85+BmJnyUaQQsk5TXFG/LpBu9fa+LrAQ91fQ==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -305,23 +331,23 @@ packages:
       typescript:
         optional: true
     dependencies:
-      '@typescript-eslint/parser': 5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq
+      '@typescript-eslint/parser': 5.33.1(eslint@8.22.0)(typescript@4.7.4)
       '@typescript-eslint/scope-manager': 5.33.1
-      '@typescript-eslint/type-utils': 5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq
-      '@typescript-eslint/utils': 5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq
+      '@typescript-eslint/type-utils': 5.33.1(eslint@8.22.0)(typescript@4.7.4)
+      '@typescript-eslint/utils': 5.33.1(eslint@8.22.0)(typescript@4.7.4)
       debug: 4.3.4
       eslint: 8.22.0
       functional-red-black-tree: 1.0.1
       ignore: 5.2.0
       regexpp: 3.2.0
       semver: 7.3.7
-      tsutils: 3.21.0_typescript@4.7.4
+      tsutils: 3.21.0(typescript@4.7.4)
       typescript: 4.7.4
     transitivePeerDependencies:
       - supports-color
     dev: true
 
-  /@typescript-eslint/parser/5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq:
+  /@typescript-eslint/parser@5.33.1(eslint@8.22.0)(typescript@4.7.4):
     resolution: {integrity: sha512-IgLLtW7FOzoDlmaMoXdxG8HOCByTBXrB1V2ZQYSEV1ggMmJfAkMWTwUjjzagS6OkfpySyhKFkBw7A9jYmcHpZA==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -333,7 +359,7 @@ packages:
     dependencies:
       '@typescript-eslint/scope-manager': 5.33.1
       '@typescript-eslint/types': 5.33.1
-      '@typescript-eslint/typescript-estree': 5.33.1_typescript@4.7.4
+      '@typescript-eslint/typescript-estree': 5.33.1(typescript@4.7.4)
       debug: 4.3.4
       eslint: 8.22.0
       typescript: 4.7.4
@@ -341,7 +367,7 @@ packages:
       - supports-color
     dev: true
 
-  /@typescript-eslint/scope-manager/5.33.1:
+  /@typescript-eslint/scope-manager@5.33.1:
     resolution: {integrity: sha512-8ibcZSqy4c5m69QpzJn8XQq9NnqAToC8OdH/W6IXPXv83vRyEDPYLdjAlUx8h/rbusq6MkW4YdQzURGOqsn3CA==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dependencies:
@@ -349,7 +375,7 @@ packages:
       '@typescript-eslint/visitor-keys': 5.33.1
     dev: true
 
-  /@typescript-eslint/type-utils/5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq:
+  /@typescript-eslint/type-utils@5.33.1(eslint@8.22.0)(typescript@4.7.4):
     resolution: {integrity: sha512-X3pGsJsD8OiqhNa5fim41YtlnyiWMF/eKsEZGsHID2HcDqeSC5yr/uLOeph8rNF2/utwuI0IQoAK3fpoxcLl2g==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -359,21 +385,21 @@ packages:
       typescript:
         optional: true
     dependencies:
-      '@typescript-eslint/utils': 5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq
+      '@typescript-eslint/utils': 5.33.1(eslint@8.22.0)(typescript@4.7.4)
       debug: 4.3.4
       eslint: 8.22.0
-      tsutils: 3.21.0_typescript@4.7.4
+      tsutils: 3.21.0(typescript@4.7.4)
       typescript: 4.7.4
     transitivePeerDependencies:
       - supports-color
     dev: true
 
-  /@typescript-eslint/types/5.33.1:
+  /@typescript-eslint/types@5.33.1:
     resolution: {integrity: sha512-7K6MoQPQh6WVEkMrMW5QOA5FO+BOwzHSNd0j3+BlBwd6vtzfZceJ8xJ7Um2XDi/O3umS8/qDX6jdy2i7CijkwQ==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dev: true
 
-  /@typescript-eslint/typescript-estree/5.33.1_typescript@4.7.4:
+  /@typescript-eslint/typescript-estree@5.33.1(typescript@4.7.4):
     resolution: {integrity: sha512-JOAzJ4pJ+tHzA2pgsWQi4804XisPHOtbvwUyqsuuq8+y5B5GMZs7lI1xDWs6V2d7gE/Ez5bTGojSK12+IIPtXA==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -388,13 +414,13 @@ packages:
       globby: 11.1.0
       is-glob: 4.0.3
       semver: 7.3.7
-      tsutils: 3.21.0_typescript@4.7.4
+      tsutils: 3.21.0(typescript@4.7.4)
       typescript: 4.7.4
     transitivePeerDependencies:
       - supports-color
     dev: true
 
-  /@typescript-eslint/utils/5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq:
+  /@typescript-eslint/utils@5.33.1(eslint@8.22.0)(typescript@4.7.4):
     resolution: {integrity: sha512-uphZjkMaZ4fE8CR4dU7BquOV6u0doeQAr8n6cQenl/poMaIyJtBu8eys5uk6u5HiDH01Mj5lzbJ5SfeDz7oqMQ==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -403,16 +429,16 @@ packages:
       '@types/json-schema': 7.0.11
       '@typescript-eslint/scope-manager': 5.33.1
       '@typescript-eslint/types': 5.33.1
-      '@typescript-eslint/typescript-estree': 5.33.1_typescript@4.7.4
+      '@typescript-eslint/typescript-estree': 5.33.1(typescript@4.7.4)
       eslint: 8.22.0
       eslint-scope: 5.1.1
-      eslint-utils: 3.0.0_eslint@8.22.0
+      eslint-utils: 3.0.0(eslint@8.22.0)
     transitivePeerDependencies:
       - supports-color
       - typescript
     dev: true
 
-  /@typescript-eslint/visitor-keys/5.33.1:
+  /@typescript-eslint/visitor-keys@5.33.1:
     resolution: {integrity: sha512-nwIxOK8Z2MPWltLKMLOEZwmfBZReqUdbEoHQXeCpa+sRVARe5twpJGHCB4dk9903Yaf0nMAlGbQfaAH92F60eg==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dependencies:
@@ -420,22 +446,22 @@ packages:
       eslint-visitor-keys: 3.3.0
     dev: true
 
-  /@vitejs/plugin-vue/3.0.3_vite@3.0.8+vue@3.2.37:
+  /@vitejs/plugin-vue@3.0.3(vite@3.0.8)(vue@3.2.37):
     resolution: {integrity: sha512-U4zNBlz9mg+TA+i+5QPc3N5lQvdUXENZLO2h0Wdzp56gI1MWhqJOv+6R+d4kOzoaSSq6TnGPBdZAXKOe4lXy6g==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
       vite: ^3.0.0
       vue: ^3.2.25
     dependencies:
-      vite: 3.0.8_sass@1.54.4
+      vite: 3.0.8(sass@1.54.4)
       vue: 3.2.37
     dev: true
 
-  /@vitest/coverage-c8/0.22.0_jsdom@20.0.0+sass@1.54.4:
+  /@vitest/coverage-c8@0.22.0(jsdom@20.0.0)(sass@1.54.4):
     resolution: {integrity: sha512-jwW6b8U+h9nbzQfKoRmpf2xjDg+mcAjLIdVUrZGhjTnIdekGfvoqFoeiXzsLv2HwYBeFi4943lYUftuj8qD1FQ==}
     dependencies:
       c8: 7.12.0
-      vitest: 0.22.0_jsdom@20.0.0+sass@1.54.4
+      vitest: 0.22.0(jsdom@20.0.0)(sass@1.54.4)
     transitivePeerDependencies:
       - '@edge-runtime/vm'
       - '@vitest/browser'
@@ -449,17 +475,17 @@ packages:
       - terser
     dev: true
 
-  /@volar/code-gen/0.38.9:
+  /@volar/code-gen@0.38.9:
     resolution: {integrity: sha512-n6LClucfA+37rQeskvh9vDoZV1VvCVNy++MAPKj2dT4FT+Fbmty/SDQqnsEBtdEe6E3OQctFvA/IcKsx3Mns0A==}
     dependencies:
       '@volar/source-map': 0.38.9
     dev: true
 
-  /@volar/source-map/0.38.9:
+  /@volar/source-map@0.38.9:
     resolution: {integrity: sha512-ba0UFoHDYry+vwKdgkWJ6xlQT+8TFtZg1zj9tSjj4PykW1JZDuM0xplMotLun4h3YOoYfY9K1huY5gvxmrNLIw==}
     dev: true
 
-  /@volar/vue-code-gen/0.38.9:
+  /@volar/vue-code-gen@0.38.9:
     resolution: {integrity: sha512-tzj7AoarFBKl7e41MR006ncrEmNPHALuk8aG4WdDIaG387X5//5KhWC5Ff3ZfB2InGSeNT+CVUd74M0gS20rjA==}
     dependencies:
       '@volar/code-gen': 0.38.9
@@ -469,7 +495,7 @@ packages:
       '@vue/shared': 3.2.37
     dev: true
 
-  /@volar/vue-typescript/0.38.9:
+  /@volar/vue-typescript@0.38.9:
     resolution: {integrity: sha512-iJMQGU91ADi98u8V1vXd2UBmELDAaeSP0ZJaFjwosClQdKlJQYc6MlxxKfXBZisHqfbhdtrGRyaryulnYtliZw==}
     dependencies:
       '@volar/code-gen': 0.38.9
@@ -479,7 +505,7 @@ packages:
       '@vue/reactivity': 3.2.37
     dev: true
 
-  /@vue/compiler-core/3.2.37:
+  /@vue/compiler-core@3.2.37:
     resolution: {integrity: sha512-81KhEjo7YAOh0vQJoSmAD68wLfYqJvoiD4ulyedzF+OEk/bk6/hx3fTNVfuzugIIaTrOx4PGx6pAiBRe5e9Zmg==}
     dependencies:
       '@babel/parser': 7.18.11
@@ -487,13 +513,13 @@ packages:
       estree-walker: 2.0.2
       source-map: 0.6.1
 
-  /@vue/compiler-dom/3.2.37:
+  /@vue/compiler-dom@3.2.37:
     resolution: {integrity: sha512-yxJLH167fucHKxaqXpYk7x8z7mMEnXOw3G2q62FTkmsvNxu4FQSu5+3UMb+L7fjKa26DEzhrmCxAgFLLIzVfqQ==}
     dependencies:
       '@vue/compiler-core': 3.2.37
       '@vue/shared': 3.2.37
 
-  /@vue/compiler-sfc/3.2.37:
+  /@vue/compiler-sfc@3.2.37:
     resolution: {integrity: sha512-+7i/2+9LYlpqDv+KTtWhOZH+pa8/HnX/905MdVmAcI/mPQOBwkHHIzrsEsucyOIZQYMkXUiTkmZq5am/NyXKkg==}
     dependencies:
       '@babel/parser': 7.18.11
@@ -507,29 +533,29 @@ packages:
       postcss: 8.4.16
       source-map: 0.6.1
 
-  /@vue/compiler-ssr/3.2.37:
+  /@vue/compiler-ssr@3.2.37:
     resolution: {integrity: sha512-7mQJD7HdXxQjktmsWp/J67lThEIcxLemz1Vb5I6rYJHR5vI+lON3nPGOH3ubmbvYGt8xEUaAr1j7/tIFWiEOqw==}
     dependencies:
       '@vue/compiler-dom': 3.2.37
       '@vue/shared': 3.2.37
 
-  /@vue/devtools-api/6.2.1:
+  /@vue/devtools-api@6.2.1:
     resolution: {integrity: sha512-OEgAMeQXvCoJ+1x8WyQuVZzFo0wcyCmUR3baRVLmKBo1LmYZWMlRiXlux5jd0fqVJu6PfDbOrZItVqUEzLobeQ==}
     dev: false
 
-  /@vue/eslint-config-prettier/7.0.0_2xd4q2tc5cqa5as7uugqhp6oue:
+  /@vue/eslint-config-prettier@7.0.0(eslint@8.22.0)(prettier@2.7.1):
     resolution: {integrity: sha512-/CTc6ML3Wta1tCe1gUeO0EYnVXfo3nJXsIhZ8WJr3sov+cGASr6yuiibJTL6lmIBm7GobopToOuB3B6AWyV0Iw==}
     peerDependencies:
       eslint: '>= 7.28.0'
       prettier: '>= 2.0.0'
     dependencies:
       eslint: 8.22.0
-      eslint-config-prettier: 8.5.0_eslint@8.22.0
-      eslint-plugin-prettier: 4.2.1_i2cojdczqdiurzgttlwdgf764e
+      eslint-config-prettier: 8.5.0(eslint@8.22.0)
+      eslint-plugin-prettier: 4.2.1(eslint-config-prettier@8.5.0)(eslint@8.22.0)(prettier@2.7.1)
       prettier: 2.7.1
     dev: true
 
-  /@vue/eslint-config-typescript/11.0.0_4py5zxx5ck6utobkmozwvrmyiy:
+  /@vue/eslint-config-typescript@11.0.0(eslint-plugin-vue@9.3.0)(eslint@8.22.0)(typescript@4.7.4):
     resolution: {integrity: sha512-txuRzxnQVmtUvvy9UyWUy9sHWXNeRPGmSPqP53hRtaiUeCTAondI9Ho9GQYI/8/eWljYOST7iA4Aa8sANBkWaA==}
     engines: {node: ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -540,17 +566,17 @@ packages:
       typescript:
         optional: true
     dependencies:
-      '@typescript-eslint/eslint-plugin': 5.33.1_vsoshirnpb7xw6mr7xomgfas2i
-      '@typescript-eslint/parser': 5.33.1_4rv7y5c6xz3vfxwhbrcxxi73bq
+      '@typescript-eslint/eslint-plugin': 5.33.1(@typescript-eslint/parser@5.33.1)(eslint@8.22.0)(typescript@4.7.4)
+      '@typescript-eslint/parser': 5.33.1(eslint@8.22.0)(typescript@4.7.4)
       eslint: 8.22.0
-      eslint-plugin-vue: 9.3.0_eslint@8.22.0
+      eslint-plugin-vue: 9.3.0(eslint@8.22.0)
       typescript: 4.7.4
-      vue-eslint-parser: 9.0.3_eslint@8.22.0
+      vue-eslint-parser: 9.0.3(eslint@8.22.0)
     transitivePeerDependencies:
       - supports-color
     dev: true
 
-  /@vue/reactivity-transform/3.2.37:
+  /@vue/reactivity-transform@3.2.37:
     resolution: {integrity: sha512-IWopkKEb+8qpu/1eMKVeXrK0NLw9HicGviJzhJDEyfxTR9e1WtpnnbYkJWurX6WwoFP0sz10xQg8yL8lgskAZg==}
     dependencies:
       '@babel/parser': 7.18.11
@@ -559,25 +585,25 @@ packages:
       estree-walker: 2.0.2
       magic-string: 0.25.9
 
-  /@vue/reactivity/3.2.37:
+  /@vue/reactivity@3.2.37:
     resolution: {integrity: sha512-/7WRafBOshOc6m3F7plwzPeCu/RCVv9uMpOwa/5PiY1Zz+WLVRWiy0MYKwmg19KBdGtFWsmZ4cD+LOdVPcs52A==}
     dependencies:
       '@vue/shared': 3.2.37
 
-  /@vue/runtime-core/3.2.37:
+  /@vue/runtime-core@3.2.37:
     resolution: {integrity: sha512-JPcd9kFyEdXLl/i0ClS7lwgcs0QpUAWj+SKX2ZC3ANKi1U4DOtiEr6cRqFXsPwY5u1L9fAjkinIdB8Rz3FoYNQ==}
     dependencies:
       '@vue/reactivity': 3.2.37
       '@vue/shared': 3.2.37
 
-  /@vue/runtime-dom/3.2.37:
+  /@vue/runtime-dom@3.2.37:
     resolution: {integrity: sha512-HimKdh9BepShW6YozwRKAYjYQWg9mQn63RGEiSswMbW+ssIht1MILYlVGkAGGQbkhSh31PCdoUcfiu4apXJoPw==}
     dependencies:
       '@vue/runtime-core': 3.2.37
       '@vue/shared': 3.2.37
       csstype: 2.6.20
 
-  /@vue/server-renderer/3.2.37_vue@3.2.37:
+  /@vue/server-renderer@3.2.37(vue@3.2.37):
     resolution: {integrity: sha512-kLITEJvaYgZQ2h47hIzPh2K3jG8c1zCVbp/o/bzQOyvzaKiCquKS7AaioPI28GNxIsE/zSx+EwWYsNxDCX95MA==}
     peerDependencies:
       vue: 3.2.37
@@ -586,10 +612,10 @@ packages:
       '@vue/shared': 3.2.37
       vue: 3.2.37
 
-  /@vue/shared/3.2.37:
+  /@vue/shared@3.2.37:
     resolution: {integrity: sha512-4rSJemR2NQIo9Klm1vabqWjD8rs/ZaJSzMxkMNeJS6lHiUjjUeYFbooN19NgFjztubEKh3WlZUeOLVdbbUWHsw==}
 
-  /@vue/test-utils/2.0.2_vue@3.2.37:
+  /@vue/test-utils@2.0.2(vue@3.2.37):
     resolution: {integrity: sha512-E2P4oXSaWDqTZNbmKZFVLrNN/siVN78YkEqs7pHryWerrlZR9bBFLWdJwRoguX45Ru6HxIflzKl4vQvwRMwm5g==}
     peerDependencies:
       vue: ^3.0.1
@@ -597,7 +623,7 @@ packages:
       vue: 3.2.37
     dev: true
 
-  /@vueuse/core/8.9.4_vue@3.2.37:
+  /@vueuse/core@8.9.4(vue@3.2.37):
     resolution: {integrity: sha512-B/Mdj9TK1peFyWaPof+Zf/mP9XuGAngaJZBwPaXBvU3aCTZlx3ltlrFFFyMV4iGBwsjSCeUCgZrtkEj9dS2Y3Q==}
     peerDependencies:
       '@vue/composition-api': ^1.1.0
@@ -610,16 +636,16 @@ packages:
     dependencies:
       '@types/web-bluetooth': 0.0.14
       '@vueuse/metadata': 8.9.4
-      '@vueuse/shared': 8.9.4_vue@3.2.37
+      '@vueuse/shared': 8.9.4(vue@3.2.37)
       vue: 3.2.37
-      vue-demi: 0.13.8_vue@3.2.37
+      vue-demi: 0.13.8(vue@3.2.37)
     dev: false
 
-  /@vueuse/metadata/8.9.4:
+  /@vueuse/metadata@8.9.4:
     resolution: {integrity: sha512-IwSfzH80bnJMzqhaapqJl9JRIiyQU0zsRGEgnxN6jhq7992cPUJIRfV+JHRIZXjYqbwt07E1gTEp0R0zPJ1aqw==}
     dev: false
 
-  /@vueuse/shared/8.9.4_vue@3.2.37:
+  /@vueuse/shared@8.9.4(vue@3.2.37):
     resolution: {integrity: sha512-wt+T30c4K6dGRMVqPddexEVLa28YwxW5OFIPmzUHICjphfAuBFTTdDoyqREZNDOFJZ44ARH1WWQNCUK8koJ+Ag==}
     peerDependencies:
       '@vue/composition-api': ^1.1.0
@@ -631,21 +657,21 @@ packages:
         optional: true
     dependencies:
       vue: 3.2.37
-      vue-demi: 0.13.8_vue@3.2.37
+      vue-demi: 0.13.8(vue@3.2.37)
     dev: false
 
-  /abab/2.0.6:
+  /abab@2.0.6:
     resolution: {integrity: sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==}
     dev: true
 
-  /acorn-globals/6.0.0:
+  /acorn-globals@6.0.0:
     resolution: {integrity: sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==}
     dependencies:
       acorn: 7.4.1
       acorn-walk: 7.2.0
     dev: true
 
-  /acorn-jsx/5.3.2_acorn@8.8.0:
+  /acorn-jsx@5.3.2(acorn@8.8.0):
     resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
     peerDependencies:
       acorn: ^6.0.0 || ^7.0.0 || ^8.0.0
@@ -653,24 +679,24 @@ packages:
       acorn: 8.8.0
     dev: true
 
-  /acorn-walk/7.2.0:
+  /acorn-walk@7.2.0:
     resolution: {integrity: sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==}
     engines: {node: '>=0.4.0'}
     dev: true
 
-  /acorn/7.4.1:
+  /acorn@7.4.1:
     resolution: {integrity: sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==}
     engines: {node: '>=0.4.0'}
     hasBin: true
     dev: true
 
-  /acorn/8.8.0:
+  /acorn@8.8.0:
     resolution: {integrity: sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==}
     engines: {node: '>=0.4.0'}
     hasBin: true
     dev: true
 
-  /agent-base/6.0.2:
+  /agent-base@6.0.2:
     resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==}
     engines: {node: '>= 6.0.0'}
     dependencies:
@@ -679,7 +705,7 @@ packages:
       - supports-color
     dev: true
 
-  /ajv/6.12.6:
+  /ajv@6.12.6:
     resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==}
     dependencies:
       fast-deep-equal: 3.1.3
@@ -688,19 +714,19 @@ packages:
       uri-js: 4.4.1
     dev: true
 
-  /ansi-regex/5.0.1:
+  /ansi-regex@5.0.1:
     resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
     engines: {node: '>=8'}
     dev: true
 
-  /ansi-styles/4.3.0:
+  /ansi-styles@4.3.0:
     resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
     engines: {node: '>=8'}
     dependencies:
       color-convert: 2.0.1
     dev: true
 
-  /anymatch/3.1.2:
+  /anymatch@3.1.2:
     resolution: {integrity: sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==}
     engines: {node: '>= 8'}
     dependencies:
@@ -708,27 +734,27 @@ packages:
       picomatch: 2.3.1
     dev: true
 
-  /argparse/2.0.1:
+  /argparse@2.0.1:
     resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
     dev: true
 
-  /array-union/2.1.0:
+  /array-union@2.1.0:
     resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==}
     engines: {node: '>=8'}
     dev: true
 
-  /assertion-error/1.1.0:
+  /assertion-error@1.1.0:
     resolution: {integrity: sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==}
     dev: true
 
-  /async-validator/4.2.5:
+  /async-validator@4.2.5:
     resolution: {integrity: sha512-7HhHjtERjqlNbZtqNqy2rckN/SpOOlmDliet+lP7k+eKZEjPk3DgyeU9lIXLdeLz0uBbbVp+9Qdow9wJWgwwfg==}
     dev: false
 
-  /asynckit/0.4.0:
+  /asynckit@0.4.0:
     resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
 
-  /axios/0.27.2:
+  /axios@0.27.2:
     resolution: {integrity: sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==}
     dependencies:
       follow-redirects: 1.15.1
@@ -737,38 +763,38 @@ packages:
       - debug
     dev: false
 
-  /balanced-match/1.0.2:
+  /balanced-match@1.0.2:
     resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
     dev: true
 
-  /binary-extensions/2.2.0:
+  /binary-extensions@2.2.0:
     resolution: {integrity: sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==}
     engines: {node: '>=8'}
     dev: true
 
-  /boolbase/1.0.0:
+  /boolbase@1.0.0:
     resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==}
     dev: true
 
-  /brace-expansion/1.1.11:
+  /brace-expansion@1.1.11:
     resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
     dependencies:
       balanced-match: 1.0.2
       concat-map: 0.0.1
     dev: true
 
-  /braces/3.0.2:
+  /braces@3.0.2:
     resolution: {integrity: sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==}
     engines: {node: '>=8'}
     dependencies:
       fill-range: 7.0.1
     dev: true
 
-  /browser-process-hrtime/1.0.0:
+  /browser-process-hrtime@1.0.0:
     resolution: {integrity: sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==}
     dev: true
 
-  /c8/7.12.0:
+  /c8@7.12.0:
     resolution: {integrity: sha512-CtgQrHOkyxr5koX1wEUmN/5cfDa2ckbHRA4Gy5LAL0zaCFtVWJS5++n+w4/sr2GWGerBxgTjpKeDclk/Qk6W/A==}
     engines: {node: '>=10.12.0'}
     hasBin: true
@@ -787,12 +813,12 @@ packages:
       yargs-parser: 20.2.9
     dev: true
 
-  /callsites/3.1.0:
+  /callsites@3.1.0:
     resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
     engines: {node: '>=6'}
     dev: true
 
-  /chai/4.3.6:
+  /chai@4.3.6:
     resolution: {integrity: sha512-bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q==}
     engines: {node: '>=4'}
     dependencies:
@@ -805,7 +831,7 @@ packages:
       type-detect: 4.0.8
     dev: true
 
-  /chalk/4.1.2:
+  /chalk@4.1.2:
     resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
     engines: {node: '>=10'}
     dependencies:
@@ -813,11 +839,11 @@ packages:
       supports-color: 7.2.0
     dev: true
 
-  /check-error/1.0.2:
+  /check-error@1.0.2:
     resolution: {integrity: sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==}
     dev: true
 
-  /chokidar/3.5.3:
+  /chokidar@3.5.3:
     resolution: {integrity: sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==}
     engines: {node: '>= 8.10.0'}
     dependencies:
@@ -832,7 +858,7 @@ packages:
       fsevents: 2.3.2
     dev: true
 
-  /cliui/7.0.4:
+  /cliui@7.0.4:
     resolution: {integrity: sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==}
     dependencies:
       string-width: 4.2.3
@@ -840,34 +866,34 @@ packages:
       wrap-ansi: 7.0.0
     dev: true
 
-  /color-convert/2.0.1:
+  /color-convert@2.0.1:
     resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
     engines: {node: '>=7.0.0'}
     dependencies:
       color-name: 1.1.4
     dev: true
 
-  /color-name/1.1.4:
+  /color-name@1.1.4:
     resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
     dev: true
 
-  /combined-stream/1.0.8:
+  /combined-stream@1.0.8:
     resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==}
     engines: {node: '>= 0.8'}
     dependencies:
       delayed-stream: 1.0.0
 
-  /concat-map/0.0.1:
+  /concat-map@0.0.1:
     resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
     dev: true
 
-  /convert-source-map/1.8.0:
+  /convert-source-map@1.8.0:
     resolution: {integrity: sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==}
     dependencies:
       safe-buffer: 5.1.2
     dev: true
 
-  /cross-spawn/7.0.3:
+  /cross-spawn@7.0.3:
     resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==}
     engines: {node: '>= 8'}
     dependencies:
@@ -876,31 +902,31 @@ packages:
       which: 2.0.2
     dev: true
 
-  /cssesc/3.0.0:
+  /cssesc@3.0.0:
     resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
     engines: {node: '>=4'}
     hasBin: true
     dev: true
 
-  /cssom/0.3.8:
+  /cssom@0.3.8:
     resolution: {integrity: sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==}
     dev: true
 
-  /cssom/0.5.0:
+  /cssom@0.5.0:
     resolution: {integrity: sha512-iKuQcq+NdHqlAcwUY0o/HL69XQrUaQdMjmStJ8JFmUaiiQErlhrmuigkg/CU4E2J0IyUKUrMAgl36TvN67MqTw==}
     dev: true
 
-  /cssstyle/2.3.0:
+  /cssstyle@2.3.0:
     resolution: {integrity: sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==}
     engines: {node: '>=8'}
     dependencies:
       cssom: 0.3.8
     dev: true
 
-  /csstype/2.6.20:
+  /csstype@2.6.20:
     resolution: {integrity: sha512-/WwNkdXfckNgw6S5R125rrW8ez139lBHWouiBvX8dfMFtcn6V81REDqnH7+CRpRipfYlyU1CmOnOxrmGcFOjeA==}
 
-  /data-urls/3.0.2:
+  /data-urls@3.0.2:
     resolution: {integrity: sha512-Jy/tj3ldjZJo63sVAvg6LHt2mHvl4V6AgRAmNDtLdm7faqtsx+aJG42rsyCo9JCoRVKwPFzKlIPx3DIibwSIaQ==}
     engines: {node: '>=12'}
     dependencies:
@@ -909,16 +935,16 @@ packages:
       whatwg-url: 11.0.0
     dev: true
 
-  /date-fns/2.29.3:
+  /date-fns@2.29.3:
     resolution: {integrity: sha512-dDCnyH2WnnKusqvZZ6+jA1O51Ibt8ZMRNkDZdyAyK4YfbDwa/cEmuztzG5pk6hqlp9aSBPYcjOlktquahGwGeA==}
     engines: {node: '>=0.11'}
     dev: false
 
-  /dayjs/1.11.5:
+  /dayjs@1.11.5:
     resolution: {integrity: sha512-CAdX5Q3YW3Gclyo5Vpqkgpj8fSdLQcRuzfX6mC6Phy0nfJ0eGYOeS7m4mt2plDWLAtA4TqTakvbboHvUxfe4iA==}
     dev: false
 
-  /debug/4.3.4:
+  /debug@4.3.4:
     resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==}
     engines: {node: '>=6.0'}
     peerDependencies:
@@ -930,64 +956,64 @@ packages:
       ms: 2.1.2
     dev: true
 
-  /decimal.js/10.4.0:
+  /decimal.js@10.4.0:
     resolution: {integrity: sha512-Nv6ENEzyPQ6AItkGwLE2PGKinZZ9g59vSh2BeH6NqPu0OTKZ5ruJsVqh/orbAnqXc9pBbgXAIrc2EyaCj8NpGg==}
     dev: true
 
-  /deep-eql/3.0.1:
+  /deep-eql@3.0.1:
     resolution: {integrity: sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==}
     engines: {node: '>=0.12'}
     dependencies:
       type-detect: 4.0.8
     dev: true
 
-  /deep-is/0.1.4:
+  /deep-is@0.1.4:
     resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==}
     dev: true
 
-  /delayed-stream/1.0.0:
+  /delayed-stream@1.0.0:
     resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==}
     engines: {node: '>=0.4.0'}
 
-  /dir-glob/3.0.1:
+  /dir-glob@3.0.1:
     resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==}
     engines: {node: '>=8'}
     dependencies:
       path-type: 4.0.0
     dev: true
 
-  /doctrine/3.0.0:
+  /doctrine@3.0.0:
     resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==}
     engines: {node: '>=6.0.0'}
     dependencies:
       esutils: 2.0.3
     dev: true
 
-  /domexception/4.0.0:
+  /domexception@4.0.0:
     resolution: {integrity: sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==}
     engines: {node: '>=12'}
     dependencies:
       webidl-conversions: 7.0.0
     dev: true
 
-  /element-plus/2.2.13_vue@3.2.37:
+  /element-plus@2.2.13(vue@3.2.37):
     resolution: {integrity: sha512-dKQ7BPZC8deUPhv+6s4GgOL0GyGj3KpUarywxm6s1nWnHjH6FqeZlUcxPqBvJd7W/d81POayx3B13GP+rfkG9g==}
     peerDependencies:
       vue: ^3.2.0
     dependencies:
       '@ctrl/tinycolor': 3.4.1
-      '@element-plus/icons-vue': 2.0.9_vue@3.2.37
+      '@element-plus/icons-vue': 2.0.9(vue@3.2.37)
       '@floating-ui/dom': 0.5.4
-      '@popperjs/core': /@sxzz/popperjs-es/2.11.7
+      '@popperjs/core': /@sxzz/popperjs-es@2.11.7
       '@types/lodash': 4.14.183
       '@types/lodash-es': 4.17.6
-      '@vueuse/core': 8.9.4_vue@3.2.37
+      '@vueuse/core': 8.9.4(vue@3.2.37)
       async-validator: 4.2.5
       dayjs: 1.11.5
       escape-html: 1.0.3
       lodash: 4.17.21
       lodash-es: 4.17.21
-      lodash-unified: 1.0.2_3ib2ivapxullxkx3xftsimdk7u
+      lodash-unified: 1.0.2(@types/lodash-es@4.17.6)(lodash-es@4.17.21)(lodash@4.17.21)
       memoize-one: 6.0.0
       normalize-wheel-es: 1.2.0
       vue: 3.2.37
@@ -995,16 +1021,16 @@ packages:
       - '@vue/composition-api'
     dev: false
 
-  /emoji-regex/8.0.0:
+  /emoji-regex@8.0.0:
     resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
     dev: true
 
-  /entities/4.3.1:
+  /entities@4.3.1:
     resolution: {integrity: sha512-o4q/dYJlmyjP2zfnaWDUC6A3BQFmVTX+tZPezK7k0GLSU9QYCauscf5Y+qcEPzKL+EixVouYDgLQK5H9GrLpkg==}
     engines: {node: '>=0.12'}
     dev: true
 
-  /esbuild-android-64/0.14.54:
+  /esbuild-android-64@0.14.54:
     resolution: {integrity: sha512-Tz2++Aqqz0rJ7kYBfz+iqyE3QMycD4vk7LBRyWaAVFgFtQ/O8EJOnVmTOiDWYZ/uYzB4kvP+bqejYdVKzE5lAQ==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1013,7 +1039,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-android-arm64/0.14.54:
+  /esbuild-android-arm64@0.14.54:
     resolution: {integrity: sha512-F9E+/QDi9sSkLaClO8SOV6etqPd+5DgJje1F9lOWoNncDdOBL2YF59IhsWATSt0TLZbYCf3pNlTHvVV5VfHdvg==}
     engines: {node: '>=12'}
     cpu: [arm64]
@@ -1022,7 +1048,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-darwin-64/0.14.54:
+  /esbuild-darwin-64@0.14.54:
     resolution: {integrity: sha512-jtdKWV3nBviOd5v4hOpkVmpxsBy90CGzebpbO9beiqUYVMBtSc0AL9zGftFuBon7PNDcdvNCEuQqw2x0wP9yug==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1031,7 +1057,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-darwin-arm64/0.14.54:
+  /esbuild-darwin-arm64@0.14.54:
     resolution: {integrity: sha512-OPafJHD2oUPyvJMrsCvDGkRrVCar5aVyHfWGQzY1dWnzErjrDuSETxwA2HSsyg2jORLY8yBfzc1MIpUkXlctmw==}
     engines: {node: '>=12'}
     cpu: [arm64]
@@ -1040,7 +1066,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-freebsd-64/0.14.54:
+  /esbuild-freebsd-64@0.14.54:
     resolution: {integrity: sha512-OKwd4gmwHqOTp4mOGZKe/XUlbDJ4Q9TjX0hMPIDBUWWu/kwhBAudJdBoxnjNf9ocIB6GN6CPowYpR/hRCbSYAg==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1049,7 +1075,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-freebsd-arm64/0.14.54:
+  /esbuild-freebsd-arm64@0.14.54:
     resolution: {integrity: sha512-sFwueGr7OvIFiQT6WeG0jRLjkjdqWWSrfbVwZp8iMP+8UHEHRBvlaxL6IuKNDwAozNUmbb8nIMXa7oAOARGs1Q==}
     engines: {node: '>=12'}
     cpu: [arm64]
@@ -1058,7 +1084,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-linux-32/0.14.54:
+  /esbuild-linux-32@0.14.54:
     resolution: {integrity: sha512-1ZuY+JDI//WmklKlBgJnglpUL1owm2OX+8E1syCD6UAxcMM/XoWd76OHSjl/0MR0LisSAXDqgjT3uJqT67O3qw==}
     engines: {node: '>=12'}
     cpu: [ia32]
@@ -1067,7 +1093,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-linux-64/0.14.54:
+  /esbuild-linux-64@0.14.54:
     resolution: {integrity: sha512-EgjAgH5HwTbtNsTqQOXWApBaPVdDn7XcK+/PtJwZLT1UmpLoznPd8c5CxqsH2dQK3j05YsB3L17T8vE7cp4cCg==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1076,25 +1102,25 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-linux-arm/0.14.54:
-    resolution: {integrity: sha512-qqz/SjemQhVMTnvcLGoLOdFpCYbz4v4fUo+TfsWG+1aOu70/80RV6bgNpR2JCrppV2moUQkww+6bWxXRL9YMGw==}
+  /esbuild-linux-arm64@0.14.54:
+    resolution: {integrity: sha512-WL71L+0Rwv+Gv/HTmxTEmpv0UgmxYa5ftZILVi2QmZBgX3q7+tDeOQNqGtdXSdsL8TQi1vIaVFHUPDe0O0kdig==}
     engines: {node: '>=12'}
-    cpu: [arm]
+    cpu: [arm64]
     os: [linux]
     requiresBuild: true
     dev: true
     optional: true
 
-  /esbuild-linux-arm64/0.14.54:
-    resolution: {integrity: sha512-WL71L+0Rwv+Gv/HTmxTEmpv0UgmxYa5ftZILVi2QmZBgX3q7+tDeOQNqGtdXSdsL8TQi1vIaVFHUPDe0O0kdig==}
+  /esbuild-linux-arm@0.14.54:
+    resolution: {integrity: sha512-qqz/SjemQhVMTnvcLGoLOdFpCYbz4v4fUo+TfsWG+1aOu70/80RV6bgNpR2JCrppV2moUQkww+6bWxXRL9YMGw==}
     engines: {node: '>=12'}
-    cpu: [arm64]
+    cpu: [arm]
     os: [linux]
     requiresBuild: true
     dev: true
     optional: true
 
-  /esbuild-linux-mips64le/0.14.54:
+  /esbuild-linux-mips64le@0.14.54:
     resolution: {integrity: sha512-qTHGQB8D1etd0u1+sB6p0ikLKRVuCWhYQhAHRPkO+OF3I/iSlTKNNS0Lh2Oc0g0UFGguaFZZiPJdJey3AGpAlw==}
     engines: {node: '>=12'}
     cpu: [mips64el]
@@ -1103,7 +1129,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-linux-ppc64le/0.14.54:
+  /esbuild-linux-ppc64le@0.14.54:
     resolution: {integrity: sha512-j3OMlzHiqwZBDPRCDFKcx595XVfOfOnv68Ax3U4UKZ3MTYQB5Yz3X1mn5GnodEVYzhtZgxEBidLWeIs8FDSfrQ==}
     engines: {node: '>=12'}
     cpu: [ppc64]
@@ -1112,7 +1138,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-linux-riscv64/0.14.54:
+  /esbuild-linux-riscv64@0.14.54:
     resolution: {integrity: sha512-y7Vt7Wl9dkOGZjxQZnDAqqn+XOqFD7IMWiewY5SPlNlzMX39ocPQlOaoxvT4FllA5viyV26/QzHtvTjVNOxHZg==}
     engines: {node: '>=12'}
     cpu: [riscv64]
@@ -1121,7 +1147,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-linux-s390x/0.14.54:
+  /esbuild-linux-s390x@0.14.54:
     resolution: {integrity: sha512-zaHpW9dziAsi7lRcyV4r8dhfG1qBidQWUXweUjnw+lliChJqQr+6XD71K41oEIC3Mx1KStovEmlzm+MkGZHnHA==}
     engines: {node: '>=12'}
     cpu: [s390x]
@@ -1130,7 +1156,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-netbsd-64/0.14.54:
+  /esbuild-netbsd-64@0.14.54:
     resolution: {integrity: sha512-PR01lmIMnfJTgeU9VJTDY9ZerDWVFIUzAtJuDHwwceppW7cQWjBBqP48NdeRtoP04/AtO9a7w3viI+PIDr6d+w==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1139,7 +1165,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-openbsd-64/0.14.54:
+  /esbuild-openbsd-64@0.14.54:
     resolution: {integrity: sha512-Qyk7ikT2o7Wu76UsvvDS5q0amJvmRzDyVlL0qf5VLsLchjCa1+IAvd8kTBgUxD7VBUUVgItLkk609ZHUc1oCaw==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1148,7 +1174,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-sunos-64/0.14.54:
+  /esbuild-sunos-64@0.14.54:
     resolution: {integrity: sha512-28GZ24KmMSeKi5ueWzMcco6EBHStL3B6ubM7M51RmPwXQGLe0teBGJocmWhgwccA1GeFXqxzILIxXpHbl9Q/Kw==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1157,7 +1183,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-windows-32/0.14.54:
+  /esbuild-windows-32@0.14.54:
     resolution: {integrity: sha512-T+rdZW19ql9MjS7pixmZYVObd9G7kcaZo+sETqNH4RCkuuYSuv9AGHUVnPoP9hhuE1WM1ZimHz1CIBHBboLU7w==}
     engines: {node: '>=12'}
     cpu: [ia32]
@@ -1166,7 +1192,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-windows-64/0.14.54:
+  /esbuild-windows-64@0.14.54:
     resolution: {integrity: sha512-AoHTRBUuYwXtZhjXZbA1pGfTo8cJo3vZIcWGLiUcTNgHpJJMC1rVA44ZereBHMJtotyN71S8Qw0npiCIkW96cQ==}
     engines: {node: '>=12'}
     cpu: [x64]
@@ -1175,7 +1201,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild-windows-arm64/0.14.54:
+  /esbuild-windows-arm64@0.14.54:
     resolution: {integrity: sha512-M0kuUvXhot1zOISQGXwWn6YtS+Y/1RT9WrVIOywZnJHo3jCDyewAc79aKNQWFCQm+xNHVTq9h8dZKvygoXQQRg==}
     engines: {node: '>=12'}
     cpu: [arm64]
@@ -1184,7 +1210,7 @@ packages:
     dev: true
     optional: true
 
-  /esbuild/0.14.54:
+  /esbuild@0.14.54:
     resolution: {integrity: sha512-Cy9llcy8DvET5uznocPyqL3BFRrFXSVqbgpMJ9Wz8oVjZlh/zUSNbPRbov0VX7VxN2JH1Oa0uNxZ7eLRb62pJA==}
     engines: {node: '>=12'}
     hasBin: true
@@ -1213,21 +1239,21 @@ packages:
       esbuild-windows-arm64: 0.14.54
     dev: true
 
-  /escalade/3.1.1:
+  /escalade@3.1.1:
     resolution: {integrity: sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==}
     engines: {node: '>=6'}
     dev: true
 
-  /escape-html/1.0.3:
+  /escape-html@1.0.3:
     resolution: {integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==}
     dev: false
 
-  /escape-string-regexp/4.0.0:
+  /escape-string-regexp@4.0.0:
     resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==}
     engines: {node: '>=10'}
     dev: true
 
-  /escodegen/2.0.0:
+  /escodegen@2.0.0:
     resolution: {integrity: sha512-mmHKys/C8BFUGI+MAWNcSYoORYLMdPzjrknd2Vc+bUsjN5bXcr8EhrNB+UTqfL1y3I9c4fw2ihgtMPQLBRiQxw==}
     engines: {node: '>=6.0'}
     hasBin: true
@@ -1240,7 +1266,7 @@ packages:
       source-map: 0.6.1
     dev: true
 
-  /eslint-config-prettier/8.5.0_eslint@8.22.0:
+  /eslint-config-prettier@8.5.0(eslint@8.22.0):
     resolution: {integrity: sha512-obmWKLUNCnhtQRKc+tmnYuQl0pFU1ibYJQ5BGhTVB08bHe9wC8qUeG7c08dj9XX+AuPj1YSGSQIHl1pnDHZR0Q==}
     hasBin: true
     peerDependencies:
@@ -1249,23 +1275,7 @@ packages:
       eslint: 8.22.0
     dev: true
 
-  /eslint-plugin-prettier/4.2.1_2xd4q2tc5cqa5as7uugqhp6oue:
-    resolution: {integrity: sha512-f/0rXLXUt0oFYs8ra4w49wYZBG5GKZpAYsJSm6rnYL5uVDjd+zowwMwVZHnAjf4edNrKpCDYfXDgmRE/Ak7QyQ==}
-    engines: {node: '>=12.0.0'}
-    peerDependencies:
-      eslint: '>=7.28.0'
-      eslint-config-prettier: '*'
-      prettier: '>=2.0.0'
-    peerDependenciesMeta:
-      eslint-config-prettier:
-        optional: true
-    dependencies:
-      eslint: 8.22.0
-      prettier: 2.7.1
-      prettier-linter-helpers: 1.0.0
-    dev: true
-
-  /eslint-plugin-prettier/4.2.1_i2cojdczqdiurzgttlwdgf764e:
+  /eslint-plugin-prettier@4.2.1(eslint-config-prettier@8.5.0)(eslint@8.22.0)(prettier@2.7.1):
     resolution: {integrity: sha512-f/0rXLXUt0oFYs8ra4w49wYZBG5GKZpAYsJSm6rnYL5uVDjd+zowwMwVZHnAjf4edNrKpCDYfXDgmRE/Ak7QyQ==}
     engines: {node: '>=12.0.0'}
     peerDependencies:
@@ -1277,30 +1287,30 @@ packages:
         optional: true
     dependencies:
       eslint: 8.22.0
-      eslint-config-prettier: 8.5.0_eslint@8.22.0
+      eslint-config-prettier: 8.5.0(eslint@8.22.0)
       prettier: 2.7.1
       prettier-linter-helpers: 1.0.0
     dev: true
 
-  /eslint-plugin-vue/9.3.0_eslint@8.22.0:
+  /eslint-plugin-vue@9.3.0(eslint@8.22.0):
     resolution: {integrity: sha512-iscKKkBZgm6fGZwFt6poRoWC0Wy2dQOlwUPW++CiPoQiw1enctV2Hj5DBzzjJZfyqs+FAXhgzL4q0Ww03AgSmQ==}
     engines: {node: ^14.17.0 || >=16.0.0}
     peerDependencies:
       eslint: ^6.2.0 || ^7.0.0 || ^8.0.0
     dependencies:
       eslint: 8.22.0
-      eslint-utils: 3.0.0_eslint@8.22.0
+      eslint-utils: 3.0.0(eslint@8.22.0)
       natural-compare: 1.4.0
       nth-check: 2.1.1
       postcss-selector-parser: 6.0.10
       semver: 7.3.7
-      vue-eslint-parser: 9.0.3_eslint@8.22.0
+      vue-eslint-parser: 9.0.3(eslint@8.22.0)
       xml-name-validator: 4.0.0
     transitivePeerDependencies:
       - supports-color
     dev: true
 
-  /eslint-scope/5.1.1:
+  /eslint-scope@5.1.1:
     resolution: {integrity: sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==}
     engines: {node: '>=8.0.0'}
     dependencies:
@@ -1308,7 +1318,7 @@ packages:
       estraverse: 4.3.0
     dev: true
 
-  /eslint-scope/7.1.1:
+  /eslint-scope@7.1.1:
     resolution: {integrity: sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dependencies:
@@ -1316,7 +1326,7 @@ packages:
       estraverse: 5.3.0
     dev: true
 
-  /eslint-utils/3.0.0_eslint@8.22.0:
+  /eslint-utils@3.0.0(eslint@8.22.0):
     resolution: {integrity: sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA==}
     engines: {node: ^10.0.0 || ^12.0.0 || >= 14.0.0}
     peerDependencies:
@@ -1326,17 +1336,17 @@ packages:
       eslint-visitor-keys: 2.1.0
     dev: true
 
-  /eslint-visitor-keys/2.1.0:
+  /eslint-visitor-keys@2.1.0:
     resolution: {integrity: sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==}
     engines: {node: '>=10'}
     dev: true
 
-  /eslint-visitor-keys/3.3.0:
+  /eslint-visitor-keys@3.3.0:
     resolution: {integrity: sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dev: true
 
-  /eslint/8.22.0:
+  /eslint@8.22.0:
     resolution: {integrity: sha512-ci4t0sz6vSRKdmkOGmprBo6fmI4PrphDFMy5JEq/fNS0gQkJM3rLmrqcp8ipMcdobH3KtUP40KniAE9W19S4wA==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     hasBin: true
@@ -1351,7 +1361,7 @@ packages:
       doctrine: 3.0.0
       escape-string-regexp: 4.0.0
       eslint-scope: 7.1.1
-      eslint-utils: 3.0.0_eslint@8.22.0
+      eslint-utils: 3.0.0(eslint@8.22.0)
       eslint-visitor-keys: 3.3.0
       espree: 9.3.3
       esquery: 1.4.0
@@ -1384,62 +1394,62 @@ packages:
       - supports-color
     dev: true
 
-  /espree/9.3.3:
+  /espree@9.3.3:
     resolution: {integrity: sha512-ORs1Rt/uQTqUKjDdGCyrtYxbazf5umATSf/K4qxjmZHORR6HJk+2s/2Pqe+Kk49HHINC/xNIrGfgh8sZcll0ng==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     dependencies:
       acorn: 8.8.0
-      acorn-jsx: 5.3.2_acorn@8.8.0
+      acorn-jsx: 5.3.2(acorn@8.8.0)
       eslint-visitor-keys: 3.3.0
     dev: true
 
-  /esprima/4.0.1:
+  /esprima@4.0.1:
     resolution: {integrity: sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==}
     engines: {node: '>=4'}
     hasBin: true
     dev: true
 
-  /esquery/1.4.0:
+  /esquery@1.4.0:
     resolution: {integrity: sha512-cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w==}
     engines: {node: '>=0.10'}
     dependencies:
       estraverse: 5.3.0
     dev: true
 
-  /esrecurse/4.3.0:
+  /esrecurse@4.3.0:
     resolution: {integrity: sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==}
     engines: {node: '>=4.0'}
     dependencies:
       estraverse: 5.3.0
     dev: true
 
-  /estraverse/4.3.0:
+  /estraverse@4.3.0:
     resolution: {integrity: sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==}
     engines: {node: '>=4.0'}
     dev: true
 
-  /estraverse/5.3.0:
+  /estraverse@5.3.0:
     resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
     engines: {node: '>=4.0'}
     dev: true
 
-  /estree-walker/2.0.2:
+  /estree-walker@2.0.2:
     resolution: {integrity: sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==}
 
-  /esutils/2.0.3:
+  /esutils@2.0.3:
     resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /fast-deep-equal/3.1.3:
+  /fast-deep-equal@3.1.3:
     resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
     dev: true
 
-  /fast-diff/1.2.0:
+  /fast-diff@1.2.0:
     resolution: {integrity: sha512-xJuoT5+L99XlZ8twedaRf6Ax2TgQVxvgZOYoPKqZufmJib0tL2tegPBOZb1pVNgIhlqDlA0eO0c3wBvQcmzx4w==}
     dev: true
 
-  /fast-glob/3.2.11:
+  /fast-glob@3.2.11:
     resolution: {integrity: sha512-xrO3+1bxSo3ZVHAnqzyuewYT6aMFHRAd4Kcs92MAonjwQZLsK9d0SF1IyQ3k5PoirxTW0Oe/RqFgMQ6TcNE5Ew==}
     engines: {node: '>=8.6.0'}
     dependencies:
@@ -1450,35 +1460,35 @@ packages:
       micromatch: 4.0.5
     dev: true
 
-  /fast-json-stable-stringify/2.1.0:
+  /fast-json-stable-stringify@2.1.0:
     resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
     dev: true
 
-  /fast-levenshtein/2.0.6:
+  /fast-levenshtein@2.0.6:
     resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
     dev: true
 
-  /fastq/1.13.0:
+  /fastq@1.13.0:
     resolution: {integrity: sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw==}
     dependencies:
       reusify: 1.0.4
     dev: true
 
-  /file-entry-cache/6.0.1:
+  /file-entry-cache@6.0.1:
     resolution: {integrity: sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==}
     engines: {node: ^10.12.0 || >=12.0.0}
     dependencies:
       flat-cache: 3.0.4
     dev: true
 
-  /fill-range/7.0.1:
+  /fill-range@7.0.1:
     resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==}
     engines: {node: '>=8'}
     dependencies:
       to-regex-range: 5.0.1
     dev: true
 
-  /find-up/5.0.0:
+  /find-up@5.0.0:
     resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==}
     engines: {node: '>=10'}
     dependencies:
@@ -1486,7 +1496,7 @@ packages:
       path-exists: 4.0.0
     dev: true
 
-  /flat-cache/3.0.4:
+  /flat-cache@3.0.4:
     resolution: {integrity: sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg==}
     engines: {node: ^10.12.0 || >=12.0.0}
     dependencies:
@@ -1494,11 +1504,11 @@ packages:
       rimraf: 3.0.2
     dev: true
 
-  /flatted/3.2.6:
+  /flatted@3.2.6:
     resolution: {integrity: sha512-0sQoMh9s0BYsm+12Huy/rkKxVu4R1+r96YX5cG44rHV0pQ6iC3Q+mkoMFaGWObMFYQxCVT+ssG1ksneA2MI9KQ==}
     dev: true
 
-  /follow-redirects/1.15.1:
+  /follow-redirects@1.15.1:
     resolution: {integrity: sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==}
     engines: {node: '>=4.0'}
     peerDependencies:
@@ -1508,7 +1518,7 @@ packages:
         optional: true
     dev: false
 
-  /foreground-child/2.0.0:
+  /foreground-child@2.0.0:
     resolution: {integrity: sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==}
     engines: {node: '>=8.0.0'}
     dependencies:
@@ -1516,7 +1526,7 @@ packages:
       signal-exit: 3.0.7
     dev: true
 
-  /form-data/4.0.0:
+  /form-data@4.0.0:
     resolution: {integrity: sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==}
     engines: {node: '>= 6'}
     dependencies:
@@ -1524,11 +1534,11 @@ packages:
       combined-stream: 1.0.8
       mime-types: 2.1.35
 
-  /fs.realpath/1.0.0:
+  /fs.realpath@1.0.0:
     resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
     dev: true
 
-  /fsevents/2.3.2:
+  /fsevents@2.3.2:
     resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==}
     engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
     os: [darwin]
@@ -1536,38 +1546,38 @@ packages:
     dev: true
     optional: true
 
-  /function-bind/1.1.1:
+  /function-bind@1.1.1:
     resolution: {integrity: sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==}
     dev: true
 
-  /functional-red-black-tree/1.0.1:
+  /functional-red-black-tree@1.0.1:
     resolution: {integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==}
     dev: true
 
-  /get-caller-file/2.0.5:
+  /get-caller-file@2.0.5:
     resolution: {integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==}
     engines: {node: 6.* || 8.* || >= 10.*}
     dev: true
 
-  /get-func-name/2.0.0:
+  /get-func-name@2.0.0:
     resolution: {integrity: sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==}
     dev: true
 
-  /glob-parent/5.1.2:
+  /glob-parent@5.1.2:
     resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
     engines: {node: '>= 6'}
     dependencies:
       is-glob: 4.0.3
     dev: true
 
-  /glob-parent/6.0.2:
+  /glob-parent@6.0.2:
     resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
     engines: {node: '>=10.13.0'}
     dependencies:
       is-glob: 4.0.3
     dev: true
 
-  /glob/7.2.3:
+  /glob@7.2.3:
     resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
     dependencies:
       fs.realpath: 1.0.0
@@ -1578,14 +1588,14 @@ packages:
       path-is-absolute: 1.0.1
     dev: true
 
-  /globals/13.17.0:
+  /globals@13.17.0:
     resolution: {integrity: sha512-1C+6nQRb1GwGMKm2dH/E7enFAMxGTmGI7/dEdhy/DNelv85w9B72t3uc5frtMNXIbzrarJJ/lTCjcaZwbLJmyw==}
     engines: {node: '>=8'}
     dependencies:
       type-fest: 0.20.2
     dev: true
 
-  /globby/11.1.0:
+  /globby@11.1.0:
     resolution: {integrity: sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==}
     engines: {node: '>=10'}
     dependencies:
@@ -1597,34 +1607,34 @@ packages:
       slash: 3.0.0
     dev: true
 
-  /grapheme-splitter/1.0.4:
+  /grapheme-splitter@1.0.4:
     resolution: {integrity: sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==}
     dev: true
 
-  /has-flag/4.0.0:
+  /has-flag@4.0.0:
     resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
     engines: {node: '>=8'}
     dev: true
 
-  /has/1.0.3:
+  /has@1.0.3:
     resolution: {integrity: sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==}
     engines: {node: '>= 0.4.0'}
     dependencies:
       function-bind: 1.1.1
     dev: true
 
-  /html-encoding-sniffer/3.0.0:
+  /html-encoding-sniffer@3.0.0:
     resolution: {integrity: sha512-oWv4T4yJ52iKrufjnyZPkrN0CH3QnrUqdB6In1g5Fe1mia8GmF36gnfNySxoZtxD5+NmYw1EElVXiBk93UeskA==}
     engines: {node: '>=12'}
     dependencies:
       whatwg-encoding: 2.0.0
     dev: true
 
-  /html-escaper/2.0.2:
+  /html-escaper@2.0.2:
     resolution: {integrity: sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==}
     dev: true
 
-  /http-proxy-agent/5.0.0:
+  /http-proxy-agent@5.0.0:
     resolution: {integrity: sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==}
     engines: {node: '>= 6'}
     dependencies:
@@ -1635,7 +1645,7 @@ packages:
       - supports-color
     dev: true
 
-  /https-proxy-agent/5.0.1:
+  /https-proxy-agent@5.0.1:
     resolution: {integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==}
     engines: {node: '>= 6'}
     dependencies:
@@ -1645,23 +1655,23 @@ packages:
       - supports-color
     dev: true
 
-  /iconv-lite/0.6.3:
+  /iconv-lite@0.6.3:
     resolution: {integrity: sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==}
     engines: {node: '>=0.10.0'}
     dependencies:
       safer-buffer: 2.1.2
     dev: true
 
-  /ignore/5.2.0:
+  /ignore@5.2.0:
     resolution: {integrity: sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==}
     engines: {node: '>= 4'}
     dev: true
 
-  /immutable/4.1.0:
+  /immutable@4.1.0:
     resolution: {integrity: sha512-oNkuqVTA8jqG1Q6c+UglTOD1xhC1BtjKI7XkCXRkZHrN5m18/XsnUp8Q89GkQO/z+0WjonSvl0FLhDYftp46nQ==}
     dev: true
 
-  /import-fresh/3.3.0:
+  /import-fresh@3.3.0:
     resolution: {integrity: sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==}
     engines: {node: '>=6'}
     dependencies:
@@ -1669,71 +1679,71 @@ packages:
       resolve-from: 4.0.0
     dev: true
 
-  /imurmurhash/0.1.4:
+  /imurmurhash@0.1.4:
     resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==}
     engines: {node: '>=0.8.19'}
     dev: true
 
-  /inflight/1.0.6:
+  /inflight@1.0.6:
     resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==}
     dependencies:
       once: 1.4.0
       wrappy: 1.0.2
     dev: true
 
-  /inherits/2.0.4:
+  /inherits@2.0.4:
     resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
     dev: true
 
-  /is-binary-path/2.1.0:
+  /is-binary-path@2.1.0:
     resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
     engines: {node: '>=8'}
     dependencies:
       binary-extensions: 2.2.0
     dev: true
 
-  /is-core-module/2.10.0:
+  /is-core-module@2.10.0:
     resolution: {integrity: sha512-Erxj2n/LDAZ7H8WNJXd9tw38GYM3dv8rk8Zcs+jJuxYTW7sozH+SS8NtrSjVL1/vpLvWi1hxy96IzjJ3EHTJJg==}
     dependencies:
       has: 1.0.3
     dev: true
 
-  /is-extglob/2.1.1:
+  /is-extglob@2.1.1:
     resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /is-fullwidth-code-point/3.0.0:
+  /is-fullwidth-code-point@3.0.0:
     resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
     engines: {node: '>=8'}
     dev: true
 
-  /is-glob/4.0.3:
+  /is-glob@4.0.3:
     resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
     engines: {node: '>=0.10.0'}
     dependencies:
       is-extglob: 2.1.1
     dev: true
 
-  /is-number/7.0.0:
+  /is-number@7.0.0:
     resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
     engines: {node: '>=0.12.0'}
     dev: true
 
-  /is-potential-custom-element-name/1.0.1:
+  /is-potential-custom-element-name@1.0.1:
     resolution: {integrity: sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==}
     dev: true
 
-  /isexe/2.0.0:
+  /isexe@2.0.0:
     resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
     dev: true
 
-  /istanbul-lib-coverage/3.2.0:
+  /istanbul-lib-coverage@3.2.0:
     resolution: {integrity: sha512-eOeJ5BHCmHYvQK7xt9GkdHuzuCGS1Y6g9Gvnx3Ym33fz/HpLRYxiS0wHNr+m/MBC8B647Xt608vCDEvhl9c6Mw==}
     engines: {node: '>=8'}
     dev: true
 
-  /istanbul-lib-report/3.0.0:
+  /istanbul-lib-report@3.0.0:
     resolution: {integrity: sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==}
     engines: {node: '>=8'}
     dependencies:
@@ -1742,7 +1752,7 @@ packages:
       supports-color: 7.2.0
     dev: true
 
-  /istanbul-reports/3.1.5:
+  /istanbul-reports@3.1.5:
     resolution: {integrity: sha512-nUsEMa9pBt/NOHqbcbeJEgqIlY/K7rVWUX6Lql2orY5e9roQOthbR3vtY4zzf2orPELg80fnxxk9zUyPlgwD1w==}
     engines: {node: '>=8'}
     dependencies:
@@ -1750,14 +1760,14 @@ packages:
       istanbul-lib-report: 3.0.0
     dev: true
 
-  /js-yaml/4.1.0:
+  /js-yaml@4.1.0:
     resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
     hasBin: true
     dependencies:
       argparse: 2.0.1
     dev: true
 
-  /jsdom/20.0.0:
+  /jsdom@20.0.0:
     resolution: {integrity: sha512-x4a6CKCgx00uCmP+QakBDFXwjAJ69IkkIWHmtmjd3wvXPcdOS44hfX2vqkOQrVrq8l9DhNNADZRXaCEWvgXtVA==}
     engines: {node: '>=14'}
     peerDependencies:
@@ -1799,15 +1809,15 @@ packages:
       - utf-8-validate
     dev: true
 
-  /json-schema-traverse/0.4.1:
+  /json-schema-traverse@0.4.1:
     resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
     dev: true
 
-  /json-stable-stringify-without-jsonify/1.0.1:
+  /json-stable-stringify-without-jsonify@1.0.1:
     resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==}
     dev: true
 
-  /levn/0.3.0:
+  /levn@0.3.0:
     resolution: {integrity: sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==}
     engines: {node: '>= 0.8.0'}
     dependencies:
@@ -1815,7 +1825,7 @@ packages:
       type-check: 0.3.2
     dev: true
 
-  /levn/0.4.1:
+  /levn@0.4.1:
     resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==}
     engines: {node: '>= 0.8.0'}
     dependencies:
@@ -1823,23 +1833,23 @@ packages:
       type-check: 0.4.0
     dev: true
 
-  /local-pkg/0.4.2:
+  /local-pkg@0.4.2:
     resolution: {integrity: sha512-mlERgSPrbxU3BP4qBqAvvwlgW4MTg78iwJdGGnv7kibKjWcJksrG3t6LB5lXI93wXRDvG4NpUgJFmTG4T6rdrg==}
     engines: {node: '>=14'}
     dev: true
 
-  /locate-path/6.0.0:
+  /locate-path@6.0.0:
     resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==}
     engines: {node: '>=10'}
     dependencies:
       p-locate: 5.0.0
     dev: true
 
-  /lodash-es/4.17.21:
+  /lodash-es@4.17.21:
     resolution: {integrity: sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==}
     dev: false
 
-  /lodash-unified/1.0.2_3ib2ivapxullxkx3xftsimdk7u:
+  /lodash-unified@1.0.2(@types/lodash-es@4.17.6)(lodash-es@4.17.21)(lodash@4.17.21):
     resolution: {integrity: sha512-OGbEy+1P+UT26CYi4opY4gebD8cWRDxAT6MAObIVQMiqYdxZr1g3QHWCToVsm31x2NkLS4K3+MC2qInaRMa39g==}
     peerDependencies:
       '@types/lodash-es': '*'
@@ -1851,48 +1861,48 @@ packages:
       lodash-es: 4.17.21
     dev: false
 
-  /lodash.merge/4.6.2:
+  /lodash.merge@4.6.2:
     resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
     dev: true
 
-  /lodash/4.17.21:
+  /lodash@4.17.21:
     resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
 
-  /loupe/2.3.4:
+  /loupe@2.3.4:
     resolution: {integrity: sha512-OvKfgCC2Ndby6aSTREl5aCCPTNIzlDfQZvZxNUrBrihDhL3xcrYegTblhmEiCrg2kKQz4XsFIaemE5BF4ybSaQ==}
     dependencies:
       get-func-name: 2.0.0
     dev: true
 
-  /lru-cache/6.0.0:
+  /lru-cache@6.0.0:
     resolution: {integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==}
     engines: {node: '>=10'}
     dependencies:
       yallist: 4.0.0
     dev: true
 
-  /magic-string/0.25.9:
+  /magic-string@0.25.9:
     resolution: {integrity: sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==}
     dependencies:
       sourcemap-codec: 1.4.8
 
-  /make-dir/3.1.0:
+  /make-dir@3.1.0:
     resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==}
     engines: {node: '>=8'}
     dependencies:
       semver: 6.3.0
     dev: true
 
-  /memoize-one/6.0.0:
+  /memoize-one@6.0.0:
     resolution: {integrity: sha512-rkpe71W0N0c0Xz6QD0eJETuWAJGnJ9afsl1srmwPrI+yBCkge5EycXXbYRyvL29zZVUWQCY7InPRCv3GDXuZNw==}
     dev: false
 
-  /merge2/1.4.1:
+  /merge2@1.4.1:
     resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
     engines: {node: '>= 8'}
     dev: true
 
-  /micromatch/4.0.5:
+  /micromatch@4.0.5:
     resolution: {integrity: sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==}
     engines: {node: '>=8.6'}
     dependencies:
@@ -1900,61 +1910,61 @@ packages:
       picomatch: 2.3.1
     dev: true
 
-  /mime-db/1.52.0:
+  /mime-db@1.52.0:
     resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==}
     engines: {node: '>= 0.6'}
 
-  /mime-types/2.1.35:
+  /mime-types@2.1.35:
     resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==}
     engines: {node: '>= 0.6'}
     dependencies:
       mime-db: 1.52.0
 
-  /minimatch/3.1.2:
+  /minimatch@3.1.2:
     resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
     dependencies:
       brace-expansion: 1.1.11
     dev: true
 
-  /ms/2.1.2:
+  /ms@2.1.2:
     resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==}
     dev: true
 
-  /nanoid/3.3.4:
+  /nanoid@3.3.4:
     resolution: {integrity: sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==}
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
     hasBin: true
 
-  /natural-compare/1.4.0:
+  /natural-compare@1.4.0:
     resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
     dev: true
 
-  /normalize-path/3.0.0:
+  /normalize-path@3.0.0:
     resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /normalize-wheel-es/1.2.0:
+  /normalize-wheel-es@1.2.0:
     resolution: {integrity: sha512-Wj7+EJQ8mSuXr2iWfnujrimU35R2W4FAErEyTmJoJ7ucwTn2hOUSsRehMb5RSYkxXGTM7Y9QpvPmp++w5ftoJw==}
     dev: false
 
-  /nth-check/2.1.1:
+  /nth-check@2.1.1:
     resolution: {integrity: sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==}
     dependencies:
       boolbase: 1.0.0
     dev: true
 
-  /nwsapi/2.2.1:
+  /nwsapi@2.2.1:
     resolution: {integrity: sha512-JYOWTeFoS0Z93587vRJgASD5Ut11fYl5NyihP3KrYBvMe1FRRs6RN7m20SA/16GM4P6hTnZjT+UmDOt38UeXNg==}
     dev: true
 
-  /once/1.4.0:
+  /once@1.4.0:
     resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
     dependencies:
       wrappy: 1.0.2
     dev: true
 
-  /optionator/0.8.3:
+  /optionator@0.8.3:
     resolution: {integrity: sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==}
     engines: {node: '>= 0.8.0'}
     dependencies:
@@ -1966,7 +1976,7 @@ packages:
       word-wrap: 1.2.3
     dev: true
 
-  /optionator/0.9.1:
+  /optionator@0.9.1:
     resolution: {integrity: sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==}
     engines: {node: '>= 0.8.0'}
     dependencies:
@@ -1978,70 +1988,70 @@ packages:
       word-wrap: 1.2.3
     dev: true
 
-  /p-limit/3.1.0:
+  /p-limit@3.1.0:
     resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==}
     engines: {node: '>=10'}
     dependencies:
       yocto-queue: 0.1.0
     dev: true
 
-  /p-locate/5.0.0:
+  /p-locate@5.0.0:
     resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
     engines: {node: '>=10'}
     dependencies:
       p-limit: 3.1.0
     dev: true
 
-  /parent-module/1.0.1:
+  /parent-module@1.0.1:
     resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
     engines: {node: '>=6'}
     dependencies:
       callsites: 3.1.0
     dev: true
 
-  /parse5/7.0.0:
+  /parse5@7.0.0:
     resolution: {integrity: sha512-y/t8IXSPWTuRZqXc0ajH/UwDj4mnqLEbSttNbThcFhGrZuOyoyvNBO85PBp2jQa55wY9d07PBNjsK8ZP3K5U6g==}
     dependencies:
       entities: 4.3.1
     dev: true
 
-  /path-exists/4.0.0:
+  /path-exists@4.0.0:
     resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
     engines: {node: '>=8'}
     dev: true
 
-  /path-is-absolute/1.0.1:
+  /path-is-absolute@1.0.1:
     resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /path-key/3.1.1:
+  /path-key@3.1.1:
     resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
     engines: {node: '>=8'}
     dev: true
 
-  /path-parse/1.0.7:
+  /path-parse@1.0.7:
     resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==}
     dev: true
 
-  /path-type/4.0.0:
+  /path-type@4.0.0:
     resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==}
     engines: {node: '>=8'}
     dev: true
 
-  /pathval/1.1.1:
+  /pathval@1.1.1:
     resolution: {integrity: sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==}
     dev: true
 
-  /picocolors/1.0.0:
+  /picocolors@1.0.0:
     resolution: {integrity: sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==}
 
-  /picomatch/2.3.1:
+  /picomatch@2.3.1:
     resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==}
     engines: {node: '>=8.6'}
     dev: true
 
-  /pinia-plugin-persistedstate/2.1.1_pinia@2.0.18:
+  /pinia-plugin-persistedstate@2.1.1(pinia@2.0.18):
     resolution: {integrity: sha512-HUgsU5IRtM75eAQiIqzT3p1oPEuYH1/B2ipTMU++yE+FV0LkHaBswdKXs0RMWYCmugO8s62oxLTh/N1dLNp+5A==}
     peerDependencies:
       pinia: ^2.0.0
@@ -2049,10 +2059,10 @@ packages:
       pinia:
         optional: true
     dependencies:
-      pinia: 2.0.18_j6bzmzd4ujpabbp5objtwxyjp4
+      pinia: 2.0.18(typescript@4.7.4)(vue@3.2.37)
     dev: false
 
-  /pinia/2.0.18_j6bzmzd4ujpabbp5objtwxyjp4:
+  /pinia@2.0.18(typescript@4.7.4)(vue@3.2.37):
     resolution: {integrity: sha512-I5MW05UVX6a5Djka136oH3VzYFiZUgeOApBwFjMx6pL91eHtGVlE3adjNUKLgtwGnrxiBRuJ8+4R3LKJKwnyZg==}
     peerDependencies:
       '@vue/composition-api': ^1.4.0
@@ -2067,10 +2077,10 @@ packages:
       '@vue/devtools-api': 6.2.1
       typescript: 4.7.4
       vue: 3.2.37
-      vue-demi: 0.13.8_vue@3.2.37
+      vue-demi: 0.13.8(vue@3.2.37)
     dev: false
 
-  /postcss-selector-parser/6.0.10:
+  /postcss-selector-parser@6.0.10:
     resolution: {integrity: sha512-IQ7TZdoaqbT+LCpShg46jnZVlhWD2w6iQYAcYXfHARZ7X1t/UGhhceQDs5X0cGqKvYlHNOuv7Oa1xmb0oQuA3w==}
     engines: {node: '>=4'}
     dependencies:
@@ -2078,7 +2088,7 @@ packages:
       util-deprecate: 1.0.2
     dev: true
 
-  /postcss/8.4.16:
+  /postcss@8.4.16:
     resolution: {integrity: sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==}
     engines: {node: ^10 || ^12 || >=14}
     dependencies:
@@ -2086,65 +2096,65 @@ packages:
       picocolors: 1.0.0
       source-map-js: 1.0.2
 
-  /prelude-ls/1.1.2:
+  /prelude-ls@1.1.2:
     resolution: {integrity: sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==}
     engines: {node: '>= 0.8.0'}
     dev: true
 
-  /prelude-ls/1.2.1:
+  /prelude-ls@1.2.1:
     resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
     engines: {node: '>= 0.8.0'}
     dev: true
 
-  /prettier-linter-helpers/1.0.0:
+  /prettier-linter-helpers@1.0.0:
     resolution: {integrity: sha512-GbK2cP9nraSSUF9N2XwUwqfzlAFlMNYYl+ShE/V+H8a9uNl/oUqB1w2EL54Jh0OlyRSd8RfWYJ3coVS4TROP2w==}
     engines: {node: '>=6.0.0'}
     dependencies:
       fast-diff: 1.2.0
     dev: true
 
-  /prettier/2.7.1:
+  /prettier@2.7.1:
     resolution: {integrity: sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==}
     engines: {node: '>=10.13.0'}
     hasBin: true
     dev: true
 
-  /psl/1.9.0:
+  /psl@1.9.0:
     resolution: {integrity: sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==}
     dev: true
 
-  /punycode/2.1.1:
+  /punycode@2.1.1:
     resolution: {integrity: sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==}
     engines: {node: '>=6'}
     dev: true
 
-  /queue-microtask/1.2.3:
+  /queue-microtask@1.2.3:
     resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
     dev: true
 
-  /readdirp/3.6.0:
+  /readdirp@3.6.0:
     resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
     engines: {node: '>=8.10.0'}
     dependencies:
       picomatch: 2.3.1
     dev: true
 
-  /regexpp/3.2.0:
+  /regexpp@3.2.0:
     resolution: {integrity: sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==}
     engines: {node: '>=8'}
     dev: true
 
-  /require-directory/2.1.1:
+  /require-directory@2.1.1:
     resolution: {integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /resolve-from/4.0.0:
+  /resolve-from@4.0.0:
     resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
     engines: {node: '>=4'}
     dev: true
 
-  /resolve/1.22.1:
+  /resolve@1.22.1:
     resolution: {integrity: sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==}
     hasBin: true
     dependencies:
@@ -2153,19 +2163,19 @@ packages:
       supports-preserve-symlinks-flag: 1.0.0
     dev: true
 
-  /reusify/1.0.4:
+  /reusify@1.0.4:
     resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==}
     engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
     dev: true
 
-  /rimraf/3.0.2:
+  /rimraf@3.0.2:
     resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==}
     hasBin: true
     dependencies:
       glob: 7.2.3
     dev: true
 
-  /rollup/2.77.3:
+  /rollup@2.77.3:
     resolution: {integrity: sha512-/qxNTG7FbmefJWoeeYJFbHehJ2HNWnjkAFRKzWN/45eNBBF/r8lo992CwcJXEzyVxs5FmfId+vTSTQDb+bxA+g==}
     engines: {node: '>=10.0.0'}
     hasBin: true
@@ -2173,21 +2183,21 @@ packages:
       fsevents: 2.3.2
     dev: true
 
-  /run-parallel/1.2.0:
+  /run-parallel@1.2.0:
     resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==}
     dependencies:
       queue-microtask: 1.2.3
     dev: true
 
-  /safe-buffer/5.1.2:
+  /safe-buffer@5.1.2:
     resolution: {integrity: sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==}
     dev: true
 
-  /safer-buffer/2.1.2:
+  /safer-buffer@2.1.2:
     resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}
     dev: true
 
-  /sass/1.54.4:
+  /sass@1.54.4:
     resolution: {integrity: sha512-3tmF16yvnBwtlPrNBHw/H907j8MlOX8aTBnlNX1yrKx24RKcJGPyLhFUwkoKBKesR3unP93/2z14Ll8NicwQUA==}
     engines: {node: '>=12.0.0'}
     hasBin: true
@@ -2197,19 +2207,19 @@ packages:
       source-map-js: 1.0.2
     dev: true
 
-  /saxes/6.0.0:
+  /saxes@6.0.0:
     resolution: {integrity: sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==}
     engines: {node: '>=v12.22.7'}
     dependencies:
       xmlchars: 2.2.0
     dev: true
 
-  /semver/6.3.0:
+  /semver@6.3.0:
     resolution: {integrity: sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==}
     hasBin: true
     dev: true
 
-  /semver/7.3.7:
+  /semver@7.3.7:
     resolution: {integrity: sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==}
     engines: {node: '>=10'}
     hasBin: true
@@ -2217,39 +2227,39 @@ packages:
       lru-cache: 6.0.0
     dev: true
 
-  /shebang-command/2.0.0:
+  /shebang-command@2.0.0:
     resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
     engines: {node: '>=8'}
     dependencies:
       shebang-regex: 3.0.0
     dev: true
 
-  /shebang-regex/3.0.0:
+  /shebang-regex@3.0.0:
     resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
     engines: {node: '>=8'}
     dev: true
 
-  /signal-exit/3.0.7:
+  /signal-exit@3.0.7:
     resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==}
     dev: true
 
-  /slash/3.0.0:
+  /slash@3.0.0:
     resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==}
     engines: {node: '>=8'}
     dev: true
 
-  /source-map-js/1.0.2:
+  /source-map-js@1.0.2:
     resolution: {integrity: sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==}
     engines: {node: '>=0.10.0'}
 
-  /source-map/0.6.1:
+  /source-map@0.6.1:
     resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==}
     engines: {node: '>=0.10.0'}
 
-  /sourcemap-codec/1.4.8:
+  /sourcemap-codec@1.4.8:
     resolution: {integrity: sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA==}
 
-  /string-width/4.2.3:
+  /string-width@4.2.3:
     resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
     engines: {node: '>=8'}
     dependencies:
@@ -2258,35 +2268,35 @@ packages:
       strip-ansi: 6.0.1
     dev: true
 
-  /strip-ansi/6.0.1:
+  /strip-ansi@6.0.1:
     resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
     engines: {node: '>=8'}
     dependencies:
       ansi-regex: 5.0.1
     dev: true
 
-  /strip-json-comments/3.1.1:
+  /strip-json-comments@3.1.1:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
     dev: true
 
-  /supports-color/7.2.0:
+  /supports-color@7.2.0:
     resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
     engines: {node: '>=8'}
     dependencies:
       has-flag: 4.0.0
     dev: true
 
-  /supports-preserve-symlinks-flag/1.0.0:
+  /supports-preserve-symlinks-flag@1.0.0:
     resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==}
     engines: {node: '>= 0.4'}
     dev: true
 
-  /symbol-tree/3.2.4:
+  /symbol-tree@3.2.4:
     resolution: {integrity: sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==}
     dev: true
 
-  /test-exclude/6.0.0:
+  /test-exclude@6.0.0:
     resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==}
     engines: {node: '>=8'}
     dependencies:
@@ -2295,32 +2305,32 @@ packages:
       minimatch: 3.1.2
     dev: true
 
-  /text-table/0.2.0:
+  /text-table@0.2.0:
     resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
     dev: true
 
-  /tinypool/0.2.4:
+  /tinypool@0.2.4:
     resolution: {integrity: sha512-Vs3rhkUH6Qq1t5bqtb816oT+HeJTXfwt2cbPH17sWHIYKTotQIFPk3tf2fgqRrVyMDVOc1EnPgzIxfIulXVzwQ==}
     engines: {node: '>=14.0.0'}
     dev: true
 
-  /tinyspy/1.0.0:
+  /tinyspy@1.0.0:
     resolution: {integrity: sha512-FI5B2QdODQYDRjfuLF+OrJ8bjWRMCXokQPcwKm0W3IzcbUmBNv536cQc7eXGoAuXphZwgx1DFbqImwzz08Fnhw==}
     engines: {node: '>=14.0.0'}
     dev: true
 
-  /to-fast-properties/2.0.0:
+  /to-fast-properties@2.0.0:
     resolution: {integrity: sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==}
     engines: {node: '>=4'}
 
-  /to-regex-range/5.0.1:
+  /to-regex-range@5.0.1:
     resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
     engines: {node: '>=8.0'}
     dependencies:
       is-number: 7.0.0
     dev: true
 
-  /tough-cookie/4.0.0:
+  /tough-cookie@4.0.0:
     resolution: {integrity: sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==}
     engines: {node: '>=6'}
     dependencies:
@@ -2329,18 +2339,18 @@ packages:
       universalify: 0.1.2
     dev: true
 
-  /tr46/3.0.0:
+  /tr46@3.0.0:
     resolution: {integrity: sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==}
     engines: {node: '>=12'}
     dependencies:
       punycode: 2.1.1
     dev: true
 
-  /tslib/1.14.1:
+  /tslib@1.14.1:
     resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==}
     dev: true
 
-  /tsutils/3.21.0_typescript@4.7.4:
+  /tsutils@3.21.0(typescript@4.7.4):
     resolution: {integrity: sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==}
     engines: {node: '>= 6'}
     peerDependencies:
@@ -2350,55 +2360,55 @@ packages:
       typescript: 4.7.4
     dev: true
 
-  /type-check/0.3.2:
+  /type-check@0.3.2:
     resolution: {integrity: sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==}
     engines: {node: '>= 0.8.0'}
     dependencies:
       prelude-ls: 1.1.2
     dev: true
 
-  /type-check/0.4.0:
+  /type-check@0.4.0:
     resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
     engines: {node: '>= 0.8.0'}
     dependencies:
       prelude-ls: 1.2.1
     dev: true
 
-  /type-detect/4.0.8:
+  /type-detect@4.0.8:
     resolution: {integrity: sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==}
     engines: {node: '>=4'}
     dev: true
 
-  /type-fest/0.20.2:
+  /type-fest@0.20.2:
     resolution: {integrity: sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==}
     engines: {node: '>=10'}
     dev: true
 
-  /typescript/4.7.4:
+  /typescript@4.7.4:
     resolution: {integrity: sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==}
     engines: {node: '>=4.2.0'}
     hasBin: true
 
-  /universalify/0.1.2:
+  /universalify@0.1.2:
     resolution: {integrity: sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==}
     engines: {node: '>= 4.0.0'}
     dev: true
 
-  /uri-js/4.4.1:
+  /uri-js@4.4.1:
     resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
     dependencies:
       punycode: 2.1.1
     dev: true
 
-  /util-deprecate/1.0.2:
+  /util-deprecate@1.0.2:
     resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
     dev: true
 
-  /v8-compile-cache/2.3.0:
+  /v8-compile-cache@2.3.0:
     resolution: {integrity: sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==}
     dev: true
 
-  /v8-to-istanbul/9.0.1:
+  /v8-to-istanbul@9.0.1:
     resolution: {integrity: sha512-74Y4LqY74kLE6IFyIjPtkSTWzUZmj8tdHT9Ii/26dvQ6K9Dl2NbEfj0XgU2sHCtKgt5VupqhlO/5aWuqS+IY1w==}
     engines: {node: '>=10.12.0'}
     dependencies:
@@ -2407,7 +2417,7 @@ packages:
       convert-source-map: 1.8.0
     dev: true
 
-  /vite/3.0.8_sass@1.54.4:
+  /vite@3.0.8(sass@1.54.4):
     resolution: {integrity: sha512-AOZ4eN7mrkJiOLuw8IA7piS4IdOQyQCA81GxGsAQvAZzMRi9ZwGB3TOaYsj4uLAWK46T5L4AfQ6InNGlxX30IQ==}
     engines: {node: ^14.18.0 || >=16.0.0}
     hasBin: true
@@ -2435,7 +2445,7 @@ packages:
       fsevents: 2.3.2
     dev: true
 
-  /vitest/0.22.0_jsdom@20.0.0+sass@1.54.4:
+  /vitest@0.22.0(jsdom@20.0.0)(sass@1.54.4):
     resolution: {integrity: sha512-BSIro/QOHLaQY08FHwT6THWhqLQ+VPU+N4Rdo4pcP+16XB6oLmNNAXGcSh/MOLUhfUy+mqCwx7AyKmU7Ms5R+g==}
     engines: {node: '>=v14.16.0'}
     hasBin: true
@@ -2466,7 +2476,7 @@ packages:
       local-pkg: 0.4.2
       tinypool: 0.2.4
       tinyspy: 1.0.0
-      vite: 3.0.8_sass@1.54.4
+      vite: 3.0.8(sass@1.54.4)
     transitivePeerDependencies:
       - less
       - sass
@@ -2475,7 +2485,7 @@ packages:
       - terser
     dev: true
 
-  /vue-demi/0.13.8_vue@3.2.37:
+  /vue-demi@0.13.8(vue@3.2.37):
     resolution: {integrity: sha512-Vy1zbZhCOdsmvGR6tJhAvO5vhP7eiS8xkbYQSoVa7o6KlIy3W8Rc53ED4qI4qpeRDjv3mLfXSEpYU6Yq4pgXRg==}
     engines: {node: '>=12'}
     hasBin: true
@@ -2490,7 +2500,7 @@ packages:
       vue: 3.2.37
     dev: false
 
-  /vue-eslint-parser/9.0.3_eslint@8.22.0:
+  /vue-eslint-parser@9.0.3(eslint@8.22.0):
     resolution: {integrity: sha512-yL+ZDb+9T0ELG4VIFo/2anAOz8SvBdlqEnQnvJ3M7Scq56DvtjY0VY88bByRZB0D4J0u8olBcfrXTVONXsh4og==}
     engines: {node: ^14.17.0 || >=16.0.0}
     peerDependencies:
@@ -2508,7 +2518,7 @@ packages:
       - supports-color
     dev: true
 
-  /vue-i18n/9.2.2_vue@3.2.37:
+  /vue-i18n@9.2.2(vue@3.2.37):
     resolution: {integrity: sha512-yswpwtj89rTBhegUAv9Mu37LNznyu3NpyLQmozF3i1hYOhwpG8RjcjIFIIfnu+2MDZJGSZPXaKWvnQA71Yv9TQ==}
     engines: {node: '>= 14'}
     peerDependencies:
@@ -2521,7 +2531,7 @@ packages:
       vue: 3.2.37
     dev: false
 
-  /vue-router/4.1.3_vue@3.2.37:
+  /vue-router@4.1.3(vue@3.2.37):
     resolution: {integrity: sha512-XvK81bcYglKiayT7/vYAg/f36ExPC4t90R/HIpzrZ5x+17BOWptXLCrEPufGgZeuq68ww4ekSIMBZY1qdUdfjA==}
     peerDependencies:
       vue: ^3.2.0
@@ -2530,7 +2540,7 @@ packages:
       vue: 3.2.37
     dev: false
 
-  /vue-tsc/0.38.9_typescript@4.7.4:
+  /vue-tsc@0.38.9(typescript@4.7.4):
     resolution: {integrity: sha512-Yoy5phgvGqyF98Fb4mYqboR4Q149jrdcGv5kSmufXJUq++RZJ2iMVG0g6zl+v3t4ORVWkQmRpsV4x2szufZ0LQ==}
     hasBin: true
     peerDependencies:
@@ -2540,46 +2550,46 @@ packages:
       typescript: 4.7.4
     dev: true
 
-  /vue/3.2.37:
+  /vue@3.2.37:
     resolution: {integrity: sha512-bOKEZxrm8Eh+fveCqS1/NkG/n6aMidsI6hahas7pa0w/l7jkbssJVsRhVDs07IdDq7h9KHswZOgItnwJAgtVtQ==}
     dependencies:
       '@vue/compiler-dom': 3.2.37
       '@vue/compiler-sfc': 3.2.37
       '@vue/runtime-dom': 3.2.37
-      '@vue/server-renderer': 3.2.37_vue@3.2.37
+      '@vue/server-renderer': 3.2.37(vue@3.2.37)
       '@vue/shared': 3.2.37
 
-  /w3c-hr-time/1.0.2:
+  /w3c-hr-time@1.0.2:
     resolution: {integrity: sha512-z8P5DvDNjKDoFIHK7q8r8lackT6l+jo/Ye3HOle7l9nICP9lf1Ci25fy9vHd0JOWewkIFzXIEig3TdKT7JQ5fQ==}
     dependencies:
       browser-process-hrtime: 1.0.0
     dev: true
 
-  /w3c-xmlserializer/3.0.0:
+  /w3c-xmlserializer@3.0.0:
     resolution: {integrity: sha512-3WFqGEgSXIyGhOmAFtlicJNMjEps8b1MG31NCA0/vOF9+nKMUW1ckhi9cnNHmf88Rzw5V+dwIwsm2C7X8k9aQg==}
     engines: {node: '>=12'}
     dependencies:
       xml-name-validator: 4.0.0
     dev: true
 
-  /webidl-conversions/7.0.0:
+  /webidl-conversions@7.0.0:
     resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==}
     engines: {node: '>=12'}
     dev: true
 
-  /whatwg-encoding/2.0.0:
+  /whatwg-encoding@2.0.0:
     resolution: {integrity: sha512-p41ogyeMUrw3jWclHWTQg1k05DSVXPLcVxRTYsXUk+ZooOCZLcoYgPZ/HL/D/N+uQPOtcp1me1WhBEaX02mhWg==}
     engines: {node: '>=12'}
     dependencies:
       iconv-lite: 0.6.3
     dev: true
 
-  /whatwg-mimetype/3.0.0:
+  /whatwg-mimetype@3.0.0:
     resolution: {integrity: sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==}
     engines: {node: '>=12'}
     dev: true
 
-  /whatwg-url/11.0.0:
+  /whatwg-url@11.0.0:
     resolution: {integrity: sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==}
     engines: {node: '>=12'}
     dependencies:
@@ -2587,7 +2597,7 @@ packages:
       webidl-conversions: 7.0.0
     dev: true
 
-  /which/2.0.2:
+  /which@2.0.2:
     resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
     engines: {node: '>= 8'}
     hasBin: true
@@ -2595,12 +2605,12 @@ packages:
       isexe: 2.0.0
     dev: true
 
-  /word-wrap/1.2.3:
+  /word-wrap@1.2.3:
     resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /wrap-ansi/7.0.0:
+  /wrap-ansi@7.0.0:
     resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
     engines: {node: '>=10'}
     dependencies:
@@ -2609,11 +2619,11 @@ packages:
       strip-ansi: 6.0.1
     dev: true
 
-  /wrappy/1.0.2:
+  /wrappy@1.0.2:
     resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
     dev: true
 
-  /ws/8.8.1:
+  /ws@8.8.1:
     resolution: {integrity: sha512-bGy2JzvzkPowEJV++hF07hAD6niYSr0JzBNo/J29WsB57A2r7Wlc1UFcTR9IzrPvuNVO4B8LGqF8qcpsVOhJCA==}
     engines: {node: '>=10.0.0'}
     peerDependencies:
@@ -2626,30 +2636,30 @@ packages:
         optional: true
     dev: true
 
-  /xml-name-validator/4.0.0:
+  /xml-name-validator@4.0.0:
     resolution: {integrity: sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==}
     engines: {node: '>=12'}
     dev: true
 
-  /xmlchars/2.2.0:
+  /xmlchars@2.2.0:
     resolution: {integrity: sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==}
     dev: true
 
-  /y18n/5.0.8:
+  /y18n@5.0.8:
     resolution: {integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==}
     engines: {node: '>=10'}
     dev: true
 
-  /yallist/4.0.0:
+  /yallist@4.0.0:
     resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
     dev: true
 
-  /yargs-parser/20.2.9:
+  /yargs-parser@20.2.9:
     resolution: {integrity: sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==}
     engines: {node: '>=10'}
     dev: true
 
-  /yargs/16.2.0:
+  /yargs@16.2.0:
     resolution: {integrity: sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==}
     engines: {node: '>=10'}
     dependencies:
@@ -2662,7 +2672,7 @@ packages:
       yargs-parser: 20.2.9
     dev: true
 
-  /yocto-queue/0.1.0:
+  /yocto-queue@0.1.0:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
     dev: true
diff --git a/pom.xml b/pom.xml
index 9ff452a48..4ce11caf5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -207,7 +207,7 @@
         <!-- webui -->
         <webui.skip>true</webui.skip>
         <node.version>v16.19.1</node.version>
-        <pnpm.version>v7.27.1</pnpm.version>
+        <pnpm.version>v8.4.0</pnpm.version>
 
         <!-- apply to kyuubi-hive-jdbc/kyuubi-hive-beeline module -->
         <hive.client.jline.version>2.12</hive.client.jline.version>

From 0875ce70664880d4e065897c2807eb0798a62557 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 3 May 2023 18:42:23 +0800
Subject: [PATCH 335/760] [KYUUBI #4784] Use nodejs v18 in CI builds and maven
 web-ui builds

### _Why are the changes needed?_

- nodejs v18 is the current active LTS version of nodejs since October 2022, while v16 is in maintenance mode and no longer in the active status

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

This patch had conflicts when merged, resolved by
Committer: Cheng Pan <chengpan@apache.org>

Closes #4784 from bowenliang123/nodejs18.

Closes #4784

483c3ac56 [liangbowen] use nodejs v18 in ci builds and maven builds

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/style.yml  | 2 +-
 .github/workflows/web-ui.yml | 2 +-
 pom.xml                      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index e2e6fd70e..479b74e36 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -89,7 +89,7 @@ jobs:
       - name: setup npm
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
       - name: Web UI Style with node
         run: |
           cd ./kyuubi-server/web-ui
diff --git a/.github/workflows/web-ui.yml b/.github/workflows/web-ui.yml
index 65fb47594..13d072321 100644
--- a/.github/workflows/web-ui.yml
+++ b/.github/workflows/web-ui.yml
@@ -24,7 +24,7 @@ jobs:
       - name: setup npm
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
       - name: npm run coverage & build
         run: |
           cd ./kyuubi-server/web-ui
diff --git a/pom.xml b/pom.xml
index 4ce11caf5..af56eb167 100644
--- a/pom.xml
+++ b/pom.xml
@@ -206,7 +206,7 @@
 
         <!-- webui -->
         <webui.skip>true</webui.skip>
-        <node.version>v16.19.1</node.version>
+        <node.version>v18.16.0</node.version>
         <pnpm.version>v8.4.0</pnpm.version>
 
         <!-- apply to kyuubi-hive-jdbc/kyuubi-hive-beeline module -->

From 66de0ad8a040b809908bfb44e70502650e736de0 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 3 May 2023 20:24:59 +0800
Subject: [PATCH 336/760] [KYUUBI #4780] Get engine application info with
 interval to prevent frequent call to resource manager

### _Why are the changes needed?_

To prevent frequent call to resource manager.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4780 from turboFei/engine_ref.

Closes #4780

09f67c699 [fwang12] re-order
88c1cb33c [fwang12] sleep

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/EngineRef.scala  | 39 ++++++++++++-------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index b2b3ce909..765f36949 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -206,10 +206,11 @@ private[kyuubi] class EngineRef(
       builder.validateConf
       val process = builder.start
       var exitValue: Option[Int] = None
+      var lastApplicationInfo: Option[ApplicationInfo] = None
       while (engineRef.isEmpty) {
         if (exitValue.isEmpty && process.waitFor(1, TimeUnit.SECONDS)) {
           exitValue = Some(process.exitValue())
-          if (exitValue.get != 0) {
+          if (exitValue != Some(0)) {
             val error = builder.getError
             MetricsSystem.tracing { ms =>
               ms.incCount(MetricRegistry.name(ENGINE_FAIL, appUser))
@@ -219,14 +220,31 @@ private[kyuubi] class EngineRef(
           }
         }
 
+        if (started + timeout <= System.currentTimeMillis()) {
+          val killMessage = engineManager.killApplication(builder.clusterManager(), engineRefId)
+          process.destroyForcibly()
+          MetricsSystem.tracing(_.incCount(MetricRegistry.name(ENGINE_TIMEOUT, appUser)))
+          throw KyuubiSQLException(
+            s"Timeout($timeout ms, you can modify ${ENGINE_INIT_TIMEOUT.key} to change it) to" +
+              s" launched $engineType engine with $redactedCmd. $killMessage",
+            builder.getError)
+        }
+        engineRef = discoveryClient.getEngineByRefId(engineSpace, engineRefId)
+
         // even the submit process succeeds, the application might meet failure when initializing,
         // check the engine application state from engine manager and fast fail on engine terminate
-        if (exitValue == Some(0)) {
+        if (engineRef.isEmpty && exitValue == Some(0)) {
           Option(engineManager).foreach { engineMgr =>
-            engineMgr.getApplicationInfo(
+            if (lastApplicationInfo.isDefined) {
+              TimeUnit.SECONDS.sleep(1)
+            }
+
+            val applicationInfo = engineMgr.getApplicationInfo(
               builder.clusterManager(),
               engineRefId,
-              Some(started)).foreach { appInfo =>
+              Some(started))
+
+            applicationInfo.foreach { appInfo =>
               if (ApplicationState.isTerminated(appInfo.state)) {
                 MetricsSystem.tracing { ms =>
                   ms.incCount(MetricRegistry.name(ENGINE_FAIL, appUser))
@@ -240,19 +258,10 @@ private[kyuubi] class EngineRef(
                   builder.getError)
               }
             }
-          }
-        }
 
-        if (started + timeout <= System.currentTimeMillis()) {
-          val killMessage = engineManager.killApplication(builder.clusterManager(), engineRefId)
-          process.destroyForcibly()
-          MetricsSystem.tracing(_.incCount(MetricRegistry.name(ENGINE_TIMEOUT, appUser)))
-          throw KyuubiSQLException(
-            s"Timeout($timeout ms, you can modify ${ENGINE_INIT_TIMEOUT.key} to change it) to" +
-              s" launched $engineType engine with $redactedCmd. $killMessage",
-            builder.getError)
+            lastApplicationInfo = applicationInfo
+          }
         }
-        engineRef = discoveryClient.getEngineByRefId(engineSpace, engineRefId)
       }
       engineRef.get
     } finally {

From dcb444e2d8e44b30eb6cad74ae8b75b2e54b52da Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Wed, 3 May 2023 21:51:21 +0800
Subject: [PATCH 337/760] [KYUUBI #4495] Support Flink job management
 statements

### _Why are the changes needed?_

Support Flink job management statements.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4774 from link3280/KYUUBI-4495.

Closes #4495

a4aaebcbb [Paul Lin] [KYUUBI #4495] Adjust the order of tests
225a6cdbd [Paul Lin] [KYUUBI #4495] Increase the number of taskmanagers in the mini cluster
67935ac24 [Paul Lin] [KYUUBI #4495] Wait jobs to get ready for show job statements
9c4ce1d6e [Paul Lin] [KYUUBI #4495] Fix show jobs assertion error
ab3113cab [Paul Lin] [KYUUBI #4495] Support Flink job management statements

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../flink/WithFlinkSQLEngineLocal.scala       |  1 +
 .../engine/flink/WithFlinkTestResources.scala |  5 +-
 .../flink/operation/FlinkOperationSuite.scala | 70 ++++++++++++++++++-
 3 files changed, 73 insertions(+), 3 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
index 0001f31ae..92c1bcd83 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineLocal.scala
@@ -184,6 +184,7 @@ trait WithFlinkSQLEngineLocal extends KyuubiFunSuite with WithFlinkTestResources
     val cfg = new MiniClusterConfiguration.Builder()
       .setConfiguration(flinkConfig)
       .setNumSlotsPerTaskManager(1)
+      .setNumTaskManagers(2)
       .build
     miniCluster = new MiniCluster(cfg)
     miniCluster.start()
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
index 3ea02774e..3b1d65cb2 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkTestResources.scala
@@ -41,6 +41,9 @@ trait WithFlinkTestResources {
     GENERATED_UDF_CLASS,
     GENERATED_UDF_CODE)
 
+  protected val savepointDir: File = Utils.createTempDir("savepoints").toFile
+
   protected val testExtraConf: Map[String, String] = Map(
-    "flink.pipeline.name" -> "test-job")
+    "flink.pipeline.name" -> "test-job",
+    "flink.state.savepoints.dir" -> savepointDir.toURI.toString)
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 00e26c528..39d17aa7b 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import java.nio.file.Paths
 import java.sql.DatabaseMetaData
 import java.util.UUID
 
@@ -33,6 +34,7 @@ import org.apache.kyuubi.engine.flink.{FlinkEngineUtils, WithFlinkTestResources}
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
+import org.apache.kyuubi.jdbc.hive.common.TimestampTZ
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 
@@ -632,6 +634,62 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
     }
   }
 
+  test("execute statement - show/stop jobs") {
+    if (FlinkEngineUtils.isFlinkVersionAtLeast("1.17")) {
+      withSessionConf()(Map(ENGINE_FLINK_MAX_ROWS.key -> "10"))(Map.empty) {
+        withMultipleConnectionJdbcStatement()({ statement =>
+          statement.executeQuery(
+            "create table tbl_a (a int) with (" +
+              "'connector' = 'datagen', " +
+              "'rows-per-second'='10')")
+          statement.executeQuery("create table tbl_b (a int) with ('connector' = 'blackhole')")
+          val insertResult1 = statement.executeQuery("insert into tbl_b select * from tbl_a")
+          assert(insertResult1.next())
+          val jobId1 = insertResult1.getString(1)
+
+          Thread.sleep(5000)
+
+          val showResult = statement.executeQuery("show jobs")
+          val metadata = showResult.getMetaData
+          assert(metadata.getColumnName(1) === "job id")
+          assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
+          assert(metadata.getColumnName(2) === "job name")
+          assert(metadata.getColumnType(2) === java.sql.Types.VARCHAR)
+          assert(metadata.getColumnName(3) === "status")
+          assert(metadata.getColumnType(3) === java.sql.Types.VARCHAR)
+          assert(metadata.getColumnName(4) === "start time")
+          assert(metadata.getColumnType(4) === java.sql.Types.OTHER)
+
+          var isFound = false
+          while (showResult.next()) {
+            if (showResult.getString(1) === jobId1) {
+              isFound = true
+              assert(showResult.getString(2) === "test-job")
+              assert(showResult.getString(3) === "RUNNING")
+              assert(showResult.getObject(4).isInstanceOf[TimestampTZ])
+            }
+          }
+          assert(isFound)
+
+          val stopResult1 = statement.executeQuery(s"stop job '$jobId1'")
+          assert(stopResult1.next())
+          assert(stopResult1.getString(1) === "OK")
+
+          val selectResult = statement.executeQuery("select * from tbl_a")
+          val jobId2 = statement.asInstanceOf[KyuubiStatement].getQueryId
+          assert(jobId2 !== null)
+          while (!selectResult.next()) {
+            Thread.sleep(1000L)
+          }
+          val stopResult2 = statement.executeQuery(s"stop job '$jobId2' with savepoint")
+          assert(stopResult2.getMetaData.getColumnName(1).equals("savepoint path"))
+          assert(stopResult2.next())
+          assert(Paths.get(stopResult2.getString(1)).getFileName.toString.startsWith("savepoint-"))
+        })
+      }
+    }
+  }
+
   test("execute statement - select column name with dots") {
     withJdbcStatement() { statement =>
       val resultSet = statement.executeQuery("select 'tmp.hello'")
@@ -994,7 +1052,14 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       assert(metadata.getColumnName(1) === "job id")
       assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
       assert(resultSet.next())
-      assert(resultSet.getString(1).length == 32)
+      val jobId = resultSet.getString(1)
+      assert(jobId.length == 32)
+
+      if (FlinkEngineUtils.isFlinkVersionAtLeast("1.17")) {
+        val stopResult = statement.executeQuery(s"stop job '$jobId'")
+        assert(stopResult.next())
+        assert(stopResult.getString(1) === "OK")
+      }
     })
   }
 
@@ -1072,7 +1137,8 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
   test("ensure result max rows") {
     withSessionConf()(Map(ENGINE_FLINK_MAX_ROWS.key -> "200"))(Map.empty) {
       withJdbcStatement() { statement =>
-        statement.execute("create table tbl_src (a bigint) with ('connector' = 'datagen')")
+        statement.execute("create table tbl_src (a bigint) with (" +
+          "'connector' = 'datagen', 'number-of-rows' = '1000')")
         val resultSet = statement.executeQuery(s"select a from tbl_src")
         var rows = 0
         while (resultSet.next()) {

From 07e26a85e0f4e7722a7c37d195e660751efee178 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 5 May 2023 10:07:22 +0800
Subject: [PATCH 338/760] [KYUUBI #4786] Support yarn-client and yarn-cluster
 for YarnApplicationOperation

### _Why are the changes needed?_

The spark master might be yarn-client and yarn-cluster
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4786 from turboFei/yarn_client_cluster.

Closes #4786

accab6b81 [fwang12] Support yarn-client and yarn-cluster

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/engine/KubernetesApplicationOperation.scala | 4 ++--
 .../org/apache/kyuubi/engine/YarnApplicationOperation.scala   | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 83792f52f..c569dc9dc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.engine
 
+import java.util.Locale
 import java.util.concurrent.{ConcurrentHashMap, TimeUnit}
 
 import com.google.common.cache.{Cache, CacheBuilder, RemovalNotification}
@@ -74,8 +75,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
 
   override def isSupported(clusterManager: Option[String]): Boolean = {
     // TODO add deploy mode to check whether is supported
-    kubernetesClient != null && clusterManager.nonEmpty &&
-    clusterManager.get.toLowerCase.startsWith("k8s")
+    kubernetesClient != null && clusterManager.exists(_.toLowerCase(Locale.ROOT).startsWith("k8s"))
   }
 
   override def killApplicationByTag(tag: String): KillResponse = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
index 446314208..ea2bf6dcd 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.engine
 
+import java.util.Locale
+
 import scala.collection.JavaConverters._
 
 import org.apache.hadoop.yarn.api.records.{FinalApplicationStatus, YarnApplicationState}
@@ -46,7 +48,7 @@ class YarnApplicationOperation extends ApplicationOperation with Logging {
   }
 
   override def isSupported(clusterManager: Option[String]): Boolean = {
-    yarnClient != null && clusterManager.nonEmpty && "yarn".equalsIgnoreCase(clusterManager.get)
+    yarnClient != null && clusterManager.exists(_.toLowerCase(Locale.ROOT).startsWith("yarn"))
   }
 
   override def killApplicationByTag(tag: String): KillResponse = {

From d7417ce44fd38daf75352acaaac3cac2e16cb5b8 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 5 May 2023 14:15:54 +0800
Subject: [PATCH 339/760] [KYUUBI #4791] Add helper method to simplify REST
 enabled judgment

### _Why are the changes needed?_

The REST enabled judgment will be used in other places, e.g. the developing batch API v2

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4791 from pan3793/conf.

Closes #4791

264566569 [Cheng Pan] Add helper method to simplify REST enabled judgement

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala     |  2 ++
 .../kyuubi/session/KyuubiSessionManager.scala     | 15 +++++----------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index e90dbe239..63a9ea648 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -188,6 +188,8 @@ case class KyuubiConf(loadSysDefault: Boolean = true) extends Logging {
             s"and may be removed in the future. $comment")
     }
   }
+
+  def isRESTEnabled: Boolean = get(FRONTEND_PROTOCOLS).contains(FrontendProtocols.REST.toString)
 }
 
 /**
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 73248cd56..b0ed144a5 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -47,16 +47,11 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   val operationManager = new KyuubiOperationManager()
   val credentialsManager = new HadoopCredentialsManager()
   val applicationManager = new KyuubiApplicationManager()
-  private lazy val metadataManager: Option[MetadataManager] = {
-    // Currently, the metadata manager is used by the REST frontend which provides batch job APIs,
-    // so we initialize it only when Kyuubi starts with the REST frontend.
-    if (conf.get(FRONTEND_PROTOCOLS).map(FrontendProtocols.withName)
-        .contains(FrontendProtocols.REST)) {
-      Option(new MetadataManager())
-    } else {
-      None
-    }
-  }
+
+  // Currently, the metadata manager is used by the REST frontend which provides batch job APIs,
+  // so we initialize it only when Kyuubi starts with the REST frontend.
+  lazy val metadataManager: Option[MetadataManager] =
+    if (conf.isRESTEnabled) Some(new MetadataManager()) else None
 
   // lazy is required for plugins since the conf is null when this class initialization
   lazy val sessionConfAdvisor: SessionConfAdvisor = PluginLoader.loadSessionConfAdvisor(conf)

From 3108c8e1a599d07e9637fb31cd09eba0d6bb0d56 Mon Sep 17 00:00:00 2001
From: huzk <1040080742@qq.com>
Date: Sat, 6 May 2023 14:10:39 +0800
Subject: [PATCH 340/760] [KYUUBI #4796] Expose JVM attributes to metrics
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

related issue : #2526
i  just  make the grafana dashboard of kyuubi , but i can not get the metrics of kyuubi server start time.

![图片](https://user-images.githubusercontent.com/18548053/236595754-b839e608-a087-43e6-8c31-9b6639e94138.png)

we can add JvmAttributeGaugeSet to get the uptime metrics of kyuubi .

![图片](https://user-images.githubusercontent.com/18548053/236595818-d0b6958d-f660-403f-8f72-a1ef6f679383.png)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4796 from Kyofin/master.

Closes #4796

ba1de910c [Cheng Pan] Update kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsSystem.scala
e2f15a6ee [Cheng Pan] Update kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
665552028 [huzk] add jvm metrics

Lead-authored-by: huzk <1040080742@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala  | 1 +
 .../src/main/scala/org/apache/kyuubi/metrics/MetricsSystem.scala | 1 +
 2 files changed, 2 insertions(+)

diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
index e97fd28ea..f615467f3 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
@@ -26,6 +26,7 @@ object MetricsConstants {
   final val BUFFER_POOL: String = KYUUBI + "buffer_pool"
   final val THREAD_STATE: String = KYUUBI + "thread_state"
   final val CLASS_LOADING: String = KYUUBI + "class_loading"
+  final val JVM: String = KYUUBI + "jvm"
 
   final val EXEC_POOL_ALIVE: String = KYUUBI + "exec.pool.threads.alive"
   final val EXEC_POOL_ACTIVE: String = KYUUBI + "exec.pool.threads.active"
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsSystem.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsSystem.scala
index 99da1f1b0..26344ca56 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsSystem.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsSystem.scala
@@ -67,6 +67,7 @@ class MetricsSystem extends CompositeService("MetricsSystem") {
   }
 
   override def initialize(conf: KyuubiConf): Unit = synchronized {
+    registry.registerAll(MetricsConstants.JVM, new JvmAttributeGaugeSet)
     registry.registerAll(MetricsConstants.GC_METRIC, new GarbageCollectorMetricSet)
     registry.registerAll(MetricsConstants.MEMORY_USAGE, new MemoryUsageGaugeSet)
     registry.registerAll(

From ae3b81395c9a5805d226d56671c2acdbbf365a31 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 7 May 2023 19:31:45 +0800
Subject: [PATCH 341/760] [KYUUBI #4798] Allows BatchJobSubmission to run in
 sync mode

### _Why are the changes needed?_

Currently, BatchJobSubmission is only allowed to run in async mode, this PR makes the `shouldRunAsync` configurable and allows BatchJobSubmission to run in sync mode. (To minimize the change, in sync mode, the real submission and monitoring still happen on the exec pool, the BatchJobSubmission just blocks until the batch is finished)

This PR also refactors the constructor parameters of `KyuubiBatchSessionImpl`, and unwrapped the BatchRequest to make it fit the Batch V2 design.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4798 from pan3793/batch-sync.

Closes #4798

38eee2708 [Cheng Pan] Allows BatchJobSubmission run in sync mode

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/operation/BatchJobSubmission.scala | 52 +++++++---------
 .../operation/KyuubiOperationManager.scala    |  6 +-
 .../session/KyuubiBatchSessionImpl.scala      | 57 ++++++++---------
 .../kyuubi/session/KyuubiSessionManager.scala | 62 +++++++++++++------
 4 files changed, 98 insertions(+), 79 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 702a9a917..e77416d31 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -58,12 +58,11 @@ class BatchJobSubmission(
     className: String,
     batchConf: Map[String, String],
     batchArgs: Seq[String],
-    recoveryMetadata: Option[Metadata])
+    recoveryMetadata: Option[Metadata],
+    override val shouldRunAsync: Boolean)
   extends KyuubiApplicationOperation(session) {
   import BatchJobSubmission._
 
-  override def shouldRunAsync: Boolean = true
-
   private val _operationLog = OperationLog.createOperationLog(session, getHandle)
 
   private val applicationManager = session.sessionManager.applicationManager
@@ -131,17 +130,10 @@ class BatchJobSubmission(
     session.sessionConf.get(KyuubiConf.BATCH_APPLICATION_STARVATION_TIMEOUT)
 
   private def updateBatchMetadata(): Unit = {
-    val endTime =
-      if (isTerminalState(state)) {
-        lastAccessTime
-      } else {
-        0L
-      }
+    val endTime = if (isTerminalState(state)) lastAccessTime else 0L
 
-    if (isTerminalState(state)) {
-      if (_applicationInfo.isEmpty) {
-        _applicationInfo = Some(ApplicationInfo.NOT_FOUND)
-      }
+    if (isTerminalState(state) && _applicationInfo.isEmpty) {
+      _applicationInfo = Some(ApplicationInfo.NOT_FOUND)
     }
 
     _applicationInfo.foreach { appInfo =>
@@ -187,27 +179,24 @@ class BatchJobSubmission(
   override protected def runInternal(): Unit = session.handleSessionException {
     val asyncOperation: Runnable = () => {
       try {
-        if (recoveryMetadata.exists(_.peerInstanceClosed)) {
-          setState(OperationState.CANCELED)
-        } else {
-          // If it is in recovery mode, only re-submit batch job if previous state is PENDING and
-          // fail to fetch the status including appId from resource manager. Otherwise, monitor the
-          // submitted batch application.
-          recoveryMetadata.map { metadata =>
-            if (metadata.state == OperationState.PENDING.toString) {
-              _applicationInfo = currentApplicationInfo()
-              applicationId(_applicationInfo) match {
-                case Some(appId) => monitorBatchJob(appId)
-                case None => submitAndMonitorBatchJob()
-              }
-            } else {
-              monitorBatchJob(metadata.engineId)
+        recoveryMetadata match {
+          case Some(metadata) if metadata.peerInstanceClosed =>
+            setState(OperationState.CANCELED)
+          case Some(metadata) if metadata.state == OperationState.PENDING.toString =>
+            // In recovery mode, only submit batch job when previous state is PENDING
+            // and fail to fetch the status including appId from resource manager.
+            // Otherwise, monitor the submitted batch application.
+            _applicationInfo = currentApplicationInfo()
+            applicationId(_applicationInfo) match {
+              case Some(appId) => monitorBatchJob(appId)
+              case None => submitAndMonitorBatchJob()
             }
-          }.getOrElse {
+          case Some(metadata) =>
+            monitorBatchJob(metadata.engineId)
+          case None =>
             submitAndMonitorBatchJob()
-          }
-          setStateIfNotCanceled(OperationState.FINISHED)
         }
+        setStateIfNotCanceled(OperationState.FINISHED)
       } catch {
         onError()
       } finally {
@@ -225,6 +214,7 @@ class BatchJobSubmission(
         updateBatchMetadata()
       }
     }
+    if (!shouldRunAsync) getBackgroundHandle.get()
   }
 
   private def submitAndMonitorBatchJob(): Unit = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
index dd4889653..6846d0316 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
@@ -81,7 +81,8 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
       className: String,
       batchConf: Map[String, String],
       batchArgs: Seq[String],
-      recoveryMetadata: Option[Metadata]): BatchJobSubmission = {
+      recoveryMetadata: Option[Metadata],
+      shouldRunAsync: Boolean): BatchJobSubmission = {
     val operation = new BatchJobSubmission(
       session,
       batchType,
@@ -90,7 +91,8 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
       className,
       batchConf,
       batchArgs,
-      recoveryMetadata)
+      recoveryMetadata,
+      shouldRunAsync)
     addOperation(operation)
     operation
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
index 94859a08c..ba2046829 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
@@ -21,7 +21,6 @@ import scala.collection.JavaConverters._
 
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
-import org.apache.kyuubi.client.api.v1.dto.BatchRequest
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.engine.KyuubiApplicationManager
@@ -38,8 +37,14 @@ class KyuubiBatchSessionImpl(
     conf: Map[String, String],
     override val sessionManager: KyuubiSessionManager,
     val sessionConf: KyuubiConf,
-    batchRequest: BatchRequest,
-    recoveryMetadata: Option[Metadata] = None)
+    batchType: String,
+    batchName: Option[String],
+    resource: String,
+    className: String,
+    batchConf: Map[String, String],
+    batchArgs: Seq[String],
+    recoveryMetadata: Option[Metadata] = None,
+    shouldRunAsync: Boolean)
   extends KyuubiSession(
     TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V1,
     user,
@@ -68,42 +73,41 @@ class KyuubiBatchSessionImpl(
   override val sessionIdleTimeoutThreshold: Long =
     sessionManager.getConf.get(KyuubiConf.BATCH_SESSION_IDLE_TIMEOUT)
 
-  override val normalizedConf: Map[String, String] = {
-    sessionConf.getBatchConf(batchRequest.getBatchType) ++
-      sessionManager.validateBatchConf(batchRequest.getConf.asScala.toMap)
-  }
+  override val normalizedConf: Map[String, String] =
+    sessionConf.getBatchConf(batchType) ++ sessionManager.validateBatchConf(batchConf)
 
-  private val optimizedConf: Map[String, String] = {
+  val optimizedConf: Map[String, String] = {
     val confOverlay = sessionManager.sessionConfAdvisor.getConfOverlay(
       user,
       normalizedConf.asJava)
     if (confOverlay != null) {
       val overlayConf = new KyuubiConf(false)
       confOverlay.asScala.foreach { case (k, v) => overlayConf.set(k, v) }
-      normalizedConf ++ overlayConf.getBatchConf(batchRequest.getBatchType)
+      normalizedConf ++ overlayConf.getBatchConf(batchType)
     } else {
       warn(s"the server plugin return null value for user: $user, ignore it")
       normalizedConf
     }
   }
 
-  override lazy val name: Option[String] = Option(batchRequest.getName).orElse(
-    optimizedConf.get(KyuubiConf.SESSION_NAME.key))
+  override lazy val name: Option[String] =
+    batchName.filterNot(_.trim.isEmpty).orElse(optimizedConf.get(KyuubiConf.SESSION_NAME.key))
 
   // whether the resource file is from uploading
-  private[kyuubi] val isResourceUploaded: Boolean = batchRequest.getConf
-    .getOrDefault(KyuubiReservedKeys.KYUUBI_BATCH_RESOURCE_UPLOADED_KEY, "false").toBoolean
+  private[kyuubi] val isResourceUploaded: Boolean =
+    batchConf.getOrElse(KyuubiReservedKeys.KYUUBI_BATCH_RESOURCE_UPLOADED_KEY, "false").toBoolean
 
   private[kyuubi] lazy val batchJobSubmissionOp = sessionManager.operationManager
     .newBatchJobSubmissionOperation(
       this,
-      batchRequest.getBatchType,
+      batchType,
       name.orNull,
-      batchRequest.getResource,
-      batchRequest.getClassName,
+      resource,
+      className,
       optimizedConf,
-      batchRequest.getArgs.asScala,
-      recoveryMetadata)
+      batchArgs,
+      recoveryMetadata,
+      shouldRunAsync)
 
   private def waitMetadataRequestsRetryCompletion(): Unit = {
     val batchId = batchJobSubmissionOp.batchId
@@ -127,14 +131,11 @@ class KyuubiBatchSessionImpl(
 
   override def checkSessionAccessPathURIs(): Unit = {
     KyuubiApplicationManager.checkApplicationAccessPaths(
-      batchRequest.getBatchType,
+      batchType,
       optimizedConf,
       sessionManager.getConf)
-    if (batchRequest.getResource != SparkProcessBuilder.INTERNAL_RESOURCE
-      && !isResourceUploaded) {
-      KyuubiApplicationManager.checkApplicationAccessPath(
-        batchRequest.getResource,
-        sessionManager.getConf)
+    if (resource != SparkProcessBuilder.INTERNAL_RESOURCE && !isResourceUploaded) {
+      KyuubiApplicationManager.checkApplicationAccessPath(resource, sessionManager.getConf)
     }
   }
 
@@ -150,13 +151,13 @@ class KyuubiBatchSessionImpl(
         ipAddress = ipAddress,
         kyuubiInstance = connectionUrl,
         state = OperationState.PENDING.toString,
-        resource = batchRequest.getResource,
-        className = batchRequest.getClassName,
+        resource = resource,
+        className = className,
         requestName = name.orNull,
         requestConf = optimizedConf,
-        requestArgs = batchRequest.getArgs.asScala,
+        requestArgs = batchArgs,
         createTime = createTime,
-        engineType = batchRequest.getBatchType,
+        engineType = batchType,
         clusterManager = batchJobSubmissionOp.builder.clusterManager())
 
       // there is a chance that operation failed w/ duplicated key error
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index b0ed144a5..0ef3f1ac1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -124,23 +124,38 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     }
   }
 
-  private def createBatchSession(
+  // scalastyle:off
+  def createBatchSession(
       user: String,
       password: String,
       ipAddress: String,
       conf: Map[String, String],
-      batchRequest: BatchRequest,
-      recoveryMetadata: Option[Metadata] = None): KyuubiBatchSessionImpl = {
+      batchType: String,
+      batchName: Option[String],
+      resource: String,
+      className: String,
+      batchConf: Map[String, String],
+      batchArgs: Seq[String],
+      recoveryMetadata: Option[Metadata] = None,
+      shouldRunAsync: Boolean): KyuubiBatchSessionImpl = {
+    // scalastyle:on
     val username = Option(user).filter(_.nonEmpty).getOrElse("anonymous")
+    val sessionConf = this.getConf.getUserDefaults(user)
     new KyuubiBatchSessionImpl(
       username,
       password,
       ipAddress,
       conf,
       this,
-      this.getConf.getUserDefaults(user),
-      batchRequest,
-      recoveryMetadata)
+      sessionConf,
+      batchType,
+      batchName,
+      resource,
+      className,
+      batchConf,
+      batchArgs,
+      recoveryMetadata,
+      shouldRunAsync)
   }
 
   private[kyuubi] def openBatchSession(batchSession: KyuubiBatchSessionImpl): SessionHandle = {
@@ -178,8 +193,21 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       password: String,
       ipAddress: String,
       conf: Map[String, String],
-      batchRequest: BatchRequest): SessionHandle = {
-    val batchSession = createBatchSession(user, password, ipAddress, conf, batchRequest)
+      batchRequest: BatchRequest,
+      shouldRunAsync: Boolean = true): SessionHandle = {
+    val batchSession = createBatchSession(
+      user,
+      password,
+      ipAddress,
+      conf,
+      batchRequest.getBatchType,
+      Option(batchRequest.getName),
+      batchRequest.getResource,
+      batchRequest.getClassName,
+      batchRequest.getConf.asScala.toMap,
+      batchRequest.getArgs.asScala,
+      None,
+      shouldRunAsync)
     openBatchSession(batchSession)
   }
 
@@ -246,21 +274,19 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
         kyuubiInstance,
         0,
         Int.MaxValue).map { metadata =>
-        val batchRequest = new BatchRequest(
-          metadata.engineType,
-          metadata.resource,
-          metadata.className,
-          metadata.requestName,
-          metadata.requestConf.asJava,
-          metadata.requestArgs.asJava)
-
         createBatchSession(
           metadata.username,
           "anonymous",
           metadata.ipAddress,
           metadata.requestConf,
-          batchRequest,
-          Some(metadata))
+          metadata.engineType,
+          Option(metadata.requestName),
+          metadata.resource,
+          metadata.className,
+          metadata.requestConf,
+          metadata.requestArgs,
+          Some(metadata),
+          shouldRunAsync = true)
       }).getOrElse(Seq.empty)
     }
   }

From f8109b0ad72bddd0fd65154a432dfed2dd575939 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Mon, 8 May 2023 13:35:55 +0800
Subject: [PATCH 342/760] [KYUUBI #4800] Update readthedocs.yaml

### _Why are the changes needed?_

- readthedocs.yml shall be readthedocs.yaml.
- Add OS version

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4800 from yaooqinn/readthedocs.

Closes #4800

ba70cc529 [Kent Yao] Update readthedocs.yaml

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .readthedocs.yml => .readthedocs.yaml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)
 rename .readthedocs.yml => .readthedocs.yaml (76%)

diff --git a/.readthedocs.yml b/.readthedocs.yaml
similarity index 76%
rename from .readthedocs.yml
rename to .readthedocs.yaml
index 671f29266..115d9c338 100644
--- a/.readthedocs.yml
+++ b/.readthedocs.yaml
@@ -16,23 +16,19 @@
 #
 
 version: 2
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
 
-# Build documentation in the docs/ directory with Sphinx
 sphinx:
   builder: html
   configuration: docs/conf.py
 
-# Build documentation with MkDocs
-#mkdocs:
-#  configuration: mkdocs.yml
-
-# Optionally build your docs in additional formats such as PDF
 formats:
   - pdf
   - epub
 
-# Optionally set the version of Python and requirements required to build your docs
 python:
-  version: 3.7
   install:
     - requirements: docs/requirements.txt

From 6ae0c8b1417995ec3d0036dc79214db83368b0db Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 8 May 2023 15:05:47 +0800
Subject: [PATCH 343/760] [KYUUBI #4801] Using different engine submit timeout
 config for kubernetes and yarn

### _Why are the changes needed?_

We shall use different engine submit timeout for different resource manager.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4801 from turboFei/engine_submit_timeout.

Closes #4801

e34852a64 [fwang12] nit
ad69008e7 [fwang12] 1.7.2
db11330c5 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                          |  2 ++
 .../scala/org/apache/kyuubi/config/KyuubiConf.scala  | 12 ++++++++++++
 .../engine/KubernetesApplicationOperation.scala      |  2 +-
 .../kyuubi/engine/YarnApplicationOperation.scala     |  2 +-
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index b12185c3c..0c7cdfc89 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -155,6 +155,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.jdbc.java.options                          | &lt;undefined&gt;         | The extra Java options for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
 | kyuubi.engine.jdbc.memory                                | 1g                        | The heap memory for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
 | kyuubi.engine.jdbc.type                                  | &lt;undefined&gt;         | The short name of JDBC type                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
+| kyuubi.engine.kubernetes.submit.timeout                  | PT30S                     | The engine submit timeout for Kubernetes application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.7.2 |
 | kyuubi.engine.operation.convert.catalog.database.enabled | true                      | When set to true, The engine converts the JDBC methods of set/get Catalog and set/get Schema to the implementation of different engines                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
 | kyuubi.engine.operation.log.dir.root                     | engine_operation_logs     | Root directory for query operation log at engine-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.4.0 |
 | kyuubi.engine.pool.name                                  | engine-pool               | The name of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.5.0 |
@@ -182,6 +183,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.user.isolated.spark.session                | true                      | When set to false, if the engine is running in a group or server share level, all the JDBC/ODBC connections will be isolated against the user. Including the temporary views, function registries, SQL configuration, and the current database. Note that, it does not affect if the share level is connection or user.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
 | kyuubi.engine.user.isolated.spark.session.idle.interval  | PT1M                      | The interval to check if the user-isolated Spark session is timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | duration | 1.6.0 |
 | kyuubi.engine.user.isolated.spark.session.idle.timeout   | PT6H                      | If kyuubi.engine.user.isolated.spark.session is false, we will release the Spark session if its corresponding user is inactive after this configured timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | duration | 1.6.0 |
+| kyuubi.engine.yarn.submit.timeout                        | PT30S                     | The engine submit timeout for YARN application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | duration | 1.7.2 |
 
 ### Event
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 63a9ea648..a6a594063 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2577,6 +2577,18 @@ object KyuubiConf {
       .timeConf
       .createWithDefaultString("PT30S")
 
+  val ENGINE_KUBERNETES_SUBMIT_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.engine.kubernetes.submit.timeout")
+      .doc("The engine submit timeout for Kubernetes application.")
+      .version("1.7.2")
+      .fallbackConf(ENGINE_SUBMIT_TIMEOUT)
+
+  val ENGINE_YARN_SUBMIT_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.engine.yarn.submit.timeout")
+      .doc("The engine submit timeout for YARN application.")
+      .version("1.7.2")
+      .fallbackConf(ENGINE_SUBMIT_TIMEOUT)
+
   /**
    * Holds information about keys that have been deprecated.
    *
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index c569dc9dc..a6fe28674 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -49,7 +49,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     kubernetesClient = KubernetesUtils.buildKubernetesClient(conf) match {
       case Some(client) =>
         info(s"Initialized Kubernetes Client connect to: ${client.getMasterUrl}")
-        submitTimeout = conf.get(KyuubiConf.ENGINE_SUBMIT_TIMEOUT)
+        submitTimeout = conf.get(KyuubiConf.ENGINE_KUBERNETES_SUBMIT_TIMEOUT)
         // Disable resync, see https://github.com/fabric8io/kubernetes-client/discussions/5015
         enginePodInformer = client.pods()
           .withLabel(LABEL_KYUUBI_UNIQUE_KEY)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
index ea2bf6dcd..1f06484fc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
@@ -37,7 +37,7 @@ class YarnApplicationOperation extends ApplicationOperation with Logging {
   private var submitTimeout: Long = _
 
   override def initialize(conf: KyuubiConf): Unit = {
-    submitTimeout = conf.get(KyuubiConf.ENGINE_SUBMIT_TIMEOUT)
+    submitTimeout = conf.get(KyuubiConf.ENGINE_YARN_SUBMIT_TIMEOUT)
     val yarnConf = KyuubiHadoopUtils.newYarnConfiguration(conf)
     // YarnClient is thread-safe
     val c = YarnClient.createYarnClient()

From d73ec64b371cfa3e94d44e39a00c275acdda6abc Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 8 May 2023 22:45:52 +0800
Subject: [PATCH 344/760] [KYUUBI #4733] Introduce Kafka event logger for
 server events

### _Why are the changes needed?_

- introduce new event logger type `KAFKA`
- send server events to the Kafka topic with initializing and closing Kafka producer properly with server's lifecyle
- use Kafka 3.4.0 as the client version, and tested with Kakfa servers of 2.8.x and 3.4.x

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4733 from bowenliang123/kafka-logger.

Closes #4733

b5220d234 [liangbowen] introduce kafka server event logger

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 LICENSE-binary                                |   4 +
 NOTICE-binary                                 |  25 +++-
 dev/dependencyList                            |   4 +
 docs/deployment/settings.md                   |  26 ++--
 .../org/apache/kyuubi/config/KyuubiConf.scala |  26 +++-
 kyuubi-events/pom.xml                         |   5 +
 .../kyuubi/events/EventHandlerRegister.scala  |   7 ++
 .../kyuubi/events/EventLoggerType.scala       |   3 +-
 .../handler/KafkaLoggingEventHandler.scala    |  70 +++++++++++
 kyuubi-server/pom.xml                         |  17 +++
 .../events/ServerEventHandlerRegister.scala   |  21 +++-
 .../ServerKafkaLoggingEventHandler.scala      |  31 +++++
 .../ServerKafkaLoggingEventHandlerSuite.scala | 113 ++++++++++++++++++
 pom.xml                                       |  14 +++
 14 files changed, 348 insertions(+), 18 deletions(-)
 create mode 100644 kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala
 create mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala

diff --git a/LICENSE-binary b/LICENSE-binary
index a52ea95fb..542259658 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -321,6 +321,9 @@ io.vertx:vertx-grpc
 org.apache.zookeeper:zookeeper
 com.squareup.retrofit2:retrofit
 com.squareup.okhttp3:okhttp
+org.apache.kafka:kafka-clients
+org.lz4:lz4-java
+org.xerial.snappy:snappy-java
 
 BSD
 ------------
@@ -332,6 +335,7 @@ com.thoughtworks.paranamer:paranamer
 dk.brics.automaton:automaton
 com.google.protobuf:protobuf-java-util
 com.google.protobuf:protobuf-java
+com.github.luben:zstd-jni
 
 Eclipse Distribution License - v 1.0
 ------------------------------------
diff --git a/NOTICE-binary b/NOTICE-binary
index ef58e21f6..16281d0d8 100644
--- a/NOTICE-binary
+++ b/NOTICE-binary
@@ -1236,7 +1236,7 @@ This product optionally depends on 'zstd-jni', a zstd-jni Java compression
 and decompression library, which can be obtained at:
 
   * LICENSE:
-    * license/LICENSE.zstd-jni.txt (Apache License 2.0)
+    * license/LICENSE.zstd-jni.txt (BSD License)
   * HOMEPAGE:
     * https://github.com/luben/zstd-jni
 
@@ -1370,3 +1370,26 @@ decompression for Java., which can be obtained at:
   * HOMEPAGE:
     * https://github.com/hyperxpro/Brotli4j
 
+This product depends on 'kafka-clients', Java clients for Kafka,
+which can be obtained at:
+
+  * LICENSE:
+    * license/LICENSE.kafka.txt (Apache License 2.0)
+  * HOMEPAGE:
+    * https://github.com/apache/kafka
+
+This product optionally depends on 'snappy-java', Snappy compression and
+decompression for Java, which can be obtained at:
+
+  * LICENSE:
+    * license/LICENSE.snappy-java.txt (Apache License 2.0)
+  * HOMEPAGE:
+    * https://github.com/xerial/snappy-java
+
+This product optionally depends on 'lz4-java', Lz4 compression and
+decompression for Java, which can be obtained at:
+
+  * LICENSE:
+    * license/LICENSE.lz4-java.txt (Apache License 2.0)
+  * HOMEPAGE:
+    * https://github.com/lz4/lz4-java
diff --git a/dev/dependencyList b/dev/dependencyList
index 0abcc5196..11f2e2c3c 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -107,6 +107,7 @@ jetty-util-ajax/9.4.50.v20221201//jetty-util-ajax-9.4.50.v20221201.jar
 jetty-util/9.4.50.v20221201//jetty-util-9.4.50.v20221201.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
+kafka-clients/3.4.0//kafka-clients-3.4.0.jar
 kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar
 kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar
 kubernetes-httpclient-okhttp/6.4.1//kubernetes-httpclient-okhttp-6.4.1.jar
@@ -138,6 +139,7 @@ log4j-api/2.20.0//log4j-api-2.20.0.jar
 log4j-core/2.20.0//log4j-core-2.20.0.jar
 log4j-slf4j-impl/2.20.0//log4j-slf4j-impl-2.20.0.jar
 logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
+lz4-java/1.8.0//lz4-java-1.8.0.jar
 metrics-core/4.2.8//metrics-core-4.2.8.jar
 metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
 metrics-json/4.2.8//metrics-json-4.2.8.jar
@@ -181,6 +183,7 @@ simpleclient_tracer_otel/0.16.0//simpleclient_tracer_otel-0.16.0.jar
 simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
+snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
 swagger-annotations/2.2.1//swagger-annotations-2.2.1.jar
 swagger-core/2.2.1//swagger-core-2.2.1.jar
 swagger-integration/2.2.1//swagger-integration-2.2.1.jar
@@ -193,3 +196,4 @@ vertx-core/4.3.2//vertx-core-4.3.2.jar
 vertx-grpc/4.3.2//vertx-grpc-4.3.2.jar
 zjsonpatch/0.3.0//zjsonpatch-0.3.0.jar
 zookeeper/3.4.14//zookeeper-3.4.14.jar
+zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 0c7cdfc89..a358b4270 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -58,18 +58,20 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Backend
 
-|                       Key                        |          Default          |                                                                                                                                                                                                                                                                    Meaning                                                                                                                                                                                                                                                                     |   Type   | Since |
-|--------------------------------------------------|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.backend.engine.exec.pool.keepalive.time   | PT1M                      | Time(ms) that an idle async thread of the operation execution thread pool will wait for a new task to arrive before terminating in SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.0.0 |
-| kyuubi.backend.engine.exec.pool.shutdown.timeout | PT10S                     | Timeout(ms) for the operation execution thread pool to terminate in SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                    | duration | 1.0.0 |
-| kyuubi.backend.engine.exec.pool.size             | 100                       | Number of threads in the operation execution thread pool of SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                            | int      | 1.0.0 |
-| kyuubi.backend.engine.exec.pool.wait.queue.size  | 100                       | Size of the wait queue for the operation execution thread pool in SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                      | int      | 1.0.0 |
-| kyuubi.backend.server.event.json.log.path        | file:///tmp/kyuubi/events | The location of server events go for the built-in JSON logger                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.4.0 |
-| kyuubi.backend.server.event.loggers                                         || A comma-separated list of server history loggers, where session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.backend.server.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a class which is a child of org.apache.kyuubi.events.handler.CustomEventHandlerProvider which has a zero-arg constructor. | seq      | 1.4.0 |
-| kyuubi.backend.server.exec.pool.keepalive.time   | PT1M                      | Time(ms) that an idle async thread of the operation execution thread pool will wait for a new task to arrive before terminating in Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.0.0 |
-| kyuubi.backend.server.exec.pool.shutdown.timeout | PT10S                     | Timeout(ms) for the operation execution thread pool to terminate in Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                              | duration | 1.0.0 |
-| kyuubi.backend.server.exec.pool.size             | 100                       | Number of threads in the operation execution thread pool of Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | int      | 1.0.0 |
-| kyuubi.backend.server.exec.pool.wait.queue.size  | 100                       | Size of the wait queue for the operation execution thread pool of Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.0.0 |
+|                       Key                        |          Default          |                                                                                                                                                                                                                                                                                                                                                                                                                                      Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                       |   Type   | Since |
+|--------------------------------------------------|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.backend.engine.exec.pool.keepalive.time   | PT1M                      | Time(ms) that an idle async thread of the operation execution thread pool will wait for a new task to arrive before terminating in SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | duration | 1.0.0 |
+| kyuubi.backend.engine.exec.pool.shutdown.timeout | PT10S                     | Timeout(ms) for the operation execution thread pool to terminate in SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | duration | 1.0.0 |
+| kyuubi.backend.engine.exec.pool.size             | 100                       | Number of threads in the operation execution thread pool of SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | int      | 1.0.0 |
+| kyuubi.backend.engine.exec.pool.wait.queue.size  | 100                       | Size of the wait queue for the operation execution thread pool in SQL engine applications                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | int      | 1.0.0 |
+| kyuubi.backend.server.event.json.log.path        | file:///tmp/kyuubi/events | The location of server events go for the built-in JSON logger                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.4.0 |
+| kyuubi.backend.server.event.kafka.close.timeout  | PT5S                      | Period to wait for Kafka producer of server event handlers to close.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.8.0 |
+| kyuubi.backend.server.event.kafka.topic          | &lt;undefined&gt;         | The topic of server events go for the built-in Kafka logger                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
+| kyuubi.backend.server.event.loggers                                         || A comma-separated list of server history loggers, where session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.backend.server.event.json.log.path</li> <li>KAFKA: the events will be serialized in JSON format and sent to topic of `kyuubi.backend.server.event.kafka.topic`. Note: For the configs of Kafka producer, please specify them with the prefix: `kyuubi.backend.server.event.kafka.`. For example, `kyuubi.backend.server.event.kafka.bootstrap.servers=127.0.0.1:9092` </li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a class which is a child of org.apache.kyuubi.events.handler.CustomEventHandlerProvider which has a zero-arg constructor. | seq      | 1.4.0 |
+| kyuubi.backend.server.exec.pool.keepalive.time   | PT1M                      | Time(ms) that an idle async thread of the operation execution thread pool will wait for a new task to arrive before terminating in Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.0.0 |
+| kyuubi.backend.server.exec.pool.shutdown.timeout | PT10S                     | Timeout(ms) for the operation execution thread pool to terminate in Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
+| kyuubi.backend.server.exec.pool.size             | 100                       | Number of threads in the operation execution thread pool of Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | int      | 1.0.0 |
+| kyuubi.backend.server.exec.pool.wait.queue.size  | 100                       | Size of the wait queue for the operation execution thread pool of Kyuubi server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.0.0 |
 
 ### Batch
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index a6a594063..8da336102 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2008,12 +2008,34 @@ object KyuubiConf {
       .stringConf
       .createWithDefault("file:///tmp/kyuubi/events")
 
+  val SERVER_EVENT_KAFKA_TOPIC: OptionalConfigEntry[String] =
+    buildConf("kyuubi.backend.server.event.kafka.topic")
+      .doc("The topic of server events go for the built-in Kafka logger")
+      .version("1.8.0")
+      .serverOnly
+      .stringConf
+      .createOptional
+
+  val SERVER_EVENT_KAFKA_CLOSE_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.backend.server.event.kafka.close.timeout")
+      .doc("Period to wait for Kafka producer of server event handlers to close.")
+      .version("1.8.0")
+      .serverOnly
+      .timeConf
+      .createWithDefault(Duration.ofMillis(5000).toMillis)
+
   val SERVER_EVENT_LOGGERS: ConfigEntry[Seq[String]] =
     buildConf("kyuubi.backend.server.event.loggers")
       .doc("A comma-separated list of server history loggers, where session/operation etc" +
         " events go.<ul>" +
         s" <li>JSON: the events will be written to the location of" +
         s" ${SERVER_EVENT_JSON_LOG_PATH.key}</li>" +
+        s" <li>KAFKA: the events will be serialized in JSON format" +
+        s" and sent to topic of `${SERVER_EVENT_KAFKA_TOPIC.key}`." +
+        s" Note: For the configs of Kafka producer," +
+        s" please specify them with the prefix: `kyuubi.backend.server.event.kafka.`." +
+        s" For example, `kyuubi.backend.server.event.kafka.bootstrap.servers=127.0.0.1:9092`" +
+        s" </li>" +
         s" <li>JDBC: to be done</li>" +
         s" <li>CUSTOM: User-defined event handlers.</li></ul>" +
         " Note that: Kyuubi supports custom event handlers with the Java SPI." +
@@ -2026,7 +2048,9 @@ object KyuubiConf {
       .stringConf
       .transform(_.toUpperCase(Locale.ROOT))
       .toSequence()
-      .checkValue(_.toSet.subsetOf(Set("JSON", "JDBC", "CUSTOM")), "Unsupported event loggers")
+      .checkValue(
+        _.toSet.subsetOf(Set("JSON", "JDBC", "CUSTOM", "KAFKA")),
+        "Unsupported event loggers")
       .createWithDefault(Nil)
 
   @deprecated("using kyuubi.engine.spark.event.loggers instead", "1.6.0")
diff --git a/kyuubi-events/pom.xml b/kyuubi-events/pom.xml
index b97e9dffb..6b51fe015 100644
--- a/kyuubi-events/pom.xml
+++ b/kyuubi-events/pom.xml
@@ -37,6 +37,11 @@
             <version>${project.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kafka</groupId>
+            <artifactId>kafka-clients</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
             <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventHandlerRegister.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventHandlerRegister.scala
index 6c7e0893f..f75e4be4f 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventHandlerRegister.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventHandlerRegister.scala
@@ -51,6 +51,10 @@ trait EventHandlerRegister extends Logging {
     throw new KyuubiException(s"Unsupported jdbc event logger.")
   }
 
+  protected def createKafkaEventHandler(kyuubiConf: KyuubiConf): EventHandler[KyuubiEvent] = {
+    throw new KyuubiException(s"Unsupported kafka event logger.")
+  }
+
   private def loadEventHandler(
       eventLoggerType: EventLoggerType,
       kyuubiConf: KyuubiConf): Seq[EventHandler[KyuubiEvent]] = {
@@ -64,6 +68,9 @@ trait EventHandlerRegister extends Logging {
       case EventLoggerType.JDBC =>
         createJdbcEventHandler(kyuubiConf) :: Nil
 
+      case EventLoggerType.KAFKA =>
+        createKafkaEventHandler(kyuubiConf) :: Nil
+
       case EventLoggerType.CUSTOM =>
         EventHandlerLoader.loadCustom(kyuubiConf)
 
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventLoggerType.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventLoggerType.scala
index a029a0fc5..987982371 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventLoggerType.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/EventLoggerType.scala
@@ -21,6 +21,5 @@ object EventLoggerType extends Enumeration {
 
   type EventLoggerType = Value
 
-  // TODO: Only SPARK is done now
-  val SPARK, JSON, JDBC, CUSTOM = Value
+  val SPARK, JSON, JDBC, CUSTOM, KAFKA = Value
 }
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala
new file mode 100644
index 000000000..a245daef0
--- /dev/null
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.events.handler
+
+import java.time.Duration
+import java.util.Properties
+
+import org.apache.kafka.clients.producer.{KafkaProducer, ProducerRecord}
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.events.KyuubiEvent
+import org.apache.kyuubi.events.handler.KafkaLoggingEventHandler._
+
+/**
+ * This event logger logs events to Kafka.
+ */
+class KafkaLoggingEventHandler(
+    topic: String,
+    producerConf: Map[String, String],
+    kyuubiConf: KyuubiConf,
+    closeTimeoutInMs: Long) extends EventHandler[KyuubiEvent] with Logging {
+  private def defaultProducerConf: Properties = {
+    val conf = new Properties()
+    conf.setProperty("key.serializer", DEFAULT_SERIALIZER_CLASS)
+    conf.setProperty("value.serializer", DEFAULT_SERIALIZER_CLASS)
+    conf
+  }
+
+  private val normalizedProducerConf: Properties = {
+    val conf = defaultProducerConf
+    producerConf.foreach(p => conf.setProperty(p._1, p._2))
+    conf
+  }
+
+  private val kafkaProducer = new KafkaProducer[String, String](normalizedProducerConf)
+
+  override def apply(event: KyuubiEvent): Unit = {
+    try {
+      val record = new ProducerRecord[String, String](topic, event.eventType, event.toJson)
+      kafkaProducer.send(record)
+    } catch {
+      case e: Exception =>
+        error("Failed to send event in KafkaEventHandler", e)
+    }
+  }
+
+  override def close(): Unit = {
+    kafkaProducer.close(Duration.ofMillis(closeTimeoutInMs))
+  }
+}
+
+object KafkaLoggingEventHandler {
+  private val DEFAULT_SERIALIZER_CLASS = "org.apache.kafka.common.serialization.StringSerializer"
+}
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index c4585b131..54d4507d5 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -395,6 +395,23 @@
             <artifactId>swagger-ui</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kafka</groupId>
+            <artifactId>kafka-clients</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.dimafeng</groupId>
+            <artifactId>testcontainers-scala-scalatest_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.dimafeng</groupId>
+            <artifactId>testcontainers-scala-kafka_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.hive</groupId>
             <artifactId>hive-exec</artifactId>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/ServerEventHandlerRegister.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/ServerEventHandlerRegister.scala
index 4ddee48dd..ca6c776ac 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/ServerEventHandlerRegister.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/ServerEventHandlerRegister.scala
@@ -19,8 +19,9 @@ package org.apache.kyuubi.events
 import java.net.InetAddress
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.{SERVER_EVENT_JSON_LOG_PATH, SERVER_EVENT_LOGGERS}
-import org.apache.kyuubi.events.handler.{EventHandler, ServerJsonLoggingEventHandler}
+import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.events.handler.{EventHandler, ServerJsonLoggingEventHandler, ServerKafkaLoggingEventHandler}
+import org.apache.kyuubi.events.handler.ServerKafkaLoggingEventHandler.KAFKA_SERVER_EVENT_HANDLER_PREFIX
 import org.apache.kyuubi.util.KyuubiHadoopUtils
 
 object ServerEventHandlerRegister extends EventHandlerRegister {
@@ -36,6 +37,22 @@ object ServerEventHandlerRegister extends EventHandlerRegister {
       kyuubiConf)
   }
 
+  override def createKafkaEventHandler(kyuubiConf: KyuubiConf): EventHandler[KyuubiEvent] = {
+    val topic = kyuubiConf.get(SERVER_EVENT_KAFKA_TOPIC).getOrElse {
+      throw new IllegalArgumentException(s"${SERVER_EVENT_KAFKA_TOPIC.key} must be configured")
+    }
+    val closeTimeoutInMs = kyuubiConf.get(SERVER_EVENT_KAFKA_CLOSE_TIMEOUT)
+    val kafkaEventHandlerProducerConf =
+      kyuubiConf.getAllWithPrefix(KAFKA_SERVER_EVENT_HANDLER_PREFIX, "")
+        .filterKeys(
+          !List(SERVER_EVENT_KAFKA_TOPIC, SERVER_EVENT_KAFKA_CLOSE_TIMEOUT).map(_.key).contains(_))
+    ServerKafkaLoggingEventHandler(
+      topic,
+      kafkaEventHandlerProducerConf,
+      kyuubiConf,
+      closeTimeoutInMs)
+  }
+
   override protected def getLoggers(conf: KyuubiConf): Seq[String] = {
     conf.get(SERVER_EVENT_LOGGERS)
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala
new file mode 100644
index 000000000..a7421a057
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.events.handler
+
+import org.apache.kyuubi.config.KyuubiConf
+
+case class ServerKafkaLoggingEventHandler(
+    topic: String,
+    producerConf: Map[String, String],
+    kyuubiConf: KyuubiConf,
+    closeTimeoutInMs: Long)
+  extends KafkaLoggingEventHandler(topic, producerConf, kyuubiConf, closeTimeoutInMs)
+
+object ServerKafkaLoggingEventHandler {
+  val KAFKA_SERVER_EVENT_HANDLER_PREFIX = "kyuubi.backend.server.event.kafka"
+}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala
new file mode 100644
index 000000000..461414f3f
--- /dev/null
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.events.handler
+
+import java.time.Duration
+import java.util.Properties
+
+import scala.collection.JavaConverters._
+import scala.concurrent.duration._
+import scala.util.Random
+
+import com.dimafeng.testcontainers.KafkaContainer
+import com.dimafeng.testcontainers.scalatest.TestContainerForAll
+import com.fasterxml.jackson.databind.json.JsonMapper
+import org.apache.kafka.clients.admin.{AdminClient, NewTopic}
+import org.apache.kafka.clients.consumer.KafkaConsumer
+
+import org.apache.kyuubi._
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.events.handler.ServerKafkaLoggingEventHandler.KAFKA_SERVER_EVENT_HANDLER_PREFIX
+import org.apache.kyuubi.operation.HiveJDBCTestHelper
+
+abstract class ServerKafkaLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCTestHelper
+  with BatchTestHelper with TestContainerForAll {
+
+  /**
+   * `confluentinc/cp-kafka` is Confluent Community Docker Image for Apache Kafka.
+   * The list of compatibility for Kafka's version refers to:
+   * https://docs.confluent.io/platform/current/installation
+   * /versions-interoperability.html#cp-and-apache-ak-compatibility
+   */
+  protected val imageTag: String
+  override lazy val containerDef: KafkaContainer.Def =
+    KafkaContainer.Def(s"confluentinc/cp-kafka:$imageTag")
+  private val destTopic = "server-event-topic"
+  private val mapper = JsonMapper.builder().build()
+  override protected def jdbcUrl: String = getJdbcUrl
+
+  override protected val conf: KyuubiConf = {
+    KyuubiConf()
+      .set(KyuubiConf.SERVER_EVENT_LOGGERS, Seq("KAFKA"))
+      .set(KyuubiConf.SERVER_EVENT_KAFKA_TOPIC, destTopic)
+  }
+
+  override def beforeAll(): Unit = withContainers { kafkaContainer =>
+    val bootstrapServers = kafkaContainer.bootstrapServers
+    createTopic(kafkaContainer.bootstrapServers, destTopic)
+    conf.set(s"$KAFKA_SERVER_EVENT_HANDLER_PREFIX.bootstrap.servers", bootstrapServers)
+
+    super.beforeAll()
+  }
+
+  private def createTopic(kafkaServerUrl: String, topic: String): Unit = {
+    val adminProps = new Properties
+    adminProps.setProperty("bootstrap.servers", kafkaServerUrl)
+    val adminClient = AdminClient.create(adminProps)
+    adminClient.createTopics(List(new NewTopic(topic, 1, 1.toShort)).asJava)
+    adminClient.close()
+  }
+
+  test("check server events sent to kafka topic") {
+    withContainers { kafkaContainer =>
+      val consumerConf = new Properties
+      Map(
+        "bootstrap.servers" -> kafkaContainer.bootstrapServers,
+        "group.id" -> s"server-kafka-logger-test-${Random.nextInt}",
+        "auto.offset.reset" -> "earliest",
+        "key.deserializer" -> "org.apache.kafka.common.serialization.StringDeserializer",
+        "value.deserializer" -> "org.apache.kafka.common.serialization.StringDeserializer")
+        .foreach(p => consumerConf.setProperty(p._1, p._2))
+      val consumer = new KafkaConsumer[String, String](consumerConf)
+      try {
+        consumer.subscribe(List(destTopic).asJava)
+        eventually(timeout(10.seconds), interval(500.milliseconds)) {
+          val records = consumer.poll(Duration.ofMillis(500))
+          assert(records.count() > 0)
+          records.forEach { record =>
+            val jsonObj = mapper.readTree(record.value())
+            assertResult("kyuubi_server_info")(record.key)
+            assertResult(server.getName)(jsonObj.get("serverName").asText())
+          }
+        }
+      } finally {
+        consumer.close()
+      }
+    }
+  }
+}
+
+class ServerKafkaLoggingEventHandlerSuiteForKafka2 extends ServerKafkaLoggingEventHandlerSuite {
+  // equivalent to Apache Kafka 2.8.x
+  override val imageTag = "6.2.10"
+}
+
+class ServerKafkaLoggingEventHandlerSuiteForKafka3 extends ServerKafkaLoggingEventHandlerSuite {
+  // equivalent to Apache Kafka 3.3.x
+  override val imageTag = "7.3.3"
+}
diff --git a/pom.xml b/pom.xml
index af56eb167..2fe54e329 100644
--- a/pom.xml
+++ b/pom.xml
@@ -165,6 +165,7 @@
         <jetty.version>9.4.50.v20221201</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
+        <kafka.version>3.4.0</kafka.version>
         <kubernetes-client.version>6.4.1</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>
@@ -545,6 +546,12 @@
                 <version>${testcontainers-scala.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>com.dimafeng</groupId>
+                <artifactId>testcontainers-scala-kafka_${scala.binary.version}</artifactId>
+                <version>${testcontainers-scala.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>io.fabric8</groupId>
                 <artifactId>kubernetes-client</artifactId>
@@ -1261,6 +1268,13 @@
                 </exclusions>
             </dependency>
 
+            <dependency>
+                <groupId>org.apache.kafka</groupId>
+                <artifactId>kafka-clients</artifactId>
+                <version>${kafka.version}</version>
+                <optional>true</optional>
+            </dependency>
+
             <dependency>
                 <groupId>com.github.scopt</groupId>
                 <artifactId>scopt_${scala.binary.version}</artifactId>

From 4e0562df8f03e219768548773dcd6ec284427beb Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 9 May 2023 08:44:00 +0800
Subject: [PATCH 345/760] [KYUUBI #4808] Bump Jetty from 9.4.50 to 9.4.51

### _Why are the changes needed?_

- to fix 2 Dependabot alerts
  1. https://github.com/apache/kyuubi/security/dependabot/19
  2. https://github.com/apache/kyuubi/security/dependabot/18

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4808 from bowenliang123/jetty-9.4.51.

Closes #4808

84789292b [liangbowen] update dependencyList
d1ebdc68a [liangbowen] Revert "update dependencyList"
e4e26b7b5 [liangbowen] update dependencyList
6cfb37dbb [liangbowen] bump jetty to 9.4.51

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: bowenliang <bowenliang@apache.org>
---
 dev/dependencyList | 14 +++++++-------
 pom.xml            |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 11f2e2c3c..b216b7092 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -98,13 +98,13 @@ jetcd-api/0.7.3//jetcd-api-0.7.3.jar
 jetcd-common/0.7.3//jetcd-common-0.7.3.jar
 jetcd-core/0.7.3//jetcd-core-0.7.3.jar
 jetcd-grpc/0.7.3//jetcd-grpc-0.7.3.jar
-jetty-http/9.4.50.v20221201//jetty-http-9.4.50.v20221201.jar
-jetty-io/9.4.50.v20221201//jetty-io-9.4.50.v20221201.jar
-jetty-security/9.4.50.v20221201//jetty-security-9.4.50.v20221201.jar
-jetty-server/9.4.50.v20221201//jetty-server-9.4.50.v20221201.jar
-jetty-servlet/9.4.50.v20221201//jetty-servlet-9.4.50.v20221201.jar
-jetty-util-ajax/9.4.50.v20221201//jetty-util-ajax-9.4.50.v20221201.jar
-jetty-util/9.4.50.v20221201//jetty-util-9.4.50.v20221201.jar
+jetty-http/9.4.51.v20230217//jetty-http-9.4.51.v20230217.jar
+jetty-io/9.4.51.v20230217//jetty-io-9.4.51.v20230217.jar
+jetty-security/9.4.51.v20230217//jetty-security-9.4.51.v20230217.jar
+jetty-server/9.4.51.v20230217//jetty-server-9.4.51.v20230217.jar
+jetty-servlet/9.4.51.v20230217//jetty-servlet-9.4.51.v20230217.jar
+jetty-util-ajax/9.4.51.v20230217//jetty-util-ajax-9.4.51.v20230217.jar
+jetty-util/9.4.51.v20230217//jetty-util-9.4.51.v20230217.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
 kafka-clients/3.4.0//kafka-clients-3.4.0.jar
diff --git a/pom.xml b/pom.xml
index 2fe54e329..03bf2a149 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,7 +162,7 @@
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
         <jersey.version>2.39.1</jersey.version>
-        <jetty.version>9.4.50.v20221201</jetty.version>
+        <jetty.version>9.4.51.v20230217</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
         <kafka.version>3.4.0</kafka.version>

From 52a11e909beb6d14e098e79323065284c8e34835 Mon Sep 17 00:00:00 2001
From: bowenliang <bowenliang@apache.org>
Date: Tue, 9 May 2023 09:45:38 +0800
Subject: [PATCH 346/760] [KYUUBI #4805] Bump openai-java from 0.11.1 to 0.12.0

### _Why are the changes needed?_

- openai-java v0.12.0 release note: https://github.com/TheoKanning/openai-java/releases/tag/0.12.0
- client version preparation for streaming chat support, with `Streaming support for Test and Chat completion
` in v0.12.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4805 from bowenliang123/openai0.12.0.

Closes #4805

724d8e7d4 [bowenliang] bump openai-java from 0.11.1 to 0.12.0

Authored-by: bowenliang <bowenliang@apache.org>
Signed-off-by: bowenliang <bowenliang@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 03bf2a149..cff8f9656 100644
--- a/pom.xml
+++ b/pom.xml
@@ -173,7 +173,7 @@
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
         <mockito.version>4.6.1</mockito.version>
         <netty.version>4.1.89.Final</netty.version>
-        <openai.java.version>0.11.1</openai.java.version>
+        <openai.java.version>0.12.0</openai.java.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>
         <prometheus.version>0.16.0</prometheus.version>

From 7225f338f6bc93cc242afce9a9b018d05cdae258 Mon Sep 17 00:00:00 2001
From: bowenliang <bowenliang@apache.org>
Date: Tue, 9 May 2023 14:21:27 +0800
Subject: [PATCH 347/760] [KYUUBI #4809] [CHAT] Set session user in ChatGPT
 request

### _Why are the changes needed?_

- set session user when opening instance of ChatProvider
- use session user in ChatGPT request, to identify user of message and better monitor and abuse detection by OpenAI report( https://platform.openai.com/docs/api-reference/chat/create#chat/create-user)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4809 from bowenliang123/chat-user.

Closes #4809

615d2385a [bowenliang] set session user in chatgpt request

Authored-by: bowenliang <bowenliang@apache.org>
Signed-off-by: bowenliang <bowenliang@apache.org>
---
 .../kyuubi/engine/chat/provider/ChatGPTProvider.scala  | 10 +++++++---
 .../kyuubi/engine/chat/provider/ChatProvider.scala     |  2 +-
 .../kyuubi/engine/chat/provider/EchoProvider.scala     |  2 +-
 .../kyuubi/engine/chat/session/ChatSessionImpl.scala   |  2 +-
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
index cdea89d2a..03bf0b820 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -26,7 +26,7 @@ import scala.collection.JavaConverters._
 
 import com.google.common.cache.{CacheBuilder, CacheLoader, LoadingCache}
 import com.theokanning.openai.OpenAiApi
-import com.theokanning.openai.completion.chat.{ChatCompletionRequest, ChatMessage}
+import com.theokanning.openai.completion.chat.{ChatCompletionRequest, ChatMessage, ChatMessageRole}
 import com.theokanning.openai.service.OpenAiService
 import com.theokanning.openai.service.OpenAiService.{defaultClient, defaultObjectMapper, defaultRetrofit}
 
@@ -60,6 +60,8 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
     new OpenAiService(api)
   }
 
+  private var sessionUser: Option[String] = None
+
   private val chatHistory: LoadingCache[String, util.ArrayDeque[ChatMessage]] =
     CacheBuilder.newBuilder()
       .expireAfterWrite(10, TimeUnit.MINUTES)
@@ -68,17 +70,19 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
           new util.ArrayDeque[ChatMessage]
       })
 
-  override def open(sessionId: String): Unit = {
+  override def open(sessionId: String, user: Option[String]): Unit = {
+    sessionUser = user
     chatHistory.getIfPresent(sessionId)
   }
 
   override def ask(sessionId: String, q: String): String = {
     val messages = chatHistory.get(sessionId)
     try {
-      messages.addLast(new ChatMessage("user", q))
+      messages.addLast(new ChatMessage(ChatMessageRole.USER.value(), q))
       val completionRequest = ChatCompletionRequest.builder()
         .model(conf.get(KyuubiConf.ENGINE_CHAT_GPT_MODEL))
         .messages(messages.asScala.toList.asJava)
+        .user(sessionUser.orNull)
         .build()
       val responseText = openAiService.createChatCompletion(completionRequest).getChoices.asScala
         .map(c => c.getMessage.getContent).mkString
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
index af1ba434b..f9fa8bb5a 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
@@ -28,7 +28,7 @@ import org.apache.kyuubi.reflection.DynConstructors
 
 trait ChatProvider {
 
-  def open(sessionId: String): Unit
+  def open(sessionId: String, user: Option[String] = None): Unit
 
   def ask(sessionId: String, q: String): String
 
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala
index 31ad3b8e3..1116ea785 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/EchoProvider.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.chat.provider
 
 class EchoProvider extends ChatProvider {
 
-  override def open(sessionId: String): Unit = {}
+  override def open(sessionId: String, user: Option[String]): Unit = {}
 
   override def ask(sessionId: String, q: String): String =
     "This is ChatKyuubi, nice to meet you!"
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala
index 29f420768..6ec6d0626 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/session/ChatSessionImpl.scala
@@ -38,7 +38,7 @@ class ChatSessionImpl(
 
   override def open(): Unit = {
     info(s"Starting to open chat session.")
-    chatProvider.open(handle.identifier.toString)
+    chatProvider.open(handle.identifier.toString, Some(user))
     super.open()
     info(s"The chat session is started.")
   }

From e112e381fff99f1d619185521edb064d88d35873 Mon Sep 17 00:00:00 2001
From: bowenliang <bowenliang@apache.org>
Date: Wed, 10 May 2023 11:53:14 +0800
Subject: [PATCH 348/760] [KYUUBI #4810] [CHAT] Request and use a sginle choice
 for chat completion

### _Why are the changes needed?_

- explicitly set `n` to 1 in ChatGPT chat completion request (default to 1, https://platform.openai.com/docs/api-reference/chat/create#chat/create-n)
- use the only one choice of the chat completion response

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4810 from bowenliang123/chat-onechoice.

Closes #4810

f221de4e8 [bowenliang] one message

Authored-by: bowenliang <bowenliang@apache.org>
Signed-off-by: bowenliang <bowenliang@apache.org>
---
 .../apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
index 03bf0b820..aae8b488a 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatGPTProvider.scala
@@ -83,9 +83,10 @@ class ChatGPTProvider(conf: KyuubiConf) extends ChatProvider {
         .model(conf.get(KyuubiConf.ENGINE_CHAT_GPT_MODEL))
         .messages(messages.asScala.toList.asJava)
         .user(sessionUser.orNull)
+        .n(1)
         .build()
-      val responseText = openAiService.createChatCompletion(completionRequest).getChoices.asScala
-        .map(c => c.getMessage.getContent).mkString
+      val responseText = openAiService.createChatCompletion(completionRequest)
+        .getChoices.get(0).getMessage.getContent
       responseText
     } catch {
       case e: Throwable =>

From 47353911d219aab3460ad4ced14fc2483579b7cd Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 10 May 2023 20:17:04 +0800
Subject: [PATCH 349/760] [KYUUBI #4797] [ARROW] Reflective calls to the
 function `ArrowUtils#toArrowSchema`

### _Why are the changes needed?_

to adapt Spark 3.5

the signature of function `ArrowUtils#toArrowSchema` is changed in https://github.com/apache/spark/pull/40988 (since Spark3.5)

Spark 3.4 or previous

```scala
   def toArrowSchema(schema: StructType, timeZoneId: String): Schema
```

Spark 3.5 or later
```scala
   def toArrowSchema(
      schema: StructType,
      timeZoneId: String,
      errorOnDuplicatedFieldNames: Boolean): Schema
```

Kyuubi is not affected by the issue of duplicated nested field names, as it consistently converts struct types to string types in Arrow mode

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4797 from cfmcgrady/arrow-toArrowSchema.

Closes #4797

2eb881b87 [Fu Chen] auto box
f69e0b395 [Fu Chen] asInstanceOf[Object] -> new JBoolean(errorOnDuplicatedFieldNames)
84c0ed381 [Fu Chen] unnecessarily force conversions
5ca65df8e [Fu Chen] Revert "new JBoolean"
0f7a1b4bd [Fu Chen] new JBoolean
044ba421c [Fu Chen] update comment
989c3caf1 [Fu Chen] reflective call ArrowUtils.toArrowSchema

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../arrow/KyuubiArrowConverters.scala         | 36 +++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index 8a34943cc..5930dcdfc 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -18,6 +18,7 @@
 package org.apache.spark.sql.execution.arrow
 
 import java.io.{ByteArrayInputStream, ByteArrayOutputStream}
+import java.lang.{Boolean => JBoolean}
 import java.nio.channels.Channels
 
 import scala.collection.JavaConverters._
@@ -26,6 +27,7 @@ import scala.collection.mutable.ArrayBuffer
 import org.apache.arrow.vector._
 import org.apache.arrow.vector.ipc.{ArrowStreamWriter, ReadChannel, WriteChannel}
 import org.apache.arrow.vector.ipc.message.{IpcOption, MessageSerializer}
+import org.apache.arrow.vector.types.pojo.{Schema => ArrowSchema}
 import org.apache.spark.TaskContext
 import org.apache.spark.internal.Logging
 import org.apache.spark.sql.SparkSession
@@ -36,6 +38,8 @@ import org.apache.spark.sql.types._
 import org.apache.spark.sql.util.ArrowUtils
 import org.apache.spark.util.Utils
 
+import org.apache.kyuubi.reflection.DynMethods
+
 object KyuubiArrowConverters extends SQLConfHelper with Logging {
 
   type Batch = (Array[Byte], Long)
@@ -60,7 +64,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       "slice",
       0,
       Long.MaxValue)
-    val arrowSchema = ArrowUtils.toArrowSchema(schema, timeZoneId)
+    val arrowSchema = toArrowSchema(schema, timeZoneId, true)
     vectorSchemaRoot = VectorSchemaRoot.create(arrowSchema, sliceAllocator)
     try {
       val recordBatch = MessageSerializer.deserializeRecordBatch(
@@ -238,7 +242,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       context: TaskContext)
     extends Iterator[Array[Byte]] {
 
-    protected val arrowSchema = ArrowUtils.toArrowSchema(schema, timeZoneId)
+    protected val arrowSchema = toArrowSchema(schema, timeZoneId, true)
     private val allocator =
       ArrowUtils.rootAllocator.newChildAllocator(
         s"to${this.getClass.getSimpleName}",
@@ -312,6 +316,34 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
     }
   }
 
+  // the signature of function [[ArrowUtils.toArrowSchema]] is changed in SPARK-41971 (since Spark
+  // 3.5)
+  private lazy val toArrowSchemaMethod = DynMethods.builder("toArrowSchema")
+    .impl( // for Spark 3.4 or previous
+      "org.apache.spark.sql.util.ArrowUtils",
+      classOf[StructType],
+      classOf[String])
+    .impl( // for Spark 3.5 or later
+      "org.apache.spark.sql.util.ArrowUtils",
+      classOf[StructType],
+      classOf[String],
+      classOf[Boolean])
+    .build()
+
+  /**
+   * this function uses reflective calls to the [[ArrowUtils.toArrowSchema]].
+   */
+  private def toArrowSchema(
+      schema: StructType,
+      timeZone: String,
+      errorOnDuplicatedFieldNames: JBoolean): ArrowSchema = {
+    toArrowSchemaMethod.invoke[ArrowSchema](
+      ArrowUtils,
+      schema,
+      timeZone,
+      errorOnDuplicatedFieldNames)
+  }
+
   // for testing
   def fromBatchIterator(
       arrowBatchIter: Iterator[Array[Byte]],

From 299df0d7c2ad9ad6509861fada2d25ee2933e1fd Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 10 May 2023 20:34:08 +0800
Subject: [PATCH 350/760] [KYUUBI #4811] Do not update app info after batch or
 application terminated

### _Why are the changes needed?_

If the application has been terminated, it is not needed to update application. and It can prevent that, the correct application info is overwritten by NOT_FOUND state.

If the batch has been terminated, we shall get the batch report from metastore.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4811 from turboFei/k8s_status.

Closes #4811

8fc6fd6ab [fwang12] check app id defined
87b0797e0 [fwang12] if batch state is terminal, get state from metadata store
488433e05 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/operation/BatchJobSubmission.scala       | 13 ++++++++-----
 .../kyuubi/server/api/v1/BatchesResource.scala      |  2 +-
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index e77416d31..96022614e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -298,11 +298,14 @@ class BatchJobSubmission(
   }
 
   private def updateApplicationInfoMetadataIfNeeded(): Unit = {
-    val newApplicationStatus = currentApplicationInfo()
-    if (newApplicationStatus.map(_.state) != _applicationInfo.map(_.state)) {
-      _applicationInfo = newApplicationStatus
-      updateBatchMetadata()
-      info(s"Batch report for $batchId, ${_applicationInfo}")
+    if (applicationId(_applicationInfo).isEmpty ||
+      !_applicationInfo.map(_.state).exists(ApplicationState.isTerminated)) {
+      val newApplicationStatus = currentApplicationInfo()
+      if (newApplicationStatus.map(_.state) != _applicationInfo.map(_.state)) {
+        _applicationInfo = newApplicationStatus
+        updateBatchMetadata()
+        info(s"Batch report for $batchId, ${_applicationInfo}")
+      }
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 38ce0e297..11c36c757 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -82,7 +82,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     var appState: String = null
     var appDiagnostic: String = null
 
-    if (batchAppStatus.nonEmpty) {
+    if (!OperationState.isTerminal(batchOpStatus.state) && batchAppStatus.nonEmpty) {
       appId = batchAppStatus.get.id
       appUrl = batchAppStatus.get.url.orNull
       appState = batchAppStatus.get.state.toString

From d73d73eb2e2e155b3a1bd6bfba4c64596f89f0d0 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Thu, 11 May 2023 11:01:17 +0800
Subject: [PATCH 351/760] [KYUUBI #4819] [K8S][HELM] Refactor liveness and
 readiness probes

### _Why are the changes needed?_
The changes are needed to follow common flat structure pattern for liveness and readiness probes, for example:
- [Airflow](https://github.com/apache/airflow/blob/584a9f5dae5b29a1968fbdbc9b1edd01ae2be4d2/chart/values.yaml#L961-L973)
- [Superset](https://github.com/apache/superset/blob/e3719a1b076228dcfae3cdd82844bdfe48b552ec/helm/superset/values.yaml#L300-L317)
- [Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/8f2277440b976d52785ba9149762ad8620a73d1f/bitnami/postgresql/values.yaml#L390-L410)
- [ArgoCD](https://github.com/argoproj/argo-helm/blob/b37a9e72a68d8fafe3cddd14cf2b3ed6722eff4a/charts/argo-cd/values.yaml#L1631-L1653)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4819 from dnskr/helm_refactor_probes.

Closes #4819

eb692379f [dnskr] [K8S][HELM] Refactor liveness and readiness probes

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/templates/kyuubi-deployment.yaml   | 24 ++++++-------
 charts/kyuubi/values.yaml                     | 34 ++++++++++---------
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index beca0998a..79d49a653 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -65,25 +65,25 @@ spec:
               containerPort: {{ $frontend.port }}
             {{- end }}
             {{- end }}
-          {{- if .Values.probe.liveness.enabled }}
+          {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             exec:
               command: ["/bin/bash", "-c", "bin/kyuubi status"]
-            initialDelaySeconds: {{ .Values.probe.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.probe.liveness.periodSeconds }}
-            timeoutSeconds: {{ .Values.probe.liveness.timeoutSeconds }}
-            failureThreshold: {{ .Values.probe.liveness.failureThreshold }}
-            successThreshold: {{ .Values.probe.liveness.successThreshold }}
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
           {{- end }}
-          {{- if .Values.probe.readiness.enabled }}
+          {{- if .Values.readinessProbe.enabled }}
           readinessProbe:
             exec:
               command: ["/bin/bash", "-c", "$KYUUBI_HOME/bin/kyuubi status"]
-            initialDelaySeconds: {{ .Values.probe.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.probe.readiness.periodSeconds }}
-            timeoutSeconds: {{ .Values.probe.readiness.timeoutSeconds }}
-            failureThreshold: {{ .Values.probe.readiness.failureThreshold }}
-            successThreshold: {{ .Values.probe.readiness.successThreshold }}
+            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+            successThreshold: {{ .Values.readinessProbe.successThreshold }}
           {{- end }}
           {{- with .Values.resources }}
           resources: {{- toYaml . | nindent 12 }}
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index 7eca72113..d97fc982b 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -41,22 +41,6 @@ rbac:
       resources: ["pods"]
       verbs: ["create", "list", "delete"]
 
-probe:
-  liveness:
-    enabled: true
-    initialDelaySeconds: 30
-    periodSeconds: 10
-    timeoutSeconds: 2
-    failureThreshold: 10
-    successThreshold: 1
-  readiness:
-    enabled: true
-    initialDelaySeconds: 30
-    periodSeconds: 10
-    timeoutSeconds: 2
-    failureThreshold: 10
-    successThreshold: 1
-
 server:
   # Thrift Binary protocol (HiveServer2 compatible)
   thriftBinary:
@@ -162,6 +146,24 @@ resources: {}
   #   cpu: 2
   #   memory: 4Gi
 
+# Liveness probe
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 2
+  failureThreshold: 10
+  successThreshold: 1
+
+# Readiness probe
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 2
+  failureThreshold: 10
+  successThreshold: 1
+
 # Constrain Kyuubi server pods to specific nodes
 nodeSelector: {}
 tolerations: []

From 9bf2714288104b94180141c1d6fe2e974da2e0d6 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Thu, 11 May 2023 13:06:43 +0800
Subject: [PATCH 352/760] [KYUUBI #4818] [K8S][HELM] Update default Kyuubi
 version to 1.7.1

### _Why are the changes needed?_
The change is needed to use latest stable released version of Kyuubi in the Helm chart by default.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4818 from dnskr/helm_update_kyuubi_version.

Closes #4818

46fad19f4 [dnskr] [K8S][HELM] Update default Kyuubi version to 1.7.1

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/kyuubi/Chart.yaml b/charts/kyuubi/Chart.yaml
index 0abec9e5e..fa6179425 100644
--- a/charts/kyuubi/Chart.yaml
+++ b/charts/kyuubi/Chart.yaml
@@ -20,7 +20,7 @@ name: kyuubi
 description: A Helm chart for Kyuubi server
 type: application
 version: 0.1.0
-appVersion: 1.7.0
+appVersion: 1.7.1
 home: https://kyuubi.apache.org
 icon: https://raw.githubusercontent.com/apache/kyuubi/master/docs/imgs/logo.png
 sources:

From 369c21a61156bf4bf82e8641e2d85eaa5acd8922 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 11 May 2023 15:32:25 +0800
Subject: [PATCH 353/760] [KYUUBI #4816] [K8S] Correct the implementation of
 cleanup terminated appInfo

### _Why are the changes needed?_

For `LocalCache`, `put` operation will `remove` the existing element.

https://github.com/apache/kyuubi/blob/299df0d7c2ad9ad6509861fada2d25ee2933e1fd/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala#L202-L207
And then trigger the removal listener.

https://github.com/apache/kyuubi/blob/299df0d7c2ad9ad6509861fada2d25ee2933e1fd/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala#L60-L68

and evict the existing app info from `appInfoStore`.

and then the `kyuubi.kubernetes.terminatedApplicationRetainPeriod` does not work.

And then we can only get `NOT_FOUND` application state.
So, we should check whether there is existing `cleanupTerminatedAppInfoTrigger` key before `put`.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

Before:
<img width="738" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/15e6a03e-c0ea-4e40-8b49-a04fa8255dcb">

After:
<img width="714" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/63994b0c-ceae-46fa-97a5-60f2d6dcf994">

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4816 from turboFei/mark_if_absent.

Closes #4816

d767756fa [fwang12] put if absent

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/KubernetesApplicationOperation.scala   | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index a6fe28674..0bd3127cb 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -199,10 +199,11 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
         error = Option(pod.getStatus.getReason)))
   }
 
-  private def markApplicationTerminated(pod: Pod): Unit = {
-    cleanupTerminatedAppInfoTrigger.put(
-      pod.getMetadata.getLabels.get(LABEL_KYUUBI_UNIQUE_KEY),
-      toApplicationState(pod.getStatus.getPhase))
+  private def markApplicationTerminated(pod: Pod): Unit = synchronized {
+    val key = pod.getMetadata.getLabels.get(LABEL_KYUUBI_UNIQUE_KEY)
+    if (cleanupTerminatedAppInfoTrigger.getIfPresent(key) == null) {
+      cleanupTerminatedAppInfoTrigger.put(key, toApplicationState(pod.getStatus.getPhase))
+    }
   }
 }
 

From 4c37a882d24529007d0334cae8a76f4505b4815a Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Thu, 11 May 2023 21:05:09 +0800
Subject: [PATCH 354/760] [KYUUBI #4824] Bump Jackson from 2.14.2 to 2.15.0

### _Why are the changes needed?_

spark bump jackson from 2.14.2 to 2.15.0 in https://github.com/apache/spark/pull/40933

to fix

https://github.com/apache/kyuubi/actions/runs/4943800010/jobs/8838642303

```
Caused by: org.apache.spark.SparkException: Job aborted due to stage failure: Task 0 in stage 1.0 failed 1 times, most recent failure: Lost task 0.0 in stage 1.0 (TID 1) (localhost executor driver): java.lang.NoClassDefFoundError: com/fasterxml/jackson/core/StreamReadConstraints
	at org.apache.spark.sql.catalyst.json.JSONOptions.buildJsonFactory(JSONOptions.scala:195)
	at org.apache.spark.sql.catalyst.json.JsonInferSchema.$anonfun$infer$1(JsonInferSchema.scala:83)
	at org.apache.spark.rdd.RDD.$anonfun$mapPartitions$2(RDD.scala:855)
	at org.apache.spark.rdd.RDD.$anonfun$mapPartitions$2$adapted(RDD.scala:855)
	at org.apache.spark.rdd.MapPartitionsRDD.compute(MapPartitionsRDD.scala:52)
	at org.apache.spark.rdd.RDD.computeOrReadCheckpoint(RDD.scala:364)
	at org.apache.spark.rdd.RDD.iterator(RDD.scala:328)
	at org.apache.spark.scheduler.ResultTask.runTask(ResultTask.scala:92)
	at org.apache.spark.TaskContext.runTaskWithListeners(TaskContext.scala:161)
	at org.apache.spark.scheduler.Task.run(Task.scala:139)
	at org.apache.spark.executor.Executor$TaskRunner.$anonfun$run$3(Executor.scala:554)
	at org.apache.spark.util.Utils$.tryWithSafeFinally(Utils.scala:1514)
	at org.apache.spark.executor.Executor$TaskRunner.run(Executor.scala:557)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:750)
Caused by: java.lang.ClassNotFoundException: com.fasterxml.jackson.core.StreamReadConstraints
	at java.net.URLClassLoader.findClass(URLClassLoader.java:387)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
	... 16 more
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4824 from cfmcgrady/jackson-2.15.0.

Closes #4824

7a8a3de89 [Fu Chen] update dev/dependencyList
2d01b4b9d [Fu Chen] bump jackson

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 20 ++++++++++----------
 pom.xml            |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index b216b7092..4af63d9cc 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -68,16 +68,16 @@ httpclient/4.5.14//httpclient-4.5.14.jar
 httpcore/4.4.16//httpcore-4.4.16.jar
 httpmime/4.5.14//httpmime-4.5.14.jar
 j2objc-annotations/1.3//j2objc-annotations-1.3.jar
-jackson-annotations/2.14.2//jackson-annotations-2.14.2.jar
-jackson-core/2.14.2//jackson-core-2.14.2.jar
-jackson-databind/2.14.2//jackson-databind-2.14.2.jar
-jackson-dataformat-yaml/2.14.2//jackson-dataformat-yaml-2.14.2.jar
-jackson-datatype-jdk8/2.14.2//jackson-datatype-jdk8-2.14.2.jar
-jackson-datatype-jsr310/2.14.2//jackson-datatype-jsr310-2.14.2.jar
-jackson-jaxrs-base/2.14.2//jackson-jaxrs-base-2.14.2.jar
-jackson-jaxrs-json-provider/2.14.2//jackson-jaxrs-json-provider-2.14.2.jar
-jackson-module-jaxb-annotations/2.14.2//jackson-module-jaxb-annotations-2.14.2.jar
-jackson-module-scala_2.12/2.14.2//jackson-module-scala_2.12-2.14.2.jar
+jackson-annotations/2.15.0//jackson-annotations-2.15.0.jar
+jackson-core/2.15.0//jackson-core-2.15.0.jar
+jackson-databind/2.15.0//jackson-databind-2.15.0.jar
+jackson-dataformat-yaml/2.15.0//jackson-dataformat-yaml-2.15.0.jar
+jackson-datatype-jdk8/2.15.0//jackson-datatype-jdk8-2.15.0.jar
+jackson-datatype-jsr310/2.15.0//jackson-datatype-jsr310-2.15.0.jar
+jackson-jaxrs-base/2.15.0//jackson-jaxrs-base-2.15.0.jar
+jackson-jaxrs-json-provider/2.15.0//jackson-jaxrs-json-provider-2.15.0.jar
+jackson-module-jaxb-annotations/2.15.0//jackson-module-jaxb-annotations-2.15.0.jar
+jackson-module-scala_2.12/2.15.0//jackson-module-scala_2.12-2.15.0.jar
 jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar
 jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar
 jakarta.servlet-api/4.0.4//jakarta.servlet-api-4.0.4.jar
diff --git a/pom.xml b/pom.xml
index cff8f9656..9804fc9af 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
         <iceberg.version>1.2.0</iceberg.version>
-        <jackson.version>2.14.2</jackson.version>
+        <jackson.version>2.15.0</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>

From ad97b0357920d3670ef8035c69449578bd8d21f4 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Thu, 11 May 2023 22:35:52 +0800
Subject: [PATCH 355/760] [KYUUBI #4827] Bump Apache Arrow from 11.0.0 to
 12.0.0

### _Why are the changes needed?_

https://arrow.apache.org/release/12.0.0.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4827 from cfmcgrady/arrow-12.0.0.

Closes #4827

324a8ddbf [Fu Chen] bump arrow from 11.0.0 to 12.0.0

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 8 ++++----
 pom.xml            | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 4af63d9cc..6e5673f9d 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -22,10 +22,10 @@ annotations/4.1.1.4//annotations-4.1.1.4.jar
 antlr-runtime/3.5.3//antlr-runtime-3.5.3.jar
 antlr4-runtime/4.9.3//antlr4-runtime-4.9.3.jar
 aopalliance-repackaged/2.6.1//aopalliance-repackaged-2.6.1.jar
-arrow-format/11.0.0//arrow-format-11.0.0.jar
-arrow-memory-core/11.0.0//arrow-memory-core-11.0.0.jar
-arrow-memory-netty/11.0.0//arrow-memory-netty-11.0.0.jar
-arrow-vector/11.0.0//arrow-vector-11.0.0.jar
+arrow-format/12.0.0//arrow-format-12.0.0.jar
+arrow-memory-core/12.0.0//arrow-memory-core-12.0.0.jar
+arrow-memory-netty/12.0.0//arrow-memory-netty-12.0.0.jar
+arrow-vector/12.0.0//arrow-vector-12.0.0.jar
 classgraph/4.8.138//classgraph-4.8.138.jar
 commons-codec/1.15//commons-codec-1.15.jar
 commons-collections/3.2.2//commons-collections-3.2.2.jar
diff --git a/pom.xml b/pom.xml
index 9804fc9af..ca596d7ae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -116,7 +116,7 @@
         <scala.binary.version>2.12</scala.binary.version>
         <scala-collection-compat.version>2.8.1</scala-collection-compat.version>
 
-        <arrow.version>11.0.0</arrow.version>
+        <arrow.version>12.0.0</arrow.version>
         <!-- Please don't upgrade the version to 4.10+, it depends on JDK 11 -->
         <antlr4.version>4.9.3</antlr4.version>
         <antlr.st4.version>4.3.4</antlr.st4.version>

From 3fc23970c6b971089a381d7b2900f02e23b2cdb7 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 12 May 2023 08:30:18 +0800
Subject: [PATCH 356/760] [KYUUBI #4792] [MINOR] Enhance hardcode session
 keywords and remove unused code

### _Why are the changes needed?_

As title.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4792 from turboFei/remove_unused.

Closes #4792

fe568af7e [fwang12] server conf
97f510020 [fwang12] save
c44e70a58 [fwang12] remove unused code

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/engine/flink/session/FlinkSessionImpl.scala   | 6 +++---
 .../kyuubi/engine/spark/session/SparkSessionImpl.scala   | 6 +++---
 .../kyuubi/engine/trino/session/TrinoSessionImpl.scala   | 8 ++++----
 .../main/scala/org/apache/kyuubi/config/KyuubiConf.scala | 1 +
 .../main/scala/org/apache/kyuubi/session/package.scala   | 2 ++
 .../scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala | 9 ++-------
 .../main/scala/org/apache/kyuubi/engine/EngineRef.scala  | 4 +++-
 .../org/apache/kyuubi/session/KyuubiSessionImpl.scala    | 6 ++----
 8 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
index 09f5ac943..10a48f1a1 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
@@ -30,7 +30,7 @@ import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtoco
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.flink.FlinkEngineUtils
-import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager, USE_CATALOG, USE_DATABASE}
 
 class FlinkSessionImpl(
     protocol: TProtocolVersion,
@@ -62,10 +62,10 @@ class FlinkSessionImpl(
     val executor = fSession.createExecutor(Configuration.fromMap(fSession.getSessionConfig))
 
     val (useCatalogAndDatabaseConf, otherConf) = normalizedConf.partition { case (k, _) =>
-      Array("use:catalog", "use:database").contains(k)
+      Array(USE_CATALOG, USE_DATABASE).contains(k)
     }
 
-    useCatalogAndDatabaseConf.get("use:catalog").foreach { catalog =>
+    useCatalogAndDatabaseConf.get(USE_CATALOG).foreach { catalog =>
       try {
         executor.executeStatement(OperationHandle.create, s"USE CATALOG $catalog")
       } catch {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index 96fc43e85..40a0c8c7f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -28,7 +28,7 @@ import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.engine.spark.udf.KDFRegistry
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
-import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager, USE_CATALOG, USE_DATABASE}
 
 class SparkSessionImpl(
     protocol: TProtocolVersion,
@@ -56,10 +56,10 @@ class SparkSessionImpl(
   override def open(): Unit = {
 
     val (useCatalogAndDatabaseConf, otherConf) = normalizedConf.partition { case (k, _) =>
-      Array("use:catalog", "use:database").contains(k)
+      Array(USE_CATALOG, USE_DATABASE).contains(k)
     }
 
-    useCatalogAndDatabaseConf.get("use:catalog").foreach { catalog =>
+    useCatalogAndDatabaseConf.get(USE_CATALOG).foreach { catalog =>
       try {
         SparkCatalogShim().setCurrentCatalog(spark, catalog)
       } catch {
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index 1a96bed73..6869e54dc 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -35,7 +35,7 @@ import org.apache.kyuubi.engine.trino.{TrinoConf, TrinoContext, TrinoStatement}
 import org.apache.kyuubi.engine.trino.event.TrinoSessionEvent
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
-import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
+import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager, USE_CATALOG, USE_DATABASE}
 
 class TrinoSessionImpl(
     protocol: TProtocolVersion,
@@ -59,12 +59,12 @@ class TrinoSessionImpl(
   override def open(): Unit = {
 
     val (useCatalogAndDatabaseConf, _) = normalizedConf.partition { case (k, _) =>
-      Array("use:catalog", "use:database").contains(k)
+      Array(USE_CATALOG, USE_DATABASE).contains(k)
     }
 
     useCatalogAndDatabaseConf.foreach {
-      case ("use:catalog", catalog) => catalogName = catalog
-      case ("use:database", database) => databaseName = database
+      case (USE_CATALOG, catalog) => catalogName = catalog
+      case (USE_DATABASE, database) => databaseName = database
     }
 
     val httpClient = new OkHttpClient.Builder().build()
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 8da336102..9ae1898c5 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1863,6 +1863,7 @@ object KyuubiConf {
     .doc("This parameter is introduced as a server-side parameter " +
       "controlling the upper limit of the engine pool.")
     .version("1.4.0")
+    .serverOnly
     .intConf
     .checkValue(s => s > 0 && s < 33, "Invalid engine pool threshold, it should be in [1, 32]")
     .createWithDefault(9)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/package.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/package.scala
index 40abded98..63b17dd4d 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/package.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/package.scala
@@ -25,6 +25,8 @@ package object session {
   val HIVECONF_PREFIX = "hiveconf:"
   val HIVEVAR_PREFIX = "hivevar:"
   val METACONF_PREFIX = "metaconf:"
+  val USE_CATALOG = "use:catalog"
+  val USE_DATABASE = "use:database"
 
   val SPARK_PREFIX = "spark."
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala
index a63646d9b..28806e915 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala
@@ -26,7 +26,7 @@ import scala.util.{Failure, Success, Try}
 import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier
 import org.apache.hadoop.io.Text
-import org.apache.hadoop.security.{Credentials, SecurityUtil, UserGroupInformation}
+import org.apache.hadoop.security.{Credentials, SecurityUtil}
 import org.apache.hadoop.security.token.{Token, TokenIdentifier}
 import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier
 import org.apache.hadoop.yarn.conf.YarnConfiguration
@@ -36,12 +36,7 @@ import org.apache.kyuubi.config.KyuubiConf
 
 object KyuubiHadoopUtils extends Logging {
 
-  private val subjectField =
-    classOf[UserGroupInformation].getDeclaredField("subject")
-  subjectField.setAccessible(true)
-
-  private val tokenMapField =
-    classOf[Credentials].getDeclaredField("tokenMap")
+  private val tokenMapField = classOf[Credentials].getDeclaredField("tokenMap")
   tokenMapField.setAccessible(true)
 
   def newHadoopConf(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 765f36949..227cdd6c8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -43,6 +43,7 @@ import org.apache.kyuubi.metrics.MetricsConstants.{ENGINE_FAIL, ENGINE_TIMEOUT,
 import org.apache.kyuubi.metrics.MetricsSystem
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.plugin.GroupProvider
+import org.apache.kyuubi.server.KyuubiServer
 
 /**
  * The description and functionality of an engine at server side
@@ -69,7 +70,8 @@ private[kyuubi] class EngineRef(
   private val engineType: EngineType = EngineType.withName(conf.get(ENGINE_TYPE))
 
   // Server-side engine pool size threshold
-  private val poolThreshold: Int = conf.get(ENGINE_POOL_SIZE_THRESHOLD)
+  private val poolThreshold: Int = Option(KyuubiServer.kyuubiServer).map(_.getConf)
+    .getOrElse(KyuubiConf()).get(ENGINE_POOL_SIZE_THRESHOLD)
 
   private val clientPoolSize: Int = conf.get(ENGINE_POOL_SIZE)
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 80df5c44d..8d5132ba4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -64,11 +64,9 @@ class KyuubiSessionImpl(
     }
   }
 
-  // TODO: needs improve the hardcode
   optimizedConf.foreach {
-    case ("use:catalog", _) =>
-    case ("use:database", _) =>
-    case ("kyuubi.engine.pool.size.threshold", _) =>
+    case (USE_CATALOG, _) =>
+    case (USE_DATABASE, _) =>
     case (key, value) => sessionConf.set(key, value)
   }
 

From 1e310a0818f23dd7b8f2d4afd17795794fed46ea Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 12 May 2023 08:38:26 +0800
Subject: [PATCH 357/760] [KYUUBI #4828] [BUILD] Exclude macOS tar extended
 metadata in build/dist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Add args `--no-mac-metadata --no-xattrs --no-fflags` to `tar` on macOS in `build/dist` to exclude macOS-specific extended metadata.

The binary tarball created on macOS includes extended macOS-specific metadata and xattrs, which causes warnings when unarchiving it on Linux.

Step to reproduce

1. create tarball on macOS (13.3.1)
```
➜  apache-kyuubi git:(master) tar --version
bsdtar 3.5.3 - libarchive 3.5.3 zlib/1.2.11 liblzma/5.0.5 bz2lib/1.0.8
```

```
➜  apache-kyuubi git:(master) build/dist --tgz
```

2. unarchive the binary tarball on Linux (CentOS-7)

```
➜  ~ tar --version
tar (GNU tar) 1.26
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by John Gilmore and Jay Fenlason.
```

```
➜  ~ tar -xzf apache-kyuubi-1.8.0-SNAPSHOT-bin.tgz
tar: Ignoring unknown extended header keyword `SCHILY.fflags'
tar: Ignoring unknown extended header keyword `LIBARCHIVE.xattr.com.apple.FinderInfo'
```

### _How was this patch tested?_

- [x] Manual tests

Create binary tarball on macOS then unarchive on Linux, warnings disappear after this change.

Closes #4828 from pan3793/dist.

Closes #4828

7bc49d847 [Cheng Pan] [BUILD] Exclude macOS tar extended metadata in build/dist

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 build/dist | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/build/dist b/build/dist
index e0dae3479..33ef189c6 100755
--- a/build/dist
+++ b/build/dist
@@ -384,7 +384,11 @@ if [[ "$MAKE_TGZ" == "true" ]]; then
   TARDIR="$KYUUBI_HOME/$TARDIR_NAME"
   rm -rf "$TARDIR"
   cp -R "$DISTDIR" "$TARDIR"
-  tar czf "$TARDIR_NAME.tgz" -C "$KYUUBI_HOME" "$TARDIR_NAME"
+  TAR="tar"
+  if [ "$(uname -s)" = "Darwin" ]; then
+    TAR="tar --no-mac-metadata --no-xattrs --no-fflags"
+  fi
+  $TAR -czf "$TARDIR_NAME.tgz" -C "$KYUUBI_HOME" "$TARDIR_NAME"
   rm -rf "$TARDIR"
   echo "The Kyuubi tarball $TARDIR_NAME.tgz is successfully generated in $KYUUBI_HOME."
 fi

From 474f0972a443c62c3d77a9977d61b59a18a0f0a6 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Fri, 12 May 2023 22:36:10 +0800
Subject: [PATCH 358/760] [KYUUBI #4834] [MINOR] Reduce the scope of method
 references in Authz plugin cleanup shutdown hook

### _Why are the changes needed?_

Reduce the scope of method references

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4834 from wForget/minor.

Closes #4834

2061dc942 [wforget] [MINOR] Reduce the scope of method references

Authored-by: wforget <643348094@qq.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 8332b27f0..25bfca96a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -79,7 +79,7 @@ object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
       () => {
         if (plugin != null) {
           LOG.info(s"clean up ranger plugin, appId: ${plugin.getAppId}")
-          this.cleanup()
+          plugin.cleanup()
         }
       },
       Integer.MAX_VALUE)

From 272673a41f9908a004fd9e59d57470f476f5369e Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Mon, 15 May 2023 00:04:39 +0800
Subject: [PATCH 359/760] [KYUUBI #4830][TEST] Fix flaky test "support to
 interrupt the thrift request if remote engine is broken"

### _Why are the changes needed?_

Move 'support to interrupt the thrift request if remote engine is broken' ut to `KyuubiOperationPerConnectionSuite` and fix it.

close #4830

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4833 from wForget/KYUUBI-4830.

Closes #4830

838021175 [wforget] test
214d22559 [wforget] fix
c7b96f0e2 [wforget] fix
fbf837ffd [wforget] fix
e6ada6af9 [wforget] [KYUUBI #4830] Fix flaky test: KyuubiOperationPerUserSuite: max result rows

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../KyuubiOperationPerConnectionSuite.scala   | 51 ++++++++++++++++++-
 .../KyuubiOperationPerUserSuite.scala         | 48 +----------------
 2 files changed, 51 insertions(+), 48 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index d0f1f065d..979594c23 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -34,7 +34,7 @@ import org.apache.kyuubi.jdbc.KyuubiHiveDriver
 import org.apache.kyuubi.jdbc.hive.{KyuubiConnection, KyuubiSQLException}
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.plugin.SessionConfAdvisor
-import org.apache.kyuubi.session.{KyuubiSessionManager, SessionType}
+import org.apache.kyuubi.session.{KyuubiSessionImpl, KyuubiSessionManager, SessionHandle, SessionType}
 
 /**
  * UT with Connection level engine shared cost much time, only run basic jdbc tests.
@@ -291,6 +291,55 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
       assert(e.getMessage.contains("client should catch this exception"))
     }
   }
+
+  test("support to interrupt the thrift request if remote engine is broken") {
+    withSessionConf(Map(
+      KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED.key -> "true",
+      KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL.key -> "1000",
+      KyuubiConf.ENGINE_ALIVE_TIMEOUT.key -> "1000"))(Map.empty)(
+      Map.empty) {
+      withSessionHandle { (client, handle) =>
+        val preReq = new TExecuteStatementReq()
+        preReq.setStatement("select engine_name()")
+        preReq.setSessionHandle(handle)
+        preReq.setRunAsync(false)
+        client.ExecuteStatement(preReq)
+
+        val sessionHandle = SessionHandle(handle)
+        val session = server.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
+          .getSession(sessionHandle).asInstanceOf[KyuubiSessionImpl]
+
+        val exitReq = new TExecuteStatementReq()
+        exitReq.setStatement("SELECT java_method('java.lang.Thread', 'sleep', 1000L)," +
+          "java_method('java.lang.System', 'exit', 1)")
+        exitReq.setSessionHandle(handle)
+        exitReq.setRunAsync(true)
+        client.ExecuteStatement(exitReq)
+
+        session.sessionManager.getConf
+          .set(KyuubiConf.OPERATION_STATUS_UPDATE_INTERVAL, 3000L)
+
+        val executeStmtReq = new TExecuteStatementReq()
+        executeStmtReq.setStatement("SELECT java_method('java.lang.Thread', 'sleep', 30000l)")
+        executeStmtReq.setSessionHandle(handle)
+        executeStmtReq.setRunAsync(false)
+        val startTime = System.currentTimeMillis()
+        val executeStmtResp = client.ExecuteStatement(executeStmtReq)
+        assert(executeStmtResp.getStatus.getStatusCode === TStatusCode.ERROR_STATUS)
+        assert(executeStmtResp.getStatus.getErrorMessage.contains(
+          "java.net.SocketException") ||
+          executeStmtResp.getStatus.getErrorMessage.contains(
+            "org.apache.thrift.transport.TTransportException") ||
+          executeStmtResp.getStatus.getErrorMessage.contains(
+            "connection does not exist"))
+        val elapsedTime = System.currentTimeMillis() - startTime
+        assert(elapsedTime < 20 * 1000)
+        eventually(timeout(3.seconds)) {
+          assert(session.client.asyncRequestInterrupted)
+        }
+      }
+    }
+  }
 }
 
 class TestSessionConfAdvisor extends SessionConfAdvisor {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 21bf56b4f..87a2dc7d2 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -29,7 +29,7 @@ import org.apache.kyuubi.config.KyuubiConf.KYUUBI_ENGINE_ENV_PREFIX
 import org.apache.kyuubi.engine.SemanticVersion
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
-import org.apache.kyuubi.session.{KyuubiSessionImpl, KyuubiSessionManager, SessionHandle}
+import org.apache.kyuubi.session.{KyuubiSessionImpl, SessionHandle}
 import org.apache.kyuubi.zookeeper.ZookeeperConf
 
 class KyuubiOperationPerUserSuite
@@ -166,52 +166,6 @@ class KyuubiOperationPerUserSuite
     assert(r1 !== r2)
   }
 
-  test("support to interrupt the thrift request if remote engine is broken") {
-    assume(!httpMode)
-    withSessionConf(Map(
-      KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED.key -> "true",
-      KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL.key -> "1000",
-      KyuubiConf.ENGINE_ALIVE_TIMEOUT.key -> "1000"))(Map.empty)(
-      Map.empty) {
-      withSessionHandle { (client, handle) =>
-        val preReq = new TExecuteStatementReq()
-        preReq.setStatement("select engine_name()")
-        preReq.setSessionHandle(handle)
-        preReq.setRunAsync(false)
-        client.ExecuteStatement(preReq)
-
-        val sessionHandle = SessionHandle(handle)
-        val session = server.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
-          .getSession(sessionHandle).asInstanceOf[KyuubiSessionImpl]
-        session.client.getEngineAliveProbeProtocol.foreach(_.getTransport.close())
-
-        val exitReq = new TExecuteStatementReq()
-        exitReq.setStatement("SELECT java_method('java.lang.Thread', 'sleep', 1000L)," +
-          "java_method('java.lang.System', 'exit', 1)")
-        exitReq.setSessionHandle(handle)
-        exitReq.setRunAsync(true)
-        client.ExecuteStatement(exitReq)
-
-        val executeStmtReq = new TExecuteStatementReq()
-        executeStmtReq.setStatement("SELECT java_method('java.lang.Thread', 'sleep', 30000l)")
-        executeStmtReq.setSessionHandle(handle)
-        executeStmtReq.setRunAsync(false)
-        val startTime = System.currentTimeMillis()
-        val executeStmtResp = client.ExecuteStatement(executeStmtReq)
-        assert(executeStmtResp.getStatus.getStatusCode === TStatusCode.ERROR_STATUS)
-        assert(executeStmtResp.getStatus.getErrorMessage.contains(
-          "java.net.SocketException") ||
-          executeStmtResp.getStatus.getErrorMessage.contains(
-            "org.apache.thrift.transport.TTransportException") ||
-          executeStmtResp.getStatus.getErrorMessage.contains(
-            "connection does not exist"))
-        val elapsedTime = System.currentTimeMillis() - startTime
-        assert(elapsedTime < 20 * 1000)
-        assert(session.client.asyncRequestInterrupted)
-      }
-    }
-  }
-
   test("max result rows") {
     Seq("true", "false").foreach { incremental =>
       Seq("thrift", "arrow").foreach { resultFormat =>

From e8db3da440a9fc183177b0f17fea66bbfa962613 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 15 May 2023 10:41:19 +0800
Subject: [PATCH 360/760] [KYUUBI #4838] Fix spark operation exception leak in
 `withLocalProperties` method

### _Why are the changes needed?_

For `ExecutePython` operation.
https://github.com/apache/kyuubi/blob/474f0972a443c62c3d77a9977d61b59a18a0f0a6/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala#L139-L141

If exception thrown in `withLocalProperties` method(for example, python worker is died), the operation will be stuck in pending state forever.
<img width="1314" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/2929f0e4-dc64-4aa4-8d3e-e9d858f8e683">

We need to catch exception thrown in `withLocalProperties` method.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

After this pr:
<img width="1479" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/e17aadfe-81a3-4ec7-a595-26eb978dd2b0">

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4838 from turboFei/exception_leak.

Closes #4838

5544691ef [fwang12] fix operation exception leak

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../spark/operation/ExecutePython.scala       | 35 ++++----
 .../engine/spark/operation/ExecuteScala.scala | 81 ++++++++++---------
 .../spark/operation/ExecuteStatement.scala    | 21 ++---
 .../spark/operation/PlanOnlyStatement.scala   | 29 +++----
 .../spark/operation/SparkOperation.scala      | 15 ++--
 5 files changed, 93 insertions(+), 88 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
index 17cc967e6..0d01348a7 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
@@ -77,30 +77,31 @@ class ExecutePython(
     OperationLog.removeCurrentOperationLog()
   }
 
-  private def executePython(): Unit = withLocalProperties {
+  private def executePython(): Unit =
     try {
-      setState(OperationState.RUNNING)
-      info(diagnostics)
-      addOperationListener()
-      val response = worker.runCode(statement)
-      val status = response.map(_.content.status).getOrElse("UNKNOWN_STATUS")
-      if (PythonResponse.OK_STATUS.equalsIgnoreCase(status)) {
-        val output = response.map(_.content.getOutput()).getOrElse("")
-        val ename = response.map(_.content.getEname()).getOrElse("")
-        val evalue = response.map(_.content.getEvalue()).getOrElse("")
-        val traceback = response.map(_.content.getTraceback()).getOrElse(Seq.empty)
-        iter =
-          new ArrayFetchIterator[Row](Array(Row(output, status, ename, evalue, traceback)))
-        setState(OperationState.FINISHED)
-      } else {
-        throw KyuubiSQLException(s"Interpret error:\n$statement\n $response")
+      withLocalProperties {
+        setState(OperationState.RUNNING)
+        info(diagnostics)
+        addOperationListener()
+        val response = worker.runCode(statement)
+        val status = response.map(_.content.status).getOrElse("UNKNOWN_STATUS")
+        if (PythonResponse.OK_STATUS.equalsIgnoreCase(status)) {
+          val output = response.map(_.content.getOutput()).getOrElse("")
+          val ename = response.map(_.content.getEname()).getOrElse("")
+          val evalue = response.map(_.content.getEvalue()).getOrElse("")
+          val traceback = response.map(_.content.getTraceback()).getOrElse(Seq.empty)
+          iter =
+            new ArrayFetchIterator[Row](Array(Row(output, status, ename, evalue, traceback)))
+          setState(OperationState.FINISHED)
+        } else {
+          throw KyuubiSQLException(s"Interpret error:\n$statement\n $response")
+        }
       }
     } catch {
       onError(cancel = true)
     } finally {
       shutdownTimeoutMonitor()
     }
-  }
 
   override protected def runInternal(): Unit = {
     addTimeoutMonitor(queryTimeout)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala
index ff686cca0..24e17d281 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala
@@ -76,59 +76,60 @@ class ExecuteScala(
     OperationLog.removeCurrentOperationLog()
   }
 
-  private def executeScala(): Unit = withLocalProperties {
+  private def executeScala(): Unit =
     try {
-      setState(OperationState.RUNNING)
-      info(diagnostics)
-      Thread.currentThread().setContextClassLoader(spark.sharedState.jarClassLoader)
-      addOperationListener()
-      val legacyOutput = repl.getOutput
-      if (legacyOutput.nonEmpty) {
-        warn(s"Clearing legacy output from last interpreting:\n $legacyOutput")
-      }
-      val replUrls = repl.classLoader.getParent.asInstanceOf[URLClassLoader].getURLs
-      spark.sharedState.jarClassLoader.getURLs.filterNot(replUrls.contains).foreach { jar =>
-        try {
-          if ("file".equals(jar.toURI.getScheme)) {
-            repl.addUrlsToClassPath(jar)
-          } else {
-            spark.sparkContext.addFile(jar.toString)
-            val localJarFile = new File(SparkFiles.get(new Path(jar.toURI.getPath).getName))
-            val localJarUrl = localJarFile.toURI.toURL
-            if (!replUrls.contains(localJarUrl)) {
-              repl.addUrlsToClassPath(localJarUrl)
+      withLocalProperties {
+        setState(OperationState.RUNNING)
+        info(diagnostics)
+        Thread.currentThread().setContextClassLoader(spark.sharedState.jarClassLoader)
+        addOperationListener()
+        val legacyOutput = repl.getOutput
+        if (legacyOutput.nonEmpty) {
+          warn(s"Clearing legacy output from last interpreting:\n $legacyOutput")
+        }
+        val replUrls = repl.classLoader.getParent.asInstanceOf[URLClassLoader].getURLs
+        spark.sharedState.jarClassLoader.getURLs.filterNot(replUrls.contains).foreach { jar =>
+          try {
+            if ("file".equals(jar.toURI.getScheme)) {
+              repl.addUrlsToClassPath(jar)
+            } else {
+              spark.sparkContext.addFile(jar.toString)
+              val localJarFile = new File(SparkFiles.get(new Path(jar.toURI.getPath).getName))
+              val localJarUrl = localJarFile.toURI.toURL
+              if (!replUrls.contains(localJarUrl)) {
+                repl.addUrlsToClassPath(localJarUrl)
+              }
             }
+          } catch {
+            case e: Throwable => error(s"Error adding $jar to repl class path", e)
           }
-        } catch {
-          case e: Throwable => error(s"Error adding $jar to repl class path", e)
         }
-      }
 
-      repl.interpretWithRedirectOutError(statement) match {
-        case Success =>
-          iter = {
-            result = repl.getResult(statementId)
-            if (result != null) {
-              new ArrayFetchIterator[Row](result.collect())
-            } else {
-              val output = repl.getOutput
-              debug("scala repl output:\n" + output)
-              new ArrayFetchIterator[Row](Array(Row(output)))
+        repl.interpretWithRedirectOutError(statement) match {
+          case Success =>
+            iter = {
+              result = repl.getResult(statementId)
+              if (result != null) {
+                new ArrayFetchIterator[Row](result.collect())
+              } else {
+                val output = repl.getOutput
+                debug("scala repl output:\n" + output)
+                new ArrayFetchIterator[Row](Array(Row(output)))
+              }
             }
-          }
-        case Error =>
-          throw KyuubiSQLException(s"Interpret error:\n$statement\n ${repl.getOutput}")
-        case Incomplete =>
-          throw KyuubiSQLException(s"Incomplete code:\n$statement")
+          case Error =>
+            throw KyuubiSQLException(s"Interpret error:\n$statement\n ${repl.getOutput}")
+          case Incomplete =>
+            throw KyuubiSQLException(s"Incomplete code:\n$statement")
+        }
+        setState(OperationState.FINISHED)
       }
-      setState(OperationState.FINISHED)
     } catch {
       onError(cancel = true)
     } finally {
       repl.clearResult(statementId)
       shutdownTimeoutMonitor()
     }
-  }
 
   override protected def runInternal(): Unit = {
     addTimeoutMonitor(queryTimeout)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index ca30f5300..659cf0a61 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -75,22 +75,23 @@ class ExecuteStatement(
     resultDF.take(maxRows)
   }
 
-  protected def executeStatement(): Unit = withLocalProperties {
+  protected def executeStatement(): Unit =
     try {
-      setState(OperationState.RUNNING)
-      info(diagnostics)
-      Thread.currentThread().setContextClassLoader(spark.sharedState.jarClassLoader)
-      addOperationListener()
-      result = spark.sql(statement)
-      iter = collectAsIterator(result)
-      setCompiledStateIfNeeded()
-      setState(OperationState.FINISHED)
+      withLocalProperties {
+        setState(OperationState.RUNNING)
+        info(diagnostics)
+        Thread.currentThread().setContextClassLoader(spark.sharedState.jarClassLoader)
+        addOperationListener()
+        result = spark.sql(statement)
+        iter = collectAsIterator(result)
+        setCompiledStateIfNeeded()
+        setState(OperationState.FINISHED)
+      }
     } catch {
       onError(cancel = true)
     } finally {
       shutdownTimeoutMonitor()
     }
-  }
 
   override protected def runInternal(): Unit = {
     addTimeoutMonitor(queryTimeout)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
index b7e5451ec..c5a7679d6 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
@@ -65,28 +65,29 @@ class PlanOnlyStatement(
     super.beforeRun()
   }
 
-  override protected def runInternal(): Unit = withLocalProperties {
+  override protected def runInternal(): Unit =
     try {
-      SQLConf.withExistingConf(spark.sessionState.conf) {
-        val parsed = spark.sessionState.sqlParser.parsePlan(statement)
+      withLocalProperties {
+        SQLConf.withExistingConf(spark.sessionState.conf) {
+          val parsed = spark.sessionState.sqlParser.parsePlan(statement)
 
-        parsed match {
-          case cmd if planExcludes.contains(cmd.getClass.getSimpleName) =>
-            result = spark.sql(statement)
-            iter = new ArrayFetchIterator(result.collect())
+          parsed match {
+            case cmd if planExcludes.contains(cmd.getClass.getSimpleName) =>
+              result = spark.sql(statement)
+              iter = new ArrayFetchIterator(result.collect())
 
-          case plan => style match {
-              case PlainStyle => explainWithPlainStyle(plan)
-              case JsonStyle => explainWithJsonStyle(plan)
-              case UnknownStyle => unknownStyleError(style)
-              case other => throw notSupportedStyleError(other, "Spark SQL")
-            }
+            case plan => style match {
+                case PlainStyle => explainWithPlainStyle(plan)
+                case JsonStyle => explainWithJsonStyle(plan)
+                case UnknownStyle => unknownStyleError(style)
+                case other => throw notSupportedStyleError(other, "Spark SQL")
+              }
+          }
         }
       }
     } catch {
       onError()
     }
-  }
 
   private def explainWithPlainStyle(plan: LogicalPlan): Unit = {
     mode match {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index 6b2a5d9eb..320e67635 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -233,10 +233,10 @@ abstract class SparkOperation(session: Session)
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet =
-    withLocalProperties {
-      var resultRowSet: TRowSet = null
-      try {
+  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+    var resultRowSet: TRowSet = null
+    try {
+      withLocalProperties {
         validateDefaultFetchOrientation(order)
         assertState(OperationState.FINISHED)
         setHasResultSet(true)
@@ -261,10 +261,11 @@ abstract class SparkOperation(session: Session)
               getProtocolVersion)
           }
         resultRowSet.setStartRowOffset(iter.getPosition)
-      } catch onError(cancel = true)
+      }
+    } catch onError(cancel = true)
 
-      resultRowSet
-    }
+    resultRowSet
+  }
 
   override def shouldRunAsync: Boolean = false
 

From 61fcffb7d05f0bb3b2a945906c0d56c69b6f16e2 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 15 May 2023 10:42:56 +0800
Subject: [PATCH 361/760] [KYUUBI #4836] Set UncaughtExceptionHandler for
 thread to log exception

### _Why are the changes needed?_

To provide more insight, if there is uncaught exception.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4836 from turboFei/handler_exception.

Closes #4836

b9d304fb8 [fwang12] comment
3819447a6 [fwang12] un caughtt

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../util/KyuubiUncaughtExceptionHandler.scala | 28 +++++++++++++++++++
 .../kyuubi/util/NamedThreadFactory.scala      |  7 +++++
 2 files changed, 35 insertions(+)
 create mode 100644 kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiUncaughtExceptionHandler.scala

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiUncaughtExceptionHandler.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiUncaughtExceptionHandler.scala
new file mode 100644
index 000000000..69cfe207f
--- /dev/null
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiUncaughtExceptionHandler.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.util
+
+import java.lang.Thread.UncaughtExceptionHandler
+
+import org.apache.kyuubi.Logging
+
+class KyuubiUncaughtExceptionHandler extends UncaughtExceptionHandler with Logging {
+  override def uncaughtException(t: Thread, e: Throwable): Unit = {
+    error(s"Uncaught exception in thread ${t.getName}", e)
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala
index 89c3c96ea..13127b59b 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala
@@ -20,10 +20,17 @@ package org.apache.kyuubi.util
 import java.util.concurrent.ThreadFactory
 
 class NamedThreadFactory(name: String, daemon: Boolean) extends ThreadFactory {
+  import NamedThreadFactory._
+
   override def newThread(r: Runnable): Thread = {
     val t = new Thread(r)
     t.setName(name + ": Thread-" + t.getId)
     t.setDaemon(daemon)
+    t.setUncaughtExceptionHandler(kyuubiUncaughtExceptionHandler)
     t
   }
 }
+
+object NamedThreadFactory {
+  private val kyuubiUncaughtExceptionHandler = new KyuubiUncaughtExceptionHandler
+}

From 6b5c138651b46a3828f5184b8cd3218ce932a923 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 15 May 2023 17:45:19 +0800
Subject: [PATCH 362/760] [KYUUBI #4835] [K8S] Using hive conf to check whether
 to apply HIVE_DELEGATION_TOKEN

### _Why are the changes needed?_

Now we check the sparkContext.hadoopConfiguration to determine whether to apply HIVE_DELEGATION_TOKEN

Here is the method to create sparkContext hadoopConguration.
And it will add `__spark_hadoop_conf__.xml` to hadoop configuration resource.
```
  /**
   * Return an appropriate (subclass) of Configuration. Creating config can initialize some Hadoop
   * subsystems.
   */
  def newConfiguration(conf: SparkConf): Configuration = {
    val hadoopConf = SparkHadoopUtil.newConfiguration(conf)
    hadoopConf.addResource(SparkHadoopUtil.SPARK_HADOOP_CONF_FILE)
    hadoopConf
  }
```

```
  /**
   * Name of the file containing the gateway's Hadoop configuration, to be overlayed on top of the
   * cluster's Hadoop config. It is up to the Spark code launching the application to create
   * this file if it's desired. If the file doesn't exist, it will just be ignored.
   */
  private[spark] val SPARK_HADOOP_CONF_FILE = "__spark_hadoop_conf__.xml"
```
<img width="1091" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/f2a87a23-4565-4164-9eaa-5f7e166519de">

Per the code, this file is only created in yarn module.

#### Spark on yarn
 after unzip `__spark_conf__.zip` in spark staging dir, there is  a file named `__spark_hadoop_conf__.xml`.
```
 grep hive.metastore.uris  __spark_hadoop_conf__.xml
<property><name>hive.metastore.uris</name><value>thrift://*******:9083</value><source>programatically</source></property>
```

#### Spark on K8S
Seems for spark on k8s, there is no file named `__spark_hadoop_conf__.xml`
<img width="1580" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/99de73d0-3519-4af3-8f0a-90967949ec0e">

<img width="875" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/f7c477a5-23ca-4b25-8638-4b040b78899d">

We need to check the `hiveConf` instead of `hadoopConf`.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4835 from turboFei/hive_token.

Closes #4835

7657cbb11 [fwang12] hive conf
7c0af6789 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../spark/SparkTBinaryFrontendService.scala   | 27 ++++++++++++++++-
 .../SparkTBinaryFrontendServiceSuite.scala    | 29 +++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendServiceSuite.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
index 854a28e85..781ac2d07 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.engine.spark
 
 import scala.collection.JavaConverters._
 
+import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.io.Text
 import org.apache.hadoop.security.{Credentials, UserGroupInformation}
 import org.apache.hadoop.security.token.{Token, TokenIdentifier}
@@ -30,6 +31,7 @@ import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.ha.client.{EngineServiceDiscovery, ServiceDiscovery}
+import org.apache.kyuubi.reflection.DynConstructors
 import org.apache.kyuubi.service.{Serverable, Service, TBinaryFrontendService}
 import org.apache.kyuubi.service.TFrontendService._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
@@ -110,6 +112,8 @@ class SparkTBinaryFrontendService(
 object SparkTBinaryFrontendService extends Logging {
 
   val HIVE_DELEGATION_TOKEN = new Text("HIVE_DELEGATION_TOKEN")
+  val HIVE_CONF_CLASSNAME = "org.apache.hadoop.hive.conf.HiveConf"
+  @volatile private var _hiveConf: Configuration = _
 
   private[spark] def renewDelegationToken(sc: SparkContext, delegationToken: String): Unit = {
     val newCreds = KyuubiHadoopUtils.decodeCredentials(delegationToken)
@@ -133,7 +137,7 @@ object SparkTBinaryFrontendService extends Logging {
       newTokens: Map[Text, Token[_ <: TokenIdentifier]],
       oldCreds: Credentials,
       updateCreds: Credentials): Unit = {
-    val metastoreUris = sc.hadoopConfiguration.getTrimmed("hive.metastore.uris", "")
+    val metastoreUris = hiveConf(sc.hadoopConfiguration).getTrimmed("hive.metastore.uris", "")
 
     // `HiveMetaStoreClient` selects the first token whose service is "" and kind is
     // "HIVE_DELEGATION_TOKEN" to authenticate.
@@ -204,4 +208,25 @@ object SparkTBinaryFrontendService extends Logging {
       1
     }
   }
+
+  private[kyuubi] def hiveConf(hadoopConf: Configuration): Configuration = {
+    if (_hiveConf == null) {
+      synchronized {
+        if (_hiveConf == null) {
+          _hiveConf =
+            try {
+              DynConstructors.builder()
+                .impl(HIVE_CONF_CLASSNAME, classOf[Configuration], classOf[Class[_]])
+                .build[Configuration]()
+                .newInstance(hadoopConf, Class.forName(HIVE_CONF_CLASSNAME))
+            } catch {
+              case e: Throwable =>
+                warn("Fail to create Hive Configuration", e)
+                hadoopConf
+            }
+        }
+      }
+    }
+    _hiveConf
+  }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendServiceSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendServiceSuite.scala
new file mode 100644
index 000000000..5f81e51f8
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendServiceSuite.scala
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.spark
+
+import org.apache.hadoop.conf.Configuration
+
+import org.apache.kyuubi.KyuubiFunSuite
+
+class SparkTBinaryFrontendServiceSuite extends KyuubiFunSuite {
+  test("new hive conf") {
+    val hiveConf = SparkTBinaryFrontendService.hiveConf(new Configuration())
+    assert(hiveConf.getClass().getName == SparkTBinaryFrontendService.HIVE_CONF_CLASSNAME)
+  }
+}

From 66dfe805d2ed21b8c6414bc1a5a4e1a57120df3a Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 16 May 2023 00:36:27 +0800
Subject: [PATCH 363/760] [KYUUBI #4840] Return cached appInfo iif both op and
 app are terminated

### _Why are the changes needed?_

When a batch job fails, there is a chance that the op state changed to ERROR, but engine_state has not been updated, w/ the current implementation, currentApplicationInfo always returns the cached outdated appInfo instead of fetching appInfo from the application manager, thus causing the client can not see the correct app status.

```
mysql> select state, engine_state, peer_instance_closed from metadata;
+-------+--------------+----------------------+
| state | engine_state | peer_instance_closed |
+-------+--------------+----------------------+
| ERROR | RUNNING      |                    0 |
| ERROR | RUNNING      |                    0 |
+-------+--------------+----------------------+
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4840 from pan3793/appInfo.

Closes #4840

f5dddc9db [Cheng Pan] close on error
7c5767e11 [Cheng Pan] Return cached appInfo iif both op and app are terminated

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/operation/BatchJobSubmission.scala   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 96022614e..e58539ff7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -101,8 +101,10 @@ class BatchJobSubmission(
     }
   }
 
-  override protected def currentApplicationInfo(): Option[ApplicationInfo] = {
-    if (isTerminal(state) && _applicationInfo.nonEmpty) return _applicationInfo
+  override def currentApplicationInfo(): Option[ApplicationInfo] = {
+    if (isTerminal(state) && _applicationInfo.map(_.state).exists(ApplicationState.isTerminated)) {
+      return _applicationInfo
+    }
     val applicationInfo =
       applicationManager.getApplicationInfo(
         builder.clusterManager(),
@@ -267,6 +269,7 @@ class BatchJobSubmission(
       }
     } finally {
       builder.close()
+      updateApplicationInfoMetadataIfNeeded()
       cleanupUploadedResourceIfNeeded()
     }
   }

From c38614a372db22cffa368b401994ba30a9457c35 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 16 May 2023 10:11:04 +0800
Subject: [PATCH 364/760] [KYUUBI #4841] [MINOR] Log more info for closing
 session

### _Why are the changes needed?_

To provide more insights that the session is closed by requests or because of idle more than timeout.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4841 from turboFei/close_log.

Closes #4841

959a7ba79 [fwang12] log
0e3f3d609 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../main/scala/org/apache/kyuubi/session/SessionManager.scala   | 2 ++
 .../org/apache/kyuubi/server/api/v1/SessionsResource.scala      | 1 +
 2 files changed, 3 insertions(+)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
index aa46b8d6f..f91447f98 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
@@ -307,6 +307,8 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
           for (session <- handleToSession.values().asScala) {
             if (session.lastAccessTime + session.sessionIdleTimeoutThreshold <= current &&
               session.getNoOperationTime > session.sessionIdleTimeoutThreshold) {
+              info(s"Closing session ${session.handle.identifier} that has been idle for more" +
+                s" than ${session.sessionIdleTimeoutThreshold} ms")
               try {
                 closeSession(session.handle)
               } catch {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index 81d1a2709..7866744dc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -172,6 +172,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
   @DELETE
   @Path("{sessionHandle}")
   def closeSession(@PathParam("sessionHandle") sessionHandleStr: String): Response = {
+    info(s"Received request of closing $sessionHandleStr")
     fe.be.closeSession(sessionHandleStr)
     Response.ok().build()
   }

From f20f61e68603660f9bc806d14d47c515ca94541a Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 16 May 2023 13:18:46 +0800
Subject: [PATCH 365/760] [KYUUBI #4829] Support to expose operation metrics

### _Why are the changes needed?_

We need operation metrics to know the operation details.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4829 from turboFei/op_metrics.

Closes #4829

8749405b2 [fwang12] comment
188fbf5ae [fwang12] fix ut
658f1f1c5 [fwang12] expose operation metrics

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/events/KyuubiOperationEvent.scala  |  7 +++++--
 .../kyuubi/operation/KyuubiOperation.scala    | 15 ++++++++++++++
 .../kyuubi/server/BackendServiceMetric.scala  | 12 ++++++++++-
 .../KyuubiOperationPerUserSuite.scala         | 20 +++++++++++++++++++
 4 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala
index 7147cb424..2a103213e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/KyuubiOperationEvent.scala
@@ -43,6 +43,7 @@ import org.apache.kyuubi.session.KyuubiSession
  * @param sessionUser the authenticated client user
  * @param sessionType the type of the parent session
  * @param kyuubiInstance the parent session connection url
+ * @param metrics the operation metrics
  */
 case class KyuubiOperationEvent private (
     statementId: String,
@@ -58,7 +59,8 @@ case class KyuubiOperationEvent private (
     sessionId: String,
     sessionUser: String,
     sessionType: String,
-    kyuubiInstance: String) extends KyuubiEvent {
+    kyuubiInstance: String,
+    metrics: Map[String, String]) extends KyuubiEvent {
 
   // operation events are partitioned by the date when the corresponding operations are
   // created.
@@ -88,6 +90,7 @@ object KyuubiOperationEvent {
       session.handle.identifier.toString,
       session.user,
       session.sessionType.toString,
-      session.connectionUrl)
+      session.connectionUrl,
+      operation.metrics)
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
index e0475394e..783581a06 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
@@ -53,6 +53,21 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
 
   def remoteOpHandle(): TOperationHandle = _remoteOpHandle
 
+  @volatile protected var _fetchLogCount = 0L
+  @volatile protected var _fetchResultsCount = 0L
+
+  protected[kyuubi] def increaseFetchLogCount(count: Int): Unit = {
+    _fetchLogCount += count
+  }
+
+  protected[kyuubi] def increaseFetchResultsCount(count: Int): Unit = {
+    _fetchResultsCount += count
+  }
+
+  def metrics: Map[String, String] = Map(
+    "fetchLogCount" -> _fetchLogCount.toString,
+    "fetchResultsCount" -> _fetchResultsCount.toString)
+
   protected def verifyTStatus(tStatus: TStatus): Unit = {
     ThriftUtils.verifyTStatus(tStatus)
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
index 68bf11d7f..3a92a5ad0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.server
 import org.apache.hive.service.rpc.thrift._
 
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
-import org.apache.kyuubi.operation.{OperationHandle, OperationStatus}
+import org.apache.kyuubi.operation.{KyuubiOperation, OperationHandle, OperationStatus}
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.service.BackendService
 import org.apache.kyuubi.session.SessionHandle
@@ -207,6 +207,16 @@ trait BackendServiceMetric extends BackendService {
         else MetricsConstants.BS_FETCH_RESULT_ROWS_RATE,
         rowsSize))
 
+      val operation = sessionManager.operationManager
+        .getOperation(operationHandle)
+        .asInstanceOf[KyuubiOperation]
+
+      if (fetchLog) {
+        operation.increaseFetchLogCount(rowsSize)
+      } else {
+        operation.increaseFetchResultsCount(rowsSize)
+      }
+
       rowSet
     }
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 87a2dc7d2..f86d75247 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -339,4 +339,24 @@ class KyuubiOperationPerUserSuite
       }
     }
   }
+
+  test("support to expose kyuubi operation metrics") {
+    withSessionConf()(Map.empty)(Map.empty) {
+      withJdbcStatement() { statement =>
+        val uuid = UUID.randomUUID().toString
+        val query = s"select '$uuid'"
+        val res = statement.executeQuery(query)
+        assert(res.next())
+        assert(!res.next())
+
+        val operationMetrics =
+          server.backendService.sessionManager.operationManager.allOperations()
+            .map(_.asInstanceOf[KyuubiOperation])
+            .filter(_.statement == query)
+            .head.metrics
+        assert(operationMetrics.get("fetchResultsCount") == Some("1"))
+        assert(operationMetrics.get("fetchLogCount") == Some("0"))
+      }
+    }
+  }
 }

From 2e3919f5a614e40abc6dfc857352a8828d496907 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 16 May 2023 14:48:28 +0800
Subject: [PATCH 366/760] [KYUUBI #4842] [MINOR] Fix typo in etcd client config

### _Why are the changes needed?_

Fix typo.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4842 from turboFei/etcd_typo.

Closes #4842

218374976 [fwang12] fix typo for etcd client

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala | 4 ++--
 .../kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala       | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
index 148a21e4d..eba069da2 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
@@ -209,14 +209,14 @@ object HighAvailabilityConf {
       .stringConf
       .createOptional
 
-  val HA_ETCD_SSL_CLINET_CRT_PATH: OptionalConfigEntry[String] =
+  val HA_ETCD_SSL_CLIENT_CRT_PATH: OptionalConfigEntry[String] =
     buildConf("kyuubi.ha.etcd.ssl.client.certificate.path")
       .doc("Where the etcd SSL certificate file is stored.")
       .version("1.6.0")
       .stringConf
       .createOptional
 
-  val HA_ETCD_SSL_CLINET_KEY_PATH: OptionalConfigEntry[String] =
+  val HA_ETCD_SSL_CLIENT_KEY_PATH: OptionalConfigEntry[String] =
     buildConf("kyuubi.ha.etcd.ssl.client.key.path")
       .doc("Where the etcd SSL key file is stored.")
       .version("1.6.0")
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
index 80a70f2f2..548628a88 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
@@ -74,10 +74,10 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     } else {
       val caPath = conf.getOption(HA_ETCD_SSL_CA_PATH.key).getOrElse(
         throw new IllegalArgumentException(s"${HA_ETCD_SSL_CA_PATH.key} is not defined"))
-      val crtPath = conf.getOption(HA_ETCD_SSL_CLINET_CRT_PATH.key).getOrElse(
-        throw new IllegalArgumentException(s"${HA_ETCD_SSL_CLINET_CRT_PATH.key} is not defined"))
-      val keyPath = conf.getOption(HA_ETCD_SSL_CLINET_KEY_PATH.key).getOrElse(
-        throw new IllegalArgumentException(s"${HA_ETCD_SSL_CLINET_KEY_PATH.key} is not defined"))
+      val crtPath = conf.getOption(HA_ETCD_SSL_CLIENT_CRT_PATH.key).getOrElse(
+        throw new IllegalArgumentException(s"${HA_ETCD_SSL_CLIENT_CRT_PATH.key} is not defined"))
+      val keyPath = conf.getOption(HA_ETCD_SSL_CLIENT_KEY_PATH.key).getOrElse(
+        throw new IllegalArgumentException(s"${HA_ETCD_SSL_CLIENT_KEY_PATH.key} is not defined"))
 
       val context = GrpcSslContexts.forClient()
         .trustManager(new File(caPath))

From 28216324cd7737fc2dcfd4c7b34590261f783d18 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 16 May 2023 15:49:11 +0800
Subject: [PATCH 367/760] [KYUUBI #4807] [TEST] Retry more times to fix flaky
 test "spnego batch rest client"

### _Why are the changes needed?_

- retry more times for `spnego batch rest client` ut of `BatchRestApiSuite`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4807 from bowenliang123/fix-spnego-batch.

Closes #4807

2b10ba5b3 [liangbowen] update
f1563c784 [liangbowen] try to retry in longer time with eventually

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/server/rest/client/BatchRestApiSuite.scala       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
index cb7905286..ef53fbe3e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
@@ -162,8 +162,10 @@ class BatchRestApiSuite extends RestClientTestHelper with BatchTestHelper {
     assert(batch.getBatchType === "SPARK")
 
     // get batch log
-    val log = batchRestApi.getBatchLocalLog(batch.getId(), 0, 1)
-    assert(log.getRowCount == 1)
+    eventually(timeout(1.minutes)) {
+      val log = batchRestApi.getBatchLocalLog(batch.getId(), 0, 1)
+      assert(log.getRowCount == 1)
+    }
 
     // delete batch
     val closeResp = batchRestApi.deleteBatch(batch.getId(), proxyUser)

From 514a6a961ade407c96059e1eec8eeb19253a3d5c Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 16 May 2023 20:22:26 +0800
Subject: [PATCH 368/760] [KYUUBI #4415][FOLLOWUP] Align the operation handle
 in server/engine for ExecuteScala, ExecutePython and PlanOnlyStatement

### _Why are the changes needed?_

As title.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4832 from turboFei/scala_python_handle.

Closes #4415

a5a44dfa0 [fwang12] ut
eaf7f004f [fwang12] ut
c8d7a5c82 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/ExecutePython.scala       |  5 ++--
 .../engine/spark/operation/ExecuteScala.scala |  5 ++--
 .../spark/operation/PlanOnlyStatement.scala   |  5 ++--
 .../operation/SparkSQLOperationManager.scala  |  6 ++---
 .../KyuubiOperationPerUserSuite.scala         | 26 +++++++++++++++----
 5 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
index 0d01348a7..badd83530 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecutePython.scala
@@ -40,7 +40,7 @@ import org.apache.kyuubi.{KyuubiSQLException, Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_SPARK_PYTHON_ENV_ARCHIVE, ENGINE_SPARK_PYTHON_ENV_ARCHIVE_EXEC_PATH, ENGINE_SPARK_PYTHON_HOME_ARCHIVE}
 import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_SESSION_USER_KEY, KYUUBI_STATEMENT_ID_KEY}
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil._
-import org.apache.kyuubi.operation.{ArrayFetchIterator, OperationState}
+import org.apache.kyuubi.operation.{ArrayFetchIterator, OperationHandle, OperationState}
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
@@ -49,7 +49,8 @@ class ExecutePython(
     override val statement: String,
     override val shouldRunAsync: Boolean,
     queryTimeout: Long,
-    worker: SessionPythonWorker) extends SparkOperation(session) {
+    worker: SessionPythonWorker,
+    override protected val handle: OperationHandle) extends SparkOperation(session) {
 
   private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
   override def getOperationLog: Option[OperationLog] = Option(operationLog)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala
index 24e17d281..691c4fb32 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteScala.scala
@@ -31,7 +31,7 @@ import org.apache.spark.sql.types.StructType
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil._
 import org.apache.kyuubi.engine.spark.repl.KyuubiSparkILoop
-import org.apache.kyuubi.operation.{ArrayFetchIterator, OperationState}
+import org.apache.kyuubi.operation.{ArrayFetchIterator, OperationHandle, OperationState}
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
@@ -51,7 +51,8 @@ class ExecuteScala(
     repl: KyuubiSparkILoop,
     override val statement: String,
     override val shouldRunAsync: Boolean,
-    queryTimeout: Long)
+    queryTimeout: Long,
+    override protected val handle: OperationHandle)
   extends SparkOperation(session) {
 
   private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
index c5a7679d6..726b7b0c2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
@@ -24,7 +24,7 @@ import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf.{OPERATION_PLAN_ONLY_EXCLUDES, OPERATION_PLAN_ONLY_OUT_STYLE}
-import org.apache.kyuubi.operation.{AnalyzeMode, ArrayFetchIterator, ExecutionMode, IterableFetchIterator, JsonStyle, OptimizeMode, OptimizeWithStatsMode, ParseMode, PhysicalMode, PlainStyle, PlanOnlyMode, PlanOnlyStyle, UnknownMode, UnknownStyle}
+import org.apache.kyuubi.operation.{AnalyzeMode, ArrayFetchIterator, ExecutionMode, IterableFetchIterator, JsonStyle, OperationHandle, OptimizeMode, OptimizeWithStatsMode, ParseMode, PhysicalMode, PlainStyle, PlanOnlyMode, PlanOnlyStyle, UnknownMode, UnknownStyle}
 import org.apache.kyuubi.operation.PlanOnlyMode.{notSupportedModeError, unknownModeError}
 import org.apache.kyuubi.operation.PlanOnlyStyle.{notSupportedStyleError, unknownStyleError}
 import org.apache.kyuubi.operation.log.OperationLog
@@ -36,7 +36,8 @@ import org.apache.kyuubi.session.Session
 class PlanOnlyStatement(
     session: Session,
     override val statement: String,
-    mode: PlanOnlyMode)
+    mode: PlanOnlyMode,
+    override protected val handle: OperationHandle)
   extends SparkOperation(session) {
 
   private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
index 8fd58b338..cb444aa77 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
@@ -106,18 +106,18 @@ class SparkSQLOperationManager private (name: String) extends OperationManager(n
                     opHandle)
               }
             case mode =>
-              new PlanOnlyStatement(session, statement, mode)
+              new PlanOnlyStatement(session, statement, mode, opHandle)
           }
         case OperationLanguages.SCALA =>
           val repl = sessionToRepl.getOrElseUpdate(session.handle, KyuubiSparkILoop(spark))
-          new ExecuteScala(session, repl, statement, runAsync, queryTimeout)
+          new ExecuteScala(session, repl, statement, runAsync, queryTimeout, opHandle)
         case OperationLanguages.PYTHON =>
           try {
             ExecutePython.init()
             val worker = sessionToPythonProcess.getOrElseUpdate(
               session.handle,
               ExecutePython.createSessionPythonWorker(spark, session))
-            new ExecutePython(session, statement, runAsync, queryTimeout, worker)
+            new ExecutePython(session, statement, runAsync, queryTimeout, worker, opHandle)
           } catch {
             case e: Throwable =>
               spark.conf.set(OPERATION_LANGUAGE.key, OperationLanguages.SQL.toString)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index f86d75247..2ae2340b2 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -330,11 +330,27 @@ class KyuubiOperationPerUserSuite
         eventually(timeout(10.seconds)) {
           assert(session.handle === SessionHandle.apply(session.client.remoteSessionHandle))
         }
-        val opHandle = session.executeStatement("SELECT engine_id()", Map.empty, true, 0L)
-        eventually(timeout(10.seconds)) {
-          val operation = session.sessionManager.operationManager.getOperation(
-            opHandle).asInstanceOf[KyuubiOperation]
-          assert(opHandle == OperationHandle.apply(operation.remoteOpHandle()))
+
+        def checkOpHandleAlign(statement: String, confOverlay: Map[String, String]): Unit = {
+          val opHandle = session.executeStatement(statement, confOverlay, true, 0L)
+          eventually(timeout(10.seconds)) {
+            val operation = session.sessionManager.operationManager.getOperation(
+              opHandle).asInstanceOf[KyuubiOperation]
+            assert(opHandle == OperationHandle.apply(operation.remoteOpHandle()))
+          }
+        }
+
+        val statement = "SELECT engine_id()"
+
+        val confOverlay = Map(KyuubiConf.OPERATION_PLAN_ONLY_MODE.key -> "PARSE")
+        checkOpHandleAlign(statement, confOverlay)
+
+        Map(
+          statement -> "SQL",
+          s"""spark.sql("$statement")""" -> "SCALA",
+          s"spark.sql('$statement')" -> "PYTHON").foreach { case (statement, lang) =>
+          val confOverlay = Map(KyuubiConf.OPERATION_LANGUAGE.key -> lang)
+          checkOpHandleAlign(statement, confOverlay)
         }
       }
     }

From b8ee006ca4181406c7effdb8868597e7febbf46a Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 17 May 2023 10:42:42 +0800
Subject: [PATCH 369/760] [KYUUBI #4807][FOLLOWUP] Fix flaky test  "basic batch
 rest client"

### _Why are the changes needed?_

Using `eventually` to fix the flaky test.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4845 from turboFei/flaky_test_log.

Closes #4807

3f11bb048 [fwang12] Fix flaky test - basic batch rest client

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/server/rest/client/BatchRestApiSuite.scala       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
index ef53fbe3e..d04826a9d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchRestApiSuite.scala
@@ -68,8 +68,10 @@ class BatchRestApiSuite extends RestClientTestHelper with BatchTestHelper {
     assert(batch.getBatchType === "SPARK")
 
     // get batch log
-    val log = batchRestApi.getBatchLocalLog(batch.getId(), 0, 1)
-    assert(log.getRowCount == 1)
+    eventually(timeout(1.minutes)) {
+      val log = batchRestApi.getBatchLocalLog(batch.getId(), 0, 1)
+      assert(log.getRowCount == 1)
+    }
 
     // delete batch
     val closeResp = batchRestApi.deleteBatch(batch.getId(), null)

From dbcbeecb16d04c6ef704152a79546aba882a1a15 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 18 May 2023 08:54:39 +0800
Subject: [PATCH 370/760] [KYUUBI #4850] Change default EC spec to secp521r1
 for internal session variable signature

### _Why are the changes needed?_

- change the default EC spec from secp256k1 to secp521r1, as secp256k1 not supported on Java 17

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4850 from bowenliang123/secp384r1.

Closes #4850

73e0dad30 [liangbowen] change EC spec to secp521r1
5b9528ede [liangbowen] change EC spec to secp384r1

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/scala/org/apache/kyuubi/util/SignUtils.scala       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
index 6f7ff18df..7fb4fde2e 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
@@ -27,7 +27,7 @@ object SignUtils {
 
   private lazy val ecKeyPairGenerator = {
     val g = KeyPairGenerator.getInstance(KEYPAIR_ALGORITHM_EC)
-    g.initialize(new ECGenParameterSpec("secp256k1"), new SecureRandom())
+    g.initialize(new ECGenParameterSpec("secp521r1"), new SecureRandom())
     g
   }
 

From 86e5b7a50fb6e19f7ea172b137f79c79ce1cc00b Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 18 May 2023 18:26:58 +0800
Subject: [PATCH 371/760] [KYUUBI #4851] [BUILD] Bump Maven 3.8.8

### _Why are the changes needed?_

Bump to the latest version of Maven 3.8.x, the `archive.apache.org` is not stable these days, and only the latest patch version can benefit Apache CDN during downloading.
```
curl: (28) Failed to connect to archive.apache.org port 443 after 131061 ms: Connection timed out
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4851 from pan3793/maven.

Closes #4851

b29db583f [Cheng Pan] [BUILD] Bump Maven 3.8.8

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ca596d7ae..62866fe57 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,7 +109,7 @@
 
     <properties>
         <java.version>1.8</java.version>
-        <maven.version>3.8.7</maven.version>
+        <maven.version>3.8.8</maven.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <scala.version>2.12.17</scala.version>

From aaa006c1dc80c29ba5b2ac368645f8e7c93290e7 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Fri, 19 May 2023 11:20:49 +0800
Subject: [PATCH 372/760] [KYUUBI #4856] [INFRA] Add `restore-keys` for
 `action/cache`

### _Why are the changes needed?_

add `restore-keys` to restore the most recently maven binary

[github docs](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#matching-a-cache-key)
> restore-keys allows you to specify a list of alternate restore keys to use when there is a cache miss on key. You can create multiple restore keys ordered from the most specific to least specific. The cache action searches the restore-keys in sequential order. When a key doesn't match directly, the action searches for keys prefixed with the restore key. If there are multiple partial matches for a restore key, the action returns the most recently created cache.

logs from [github action](https://github.com/apache/kyuubi/actions/runs/5020359871/jobs/9001759790?pr=4856) (after we update the file `pom.xml` hash)

```
Prepare all required actions
Getting action download info
Run ./.github/actions/setup-maven
Run actions/cachev3
Received 0 of 8173297 (0.0%), 0.0 MBs/sec
Received 8173297 of 8173297 (100.0%), 6.5 MBs/sec
Cache Size: ~8 MB (8173297 B)
/usr/bin/tar -xf /home/runner/work/_temp/0e0ca716-97a4-4d83-af3b-9703003cdd33/cache.tzst -P -C /home/runner/work/kyuubi/kyuubi --use-compress-program unzstd
Cache restored successfully
Cache restored from key: setup-maven-e425be8ee60f158fc4f40b3c6b1a51cb2896e5c97dbbe7c61a96d91380342b89
Run build/mvn -v
Using `mvn` from path: /usr/bin/mvn
Apache Maven 3.8.8 (4c87b05d9aedce574290d1acc98575ed5eb6cd39)
Maven home: /usr/share/apache-maven-3.8.8
Java version: 1.8.0_362, vendor: Temurin, runtime: /usr/lib/jvm/temurin-8-jdk-amd64/jre
Default locale: en, platform encoding: UTF-8
OS name: "linux", version: "5.15.0-1037-azure", arch: "amd64", family: "unix"
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4856 from cfmcgrady/ga-cache.

Closes #4856

779e9030e [Fu Chen] Update .github/actions/setup-maven/action.yaml
d663b1a42 [Fu Chen] Revert "test cache restore"
3d3f16013 [Fu Chen] test cache restore
d2d18b613 [Fu Chen] add restore-keys

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/actions/setup-maven/action.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/actions/setup-maven/action.yaml b/.github/actions/setup-maven/action.yaml
index 4aabd401f..0cb4b54c2 100644
--- a/.github/actions/setup-maven/action.yaml
+++ b/.github/actions/setup-maven/action.yaml
@@ -25,6 +25,7 @@ runs:
       with:
         path: build/apache-maven-*
         key: setup-maven-${{ hashFiles('pom.xml') }}
+        restore-keys: setup-maven-
     - name: Install Maven
       shell: bash
       run: build/mvn -v

From c5de33de7498bdc62029125329685dff7d9e10dc Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 19 May 2023 11:44:40 +0800
Subject: [PATCH 373/760] [KYUUBI #4859] HttpException message should not be
 null

### _Why are the changes needed?_

```
  Cause: org.apache.http.HttpException: Cannot invoke "String.toCharArray()" because "message" is null
  at org.apache.kyuubi.jdbc.hive.auth.HttpRequestInterceptorBase.process(HttpRequestInterceptorBase.java:113)
  at org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:133)
  at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
  at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
  at org.apache.http.impl.execchain.ServiceUnavailableRetryExec.execute(ServiceUnavailableRetryExec.java:85)
  at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
  at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:118)
  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
  at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:251)
  ...
  Cause: java.lang.NullPointerException: Cannot invoke "String.toCharArray()" because "message" is null
  at org.apache.http.HttpException.clean(HttpException.java:48)
  at org.apache.http.HttpException.<init>(HttpException.java:105)
  at org.apache.kyuubi.jdbc.hive.auth.HttpKerberosRequestInterceptor.addHttpAuthHeader(HttpKerberosRequestInterceptor.java:68)
  at org.apache.kyuubi.jdbc.hive.auth.HttpRequestInterceptorBase.process(HttpRequestInterceptorBase.java:82)
  at org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:133)
  at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
  at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
  at org.apache.http.impl.execchain.ServiceUnavailableRetryExec.execute(ServiceUnavailableRetryExec.java:85)
  at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
  at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
  ...
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4859 from pan3793/http-exception.

Closes #4859

94c83a362 [Cheng Pan] HttpException message should not be null

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/jdbc/hive/auth/HttpKerberosRequestInterceptor.java   | 2 +-
 .../kyuubi/jdbc/hive/auth/HttpRequestInterceptorBase.java       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpKerberosRequestInterceptor.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpKerberosRequestInterceptor.java
index 278cef0b4..02d168c3f 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpKerberosRequestInterceptor.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpKerberosRequestInterceptor.java
@@ -65,7 +65,7 @@ protected void addHttpAuthHeader(HttpRequest httpRequest, HttpContext httpContex
       httpRequest.addHeader(
           HttpAuthUtils.AUTHORIZATION, HttpAuthUtils.NEGOTIATE + " " + kerberosAuthHeader);
     } catch (Exception e) {
-      throw new HttpException(e.getMessage(), e);
+      throw new HttpException(e.getMessage() == null ? "" : e.getMessage(), e);
     } finally {
       kerberosLock.unlock();
     }
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpRequestInterceptorBase.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpRequestInterceptorBase.java
index 9ce5a330b..42641c219 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpRequestInterceptorBase.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/HttpRequestInterceptorBase.java
@@ -110,7 +110,7 @@ public void process(HttpRequest httpRequest, HttpContext httpContext)
         httpRequest.addHeader("Cookie", cookieHeaderKeyValues.toString());
       }
     } catch (Exception e) {
-      throw new HttpException(e.getMessage(), e);
+      throw new HttpException(e.getMessage() == null ? "" : e.getMessage(), e);
     }
   }
 

From cd47b131276d8a20fbd4a371bba9fcc42eca781d Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 19 May 2023 12:03:05 +0800
Subject: [PATCH 374/760] [KYUUBI #4855] Change socket "connection refused"
 message match pattern

### _Why are the changes needed?_

The error message changed in JDK 17, we should change the match pattern accordingly.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4855 from pan3793/conn-refuse.

Closes #4855

78178b140 [Cheng Pan] Change socket "connection refused" message match pattern

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 8d5132ba4..f72fcadd0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -159,7 +159,7 @@ class KyuubiSessionImpl(
           } catch {
             case e: org.apache.thrift.transport.TTransportException
                 if attempt < maxAttempts && e.getCause.isInstanceOf[java.net.ConnectException] &&
-                  e.getCause.getMessage.contains("Connection refused (Connection refused)") =>
+                  e.getCause.getMessage.contains("Connection refused") =>
               warn(
                 s"Failed to open [${engine.defaultEngineName} $host:$port] after" +
                   s" $attempt/$maxAttempts times, retrying",

From 52464c25da220bb431a25123d1f6e6a5a15d14c8 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Sat, 20 May 2023 10:38:13 +0800
Subject: [PATCH 375/760] [KYUUBI #4861] Support Flink session idleness

### _Why are the changes needed?_

Support Flink session idleness.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4862 from link3280/KYUUBI-4861.

Closes #4861

463d1bf9f [Paul Lin] [KYUUBI #4861] Fix class cast exception
882203157 [Paul Lin] [KYUUBI #4861] Improve code style
451403882 [Paul Lin] [KYUUBI #4861] Support Flink session idleness

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/flink/session/FlinkSQLSessionManager.scala       | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
index 71caaa67a..c7aa7c3c5 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
@@ -70,6 +70,12 @@ class FlinkSQLSessionManager(engineContext: DefaultContext)
     }
   }
 
+  override def getSessionOption(sessionHandle: SessionHandle): Option[Session] = {
+    val session = super.getSessionOption(sessionHandle)
+    session.foreach(s => s.asInstanceOf[FlinkSessionImpl].fSession.touch())
+    session
+  }
+
   override def closeSession(sessionHandle: SessionHandle): Unit = {
     super.closeSession(sessionHandle)
     sessionManager.closeSession(

From 208ab3af6215881c550067fa738e77a7b6162806 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 21 May 2023 20:49:00 +0800
Subject: [PATCH 376/760] [KYUUBI #4852] Switch to Kyuubi Shaded Zookeeper

### _Why are the changes needed?_

This PR aims to migrate the vanilla Zookeeper and Curator to the Kyuubi Shaded Zookeeper. It's the first step to adapting JDK 17.

There is a known issue [ZOOKEEPER-3779](https://issues.apache.org/jira/browse/ZOOKEEPER-3779) that Zookeeper 3.4 client can not run on JDK 14 and above, in https://github.com/apache/kyuubi-shaded/pull/5, we fixed this issue by a surgical.

With the above fixing, zk-3.4 and zk-3.6 clients both work well on JDK 17, we just randomly pick some cases to make sure zk-3.6 is tested

zk-3.4 client supports zk-3.4+ server, but zk-3.6 client only supports zk-3.5+ server; in the meanwhile, zk-3.4 is adopted widely, (CDH 5/6, HDP, EMR created before 2023).

We are sticky to zk-3.4 to ensure that Kyuubi can be out-of-box in the most existing Hadoop cluster but also provide zk-3.6 as an alternative(simply replace the kyuubi-shaded-zk-3.4 jar w/ kyuubi-shaded-zk-3.6, or build w/ -Pzookeeper-3.6) for users who concerns that zk-3.4 is EOL.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4852 from pan3793/shaded-zk.

Closes #4852

d960cc945 [Cheng Pan] remove staging repo
1b3622080 [Cheng Pan] Switch to Kyuubi Shaded Zookeeper

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  |  6 +-
 LICENSE-binary                                |  4 -
 NOTICE-binary                                 |  9 ---
 bin/kyuubi-zk-cli                             |  2 +-
 dev/dependencyList                            |  4 -
 externals/kyuubi-flink-sql-engine/pom.xml     | 28 +------
 externals/kyuubi-hive-sql-engine/pom.xml      | 16 +---
 externals/kyuubi-spark-sql-engine/pom.xml     | 29 +------
 kyuubi-assembly/pom.xml                       | 20 ++---
 kyuubi-ctl/pom.xml                            | 20 ++---
 kyuubi-ha/pom.xml                             | 14 +---
 .../kyuubi/ha/client/DiscoveryPaths.scala     |  2 +-
 .../zookeeper/ZookeeperACLProvider.scala      |  7 +-
 .../zookeeper/ZookeeperClientProvider.scala   |  4 +-
 .../zookeeper/ZookeeperDiscoveryClient.scala  | 34 ++++-----
 .../ZookeeperDiscoveryClientSuite.scala       |  8 +-
 kyuubi-hive-jdbc-shaded/pom.xml               | 12 ---
 kyuubi-hive-jdbc/pom.xml                      | 14 +---
 .../jdbc/hive/ZooKeeperHiveClientHelper.java  |  6 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  2 +-
 kyuubi-zookeeper/pom.xml                      | 22 +-----
 .../kyuubi/zookeeper/EmbeddedZookeeper.scala  |  3 +-
 .../zookeeper/EmbeddedZookeeperSuite.scala    |  7 +-
 pom.xml                                       | 76 ++++---------------
 scalastyle-config.xml                         |  8 ++
 25 files changed, 80 insertions(+), 277 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index aeb0a14bb..7edc4f662 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -57,17 +57,17 @@ jobs:
         include:
           - java: 8
             spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.1.3 -Dspark.archive.name=spark-3.1.3-bin-hadoop3.2.tgz'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.1.3 -Dspark.archive.name=spark-3.1.3-bin-hadoop3.2.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.2-binary'
           - java: 8
             spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.4.0 -Dspark.archive.name=spark-3.4.0-bin-hadoop3.tgz'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.4.0 -Dspark.archive.name=spark-3.4.0-bin-hadoop3.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.4-binary'
     env:
diff --git a/LICENSE-binary b/LICENSE-binary
index 542259658..7322dec51 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -212,9 +212,6 @@ com.google.android:annotations
 commons-lang:commons-lang
 commons-logging:commons-logging
 org.apache.commons:commons-lang3
-org.apache.curator:curator-client
-org.apache.curator:curator-framework
-org.apache.curator:curator-recipes
 org.apache.derby:derby
 com.google.errorprone:error_prone_annotations
 net.jodah:failsafe
@@ -318,7 +315,6 @@ io.swagger.core.v3:swagger-jaxrs2
 io.swagger.core.v3:swagger-models
 io.vertx:vertx-core
 io.vertx:vertx-grpc
-org.apache.zookeeper:zookeeper
 com.squareup.retrofit2:retrofit
 com.squareup.okhttp3:okhttp
 org.apache.kafka:kafka-clients
diff --git a/NOTICE-binary b/NOTICE-binary
index 16281d0d8..40ec15010 100644
--- a/NOTICE-binary
+++ b/NOTICE-binary
@@ -92,15 +92,6 @@ Copyright 2001-2020 The Apache Software Foundation
 Apache Commons Logging
 Copyright 2003-2013 The Apache Software Foundation
 
-Curator Client
-Copyright 2011-2017 The Apache Software Foundation
-
-Curator Framework
-Copyright 2011-2017 The Apache Software Foundation
-
-Curator Recipes
-Copyright 2011-2017 The Apache Software Foundation
-
 =========================================================================
 ==  NOTICE file corresponding to section 4(d) of the Apache License,
 ==  Version 2.0, in this case for the Apache Derby distribution.
diff --git a/bin/kyuubi-zk-cli b/bin/kyuubi-zk-cli
index 089b7ad18..f503c3e5a 100755
--- a/bin/kyuubi-zk-cli
+++ b/bin/kyuubi-zk-cli
@@ -17,7 +17,7 @@
 #
 
 ## Zookeeper Shell Client Entrance
-CLASS="org.apache.zookeeper.ZooKeeperMain"
+CLASS="org.apache.kyuubi.shaded.zookeeper.ZooKeeperMain"
 
 export KYUUBI_HOME="$(cd "$(dirname "$0")"/..; pwd)"
 
diff --git a/dev/dependencyList b/dev/dependencyList
index 6e5673f9d..ab80bcfab 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -32,9 +32,6 @@ commons-collections/3.2.2//commons-collections-3.2.2.jar
 commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/3.12.0//commons-lang3-3.12.0.jar
 commons-logging/1.1.3//commons-logging-1.1.3.jar
-curator-client/2.12.0//curator-client-2.12.0.jar
-curator-framework/2.12.0//curator-framework-2.12.0.jar
-curator-recipes/2.12.0//curator-recipes-2.12.0.jar
 derby/10.14.2.0//derby-10.14.2.0.jar
 error_prone_annotations/2.14.0//error_prone_annotations-2.14.0.jar
 failsafe/2.4.4//failsafe-2.4.4.jar
@@ -195,5 +192,4 @@ units/1.6//units-1.6.jar
 vertx-core/4.3.2//vertx-core-4.3.2.jar
 vertx-grpc/4.3.2//vertx-grpc-4.3.2.jar
 zjsonpatch/0.3.0//zjsonpatch-0.3.0.jar
-zookeeper/3.4.14//zookeeper-3.4.14.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index c73310a64..8c62521b7 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -186,20 +186,15 @@
                     <shadedArtifactAttached>false</shadedArtifactAttached>
                     <artifactSet>
                         <includes>
-                            <include>org.apache.kyuubi:kyuubi-common_${scala.binary.version}</include>
-                            <include>org.apache.kyuubi:kyuubi-ha_${scala.binary.version}</include>
                             <include>com.fasterxml.jackson.core:*</include>
                             <include>com.fasterxml.jackson.module:*</include>
                             <include>com.google.guava:failureaccess</include>
                             <include>com.google.guava:guava</include>
                             <include>commons-codec:commons-codec</include>
                             <include>org.apache.commons:commons-lang3</include>
-                            <include>org.apache.curator:curator-client</include>
-                            <include>org.apache.curator:curator-framework</include>
-                            <include>org.apache.curator:curator-recipes</include>
                             <include>org.apache.hive:hive-service-rpc</include>
                             <include>org.apache.thrift:*</include>
-                            <include>org.apache.zookeeper:*</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                     <filters>
@@ -228,13 +223,6 @@
                                 <include>com.fasterxml.jackson.**</include>
                             </includes>
                         </relocation>
-                        <relocation>
-                            <pattern>org.apache.curator</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.curator</shadedPattern>
-                            <includes>
-                                <include>org.apache.curator.**</include>
-                            </includes>
-                        </relocation>
                         <relocation>
                             <pattern>com.google.common</pattern>
                             <shadedPattern>${kyuubi.shade.packageName}.com.google.common</shadedPattern>
@@ -278,20 +266,6 @@
                                 <include>org.apache.thrift.**</include>
                             </includes>
                         </relocation>
-                        <relocation>
-                            <pattern>org.apache.jute</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.jute</shadedPattern>
-                            <includes>
-                                <include>org.apache.jute.**</include>
-                            </includes>
-                        </relocation>
-                        <relocation>
-                            <pattern>org.apache.zookeeper</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.zookeeper</shadedPattern>
-                            <includes>
-                                <include>org.apache.zookeeper.**</include>
-                            </includes>
-                        </relocation>
                     </relocations>
                     <transformers>
                         <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"></transformer>
diff --git a/externals/kyuubi-hive-sql-engine/pom.xml b/externals/kyuubi-hive-sql-engine/pom.xml
index 0319d3dd2..6af94abe5 100644
--- a/externals/kyuubi-hive-sql-engine/pom.xml
+++ b/externals/kyuubi-hive-sql-engine/pom.xml
@@ -179,12 +179,7 @@
                             <include>com.fasterxml.jackson.core:jackson-core</include>
                             <include>com.fasterxml.jackson.core:jackson-databind</include>
                             <include>com.fasterxml.jackson.module:jackson-module-scala_${scala.binary.version}</include>
-                            <include>org.apache.kyuubi:kyuubi-common_${scala.binary.version}</include>
-                            <include>org.apache.kyuubi:kyuubi-events_${scala.binary.version}</include>
-                            <include>org.apache.kyuubi:kyuubi-ha_${scala.binary.version}</include>
-                            <include>org.apache.curator:curator-client</include>
-                            <include>org.apache.curator:curator-framework</include>
-                            <include>org.apache.curator:curator-recipes</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                     <filters>
@@ -205,15 +200,6 @@
                             </excludes>
                         </filter>
                     </filters>
-                    <relocations>
-                        <relocation>
-                            <pattern>org.apache.curator</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.curator</shadedPattern>
-                            <includes>
-                                <include>org.apache.curator.**</include>
-                            </includes>
-                        </relocation>
-                    </relocations>
                 </configuration>
                 <executions>
                     <execution>
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 62fe39c00..67674e8c9 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -194,15 +194,9 @@
                             <include>io.perfmark:perfmark-api</include>
                             <include>io.vertx:*</include>
                             <include>net.jodah:failsafe</include>
-                            <include>org.apache.curator:curator-client</include>
-                            <include>org.apache.curator:curator-framework</include>
-                            <include>org.apache.curator:curator-recipes</include>
                             <include>org.apache.hive:hive-service-rpc</include>
-                            <include>org.apache.kyuubi:kyuubi-common_${scala.binary.version}</include>
-                            <include>org.apache.kyuubi:kyuubi-events_${scala.binary.version}</include>
-                            <include>org.apache.kyuubi:kyuubi-ha_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                             <include>org.apache.thrift:*</include>
-                            <include>org.apache.zookeeper:zookeeper</include>
                             <include>org.checkerframework:checker-qual</include>
                             <include>org.codehaus.mojo:animal-sniffer-annotations</include>
                         </includes>
@@ -227,27 +221,6 @@
                         </filter>
                     </filters>
                     <relocations>
-                        <relocation>
-                            <pattern>org.apache.curator</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.curator</shadedPattern>
-                            <includes>
-                                <include>org.apache.curator.**</include>
-                            </includes>
-                        </relocation>
-                        <relocation>
-                            <pattern>org.apache.zookeeper</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.zookeeper</shadedPattern>
-                            <includes>
-                                <include>org.apache.zookeeper.**</include>
-                            </includes>
-                        </relocation>
-                        <relocation>
-                            <pattern>org.apache.jute</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.jute</shadedPattern>
-                            <includes>
-                                <include>org.apache.jute.**</include>
-                            </includes>
-                        </relocation>
                         <relocation>
                             <pattern>org.apache.hive.service.rpc.thrift</pattern>
                             <shadedPattern>${kyuubi.shade.packageName}.org.apache.hive.service.rpc.thrift</shadedPattern>
diff --git a/kyuubi-assembly/pom.xml b/kyuubi-assembly/pom.xml
index 0524470a2..1087201b1 100644
--- a/kyuubi-assembly/pom.xml
+++ b/kyuubi-assembly/pom.xml
@@ -69,28 +69,18 @@
         </dependency>
 
         <dependency>
-            <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-client-api</artifactId>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>${kyuubi-shaded-zookeeper.artifacts}</artifactId>
         </dependency>
 
         <dependency>
             <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-client-runtime</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-framework</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-client</artifactId>
+            <artifactId>hadoop-client-api</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-recipes</artifactId>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-runtime</artifactId>
         </dependency>
 
         <dependency>
diff --git a/kyuubi-ctl/pom.xml b/kyuubi-ctl/pom.xml
index eb4060ffd..da1a5777a 100644
--- a/kyuubi-ctl/pom.xml
+++ b/kyuubi-ctl/pom.xml
@@ -48,6 +48,11 @@
             <version>${project.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>${kyuubi-shaded-zookeeper.artifacts}</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-client-api</artifactId>
@@ -60,16 +65,6 @@
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-framework</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-recipes</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>com.github.scopt</groupId>
             <artifactId>scopt_${scala.binary.version}</artifactId>
@@ -86,11 +81,6 @@
             <version>${snakeyaml.version}</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.zookeeper</groupId>
-            <artifactId>zookeeper</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
             <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
diff --git a/kyuubi-ha/pom.xml b/kyuubi-ha/pom.xml
index b4605b6a1..cf605b37f 100644
--- a/kyuubi-ha/pom.xml
+++ b/kyuubi-ha/pom.xml
@@ -38,18 +38,8 @@
         </dependency>
 
         <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-framework</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-recipes</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.zookeeper</groupId>
-            <artifactId>zookeeper</artifactId>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>${kyuubi-shaded-zookeeper.artifacts}</artifactId>
         </dependency>
 
         <dependency>
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/DiscoveryPaths.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/DiscoveryPaths.scala
index 987a88dda..fe7ebe2ab 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/DiscoveryPaths.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/DiscoveryPaths.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.ha.client
 
-import org.apache.curator.utils.ZKPaths
+import org.apache.kyuubi.shaded.curator.utils.ZKPaths
 
 object DiscoveryPaths {
   def makePath(parent: String, firstChild: String, restChildren: String*): String = {
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperACLProvider.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperACLProvider.scala
index 467c323b7..87ea65c17 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperACLProvider.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperACLProvider.scala
@@ -17,13 +17,12 @@
 
 package org.apache.kyuubi.ha.client.zookeeper
 
-import org.apache.curator.framework.api.ACLProvider
-import org.apache.zookeeper.ZooDefs
-import org.apache.zookeeper.data.ACL
-
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
+import org.apache.kyuubi.shaded.curator.framework.api.ACLProvider
+import org.apache.kyuubi.shaded.zookeeper.ZooDefs
+import org.apache.kyuubi.shaded.zookeeper.data.ACL
 
 class ZookeeperACLProvider(conf: KyuubiConf) extends ACLProvider {
 
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
index 806aff95f..d9161f3cd 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
@@ -24,8 +24,6 @@ import javax.security.auth.login.Configuration
 import scala.util.Random
 
 import com.google.common.annotations.VisibleForTesting
-import org.apache.curator.framework.{CuratorFramework, CuratorFrameworkFactory}
-import org.apache.curator.retry._
 import org.apache.hadoop.security.UserGroupInformation
 
 import org.apache.kyuubi.Logging
@@ -34,6 +32,8 @@ import org.apache.kyuubi.ha.HighAvailabilityConf._
 import org.apache.kyuubi.ha.client.{AuthTypes, RetryPolicies}
 import org.apache.kyuubi.ha.client.RetryPolicies._
 import org.apache.kyuubi.reflection.DynConstructors
+import org.apache.kyuubi.shaded.curator.framework.{CuratorFramework, CuratorFrameworkFactory}
+import org.apache.kyuubi.shaded.curator.retry._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
 
 object ZookeeperClientProvider extends Logging {
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
index daa27047e..33aa5149d 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
@@ -25,23 +25,6 @@ import java.util.concurrent.atomic.AtomicBoolean
 import scala.collection.JavaConverters._
 
 import com.google.common.annotations.VisibleForTesting
-import org.apache.curator.framework.CuratorFramework
-import org.apache.curator.framework.recipes.atomic.{AtomicValue, DistributedAtomicInteger}
-import org.apache.curator.framework.recipes.locks.InterProcessSemaphoreMutex
-import org.apache.curator.framework.recipes.nodes.PersistentNode
-import org.apache.curator.framework.state.ConnectionState
-import org.apache.curator.framework.state.ConnectionState.CONNECTED
-import org.apache.curator.framework.state.ConnectionState.LOST
-import org.apache.curator.framework.state.ConnectionState.RECONNECTED
-import org.apache.curator.framework.state.ConnectionStateListener
-import org.apache.curator.retry.RetryForever
-import org.apache.curator.utils.ZKPaths
-import org.apache.zookeeper.CreateMode
-import org.apache.zookeeper.CreateMode.PERSISTENT
-import org.apache.zookeeper.KeeperException
-import org.apache.zookeeper.KeeperException.NodeExistsException
-import org.apache.zookeeper.WatchedEvent
-import org.apache.zookeeper.Watcher
 
 import org.apache.kyuubi.KYUUBI_VERSION
 import org.apache.kyuubi.KyuubiException
@@ -58,6 +41,23 @@ import org.apache.kyuubi.ha.client.ServiceNodeInfo
 import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider.buildZookeeperClient
 import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider.getGracefulStopThreadDelay
 import org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient.connectionChecker
+import org.apache.kyuubi.shaded.curator.framework.CuratorFramework
+import org.apache.kyuubi.shaded.curator.framework.recipes.atomic.{AtomicValue, DistributedAtomicInteger}
+import org.apache.kyuubi.shaded.curator.framework.recipes.locks.InterProcessSemaphoreMutex
+import org.apache.kyuubi.shaded.curator.framework.recipes.nodes.PersistentNode
+import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState
+import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.CONNECTED
+import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.LOST
+import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.RECONNECTED
+import org.apache.kyuubi.shaded.curator.framework.state.ConnectionStateListener
+import org.apache.kyuubi.shaded.curator.retry.RetryForever
+import org.apache.kyuubi.shaded.curator.utils.ZKPaths
+import org.apache.kyuubi.shaded.zookeeper.CreateMode
+import org.apache.kyuubi.shaded.zookeeper.CreateMode.PERSISTENT
+import org.apache.kyuubi.shaded.zookeeper.KeeperException
+import org.apache.kyuubi.shaded.zookeeper.KeeperException.NodeExistsException
+import org.apache.kyuubi.shaded.zookeeper.WatchedEvent
+import org.apache.kyuubi.shaded.zookeeper.Watcher
 import org.apache.kyuubi.util.ThreadUtils
 
 class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
index e3f5546a9..de849f83e 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
@@ -25,11 +25,7 @@ import javax.security.auth.login.Configuration
 
 import scala.collection.JavaConverters._
 
-import org.apache.curator.framework.CuratorFrameworkFactory
-import org.apache.curator.retry.ExponentialBackoffRetry
 import org.apache.hadoop.util.StringUtils
-import org.apache.zookeeper.ZooDefs
-import org.apache.zookeeper.data.ACL
 import org.scalatest.time.SpanSugar._
 
 import org.apache.kyuubi.{KerberizedTestHelper, KYUUBI_VERSION}
@@ -39,6 +35,10 @@ import org.apache.kyuubi.ha.client._
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider._
 import org.apache.kyuubi.service._
+import org.apache.kyuubi.shaded.curator.framework.CuratorFrameworkFactory
+import org.apache.kyuubi.shaded.curator.retry.ExponentialBackoffRetry
+import org.apache.kyuubi.shaded.zookeeper.ZooDefs
+import org.apache.kyuubi.shaded.zookeeper.data.ACL
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 import org.apache.kyuubi.zookeeper.ZookeeperConf.ZK_CLIENT_PORT
 
diff --git a/kyuubi-hive-jdbc-shaded/pom.xml b/kyuubi-hive-jdbc-shaded/pom.xml
index 1a6f258b0..e0e390b75 100644
--- a/kyuubi-hive-jdbc-shaded/pom.xml
+++ b/kyuubi-hive-jdbc-shaded/pom.xml
@@ -108,10 +108,6 @@
                             <pattern>org.apache.commons</pattern>
                             <shadedPattern>${kyuubi.shade.packageName}.org.apache.commons</shadedPattern>
                         </relocation>
-                        <relocation>
-                            <pattern>org.apache.curator</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.curator</shadedPattern>
-                        </relocation>
                         <relocation>
                             <pattern>org.apache.hive</pattern>
                             <shadedPattern>${kyuubi.shade.packageName}.org.apache.hive</shadedPattern>
@@ -120,18 +116,10 @@
                             <pattern>org.apache.http</pattern>
                             <shadedPattern>${kyuubi.shade.packageName}.org.apache.http</shadedPattern>
                         </relocation>
-                        <relocation>
-                            <pattern>org.apache.jute</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.jute</shadedPattern>
-                        </relocation>
                         <relocation>
                             <pattern>org.apache.thrift</pattern>
                             <shadedPattern>${kyuubi.shade.packageName}.org.apache.thrift</shadedPattern>
                         </relocation>
-                        <relocation>
-                            <pattern>org.apache.zookeeper</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.zookeeper</shadedPattern>
-                        </relocation>
                     </relocations>
                 </configuration>
                 <executions>
diff --git a/kyuubi-hive-jdbc/pom.xml b/kyuubi-hive-jdbc/pom.xml
index 36ea7acc2..d6889e365 100644
--- a/kyuubi-hive-jdbc/pom.xml
+++ b/kyuubi-hive-jdbc/pom.xml
@@ -102,24 +102,14 @@
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-framework</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-client</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.zookeeper</groupId>
-            <artifactId>zookeeper</artifactId>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>${kyuubi-shaded-zookeeper.artifacts}</artifactId>
         </dependency>
 
         <dependency>
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
index 41fadfa2f..bfa5e632e 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
@@ -25,9 +25,9 @@
 import java.util.Random;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import org.apache.curator.framework.CuratorFramework;
-import org.apache.curator.framework.CuratorFrameworkFactory;
-import org.apache.curator.retry.ExponentialBackoffRetry;
+import org.apache.kyuubi.shaded.curator.framework.CuratorFramework;
+import org.apache.kyuubi.shaded.curator.framework.CuratorFrameworkFactory;
+import org.apache.kyuubi.shaded.curator.retry.ExponentialBackoffRetry;
 
 class ZooKeeperHiveClientHelper {
   // Pattern for key1=value1;key2=value2
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index cf8478021..fc271b058 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -28,7 +28,6 @@ import io.swagger.v3.oas.annotations.media.{ArraySchema, Content, Schema}
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
 import org.apache.commons.lang3.StringUtils
-import org.apache.zookeeper.KeeperException.NoNodeException
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
 import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, ServerData, SessionData}
@@ -41,6 +40,7 @@ import org.apache.kyuubi.operation.{KyuubiOperation, OperationHandle}
 import org.apache.kyuubi.server.KyuubiServer
 import org.apache.kyuubi.server.api.{ApiRequestContext, ApiUtils}
 import org.apache.kyuubi.session.{KyuubiSession, SessionHandle}
+import org.apache.kyuubi.shaded.zookeeper.KeeperException.NoNodeException
 
 @Tag(name = "Admin")
 @Produces(Array(MediaType.APPLICATION_JSON))
diff --git a/kyuubi-zookeeper/pom.xml b/kyuubi-zookeeper/pom.xml
index cd3e017cd..e10ac2d9d 100644
--- a/kyuubi-zookeeper/pom.xml
+++ b/kyuubi-zookeeper/pom.xml
@@ -37,8 +37,8 @@
         </dependency>
 
         <dependency>
-            <groupId>org.apache.zookeeper</groupId>
-            <artifactId>zookeeper</artifactId>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>${kyuubi-shaded-zookeeper.artifacts}</artifactId>
         </dependency>
 
         <dependency>
@@ -48,24 +48,6 @@
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-framework</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.curator</groupId>
-            <artifactId>curator-client</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
index 0e980132a..04457f3ce 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
@@ -20,11 +20,10 @@ package org.apache.kyuubi.zookeeper
 import java.io.File
 import java.net.InetSocketAddress
 
-import org.apache.zookeeper.server.{NIOServerCnxnFactory, ZooKeeperServer}
-
 import org.apache.kyuubi.Utils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.service.{AbstractService, ServiceState}
+import org.apache.kyuubi.shaded.zookeeper.server.{NIOServerCnxnFactory, ZooKeeperServer}
 import org.apache.kyuubi.zookeeper.ZookeeperConf._
 
 class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
diff --git a/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala b/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala
index 518aa48b9..69e798ac5 100644
--- a/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala
+++ b/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala
@@ -17,12 +17,11 @@
 
 package org.apache.kyuubi.zookeeper
 
-import org.apache.curator.framework.CuratorFrameworkFactory
-import org.apache.curator.framework.imps.CuratorFrameworkState
-import org.apache.curator.retry.ExponentialBackoffRetry
-
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.shaded.curator.framework.CuratorFrameworkFactory
+import org.apache.kyuubi.shaded.curator.framework.imps.CuratorFrameworkState
+import org.apache.kyuubi.shaded.curator.retry.ExponentialBackoffRetry
 import org.apache.kyuubi.zookeeper.ZookeeperConf.{ZK_CLIENT_PORT, ZK_CLIENT_PORT_ADDRESS}
 
 class EmbeddedZookeeperSuite extends KyuubiFunSuite {
diff --git a/pom.xml b/pom.xml
index 62866fe57..7996fa7a9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,6 @@
         <commons-io.version>2.11.0</commons-io.version>
         <commons-lang.version>2.6</commons-lang.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
-        <curator.version>2.12.0</curator.version>
         <etcd.version>0.7.3</etcd.version>
         <delta.version>2.3.0</delta.version>
         <failsafe.verion>2.4.4</failsafe.verion>
@@ -168,6 +167,8 @@
         <kafka.version>3.4.0</kafka.version>
         <kubernetes-client.version>6.4.1</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
+        <kyuubi-shaded-zookeeper.artifacts>kyuubi-shaded-zookeeper-34</kyuubi-shaded-zookeeper.artifacts>
+        <kyuubi-shaded-zookeeper.version>0.1.0</kyuubi-shaded-zookeeper.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
@@ -203,7 +204,6 @@
         <trino.client.version>363</trino.client.version>
         <trino.tpcds.version>1.4</trino.tpcds.version>
         <trino.tpch.version>1.1</trino.tpch.version>
-        <zookeeper.version>3.4.14</zookeeper.version>
 
         <!-- webui -->
         <webui.skip>true</webui.skip>
@@ -260,6 +260,11 @@
 
     <dependencyManagement>
         <dependencies>
+            <dependency>
+                <groupId>org.apache.kyuubi</groupId>
+                <artifactId>${kyuubi-shaded-zookeeper.artifacts}</artifactId>
+                <version>${kyuubi-shaded-zookeeper.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.antlr</groupId>
                 <artifactId>antlr4-runtime</artifactId>
@@ -609,54 +614,6 @@
                 </exclusions>
             </dependency>
 
-            <!--
-             Do not add hive dependencies here if they are dependencies of
-             org.apache.spark:spark-hive_${scala.binary.version}.
-             We should leave these dependencies' versions as they are defined in
-             spark-parent_${scala.binary.version}-${spark.version}.pom.
-             Otherwise, kyuubi-spark-sql-engine tests may encounter hive version compatibility issue.
-            -->
-
-            <dependency>
-                <groupId>org.apache.curator</groupId>
-                <artifactId>curator-framework</artifactId>
-                <version>${curator.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.apache.zookeeper</groupId>
-                        <artifactId>zookeeper</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.curator</groupId>
-                <artifactId>curator-recipes</artifactId>
-                <version>${curator.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.apache.zookeeper</groupId>
-                        <artifactId>zookeeper</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.curator</groupId>
-                <artifactId>curator-client</artifactId>
-                <version>${curator.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>com.google.guava</groupId>
-                        <artifactId>guava</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>org.apache.zookeeper</groupId>
-                        <artifactId>zookeeper</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
             <dependency>
                 <groupId>org.slf4j</groupId>
                 <artifactId>slf4j-api</artifactId>
@@ -1116,18 +1073,6 @@
                 </exclusions>
             </dependency>
 
-            <dependency>
-                <groupId>org.apache.zookeeper</groupId>
-                <artifactId>zookeeper</artifactId>
-                <version>${zookeeper.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>*</groupId>
-                        <artifactId>*</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
             <dependency>
                 <groupId>io.etcd</groupId>
                 <artifactId>jetcd-core</artifactId>
@@ -2232,6 +2177,13 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>zookeeper-3.6</id>
+            <properties>
+                <kyuubi-shaded-zookeeper.artifacts>kyuubi-shaded-zookeeper-36</kyuubi-shaded-zookeeper.artifacts>
+            </properties>
+        </profile>
+
         <profile>
             <id>spark-provided</id>
             <properties>
diff --git a/scalastyle-config.xml b/scalastyle-config.xml
index f7d0d2449..5eaa9cef5 100644
--- a/scalastyle-config.xml
+++ b/scalastyle-config.xml
@@ -195,6 +195,14 @@ This file is divided into 3 sections:
     of Commons Lang 2 (package org.apache.commons.lang.*)</customMessage>
   </check>
 
+  <check customId="kyuubishaded" level="error" class="org.scalastyle.scalariform.TokenChecker" enabled="true">
+    <parameters>
+      <parameter name="regex">org\.apache\.curator\.</parameter>
+      <parameter name="regex">org\.apache\.zookeeper\.</parameter>
+    </parameters>
+    <customMessage>Use Kyuubi shaded classes (package org.apache.kyuubi.shaded.*) instead classes</customMessage>
+  </check>
+
   <check customId="extractopt" level="error" class="org.scalastyle.scalariform.TokenChecker" enabled="true">
     <parameters><parameter name="regex">extractOpt</parameter></parameters>
     <customMessage>Use Utils.jsonOption(x).map(.extract[T]) instead of .extractOpt[T], as the latter

From 571bfa3ce78c2f8a197c74017347103f4fad1de2 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 21 May 2023 22:24:02 +0800
Subject: [PATCH 377/760] [KYUUBI #4858] Relax test message assertion in "sync
 query causes engine crash"

### _Why are the changes needed?_

The exception for such network issue changes in JDK 17, but the error message looks reasonable, here we simply relax the test message assertion to make UT happy.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4858 from pan3793/socket-msg.

Closes #4858

c53b5fed4 [Cheng Pan] Relax test message assertion in "sync query causes engine crash"

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/operation/KyuubiOperationPerConnectionSuite.scala | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index 979594c23..f5fdb5b51 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -77,8 +77,9 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
       val executeStmtResp = client.ExecuteStatement(executeStmtReq)
       assert(executeStmtResp.getStatus.getStatusCode === TStatusCode.ERROR_STATUS)
       assert(executeStmtResp.getOperationHandle === null)
-      assert(executeStmtResp.getStatus.getErrorMessage contains
-        "Caused by: java.net.SocketException: Connection reset")
+      val errMsg = executeStmtResp.getStatus.getErrorMessage
+      assert(errMsg.contains("Caused by: java.net.SocketException: Connection reset") ||
+        errMsg.contains(s"Socket for ${SessionHandle(handle)} is closed"))
     }
   }
 

From 974fa73cac37d4d1bf3b905f62f4276f6f620cc8 Mon Sep 17 00:00:00 2001
From: mans2singh <mans2singh@yahoo.com>
Date: Sun, 21 May 2023 22:26:17 +0800
Subject: [PATCH 378/760] [KYUUBI #4864] [DOCS] Fix grammar in HA section

### _Why are the changes needed?_
The upgrade section states <code>Kyuubi server supports **stop** gracefully</code>.  Update to <code>Kyuubi server supports **stopping** gracefully</code>

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4864 from mans2singh/ISSUE-4863.

Closes #4864

5e853f84e [mans2singh] Updated key features section

Authored-by: mans2singh <mans2singh@yahoo.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/high_availability_guide.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/deployment/high_availability_guide.md b/docs/deployment/high_availability_guide.md
index 353e549eb..51c878157 100644
--- a/docs/deployment/high_availability_guide.md
+++ b/docs/deployment/high_availability_guide.md
@@ -39,7 +39,7 @@ Using multiple Kyuubi service units with load balancing instead of a single unit
 - High concurrency
   - By adding or removing Kyuubi server instances can easily scale up or down to meet the need of client requests.
 - Upgrade smoothly
-  - Kyuubi server supports stop gracefully. We could delete a `k.i.` but not stop it immediately.
+  - Kyuubi server supports stopping gracefully. We could delete a `k.i.` but not stop it immediately.
     In this case, the `k.i.` will not take any new connection request but only operation requests from existing connections.
     After all connection are released, it stops then.
   - The dependencies of Kyuubi engines are free to change, such as bump up versions, modify configurations, add external jars, relocate to another engine home. Everything will be reloaded during start and stop.

From 4e32c3e79f501512637e72f318c16fad8a3c587b Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 22 May 2023 09:44:51 +0800
Subject: [PATCH 379/760] [KYUUBI #4857] Fix flaky test TFrontendServiceSuite

### _Why are the changes needed?_

It became flaky on my laptop w/ JDK 17, wrap assertion w/ eventually to address it.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4857 from pan3793/flaky-1.

Closes #4857

8d4d3145f [Cheng Pan] Fix flaky test TFrontendServiceSuite

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/service/TFrontendServiceSuite.scala     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
index 28442fe62..6d8c5d71d 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
@@ -532,7 +532,9 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
       assert(resp2.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
       assert(sessionManager.getOpenSessionCount == 1)
       assert(session.lastIdleTime == 0)
-      assert(lastAccessTime < session.lastAccessTime)
+      eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {
+        assert(lastAccessTime < session.lastAccessTime)
+      }
       lastAccessTime = session.lastAccessTime
 
       eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {

From f4178851ee3ac89289bcecb296df5df6db6493f4 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 22 May 2023 09:46:04 +0800
Subject: [PATCH 380/760] [KYUUBI #4865] Fix flaky test
 BackendServiceMetricSuite

### _Why are the changes needed?_

Wrap assertion w/ `eventually` to address the flaky test.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4865 from pan3793/flaky-test-2.

Closes #4865

d582d575f [Cheng Pan] Fix flaky test BackendServiceMetricSuite

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/BackendServiceMetricSuite.scala    | 63 +++++++++----------
 1 file changed, 31 insertions(+), 32 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
index a58d1842c..9745917dd 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
@@ -21,10 +21,12 @@ import java.nio.file.{Path, Paths}
 import java.time.Duration
 
 import com.fasterxml.jackson.databind.ObjectMapper
+import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{Utils, WithKyuubiServer}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.metrics.{MetricsConf, MetricsConstants}
+import org.apache.kyuubi.metrics.MetricsConf
+import org.apache.kyuubi.metrics.MetricsConstants._
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 
 class BackendServiceMetricSuite extends WithKyuubiServer with HiveJDBCTestHelper {
@@ -45,43 +47,40 @@ class BackendServiceMetricSuite extends WithKyuubiServer with HiveJDBCTestHelper
     withJdbcStatement() { statement =>
       statement.executeQuery("CREATE TABLE stu_test(id int, name string) USING parquet")
       statement.execute("insert into stu_test values(1, 'a'), (2, 'b'), (3, 'c')")
-      Thread.sleep(Duration.ofMillis(111).toMillis)
+      val logRows1 = eventually(timeout(10.seconds), interval(1.second)) {
+        val res = objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile)
+        assert(res.has("timers"))
+        val timer = res.get("timers")
+        assert(timer.get(BS_EXECUTE_STATEMENT).get("count").asInt() == 2)
+        assert(timer.get(BS_EXECUTE_STATEMENT).get("mean").asDouble() > 0)
 
-      val res1 = objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile)
-      assert(res1.has("timers"))
-      val timer1 = res1.get("timers")
-      assert(
-        timer1.get(MetricsConstants.BS_EXECUTE_STATEMENT).get("count").asInt() == 2)
-      assert(
-        timer1.get(MetricsConstants.BS_EXECUTE_STATEMENT).get("mean").asDouble() > 0)
-
-      assert(res1.has("meters"))
-      val meters1 = res1.get("meters")
-      val logRows1 = meters1.get(MetricsConstants.BS_FETCH_LOG_ROWS_RATE).get("count").asInt()
-      assert(logRows1 > 0)
+        assert(res.has("meters"))
+        val meters = res.get("meters")
+        val logRows = meters.get(BS_FETCH_LOG_ROWS_RATE).get("count").asInt()
+        assert(logRows > 0)
+        logRows
+      }
 
       statement.execute("select * from stu_test limit 2")
       statement.getResultSet.next()
-      Thread.sleep(Duration.ofMillis(111).toMillis)
-
-      val res2 = objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile)
-      val timer2 = res2.get("timers")
-      assert(
-        timer2.get(MetricsConstants.BS_OPEN_SESSION).get("count").asInt() == 1)
-      assert(
-        timer2.get(MetricsConstants.BS_OPEN_SESSION).get("min").asInt() > 0)
-      val execStatementNode2 = timer2.get(MetricsConstants.BS_EXECUTE_STATEMENT)
-      assert(execStatementNode2.get("count").asInt() == 3)
-      assert(
-        execStatementNode2.get("max").asDouble() >= execStatementNode2.get("mean").asDouble() &&
-          execStatementNode2.get("mean").asDouble() >= execStatementNode2.get("min").asDouble())
+      eventually(timeout(60.seconds), interval(1.second)) {
+        val res = objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile)
+        val timer = res.get("timers")
+        assert(timer.get(BS_OPEN_SESSION).get("count").asInt() == 1)
+        assert(timer.get(BS_OPEN_SESSION).get("min").asInt() > 0)
+        val execStatementNode = timer.get(BS_EXECUTE_STATEMENT)
+        assert(execStatementNode.get("count").asInt() == 3)
+        assert(
+          execStatementNode.get("max").asDouble() >= execStatementNode.get("mean").asDouble() &&
+            execStatementNode.get("mean").asDouble() >= execStatementNode.get("min").asDouble())
 
-      val meters2 =
-        objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile).get("meters")
-      assert(meters2.get(MetricsConstants.BS_FETCH_RESULT_ROWS_RATE).get("count").asInt() == 8)
-      assert(meters2.get(MetricsConstants.BS_FETCH_LOG_ROWS_RATE).get("count").asInt() >= logRows1)
+        val meters =
+          objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile).get("meters")
+        assert(meters.get(BS_FETCH_RESULT_ROWS_RATE).get("count").asInt() == 8)
+        assert(meters.get(BS_FETCH_LOG_ROWS_RATE).get("count").asInt() >= logRows1)
 
-      statement.executeQuery("DROP TABLE stu_test")
+        statement.executeQuery("DROP TABLE stu_test")
+      }
     }
   }
 }

From d46e00f6fe0e7085699b7ee21c3b2563520c6c36 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 22 May 2023 09:53:49 +0800
Subject: [PATCH 381/760] [KYUUBI #4849] Open modules to enable JDK 17 support

### _Why are the changes needed?_

After previous efforts, we are close to the goal. This is the latest step to to allow Kyuubi run on JDK 17 by adding `--add-open` in bootstrap scripts and test the plugin's parameter.

This PR also enables JDK 17 test in CI, but only for Kyuubi server and Spark(3.3+) engine moudles, because

- Spark supports JDK 17 since 3.3, see SPARK-33772
- Flink does not support JDK 17 until the latest 1.17

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

  - Run Kyuubi server on JDK 17
  - Run simple Spark (3.3.2) query on JDK 17
  - Run `kyuubi-zk-cli` on JDK 17

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4849 from pan3793/jdk-17.

Closes #4849

165e3558c [Cheng Pan] Enable JDK 17 in CI
f5778e7bd [Cheng Pan] Open modules in bootstrap scripts
76b507ffd [Cheng Pan] Open modules in UT

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml |  7 +++++++
 bin/load-kyuubi-env.sh       | 38 ++++++++++++++++++++++++++++++++++++
 pom.xml                      | 21 ++++++++++++++++++++
 3 files changed, 66 insertions(+)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 7edc4f662..99817e6ca 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -46,6 +46,7 @@ jobs:
         java:
           - 8
           - 11
+          - 17
         spark:
           - '3.1'
           - '3.2'
@@ -70,6 +71,12 @@ jobs:
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.4.0 -Dspark.archive.name=spark-3.4.0-bin-hadoop3.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
             comment: 'verify-on-spark-3.4-binary'
+        exclude:
+          # SPARK-33772: Spark supports JDK 17 since 3.3.0
+          - java: 17
+            spark: '3.1'
+          - java: 17
+            spark: '3.2'
     env:
       SPARK_LOCAL_IP: localhost
     steps:
diff --git a/bin/load-kyuubi-env.sh b/bin/load-kyuubi-env.sh
index bfb922658..4d6f72ddf 100755
--- a/bin/load-kyuubi-env.sh
+++ b/bin/load-kyuubi-env.sh
@@ -69,6 +69,44 @@ if [[ -z ${JAVA_HOME} ]]; then
   fi
 fi
 
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS -XX:+IgnoreUnrecognizedVMOptions"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS -Dio.netty.tryReflectionSetAccessible=true"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.lang.invoke=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.lang.reflect=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.net=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.nio=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/sun.nio.cs=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/sun.security.action=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/sun.security.tools.keytool=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/sun.security.x509=ALL-UNNAMED"
+KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS --add-opens=java.base/sun.util.calendar=ALL-UNNAMED"
+export KYUUBI_JAVA_OPTS="$KYUUBI_JAVA_OPTS"
+
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS -XX:+IgnoreUnrecognizedVMOptions"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS -Dio.netty.tryReflectionSetAccessible=true"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.lang.invoke=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.lang.reflect=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.net=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.nio=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/sun.nio.cs=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/sun.security.action=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/sun.security.tools.keytool=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/sun.security.x509=ALL-UNNAMED"
+KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS --add-opens=java.base/sun.util.calendar=ALL-UNNAMED"
+export KYUUBI_CTL_JAVA_OPTS="$KYUUBI_CTL_JAVA_OPTS"
+
 export KYUUBI_SCALA_VERSION="${KYUUBI_SCALA_VERSION:-"2.12"}"
 
 if [[ -f ${KYUUBI_HOME}/RELEASE ]]; then
diff --git a/pom.xml b/pom.xml
index 7996fa7a9..ae5c46140 100644
--- a/pom.xml
+++ b/pom.xml
@@ -256,6 +256,25 @@
         <distMgmtSnapshotsId>apache.snapshots.https</distMgmtSnapshotsId>
         <distMgmtSnapshotsName>Apache Development Snapshot Repository</distMgmtSnapshotsName>
         <distMgmtSnapshotsUrl>https://repository.apache.org/content/repositories/snapshots</distMgmtSnapshotsUrl>
+
+        <extraJavaTestArgs>-XX:+IgnoreUnrecognizedVMOptions
+            --add-opens=java.base/java.lang=ALL-UNNAMED
+            --add-opens=java.base/java.lang.invoke=ALL-UNNAMED
+            --add-opens=java.base/java.lang.reflect=ALL-UNNAMED
+            --add-opens=java.base/java.io=ALL-UNNAMED
+            --add-opens=java.base/java.net=ALL-UNNAMED
+            --add-opens=java.base/java.nio=ALL-UNNAMED
+            --add-opens=java.base/java.util=ALL-UNNAMED
+            --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
+            --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED
+            --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
+            --add-opens=java.base/sun.nio.cs=ALL-UNNAMED
+            --add-opens=java.base/sun.security.action=ALL-UNNAMED
+            --add-opens=java.base/sun.security.tools.keytool=ALL-UNNAMED
+            --add-opens=java.base/sun.security.x509=ALL-UNNAMED
+            --add-opens=java.base/sun.util.calendar=ALL-UNNAMED
+            -Djdk.reflect.useDirectMethodHandle=false
+            -Dio.netty.tryReflectionSetAccessible=true</extraJavaTestArgs>
     </properties>
 
     <dependencyManagement>
@@ -1661,6 +1680,7 @@
                     <configuration>
                         <skipTests>true</skipTests>
                         <failIfNoSpecifiedTests>false</failIfNoSpecifiedTests>
+                        <argLine>${extraJavaTestArgs}</argLine>
                     </configuration>
                 </plugin>
                 <!-- enable scalatest -->
@@ -1672,6 +1692,7 @@
                         <reportsDirectory>${project.build.directory}/surefire-reports</reportsDirectory>
                         <junitxml>.</junitxml>
                         <filereports>TestSuite.txt</filereports>
+                        <argLine>${extraJavaTestArgs}</argLine>
                         <environmentVariables>
                             <KYUUBI_WORK_DIR_ROOT>${project.build.directory}/work</KYUUBI_WORK_DIR_ROOT>
                         </environmentVariables>

From 01d80eb272e155eeabdf3688c352eb06178f42b7 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 22 May 2023 22:13:56 +0800
Subject: [PATCH 382/760] [KYUUBI #4870] Add kyuubi-util and kyuubi-util-scala
 modules

### _Why are the changes needed?_

Close #4870

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4872 from pan3793/util.

Closes #4870

0b9fe3cba [Cheng Pan] nit
ecc5ee4f2 [Cheng Pan] fix
63be7a20c [Cheng Pan] test
85363c187 [Cheng Pan] style
2227247dd [Cheng Pan] fix package
11d10a081 [Cheng Pan] Add kyuubi-util and kyuubi-util-scala modules

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/kyuubi-extension-spark-3-1/pom.xml  |  2 +-
 .../spark/kyuubi-extension-spark-3-2/pom.xml  |  2 +-
 .../spark/kyuubi-extension-spark-3-3/pom.xml  |  2 +-
 extensions/spark/kyuubi-spark-authz/pom.xml   |  5 ++
 .../plugin/spark/authz/util/AuthZUtils.scala  |  1 +
 .../spark/authz/util/SemanticVersion.scala    | 74 ------------------
 .../kyuubi-spark-connector-common/pom.xml     |  6 ++
 .../connector/common/SemanticVersion.scala    | 74 ------------------
 .../spark/connector/common/SparkUtils.scala   |  2 +
 .../spark/kyuubi-spark-connector-hive/pom.xml |  2 +-
 .../spark/kyuubi-spark-connector-kudu/pom.xml |  1 +
 .../kyuubi-spark-connector-tpcds/pom.xml      |  2 +-
 .../spark/kyuubi-spark-connector-tpch/pom.xml |  2 +-
 extensions/spark/kyuubi-spark-lineage/pom.xml |  5 ++
 .../lineage/helper/SemanticVersion.scala      | 74 ------------------
 .../lineage/helper/SparkListenerHelper.scala  |  2 +
 .../engine/chat/provider/ChatProvider.scala   |  2 +-
 .../engine/flink/FlinkEngineUtils.scala       |  4 +-
 .../engine/flink/shim/FlinkResultSet.scala    |  2 +-
 .../flink/shim/FlinkSessionManager.scala      |  2 +-
 .../kyuubi/engine/spark/KyuubiSparkUtil.scala |  2 +-
 .../spark/SparkTBinaryFrontendService.scala   |  2 +-
 .../arrow/KyuubiArrowConverters.scala         |  2 +-
 .../spark/sql/kyuubi/SparkDatasetHelper.scala |  2 +-
 .../SparkArrowbasedOperationSuite.scala       |  2 +-
 .../spark/operation/SparkOperationSuite.scala |  2 +-
 kyuubi-common/pom.xml                         | 19 ++++-
 .../operation/log/Log4j2DivertAppender.scala  |  2 +-
 .../authentication/PlainSASLServer.scala      |  2 +-
 .../authentication/PlainSASLHelperSuite.scala |  2 +-
 .../apache/kyuubi/util/SparkVersionUtil.scala |  1 -
 .../zookeeper/ZookeeperClientProvider.scala   |  2 +-
 .../KyuubiOperationPerUserSuite.scala         |  2 +-
 kyuubi-util-scala/pom.xml                     | 63 +++++++++++++++
 .../apache/kyuubi/util}/SemanticVersion.scala |  5 +-
 .../org/apache/kyuubi/tags/DeltaTest.java     | 29 +++++++
 .../org/apache/kyuubi/tags/IcebergTest.java   | 29 +++++++
 .../org/apache/kyuubi/tags/PySparkTest.java   | 29 +++++++
 .../kyuubi/util}/SemanticVersionSuite.scala   | 12 +--
 kyuubi-util/pom.xml                           | 78 +++++++++++++++++++
 .../kyuubi/util/reflect}/DynClasses.java      |  2 +-
 .../kyuubi/util/reflect}/DynConstructors.java |  2 +-
 .../kyuubi/util/reflect}/DynFields.java       | 10 +--
 .../kyuubi/util/reflect}/DynMethods.java      |  2 +-
 pom.xml                                       |  2 +
 45 files changed, 305 insertions(+), 266 deletions(-)
 delete mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/SemanticVersion.scala
 delete mode 100644 extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SemanticVersion.scala
 delete mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SemanticVersion.scala
 create mode 100644 kyuubi-util-scala/pom.xml
 rename {kyuubi-common/src/main/scala/org/apache/kyuubi/engine => kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util}/SemanticVersion.scala (95%)
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/DeltaTest.java
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/IcebergTest.java
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PySparkTest.java
 rename {kyuubi-common/src/test/scala/org/apache/kyuubi/engine => kyuubi-util-scala/src/test/java/org/apache/kyuubi/util}/SemanticVersionSuite.scala (93%)
 create mode 100644 kyuubi-util/pom.xml
 rename {kyuubi-common/src/main/java/org/apache/kyuubi/reflection => kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect}/DynClasses.java (98%)
 rename {kyuubi-common/src/main/java/org/apache/kyuubi/reflection => kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect}/DynConstructors.java (99%)
 rename {kyuubi-common/src/main/java/org/apache/kyuubi/reflection => kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect}/DynFields.java (97%)
 rename {kyuubi-common/src/main/java/org/apache/kyuubi/reflection => kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect}/DynMethods.java (99%)

diff --git a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
index a36dffaef..eb56e435b 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
@@ -148,7 +148,7 @@
                     <shadedArtifactAttached>false</shadedArtifactAttached>
                     <artifactSet>
                         <includes>
-                            <include>org.apache.kyuubi:kyuubi-extension-spark-common_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                 </configuration>
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
index 3f8019fa9..c8caed835 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
@@ -148,7 +148,7 @@
                     <shadedArtifactAttached>false</shadedArtifactAttached>
                     <artifactSet>
                         <includes>
-                            <include>org.apache.kyuubi:kyuubi-extension-spark-common_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                 </configuration>
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
index ca729a781..98c1cca02 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
@@ -137,7 +137,7 @@
                     <shadedArtifactAttached>false</shadedArtifactAttached>
                     <artifactSet>
                         <includes>
-                            <include>org.apache.kyuubi:kyuubi-extension-spark-common_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                 </configuration>
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 27417109d..7f95a6b05 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -39,6 +39,11 @@
     </properties>
 
     <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.ranger</groupId>
             <artifactId>ranger-plugins-common</artifactId>
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index 5773e1c93..46bc1fa3c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -33,6 +33,7 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.util.ReservedKeys._
+import org.apache.kyuubi.util.SemanticVersion
 
 private[authz] object AuthZUtils {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/SemanticVersion.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/SemanticVersion.scala
deleted file mode 100644
index 4d7e89725..000000000
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/SemanticVersion.scala
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.plugin.spark.authz.util
-
-/**
- * Encapsulate a component Spark version for the convenience of version checks.
- * Copy from org.apache.kyuubi.engine.ComponentVersion
- */
-case class SemanticVersion(majorVersion: Int, minorVersion: Int) {
-
-  def isVersionAtMost(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor < targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor <= targetMinor
-        })
-  }
-
-  def isVersionAtLeast(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor > targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor >= targetMinor
-        })
-  }
-
-  def isVersionEqualTo(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        runtimeMajor == targetMajor && runtimeMinor == targetMinor)
-  }
-
-  def compareVersion(
-      targetVersionString: String,
-      callback: (Int, Int, Int, Int) => Boolean): Boolean = {
-    val targetVersion = SemanticVersion(targetVersionString)
-    val targetMajor = targetVersion.majorVersion
-    val targetMinor = targetVersion.minorVersion
-    callback(targetMajor, targetMinor, this.majorVersion, this.minorVersion)
-  }
-
-  override def toString: String = s"$majorVersion.$minorVersion"
-}
-
-object SemanticVersion {
-
-  def apply(versionString: String): SemanticVersion = {
-    """^(\d+)\.(\d+)(\..*)?$""".r.findFirstMatchIn(versionString) match {
-      case Some(m) =>
-        SemanticVersion(m.group(1).toInt, m.group(2).toInt)
-      case None =>
-        throw new IllegalArgumentException(s"Tried to parse '$versionString' as a project" +
-          s" version string, but it could not find the major and minor version numbers.")
-    }
-  }
-}
diff --git a/extensions/spark/kyuubi-spark-connector-common/pom.xml b/extensions/spark/kyuubi-spark-connector-common/pom.xml
index e36361753..132f8ea83 100644
--- a/extensions/spark/kyuubi-spark-connector-common/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-common/pom.xml
@@ -31,6 +31,12 @@
     <url>https://kyuubi.apache.org/</url>
 
     <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.scala-lang</groupId>
             <artifactId>scala-library</artifactId>
diff --git a/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SemanticVersion.scala b/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SemanticVersion.scala
deleted file mode 100644
index 200937ca6..000000000
--- a/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SemanticVersion.scala
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.spark.connector.common
-
-/**
- * Encapsulate a component Spark version for the convenience of version checks.
- * Copy from org.apache.kyuubi.engine.ComponentVersion
- */
-case class SemanticVersion(majorVersion: Int, minorVersion: Int) {
-
-  def isVersionAtMost(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor < targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor <= targetMinor
-        })
-  }
-
-  def isVersionAtLeast(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor > targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor >= targetMinor
-        })
-  }
-
-  def isVersionEqualTo(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        runtimeMajor == targetMajor && runtimeMinor == targetMinor)
-  }
-
-  def compareVersion(
-      targetVersionString: String,
-      callback: (Int, Int, Int, Int) => Boolean): Boolean = {
-    val targetVersion = SemanticVersion(targetVersionString)
-    val targetMajor = targetVersion.majorVersion
-    val targetMinor = targetVersion.minorVersion
-    callback(targetMajor, targetMinor, this.majorVersion, this.minorVersion)
-  }
-
-  override def toString: String = s"$majorVersion.$minorVersion"
-}
-
-object SemanticVersion {
-
-  def apply(versionString: String): SemanticVersion = {
-    """^(\d+)\.(\d+)(\..*)?$""".r.findFirstMatchIn(versionString) match {
-      case Some(m) =>
-        SemanticVersion(m.group(1).toInt, m.group(2).toInt)
-      case None =>
-        throw new IllegalArgumentException(s"Tried to parse '$versionString' as a project" +
-          s" version string, but it could not find the major and minor version numbers.")
-    }
-  }
-}
diff --git a/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala b/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala
index c1a659fbf..a6c1624c1 100644
--- a/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala
+++ b/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.spark.connector.common
 
 import org.apache.spark.SPARK_VERSION
 
+import org.apache.kyuubi.util.SemanticVersion
+
 object SparkUtils {
 
   def isSparkVersionAtMost(targetVersionString: String): Boolean = {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/pom.xml b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
index b75db929d..8a182748a 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
@@ -153,7 +153,7 @@
                     <artifactSet>
                         <includes>
                             <include>com.google.guava:guava</include>
-                            <include>org.apache.kyuubi:kyuubi-spark-connector-common_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                     <relocations>
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/pom.xml b/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
index 97356cd93..cb1cec449 100644
--- a/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
@@ -157,6 +157,7 @@
                     <artifactSet>
                         <includes>
                             <include>org.apache.kudu:kudu-client</include>
+                            <include>org.apache.kyuubi:*</include>
                             <include>com.stumbleupon:async</include>
                         </includes>
                     </artifactSet>
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
index e9b867739..4bad96dda 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
@@ -173,7 +173,7 @@
                         <includes>
                             <include>io.trino.tpcds:tpcds</include>
                             <include>com.google.guava:guava</include>
-                            <include>org.apache.kyuubi:kyuubi-spark-connector-common_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                     <relocations>
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
index 5b418e200..fe5721c0f 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
@@ -172,7 +172,7 @@
                         <includes>
                             <include>io.trino.tpch:tpch</include>
                             <include>com.google.guava:guava</include>
-                            <include>org.apache.kyuubi:kyuubi-spark-connector-common_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:*</include>
                         </includes>
                     </artifactSet>
                     <relocations>
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index 8583dfec0..2a7ba7773 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -31,6 +31,11 @@
     <url>https://kyuubi.apache.org/</url>
 
     <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-sql_${scala.binary.version}</artifactId>
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SemanticVersion.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SemanticVersion.scala
deleted file mode 100644
index a4a8b2e0e..000000000
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SemanticVersion.scala
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.plugin.lineage.helper
-
-/**
- * Encapsulate a component (Kyuubi/Spark/Hive/Flink etc.) version
- * for the convenience of version checks.
- */
-case class SemanticVersion(majorVersion: Int, minorVersion: Int) {
-
-  def isVersionAtMost(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor < targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor <= targetMinor
-        })
-  }
-
-  def isVersionAtLeast(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor > targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor >= targetMinor
-        })
-  }
-
-  def isVersionEqualTo(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        runtimeMajor == targetMajor && runtimeMinor == targetMinor)
-  }
-
-  def compareVersion(
-      targetVersionString: String,
-      callback: (Int, Int, Int, Int) => Boolean): Boolean = {
-    val targetVersion = SemanticVersion(targetVersionString)
-    val targetMajor = targetVersion.majorVersion
-    val targetMinor = targetVersion.minorVersion
-    callback(targetMajor, targetMinor, this.majorVersion, this.minorVersion)
-  }
-
-  override def toString: String = s"$majorVersion.$minorVersion"
-}
-
-object SemanticVersion {
-
-  def apply(versionString: String): SemanticVersion = {
-    """^(\d+)\.(\d+)(\..*)?$""".r.findFirstMatchIn(versionString) match {
-      case Some(m) =>
-        SemanticVersion(m.group(1).toInt, m.group(2).toInt)
-      case None =>
-        throw new IllegalArgumentException(s"Tried to parse '$versionString' as a project" +
-          s" version string, but it could not find the major and minor version numbers.")
-    }
-  }
-}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
index f2808a4e9..57db55a1e 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.plugin.lineage.helper
 
 import org.apache.spark.SPARK_VERSION
 
+import org.apache.kyuubi.util.SemanticVersion
+
 object SparkListenerHelper {
 
   lazy val sparkMajorMinorVersion: (Int, Int) = {
diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
index f9fa8bb5a..06d719380 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/provider/ChatProvider.scala
@@ -24,7 +24,7 @@ import com.fasterxml.jackson.module.scala.{ClassTagExtensions, DefaultScalaModul
 
 import org.apache.kyuubi.{KyuubiException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.reflection.DynConstructors
+import org.apache.kyuubi.util.reflect.DynConstructors
 
 trait ChatProvider {
 
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
index f9289ea81..66d9ed2c5 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
@@ -40,8 +40,8 @@ import org.apache.flink.table.gateway.service.session.Session
 import org.apache.flink.util.JarUtils
 
 import org.apache.kyuubi.{KyuubiException, Logging}
-import org.apache.kyuubi.engine.SemanticVersion
-import org.apache.kyuubi.reflection.{DynConstructors, DynFields, DynMethods}
+import org.apache.kyuubi.util.SemanticVersion
+import org.apache.kyuubi.util.reflect.{DynConstructors, DynFields, DynMethods}
 
 object FlinkEngineUtils extends Logging {
 
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
index e3dd0f081..a9c76082d 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
@@ -24,7 +24,7 @@ import org.apache.flink.table.data.RowData
 import org.apache.flink.table.gateway.api.results.ResultSet.ResultType
 
 import org.apache.kyuubi.engine.flink.FlinkEngineUtils
-import org.apache.kyuubi.reflection.DynMethods
+import org.apache.kyuubi.util.reflect.DynMethods
 
 class FlinkResultSet(resultSet: AnyRef) {
 
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
index e34819dd6..ce5bdfbd9 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
@@ -22,7 +22,7 @@ import org.apache.flink.table.gateway.service.context.DefaultContext
 import org.apache.flink.table.gateway.service.session.Session
 
 import org.apache.kyuubi.engine.flink.FlinkEngineUtils
-import org.apache.kyuubi.reflection.{DynConstructors, DynMethods}
+import org.apache.kyuubi.util.reflect.{DynConstructors, DynMethods}
 
 class FlinkSessionManager(engineContext: DefaultContext) {
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
index 2c3e7195c..56bb2d69f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
@@ -26,7 +26,7 @@ import org.apache.spark.sql.SparkSession
 import org.apache.spark.util.kvstore.KVIndex
 
 import org.apache.kyuubi.Logging
-import org.apache.kyuubi.engine.SemanticVersion
+import org.apache.kyuubi.util.SemanticVersion
 
 object KyuubiSparkUtil extends Logging {
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
index 781ac2d07..c2563b32b 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkTBinaryFrontendService.scala
@@ -31,10 +31,10 @@ import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.ha.client.{EngineServiceDiscovery, ServiceDiscovery}
-import org.apache.kyuubi.reflection.DynConstructors
 import org.apache.kyuubi.service.{Serverable, Service, TBinaryFrontendService}
 import org.apache.kyuubi.service.TFrontendService._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
+import org.apache.kyuubi.util.reflect.DynConstructors
 
 class SparkTBinaryFrontendService(
     override val serverable: Serverable)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index 5930dcdfc..24b0ac22e 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -38,7 +38,7 @@ import org.apache.spark.sql.types._
 import org.apache.spark.sql.util.ArrowUtils
 import org.apache.spark.util.Utils
 
-import org.apache.kyuubi.reflection.DynMethods
+import org.apache.kyuubi.util.reflect.DynMethods
 
 object KyuubiArrowConverters extends SQLConfHelper with Logging {
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 8f8aef560..06eb9a144 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -35,7 +35,7 @@ import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil
 import org.apache.kyuubi.engine.spark.schema.RowSet
-import org.apache.kyuubi.reflection.DynMethods
+import org.apache.kyuubi.util.reflect.DynMethods
 
 object SparkDatasetHelper extends Logging {
 
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 9273ab879..fc53cc41a 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -40,7 +40,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.{SparkSQLEngine, WithSparkSQLEngine}
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.SparkDataTypeTests
-import org.apache.kyuubi.reflection.DynFields
+import org.apache.kyuubi.util.reflect.DynFields
 
 class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests
   with SparkMetricsTestUtils {
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
index af514ceb3..cf5044056 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
@@ -32,13 +32,13 @@ import org.apache.spark.sql.catalyst.analysis.FunctionRegistry
 import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.SemanticVersion
 import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
 import org.apache.kyuubi.engine.spark.schema.SchemaHelper.TIMESTAMP_NTZ
 import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.{HiveMetadataTests, SparkQueryTests}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
+import org.apache.kyuubi.util.SemanticVersion
 
 class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with SparkQueryTests {
 
diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index d62761d72..1ff8bea98 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -32,9 +32,9 @@
 
     <dependencies>
         <dependency>
-            <groupId>com.vladsch.flexmark</groupId>
-            <artifactId>flexmark-all</artifactId>
-            <scope>test</scope>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
         </dependency>
 
         <dependency>
@@ -128,6 +128,13 @@
             <artifactId>HikariCP</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-minikdc</artifactId>
@@ -169,6 +176,12 @@
             <artifactId>fliptables</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>com.vladsch.flexmark</groupId>
+            <artifactId>flexmark-all</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
index 1c6c1dcc6..1e5684d4c 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
@@ -28,7 +28,7 @@ import org.apache.logging.log4j.core.appender.{AbstractWriterAppender, ConsoleAp
 import org.apache.logging.log4j.core.filter.AbstractFilter
 import org.apache.logging.log4j.core.layout.PatternLayout
 
-import org.apache.kyuubi.reflection.DynFields
+import org.apache.kyuubi.util.reflect.DynFields
 
 class Log4j2DivertAppender(
     name: String,
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala
index 8e84c9f81..63cc4c0f3 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala
@@ -23,7 +23,7 @@ import javax.security.auth.callback.{Callback, CallbackHandler, NameCallback, Pa
 import javax.security.sasl.{AuthorizeCallback, SaslException, SaslServer, SaslServerFactory}
 
 import org.apache.kyuubi.KYUUBI_VERSION
-import org.apache.kyuubi.engine.SemanticVersion
+import org.apache.kyuubi.util.SemanticVersion
 
 class PlainSASLServer(
     handler: CallbackHandler,
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala
index 94a61f693..795eaa0d6 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala
@@ -23,9 +23,9 @@ import org.apache.thrift.transport.{TSaslServerTransport, TSocket}
 
 import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.SemanticVersion
 import org.apache.kyuubi.service.{NoopTBinaryFrontendServer, TBinaryFrontendService}
 import org.apache.kyuubi.service.authentication.PlainSASLServer.SaslPlainProvider
+import org.apache.kyuubi.util.SemanticVersion
 
 class PlainSASLHelperSuite extends KyuubiFunSuite {
 
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
index 785015cc3..098de23af 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
@@ -17,7 +17,6 @@
 
 package org.apache.kyuubi.util
 
-import org.apache.kyuubi.engine.SemanticVersion
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 
 trait SparkVersionUtil {
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
index d9161f3cd..eaffedd12 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
@@ -31,10 +31,10 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.HighAvailabilityConf._
 import org.apache.kyuubi.ha.client.{AuthTypes, RetryPolicies}
 import org.apache.kyuubi.ha.client.RetryPolicies._
-import org.apache.kyuubi.reflection.DynConstructors
 import org.apache.kyuubi.shaded.curator.framework.{CuratorFramework, CuratorFrameworkFactory}
 import org.apache.kyuubi.shaded.curator.retry._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
+import org.apache.kyuubi.util.reflect.DynConstructors
 
 object ZookeeperClientProvider extends Logging {
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index 2ae2340b2..fb6f4efa7 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -26,10 +26,10 @@ import org.scalatest.time.SpanSugar._
 import org.apache.kyuubi.{KYUUBI_VERSION, Utils, WithKyuubiServer, WithSimpleDFSService}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.KYUUBI_ENGINE_ENV_PREFIX
-import org.apache.kyuubi.engine.SemanticVersion
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.session.{KyuubiSessionImpl, SessionHandle}
+import org.apache.kyuubi.util.SemanticVersion
 import org.apache.kyuubi.zookeeper.ZookeeperConf
 
 class KyuubiOperationPerUserSuite
diff --git a/kyuubi-util-scala/pom.xml b/kyuubi-util-scala/pom.xml
new file mode 100644
index 000000000..19df6d78e
--- /dev/null
+++ b/kyuubi-util-scala/pom.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.kyuubi</groupId>
+        <artifactId>kyuubi-parent</artifactId>
+        <version>1.8.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>kyuubi-util-scala_2.12</artifactId>
+    <packaging>jar</packaging>
+    <name>Kyuubi Project Util Scala</name>
+    <url>https://kyuubi.apache.org/</url>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.scala-lang</groupId>
+            <artifactId>scala-library</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>prepare-test-jar</id>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                        <phase>test-compile</phase>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
+</project>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/engine/SemanticVersion.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala
similarity index 95%
rename from kyuubi-common/src/main/scala/org/apache/kyuubi/engine/SemanticVersion.scala
rename to kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala
index a36896ac9..2b4e718c9 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/engine/SemanticVersion.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala
@@ -15,11 +15,10 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.engine
+package org.apache.kyuubi.util
 
 /**
- * Encapsulate a component (Kyuubi/Spark/Hive/Flink etc.) version
- * for the convenience of version checks.
+ * Encapsulate a component version for the convenience of version checks.
  */
 case class SemanticVersion(majorVersion: Int, minorVersion: Int) {
 
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/DeltaTest.java b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/DeltaTest.java
new file mode 100644
index 000000000..1b4b6d00c
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/DeltaTest.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.tags;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.scalatest.TagAnnotation;
+
+@TagAnnotation
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface DeltaTest {}
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/IcebergTest.java b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/IcebergTest.java
new file mode 100644
index 000000000..bb598ad68
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/IcebergTest.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.tags;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.scalatest.TagAnnotation;
+
+@TagAnnotation
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface IcebergTest {}
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PySparkTest.java b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PySparkTest.java
new file mode 100644
index 000000000..1b7aa97b4
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PySparkTest.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.tags;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.scalatest.TagAnnotation;
+
+@TagAnnotation
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface PySparkTest {}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/engine/SemanticVersionSuite.scala b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
similarity index 93%
rename from kyuubi-common/src/test/scala/org/apache/kyuubi/engine/SemanticVersionSuite.scala
rename to kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
index 28427bdc8..d7eef2fc4 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/engine/SemanticVersionSuite.scala
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
@@ -15,12 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.engine
-
-import org.apache.kyuubi.KyuubiFunSuite
-
-class SemanticVersionSuite extends KyuubiFunSuite {
+package org.apache.kyuubi.util
+// scalastyle:off
+import org.scalatest.funsuite.AnyFunSuite
+// scalastyle:on
 
+// scalastyle:off
+class SemanticVersionSuite extends AnyFunSuite {
+// scalastyle:on
   test("parse normal version") {
     val version = SemanticVersion("1.12.4")
     assert(version.majorVersion === 1)
diff --git a/kyuubi-util/pom.xml b/kyuubi-util/pom.xml
new file mode 100644
index 000000000..dca500191
--- /dev/null
+++ b/kyuubi-util/pom.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.kyuubi</groupId>
+        <artifactId>kyuubi-parent</artifactId>
+        <version>1.8.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>kyuubi-util</artifactId>
+    <packaging>jar</packaging>
+    <name>Kyuubi Project Util</name>
+    <url>https://kyuubi.apache.org/</url>
+
+    <properties></properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>${skipTests}</skipTests>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>net.alchim31.maven</groupId>
+                <artifactId>scala-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>attach-scaladocs</id>
+                        <phase>none</phase>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.scalatest</groupId>
+                <artifactId>scalatest-maven-plugin</artifactId>
+                <configuration>
+                    <skipTests>true</skipTests>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.scalastyle</groupId>
+                <artifactId>scalastyle-maven-plugin</artifactId>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+        </plugins>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
+</project>
diff --git a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynClasses.java b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynClasses.java
similarity index 98%
rename from kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynClasses.java
rename to kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynClasses.java
index 05661e6a6..78bdd54af 100644
--- a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynClasses.java
+++ b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynClasses.java
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.kyuubi.reflection;
+package org.apache.kyuubi.util.reflect;
 
 import java.util.LinkedHashSet;
 import java.util.Set;
diff --git a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynConstructors.java b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynConstructors.java
similarity index 99%
rename from kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynConstructors.java
rename to kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynConstructors.java
index 59c79b885..daf55363a 100644
--- a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynConstructors.java
+++ b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynConstructors.java
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.kyuubi.reflection;
+package org.apache.kyuubi.util.reflect;
 
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
diff --git a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynFields.java b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynFields.java
similarity index 97%
rename from kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynFields.java
rename to kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynFields.java
index 9430d54e9..4c7af9036 100644
--- a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynFields.java
+++ b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynFields.java
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.kyuubi.reflection;
+package org.apache.kyuubi.util.reflect;
 
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
@@ -25,7 +25,6 @@
 import java.security.PrivilegedAction;
 import java.util.HashSet;
 import java.util.Set;
-import org.apache.commons.lang3.builder.ToStringBuilder;
 
 /** Copied from iceberg-common */
 public class DynFields {
@@ -66,11 +65,8 @@ public void set(Object target, T value) {
 
     @Override
     public String toString() {
-      return new ToStringBuilder(this)
-          .append("class", field.getDeclaringClass().toString())
-          .append("name", name)
-          .append("type", field.getType())
-          .toString();
+      return String.format(
+          "DynFields{class=%s,name=%s,type=%s}", field.getDeclaringClass(), name, field.getType());
     }
 
     /**
diff --git a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynMethods.java b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynMethods.java
similarity index 99%
rename from kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynMethods.java
rename to kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynMethods.java
index 85264191c..ca059df0b 100644
--- a/kyuubi-common/src/main/java/org/apache/kyuubi/reflection/DynMethods.java
+++ b/kyuubi-util/src/main/java/org/apache/kyuubi/util/reflect/DynMethods.java
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.kyuubi.reflection;
+package org.apache.kyuubi.util.reflect;
 
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
diff --git a/pom.xml b/pom.xml
index ae5c46140..fad1d1bdc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -79,6 +79,8 @@
         <module>kyuubi-metrics</module>
         <module>kyuubi-rest-client</module>
         <module>kyuubi-server</module>
+        <module>kyuubi-util</module>
+        <module>kyuubi-util-scala</module>
         <module>kyuubi-zookeeper</module>
     </modules>
 

From 13f6affb6e79002725d2d35367d6ef5a6cb6c854 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 23 May 2023 00:57:26 +0800
Subject: [PATCH 383/760] [KYUUBI #4866] Add annotation for Iceberg tests in
 Authz plugin

### _Why are the changes needed?_

- latest released Iceberg plugin does not support Spark 3.4, and it also blocks other tests with exception thrown :
```
IcebergCatalogRangerSparkExtensionSuite:
*** RUN ABORTED ***
  java.lang.NoClassDefFoundError: org/apache/spark/sql/catalyst/expressions/AnsiCast
  at org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions.$anonfun$apply$6(IcebergSparkSessionExtensions.scala:54)
```

- introduce annotation AuthzIcebergTest for Iceberg ut in Authz plugin, for skipping Iceberg test when testing w/ Spark 3.4 locally
-` build/mvn clean install -pl :kyuubi-spark-authz_2.12 -Pspark-3.4 -Dmaven.plugin.scalatest.exclude.tags=org.apache.kyuubi.tags.IcebergTest`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4866 from bowenliang123/tag-authz-iceberg.

Closes #4866

3c4348f14 [liangbowen] change to @IcebergTest
ddd1b885c [liangbowen] add AuthzIcebergTest

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala      | 2 ++
 .../authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index 813970389..cf396b520 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -22,7 +22,9 @@ import org.scalatest.Outcome
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+import org.apache.kyuubi.tags.IcebergTest
 
+@IcebergTest
 class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val catalogImpl: String = "hive"
   override protected val sqlExtensions: String =
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index ba6992362..2d94bb256 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -25,11 +25,13 @@ import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.tags.IcebergTest
 
 /**
  * Tests for RangerSparkExtensionSuite
  * on Iceberg catalog with DataSource V2 API.
  */
+@IcebergTest
 class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   override protected val catalogImpl: String = "hive"
   override protected val sqlExtensions: String =

From 0456d14fa8a65f89bea0a65c87249f241e614db7 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 23 May 2023 11:31:22 +0800
Subject: [PATCH 384/760] [KYUUBI #4875] [AUTHZ] Remove checking Spark v2 in
 tests since Spark v2 not supported

### _Why are the changes needed?_

- remove assuming Spark v2 in Authz testing, since Spark v2 is marked not supported

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4875 from bowenliang123/authz-remove-spark2.

Closes #4875

6686a4d01 [liangbowen] remove checking spark v2

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/authz/PrivilegesBuilderSuite.scala  | 24 ++++---------------
 .../spark/authz/SparkSessionProvider.scala    |  1 -
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index af4a7c262..340b34fc0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -367,7 +367,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === (if (isSparkV2) null else defaultDb))
+    assert(po.dbname === defaultDb)
     assert(po.objectName === "AlterViewAsCommand")
     checkTableOwner(po)
     assert(po.columns.isEmpty)
@@ -523,7 +523,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === (if (isSparkV2) null else defaultDb))
+    assert(po.dbname === defaultDb)
     assert(po.objectName === "CreateViewCommand")
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -543,7 +543,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === (if (isSparkV2) null else defaultDb))
+      assert(po.dbname === defaultDb)
       assert(po.objectName === tableName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -958,7 +958,6 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("Query: CTE") {
-    assume(!isSparkV2)
     checkColumns(
       s"""
          |with t(c) as (select coalesce(max(key), pid, 1) from $reusedPartTable group by pid)
@@ -1230,7 +1229,6 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("AlterTableChangeColumnCommand") {
-    assume(!isSparkV2)
     val plan = sql(s"ALTER TABLE $reusedTable" +
       s" ALTER COLUMN value COMMENT 'alter column'").queryExecution.analyzed
     val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
@@ -1298,7 +1296,7 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === (if (isSparkV2) null else defaultDb))
+    assert(po.dbname === defaultDb)
     assert(po.objectName === "CreateDataSourceTableAsSelectCommand")
     if (catalogImpl == "hive") {
       assert(po.columns === Seq("key", "value"))
@@ -1312,10 +1310,9 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
 
 class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
 
-  override protected val catalogImpl: String = if (isSparkV2) "in-memory" else "hive"
+  override protected val catalogImpl: String = "hive"
 
   test("AlterTableSerDePropertiesCommand") {
-    assume(!isSparkV2)
     withTable("AlterTableSerDePropertiesCommand") { t =>
       sql(s"CREATE TABLE $t (key int, pid int) USING hive PARTITIONED BY (pid)")
       sql(s"ALTER TABLE $t ADD IF NOT EXISTS PARTITION (pid=1)")
@@ -1340,7 +1337,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("CreateTableCommand") {
-    assume(!isSparkV2)
     withTable("CreateTableCommand") { _ =>
       val plan = sql(s"CREATE TABLE CreateTableCommand(a int, b string) USING hive")
         .queryExecution.analyzed
@@ -1361,7 +1357,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("CreateHiveTableAsSelectCommand") {
-    assume(!isSparkV2)
     val plan = sql(s"CREATE TABLE CreateHiveTableAsSelectCommand USING hive" +
       s" AS SELECT key, value FROM $reusedTable")
       .queryExecution.analyzed
@@ -1392,7 +1387,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("LoadDataCommand") {
-    assume(!isSparkV2)
     val dataPath = getClass.getClassLoader.getResource("data.txt").getPath
     val tableName = reusedDb + "." + "LoadDataToTable"
     withTable(tableName) { _ =>
@@ -1422,7 +1416,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("InsertIntoDatasourceDirCommand") {
-    assume(!isSparkV2)
     val tableDirectory = getClass.getResource("/").getPath + "table_directory"
     val directory = File(tableDirectory).createDirectory()
     val plan = sql(
@@ -1448,7 +1441,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("InsertIntoDataSourceCommand") {
-    assume(!isSparkV2)
     val tableName = "InsertIntoDataSourceTable"
     withTable(tableName) { _ =>
       // sql(s"CREATE TABLE $tableName (a int, b string) USING parquet")
@@ -1507,7 +1499,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("InsertIntoHadoopFsRelationCommand") {
-    assume(!isSparkV2)
     val tableName = "InsertIntoHadoopFsRelationTable"
     withTable(tableName) { _ =>
       sql(s"CREATE TABLE $tableName (a int, b string) USING parquet")
@@ -1549,7 +1540,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("InsertIntoDataSourceDirCommand") {
-    assume(!isSparkV2)
     val tableDirectory = getClass.getResource("/").getPath + "table_directory"
     val directory = File(tableDirectory).createDirectory()
     val plan = sql(
@@ -1575,7 +1565,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("InsertIntoHiveDirCommand") {
-    assume(!isSparkV2)
     val tableDirectory = getClass.getResource("/").getPath + "table_directory"
     val directory = File(tableDirectory).createDirectory()
     val plan = sql(
@@ -1601,7 +1590,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("InsertIntoHiveTableCommand") {
-    assume(!isSparkV2)
     val tableName = "InsertIntoHiveTable"
     withTable(tableName) { _ =>
       sql(s"CREATE TABLE $tableName (a int, b string) USING hive")
@@ -1631,7 +1619,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("ShowCreateTableAsSerdeCommand") {
-    assume(!isSparkV2)
     withTable("ShowCreateTableAsSerdeCommand") { t =>
       sql(s"CREATE TABLE $t (key int, pid int) USING hive PARTITIONED BY (pid)")
       val plan = sql(s"SHOW CREATE TABLE $t AS SERDE").queryExecution.analyzed
@@ -1653,7 +1640,6 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
   }
 
   test("OptimizedCreateHiveTableAsSelectCommand") {
-    assume(!isSparkV2)
     val plan = sql(
       s"CREATE TABLE OptimizedCreateHiveTableAsSelectCommand STORED AS parquet AS SELECT 1 as a")
       .queryExecution.analyzed
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index 6b1087930..232ef1b74 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -32,7 +32,6 @@ import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 trait SparkSessionProvider {
   protected val catalogImpl: String
   protected def format: String = if (catalogImpl == "hive") "hive" else "parquet"
-  protected val isSparkV2: Boolean = isSparkVersionAtMost("2.4")
   protected val isSparkV31OrGreater: Boolean = isSparkVersionAtLeast("3.1")
   protected val isSparkV32OrGreater: Boolean = isSparkVersionAtLeast("3.2")
   protected val isSparkV33OrGreater: Boolean = isSparkVersionAtLeast("3.3")

From aee9b946f3565c0df9287c0a916b12dad1d3fdce Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 23 May 2023 11:38:42 +0800
Subject: [PATCH 385/760] [KYUUBI #4874] [AUTHZ] [MINOR] Improve methods in
 AuthzUtils

### _Why are the changes needed?_

- remove unused methods, passSparkVersionCheck and isSparkVersionEqualTo
- extract sparkSemanticVersion singleton
- move spark version helper to AuthzUtils

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4874 from bowenliang123/authz-util-improve.

Closes #4874

36a8bb157 [Bowen Liang] Merge branch 'master' into authz-util-improve
28e798e88 [liangbowen] import
1c345b984 [liangbowen] blank line
0797143da [liangbowen] blank line
2f368b838 [liangbowen] remove unused method passSparkVersionCheck and isSparkVersionEqualTo, extract sparkSemanticVersion

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/authz/ranger/AccessRequest.scala    |  2 +-
 .../authz/ranger/SparkRangerAdminPlugin.scala |  2 +-
 .../plugin/spark/authz/util/AuthZUtils.scala  | 28 ++++++-------------
 ...IcebergCatalogPrivilegesBuilderSuite.scala |  1 +
 .../spark/authz/PrivilegesBuilderSuite.scala  |  5 ++--
 .../spark/authz/SparkSessionProvider.scala    |  3 --
 .../authz/V2CommandsPrivilegesSuite.scala     |  1 +
 ...bcTableCatalogPrivilegesBuilderSuite.scala |  1 +
 ...bergCatalogRangerSparkExtensionSuite.scala |  1 +
 .../ranger/RangerSparkExtensionSuite.scala    |  2 +-
 ...ableCatalogRangerSparkExtensionSuite.scala |  1 +
 .../DataMaskingForIcebergSuite.scala          |  1 +
 .../DataMaskingForJDBCV2Suite.scala           |  2 ++
 .../datamasking/DataMaskingTestBase.scala     |  1 +
 .../RowFilteringForIcebergSuite.scala         |  2 ++
 .../RowFilteringForJDBCV2Suite.scala          |  2 ++
 .../rowfiltering/RowFilteringTestBase.scala   |  1 +
 17 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
index 4997dda3b..39e172daf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
@@ -27,7 +27,7 @@ import org.apache.ranger.plugin.policyengine.{RangerAccessRequestImpl, RangerPol
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType._
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.{invoke, invokeAs}
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 case class AccessRequest private (accessType: AccessType) extends RangerAccessRequestImpl
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 25bfca96a..9abb9cd28 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -109,7 +109,7 @@ object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
       } else if (result.getMaskTypeDef != null) {
         result.getMaskTypeDef.getName match {
           case "MASK" => regexp_replace(col)
-          case "MASK_SHOW_FIRST_4" if isSparkVersionAtLeast("3.1") =>
+          case "MASK_SHOW_FIRST_4" if isSparkV31OrGreater =>
             regexp_replace(col, hasLen = true)
           case "MASK_SHOW_FIRST_4" =>
             val right = regexp_replace(s"substr($col, 5)")
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index 46bc1fa3c..d1571a9bb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -119,7 +119,7 @@ private[authz] object AuthZUtils {
 
   def hasResolvedPermanentView(plan: LogicalPlan): Boolean = {
     plan match {
-      case view: View if view.resolved && isSparkVersionAtLeast("3.1.0") =>
+      case view: View if view.resolved && isSparkV31OrGreater =>
         !getFieldVal[Boolean](view, "isTempView")
       case _ =>
         false
@@ -136,31 +136,19 @@ private[authz] object AuthZUtils {
     }
   }
 
+  private lazy val sparkSemanticVersion: SemanticVersion = SemanticVersion(SPARK_VERSION)
+  lazy val isSparkV31OrGreater: Boolean = isSparkVersionAtLeast("3.1")
+  lazy val isSparkV32OrGreater: Boolean = isSparkVersionAtLeast("3.2")
+  lazy val isSparkV33OrGreater: Boolean = isSparkVersionAtLeast("3.3")
+
   def isSparkVersionAtMost(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionAtMost(targetVersionString)
+    sparkSemanticVersion.isVersionAtMost(targetVersionString)
   }
 
   def isSparkVersionAtLeast(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionAtLeast(targetVersionString)
-  }
-
-  def isSparkVersionEqualTo(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionEqualTo(targetVersionString)
+    sparkSemanticVersion.isVersionAtLeast(targetVersionString)
   }
 
-  /**
-   * check if spark version satisfied
-   * first param is option of supported most  spark version,
-   * and secont param is option of supported least spark version
-   *
-   * @return
-   */
-  def passSparkVersionCheck: (Option[String], Option[String]) => Boolean =
-    (mostSparkVersion, leastSparkVersion) => {
-      mostSparkVersion.forall(isSparkVersionAtMost) &&
-      leastSparkVersion.forall(isSparkVersionAtLeast)
-    }
-
   def quoteIfNeeded(part: String): String = {
     if (part.matches("[a-zA-Z0-9_]+") && !part.matches("\\d+")) {
       part
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index cf396b520..a63174dc8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -22,6 +22,7 @@ import org.scalatest.Outcome
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
 
 @IcebergTest
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 340b34fc0..5106a53f6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -33,8 +33,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isSparkVersionAtMost
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 abstract class PrivilegesBuilderSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
@@ -631,7 +630,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("RefreshFunctionCommand") {
-    assume(AuthZUtils.isSparkVersionAtLeast("3.1"))
+    assume(isSparkV31OrGreater)
     sql(s"CREATE FUNCTION RefreshFunctionCommand AS '${getClass.getCanonicalName}'")
     val plan = sql("REFRESH FUNCTION RefreshFunctionCommand")
       .queryExecution.analyzed
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index 232ef1b74..1eccc178b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -32,9 +32,6 @@ import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 trait SparkSessionProvider {
   protected val catalogImpl: String
   protected def format: String = if (catalogImpl == "hive") "hive" else "parquet"
-  protected val isSparkV31OrGreater: Boolean = isSparkVersionAtLeast("3.1")
-  protected val isSparkV32OrGreater: Boolean = isSparkVersionAtLeast("3.2")
-  protected val isSparkV33OrGreater: Boolean = isSparkVersionAtLeast("3.3")
 
   protected val extension: SparkSessionExtensions => Unit = _ => Unit
   protected val sqlExtensions: String = ""
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index 0ad6b3fea..c97dd9e26 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -26,6 +26,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
 import org.apache.kyuubi.plugin.spark.authz.serde.{Database, DB_COMMAND_SPECS}
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
index f85689406..63367c91c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
@@ -23,6 +23,7 @@ import scala.util.Try
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val catalogImpl: String = "in-memory"
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index 2d94bb256..958686c25 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -25,6 +25,7 @@ import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 6424832ea..d044ad46c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -34,7 +34,7 @@ import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessio
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.getFieldVal
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 abstract class RangerSparkExtensionSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 07fe0ae5a..31d616b15 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -24,6 +24,7 @@ import scala.util.Try
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 /**
  * Tests for RangerSparkExtensionSuite
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
index 99b7eb973..905cd428c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
@@ -21,6 +21,7 @@ import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 class DataMaskingForIcebergSuite extends DataMaskingTestBase {
   override protected val extraSparkConf: SparkConf = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
index 894daeaf7..f74092d0b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
@@ -23,6 +23,8 @@ import scala.util.Try
 import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+
 class DataMaskingForJDBCV2Suite extends DataMaskingTestBase {
   override protected val extraSparkConf: SparkConf = {
     val conf = new SparkConf()
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
index bae269e7a..c5cd962e1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -30,6 +30,7 @@ import org.scalatest.funsuite.AnyFunSuite
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
 import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 /**
  * Base trait for data masking tests, derivative classes shall name themselves following:
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
index 2120b1952..a93a69662 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
@@ -21,6 +21,8 @@ import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+
 class RowFilteringForIcebergSuite extends RowFilteringTestBase {
   override protected val extraSparkConf: SparkConf = {
     val conf = new SparkConf()
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
index cfdb7dadc..09ae6a008 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
@@ -24,6 +24,8 @@ import scala.util.Try
 import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+
 class RowFilteringForJDBCV2Suite extends RowFilteringTestBase {
   override protected val extraSparkConf: SparkConf = {
     val conf = new SparkConf()
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
index 3236c97b1..8d9561a89 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
@@ -27,6 +27,7 @@ import org.scalatest.funsuite.AnyFunSuite
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
 import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 /**
  * Base trait for row filtering tests, derivative classes shall name themselves following:

From 320178bb685081d99ed1474504a318f34ee1f19e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 23 May 2023 15:25:54 +0800
Subject: [PATCH 386/760] [KYUUBI #4873] [AUTHZ] Refactor Authz reflection with
 kyuubi-util's DynMethods

### _Why are the changes needed?_

- add reflection utils in kyuubi-util-scala, using kyuubi-util's DynMethods
- continue to provided simplified reflection calling in scala

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4873 from bowenliang123/authz-reflect.

Closes #4873

d0a508400 [liangbowen] import
95d4760ad [Cheng Pan] Update kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
83e70f09b [liangbowen] authz reflect

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/authz/PrivilegesBuilder.scala       |  1 +
 .../spark/authz/ranger/AccessRequest.scala    |  2 +-
 .../RuleReplaceShowObjectCommands.scala       |  3 +-
 .../plugin/spark/authz/serde/Descriptor.scala |  2 +-
 .../spark/authz/serde/catalogExtractors.scala |  2 +-
 .../authz/serde/databaseExtractors.scala      |  1 +
 .../spark/authz/serde/tableExtractors.scala   |  1 +
 .../plugin/spark/authz/util/AuthZUtils.scala  | 61 +------------------
 .../authz/util/RangerConfigProvider.scala     | 13 ++--
 .../ranger/RangerSparkExtensionSuite.scala    |  1 +
 .../kyuubi/util/reflect/ReflectUtils.scala    | 50 +++++++++++++++
 11 files changed, 69 insertions(+), 68 deletions(-)
 create mode 100644 kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index b8220ea27..eef89deea 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -28,6 +28,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object PrivilegesBuilder {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
index 39e172daf..7d4999fde 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
@@ -27,7 +27,7 @@ import org.apache.ranger.plugin.policyengine.{RangerAccessRequestImpl, RangerPol
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType._
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 case class AccessRequest private (accessType: AccessType) extends RangerAccessRequestImpl
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
index 08d2b4fd0..4f72ecfee 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
@@ -26,6 +26,7 @@ import org.apache.spark.sql.execution.command.{RunnableCommand, ShowColumnsComma
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
 import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, ObjectFilterPlaceHolder, WithInternalChildren}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = plan match {
@@ -48,7 +49,7 @@ class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
 case class FilteredShowTablesCommand(delegated: RunnableCommand)
   extends FilteredShowObjectCommand(delegated) {
 
-  var isExtended: Boolean = AuthZUtils.getFieldVal(delegated, "isExtended").asInstanceOf[Boolean]
+  private val isExtended = getFieldVal[Boolean](delegated, "isExtended")
 
   override protected def isAllowed(r: Row, ugi: UserGroupInformation): Boolean = {
     val database = r.getString(0)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
index d8c866b88..b72f3296b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
@@ -34,7 +34,7 @@ import org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor.queryExtractors
 import org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor.tableExtractors
 import org.apache.kyuubi.plugin.spark.authz.serde.TableType.TableType
 import org.apache.kyuubi.plugin.spark.authz.serde.TableTypeExtractor.tableTypeExtractors
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 /**
  * A database object(such as database, table, function) descriptor describes its name and getter
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala
index 0b7d71223..f87943943 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.plugin.spark.authz.serde
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait CatalogExtractor extends (AnyRef => Option[String]) with Extractor
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
index 4e9270e78..d14ba7805 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.plugin.spark.authz.serde
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait DatabaseExtractor extends (AnyRef => Database) with Extractor
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index c848381d4..5af619bcf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -27,6 +27,7 @@ import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 /**
  * A trait for extracting database and table as string tuple
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index d1571a9bb..e13968e2e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -23,8 +23,6 @@ import java.security.interfaces.ECPublicKey
 import java.security.spec.X509EncodedKeySpec
 import java.util.Base64
 
-import scala.util.{Failure, Success, Try}
-
 import org.apache.commons.lang3.StringUtils
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.ranger.plugin.service.RangerBasePlugin
@@ -34,67 +32,10 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.util.ReservedKeys._
 import org.apache.kyuubi.util.SemanticVersion
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 private[authz] object AuthZUtils {
 
-  /**
-   * fixme error handling need improve here
-   */
-  def getFieldVal[T](o: Any, name: String): T = {
-    Try {
-      val field = o.getClass.getDeclaredField(name)
-      field.setAccessible(true)
-      field.get(o)
-    } match {
-      case Success(value) => value.asInstanceOf[T]
-      case Failure(e) =>
-        val candidates = o.getClass.getDeclaredFields.map(_.getName).mkString("[", ",", "]")
-        throw new RuntimeException(s"$name not in ${o.getClass} $candidates", e)
-    }
-  }
-
-  def getFieldValOpt[T](o: Any, name: String): Option[T] = Try(getFieldVal[T](o, name)).toOption
-
-  def invoke(
-      obj: AnyRef,
-      methodName: String,
-      args: (Class[_], AnyRef)*): AnyRef = {
-    try {
-      val (types, values) = args.unzip
-      val method = obj.getClass.getMethod(methodName, types: _*)
-      method.setAccessible(true)
-      method.invoke(obj, values: _*)
-    } catch {
-      case e: NoSuchMethodException =>
-        val candidates = obj.getClass.getMethods.map(_.getName).mkString("[", ",", "]")
-        throw new RuntimeException(s"$methodName not in ${obj.getClass} $candidates", e)
-    }
-  }
-
-  def invokeAs[T](
-      obj: AnyRef,
-      methodName: String,
-      args: (Class[_], AnyRef)*): T = {
-    invoke(obj, methodName, args: _*).asInstanceOf[T]
-  }
-
-  def invokeStatic(
-      obj: Class[_],
-      methodName: String,
-      args: (Class[_], AnyRef)*): AnyRef = {
-    val (types, values) = args.unzip
-    val method = obj.getMethod(methodName, types: _*)
-    method.setAccessible(true)
-    method.invoke(obj, values: _*)
-  }
-
-  def invokeStaticAs[T](
-      obj: Class[_],
-      methodName: String,
-      args: (Class[_], AnyRef)*): T = {
-    invokeStatic(obj, methodName, args: _*).asInstanceOf[T]
-  }
-
   /**
    * Get the active session user
    * @param spark spark context instance
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
index 83fe048e6..cb3a2371b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
@@ -20,6 +20,7 @@ package org.apache.kyuubi.plugin.spark.authz.util
 import org.apache.hadoop.conf.Configuration
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.DynMethods
 
 trait RangerConfigProvider {
 
@@ -36,12 +37,16 @@ trait RangerConfigProvider {
   def getRangerConf: Configuration = {
     if (isRanger21orGreater) {
       // for Ranger 2.1+
-      invokeAs[Configuration](this, "getConfig")
+      DynMethods.builder("getConfig")
+        .impl("org.apache.ranger.plugin.service.RangerBasePlugin")
+        .build()
+        .invoke[Configuration](this)
     } else {
       // for Ranger 2.0 and below
-      invokeStaticAs[Configuration](
-        Class.forName("org.apache.ranger.authorization.hadoop.config.RangerConfiguration"),
-        "getInstance")
+      DynMethods.builder("getInstance")
+        .impl("org.apache.ranger.authorization.hadoop.config.RangerConfiguration")
+        .buildStatic()
+        .invoke[Configuration]()
     }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index d044ad46c..89b81ccee 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -35,6 +35,7 @@ import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 abstract class RangerSparkExtensionSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll {
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
new file mode 100644
index 000000000..843b8489a
--- /dev/null
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.util.reflect
+
+import scala.util.{Failure, Success, Try}
+
+object ReflectUtils {
+
+  def getFieldVal[T](target: Any, fieldName: String): T =
+    Try {
+      DynFields.builder().hiddenImpl(target.getClass, fieldName).build[T]().get(target)
+    } match {
+      case Success(value) => value
+      case Failure(e) =>
+        val candidates = target.getClass.getDeclaredFields.map(_.getName).mkString("[", ",", "]")
+        throw new RuntimeException(s"$fieldName not in ${target.getClass} $candidates", e)
+    }
+
+  def getFieldValOpt[T](target: Any, name: String): Option[T] =
+    Try(getFieldVal[T](target, name)).toOption
+
+  def invoke(target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): AnyRef =
+    try {
+      val (types, values) = args.unzip
+      DynMethods.builder(methodName).hiddenImpl(target.getClass, types: _*).build()
+        .invoke(target, values: _*)
+    } catch {
+      case e: NoSuchMethodException =>
+        val candidates = target.getClass.getMethods.map(_.getName).mkString("[", ",", "]")
+        throw new RuntimeException(s"$methodName not in ${target.getClass} $candidates", e)
+    }
+
+  def invokeAs[T](target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): T =
+    invoke(target, methodName, args: _*).asInstanceOf[T]
+}

From 4901553329da874c8aef6def4d5083f103bda1f1 Mon Sep 17 00:00:00 2001
From: bowenliang <bowenliang@apache.org>
Date: Thu, 25 May 2023 10:58:31 +0800
Subject: [PATCH 387/760] [KYUUBI #4812] [MINOR] Generalize case transformation
 method for string type config entry

### _Why are the changes needed?_

- unify config value capitalization for String and Seq[String] configs
- Generalize `transformToUpperCase` and `transformToLowerCase` for config entry
- simplify transformation for configs of `kyuubi.authentication`  and `kyuubi.frontend.protocols`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4812 from bowenliang123/conf-upper.

Closes #4812

747c2955c [bowenliang] upper and lower case for config values

Authored-by: bowenliang <bowenliang@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../apache/kyuubi/config/ConfigBuilder.scala  | 16 ++++++++++
 .../org/apache/kyuubi/config/KyuubiConf.scala | 30 +++++++++----------
 .../kyuubi/config/ConfigBuilderSuite.scala    | 21 +++++++++++++
 .../apache/kyuubi/metrics/MetricsConf.scala   |  2 +-
 .../metadata/jdbc/JDBCMetadataStoreConf.scala |  4 +--
 5 files changed, 55 insertions(+), 18 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
index 62f060a05..8d7501552 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.config
 
 import java.time.Duration
+import java.util.Locale
 import java.util.regex.PatternSyntaxException
 
 import scala.util.{Failure, Success, Try}
@@ -166,6 +167,21 @@ private[kyuubi] case class TypedConfigBuilder[T](
 
   def transform(fn: T => T): TypedConfigBuilder[T] = this.copy(fromStr = s => fn(fromStr(s)))
 
+  def transformToUpperCase: TypedConfigBuilder[T] = {
+    transformString(_.toUpperCase(Locale.ROOT))
+  }
+
+  def transformToLowerCase: TypedConfigBuilder[T] = {
+    transformString(_.toLowerCase(Locale.ROOT))
+  }
+
+  private def transformString(fn: String => String): TypedConfigBuilder[T] = {
+    require(parent._type == "string")
+    this.asInstanceOf[TypedConfigBuilder[String]]
+      .transform(fn)
+      .asInstanceOf[TypedConfigBuilder[T]]
+  }
+
   /** Checks if the user-provided value for the config matches the validator. */
   def checkValue(validator: T => Boolean, errMsg: String): TypedConfigBuilder[T] = {
     transform { v =>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 9ae1898c5..36fd27285 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -387,8 +387,8 @@ object KyuubiConf {
         "</ul>")
       .version("1.4.0")
       .stringConf
+      .transformToUpperCase
       .toSequence()
-      .transform(_.map(_.toUpperCase(Locale.ROOT)))
       .checkValue(
         _.forall(FrontendProtocols.values.map(_.toString).contains),
         s"the frontend protocol should be one or more of ${FrontendProtocols.values.mkString(",")}")
@@ -764,8 +764,8 @@ object KyuubiConf {
     .version("1.0.0")
     .serverOnly
     .stringConf
+    .transformToUpperCase
     .toSequence()
-    .transform(_.map(_.toUpperCase(Locale.ROOT)))
     .checkValue(
       _.forall(AuthTypes.values.map(_.toString).contains),
       s"the authentication type should be one or more of ${AuthTypes.values.mkString(",")}")
@@ -1001,7 +1001,7 @@ object KyuubiConf {
     .serverOnly
     .stringConf
     .checkValues(SaslQOP.values.map(_.toString))
-    .transform(_.toLowerCase(Locale.ROOT))
+    .transformToLowerCase
     .createWithDefault(SaslQOP.AUTH.toString)
 
   val FRONTEND_REST_BIND_HOST: ConfigEntry[Option[String]] =
@@ -1733,7 +1733,7 @@ object KyuubiConf {
       .version("1.7.0")
       .stringConf
       .checkValues(Set("arrow", "thrift"))
-      .transform(_.toLowerCase(Locale.ROOT))
+      .transformToLowerCase
       .createWithDefault("thrift")
 
   val ARROW_BASED_ROWSET_TIMESTAMP_AS_STRING: ConfigEntry[Boolean] =
@@ -1758,7 +1758,7 @@ object KyuubiConf {
       .doc(s"(deprecated) - Using kyuubi.engine.share.level instead")
       .version("1.0.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .checkValues(ShareLevel.values.map(_.toString))
       .createWithDefault(ShareLevel.USER.toString)
 
@@ -1773,7 +1773,7 @@ object KyuubiConf {
       .doc("(deprecated) - Using kyuubi.engine.share.level.subdomain instead")
       .version("1.2.0")
       .stringConf
-      .transform(_.toLowerCase(Locale.ROOT))
+      .transformToLowerCase
       .checkValue(validZookeeperSubPath.matcher(_).matches(), "must be valid zookeeper sub path.")
       .createOptional
 
@@ -1839,7 +1839,7 @@ object KyuubiConf {
       "</ul>")
     .version("1.4.0")
     .stringConf
-    .transform(_.toUpperCase(Locale.ROOT))
+    .transformToUpperCase
     .checkValues(EngineType.values.map(_.toString))
     .createWithDefault(EngineType.SPARK_SQL.toString)
 
@@ -1886,7 +1886,7 @@ object KyuubiConf {
         "</ul>")
       .version("1.7.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .checkValues(Set("RANDOM", "POLLING"))
       .createWithDefault("RANDOM")
 
@@ -2047,7 +2047,7 @@ object KyuubiConf {
       .version("1.4.0")
       .serverOnly
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .toSequence()
       .checkValue(
         _.toSet.subsetOf(Set("JSON", "JDBC", "CUSTOM", "KAFKA")),
@@ -2071,7 +2071,7 @@ object KyuubiConf {
         " which has a zero-arg constructor.")
       .version("1.3.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .toSequence()
       .checkValue(
         _.toSet.subsetOf(Set("SPARK", "JSON", "JDBC", "CUSTOM")),
@@ -2204,7 +2204,7 @@ object KyuubiConf {
         "'physical', and 'execution', other engines do not support planOnly currently.")
       .version("1.4.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .checkValue(
         mode =>
           Set(
@@ -2227,7 +2227,7 @@ object KyuubiConf {
         "of the Spark engine")
       .version("1.7.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .checkValue(
         mode => Set("PLAIN", "JSON").contains(mode),
         "Invalid value for 'kyuubi.operation.plan.only.output.style'. Valid values are " +
@@ -2278,7 +2278,7 @@ object KyuubiConf {
         "</ul>")
       .version("1.5.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .checkValues(OperationLanguages.values.map(_.toString))
       .createWithDefault(OperationLanguages.SQL.toString)
 
@@ -2838,7 +2838,7 @@ object KyuubiConf {
         " <li>CUSTOM: to be done.</li></ul>")
       .version("1.7.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .toSequence()
       .checkValue(
         _.toSet.subsetOf(Set("JSON", "JDBC", "CUSTOM")),
@@ -2855,7 +2855,7 @@ object KyuubiConf {
         " <li>CUSTOM: to be done.</li></ul>")
       .version("1.7.0")
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .toSequence()
       .checkValue(
         _.toSet.subsetOf(Set("JSON", "JDBC", "CUSTOM")),
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
index 4a9ade551..2cb683f52 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
@@ -72,6 +72,27 @@ class ConfigBuilderSuite extends KyuubiFunSuite {
     KyuubiConf.register(sequenceConf)
     val kyuubiConf = KyuubiConf().set(sequenceConf.key, "kyuubi,kent")
     assert(kyuubiConf.get(sequenceConf) === Seq("kyuubi", "kent"))
+
+    val stringConfUpper = ConfigBuilder("kyuubi.string.conf.upper")
+      .stringConf
+      .transformToUpperCase
+      .createWithDefault("Kent, Yao")
+    assert(stringConfUpper.key === "kyuubi.string.conf.upper")
+    assert(stringConfUpper.defaultVal.get === "KENT, YAO")
+
+    val stringConfUpperSeq = ConfigBuilder("kyuubi.string.conf.upper.seq")
+      .stringConf
+      .transformToUpperCase
+      .toSequence()
+      .createWithDefault(Seq("hehe"))
+    assert(stringConfUpperSeq.defaultVal.get === Seq("HEHE"))
+
+    val stringConfLower = ConfigBuilder("kyuubi.string.conf.lower")
+      .stringConf
+      .transformToLowerCase
+      .createWithDefault("Kent, Yao")
+    assert(stringConfLower.key === "kyuubi.string.conf.lower")
+    assert(stringConfLower.defaultVal.get === "kent, yao")
   }
 
   test("time config") {
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
index ad734ced5..cbdf832bd 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
@@ -43,7 +43,7 @@ object MetricsConf {
       "</ul>")
     .version("1.2.0")
     .stringConf
-    .transform(_.toUpperCase())
+    .transformToUpperCase
     .toSequence()
     .checkValue(
       _.forall(ReporterType.values.map(_.toString).contains),
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
index de30b6e66..0d46fa7fc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.server.metadata.jdbc
 
-import java.util.{Locale, Properties}
+import java.util.Properties
 
 import org.apache.kyuubi.config.{ConfigEntry, KyuubiConf, OptionalConfigEntry}
 import org.apache.kyuubi.config.KyuubiConf.buildConf
@@ -46,7 +46,7 @@ object JDBCMetadataStoreConf {
       .version("1.6.0")
       .serverOnly
       .stringConf
-      .transform(_.toUpperCase(Locale.ROOT))
+      .transformToUpperCase
       .createWithDefault("DERBY")
 
   val METADATA_STORE_JDBC_DATABASE_SCHEMA_INIT: ConfigEntry[Boolean] =

From 0b352ba852feae0c670b6acc2c74450dce691cc0 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 25 May 2023 13:59:11 +0800
Subject: [PATCH 388/760] [KYUUBI #4880] [BUILD] Skip compiling useless files
 when making distribution

### _Why are the changes needed?_

To speed up the making distribution.

Refer https://github.com/apache/spark/pull/41141

This PR add more skip properties when making distribution:

- -Dmaven.javadoc.skip=true to skip generating javadoc
- -Dmaven.scaladoc.skip=true to skip generating scaladoc. Please see: https://davidb.github.io/scala-maven-plugin/doc-jar-mojo.html#skip
- -Dmaven.source.skip to skip generating sources.jar

### _How was this patch tested?_
Manual test:
<img width="267" alt="image" src="https://github.com/apache/kyuubi/assets/6757692/af4e7bb5-10f1-4fa0-b212-b779b77c9ff3">

```
 ./build/dist --spark-provided --hive-provided --flink-provided
```

Before this pr:
```
[INFO] Total time:  09:20 min
```

After this pr:
```
[INFO] Total time:  06:46 min
```

Closes #4880 from turboFei/speedup_dist.

Closes #4880

47f5ef2ac [fwang12] [BUILD] Skip compiling useless files when making distribution

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/dist | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dist b/build/dist
index 33ef189c6..4188c78bb 100755
--- a/build/dist
+++ b/build/dist
@@ -215,7 +215,7 @@ else
   echo "Making distribution for Kyuubi $VERSION in '$DISTDIR'..."
 fi
 
-MVN_DIST_OPT="-DskipTests"
+MVN_DIST_OPT="-DskipTests -Dmaven.javadoc.skip=true -Dmaven.scaladoc.skip=true -Dmaven.source.skip"
 
 if [[ "$ENABLE_WEBUI" == "true" ]]; then
   MVN_DIST_OPT="$MVN_DIST_OPT -Pweb-ui"

From 810a41c54e4012d259302289d6da1fa5ecccf603 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 26 May 2023 09:26:10 +0800
Subject: [PATCH 389/760] [KYUUBI #4871] [AUTHZ] Adapt plan changes for
 CreateNamespace and SetCatalogAndNamespace in Spark 3.4

### _Why are the changes needed?_

- namespace changed from `Seq[String]` to `ResolvedNamespace` in Spark 3.4
- fixing uts in the name of `CreateNamespace` and `Extracting database info with ResolvedDBObjectNameDatabaseExtractor` w/ Spark 3.4 for  CreateNamespace and SetCatalogAndNamespace commands

Testing by running `build/mvn clean install -pl :kyuubi-spark-authz_2.12 -Pspark-3.4 -Dmaven.plugin.scalatest.exclude.tags=org.apache.kyuubi.tags.IcebergTest`.

Before:
```
- CreateNamespace *** FAILED ***
  0 did not equal 1 (V2CommandsPrivilegesSuite.scala:707)
...
- Extracting database info with ResolvedDBObjectNameDatabaseExtractor *** FAILED ***
  java.lang.NullPointerException:
  at org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite.$anonfun$new$24(V2JdbcTableCatalogPrivilegesBuilderSuite.scala:151)
  at org.scalatest.Assertions.withClue(Assertions.scala:1065)
  at org.scalatest.Assertions.withClue$(Assertions.scala:1052)
  at org.scalatest.funsuite.AnyFunSuite.withClue(AnyFunSuite.scala:1564)
  at org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite.$anonfun$new$21(V2JdbcTableCatalogPrivilegesBuilderSuite.scala:150)
  at scala.collection.immutable.List.foreach(List.scala:431)
  at org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite.$anonfun$new$20(V2JdbcTableCatalogPrivilegesBuilderSuite.scala:143)
  at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
  at org.scalatest.OutcomeOf.outcomeOf(OutcomeOf.scala:85)
  at org.scalatest.OutcomeOf.outcomeOf$(OutcomeOf.scala:83)
```

After:
```
- CreateNamespace
- Extracting database info with ResolvedDBObjectNameDatabaseExtractor
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4871 from bowenliang123/create-ns.

Closes #4871

fa141fb5a [liangbowen] update spec json
2cd18f829 [liangbowen] use meaningful desc names
142224d1e [liangbowen] Adapt changes for CreateNamespace and SetCatalogAndNamespace

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../main/resources/database_command_spec.json   | 10 ++++++++++
 .../spark/authz/gen/DatabaseCommands.scala      | 17 +++++++++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/database_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/database_command_spec.json
index 4eb4b3ef8..c640ed89b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/database_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/database_command_spec.json
@@ -22,6 +22,11 @@
       "fieldExtractor" : "CatalogPluginCatalogExtractor"
     },
     "isInput" : false
+  }, {
+    "fieldName" : "name",
+    "fieldExtractor" : "ResolvedNamespaceDatabaseExtractor",
+    "catalogDesc" : null,
+    "isInput" : false
   } ],
   "opType" : "CREATEDATABASE"
 }, {
@@ -45,6 +50,11 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.SetCatalogAndNamespace",
   "databaseDescs" : [ {
+    "fieldName" : "child",
+    "fieldExtractor" : "ResolvedNamespaceDatabaseExtractor",
+    "catalogDesc" : null,
+    "isInput" : true
+  }, {
     "fieldName" : "child",
     "fieldExtractor" : "ResolvedDBObjectNameDatabaseExtractor",
     "catalogDesc" : null,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala
index e947579e9..a61c142ed 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala
@@ -58,9 +58,10 @@ object DatabaseCommands {
         "namespace",
         classOf[StringSeqDatabaseExtractor],
         catalogDesc = Some(CatalogDesc()))
+    val databaseDesc3 = DatabaseDesc("name", classOf[ResolvedNamespaceDatabaseExtractor])
     DatabaseCommandSpec(
       "org.apache.spark.sql.catalyst.plans.logical.CreateNamespace",
-      Seq(databaseDesc1, databaseDesc2),
+      Seq(databaseDesc1, databaseDesc2, databaseDesc3),
       CREATEDATABASE)
   }
 
@@ -97,12 +98,12 @@ object DatabaseCommands {
 
   val SetCatalogAndNamespace = {
     val cmd = "org.apache.spark.sql.catalyst.plans.logical.SetCatalogAndNamespace"
-    val databaseDesc1 =
+    val resolvedDbObjectDatabaseDesc =
       DatabaseDesc(
         "child",
         classOf[ResolvedDBObjectNameDatabaseExtractor],
         isInput = true)
-    val databaseDesc2 =
+    val stringSeqOptionDatabaseDesc =
       DatabaseDesc(
         "namespace",
         classOf[StringSeqOptionDatabaseExtractor],
@@ -110,7 +111,15 @@ object DatabaseCommands {
           fieldName = "catalogName",
           fieldExtractor = classOf[StringOptionCatalogExtractor])),
         isInput = true)
-    DatabaseCommandSpec(cmd, Seq(databaseDesc1, databaseDesc2), SWITCHDATABASE)
+    val resolvedNamespaceDatabaseDesc =
+      DatabaseDesc(
+        "child",
+        classOf[ResolvedNamespaceDatabaseExtractor],
+        isInput = true)
+    DatabaseCommandSpec(
+      cmd,
+      Seq(resolvedNamespaceDatabaseDesc, resolvedDbObjectDatabaseDesc, stringSeqOptionDatabaseDesc),
+      SWITCHDATABASE)
   }
 
   val SetNamespace = {

From 151b2eaec29c33a28116b159959f904c1c505531 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 26 May 2023 16:49:43 +0800
Subject: [PATCH 390/760] [KYUUBI #4888] [AUTHZ] Remove filtering results for
 ShowDatabasesCommand in Spark 2.x

### _Why are the changes needed?_

- remove FilteredShowDatabasesCommand for filtering "show databases" in Spark 2.x, as ShowDatabasesCommand is removed since Spark 3.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4888 from bowenliang123/remove-showdatabasecommand.

Closes #4888

d4ae60bc1 [liangbowen] remove FilteredShowDatabasesCommand for filtering show database in spark 2.4

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../ranger/RuleReplaceShowObjectCommands.scala    | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
index 4f72ecfee..6e86ab9fb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
@@ -33,9 +33,6 @@ class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
     case r: RunnableCommand if r.nodeName == "ShowTablesCommand" => FilteredShowTablesCommand(r)
     case n: LogicalPlan if n.nodeName == "ShowTables" =>
       ObjectFilterPlaceHolder(n)
-    // show databases in spark2.4.x
-    case r: RunnableCommand if r.nodeName == "ShowDatabasesCommand" =>
-      FilteredShowDatabasesCommand(r)
     case n: LogicalPlan if n.nodeName == "ShowNamespaces" =>
       ObjectFilterPlaceHolder(n)
     case r: RunnableCommand if r.nodeName == "ShowFunctionsCommand" =>
@@ -64,18 +61,6 @@ case class FilteredShowTablesCommand(delegated: RunnableCommand)
   }
 }
 
-case class FilteredShowDatabasesCommand(delegated: RunnableCommand)
-  extends FilteredShowObjectCommand(delegated) {
-
-  override protected def isAllowed(r: Row, ugi: UserGroupInformation): Boolean = {
-    val database = r.getString(0)
-    val resource = AccessResource(ObjectType.DATABASE, database, null, null)
-    val request = AccessRequest(resource, ugi, OperationType.SHOWDATABASES, AccessType.USE)
-    val result = SparkRangerAdminPlugin.isAccessAllowed(request)
-    result != null && result.getIsAllowed
-  }
-}
-
 abstract class FilteredShowObjectCommand(delegated: RunnableCommand)
   extends RunnableCommand with WithInternalChildren {
 

From 35aa202406175619492627e3afd15c9a10c9f94e Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 26 May 2023 18:18:16 +0800
Subject: [PATCH 391/760] [KYUUBI #4890] Return operation metrics in
 OperationData and fix typo

### _Why are the changes needed?_

Return operation metrics and fix typo.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4890 from turboFei/op_data_metrics.

Closes #4890

ef2ed36eb [fwang12] return metrics and fix bug

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/client/api/v1/dto/OperationData.java  | 16 ++++++++++++++--
 .../org/apache/kyuubi/server/api/ApiUtils.scala  |  3 ++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
index 1b99bb2c6..8b1f7656e 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.client.api.v1.dto;
 
+import java.util.Map;
 import java.util.Objects;
 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@@ -33,6 +34,7 @@ public class OperationData {
   private String sessionUser;
   private String sessionType;
   private String kyuubiInstance;
+  private Map<String, String> metrics;
 
   public OperationData() {}
 
@@ -47,7 +49,8 @@ public OperationData(
       String sessionId,
       String sessionUser,
       String sessionType,
-      String kyuubiInstance) {
+      String kyuubiInstance,
+      Map<String, String> metrics) {
     this.identifier = identifier;
     this.statement = statement;
     this.state = state;
@@ -59,6 +62,7 @@ public OperationData(
     this.sessionUser = sessionUser;
     this.sessionType = sessionType;
     this.kyuubiInstance = kyuubiInstance;
+    this.metrics = metrics;
   }
 
   public String getIdentifier() {
@@ -149,11 +153,19 @@ public void setKyuubiInstance(String kyuubiInstance) {
     this.kyuubiInstance = kyuubiInstance;
   }
 
+  public Map<String, String> getMetrics() {
+    return metrics;
+  }
+
+  public void setMetrics(Map<String, String> metrics) {
+    this.metrics = metrics;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
     if (o == null || getClass() != o.getClass()) return false;
-    SessionData that = (SessionData) o;
+    OperationData that = (OperationData) o;
     return Objects.equals(getIdentifier(), that.getIdentifier());
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
index 1f2cb309b..6b01def5c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -57,7 +57,8 @@ object ApiUtils {
       opEvent.sessionId,
       opEvent.sessionUser,
       opEvent.sessionType,
-      operation.getSession.asInstanceOf[KyuubiSession].connectionUrl)
+      operation.getSession.asInstanceOf[KyuubiSession].connectionUrl,
+      operation.metrics.asJava)
   }
 
   def serverData(nodeInfo: ServiceNodeInfo): ServerData = {

From 01619b48734dcef51034f6d4f8db9d68923c85b7 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Sat, 27 May 2023 22:26:12 +0800
Subject: [PATCH 392/760] [KYUUBI #4891] Bump Flink 1.16.2

### _Why are the changes needed?_

As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4891 from link3280/bump-flink-1.16.2.

Closes #4891

953f83014 [Paul Lin] Bump Flink 1.16.2

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index fad1d1bdc..d6628cf3f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2189,7 +2189,7 @@
         <profile>
             <id>flink-1.16</id>
             <properties>
-                <flink.version>1.16.1</flink.version>
+                <flink.version>1.16.2</flink.version>
             </properties>
         </profile>
 

From ff8611e159d1e41de55a2d919bfeeaf2fec2c125 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Sat, 27 May 2023 22:27:31 +0800
Subject: [PATCH 393/760] [KYUUBI #4877] Bump Flink 1.17 to 1.17.1

### _Why are the changes needed?_

As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4877 from link3280/bump-flink-1.17.1.

Closes #4877

c94c00559 [Paul Lin] Bump Flink 1.17.1
bfd865ac1 [Paul Lin] Fix invalid download url
f2b09559d [Paul Lin] Fix flink jar not found with no profile specified
f63f3842c [Paul Lin] Fix flink download error with no profile specified
3055b6c88 [Paul Lin] Fix spotless
07b62fd95 [Paul Lin] Bump Flink 1.17.1-rc1

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index d6628cf3f..3b638ea54 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,7 +136,7 @@
         <failsafe.verion>2.4.4</failsafe.verion>
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>
-        <flink.version>1.17.0</flink.version>
+        <flink.version>1.17.1</flink.version>
         <flink.archive.name>flink-${flink.version}-bin-scala_${scala.binary.version}.tgz</flink.archive.name>
         <flink.archive.mirror>${apache.archive.dist}/flink/flink-${flink.version}</flink.archive.mirror>
         <flink.archive.download.skip>false</flink.archive.download.skip>
@@ -2196,7 +2196,7 @@
         <profile>
             <id>flink-1.17</id>
             <properties>
-                <flink.version>1.17.0</flink.version>
+                <flink.version>1.17.1</flink.version>
             </properties>
         </profile>
 

From 4a4f3cc2783eca42256e548968a6b7db56672483 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Sat, 27 May 2023 22:28:41 +0800
Subject: [PATCH 394/760] [KYUUBI #4878] Delta support for Spark-3.4

### _Why are the changes needed?_

test against delta-2.4.0

https://github.com/delta-io/delta/releases/tag/v2.4.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4878 from cfmcgrady/delta-2.4.0.

Closes #4878

537e556f5 [Fu Chen] Update pom.xml
e89b97125 [Fu Chen] bump delta 2.4.0
ae32f62f4 [Fu Chen] fix style
9789a5e04 [Fu Chen] delta support for Spark-3.4

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3b638ea54..b23fbd0d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2159,10 +2159,11 @@
                 <module>extensions/spark/kyuubi-spark-connector-kudu</module>
             </modules>
             <properties>
+                <delta.version>2.4.0</delta.version>
                 <spark.version>3.4.0</spark.version>
                 <!-- FIXME: used for constructing Iceberg artifact name, correct it once Iceberg supports Spark 3.4 -->
                 <spark.binary.version>3.3</spark.binary.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 

From ec7e7479fa2bb2fb39233630f46241ee92a70ccf Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sat, 27 May 2023 22:30:19 +0800
Subject: [PATCH 395/760] [KYUUBI #4869] [AUTHZ] Introduce table extractor for
 ResolvedIdentifier in Spark 3.4

### _Why are the changes needed?_

- introduce ResolvedIdentifierTableExtractor for extracting table from `org.apache.spark.sql.catalyst.analysis.ResolvedIdentifier` in Spark 3.4
- fixing ut failures w/ Spark 3.4
   -  ut CreateTable / CreateTableAsSelect / ReplaceTable / ReplaceTableAsSelect
   -  ut "Extracting table info with ResolvedDbObjectNameTableExtractor"

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4869 from bowenliang123/resolved.

Closes #4869

0bf65cd60 [liangbowen] introduce ResolvedIdentifierTableExtractor for spark 3.4

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 ...bi.plugin.spark.authz.serde.TableExtractor |  1 +
 .../main/resources/table_command_spec.json    | 36 +++++++++++++++++++
 .../spark/authz/serde/tableExtractors.scala   | 13 +++++++
 .../spark/authz/gen/TableCommands.scala       | 12 +++++--
 4 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
index f4d7eb503..a312682b1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
@@ -21,5 +21,6 @@ org.apache.kyuubi.plugin.spark.authz.serde.DataSourceV2RelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.IdentifierTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.LogicalRelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedDbObjectNameTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.ResolvedIdentifierTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedTableTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.TableIdentifierTableExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 3d6fcd93b..c67fdbfe7 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -108,6 +108,15 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CreateTable",
   "tableDescs" : [ {
+    "fieldName" : "child",
+    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableName",
     "fieldExtractor" : "IdentifierTableExtractor",
     "columnDesc" : null,
@@ -134,6 +143,15 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CreateTableAsSelect",
   "tableDescs" : [ {
+    "fieldName" : "left",
+    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableName",
     "fieldExtractor" : "IdentifierTableExtractor",
     "columnDesc" : null,
@@ -432,6 +450,15 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceTable",
   "tableDescs" : [ {
+    "fieldName" : "child",
+    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableName",
     "fieldExtractor" : "IdentifierTableExtractor",
     "columnDesc" : null,
@@ -458,6 +485,15 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceTableAsSelect",
   "tableDescs" : [ {
+    "fieldName" : "left",
+    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableName",
     "fieldExtractor" : "IdentifierTableExtractor",
     "columnDesc" : null,
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 5af619bcf..53189599a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -165,3 +165,16 @@ class ResolvedDbObjectNameTableExtractor extends TableExtractor {
     Some(Table(catalog, Some(quote(namespace)), table, None))
   }
 }
+
+/**
+ * org.apache.spark.sql.catalyst.analysis.ResolvedIdentifier
+ */
+class ResolvedIdentifierTableExtractor extends TableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    val catalogVal = invoke(v1, "catalog")
+    val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+    val identifier = invoke(v1, "identifier")
+    val maybeTable = new IdentifierTableExtractor().apply(spark, identifier)
+    maybeTable.map(_.copy(catalog = catalog))
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 4f971ba62..2d2b8ed9a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -30,6 +30,8 @@ object TableCommands {
   val resolvedTableDesc = TableDesc("child", classOf[ResolvedTableTableExtractor])
   val resolvedDbObjectNameDesc =
     TableDesc("child", classOf[ResolvedDbObjectNameTableExtractor])
+  val resolvedIdentifierTableDesc =
+    TableDesc("child", classOf[ResolvedIdentifierTableExtractor])
   val overwriteActionTypeDesc =
     ActionTypeDesc("overwrite", classOf[OverwriteOrInsertActionTypeExtractor])
   val queryQueryDesc = QueryDesc("query")
@@ -205,7 +207,10 @@ object TableCommands {
       "tableName",
       classOf[IdentifierTableExtractor],
       catalogDesc = Some(CatalogDesc()))
-    TableCommandSpec(cmd, Seq(tableDesc, resolvedDbObjectNameDesc), CREATETABLE)
+    TableCommandSpec(
+      cmd,
+      Seq(resolvedIdentifierTableDesc, tableDesc, resolvedDbObjectNameDesc),
+      CREATETABLE)
   }
 
   val CreateV2Table = {
@@ -225,7 +230,10 @@ object TableCommands {
       catalogDesc = Some(CatalogDesc()))
     TableCommandSpec(
       cmd,
-      Seq(tableDesc, resolvedDbObjectNameDesc.copy(fieldName = "left")),
+      Seq(
+        resolvedIdentifierTableDesc.copy(fieldName = "left"),
+        tableDesc,
+        resolvedDbObjectNameDesc.copy(fieldName = "left")),
       CREATETABLE_AS_SELECT,
       Seq(queryQueryDesc))
   }

From 52d3bf25ed5690f30ddfffcd01e2fc43e73223ce Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sun, 28 May 2023 09:32:23 +0800
Subject: [PATCH 396/760] [KYUUBI #4889] Admin command line supports list
 server command

### _Why are the changes needed?_

Support to list server with kyuubi-admin/kyuubi rest client.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- UT for AdminRestAPI
- UT for AminCtlArgument
- UT for AdminCtl

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4889 from turboFei/list_server.

Closes #4889

bfd13fbde [fwang12] nit
0a0131552 [fwang12] list server

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/tools/kyuubi-admin.rst                   |  9 ++++
 .../ctl/cli/AdminControlCliArguments.scala    |  8 +++-
 .../ctl/cmd/list/AdminListServerCommand.scala | 44 +++++++++++++++++++
 .../kyuubi/ctl/opt/AdminCommandLine.scala     |  8 +++-
 .../org/apache/kyuubi/ctl/util/Render.scala   | 15 ++++++-
 .../ctl/AdminControlCliArgumentsSuite.scala   | 11 ++++-
 .../apache/kyuubi/client/AdminRestApi.java    |  8 ++++
 .../kyuubi/client/api/v1/dto/ServerData.java  |  2 +
 .../server/rest/client/AdminCtlSuite.scala    | 18 +++++++-
 .../rest/client/AdminRestApiSuite.scala       | 25 ++++++++++-
 10 files changed, 142 insertions(+), 6 deletions(-)
 create mode 100644 kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala

diff --git a/docs/tools/kyuubi-admin.rst b/docs/tools/kyuubi-admin.rst
index 606396593..7fd07e973 100644
--- a/docs/tools/kyuubi-admin.rst
+++ b/docs/tools/kyuubi-admin.rst
@@ -98,6 +98,15 @@ Usage: ``bin/kyuubi-admin list engine [options]``
    * - --hs2ProxyUser
      - The proxy user to impersonate. When specified, it will list engines for the hs2ProxyUser.
 
+.. _list_server:
+
+List Servers
+-------------------------------------
+
+Prints a table of the key information about the servers.
+
+Usage: ``bin/kyuubi-admin list server``
+
 .. _delete_engine:
 
 Delete an Engine
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala
index 4bc1e1317..5a45630c6 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala
@@ -22,7 +22,7 @@ import scopt.OParser
 import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.ctl.cmd.Command
 import org.apache.kyuubi.ctl.cmd.delete.AdminDeleteEngineCommand
-import org.apache.kyuubi.ctl.cmd.list.AdminListEngineCommand
+import org.apache.kyuubi.ctl.cmd.list.{AdminListEngineCommand, AdminListServerCommand}
 import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommand
 import org.apache.kyuubi.ctl.opt.{AdminCommandLine, CliConfig, ControlAction, ControlObject}
 
@@ -37,6 +37,7 @@ class AdminControlCliArguments(args: Seq[String], env: Map[String, String] = sys
     cliConfig.action match {
       case ControlAction.LIST => cliConfig.resource match {
           case ControlObject.ENGINE => new AdminListEngineCommand(cliConfig)
+          case ControlObject.SERVER => new AdminListServerCommand(cliConfig)
           case _ => throw new KyuubiException(s"Invalid resource: ${cliConfig.resource}")
         }
       case ControlAction.DELETE => cliConfig.resource match {
@@ -61,6 +62,11 @@ class AdminControlCliArguments(args: Seq[String], env: Map[String, String] = sys
            |  sharelevel              ${cliConfig.engineOpts.engineShareLevel}
            |  sharesubdomain          ${cliConfig.engineOpts.engineSubdomain}
         """.stripMargin
+      case ControlObject.SERVER =>
+        s"""Parsed arguments:
+           |  action                  ${cliConfig.action}
+           |  resource                ${cliConfig.resource}
+        """.stripMargin
       case ControlObject.CONFIG =>
         s"""Parsed arguments:
            |  action                  ${cliConfig.action}
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala
new file mode 100644
index 000000000..a8e7e5d06
--- /dev/null
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.ctl.cmd.list
+
+import scala.collection.JavaConverters._
+
+import org.apache.kyuubi.client.AdminRestApi
+import org.apache.kyuubi.client.api.v1.dto.ServerData
+import org.apache.kyuubi.ctl.RestClientFactory.withKyuubiRestClient
+import org.apache.kyuubi.ctl.cmd.AdminCtlCommand
+import org.apache.kyuubi.ctl.opt.CliConfig
+import org.apache.kyuubi.ctl.util.Render
+
+class AdminListServerCommand(cliConfig: CliConfig)
+  extends AdminCtlCommand[Seq[ServerData]](cliConfig) {
+
+  override def validate(): Unit = {}
+
+  override def doRun(): Seq[ServerData] = {
+    withKyuubiRestClient(normalizedCliConfig, null, conf) { kyuubiRestClient =>
+      val adminRestApi = new AdminRestApi(kyuubiRestClient)
+      adminRestApi.listServers().asScala
+    }
+  }
+
+  override def render(resp: Seq[ServerData]): Unit = {
+    info(Render.renderServerNodesInfo(resp))
+  }
+}
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
index b1a70935b..71e4068e5 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
@@ -64,7 +64,8 @@ object AdminCommandLine extends CommonCommandLine {
         .text("\tList information about resources.")
         .action((_, c) => c.copy(action = ControlAction.LIST))
         .children(
-          engineCmd(builder).text("\tList all the engine nodes for a user")))
+          engineCmd(builder).text("\tList all the engine nodes for a user"),
+          serverCmd(builder).text("\tList all the server nodes")))
 
   }
 
@@ -94,6 +95,11 @@ object AdminCommandLine extends CommonCommandLine {
           .text("The engine share level this engine belong to."))
   }
 
+  private def serverCmd(builder: OParserBuilder[CliConfig]): OParser[_, CliConfig] = {
+    import builder._
+    cmd("server").action((_, c) => c.copy(resource = ControlObject.SERVER))
+  }
+
   private def refreshConfigCmd(builder: OParserBuilder[CliConfig]): OParser[_, CliConfig] = {
     import builder._
     cmd("config").action((_, c) => c.copy(resource = ControlObject.CONFIG))
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
index 2d4879e42..bb6e3529d 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.ctl.util
 import scala.collection.JavaConverters._
 import scala.collection.mutable.ListBuffer
 
-import org.apache.kyuubi.client.api.v1.dto.{Batch, Engine, GetBatchesResponse, SessionData}
+import org.apache.kyuubi.client.api.v1.dto.{Batch, Engine, GetBatchesResponse, ServerData, SessionData}
 import org.apache.kyuubi.ctl.util.DateTimeUtils._
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
@@ -45,6 +45,19 @@ private[ctl] object Render {
     Tabulator.format(title, header, rows)
   }
 
+  def renderServerNodesInfo(serverNodesInfo: Seq[ServerData]): String = {
+    val title = s"Server Node List (total ${serverNodesInfo.size})"
+    val header = Array("Namespace", "Instance", "Attributes", "Status")
+    val rows = serverNodesInfo.map { server =>
+      Array(
+        server.getNamespace,
+        server.getInstance,
+        server.getAttributes.asScala.map { case (k, v) => s"$k=$v" }.mkString("\n"),
+        server.getStatus)
+    }.toArray
+    Tabulator.format(title, header, rows)
+  }
+
   def renderSessionDataListInfo(sessions: Seq[SessionData]): String = {
     val title = s"Live Session List (total ${sessions.size})"
     val header = Array(
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
index dab796127..fdadd011b 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
@@ -115,6 +115,13 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
     }
   }
 
+  test("test list server") {
+    val args = Array("list", "server")
+    val opArgs = new AdminControlCliArguments(args)
+    assert(opArgs.cliConfig.action.toString === "LIST")
+    assert(opArgs.cliConfig.resource.toString === "SERVER")
+  }
+
   test("test --help") {
     // scalastyle:off
     val helpString =
@@ -130,7 +137,7 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
          |  --hs2ProxyUser <value>   The value of hive.server2.proxy.user config.
          |  --conf <value>           Kyuubi config property pair, formatted key=value.
          |
-         |Command: list [engine]
+         |Command: list [engine|server]
          |	List information about resources.
          |Command: list engine [options]
          |	List all the engine nodes for a user
@@ -140,6 +147,8 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
          |                           The engine subdomain this engine belong to.
          |  -esl, --engine-share-level <value>
          |                           The engine share level this engine belong to.
+         |Command: list server
+         |	List all the server nodes
          |
          |Command: delete [engine]
          |	Delete resources.
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index c81af593a..a983827c8 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -23,6 +23,7 @@
 import java.util.Map;
 import org.apache.kyuubi.client.api.v1.dto.Engine;
 import org.apache.kyuubi.client.api.v1.dto.OperationData;
+import org.apache.kyuubi.client.api.v1.dto.ServerData;
 import org.apache.kyuubi.client.api.v1.dto.SessionData;
 
 public class AdminRestApi {
@@ -99,6 +100,13 @@ public String closeOperation(String operationHandleStr) {
     return this.getClient().delete(url, null, client.getAuthHeader());
   }
 
+  public List<ServerData> listServers() {
+    ServerData[] result =
+        this.getClient()
+            .get(API_BASE_PATH + "/server", null, ServerData[].class, client.getAuthHeader());
+    return Arrays.asList(result);
+  }
+
   private IRestClient getClient() {
     return this.client.getHttpClient();
   }
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
index d64d43a72..6fe036162 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
@@ -29,6 +29,8 @@ public class ServerData {
   private Map<String, String> attributes;
   private String status;
 
+  public ServerData() {}
+
   public ServerData(
       String nodeName,
       String namespace,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
index 389b67e47..986b171c1 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
@@ -19,13 +19,16 @@ package org.apache.kyuubi.server.rest.client
 
 import java.util.UUID
 
+import org.mockito.Mockito.lenient
+import org.scalatestplus.mockito.MockitoSugar.mock
+
 import org.apache.kyuubi.{KYUUBI_VERSION, RestClientTestHelper}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ctl.{CtlConf, TestPrematureExit}
 import org.apache.kyuubi.engine.EngineRef
 import org.apache.kyuubi.ha.HighAvailabilityConf
+import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceDiscovery}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
-import org.apache.kyuubi.ha.client.DiscoveryPaths
 import org.apache.kyuubi.plugin.PluginLoader
 
 class AdminCtlSuite extends RestClientTestHelper with TestPrematureExit {
@@ -102,4 +105,17 @@ class AdminCtlSuite extends RestClientTestHelper with TestPrematureExit {
       args,
       "Engine Node List (total 0)")
   }
+
+  test("list server") {
+    // Mock Kyuubi Server
+    val serverDiscovery = mock[ServiceDiscovery]
+    lenient.when(serverDiscovery.fe).thenReturn(fe)
+    val namespace = conf.get(HighAvailabilityConf.HA_NAMESPACE)
+    withDiscoveryClient(conf) { client =>
+      client.registerService(conf, namespace, serverDiscovery)
+
+      val args = Array("list", "server", "--authSchema", "spnego")
+      testPrematureExitForAdminControlCli(args, "Server Node List (total 1)")
+    }
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
index b79e62a12..91cd33e58 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
@@ -22,14 +22,16 @@ import java.util.UUID
 import scala.collection.JavaConverters.asScalaBufferConverter
 
 import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V2
+import org.mockito.Mockito.lenient
+import org.scalatestplus.mockito.MockitoSugar.mock
 
 import org.apache.kyuubi.{KYUUBI_VERSION, RestClientTestHelper}
 import org.apache.kyuubi.client.{AdminRestApi, KyuubiRestClient}
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.engine.EngineRef
 import org.apache.kyuubi.ha.HighAvailabilityConf
+import org.apache.kyuubi.ha.client.{DiscoveryPaths, ServiceDiscovery}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
-import org.apache.kyuubi.ha.client.DiscoveryPaths
 import org.apache.kyuubi.plugin.PluginLoader
 
 class AdminRestApiSuite extends RestClientTestHelper {
@@ -148,4 +150,25 @@ class AdminRestApiSuite extends RestClientTestHelper {
     assert(!operations.map(op => op.getIdentifier).contains(operation.identifier.toString))
 
   }
+
+  test("list server") {
+    val spnegoKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.SPNEGO)
+        .spnegoHost("localhost")
+        .build()
+    val adminRestApi = new AdminRestApi(spnegoKyuubiRestClient)
+
+    // Mock Kyuubi Server
+    val serverDiscovery = mock[ServiceDiscovery]
+    lenient.when(serverDiscovery.fe).thenReturn(fe)
+    val namespace = conf.get(HighAvailabilityConf.HA_NAMESPACE)
+    withDiscoveryClient(conf) { client =>
+      client.registerService(conf, namespace, serverDiscovery)
+
+      val servers = adminRestApi.listServers().asScala
+      assert(servers.nonEmpty)
+      assert(servers.map(s => s.getInstance()).contains(server.frontendServices.last.connectionUrl))
+    }
+  }
 }

From 07e590ad26042b002e89e6b30a86d222436d50de Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sun, 28 May 2023 12:46:09 +0800
Subject: [PATCH 397/760] [KYUUBI #4893] [MINOR] Prevent null collection for
 rest dto

### _Why are the changes needed?_

As title.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4893 from turboFei/minor_dto.

Closes #4893

aeb5a25a9 [fwang12] prevent null:

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/client/api/v1/dto/OperationData.java    | 4 ++++
 .../java/org/apache/kyuubi/client/api/v1/dto/ServerData.java  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
index 8b1f7656e..70c2dd3f3 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/OperationData.java
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.client.api.v1.dto;
 
+import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
@@ -154,6 +155,9 @@ public void setKyuubiInstance(String kyuubiInstance) {
   }
 
   public Map<String, String> getMetrics() {
+    if (null == metrics) {
+      return Collections.emptyMap();
+    }
     return metrics;
   }
 
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
index 6fe036162..7b68763d2 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/ServerData.java
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.client.api.v1.dto;
 
+import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
 
@@ -94,6 +95,9 @@ public ServerData setPort(int port) {
   }
 
   public Map<String, String> getAttributes() {
+    if (null == attributes) {
+      return Collections.emptyMap();
+    }
     return attributes;
   }
 

From 2e5fe7099ac713c746d9bab62a0538beab00a68c Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 29 May 2023 11:15:31 +0800
Subject: [PATCH 398/760] [KYUUBI #4894] Bump Mockito from 4.9.0 to 4.11.0 and
 ScalaTest from 3.2.15 to 3.2.16

### _Why are the changes needed?_

- ScalaTest 3.2.16 release note: https://github.com/scalatest/scalatest/releases/tag/release-3.2.16
- ScalaTestPlus plugin 3.2.16 releases plugin for Mockito 4.9.0 or above : https://github.com/scalatest/scalatestplus-mockito/releases/tag/release-3.2.16.0-for-mockito-4.11
- Mockito 4.11.0 is the latest available version of 4.x, which released in Dec 2022 and the last version supporting Java8 : https://github.com/mockito/mockito/releases/tag/v4.11.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4894 from bowenliang123/scalatest-3.2.16.

Closes #4894

f50c28253 [liangbowen] pom
36d4d0f98 [liangbowen] bump mockito to 4.11.0
80dfb28af [liangbowen] bump scalatest to 3.2.16

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 kyuubi-common/pom.xml | 2 +-
 kyuubi-server/pom.xml | 2 +-
 pom.xml               | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index 1ff8bea98..376bb860c 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -155,7 +155,7 @@
 
         <dependency>
             <groupId>org.scalatestplus</groupId>
-            <artifactId>mockito-4-6_${scala.binary.version}</artifactId>
+            <artifactId>mockito-4-11_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
 
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 54d4507d5..2a7ce2270 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -476,7 +476,7 @@
 
         <dependency>
             <groupId>org.scalatestplus</groupId>
-            <artifactId>mockito-4-6_${scala.binary.version}</artifactId>
+            <artifactId>mockito-4-11_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
 
diff --git a/pom.xml b/pom.xml
index b23fbd0d5..5bf90e748 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,7 +174,7 @@
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
-        <mockito.version>4.6.1</mockito.version>
+        <mockito.version>4.11.0</mockito.version>
         <netty.version>4.1.89.Final</netty.version>
         <openai.java.version>0.12.0</openai.java.version>
         <parquet.version>1.10.1</parquet.version>
@@ -183,8 +183,8 @@
         <protobuf.version>3.21.7</protobuf.version>
         <py4j.version>0.10.7</py4j.version>
         <ranger.version>2.4.0</ranger.version>
-        <scalatest.version>3.2.15</scalatest.version>
-        <scalatestplus.version>3.2.15.0</scalatestplus.version>
+        <scalatest.version>3.2.16</scalatest.version>
+        <scalatestplus.version>3.2.16.0</scalatestplus.version>
         <scopt.version>4.1.0</scopt.version>
         <slf4j.version>1.7.36</slf4j.version>
         <snakeyaml.version>1.33</snakeyaml.version>
@@ -1043,7 +1043,7 @@
 
             <dependency>
                 <groupId>org.scalatestplus</groupId>
-                <artifactId>mockito-4-6_${scala.binary.version}</artifactId>
+                <artifactId>mockito-4-11_${scala.binary.version}</artifactId>
                 <version>${scalatestplus.version}</version>
             </dependency>
 

From e155851069deeb8bc55943b72ca9cef66e1012d8 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 29 May 2023 16:55:56 +0800
Subject: [PATCH 399/760] [KYUUBI #4887] Refactor and add ut for  ClassUtils

### _Why are the changes needed?_

- add unit tests for `ClassUtils`
- refactor `ClassUtils.createInstance` method with DynConstructors
- move `classIsLoadable` method to `ReflectUtils.isClassLoadable`, refeactor to use DynClasses

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4887 from bowenliang123/classutil.

Closes #4887

c39f9a0a4 [liangbowen] simplify ut
633e21ddc [liangbowen] Refactor and add ut for ClassUtils

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../scala/org/apache/spark/ui/EngineTab.scala | 23 +++---
 .../scala/org/apache/kyuubi/Logging.scala     |  4 +-
 .../org/apache/kyuubi/util/ClassUtils.scala   | 33 +++------
 .../apache/kyuubi/util/ClassUtilsSuite.scala  | 71 +++++++++++++++++++
 .../kyuubi/util/reflect/ReflectUtils.scala    | 13 ++++
 .../util/reflect/ReflectUtilsSuite.scala      | 29 ++++++++
 6 files changed, 133 insertions(+), 40 deletions(-)
 create mode 100644 kyuubi-common/src/test/scala/org/apache/kyuubi/util/ClassUtilsSuite.scala
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala
index b7cebbd97..14ef3d3fd 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala
@@ -26,7 +26,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.SparkSQLEngine
 import org.apache.kyuubi.engine.spark.events.EngineEventsStore
 import org.apache.kyuubi.service.ServiceState
-import org.apache.kyuubi.util.ClassUtils
+import org.apache.kyuubi.util.reflect.DynClasses
 
 /**
  * Note that [[SparkUITab]] is private for Spark
@@ -62,8 +62,13 @@ case class EngineTab(
 
   sparkUI.foreach { ui =>
     try {
-      // Spark shade the jetty package so here we use reflection
-      val sparkServletContextHandlerClz = loadSparkServletContextHandler
+      // [KYUUBI #3627]: the official spark release uses the shaded and relocated jetty classes,
+      // but if we use sbt to build for testing, e.g. docker image, it still uses the vanilla
+      // jetty classes.
+      val sparkServletContextHandlerClz = DynClasses.builder()
+        .impl("org.sparkproject.jetty.servlet.ServletContextHandler")
+        .impl("org.eclipse.jetty.servlet.ServletContextHandler")
+        .build()
       val attachHandlerMethod = Class.forName("org.apache.spark.ui.SparkUI")
         .getMethod("attachHandler", sparkServletContextHandlerClz)
       val createRedirectHandlerMethod = Class.forName("org.apache.spark.ui.JettyUtils")
@@ -105,18 +110,6 @@ case class EngineTab(
       cause)
   }
 
-  private def loadSparkServletContextHandler: Class[_] = {
-    // [KYUUBI #3627]: the official spark release uses the shaded and relocated jetty classes,
-    // but if use sbt to build for testing, e.g. docker image, it still uses vanilla jetty classes.
-    val shaded = "org.sparkproject.jetty.servlet.ServletContextHandler"
-    val vanilla = "org.eclipse.jetty.servlet.ServletContextHandler"
-    if (ClassUtils.classIsLoadable(shaded)) {
-      Class.forName(shaded)
-    } else {
-      Class.forName(vanilla)
-    }
-  }
-
   def handleKillRequest(request: HttpServletRequest): Unit = {
     if (killEnabled && engine.isDefined && engine.get.getServiceState != ServiceState.STOPPED) {
       engine.get.stop()
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
index 1df598132..82c1bd45a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
@@ -23,7 +23,7 @@ import org.apache.logging.log4j.core.config.DefaultConfiguration
 import org.slf4j.{Logger, LoggerFactory}
 import org.slf4j.bridge.SLF4JBridgeHandler
 
-import org.apache.kyuubi.util.ClassUtils
+import org.apache.kyuubi.util.reflect.ReflectUtils
 
 /**
  * Simple version of logging adopted from Apache Spark.
@@ -148,7 +148,7 @@ object Logging {
       isInterpreter: Boolean,
       loggerName: String,
       logger: => Logger): Unit = {
-    if (ClassUtils.classIsLoadable("org.slf4j.bridge.SLF4JBridgeHandler")) {
+    if (ReflectUtils.isClassLoadable("org.slf4j.bridge.SLF4JBridgeHandler")) {
       // Handles configuring the JUL -> SLF4J bridge
       SLF4JBridgeHandler.removeHandlersForRootLogger()
       SLF4JBridgeHandler.install()
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ClassUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ClassUtils.scala
index bcbfdabfb..d8eda3426 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ClassUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ClassUtils.scala
@@ -17,10 +17,9 @@
 
 package org.apache.kyuubi.util
 
-import scala.util.Try
-
 import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.util.reflect._
 
 object ClassUtils {
 
@@ -34,28 +33,16 @@ object ClassUtils {
    */
   def createInstance[T](className: String, expected: Class[T], conf: KyuubiConf): T = {
     val classLoader = Thread.currentThread.getContextClassLoader
-    val cls = Class.forName(className, true, classLoader)
-    cls match {
-      case clazz if expected.isAssignableFrom(cls) =>
-        val confConstructor = clazz.getConstructors.exists(p => {
-          val params = p.getParameterTypes
-          params.length == 1 && classOf[KyuubiConf].isAssignableFrom(params(0))
-        })
-        if (confConstructor) {
-          clazz.getConstructor(classOf[KyuubiConf]).newInstance(conf)
-            .asInstanceOf[T]
-        } else {
-          clazz.newInstance().asInstanceOf[T]
-        }
-      case _ => throw new KyuubiException(
-          s"$className must extend of ${expected.getName}")
+    try {
+      DynConstructors.builder(expected).loader(classLoader)
+        .impl(className, classOf[KyuubiConf])
+        .impl(className)
+        .buildChecked[T]()
+        .newInstance(conf)
+    } catch {
+      case e: Exception =>
+        throw new KyuubiException(s"$className must extend of ${expected.getName}", e)
     }
   }
 
-  /** Determines whether the provided class is loadable. */
-  def classIsLoadable(
-      clazz: String,
-      cl: ClassLoader = Thread.currentThread().getContextClassLoader): Boolean = {
-    Try { Class.forName(clazz, false, cl) }.isSuccess
-  }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/ClassUtilsSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/ClassUtilsSuite.scala
new file mode 100644
index 000000000..cda638b0d
--- /dev/null
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/ClassUtilsSuite.scala
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.util
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.config.KyuubiConf
+
+class ClassUtilsSuite extends KyuubiFunSuite {
+
+  private val _conf = KyuubiConf()
+
+  test("create instance with zero-arg arg") {
+    val instance = ClassUtils.createInstance[SomeProvider](
+      "org.apache.kyuubi.util.ProviderA",
+      classOf[SomeProvider],
+      _conf)
+
+    assert(instance != null)
+    assert(instance.isInstanceOf[SomeProvider])
+    assert(instance.isInstanceOf[ProviderA])
+  }
+
+  test("create instance with kyuubi conf") {
+    val instance = ClassUtils.createInstance[SomeProvider](
+      "org.apache.kyuubi.util.ProviderB",
+      classOf[SomeProvider],
+      _conf)
+    assert(instance != null)
+    assert(instance.isInstanceOf[SomeProvider])
+    assert(instance.isInstanceOf[ProviderB])
+    assert(instance.asInstanceOf[ProviderB].getConf != null)
+  }
+
+  test("create instance of inherited class with kyuubi conf") {
+    val instance = ClassUtils.createInstance[SomeProvider](
+      "org.apache.kyuubi.util.ProviderC",
+      classOf[SomeProvider],
+      _conf)
+    assert(instance != null)
+    assert(instance.isInstanceOf[SomeProvider])
+    assert(instance.isInstanceOf[ProviderB])
+    assert(instance.isInstanceOf[ProviderC])
+    assert(instance.asInstanceOf[ProviderC].getConf != null)
+  }
+
+}
+
+trait SomeProvider {}
+
+class ProviderA extends SomeProvider {}
+
+class ProviderB(conf: KyuubiConf) extends SomeProvider {
+  def getConf: KyuubiConf = conf
+}
+
+class ProviderC(conf: KyuubiConf) extends ProviderB(conf) {}
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
index 843b8489a..2c46c775b 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -21,6 +21,19 @@ import scala.util.{Failure, Success, Try}
 
 object ReflectUtils {
 
+  /**
+   * Determines whether the provided class is loadable
+   * @param className the class name
+   * @param cl the class loader
+   * @return is the class name loadable with the class loader
+   */
+  def isClassLoadable(
+      className: String,
+      cl: ClassLoader = Thread.currentThread().getContextClassLoader): Boolean =
+    Try {
+      DynClasses.builder().loader(cl).impl(className).buildChecked()
+    }.isSuccess
+
   def getFieldVal[T](target: Any, fieldName: String): T =
     Try {
       DynFields.builder().hiddenImpl(target.getClass, fieldName).build[T]().get(target)
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
new file mode 100644
index 000000000..f28024f18
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.util.reflect
+
+import org.apache.kyuubi.util.reflect.ReflectUtils._
+// scalastyle:off
+import org.scalatest.funsuite.AnyFunSuite
+class ReflectUtilsSuite extends AnyFunSuite {
+  // scalastyle:on
+
+  test("check class loadable") {
+    assert(isClassLoadable(getClass.getName))
+    assert(!isClassLoadable("org.apache.kyuubi.NonExistClass"))
+  }
+}

From a1ce7fb684f14c9a74d5cd8fddc20ffbfa9c3963 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 30 May 2023 13:55:18 +0800
Subject: [PATCH 400/760] [KYUUBI #4892] [AUTHZ] Make identifier part name
 comparision case insenstive in tests of PrivilegeBuilder

### _Why are the changes needed?_

- the identifier parts are turned into lower case by default as `spark.sql.caseSensitive` config  (including catalog, database, table, function name), in [`SessionCatalog.qualifyIdentifier`](https://github.com/apache/spark/pull/37415/files#diff-9dd0899e5406230aeff96654432da54f35255f6dc60eecb87264a5c508a8c826R161) of <https://github.com/apache/spark/pull/37415>
- fix failed ut in Authz pluin tested w/ Spark 3.4
  - AlterTableRenameCommand
  - AlterTableAddPartitionCommand
  - AlterViewAsCommand
  - AlterTableDropPartitionCommand
  - RefreshFunctionCommand
  - AlterTableRenamePartitionCommand
  - AlterTableSetLocationCommand
  - AlterTable(Un)SetPropertiesCommand
  - TruncateTableCommand
  - AlterTableAddColumnsCommand
  - AlterTableChangeColumnCommand
  - ShowCreateTableAsSerdeCommand

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4892 from bowenliang123/authz-assert-incase.

Closes #4892

8500dd8ed [liangbowen] case insenstive assertion to identifer part name

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 ...IcebergCatalogPrivilegesBuilderSuite.scala |  17 +-
 .../spark/authz/PrivilegesBuilderSuite.scala  | 257 +++++++++---------
 .../authz/V2CommandsPrivilegesSuite.scala     | 183 ++++++-------
 ...bcTableCatalogPrivilegesBuilderSuite.scala |  27 +-
 .../spark/authz/util/AssertionUtils.scala     |  54 ++++
 5 files changed, 298 insertions(+), 240 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index a63174dc8..e68a8bfd0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -22,6 +22,7 @@ import org.scalatest.Outcome
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
 
@@ -67,8 +68,8 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.UPDATE)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -84,8 +85,8 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.UPDATE)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -107,8 +108,8 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
       val po0 = inputs.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.dbname === namespace)
-      assert(po0.objectName === catalogTableShort)
+      assertEqualsIgnoreCase(namespace)(po0.dbname)
+      assertEqualsIgnoreCase(catalogTableShort)(po0.objectName)
       assert(po0.columns === Seq("key", "value"))
       checkV2TableOwner(po0)
 
@@ -116,8 +117,8 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.UPDATE)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 5106a53f6..b5303aa81 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -33,6 +33,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 abstract class PrivilegesBuilderSuite extends AnyFunSuite
@@ -123,8 +124,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === defaultDb)
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase(defaultDb)(po.objectName)
     assert(po.columns.isEmpty)
   }
 
@@ -148,8 +149,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
         out.foreach { po =>
           assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
           assert(po.catalog.isEmpty)
-          assert(po.dbname equalsIgnoreCase reusedDb)
-          assert(Set(oldTableShort, "efg").contains(po.objectName))
+          assertEqualsIgnoreCase(reusedDb)(po.dbname)
+          assertExistsIgnoreCase(po.objectName)(Set(oldTableShort, "efg"))
           assert(po.columns.isEmpty)
           val accessType = ranger.AccessType(po, operationType, isInput = false)
           assert(accessType == AccessType.ALTER)
@@ -172,8 +173,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === "CreateDatabaseCommand")
-      assert(po.objectName === "CreateDatabaseCommand")
+      assertEqualsIgnoreCase(db)(po.dbname)
+      assertEqualsIgnoreCase(db)(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
@@ -195,8 +196,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === "DropDatabaseCommand")
-      assert(po.objectName === "DropDatabaseCommand")
+      assertEqualsIgnoreCase(db)(po.dbname)
+      assertEqualsIgnoreCase(db)(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.DROP)
@@ -213,8 +214,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName === reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po.objectName)
     assert(po.columns.head === "pid")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -231,8 +232,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName === reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po.objectName)
     assert(po.columns.head === "pid")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -264,8 +265,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
         assert(po.actionType === PrivilegeObjectActionType.OTHER)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase reusedDb)
-        assert(po.objectName equalsIgnoreCase tableName.split("\\.").last)
+        assertEqualsIgnoreCase(reusedDb)(po.dbname)
+        assertEqualsIgnoreCase(tableName.split("\\.").last)(po.objectName)
         assert(po.columns.isEmpty)
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -287,8 +288,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName === reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po.objectName)
     assert(po.columns.head === "pid")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -310,8 +311,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === reusedDb)
-    assert(po.objectName === reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po.objectName)
     assert(po.columns.head === "pid")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -332,8 +333,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === reusedDb)
-      assert(po.objectName === reusedTable.split("\\.").last)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
       assert(po.columns.isEmpty)
       checkTableOwner(po)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -351,8 +352,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po0.objectName)
     if (isSparkV32OrGreater) {
       // Query in AlterViewAsCommand can not be resolved before SPARK-34698
       assert(po0.columns === Seq("key", "value", "pid"))
@@ -366,8 +367,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === "AlterViewAsCommand")
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase("AlterViewAsCommand")(po.objectName)
     checkTableOwner(po)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -383,8 +384,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po0.objectName)
     // ignore this check as it behaves differently across spark versions
     assert(po0.columns === Seq("key"))
     checkTableOwner(po0)
@@ -404,8 +405,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po0.objectName)
     // ignore this check as it behaves differently across spark versions
     assert(po0.columns === Seq("pid"))
     checkTableOwner(po0)
@@ -425,8 +426,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po0.objectName)
     // ignore this check as it behaves differently across spark versions
     assert(po0.columns.isEmpty)
     checkTableOwner(po0)
@@ -446,8 +447,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.DATABASE)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedDb)(po0.objectName)
     // ignore this check as it behaves differently across spark versions
     assert(po0.columns.isEmpty)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -464,8 +465,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedDb)(po0.objectName)
     assert(po0.columns.isEmpty)
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -483,8 +484,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     if (isSparkV32OrGreater) {
       assert(po0.columns.head === "key")
       checkTableOwner(po0)
@@ -506,8 +507,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     if (isSparkV32OrGreater) {
       assert(po0.columns === Seq("key", "value"))
       checkTableOwner(po0)
@@ -522,8 +523,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === "CreateViewCommand")
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase("CreateViewCommand")(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.CREATE)
@@ -542,8 +543,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === defaultDb)
-      assert(po.objectName === tableName)
+      assertEqualsIgnoreCase(defaultDb)(po.dbname)
+      assertEqualsIgnoreCase(tableName)(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
@@ -590,8 +591,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
     assert(po.catalog.isEmpty)
     val db = if (isSparkV33OrGreater) defaultDb else null
-    assert(po.dbname === db)
-    assert(po.objectName === "CreateFunctionCommand")
+    assertEqualsIgnoreCase(db)(po.dbname)
+    assertEqualsIgnoreCase("CreateFunctionCommand")(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.CREATE)
@@ -622,8 +623,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
     assert(po.catalog.isEmpty)
     val db = if (isSparkV33OrGreater) defaultDb else null
-    assert(po.dbname === db)
-    assert(po.objectName === "DropFunctionCommand")
+    assertEqualsIgnoreCase(db)(po.dbname)
+    assertEqualsIgnoreCase("DropFunctionCommand")(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.DROP)
@@ -643,8 +644,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
     assert(po.catalog.isEmpty)
     val db = if (isSparkV33OrGreater) defaultDb else null
-    assert(po.dbname === db)
-    assert(po.objectName === "RefreshFunctionCommand")
+    assertEqualsIgnoreCase(db)(po.dbname)
+    assertEqualsIgnoreCase("RefreshFunctionCommand")(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.NONE)
@@ -659,8 +660,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       val po0 = in.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.dbname equalsIgnoreCase reusedDb)
-      assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+      assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+      assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
       assert(po0.columns.isEmpty)
       checkTableOwner(po0)
       val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -671,8 +672,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName === "CreateTableLikeCommand")
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertEqualsIgnoreCase("CreateTableLikeCommand")(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
@@ -690,8 +691,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       val po0 = in.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.dbname equalsIgnoreCase reusedDb)
-      assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+      assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+      assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
       assert(po0.columns.isEmpty)
       checkTableOwner(po0)
       val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -702,8 +703,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName === "CreateTableLikeCommandWithoutDatabase")
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertEqualsIgnoreCase("CreateTableLikeCommandWithoutDatabase")(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
@@ -728,8 +729,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
     assert(po.columns === Seq("key"))
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -747,8 +748,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -767,8 +768,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedDb)(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.USE)
@@ -786,8 +787,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       val po0 = in.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.DATABASE)
-      assert(po0.dbname equalsIgnoreCase reusedDb)
-      assert(po0.objectName equalsIgnoreCase reusedDb)
+      assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+      assertEqualsIgnoreCase(reusedDb)(po0.objectName)
       assert(po0.columns.isEmpty)
       val accessType0 = ranger.AccessType(po0, operationType, isInput = false)
       assert(accessType0 === AccessType.USE)
@@ -809,8 +810,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName === reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po.objectName)
     assert(po.columns.head === "pid")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -825,8 +826,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     assert(po0.columns.isEmpty)
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -843,8 +844,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     assert(po0.columns.isEmpty)
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -861,8 +862,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     assert(po0.columns.isEmpty)
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -880,8 +881,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po0.objectName)
     assert(po0.columns === Seq("pid"))
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -916,8 +917,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
         assert(po.actionType === PrivilegeObjectActionType.OTHER)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase reusedDb)
-        assert(po.objectName equalsIgnoreCase tableName.split("\\.").last)
+        assertEqualsIgnoreCase(reusedDb)(po.dbname)
+        assertEqualsIgnoreCase(tableName.split("\\.").last)(po.objectName)
         assert(po.columns.isEmpty)
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -932,8 +933,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName equalsIgnoreCase reusedTableShort)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
     assert(po.columns.take(2) === Seq("key", "value"))
     checkTableOwner(po)
   }
@@ -1007,8 +1008,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("value", "pid", "key"),
         s"$reusedPartTable both 'key', 'value' and 'pid' should be authenticated")
@@ -1034,8 +1035,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("value", "key", "pid"),
         s"$reusedPartTable both 'key', 'value' and 'pid' should be authenticated")
@@ -1064,8 +1065,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("key", "value"),
         s"$reusedPartTable 'key' is the join key and 'pid' is omitted")
@@ -1093,8 +1094,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("key", "value"),
         s"$reusedPartTable both 'key' and 'value' should be authenticated")
@@ -1123,8 +1124,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("key", "value"),
         s"$reusedPartTable both 'key' and 'value' should be authenticated")
@@ -1149,8 +1150,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("key", "value"),
         s"$reusedPartTable both 'key' and 'value' should be authenticated")
@@ -1175,8 +1176,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname equalsIgnoreCase reusedDb)
-      assert(po.objectName startsWith reusedTableShort.toLowerCase)
+      assertEqualsIgnoreCase(reusedDb)(po.dbname)
+      assertStartsWithIgnoreCase(reusedTableShort)(po.objectName)
       assert(
         po.columns === Seq("key", "value", "pid"),
         s"$reusedPartTable both 'key', 'value' and 'pid' should be authenticated")
@@ -1219,8 +1220,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName === getClass.getSimpleName)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
     assert(po.columns.head === "a")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1238,8 +1239,8 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName === getClass.getSimpleName)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
     assert(po.columns.head === "value")
     checkTableOwner(po)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1266,8 +1267,8 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === defaultDb)
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase(defaultDb)(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.ALTER)
@@ -1283,8 +1284,8 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     assert(po0.columns === Seq("key", "value"))
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -1295,8 +1296,8 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === "CreateDataSourceTableAsSelectCommand")
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase("CreateDataSourceTableAsSelectCommand")(po.objectName)
     if (catalogImpl == "hive") {
       assert(po.columns === Seq("key", "value"))
     } else {
@@ -1326,8 +1327,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === defaultDb)
-      assert(po.objectName === t)
+      assertEqualsIgnoreCase(defaultDb)(po.dbname)
+      assertEqualsIgnoreCase(t)(po.objectName)
       assert(po.columns.head === "pid")
       checkTableOwner(po)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1347,8 +1348,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assert(po.catalog.isEmpty)
-      assert(po.dbname === defaultDb)
-      assert(po.objectName === "CreateTableCommand")
+      assertEqualsIgnoreCase(defaultDb)(po.dbname)
+      assertEqualsIgnoreCase("CreateTableCommand")(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
@@ -1366,8 +1367,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
-    assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+    assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
     assert(po0.columns === Seq("key", "value"))
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -1378,8 +1379,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === "CreateHiveTableAsSelectCommand")
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase("CreateHiveTableAsSelectCommand")(po.objectName)
     assert(po.columns === Seq("key", "value"))
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.CREATE)
@@ -1405,7 +1406,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       val po0 = out.head
       assert(po0.actionType === PrivilegeObjectActionType.INSERT_OVERWRITE)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.dbname equalsIgnoreCase reusedDb)
+      assertEqualsIgnoreCase(reusedDb)(po0.dbname)
       assert(po0.objectName equalsIgnoreCase tableName.split("\\.").last)
       assert(po0.columns.isEmpty)
       checkTableOwner(po0)
@@ -1429,7 +1430,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
     assert(po0.objectName equalsIgnoreCase reusedPartTable.split("\\.").last)
     assert(po0.columns === Seq("key", "value", "pid"))
     checkTableOwner(po0)
@@ -1473,8 +1474,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.OTHER)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase reusedDb)
-        assert(po.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+        assertEqualsIgnoreCase(reusedDb)(po.dbname)
+        assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
         assert(po.columns === Seq("key", "value"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = true)
@@ -1486,8 +1487,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.INSERT)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase defaultDb)
-        assert(po.objectName equalsIgnoreCase tableName)
+        assertEqualsIgnoreCase(defaultDb)(po.dbname)
+        assertEqualsIgnoreCase(tableName)(po.objectName)
         assert(po.columns.isEmpty)
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1515,8 +1516,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.OTHER)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase reusedDb)
-        assert(po.objectName equalsIgnoreCase reusedTable.split("\\.").last)
+        assertEqualsIgnoreCase(reusedDb)(po.dbname)
+        assertEqualsIgnoreCase(reusedTableShort)(po.objectName)
         assert(po.columns === Seq("key", "value"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1528,8 +1529,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.INSERT)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase defaultDb)
-        assert(po.objectName equalsIgnoreCase tableName)
+        assertEqualsIgnoreCase(defaultDb)(po.dbname)
+        assertEqualsIgnoreCase(tableName)(po.objectName)
         assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1553,7 +1554,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
     assert(po0.objectName equalsIgnoreCase reusedPartTable.split("\\.").last)
     assert(po0.columns === Seq("key", "value", "pid"))
     checkTableOwner(po0)
@@ -1578,7 +1579,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
     assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po0.dbname equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po0.dbname)
     assert(po0.objectName equalsIgnoreCase reusedPartTable.split("\\.").last)
     assert(po0.columns === Seq("key", "value", "pid"))
     checkTableOwner(po0)
@@ -1607,8 +1608,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
         assert(po.actionType === PrivilegeObjectActionType.INSERT)
         assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
         assert(po.catalog.isEmpty)
-        assert(po.dbname equalsIgnoreCase defaultDb)
-        assert(po.objectName equalsIgnoreCase tableName)
+        assertEqualsIgnoreCase(defaultDb)(po.dbname)
+        assertEqualsIgnoreCase(tableName)(po.objectName)
         assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
@@ -1627,8 +1628,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
       val po0 = in.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.dbname === defaultDb)
-      assert(po0.objectName === t)
+      assertEqualsIgnoreCase(defaultDb)(po0.dbname)
+      assertEqualsIgnoreCase(t)(po0.objectName)
       assert(po0.columns.isEmpty)
       checkTableOwner(po0)
       val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
@@ -1652,8 +1653,8 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
     assert(po.catalog.isEmpty)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === "OptimizedCreateHiveTableAsSelectCommand")
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase("OptimizedCreateHiveTableAsSelectCommand")(po.objectName)
     assert(po.columns === Seq("a"))
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.CREATE)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index c97dd9e26..907b0018b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -26,6 +26,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
 import org.apache.kyuubi.plugin.spark.authz.serde.{Database, DB_COMMAND_SPECS}
+import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
@@ -101,9 +102,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       assert(po.owner.isEmpty)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -123,9 +124,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po0 = inputs.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.catalog === None)
-      assert(po0.dbname equalsIgnoreCase reusedDb)
-      assert(po0.objectName equalsIgnoreCase reusedTableShort)
+      assert(po0.catalog.isEmpty)
+      assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+      assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
       assert(po0.columns.take(2) === Seq("key", "value"))
       checkTableOwner(po0)
 
@@ -133,9 +134,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       assert(po.owner.isEmpty)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -156,9 +157,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       assert(po.owner.isEmpty)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -178,9 +179,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po0 = inputs.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.catalog === None)
-      assert(po0.dbname equalsIgnoreCase reusedDb)
-      assert(po0.objectName equalsIgnoreCase reusedTableShort)
+      assert(po0.catalog.isEmpty)
+      assertEqualsIgnoreCase(reusedDb)(po0.dbname)
+      assertEqualsIgnoreCase(reusedTableShort)(po0.objectName)
       assert(po0.columns.take(2) === Seq("key", "value"))
       checkTableOwner(po0)
 
@@ -188,9 +189,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       assert(po.owner.isEmpty)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -209,9 +210,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.INSERT)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -231,9 +232,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.UPDATE)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -251,9 +252,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.UPDATE)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -269,9 +270,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.INSERT_OVERWRITE)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -292,9 +293,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.INSERT_OVERWRITE)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === catalogPartTableShort)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(catalogPartTableShort)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -317,9 +318,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogPartTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogPartTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -339,9 +340,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogPartTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogPartTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -361,9 +362,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogPartTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogPartTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -384,9 +385,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogPartTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogPartTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -405,9 +406,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -427,9 +428,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -454,9 +455,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po0 = inputs.head
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po0.catalog === Some(catalogV2))
-      assert(po0.dbname === namespace)
-      assert(po0.objectName === catalogTableShort)
+      assertEqualsIgnoreCase(Some(catalogV2))(po0.catalog)
+      assertEqualsIgnoreCase(namespace)(po0.dbname)
+      assertEqualsIgnoreCase(catalogTableShort)(po0.objectName)
       assert(po0.columns === Seq("key", "value"))
       checkV2TableOwner(po0)
 
@@ -464,9 +465,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.UPDATE)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -487,9 +488,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogPartTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogPartTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -508,9 +509,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = false)
@@ -525,9 +526,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val po = inputs.head
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-    assert(po.catalog === Some(catalogV2))
-    assert(po.dbname === namespace)
-    assert(po.objectName === catalogTableShort)
+    assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+    assertEqualsIgnoreCase(namespace)(po.dbname)
+    assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
     assert(po.columns.isEmpty)
     checkV2TableOwner(po)
     val accessType = AccessType(po, operationType, isInput = true)
@@ -552,9 +553,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -577,9 +578,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -602,9 +603,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -627,9 +628,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -652,9 +653,9 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       val po = outputs.head
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
-      assert(po.catalog === Some(catalogV2))
-      assert(po.dbname === namespace)
-      assert(po.objectName === table)
+      assertEqualsIgnoreCase(Some(catalogV2))(po.catalog)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
       checkV2TableOwner(po)
       val accessType = AccessType(po, operationType, isInput = false)
@@ -690,8 +691,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.get === sparkSessionCatalogName)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === defaultDb)
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase(defaultDb)(po.objectName)
     assert(po.columns.isEmpty)
   }
 
@@ -709,8 +710,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
       assert(po.catalog.get === sparkSessionCatalogName)
-      assert(po.dbname === "CreateNamespace")
-      assert(po.objectName === "CreateNamespace")
+      assertEqualsIgnoreCase("CreateNamespace")(po.dbname)
+      assertEqualsIgnoreCase("CreateNamespace")(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
@@ -734,8 +735,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.get === sparkSessionCatalogName)
-    assert(po.dbname === defaultDb)
-    assert(po.objectName === defaultDb)
+    assertEqualsIgnoreCase(defaultDb)(po.dbname)
+    assertEqualsIgnoreCase(defaultDb)(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.ALTER)
@@ -753,8 +754,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     assert(po.actionType === PrivilegeObjectActionType.OTHER)
     assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
     assert(po.catalog.get === sparkSessionCatalogName)
-    assert(po.dbname equalsIgnoreCase reusedDb)
-    assert(po.objectName equalsIgnoreCase reusedDb)
+    assertEqualsIgnoreCase(reusedDb)(po.dbname)
+    assertEqualsIgnoreCase(reusedDb)(po.objectName)
     assert(po.columns.isEmpty)
     val accessType = ranger.AccessType(po, operationType, isInput = false)
     assert(accessType === AccessType.USE)
@@ -777,8 +778,8 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       assert(po.actionType === PrivilegeObjectActionType.OTHER)
       assert(po.privilegeObjectType === PrivilegeObjectType.DATABASE)
       assert(po.catalog.get === sparkSessionCatalogName)
-      assert(po.dbname === "DropNameSpace")
-      assert(po.objectName === "DropNameSpace")
+      assertEqualsIgnoreCase(db)(po.dbname)
+      assertEqualsIgnoreCase(db)(po.objectName)
       assert(po.columns.isEmpty)
       val accessType = ranger.AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.DROP)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
index 63367c91c..c7ad1356e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
@@ -23,6 +23,7 @@ import scala.util.Try
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
+import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
@@ -81,9 +82,9 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
             Try(table = d.extract(plan, spark).get).isSuccess
           }
           withClue(str) {
-            assert(table.catalog === Some(catalogV2))
-            assert(table.database === Some(ns1))
-            assert(table.table === tbl)
+            assertEqualsIgnoreCase(Some(catalogV2))(table.catalog)
+            assertEqualsIgnoreCase(Some(ns1))(table.database)
+            assertEqualsIgnoreCase(tbl)(table.table)
             assert(table.owner.isEmpty)
           }
         }
@@ -106,9 +107,9 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
           Try(table = d.extract(plan, spark).get).isSuccess
         }
         withClue(sql1) {
-          assert(table.catalog === Some(catalogV2))
-          assert(table.database === Some(ns1))
-          assert(table.table === tbl)
+          assertEqualsIgnoreCase(Some(catalogV2))(table.catalog)
+          assertEqualsIgnoreCase(Some(ns1))(table.database)
+          assertEqualsIgnoreCase(tbl)(table.table)
           assert(table.owner.isEmpty)
         }
       }
@@ -128,9 +129,9 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
         var table: Table = null
         spec.tableDescs.find { d => Try(table = d.extract(plan, spark).get).isSuccess }
         withClue(sql1) {
-          assert(table.catalog === Some(catalogV2))
-          assert(table.database === Some(ns1))
-          assert(table.table === tbl)
+          assertEqualsIgnoreCase(Some(catalogV2))(table.catalog)
+          assertEqualsIgnoreCase(Some(ns1))(table.database)
+          assertEqualsIgnoreCase(tbl)(table.table)
           assert(table.owner.isEmpty)
         }
       }
@@ -148,8 +149,8 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
         Try(db = d.extract(plan)).isSuccess
       }
       withClue(sql) {
-        assert(db.catalog === Some(catalogV2))
-        assert(db.database === ns1)
+        assertEqualsIgnoreCase(Some(catalogV2))(db.catalog)
+        assertEqualsIgnoreCase(ns1)(db.database)
       }
     }
 
@@ -167,8 +168,8 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
         Try(db = d.extract(plan)).isSuccess
       }
       withClue(sql1) {
-        assert(db.catalog === Some(catalogV2))
-        assert(db.database === ns1)
+        assertEqualsIgnoreCase(Some(catalogV2))(db.catalog)
+        assertEqualsIgnoreCase(ns1)(db.database)
       }
     }
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala
new file mode 100644
index 000000000..00ecc28a0
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.plugin.spark.authz.util
+
+import java.util.Locale
+
+import org.scalactic.source
+import org.scalatest.Assertions.fail
+
+object AssertionUtils {
+
+  def assertEqualsIgnoreCase(expected: AnyRef)(actual: AnyRef)(
+      implicit pos: source.Position): Unit = {
+    val isEqualsIgnoreCase = (Option(expected), Option(actual)) match {
+      case (Some(expectedStr: String), Some(actualStr: String)) =>
+        expectedStr.equalsIgnoreCase(actualStr)
+      case (Some(Some(expectedStr: String)), Some(Some(actualStr: String))) =>
+        expectedStr.equalsIgnoreCase(actualStr)
+      case (None, None) => true
+      case _ => false
+    }
+    if (!isEqualsIgnoreCase) {
+      fail(s"Expected equaling to '$expected' ignoring case, but got '$actual'")(pos)
+    }
+  }
+
+  def assertStartsWithIgnoreCase(expectedPrefix: String)(actual: String)(
+      implicit pos: source.Position): Unit = {
+    if (!actual.toLowerCase(Locale.ROOT).startsWith(expectedPrefix.toLowerCase(Locale.ROOT))) {
+      fail(s"Expected starting with '$expectedPrefix' ignoring case, but got [$actual]")(pos)
+    }
+  }
+
+  def assertExistsIgnoreCase(expected: String)(actual: Iterable[String])(
+      implicit pos: source.Position): Unit = {
+    if (!actual.exists(_.equalsIgnoreCase(expected))) {
+      fail(s"Expected containing '$expected' ignoring case, but got [$actual]")(pos)
+    }
+  }
+}

From eb5b07b9a7714bc16d7cd43ce248dedebbc7aa4d Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 30 May 2023 15:31:31 +0800
Subject: [PATCH 401/760] [KYUUBI #4899] [AUTHZ] Extract function from
 FunctionIdentifier for CreateFunction and DropFunction in Spark 3.4

### _Why are the changes needed?_

- adapting changes in logical plan of CreateFunction/DropFunction  in Spark 3.4 by extracting table object from `FunctionIdentifier`, to fix tests on Spark 3.4
  - ut "CreateFunctionCommand"
  - ut "DropFunctionCommand"

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4899 from bowenliang123/authz-functionid.

Closes #4899

464d3eb3d [liangbowen] apply FunctionIdentifierFunctionTypeExtractor to CreateFunction/DropFunction

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../main/resources/function_command_spec.json | 20 +++++++++++++++++++
 .../spark/authz/gen/FunctionCommands.scala    |  8 ++++++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/function_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/function_command_spec.json
index c93985614..0b71245d2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/function_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/function_command_spec.json
@@ -1,6 +1,16 @@
 [ {
   "classname" : "org.apache.spark.sql.execution.command.CreateFunctionCommand",
   "functionDescs" : [ {
+    "fieldName" : "identifier",
+    "fieldExtractor" : "FunctionIdentifierFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "isTemp",
+      "fieldExtractor" : "TempMarkerFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP" ]
+    },
+    "isInput" : false
+  }, {
     "fieldName" : "functionName",
     "fieldExtractor" : "StringFunctionExtractor",
     "databaseDesc" : {
@@ -44,6 +54,16 @@
 }, {
   "classname" : "org.apache.spark.sql.execution.command.DropFunctionCommand",
   "functionDescs" : [ {
+    "fieldName" : "identifier",
+    "fieldExtractor" : "FunctionIdentifierFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "isTemp",
+      "fieldExtractor" : "TempMarkerFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP" ]
+    },
+    "isInput" : false
+  }, {
     "fieldName" : "functionName",
     "fieldExtractor" : "StringFunctionExtractor",
     "databaseDesc" : {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala
index 46c7f0efa..1822e80fc 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala
@@ -35,8 +35,12 @@ object FunctionCommands {
       "functionName",
       classOf[StringFunctionExtractor],
       Some(databaseDesc),
-      Some(functionTypeDesc))
-    FunctionCommandSpec(cmd, Seq(functionDesc), CREATEFUNCTION)
+      functionTypeDesc = Some(functionTypeDesc))
+    val functionIdentifierDesc = FunctionDesc(
+      "identifier",
+      classOf[FunctionIdentifierFunctionExtractor],
+      functionTypeDesc = Some(functionTypeDesc))
+    FunctionCommandSpec(cmd, Seq(functionIdentifierDesc, functionDesc), CREATEFUNCTION)
   }
 
   val DescribeFunction = {

From 4c3c36e77f3b5cd0bb75339b7743fb1f2a7aa788 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Tue, 30 May 2023 15:43:08 +0800
Subject: [PATCH 402/760] [KYUUBI #4898] fix  logOperation multiple read with
 missing line

### _Why are the changes needed?_

to close https://github.com/apache/kyuubi/issues/4897

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4898 from huangzhir/operation_log_bug.

Closes #4898

5d630dd31 [huangzhir] use do while style
87fc2d23d [huangzhir] fix
6cb0e5561 [huangzhir] fix  logOperation multiple read with missing line

Authored-by: huangzhir <306824224@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/operation/log/OperationLog.scala   | 12 ++++----
 .../operation/log/OperationLogSuite.scala     | 28 +++++++++++++++++++
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
index 3791c08d2..c25874b20 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
@@ -130,12 +130,14 @@ class OperationLog(path: Path) {
     val logs = new JArrayList[String]
     var i = 0
     try {
-      var line: String = reader.readLine()
-      while ((i < lastRows || maxRows <= 0) && line != null) {
-        logs.add(line)
+      var line: String = null
+      do {
         line = reader.readLine()
-        i += 1
-      }
+        if (line != null) {
+          logs.add(line)
+          i += 1
+        }
+      } while ((i < lastRows || maxRows <= 0) && line != null)
       (logs, i)
     } catch {
       case e: IOException =>
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
index b333b59fd..edc6b3375 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
@@ -318,4 +318,32 @@ class OperationLogSuite extends KyuubiFunSuite {
     log.close()
     session.close()
   }
+
+  test("test operationLog multiple read with missing line ") {
+    val file = Utils.createTempDir().resolve("f")
+    val writer = Files.newBufferedWriter(file, StandardCharsets.UTF_8)
+    try {
+      0.until(10).foreach(x => writer.write(s"$x\n"))
+      writer.flush()
+      writer.close()
+
+      val log = new OperationLog(file)
+      // The operation log file is created externally and should be initialized actively.
+      log.initOperationLogIfNecessary()
+
+      def compareResult(rows: TRowSet, expected: Seq[String]): Unit = {
+        val res = rows.getColumns.get(0).getStringVal.getValues.asScala
+        assert(res.size == expected.size)
+        res.zip(expected).foreach { case (l, r) =>
+          assert(l == r)
+        }
+      }
+      compareResult(log.read(2), Seq("0", "1"))
+      compareResult(log.read(3), Seq("2", "3", "4"))
+      compareResult(log.read(10), Seq("5", "6", "7", "8", "9"))
+    } finally {
+      Utils.deleteDirectoryRecursively(file.toFile)
+    }
+  }
+
 }

From 77b28e93984c27372096c53613e7fd4a2a3ac81f Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Tue, 30 May 2023 15:45:05 +0800
Subject: [PATCH 403/760] [KYUUBI #4895] [ARROW] Reflective calls to the
 function `ArrowConverters#fromBatchIterator`

### _Why are the changes needed?_

to adapt Spark 3.5

the signature of function `ArrowConverters#fromBatchIterator` is changed in [SPARK-43528](https://github.com/apache/spark/pull/41190) (since Spark 3.5)

Spark 3.4 or previous

```scala
  private[sql] def fromBatchIterator(
      arrowBatchIter: Iterator[Array[Byte]],
      schema: StructType,
      timeZoneId: String,
      context: TaskContext): Iterator[InternalRow]
```

Spark 3.5 or later

```scala
  private[sql] def fromBatchIterator(
      arrowBatchIter: Iterator[Array[Byte]],
      schema: StructType,
      timeZoneId: String,
      errorOnDuplicatedFieldNames: Boolean,
      context: TaskContext): Iterator[InternalRow]
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4895 from cfmcgrady/arrow-spark35.

Closes #4895

87d5b7240 [Fu Chen] fix ci
b37b321d5 [Fu Chen] adapt Spark 3.5

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../arrow/KyuubiArrowConverters.scala         |  9 ---
 .../SparkArrowbasedOperationSuite.scala       | 55 +++++++++++++++++--
 2 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index 24b0ac22e..35fa09b61 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -344,15 +344,6 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       errorOnDuplicatedFieldNames)
   }
 
-  // for testing
-  def fromBatchIterator(
-      arrowBatchIter: Iterator[Array[Byte]],
-      schema: StructType,
-      timeZoneId: String,
-      context: TaskContext): Iterator[InternalRow] = {
-    ArrowConverters.fromBatchIterator(arrowBatchIter, schema, timeZoneId, context)
-  }
-
   // IpcOption.DEFAULT was introduced in ARROW-11081(ARROW-4.0.0), add this for adapt Spark-3.1/3.2
   final private val ARROW_IPC_OPTION_DEFAULT = new IpcOption()
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index fc53cc41a..b8c64b5f2 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -17,22 +17,24 @@
 
 package org.apache.kyuubi.engine.spark.operation
 
+import java.lang.{Boolean => JBoolean}
 import java.sql.Statement
 import java.util.{Locale, Set => JSet}
 
-import org.apache.spark.KyuubiSparkContextHelper
+import org.apache.spark.{KyuubiSparkContextHelper, TaskContext}
 import org.apache.spark.scheduler.{SparkListener, SparkListenerJobStart}
 import org.apache.spark.sql.{QueryTest, Row, SparkSession}
+import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.catalyst.plans.logical.Project
 import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, QueryExecution, SparkPlan}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
-import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
 import org.apache.spark.sql.execution.exchange.Exchange
 import org.apache.spark.sql.execution.joins.{BroadcastHashJoinExec, SortMergeJoinExec}
 import org.apache.spark.sql.execution.metric.SparkMetricsTestUtils
 import org.apache.spark.sql.functions.col
 import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.kyuubi.SparkDatasetHelper
+import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.QueryExecutionListener
 
 import org.apache.kyuubi.KyuubiException
@@ -40,7 +42,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.{SparkSQLEngine, WithSparkSQLEngine}
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.SparkDataTypeTests
-import org.apache.kyuubi.util.reflect.DynFields
+import org.apache.kyuubi.util.reflect.{DynFields, DynMethods}
 
 class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests
   with SparkMetricsTestUtils {
@@ -156,10 +158,11 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
 
     def runAndCheck(sparkPlan: SparkPlan, expectSize: Int): Unit = {
       val arrowBinary = SparkDatasetHelper.executeArrowBatchCollect(sparkPlan)
-      val rows = KyuubiArrowConverters.fromBatchIterator(
+      val rows = fromBatchIterator(
         arrowBinary.iterator,
         sparkPlan.schema,
         "",
+        true,
         KyuubiSparkContextHelper.dummyTaskContext())
       assert(rows.size == expectSize)
     }
@@ -532,6 +535,50 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
     staticConfKeys.contains(key)
   }
 
+  // the signature of function [[ArrowConverters.fromBatchIterator]] is changed in SPARK-43528
+  // (since Spark 3.5)
+  private lazy val fromBatchIteratorMethod = DynMethods.builder("fromBatchIterator")
+    .hiddenImpl( // for Spark 3.4 or previous
+      "org.apache.spark.sql.execution.arrow.ArrowConverters$",
+      classOf[Iterator[Array[Byte]]],
+      classOf[StructType],
+      classOf[String],
+      classOf[TaskContext])
+    .hiddenImpl( // for Spark 3.5 or later
+      "org.apache.spark.sql.execution.arrow.ArrowConverters$",
+      classOf[Iterator[Array[Byte]]],
+      classOf[StructType],
+      classOf[String],
+      classOf[Boolean],
+      classOf[TaskContext])
+    .build()
+
+  def fromBatchIterator(
+      arrowBatchIter: Iterator[Array[Byte]],
+      schema: StructType,
+      timeZoneId: String,
+      errorOnDuplicatedFieldNames: JBoolean,
+      context: TaskContext): Iterator[InternalRow] = {
+    val className = "org.apache.spark.sql.execution.arrow.ArrowConverters$"
+    val instance = DynFields.builder().impl(className, "MODULE$").build[Object]().get(null)
+    if (SPARK_ENGINE_RUNTIME_VERSION >= "3.5") {
+      fromBatchIteratorMethod.invoke[Iterator[InternalRow]](
+        instance,
+        arrowBatchIter,
+        schema,
+        timeZoneId,
+        errorOnDuplicatedFieldNames,
+        context)
+    } else {
+      fromBatchIteratorMethod.invoke[Iterator[InternalRow]](
+        instance,
+        arrowBatchIter,
+        schema,
+        timeZoneId,
+        context)
+    }
+  }
+
   class JobCountListener extends SparkListener {
     var numJobs = 0
     override def onJobStart(jobStart: SparkListenerJobStart): Unit = {

From 5a95b50bda018609ae42749fc92bb073169d678f Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 30 May 2023 16:02:57 +0800
Subject: [PATCH 404/760] [KYUUBI #4900] [AUTHZ] Extract table from
 ResolvedIdentifier for DropTable in Spark 3.4

### _Why are the changes needed?_

- adapting changes in logical plan of DropTable in Spark 3.4 by extracting table object from `ResolvedIdntifier`, to fix test w/ Spark 3.4
  - ut "DropTable"

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4900 from bowenliang123/authz-resolved-idtable.

Closes #4900

560bb6288 [liangbowen] apply ResolvedIdentifierTableExtractor to CreateTable and DropTable

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/resources/table_command_spec.json           | 9 +++++++++
 .../kyuubi/plugin/spark/authz/gen/TableCommands.scala    | 3 +--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index c67fdbfe7..a9f2ec06e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -282,6 +282,15 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropTable",
   "tableDescs" : [ {
+    "fieldName" : "child",
+    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "child",
     "fieldExtractor" : "ResolvedTableTableExtractor",
     "columnDesc" : null,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 2d2b8ed9a..b08169d39 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -446,8 +446,7 @@ object TableCommands {
 
   val DropTableV2 = {
     val cmd = "org.apache.spark.sql.catalyst.plans.logical.DropTable"
-    val tableDesc1 = resolvedTableDesc
-    TableCommandSpec(cmd, Seq(tableDesc1), DROPTABLE)
+    TableCommandSpec(cmd, Seq(resolvedIdentifierTableDesc, resolvedTableDesc), DROPTABLE)
   }
 
   val MergeIntoTable = {

From 1e3eff69dbc80d5d9a47b4ac7de31bd3d35d9796 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 30 May 2023 17:20:53 +0800
Subject: [PATCH 405/760] Revert "[KYUUBI #4900] [AUTHZ] Extract table from
 ResolvedIdentifier for DropTable in Spark 3.4"

This reverts commit 5a95b50bda018609ae42749fc92bb073169d678f.
---
 .../src/main/resources/table_command_spec.json           | 9 ---------
 .../kyuubi/plugin/spark/authz/gen/TableCommands.scala    | 3 ++-
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index a9f2ec06e..c67fdbfe7 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -282,15 +282,6 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropTable",
   "tableDescs" : [ {
-    "fieldName" : "child",
-    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : null,
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  }, {
     "fieldName" : "child",
     "fieldExtractor" : "ResolvedTableTableExtractor",
     "columnDesc" : null,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index b08169d39..2d2b8ed9a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -446,7 +446,8 @@ object TableCommands {
 
   val DropTableV2 = {
     val cmd = "org.apache.spark.sql.catalyst.plans.logical.DropTable"
-    TableCommandSpec(cmd, Seq(resolvedIdentifierTableDesc, resolvedTableDesc), DROPTABLE)
+    val tableDesc1 = resolvedTableDesc
+    TableCommandSpec(cmd, Seq(tableDesc1), DROPTABLE)
   }
 
   val MergeIntoTable = {

From 6b301b06844f3194d8a3e89f644086819cfe95e3 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 30 May 2023 21:08:21 +0800
Subject: [PATCH 406/760] [KYUUBI #4904] Move AssertionUtils to
 kyuubi-util-scala module

### _Why are the changes needed?_

- move `AssertionUtils` class to `kyuubi-util-scala` module's test source

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4904 from bowenliang123/assert-utils.

Closes #4904

ee0c0ad88 [liangbowen] Move AssertionUtils to kyuubi-util-scala module

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala      | 2 +-
 .../kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala      | 2 +-
 .../kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala   | 2 +-
 .../spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala  | 2 +-
 .../src/test/java/org/apache/kyuubi}/util/AssertionUtils.scala  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)
 rename {extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz => kyuubi-util-scala/src/test/java/org/apache/kyuubi}/util/AssertionUtils.scala (97%)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index e68a8bfd0..db81cd6e8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -22,9 +22,9 @@ import org.scalatest.Outcome
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
+import org.apache.kyuubi.util.AssertionUtils._
 
 @IcebergTest
 class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index b5303aa81..1e379f648 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -33,8 +33,8 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.AssertionUtils._
 
 abstract class PrivilegesBuilderSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index 907b0018b..a1b5f366e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -26,8 +26,8 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
 import org.apache.kyuubi.plugin.spark.authz.serde.{Database, DB_COMMAND_SPECS}
-import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.AssertionUtils._
 
 abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
index c7ad1356e..582b91fd9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
@@ -23,8 +23,8 @@ import scala.util.Try
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
-import org.apache.kyuubi.plugin.spark.authz.util.AssertionUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.AssertionUtils._
 
 class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val catalogImpl: String = "in-memory"
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/AssertionUtils.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala
rename to kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/AssertionUtils.scala
index 00ecc28a0..7b465cb7f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/util/AssertionUtils.scala
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/AssertionUtils.scala
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.util
 
 import java.util.Locale
 

From eacee5247c1abdbb65233c1da70f236a35dd7a7e Mon Sep 17 00:00:00 2001
From: zhouyifan279 <zhouyifan279@gmail.com>
Date: Wed, 31 May 2023 12:19:07 +0800
Subject: [PATCH 407/760] [KYUUBI #4907] [KYUUBI#4906][INFRA] Add a maven
 profile 'remote-debug'

### _Why are the changes needed?_
IntelliJ IDEA can not use the right Spark version to run UT when we switches between multiple Spark versions.
This PR adds a maven profile 'remote-debug' to let UT open a debug port. So we can run UI using mvn cli and remote debug in IDEA.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
<img width="1273" alt="image" src="https://github.com/apache/kyuubi/assets/88070094/439164d7-c1b3-4233-a417-b34aa15b428a">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4907 from zhouyifan279/ut-debug.

Closes #4907

ad2b06dbc [zhouyifan279] [KYUUBI#4906][Improvement] Add a maven profile 'remote-debug' to ease unit test remote debugging

Authored-by: zhouyifan279 <zhouyifan279@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pom.xml b/pom.xml
index 5bf90e748..15f2e0edb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -231,6 +231,7 @@
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
         <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>
+        <maven.plugin.scalatest.debug.enabled>false</maven.plugin.scalatest.debug.enabled>
         <maven.plugin.spotless.version>2.30.0</maven.plugin.spotless.version>
         <maven.plugin.jacoco.version>0.8.7</maven.plugin.jacoco.version>
         <maven.plugin.scalastyle.version>1.0.0</maven.plugin.scalastyle.version>
@@ -277,6 +278,7 @@
             --add-opens=java.base/sun.util.calendar=ALL-UNNAMED
             -Djdk.reflect.useDirectMethodHandle=false
             -Dio.netty.tryReflectionSetAccessible=true</extraJavaTestArgs>
+        <debugArgLine>-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005</debugArgLine>
     </properties>
 
     <dependencyManagement>
@@ -1712,6 +1714,8 @@
                         </systemProperties>
                         <tagsToExclude>${maven.plugin.scalatest.exclude.tags}</tagsToExclude>
                         <tagsToInclude>${maven.plugin.scalatest.include.tags}</tagsToInclude>
+                        <debugForkedProcess>${maven.plugin.scalatest.debug.enabled}</debugForkedProcess>
+                        <debugArgLine>${debugArgLine}</debugArgLine>
                     </configuration>
                     <executions>
                         <execution>
@@ -2266,6 +2270,14 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>remote-debug</id>
+            <properties>
+                <maven.surefire.debug>${debugArgLine}</maven.surefire.debug>
+                <maven.plugin.scalatest.debug.enabled>true</maven.plugin.scalatest.debug.enabled>
+            </properties>
+        </profile>
+
         <profile>
             <id>web-ui</id>
             <properties>

From 8f61835630173684e23027f8a789bb6b531476e3 Mon Sep 17 00:00:00 2001
From: zhouyifan279 <zhouyifan279@gmail.com>
Date: Wed, 31 May 2023 13:05:15 +0800
Subject: [PATCH 408/760] [KYUUBI #4903] [AUTHZ] Fix NoSuchElementException
 when listing database in CatalogImpl in Spark 3.4

### _Why are the changes needed?_
Fix #4902

We changed `ObjectFilterPlaceHolder` to extend `UnaryNode` so that `CatalogImpl#listDatabases()` can get `ShowNamespaces` object in LogicalPlan.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4903 from zhouyifan279/ShowNamespaces.

Closes #4903

8bf3e1391 [zhouyifan279] [KYUUBI#4902] Fix NoSuchElementException when listing database in CatalogImpl in Spark 3.4
8698b4a48 [zhouyifan279] [KYUUBI#4902] Fix NoSuchElementException when listing database in CatalogImpl in Spark 3.4
a9ad36051 [zhouyifan279] [KYUUBI#4902] Fix NoSuchElementException when listing database in CatalogImpl in Spark 3.4
78d3d6336 [zhouyifan279] [KYUUBI#4902] Fix NoSuchElementException when listing database in CatalogImpl in Spark 3.4

Authored-by: zhouyifan279 <zhouyifan279@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../ranger/FilterDataSourceV2Strategy.scala      |  9 ++++++++-
 .../authz/util/ObjectFilterPlaceHolder.scala     | 16 +++++++++++++---
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
index d39aacdcf..cbf79581e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
@@ -17,13 +17,20 @@
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.{SparkSession, Strategy}
-import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.spark.sql.execution.SparkPlan
 
 import org.apache.kyuubi.plugin.spark.authz.util.ObjectFilterPlaceHolder
 
 class FilterDataSourceV2Strategy(spark: SparkSession) extends Strategy {
   override def apply(plan: LogicalPlan): Seq[SparkPlan] = plan match {
+    // For Spark 3.1 and below, `ColumnPruning` rule will set `ObjectFilterPlaceHolder#child` to
+    // `Project`
+    case ObjectFilterPlaceHolder(Project(_, child)) if child.nodeName == "ShowNamespaces" =>
+      spark.sessionState.planner.plan(child)
+        .map(FilteredShowNamespaceExec(_, spark.sparkContext)).toSeq
+
+    // For Spark 3.2 and above
     case ObjectFilterPlaceHolder(child) if child.nodeName == "ShowNamespaces" =>
       spark.sessionState.planner.plan(child)
         .map(FilteredShowNamespaceExec(_, spark.sparkContext)).toSeq
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
index a5d1c0d3b..0d3c39adb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
@@ -18,9 +18,19 @@
 package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
-import org.apache.spark.sql.catalyst.plans.logical.{LeafNode, LogicalPlan, Statistics}
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
+
+case class ObjectFilterPlaceHolder(child: LogicalPlan) extends UnaryNode
+  with WithInternalChild {
 
-case class ObjectFilterPlaceHolder(child: LogicalPlan) extends LeafNode {
   override def output: Seq[Attribute] = child.output
-  override def computeStats(): Statistics = child.stats
+
+  override def withNewChildInternal(newChild: LogicalPlan): LogicalPlan = {
+    // `FilterDataSourceV2Strategy` requires child.nodename not changed
+    if (child.nodeName == newChild.nodeName) {
+      copy(newChild)
+    } else {
+      this
+    }
+  }
 }

From 855cb0b7a46c121c04e1e1d90982c95aade53527 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 31 May 2023 17:58:14 +0800
Subject: [PATCH 409/760] [KYUUBI #4908] Bump Scalafmt from 3.7.3 to 3.7.4

### _Why are the changes needed?_

- Scalafmt 3.7.4 release note: https://github.com/scalameta/scalafmt/releases/tag/v3.7.4

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4908 from bowenliang123/scalafmt-3.7.4.

Closes #4908

466686a97 [liangbowen] Bump scalafmt to 3.7.4

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .scalafmt.conf | 2 +-
 pom.xml        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.scalafmt.conf b/.scalafmt.conf
index 1bcf16de7..97529cc55 100644
--- a/.scalafmt.conf
+++ b/.scalafmt.conf
@@ -1,4 +1,4 @@
-version = 3.7.3
+version = 3.7.4
 runner.dialect=scala212
 project.git=true
 
diff --git a/pom.xml b/pom.xml
index 15f2e0edb..306684ec6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -251,7 +251,7 @@
         <spotless.python.includes></spotless.python.includes>
         <spotless.python.black.version>22.3.0</spotless.python.black.version>
         <!-- Please also update .scalafmt.conf when you change it here -->
-        <spotless.scala.scalafmt.version>3.7.3</spotless.scala.scalafmt.version>
+        <spotless.scala.scalafmt.version>3.7.4</spotless.scala.scalafmt.version>
 
         <distMgmtReleaseId>apache.releases.https</distMgmtReleaseId>
         <distMgmtReleaseName>Apache Release Distribution Repository</distMgmtReleaseName>

From 5cc51c8ac6c592b13ca55fd9a72411d6caf64690 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 31 May 2023 20:10:48 +0800
Subject: [PATCH 410/760] [KYUUBI #4910] Extract table from ResolvedIdentifier
 for DropTable in Spark 3.4

### _Why are the changes needed?_

- adapting changes in logical plan of DropTable in Spark 3.4 by extracting table object from ResolvedIdntifier, to fix test w/ Spark 3.4 ut "DropTable"

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4910 from bowenliang123/authz-resolved-idtable.

Closes #4910

53c76f66d [liangbowen] Extract table from ResolvedIdentifier for DropTable in Spark 3.4

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/resources/table_command_spec.json     |  9 +++++++++
 .../plugin/spark/authz/serde/tableExtractors.scala | 14 +++++++++-----
 .../plugin/spark/authz/gen/TableCommands.scala     |  3 +--
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index c67fdbfe7..a9f2ec06e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -282,6 +282,15 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropTable",
   "tableDescs" : [ {
+    "fieldName" : "child",
+    "fieldExtractor" : "ResolvedIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "child",
     "fieldExtractor" : "ResolvedTableTableExtractor",
     "columnDesc" : null,
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 53189599a..8743f054d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -171,10 +171,14 @@ class ResolvedDbObjectNameTableExtractor extends TableExtractor {
  */
 class ResolvedIdentifierTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
-    val catalogVal = invoke(v1, "catalog")
-    val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
-    val identifier = invoke(v1, "identifier")
-    val maybeTable = new IdentifierTableExtractor().apply(spark, identifier)
-    maybeTable.map(_.copy(catalog = catalog))
+    v1.getClass.getName match {
+      case "org.apache.spark.sql.catalyst.analysis.ResolvedIdentifier" =>
+        val catalogVal = invoke(v1, "catalog")
+        val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+        val identifier = invoke(v1, "identifier")
+        val maybeTable = new IdentifierTableExtractor().apply(spark, identifier)
+        maybeTable.map(_.copy(catalog = catalog))
+      case _ => None
+    }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 2d2b8ed9a..b08169d39 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -446,8 +446,7 @@ object TableCommands {
 
   val DropTableV2 = {
     val cmd = "org.apache.spark.sql.catalyst.plans.logical.DropTable"
-    val tableDesc1 = resolvedTableDesc
-    TableCommandSpec(cmd, Seq(tableDesc1), DROPTABLE)
+    TableCommandSpec(cmd, Seq(resolvedIdentifierTableDesc, resolvedTableDesc), DROPTABLE)
   }
 
   val MergeIntoTable = {

From cf886c96765971403afd2f271c9d5a5d9f8620b4 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 31 May 2023 20:37:26 +0800
Subject: [PATCH 411/760] [KYUUBI #4905] Generalize util method for loading
 class from service loader

### _Why are the changes needed?_

- Generalize util method for loading class from service loader in `kyuubi-util-scala` module

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4905 from bowenliang123/service-load-util.

Closes #4905

545183fbf [liangbowen] nit
8714e0591 [liangbowen] rename loadClassFromServiceLoader to loadFromServiceLoader
11936419e [liangbowen] nit
81584e335 [liangbowen] fix loadExtractorsToMap
1d64b662d [liangbowen] fix
b7d8895d3 [liangbowen] update
e15b7d22c [liangbowen] optimize JpsApplicationOperationSuite
c58ef573c [liangbowen] simplify ConnectionProvider.loadProviders
31de53df8 [liangbowen] nit
fca265998 [liangbowen] simplify
1fada9516 [liangbowen] import
323b2bd0e [liangbowen] generalize util method for loading class from service loader

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../plugin/spark/authz/serde/package.scala    | 11 ++---
 .../jdbc/connection/ConnectionProvider.scala  | 29 +++----------
 .../engine/jdbc/dialect/JdbcDialect.scala     |  9 ++--
 kyuubi-events/pom.xml                         |  6 +++
 .../events/handler/EventHandlerLoader.scala   | 42 +++++++------------
 .../HadoopCredentialsManager.scala            | 12 ++----
 .../engine/KyuubiApplicationManager.scala     | 10 ++---
 .../engine/JpsApplicationOperationSuite.scala |  9 ++--
 .../kyuubi/util/reflect/ReflectUtils.scala    | 19 ++++++++-
 9 files changed, 64 insertions(+), 83 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
index a52a558a0..d9f646900 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
@@ -17,9 +17,6 @@
 
 package org.apache.kyuubi.plugin.spark.authz
 
-import java.util.ServiceLoader
-
-import scala.collection.JavaConverters._
 import scala.reflect.ClassTag
 
 import com.fasterxml.jackson.core.`type`.TypeReference
@@ -28,16 +25,14 @@ import com.fasterxml.jackson.module.scala.DefaultScalaModule
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.{OperationType, QUERY}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 package object serde {
 
   final val mapper = JsonMapper.builder().addModule(DefaultScalaModule).build()
 
-  def loadExtractorsToMap[T <: Extractor](implicit ct: ClassTag[T]): Map[String, T] = {
-    ServiceLoader.load(ct.runtimeClass).iterator().asScala
-      .map { case e: Extractor => (e.key, e.asInstanceOf[T]) }
-      .toMap
-  }
+  def loadExtractorsToMap[T <: Extractor](implicit ct: ClassTag[T]): Map[String, T] =
+    loadFromServiceLoader[T]()(ct).map { e: T => (e.key, e) }.toMap
 
   final lazy val DB_COMMAND_SPECS: Map[String, DatabaseCommandSpec] = {
     val is = getClass.getClassLoader.getResourceAsStream("database_command_spec.json")
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala
index 798c92fbe..0dea6a2c1 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala
@@ -17,13 +17,11 @@
 package org.apache.kyuubi.engine.jdbc.connection
 
 import java.sql.{Connection, DriverManager}
-import java.util.ServiceLoader
-
-import scala.collection.mutable.ArrayBuffer
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_JDBC_CONNECTION_PROVIDER, ENGINE_JDBC_CONNECTION_URL, ENGINE_JDBC_DRIVER_CLASS}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 abstract class AbstractConnectionProvider extends Logging {
   protected val providers = loadProviders()
@@ -69,27 +67,12 @@ abstract class AbstractConnectionProvider extends Logging {
     selectedProvider.getConnection(kyuubiConf)
   }
 
-  def loadProviders(): Seq[JdbcConnectionProvider] = {
-    val loader = ServiceLoader.load(
-      classOf[JdbcConnectionProvider],
-      Thread.currentThread().getContextClassLoader)
-    val providers = ArrayBuffer[JdbcConnectionProvider]()
-
-    val iterator = loader.iterator()
-    while (iterator.hasNext) {
-      try {
-        val provider = iterator.next()
+  def loadProviders(): Seq[JdbcConnectionProvider] =
+    loadFromServiceLoader[JdbcConnectionProvider]()
+      .map { provider =>
         info(s"Loaded provider: $provider")
-        providers += provider
-      } catch {
-        case t: Throwable =>
-          warn(s"Loaded of the provider failed with the exception", t)
-      }
-    }
-
-    // TODO support disable provider
-    providers
-  }
+        provider
+      }.toSeq
 }
 
 object ConnectionProvider extends AbstractConnectionProvider
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala
index b7ac7f43b..e08b22758 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala
@@ -18,9 +18,6 @@ package org.apache.kyuubi.engine.jdbc.dialect
 
 import java.sql.{Connection, Statement}
 import java.util
-import java.util.ServiceLoader
-
-import scala.collection.JavaConverters._
 
 import org.apache.kyuubi.{KyuubiException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
@@ -29,6 +26,7 @@ import org.apache.kyuubi.engine.jdbc.schema.{RowSetHelper, SchemaHelper}
 import org.apache.kyuubi.engine.jdbc.util.SupportServiceLoader
 import org.apache.kyuubi.operation.Operation
 import org.apache.kyuubi.session.Session
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 abstract class JdbcDialect extends SupportServiceLoader with Logging {
 
@@ -75,9 +73,8 @@ object JdbcDialects extends Logging {
       assert(url.length > 5 && url.substring(5).contains(":"))
       url.substring(5, url.indexOf(":", 5))
     }
-    val serviceLoader =
-      ServiceLoader.load(classOf[JdbcDialect], Thread.currentThread().getContextClassLoader)
-    serviceLoader.asScala.filter(_.name().equalsIgnoreCase(shortName)).toList match {
+    loadFromServiceLoader[JdbcDialect]()
+      .filter(_.name().equalsIgnoreCase(shortName)).toList match {
       case Nil =>
         throw new KyuubiException(s"Don't find jdbc dialect implement for jdbc engine: $shortName.")
       case head :: Nil =>
diff --git a/kyuubi-events/pom.xml b/kyuubi-events/pom.xml
index 6b51fe015..760955fc6 100644
--- a/kyuubi-events/pom.xml
+++ b/kyuubi-events/pom.xml
@@ -37,6 +37,12 @@
             <version>${project.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.kafka</groupId>
             <artifactId>kafka-clients</artifactId>
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/EventHandlerLoader.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/EventHandlerLoader.scala
index c81dcfb9b..ea4110455 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/EventHandlerLoader.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/EventHandlerLoader.scala
@@ -16,40 +16,30 @@
  */
 package org.apache.kyuubi.events.handler
 
-import java.util.ServiceLoader
-
-import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
 import scala.util.{Failure, Success, Try}
 
 import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.events.KyuubiEvent
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object EventHandlerLoader extends Logging {
 
   def loadCustom(kyuubiConf: KyuubiConf): Seq[EventHandler[KyuubiEvent]] = {
-    val providers = ArrayBuffer[CustomEventHandlerProvider]()
-    ServiceLoader.load(
-      classOf[CustomEventHandlerProvider],
-      Utils.getContextOrKyuubiClassLoader)
-      .iterator()
-      .asScala
-      .foreach(provider => providers += provider)
-
-    providers.map { provider =>
-      Try {
-        provider.create(kyuubiConf)
-      } match {
-        case Success(value) =>
-          value
-        case Failure(exception) =>
-          warn(
-            s"Failed to create an EventHandler by the ${provider.getClass.getName}," +
-              s" it will be ignored.",
-            exception)
-          null
-      }
-    }.filter(_ != null)
+    loadFromServiceLoader[CustomEventHandlerProvider](Utils.getContextOrKyuubiClassLoader)
+      .map { provider =>
+        Try {
+          provider.create(kyuubiConf)
+        } match {
+          case Success(value) =>
+            value
+          case Failure(exception) =>
+            warn(
+              s"Failed to create an EventHandler by the ${provider.getClass.getName}," +
+                s" it will be ignored.",
+              exception)
+            null
+        }
+      }.filter(_ != null).toSeq
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/credentials/HadoopCredentialsManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/credentials/HadoopCredentialsManager.scala
index fe710e678..b51255b71 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/credentials/HadoopCredentialsManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/credentials/HadoopCredentialsManager.scala
@@ -17,13 +17,11 @@
 
 package org.apache.kyuubi.credentials
 
-import java.util.ServiceLoader
 import java.util.concurrent._
 
 import scala.collection.JavaConverters._
 import scala.collection.mutable
-import scala.concurrent.Future
-import scala.concurrent.Promise
+import scala.concurrent.{Future, Promise}
 import scala.concurrent.duration.Duration
 import scala.util.{Failure, Success, Try}
 
@@ -35,6 +33,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.service.AbstractService
 import org.apache.kyuubi.util.{KyuubiHadoopUtils, ThreadUtils}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 /**
  * [[HadoopCredentialsManager]] manages and renews delegation tokens, which are used by SQL engines
@@ -315,13 +314,10 @@ object HadoopCredentialsManager extends Logging {
   private val providerEnabledConfig = "kyuubi.credentials.%s.enabled"
 
   def loadProviders(kyuubiConf: KyuubiConf): Map[String, HadoopDelegationTokenProvider] = {
-    val loader =
-      ServiceLoader.load(
-        classOf[HadoopDelegationTokenProvider],
-        Utils.getContextOrKyuubiClassLoader)
     val providers = mutable.ArrayBuffer[HadoopDelegationTokenProvider]()
 
-    val iterator = loader.iterator
+    val iterator =
+      loadFromServiceLoader[HadoopDelegationTokenProvider](Utils.getContextOrKyuubiClassLoader)
     while (iterator.hasNext) {
       try {
         providers += iterator.next
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index 8c92b77ef..ac7225dd8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -20,9 +20,8 @@ package org.apache.kyuubi.engine
 import java.io.File
 import java.net.{URI, URISyntaxException}
 import java.nio.file.{Files, Path}
-import java.util.{Locale, ServiceLoader}
+import java.util.Locale
 
-import scala.collection.JavaConverters._
 import scala.util.control.NonFatal
 
 import org.apache.kyuubi.{KyuubiException, Utils}
@@ -31,14 +30,13 @@ import org.apache.kyuubi.engine.KubernetesApplicationOperation.LABEL_KYUUBI_UNIQ
 import org.apache.kyuubi.engine.flink.FlinkProcessBuilder
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
 import org.apache.kyuubi.service.AbstractService
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager") {
 
   // TODO: maybe add a configuration is better
-  private val operations = {
-    ServiceLoader.load(classOf[ApplicationOperation], Utils.getContextOrKyuubiClassLoader)
-      .iterator().asScala.toSeq
-  }
+  private val operations =
+    loadFromServiceLoader[ApplicationOperation](Utils.getContextOrKyuubiClassLoader).toSeq
 
   override def initialize(conf: KyuubiConf): Unit = {
     operations.foreach { op =>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala
index 22e711963..a6e00bbaf 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala
@@ -19,9 +19,8 @@ package org.apache.kyuubi.engine
 
 import java.lang.management.ManagementFactory
 import java.time.Duration
-import java.util.{ServiceLoader, UUID}
+import java.util.UUID
 
-import scala.collection.JavaConverters._
 import scala.sys.process._
 
 import org.scalatest.concurrent.PatienceConfiguration.Timeout
@@ -31,11 +30,11 @@ import org.apache.kyuubi.{KyuubiFunSuite, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.SESSION_IDLE_TIMEOUT
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class JpsApplicationOperationSuite extends KyuubiFunSuite {
-  private val operations = ServiceLoader.load(classOf[ApplicationOperation])
-    .asScala.filter(_.getClass.isAssignableFrom(classOf[JpsApplicationOperation]))
-  private val jps = operations.head
+  private val jps = loadFromServiceLoader[ApplicationOperation]()
+    .find(_.getClass.isAssignableFrom(classOf[JpsApplicationOperation])).get
   jps.initialize(null)
 
   test("JpsApplicationOperation with jstat") {
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
index 2c46c775b..6e306e371 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -17,8 +17,11 @@
 
 package org.apache.kyuubi.util.reflect
 
-import scala.util.{Failure, Success, Try}
+import java.util.ServiceLoader
 
+import scala.collection.JavaConverters._
+import scala.reflect.ClassTag
+import scala.util.{Failure, Success, Try}
 object ReflectUtils {
 
   /**
@@ -60,4 +63,18 @@ object ReflectUtils {
 
   def invokeAs[T](target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): T =
     invoke(target, methodName, args: _*).asInstanceOf[T]
+
+  /**
+   * Creates a iterator for with a new service loader for the given service type and class
+   * loader.
+   *
+   * @param cl The class loader to be used to load provider-configuration files
+   *           and provider classes
+   * @param ct class tag of the generics class type
+   * @tparam T the class of the service type
+   * @return
+   */
+  def loadFromServiceLoader[T](cl: ClassLoader = Thread.currentThread().getContextClassLoader)(
+      implicit ct: ClassTag[T]): Iterator[T] =
+    ServiceLoader.load(ct.runtimeClass, cl).iterator().asScala.map(_.asInstanceOf[T])
 }

From f979282179e06f0ffdd915b332611a99c467d1dc Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 1 Jun 2023 11:46:00 +0800
Subject: [PATCH 412/760] [KYUUBI #4909] [AUTHZ] Enable authz plugin tests for
 Spark 3.4

### _Why are the changes needed?_

Authz plugin's tests now pass with Spark3.4.

` mvn clean install -pl :kyuubi-spark-authz_2.12 -Pspark-3.4 -am -DskipTests
 &&  mvn test -pl :kyuubi-spark-authz_2.12 -Pspark-3.4`

![image](https://github.com/apache/kyuubi/assets/1935105/3cf8b43a-6aca-427a-bfa3-c06caef0289a)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4909 from bowenliang123/authz-enabletest-3.4.

Closes #4909

b0bdc106e [liangbowen] enable authz plugin tests with Spark 3.4

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 99817e6ca..674c7d060 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -102,8 +102,6 @@ jobs:
         run: |
           TEST_MODULES="dev/kyuubi-codecov"
           if [[ "${{ matrix.spark }}" == "3.4" ]]; then
-            # FIXME: Spark 3.4 supports authz plugin
-            TEST_MODULES="$TEST_MODULES,!extensions/spark/kyuubi-spark-authz"
             # FIXME: Spark 3.4 supports lineage plugin
             TEST_MODULES="$TEST_MODULES,!extensions/spark/kyuubi-spark-lineage"
           fi

From bbf855df0eca1e201c398ad14755a770ed166470 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 1 Jun 2023 11:52:56 +0800
Subject: [PATCH 413/760] [KYUUBI #4912] [TEST] Replace Scala's assert in tests
 with Scalatest's for prettified error message

### _Why are the changes needed?_

- replacing callings to Scala's assert method by Scalatest's `Assertions.assert`
- While Scala's assert method just throws a simple Java's Assertion Error ,
```
  def assert(assertion: Boolean) {
    if (!assertion)
      throw new java.lang.AssertionError("assertion failed")
  }
```
the Scalatest's `Assertions.assert` prettifies the error message, eg.,
`assert(a == b || c >= d) // Error message: 1 did not equal 2, and 3 was not greater than or equal to 4`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4912 from bowenliang123/scalatest-assert.

Closes #4912

e1d2ce3e0 [liangbowen] use Scalatest's assert for better error message

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala    | 1 +
 .../apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala | 2 +-
 .../org/apache/spark/kyuubi/benchmark/KyuubiBenchmarkBase.scala | 1 +
 .../authentication/ldap/LdapAuthenticationTestCase.scala        | 2 +-
 .../kyuubi/credentials/HiveDelegationTokenProviderSuite.scala   | 1 +
 5 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
index c8c1b021d..b891a7224 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
@@ -22,6 +22,7 @@ import java.io.{File, FileOutputStream, OutputStream}
 import scala.collection.JavaConverters._
 
 import com.google.common.reflect.ClassPath
+import org.scalatest.Assertions._
 
 trait KyuubiBenchmarkBase {
   var output: Option[OutputStream] = None
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index 1eccc178b..d0b30ea44 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -23,7 +23,7 @@ import java.security.PrivilegedExceptionAction
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SparkConf
 import org.apache.spark.sql.{DataFrame, Row, SparkSession, SparkSessionExtensions}
-import org.scalatest.Assertions.convertToEqualizer
+import org.scalatest.Assertions._
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/spark/kyuubi/benchmark/KyuubiBenchmarkBase.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/spark/kyuubi/benchmark/KyuubiBenchmarkBase.scala
index bee515592..e43998918 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/spark/kyuubi/benchmark/KyuubiBenchmarkBase.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/spark/kyuubi/benchmark/KyuubiBenchmarkBase.scala
@@ -22,6 +22,7 @@ import java.io.{File, FileOutputStream, OutputStream}
 import scala.collection.JavaConverters._
 
 import com.google.common.reflect.ClassPath
+import org.scalatest.Assertions._
 
 trait KyuubiBenchmarkBase {
   var output: Option[OutputStream] = None
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala
index e8b92ebc0..a06eba068 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/ldap/LdapAuthenticationTestCase.scala
@@ -21,7 +21,7 @@ import javax.security.sasl.AuthenticationException
 
 import scala.collection.mutable
 
-import org.scalatest.Assertions.{fail, intercept}
+import org.scalatest.Assertions._
 
 import org.apache.kyuubi.config.{ConfigEntry, KyuubiConf}
 import org.apache.kyuubi.service.authentication.LdapAuthenticationProviderImpl
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/credentials/HiveDelegationTokenProviderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/credentials/HiveDelegationTokenProviderSuite.scala
index c3977e807..6c0370f55 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/credentials/HiveDelegationTokenProviderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/credentials/HiveDelegationTokenProviderSuite.scala
@@ -37,6 +37,7 @@ import org.apache.hadoop.security.{Credentials, UserGroupInformation}
 import org.apache.hadoop.security.authorize.ProxyUsers
 import org.apache.thrift.TProcessor
 import org.apache.thrift.protocol.TProtocol
+import org.scalatest.Assertions._
 import org.scalatest.concurrent.Eventually._
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 

From 0171c6342548c9b4067eff9fd58e32e9ef08b0b1 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 1 Jun 2023 11:54:03 +0800
Subject: [PATCH 414/760] [KYUUBI #4913] [TEST] [MINOR] Eliminate unnecessary
 output in ut "union an unmasked table"

### _Why are the changes needed?_

- Eliminate unnecessary output in ut "union an unmasked table"
<img width="433" alt="image" src="https://github.com/apache/kyuubi/assets/1935105/f179b827-6144-4887-b1fb-ba11da5a5f2b">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4913 from bowenliang123/authz-remove-show.

Closes #4913

2f6f43080 [liangbowen] remove unnecessary output in ut "union an unmasked table"

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/authz/ranger/datamasking/DataMaskingTestBase.scala     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
index c5cd962e1..af87a39a0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -269,7 +269,6 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
           (SELECT b.value1 FROM default.unmasked b)
       ) c order by value1
       """
-    doAs(bob, sql(s).show)
     checkAnswer(bob, s, Seq(Row("1"), Row("2"), Row("3"), Row("4"), Row("5"), Row(md5Hex("1"))))
   }
 

From c194e825736c4556be42c9b87e459b0c26d48137 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 1 Jun 2023 11:55:39 +0800
Subject: [PATCH 415/760] [KYUUBI #4911] [TEST] Remove duplicate test
 annotations `org.apache.kyuubi.tags.*` in kyuubi-common

### _Why are the changes needed?_

- Remove test annotations `org.apache.kyuubi.tags.*` which  duplicated with `kyuubi-util-scala`'s  in `kyuubi-common` module

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4911 from bowenliang123/remove-test-tags.

Closes #4911

8244410d5 [liangbowen] remove duplicated tags `org.apache.kyuubi.tags.*` in the common module

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/tags/DeltaTest.java     | 29 -------------------
 .../org/apache/kyuubi/tags/IcebergTest.java   | 29 -------------------
 .../org/apache/kyuubi/tags/PySparkTest.java   | 29 -------------------
 3 files changed, 87 deletions(-)
 delete mode 100644 kyuubi-common/src/test/java/org/apache/kyuubi/tags/DeltaTest.java
 delete mode 100644 kyuubi-common/src/test/java/org/apache/kyuubi/tags/IcebergTest.java
 delete mode 100644 kyuubi-common/src/test/java/org/apache/kyuubi/tags/PySparkTest.java

diff --git a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/DeltaTest.java b/kyuubi-common/src/test/java/org/apache/kyuubi/tags/DeltaTest.java
deleted file mode 100644
index 1b4b6d00c..000000000
--- a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/DeltaTest.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.tags;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-import org.scalatest.TagAnnotation;
-
-@TagAnnotation
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.METHOD, ElementType.TYPE})
-public @interface DeltaTest {}
diff --git a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/IcebergTest.java b/kyuubi-common/src/test/java/org/apache/kyuubi/tags/IcebergTest.java
deleted file mode 100644
index bb598ad68..000000000
--- a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/IcebergTest.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.tags;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-import org.scalatest.TagAnnotation;
-
-@TagAnnotation
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.METHOD, ElementType.TYPE})
-public @interface IcebergTest {}
diff --git a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/PySparkTest.java b/kyuubi-common/src/test/java/org/apache/kyuubi/tags/PySparkTest.java
deleted file mode 100644
index 1b7aa97b4..000000000
--- a/kyuubi-common/src/test/java/org/apache/kyuubi/tags/PySparkTest.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.tags;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-import org.scalatest.TagAnnotation;
-
-@TagAnnotation
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.METHOD, ElementType.TYPE})
-public @interface PySparkTest {}

From 00b32a0381217130bc9b2c6da04f4f913fcba189 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 1 Jun 2023 13:47:37 +0800
Subject: [PATCH 416/760] [KYUUBI #4915] Adapt database not exist error message
 change for Spark 3.4

### _Why are the changes needed?_

Spark is migrating to the error class framework, in SPARK-40360(fixed in 3.4.0) SCHEMA_NOT_FOUND was introduced, which changes the output of the error message on switching a not existing database.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4915 from pan3793/schema-not-found.

Closes #4915

c0e03feaf [Cheng Pan] nit
0ee0deada [Cheng Pan] SCHEMA_NOT_FOUND

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/spark/session/SparkSessionImpl.scala     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index 40a0c8c7f..39d02f067 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.engine.spark.session
 
+import org.apache.commons.lang3.StringUtils
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 import org.apache.spark.sql.{AnalysisException, SparkSession}
 
@@ -28,7 +29,7 @@ import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.engine.spark.udf.KDFRegistry
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
-import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager, USE_CATALOG, USE_DATABASE}
+import org.apache.kyuubi.session._
 
 class SparkSessionImpl(
     protocol: TProtocolVersion,
@@ -73,8 +74,8 @@ class SparkSessionImpl(
         SparkCatalogShim().setCurrentDatabase(spark, database)
       } catch {
         case e
-            if database == "default" && e.getMessage != null &&
-              e.getMessage.contains("not found") =>
+            if database == "default" &&
+              StringUtils.containsAny(e.getMessage, "not found", "SCHEMA_NOT_FOUND") =>
       }
     }
 

From fc8460b89118f3845e31dfe3fef61e43d3ca4437 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 1 Jun 2023 16:04:50 +0800
Subject: [PATCH 417/760] [KYUUBI #4883] Bump Iceberg 1.3.0

### _Why are the changes needed?_

Iceberg 1.3.0 was released a few days ago, it brings support for Spark 3.4

https://iceberg.apache.org/releases/#130-release

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4883 from pan3793/iceberg-1.3.

Closes #4883

06545ce0e [Cheng Pan] ignore iceberg test for spark 3.4
6fd4901a5 [Cheng Pan] Bump Iceberg 1.3.0

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 306684ec6..fa1cc7c02 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
         <hive.archive.download.skip>false</hive.archive.download.skip>
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
-        <iceberg.version>1.2.0</iceberg.version>
+        <iceberg.version>1.3.0</iceberg.version>
         <jackson.version>2.15.0</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
@@ -2165,8 +2165,7 @@
             <properties>
                 <delta.version>2.4.0</delta.version>
                 <spark.version>3.4.0</spark.version>
-                <!-- FIXME: used for constructing Iceberg artifact name, correct it once Iceberg supports Spark 3.4 -->
-                <spark.binary.version>3.3</spark.binary.version>
+                <spark.binary.version>3.4</spark.binary.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>

From 02b1a7d44f03a1ea7c2eaef5be463d622b85c004 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Mon, 5 Jun 2023 10:34:39 +0800
Subject: [PATCH 418/760] [KYUUBI #4919] Fix the flaky tests in the "open batch
 session" functionality within the "BatchesResourceSuite"

### _Why are the changes needed?_

Fix the flaky tests in the "open batch session" functionality within the "BatchesResourceSuite"
to close https://github.com/apache/kyuubi/issues/4918

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4919 from huangzhir/fix_flaky_tests_open_batch_sessio.

Closes #4919

e23087ba8 [huangzhir] To fix the flaky tests in the "open batch session" functionality within the "BatchesResourceSuite"

Authored-by: huangzhir <306824224@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/api/v1/BatchesResourceSuite.scala  | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 055496ff3..dc59d75e3 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -21,7 +21,7 @@ import java.net.InetAddress
 import java.nio.file.Paths
 import java.util.{Base64, UUID}
 import javax.ws.rs.client.Entity
-import javax.ws.rs.core.MediaType
+import javax.ws.rs.core.{MediaType, Response}
 
 import scala.collection.JavaConverters._
 import scala.collection.mutable.ArrayBuffer
@@ -114,14 +114,18 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     assert(404 == getBatchResponse.getStatus)
 
     // get batch log
-    var logResponse = webTarget.path(s"api/v1/batches/${batch.getId()}/localLog")
-      .queryParam("from", "0")
-      .queryParam("size", "1")
-      .request(MediaType.APPLICATION_JSON_TYPE)
-      .get()
-    var log = logResponse.readEntity(classOf[OperationLog])
+    var logResponse: Response = null
+    var log: OperationLog = null
+    eventually(timeout(10.seconds), interval(1.seconds)) {
+      logResponse = webTarget.path(s"api/v1/batches/${batch.getId()}/localLog")
+        .queryParam("from", "0")
+        .queryParam("size", "1")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .get()
+      log = logResponse.readEntity(classOf[OperationLog])
+      assert(log.getRowCount == 1)
+    }
     val head = log.getLogRowSet.asScala.head
-    assert(log.getRowCount == 1)
 
     val logs = new ArrayBuffer[String]
     logs.append(head)

From cb689b66b1ed745a5e38dea37a2b0f1d9e7f1aca Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 5 Jun 2023 13:11:34 +0800
Subject: [PATCH 419/760] [KYUUBI #4914] [AUTHZ] Reuse extractor singleton
 instance with generalized getter for supported extractor types

### _Why are the changes needed?_

- Reuse extractor singleton instance for less memory footprint, as Authz's extractors are stateless and ready for sharing
- Reneralized getter crossing supported extractor types
   - get extractor by class type
   - get extractor by explicit class name

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4914 from bowenliang123/authz-get-extractor.

Closes #4914

11dde777f [liangbowen] update
77ce00276 [liangbowen] make extractorKey of lookupExtractor not null by default
5f5b6e580 [liangbowen] Revert "extractorKey: String = null => extractorKey: Option[String] = None"
400c3b054 [liangbowen] extractorKey: String = null => extractorKey: Option[String] = None
60acd27ec [liangbowen] rename `getExtractor` to `lookupExtractor`
e6fbb450f [liangbowen] generalize getExtractor for getting instance of supported types of extractors

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../plugin/spark/authz/serde/Descriptor.scala | 33 ++++++----------
 .../spark/authz/serde/catalogExtractors.scala |  2 +-
 .../authz/serde/databaseExtractors.scala      |  4 +-
 .../authz/serde/functionTypeExtractors.scala  |  4 +-
 .../plugin/spark/authz/serde/package.scala    | 38 +++++++++++++++++++
 .../spark/authz/serde/tableExtractors.scala   | 18 ++++-----
 6 files changed, 64 insertions(+), 35 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
index b72f3296b..3eb3fecea 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
@@ -23,17 +23,8 @@ import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType.PrivilegeObjectActionType
-import org.apache.kyuubi.plugin.spark.authz.serde.ActionTypeExtractor.actionTypeExtractors
-import org.apache.kyuubi.plugin.spark.authz.serde.CatalogExtractor.catalogExtractors
-import org.apache.kyuubi.plugin.spark.authz.serde.ColumnExtractor.columnExtractors
-import org.apache.kyuubi.plugin.spark.authz.serde.DatabaseExtractor.dbExtractors
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.functionExtractors
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType.FunctionType
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.functionTypeExtractors
-import org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor.queryExtractors
-import org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor.tableExtractors
 import org.apache.kyuubi.plugin.spark.authz.serde.TableType.TableType
-import org.apache.kyuubi.plugin.spark.authz.serde.TableTypeExtractor.tableTypeExtractors
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 /**
@@ -82,7 +73,7 @@ case class ColumnDesc(
     fieldExtractor: String) extends Descriptor {
   override def extract(v: AnyRef): Seq[String] = {
     val columnsVal = invoke(v, fieldName)
-    val columnExtractor = columnExtractors(fieldExtractor)
+    val columnExtractor = lookupExtractor[ColumnExtractor](fieldExtractor)
     columnExtractor(columnsVal)
   }
 }
@@ -101,7 +92,7 @@ case class DatabaseDesc(
     isInput: Boolean = false) extends Descriptor {
   override def extract(v: AnyRef): Database = {
     val databaseVal = invoke(v, fieldName)
-    val databaseExtractor = dbExtractors(fieldExtractor)
+    val databaseExtractor = lookupExtractor[DatabaseExtractor](fieldExtractor)
     val db = databaseExtractor(databaseVal)
     if (db.catalog.isEmpty && catalogDesc.nonEmpty) {
       val maybeCatalog = catalogDesc.get.extract(v)
@@ -129,7 +120,7 @@ case class FunctionTypeDesc(
 
   def extract(v: AnyRef, spark: SparkSession): FunctionType = {
     val functionTypeVal = invoke(v, fieldName)
-    val functionTypeExtractor = functionTypeExtractors(fieldExtractor)
+    val functionTypeExtractor = lookupExtractor[FunctionTypeExtractor](fieldExtractor)
     functionTypeExtractor(functionTypeVal, spark)
   }
 
@@ -155,7 +146,7 @@ case class FunctionDesc(
     isInput: Boolean = false) extends Descriptor {
   override def extract(v: AnyRef): Function = {
     val functionVal = invoke(v, fieldName)
-    val functionExtractor = functionExtractors(fieldExtractor)
+    val functionExtractor = lookupExtractor[FunctionExtractor](fieldExtractor)
     var function = functionExtractor(functionVal)
     if (function.database.isEmpty) {
       val maybeDatabase = databaseDesc.map(_.extract(v))
@@ -180,7 +171,7 @@ case class QueryDesc(
     fieldExtractor: String = "LogicalPlanQueryExtractor") extends Descriptor {
   override def extract(v: AnyRef): Option[LogicalPlan] = {
     val queryVal = invoke(v, fieldName)
-    val queryExtractor = queryExtractors(fieldExtractor)
+    val queryExtractor = lookupExtractor[QueryExtractor](fieldExtractor)
     queryExtractor(queryVal)
   }
 }
@@ -202,7 +193,7 @@ case class TableTypeDesc(
 
   def extract(v: AnyRef, spark: SparkSession): TableType = {
     val tableTypeVal = invoke(v, fieldName)
-    val tableTypeExtractor = tableTypeExtractors(fieldExtractor)
+    val tableTypeExtractor = lookupExtractor[TableTypeExtractor](fieldExtractor)
     tableTypeExtractor(tableTypeVal, spark)
   }
 
@@ -240,7 +231,7 @@ case class TableDesc(
 
   def extract(v: AnyRef, spark: SparkSession): Option[Table] = {
     val tableVal = invoke(v, fieldName)
-    val tableExtractor = tableExtractors(fieldExtractor)
+    val tableExtractor = lookupExtractor[TableExtractor](fieldExtractor)
     val maybeTable = tableExtractor(spark, tableVal)
     maybeTable.map { t =>
       if (t.catalog.isEmpty && catalogDesc.nonEmpty) {
@@ -267,8 +258,8 @@ case class ActionTypeDesc(
   override def extract(v: AnyRef): PrivilegeObjectActionType = {
     actionType.map(PrivilegeObjectActionType.withName).getOrElse {
       val actionTypeVal = invoke(v, fieldName)
-      val extractor = actionTypeExtractors(fieldExtractor)
-      extractor(actionTypeVal)
+      val actionTypeExtractor = lookupExtractor[ActionTypeExtractor](fieldExtractor)
+      actionTypeExtractor(actionTypeVal)
     }
   }
 }
@@ -284,8 +275,8 @@ case class CatalogDesc(
     fieldExtractor: String = "CatalogPluginCatalogExtractor") extends Descriptor {
   override def extract(v: AnyRef): Option[String] = {
     val catalogVal = invoke(v, fieldName)
-    val extractor = catalogExtractors(fieldExtractor)
-    extractor(catalogVal)
+    val catalogExtractor = lookupExtractor[CatalogExtractor](fieldExtractor)
+    catalogExtractor(catalogVal)
   }
 }
 
@@ -303,7 +294,7 @@ case class ScanDesc(
     } else {
       invoke(v, fieldName)
     }
-    val tableExtractor = tableExtractors(fieldExtractor)
+    val tableExtractor = lookupExtractor[TableExtractor](fieldExtractor)
     val maybeTable = tableExtractor(spark, tableVal)
     maybeTable.map { t =>
       if (t.catalog.isEmpty && catalogDesc.nonEmpty) {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala
index f87943943..e48becb32 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/catalogExtractors.scala
@@ -43,7 +43,7 @@ class CatalogPluginOptionCatalogExtractor extends CatalogExtractor {
   override def apply(v1: AnyRef): Option[String] = {
     v1 match {
       case Some(catalogPlugin: AnyRef) =>
-        new CatalogPluginCatalogExtractor().apply(catalogPlugin)
+        lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogPlugin)
       case _ => None
     }
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
index d14ba7805..f952c816e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
@@ -70,7 +70,7 @@ class StringSeqOptionDatabaseExtractor extends DatabaseExtractor {
 class ResolvedNamespaceDatabaseExtractor extends DatabaseExtractor {
   override def apply(v1: AnyRef): Database = {
     val catalogVal = invoke(v1, "catalog")
-    val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+    val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
     val namespace = getFieldVal[Seq[String]](v1, "namespace")
     Database(catalog, quote(namespace))
   }
@@ -82,7 +82,7 @@ class ResolvedNamespaceDatabaseExtractor extends DatabaseExtractor {
 class ResolvedDBObjectNameDatabaseExtractor extends DatabaseExtractor {
   override def apply(v1: AnyRef): Database = {
     val catalogVal = invoke(v1, "catalog")
-    val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+    val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
     val namespace = getFieldVal[Seq[String]](v1, "nameParts")
     Database(catalog, quote(namespace))
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
index 4c5e9dc84..b70410342 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
@@ -53,9 +53,9 @@ class TempMarkerFunctionTypeExtractor extends FunctionTypeExtractor {
  */
 class ExpressionInfoFunctionTypeExtractor extends FunctionTypeExtractor {
   override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
-    val function = new ExpressionInfoFunctionExtractor().apply(v1)
+    val function = lookupExtractor[ExpressionInfoFunctionExtractor].apply(v1)
     val fi = FunctionIdentifier(function.functionName, function.database)
-    new FunctionIdentifierFunctionTypeExtractor().apply(fi, spark)
+    lookupExtractor[FunctionIdentifierFunctionTypeExtractor].apply(fi, spark)
   }
 }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
index d9f646900..c992a231a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
@@ -25,6 +25,15 @@ import com.fasterxml.jackson.module.scala.DefaultScalaModule
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.{OperationType, QUERY}
+import org.apache.kyuubi.plugin.spark.authz.serde.ActionTypeExtractor.actionTypeExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.CatalogExtractor.catalogExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.ColumnExtractor.columnExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.DatabaseExtractor.dbExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.functionExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.functionTypeExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor.queryExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor.tableExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.TableTypeExtractor.tableTypeExtractors
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 package object serde {
@@ -82,4 +91,33 @@ package object serde {
       .map(s => s.operationType)
       .getOrElse(QUERY)
   }
+
+  /**
+   * get extractor instance by extractor class name
+   * @param extractorKey explicitly load extractor by its simple class name.
+   *                           null by default means get extractor by extractor class.
+   * @param ct class tag of extractor class type
+   * @tparam T extractor class type
+   * @return
+   */
+  def lookupExtractor[T <: Extractor](extractorKey: String)(
+      implicit ct: ClassTag[T]): T = {
+    val extractorClass = ct.runtimeClass
+    val extractors: Map[String, Extractor] = extractorClass match {
+      case c if classOf[CatalogExtractor].isAssignableFrom(c) => catalogExtractors
+      case c if classOf[DatabaseExtractor].isAssignableFrom(c) => dbExtractors
+      case c if classOf[TableExtractor].isAssignableFrom(c) => tableExtractors
+      case c if classOf[TableTypeExtractor].isAssignableFrom(c) => tableTypeExtractors
+      case c if classOf[ColumnExtractor].isAssignableFrom(c) => columnExtractors
+      case c if classOf[QueryExtractor].isAssignableFrom(c) => queryExtractors
+      case c if classOf[FunctionExtractor].isAssignableFrom(c) => functionExtractors
+      case c if classOf[FunctionTypeExtractor].isAssignableFrom(c) => functionTypeExtractors
+      case c if classOf[ActionTypeExtractor].isAssignableFrom(c) => actionTypeExtractors
+      case _ => throw new IllegalArgumentException(s"Unknown extractor type: $ct")
+    }
+    extractors(extractorKey).asInstanceOf[T]
+  }
+
+  def lookupExtractor[T <: Extractor](implicit ct: ClassTag[T]): T =
+    lookupExtractor[T](ct.runtimeClass.getSimpleName)(ct)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 8743f054d..4579349ee 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -88,7 +88,7 @@ class CatalogTableTableExtractor extends TableExtractor {
 class CatalogTableOptionTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
     val catalogTable = v1.asInstanceOf[Option[CatalogTable]]
-    catalogTable.flatMap(new CatalogTableTableExtractor().apply(spark, _))
+    catalogTable.flatMap(lookupExtractor[CatalogTableTableExtractor].apply(spark, _))
   }
 }
 
@@ -98,9 +98,9 @@ class CatalogTableOptionTableExtractor extends TableExtractor {
 class ResolvedTableTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
     val catalogVal = invoke(v1, "catalog")
-    val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+    val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
     val identifier = invoke(v1, "identifier")
-    val maybeTable = new IdentifierTableExtractor().apply(spark, identifier)
+    val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, identifier)
     val maybeOwner = TableExtractor.getOwner(v1)
     maybeTable.map(_.copy(catalog = catalog, owner = maybeOwner))
   }
@@ -129,10 +129,10 @@ class DataSourceV2RelationTableExtractor extends TableExtractor {
       case Some(v2Relation) =>
         val maybeCatalogPlugin = invokeAs[Option[AnyRef]](v2Relation, "catalog")
         val maybeCatalog = maybeCatalogPlugin.flatMap(catalogPlugin =>
-          new CatalogPluginCatalogExtractor().apply(catalogPlugin))
+          lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogPlugin))
         val maybeIdentifier = invokeAs[Option[AnyRef]](v2Relation, "identifier")
         maybeIdentifier.flatMap { id =>
-          val maybeTable = new IdentifierTableExtractor().apply(spark, id)
+          val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, id)
           val maybeOwner = TableExtractor.getOwner(v2Relation)
           maybeTable.map(_.copy(catalog = maybeCatalog, owner = maybeOwner))
         }
@@ -147,7 +147,7 @@ class LogicalRelationTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
     val maybeCatalogTable = invokeAs[Option[AnyRef]](v1, "catalogTable")
     maybeCatalogTable.flatMap { ct =>
-      new CatalogTableTableExtractor().apply(spark, ct)
+      lookupExtractor[CatalogTableTableExtractor].apply(spark, ct)
     }
   }
 }
@@ -158,7 +158,7 @@ class LogicalRelationTableExtractor extends TableExtractor {
 class ResolvedDbObjectNameTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
     val catalogVal = invoke(v1, "catalog")
-    val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+    val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
     val nameParts = invokeAs[Seq[String]](v1, "nameParts")
     val namespace = nameParts.init.toArray
     val table = nameParts.last
@@ -174,9 +174,9 @@ class ResolvedIdentifierTableExtractor extends TableExtractor {
     v1.getClass.getName match {
       case "org.apache.spark.sql.catalyst.analysis.ResolvedIdentifier" =>
         val catalogVal = invoke(v1, "catalog")
-        val catalog = new CatalogPluginCatalogExtractor().apply(catalogVal)
+        val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
         val identifier = invoke(v1, "identifier")
-        val maybeTable = new IdentifierTableExtractor().apply(spark, identifier)
+        val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, identifier)
         maybeTable.map(_.copy(catalog = catalog))
       case _ => None
     }

From 3692e20b1f6684062ea79787bdd0a757ea4ea9bb Mon Sep 17 00:00:00 2001
From: lightning_L <tiliao@ebay.com>
Date: Mon, 5 Jun 2023 18:59:09 +0800
Subject: [PATCH 420/760] [KYUUBI #4876] fix Flaky test
 BackendServiceMetricSuite (#4924)

merging to master
---
 .../org/apache/kyuubi/server/BackendServiceMetricSuite.scala    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
index 9745917dd..112f9d26f 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
@@ -67,7 +67,7 @@ class BackendServiceMetricSuite extends WithKyuubiServer with HiveJDBCTestHelper
         val res = objMapper.readTree(Paths.get(reportPath.toString, "report.json").toFile)
         val timer = res.get("timers")
         assert(timer.get(BS_OPEN_SESSION).get("count").asInt() == 1)
-        assert(timer.get(BS_OPEN_SESSION).get("min").asInt() > 0)
+        assert(timer.get(BS_OPEN_SESSION).get("min").asDouble() > 0)
         val execStatementNode = timer.get(BS_EXECUTE_STATEMENT)
         assert(execStatementNode.get("count").asInt() == 3)
         assert(

From f040d7ca25e87d1ae67d4ef38f24199a95da7f6e Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Mon, 5 Jun 2023 19:21:48 +0800
Subject: [PATCH 421/760] [KYUUBI #4923] [ARROW] Update arguments of
 `ArrowUtils#toArrowSchema` function

### _Why are the changes needed?_

to adapt Spark 3.5, the new conf `spark.sql.execution.arrow.useLargeVarType` was introduced  in https://github.com/apache/spark/pull/39572

the signature of function `ArrowUtils#toArrowSchema` before

```scala
   def toArrowSchema(
       schema: StructType,
       timeZoneId: String,
       errorOnDuplicatedFieldNames: Boolean): Schema
```

after

```scala
  def toArrowSchema(
      schema: StructType,
      timeZoneId: String,
      errorOnDuplicatedFieldNames: Boolean,
      largeVarTypes: Boolean = false): Schema
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4923 from cfmcgrady/arrow-toArrowSchema.

Closes #4923

3806494a5 [Fu Chen] Update Arguments of ArrowUtils#toArrowSchema Function

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../spark/operation/ExecuteStatement.scala       | 16 ++++++++++++++++
 .../execution/arrow/KyuubiArrowConverters.scala  | 11 +++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
index 659cf0a61..17d8a7412 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/ExecuteStatement.scala
@@ -28,6 +28,7 @@ import org.apache.spark.sql.types._
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_RESULT_MAX_ROWS
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil._
+import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.{ArrayFetchIterator, FetchIterator, IterableFetchIterator, OperationHandle, OperationState}
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
@@ -185,6 +186,8 @@ class ArrowBasedExecuteStatement(
     incrementalCollect,
     handle) {
 
+  checkUseLargeVarType()
+
   override protected def incrementalCollectResult(resultDF: DataFrame): Iterator[Any] = {
     toArrowBatchLocalIterator(convertComplexType(resultDF))
   }
@@ -204,4 +207,17 @@ class ArrowBasedExecuteStatement(
   private def convertComplexType(df: DataFrame): DataFrame = {
     convertTopLevelComplexTypeToHiveString(df, timestampAsString)
   }
+
+  def checkUseLargeVarType(): Unit = {
+    // TODO: largeVarType support, see SPARK-39979.
+    val useLargeVarType = session.asInstanceOf[SparkSessionImpl].spark
+      .conf
+      .get("spark.sql.execution.arrow.useLargeVarType", "false")
+      .toBoolean
+    if (useLargeVarType) {
+      throw new KyuubiSQLException(
+        "`spark.sql.execution.arrow.useLargeVarType = true` not support now.",
+        null)
+    }
+  }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index 35fa09b61..f78552602 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -64,7 +64,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       "slice",
       0,
       Long.MaxValue)
-    val arrowSchema = toArrowSchema(schema, timeZoneId, true)
+    val arrowSchema = toArrowSchema(schema, timeZoneId, true, false)
     vectorSchemaRoot = VectorSchemaRoot.create(arrowSchema, sliceAllocator)
     try {
       val recordBatch = MessageSerializer.deserializeRecordBatch(
@@ -242,7 +242,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       context: TaskContext)
     extends Iterator[Array[Byte]] {
 
-    protected val arrowSchema = toArrowSchema(schema, timeZoneId, true)
+    protected val arrowSchema = toArrowSchema(schema, timeZoneId, true, false)
     private val allocator =
       ArrowUtils.rootAllocator.newChildAllocator(
         s"to${this.getClass.getSimpleName}",
@@ -327,6 +327,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
       "org.apache.spark.sql.util.ArrowUtils",
       classOf[StructType],
       classOf[String],
+      classOf[Boolean],
       classOf[Boolean])
     .build()
 
@@ -336,12 +337,14 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
   private def toArrowSchema(
       schema: StructType,
       timeZone: String,
-      errorOnDuplicatedFieldNames: JBoolean): ArrowSchema = {
+      errorOnDuplicatedFieldNames: JBoolean,
+      largeVarTypes: JBoolean): ArrowSchema = {
     toArrowSchemaMethod.invoke[ArrowSchema](
       ArrowUtils,
       schema,
       timeZone,
-      errorOnDuplicatedFieldNames)
+      errorOnDuplicatedFieldNames,
+      largeVarTypes)
   }
 
   // IpcOption.DEFAULT was introduced in ARROW-11081(ARROW-4.0.0), add this for adapt Spark-3.1/3.2

From f398dc2165749ba816d29fe20b2647aef2c12007 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Tue, 6 Jun 2023 09:41:24 +0800
Subject: [PATCH 422/760] [KYUUBI #4813] Add the fetchorientation parameter to
 the /v1/operations/:operationId/log interface

### _Why are the changes needed?_

to close https://github.com/apache/kyuubi/issues/4732

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4813 from huangzhir/operation_log.

Closes #4813

39dcab61d [huangzhir] remove unrelated code
545efaee6 [huangzhir] remove object lock
f0d090f9a [huangzhir] throw exception if user requests FETCH_PRIOR
162e008a1 [huangzhir] remove FETCH_PRIOR test
3b40f6bac [huangzhir] fix style
78e49698c [huangzhir] add extra log test
68154fecb [huangzhir] Merge remote-tracking branch 'origin/master' into operation_log
21c46c06c [huangzhir] code rewritten ,fetch log only support FETCH_NEXT and FETCH_FIRST
cbd714a2b [huangzhir] Add the operationHandle parameter to the /v1/operations/:operationId/log interface.

Authored-by: huangzhir <306824224@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../kyuubi/operation/OperationManager.scala   |  2 +-
 .../kyuubi/operation/log/OperationLog.scala   | 60 +++++++++++++++----
 .../operation/log/OperationLogSuite.scala     | 43 ++++++++++++-
 .../operation/KyuubiOperationManager.scala    |  2 +-
 .../server/api/v1/OperationsResource.scala    | 13 +++-
 .../api/v1/OperationsResourceSuite.scala      | 41 +++++++++++++
 6 files changed, 144 insertions(+), 17 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
index df45e6dee..3093bcfbe 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
@@ -146,7 +146,7 @@ abstract class OperationManager(name: String) extends AbstractService(name) {
       order: FetchOrientation,
       maxRows: Int): TRowSet = {
     val operationLog = getOperation(opHandle).getOperationLog
-    operationLog.map(_.read(maxRows)).getOrElse {
+    operationLog.map(_.read(order, maxRows)).getOrElse {
       throw KyuubiSQLException(s"$opHandle failed to generate operation log")
     }
   }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
index c25874b20..a68b7441a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
@@ -29,6 +29,7 @@ import scala.collection.mutable.ListBuffer
 import org.apache.hive.service.rpc.thrift.{TColumn, TRow, TRowSet, TStringColumn}
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
+import org.apache.kyuubi.operation.FetchOrientation.{FETCH_FIRST, FETCH_NEXT, FetchOrientation}
 import org.apache.kyuubi.operation.OperationHandle
 import org.apache.kyuubi.session.Session
 import org.apache.kyuubi.util.ThriftUtils
@@ -86,7 +87,7 @@ object OperationLog extends Logging {
 class OperationLog(path: Path) {
 
   private lazy val writer = Files.newBufferedWriter(path, StandardCharsets.UTF_8)
-  private lazy val reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)
+  private var reader: BufferedReader = _
 
   @volatile private var initialized: Boolean = false
 
@@ -95,6 +96,15 @@ class OperationLog(path: Path) {
   private var lastSeekReadPos = 0
   private var seekableReader: SeekableBufferedReader = _
 
+  def getReader(): BufferedReader = {
+    if (reader == null) {
+      try {
+        reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)
+      } catch handleFileNotFound
+    }
+    reader
+  }
+
   def addExtraLog(path: Path): Unit = synchronized {
     try {
       extraReaders += Files.newBufferedReader(path, StandardCharsets.UTF_8)
@@ -138,13 +148,15 @@ class OperationLog(path: Path) {
           i += 1
         }
       } while ((i < lastRows || maxRows <= 0) && line != null)
-      (logs, i)
-    } catch {
-      case e: IOException =>
-        val absPath = path.toAbsolutePath
-        val opHandle = absPath.getFileName
-        throw KyuubiSQLException(s"Operation[$opHandle] log file $absPath is not found", e)
-    }
+    } catch handleFileNotFound
+    (logs, i)
+  }
+
+  private def handleFileNotFound: PartialFunction[Throwable, Unit] = {
+    case e: IOException =>
+      val absPath = path.toAbsolutePath
+      val opHandle = absPath.getFileName
+      throw KyuubiSQLException(s"Operation[$opHandle] log file $absPath is not found", e)
   }
 
   private def toRowSet(logs: JList[String]): TRowSet = {
@@ -154,14 +166,25 @@ class OperationLog(path: Path) {
     tRow
   }
 
+  def read(maxRows: Int): TRowSet = synchronized {
+    read(FETCH_NEXT, maxRows)
+  }
+
   /**
    * Read to log file line by line
    *
    * @param maxRows maximum result number can reach
+   * @param order   the  fetch orientation of the result, can be FETCH_NEXT, FETCH_FIRST
    */
-  def read(maxRows: Int): TRowSet = synchronized {
+  def read(order: FetchOrientation = FETCH_NEXT, maxRows: Int): TRowSet = synchronized {
     if (!initialized) return ThriftUtils.newEmptyRowSet
-    val (logs, lines) = readLogs(reader, maxRows, maxRows)
+    if (order != FETCH_NEXT && order != FETCH_FIRST) {
+      throw KyuubiSQLException(s"$order in operation log is not supported")
+    }
+    if (order == FETCH_FIRST) {
+      resetReader()
+    }
+    val (logs, lines) = readLogs(getReader(), maxRows, maxRows)
     var lastRows = maxRows - lines
     for (extraReader <- extraReaders if lastRows > 0 || maxRows <= 0) {
       val (extraLogs, extraRows) = readLogs(extraReader, lastRows, maxRows)
@@ -172,6 +195,19 @@ class OperationLog(path: Path) {
     toRowSet(logs)
   }
 
+  private def resetReader(): Unit = {
+    trySafely {
+      if (reader != null) {
+        reader.close()
+      }
+    }
+    reader = null
+    closeExtraReaders()
+    extraReaders.clear()
+    extraPaths.foreach(path =>
+      extraReaders += Files.newBufferedReader(path, StandardCharsets.UTF_8))
+  }
+
   def read(from: Int, size: Int): TRowSet = synchronized {
     if (!initialized) return ThriftUtils.newEmptyRowSet
     var pos = from
@@ -202,7 +238,9 @@ class OperationLog(path: Path) {
     closeExtraReaders()
 
     trySafely {
-      reader.close()
+      if (reader != null) {
+        reader.close()
+      }
     }
     trySafely {
       writer.close()
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
index edc6b3375..570a8159b 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/log/OperationLogSuite.scala
@@ -27,7 +27,7 @@ import org.apache.hive.service.rpc.thrift.{TProtocolVersion, TRowSet}
 
 import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.operation.OperationHandle
+import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
 import org.apache.kyuubi.session.NoopSessionManager
 import org.apache.kyuubi.util.ThriftUtils
 
@@ -237,6 +237,47 @@ class OperationLogSuite extends KyuubiFunSuite {
     }
   }
 
+  test("test fetchOrientation read") {
+    val file = Utils.createTempDir().resolve("f")
+    val file2 = Utils.createTempDir().resolve("extra")
+    val writer = Files.newBufferedWriter(file, StandardCharsets.UTF_8)
+    val writer2 = Files.newBufferedWriter(file2, StandardCharsets.UTF_8)
+    try {
+      0.until(10).foreach(x => writer.write(s"$x\n"))
+      writer.flush()
+      writer.close()
+      10.until(20).foreach(x => writer2.write(s"$x\n"))
+      writer2.flush()
+      writer2.close()
+
+      def compareResult(rows: TRowSet, expected: Seq[String]): Unit = {
+        val res = rows.getColumns.get(0).getStringVal.getValues.asScala
+        assert(res.size == expected.size)
+        res.zip(expected).foreach { case (l, r) =>
+          assert(l == r)
+        }
+      }
+
+      val log = new OperationLog(file)
+      log.addExtraLog(file2)
+      // The operation log file is created externally and should be initialized actively.
+      log.initOperationLogIfNecessary()
+
+      compareResult(
+        log.read(FetchOrientation.FETCH_NEXT, 10),
+        Seq("0", "1", "2", "3", "4", "5", "6", "7", "8", "9"))
+      compareResult(log.read(FetchOrientation.FETCH_NEXT, 5), Seq("10", "11", "12", "13", "14"))
+      compareResult(log.read(FetchOrientation.FETCH_FIRST, 5), Seq("0", "1", "2", "3", "4"))
+      compareResult(
+        log.read(FetchOrientation.FETCH_NEXT, 10),
+        Seq("5", "6", "7", "8", "9", "10", "11", "12", "13", "14"))
+      compareResult(log.read(FetchOrientation.FETCH_NEXT, 10), Seq("15", "16", "17", "18", "19"))
+    } finally {
+      Utils.deleteDirectoryRecursively(file.toFile)
+      Utils.deleteDirectoryRecursively(file2.toFile)
+    }
+  }
+
   test("[KYUUBI #3511] Reading an uninitialized log should return empty rowSet") {
     val sessionManager = new NoopSessionManager
     sessionManager.initialize(KyuubiConf())
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
index 6846d0316..4730d1618 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
@@ -219,7 +219,7 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
     val operation = getOperation(opHandle).asInstanceOf[KyuubiOperation]
     val operationLog = operation.getOperationLog
     operationLog match {
-      case Some(log) => log.read(maxRows)
+      case Some(log) => log.read(order, maxRows)
       case None =>
         val remoteHandle = operation.remoteOpHandle()
         val client = operation.client
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index 70a6d3a28..b55719749 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.server.api.v1
 
-import javax.ws.rs._
+import javax.ws.rs.{BadRequestException, _}
 import javax.ws.rs.core.{MediaType, Response}
 
 import scala.collection.JavaConverters._
@@ -140,15 +140,22 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
   @Path("{operationHandle}/log")
   def getOperationLog(
       @PathParam("operationHandle") operationHandleStr: String,
-      @QueryParam("maxrows") maxRows: Int): OperationLog = {
+      @QueryParam("maxrows") @DefaultValue("100") maxRows: Int,
+      @QueryParam("fetchorientation") @DefaultValue("FETCH_NEXT")
+      fetchOrientation: String): OperationLog = {
     try {
+      if (fetchOrientation != "FETCH_NEXT" && fetchOrientation != "FETCH_FIRST") {
+        throw new BadRequestException(s"$fetchOrientation in operation log is not supported")
+      }
       val rowSet = fe.be.sessionManager.operationManager.getOperationLogRowSet(
         OperationHandle(operationHandleStr),
-        FetchOrientation.FETCH_NEXT,
+        FetchOrientation.withName(fetchOrientation),
         maxRows)
       val logRowSet = rowSet.getColumns.get(0).getStringVal.getValues.asScala
       new OperationLog(logRowSet.asJava, logRowSet.size)
     } catch {
+      case e: BadRequestException =>
+        throw e
       case NonFatal(e) =>
         val errorMsg = s"Error getting operation log for operation handle $operationHandleStr"
         error(errorMsg, e)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
index 51701b231..72cd4d87d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/OperationsResourceSuite.scala
@@ -102,6 +102,47 @@ class OperationsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper
     val logRowSet = response.readEntity(classOf[OperationLog])
     assert(logRowSet.getLogRowSet.asScala.exists(_.contains("show tables")))
     assert(logRowSet.getRowCount === 10)
+
+    val response2 = webTarget.path(
+      s"api/v1/operations/$opHandleStr/log")
+      .queryParam("maxrows", "1000")
+      .queryParam("fetchorientation", "FETCH_NEXT")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(200 == response2.getStatus)
+    val logCount = response2.readEntity(classOf[OperationLog]).getRowCount
+    val totalLogCoung = logCount + 10
+    assert(logCount > 0)
+
+    val response3 = webTarget.path(
+      s"api/v1/operations/$opHandleStr/log")
+      .queryParam("maxrows", "1000")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(200 == response3.getStatus)
+    assert(response3.readEntity(classOf[OperationLog]).getRowCount == 0)
+
+    val response4 = webTarget.path(
+      s"api/v1/operations/$opHandleStr/log")
+      .queryParam("maxrows", "10")
+      .queryParam("fetchorientation", "FETCH_FIRST")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(200 == response4.getStatus)
+    assert(response4.readEntity(classOf[OperationLog]).getRowCount == 10)
+
+    val response5 = webTarget.path(
+      s"api/v1/operations/$opHandleStr/log")
+      .queryParam("maxrows", "10")
+      .queryParam("fetchorientation", "FETCH_PRIOR")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(400 == response5.getStatus)
+    assert(response5.getStatusInfo.getReasonPhrase == "Bad Request")
+
+    val response6 = webTarget.path(
+      s"api/v1/operations/$opHandleStr/log")
+      .queryParam("maxrows", "1000")
+      .queryParam("fetchorientation", "FETCH_NEXT")
+      .request(MediaType.APPLICATION_JSON).get()
+    assert(200 == response6.getStatus)
+    assert(response6.readEntity(classOf[OperationLog]).getRowCount == totalLogCoung - 10)
   }
 
   test("test get result row set") {

From 4cd00a8777043fca4348d2c2f3a2b0b6e358e028 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Tue, 6 Jun 2023 15:17:40 +0800
Subject: [PATCH 423/760] [KYUUBI #3420][UI] Kyuubi Server Proxy Engine UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Kyuubi Server Proxy Engine UI

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

![截屏2023-06-06 10 35 54](https://github.com/apache/kyuubi/assets/52876270/ecbc33aa-11dd-418f-bfef-19aad9e7ea39)

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4795 from zwangsheng/KYUUBI_3420.

Closes #3420

079dc1c60 [zwangsheng] fix frontend unit test case
6e71b4518 [Cheng Pan] fix
cf7ca5145 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
9a91d62a0 [Cheng Pan] polish
a5dcfae18 [zwangsheng] fix
5d4a8c239 [zwangsheng] Rebase
71d22fc9a [zwangsheng] fix
3b0152f33 [zwangsheng] [KYUUBI #3420][UI] Proxy Engnie UI

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 LICENSE-binary                                |  2 +
 dev/dependencyList                            |  2 +
 kyuubi-server/pom.xml                         |  5 ++
 .../server/KyuubiRestFrontendService.scala    |  3 +
 .../server/api/EngineUIProxyServlet.scala     | 65 +++++++++++++++++++
 .../server/api/v1/ApiRootResource.scala       | 11 +++-
 kyuubi-server/web-ui/package.json             |  2 +-
 .../web-ui/src/locales/en_US/index.ts         |  1 +
 .../web-ui/src/locales/zh_CN/index.ts         |  1 +
 .../views/management/engine/index.spec.ts     | 45 +++++++++++++
 .../src/views/management/engine/index.vue     | 29 +++++++++
 pom.xml                                       |  6 ++
 12 files changed, 170 insertions(+), 2 deletions(-)
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
 create mode 100644 kyuubi-server/web-ui/src/test/unit/views/management/engine/index.spec.ts

diff --git a/LICENSE-binary b/LICENSE-binary
index 7322dec51..065fc6499 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -261,6 +261,7 @@ io.etcd:jetcd-api
 io.etcd:jetcd-common
 io.etcd:jetcd-core
 io.etcd:jetcd-grpc
+org.eclipse.jetty:jetty-client
 org.eclipse.jetty:jetty-http
 org.eclipse.jetty:jetty-io
 org.eclipse.jetty:jetty-security
@@ -268,6 +269,7 @@ org.eclipse.jetty:jetty-server
 org.eclipse.jetty:jetty-servlet
 org.eclipse.jetty:jetty-util-ajax
 org.eclipse.jetty:jetty-util
+org.eclipse.jetty:jetty-proxy
 org.apache.thrift:libfb303
 org.apache.thrift:libthrift
 org.apache.logging.log4j:log4j-1.2-api
diff --git a/dev/dependencyList b/dev/dependencyList
index ab80bcfab..6ec0464c0 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -95,8 +95,10 @@ jetcd-api/0.7.3//jetcd-api-0.7.3.jar
 jetcd-common/0.7.3//jetcd-common-0.7.3.jar
 jetcd-core/0.7.3//jetcd-core-0.7.3.jar
 jetcd-grpc/0.7.3//jetcd-grpc-0.7.3.jar
+jetty-client/9.4.51.v20230217//jetty-client-9.4.51.v20230217.jar
 jetty-http/9.4.51.v20230217//jetty-http-9.4.51.v20230217.jar
 jetty-io/9.4.51.v20230217//jetty-io-9.4.51.v20230217.jar
+jetty-proxy/9.4.51.v20230217//jetty-proxy-9.4.51.v20230217.jar
 jetty-security/9.4.51.v20230217//jetty-security-9.4.51.v20230217.jar
 jetty-server/9.4.51.v20230217//jetty-server-9.4.51.v20230217.jar
 jetty-servlet/9.4.51.v20230217//jetty-servlet-9.4.51.v20230217.jar
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 2a7ce2270..e1a9c3312 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -257,6 +257,11 @@
             <artifactId>trino-client</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-proxy</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.glassfish.jersey.test-framework</groupId>
             <artifactId>jersey-test-framework-core</artifactId>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index c9d571008..86cb28aed 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -90,6 +90,9 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
     val authenticationFactory = new KyuubiHttpAuthenticationFactory(conf)
     server.addHandler(authenticationFactory.httpHandlerWrapperFactory.wrapHandler(contextHandler))
 
+    val proxyHandler = ApiRootResource.getEngineUIProxyHandler(this)
+    server.addHandler(authenticationFactory.httpHandlerWrapperFactory.wrapHandler(proxyHandler))
+
     server.addStaticHandler("org/apache/kyuubi/ui/static", "/static/")
     server.addRedirectHandler("/", "/static/")
     server.addRedirectHandler("/static", "/static/")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
new file mode 100644
index 000000000..65fc04f58
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.api
+
+import java.net.URL
+import javax.servlet.http.HttpServletRequest
+
+import org.eclipse.jetty.client.api.Request
+import org.eclipse.jetty.proxy.ProxyServlet
+
+import org.apache.kyuubi.Logging
+
+private[api] class EngineUIProxyServlet extends ProxyServlet with Logging {
+
+  override def rewriteTarget(request: HttpServletRequest): String = {
+    val requestURL = request.getRequestURL
+    val requestURI = request.getRequestURI
+    var targetURL = "/no-ui-error"
+    extractTargetAddress(requestURI).foreach { case (host, port) =>
+      val targetURI = requestURI.stripPrefix(s"/engine-ui/$host:$port") match {
+        // for some reason, the proxy can not handle redirect well, as a workaround,
+        // we simulate the Spark UI redirection behavior and forcibly rewrite the
+        // empty URI to the Spark Jobs page.
+        case "" | "/" => "/jobs/"
+        case path => path
+      }
+      targetURL = new URL("http", host, port, targetURI).toString
+    }
+    debug(s"rewrite $requestURL => $targetURL")
+    targetURL
+  }
+
+  override def addXForwardedHeaders(
+      clientRequest: HttpServletRequest,
+      proxyRequest: Request): Unit = {
+    val requestURI = clientRequest.getRequestURI
+    extractTargetAddress(requestURI).foreach { case (host, port) =>
+      // SPARK-24209: Knox uses X-Forwarded-Context to notify the application the base path
+      proxyRequest.header("X-Forwarded-Context", s"/engine-ui/$host:$port")
+    }
+    super.addXForwardedHeaders(clientRequest, proxyRequest)
+  }
+
+  private val r = "^/engine-ui/([^/:]+):(\\d+)/?.*".r
+  private def extractTargetAddress(requestURI: String): Option[(String, Int)] =
+    requestURI match {
+      case r(host, port) => Some(host -> port.toInt)
+      case _ => None
+    }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
index d8b997e86..fc3150355 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
@@ -30,7 +30,7 @@ import org.glassfish.jersey.servlet.ServletContainer
 import org.apache.kyuubi.KYUUBI_VERSION
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.server.KyuubiRestFrontendService
-import org.apache.kyuubi.server.api.{ApiRequestContext, FrontendServiceContext, OpenAPIConfig}
+import org.apache.kyuubi.server.api.{ApiRequestContext, EngineUIProxyServlet, FrontendServiceContext, OpenAPIConfig}
 
 @Path("/v1")
 private[v1] class ApiRootResource extends ApiRequestContext {
@@ -82,4 +82,13 @@ private[server] object ApiRootResource {
     handler.addServlet(holder, "/*")
     handler
   }
+
+  def getEngineUIProxyHandler(fe: KyuubiRestFrontendService): ServletContextHandler = {
+    val proxyServlet = new EngineUIProxyServlet()
+    val holder = new ServletHolder(proxyServlet)
+    val proxyHandler = new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
+    proxyHandler.setContextPath("/engine-ui");
+    proxyHandler.addServlet(holder, "/*")
+    proxyHandler
+  }
 }
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index 131e69b7f..3814c49cd 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -11,7 +11,7 @@
     "lint": "eslint --ext .ts,vue --ignore-path .gitignore .",
     "lint-fix": "eslint --fix --ext .ts,vue --ignore-path .gitignore .",
     "prettier": "prettier --write \"src/**/*.{vue,ts,tsx}\"",
-    "test": "vitest",
+    "test": "vitest --mode development",
     "coverage": "vitest run --coverage"
   },
   "dependencies": {
diff --git a/kyuubi-server/web-ui/src/locales/en_US/index.ts b/kyuubi-server/web-ui/src/locales/en_US/index.ts
index 0501078d0..e291b62af 100644
--- a/kyuubi-server/web-ui/src/locales/en_US/index.ts
+++ b/kyuubi-server/web-ui/src/locales/en_US/index.ts
@@ -34,6 +34,7 @@ export default {
   engine_type: 'Engine Type',
   share_level: 'Share Level',
   version: 'Version',
+  engine_ui: 'Engine UI',
   operation: {
     text: 'Operation',
     delete_confirm: 'Delete Confirm',
diff --git a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
index 0e7521794..e6dd8fe62 100644
--- a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
+++ b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
@@ -34,6 +34,7 @@ export default {
   engine_type: 'Engine 类型',
   share_level: '共享级别',
   version: '版本',
+  engine_ui: 'Engine UI',
   operation: {
     text: '操作',
     delete_confirm: '确认删除',
diff --git a/kyuubi-server/web-ui/src/test/unit/views/management/engine/index.spec.ts b/kyuubi-server/web-ui/src/test/unit/views/management/engine/index.spec.ts
new file mode 100644
index 000000000..b19c83bd9
--- /dev/null
+++ b/kyuubi-server/web-ui/src/test/unit/views/management/engine/index.spec.ts
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import Engine from '@/views/management/engine/index.vue'
+import { shallowMount } from '@vue/test-utils'
+import { createI18n } from 'vue-i18n'
+import { getStore } from '@/test/unit/utils'
+import { createRouter, createWebHistory } from 'vue-router'
+import ElementPlus from 'element-plus'
+import { expect, test } from 'vitest'
+
+test('proxy ui', async () => {
+  expect(Engine).toBeTruthy()
+  const i18n = createI18n({
+    legacy: false,
+    globalInjection: true
+  })
+
+  const mockRouter = createRouter({ history: createWebHistory(), routes: [] })
+  mockRouter.currentRoute.value.params = {
+    path: '/management/engine'
+  }
+
+  const wrapper = shallowMount(Engine, {
+    global: {
+      plugins: [i18n, mockRouter, getStore(), ElementPlus]
+    }
+  })
+  expect(wrapper.vm.getProxyEngineUI('host:ip')).toEqual(
+    `${import.meta.env.VITE_APP_DEV_WEB_URL}engine-ui/host:ip/`
+  )
+})
diff --git a/kyuubi-server/web-ui/src/views/management/engine/index.vue b/kyuubi-server/web-ui/src/views/management/engine/index.vue
index cecbde709..430482cdd 100644
--- a/kyuubi-server/web-ui/src/views/management/engine/index.vue
+++ b/kyuubi-server/web-ui/src/views/management/engine/index.vue
@@ -81,6 +81,22 @@
       <el-table-column fixed="right" :label="$t('operation.text')" width="120">
         <template #default="scope">
           <el-space wrap>
+            <el-tooltip
+              effect="dark"
+              :content="
+                $t('engine_ui') +
+                ': ' +
+                scope.row.attributes['kyuubi.engine.url']
+              "
+              placement="top">
+              <el-button
+                type="primary"
+                icon="Link"
+                circle
+                @click="
+                  openEngineUI(scope.row.attributes['kyuubi.engine.url'])
+                " />
+            </el-tooltip>
             <el-popconfirm
               :title="$t('operation.delete_confirm')"
               @confirm="handleDeleteEngine(scope.row)">
@@ -152,7 +168,20 @@
       })
   }
 
+  function getProxyEngineUI(url: string): string {
+    url = (url || '').replaceAll(/http:|https:/gi, '')
+    return `${import.meta.env.VITE_APP_DEV_WEB_URL}engine-ui/${url}/`
+  }
+
+  function openEngineUI(url: string) {
+    window.open(getProxyEngineUI(url))
+  }
+
   init()
+  // export for test
+  defineExpose({
+    getProxyEngineUI
+  })
 </script>
 
 <style scoped lang="scss">
diff --git a/pom.xml b/pom.xml
index fa1cc7c02..3b08ef622 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1030,6 +1030,12 @@
                 <version>${jetty.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-proxy</artifactId>
+                <version>${jetty.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>org.scalatest</groupId>
                 <artifactId>scalatest_${scala.binary.version}</artifactId>

From 408862af72db02cd7ae2074c19f24172a24d7db7 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Tue, 6 Jun 2023 17:47:19 +0800
Subject: [PATCH 424/760] [KYUUBI #4814] Introduce Apache Atlas hook support in
 lineage plugin

### _Why are the changes needed?_

Implements AtlasLineageDispatcher to send lineage to Apache Atlas.

close #4814

Atlas Spark Model Definition: https://github.com/apache/atlas/blob/master/addons/models/1000-Hadoop/1100-spark_model.json

spark process:

![1](https://github.com/apache/kyuubi/assets/17894939/28e2c68c-0ffd-4f1d-b805-a7e964f85aab)

table lineage:

![2](https://github.com/apache/kyuubi/assets/17894939/76b3db6d-ed50-42e3-97cf-2f96d4e403df)

column lineage:

![3](https://github.com/apache/kyuubi/assets/17894939/41ae6ef8-acbf-43b9-ad05-42d669c5e950)

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [X] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4815 from wForget/KYUUBI-4814.

Closes #4814

3df8a7ec9 [wforget] comments
c58eae7c5 [wforget] comments
926bcf211 [wforget] comment
e0b4067c3 [wforget] comment
e4cc3e3f8 [wforget] comments
adc72b96f [Bowen Liang] Update extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
e3bdd1c65 [Bowen Liang] Update extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
baf1711ac [Bowen Liang] Update extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
61e79f3d5 [Bowen Liang] Update extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
541df3780 [Bowen Liang] Update extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
5dd310657 [wforget] fix
cea1e137d [wforget] fix
f028d4b09 [wforget] fix
0c9b4516b [wforget] fix
6f8113032 [wforget] add close atlas client shutdown hook
3f4d2a7db [wforget] add remote user
a0db58afc [wforget] comments
6dd3c66df [wforget] comments
f2b2a30dc [wforget] style
83eb1e481 [wforget] add atlas.column.lineage.enable configuration
0719a2b65 [wforget] doc
05f936005 [wforget] fix
d169b661d [wforget] fix
6da80d742 [wforget] fix
820ae5c5f [wforget] column lineages
dabe8173e [wforget] license
f22e044d2 [wforget] test
b948bce90 [wforget] fix and add test
0aef1be6b [wforget] fix
368b5ab3f [wforget] [KYUUBI-4814] Implements AtlasLineageDispatcher to send lineage to Apache Atlas

Lead-authored-by: wforget <643348094@qq.com>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/extensions/engines/spark/lineage.md      |  22 +++
 extensions/spark/kyuubi-spark-lineage/pom.xml |  86 +++++++++-
 .../plugin/lineage/LineageDispatcher.scala    |   2 +
 .../lineage/LineageDispatcherType.scala       |   2 +-
 .../dispatcher/atlas/AtlasClient.scala        |  96 +++++++++++
 .../dispatcher/atlas/AtlasClientConf.scala    |  57 +++++++
 .../dispatcher/atlas/AtlasEntityHelper.scala  | 158 ++++++++++++++++++
 .../atlas/AtlasLineageDispatcher.scala        |  49 ++++++
 .../dispatcher/atlas/ConfigEntry.scala        |  20 +++
 .../lineage/helper/SparkListenerHelper.scala  |   9 +
 .../spark/kyuubi/lineage/LineageConf.scala    |   1 +
 .../resources/atlas-application.properties    |  18 ++
 .../atlas/AtlasLineageDispatcherSuite.scala   | 153 +++++++++++++++++
 pom.xml                                       |   1 +
 14 files changed, 666 insertions(+), 8 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClient.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClientConf.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcher.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/ConfigEntry.scala
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/test/resources/atlas-application.properties
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala

diff --git a/docs/extensions/engines/spark/lineage.md b/docs/extensions/engines/spark/lineage.md
index 665929e9f..01acd884d 100644
--- a/docs/extensions/engines/spark/lineage.md
+++ b/docs/extensions/engines/spark/lineage.md
@@ -185,6 +185,7 @@ The lineage dispatchers are used to dispatch lineage events, configured via `spa
 <ul>
   <li>SPARK_EVENT (by default): send lineage event to spark event bus</li>
   <li>KYUUBI_EVENT: send lineage event to kyuubi event bus</li>
+  <li>ATLAS: send lineage to apache atlas</li>
 </ul>
 
 #### Get Lineage Events from SparkListener
@@ -207,3 +208,24 @@ spark.sparkContext.addSparkListener(new SparkListener {
 #### Get Lineage Events from Kyuubi EventHandler
 
 When using the `KYUUBI_EVENT` dispatcher, the lineage events will be sent to the Kyuubi `EventBus`. Refer to [Kyuubi Event Handler](../../server/events) to handle kyuubi events.
+
+#### Ingest Lineage Entities to Apache Atlas
+
+The lineage entities can be ingested into [Apache Atlas](https://atlas.apache.org/) using the `ATLAS` dispatcher.
+
+Extra works:
+
++ The least transitive dependencies needed, which are under `./extensions/spark/kyuubi-spark-lineage/target/scala-${scala.binary.version}/jars`
++ Use `spark.files` to specify the `atlas-application.properties` configuration file for Atlas
+
+Atlas Client configurations (Configure in `atlas-application.properties` or passed in `spark.atlas.` prefix):
+
+|                  Name                   |     Default Value      |                      Description                      | Since |
+|-----------------------------------------|------------------------|-------------------------------------------------------|-------|
+| atlas.rest.address                      | http://localhost:21000 | The rest endpoint url for the Atlas server            | 1.8.0 |
+| atlas.client.type                       | rest                   | The client type (currently only supports rest)        | 1.8.0 |
+| atlas.client.username                   | none                   | The client username                                   | 1.8.0 |
+| atlas.client.password                   | none                   | The client password                                   | 1.8.0 |
+| atlas.cluster.name                      | primary                | The cluster name to use in qualifiedName of entities. | 1.8.0 |
+| atlas.hook.spark.column.lineage.enabled | true                   | Whether to ingest column lineages to Atlas.           | 1.8.0 |
+
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index 2a7ba7773..760b0cc08 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -59,7 +59,85 @@
         <dependency>
             <groupId>commons-collections</groupId>
             <artifactId>commons-collections</artifactId>
-            <scope>test</scope>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.atlas</groupId>
+            <artifactId>atlas-client-v2</artifactId>
+            <version>${atlas.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>jul-to-slf4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-context</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.commons</groupId>
+                    <artifactId>commons-text</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -89,12 +167,6 @@
             <artifactId>spark-hive_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
-
-        <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala
index 8f5dc0d9e..b993f1428 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcher.scala
@@ -20,6 +20,7 @@ package org.apache.kyuubi.plugin.lineage
 import org.apache.spark.sql.execution.QueryExecution
 
 import org.apache.kyuubi.plugin.lineage.dispatcher.{KyuubiEventDispatcher, SparkEventDispatcher}
+import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasLineageDispatcher
 
 trait LineageDispatcher {
 
@@ -35,6 +36,7 @@ object LineageDispatcher {
     LineageDispatcherType.withName(dispatcherType) match {
       case LineageDispatcherType.SPARK_EVENT => new SparkEventDispatcher()
       case LineageDispatcherType.KYUUBI_EVENT => new KyuubiEventDispatcher()
+      case LineageDispatcherType.ATLAS => new AtlasLineageDispatcher()
       case _ => throw new UnsupportedOperationException(
           s"Unsupported lineage dispatcher: $dispatcherType.")
     }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala
index d6afea152..8e07f6d77 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageDispatcherType.scala
@@ -20,5 +20,5 @@ package org.apache.kyuubi.plugin.lineage
 object LineageDispatcherType extends Enumeration {
   type LineageDispatcherType = Value
 
-  val SPARK_EVENT, KYUUBI_EVENT = Value
+  val SPARK_EVENT, KYUUBI_EVENT, ATLAS = Value
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClient.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClient.scala
new file mode 100644
index 000000000..15b127182
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClient.scala
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
+
+import java.util.Locale
+
+import com.google.common.annotations.VisibleForTesting
+import org.apache.atlas.AtlasClientV2
+import org.apache.atlas.model.instance.AtlasEntity
+import org.apache.atlas.model.instance.AtlasEntity.AtlasEntitiesWithExtInfo
+import org.apache.commons.lang3.StringUtils
+import org.apache.hadoop.util.ShutdownHookManager
+
+import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasClientConf._
+
+trait AtlasClient extends AutoCloseable {
+  def send(entities: Seq[AtlasEntity]): Unit
+}
+
+class AtlasRestClient(conf: AtlasClientConf) extends AtlasClient {
+
+  private val atlasClient: AtlasClientV2 = {
+    val serverUrl = conf.get(ATLAS_REST_ENDPOINT).split(",")
+    val username = conf.get(CLIENT_USERNAME)
+    val password = conf.get(CLIENT_PASSWORD)
+    if (StringUtils.isNoneBlank(username, password)) {
+      new AtlasClientV2(serverUrl, Array(username, password))
+    } else {
+      new AtlasClientV2(serverUrl: _*)
+    }
+  }
+
+  override def send(entities: Seq[AtlasEntity]): Unit = {
+    val entitiesWithExtInfo = new AtlasEntitiesWithExtInfo()
+    entities.foreach(entitiesWithExtInfo.addEntity)
+    atlasClient.createEntities(entitiesWithExtInfo)
+  }
+
+  override def close(): Unit = {
+    if (atlasClient != null) {
+      atlasClient.close()
+    }
+  }
+}
+
+object AtlasClient {
+
+  @volatile private var client: AtlasClient = _
+
+  def getClient(): AtlasClient = {
+    if (client == null) {
+      AtlasClient.synchronized {
+        if (client == null) {
+          val clientConf = AtlasClientConf.getConf()
+          client = clientConf.get(CLIENT_TYPE).toLowerCase(Locale.ROOT) match {
+            case "rest" => new AtlasRestClient(clientConf)
+            case unknown => throw new RuntimeException(s"Unsupported client type: $unknown.")
+          }
+          registerCleanupShutdownHook(client)
+        }
+      }
+    }
+    client
+  }
+
+  private def registerCleanupShutdownHook(client: AtlasClient): Unit = {
+    ShutdownHookManager.get.addShutdownHook(
+      () => {
+        if (client != null) {
+          client.close()
+        }
+      },
+      Integer.MAX_VALUE)
+  }
+
+  @VisibleForTesting
+  private[dispatcher] def setClient(newClient: AtlasClient): Unit = {
+    client = newClient
+  }
+
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClientConf.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClientConf.scala
new file mode 100644
index 000000000..03b1a83e0
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasClientConf.scala
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
+
+import org.apache.atlas.ApplicationProperties
+import org.apache.commons.configuration.Configuration
+import org.apache.spark.kyuubi.lineage.SparkContextHelper
+
+class AtlasClientConf(configuration: Configuration) {
+
+  def get(entry: ConfigEntry): String = {
+    configuration.getProperty(entry.key) match {
+      case s: String => s
+      case l: List[_] => l.mkString(",")
+      case o if o != null => o.toString
+      case _ => entry.defaultValue
+    }
+  }
+
+}
+
+object AtlasClientConf {
+
+  private lazy val clientConf: AtlasClientConf = {
+    val conf = ApplicationProperties.get()
+    SparkContextHelper.globalSparkContext.getConf.getAllWithPrefix("spark.atlas.")
+      .foreach { case (k, v) => conf.setProperty(s"atlas.$k", v) }
+    new AtlasClientConf(conf)
+  }
+
+  def getConf(): AtlasClientConf = clientConf
+
+  val ATLAS_REST_ENDPOINT = ConfigEntry("atlas.rest.address", "http://localhost:21000")
+
+  val CLIENT_TYPE = ConfigEntry("atlas.client.type", "rest")
+  val CLIENT_USERNAME = ConfigEntry("atlas.client.username", null)
+  val CLIENT_PASSWORD = ConfigEntry("atlas.client.password", null)
+
+  val CLUSTER_NAME = ConfigEntry("atlas.cluster.name", "primary")
+
+  val COLUMN_LINEAGE_ENABLED = ConfigEntry("atlas.hook.spark.column.lineage.enabled", "true")
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
new file mode 100644
index 000000000..9575b5258
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
+
+import scala.collection.JavaConverters._
+
+import org.apache.atlas.model.instance.{AtlasEntity, AtlasObjectId, AtlasRelatedObjectId}
+import org.apache.spark.kyuubi.lineage.SparkContextHelper
+import org.apache.spark.sql.execution.QueryExecution
+
+import org.apache.kyuubi.plugin.lineage.Lineage
+import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper
+
+/**
+ * The helpers for Atlas spark entities from Lineage.
+ * The Atlas spark models refer to :
+ *    https://github.com/apache/atlas/blob/master/addons/models/1000-Hadoop/1100-spark_model.json
+ */
+object AtlasEntityHelper {
+
+  /**
+   * Generate `spark_process` Atlas Entity from Lineage.
+   * @param qe
+   * @param lineage
+   * @return
+   */
+  def processEntity(qe: QueryExecution, lineage: Lineage): AtlasEntity = {
+    val entity = new AtlasEntity(PROCESS_TYPE)
+
+    val appId = SparkContextHelper.globalSparkContext.applicationId
+    val appName = SparkContextHelper.globalSparkContext.appName match {
+      case "Spark shell" => s"Spark Job $appId"
+      case default => s"$default $appId"
+    }
+
+    entity.setAttribute("qualifiedName", appId)
+    entity.setAttribute("name", appName)
+    entity.setAttribute("currUser", SparkListenerHelper.currentUser)
+    SparkListenerHelper.sessionUser.foreach(entity.setAttribute("remoteUser", _))
+    entity.setAttribute("executionId", qe.id)
+    entity.setAttribute("details", qe.toString())
+    entity.setAttribute("sparkPlanDescription", qe.sparkPlan.toString())
+
+    // TODO add entity type instead of parsing from string
+    val inputs = lineage.inputTables.flatMap(tableObjectId).map { objId =>
+      relatedObjectId(objId, RELATIONSHIP_DATASET_PROCESS_INPUTS)
+    }
+    val outputs = lineage.outputTables.flatMap(tableObjectId).map { objId =>
+      relatedObjectId(objId, RELATIONSHIP_PROCESS_DATASET_OUTPUTS)
+    }
+
+    entity.setRelationshipAttribute("inputs", inputs.asJava)
+    entity.setRelationshipAttribute("outputs", outputs.asJava)
+
+    entity
+  }
+
+  /**
+   * Generate `spark_column_lineage` Atlas Entity from Lineage.
+   * @param processEntity
+   * @param lineage
+   * @return
+   */
+  def columnLineageEntities(processEntity: AtlasEntity, lineage: Lineage): Seq[AtlasEntity] = {
+    lineage.columnLineage.flatMap(columnLineage => {
+      val inputs = columnLineage.originalColumns.flatMap(columnObjectId).map { objId =>
+        relatedObjectId(objId, RELATIONSHIP_DATASET_PROCESS_INPUTS)
+      }
+      val outputs = Option(columnLineage.column).flatMap(columnObjectId).map { objId =>
+        relatedObjectId(objId, RELATIONSHIP_PROCESS_DATASET_OUTPUTS)
+      }.toSeq
+
+      if (inputs.nonEmpty && outputs.nonEmpty) {
+        val entity = new AtlasEntity(COLUMN_LINEAGE_TYPE)
+        val qualifiedName =
+          s"${processEntity.getAttribute("qualifiedName")}:${columnLineage.column}"
+        entity.setAttribute("qualifiedName", qualifiedName)
+        entity.setAttribute("name", qualifiedName)
+        entity.setRelationshipAttribute("inputs", inputs.asJava)
+        entity.setRelationshipAttribute("outputs", outputs.asJava)
+        entity.setRelationshipAttribute(
+          "process",
+          relatedObjectId(objectId(processEntity), RELATIONSHIP_SPARK_PROCESS_COLUMN_LINEAGE))
+        Some(entity)
+      } else {
+        None
+      }
+    })
+  }
+
+  def tableObjectId(tableName: String): Option[AtlasObjectId] = {
+    val dbTb = tableName.split('.')
+    if (dbTb.length == 2) {
+      val qualifiedName = tableQualifiedName(cluster, dbTb(0), dbTb(1))
+      // TODO parse datasource type
+      Some(new AtlasObjectId(HIVE_TABLE_TYPE, "qualifiedName", qualifiedName))
+    } else {
+      None
+    }
+  }
+
+  def tableQualifiedName(cluster: String, db: String, table: String): String = {
+    s"${db.toLowerCase}.${table.toLowerCase}@$cluster"
+  }
+
+  def columnObjectId(columnName: String): Option[AtlasObjectId] = {
+    val dbTbCol = columnName.split('.')
+    if (dbTbCol.length == 3) {
+      val qualifiedName = columnQualifiedName(cluster, dbTbCol(0), dbTbCol(1), dbTbCol(2))
+      // TODO parse datasource type
+      Some(new AtlasObjectId(HIVE_COLUMN_TYPE, "qualifiedName", qualifiedName))
+    } else {
+      None
+    }
+  }
+
+  def columnQualifiedName(cluster: String, db: String, table: String, column: String): String = {
+    s"${db.toLowerCase}.${table.toLowerCase}.${column.toLowerCase}@$cluster"
+  }
+
+  def objectId(entity: AtlasEntity): AtlasObjectId = {
+    val objId = new AtlasObjectId(entity.getGuid, entity.getTypeName)
+    objId.setUniqueAttributes(Map("qualifiedName" -> entity.getAttribute("qualifiedName")).asJava)
+    objId
+  }
+
+  def relatedObjectId(objectId: AtlasObjectId, relationshipType: String): AtlasRelatedObjectId = {
+    new AtlasRelatedObjectId(objectId, relationshipType)
+  }
+
+  lazy val cluster = AtlasClientConf.getConf().get(AtlasClientConf.CLUSTER_NAME)
+  lazy val columnLineageEnabled =
+    AtlasClientConf.getConf().get(AtlasClientConf.COLUMN_LINEAGE_ENABLED).toBoolean
+
+  val HIVE_TABLE_TYPE = "hive_table"
+  val HIVE_COLUMN_TYPE = "hive_column"
+  val PROCESS_TYPE = "spark_process"
+  val COLUMN_LINEAGE_TYPE = "spark_column_lineage"
+  val RELATIONSHIP_DATASET_PROCESS_INPUTS = "dataset_process_inputs"
+  val RELATIONSHIP_PROCESS_DATASET_OUTPUTS = "process_dataset_outputs"
+  val RELATIONSHIP_SPARK_PROCESS_COLUMN_LINEAGE = "spark_process_column_lineages"
+
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcher.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcher.scala
new file mode 100644
index 000000000..c66b51107
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcher.scala
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
+
+import org.apache.spark.internal.Logging
+import org.apache.spark.sql.execution.QueryExecution
+
+import org.apache.kyuubi.plugin.lineage.{Lineage, LineageDispatcher}
+import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasEntityHelper.columnLineageEnabled
+
+class AtlasLineageDispatcher extends LineageDispatcher with Logging {
+
+  override def send(qe: QueryExecution, lineageOpt: Option[Lineage]): Unit = {
+    try {
+      lineageOpt.filter(l => l.inputTables.nonEmpty || l.outputTables.nonEmpty).foreach(lineage => {
+        val processEntity = AtlasEntityHelper.processEntity(qe, lineage)
+        val columnLineageEntities = if (lineage.columnLineage.nonEmpty && columnLineageEnabled) {
+          AtlasEntityHelper.columnLineageEntities(processEntity, lineage)
+        } else {
+          Seq.empty
+        }
+        AtlasClient.getClient().send(processEntity +: columnLineageEntities)
+      })
+    } catch {
+      case t: Throwable =>
+        logWarning("Send lineage to atlas failed.", t)
+    }
+  }
+
+  override def onFailure(qe: QueryExecution, exception: Exception): Unit = {
+    // ignore
+  }
+
+}
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/ConfigEntry.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/ConfigEntry.scala
new file mode 100644
index 000000000..3f9d9831d
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/ConfigEntry.scala
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
+
+case class ConfigEntry(key: String, defaultValue: String)
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
index 57db55a1e..a1747493e 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
@@ -17,7 +17,9 @@
 
 package org.apache.kyuubi.plugin.lineage.helper
 
+import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SPARK_VERSION
+import org.apache.spark.kyuubi.lineage.SparkContextHelper
 
 import org.apache.kyuubi.util.SemanticVersion
 
@@ -40,4 +42,11 @@ object SparkListenerHelper {
   def isSparkVersionEqualTo(targetVersionString: String): Boolean = {
     SemanticVersion(SPARK_VERSION).isVersionEqualTo(targetVersionString)
   }
+
+  def currentUser: String = UserGroupInformation.getCurrentUser.getShortUserName
+
+  def sessionUser: Option[String] =
+    Option(SparkContextHelper.globalSparkContext.getLocalProperty(KYUUBI_SESSION_USER))
+
+  final val KYUUBI_SESSION_USER = "kyuubi.session.user"
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
index 6fb5399c0..5b7d3dfe1 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
@@ -35,6 +35,7 @@ object LineageConf {
       "`org.apache.kyuubi.plugin.lineage.LineageDispatcher` for dispatching lineage events.<ul>" +
       "<li>SPARK_EVENT: send lineage event to spark event bus</li>" +
       "<li>KYUUBI_EVENT: send lineage event to kyuubi event bus</li>" +
+      "<li>ATLAS: send lineage to apache atlas</li>" +
       "</ul>")
     .version("1.8.0")
     .stringConf
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/resources/atlas-application.properties b/extensions/spark/kyuubi-spark-lineage/src/test/resources/atlas-application.properties
new file mode 100644
index 000000000..e6dc52f98
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/resources/atlas-application.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+atlas.cluster.name=test
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
new file mode 100644
index 000000000..cb98c52ef
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
@@ -0,0 +1,153 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
+
+import java.util
+
+import scala.collection.JavaConverters._
+import scala.collection.immutable.List
+
+import org.apache.atlas.model.instance.{AtlasEntity, AtlasObjectId}
+import org.apache.commons.lang3.StringUtils
+import org.apache.spark.SparkConf
+import org.apache.spark.kyuubi.lineage.LineageConf.{DISPATCHERS, SKIP_PARSING_PERMANENT_VIEW_ENABLED}
+import org.apache.spark.kyuubi.lineage.SparkContextHelper
+import org.apache.spark.sql.SparkListenerExtensionTest
+import org.scalatest.concurrent.PatienceConfiguration.Timeout
+import org.scalatest.time.SpanSugar._
+
+import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.plugin.lineage.Lineage
+import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasEntityHelper.{COLUMN_LINEAGE_TYPE, PROCESS_TYPE}
+import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
+
+class AtlasLineageDispatcherSuite extends KyuubiFunSuite with SparkListenerExtensionTest {
+  val catalogName =
+    if (isSparkVersionAtMost("3.1")) "org.apache.spark.sql.connector.InMemoryTableCatalog"
+    else "org.apache.spark.sql.connector.catalog.InMemoryTableCatalog"
+
+  override protected val catalogImpl: String = "hive"
+
+  override def sparkConf(): SparkConf = {
+    super.sparkConf()
+      .set("spark.sql.catalog.v2_catalog", catalogName)
+      .set(
+        "spark.sql.queryExecutionListeners",
+        "org.apache.kyuubi.plugin.lineage.SparkOperationLineageQueryExecutionListener")
+      .set(DISPATCHERS.key, "ATLAS")
+      .set(SKIP_PARSING_PERMANENT_VIEW_ENABLED.key, "true")
+  }
+
+  override def afterAll(): Unit = {
+    spark.stop()
+    super.afterAll()
+  }
+
+  test("altas lineage capture: insert into select sql") {
+    val mockAtlasClient = new MockAtlasClient()
+    AtlasClient.setClient(mockAtlasClient)
+
+    withTable("test_table0") { _ =>
+      spark.sql("create table test_table0(a string, b int, c int)")
+      spark.sql("create table test_table1(a string, d int)")
+      spark.sql("insert into test_table1 select a, b + c as d from test_table0").collect()
+      val expected = Lineage(
+        List("default.test_table0"),
+        List("default.test_table1"),
+        List(
+          ("default.test_table1.a", Set("default.test_table0.a")),
+          ("default.test_table1.d", Set("default.test_table0.b", "default.test_table0.c"))))
+      eventually(Timeout(5.seconds)) {
+        assert(mockAtlasClient.getEntities != null && mockAtlasClient.getEntities.nonEmpty)
+      }
+      checkAtlasProcessEntity(mockAtlasClient.getEntities.head, expected)
+      checkAtlasColumnLineageEntities(
+        mockAtlasClient.getEntities.head,
+        mockAtlasClient.getEntities.tail,
+        expected)
+    }
+
+  }
+
+  def checkAtlasProcessEntity(entity: AtlasEntity, expected: Lineage): Unit = {
+    assert(entity.getTypeName == PROCESS_TYPE)
+
+    val appId = SparkContextHelper.globalSparkContext.applicationId
+    assert(entity.getAttribute("qualifiedName") == appId)
+    assert(entity.getAttribute("name")
+      == s"${SparkContextHelper.globalSparkContext.appName} $appId")
+    assert(StringUtils.isNotBlank(entity.getAttribute("currUser").asInstanceOf[String]))
+    assert(entity.getAttribute("executionId") != null)
+    assert(StringUtils.isNotBlank(entity.getAttribute("details").asInstanceOf[String]))
+    assert(StringUtils.isNotBlank(entity.getAttribute("sparkPlanDescription").asInstanceOf[String]))
+
+    val inputs = entity.getRelationshipAttribute("inputs")
+      .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
+    val outputs = entity.getRelationshipAttribute("outputs")
+      .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
+    assertResult(expected.inputTables.map(s => s"$s@$cluster"))(inputs)
+    assertResult(expected.outputTables.map(s => s"$s@$cluster"))(outputs)
+  }
+
+  def checkAtlasColumnLineageEntities(
+      processEntity: AtlasEntity,
+      entities: Seq[AtlasEntity],
+      expected: Lineage): Unit = {
+    assert(entities.size == expected.columnLineage.size)
+
+    entities.zip(expected.columnLineage).foreach {
+      case (entity, expectedLineage) =>
+        assert(entity.getTypeName == COLUMN_LINEAGE_TYPE)
+        val expectedQualifiedName =
+          s"${processEntity.getAttribute("qualifiedName")}:${expectedLineage.column}"
+        assert(entity.getAttribute("qualifiedName") == expectedQualifiedName)
+        assert(entity.getAttribute("name") == expectedQualifiedName)
+
+        val inputs = entity.getRelationshipAttribute("inputs")
+          .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
+        assertResult(expectedLineage.originalColumns.map(s => s"$s@$cluster"))(inputs.toSet)
+
+        val outputs = entity.getRelationshipAttribute("outputs")
+          .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
+        assert(outputs.size == 1)
+        assert(s"${expectedLineage.column}@$cluster" == outputs.head)
+
+        assert(getQualifiedName(entity.getRelationshipAttribute("process").asInstanceOf[
+          AtlasObjectId]) == processEntity.getAttribute("qualifiedName"))
+    }
+  }
+
+  // Pre-set cluster name for testing in `test/resources/atlas-application.properties`
+  private val cluster = "test"
+
+  def getQualifiedName(objId: AtlasObjectId): String = {
+    objId.getUniqueAttributes.get("qualifiedName").asInstanceOf[String]
+  }
+
+  class MockAtlasClient() extends AtlasClient {
+    private var _entities: Seq[AtlasEntity] = _
+
+    override def send(entities: Seq[AtlasEntity]): Unit = {
+      _entities = entities
+    }
+
+    def getEntities: Seq[AtlasEntity] = _entities
+
+    override def close(): Unit = {}
+  }
+}
diff --git a/pom.xml b/pom.xml
index 3b08ef622..515c15af9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -123,6 +123,7 @@
         <antlr4.version>4.9.3</antlr4.version>
         <antlr.st4.version>4.3.4</antlr.st4.version>
         <apache.archive.dist>https://archive.apache.org/dist</apache.archive.dist>
+        <atlas.version>2.3.0</atlas.version>
         <bouncycastle.version>1.67</bouncycastle.version>
         <codahale.metrics.version>4.2.8</codahale.metrics.version>
         <commons-cli.version>1.5.0</commons-cli.version>

From d0675a35a749baa45c1fc590cd62425ee23af0aa Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 6 Jun 2023 18:59:18 +0800
Subject: [PATCH 425/760] [KYUUBI #4879] Refactor and promote relection utils
 and cleanup similar reflection methods

### _Why are the changes needed?_

- apply the usage of `ReflectUtils` and `Dyn*` to the modules of engines and plugins (eg. Spark engine, Authz plugin, lineage plugin, beeline)
- remove similar redundant methods for calling reflected methods or getting field values
- unified reflection helper methods with type casting support, as `getField[T]` for getting field values from `getFields`, `invokeAs[T]` for invoking methods in `getMethods`.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4879 from bowenliang123/reflect-use.

Closes #4879

c685fb67d [liangbowen] bug fix for "Cannot bind static field options" when executing "bin/beeline"
fc1fdf1de [liangbowen] import
59c3dd032 [liangbowen] comment
c435c131d [liangbowen] reflect util usage

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/authz/ranger/AccessRequest.scala    |  8 +-
 .../RuleReplaceShowObjectCommands.scala       |  2 +-
 .../plugin/spark/authz/serde/Descriptor.scala | 20 ++--
 .../authz/serde/databaseExtractors.scala      |  8 +-
 .../spark/authz/serde/tableExtractors.scala   | 12 +--
 .../plugin/spark/authz/util/AuthZUtils.scala  | 10 +-
 .../authz/util/RangerConfigProvider.scala     |  8 +-
 .../ranger/RangerSparkExtensionSuite.scala    |  2 +-
 .../helper/SparkSQLLineageParseHelper.scala   | 99 ++++++-------------
 .../jdbc/connection/ConnectionProvider.scala  | 13 +--
 .../scala/org/apache/spark/ui/EngineTab.scala | 23 +++--
 .../apache/kyuubi/KyuubiSQLException.scala    |  8 +-
 .../EngineSecuritySecretProvider.scala        |  8 +-
 .../kyuubi/util/KyuubiHadoopUtils.scala       | 12 +--
 .../ZookeeperDiscoveryClientSuite.scala       | 10 +-
 kyuubi-hive-beeline/pom.xml                   |  6 ++
 .../apache/hive/beeline/KyuubiBeeLine.java    | 57 ++++++-----
 kyuubi-hive-jdbc/pom.xml                      |  5 +
 .../kyuubi/jdbc/hive/KyuubiSQLException.java  |  6 +-
 kyuubi-rest-client/pom.xml                    |  6 ++
 .../auth/SpnegoAuthHeaderGenerator.java       | 20 ++--
 .../apache/kyuubi/plugin/PluginLoader.scala   |  7 +-
 .../kyuubi/util/reflect/ReflectUtils.scala    | 68 ++++++++-----
 .../KubernetesSparkBlockCleanerSuite.scala    |  7 +-
 24 files changed, 219 insertions(+), 206 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
index 7d4999fde..8fc8028e6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessRequest.scala
@@ -50,7 +50,7 @@ object AccessRequest {
         "getRolesFromUserAndGroups",
         (classOf[String], userName),
         (classOf[JSet[String]], userGroups))
-      invoke(req, "setUserRoles", (classOf[JSet[String]], roles))
+      invokeAs[Unit](req, "setUserRoles", (classOf[JSet[String]], roles))
     } catch {
       case _: Exception =>
     }
@@ -61,7 +61,7 @@ object AccessRequest {
     }
     try {
       val clusterName = invokeAs[String](SparkRangerAdminPlugin, "getClusterName")
-      invoke(req, "setClusterName", (classOf[String], clusterName))
+      invokeAs[Unit](req, "setClusterName", (classOf[String], clusterName))
     } catch {
       case _: Exception =>
     }
@@ -74,8 +74,8 @@ object AccessRequest {
 
   private def getUserGroupsFromUserStore(user: UserGroupInformation): Option[JSet[String]] = {
     try {
-      val storeEnricher = invoke(SparkRangerAdminPlugin, "getUserStoreEnricher")
-      val userStore = invoke(storeEnricher, "getRangerUserStore")
+      val storeEnricher = invokeAs[AnyRef](SparkRangerAdminPlugin, "getUserStoreEnricher")
+      val userStore = invokeAs[AnyRef](storeEnricher, "getRangerUserStore")
       val userGroupMapping =
         invokeAs[JHashMap[String, JSet[String]]](userStore, "getUserGroupMapping")
       Some(userGroupMapping.get(user.getShortUserName))
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
index 6e86ab9fb..bf762109c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
@@ -46,7 +46,7 @@ class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
 case class FilteredShowTablesCommand(delegated: RunnableCommand)
   extends FilteredShowObjectCommand(delegated) {
 
-  private val isExtended = getFieldVal[Boolean](delegated, "isExtended")
+  private val isExtended = getField[Boolean](delegated, "isExtended")
 
   override protected def isAllowed(r: Row, ugi: UserGroupInformation): Boolean = {
     val database = r.getString(0)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
index 3eb3fecea..fc660ce14 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
@@ -72,7 +72,7 @@ case class ColumnDesc(
     fieldName: String,
     fieldExtractor: String) extends Descriptor {
   override def extract(v: AnyRef): Seq[String] = {
-    val columnsVal = invoke(v, fieldName)
+    val columnsVal = invokeAs[AnyRef](v, fieldName)
     val columnExtractor = lookupExtractor[ColumnExtractor](fieldExtractor)
     columnExtractor(columnsVal)
   }
@@ -91,7 +91,7 @@ case class DatabaseDesc(
     catalogDesc: Option[CatalogDesc] = None,
     isInput: Boolean = false) extends Descriptor {
   override def extract(v: AnyRef): Database = {
-    val databaseVal = invoke(v, fieldName)
+    val databaseVal = invokeAs[AnyRef](v, fieldName)
     val databaseExtractor = lookupExtractor[DatabaseExtractor](fieldExtractor)
     val db = databaseExtractor(databaseVal)
     if (db.catalog.isEmpty && catalogDesc.nonEmpty) {
@@ -119,7 +119,7 @@ case class FunctionTypeDesc(
   }
 
   def extract(v: AnyRef, spark: SparkSession): FunctionType = {
-    val functionTypeVal = invoke(v, fieldName)
+    val functionTypeVal = invokeAs[AnyRef](v, fieldName)
     val functionTypeExtractor = lookupExtractor[FunctionTypeExtractor](fieldExtractor)
     functionTypeExtractor(functionTypeVal, spark)
   }
@@ -145,7 +145,7 @@ case class FunctionDesc(
     functionTypeDesc: Option[FunctionTypeDesc] = None,
     isInput: Boolean = false) extends Descriptor {
   override def extract(v: AnyRef): Function = {
-    val functionVal = invoke(v, fieldName)
+    val functionVal = invokeAs[AnyRef](v, fieldName)
     val functionExtractor = lookupExtractor[FunctionExtractor](fieldExtractor)
     var function = functionExtractor(functionVal)
     if (function.database.isEmpty) {
@@ -170,7 +170,7 @@ case class QueryDesc(
     fieldName: String,
     fieldExtractor: String = "LogicalPlanQueryExtractor") extends Descriptor {
   override def extract(v: AnyRef): Option[LogicalPlan] = {
-    val queryVal = invoke(v, fieldName)
+    val queryVal = invokeAs[AnyRef](v, fieldName)
     val queryExtractor = lookupExtractor[QueryExtractor](fieldExtractor)
     queryExtractor(queryVal)
   }
@@ -192,7 +192,7 @@ case class TableTypeDesc(
   }
 
   def extract(v: AnyRef, spark: SparkSession): TableType = {
-    val tableTypeVal = invoke(v, fieldName)
+    val tableTypeVal = invokeAs[AnyRef](v, fieldName)
     val tableTypeExtractor = lookupExtractor[TableTypeExtractor](fieldExtractor)
     tableTypeExtractor(tableTypeVal, spark)
   }
@@ -230,7 +230,7 @@ case class TableDesc(
   }
 
   def extract(v: AnyRef, spark: SparkSession): Option[Table] = {
-    val tableVal = invoke(v, fieldName)
+    val tableVal = invokeAs[AnyRef](v, fieldName)
     val tableExtractor = lookupExtractor[TableExtractor](fieldExtractor)
     val maybeTable = tableExtractor(spark, tableVal)
     maybeTable.map { t =>
@@ -257,7 +257,7 @@ case class ActionTypeDesc(
     actionType: Option[String] = None) extends Descriptor {
   override def extract(v: AnyRef): PrivilegeObjectActionType = {
     actionType.map(PrivilegeObjectActionType.withName).getOrElse {
-      val actionTypeVal = invoke(v, fieldName)
+      val actionTypeVal = invokeAs[AnyRef](v, fieldName)
       val actionTypeExtractor = lookupExtractor[ActionTypeExtractor](fieldExtractor)
       actionTypeExtractor(actionTypeVal)
     }
@@ -274,7 +274,7 @@ case class CatalogDesc(
     fieldName: String = "catalog",
     fieldExtractor: String = "CatalogPluginCatalogExtractor") extends Descriptor {
   override def extract(v: AnyRef): Option[String] = {
-    val catalogVal = invoke(v, fieldName)
+    val catalogVal = invokeAs[AnyRef](v, fieldName)
     val catalogExtractor = lookupExtractor[CatalogExtractor](fieldExtractor)
     catalogExtractor(catalogVal)
   }
@@ -292,7 +292,7 @@ case class ScanDesc(
     val tableVal = if (fieldName == null) {
       v
     } else {
-      invoke(v, fieldName)
+      invokeAs[AnyRef](v, fieldName)
     }
     val tableExtractor = lookupExtractor[TableExtractor](fieldExtractor)
     val maybeTable = tableExtractor(spark, tableVal)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
index f952c816e..713d3e3fb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/databaseExtractors.scala
@@ -69,9 +69,9 @@ class StringSeqOptionDatabaseExtractor extends DatabaseExtractor {
  */
 class ResolvedNamespaceDatabaseExtractor extends DatabaseExtractor {
   override def apply(v1: AnyRef): Database = {
-    val catalogVal = invoke(v1, "catalog")
+    val catalogVal = invokeAs[AnyRef](v1, "catalog")
     val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
-    val namespace = getFieldVal[Seq[String]](v1, "namespace")
+    val namespace = getField[Seq[String]](v1, "namespace")
     Database(catalog, quote(namespace))
   }
 }
@@ -81,9 +81,9 @@ class ResolvedNamespaceDatabaseExtractor extends DatabaseExtractor {
  */
 class ResolvedDBObjectNameDatabaseExtractor extends DatabaseExtractor {
   override def apply(v1: AnyRef): Database = {
-    val catalogVal = invoke(v1, "catalog")
+    val catalogVal = invokeAs[AnyRef](v1, "catalog")
     val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
-    val namespace = getFieldVal[Seq[String]](v1, "nameParts")
+    val namespace = getField[Seq[String]](v1, "nameParts")
     Database(catalog, quote(namespace))
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 4579349ee..a8a08ed93 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -47,7 +47,7 @@ object TableExtractor {
    */
   def getOwner(v: AnyRef): Option[String] = {
     // org.apache.spark.sql.connector.catalog.Table
-    val table = invoke(v, "table")
+    val table = invokeAs[AnyRef](v, "table")
     val properties = invokeAs[JMap[String, String]](table, "properties").asScala
     properties.get("owner")
   }
@@ -97,9 +97,9 @@ class CatalogTableOptionTableExtractor extends TableExtractor {
  */
 class ResolvedTableTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
-    val catalogVal = invoke(v1, "catalog")
+    val catalogVal = invokeAs[AnyRef](v1, "catalog")
     val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
-    val identifier = invoke(v1, "identifier")
+    val identifier = invokeAs[AnyRef](v1, "identifier")
     val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, identifier)
     val maybeOwner = TableExtractor.getOwner(v1)
     maybeTable.map(_.copy(catalog = catalog, owner = maybeOwner))
@@ -157,7 +157,7 @@ class LogicalRelationTableExtractor extends TableExtractor {
  */
 class ResolvedDbObjectNameTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
-    val catalogVal = invoke(v1, "catalog")
+    val catalogVal = invokeAs[AnyRef](v1, "catalog")
     val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
     val nameParts = invokeAs[Seq[String]](v1, "nameParts")
     val namespace = nameParts.init.toArray
@@ -173,9 +173,9 @@ class ResolvedIdentifierTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
     v1.getClass.getName match {
       case "org.apache.spark.sql.catalyst.analysis.ResolvedIdentifier" =>
-        val catalogVal = invoke(v1, "catalog")
+        val catalogVal = invokeAs[AnyRef](v1, "catalog")
         val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
-        val identifier = invoke(v1, "identifier")
+        val identifier = invokeAs[AnyRef](v1, "identifier")
         val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, identifier)
         maybeTable.map(_.copy(catalog = catalog))
       case _ => None
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index e13968e2e..9ac3bfef3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -32,6 +32,7 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.util.ReservedKeys._
 import org.apache.kyuubi.util.SemanticVersion
+import org.apache.kyuubi.util.reflect.DynConstructors
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 private[authz] object AuthZUtils {
@@ -61,7 +62,7 @@ private[authz] object AuthZUtils {
   def hasResolvedPermanentView(plan: LogicalPlan): Boolean = {
     plan match {
       case view: View if view.resolved && isSparkV31OrGreater =>
-        !getFieldVal[Boolean](view, "isTempView")
+        !getField[Boolean](view, "isTempView")
       case _ =>
         false
     }
@@ -69,7 +70,12 @@ private[authz] object AuthZUtils {
 
   lazy val isRanger21orGreater: Boolean = {
     try {
-      classOf[RangerBasePlugin].getConstructor(classOf[String], classOf[String], classOf[String])
+      DynConstructors.builder().impl(
+        classOf[RangerBasePlugin],
+        classOf[String],
+        classOf[String],
+        classOf[String])
+        .buildChecked[RangerBasePlugin]()
       true
     } catch {
       case _: NoSuchMethodException =>
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
index cb3a2371b..806914286 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
@@ -34,18 +34,18 @@ trait RangerConfigProvider {
    *         org.apache.ranger.authorization.hadoop.config.RangerConfiguration
    *         for Ranger 2.0 and below
    */
-  def getRangerConf: Configuration = {
+  val getRangerConf: Configuration = {
     if (isRanger21orGreater) {
       // for Ranger 2.1+
       DynMethods.builder("getConfig")
         .impl("org.apache.ranger.plugin.service.RangerBasePlugin")
-        .build()
-        .invoke[Configuration](this)
+        .buildChecked(this)
+        .invoke[Configuration]()
     } else {
       // for Ranger 2.0 and below
       DynMethods.builder("getInstance")
         .impl("org.apache.ranger.authorization.hadoop.config.RangerConfiguration")
-        .buildStatic()
+        .buildStaticChecked()
         .invoke[Configuration]()
     }
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 89b81ccee..b5dcf63cb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -458,7 +458,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
         admin, {
           val hiveTableRelation = sql(s"SELECT * FROM $table")
             .queryExecution.optimizedPlan.collectLeaves().head.asInstanceOf[HiveTableRelation]
-          assert(getFieldVal[Option[Statistics]](hiveTableRelation, "tableStats").nonEmpty)
+          assert(getField[Option[Statistics]](hiveTableRelation, "tableStats").nonEmpty)
         })
     }
   }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index f060cc994..f2806f216 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -18,7 +18,7 @@
 package org.apache.kyuubi.plugin.lineage.helper
 
 import scala.collection.immutable.ListMap
-import scala.util.{Failure, Success, Try}
+import scala.util.Try
 
 import org.apache.spark.internal.Logging
 import org.apache.spark.kyuubi.lineage.{LineageConf, SparkContextHelper}
@@ -38,6 +38,7 @@ import org.apache.spark.sql.execution.datasources.v2.{DataSourceV2Relation, Data
 
 import org.apache.kyuubi.plugin.lineage.Lineage
 import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait LineageParser {
   def sparkSession: SparkSession
@@ -189,7 +190,7 @@ trait LineageParser {
     plan match {
       // For command
       case p if p.nodeName == "CommandResult" =>
-        val commandPlan = getPlanField[LogicalPlan]("commandLogicalPlan", plan)
+        val commandPlan = getField[LogicalPlan](plan, "commandLogicalPlan")
         extractColumnsLineage(commandPlan, parentColumnsLineage)
       case p if p.nodeName == "AlterViewAsCommand" =>
         val query =
@@ -198,22 +199,22 @@ trait LineageParser {
           } else {
             getQuery(plan)
           }
-        val view = getPlanField[TableIdentifier]("name", plan).unquotedString
+        val view = getField[TableIdentifier](plan, "name").unquotedString
         extractColumnsLineage(query, parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$view.${k.name}") -> v
         }
 
       case p
           if p.nodeName == "CreateViewCommand"
-            && getPlanField[ViewType]("viewType", plan) == PersistedView =>
-        val view = getPlanField[TableIdentifier]("name", plan).unquotedString
+            && getField[ViewType](plan, "viewType") == PersistedView =>
+        val view = getField[TableIdentifier](plan, "name").unquotedString
         val outputCols =
-          getPlanField[Seq[(String, Option[String])]]("userSpecifiedColumns", plan).map(_._1)
+          getField[Seq[(String, Option[String])]](plan, "userSpecifiedColumns").map(_._1)
         val query =
           if (isSparkVersionAtMost("3.1")) {
-            sparkSession.sessionState.analyzer.execute(getPlanField[LogicalPlan]("child", plan))
+            sparkSession.sessionState.analyzer.execute(getField[LogicalPlan](plan, "child"))
           } else {
-            getPlanField[LogicalPlan]("plan", plan)
+            getField[LogicalPlan](plan, "plan")
           }
 
         extractColumnsLineage(query, parentColumnsLineage).zipWithIndex.map {
@@ -222,7 +223,7 @@ trait LineageParser {
         }
 
       case p if p.nodeName == "CreateDataSourceTableAsSelectCommand" =>
-        val table = getPlanField[CatalogTable]("table", plan).qualifiedName
+        val table = getField[CatalogTable](plan, "table").qualifiedName
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -230,7 +231,7 @@ trait LineageParser {
       case p
           if p.nodeName == "CreateHiveTableAsSelectCommand" ||
             p.nodeName == "OptimizedCreateHiveTableAsSelectCommand" =>
-        val table = getPlanField[CatalogTable]("tableDesc", plan).qualifiedName
+        val table = getField[CatalogTable](plan, "tableDesc").qualifiedName
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -241,15 +242,15 @@ trait LineageParser {
         val (table, namespace, catalog) =
           if (isSparkVersionAtMost("3.2")) {
             (
-              getPlanField[Identifier]("tableName", plan).name,
-              getPlanField[Identifier]("tableName", plan).namespace.mkString("."),
-              getPlanField[TableCatalog]("catalog", plan).name())
+              getField[Identifier](plan, "tableName").name,
+              getField[Identifier](plan, "tableName").namespace.mkString("."),
+              getField[TableCatalog](plan, "catalog").name())
           } else {
             (
-              getPlanMethod[Identifier]("tableName", plan).name(),
-              getPlanMethod[Identifier]("tableName", plan).namespace().mkString("."),
-              getCurrentPlanField[CatalogPlugin](
-                getPlanMethod[LogicalPlan]("left", plan),
+              invokeAs[Identifier](plan, "tableName").name(),
+              invokeAs[Identifier](plan, "tableName").namespace().mkString("."),
+              getField[CatalogPlugin](
+                invokeAs[LogicalPlan](plan, "left"),
                 "catalog").name())
           }
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
@@ -257,7 +258,7 @@ trait LineageParser {
         }
 
       case p if p.nodeName == "InsertIntoDataSourceCommand" =>
-        val logicalRelation = getPlanField[LogicalRelation]("logicalRelation", plan)
+        val logicalRelation = getField[LogicalRelation](plan, "logicalRelation")
         val table = logicalRelation.catalogTable.map(_.qualifiedName).getOrElse("")
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map {
           case (k, v) if table.nonEmpty =>
@@ -266,8 +267,8 @@ trait LineageParser {
 
       case p if p.nodeName == "InsertIntoHadoopFsRelationCommand" =>
         val table =
-          getPlanField[Option[CatalogTable]]("catalogTable", plan).map(_.qualifiedName).getOrElse(
-            "")
+          getField[Option[CatalogTable]](plan, "catalogTable").map(_.qualifiedName)
+            .getOrElse("")
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map {
           case (k, v) if table.nonEmpty =>
             k.withName(s"$table.${k.name}") -> v
@@ -277,15 +278,15 @@ trait LineageParser {
           if p.nodeName == "InsertIntoDataSourceDirCommand" ||
             p.nodeName == "InsertIntoHiveDirCommand" =>
         val dir =
-          getPlanField[CatalogStorageFormat]("storage", plan).locationUri.map(_.toString).getOrElse(
-            "")
+          getField[CatalogStorageFormat](plan, "storage").locationUri.map(_.toString)
+            .getOrElse("")
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map {
           case (k, v) if dir.nonEmpty =>
             k.withName(s"`$dir`.${k.name}") -> v
         }
 
       case p if p.nodeName == "InsertIntoHiveTable" =>
-        val table = getPlanField[CatalogTable]("table", plan).qualifiedName
+        val table = getField[CatalogTable](plan, "table").qualifiedName
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -297,14 +298,14 @@ trait LineageParser {
           if p.nodeName == "AppendData"
             || p.nodeName == "OverwriteByExpression"
             || p.nodeName == "OverwritePartitionsDynamic" =>
-        val table = getPlanField[NamedRelation]("table", plan).name
+        val table = getField[NamedRelation](plan, "table").name
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
 
       case p if p.nodeName == "MergeIntoTable" =>
-        val matchedActions = getPlanField[Seq[MergeAction]]("matchedActions", plan)
-        val notMatchedActions = getPlanField[Seq[MergeAction]]("notMatchedActions", plan)
+        val matchedActions = getField[Seq[MergeAction]](plan, "matchedActions")
+        val notMatchedActions = getField[Seq[MergeAction]](plan, "notMatchedActions")
         val allAssignments = (matchedActions ++ notMatchedActions).collect {
           case UpdateAction(_, assignments) => assignments
           case InsertAction(_, assignments) => assignments
@@ -314,8 +315,8 @@ trait LineageParser {
             assignment.key.asInstanceOf[Attribute],
             assignment.value.references)
         }: _*)
-        val targetTable = getPlanField[LogicalPlan]("targetTable", plan)
-        val sourceTable = getPlanField[LogicalPlan]("sourceTable", plan)
+        val targetTable = getField[LogicalPlan](plan, "targetTable")
+        val sourceTable = getField[LogicalPlan](plan, "sourceTable")
         val targetColumnsLineage = extractColumnsLineage(
           targetTable,
           nextColumnsLlineage.map { case (k, _) => (k, AttributeSet(k)) })
@@ -474,47 +475,7 @@ trait LineageParser {
     }
   }
 
-  private def getPlanField[T](field: String, plan: LogicalPlan): T = {
-    getFieldVal[T](plan, field)
-  }
-
-  private def getCurrentPlanField[T](curPlan: LogicalPlan, field: String): T = {
-    getFieldVal[T](curPlan, field)
-  }
-
-  private def getPlanMethod[T](name: String, plan: LogicalPlan): T = {
-    getMethod[T](plan, name)
-  }
-
-  private def getQuery(plan: LogicalPlan): LogicalPlan = {
-    getPlanField[LogicalPlan]("query", plan)
-  }
-
-  private def getFieldVal[T](o: Any, name: String): T = {
-    Try {
-      val field = o.getClass.getDeclaredField(name)
-      field.setAccessible(true)
-      field.get(o)
-    } match {
-      case Success(value) => value.asInstanceOf[T]
-      case Failure(e) =>
-        val candidates = o.getClass.getDeclaredFields.map(_.getName).mkString("[", ",", "]")
-        throw new RuntimeException(s"$name not in $candidates", e)
-    }
-  }
-
-  private def getMethod[T](o: Any, name: String): T = {
-    Try {
-      val method = o.getClass.getDeclaredMethod(name)
-      method.invoke(o)
-    } match {
-      case Success(value) => value.asInstanceOf[T]
-      case Failure(e) =>
-        val candidates = o.getClass.getDeclaredMethods.map(_.getName).mkString("[", ",", "]")
-        throw new RuntimeException(s"$name not in $candidates", e)
-    }
-  }
-
+  private def getQuery(plan: LogicalPlan): LogicalPlan = getField[LogicalPlan](plan, "query")
 }
 
 case class SparkSQLLineageParseHelper(sparkSession: SparkSession) extends LineageParser
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala
index 0dea6a2c1..cb6e4b6c5 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/connection/ConnectionProvider.scala
@@ -16,24 +16,25 @@
  */
 package org.apache.kyuubi.engine.jdbc.connection
 
-import java.sql.{Connection, DriverManager}
+import java.sql.{Connection, Driver, DriverManager}
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_JDBC_CONNECTION_PROVIDER, ENGINE_JDBC_CONNECTION_URL, ENGINE_JDBC_DRIVER_CLASS}
+import org.apache.kyuubi.util.reflect.DynClasses
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 abstract class AbstractConnectionProvider extends Logging {
   protected val providers = loadProviders()
 
   def getProviderClass(kyuubiConf: KyuubiConf): String = {
-    val specifiedDriverClass = kyuubiConf.get(ENGINE_JDBC_DRIVER_CLASS)
-    specifiedDriverClass.foreach(Class.forName)
-
-    specifiedDriverClass.getOrElse {
+    val driverClass: Class[_ <: Driver] = Option(
+      DynClasses.builder().impl(kyuubiConf.get(ENGINE_JDBC_DRIVER_CLASS).get)
+        .orNull().build[Driver]()).getOrElse {
       val url = kyuubiConf.get(ENGINE_JDBC_CONNECTION_URL).get
-      DriverManager.getDriver(url).getClass.getCanonicalName
+      DriverManager.getDriver(url).getClass
     }
+    driverClass.getCanonicalName
   }
 
   def create(kyuubiConf: KyuubiConf): Connection = {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala
index 14ef3d3fd..52edcf220 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineTab.scala
@@ -26,7 +26,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.SparkSQLEngine
 import org.apache.kyuubi.engine.spark.events.EngineEventsStore
 import org.apache.kyuubi.service.ServiceState
-import org.apache.kyuubi.util.reflect.DynClasses
+import org.apache.kyuubi.util.reflect.{DynClasses, DynMethods}
 
 /**
  * Note that [[SparkUITab]] is private for Spark
@@ -68,30 +68,29 @@ case class EngineTab(
       val sparkServletContextHandlerClz = DynClasses.builder()
         .impl("org.sparkproject.jetty.servlet.ServletContextHandler")
         .impl("org.eclipse.jetty.servlet.ServletContextHandler")
-        .build()
-      val attachHandlerMethod = Class.forName("org.apache.spark.ui.SparkUI")
-        .getMethod("attachHandler", sparkServletContextHandlerClz)
-      val createRedirectHandlerMethod = Class.forName("org.apache.spark.ui.JettyUtils")
-        .getMethod(
-          "createRedirectHandler",
+        .buildChecked()
+      val attachHandlerMethod = DynMethods.builder("attachHandler")
+        .impl("org.apache.spark.ui.SparkUI", sparkServletContextHandlerClz)
+        .buildChecked(ui)
+      val createRedirectHandlerMethod = DynMethods.builder("createRedirectHandler")
+        .impl(
+          "org.apache.spark.ui.JettyUtils",
           classOf[String],
           classOf[String],
-          classOf[(HttpServletRequest) => Unit],
+          classOf[HttpServletRequest => Unit],
           classOf[String],
           classOf[Set[String]])
+        .buildStaticChecked()
 
       attachHandlerMethod
         .invoke(
-          ui,
           createRedirectHandlerMethod
-            .invoke(null, "/kyuubi/stop", "/kyuubi", handleKillRequest _, "", Set("GET", "POST")))
+            .invoke("/kyuubi/stop", "/kyuubi", handleKillRequest _, "", Set("GET", "POST")))
 
       attachHandlerMethod
         .invoke(
-          ui,
           createRedirectHandlerMethod
             .invoke(
-              null,
               "/kyuubi/gracefulstop",
               "/kyuubi",
               handleGracefulKillRequest _,
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala
index a9e486fb2..c9fd8203c 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala
@@ -26,6 +26,7 @@ import scala.collection.JavaConverters._
 import org.apache.hive.service.rpc.thrift.{TStatus, TStatusCode}
 
 import org.apache.kyuubi.Utils.stringifyException
+import org.apache.kyuubi.util.reflect.DynConstructors
 
 /**
  * @param reason     a description of the exception
@@ -139,9 +140,10 @@ object KyuubiSQLException {
   }
   private def newInstance(className: String, message: String, cause: Throwable): Throwable = {
     try {
-      Class.forName(className)
-        .getConstructor(classOf[String], classOf[Throwable])
-        .newInstance(message, cause).asInstanceOf[Throwable]
+      DynConstructors.builder()
+        .impl(className, classOf[String], classOf[Throwable])
+        .buildChecked[Throwable]()
+        .newInstance(message, cause)
     } catch {
       case _: Exception => new RuntimeException(className + ":" + message, cause)
     }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala
index 2bcfe9a67..3216a43be 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/EngineSecuritySecretProvider.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.service.authentication
 
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.util.reflect.DynConstructors
 
 trait EngineSecuritySecretProvider {
 
@@ -50,9 +51,10 @@ class SimpleEngineSecuritySecretProviderImpl extends EngineSecuritySecretProvide
 
 object EngineSecuritySecretProvider {
   def create(conf: KyuubiConf): EngineSecuritySecretProvider = {
-    val providerClass = Class.forName(conf.get(ENGINE_SECURITY_SECRET_PROVIDER))
-    val provider = providerClass.getConstructor().newInstance()
-      .asInstanceOf[EngineSecuritySecretProvider]
+    val provider = DynConstructors.builder()
+      .impl(conf.get(ENGINE_SECURITY_SECRET_PROVIDER))
+      .buildChecked[EngineSecuritySecretProvider]()
+      .newInstance(conf)
     provider.initialize(conf)
     provider
   }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala
index 28806e915..4959c845d 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/KyuubiHadoopUtils.scala
@@ -33,12 +33,10 @@ import org.apache.hadoop.yarn.conf.YarnConfiguration
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object KyuubiHadoopUtils extends Logging {
 
-  private val tokenMapField = classOf[Credentials].getDeclaredField("tokenMap")
-  tokenMapField.setAccessible(true)
-
   def newHadoopConf(
       conf: KyuubiConf,
       loadDefaults: Boolean = true): Configuration = {
@@ -76,12 +74,8 @@ object KyuubiHadoopUtils extends Logging {
    * Get [[Credentials#tokenMap]] by reflection as [[Credentials#getTokenMap]] is not present before
    * Hadoop 3.2.1.
    */
-  def getTokenMap(credentials: Credentials): Map[Text, Token[_ <: TokenIdentifier]] = {
-    tokenMapField.get(credentials)
-      .asInstanceOf[JMap[Text, Token[_ <: TokenIdentifier]]]
-      .asScala
-      .toMap
-  }
+  def getTokenMap(credentials: Credentials): Map[Text, Token[_ <: TokenIdentifier]] =
+    getField[JMap[Text, Token[_ <: TokenIdentifier]]](credentials, "tokenMap").asScala.toMap
 
   def getTokenIssueDate(token: Token[_ <: TokenIdentifier]): Option[Long] = {
     token.decodeIdentifier() match {
diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
index de849f83e..0a5db3b43 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
@@ -39,6 +39,7 @@ import org.apache.kyuubi.shaded.curator.framework.CuratorFrameworkFactory
 import org.apache.kyuubi.shaded.curator.retry.ExponentialBackoffRetry
 import org.apache.kyuubi.shaded.zookeeper.ZooDefs
 import org.apache.kyuubi.shaded.zookeeper.data.ACL
+import org.apache.kyuubi.util.reflect.DynFields
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 import org.apache.kyuubi.zookeeper.ZookeeperConf.ZK_CLIENT_PORT
 
@@ -156,12 +157,13 @@ abstract class ZookeeperDiscoveryClientSuite extends DiscoveryClientTests
     assert(service.getServiceState === ServiceState.STARTED)
 
     stopZk()
-    val isServerLostM = discovery.getClass.getSuperclass.getDeclaredField("isServerLost")
-    isServerLostM.setAccessible(true)
-    val isServerLost = isServerLostM.get(discovery)
+    val isServerLost = DynFields.builder()
+      .hiddenImpl(discovery.getClass.getSuperclass, "isServerLost")
+      .buildChecked[AtomicBoolean]()
+      .get(discovery)
 
     eventually(timeout(10.seconds), interval(100.millis)) {
-      assert(isServerLost.asInstanceOf[AtomicBoolean].get())
+      assert(isServerLost.get())
       assert(discovery.getServiceState === ServiceState.STOPPED)
       assert(service.getServiceState === ServiceState.STOPPED)
     }
diff --git a/kyuubi-hive-beeline/pom.xml b/kyuubi-hive-beeline/pom.xml
index beacba438..6c5f255dc 100644
--- a/kyuubi-hive-beeline/pom.xml
+++ b/kyuubi-hive-beeline/pom.xml
@@ -40,6 +40,12 @@
             <version>${project.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.hive</groupId>
             <artifactId>hive-beeline</artifactId>
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 7ca767148..b3a2fa307 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -19,8 +19,6 @@
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
 import java.sql.Driver;
 import java.util.Arrays;
 import java.util.Collections;
@@ -29,12 +27,15 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
+import org.apache.kyuubi.util.reflect.DynConstructors;
+import org.apache.kyuubi.util.reflect.DynFields;
+import org.apache.kyuubi.util.reflect.DynMethods;
 
 public class KyuubiBeeLine extends BeeLine {
   public static final String KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER =
       "org.apache.kyuubi.jdbc.KyuubiHiveDriver";
   protected KyuubiCommands commands = new KyuubiCommands(this);
-  private Driver defaultDriver = null;
+  private Driver defaultDriver;
 
   public KyuubiBeeLine() {
     this(true);
@@ -44,20 +45,16 @@ public KyuubiBeeLine() {
   public KyuubiBeeLine(boolean isBeeLine) {
     super(isBeeLine);
     try {
-      Field commandsField = BeeLine.class.getDeclaredField("commands");
-      commandsField.setAccessible(true);
-      commandsField.set(this, commands);
+      DynFields.builder().hiddenImpl(BeeLine.class, "commands").buildChecked(this).set(commands);
     } catch (Throwable t) {
       throw new ExceptionInInitializerError("Failed to inject kyuubi commands");
     }
     try {
       defaultDriver =
-          (Driver)
-              Class.forName(
-                      KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER,
-                      true,
-                      Thread.currentThread().getContextClassLoader())
-                  .newInstance();
+          DynConstructors.builder()
+              .impl(KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER)
+              .<Driver>buildChecked()
+              .newInstance();
     } catch (Throwable t) {
       throw new ExceptionInInitializerError(KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER + "-missing");
     }
@@ -115,25 +112,26 @@ int initArgs(String[] args) {
     BeelineParser beelineParser;
     boolean connSuccessful;
     boolean exit;
-    Field exitField;
+    DynFields.BoundField<Boolean> exitField;
 
     try {
-      Field optionsField = BeeLine.class.getDeclaredField("options");
-      optionsField.setAccessible(true);
-      Options options = (Options) optionsField.get(this);
+      Options options =
+          DynFields.builder()
+              .hiddenImpl(BeeLine.class, "options")
+              .<Options>buildStaticChecked()
+              .get();
 
       beelineParser = new BeelineParser();
       cl = beelineParser.parse(options, args);
 
-      Method connectUsingArgsMethod =
-          BeeLine.class.getDeclaredMethod(
-              "connectUsingArgs", BeelineParser.class, CommandLine.class);
-      connectUsingArgsMethod.setAccessible(true);
-      connSuccessful = (boolean) connectUsingArgsMethod.invoke(this, beelineParser, cl);
+      connSuccessful =
+          DynMethods.builder("connectUsingArgs")
+              .hiddenImpl(BeeLine.class, BeelineParser.class, CommandLine.class)
+              .buildChecked(this)
+              .invoke(beelineParser, cl);
 
-      exitField = BeeLine.class.getDeclaredField("exit");
-      exitField.setAccessible(true);
-      exit = (boolean) exitField.get(this);
+      exitField = DynFields.builder().hiddenImpl(BeeLine.class, "exit").buildChecked(this);
+      exit = exitField.get();
 
     } catch (ParseException e1) {
       output(e1.getMessage());
@@ -149,10 +147,11 @@ int initArgs(String[] args) {
     // no-op if the file is not present
     if (!connSuccessful && !exit) {
       try {
-        Method defaultBeelineConnectMethod =
-            BeeLine.class.getDeclaredMethod("defaultBeelineConnect", CommandLine.class);
-        defaultBeelineConnectMethod.setAccessible(true);
-        connSuccessful = (boolean) defaultBeelineConnectMethod.invoke(this, cl);
+        connSuccessful =
+            DynMethods.builder("defaultBeelineConnect")
+                .hiddenImpl(BeeLine.class, CommandLine.class)
+                .buildChecked(this)
+                .invoke(beelineParser, cl);
 
       } catch (Exception t) {
         error(t.getMessage());
@@ -184,7 +183,7 @@ int initArgs(String[] args) {
       }
       try {
         exit = true;
-        exitField.set(this, exit);
+        exitField.set(exit);
       } catch (Exception e) {
         error(e.getMessage());
         return 1;
diff --git a/kyuubi-hive-jdbc/pom.xml b/kyuubi-hive-jdbc/pom.xml
index d6889e365..36c27efe0 100644
--- a/kyuubi-hive-jdbc/pom.xml
+++ b/kyuubi-hive-jdbc/pom.xml
@@ -35,6 +35,11 @@
     </properties>
 
     <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util</artifactId>
+            <version>${project.version}</version>
+        </dependency>
 
         <dependency>
             <groupId>org.apache.arrow</groupId>
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiSQLException.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiSQLException.java
index 1ac0adf04..7d26f8078 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiSQLException.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiSQLException.java
@@ -21,6 +21,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.hive.service.rpc.thrift.TStatus;
+import org.apache.kyuubi.util.reflect.DynConstructors;
 
 public class KyuubiSQLException extends SQLException {
 
@@ -186,7 +187,10 @@ private static Throwable toStackTrace(
 
   private static Throwable newInstance(String className, String message) {
     try {
-      return (Throwable) Class.forName(className).getConstructor(String.class).newInstance(message);
+      return DynConstructors.builder()
+          .impl(className, String.class)
+          .<Throwable>buildChecked()
+          .newInstance(message);
     } catch (Exception e) {
       return new RuntimeException(className + ":" + message);
     }
diff --git a/kyuubi-rest-client/pom.xml b/kyuubi-rest-client/pom.xml
index a9ceb9bb3..176051deb 100644
--- a/kyuubi-rest-client/pom.xml
+++ b/kyuubi-rest-client/pom.xml
@@ -77,6 +77,12 @@
             <optional>true</optional>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/auth/SpnegoAuthHeaderGenerator.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/auth/SpnegoAuthHeaderGenerator.java
index 435a85014..c66c6465e 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/auth/SpnegoAuthHeaderGenerator.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/auth/SpnegoAuthHeaderGenerator.java
@@ -17,13 +17,13 @@
 
 package org.apache.kyuubi.client.auth;
 
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
 import java.nio.charset.StandardCharsets;
 import java.security.PrivilegedExceptionAction;
 import java.util.Base64;
 import javax.security.auth.Subject;
 import org.apache.kyuubi.client.exception.KyuubiRestException;
+import org.apache.kyuubi.util.reflect.DynFields;
+import org.apache.kyuubi.util.reflect.DynMethods;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
@@ -61,13 +61,17 @@ public String generateAuthHeader() {
   private String generateToken(String server) throws Exception {
     Subject subject;
     try {
-      Class<?> ugiClz = Class.forName(UGI_CLASS);
-      Method ugiGetCurrentUserMethod = ugiClz.getDeclaredMethod("getCurrentUser");
-      Object ugiCurrentUser = ugiGetCurrentUserMethod.invoke(null);
+      Object ugiCurrentUser =
+          DynMethods.builder("getCurrentUser")
+              .hiddenImpl(Class.forName(UGI_CLASS))
+              .buildStaticChecked()
+              .invoke();
       LOG.debug("The user credential is {}", ugiCurrentUser);
-      Field ugiSubjectField = ugiCurrentUser.getClass().getDeclaredField("subject");
-      ugiSubjectField.setAccessible(true);
-      subject = (Subject) ugiSubjectField.get(ugiCurrentUser);
+      subject =
+          DynFields.builder()
+              .hiddenImpl(ugiCurrentUser.getClass(), "subject")
+              .<Subject>buildChecked(ugiCurrentUser)
+              .get();
     } catch (ClassNotFoundException e) {
       // TODO do kerberos authentication using JDK class directly
       LOG.error("Hadoop UGI class {} is required for SPNEGO authentication.", UGI_CLASS);
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala
index 17ad69524..da4c8e4a9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala
@@ -21,6 +21,7 @@ import scala.util.control.NonFatal
 
 import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.util.reflect.DynConstructors
 
 private[kyuubi] object PluginLoader {
 
@@ -31,8 +32,7 @@ private[kyuubi] object PluginLoader {
     }
 
     try {
-      Class.forName(advisorClass.get).getConstructor().newInstance()
-        .asInstanceOf[SessionConfAdvisor]
+      DynConstructors.builder.impl(advisorClass.get).buildChecked[SessionConfAdvisor].newInstance()
     } catch {
       case _: ClassCastException =>
         throw new KyuubiException(
@@ -45,8 +45,7 @@ private[kyuubi] object PluginLoader {
   def loadGroupProvider(conf: KyuubiConf): GroupProvider = {
     val groupProviderClass = conf.get(KyuubiConf.GROUP_PROVIDER)
     try {
-      Class.forName(groupProviderClass).getConstructor().newInstance()
-        .asInstanceOf[GroupProvider]
+      DynConstructors.builder().impl(groupProviderClass).buildChecked[GroupProvider]().newInstance()
     } catch {
       case _: ClassCastException =>
         throw new KyuubiException(
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
index 6e306e371..5ded0af2c 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -21,7 +21,7 @@ import java.util.ServiceLoader
 
 import scala.collection.JavaConverters._
 import scala.reflect.ClassTag
-import scala.util.{Failure, Success, Try}
+import scala.util.Try
 object ReflectUtils {
 
   /**
@@ -37,32 +37,56 @@ object ReflectUtils {
       DynClasses.builder().loader(cl).impl(className).buildChecked()
     }.isSuccess
 
-  def getFieldVal[T](target: Any, fieldName: String): T =
-    Try {
-      DynFields.builder().hiddenImpl(target.getClass, fieldName).build[T]().get(target)
-    } match {
-      case Success(value) => value
-      case Failure(e) =>
-        val candidates = target.getClass.getDeclaredFields.map(_.getName).mkString("[", ",", "]")
-        throw new RuntimeException(s"$fieldName not in ${target.getClass} $candidates", e)
+  /**
+   * get the field value of the given object
+   * @param target the target object
+   * @param fieldName the field name from declared field names
+   * @tparam T the expected return class type
+   * @return
+   */
+  def getField[T](target: Any, fieldName: String): T = {
+    val targetClass = target.getClass
+    try {
+      DynFields.builder()
+        .hiddenImpl(targetClass, fieldName)
+        .buildChecked[T](target)
+        .get()
+    } catch {
+      case e: Exception =>
+        val candidates = targetClass.getDeclaredFields.map(_.getName).sorted
+        throw new RuntimeException(
+          s"Field $fieldName not in $targetClass [${candidates.mkString(",")}]",
+          e)
     }
+  }
 
-  def getFieldValOpt[T](target: Any, name: String): Option[T] =
-    Try(getFieldVal[T](target, name)).toOption
-
-  def invoke(target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): AnyRef =
+  /**
+   * Invoke a method with the given name and arguments on the given target object.
+   * @param target the target object
+   * @param methodName the method name from declared field names
+   * @param args pairs of class and values for the arguments
+   * @tparam T the expected return class type,
+   *           returning type Nothing if it's not provided or inferable
+   * @return
+   */
+  def invokeAs[T](target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): T = {
+    val targetClass = target.getClass
+    val argClasses = args.map(_._1)
     try {
-      val (types, values) = args.unzip
-      DynMethods.builder(methodName).hiddenImpl(target.getClass, types: _*).build()
-        .invoke(target, values: _*)
+      DynMethods.builder(methodName)
+        .hiddenImpl(targetClass, argClasses: _*)
+        .buildChecked(target)
+        .invoke[T](args.map(_._2): _*)
     } catch {
-      case e: NoSuchMethodException =>
-        val candidates = target.getClass.getMethods.map(_.getName).mkString("[", ",", "]")
-        throw new RuntimeException(s"$methodName not in ${target.getClass} $candidates", e)
+      case e: Exception =>
+        val candidates = targetClass.getDeclaredMethods.map(_.getName).sorted
+        val argClassesNames = argClasses.map(_.getClass.getName)
+        throw new RuntimeException(
+          s"Method $methodName (${argClassesNames.mkString(",")})" +
+            s" not found in $targetClass [${candidates.mkString(",")}]",
+          e)
     }
-
-  def invokeAs[T](target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): T =
-    invoke(target, methodName, args: _*).asInstanceOf[T]
+  }
 
   /**
    * Creates a iterator for with a new service loader for the given service type and class
diff --git a/tools/spark-block-cleaner/src/test/scala/org.apache.kyuubi.tools/KubernetesSparkBlockCleanerSuite.scala b/tools/spark-block-cleaner/src/test/scala/org.apache.kyuubi.tools/KubernetesSparkBlockCleanerSuite.scala
index dfaa1f412..ae4651fe2 100644
--- a/tools/spark-block-cleaner/src/test/scala/org.apache.kyuubi.tools/KubernetesSparkBlockCleanerSuite.scala
+++ b/tools/spark-block-cleaner/src/test/scala/org.apache.kyuubi.tools/KubernetesSparkBlockCleanerSuite.scala
@@ -19,9 +19,11 @@ package org.apache.kyuubi.tools
 
 import java.io.File
 import java.nio.file.Files
+import java.util.{Map => JMap}
 import java.util.UUID
 
 import org.apache.kyuubi.{KyuubiFunSuite, Utils}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class KubernetesSparkBlockCleanerSuite extends KyuubiFunSuite {
   import KubernetesSparkBlockCleanerConstants._
@@ -83,10 +85,7 @@ class KubernetesSparkBlockCleanerSuite extends KyuubiFunSuite {
   }
 
   private def updateEnv(name: String, value: String): Unit = {
-    val env = System.getenv
-    val field = env.getClass.getDeclaredField("m")
-    field.setAccessible(true)
-    field.get(env).asInstanceOf[java.util.Map[String, String]].put(name, value)
+    getField[JMap[String, String]](System.getenv, "m").put(name, value)
   }
 
   test("test clean") {

From 787028ec3ecaa44a66a702a957795f2f5634dabb Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 7 Jun 2023 18:08:58 +0800
Subject: [PATCH 426/760] [KYUUBI #4931] [BUILD] Bump vite from 3.0.0 to 4.2.3
 and vitest from 0.22.0 to 0.32.0

### _Why are the changes needed?_

- Bump vite from 3.0.0 to 4.2.3
- Bump vitest from 0.22.0 to 0.32.0
- change package vitest/coverage-c8 to vitest/coverage-v8 as required by vitest (https://github.com/vitest-dev/vitest/pull/3339)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4931 from bowenliang123/vite4.

Closes #4931

4221e2ab0 [liangbowen] bump vite from 3.0.0 to 4.2.3 and vitest from 0.22.0 to 0.32.0

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 kyuubi-server/web-ui/package-lock.json | 4320 +++++++++++++-----------
 kyuubi-server/web-ui/package.json      |    8 +-
 kyuubi-server/web-ui/pnpm-lock.yaml    |  948 ++++--
 3 files changed, 2983 insertions(+), 2293 deletions(-)

diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index 0a2feeba1..d91bd2f04 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -10,6 +10,7 @@
       "dependencies": {
         "@element-plus/icons-vue": "^2.0.9",
         "axios": "^0.27.2",
+        "date-fns": "^2.29.3",
         "element-plus": "^2.2.12",
         "pinia": "^2.0.18",
         "pinia-plugin-persistedstate": "^2.1.1",
@@ -22,8 +23,8 @@
         "@types/node": "^18.7.1",
         "@typescript-eslint/eslint-plugin": "^5.33.0",
         "@typescript-eslint/parser": "^5.33.0",
-        "@vitejs/plugin-vue": "^3.0.0",
-        "@vitest/coverage-c8": "^0.22.0",
+        "@vitejs/plugin-vue": "^4.2.3",
+        "@vitest/coverage-v8": "^0.32.0",
         "@vue/eslint-config-prettier": "^7.0.0",
         "@vue/eslint-config-typescript": "^11.0.0",
         "@vue/test-utils": "^2.0.2",
@@ -34,11 +35,24 @@
         "prettier": "^2.7.1",
         "sass": "^1.54.4",
         "typescript": "^4.6.4",
-        "vite": "^3.0.0",
-        "vitest": "^0.22.0",
+        "vite": "^4.2.3",
+        "vitest": "^0.32.0",
         "vue-tsc": "^0.38.4"
       }
     },
+    "node_modules/@ampproject/remapping": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz",
+      "integrity": "sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==",
+      "dev": true,
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.0",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/@babel/parser": {
       "version": "7.18.11",
       "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.18.11.tgz",
@@ -50,6 +64,17 @@
         "node": ">=6.0.0"
       }
     },
+    "node_modules/@babel/runtime": {
+      "version": "7.22.3",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.3.tgz",
+      "integrity": "sha512-XsDuspWKLUsxwCp6r7EhsExHtYfbe5oAGQ19kqngTdCPUoPQzOPdUbD/pB9PJiwb2ptYKQDjSJT3R6dC+EPqfQ==",
+      "dependencies": {
+        "regenerator-runtime": "^0.13.11"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
     "node_modules/@bcoe/v8-coverage": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz",
@@ -72,1751 +97,1908 @@
         "vue": "^3.2.0"
       }
     },
-    "node_modules/@esbuild/linux-loong64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.14.54.tgz",
-      "integrity": "sha512-bZBrLAIX1kpWelV0XemxBZllyRmM6vgFQQG2GdNb+r3Fkp0FOh1NJSvekXDs7jq70k4euu1cryLMfU+mTXlEpw==",
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.17.19.tgz",
+      "integrity": "sha512-rIKddzqhmav7MSmoFCmDIb6e2W57geRsM94gV2l38fzhXMwq7hZoClug9USI2pFRGL06f4IOPHHpFNOkWieR8A==",
       "cpu": [
-        "loong64"
+        "arm"
       ],
       "dev": true,
       "optional": true,
       "os": [
-        "linux"
+        "android"
       ],
       "engines": {
         "node": ">=12"
       }
     },
-    "node_modules/@eslint/eslintrc": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.3.0.tgz",
-      "integrity": "sha512-UWW0TMTmk2d7hLcWD1/e2g5HDM/HQ3csaLSqXCfqwh4uNDuNqlaKWXmEsL4Cs41Z0KnILNvwbHAah3C2yt06kw==",
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.17.19.tgz",
+      "integrity": "sha512-KBMWvEZooR7+kzY0BtbTQn0OAYY7CsiydT63pVEaPtVYF0hXbUaOyZog37DKxK7NF3XacBJOpYT4adIJh+avxA==",
+      "cpu": [
+        "arm64"
+      ],
       "dev": true,
-      "dependencies": {
-        "ajv": "^6.12.4",
-        "debug": "^4.3.2",
-        "espree": "^9.3.2",
-        "globals": "^13.15.0",
-        "ignore": "^5.2.0",
-        "import-fresh": "^3.2.1",
-        "js-yaml": "^4.1.0",
-        "minimatch": "^3.1.2",
-        "strip-json-comments": "^3.1.1"
-      },
+      "optional": true,
+      "os": [
+        "android"
+      ],
       "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      }
-    },
-    "node_modules/@floating-ui/core": {
-      "version": "0.7.3",
-      "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-0.7.3.tgz",
-      "integrity": "sha512-buc8BXHmG9l82+OQXOFU3Kr2XQx9ys01U/Q9HMIrZ300iLc8HLMgh7dcCqgYzAzf4BkoQvDcXf5Y+CuEZ5JBYg=="
-    },
-    "node_modules/@floating-ui/dom": {
-      "version": "0.5.4",
-      "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-0.5.4.tgz",
-      "integrity": "sha512-419BMceRLq0RrmTSDxn8hf9R3VCJv2K9PUfugh5JyEFmdjzDo+e8U5EdR8nzKq8Yj1htzLm3b6eQEEam3/rrtg==",
-      "dependencies": {
-        "@floating-ui/core": "^0.7.3"
+        "node": ">=12"
       }
     },
-    "node_modules/@humanwhocodes/config-array": {
-      "version": "0.10.4",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.10.4.tgz",
-      "integrity": "sha512-mXAIHxZT3Vcpg83opl1wGlVZ9xydbfZO3r5YfRSH6Gpp2J/PfdBP0wbDa2sO6/qRbcalpoevVyW6A/fI6LfeMw==",
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.17.19.tgz",
+      "integrity": "sha512-uUTTc4xGNDT7YSArp/zbtmbhO0uEEK9/ETW29Wk1thYUJBz3IVnvgEiEwEa9IeLyvnpKrWK64Utw2bgUmDveww==",
+      "cpu": [
+        "x64"
+      ],
       "dev": true,
-      "dependencies": {
-        "@humanwhocodes/object-schema": "^1.2.1",
-        "debug": "^4.1.1",
-        "minimatch": "^3.0.4"
-      },
+      "optional": true,
+      "os": [
+        "android"
+      ],
       "engines": {
-        "node": ">=10.10.0"
+        "node": ">=12"
       }
     },
-    "node_modules/@humanwhocodes/gitignore-to-minimatch": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/gitignore-to-minimatch/-/gitignore-to-minimatch-1.0.2.tgz",
-      "integrity": "sha512-rSqmMJDdLFUsyxR6FMtD00nfQKKLFb1kv+qBbOVKqErvloEIJLo5bDTJTQNTYgeyp78JsA7u/NPi5jT1GR/MuA==",
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.17.19.tgz",
+      "integrity": "sha512-80wEoCfF/hFKM6WE1FyBHc9SfUblloAWx6FJkFWTWiCoht9Mc0ARGEM47e67W9rI09YoUxJL68WHfDRYEAvOhg==",
+      "cpu": [
+        "arm64"
+      ],
       "dev": true,
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/nzakas"
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=12"
       }
     },
-    "node_modules/@humanwhocodes/object-schema": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz",
-      "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==",
-      "dev": true
-    },
-    "node_modules/@iconify-json/ep": {
-      "version": "1.1.7",
-      "resolved": "https://registry.npmjs.org/@iconify-json/ep/-/ep-1.1.7.tgz",
-      "integrity": "sha512-GhXWVKalXFlrGgfrCXAgqBre5hv3pPAknuxyywmjamcrL5gl5Mq9WOZtuhb4cB6cJ5pMiKOMtegt73FheqWscA==",
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.17.19.tgz",
+      "integrity": "sha512-IJM4JJsLhRYr9xdtLytPLSH9k/oxR3boaUIYiHkAawtwNOXKE8KoU8tMvryogdcT8AU+Bflmh81Xn6Q0vTZbQw==",
+      "cpu": [
+        "x64"
+      ],
       "dev": true,
-      "dependencies": {
-        "@iconify/types": "*"
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=12"
       }
     },
-    "node_modules/@iconify/types": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@iconify/types/-/types-1.1.0.tgz",
-      "integrity": "sha512-Jh0llaK2LRXQoYsorIH8maClebsnzTcve+7U3rQUSnC11X4jtPnFuyatqFLvMxZ8MLG8dB4zfHsbPfuvxluONw==",
-      "dev": true
-    },
-    "node_modules/@intlify/core-base": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@intlify/core-base/-/core-base-9.2.2.tgz",
-      "integrity": "sha512-JjUpQtNfn+joMbrXvpR4hTF8iJQ2sEFzzK3KIESOx+f+uwIjgw20igOyaIdhfsVVBCds8ZM64MoeNSx+PHQMkA==",
-      "dependencies": {
-        "@intlify/devtools-if": "9.2.2",
-        "@intlify/message-compiler": "9.2.2",
-        "@intlify/shared": "9.2.2",
-        "@intlify/vue-devtools": "9.2.2"
-      },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.17.19.tgz",
+      "integrity": "sha512-pBwbc7DufluUeGdjSU5Si+P3SoMF5DQ/F/UmTSb8HXO80ZEAJmrykPyzo1IfNbAoaqw48YRpv8shwd1NoI0jcQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
       "engines": {
-        "node": ">= 14"
+        "node": ">=12"
       }
     },
-    "node_modules/@intlify/devtools-if": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@intlify/devtools-if/-/devtools-if-9.2.2.tgz",
-      "integrity": "sha512-4ttr/FNO29w+kBbU7HZ/U0Lzuh2cRDhP8UlWOtV9ERcjHzuyXVZmjyleESK6eVP60tGC9QtQW9yZE+JeRhDHkg==",
-      "dependencies": {
-        "@intlify/shared": "9.2.2"
-      },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.17.19.tgz",
+      "integrity": "sha512-4lu+n8Wk0XlajEhbEffdy2xy53dpR06SlzvhGByyg36qJw6Kpfk7cp45DR/62aPH9mtJRmIyrXAS5UWBrJT6TQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
       "engines": {
-        "node": ">= 14"
+        "node": ">=12"
       }
     },
-    "node_modules/@intlify/message-compiler": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@intlify/message-compiler/-/message-compiler-9.2.2.tgz",
-      "integrity": "sha512-IUrQW7byAKN2fMBe8z6sK6riG1pue95e5jfokn8hA5Q3Bqy4MBJ5lJAofUsawQJYHeoPJ7svMDyBaVJ4d0GTtA==",
-      "dependencies": {
-        "@intlify/shared": "9.2.2",
-        "source-map": "0.6.1"
-      },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.17.19.tgz",
+      "integrity": "sha512-cdmT3KxjlOQ/gZ2cjfrQOtmhG4HJs6hhvm3mWSRDPtZ/lP5oe8FWceS10JaSJC13GBd4eH/haHnqf7hhGNLerA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">= 14"
+        "node": ">=12"
       }
     },
-    "node_modules/@intlify/shared": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@intlify/shared/-/shared-9.2.2.tgz",
-      "integrity": "sha512-wRwTpsslgZS5HNyM7uDQYZtxnbI12aGiBZURX3BTR9RFIKKRWpllTsgzHWvj3HKm3Y2Sh5LPC1r0PDCKEhVn9Q==",
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.17.19.tgz",
+      "integrity": "sha512-ct1Tg3WGwd3P+oZYqic+YZF4snNl2bsnMKRkb3ozHmnM0dGWuxcPTTntAF6bOP0Sp4x0PjSF+4uHQ1xvxfRKqg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">= 14"
+        "node": ">=12"
       }
     },
-    "node_modules/@intlify/vue-devtools": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@intlify/vue-devtools/-/vue-devtools-9.2.2.tgz",
-      "integrity": "sha512-+dUyqyCHWHb/UcvY1MlIpO87munedm3Gn6E9WWYdWrMuYLcoIoOEVDWSS8xSwtlPU+kA+MEQTP6Q1iI/ocusJg==",
-      "dependencies": {
-        "@intlify/core-base": "9.2.2",
-        "@intlify/shared": "9.2.2"
-      },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.17.19.tgz",
+      "integrity": "sha512-w4IRhSy1VbsNxHRQpeGCHEmibqdTUx61Vc38APcsRbuVgK0OPEnQ0YD39Brymn96mOx48Y2laBQGqgZ0j9w6SQ==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">= 14"
+        "node": ">=12"
       }
     },
-    "node_modules/@istanbuljs/schema": {
-      "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz",
-      "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==",
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.17.19.tgz",
+      "integrity": "sha512-2iAngUbBPMq439a+z//gE+9WBldoMp1s5GWsUSgqHLzLJ9WoZLZhpwWuym0u0u/4XmZ3gpHmzV84PonE+9IIdQ==",
+      "cpu": [
+        "loong64"
+      ],
       "dev": true,
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">=8"
+        "node": ">=12"
       }
     },
-    "node_modules/@jridgewell/resolve-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
-      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.17.19.tgz",
+      "integrity": "sha512-LKJltc4LVdMKHsrFe4MGNPp0hqDFA1Wpt3jE1gEyM3nKUvOiO//9PheZZHfYRfYl6AwdTH4aTcXSqBerX0ml4A==",
+      "cpu": [
+        "mips64el"
+      ],
       "dev": true,
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">=6.0.0"
+        "node": ">=12"
       }
     },
-    "node_modules/@jridgewell/sourcemap-codec": {
-      "version": "1.4.14",
-      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
-      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==",
-      "dev": true
-    },
-    "node_modules/@jridgewell/trace-mapping": {
-      "version": "0.3.15",
-      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.15.tgz",
-      "integrity": "sha512-oWZNOULl+UbhsgB51uuZzglikfIKSUBO/M9W2OfEjn7cmqoAiCgmv9lyACTUacZwBz0ITnJ2NqjU8Tx0DHL88g==",
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.17.19.tgz",
+      "integrity": "sha512-/c/DGybs95WXNS8y3Ti/ytqETiW7EU44MEKuCAcpPto3YjQbyK3IQVKfF6nbghD7EcLUGl0NbiL5Rt5DMhn5tg==",
+      "cpu": [
+        "ppc64"
+      ],
       "dev": true,
-      "dependencies": {
-        "@jridgewell/resolve-uri": "^3.0.3",
-        "@jridgewell/sourcemap-codec": "^1.4.10"
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
       }
     },
-    "node_modules/@nodelib/fs.scandir": {
-      "version": "2.1.5",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
-      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.17.19.tgz",
+      "integrity": "sha512-FC3nUAWhvFoutlhAkgHf8f5HwFWUL6bYdvLc/TTuxKlvLi3+pPzdZiFKSWz/PF30TB1K19SuCxDTI5KcqASJqA==",
+      "cpu": [
+        "riscv64"
+      ],
       "dev": true,
-      "dependencies": {
-        "@nodelib/fs.stat": "2.0.5",
-        "run-parallel": "^1.1.9"
-      },
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">= 8"
+        "node": ">=12"
       }
     },
-    "node_modules/@nodelib/fs.stat": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
-      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.17.19.tgz",
+      "integrity": "sha512-IbFsFbxMWLuKEbH+7sTkKzL6NJmG2vRyy6K7JJo55w+8xDk7RElYn6xvXtDW8HCfoKBFK69f3pgBJSUSQPr+4Q==",
+      "cpu": [
+        "s390x"
+      ],
       "dev": true,
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">= 8"
+        "node": ">=12"
       }
     },
-    "node_modules/@nodelib/fs.walk": {
-      "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
-      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.17.19.tgz",
+      "integrity": "sha512-68ngA9lg2H6zkZcyp22tsVt38mlhWde8l3eJLWkyLrp4HwMUr3c1s/M2t7+kHIhvMjglIBrFpncX1SzMckomGw==",
+      "cpu": [
+        "x64"
+      ],
       "dev": true,
-      "dependencies": {
-        "@nodelib/fs.scandir": "2.1.5",
-        "fastq": "^1.6.0"
-      },
+      "optional": true,
+      "os": [
+        "linux"
+      ],
       "engines": {
-        "node": ">= 8"
+        "node": ">=12"
       }
     },
-    "node_modules/@popperjs/core": {
-      "name": "@sxzz/popperjs-es",
-      "version": "2.11.7",
-      "resolved": "https://registry.npmjs.org/@sxzz/popperjs-es/-/popperjs-es-2.11.7.tgz",
-      "integrity": "sha512-Ccy0NlLkzr0Ex2FKvh2X+OyERHXJ88XJ1MXtsI9y9fGexlaXaVTPzBCRBwIxFkORuOb+uBqeu+RqnpgYTEZRUQ==",
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/popperjs"
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.17.19.tgz",
+      "integrity": "sha512-CwFq42rXCR8TYIjIfpXCbRX0rp1jo6cPIUPSaWwzbVI4aOfX96OXY8M6KNmtPcg7QjYeDmN+DD0Wp3LaBOLf4Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=12"
       }
     },
-    "node_modules/@tootallnate/once": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz",
-      "integrity": "sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==",
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.17.19.tgz",
+      "integrity": "sha512-cnq5brJYrSZ2CF6c35eCmviIN3k3RczmHz8eYaVlNasVqsNY+JKohZU5MKmaOI+KkllCdzOKKdPs762VCPC20g==",
+      "cpu": [
+        "x64"
+      ],
       "dev": true,
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
       "engines": {
-        "node": ">= 10"
+        "node": ">=12"
       }
     },
-    "node_modules/@types/chai": {
-      "version": "4.3.3",
-      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.3.tgz",
-      "integrity": "sha512-hC7OMnszpxhZPduX+m+nrx+uFoLkWOMiR4oa/AZF3MuSETYTZmFfJAHqZEM8MVlvfG7BEUcgvtwoCTxBp6hm3g==",
-      "dev": true
-    },
-    "node_modules/@types/chai-subset": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@types/chai-subset/-/chai-subset-1.3.3.tgz",
-      "integrity": "sha512-frBecisrNGz+F4T6bcc+NLeolfiojh5FxW2klu669+8BARtyQv2C/GkNW6FUodVe4BroGMP/wER/YDGc7rEllw==",
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.17.19.tgz",
+      "integrity": "sha512-vCRT7yP3zX+bKWFeP/zdS6SqdWB8OIpaRq/mbXQxTGHnIxspRtigpkUcDMlSCOejlHowLqII7K2JKevwyRP2rg==",
+      "cpu": [
+        "x64"
+      ],
       "dev": true,
-      "dependencies": {
-        "@types/chai": "*"
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=12"
       }
     },
-    "node_modules/@types/istanbul-lib-coverage": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz",
-      "integrity": "sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==",
-      "dev": true
-    },
-    "node_modules/@types/json-schema": {
-      "version": "7.0.11",
-      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz",
-      "integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==",
-      "dev": true
-    },
-    "node_modules/@types/lodash": {
-      "version": "4.14.183",
-      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.183.tgz",
-      "integrity": "sha512-UXavyuxzXKMqJPEpFPri6Ku5F9af6ZJXUneHhvQJxavrEjuHkFp2YnDWHcxJiG7hk8ZkWqjcyNeW1s/smZv5cw=="
-    },
-    "node_modules/@types/lodash-es": {
-      "version": "4.17.6",
-      "resolved": "https://registry.npmjs.org/@types/lodash-es/-/lodash-es-4.17.6.tgz",
-      "integrity": "sha512-R+zTeVUKDdfoRxpAryaQNRKk3105Rrgx2CFRClIgRGaqDTdjsm8h6IYA8ir584W3ePzkZfst5xIgDwYrlh9HLg==",
-      "dependencies": {
-        "@types/lodash": "*"
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.17.19.tgz",
+      "integrity": "sha512-yYx+8jwowUstVdorcMdNlzklLYhPxjniHWFKgRqH7IFlUEa0Umu3KuYplf1HUZZ422e3NU9F4LGb+4O0Kdcaag==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
       }
     },
-    "node_modules/@types/node": {
-      "version": "18.7.6",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.6.tgz",
-      "integrity": "sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A==",
-      "dev": true
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.17.19.tgz",
+      "integrity": "sha512-eggDKanJszUtCdlVs0RB+h35wNlb5v4TWEkq4vZcmVt5u/HiDZrTXe2bWFQUez3RgNHwx/x4sk5++4NSSicKkw==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
     },
-    "node_modules/@types/web-bluetooth": {
-      "version": "0.0.14",
-      "resolved": "https://registry.npmjs.org/@types/web-bluetooth/-/web-bluetooth-0.0.14.tgz",
-      "integrity": "sha512-5d2RhCard1nQUC3aHcq/gHzWYO6K0WJmAbjO7mQJgCQKtZpgXxv1rOM6O/dBDhDYYVutk1sciOgNSe+5YyfM8A=="
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.17.19.tgz",
+      "integrity": "sha512-lAhycmKnVOuRYNtRtatQR1LPQf2oYCkRGkSFnseDAKPl8lu5SOsK/e1sXe5a0Pc5kHIHe6P2I/ilntNv2xf3cA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
     },
-    "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.33.1.tgz",
-      "integrity": "sha512-S1iZIxrTvKkU3+m63YUOxYPKaP+yWDQrdhxTglVDVEVBf+aCSw85+BmJnyUaQQsk5TXFG/LpBu9fa+LrAQ91fQ==",
+    "node_modules/@eslint/eslintrc": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.3.0.tgz",
+      "integrity": "sha512-UWW0TMTmk2d7hLcWD1/e2g5HDM/HQ3csaLSqXCfqwh4uNDuNqlaKWXmEsL4Cs41Z0KnILNvwbHAah3C2yt06kw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "5.33.1",
-        "@typescript-eslint/type-utils": "5.33.1",
-        "@typescript-eslint/utils": "5.33.1",
-        "debug": "^4.3.4",
-        "functional-red-black-tree": "^1.0.1",
+        "ajv": "^6.12.4",
+        "debug": "^4.3.2",
+        "espree": "^9.3.2",
+        "globals": "^13.15.0",
         "ignore": "^5.2.0",
-        "regexpp": "^3.2.0",
-        "semver": "^7.3.7",
-        "tsutils": "^3.21.0"
+        "import-fresh": "^3.2.1",
+        "js-yaml": "^4.1.0",
+        "minimatch": "^3.1.2",
+        "strip-json-comments": "^3.1.1"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "@typescript-eslint/parser": "^5.0.0",
-        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
-      },
-      "peerDependenciesMeta": {
-        "typescript": {
-          "optional": true
-        }
       }
     },
-    "node_modules/@typescript-eslint/parser": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.33.1.tgz",
-      "integrity": "sha512-IgLLtW7FOzoDlmaMoXdxG8HOCByTBXrB1V2ZQYSEV1ggMmJfAkMWTwUjjzagS6OkfpySyhKFkBw7A9jYmcHpZA==",
-      "dev": true,
+    "node_modules/@floating-ui/core": {
+      "version": "0.7.3",
+      "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-0.7.3.tgz",
+      "integrity": "sha512-buc8BXHmG9l82+OQXOFU3Kr2XQx9ys01U/Q9HMIrZ300iLc8HLMgh7dcCqgYzAzf4BkoQvDcXf5Y+CuEZ5JBYg=="
+    },
+    "node_modules/@floating-ui/dom": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-0.5.4.tgz",
+      "integrity": "sha512-419BMceRLq0RrmTSDxn8hf9R3VCJv2K9PUfugh5JyEFmdjzDo+e8U5EdR8nzKq8Yj1htzLm3b6eQEEam3/rrtg==",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "5.33.1",
-        "@typescript-eslint/types": "5.33.1",
-        "@typescript-eslint/typescript-estree": "5.33.1",
-        "debug": "^4.3.4"
-      },
-      "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
-      },
-      "peerDependenciesMeta": {
-        "typescript": {
-          "optional": true
-        }
+        "@floating-ui/core": "^0.7.3"
       }
     },
-    "node_modules/@typescript-eslint/scope-manager": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.33.1.tgz",
-      "integrity": "sha512-8ibcZSqy4c5m69QpzJn8XQq9NnqAToC8OdH/W6IXPXv83vRyEDPYLdjAlUx8h/rbusq6MkW4YdQzURGOqsn3CA==",
+    "node_modules/@humanwhocodes/config-array": {
+      "version": "0.10.4",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.10.4.tgz",
+      "integrity": "sha512-mXAIHxZT3Vcpg83opl1wGlVZ9xydbfZO3r5YfRSH6Gpp2J/PfdBP0wbDa2sO6/qRbcalpoevVyW6A/fI6LfeMw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.33.1",
-        "@typescript-eslint/visitor-keys": "5.33.1"
+        "@humanwhocodes/object-schema": "^1.2.1",
+        "debug": "^4.1.1",
+        "minimatch": "^3.0.4"
       },
       "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
+        "node": ">=10.10.0"
       }
     },
-    "node_modules/@typescript-eslint/type-utils": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.33.1.tgz",
-      "integrity": "sha512-X3pGsJsD8OiqhNa5fim41YtlnyiWMF/eKsEZGsHID2HcDqeSC5yr/uLOeph8rNF2/utwuI0IQoAK3fpoxcLl2g==",
+    "node_modules/@humanwhocodes/gitignore-to-minimatch": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/gitignore-to-minimatch/-/gitignore-to-minimatch-1.0.2.tgz",
+      "integrity": "sha512-rSqmMJDdLFUsyxR6FMtD00nfQKKLFb1kv+qBbOVKqErvloEIJLo5bDTJTQNTYgeyp78JsA7u/NPi5jT1GR/MuA==",
       "dev": true,
-      "dependencies": {
-        "@typescript-eslint/utils": "5.33.1",
-        "debug": "^4.3.4",
-        "tsutils": "^3.21.0"
-      },
-      "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
       "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "eslint": "*"
-      },
-      "peerDependenciesMeta": {
-        "typescript": {
-          "optional": true
-        }
+        "type": "github",
+        "url": "https://github.com/sponsors/nzakas"
       }
     },
-    "node_modules/@typescript-eslint/types": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.33.1.tgz",
-      "integrity": "sha512-7K6MoQPQh6WVEkMrMW5QOA5FO+BOwzHSNd0j3+BlBwd6vtzfZceJ8xJ7Um2XDi/O3umS8/qDX6jdy2i7CijkwQ==",
+    "node_modules/@humanwhocodes/object-schema": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz",
+      "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==",
+      "dev": true
+    },
+    "node_modules/@iconify-json/ep": {
+      "version": "1.1.7",
+      "resolved": "https://registry.npmjs.org/@iconify-json/ep/-/ep-1.1.7.tgz",
+      "integrity": "sha512-GhXWVKalXFlrGgfrCXAgqBre5hv3pPAknuxyywmjamcrL5gl5Mq9WOZtuhb4cB6cJ5pMiKOMtegt73FheqWscA==",
       "dev": true,
-      "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
+      "dependencies": {
+        "@iconify/types": "*"
       }
     },
-    "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.33.1.tgz",
-      "integrity": "sha512-JOAzJ4pJ+tHzA2pgsWQi4804XisPHOtbvwUyqsuuq8+y5B5GMZs7lI1xDWs6V2d7gE/Ez5bTGojSK12+IIPtXA==",
-      "dev": true,
+    "node_modules/@iconify/types": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@iconify/types/-/types-1.1.0.tgz",
+      "integrity": "sha512-Jh0llaK2LRXQoYsorIH8maClebsnzTcve+7U3rQUSnC11X4jtPnFuyatqFLvMxZ8MLG8dB4zfHsbPfuvxluONw==",
+      "dev": true
+    },
+    "node_modules/@intlify/core-base": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/@intlify/core-base/-/core-base-9.2.2.tgz",
+      "integrity": "sha512-JjUpQtNfn+joMbrXvpR4hTF8iJQ2sEFzzK3KIESOx+f+uwIjgw20igOyaIdhfsVVBCds8ZM64MoeNSx+PHQMkA==",
       "dependencies": {
-        "@typescript-eslint/types": "5.33.1",
-        "@typescript-eslint/visitor-keys": "5.33.1",
-        "debug": "^4.3.4",
-        "globby": "^11.1.0",
-        "is-glob": "^4.0.3",
-        "semver": "^7.3.7",
-        "tsutils": "^3.21.0"
+        "@intlify/devtools-if": "9.2.2",
+        "@intlify/message-compiler": "9.2.2",
+        "@intlify/shared": "9.2.2",
+        "@intlify/vue-devtools": "9.2.2"
       },
       "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependenciesMeta": {
-        "typescript": {
-          "optional": true
-        }
+        "node": ">= 14"
       }
     },
-    "node_modules/@typescript-eslint/utils": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.33.1.tgz",
-      "integrity": "sha512-uphZjkMaZ4fE8CR4dU7BquOV6u0doeQAr8n6cQenl/poMaIyJtBu8eys5uk6u5HiDH01Mj5lzbJ5SfeDz7oqMQ==",
-      "dev": true,
+    "node_modules/@intlify/devtools-if": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/@intlify/devtools-if/-/devtools-if-9.2.2.tgz",
+      "integrity": "sha512-4ttr/FNO29w+kBbU7HZ/U0Lzuh2cRDhP8UlWOtV9ERcjHzuyXVZmjyleESK6eVP60tGC9QtQW9yZE+JeRhDHkg==",
       "dependencies": {
-        "@types/json-schema": "^7.0.9",
-        "@typescript-eslint/scope-manager": "5.33.1",
-        "@typescript-eslint/types": "5.33.1",
-        "@typescript-eslint/typescript-estree": "5.33.1",
-        "eslint-scope": "^5.1.1",
-        "eslint-utils": "^3.0.0"
+        "@intlify/shared": "9.2.2"
       },
       "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
+        "node": ">= 14"
       }
     },
-    "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.33.1.tgz",
-      "integrity": "sha512-nwIxOK8Z2MPWltLKMLOEZwmfBZReqUdbEoHQXeCpa+sRVARe5twpJGHCB4dk9903Yaf0nMAlGbQfaAH92F60eg==",
-      "dev": true,
+    "node_modules/@intlify/message-compiler": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/@intlify/message-compiler/-/message-compiler-9.2.2.tgz",
+      "integrity": "sha512-IUrQW7byAKN2fMBe8z6sK6riG1pue95e5jfokn8hA5Q3Bqy4MBJ5lJAofUsawQJYHeoPJ7svMDyBaVJ4d0GTtA==",
       "dependencies": {
-        "@typescript-eslint/types": "5.33.1",
-        "eslint-visitor-keys": "^3.3.0"
+        "@intlify/shared": "9.2.2",
+        "source-map": "0.6.1"
       },
       "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
+        "node": ">= 14"
       }
     },
-    "node_modules/@vitejs/plugin-vue": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-3.0.3.tgz",
-      "integrity": "sha512-U4zNBlz9mg+TA+i+5QPc3N5lQvdUXENZLO2h0Wdzp56gI1MWhqJOv+6R+d4kOzoaSSq6TnGPBdZAXKOe4lXy6g==",
-      "dev": true,
+    "node_modules/@intlify/shared": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/@intlify/shared/-/shared-9.2.2.tgz",
+      "integrity": "sha512-wRwTpsslgZS5HNyM7uDQYZtxnbI12aGiBZURX3BTR9RFIKKRWpllTsgzHWvj3HKm3Y2Sh5LPC1r0PDCKEhVn9Q==",
       "engines": {
-        "node": "^14.18.0 || >=16.0.0"
-      },
-      "peerDependencies": {
-        "vite": "^3.0.0",
-        "vue": "^3.2.25"
+        "node": ">= 14"
       }
     },
-    "node_modules/@vitest/coverage-c8": {
-      "version": "0.22.0",
-      "resolved": "https://registry.npmjs.org/@vitest/coverage-c8/-/coverage-c8-0.22.0.tgz",
-      "integrity": "sha512-jwW6b8U+h9nbzQfKoRmpf2xjDg+mcAjLIdVUrZGhjTnIdekGfvoqFoeiXzsLv2HwYBeFi4943lYUftuj8qD1FQ==",
-      "dev": true,
+    "node_modules/@intlify/vue-devtools": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/@intlify/vue-devtools/-/vue-devtools-9.2.2.tgz",
+      "integrity": "sha512-+dUyqyCHWHb/UcvY1MlIpO87munedm3Gn6E9WWYdWrMuYLcoIoOEVDWSS8xSwtlPU+kA+MEQTP6Q1iI/ocusJg==",
       "dependencies": {
-        "c8": "^7.12.0",
-        "vitest": "0.22.0"
+        "@intlify/core-base": "9.2.2",
+        "@intlify/shared": "9.2.2"
       },
-      "funding": {
-        "url": "https://github.com/sponsors/antfu"
+      "engines": {
+        "node": ">= 14"
       }
     },
-    "node_modules/@volar/code-gen": {
-      "version": "0.38.9",
-      "resolved": "https://registry.npmjs.org/@volar/code-gen/-/code-gen-0.38.9.tgz",
-      "integrity": "sha512-n6LClucfA+37rQeskvh9vDoZV1VvCVNy++MAPKj2dT4FT+Fbmty/SDQqnsEBtdEe6E3OQctFvA/IcKsx3Mns0A==",
+    "node_modules/@istanbuljs/schema": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz",
+      "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==",
       "dev": true,
-      "dependencies": {
-        "@volar/source-map": "0.38.9"
+      "engines": {
+        "node": ">=8"
       }
     },
-    "node_modules/@volar/source-map": {
-      "version": "0.38.9",
-      "resolved": "https://registry.npmjs.org/@volar/source-map/-/source-map-0.38.9.tgz",
-      "integrity": "sha512-ba0UFoHDYry+vwKdgkWJ6xlQT+8TFtZg1zj9tSjj4PykW1JZDuM0xplMotLun4h3YOoYfY9K1huY5gvxmrNLIw==",
-      "dev": true
-    },
-    "node_modules/@volar/vue-code-gen": {
-      "version": "0.38.9",
-      "resolved": "https://registry.npmjs.org/@volar/vue-code-gen/-/vue-code-gen-0.38.9.tgz",
-      "integrity": "sha512-tzj7AoarFBKl7e41MR006ncrEmNPHALuk8aG4WdDIaG387X5//5KhWC5Ff3ZfB2InGSeNT+CVUd74M0gS20rjA==",
+    "node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz",
+      "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==",
       "dev": true,
       "dependencies": {
-        "@volar/code-gen": "0.38.9",
-        "@volar/source-map": "0.38.9",
-        "@vue/compiler-core": "^3.2.37",
-        "@vue/compiler-dom": "^3.2.37",
-        "@vue/shared": "^3.2.37"
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      },
+      "engines": {
+        "node": ">=6.0.0"
       }
     },
-    "node_modules/@volar/vue-typescript": {
-      "version": "0.38.9",
-      "resolved": "https://registry.npmjs.org/@volar/vue-typescript/-/vue-typescript-0.38.9.tgz",
-      "integrity": "sha512-iJMQGU91ADi98u8V1vXd2UBmELDAaeSP0ZJaFjwosClQdKlJQYc6MlxxKfXBZisHqfbhdtrGRyaryulnYtliZw==",
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
+      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
       "dev": true,
-      "dependencies": {
-        "@volar/code-gen": "0.38.9",
-        "@volar/source-map": "0.38.9",
-        "@volar/vue-code-gen": "0.38.9",
-        "@vue/compiler-sfc": "^3.2.37",
-        "@vue/reactivity": "^3.2.37"
-      }
-    },
-    "node_modules/@vue/compiler-core": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.2.37.tgz",
-      "integrity": "sha512-81KhEjo7YAOh0vQJoSmAD68wLfYqJvoiD4ulyedzF+OEk/bk6/hx3fTNVfuzugIIaTrOx4PGx6pAiBRe5e9Zmg==",
-      "dependencies": {
-        "@babel/parser": "^7.16.4",
-        "@vue/shared": "3.2.37",
-        "estree-walker": "^2.0.2",
-        "source-map": "^0.6.1"
+      "engines": {
+        "node": ">=6.0.0"
       }
     },
-    "node_modules/@vue/compiler-dom": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.2.37.tgz",
-      "integrity": "sha512-yxJLH167fucHKxaqXpYk7x8z7mMEnXOw3G2q62FTkmsvNxu4FQSu5+3UMb+L7fjKa26DEzhrmCxAgFLLIzVfqQ==",
-      "dependencies": {
-        "@vue/compiler-core": "3.2.37",
-        "@vue/shared": "3.2.37"
+    "node_modules/@jridgewell/set-array": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
+      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==",
+      "dev": true,
+      "engines": {
+        "node": ">=6.0.0"
       }
     },
-    "node_modules/@vue/compiler-sfc": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.2.37.tgz",
-      "integrity": "sha512-+7i/2+9LYlpqDv+KTtWhOZH+pa8/HnX/905MdVmAcI/mPQOBwkHHIzrsEsucyOIZQYMkXUiTkmZq5am/NyXKkg==",
-      "dependencies": {
-        "@babel/parser": "^7.16.4",
-        "@vue/compiler-core": "3.2.37",
-        "@vue/compiler-dom": "3.2.37",
-        "@vue/compiler-ssr": "3.2.37",
-        "@vue/reactivity-transform": "3.2.37",
-        "@vue/shared": "3.2.37",
-        "estree-walker": "^2.0.2",
-        "magic-string": "^0.25.7",
-        "postcss": "^8.1.10",
-        "source-map": "^0.6.1"
-      }
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.4.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
+      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==",
+      "dev": true
     },
-    "node_modules/@vue/compiler-sfc/node_modules/magic-string": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz",
-      "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==",
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.15",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.15.tgz",
+      "integrity": "sha512-oWZNOULl+UbhsgB51uuZzglikfIKSUBO/M9W2OfEjn7cmqoAiCgmv9lyACTUacZwBz0ITnJ2NqjU8Tx0DHL88g==",
+      "dev": true,
       "dependencies": {
-        "sourcemap-codec": "^1.4.8"
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
       }
     },
-    "node_modules/@vue/compiler-ssr": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.2.37.tgz",
-      "integrity": "sha512-7mQJD7HdXxQjktmsWp/J67lThEIcxLemz1Vb5I6rYJHR5vI+lON3nPGOH3ubmbvYGt8xEUaAr1j7/tIFWiEOqw==",
+    "node_modules/@nodelib/fs.scandir": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
+      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
+      "dev": true,
       "dependencies": {
-        "@vue/compiler-dom": "3.2.37",
-        "@vue/shared": "3.2.37"
+        "@nodelib/fs.stat": "2.0.5",
+        "run-parallel": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 8"
       }
     },
-    "node_modules/@vue/devtools-api": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/@vue/devtools-api/-/devtools-api-6.2.1.tgz",
-      "integrity": "sha512-OEgAMeQXvCoJ+1x8WyQuVZzFo0wcyCmUR3baRVLmKBo1LmYZWMlRiXlux5jd0fqVJu6PfDbOrZItVqUEzLobeQ=="
-    },
-    "node_modules/@vue/eslint-config-prettier": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@vue/eslint-config-prettier/-/eslint-config-prettier-7.0.0.tgz",
-      "integrity": "sha512-/CTc6ML3Wta1tCe1gUeO0EYnVXfo3nJXsIhZ8WJr3sov+cGASr6yuiibJTL6lmIBm7GobopToOuB3B6AWyV0Iw==",
+    "node_modules/@nodelib/fs.stat": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
+      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
       "dev": true,
-      "dependencies": {
-        "eslint-config-prettier": "^8.3.0",
-        "eslint-plugin-prettier": "^4.0.0"
-      },
-      "peerDependencies": {
-        "eslint": ">= 7.28.0",
-        "prettier": ">= 2.0.0"
+      "engines": {
+        "node": ">= 8"
       }
     },
-    "node_modules/@vue/eslint-config-typescript": {
-      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/@vue/eslint-config-typescript/-/eslint-config-typescript-11.0.0.tgz",
-      "integrity": "sha512-txuRzxnQVmtUvvy9UyWUy9sHWXNeRPGmSPqP53hRtaiUeCTAondI9Ho9GQYI/8/eWljYOST7iA4Aa8sANBkWaA==",
+    "node_modules/@nodelib/fs.walk": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
+      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "^5.0.0",
-        "@typescript-eslint/parser": "^5.0.0",
-        "vue-eslint-parser": "^9.0.0"
+        "@nodelib/fs.scandir": "2.1.5",
+        "fastq": "^1.6.0"
       },
       "engines": {
-        "node": "^14.17.0 || >=16.0.0"
-      },
-      "peerDependencies": {
-        "eslint": "^6.2.0 || ^7.0.0 || ^8.0.0",
-        "eslint-plugin-vue": "^9.0.0",
-        "typescript": "*"
-      },
-      "peerDependenciesMeta": {
-        "typescript": {
-          "optional": true
-        }
+        "node": ">= 8"
       }
     },
-    "node_modules/@vue/reactivity": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.2.37.tgz",
-      "integrity": "sha512-/7WRafBOshOc6m3F7plwzPeCu/RCVv9uMpOwa/5PiY1Zz+WLVRWiy0MYKwmg19KBdGtFWsmZ4cD+LOdVPcs52A==",
-      "dependencies": {
-        "@vue/shared": "3.2.37"
+    "node_modules/@popperjs/core": {
+      "name": "@sxzz/popperjs-es",
+      "version": "2.11.7",
+      "resolved": "https://registry.npmjs.org/@sxzz/popperjs-es/-/popperjs-es-2.11.7.tgz",
+      "integrity": "sha512-Ccy0NlLkzr0Ex2FKvh2X+OyERHXJ88XJ1MXtsI9y9fGexlaXaVTPzBCRBwIxFkORuOb+uBqeu+RqnpgYTEZRUQ==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/popperjs"
       }
     },
-    "node_modules/@vue/reactivity-transform": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity-transform/-/reactivity-transform-3.2.37.tgz",
-      "integrity": "sha512-IWopkKEb+8qpu/1eMKVeXrK0NLw9HicGviJzhJDEyfxTR9e1WtpnnbYkJWurX6WwoFP0sz10xQg8yL8lgskAZg==",
-      "dependencies": {
-        "@babel/parser": "^7.16.4",
-        "@vue/compiler-core": "3.2.37",
-        "@vue/shared": "3.2.37",
-        "estree-walker": "^2.0.2",
-        "magic-string": "^0.25.7"
+    "node_modules/@tootallnate/once": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz",
+      "integrity": "sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==",
+      "dev": true,
+      "engines": {
+        "node": ">= 10"
       }
     },
-    "node_modules/@vue/reactivity-transform/node_modules/magic-string": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz",
-      "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==",
-      "dependencies": {
-        "sourcemap-codec": "^1.4.8"
-      }
+    "node_modules/@types/chai": {
+      "version": "4.3.5",
+      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.5.tgz",
+      "integrity": "sha512-mEo1sAde+UCE6b2hxn332f1g1E8WfYRu6p5SvTKr2ZKC1f7gFJXk4h5PyGP9Dt6gCaG8y8XhwnXWC6Iy2cmBng==",
+      "dev": true
     },
-    "node_modules/@vue/runtime-core": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.2.37.tgz",
-      "integrity": "sha512-JPcd9kFyEdXLl/i0ClS7lwgcs0QpUAWj+SKX2ZC3ANKi1U4DOtiEr6cRqFXsPwY5u1L9fAjkinIdB8Rz3FoYNQ==",
+    "node_modules/@types/chai-subset": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/@types/chai-subset/-/chai-subset-1.3.3.tgz",
+      "integrity": "sha512-frBecisrNGz+F4T6bcc+NLeolfiojh5FxW2klu669+8BARtyQv2C/GkNW6FUodVe4BroGMP/wER/YDGc7rEllw==",
+      "dev": true,
       "dependencies": {
-        "@vue/reactivity": "3.2.37",
-        "@vue/shared": "3.2.37"
+        "@types/chai": "*"
       }
     },
-    "node_modules/@vue/runtime-dom": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.2.37.tgz",
-      "integrity": "sha512-HimKdh9BepShW6YozwRKAYjYQWg9mQn63RGEiSswMbW+ssIht1MILYlVGkAGGQbkhSh31PCdoUcfiu4apXJoPw==",
-      "dependencies": {
-        "@vue/runtime-core": "3.2.37",
-        "@vue/shared": "3.2.37",
-        "csstype": "^2.6.8"
-      }
+    "node_modules/@types/istanbul-lib-coverage": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz",
+      "integrity": "sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==",
+      "dev": true
     },
-    "node_modules/@vue/server-renderer": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.2.37.tgz",
-      "integrity": "sha512-kLITEJvaYgZQ2h47hIzPh2K3jG8c1zCVbp/o/bzQOyvzaKiCquKS7AaioPI28GNxIsE/zSx+EwWYsNxDCX95MA==",
+    "node_modules/@types/json-schema": {
+      "version": "7.0.11",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz",
+      "integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==",
+      "dev": true
+    },
+    "node_modules/@types/lodash": {
+      "version": "4.14.183",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.183.tgz",
+      "integrity": "sha512-UXavyuxzXKMqJPEpFPri6Ku5F9af6ZJXUneHhvQJxavrEjuHkFp2YnDWHcxJiG7hk8ZkWqjcyNeW1s/smZv5cw=="
+    },
+    "node_modules/@types/lodash-es": {
+      "version": "4.17.6",
+      "resolved": "https://registry.npmjs.org/@types/lodash-es/-/lodash-es-4.17.6.tgz",
+      "integrity": "sha512-R+zTeVUKDdfoRxpAryaQNRKk3105Rrgx2CFRClIgRGaqDTdjsm8h6IYA8ir584W3ePzkZfst5xIgDwYrlh9HLg==",
       "dependencies": {
-        "@vue/compiler-ssr": "3.2.37",
-        "@vue/shared": "3.2.37"
-      },
-      "peerDependencies": {
-        "vue": "3.2.37"
+        "@types/lodash": "*"
       }
     },
-    "node_modules/@vue/shared": {
-      "version": "3.2.37",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.2.37.tgz",
-      "integrity": "sha512-4rSJemR2NQIo9Klm1vabqWjD8rs/ZaJSzMxkMNeJS6lHiUjjUeYFbooN19NgFjztubEKh3WlZUeOLVdbbUWHsw=="
+    "node_modules/@types/node": {
+      "version": "18.7.6",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.6.tgz",
+      "integrity": "sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A==",
+      "dev": true
+    },
+    "node_modules/@types/web-bluetooth": {
+      "version": "0.0.14",
+      "resolved": "https://registry.npmjs.org/@types/web-bluetooth/-/web-bluetooth-0.0.14.tgz",
+      "integrity": "sha512-5d2RhCard1nQUC3aHcq/gHzWYO6K0WJmAbjO7mQJgCQKtZpgXxv1rOM6O/dBDhDYYVutk1sciOgNSe+5YyfM8A=="
     },
-    "node_modules/@vue/test-utils": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.0.2.tgz",
-      "integrity": "sha512-E2P4oXSaWDqTZNbmKZFVLrNN/siVN78YkEqs7pHryWerrlZR9bBFLWdJwRoguX45Ru6HxIflzKl4vQvwRMwm5g==",
+    "node_modules/@typescript-eslint/eslint-plugin": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.33.1.tgz",
+      "integrity": "sha512-S1iZIxrTvKkU3+m63YUOxYPKaP+yWDQrdhxTglVDVEVBf+aCSw85+BmJnyUaQQsk5TXFG/LpBu9fa+LrAQ91fQ==",
       "dev": true,
-      "peerDependencies": {
-        "vue": "^3.0.1"
-      }
-    },
-    "node_modules/@vueuse/core": {
-      "version": "8.9.4",
-      "resolved": "https://registry.npmjs.org/@vueuse/core/-/core-8.9.4.tgz",
-      "integrity": "sha512-B/Mdj9TK1peFyWaPof+Zf/mP9XuGAngaJZBwPaXBvU3aCTZlx3ltlrFFFyMV4iGBwsjSCeUCgZrtkEj9dS2Y3Q==",
       "dependencies": {
-        "@types/web-bluetooth": "^0.0.14",
-        "@vueuse/metadata": "8.9.4",
-        "@vueuse/shared": "8.9.4",
-        "vue-demi": "*"
+        "@typescript-eslint/scope-manager": "5.33.1",
+        "@typescript-eslint/type-utils": "5.33.1",
+        "@typescript-eslint/utils": "5.33.1",
+        "debug": "^4.3.4",
+        "functional-red-black-tree": "^1.0.1",
+        "ignore": "^5.2.0",
+        "regexpp": "^3.2.0",
+        "semver": "^7.3.7",
+        "tsutils": "^3.21.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       },
       "funding": {
-        "url": "https://github.com/sponsors/antfu"
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@vue/composition-api": "^1.1.0",
-        "vue": "^2.6.0 || ^3.2.0"
+        "@typescript-eslint/parser": "^5.0.0",
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
       },
       "peerDependenciesMeta": {
-        "@vue/composition-api": {
-          "optional": true
-        },
-        "vue": {
+        "typescript": {
           "optional": true
         }
       }
     },
-    "node_modules/@vueuse/core/node_modules/@vueuse/shared": {
-      "version": "8.9.4",
-      "resolved": "https://registry.npmjs.org/@vueuse/shared/-/shared-8.9.4.tgz",
-      "integrity": "sha512-wt+T30c4K6dGRMVqPddexEVLa28YwxW5OFIPmzUHICjphfAuBFTTdDoyqREZNDOFJZ44ARH1WWQNCUK8koJ+Ag==",
+    "node_modules/@typescript-eslint/parser": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.33.1.tgz",
+      "integrity": "sha512-IgLLtW7FOzoDlmaMoXdxG8HOCByTBXrB1V2ZQYSEV1ggMmJfAkMWTwUjjzagS6OkfpySyhKFkBw7A9jYmcHpZA==",
+      "dev": true,
       "dependencies": {
-        "vue-demi": "*"
+        "@typescript-eslint/scope-manager": "5.33.1",
+        "@typescript-eslint/types": "5.33.1",
+        "@typescript-eslint/typescript-estree": "5.33.1",
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       },
       "funding": {
-        "url": "https://github.com/sponsors/antfu"
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@vue/composition-api": "^1.1.0",
-        "vue": "^2.6.0 || ^3.2.0"
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
       },
       "peerDependenciesMeta": {
-        "@vue/composition-api": {
-          "optional": true
-        },
-        "vue": {
+        "typescript": {
           "optional": true
         }
       }
     },
-    "node_modules/@vueuse/core/node_modules/vue-demi": {
-      "version": "0.13.8",
-      "resolved": "https://registry.npmjs.org/vue-demi/-/vue-demi-0.13.8.tgz",
-      "integrity": "sha512-Vy1zbZhCOdsmvGR6tJhAvO5vhP7eiS8xkbYQSoVa7o6KlIy3W8Rc53ED4qI4qpeRDjv3mLfXSEpYU6Yq4pgXRg==",
-      "hasInstallScript": true,
-      "bin": {
-        "vue-demi-fix": "bin/vue-demi-fix.js",
-        "vue-demi-switch": "bin/vue-demi-switch.js"
+    "node_modules/@typescript-eslint/scope-manager": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.33.1.tgz",
+      "integrity": "sha512-8ibcZSqy4c5m69QpzJn8XQq9NnqAToC8OdH/W6IXPXv83vRyEDPYLdjAlUx8h/rbusq6MkW4YdQzURGOqsn3CA==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "5.33.1",
+        "@typescript-eslint/visitor-keys": "5.33.1"
       },
       "engines": {
-        "node": ">=12"
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       },
       "funding": {
-        "url": "https://github.com/sponsors/antfu"
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@typescript-eslint/type-utils": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.33.1.tgz",
+      "integrity": "sha512-X3pGsJsD8OiqhNa5fim41YtlnyiWMF/eKsEZGsHID2HcDqeSC5yr/uLOeph8rNF2/utwuI0IQoAK3fpoxcLl2g==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/utils": "5.33.1",
+        "debug": "^4.3.4",
+        "tsutils": "^3.21.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@vue/composition-api": "^1.0.0-rc.1",
-        "vue": "^3.0.0-0 || ^2.6.0"
+        "eslint": "*"
       },
       "peerDependenciesMeta": {
-        "@vue/composition-api": {
+        "typescript": {
           "optional": true
         }
       }
     },
-    "node_modules/@vueuse/metadata": {
-      "version": "8.9.4",
-      "resolved": "https://registry.npmjs.org/@vueuse/metadata/-/metadata-8.9.4.tgz",
-      "integrity": "sha512-IwSfzH80bnJMzqhaapqJl9JRIiyQU0zsRGEgnxN6jhq7992cPUJIRfV+JHRIZXjYqbwt07E1gTEp0R0zPJ1aqw==",
+    "node_modules/@typescript-eslint/types": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.33.1.tgz",
+      "integrity": "sha512-7K6MoQPQh6WVEkMrMW5QOA5FO+BOwzHSNd0j3+BlBwd6vtzfZceJ8xJ7Um2XDi/O3umS8/qDX6jdy2i7CijkwQ==",
+      "dev": true,
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
       "funding": {
-        "url": "https://github.com/sponsors/antfu"
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
       }
     },
-    "node_modules/abab": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz",
-      "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==",
-      "dev": true
-    },
-    "node_modules/acorn": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
-      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==",
+    "node_modules/@typescript-eslint/typescript-estree": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.33.1.tgz",
+      "integrity": "sha512-JOAzJ4pJ+tHzA2pgsWQi4804XisPHOtbvwUyqsuuq8+y5B5GMZs7lI1xDWs6V2d7gE/Ez5bTGojSK12+IIPtXA==",
       "dev": true,
-      "bin": {
-        "acorn": "bin/acorn"
+      "dependencies": {
+        "@typescript-eslint/types": "5.33.1",
+        "@typescript-eslint/visitor-keys": "5.33.1",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "semver": "^7.3.7",
+        "tsutils": "^3.21.0"
       },
       "engines": {
-        "node": ">=0.4.0"
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
       }
     },
-    "node_modules/acorn-globals": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-6.0.0.tgz",
-      "integrity": "sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==",
+    "node_modules/@typescript-eslint/utils": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.33.1.tgz",
+      "integrity": "sha512-uphZjkMaZ4fE8CR4dU7BquOV6u0doeQAr8n6cQenl/poMaIyJtBu8eys5uk6u5HiDH01Mj5lzbJ5SfeDz7oqMQ==",
       "dev": true,
       "dependencies": {
-        "acorn": "^7.1.1",
-        "acorn-walk": "^7.1.1"
+        "@types/json-schema": "^7.0.9",
+        "@typescript-eslint/scope-manager": "5.33.1",
+        "@typescript-eslint/types": "5.33.1",
+        "@typescript-eslint/typescript-estree": "5.33.1",
+        "eslint-scope": "^5.1.1",
+        "eslint-utils": "^3.0.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
       }
     },
-    "node_modules/acorn-globals/node_modules/acorn": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+    "node_modules/@typescript-eslint/visitor-keys": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.33.1.tgz",
+      "integrity": "sha512-nwIxOK8Z2MPWltLKMLOEZwmfBZReqUdbEoHQXeCpa+sRVARe5twpJGHCB4dk9903Yaf0nMAlGbQfaAH92F60eg==",
       "dev": true,
-      "bin": {
-        "acorn": "bin/acorn"
+      "dependencies": {
+        "@typescript-eslint/types": "5.33.1",
+        "eslint-visitor-keys": "^3.3.0"
       },
       "engines": {
-        "node": ">=0.4.0"
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
       }
     },
-    "node_modules/acorn-jsx": {
-      "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
-      "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
+    "node_modules/@vitejs/plugin-vue": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-4.2.3.tgz",
+      "integrity": "sha512-R6JDUfiZbJA9cMiguQ7jxALsgiprjBeHL5ikpXfJCH62pPHtI+JdJ5xWj6Ev73yXSlYl86+blXn1kZHQ7uElxw==",
       "dev": true,
+      "engines": {
+        "node": "^14.18.0 || >=16.0.0"
+      },
       "peerDependencies": {
-        "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
+        "vite": "^4.0.0",
+        "vue": "^3.2.25"
       }
     },
-    "node_modules/acorn-walk": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz",
-      "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==",
+    "node_modules/@vitest/coverage-v8": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-0.32.0.tgz",
+      "integrity": "sha512-VXXlWq9X/NbsoP/l/CHLBjutsFFww1UY1qEhzGjn/DY7Tqe+z0Nu8XKc8im/XUAmjiWsh2XV7sy/F0IKAl4eaw==",
       "dev": true,
-      "engines": {
-        "node": ">=0.4.0"
+      "dependencies": {
+        "@ampproject/remapping": "^2.2.1",
+        "@bcoe/v8-coverage": "^0.2.3",
+        "istanbul-lib-coverage": "^3.2.0",
+        "istanbul-lib-report": "^3.0.0",
+        "istanbul-lib-source-maps": "^4.0.1",
+        "istanbul-reports": "^3.1.5",
+        "magic-string": "^0.30.0",
+        "picocolors": "^1.0.0",
+        "std-env": "^3.3.2",
+        "test-exclude": "^6.0.0",
+        "v8-to-istanbul": "^9.1.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "vitest": ">=0.32.0 <1"
       }
     },
-    "node_modules/agent-base": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
-      "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+    "node_modules/@vitest/expect": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-0.32.0.tgz",
+      "integrity": "sha512-VxVHhIxKw9Lux+O9bwLEEk2gzOUe93xuFHy9SzYWnnoYZFYg1NfBtnfnYWiJN7yooJ7KNElCK5YtA7DTZvtXtg==",
+      "dev": true,
+      "dependencies": {
+        "@vitest/spy": "0.32.0",
+        "@vitest/utils": "0.32.0",
+        "chai": "^4.3.7"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/runner": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-0.32.0.tgz",
+      "integrity": "sha512-QpCmRxftHkr72xt5A08xTEs9I4iWEXIOCHWhQQguWOKE4QH7DXSKZSOFibuwEIMAD7G0ERvtUyQn7iPWIqSwmw==",
       "dev": true,
       "dependencies": {
-        "debug": "4"
+        "@vitest/utils": "0.32.0",
+        "concordance": "^5.0.4",
+        "p-limit": "^4.0.0",
+        "pathe": "^1.1.0"
       },
-      "engines": {
-        "node": ">= 6.0.0"
+      "funding": {
+        "url": "https://opencollective.com/vitest"
       }
     },
-    "node_modules/ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+    "node_modules/@vitest/runner/node_modules/p-limit": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-4.0.0.tgz",
+      "integrity": "sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ==",
       "dev": true,
       "dependencies": {
-        "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
-        "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "yocto-queue": "^1.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
       },
       "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
+        "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/ansi-regex": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+    "node_modules/@vitest/runner/node_modules/yocto-queue": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.0.0.tgz",
+      "integrity": "sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==",
       "dev": true,
       "engines": {
-        "node": ">=8"
+        "node": ">=12.20"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+    "node_modules/@vitest/snapshot": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-0.32.0.tgz",
+      "integrity": "sha512-yCKorPWjEnzpUxQpGlxulujTcSPgkblwGzAUEL+z01FTUg/YuCDZ8dxr9sHA08oO2EwxzHXNLjQKWJ2zc2a19Q==",
       "dev": true,
       "dependencies": {
-        "color-convert": "^2.0.1"
+        "magic-string": "^0.30.0",
+        "pathe": "^1.1.0",
+        "pretty-format": "^27.5.1"
       },
-      "engines": {
-        "node": ">=8"
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/spy": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-0.32.0.tgz",
+      "integrity": "sha512-MruAPlM0uyiq3d53BkwTeShXY0rYEfhNGQzVO5GHBmmX3clsxcWp79mMnkOVcV244sNTeDcHbcPFWIjOI4tZvw==",
+      "dev": true,
+      "dependencies": {
+        "tinyspy": "^2.1.0"
       },
       "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+        "url": "https://opencollective.com/vitest"
       }
     },
-    "node_modules/anymatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz",
-      "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==",
+    "node_modules/@vitest/utils": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-0.32.0.tgz",
+      "integrity": "sha512-53yXunzx47MmbuvcOPpLaVljHaeSu1G2dHdmy7+9ngMnQIkBQcvwOcoclWFnxDMxFbnq8exAfh3aKSZaK71J5A==",
       "dev": true,
       "dependencies": {
-        "normalize-path": "^3.0.0",
-        "picomatch": "^2.0.4"
+        "concordance": "^5.0.4",
+        "loupe": "^2.3.6",
+        "pretty-format": "^27.5.1"
       },
-      "engines": {
-        "node": ">= 8"
+      "funding": {
+        "url": "https://opencollective.com/vitest"
       }
     },
-    "node_modules/argparse": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
-      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+    "node_modules/@volar/code-gen": {
+      "version": "0.38.9",
+      "resolved": "https://registry.npmjs.org/@volar/code-gen/-/code-gen-0.38.9.tgz",
+      "integrity": "sha512-n6LClucfA+37rQeskvh9vDoZV1VvCVNy++MAPKj2dT4FT+Fbmty/SDQqnsEBtdEe6E3OQctFvA/IcKsx3Mns0A==",
+      "dev": true,
+      "dependencies": {
+        "@volar/source-map": "0.38.9"
+      }
+    },
+    "node_modules/@volar/source-map": {
+      "version": "0.38.9",
+      "resolved": "https://registry.npmjs.org/@volar/source-map/-/source-map-0.38.9.tgz",
+      "integrity": "sha512-ba0UFoHDYry+vwKdgkWJ6xlQT+8TFtZg1zj9tSjj4PykW1JZDuM0xplMotLun4h3YOoYfY9K1huY5gvxmrNLIw==",
       "dev": true
     },
-    "node_modules/array-union": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
-      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
+    "node_modules/@volar/vue-code-gen": {
+      "version": "0.38.9",
+      "resolved": "https://registry.npmjs.org/@volar/vue-code-gen/-/vue-code-gen-0.38.9.tgz",
+      "integrity": "sha512-tzj7AoarFBKl7e41MR006ncrEmNPHALuk8aG4WdDIaG387X5//5KhWC5Ff3ZfB2InGSeNT+CVUd74M0gS20rjA==",
       "dev": true,
-      "engines": {
-        "node": ">=8"
+      "dependencies": {
+        "@volar/code-gen": "0.38.9",
+        "@volar/source-map": "0.38.9",
+        "@vue/compiler-core": "^3.2.37",
+        "@vue/compiler-dom": "^3.2.37",
+        "@vue/shared": "^3.2.37"
       }
     },
-    "node_modules/assertion-error": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
-      "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
+    "node_modules/@volar/vue-typescript": {
+      "version": "0.38.9",
+      "resolved": "https://registry.npmjs.org/@volar/vue-typescript/-/vue-typescript-0.38.9.tgz",
+      "integrity": "sha512-iJMQGU91ADi98u8V1vXd2UBmELDAaeSP0ZJaFjwosClQdKlJQYc6MlxxKfXBZisHqfbhdtrGRyaryulnYtliZw==",
       "dev": true,
-      "engines": {
-        "node": "*"
+      "dependencies": {
+        "@volar/code-gen": "0.38.9",
+        "@volar/source-map": "0.38.9",
+        "@volar/vue-code-gen": "0.38.9",
+        "@vue/compiler-sfc": "^3.2.37",
+        "@vue/reactivity": "^3.2.37"
       }
     },
-    "node_modules/async-validator": {
-      "version": "4.2.5",
-      "resolved": "https://registry.npmjs.org/async-validator/-/async-validator-4.2.5.tgz",
-      "integrity": "sha512-7HhHjtERjqlNbZtqNqy2rckN/SpOOlmDliet+lP7k+eKZEjPk3DgyeU9lIXLdeLz0uBbbVp+9Qdow9wJWgwwfg=="
+    "node_modules/@vue/compiler-core": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.2.37.tgz",
+      "integrity": "sha512-81KhEjo7YAOh0vQJoSmAD68wLfYqJvoiD4ulyedzF+OEk/bk6/hx3fTNVfuzugIIaTrOx4PGx6pAiBRe5e9Zmg==",
+      "dependencies": {
+        "@babel/parser": "^7.16.4",
+        "@vue/shared": "3.2.37",
+        "estree-walker": "^2.0.2",
+        "source-map": "^0.6.1"
+      }
     },
-    "node_modules/asynckit": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
+    "node_modules/@vue/compiler-dom": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.2.37.tgz",
+      "integrity": "sha512-yxJLH167fucHKxaqXpYk7x8z7mMEnXOw3G2q62FTkmsvNxu4FQSu5+3UMb+L7fjKa26DEzhrmCxAgFLLIzVfqQ==",
+      "dependencies": {
+        "@vue/compiler-core": "3.2.37",
+        "@vue/shared": "3.2.37"
+      }
     },
-    "node_modules/axios": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
-      "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
+    "node_modules/@vue/compiler-sfc": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.2.37.tgz",
+      "integrity": "sha512-+7i/2+9LYlpqDv+KTtWhOZH+pa8/HnX/905MdVmAcI/mPQOBwkHHIzrsEsucyOIZQYMkXUiTkmZq5am/NyXKkg==",
       "dependencies": {
-        "follow-redirects": "^1.14.9",
-        "form-data": "^4.0.0"
+        "@babel/parser": "^7.16.4",
+        "@vue/compiler-core": "3.2.37",
+        "@vue/compiler-dom": "3.2.37",
+        "@vue/compiler-ssr": "3.2.37",
+        "@vue/reactivity-transform": "3.2.37",
+        "@vue/shared": "3.2.37",
+        "estree-walker": "^2.0.2",
+        "magic-string": "^0.25.7",
+        "postcss": "^8.1.10",
+        "source-map": "^0.6.1"
       }
     },
-    "node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true
+    "node_modules/@vue/compiler-sfc/node_modules/magic-string": {
+      "version": "0.25.9",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz",
+      "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==",
+      "dependencies": {
+        "sourcemap-codec": "^1.4.8"
+      }
     },
-    "node_modules/binary-extensions": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
-      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
+    "node_modules/@vue/compiler-ssr": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.2.37.tgz",
+      "integrity": "sha512-7mQJD7HdXxQjktmsWp/J67lThEIcxLemz1Vb5I6rYJHR5vI+lON3nPGOH3ubmbvYGt8xEUaAr1j7/tIFWiEOqw==",
+      "dependencies": {
+        "@vue/compiler-dom": "3.2.37",
+        "@vue/shared": "3.2.37"
+      }
+    },
+    "node_modules/@vue/devtools-api": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/@vue/devtools-api/-/devtools-api-6.2.1.tgz",
+      "integrity": "sha512-OEgAMeQXvCoJ+1x8WyQuVZzFo0wcyCmUR3baRVLmKBo1LmYZWMlRiXlux5jd0fqVJu6PfDbOrZItVqUEzLobeQ=="
+    },
+    "node_modules/@vue/eslint-config-prettier": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/@vue/eslint-config-prettier/-/eslint-config-prettier-7.0.0.tgz",
+      "integrity": "sha512-/CTc6ML3Wta1tCe1gUeO0EYnVXfo3nJXsIhZ8WJr3sov+cGASr6yuiibJTL6lmIBm7GobopToOuB3B6AWyV0Iw==",
+      "dev": true,
+      "dependencies": {
+        "eslint-config-prettier": "^8.3.0",
+        "eslint-plugin-prettier": "^4.0.0"
+      },
+      "peerDependencies": {
+        "eslint": ">= 7.28.0",
+        "prettier": ">= 2.0.0"
+      }
+    },
+    "node_modules/@vue/eslint-config-typescript": {
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@vue/eslint-config-typescript/-/eslint-config-typescript-11.0.0.tgz",
+      "integrity": "sha512-txuRzxnQVmtUvvy9UyWUy9sHWXNeRPGmSPqP53hRtaiUeCTAondI9Ho9GQYI/8/eWljYOST7iA4Aa8sANBkWaA==",
       "dev": true,
+      "dependencies": {
+        "@typescript-eslint/eslint-plugin": "^5.0.0",
+        "@typescript-eslint/parser": "^5.0.0",
+        "vue-eslint-parser": "^9.0.0"
+      },
       "engines": {
-        "node": ">=8"
+        "node": "^14.17.0 || >=16.0.0"
+      },
+      "peerDependencies": {
+        "eslint": "^6.2.0 || ^7.0.0 || ^8.0.0",
+        "eslint-plugin-vue": "^9.0.0",
+        "typescript": "*"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
       }
     },
-    "node_modules/boolbase": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
-      "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==",
-      "dev": true
+    "node_modules/@vue/reactivity": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.2.37.tgz",
+      "integrity": "sha512-/7WRafBOshOc6m3F7plwzPeCu/RCVv9uMpOwa/5PiY1Zz+WLVRWiy0MYKwmg19KBdGtFWsmZ4cD+LOdVPcs52A==",
+      "dependencies": {
+        "@vue/shared": "3.2.37"
+      }
     },
-    "node_modules/brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
-      "dev": true,
+    "node_modules/@vue/reactivity-transform": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity-transform/-/reactivity-transform-3.2.37.tgz",
+      "integrity": "sha512-IWopkKEb+8qpu/1eMKVeXrK0NLw9HicGviJzhJDEyfxTR9e1WtpnnbYkJWurX6WwoFP0sz10xQg8yL8lgskAZg==",
+      "dependencies": {
+        "@babel/parser": "^7.16.4",
+        "@vue/compiler-core": "3.2.37",
+        "@vue/shared": "3.2.37",
+        "estree-walker": "^2.0.2",
+        "magic-string": "^0.25.7"
+      }
+    },
+    "node_modules/@vue/reactivity-transform/node_modules/magic-string": {
+      "version": "0.25.9",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz",
+      "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==",
+      "dependencies": {
+        "sourcemap-codec": "^1.4.8"
+      }
+    },
+    "node_modules/@vue/runtime-core": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.2.37.tgz",
+      "integrity": "sha512-JPcd9kFyEdXLl/i0ClS7lwgcs0QpUAWj+SKX2ZC3ANKi1U4DOtiEr6cRqFXsPwY5u1L9fAjkinIdB8Rz3FoYNQ==",
+      "dependencies": {
+        "@vue/reactivity": "3.2.37",
+        "@vue/shared": "3.2.37"
+      }
+    },
+    "node_modules/@vue/runtime-dom": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.2.37.tgz",
+      "integrity": "sha512-HimKdh9BepShW6YozwRKAYjYQWg9mQn63RGEiSswMbW+ssIht1MILYlVGkAGGQbkhSh31PCdoUcfiu4apXJoPw==",
       "dependencies": {
-        "balanced-match": "^1.0.0",
-        "concat-map": "0.0.1"
+        "@vue/runtime-core": "3.2.37",
+        "@vue/shared": "3.2.37",
+        "csstype": "^2.6.8"
       }
     },
-    "node_modules/braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
-      "dev": true,
+    "node_modules/@vue/server-renderer": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.2.37.tgz",
+      "integrity": "sha512-kLITEJvaYgZQ2h47hIzPh2K3jG8c1zCVbp/o/bzQOyvzaKiCquKS7AaioPI28GNxIsE/zSx+EwWYsNxDCX95MA==",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "@vue/compiler-ssr": "3.2.37",
+        "@vue/shared": "3.2.37"
       },
-      "engines": {
-        "node": ">=8"
+      "peerDependencies": {
+        "vue": "3.2.37"
       }
     },
-    "node_modules/browser-process-hrtime": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz",
-      "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==",
-      "dev": true
+    "node_modules/@vue/shared": {
+      "version": "3.2.37",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.2.37.tgz",
+      "integrity": "sha512-4rSJemR2NQIo9Klm1vabqWjD8rs/ZaJSzMxkMNeJS6lHiUjjUeYFbooN19NgFjztubEKh3WlZUeOLVdbbUWHsw=="
     },
-    "node_modules/c8": {
-      "version": "7.12.0",
-      "resolved": "https://registry.npmjs.org/c8/-/c8-7.12.0.tgz",
-      "integrity": "sha512-CtgQrHOkyxr5koX1wEUmN/5cfDa2ckbHRA4Gy5LAL0zaCFtVWJS5++n+w4/sr2GWGerBxgTjpKeDclk/Qk6W/A==",
+    "node_modules/@vue/test-utils": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.0.2.tgz",
+      "integrity": "sha512-E2P4oXSaWDqTZNbmKZFVLrNN/siVN78YkEqs7pHryWerrlZR9bBFLWdJwRoguX45Ru6HxIflzKl4vQvwRMwm5g==",
       "dev": true,
+      "peerDependencies": {
+        "vue": "^3.0.1"
+      }
+    },
+    "node_modules/@vueuse/core": {
+      "version": "8.9.4",
+      "resolved": "https://registry.npmjs.org/@vueuse/core/-/core-8.9.4.tgz",
+      "integrity": "sha512-B/Mdj9TK1peFyWaPof+Zf/mP9XuGAngaJZBwPaXBvU3aCTZlx3ltlrFFFyMV4iGBwsjSCeUCgZrtkEj9dS2Y3Q==",
       "dependencies": {
-        "@bcoe/v8-coverage": "^0.2.3",
-        "@istanbuljs/schema": "^0.1.3",
-        "find-up": "^5.0.0",
-        "foreground-child": "^2.0.0",
-        "istanbul-lib-coverage": "^3.2.0",
-        "istanbul-lib-report": "^3.0.0",
-        "istanbul-reports": "^3.1.4",
-        "rimraf": "^3.0.2",
-        "test-exclude": "^6.0.0",
-        "v8-to-istanbul": "^9.0.0",
-        "yargs": "^16.2.0",
-        "yargs-parser": "^20.2.9"
+        "@types/web-bluetooth": "^0.0.14",
+        "@vueuse/metadata": "8.9.4",
+        "@vueuse/shared": "8.9.4",
+        "vue-demi": "*"
       },
-      "bin": {
-        "c8": "bin/c8.js"
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
       },
-      "engines": {
-        "node": ">=10.12.0"
-      }
-    },
-    "node_modules/callsites": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
-      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=6"
+      "peerDependencies": {
+        "@vue/composition-api": "^1.1.0",
+        "vue": "^2.6.0 || ^3.2.0"
+      },
+      "peerDependenciesMeta": {
+        "@vue/composition-api": {
+          "optional": true
+        },
+        "vue": {
+          "optional": true
+        }
       }
     },
-    "node_modules/chai": {
-      "version": "4.3.6",
-      "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.6.tgz",
-      "integrity": "sha512-bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q==",
-      "dev": true,
+    "node_modules/@vueuse/core/node_modules/@vueuse/shared": {
+      "version": "8.9.4",
+      "resolved": "https://registry.npmjs.org/@vueuse/shared/-/shared-8.9.4.tgz",
+      "integrity": "sha512-wt+T30c4K6dGRMVqPddexEVLa28YwxW5OFIPmzUHICjphfAuBFTTdDoyqREZNDOFJZ44ARH1WWQNCUK8koJ+Ag==",
       "dependencies": {
-        "assertion-error": "^1.1.0",
-        "check-error": "^1.0.2",
-        "deep-eql": "^3.0.1",
-        "get-func-name": "^2.0.0",
-        "loupe": "^2.3.1",
-        "pathval": "^1.1.1",
-        "type-detect": "^4.0.5"
+        "vue-demi": "*"
       },
-      "engines": {
-        "node": ">=4"
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "@vue/composition-api": "^1.1.0",
+        "vue": "^2.6.0 || ^3.2.0"
+      },
+      "peerDependenciesMeta": {
+        "@vue/composition-api": {
+          "optional": true
+        },
+        "vue": {
+          "optional": true
+        }
       }
     },
-    "node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
+    "node_modules/@vueuse/core/node_modules/vue-demi": {
+      "version": "0.13.8",
+      "resolved": "https://registry.npmjs.org/vue-demi/-/vue-demi-0.13.8.tgz",
+      "integrity": "sha512-Vy1zbZhCOdsmvGR6tJhAvO5vhP7eiS8xkbYQSoVa7o6KlIy3W8Rc53ED4qI4qpeRDjv3mLfXSEpYU6Yq4pgXRg==",
+      "hasInstallScript": true,
+      "bin": {
+        "vue-demi-fix": "bin/vue-demi-fix.js",
+        "vue-demi-switch": "bin/vue-demi-switch.js"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       },
       "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "@vue/composition-api": "^1.0.0-rc.1",
+        "vue": "^3.0.0-0 || ^2.6.0"
+      },
+      "peerDependenciesMeta": {
+        "@vue/composition-api": {
+          "optional": true
+        }
       }
     },
-    "node_modules/check-error": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
-      "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==",
-      "dev": true,
-      "engines": {
-        "node": "*"
+    "node_modules/@vueuse/metadata": {
+      "version": "8.9.4",
+      "resolved": "https://registry.npmjs.org/@vueuse/metadata/-/metadata-8.9.4.tgz",
+      "integrity": "sha512-IwSfzH80bnJMzqhaapqJl9JRIiyQU0zsRGEgnxN6jhq7992cPUJIRfV+JHRIZXjYqbwt07E1gTEp0R0zPJ1aqw==",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
       }
     },
-    "node_modules/chokidar": {
-      "version": "3.5.3",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
-      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
+    "node_modules/abab": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz",
+      "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==",
+      "dev": true
+    },
+    "node_modules/acorn": {
+      "version": "8.8.2",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
+      "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
       "dev": true,
-      "funding": [
-        {
-          "type": "individual",
-          "url": "https://paulmillr.com/funding/"
-        }
-      ],
-      "dependencies": {
-        "anymatch": "~3.1.2",
-        "braces": "~3.0.2",
-        "glob-parent": "~5.1.2",
-        "is-binary-path": "~2.1.0",
-        "is-glob": "~4.0.1",
-        "normalize-path": "~3.0.0",
-        "readdirp": "~3.6.0"
+      "bin": {
+        "acorn": "bin/acorn"
       },
       "engines": {
-        "node": ">= 8.10.0"
-      },
-      "optionalDependencies": {
-        "fsevents": "~2.3.2"
+        "node": ">=0.4.0"
       }
     },
-    "node_modules/chokidar/node_modules/glob-parent": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
-      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+    "node_modules/acorn-globals": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-6.0.0.tgz",
+      "integrity": "sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==",
       "dev": true,
       "dependencies": {
-        "is-glob": "^4.0.1"
+        "acorn": "^7.1.1",
+        "acorn-walk": "^7.1.1"
+      }
+    },
+    "node_modules/acorn-globals/node_modules/acorn": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "dev": true,
+      "bin": {
+        "acorn": "bin/acorn"
       },
       "engines": {
-        "node": ">= 6"
+        "node": ">=0.4.0"
       }
     },
-    "node_modules/cliui": {
-      "version": "7.0.4",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
-      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
+    "node_modules/acorn-jsx": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
+      "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
       "dev": true,
-      "dependencies": {
-        "string-width": "^4.2.0",
-        "strip-ansi": "^6.0.0",
-        "wrap-ansi": "^7.0.0"
+      "peerDependencies": {
+        "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
       }
     },
-    "node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+    "node_modules/acorn-walk": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz",
+      "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==",
       "dev": true,
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
       "engines": {
-        "node": ">=7.0.0"
+        "node": ">=0.4.0"
       }
     },
-    "node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-      "dev": true
-    },
-    "node_modules/combined-stream": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
-      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+    "node_modules/agent-base": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+      "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+      "dev": true,
       "dependencies": {
-        "delayed-stream": "~1.0.0"
+        "debug": "4"
       },
       "engines": {
-        "node": ">= 0.8"
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/ajv": {
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "dev": true,
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
       }
     },
-    "node_modules/concat-map": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
-      "dev": true
-    },
-    "node_modules/convert-source-map": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.8.0.tgz",
-      "integrity": "sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==",
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
       "dev": true,
-      "dependencies": {
-        "safe-buffer": "~5.1.1"
+      "engines": {
+        "node": ">=8"
       }
     },
-    "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dev": true,
       "dependencies": {
-        "path-key": "^3.1.0",
-        "shebang-command": "^2.0.0",
-        "which": "^2.0.1"
+        "color-convert": "^2.0.1"
       },
       "engines": {
-        "node": ">= 8"
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
-    "node_modules/cssesc": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz",
-      "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==",
+    "node_modules/anymatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz",
+      "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==",
       "dev": true,
-      "bin": {
-        "cssesc": "bin/cssesc"
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
       },
       "engines": {
-        "node": ">=4"
+        "node": ">= 8"
       }
     },
-    "node_modules/cssom": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.5.0.tgz",
-      "integrity": "sha512-iKuQcq+NdHqlAcwUY0o/HL69XQrUaQdMjmStJ8JFmUaiiQErlhrmuigkg/CU4E2J0IyUKUrMAgl36TvN67MqTw==",
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
       "dev": true
     },
-    "node_modules/cssstyle": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz",
-      "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==",
+    "node_modules/array-union": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
+      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
       "dev": true,
-      "dependencies": {
-        "cssom": "~0.3.6"
-      },
       "engines": {
         "node": ">=8"
       }
     },
-    "node_modules/cssstyle/node_modules/cssom": {
-      "version": "0.3.8",
-      "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz",
-      "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==",
-      "dev": true
-    },
-    "node_modules/csstype": {
-      "version": "2.6.20",
-      "resolved": "https://registry.npmjs.org/csstype/-/csstype-2.6.20.tgz",
-      "integrity": "sha512-/WwNkdXfckNgw6S5R125rrW8ez139lBHWouiBvX8dfMFtcn6V81REDqnH7+CRpRipfYlyU1CmOnOxrmGcFOjeA=="
-    },
-    "node_modules/data-urls": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-3.0.2.tgz",
-      "integrity": "sha512-Jy/tj3ldjZJo63sVAvg6LHt2mHvl4V6AgRAmNDtLdm7faqtsx+aJG42rsyCo9JCoRVKwPFzKlIPx3DIibwSIaQ==",
+    "node_modules/assertion-error": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
+      "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
       "dev": true,
-      "dependencies": {
-        "abab": "^2.0.6",
-        "whatwg-mimetype": "^3.0.0",
-        "whatwg-url": "^11.0.0"
-      },
       "engines": {
-        "node": ">=12"
+        "node": "*"
       }
     },
-    "node_modules/dayjs": {
-      "version": "1.11.5",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.5.tgz",
-      "integrity": "sha512-CAdX5Q3YW3Gclyo5Vpqkgpj8fSdLQcRuzfX6mC6Phy0nfJ0eGYOeS7m4mt2plDWLAtA4TqTakvbboHvUxfe4iA=="
+    "node_modules/async-validator": {
+      "version": "4.2.5",
+      "resolved": "https://registry.npmjs.org/async-validator/-/async-validator-4.2.5.tgz",
+      "integrity": "sha512-7HhHjtERjqlNbZtqNqy2rckN/SpOOlmDliet+lP7k+eKZEjPk3DgyeU9lIXLdeLz0uBbbVp+9Qdow9wJWgwwfg=="
     },
-    "node_modules/debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
-      "dev": true,
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
+    },
+    "node_modules/axios": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
+      "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
       "dependencies": {
-        "ms": "2.1.2"
-      },
-      "engines": {
-        "node": ">=6.0"
-      },
-      "peerDependenciesMeta": {
-        "supports-color": {
-          "optional": true
-        }
+        "follow-redirects": "^1.14.9",
+        "form-data": "^4.0.0"
       }
     },
-    "node_modules/decimal.js": {
-      "version": "10.4.0",
-      "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.0.tgz",
-      "integrity": "sha512-Nv6ENEzyPQ6AItkGwLE2PGKinZZ9g59vSh2BeH6NqPu0OTKZ5ruJsVqh/orbAnqXc9pBbgXAIrc2EyaCj8NpGg==",
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
       "dev": true
     },
-    "node_modules/deep-eql": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz",
-      "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==",
+    "node_modules/binary-extensions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
+      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
       "dev": true,
-      "dependencies": {
-        "type-detect": "^4.0.0"
-      },
       "engines": {
-        "node": ">=0.12"
+        "node": ">=8"
       }
     },
-    "node_modules/deep-is": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
-      "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==",
+    "node_modules/blueimp-md5": {
+      "version": "2.19.0",
+      "resolved": "https://registry.npmjs.org/blueimp-md5/-/blueimp-md5-2.19.0.tgz",
+      "integrity": "sha512-DRQrD6gJyy8FbiE4s+bDoXS9hiW3Vbx5uCdwvcCf3zLHL+Iv7LtGHLpr+GZV8rHG8tK766FGYBwRbu8pELTt+w==",
       "dev": true
     },
-    "node_modules/delayed-stream": {
+    "node_modules/boolbase": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
-      "engines": {
-        "node": ">=0.4.0"
+      "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
+      "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==",
+      "dev": true
+    },
+    "node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
       }
     },
-    "node_modules/dir-glob": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
-      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
+    "node_modules/braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
       "dev": true,
       "dependencies": {
-        "path-type": "^4.0.0"
+        "fill-range": "^7.0.1"
       },
       "engines": {
         "node": ">=8"
       }
     },
-    "node_modules/doctrine": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
-      "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
+    "node_modules/browser-process-hrtime": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz",
+      "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==",
+      "dev": true
+    },
+    "node_modules/cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
       "dev": true,
-      "dependencies": {
-        "esutils": "^2.0.2"
-      },
       "engines": {
-        "node": ">=6.0.0"
+        "node": ">=8"
       }
     },
-    "node_modules/domexception": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/domexception/-/domexception-4.0.0.tgz",
-      "integrity": "sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==",
+    "node_modules/callsites": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
+      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
       "dev": true,
-      "dependencies": {
-        "webidl-conversions": "^7.0.0"
-      },
       "engines": {
-        "node": ">=12"
+        "node": ">=6"
       }
     },
-    "node_modules/element-plus": {
-      "version": "2.2.13",
-      "resolved": "https://registry.npmjs.org/element-plus/-/element-plus-2.2.13.tgz",
-      "integrity": "sha512-dKQ7BPZC8deUPhv+6s4GgOL0GyGj3KpUarywxm6s1nWnHjH6FqeZlUcxPqBvJd7W/d81POayx3B13GP+rfkG9g==",
+    "node_modules/chai": {
+      "version": "4.3.7",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz",
+      "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==",
+      "dev": true,
       "dependencies": {
-        "@ctrl/tinycolor": "^3.4.1",
-        "@element-plus/icons-vue": "^2.0.6",
-        "@floating-ui/dom": "^0.5.4",
-        "@popperjs/core": "npm:@sxzz/popperjs-es@^2.11.7",
-        "@types/lodash": "^4.14.182",
-        "@types/lodash-es": "^4.17.6",
-        "@vueuse/core": "^8.7.5",
-        "async-validator": "^4.2.5",
-        "dayjs": "^1.11.3",
-        "escape-html": "^1.0.3",
-        "lodash": "^4.17.21",
-        "lodash-es": "^4.17.21",
-        "lodash-unified": "^1.0.2",
-        "memoize-one": "^6.0.0",
-        "normalize-wheel-es": "^1.2.0"
+        "assertion-error": "^1.1.0",
+        "check-error": "^1.0.2",
+        "deep-eql": "^4.1.2",
+        "get-func-name": "^2.0.0",
+        "loupe": "^2.3.1",
+        "pathval": "^1.1.1",
+        "type-detect": "^4.0.5"
       },
-      "peerDependencies": {
-        "vue": "^3.2.0"
+      "engines": {
+        "node": ">=4"
       }
     },
-    "node_modules/emoji-regex": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-      "dev": true
-    },
-    "node_modules/entities": {
-      "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-4.3.1.tgz",
-      "integrity": "sha512-o4q/dYJlmyjP2zfnaWDUC6A3BQFmVTX+tZPezK7k0GLSU9QYCauscf5Y+qcEPzKL+EixVouYDgLQK5H9GrLpkg==",
+    "node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
       "dev": true,
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
       "engines": {
-        "node": ">=0.12"
+        "node": ">=10"
       },
       "funding": {
-        "url": "https://github.com/fb55/entities?sponsor=1"
+        "url": "https://github.com/chalk/chalk?sponsor=1"
       }
     },
-    "node_modules/esbuild": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.14.54.tgz",
-      "integrity": "sha512-Cy9llcy8DvET5uznocPyqL3BFRrFXSVqbgpMJ9Wz8oVjZlh/zUSNbPRbov0VX7VxN2JH1Oa0uNxZ7eLRb62pJA==",
-      "dev": true,
-      "hasInstallScript": true,
-      "bin": {
-        "esbuild": "bin/esbuild"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "optionalDependencies": {
-        "@esbuild/linux-loong64": "0.14.54",
-        "esbuild-android-64": "0.14.54",
-        "esbuild-android-arm64": "0.14.54",
-        "esbuild-darwin-64": "0.14.54",
-        "esbuild-darwin-arm64": "0.14.54",
-        "esbuild-freebsd-64": "0.14.54",
-        "esbuild-freebsd-arm64": "0.14.54",
-        "esbuild-linux-32": "0.14.54",
-        "esbuild-linux-64": "0.14.54",
-        "esbuild-linux-arm": "0.14.54",
-        "esbuild-linux-arm64": "0.14.54",
-        "esbuild-linux-mips64le": "0.14.54",
-        "esbuild-linux-ppc64le": "0.14.54",
-        "esbuild-linux-riscv64": "0.14.54",
-        "esbuild-linux-s390x": "0.14.54",
-        "esbuild-netbsd-64": "0.14.54",
-        "esbuild-openbsd-64": "0.14.54",
-        "esbuild-sunos-64": "0.14.54",
-        "esbuild-windows-32": "0.14.54",
-        "esbuild-windows-64": "0.14.54",
-        "esbuild-windows-arm64": "0.14.54"
-      }
-    },
-    "node_modules/esbuild-android-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-android-64/-/esbuild-android-64-0.14.54.tgz",
-      "integrity": "sha512-Tz2++Aqqz0rJ7kYBfz+iqyE3QMycD4vk7LBRyWaAVFgFtQ/O8EJOnVmTOiDWYZ/uYzB4kvP+bqejYdVKzE5lAQ==",
-      "cpu": [
-        "x64"
-      ],
+    "node_modules/check-error": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
+      "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "android"
-      ],
       "engines": {
-        "node": ">=12"
+        "node": "*"
       }
     },
-    "node_modules/esbuild-android-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-android-arm64/-/esbuild-android-arm64-0.14.54.tgz",
-      "integrity": "sha512-F9E+/QDi9sSkLaClO8SOV6etqPd+5DgJje1F9lOWoNncDdOBL2YF59IhsWATSt0TLZbYCf3pNlTHvVV5VfHdvg==",
-      "cpu": [
-        "arm64"
-      ],
+    "node_modules/chokidar": {
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "android"
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://paulmillr.com/funding/"
+        }
       ],
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">= 8.10.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
       }
     },
-    "node_modules/esbuild-darwin-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-darwin-64/-/esbuild-darwin-64-0.14.54.tgz",
-      "integrity": "sha512-jtdKWV3nBviOd5v4hOpkVmpxsBy90CGzebpbO9beiqUYVMBtSc0AL9zGftFuBon7PNDcdvNCEuQqw2x0wP9yug==",
-      "cpu": [
-        "x64"
-      ],
+    "node_modules/chokidar/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">= 6"
       }
     },
-    "node_modules/esbuild-darwin-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-darwin-arm64/-/esbuild-darwin-arm64-0.14.54.tgz",
-      "integrity": "sha512-OPafJHD2oUPyvJMrsCvDGkRrVCar5aVyHfWGQzY1dWnzErjrDuSETxwA2HSsyg2jORLY8yBfzc1MIpUkXlctmw==",
-      "cpu": [
-        "arm64"
-      ],
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=7.0.0"
       }
     },
-    "node_modules/esbuild-freebsd-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-freebsd-64/-/esbuild-freebsd-64-0.14.54.tgz",
-      "integrity": "sha512-OKwd4gmwHqOTp4mOGZKe/XUlbDJ4Q9TjX0hMPIDBUWWu/kwhBAudJdBoxnjNf9ocIB6GN6CPowYpR/hRCbSYAg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "dev": true
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">= 0.8"
       }
     },
-    "node_modules/esbuild-freebsd-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-freebsd-arm64/-/esbuild-freebsd-arm64-0.14.54.tgz",
-      "integrity": "sha512-sFwueGr7OvIFiQT6WeG0jRLjkjdqWWSrfbVwZp8iMP+8UHEHRBvlaxL6IuKNDwAozNUmbb8nIMXa7oAOARGs1Q==",
-      "cpu": [
-        "arm64"
-      ],
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
+      "dev": true
+    },
+    "node_modules/concordance": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/concordance/-/concordance-5.0.4.tgz",
+      "integrity": "sha512-OAcsnTEYu1ARJqWVGwf4zh4JDfHZEaSNlNccFmt8YjB2l/n19/PF2viLINHc57vO4FKIAFl2FWASIGZZWZ2Kxw==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
+      "dependencies": {
+        "date-time": "^3.1.0",
+        "esutils": "^2.0.3",
+        "fast-diff": "^1.2.0",
+        "js-string-escape": "^1.0.1",
+        "lodash": "^4.17.15",
+        "md5-hex": "^3.0.1",
+        "semver": "^7.3.2",
+        "well-known-symbols": "^2.0.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=10.18.0 <11 || >=12.14.0 <13 || >=14"
       }
     },
-    "node_modules/esbuild-linux-32": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-32/-/esbuild-linux-32-0.14.54.tgz",
-      "integrity": "sha512-1ZuY+JDI//WmklKlBgJnglpUL1owm2OX+8E1syCD6UAxcMM/XoWd76OHSjl/0MR0LisSAXDqgjT3uJqT67O3qw==",
-      "cpu": [
-        "ia32"
-      ],
+    "node_modules/convert-source-map": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.8.0.tgz",
+      "integrity": "sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=12"
+      "dependencies": {
+        "safe-buffer": "~5.1.1"
       }
     },
-    "node_modules/esbuild-linux-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-64/-/esbuild-linux-64-0.14.54.tgz",
-      "integrity": "sha512-EgjAgH5HwTbtNsTqQOXWApBaPVdDn7XcK+/PtJwZLT1UmpLoznPd8c5CxqsH2dQK3j05YsB3L17T8vE7cp4cCg==",
-      "cpu": [
-        "x64"
-      ],
+    "node_modules/cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">= 8"
       }
     },
-    "node_modules/esbuild-linux-arm": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-arm/-/esbuild-linux-arm-0.14.54.tgz",
-      "integrity": "sha512-qqz/SjemQhVMTnvcLGoLOdFpCYbz4v4fUo+TfsWG+1aOu70/80RV6bgNpR2JCrppV2moUQkww+6bWxXRL9YMGw==",
-      "cpu": [
-        "arm"
-      ],
+    "node_modules/cssesc": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz",
+      "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+      "bin": {
+        "cssesc": "bin/cssesc"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=4"
       }
     },
-    "node_modules/esbuild-linux-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-arm64/-/esbuild-linux-arm64-0.14.54.tgz",
-      "integrity": "sha512-WL71L+0Rwv+Gv/HTmxTEmpv0UgmxYa5ftZILVi2QmZBgX3q7+tDeOQNqGtdXSdsL8TQi1vIaVFHUPDe0O0kdig==",
-      "cpu": [
-        "arm64"
-      ],
+    "node_modules/cssom": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.5.0.tgz",
+      "integrity": "sha512-iKuQcq+NdHqlAcwUY0o/HL69XQrUaQdMjmStJ8JFmUaiiQErlhrmuigkg/CU4E2J0IyUKUrMAgl36TvN67MqTw==",
+      "dev": true
+    },
+    "node_modules/cssstyle": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz",
+      "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+      "dependencies": {
+        "cssom": "~0.3.6"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=8"
       }
     },
-    "node_modules/esbuild-linux-mips64le": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-mips64le/-/esbuild-linux-mips64le-0.14.54.tgz",
-      "integrity": "sha512-qTHGQB8D1etd0u1+sB6p0ikLKRVuCWhYQhAHRPkO+OF3I/iSlTKNNS0Lh2Oc0g0UFGguaFZZiPJdJey3AGpAlw==",
-      "cpu": [
-        "mips64el"
-      ],
+    "node_modules/cssstyle/node_modules/cssom": {
+      "version": "0.3.8",
+      "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz",
+      "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==",
+      "dev": true
+    },
+    "node_modules/csstype": {
+      "version": "2.6.20",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-2.6.20.tgz",
+      "integrity": "sha512-/WwNkdXfckNgw6S5R125rrW8ez139lBHWouiBvX8dfMFtcn6V81REDqnH7+CRpRipfYlyU1CmOnOxrmGcFOjeA=="
+    },
+    "node_modules/data-urls": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-3.0.2.tgz",
+      "integrity": "sha512-Jy/tj3ldjZJo63sVAvg6LHt2mHvl4V6AgRAmNDtLdm7faqtsx+aJG42rsyCo9JCoRVKwPFzKlIPx3DIibwSIaQ==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+      "dependencies": {
+        "abab": "^2.0.6",
+        "whatwg-mimetype": "^3.0.0",
+        "whatwg-url": "^11.0.0"
+      },
       "engines": {
         "node": ">=12"
       }
     },
-    "node_modules/esbuild-linux-ppc64le": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-ppc64le/-/esbuild-linux-ppc64le-0.14.54.tgz",
-      "integrity": "sha512-j3OMlzHiqwZBDPRCDFKcx595XVfOfOnv68Ax3U4UKZ3MTYQB5Yz3X1mn5GnodEVYzhtZgxEBidLWeIs8FDSfrQ==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+    "node_modules/date-fns": {
+      "version": "2.30.0",
+      "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.30.0.tgz",
+      "integrity": "sha512-fnULvOpxnC5/Vg3NCiWelDsLiUc9bRwAPs/+LfTLNvetFCtCTN+yQz15C/fs4AwX1R9K5GLtLfn8QW+dWisaAw==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=0.11"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/date-fns"
       }
     },
-    "node_modules/esbuild-linux-riscv64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-riscv64/-/esbuild-linux-riscv64-0.14.54.tgz",
-      "integrity": "sha512-y7Vt7Wl9dkOGZjxQZnDAqqn+XOqFD7IMWiewY5SPlNlzMX39ocPQlOaoxvT4FllA5viyV26/QzHtvTjVNOxHZg==",
-      "cpu": [
-        "riscv64"
-      ],
+    "node_modules/date-time": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/date-time/-/date-time-3.1.0.tgz",
+      "integrity": "sha512-uqCUKXE5q1PNBXjPqvwhwJf9SwMoAHBgWJ6DcrnS5o+W2JOiIILl0JEdVD8SGujrNS02GGxgwAg2PN2zONgtjg==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+      "dependencies": {
+        "time-zone": "^1.0.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=6"
       }
     },
-    "node_modules/esbuild-linux-s390x": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-s390x/-/esbuild-linux-s390x-0.14.54.tgz",
-      "integrity": "sha512-zaHpW9dziAsi7lRcyV4r8dhfG1qBidQWUXweUjnw+lliChJqQr+6XD71K41oEIC3Mx1KStovEmlzm+MkGZHnHA==",
-      "cpu": [
-        "s390x"
-      ],
+    "node_modules/dayjs": {
+      "version": "1.11.5",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.5.tgz",
+      "integrity": "sha512-CAdX5Q3YW3Gclyo5Vpqkgpj8fSdLQcRuzfX6mC6Phy0nfJ0eGYOeS7m4mt2plDWLAtA4TqTakvbboHvUxfe4iA=="
+    },
+    "node_modules/debug": {
+      "version": "4.3.4",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+      "dependencies": {
+        "ms": "2.1.2"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
       }
     },
-    "node_modules/esbuild-netbsd-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-netbsd-64/-/esbuild-netbsd-64-0.14.54.tgz",
-      "integrity": "sha512-PR01lmIMnfJTgeU9VJTDY9ZerDWVFIUzAtJuDHwwceppW7cQWjBBqP48NdeRtoP04/AtO9a7w3viI+PIDr6d+w==",
-      "cpu": [
-        "x64"
-      ],
+    "node_modules/decimal.js": {
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.0.tgz",
+      "integrity": "sha512-Nv6ENEzyPQ6AItkGwLE2PGKinZZ9g59vSh2BeH6NqPu0OTKZ5ruJsVqh/orbAnqXc9pBbgXAIrc2EyaCj8NpGg==",
+      "dev": true
+    },
+    "node_modules/deep-eql": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz",
+      "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "netbsd"
-      ],
+      "dependencies": {
+        "type-detect": "^4.0.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=6"
       }
     },
-    "node_modules/esbuild-openbsd-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-openbsd-64/-/esbuild-openbsd-64-0.14.54.tgz",
-      "integrity": "sha512-Qyk7ikT2o7Wu76UsvvDS5q0amJvmRzDyVlL0qf5VLsLchjCa1+IAvd8kTBgUxD7VBUUVgItLkk609ZHUc1oCaw==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "openbsd"
-      ],
+    "node_modules/deep-is": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
+      "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==",
+      "dev": true
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
       "engines": {
-        "node": ">=12"
+        "node": ">=0.4.0"
       }
     },
-    "node_modules/esbuild-sunos-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-sunos-64/-/esbuild-sunos-64-0.14.54.tgz",
-      "integrity": "sha512-28GZ24KmMSeKi5ueWzMcco6EBHStL3B6ubM7M51RmPwXQGLe0teBGJocmWhgwccA1GeFXqxzILIxXpHbl9Q/Kw==",
-      "cpu": [
-        "x64"
-      ],
+    "node_modules/dir-glob": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
+      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "sunos"
-      ],
+      "dependencies": {
+        "path-type": "^4.0.0"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=8"
       }
     },
-    "node_modules/esbuild-windows-32": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-windows-32/-/esbuild-windows-32-0.14.54.tgz",
-      "integrity": "sha512-T+rdZW19ql9MjS7pixmZYVObd9G7kcaZo+sETqNH4RCkuuYSuv9AGHUVnPoP9hhuE1WM1ZimHz1CIBHBboLU7w==",
-      "cpu": [
-        "ia32"
-      ],
+    "node_modules/doctrine": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
+      "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "win32"
-      ],
+      "dependencies": {
+        "esutils": "^2.0.2"
+      },
       "engines": {
-        "node": ">=12"
+        "node": ">=6.0.0"
       }
     },
-    "node_modules/esbuild-windows-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-windows-64/-/esbuild-windows-64-0.14.54.tgz",
-      "integrity": "sha512-AoHTRBUuYwXtZhjXZbA1pGfTo8cJo3vZIcWGLiUcTNgHpJJMC1rVA44ZereBHMJtotyN71S8Qw0npiCIkW96cQ==",
-      "cpu": [
-        "x64"
-      ],
+    "node_modules/domexception": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/domexception/-/domexception-4.0.0.tgz",
+      "integrity": "sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "win32"
-      ],
+      "dependencies": {
+        "webidl-conversions": "^7.0.0"
+      },
       "engines": {
         "node": ">=12"
       }
     },
-    "node_modules/esbuild-windows-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-windows-arm64/-/esbuild-windows-arm64-0.14.54.tgz",
-      "integrity": "sha512-M0kuUvXhot1zOISQGXwWn6YtS+Y/1RT9WrVIOywZnJHo3jCDyewAc79aKNQWFCQm+xNHVTq9h8dZKvygoXQQRg==",
-      "cpu": [
-        "arm64"
-      ],
+    "node_modules/element-plus": {
+      "version": "2.2.13",
+      "resolved": "https://registry.npmjs.org/element-plus/-/element-plus-2.2.13.tgz",
+      "integrity": "sha512-dKQ7BPZC8deUPhv+6s4GgOL0GyGj3KpUarywxm6s1nWnHjH6FqeZlUcxPqBvJd7W/d81POayx3B13GP+rfkG9g==",
+      "dependencies": {
+        "@ctrl/tinycolor": "^3.4.1",
+        "@element-plus/icons-vue": "^2.0.6",
+        "@floating-ui/dom": "^0.5.4",
+        "@popperjs/core": "npm:@sxzz/popperjs-es@^2.11.7",
+        "@types/lodash": "^4.14.182",
+        "@types/lodash-es": "^4.17.6",
+        "@vueuse/core": "^8.7.5",
+        "async-validator": "^4.2.5",
+        "dayjs": "^1.11.3",
+        "escape-html": "^1.0.3",
+        "lodash": "^4.17.21",
+        "lodash-es": "^4.17.21",
+        "lodash-unified": "^1.0.2",
+        "memoize-one": "^6.0.0",
+        "normalize-wheel-es": "^1.2.0"
+      },
+      "peerDependencies": {
+        "vue": "^3.2.0"
+      }
+    },
+    "node_modules/entities": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.3.1.tgz",
+      "integrity": "sha512-o4q/dYJlmyjP2zfnaWDUC6A3BQFmVTX+tZPezK7k0GLSU9QYCauscf5Y+qcEPzKL+EixVouYDgLQK5H9GrLpkg==",
       "dev": true,
-      "optional": true,
-      "os": [
-        "win32"
-      ],
       "engines": {
-        "node": ">=12"
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
       }
     },
-    "node_modules/escalade": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
-      "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
+    "node_modules/esbuild": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.17.19.tgz",
+      "integrity": "sha512-XQ0jAPFkK/u3LcVRcvVHQcTIqD6E2H1fvZMA5dQPSOWb3suUbWbfbRf94pjc0bNzRYLfIrDRQXr7X+LHIm5oHw==",
       "dev": true,
+      "hasInstallScript": true,
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
       "engines": {
-        "node": ">=6"
+        "node": ">=12"
+      },
+      "optionalDependencies": {
+        "@esbuild/android-arm": "0.17.19",
+        "@esbuild/android-arm64": "0.17.19",
+        "@esbuild/android-x64": "0.17.19",
+        "@esbuild/darwin-arm64": "0.17.19",
+        "@esbuild/darwin-x64": "0.17.19",
+        "@esbuild/freebsd-arm64": "0.17.19",
+        "@esbuild/freebsd-x64": "0.17.19",
+        "@esbuild/linux-arm": "0.17.19",
+        "@esbuild/linux-arm64": "0.17.19",
+        "@esbuild/linux-ia32": "0.17.19",
+        "@esbuild/linux-loong64": "0.17.19",
+        "@esbuild/linux-mips64el": "0.17.19",
+        "@esbuild/linux-ppc64": "0.17.19",
+        "@esbuild/linux-riscv64": "0.17.19",
+        "@esbuild/linux-s390x": "0.17.19",
+        "@esbuild/linux-x64": "0.17.19",
+        "@esbuild/netbsd-x64": "0.17.19",
+        "@esbuild/openbsd-x64": "0.17.19",
+        "@esbuild/sunos-x64": "0.17.19",
+        "@esbuild/win32-arm64": "0.17.19",
+        "@esbuild/win32-ia32": "0.17.19",
+        "@esbuild/win32-x64": "0.17.19"
       }
     },
     "node_modules/escape-html": {
@@ -2333,19 +2515,6 @@
         }
       }
     },
-    "node_modules/foreground-child": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-2.0.0.tgz",
-      "integrity": "sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==",
-      "dev": true,
-      "dependencies": {
-        "cross-spawn": "^7.0.0",
-        "signal-exit": "^3.0.2"
-      },
-      "engines": {
-        "node": ">=8.0.0"
-      }
-    },
     "node_modules/form-data": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
@@ -2379,27 +2548,12 @@
         "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
       }
     },
-    "node_modules/function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
-      "dev": true
-    },
     "node_modules/functional-red-black-tree": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
       "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==",
       "dev": true
     },
-    "node_modules/get-caller-file": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
-      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
-      "dev": true,
-      "engines": {
-        "node": "6.* || 8.* || >= 10.*"
-      }
-    },
     "node_modules/get-func-name": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz",
@@ -2482,18 +2636,6 @@
       "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==",
       "dev": true
     },
-    "node_modules/has": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
-      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
-      "dev": true,
-      "dependencies": {
-        "function-bind": "^1.1.1"
-      },
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
     "node_modules/has-flag": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -2628,18 +2770,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/is-core-module": {
-      "version": "2.10.0",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.10.0.tgz",
-      "integrity": "sha512-Erxj2n/LDAZ7H8WNJXd9tw38GYM3dv8rk8Zcs+jJuxYTW7sozH+SS8NtrSjVL1/vpLvWi1hxy96IzjJ3EHTJJg==",
-      "dev": true,
-      "dependencies": {
-        "has": "^1.0.3"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/is-extglob": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
@@ -2649,15 +2779,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/is-fullwidth-code-point": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
-      "dev": true,
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/is-glob": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -2714,6 +2835,20 @@
         "node": ">=8"
       }
     },
+    "node_modules/istanbul-lib-source-maps": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz",
+      "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==",
+      "dev": true,
+      "dependencies": {
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/istanbul-reports": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.5.tgz",
@@ -2727,6 +2862,15 @@
         "node": ">=8"
       }
     },
+    "node_modules/js-string-escape": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/js-string-escape/-/js-string-escape-1.0.1.tgz",
+      "integrity": "sha512-Smw4xcfIQ5LVjAOuJCvN/zIodzA/BBSsluuoSykP+lUvScIi4U6RJLfwHet5cxFnCswUjISV8oAXaqaJDY3chg==",
+      "dev": true,
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/js-yaml": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
@@ -2797,6 +2941,12 @@
       "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==",
       "dev": true
     },
+    "node_modules/jsonc-parser": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz",
+      "integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==",
+      "dev": true
+    },
     "node_modules/levn": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -2811,9 +2961,9 @@
       }
     },
     "node_modules/local-pkg": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.4.2.tgz",
-      "integrity": "sha512-mlERgSPrbxU3BP4qBqAvvwlgW4MTg78iwJdGGnv7kibKjWcJksrG3t6LB5lXI93wXRDvG4NpUgJFmTG4T6rdrg==",
+      "version": "0.4.3",
+      "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.4.3.tgz",
+      "integrity": "sha512-SFppqq5p42fe2qcZQqqEOiVRXl+WCP1MdT6k7BDEW1j++sp5fIY+/fdRQitvKgB5BrBcmrs5m/L0v2FrU5MY1g==",
       "dev": true,
       "engines": {
         "node": ">=14"
@@ -2864,9 +3014,9 @@
       "dev": true
     },
     "node_modules/loupe": {
-      "version": "2.3.4",
-      "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.4.tgz",
-      "integrity": "sha512-OvKfgCC2Ndby6aSTREl5aCCPTNIzlDfQZvZxNUrBrihDhL3xcrYegTblhmEiCrg2kKQz4XsFIaemE5BF4ybSaQ==",
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.6.tgz",
+      "integrity": "sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==",
       "dev": true,
       "dependencies": {
         "get-func-name": "^2.0.0"
@@ -2884,6 +3034,18 @@
         "node": ">=10"
       }
     },
+    "node_modules/magic-string": {
+      "version": "0.30.0",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.0.tgz",
+      "integrity": "sha512-LA+31JYDJLs82r2ScLrlz1GjSgu66ZV518eyWT+S8VhyQn/JL0u9MeBOvQMGYiPk1DBiSN9DDMOcXvigJZaViQ==",
+      "dev": true,
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.4.13"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
     "node_modules/make-dir": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
@@ -2908,6 +3070,18 @@
         "semver": "bin/semver.js"
       }
     },
+    "node_modules/md5-hex": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/md5-hex/-/md5-hex-3.0.1.tgz",
+      "integrity": "sha512-BUiRtTtV39LIJwinWBjqVsU9xhdnz7/i889V859IBFpuqGAj6LuOvHv5XLbgZ2R7ptJoJaEcxkv88/h25T7Ciw==",
+      "dev": true,
+      "dependencies": {
+        "blueimp-md5": "^2.10.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/memoize-one": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/memoize-one/-/memoize-one-6.0.0.tgz",
@@ -2966,6 +3140,18 @@
         "node": "*"
       }
     },
+    "node_modules/mlly": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.3.0.tgz",
+      "integrity": "sha512-HT5mcgIQKkOrZecOjOX3DJorTikWXwsBfpcr/MGBkhfWcjiqvnaL/9ppxvIUXfjT6xt4DVIAsN9fMUz1ev4bIw==",
+      "dev": true,
+      "dependencies": {
+        "acorn": "^8.8.2",
+        "pathe": "^1.1.0",
+        "pkg-types": "^1.0.3",
+        "ufo": "^1.1.2"
+      }
+    },
     "node_modules/ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -2973,9 +3159,15 @@
       "dev": true
     },
     "node_modules/nanoid": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+      "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
       "bin": {
         "nanoid": "bin/nanoid.cjs"
       },
@@ -3128,12 +3320,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/path-parse": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
-      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
-      "dev": true
-    },
     "node_modules/path-type": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -3143,6 +3329,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/pathe": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.1.tgz",
+      "integrity": "sha512-d+RQGp0MAYTIaDBIMmOfMwz3E+LOZnxx1HZd5R18mmCZY0QBlK0LDZfPc8FW8Ed2DlvsuE6PRjroDY+wg4+j/Q==",
+      "dev": true
+    },
     "node_modules/pathval": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz",
@@ -3232,10 +3424,21 @@
         }
       }
     },
+    "node_modules/pkg-types": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.0.3.tgz",
+      "integrity": "sha512-nN7pYi0AQqJnoLPC9eHFQ8AcyaixBUOwvqc5TDnIKCMEE6I0y8P7OKA7fPexsXGCGxQDl/cmrLAp26LhcwxZ4A==",
+      "dev": true,
+      "dependencies": {
+        "jsonc-parser": "^3.2.0",
+        "mlly": "^1.2.0",
+        "pathe": "^1.1.0"
+      }
+    },
     "node_modules/postcss": {
-      "version": "8.4.16",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz",
-      "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==",
+      "version": "8.4.24",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
+      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
       "funding": [
         {
           "type": "opencollective",
@@ -3244,10 +3447,14 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
-        "nanoid": "^3.3.4",
+        "nanoid": "^3.3.6",
         "picocolors": "^1.0.0",
         "source-map-js": "^1.0.2"
       },
@@ -3298,10 +3505,36 @@
       "integrity": "sha512-GbK2cP9nraSSUF9N2XwUwqfzlAFlMNYYl+ShE/V+H8a9uNl/oUqB1w2EL54Jh0OlyRSd8RfWYJ3coVS4TROP2w==",
       "dev": true,
       "dependencies": {
-        "fast-diff": "^1.1.2"
+        "fast-diff": "^1.1.2"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/pretty-format": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz",
+      "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-regex": "^5.0.1",
+        "ansi-styles": "^5.0.0",
+        "react-is": "^17.0.1"
       },
       "engines": {
-        "node": ">=6.0.0"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/pretty-format/node_modules/ansi-styles": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+      "dev": true,
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
     "node_modules/psl": {
@@ -3339,6 +3572,12 @@
         }
       ]
     },
+    "node_modules/react-is": {
+      "version": "17.0.2",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
+      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==",
+      "dev": true
+    },
     "node_modules/readdirp": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
@@ -3351,6 +3590,11 @@
         "node": ">=8.10.0"
       }
     },
+    "node_modules/regenerator-runtime": {
+      "version": "0.13.11",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz",
+      "integrity": "sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg=="
+    },
     "node_modules/regexpp": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz",
@@ -3363,32 +3607,6 @@
         "url": "https://github.com/sponsors/mysticatea"
       }
     },
-    "node_modules/require-directory": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
-    "node_modules/resolve": {
-      "version": "1.22.1",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz",
-      "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==",
-      "dev": true,
-      "dependencies": {
-        "is-core-module": "^2.9.0",
-        "path-parse": "^1.0.7",
-        "supports-preserve-symlinks-flag": "^1.0.0"
-      },
-      "bin": {
-        "resolve": "bin/resolve"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/resolve-from": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
@@ -3424,15 +3642,16 @@
       }
     },
     "node_modules/rollup": {
-      "version": "2.77.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.77.3.tgz",
-      "integrity": "sha512-/qxNTG7FbmefJWoeeYJFbHehJ2HNWnjkAFRKzWN/45eNBBF/r8lo992CwcJXEzyVxs5FmfId+vTSTQDb+bxA+g==",
+      "version": "3.24.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-3.24.0.tgz",
+      "integrity": "sha512-OgraHOIg2YpHQTjl0/ymWfFNBEyPucB7lmhXrQUh38qNOegxLapSPFs9sNr0qKR75awW41D93XafoR2QfhBdUQ==",
       "dev": true,
       "bin": {
         "rollup": "dist/bin/rollup"
       },
       "engines": {
-        "node": ">=10.0.0"
+        "node": ">=14.18.0",
+        "npm": ">=8.0.0"
       },
       "optionalDependencies": {
         "fsevents": "~2.3.2"
@@ -3538,10 +3757,10 @@
         "node": ">=8"
       }
     },
-    "node_modules/signal-exit": {
-      "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
-      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+    "node_modules/siginfo": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz",
+      "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==",
       "dev": true
     },
     "node_modules/slash": {
@@ -3574,19 +3793,17 @@
       "resolved": "https://registry.npmjs.org/sourcemap-codec/-/sourcemap-codec-1.4.8.tgz",
       "integrity": "sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA=="
     },
-    "node_modules/string-width": {
-      "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-      "dev": true,
-      "dependencies": {
-        "emoji-regex": "^8.0.0",
-        "is-fullwidth-code-point": "^3.0.0",
-        "strip-ansi": "^6.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      }
+    "node_modules/stackback": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz",
+      "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==",
+      "dev": true
+    },
+    "node_modules/std-env": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.3.3.tgz",
+      "integrity": "sha512-Rz6yejtVyWnVjC1RFvNmYL10kgjC49EOghxWn0RFqlCHGFpQx+Xe7yW3I4ceK1SGrWIGMjD5Kbue8W/udkbMJg==",
+      "dev": true
     },
     "node_modules/strip-ansi": {
       "version": "6.0.1",
@@ -3612,6 +3829,18 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/strip-literal": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-1.0.1.tgz",
+      "integrity": "sha512-QZTsipNpa2Ppr6v1AmJHESqJ3Uz247MUS0OjrnnZjFAvEoWqxuyFuXn2xLgMtRnijJShAa1HL0gtJyUs7u7n3Q==",
+      "dev": true,
+      "dependencies": {
+        "acorn": "^8.8.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
     "node_modules/supports-color": {
       "version": "7.2.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@@ -3624,18 +3853,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/supports-preserve-symlinks-flag": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
-      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
-      "dev": true,
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
@@ -3662,19 +3879,34 @@
       "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==",
       "dev": true
     },
+    "node_modules/time-zone": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/time-zone/-/time-zone-1.0.0.tgz",
+      "integrity": "sha512-TIsDdtKo6+XrPtiTm1ssmMngN1sAhyKnTO2kunQWqNPWIVvCm15Wmw4SWInwTVgJ5u/Tr04+8Ei9TNcw4x4ONA==",
+      "dev": true,
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/tinybench": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.5.0.tgz",
+      "integrity": "sha512-kRwSG8Zx4tjF9ZiyH4bhaebu+EDz1BOx9hOigYHlUW4xxI/wKIUQUqo018UlU4ar6ATPBsaMrdbKZ+tmPdohFA==",
+      "dev": true
+    },
     "node_modules/tinypool": {
-      "version": "0.2.4",
-      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.2.4.tgz",
-      "integrity": "sha512-Vs3rhkUH6Qq1t5bqtb816oT+HeJTXfwt2cbPH17sWHIYKTotQIFPk3tf2fgqRrVyMDVOc1EnPgzIxfIulXVzwQ==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.5.0.tgz",
+      "integrity": "sha512-paHQtnrlS1QZYKF/GnLoOM/DN9fqaGOFbCbxzAhwniySnzl9Ebk8w73/dd34DAhe/obUbPAOldTyYXQZxnPBPQ==",
       "dev": true,
       "engines": {
         "node": ">=14.0.0"
       }
     },
     "node_modules/tinyspy": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-1.0.0.tgz",
-      "integrity": "sha512-FI5B2QdODQYDRjfuLF+OrJ8bjWRMCXokQPcwKm0W3IzcbUmBNv536cQc7eXGoAuXphZwgx1DFbqImwzz08Fnhw==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-2.1.1.tgz",
+      "integrity": "sha512-XPJL2uSzcOyBMky6OFrusqWlzfFrXtE0hPuMgW8A2HmaqrPo4ZQHRN/V0QXN3FSjKxpsbRrFc5LI7KOwBsT1/w==",
       "dev": true,
       "engines": {
         "node": ">=14.0.0"
@@ -3785,6 +4017,12 @@
         "node": ">=4.2.0"
       }
     },
+    "node_modules/ufo": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.1.2.tgz",
+      "integrity": "sha512-TrY6DsjTQQgyS3E3dBaOXf0TpPD8u9FVrVYmKVegJuFw51n/YB9XPt+U6ydzFG5ZIN7+DIjPbNmXoBj9esYhgQ==",
+      "dev": true
+    },
     "node_modules/universalify": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
@@ -3816,9 +4054,9 @@
       "dev": true
     },
     "node_modules/v8-to-istanbul": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.0.1.tgz",
-      "integrity": "sha512-74Y4LqY74kLE6IFyIjPtkSTWzUZmj8tdHT9Ii/26dvQ6K9Dl2NbEfj0XgU2sHCtKgt5VupqhlO/5aWuqS+IY1w==",
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.1.0.tgz",
+      "integrity": "sha512-6z3GW9x8G1gd+JIIgQQQxXuiJtCXeAjp6RaPEPLv62mH3iPHPxV6W3robxtCzNErRo6ZwTmzWhsbNvjyEBKzKA==",
       "dev": true,
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.12",
@@ -3830,15 +4068,14 @@
       }
     },
     "node_modules/vite": {
-      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-3.0.8.tgz",
-      "integrity": "sha512-AOZ4eN7mrkJiOLuw8IA7piS4IdOQyQCA81GxGsAQvAZzMRi9ZwGB3TOaYsj4uLAWK46T5L4AfQ6InNGlxX30IQ==",
+      "version": "4.3.9",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-4.3.9.tgz",
+      "integrity": "sha512-qsTNZjO9NoJNW7KnOrgYwczm0WctJ8m/yqYAMAK9Lxt4SoySUfS5S8ia9K7JHpa3KEeMfyF8LoJ3c5NeBJy6pg==",
       "dev": true,
       "dependencies": {
-        "esbuild": "^0.14.47",
-        "postcss": "^8.4.16",
-        "resolve": "^1.22.1",
-        "rollup": ">=2.75.6 <2.77.0 || ~2.77.0"
+        "esbuild": "^0.17.5",
+        "postcss": "^8.4.23",
+        "rollup": "^3.21.0"
       },
       "bin": {
         "vite": "bin/vite.js"
@@ -3850,12 +4087,17 @@
         "fsevents": "~2.3.2"
       },
       "peerDependencies": {
+        "@types/node": ">= 14",
         "less": "*",
         "sass": "*",
         "stylus": "*",
+        "sugarss": "*",
         "terser": "^5.4.0"
       },
       "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
         "less": {
           "optional": true
         },
@@ -3865,42 +4107,87 @@
         "stylus": {
           "optional": true
         },
+        "sugarss": {
+          "optional": true
+        },
         "terser": {
           "optional": true
         }
       }
     },
+    "node_modules/vite-node": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-0.32.0.tgz",
+      "integrity": "sha512-220P/y8YacYAU+daOAqiGEFXx2A8AwjadDzQqos6wSukjvvTWNqleJSwoUn0ckyNdjHIKoxn93Nh1vWBqEKr3Q==",
+      "dev": true,
+      "dependencies": {
+        "cac": "^6.7.14",
+        "debug": "^4.3.4",
+        "mlly": "^1.2.0",
+        "pathe": "^1.1.0",
+        "picocolors": "^1.0.0",
+        "vite": "^3.0.0 || ^4.0.0"
+      },
+      "bin": {
+        "vite-node": "vite-node.mjs"
+      },
+      "engines": {
+        "node": ">=v14.18.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
     "node_modules/vitest": {
-      "version": "0.22.0",
-      "resolved": "https://registry.npmjs.org/vitest/-/vitest-0.22.0.tgz",
-      "integrity": "sha512-BSIro/QOHLaQY08FHwT6THWhqLQ+VPU+N4Rdo4pcP+16XB6oLmNNAXGcSh/MOLUhfUy+mqCwx7AyKmU7Ms5R+g==",
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-0.32.0.tgz",
+      "integrity": "sha512-SW83o629gCqnV3BqBnTxhB10DAwzwEx3z+rqYZESehUB+eWsJxwcBQx7CKy0otuGMJTYh7qCVuUX23HkftGl/Q==",
       "dev": true,
       "dependencies": {
-        "@types/chai": "^4.3.3",
+        "@types/chai": "^4.3.5",
         "@types/chai-subset": "^1.3.3",
         "@types/node": "*",
-        "chai": "^4.3.6",
+        "@vitest/expect": "0.32.0",
+        "@vitest/runner": "0.32.0",
+        "@vitest/snapshot": "0.32.0",
+        "@vitest/spy": "0.32.0",
+        "@vitest/utils": "0.32.0",
+        "acorn": "^8.8.2",
+        "acorn-walk": "^8.2.0",
+        "cac": "^6.7.14",
+        "chai": "^4.3.7",
+        "concordance": "^5.0.4",
         "debug": "^4.3.4",
-        "local-pkg": "^0.4.2",
-        "tinypool": "^0.2.4",
-        "tinyspy": "^1.0.0",
-        "vite": "^2.9.12 || ^3.0.0-0"
+        "local-pkg": "^0.4.3",
+        "magic-string": "^0.30.0",
+        "pathe": "^1.1.0",
+        "picocolors": "^1.0.0",
+        "std-env": "^3.3.2",
+        "strip-literal": "^1.0.1",
+        "tinybench": "^2.5.0",
+        "tinypool": "^0.5.0",
+        "vite": "^3.0.0 || ^4.0.0",
+        "vite-node": "0.32.0",
+        "why-is-node-running": "^2.2.2"
       },
       "bin": {
         "vitest": "vitest.mjs"
       },
       "engines": {
-        "node": ">=v14.16.0"
+        "node": ">=v14.18.0"
       },
       "funding": {
-        "url": "https://github.com/sponsors/antfu"
+        "url": "https://opencollective.com/vitest"
       },
       "peerDependencies": {
         "@edge-runtime/vm": "*",
         "@vitest/browser": "*",
         "@vitest/ui": "*",
         "happy-dom": "*",
-        "jsdom": "*"
+        "jsdom": "*",
+        "playwright": "*",
+        "safaridriver": "*",
+        "webdriverio": "*"
       },
       "peerDependenciesMeta": {
         "@edge-runtime/vm": {
@@ -3917,9 +4204,27 @@
         },
         "jsdom": {
           "optional": true
+        },
+        "playwright": {
+          "optional": true
+        },
+        "safaridriver": {
+          "optional": true
+        },
+        "webdriverio": {
+          "optional": true
         }
       }
     },
+    "node_modules/vitest/node_modules/acorn-walk": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz",
+      "integrity": "sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
     "node_modules/vue": {
       "version": "3.2.37",
       "resolved": "https://registry.npmjs.org/vue/-/vue-3.2.37.tgz",
@@ -4054,6 +4359,15 @@
         "node": ">=12"
       }
     },
+    "node_modules/well-known-symbols": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/well-known-symbols/-/well-known-symbols-2.0.0.tgz",
+      "integrity": "sha512-ZMjC3ho+KXo0BfJb7JgtQ5IBuvnShdlACNkKkdsqBmYw3bPAaJfPeYUo6tLUaT5tG/Gkh7xkpBhKRQ9e7pyg9Q==",
+      "dev": true,
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/whatwg-encoding": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-2.0.0.tgz",
@@ -4103,6 +4417,22 @@
         "node": ">= 8"
       }
     },
+    "node_modules/why-is-node-running": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.2.2.tgz",
+      "integrity": "sha512-6tSwToZxTOcotxHeA+qGCq1mVzKR3CwcJGmVcY+QE8SHy6TnpFnh8PAvPNHYr7EcuVeG0QSMxtYCuO1ta/G/oA==",
+      "dev": true,
+      "dependencies": {
+        "siginfo": "^2.0.0",
+        "stackback": "0.0.2"
+      },
+      "bin": {
+        "why-is-node-running": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/word-wrap": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
@@ -4112,23 +4442,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/wrap-ansi": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^4.0.0",
-        "string-width": "^4.1.0",
-        "strip-ansi": "^6.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
-      }
-    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -4171,48 +4484,12 @@
       "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==",
       "dev": true
     },
-    "node_modules/y18n": {
-      "version": "5.0.8",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
-      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/yallist": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
       "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "dev": true
     },
-    "node_modules/yargs": {
-      "version": "16.2.0",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
-      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
-      "dev": true,
-      "dependencies": {
-        "cliui": "^7.0.2",
-        "escalade": "^3.1.1",
-        "get-caller-file": "^2.0.5",
-        "require-directory": "^2.1.1",
-        "string-width": "^4.2.0",
-        "y18n": "^5.0.5",
-        "yargs-parser": "^20.2.2"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/yargs-parser": {
-      "version": "20.2.9",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz",
-      "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/yocto-queue": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
@@ -4227,11 +4504,29 @@
     }
   },
   "dependencies": {
+    "@ampproject/remapping": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz",
+      "integrity": "sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==",
+      "dev": true,
+      "requires": {
+        "@jridgewell/gen-mapping": "^0.3.0",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      }
+    },
     "@babel/parser": {
       "version": "7.18.11",
       "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.18.11.tgz",
       "integrity": "sha512-9JKn5vN+hDt0Hdqn1PiJ2guflwP+B6Ga8qbDuoF0PzzVhrzsKIJo8yGqVk6CmMHiMei9w1C1Bp9IMJSIK+HPIQ=="
     },
+    "@babel/runtime": {
+      "version": "7.22.3",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.3.tgz",
+      "integrity": "sha512-XsDuspWKLUsxwCp6r7EhsExHtYfbe5oAGQ19kqngTdCPUoPQzOPdUbD/pB9PJiwb2ptYKQDjSJT3R6dC+EPqfQ==",
+      "requires": {
+        "regenerator-runtime": "^0.13.11"
+      }
+    },
     "@bcoe/v8-coverage": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz",
@@ -4249,10 +4544,157 @@
       "integrity": "sha512-okdrwiVeKBmW41Hkl0eMrXDjzJwhQMuKiBOu17rOszqM+LS/yBYpNQNV5Jvoh06Wc+89fMmb/uhzf8NZuDuUaQ==",
       "requires": {}
     },
+    "@esbuild/android-arm": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.17.19.tgz",
+      "integrity": "sha512-rIKddzqhmav7MSmoFCmDIb6e2W57geRsM94gV2l38fzhXMwq7hZoClug9USI2pFRGL06f4IOPHHpFNOkWieR8A==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/android-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.17.19.tgz",
+      "integrity": "sha512-KBMWvEZooR7+kzY0BtbTQn0OAYY7CsiydT63pVEaPtVYF0hXbUaOyZog37DKxK7NF3XacBJOpYT4adIJh+avxA==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/android-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.17.19.tgz",
+      "integrity": "sha512-uUTTc4xGNDT7YSArp/zbtmbhO0uEEK9/ETW29Wk1thYUJBz3IVnvgEiEwEa9IeLyvnpKrWK64Utw2bgUmDveww==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/darwin-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.17.19.tgz",
+      "integrity": "sha512-80wEoCfF/hFKM6WE1FyBHc9SfUblloAWx6FJkFWTWiCoht9Mc0ARGEM47e67W9rI09YoUxJL68WHfDRYEAvOhg==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/darwin-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.17.19.tgz",
+      "integrity": "sha512-IJM4JJsLhRYr9xdtLytPLSH9k/oxR3boaUIYiHkAawtwNOXKE8KoU8tMvryogdcT8AU+Bflmh81Xn6Q0vTZbQw==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/freebsd-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.17.19.tgz",
+      "integrity": "sha512-pBwbc7DufluUeGdjSU5Si+P3SoMF5DQ/F/UmTSb8HXO80ZEAJmrykPyzo1IfNbAoaqw48YRpv8shwd1NoI0jcQ==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/freebsd-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.17.19.tgz",
+      "integrity": "sha512-4lu+n8Wk0XlajEhbEffdy2xy53dpR06SlzvhGByyg36qJw6Kpfk7cp45DR/62aPH9mtJRmIyrXAS5UWBrJT6TQ==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-arm": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.17.19.tgz",
+      "integrity": "sha512-cdmT3KxjlOQ/gZ2cjfrQOtmhG4HJs6hhvm3mWSRDPtZ/lP5oe8FWceS10JaSJC13GBd4eH/haHnqf7hhGNLerA==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.17.19.tgz",
+      "integrity": "sha512-ct1Tg3WGwd3P+oZYqic+YZF4snNl2bsnMKRkb3ozHmnM0dGWuxcPTTntAF6bOP0Sp4x0PjSF+4uHQ1xvxfRKqg==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-ia32": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.17.19.tgz",
+      "integrity": "sha512-w4IRhSy1VbsNxHRQpeGCHEmibqdTUx61Vc38APcsRbuVgK0OPEnQ0YD39Brymn96mOx48Y2laBQGqgZ0j9w6SQ==",
+      "dev": true,
+      "optional": true
+    },
     "@esbuild/linux-loong64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.14.54.tgz",
-      "integrity": "sha512-bZBrLAIX1kpWelV0XemxBZllyRmM6vgFQQG2GdNb+r3Fkp0FOh1NJSvekXDs7jq70k4euu1cryLMfU+mTXlEpw==",
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.17.19.tgz",
+      "integrity": "sha512-2iAngUbBPMq439a+z//gE+9WBldoMp1s5GWsUSgqHLzLJ9WoZLZhpwWuym0u0u/4XmZ3gpHmzV84PonE+9IIdQ==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-mips64el": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.17.19.tgz",
+      "integrity": "sha512-LKJltc4LVdMKHsrFe4MGNPp0hqDFA1Wpt3jE1gEyM3nKUvOiO//9PheZZHfYRfYl6AwdTH4aTcXSqBerX0ml4A==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-ppc64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.17.19.tgz",
+      "integrity": "sha512-/c/DGybs95WXNS8y3Ti/ytqETiW7EU44MEKuCAcpPto3YjQbyK3IQVKfF6nbghD7EcLUGl0NbiL5Rt5DMhn5tg==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-riscv64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.17.19.tgz",
+      "integrity": "sha512-FC3nUAWhvFoutlhAkgHf8f5HwFWUL6bYdvLc/TTuxKlvLi3+pPzdZiFKSWz/PF30TB1K19SuCxDTI5KcqASJqA==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-s390x": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.17.19.tgz",
+      "integrity": "sha512-IbFsFbxMWLuKEbH+7sTkKzL6NJmG2vRyy6K7JJo55w+8xDk7RElYn6xvXtDW8HCfoKBFK69f3pgBJSUSQPr+4Q==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/linux-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.17.19.tgz",
+      "integrity": "sha512-68ngA9lg2H6zkZcyp22tsVt38mlhWde8l3eJLWkyLrp4HwMUr3c1s/M2t7+kHIhvMjglIBrFpncX1SzMckomGw==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/netbsd-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.17.19.tgz",
+      "integrity": "sha512-CwFq42rXCR8TYIjIfpXCbRX0rp1jo6cPIUPSaWwzbVI4aOfX96OXY8M6KNmtPcg7QjYeDmN+DD0Wp3LaBOLf4Q==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/openbsd-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.17.19.tgz",
+      "integrity": "sha512-cnq5brJYrSZ2CF6c35eCmviIN3k3RczmHz8eYaVlNasVqsNY+JKohZU5MKmaOI+KkllCdzOKKdPs762VCPC20g==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/sunos-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.17.19.tgz",
+      "integrity": "sha512-vCRT7yP3zX+bKWFeP/zdS6SqdWB8OIpaRq/mbXQxTGHnIxspRtigpkUcDMlSCOejlHowLqII7K2JKevwyRP2rg==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/win32-arm64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.17.19.tgz",
+      "integrity": "sha512-yYx+8jwowUstVdorcMdNlzklLYhPxjniHWFKgRqH7IFlUEa0Umu3KuYplf1HUZZ422e3NU9F4LGb+4O0Kdcaag==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/win32-ia32": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.17.19.tgz",
+      "integrity": "sha512-eggDKanJszUtCdlVs0RB+h35wNlb5v4TWEkq4vZcmVt5u/HiDZrTXe2bWFQUez3RgNHwx/x4sk5++4NSSicKkw==",
+      "dev": true,
+      "optional": true
+    },
+    "@esbuild/win32-x64": {
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.17.19.tgz",
+      "integrity": "sha512-lAhycmKnVOuRYNtRtatQR1LPQf2oYCkRGkSFnseDAKPl8lu5SOsK/e1sXe5a0Pc5kHIHe6P2I/ilntNv2xf3cA==",
       "dev": true,
       "optional": true
     },
@@ -4372,12 +4814,29 @@
       "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==",
       "dev": true
     },
+    "@jridgewell/gen-mapping": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz",
+      "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==",
+      "dev": true,
+      "requires": {
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      }
+    },
     "@jridgewell/resolve-uri": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
       "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
       "dev": true
     },
+    "@jridgewell/set-array": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
+      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==",
+      "dev": true
+    },
     "@jridgewell/sourcemap-codec": {
       "version": "1.4.14",
       "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
@@ -4432,9 +4891,9 @@
       "dev": true
     },
     "@types/chai": {
-      "version": "4.3.3",
-      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.3.tgz",
-      "integrity": "sha512-hC7OMnszpxhZPduX+m+nrx+uFoLkWOMiR4oa/AZF3MuSETYTZmFfJAHqZEM8MVlvfG7BEUcgvtwoCTxBp6hm3g==",
+      "version": "4.3.5",
+      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.5.tgz",
+      "integrity": "sha512-mEo1sAde+UCE6b2hxn332f1g1E8WfYRu6p5SvTKr2ZKC1f7gFJXk4h5PyGP9Dt6gCaG8y8XhwnXWC6Iy2cmBng==",
       "dev": true
     },
     "@types/chai-subset": {
@@ -4559,39 +5018,119 @@
       "integrity": "sha512-uphZjkMaZ4fE8CR4dU7BquOV6u0doeQAr8n6cQenl/poMaIyJtBu8eys5uk6u5HiDH01Mj5lzbJ5SfeDz7oqMQ==",
       "dev": true,
       "requires": {
-        "@types/json-schema": "^7.0.9",
-        "@typescript-eslint/scope-manager": "5.33.1",
-        "@typescript-eslint/types": "5.33.1",
-        "@typescript-eslint/typescript-estree": "5.33.1",
-        "eslint-scope": "^5.1.1",
-        "eslint-utils": "^3.0.0"
+        "@types/json-schema": "^7.0.9",
+        "@typescript-eslint/scope-manager": "5.33.1",
+        "@typescript-eslint/types": "5.33.1",
+        "@typescript-eslint/typescript-estree": "5.33.1",
+        "eslint-scope": "^5.1.1",
+        "eslint-utils": "^3.0.0"
+      }
+    },
+    "@typescript-eslint/visitor-keys": {
+      "version": "5.33.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.33.1.tgz",
+      "integrity": "sha512-nwIxOK8Z2MPWltLKMLOEZwmfBZReqUdbEoHQXeCpa+sRVARe5twpJGHCB4dk9903Yaf0nMAlGbQfaAH92F60eg==",
+      "dev": true,
+      "requires": {
+        "@typescript-eslint/types": "5.33.1",
+        "eslint-visitor-keys": "^3.3.0"
+      }
+    },
+    "@vitejs/plugin-vue": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-4.2.3.tgz",
+      "integrity": "sha512-R6JDUfiZbJA9cMiguQ7jxALsgiprjBeHL5ikpXfJCH62pPHtI+JdJ5xWj6Ev73yXSlYl86+blXn1kZHQ7uElxw==",
+      "dev": true,
+      "requires": {}
+    },
+    "@vitest/coverage-v8": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-0.32.0.tgz",
+      "integrity": "sha512-VXXlWq9X/NbsoP/l/CHLBjutsFFww1UY1qEhzGjn/DY7Tqe+z0Nu8XKc8im/XUAmjiWsh2XV7sy/F0IKAl4eaw==",
+      "dev": true,
+      "requires": {
+        "@ampproject/remapping": "^2.2.1",
+        "@bcoe/v8-coverage": "^0.2.3",
+        "istanbul-lib-coverage": "^3.2.0",
+        "istanbul-lib-report": "^3.0.0",
+        "istanbul-lib-source-maps": "^4.0.1",
+        "istanbul-reports": "^3.1.5",
+        "magic-string": "^0.30.0",
+        "picocolors": "^1.0.0",
+        "std-env": "^3.3.2",
+        "test-exclude": "^6.0.0",
+        "v8-to-istanbul": "^9.1.0"
+      }
+    },
+    "@vitest/expect": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-0.32.0.tgz",
+      "integrity": "sha512-VxVHhIxKw9Lux+O9bwLEEk2gzOUe93xuFHy9SzYWnnoYZFYg1NfBtnfnYWiJN7yooJ7KNElCK5YtA7DTZvtXtg==",
+      "dev": true,
+      "requires": {
+        "@vitest/spy": "0.32.0",
+        "@vitest/utils": "0.32.0",
+        "chai": "^4.3.7"
+      }
+    },
+    "@vitest/runner": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-0.32.0.tgz",
+      "integrity": "sha512-QpCmRxftHkr72xt5A08xTEs9I4iWEXIOCHWhQQguWOKE4QH7DXSKZSOFibuwEIMAD7G0ERvtUyQn7iPWIqSwmw==",
+      "dev": true,
+      "requires": {
+        "@vitest/utils": "0.32.0",
+        "concordance": "^5.0.4",
+        "p-limit": "^4.0.0",
+        "pathe": "^1.1.0"
+      },
+      "dependencies": {
+        "p-limit": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-4.0.0.tgz",
+          "integrity": "sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ==",
+          "dev": true,
+          "requires": {
+            "yocto-queue": "^1.0.0"
+          }
+        },
+        "yocto-queue": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.0.0.tgz",
+          "integrity": "sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==",
+          "dev": true
+        }
       }
     },
-    "@typescript-eslint/visitor-keys": {
-      "version": "5.33.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.33.1.tgz",
-      "integrity": "sha512-nwIxOK8Z2MPWltLKMLOEZwmfBZReqUdbEoHQXeCpa+sRVARe5twpJGHCB4dk9903Yaf0nMAlGbQfaAH92F60eg==",
+    "@vitest/snapshot": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-0.32.0.tgz",
+      "integrity": "sha512-yCKorPWjEnzpUxQpGlxulujTcSPgkblwGzAUEL+z01FTUg/YuCDZ8dxr9sHA08oO2EwxzHXNLjQKWJ2zc2a19Q==",
       "dev": true,
       "requires": {
-        "@typescript-eslint/types": "5.33.1",
-        "eslint-visitor-keys": "^3.3.0"
+        "magic-string": "^0.30.0",
+        "pathe": "^1.1.0",
+        "pretty-format": "^27.5.1"
       }
     },
-    "@vitejs/plugin-vue": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-3.0.3.tgz",
-      "integrity": "sha512-U4zNBlz9mg+TA+i+5QPc3N5lQvdUXENZLO2h0Wdzp56gI1MWhqJOv+6R+d4kOzoaSSq6TnGPBdZAXKOe4lXy6g==",
+    "@vitest/spy": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-0.32.0.tgz",
+      "integrity": "sha512-MruAPlM0uyiq3d53BkwTeShXY0rYEfhNGQzVO5GHBmmX3clsxcWp79mMnkOVcV244sNTeDcHbcPFWIjOI4tZvw==",
       "dev": true,
-      "requires": {}
+      "requires": {
+        "tinyspy": "^2.1.0"
+      }
     },
-    "@vitest/coverage-c8": {
-      "version": "0.22.0",
-      "resolved": "https://registry.npmjs.org/@vitest/coverage-c8/-/coverage-c8-0.22.0.tgz",
-      "integrity": "sha512-jwW6b8U+h9nbzQfKoRmpf2xjDg+mcAjLIdVUrZGhjTnIdekGfvoqFoeiXzsLv2HwYBeFi4943lYUftuj8qD1FQ==",
+    "@vitest/utils": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-0.32.0.tgz",
+      "integrity": "sha512-53yXunzx47MmbuvcOPpLaVljHaeSu1G2dHdmy7+9ngMnQIkBQcvwOcoclWFnxDMxFbnq8exAfh3aKSZaK71J5A==",
       "dev": true,
       "requires": {
-        "c8": "^7.12.0",
-        "vitest": "0.22.0"
+        "concordance": "^5.0.4",
+        "loupe": "^2.3.6",
+        "pretty-format": "^27.5.1"
       }
     },
     "@volar/code-gen": {
@@ -4826,9 +5365,9 @@
       "dev": true
     },
     "acorn": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
-      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==",
+      "version": "8.8.2",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
+      "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
       "dev": true
     },
     "acorn-globals": {
@@ -4957,6 +5496,12 @@
       "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
       "dev": true
     },
+    "blueimp-md5": {
+      "version": "2.19.0",
+      "resolved": "https://registry.npmjs.org/blueimp-md5/-/blueimp-md5-2.19.0.tgz",
+      "integrity": "sha512-DRQrD6gJyy8FbiE4s+bDoXS9hiW3Vbx5uCdwvcCf3zLHL+Iv7LtGHLpr+GZV8rHG8tK766FGYBwRbu8pELTt+w==",
+      "dev": true
+    },
     "boolbase": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
@@ -4988,25 +5533,11 @@
       "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==",
       "dev": true
     },
-    "c8": {
-      "version": "7.12.0",
-      "resolved": "https://registry.npmjs.org/c8/-/c8-7.12.0.tgz",
-      "integrity": "sha512-CtgQrHOkyxr5koX1wEUmN/5cfDa2ckbHRA4Gy5LAL0zaCFtVWJS5++n+w4/sr2GWGerBxgTjpKeDclk/Qk6W/A==",
-      "dev": true,
-      "requires": {
-        "@bcoe/v8-coverage": "^0.2.3",
-        "@istanbuljs/schema": "^0.1.3",
-        "find-up": "^5.0.0",
-        "foreground-child": "^2.0.0",
-        "istanbul-lib-coverage": "^3.2.0",
-        "istanbul-lib-report": "^3.0.0",
-        "istanbul-reports": "^3.1.4",
-        "rimraf": "^3.0.2",
-        "test-exclude": "^6.0.0",
-        "v8-to-istanbul": "^9.0.0",
-        "yargs": "^16.2.0",
-        "yargs-parser": "^20.2.9"
-      }
+    "cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+      "dev": true
     },
     "callsites": {
       "version": "3.1.0",
@@ -5015,14 +5546,14 @@
       "dev": true
     },
     "chai": {
-      "version": "4.3.6",
-      "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.6.tgz",
-      "integrity": "sha512-bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q==",
+      "version": "4.3.7",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz",
+      "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==",
       "dev": true,
       "requires": {
         "assertion-error": "^1.1.0",
         "check-error": "^1.0.2",
-        "deep-eql": "^3.0.1",
+        "deep-eql": "^4.1.2",
         "get-func-name": "^2.0.0",
         "loupe": "^2.3.1",
         "pathval": "^1.1.1",
@@ -5072,17 +5603,6 @@
         }
       }
     },
-    "cliui": {
-      "version": "7.0.4",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
-      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
-      "dev": true,
-      "requires": {
-        "string-width": "^4.2.0",
-        "strip-ansi": "^6.0.0",
-        "wrap-ansi": "^7.0.0"
-      }
-    },
     "color-convert": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
@@ -5112,6 +5632,22 @@
       "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
       "dev": true
     },
+    "concordance": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/concordance/-/concordance-5.0.4.tgz",
+      "integrity": "sha512-OAcsnTEYu1ARJqWVGwf4zh4JDfHZEaSNlNccFmt8YjB2l/n19/PF2viLINHc57vO4FKIAFl2FWASIGZZWZ2Kxw==",
+      "dev": true,
+      "requires": {
+        "date-time": "^3.1.0",
+        "esutils": "^2.0.3",
+        "fast-diff": "^1.2.0",
+        "js-string-escape": "^1.0.1",
+        "lodash": "^4.17.15",
+        "md5-hex": "^3.0.1",
+        "semver": "^7.3.2",
+        "well-known-symbols": "^2.0.0"
+      }
+    },
     "convert-source-map": {
       "version": "1.8.0",
       "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.8.0.tgz",
@@ -5177,6 +5713,23 @@
         "whatwg-url": "^11.0.0"
       }
     },
+    "date-fns": {
+      "version": "2.30.0",
+      "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.30.0.tgz",
+      "integrity": "sha512-fnULvOpxnC5/Vg3NCiWelDsLiUc9bRwAPs/+LfTLNvetFCtCTN+yQz15C/fs4AwX1R9K5GLtLfn8QW+dWisaAw==",
+      "requires": {
+        "@babel/runtime": "^7.21.0"
+      }
+    },
+    "date-time": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/date-time/-/date-time-3.1.0.tgz",
+      "integrity": "sha512-uqCUKXE5q1PNBXjPqvwhwJf9SwMoAHBgWJ6DcrnS5o+W2JOiIILl0JEdVD8SGujrNS02GGxgwAg2PN2zONgtjg==",
+      "dev": true,
+      "requires": {
+        "time-zone": "^1.0.0"
+      }
+    },
     "dayjs": {
       "version": "1.11.5",
       "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.5.tgz",
@@ -5198,9 +5751,9 @@
       "dev": true
     },
     "deep-eql": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz",
-      "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz",
+      "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==",
       "dev": true,
       "requires": {
         "type-detect": "^4.0.0"
@@ -5266,12 +5819,6 @@
         "normalize-wheel-es": "^1.2.0"
       }
     },
-    "emoji-regex": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-      "dev": true
-    },
     "entities": {
       "version": "4.3.1",
       "resolved": "https://registry.npmjs.org/entities/-/entities-4.3.1.tgz",
@@ -5279,179 +5826,34 @@
       "dev": true
     },
     "esbuild": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.14.54.tgz",
-      "integrity": "sha512-Cy9llcy8DvET5uznocPyqL3BFRrFXSVqbgpMJ9Wz8oVjZlh/zUSNbPRbov0VX7VxN2JH1Oa0uNxZ7eLRb62pJA==",
-      "dev": true,
-      "requires": {
-        "@esbuild/linux-loong64": "0.14.54",
-        "esbuild-android-64": "0.14.54",
-        "esbuild-android-arm64": "0.14.54",
-        "esbuild-darwin-64": "0.14.54",
-        "esbuild-darwin-arm64": "0.14.54",
-        "esbuild-freebsd-64": "0.14.54",
-        "esbuild-freebsd-arm64": "0.14.54",
-        "esbuild-linux-32": "0.14.54",
-        "esbuild-linux-64": "0.14.54",
-        "esbuild-linux-arm": "0.14.54",
-        "esbuild-linux-arm64": "0.14.54",
-        "esbuild-linux-mips64le": "0.14.54",
-        "esbuild-linux-ppc64le": "0.14.54",
-        "esbuild-linux-riscv64": "0.14.54",
-        "esbuild-linux-s390x": "0.14.54",
-        "esbuild-netbsd-64": "0.14.54",
-        "esbuild-openbsd-64": "0.14.54",
-        "esbuild-sunos-64": "0.14.54",
-        "esbuild-windows-32": "0.14.54",
-        "esbuild-windows-64": "0.14.54",
-        "esbuild-windows-arm64": "0.14.54"
-      }
-    },
-    "esbuild-android-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-android-64/-/esbuild-android-64-0.14.54.tgz",
-      "integrity": "sha512-Tz2++Aqqz0rJ7kYBfz+iqyE3QMycD4vk7LBRyWaAVFgFtQ/O8EJOnVmTOiDWYZ/uYzB4kvP+bqejYdVKzE5lAQ==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-android-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-android-arm64/-/esbuild-android-arm64-0.14.54.tgz",
-      "integrity": "sha512-F9E+/QDi9sSkLaClO8SOV6etqPd+5DgJje1F9lOWoNncDdOBL2YF59IhsWATSt0TLZbYCf3pNlTHvVV5VfHdvg==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-darwin-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-darwin-64/-/esbuild-darwin-64-0.14.54.tgz",
-      "integrity": "sha512-jtdKWV3nBviOd5v4hOpkVmpxsBy90CGzebpbO9beiqUYVMBtSc0AL9zGftFuBon7PNDcdvNCEuQqw2x0wP9yug==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-darwin-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-darwin-arm64/-/esbuild-darwin-arm64-0.14.54.tgz",
-      "integrity": "sha512-OPafJHD2oUPyvJMrsCvDGkRrVCar5aVyHfWGQzY1dWnzErjrDuSETxwA2HSsyg2jORLY8yBfzc1MIpUkXlctmw==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-freebsd-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-freebsd-64/-/esbuild-freebsd-64-0.14.54.tgz",
-      "integrity": "sha512-OKwd4gmwHqOTp4mOGZKe/XUlbDJ4Q9TjX0hMPIDBUWWu/kwhBAudJdBoxnjNf9ocIB6GN6CPowYpR/hRCbSYAg==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-freebsd-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-freebsd-arm64/-/esbuild-freebsd-arm64-0.14.54.tgz",
-      "integrity": "sha512-sFwueGr7OvIFiQT6WeG0jRLjkjdqWWSrfbVwZp8iMP+8UHEHRBvlaxL6IuKNDwAozNUmbb8nIMXa7oAOARGs1Q==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-32": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-32/-/esbuild-linux-32-0.14.54.tgz",
-      "integrity": "sha512-1ZuY+JDI//WmklKlBgJnglpUL1owm2OX+8E1syCD6UAxcMM/XoWd76OHSjl/0MR0LisSAXDqgjT3uJqT67O3qw==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-64/-/esbuild-linux-64-0.14.54.tgz",
-      "integrity": "sha512-EgjAgH5HwTbtNsTqQOXWApBaPVdDn7XcK+/PtJwZLT1UmpLoznPd8c5CxqsH2dQK3j05YsB3L17T8vE7cp4cCg==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-arm": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-arm/-/esbuild-linux-arm-0.14.54.tgz",
-      "integrity": "sha512-qqz/SjemQhVMTnvcLGoLOdFpCYbz4v4fUo+TfsWG+1aOu70/80RV6bgNpR2JCrppV2moUQkww+6bWxXRL9YMGw==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-arm64/-/esbuild-linux-arm64-0.14.54.tgz",
-      "integrity": "sha512-WL71L+0Rwv+Gv/HTmxTEmpv0UgmxYa5ftZILVi2QmZBgX3q7+tDeOQNqGtdXSdsL8TQi1vIaVFHUPDe0O0kdig==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-mips64le": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-mips64le/-/esbuild-linux-mips64le-0.14.54.tgz",
-      "integrity": "sha512-qTHGQB8D1etd0u1+sB6p0ikLKRVuCWhYQhAHRPkO+OF3I/iSlTKNNS0Lh2Oc0g0UFGguaFZZiPJdJey3AGpAlw==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-ppc64le": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-ppc64le/-/esbuild-linux-ppc64le-0.14.54.tgz",
-      "integrity": "sha512-j3OMlzHiqwZBDPRCDFKcx595XVfOfOnv68Ax3U4UKZ3MTYQB5Yz3X1mn5GnodEVYzhtZgxEBidLWeIs8FDSfrQ==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-riscv64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-riscv64/-/esbuild-linux-riscv64-0.14.54.tgz",
-      "integrity": "sha512-y7Vt7Wl9dkOGZjxQZnDAqqn+XOqFD7IMWiewY5SPlNlzMX39ocPQlOaoxvT4FllA5viyV26/QzHtvTjVNOxHZg==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-linux-s390x": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-linux-s390x/-/esbuild-linux-s390x-0.14.54.tgz",
-      "integrity": "sha512-zaHpW9dziAsi7lRcyV4r8dhfG1qBidQWUXweUjnw+lliChJqQr+6XD71K41oEIC3Mx1KStovEmlzm+MkGZHnHA==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-netbsd-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-netbsd-64/-/esbuild-netbsd-64-0.14.54.tgz",
-      "integrity": "sha512-PR01lmIMnfJTgeU9VJTDY9ZerDWVFIUzAtJuDHwwceppW7cQWjBBqP48NdeRtoP04/AtO9a7w3viI+PIDr6d+w==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-openbsd-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-openbsd-64/-/esbuild-openbsd-64-0.14.54.tgz",
-      "integrity": "sha512-Qyk7ikT2o7Wu76UsvvDS5q0amJvmRzDyVlL0qf5VLsLchjCa1+IAvd8kTBgUxD7VBUUVgItLkk609ZHUc1oCaw==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-sunos-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-sunos-64/-/esbuild-sunos-64-0.14.54.tgz",
-      "integrity": "sha512-28GZ24KmMSeKi5ueWzMcco6EBHStL3B6ubM7M51RmPwXQGLe0teBGJocmWhgwccA1GeFXqxzILIxXpHbl9Q/Kw==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-windows-32": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-windows-32/-/esbuild-windows-32-0.14.54.tgz",
-      "integrity": "sha512-T+rdZW19ql9MjS7pixmZYVObd9G7kcaZo+sETqNH4RCkuuYSuv9AGHUVnPoP9hhuE1WM1ZimHz1CIBHBboLU7w==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-windows-64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-windows-64/-/esbuild-windows-64-0.14.54.tgz",
-      "integrity": "sha512-AoHTRBUuYwXtZhjXZbA1pGfTo8cJo3vZIcWGLiUcTNgHpJJMC1rVA44ZereBHMJtotyN71S8Qw0npiCIkW96cQ==",
-      "dev": true,
-      "optional": true
-    },
-    "esbuild-windows-arm64": {
-      "version": "0.14.54",
-      "resolved": "https://registry.npmjs.org/esbuild-windows-arm64/-/esbuild-windows-arm64-0.14.54.tgz",
-      "integrity": "sha512-M0kuUvXhot1zOISQGXwWn6YtS+Y/1RT9WrVIOywZnJHo3jCDyewAc79aKNQWFCQm+xNHVTq9h8dZKvygoXQQRg==",
-      "dev": true,
-      "optional": true
-    },
-    "escalade": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
-      "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
-      "dev": true
+      "version": "0.17.19",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.17.19.tgz",
+      "integrity": "sha512-XQ0jAPFkK/u3LcVRcvVHQcTIqD6E2H1fvZMA5dQPSOWb3suUbWbfbRf94pjc0bNzRYLfIrDRQXr7X+LHIm5oHw==",
+      "dev": true,
+      "requires": {
+        "@esbuild/android-arm": "0.17.19",
+        "@esbuild/android-arm64": "0.17.19",
+        "@esbuild/android-x64": "0.17.19",
+        "@esbuild/darwin-arm64": "0.17.19",
+        "@esbuild/darwin-x64": "0.17.19",
+        "@esbuild/freebsd-arm64": "0.17.19",
+        "@esbuild/freebsd-x64": "0.17.19",
+        "@esbuild/linux-arm": "0.17.19",
+        "@esbuild/linux-arm64": "0.17.19",
+        "@esbuild/linux-ia32": "0.17.19",
+        "@esbuild/linux-loong64": "0.17.19",
+        "@esbuild/linux-mips64el": "0.17.19",
+        "@esbuild/linux-ppc64": "0.17.19",
+        "@esbuild/linux-riscv64": "0.17.19",
+        "@esbuild/linux-s390x": "0.17.19",
+        "@esbuild/linux-x64": "0.17.19",
+        "@esbuild/netbsd-x64": "0.17.19",
+        "@esbuild/openbsd-x64": "0.17.19",
+        "@esbuild/sunos-x64": "0.17.19",
+        "@esbuild/win32-arm64": "0.17.19",
+        "@esbuild/win32-ia32": "0.17.19",
+        "@esbuild/win32-x64": "0.17.19"
+      }
     },
     "escape-html": {
       "version": "1.0.3",
@@ -5827,16 +6229,6 @@
       "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz",
       "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA=="
     },
-    "foreground-child": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-2.0.0.tgz",
-      "integrity": "sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==",
-      "dev": true,
-      "requires": {
-        "cross-spawn": "^7.0.0",
-        "signal-exit": "^3.0.2"
-      }
-    },
     "form-data": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
@@ -5860,24 +6252,12 @@
       "dev": true,
       "optional": true
     },
-    "function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
-      "dev": true
-    },
     "functional-red-black-tree": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
       "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==",
       "dev": true
     },
-    "get-caller-file": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
-      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
-      "dev": true
-    },
     "get-func-name": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz",
@@ -5936,15 +6316,6 @@
       "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==",
       "dev": true
     },
-    "has": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
-      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
-      "dev": true,
-      "requires": {
-        "function-bind": "^1.1.1"
-      }
-    },
     "has-flag": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -6049,27 +6420,12 @@
         "binary-extensions": "^2.0.0"
       }
     },
-    "is-core-module": {
-      "version": "2.10.0",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.10.0.tgz",
-      "integrity": "sha512-Erxj2n/LDAZ7H8WNJXd9tw38GYM3dv8rk8Zcs+jJuxYTW7sozH+SS8NtrSjVL1/vpLvWi1hxy96IzjJ3EHTJJg==",
-      "dev": true,
-      "requires": {
-        "has": "^1.0.3"
-      }
-    },
     "is-extglob": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
       "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
       "dev": true
     },
-    "is-fullwidth-code-point": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
-      "dev": true
-    },
     "is-glob": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -6114,6 +6470,17 @@
         "supports-color": "^7.1.0"
       }
     },
+    "istanbul-lib-source-maps": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz",
+      "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==",
+      "dev": true,
+      "requires": {
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0",
+        "source-map": "^0.6.1"
+      }
+    },
     "istanbul-reports": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.5.tgz",
@@ -6124,6 +6491,12 @@
         "istanbul-lib-report": "^3.0.0"
       }
     },
+    "js-string-escape": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/js-string-escape/-/js-string-escape-1.0.1.tgz",
+      "integrity": "sha512-Smw4xcfIQ5LVjAOuJCvN/zIodzA/BBSsluuoSykP+lUvScIi4U6RJLfwHet5cxFnCswUjISV8oAXaqaJDY3chg==",
+      "dev": true
+    },
     "js-yaml": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
@@ -6180,6 +6553,12 @@
       "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==",
       "dev": true
     },
+    "jsonc-parser": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz",
+      "integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==",
+      "dev": true
+    },
     "levn": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -6191,9 +6570,9 @@
       }
     },
     "local-pkg": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.4.2.tgz",
-      "integrity": "sha512-mlERgSPrbxU3BP4qBqAvvwlgW4MTg78iwJdGGnv7kibKjWcJksrG3t6LB5lXI93wXRDvG4NpUgJFmTG4T6rdrg==",
+      "version": "0.4.3",
+      "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.4.3.tgz",
+      "integrity": "sha512-SFppqq5p42fe2qcZQqqEOiVRXl+WCP1MdT6k7BDEW1j++sp5fIY+/fdRQitvKgB5BrBcmrs5m/L0v2FrU5MY1g==",
       "dev": true
     },
     "locate-path": {
@@ -6228,9 +6607,9 @@
       "dev": true
     },
     "loupe": {
-      "version": "2.3.4",
-      "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.4.tgz",
-      "integrity": "sha512-OvKfgCC2Ndby6aSTREl5aCCPTNIzlDfQZvZxNUrBrihDhL3xcrYegTblhmEiCrg2kKQz4XsFIaemE5BF4ybSaQ==",
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.6.tgz",
+      "integrity": "sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==",
       "dev": true,
       "requires": {
         "get-func-name": "^2.0.0"
@@ -6245,6 +6624,15 @@
         "yallist": "^4.0.0"
       }
     },
+    "magic-string": {
+      "version": "0.30.0",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.0.tgz",
+      "integrity": "sha512-LA+31JYDJLs82r2ScLrlz1GjSgu66ZV518eyWT+S8VhyQn/JL0u9MeBOvQMGYiPk1DBiSN9DDMOcXvigJZaViQ==",
+      "dev": true,
+      "requires": {
+        "@jridgewell/sourcemap-codec": "^1.4.13"
+      }
+    },
     "make-dir": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
@@ -6262,6 +6650,15 @@
         }
       }
     },
+    "md5-hex": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/md5-hex/-/md5-hex-3.0.1.tgz",
+      "integrity": "sha512-BUiRtTtV39LIJwinWBjqVsU9xhdnz7/i889V859IBFpuqGAj6LuOvHv5XLbgZ2R7ptJoJaEcxkv88/h25T7Ciw==",
+      "dev": true,
+      "requires": {
+        "blueimp-md5": "^2.10.0"
+      }
+    },
     "memoize-one": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/memoize-one/-/memoize-one-6.0.0.tgz",
@@ -6305,6 +6702,18 @@
         "brace-expansion": "^1.1.7"
       }
     },
+    "mlly": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.3.0.tgz",
+      "integrity": "sha512-HT5mcgIQKkOrZecOjOX3DJorTikWXwsBfpcr/MGBkhfWcjiqvnaL/9ppxvIUXfjT6xt4DVIAsN9fMUz1ev4bIw==",
+      "dev": true,
+      "requires": {
+        "acorn": "^8.8.2",
+        "pathe": "^1.1.0",
+        "pkg-types": "^1.0.3",
+        "ufo": "^1.1.2"
+      }
+    },
     "ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -6312,9 +6721,9 @@
       "dev": true
     },
     "nanoid": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw=="
+      "version": "3.3.6",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+      "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA=="
     },
     "natural-compare": {
       "version": "1.4.0",
@@ -6425,18 +6834,18 @@
       "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
       "dev": true
     },
-    "path-parse": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
-      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
-      "dev": true
-    },
     "path-type": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
       "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
       "dev": true
     },
+    "pathe": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.1.tgz",
+      "integrity": "sha512-d+RQGp0MAYTIaDBIMmOfMwz3E+LOZnxx1HZd5R18mmCZY0QBlK0LDZfPc8FW8Ed2DlvsuE6PRjroDY+wg4+j/Q==",
+      "dev": true
+    },
     "pathval": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz",
@@ -6477,12 +6886,23 @@
       "integrity": "sha512-HUgsU5IRtM75eAQiIqzT3p1oPEuYH1/B2ipTMU++yE+FV0LkHaBswdKXs0RMWYCmugO8s62oxLTh/N1dLNp+5A==",
       "requires": {}
     },
+    "pkg-types": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.0.3.tgz",
+      "integrity": "sha512-nN7pYi0AQqJnoLPC9eHFQ8AcyaixBUOwvqc5TDnIKCMEE6I0y8P7OKA7fPexsXGCGxQDl/cmrLAp26LhcwxZ4A==",
+      "dev": true,
+      "requires": {
+        "jsonc-parser": "^3.2.0",
+        "mlly": "^1.2.0",
+        "pathe": "^1.1.0"
+      }
+    },
     "postcss": {
-      "version": "8.4.16",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz",
-      "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==",
+      "version": "8.4.24",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
+      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
       "requires": {
-        "nanoid": "^3.3.4",
+        "nanoid": "^3.3.6",
         "picocolors": "^1.0.0",
         "source-map-js": "^1.0.2"
       }
@@ -6518,6 +6938,25 @@
         "fast-diff": "^1.1.2"
       }
     },
+    "pretty-format": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz",
+      "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^5.0.1",
+        "ansi-styles": "^5.0.0",
+        "react-is": "^17.0.1"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+          "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+          "dev": true
+        }
+      }
+    },
     "psl": {
       "version": "1.9.0",
       "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz",
@@ -6536,6 +6975,12 @@
       "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
       "dev": true
     },
+    "react-is": {
+      "version": "17.0.2",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
+      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==",
+      "dev": true
+    },
     "readdirp": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
@@ -6545,29 +6990,17 @@
         "picomatch": "^2.2.1"
       }
     },
+    "regenerator-runtime": {
+      "version": "0.13.11",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz",
+      "integrity": "sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg=="
+    },
     "regexpp": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz",
       "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==",
       "dev": true
     },
-    "require-directory": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
-      "dev": true
-    },
-    "resolve": {
-      "version": "1.22.1",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz",
-      "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==",
-      "dev": true,
-      "requires": {
-        "is-core-module": "^2.9.0",
-        "path-parse": "^1.0.7",
-        "supports-preserve-symlinks-flag": "^1.0.0"
-      }
-    },
     "resolve-from": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
@@ -6590,9 +7023,9 @@
       }
     },
     "rollup": {
-      "version": "2.77.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.77.3.tgz",
-      "integrity": "sha512-/qxNTG7FbmefJWoeeYJFbHehJ2HNWnjkAFRKzWN/45eNBBF/r8lo992CwcJXEzyVxs5FmfId+vTSTQDb+bxA+g==",
+      "version": "3.24.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-3.24.0.tgz",
+      "integrity": "sha512-OgraHOIg2YpHQTjl0/ymWfFNBEyPucB7lmhXrQUh38qNOegxLapSPFs9sNr0qKR75awW41D93XafoR2QfhBdUQ==",
       "dev": true,
       "requires": {
         "fsevents": "~2.3.2"
@@ -6663,10 +7096,10 @@
       "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
       "dev": true
     },
-    "signal-exit": {
-      "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
-      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+    "siginfo": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz",
+      "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==",
       "dev": true
     },
     "slash": {
@@ -6690,16 +7123,17 @@
       "resolved": "https://registry.npmjs.org/sourcemap-codec/-/sourcemap-codec-1.4.8.tgz",
       "integrity": "sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA=="
     },
-    "string-width": {
-      "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-      "dev": true,
-      "requires": {
-        "emoji-regex": "^8.0.0",
-        "is-fullwidth-code-point": "^3.0.0",
-        "strip-ansi": "^6.0.1"
-      }
+    "stackback": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz",
+      "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==",
+      "dev": true
+    },
+    "std-env": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.3.3.tgz",
+      "integrity": "sha512-Rz6yejtVyWnVjC1RFvNmYL10kgjC49EOghxWn0RFqlCHGFpQx+Xe7yW3I4ceK1SGrWIGMjD5Kbue8W/udkbMJg==",
+      "dev": true
     },
     "strip-ansi": {
       "version": "6.0.1",
@@ -6716,6 +7150,15 @@
       "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
       "dev": true
     },
+    "strip-literal": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-1.0.1.tgz",
+      "integrity": "sha512-QZTsipNpa2Ppr6v1AmJHESqJ3Uz247MUS0OjrnnZjFAvEoWqxuyFuXn2xLgMtRnijJShAa1HL0gtJyUs7u7n3Q==",
+      "dev": true,
+      "requires": {
+        "acorn": "^8.8.2"
+      }
+    },
     "supports-color": {
       "version": "7.2.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@@ -6725,12 +7168,6 @@
         "has-flag": "^4.0.0"
       }
     },
-    "supports-preserve-symlinks-flag": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
-      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
-      "dev": true
-    },
     "symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
@@ -6754,16 +7191,28 @@
       "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==",
       "dev": true
     },
+    "time-zone": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/time-zone/-/time-zone-1.0.0.tgz",
+      "integrity": "sha512-TIsDdtKo6+XrPtiTm1ssmMngN1sAhyKnTO2kunQWqNPWIVvCm15Wmw4SWInwTVgJ5u/Tr04+8Ei9TNcw4x4ONA==",
+      "dev": true
+    },
+    "tinybench": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.5.0.tgz",
+      "integrity": "sha512-kRwSG8Zx4tjF9ZiyH4bhaebu+EDz1BOx9hOigYHlUW4xxI/wKIUQUqo018UlU4ar6ATPBsaMrdbKZ+tmPdohFA==",
+      "dev": true
+    },
     "tinypool": {
-      "version": "0.2.4",
-      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.2.4.tgz",
-      "integrity": "sha512-Vs3rhkUH6Qq1t5bqtb816oT+HeJTXfwt2cbPH17sWHIYKTotQIFPk3tf2fgqRrVyMDVOc1EnPgzIxfIulXVzwQ==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.5.0.tgz",
+      "integrity": "sha512-paHQtnrlS1QZYKF/GnLoOM/DN9fqaGOFbCbxzAhwniySnzl9Ebk8w73/dd34DAhe/obUbPAOldTyYXQZxnPBPQ==",
       "dev": true
     },
     "tinyspy": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-1.0.0.tgz",
-      "integrity": "sha512-FI5B2QdODQYDRjfuLF+OrJ8bjWRMCXokQPcwKm0W3IzcbUmBNv536cQc7eXGoAuXphZwgx1DFbqImwzz08Fnhw==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-2.1.1.tgz",
+      "integrity": "sha512-XPJL2uSzcOyBMky6OFrusqWlzfFrXtE0hPuMgW8A2HmaqrPo4ZQHRN/V0QXN3FSjKxpsbRrFc5LI7KOwBsT1/w==",
       "dev": true
     },
     "to-regex-range": {
@@ -6837,6 +7286,12 @@
       "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==",
       "devOptional": true
     },
+    "ufo": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.1.2.tgz",
+      "integrity": "sha512-TrY6DsjTQQgyS3E3dBaOXf0TpPD8u9FVrVYmKVegJuFw51n/YB9XPt+U6ydzFG5ZIN7+DIjPbNmXoBj9esYhgQ==",
+      "dev": true
+    },
     "universalify": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
@@ -6865,9 +7320,9 @@
       "dev": true
     },
     "v8-to-istanbul": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.0.1.tgz",
-      "integrity": "sha512-74Y4LqY74kLE6IFyIjPtkSTWzUZmj8tdHT9Ii/26dvQ6K9Dl2NbEfj0XgU2sHCtKgt5VupqhlO/5aWuqS+IY1w==",
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.1.0.tgz",
+      "integrity": "sha512-6z3GW9x8G1gd+JIIgQQQxXuiJtCXeAjp6RaPEPLv62mH3iPHPxV6W3robxtCzNErRo6ZwTmzWhsbNvjyEBKzKA==",
       "dev": true,
       "requires": {
         "@jridgewell/trace-mapping": "^0.3.12",
@@ -6876,33 +7331,70 @@
       }
     },
     "vite": {
-      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-3.0.8.tgz",
-      "integrity": "sha512-AOZ4eN7mrkJiOLuw8IA7piS4IdOQyQCA81GxGsAQvAZzMRi9ZwGB3TOaYsj4uLAWK46T5L4AfQ6InNGlxX30IQ==",
+      "version": "4.3.9",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-4.3.9.tgz",
+      "integrity": "sha512-qsTNZjO9NoJNW7KnOrgYwczm0WctJ8m/yqYAMAK9Lxt4SoySUfS5S8ia9K7JHpa3KEeMfyF8LoJ3c5NeBJy6pg==",
       "dev": true,
       "requires": {
-        "esbuild": "^0.14.47",
+        "esbuild": "^0.17.5",
         "fsevents": "~2.3.2",
-        "postcss": "^8.4.16",
-        "resolve": "^1.22.1",
-        "rollup": ">=2.75.6 <2.77.0 || ~2.77.0"
+        "postcss": "^8.4.23",
+        "rollup": "^3.21.0"
+      }
+    },
+    "vite-node": {
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-0.32.0.tgz",
+      "integrity": "sha512-220P/y8YacYAU+daOAqiGEFXx2A8AwjadDzQqos6wSukjvvTWNqleJSwoUn0ckyNdjHIKoxn93Nh1vWBqEKr3Q==",
+      "dev": true,
+      "requires": {
+        "cac": "^6.7.14",
+        "debug": "^4.3.4",
+        "mlly": "^1.2.0",
+        "pathe": "^1.1.0",
+        "picocolors": "^1.0.0",
+        "vite": "^3.0.0 || ^4.0.0"
       }
     },
     "vitest": {
-      "version": "0.22.0",
-      "resolved": "https://registry.npmjs.org/vitest/-/vitest-0.22.0.tgz",
-      "integrity": "sha512-BSIro/QOHLaQY08FHwT6THWhqLQ+VPU+N4Rdo4pcP+16XB6oLmNNAXGcSh/MOLUhfUy+mqCwx7AyKmU7Ms5R+g==",
+      "version": "0.32.0",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-0.32.0.tgz",
+      "integrity": "sha512-SW83o629gCqnV3BqBnTxhB10DAwzwEx3z+rqYZESehUB+eWsJxwcBQx7CKy0otuGMJTYh7qCVuUX23HkftGl/Q==",
       "dev": true,
       "requires": {
-        "@types/chai": "^4.3.3",
+        "@types/chai": "^4.3.5",
         "@types/chai-subset": "^1.3.3",
         "@types/node": "*",
-        "chai": "^4.3.6",
+        "@vitest/expect": "0.32.0",
+        "@vitest/runner": "0.32.0",
+        "@vitest/snapshot": "0.32.0",
+        "@vitest/spy": "0.32.0",
+        "@vitest/utils": "0.32.0",
+        "acorn": "^8.8.2",
+        "acorn-walk": "^8.2.0",
+        "cac": "^6.7.14",
+        "chai": "^4.3.7",
+        "concordance": "^5.0.4",
         "debug": "^4.3.4",
-        "local-pkg": "^0.4.2",
-        "tinypool": "^0.2.4",
-        "tinyspy": "^1.0.0",
-        "vite": "^2.9.12 || ^3.0.0-0"
+        "local-pkg": "^0.4.3",
+        "magic-string": "^0.30.0",
+        "pathe": "^1.1.0",
+        "picocolors": "^1.0.0",
+        "std-env": "^3.3.2",
+        "strip-literal": "^1.0.1",
+        "tinybench": "^2.5.0",
+        "tinypool": "^0.5.0",
+        "vite": "^3.0.0 || ^4.0.0",
+        "vite-node": "0.32.0",
+        "why-is-node-running": "^2.2.2"
+      },
+      "dependencies": {
+        "acorn-walk": {
+          "version": "8.2.0",
+          "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.2.0.tgz",
+          "integrity": "sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==",
+          "dev": true
+        }
       }
     },
     "vue": {
@@ -7002,6 +7494,12 @@
       "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==",
       "dev": true
     },
+    "well-known-symbols": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/well-known-symbols/-/well-known-symbols-2.0.0.tgz",
+      "integrity": "sha512-ZMjC3ho+KXo0BfJb7JgtQ5IBuvnShdlACNkKkdsqBmYw3bPAaJfPeYUo6tLUaT5tG/Gkh7xkpBhKRQ9e7pyg9Q==",
+      "dev": true
+    },
     "whatwg-encoding": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-2.0.0.tgz",
@@ -7036,23 +7534,22 @@
         "isexe": "^2.0.0"
       }
     },
+    "why-is-node-running": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.2.2.tgz",
+      "integrity": "sha512-6tSwToZxTOcotxHeA+qGCq1mVzKR3CwcJGmVcY+QE8SHy6TnpFnh8PAvPNHYr7EcuVeG0QSMxtYCuO1ta/G/oA==",
+      "dev": true,
+      "requires": {
+        "siginfo": "^2.0.0",
+        "stackback": "0.0.2"
+      }
+    },
     "word-wrap": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
       "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
       "dev": true
     },
-    "wrap-ansi": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
-      "dev": true,
-      "requires": {
-        "ansi-styles": "^4.0.0",
-        "string-width": "^4.1.0",
-        "strip-ansi": "^6.0.0"
-      }
-    },
     "wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -7078,39 +7575,12 @@
       "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==",
       "dev": true
     },
-    "y18n": {
-      "version": "5.0.8",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
-      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
-      "dev": true
-    },
     "yallist": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
       "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "dev": true
     },
-    "yargs": {
-      "version": "16.2.0",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
-      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
-      "dev": true,
-      "requires": {
-        "cliui": "^7.0.2",
-        "escalade": "^3.1.1",
-        "get-caller-file": "^2.0.5",
-        "require-directory": "^2.1.1",
-        "string-width": "^4.2.0",
-        "y18n": "^5.0.5",
-        "yargs-parser": "^20.2.2"
-      }
-    },
-    "yargs-parser": {
-      "version": "20.2.9",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz",
-      "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
-      "dev": true
-    },
     "yocto-queue": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index 3814c49cd..ad2e00c3b 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -30,8 +30,8 @@
     "@types/node": "^18.7.1",
     "@typescript-eslint/eslint-plugin": "^5.33.0",
     "@typescript-eslint/parser": "^5.33.0",
-    "@vitejs/plugin-vue": "^3.0.0",
-    "@vitest/coverage-c8": "^0.22.0",
+    "@vitejs/plugin-vue": "^4.2.3",
+    "@vitest/coverage-v8": "^0.32.0",
     "@vue/eslint-config-prettier": "^7.0.0",
     "@vue/eslint-config-typescript": "^11.0.0",
     "@vue/test-utils": "^2.0.2",
@@ -42,8 +42,8 @@
     "prettier": "^2.7.1",
     "sass": "^1.54.4",
     "typescript": "^4.6.4",
-    "vite": "^3.0.0",
-    "vitest": "^0.22.0",
+    "vite": "^4.2.3",
+    "vitest": "^0.32.0",
     "vue-tsc": "^0.38.4"
   }
 }
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 6776a3fb5..47aecc959 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -1,4 +1,8 @@
-lockfileVersion: '6.0'
+lockfileVersion: '6.1'
+
+settings:
+  autoInstallPeers: true
+  excludeLinksFromLockfile: false
 
 dependencies:
   '@element-plus/icons-vue':
@@ -43,11 +47,11 @@ devDependencies:
     specifier: ^5.33.0
     version: 5.33.1(eslint@8.22.0)(typescript@4.7.4)
   '@vitejs/plugin-vue':
-    specifier: ^3.0.0
-    version: 3.0.3(vite@3.0.8)(vue@3.2.37)
-  '@vitest/coverage-c8':
-    specifier: ^0.22.0
-    version: 0.22.0(jsdom@20.0.0)(sass@1.54.4)
+    specifier: ^4.2.3
+    version: 4.2.3(vite@4.2.3)(vue@3.2.37)
+  '@vitest/coverage-v8':
+    specifier: ^0.32.0
+    version: 0.32.0(vitest@0.32.0)
   '@vue/eslint-config-prettier':
     specifier: ^7.0.0
     version: 7.0.0(eslint@8.22.0)(prettier@2.7.1)
@@ -79,17 +83,25 @@ devDependencies:
     specifier: ^4.6.4
     version: 4.7.4
   vite:
-    specifier: ^3.0.0
-    version: 3.0.8(sass@1.54.4)
+    specifier: ^4.2.3
+    version: 4.2.3(@types/node@18.7.6)(sass@1.54.4)
   vitest:
-    specifier: ^0.22.0
-    version: 0.22.0(jsdom@20.0.0)(sass@1.54.4)
+    specifier: ^0.32.0
+    version: 0.32.0(jsdom@20.0.0)(sass@1.54.4)
   vue-tsc:
     specifier: ^0.38.4
     version: 0.38.9(typescript@4.7.4)
 
 packages:
 
+  /@ampproject/remapping@2.2.1:
+    resolution: {integrity: sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==}
+    engines: {node: '>=6.0.0'}
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.3
+      '@jridgewell/trace-mapping': 0.3.15
+    dev: true
+
   /@babel/helper-string-parser@7.18.10:
     resolution: {integrity: sha512-XtIfWmeNY3i4t7t4D2t02q50HvqHybPqW2ki1kosnvWCwuCMeo81Jf0gwr85jy/neUdg5XDdeFE/80DXiO+njw==}
     engines: {node: '>=6.9.0'}
@@ -130,8 +142,98 @@ packages:
       vue: 3.2.37
     dev: false
 
-  /@esbuild/linux-loong64@0.14.54:
-    resolution: {integrity: sha512-bZBrLAIX1kpWelV0XemxBZllyRmM6vgFQQG2GdNb+r3Fkp0FOh1NJSvekXDs7jq70k4euu1cryLMfU+mTXlEpw==}
+  /@esbuild/android-arm64@0.17.19:
+    resolution: {integrity: sha512-KBMWvEZooR7+kzY0BtbTQn0OAYY7CsiydT63pVEaPtVYF0hXbUaOyZog37DKxK7NF3XacBJOpYT4adIJh+avxA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [android]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/android-arm@0.17.19:
+    resolution: {integrity: sha512-rIKddzqhmav7MSmoFCmDIb6e2W57geRsM94gV2l38fzhXMwq7hZoClug9USI2pFRGL06f4IOPHHpFNOkWieR8A==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [android]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/android-x64@0.17.19:
+    resolution: {integrity: sha512-uUTTc4xGNDT7YSArp/zbtmbhO0uEEK9/ETW29Wk1thYUJBz3IVnvgEiEwEa9IeLyvnpKrWK64Utw2bgUmDveww==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [android]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/darwin-arm64@0.17.19:
+    resolution: {integrity: sha512-80wEoCfF/hFKM6WE1FyBHc9SfUblloAWx6FJkFWTWiCoht9Mc0ARGEM47e67W9rI09YoUxJL68WHfDRYEAvOhg==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/darwin-x64@0.17.19:
+    resolution: {integrity: sha512-IJM4JJsLhRYr9xdtLytPLSH9k/oxR3boaUIYiHkAawtwNOXKE8KoU8tMvryogdcT8AU+Bflmh81Xn6Q0vTZbQw==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/freebsd-arm64@0.17.19:
+    resolution: {integrity: sha512-pBwbc7DufluUeGdjSU5Si+P3SoMF5DQ/F/UmTSb8HXO80ZEAJmrykPyzo1IfNbAoaqw48YRpv8shwd1NoI0jcQ==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [freebsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/freebsd-x64@0.17.19:
+    resolution: {integrity: sha512-4lu+n8Wk0XlajEhbEffdy2xy53dpR06SlzvhGByyg36qJw6Kpfk7cp45DR/62aPH9mtJRmIyrXAS5UWBrJT6TQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [freebsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-arm64@0.17.19:
+    resolution: {integrity: sha512-ct1Tg3WGwd3P+oZYqic+YZF4snNl2bsnMKRkb3ozHmnM0dGWuxcPTTntAF6bOP0Sp4x0PjSF+4uHQ1xvxfRKqg==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-arm@0.17.19:
+    resolution: {integrity: sha512-cdmT3KxjlOQ/gZ2cjfrQOtmhG4HJs6hhvm3mWSRDPtZ/lP5oe8FWceS10JaSJC13GBd4eH/haHnqf7hhGNLerA==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-ia32@0.17.19:
+    resolution: {integrity: sha512-w4IRhSy1VbsNxHRQpeGCHEmibqdTUx61Vc38APcsRbuVgK0OPEnQ0YD39Brymn96mOx48Y2laBQGqgZ0j9w6SQ==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-loong64@0.17.19:
+    resolution: {integrity: sha512-2iAngUbBPMq439a+z//gE+9WBldoMp1s5GWsUSgqHLzLJ9WoZLZhpwWuym0u0u/4XmZ3gpHmzV84PonE+9IIdQ==}
     engines: {node: '>=12'}
     cpu: [loong64]
     os: [linux]
@@ -139,6 +241,105 @@ packages:
     dev: true
     optional: true
 
+  /@esbuild/linux-mips64el@0.17.19:
+    resolution: {integrity: sha512-LKJltc4LVdMKHsrFe4MGNPp0hqDFA1Wpt3jE1gEyM3nKUvOiO//9PheZZHfYRfYl6AwdTH4aTcXSqBerX0ml4A==}
+    engines: {node: '>=12'}
+    cpu: [mips64el]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-ppc64@0.17.19:
+    resolution: {integrity: sha512-/c/DGybs95WXNS8y3Ti/ytqETiW7EU44MEKuCAcpPto3YjQbyK3IQVKfF6nbghD7EcLUGl0NbiL5Rt5DMhn5tg==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-riscv64@0.17.19:
+    resolution: {integrity: sha512-FC3nUAWhvFoutlhAkgHf8f5HwFWUL6bYdvLc/TTuxKlvLi3+pPzdZiFKSWz/PF30TB1K19SuCxDTI5KcqASJqA==}
+    engines: {node: '>=12'}
+    cpu: [riscv64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-s390x@0.17.19:
+    resolution: {integrity: sha512-IbFsFbxMWLuKEbH+7sTkKzL6NJmG2vRyy6K7JJo55w+8xDk7RElYn6xvXtDW8HCfoKBFK69f3pgBJSUSQPr+4Q==}
+    engines: {node: '>=12'}
+    cpu: [s390x]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-x64@0.17.19:
+    resolution: {integrity: sha512-68ngA9lg2H6zkZcyp22tsVt38mlhWde8l3eJLWkyLrp4HwMUr3c1s/M2t7+kHIhvMjglIBrFpncX1SzMckomGw==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/netbsd-x64@0.17.19:
+    resolution: {integrity: sha512-CwFq42rXCR8TYIjIfpXCbRX0rp1jo6cPIUPSaWwzbVI4aOfX96OXY8M6KNmtPcg7QjYeDmN+DD0Wp3LaBOLf4Q==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [netbsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/openbsd-x64@0.17.19:
+    resolution: {integrity: sha512-cnq5brJYrSZ2CF6c35eCmviIN3k3RczmHz8eYaVlNasVqsNY+JKohZU5MKmaOI+KkllCdzOKKdPs762VCPC20g==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [openbsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/sunos-x64@0.17.19:
+    resolution: {integrity: sha512-vCRT7yP3zX+bKWFeP/zdS6SqdWB8OIpaRq/mbXQxTGHnIxspRtigpkUcDMlSCOejlHowLqII7K2JKevwyRP2rg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [sunos]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/win32-arm64@0.17.19:
+    resolution: {integrity: sha512-yYx+8jwowUstVdorcMdNlzklLYhPxjniHWFKgRqH7IFlUEa0Umu3KuYplf1HUZZ422e3NU9F4LGb+4O0Kdcaag==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/win32-ia32@0.17.19:
+    resolution: {integrity: sha512-eggDKanJszUtCdlVs0RB+h35wNlb5v4TWEkq4vZcmVt5u/HiDZrTXe2bWFQUez3RgNHwx/x4sk5++4NSSicKkw==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [win32]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/win32-x64@0.17.19:
+    resolution: {integrity: sha512-lAhycmKnVOuRYNtRtatQR1LPQf2oYCkRGkSFnseDAKPl8lu5SOsK/e1sXe5a0Pc5kHIHe6P2I/ilntNv2xf3cA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+    requiresBuild: true
+    dev: true
+    optional: true
+
   /@eslint/eslintrc@1.3.0:
     resolution: {integrity: sha512-UWW0TMTmk2d7hLcWD1/e2g5HDM/HQ3csaLSqXCfqwh4uNDuNqlaKWXmEsL4Cs41Z0KnILNvwbHAah3C2yt06kw==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
@@ -238,11 +439,25 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
+  /@jridgewell/gen-mapping@0.3.3:
+    resolution: {integrity: sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==}
+    engines: {node: '>=6.0.0'}
+    dependencies:
+      '@jridgewell/set-array': 1.1.2
+      '@jridgewell/sourcemap-codec': 1.4.14
+      '@jridgewell/trace-mapping': 0.3.15
+    dev: true
+
   /@jridgewell/resolve-uri@3.1.0:
     resolution: {integrity: sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==}
     engines: {node: '>=6.0.0'}
     dev: true
 
+  /@jridgewell/set-array@1.1.2:
+    resolution: {integrity: sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==}
+    engines: {node: '>=6.0.0'}
+    dev: true
+
   /@jridgewell/sourcemap-codec@1.4.14:
     resolution: {integrity: sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==}
     dev: true
@@ -287,11 +502,11 @@ packages:
   /@types/chai-subset@1.3.3:
     resolution: {integrity: sha512-frBecisrNGz+F4T6bcc+NLeolfiojh5FxW2klu669+8BARtyQv2C/GkNW6FUodVe4BroGMP/wER/YDGc7rEllw==}
     dependencies:
-      '@types/chai': 4.3.3
+      '@types/chai': 4.3.5
     dev: true
 
-  /@types/chai@4.3.3:
-    resolution: {integrity: sha512-hC7OMnszpxhZPduX+m+nrx+uFoLkWOMiR4oa/AZF3MuSETYTZmFfJAHqZEM8MVlvfG7BEUcgvtwoCTxBp6hm3g==}
+  /@types/chai@4.3.5:
+    resolution: {integrity: sha512-mEo1sAde+UCE6b2hxn332f1g1E8WfYRu6p5SvTKr2ZKC1f7gFJXk4h5PyGP9Dt6gCaG8y8XhwnXWC6Iy2cmBng==}
     dev: true
 
   /@types/istanbul-lib-coverage@2.0.4:
@@ -446,33 +661,75 @@ packages:
       eslint-visitor-keys: 3.3.0
     dev: true
 
-  /@vitejs/plugin-vue@3.0.3(vite@3.0.8)(vue@3.2.37):
-    resolution: {integrity: sha512-U4zNBlz9mg+TA+i+5QPc3N5lQvdUXENZLO2h0Wdzp56gI1MWhqJOv+6R+d4kOzoaSSq6TnGPBdZAXKOe4lXy6g==}
+  /@vitejs/plugin-vue@4.2.3(vite@4.2.3)(vue@3.2.37):
+    resolution: {integrity: sha512-R6JDUfiZbJA9cMiguQ7jxALsgiprjBeHL5ikpXfJCH62pPHtI+JdJ5xWj6Ev73yXSlYl86+blXn1kZHQ7uElxw==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
-      vite: ^3.0.0
+      vite: ^4.0.0
       vue: ^3.2.25
     dependencies:
-      vite: 3.0.8(sass@1.54.4)
+      vite: 4.2.3(@types/node@18.7.6)(sass@1.54.4)
       vue: 3.2.37
     dev: true
 
-  /@vitest/coverage-c8@0.22.0(jsdom@20.0.0)(sass@1.54.4):
-    resolution: {integrity: sha512-jwW6b8U+h9nbzQfKoRmpf2xjDg+mcAjLIdVUrZGhjTnIdekGfvoqFoeiXzsLv2HwYBeFi4943lYUftuj8qD1FQ==}
+  /@vitest/coverage-v8@0.32.0(vitest@0.32.0):
+    resolution: {integrity: sha512-VXXlWq9X/NbsoP/l/CHLBjutsFFww1UY1qEhzGjn/DY7Tqe+z0Nu8XKc8im/XUAmjiWsh2XV7sy/F0IKAl4eaw==}
+    peerDependencies:
+      vitest: '>=0.32.0 <1'
     dependencies:
-      c8: 7.12.0
-      vitest: 0.22.0(jsdom@20.0.0)(sass@1.54.4)
+      '@ampproject/remapping': 2.2.1
+      '@bcoe/v8-coverage': 0.2.3
+      istanbul-lib-coverage: 3.2.0
+      istanbul-lib-report: 3.0.0
+      istanbul-lib-source-maps: 4.0.1
+      istanbul-reports: 3.1.5
+      magic-string: 0.30.0
+      picocolors: 1.0.0
+      std-env: 3.3.3
+      test-exclude: 6.0.0
+      v8-to-istanbul: 9.1.0
+      vitest: 0.32.0(jsdom@20.0.0)(sass@1.54.4)
     transitivePeerDependencies:
-      - '@edge-runtime/vm'
-      - '@vitest/browser'
-      - '@vitest/ui'
-      - happy-dom
-      - jsdom
-      - less
-      - sass
-      - stylus
       - supports-color
-      - terser
+    dev: true
+
+  /@vitest/expect@0.32.0:
+    resolution: {integrity: sha512-VxVHhIxKw9Lux+O9bwLEEk2gzOUe93xuFHy9SzYWnnoYZFYg1NfBtnfnYWiJN7yooJ7KNElCK5YtA7DTZvtXtg==}
+    dependencies:
+      '@vitest/spy': 0.32.0
+      '@vitest/utils': 0.32.0
+      chai: 4.3.7
+    dev: true
+
+  /@vitest/runner@0.32.0:
+    resolution: {integrity: sha512-QpCmRxftHkr72xt5A08xTEs9I4iWEXIOCHWhQQguWOKE4QH7DXSKZSOFibuwEIMAD7G0ERvtUyQn7iPWIqSwmw==}
+    dependencies:
+      '@vitest/utils': 0.32.0
+      concordance: 5.0.4
+      p-limit: 4.0.0
+      pathe: 1.1.1
+    dev: true
+
+  /@vitest/snapshot@0.32.0:
+    resolution: {integrity: sha512-yCKorPWjEnzpUxQpGlxulujTcSPgkblwGzAUEL+z01FTUg/YuCDZ8dxr9sHA08oO2EwxzHXNLjQKWJ2zc2a19Q==}
+    dependencies:
+      magic-string: 0.30.0
+      pathe: 1.1.1
+      pretty-format: 27.5.1
+    dev: true
+
+  /@vitest/spy@0.32.0:
+    resolution: {integrity: sha512-MruAPlM0uyiq3d53BkwTeShXY0rYEfhNGQzVO5GHBmmX3clsxcWp79mMnkOVcV244sNTeDcHbcPFWIjOI4tZvw==}
+    dependencies:
+      tinyspy: 2.1.1
+    dev: true
+
+  /@vitest/utils@0.32.0:
+    resolution: {integrity: sha512-53yXunzx47MmbuvcOPpLaVljHaeSu1G2dHdmy7+9ngMnQIkBQcvwOcoclWFnxDMxFbnq8exAfh3aKSZaK71J5A==}
+    dependencies:
+      concordance: 5.0.4
+      loupe: 2.3.6
+      pretty-format: 27.5.1
     dev: true
 
   /@volar/code-gen@0.38.9:
@@ -684,6 +941,11 @@ packages:
     engines: {node: '>=0.4.0'}
     dev: true
 
+  /acorn-walk@8.2.0:
+    resolution: {integrity: sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==}
+    engines: {node: '>=0.4.0'}
+    dev: true
+
   /acorn@7.4.1:
     resolution: {integrity: sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==}
     engines: {node: '>=0.4.0'}
@@ -696,6 +958,12 @@ packages:
     hasBin: true
     dev: true
 
+  /acorn@8.8.2:
+    resolution: {integrity: sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==}
+    engines: {node: '>=0.4.0'}
+    hasBin: true
+    dev: true
+
   /agent-base@6.0.2:
     resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==}
     engines: {node: '>= 6.0.0'}
@@ -726,6 +994,11 @@ packages:
       color-convert: 2.0.1
     dev: true
 
+  /ansi-styles@5.2.0:
+    resolution: {integrity: sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==}
+    engines: {node: '>=10'}
+    dev: true
+
   /anymatch@3.1.2:
     resolution: {integrity: sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==}
     engines: {node: '>= 8'}
@@ -772,6 +1045,10 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
+  /blueimp-md5@2.19.0:
+    resolution: {integrity: sha512-DRQrD6gJyy8FbiE4s+bDoXS9hiW3Vbx5uCdwvcCf3zLHL+Iv7LtGHLpr+GZV8rHG8tK766FGYBwRbu8pELTt+w==}
+    dev: true
+
   /boolbase@1.0.0:
     resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==}
     dev: true
@@ -794,23 +1071,9 @@ packages:
     resolution: {integrity: sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow==}
     dev: true
 
-  /c8@7.12.0:
-    resolution: {integrity: sha512-CtgQrHOkyxr5koX1wEUmN/5cfDa2ckbHRA4Gy5LAL0zaCFtVWJS5++n+w4/sr2GWGerBxgTjpKeDclk/Qk6W/A==}
-    engines: {node: '>=10.12.0'}
-    hasBin: true
-    dependencies:
-      '@bcoe/v8-coverage': 0.2.3
-      '@istanbuljs/schema': 0.1.3
-      find-up: 5.0.0
-      foreground-child: 2.0.0
-      istanbul-lib-coverage: 3.2.0
-      istanbul-lib-report: 3.0.0
-      istanbul-reports: 3.1.5
-      rimraf: 3.0.2
-      test-exclude: 6.0.0
-      v8-to-istanbul: 9.0.1
-      yargs: 16.2.0
-      yargs-parser: 20.2.9
+  /cac@6.7.14:
+    resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==}
+    engines: {node: '>=8'}
     dev: true
 
   /callsites@3.1.0:
@@ -818,13 +1081,13 @@ packages:
     engines: {node: '>=6'}
     dev: true
 
-  /chai@4.3.6:
-    resolution: {integrity: sha512-bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q==}
+  /chai@4.3.7:
+    resolution: {integrity: sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==}
     engines: {node: '>=4'}
     dependencies:
       assertion-error: 1.1.0
       check-error: 1.0.2
-      deep-eql: 3.0.1
+      deep-eql: 4.1.3
       get-func-name: 2.0.0
       loupe: 2.3.4
       pathval: 1.1.1
@@ -858,14 +1121,6 @@ packages:
       fsevents: 2.3.2
     dev: true
 
-  /cliui@7.0.4:
-    resolution: {integrity: sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==}
-    dependencies:
-      string-width: 4.2.3
-      strip-ansi: 6.0.1
-      wrap-ansi: 7.0.0
-    dev: true
-
   /color-convert@2.0.1:
     resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
     engines: {node: '>=7.0.0'}
@@ -887,6 +1142,20 @@ packages:
     resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
     dev: true
 
+  /concordance@5.0.4:
+    resolution: {integrity: sha512-OAcsnTEYu1ARJqWVGwf4zh4JDfHZEaSNlNccFmt8YjB2l/n19/PF2viLINHc57vO4FKIAFl2FWASIGZZWZ2Kxw==}
+    engines: {node: '>=10.18.0 <11 || >=12.14.0 <13 || >=14'}
+    dependencies:
+      date-time: 3.1.0
+      esutils: 2.0.3
+      fast-diff: 1.2.0
+      js-string-escape: 1.0.1
+      lodash: 4.17.21
+      md5-hex: 3.0.1
+      semver: 7.3.7
+      well-known-symbols: 2.0.0
+    dev: true
+
   /convert-source-map@1.8.0:
     resolution: {integrity: sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==}
     dependencies:
@@ -940,6 +1209,13 @@ packages:
     engines: {node: '>=0.11'}
     dev: false
 
+  /date-time@3.1.0:
+    resolution: {integrity: sha512-uqCUKXE5q1PNBXjPqvwhwJf9SwMoAHBgWJ6DcrnS5o+W2JOiIILl0JEdVD8SGujrNS02GGxgwAg2PN2zONgtjg==}
+    engines: {node: '>=6'}
+    dependencies:
+      time-zone: 1.0.0
+    dev: true
+
   /dayjs@1.11.5:
     resolution: {integrity: sha512-CAdX5Q3YW3Gclyo5Vpqkgpj8fSdLQcRuzfX6mC6Phy0nfJ0eGYOeS7m4mt2plDWLAtA4TqTakvbboHvUxfe4iA==}
     dev: false
@@ -960,9 +1236,9 @@ packages:
     resolution: {integrity: sha512-Nv6ENEzyPQ6AItkGwLE2PGKinZZ9g59vSh2BeH6NqPu0OTKZ5ruJsVqh/orbAnqXc9pBbgXAIrc2EyaCj8NpGg==}
     dev: true
 
-  /deep-eql@3.0.1:
-    resolution: {integrity: sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==}
-    engines: {node: '>=0.12'}
+  /deep-eql@4.1.3:
+    resolution: {integrity: sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==}
+    engines: {node: '>=6'}
     dependencies:
       type-detect: 4.0.8
     dev: true
@@ -1021,227 +1297,39 @@ packages:
       - '@vue/composition-api'
     dev: false
 
-  /emoji-regex@8.0.0:
-    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
-    dev: true
-
   /entities@4.3.1:
     resolution: {integrity: sha512-o4q/dYJlmyjP2zfnaWDUC6A3BQFmVTX+tZPezK7k0GLSU9QYCauscf5Y+qcEPzKL+EixVouYDgLQK5H9GrLpkg==}
     engines: {node: '>=0.12'}
     dev: true
 
-  /esbuild-android-64@0.14.54:
-    resolution: {integrity: sha512-Tz2++Aqqz0rJ7kYBfz+iqyE3QMycD4vk7LBRyWaAVFgFtQ/O8EJOnVmTOiDWYZ/uYzB4kvP+bqejYdVKzE5lAQ==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [android]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-android-arm64@0.14.54:
-    resolution: {integrity: sha512-F9E+/QDi9sSkLaClO8SOV6etqPd+5DgJje1F9lOWoNncDdOBL2YF59IhsWATSt0TLZbYCf3pNlTHvVV5VfHdvg==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [android]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-darwin-64@0.14.54:
-    resolution: {integrity: sha512-jtdKWV3nBviOd5v4hOpkVmpxsBy90CGzebpbO9beiqUYVMBtSc0AL9zGftFuBon7PNDcdvNCEuQqw2x0wP9yug==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [darwin]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-darwin-arm64@0.14.54:
-    resolution: {integrity: sha512-OPafJHD2oUPyvJMrsCvDGkRrVCar5aVyHfWGQzY1dWnzErjrDuSETxwA2HSsyg2jORLY8yBfzc1MIpUkXlctmw==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [darwin]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-freebsd-64@0.14.54:
-    resolution: {integrity: sha512-OKwd4gmwHqOTp4mOGZKe/XUlbDJ4Q9TjX0hMPIDBUWWu/kwhBAudJdBoxnjNf9ocIB6GN6CPowYpR/hRCbSYAg==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [freebsd]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-freebsd-arm64@0.14.54:
-    resolution: {integrity: sha512-sFwueGr7OvIFiQT6WeG0jRLjkjdqWWSrfbVwZp8iMP+8UHEHRBvlaxL6IuKNDwAozNUmbb8nIMXa7oAOARGs1Q==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [freebsd]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-32@0.14.54:
-    resolution: {integrity: sha512-1ZuY+JDI//WmklKlBgJnglpUL1owm2OX+8E1syCD6UAxcMM/XoWd76OHSjl/0MR0LisSAXDqgjT3uJqT67O3qw==}
-    engines: {node: '>=12'}
-    cpu: [ia32]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-64@0.14.54:
-    resolution: {integrity: sha512-EgjAgH5HwTbtNsTqQOXWApBaPVdDn7XcK+/PtJwZLT1UmpLoznPd8c5CxqsH2dQK3j05YsB3L17T8vE7cp4cCg==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-arm64@0.14.54:
-    resolution: {integrity: sha512-WL71L+0Rwv+Gv/HTmxTEmpv0UgmxYa5ftZILVi2QmZBgX3q7+tDeOQNqGtdXSdsL8TQi1vIaVFHUPDe0O0kdig==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-arm@0.14.54:
-    resolution: {integrity: sha512-qqz/SjemQhVMTnvcLGoLOdFpCYbz4v4fUo+TfsWG+1aOu70/80RV6bgNpR2JCrppV2moUQkww+6bWxXRL9YMGw==}
-    engines: {node: '>=12'}
-    cpu: [arm]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-mips64le@0.14.54:
-    resolution: {integrity: sha512-qTHGQB8D1etd0u1+sB6p0ikLKRVuCWhYQhAHRPkO+OF3I/iSlTKNNS0Lh2Oc0g0UFGguaFZZiPJdJey3AGpAlw==}
-    engines: {node: '>=12'}
-    cpu: [mips64el]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-ppc64le@0.14.54:
-    resolution: {integrity: sha512-j3OMlzHiqwZBDPRCDFKcx595XVfOfOnv68Ax3U4UKZ3MTYQB5Yz3X1mn5GnodEVYzhtZgxEBidLWeIs8FDSfrQ==}
-    engines: {node: '>=12'}
-    cpu: [ppc64]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-riscv64@0.14.54:
-    resolution: {integrity: sha512-y7Vt7Wl9dkOGZjxQZnDAqqn+XOqFD7IMWiewY5SPlNlzMX39ocPQlOaoxvT4FllA5viyV26/QzHtvTjVNOxHZg==}
-    engines: {node: '>=12'}
-    cpu: [riscv64]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-linux-s390x@0.14.54:
-    resolution: {integrity: sha512-zaHpW9dziAsi7lRcyV4r8dhfG1qBidQWUXweUjnw+lliChJqQr+6XD71K41oEIC3Mx1KStovEmlzm+MkGZHnHA==}
-    engines: {node: '>=12'}
-    cpu: [s390x]
-    os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-netbsd-64@0.14.54:
-    resolution: {integrity: sha512-PR01lmIMnfJTgeU9VJTDY9ZerDWVFIUzAtJuDHwwceppW7cQWjBBqP48NdeRtoP04/AtO9a7w3viI+PIDr6d+w==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [netbsd]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-openbsd-64@0.14.54:
-    resolution: {integrity: sha512-Qyk7ikT2o7Wu76UsvvDS5q0amJvmRzDyVlL0qf5VLsLchjCa1+IAvd8kTBgUxD7VBUUVgItLkk609ZHUc1oCaw==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [openbsd]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-sunos-64@0.14.54:
-    resolution: {integrity: sha512-28GZ24KmMSeKi5ueWzMcco6EBHStL3B6ubM7M51RmPwXQGLe0teBGJocmWhgwccA1GeFXqxzILIxXpHbl9Q/Kw==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [sunos]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-windows-32@0.14.54:
-    resolution: {integrity: sha512-T+rdZW19ql9MjS7pixmZYVObd9G7kcaZo+sETqNH4RCkuuYSuv9AGHUVnPoP9hhuE1WM1ZimHz1CIBHBboLU7w==}
-    engines: {node: '>=12'}
-    cpu: [ia32]
-    os: [win32]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-windows-64@0.14.54:
-    resolution: {integrity: sha512-AoHTRBUuYwXtZhjXZbA1pGfTo8cJo3vZIcWGLiUcTNgHpJJMC1rVA44ZereBHMJtotyN71S8Qw0npiCIkW96cQ==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [win32]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild-windows-arm64@0.14.54:
-    resolution: {integrity: sha512-M0kuUvXhot1zOISQGXwWn6YtS+Y/1RT9WrVIOywZnJHo3jCDyewAc79aKNQWFCQm+xNHVTq9h8dZKvygoXQQRg==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [win32]
-    requiresBuild: true
-    dev: true
-    optional: true
-
-  /esbuild@0.14.54:
-    resolution: {integrity: sha512-Cy9llcy8DvET5uznocPyqL3BFRrFXSVqbgpMJ9Wz8oVjZlh/zUSNbPRbov0VX7VxN2JH1Oa0uNxZ7eLRb62pJA==}
+  /esbuild@0.17.19:
+    resolution: {integrity: sha512-XQ0jAPFkK/u3LcVRcvVHQcTIqD6E2H1fvZMA5dQPSOWb3suUbWbfbRf94pjc0bNzRYLfIrDRQXr7X+LHIm5oHw==}
     engines: {node: '>=12'}
     hasBin: true
     requiresBuild: true
     optionalDependencies:
-      '@esbuild/linux-loong64': 0.14.54
-      esbuild-android-64: 0.14.54
-      esbuild-android-arm64: 0.14.54
-      esbuild-darwin-64: 0.14.54
-      esbuild-darwin-arm64: 0.14.54
-      esbuild-freebsd-64: 0.14.54
-      esbuild-freebsd-arm64: 0.14.54
-      esbuild-linux-32: 0.14.54
-      esbuild-linux-64: 0.14.54
-      esbuild-linux-arm: 0.14.54
-      esbuild-linux-arm64: 0.14.54
-      esbuild-linux-mips64le: 0.14.54
-      esbuild-linux-ppc64le: 0.14.54
-      esbuild-linux-riscv64: 0.14.54
-      esbuild-linux-s390x: 0.14.54
-      esbuild-netbsd-64: 0.14.54
-      esbuild-openbsd-64: 0.14.54
-      esbuild-sunos-64: 0.14.54
-      esbuild-windows-32: 0.14.54
-      esbuild-windows-64: 0.14.54
-      esbuild-windows-arm64: 0.14.54
-    dev: true
-
-  /escalade@3.1.1:
-    resolution: {integrity: sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==}
-    engines: {node: '>=6'}
+      '@esbuild/android-arm': 0.17.19
+      '@esbuild/android-arm64': 0.17.19
+      '@esbuild/android-x64': 0.17.19
+      '@esbuild/darwin-arm64': 0.17.19
+      '@esbuild/darwin-x64': 0.17.19
+      '@esbuild/freebsd-arm64': 0.17.19
+      '@esbuild/freebsd-x64': 0.17.19
+      '@esbuild/linux-arm': 0.17.19
+      '@esbuild/linux-arm64': 0.17.19
+      '@esbuild/linux-ia32': 0.17.19
+      '@esbuild/linux-loong64': 0.17.19
+      '@esbuild/linux-mips64el': 0.17.19
+      '@esbuild/linux-ppc64': 0.17.19
+      '@esbuild/linux-riscv64': 0.17.19
+      '@esbuild/linux-s390x': 0.17.19
+      '@esbuild/linux-x64': 0.17.19
+      '@esbuild/netbsd-x64': 0.17.19
+      '@esbuild/openbsd-x64': 0.17.19
+      '@esbuild/sunos-x64': 0.17.19
+      '@esbuild/win32-arm64': 0.17.19
+      '@esbuild/win32-ia32': 0.17.19
+      '@esbuild/win32-x64': 0.17.19
     dev: true
 
   /escape-html@1.0.3:
@@ -1518,14 +1606,6 @@ packages:
         optional: true
     dev: false
 
-  /foreground-child@2.0.0:
-    resolution: {integrity: sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==}
-    engines: {node: '>=8.0.0'}
-    dependencies:
-      cross-spawn: 7.0.3
-      signal-exit: 3.0.7
-    dev: true
-
   /form-data@4.0.0:
     resolution: {integrity: sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==}
     engines: {node: '>= 6'}
@@ -1554,11 +1634,6 @@ packages:
     resolution: {integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==}
     dev: true
 
-  /get-caller-file@2.0.5:
-    resolution: {integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==}
-    engines: {node: 6.* || 8.* || >= 10.*}
-    dev: true
-
   /get-func-name@2.0.0:
     resolution: {integrity: sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==}
     dev: true
@@ -1713,11 +1788,6 @@ packages:
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /is-fullwidth-code-point@3.0.0:
-    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
-    engines: {node: '>=8'}
-    dev: true
-
   /is-glob@4.0.3:
     resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
     engines: {node: '>=0.10.0'}
@@ -1752,6 +1822,17 @@ packages:
       supports-color: 7.2.0
     dev: true
 
+  /istanbul-lib-source-maps@4.0.1:
+    resolution: {integrity: sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==}
+    engines: {node: '>=10'}
+    dependencies:
+      debug: 4.3.4
+      istanbul-lib-coverage: 3.2.0
+      source-map: 0.6.1
+    transitivePeerDependencies:
+      - supports-color
+    dev: true
+
   /istanbul-reports@3.1.5:
     resolution: {integrity: sha512-nUsEMa9pBt/NOHqbcbeJEgqIlY/K7rVWUX6Lql2orY5e9roQOthbR3vtY4zzf2orPELg80fnxxk9zUyPlgwD1w==}
     engines: {node: '>=8'}
@@ -1760,6 +1841,11 @@ packages:
       istanbul-lib-report: 3.0.0
     dev: true
 
+  /js-string-escape@1.0.1:
+    resolution: {integrity: sha512-Smw4xcfIQ5LVjAOuJCvN/zIodzA/BBSsluuoSykP+lUvScIi4U6RJLfwHet5cxFnCswUjISV8oAXaqaJDY3chg==}
+    engines: {node: '>= 0.8'}
+    dev: true
+
   /js-yaml@4.1.0:
     resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
     hasBin: true
@@ -1817,6 +1903,10 @@ packages:
     resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==}
     dev: true
 
+  /jsonc-parser@3.2.0:
+    resolution: {integrity: sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==}
+    dev: true
+
   /levn@0.3.0:
     resolution: {integrity: sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==}
     engines: {node: '>= 0.8.0'}
@@ -1833,8 +1923,8 @@ packages:
       type-check: 0.4.0
     dev: true
 
-  /local-pkg@0.4.2:
-    resolution: {integrity: sha512-mlERgSPrbxU3BP4qBqAvvwlgW4MTg78iwJdGGnv7kibKjWcJksrG3t6LB5lXI93wXRDvG4NpUgJFmTG4T6rdrg==}
+  /local-pkg@0.4.3:
+    resolution: {integrity: sha512-SFppqq5p42fe2qcZQqqEOiVRXl+WCP1MdT6k7BDEW1j++sp5fIY+/fdRQitvKgB5BrBcmrs5m/L0v2FrU5MY1g==}
     engines: {node: '>=14'}
     dev: true
 
@@ -1874,6 +1964,12 @@ packages:
       get-func-name: 2.0.0
     dev: true
 
+  /loupe@2.3.6:
+    resolution: {integrity: sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==}
+    dependencies:
+      get-func-name: 2.0.0
+    dev: true
+
   /lru-cache@6.0.0:
     resolution: {integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==}
     engines: {node: '>=10'}
@@ -1886,6 +1982,13 @@ packages:
     dependencies:
       sourcemap-codec: 1.4.8
 
+  /magic-string@0.30.0:
+    resolution: {integrity: sha512-LA+31JYDJLs82r2ScLrlz1GjSgu66ZV518eyWT+S8VhyQn/JL0u9MeBOvQMGYiPk1DBiSN9DDMOcXvigJZaViQ==}
+    engines: {node: '>=12'}
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.4.14
+    dev: true
+
   /make-dir@3.1.0:
     resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==}
     engines: {node: '>=8'}
@@ -1893,6 +1996,13 @@ packages:
       semver: 6.3.0
     dev: true
 
+  /md5-hex@3.0.1:
+    resolution: {integrity: sha512-BUiRtTtV39LIJwinWBjqVsU9xhdnz7/i889V859IBFpuqGAj6LuOvHv5XLbgZ2R7ptJoJaEcxkv88/h25T7Ciw==}
+    engines: {node: '>=8'}
+    dependencies:
+      blueimp-md5: 2.19.0
+    dev: true
+
   /memoize-one@6.0.0:
     resolution: {integrity: sha512-rkpe71W0N0c0Xz6QD0eJETuWAJGnJ9afsl1srmwPrI+yBCkge5EycXXbYRyvL29zZVUWQCY7InPRCv3GDXuZNw==}
     dev: false
@@ -1926,6 +2036,15 @@ packages:
       brace-expansion: 1.1.11
     dev: true
 
+  /mlly@1.3.0:
+    resolution: {integrity: sha512-HT5mcgIQKkOrZecOjOX3DJorTikWXwsBfpcr/MGBkhfWcjiqvnaL/9ppxvIUXfjT6xt4DVIAsN9fMUz1ev4bIw==}
+    dependencies:
+      acorn: 8.8.2
+      pathe: 1.1.1
+      pkg-types: 1.0.3
+      ufo: 1.1.2
+    dev: true
+
   /ms@2.1.2:
     resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==}
     dev: true
@@ -1935,6 +2054,12 @@ packages:
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
     hasBin: true
 
+  /nanoid@3.3.6:
+    resolution: {integrity: sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==}
+    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
+    hasBin: true
+    dev: true
+
   /natural-compare@1.4.0:
     resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
     dev: true
@@ -1995,6 +2120,13 @@ packages:
       yocto-queue: 0.1.0
     dev: true
 
+  /p-limit@4.0.0:
+    resolution: {integrity: sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+    dependencies:
+      yocto-queue: 1.0.0
+    dev: true
+
   /p-locate@5.0.0:
     resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
     engines: {node: '>=10'}
@@ -2039,6 +2171,10 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
+  /pathe@1.1.1:
+    resolution: {integrity: sha512-d+RQGp0MAYTIaDBIMmOfMwz3E+LOZnxx1HZd5R18mmCZY0QBlK0LDZfPc8FW8Ed2DlvsuE6PRjroDY+wg4+j/Q==}
+    dev: true
+
   /pathval@1.1.1:
     resolution: {integrity: sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==}
     dev: true
@@ -2080,6 +2216,14 @@ packages:
       vue-demi: 0.13.8(vue@3.2.37)
     dev: false
 
+  /pkg-types@1.0.3:
+    resolution: {integrity: sha512-nN7pYi0AQqJnoLPC9eHFQ8AcyaixBUOwvqc5TDnIKCMEE6I0y8P7OKA7fPexsXGCGxQDl/cmrLAp26LhcwxZ4A==}
+    dependencies:
+      jsonc-parser: 3.2.0
+      mlly: 1.3.0
+      pathe: 1.1.1
+    dev: true
+
   /postcss-selector-parser@6.0.10:
     resolution: {integrity: sha512-IQ7TZdoaqbT+LCpShg46jnZVlhWD2w6iQYAcYXfHARZ7X1t/UGhhceQDs5X0cGqKvYlHNOuv7Oa1xmb0oQuA3w==}
     engines: {node: '>=4'}
@@ -2096,6 +2240,15 @@ packages:
       picocolors: 1.0.0
       source-map-js: 1.0.2
 
+  /postcss@8.4.24:
+    resolution: {integrity: sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==}
+    engines: {node: ^10 || ^12 || >=14}
+    dependencies:
+      nanoid: 3.3.6
+      picocolors: 1.0.0
+      source-map-js: 1.0.2
+    dev: true
+
   /prelude-ls@1.1.2:
     resolution: {integrity: sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==}
     engines: {node: '>= 0.8.0'}
@@ -2119,6 +2272,15 @@ packages:
     hasBin: true
     dev: true
 
+  /pretty-format@27.5.1:
+    resolution: {integrity: sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==}
+    engines: {node: ^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0}
+    dependencies:
+      ansi-regex: 5.0.1
+      ansi-styles: 5.2.0
+      react-is: 17.0.2
+    dev: true
+
   /psl@1.9.0:
     resolution: {integrity: sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==}
     dev: true
@@ -2132,6 +2294,10 @@ packages:
     resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
     dev: true
 
+  /react-is@17.0.2:
+    resolution: {integrity: sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==}
+    dev: true
+
   /readdirp@3.6.0:
     resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
     engines: {node: '>=8.10.0'}
@@ -2144,11 +2310,6 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
-  /require-directory@2.1.1:
-    resolution: {integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==}
-    engines: {node: '>=0.10.0'}
-    dev: true
-
   /resolve-from@4.0.0:
     resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
     engines: {node: '>=4'}
@@ -2175,9 +2336,9 @@ packages:
       glob: 7.2.3
     dev: true
 
-  /rollup@2.77.3:
-    resolution: {integrity: sha512-/qxNTG7FbmefJWoeeYJFbHehJ2HNWnjkAFRKzWN/45eNBBF/r8lo992CwcJXEzyVxs5FmfId+vTSTQDb+bxA+g==}
-    engines: {node: '>=10.0.0'}
+  /rollup@3.24.0:
+    resolution: {integrity: sha512-OgraHOIg2YpHQTjl0/ymWfFNBEyPucB7lmhXrQUh38qNOegxLapSPFs9sNr0qKR75awW41D93XafoR2QfhBdUQ==}
+    engines: {node: '>=14.18.0', npm: '>=8.0.0'}
     hasBin: true
     optionalDependencies:
       fsevents: 2.3.2
@@ -2239,8 +2400,8 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
-  /signal-exit@3.0.7:
-    resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==}
+  /siginfo@2.0.0:
+    resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==}
     dev: true
 
   /slash@3.0.0:
@@ -2259,13 +2420,12 @@ packages:
   /sourcemap-codec@1.4.8:
     resolution: {integrity: sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA==}
 
-  /string-width@4.2.3:
-    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
-    engines: {node: '>=8'}
-    dependencies:
-      emoji-regex: 8.0.0
-      is-fullwidth-code-point: 3.0.0
-      strip-ansi: 6.0.1
+  /stackback@0.0.2:
+    resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
+    dev: true
+
+  /std-env@3.3.3:
+    resolution: {integrity: sha512-Rz6yejtVyWnVjC1RFvNmYL10kgjC49EOghxWn0RFqlCHGFpQx+Xe7yW3I4ceK1SGrWIGMjD5Kbue8W/udkbMJg==}
     dev: true
 
   /strip-ansi@6.0.1:
@@ -2280,6 +2440,12 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
+  /strip-literal@1.0.1:
+    resolution: {integrity: sha512-QZTsipNpa2Ppr6v1AmJHESqJ3Uz247MUS0OjrnnZjFAvEoWqxuyFuXn2xLgMtRnijJShAa1HL0gtJyUs7u7n3Q==}
+    dependencies:
+      acorn: 8.8.2
+    dev: true
+
   /supports-color@7.2.0:
     resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
     engines: {node: '>=8'}
@@ -2309,13 +2475,22 @@ packages:
     resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
     dev: true
 
-  /tinypool@0.2.4:
-    resolution: {integrity: sha512-Vs3rhkUH6Qq1t5bqtb816oT+HeJTXfwt2cbPH17sWHIYKTotQIFPk3tf2fgqRrVyMDVOc1EnPgzIxfIulXVzwQ==}
+  /time-zone@1.0.0:
+    resolution: {integrity: sha512-TIsDdtKo6+XrPtiTm1ssmMngN1sAhyKnTO2kunQWqNPWIVvCm15Wmw4SWInwTVgJ5u/Tr04+8Ei9TNcw4x4ONA==}
+    engines: {node: '>=4'}
+    dev: true
+
+  /tinybench@2.5.0:
+    resolution: {integrity: sha512-kRwSG8Zx4tjF9ZiyH4bhaebu+EDz1BOx9hOigYHlUW4xxI/wKIUQUqo018UlU4ar6ATPBsaMrdbKZ+tmPdohFA==}
+    dev: true
+
+  /tinypool@0.5.0:
+    resolution: {integrity: sha512-paHQtnrlS1QZYKF/GnLoOM/DN9fqaGOFbCbxzAhwniySnzl9Ebk8w73/dd34DAhe/obUbPAOldTyYXQZxnPBPQ==}
     engines: {node: '>=14.0.0'}
     dev: true
 
-  /tinyspy@1.0.0:
-    resolution: {integrity: sha512-FI5B2QdODQYDRjfuLF+OrJ8bjWRMCXokQPcwKm0W3IzcbUmBNv536cQc7eXGoAuXphZwgx1DFbqImwzz08Fnhw==}
+  /tinyspy@2.1.1:
+    resolution: {integrity: sha512-XPJL2uSzcOyBMky6OFrusqWlzfFrXtE0hPuMgW8A2HmaqrPo4ZQHRN/V0QXN3FSjKxpsbRrFc5LI7KOwBsT1/w==}
     engines: {node: '>=14.0.0'}
     dev: true
 
@@ -2389,6 +2564,10 @@ packages:
     engines: {node: '>=4.2.0'}
     hasBin: true
 
+  /ufo@1.1.2:
+    resolution: {integrity: sha512-TrY6DsjTQQgyS3E3dBaOXf0TpPD8u9FVrVYmKVegJuFw51n/YB9XPt+U6ydzFG5ZIN7+DIjPbNmXoBj9esYhgQ==}
+    dev: true
+
   /universalify@0.1.2:
     resolution: {integrity: sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==}
     engines: {node: '>= 4.0.0'}
@@ -2408,8 +2587,8 @@ packages:
     resolution: {integrity: sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==}
     dev: true
 
-  /v8-to-istanbul@9.0.1:
-    resolution: {integrity: sha512-74Y4LqY74kLE6IFyIjPtkSTWzUZmj8tdHT9Ii/26dvQ6K9Dl2NbEfj0XgU2sHCtKgt5VupqhlO/5aWuqS+IY1w==}
+  /v8-to-istanbul@9.1.0:
+    resolution: {integrity: sha512-6z3GW9x8G1gd+JIIgQQQxXuiJtCXeAjp6RaPEPLv62mH3iPHPxV6W3robxtCzNErRo6ZwTmzWhsbNvjyEBKzKA==}
     engines: {node: '>=10.12.0'}
     dependencies:
       '@jridgewell/trace-mapping': 0.3.15
@@ -2417,37 +2596,65 @@ packages:
       convert-source-map: 1.8.0
     dev: true
 
-  /vite@3.0.8(sass@1.54.4):
-    resolution: {integrity: sha512-AOZ4eN7mrkJiOLuw8IA7piS4IdOQyQCA81GxGsAQvAZzMRi9ZwGB3TOaYsj4uLAWK46T5L4AfQ6InNGlxX30IQ==}
+  /vite-node@0.32.0(@types/node@18.7.6)(sass@1.54.4):
+    resolution: {integrity: sha512-220P/y8YacYAU+daOAqiGEFXx2A8AwjadDzQqos6wSukjvvTWNqleJSwoUn0ckyNdjHIKoxn93Nh1vWBqEKr3Q==}
+    engines: {node: '>=v14.18.0'}
+    hasBin: true
+    dependencies:
+      cac: 6.7.14
+      debug: 4.3.4
+      mlly: 1.3.0
+      pathe: 1.1.1
+      picocolors: 1.0.0
+      vite: 4.2.3(@types/node@18.7.6)(sass@1.54.4)
+    transitivePeerDependencies:
+      - '@types/node'
+      - less
+      - sass
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+    dev: true
+
+  /vite@4.2.3(@types/node@18.7.6)(sass@1.54.4):
+    resolution: {integrity: sha512-kLU+m2q0Y434Y1kCy3TchefAdtFso0ILi0dLyFV8Us3InXTU11H/B5ZTqCKIQHzSKNxVG/yEx813EA9f1imQ9A==}
     engines: {node: ^14.18.0 || >=16.0.0}
     hasBin: true
     peerDependencies:
+      '@types/node': '>= 14'
       less: '*'
       sass: '*'
       stylus: '*'
+      sugarss: '*'
       terser: ^5.4.0
     peerDependenciesMeta:
+      '@types/node':
+        optional: true
       less:
         optional: true
       sass:
         optional: true
       stylus:
         optional: true
+      sugarss:
+        optional: true
       terser:
         optional: true
     dependencies:
-      esbuild: 0.14.54
-      postcss: 8.4.16
+      '@types/node': 18.7.6
+      esbuild: 0.17.19
+      postcss: 8.4.24
       resolve: 1.22.1
-      rollup: 2.77.3
+      rollup: 3.24.0
       sass: 1.54.4
     optionalDependencies:
       fsevents: 2.3.2
     dev: true
 
-  /vitest@0.22.0(jsdom@20.0.0)(sass@1.54.4):
-    resolution: {integrity: sha512-BSIro/QOHLaQY08FHwT6THWhqLQ+VPU+N4Rdo4pcP+16XB6oLmNNAXGcSh/MOLUhfUy+mqCwx7AyKmU7Ms5R+g==}
-    engines: {node: '>=v14.16.0'}
+  /vitest@0.32.0(jsdom@20.0.0)(sass@1.54.4):
+    resolution: {integrity: sha512-SW83o629gCqnV3BqBnTxhB10DAwzwEx3z+rqYZESehUB+eWsJxwcBQx7CKy0otuGMJTYh7qCVuUX23HkftGl/Q==}
+    engines: {node: '>=v14.18.0'}
     hasBin: true
     peerDependencies:
       '@edge-runtime/vm': '*'
@@ -2455,6 +2662,9 @@ packages:
       '@vitest/ui': '*'
       happy-dom: '*'
       jsdom: '*'
+      playwright: '*'
+      safaridriver: '*'
+      webdriverio: '*'
     peerDependenciesMeta:
       '@edge-runtime/vm':
         optional: true
@@ -2466,21 +2676,44 @@ packages:
         optional: true
       jsdom:
         optional: true
+      playwright:
+        optional: true
+      safaridriver:
+        optional: true
+      webdriverio:
+        optional: true
     dependencies:
-      '@types/chai': 4.3.3
+      '@types/chai': 4.3.5
       '@types/chai-subset': 1.3.3
       '@types/node': 18.7.6
-      chai: 4.3.6
+      '@vitest/expect': 0.32.0
+      '@vitest/runner': 0.32.0
+      '@vitest/snapshot': 0.32.0
+      '@vitest/spy': 0.32.0
+      '@vitest/utils': 0.32.0
+      acorn: 8.8.2
+      acorn-walk: 8.2.0
+      cac: 6.7.14
+      chai: 4.3.7
+      concordance: 5.0.4
       debug: 4.3.4
       jsdom: 20.0.0
-      local-pkg: 0.4.2
-      tinypool: 0.2.4
-      tinyspy: 1.0.0
-      vite: 3.0.8(sass@1.54.4)
+      local-pkg: 0.4.3
+      magic-string: 0.30.0
+      pathe: 1.1.1
+      picocolors: 1.0.0
+      std-env: 3.3.3
+      strip-literal: 1.0.1
+      tinybench: 2.5.0
+      tinypool: 0.5.0
+      vite: 4.2.3(@types/node@18.7.6)(sass@1.54.4)
+      vite-node: 0.32.0(@types/node@18.7.6)(sass@1.54.4)
+      why-is-node-running: 2.2.2
     transitivePeerDependencies:
       - less
       - sass
       - stylus
+      - sugarss
       - supports-color
       - terser
     dev: true
@@ -2577,6 +2810,11 @@ packages:
     engines: {node: '>=12'}
     dev: true
 
+  /well-known-symbols@2.0.0:
+    resolution: {integrity: sha512-ZMjC3ho+KXo0BfJb7JgtQ5IBuvnShdlACNkKkdsqBmYw3bPAaJfPeYUo6tLUaT5tG/Gkh7xkpBhKRQ9e7pyg9Q==}
+    engines: {node: '>=6'}
+    dev: true
+
   /whatwg-encoding@2.0.0:
     resolution: {integrity: sha512-p41ogyeMUrw3jWclHWTQg1k05DSVXPLcVxRTYsXUk+ZooOCZLcoYgPZ/HL/D/N+uQPOtcp1me1WhBEaX02mhWg==}
     engines: {node: '>=12'}
@@ -2605,20 +2843,20 @@ packages:
       isexe: 2.0.0
     dev: true
 
+  /why-is-node-running@2.2.2:
+    resolution: {integrity: sha512-6tSwToZxTOcotxHeA+qGCq1mVzKR3CwcJGmVcY+QE8SHy6TnpFnh8PAvPNHYr7EcuVeG0QSMxtYCuO1ta/G/oA==}
+    engines: {node: '>=8'}
+    hasBin: true
+    dependencies:
+      siginfo: 2.0.0
+      stackback: 0.0.2
+    dev: true
+
   /word-wrap@1.2.3:
     resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==}
     engines: {node: '>=0.10.0'}
     dev: true
 
-  /wrap-ansi@7.0.0:
-    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
-    engines: {node: '>=10'}
-    dependencies:
-      ansi-styles: 4.3.0
-      string-width: 4.2.3
-      strip-ansi: 6.0.1
-    dev: true
-
   /wrappy@1.0.2:
     resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
     dev: true
@@ -2645,34 +2883,16 @@ packages:
     resolution: {integrity: sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==}
     dev: true
 
-  /y18n@5.0.8:
-    resolution: {integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==}
-    engines: {node: '>=10'}
-    dev: true
-
   /yallist@4.0.0:
     resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
     dev: true
 
-  /yargs-parser@20.2.9:
-    resolution: {integrity: sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==}
-    engines: {node: '>=10'}
-    dev: true
-
-  /yargs@16.2.0:
-    resolution: {integrity: sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==}
-    engines: {node: '>=10'}
-    dependencies:
-      cliui: 7.0.4
-      escalade: 3.1.1
-      get-caller-file: 2.0.5
-      require-directory: 2.1.1
-      string-width: 4.2.3
-      y18n: 5.0.8
-      yargs-parser: 20.2.9
-    dev: true
-
   /yocto-queue@0.1.0:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
     dev: true
+
+  /yocto-queue@1.0.0:
+    resolution: {integrity: sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==}
+    engines: {node: '>=12.20'}
+    dev: true

From 9ff46a3c633534c2266ad8e6316b9fddaa024a6c Mon Sep 17 00:00:00 2001
From: zhouyifan279 <zhouyifan279@gmail.com>
Date: Thu, 8 Jun 2023 20:16:39 +0800
Subject: [PATCH 427/760] [KYUUBI #4935] More than target num of executors may
 survive after FinalStageResourceManager did kill

### _Why are the changes needed?_
When FinalStageResourceManager chooses executors to be killed, it may add dead executors to the kill list.
This will leave more than target num of executors survived and cause resource waste.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4936 from zhouyifan279/kill-executor.

Closes #4936

2aaa84cb1 [zhouyifan279] [KYUUBI#4935][Improvement] More than target num of executors may survive after FinalStageResourceManager did kill

Authored-by: zhouyifan279 <zhouyifan279@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/spark/sql/FinalStageResourceManager.scala  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index 7a0ae1592..dc573f838 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -170,7 +170,7 @@ case class FinalStageResourceManager(session: SparkSession)
 
     // Evict the rest executors according to the shuffle block size
     executorToBlockSize.toSeq.sortBy(_._2).foreach { case (id, _) =>
-      if (executorIdsToKill.length < expectedNumExecutorToKill) {
+      if (executorIdsToKill.length < expectedNumExecutorToKill && existedExecutors.contains(id)) {
         executorIdsToKill.append(id)
       }
     }

From c8a138f9861986b325fcf00d4795dfe75d19c9f7 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 9 Jun 2023 08:30:23 +0800
Subject: [PATCH 428/760] [KYUUBI #4933] [DOCS] [MINOR] Mark
 `spark.sql.optimizer.insertRepartitionNum` config for Spark 3.1 only

### _Why are the changes needed?_

- Update doc to mark the spark plugin's config `spark.sql.optimizer.insertRepartitionNum` used for Spark 3.1 only

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4933 from bowenliang123/insert-num.

Closes #4933

5ed6e2867 [liangbowen] comment and style
280a6af03 [liangbowen] spark.sql.optimizer.insertRepartitionNum only available for Spark 3.1.x
7f01cf3b6 [liangbowen] spark.sql.optimizer.insertRepartitionNum only available for Spark 3.1.x

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/extensions/engines/spark/rules.md                         | 2 +-
 .../src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/extensions/engines/spark/rules.md b/docs/extensions/engines/spark/rules.md
index 50bf087a8..4614f5244 100644
--- a/docs/extensions/engines/spark/rules.md
+++ b/docs/extensions/engines/spark/rules.md
@@ -66,7 +66,7 @@ Kyuubi provides some configs to make these feature easy to use.
 |                                Name                                 |             Default Value              |                                                                                                                                                                     Description                                                                                                                                                                      | Since |
 |---------------------------------------------------------------------|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|
 | spark.sql.optimizer.insertRepartitionBeforeWrite.enabled            | true                                   | Add repartition node at the top of query plan. An approach of merging small files.                                                                                                                                                                                                                                                                   | 1.2.0 |
-| spark.sql.optimizer.insertRepartitionNum                            | none                                   | The partition number if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. If AQE is disabled, the default value is `spark.sql.shuffle.partitions`. If AQE is enabled, the default value is none that means depend on AQE.                                                                                                       | 1.2.0 |
+| spark.sql.optimizer.insertRepartitionNum                            | none                                   | The partition number if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. If AQE is disabled, the default value is `spark.sql.shuffle.partitions`. If AQE is enabled, the default value is none that means depend on AQE. This config is used for Spark 3.1 only.                                                               | 1.2.0 |
 | spark.sql.optimizer.dynamicPartitionInsertionRepartitionNum         | 100                                    | The partition number of each dynamic partition if `spark.sql.optimizer.insertRepartitionBeforeWrite.enabled` is enabled. We will repartition by dynamic partition columns to reduce the small file but that can cause data skew. This config is to extend the partition of dynamic partition column to avoid skew but may generate some small files. | 1.2.0 |
 | spark.sql.optimizer.forceShuffleBeforeJoin.enabled                  | false                                  | Ensure shuffle node exists before shuffled join (shj and smj) to make AQE `OptimizeSkewedJoin` works (complex scenario join, multi table join).                                                                                                                                                                                                      | 1.2.0 |
 | spark.sql.optimizer.finalStageConfigIsolation.enabled               | false                                  | If true, the final stage support use different config with previous stage. The prefix of final stage config key should be `spark.sql.finalStage.`. For example, the raw spark config: `spark.sql.adaptive.advisoryPartitionSizeInBytes`, then the final stage config should be: `spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`.        | 1.2.0 |
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index cb2f1130e..fa118a3e2 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -34,7 +34,8 @@ object KyuubiSQLConf {
     buildConf("spark.sql.optimizer.insertRepartitionNum")
       .doc(s"The partition number if ${INSERT_REPARTITION_BEFORE_WRITE.key} is enabled. " +
         s"If AQE is disabled, the default value is ${SQLConf.SHUFFLE_PARTITIONS.key}. " +
-        "If AQE is enabled, the default value is none that means depend on AQE.")
+        "If AQE is enabled, the default value is none that means depend on AQE. " +
+        "This config is used for Spark 3.1 only.")
       .version("1.2.0")
       .intConf
       .createOptional

From a9fcf3f280fd8aab3f18cfffe1e8a25c316dffad Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 9 Jun 2023 10:19:15 +0800
Subject: [PATCH 429/760] [KYUUBI #4943] Bump Guava from 31.1 to 32.0.1

### _Why are the changes needed?_

- Guava release note:
  - 32.0.0: https://github.com/google/guava/releases/tag/v32.0.0
  - 32.0.1: https://github.com/google/guava/releases/tag/v32.0.1

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4943 from bowenliang123/guava-32.0.1.

Closes #4943

b8cfe62a1 [liangbowen] update dependencyList
6c2dcef4d [liangbowen] bump guava from 31.1 to 32.0.1

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 2 +-
 pom.xml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 6ec0464c0..5398128fd 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -47,7 +47,7 @@ grpc-protobuf-lite/1.48.0//grpc-protobuf-lite-1.48.0.jar
 grpc-protobuf/1.48.0//grpc-protobuf-1.48.0.jar
 grpc-stub/1.48.0//grpc-stub-1.48.0.jar
 gson/2.9.0//gson-2.9.0.jar
-guava/31.1-jre//guava-31.1-jre.jar
+guava/32.0.1-jre//guava-32.0.1-jre.jar
 hadoop-client-api/3.3.5//hadoop-client-api-3.3.5.jar
 hadoop-client-runtime/3.3.5//hadoop-client-runtime-3.3.5.jar
 hive-common/3.1.3//hive-common-3.1.3.jar
diff --git a/pom.xml b/pom.xml
index 515c15af9..e27e70d68 100644
--- a/pom.xml
+++ b/pom.xml
@@ -143,7 +143,7 @@
         <flink.archive.download.skip>false</flink.archive.download.skip>
         <google.jsr305.version>3.0.2</google.jsr305.version>
         <grpc.version>1.48.0</grpc.version>
-        <guava.version>31.1-jre</guava.version>
+        <guava.version>32.0.1-jre</guava.version>
         <guava.failureaccess.version>1.0.1</guava.failureaccess.version>
         <hadoop.version>3.3.5</hadoop.version>
         <hikaricp.version>4.0.3</hikaricp.version>

From 34e79b419592a4dd2c2fa96983b352c348e3bcce Mon Sep 17 00:00:00 2001
From: zhouyifan279 <zhouyifan279@gmail.com>
Date: Fri, 9 Jun 2023 15:37:32 +0800
Subject: [PATCH 430/760] [KYUUBI #4917][Bug][AUTHZ] Table owner undefied in
 Iceberg 1.3.0 on Spark 3.4

### _Why are the changes needed?_
Fix #4917
- support extracting table owner from `ResolvedIdentifier`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
<img width="1266" alt="image" src="https://github.com/apache/kyuubi/assets/88070094/e3066d0e-7a14-41da-96f6-032a5c53780f">

Closes #4941 from zhouyifan279/drop-table.

Closes #4917

b2207ed17 [zhouyifan279] [KYUUBI #4917][Bug][AUTHZ] Table owner undefied in Iceberg 1.3.0 on Spark 3.4
bc4661a13 [zhouyifan279] [KYUUBI #4917][Bug][AUTHZ] Table owner undefied in Iceberg 1.3.0 on Spark 3.4

Authored-by: zhouyifan279 <zhouyifan279@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/authz/serde/tableExtractors.scala    | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index a8a08ed93..9a4435d5a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -51,6 +51,21 @@ object TableExtractor {
     val properties = invokeAs[JMap[String, String]](table, "properties").asScala
     properties.get("owner")
   }
+
+  def getOwner(spark: SparkSession, catalogName: String, tableIdent: AnyRef): Option[String] = {
+    try {
+      val catalogManager = invokeAs[AnyRef](spark.sessionState, "catalogManager")
+      val catalog = invokeAs[AnyRef](catalogManager, "catalog", (classOf[String], catalogName))
+      val table = invokeAs[AnyRef](
+        catalog,
+        "loadTable",
+        (Class.forName("org.apache.spark.sql.connector.catalog.Identifier"), tableIdent))
+      getOwner(table)
+    } catch {
+      // Exception may occur due to invalid reflection or table not found
+      case _: Exception => None
+    }
+  }
 }
 
 /**
@@ -177,7 +192,8 @@ class ResolvedIdentifierTableExtractor extends TableExtractor {
         val catalog = lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogVal)
         val identifier = invokeAs[AnyRef](v1, "identifier")
         val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, identifier)
-        maybeTable.map(_.copy(catalog = catalog))
+        val owner = catalog.flatMap(name => TableExtractor.getOwner(spark, name, identifier))
+        maybeTable.map(_.copy(catalog = catalog, owner = owner))
       case _ => None
     }
   }

From 5f98539c8263b2e413055a2e514b2faaab88fb02 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 9 Jun 2023 20:57:45 +0800
Subject: [PATCH 431/760] [KYUUBI #4944] [MINOR] Code improvement for Java

### _Why are the changes needed?_

- To satisfied the code scanning suggestion of Java language by CodeQL, with no feature changes
  - Ignored error status of call
    - https://github.com/apache/kyuubi/security/code-scanning/88
  - Inefficient empty string test
      - https://github.com/apache/kyuubi/security/code-scanning/87
  - Inefficient String constructor
      - https://github.com/apache/kyuubi/security/code-scanning/84
  - Missing Override annotation
      - https://github.com/apache/kyuubi/security/code-scanning/78
      - https://github.com/apache/kyuubi/security/code-scanning/79
      - https://github.com/apache/kyuubi/security/code-scanning/80
      - https://github.com/apache/kyuubi/security/code-scanning/81
      - https://github.com/apache/kyuubi/security/code-scanning/82
      - https://github.com/apache/kyuubi/security/code-scanning/83
  - Useless toString on String
      - https://github.com/apache/kyuubi/security/code-scanning/108
  - Use of default toString()
      - https://github.com/apache/kyuubi/security/code-scanning/107
  - Unread local variable
      - https://github.com/apache/kyuubi/security/code-scanning/96
  - Random used only once
      - https://github.com/apache/kyuubi/security/code-scanning/192
      - https://github.com/apache/kyuubi/security/code-scanning/191
  - Missing enum case in switch
      - https://github.com/apache/kyuubi/security/code-scanning/193
- redundant usages of length when calling substring

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4944 from bowenliang123/improve-jdbc.

Closes #4944

b1b4dfa03 [liangbowen] substring
0caefc646 [liangbowen] substring
9dab41b57 [liangbowen] substring
a340df36e [liangbowen] style
94be380e8 [liangbowen] code improvement for java

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java | 4 +---
 .../main/java/org/apache/hive/beeline/KyuubiCommands.java    | 4 ++--
 .../main/java/org/apache/kyuubi/jdbc/KyuubiHiveDriver.java   | 3 ++-
 .../org/apache/kyuubi/jdbc/hive/KyuubiDatabaseMetaData.java  | 2 +-
 .../src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java     | 2 +-
 .../apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java   | 4 ++--
 .../java/org/apache/kyuubi/jdbc/hive/cli/ColumnBuffer.java   | 3 ++-
 .../main/java/org/apache/kyuubi/jdbc/hive/common/Date.java   | 2 ++
 .../java/org/apache/kyuubi/jdbc/hive/common/Timestamp.java   | 2 ++
 .../org/apache/kyuubi/jdbc/hive/common/TimestampTZUtil.java  | 2 +-
 .../java/org/apache/kyuubi/jdbc/hive/TestJdbcDriver.java     | 5 +++--
 .../src/main/java/org/apache/kyuubi/client/RestClient.java   | 2 +-
 .../java/org/apache/kyuubi/client/RetryableRestClient.java   | 4 ++--
 13 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index b3a2fa307..073870a47 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -22,7 +22,6 @@
 import java.sql.Driver;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
@@ -174,8 +173,7 @@ int initArgs(String[] args) {
       return 1;
     }
     if (!commands.isEmpty()) {
-      for (Iterator<String> i = commands.iterator(); i.hasNext(); ) {
-        String command = i.next().toString();
+      for (String command : commands) {
         debug(loc("executing-command", command));
         if (!dispatch(command)) {
           code++;
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 9557f2567..fdd14d8cb 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -357,7 +357,7 @@ public List<String> getCmdList(String line, boolean entireLineAsCommand) {
    */
   private void addCmdPart(List<String> cmdList, StringBuilder command, String cmdpart) {
     if (cmdpart.endsWith("\\")) {
-      command.append(cmdpart.substring(0, cmdpart.length() - 1)).append(";");
+      command.append(cmdpart, 0, cmdpart.length() - 1).append(";");
       return;
     } else {
       command.append(cmdpart);
@@ -422,6 +422,7 @@ private String getProperty(Properties props, String[] keys) {
     return null;
   }
 
+  @Override
   public boolean connect(Properties props) throws IOException {
     String url =
         getProperty(
@@ -507,7 +508,6 @@ public boolean connect(Properties props) throws IOException {
 
   @Override
   public String handleMultiLineCmd(String line) throws IOException {
-    int[] startQuote = {-1};
     Character mask =
         (System.getProperty("jline.terminal", "").equals("jline.UnsupportedTerminal"))
             ? null
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/KyuubiHiveDriver.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/KyuubiHiveDriver.java
index 3b874ba2e..66b797087 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/KyuubiHiveDriver.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/KyuubiHiveDriver.java
@@ -24,6 +24,7 @@
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
 import java.util.logging.Logger;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.kyuubi.jdbc.hive.JdbcConnectionParams;
 import org.apache.kyuubi.jdbc.hive.KyuubiConnection;
 import org.apache.kyuubi.jdbc.hive.KyuubiSQLException;
@@ -137,7 +138,7 @@ private Properties parseURLForPropertyInfo(String url, Properties defaults) thro
       host = "";
     }
     String port = Integer.toString(params.getPort());
-    if (host.equals("")) {
+    if (StringUtils.isEmpty(host)) {
       port = "";
     } else if (port.equals("0") || port.equals("-1")) {
       port = DEFAULT_PORT;
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiDatabaseMetaData.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiDatabaseMetaData.java
index f5e29f8e7..c6ab3a277 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiDatabaseMetaData.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiDatabaseMetaData.java
@@ -531,7 +531,7 @@ public ResultSet getProcedureColumns(
 
   @Override
   public String getProcedureTerm() throws SQLException {
-    return new String("UDF");
+    return "UDF";
   }
 
   @Override
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
index ac9b29664..ef723ea30 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
@@ -126,7 +126,7 @@ static List<String> splitSqlStatement(String sql) {
           break;
       }
     }
-    parts.add(sql.substring(off, sql.length()));
+    parts.add(sql.substring(off));
     return parts;
   }
 
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
index bfa5e632e..948fd3334 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/ZooKeeperHiveClientHelper.java
@@ -22,7 +22,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
+import java.util.concurrent.ThreadLocalRandom;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.apache.kyuubi.shaded.curator.framework.CuratorFramework;
@@ -111,7 +111,7 @@ static void configureConnParams(JdbcConnectionParams connParams)
     try (CuratorFramework zooKeeperClient = getZkClient(connParams)) {
       List<String> serverHosts = getServerHosts(connParams, zooKeeperClient);
       // Now pick a server node randomly
-      String serverNode = serverHosts.get(new Random().nextInt(serverHosts.size()));
+      String serverNode = serverHosts.get(ThreadLocalRandom.current().nextInt(serverHosts.size()));
       updateParamsWithZKServerNode(connParams, zooKeeperClient, serverNode);
     } catch (Exception e) {
       throw new ZooKeeperHiveClientException(
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/cli/ColumnBuffer.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/cli/ColumnBuffer.java
index e703cb1f0..bd5124f95 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/cli/ColumnBuffer.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/cli/ColumnBuffer.java
@@ -228,8 +228,9 @@ public Object get(int index) {
         return stringVars.get(index);
       case BINARY_TYPE:
         return binaryVars.get(index).array();
+      default:
+        return null;
     }
-    return null;
   }
 
   @Override
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Date.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Date.java
index 1b49c268a..720c7517f 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Date.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Date.java
@@ -65,6 +65,7 @@ public String toString() {
     return localDate.format(PRINT_FORMATTER);
   }
 
+  @Override
   public int hashCode() {
     return localDate.hashCode();
   }
@@ -164,6 +165,7 @@ public int getDayOfWeek() {
   }
 
   /** Return a copy of this object. */
+  @Override
   public Object clone() {
     // LocalDateTime is immutable.
     return new Date(this.localDate);
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Timestamp.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Timestamp.java
index cdb6b10ce..7e02835b7 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Timestamp.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/Timestamp.java
@@ -95,6 +95,7 @@ public String toString() {
     return localDateTime.format(PRINT_FORMATTER);
   }
 
+  @Override
   public int hashCode() {
     return localDateTime.hashCode();
   }
@@ -207,6 +208,7 @@ public int getDayOfWeek() {
   }
 
   /** Return a copy of this object. */
+  @Override
   public Object clone() {
     // LocalDateTime is immutable.
     return new Timestamp(this.localDateTime);
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/TimestampTZUtil.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/TimestampTZUtil.java
index a938e1688..be16926cb 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/TimestampTZUtil.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/TimestampTZUtil.java
@@ -98,7 +98,7 @@ private static String handleSingleDigitHourOffset(String s) {
     Matcher matcher = SINGLE_DIGIT_PATTERN.matcher(s);
     if (matcher.find()) {
       int index = matcher.start() + 1;
-      s = s.substring(0, index) + "0" + s.substring(index, s.length());
+      s = s.substring(0, index) + "0" + s.substring(index);
     }
     return s;
   }
diff --git a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/TestJdbcDriver.java b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/TestJdbcDriver.java
index 228ad00ee..efdf73092 100644
--- a/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/TestJdbcDriver.java
+++ b/kyuubi-hive-jdbc/src/test/java/org/apache/kyuubi/jdbc/hive/TestJdbcDriver.java
@@ -24,6 +24,7 @@
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.util.Arrays;
 import java.util.Collection;
 import org.junit.AfterClass;
@@ -67,14 +68,14 @@ public static Collection<Object[]> data() {
   public static void setUpBeforeClass() throws Exception {
     file = new File(System.getProperty("user.dir") + File.separator + "Init.sql");
     if (!file.exists()) {
-      file.createNewFile();
+      Files.createFile(file.toPath());
     }
   }
 
   @AfterClass
   public static void cleanUpAfterClass() throws Exception {
     if (file != null) {
-      file.delete();
+      Files.deleteIfExists(file.toPath());
     }
   }
 
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
index 6447d5477..e6d1d9674 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RestClient.java
@@ -114,7 +114,7 @@ public <T> T post(
               contentBody = new FileBody((File) payload);
               break;
             default:
-              throw new RuntimeException("Unsupported multi part type:" + multiPart);
+              throw new RuntimeException("Unsupported multi part type:" + multiPart.getType());
           }
           entityBuilder.addPart(s, contentBody);
         });
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RetryableRestClient.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RetryableRestClient.java
index dcd052aca..d13151c2e 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RetryableRestClient.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/RetryableRestClient.java
@@ -22,7 +22,7 @@
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
 import java.util.List;
-import java.util.Random;
+import java.util.concurrent.ThreadLocalRandom;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.kyuubi.client.exception.RetryableKyuubiRestException;
 import org.slf4j.Logger;
@@ -44,7 +44,7 @@ public class RetryableRestClient implements InvocationHandler {
   private RetryableRestClient(List<String> uris, RestClientConf conf) {
     this.conf = conf;
     this.uris = uris;
-    this.currentUriIndex = new Random(System.currentTimeMillis()).nextInt(uris.size());
+    this.currentUriIndex = ThreadLocalRandom.current().nextInt(uris.size());
     newRestClient();
   }
 

From 3f74e8bf840ce68542da4e412ee202bdb532a206 Mon Sep 17 00:00:00 2001
From: huangzhir <306824224@qq.com>
Date: Sun, 11 Jun 2023 13:02:56 +0800
Subject: [PATCH 432/760] [KYUUBI #4847] Close the session immediately when
 engine corrupt

### _Why are the changes needed?_

to close https://github.com/apache/kyuubi/issues/4847

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4848 from huangzhir/kyuubisession_leak.

Closes #4847

37e58ce66 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
170c044f5 [huangzhir] Add some logging and modify some code style.
0c393cd9d [huangzhir] fix sytle
d0183298e [huangzhir] "Use the ENGINE_ALIVE_PROBE_ENABLED configuration to enable the Kyuubi session engine alive probe. The default value of ENGINE_ALIVE_PROBE_ENABLED is false. Use the ENGINE_ALIVE_TIMEOUT configuration to determine the duration for checking the engine's alive status. The engineAliveMaxFailCount configuration controls the maximum number of failures allowed during engine alive checks."
b716dd8f6 [huangzhir] fix kyuubi session leak caused by engine stop

Lead-authored-by: huangzhir <306824224@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/session/KyuubiSessionImpl.scala    | 38 +++++++++++
 .../kyuubi/session/KyuubiSessionManager.scala | 28 +++++++-
 .../server/api/v1/SessionsResourceSuite.scala | 65 ++++++++++++++++++-
 .../rest/client/SessionRestApiSuite.scala     | 34 ++++++++++
 4 files changed, 163 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index f72fcadd0..237eb3ca6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -114,6 +114,7 @@ class KyuubiSessionImpl(
     super.open()
 
     runOperation(launchEngineOp)
+    engineLastAlive = System.currentTimeMillis()
   }
 
   private[kyuubi] def openEngineSession(extraEngineLog: Option[OperationLog] = None): Unit =
@@ -283,4 +284,41 @@ class KyuubiSessionImpl(
       case _ => super.executeStatement(statement, confOverlay, runAsync, queryTimeout)
     }
   }
+
+  @volatile private var engineLastAlive: Long = _
+  val engineAliveTimeout = sessionConf.get(KyuubiConf.ENGINE_ALIVE_TIMEOUT)
+  val aliveProbeEnabled = sessionConf.get(KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED)
+  var engineAliveMaxFailCount = 3
+  var engineAliveFailCount = 0
+
+  def checkEngineAlive(): Boolean = {
+    try {
+      if (!aliveProbeEnabled) return true
+      getInfo(TGetInfoType.CLI_DBMS_VER)
+      engineLastAlive = System.currentTimeMillis()
+      engineAliveFailCount = 0
+      true
+    } catch {
+      case e: Throwable =>
+        val now = System.currentTimeMillis()
+        engineAliveFailCount = engineAliveFailCount + 1
+        if (now - engineLastAlive > engineAliveTimeout &&
+          engineAliveFailCount >= engineAliveMaxFailCount) {
+          error(s"The engineRef[${engine.getEngineRefId}] is marked as not alive "
+            + s"due to a lack of recent successful alive probes. "
+            + s"The time since last successful probe: "
+            + s"${now - engineLastAlive} ms exceeds the timeout of $engineAliveTimeout ms. "
+            + s"The engine has failed $engineAliveFailCount times, "
+            + s"surpassing the maximum failure count of $engineAliveMaxFailCount.")
+          false
+        } else {
+          warn(
+            s"The engineRef[${engine.getEngineRefId}] alive probe fails, " +
+              s"${now - engineLastAlive} ms exceeds timeout $engineAliveTimeout ms, " +
+              s"and has failed $engineAliveFailCount times.",
+            e)
+          true
+        }
+    }
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 0ef3f1ac1..d5504ed19 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.session
 
+import java.util.concurrent.TimeUnit
+
 import scala.collection.JavaConverters._
 
 import com.codahale.metrics.MetricRegistry
@@ -36,7 +38,7 @@ import org.apache.kyuubi.plugin.{GroupProvider, PluginLoader, SessionConfAdvisor
 import org.apache.kyuubi.server.metadata.{MetadataManager, MetadataRequestsRetryRef}
 import org.apache.kyuubi.server.metadata.api.Metadata
 import org.apache.kyuubi.sql.parser.server.KyuubiParser
-import org.apache.kyuubi.util.SignUtils
+import org.apache.kyuubi.util.{SignUtils, ThreadUtils}
 
 class KyuubiSessionManager private (name: String) extends SessionManager(name) {
 
@@ -61,6 +63,9 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   private var batchLimiter: Option[SessionLimiter] = None
   lazy val (signingPrivateKey, signingPublicKey) = SignUtils.generateKeyPair()
 
+  private val engineAliveChecker =
+    ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-engine-alive-checker")
+
   override def initialize(conf: KyuubiConf): Unit = {
     this.conf = conf
     addService(applicationManager)
@@ -265,6 +270,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       ms.registerGauge(EXEC_POOL_WORK_QUEUE_SIZE, getWorkQueueSize, 0)
     }
     super.start()
+    startEngineAliveChecker()
   }
 
   def getBatchSessionsToRecover(kyuubiInstance: String): Seq[KyuubiBatchSessionImpl] = {
@@ -339,4 +345,24 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     Seq(userLimit, ipAddressLimit, userIpAddressLimit).find(_ > 0).map(_ =>
       SessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, userUnlimitedList.toSet))
   }
+
+  private def startEngineAliveChecker(): Unit = {
+    val interval = conf.get(KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL)
+    val checkTask: Runnable = () => {
+      allSessions.foreach { session =>
+        if (!session.asInstanceOf[KyuubiSessionImpl].checkEngineAlive()) {
+          try {
+            closeSession(session.handle)
+            logger.info(s"The session ${session.handle} has been closed " +
+              s"due to engine unresponsiveness (checked by the engine alive checker).")
+          } catch {
+            case e: KyuubiSQLException =>
+              warn(s"Error closing session ${session.handle}", e)
+          }
+        }
+      }
+    }
+    engineAliveChecker.scheduleWithFixedDelay(checkTask, interval, interval, TimeUnit.MILLISECONDS)
+  }
+
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
index 07a711de6..b197a489c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
@@ -29,7 +29,7 @@ import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{KyuubiFunSuite, RestFrontendTestHelper}
 import org.apache.kyuubi.client.api.v1.dto
-import org.apache.kyuubi.client.api.v1.dto._
+import org.apache.kyuubi.client.api.v1.dto.{SessionData, _}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
 import org.apache.kyuubi.engine.ShareLevel
@@ -301,4 +301,67 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(sessionEvent.contains("The last 10 line(s) of log are:"))
     }
   }
+
+  test("fix kyuubi session leak caused by engine stop") {
+    // clean up all sessions
+    var response = webTarget.path("api/v1/sessions").request().get()
+    val sessionDataList = response.readEntity(new GenericType[List[SessionData]]() {})
+    sessionDataList.foreach(sessionData => {
+      response = webTarget.path(s"api/v1/sessions/${sessionData.getIdentifier}")
+        .request().delete()
+      assert(200 == response.getStatus)
+    })
+
+    // open a session
+    val requestObj = new SessionOpenRequest(Map(
+      KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED.key -> "true",
+      KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL.key -> "5000",
+      KyuubiConf.ENGINE_ALIVE_TIMEOUT.key -> "3000").asJava)
+    response = webTarget.path("api/v1/sessions")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
+    val sessionHandle = response.readEntity(classOf[SessionHandle]).getIdentifier
+    val pathPrefix = s"api/v1/sessions/$sessionHandle"
+
+    response = webTarget.path("api/v1/sessions/count").request().get()
+    val openedSessionCount = response.readEntity(classOf[SessionOpenCount])
+    assert(openedSessionCount.getOpenSessionCount == 1)
+
+    var statementReq = new StatementRequest(
+      "spark.sql(\"show tables\")",
+      true,
+      3000,
+      Collections.singletonMap(KyuubiConf.OPERATION_LANGUAGE.key, "SCALA"))
+    response = webTarget
+      .path(s"$pathPrefix/operations/statement").request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(statementReq, MediaType.APPLICATION_JSON_TYPE))
+    assert(200 == response.getStatus)
+    var operationHandle = response.readEntity(classOf[OperationHandle])
+    assert(operationHandle !== null)
+    assert(openedSessionCount.getOpenSessionCount == 1)
+
+    statementReq = new StatementRequest(
+      "spark.close()",
+      true,
+      3000,
+      Collections.singletonMap(KyuubiConf.OPERATION_LANGUAGE.key, "SCALA"))
+    response = webTarget
+      .path(s"$pathPrefix/operations/statement").request(MediaType.APPLICATION_JSON_TYPE)
+      .post(Entity.entity(statementReq, MediaType.APPLICATION_JSON_TYPE))
+    assert(200 == response.getStatus)
+    operationHandle = response.readEntity(classOf[OperationHandle])
+    assert(operationHandle !== null)
+
+    // Because the engine has stopped (due to spark.close), the Spark session is closed.
+    // Therefore, the Kyuubi session count should be 0.
+    eventually(timeout(30.seconds), interval(1000.milliseconds)) {
+      var response = webTarget.path("api/v1/sessions/count").request().get()
+      val openedSessionCount = response.readEntity(classOf[SessionOpenCount])
+      assert(openedSessionCount.getOpenSessionCount == 0)
+
+      response = webTarget.path("api/v1/sessions").request().get()
+      val sessionDataList = response.readEntity(new GenericType[List[SessionData]]() {})
+      assert(sessionDataList.isEmpty)
+    }
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
index ed116d077..a1f0fc5ee 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
@@ -18,10 +18,13 @@
 package org.apache.kyuubi.server.rest.client
 
 import java.util
+import java.util.Collections
 
 import scala.collection.JavaConverters._
+import scala.concurrent.duration.DurationInt
 
 import org.apache.hive.service.rpc.thrift.TGetInfoType
+import org.scalatest.concurrent.PatienceConfiguration.Timeout
 
 import org.apache.kyuubi.RestClientTestHelper
 import org.apache.kyuubi.client.{KyuubiRestClient, SessionRestApi}
@@ -163,6 +166,37 @@ class SessionRestApiSuite extends RestClientTestHelper {
     }
   }
 
+  test("fix kyuubi session leak caused by engine stop") {
+    withSessionRestApi { sessionRestApi =>
+      // close all sessions
+      var sessions = sessionRestApi.listSessions().asScala
+      sessions.foreach(session => sessionRestApi.closeSession(session.getIdentifier))
+
+      // open new session
+      val sessionOpenRequest = new SessionOpenRequest(Map(
+        KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED.key -> "true",
+        KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL.key -> "5000",
+        KyuubiConf.ENGINE_ALIVE_TIMEOUT.key -> "3000").asJava)
+      val sessionHandle = sessionRestApi.openSession(sessionOpenRequest)
+
+      // get open session count
+      val sessionCount = sessionRestApi.getOpenSessionCount
+      assert(sessionCount == 1)
+
+      val statementReq = new StatementRequest(
+        "spark.stop()",
+        true,
+        3000,
+        Collections.singletonMap(KyuubiConf.OPERATION_LANGUAGE.key, "SCALA"))
+      sessionRestApi.executeStatement(sessionHandle.getIdentifier.toString, statementReq)
+
+      eventually(Timeout(30.seconds), interval(1.seconds)) {
+        assert(sessionRestApi.getOpenSessionCount == 0)
+        assert(sessionRestApi.listSessions().asScala.isEmpty)
+      }
+    }
+  }
+
   def withSessionRestApi[T](f: SessionRestApi => T): T = {
     val basicKyuubiRestClient: KyuubiRestClient =
       KyuubiRestClient.builder(baseUri.toString)

From cc89e54bbf8cdf5507259a53a6442a1999c4910a Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 11 Jun 2023 17:09:12 +0800
Subject: [PATCH 433/760] [KYUUBI #4947] Bump pnpm version in maven's frontend
 plugin to 8.6.1 for lockfileVersion 6.1

### _Why are the changes needed?_

- The current  lockfileVersion of the `pnpm` lock file has been bumped from 6.0 to 6.1 in #4931  (passed CI as it uses latest 8.x pnpm), which is incompatible with the currently `pnpm` version 8.4.1 in maven's frontend plugin 8.4.1
- Bump pnpm version to solve the conflicts

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4947 from bowenliang123/pnpm-8.6.1.

Closes #4947

074dcca1f [liangbowen] Bump pnpm version to 8.6.1 for lockfileVersion 6.0

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e27e70d68..56ef77d42 100644
--- a/pom.xml
+++ b/pom.xml
@@ -211,7 +211,7 @@
         <!-- webui -->
         <webui.skip>true</webui.skip>
         <node.version>v18.16.0</node.version>
-        <pnpm.version>v8.4.0</pnpm.version>
+        <pnpm.version>v8.6.1</pnpm.version>
 
         <!-- apply to kyuubi-hive-jdbc/kyuubi-hive-beeline module -->
         <hive.client.jline.version>2.12</hive.client.jline.version>

From b10a8ef27d0d9256eddd17d1e8eba3464ea19f31 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 12 Jun 2023 09:02:09 +0800
Subject: [PATCH 434/760] [KYUUBI #4948] [BUILD] Reuse versions of NodeJS and
 Pnpm from maven properties

### _Why are the changes needed?_

- fetch versions for NodeJS and Pnpm from Maven properties
- enabled npm dependency caching for global packages and web-ui module, as the step above takes extra time in builds.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4948 from bowenliang123/pnpm-version.

Closes #4948

80b0f6934 [liangbowen] Reuse versions of NodeJS and Pnpm from maven properties

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/web-ui.yml | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/web-ui.yml b/.github/workflows/web-ui.yml
index 13d072321..9de7a599d 100644
--- a/.github/workflows/web-ui.yml
+++ b/.github/workflows/web-ui.yml
@@ -21,14 +21,35 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@v3
-      - name: setup npm
+      - name: Setup JDK 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 8
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
+      - name: Get NodeJS and PNPM version
+        run: |
+          NODEJS_VERSION=$(build/mvn help:evaluate -Dexpression=node.version -q -DforceStdout)
+          PNPM_VERSION=$(build/mvn help:evaluate -Dexpression=pnpm.version -q -DforceStdout)
+          echo "NODEJS_VERSION=${NODEJS_VERSION}" >> "$GITHUB_ENV"
+          echo "PNPM_VERSION=${PNPM_VERSION}" >> "$GITHUB_ENV"
+      - name: Setup Nodejs and NPM
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: ${{env.NODEJS_VERSION}}
+          cache: npm
+          cache-dependency-path: ./kyuubi-server/web-ui/package.json
+      - name: Cache NPM dependencies
+        uses: actions/cache@v3
+        with:
+          path: ./kyuubi-server/web-ui/node_modules
+          key: webui-dependencies-${{ hashFiles('kyuubi-server/web-ui/pnpm-lock.yaml') }}
+          restore-keys: webui-dependencies-
       - name: npm run coverage & build
         run: |
           cd ./kyuubi-server/web-ui
-          npm install pnpm@8 -g
+          npm install pnpm@${PNPM_VERSION} -g
           pnpm install
           pnpm run coverage
           pnpm run build

From 7d8e89c27f4e489079e353e40470592a50cfd45c Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 12 Jun 2023 13:31:36 +0800
Subject: [PATCH 435/760] [KYUUBI #4949] For operation getNextRowSet method,
 with operation lock required

### _Why are the changes needed?_

For the operation getNextRowSet method, we shall add lock for it.

For example, for spark operation, the result iterator is not thread-safe, it might throw exception(if the jdbc client to kyuubi server connection socket timeout).

For incremental collect mode, the fetchResult might trigger a spark task to collect the incremental result(`self.next().toIterator`).

The jdbc client to kyuubi gateway timeout, but the fetchResult request has been sent to engine.
Then the jdbc client re-send the fetchResult request.

And the getNextResultSet in spark engine side concurrent execute.

And the result iterator is not thread-safe and might cause NPE.

![image](https://github.com/apache/kyuubi/assets/6757692/03c369c7-dc12-40d7-aac3-c8f5e799d1cf)
![image](https://github.com/apache/kyuubi/assets/6757692/a3414f84-5112-4ea6-a611-f15e6288aba2)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4949 from turboFei/lock_next_rowset.

Closes #4949

8f18f3236 [fwang12] getNextRowSetInternal and withLockRequired

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/engine/chat/operation/ChatOperation.scala | 2 +-
 .../kyuubi/engine/flink/operation/FlinkOperation.scala      | 2 +-
 .../apache/kyuubi/engine/hive/operation/HiveOperation.scala | 2 +-
 .../apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala | 2 +-
 .../kyuubi/engine/spark/operation/SparkOperation.scala      | 2 +-
 .../kyuubi/engine/trino/operation/ExecuteStatement.scala    | 2 +-
 .../kyuubi/engine/trino/operation/TrinoOperation.scala      | 2 +-
 .../org/apache/kyuubi/operation/AbstractOperation.scala     | 6 +++++-
 .../scala/org/apache/kyuubi/operation/NoopOperation.scala   | 2 +-
 .../org/apache/kyuubi/operation/ExecutedCommandExec.scala   | 2 +-
 .../kyuubi/operation/KyuubiApplicationOperation.scala       | 2 +-
 .../scala/org/apache/kyuubi/operation/KyuubiOperation.scala | 2 +-
 12 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
index bb6e8a8a3..3ae21aa9f 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
@@ -31,7 +31,7 @@ abstract class ChatOperation(session: Session) extends AbstractOperation(session
 
   protected lazy val conf: KyuubiConf = session.sessionManager.getConf
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
index 422ae7d4b..ef80034d3 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
@@ -91,7 +91,7 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
index c02569784..2df4a072a 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
@@ -92,7 +92,7 @@ abstract class HiveOperation(session: Session) extends AbstractOperation(session
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     val tOrder = FetchOrientation.toTFetchOrientation(order)
     val hiveOrder = org.apache.hive.service.cli.FetchOrientation.getFetchOrientation(tOrder)
     val rowSet = internalHiveOperation.getNextRowSet(hiveOrder, rowSetSize)
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
index f4d1c27e7..1c4e0c57f 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
@@ -36,7 +36,7 @@ abstract class JdbcOperation(session: Session) extends AbstractOperation(session
 
   protected lazy val dialect: JdbcDialect = JdbcDialects.get(conf)
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index 320e67635..5062a4904 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -233,7 +233,7 @@ abstract class SparkOperation(session: Session)
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     var resultRowSet: TRowSet = null
     try {
       withLocalProperties {
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala
index eb1b27300..405c93b0b 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala
@@ -82,7 +82,7 @@ class ExecuteStatement(
     }
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
index bff058605..20153b84f 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
@@ -54,7 +54,7 @@ abstract class TrinoOperation(session: Session) extends AbstractOperation(sessio
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
index 2e52757a2..5264ddebd 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
@@ -182,7 +182,11 @@ abstract class AbstractOperation(session: Session) extends Operation with Loggin
 
   override def getResultSetMetadata: TGetResultSetMetadataResp
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet
+  def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet
+
+  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = withLockRequired {
+    getNextRowSetInternal(order, rowSetSize)
+  }
 
   /**
    * convert SQL 'like' pattern to a Java regular expression.
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala
index 2d1166525..4093d1fca 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala
@@ -76,7 +76,7 @@ class NoopOperation(session: Session, shouldFail: Boolean = false)
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     val col = TColumn.stringVal(new TStringColumn(Seq(opType).asJava, ByteBuffer.allocate(0)))
     val tRowSet = ThriftUtils.newEmptyRowSet
     tRowSet.addToColumns(col)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala
index 98065b8cb..93379da4b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala
@@ -67,7 +67,7 @@ class ExecutedCommandExec(
     if (!shouldRunAsync) getBackgroundHandle.get()
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
index fc109f499..54cfdfe93 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
@@ -54,7 +54,7 @@ abstract class KyuubiApplicationOperation(session: Session) extends KyuubiOperat
     resp
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     applicationInfoMap.map { state =>
       val tRow = new TRowSet(0, new JArrayList[TRow](state.size))
       Seq(state.keys, state.values.map(Option(_).getOrElse(""))).map(_.toSeq.asJava).foreach {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
index 783581a06..e357b7912 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
@@ -179,7 +179,7 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
     }
   }
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)

From 06a915aff451eafe8da43894be76b33cd013e3de Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 12 Jun 2023 21:01:51 +0800
Subject: [PATCH 436/760] [KYUUBI #4950] Migrate Kyuubi embedded database from
 Derby to SQLite

### _Why are the changes needed?_

Apache Derby is no longer active. One major drawback of Derby is that it does not support multiple connections to single db files, making it hard to analyze the data on local development.

SQLite may be the most popular embedded DBMS in the world. It lives almost in every smartphone (at least Android and iOS integrate SQLite), which means SQLite is quite stable and may be a good choice for standalone production deployment.

SQLite provides a CLI command `sqlite3` which is easy to use to connect a data file and run queries. Multi connections to a single db file is allowed, which helps a lot to analyze the data when the Kyuubi server is running.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4950 from pan3793/sqlite.

Closes #4950

738c39e6a [Cheng Pan] Update docs/deployment/migration-guide.md
5facdad9c [Cheng Pan] Update docs/deployment/migration-guide.md
b9883489c [Cheng Pan] migrate default metadata store to sqlite
c785e1a77 [Cheng Pan] migrate jdbc auth test to sqlite
23f63b932 [Cheng Pan] introduce sqlite deps

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .gitignore                                    |  1 +
 .rat-excludes                                 |  1 +
 LICENSE-binary                                |  1 +
 dev/dependencyList                            |  1 +
 docs/deployment/migration-guide.md            |  7 ++
 docs/deployment/settings.md                   | 34 ++++----
 kyuubi-common/pom.xml                         |  6 ++
 .../org/apache/kyuubi/util/JdbcUtils.scala    |  3 +-
 .../JdbcAuthenticationProviderImplSuite.scala | 30 ++-----
 kyuubi-server/pom.xml                         |  5 ++
 .../sql/sqlite/001-KYUUBI-3967.sqlite.sql     | 47 +++++++++++
 .../sql/sqlite/002-KYUUBI-4119.sqlite.sql     |  3 +
 .../src/main/resources/sql/sqlite/README      | 82 +++++++++++++++++++
 .../metadata-store-schema-1.6.0.sqlite.sql    | 35 ++++++++
 .../metadata-store-schema-1.7.0.sqlite.sql    | 34 ++++++++
 .../sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql  |  4 +
 .../server/metadata/jdbc/DatabaseType.scala   |  2 +-
 .../metadata/jdbc/JDBCMetadataStore.scala     |  4 +-
 .../metadata/jdbc/JDBCMetadataStoreConf.scala |  8 +-
 .../metadata/jdbc/JdbcDatabaseDialect.scala   |  3 +-
 .../jdbc/JDBCMetadataStoreSuite.scala         |  2 +-
 pom.xml                                       |  7 ++
 22 files changed, 272 insertions(+), 48 deletions(-)
 create mode 100644 kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/sqlite/README
 create mode 100644 kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql

diff --git a/.gitignore b/.gitignore
index a43859338..a2f6fb1ef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@
 
 *#*#
 *.#*
+*.db
 *.iml
 *.ipr
 *.iws
diff --git a/.rat-excludes b/.rat-excludes
index 645c673d0..356fafccd 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -50,6 +50,7 @@ build/scala-*/**
 **/metadata-store-schema*.sql
 **/*.derby.sql
 **/*.mysql.sql
+**/*.sqlite.sql
 **/node/**
 **/web-ui/dist/**
 **/pnpm-lock.yaml
diff --git a/LICENSE-binary b/LICENSE-binary
index 065fc6499..d51e52d43 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -322,6 +322,7 @@ com.squareup.okhttp3:okhttp
 org.apache.kafka:kafka-clients
 org.lz4:lz4-java
 org.xerial.snappy:snappy-java
+org.xerial:sqlite-jdbc
 
 BSD
 ------------
diff --git a/dev/dependencyList b/dev/dependencyList
index 5398128fd..3ac2760f5 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -183,6 +183,7 @@ simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
 snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
+sqlite-jdbc/3.42.0.0//sqlite-jdbc-3.42.0.0.jar
 swagger-annotations/2.2.1//swagger-annotations-2.2.1.jar
 swagger-core/2.2.1//swagger-core-2.2.1.jar
 swagger-integration/2.2.1//swagger-integration-2.2.1.jar
diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index fc916048c..8998bced0 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -17,6 +17,13 @@
 
 # Kyuubi Migration Guide
 
+## Upgrading from Kyuubi 1.7 to 1.8
+
+* Since Kyuubi 1.8, SQLite is added and becomes the default database type of Kyuubi metastore, as Derby has been deprecated.
+  Both Derby and SQLite are mainly for testing purposes, and they're not supposed to be used in production.
+  To restore previous behavior, set `kyuubi.metadata.store.jdbc.database.type=DERBY` and
+  `kyuubi.metadata.store.jdbc.url=jdbc:derby:memory:kyuubi_state_store_db;create=true`.
+
 ## Upgrading from Kyuubi 1.7.0 to 1.7.1
 
 * Since Kyuubi 1.7.1, `protocolVersion` is removed from the request parameters of the REST API `Open(create) a session`. All removed or unknown parameters will be silently ignored and affects nothing.
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index a358b4270..4a24499be 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -312,23 +312,23 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Metadata
 
-|                       Key                       |                         Default                          |                                                                                                                                                                                                                                                                 Meaning                                                                                                                                                                                                                                                                 |   Type   | Since |
-|-------------------------------------------------|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.metadata.cleaner.enabled                 | true                                                     | Whether to clean the metadata periodically. If it is enabled, Kyuubi will clean the metadata that is in the terminate state with max age limitation.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
-| kyuubi.metadata.cleaner.interval                | PT30M                                                    | The interval to check and clean expired metadata.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | duration | 1.6.0 |
-| kyuubi.metadata.max.age                         | PT72H                                                    | The maximum age of metadata, the metadata exceeding the age will be cleaned.                                                                                                                                                                                                                                                                                                                                                                                                                                                            | duration | 1.6.0 |
-| kyuubi.metadata.recovery.threads                | 10                                                       | The number of threads for recovery from the metadata store when the Kyuubi server restarts.                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.6.0 |
-| kyuubi.metadata.request.async.retry.enabled     | true                                                     | Whether to retry in async when metadata request failed. When true, return success response immediately even the metadata request failed, and schedule it in background until success, to tolerate long-time metadata store outages w/o blocking the submission request.                                                                                                                                                                                                                                                                 | boolean  | 1.7.0 |
-| kyuubi.metadata.request.async.retry.queue.size  | 65536                                                    | The maximum queue size for buffering metadata requests in memory when the external metadata storage is down. Requests will be dropped if the queue exceeds. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                | int      | 1.6.0 |
-| kyuubi.metadata.request.async.retry.threads     | 10                                                       | Number of threads in the metadata request async retry manager thread pool. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.6.0 |
-| kyuubi.metadata.request.retry.interval          | PT5S                                                     | The interval to check and trigger the metadata request retry tasks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.0 |
-| kyuubi.metadata.store.class                     | org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStore | Fully qualified class name for server metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.database.schema.init | true                                                     | Whether to init the JDBC metadata store database schema.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.6.0 |
-| kyuubi.metadata.store.jdbc.database.type        | DERBY                                                    | The database type for server jdbc metadata store.<ul> <li>DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.driver               | &lt;undefined&gt;                                        | JDBC driver class name for server jdbc metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.password                                                                       || The password for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.url                  | jdbc:derby:memory:kyuubi_state_store_db;create=true      | The JDBC url for server JDBC metadata store. By default, it is a DERBY in-memory database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.user                                                                           || The username for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.6.0 |
+|                       Key                       |                         Default                          |                                                                                                                                                                                                                                                                                                    Meaning                                                                                                                                                                                                                                                                                                    |   Type   | Since |
+|-------------------------------------------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.metadata.cleaner.enabled                 | true                                                     | Whether to clean the metadata periodically. If it is enabled, Kyuubi will clean the metadata that is in the terminate state with max age limitation.                                                                                                                                                                                                                                                                                                                                                                                                                                                          | boolean  | 1.6.0 |
+| kyuubi.metadata.cleaner.interval                | PT30M                                                    | The interval to check and clean expired metadata.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | duration | 1.6.0 |
+| kyuubi.metadata.max.age                         | PT72H                                                    | The maximum age of metadata, the metadata exceeding the age will be cleaned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.6.0 |
+| kyuubi.metadata.recovery.threads                | 10                                                       | The number of threads for recovery from the metadata store when the Kyuubi server restarts.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.6.0 |
+| kyuubi.metadata.request.async.retry.enabled     | true                                                     | Whether to retry in async when metadata request failed. When true, return success response immediately even the metadata request failed, and schedule it in background until success, to tolerate long-time metadata store outages w/o blocking the submission request.                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.7.0 |
+| kyuubi.metadata.request.async.retry.queue.size  | 65536                                                    | The maximum queue size for buffering metadata requests in memory when the external metadata storage is down. Requests will be dropped if the queue exceeds. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                      | int      | 1.6.0 |
+| kyuubi.metadata.request.async.retry.threads     | 10                                                       | Number of threads in the metadata request async retry manager thread pool. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                                                                                                       | int      | 1.6.0 |
+| kyuubi.metadata.request.retry.interval          | PT5S                                                     | The interval to check and trigger the metadata request retry tasks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.6.0 |
+| kyuubi.metadata.store.class                     | org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStore | Fully qualified class name for server metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.database.schema.init | true                                                     | Whether to init the JDBC metadata store database schema.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | boolean  | 1.6.0 |
+| kyuubi.metadata.store.jdbc.database.type        | SQLITE                                                   | The database type for server jdbc metadata store.<ul> <li>(Deprecated) DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.driver               | &lt;undefined&gt;                                        | JDBC driver class name for server jdbc metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.password                                                                       || The password for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.url                  | jdbc:sqlite:memory:kyuubi_state_store.db                 | The JDBC url for server JDBC metadata store. By default, it is a DERBY in-memory database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.user                                                                           || The username for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
 
 ### Metrics
 
diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index 376bb860c..1b0ba3110 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -171,6 +171,12 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.xerial</groupId>
+            <artifactId>sqlite-jdbc</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>com.jakewharton.fliptables</groupId>
             <artifactId>fliptables</artifactId>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala
index b89580f4c..996589cb7 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/JdbcUtils.scala
@@ -108,7 +108,8 @@ object JdbcUtils extends Logging {
   def isDuplicatedKeyDBErr(cause: Throwable): Boolean = {
     val duplicatedKeyKeywords = Seq(
       "duplicate key value in a unique or primary key constraint or unique index", // Derby
-      "Duplicate entry" // MySQL
+      "Duplicate entry", // MySQL
+      "A UNIQUE constraint failed" // SQLite
     )
     duplicatedKeyKeywords.exists(cause.getMessage.contains)
   }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
index dcbc62dfa..4642eb910 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
@@ -17,32 +17,27 @@
 
 package org.apache.kyuubi.service.authentication
 
-import java.sql.DriverManager
 import java.util.Properties
 import javax.security.sasl.AuthenticationException
 import javax.sql.DataSource
 
 import com.zaxxer.hikari.util.DriverDataSource
 
-import org.apache.kyuubi.{KyuubiFunSuite, Utils}
+import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.util.JdbcUtils
 
 class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
-  protected val dbUser: String = "bowenliang123"
-  protected val dbPasswd: String = "bowenliang123@kyuubi"
-  protected val authDbName: String = "auth_db"
-  protected val dbUrl: String = s"jdbc:derby:memory:$authDbName"
-  protected val jdbcUrl: String = s"$dbUrl;create=true"
-  private val authDbDriverClz = "org.apache.derby.jdbc.AutoloadedDriver"
+  protected val jdbcUrl: String = "jdbc:sqlite:file:test_auth.db"
+  private val authDbDriverClz = "org.sqlite.JDBC"
 
   implicit private val ds: DataSource = new DriverDataSource(
     jdbcUrl,
     authDbDriverClz,
     new Properties,
-    dbUser,
-    dbPasswd)
+    null,
+    null)
 
   protected val authUser: String = "kyuubiuser"
   protected val authPasswd: String = "kyuubiuuserpassword"
@@ -50,15 +45,13 @@ class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
   protected val conf: KyuubiConf = new KyuubiConf()
     .set(AUTHENTICATION_JDBC_DRIVER, authDbDriverClz)
     .set(AUTHENTICATION_JDBC_URL, jdbcUrl)
-    .set(AUTHENTICATION_JDBC_USER, dbUser)
-    .set(AUTHENTICATION_JDBC_PASSWORD, dbPasswd)
     .set(
       AUTHENTICATION_JDBC_QUERY,
       "SELECT 1 FROM user_auth WHERE username=${user} and passwd=${password}")
 
   override def beforeAll(): Unit = {
+    JdbcUtils.execute("DROP TABLE IF EXISTS user_auth")()
     // init db
-    JdbcUtils.execute(s"CREATE SCHEMA $dbUser")()
     JdbcUtils.execute(
       """CREATE TABLE user_auth (
         |  username VARCHAR(64) NOT NULL PRIMARY KEY,
@@ -72,15 +65,6 @@ class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
     super.beforeAll()
   }
 
-  override def afterAll(): Unit = {
-    super.afterAll()
-
-    // cleanup db
-    Utils.tryLogNonFatalError {
-      DriverManager.getConnection(s"$dbUrl;shutdown=true")
-    }
-  }
-
   test("authenticate tests") {
     val providerImpl = new JdbcAuthenticationProviderImpl(conf)
     providerImpl.authenticate(authUser, authPasswd)
@@ -144,6 +128,6 @@ class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
     val e12 = intercept[AuthenticationException] {
       new JdbcAuthenticationProviderImpl(_conf).authenticate(authUser, authPasswd)
     }
-    assert(e12.getCause.getMessage.contains("Column 'UNKNOWN_COLUMN' is either not in any table"))
+    assert(e12.getCause.getMessage.contains("no such column: unknown_column"))
   }
 }
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index e1a9c3312..8376d84a0 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -252,6 +252,11 @@
             <artifactId>derby</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.xerial</groupId>
+            <artifactId>sqlite-jdbc</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>io.trino</groupId>
             <artifactId>trino-client</artifactId>
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql
new file mode 100644
index 000000000..3809d16fa
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql
@@ -0,0 +1,47 @@
+SELECT '< KYUUBI-3967: Shorten column varchar length of metadata table >' AS ' ';
+
+BEGIN;
+
+CREATE TABLE metadata_X(
+    key_id INTEGER PRIMARY KEY AUTOINCREMENT, -- the auto increment key id
+    identifier varchar(36) NOT NULL, -- the identifier id, which is an UUID
+    session_type varchar(32) NOT NULL, -- the session type, SQL or BATCH
+    real_user varchar(255) NOT NULL, -- the real user
+    user_name varchar(255) NOT NULL, -- the user name, might be a proxy user
+    ip_address varchar(128), -- the client ip address
+    kyuubi_instance varchar(1024) NOT NULL, -- the kyuubi instance that creates this
+    state varchar(128) NOT NULL, -- the session state
+    resource varchar(1024), -- the main resource
+    class_name varchar(1024), -- the main class name
+    request_name varchar(1024), -- the request name
+    request_conf mediumtext, -- the request config map
+    request_args mediumtext, -- the request arguments
+    create_time BIGINT NOT NULL, -- the metadata create time
+    engine_type varchar(32) NOT NULL, -- the engine type
+    cluster_manager varchar(128), -- the engine cluster manager
+    engine_id varchar(128), -- the engine application id
+    engine_name mediumtext, -- the engine application name
+    engine_url varchar(1024), -- the engine tracking url
+    engine_state varchar(32), -- the engine application state
+    engine_error mediumtext, -- the engine application diagnose
+    end_time bigint, -- the metadata end time
+    peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
+);
+
+INSERT INTO metadata_X SELECT * FROM metadata;
+
+DROP TABLE metadata;
+
+ALTER TABLE metadata_X RENAME TO metadata;
+
+CREATE INDEX metadata_kyuubi_instance_index ON metadata(kyuubi_instance);
+
+CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
+
+CREATE INDEX metadata_user_name_index ON metadata(user_name);
+
+CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
+
+COMMIT;
+
+DROP INDEX metadata_kyuubi_instance_index;
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql
new file mode 100644
index 000000000..12bee3250
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql
@@ -0,0 +1,3 @@
+SELECT '< KYUUBI-4119: Return app submission time for batch >' AS ' ';
+
+ALTER TABLE metadata ADD COLUMN engine_open_time bigint;
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/README b/kyuubi-server/src/main/resources/sql/sqlite/README
new file mode 100644
index 000000000..38341f6d3
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/sqlite/README
@@ -0,0 +1,82 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+Kyuubi MetaStore Upgrade HowTo
+==============================
+
+This document describes how to upgrade the schema of a SQLite backed
+Kyuubi MetaStore instance from one release version of Kyuubi to another
+release version of Kyuubi. For example, by following the steps listed
+below it is possible to upgrade a Kyuubi 1.6.0 MetaStore schema to a
+Kyuubi 1.7.0 MetaStore schema. Before attempting this project we
+strongly recommend that you read through all of the steps in this
+document and familiarize yourself with the required tools.
+
+MetaStore Upgrade Steps
+=======================
+
+1) Shutdown your MetaStore instance and restrict access to the
+   MetaStore's SQLite database. It is very important that no one else
+   accesses or modifies the contents of database while you are
+   performing the schema upgrade.
+
+2) Create a backup of your SQLite metastore database. This will allow
+   you to revert any changes made during the upgrade process if
+   something goes wrong. The `sqlite3` command is the easiest way to
+   create a backup of a SQLite database:
+
+   % sqlite3 <metastore_db_name>.db '.backup <metastore_db_name>_backup.db'
+
+3) Dump your metastore database schema to a file. We use the `sqlite3`
+   utility again, but this time with a command line option that
+   specifies we are only interested in dumping the DDL statements
+   required to create the schema:
+
+   % sqlite3 <metastore_db_name>.db '.schema' > schema-x.y.z.sqlite.sql
+
+4) The schema upgrade scripts assume that the schema you are upgrading
+   closely matches the official schema for your particular version of
+   Kyuubi. The files in this directory with names like
+   "metadata-store-schema-x.y.z.sqlite.sql" contain dumps of the official schemas
+   corresponding to each of the released versions of Kyuubi. You can
+   determine differences between your schema and the official schema
+   by diffing the contents of the official dump with the schema dump
+   you created in the previous step. Some differences are acceptable
+   and will not interfere with the upgrade process, but others need to
+   be resolved manually or the upgrade scripts will fail to complete.
+
+5) You are now ready to run the schema upgrade scripts. If you are
+   upgrading from Kyuubi 1.6.0 to Kyuubi 1.7.0 you need to run the
+   upgrade-1.6.0-to-1.7.0.sqlite.sql script, but if you are upgrading
+   from 1.6.0 to 1.8.0 you will need to run the 1.6.0 to 1.7.0 upgrade
+   script followed by the 1.7.0 to 1.8.0 upgrade script.
+
+   % sqlite3 <metastore_db_name>.db
+   sqlite> .read  upgrade-1.6.0-to-1.7.0.sqlite.sql
+   sqlite> .read  upgrade-1.7.0-to-1.8.0.sqlite.sql
+
+   These scripts should run to completion without any errors. If you
+   do encounter errors you need to analyze the cause and attempt to
+   trace it back to one of the preceding steps.
+
+6) The final step of the upgrade process is validating your freshly
+   upgraded schema against the official schema for your particular
+   version of Kyuubi. This is accomplished by repeating steps (3) and
+   (4), but this time comparing against the official version of the
+   upgraded schema, e.g. if you upgraded the schema to Kyuubi 1.7.0 then
+   you will want to compare your schema dump against the contents of
+   metadata-store-schema-1.7.0.sqlite.sql
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
new file mode 100644
index 000000000..72447e452
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
@@ -0,0 +1,35 @@
+-- the metadata table ddl
+
+CREATE TABLE IF NOT EXISTS metadata(
+    key_id INTEGER PRIMARY KEY AUTOINCREMENT, -- the auto increment key id
+    identifier varchar(36) NOT NULL, -- the identifier id, which is an UUID
+    session_type varchar(128) NOT NULL, -- the session type, SQL or BATCH
+    real_user varchar(1024) NOT NULL, -- the real user
+    user_name varchar(1024) NOT NULL, -- the user name, might be a proxy user
+    ip_address varchar(512), -- the client ip address
+    kyuubi_instance varchar(1024) NOT NULL, -- the kyuubi instance that creates this
+    state varchar(128) NOT NULL, -- the session state
+    resource varchar(1024), -- the main resource
+    class_name varchar(1024), -- the main class name
+    request_name varchar(1024), -- the request name
+    request_conf mediumtext, -- the request config map
+    request_args mediumtext, -- the request arguments
+    create_time BIGINT NOT NULL, -- the metadata create time
+    engine_type varchar(1024) NOT NULL, -- the engine type
+    cluster_manager varchar(128), -- the engine cluster manager
+    engine_id varchar(128), -- the engine application id
+    engine_name mediumtext, -- the engine application name
+    engine_url varchar(1024), -- the engine tracking url
+    engine_state varchar(128), -- the engine application state
+    engine_error mediumtext, -- the engine application diagnose
+    end_time bigint, -- the metadata end time
+    peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
+);
+
+CREATE INDEX metadata_kyuubi_instance_index ON metadata(kyuubi_instance);
+
+CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
+
+CREATE INDEX metadata_user_name_index ON metadata(user_name);
+
+CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
new file mode 100644
index 000000000..fd5513e42
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
@@ -0,0 +1,34 @@
+-- the metadata table ddl
+
+CREATE TABLE IF NOT EXISTS metadata(
+    key_id INTEGER PRIMARY KEY AUTOINCREMENT, -- the auto increment key id
+    identifier varchar(36) NOT NULL, -- the identifier id, which is an UUID
+    session_type varchar(32) NOT NULL, -- the session type, SQL or BATCH
+    real_user varchar(255) NOT NULL, -- the real user
+    user_name varchar(255) NOT NULL, -- the user name, might be a proxy user
+    ip_address varchar(128), -- the client ip address
+    kyuubi_instance varchar(1024) NOT NULL, -- the kyuubi instance that creates this
+    state varchar(128) NOT NULL, -- the session state
+    resource varchar(1024), -- the main resource
+    class_name varchar(1024), -- the main class name
+    request_name varchar(1024), -- the request name
+    request_conf mediumtext, -- the request config map
+    request_args mediumtext, -- the request arguments
+    create_time BIGINT NOT NULL, -- the metadata create time
+    engine_type varchar(32) NOT NULL, -- the engine type
+    cluster_manager varchar(128), -- the engine cluster manager
+    engine_open_time bigint, -- the engine open time
+    engine_id varchar(128), -- the engine application id
+    engine_name mediumtext, -- the engine application name
+    engine_url varchar(1024), -- the engine tracking url
+    engine_state varchar(32), -- the engine application state
+    engine_error mediumtext, -- the engine application diagnose
+    end_time bigint, -- the metadata end time
+    peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
+);
+
+CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
+
+CREATE INDEX metadata_user_name_index ON metadata(user_name);
+
+CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql
new file mode 100644
index 000000000..f9a663ef1
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql
@@ -0,0 +1,4 @@
+SELECT '< Upgrading MetaStore schema from 1.6.0 to 1.7.0 >' AS ' ';
+.read 001-KYUUBI-3967.sqlite.sql
+.read 002-KYUUBI-4119.sqlite.sql
+SELECT '< Finished upgrading MetaStore schema from 1.6.0 to 1.7.0 >' AS ' ';
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/DatabaseType.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/DatabaseType.scala
index ef93f31c5..67d6686d1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/DatabaseType.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/DatabaseType.scala
@@ -20,5 +20,5 @@ package org.apache.kyuubi.server.metadata.jdbc
 object DatabaseType extends Enumeration {
   type DatabaseType = Value
 
-  val DERBY, MYSQL, CUSTOM = Value
+  val DERBY, MYSQL, CUSTOM, SQLITE = Value
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 488039e2b..e815efabb 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -47,6 +47,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   private val dbType = DatabaseType.withName(conf.get(METADATA_STORE_JDBC_DATABASE_TYPE))
   private val driverClassOpt = conf.get(METADATA_STORE_JDBC_DRIVER)
   private val driverClass = dbType match {
+    case SQLITE => driverClassOpt.getOrElse("org.sqlite.JDBC")
     case DERBY => driverClassOpt.getOrElse("org.apache.derby.jdbc.AutoloadedDriver")
     case MYSQL => driverClassOpt.getOrElse("com.mysql.jdbc.Driver")
     case CUSTOM => driverClassOpt.getOrElse(
@@ -55,7 +56,8 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 
   private val databaseAdaptor = dbType match {
     case DERBY => new DerbyDatabaseDialect
-    case MYSQL => new MysqlDatabaseDialect
+    case SQLITE => new SQLiteDatabaseDialect
+    case MYSQL => new MySQLDatabaseDialect
     case CUSTOM => new GenericDatabaseDialect
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
index 0d46fa7fc..0b4786810 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
@@ -37,7 +37,9 @@ object JDBCMetadataStoreConf {
   val METADATA_STORE_JDBC_DATABASE_TYPE: ConfigEntry[String] =
     buildConf("kyuubi.metadata.store.jdbc.database.type")
       .doc("The database type for server jdbc metadata store.<ul>" +
-        " <li>DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li>" +
+        " <li>(Deprecated) DERBY: Apache Derby, JDBC driver " +
+        "`org.apache.derby.jdbc.AutoloadedDriver`.</li>" +
+        " <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li>" +
         " <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li>" +
         " <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li>" +
         " Note that: The JDBC datasource is powered by HiKariCP, for datasource properties," +
@@ -47,7 +49,7 @@ object JDBCMetadataStoreConf {
       .serverOnly
       .stringConf
       .transformToUpperCase
-      .createWithDefault("DERBY")
+      .createWithDefault("SQLITE")
 
   val METADATA_STORE_JDBC_DATABASE_SCHEMA_INIT: ConfigEntry[Boolean] =
     buildConf("kyuubi.metadata.store.jdbc.database.schema.init")
@@ -74,7 +76,7 @@ object JDBCMetadataStoreConf {
       .version("1.6.0")
       .serverOnly
       .stringConf
-      .createWithDefault("jdbc:derby:memory:kyuubi_state_store_db;create=true")
+      .createWithDefault("jdbc:sqlite:memory:kyuubi_state_store.db")
 
   val METADATA_STORE_JDBC_USER: ConfigEntry[String] =
     buildConf("kyuubi.metadata.store.jdbc.user")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala
index 837af77cf..1fbfc1cbc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala
@@ -33,4 +33,5 @@ class GenericDatabaseDialect extends JdbcDatabaseDialect {
   }
 }
 
-class MysqlDatabaseDialect extends GenericDatabaseDialect {}
+class SQLiteDatabaseDialect extends GenericDatabaseDialect {}
+class MySQLDatabaseDialect extends GenericDatabaseDialect {}
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
index aa53af3a9..aee4497df 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
@@ -30,7 +30,7 @@ import org.apache.kyuubi.session.SessionType
 
 class JDBCMetadataStoreSuite extends KyuubiFunSuite {
   private val conf = KyuubiConf()
-    .set(METADATA_STORE_JDBC_DATABASE_TYPE, DatabaseType.DERBY.toString)
+    .set(METADATA_STORE_JDBC_DATABASE_TYPE, DatabaseType.SQLITE.toString)
     .set(METADATA_STORE_JDBC_DATABASE_SCHEMA_INIT, true)
     .set(s"$METADATA_STORE_JDBC_DATASOURCE_PREFIX.connectionTimeout", "3000")
     .set(s"$METADATA_STORE_JDBC_DATASOURCE_PREFIX.maximumPoolSize", "99")
diff --git a/pom.xml b/pom.xml
index 56ef77d42..bb70dfdb5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -198,6 +198,7 @@
         <spark.archive.name>spark-${spark.version}-bin-hadoop3.tgz</spark.archive.name>
         <spark.archive.mirror>${apache.archive.dist}/spark/spark-${spark.version}</spark.archive.mirror>
         <spark.archive.download.skip>false</spark.archive.download.skip>
+        <sqlite.version>3.42.0.0</sqlite.version>
         <swagger.version>2.2.1</swagger.version>
         <swagger-ui.version>4.9.1</swagger-ui.version>
         <testcontainers-scala.version>0.40.12</testcontainers-scala.version>
@@ -1451,6 +1452,12 @@
                 <version>${derby.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>org.xerial</groupId>
+                <artifactId>sqlite-jdbc</artifactId>
+                <version>${sqlite.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>org.apache.kudu</groupId>
                 <artifactId>kudu-client</artifactId>

From 0f27e81bccf7d392608fc5a984baf97bb73ec60a Mon Sep 17 00:00:00 2001
From: haorenhui <haorenhui@kingsoft.com>
Date: Mon, 12 Jun 2023 21:41:49 +0800
Subject: [PATCH 437/760] [KYUUBI #4881] JDBCEngine performs initialization sql

### _Why are the changes needed?_

close https://github.com/apache/kyuubi/issues/4881
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4886 from rhh777/jdbcengine.

Closes #4881

e0439f8e6 [haorenhui] [KYUUBI #4881] update settings.md
d667d8fe8 [haorenhui] [KYUUBI #4881] update conf/docs
cba06b4b9 [haorenhui] [KYUUBI #4881] simplify code
80be4d27c [haorenhui] [KYUUBI #4881] fix style
4f0fa3ab2 [haorenhui] [KYUUBI #4881] JDBCEngine performs initialization sql

Authored-by: haorenhui <haorenhui@kingsoft.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  2 +
 .../kyuubi/engine/jdbc/JdbcSQLEngine.scala    |  4 ++
 .../engine/jdbc/session/JdbcSessionImpl.scala |  6 ++
 .../engine/jdbc/util/KyuubiJdbcUtils.scala    | 57 +++++++++++++++++++
 .../org/apache/kyuubi/config/KyuubiConf.scala | 18 ++++++
 5 files changed, 87 insertions(+)
 create mode 100644 externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/util/KyuubiJdbcUtils.scala

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 4a24499be..4fa8c73d9 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -154,8 +154,10 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.jdbc.connection.user                       | &lt;undefined&gt;         | The user is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
 | kyuubi.engine.jdbc.driver.class                          | &lt;undefined&gt;         | The driver class for JDBC engine connection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
 | kyuubi.engine.jdbc.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the JDBC query engine, for configuring the location of the JDBC driver and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.6.0 |
+| kyuubi.engine.jdbc.initialize.sql                        | SELECT 1                  | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SELECT 1` to eagerly active JDBCClient.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | seq      | 1.8.0 |
 | kyuubi.engine.jdbc.java.options                          | &lt;undefined&gt;         | The extra Java options for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
 | kyuubi.engine.jdbc.memory                                | 1g                        | The heap memory for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.engine.jdbc.session.initialize.sql                                           || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | seq      | 1.8.0 |
 | kyuubi.engine.jdbc.type                                  | &lt;undefined&gt;         | The short name of JDBC type                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
 | kyuubi.engine.kubernetes.submit.timeout                  | PT30S                     | The engine submit timeout for Kubernetes application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.7.2 |
 | kyuubi.engine.operation.convert.catalog.database.enabled | true                      | When set to true, The engine converts the JDBC methods of set/get Catalog and set/get Schema to the implementation of different engines                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/JdbcSQLEngine.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/JdbcSQLEngine.scala
index 618098f31..6e0647f6c 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/JdbcSQLEngine.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/JdbcSQLEngine.scala
@@ -19,7 +19,9 @@ package org.apache.kyuubi.engine.jdbc
 import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.Utils.{addShutdownHook, JDBC_ENGINE_SHUTDOWN_PRIORITY}
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.ENGINE_JDBC_INITIALIZE_SQL
 import org.apache.kyuubi.engine.jdbc.JdbcSQLEngine.currentEngine
+import org.apache.kyuubi.engine.jdbc.util.KyuubiJdbcUtils
 import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ZK_CONN_RETRY_POLICY
 import org.apache.kyuubi.ha.client.RetryPolicies
 import org.apache.kyuubi.service.Serverable
@@ -71,6 +73,8 @@ object JdbcSQLEngine extends Logging {
       kyuubiConf.setIfMissing(HA_ZK_CONN_RETRY_POLICY, RetryPolicies.N_TIME.toString)
 
       startEngine()
+
+      KyuubiJdbcUtils.initializeJdbcSession(kyuubiConf, kyuubiConf.get(ENGINE_JDBC_INITIALIZE_SQL))
     } catch {
       case t: Throwable if currentEngine.isDefined =>
         currentEngine.foreach { engine =>
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
index f8cd40412..5acae8f24 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
@@ -23,8 +23,10 @@ import scala.util.{Failure, Success, Try}
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 
 import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.config.KyuubiConf.ENGINE_JDBC_SESSION_INITIALIZE_SQL
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.jdbc.connection.ConnectionProvider
+import org.apache.kyuubi.engine.jdbc.util.KyuubiJdbcUtils
 import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
 
 class JdbcSessionImpl(
@@ -51,6 +53,10 @@ class JdbcSessionImpl(
       sessionConnection = ConnectionProvider.create(kyuubiConf)
       databaseMetaData = sessionConnection.getMetaData
     }
+    KyuubiJdbcUtils.initializeJdbcSession(
+      kyuubiConf,
+      sessionConnection,
+      kyuubiConf.get(ENGINE_JDBC_SESSION_INITIALIZE_SQL))
     super.open()
     info(s"The jdbc session is started.")
   }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/util/KyuubiJdbcUtils.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/util/KyuubiJdbcUtils.scala
new file mode 100644
index 000000000..7107045ff
--- /dev/null
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/util/KyuubiJdbcUtils.scala
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.jdbc.util
+
+import java.sql.Connection
+
+import org.apache.kyuubi.{KyuubiSQLException, Logging}
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.engine.jdbc.connection.ConnectionProvider
+import org.apache.kyuubi.engine.jdbc.dialect.{JdbcDialect, JdbcDialects}
+import org.apache.kyuubi.util.JdbcUtils
+
+object KyuubiJdbcUtils extends Logging {
+
+  def initializeJdbcSession(kyuubiConf: KyuubiConf, initializationSQLs: Seq[String]): Unit = {
+    JdbcUtils.withCloseable(ConnectionProvider.create(kyuubiConf)) { connection =>
+      initializeJdbcSession(kyuubiConf, connection, initializationSQLs)
+    }
+  }
+
+  def initializeJdbcSession(
+      kyuubiConf: KyuubiConf,
+      connection: Connection,
+      initializationSQLs: Seq[String]): Unit = {
+    if (initializationSQLs == null || initializationSQLs.isEmpty) {
+      return
+    }
+    try {
+      val dialect: JdbcDialect = JdbcDialects.get(kyuubiConf)
+      JdbcUtils.withCloseable(dialect.createStatement(connection)) { statement =>
+        initializationSQLs.foreach { sql =>
+          debug(s"Execute initialization sql: $sql")
+          statement.execute(sql)
+        }
+      }
+    } catch {
+      case e: Exception =>
+        error("Failed to execute initialization sql.", e)
+        throw KyuubiSQLException(e)
+    }
+  }
+}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 36fd27285..d51a5f5c3 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2585,6 +2585,24 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
+  val ENGINE_JDBC_INITIALIZE_SQL: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.engine.jdbc.initialize.sql")
+      .doc("SemiColon-separated list of SQL statements to be initialized in the newly created " +
+        "engine before queries. i.e. use `SELECT 1` to eagerly active JDBCClient.")
+      .version("1.8.0")
+      .stringConf
+      .toSequence(";")
+      .createWithDefaultString("SELECT 1")
+
+  val ENGINE_JDBC_SESSION_INITIALIZE_SQL: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.engine.jdbc.session.initialize.sql")
+      .doc("SemiColon-separated list of SQL statements to be initialized in the newly created " +
+        "engine session before queries.")
+      .version("1.8.0")
+      .stringConf
+      .toSequence(";")
+      .createWithDefault(Nil)
+
   val ENGINE_OPERATION_CONVERT_CATALOG_DATABASE_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.engine.operation.convert.catalog.database.enabled")
       .doc("When set to true, The engine converts the JDBC methods of set/get Catalog " +

From cca4405fcb581e6b8dd3f3cbd8ab55c278045113 Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Tue, 13 Jun 2023 14:09:37 +0800
Subject: [PATCH 438/760] [KYUUBI #4952] Enhance AWS Glue default database does
 not exist error message on opening session

### _Why are the changes needed?_

When the default databases of glue do not exist, initializing the engine session failed.
```
Caused by: software.amazon.awssdk.services.glue.model.AccessDeniedException: User: arn:aws:iam::xxxxx:user/vault-token-wap-udp-int-readwrite-1686560253-eVgl3oauuaB7v0V6wX9 is not authorized to perform: glue:GetDatabase on resource: arn:aws:glue:us-east-1:xxxxx:database/default because no identity-based policy allows the glue:GetDatabase action (Service: Glue, Status Code: 400, Request ID: 3f816608-0cb2-467b-9181-05c5bfcd29b3, Extended Request ID: null)
```
![image](https://github.com/apache/kyuubi/assets/43336508/a0e9ccac-7fdb-4036-a4f3-2885d7bd0ac5)

The default initialize sql "SHOW DATABASES" when Kyuubi spark accesses the glue catalog. Try to change the initialize sql "use glue.wap" has the same error.
```
kyuubi.engine.initialize.sql=use glue.wap
kyuubi.engine.session.initialize.sql=use glue.wap
```
The root cause is that hive defines a use:database, which will initialize access to the database default.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4952 from dev-lpq/glue_database.

Closes #4952

8f0951d4d [pengqli] add Glue database
90e47712f [pengqli] enhance AWS Glue database

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/spark/session/SparkSessionImpl.scala      | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index 39d02f067..ddc0370d9 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -75,7 +75,11 @@ class SparkSessionImpl(
       } catch {
         case e
             if database == "default" &&
-              StringUtils.containsAny(e.getMessage, "not found", "SCHEMA_NOT_FOUND") =>
+              StringUtils.containsAny(
+                e.getMessage,
+                "not found",
+                "SCHEMA_NOT_FOUND",
+                "is not authorized to perform: glue:GetDatabase") =>
       }
     }
 

From 32bb71efcc5aa96a6c5998aaf6dfc97b390276d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=B1=BC=E8=82=9A?= <uicosp@gmail.com>
Date: Tue, 13 Jun 2023 16:16:23 +0800
Subject: [PATCH 439/760] [KYUUBI #4954] [DOCS] Fix variable reference in
 quick_start_with_jdbc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fix typo, replace kyuubiJdbcUrl with kyuubiJdbcUrlTemplate.

### _Why are the changes needed?_
fix typo, should be String.format(kyuubiJdbcUrlTemplate, ...)

### _How was this patch tested?_
just fix typo, no test need.
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4954 from uicosp/patch-1.

Closes #4954

8abf04d87 [鱼肚] Update quick_start_with_jdbc.md

Authored-by: 鱼肚 <uicosp@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start_with_jdbc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start_with_jdbc.md b/docs/quick_start/quick_start_with_jdbc.md
index c7001db64..862e22fa1 100644
--- a/docs/quick_start/quick_start_with_jdbc.md
+++ b/docs/quick_start/quick_start_with_jdbc.md
@@ -80,7 +80,7 @@ public class KyuubiJDBCDemo {
     String clientPrincipal = args[0]; // Kerberos principal
     String clientKeytab = args[1];    // Keytab file location
     String serverPrincipal = arg[2];  // Kerberos principal used by Kyuubi Server
-    String kyuubiJdbcUrl = String.format(kyuubiJdbcUrl, clientPrincipal, clientKeytab, serverPrincipal);
+    String kyuubiJdbcUrl = String.format(kyuubiJdbcUrlTemplate, clientPrincipal, clientKeytab, serverPrincipal);
     try (Connection conn = DriverManager.getConnection(kyuubiJdbcUrl)) {
       try (Statement stmt = conn.createStatement()) {
         try (ResultSet rs = st.executeQuery("show databases")) {

From f69cf9406faa0bd9e9f32196d3f1be7a62b6f950 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 13 Jun 2023 20:08:45 +0800
Subject: [PATCH 440/760] [KYUUBI #4950][FOLLOWUP] Misc improvement for usage
 of SQLite

### _Why are the changes needed?_

- Improve log on executing init schema DDL.
- Add `IF NOT EXISTS` on `CREATE INDEX` statement.
- Fix `kyuubi.metadata.store.jdbc.url` configuration description.
- Delete SQLite files on performing `build/mvn clean`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4953 from pan3793/sqlite-followup.

Closes #4950

a0b44f37c [Cheng Pan] [KYUUBI #4950][FOLLOWUP] Misc improvement for usage of SQLite

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                               | 2 +-
 .../sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql     | 8 ++++----
 .../sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql     | 6 +++---
 .../kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala   | 6 ++++--
 .../server/metadata/jdbc/JDBCMetadataStoreConf.scala      | 4 ++--
 pom.xml                                                   | 1 +
 6 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 4fa8c73d9..97ca5973d 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -329,7 +329,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.metadata.store.jdbc.database.type        | SQLITE                                                   | The database type for server jdbc metadata store.<ul> <li>(Deprecated) DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.driver               | &lt;undefined&gt;                                        | JDBC driver class name for server jdbc metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.password                                                                       || The password for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.url                  | jdbc:sqlite:memory:kyuubi_state_store.db                 | The JDBC url for server JDBC metadata store. By default, it is a DERBY in-memory database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.url                  | jdbc:sqlite:kyuubi_state_store.db                        | The JDBC url for server JDBC metadata store. By default, it is a SQLite database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.user                                                                           || The username for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
 
 ### Metrics
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
index 72447e452..c444a96ce 100644
--- a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
@@ -26,10 +26,10 @@ CREATE TABLE IF NOT EXISTS metadata(
     peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
 );
 
-CREATE INDEX metadata_kyuubi_instance_index ON metadata(kyuubi_instance);
+CREATE INDEX IF NOT EXISTS metadata_kyuubi_instance_index ON metadata(kyuubi_instance);
 
-CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
+CREATE UNIQUE INDEX IF NOT EXISTS metadata_unique_identifier_index ON metadata(identifier);
 
-CREATE INDEX metadata_user_name_index ON metadata(user_name);
+CREATE INDEX IF NOT EXISTS metadata_user_name_index ON metadata(user_name);
 
-CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
+CREATE INDEX IF NOT EXISTS metadata_engine_type_index ON metadata(engine_type);
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
index fd5513e42..2b05dd5db 100644
--- a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
@@ -27,8 +27,8 @@ CREATE TABLE IF NOT EXISTS metadata(
     peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
 );
 
-CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
+CREATE UNIQUE INDEX IF NOT EXISTS metadata_unique_identifier_index ON metadata(identifier);
 
-CREATE INDEX metadata_user_name_index ON metadata(user_name);
+CREATE INDEX IF NOT EXISTS metadata_user_name_index ON metadata(user_name);
 
-CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
+CREATE INDEX IF NOT EXISTS metadata_engine_type_index ON metadata(engine_type);
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index e815efabb..3f9463bf7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -82,12 +82,14 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 
   private def initSchema(): Unit = {
     getInitSchema(dbType).foreach { schema =>
-      val ddlStatements = schema.trim.split(";")
+      val ddlStatements = schema.trim.split(";").map(_.trim)
       JdbcUtils.withConnection { connection =>
         Utils.tryLogNonFatalError {
           ddlStatements.foreach { ddlStatement =>
             execute(connection, ddlStatement)
-            info(s"Execute init schema ddl: $ddlStatement successfully.")
+            info(s"""Execute init schema ddl successfully.
+                    |$ddlStatement
+                    |""".stripMargin)
           }
         }
       }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
index 0b4786810..dd5d74138 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
@@ -69,14 +69,14 @@ object JDBCMetadataStoreConf {
 
   val METADATA_STORE_JDBC_URL: ConfigEntry[String] =
     buildConf("kyuubi.metadata.store.jdbc.url")
-      .doc("The JDBC url for server JDBC metadata store. By default, it is a DERBY in-memory" +
+      .doc("The JDBC url for server JDBC metadata store. By default, it is a SQLite" +
         " database url, and the state information is not shared across kyuubi instances. To" +
         " enable high availability for multiple kyuubi instances," +
         " please specify a production JDBC url.")
       .version("1.6.0")
       .serverOnly
       .stringConf
-      .createWithDefault("jdbc:sqlite:memory:kyuubi_state_store.db")
+      .createWithDefault("jdbc:sqlite:kyuubi_state_store.db")
 
   val METADATA_STORE_JDBC_USER: ConfigEntry[String] =
     buildConf("kyuubi.metadata.store.jdbc.user")
diff --git a/pom.xml b/pom.xml
index bb70dfdb5..da883e207 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1820,6 +1820,7 @@
                                 <directory>${project.basedir}</directory>
                                 <includes>
                                     <include>**/*.log</include>
+                                    <include>**/*.db</include>
                                 </includes>
                             </fileset>
                             <fileset>

From b723e4abe0c2e1d2cb8026d41b5760a5b3e76ba9 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 14 Jun 2023 14:54:59 +0800
Subject: [PATCH 441/760] [KYUUBI #4950][FOLLOWUP] SQLite schema files should
 start from 1.8.0

### _Why are the changes needed?_

SQLite is added since 1.8.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4955 from pan3793/sqlite-init.

Closes #4950

24de565cf [Cheng Pan] [KYUUBI #4950][FOLLOWUP] SQLite schema files should start from 1.8.0

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../sql/sqlite/001-KYUUBI-3967.sqlite.sql     | 47 -------------------
 .../sql/sqlite/002-KYUUBI-4119.sqlite.sql     |  3 --
 .../src/main/resources/sql/sqlite/README      | 20 ++++----
 .../metadata-store-schema-1.6.0.sqlite.sql    | 35 --------------
 ...=> metadata-store-schema-1.8.0.sqlite.sql} |  0
 .../sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql  |  4 --
 6 files changed, 10 insertions(+), 99 deletions(-)
 delete mode 100644 kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql
 delete mode 100644 kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql
 delete mode 100644 kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
 rename kyuubi-server/src/main/resources/sql/sqlite/{metadata-store-schema-1.7.0.sqlite.sql => metadata-store-schema-1.8.0.sqlite.sql} (100%)
 delete mode 100644 kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql

diff --git a/kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql
deleted file mode 100644
index 3809d16fa..000000000
--- a/kyuubi-server/src/main/resources/sql/sqlite/001-KYUUBI-3967.sqlite.sql
+++ /dev/null
@@ -1,47 +0,0 @@
-SELECT '< KYUUBI-3967: Shorten column varchar length of metadata table >' AS ' ';
-
-BEGIN;
-
-CREATE TABLE metadata_X(
-    key_id INTEGER PRIMARY KEY AUTOINCREMENT, -- the auto increment key id
-    identifier varchar(36) NOT NULL, -- the identifier id, which is an UUID
-    session_type varchar(32) NOT NULL, -- the session type, SQL or BATCH
-    real_user varchar(255) NOT NULL, -- the real user
-    user_name varchar(255) NOT NULL, -- the user name, might be a proxy user
-    ip_address varchar(128), -- the client ip address
-    kyuubi_instance varchar(1024) NOT NULL, -- the kyuubi instance that creates this
-    state varchar(128) NOT NULL, -- the session state
-    resource varchar(1024), -- the main resource
-    class_name varchar(1024), -- the main class name
-    request_name varchar(1024), -- the request name
-    request_conf mediumtext, -- the request config map
-    request_args mediumtext, -- the request arguments
-    create_time BIGINT NOT NULL, -- the metadata create time
-    engine_type varchar(32) NOT NULL, -- the engine type
-    cluster_manager varchar(128), -- the engine cluster manager
-    engine_id varchar(128), -- the engine application id
-    engine_name mediumtext, -- the engine application name
-    engine_url varchar(1024), -- the engine tracking url
-    engine_state varchar(32), -- the engine application state
-    engine_error mediumtext, -- the engine application diagnose
-    end_time bigint, -- the metadata end time
-    peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
-);
-
-INSERT INTO metadata_X SELECT * FROM metadata;
-
-DROP TABLE metadata;
-
-ALTER TABLE metadata_X RENAME TO metadata;
-
-CREATE INDEX metadata_kyuubi_instance_index ON metadata(kyuubi_instance);
-
-CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
-
-CREATE INDEX metadata_user_name_index ON metadata(user_name);
-
-CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
-
-COMMIT;
-
-DROP INDEX metadata_kyuubi_instance_index;
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql
deleted file mode 100644
index 12bee3250..000000000
--- a/kyuubi-server/src/main/resources/sql/sqlite/002-KYUUBI-4119.sqlite.sql
+++ /dev/null
@@ -1,3 +0,0 @@
-SELECT '< KYUUBI-4119: Return app submission time for batch >' AS ' ';
-
-ALTER TABLE metadata ADD COLUMN engine_open_time bigint;
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/README b/kyuubi-server/src/main/resources/sql/sqlite/README
index 38341f6d3..de15931f5 100644
--- a/kyuubi-server/src/main/resources/sql/sqlite/README
+++ b/kyuubi-server/src/main/resources/sql/sqlite/README
@@ -21,8 +21,8 @@ Kyuubi MetaStore Upgrade HowTo
 This document describes how to upgrade the schema of a SQLite backed
 Kyuubi MetaStore instance from one release version of Kyuubi to another
 release version of Kyuubi. For example, by following the steps listed
-below it is possible to upgrade a Kyuubi 1.6.0 MetaStore schema to a
-Kyuubi 1.7.0 MetaStore schema. Before attempting this project we
+below it is possible to upgrade a Kyuubi 1.8.0 MetaStore schema to a
+Kyuubi 1.9.0 MetaStore schema. Before attempting this project we
 strongly recommend that you read through all of the steps in this
 document and familiarize yourself with the required tools.
 
@@ -60,14 +60,14 @@ MetaStore Upgrade Steps
    be resolved manually or the upgrade scripts will fail to complete.
 
 5) You are now ready to run the schema upgrade scripts. If you are
-   upgrading from Kyuubi 1.6.0 to Kyuubi 1.7.0 you need to run the
-   upgrade-1.6.0-to-1.7.0.sqlite.sql script, but if you are upgrading
-   from 1.6.0 to 1.8.0 you will need to run the 1.6.0 to 1.7.0 upgrade
-   script followed by the 1.7.0 to 1.8.0 upgrade script.
+   upgrading from Kyuubi 1.8.0 to Kyuubi 1.9.0 you need to run the
+   upgrade-1.8.0-to-1.9.0.sqlite.sql script, but if you are upgrading
+   from 1.8.0 to 2.0.0 you will need to run the 1.8.0 to 1.9.0 upgrade
+   script followed by the 1.9.0 to 2.0.0 upgrade script.
 
    % sqlite3 <metastore_db_name>.db
-   sqlite> .read  upgrade-1.6.0-to-1.7.0.sqlite.sql
-   sqlite> .read  upgrade-1.7.0-to-1.8.0.sqlite.sql
+   sqlite> .read  upgrade-1.8.0-to-1.9.0.sqlite.sql
+   sqlite> .read  upgrade-1.9.0-to-2.0.0.sqlite.sql
 
    These scripts should run to completion without any errors. If you
    do encounter errors you need to analyze the cause and attempt to
@@ -77,6 +77,6 @@ MetaStore Upgrade Steps
    upgraded schema against the official schema for your particular
    version of Kyuubi. This is accomplished by repeating steps (3) and
    (4), but this time comparing against the official version of the
-   upgraded schema, e.g. if you upgraded the schema to Kyuubi 1.7.0 then
+   upgraded schema, e.g. if you upgraded the schema to Kyuubi 1.9.0 then
    you will want to compare your schema dump against the contents of
-   metadata-store-schema-1.7.0.sqlite.sql
+   metadata-store-schema-1.9.0.sqlite.sql
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
deleted file mode 100644
index c444a96ce..000000000
--- a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.6.0.sqlite.sql
+++ /dev/null
@@ -1,35 +0,0 @@
--- the metadata table ddl
-
-CREATE TABLE IF NOT EXISTS metadata(
-    key_id INTEGER PRIMARY KEY AUTOINCREMENT, -- the auto increment key id
-    identifier varchar(36) NOT NULL, -- the identifier id, which is an UUID
-    session_type varchar(128) NOT NULL, -- the session type, SQL or BATCH
-    real_user varchar(1024) NOT NULL, -- the real user
-    user_name varchar(1024) NOT NULL, -- the user name, might be a proxy user
-    ip_address varchar(512), -- the client ip address
-    kyuubi_instance varchar(1024) NOT NULL, -- the kyuubi instance that creates this
-    state varchar(128) NOT NULL, -- the session state
-    resource varchar(1024), -- the main resource
-    class_name varchar(1024), -- the main class name
-    request_name varchar(1024), -- the request name
-    request_conf mediumtext, -- the request config map
-    request_args mediumtext, -- the request arguments
-    create_time BIGINT NOT NULL, -- the metadata create time
-    engine_type varchar(1024) NOT NULL, -- the engine type
-    cluster_manager varchar(128), -- the engine cluster manager
-    engine_id varchar(128), -- the engine application id
-    engine_name mediumtext, -- the engine application name
-    engine_url varchar(1024), -- the engine tracking url
-    engine_state varchar(128), -- the engine application state
-    engine_error mediumtext, -- the engine application diagnose
-    end_time bigint, -- the metadata end time
-    peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
-);
-
-CREATE INDEX IF NOT EXISTS metadata_kyuubi_instance_index ON metadata(kyuubi_instance);
-
-CREATE UNIQUE INDEX IF NOT EXISTS metadata_unique_identifier_index ON metadata(identifier);
-
-CREATE INDEX IF NOT EXISTS metadata_user_name_index ON metadata(user_name);
-
-CREATE INDEX IF NOT EXISTS metadata_engine_type_index ON metadata(engine_type);
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
similarity index 100%
rename from kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.7.0.sqlite.sql
rename to kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql
deleted file mode 100644
index f9a663ef1..000000000
--- a/kyuubi-server/src/main/resources/sql/sqlite/upgrade-1.6.0-to-1.7.0.sqlite.sql
+++ /dev/null
@@ -1,4 +0,0 @@
-SELECT '< Upgrading MetaStore schema from 1.6.0 to 1.7.0 >' AS ' ';
-.read 001-KYUUBI-3967.sqlite.sql
-.read 002-KYUUBI-4119.sqlite.sql
-SELECT '< Finished upgrading MetaStore schema from 1.6.0 to 1.7.0 >' AS ' ';

From 768b8ff7cabe229418621f059de1ca0249bd71c4 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Wed, 14 Jun 2023 14:56:53 +0800
Subject: [PATCH 442/760] [KYUUBI #3648][UI] Add Session Detail Page

### _Why are the changes needed?_

Close #3648

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4793 from zwangsheng/KYUUBI_3648.

Closes #3648

e5fe04f7a [zwangsheng] debug
a14c6d325 [zwangsheng] debug
eb96cf0dc [zwangsheng] retest
5cfbb64c5 [zwangsheng] Add UT
7a83a01b0 [zwangsheng] [KYUUBI #3648][UI] Add Session Detail Page

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/api/v1/SessionsResource.scala      |  30 +++-
 .../server/api/v1/SessionsResourceSuite.scala |  22 +++
 kyuubi-server/web-ui/src/api/session/index.ts |  14 ++
 .../web-ui/src/locales/en_US/index.ts         |   2 +
 .../web-ui/src/locales/zh_CN/index.ts         |   2 +
 .../web-ui/src/router/detail/index.ts         |  26 ++++
 kyuubi-server/web-ui/src/router/index.ts      |   2 +
 .../web-ui/src/views/detail/session/index.vue | 146 ++++++++++++++++++
 .../src/views/management/session/index.vue    |  24 ++-
 9 files changed, 262 insertions(+), 6 deletions(-)
 create mode 100644 kyuubi-server/web-ui/src/router/detail/index.ts
 create mode 100644 kyuubi-server/web-ui/src/views/detail/session/index.vue

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index 7866744dc..d735b87d8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -27,13 +27,14 @@ import scala.util.control.NonFatal
 import io.swagger.v3.oas.annotations.media.{ArraySchema, Content, Schema}
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.tags.Tag
+import org.apache.commons.lang3.StringUtils
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TProtocolVersion}
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.client.api.v1.dto
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
-import org.apache.kyuubi.operation.OperationHandle
+import org.apache.kyuubi.operation.{KyuubiOperation, OperationHandle}
 import org.apache.kyuubi.server.api.{ApiRequestContext, ApiUtils}
 import org.apache.kyuubi.session.{KyuubiSession, SessionHandle}
 
@@ -414,6 +415,33 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
         throw new NotFoundException(errorMsg)
     }
   }
+
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(
+      mediaType = MediaType.APPLICATION_JSON,
+      array = new ArraySchema(schema = new Schema(implementation =
+        classOf[OperationData])))),
+    description =
+      "get the list of all type operations belong to session")
+  @GET
+  @Path("{sessionHandle}/operations")
+  def getOperation(@PathParam("sessionHandle") sessionHandleStr: String): Seq[OperationData] = {
+    try {
+      fe.be.sessionManager.operationManager.allOperations().map { operation =>
+        if (StringUtils.equalsIgnoreCase(
+            operation.getSession.handle.identifier.toString,
+            sessionHandleStr)) {
+          ApiUtils.operationData(operation.asInstanceOf[KyuubiOperation])
+        }
+      }.toSeq.asInstanceOf[Seq[OperationData]]
+    } catch {
+      case NonFatal(e) =>
+        val errorMsg = "Error getting the list of all type operations belong to session"
+        error(errorMsg, e)
+        throw new NotFoundException(errorMsg)
+    }
+  }
 }
 
 object SessionsResource {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
index b197a489c..b58e87bc8 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/SessionsResourceSuite.scala
@@ -364,4 +364,26 @@ class SessionsResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(sessionDataList.isEmpty)
     }
   }
+
+  test("list all type operations under session") {
+    val sessionOpenRequest = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
+    val user = "kyuubi".getBytes()
+    val sessionOpenResp = webTarget.path("api/v1/sessions")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .header(
+        AUTHORIZATION_HEADER,
+        s"Basic ${new String(Base64.getEncoder.encode(user), StandardCharsets.UTF_8)}")
+      .post(Entity.entity(sessionOpenRequest, MediaType.APPLICATION_JSON_TYPE))
+
+    val sessionHandle = sessionOpenResp.readEntity(classOf[SessionHandle]).getIdentifier
+
+    // get operations belongs to specified session
+    val response = webTarget
+      .path(s"api/v1/sessions/${sessionHandle.toString}/operations")
+      .request().get()
+    assert(200 == response.getStatus)
+    val operations = response.readEntity(new GenericType[Seq[OperationData]]() {})
+    assert(operations.size == 1)
+    assert(sessionHandle.toString.equals(operations.head.getSessionId))
+  }
 }
diff --git a/kyuubi-server/web-ui/src/api/session/index.ts b/kyuubi-server/web-ui/src/api/session/index.ts
index 5f3c74fef..fa4759b36 100644
--- a/kyuubi-server/web-ui/src/api/session/index.ts
+++ b/kyuubi-server/web-ui/src/api/session/index.ts
@@ -30,3 +30,17 @@ export function deleteSession(sessionId: string) {
     method: 'delete'
   })
 }
+
+export function getSession(sessionId: string) {
+  return request({
+    url: `api/v1/sessions/${sessionId}`,
+    method: 'get'
+  })
+}
+
+export function getAllTypeOperation(sessionId: string) {
+  return request({
+    url: `api/v1/sessions/${sessionId}/operations`,
+    method: 'get'
+  })
+}
diff --git a/kyuubi-server/web-ui/src/locales/en_US/index.ts b/kyuubi-server/web-ui/src/locales/en_US/index.ts
index e291b62af..8606c74da 100644
--- a/kyuubi-server/web-ui/src/locales/en_US/index.ts
+++ b/kyuubi-server/web-ui/src/locales/en_US/index.ts
@@ -35,6 +35,8 @@ export default {
   share_level: 'Share Level',
   version: 'Version',
   engine_ui: 'Engine UI',
+  failure_reason: 'Failure Reason',
+  session_properties: 'Session Properties',
   operation: {
     text: 'Operation',
     delete_confirm: 'Delete Confirm',
diff --git a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
index e6dd8fe62..0c4cb66db 100644
--- a/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
+++ b/kyuubi-server/web-ui/src/locales/zh_CN/index.ts
@@ -35,6 +35,8 @@ export default {
   share_level: '共享级别',
   version: '版本',
   engine_ui: 'Engine UI',
+  failure_reason: '失败原因',
+  session_properties: 'Session 参数',
   operation: {
     text: '操作',
     delete_confirm: '确认删除',
diff --git a/kyuubi-server/web-ui/src/router/detail/index.ts b/kyuubi-server/web-ui/src/router/detail/index.ts
new file mode 100644
index 000000000..5b5508460
--- /dev/null
+++ b/kyuubi-server/web-ui/src/router/detail/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const router = [
+  {
+    path: '/detail/session',
+    name: 'session_detail',
+    component: () => import('@/views/detail/session/index.vue')
+  }
+]
+
+export default router
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index cad831705..0b80aea17 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -21,6 +21,7 @@ import workloadRoutes from './workload'
 import operationRoutes from './operation'
 import contactRoutes from './contact'
 import managementRoutes from './management'
+import detailRoutes from './detail'
 
 const routes = [
   {
@@ -40,6 +41,7 @@ const routes = [
       ...workloadRoutes,
       ...operationRoutes,
       ...managementRoutes,
+      ...detailRoutes,
       ...contactRoutes
     ]
   }
diff --git a/kyuubi-server/web-ui/src/views/detail/session/index.vue b/kyuubi-server/web-ui/src/views/detail/session/index.vue
new file mode 100644
index 000000000..4a77b2a66
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/detail/session/index.vue
@@ -0,0 +1,146 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+<template>
+  <el-card :body-style="{ padding: '10px 14px' }">
+    <header>
+      <el-breadcrumb separator="/">
+        <el-breadcrumb-item :to="{ path: '/management/session' }">{{
+          'Sessions'
+        }}</el-breadcrumb-item>
+        <el-breadcrumb-item>{{ route.query.sessionId }}</el-breadcrumb-item>
+      </el-breadcrumb>
+    </header>
+  </el-card>
+  <el-collapse class="session-properties-container">
+    <el-collapse-item name="1">
+      <template #title>
+        <div class="title">
+          <span>{{ $t('session_properties') }}</span>
+        </div>
+      </template>
+      <el-descriptions :column="1" border>
+        <div v-for="(p, key) in sessionProperties" :key="key">
+          <el-descriptions-item :label="key">
+            {{ p }}
+          </el-descriptions-item></div
+        ></el-descriptions
+      >
+    </el-collapse-item>
+  </el-collapse>
+  <el-card class="table-container">
+    <template #header>
+      <div class="card-header">
+        <span>{{ 'Operations' }}</span>
+      </div>
+    </template>
+    <el-table v-loading="loading" :data="tableData" style="width: 100%">
+      <el-table-column prop="sessionUser" :label="$t('user')" width="160" />
+      <el-table-column
+        prop="identifier"
+        :label="$t('operation_id')"
+        width="300" />
+      <el-table-column :label="$t('create_time')" width="160">
+        <template #default="scope">
+          {{
+            scope.row.createTime != null && scope.row.createTime > -1
+              ? format(scope.row.createTime, 'yyyy-MM-dd HH:mm:ss')
+              : '-'
+          }}
+        </template>
+      </el-table-column>
+      <el-table-column :label="$t('complete_time')" width="160">
+        <template #default="scope">
+          {{
+            scope.row.completeTime != null && scope.row.completeTime > -1
+              ? format(scope.row.completeTime, 'yyyy-MM-dd HH:mm:ss')
+              : '-'
+          }}
+        </template>
+      </el-table-column>
+      <el-table-column :label="$t('duration')" width="130">
+        <template #default="scope">{{
+          scope.row.createTime != null &&
+          scope.row.completeTime != null &&
+          scope.row.createTime > -1 &&
+          scope.row.completeTime > -1
+            ? secondTransfer(
+                (scope.row.completeTime - scope.row.createTime) / 1000
+              )
+            : '-'
+        }}</template>
+      </el-table-column>
+      <el-table-column prop="statement" :label="$t('statement')" width="160" />
+      <el-table-column prop="exception" :label="$t('failure_reason')">
+        <template #default="scope">
+          {{ scope.row.exception == '' ? '-' : scope.row.exception }}
+        </template>
+      </el-table-column>
+    </el-table>
+  </el-card>
+</template>
+
+<script lang="ts" setup>
+  import { Ref, ref } from 'vue'
+  import { getSession, getAllTypeOperation } from '@/api/session'
+  import { useRoute } from 'vue-router'
+  import { format } from 'date-fns'
+  import { secondTransfer } from '@/utils/unit'
+  import { useTable } from '@/views/common/use-table'
+  const route = useRoute()
+  const sessionProperties: Ref<any> = ref({})
+  const sessionPropertiesLoading = ref(false)
+  const { tableData, loading, getList: _getList } = useTable()
+
+  const getSessionById = () => {
+    const sessionId = route.query.sessionId
+    if (sessionId) {
+      sessionPropertiesLoading.value = true
+      getSession(sessionId as string)
+        .then((res: any) => {
+          sessionProperties.value = res?.conf || {}
+        })
+        .finally(() => {
+          sessionPropertiesLoading.value = false
+        })
+    }
+  }
+  const getList = () => {
+    const sessionId = route.query.sessionId
+    if (sessionId) {
+      _getList(getAllTypeOperation, sessionId)
+    }
+  }
+  getSessionById()
+  getList()
+</script>
+<style lang="scss" scoped>
+  header {
+    display: flex;
+    justify-content: space-between;
+    .el-breadcrumb {
+      line-height: 32px;
+    }
+  }
+  .session-properties-container {
+    margin-bottom: 20px;
+    border-radius: 20px;
+    .title {
+      margin-left: 20px;
+    }
+  }
+</style>
diff --git a/kyuubi-server/web-ui/src/views/management/session/index.vue b/kyuubi-server/web-ui/src/views/management/session/index.vue
index 327664dd1..0465c1a4a 100644
--- a/kyuubi-server/web-ui/src/views/management/session/index.vue
+++ b/kyuubi-server/web-ui/src/views/management/session/index.vue
@@ -26,17 +26,20 @@
       style="width: 100%">
       <el-table-column prop="user" :label="$t('user')" width="160px" />
       <!-- TODO need jump to engine page -->
-      <el-table-column prop="engineId" :label="$t('engine_ip')" width="160px" />
+      <el-table-column prop="engineId" :label="$t('engine_id')" width="160px" />
       <el-table-column prop="ipAddr" :label="$t('client_ip')" width="160px" />
       <el-table-column
         prop="kyuubiInstance"
         :label="$t('kyuubi_instance')"
         width="180px" />
       <!-- TODO need jump to session page -->
-      <el-table-column
-        prop="identifier"
-        :label="$t('session_id')"
-        width="300px" />
+      <el-table-column :label="$t('session_id')" width="300px">
+        <template #default="scope">
+          <el-link @click="handleSessionDetailJump(scope.row.identifier)">{{
+            scope.row.identifier
+          }}</el-link>
+        </template>
+      </el-table-column>
       <el-table-column :label="$t('create_time')" width="200">
         <template #default="scope">
           {{
@@ -76,6 +79,7 @@
   import { ElMessage } from 'element-plus'
   import { useI18n } from 'vue-i18n'
   import { useTable } from '@/views/common/use-table'
+  import { Router, useRouter } from 'vue-router'
   const { t } = useI18n()
   const { tableData, loading, getList: _getList } = useTable()
   const handleDeleteSession = (sessionId: string) => {
@@ -100,5 +104,15 @@
   const getList = () => {
     _getList(getAllSessions)
   }
+  const router: Router = useRouter()
+
+  function handleSessionDetailJump(sessionId: string) {
+    router.push({
+      path: '/detail/session',
+      query: {
+        sessionId
+      }
+    })
+  }
   getList()
 </script>

From 050b5aa7df148fc11cdbe164f72061739566fdc4 Mon Sep 17 00:00:00 2001
From: Bruce <wenjie.wang01@liulishuo.com>
Date: Wed, 14 Jun 2023 19:19:16 +0800
Subject: [PATCH 443/760] [KYUUBI #4960] [DOC] Fix doc for pyhive client.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
Based on my actual tests and pyhive source code, the variable "user" should be "username".

[pyhive source code](https://github.com/dropbox/PyHive/blob/master/pyhive/hive.py#L115)

<img width="866" alt="图片" src="https://github.com/apache/kyuubi/assets/29974394/f5022f89-11d4-4d3b-af16-176ff2cd8068">

Thanks.

Closes #4960 from BruceWong96/doc-fix.

Closes #4960

db39786f6 [Cheng Pan] Update docs/client/python/pyhive.md
d32f8f590 [Bruce] fix doc for pyhive client.

Lead-authored-by: Bruce <wenjie.wang01@liulishuo.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/python/pyhive.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/client/python/pyhive.md b/docs/client/python/pyhive.md
index dbebf684f..444ec1e81 100644
--- a/docs/client/python/pyhive.md
+++ b/docs/client/python/pyhive.md
@@ -64,7 +64,7 @@ If password is provided for connection, make sure the `auth` param set to either
 
 ```python
 # open connection
-conn = hive.Connection(host=kyuubi_host,port=10009, 
-user='user', password='password', auth='CUSTOM')
+conn = hive.Connection(host=kyuubi_host, port=10009, 
+                       username='user', password='password', auth='CUSTOM')
 ```
 

From a9d4abe64a6fa206274a7e78e705c8f251396370 Mon Sep 17 00:00:00 2001
From: "toshihiko.uchida" <toshihiko.uchida@linecorp.com>
Date: Thu, 15 Jun 2023 09:57:35 +0800
Subject: [PATCH 444/760] [KYUUBI #4951] Add reload4j support

### _Why are the changes needed?_

It resolves https://github.com/apache/kyuubi/issues/4951.
It would be also possible to resolve it by adding log4j 1 slf4j binding (e.g., adding `slf4j-api-1.7.30.jar` and `slf4j-log4j12-1.7.30`) to the Spark jars directory, but it would be helpful if Kyuubi could support reload4j to avoid log4j 1's security vulnerabilities.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

Assume
- we use Spark SQL engine in YARN cluster deploy mode;
- we use Hadoop-free Spark 3.2.4 and provides the classpath of Hadoop in YARN cluster, which uses reload4j, with `SPARK_DIST_CLASSPATH`.

Before applying the patch, Hive beeline shows operation logs only from Kyuubi server, as follows.
```
0: jdbc:hive2://some_kyuubi_host> select * from some_database.some_table;
2023-06-14 22:55:35.584 INFO org.apache.kyuubi.credentials.HadoopCredentialsManager: Send new credentials with epoch 0 to SQL engine through session 5409e4cb-abe0-457f-b3c8-c3f1c5467c60
2023-06-14 22:55:35.604 INFO org.apache.kyuubi.credentials.HadoopCredentialsManager: Update session credentials epoch from -1 to 0
2023-06-14 22:55:35.662 INFO org.apache.kyuubi.operation.ExecuteStatement: Processing some_user's query[013b8294-b395-4e3d-945e-3594b0603f83]: PENDING_STATE -> RUNNING_STATE, statement:
select * from some_database.some_table
2023-06-14 22:55:38.520 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[013b8294-b395-4e3d-945e-3594b0603f83] in FINISHED_STATE
2023-06-14 22:55:38.520 INFO org.apache.kyuubi.operation.ExecuteStatement: Processing  some_user's query[013b8294-b395-4e3d-945e-3594b0603f83]: RUNNING_STATE -> FINISHED_STATE, time taken: 2.857 seconds
+-----+
| id  |
+-----+
| 1   |
+-----+
1 row selected (3.113 seconds)
```
After applying the patch, Hive beeline shows operation logs from both Kyuubi server and Spark SQL engine, as follows.
```
0: jdbc:hive2://some_kyuubi_host> select * from some_database.some_table;
2023-06-14 23:05:57.424 INFO org.apache.kyuubi.credentials.HadoopCredentialsManager: Send new credentials with epoch 0 to SQL engine through session 146aa800-6047-471e-a480-5683197a84cd
2023-06-14 23:05:57.453 INFO org.apache.kyuubi.credentials.HadoopCredentialsManager: Update session credentials epoch from -1 to 0
2023-06-14 23:05:57.512 INFO org.apache.kyuubi.operation.ExecuteStatement: Processing some_user's query[1c209bea-6f62-4854-acdc-a1945867a65d]: PENDING_STATE -> RUNNING_STATE, statement:
select * from some_database.some_table
23/06/14 23:05:57 INFO operation.ExecuteStatement: Processing some_user's query[1c209bea-6f62-4854-acdc-a1945867a65d]: PENDING_STATE -> RUNNING_STATE, statement:
select * from some_database.some_table
23/06/14 23:05:57 INFO operation.ExecuteStatement:
           Spark application name: kyuubi_CONNECTION_SPARK_SQL_some_user_146aa800-6047-471e-a480-5683197a84cd
                 application ID: application_1686295570868_0065
                 application web UI: some_yarn_application_url
                 master: yarn
                 deploy mode: cluster
                 version: 3.2.4
           Start time: 2023-06-14T23:05:02.490
           User: some_user
(omitted)
2023-06-14 23:06:00.285 INFO org.apache.kyuubi.operation.ExecuteStatement: Query[1c209bea-6f62-4854-acdc-a1945867a65d] in FINISHED_STATE
2023-06-14 23:06:00.286 INFO org.apache.kyuubi.operation.ExecuteStatement: Processing some_user's query[1c209bea-6f62-4854-acdc-a1945867a65d]: RUNNING_STATE -> FINISHED_STATE, time taken: 2.774 seconds
+-----+
| id  |
+-----+
| 1   |
+-----+
1 row selected (3.156 seconds)
```
- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4964 from touchida/issue-4951-reload4j.

Closes #4951

d7444be17 [toshihiko.uchida] [KYUUBI #4951] Add reload4j support

Authored-by: toshihiko.uchida <toshihiko.uchida@linecorp.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
index 82c1bd45a..d6dcc8d34 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Logging.scala
@@ -116,8 +116,9 @@ object Logging {
     // This distinguishes the log4j 1.2 binding, currently
     // org.slf4j.impl.Log4jLoggerFactory, from the log4j 2.0 binding, currently
     // org.apache.logging.slf4j.Log4jLoggerFactory
-    "org.slf4j.impl.Log4jLoggerFactory"
-      .equals(LoggerFactory.getILoggerFactory.getClass.getName)
+    val binderClass = LoggerFactory.getILoggerFactory.getClass.getName
+    "org.slf4j.impl.Log4jLoggerFactory".equals(
+      binderClass) || "org.slf4j.impl.Reload4jLoggerFactory".equals(binderClass)
   }
 
   private[kyuubi] def isLog4j2: Boolean = {

From 01320c4c2f52ca7183e44e7803b8356df11baf00 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 15 Jun 2023 10:09:01 +0800
Subject: [PATCH 445/760] [KYUUBI #4962] Backport HIVE-19048: Initscript errors
 are ignored

### _Why are the changes needed?_

FYI:
For hive-3.1.3, if failed to get connection, the return code of `beeline -f` is 0, the correct one should be non-zero.
And it works well for hive-4.0.0-alpha-2.
![image](https://github.com/apache/kyuubi/assets/6757692/35ba2329-6f04-4aed-b40b-3c47534554a5)

And the hive-beeline dependency version for kyuubi is 3.1.3.

This pr backports HIVE-19048: Initscript errors are ignored.

https://issues.apache.org/jira/browse/HIVE-19048
https://github.com/apache/hive/commit/006bf8a1a49aabf9930744c977fb0b9c91a5ef6c

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4962 from turboFei/beeline_exit.

Closes #4962

85f497ad2 [fwang12] add ut
21e22cf6f [fwang12] save
49432c256 [fwang12] save
69f90ae37 [fwang12] save
b1afa9e26 [fwang12] backport

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/hive/beeline/KyuubiBeeLine.java    | 59 +++++++++++++++++++
 .../apache/hive/beeline/KyuubiCommands.java   | 11 +++-
 .../hive/beeline/KyuubiBeeLineTest.java       | 18 ++++++
 .../src/test/resources/test.sql               | 17 ++++++
 4 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-hive-beeline/src/test/resources/test.sql

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 073870a47..5671cde85 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -36,6 +36,11 @@ public class KyuubiBeeLine extends BeeLine {
   protected KyuubiCommands commands = new KyuubiCommands(this);
   private Driver defaultDriver;
 
+  // copied from org.apache.hive.beeline.BeeLine
+  private static final int ERRNO_OK = 0;
+  private static final int ERRNO_ARGS = 1;
+  private static final int ERRNO_OTHER = 2;
+
   public KyuubiBeeLine() {
     this(true);
   }
@@ -158,6 +163,11 @@ int initArgs(String[] args) {
       }
     }
 
+    // see HIVE-19048 : InitScript errors are ignored
+    if (exit) {
+      return 1;
+    }
+
     int code = 0;
     if (cl.getOptionValues('e') != null) {
       commands = Arrays.asList(cl.getOptionValues('e'));
@@ -189,4 +199,53 @@ int initArgs(String[] args) {
     }
     return code;
   }
+
+  // see HIVE-19048 : Initscript errors are ignored
+  @Override
+  int runInit() {
+    String[] initFiles = getOpts().getInitFiles();
+
+    // executionResult will be ERRNO_OK only if all initFiles execute successfully
+    int executionResult = ERRNO_OK;
+    boolean exitOnError = !getOpts().getForce();
+    DynFields.BoundField<Boolean> exitField = null;
+
+    if (initFiles != null && initFiles.length != 0) {
+      for (String initFile : initFiles) {
+        info("Running init script " + initFile);
+        try {
+          int currentResult;
+          try {
+            currentResult =
+                DynMethods.builder("executeFile")
+                    .hiddenImpl(BeeLine.class, String.class)
+                    .buildChecked(this)
+                    .invoke(initFile);
+            exitField = DynFields.builder().hiddenImpl(BeeLine.class, "exit").buildChecked(this);
+          } catch (Exception t) {
+            error(t.getMessage());
+            currentResult = ERRNO_OTHER;
+          }
+
+          if (currentResult != ERRNO_OK) {
+            executionResult = currentResult;
+
+            if (exitOnError) {
+              return executionResult;
+            }
+          }
+        } finally {
+          // exit beeline if there is initScript failure and --force is not set
+          boolean exit = exitOnError && executionResult != ERRNO_OK;
+          try {
+            exitField.set(exit);
+          } catch (Exception t) {
+            error(t.getMessage());
+            return ERRNO_OTHER;
+          }
+        }
+      }
+    }
+    return executionResult;
+  }
 }
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index fdd14d8cb..76fdc19cc 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -490,7 +490,16 @@ public boolean connect(Properties props) throws IOException {
       if (!beeLine.isBeeLine()) {
         beeLine.updateOptsForCli();
       }
-      beeLine.runInit();
+
+      // see HIVE-19048 : Initscript errors are ignored
+      int initScriptExecutionResult = beeLine.runInit();
+
+      // if execution of the init script(s) return anything other than ERRNO_OK from beeline
+      // exit beeline with error unless --force is set
+      if (initScriptExecutionResult != 0 && !beeLine.getOpts().getForce()) {
+        return beeLine.error("init script execution failed.");
+      }
+
       if (beeLine.getOpts().getInitFiles() != null) {
         beeLine.initializeConsoleReader(null);
       }
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
index b144c95c6..96b76373d 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
@@ -29,4 +29,22 @@ public void testKyuubiBeelineWithoutArgs() {
     int result = kyuubiBeeLine.initArgs(new String[0]);
     assertEquals(0, result);
   }
+
+  @Test
+  public void testKyuubiBeelineExitCodeWithoutConnection() {
+    KyuubiBeeLine kyuubiBeeLine = new KyuubiBeeLine();
+    String scriptFile = getClass().getClassLoader().getResource("test.sql").getFile();
+
+    String[] args1 = {"-u", "badUrl", "-e", "show tables"};
+    int result1 = kyuubiBeeLine.initArgs(args1);
+    assertEquals(1, result1);
+
+    String[] args2 = {"-u", "badUrl", "-f", scriptFile};
+    int result2 = kyuubiBeeLine.initArgs(args2);
+    assertEquals(1, result2);
+
+    String[] args3 = {"-u", "badUrl", "-i", scriptFile};
+    int result3 = kyuubiBeeLine.initArgs(args3);
+    assertEquals(1, result3);
+  }
 }
diff --git a/kyuubi-hive-beeline/src/test/resources/test.sql b/kyuubi-hive-beeline/src/test/resources/test.sql
new file mode 100644
index 000000000..c7c3ee2f9
--- /dev/null
+++ b/kyuubi-hive-beeline/src/test/resources/test.sql
@@ -0,0 +1,17 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements.  See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+show tables;

From 2ec120d89a43b6c1ae127aed442fb9b47b7b9132 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 15 Jun 2023 15:56:42 +0800
Subject: [PATCH 446/760] [KYUUBI #4966] Bump Apache parent pom from 29 to 30

### _Why are the changes needed?_

- Apache parent POM version 30 release note: https://github.com/apache/maven-apache-parent/releases/tag/apache-30
- remove `maven.plugin.surefire.version` property and bump the surefire plugin from 3.0.0-M8 to 3.1.2

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4966 from bowenliang123/parent-pom-30.

Closes #4966

970e48584 [liangbowen] Bump Apache parent pom from 29 to 30

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index da883e207..7eaa09b59 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache</groupId>
         <artifactId>apache</artifactId>
-        <version>29</version>
+        <version>30</version>
     </parent>
 
     <groupId>org.apache.kyuubi</groupId>
@@ -229,7 +229,6 @@
         <maven.plugin.enforcer.mojo.rules.version>1.6.1</maven.plugin.enforcer.mojo.rules.version>
         <maven.plugin.frontend.version>1.12.1</maven.plugin.frontend.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
-        <maven.plugin.surefire.version>3.0.0-M8</maven.plugin.surefire.version>
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
         <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>
@@ -1694,7 +1693,6 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>${maven.plugin.surefire.version}</version>
                     <configuration>
                         <skipTests>true</skipTests>
                         <failIfNoSpecifiedTests>false</failIfNoSpecifiedTests>

From 23d255a06f6300be1afd390c92916613ce8b4ba3 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 15 Jun 2023 20:21:51 +0800
Subject: [PATCH 447/760] [KYUUBI #4937] Cleanup spark catalog shim and renamed
 to catalog utils

### _Why are the changes needed?_

to close #4937.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4963 from bowenliang123/remove-spark-shim.

Closes #4937

e6593b474 [liangbowen] remove unnecessary row
2481e3317 [liangbowen] remove SparkCatalogShim

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../engine/spark/operation/GetCatalogs.scala  |   4 +-
 .../engine/spark/operation/GetColumns.scala   |   6 +-
 .../spark/operation/GetCurrentCatalog.scala   |   5 +-
 .../spark/operation/GetCurrentDatabase.scala  |   7 +-
 .../engine/spark/operation/GetSchemas.scala   |   4 +-
 .../spark/operation/GetTableTypes.scala       |   4 +-
 .../engine/spark/operation/GetTables.scala    |   7 +-
 .../spark/operation/SetCurrentCatalog.scala   |   4 +-
 .../spark/operation/SetCurrentDatabase.scala  |   3 +-
 .../operation/SparkSQLOperationManager.scala  |   4 +-
 .../spark/session/SparkSessionImpl.scala      |   6 +-
 .../engine/spark/shim/CatalogShim_v2_4.scala  | 184 ---------
 .../engine/spark/shim/CatalogShim_v3_0.scala  | 216 ----------
 .../engine/spark/shim/SparkCatalogShim.scala  | 183 ---------
 .../engine/spark/util/SparkCatalogUtils.scala | 375 ++++++++++++++++++
 .../SparkCatalogDatabaseOperationSuite.scala  |   4 +-
 .../spark/operation/SparkOperationSuite.scala |  10 +-
 .../kyuubi/jdbc/KyuubiHiveDriverSuite.scala   |   8 +-
 18 files changed, 414 insertions(+), 620 deletions(-)
 delete mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
 delete mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
 delete mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala
 create mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCatalogs.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCatalogs.scala
index 6d818e53e..c8e587300 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCatalogs.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCatalogs.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.spark.operation
 
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_CAT
 import org.apache.kyuubi.session.Session
@@ -33,7 +33,7 @@ class GetCatalogs(session: Session) extends SparkOperation(session) {
 
   override protected def runInternal(): Unit = {
     try {
-      iter = new IterableFetchIterator(SparkCatalogShim().getCatalogs(spark).toList)
+      iter = new IterableFetchIterator(SparkCatalogUtils.getCatalogs(spark))
     } catch onError()
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetColumns.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetColumns.scala
index e78516981..3a0ab7d5b 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetColumns.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetColumns.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.spark.operation
 
 import org.apache.spark.sql.types._
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.session.Session
@@ -115,8 +115,8 @@ class GetColumns(
       val schemaPattern = toJavaRegex(schemaName)
       val tablePattern = toJavaRegex(tableName)
       val columnPattern = toJavaRegex(columnName)
-      iter = new IterableFetchIterator(SparkCatalogShim()
-        .getColumns(spark, catalogName, schemaPattern, tablePattern, columnPattern).toList)
+      iter = new IterableFetchIterator(SparkCatalogUtils
+        .getColumns(spark, catalogName, schemaPattern, tablePattern, columnPattern))
     } catch {
       onError()
     }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala
index 96e013284..1d85d3d5a 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentCatalog.scala
@@ -17,9 +17,9 @@
 
 package org.apache.kyuubi.engine.spark.operation
 
+import org.apache.spark.sql.Row
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_CAT
@@ -38,7 +38,8 @@ class GetCurrentCatalog(session: Session) extends SparkOperation(session) {
 
   override protected def runInternal(): Unit = {
     try {
-      iter = new IterableFetchIterator(Seq(SparkCatalogShim().getCurrentCatalog(spark)))
+      val currentCatalogName = spark.sessionState.catalogManager.currentCatalog.name()
+      iter = new IterableFetchIterator(Seq(Row(currentCatalogName)))
     } catch onError()
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala
index 10b325d76..2478fb6a4 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetCurrentDatabase.scala
@@ -17,9 +17,10 @@
 
 package org.apache.kyuubi.engine.spark.operation
 
+import org.apache.spark.sql.Row
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils.quoteIfNeeded
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant.TABLE_SCHEM
@@ -38,7 +39,9 @@ class GetCurrentDatabase(session: Session) extends SparkOperation(session) {
 
   override protected def runInternal(): Unit = {
     try {
-      iter = new IterableFetchIterator(Seq(SparkCatalogShim().getCurrentDatabase(spark)))
+      val currentDatabaseName =
+        spark.sessionState.catalogManager.currentNamespace.map(quoteIfNeeded).mkString(".")
+      iter = new IterableFetchIterator(Seq(Row(currentDatabaseName)))
     } catch onError()
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetSchemas.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetSchemas.scala
index 3937f528d..46dc7634a 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetSchemas.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetSchemas.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.spark.operation
 
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.session.Session
@@ -40,7 +40,7 @@ class GetSchemas(session: Session, catalogName: String, schema: String)
   override protected def runInternal(): Unit = {
     try {
       val schemaPattern = toJavaRegex(schema)
-      val rows = SparkCatalogShim().getSchemas(spark, catalogName, schemaPattern)
+      val rows = SparkCatalogUtils.getSchemas(spark, catalogName, schemaPattern)
       iter = new IterableFetchIterator(rows)
     } catch onError()
   }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTableTypes.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTableTypes.scala
index 1d2cae381..1029175b2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTableTypes.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTableTypes.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.engine.spark.operation
 import org.apache.spark.sql.Row
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.session.Session
@@ -33,6 +33,6 @@ class GetTableTypes(session: Session)
   }
 
   override protected def runInternal(): Unit = {
-    iter = new IterableFetchIterator(SparkCatalogShim.sparkTableTypes.map(Row(_)).toList)
+    iter = new IterableFetchIterator(SparkCatalogUtils.sparkTableTypes.map(Row(_)).toList)
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala
index 40642b825..980e4fdb1 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/GetTables.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.engine.spark.operation
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_GET_TABLES_IGNORE_TABLE_PROPERTIES
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.IterableFetchIterator
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.session.Session
@@ -73,9 +73,8 @@ class GetTables(
     try {
       val schemaPattern = toJavaRegex(schema)
       val tablePattern = toJavaRegex(tableName)
-      val sparkShim = SparkCatalogShim()
       val catalogTablesAndViews =
-        sparkShim.getCatalogTablesOrViews(
+        SparkCatalogUtils.getCatalogTablesOrViews(
           spark,
           catalog,
           schemaPattern,
@@ -86,7 +85,7 @@ class GetTables(
       val allTableAndViews =
         if (tableTypes.exists("VIEW".equalsIgnoreCase)) {
           catalogTablesAndViews ++
-            sparkShim.getTempViews(spark, catalog, schemaPattern, tablePattern)
+            SparkCatalogUtils.getTempViews(spark, catalog, schemaPattern, tablePattern)
         } else {
           catalogTablesAndViews
         }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala
index 7571c3e32..88105b086 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentCatalog.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.spark.operation
 
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
@@ -35,7 +35,7 @@ class SetCurrentCatalog(session: Session, catalog: String) extends SparkOperatio
 
   override protected def runInternal(): Unit = {
     try {
-      SparkCatalogShim().setCurrentCatalog(spark, catalog)
+      SparkCatalogUtils.setCurrentCatalog(spark, catalog)
       setHasResultSet(false)
     } catch onError()
   }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala
index 2112f544a..d227f5fd2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SetCurrentDatabase.scala
@@ -19,7 +19,6 @@ package org.apache.kyuubi.engine.spark.operation
 
 import org.apache.spark.sql.types.StructType
 
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.session.Session
 
@@ -36,7 +35,7 @@ class SetCurrentDatabase(session: Session, database: String)
 
   override protected def runInternal(): Unit = {
     try {
-      SparkCatalogShim().setCurrentDatabase(spark, database)
+      spark.sessionState.catalogManager.setCurrentNamespace(Array(database))
       setHasResultSet(false)
     } catch onError()
   }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
index cb444aa77..cd9302cbf 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
@@ -26,7 +26,7 @@ import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_OPERATION_HANDLE_KEY
 import org.apache.kyuubi.engine.spark.repl.KyuubiSparkILoop
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.{NoneMode, Operation, OperationHandle, OperationManager, PlanOnlyMode}
 import org.apache.kyuubi.session.{Session, SessionHandle}
 
@@ -179,7 +179,7 @@ class SparkSQLOperationManager private (name: String) extends OperationManager(n
       tableTypes: java.util.List[String]): Operation = {
     val tTypes =
       if (tableTypes == null || tableTypes.isEmpty) {
-        SparkCatalogShim.sparkTableTypes
+        SparkCatalogUtils.sparkTableTypes
       } else {
         tableTypes.asScala.toSet
       }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
index ddc0370d9..8d9012cbd 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/session/SparkSessionImpl.scala
@@ -25,8 +25,8 @@ import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.spark.events.SessionEvent
 import org.apache.kyuubi.engine.spark.operation.SparkSQLOperationManager
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
 import org.apache.kyuubi.engine.spark.udf.KDFRegistry
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
 import org.apache.kyuubi.session._
@@ -62,7 +62,7 @@ class SparkSessionImpl(
 
     useCatalogAndDatabaseConf.get(USE_CATALOG).foreach { catalog =>
       try {
-        SparkCatalogShim().setCurrentCatalog(spark, catalog)
+        SparkCatalogUtils.setCurrentCatalog(spark, catalog)
       } catch {
         case e if e.getMessage.contains("Cannot find catalog plugin class for catalog") =>
           warn(e.getMessage())
@@ -71,7 +71,7 @@ class SparkSessionImpl(
 
     useCatalogAndDatabaseConf.get("use:database").foreach { database =>
       try {
-        SparkCatalogShim().setCurrentDatabase(spark, database)
+        spark.sessionState.catalogManager.setCurrentNamespace(Array(database))
       } catch {
         case e
             if database == "default" &&
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
deleted file mode 100644
index ea72dd156..000000000
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v2_4.scala
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.spark.shim
-
-import java.util.regex.Pattern
-
-import org.apache.spark.sql.{Row, SparkSession}
-import org.apache.spark.sql.catalyst.TableIdentifier
-
-class CatalogShim_v2_4 extends SparkCatalogShim {
-
-  override def getCatalogs(spark: SparkSession): Seq[Row] = {
-    Seq(Row(SparkCatalogShim.SESSION_CATALOG))
-  }
-
-  override protected def catalogExists(spark: SparkSession, catalog: String): Boolean = false
-
-  override def setCurrentCatalog(spark: SparkSession, catalog: String): Unit = {}
-
-  override def getCurrentCatalog(spark: SparkSession): Row = {
-    Row(SparkCatalogShim.SESSION_CATALOG)
-  }
-
-  override def getSchemas(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String): Seq[Row] = {
-    (spark.sessionState.catalog.listDatabases(schemaPattern) ++
-      getGlobalTempViewManager(spark, schemaPattern)).map(Row(_, SparkCatalogShim.SESSION_CATALOG))
-  }
-
-  def setCurrentDatabase(spark: SparkSession, databaseName: String): Unit = {
-    spark.sessionState.catalog.setCurrentDatabase(databaseName)
-  }
-
-  def getCurrentDatabase(spark: SparkSession): Row = {
-    Row(spark.sessionState.catalog.getCurrentDatabase)
-  }
-
-  override protected def getGlobalTempViewManager(
-      spark: SparkSession,
-      schemaPattern: String): Seq[String] = {
-    val database = spark.sharedState.globalTempViewManager.database
-    Option(database).filter(_.matches(schemaPattern)).toSeq
-  }
-
-  override def getCatalogTablesOrViews(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      tableTypes: Set[String],
-      ignoreTableProperties: Boolean): Seq[Row] = {
-    val catalog = spark.sessionState.catalog
-    val databases = catalog.listDatabases(schemaPattern)
-
-    databases.flatMap { db =>
-      val identifiers = catalog.listTables(db, tablePattern, includeLocalTempViews = false)
-      catalog.getTablesByName(identifiers)
-        .filter(t => matched(tableTypes, t.tableType.name)).map { t =>
-          val typ = if (t.tableType.name == "VIEW") "VIEW" else "TABLE"
-          Row(
-            catalogName,
-            t.database,
-            t.identifier.table,
-            typ,
-            t.comment.getOrElse(""),
-            null,
-            null,
-            null,
-            null,
-            null)
-        }
-    }
-  }
-
-  override def getTempViews(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String): Seq[Row] = {
-    val views = getViews(spark, schemaPattern, tablePattern)
-    views.map { ident =>
-      Row(catalogName, ident.database.orNull, ident.table, "VIEW", "", null, null, null, null, null)
-    }
-  }
-
-  override protected def getViews(
-      spark: SparkSession,
-      schemaPattern: String,
-      tablePattern: String): Seq[TableIdentifier] = {
-    val db = getGlobalTempViewManager(spark, schemaPattern)
-    if (db.nonEmpty) {
-      spark.sessionState.catalog.listTables(db.head, tablePattern)
-    } else {
-      spark.sessionState.catalog.listLocalTempViews(tablePattern)
-    }
-  }
-
-  override def getColumns(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      columnPattern: String): Seq[Row] = {
-
-    val cp = columnPattern.r.pattern
-    val byCatalog = getColumnsByCatalog(spark, catalogName, schemaPattern, tablePattern, cp)
-    val byGlobalTmpDB = getColumnsByGlobalTempViewManager(spark, schemaPattern, tablePattern, cp)
-    val byLocalTmp = getColumnsByLocalTempViews(spark, tablePattern, cp)
-
-    byCatalog ++ byGlobalTmpDB ++ byLocalTmp
-  }
-
-  protected def getColumnsByCatalog(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      columnPattern: Pattern): Seq[Row] = {
-    val catalog = spark.sessionState.catalog
-
-    val databases = catalog.listDatabases(schemaPattern)
-
-    databases.flatMap { db =>
-      val identifiers = catalog.listTables(db, tablePattern, includeLocalTempViews = true)
-      catalog.getTablesByName(identifiers).flatMap { t =>
-        t.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
-          .map { case (f, i) => toColumnResult(catalogName, t.database, t.identifier.table, f, i) }
-      }
-    }
-  }
-
-  protected def getColumnsByGlobalTempViewManager(
-      spark: SparkSession,
-      schemaPattern: String,
-      tablePattern: String,
-      columnPattern: Pattern): Seq[Row] = {
-    val catalog = spark.sessionState.catalog
-
-    getGlobalTempViewManager(spark, schemaPattern).flatMap { globalTmpDb =>
-      catalog.globalTempViewManager.listViewNames(tablePattern).flatMap { v =>
-        catalog.globalTempViewManager.get(v).map { plan =>
-          plan.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
-            .map { case (f, i) =>
-              toColumnResult(SparkCatalogShim.SESSION_CATALOG, globalTmpDb, v, f, i)
-            }
-        }
-      }.flatten
-    }
-  }
-
-  protected def getColumnsByLocalTempViews(
-      spark: SparkSession,
-      tablePattern: String,
-      columnPattern: Pattern): Seq[Row] = {
-    val catalog = spark.sessionState.catalog
-
-    catalog.listLocalTempViews(tablePattern)
-      .map(v => (v, catalog.getTempView(v.table).get))
-      .flatMap { case (v, plan) =>
-        plan.schema.zipWithIndex
-          .filter(f => columnPattern.matcher(f._1.name).matches())
-          .map { case (f, i) =>
-            toColumnResult(SparkCatalogShim.SESSION_CATALOG, null, v.table, f, i)
-          }
-      }
-  }
-}
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
deleted file mode 100644
index 27c524f30..000000000
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/CatalogShim_v3_0.scala
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.spark.shim
-
-import java.util.regex.Pattern
-
-import org.apache.spark.sql.{Row, SparkSession}
-import org.apache.spark.sql.connector.catalog.{CatalogExtension, CatalogPlugin, SupportsNamespaces, TableCatalog}
-
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim.SESSION_CATALOG
-
-class CatalogShim_v3_0 extends CatalogShim_v2_4 {
-
-  override def getCatalogs(spark: SparkSession): Seq[Row] = {
-
-    // A [[CatalogManager]] is session unique
-    val catalogMgr = spark.sessionState.catalogManager
-    // get the custom v2 session catalog or default spark_catalog
-    val sessionCatalog = invoke(catalogMgr, "v2SessionCatalog")
-    val defaultCatalog = catalogMgr.currentCatalog
-
-    val defaults = Seq(sessionCatalog, defaultCatalog).distinct
-      .map(invoke(_, "name").asInstanceOf[String])
-    val catalogs = getField(catalogMgr, "catalogs")
-      .asInstanceOf[scala.collection.Map[String, _]]
-    (catalogs.keys ++: defaults).distinct.map(Row(_))
-  }
-
-  private def getCatalog(spark: SparkSession, catalogName: String): CatalogPlugin = {
-    val catalogManager = spark.sessionState.catalogManager
-    if (catalogName == null || catalogName.isEmpty) {
-      catalogManager.currentCatalog
-    } else {
-      catalogManager.catalog(catalogName)
-    }
-  }
-
-  override def catalogExists(spark: SparkSession, catalog: String): Boolean = {
-    spark.sessionState.catalogManager.isCatalogRegistered(catalog)
-  }
-
-  override def setCurrentCatalog(spark: SparkSession, catalog: String): Unit = {
-    // SPARK-36841(3.3.0) Ensure setCurrentCatalog method catalog must exist
-    if (spark.sessionState.catalogManager.isCatalogRegistered(catalog)) {
-      spark.sessionState.catalogManager.setCurrentCatalog(catalog)
-    } else {
-      throw new IllegalArgumentException(s"Cannot find catalog plugin class for catalog '$catalog'")
-    }
-  }
-
-  override def getCurrentCatalog(spark: SparkSession): Row = {
-    Row(spark.sessionState.catalogManager.currentCatalog.name())
-  }
-
-  private def listAllNamespaces(
-      catalog: SupportsNamespaces,
-      namespaces: Array[Array[String]]): Array[Array[String]] = {
-    val children = namespaces.flatMap { ns =>
-      catalog.listNamespaces(ns)
-    }
-    if (children.isEmpty) {
-      namespaces
-    } else {
-      namespaces ++: listAllNamespaces(catalog, children)
-    }
-  }
-
-  private def listAllNamespaces(catalog: CatalogPlugin): Array[Array[String]] = {
-    catalog match {
-      case catalog: CatalogExtension =>
-        // DSv2 does not support pass schemaPattern transparently
-        catalog.defaultNamespace() +: catalog.listNamespaces(Array())
-      case catalog: SupportsNamespaces =>
-        val rootSchema = catalog.listNamespaces()
-        val allSchemas = listAllNamespaces(catalog, rootSchema)
-        allSchemas
-    }
-  }
-
-  /**
-   * Forked from Apache Spark's org.apache.spark.sql.connector.catalog.CatalogV2Implicits
-   */
-  private def quoteIfNeeded(part: String): String = {
-    if (part.contains(".") || part.contains("`")) {
-      s"`${part.replace("`", "``")}`"
-    } else {
-      part
-    }
-  }
-
-  private def listNamespacesWithPattern(
-      catalog: CatalogPlugin,
-      schemaPattern: String): Array[Array[String]] = {
-    val p = schemaPattern.r.pattern
-    listAllNamespaces(catalog).filter { ns =>
-      val quoted = ns.map(quoteIfNeeded).mkString(".")
-      p.matcher(quoted).matches()
-    }.distinct
-  }
-
-  private def getSchemasWithPattern(catalog: CatalogPlugin, schemaPattern: String): Seq[String] = {
-    val p = schemaPattern.r.pattern
-    listAllNamespaces(catalog).flatMap { ns =>
-      val quoted = ns.map(quoteIfNeeded).mkString(".")
-      if (p.matcher(quoted).matches()) {
-        Some(quoted)
-      } else {
-        None
-      }
-    }.distinct
-  }
-
-  override def getSchemas(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String): Seq[Row] = {
-    if (catalogName == SparkCatalogShim.SESSION_CATALOG) {
-      super.getSchemas(spark, catalogName, schemaPattern)
-    } else {
-      val catalog = getCatalog(spark, catalogName)
-      getSchemasWithPattern(catalog, schemaPattern).map(Row(_, catalog.name))
-    }
-  }
-
-  override def setCurrentDatabase(spark: SparkSession, databaseName: String): Unit = {
-    spark.sessionState.catalogManager.setCurrentNamespace(Array(databaseName))
-  }
-
-  override def getCurrentDatabase(spark: SparkSession): Row = {
-    Row(spark.sessionState.catalogManager.currentNamespace.map(quoteIfNeeded).mkString("."))
-  }
-
-  override def getCatalogTablesOrViews(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      tableTypes: Set[String],
-      ignoreTableProperties: Boolean = false): Seq[Row] = {
-    val catalog = getCatalog(spark, catalogName)
-    val namespaces = listNamespacesWithPattern(catalog, schemaPattern)
-    catalog match {
-      case builtin if builtin.name() == SESSION_CATALOG =>
-        super.getCatalogTablesOrViews(
-          spark,
-          SESSION_CATALOG,
-          schemaPattern,
-          tablePattern,
-          tableTypes,
-          ignoreTableProperties)
-      case tc: TableCatalog =>
-        val tp = tablePattern.r.pattern
-        val identifiers = namespaces.flatMap { ns =>
-          tc.listTables(ns).filter(i => tp.matcher(quoteIfNeeded(i.name())).matches())
-        }
-        identifiers.map { ident =>
-          // TODO: restore view type for session catalog
-          val comment = if (ignoreTableProperties) ""
-          else tc.loadTable(ident).properties().getOrDefault(TableCatalog.PROP_COMMENT, "")
-          val schema = ident.namespace().map(quoteIfNeeded).mkString(".")
-          val tableName = quoteIfNeeded(ident.name())
-          Row(catalog.name(), schema, tableName, "TABLE", comment, null, null, null, null, null)
-        }
-      case _ => Seq.empty[Row]
-    }
-  }
-
-  override protected def getColumnsByCatalog(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      columnPattern: Pattern): Seq[Row] = {
-    val catalog = getCatalog(spark, catalogName)
-
-    catalog match {
-      case tc: TableCatalog =>
-        val namespaces = listNamespacesWithPattern(catalog, schemaPattern)
-        val tp = tablePattern.r.pattern
-        val identifiers = namespaces.flatMap { ns =>
-          tc.listTables(ns).filter(i => tp.matcher(quoteIfNeeded(i.name())).matches())
-        }
-        identifiers.flatMap { ident =>
-          val table = tc.loadTable(ident)
-          val namespace = ident.namespace().map(quoteIfNeeded).mkString(".")
-          val tableName = quoteIfNeeded(ident.name())
-
-          table.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
-            .map { case (f, i) => toColumnResult(tc.name(), namespace, tableName, f, i) }
-        }
-
-      case builtin if builtin.name() == SESSION_CATALOG =>
-        super.getColumnsByCatalog(
-          spark,
-          SESSION_CATALOG,
-          schemaPattern,
-          tablePattern,
-          columnPattern)
-    }
-  }
-}
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala
deleted file mode 100644
index 83c806523..000000000
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/shim/SparkCatalogShim.scala
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.engine.spark.shim
-
-import org.apache.spark.sql.{Row, SparkSession}
-import org.apache.spark.sql.catalyst.TableIdentifier
-import org.apache.spark.sql.types.StructField
-
-import org.apache.kyuubi.Logging
-import org.apache.kyuubi.engine.spark.KyuubiSparkUtil.sparkMajorMinorVersion
-import org.apache.kyuubi.engine.spark.schema.SchemaHelper
-
-/**
- * A shim that defines the interface interact with Spark's catalogs
- */
-trait SparkCatalogShim extends Logging {
-
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-  //                                          Catalog                                            //
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-
-  /**
-   * Get all register catalogs in Spark's `CatalogManager`
-   */
-  def getCatalogs(spark: SparkSession): Seq[Row]
-
-  protected def catalogExists(spark: SparkSession, catalog: String): Boolean
-
-  def setCurrentCatalog(spark: SparkSession, catalog: String): Unit
-
-  def getCurrentCatalog(spark: SparkSession): Row
-
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-  //                                           Schema                                            //
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-
-  /**
-   * a list of [[Row]]s, with 2 fields `schemaName: String, catalogName: String`
-   */
-  def getSchemas(spark: SparkSession, catalogName: String, schemaPattern: String): Seq[Row]
-
-  def setCurrentDatabase(spark: SparkSession, databaseName: String): Unit
-
-  def getCurrentDatabase(spark: SparkSession): Row
-
-  protected def getGlobalTempViewManager(spark: SparkSession, schemaPattern: String): Seq[String]
-
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-  //                                        Table & View                                         //
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-
-  def getCatalogTablesOrViews(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      tableTypes: Set[String],
-      ignoreTableProperties: Boolean): Seq[Row]
-
-  def getTempViews(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String): Seq[Row]
-
-  protected def getViews(
-      spark: SparkSession,
-      schemaPattern: String,
-      tablePattern: String): Seq[TableIdentifier]
-
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-  //                                          Columns                                            //
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-
-  def getColumns(
-      spark: SparkSession,
-      catalogName: String,
-      schemaPattern: String,
-      tablePattern: String,
-      columnPattern: String): Seq[Row]
-
-  protected def toColumnResult(
-      catalog: String,
-      db: String,
-      table: String,
-      col: StructField,
-      pos: Int): Row = {
-    // format: off
-    Row(
-      catalog,                                              // TABLE_CAT
-      db,                                                   // TABLE_SCHEM
-      table,                                                // TABLE_NAME
-      col.name,                                             // COLUMN_NAME
-      SchemaHelper.toJavaSQLType(col.dataType),             // DATA_TYPE
-      col.dataType.sql,                                     // TYPE_NAME
-      SchemaHelper.getColumnSize(col.dataType).orNull,      // COLUMN_SIZE
-      null,                                                 // BUFFER_LENGTH
-      SchemaHelper.getDecimalDigits(col.dataType).orNull,   // DECIMAL_DIGITS
-      SchemaHelper.getNumPrecRadix(col.dataType).orNull,    // NUM_PREC_RADIX
-      if (col.nullable) 1 else 0,                           // NULLABLE
-      col.getComment().getOrElse(""),                       // REMARKS
-      null,                                                 // COLUMN_DEF
-      null,                                                 // SQL_DATA_TYPE
-      null,                                                 // SQL_DATETIME_SUB
-      null,                                                 // CHAR_OCTET_LENGTH
-      pos,                                                  // ORDINAL_POSITION
-      "YES",                                                // IS_NULLABLE
-      null,                                                 // SCOPE_CATALOG
-      null,                                                 // SCOPE_SCHEMA
-      null,                                                 // SCOPE_TABLE
-      null,                                                 // SOURCE_DATA_TYPE
-      "NO"                                                  // IS_AUTO_INCREMENT
-    )
-    // format: on
-  }
-
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-  //                                         Miscellaneous                                       //
-  // ///////////////////////////////////////////////////////////////////////////////////////////////
-
-  protected def invoke(
-      obj: Any,
-      methodName: String,
-      args: (Class[_], AnyRef)*): Any = {
-    val (types, values) = args.unzip
-    val method = obj.getClass.getMethod(methodName, types: _*)
-    method.setAccessible(true)
-    method.invoke(obj, values.toSeq: _*)
-  }
-
-  protected def invoke(
-      clazz: Class[_],
-      obj: AnyRef,
-      methodName: String,
-      args: (Class[_], AnyRef)*): AnyRef = {
-    val (types, values) = args.unzip
-    val method = clazz.getMethod(methodName, types: _*)
-    method.setAccessible(true)
-    method.invoke(obj, values.toSeq: _*)
-  }
-
-  protected def getField(o: Any, fieldName: String): Any = {
-    val field = o.getClass.getDeclaredField(fieldName)
-    field.setAccessible(true)
-    field.get(o)
-  }
-
-  protected def matched(tableTypes: Set[String], tableType: String): Boolean = {
-    val typ = if (tableType.equalsIgnoreCase("VIEW")) "VIEW" else "TABLE"
-    tableTypes.exists(typ.equalsIgnoreCase)
-  }
-
-}
-
-object SparkCatalogShim {
-  def apply(): SparkCatalogShim = {
-    sparkMajorMinorVersion match {
-      case (3, _) => new CatalogShim_v3_0
-      case (2, _) => new CatalogShim_v2_4
-      case _ =>
-        throw new IllegalArgumentException(s"Not Support spark version $sparkMajorMinorVersion")
-    }
-  }
-
-  val SESSION_CATALOG: String = "spark_catalog"
-
-  val sparkTableTypes = Set("VIEW", "TABLE")
-}
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
new file mode 100644
index 000000000..13b87665d
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
@@ -0,0 +1,375 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.spark.util
+
+import java.util.regex.Pattern
+
+import org.apache.commons.lang3.StringUtils
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.catalyst.TableIdentifier
+import org.apache.spark.sql.connector.catalog.{CatalogExtension, CatalogPlugin, SupportsNamespaces, TableCatalog}
+import org.apache.spark.sql.types.StructField
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.engine.spark.schema.SchemaHelper
+import org.apache.kyuubi.util.reflect.DynMethods
+import org.apache.kyuubi.util.reflect.ReflectUtils.{getField, invokeAs}
+
+/**
+ * A shim that defines the interface interact with Spark's catalogs
+ */
+object SparkCatalogUtils extends Logging {
+
+  private val VIEW = "VIEW"
+  private val TABLE = "TABLE"
+
+  val SESSION_CATALOG: String = "spark_catalog"
+  val sparkTableTypes: Set[String] = Set(VIEW, TABLE)
+
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+  //                                          Catalog                                            //
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+
+  /**
+   * Get all register catalogs in Spark's `CatalogManager`
+   */
+  def getCatalogs(spark: SparkSession): Seq[Row] = {
+
+    // A [[CatalogManager]] is session unique
+    val catalogMgr = spark.sessionState.catalogManager
+    // get the custom v2 session catalog or default spark_catalog
+    val sessionCatalog = invokeAs[AnyRef](catalogMgr, "v2SessionCatalog")
+    val defaultCatalog = catalogMgr.currentCatalog
+
+    val defaults = Seq(sessionCatalog, defaultCatalog).distinct.map(catalog =>
+      DynMethods.builder("name").impl(catalog.getClass).buildChecked(catalog).invoke[String]())
+    val catalogs = getField[scala.collection.Map[String, _]](catalogMgr, "catalogs")
+    (catalogs.keys ++: defaults).distinct.map(Row(_))
+  }
+
+  def getCatalog(spark: SparkSession, catalogName: String): CatalogPlugin = {
+    val catalogManager = spark.sessionState.catalogManager
+    if (StringUtils.isBlank(catalogName)) {
+      catalogManager.currentCatalog
+    } else {
+      catalogManager.catalog(catalogName)
+    }
+  }
+
+  def setCurrentCatalog(spark: SparkSession, catalog: String): Unit = {
+    // SPARK-36841(3.3.0) Ensure setCurrentCatalog method catalog must exist
+    if (spark.sessionState.catalogManager.isCatalogRegistered(catalog)) {
+      spark.sessionState.catalogManager.setCurrentCatalog(catalog)
+    } else {
+      throw new IllegalArgumentException(s"Cannot find catalog plugin class for catalog '$catalog'")
+    }
+  }
+
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+  //                                           Schema                                            //
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+
+  /**
+   * a list of [[Row]]s, with 2 fields `schemaName: String, catalogName: String`
+   */
+  def getSchemas(
+      spark: SparkSession,
+      catalogName: String,
+      schemaPattern: String): Seq[Row] = {
+    if (catalogName == SparkCatalogUtils.SESSION_CATALOG) {
+      (spark.sessionState.catalog.listDatabases(schemaPattern) ++
+        getGlobalTempViewManager(spark, schemaPattern))
+        .map(Row(_, SparkCatalogUtils.SESSION_CATALOG))
+    } else {
+      val catalog = getCatalog(spark, catalogName)
+      getSchemasWithPattern(catalog, schemaPattern).map(Row(_, catalog.name))
+    }
+  }
+
+  private def getGlobalTempViewManager(
+      spark: SparkSession,
+      schemaPattern: String): Seq[String] = {
+    val database = spark.sharedState.globalTempViewManager.database
+    Option(database).filter(_.matches(schemaPattern)).toSeq
+  }
+
+  private def listAllNamespaces(
+      catalog: SupportsNamespaces,
+      namespaces: Array[Array[String]]): Array[Array[String]] = {
+    val children = namespaces.flatMap { ns =>
+      catalog.listNamespaces(ns)
+    }
+    if (children.isEmpty) {
+      namespaces
+    } else {
+      namespaces ++: listAllNamespaces(catalog, children)
+    }
+  }
+
+  private def listAllNamespaces(catalog: CatalogPlugin): Array[Array[String]] = {
+    catalog match {
+      case catalog: CatalogExtension =>
+        // DSv2 does not support pass schemaPattern transparently
+        catalog.defaultNamespace() +: catalog.listNamespaces(Array())
+      case catalog: SupportsNamespaces =>
+        val rootSchema = catalog.listNamespaces()
+        val allSchemas = listAllNamespaces(catalog, rootSchema)
+        allSchemas
+    }
+  }
+
+  private def listNamespacesWithPattern(
+      catalog: CatalogPlugin,
+      schemaPattern: String): Array[Array[String]] = {
+    listAllNamespaces(catalog).filter { ns =>
+      val quoted = ns.map(quoteIfNeeded).mkString(".")
+      schemaPattern.r.pattern.matcher(quoted).matches()
+    }.distinct
+  }
+
+  private def getSchemasWithPattern(catalog: CatalogPlugin, schemaPattern: String): Seq[String] = {
+    val p = schemaPattern.r.pattern
+    listAllNamespaces(catalog).flatMap { ns =>
+      val quoted = ns.map(quoteIfNeeded).mkString(".")
+      if (p.matcher(quoted).matches()) Some(quoted) else None
+    }.distinct
+  }
+
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+  //                                        Table & View                                         //
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+
+  def getCatalogTablesOrViews(
+      spark: SparkSession,
+      catalogName: String,
+      schemaPattern: String,
+      tablePattern: String,
+      tableTypes: Set[String],
+      ignoreTableProperties: Boolean = false): Seq[Row] = {
+    val catalog = getCatalog(spark, catalogName)
+    val namespaces = listNamespacesWithPattern(catalog, schemaPattern)
+    catalog match {
+      case builtin if builtin.name() == SESSION_CATALOG =>
+        val catalog = spark.sessionState.catalog
+        val databases = catalog.listDatabases(schemaPattern)
+
+        def isMatchedTableType(tableTypes: Set[String], tableType: String): Boolean = {
+          val typ = if (tableType.equalsIgnoreCase(VIEW)) VIEW else TABLE
+          tableTypes.exists(typ.equalsIgnoreCase)
+        }
+
+        databases.flatMap { db =>
+          val identifiers = catalog.listTables(db, tablePattern, includeLocalTempViews = false)
+          catalog.getTablesByName(identifiers)
+            .filter(t => isMatchedTableType(tableTypes, t.tableType.name)).map { t =>
+              val typ = if (t.tableType.name == VIEW) VIEW else TABLE
+              Row(
+                catalogName,
+                t.database,
+                t.identifier.table,
+                typ,
+                t.comment.getOrElse(""),
+                null,
+                null,
+                null,
+                null,
+                null)
+            }
+        }
+      case tc: TableCatalog =>
+        val tp = tablePattern.r.pattern
+        val identifiers = namespaces.flatMap { ns =>
+          tc.listTables(ns).filter(i => tp.matcher(quoteIfNeeded(i.name())).matches())
+        }
+        identifiers.map { ident =>
+          // TODO: restore view type for session catalog
+          val comment = if (ignoreTableProperties) ""
+          else { // load table is a time consuming operation
+            tc.loadTable(ident).properties().getOrDefault(TableCatalog.PROP_COMMENT, "")
+          }
+          val schema = ident.namespace().map(quoteIfNeeded).mkString(".")
+          val tableName = quoteIfNeeded(ident.name())
+          Row(catalog.name(), schema, tableName, TABLE, comment, null, null, null, null, null)
+        }
+      case _ => Seq.empty[Row]
+    }
+  }
+
+  private def getColumnsByCatalog(
+      spark: SparkSession,
+      catalogName: String,
+      schemaPattern: String,
+      tablePattern: String,
+      columnPattern: Pattern): Seq[Row] = {
+    val catalog = getCatalog(spark, catalogName)
+
+    catalog match {
+      case tc: TableCatalog =>
+        val namespaces = listNamespacesWithPattern(catalog, schemaPattern)
+        val tp = tablePattern.r.pattern
+        val identifiers = namespaces.flatMap { ns =>
+          tc.listTables(ns).filter(i => tp.matcher(quoteIfNeeded(i.name())).matches())
+        }
+        identifiers.flatMap { ident =>
+          val table = tc.loadTable(ident)
+          val namespace = ident.namespace().map(quoteIfNeeded).mkString(".")
+          val tableName = quoteIfNeeded(ident.name())
+
+          table.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
+            .map { case (f, i) => toColumnResult(tc.name(), namespace, tableName, f, i) }
+        }
+
+      case builtin if builtin.name() == SESSION_CATALOG =>
+        val catalog = spark.sessionState.catalog
+        val databases = catalog.listDatabases(schemaPattern)
+        databases.flatMap { db =>
+          val identifiers = catalog.listTables(db, tablePattern, includeLocalTempViews = true)
+          catalog.getTablesByName(identifiers).flatMap { t =>
+            t.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
+              .map { case (f, i) =>
+                toColumnResult(catalogName, t.database, t.identifier.table, f, i)
+              }
+          }
+        }
+    }
+  }
+
+  def getTempViews(
+      spark: SparkSession,
+      catalogName: String,
+      schemaPattern: String,
+      tablePattern: String): Seq[Row] = {
+    val views = getViews(spark, schemaPattern, tablePattern)
+    views.map { ident =>
+      Row(catalogName, ident.database.orNull, ident.table, VIEW, "", null, null, null, null, null)
+    }
+  }
+
+  private def getViews(
+      spark: SparkSession,
+      schemaPattern: String,
+      tablePattern: String): Seq[TableIdentifier] = {
+    val db = getGlobalTempViewManager(spark, schemaPattern)
+    if (db.nonEmpty) {
+      spark.sessionState.catalog.listTables(db.head, tablePattern)
+    } else {
+      spark.sessionState.catalog.listLocalTempViews(tablePattern)
+    }
+  }
+
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+  //                                          Columns                                            //
+  // ///////////////////////////////////////////////////////////////////////////////////////////////
+
+  def getColumns(
+      spark: SparkSession,
+      catalogName: String,
+      schemaPattern: String,
+      tablePattern: String,
+      columnPattern: String): Seq[Row] = {
+
+    val cp = columnPattern.r.pattern
+    val byCatalog = getColumnsByCatalog(spark, catalogName, schemaPattern, tablePattern, cp)
+    val byGlobalTmpDB = getColumnsByGlobalTempViewManager(spark, schemaPattern, tablePattern, cp)
+    val byLocalTmp = getColumnsByLocalTempViews(spark, tablePattern, cp)
+
+    byCatalog ++ byGlobalTmpDB ++ byLocalTmp
+  }
+
+  private def getColumnsByGlobalTempViewManager(
+      spark: SparkSession,
+      schemaPattern: String,
+      tablePattern: String,
+      columnPattern: Pattern): Seq[Row] = {
+    val catalog = spark.sessionState.catalog
+
+    getGlobalTempViewManager(spark, schemaPattern).flatMap { globalTmpDb =>
+      catalog.globalTempViewManager.listViewNames(tablePattern).flatMap { v =>
+        catalog.globalTempViewManager.get(v).map { plan =>
+          plan.schema.zipWithIndex.filter(f => columnPattern.matcher(f._1.name).matches())
+            .map { case (f, i) =>
+              toColumnResult(SparkCatalogUtils.SESSION_CATALOG, globalTmpDb, v, f, i)
+            }
+        }
+      }.flatten
+    }
+  }
+
+  private def getColumnsByLocalTempViews(
+      spark: SparkSession,
+      tablePattern: String,
+      columnPattern: Pattern): Seq[Row] = {
+    val catalog = spark.sessionState.catalog
+
+    catalog.listLocalTempViews(tablePattern)
+      .map(v => (v, catalog.getTempView(v.table).get))
+      .flatMap { case (v, plan) =>
+        plan.schema.zipWithIndex
+          .filter(f => columnPattern.matcher(f._1.name).matches())
+          .map { case (f, i) =>
+            toColumnResult(SparkCatalogUtils.SESSION_CATALOG, null, v.table, f, i)
+          }
+      }
+  }
+
+  private def toColumnResult(
+      catalog: String,
+      db: String,
+      table: String,
+      col: StructField,
+      pos: Int): Row = {
+    // format: off
+    Row(
+      catalog,                                              // TABLE_CAT
+      db,                                                   // TABLE_SCHEM
+      table,                                                // TABLE_NAME
+      col.name,                                             // COLUMN_NAME
+      SchemaHelper.toJavaSQLType(col.dataType),             // DATA_TYPE
+      col.dataType.sql,                                     // TYPE_NAME
+      SchemaHelper.getColumnSize(col.dataType).orNull,      // COLUMN_SIZE
+      null,                                                 // BUFFER_LENGTH
+      SchemaHelper.getDecimalDigits(col.dataType).orNull,   // DECIMAL_DIGITS
+      SchemaHelper.getNumPrecRadix(col.dataType).orNull,    // NUM_PREC_RADIX
+      if (col.nullable) 1 else 0,                           // NULLABLE
+      col.getComment().getOrElse(""),                       // REMARKS
+      null,                                                 // COLUMN_DEF
+      null,                                                 // SQL_DATA_TYPE
+      null,                                                 // SQL_DATETIME_SUB
+      null,                                                 // CHAR_OCTET_LENGTH
+      pos,                                                  // ORDINAL_POSITION
+      "YES",                                                // IS_NULLABLE
+      null,                                                 // SCOPE_CATALOG
+      null,                                                 // SCOPE_SCHEMA
+      null,                                                 // SCOPE_TABLE
+      null,                                                 // SOURCE_DATA_TYPE
+      "NO"                                                  // IS_AUTO_INCREMENT
+    )
+    // format: on
+  }
+
+  /**
+   * Forked from Apache Spark's [[org.apache.spark.sql.catalyst.util.quoteIfNeeded]]
+   */
+  def quoteIfNeeded(part: String): String = {
+    if (part.matches("[a-zA-Z0-9_]+") && !part.matches("\\d+")) {
+      part
+    } else {
+      s"`${part.replace("`", "``")}`"
+    }
+  }
+}
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala
index 46208bff1..69431266b 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala
@@ -22,7 +22,7 @@ import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_OPERATION_CONVERT_CATALOG_DATABASE_ENABLED
 import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 
 class SparkCatalogDatabaseOperationSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
@@ -37,7 +37,7 @@ class SparkCatalogDatabaseOperationSuite extends WithSparkSQLEngine with HiveJDB
   test("set/get current catalog") {
     withJdbcStatement() { statement =>
       val catalog = statement.getConnection.getCatalog
-      assert(catalog == SparkCatalogShim.SESSION_CATALOG)
+      assert(catalog == SparkCatalogUtils.SESSION_CATALOG)
       statement.getConnection.setCatalog("dummy")
       val changedCatalog = statement.getConnection.getCatalog
       assert(changedCatalog == "dummy")
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
index cf5044056..650bdabd9 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
@@ -34,7 +34,7 @@ import org.apache.spark.sql.types._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
 import org.apache.kyuubi.engine.spark.schema.SchemaHelper.TIMESTAMP_NTZ
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.operation.{HiveMetadataTests, SparkQueryTests}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
@@ -49,7 +49,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
     withJdbcStatement() { statement =>
       val meta = statement.getConnection.getMetaData
       val types = meta.getTableTypes
-      val expected = SparkCatalogShim.sparkTableTypes.toIterator
+      val expected = SparkCatalogUtils.sparkTableTypes.toIterator
       while (types.next()) {
         assert(types.getString(TABLE_TYPE) === expected.next())
       }
@@ -143,7 +143,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
         var pos = 0
 
         while (rowSet.next()) {
-          assert(rowSet.getString(TABLE_CAT) === SparkCatalogShim.SESSION_CATALOG)
+          assert(rowSet.getString(TABLE_CAT) === SparkCatalogUtils.SESSION_CATALOG)
           assert(rowSet.getString(TABLE_SCHEM) === defaultSchema)
           assert(rowSet.getString(TABLE_NAME) === tableName)
           assert(rowSet.getString(COLUMN_NAME) === schema(pos).name)
@@ -201,7 +201,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
       val data = statement.getConnection.getMetaData
       val rowSet = data.getColumns("", "global_temp", viewName, null)
       while (rowSet.next()) {
-        assert(rowSet.getString(TABLE_CAT) === SparkCatalogShim.SESSION_CATALOG)
+        assert(rowSet.getString(TABLE_CAT) === SparkCatalogUtils.SESSION_CATALOG)
         assert(rowSet.getString(TABLE_SCHEM) === "global_temp")
         assert(rowSet.getString(TABLE_NAME) === viewName)
         assert(rowSet.getString(COLUMN_NAME) === "i")
@@ -228,7 +228,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
       val data = statement.getConnection.getMetaData
       val rowSet = data.getColumns("", "global_temp", viewName, "n")
       while (rowSet.next()) {
-        assert(rowSet.getString(TABLE_CAT) === SparkCatalogShim.SESSION_CATALOG)
+        assert(rowSet.getString(TABLE_CAT) === SparkCatalogUtils.SESSION_CATALOG)
         assert(rowSet.getString(TABLE_SCHEM) === "global_temp")
         assert(rowSet.getString(TABLE_NAME) === viewName)
         assert(rowSet.getString(COLUMN_NAME) === "n")
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/jdbc/KyuubiHiveDriverSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/jdbc/KyuubiHiveDriverSuite.scala
index 4d3c75498..ae68440df 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/jdbc/KyuubiHiveDriverSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/jdbc/KyuubiHiveDriverSuite.scala
@@ -22,7 +22,7 @@ import java.util.Properties
 
 import org.apache.kyuubi.IcebergSuiteMixin
 import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
-import org.apache.kyuubi.engine.spark.shim.SparkCatalogShim
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
 import org.apache.kyuubi.jdbc.hive.{KyuubiConnection, KyuubiStatement}
 import org.apache.kyuubi.tags.IcebergTest
 
@@ -47,15 +47,15 @@ class KyuubiHiveDriverSuite extends WithSparkSQLEngine with IcebergSuiteMixin {
     val metaData = connection.getMetaData
     assert(metaData.getClass.getName === "org.apache.kyuubi.jdbc.hive.KyuubiDatabaseMetaData")
     val statement = connection.createStatement()
-    val table1 = s"${SparkCatalogShim.SESSION_CATALOG}.default.kyuubi_hive_jdbc"
+    val table1 = s"${SparkCatalogUtils.SESSION_CATALOG}.default.kyuubi_hive_jdbc"
     val table2 = s"$catalog.default.hdp_cat_tbl"
     try {
       statement.execute(s"CREATE TABLE $table1(key int) USING parquet")
       statement.execute(s"CREATE TABLE $table2(key int) USING $format")
 
-      val resultSet1 = metaData.getTables(SparkCatalogShim.SESSION_CATALOG, "default", "%", null)
+      val resultSet1 = metaData.getTables(SparkCatalogUtils.SESSION_CATALOG, "default", "%", null)
       assert(resultSet1.next())
-      assert(resultSet1.getString(1) === SparkCatalogShim.SESSION_CATALOG)
+      assert(resultSet1.getString(1) === SparkCatalogUtils.SESSION_CATALOG)
       assert(resultSet1.getString(2) === "default")
       assert(resultSet1.getString(3) === "kyuubi_hive_jdbc")
 

From 5ee96b5d063ec2b3545578c42b19620862461613 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 15 Jun 2023 20:53:50 +0800
Subject: [PATCH 448/760] [KYUUBI #4968] Simplify Option conversion

### _Why are the changes needed?_

Remove unnecessary conversion between `value = valueOpt.orNull` and `valueOpt = Option(value)`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4968 from pan3793/option.

Closes #4968

882181372 [Cheng Pan] fix
c79a72116 [Cheng Pan] nit
fdc95f221 [Cheng Pan] nit
f9e189fc0 [Cheng Pan] nit
2bdfe9a13 [Cheng Pan] nit
d02e2cfa1 [Cheng Pan] nit
ac8b5fb5d [Cheng Pan] Simplify Option convertion

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/operation/BatchJobSubmission.scala |  4 +-
 .../operation/KyuubiOperationManager.scala    |  4 +-
 .../server/KyuubiRestFrontendService.scala    |  2 +-
 .../server/api/v1/BatchesResource.scala       | 78 +++++++++----------
 .../server/metadata/MetadataManager.scala     | 10 +--
 ...ionImpl.scala => KyuubiBatchSession.scala} |  2 +-
 .../kyuubi/session/KyuubiSessionManager.scala | 32 ++++----
 .../kyuubi/WithKyuubiServerOnYarn.scala       | 10 +--
 .../server/api/v1/BatchesResourceSuite.scala  | 16 ++--
 .../metadata/MetadataManagerSuite.scala       |  4 +-
 10 files changed, 78 insertions(+), 84 deletions(-)
 rename kyuubi-server/src/main/scala/org/apache/kyuubi/session/{KyuubiBatchSessionImpl.scala => KyuubiBatchSession.scala} (99%)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index e58539ff7..ab2cfa302 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -36,7 +36,7 @@ import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.operation.OperationState.{isTerminal, CANCELED, OperationState, RUNNING}
 import org.apache.kyuubi.operation.log.OperationLog
 import org.apache.kyuubi.server.metadata.api.Metadata
-import org.apache.kyuubi.session.KyuubiBatchSessionImpl
+import org.apache.kyuubi.session.KyuubiBatchSession
 
 /**
  * The state of batch operation is special. In general, the lifecycle of state is:
@@ -51,7 +51,7 @@ import org.apache.kyuubi.session.KyuubiBatchSessionImpl
  * user close the batch session that means the final status is CANCELED.
  */
 class BatchJobSubmission(
-    session: KyuubiBatchSessionImpl,
+    session: KyuubiBatchSession,
     val batchType: String,
     val batchName: String,
     resource: String,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
index 4730d1618..3078401b0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
@@ -28,7 +28,7 @@ import org.apache.kyuubi.metrics.MetricsConstants.OPERATION_OPEN
 import org.apache.kyuubi.metrics.MetricsSystem
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.server.metadata.api.Metadata
-import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionImpl, Session}
+import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionImpl, Session}
 import org.apache.kyuubi.sql.plan.command.RunnableCommand
 import org.apache.kyuubi.util.ThriftUtils
 
@@ -74,7 +74,7 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
   }
 
   def newBatchJobSubmissionOperation(
-      session: KyuubiBatchSessionImpl,
+      session: KyuubiBatchSession,
       batchType: String,
       batchName: String,
       resource: String,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 86cb28aed..5b6eb0408 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -123,7 +123,7 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
           sessionManager.getPeerInstanceClosedBatchSessions(connectionUrl).foreach { batch =>
             Utils.tryLogNonFatalError {
               val sessionHandle = SessionHandle.fromUUID(batch.identifier)
-              Option(sessionManager.getBatchSessionImpl(sessionHandle)).foreach(_.close())
+              sessionManager.getBatchSession(sessionHandle).foreach(_.close())
             }
           }
         } catch {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 11c36c757..8271c8b88 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -38,7 +38,7 @@ import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.client.exception.KyuubiRestException
 import org.apache.kyuubi.client.util.BatchUtils._
-import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.engine.{ApplicationInfo, KyuubiApplicationManager}
 import org.apache.kyuubi.operation.{BatchJobSubmission, FetchOrientation, OperationState}
@@ -46,7 +46,7 @@ import org.apache.kyuubi.server.api.ApiRequestContext
 import org.apache.kyuubi.server.api.v1.BatchesResource._
 import org.apache.kyuubi.server.metadata.MetadataManager
 import org.apache.kyuubi.server.metadata.api.Metadata
-import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionManager, SessionHandle}
+import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle}
 import org.apache.kyuubi.util.JdbcUtils
 
 @Tag(name = "Batch")
@@ -54,45 +54,33 @@ import org.apache.kyuubi.util.JdbcUtils
 private[v1] class BatchesResource extends ApiRequestContext with Logging {
   private val internalRestClients = new ConcurrentHashMap[String, InternalRestClient]()
   private lazy val internalSocketTimeout =
-    fe.getConf.get(KyuubiConf.BATCH_INTERNAL_REST_CLIENT_SOCKET_TIMEOUT)
+    fe.getConf.get(BATCH_INTERNAL_REST_CLIENT_SOCKET_TIMEOUT).toInt
   private lazy val internalConnectTimeout =
-    fe.getConf.get(KyuubiConf.BATCH_INTERNAL_REST_CLIENT_CONNECT_TIMEOUT)
+    fe.getConf.get(BATCH_INTERNAL_REST_CLIENT_CONNECT_TIMEOUT).toInt
 
   private def getInternalRestClient(kyuubiInstance: String): InternalRestClient = {
     internalRestClients.computeIfAbsent(
       kyuubiInstance,
-      kyuubiInstance => {
-        new InternalRestClient(
-          kyuubiInstance,
-          internalSocketTimeout.toInt,
-          internalConnectTimeout.toInt)
-      })
+      k => new InternalRestClient(k, internalSocketTimeout, internalConnectTimeout))
   }
 
   private def sessionManager = fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
 
-  private def buildBatch(session: KyuubiBatchSessionImpl): Batch = {
+  private def buildBatch(session: KyuubiBatchSession): Batch = {
     val batchOp = session.batchJobSubmissionOp
     val batchOpStatus = batchOp.getStatus
-    val batchAppStatus = batchOp.getApplicationInfo
 
-    val name = Option(batchOp.batchName).getOrElse(batchAppStatus.map(_.name).orNull)
-    var appId: String = null
-    var appUrl: String = null
-    var appState: String = null
-    var appDiagnostic: String = null
-
-    if (!OperationState.isTerminal(batchOpStatus.state) && batchAppStatus.nonEmpty) {
-      appId = batchAppStatus.get.id
-      appUrl = batchAppStatus.get.url.orNull
-      appState = batchAppStatus.get.state.toString
-      appDiagnostic = batchAppStatus.get.error.orNull
-    } else {
-      val metadata = sessionManager.getBatchMetadata(batchOp.batchId)
-      appId = metadata.engineId
-      appUrl = metadata.engineUrl
-      appState = metadata.engineState
-      appDiagnostic = metadata.engineError.orNull
+    val (name, appId, appUrl, appState, appDiagnostic) = batchOp.getApplicationInfo.map { appInfo =>
+      val name = Option(batchOp.batchName).getOrElse(appInfo.name)
+      (name, appInfo.id, appInfo.url.orNull, appInfo.state.toString, appInfo.error.orNull)
+    }.getOrElse {
+      sessionManager.getBatchMetadata(batchOp.batchId) match {
+        case Some(batch) =>
+          val diagnostic = batch.engineError.orNull
+          (batchOp.batchName, batch.engineId, batch.engineUrl, batch.engineState, diagnostic)
+        case None =>
+          (batchOp.batchName, null, null, null, null)
+      }
     }
 
     new Batch(
@@ -185,8 +173,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       @FormDataParam("resourceFile") resourceFileInputStream: InputStream,
       @FormDataParam("resourceFile") resourceFileMetadata: FormDataContentDisposition): Batch = {
     require(
-      fe.getConf.get(KyuubiConf.BATCH_RESOURCE_UPLOAD_ENABLED),
-      "Batch resource upload function is not enabled.")
+      fe.getConf.get(BATCH_RESOURCE_UPLOAD_ENABLED),
+      "Batch resource upload function is disabled.")
     require(
       batchRequest != null,
       "batchRequest is required and please check the content type" +
@@ -228,7 +216,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     }
 
     userProvidedBatchId.flatMap { batchId =>
-      Option(sessionManager.getBatchFromMetadataStore(batchId))
+      sessionManager.getBatchFromMetadataStore(batchId)
     } match {
       case Some(batch) =>
         markDuplicated(batch)
@@ -254,11 +242,17 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
             request)
         } match {
           case Success(sessionHandle) =>
-            buildBatch(sessionManager.getBatchSessionImpl(sessionHandle))
+            sessionManager.getBatchSession(sessionHandle) match {
+              case Some(batchSession) => buildBatch(batchSession)
+              case None => throw new IllegalStateException(
+                  s"can not find batch $batchId from metadata store")
+            }
           case Failure(cause) if JdbcUtils.isDuplicatedKeyDBErr(cause) =>
-            val batch = sessionManager.getBatchFromMetadataStore(batchId)
-            assert(batch != null, s"can not find duplicated batch $batchId from metadata store")
-            markDuplicated(batch)
+            sessionManager.getBatchFromMetadataStore(batchId) match {
+              case Some(batch) => markDuplicated(batch)
+              case None => throw new IllegalStateException(
+                  s"can not find duplicated batch $batchId from metadata store")
+            }
         }
     }
   }
@@ -280,10 +274,10 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
   def batchInfo(@PathParam("batchId") batchId: String): Batch = {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val sessionHandle = formatSessionHandle(batchId)
-    Option(sessionManager.getBatchSessionImpl(sessionHandle)).map { batchSession =>
+    sessionManager.getBatchSession(sessionHandle).map { batchSession =>
       buildBatch(batchSession)
     }.getOrElse {
-      Option(sessionManager.getBatchMetadata(batchId)).map { metadata =>
+      sessionManager.getBatchMetadata(batchId).map { metadata =>
         if (OperationState.isTerminal(OperationState.withName(metadata.state)) ||
           metadata.kyuubiInstance == fe.connectionUrl) {
           MetadataManager.buildBatch(metadata)
@@ -359,7 +353,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       @QueryParam("size") @DefaultValue("100") size: Int): OperationLog = {
     val userName = fe.getSessionUser(Map.empty[String, String])
     val sessionHandle = formatSessionHandle(batchId)
-    Option(sessionManager.getBatchSessionImpl(sessionHandle)).map { batchSession =>
+    sessionManager.getBatchSession(sessionHandle).map { batchSession =>
       try {
         val submissionOp = batchSession.batchJobSubmissionOp
         val rowSet = submissionOp.getOperationLogRowSet(FetchOrientation.FETCH_NEXT, from, size)
@@ -379,7 +373,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
           throw new NotFoundException(errorMsg)
       }
     }.getOrElse {
-      Option(sessionManager.getBatchMetadata(batchId)).map { metadata =>
+      sessionManager.getBatchMetadata(batchId).map { metadata =>
         if (fe.connectionUrl != metadata.kyuubiInstance) {
           val internalRestClient = getInternalRestClient(metadata.kyuubiInstance)
           internalRestClient.getBatchLocalLog(userName, batchId, from, size)
@@ -408,7 +402,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
 
     val userName = fe.getSessionUser(hs2ProxyUser)
 
-    Option(sessionManager.getBatchSessionImpl(sessionHandle)).map { batchSession =>
+    sessionManager.getBatchSession(sessionHandle).map { batchSession =>
       if (userName != batchSession.user) {
         throw new WebApplicationException(
           s"$userName is not allowed to close the session belong to ${batchSession.user}",
@@ -418,7 +412,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       val (success, msg) = batchSession.batchJobSubmissionOp.getKillMessage
       new CloseBatchResponse(success, msg)
     }.getOrElse {
-      Option(sessionManager.getBatchMetadata(batchId)).map { metadata =>
+      sessionManager.getBatchMetadata(batchId).map { metadata =>
         if (userName != metadata.username) {
           throw new WebApplicationException(
             s"$userName is not allowed to close the session belong to ${metadata.username}",
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
index 88a7f4e4e..17beeb62a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
@@ -124,13 +124,13 @@ class MetadataManager extends AbstractService("MetadataManager") {
     }
   }
 
-  def getBatch(batchId: String): Batch = {
-    Option(getBatchSessionMetadata(batchId)).map(buildBatch).orNull
+  def getBatch(batchId: String): Option[Batch] = {
+    getBatchSessionMetadata(batchId).map(buildBatch)
   }
 
-  def getBatchSessionMetadata(batchId: String): Metadata = {
-    Option(withMetadataRequestMetrics(_metadataStore.getMetadata(batchId, true))).filter(
-      _.sessionType == SessionType.BATCH).orNull
+  def getBatchSessionMetadata(batchId: String): Option[Metadata] = {
+    Option(withMetadataRequestMetrics(_metadataStore.getMetadata(batchId, true)))
+      .filter(_.sessionType == SessionType.BATCH)
   }
 
   def getBatches(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
similarity index 99%
rename from kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
rename to kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index ba2046829..ded4c8bf4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -30,7 +30,7 @@ import org.apache.kyuubi.operation.OperationState
 import org.apache.kyuubi.server.metadata.api.Metadata
 import org.apache.kyuubi.session.SessionType.SessionType
 
-class KyuubiBatchSessionImpl(
+class KyuubiBatchSession(
     user: String,
     password: String,
     ipAddress: String,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index d5504ed19..6e74bedbf 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -121,7 +121,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       super.closeSession(sessionHandle)
     } finally {
       session match {
-        case _: KyuubiBatchSessionImpl =>
+        case _: KyuubiBatchSession =>
           batchLimiter.foreach(_.decrement(UserIpAddress(session.user, session.ipAddress)))
         case _ =>
           limiter.foreach(_.decrement(UserIpAddress(session.user, session.ipAddress)))
@@ -142,11 +142,11 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       batchConf: Map[String, String],
       batchArgs: Seq[String],
       recoveryMetadata: Option[Metadata] = None,
-      shouldRunAsync: Boolean): KyuubiBatchSessionImpl = {
+      shouldRunAsync: Boolean): KyuubiBatchSession = {
     // scalastyle:on
     val username = Option(user).filter(_.nonEmpty).getOrElse("anonymous")
     val sessionConf = this.getConf.getUserDefaults(user)
-    new KyuubiBatchSessionImpl(
+    new KyuubiBatchSession(
       username,
       password,
       ipAddress,
@@ -163,7 +163,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       shouldRunAsync)
   }
 
-  private[kyuubi] def openBatchSession(batchSession: KyuubiBatchSessionImpl): SessionHandle = {
+  private[kyuubi] def openBatchSession(batchSession: KyuubiBatchSession): SessionHandle = {
     val user = batchSession.user
     val ipAddress = batchSession.ipAddress
     batchLimiter.foreach(_.increment(UserIpAddress(user, ipAddress)))
@@ -216,8 +216,8 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     openBatchSession(batchSession)
   }
 
-  def getBatchSessionImpl(sessionHandle: SessionHandle): KyuubiBatchSessionImpl = {
-    getSessionOption(sessionHandle).map(_.asInstanceOf[KyuubiBatchSessionImpl]).orNull
+  def getBatchSession(sessionHandle: SessionHandle): Option[KyuubiBatchSession] = {
+    getSessionOption(sessionHandle).map(_.asInstanceOf[KyuubiBatchSession])
   }
 
   def insertMetadata(metadata: Metadata): Unit = {
@@ -229,15 +229,15 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   }
 
   def getMetadataRequestsRetryRef(identifier: String): Option[MetadataRequestsRetryRef] = {
-    Option(metadataManager.map(_.getMetadataRequestsRetryRef(identifier)).orNull)
+    metadataManager.flatMap(mm => Option(mm.getMetadataRequestsRetryRef(identifier)))
   }
 
   def deRegisterMetadataRequestsRetryRef(identifier: String): Unit = {
     metadataManager.foreach(_.deRegisterRequestsRetryRef(identifier))
   }
 
-  def getBatchFromMetadataStore(batchId: String): Batch = {
-    metadataManager.map(_.getBatch(batchId)).orNull
+  def getBatchFromMetadataStore(batchId: String): Option[Batch] = {
+    metadataManager.flatMap(mm => mm.getBatch(batchId))
   }
 
   def getBatchesFromMetadataStore(
@@ -248,13 +248,13 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       endTime: Long,
       from: Int,
       size: Int): Seq[Batch] = {
-    metadataManager.map(
-      _.getBatches(batchType, batchUser, batchState, createTime, endTime, from, size))
-      .getOrElse(Seq.empty)
+    metadataManager.map { mm =>
+      mm.getBatches(batchType, batchUser, batchState, createTime, endTime, from, size)
+    }.getOrElse(Seq.empty)
   }
 
-  def getBatchMetadata(batchId: String): Metadata = {
-    metadataManager.map(_.getBatchSessionMetadata(batchId)).orNull
+  def getBatchMetadata(batchId: String): Option[Metadata] = {
+    metadataManager.flatMap(_.getBatchSessionMetadata(batchId))
   }
 
   @VisibleForTesting
@@ -273,7 +273,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     startEngineAliveChecker()
   }
 
-  def getBatchSessionsToRecover(kyuubiInstance: String): Seq[KyuubiBatchSessionImpl] = {
+  def getBatchSessionsToRecover(kyuubiInstance: String): Seq[KyuubiBatchSession] = {
     Seq(OperationState.PENDING, OperationState.RUNNING).flatMap { stateToRecover =>
       metadataManager.map(_.getBatchesRecoveryMetadata(
         stateToRecover.toString,
@@ -349,7 +349,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   private def startEngineAliveChecker(): Unit = {
     val interval = conf.get(KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL)
     val checkTask: Runnable = () => {
-      allSessions.foreach { session =>
+      allSessions().foreach { session =>
         if (!session.asInstanceOf[KyuubiSessionImpl].checkEngineAlive()) {
           try {
             closeSession(session.handle)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index f2ec60fea..2ed413dcb 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -31,7 +31,7 @@ import org.apache.kyuubi.engine.ApplicationState._
 import org.apache.kyuubi.operation.{FetchOrientation, HiveJDBCTestHelper, OperationState}
 import org.apache.kyuubi.operation.OperationState.ERROR
 import org.apache.kyuubi.server.MiniYarnService
-import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionManager}
+import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager}
 
 /**
  * To developers:
@@ -119,7 +119,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       batchRequest.getConf.asScala.toMap,
       batchRequest)
 
-    val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSessionImpl]
+    val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSession]
     val batchJobSubmissionOp = session.batchJobSubmissionOp
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
@@ -130,8 +130,8 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
 
     eventually(timeout(10.seconds)) {
       val metadata = session.sessionManager.getBatchMetadata(session.handle.identifier.toString)
-      assert(metadata.state === "RUNNING")
-      assert(metadata.engineId.startsWith("application_"))
+      assert(metadata.map(_.state).contains("RUNNING"))
+      assert(metadata.map(_.engineId).get.startsWith("application_"))
     }
 
     val killResponse = yarnOperation.killApplicationByTag(sessionHandle.identifier.toString)
@@ -179,7 +179,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       batchRequest.getConf.asScala.toMap,
       batchRequest)
 
-    val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSessionImpl]
+    val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSession]
     val batchJobSubmissionOp = session.batchJobSubmissionOp
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index dc59d75e3..62a7fec13 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -46,7 +46,7 @@ import org.apache.kyuubi.server.KyuubiRestFrontendService
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 import org.apache.kyuubi.server.metadata.api.Metadata
 import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
-import org.apache.kyuubi.session.{KyuubiBatchSessionImpl, KyuubiSessionManager, SessionHandle, SessionType}
+import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle, SessionType}
 
 class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper with BatchTestHelper {
   override protected lazy val conf: KyuubiConf = KyuubiConf()
@@ -464,8 +464,8 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     sessionManager.insertMetadata(batchMetadata)
     sessionManager.insertMetadata(batchMetadata2)
 
-    assert(sessionManager.getBatchFromMetadataStore(batchId1).getState.equals("PENDING"))
-    assert(sessionManager.getBatchFromMetadataStore(batchId2).getState.equals("PENDING"))
+    assert(sessionManager.getBatchFromMetadataStore(batchId1).map(_.getState).contains("PENDING"))
+    assert(sessionManager.getBatchFromMetadataStore(batchId2).map(_.getState).contains("PENDING"))
 
     val sparkBatchProcessBuilder = new SparkBatchProcessBuilder(
       "kyuubi",
@@ -501,8 +501,8 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
 
     val sessionHandle1 = SessionHandle.fromUUID(batchId1)
     val sessionHandle2 = SessionHandle.fromUUID(batchId2)
-    val session1 = sessionManager.getSession(sessionHandle1).asInstanceOf[KyuubiBatchSessionImpl]
-    val session2 = sessionManager.getSession(sessionHandle2).asInstanceOf[KyuubiBatchSessionImpl]
+    val session1 = sessionManager.getSession(sessionHandle1).asInstanceOf[KyuubiBatchSession]
+    val session2 = sessionManager.getSession(sessionHandle2).asInstanceOf[KyuubiBatchSession]
     assert(session1.createTime === batchMetadata.createTime)
     assert(session2.createTime === batchMetadata2.createTime)
 
@@ -638,8 +638,8 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
     assert(200 == response.getStatus)
     val batch = response.readEntity(classOf[Batch])
-    val batchSession = sessionManager.getBatchSessionImpl(SessionHandle.fromUUID(batch.getId))
-    assert(batchSession.ipAddress === realClientIp)
+    val batchSession = sessionManager.getBatchSession(SessionHandle.fromUUID(batch.getId))
+    assert(batchSession.map(_.ipAddress).contains(realClientIp))
   }
 
   test("expose the metrics with operation type and current state") {
@@ -708,6 +708,6 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     val sessionHandleRegex = "\\[[\\S]*\\]".r
     val batchId = sessionHandleRegex.findFirstMatchIn(e.getMessage).get.group(0)
       .replaceAll("\\[", "").replaceAll("\\]", "")
-    assert(sessionManager.getBatchMetadata(batchId).state == "CANCELED")
+    assert(sessionManager.getBatchMetadata(batchId).map(_.state).contains("CANCELED"))
   }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
index 75c935a3d..8064b7f1f 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
@@ -66,7 +66,7 @@ class MetadataManagerSuite extends KyuubiFunSuite {
       retryRef.addRetryingMetadataRequest(UpdateMetadata(metadataToUpdate))
       eventually(timeout(3.seconds)) {
         assert(retryRef.hasRemainingRequests())
-        assert(metadataManager.getBatch(metadata.identifier).getState === "PENDING")
+        assert(metadataManager.getBatch(metadata.identifier).map(_.getState).contains("PENDING"))
       }
 
       val metadata2 = metadata.copy(identifier = UUID.randomUUID().toString)
@@ -84,7 +84,7 @@ class MetadataManagerSuite extends KyuubiFunSuite {
 
       eventually(timeout(3.seconds)) {
         assert(!retryRef2.hasRemainingRequests())
-        assert(metadataManager.getBatch(metadata2.identifier).getState === "RUNNING")
+        assert(metadataManager.getBatch(metadata2.identifier).map(_.getState).contains("RUNNING"))
       }
 
       metadataManager.identifierRequestsAsyncRetryRefs.clear()

From bfc66042c859f7ed029f0dc07870577748a2e3a8 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 16 Jun 2023 17:34:24 +0800
Subject: [PATCH 449/760] [KYUUBI #4965] [BEELINE] Support `--python-mode`
 option and remove comments for non-python mode

### _Why are the changes needed?_

Close #4803

The beeline has regression because of https://github.com/apache/kyuubi/commit/70590f71ef32f5d3903acd75e72b78e5420b384c#diff-993fdbefe9fe3d1c91fcedba99362a8c8d9b94793ec16cbfbc989e750367ea89

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4965 from turboFei/revert_beeline_python_change.

Closes #4965

856d92391 [fwang12] trim for non python mdoe
f8464606b [fwang12] Revert "[KYUUBI #4619] Fix beeline with -e When there are other SQL statements before the source statement, the source statement cannot be executed normally"
e5e3c31b3 [fwang12] revert trim
bec09c254 [fwang12] migration guide
585da6fc1 [fwang12] fix'
f3fcfe97e [fwang12] save
8cb8cb9d0 [fwang12] save
e1539775a [fwang12] comments
814c970a2 [fwang12] save
b1baa773b [fwang12] save
3337ca8fa [fwang12] options

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/migration-guide.md            |  4 +
 .../apache/hive/beeline/KyuubiBeeLine.java    | 37 ++++++++--
 .../apache/hive/beeline/KyuubiCommands.java   | 25 +++++--
 .../hive/beeline/KyuubiBeeLineTest.java       | 74 +++++++++++++++++++
 .../hive/beeline/KyuubiCommandsTest.java      | 18 +++++
 5 files changed, 147 insertions(+), 11 deletions(-)

diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index 8998bced0..27dad2aba 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -24,6 +24,10 @@
   To restore previous behavior, set `kyuubi.metadata.store.jdbc.database.type=DERBY` and
   `kyuubi.metadata.store.jdbc.url=jdbc:derby:memory:kyuubi_state_store_db;create=true`.
 
+## Upgrading from Kyuubi 1.7.1 to 1.7.2
+
+* Since Kyuubi 1.7.2, for Kyuubi BeeLine, please use `--python-mode` option to run python code or script.
+
 ## Upgrading from Kyuubi 1.7.0 to 1.7.1
 
 * Since Kyuubi 1.7.1, `protocolVersion` is removed from the request parameters of the REST API `Open(create) a session`. All removed or unknown parameters will be silently ignored and affects nothing.
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 5671cde85..e211d93e3 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -20,9 +20,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.sql.Driver;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
+import java.util.*;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
@@ -41,6 +39,9 @@ public class KyuubiBeeLine extends BeeLine {
   private static final int ERRNO_ARGS = 1;
   private static final int ERRNO_OTHER = 2;
 
+  private static final String PYTHON_MODE_PREFIX = "--python-mode";
+  private boolean pythonMode = false;
+
   public KyuubiBeeLine() {
     this(true);
   }
@@ -64,6 +65,22 @@ public KyuubiBeeLine(boolean isBeeLine) {
     }
   }
 
+  @Override
+  void usage() {
+    super.usage();
+    output("Usage: java \" + KyuubiBeeLine.class.getCanonicalName()");
+    output("   --python-mode                   Execute python code/script.");
+  }
+
+  public boolean isPythonMode() {
+    return pythonMode;
+  }
+
+  // Visible for testing
+  public void setPythonMode(boolean pythonMode) {
+    this.pythonMode = pythonMode;
+  }
+
   /** Starts the program. */
   public static void main(String[] args) throws IOException {
     mainWithInputRedirection(args, null);
@@ -125,7 +142,17 @@ int initArgs(String[] args) {
               .<Options>buildStaticChecked()
               .get();
 
-      beelineParser = new BeelineParser();
+      beelineParser =
+          new BeelineParser() {
+            @Override
+            protected void processOption(String arg, ListIterator iter) throws ParseException {
+              if (PYTHON_MODE_PREFIX.equals(arg)) {
+                pythonMode = true;
+              } else {
+                super.processOption(arg, iter);
+              }
+            }
+          };
       cl = beelineParser.parse(options, args);
 
       connSuccessful =
@@ -155,7 +182,7 @@ int initArgs(String[] args) {
             DynMethods.builder("defaultBeelineConnect")
                 .hiddenImpl(BeeLine.class, CommandLine.class)
                 .buildChecked(this)
-                .invoke(beelineParser, cl);
+                .invoke(cl);
 
       } catch (Exception t) {
         error(t.getMessage());
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 76fdc19cc..6bd285962 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -24,6 +24,7 @@
 import java.sql.*;
 import java.util.*;
 import org.apache.hive.beeline.logs.KyuubiBeelineInPlaceUpdateStream;
+import org.apache.hive.common.util.HiveStringUtils;
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement;
 import org.apache.kyuubi.jdbc.hive.Utils;
 import org.apache.kyuubi.jdbc.hive.logs.InPlaceUpdateStream;
@@ -44,9 +45,14 @@ public boolean sql(String line) {
     return execute(line, false, false);
   }
 
+  /** For python mode, keep it as it is. */
+  private String trimForNonPythonMode(String line) {
+    return beeLine.isPythonMode() ? line : line.trim();
+  }
+
   /** Extract and clean up the first command in the input. */
   private String getFirstCmd(String cmd, int length) {
-    return cmd.substring(length).trim();
+    return trimForNonPythonMode(cmd.substring(length));
   }
 
   private String[] tokenizeCmd(String cmd) {
@@ -54,14 +60,12 @@ private String[] tokenizeCmd(String cmd) {
   }
 
   private boolean isSourceCMD(String cmd) {
-    cmd = cmd.trim();
     if (cmd == null || cmd.isEmpty()) return false;
     String[] tokens = tokenizeCmd(cmd);
     return tokens[0].equalsIgnoreCase("source");
   }
 
   private boolean sourceFile(String cmd) {
-    cmd = cmd.trim();
     String[] tokens = tokenizeCmd(cmd);
     String cmd_1 = getFirstCmd(cmd, tokens[0].length());
 
@@ -98,7 +102,7 @@ private boolean sourceFileInternal(File sourceFile) throws IOException {
       }
       String[] cmds = lines.split(beeLine.getOpts().getDelimiter());
       for (String c : cmds) {
-        c = c.trim();
+        c = trimForNonPythonMode(c);
         if (!executeInternal(c, false)) {
           return false;
         }
@@ -262,9 +266,10 @@ private boolean execute(String line, boolean call, boolean entireLineAsCommand)
       beeLine.handleException(e);
     }
 
+    line = trimForNonPythonMode(line);
     List<String> cmdList = getCmdList(line, entireLineAsCommand);
     for (int i = 0; i < cmdList.size(); i++) {
-      String sql = cmdList.get(i);
+      String sql = trimForNonPythonMode(cmdList.get(i));
       if (sql.length() != 0) {
         if (!executeInternal(sql, call)) {
           return false;
@@ -522,6 +527,10 @@ public String handleMultiLineCmd(String line) throws IOException {
             ? null
             : jline.console.ConsoleReader.NULL_MASK;
 
+    int[] startQuote = {-1};
+    if (!beeLine.isPythonMode()) {
+      line = HiveStringUtils.removeComments(line, startQuote);
+    }
     while (isMultiLine(line) && beeLine.getOpts().isAllowMultiLineCommand()) {
       StringBuilder prompt = new StringBuilder(beeLine.getPrompt());
       if (!beeLine.getOpts().isSilent()) {
@@ -547,6 +556,9 @@ public String handleMultiLineCmd(String line) throws IOException {
       if (extra == null) { // it happens when using -f and the line of cmds does not end with ;
         break;
       }
+      if (!beeLine.isPythonMode()) {
+        extra = HiveStringUtils.removeComments(extra, startQuote);
+      }
       if (!extra.isEmpty()) {
         line += "\n" + extra;
       }
@@ -558,12 +570,13 @@ public String handleMultiLineCmd(String line) throws IOException {
   // console. Used in handleMultiLineCmd method assumes line would never be null when this method is
   // called
   private boolean isMultiLine(String line) {
+    line = trimForNonPythonMode(line);
     if (line.endsWith(beeLine.getOpts().getDelimiter()) || beeLine.isComment(line)) {
       return false;
     }
     // handles the case like line = show tables; --test comment
     List<String> cmds = getCmdList(line, false);
-    return cmds.isEmpty() || !cmds.get(cmds.size() - 1).startsWith("--");
+    return cmds.isEmpty() || !trimForNonPythonMode(cmds.get(cmds.size() - 1)).startsWith("--");
   }
 
   static class KyuubiLogRunnable implements Runnable {
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
index 96b76373d..87489f2ad 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
@@ -19,7 +19,12 @@
 package org.apache.hive.beeline;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import org.apache.kyuubi.util.reflect.DynFields;
 import org.junit.Test;
 
 public class KyuubiBeeLineTest {
@@ -47,4 +52,73 @@ public void testKyuubiBeelineExitCodeWithoutConnection() {
     int result3 = kyuubiBeeLine.initArgs(args3);
     assertEquals(1, result3);
   }
+
+  @Test
+  public void testKyuubiBeeLineCmdUsage() {
+    BufferPrintStream printStream = new BufferPrintStream();
+
+    KyuubiBeeLine kyuubiBeeLine = new KyuubiBeeLine();
+    DynFields.builder()
+        .hiddenImpl(BeeLine.class, "outputStream")
+        .build(kyuubiBeeLine)
+        .set(printStream);
+    String[] args1 = {"-h"};
+    kyuubiBeeLine.initArgs(args1);
+    String output = printStream.getOutput();
+    assert output.contains("--python-mode                   Execute python code/script.");
+  }
+
+  @Test
+  public void testKyuubiBeeLinePythonMode() {
+    KyuubiBeeLine kyuubiBeeLine = new KyuubiBeeLine();
+    String[] args1 = {"-u", "badUrl", "--python-mode"};
+    kyuubiBeeLine.initArgs(args1);
+    assertTrue(kyuubiBeeLine.isPythonMode());
+    kyuubiBeeLine.setPythonMode(false);
+
+    String[] args2 = {"--python-mode", "-f", "test.sql"};
+    kyuubiBeeLine.initArgs(args2);
+    assertTrue(kyuubiBeeLine.isPythonMode());
+    assert kyuubiBeeLine.getOpts().getScriptFile().equals("test.sql");
+    kyuubiBeeLine.setPythonMode(false);
+
+    String[] args3 = {"-u", "badUrl"};
+    kyuubiBeeLine.initArgs(args3);
+    assertTrue(!kyuubiBeeLine.isPythonMode());
+    kyuubiBeeLine.setPythonMode(false);
+  }
+
+  static class BufferPrintStream extends PrintStream {
+    public StringBuilder stringBuilder = new StringBuilder();
+
+    static OutputStream noOpOutputStream =
+        new OutputStream() {
+          @Override
+          public void write(int b) throws IOException {
+            // do nothing
+          }
+        };
+
+    public BufferPrintStream() {
+      super(noOpOutputStream);
+    }
+
+    public BufferPrintStream(OutputStream outputStream) {
+      super(noOpOutputStream);
+    }
+
+    @Override
+    public void println(String x) {
+      stringBuilder.append(x).append("\n");
+    }
+
+    @Override
+    public void print(String x) {
+      stringBuilder.append(x);
+    }
+
+    public String getOutput() {
+      return stringBuilder.toString();
+    }
+  }
 }
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
index ecb8d65f5..8cde13d45 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
@@ -34,6 +34,7 @@ public void testParsePythonSnippets() throws IOException {
     Mockito.when(reader.readLine()).thenReturn(pythonSnippets);
 
     KyuubiBeeLine beeline = new KyuubiBeeLine();
+    beeline.setPythonMode(true);
     beeline.setConsoleReader(reader);
     KyuubiCommands commands = new KyuubiCommands(beeline);
     String line = commands.handleMultiLineCmd(pythonSnippets);
@@ -42,4 +43,21 @@ public void testParsePythonSnippets() throws IOException {
     assertEquals(cmdList.size(), 1);
     assertEquals(cmdList.get(0), pythonSnippets);
   }
+
+  @Test
+  public void testHandleMultiLineCmd() throws IOException {
+    ConsoleReader reader = Mockito.mock(ConsoleReader.class);
+    String snippets = "select 1;--comments1\nselect 2;--comments2";
+    Mockito.when(reader.readLine()).thenReturn(snippets);
+
+    KyuubiBeeLine beeline = new KyuubiBeeLine();
+    beeline.setConsoleReader(reader);
+    beeline.setPythonMode(false);
+    KyuubiCommands commands = new KyuubiCommands(beeline);
+    String line = commands.handleMultiLineCmd(snippets);
+    List<String> cmdList = commands.getCmdList(line, false);
+    assertEquals(cmdList.size(), 2);
+    assertEquals(cmdList.get(0), "select 1");
+    assertEquals(cmdList.get(1), "\nselect 2");
+  }
 }

From e59349317f88abfb7f19cd63479f5f396bf05722 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 16 Jun 2023 19:44:24 +0800
Subject: [PATCH 450/760] [KYUUBI #4305][Bug] Backport HIVE-15820: comment at
 the head of beeline -e

### _Why are the changes needed?_

Backport https://github.com/apache/hive/pull/1814

related kyuubi issues
#4305
#4333
#4406

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4972 from turboFei/beeline_head_command.

Closes #4305

04b235fb3 [fwang12] [KYUUBI #4305][Bug] Backport HIVE-15820: comment at the head of beeline -e

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../java/org/apache/hive/beeline/KyuubiBeeLine.java |  7 +++++++
 .../org/apache/hive/beeline/KyuubiCommands.java     |  5 ++---
 .../org/apache/hive/beeline/KyuubiBeeLineTest.java  | 13 +++++++++++++
 .../org/apache/hive/beeline/KyuubiCommandsTest.java |  8 ++++++++
 4 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index e211d93e3..14e7de947 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -24,6 +24,7 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
+import org.apache.hive.common.util.HiveStringUtils;
 import org.apache.kyuubi.util.reflect.DynConstructors;
 import org.apache.kyuubi.util.reflect.DynFields;
 import org.apache.kyuubi.util.reflect.DynMethods;
@@ -275,4 +276,10 @@ int runInit() {
     }
     return executionResult;
   }
+
+  // see HIVE-15820: comment at the head of beeline -e
+  @Override
+  boolean dispatch(String line) {
+    return super.dispatch(isPythonMode() ? line : HiveStringUtils.removeComments(line));
+  }
 }
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index 6bd285962..af294ac6f 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -527,9 +527,8 @@ public String handleMultiLineCmd(String line) throws IOException {
             ? null
             : jline.console.ConsoleReader.NULL_MASK;
 
-    int[] startQuote = {-1};
     if (!beeLine.isPythonMode()) {
-      line = HiveStringUtils.removeComments(line, startQuote);
+      line = HiveStringUtils.removeComments(line);
     }
     while (isMultiLine(line) && beeLine.getOpts().isAllowMultiLineCommand()) {
       StringBuilder prompt = new StringBuilder(beeLine.getPrompt());
@@ -557,7 +556,7 @@ public String handleMultiLineCmd(String line) throws IOException {
         break;
       }
       if (!beeLine.isPythonMode()) {
-        extra = HiveStringUtils.removeComments(extra, startQuote);
+        extra = HiveStringUtils.removeComments(extra);
       }
       if (!extra.isEmpty()) {
         line += "\n" + extra;
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
index 87489f2ad..9c7aec35a 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiBeeLineTest.java
@@ -88,6 +88,19 @@ public void testKyuubiBeeLinePythonMode() {
     kyuubiBeeLine.setPythonMode(false);
   }
 
+  @Test
+  public void testKyuubiBeelineComment() {
+    KyuubiBeeLine kyuubiBeeLine = new KyuubiBeeLine();
+    int result = kyuubiBeeLine.initArgsFromCliVars(new String[] {"-e", "--comment show database;"});
+    assertEquals(0, result);
+    result = kyuubiBeeLine.initArgsFromCliVars(new String[] {"-e", "--comment\n show database;"});
+    assertEquals(1, result);
+    result =
+        kyuubiBeeLine.initArgsFromCliVars(
+            new String[] {"-e", "--comment line 1 \n    --comment line 2 \n show database;"});
+    assertEquals(1, result);
+  }
+
   static class BufferPrintStream extends PrintStream {
     public StringBuilder stringBuilder = new StringBuilder();
 
diff --git a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
index 8cde13d45..653d1b08f 100644
--- a/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
+++ b/kyuubi-hive-beeline/src/test/java/org/apache/hive/beeline/KyuubiCommandsTest.java
@@ -59,5 +59,13 @@ public void testHandleMultiLineCmd() throws IOException {
     assertEquals(cmdList.size(), 2);
     assertEquals(cmdList.get(0), "select 1");
     assertEquals(cmdList.get(1), "\nselect 2");
+
+    // see HIVE-15820: comment at the head of beeline -e
+    snippets = "--comments1\nselect 2;--comments2";
+    Mockito.when(reader.readLine()).thenReturn(snippets);
+    line = commands.handleMultiLineCmd(snippets);
+    cmdList = commands.getCmdList(line, false);
+    assertEquals(cmdList.size(), 1);
+    assertEquals(cmdList.get(0), "select 2");
   }
 }

From 4deb98cd429ed33b469494d0edfb4ad4028835b8 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 16 Jun 2023 20:08:42 +0800
Subject: [PATCH 451/760] [KYUUBI #4970] Unified reflection methods invokeAs
 and getField

### _Why are the changes needed?_

- comment https://github.com/apache/kyuubi/pull/4963#discussion_r1230490326
- simplify reflection calling with unified `invokeAs` / `getField` method for either declared, inherited, or static methods / fields

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4970 from bowenliang123/unify-invokeas.

Closes #4970

592833459 [liangbowen] Revert "dedicate invokeStaticAs method"
ad45ff3fd [liangbowen] dedicate invokeStaticAs method
f08528c0f [liangbowen] nit
42aeb9fcf [liangbowen] add ut case
b5b384120 [liangbowen] nit
072add599 [liangbowen] add ut
8d019ab35 [liangbowen] unified invokeAs and getField

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../authz/util/RangerConfigProvider.scala     | 12 +--
 .../engine/flink/FlinkEngineUtils.scala       | 37 +++-----
 .../engine/flink/shim/FlinkResultSet.scala    | 51 +---------
 .../flink/shim/FlinkSessionManager.scala      | 92 ++-----------------
 .../engine/spark/util/SparkCatalogUtils.scala |  6 +-
 .../spark/sql/kyuubi/SparkDatasetHelper.scala | 11 +--
 .../SparkArrowbasedOperationSuite.scala       | 10 +-
 .../operation/log/Log4j2DivertAppender.scala  |  9 +-
 .../ZookeeperDiscoveryClientSuite.scala       |  8 +-
 .../kyuubi/util/reflect/ReflectUtils.scala    | 54 +++++++----
 .../util/reflect/ReflectUtilsSuite.scala      | 68 +++++++++++++-
 11 files changed, 146 insertions(+), 212 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
index 806914286..a61d94a8f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.plugin.spark.authz.util
 import org.apache.hadoop.conf.Configuration
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.util.reflect.DynMethods
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait RangerConfigProvider {
 
@@ -37,16 +37,10 @@ trait RangerConfigProvider {
   val getRangerConf: Configuration = {
     if (isRanger21orGreater) {
       // for Ranger 2.1+
-      DynMethods.builder("getConfig")
-        .impl("org.apache.ranger.plugin.service.RangerBasePlugin")
-        .buildChecked(this)
-        .invoke[Configuration]()
+      invokeAs(this, "getConfig")
     } else {
       // for Ranger 2.0 and below
-      DynMethods.builder("getInstance")
-        .impl("org.apache.ranger.authorization.hadoop.config.RangerConfiguration")
-        .buildStaticChecked()
-        .invoke[Configuration]()
+      invokeAs("org.apache.ranger.authorization.hadoop.config.RangerConfiguration", "getInstance")
     }
   }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
index 66d9ed2c5..81441ffdf 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
@@ -41,7 +41,8 @@ import org.apache.flink.util.JarUtils
 
 import org.apache.kyuubi.{KyuubiException, Logging}
 import org.apache.kyuubi.util.SemanticVersion
-import org.apache.kyuubi.util.reflect.{DynConstructors, DynFields, DynMethods}
+import org.apache.kyuubi.util.reflect._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object FlinkEngineUtils extends Logging {
 
@@ -127,43 +128,27 @@ object FlinkEngineUtils extends Logging {
         .newInstance(flinkConf, commandLines)
         .asInstanceOf[DefaultContext]
     } else if (FlinkEngineUtils.isFlinkVersionEqualTo("1.17")) {
-      DynMethods.builder("load")
-        .impl(
-          classOf[DefaultContext],
-          classOf[Configuration],
-          classOf[JList[URL]],
-          classOf[Boolean],
-          classOf[Boolean])
-        .buildStatic()
-        .invoke[DefaultContext](
-          flinkConf,
-          dependencies,
-          new JBoolean(true),
-          new JBoolean(false))
+      invokeAs[DefaultContext](
+        classOf[DefaultContext],
+        "load",
+        (classOf[Configuration], flinkConf),
+        (classOf[JList[URL]], dependencies),
+        (classOf[Boolean], JBoolean.TRUE),
+        (classOf[Boolean], JBoolean.FALSE))
     } else {
       throw new KyuubiException(
         s"Flink version ${EnvironmentInformation.getVersion} are not supported currently.")
     }
   }
 
-  def getSessionContext(session: Session): SessionContext = {
-    DynFields.builder()
-      .hiddenImpl(classOf[Session], "sessionContext")
-      .build()
-      .get(session)
-      .asInstanceOf[SessionContext]
-  }
+  def getSessionContext(session: Session): SessionContext = getField(session, "sessionContext")
 
   def getResultJobId(resultFetch: ResultFetcher): Option[JobID] = {
     if (FlinkEngineUtils.isFlinkVersionAtMost("1.16")) {
       return None
     }
     try {
-      Option(DynFields.builder()
-        .hiddenImpl(classOf[ResultFetcher], "jobID")
-        .build()
-        .get(resultFetch)
-        .asInstanceOf[JobID])
+      Option(getField[JobID](resultFetch, "jobID"))
     } catch {
       case _: NullPointerException => None
       case e: Throwable =>
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
index a9c76082d..7fb05c844 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkResultSet.scala
@@ -23,56 +23,13 @@ import java.util
 import org.apache.flink.table.data.RowData
 import org.apache.flink.table.gateway.api.results.ResultSet.ResultType
 
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils
-import org.apache.kyuubi.util.reflect.DynMethods
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class FlinkResultSet(resultSet: AnyRef) {
 
-  def getData: util.List[RowData] = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("getData")
-        .impl("org.apache.flink.table.gateway.api.results.ResultSet")
-        .build()
-        .invoke(resultSet)
-        .asInstanceOf[util.List[RowData]]
-    } else {
-      DynMethods.builder("getData")
-        .impl("org.apache.flink.table.gateway.api.results.ResultSetImpl")
-        .build()
-        .invoke(resultSet)
-        .asInstanceOf[util.List[RowData]]
-    }
-  }
+  def getData: util.List[RowData] = invokeAs(resultSet, "getData")
 
-  def getNextToken: JLong = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("getNextToken")
-        .impl("org.apache.flink.table.gateway.api.results.ResultSet")
-        .build()
-        .invoke(resultSet)
-        .asInstanceOf[JLong]
-    } else {
-      DynMethods.builder("getNextToken")
-        .impl("org.apache.flink.table.gateway.api.results.ResultSetImpl")
-        .build()
-        .invoke(resultSet)
-        .asInstanceOf[JLong]
-    }
-  }
+  def getNextToken: JLong = invokeAs(resultSet, "getNextToken")
 
-  def getResultType: ResultType = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("getResultType")
-        .impl("org.apache.flink.table.gateway.api.results.ResultSet")
-        .build()
-        .invoke(resultSet)
-        .asInstanceOf[ResultType]
-    } else {
-      DynMethods.builder("getResultType")
-        .impl("org.apache.flink.table.gateway.api.results.ResultSetImpl")
-        .build()
-        .invoke(resultSet)
-        .asInstanceOf[ResultType]
-    }
-  }
+  def getResultType: ResultType = invokeAs(resultSet, "getResultType")
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
index ce5bdfbd9..f1a6afed1 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
@@ -22,7 +22,8 @@ import org.apache.flink.table.gateway.service.context.DefaultContext
 import org.apache.flink.table.gateway.service.session.Session
 
 import org.apache.kyuubi.engine.flink.FlinkEngineUtils
-import org.apache.kyuubi.util.reflect.{DynConstructors, DynMethods}
+import org.apache.kyuubi.util.reflect._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class FlinkSessionManager(engineContext: DefaultContext) {
 
@@ -42,89 +43,16 @@ class FlinkSessionManager(engineContext: DefaultContext) {
     }
   }
 
-  def start(): Unit = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("start")
-        .impl("org.apache.flink.table.gateway.service.session.SessionManager")
-        .build()
-        .invoke(sessionManager)
-    } else {
-      DynMethods.builder("start")
-        .impl("org.apache.flink.table.gateway.service.session.SessionManagerImpl")
-        .build()
-        .invoke(sessionManager)
-    }
-  }
+  def start(): Unit = invokeAs(sessionManager, "start")
 
-  def stop(): Unit = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("stop")
-        .impl("org.apache.flink.table.gateway.service.session.SessionManager")
-        .build()
-        .invoke(sessionManager)
-    } else {
-      DynMethods.builder("stop")
-        .impl("org.apache.flink.table.gateway.service.session.SessionManagerImpl")
-        .build()
-        .invoke(sessionManager)
-    }
-  }
+  def stop(): Unit = invokeAs(sessionManager, "stop")
 
-  def getSession(sessionHandle: SessionHandle): Session = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("getSession")
-        .impl(
-          "org.apache.flink.table.gateway.service.session.SessionManager",
-          classOf[SessionHandle])
-        .build()
-        .invoke(sessionManager, sessionHandle)
-        .asInstanceOf[Session]
-    } else {
-      DynMethods.builder("getSession")
-        .impl(
-          "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
-          classOf[SessionHandle])
-        .build()
-        .invoke(sessionManager, sessionHandle)
-        .asInstanceOf[Session]
-    }
-  }
+  def getSession(sessionHandle: SessionHandle): Session =
+    invokeAs(sessionManager, "getSession", (classOf[SessionHandle], sessionHandle))
 
-  def openSession(environment: SessionEnvironment): Session = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("openSession")
-        .impl(
-          "org.apache.flink.table.gateway.service.session.SessionManager",
-          classOf[SessionEnvironment])
-        .build()
-        .invoke(sessionManager, environment)
-        .asInstanceOf[Session]
-    } else {
-      DynMethods.builder("openSession")
-        .impl(
-          "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
-          classOf[SessionEnvironment])
-        .build()
-        .invoke(sessionManager, environment)
-        .asInstanceOf[Session]
-    }
-  }
+  def openSession(environment: SessionEnvironment): Session =
+    invokeAs(sessionManager, "openSession", (classOf[SessionEnvironment], environment))
 
-  def closeSession(sessionHandle: SessionHandle): Unit = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
-      DynMethods.builder("closeSession")
-        .impl(
-          "org.apache.flink.table.gateway.service.session.SessionManager",
-          classOf[SessionHandle])
-        .build()
-        .invoke(sessionManager, sessionHandle)
-    } else {
-      DynMethods.builder("closeSession")
-        .impl(
-          "org.apache.flink.table.gateway.service.session.SessionManagerImpl",
-          classOf[SessionHandle])
-        .build()
-        .invoke(sessionManager, sessionHandle)
-    }
-  }
+  def closeSession(sessionHandle: SessionHandle): Unit =
+    invokeAs(sessionManager, "closeSession", (classOf[SessionHandle], sessionHandle))
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
index 13b87665d..e05e8731d 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
@@ -27,8 +27,7 @@ import org.apache.spark.sql.types.StructField
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.engine.spark.schema.SchemaHelper
-import org.apache.kyuubi.util.reflect.DynMethods
-import org.apache.kyuubi.util.reflect.ReflectUtils.{getField, invokeAs}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 /**
  * A shim that defines the interface interact with Spark's catalogs
@@ -56,8 +55,7 @@ object SparkCatalogUtils extends Logging {
     val sessionCatalog = invokeAs[AnyRef](catalogMgr, "v2SessionCatalog")
     val defaultCatalog = catalogMgr.currentCatalog
 
-    val defaults = Seq(sessionCatalog, defaultCatalog).distinct.map(catalog =>
-      DynMethods.builder("name").impl(catalog.getClass).buildChecked(catalog).invoke[String]())
+    val defaults = Seq(sessionCatalog, defaultCatalog).distinct.map(invokeAs[String](_, "name"))
     val catalogs = getField[scala.collection.Map[String, _]](catalogMgr, "catalogs")
     (catalogs.keys ++: defaults).distinct.map(Row(_))
   }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 06eb9a144..170f108b2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -36,6 +36,7 @@ import org.apache.spark.sql.types._
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil
 import org.apache.kyuubi.engine.spark.schema.RowSet
 import org.apache.kyuubi.util.reflect.DynMethods
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object SparkDatasetHelper extends Logging {
 
@@ -236,15 +237,9 @@ object SparkDatasetHelper extends Logging {
   private def withFinalPlanUpdate[T](
       adaptiveSparkPlanExec: AdaptiveSparkPlanExec,
       fun: SparkPlan => T): T = {
-    val getFinalPhysicalPlan = DynMethods.builder("getFinalPhysicalPlan")
-      .hiddenImpl(adaptiveSparkPlanExec.getClass)
-      .build()
-    val plan = getFinalPhysicalPlan.invoke[SparkPlan](adaptiveSparkPlanExec)
+    val plan = invokeAs[SparkPlan](adaptiveSparkPlanExec, "getFinalPhysicalPlan")
     val result = fun(plan)
-    val finalPlanUpdate = DynMethods.builder("finalPlanUpdate")
-      .hiddenImpl(adaptiveSparkPlanExec.getClass)
-      .build()
-    finalPlanUpdate.invoke[Unit](adaptiveSparkPlanExec)
+    invokeAs[Unit](adaptiveSparkPlanExec, "finalPlanUpdate")
     result
   }
 
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index b8c64b5f2..8818ae7a9 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -43,6 +43,7 @@ import org.apache.kyuubi.engine.spark.{SparkSQLEngine, WithSparkSQLEngine}
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
 import org.apache.kyuubi.operation.SparkDataTypeTests
 import org.apache.kyuubi.util.reflect.{DynFields, DynMethods}
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTypeTests
   with SparkMetricsTestUtils {
@@ -527,13 +528,8 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
    * TODO: Once we drop support for Spark 3.1.x, we can directly call
    * [[SQLConf.isStaticConfigKey()]].
    */
-  private def isStaticConfigKey(key: String): Boolean = {
-    val staticConfKeys = DynFields.builder()
-      .hiddenImpl(SQLConf.getClass, "staticConfKeys")
-      .build[JSet[String]](SQLConf)
-      .get()
-    staticConfKeys.contains(key)
-  }
+  private def isStaticConfigKey(key: String): Boolean =
+    getField[JSet[String]]((SQLConf.getClass, SQLConf), "staticConfKeys").contains(key)
 
   // the signature of function [[ArrowConverters.fromBatchIterator]] is changed in SPARK-43528
   // (since Spark 3.5)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
index 1e5684d4c..0daaeae48 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
@@ -28,7 +28,7 @@ import org.apache.logging.log4j.core.appender.{AbstractWriterAppender, ConsoleAp
 import org.apache.logging.log4j.core.filter.AbstractFilter
 import org.apache.logging.log4j.core.layout.PatternLayout
 
-import org.apache.kyuubi.util.reflect.DynFields
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class Log4j2DivertAppender(
     name: String,
@@ -63,11 +63,8 @@ class Log4j2DivertAppender(
     }
   })
 
-  private val writeLock = DynFields.builder()
-    .hiddenImpl(classOf[AbstractWriterAppender[_]], "readWriteLock")
-    .build[ReadWriteLock](this)
-    .get()
-    .writeLock
+  private val writeLock =
+    getField[ReadWriteLock]((classOf[AbstractWriterAppender[_]], this), "readWriteLock").writeLock
 
   /**
    * Overrides AbstractWriterAppender.append(), which does the real logging. No need
diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
index 0a5db3b43..dd78e1fb8 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClientSuite.scala
@@ -39,7 +39,7 @@ import org.apache.kyuubi.shaded.curator.framework.CuratorFrameworkFactory
 import org.apache.kyuubi.shaded.curator.retry.ExponentialBackoffRetry
 import org.apache.kyuubi.shaded.zookeeper.ZooDefs
 import org.apache.kyuubi.shaded.zookeeper.data.ACL
-import org.apache.kyuubi.util.reflect.DynFields
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 import org.apache.kyuubi.zookeeper.ZookeeperConf.ZK_CLIENT_PORT
 
@@ -157,10 +157,8 @@ abstract class ZookeeperDiscoveryClientSuite extends DiscoveryClientTests
     assert(service.getServiceState === ServiceState.STARTED)
 
     stopZk()
-    val isServerLost = DynFields.builder()
-      .hiddenImpl(discovery.getClass.getSuperclass, "isServerLost")
-      .buildChecked[AtomicBoolean]()
-      .get(discovery)
+    val isServerLost =
+      getField[AtomicBoolean]((discovery.getClass.getSuperclass, discovery), "isServerLost")
 
     eventually(timeout(10.seconds), interval(100.millis)) {
       assert(isServerLost.get())
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
index 5ded0af2c..78b0e1df7 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -20,8 +20,10 @@ package org.apache.kyuubi.util.reflect
 import java.util.ServiceLoader
 
 import scala.collection.JavaConverters._
+import scala.language.existentials
 import scala.reflect.ClassTag
 import scala.util.Try
+
 object ReflectUtils {
 
   /**
@@ -44,18 +46,24 @@ object ReflectUtils {
    * @tparam T the expected return class type
    * @return
    */
-  def getField[T](target: Any, fieldName: String): T = {
-    val targetClass = target.getClass
+  def getField[T](target: AnyRef, fieldName: String): T = {
+    val (clz, obj) = getTargetClass(target)
     try {
-      DynFields.builder()
-        .hiddenImpl(targetClass, fieldName)
-        .buildChecked[T](target)
-        .get()
+      val field = DynFields.builder
+        .hiddenImpl(clz, fieldName)
+        .impl(clz, fieldName)
+        .build[T]
+      if (field.isStatic) {
+        field.asStatic.get
+      } else {
+        field.bind(obj).get
+      }
     } catch {
       case e: Exception =>
-        val candidates = targetClass.getDeclaredFields.map(_.getName).sorted
+        val candidates =
+          (clz.getDeclaredFields ++ clz.getFields).map(_.getName).distinct.sorted
         throw new RuntimeException(
-          s"Field $fieldName not in $targetClass [${candidates.mkString(",")}]",
+          s"Field $fieldName not in $clz [${candidates.mkString(",")}]",
           e)
     }
   }
@@ -70,20 +78,26 @@ object ReflectUtils {
    * @return
    */
   def invokeAs[T](target: AnyRef, methodName: String, args: (Class[_], AnyRef)*): T = {
-    val targetClass = target.getClass
+    val (clz, obj) = getTargetClass(target)
     val argClasses = args.map(_._1)
     try {
-      DynMethods.builder(methodName)
-        .hiddenImpl(targetClass, argClasses: _*)
-        .buildChecked(target)
-        .invoke[T](args.map(_._2): _*)
+      val method = DynMethods.builder(methodName)
+        .hiddenImpl(clz, argClasses: _*)
+        .impl(clz, argClasses: _*)
+        .buildChecked
+      if (method.isStatic) {
+        method.asStatic.invoke[T](args.map(_._2): _*)
+      } else {
+        method.bind(obj).invoke[T](args.map(_._2): _*)
+      }
     } catch {
       case e: Exception =>
-        val candidates = targetClass.getDeclaredMethods.map(_.getName).sorted
+        val candidates =
+          (clz.getDeclaredMethods ++ clz.getMethods).map(_.getName).distinct.sorted
         val argClassesNames = argClasses.map(_.getClass.getName)
         throw new RuntimeException(
-          s"Method $methodName (${argClassesNames.mkString(",")})" +
-            s" not found in $targetClass [${candidates.mkString(",")}]",
+          s"Method $methodName(${argClassesNames.mkString(",")})" +
+            s" not found in $clz [${candidates.mkString(",")}]",
           e)
     }
   }
@@ -101,4 +115,12 @@ object ReflectUtils {
   def loadFromServiceLoader[T](cl: ClassLoader = Thread.currentThread().getContextClassLoader)(
       implicit ct: ClassTag[T]): Iterator[T] =
     ServiceLoader.load(ct.runtimeClass, cl).iterator().asScala.map(_.asInstanceOf[T])
+
+  private def getTargetClass(target: AnyRef): (Class[_], AnyRef) = target match {
+    case clz: Class[_] => (clz, None)
+    case clzName: String => (DynClasses.builder.impl(clzName).buildChecked, None)
+    case (clz: Class[_], o: AnyRef) => (clz, o)
+    case (clzName: String, o: AnyRef) => (DynClasses.builder.impl(clzName).buildChecked, o)
+    case o => (o.getClass, o)
+  }
 }
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
index f28024f18..dbfd234de 100644
--- a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
@@ -16,14 +16,78 @@
  */
 package org.apache.kyuubi.util.reflect
 
-import org.apache.kyuubi.util.reflect.ReflectUtils._
-// scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
+
+// scalastyle:off
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 class ReflectUtilsSuite extends AnyFunSuite {
   // scalastyle:on
 
+  private val obj1 = new ClassA
+  private val obj2 = new ClassB
+
   test("check class loadable") {
     assert(isClassLoadable(getClass.getName))
     assert(!isClassLoadable("org.apache.kyuubi.NonExistClass"))
   }
+
+  test("check invokeAs on base class") {
+    assertResult("method1")(invokeAs[String](obj1, "method1"))
+    assertResult("method2")(invokeAs[String](obj1, "method2"))
+  }
+  test("check invokeAs on sub class") {
+    assertResult("method1")(invokeAs[String](obj2, "method1"))
+    assertResult("method2")(invokeAs[String]((classOf[ClassA], obj2), "method2"))
+    assertResult("method3")(invokeAs[String](obj2, "method3"))
+    assertResult("method4")(invokeAs[String](obj2, "method4"))
+  }
+
+  test("check invokeAs on object and static class") {
+    assertResult("method5")(invokeAs[String](ObjectA, "method5"))
+    assertResult("method6")(invokeAs[String](ObjectA, "method6"))
+    assertResult("method5")(invokeAs[String]("org.apache.kyuubi.util.reflect.ObjectA", "method5"))
+  }
+
+  test("check getField on base class") {
+    assertResult("field0")(getField[String](obj1, "field0"))
+    assertResult("field1")(getField[String](obj1, "field1"))
+    assertResult("field2")(getField[String](obj1, "field2"))
+  }
+
+  test("check getField on subclass") {
+    assertResult("field0")(getField[String]((classOf[ClassA], obj2), "field0"))
+    assertResult("field1")(getField[String]((classOf[ClassA], obj2), "field1"))
+    assertResult("field2")(getField[String]((classOf[ClassA], obj2), "field2"))
+    assertResult("field3")(getField[String](obj2, "field3"))
+    assertResult("field4")(getField[String](obj2, "field4"))
+  }
+
+  test("check getField on object and static class") {
+    assertResult("field5")(getField[String](ObjectA, "field5"))
+    assertResult("field6")(getField[String](ObjectA, "field6"))
+  }
+}
+
+class ClassA(val field0: String = "field0") {
+  val field1 = "field1"
+  private val field2 = "field2"
+
+  def method1(): String = "method1"
+  private def method2(): String = "method2"
+}
+
+class ClassB extends ClassA {
+  val field3 = "field3"
+  private val field4 = "field4"
+
+  def method3(): String = "method3"
+  private def method4(): String = "method4"
+}
+
+object ObjectA {
+  val field5 = "field5"
+  private val field6 = "field6"
+
+  def method5(): String = "method5"
+  private def method6(): String = "method6"
 }

From de0258be79a011a71dbdb93b1aa54fafa7742e99 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 16 Jun 2023 20:22:45 +0800
Subject: [PATCH 452/760] [KYUUBI #4969] [TEST] Run JUnit  tests on beeline
 module

### _Why are the changes needed?_

- add `maven-surefire-plugin` to beeline module for running JUnit tests.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4969 from bowenliang123/scalatest-junit.

Closes #4969

995c83c07 [liangbowen] surefire on beeline

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 kyuubi-hive-beeline/pom.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kyuubi-hive-beeline/pom.xml b/kyuubi-hive-beeline/pom.xml
index 6c5f255dc..7a841f082 100644
--- a/kyuubi-hive-beeline/pom.xml
+++ b/kyuubi-hive-beeline/pom.xml
@@ -223,6 +223,14 @@
                     <skip>true</skip>
                 </configuration>
             </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>${skipTests}</skipTests>
+                </configuration>
+            </plugin>
         </plugins>
         <outputDirectory>target/classes</outputDirectory>
         <testOutputDirectory>target/test-classes</testOutputDirectory>

From eeee5c1ae359c28eddccef1158a2eaaae6e7da74 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 16 Jun 2023 21:20:17 +0800
Subject: [PATCH 453/760] [KYUUBI #4959] [MINOR] Code improvements for Scala

### _Why are the changes needed?_

- To improve Scala code with corrections, simplification, scala style, redundancy cleaning-up. No feature changes introduced.

Corrections:
- Class doesn't correspond to file name (SparkListenerExtensionTest)
- Correct package name in ResultSetUtil and PySparkTests

Improvements:
- 'var' could be a 'val'
- GetOrElse(null) to orNull

Cleanup & Simplification:
- Redundant cast inspection
- Redundant collection conversion
- Simplify boolean expression
- Redundant new on case class
- Redundant return
- Unnecessary parentheses
- Unnecessary partial function
- Simplifiable empty check
- Anonymous function convertible to a method value

Scala Style:
- Constructing range for seq indices
- Get and getOrElse to getOrElse
- Convert expression to Single Abstract Method (SAM)
- Scala unnecessary semicolon inspection
- Map and getOrElse(false) to exists
- Map and flatten to flatMap
- Null initializer can be replaced by _
- scaladoc link to method

Other Improvements:
- Replace map and getOrElse(true) with forall
- Unit return type in the argument of map
- Size to length on arrays and strings
- Type check can be pattern matching
- Java mutator method accessed as parameterless
- Procedure syntax in method definition

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4959 from bowenliang123/scala-Improve.

Closes #4959

2d36ff351 [liangbowen] code improvement for Scala

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/sql/KyuubiSparkSQLAstBuilder.scala |  3 +-
 .../apache/spark/sql/ZorderSuiteBase.scala    | 28 ++++++++-------
 .../connector/hive/HiveTableCatalog.scala     |  2 +-
 .../hive/read/FilePartitionReader.scala       |  2 +-
 .../kyuubi/connector/HiveBridgeHelper.scala   |  2 +-
 .../hive/ExternalCatalogPoolSuite.scala       |  4 +--
 .../connector/hive/HiveCatalogSuite.scala     |  2 +-
 .../connector/tpcds/TPCDSCatalogSuite.scala   |  2 +-
 .../connector/tpch/TPCHCatalogSuite.scala     |  2 +-
 .../spark/connector/tpch/TPCHQuerySuite.scala |  2 +-
 ...scala => SparkListenerExtensionTest.scala} |  0
 .../engine/flink/result/ResultSet.scala       |  2 +-
 .../engine/flink/result/ResultSetUtil.scala   |  2 +-
 .../flink/operation/FlinkOperationSuite.scala |  2 +-
 .../spark/kyuubi/SparkProgressMonitor.scala   |  6 +---
 .../arrow/KyuubiArrowConverters.scala         |  4 +--
 .../apache/spark/ui/EngineSessionPage.scala   |  4 +--
 .../SparkArrowbasedOperationSuite.scala       |  2 +-
 .../SparkCatalogDatabaseOperationSuite.scala  |  2 +-
 .../spark/operation/SparkOperationSuite.scala | 16 ++++-----
 .../trino/session/TrinoSessionImpl.scala      |  4 +--
 .../engine/trino/TrinoStatementSuite.scala    |  6 ++--
 .../trino/operation/TrinoOperationSuite.scala | 12 +++----
 .../it/trino/server/TrinoFrontendSuite.scala  |  2 +-
 .../apache/kyuubi/config/ConfigBuilder.scala  |  2 +-
 .../kyuubi/service/TFrontendService.scala     |  2 +-
 .../kyuubi/session/SessionManager.scala       |  6 ++--
 .../org/apache/kyuubi/HiveEngineTests.scala   |  6 ++--
 .../authentication/PlainSASLServerSuite.scala |  4 +--
 .../kyuubi/ctl/cli/ControlCliArguments.scala  |  4 +--
 .../apache/kyuubi/ctl/util/Tabulator.scala    |  4 +--
 .../kyuubi/ctl/BatchCliArgumentsSuite.scala   |  4 +--
 .../apache/kyuubi/ctl/TestPrematureExit.scala |  6 ++--
 .../apache/kyuubi/events/EventBusSuite.scala  | 36 +++++++++----------
 .../ha/client/DiscoveryClientTests.scala      |  2 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  8 ++---
 .../server/api/v1/ApiRootResource.scala       |  4 +--
 .../server/api/v1/OperationsResource.scala    |  2 +-
 .../server/api/v1/SessionsResource.scala      |  7 ++--
 .../authentication/AuthenticationFilter.scala |  4 +--
 .../AuthenticationHandler.scala               |  4 +--
 .../KerberosAuthenticationHandler.scala       |  4 +--
 .../http/authentication/KerberosUtil.scala    |  2 +-
 .../server/trino/api/TrinoContext.scala       |  2 +-
 .../trino/api/v1/StatementResource.scala      |  2 +-
 .../apache/kyuubi/session/KyuubiSession.scala |  4 +--
 .../sql/plan/command/RunnableCommand.scala    |  2 +-
 .../apache/kyuubi/util/KubernetesUtils.scala  |  2 +-
 .../org/apache/kyuubi/util/Validator.scala    |  2 +-
 .../apache/kyuubi/engine/EngineRefTests.scala |  4 +--
 .../kyuubi/engine/spark/PySparkTests.scala    |  6 ++--
 .../spark/SparkProcessBuilderSuite.scala      | 20 +++++------
 ...yuubiOperationThriftHttpPerUserSuite.scala |  2 +-
 .../server/api/v1/AdminResourceSuite.scala    |  4 +--
 .../server/api/v1/BatchesResourceSuite.scala  |  2 +-
 .../AuthenticationFilterSuite.scala           |  2 +-
 .../rest/client/AdminRestApiSuite.scala       |  2 +-
 .../rest/client/SessionRestApiSuite.scala     |  5 ++-
 .../trino/api/v1/StatementResourceSuite.scala |  9 ++---
 59 files changed, 139 insertions(+), 155 deletions(-)
 rename extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/spark/sql/{SparkListenerExtenstionTest.scala => SparkListenerExtensionTest.scala} (100%)

diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
index 9f1958b09..82e3e6da5 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
@@ -81,7 +81,6 @@ abstract class KyuubiSparkSQLAstBuilderBase extends KyuubiSparkSQLBaseVisitor[An
     val zorderCols = ctx.zorderClause().order.asScala
       .map(visitMultipartIdentifier)
       .map(UnresolvedAttribute(_))
-      .toSeq
 
     val orderExpr =
       if (zorderCols.length == 1) {
@@ -381,7 +380,7 @@ abstract class KyuubiSparkSQLAstBuilderBase extends KyuubiSparkSQLBaseVisitor[An
   private def stringToDate(s: UTF8String): Option[Int] = {
     def isValidDigits(segment: Int, digits: Int): Boolean = {
       // An integer is able to represent a date within [+-]5 million years.
-      var maxDigitsYear = 7
+      val maxDigitsYear = 7
       (segment == 0 && digits >= 4 && digits <= maxDigitsYear) ||
       (segment != 0 && digits > 0 && digits <= 2)
     }
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
index b24533e69..f48d11e15 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
@@ -245,20 +245,22 @@ trait ZorderSuiteBase extends KyuubiSparkSQLExtensionTest with ExpressionEvalHel
       resHasSort: Boolean): Unit = {
     def checkSort(plan: LogicalPlan): Unit = {
       assert(plan.isInstanceOf[Sort] === resHasSort)
-      if (plan.isInstanceOf[Sort]) {
-        val colArr = cols.split(",")
-        val refs =
-          if (colArr.length == 1) {
-            plan.asInstanceOf[Sort].order.head
-              .child.asInstanceOf[AttributeReference] :: Nil
-          } else {
-            plan.asInstanceOf[Sort].order.head
-              .child.asInstanceOf[Zorder].children.map(_.references.head)
+      plan match {
+        case sort: Sort =>
+          val colArr = cols.split(",")
+          val refs =
+            if (colArr.length == 1) {
+              sort.order.head
+                .child.asInstanceOf[AttributeReference] :: Nil
+            } else {
+              sort.order.head
+                .child.asInstanceOf[Zorder].children.map(_.references.head)
+            }
+          assert(refs.size === colArr.size)
+          refs.zip(colArr).foreach { case (ref, col) =>
+            assert(ref.name === col.trim)
           }
-        assert(refs.size === colArr.size)
-        refs.zip(colArr).foreach { case (ref, col) =>
-          assert(ref.name === col.trim)
-        }
+        case _ =>
       }
     }
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index d4e0f5ea2..1199987b4 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -259,7 +259,7 @@ class HiveTableCatalog(sparkSession: SparkSession)
   private def toOptions(properties: Map[String, String]): Map[String, String] = {
     properties.filterKeys(_.startsWith(TableCatalog.OPTION_PREFIX)).map {
       case (key, value) => key.drop(TableCatalog.OPTION_PREFIX.length) -> value
-    }.toMap
+    }
   }
 
   override def listNamespaces(): Array[Array[String]] = {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
index d0cd680d4..8ac90b3fe 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
@@ -31,7 +31,7 @@ import org.apache.spark.sql.internal.SQLConf
 // scalastyle:on line.size.limit
 class FilePartitionReader[T](readers: Iterator[HivePartitionedFileReader[T]])
   extends PartitionReader[T] with Logging {
-  private var currentReader: HivePartitionedFileReader[T] = null
+  private var currentReader: HivePartitionedFileReader[T] = _
 
   private val sqlConf = SQLConf.get
   private def ignoreMissingFiles = sqlConf.ignoreMissingFiles
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
index 349edd327..305c1450e 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
@@ -79,7 +79,7 @@ object HiveBridgeHelper {
             s"Unsupported partition transform: $transform")
       }
 
-      (identityCols.toSeq, bucketSpec)
+      (identityCols, bucketSpec)
     }
   }
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/ExternalCatalogPoolSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/ExternalCatalogPoolSuite.scala
index 7c02e8531..937e32d6d 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/ExternalCatalogPoolSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/ExternalCatalogPoolSuite.scala
@@ -56,11 +56,11 @@ class ExternalCatalogPoolSuite extends KyuubiHiveTest {
       val externalCatalog2 = pool.take(catalog2)
 
       assert(externalCatalog1 != externalCatalog2)
-      (1 to 10).foreach { id =>
+      (1 to 10).foreach { _ =>
         assert(pool.take(catalog1) == externalCatalog1)
       }
 
-      (1 to 10).foreach { id =>
+      (1 to 10).foreach { _ =>
         assert(pool.take(catalog2) == externalCatalog2)
       }
     }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
index 7a1eb86dc..9088a6cfe 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
@@ -95,7 +95,7 @@ class HiveCatalogSuite extends KyuubiHiveTest {
   }
 
   test("get catalog name") {
-    withSparkSession() { spark =>
+    withSparkSession() { _ =>
       val catalog = new HiveTableCatalog
       val catalogName = "hive"
       catalog.initialize(catalogName, CaseInsensitiveStringMap.empty())
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
index 55a7fa3e9..451cee135 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
@@ -35,7 +35,7 @@ class TPCDSCatalogSuite extends KyuubiFunSuite {
       .set("spark.sql.catalog.tpcds", classOf[TPCDSCatalog].getName)
       .set("spark.sql.cbo.enabled", "true")
       .set("spark.sql.cbo.planStats.enabled", "true")
-    withSparkSession(SparkSession.builder.config(sparkConf).getOrCreate()) { spark =>
+    withSparkSession(SparkSession.builder.config(sparkConf).getOrCreate()) { _ =>
       val catalog = new TPCDSCatalog
       val catalogName = "test"
       catalog.initialize(catalogName, CaseInsensitiveStringMap.empty())
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
index 0fdfc2689..802c8d690 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
@@ -35,7 +35,7 @@ class TPCHCatalogSuite extends KyuubiFunSuite {
       .set("spark.sql.catalog.tpch", classOf[TPCHCatalog].getName)
       .set("spark.sql.cbo.enabled", "true")
       .set("spark.sql.cbo.planStats.enabled", "true")
-    withSparkSession(SparkSession.builder.config(sparkConf).getOrCreate()) { spark =>
+    withSparkSession(SparkSession.builder.config(sparkConf).getOrCreate()) { _ =>
       val catalog = new TPCHCatalog
       val catalogName = "test"
       catalog.initialize(catalogName, CaseInsensitiveStringMap.empty())
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
index efeaeb36c..88495f037 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
@@ -54,7 +54,7 @@ class TPCHQuerySuite extends KyuubiFunSuite {
   val queries: Set[String] = (1 to 22).map(i => s"q$i").toSet
 
   test("run query on tiny") {
-    val viewSuffix = "view";
+    val viewSuffix = "view"
     val sparkConf = new SparkConf().setMaster("local[*]")
       .set("spark.ui.enabled", "false")
       .set("spark.sql.catalogImplementation", "in-memory")
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/spark/sql/SparkListenerExtenstionTest.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/spark/sql/SparkListenerExtensionTest.scala
similarity index 100%
rename from extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/spark/sql/SparkListenerExtenstionTest.scala
rename to extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/spark/sql/SparkListenerExtensionTest.scala
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
index b90be09ff..1e94042d0 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
@@ -69,7 +69,7 @@ object ResultSet {
       .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
       .columns(Column.physical("result", DataTypes.STRING()))
       .data(data)
-      .build;
+      .build
   }
 
   def builder: Builder = new ResultSet.Builder
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
index d6bc2bada..c1169528c 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.engine.flink.result;
+package org.apache.kyuubi.engine.flink.result
 
 import scala.collection.convert.ImplicitConversions._
 import scala.collection.mutable.ListBuffer
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 39d17aa7b..1b27ae974 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -1035,7 +1035,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       assert(metadata.getColumnType(1) === java.sql.Types.VARCHAR)
       assert(resultSet.next())
       assert(resultSet.getString(1).length == 32)
-    };
+    }
   }
 
   test("execute statement - streaming insert into") {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkProgressMonitor.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkProgressMonitor.scala
index a46cbecc2..1d9ef53ea 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkProgressMonitor.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkProgressMonitor.scala
@@ -136,12 +136,8 @@ class SparkProgressMonitor(spark: SparkSession, jobGroup: String) {
       trimmedVName = s.substring(0, COLUMN_1_WIDTH - 2)
       trimmedVName += ".."
     } else trimmedVName += " "
-    val result = new StringBuilder(trimmedVName)
     val toFill = (spaceRemaining * percent).toInt
-    for (i <- 0 until toFill) {
-      result.append(".")
-    }
-    result.toString
+    s"$trimmedVName${"." * toFill}"
   }
 
   private def getCompletedStages: Int = {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
index f78552602..5c4d7086f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/execution/arrow/KyuubiArrowConverters.scala
@@ -128,7 +128,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
     val n = collectLimitExec.limit
     val schema = collectLimitExec.schema
     if (n == 0) {
-      return new Array[Batch](0)
+      new Array[Batch](0)
     } else {
       val limitScaleUpFactor = Math.max(conf.limitScaleUpFactor, 2)
       // TODO: refactor and reuse the code from RDD's take()
@@ -156,7 +156,7 @@ object KyuubiArrowConverters extends SQLConfHelper with Logging {
         }
 
         val partsToScan =
-          partsScanned.until(math.min(partsScanned + numPartsToTry, totalParts).toInt)
+          partsScanned.until(math.min(partsScanned + numPartsToTry, totalParts))
 
         // TODO: SparkPlan.session introduced in SPARK-35798, replace with SparkPlan.session once we
         // drop Spark-3.1.x support.
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala
index 1f34ae64f..8ae830a84 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala
@@ -42,7 +42,7 @@ case class EngineSessionPage(parent: EngineTab)
     require(parameterId != null && parameterId.nonEmpty, "Missing id parameter")
 
     val content = store.synchronized { // make sure all parts in this page are consistent
-      val sessionStat = store.getSession(parameterId).getOrElse(null)
+      val sessionStat = store.getSession(parameterId).orNull
       require(sessionStat != null, "Invalid sessionID[" + parameterId + "]")
 
       val redactionPattern = parent.sparkUI match {
@@ -51,7 +51,7 @@ case class EngineSessionPage(parent: EngineTab)
       }
 
       val sessionPropertiesTable =
-        if (sessionStat.conf != null && !sessionStat.conf.isEmpty) {
+        if (sessionStat.conf != null && sessionStat.conf.nonEmpty) {
           val table = UIUtils.listingTable(
             propertyHeader,
             propertyRow,
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 8818ae7a9..2e7e41a2a 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -583,7 +583,7 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
   }
 
   class SQLMetricsListener extends QueryExecutionListener {
-    var queryExecution: QueryExecution = null
+    var queryExecution: QueryExecution = _
     override def onSuccess(funcName: String, qe: QueryExecution, durationNs: Long): Unit = {
       queryExecution = qe
     }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala
index 69431266b..5ee01bda1 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkCatalogDatabaseOperationSuite.scala
@@ -61,7 +61,7 @@ class DummyCatalog extends CatalogPlugin {
     _name = name
   }
 
-  private var _name: String = null
+  private var _name: String = _
 
   override def name(): String = _name
 
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
index 650bdabd9..f5d265422 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
@@ -306,28 +306,28 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
       val tFetchResultsReq1 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_NEXT, 1)
       val tFetchResultsResp1 = client.FetchResults(tFetchResultsReq1)
       assert(tFetchResultsResp1.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      val idSeq1 = tFetchResultsResp1.getResults.getColumns.get(0).getI64Val.getValues.asScala.toSeq
+      val idSeq1 = tFetchResultsResp1.getResults.getColumns.get(0).getI64Val.getValues.asScala
       assertResult(Seq(0L))(idSeq1)
 
       // fetch next from first row
       val tFetchResultsReq2 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_NEXT, 1)
       val tFetchResultsResp2 = client.FetchResults(tFetchResultsReq2)
       assert(tFetchResultsResp2.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      val idSeq2 = tFetchResultsResp2.getResults.getColumns.get(0).getI64Val.getValues.asScala.toSeq
+      val idSeq2 = tFetchResultsResp2.getResults.getColumns.get(0).getI64Val.getValues.asScala
       assertResult(Seq(1L))(idSeq2)
 
       // fetch prior from second row, expected got first row
       val tFetchResultsReq3 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_PRIOR, 1)
       val tFetchResultsResp3 = client.FetchResults(tFetchResultsReq3)
       assert(tFetchResultsResp3.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      val idSeq3 = tFetchResultsResp3.getResults.getColumns.get(0).getI64Val.getValues.asScala.toSeq
+      val idSeq3 = tFetchResultsResp3.getResults.getColumns.get(0).getI64Val.getValues.asScala
       assertResult(Seq(0L))(idSeq3)
 
       // fetch first
       val tFetchResultsReq4 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_FIRST, 3)
       val tFetchResultsResp4 = client.FetchResults(tFetchResultsReq4)
       assert(tFetchResultsResp4.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      val idSeq4 = tFetchResultsResp4.getResults.getColumns.get(0).getI64Val.getValues.asScala.toSeq
+      val idSeq4 = tFetchResultsResp4.getResults.getColumns.get(0).getI64Val.getValues.asScala
       assertResult(Seq(0L, 1L))(idSeq4)
     }
   }
@@ -349,7 +349,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
         val tFetchResultsResp1 = client.FetchResults(tFetchResultsReq1)
         assert(tFetchResultsResp1.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
         val idSeq1 = tFetchResultsResp1.getResults.getColumns.get(0)
-          .getI64Val.getValues.asScala.toSeq
+          .getI64Val.getValues.asScala
         assertResult(Seq(0L))(idSeq1)
 
         // fetch next from first row
@@ -357,7 +357,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
         val tFetchResultsResp2 = client.FetchResults(tFetchResultsReq2)
         assert(tFetchResultsResp2.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
         val idSeq2 = tFetchResultsResp2.getResults.getColumns.get(0)
-          .getI64Val.getValues.asScala.toSeq
+          .getI64Val.getValues.asScala
         assertResult(Seq(1L))(idSeq2)
 
         // fetch prior from second row, expected got first row
@@ -365,7 +365,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
         val tFetchResultsResp3 = client.FetchResults(tFetchResultsReq3)
         assert(tFetchResultsResp3.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
         val idSeq3 = tFetchResultsResp3.getResults.getColumns.get(0)
-          .getI64Val.getValues.asScala.toSeq
+          .getI64Val.getValues.asScala
         assertResult(Seq(0L))(idSeq3)
 
         // fetch first
@@ -373,7 +373,7 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
         val tFetchResultsResp4 = client.FetchResults(tFetchResultsReq4)
         assert(tFetchResultsResp4.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
         val idSeq4 = tFetchResultsResp4.getResults.getColumns.get(0)
-          .getI64Val.getValues.asScala.toSeq
+          .getI64Val.getValues.asScala
         assertResult(Seq(0L, 1L))(idSeq4)
       }
     }
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index 6869e54dc..42b21fc29 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -51,8 +51,8 @@ class TrinoSessionImpl(
 
   var trinoContext: TrinoContext = _
   private var clientSession: ClientSession = _
-  private var catalogName: String = null
-  private var databaseName: String = null
+  private var catalogName: String = _
+  private var databaseName: String = _
 
   private val sessionEvent = TrinoSessionEvent(this)
 
diff --git a/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/TrinoStatementSuite.scala b/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/TrinoStatementSuite.scala
index fc9f1af5f..dec753ad4 100644
--- a/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/TrinoStatementSuite.scala
+++ b/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/TrinoStatementSuite.scala
@@ -30,15 +30,15 @@ class TrinoStatementSuite extends WithTrinoContainerServer {
       assert(schema.size === 1)
       assert(schema(0).getName === "_col0")
 
-      assert(resultSet.toIterator.hasNext)
-      assert(resultSet.toIterator.next() === List(1))
+      assert(resultSet.hasNext)
+      assert(resultSet.next() === List(1))
 
       val trinoStatement2 = TrinoStatement(trinoContext, kyuubiConf, "show schemas")
       val schema2 = trinoStatement2.getColumns
       val resultSet2 = trinoStatement2.execute()
 
       assert(schema2.size === 1)
-      assert(resultSet2.toIterator.hasNext)
+      assert(resultSet2.hasNext)
     }
   }
 
diff --git a/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperationSuite.scala b/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperationSuite.scala
index a6f125af5..90939a3e4 100644
--- a/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperationSuite.scala
+++ b/externals/kyuubi-trino-engine/src/test/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperationSuite.scala
@@ -590,14 +590,14 @@ class TrinoOperationSuite extends WithTrinoEngine with TrinoQueryTests {
       val tFetchResultsReq1 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_NEXT, 1)
       val tFetchResultsResp1 = client.FetchResults(tFetchResultsReq1)
       assert(tFetchResultsResp1.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      val idSeq1 = tFetchResultsResp1.getResults.getColumns.get(0).getI32Val.getValues.asScala.toSeq
+      val idSeq1 = tFetchResultsResp1.getResults.getColumns.get(0).getI32Val.getValues.asScala
       assertResult(Seq(0L))(idSeq1)
 
       // fetch next from first row
       val tFetchResultsReq2 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_NEXT, 1)
       val tFetchResultsResp2 = client.FetchResults(tFetchResultsReq2)
       assert(tFetchResultsResp2.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      val idSeq2 = tFetchResultsResp2.getResults.getColumns.get(0).getI32Val.getValues.asScala.toSeq
+      val idSeq2 = tFetchResultsResp2.getResults.getColumns.get(0).getI32Val.getValues.asScala
       assertResult(Seq(1L))(idSeq2)
 
       val tFetchResultsReq3 = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_PRIOR, 1)
@@ -607,7 +607,7 @@ class TrinoOperationSuite extends WithTrinoEngine with TrinoQueryTests {
       } else {
         assert(tFetchResultsResp3.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
         val idSeq3 =
-          tFetchResultsResp3.getResults.getColumns.get(0).getI32Val.getValues.asScala.toSeq
+          tFetchResultsResp3.getResults.getColumns.get(0).getI32Val.getValues.asScala
         assertResult(Seq(0L))(idSeq3)
       }
 
@@ -618,7 +618,7 @@ class TrinoOperationSuite extends WithTrinoEngine with TrinoQueryTests {
       } else {
         assert(tFetchResultsResp4.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
         val idSeq4 =
-          tFetchResultsResp4.getResults.getColumns.get(0).getI32Val.getValues.asScala.toSeq
+          tFetchResultsResp4.getResults.getColumns.get(0).getI32Val.getValues.asScala
         assertResult(Seq(0L, 1L))(idSeq4)
       }
     }
@@ -771,8 +771,8 @@ class TrinoOperationSuite extends WithTrinoEngine with TrinoQueryTests {
         assert(schema.size === 1)
         assert(schema(0).getName === "_col0")
 
-        assert(resultSet.toIterator.hasNext)
-        version = resultSet.toIterator.next().head.toString
+        assert(resultSet.hasNext)
+        version = resultSet.next().head.toString
       }
       version
     }
diff --git a/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala b/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
index 4a175a28b..7575bf8a9 100644
--- a/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
+++ b/integration-tests/kyuubi-trino-it/src/test/scala/org/apache/kyuubi/it/trino/server/TrinoFrontendSuite.scala
@@ -73,7 +73,7 @@ class TrinoFrontendSuite extends WithKyuubiServer with SparkMetadataTests {
         statement.execute("SELECT 1")
       }
     } catch {
-      case NonFatal(e) =>
+      case NonFatal(_) =>
     }
   }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
index 8d7501552..5f31fade3 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
@@ -151,7 +151,7 @@ private[kyuubi] case class ConfigBuilder(key: String) {
       }
     }
 
-    new TypedConfigBuilder(this, regexFromString(_, this.key), _.toString)
+    TypedConfigBuilder(this, regexFromString(_, this.key), _.toString)
   }
 }
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
index e541c37c0..7532beccb 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
@@ -609,7 +609,7 @@ abstract class TFrontendService(name: String)
         info(s"Session [$handle] disconnected without closing properly, close it now")
         try {
           val needToClose = be.sessionManager.getSession(handle).conf
-            .get(SESSION_CLOSE_ON_DISCONNECT.key).getOrElse("true").toBoolean
+            .getOrElse(SESSION_CLOSE_ON_DISCONNECT.key, "true").toBoolean
           if (needToClose) {
             be.closeSession(handle)
           } else {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
index f91447f98..7e6c50199 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
@@ -209,11 +209,11 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
         key
       }
 
-    if (_confRestrictMatchList.exists(normalizedKey.startsWith(_)) ||
+    if (_confRestrictMatchList.exists(normalizedKey.startsWith) ||
       _confRestrictList.contains(normalizedKey)) {
       throw KyuubiSQLException(s"$normalizedKey is a restrict key according to the server-side" +
         s" configuration, please remove it and retry if you want to proceed")
-    } else if (_confIgnoreMatchList.exists(normalizedKey.startsWith(_)) ||
+    } else if (_confIgnoreMatchList.exists(normalizedKey.startsWith) ||
       _confIgnoreList.contains(normalizedKey)) {
       warn(s"$normalizedKey is a ignored key according to the server-side configuration")
       None
@@ -228,7 +228,7 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
 
   // validate whether if a batch key should be ignored
   def validateBatchKey(key: String, value: String): Option[(String, String)] = {
-    if (_batchConfIgnoreMatchList.exists(key.startsWith(_)) || _batchConfIgnoreList.contains(key)) {
+    if (_batchConfIgnoreMatchList.exists(key.startsWith) || _batchConfIgnoreList.contains(key)) {
       warn(s"$key is a ignored batch key according to the server-side configuration")
       None
     } else {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/HiveEngineTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/HiveEngineTests.scala
index 9eb4a2440..028f755f6 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/HiveEngineTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/HiveEngineTests.scala
@@ -140,7 +140,7 @@ trait HiveEngineTests extends HiveJDBCTestHelper {
       try {
         val meta = statement.getConnection.getMetaData
         var resultSet = meta.getColumns(null, null, null, null)
-        var resultSetBuffer = ArrayBuffer[(String, String, String, String, String)]()
+        val resultSetBuffer = ArrayBuffer[(String, String, String, String, String)]()
         while (resultSet.next()) {
           resultSetBuffer += Tuple5(
             resultSet.getString(TABLE_CAT),
@@ -434,8 +434,8 @@ trait HiveEngineTests extends HiveJDBCTestHelper {
       val res = statement.getConnection.getMetaData.getClientInfoProperties
       assert(res.next())
       assert(res.getString(1) === "ApplicationName")
-      assert(res.getInt("MAX_LEN") === 1000);
-      assert(!res.next());
+      assert(res.getInt("MAX_LEN") === 1000)
+      assert(!res.next())
 
       val connection = statement.getConnection
       connection.setClientInfo("ApplicationName", "test kyuubi hive jdbc")
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLServerSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLServerSuite.scala
index 78fe3ef7a..a7f4b9535 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLServerSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLServerSuite.scala
@@ -79,9 +79,7 @@ class PlainSASLServerSuite extends KyuubiFunSuite {
       "NONE",
       "KYUUBI",
       map,
-      new CallbackHandler {
-        override def handle(callbacks: Array[Callback]): Unit = {}
-      })
+      _ => {})
     val e6 = intercept[SaslException](server2.evaluateResponse(res4.map(_.toByte)))
     assert(e6.getMessage === "Error validating the login")
     assert(e6.getCause.getMessage === "Authentication failed")
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala
index 41d53b568..35b4ccacf 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala
@@ -33,9 +33,9 @@ import org.apache.kyuubi.ctl.opt.{CliConfig, CommandLine, ControlAction, Control
 class ControlCliArguments(args: Seq[String], env: Map[String, String] = sys.env)
   extends ControlCliArgumentsParser with Logging {
 
-  var cliConfig: CliConfig = null
+  var cliConfig: CliConfig = _
 
-  var command: Command[_] = null
+  var command: Command[_] = _
 
   // Set parameters from command line arguments
   parse(args)
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Tabulator.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Tabulator.scala
index 704436289..70fed87f6 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Tabulator.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Tabulator.scala
@@ -23,11 +23,11 @@ import org.apache.commons.lang3.StringUtils
 private[kyuubi] object Tabulator {
   def format(title: String, header: Array[String], rows: Array[Array[String]]): String = {
     val textTable = formatTextTable(header, rows)
-    val footer = s"${rows.size} row(s)\n"
+    val footer = s"${rows.length} row(s)\n"
     if (StringUtils.isBlank(title)) {
       textTable + footer
     } else {
-      val rowWidth = textTable.split("\n").head.size
+      val rowWidth = textTable.split("\n").head.length
       val titleNewLine = "\n" + StringUtils.center(title, rowWidth) + "\n"
       titleNewLine + textTable + footer
     }
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/BatchCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/BatchCliArgumentsSuite.scala
index 7563d985a..bf8f101e0 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/BatchCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/BatchCliArgumentsSuite.scala
@@ -84,7 +84,7 @@ class BatchCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExit {
       "-f",
       batchYamlFile)
     val opArgs = new ControlCliArguments(args)
-    assert(opArgs.cliConfig.batchOpts.waitCompletion == true)
+    assert(opArgs.cliConfig.batchOpts.waitCompletion)
   }
 
   test("submit batch without waitForCompletion") {
@@ -96,7 +96,7 @@ class BatchCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExit {
       "--waitCompletion",
       "false")
     val opArgs = new ControlCliArguments(args)
-    assert(opArgs.cliConfig.batchOpts.waitCompletion == false)
+    assert(!opArgs.cliConfig.batchOpts.waitCompletion)
   }
 
   test("get/delete batch") {
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/TestPrematureExit.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/TestPrematureExit.scala
index 0e4cc1302..5f8107da7 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/TestPrematureExit.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/TestPrematureExit.scala
@@ -34,7 +34,7 @@ trait TestPrematureExit {
 
   /** Simple PrintStream that reads data into a buffer */
   private class BufferPrintStream extends PrintStream(noOpOutputStream) {
-    var lineBuffer = ArrayBuffer[String]()
+    val lineBuffer = ArrayBuffer[String]()
     // scalastyle:off println
     override def println(line: Any): Unit = {
       lineBuffer += line.toString
@@ -52,11 +52,11 @@ trait TestPrematureExit {
 
     @volatile var exitedCleanly = false
     val original = mainObject.exitFn
-    mainObject.exitFn = (_) => exitedCleanly = true
+    mainObject.exitFn = _ => exitedCleanly = true
     try {
       @volatile var exception: Exception = null
       val thread = new Thread {
-        override def run() =
+        override def run(): Unit =
           try {
             mainObject.main(input)
           } catch {
diff --git a/kyuubi-events/src/test/scala/org/apache/kyuubi/events/EventBusSuite.scala b/kyuubi-events/src/test/scala/org/apache/kyuubi/events/EventBusSuite.scala
index 9c75766da..0a8563ee4 100644
--- a/kyuubi-events/src/test/scala/org/apache/kyuubi/events/EventBusSuite.scala
+++ b/kyuubi-events/src/test/scala/org/apache/kyuubi/events/EventBusSuite.scala
@@ -44,29 +44,29 @@ class EventBusSuite extends KyuubiFunSuite {
   }
 
   test("register event handler") {
-    var test0EventRecievedCount = 0
-    var test1EventRecievedCount = 0
-    var test2EventRecievedCount = 0
-    var testEventRecievedCount = 0
+    var test0EventReceivedCount = 0
+    var test1EventReceivedCount = 0
+    var test2EventReceivedCount = 0
+    var testEventReceivedCount = 0
     val liveBus = EventBus()
 
     liveBus.register[Test0KyuubiEvent] { e =>
       assert(e.content == "test0")
       assert(e.eventType == "test0_kyuubi")
-      test0EventRecievedCount += 1
+      test0EventReceivedCount += 1
     }
     liveBus.register[Test1KyuubiEvent] { e =>
       assert(e.content == "test1")
       assert(e.eventType == "test1_kyuubi")
-      test1EventRecievedCount += 1
+      test1EventReceivedCount += 1
     }
     // scribe subclass event
     liveBus.register[TestKyuubiEvent] { e =>
       assert(e.eventType == "test2_kyuubi")
-      test2EventRecievedCount += 1
+      test2EventReceivedCount += 1
     }
-    liveBus.register[KyuubiEvent] { e =>
-      testEventRecievedCount += 1
+    liveBus.register[KyuubiEvent] { _ =>
+      testEventReceivedCount += 1
     }
 
     class Test0Handler extends EventHandler[Test0KyuubiEvent] {
@@ -77,11 +77,9 @@ class EventBusSuite extends KyuubiFunSuite {
 
     liveBus.register[Test0KyuubiEvent](new Test0Handler)
 
-    liveBus.register[Test1KyuubiEvent](new EventHandler[Test1KyuubiEvent] {
-      override def apply(e: Test1KyuubiEvent): Unit = {
-        assert(e.content == "test1")
-      }
-    })
+    liveBus.register[Test1KyuubiEvent] { e =>
+      assert(e.content == "test1")
+    }
 
     (1 to 10) foreach { _ =>
       liveBus.post(Test0KyuubiEvent("test0"))
@@ -92,10 +90,10 @@ class EventBusSuite extends KyuubiFunSuite {
     (1 to 30) foreach { _ =>
       liveBus.post(Test2KyuubiEvent("name2", "test2"))
     }
-    assert(test0EventRecievedCount == 10)
-    assert(test1EventRecievedCount == 20)
-    assert(test2EventRecievedCount == 30)
-    assert(testEventRecievedCount == 60)
+    assert(test0EventReceivedCount == 10)
+    assert(test1EventReceivedCount == 20)
+    assert(test2EventReceivedCount == 30)
+    assert(testEventReceivedCount == 60)
   }
 
   test("register event handler for default bus") {
@@ -120,7 +118,7 @@ class EventBusSuite extends KyuubiFunSuite {
 
   test("async event handler") {
     val countDownLatch = new CountDownLatch(4)
-    val count = new AtomicInteger(0);
+    val count = new AtomicInteger(0)
     class Test0Handler extends EventHandler[Test0KyuubiEvent] {
       override def apply(e: Test0KyuubiEvent): Unit = {
         Thread.sleep(10)
diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala
index 87db340b5..a8523f7f9 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala
@@ -162,7 +162,7 @@ trait DiscoveryClientTests extends KyuubiFunSuite {
 
   test("setData method test") {
     withDiscoveryClient(conf) { discoveryClient =>
-      val data = "abc";
+      val data = "abc"
       val path = "/setData_test"
       discoveryClient.create(path, "PERSISTENT")
       discoveryClient.setData(path, data.getBytes)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index fc271b058..735efa71b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -127,9 +127,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       val usersSet = users.split(",").toSet
       sessions = sessions.filter(session => usersSet.contains(session.user))
     }
-    sessions.map { case session =>
-      ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])
-    }.toSeq
+    sessions.map(session => ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])).toSeq
   }
 
   @ApiResponse(
@@ -259,7 +257,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     val engine = getEngine(userName, engineType, shareLevel, subdomain, "")
     val engineSpace = getEngineSpace(engine)
 
-    var engineNodes = ListBuffer[ServiceNodeInfo]()
+    val engineNodes = ListBuffer[ServiceNodeInfo]()
     Option(subdomain).filter(_.nonEmpty) match {
       case Some(_) =>
         withDiscoveryClient(fe.getConf) { discoveryClient =>
@@ -368,6 +366,6 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
   }
 
   private def isAdministrator(userName: String): Boolean = {
-    administrators.contains(userName);
+    administrators.contains(userName)
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
index fc3150355..8abc23ff1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/ApiRootResource.scala
@@ -86,8 +86,8 @@ private[server] object ApiRootResource {
   def getEngineUIProxyHandler(fe: KyuubiRestFrontendService): ServletContextHandler = {
     val proxyServlet = new EngineUIProxyServlet()
     val holder = new ServletHolder(proxyServlet)
-    val proxyHandler = new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
-    proxyHandler.setContextPath("/engine-ui");
+    val proxyHandler = new ServletContextHandler(ServletContextHandler.NO_SESSIONS)
+    proxyHandler.setContextPath("/engine-ui")
     proxyHandler.addServlet(holder, "/*")
     proxyHandler
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index b55719749..b79ee27e3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -109,7 +109,7 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
           var scale = 0
           if (tPrimitiveTypeEntry.getTypeQualifiers != null) {
             val qualifiers = tPrimitiveTypeEntry.getTypeQualifiers.getQualifiers
-            val defaultValue = TTypeQualifierValue.i32Value(0);
+            val defaultValue = TTypeQualifierValue.i32Value(0)
             precision = qualifiers.getOrDefault("precision", defaultValue).getI32Value
             scale = qualifiers.getOrDefault("scale", defaultValue).getI32Value
           }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index d735b87d8..bc480c027 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -53,9 +53,8 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     description = "get the list of all live sessions")
   @GET
   def sessions(): Seq[SessionData] = {
-    sessionManager.allSessions().map { case session =>
-      ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])
-    }.toSeq
+    sessionManager.allSessions()
+      .map(session => ApiUtils.sessionData(session.asInstanceOf[KyuubiSession])).toSeq
   }
 
   @ApiResponse(
@@ -86,7 +85,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
             .startTime(event.startTime)
             .endTime(event.endTime)
             .totalOperations(event.totalOperations)
-            .exception(event.exception.getOrElse(null))
+            .exception(event.exception.orNull)
             .build).get
     } catch {
       case NonFatal(e) =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index 3c4065a7b..8fe245d6a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -88,7 +88,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
   /**
    * If the request has a valid authentication token it allows the request to continue to the
    * target resource, otherwise it triggers an authentication sequence using the configured
-   * {@link AuthenticationHandler}.
+   * [[AuthenticationHandler]].
    *
    * @param request     the request object.
    * @param response    the response object.
@@ -158,7 +158,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
   }
 
   override def destroy(): Unit = {
-    if (!authSchemeHandlers.isEmpty) {
+    if (authSchemeHandlers.nonEmpty) {
       authSchemeHandlers.values.foreach(_.destroy())
       authSchemeHandlers.clear()
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationHandler.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationHandler.scala
index acbc52f35..bf2cb5bbe 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationHandler.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationHandler.scala
@@ -46,14 +46,14 @@ trait AuthenticationHandler {
   /**
    * Destroys the authentication handler instance.
    * <p>
-   * This method is invoked by the {@link AuthenticationFilter# destroy} method.
+   * This method is invoked by the [[AuthenticationFilter.destroy]] method.
    */
   def destroy(): Unit
 
   /**
    * Performs an authentication step for the given HTTP client request.
    * <p>
-   * This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
+   * This method is invoked by the [[AuthenticationFilter]] only if the HTTP client request is
    * not yet authenticated.
    * <p>
    * Depending upon the authentication mechanism being implemented, a particular HTTP client may
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosAuthenticationHandler.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosAuthenticationHandler.scala
index 19a31feb6..04603f30a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosAuthenticationHandler.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosAuthenticationHandler.scala
@@ -46,7 +46,7 @@ class KerberosAuthenticationHandler extends AuthenticationHandler with Logging {
   override val authScheme: AuthScheme = AuthSchemes.NEGOTIATE
 
   override def authenticationSupported: Boolean = {
-    !keytab.isEmpty && !principal.isEmpty
+    keytab.nonEmpty && principal.nonEmpty
   }
 
   override def init(conf: KyuubiConf): Unit = {
@@ -141,7 +141,7 @@ class KerberosAuthenticationHandler extends AuthenticationHandler with Logging {
         GSSCredential.ACCEPT_ONLY)
       gssContext = gssManager.createContext(gssCreds)
       val serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length)
-      if (serverToken != null && serverToken.length > 0) {
+      if (serverToken != null && serverToken.nonEmpty) {
         val authenticate = Base64.getEncoder.encodeToString(serverToken)
         response.setHeader(WWW_AUTHENTICATE, s"$NEGOTIATE $authenticate")
       }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosUtil.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosUtil.scala
index 8ff079373..a5b95678c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosUtil.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KerberosUtil.scala
@@ -201,7 +201,7 @@ object KerberosUtil {
     val names = ticket.get(0xA2, 0x30, 0xA1, 0x30)
     val sb = new StringBuilder
     while (names.hasNext) {
-      if (sb.length > 0) {
+      if (sb.nonEmpty) {
         sb.append('/')
       }
       sb.append(names.next.getAsString)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
index 16fc0388a..842f0ceec 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/TrinoContext.scala
@@ -333,7 +333,7 @@ object TrinoContext {
 
     if (rowSet.getColumns == null) {
       return rowSet.getRows.asScala
-        .map(t => t.getColVals.asScala.map(v => v.getFieldValue.asInstanceOf[Object]).asJava)
+        .map(t => t.getColVals.asScala.map(v => v.getFieldValue).asJava)
         .asJava
     }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
index 124b84688..c6b5550cc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/v1/StatementResource.scala
@@ -91,7 +91,7 @@ private[v1] class StatementResource extends ApiRequestContext with Logging {
           TrinoContext.buildTrinoResponse(qr, query.context)
         case ExecuteForPreparing(statementId, parameters) =>
           val parametersMap = new util.HashMap[Integer, String]()
-          for (i <- 0 until parameters.size) {
+          for (i <- parameters.indices) {
             parametersMap.put(i + 1, parameters(i))
           }
           trinoContext.preparedStatement.get(statementId).map { originSql =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
index 7316e367b..a4c345af3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSession.scala
@@ -36,9 +36,9 @@ abstract class KyuubiSession(
 
   val sessionType: SessionType
 
-  val connectionUrl = conf.get(KYUUBI_SESSION_CONNECTION_URL_KEY).getOrElse("")
+  val connectionUrl = conf.getOrElse(KYUUBI_SESSION_CONNECTION_URL_KEY, "")
 
-  val realUser = conf.get(KYUUBI_SESSION_REAL_USER_KEY).getOrElse(user)
+  val realUser = conf.getOrElse(KYUUBI_SESSION_REAL_USER_KEY, user)
 
   def getSessionEvent: Option[KyuubiSessionEvent]
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/command/RunnableCommand.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/command/RunnableCommand.scala
index 54ca9f689..deda7d006 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/command/RunnableCommand.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/sql/plan/command/RunnableCommand.scala
@@ -46,7 +46,7 @@ trait RunnableCommand extends KyuubiTreeNode {
     }
     val taken = iter.take(rowSetSize)
     val resultRowSet = RowSetHelper.toTRowSet(
-      taken.toList.asInstanceOf[List[Row]],
+      taken.toList,
       resultSchema,
       protocolVersion)
     resultRowSet.setStartRowOffset(iter.getPosition)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
index 0c934b51d..f9780bb16 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
@@ -102,7 +102,7 @@ object KubernetesUtils extends Logging {
   implicit private class OptionConfigurableConfigBuilder(val configBuilder: ConfigBuilder)
     extends AnyVal {
 
-    def withOption[T](option: Option[T])(configurator: ((T, ConfigBuilder) => ConfigBuilder))
+    def withOption[T](option: Option[T])(configurator: (T, ConfigBuilder) => ConfigBuilder)
         : ConfigBuilder = {
       option.map { opt =>
         configurator(opt, configBuilder)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/Validator.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/Validator.scala
index 00eca3604..7bada5ebe 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/Validator.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/Validator.scala
@@ -38,7 +38,7 @@ object Validator {
 
   private val dns1123LabelFmt = "[a-z0-9]([-a-z0-9]*[a-z0-9])?"
 
-  private val podConfValidator = (s"^$dns1123LabelFmt(\\.$dns1123LabelFmt)*$$").r.pattern
+  private val podConfValidator = s"^$dns1123LabelFmt(\\.$dns1123LabelFmt)*$$".r.pattern
 
   val KUBERNETES_DNS_SUBDOMAIN_NAME_MAX_LENGTH = 253
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
index 8b050684a..08b36b84a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/EngineRefTests.scala
@@ -220,7 +220,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "engine_test")
     conf.set(HighAvailabilityConf.HA_ADDRESSES, getConnectString())
     conf.set(ENGINE_POOL_SELECT_POLICY, "POLLING")
-    (0 until (10)).foreach { i =>
+    (0 until 10).foreach { i =>
       val engine7 = new EngineRef(conf, user, PluginLoader.loadGroupProvider(conf), id, null)
       val engineNumber = Integer.parseInt(engine7.subdomain.substring(pool_name.length + 1))
       assert(engineNumber == (i % conf.get(ENGINE_POOL_SIZE)))
@@ -285,7 +285,7 @@ trait EngineRefTests extends KyuubiFunSuite {
     val times = new Array[Long](3)
     val executor = Executors.newFixedThreadPool(3)
     try {
-      (0 until (3)).foreach { i =>
+      (0 until 3).foreach { i =>
         val cloned = conf.clone
         executor.execute(() => {
           DiscoveryClientProvider.withDiscoveryClient(cloned) { client =>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
index 6af7e21e2..40f7b2f5e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.engine.spark.operation
+package org.apache.kyuubi.engine.spark
 
 import java.io.PrintWriter
 import java.nio.file.Files
@@ -158,12 +158,12 @@ class PySparkTests extends WithKyuubiServer with HiveJDBCTestHelper {
     }
   }
 
-  private def withTempPyFile(code: String)(op: (String) => Unit): Unit = {
+  private def withTempPyFile(code: String)(op: String => Unit): Unit = {
     val tempPyFile = Files.createTempFile("", ".py").toFile
     try {
       new PrintWriter(tempPyFile) {
         write(code)
-        close
+        close()
       }
       op(tempPyFile.getPath)
     } finally {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
index 7b204dafb..e70acf8ad 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
@@ -165,17 +165,15 @@ class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
 
         val config = KyuubiConf().set(KyuubiConf.ENGINE_LOG_TIMEOUT, 20000L)
         (1 to 10).foreach { _ =>
-          pool.execute(new Runnable {
-            override def run(): Unit = {
-              val pb = new FakeSparkProcessBuilder(config) {
-                override val workingDir: Path = fakeWorkDir
-              }
-              try {
-                val p = pb.start
-                p.waitFor()
-              } finally {
-                pb.close()
-              }
+          pool.execute(() => {
+            val pb = new FakeSparkProcessBuilder(config) {
+              override val workingDir: Path = fakeWorkDir
+            }
+            try {
+              val p = pb.start
+              p.waitFor()
+            } finally {
+              pb.close()
             }
           })
         }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpPerUserSuite.scala
index d30dd94a3..b475e75de 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpPerUserSuite.scala
@@ -34,5 +34,5 @@ class KyuubiOperationThriftHttpPerUserSuite extends KyuubiOperationPerUserSuite
     s"jdbc:hive2://${server.frontendServices.head.connectionUrl}/;transportMode=http;" +
       s"httpPath=cliservice;"
 
-  override protected lazy val httpMode = true;
+  override protected lazy val httpMode = true
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index f7a086de4..da9b8ae44 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -289,7 +289,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(200 == response.getStatus)
       assert(client.pathExists(engineSpace))
       eventually(timeout(5.seconds), interval(100.milliseconds)) {
-        assert(client.getChildren(engineSpace).size == 0, s"refId same with $id?")
+        assert(client.getChildren(engineSpace).isEmpty, s"refId same with $id?")
       }
 
       // kill the engine application
@@ -335,7 +335,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(200 == response.getStatus)
       assert(client.pathExists(engineSpace))
       eventually(timeout(5.seconds), interval(100.milliseconds)) {
-        assert(client.getChildren(engineSpace).size == 0, s"refId same with $id?")
+        assert(client.getChildren(engineSpace).isEmpty, s"refId same with $id?")
       }
 
       // kill the engine application
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 62a7fec13..8e0a80c4d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -376,7 +376,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     assert(response6.getStatus == 200)
     val getBatchListResponse6 = response6.readEntity(classOf[GetBatchesResponse])
     assert(getBatchListResponse6.getTotal == 1)
-    sessionManager.allSessions().map(_.close())
+    sessionManager.allSessions().foreach(_.close())
 
     val queryCreateTime = System.currentTimeMillis()
     val response7 = webTarget.path("api/v1/batches")
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilterSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilterSuite.scala
index 9a79d7922..de4b056ff 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilterSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilterSuite.scala
@@ -25,7 +25,7 @@ class AuthenticationFilterSuite extends KyuubiFunSuite {
   test("add auth handler and destroy") {
     val filter = new AuthenticationFilter(KyuubiConf())
     filter.addAuthHandler(new BasicAuthenticationHandler(null))
-    assert(filter.authSchemeHandlers.size == 0)
+    assert(filter.authSchemeHandlers.isEmpty)
     filter.addAuthHandler(new BasicAuthenticationHandler(AuthTypes.LDAP))
     assert(filter.authSchemeHandlers.size == 1)
     filter.addAuthHandler(new BasicAuthenticationHandler(AuthTypes.LDAP))
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
index 91cd33e58..8479a2a3a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
@@ -88,7 +88,7 @@ class AdminRestApiSuite extends RestClientTestHelper {
     assert(result == s"Engine ${engineSpace} is deleted successfully.")
 
     engines = adminRestApi.listEngines("spark_sql", "user", "default", "").asScala
-    assert(engines.size == 0)
+    assert(engines.isEmpty)
   }
 
   test("list/close session") {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
index a1f0fc5ee..a1dfd2432 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/SessionRestApiSuite.scala
@@ -28,7 +28,6 @@ import org.scalatest.concurrent.PatienceConfiguration.Timeout
 
 import org.apache.kyuubi.RestClientTestHelper
 import org.apache.kyuubi.client.{KyuubiRestClient, SessionRestApi}
-import org.apache.kyuubi.client.api.v1.dto
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.client.exception.KyuubiRestException
 import org.apache.kyuubi.config.KyuubiConf
@@ -73,7 +72,7 @@ class SessionRestApiSuite extends RestClientTestHelper {
 
       // get session event
       val kyuubiEvent = sessionRestApi.getSessionEvent(
-        sessionHandle.getIdentifier.toString).asInstanceOf[dto.KyuubiSessionEvent]
+        sessionHandle.getIdentifier.toString)
       assert(kyuubiEvent.getConf.get("testConfig").equals("testValue"))
       assert(kyuubiEvent.getSessionType.equals(SessionType.INTERACTIVE.toString))
     }
@@ -169,7 +168,7 @@ class SessionRestApiSuite extends RestClientTestHelper {
   test("fix kyuubi session leak caused by engine stop") {
     withSessionRestApi { sessionRestApi =>
       // close all sessions
-      var sessions = sessionRestApi.listSessions().asScala
+      val sessions = sessionRestApi.listSessions().asScala
       sessions.foreach(session => sessionRestApi.closeSession(session.getIdentifier))
 
       // open new session
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
index 44602759c..1ace58612 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/v1/StatementResourceSuite.scala
@@ -51,9 +51,9 @@ class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHe
 
     val trinoResponseIter = Iterator.iterate(TrinoResponse(response = Option(response)))(getData)
     val isErr = trinoResponseIter.takeWhile(_.isEnd == false).exists { t =>
-      t.queryError != None && t.response == None
+      t.queryError.isDefined && t.response.isEmpty
     }
-    assert(isErr == true)
+    assert(isErr)
   }
 
   test("statement submit and get result") {
@@ -61,10 +61,7 @@ class StatementResourceSuite extends KyuubiFunSuite with TrinoRestFrontendTestHe
       .request().post(Entity.entity("select 1", MediaType.TEXT_PLAIN_TYPE))
 
     val trinoResponseIter = Iterator.iterate(TrinoResponse(response = Option(response)))(getData)
-    val dataSet = trinoResponseIter
-      .takeWhile(_.isEnd == false)
-      .map(_.data)
-      .flatten.toList
+    val dataSet = trinoResponseIter.takeWhile(_.isEnd == false).flatMap(_.data).toList
     assert(dataSet == List(List(1)))
   }
 

From 2a9ba09a4dfa130d75d96afb75829fa7bb2b5753 Mon Sep 17 00:00:00 2001
From: mans2singh <mans2singh@yahoo.com>
Date: Sun, 18 Jun 2023 13:21:50 +0800
Subject: [PATCH 454/760] [KYUUBI #4975] Fixed run test link in PR template

### _Why are the changes needed?_
The run test link in the template is broken.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4976 from mans2singh/ISSUE-4975.

Closes #4975

593172786 [Cheng Pan] Update .github/PULL_REQUEST_TEMPLATE
83103e26f [Cheng Pan] Update .github/PULL_REQUEST_TEMPLATE
ddec082d4 [mans2singh] ISSUE-4975 - Reverted unrelated change
37342792d [mans2singh] ISSUE-4975 - Fixed run tests link

Lead-authored-by: mans2singh <mans2singh@yahoo.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/PULL_REQUEST_TEMPLATE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/PULL_REQUEST_TEMPLATE b/.github/PULL_REQUEST_TEMPLATE
index bdb71f30f..d3e0600de 100644
--- a/.github/PULL_REQUEST_TEMPLATE
+++ b/.github/PULL_REQUEST_TEMPLATE
@@ -20,4 +20,4 @@ Please clarify why the changes are needed. For instance,
 
 - [ ] Add screenshots for manual tests if appropriate
 
-- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
+- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

From f22c73f9dbf3fad3693e7339d1c890f61dfbbb9b Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 18 Jun 2023 14:17:15 +0800
Subject: [PATCH 455/760] [KYUUBI #4937] [FOLLOWUP] Remove redundant
 quoteIfNeeded method

### _Why are the changes needed?_

- Remove redundant quoteIfNeeded method

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4973 from bowenliang123/redundant-quoteifneeded.

Closes #4937

acec0fb09 [liangbowen] Remove redundant quoteIfNeeded method

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/sql/kyuubi/SparkDatasetHelper.scala      | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
index 170f108b2..c0f9d61c2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/sql/kyuubi/SparkDatasetHelper.scala
@@ -26,7 +26,6 @@ import org.apache.spark.rdd.RDD
 import org.apache.spark.sql.{DataFrame, Dataset, Row, SparkSession}
 import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.execution.{CollectLimitExec, LocalTableScanExec, SparkPlan, SQLExecution}
-import org.apache.spark.sql.execution.{CollectLimitExec, SparkPlan, SQLExecution}
 import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanExec
 import org.apache.spark.sql.execution.arrow.KyuubiArrowConverters
 import org.apache.spark.sql.execution.metric.{SQLMetric, SQLMetrics}
@@ -35,6 +34,7 @@ import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil
 import org.apache.kyuubi.engine.spark.schema.RowSet
+import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils.quoteIfNeeded
 import org.apache.kyuubi.util.reflect.DynMethods
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
@@ -133,18 +133,6 @@ object SparkDatasetHelper extends Logging {
     df.select(cols: _*)
   }
 
-  /**
-   * Fork from Apache Spark-3.3.1 org.apache.spark.sql.catalyst.util.quoteIfNeeded to adapt to
-   * Spark-3.1.x
-   */
-  private def quoteIfNeeded(part: String): String = {
-    if (part.matches("[a-zA-Z0-9_]+") && !part.matches("\\d+")) {
-      part
-    } else {
-      s"`${part.replace("`", "``")}`"
-    }
-  }
-
   private lazy val maxBatchSize: Long = {
     // respect spark connect config
     KyuubiSparkUtil.globalSparkContext

From c5238535f6c8d70ac97efc4c1d5dee93765fef92 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 18 Jun 2023 14:18:16 +0800
Subject: [PATCH 456/760] [KYUUBI #4974] [MINOR] Eliminate rawtypes compilation
 warning in KyuubiBeeLine

### _Why are the changes needed?_

- Eliminate rawtypes compilation warning in `KyuubiBeeLine.java` by adding `SuppressWarnings` annotation of rule `rawtypes` to BeelineParser implementation
```
Warning:  [Warn] /home/runner/work/kyuubi/kyuubi/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java:148:53:  [rawtypes] found raw type: ListIterator
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4974 from bowenliang123/beeline-rawtypes.

Closes #4974

994a2d3e0 [liangbowen] Fix rawtypes compilation warning in KyuubiBeeLine

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 14e7de947..50a0c133a 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -145,6 +145,7 @@ int initArgs(String[] args) {
 
       beelineParser =
           new BeelineParser() {
+            @SuppressWarnings("rawtypes")
             @Override
             protected void processOption(String arg, ListIterator iter) throws ParseException {
               if (PYTHON_MODE_PREFIX.equals(arg)) {

From 688b0f23bc7028afa1e656a09e63b7af1e9dd1c3 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 19 Jun 2023 11:54:41 +0800
Subject: [PATCH 457/760] [KYUUBI #4978] Fix flaky test: close expired
 operations

### _Why are the changes needed?_

https://github.com/apache/kyuubi/actions/runs/5302176227/jobs/9596926968
```
- close expired operations *** FAILED ***
  The code passed to eventually never returned normally. Attempted 70 times over 1.00037702345 minutes. Last failure message: 1687069174227 was not greater than 1687069174227. (TFrontendServiceSuite.scala:540)
```

Key change is

from
```
assert(session.lastIdleTime > lastAccessTime)
```
to
```
assert(lastAccessTime <= session.lastIdleTime)
```

because there are updated nearly at the same time.

```
  private def release(userAccess: Boolean): Unit = {
    if (userAccess) {
      _lastAccessTime = System.currentTimeMillis
    }
    if (opHandleSet.isEmpty) {
      _lastIdleTime = System.currentTimeMillis
    }
  }
```

This PR also changes some assertion statements from `assert(actual == expected)` to `assert(actual === expected)`, the former is Scala assert syntax, the latter is scalatest method

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4978 from pan3793/test.

Closes #4978

84dd8334d [Cheng Pan] nit
565b9c0b4 [Cheng Pan] Fix flaky test: close expired operations

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../service/TFrontendServiceSuite.scala       | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
index 6d8c5d71d..91bd3a264 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
@@ -124,7 +124,7 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
         val resp = client.OpenSession(req)
         val handle = resp.getSessionHandle
         assert(handle != null)
-        assert(resp.getStatus.getStatusCode == TStatusCode.SUCCESS_STATUS)
+        assert(resp.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
 
         req.setConfiguration(Map("kyuubi.test.should.fail" -> "true").asJava)
         val resp1 = client.OpenSession(req)
@@ -514,41 +514,39 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
 
   test("close expired operations") {
     withSessionHandle { (client, handle) =>
-      val req = new TCancelOperationReq()
-      val req1 = new TGetSchemasReq(handle)
-      val resp1 = client.GetSchemas(req1)
+      val req = new TGetSchemasReq(handle)
+      val resp = client.GetSchemas(req)
 
       val sessionManager = server.backendService.sessionManager
       val session = sessionManager
         .getSession(SessionHandle(handle))
         .asInstanceOf[AbstractSession]
       var lastAccessTime = session.lastAccessTime
-      assert(sessionManager.getOpenSessionCount == 1)
+      assert(sessionManager.getOpenSessionCount === 1)
       assert(session.lastIdleTime > 0)
 
-      resp1.getOperationHandle
-      req.setOperationHandle(resp1.getOperationHandle)
-      val resp2 = client.CancelOperation(req)
-      assert(resp2.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
-      assert(sessionManager.getOpenSessionCount == 1)
-      assert(session.lastIdleTime == 0)
+      val cancelOpReq = new TCancelOperationReq(resp.getOperationHandle)
+      val cancelOpResp = client.CancelOperation(cancelOpReq)
+      assert(cancelOpResp.getStatus.getStatusCode === TStatusCode.SUCCESS_STATUS)
+      assert(sessionManager.getOpenSessionCount === 1)
+      assert(session.lastIdleTime === 0)
       eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {
         assert(lastAccessTime < session.lastAccessTime)
       }
       lastAccessTime = session.lastAccessTime
 
       eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {
-        assert(session.lastIdleTime > lastAccessTime)
+        assert(lastAccessTime <= session.lastIdleTime)
       }
 
       info("operation is terminated")
-      assert(lastAccessTime == session.lastAccessTime)
-      assert(sessionManager.getOpenSessionCount == 1)
+      assert(lastAccessTime === session.lastAccessTime)
+      assert(sessionManager.getOpenSessionCount === 1)
 
       eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {
         assert(session.lastAccessTime > lastAccessTime)
       }
-      assert(sessionManager.getOpenSessionCount == 0)
+      assert(sessionManager.getOpenSessionCount === 0)
     }
   }
 
@@ -564,7 +562,7 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
       Map(
         "session.engine.spark.main.resource" -> "org.apahce.kyuubi.test",
         "session.check.interval" -> "10000"))
-    assert(conf.size == 1)
-    assert(conf("session.check.interval") == "10000")
+    assert(conf.size === 1)
+    assert(conf("session.check.interval") === "10000")
   }
 }

From facbd78383678eb7092bd42be2e744b5fd05ff51 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 19 Jun 2023 16:04:59 +0800
Subject: [PATCH 458/760] [KYUUBI #4979] Fix flaky test: support to interrupt
 the thrift request if remote engine is broken

### _Why are the changes needed?_

https://github.com/apache/kyuubi/actions/runs/5307034060/jobs/9605209396
```
- support to interrupt the thrift request if remote engine is broken *** FAILED ***
  "org.apache.kyuubi.KyuubiSQLException: Error operating ExecuteStatement: Socket for SessionHandle [68f22014-c484-4279-8f79-81bd2e7f0eca] is closed" did not contain "java.net.SocketException", and "org.apache.kyuubi.KyuubiSQLException: Error operating ExecuteStatement: Socket for SessionHandle [68f22014-c484-4279-8f79-81bd2e7f0eca] is closed" did not contain "org.apache.thrift.transport.TTransportException", and "org.apache.kyuubi.KyuubiSQLException: Error operating ExecuteStatement: Socket for SessionHandle [68f22014-c484-4279-8f79-81bd2e7f0eca] is closed" did not contain "connection does not exist" (KyuubiOperationPerConnectionSuite.scala:330)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4979 from pan3793/test-1.

Closes #4979

86807e751 [Cheng Pan] Fix flaky test: support to interrupt the thrift request if remote engine is broken

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../operation/KyuubiOperationPerConnectionSuite.scala | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index f5fdb5b51..9c69817a3 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -327,12 +327,11 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
         val startTime = System.currentTimeMillis()
         val executeStmtResp = client.ExecuteStatement(executeStmtReq)
         assert(executeStmtResp.getStatus.getStatusCode === TStatusCode.ERROR_STATUS)
-        assert(executeStmtResp.getStatus.getErrorMessage.contains(
-          "java.net.SocketException") ||
-          executeStmtResp.getStatus.getErrorMessage.contains(
-            "org.apache.thrift.transport.TTransportException") ||
-          executeStmtResp.getStatus.getErrorMessage.contains(
-            "connection does not exist"))
+        val errorMsg = executeStmtResp.getStatus.getErrorMessage
+        assert(errorMsg.contains("java.net.SocketException") ||
+          errorMsg.contains("org.apache.thrift.transport.TTransportException") ||
+          errorMsg.contains("connection does not exist") ||
+          errorMsg.contains(s"Socket for ${SessionHandle(handle)} is closed"))
         val elapsedTime = System.currentTimeMillis() - startTime
         assert(elapsedTime < 20 * 1000)
         eventually(timeout(3.seconds)) {

From 34bb1d4dbe76e8719590e84482078d94f892f522 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 19 Jun 2023 21:44:16 +0800
Subject: [PATCH 459/760] [KYUUBI #4977] Log error message when REST API
 invocation error occurs

### _Why are the changes needed?_

Currently, there is no error message on Kyuubi server's log when REST API invocation error occurs, and since we are building REST API, all response media types should be JSON.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4977 from pan3793/error-log.

Closes #4977

00c2b0c0f [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/api.scala
5fe00474f [Cheng Pan] trino
f988329f8 [Cheng Pan] nit
74f9ed762 [Cheng Pan] log error message for REST api invocation

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/server/api/api.scala  | 10 ++++++----
 .../scala/org/apache/kyuubi/server/trino/api/api.scala | 10 ++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala
index deadcf9ab..b56131542 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala
@@ -25,6 +25,7 @@ import javax.ws.rs.ext.{ExceptionMapper, Provider}
 
 import org.eclipse.jetty.server.handler.ContextHandler
 
+import org.apache.kyuubi.Logging
 import org.apache.kyuubi.server.KyuubiRestFrontendService
 
 private[api] trait ApiRequestContext {
@@ -39,18 +40,19 @@ private[api] trait ApiRequestContext {
 }
 
 @Provider
-class RestExceptionMapper extends ExceptionMapper[Exception] {
+class RestExceptionMapper extends ExceptionMapper[Exception] with Logging {
   override def toResponse(exception: Exception): Response = {
+    warn("Error occurs on accessing REST API.", exception)
     exception match {
       case e: WebApplicationException =>
         Response.status(e.getResponse.getStatus)
-          .`type`(e.getResponse.getMediaType)
-          .entity(e.getMessage)
+          .`type`(MediaType.APPLICATION_JSON)
+          .entity(Map("message" -> e.getMessage))
           .build()
       case e =>
         Response.status(Response.Status.INTERNAL_SERVER_ERROR)
           .`type`(MediaType.APPLICATION_JSON)
-          .entity(e.getMessage)
+          .entity(Map("message" -> e.getMessage))
           .build()
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/api.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/api.scala
index 76f8a1ca3..50887dabd 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/api.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/api.scala
@@ -25,6 +25,7 @@ import javax.ws.rs.ext.{ExceptionMapper, Provider}
 
 import org.eclipse.jetty.server.handler.ContextHandler
 
+import org.apache.kyuubi.Logging
 import org.apache.kyuubi.server.KyuubiTrinoFrontendService
 
 private[api] trait ApiRequestContext {
@@ -39,18 +40,19 @@ private[api] trait ApiRequestContext {
 }
 
 @Provider
-class RestExceptionMapper extends ExceptionMapper[Exception] {
+class RestExceptionMapper extends ExceptionMapper[Exception] with Logging {
   override def toResponse(exception: Exception): Response = {
+    warn("Error occurs on accessing Trino API.", exception)
     exception match {
       case e: WebApplicationException =>
         Response.status(e.getResponse.getStatus)
-          .`type`(e.getResponse.getMediaType)
-          .entity(e.getMessage)
+          .`type`(MediaType.APPLICATION_JSON)
+          .entity(Map("message" -> e.getMessage))
           .build()
       case e =>
         Response.status(Response.Status.INTERNAL_SERVER_ERROR)
           .`type`(MediaType.APPLICATION_JSON)
-          .entity(e.getMessage)
+          .entity(Map("message" -> e.getMessage))
           .build()
     }
   }

From 13f11c7ab4d99894eafc6dfa9fba7228016632db Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 20 Jun 2023 16:36:27 +0800
Subject: [PATCH 460/760] [KYUUBI #4981] Refactor code of closeBatchSession

### _Why are the changes needed?_

This PR aims to refactor the method `closeBatchSession`, by

- extracting sub-methods `checkPermission` and `forceKill`
- explicitly handling redirection on `metadata.kyuubiInstance != fe.connectionUrl` to make the logic clearer

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4981 from pan3793/cancel.

Closes #4981

0d2e85acc [Cheng Pan] Refactor code of closeBatchSession

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/api/v1/BatchesResource.scala       | 59 ++++++++++---------
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 8271c8b88..cb0c63be0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -40,7 +40,7 @@ import org.apache.kyuubi.client.exception.KyuubiRestException
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
-import org.apache.kyuubi.engine.{ApplicationInfo, KyuubiApplicationManager}
+import org.apache.kyuubi.engine.{ApplicationInfo, KillResponse, KyuubiApplicationManager}
 import org.apache.kyuubi.operation.{BatchJobSubmission, FetchOrientation, OperationState}
 import org.apache.kyuubi.server.api.ApiRequestContext
 import org.apache.kyuubi.server.api.v1.BatchesResource._
@@ -398,29 +398,37 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
   def closeBatchSession(
       @PathParam("batchId") batchId: String,
       @QueryParam("hive.server2.proxy.user") hs2ProxyUser: String): CloseBatchResponse = {
-    val sessionHandle = formatSessionHandle(batchId)
-
-    val userName = fe.getSessionUser(hs2ProxyUser)
 
-    sessionManager.getBatchSession(sessionHandle).map { batchSession =>
-      if (userName != batchSession.user) {
+    def checkPermission(operator: String, owner: String): Unit = {
+      if (operator != owner) {
         throw new WebApplicationException(
-          s"$userName is not allowed to close the session belong to ${batchSession.user}",
+          s"$operator is not allowed to close the session belong to $owner",
           Status.METHOD_NOT_ALLOWED)
       }
+    }
+
+    def forceKill(clusterManager: Option[String], batchId: String): KillResponse = {
+      val (killed, message) = sessionManager.applicationManager
+        .killApplication(clusterManager, batchId)
+      info(s"Mark batch[$batchId] closed by ${fe.connectionUrl}")
+      sessionManager.updateMetadata(Metadata(identifier = batchId, peerInstanceClosed = true))
+      (killed, message)
+    }
+
+    val sessionHandle = formatSessionHandle(batchId)
+    val userName = fe.getSessionUser(hs2ProxyUser)
+
+    sessionManager.getBatchSession(sessionHandle).map { batchSession =>
+      checkPermission(userName, batchSession.user)
       sessionManager.closeSession(batchSession.handle)
-      val (success, msg) = batchSession.batchJobSubmissionOp.getKillMessage
-      new CloseBatchResponse(success, msg)
+      val (killed, msg) = batchSession.batchJobSubmissionOp.getKillMessage
+      new CloseBatchResponse(killed, msg)
     }.getOrElse {
       sessionManager.getBatchMetadata(batchId).map { metadata =>
-        if (userName != metadata.username) {
-          throw new WebApplicationException(
-            s"$userName is not allowed to close the session belong to ${metadata.username}",
-            Status.METHOD_NOT_ALLOWED)
-        } else if (OperationState.isTerminal(OperationState.withName(metadata.state)) ||
-          metadata.kyuubiInstance == fe.connectionUrl) {
+        checkPermission(userName, metadata.username)
+        if (OperationState.isTerminal(OperationState.withName(metadata.state))) {
           new CloseBatchResponse(false, s"The batch[$metadata] has been terminated.")
-        } else {
+        } else if (metadata.kyuubiInstance != fe.connectionUrl) {
           info(s"Redirecting delete batch[$batchId] to ${metadata.kyuubiInstance}")
           val internalRestClient = getInternalRestClient(metadata.kyuubiInstance)
           try {
@@ -428,20 +436,13 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
           } catch {
             case e: KyuubiRestException =>
               error(s"Error redirecting delete batch[$batchId] to ${metadata.kyuubiInstance}", e)
-              val appMgrKillResp = sessionManager.applicationManager.killApplication(
-                metadata.clusterManager,
-                batchId)
-              info(
-                s"Marking batch[$batchId/${metadata.kyuubiInstance}] closed by ${fe.connectionUrl}")
-              sessionManager.updateMetadata(Metadata(
-                identifier = batchId,
-                peerInstanceClosed = true))
-              if (appMgrKillResp._1) {
-                new CloseBatchResponse(appMgrKillResp._1, appMgrKillResp._2)
-              } else {
-                new CloseBatchResponse(false, Utils.stringifyException(e))
-              }
+              val (killed, msg) = forceKill(metadata.clusterManager, batchId)
+              new CloseBatchResponse(killed, if (killed) msg else Utils.stringifyException(e))
           }
+        } else { // should not happen, but handle this for safe
+          warn(s"Something wrong on deleting batch[$batchId], try forcibly killing application")
+          val (killed, msg) = forceKill(metadata.clusterManager, batchId)
+          new CloseBatchResponse(killed, msg)
         }
       }.getOrElse {
         error(s"Invalid batchId: $batchId")

From adfca7408fc8ec24de7f311401f431d32670f26f Mon Sep 17 00:00:00 2001
From: Xieming LI <risyomei@gmail.com>
Date: Tue, 20 Jun 2023 17:50:41 +0800
Subject: [PATCH 461/760] [KYUUBI #4946] Alter the order of
 initLoggerEventHandler

### _Why are the changes needed?_

Please see: https://github.com/apache/kyuubi/issues/4946
Simply put, the kinit service needs to be started before the initLoggerEventHandler, so that it can obtain the DELEGATION TOKEN, which is necessary for accessing the log path on HDFS.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
After this PR, confirmed the LoggerEventHandler can be initiated even kdestroy was executed beforehand.
```
sudo -u kyuubi kdestroy
sudo -u kyuubi /opt/kyuubi/bin/kyuubi start

...

2023-06-19 22:18:36.581 INFO KyuubiTHttpFrontendService: Thread-101 org.eclipse.jetty.server.AbstractConnector: Started ServerConnector50110971{HTTP/1.1, (http/1.1)}{0.0.0.0:10010}
2023-06-19 22:18:36.581 INFO KyuubiTHttpFrontendService: Thread-101 org.eclipse.jetty.server.Server: Started 6081ms
2023-06-19 22:18:36.669 INFO main org.apache.kyuubi.events.handler.ServerJsonLoggingEventHandler: Logging kyuubi events to viewfs://<namespace>/tmp/kyuubi_hive/events/kyuubi_server_info/day=20230619/server-<servername>.json
```

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request
Passed the test with kyuubi-server
```
./build/mvn clean install -pl kyuubi-server
```

Closes #4980 from risyomei/fix/kyuubi-4946.

Closes #4946

d729d2384 [Xieming LI] Alter the order of initLoggerEventHandler

Authored-by: Xieming LI <risyomei@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/server/KyuubiServer.scala    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index 8bcd8d084..491b11e90 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -164,8 +164,6 @@ class KyuubiServer(name: String) extends Serverable(name) {
     }
 
   override def initialize(conf: KyuubiConf): Unit = synchronized {
-    initLoggerEventHandler(conf)
-
     val kinit = new KinitAuxiliaryService()
     addService(kinit)
 
@@ -176,6 +174,8 @@ class KyuubiServer(name: String) extends Serverable(name) {
       addService(new MetricsSystem)
     }
     super.initialize(conf)
+
+    initLoggerEventHandler(conf)
   }
 
   override def start(): Unit = {

From 056c5efbe404a42c0993176dfd95da3e8cf4619e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 21 Jun 2023 00:17:01 +0800
Subject: [PATCH 462/760] [KYUUBI #4986] Always use Files#deleteIfExists

### _Why are the changes needed?_

Always use `Files#deleteIfExists` to replace `Files#delete` to suppress the stacktrace like

```
17:14:47.167 ERROR org.apache.kyuubi.operation.BatchJobSubmission: Failed to remove corresponding log file of operation: /Users/chengpan/Projects/apache-kyuubi/server_operation_logs/9a96f19d-93a9-474c-b170-f957ed82c502/3fe99873-134b-4307-a286-94494ae847f2
java.io.IOException: Failed to remove corresponding log file of operation: /Users/chengpan/Projects/apache-kyuubi/server_operation_logs/9a96f19d-93a9-474c-b170-f957ed82c502/3fe99873-134b-4307-a286-94494ae847f2
	at org.apache.kyuubi.operation.log.OperationLog.trySafely(OperationLog.scala:272) ~[classes/:?]
	at org.apache.kyuubi.operation.log.OperationLog.close(OperationLog.scala:257) ~[classes/:?]
	at org.apache.kyuubi.operation.BatchJobSubmission.$anonfun$close$2(BatchJobSubmission.scala:328) ~[classes/:?]
	at org.apache.kyuubi.operation.BatchJobSubmission.$anonfun$close$2$adapted(BatchJobSubmission.scala:328) ~[classes/:?]
	at scala.Option.foreach(Option.scala:407) ~[scala-library-2.12.17.jar:?]
	at org.apache.kyuubi.operation.BatchJobSubmission.$anonfun$close$1(BatchJobSubmission.scala:328) ~[classes/:?]
	at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[scala-library-2.12.17.jar:?]
	at org.apache.kyuubi.Utils$.withLockRequired(Utils.scala:415) ~[classes/:?]
	at org.apache.kyuubi.operation.AbstractOperation.withLockRequired(AbstractOperation.scala:51) ~[classes/:?]
	at org.apache.kyuubi.operation.BatchJobSubmission.close(BatchJobSubmission.scala:326) ~[classes/:?]
	at org.apache.kyuubi.session.KyuubiBatchSession.close(KyuubiBatchSession.scala:185) ~[classes/:?]
	at org.apache.kyuubi.session.KyuubiSessionManager.openBatchSession(KyuubiSessionManager.scala:181) ~[classes/:?]
	at org.apache.kyuubi.server.KyuubiBatchService.$anonfun$start$1(KyuubiBatchService.scala:96) ~[classes/:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
	at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:264) [?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java) [?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
	at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: java.nio.file.NoSuchFileException: /Users/chengpan/Projects/apache-kyuubi/server_operation_logs/9a96f19d-93a9-474c-b170-f957ed82c502/3fe99873-134b-4307-a286-94494ae847f2
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:92) ~[?:?]
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
	at sun.nio.fs.UnixFileSystemProvider.implDelete(UnixFileSystemProvider.java:249) ~[?:?]
	at sun.nio.fs.AbstractFileSystemProvider.delete(AbstractFileSystemProvider.java:105) ~[?:?]
	at java.nio.file.Files.delete(Files.java:1142) ~[?:?]
	at org.apache.kyuubi.operation.log.OperationLog.$anonfun$close$4(OperationLog.scala:257) ~[classes/:?]
	at org.apache.kyuubi.operation.log.OperationLog.trySafely(OperationLog.scala:263) ~[classes/:?]
	... 18 more
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4986 from pan3793/delete.

Closes #4986

7d49bfec0 [Cheng Pan] Always use Files#deleteIfExists

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala | 2 +-
 .../scala/org/apache/kyuubi/operation/log/OperationLog.scala    | 2 +-
 .../scala/org/apache/kyuubi/engine/spark/PySparkTests.scala     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index d0b30ea44..774dbd8b5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -41,7 +41,7 @@ trait SparkSessionProvider {
   protected lazy val spark: SparkSession = {
     val metastore = {
       val path = Utils.createTempDir(prefix = "hms")
-      Files.delete(path)
+      Files.deleteIfExists(path)
       path
     }
     val ret = SparkSession.builder()
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
index a68b7441a..7ee803cb3 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
@@ -254,7 +254,7 @@ class OperationLog(path: Path) {
     }
 
     trySafely {
-      Files.delete(path)
+      Files.deleteIfExists(path)
     }
   }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
index 40f7b2f5e..16a7f728e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/PySparkTests.scala
@@ -167,7 +167,7 @@ class PySparkTests extends WithKyuubiServer with HiveJDBCTestHelper {
       }
       op(tempPyFile.getPath)
     } finally {
-      Files.delete(tempPyFile.toPath)
+      Files.deleteIfExists(tempPyFile.toPath)
     }
   }
 }

From 9dc33d8734a0836bf25bb44b66e4aabd6b8d4c29 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 25 Jun 2023 10:25:51 +0800
Subject: [PATCH 463/760] [KYUUBI #4990] Bump Spark 3.4.1

### _Why are the changes needed?_

https://spark.apache.org/releases/spark-release-3-4-1.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4990 from pan3793/spark-3.4.1.

Closes #4990

68203b2c0 [Cheng Pan] Bump Spark 3.4.1

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7eaa09b59..87da3a610 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2177,7 +2177,7 @@
             </modules>
             <properties>
                 <delta.version>2.4.0</delta.version>
-                <spark.version>3.4.0</spark.version>
+                <spark.version>3.4.1</spark.version>
                 <spark.binary.version>3.4</spark.binary.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
             </properties>

From c2e861bbfbcc1367a92bc02676edb995c5a77917 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 25 Jun 2023 10:41:28 +0800
Subject: [PATCH 464/760] [KYUUBI #4978][FOLLOWUP] Fix flaky test: close
 expired operations

### _Why are the changes needed?_

The assertions are fragile because the session only has 5s as the idle timeout.
```
assert(lastAccessTime === session.lastAccessTime)
assert(sessionManager.getOpenSessionCount === 1)
```

https://github.com/apache/kyuubi/actions/runs/5312620487/jobs/9617377736?pr=4980

```
- close expired operations *** FAILED ***
  0 did not equal 1 (TFrontendServiceSuite.scala:544)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4987 from pan3793/flaytest.

Closes #4978

3feacafe1 [Cheng Pan] nit
317f04576 [Cheng Pan] [KYUUBI #4978][FOLLOWUP] Fix flaky test: close expired operations

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/service/TFrontendServiceSuite.scala     | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
index 91bd3a264..914388b99 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
@@ -538,14 +538,12 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
       eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {
         assert(lastAccessTime <= session.lastIdleTime)
       }
-
       info("operation is terminated")
-      assert(lastAccessTime === session.lastAccessTime)
-      assert(sessionManager.getOpenSessionCount === 1)
 
       eventually(timeout(Span(60, Seconds)), interval(Span(1, Seconds))) {
         assert(session.lastAccessTime > lastAccessTime)
       }
+      info("session is terminated")
       assert(sessionManager.getOpenSessionCount === 0)
     }
   }

From a622c0a8e88b7f39400b66f153ac8176c37a16f7 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 25 Jun 2023 10:42:41 +0800
Subject: [PATCH 465/760] [KYUUBI #4985] [TEST] Fix loglevel restore behavior
 of `KyuubiFunSuite#withLogAppender`

### _Why are the changes needed?_

This method is forked from Apache Spark, and recently, [SPARK-44074](https://github.com/apache/spark/issues/41663) identified and fixed the issue about loglevel restore behavior.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4985 from pan3793/test-log.

Closes #4985

4c05bc522 [Cheng Pan] Fix loglevel restore behavior of `KyuubiFunSuite#withLogAppender`

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala
index 96a612aab..2789d7f89 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala
@@ -102,6 +102,7 @@ trait KyuubiFunSuite extends AnyFunSuite
           logger.asInstanceOf[Logger].setLevel(restoreLevels(i))
           logger.asInstanceOf[Logger].get().setLevel(restoreLevels(i))
         }
+        LogManager.getContext(false).asInstanceOf[LoggerContext].updateLoggers()
       }
     }
   }

From 66b5d65df6a0cb0ec34e9942199f71b43e0f5fde Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Sun, 25 Jun 2023 14:15:49 +0800
Subject: [PATCH 466/760] [KYUUBI #4982][UI] Add query string to forward
 requests to Engine UI

### _Why are the changes needed?_

close #4982

The `targetURL` should include the query string so that kyuubi server can forward request to right page, eg:

```
/engine-ui/spark-43efae88d766226a-driver-svc.kyuubi-dlssjc-canned.svc:4045/jobs/job/?id=4
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4983 from zhaohehuhu/Improvement-4982.

Closes #4982

9140a8a82 [Cheng Pan] simple
3140bd9be [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
421152268 [hezhao2] refactor the logic of append
892c5511e [hezhao2] add queryString as job suffix
53f1ce4b6 [hezhao2] [Improvement] [UI] Add query string to forward requests to Engine UI

Lead-authored-by: hezhao2 <hezhao2@cisco.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/server/api/EngineUIProxyServlet.scala  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
index 65fc04f58..021a2ad85 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/EngineUIProxyServlet.scala
@@ -20,6 +20,7 @@ package org.apache.kyuubi.server.api
 import java.net.URL
 import javax.servlet.http.HttpServletRequest
 
+import org.apache.commons.lang3.StringUtils
 import org.eclipse.jetty.client.api.Request
 import org.eclipse.jetty.proxy.ProxyServlet
 
@@ -39,7 +40,9 @@ private[api] class EngineUIProxyServlet extends ProxyServlet with Logging {
         case "" | "/" => "/jobs/"
         case path => path
       }
-      targetURL = new URL("http", host, port, targetURI).toString
+      val targetQueryString =
+        Option(request.getQueryString).filter(StringUtils.isNotEmpty).map(q => s"?$q").getOrElse("")
+      targetURL = new URL("http", host, port, targetURI + targetQueryString).toString
     }
     debug(s"rewrite $requestURL => $targetURL")
     targetURL

From c8905bfb8991ace32943768a4a605dd84e02e765 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 26 Jun 2023 13:28:02 +0800
Subject: [PATCH 467/760] [KYUUBI #4992] Bump Netty 4.1.93.Final

### _Why are the changes needed?_

Upgrade Netty to the latest Arrow-compatible version: 4.1.93.Final

Currently, we can not upgrade to 4.1.94.Final or above because of https://github.com/netty/netty/pull/13408

```
java.lang.NoSuchMethodError: 'io.netty.buffer.PoolThreadCache io.netty.buffer.PooledByteBufAllocatorL$InnerAllocator.threadCache()'
	at io.netty.buffer.PooledByteBufAllocatorL$InnerAllocator.newDirectBufferL(PooledByteBufAllocatorL.java:164)
	at io.netty.buffer.PooledByteBufAllocatorL$InnerAllocator.directBuffer(PooledByteBufAllocatorL.java:214)
	at io.netty.buffer.PooledByteBufAllocatorL.allocate(PooledByteBufAllocatorL.java:58)
	at org.apache.arrow.memory.NettyAllocationManager.<init>(NettyAllocationManager.java:77)
	at org.apache.arrow.memory.NettyAllocationManager.<init>(NettyAllocationManager.java:84)
	at org.apache.arrow.memory.NettyAllocationManager$1.create(NettyAllocationManager.java:34)
	at org.apache.arrow.memory.BaseAllocator.newAllocationManager(BaseAllocator.java:354)
	at org.apache.arrow.memory.BaseAllocator.newAllocationManager(BaseAllocator.java:349)
	at org.apache.arrow.memory.BaseAllocator.bufferWithoutReservation(BaseAllocator.java:337)
	at org.apache.arrow.memory.BaseAllocator.buffer(BaseAllocator.java:315)
	at org.apache.arrow.memory.BaseAllocator.buffer(BaseAllocator.java:279)
	at org.apache.arrow.vector.BaseVariableWidthVector.allocateBytes(BaseVariableWidthVector.java:462)
	at org.apache.arrow.vector.BaseVariableWidthVector.allocateNew(BaseVariableWidthVector.java:420)
	at org.apache.arrow.vector.BaseVariableWidthVector.allocateNew(BaseVariableWidthVector.java:380)
	at org.apache.spark.sql.execution.arrow.ArrowWriter$.$anonfun$create$1(ArrowWriter.scala:42)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4992 from pan3793/netty.

Closes #4992

9dd8f9ad0 [Cheng Pan] nit
e6953144e [Cheng Pan] Bump Netty 4.1.93.Final

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 34 +++++++++++++++++-----------------
 pom.xml            |  6 +++++-
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 3ac2760f5..7a4e7591d 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -144,23 +144,23 @@ metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
 metrics-json/4.2.8//metrics-json-4.2.8.jar
 metrics-jvm/4.2.8//metrics-jvm-4.2.8.jar
 mimepull/1.9.15//mimepull-1.9.15.jar
-netty-all/4.1.89.Final//netty-all-4.1.89.Final.jar
-netty-buffer/4.1.89.Final//netty-buffer-4.1.89.Final.jar
-netty-codec-dns/4.1.89.Final//netty-codec-dns-4.1.89.Final.jar
-netty-codec-http/4.1.89.Final//netty-codec-http-4.1.89.Final.jar
-netty-codec-http2/4.1.89.Final//netty-codec-http2-4.1.89.Final.jar
-netty-codec-socks/4.1.89.Final//netty-codec-socks-4.1.89.Final.jar
-netty-codec/4.1.89.Final//netty-codec-4.1.89.Final.jar
-netty-common/4.1.89.Final//netty-common-4.1.89.Final.jar
-netty-handler-proxy/4.1.89.Final//netty-handler-proxy-4.1.89.Final.jar
-netty-handler/4.1.89.Final//netty-handler-4.1.89.Final.jar
-netty-resolver-dns/4.1.89.Final//netty-resolver-dns-4.1.89.Final.jar
-netty-resolver/4.1.89.Final//netty-resolver-4.1.89.Final.jar
-netty-transport-classes-epoll/4.1.89.Final//netty-transport-classes-epoll-4.1.89.Final.jar
-netty-transport-native-epoll/4.1.89.Final/linux-aarch_64/netty-transport-native-epoll-4.1.89.Final-linux-aarch_64.jar
-netty-transport-native-epoll/4.1.89.Final/linux-x86_64/netty-transport-native-epoll-4.1.89.Final-linux-x86_64.jar
-netty-transport-native-unix-common/4.1.89.Final//netty-transport-native-unix-common-4.1.89.Final.jar
-netty-transport/4.1.89.Final//netty-transport-4.1.89.Final.jar
+netty-all/4.1.93.Final//netty-all-4.1.93.Final.jar
+netty-buffer/4.1.93.Final//netty-buffer-4.1.93.Final.jar
+netty-codec-dns/4.1.93.Final//netty-codec-dns-4.1.93.Final.jar
+netty-codec-http/4.1.93.Final//netty-codec-http-4.1.93.Final.jar
+netty-codec-http2/4.1.93.Final//netty-codec-http2-4.1.93.Final.jar
+netty-codec-socks/4.1.93.Final//netty-codec-socks-4.1.93.Final.jar
+netty-codec/4.1.93.Final//netty-codec-4.1.93.Final.jar
+netty-common/4.1.93.Final//netty-common-4.1.93.Final.jar
+netty-handler-proxy/4.1.93.Final//netty-handler-proxy-4.1.93.Final.jar
+netty-handler/4.1.93.Final//netty-handler-4.1.93.Final.jar
+netty-resolver-dns/4.1.93.Final//netty-resolver-dns-4.1.93.Final.jar
+netty-resolver/4.1.93.Final//netty-resolver-4.1.93.Final.jar
+netty-transport-classes-epoll/4.1.93.Final//netty-transport-classes-epoll-4.1.93.Final.jar
+netty-transport-native-epoll/4.1.93.Final/linux-aarch_64/netty-transport-native-epoll-4.1.93.Final-linux-aarch_64.jar
+netty-transport-native-epoll/4.1.93.Final/linux-x86_64/netty-transport-native-epoll-4.1.93.Final-linux-x86_64.jar
+netty-transport-native-unix-common/4.1.93.Final//netty-transport-native-unix-common-4.1.93.Final.jar
+netty-transport/4.1.93.Final//netty-transport-4.1.93.Final.jar
 okhttp-urlconnection/3.14.9//okhttp-urlconnection-3.14.9.jar
 okhttp/3.12.12//okhttp-3.12.12.jar
 okio/1.15.0//okio-1.15.0.jar
diff --git a/pom.xml b/pom.xml
index 87da3a610..667f8f9d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -176,7 +176,11 @@
         <log4j.version>2.20.0</log4j.version>
         <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
         <mockito.version>4.11.0</mockito.version>
-        <netty.version>4.1.89.Final</netty.version>
+        <!--
+          Do NOT upgrade Netty 4.1.94.Final or above, because
+          https://github.com/netty/netty/pull/13408 breaks the Arrow
+          -->
+        <netty.version>4.1.93.Final</netty.version>
         <openai.java.version>0.12.0</openai.java.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>

From 75c7a74e52811dc489e9b6a97ab7cbd1c86f6a32 Mon Sep 17 00:00:00 2001
From: Tianlin Liao <tiliao@ebay.com>
Date: Mon, 26 Jun 2023 13:36:25 +0800
Subject: [PATCH 468/760] [KYUUBI #4920] Add OperationRestApi

### _Why are the changes needed?_

close https://github.com/apache/kyuubi/issues/4920

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4921 from lightning-L/kyuubi-4920.

Closes #4920

d395f8a8a [Tianlin Liao] remove KyuubiEvent
3a6730f9b [Tianlin Liao] [KYUUBI #4920] add OperationRestApi

Authored-by: Tianlin Liao <tiliao@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/client/OperationRestApi.java       |  77 ++++
 .../kyuubi/client/api/v1/dto/KyuubiEvent.java |  20 -
 .../api/v1/dto/KyuubiOperationEvent.java      | 343 ++++++++++++++++++
 .../client/api/v1/dto/KyuubiSessionEvent.java |   2 +-
 .../rest/client/OperationRestApiSuite.scala   | 123 +++++++
 5 files changed, 544 insertions(+), 21 deletions(-)
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/OperationRestApi.java
 delete mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiOperationEvent.java
 create mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/OperationRestApiSuite.scala

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/OperationRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/OperationRestApi.java
new file mode 100644
index 000000000..ad659a5d4
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/OperationRestApi.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.kyuubi.client.api.v1.dto.*;
+import org.apache.kyuubi.client.util.JsonUtils;
+
+public class OperationRestApi {
+
+  private KyuubiRestClient client;
+
+  private static final String API_BASE_PATH = "operations";
+
+  private OperationRestApi() {}
+
+  public OperationRestApi(KyuubiRestClient client) {
+    this.client = client;
+  }
+
+  public KyuubiOperationEvent getOperationEvent(String operationHandleStr) {
+    String path = String.format("%s/%s/event", API_BASE_PATH, operationHandleStr);
+    return this.getClient()
+        .get(path, new HashMap<>(), KyuubiOperationEvent.class, client.getAuthHeader());
+  }
+
+  public String applyOperationAction(OpActionRequest request, String operationHandleStr) {
+    String path = String.format("%s/%s", API_BASE_PATH, operationHandleStr);
+    return this.getClient().put(path, JsonUtils.toJson(request), client.getAuthHeader());
+  }
+
+  public ResultSetMetaData getResultSetMetadata(String operationHandleStr) {
+    String path = String.format("%s/%s/resultsetmetadata", API_BASE_PATH, operationHandleStr);
+    return this.getClient()
+        .get(path, new HashMap<>(), ResultSetMetaData.class, client.getAuthHeader());
+  }
+
+  public OperationLog getOperationLog(String operationHandleStr, int maxRows) {
+    String path = String.format("%s/%s/log", API_BASE_PATH, operationHandleStr);
+    Map<String, Object> params = new HashMap<>();
+    params.put("maxrows", maxRows);
+    return this.getClient().get(path, params, OperationLog.class, client.getAuthHeader());
+  }
+
+  public ResultRowSet getNextRowSet(String operationHandleStr) {
+    return getNextRowSet(operationHandleStr, null, null);
+  }
+
+  public ResultRowSet getNextRowSet(
+      String operationHandleStr, String fetchOrientation, Integer maxRows) {
+    String path = String.format("%s/%s/rowset", API_BASE_PATH, operationHandleStr);
+    Map<String, Object> params = new HashMap<>();
+    if (fetchOrientation != null) params.put("fetchorientation", fetchOrientation);
+    if (maxRows != null) params.put("maxrows", maxRows);
+    return this.getClient().get(path, params, ResultRowSet.class, client.getAuthHeader());
+  }
+
+  private IRestClient getClient() {
+    return this.client.getHttpClient();
+  }
+}
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java
deleted file mode 100644
index 8de125089..000000000
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiEvent.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.client.api.v1.dto;
-
-public interface KyuubiEvent {}
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiOperationEvent.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiOperationEvent.java
new file mode 100644
index 000000000..13c40eecf
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiOperationEvent.java
@@ -0,0 +1,343 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+import java.util.Map;
+
+public class KyuubiOperationEvent {
+
+  private String statementId;
+
+  private String remoteId;
+
+  private String statement;
+
+  private boolean shouldRunAsync;
+
+  private String state;
+
+  private long eventTime;
+
+  private long createTime;
+
+  private long startTime;
+
+  private long completeTime;
+
+  private Throwable exception;
+
+  private String sessionId;
+
+  private String sessionUser;
+
+  private String sessionType;
+
+  private String kyuubiInstance;
+
+  private Map<String, String> metrics;
+
+  public KyuubiOperationEvent() {}
+
+  public KyuubiOperationEvent(
+      String statementId,
+      String remoteId,
+      String statement,
+      boolean shouldRunAsync,
+      String state,
+      long eventTime,
+      long createTime,
+      long startTime,
+      long completeTime,
+      Throwable exception,
+      String sessionId,
+      String sessionUser,
+      String sessionType,
+      String kyuubiInstance,
+      Map<String, String> metrics) {
+    this.statementId = statementId;
+    this.remoteId = remoteId;
+    this.statement = statement;
+    this.shouldRunAsync = shouldRunAsync;
+    this.state = state;
+    this.eventTime = eventTime;
+    this.createTime = createTime;
+    this.startTime = startTime;
+    this.completeTime = completeTime;
+    this.exception = exception;
+    this.sessionId = sessionId;
+    this.sessionUser = sessionUser;
+    this.sessionType = sessionType;
+    this.kyuubiInstance = kyuubiInstance;
+    this.metrics = metrics;
+  }
+
+  public static KyuubiOperationEvent.KyuubiOperationEventBuilder builder() {
+    return new KyuubiOperationEvent.KyuubiOperationEventBuilder();
+  }
+
+  public static class KyuubiOperationEventBuilder {
+    private String statementId;
+
+    private String remoteId;
+
+    private String statement;
+
+    private boolean shouldRunAsync;
+
+    private String state;
+
+    private long eventTime;
+
+    private long createTime;
+
+    private long startTime;
+
+    private long completeTime;
+
+    private Throwable exception;
+
+    private String sessionId;
+
+    private String sessionUser;
+
+    private String sessionType;
+
+    private String kyuubiInstance;
+
+    private Map<String, String> metrics;
+
+    public KyuubiOperationEventBuilder() {}
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder statementId(final String statementId) {
+      this.statementId = statementId;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder remoteId(final String remoteId) {
+      this.remoteId = remoteId;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder statement(final String statement) {
+      this.statement = statement;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder shouldRunAsync(
+        final boolean shouldRunAsync) {
+      this.shouldRunAsync = shouldRunAsync;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder state(final String state) {
+      this.state = state;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder eventTime(final long eventTime) {
+      this.eventTime = eventTime;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder createTime(final long createTime) {
+      this.createTime = createTime;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder startTime(final long startTime) {
+      this.startTime = startTime;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder completeTime(final long completeTime) {
+      this.completeTime = completeTime;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder exception(final Throwable exception) {
+      this.exception = exception;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder sessionId(final String sessionId) {
+      this.sessionId = sessionId;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder sessionUser(final String sessionUser) {
+      this.sessionUser = sessionUser;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder sessionType(final String sessionType) {
+      this.sessionType = sessionType;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder kyuubiInstance(
+        final String kyuubiInstance) {
+      this.kyuubiInstance = kyuubiInstance;
+      return this;
+    }
+
+    public KyuubiOperationEvent.KyuubiOperationEventBuilder metrics(
+        final Map<String, String> metrics) {
+      this.metrics = metrics;
+      return this;
+    }
+
+    public KyuubiOperationEvent build() {
+      return new KyuubiOperationEvent(
+          statementId,
+          remoteId,
+          statement,
+          shouldRunAsync,
+          state,
+          eventTime,
+          createTime,
+          startTime,
+          completeTime,
+          exception,
+          sessionId,
+          sessionUser,
+          sessionType,
+          kyuubiInstance,
+          metrics);
+    }
+  }
+
+  public String getStatementId() {
+    return statementId;
+  }
+
+  public void setStatementId(String statementId) {
+    this.statementId = statementId;
+  }
+
+  public String getRemoteId() {
+    return remoteId;
+  }
+
+  public void setRemoteId(String remoteId) {
+    this.remoteId = remoteId;
+  }
+
+  public String getStatement() {
+    return statement;
+  }
+
+  public void setStatement(String statement) {
+    this.statement = statement;
+  }
+
+  public boolean isShouldRunAsync() {
+    return shouldRunAsync;
+  }
+
+  public void setShouldRunAsync(boolean shouldRunAsync) {
+    this.shouldRunAsync = shouldRunAsync;
+  }
+
+  public String getState() {
+    return state;
+  }
+
+  public void setState(String state) {
+    this.state = state;
+  }
+
+  public long getEventTime() {
+    return eventTime;
+  }
+
+  public void setEventTime(long eventTime) {
+    this.eventTime = eventTime;
+  }
+
+  public long getCreateTime() {
+    return createTime;
+  }
+
+  public void setCreateTime(long createTime) {
+    this.createTime = createTime;
+  }
+
+  public long getStartTime() {
+    return startTime;
+  }
+
+  public void setStartTime(long startTime) {
+    this.startTime = startTime;
+  }
+
+  public long getCompleteTime() {
+    return completeTime;
+  }
+
+  public void setCompleteTime(long completeTime) {
+    this.completeTime = completeTime;
+  }
+
+  public Throwable getException() {
+    return exception;
+  }
+
+  public void setException(Throwable exception) {
+    this.exception = exception;
+  }
+
+  public String getSessionId() {
+    return sessionId;
+  }
+
+  public void setSessionId(String sessionId) {
+    this.sessionId = sessionId;
+  }
+
+  public String getSessionUser() {
+    return sessionUser;
+  }
+
+  public void setSessionUser(String sessionUser) {
+    this.sessionUser = sessionUser;
+  }
+
+  public String getSessionType() {
+    return sessionType;
+  }
+
+  public void setSessionType(String sessionType) {
+    this.sessionType = sessionType;
+  }
+
+  public String getKyuubiInstance() {
+    return kyuubiInstance;
+  }
+
+  public void setKyuubiInstance(String kyuubiInstance) {
+    this.kyuubiInstance = kyuubiInstance;
+  }
+
+  public Map<String, String> getMetrics() {
+    return metrics;
+  }
+
+  public void setMetrics(Map<String, String> metrics) {
+    this.metrics = metrics;
+  }
+}
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java
index 4c3cbcfd5..34d306fed 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/KyuubiSessionEvent.java
@@ -19,7 +19,7 @@
 
 import java.util.Map;
 
-public class KyuubiSessionEvent implements KyuubiEvent {
+public class KyuubiSessionEvent {
 
   private String sessionId;
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/OperationRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/OperationRestApiSuite.scala
new file mode 100644
index 000000000..fed685c44
--- /dev/null
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/OperationRestApiSuite.scala
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.rest.client
+
+import scala.collection.JavaConverters._
+
+import org.apache.hive.service.rpc.thrift.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V2
+import org.scalatest.concurrent.PatienceConfiguration.Timeout
+import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
+
+import org.apache.kyuubi.RestClientTestHelper
+import org.apache.kyuubi.client.{KyuubiRestClient, OperationRestApi}
+import org.apache.kyuubi.client.api.v1.dto.OpActionRequest
+import org.apache.kyuubi.client.exception.KyuubiRestException
+import org.apache.kyuubi.operation.OperationState
+
+class OperationRestApiSuite extends RestClientTestHelper {
+
+  test("get an operation event") {
+    val statementHandleStr = getOpHandleStr()
+
+    withOperationRestApi { operationRestApi =>
+      val kyuubiEvent = operationRestApi.getOperationEvent(statementHandleStr)
+      assert("show tables".equals(kyuubiEvent.getStatement))
+      assert(kyuubiEvent.isShouldRunAsync == true)
+    }
+  }
+
+  test("apply operation action") {
+    val statementHandleStr = getOpHandleStr(
+      "SELECT java_method('java.lang.Thread', 'sleep', 10000l)")
+
+    withOperationRestApi { operationRestApi =>
+      // successful request
+      operationRestApi.applyOperationAction(new OpActionRequest("cancel"), statementHandleStr)
+      eventually(Timeout(5.seconds)) {
+        val kyuubiEvent = operationRestApi.getOperationEvent(statementHandleStr)
+        assert(kyuubiEvent.getState === OperationState.CANCELED.name)
+      }
+
+      operationRestApi.applyOperationAction(new OpActionRequest("close"), statementHandleStr)
+      // failed request
+      assertThrows[KyuubiRestException] {
+        operationRestApi.applyOperationAction(new OpActionRequest("close"), statementHandleStr)
+      }
+
+      // invalid operation
+      assertThrows[KyuubiRestException] {
+        operationRestApi.applyOperationAction(new OpActionRequest("fake"), statementHandleStr)
+      }
+    }
+  }
+
+  test("get result set metadata/get operation log/get result row set") {
+    val statementHandleStr = getOpHandleStr("select \"test_value\", 1, 0.32d, true")
+
+    withOperationRestApi { operationRestApi =>
+      // wait for complete
+      eventually(Timeout(5.seconds)) {
+        val kyuubiEvent = operationRestApi.getOperationEvent(statementHandleStr)
+        assert(kyuubiEvent.getState === OperationState.FINISHED.name)
+      }
+
+      val resultSetMetadata = operationRestApi.getResultSetMetadata(statementHandleStr)
+      assert(resultSetMetadata.getColumns.size == 4)
+      assert(resultSetMetadata.getColumns.get(0).getColumnName.equals("test_value"))
+
+      val logRowSet = operationRestApi.getOperationLog(statementHandleStr, 10)
+      assert(logRowSet.getLogRowSet.asScala.exists(
+        _.contains("select \"test_value\", 1, 0.32d, true")))
+      assert(logRowSet.getRowCount === 10)
+
+      val resultRowSet = operationRestApi.getNextRowSet(statementHandleStr)
+      assert("test_value".equals(resultRowSet.getRows.asScala.head.getFields.asScala.head.getValue))
+      assert(resultRowSet.getRowCount == 1)
+    }
+  }
+
+  def withOperationRestApi[T](f: OperationRestApi => T): T = {
+    val basicKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.BASIC)
+        .username(ldapUser)
+        .password(ldapUserPasswd)
+        .socketTimeout(30000)
+        .build()
+    val operationRestApi = new OperationRestApi(basicKyuubiRestClient)
+    f(operationRestApi)
+  }
+
+  def getOpHandleStr(statement: String = "show tables"): String = {
+    val sessionHandle = fe.be.openSession(
+      HIVE_CLI_SERVICE_PROTOCOL_V2,
+      "admin",
+      "123456",
+      "localhost",
+      Map("testConfig" -> "testValue"))
+
+    val op =
+      if (statement.nonEmpty) {
+        fe.be.executeStatement(sessionHandle, statement, Map.empty, runAsync = true, 3000)
+      } else {
+        fe.be.getCatalogs(sessionHandle)
+      }
+
+    op.identifier.toString
+  }
+}

From 80bc028e6dfa3bfbbaa78e1d3c8e9c698b235ba7 Mon Sep 17 00:00:00 2001
From: zhaomin <zhaomin1423@163.com>
Date: Mon, 26 Jun 2023 15:04:39 +0800
Subject: [PATCH 469/760] [KYUUBI #4995] Use hadoop conf and hive conf from
 catalog options

### _Why are the changes needed?_

There are hdfs-site.xml, hive-site, etc in spark job classpath, but we should use hadoop conf and hive conf from catalog options.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4995 from zhaomin1423/fix_hive_connector.

Closes #4995

64429fdcb [Xiao Zhao] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
d921be750 [zhaomin] fix
375934d65 [zhaomin] Using hadoop conf and hive conf from catalog options

Lead-authored-by: zhaomin <zhaomin1423@163.com>
Co-authored-by: Xiao Zhao <zhaomin1423@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/connector/hive/HiveTableCatalog.scala    | 14 +++++++++++++-
 .../spark/connector/hive/read/HiveFileIndex.scala  |  2 +-
 .../spark/connector/hive/write/HiveWrite.scala     |  2 +-
 .../connector/hive/write/HiveWriteHelper.scala     |  5 ++---
 4 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index 1199987b4..44057be0a 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -40,6 +40,7 @@ import org.apache.spark.sql.execution.datasources.DataSource
 import org.apache.spark.sql.hive.HiveUDFExpressionBuilder
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper._
 import org.apache.spark.sql.internal.StaticSQLConf.CATALOG_IMPLEMENTATION
+import org.apache.spark.sql.internal.StaticSQLConf.GLOBAL_TEMP_DATABASE
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
@@ -105,7 +106,7 @@ class HiveTableCatalog(sparkSession: SparkSession)
     catalogOptions = options
     catalog = new HiveSessionCatalog(
       externalCatalogBuilder = () => externalCatalog,
-      globalTempViewManagerBuilder = () => sparkSession.sharedState.globalTempViewManager,
+      globalTempViewManagerBuilder = () => globalTempViewManager,
       metastoreCatalog = new HiveMetastoreCatalog(sparkSession),
       functionRegistry = sessionState.functionRegistry,
       tableFunctionRegistry = sessionState.tableFunctionRegistry,
@@ -115,6 +116,17 @@ class HiveTableCatalog(sparkSession: SparkSession)
       HiveUDFExpressionBuilder)
   }
 
+  private lazy val globalTempViewManager: GlobalTempViewManager = {
+    val globalTempDB = conf.getConf(GLOBAL_TEMP_DATABASE)
+    if (externalCatalog.databaseExists(globalTempDB)) {
+      throw KyuubiHiveConnectorException(
+        s"$globalTempDB is a system preserved database, please rename your existing database to " +
+          s"resolve the name conflict, or set a different value for ${GLOBAL_TEMP_DATABASE.key}, " +
+          "and launch your Spark application again.")
+    }
+    new GlobalTempViewManager(globalTempDB)
+  }
+
   /**
    * A catalog that interacts with external systems.
    */
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
index 82199e6f2..937a9557d 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
@@ -80,7 +80,7 @@ class HiveCatalogFileIndex(
       val partitions = selectedPartitions.map {
         case BindPartition(catalogTablePartition, hivePartition) =>
           val path = new Path(catalogTablePartition.location)
-          val fs = path.getFileSystem(hadoopConf)
+          val fs = path.getFileSystem(hiveCatalog.hadoopConfiguration())
           val partPath = PartitionPath(
             catalogTablePartition.toRow(
               partitionSchema,
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
index 62db1fa0a..2ee338673 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWrite.scala
@@ -76,7 +76,7 @@ case class HiveWrite(
   override def description(): String = "Kyuubi-Hive-Connector"
 
   override def toBatch: BatchWrite = {
-    val tmpLocation = HiveWriteHelper.getExternalTmpPath(sparkSession, hadoopConf, tableLocation)
+    val tmpLocation = HiveWriteHelper.getExternalTmpPath(externalCatalog, hadoopConf, tableLocation)
 
     val fileSinkConf = new FileSinkDesc(tmpLocation.toString, tableDesc, false)
     handleCompression(fileSinkConf, hadoopConf)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWriteHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWriteHelper.scala
index 68ba0bfb2..25bca911f 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWriteHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveWriteHelper.scala
@@ -27,8 +27,8 @@ import org.apache.hadoop.fs.{FileSystem, Path}
 import org.apache.hadoop.hive.common.FileUtils
 import org.apache.hadoop.hive.ql.exec.TaskRunner
 import org.apache.spark.internal.Logging
-import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.catalog.ExternalCatalogUtils
+import org.apache.spark.sql.catalyst.catalog.ExternalCatalogWithListener
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hive, HiveExternalCatalog, HiveVersion}
 
 import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorException
@@ -47,7 +47,7 @@ object HiveWriteHelper extends Logging {
   private val hiveScratchDir = "hive.exec.scratchdir"
 
   def getExternalTmpPath(
-      sparkSession: SparkSession,
+      externalCatalog: ExternalCatalogWithListener,
       hadoopConf: Configuration,
       path: Path): Path = {
 
@@ -70,7 +70,6 @@ object HiveWriteHelper extends Logging {
     assert(hiveVersionsUsingNewExternalTempPath ++ hiveVersionsUsingOldExternalTempPath ==
       allSupportedHiveVersions)
 
-    val externalCatalog = sparkSession.sharedState.externalCatalog
     val hiveVersion = externalCatalog.unwrapped.asInstanceOf[HiveExternalCatalog].client.version
     val stagingDir = hadoopConf.get(hiveStagingDir, ".hive-staging")
     val scratchDir = hadoopConf.get(hiveScratchDir, "/tmp/hive")

From c2e27304feda75aa26b42e8512f5de7483104fae Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 26 Jun 2023 15:52:56 +0800
Subject: [PATCH 470/760] [KYUUBI #4843] Support multiple kubernetes contexts
 and namespaces

### _Why are the changes needed?_

Close #4843
Support  to submit kyuubi engine/batch to multiple kubernetes contexts and namespaces.

In this pr, the user can config the kubernetes conf for specified kubernetes context and namespace likes below.
```
kyuubi.kubernetes.<context>.master.address
kyuubi.kubernetes.<context>.<namespace>.authenticate.oauthTokenFile
```

For example:

```
kyuubi.kubernetes.28.master.address=k8s://master
kyuubi.kubernetes.28.ns1.authenticate.oauthTokenFile=/var/run/secrets/kubernetes.io/token.ns1
kyuubi.kubernetes.28.ns2.authenticate.oauthTokenFile=/var/run/secrets/kubernetes.io/token.ns2
```

for k8s context=28, namespace=ns1, its kubernetes config is:
```
kyuubi.kubernetes.master.address=k8s://master
kyuubi.kubernetes.authenticate.oauthTokenFile=/var/run/secrets/kubernetes.io/token.ns1
```

for k8s context=28, namespace=ns2, its kubernetes config is:
```
kyuubi.kubernetes.master.address=k8s://master
kyuubi.kubernetes.authenticate.oauthTokenFile=/var/run/secrets/kubernetes.io/token.ns2
```

So that, kyuubi server can build kubernetes client for each context and namespace.
### _How was this patch tested?_
Existing kubernetes integration testing.

Closes #4984 from turboFei/k8s_client_yaml.

Closes #4843

f8ffaeeb9 [fwang12] nit
d25774288 [fwang12] comments
5ae7c8433 [fwang12] save into request conf
fd6c363db [fwang12] save
ff004a529 [fwang12] procebuilder method
6b9520bfd [fwang12] save
58850387e [fwang12] save
98df67e5f [fwang12] ut
da811697c [fwang12] fix
aa568aaa4 [fwang12] save
89656f463 [fwang12] check init
a0ef6894b [fwang12] code style
00abb6568 [fwang12] default namespace
295512987 [fwang12] k8s context namespace

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/deployment/settings.md                   |   2 +
 .../spark/SparkOnKubernetesTestsSuite.scala   |  37 +++--
 .../org/apache/kyuubi/config/KyuubiConf.scala |  44 ++++++
 .../kyuubi/config/KyuubiConfSuite.scala       |  21 +++
 .../kyuubi/engine/ApplicationOperation.scala  |  32 ++++-
 .../org/apache/kyuubi/engine/EngineRef.scala  |   8 +-
 .../engine/JpsApplicationOperation.scala      |  14 +-
 .../KubernetesApplicationOperation.scala      | 133 ++++++++++++------
 .../engine/KyuubiApplicationManager.scala     |  14 +-
 .../apache/kyuubi/engine/ProcBuilder.scala    |   1 +
 .../engine/YarnApplicationOperation.scala     |  14 +-
 .../engine/flink/FlinkProcessBuilder.scala    |   6 +-
 .../spark/SparkBatchProcessBuilder.scala      |   8 ++
 .../engine/spark/SparkProcessBuilder.scala    |  47 ++++---
 .../kyuubi/operation/BatchJobSubmission.scala |   4 +-
 .../server/api/v1/BatchesResource.scala       |  12 +-
 .../kyuubi/server/metadata/api/Metadata.scala |  11 +-
 .../kyuubi/session/KyuubiBatchSession.scala   |   8 +-
 .../kyuubi/WithKyuubiServerOnYarn.scala       |  10 +-
 .../engine/JpsApplicationOperationSuite.scala |  24 ++--
 .../KyuubiOperationPerConnectionSuite.scala   |   8 +-
 .../server/api/v1/AdminResourceSuite.scala    |  30 ++--
 .../server/api/v1/BatchesResourceSuite.scala  |   7 +-
 .../server/rest/client/BatchCliSuite.scala    |   3 +-
 24 files changed, 358 insertions(+), 140 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 97ca5973d..ca29592e2 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -307,8 +307,10 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.kubernetes.authenticate.oauthToken           | &lt;undefined&gt; | The OAuth token to use when authenticating against the Kubernetes API server. Note that unlike, the other authentication options, this must be the exact string value of the token to use for the authentication. | string   | 1.7.0 |
 | kyuubi.kubernetes.authenticate.oauthTokenFile       | &lt;undefined&gt; | Path to the file containing the OAuth token to use when authenticating against the Kubernetes API server. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                               | string   | 1.7.0 |
 | kyuubi.kubernetes.context                           | &lt;undefined&gt; | The desired context from your kubernetes config file used to configure the K8s client for interacting with the cluster.                                                                                           | string   | 1.6.0 |
+| kyuubi.kubernetes.context.allow.list                                   || The allowed kubernetes context list, if it is empty, there is no kubernetes context limitation.                                                                                                                   | seq      | 1.8.0 |
 | kyuubi.kubernetes.master.address                    | &lt;undefined&gt; | The internal Kubernetes master (API server) address to be used for kyuubi.                                                                                                                                        | string   | 1.7.0 |
 | kyuubi.kubernetes.namespace                         | default           | The namespace that will be used for running the kyuubi pods and find engines.                                                                                                                                     | string   | 1.7.0 |
+| kyuubi.kubernetes.namespace.allow.list                                 || The allowed kubernetes namespace list, if it is empty, there is no kubernetes namespace limitation.                                                                                                               | seq      | 1.8.0 |
 | kyuubi.kubernetes.terminatedApplicationRetainPeriod | PT5M              | The period for which the Kyuubi server retains application information after the application terminates.                                                                                                          | duration | 1.7.1 |
 | kyuubi.kubernetes.trust.certificates                | false             | If set to true then client can submit to kubernetes cluster only with token                                                                                                                                       | boolean  | 1.7.0 |
 
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 74090bc40..6345a05f1 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -29,7 +29,7 @@ import org.apache.kyuubi._
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_HOST
-import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationOperation, KubernetesApplicationOperation}
+import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationManagerInfo, ApplicationOperation, KubernetesApplicationOperation}
 import org.apache.kyuubi.engine.ApplicationState.{FAILED, NOT_FOUND, RUNNING}
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
 import org.apache.kyuubi.kubernetes.test.MiniKube
@@ -44,6 +44,9 @@ abstract class SparkOnKubernetesSuiteBase
     MiniKube.getKubernetesClient.getMasterUrl.toString
   }
 
+  protected val appMgrInfo =
+    ApplicationManagerInfo(Some(s"k8s://$apiServerAddress"), Some("minikube"), None)
+
   protected def sparkOnK8sConf: KyuubiConf = {
     // TODO Support more Spark version
     // Spark official docker image: https://hub.docker.com/r/apache/spark/tags
@@ -150,20 +153,28 @@ class KyuubiOperationKubernetesClusterClientModeSuite
       batchRequest)
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
-      val state = k8sOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
+      val state = k8sOperation.getApplicationInfoByTag(
+        appMgrInfo,
+        sessionHandle.identifier.toString)
       assert(state.id != null)
       assert(state.name != null)
       assert(state.state == RUNNING)
     }
 
-    val killResponse = k8sOperation.killApplicationByTag(sessionHandle.identifier.toString)
+    val killResponse = k8sOperation.killApplicationByTag(
+      appMgrInfo,
+      sessionHandle.identifier.toString)
     assert(killResponse._1)
     assert(killResponse._2 startsWith "Succeeded to terminate:")
 
-    val appInfo = k8sOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
+    val appInfo = k8sOperation.getApplicationInfoByTag(
+      appMgrInfo,
+      sessionHandle.identifier.toString)
     assert(appInfo == ApplicationInfo(null, null, NOT_FOUND))
 
-    val failKillResponse = k8sOperation.killApplicationByTag(sessionHandle.identifier.toString)
+    val failKillResponse = k8sOperation.killApplicationByTag(
+      appMgrInfo,
+      sessionHandle.identifier.toString)
     assert(!failKillResponse._1)
     assert(failKillResponse._2 === ApplicationOperation.NOT_FOUND)
   }
@@ -212,24 +223,32 @@ class KyuubiOperationKubernetesClusterClusterModeSuite
     // wait for driver pod start
     eventually(timeout(3.minutes), interval(5.second)) {
       // trigger k8sOperation init here
-      val appInfo = k8sOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
+      val appInfo = k8sOperation.getApplicationInfoByTag(
+        appMgrInfo,
+        sessionHandle.identifier.toString)
       assert(appInfo.state == RUNNING)
       assert(appInfo.name.startsWith(driverPodNamePrefix))
     }
 
-    val killResponse = k8sOperation.killApplicationByTag(sessionHandle.identifier.toString)
+    val killResponse = k8sOperation.killApplicationByTag(
+      appMgrInfo,
+      sessionHandle.identifier.toString)
     assert(killResponse._1)
     assert(killResponse._2 endsWith "is completed")
     assert(killResponse._2 contains sessionHandle.identifier.toString)
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
-      val appInfo = k8sOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
+      val appInfo = k8sOperation.getApplicationInfoByTag(
+        appMgrInfo,
+        sessionHandle.identifier.toString)
       // We may kill engine start but not ready
       // An EOF Error occurred when the driver was starting
       assert(appInfo.state == FAILED || appInfo.state == NOT_FOUND)
     }
 
-    val failKillResponse = k8sOperation.killApplicationByTag(sessionHandle.identifier.toString)
+    val failKillResponse = k8sOperation.killApplicationByTag(
+      appMgrInfo,
+      sessionHandle.identifier.toString)
     assert(!failKillResponse._1)
   }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index d51a5f5c3..669f72da0 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -134,6 +134,31 @@ case class KyuubiConf(loadSysDefault: Boolean = true) extends Logging {
     getAllWithPrefix(s"$KYUUBI_BATCH_CONF_PREFIX.$normalizedBatchType", "")
   }
 
+  /** Get the kubernetes conf for specified kubernetes context and namespace. */
+  def getKubernetesConf(context: Option[String], namespace: Option[String]): KyuubiConf = {
+    val conf = this.clone
+    context.foreach { c =>
+      val contextConf =
+        getAllWithPrefix(s"$KYUUBI_KUBERNETES_CONF_PREFIX.$c", "").map { case (suffix, value) =>
+          s"$KYUUBI_KUBERNETES_CONF_PREFIX.$suffix" -> value
+        }
+      val contextNamespaceConf = namespace.map { ns =>
+        getAllWithPrefix(s"$KYUUBI_KUBERNETES_CONF_PREFIX.$c.$ns", "").map {
+          case (suffix, value) =>
+            s"$KYUUBI_KUBERNETES_CONF_PREFIX.$suffix" -> value
+        }
+      }.getOrElse(Map.empty)
+
+      (contextConf ++ contextNamespaceConf).map { case (key, value) =>
+        conf.set(key, value)
+      }
+      conf.set(KUBERNETES_CONTEXT, c)
+      namespace.foreach(ns => conf.set(KUBERNETES_NAMESPACE, ns))
+      conf
+    }
+    conf
+  }
+
   /**
    * Retrieve key-value pairs from [[KyuubiConf]] starting with `dropped.remainder`, and put them to
    * the result map with the `dropped` of key being dropped.
@@ -207,6 +232,7 @@ object KyuubiConf {
   final val KYUUBI_HOME = "KYUUBI_HOME"
   final val KYUUBI_ENGINE_ENV_PREFIX = "kyuubi.engineEnv"
   final val KYUUBI_BATCH_CONF_PREFIX = "kyuubi.batchConf"
+  final val KYUUBI_KUBERNETES_CONF_PREFIX = "kyuubi.kubernetes"
   final val USER_DEFAULTS_CONF_QUOTE = "___"
 
   private[this] val kyuubiConfEntriesUpdateLock = new Object
@@ -1106,6 +1132,15 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
+  val KUBERNETES_CONTEXT_ALLOW_LIST: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.kubernetes.context.allow.list")
+      .doc("The allowed kubernetes context list, if it is empty," +
+        " there is no kubernetes context limitation.")
+      .version("1.8.0")
+      .stringConf
+      .toSequence()
+      .createWithDefault(Nil)
+
   val KUBERNETES_NAMESPACE: ConfigEntry[String] =
     buildConf("kyuubi.kubernetes.namespace")
       .doc("The namespace that will be used for running the kyuubi pods and find engines.")
@@ -1113,6 +1148,15 @@ object KyuubiConf {
       .stringConf
       .createWithDefault("default")
 
+  val KUBERNETES_NAMESPACE_ALLOW_LIST: ConfigEntry[Seq[String]] =
+    buildConf("kyuubi.kubernetes.namespace.allow.list")
+      .doc("The allowed kubernetes namespace list, if it is empty," +
+        " there is no kubernetes namespace limitation.")
+      .version("1.8.0")
+      .stringConf
+      .toSequence()
+      .createWithDefault(Nil)
+
   val KUBERNETES_MASTER: OptionalConfigEntry[String] =
     buildConf("kyuubi.kubernetes.master.address")
       .doc("The internal Kubernetes master (API server) address to be used for kyuubi.")
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/KyuubiConfSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/KyuubiConfSuite.scala
index f05e15d8a..39e68f0ec 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/KyuubiConfSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/KyuubiConfSuite.scala
@@ -200,4 +200,25 @@ class KyuubiConfSuite extends KyuubiFunSuite {
     assertResult(kSeq(1))("kyuubi.efg")
     assertResult(kSeq(2))("kyuubi.xyz")
   }
+
+  test("KYUUBI #4843 - Support multiple kubernetes contexts and namespaces") {
+    val kyuubiConf = KyuubiConf(false)
+    kyuubiConf.set("kyuubi.kubernetes.28.master.address", "k8s://master")
+    kyuubiConf.set(
+      "kyuubi.kubernetes.28.ns1.authenticate.oauthTokenFile",
+      "/var/run/secrets/kubernetes.io/token.ns1")
+    kyuubiConf.set(
+      "kyuubi.kubernetes.28.ns2.authenticate.oauthTokenFile",
+      "/var/run/secrets/kubernetes.io/token.ns2")
+
+    val kubernetesConf1 = kyuubiConf.getKubernetesConf(Some("28"), Some("ns1"))
+    assert(kubernetesConf1.get(KyuubiConf.KUBERNETES_MASTER) == Some("k8s://master"))
+    assert(kubernetesConf1.get(KyuubiConf.KUBERNETES_AUTHENTICATE_OAUTH_TOKEN_FILE) ==
+      Some("/var/run/secrets/kubernetes.io/token.ns1"))
+
+    val kubernetesConf2 = kyuubiConf.getKubernetesConf(Some("28"), Some("ns2"))
+    assert(kubernetesConf2.get(KyuubiConf.KUBERNETES_MASTER) == Some("k8s://master"))
+    assert(kubernetesConf2.get(KyuubiConf.KUBERNETES_AUTHENTICATE_OAUTH_TOKEN_FILE) ==
+      Some("/var/run/secrets/kubernetes.io/token.ns2"))
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
index a2b3d0f76..2acce39cc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
@@ -35,13 +35,14 @@ trait ApplicationOperation {
   /**
    * Called before other method to do a quick skip
    *
-   * @param clusterManager the underlying cluster manager or just local instance
+   * @param appMgrInfo the application manager information
    */
-  def isSupported(clusterManager: Option[String]): Boolean
+  def isSupported(appMgrInfo: ApplicationManagerInfo): Boolean
 
   /**
    * Kill the app/engine by the unique application tag
    *
+   * @param appMgrInfo the application manager information
    * @param tag the unique application tag for engine instance.
    *            For example,
    *            if the Hadoop Yarn is used, for spark applications,
@@ -50,16 +51,20 @@ trait ApplicationOperation {
    *
    * @note For implementations, please suppress exceptions and always return KillResponse
    */
-  def killApplicationByTag(tag: String): KillResponse
+  def killApplicationByTag(appMgrInfo: ApplicationManagerInfo, tag: String): KillResponse
 
   /**
    * Get the engine/application status by the unique application tag
    *
+   * @param appMgrInfo the application manager information
    * @param tag the unique application tag for engine instance.
    * @param submitTime engine submit to resourceManager time
    * @return [[ApplicationInfo]]
    */
-  def getApplicationInfoByTag(tag: String, submitTime: Option[Long] = None): ApplicationInfo
+  def getApplicationInfoByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      submitTime: Option[Long] = None): ApplicationInfo
 }
 
 object ApplicationState extends Enumeration {
@@ -108,3 +113,22 @@ object ApplicationInfo {
 object ApplicationOperation {
   val NOT_FOUND = "APPLICATION_NOT_FOUND"
 }
+
+case class KubernetesInfo(context: Option[String] = None, namespace: Option[String] = None)
+
+case class ApplicationManagerInfo(
+    resourceManager: Option[String],
+    kubernetesInfo: KubernetesInfo = KubernetesInfo())
+
+object ApplicationManagerInfo {
+  final val DEFAULT_KUBERNETES_NAMESPACE = "default"
+
+  def apply(
+      resourceManager: Option[String],
+      kubernetesContext: Option[String],
+      kubernetesNamespace: Option[String]): ApplicationManagerInfo = {
+    new ApplicationManagerInfo(
+      resourceManager,
+      KubernetesInfo(kubernetesContext, kubernetesNamespace))
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 227cdd6c8..387758714 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -223,7 +223,7 @@ private[kyuubi] class EngineRef(
         }
 
         if (started + timeout <= System.currentTimeMillis()) {
-          val killMessage = engineManager.killApplication(builder.clusterManager(), engineRefId)
+          val killMessage = engineManager.killApplication(builder.appMgrInfo(), engineRefId)
           process.destroyForcibly()
           MetricsSystem.tracing(_.incCount(MetricRegistry.name(ENGINE_TIMEOUT, appUser)))
           throw KyuubiSQLException(
@@ -242,7 +242,7 @@ private[kyuubi] class EngineRef(
             }
 
             val applicationInfo = engineMgr.getApplicationInfo(
-              builder.clusterManager(),
+              builder.appMgrInfo(),
               engineRefId,
               Some(started))
 
@@ -291,9 +291,9 @@ private[kyuubi] class EngineRef(
   def close(): Unit = {
     if (shareLevel == CONNECTION && builder != null) {
       try {
-        val clusterManager = builder.clusterManager()
+        val appMgrInfo = builder.appMgrInfo()
         builder.close(true)
-        engineManager.killApplication(clusterManager, engineRefId)
+        engineManager.killApplication(appMgrInfo, engineRefId)
       } catch {
         case e: Exception =>
           warn(s"Error closing engine builder, engineRefId: $engineRefId", e)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
index ce2e05461..64dacbb64 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
@@ -41,8 +41,9 @@ class JpsApplicationOperation extends ApplicationOperation {
       }
   }
 
-  override def isSupported(clusterManager: Option[String]): Boolean = {
-    runner != null && (clusterManager.isEmpty || clusterManager.get == "local")
+  override def isSupported(appMgrInfo: ApplicationManagerInfo): Boolean = {
+    runner != null &&
+    (appMgrInfo.resourceManager.isEmpty || appMgrInfo.resourceManager.get == "local")
   }
 
   private def getEngine(tag: String): Option[String] = {
@@ -80,11 +81,16 @@ class JpsApplicationOperation extends ApplicationOperation {
     }
   }
 
-  override def killApplicationByTag(tag: String): KillResponse = {
+  override def killApplicationByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String): KillResponse = {
     killJpsApplicationByTag(tag, true)
   }
 
-  override def getApplicationInfoByTag(tag: String, submitTime: Option[Long]): ApplicationInfo = {
+  override def getApplicationInfoByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      submitTime: Option[Long]): ApplicationInfo = {
     val commandOption = getEngine(tag)
     if (commandOption.nonEmpty) {
       val idAndCmd = commandOption.get
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 0bd3127cb..d6dfba2fe 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -20,12 +20,14 @@ package org.apache.kyuubi.engine
 import java.util.Locale
 import java.util.concurrent.{ConcurrentHashMap, TimeUnit}
 
+import scala.collection.JavaConverters._
+
 import com.google.common.cache.{Cache, CacheBuilder, RemovalNotification}
 import io.fabric8.kubernetes.api.model.Pod
 import io.fabric8.kubernetes.client.KubernetesClient
 import io.fabric8.kubernetes.client.informers.{ResourceEventHandler, SharedIndexInformer}
 
-import org.apache.kyuubi.{Logging, Utils}
+import org.apache.kyuubi.{KyuubiException, Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.ApplicationState.{isTerminated, ApplicationState, FAILED, FINISHED, NOT_FOUND, PENDING, RUNNING, UNKNOWN}
 import org.apache.kyuubi.engine.KubernetesApplicationOperation.{toApplicationState, LABEL_KYUUBI_UNIQUE_KEY, SPARK_APP_ID_LABEL}
@@ -33,10 +35,16 @@ import org.apache.kyuubi.util.KubernetesUtils
 
 class KubernetesApplicationOperation extends ApplicationOperation with Logging {
 
-  @volatile
-  private var kubernetesClient: KubernetesClient = _
-  private var enginePodInformer: SharedIndexInformer[Pod] = _
+  private val kubernetesClients: ConcurrentHashMap[KubernetesInfo, KubernetesClient] =
+    new ConcurrentHashMap[KubernetesInfo, KubernetesClient]
+  private val enginePodInformers: ConcurrentHashMap[KubernetesInfo, SharedIndexInformer[Pod]] =
+    new ConcurrentHashMap[KubernetesInfo, SharedIndexInformer[Pod]]
+
+  private var allowedContexts: Seq[String] = Seq.empty
+  private var allowedNamespaces: Seq[String] = Seq.empty
+
   private var submitTimeout: Long = _
+  private var kyuubiConf: KyuubiConf = _
 
   // key is kyuubi_unique_key
   private val appInfoStore: ConcurrentHashMap[String, ApplicationInfo] =
@@ -44,45 +52,74 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   // key is kyuubi_unique_key
   private var cleanupTerminatedAppInfoTrigger: Cache[String, ApplicationState] = _
 
-  override def initialize(conf: KyuubiConf): Unit = {
-    info("Start initializing Kubernetes Client.")
-    kubernetesClient = KubernetesUtils.buildKubernetesClient(conf) match {
+  private def getOrCreateKubernetesClient(kubernetesInfo: KubernetesInfo): KubernetesClient = {
+    val context = kubernetesInfo.context
+    val namespace = kubernetesInfo.namespace
+
+    if (allowedContexts.nonEmpty && !allowedContexts.contains(context)) {
+      throw new KyuubiException(
+        s"Kubernetes context $context is not in the allowed list[$allowedContexts]")
+    }
+
+    if (allowedNamespaces.nonEmpty && !allowedNamespaces.contains(namespace)) {
+      throw new KyuubiException(
+        s"Kubernetes namespace $namespace is not in the allowed list[$allowedNamespaces]")
+    }
+
+    kubernetesClients.computeIfAbsent(kubernetesInfo, kInfo => buildKubernetesClient(kInfo))
+  }
+
+  private def buildKubernetesClient(kubernetesInfo: KubernetesInfo): KubernetesClient = {
+    val kubernetesConf =
+      kyuubiConf.getKubernetesConf(kubernetesInfo.context, kubernetesInfo.namespace)
+    KubernetesUtils.buildKubernetesClient(kubernetesConf) match {
       case Some(client) =>
-        info(s"Initialized Kubernetes Client connect to: ${client.getMasterUrl}")
-        submitTimeout = conf.get(KyuubiConf.ENGINE_KUBERNETES_SUBMIT_TIMEOUT)
-        // Disable resync, see https://github.com/fabric8io/kubernetes-client/discussions/5015
-        enginePodInformer = client.pods()
+        info(s"[$kubernetesInfo] Initialized Kubernetes Client connect to: ${client.getMasterUrl}")
+        val enginePodInformer = client.pods()
           .withLabel(LABEL_KYUUBI_UNIQUE_KEY)
           .inform(new SparkEnginePodEventHandler)
-        info("Start Kubernetes Client Informer.")
-        // Defer cleaning terminated application information
-        val retainPeriod = conf.get(KyuubiConf.KUBERNETES_TERMINATED_APPLICATION_RETAIN_PERIOD)
-        cleanupTerminatedAppInfoTrigger = CacheBuilder.newBuilder()
-          .expireAfterWrite(retainPeriod, TimeUnit.MILLISECONDS)
-          .removalListener((notification: RemovalNotification[String, ApplicationState]) => {
-            Option(appInfoStore.remove(notification.getKey)).foreach { removed =>
-              info(s"Remove terminated application ${removed.id} with " +
-                s"tag ${notification.getKey} and state ${removed.state}")
-            }
-          })
-          .build()
+        info(s"[$kubernetesInfo] Start Kubernetes Client Informer.")
+        enginePodInformers.put(kubernetesInfo, enginePodInformer)
         client
-      case None =>
-        warn("Fail to init Kubernetes Client for Kubernetes Application Operation")
-        null
+
+      case None => throw new KyuubiException(s"Fail to build Kubernetes client for $kubernetesInfo")
     }
   }
 
-  override def isSupported(clusterManager: Option[String]): Boolean = {
+  override def initialize(conf: KyuubiConf): Unit = {
+    kyuubiConf = conf
+    info("Start initializing Kubernetes application operation.")
+    submitTimeout = conf.get(KyuubiConf.ENGINE_KUBERNETES_SUBMIT_TIMEOUT)
+    allowedContexts = conf.get(KyuubiConf.KUBERNETES_CONTEXT_ALLOW_LIST)
+    allowedNamespaces = conf.get(KyuubiConf.KUBERNETES_NAMESPACE_ALLOW_LIST)
+    // Defer cleaning terminated application information
+    val retainPeriod = conf.get(KyuubiConf.KUBERNETES_TERMINATED_APPLICATION_RETAIN_PERIOD)
+    cleanupTerminatedAppInfoTrigger = CacheBuilder.newBuilder()
+      .expireAfterWrite(retainPeriod, TimeUnit.MILLISECONDS)
+      .removalListener((notification: RemovalNotification[String, ApplicationState]) => {
+        Option(appInfoStore.remove(notification.getKey)).foreach { removed =>
+          info(s"Remove terminated application ${removed.id} with " +
+            s"tag ${notification.getKey} and state ${removed.state}")
+        }
+      })
+      .build()
+  }
+
+  override def isSupported(appMgrInfo: ApplicationManagerInfo): Boolean = {
     // TODO add deploy mode to check whether is supported
-    kubernetesClient != null && clusterManager.exists(_.toLowerCase(Locale.ROOT).startsWith("k8s"))
+    kyuubiConf != null &&
+    appMgrInfo.resourceManager.exists(_.toLowerCase(Locale.ROOT).startsWith("k8s"))
   }
 
-  override def killApplicationByTag(tag: String): KillResponse = {
-    if (kubernetesClient == null) {
+  override def killApplicationByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String): KillResponse = {
+    if (kyuubiConf == null) {
       throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
     }
-    debug(s"Deleting application info from Kubernetes cluster by $tag tag")
+    val kubernetesInfo = appMgrInfo.kubernetesInfo
+    val kubernetesClient = getOrCreateKubernetesClient(kubernetesInfo)
+    debug(s"[$kubernetesInfo] Deleting application info from Kubernetes cluster by $tag tag")
     try {
       val info = appInfoStore.getOrDefault(tag, ApplicationInfo.NOT_FOUND)
       debug(s"Application info[tag: $tag] is in ${info.state}")
@@ -90,24 +127,32 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
         case NOT_FOUND | FAILED | UNKNOWN =>
           (
             false,
-            s"Target application[tag: $tag] is in ${info.state} status")
+            s"[$kubernetesInfo] Target application[tag: $tag] is in ${info.state} status")
         case _ =>
           (
             !kubernetesClient.pods.withName(info.name).delete().isEmpty,
-            s"Operation of deleted application[appId: ${info.id} ,tag: $tag] is completed")
+            s"[$kubernetesInfo] Operation of deleted" +
+              s" application[appId: ${info.id} ,tag: $tag] is completed")
       }
     } catch {
       case e: Exception =>
-        (false, s"Failed to terminate application with $tag, due to ${e.getMessage}")
+        (
+          false,
+          s"[$kubernetesInfo] Failed to terminate application with $tag, due to ${e.getMessage}")
     }
   }
 
-  override def getApplicationInfoByTag(tag: String, submitTime: Option[Long]): ApplicationInfo = {
-    if (kubernetesClient == null) {
+  override def getApplicationInfoByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      submitTime: Option[Long]): ApplicationInfo = {
+    if (kyuubiConf == null) {
       throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
     }
     debug(s"Getting application info from Kubernetes cluster by $tag tag")
     try {
+      // need to initialize the kubernetes client if not exists
+      getOrCreateKubernetesClient(appMgrInfo.kubernetesInfo)
       val appInfo = appInfoStore.getOrDefault(tag, ApplicationInfo.NOT_FOUND)
       (appInfo.state, submitTime) match {
         // Kyuubi should wait second if pod is not be created
@@ -136,19 +181,15 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   }
 
   override def stop(): Unit = {
-    Utils.tryLogNonFatalError {
-      if (enginePodInformer != null) {
-        enginePodInformer.stop()
-        enginePodInformer = null
-      }
+    enginePodInformers.asScala.foreach { case (_, informer) =>
+      Utils.tryLogNonFatalError(informer.stop())
     }
+    enginePodInformers.clear()
 
-    Utils.tryLogNonFatalError {
-      if (kubernetesClient != null) {
-        kubernetesClient.close()
-        kubernetesClient = null
-      }
+    kubernetesClients.asScala.foreach { case (_, client) =>
+      Utils.tryLogNonFatalError(client.close())
     }
+    kubernetesClients.clear()
 
     if (cleanupTerminatedAppInfoTrigger != null) {
       cleanupTerminatedAppInfoTrigger.cleanUp()
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index ac7225dd8..4e121d297 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -60,11 +60,11 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
     super.stop()
   }
 
-  def killApplication(resourceManager: Option[String], tag: String): KillResponse = {
+  def killApplication(appMgrInfo: ApplicationManagerInfo, tag: String): KillResponse = {
     var (killed, lastMessage): KillResponse = (false, null)
     for (operation <- operations if !killed) {
-      if (operation.isSupported(resourceManager)) {
-        val (k, m) = operation.killApplicationByTag(tag)
+      if (operation.isSupported(appMgrInfo)) {
+        val (k, m) = operation.killApplicationByTag(appMgrInfo, tag)
         killed = k
         lastMessage = m
       }
@@ -73,7 +73,7 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
     val finalMessage =
       if (lastMessage == null) {
         s"No ${classOf[ApplicationOperation]} Service found in ServiceLoader" +
-          s" for $resourceManager"
+          s" for $appMgrInfo"
       } else {
         lastMessage
       }
@@ -81,12 +81,12 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
   }
 
   def getApplicationInfo(
-      clusterManager: Option[String],
+      appMgrInfo: ApplicationManagerInfo,
       tag: String,
       submitTime: Option[Long] = None): Option[ApplicationInfo] = {
-    val operation = operations.find(_.isSupported(clusterManager))
+    val operation = operations.find(_.isSupported(appMgrInfo))
     operation match {
-      case Some(op) => Some(op.getApplicationInfoByTag(tag, submitTime))
+      case Some(op) => Some(op.getApplicationInfoByTag(appMgrInfo, tag, submitTime))
       case None => None
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index 4c7330b4d..d30e72674 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -341,6 +341,7 @@ trait ProcBuilder {
 
   def clusterManager(): Option[String] = None
 
+  def appMgrInfo(): ApplicationManagerInfo = ApplicationManagerInfo(None)
 }
 
 object ProcBuilder extends Logging {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
index 1f06484fc..d87fc406a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
@@ -47,11 +47,14 @@ class YarnApplicationOperation extends ApplicationOperation with Logging {
     info(s"Successfully initialized yarn client: ${c.getServiceState}")
   }
 
-  override def isSupported(clusterManager: Option[String]): Boolean = {
-    yarnClient != null && clusterManager.exists(_.toLowerCase(Locale.ROOT).startsWith("yarn"))
+  override def isSupported(appMgrInfo: ApplicationManagerInfo): Boolean = {
+    yarnClient != null && appMgrInfo.resourceManager.exists(
+      _.toLowerCase(Locale.ROOT).startsWith("yarn"))
   }
 
-  override def killApplicationByTag(tag: String): KillResponse = {
+  override def killApplicationByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String): KillResponse = {
     if (yarnClient != null) {
       try {
         val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
@@ -79,7 +82,10 @@ class YarnApplicationOperation extends ApplicationOperation with Logging {
     }
   }
 
-  override def getApplicationInfoByTag(tag: String, submitTime: Option[Long]): ApplicationInfo = {
+  override def getApplicationInfoByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      submitTime: Option[Long]): ApplicationInfo = {
     if (yarnClient != null) {
       debug(s"Getting application info from Yarn cluster by $tag tag")
       val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
index d8d46e427..3da8d1b1a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
@@ -29,7 +29,7 @@ import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
-import org.apache.kyuubi.engine.{KyuubiApplicationManager, ProcBuilder}
+import org.apache.kyuubi.engine.{ApplicationManagerInfo, KyuubiApplicationManager, ProcBuilder}
 import org.apache.kyuubi.engine.flink.FlinkProcessBuilder._
 import org.apache.kyuubi.operation.log.OperationLog
 
@@ -73,6 +73,10 @@ class FlinkProcessBuilder(
     }
   }
 
+  override def appMgrInfo(): ApplicationManagerInfo = {
+    ApplicationManagerInfo(clusterManager())
+  }
+
   override protected val commands: Array[String] = {
     KyuubiApplicationManager.tagApplication(engineRefId, shortName, clusterManager(), conf)
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
index 4a613278d..0d20068de 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
@@ -77,4 +77,12 @@ class SparkBatchProcessBuilder(
   override def clusterManager(): Option[String] = {
     batchConf.get(MASTER_KEY).orElse(super.clusterManager())
   }
+
+  override def kubernetesContext(): Option[String] = {
+    batchConf.get(KUBERNETES_CONTEXT_KEY).orElse(super.kubernetesContext())
+  }
+
+  override def kubernetesNamespace(): Option[String] = {
+    batchConf.get(KUBERNETES_NAMESPACE_KEY).orElse(super.kubernetesNamespace())
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index b74eab77d..6110c0246 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -27,7 +27,7 @@ import org.apache.hadoop.security.UserGroupInformation
 
 import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.{KyuubiApplicationManager, ProcBuilder}
+import org.apache.kyuubi.engine.{ApplicationManagerInfo, KyuubiApplicationManager, ProcBuilder}
 import org.apache.kyuubi.engine.KubernetesApplicationOperation.{KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT}
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
@@ -183,26 +183,39 @@ class SparkProcessBuilder(
 
   override def shortName: String = "spark"
 
-  protected lazy val defaultMaster: Option[String] = {
+  protected lazy val defaultsConf: Map[String, String] = {
     val confDir = env.getOrElse(SPARK_CONF_DIR, s"$sparkHome${File.separator}conf")
-    val defaults =
-      try {
-        val confFile = new File(s"$confDir${File.separator}$SPARK_CONF_FILE_NAME")
-        if (confFile.exists()) {
-          Utils.getPropertiesFromFile(Some(confFile))
-        } else {
-          Map.empty[String, String]
-        }
-      } catch {
-        case _: Exception =>
-          warn(s"Failed to load spark configurations from $confDir")
-          Map.empty[String, String]
+    try {
+      val confFile = new File(s"$confDir${File.separator}$SPARK_CONF_FILE_NAME")
+      if (confFile.exists()) {
+        Utils.getPropertiesFromFile(Some(confFile))
+      } else {
+        Map.empty[String, String]
       }
-    defaults.get(MASTER_KEY)
+    } catch {
+      case _: Exception =>
+        warn(s"Failed to load spark configurations from $confDir")
+        Map.empty[String, String]
+    }
+  }
+
+  override def appMgrInfo(): ApplicationManagerInfo = {
+    ApplicationManagerInfo(
+      clusterManager(),
+      kubernetesContext(),
+      kubernetesNamespace())
   }
 
   override def clusterManager(): Option[String] = {
-    conf.getOption(MASTER_KEY).orElse(defaultMaster)
+    conf.getOption(MASTER_KEY).orElse(defaultsConf.get(MASTER_KEY))
+  }
+
+  def kubernetesContext(): Option[String] = {
+    conf.getOption(KUBERNETES_CONTEXT_KEY).orElse(defaultsConf.get(KUBERNETES_CONTEXT_KEY))
+  }
+
+  def kubernetesNamespace(): Option[String] = {
+    conf.getOption(KUBERNETES_NAMESPACE_KEY).orElse(defaultsConf.get(KUBERNETES_NAMESPACE_KEY))
   }
 
   override def validateConf: Unit = Validator.validateConf(conf)
@@ -224,6 +237,8 @@ object SparkProcessBuilder {
   final val APP_KEY = "spark.app.name"
   final val TAG_KEY = "spark.yarn.tags"
   final val MASTER_KEY = "spark.master"
+  final val KUBERNETES_CONTEXT_KEY = "spark.kubernetes.context"
+  final val KUBERNETES_NAMESPACE_KEY = "spark.kubernetes.namespace"
   final val INTERNAL_RESOURCE = "spark-internal"
 
   /**
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index ab2cfa302..82562541d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -107,7 +107,7 @@ class BatchJobSubmission(
     }
     val applicationInfo =
       applicationManager.getApplicationInfo(
-        builder.clusterManager(),
+        builder.appMgrInfo(),
         batchId,
         Some(_submitTime))
     applicationId(applicationInfo).foreach { _ =>
@@ -123,7 +123,7 @@ class BatchJobSubmission(
   }
 
   private[kyuubi] def killBatchApplication(): KillResponse = {
-    applicationManager.killApplication(builder.clusterManager(), batchId)
+    applicationManager.killApplication(builder.appMgrInfo(), batchId)
   }
 
   private val applicationCheckInterval =
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index cb0c63be0..ba043f071 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -40,7 +40,7 @@ import org.apache.kyuubi.client.exception.KyuubiRestException
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
-import org.apache.kyuubi.engine.{ApplicationInfo, KillResponse, KyuubiApplicationManager}
+import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationManagerInfo, KillResponse, KyuubiApplicationManager}
 import org.apache.kyuubi.operation.{BatchJobSubmission, FetchOrientation, OperationState}
 import org.apache.kyuubi.server.api.ApiRequestContext
 import org.apache.kyuubi.server.api.v1.BatchesResource._
@@ -289,7 +289,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
             case e: KyuubiRestException =>
               error(s"Error redirecting get batch[$batchId] to ${metadata.kyuubiInstance}", e)
               val batchAppStatus = sessionManager.applicationManager.getApplicationInfo(
-                metadata.clusterManager,
+                metadata.appMgrInfo,
                 batchId,
                 // prevent that the batch be marked as terminated if application state is NOT_FOUND
                 Some(metadata.engineOpenTime).filter(_ > 0).orElse(Some(System.currentTimeMillis)))
@@ -407,9 +407,9 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       }
     }
 
-    def forceKill(clusterManager: Option[String], batchId: String): KillResponse = {
+    def forceKill(appMgrInfo: ApplicationManagerInfo, batchId: String): KillResponse = {
       val (killed, message) = sessionManager.applicationManager
-        .killApplication(clusterManager, batchId)
+        .killApplication(appMgrInfo, batchId)
       info(s"Mark batch[$batchId] closed by ${fe.connectionUrl}")
       sessionManager.updateMetadata(Metadata(identifier = batchId, peerInstanceClosed = true))
       (killed, message)
@@ -436,12 +436,12 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
           } catch {
             case e: KyuubiRestException =>
               error(s"Error redirecting delete batch[$batchId] to ${metadata.kyuubiInstance}", e)
-              val (killed, msg) = forceKill(metadata.clusterManager, batchId)
+              val (killed, msg) = forceKill(metadata.appMgrInfo, batchId)
               new CloseBatchResponse(killed, if (killed) msg else Utils.stringifyException(e))
           }
         } else { // should not happen, but handle this for safe
           warn(s"Something wrong on deleting batch[$batchId], try forcibly killing application")
-          val (killed, msg) = forceKill(metadata.clusterManager, batchId)
+          val (killed, msg) = forceKill(metadata.appMgrInfo, batchId)
           new CloseBatchResponse(killed, msg)
         }
       }.getOrElse {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
index 949e88abd..12759f8cc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.server.metadata.api
 
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.engine.ApplicationManagerInfo
 import org.apache.kyuubi.session.SessionType.SessionType
 
 /**
@@ -73,4 +75,11 @@ case class Metadata(
     engineState: String = null,
     engineError: Option[String] = None,
     endTime: Long = 0L,
-    peerInstanceClosed: Boolean = false)
+    peerInstanceClosed: Boolean = false) {
+  def appMgrInfo: ApplicationManagerInfo = {
+    ApplicationManagerInfo(
+      clusterManager,
+      requestConf.get(KyuubiConf.KUBERNETES_CONTEXT.key),
+      requestConf.get(KyuubiConf.KUBERNETES_NAMESPACE.key))
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index ded4c8bf4..014bbced3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -143,6 +143,12 @@ class KyuubiBatchSession(
     traceMetricsOnOpen()
 
     if (recoveryMetadata.isEmpty) {
+      val appMgrInfo = batchJobSubmissionOp.builder.appMgrInfo()
+      val kubernetesInfo = appMgrInfo.kubernetesInfo.context.map { context =>
+        Map(KyuubiConf.KUBERNETES_CONTEXT.key -> context)
+      }.getOrElse(Map.empty) ++ appMgrInfo.kubernetesInfo.namespace.map { namespace =>
+        Map(KyuubiConf.KUBERNETES_NAMESPACE.key -> namespace)
+      }.getOrElse(Map.empty)
       val metaData = Metadata(
         identifier = handle.identifier.toString,
         sessionType = sessionType,
@@ -154,7 +160,7 @@ class KyuubiBatchSession(
         resource = resource,
         className = className,
         requestName = name.orNull,
-        requestConf = optimizedConf,
+        requestConf = optimizedConf ++ kubernetesInfo, // save the kubernetes info into request conf
         requestArgs = batchArgs,
         createTime = createTime,
         engineType = batchType,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index 2ed413dcb..68d95dc80 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -26,7 +26,7 @@ import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols.FrontendProtocol
-import org.apache.kyuubi.engine.{ApplicationState, YarnApplicationOperation}
+import org.apache.kyuubi.engine.{ApplicationManagerInfo, ApplicationState, YarnApplicationOperation}
 import org.apache.kyuubi.engine.ApplicationState._
 import org.apache.kyuubi.operation.{FetchOrientation, HiveJDBCTestHelper, OperationState}
 import org.apache.kyuubi.operation.OperationState.ERROR
@@ -134,11 +134,15 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       assert(metadata.map(_.engineId).get.startsWith("application_"))
     }
 
-    val killResponse = yarnOperation.killApplicationByTag(sessionHandle.identifier.toString)
+    val appMgrInfo = ApplicationManagerInfo(Some("yarn"))
+
+    val killResponse =
+      yarnOperation.killApplicationByTag(appMgrInfo, sessionHandle.identifier.toString)
     assert(killResponse._1)
     assert(killResponse._2 startsWith "Succeeded to terminate:")
 
-    val appInfo = yarnOperation.getApplicationInfoByTag(sessionHandle.identifier.toString)
+    val appInfo =
+      yarnOperation.getApplicationInfoByTag(appMgrInfo, sessionHandle.identifier.toString)
 
     assert(appInfo.state === KILLED)
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala
index a6e00bbaf..a0914afcf 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/JpsApplicationOperationSuite.scala
@@ -38,10 +38,10 @@ class JpsApplicationOperationSuite extends KyuubiFunSuite {
   jps.initialize(null)
 
   test("JpsApplicationOperation with jstat") {
-    assert(jps.isSupported(None))
-    assert(jps.isSupported(Some("local")))
-    assert(!jps.killApplicationByTag(null)._1)
-    assert(!jps.killApplicationByTag("have a space")._1)
+    assert(jps.isSupported(ApplicationManagerInfo(None)))
+    assert(jps.isSupported(ApplicationManagerInfo(Some("local"))))
+    assert(!jps.killApplicationByTag(ApplicationManagerInfo(None), null)._1)
+    assert(!jps.killApplicationByTag(ApplicationManagerInfo(None), "have a space")._1)
     val currentProcess = ManagementFactory.getRuntimeMXBean.getName
     val currentPid = currentProcess.splitAt(currentProcess.indexOf("@"))._1
 
@@ -52,16 +52,16 @@ class JpsApplicationOperationSuite extends KyuubiFunSuite {
     }.start()
 
     eventually(Timeout(10.seconds)) {
-      val desc1 = jps.getApplicationInfoByTag("sun.tools.jstat.Jstat")
+      val desc1 = jps.getApplicationInfoByTag(ApplicationManagerInfo(None), "sun.tools.jstat.Jstat")
       assert(desc1.id != null)
       assert(desc1.name != null)
       assert(desc1.state == ApplicationState.RUNNING)
     }
 
-    jps.killApplicationByTag("sun.tools.jstat.Jstat")
+    jps.killApplicationByTag(ApplicationManagerInfo(None), "sun.tools.jstat.Jstat")
 
     eventually(Timeout(10.seconds)) {
-      val desc2 = jps.getApplicationInfoByTag("sun.tools.jstat.Jstat")
+      val desc2 = jps.getApplicationInfoByTag(ApplicationManagerInfo(None), "sun.tools.jstat.Jstat")
       assert(desc2.id == null)
       assert(desc2.name == null)
       assert(desc2.state == ApplicationState.NOT_FOUND)
@@ -78,25 +78,25 @@ class JpsApplicationOperationSuite extends KyuubiFunSuite {
     val builder = new SparkProcessBuilder(user, conf)
     builder.start
 
-    assert(jps.isSupported(builder.clusterManager()))
+    assert(jps.isSupported(ApplicationManagerInfo(builder.clusterManager())))
     eventually(Timeout(10.seconds)) {
-      val desc1 = jps.getApplicationInfoByTag(id)
+      val desc1 = jps.getApplicationInfoByTag(ApplicationManagerInfo(None), id)
       assert(desc1.id != null)
       assert(desc1.name != null)
       assert(desc1.state == ApplicationState.RUNNING)
-      val response = jps.killApplicationByTag(id)
+      val response = jps.killApplicationByTag(ApplicationManagerInfo(None), id)
       assert(response._1, response._2)
       assert(response._2 startsWith "Succeeded to terminate:")
     }
 
     eventually(Timeout(10.seconds)) {
-      val desc2 = jps.getApplicationInfoByTag(id)
+      val desc2 = jps.getApplicationInfoByTag(ApplicationManagerInfo(None), id)
       assert(desc2.id == null)
       assert(desc2.name == null)
       assert(desc2.state == ApplicationState.NOT_FOUND)
     }
 
-    val response2 = jps.killApplicationByTag(id)
+    val response2 = jps.killApplicationByTag(ApplicationManagerInfo(None), id)
     assert(!response2._1)
     assert(response2._2 === ApplicationOperation.NOT_FOUND)
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index 9c69817a3..0c180db72 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -29,7 +29,7 @@ import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 import org.apache.kyuubi.{KYUUBI_VERSION, WithKyuubiServer}
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.config.KyuubiConf.SESSION_CONF_ADVISOR
-import org.apache.kyuubi.engine.ApplicationState
+import org.apache.kyuubi.engine.{ApplicationManagerInfo, ApplicationState}
 import org.apache.kyuubi.jdbc.KyuubiHiveDriver
 import org.apache.kyuubi.jdbc.hive.{KyuubiConnection, KyuubiSQLException}
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
@@ -233,9 +233,11 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
         }
         val engineId = sessionManager.allSessions().head.handle.identifier.toString
         // kill the engine application and wait the engine terminate
-        sessionManager.applicationManager.killApplication(None, engineId)
+        sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), engineId)
         eventually(timeout(30.seconds), interval(100.milliseconds)) {
-          assert(sessionManager.applicationManager.getApplicationInfo(None, engineId)
+          assert(sessionManager.applicationManager.getApplicationInfo(
+            ApplicationManagerInfo(None),
+            engineId)
             .exists(_.state == ApplicationState.NOT_FOUND))
         }
         assert(!conn.isValid(3000))
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index da9b8ae44..f5bbe640e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -33,7 +33,7 @@ import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiFunSuite, RestFrontendTestHelper
 import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, ServerData, SessionData, SessionHandle, SessionOpenRequest}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_CONNECTION_URL_KEY
-import org.apache.kyuubi.engine.{ApplicationState, EngineRef, KyuubiApplicationManager}
+import org.apache.kyuubi.engine.{ApplicationManagerInfo, ApplicationState, EngineRef, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.EngineType.SPARK_SQL
 import org.apache.kyuubi.engine.ShareLevel.{CONNECTION, GROUP, USER}
 import org.apache.kyuubi.ha.HighAvailabilityConf
@@ -293,9 +293,10 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       }
 
       // kill the engine application
-      engineMgr.killApplication(None, id)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id)
       eventually(timeout(30.seconds), interval(100.milliseconds)) {
-        assert(engineMgr.getApplicationInfo(None, id).exists(_.state == ApplicationState.NOT_FOUND))
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id).exists(
+          _.state == ApplicationState.NOT_FOUND))
       }
     }
   }
@@ -339,9 +340,10 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       }
 
       // kill the engine application
-      engineMgr.killApplication(None, id)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id)
       eventually(timeout(30.seconds), interval(100.milliseconds)) {
-        assert(engineMgr.getApplicationInfo(None, id).exists(_.state == ApplicationState.NOT_FOUND))
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id).exists(
+          _.state == ApplicationState.NOT_FOUND))
       }
     }
   }
@@ -417,9 +419,10 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(engines(0).getSubdomain == "default")
 
       // kill the engine application
-      engineMgr.killApplication(None, id)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id)
       eventually(timeout(30.seconds), interval(100.milliseconds)) {
-        assert(engineMgr.getApplicationInfo(None, id).exists(_.state == ApplicationState.NOT_FOUND))
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id).exists(
+          _.state == ApplicationState.NOT_FOUND))
       }
     }
   }
@@ -463,9 +466,10 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(engines(0).getSubdomain == "default")
 
       // kill the engine application
-      engineMgr.killApplication(None, id)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id)
       eventually(timeout(30.seconds), interval(100.milliseconds)) {
-        assert(engineMgr.getApplicationInfo(None, id).exists(_.state == ApplicationState.NOT_FOUND))
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id).exists(
+          _.state == ApplicationState.NOT_FOUND))
       }
     }
   }
@@ -528,12 +532,12 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert(result1.size == 1)
 
       // kill the engine application
-      engineMgr.killApplication(None, id1)
-      engineMgr.killApplication(None, id2)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id1)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id2)
       eventually(timeout(30.seconds), interval(100.milliseconds)) {
-        assert(engineMgr.getApplicationInfo(None, id1)
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id1)
           .exists(_.state == ApplicationState.NOT_FOUND))
-        assert(engineMgr.getApplicationInfo(None, id2)
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id2)
           .exists(_.state == ApplicationState.NOT_FOUND))
       }
     }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 8e0a80c4d..8a797f842 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -37,7 +37,7 @@ import org.apache.kyuubi.client.util.BatchUtils
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.{ApplicationInfo, KyuubiApplicationManager}
+import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationManagerInfo, KyuubiApplicationManager}
 import org.apache.kyuubi.engine.spark.SparkBatchProcessBuilder
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.operation.{BatchJobSubmission, OperationState}
@@ -64,7 +64,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     }
     sessionManager.getBatchesFromMetadataStore(null, null, null, 0, 0, 0, Int.MaxValue).foreach {
       batch =>
-        sessionManager.applicationManager.killApplication(None, batch.getId)
+        sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
         sessionManager.cleanupMetadata(batch.getId)
     }
   }
@@ -481,7 +481,8 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
 
     var applicationStatus: Option[ApplicationInfo] = None
     eventually(timeout(5.seconds)) {
-      applicationStatus = sessionManager.applicationManager.getApplicationInfo(None, batchId2)
+      applicationStatus =
+        sessionManager.applicationManager.getApplicationInfo(ApplicationManagerInfo(None), batchId2)
       assert(applicationStatus.isDefined)
     }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
index ff807ef02..4e18951b5 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
@@ -32,6 +32,7 @@ import org.apache.kyuubi.{BatchTestHelper, RestClientTestHelper, Utils}
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ctl.{CtlConf, TestPrematureExit}
+import org.apache.kyuubi.engine.ApplicationManagerInfo
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.session.KyuubiSessionManager
 
@@ -80,7 +81,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
     }
     sessionManager.getBatchesFromMetadataStore(null, null, null, 0, 0, 0, Int.MaxValue).foreach {
       batch =>
-        sessionManager.applicationManager.killApplication(None, batch.getId)
+        sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
         sessionManager.cleanupMetadata(batch.getId)
     }
   }

From 1dd9db7492e7b6fd9cda173dc362235f374f89d6 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 26 Jun 2023 18:06:59 +0800
Subject: [PATCH 471/760] [KYUUBI #4996] Support to refresh kubernetes configs
 dynamically

### _Why are the changes needed?_

This is a followup of #4843

To support load kubernetes conf during runtime, so that we can support more kuberntes contexts without restarting the kyuubi server.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4996 from turboFei/refresh_kubernetes_conf.

Closes #4996

807fb92e4 [fwang12] comments
d42d25af7 [fwang12] from conf
809a7d3df [fwang12] refresh
22743f9e5 [fwang12] save
dedebbe71 [fwang12] api
d6f58cfc7 [fwang12] refresh kubernetes config

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 docs/client/rest/rest_api.md                  |  6 +++++
 .../cmd/refresh/RefreshConfigCommand.scala    |  4 ++-
 .../kyuubi/ctl/opt/AdminCommandLine.scala     |  2 +-
 .../ctl/AdminControlCliArgumentsSuite.scala   | 11 +++++++-
 .../apache/kyuubi/client/AdminRestApi.java    |  5 ++++
 .../KubernetesApplicationOperation.scala      | 10 +++----
 .../apache/kyuubi/server/KyuubiServer.scala   | 27 ++++++++++++++-----
 .../kyuubi/server/api/v1/AdminResource.scala  | 19 +++++++++++++
 8 files changed, 70 insertions(+), 14 deletions(-)

diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index fbff59f05..bf4917e88 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -451,6 +451,12 @@ Refresh the Hadoop configurations of the Kyuubi server.
 
 Refresh the [user defaults configs](../../deployment/settings.html#user-defaults) with key in format in the form of `___{username}___.{config key}` from default property file.
 
+### POST /admin/refresh/kubernetes_conf
+
+Refresh the kubernetes configs with key prefixed with `kyuubi.kubernetes` from default property file.
+
+It is helpful if you need to support multiple kubernetes contexts and namespaces, see [KYUUBI #4843](https://github.com/apache/kyuubi/issues/4843).
+
 ### DELETE /admin/engine
 
 Delete the specified engine.
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
index 69aa0c3d0..571e7eef3 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.client.AdminRestApi
 import org.apache.kyuubi.ctl.RestClientFactory.withKyuubiRestClient
 import org.apache.kyuubi.ctl.cmd.AdminCtlCommand
-import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommandConfigType.{HADOOP_CONF, UNLIMITED_USERS, USER_DEFAULTS_CONF}
+import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommandConfigType.{HADOOP_CONF, KUBERNETES_CONF, UNLIMITED_USERS, USER_DEFAULTS_CONF}
 import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.{Tabulator, Validator}
 
@@ -36,6 +36,7 @@ class RefreshConfigCommand(cliConfig: CliConfig) extends AdminCtlCommand[String]
       normalizedCliConfig.adminConfigOpts.configType match {
         case HADOOP_CONF => adminRestApi.refreshHadoopConf()
         case USER_DEFAULTS_CONF => adminRestApi.refreshUserDefaultsConf()
+        case KUBERNETES_CONF => adminRestApi.refreshKubernetesConf()
         case UNLIMITED_USERS => adminRestApi.refreshUnlimitedUsers()
         case configType => throw new KyuubiException(s"Invalid config type:$configType")
       }
@@ -49,5 +50,6 @@ class RefreshConfigCommand(cliConfig: CliConfig) extends AdminCtlCommand[String]
 object RefreshConfigCommandConfigType {
   final val HADOOP_CONF = "hadoopConf"
   final val USER_DEFAULTS_CONF = "userDefaultsConf"
+  final val KUBERNETES_CONF = "kubernetesConf"
   final val UNLIMITED_USERS = "unlimitedUsers"
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
index 71e4068e5..588f3ea37 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
@@ -108,6 +108,6 @@ object AdminCommandLine extends CommonCommandLine {
           .optional()
           .action((v, c) => c.copy(adminConfigOpts = c.adminConfigOpts.copy(configType = v)))
           .text("The valid config type can be one of the following: " +
-            s"$HADOOP_CONF, $USER_DEFAULTS_CONF, $UNLIMITED_USERS."))
+            s"$HADOOP_CONF, $USER_DEFAULTS_CONF, $KUBERNETES_CONF, $UNLIMITED_USERS."))
   }
 }
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
index fdadd011b..72b6fd3e8 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
@@ -83,6 +83,15 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
     assert(opArgs3.cliConfig.resource === ControlObject.CONFIG)
     assert(opArgs3.cliConfig.adminConfigOpts.configType === UNLIMITED_USERS)
 
+    args = Array(
+      "refresh",
+      "config",
+      "kubernetesConf")
+    val opArgs4 = new AdminControlCliArguments(args)
+    assert(opArgs4.cliConfig.action === ControlAction.REFRESH)
+    assert(opArgs4.cliConfig.resource === ControlObject.CONFIG)
+    assert(opArgs4.cliConfig.adminConfigOpts.configType === KUBERNETES_CONF)
+
     args = Array(
       "refresh",
       "config",
@@ -165,7 +174,7 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
          |	Refresh the resource.
          |Command: refresh config [<configType>]
          |	Refresh the config with specified type.
-         |  <configType>             The valid config type can be one of the following: $HADOOP_CONF, $USER_DEFAULTS_CONF, $UNLIMITED_USERS.
+         |  <configType>             The valid config type can be one of the following: $HADOOP_CONF, $USER_DEFAULTS_CONF, $KUBERNETES_CONF, $UNLIMITED_USERS.
          |
          |  -h, --help               Show help message and exit.""".stripMargin
     // scalastyle:on
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index a983827c8..8287e7368 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -47,6 +47,11 @@ public String refreshUserDefaultsConf() {
     return this.getClient().post(path, null, client.getAuthHeader());
   }
 
+  public String refreshKubernetesConf() {
+    String path = String.format("%s/%s", API_BASE_PATH, "refresh/kubernetes_conf");
+    return this.getClient().post(path, null, client.getAuthHeader());
+  }
+
   public String refreshUnlimitedUsers() {
     String path = String.format("%s/%s", API_BASE_PATH, "refresh/unlimited_users");
     return this.getClient().post(path, null, client.getAuthHeader());
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index d6dfba2fe..984273051 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -40,12 +40,14 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   private val enginePodInformers: ConcurrentHashMap[KubernetesInfo, SharedIndexInformer[Pod]] =
     new ConcurrentHashMap[KubernetesInfo, SharedIndexInformer[Pod]]
 
-  private var allowedContexts: Seq[String] = Seq.empty
-  private var allowedNamespaces: Seq[String] = Seq.empty
-
   private var submitTimeout: Long = _
   private var kyuubiConf: KyuubiConf = _
 
+  private def allowedContexts: Seq[String] =
+    kyuubiConf.get(KyuubiConf.KUBERNETES_CONTEXT_ALLOW_LIST)
+  private def allowedNamespaces: Seq[String] =
+    kyuubiConf.get(KyuubiConf.KUBERNETES_NAMESPACE_ALLOW_LIST)
+
   // key is kyuubi_unique_key
   private val appInfoStore: ConcurrentHashMap[String, ApplicationInfo] =
     new ConcurrentHashMap[String, ApplicationInfo]
@@ -90,8 +92,6 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     kyuubiConf = conf
     info("Start initializing Kubernetes application operation.")
     submitTimeout = conf.get(KyuubiConf.ENGINE_KUBERNETES_SUBMIT_TIMEOUT)
-    allowedContexts = conf.get(KyuubiConf.KUBERNETES_CONTEXT_ALLOW_LIST)
-    allowedNamespaces = conf.get(KyuubiConf.KUBERNETES_NAMESPACE_ALLOW_LIST)
     // Defer cleaning terminated application information
     val retainPeriod = conf.get(KyuubiConf.KUBERNETES_TERMINATED_APPLICATION_RETAIN_PERIOD)
     cleanupTerminatedAppInfoTrigger = CacheBuilder.newBuilder()
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index 491b11e90..12120ea55 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -25,7 +25,7 @@ import org.apache.hadoop.security.UserGroupInformation
 
 import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_PROTOCOLS, FrontendProtocols}
+import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_PROTOCOLS, FrontendProtocols, KYUUBI_KUBERNETES_CONF_PREFIX}
 import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols._
 import org.apache.kyuubi.events.{EventBus, KyuubiServerInfoEvent, ServerEventHandlerRegister}
 import org.apache.kyuubi.ha.HighAvailabilityConf._
@@ -111,14 +111,29 @@ object KyuubiServer extends Logging {
   private[kyuubi] def refreshUserDefaultsConf(): Unit = kyuubiServer.conf.synchronized {
     val existedUserDefaults = kyuubiServer.conf.getAllUserDefaults
     val refreshedUserDefaults = KyuubiConf().loadFileDefaults().getAllUserDefaults
+    refreshConfig("user defaults", existedUserDefaults, refreshedUserDefaults)
+  }
+
+  private[kyuubi] def refreshKubernetesConf(): Unit = kyuubiServer.conf.synchronized {
+    val existedKubernetesConf =
+      kyuubiServer.conf.getAll.filter(_._1.startsWith(KYUUBI_KUBERNETES_CONF_PREFIX))
+    val refreshedKubernetesConf =
+      KyuubiConf().loadFileDefaults().getAll.filter(_._1.startsWith(KYUUBI_KUBERNETES_CONF_PREFIX))
+    refreshConfig("kubernetes", existedKubernetesConf, refreshedKubernetesConf)
+  }
+
+  private def refreshConfig(
+      configDomain: String,
+      existing: Map[String, String],
+      refreshed: Map[String, String]): Unit = {
     var (unsetCount, updatedCount, addedCount) = (0, 0, 0)
-    for ((k, _) <- existedUserDefaults if !refreshedUserDefaults.contains(k)) {
+    for ((k, _) <- existing if !refreshed.contains(k)) {
       kyuubiServer.conf.unset(k)
       unsetCount = unsetCount + 1
     }
-    for ((k, v) <- refreshedUserDefaults) {
-      if (existedUserDefaults.contains(k)) {
-        if (!StringUtils.equals(existedUserDefaults.get(k).orNull, v)) {
+    for ((k, v) <- refreshed) {
+      if (existing.contains(k)) {
+        if (!StringUtils.equals(existing.get(k).orNull, v)) {
           updatedCount = updatedCount + 1
         }
       } else {
@@ -126,7 +141,7 @@ object KyuubiServer extends Logging {
       }
       kyuubiServer.conf.set(k, v)
     }
-    info(s"Refreshed user defaults configs with changes of " +
+    info(s"Refreshed $configDomain configs with changes of " +
       s"unset: $unsetCount, updated: $updatedCount, added: $addedCount")
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 735efa71b..a0e136e5e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -87,6 +87,25 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     Response.ok(s"Refresh the user defaults conf successfully.").build()
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
+    description = "refresh the kubernetes configs")
+  @POST
+  @Path("refresh/kubernetes_conf")
+  def refreshKubernetesConf(): Response = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Receive refresh kubernetes conf request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to refresh the kubernetes conf")
+    }
+    info(s"Reloading kubernetes conf")
+    KyuubiServer.refreshKubernetesConf()
+    Response.ok(s"Refresh the kubernetes conf successfully.").build()
+  }
+
   @ApiResponse(
     responseCode = "200",
     content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),

From 98558025056ff84b9d4f1cb770d64f77000d1142 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 27 Jun 2023 18:23:34 +0800
Subject: [PATCH 472/760] [KYUUBI #5001] Bump Scala from 2.12.17 to 2.12.18

### _Why are the changes needed?_

- Bump Scala to 2.12.18
  - release note: https://github.com/scala/scala/releases/tag/v2.12.18
- Bump silencer-plugin from 1.7.10 to 1.7.13 for compatibility

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5001 from bowenliang123/scala-2.12.18.

Closes #5001

e4a5b9b0d [liangbowen] update dependencyList
e847bbced [liangbowen] Bump silencer-plugin from 1.7.10 to 1.7.13
daceece66 [liangbowen] Bump scala from 2.12.17 to 2.12.18

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 2 +-
 pom.xml            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 7a4e7591d..f533a4fd5 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -170,7 +170,7 @@ perfmark-api/0.25.0//perfmark-api-0.25.0.jar
 proto-google-common-protos/2.9.0//proto-google-common-protos-2.9.0.jar
 protobuf-java-util/3.21.7//protobuf-java-util-3.21.7.jar
 protobuf-java/3.21.7//protobuf-java-3.21.7.jar
-scala-library/2.12.17//scala-library-2.12.17.jar
+scala-library/2.12.18//scala-library-2.12.18.jar
 scopt_2.12/4.1.0//scopt_2.12-4.1.0.jar
 simpleclient/0.16.0//simpleclient-0.16.0.jar
 simpleclient_common/0.16.0//simpleclient_common-0.16.0.jar
diff --git a/pom.xml b/pom.xml
index 667f8f9d3..4d57e20b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -114,7 +114,7 @@
         <maven.version>3.8.8</maven.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
-        <scala.version>2.12.17</scala.version>
+        <scala.version>2.12.18</scala.version>
         <scala.binary.version>2.12</scala.binary.version>
         <scala-collection-compat.version>2.8.1</scala-collection-compat.version>
 
@@ -241,7 +241,7 @@
         <maven.plugin.jacoco.version>0.8.7</maven.plugin.jacoco.version>
         <maven.plugin.scalastyle.version>1.0.0</maven.plugin.scalastyle.version>
         <maven.plugin.shade.version>3.4.1</maven.plugin.shade.version>
-        <maven.plugin.silencer.version>1.7.10</maven.plugin.silencer.version>
+        <maven.plugin.silencer.version>1.7.13</maven.plugin.silencer.version>
 
         <maven.scaladoc.skip>false</maven.scaladoc.skip>
         <maven.scalastyle.skip>false</maven.scalastyle.skip>

From f8ee58f7d6045fd6569924353a28b2e0c602af36 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 29 Jun 2023 15:50:56 +0800
Subject: [PATCH 473/760] [KYUUBI #5004] Fix typo for kubernetes allowed
 context and namespace check

### _Why are the changes needed?_

I met below exception.
```
2023-06-29 00:10:43.174 ERROR org.apache.kyuubi.engine.KubernetesApplicationOperation: Failed to get application with 3c036904-ffef-480b-89e9-2bc6439a6d04, due to Kubernetes context Some(97) is not in the allowed list[ArrayBuffer(97, 116)]
```

The context and namespace are type of `Option[String]` and the allowed lists are type of `Seq[String]`.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5004 from turboFei/context_check.

Closes #5004

3a3e8c878 [fwang12] ut
55766313a [fwang12] add ut
68f582bfc [fwang12] fix context and namespace check

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../KubernetesApplicationOperation.scala      | 12 ++--
 .../KubernetesApplicationOperationSuite.scala | 59 +++++++++++++++++++
 2 files changed, 67 insertions(+), 4 deletions(-)
 create mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KubernetesApplicationOperationSuite.scala

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 984273051..5f21342e9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -55,20 +55,24 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   private var cleanupTerminatedAppInfoTrigger: Cache[String, ApplicationState] = _
 
   private def getOrCreateKubernetesClient(kubernetesInfo: KubernetesInfo): KubernetesClient = {
+    checkKubernetesInfo(kubernetesInfo)
+    kubernetesClients.computeIfAbsent(kubernetesInfo, kInfo => buildKubernetesClient(kInfo))
+  }
+
+  // Visible for testing
+  private[engine] def checkKubernetesInfo(kubernetesInfo: KubernetesInfo): Unit = {
     val context = kubernetesInfo.context
     val namespace = kubernetesInfo.namespace
 
-    if (allowedContexts.nonEmpty && !allowedContexts.contains(context)) {
+    if (allowedContexts.nonEmpty && context.exists(!allowedContexts.contains(_))) {
       throw new KyuubiException(
         s"Kubernetes context $context is not in the allowed list[$allowedContexts]")
     }
 
-    if (allowedNamespaces.nonEmpty && !allowedNamespaces.contains(namespace)) {
+    if (allowedNamespaces.nonEmpty && namespace.exists(!allowedNamespaces.contains(_))) {
       throw new KyuubiException(
         s"Kubernetes namespace $namespace is not in the allowed list[$allowedNamespaces]")
     }
-
-    kubernetesClients.computeIfAbsent(kubernetesInfo, kInfo => buildKubernetesClient(kInfo))
   }
 
   private def buildKubernetesClient(kubernetesInfo: KubernetesInfo): KubernetesClient = {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KubernetesApplicationOperationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KubernetesApplicationOperationSuite.scala
new file mode 100644
index 000000000..2ea1939d2
--- /dev/null
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KubernetesApplicationOperationSuite.scala
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine
+
+import org.apache.kyuubi.{KyuubiException, KyuubiFunSuite}
+import org.apache.kyuubi.config.KyuubiConf
+
+class KubernetesApplicationOperationSuite extends KyuubiFunSuite {
+
+  test("test check kubernetes info") {
+    val kyuubiConf = KyuubiConf()
+    kyuubiConf.set(KyuubiConf.KUBERNETES_CONTEXT_ALLOW_LIST.key, "1,2")
+    kyuubiConf.set(KyuubiConf.KUBERNETES_NAMESPACE_ALLOW_LIST.key, "ns1,ns2")
+
+    val operation = new KubernetesApplicationOperation()
+    operation.initialize(kyuubiConf)
+
+    operation.checkKubernetesInfo(KubernetesInfo(None, None))
+    operation.checkKubernetesInfo(KubernetesInfo(Some("1"), None))
+    operation.checkKubernetesInfo(KubernetesInfo(Some("2"), None))
+    operation.checkKubernetesInfo(KubernetesInfo(Some("1"), Some("ns1")))
+    operation.checkKubernetesInfo(KubernetesInfo(Some("1"), Some("ns2")))
+    operation.checkKubernetesInfo(KubernetesInfo(Some("2"), Some("ns1")))
+    operation.checkKubernetesInfo(KubernetesInfo(Some("2"), Some("ns2")))
+
+    intercept[KyuubiException] {
+      operation.checkKubernetesInfo(KubernetesInfo(Some("3"), Some("ns1")))
+    }
+    intercept[KyuubiException] {
+      operation.checkKubernetesInfo(KubernetesInfo(Some("1"), Some("ns3")))
+    }
+    intercept[KyuubiException] {
+      operation.checkKubernetesInfo(KubernetesInfo(Some("3"), None))
+    }
+    intercept[KyuubiException] {
+      operation.checkKubernetesInfo(KubernetesInfo(None, Some("ns3")))
+    }
+
+    kyuubiConf.unset(KyuubiConf.KUBERNETES_CONTEXT_ALLOW_LIST.key)
+    operation.checkKubernetesInfo(KubernetesInfo(Some("3"), None))
+    kyuubiConf.unset(KyuubiConf.KUBERNETES_NAMESPACE_ALLOW_LIST.key)
+    operation.checkKubernetesInfo(KubernetesInfo(None, Some("ns3")))
+  }
+}

From dddaeaae43e445091efd33b3cafabc2e5bf068e4 Mon Sep 17 00:00:00 2001
From: yongqian <yongqian@trip.com>
Date: Fri, 30 Jun 2023 08:11:40 +0800
Subject: [PATCH 474/760] [KYUUBI #5005] Remove default settings
 `spark.sql.execution.topKSortFallbackThreshold`

### _Why are the changes needed?_
close #5005

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5006 from QianyongY/features/kyuubi-5005.

Closes #5005

3bc8b7482 [yongqian] [KYUUBI #5005] Remove default settings

Authored-by: yongqian <yongqian@trip.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index 6f8aa2ec0..d3783b4fc 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -189,7 +189,6 @@ object SparkSQLEngine extends Logging {
     _kyuubiConf = KyuubiConf()
     val rootDir = _sparkConf.getOption("spark.repl.classdir").getOrElse(getLocalDir(_sparkConf))
     val outputDir = Utils.createTempDir(prefix = "repl", root = rootDir)
-    _sparkConf.setIfMissing("spark.sql.execution.topKSortFallbackThreshold", "10000")
     _sparkConf.setIfMissing("spark.sql.legacy.castComplexTypesToString.enabled", "true")
     _sparkConf.setIfMissing("spark.master", "local")
     _sparkConf.set(

From d9e1b60257d3aa313109e18336f7991dfb603175 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 30 Jun 2023 11:34:36 +0800
Subject: [PATCH 475/760] [KYUUBI #5007] Bump Scalafmt from 3.7.4 to 3.7.5

### _Why are the changes needed?_

- Scalafmt 3.7.5 release note: https://github.com/scalameta/scalafmt/releases/tag/v3.7.5

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5007 from bowenliang123/scalafmt-3.7.5.

Closes #5007

f3f7163a4 [liangbowen] Bump Scalafmt from 3.7.4 to 3.7.5

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .scalafmt.conf                                                 | 2 +-
 .../apache/spark/kyuubi/SparkSimpleStatsReportListner.scala    | 3 +++
 .../scala/org/apache/kyuubi/operation/SparkQueryTests.scala    | 2 +-
 pom.xml                                                        | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala

diff --git a/.scalafmt.conf b/.scalafmt.conf
index 97529cc55..b0e130715 100644
--- a/.scalafmt.conf
+++ b/.scalafmt.conf
@@ -1,4 +1,4 @@
-version = 3.7.4
+version = 3.7.5
 runner.dialect=scala212
 project.git=true
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala
new file mode 100644
index 000000000..cee2acc9c
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala
@@ -0,0 +1,3 @@
+package org.apache.spark.kyuubi class SparkSimpleStatsReportListner {
+
+}
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
index ff8b12481..9c00a11ba 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
@@ -383,7 +383,7 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
         rs.next()
         // scalastyle:off
         println(rs.getString(1))
-      // scalastyle:on
+        // scalastyle:on
       }
 
       val code1 = s"""spark.sql("add jar " + jarPath)"""
diff --git a/pom.xml b/pom.xml
index 4d57e20b3..e0b4e0374 100644
--- a/pom.xml
+++ b/pom.xml
@@ -256,7 +256,7 @@
         <spotless.python.includes></spotless.python.includes>
         <spotless.python.black.version>22.3.0</spotless.python.black.version>
         <!-- Please also update .scalafmt.conf when you change it here -->
-        <spotless.scala.scalafmt.version>3.7.4</spotless.scala.scalafmt.version>
+        <spotless.scala.scalafmt.version>3.7.5</spotless.scala.scalafmt.version>
 
         <distMgmtReleaseId>apache.releases.https</distMgmtReleaseId>
         <distMgmtReleaseName>Apache Release Distribution Repository</distMgmtReleaseName>

From add8b331bd0549ccbeff84b515a7e72768094bd9 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 30 Jun 2023 11:39:11 +0800
Subject: [PATCH 476/760] [KYUUBI #5007] [FOLLOWUP] Remove blank
 SparkSimpleStatsReportListener

### _Why are the changes needed?_

- remove unnecessary blank classSparkSimpleStatsReportListener

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5008 from bowenliang123/5007-followup.

Closes #5007

34e19f664 [liangbowen] remove blank SparkSimpleStatsReportListener

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../apache/spark/kyuubi/SparkSimpleStatsReportListner.scala    | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala
deleted file mode 100644
index cee2acc9c..000000000
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSimpleStatsReportListner.scala
+++ /dev/null
@@ -1,3 +0,0 @@
-package org.apache.spark.kyuubi class SparkSimpleStatsReportListner {
-
-}

From 04ee20bd196a863f2eb755ec040135f2d0d3b265 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Mon, 3 Jul 2023 11:58:23 +0800
Subject: [PATCH 477/760] [KYUUBI #5003] [K8S][HELM] Add doc strings to the
 chart values.yaml

### _Why are the changes needed?_
The changes are needed to improve the chart docs and make it self-documented.
The following command prints Helm chart `values.yaml` file:
```shell
helm show values charts/kyuubi
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5003 from dnskr/helm_add_value_docs.

Closes #5003

5938374ec [dnskr] [K8S][HELM] Add doc strings to the chart values.yaml

Authored-by: dnskr <dnskrv88@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 charts/kyuubi/values.yaml | 65 ++++++++++++++++++++-------------------
 1 file changed, 34 insertions(+), 31 deletions(-)

diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index d97fc982b..446026fb7 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -29,13 +29,18 @@ image:
 
 imagePullSecrets: []
 
-# ServiceAccount used for Kyuubi create/list/delete pod in kubernetes
+# ServiceAccount used for Kyuubi create/list/delete pod in Kubernetes
 serviceAccount:
+  # Specifies whether a ServiceAccount should be created
   create: true
+  # Specifies ServiceAccount name to be used (created if `create: true`)
   name: ~
 
+# Role-based access control
 rbac:
+  # Specifies whether RBAC resources should be created
   create: true
+  # RBAC rules
   rules:
     - apiGroups: [""]
       resources: ["pods"]
@@ -82,34 +87,30 @@ server:
       nodePort: ~
       annotations: {}
 
+# $KYUUBI_CONF_DIR directory
 kyuubiConfDir: /opt/kyuubi/conf
+# Kyuubi configurations files
 kyuubiConf:
   # The value (templated string) is used for kyuubi-env.sh file
-  # Example:
-  #
-  # kyuubiEnv: |
-  #   export JAVA_HOME=/usr/jdk64/jdk1.8.0_152
-  #   export SPARK_HOME=/opt/spark
-  #   export FLINK_HOME=/opt/flink
-  #   export HIVE_HOME=/opt/hive
-  #
   # See example at conf/kyuubi-env.sh.template and https://kyuubi.readthedocs.io/en/master/deployment/settings.html#environments for more details
   kyuubiEnv: ~
+  #  kyuubiEnv: |
+  #    export JAVA_HOME=/usr/jdk64/jdk1.8.0_152
+  #    export SPARK_HOME=/opt/spark
+  #    export FLINK_HOME=/opt/flink
+  #    export HIVE_HOME=/opt/hive
 
   # The value (templated string) is used for kyuubi-defaults.conf file
-  # Example:
-  #
-  # kyuubiDefaults: |
-  #   kyuubi.authentication=NONE
-  #   kyuubi.frontend.bind.host=10.0.0.1
-  #   kyuubi.engine.type=SPARK_SQL
-  #   kyuubi.engine.share.level=USER
-  #   kyuubi.session.engine.initialize.timeout=PT3M
-  #   kyuubi.ha.addresses=zk1:2181,zk2:2181,zk3:2181
-  #   kyuubi.ha.namespace=kyuubi
-  #
   # See https://kyuubi.readthedocs.io/en/master/deployment/settings.html#kyuubi-configurations for more details
   kyuubiDefaults: ~
+  #  kyuubiDefaults: |
+  #    kyuubi.authentication=NONE
+  #    kyuubi.frontend.bind.host=10.0.0.1
+  #    kyuubi.engine.type=SPARK_SQL
+  #    kyuubi.engine.share.level=USER
+  #    kyuubi.session.engine.initialize.timeout=PT3M
+  #    kyuubi.ha.addresses=zk1:2181,zk2:2181,zk3:2181
+  #    kyuubi.ha.namespace=kyuubi
 
   # The value (templated string) is used for log4j2.xml file
   # See example at conf/log4j2.xml.template https://kyuubi.readthedocs.io/en/master/deployment/settings.html#logging for more details
@@ -122,6 +123,7 @@ args: ~
 
 # Environment variables (templated)
 env: []
+# Environment variables from ConfigMaps and Secrets (templated)
 envFrom: []
 
 # Additional volumes for Kyuubi pod (templated)
@@ -134,17 +136,15 @@ initContainers: []
 # Additional containers for Kyuubi pod (templated)
 containers: []
 
+# Resource requests and limits for Kyuubi pods
 resources: {}
-  # Used to specify resource, default unlimited.
-  # If you do want to specify resources:
-  #   1. remove the curly braces after 'resources:'
-  #   2. uncomment the following lines
-  # limits:
-  #   cpu: 4
-  #   memory: 10Gi
-  # requests:
-  #   cpu: 2
-  #   memory: 4Gi
+#  resources:
+#    requests:
+#      cpu: 2
+#      memory: 4Gi
+#    limits:
+#      cpu: 4
+#      memory: 10Gi
 
 # Liveness probe
 livenessProbe:
@@ -164,9 +164,12 @@ readinessProbe:
   failureThreshold: 10
   successThreshold: 1
 
-# Constrain Kyuubi server pods to specific nodes
+# Constrain Kyuubi pods to nodes with specific node labels
 nodeSelector: {}
+# Allow to schedule Kyuubi pods on nodes with matching taints
 tolerations: []
+# Constrain Kyuubi pods to nodes by complex affinity/anti-affinity rules
 affinity: {}
 
+# Kyuubi pods security context
 securityContext: {}

From 1d5ac07dfceaead1c1eeb0b2b477e1ab09ccce82 Mon Sep 17 00:00:00 2001
From: Cheng Pan <pan3793@gmail.com>
Date: Tue, 4 Jul 2023 17:25:57 +0800
Subject: [PATCH 478/760] [KYUUBI #4999] [KSHC] Kyuubi-Spark-Hive-Connector
 support Apache Spark 3.4

### _Why are the changes needed?_

This pr amins to make KSHC support Apache Spark 3.4.

- KSHC support Apache Spark 3.4
- Make Apache kyuubi `codecov` module contain the spark-3.4 profile. so that Apache kyubbi CI can cover some modules.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #4999 from Yikf/kudu-spark3.4.

Closes #4999

6a35e54b8 [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
66bb742eb [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
7be517c7f [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
ae23133d1 [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
dda5e6521 [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
e43a25dff [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
54f52f16d [Cheng Pan] Update extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
0955b544b [Cheng Pan] Update pom.xml
38a1383d9 [yikaifei] codecov module should contain the spark 3.4 profile

Lead-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/kyuubi-codecov/pom.xml                    |  10 +
 .../connector/hive/HiveConnectorUtils.scala   | 256 ++++++++++++++++++
 .../connector/hive/HiveTableCatalog.scala     |   5 +-
 .../hive/read/FilePartitionReader.scala       |   7 +-
 .../read/HivePartitionReaderFactory.scala     |  12 +-
 .../spark/connector/hive/read/HiveScan.scala  |   6 +-
 .../connector/hive/write/HiveBatchWrite.scala |   6 +-
 .../kyuubi/connector/HiveBridgeHelper.scala   |   1 +
 .../connector/hive/HiveCatalogSuite.scala     |  62 +++--
 .../spark/connector/hive/HiveQuerySuite.scala |   6 +-
 .../hive/command/CreateNamespaceSuite.scala   |   6 +-
 .../hive/command/DropNamespaceSuite.scala     |   3 +-
 12 files changed, 337 insertions(+), 43 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala

diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index ba15ec0f8..3eb922129 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -209,5 +209,15 @@
                 </dependency>
             </dependencies>
         </profile>
+        <profile>
+            <id>spark-3.4</id>
+            <dependencies>
+                <dependency>
+                    <groupId>org.apache.kyuubi</groupId>
+                    <artifactId>kyuubi-spark-connector-hive_${scala.binary.version}</artifactId>
+                    <version>${project.version}</version>
+                </dependency>
+            </dependencies>
+        </profile>
     </profiles>
 </project>
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
new file mode 100644
index 000000000..1d2d2b319
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
@@ -0,0 +1,256 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.spark.connector.hive
+
+import org.apache.spark.SPARK_VERSION
+import org.apache.spark.internal.Logging
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.catalog.{CatalogTable, CatalogTablePartition}
+import org.apache.spark.sql.connector.catalog.TableChange
+import org.apache.spark.sql.connector.catalog.TableChange.{AddColumn, After, ColumnPosition, DeleteColumn, First, RenameColumn, UpdateColumnComment, UpdateColumnNullability, UpdateColumnPosition, UpdateColumnType}
+import org.apache.spark.sql.execution.command.CommandUtils
+import org.apache.spark.sql.execution.command.CommandUtils.{calculateMultipleLocationSizes, calculateSingleLocationSize}
+import org.apache.spark.sql.execution.datasources.PartitionedFile
+import org.apache.spark.sql.types.{ArrayType, MapType, StructField, StructType}
+
+import org.apache.kyuubi.spark.connector.common.SparkUtils
+import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
+
+object HiveConnectorUtils extends Logging {
+
+  def partitionedFilePath(file: PartitionedFile): String = {
+    if (SparkUtils.isSparkVersionAtLeast("3.4")) {
+      invokeAs[String](file, "urlEncodedPath")
+    } else if (SparkUtils.isSparkVersionAtLeast("3.3")) {
+      invokeAs[String](file, "filePath")
+    } else {
+      throw KyuubiHiveConnectorException(s"Spark version $SPARK_VERSION " +
+        s"is not supported by Kyuubi spark hive connector.")
+    }
+  }
+
+  def calculateTotalSize(
+      spark: SparkSession,
+      catalogTable: CatalogTable,
+      hiveTableCatalog: HiveTableCatalog): (BigInt, Seq[CatalogTablePartition]) = {
+    val sessionState = spark.sessionState
+    val startTime = System.nanoTime()
+    val (totalSize, newPartitions) = if (catalogTable.partitionColumnNames.isEmpty) {
+      (
+        calculateSingleLocationSize(
+          sessionState,
+          catalogTable.identifier,
+          catalogTable.storage.locationUri),
+        Seq())
+    } else {
+      // Calculate table size as a sum of the visible partitions. See SPARK-21079
+      val partitions = hiveTableCatalog.listPartitions(catalogTable.identifier)
+      logInfo(s"Starting to calculate sizes for ${partitions.length} partitions.")
+      val paths = partitions.map(_.storage.locationUri)
+      val sizes = calculateMultipleLocationSizes(spark, catalogTable.identifier, paths)
+      val newPartitions = partitions.zipWithIndex.flatMap { case (p, idx) =>
+        val newStats = CommandUtils.compareAndGetNewStats(p.stats, sizes(idx), None)
+        newStats.map(_ => p.copy(stats = newStats))
+      }
+      (sizes.sum, newPartitions)
+    }
+    logInfo(s"It took ${(System.nanoTime() - startTime) / (1000 * 1000)} ms to calculate" +
+      s" the total size for table ${catalogTable.identifier}.")
+    (totalSize, newPartitions)
+  }
+
+  def applySchemaChanges(schema: StructType, changes: Seq[TableChange]): StructType = {
+    changes.foldLeft(schema) { (schema, change) =>
+      change match {
+        case add: AddColumn =>
+          add.fieldNames match {
+            case Array(name) =>
+              val field = StructField(name, add.dataType, nullable = add.isNullable)
+              val newField = Option(add.comment).map(field.withComment).getOrElse(field)
+              addField(schema, newField, add.position())
+
+            case names =>
+              replace(
+                schema,
+                names.init,
+                parent =>
+                  parent.dataType match {
+                    case parentType: StructType =>
+                      val field = StructField(names.last, add.dataType, nullable = add.isNullable)
+                      val newField = Option(add.comment).map(field.withComment).getOrElse(field)
+                      Some(parent.copy(dataType = addField(parentType, newField, add.position())))
+
+                    case _ =>
+                      throw new IllegalArgumentException(s"Not a struct: ${names.init.last}")
+                  })
+          }
+
+        case rename: RenameColumn =>
+          replace(
+            schema,
+            rename.fieldNames,
+            field =>
+              Some(StructField(rename.newName, field.dataType, field.nullable, field.metadata)))
+
+        case update: UpdateColumnType =>
+          replace(
+            schema,
+            update.fieldNames,
+            field => Some(field.copy(dataType = update.newDataType)))
+
+        case update: UpdateColumnNullability =>
+          replace(
+            schema,
+            update.fieldNames,
+            field => Some(field.copy(nullable = update.nullable)))
+
+        case update: UpdateColumnComment =>
+          replace(
+            schema,
+            update.fieldNames,
+            field => Some(field.withComment(update.newComment)))
+
+        case update: UpdateColumnPosition =>
+          def updateFieldPos(struct: StructType, name: String): StructType = {
+            val oldField = struct.fields.find(_.name == name).getOrElse {
+              throw new IllegalArgumentException("Field not found: " + name)
+            }
+            val withFieldRemoved = StructType(struct.fields.filter(_ != oldField))
+            addField(withFieldRemoved, oldField, update.position())
+          }
+
+          update.fieldNames() match {
+            case Array(name) =>
+              updateFieldPos(schema, name)
+            case names =>
+              replace(
+                schema,
+                names.init,
+                parent =>
+                  parent.dataType match {
+                    case parentType: StructType =>
+                      Some(parent.copy(dataType = updateFieldPos(parentType, names.last)))
+                    case _ =>
+                      throw new IllegalArgumentException(s"Not a struct: ${names.init.last}")
+                  })
+          }
+
+        case delete: DeleteColumn =>
+          replace(schema, delete.fieldNames, _ => None, delete.ifExists)
+
+        case _ =>
+          // ignore non-schema changes
+          schema
+      }
+    }
+  }
+
+  private def addField(
+      schema: StructType,
+      field: StructField,
+      position: ColumnPosition): StructType = {
+    if (position == null) {
+      schema.add(field)
+    } else if (position.isInstanceOf[First]) {
+      StructType(field +: schema.fields)
+    } else {
+      val afterCol = position.asInstanceOf[After].column()
+      val fieldIndex = schema.fields.indexWhere(_.name == afterCol)
+      if (fieldIndex == -1) {
+        throw new IllegalArgumentException("AFTER column not found: " + afterCol)
+      }
+      val (before, after) = schema.fields.splitAt(fieldIndex + 1)
+      StructType(before ++ (field +: after))
+    }
+  }
+
+  private def replace(
+      struct: StructType,
+      fieldNames: Seq[String],
+      update: StructField => Option[StructField],
+      ifExists: Boolean = false): StructType = {
+
+    val posOpt = fieldNames.zipWithIndex.toMap.get(fieldNames.head)
+    if (posOpt.isEmpty) {
+      if (ifExists) {
+        // We couldn't find the column to replace, but with IF EXISTS, we will silence the error
+        // Currently only DROP COLUMN may pass down the IF EXISTS parameter
+        return struct
+      } else {
+        throw new IllegalArgumentException(s"Cannot find field: ${fieldNames.head}")
+      }
+    }
+
+    val pos = posOpt.get
+    val field = struct.fields(pos)
+    val replacement: Option[StructField] = (fieldNames.tail, field.dataType) match {
+      case (Seq(), _) =>
+        update(field)
+
+      case (names, struct: StructType) =>
+        val updatedType: StructType = replace(struct, names, update, ifExists)
+        Some(StructField(field.name, updatedType, field.nullable, field.metadata))
+
+      case (Seq("key"), map @ MapType(keyType, _, _)) =>
+        val updated = update(StructField("key", keyType, nullable = false))
+          .getOrElse(throw new IllegalArgumentException(s"Cannot delete map key"))
+        Some(field.copy(dataType = map.copy(keyType = updated.dataType)))
+
+      case (Seq("key", names @ _*), map @ MapType(keyStruct: StructType, _, _)) =>
+        Some(field.copy(dataType = map.copy(keyType = replace(keyStruct, names, update, ifExists))))
+
+      case (Seq("value"), map @ MapType(_, mapValueType, isNullable)) =>
+        val updated = update(StructField("value", mapValueType, nullable = isNullable))
+          .getOrElse(throw new IllegalArgumentException(s"Cannot delete map value"))
+        Some(field.copy(dataType = map.copy(
+          valueType = updated.dataType,
+          valueContainsNull = updated.nullable)))
+
+      case (Seq("value", names @ _*), map @ MapType(_, valueStruct: StructType, _)) =>
+        Some(field.copy(dataType = map.copy(valueType =
+          replace(valueStruct, names, update, ifExists))))
+
+      case (Seq("element"), array @ ArrayType(elementType, isNullable)) =>
+        val updated = update(StructField("element", elementType, nullable = isNullable))
+          .getOrElse(throw new IllegalArgumentException(s"Cannot delete array element"))
+        Some(field.copy(dataType = array.copy(
+          elementType = updated.dataType,
+          containsNull = updated.nullable)))
+
+      case (Seq("element", names @ _*), array @ ArrayType(elementStruct: StructType, _)) =>
+        Some(field.copy(dataType = array.copy(elementType =
+          replace(elementStruct, names, update, ifExists))))
+
+      case (names, dataType) =>
+        if (!ifExists) {
+          throw new IllegalArgumentException(
+            s"Cannot find field: ${names.head} in ${dataType.simpleString}")
+        }
+        None
+    }
+
+    val newFields = struct.fields.zipWithIndex.flatMap {
+      case (_, index) if pos == index =>
+        replacement
+      case (other, _) =>
+        Some(other)
+    }
+
+    new StructType(newFields)
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index 44057be0a..cfc78940b 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -39,8 +39,7 @@ import org.apache.spark.sql.connector.expressions.Transform
 import org.apache.spark.sql.execution.datasources.DataSource
 import org.apache.spark.sql.hive.HiveUDFExpressionBuilder
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper._
-import org.apache.spark.sql.internal.StaticSQLConf.CATALOG_IMPLEMENTATION
-import org.apache.spark.sql.internal.StaticSQLConf.GLOBAL_TEMP_DATABASE
+import org.apache.spark.sql.internal.StaticSQLConf.{CATALOG_IMPLEMENTATION, GLOBAL_TEMP_DATABASE}
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
@@ -212,7 +211,7 @@ class HiveTableCatalog(sparkSession: SparkSession)
       }
 
     val properties = CatalogV2Util.applyPropertiesChanges(catalogTable.properties, changes)
-    val schema = CatalogV2Util.applySchemaChanges(
+    val schema = HiveConnectorUtils.applySchemaChanges(
       catalogTable.schema,
       changes)
     val comment = properties.get(TableCatalog.PROP_COMMENT)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
index 8ac90b3fe..13b6d4c20 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
@@ -26,6 +26,8 @@ import org.apache.spark.sql.execution.datasources.SchemaColumnConvertNotSupporte
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.InputFileBlockHolder
 import org.apache.spark.sql.internal.SQLConf
 
+import org.apache.kyuubi.spark.connector.hive.HiveConnectorUtils
+
 // scalastyle:off line.size.limit
 // copy from https://github.com/apache/spark/blob/master/sql/core/src/main/scala/org/apache/spark/sql/execution/datasources/v2/FilePartitionReader.scala
 // scalastyle:on line.size.limit
@@ -98,7 +100,10 @@ class FilePartitionReader[T](readers: Iterator[HivePartitionedFileReader[T]])
     logInfo(s"Reading file $reader")
     // Sets InputFileBlockHolder for the file block's information
     val file = reader.file
-    InputFileBlockHolder.set(file.filePath, file.start, file.length)
+    InputFileBlockHolder.set(
+      HiveConnectorUtils.partitionedFilePath(file),
+      file.start,
+      file.length)
     reader
   }
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
index 6770f4144..2b8e2ffd8 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
@@ -31,7 +31,7 @@ import org.apache.spark.TaskContext
 import org.apache.spark.broadcast.Broadcast
 import org.apache.spark.internal.Logging
 import org.apache.spark.sql.catalyst.InternalRow
-import org.apache.spark.sql.connector.read.{InputPartition, PartitionReader}
+import org.apache.spark.sql.connector.read.{InputPartition, PartitionReader, PartitionReaderFactory}
 import org.apache.spark.sql.execution.datasources.{FilePartition, PartitionedFile}
 import org.apache.spark.sql.execution.datasources.v2._
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.NextIterator
@@ -40,6 +40,8 @@ import org.apache.spark.sql.sources.Filter
 import org.apache.spark.sql.types._
 import org.apache.spark.util.SerializableConfiguration
 
+import org.apache.kyuubi.spark.connector.hive.HiveConnectorUtils
+
 case class HivePartitionReaderFactory(
     sqlConf: SQLConf,
     broadcastHiveConf: Broadcast[SerializableConfiguration],
@@ -49,7 +51,7 @@ case class HivePartitionReaderFactory(
     partitionSchema: StructType,
     partFileToHivePart: Map[PartitionedFile, HivePartition],
     pushedFilters: Array[Filter] = Array.empty)
-  extends FilePartitionReaderFactory with Logging {
+  extends PartitionReaderFactory with Logging {
 
   private val charset: String =
     sqlConf.getConfString("hive.exec.default.charset", "utf-8")
@@ -57,10 +59,6 @@ case class HivePartitionReaderFactory(
   val tableDesc = HiveReader.getTableDec(hiveTable)
   val nonPartitionReadDataKeys = HiveReader.toAttributes(readDataSchema)
 
-  override def buildReader(partitionedFile: PartitionedFile): PartitionReader[InternalRow] = {
-    throw new UnsupportedOperationException("Cannot use buildReader directly.")
-  }
-
   override def createReader(partition: InputPartition): PartitionReader[InternalRow] = {
     assert(partition.isInstanceOf[FilePartition])
     val filePartition = partition.asInstanceOf[FilePartition]
@@ -117,7 +115,7 @@ case class HivePartitionReaderFactory(
 
     val jobConf = new JobConf(broadcastHiveConf.value.value)
 
-    val filePath = new Path(new URI(file.filePath))
+    val filePath = new Path(new URI(HiveConnectorUtils.partitionedFilePath(file)))
 
     if (tableDesc != null) {
       configureJobPropertiesForStorageHandler(tableDesc, jobConf, true)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
index 64fcf23f8..e71e428b7 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
@@ -37,7 +37,7 @@ import org.apache.spark.sql.sources.Filter
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.util.SerializableConfiguration
 
-import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorException
+import org.apache.kyuubi.spark.connector.hive.{HiveConnectorUtils, KyuubiHiveConnectorException}
 
 case class HiveScan(
     sparkSession: SparkSession,
@@ -88,7 +88,7 @@ case class HiveScan(
     }
     lazy val partitionValueProject =
       GenerateUnsafeProjection.generate(readPartitionAttributes, partitionAttributes)
-    val splitFiles = selectedPartitions.flatMap { partition =>
+    val splitFiles: Seq[PartitionedFile] = selectedPartitions.flatMap { partition =>
       val partitionValues =
         if (readPartitionAttributes != partitionAttributes) {
           partitionValueProject(partition.values).copy()
@@ -115,7 +115,7 @@ case class HiveScan(
     }
 
     if (splitFiles.length == 1) {
-      val path = new Path(splitFiles(0).filePath)
+      val path = new Path(HiveConnectorUtils.partitionedFilePath(splitFiles(0)))
       if (!isSplitable(path) && splitFiles(0).length >
           sparkSession.sparkContext.getConf.getOption("spark.io.warning.largeFileThreshold")
             .getOrElse("1024000000").toLong) {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
index 625d79d0c..d12fc0efc 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/write/HiveBatchWrite.scala
@@ -28,13 +28,12 @@ import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.catalog._
 import org.apache.spark.sql.catalyst.util.CaseInsensitiveMap
 import org.apache.spark.sql.connector.write.{BatchWrite, DataWriterFactory, PhysicalWriteInfo, WriterCommitMessage}
-import org.apache.spark.sql.execution.command.CommandUtils
 import org.apache.spark.sql.execution.datasources.{WriteJobDescription, WriteTaskResult}
 import org.apache.spark.sql.execution.datasources.v2.FileBatchWrite
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{hive, toSQLValue, HiveExternalCatalog}
 import org.apache.spark.sql.types.StringType
 
-import org.apache.kyuubi.spark.connector.hive.{HiveTableCatalog, KyuubiHiveConnectorException}
+import org.apache.kyuubi.spark.connector.hive.{HiveConnectorUtils, HiveTableCatalog, KyuubiHiveConnectorException}
 import org.apache.kyuubi.spark.connector.hive.write.HiveWriteHelper.getPartitionSpec
 
 class HiveBatchWrite(
@@ -77,7 +76,8 @@ class HiveBatchWrite(
     val catalog = hiveTableCatalog.catalog
     if (sparkSession.sessionState.conf.autoSizeUpdateEnabled) {
       val newTable = catalog.getTableMetadata(table.identifier)
-      val newSize = CommandUtils.calculateTotalSize(sparkSession, newTable)
+      val (newSize, _) =
+        HiveConnectorUtils.calculateTotalSize(sparkSession, newTable, hiveTableCatalog)
       val newStats = CatalogStatistics(sizeInBytes = newSize)
       catalog.alterTableStats(table.identifier, Some(newStats))
     } else if (table.stats.nonEmpty) {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
index 305c1450e..95def8656 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
@@ -47,6 +47,7 @@ object HiveBridgeHelper {
   val HadoopTableReader = org.apache.spark.sql.hive.HadoopTableReader
   val SparkHadoopUtil = org.apache.spark.deploy.SparkHadoopUtil
   val Utils = org.apache.spark.util.Utils
+  val CatalogV2Implicits = org.apache.spark.sql.connector.catalog.CatalogV2Implicits
 
   def postExternalCatalogEvent(sc: SparkContext, event: ExternalCatalogEvent): Unit = {
     sc.listenerBus.post(event)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
index 9088a6cfe..c1575018e 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
@@ -27,9 +27,10 @@ import scala.util.Try
 import com.google.common.collect.Maps
 import org.apache.hadoop.fs.Path
 import org.apache.spark.sql.AnalysisException
-import org.apache.spark.sql.catalyst.analysis.{NoSuchNamespaceException, NoSuchTableException, TableAlreadyExistsException}
+import org.apache.spark.sql.catalyst.analysis.{NoSuchNamespaceException, NoSuchTableException, TableAlreadyExistsException, UnresolvedRelation}
 import org.apache.spark.sql.catalyst.parser.CatalystSqlParser
 import org.apache.spark.sql.connector.catalog.{Identifier, TableCatalog}
+import org.apache.spark.sql.connector.expressions.Transform
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper._
 import org.apache.spark.sql.types.{IntegerType, StringType, StructType}
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
@@ -119,7 +120,9 @@ class HiveCatalogSuite extends KyuubiHiveTest {
       val exception = intercept[AnalysisException] {
         spark.table("hive.ns1.nonexistent_table")
       }
-      assert(exception.message === "Table or view not found: hive.ns1.nonexistent_table")
+      assert(exception.plan.exists { p =>
+        p.exists(child => child.isInstanceOf[UnresolvedRelation])
+      })
     }
   }
 
@@ -131,13 +134,13 @@ class HiveCatalogSuite extends KyuubiHiveTest {
 
     assert(catalog.listTables(Array("ns")).isEmpty)
 
-    catalog.createTable(ident1, schema, Array.empty, emptyProps)
+    catalog.createTable(ident1, schema, Array.empty[Transform], emptyProps)
 
     assert(catalog.listTables(Array("ns")).toSet == Set(ident1))
     assert(catalog.listTables(Array("ns2")).isEmpty)
 
-    catalog.createTable(ident3, schema, Array.empty, emptyProps)
-    catalog.createTable(ident2, schema, Array.empty, emptyProps)
+    catalog.createTable(ident3, schema, Array.empty[Transform], emptyProps)
+    catalog.createTable(ident2, schema, Array.empty[Transform], emptyProps)
 
     assert(catalog.listTables(Array("ns")).toSet == Set(ident1, ident2))
     assert(catalog.listTables(Array("ns2")).toSet == Set(ident3))
@@ -157,10 +160,11 @@ class HiveCatalogSuite extends KyuubiHiveTest {
   test("createTable") {
     assert(!catalog.tableExists(testIdent))
 
-    val table = catalog.createTable(testIdent, schema, Array.empty, emptyProps)
+    val table =
+      catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
 
     val parsed = CatalystSqlParser.parseMultipartIdentifier(table.name)
-    assert(parsed == Seq("db", "test_table"))
+    assert(parsed == Seq("db", "test_table") || parsed == Seq("spark_catalog", "db", "test_table"))
     assert(table.schema == schema)
     assert(filterV2TableProperties(table.properties) == Map())
 
@@ -174,10 +178,10 @@ class HiveCatalogSuite extends KyuubiHiveTest {
 
     assert(!catalog.tableExists(testIdent))
 
-    val table = catalog.createTable(testIdent, schema, Array.empty, properties)
+    val table = catalog.createTable(testIdent, schema, Array.empty[Transform], properties)
 
     val parsed = CatalystSqlParser.parseMultipartIdentifier(table.name)
-    assert(parsed == Seq("db", "test_table"))
+    assert(parsed == Seq("db", "test_table") || parsed == Seq("spark_catalog", "db", "test_table"))
     assert(table.schema == schema)
     assert(filterV2TableProperties(table.properties).asJava == properties)
 
@@ -188,13 +192,13 @@ class HiveCatalogSuite extends KyuubiHiveTest {
   test("createTable: table already exists") {
     assert(!catalog.tableExists(testIdent))
 
-    val table = catalog.createTable(testIdent, schema, Array.empty, emptyProps)
+    val table = catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
 
     val exc = intercept[TableAlreadyExistsException] {
-      catalog.createTable(testIdent, schema, Array.empty, emptyProps)
+      catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
     }
 
-    assert(exc.message.contains(table.name()))
+    assert(exc.message.contains(testIdent.name()))
     assert(exc.message.contains("already exists"))
 
     assert(catalog.tableExists(testIdent))
@@ -204,7 +208,7 @@ class HiveCatalogSuite extends KyuubiHiveTest {
   test("tableExists") {
     assert(!catalog.tableExists(testIdent))
 
-    catalog.createTable(testIdent, schema, Array.empty, emptyProps)
+    catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
 
     assert(catalog.tableExists(testIdent))
 
@@ -218,32 +222,48 @@ class HiveCatalogSuite extends KyuubiHiveTest {
     assert(!catalog.tableExists(testIdent))
 
     // default location
-    val t1 = catalog.createTable(testIdent, schema, Array.empty, properties).asInstanceOf[HiveTable]
+    val t1 = catalog.createTable(
+      testIdent,
+      schema,
+      Array.empty[Transform],
+      properties).asInstanceOf[HiveTable]
     assert(t1.catalogTable.location ===
       catalog.catalog.defaultTablePath(testIdent.asTableIdentifier))
     catalog.dropTable(testIdent)
 
     // relative path
     properties.put(TableCatalog.PROP_LOCATION, "relative/path")
-    val t2 = catalog.createTable(testIdent, schema, Array.empty, properties).asInstanceOf[HiveTable]
+    val t2 = catalog.createTable(
+      testIdent,
+      schema,
+      Array.empty[Transform],
+      properties).asInstanceOf[HiveTable]
     assert(t2.catalogTable.location === makeQualifiedPathWithWarehouse("db.db/relative/path"))
     catalog.dropTable(testIdent)
 
     // absolute path without scheme
     properties.put(TableCatalog.PROP_LOCATION, "/absolute/path")
-    val t3 = catalog.createTable(testIdent, schema, Array.empty, properties).asInstanceOf[HiveTable]
+    val t3 = catalog.createTable(
+      testIdent,
+      schema,
+      Array.empty[Transform],
+      properties).asInstanceOf[HiveTable]
     assert(t3.catalogTable.location.toString === "file:/absolute/path")
     catalog.dropTable(testIdent)
 
     // absolute path with scheme
     properties.put(TableCatalog.PROP_LOCATION, "file:/absolute/path")
-    val t4 = catalog.createTable(testIdent, schema, Array.empty, properties).asInstanceOf[HiveTable]
+    val t4 = catalog.createTable(
+      testIdent,
+      schema,
+      Array.empty[Transform],
+      properties).asInstanceOf[HiveTable]
     assert(t4.catalogTable.location.toString === "file:/absolute/path")
     catalog.dropTable(testIdent)
   }
 
   test("loadTable") {
-    val table = catalog.createTable(testIdent, schema, Array.empty, emptyProps)
+    val table = catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
     val loaded = catalog.loadTable(testIdent)
 
     assert(table.name == loaded.name)
@@ -253,15 +273,13 @@ class HiveCatalogSuite extends KyuubiHiveTest {
   }
 
   test("loadTable: table does not exist") {
-    val exc = intercept[NoSuchTableException] {
+    intercept[NoSuchTableException] {
       catalog.loadTable(testIdent)
     }
-
-    assert(exc.message.contains("Table or view 'test_table' not found in database 'db'"))
   }
 
   test("invalidateTable") {
-    val table = catalog.createTable(testIdent, schema, Array.empty, emptyProps)
+    val table = catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
     // Hive v2 don't cache table
     catalog.invalidateTable(testIdent)
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
index 16ea03234..d0b97676b 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.spark.connector.hive
 
 import org.apache.spark.sql.{AnalysisException, Row, SparkSession}
+import org.apache.spark.sql.catalyst.analysis.UnresolvedRelation
 
 class HiveQuerySuite extends KyuubiHiveTest {
 
@@ -70,7 +71,10 @@ class HiveQuerySuite extends KyuubiHiveTest {
                | SELECT * FROM hive.ns1.tb1
                |""".stripMargin)
         }
-        assert(e.getMessage().contains("Table or view not found: hive.ns1.tb1"))
+
+        assert(e.plan.exists { p =>
+          p.exists(child => child.isInstanceOf[UnresolvedRelation])
+        })
       }
     }
   }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala
index 855eb0c67..e2e5b574b 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala
@@ -62,7 +62,8 @@ trait CreateNamespaceSuiteBase extends DDLCommandTestUtils {
         val e = intercept[IllegalArgumentException] {
           sql(s"CREATE NAMESPACE $ns LOCATION ''")
         }
-        assert(e.getMessage.contains("Can not create a Path from an empty string"))
+        assert(e.getMessage.contains("Can not create a Path from an empty string") ||
+          e.getMessage.contains("The location name cannot be empty string"))
 
         val uri = new Path(path).toUri
         sql(s"CREATE NAMESPACE $ns LOCATION '$uri'")
@@ -83,7 +84,8 @@ trait CreateNamespaceSuiteBase extends DDLCommandTestUtils {
       val e = intercept[NamespaceAlreadyExistsException] {
         sql(s"CREATE NAMESPACE $ns")
       }
-      assert(e.getMessage.contains(s"Namespace '$namespace' already exists"))
+      assert(e.getMessage.contains(s"Namespace '$namespace' already exists") ||
+        e.getMessage.contains(s"Cannot create schema `fakens` because it already exists"))
 
       // The following will be no-op since the namespace already exists.
       Try { sql(s"CREATE NAMESPACE IF NOT EXISTS $ns") }.isSuccess
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala
index 66eb42c86..81107c24f 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala
@@ -60,7 +60,8 @@ trait DropNamespaceSuiteBase extends DDLCommandTestUtils {
     val message = intercept[AnalysisException] {
       sql(s"DROP NAMESPACE $catalogName.unknown")
     }.getMessage
-    assert(message.contains(s"'unknown' not found"))
+    assert(message.contains(s"'unknown' not found") ||
+      message.contains(s"The schema `unknown` cannot be found"))
   }
 
   test("drop non-empty namespace with a non-cascading mode") {

From 11dcd30e884c751e38534046e75106818abcd789 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 5 Jul 2023 10:21:49 +0800
Subject: [PATCH 479/760] [KYUUBI #1265] `OPTIMIZE` where clause expression
 support

### _Why are the changes needed?_

to close #1265

After this PR, the following case will work

```sql
CREATE TABLE p (c1 INT, c2 INT, c3 INT) PARTITIONED BY (event_date DATE);
OPTIMIZE p where event_date = current_date() ZORDER BY c1, c2;
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #2893 from cfmcgrady/where-expression-support.

Closes #1265

97ac710f0 [Fu Chen] Merge remote-tracking branch 'apache/master' into where-expression-support
c188f0b3d [Fu Chen] fix style
e5f7409d6 [Fu Chen] move verifyPartitionPredicates to KyuubiSparkSQLAstBuilder
f7234abba [Fu Chen] fix style
95d314122 [Fu Chen] fork PredicateHelper.isLikelySelective
1e596e3dd [Fu Chen] partition predicates constraint
541e373cc [Fu Chen] fix
06d9efdf0 [Fu Chen] adapt to spark-3.1/spark-3.2 suite
867263673 [Fu Chen] fix style
b6801b279 [Fu Chen] add test case
79ab60554 [Fu Chen] fix suite bug
cf1b16ee7 [Fu Chen] fix style
dc0ebd908 [Fu Chen] add ut
286d94cc6 [Fu Chen] fix style
1736d18f6 [Fu Chen] adapt to spark-3.1/spark-3.2
04e88a5aa [Fu Chen] fix nep
59103095b [Fu Chen] simplify logical
59fba01e4 [Fu Chen] adapt to spark-3.1
e6477a9c5 [Fu Chen] remove unused
855283e20 [Fu Chen] where clause expression support

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 .../kyuubi/sql/KyuubiSparkSQLParser.scala     |  10 +-
 .../org/apache/spark/sql/ZorderSuite.scala    |  18 +-
 .../kyuubi/sql/KyuubiSparkSQLParser.scala     |  10 +-
 .../org/apache/spark/sql/ZorderSuite.scala    |  18 +-
 .../kyuubi/sql/KyuubiSparkSQLParser.scala     |  10 +-
 .../org/apache/spark/sql/ZorderSuite.scala    |  21 +-
 .../org/apache/kyuubi/sql/KyuubiSparkSQL.g4   |  55 +--
 .../kyuubi/sql/KyuubiSparkSQLAstBuilder.scala | 460 ++++--------------
 .../zorder/OptimizeZorderStatementBase.scala  |  15 +-
 .../kyuubi/sql/zorder/ResolveZorderBase.scala |   2 +-
 .../apache/spark/sql/ZorderSuiteBase.scala    | 103 +++-
 11 files changed, 267 insertions(+), 455 deletions(-)

diff --git a/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala b/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
index 2f12a82e2..87c10bc34 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
@@ -21,19 +21,21 @@ import org.antlr.v4.runtime._
 import org.antlr.v4.runtime.atn.PredictionMode
 import org.antlr.v4.runtime.misc.{Interval, ParseCancellationException}
 import org.apache.spark.sql.AnalysisException
-import org.apache.spark.sql.catalyst.{FunctionIdentifier, TableIdentifier}
+import org.apache.spark.sql.catalyst.{FunctionIdentifier, SQLConfHelper, TableIdentifier}
 import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.parser.{ParseErrorListener, ParseException, ParserInterface, PostProcessor}
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.trees.Origin
 import org.apache.spark.sql.types.{DataType, StructType}
 
-abstract class KyuubiSparkSQLParserBase extends ParserInterface {
+abstract class KyuubiSparkSQLParserBase extends ParserInterface with SQLConfHelper {
   def delegate: ParserInterface
-  def astBuilder: KyuubiSparkSQLAstBuilderBase
+  def astBuilder: KyuubiSparkSQLAstBuilder
 
   override def parsePlan(sqlText: String): LogicalPlan = parse(sqlText) { parser =>
     astBuilder.visit(parser.singleStatement()) match {
+      case optimize: UnparsedPredicateOptimize =>
+        astBuilder.buildOptimizeStatement(optimize, delegate.parseExpression)
       case plan: LogicalPlan => plan
       case _ => delegate.parsePlan(sqlText)
     }
@@ -105,7 +107,7 @@ abstract class KyuubiSparkSQLParserBase extends ParserInterface {
 class SparkKyuubiSparkSQLParser(
     override val delegate: ParserInterface)
   extends KyuubiSparkSQLParserBase {
-  def astBuilder: KyuubiSparkSQLAstBuilderBase = new KyuubiSparkSQLAstBuilder
+  def astBuilder: KyuubiSparkSQLAstBuilder = new KyuubiSparkSQLAstBuilder
 }
 
 /* Copied from Apache Spark's to avoid dependency on Spark Internals */
diff --git a/extensions/spark/kyuubi-extension-spark-3-1/src/test/scala/org/apache/spark/sql/ZorderSuite.scala b/extensions/spark/kyuubi-extension-spark-3-1/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
index fd04e27db..29a166abf 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-1/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
@@ -17,6 +17,20 @@
 
 package org.apache.spark.sql
 
-class ZorderWithCodegenEnabledSuite extends ZorderWithCodegenEnabledSuiteBase {}
+import org.apache.spark.sql.catalyst.parser.ParserInterface
 
-class ZorderWithCodegenDisabledSuite extends ZorderWithCodegenDisabledSuiteBase {}
+import org.apache.kyuubi.sql.SparkKyuubiSparkSQLParser
+
+trait ParserSuite { self: ZorderSuiteBase =>
+  override def createParser: ParserInterface = {
+    new SparkKyuubiSparkSQLParser(spark.sessionState.sqlParser)
+  }
+}
+
+class ZorderWithCodegenEnabledSuite
+  extends ZorderWithCodegenEnabledSuiteBase
+  with ParserSuite {}
+
+class ZorderWithCodegenDisabledSuite
+  extends ZorderWithCodegenDisabledSuiteBase
+  with ParserSuite {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala b/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
index 2f12a82e2..87c10bc34 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-2/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
@@ -21,19 +21,21 @@ import org.antlr.v4.runtime._
 import org.antlr.v4.runtime.atn.PredictionMode
 import org.antlr.v4.runtime.misc.{Interval, ParseCancellationException}
 import org.apache.spark.sql.AnalysisException
-import org.apache.spark.sql.catalyst.{FunctionIdentifier, TableIdentifier}
+import org.apache.spark.sql.catalyst.{FunctionIdentifier, SQLConfHelper, TableIdentifier}
 import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.parser.{ParseErrorListener, ParseException, ParserInterface, PostProcessor}
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.trees.Origin
 import org.apache.spark.sql.types.{DataType, StructType}
 
-abstract class KyuubiSparkSQLParserBase extends ParserInterface {
+abstract class KyuubiSparkSQLParserBase extends ParserInterface with SQLConfHelper {
   def delegate: ParserInterface
-  def astBuilder: KyuubiSparkSQLAstBuilderBase
+  def astBuilder: KyuubiSparkSQLAstBuilder
 
   override def parsePlan(sqlText: String): LogicalPlan = parse(sqlText) { parser =>
     astBuilder.visit(parser.singleStatement()) match {
+      case optimize: UnparsedPredicateOptimize =>
+        astBuilder.buildOptimizeStatement(optimize, delegate.parseExpression)
       case plan: LogicalPlan => plan
       case _ => delegate.parsePlan(sqlText)
     }
@@ -105,7 +107,7 @@ abstract class KyuubiSparkSQLParserBase extends ParserInterface {
 class SparkKyuubiSparkSQLParser(
     override val delegate: ParserInterface)
   extends KyuubiSparkSQLParserBase {
-  def astBuilder: KyuubiSparkSQLAstBuilderBase = new KyuubiSparkSQLAstBuilder
+  def astBuilder: KyuubiSparkSQLAstBuilder = new KyuubiSparkSQLAstBuilder
 }
 
 /* Copied from Apache Spark's to avoid dependency on Spark Internals */
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/src/test/scala/org/apache/spark/sql/ZorderSuite.scala b/extensions/spark/kyuubi-extension-spark-3-2/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
index fd04e27db..29a166abf 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-2/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
@@ -17,6 +17,20 @@
 
 package org.apache.spark.sql
 
-class ZorderWithCodegenEnabledSuite extends ZorderWithCodegenEnabledSuiteBase {}
+import org.apache.spark.sql.catalyst.parser.ParserInterface
 
-class ZorderWithCodegenDisabledSuite extends ZorderWithCodegenDisabledSuiteBase {}
+import org.apache.kyuubi.sql.SparkKyuubiSparkSQLParser
+
+trait ParserSuite { self: ZorderSuiteBase =>
+  override def createParser: ParserInterface = {
+    new SparkKyuubiSparkSQLParser(spark.sessionState.sqlParser)
+  }
+}
+
+class ZorderWithCodegenEnabledSuite
+  extends ZorderWithCodegenEnabledSuiteBase
+  with ParserSuite {}
+
+class ZorderWithCodegenDisabledSuite
+  extends ZorderWithCodegenDisabledSuiteBase
+  with ParserSuite {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
index af1711ebb..c4418c33c 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
@@ -21,19 +21,21 @@ import org.antlr.v4.runtime._
 import org.antlr.v4.runtime.atn.PredictionMode
 import org.antlr.v4.runtime.misc.{Interval, ParseCancellationException}
 import org.apache.spark.sql.AnalysisException
-import org.apache.spark.sql.catalyst.{FunctionIdentifier, TableIdentifier}
+import org.apache.spark.sql.catalyst.{FunctionIdentifier, SQLConfHelper, TableIdentifier}
 import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.parser.{ParseErrorListener, ParseException, ParserInterface, PostProcessor}
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.trees.Origin
 import org.apache.spark.sql.types.{DataType, StructType}
 
-abstract class KyuubiSparkSQLParserBase extends ParserInterface {
+abstract class KyuubiSparkSQLParserBase extends ParserInterface with SQLConfHelper {
   def delegate: ParserInterface
-  def astBuilder: KyuubiSparkSQLAstBuilderBase
+  def astBuilder: KyuubiSparkSQLAstBuilder
 
   override def parsePlan(sqlText: String): LogicalPlan = parse(sqlText) { parser =>
     astBuilder.visit(parser.singleStatement()) match {
+      case optimize: UnparsedPredicateOptimize =>
+        astBuilder.buildOptimizeStatement(optimize, delegate.parseExpression)
       case plan: LogicalPlan => plan
       case _ => delegate.parsePlan(sqlText)
     }
@@ -113,7 +115,7 @@ abstract class KyuubiSparkSQLParserBase extends ParserInterface {
 class SparkKyuubiSparkSQLParser(
     override val delegate: ParserInterface)
   extends KyuubiSparkSQLParserBase {
-  def astBuilder: KyuubiSparkSQLAstBuilderBase = new KyuubiSparkSQLAstBuilder
+  def astBuilder: KyuubiSparkSQLAstBuilder = new KyuubiSparkSQLAstBuilder
 }
 
 /* Copied from Apache Spark's to avoid dependency on Spark Internals */
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/ZorderSuite.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
index 90fc17e24..a08366f1d 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
@@ -17,13 +17,14 @@
 
 package org.apache.spark.sql
 
+import org.apache.spark.sql.catalyst.parser.ParserInterface
 import org.apache.spark.sql.catalyst.plans.logical.{RebalancePartitions, Sort}
 import org.apache.spark.sql.internal.SQLConf
 
-import org.apache.kyuubi.sql.KyuubiSQLConf
+import org.apache.kyuubi.sql.{KyuubiSQLConf, SparkKyuubiSparkSQLParser}
 import org.apache.kyuubi.sql.zorder.Zorder
 
-trait ZorderWithCodegenEnabledSuiteBase33 extends ZorderWithCodegenEnabledSuiteBase {
+trait ZorderSuiteSpark33 extends ZorderSuiteBase {
 
   test("Add rebalance before zorder") {
     Seq("true" -> false, "false" -> true).foreach { case (useOriginalOrdering, zorder) =>
@@ -106,6 +107,18 @@ trait ZorderWithCodegenEnabledSuiteBase33 extends ZorderWithCodegenEnabledSuiteB
   }
 }
 
-class ZorderWithCodegenEnabledSuite extends ZorderWithCodegenEnabledSuiteBase33 {}
+trait ParserSuite { self: ZorderSuiteBase =>
+  override def createParser: ParserInterface = {
+    new SparkKyuubiSparkSQLParser(spark.sessionState.sqlParser)
+  }
+}
+
+class ZorderWithCodegenEnabledSuite
+  extends ZorderWithCodegenEnabledSuiteBase
+  with ZorderSuiteSpark33
+  with ParserSuite {}
 
-class ZorderWithCodegenDisabledSuite extends ZorderWithCodegenEnabledSuiteBase33 {}
+class ZorderWithCodegenDisabledSuite
+  extends ZorderWithCodegenDisabledSuiteBase
+  with ZorderSuiteSpark33
+  with ParserSuite {}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4 b/extensions/spark/kyuubi-extension-spark-common/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
index 63e2bf848..e52b7f5cf 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
@@ -55,53 +55,23 @@ statement
     ;
 
 whereClause
-    : WHERE booleanExpression
+    : WHERE partitionPredicate = predicateToken
     ;
 
 zorderClause
     : ZORDER BY order+=multipartIdentifier (',' order+=multipartIdentifier)*
     ;
 
-booleanExpression
-    : query                                                              #logicalQuery
-    | left=booleanExpression operator=AND right=booleanExpression        #logicalBinary
-    | left=booleanExpression operator=OR right=booleanExpression         #logicalBinary
-    ;
-
-query
-    : '('? multipartIdentifier comparisonOperator constant ')'?
-    ;
-
-comparisonOperator
-    : EQ | NEQ | NEQJ | LT | LTE | GT | GTE | NSEQ
-    ;
-
-constant
-    : NULL                     #nullLiteral
-    | identifier STRING        #typeConstructor
-    | number                   #numericLiteral
-    | booleanValue             #booleanLiteral
-    | STRING+                  #stringLiteral
+// We don't have an expression rule in our grammar here, so we just grab the tokens and defer
+// parsing them to later.
+predicateToken
+    :  .+?
     ;
 
 multipartIdentifier
     : parts+=identifier ('.' parts+=identifier)*
     ;
 
-booleanValue
-    : TRUE | FALSE
-    ;
-
-number
-    : MINUS? DECIMAL_VALUE             #decimalLiteral
-    | MINUS? INTEGER_VALUE             #integerLiteral
-    | MINUS? BIGINT_LITERAL            #bigIntLiteral
-    | MINUS? SMALLINT_LITERAL          #smallIntLiteral
-    | MINUS? TINYINT_LITERAL           #tinyIntLiteral
-    | MINUS? DOUBLE_LITERAL            #doubleLiteral
-    | MINUS? BIGDECIMAL_LITERAL        #bigDecimalLiteral
-    ;
-
 identifier
     : strictIdentifier
     ;
@@ -136,7 +106,6 @@ BY: 'BY';
 FALSE: 'FALSE';
 DATE: 'DATE';
 INTERVAL: 'INTERVAL';
-NULL: 'NULL';
 OPTIMIZE: 'OPTIMIZE';
 OR: 'OR';
 TABLE: 'TABLE';
@@ -145,22 +114,8 @@ TRUE: 'TRUE';
 WHERE: 'WHERE';
 ZORDER: 'ZORDER';
 
-EQ  : '=' | '==';
-NSEQ: '<=>';
-NEQ : '<>';
-NEQJ: '!=';
-LT  : '<';
-LTE : '<=' | '!>';
-GT  : '>';
-GTE : '>=' | '!<';
-
 MINUS: '-';
 
-STRING
-    : '\'' ( ~('\''|'\\') | ('\\' .) )* '\''
-    | '"' ( ~('"'|'\\') | ('\\' .) )* '"'
-    ;
-
 BIGINT_LITERAL
     : DIGIT+ 'L'
     ;
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
index 82e3e6da5..c937bd575 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
@@ -17,37 +17,81 @@
 
 package org.apache.kyuubi.sql
 
-import java.time.LocalDate
-import java.util.Locale
-
 import scala.collection.JavaConverters.asScalaBufferConverter
-import scala.collection.mutable.{ArrayBuffer, ListBuffer}
-import scala.util.control.NonFatal
+import scala.collection.mutable.ListBuffer
 
 import org.antlr.v4.runtime.ParserRuleContext
-import org.antlr.v4.runtime.tree.{ParseTree, TerminalNode}
-import org.apache.commons.codec.binary.Hex
-import org.apache.spark.sql.AnalysisException
+import org.antlr.v4.runtime.misc.Interval
+import org.antlr.v4.runtime.tree.ParseTree
+import org.apache.spark.sql.catalyst.SQLConfHelper
 import org.apache.spark.sql.catalyst.analysis.{UnresolvedAttribute, UnresolvedRelation, UnresolvedStar}
 import org.apache.spark.sql.catalyst.expressions._
-import org.apache.spark.sql.catalyst.parser.ParseException
-import org.apache.spark.sql.catalyst.parser.ParserUtils.{string, stringWithoutUnescape, withOrigin}
+import org.apache.spark.sql.catalyst.parser.ParserUtils.withOrigin
 import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, Project, Sort}
-import org.apache.spark.sql.catalyst.util.DateTimeUtils.{getZoneId, localDateToDays, stringToTimestamp}
-import org.apache.spark.sql.catalyst.util.IntervalUtils
-import org.apache.spark.sql.hive.HiveAnalysis.conf
-import org.apache.spark.sql.internal.SQLConf
-import org.apache.spark.sql.types._
-import org.apache.spark.unsafe.types.UTF8String
 
 import org.apache.kyuubi.sql.KyuubiSparkSQLParser._
-import org.apache.kyuubi.sql.zorder.{OptimizeZorderStatement, OptimizeZorderStatementBase, Zorder, ZorderBase}
+import org.apache.kyuubi.sql.zorder.{OptimizeZorderStatement, Zorder}
+
+class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQLConfHelper {
+
+  def buildOptimizeStatement(
+      unparsedPredicateOptimize: UnparsedPredicateOptimize,
+      parseExpression: String => Expression): LogicalPlan = {
 
-abstract class KyuubiSparkSQLAstBuilderBase extends KyuubiSparkSQLBaseVisitor[AnyRef] {
-  def buildZorder(child: Seq[Expression]): ZorderBase
-  def buildOptimizeZorderStatement(
-      tableIdentifier: Seq[String],
-      query: LogicalPlan): OptimizeZorderStatementBase
+    val UnparsedPredicateOptimize(tableIdent, tablePredicate, orderExpr) =
+      unparsedPredicateOptimize
+
+    val predicate = tablePredicate.map(parseExpression)
+    verifyPartitionPredicates(predicate)
+    val table = UnresolvedRelation(tableIdent)
+    val tableWithFilter = predicate match {
+      case Some(expr) => Filter(expr, table)
+      case None => table
+    }
+    val query =
+      Sort(
+        SortOrder(orderExpr, Ascending, NullsLast, Seq.empty) :: Nil,
+        conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED),
+        Project(Seq(UnresolvedStar(None)), tableWithFilter))
+    OptimizeZorderStatement(tableIdent, query)
+  }
+
+  private def verifyPartitionPredicates(predicates: Option[Expression]): Unit = {
+    predicates.foreach {
+      case p if !isLikelySelective(p) =>
+        throw new KyuubiSQLExtensionException(s"unsupported partition predicates: ${p.sql}")
+      case _ =>
+    }
+  }
+
+  /**
+   * Forked from Apache Spark's org.apache.spark.sql.catalyst.expressions.PredicateHelper
+   * The `PredicateHelper.isLikelySelective()` is available since Spark-3.3, forked for Spark
+   * that is lower than 3.3.
+   *
+   * Returns whether an expression is likely to be selective
+   */
+  private def isLikelySelective(e: Expression): Boolean = e match {
+    case Not(expr) => isLikelySelective(expr)
+    case And(l, r) => isLikelySelective(l) || isLikelySelective(r)
+    case Or(l, r) => isLikelySelective(l) && isLikelySelective(r)
+    case _: StringRegexExpression => true
+    case _: BinaryComparison => true
+    case _: In | _: InSet => true
+    case _: StringPredicate => true
+    case BinaryPredicate(_) => true
+    case _: MultiLikeBase => true
+    case _ => false
+  }
+
+  private object BinaryPredicate {
+    def unapply(expr: Expression): Option[Expression] = expr match {
+      case _: Contains => Option(expr)
+      case _: StartsWith => Option(expr)
+      case _: EndsWith => Option(expr)
+      case _ => None
+    }
+  }
 
   /**
    * Create an expression from the given context. This method just passes the context on to the
@@ -62,21 +106,12 @@ abstract class KyuubiSparkSQLAstBuilderBase extends KyuubiSparkSQLBaseVisitor[An
   }
 
   override def visitOptimizeZorder(
-      ctx: OptimizeZorderContext): LogicalPlan = withOrigin(ctx) {
+      ctx: OptimizeZorderContext): UnparsedPredicateOptimize = withOrigin(ctx) {
     val tableIdent = multiPart(ctx.multipartIdentifier())
-    val table = UnresolvedRelation(tableIdent)
-
-    val whereClause =
-      if (ctx.whereClause() == null) {
-        None
-      } else {
-        Option(expression(ctx.whereClause().booleanExpression()))
-      }
 
-    val tableWithFilter = whereClause match {
-      case Some(expr) => Filter(expr, table)
-      case None => table
-    }
+    val predicate = Option(ctx.whereClause())
+      .map(_.partitionPredicate)
+      .map(extractRawText(_))
 
     val zorderCols = ctx.zorderClause().order.asScala
       .map(visitMultipartIdentifier)
@@ -86,83 +121,13 @@ abstract class KyuubiSparkSQLAstBuilderBase extends KyuubiSparkSQLBaseVisitor[An
       if (zorderCols.length == 1) {
         zorderCols.head
       } else {
-        buildZorder(zorderCols)
+        Zorder(zorderCols)
       }
-    val query =
-      Sort(
-        SortOrder(orderExpr, Ascending, NullsLast, Seq.empty) :: Nil,
-        conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED),
-        Project(Seq(UnresolvedStar(None)), tableWithFilter))
-
-    buildOptimizeZorderStatement(tableIdent, query)
+    UnparsedPredicateOptimize(tableIdent, predicate, orderExpr)
   }
 
   override def visitPassThrough(ctx: PassThroughContext): LogicalPlan = null
 
-  override def visitQuery(ctx: QueryContext): Expression = withOrigin(ctx) {
-    val left = new UnresolvedAttribute(multiPart(ctx.multipartIdentifier()))
-    val right = expression(ctx.constant())
-    val operator = ctx.comparisonOperator().getChild(0).asInstanceOf[TerminalNode]
-    operator.getSymbol.getType match {
-      case KyuubiSparkSQLParser.EQ =>
-        EqualTo(left, right)
-      case KyuubiSparkSQLParser.NSEQ =>
-        EqualNullSafe(left, right)
-      case KyuubiSparkSQLParser.NEQ | KyuubiSparkSQLParser.NEQJ =>
-        Not(EqualTo(left, right))
-      case KyuubiSparkSQLParser.LT =>
-        LessThan(left, right)
-      case KyuubiSparkSQLParser.LTE =>
-        LessThanOrEqual(left, right)
-      case KyuubiSparkSQLParser.GT =>
-        GreaterThan(left, right)
-      case KyuubiSparkSQLParser.GTE =>
-        GreaterThanOrEqual(left, right)
-    }
-  }
-
-  override def visitLogicalBinary(ctx: LogicalBinaryContext): Expression = withOrigin(ctx) {
-    val expressionType = ctx.operator.getType
-    val expressionCombiner = expressionType match {
-      case KyuubiSparkSQLParser.AND => And.apply _
-      case KyuubiSparkSQLParser.OR => Or.apply _
-    }
-
-    // Collect all similar left hand contexts.
-    val contexts = ArrayBuffer(ctx.right)
-    var current = ctx.left
-    def collectContexts: Boolean = current match {
-      case lbc: LogicalBinaryContext if lbc.operator.getType == expressionType =>
-        contexts += lbc.right
-        current = lbc.left
-        true
-      case _ =>
-        contexts += current
-        false
-    }
-    while (collectContexts) {
-      // No body - all updates take place in the collectContexts.
-    }
-
-    // Reverse the contexts to have them in the same sequence as in the SQL statement & turn them
-    // into expressions.
-    val expressions = contexts.reverseMap(expression)
-
-    // Create a balanced tree.
-    def reduceToExpressionTree(low: Int, high: Int): Expression = high - low match {
-      case 0 =>
-        expressions(low)
-      case 1 =>
-        expressionCombiner(expressions(low), expressions(high))
-      case x =>
-        val mid = low + x / 2
-        expressionCombiner(
-          reduceToExpressionTree(low, mid),
-          reduceToExpressionTree(mid + 1, high))
-    }
-    reduceToExpressionTree(0, expressions.size - 1)
-  }
-
   override def visitMultipartIdentifier(ctx: MultipartIdentifierContext): Seq[String] =
     withOrigin(ctx) {
       ctx.parts.asScala.map(_.getText)
@@ -177,273 +142,32 @@ abstract class KyuubiSparkSQLAstBuilderBase extends KyuubiSparkSQLBaseVisitor[An
       res
     }
 
-  /**
-   * Create a NULL literal expression.
-   */
-  override def visitNullLiteral(ctx: NullLiteralContext): Literal = withOrigin(ctx) {
-    Literal(null)
-  }
-
-  /**
-   * Create a Boolean literal expression.
-   */
-  override def visitBooleanLiteral(ctx: BooleanLiteralContext): Literal = withOrigin(ctx) {
-    if (ctx.getText.toBoolean) {
-      Literal.TrueLiteral
-    } else {
-      Literal.FalseLiteral
-    }
-  }
-
-  /**
-   * Create a typed Literal expression. A typed literal has the following SQL syntax:
-   * {{{
-   *   [TYPE] '[VALUE]'
-   * }}}
-   * Currently Date, Timestamp, Interval and Binary typed literals are supported.
-   */
-  override def visitTypeConstructor(ctx: TypeConstructorContext): Literal = withOrigin(ctx) {
-    val value = string(ctx.STRING)
-    val valueType = ctx.identifier.getText.toUpperCase(Locale.ROOT)
-
-    def toLiteral[T](f: UTF8String => Option[T], t: DataType): Literal = {
-      f(UTF8String.fromString(value)).map(Literal(_, t)).getOrElse {
-        throw new ParseException(s"Cannot parse the $valueType value: $value", ctx)
-      }
-    }
-    try {
-      valueType match {
-        case "DATE" =>
-          toLiteral(stringToDate, DateType)
-        case "TIMESTAMP" =>
-          val zoneId = getZoneId(SQLConf.get.sessionLocalTimeZone)
-          toLiteral(stringToTimestamp(_, zoneId), TimestampType)
-        case "INTERVAL" =>
-          val interval =
-            try {
-              IntervalUtils.stringToInterval(UTF8String.fromString(value))
-            } catch {
-              case e: IllegalArgumentException =>
-                val ex = new ParseException("Cannot parse the INTERVAL value: " + value, ctx)
-                ex.setStackTrace(e.getStackTrace)
-                throw ex
-            }
-          Literal(interval, CalendarIntervalType)
-        case "X" =>
-          val padding = if (value.length % 2 != 0) "0" else ""
-
-          Literal(Hex.decodeHex(padding + value))
-        case other =>
-          throw new ParseException(s"Literals of type '$other' are currently not supported.", ctx)
-      }
-    } catch {
-      case e: IllegalArgumentException =>
-        val message = Option(e.getMessage).getOrElse(s"Exception parsing $valueType")
-        throw new ParseException(message, ctx)
-    }
-  }
-
-  /**
-   * Create a String literal expression.
-   */
-  override def visitStringLiteral(ctx: StringLiteralContext): Literal = withOrigin(ctx) {
-    Literal(createString(ctx))
-  }
-
-  /**
-   * Create a decimal literal for a regular decimal number.
-   */
-  override def visitDecimalLiteral(ctx: DecimalLiteralContext): Literal = withOrigin(ctx) {
-    Literal(BigDecimal(ctx.getText).underlying())
-  }
-
-  /** Create a numeric literal expression. */
-  private def numericLiteral(
-      ctx: NumberContext,
-      rawStrippedQualifier: String,
-      minValue: BigDecimal,
-      maxValue: BigDecimal,
-      typeName: String)(converter: String => Any): Literal = withOrigin(ctx) {
-    try {
-      val rawBigDecimal = BigDecimal(rawStrippedQualifier)
-      if (rawBigDecimal < minValue || rawBigDecimal > maxValue) {
-        throw new ParseException(
-          s"Numeric literal ${rawStrippedQualifier} does not " +
-            s"fit in range [${minValue}, ${maxValue}] for type ${typeName}",
-          ctx)
-      }
-      Literal(converter(rawStrippedQualifier))
-    } catch {
-      case e: NumberFormatException =>
-        throw new ParseException(e.getMessage, ctx)
-    }
-  }
-
-  /**
-   * Create a Byte Literal expression.
-   */
-  override def visitTinyIntLiteral(ctx: TinyIntLiteralContext): Literal = {
-    val rawStrippedQualifier = ctx.getText.substring(0, ctx.getText.length - 1)
-    numericLiteral(
-      ctx,
-      rawStrippedQualifier,
-      Byte.MinValue,
-      Byte.MaxValue,
-      ByteType.simpleString)(_.toByte)
-  }
-
-  /**
-   * Create an integral literal expression. The code selects the most narrow integral type
-   * possible, either a BigDecimal, a Long or an Integer is returned.
-   */
-  override def visitIntegerLiteral(ctx: IntegerLiteralContext): Literal = withOrigin(ctx) {
-    BigDecimal(ctx.getText) match {
-      case v if v.isValidInt =>
-        Literal(v.intValue)
-      case v if v.isValidLong =>
-        Literal(v.longValue)
-      case v => Literal(v.underlying())
-    }
-  }
-
-  /**
-   * Create a Short Literal expression.
-   */
-  override def visitSmallIntLiteral(ctx: SmallIntLiteralContext): Literal = {
-    val rawStrippedQualifier = ctx.getText.substring(0, ctx.getText.length - 1)
-    numericLiteral(
-      ctx,
-      rawStrippedQualifier,
-      Short.MinValue,
-      Short.MaxValue,
-      ShortType.simpleString)(_.toShort)
-  }
-
-  /**
-   * Create a Long Literal expression.
-   */
-  override def visitBigIntLiteral(ctx: BigIntLiteralContext): Literal = {
-    val rawStrippedQualifier = ctx.getText.substring(0, ctx.getText.length - 1)
-    numericLiteral(
-      ctx,
-      rawStrippedQualifier,
-      Long.MinValue,
-      Long.MaxValue,
-      LongType.simpleString)(_.toLong)
-  }
-
-  /**
-   * Create a Double Literal expression.
-   */
-  override def visitDoubleLiteral(ctx: DoubleLiteralContext): Literal = {
-    val rawStrippedQualifier = ctx.getText.substring(0, ctx.getText.length - 1)
-    numericLiteral(
-      ctx,
-      rawStrippedQualifier,
-      Double.MinValue,
-      Double.MaxValue,
-      DoubleType.simpleString)(_.toDouble)
-  }
-
-  /**
-   * Create a BigDecimal Literal expression.
-   */
-  override def visitBigDecimalLiteral(ctx: BigDecimalLiteralContext): Literal = {
-    val raw = ctx.getText.substring(0, ctx.getText.length - 2)
-    try {
-      Literal(BigDecimal(raw).underlying())
-    } catch {
-      case e: AnalysisException =>
-        throw new ParseException(e.message, ctx)
-    }
-  }
-
-  /**
-   * Create a String from a string literal context. This supports multiple consecutive string
-   * literals, these are concatenated, for example this expression "'hello' 'world'" will be
-   * converted into "helloworld".
-   *
-   * Special characters can be escaped by using Hive/C-style escaping.
-   */
-  private def createString(ctx: StringLiteralContext): String = {
-    if (conf.escapedStringLiterals) {
-      ctx.STRING().asScala.map(stringWithoutUnescape).mkString
-    } else {
-      ctx.STRING().asScala.map(string).mkString
-    }
-  }
-
   private def typedVisit[T](ctx: ParseTree): T = {
     ctx.accept(this).asInstanceOf[T]
   }
 
-  private def stringToDate(s: UTF8String): Option[Int] = {
-    def isValidDigits(segment: Int, digits: Int): Boolean = {
-      // An integer is able to represent a date within [+-]5 million years.
-      val maxDigitsYear = 7
-      (segment == 0 && digits >= 4 && digits <= maxDigitsYear) ||
-      (segment != 0 && digits > 0 && digits <= 2)
-    }
-    if (s == null || s.trimAll().numBytes() == 0) {
-      return None
-    }
-    val segments: Array[Int] = Array[Int](1, 1, 1)
-    var sign = 1
-    var i = 0
-    var currentSegmentValue = 0
-    var currentSegmentDigits = 0
-    val bytes = s.trimAll().getBytes
-    var j = 0
-    if (bytes(j) == '-' || bytes(j) == '+') {
-      sign = if (bytes(j) == '-') -1 else 1
-      j += 1
-    }
-    while (j < bytes.length && (i < 3 && !(bytes(j) == ' ' || bytes(j) == 'T'))) {
-      val b = bytes(j)
-      if (i < 2 && b == '-') {
-        if (!isValidDigits(i, currentSegmentDigits)) {
-          return None
-        }
-        segments(i) = currentSegmentValue
-        currentSegmentValue = 0
-        currentSegmentDigits = 0
-        i += 1
-      } else {
-        val parsedValue = b - '0'.toByte
-        if (parsedValue < 0 || parsedValue > 9) {
-          return None
-        } else {
-          currentSegmentValue = currentSegmentValue * 10 + parsedValue
-          currentSegmentDigits += 1
-        }
-      }
-      j += 1
-    }
-    if (!isValidDigits(i, currentSegmentDigits)) {
-      return None
-    }
-    if (i < 2 && j < bytes.length) {
-      // For the `yyyy` and `yyyy-[m]m` formats, entire input must be consumed.
-      return None
-    }
-    segments(i) = currentSegmentValue
-    try {
-      val localDate = LocalDate.of(sign * segments(0), segments(1), segments(2))
-      Some(localDateToDays(localDate))
-    } catch {
-      case NonFatal(_) => None
-    }
+  private def extractRawText(exprContext: ParserRuleContext): String = {
+    // Extract the raw expression which will be parsed later
+    exprContext.getStart.getInputStream.getText(new Interval(
+      exprContext.getStart.getStartIndex,
+      exprContext.getStop.getStopIndex))
   }
 }
 
-class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLAstBuilderBase {
-  override def buildZorder(child: Seq[Expression]): ZorderBase = {
-    Zorder(child)
-  }
+/**
+ * a logical plan contains an unparsed expression that will be parsed by spark.
+ */
+trait UnparsedExpressionLogicalPlan extends LogicalPlan {
+  override def output: Seq[Attribute] = throw new UnsupportedOperationException()
 
-  override def buildOptimizeZorderStatement(
-      tableIdentifier: Seq[String],
-      query: LogicalPlan): OptimizeZorderStatementBase = {
-    OptimizeZorderStatement(tableIdentifier, query)
-  }
+  override def children: Seq[LogicalPlan] = throw new UnsupportedOperationException()
+
+  protected def withNewChildrenInternal(
+      newChildren: IndexedSeq[LogicalPlan]): LogicalPlan =
+    throw new UnsupportedOperationException()
 }
+
+case class UnparsedPredicateOptimize(
+    tableIdent: Seq[String],
+    tablePredicate: Option[String],
+    orderExpr: Expression) extends UnparsedExpressionLogicalPlan {}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
index a9bb5a5d7..895f9e24b 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
@@ -20,24 +20,15 @@ package org.apache.kyuubi.sql.zorder
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-/**
- * A zorder statement that contains we parsed from SQL.
- * We should convert this plan to certain command at Analyzer.
- */
-abstract class OptimizeZorderStatementBase extends UnaryNode {
-  def tableIdentifier: Seq[String]
-  def query: LogicalPlan
-  override def child: LogicalPlan = query
-  override def output: Seq[Attribute] = child.output
-}
-
 /**
  * A zorder statement that contains we parsed from SQL.
  * We should convert this plan to certain command at Analyzer.
  */
 case class OptimizeZorderStatement(
     tableIdentifier: Seq[String],
-    query: LogicalPlan) extends OptimizeZorderStatementBase {
+    query: LogicalPlan) extends UnaryNode {
+  override def child: LogicalPlan = query
+  override def output: Seq[Attribute] = child.output
   protected def withNewChildInternal(newChild: LogicalPlan): LogicalPlan =
     copy(query = newChild)
 }
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
index cdead0b06..9f735caa7 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
@@ -57,7 +57,7 @@ abstract class ResolveZorderBase extends Rule[LogicalPlan] {
   }
 
   override def apply(plan: LogicalPlan): LogicalPlan = plan match {
-    case statement: OptimizeZorderStatementBase if statement.query.resolved =>
+    case statement: OptimizeZorderStatement if statement.query.resolved =>
       checkQueryAllowed(statement.query)
       val tableIdentifier = getTableIdentifier(statement.tableIdentifier)
       val catalogTable = session.sessionState.catalog.getTableMetadata(tableIdentifier)
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
index f48d11e15..e0f86f85d 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
@@ -18,9 +18,11 @@
 package org.apache.spark.sql
 
 import org.apache.spark.SparkConf
-import org.apache.spark.sql.catalyst.InternalRow
-import org.apache.spark.sql.catalyst.expressions.{Alias, Ascending, AttributeReference, Expression, ExpressionEvalHelper, Literal, NullsLast, SortOrder}
-import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, OneRowRelation, Project, Sort}
+import org.apache.spark.sql.catalyst.{InternalRow, TableIdentifier}
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedAttribute, UnresolvedFunction, UnresolvedRelation, UnresolvedStar}
+import org.apache.spark.sql.catalyst.expressions.{Alias, Ascending, AttributeReference, EqualTo, Expression, ExpressionEvalHelper, Literal, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.parser.{ParseException, ParserInterface}
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, OneRowRelation, Project, Sort}
 import org.apache.spark.sql.execution.command.CreateDataSourceTableAsSelectCommand
 import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
 import org.apache.spark.sql.functions._
@@ -29,7 +31,7 @@ import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
 import org.apache.spark.sql.types._
 
 import org.apache.kyuubi.sql.{KyuubiSQLConf, KyuubiSQLExtensionException}
-import org.apache.kyuubi.sql.zorder.{OptimizeZorderCommandBase, Zorder, ZorderBytesUtils}
+import org.apache.kyuubi.sql.zorder.{OptimizeZorderCommandBase, OptimizeZorderStatement, Zorder, ZorderBytesUtils}
 
 trait ZorderSuiteBase extends KyuubiSparkSQLExtensionTest with ExpressionEvalHelper {
   override def sparkConf(): SparkConf = {
@@ -654,6 +656,99 @@ trait ZorderSuiteBase extends KyuubiSparkSQLExtensionTest with ExpressionEvalHel
           ZorderBytesUtils.interleaveBitsDefault(inputs.map(ZorderBytesUtils.toByteArray).toArray)))
       }
   }
+
+  test("OPTIMIZE command is parsed as expected") {
+    val parser = createParser
+    val globalSort = spark.conf.get(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED)
+
+    assert(parser.parsePlan("OPTIMIZE p zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(Seq(UnresolvedStar(None)), UnresolvedRelation(TableIdentifier("p"))))))
+
+    assert(parser.parsePlan("OPTIMIZE p zorder by c1, c2") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(
+            Zorder(Seq(UnresolvedAttribute("c1"), UnresolvedAttribute("c2"))),
+            Ascending,
+            NullsLast,
+            Seq.empty) :: Nil,
+          globalSort,
+          Project(Seq(UnresolvedStar(None)), UnresolvedRelation(TableIdentifier("p"))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = 1 zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(UnresolvedAttribute("id"), Literal(1)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = 1 zorder by c1, c2") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(
+            Zorder(Seq(UnresolvedAttribute("c1"), UnresolvedAttribute("c2"))),
+            Ascending,
+            NullsLast,
+            Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(UnresolvedAttribute("id"), Literal(1)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = current_date() zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(
+                UnresolvedAttribute("id"),
+                UnresolvedFunction("current_date", Seq.empty, false)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    // TODO: add following case support
+    intercept[ParseException] {
+      parser.parsePlan("OPTIMIZE p zorder by (c1)")
+    }
+
+    intercept[ParseException] {
+      parser.parsePlan("OPTIMIZE p zorder by (c1, c2)")
+    }
+  }
+
+  test("OPTIMIZE partition predicates constraint") {
+    withTable("p") {
+      sql("CREATE TABLE p (c1 INT, c2 INT) PARTITIONED BY (event_date DATE)")
+      val e1 = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE p WHERE event_date = current_date as c ZORDER BY c1, c2")
+      }
+      assert(e1.getMessage.contains("unsupported partition predicates"))
+
+      val e2 = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE p WHERE c1 = 1 ZORDER BY c1, c2")
+      }
+      assert(e2.getMessage == "Only partition column filters are allowed")
+    }
+  }
+
+  def createParser: ParserInterface
 }
 
 trait ZorderWithCodegenEnabledSuiteBase extends ZorderSuiteBase {

From cff7eb6256ccf98b087f93d6c3c06903aba9084a Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 6 Jul 2023 17:11:29 +0800
Subject: [PATCH 480/760] [KYUUBI #5025] Use formatDuration instead of
 formatDurationVerbose in SparkUI's engine tab

### _Why are the changes needed?_

- previously used `formatDurationVerbose` generates duration with dedicated unit parts
- Spark UI itself also uses `formatDuration` in its Job/Stage pages for displaying duration
   - `JobDataUtil.getFormattedDuration` in AllJobsPage, and `formatDuration` used in `getFormattedDuration` , https://github.com/apache/spark/blob/v3.3.2/core/src/main/scala/org/apache/spark/ui/jobs/JobDataUtil.scala#L32

Before:
![image](https://github.com/apache/kyuubi/assets/1935105/e7fce841-5519-4bf9-bc04-701ea2a90dae)

After:
![image](https://github.com/apache/kyuubi/assets/1935105/b2805183-b7ea-4d4a-af9e-d532019dae31)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5025 from bowenliang123/format-duration.

Closes #5025

dc214acac [liangbowen] use formatDuration instead of formatDurationVerbose for duration in Engine tab

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/main/scala/org/apache/spark/ui/EnginePage.scala       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
index a2a2931f4..83626dac5 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
@@ -292,7 +292,7 @@ case class EnginePage(parent: EngineTab) extends WebUIPage("") {
         <td> {session.name} </td>
         <td> {formatDate(session.startTime)} </td>
         <td> {if (session.endTime > 0) formatDate(session.endTime)} </td>
-        <td> {formatDurationVerbose(session.duration)} </td>
+        <td> {formatDuration(session.duration)} </td>
         <td> {session.totalOperations} </td>
       </tr>
     }
@@ -386,7 +386,7 @@ private class StatementStatsPagedTable(
         {if (event.completeTime > 0) formatDate(event.completeTime)}
       </td>
       <td >
-        {formatDurationVerbose(event.duration)}
+        {formatDuration(event.duration)}
       </td>
       <td>
         <span class="description-input">

From 5512c6c60fbb11b62e6a8a0e1d27cb9b59ae0d1c Mon Sep 17 00:00:00 2001
From: ulysses-you <ulyssesyou18@gmail.com>
Date: Thu, 6 Jul 2023 18:22:23 +0800
Subject: [PATCH 481/760] [KYUUBI #5018] Make kyuubi spark extension compatible
 with Spark3.4

### _Why are the changes needed?_

The main change is copy code from `kyuubi-extension-spark-common_2.12` and `kyuubi-extension-spark-3-3`. The reason copy `kyuubi-extension-spark-common_2.12` is that, Spark3.4 v1 writes does not have ctas...

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5018 from ulysses-you/extension.

Closes #5018

1ca4951e1 [ulysses-you] fix
fb20bb1f0 [ulysses-you] fix
338a3120a [ulysses-you] rebase
241a436fd [ulysses-you] fix
70618f368 [ulysses-you] fix
5f5e2b7c8 [ulysses-you] fix
301ae5c04 [ulysses-you] fix
bb9416811 [ulysses-you] fix
a38595d0a [ulysses-you] copy
9dec27d6c [ulysses-you] copy

Authored-by: ulysses-you <ulyssesyou18@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .github/workflows/license.yml                 |   2 +-
 .github/workflows/style.yml                   |   1 +
 build/dist                                    |   2 +-
 dev/kyuubi-codecov/pom.xml                    |   5 +
 dev/reformat                                  |   2 +-
 .../spark/kyuubi-extension-spark-3-4/pom.xml  | 152 ++++
 .../org/apache/kyuubi/sql/KyuubiSparkSQL.g4   | 191 +++++
 .../kyuubi/sql/DropIgnoreNonexistent.scala    |  49 ++
 .../sql/InferRebalanceAndSortOrders.scala     | 110 +++
 .../sql/InsertShuffleNodeBeforeJoin.scala     |  91 +++
 .../kyuubi/sql/KyuubiEnsureRequirements.scala | 133 +++
 .../sql/KyuubiQueryStagePreparation.scala     | 194 +++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala | 268 ++++++
 .../sql/KyuubiSQLExtensionException.scala     |  28 +
 .../kyuubi/sql/KyuubiSparkSQLAstBuilder.scala | 173 ++++
 .../sql/KyuubiSparkSQLCommonExtension.scala   |  49 ++
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |  46 ++
 .../kyuubi/sql/KyuubiSparkSQLParser.scala     | 140 ++++
 .../kyuubi/sql/RebalanceBeforeWriting.scala   |  77 ++
 .../sql/RepartitionBeforeWritingBase.scala    | 125 +++
 .../org/apache/kyuubi/sql/WriteUtils.scala    |  34 +
 .../watchdog/ForcedMaxOutputRowsBase.scala    |  90 ++
 .../watchdog/ForcedMaxOutputRowsRule.scala    |  46 ++
 .../watchdog/KyuubiWatchDogException.scala    |  30 +
 .../kyuubi/sql/watchdog/MaxScanStrategy.scala | 305 +++++++
 .../zorder/InsertZorderBeforeWriting.scala    | 177 ++++
 .../InsertZorderBeforeWritingBase.scala       | 155 ++++
 .../zorder/OptimizeZorderCommandBase.scala    |  78 ++
 .../zorder/OptimizeZorderStatementBase.scala  |  34 +
 .../kyuubi/sql/zorder/ResolveZorderBase.scala |  79 ++
 .../apache/kyuubi/sql/zorder/ZorderBase.scala |  95 +++
 .../kyuubi/sql/zorder/ZorderBytesUtils.scala  | 517 ++++++++++++
 .../spark/sql/FinalStageResourceManager.scala | 249 ++++++
 .../sql/InjectCustomResourceProfile.scala     |  60 ++
 .../sql/PruneFileSourcePartitionHelper.scala  |  46 ++
 .../execution/CustomResourceProfileExec.scala | 112 +++
 .../src/test/resources/log4j2-test.xml        |  43 +
 .../sql/DropIgnoreNonexistentSuite.scala      |  45 +
 .../sql/FinalStageConfigIsolationSuite.scala  | 203 +++++
 .../sql/InjectResourceProfileSuite.scala      |  79 ++
 .../InsertShuffleNodeBeforeJoinSuite.scala    |  19 +
 ...InsertShuffleNodeBeforeJoinSuiteBase.scala |  98 +++
 .../sql/KyuubiSparkSQLExtensionTest.scala     | 124 +++
 .../sql/RebalanceBeforeWritingSuite.scala     | 271 ++++++
 .../org/apache/spark/sql/WatchDogSuite.scala  |  20 +
 .../apache/spark/sql/WatchDogSuiteBase.scala  | 601 ++++++++++++++
 .../spark/sql/ZorderCoreBenchmark.scala       | 117 +++
 .../org/apache/spark/sql/ZorderSuite.scala    | 123 +++
 .../apache/spark/sql/ZorderSuiteBase.scala    | 768 ++++++++++++++++++
 .../sql/benchmark/KyuubiBenchmarkBase.scala   |  71 ++
 pom.xml                                       |   1 +
 51 files changed, 6525 insertions(+), 3 deletions(-)
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/pom.xml
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala

diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index 17591dacb..91c53a7a1 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -45,7 +45,7 @@ jobs:
       - run: >-
           build/mvn org.apache.rat:apache-rat-plugin:check
           -Ptpcds -Pspark-block-cleaner -Pkubernetes-it
-          -Pspark-3.1 -Pspark-3.2 -Pspark-3.3
+          -Pspark-3.1 -Pspark-3.2 -Pspark-3.3 -Pspark-3.4
       - name: Upload rat report
         if: failure()
         uses: actions/upload-artifact@v3
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 479b74e36..11a9580c4 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -68,6 +68,7 @@ jobs:
           build/mvn clean install ${MVN_OPT} -Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.2,tpcds
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-kudu,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
+          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-4 -Pspark-3.4
 
       - name: Scalastyle with maven
         id: scalastyle-check
diff --git a/build/dist b/build/dist
index 4188c78bb..b81a2661e 100755
--- a/build/dist
+++ b/build/dist
@@ -335,7 +335,7 @@ if [[ -f "$KYUUBI_HOME/tools/spark-block-cleaner/target/spark-block-cleaner_${SC
 fi
 
 # Copy Kyuubi Spark extension
-SPARK_EXTENSION_VERSIONS=('3-1' '3-2' '3-3')
+SPARK_EXTENSION_VERSIONS=('3-1' '3-2' '3-3' '3-4')
 # shellcheck disable=SC2068
 for SPARK_EXTENSION_VERSION in ${SPARK_EXTENSION_VERSIONS[@]}; do
   if [[ -f $"$KYUUBI_HOME/extensions/spark/kyuubi-extension-spark-$SPARK_EXTENSION_VERSION/target/kyuubi-extension-spark-${SPARK_EXTENSION_VERSION}_${SCALA_VERSION}-${VERSION}.jar" ]]; then
diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index 3eb922129..3dfc7b986 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -212,6 +212,11 @@
         <profile>
             <id>spark-3.4</id>
             <dependencies>
+                <dependency>
+                    <groupId>org.apache.kyuubi</groupId>
+                    <artifactId>kyuubi-extension-spark-3-4_${scala.binary.version}</artifactId>
+                    <version>${project.version}</version>
+                </dependency>
                 <dependency>
                     <groupId>org.apache.kyuubi</groupId>
                     <artifactId>kyuubi-spark-connector-hive_${scala.binary.version}</artifactId>
diff --git a/dev/reformat b/dev/reformat
index 7c6ef7124..6346e68f6 100755
--- a/dev/reformat
+++ b/dev/reformat
@@ -20,7 +20,7 @@ set -x
 
 KYUUBI_HOME="$(cd "`dirname "$0"`/.."; pwd)"
 
-PROFILES="-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.3,spark-3.2,spark-3.1,tpcds"
+PROFILES="-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.4,spark-3.3,spark-3.2,spark-3.1,tpcds"
 
 # python style checks rely on `black` in path
 if ! command -v black &> /dev/null
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
new file mode 100644
index 000000000..947c03ea0
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.kyuubi</groupId>
+        <artifactId>kyuubi-parent</artifactId>
+        <version>1.8.0-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>kyuubi-extension-spark-3-4_2.12</artifactId>
+    <packaging>jar</packaging>
+    <name>Kyuubi Dev Spark Extensions (for Spark 3.4)</name>
+    <url>https://kyuubi.apache.org/</url>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.scala-lang</groupId>
+            <artifactId>scala-library</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-sql_${scala.binary.version}</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-hive_${scala.binary.version}</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-core_${scala.binary.version}</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-catalyst_${scala.binary.version}</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.scalatestplus</groupId>
+            <artifactId>scalacheck-1-17_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-sql_${scala.binary.version}</artifactId>
+            <version>${spark.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-runtime</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <!--
+          Spark requires `commons-collections` and `commons-io` but got them from transitive
+          dependencies of `hadoop-client`. As we are using Hadoop Shaded Client, we need add
+          them explicitly. See more details at SPARK-33212.
+          -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.xml.bind</groupId>
+            <artifactId>jakarta.xml.bind-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+
+        <plugins>
+            <plugin>
+                <groupId>org.antlr</groupId>
+                <artifactId>antlr4-maven-plugin</artifactId>
+                <configuration>
+                    <visitor>true</visitor>
+                    <sourceDirectory>${project.basedir}/src/main/antlr4</sourceDirectory>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <configuration>
+                    <shadedArtifactAttached>false</shadedArtifactAttached>
+                    <artifactSet>
+                        <includes>
+                            <include>org.apache.kyuubi:*</include>
+                        </includes>
+                    </artifactSet>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <phase>package</phase>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
+</project>
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4 b/extensions/spark/kyuubi-extension-spark-3-4/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
new file mode 100644
index 000000000..e52b7f5cf
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
@@ -0,0 +1,191 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+grammar KyuubiSparkSQL;
+
+@members {
+   /**
+    * Verify whether current token is a valid decimal token (which contains dot).
+    * Returns true if the character that follows the token is not a digit or letter or underscore.
+    *
+    * For example:
+    * For char stream "2.3", "2." is not a valid decimal token, because it is followed by digit '3'.
+    * For char stream "2.3_", "2.3" is not a valid decimal token, because it is followed by '_'.
+    * For char stream "2.3W", "2.3" is not a valid decimal token, because it is followed by 'W'.
+    * For char stream "12.0D 34.E2+0.12 "  12.0D is a valid decimal token because it is followed
+    * by a space. 34.E2 is a valid decimal token because it is followed by symbol '+'
+    * which is not a digit or letter or underscore.
+    */
+   public boolean isValidDecimal() {
+     int nextChar = _input.LA(1);
+     if (nextChar >= 'A' && nextChar <= 'Z' || nextChar >= '0' && nextChar <= '9' ||
+       nextChar == '_') {
+       return false;
+     } else {
+       return true;
+     }
+   }
+ }
+
+tokens {
+    DELIMITER
+}
+
+singleStatement
+    : statement EOF
+    ;
+
+statement
+    : OPTIMIZE multipartIdentifier whereClause? zorderClause        #optimizeZorder
+    | .*?                                                           #passThrough
+    ;
+
+whereClause
+    : WHERE partitionPredicate = predicateToken
+    ;
+
+zorderClause
+    : ZORDER BY order+=multipartIdentifier (',' order+=multipartIdentifier)*
+    ;
+
+// We don't have an expression rule in our grammar here, so we just grab the tokens and defer
+// parsing them to later.
+predicateToken
+    :  .+?
+    ;
+
+multipartIdentifier
+    : parts+=identifier ('.' parts+=identifier)*
+    ;
+
+identifier
+    : strictIdentifier
+    ;
+
+strictIdentifier
+    : IDENTIFIER              #unquotedIdentifier
+    | quotedIdentifier        #quotedIdentifierAlternative
+    | nonReserved             #unquotedIdentifier
+    ;
+
+quotedIdentifier
+    : BACKQUOTED_IDENTIFIER
+    ;
+
+nonReserved
+    : AND
+    | BY
+    | FALSE
+    | DATE
+    | INTERVAL
+    | OPTIMIZE
+    | OR
+    | TABLE
+    | TIMESTAMP
+    | TRUE
+    | WHERE
+    | ZORDER
+    ;
+
+AND: 'AND';
+BY: 'BY';
+FALSE: 'FALSE';
+DATE: 'DATE';
+INTERVAL: 'INTERVAL';
+OPTIMIZE: 'OPTIMIZE';
+OR: 'OR';
+TABLE: 'TABLE';
+TIMESTAMP: 'TIMESTAMP';
+TRUE: 'TRUE';
+WHERE: 'WHERE';
+ZORDER: 'ZORDER';
+
+MINUS: '-';
+
+BIGINT_LITERAL
+    : DIGIT+ 'L'
+    ;
+
+SMALLINT_LITERAL
+    : DIGIT+ 'S'
+    ;
+
+TINYINT_LITERAL
+    : DIGIT+ 'Y'
+    ;
+
+INTEGER_VALUE
+    : DIGIT+
+    ;
+
+DECIMAL_VALUE
+    : DIGIT+ EXPONENT
+    | DECIMAL_DIGITS EXPONENT? {isValidDecimal()}?
+    ;
+
+DOUBLE_LITERAL
+    : DIGIT+ EXPONENT? 'D'
+    | DECIMAL_DIGITS EXPONENT? 'D' {isValidDecimal()}?
+    ;
+
+BIGDECIMAL_LITERAL
+    : DIGIT+ EXPONENT? 'BD'
+    | DECIMAL_DIGITS EXPONENT? 'BD' {isValidDecimal()}?
+    ;
+
+BACKQUOTED_IDENTIFIER
+    : '`' ( ~'`' | '``' )* '`'
+    ;
+
+IDENTIFIER
+    : (LETTER | DIGIT | '_')+
+    ;
+
+fragment DECIMAL_DIGITS
+    : DIGIT+ '.' DIGIT*
+    | '.' DIGIT+
+    ;
+
+fragment EXPONENT
+    : 'E' [+-]? DIGIT+
+    ;
+
+fragment DIGIT
+    : [0-9]
+    ;
+
+fragment LETTER
+    : [A-Z]
+    ;
+
+SIMPLE_COMMENT
+    : '--' ~[\r\n]* '\r'? '\n'? -> channel(HIDDEN)
+    ;
+
+BRACKETED_COMMENT
+    : '/*' .*? '*/' -> channel(HIDDEN)
+    ;
+
+WS  : [ \r\n\t]+ -> channel(HIDDEN)
+    ;
+
+// Catch-all for anything we can't recognize.
+// We use this to be able to ignore and recover all the text
+// when splitting statements with DelimiterLexer
+UNRECOGNIZED
+    : .
+    ;
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala
new file mode 100644
index 000000000..e33632b8b
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedFunctionName, UnresolvedRelation}
+import org.apache.spark.sql.catalyst.plans.logical.{DropFunction, DropNamespace, LogicalPlan, NoopCommand, UncacheTable}
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.command.{AlterTableDropPartitionCommand, DropTableCommand}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+case class DropIgnoreNonexistent(session: SparkSession) extends Rule[LogicalPlan] {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(DROP_IGNORE_NONEXISTENT)) {
+      plan match {
+        case i @ AlterTableDropPartitionCommand(_, _, false, _, _) =>
+          i.copy(ifExists = true)
+        case i @ DropTableCommand(_, false, _, _) =>
+          i.copy(ifExists = true)
+        case i @ DropNamespace(_, false, _) =>
+          i.copy(ifExists = true)
+        case UncacheTable(u: UnresolvedRelation, false, _) =>
+          NoopCommand("UNCACHE TABLE", u.multipartIdentifier)
+        case DropFunction(u: UnresolvedFunctionName, false) =>
+          NoopCommand("DROP FUNCTION", u.multipartIdentifier)
+        case _ => plan
+      }
+    } else {
+      plan
+    }
+  }
+
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala
new file mode 100644
index 000000000..fcbf5c0a1
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import scala.annotation.tailrec
+
+import org.apache.spark.sql.catalyst.expressions.{Alias, Attribute, AttributeSet, Expression, NamedExpression, UnaryExpression}
+import org.apache.spark.sql.catalyst.planning.ExtractEquiJoinKeys
+import org.apache.spark.sql.catalyst.plans.{FullOuter, Inner, LeftAnti, LeftOuter, LeftSemi, RightOuter}
+import org.apache.spark.sql.catalyst.plans.logical.{Aggregate, Filter, LogicalPlan, Project, Sort, SubqueryAlias, View}
+
+/**
+ * Infer the columns for Rebalance and Sort to improve the compression ratio.
+ *
+ * For example
+ * {{{
+ *   INSERT INTO TABLE t PARTITION(p='a')
+ *   SELECT * FROM t1 JOIN t2 on t1.c1 = t2.c1
+ * }}}
+ * the inferred columns are: t1.c1
+ */
+object InferRebalanceAndSortOrders {
+
+  type PartitioningAndOrdering = (Seq[Expression], Seq[Expression])
+
+  private def getAliasMap(named: Seq[NamedExpression]): Map[Expression, Attribute] = {
+    @tailrec
+    def throughUnary(e: Expression): Expression = e match {
+      case u: UnaryExpression if u.deterministic =>
+        throughUnary(u.child)
+      case _ => e
+    }
+
+    named.flatMap {
+      case a @ Alias(child, _) =>
+        Some((throughUnary(child).canonicalized, a.toAttribute))
+      case _ => None
+    }.toMap
+  }
+
+  def infer(plan: LogicalPlan): Option[PartitioningAndOrdering] = {
+    def candidateKeys(
+        input: LogicalPlan,
+        output: AttributeSet = AttributeSet.empty): Option[PartitioningAndOrdering] = {
+      input match {
+        case ExtractEquiJoinKeys(joinType, leftKeys, rightKeys, _, _, _, _, _) =>
+          joinType match {
+            case LeftSemi | LeftAnti | LeftOuter => Some((leftKeys, leftKeys))
+            case RightOuter => Some((rightKeys, rightKeys))
+            case Inner | FullOuter =>
+              if (output.isEmpty) {
+                Some((leftKeys ++ rightKeys, leftKeys ++ rightKeys))
+              } else {
+                assert(leftKeys.length == rightKeys.length)
+                val keys = leftKeys.zip(rightKeys).flatMap { case (left, right) =>
+                  if (left.references.subsetOf(output)) {
+                    Some(left)
+                  } else if (right.references.subsetOf(output)) {
+                    Some(right)
+                  } else {
+                    None
+                  }
+                }
+                Some((keys, keys))
+              }
+            case _ => None
+          }
+        case agg: Aggregate =>
+          val aliasMap = getAliasMap(agg.aggregateExpressions)
+          Some((
+            agg.groupingExpressions.map(p => aliasMap.getOrElse(p.canonicalized, p)),
+            agg.groupingExpressions.map(o => aliasMap.getOrElse(o.canonicalized, o))))
+        case s: Sort => Some((s.order.map(_.child), s.order.map(_.child)))
+        case p: Project =>
+          val aliasMap = getAliasMap(p.projectList)
+          candidateKeys(p.child, p.references).map { case (partitioning, ordering) =>
+            (
+              partitioning.map(p => aliasMap.getOrElse(p.canonicalized, p)),
+              ordering.map(o => aliasMap.getOrElse(o.canonicalized, o)))
+          }
+        case f: Filter => candidateKeys(f.child, output)
+        case s: SubqueryAlias => candidateKeys(s.child, output)
+        case v: View => candidateKeys(v.child, output)
+
+        case _ => None
+      }
+    }
+
+    candidateKeys(plan).map { case (partitioning, ordering) =>
+      (
+        partitioning.filter(_.references.subsetOf(plan.outputSet)),
+        ordering.filter(_.references.subsetOf(plan.outputSet)))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala
new file mode 100644
index 000000000..1a02e8c1e
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.catalyst.plans.physical.Distribution
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{SortExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive.QueryStageExec
+import org.apache.spark.sql.execution.aggregate.BaseAggregateExec
+import org.apache.spark.sql.execution.exchange.{Exchange, ShuffleExchangeExec}
+import org.apache.spark.sql.execution.joins.{ShuffledHashJoinExec, SortMergeJoinExec}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * Insert shuffle node before join if it doesn't exist to make `OptimizeSkewedJoin` works.
+ */
+object InsertShuffleNodeBeforeJoin extends Rule[SparkPlan] {
+
+  override def apply(plan: SparkPlan): SparkPlan = {
+    // this rule has no meaning without AQE
+    if (!conf.getConf(FORCE_SHUFFLE_BEFORE_JOIN) ||
+      !conf.getConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED)) {
+      return plan
+    }
+
+    val newPlan = insertShuffleBeforeJoin(plan)
+    if (plan.fastEquals(newPlan)) {
+      plan
+    } else {
+      // make sure the output partitioning and ordering will not be broken.
+      KyuubiEnsureRequirements.apply(newPlan)
+    }
+  }
+
+  // Since spark 3.3, insertShuffleBeforeJoin shouldn't be applied if join is skewed.
+  private def insertShuffleBeforeJoin(plan: SparkPlan): SparkPlan = plan transformUp {
+    case smj @ SortMergeJoinExec(_, _, _, _, l, r, isSkewJoin) if !isSkewJoin =>
+      smj.withNewChildren(checkAndInsertShuffle(smj.requiredChildDistribution.head, l) ::
+        checkAndInsertShuffle(smj.requiredChildDistribution(1), r) :: Nil)
+
+    case shj: ShuffledHashJoinExec if !shj.isSkewJoin =>
+      if (!shj.left.isInstanceOf[Exchange] && !shj.right.isInstanceOf[Exchange]) {
+        shj.withNewChildren(withShuffleExec(shj.requiredChildDistribution.head, shj.left) ::
+          withShuffleExec(shj.requiredChildDistribution(1), shj.right) :: Nil)
+      } else if (!shj.left.isInstanceOf[Exchange]) {
+        shj.withNewChildren(
+          withShuffleExec(shj.requiredChildDistribution.head, shj.left) :: shj.right :: Nil)
+      } else if (!shj.right.isInstanceOf[Exchange]) {
+        shj.withNewChildren(
+          shj.left :: withShuffleExec(shj.requiredChildDistribution(1), shj.right) :: Nil)
+      } else {
+        shj
+      }
+  }
+
+  private def checkAndInsertShuffle(
+      distribution: Distribution,
+      child: SparkPlan): SparkPlan = child match {
+    case SortExec(_, _, _: Exchange, _) =>
+      child
+    case SortExec(_, _, _: QueryStageExec, _) =>
+      child
+    case sort @ SortExec(_, _, agg: BaseAggregateExec, _) =>
+      sort.withNewChildren(withShuffleExec(distribution, agg) :: Nil)
+    case _ =>
+      withShuffleExec(distribution, child)
+  }
+
+  private def withShuffleExec(distribution: Distribution, child: SparkPlan): SparkPlan = {
+    val numPartitions = distribution.requiredNumPartitions
+      .getOrElse(conf.numShufflePartitions)
+    ShuffleExchangeExec(distribution.createPartitioning(numPartitions), child)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala
new file mode 100644
index 000000000..a17e0a465
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.catalyst.expressions.SortOrder
+import org.apache.spark.sql.catalyst.plans.physical.{BroadcastDistribution, Distribution, UnspecifiedDistribution}
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{SortExec, SparkPlan}
+import org.apache.spark.sql.execution.exchange.{BroadcastExchangeExec, ShuffleExchangeExec}
+
+/**
+ * Copy from Apache Spark `EnsureRequirements`
+ *   1. remove reorder join predicates
+ *   2. remove shuffle pruning
+ */
+object KyuubiEnsureRequirements extends Rule[SparkPlan] {
+  private def ensureDistributionAndOrdering(operator: SparkPlan): SparkPlan = {
+    val requiredChildDistributions: Seq[Distribution] = operator.requiredChildDistribution
+    val requiredChildOrderings: Seq[Seq[SortOrder]] = operator.requiredChildOrdering
+    var children: Seq[SparkPlan] = operator.children
+    assert(requiredChildDistributions.length == children.length)
+    assert(requiredChildOrderings.length == children.length)
+
+    // Ensure that the operator's children satisfy their output distribution requirements.
+    children = children.zip(requiredChildDistributions).map {
+      case (child, distribution) if child.outputPartitioning.satisfies(distribution) =>
+        child
+      case (child, BroadcastDistribution(mode)) =>
+        BroadcastExchangeExec(mode, child)
+      case (child, distribution) =>
+        val numPartitions = distribution.requiredNumPartitions
+          .getOrElse(conf.numShufflePartitions)
+        ShuffleExchangeExec(distribution.createPartitioning(numPartitions), child)
+    }
+
+    // Get the indexes of children which have specified distribution requirements and need to have
+    // same number of partitions.
+    val childrenIndexes = requiredChildDistributions.zipWithIndex.filter {
+      case (UnspecifiedDistribution, _) => false
+      case (_: BroadcastDistribution, _) => false
+      case _ => true
+    }.map(_._2)
+
+    val childrenNumPartitions =
+      childrenIndexes.map(children(_).outputPartitioning.numPartitions).toSet
+
+    if (childrenNumPartitions.size > 1) {
+      // Get the number of partitions which is explicitly required by the distributions.
+      val requiredNumPartitions = {
+        val numPartitionsSet = childrenIndexes.flatMap {
+          index => requiredChildDistributions(index).requiredNumPartitions
+        }.toSet
+        assert(
+          numPartitionsSet.size <= 1,
+          s"$operator have incompatible requirements of the number of partitions for its children")
+        numPartitionsSet.headOption
+      }
+
+      // If there are non-shuffle children that satisfy the required distribution, we have
+      // some tradeoffs when picking the expected number of shuffle partitions:
+      // 1. We should avoid shuffling these children.
+      // 2. We should have a reasonable parallelism.
+      val nonShuffleChildrenNumPartitions =
+        childrenIndexes.map(children).filterNot(_.isInstanceOf[ShuffleExchangeExec])
+          .map(_.outputPartitioning.numPartitions)
+      val expectedChildrenNumPartitions =
+        if (nonShuffleChildrenNumPartitions.nonEmpty) {
+          if (nonShuffleChildrenNumPartitions.length == childrenIndexes.length) {
+            // Here we pick the max number of partitions among these non-shuffle children.
+            nonShuffleChildrenNumPartitions.max
+          } else {
+            // Here we pick the max number of partitions among these non-shuffle children as the
+            // expected number of shuffle partitions. However, if it's smaller than
+            // `conf.numShufflePartitions`, we pick `conf.numShufflePartitions` as the
+            // expected number of shuffle partitions.
+            math.max(nonShuffleChildrenNumPartitions.max, conf.defaultNumShufflePartitions)
+          }
+        } else {
+          childrenNumPartitions.max
+        }
+
+      val targetNumPartitions = requiredNumPartitions.getOrElse(expectedChildrenNumPartitions)
+
+      children = children.zip(requiredChildDistributions).zipWithIndex.map {
+        case ((child, distribution), index) if childrenIndexes.contains(index) =>
+          if (child.outputPartitioning.numPartitions == targetNumPartitions) {
+            child
+          } else {
+            val defaultPartitioning = distribution.createPartitioning(targetNumPartitions)
+            child match {
+              // If child is an exchange, we replace it with a new one having defaultPartitioning.
+              case ShuffleExchangeExec(_, c, _) => ShuffleExchangeExec(defaultPartitioning, c)
+              case _ => ShuffleExchangeExec(defaultPartitioning, child)
+            }
+          }
+
+        case ((child, _), _) => child
+      }
+    }
+
+    // Now that we've performed any necessary shuffles, add sorts to guarantee output orderings:
+    children = children.zip(requiredChildOrderings).map { case (child, requiredOrdering) =>
+      // If child.outputOrdering already satisfies the requiredOrdering, we do not need to sort.
+      if (SortOrder.orderingSatisfies(child.outputOrdering, requiredOrdering)) {
+        child
+      } else {
+        SortExec(requiredOrdering, global = false, child = child)
+      }
+    }
+
+    operator.withNewChildren(children)
+  }
+
+  def apply(plan: SparkPlan): SparkPlan = plan.transformUp {
+    case operator: SparkPlan =>
+      ensureDistributionAndOrdering(operator)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
new file mode 100644
index 000000000..a7fcbecd4
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
@@ -0,0 +1,194 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.adaptive.QueryStageExec
+import org.apache.spark.sql.execution.command.{ResetCommand, SetCommand}
+import org.apache.spark.sql.execution.exchange.{BroadcastExchangeLike, ReusedExchangeExec, ShuffleExchangeLike}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * This rule split stage into two parts:
+ *   1. previous stage
+ *   2. final stage
+ * For final stage, we can inject extra config. It's useful if we use repartition to optimize
+ * small files that needs bigger shuffle partition size than previous.
+ *
+ * Let's say we have a query with 3 stages, then the logical machine like:
+ *
+ * Set/Reset Command -> cleanup previousStage config if user set the spark config.
+ * Query -> AQE -> stage1 -> preparation (use previousStage to overwrite spark config)
+ *       -> AQE -> stage2 -> preparation (use spark config)
+ *       -> AQE -> stage3 -> preparation (use finalStage config to overwrite spark config,
+ *                                        store spark config to previousStage.)
+ *
+ * An example of the new finalStage config:
+ * `spark.sql.adaptive.advisoryPartitionSizeInBytes` ->
+ * `spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`
+ */
+case class FinalStageConfigIsolation(session: SparkSession) extends Rule[SparkPlan] {
+  import FinalStageConfigIsolation._
+
+  override def apply(plan: SparkPlan): SparkPlan = {
+    // this rule has no meaning without AQE
+    if (!conf.getConf(FINAL_STAGE_CONFIG_ISOLATION) ||
+      !conf.getConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED)) {
+      return plan
+    }
+
+    if (isFinalStage(plan)) {
+      // We can not get the whole plan at query preparation phase to detect if current plan is
+      // for writing, so we depend on a tag which is been injected at post resolution phase.
+      // Note: we should still do clean up previous config for non-final stage to avoid such case:
+      // the first statement is write, but the second statement is query.
+      if (conf.getConf(FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY) &&
+        !WriteUtils.isWrite(session, plan)) {
+        return plan
+      }
+
+      // set config for final stage
+      session.conf.getAll.filter(_._1.startsWith(FINAL_STAGE_CONFIG_PREFIX)).foreach {
+        case (k, v) =>
+          val sparkConfigKey = s"spark.sql.${k.substring(FINAL_STAGE_CONFIG_PREFIX.length)}"
+          val previousStageConfigKey =
+            s"$PREVIOUS_STAGE_CONFIG_PREFIX${k.substring(FINAL_STAGE_CONFIG_PREFIX.length)}"
+          // store the previous config only if we have not stored, to avoid some query only
+          // have one stage that will overwrite real config.
+          if (!session.sessionState.conf.contains(previousStageConfigKey)) {
+            val originalValue =
+              if (session.conf.getOption(sparkConfigKey).isDefined) {
+                session.sessionState.conf.getConfString(sparkConfigKey)
+              } else {
+                // the default value of config is None, so we need to use a internal tag
+                INTERNAL_UNSET_CONFIG_TAG
+              }
+            logInfo(s"Store config: $sparkConfigKey to previousStage, " +
+              s"original value: $originalValue ")
+            session.sessionState.conf.setConfString(previousStageConfigKey, originalValue)
+          }
+          logInfo(s"For final stage: set $sparkConfigKey = $v.")
+          session.conf.set(sparkConfigKey, v)
+      }
+    } else {
+      // reset config for previous stage
+      session.conf.getAll.filter(_._1.startsWith(PREVIOUS_STAGE_CONFIG_PREFIX)).foreach {
+        case (k, v) =>
+          val sparkConfigKey = s"spark.sql.${k.substring(PREVIOUS_STAGE_CONFIG_PREFIX.length)}"
+          logInfo(s"For previous stage: set $sparkConfigKey = $v.")
+          if (v == INTERNAL_UNSET_CONFIG_TAG) {
+            session.conf.unset(sparkConfigKey)
+          } else {
+            session.conf.set(sparkConfigKey, v)
+          }
+          // unset config so that we do not need to reset configs for every previous stage
+          session.conf.unset(k)
+      }
+    }
+
+    plan
+  }
+
+  /**
+   * Currently formula depend on AQE in Spark 3.1.1, not sure it can work in future.
+   */
+  private def isFinalStage(plan: SparkPlan): Boolean = {
+    var shuffleNum = 0
+    var broadcastNum = 0
+    var reusedNum = 0
+    var queryStageNum = 0
+
+    def collectNumber(p: SparkPlan): SparkPlan = {
+      p transform {
+        case shuffle: ShuffleExchangeLike =>
+          shuffleNum += 1
+          shuffle
+
+        case broadcast: BroadcastExchangeLike =>
+          broadcastNum += 1
+          broadcast
+
+        case reusedExchangeExec: ReusedExchangeExec =>
+          reusedNum += 1
+          reusedExchangeExec
+
+        // query stage is leaf node so we need to transform it manually
+        // compatible with Spark 3.5:
+        // SPARK-42101: table cache is a independent query stage, so do not need include it.
+        case queryStage: QueryStageExec if queryStage.nodeName != "TableCacheQueryStage" =>
+          queryStageNum += 1
+          collectNumber(queryStage.plan)
+          queryStage
+      }
+    }
+    collectNumber(plan)
+
+    if (shuffleNum == 0) {
+      // we don not care about broadcast stage here since it won't change partition number.
+      true
+    } else if (shuffleNum + broadcastNum + reusedNum == queryStageNum) {
+      true
+    } else {
+      false
+    }
+  }
+}
+object FinalStageConfigIsolation {
+  final val SQL_PREFIX = "spark.sql."
+  final val FINAL_STAGE_CONFIG_PREFIX = "spark.sql.finalStage."
+  final val PREVIOUS_STAGE_CONFIG_PREFIX = "spark.sql.previousStage."
+  final val INTERNAL_UNSET_CONFIG_TAG = "__INTERNAL_UNSET_CONFIG_TAG__"
+
+  def getPreviousStageConfigKey(configKey: String): Option[String] = {
+    if (configKey.startsWith(SQL_PREFIX)) {
+      Some(s"$PREVIOUS_STAGE_CONFIG_PREFIX${configKey.substring(SQL_PREFIX.length)}")
+    } else {
+      None
+    }
+  }
+}
+
+case class FinalStageConfigIsolationCleanRule(session: SparkSession) extends Rule[LogicalPlan] {
+  import FinalStageConfigIsolation._
+
+  override def apply(plan: LogicalPlan): LogicalPlan = plan match {
+    case set @ SetCommand(Some((k, Some(_)))) if k.startsWith(SQL_PREFIX) =>
+      checkAndUnsetPreviousStageConfig(k)
+      set
+
+    case reset @ ResetCommand(Some(k)) if k.startsWith(SQL_PREFIX) =>
+      checkAndUnsetPreviousStageConfig(k)
+      reset
+
+    case other => other
+  }
+
+  private def checkAndUnsetPreviousStageConfig(configKey: String): Unit = {
+    getPreviousStageConfigKey(configKey).foreach { previousStageConfigKey =>
+      if (session.sessionState.conf.contains(previousStageConfigKey)) {
+        logInfo(s"For previous stage: unset $previousStageConfigKey")
+        session.conf.unset(previousStageConfigKey)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
new file mode 100644
index 000000000..fa118a3e2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -0,0 +1,268 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.network.util.ByteUnit
+import org.apache.spark.sql.internal.SQLConf
+import org.apache.spark.sql.internal.SQLConf._
+
+object KyuubiSQLConf {
+
+  val INSERT_REPARTITION_BEFORE_WRITE =
+    buildConf("spark.sql.optimizer.insertRepartitionBeforeWrite.enabled")
+      .doc("Add repartition node at the top of query plan. An approach of merging small files.")
+      .version("1.2.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val INSERT_REPARTITION_NUM =
+    buildConf("spark.sql.optimizer.insertRepartitionNum")
+      .doc(s"The partition number if ${INSERT_REPARTITION_BEFORE_WRITE.key} is enabled. " +
+        s"If AQE is disabled, the default value is ${SQLConf.SHUFFLE_PARTITIONS.key}. " +
+        "If AQE is enabled, the default value is none that means depend on AQE. " +
+        "This config is used for Spark 3.1 only.")
+      .version("1.2.0")
+      .intConf
+      .createOptional
+
+  val DYNAMIC_PARTITION_INSERTION_REPARTITION_NUM =
+    buildConf("spark.sql.optimizer.dynamicPartitionInsertionRepartitionNum")
+      .doc(s"The partition number of each dynamic partition if " +
+        s"${INSERT_REPARTITION_BEFORE_WRITE.key} is enabled. " +
+        "We will repartition by dynamic partition columns to reduce the small file but that " +
+        "can cause data skew. This config is to extend the partition of dynamic " +
+        "partition column to avoid skew but may generate some small files.")
+      .version("1.2.0")
+      .intConf
+      .createWithDefault(100)
+
+  val FORCE_SHUFFLE_BEFORE_JOIN =
+    buildConf("spark.sql.optimizer.forceShuffleBeforeJoin.enabled")
+      .doc("Ensure shuffle node exists before shuffled join (shj and smj) to make AQE " +
+        "`OptimizeSkewedJoin` works (complex scenario join, multi table join).")
+      .version("1.2.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_STAGE_CONFIG_ISOLATION =
+    buildConf("spark.sql.optimizer.finalStageConfigIsolation.enabled")
+      .doc("If true, the final stage support use different config with previous stage. " +
+        "The prefix of final stage config key should be `spark.sql.finalStage.`." +
+        "For example, the raw spark config: `spark.sql.adaptive.advisoryPartitionSizeInBytes`, " +
+        "then the final stage config should be: " +
+        "`spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`.")
+      .version("1.2.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val SQL_CLASSIFICATION = "spark.sql.analyzer.classification"
+  val SQL_CLASSIFICATION_ENABLED =
+    buildConf("spark.sql.analyzer.classification.enabled")
+      .doc("When true, allows Kyuubi engine to judge this SQL's classification " +
+        s"and set `$SQL_CLASSIFICATION` back into sessionConf. " +
+        "Through this configuration item, Spark can optimizing configuration dynamic")
+      .version("1.4.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val INSERT_ZORDER_BEFORE_WRITING =
+    buildConf("spark.sql.optimizer.insertZorderBeforeWriting.enabled")
+      .doc("When true, we will follow target table properties to insert zorder or not. " +
+        "The key properties are: 1) kyuubi.zorder.enabled; if this property is true, we will " +
+        "insert zorder before writing data. 2) kyuubi.zorder.cols; string split by comma, we " +
+        "will zorder by these cols.")
+      .version("1.4.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val ZORDER_GLOBAL_SORT_ENABLED =
+    buildConf("spark.sql.optimizer.zorderGlobalSort.enabled")
+      .doc("When true, we do a global sort using zorder. Note that, it can cause data skew " +
+        "issue if the zorder columns have less cardinality. When false, we only do local sort " +
+        "using zorder.")
+      .version("1.4.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val REBALANCE_BEFORE_ZORDER =
+    buildConf("spark.sql.optimizer.rebalanceBeforeZorder.enabled")
+      .doc("When true, we do a rebalance before zorder in case data skew. " +
+        "Note that, if the insertion is dynamic partition we will use the partition " +
+        "columns to rebalance. Note that, this config only affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val REBALANCE_ZORDER_COLUMNS_ENABLED =
+    buildConf("spark.sql.optimizer.rebalanceZorderColumns.enabled")
+      .doc(s"When true and ${REBALANCE_BEFORE_ZORDER.key} is true, we do rebalance before " +
+        s"Z-Order. If it's dynamic partition insert, the rebalance expression will include " +
+        s"both partition columns and Z-Order columns. Note that, this config only " +
+        s"affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val TWO_PHASE_REBALANCE_BEFORE_ZORDER =
+    buildConf("spark.sql.optimizer.twoPhaseRebalanceBeforeZorder.enabled")
+      .doc(s"When true and ${REBALANCE_BEFORE_ZORDER.key} is true, we do two phase rebalance " +
+        s"before Z-Order for the dynamic partition write. The first phase rebalance using " +
+        s"dynamic partition column; The second phase rebalance using dynamic partition column + " +
+        s"Z-Order columns. Note that, this config only affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val ZORDER_USING_ORIGINAL_ORDERING_ENABLED =
+    buildConf("spark.sql.optimizer.zorderUsingOriginalOrdering.enabled")
+      .doc(s"When true and ${REBALANCE_BEFORE_ZORDER.key} is true, we do sort by " +
+        s"the original ordering i.e. lexicographical order. Note that, this config only " +
+        s"affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val WATCHDOG_MAX_PARTITIONS =
+    buildConf("spark.sql.watchdog.maxPartitions")
+      .doc("Set the max partition number when spark scans a data source. " +
+        "Enable maxPartitions Strategy by specifying this configuration. " +
+        "Add maxPartitions Strategy to avoid scan excessive partitions " +
+        "on partitioned table, it's optional that works with defined")
+      .version("1.4.0")
+      .intConf
+      .createOptional
+
+  val WATCHDOG_MAX_FILE_SIZE =
+    buildConf("spark.sql.watchdog.maxFileSize")
+      .doc("Set the maximum size in bytes of files when spark scans a data source. " +
+        "Enable maxFileSize Strategy by specifying this configuration. " +
+        "Add maxFileSize Strategy to avoid scan excessive size of files," +
+        " it's optional that works with defined")
+      .version("1.8.0")
+      .bytesConf(ByteUnit.BYTE)
+      .createOptional
+
+  val WATCHDOG_FORCED_MAXOUTPUTROWS =
+    buildConf("spark.sql.watchdog.forcedMaxOutputRows")
+      .doc("Add ForcedMaxOutputRows rule to avoid huge output rows of non-limit query " +
+        "unexpectedly, it's optional that works with defined")
+      .version("1.4.0")
+      .intConf
+      .createOptional
+
+  val DROP_IGNORE_NONEXISTENT =
+    buildConf("spark.sql.optimizer.dropIgnoreNonExistent")
+      .doc("Do not report an error if DROP DATABASE/TABLE/VIEW/FUNCTION/PARTITION specifies " +
+        "a non-existent database/table/view/function/partition")
+      .version("1.5.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val INFER_REBALANCE_AND_SORT_ORDERS =
+    buildConf("spark.sql.optimizer.inferRebalanceAndSortOrders.enabled")
+      .doc("When ture, infer columns for rebalance and sort orders from original query, " +
+        "e.g. the join keys from join. It can avoid compression ratio regression.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val INFER_REBALANCE_AND_SORT_ORDERS_MAX_COLUMNS =
+    buildConf("spark.sql.optimizer.inferRebalanceAndSortOrdersMaxColumns")
+      .doc("The max columns of inferred columns.")
+      .version("1.7.0")
+      .intConf
+      .checkValue(_ > 0, "must be positive number")
+      .createWithDefault(3)
+
+  val INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE =
+    buildConf("spark.sql.optimizer.insertRepartitionBeforeWriteIfNoShuffle.enabled")
+      .doc("When true, add repartition even if the original plan does not have shuffle.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY =
+    buildConf("spark.sql.optimizer.finalStageConfigIsolationWriteOnly.enabled")
+      .doc("When true, only enable final stage isolation for writing.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED =
+    buildConf("spark.sql.finalWriteStage.eagerlyKillExecutors.enabled")
+      .doc("When true, eagerly kill redundant executors before running final write stage.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE =
+    buildConf("spark.sql.finalWriteStage.skipKillingExecutorsForTableCache")
+      .doc("When true, skip killing executors if the plan has table caches.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val FINAL_WRITE_STAGE_PARTITION_FACTOR =
+    buildConf("spark.sql.finalWriteStage.retainExecutorsFactor")
+      .doc("If the target executors * factor < active executors, and " +
+        "target executors * factor > min executors, then kill redundant executors.")
+      .version("1.8.0")
+      .doubleConf
+      .checkValue(_ >= 1, "must be bigger than or equal to 1")
+      .createWithDefault(1.2)
+
+  val FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED =
+    buildConf("spark.sql.finalWriteStage.resourceIsolation.enabled")
+      .doc(
+        "When true, make final write stage resource isolation using custom RDD resource profile.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_EXECUTOR_CORES =
+    buildConf("spark.sql.finalWriteStage.executorCores")
+      .doc("Specify the executor core request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .intConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_MEMORY =
+    buildConf("spark.sql.finalWriteStage.executorMemory")
+      .doc("Specify the executor on heap memory request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_MEMORY_OVERHEAD =
+    buildConf("spark.sql.finalWriteStage.executorMemoryOverhead")
+      .doc("Specify the executor memory overhead request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_OFF_HEAP_MEMORY =
+    buildConf("spark.sql.finalWriteStage.executorOffHeapMemory")
+      .doc("Specify the executor off heap memory request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala
new file mode 100644
index 000000000..88c5a988f
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import java.sql.SQLException
+
+class KyuubiSQLExtensionException(reason: String, cause: Throwable)
+  extends SQLException(reason, cause) {
+
+  def this(reason: String) = {
+    this(reason, null)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
new file mode 100644
index 000000000..c937bd575
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
@@ -0,0 +1,173 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import scala.collection.JavaConverters.asScalaBufferConverter
+import scala.collection.mutable.ListBuffer
+
+import org.antlr.v4.runtime.ParserRuleContext
+import org.antlr.v4.runtime.misc.Interval
+import org.antlr.v4.runtime.tree.ParseTree
+import org.apache.spark.sql.catalyst.SQLConfHelper
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedAttribute, UnresolvedRelation, UnresolvedStar}
+import org.apache.spark.sql.catalyst.expressions._
+import org.apache.spark.sql.catalyst.parser.ParserUtils.withOrigin
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, Project, Sort}
+
+import org.apache.kyuubi.sql.KyuubiSparkSQLParser._
+import org.apache.kyuubi.sql.zorder.{OptimizeZorderStatement, Zorder}
+
+class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQLConfHelper {
+
+  def buildOptimizeStatement(
+      unparsedPredicateOptimize: UnparsedPredicateOptimize,
+      parseExpression: String => Expression): LogicalPlan = {
+
+    val UnparsedPredicateOptimize(tableIdent, tablePredicate, orderExpr) =
+      unparsedPredicateOptimize
+
+    val predicate = tablePredicate.map(parseExpression)
+    verifyPartitionPredicates(predicate)
+    val table = UnresolvedRelation(tableIdent)
+    val tableWithFilter = predicate match {
+      case Some(expr) => Filter(expr, table)
+      case None => table
+    }
+    val query =
+      Sort(
+        SortOrder(orderExpr, Ascending, NullsLast, Seq.empty) :: Nil,
+        conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED),
+        Project(Seq(UnresolvedStar(None)), tableWithFilter))
+    OptimizeZorderStatement(tableIdent, query)
+  }
+
+  private def verifyPartitionPredicates(predicates: Option[Expression]): Unit = {
+    predicates.foreach {
+      case p if !isLikelySelective(p) =>
+        throw new KyuubiSQLExtensionException(s"unsupported partition predicates: ${p.sql}")
+      case _ =>
+    }
+  }
+
+  /**
+   * Forked from Apache Spark's org.apache.spark.sql.catalyst.expressions.PredicateHelper
+   * The `PredicateHelper.isLikelySelective()` is available since Spark-3.3, forked for Spark
+   * that is lower than 3.3.
+   *
+   * Returns whether an expression is likely to be selective
+   */
+  private def isLikelySelective(e: Expression): Boolean = e match {
+    case Not(expr) => isLikelySelective(expr)
+    case And(l, r) => isLikelySelective(l) || isLikelySelective(r)
+    case Or(l, r) => isLikelySelective(l) && isLikelySelective(r)
+    case _: StringRegexExpression => true
+    case _: BinaryComparison => true
+    case _: In | _: InSet => true
+    case _: StringPredicate => true
+    case BinaryPredicate(_) => true
+    case _: MultiLikeBase => true
+    case _ => false
+  }
+
+  private object BinaryPredicate {
+    def unapply(expr: Expression): Option[Expression] = expr match {
+      case _: Contains => Option(expr)
+      case _: StartsWith => Option(expr)
+      case _: EndsWith => Option(expr)
+      case _ => None
+    }
+  }
+
+  /**
+   * Create an expression from the given context. This method just passes the context on to the
+   * visitor and only takes care of typing (We assume that the visitor returns an Expression here).
+   */
+  protected def expression(ctx: ParserRuleContext): Expression = typedVisit(ctx)
+
+  protected def multiPart(ctx: ParserRuleContext): Seq[String] = typedVisit(ctx)
+
+  override def visitSingleStatement(ctx: SingleStatementContext): LogicalPlan = {
+    visit(ctx.statement()).asInstanceOf[LogicalPlan]
+  }
+
+  override def visitOptimizeZorder(
+      ctx: OptimizeZorderContext): UnparsedPredicateOptimize = withOrigin(ctx) {
+    val tableIdent = multiPart(ctx.multipartIdentifier())
+
+    val predicate = Option(ctx.whereClause())
+      .map(_.partitionPredicate)
+      .map(extractRawText(_))
+
+    val zorderCols = ctx.zorderClause().order.asScala
+      .map(visitMultipartIdentifier)
+      .map(UnresolvedAttribute(_))
+
+    val orderExpr =
+      if (zorderCols.length == 1) {
+        zorderCols.head
+      } else {
+        Zorder(zorderCols)
+      }
+    UnparsedPredicateOptimize(tableIdent, predicate, orderExpr)
+  }
+
+  override def visitPassThrough(ctx: PassThroughContext): LogicalPlan = null
+
+  override def visitMultipartIdentifier(ctx: MultipartIdentifierContext): Seq[String] =
+    withOrigin(ctx) {
+      ctx.parts.asScala.map(_.getText)
+    }
+
+  override def visitZorderClause(ctx: ZorderClauseContext): Seq[UnresolvedAttribute] =
+    withOrigin(ctx) {
+      val res = ListBuffer[UnresolvedAttribute]()
+      ctx.multipartIdentifier().forEach { identifier =>
+        res += UnresolvedAttribute(identifier.parts.asScala.map(_.getText))
+      }
+      res
+    }
+
+  private def typedVisit[T](ctx: ParseTree): T = {
+    ctx.accept(this).asInstanceOf[T]
+  }
+
+  private def extractRawText(exprContext: ParserRuleContext): String = {
+    // Extract the raw expression which will be parsed later
+    exprContext.getStart.getInputStream.getText(new Interval(
+      exprContext.getStart.getStartIndex,
+      exprContext.getStop.getStopIndex))
+  }
+}
+
+/**
+ * a logical plan contains an unparsed expression that will be parsed by spark.
+ */
+trait UnparsedExpressionLogicalPlan extends LogicalPlan {
+  override def output: Seq[Attribute] = throw new UnsupportedOperationException()
+
+  override def children: Seq[LogicalPlan] = throw new UnsupportedOperationException()
+
+  protected def withNewChildrenInternal(
+      newChildren: IndexedSeq[LogicalPlan]): LogicalPlan =
+    throw new UnsupportedOperationException()
+}
+
+case class UnparsedPredicateOptimize(
+    tableIdent: Seq[String],
+    tablePredicate: Option[String],
+    orderExpr: Expression) extends UnparsedExpressionLogicalPlan {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
new file mode 100644
index 000000000..f39ad3cc3
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSessionExtensions
+
+import org.apache.kyuubi.sql.zorder.{InsertZorderBeforeWritingDatasource33, InsertZorderBeforeWritingHive33, ResolveZorder}
+
+class KyuubiSparkSQLCommonExtension extends (SparkSessionExtensions => Unit) {
+  override def apply(extensions: SparkSessionExtensions): Unit = {
+    KyuubiSparkSQLCommonExtension.injectCommonExtensions(extensions)
+  }
+}
+
+object KyuubiSparkSQLCommonExtension {
+  def injectCommonExtensions(extensions: SparkSessionExtensions): Unit = {
+    // inject zorder parser and related rules
+    extensions.injectParser { case (_, parser) => new SparkKyuubiSparkSQLParser(parser) }
+    extensions.injectResolutionRule(ResolveZorder)
+
+    // Note that:
+    // InsertZorderBeforeWritingDatasource and InsertZorderBeforeWritingHive
+    // should be applied before
+    // RepartitionBeforeWriting and RebalanceBeforeWriting
+    // because we can only apply one of them (i.e. Global Sort or Repartition/Rebalance)
+    extensions.injectPostHocResolutionRule(InsertZorderBeforeWritingDatasource33)
+    extensions.injectPostHocResolutionRule(InsertZorderBeforeWritingHive33)
+    extensions.injectPostHocResolutionRule(FinalStageConfigIsolationCleanRule)
+
+    extensions.injectQueryStagePrepRule(_ => InsertShuffleNodeBeforeJoin)
+
+    extensions.injectQueryStagePrepRule(FinalStageConfigIsolation(_))
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
new file mode 100644
index 000000000..5d3464228
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.{FinalStageResourceManager, InjectCustomResourceProfile, SparkSessionExtensions}
+
+import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxScanStrategy}
+
+// scalastyle:off line.size.limit
+/**
+ * Depend on Spark SQL Extension framework, we can use this extension follow steps
+ *   1. move this jar into $SPARK_HOME/jars
+ *   2. add config into `spark-defaults.conf`: `spark.sql.extensions=org.apache.kyuubi.sql.KyuubiSparkSQLExtension`
+ */
+// scalastyle:on line.size.limit
+class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
+  override def apply(extensions: SparkSessionExtensions): Unit = {
+    KyuubiSparkSQLCommonExtension.injectCommonExtensions(extensions)
+
+    extensions.injectPostHocResolutionRule(RebalanceBeforeWritingDatasource)
+    extensions.injectPostHocResolutionRule(RebalanceBeforeWritingHive)
+    extensions.injectPostHocResolutionRule(DropIgnoreNonexistent)
+
+    // watchdog extension
+    extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
+    extensions.injectPlannerStrategy(MaxScanStrategy)
+
+    extensions.injectQueryStagePrepRule(FinalStageResourceManager)
+    extensions.injectQueryStagePrepRule(InjectCustomResourceProfile)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
new file mode 100644
index 000000000..c4418c33c
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.antlr.v4.runtime._
+import org.antlr.v4.runtime.atn.PredictionMode
+import org.antlr.v4.runtime.misc.{Interval, ParseCancellationException}
+import org.apache.spark.sql.AnalysisException
+import org.apache.spark.sql.catalyst.{FunctionIdentifier, SQLConfHelper, TableIdentifier}
+import org.apache.spark.sql.catalyst.expressions.Expression
+import org.apache.spark.sql.catalyst.parser.{ParseErrorListener, ParseException, ParserInterface, PostProcessor}
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.trees.Origin
+import org.apache.spark.sql.types.{DataType, StructType}
+
+abstract class KyuubiSparkSQLParserBase extends ParserInterface with SQLConfHelper {
+  def delegate: ParserInterface
+  def astBuilder: KyuubiSparkSQLAstBuilder
+
+  override def parsePlan(sqlText: String): LogicalPlan = parse(sqlText) { parser =>
+    astBuilder.visit(parser.singleStatement()) match {
+      case optimize: UnparsedPredicateOptimize =>
+        astBuilder.buildOptimizeStatement(optimize, delegate.parseExpression)
+      case plan: LogicalPlan => plan
+      case _ => delegate.parsePlan(sqlText)
+    }
+  }
+
+  protected def parse[T](command: String)(toResult: KyuubiSparkSQLParser => T): T = {
+    val lexer = new KyuubiSparkSQLLexer(
+      new UpperCaseCharStream(CharStreams.fromString(command)))
+    lexer.removeErrorListeners()
+    lexer.addErrorListener(ParseErrorListener)
+
+    val tokenStream = new CommonTokenStream(lexer)
+    val parser = new KyuubiSparkSQLParser(tokenStream)
+    parser.addParseListener(PostProcessor)
+    parser.removeErrorListeners()
+    parser.addErrorListener(ParseErrorListener)
+
+    try {
+      try {
+        // first, try parsing with potentially faster SLL mode
+        parser.getInterpreter.setPredictionMode(PredictionMode.SLL)
+        toResult(parser)
+      } catch {
+        case _: ParseCancellationException =>
+          // if we fail, parse with LL mode
+          tokenStream.seek(0) // rewind input stream
+          parser.reset()
+
+          // Try Again.
+          parser.getInterpreter.setPredictionMode(PredictionMode.LL)
+          toResult(parser)
+      }
+    } catch {
+      case e: ParseException if e.command.isDefined =>
+        throw e
+      case e: ParseException =>
+        throw e.withCommand(command)
+      case e: AnalysisException =>
+        val position = Origin(e.line, e.startPosition)
+        throw new ParseException(Option(command), e.message, position, position)
+    }
+  }
+
+  override def parseExpression(sqlText: String): Expression = {
+    delegate.parseExpression(sqlText)
+  }
+
+  override def parseTableIdentifier(sqlText: String): TableIdentifier = {
+    delegate.parseTableIdentifier(sqlText)
+  }
+
+  override def parseFunctionIdentifier(sqlText: String): FunctionIdentifier = {
+    delegate.parseFunctionIdentifier(sqlText)
+  }
+
+  override def parseMultipartIdentifier(sqlText: String): Seq[String] = {
+    delegate.parseMultipartIdentifier(sqlText)
+  }
+
+  override def parseTableSchema(sqlText: String): StructType = {
+    delegate.parseTableSchema(sqlText)
+  }
+
+  override def parseDataType(sqlText: String): DataType = {
+    delegate.parseDataType(sqlText)
+  }
+
+  /**
+   * This functions was introduced since spark-3.3, for more details, please see
+   * https://github.com/apache/spark/pull/34543
+   */
+  override def parseQuery(sqlText: String): LogicalPlan = {
+    delegate.parseQuery(sqlText)
+  }
+}
+
+class SparkKyuubiSparkSQLParser(
+    override val delegate: ParserInterface)
+  extends KyuubiSparkSQLParserBase {
+  def astBuilder: KyuubiSparkSQLAstBuilder = new KyuubiSparkSQLAstBuilder
+}
+
+/* Copied from Apache Spark's to avoid dependency on Spark Internals */
+class UpperCaseCharStream(wrapped: CodePointCharStream) extends CharStream {
+  override def consume(): Unit = wrapped.consume()
+  override def getSourceName(): String = wrapped.getSourceName
+  override def index(): Int = wrapped.index
+  override def mark(): Int = wrapped.mark
+  override def release(marker: Int): Unit = wrapped.release(marker)
+  override def seek(where: Int): Unit = wrapped.seek(where)
+  override def size(): Int = wrapped.size
+
+  override def getText(interval: Interval): String = wrapped.getText(interval)
+
+  // scalastyle:off
+  override def LA(i: Int): Int = {
+    val la = wrapped.LA(i)
+    if (la == 0 || la == IntStream.EOF) la
+    else Character.toUpperCase(la)
+  }
+  // scalastyle:on
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala
new file mode 100644
index 000000000..3cbacdd2f
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.{Ascending, Attribute, SortOrder}
+import org.apache.spark.sql.catalyst.plans.logical._
+
+trait RepartitionBuilderWithRebalance extends RepartitionBuilder {
+  override def buildRepartition(
+      dynamicPartitionColumns: Seq[Attribute],
+      query: LogicalPlan): LogicalPlan = {
+    if (!conf.getConf(KyuubiSQLConf.INFER_REBALANCE_AND_SORT_ORDERS) ||
+      dynamicPartitionColumns.nonEmpty) {
+      RebalancePartitions(dynamicPartitionColumns, query)
+    } else {
+      val maxColumns = conf.getConf(KyuubiSQLConf.INFER_REBALANCE_AND_SORT_ORDERS_MAX_COLUMNS)
+      val inferred = InferRebalanceAndSortOrders.infer(query)
+      if (inferred.isDefined) {
+        val (partitioning, ordering) = inferred.get
+        val rebalance = RebalancePartitions(partitioning.take(maxColumns), query)
+        if (ordering.nonEmpty) {
+          val sortOrders = ordering.take(maxColumns).map(o => SortOrder(o, Ascending))
+          Sort(sortOrders, false, rebalance)
+        } else {
+          rebalance
+        }
+      } else {
+        RebalancePartitions(dynamicPartitionColumns, query)
+      }
+    }
+  }
+
+  override def canInsertRepartitionByExpression(plan: LogicalPlan): Boolean = {
+    super.canInsertRepartitionByExpression(plan) && {
+      plan match {
+        case _: RebalancePartitions => false
+        case _ => true
+      }
+    }
+  }
+}
+
+/**
+ * For datasource table, there two commands can write data to table
+ * 1. InsertIntoHadoopFsRelationCommand
+ * 2. CreateDataSourceTableAsSelectCommand
+ * This rule add a RebalancePartitions node between write and query
+ */
+case class RebalanceBeforeWritingDatasource(session: SparkSession)
+  extends RepartitionBeforeWritingDatasourceBase
+  with RepartitionBuilderWithRebalance {}
+
+/**
+ * For Hive table, there two commands can write data to table
+ * 1. InsertIntoHiveTable
+ * 2. CreateHiveTableAsSelectCommand
+ * This rule add a RebalancePartitions node between write and query
+ */
+case class RebalanceBeforeWritingHive(session: SparkSession)
+  extends RepartitionBeforeWritingHiveBase
+  with RepartitionBuilderWithRebalance {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala
new file mode 100644
index 000000000..3ebb9740f
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala
@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+import org.apache.spark.sql.internal.StaticSQLConf
+
+trait RepartitionBuilder extends Rule[LogicalPlan] with RepartitionBeforeWriteHelper {
+  def buildRepartition(
+      dynamicPartitionColumns: Seq[Attribute],
+      query: LogicalPlan): LogicalPlan
+}
+
+/**
+ * For datasource table, there two commands can write data to table
+ * 1. InsertIntoHadoopFsRelationCommand
+ * 2. CreateDataSourceTableAsSelectCommand
+ * This rule add a repartition node between write and query
+ */
+abstract class RepartitionBeforeWritingDatasourceBase extends RepartitionBuilder {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE)) {
+      addRepartition(plan)
+    } else {
+      plan
+    }
+  }
+
+  private def addRepartition(plan: LogicalPlan): LogicalPlan = plan match {
+    case i @ InsertIntoHadoopFsRelationCommand(_, sp, _, pc, bucket, _, _, query, _, _, _, _)
+        if query.resolved && bucket.isEmpty && canInsertRepartitionByExpression(query) =>
+      val dynamicPartitionColumns = pc.filterNot(attr => sp.contains(attr.name))
+      i.copy(query = buildRepartition(dynamicPartitionColumns, query))
+
+    case u @ Union(children, _, _) =>
+      u.copy(children = children.map(addRepartition))
+
+    case _ => plan
+  }
+}
+
+/**
+ * For Hive table, there two commands can write data to table
+ * 1. InsertIntoHiveTable
+ * 2. CreateHiveTableAsSelectCommand
+ * This rule add a repartition node between write and query
+ */
+abstract class RepartitionBeforeWritingHiveBase extends RepartitionBuilder {
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(StaticSQLConf.CATALOG_IMPLEMENTATION) == "hive" &&
+      conf.getConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE)) {
+      addRepartition(plan)
+    } else {
+      plan
+    }
+  }
+
+  def addRepartition(plan: LogicalPlan): LogicalPlan = plan match {
+    case i @ InsertIntoHiveTable(table, partition, query, _, _, _, _, _, _, _, _)
+        if query.resolved && table.bucketSpec.isEmpty && canInsertRepartitionByExpression(query) =>
+      val dynamicPartitionColumns = partition.filter(_._2.isEmpty).keys
+        .flatMap(name => query.output.find(_.name == name)).toSeq
+      i.copy(query = buildRepartition(dynamicPartitionColumns, query))
+
+    case u @ Union(children, _, _) =>
+      u.copy(children = children.map(addRepartition))
+
+    case _ => plan
+  }
+}
+
+trait RepartitionBeforeWriteHelper extends Rule[LogicalPlan] {
+  private def hasBenefit(plan: LogicalPlan): Boolean = {
+    def probablyHasShuffle: Boolean = plan.find {
+      case _: Join => true
+      case _: Aggregate => true
+      case _: Distinct => true
+      case _: Deduplicate => true
+      case _: Window => true
+      case s: Sort if s.global => true
+      case _: RepartitionOperation => true
+      case _: GlobalLimit => true
+      case _ => false
+    }.isDefined
+
+    conf.getConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE) || probablyHasShuffle
+  }
+
+  def canInsertRepartitionByExpression(plan: LogicalPlan): Boolean = {
+    def canInsert(p: LogicalPlan): Boolean = p match {
+      case Project(_, child) => canInsert(child)
+      case SubqueryAlias(_, child) => canInsert(child)
+      case Limit(_, _) => false
+      case _: Sort => false
+      case _: RepartitionByExpression => false
+      case _: Repartition => false
+      case _ => true
+    }
+
+    // 1. make sure AQE is enabled, otherwise it is no meaning to add a shuffle
+    // 2. make sure it does not break the semantics of original plan
+    // 3. try to avoid adding a shuffle if it has potential performance regression
+    conf.adaptiveExecutionEnabled && canInsert(plan) && hasBenefit(plan)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala
new file mode 100644
index 000000000..89dd83194
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.execution.{SparkPlan, UnionExec}
+import org.apache.spark.sql.execution.command.DataWritingCommandExec
+import org.apache.spark.sql.execution.datasources.v2.V2TableWriteExec
+
+object WriteUtils {
+  def isWrite(session: SparkSession, plan: SparkPlan): Boolean = {
+    plan match {
+      case _: DataWritingCommandExec => true
+      case _: V2TableWriteExec => true
+      case u: UnionExec if u.children.nonEmpty => u.children.forall(isWrite(session, _))
+      case _ => false
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala
new file mode 100644
index 000000000..4f897d1b6
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.spark.sql.catalyst.analysis.MultiInstanceRelation
+import org.apache.spark.sql.catalyst.dsl.expressions._
+import org.apache.spark.sql.catalyst.expressions.Alias
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.command.DataWritingCommand
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/*
+ * Add ForcedMaxOutputRows rule for output rows limitation
+ * to avoid huge output rows of non_limit query unexpectedly
+ * mainly applied to cases as below:
+ *
+ * case 1:
+ * {{{
+ *   SELECT [c1, c2, ...]
+ * }}}
+ *
+ * case 2:
+ * {{{
+ *   WITH CTE AS (
+ *   ...)
+ * SELECT [c1, c2, ...] FROM CTE ...
+ * }}}
+ *
+ * The Logical Rule add a GlobalLimit node before root project
+ * */
+trait ForcedMaxOutputRowsBase extends Rule[LogicalPlan] {
+
+  protected def isChildAggregate(a: Aggregate): Boolean
+
+  protected def canInsertLimitInner(p: LogicalPlan): Boolean = p match {
+    case Aggregate(_, Alias(_, "havingCondition") :: Nil, _) => false
+    case agg: Aggregate => !isChildAggregate(agg)
+    case _: RepartitionByExpression => true
+    case _: Distinct => true
+    case _: Filter => true
+    case _: Project => true
+    case Limit(_, _) => true
+    case _: Sort => true
+    case Union(children, _, _) =>
+      if (children.exists(_.isInstanceOf[DataWritingCommand])) {
+        false
+      } else {
+        true
+      }
+    case _: MultiInstanceRelation => true
+    case _: Join => true
+    case _ => false
+  }
+
+  protected def canInsertLimit(p: LogicalPlan, maxOutputRowsOpt: Option[Int]): Boolean = {
+    maxOutputRowsOpt match {
+      case Some(forcedMaxOutputRows) => canInsertLimitInner(p) &&
+        !p.maxRows.exists(_ <= forcedMaxOutputRows)
+      case None => false
+    }
+  }
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    val maxOutputRowsOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS)
+    plan match {
+      case p if p.resolved && canInsertLimit(p, maxOutputRowsOpt) =>
+        Limit(
+          maxOutputRowsOpt.get,
+          plan)
+      case _ => plan
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala
new file mode 100644
index 000000000..a3d990b10
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.{Aggregate, CommandResult, LogicalPlan, Union, WithCTE}
+import org.apache.spark.sql.execution.command.DataWritingCommand
+
+case class ForcedMaxOutputRowsRule(sparkSession: SparkSession) extends ForcedMaxOutputRowsBase {
+
+  override protected def isChildAggregate(a: Aggregate): Boolean = false
+
+  override protected def canInsertLimitInner(p: LogicalPlan): Boolean = p match {
+    case WithCTE(plan, _) => this.canInsertLimitInner(plan)
+    case plan: LogicalPlan => plan match {
+        case Union(children, _, _) => !children.exists {
+            case _: DataWritingCommand => true
+            case p: CommandResult if p.commandLogicalPlan.isInstanceOf[DataWritingCommand] => true
+            case _ => false
+          }
+        case _ => super.canInsertLimitInner(plan)
+      }
+  }
+
+  override protected def canInsertLimit(p: LogicalPlan, maxOutputRowsOpt: Option[Int]): Boolean = {
+    p match {
+      case WithCTE(plan, _) => this.canInsertLimit(plan, maxOutputRowsOpt)
+      case _ => super.canInsertLimit(p, maxOutputRowsOpt)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
new file mode 100644
index 000000000..e44309192
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+final class MaxPartitionExceedException(
+    private val reason: String = "",
+    private val cause: Throwable = None.orNull)
+  extends KyuubiSQLExtensionException(reason, cause)
+
+final class MaxFileSizeExceedException(
+    private val reason: String = "",
+    private val cause: Throwable = None.orNull)
+  extends KyuubiSQLExtensionException(reason, cause)
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
new file mode 100644
index 000000000..1ed55ebc2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
@@ -0,0 +1,305 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.hadoop.fs.Path
+import org.apache.spark.sql.{PruneFileSourcePartitionHelper, SparkSession, Strategy}
+import org.apache.spark.sql.catalyst.SQLConfHelper
+import org.apache.spark.sql.catalyst.catalog.{CatalogTable, HiveTableRelation}
+import org.apache.spark.sql.catalyst.planning.ScanOperation
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.datasources.{CatalogFileIndex, HadoopFsRelation, InMemoryFileIndex, LogicalRelation}
+import org.apache.spark.sql.types.StructType
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/**
+ * Add MaxScanStrategy to avoid scan excessive partitions or files
+ * 1. Check if scan exceed maxPartition of partitioned table
+ * 2. Check if scan exceed maxFileSize (calculated by hive table and partition statistics)
+ * This Strategy Add Planner Strategy after LogicalOptimizer
+ * @param session
+ */
+case class MaxScanStrategy(session: SparkSession)
+  extends Strategy
+  with SQLConfHelper
+  with PruneFileSourcePartitionHelper {
+  override def apply(plan: LogicalPlan): Seq[SparkPlan] = {
+    val maxScanPartitionsOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS)
+    val maxFileSizeOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE)
+    if (maxScanPartitionsOpt.isDefined || maxFileSizeOpt.isDefined) {
+      checkScan(plan, maxScanPartitionsOpt, maxFileSizeOpt)
+    }
+    Nil
+  }
+
+  private def checkScan(
+      plan: LogicalPlan,
+      maxScanPartitionsOpt: Option[Int],
+      maxFileSizeOpt: Option[Long]): Unit = {
+    plan match {
+      case ScanOperation(_, _, _, relation: HiveTableRelation) =>
+        if (relation.isPartitioned) {
+          relation.prunedPartitions match {
+            case Some(prunedPartitions) =>
+              if (maxScanPartitionsOpt.exists(_ < prunedPartitions.size)) {
+                throw new MaxPartitionExceedException(
+                  s"""
+                     |SQL job scan hive partition: ${prunedPartitions.size}
+                     |exceed restrict of hive scan maxPartition ${maxScanPartitionsOpt.get}
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+              lazy val scanFileSize = prunedPartitions.flatMap(_.stats).map(_.sizeInBytes).sum
+              if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+                throw partTableMaxFileExceedError(
+                  scanFileSize,
+                  maxFileSizeOpt.get,
+                  Some(relation.tableMeta),
+                  prunedPartitions.flatMap(_.storage.locationUri).map(_.toString),
+                  relation.partitionCols.map(_.name))
+              }
+            case _ =>
+              lazy val scanPartitions: Int = session
+                .sessionState.catalog.externalCatalog.listPartitionNames(
+                  relation.tableMeta.database,
+                  relation.tableMeta.identifier.table).size
+              if (maxScanPartitionsOpt.exists(_ < scanPartitions)) {
+                throw new MaxPartitionExceedException(
+                  s"""
+                     |Your SQL job scan a whole huge table without any partition filter,
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+
+              lazy val scanFileSize: BigInt =
+                relation.tableMeta.stats.map(_.sizeInBytes).getOrElse {
+                  session
+                    .sessionState.catalog.externalCatalog.listPartitions(
+                      relation.tableMeta.database,
+                      relation.tableMeta.identifier.table).flatMap(_.stats).map(_.sizeInBytes).sum
+                }
+              if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+                throw new MaxFileSizeExceedException(
+                  s"""
+                     |Your SQL job scan a whole huge table without any partition filter,
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+          }
+        } else {
+          lazy val scanFileSize = relation.tableMeta.stats.map(_.sizeInBytes).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              Some(relation.tableMeta))
+          }
+        }
+      case ScanOperation(
+            _,
+            _,
+            filters,
+            relation @ LogicalRelation(
+              fsRelation @ HadoopFsRelation(
+                fileIndex: InMemoryFileIndex,
+                partitionSchema,
+                _,
+                _,
+                _,
+                _),
+              _,
+              _,
+              _)) =>
+        if (fsRelation.partitionSchema.nonEmpty) {
+          val (partitionKeyFilters, dataFilter) =
+            getPartitionKeyFiltersAndDataFilters(
+              SparkSession.active,
+              relation,
+              partitionSchema,
+              filters,
+              relation.output)
+          val prunedPartitions = fileIndex.listFiles(
+            partitionKeyFilters.toSeq,
+            dataFilter)
+          if (maxScanPartitionsOpt.exists(_ < prunedPartitions.size)) {
+            throw maxPartitionExceedError(
+              prunedPartitions.size,
+              maxScanPartitionsOpt.get,
+              relation.catalogTable,
+              fileIndex.rootPaths,
+              fsRelation.partitionSchema)
+          }
+          lazy val scanFileSize = prunedPartitions.flatMap(_.files).map(_.getLen).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw partTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              relation.catalogTable,
+              fileIndex.rootPaths.map(_.toString),
+              fsRelation.partitionSchema.map(_.name))
+          }
+        } else {
+          lazy val scanFileSize = fileIndex.sizeInBytes
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              relation.catalogTable)
+          }
+        }
+      case ScanOperation(
+            _,
+            _,
+            filters,
+            logicalRelation @ LogicalRelation(
+              fsRelation @ HadoopFsRelation(
+                catalogFileIndex: CatalogFileIndex,
+                partitionSchema,
+                _,
+                _,
+                _,
+                _),
+              _,
+              _,
+              _)) =>
+        if (fsRelation.partitionSchema.nonEmpty) {
+          val (partitionKeyFilters, _) =
+            getPartitionKeyFiltersAndDataFilters(
+              SparkSession.active,
+              logicalRelation,
+              partitionSchema,
+              filters,
+              logicalRelation.output)
+
+          val fileIndex = catalogFileIndex.filterPartitions(
+            partitionKeyFilters.toSeq)
+
+          lazy val prunedPartitionSize = fileIndex.partitionSpec().partitions.size
+          if (maxScanPartitionsOpt.exists(_ < prunedPartitionSize)) {
+            throw maxPartitionExceedError(
+              prunedPartitionSize,
+              maxScanPartitionsOpt.get,
+              logicalRelation.catalogTable,
+              catalogFileIndex.rootPaths,
+              fsRelation.partitionSchema)
+          }
+
+          lazy val scanFileSize = fileIndex
+            .listFiles(Nil, Nil).flatMap(_.files).map(_.getLen).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw partTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              logicalRelation.catalogTable,
+              catalogFileIndex.rootPaths.map(_.toString),
+              fsRelation.partitionSchema.map(_.name))
+          }
+        } else {
+          lazy val scanFileSize = catalogFileIndex.sizeInBytes
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              logicalRelation.catalogTable)
+          }
+        }
+      case _ =>
+    }
+  }
+
+  def maxPartitionExceedError(
+      prunedPartitionSize: Int,
+      maxPartitionSize: Int,
+      tableMeta: Option[CatalogTable],
+      rootPaths: Seq[Path],
+      partitionSchema: StructType): Throwable = {
+    val truncatedPaths =
+      if (rootPaths.length > 5) {
+        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
+      } else {
+        rootPaths.mkString(",")
+      }
+
+    new MaxPartitionExceedException(
+      s"""
+         |SQL job scan data source partition: $prunedPartitionSize
+         |exceed restrict of data source scan maxPartition $maxPartitionSize
+         |You should optimize your SQL logical according partition structure
+         |or shorten query scope such as p_date, detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |RootPaths: $truncatedPaths
+         |Partition Structure: ${partitionSchema.map(_.name).mkString(", ")}
+         |""".stripMargin)
+  }
+
+  private def partTableMaxFileExceedError(
+      scanFileSize: Number,
+      maxFileSize: Long,
+      tableMeta: Option[CatalogTable],
+      rootPaths: Seq[String],
+      partitions: Seq[String]): Throwable = {
+    val truncatedPaths =
+      if (rootPaths.length > 5) {
+        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
+      } else {
+        rootPaths.mkString(",")
+      }
+
+    new MaxFileSizeExceedException(
+      s"""
+         |SQL job scan file size in bytes: $scanFileSize
+         |exceed restrict of table scan maxFileSize $maxFileSize
+         |You should optimize your SQL logical according partition structure
+         |or shorten query scope such as p_date, detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |RootPaths: $truncatedPaths
+         |Partition Structure: ${partitions.mkString(", ")}
+         |""".stripMargin)
+  }
+
+  private def nonPartTableMaxFileExceedError(
+      scanFileSize: Number,
+      maxFileSize: Long,
+      tableMeta: Option[CatalogTable]): Throwable = {
+    new MaxFileSizeExceedException(
+      s"""
+         |SQL job scan file size in bytes: $scanFileSize
+         |exceed restrict of table scan maxFileSize $maxFileSize
+         |detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |Location: ${tableMeta.map(_.location).getOrElse("")}
+         |""".stripMargin)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala
new file mode 100644
index 000000000..b3f98ec6d
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala
@@ -0,0 +1,177 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.expressions.{Ascending, Attribute, Expression, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, KyuubiSQLExtensionException}
+
+trait InsertZorderHelper33 extends Rule[LogicalPlan] with ZorderBuilder {
+  private val KYUUBI_ZORDER_ENABLED = "kyuubi.zorder.enabled"
+  private val KYUUBI_ZORDER_COLS = "kyuubi.zorder.cols"
+
+  def isZorderEnabled(props: Map[String, String]): Boolean = {
+    props.contains(KYUUBI_ZORDER_ENABLED) &&
+    "true".equalsIgnoreCase(props(KYUUBI_ZORDER_ENABLED)) &&
+    props.contains(KYUUBI_ZORDER_COLS)
+  }
+
+  def getZorderColumns(props: Map[String, String]): Seq[String] = {
+    val cols = props.get(KYUUBI_ZORDER_COLS)
+    assert(cols.isDefined)
+    cols.get.split(",").map(_.trim)
+  }
+
+  def canInsertZorder(query: LogicalPlan): Boolean = query match {
+    case Project(_, child) => canInsertZorder(child)
+    // TODO: actually, we can force zorder even if existed some shuffle
+    case _: Sort => false
+    case _: RepartitionByExpression => false
+    case _: Repartition => false
+    case _ => true
+  }
+
+  def insertZorder(
+      catalogTable: CatalogTable,
+      plan: LogicalPlan,
+      dynamicPartitionColumns: Seq[Attribute]): LogicalPlan = {
+    if (!canInsertZorder(plan)) {
+      return plan
+    }
+    val cols = getZorderColumns(catalogTable.properties)
+    val resolver = session.sessionState.conf.resolver
+    val output = plan.output
+    val bound = cols.flatMap(col => output.find(attr => resolver(attr.name, col)))
+    if (bound.size < cols.size) {
+      logWarning(s"target table does not contain all zorder cols: ${cols.mkString(",")}, " +
+        s"please check your table properties ${KYUUBI_ZORDER_COLS}.")
+      plan
+    } else {
+      if (conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED) &&
+        conf.getConf(KyuubiSQLConf.REBALANCE_BEFORE_ZORDER)) {
+        throw new KyuubiSQLExtensionException(s"${KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key} " +
+          s"and ${KyuubiSQLConf.REBALANCE_BEFORE_ZORDER.key} can not be enabled together.")
+      }
+      if (conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED) &&
+        dynamicPartitionColumns.nonEmpty) {
+        logWarning(s"Dynamic partition insertion with global sort may produce small files.")
+      }
+
+      val zorderExpr =
+        if (bound.length == 1) {
+          bound
+        } else if (conf.getConf(KyuubiSQLConf.ZORDER_USING_ORIGINAL_ORDERING_ENABLED)) {
+          bound.asInstanceOf[Seq[Expression]]
+        } else {
+          buildZorder(bound) :: Nil
+        }
+      val (global, orderExprs, child) =
+        if (conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED)) {
+          (true, zorderExpr, plan)
+        } else if (conf.getConf(KyuubiSQLConf.REBALANCE_BEFORE_ZORDER)) {
+          val rebalanceExpr =
+            if (dynamicPartitionColumns.isEmpty) {
+              // static partition insert
+              bound
+            } else if (conf.getConf(KyuubiSQLConf.REBALANCE_ZORDER_COLUMNS_ENABLED)) {
+              // improve data compression ratio
+              dynamicPartitionColumns.asInstanceOf[Seq[Expression]] ++ bound
+            } else {
+              dynamicPartitionColumns.asInstanceOf[Seq[Expression]]
+            }
+          // for dynamic partition insert, Spark always sort the partition columns,
+          // so here we sort partition columns + zorder.
+          val rebalance =
+            if (dynamicPartitionColumns.nonEmpty &&
+              conf.getConf(KyuubiSQLConf.TWO_PHASE_REBALANCE_BEFORE_ZORDER)) {
+              // improve compression ratio
+              RebalancePartitions(
+                rebalanceExpr,
+                RebalancePartitions(dynamicPartitionColumns, plan))
+            } else {
+              RebalancePartitions(rebalanceExpr, plan)
+            }
+          (false, dynamicPartitionColumns.asInstanceOf[Seq[Expression]] ++ zorderExpr, rebalance)
+        } else {
+          (false, zorderExpr, plan)
+        }
+      val order = orderExprs.map { expr =>
+        SortOrder(expr, Ascending, NullsLast, Seq.empty)
+      }
+      Sort(order, global, child)
+    }
+  }
+
+  override def buildZorder(children: Seq[Expression]): ZorderBase = Zorder(children)
+
+  def session: SparkSession
+  def applyInternal(plan: LogicalPlan): LogicalPlan
+
+  final override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING)) {
+      applyInternal(plan)
+    } else {
+      plan
+    }
+  }
+}
+
+case class InsertZorderBeforeWritingDatasource33(session: SparkSession)
+  extends InsertZorderHelper33 {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHadoopFsRelationCommand
+        if insert.query.resolved &&
+          insert.bucketSpec.isEmpty && insert.catalogTable.isDefined &&
+          isZorderEnabled(insert.catalogTable.get.properties) =>
+      val dynamicPartition =
+        insert.partitionColumns.filterNot(attr => insert.staticPartitions.contains(attr.name))
+      val newQuery = insertZorder(insert.catalogTable.get, insert.query, dynamicPartition)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+
+    case _ => plan
+  }
+}
+
+case class InsertZorderBeforeWritingHive33(session: SparkSession)
+  extends InsertZorderHelper33 {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHiveTable
+        if insert.query.resolved &&
+          insert.table.bucketSpec.isEmpty && isZorderEnabled(insert.table.properties) =>
+      val dynamicPartition = insert.partition.filter(_._2.isEmpty).keys
+        .flatMap(name => insert.query.output.find(_.name == name)).toSeq
+      val newQuery = insertZorder(insert.table, insert.query, dynamicPartition)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+
+    case _ => plan
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala
new file mode 100644
index 000000000..2c59d148e
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala
@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import java.util.Locale
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.expressions.{Ascending, Expression, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing datasource if the target table properties has zorder properties
+ */
+abstract class InsertZorderBeforeWritingDatasourceBase
+  extends InsertZorderHelper {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHadoopFsRelationCommand
+        if insert.query.resolved && insert.bucketSpec.isEmpty && insert.catalogTable.isDefined &&
+          isZorderEnabled(insert.catalogTable.get.properties) =>
+      val newQuery = insertZorder(insert.catalogTable.get, insert.query)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+    case _ => plan
+  }
+}
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing hive if the target table properties has zorder properties
+ */
+abstract class InsertZorderBeforeWritingHiveBase
+  extends InsertZorderHelper {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHiveTable
+        if insert.query.resolved && insert.table.bucketSpec.isEmpty &&
+          isZorderEnabled(insert.table.properties) =>
+      val newQuery = insertZorder(insert.table, insert.query)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+    case _ => plan
+  }
+}
+
+trait ZorderBuilder {
+  def buildZorder(children: Seq[Expression]): ZorderBase
+}
+
+trait InsertZorderHelper extends Rule[LogicalPlan] with ZorderBuilder {
+  private val KYUUBI_ZORDER_ENABLED = "kyuubi.zorder.enabled"
+  private val KYUUBI_ZORDER_COLS = "kyuubi.zorder.cols"
+
+  def isZorderEnabled(props: Map[String, String]): Boolean = {
+    props.contains(KYUUBI_ZORDER_ENABLED) &&
+    "true".equalsIgnoreCase(props(KYUUBI_ZORDER_ENABLED)) &&
+    props.contains(KYUUBI_ZORDER_COLS)
+  }
+
+  def getZorderColumns(props: Map[String, String]): Seq[String] = {
+    val cols = props.get(KYUUBI_ZORDER_COLS)
+    assert(cols.isDefined)
+    cols.get.split(",").map(_.trim.toLowerCase(Locale.ROOT))
+  }
+
+  def canInsertZorder(query: LogicalPlan): Boolean = query match {
+    case Project(_, child) => canInsertZorder(child)
+    // TODO: actually, we can force zorder even if existed some shuffle
+    case _: Sort => false
+    case _: RepartitionByExpression => false
+    case _: Repartition => false
+    case _ => true
+  }
+
+  def insertZorder(catalogTable: CatalogTable, plan: LogicalPlan): LogicalPlan = {
+    if (!canInsertZorder(plan)) {
+      return plan
+    }
+    val cols = getZorderColumns(catalogTable.properties)
+    val attrs = plan.output.map(attr => (attr.name, attr)).toMap
+    if (cols.exists(!attrs.contains(_))) {
+      logWarning(s"target table does not contain all zorder cols: ${cols.mkString(",")}, " +
+        s"please check your table properties ${KYUUBI_ZORDER_COLS}.")
+      plan
+    } else {
+      val bound = cols.map(attrs(_))
+      val orderExpr =
+        if (bound.length == 1) {
+          bound.head
+        } else {
+          buildZorder(bound)
+        }
+      // TODO: We can do rebalance partitions before local sort of zorder after SPARK 3.3
+      //   see https://github.com/apache/spark/pull/34542
+      Sort(
+        SortOrder(orderExpr, Ascending, NullsLast, Seq.empty) :: Nil,
+        conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED),
+        plan)
+    }
+  }
+
+  def applyInternal(plan: LogicalPlan): LogicalPlan
+
+  final override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING)) {
+      applyInternal(plan)
+    } else {
+      plan
+    }
+  }
+}
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing datasource if the target table properties has zorder properties
+ */
+case class InsertZorderBeforeWritingDatasource(session: SparkSession)
+  extends InsertZorderBeforeWritingDatasourceBase {
+  override def buildZorder(children: Seq[Expression]): ZorderBase = Zorder(children)
+}
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing hive if the target table properties has zorder properties
+ */
+case class InsertZorderBeforeWritingHive(session: SparkSession)
+  extends InsertZorderBeforeWritingHiveBase {
+  override def buildZorder(children: Seq[Expression]): ZorderBase = Zorder(children)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala
new file mode 100644
index 000000000..21d1cf2a2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.command.DataWritingCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+/**
+ * A runnable command for zorder, we delegate to real command to execute
+ */
+abstract class OptimizeZorderCommandBase extends DataWritingCommand {
+  def catalogTable: CatalogTable
+
+  override def outputColumnNames: Seq[String] = query.output.map(_.name)
+
+  private def isHiveTable: Boolean = {
+    catalogTable.provider.isEmpty ||
+    (catalogTable.provider.isDefined && "hive".equalsIgnoreCase(catalogTable.provider.get))
+  }
+
+  private def getWritingCommand(session: SparkSession): DataWritingCommand = {
+    // TODO: Support convert hive relation to datasource relation, can see
+    //  [[org.apache.spark.sql.hive.RelationConversions]]
+    InsertIntoHiveTable(
+      catalogTable,
+      catalogTable.partitionColumnNames.map(p => (p, None)).toMap,
+      query,
+      overwrite = true,
+      ifPartitionNotExists = false,
+      outputColumnNames)
+  }
+
+  override def run(session: SparkSession, child: SparkPlan): Seq[Row] = {
+    // TODO: Support datasource relation
+    // TODO: Support read and insert overwrite the same table for some table format
+    if (!isHiveTable) {
+      throw new KyuubiSQLExtensionException("only support hive table")
+    }
+
+    val command = getWritingCommand(session)
+    command.run(session, child)
+    DataWritingCommand.propogateMetrics(session.sparkContext, command, metrics)
+    Seq.empty
+  }
+}
+
+/**
+ * A runnable command for zorder, we delegate to real command to execute
+ */
+case class OptimizeZorderCommand(
+    catalogTable: CatalogTable,
+    query: LogicalPlan)
+  extends OptimizeZorderCommandBase {
+  protected def withNewChildInternal(newChild: LogicalPlan): LogicalPlan = {
+    copy(query = newChild)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
new file mode 100644
index 000000000..895f9e24b
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
+
+/**
+ * A zorder statement that contains we parsed from SQL.
+ * We should convert this plan to certain command at Analyzer.
+ */
+case class OptimizeZorderStatement(
+    tableIdentifier: Seq[String],
+    query: LogicalPlan) extends UnaryNode {
+  override def child: LogicalPlan = query
+  override def output: Seq[Attribute] = child.output
+  protected def withNewChildInternal(newChild: LogicalPlan): LogicalPlan =
+    copy(query = newChild)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
new file mode 100644
index 000000000..9f735caa7
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.TableIdentifier
+import org.apache.spark.sql.catalyst.catalog.{CatalogTable, HiveTableRelation}
+import org.apache.spark.sql.catalyst.expressions.AttributeSet
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, SubqueryAlias}
+import org.apache.spark.sql.catalyst.rules.Rule
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+/**
+ * Resolve `OptimizeZorderStatement` to `OptimizeZorderCommand`
+ */
+abstract class ResolveZorderBase extends Rule[LogicalPlan] {
+  def session: SparkSession
+  def buildOptimizeZorderCommand(
+      catalogTable: CatalogTable,
+      query: LogicalPlan): OptimizeZorderCommandBase
+
+  protected def checkQueryAllowed(query: LogicalPlan): Unit = query foreach {
+    case Filter(condition, SubqueryAlias(_, tableRelation: HiveTableRelation)) =>
+      if (tableRelation.partitionCols.isEmpty) {
+        throw new KyuubiSQLExtensionException("Filters are only supported for partitioned table")
+      }
+
+      val partitionKeyIds = AttributeSet(tableRelation.partitionCols)
+      if (condition.references.isEmpty || !condition.references.subsetOf(partitionKeyIds)) {
+        throw new KyuubiSQLExtensionException("Only partition column filters are allowed")
+      }
+
+    case _ =>
+  }
+
+  protected def getTableIdentifier(tableIdent: Seq[String]): TableIdentifier = tableIdent match {
+    case Seq(tbl) => TableIdentifier.apply(tbl)
+    case Seq(db, tbl) => TableIdentifier.apply(tbl, Some(db))
+    case _ => throw new KyuubiSQLExtensionException(
+        "only support session catalog table, please use db.table instead")
+  }
+
+  override def apply(plan: LogicalPlan): LogicalPlan = plan match {
+    case statement: OptimizeZorderStatement if statement.query.resolved =>
+      checkQueryAllowed(statement.query)
+      val tableIdentifier = getTableIdentifier(statement.tableIdentifier)
+      val catalogTable = session.sessionState.catalog.getTableMetadata(tableIdentifier)
+      buildOptimizeZorderCommand(catalogTable, statement.query)
+
+    case _ => plan
+  }
+}
+
+/**
+ * Resolve `OptimizeZorderStatement` to `OptimizeZorderCommand`
+ */
+case class ResolveZorder(session: SparkSession) extends ResolveZorderBase {
+  override def buildOptimizeZorderCommand(
+      catalogTable: CatalogTable,
+      query: LogicalPlan): OptimizeZorderCommandBase = {
+    OptimizeZorderCommand(catalogTable, query)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala
new file mode 100644
index 000000000..e4d98ccbe
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.analysis.TypeCheckResult
+import org.apache.spark.sql.catalyst.expressions.Expression
+import org.apache.spark.sql.catalyst.expressions.codegen.{CodegenContext, ExprCode, FalseLiteral}
+import org.apache.spark.sql.catalyst.expressions.codegen.Block._
+import org.apache.spark.sql.types.{BinaryType, DataType}
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+abstract class ZorderBase extends Expression {
+  override def foldable: Boolean = children.forall(_.foldable)
+  override def nullable: Boolean = false
+  override def dataType: DataType = BinaryType
+  override def prettyName: String = "zorder"
+
+  override def checkInputDataTypes(): TypeCheckResult = {
+    try {
+      defaultNullValues
+      TypeCheckResult.TypeCheckSuccess
+    } catch {
+      case e: KyuubiSQLExtensionException =>
+        TypeCheckResult.TypeCheckFailure(e.getMessage)
+    }
+  }
+
+  @transient
+  private[this] lazy val defaultNullValues: Array[Any] =
+    children.map(_.dataType)
+      .map(ZorderBytesUtils.defaultValue)
+      .toArray
+
+  override def eval(input: InternalRow): Any = {
+    val childrenValues = children.zipWithIndex.map {
+      case (child: Expression, index) =>
+        val v = child.eval(input)
+        if (v == null) {
+          defaultNullValues(index)
+        } else {
+          v
+        }
+    }
+    ZorderBytesUtils.interleaveBits(childrenValues.toArray)
+  }
+
+  override protected def doGenCode(ctx: CodegenContext, ev: ExprCode): ExprCode = {
+    val evals = children.map(_.genCode(ctx))
+    val defaultValues = ctx.addReferenceObj("defaultValues", defaultNullValues)
+    val values = ctx.freshName("values")
+    val util = ZorderBytesUtils.getClass.getName.stripSuffix("$")
+    val inputs = evals.zipWithIndex.map {
+      case (eval, index) =>
+        s"""
+           |${eval.code}
+           |if (${eval.isNull}) {
+           |  $values[$index] = $defaultValues[$index];
+           |} else {
+           |  $values[$index] = ${eval.value};
+           |}
+           |""".stripMargin
+    }
+    ev.copy(
+      code =
+        code"""
+              |byte[] ${ev.value} = null;
+              |Object[] $values = new Object[${evals.length}];
+              |${inputs.mkString("\n")}
+              |${ev.value} = $util.interleaveBits($values);
+              |""".stripMargin,
+      isNull = FalseLiteral)
+  }
+}
+
+case class Zorder(children: Seq[Expression]) extends ZorderBase {
+  protected def withNewChildrenInternal(newChildren: IndexedSeq[Expression]): Expression =
+    copy(children = newChildren)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala
new file mode 100644
index 000000000..d249f1dc3
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala
@@ -0,0 +1,517 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import java.lang.{Double => jDouble, Float => jFloat}
+
+import org.apache.spark.sql.types._
+import org.apache.spark.unsafe.types.UTF8String
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+object ZorderBytesUtils {
+  final private val BIT_8_MASK = 1 << 7
+  final private val BIT_16_MASK = 1 << 15
+  final private val BIT_32_MASK = 1 << 31
+  final private val BIT_64_MASK = 1L << 63
+
+  def interleaveBits(inputs: Array[Any]): Array[Byte] = {
+    inputs.length match {
+      // it's a more fast approach, use O(8 * 8)
+      // can see http://graphics.stanford.edu/~seander/bithacks.html#InterleaveTableObvious
+      case 1 => longToByte(toLong(inputs(0)))
+      case 2 => interleave2Longs(toLong(inputs(0)), toLong(inputs(1)))
+      case 3 => interleave3Longs(toLong(inputs(0)), toLong(inputs(1)), toLong(inputs(2)))
+      case 4 =>
+        interleave4Longs(toLong(inputs(0)), toLong(inputs(1)), toLong(inputs(2)), toLong(inputs(3)))
+      case 5 => interleave5Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)))
+      case 6 => interleave6Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)),
+          toLong(inputs(5)))
+      case 7 => interleave7Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)),
+          toLong(inputs(5)),
+          toLong(inputs(6)))
+      case 8 => interleave8Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)),
+          toLong(inputs(5)),
+          toLong(inputs(6)),
+          toLong(inputs(7)))
+
+      case _ =>
+        // it's the default approach, use O(64 * n), n is the length of inputs
+        interleaveBitsDefault(inputs.map(toByteArray))
+    }
+  }
+
+  private def interleave2Longs(l1: Long, l2: Long): Array[Byte] = {
+    // output 8 * 16 bits
+    val result = new Array[Byte](16)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toShort
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toShort
+
+      var z = 0
+      var j = 0
+      while (j < 8) {
+        val x_masked = tmp1 & (1 << j)
+        val y_masked = tmp2 & (1 << j)
+        z |= (x_masked << j)
+        z |= (y_masked << (j + 1))
+        j = j + 1
+      }
+      result((7 - i) * 2 + 1) = (z & 0xFF).toByte
+      result((7 - i) * 2) = ((z >> 8) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave3Longs(l1: Long, l2: Long, l3: Long): Array[Byte] = {
+    // output 8 * 24 bits
+    val result = new Array[Byte](24)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toInt
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toInt
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toInt
+
+      var z = 0
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        z |= (r1_mask << (2 * j)) | (r2_mask << (2 * j + 1)) | (r3_mask << (2 * j + 2))
+        j = j + 1
+      }
+      result((7 - i) * 3 + 2) = (z & 0xFF).toByte
+      result((7 - i) * 3 + 1) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 3) = ((z >> 16) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave4Longs(l1: Long, l2: Long, l3: Long, l4: Long): Array[Byte] = {
+    // output 8 * 32 bits
+    val result = new Array[Byte](32)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toInt
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toInt
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toInt
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toInt
+
+      var z = 0
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        z |= (r1_mask << (3 * j)) | (r2_mask << (3 * j + 1)) | (r3_mask << (3 * j + 2)) |
+          (r4_mask << (3 * j + 3))
+        j = j + 1
+      }
+      result((7 - i) * 4 + 3) = (z & 0xFF).toByte
+      result((7 - i) * 4 + 2) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 4 + 1) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 4) = ((z >> 24) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave5Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long): Array[Byte] = {
+    // output 8 * 40 bits
+    val result = new Array[Byte](40)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        z |= (r1_mask << (4 * j)) | (r2_mask << (4 * j + 1)) | (r3_mask << (4 * j + 2)) |
+          (r4_mask << (4 * j + 3)) | (r5_mask << (4 * j + 4))
+        j = j + 1
+      }
+      result((7 - i) * 5 + 4) = (z & 0xFF).toByte
+      result((7 - i) * 5 + 3) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 5 + 2) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 5 + 1) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 5) = ((z >> 32) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave6Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long,
+      l6: Long): Array[Byte] = {
+    // output 8 * 48 bits
+    val result = new Array[Byte](48)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+      val tmp6 = ((l6 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        val r6_mask = tmp6 & (1 << j)
+        z |= (r1_mask << (5 * j)) | (r2_mask << (5 * j + 1)) | (r3_mask << (5 * j + 2)) |
+          (r4_mask << (5 * j + 3)) | (r5_mask << (5 * j + 4)) | (r6_mask << (5 * j + 5))
+        j = j + 1
+      }
+      result((7 - i) * 6 + 5) = (z & 0xFF).toByte
+      result((7 - i) * 6 + 4) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 6 + 3) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 6 + 2) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 6 + 1) = ((z >> 32) & 0xFF).toByte
+      result((7 - i) * 6) = ((z >> 40) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave7Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long,
+      l6: Long,
+      l7: Long): Array[Byte] = {
+    // output 8 * 56 bits
+    val result = new Array[Byte](56)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+      val tmp6 = ((l6 >> (i * 8)) & 0xFF).toLong
+      val tmp7 = ((l7 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        val r6_mask = tmp6 & (1 << j)
+        val r7_mask = tmp7 & (1 << j)
+        z |= (r1_mask << (6 * j)) | (r2_mask << (6 * j + 1)) | (r3_mask << (6 * j + 2)) |
+          (r4_mask << (6 * j + 3)) | (r5_mask << (6 * j + 4)) | (r6_mask << (6 * j + 5)) |
+          (r7_mask << (6 * j + 6))
+        j = j + 1
+      }
+      result((7 - i) * 7 + 6) = (z & 0xFF).toByte
+      result((7 - i) * 7 + 5) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 7 + 4) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 7 + 3) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 7 + 2) = ((z >> 32) & 0xFF).toByte
+      result((7 - i) * 7 + 1) = ((z >> 40) & 0xFF).toByte
+      result((7 - i) * 7) = ((z >> 48) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave8Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long,
+      l6: Long,
+      l7: Long,
+      l8: Long): Array[Byte] = {
+    // output 8 * 64 bits
+    val result = new Array[Byte](64)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+      val tmp6 = ((l6 >> (i * 8)) & 0xFF).toLong
+      val tmp7 = ((l7 >> (i * 8)) & 0xFF).toLong
+      val tmp8 = ((l8 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        val r6_mask = tmp6 & (1 << j)
+        val r7_mask = tmp7 & (1 << j)
+        val r8_mask = tmp8 & (1 << j)
+        z |= (r1_mask << (7 * j)) | (r2_mask << (7 * j + 1)) | (r3_mask << (7 * j + 2)) |
+          (r4_mask << (7 * j + 3)) | (r5_mask << (7 * j + 4)) | (r6_mask << (7 * j + 5)) |
+          (r7_mask << (7 * j + 6)) | (r8_mask << (7 * j + 7))
+        j = j + 1
+      }
+      result((7 - i) * 8 + 7) = (z & 0xFF).toByte
+      result((7 - i) * 8 + 6) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 8 + 5) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 8 + 4) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 8 + 3) = ((z >> 32) & 0xFF).toByte
+      result((7 - i) * 8 + 2) = ((z >> 40) & 0xFF).toByte
+      result((7 - i) * 8 + 1) = ((z >> 48) & 0xFF).toByte
+      result((7 - i) * 8) = ((z >> 56) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  def interleaveBitsDefault(arrays: Array[Array[Byte]]): Array[Byte] = {
+    var totalLength = 0
+    var maxLength = 0
+    arrays.foreach { array =>
+      totalLength += array.length
+      maxLength = maxLength.max(array.length * 8)
+    }
+    val result = new Array[Byte](totalLength)
+    var resultBit = 0
+
+    var bit = 0
+    while (bit < maxLength) {
+      val bytePos = bit / 8
+      val bitPos = bit % 8
+
+      for (arr <- arrays) {
+        val len = arr.length
+        if (bytePos < len) {
+          val resultBytePos = totalLength - 1 - resultBit / 8
+          val resultBitPos = resultBit % 8
+          result(resultBytePos) =
+            updatePos(result(resultBytePos), resultBitPos, arr(len - 1 - bytePos), bitPos)
+          resultBit += 1
+        }
+      }
+      bit += 1
+    }
+    result
+  }
+
+  def updatePos(a: Byte, apos: Int, b: Byte, bpos: Int): Byte = {
+    var temp = (b & (1 << bpos)).toByte
+    if (apos > bpos) {
+      temp = (temp << (apos - bpos)).toByte
+    } else if (apos < bpos) {
+      temp = (temp >> (bpos - apos)).toByte
+    }
+    val atemp = (a & (1 << apos)).toByte
+    if (atemp == temp) {
+      return a
+    }
+    (a ^ (1 << apos)).toByte
+  }
+
+  def toLong(a: Any): Long = {
+    a match {
+      case b: Boolean => (if (b) 1 else 0).toLong ^ BIT_64_MASK
+      case b: Byte => b.toLong ^ BIT_64_MASK
+      case s: Short => s.toLong ^ BIT_64_MASK
+      case i: Int => i.toLong ^ BIT_64_MASK
+      case l: Long => l ^ BIT_64_MASK
+      case f: Float => java.lang.Float.floatToRawIntBits(f).toLong ^ BIT_64_MASK
+      case d: Double => java.lang.Double.doubleToRawLongBits(d) ^ BIT_64_MASK
+      case str: UTF8String => str.getPrefix
+      case dec: Decimal => dec.toLong ^ BIT_64_MASK
+      case other: Any =>
+        throw new KyuubiSQLExtensionException("Unsupported z-order type: " + other.getClass)
+    }
+  }
+
+  def toByteArray(a: Any): Array[Byte] = {
+    a match {
+      case bo: Boolean =>
+        booleanToByte(bo)
+      case b: Byte =>
+        byteToByte(b)
+      case s: Short =>
+        shortToByte(s)
+      case i: Int =>
+        intToByte(i)
+      case l: Long =>
+        longToByte(l)
+      case f: Float =>
+        floatToByte(f)
+      case d: Double =>
+        doubleToByte(d)
+      case str: UTF8String =>
+        // truncate or padding str to 8 byte
+        paddingTo8Byte(str.getBytes)
+      case dec: Decimal =>
+        longToByte(dec.toLong)
+      case other: Any =>
+        throw new KyuubiSQLExtensionException("Unsupported z-order type: " + other.getClass)
+    }
+  }
+
+  def booleanToByte(a: Boolean): Array[Byte] = {
+    if (a) {
+      byteToByte(1.toByte)
+    } else {
+      byteToByte(0.toByte)
+    }
+  }
+
+  def byteToByte(a: Byte): Array[Byte] = {
+    val tmp = (a ^ BIT_8_MASK).toByte
+    Array(tmp)
+  }
+
+  def shortToByte(a: Short): Array[Byte] = {
+    val tmp = a ^ BIT_16_MASK
+    Array(((tmp >> 8) & 0xFF).toByte, (tmp & 0xFF).toByte)
+  }
+
+  def intToByte(a: Int): Array[Byte] = {
+    val result = new Array[Byte](4)
+    var i = 0
+    val tmp = a ^ BIT_32_MASK
+    while (i <= 3) {
+      val offset = i * 8
+      result(3 - i) = ((tmp >> offset) & 0xFF).toByte
+      i += 1
+    }
+    result
+  }
+
+  def longToByte(a: Long): Array[Byte] = {
+    val result = new Array[Byte](8)
+    var i = 0
+    val tmp = a ^ BIT_64_MASK
+    while (i <= 7) {
+      val offset = i * 8
+      result(7 - i) = ((tmp >> offset) & 0xFF).toByte
+      i += 1
+    }
+    result
+  }
+
+  def floatToByte(a: Float): Array[Byte] = {
+    val fi = jFloat.floatToRawIntBits(a)
+    intToByte(fi)
+  }
+
+  def doubleToByte(a: Double): Array[Byte] = {
+    val dl = jDouble.doubleToRawLongBits(a)
+    longToByte(dl)
+  }
+
+  def paddingTo8Byte(a: Array[Byte]): Array[Byte] = {
+    val len = a.length
+    if (len == 8) {
+      a
+    } else if (len > 8) {
+      val result = new Array[Byte](8)
+      System.arraycopy(a, 0, result, 0, 8)
+      result
+    } else {
+      val result = new Array[Byte](8)
+      System.arraycopy(a, 0, result, 8 - len, len)
+      result
+    }
+  }
+
+  def defaultByteArrayValue(dataType: DataType): Array[Byte] = toByteArray {
+    defaultValue(dataType)
+  }
+
+  def defaultValue(dataType: DataType): Any = {
+    dataType match {
+      case BooleanType =>
+        true
+      case ByteType =>
+        Byte.MaxValue
+      case ShortType =>
+        Short.MaxValue
+      case IntegerType | DateType =>
+        Int.MaxValue
+      case LongType | TimestampType | _: DecimalType =>
+        Long.MaxValue
+      case FloatType =>
+        Float.MaxValue
+      case DoubleType =>
+        Double.MaxValue
+      case StringType =>
+        // we pad string to 8 bytes so it's equal to long
+        UTF8String.fromBytes(longToByte(Long.MaxValue))
+      case other: Any =>
+        throw new KyuubiSQLExtensionException(s"Unsupported z-order type: ${other.catalogString}")
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
new file mode 100644
index 000000000..16002dfa0
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -0,0 +1,249 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.spark.{ExecutorAllocationClient, MapOutputTrackerMaster, SparkContext, SparkEnv}
+import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive._
+import org.apache.spark.sql.execution.columnar.InMemoryTableScanExec
+import org.apache.spark.sql.execution.command.DataWritingCommandExec
+import org.apache.spark.sql.execution.datasources.WriteFilesExec
+import org.apache.spark.sql.execution.datasources.v2.V2TableWriteExec
+import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeExec}
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, WriteUtils}
+
+/**
+ * This rule assumes the final write stage has less cores requirement than previous, otherwise
+ * this rule would take no effect.
+ *
+ * It provide a feature:
+ * 1. Kill redundant executors before running final write stage
+ */
+case class FinalStageResourceManager(session: SparkSession)
+  extends Rule[SparkPlan] with FinalRebalanceStageHelper {
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED)) {
+      return plan
+    }
+
+    if (!WriteUtils.isWrite(session, plan)) {
+      return plan
+    }
+
+    val sc = session.sparkContext
+    val dra = sc.getConf.getBoolean("spark.dynamicAllocation.enabled", false)
+    val coresPerExecutor = sc.getConf.getInt("spark.executor.cores", 1)
+    val minExecutors = sc.getConf.getInt("spark.dynamicAllocation.minExecutors", 0)
+    val maxExecutors = sc.getConf.getInt("spark.dynamicAllocation.maxExecutors", Int.MaxValue)
+    val factor = conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_PARTITION_FACTOR)
+    val hasImprovementRoom = maxExecutors - 1 > minExecutors * factor
+    // Fast fail if:
+    // 1. DRA off
+    // 2. only work with yarn and k8s
+    // 3. maxExecutors is not bigger than minExecutors * factor
+    if (!dra || !sc.schedulerBackend.isInstanceOf[CoarseGrainedSchedulerBackend] ||
+      !hasImprovementRoom) {
+      return plan
+    }
+
+    val stageOpt = findFinalRebalanceStage(plan)
+    if (stageOpt.isEmpty) {
+      return plan
+    }
+
+    // It's not safe to kill executors if this plan contains table cache.
+    // If the executor loses then the rdd would re-compute those partition.
+    if (hasTableCache(plan) &&
+      conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE)) {
+      return plan
+    }
+
+    // TODO: move this to query stage optimizer when updating Spark to 3.5.x
+    // Since we are in `prepareQueryStage`, the AQE shuffle read has not been applied.
+    // So we need to apply it by self.
+    val shuffleRead = queryStageOptimizerRules.foldLeft(stageOpt.get.asInstanceOf[SparkPlan]) {
+      case (latest, rule) => rule.apply(latest)
+    }
+    val (targetCores, stage) = shuffleRead match {
+      case AQEShuffleReadExec(stage: ShuffleQueryStageExec, partitionSpecs) =>
+        (partitionSpecs.length, stage)
+      case stage: ShuffleQueryStageExec =>
+        // we can still kill executors if no AQE shuffle read, e.g., `.repartition(2)`
+        (stage.shuffle.numPartitions, stage)
+      case _ =>
+        // it should never happen in current Spark, but to be safe do nothing if happens
+        logWarning("BUG, Please report to Apache Kyuubi community")
+        return plan
+    }
+    // The condition whether inject custom resource profile:
+    // - target executors < active executors
+    // - active executors - target executors > min executors
+    val numActiveExecutors = sc.getExecutorIds().length
+    val targetExecutors = (math.ceil(targetCores.toFloat / coresPerExecutor) * factor).toInt
+      .max(1)
+    val hasBenefits = targetExecutors < numActiveExecutors &&
+      (numActiveExecutors - targetExecutors) > minExecutors
+    logInfo(s"The snapshot of current executors view, " +
+      s"active executors: $numActiveExecutors, min executor: $minExecutors, " +
+      s"target executors: $targetExecutors, has benefits: $hasBenefits")
+    if (hasBenefits) {
+      val shuffleId = stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleDependency.shuffleId
+      val numReduce = stage.plan.asInstanceOf[ShuffleExchangeExec].numPartitions
+      // Now, there is only a final rebalance stage waiting to execute and all tasks of previous
+      // stage are finished. Kill redundant existed executors eagerly so the tasks of final
+      // stage can be centralized scheduled.
+      killExecutors(sc, targetExecutors, shuffleId, numReduce)
+    }
+
+    plan
+  }
+
+  /**
+   * The priority of kill executors follow:
+   * 1. kill executor who is younger than other (The older the JIT works better)
+   * 2. kill executor who produces less shuffle data first
+   */
+  private def findExecutorToKill(
+      sc: SparkContext,
+      targetExecutors: Int,
+      shuffleId: Int,
+      numReduce: Int): Seq[String] = {
+    val tracker = SparkEnv.get.mapOutputTracker.asInstanceOf[MapOutputTrackerMaster]
+    val shuffleStatusOpt = tracker.shuffleStatuses.get(shuffleId)
+    if (shuffleStatusOpt.isEmpty) {
+      return Seq.empty
+    }
+    val shuffleStatus = shuffleStatusOpt.get
+    val executorToBlockSize = new mutable.HashMap[String, Long]
+    shuffleStatus.withMapStatuses { mapStatus =>
+      mapStatus.foreach { status =>
+        var i = 0
+        var sum = 0L
+        while (i < numReduce) {
+          sum += status.getSizeForBlock(i)
+          i += 1
+        }
+        executorToBlockSize.getOrElseUpdate(status.location.executorId, sum)
+      }
+    }
+
+    val backend = sc.schedulerBackend.asInstanceOf[CoarseGrainedSchedulerBackend]
+    val executorsWithRegistrationTs = backend.getExecutorsWithRegistrationTs()
+    val existedExecutors = executorsWithRegistrationTs.keys.toSet
+    val expectedNumExecutorToKill = existedExecutors.size - targetExecutors
+    if (expectedNumExecutorToKill < 1) {
+      return Seq.empty
+    }
+
+    val executorIdsToKill = new ArrayBuffer[String]()
+    // We first kill executor who does not hold shuffle block. It would happen because
+    // the last stage is running fast and finished in a short time. The existed executors are
+    // from previous stages that have not been killed by DRA, so we can not find it by tracking
+    // shuffle status.
+    // We should evict executors by their alive time first and retain all of executors which
+    // have better locality for shuffle block.
+    executorsWithRegistrationTs.toSeq.sortBy(_._2).foreach { case (id, _) =>
+      if (executorIdsToKill.length < expectedNumExecutorToKill &&
+        !executorToBlockSize.contains(id)) {
+        executorIdsToKill.append(id)
+      }
+    }
+
+    // Evict the rest executors according to the shuffle block size
+    executorToBlockSize.toSeq.sortBy(_._2).foreach { case (id, _) =>
+      if (executorIdsToKill.length < expectedNumExecutorToKill && existedExecutors.contains(id)) {
+        executorIdsToKill.append(id)
+      }
+    }
+
+    executorIdsToKill.toSeq
+  }
+
+  private def killExecutors(
+      sc: SparkContext,
+      targetExecutors: Int,
+      shuffleId: Int,
+      numReduce: Int): Unit = {
+    val executorAllocationClient = sc.schedulerBackend.asInstanceOf[ExecutorAllocationClient]
+
+    val executorsToKill = findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+    logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
+      s"[${executorsToKill.mkString(", ")}].")
+    if (executorsToKill.isEmpty) {
+      return
+    }
+
+    // Note, `SparkContext#killExecutors` does not allow with DRA enabled,
+    // see `https://github.com/apache/spark/pull/20604`.
+    // It may cause the status in `ExecutorAllocationManager` inconsistent with
+    // `CoarseGrainedSchedulerBackend` for a while. But it should be synchronous finally.
+    //
+    // We should adjust target num executors, otherwise `YarnAllocator` might re-request original
+    // target executors if DRA has not updated target executors yet.
+    // Note, DRA would re-adjust executors if there are more tasks to be executed, so we are safe.
+    //
+    //  * We kill executor
+    //      * YarnAllocator re-request target executors
+    //         * DRA can not release executors since they are new added
+    // ----------------------------------------------------------------> timeline
+    executorAllocationClient.killExecutors(
+      executorIds = executorsToKill,
+      adjustTargetNumExecutors = true,
+      countFailures = false,
+      force = false)
+  }
+
+  @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
+    OptimizeSkewInRebalancePartitions,
+    CoalesceShufflePartitions(session),
+    OptimizeShuffleWithLocalRead)
+}
+
+trait FinalRebalanceStageHelper extends AdaptiveSparkPlanHelper {
+  @tailrec
+  final protected def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
+    plan match {
+      case write: DataWritingCommandExec => findFinalRebalanceStage(write.child)
+      case write: V2TableWriteExec => findFinalRebalanceStage(write.child)
+      case write: WriteFilesExec => findFinalRebalanceStage(write.child)
+      case p: ProjectExec => findFinalRebalanceStage(p.child)
+      case f: FilterExec => findFinalRebalanceStage(f.child)
+      case s: SortExec if !s.global => findFinalRebalanceStage(s.child)
+      case stage: ShuffleQueryStageExec
+          if stage.isMaterialized && stage.mapStats.isDefined &&
+            stage.plan.isInstanceOf[ShuffleExchangeExec] &&
+            stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleOrigin != ENSURE_REQUIREMENTS =>
+        Some(stage)
+      case _ => None
+    }
+  }
+
+  final protected def hasTableCache(plan: SparkPlan): Boolean = {
+    find(plan) {
+      case _: InMemoryTableScanExec => true
+      case _ => false
+    }.isDefined
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
new file mode 100644
index 000000000..64421d6bf
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{CustomResourceProfileExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive._
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, WriteUtils}
+
+/**
+ * Inject custom resource profile for final write stage, so we can specify custom
+ * executor resource configs.
+ */
+case class InjectCustomResourceProfile(session: SparkSession)
+  extends Rule[SparkPlan] with FinalRebalanceStageHelper {
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED)) {
+      return plan
+    }
+
+    if (!WriteUtils.isWrite(session, plan)) {
+      return plan
+    }
+
+    val stage = findFinalRebalanceStage(plan)
+    if (stage.isEmpty) {
+      return plan
+    }
+
+    // TODO: Ideally, We can call `CoarseGrainedSchedulerBackend.requestTotalExecutors` eagerly
+    //   to reduce the task submit pending time, but it may lose task locality.
+    //
+    // By default, it would request executors when catch stage submit event.
+    injectCustomResourceProfile(plan, stage.get.id)
+  }
+
+  private def injectCustomResourceProfile(plan: SparkPlan, id: Int): SparkPlan = {
+    plan match {
+      case stage: ShuffleQueryStageExec if stage.id == id =>
+        CustomResourceProfileExec(stage)
+      case _ => plan.mapChildren(child => injectCustomResourceProfile(child, id))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala
new file mode 100644
index 000000000..ce496eb47
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.expressions.{AttributeReference, AttributeSet, Expression, ExpressionSet, PredicateHelper, SubqueryExpression}
+import org.apache.spark.sql.catalyst.plans.logical.LeafNode
+import org.apache.spark.sql.execution.datasources.DataSourceStrategy
+import org.apache.spark.sql.types.StructType
+
+trait PruneFileSourcePartitionHelper extends PredicateHelper {
+
+  def getPartitionKeyFiltersAndDataFilters(
+      sparkSession: SparkSession,
+      relation: LeafNode,
+      partitionSchema: StructType,
+      filters: Seq[Expression],
+      output: Seq[AttributeReference]): (ExpressionSet, Seq[Expression]) = {
+    val normalizedFilters = DataSourceStrategy.normalizeExprs(
+      filters.filter(f => f.deterministic && !SubqueryExpression.hasSubquery(f)),
+      output)
+    val partitionColumns =
+      relation.resolve(partitionSchema, sparkSession.sessionState.analyzer.resolver)
+    val partitionSet = AttributeSet(partitionColumns)
+    val (partitionFilters, dataFilters) = normalizedFilters.partition(f =>
+      f.references.subsetOf(partitionSet))
+    val extraPartitionFilter =
+      dataFilters.flatMap(extractPredicatesWithinOutputSet(_, partitionSet))
+
+    (ExpressionSet(partitionFilters ++ extraPartitionFilter), dataFilters)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
new file mode 100644
index 000000000..3698140fb
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.execution
+
+import org.apache.spark.network.util.{ByteUnit, JavaUtils}
+import org.apache.spark.rdd.RDD
+import org.apache.spark.resource.{ExecutorResourceRequests, ResourceProfileBuilder}
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.expressions.{Attribute, SortOrder}
+import org.apache.spark.sql.catalyst.plans.physical.Partitioning
+import org.apache.spark.sql.execution.metric.{SQLMetric, SQLMetrics}
+import org.apache.spark.sql.vectorized.ColumnarBatch
+import org.apache.spark.util.Utils
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * This node wraps the final executed plan and inject custom resource profile to the RDD.
+ * It assumes that, the produced RDD would create the `ResultStage` in `DAGScheduler`,
+ * so it makes resource isolation between previous and final stage.
+ *
+ * Note that, Spark does not support config `minExecutors` for each resource profile.
+ * Which means, it would retain `minExecutors` for each resource profile.
+ * So, suggest set `spark.dynamicAllocation.minExecutors` to 0 if enable this feature.
+ */
+case class CustomResourceProfileExec(child: SparkPlan) extends UnaryExecNode {
+  override def output: Seq[Attribute] = child.output
+  override def outputPartitioning: Partitioning = child.outputPartitioning
+  override def outputOrdering: Seq[SortOrder] = child.outputOrdering
+  override def supportsColumnar: Boolean = child.supportsColumnar
+  override def supportsRowBased: Boolean = child.supportsRowBased
+  override protected def doCanonicalize(): SparkPlan = child.canonicalized
+
+  private val executorCores = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_CORES).getOrElse(
+    sparkContext.getConf.getInt("spark.executor.cores", 1))
+  private val executorMemory = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_MEMORY).getOrElse(
+    sparkContext.getConf.get("spark.executor.memory", "2G"))
+  private val executorMemoryOverhead =
+    conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_MEMORY_OVERHEAD)
+      .getOrElse(sparkContext.getConf.get("spark.executor.memoryOverhead", "1G"))
+  private val executorOffHeapMemory = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_OFF_HEAP_MEMORY)
+
+  override lazy val metrics: Map[String, SQLMetric] = {
+    val base = Map(
+      "executorCores" -> SQLMetrics.createMetric(sparkContext, "executor cores"),
+      "executorMemory" -> SQLMetrics.createMetric(sparkContext, "executor memory (MiB)"),
+      "executorMemoryOverhead" -> SQLMetrics.createMetric(
+        sparkContext,
+        "executor memory overhead (MiB)"))
+    val addition = executorOffHeapMemory.map(_ =>
+      "executorOffHeapMemory" ->
+        SQLMetrics.createMetric(sparkContext, "executor off heap memory (MiB)")).toMap
+    base ++ addition
+  }
+
+  private def wrapResourceProfile[T](rdd: RDD[T]): RDD[T] = {
+    if (Utils.isTesting) {
+      // do nothing for local testing
+      return rdd
+    }
+
+    metrics("executorCores") += executorCores
+    metrics("executorMemory") += JavaUtils.byteStringAs(executorMemory, ByteUnit.MiB)
+    metrics("executorMemoryOverhead") += JavaUtils.byteStringAs(
+      executorMemoryOverhead,
+      ByteUnit.MiB)
+    executorOffHeapMemory.foreach(m =>
+      metrics("executorOffHeapMemory") += JavaUtils.byteStringAs(m, ByteUnit.MiB))
+
+    val executionId = sparkContext.getLocalProperty(SQLExecution.EXECUTION_ID_KEY)
+    SQLMetrics.postDriverMetricUpdates(sparkContext, executionId, metrics.values.toSeq)
+
+    val resourceProfileBuilder = new ResourceProfileBuilder()
+    val executorResourceRequests = new ExecutorResourceRequests()
+    executorResourceRequests.cores(executorCores)
+    executorResourceRequests.memory(executorMemory)
+    executorResourceRequests.memoryOverhead(executorMemoryOverhead)
+    executorOffHeapMemory.foreach(executorResourceRequests.offHeapMemory)
+    resourceProfileBuilder.require(executorResourceRequests)
+    rdd.withResources(resourceProfileBuilder.build())
+    rdd
+  }
+
+  override protected def doExecute(): RDD[InternalRow] = {
+    val rdd = child.execute()
+    wrapResourceProfile(rdd)
+  }
+
+  override protected def doExecuteColumnar(): RDD[ColumnarBatch] = {
+    val rdd = child.executeColumnar()
+    wrapResourceProfile(rdd)
+  }
+
+  override protected def withNewChildInternal(newChild: SparkPlan): SparkPlan = {
+    this.copy(child = newChild)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml
new file mode 100644
index 000000000..bfc40dd6d
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!-- Extra logging related to initialization of Log4j. 
+ Set to debug or trace if log4j initialization is failing. -->
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="stdout" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <Filters>
+                <ThresholdFilter level="FATAL"/>
+                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+        </Console>
+        <File name="file" fileName="target/unit-tests.log">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <Filters>
+                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+        </File>
+    </Appenders>
+    <Loggers>
+        <Root level="INFO">
+            <AppenderRef ref="stdout"/>
+            <AppenderRef ref="file"/>
+        </Root>
+    </Loggers>
+</Configuration>
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala
new file mode 100644
index 000000000..bbc61fb44
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.plans.logical.{DropNamespace, NoopCommand}
+import org.apache.spark.sql.execution.command._
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class DropIgnoreNonexistentSuite extends KyuubiSparkSQLExtensionTest {
+
+  test("drop ignore nonexistent") {
+    withSQLConf(KyuubiSQLConf.DROP_IGNORE_NONEXISTENT.key -> "true") {
+      // drop nonexistent database
+      val df1 = sql("DROP DATABASE nonexistent_database")
+      assert(df1.queryExecution.analyzed.asInstanceOf[DropNamespace].ifExists == true)
+
+      // drop nonexistent function
+      val df4 = sql("DROP FUNCTION nonexistent_function")
+      assert(df4.queryExecution.analyzed.isInstanceOf[NoopCommand])
+
+      // drop nonexistent PARTITION
+      withTable("test") {
+        sql("CREATE TABLE IF NOT EXISTS test(i int) PARTITIONED BY (p int)")
+        val df5 = sql("ALTER TABLE test DROP PARTITION (p = 1)")
+        assert(df5.queryExecution.analyzed
+          .asInstanceOf[AlterTableDropPartitionCommand].ifExists == true)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala
new file mode 100644
index 000000000..96c8ae6e8
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala
@@ -0,0 +1,203 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.execution.adaptive.{AQEShuffleReadExec, QueryStageExec}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.{FinalStageConfigIsolation, KyuubiSQLConf}
+
+class FinalStageConfigIsolationSuite extends KyuubiSparkSQLExtensionTest {
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  test("final stage config set reset check") {
+    withSQLConf(
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY.key -> "false",
+      "spark.sql.finalStage.adaptive.coalescePartitions.minPartitionNum" -> "1",
+      "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes" -> "100") {
+      // use loop to double check final stage config doesn't affect the sql query each other
+      (1 to 3).foreach { _ =>
+        sql("SELECT COUNT(*) FROM VALUES(1) as t(c)").collect()
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.previousStage.adaptive.coalescePartitions.minPartitionNum") ===
+          FinalStageConfigIsolation.INTERNAL_UNSET_CONFIG_TAG)
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.adaptive.coalescePartitions.minPartitionNum") ===
+          "1")
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.finalStage.adaptive.coalescePartitions.minPartitionNum") ===
+          "1")
+
+        // 64MB
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.previousStage.adaptive.advisoryPartitionSizeInBytes") ===
+          "67108864b")
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.adaptive.advisoryPartitionSizeInBytes") ===
+          "100")
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes") ===
+          "100")
+      }
+
+      sql("SET spark.sql.adaptive.advisoryPartitionSizeInBytes=1")
+      assert(spark.sessionState.conf.getConfString(
+        "spark.sql.adaptive.advisoryPartitionSizeInBytes") ===
+        "1")
+      assert(!spark.sessionState.conf.contains(
+        "spark.sql.previousStage.adaptive.advisoryPartitionSizeInBytes"))
+
+      sql("SET a=1")
+      assert(spark.sessionState.conf.getConfString("a") === "1")
+
+      sql("RESET spark.sql.adaptive.coalescePartitions.minPartitionNum")
+      assert(!spark.sessionState.conf.contains(
+        "spark.sql.adaptive.coalescePartitions.minPartitionNum"))
+      assert(!spark.sessionState.conf.contains(
+        "spark.sql.previousStage.adaptive.coalescePartitions.minPartitionNum"))
+
+      sql("RESET a")
+      assert(!spark.sessionState.conf.contains("a"))
+    }
+  }
+
+  test("final stage config isolation") {
+    def checkPartitionNum(
+        sqlString: String,
+        previousPartitionNum: Int,
+        finalPartitionNum: Int): Unit = {
+      val df = sql(sqlString)
+      df.collect()
+      val shuffleReaders = collect(df.queryExecution.executedPlan) {
+        case customShuffleReader: AQEShuffleReadExec => customShuffleReader
+      }
+      assert(shuffleReaders.nonEmpty)
+      // reorder stage by stage id to ensure we get the right stage
+      val sortedShuffleReaders = shuffleReaders.sortWith {
+        case (s1, s2) =>
+          s1.child.asInstanceOf[QueryStageExec].id < s2.child.asInstanceOf[QueryStageExec].id
+      }
+      if (sortedShuffleReaders.length > 1) {
+        assert(sortedShuffleReaders.head.partitionSpecs.length === previousPartitionNum)
+      }
+      assert(sortedShuffleReaders.last.partitionSpecs.length === finalPartitionNum)
+      assert(df.rdd.partitions.length === finalPartitionNum)
+    }
+
+    withSQLConf(
+      SQLConf.AUTO_BROADCASTJOIN_THRESHOLD.key -> "-1",
+      SQLConf.COALESCE_PARTITIONS_MIN_PARTITION_NUM.key -> "1",
+      SQLConf.SHUFFLE_PARTITIONS.key -> "3",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY.key -> "false",
+      "spark.sql.adaptive.advisoryPartitionSizeInBytes" -> "1",
+      "spark.sql.adaptive.coalescePartitions.minPartitionSize" -> "1",
+      "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes" -> "10000000") {
+
+      // use loop to double check final stage config doesn't affect the sql query each other
+      (1 to 3).foreach { _ =>
+        checkPartitionNum(
+          "SELECT c1, count(*) FROM t1 GROUP BY c1",
+          1,
+          1)
+
+        checkPartitionNum(
+          "SELECT c2, count(*) FROM (SELECT c1, count(*) as c2 FROM t1 GROUP BY c1) GROUP BY c2",
+          3,
+          1)
+
+        checkPartitionNum(
+          "SELECT t1.c1, count(*) FROM t1 JOIN t2 ON t1.c2 = t2.c2 GROUP BY t1.c1",
+          3,
+          1)
+
+        checkPartitionNum(
+          """
+            | SELECT /*+ REPARTITION */
+            | t1.c1, count(*) FROM t1
+            | JOIN t2 ON t1.c2 = t2.c2
+            | JOIN t3 ON t1.c1 = t3.c1
+            | GROUP BY t1.c1
+            |""".stripMargin,
+          3,
+          1)
+
+        // one shuffle reader
+        checkPartitionNum(
+          """
+            | SELECT /*+ BROADCAST(t1) */
+            | t1.c1, t2.c2 FROM t1
+            | JOIN t2 ON t1.c2 = t2.c2
+            | DISTRIBUTE BY c1
+            |""".stripMargin,
+          1,
+          1)
+
+        // test ReusedExchange
+        checkPartitionNum(
+          """
+            |SELECT /*+ REPARTITION */ t0.c2 FROM (
+            |SELECT t1.c1, (count(*) + c1) as c2 FROM t1 GROUP BY t1.c1
+            |) t0 JOIN (
+            |SELECT t1.c1, (count(*) + c1) as c2 FROM t1 GROUP BY t1.c1
+            |) t1 ON t0.c2 = t1.c2
+            |""".stripMargin,
+          3,
+          1)
+
+        // one shuffle reader
+        checkPartitionNum(
+          """
+            |SELECT t0.c1 FROM (
+            |SELECT t1.c1 FROM t1 GROUP BY t1.c1
+            |) t0 JOIN (
+            |SELECT t1.c1 FROM t1 GROUP BY t1.c1
+            |) t1 ON t0.c1 = t1.c1
+            |""".stripMargin,
+          1,
+          1)
+      }
+    }
+  }
+
+  test("final stage config isolation write only") {
+    withSQLConf(
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY.key -> "true",
+      "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes" -> "7") {
+      sql("set spark.sql.adaptive.advisoryPartitionSizeInBytes=5")
+      sql("SELECT * FROM t1").count()
+      assert(spark.conf.getOption("spark.sql.adaptive.advisoryPartitionSizeInBytes")
+        .contains("5"))
+
+      withTable("tmp") {
+        sql("CREATE TABLE t1 USING PARQUET SELECT /*+ repartition */ 1 AS c1, 'a' AS c2")
+        assert(spark.conf.getOption("spark.sql.adaptive.advisoryPartitionSizeInBytes")
+          .contains("7"))
+      }
+
+      sql("SELECT * FROM t1").count()
+      assert(spark.conf.getOption("spark.sql.adaptive.advisoryPartitionSizeInBytes")
+        .contains("5"))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
new file mode 100644
index 000000000..b0767b187
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.scheduler.{SparkListener, SparkListenerEvent}
+import org.apache.spark.sql.execution.ui.SparkListenerSQLAdaptiveExecutionUpdate
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class InjectResourceProfileSuite extends KyuubiSparkSQLExtensionTest {
+  private def checkCustomResourceProfile(sqlString: String, exists: Boolean): Unit = {
+    @volatile var lastEvent: SparkListenerSQLAdaptiveExecutionUpdate = null
+    val listener = new SparkListener {
+      override def onOtherEvent(event: SparkListenerEvent): Unit = {
+        event match {
+          case e: SparkListenerSQLAdaptiveExecutionUpdate => lastEvent = e
+          case _ =>
+        }
+      }
+    }
+
+    spark.sparkContext.addSparkListener(listener)
+    try {
+      sql(sqlString).collect()
+      spark.sparkContext.listenerBus.waitUntilEmpty()
+      assert(lastEvent != null)
+      var current = lastEvent.sparkPlanInfo
+      var shouldStop = false
+      while (!shouldStop) {
+        if (current.nodeName != "CustomResourceProfile") {
+          if (current.children.isEmpty) {
+            assert(!exists)
+            shouldStop = true
+          } else {
+            current = current.children.head
+          }
+        } else {
+          assert(exists)
+          shouldStop = true
+        }
+      }
+    } finally {
+      spark.sparkContext.removeSparkListener(listener)
+    }
+  }
+
+  test("Inject resource profile") {
+    withTable("t") {
+      withSQLConf(
+        "spark.sql.adaptive.forceApply" -> "true",
+        KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+        KyuubiSQLConf.FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED.key -> "true") {
+
+        sql("CREATE TABLE t (c1 int, c2 string) USING PARQUET")
+
+        checkCustomResourceProfile("INSERT INTO TABLE t VALUES(1, 'a')", false)
+        checkCustomResourceProfile("SELECT 1", false)
+        checkCustomResourceProfile(
+          "INSERT INTO TABLE t SELECT /*+ rebalance */ * FROM VALUES(1, 'a')",
+          true)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala
new file mode 100644
index 000000000..f0d384657
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala
@@ -0,0 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+class InsertShuffleNodeBeforeJoinSuite extends InsertShuffleNodeBeforeJoinSuiteBase
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala
new file mode 100644
index 000000000..c657dee49
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeLike}
+import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+trait InsertShuffleNodeBeforeJoinSuiteBase extends KyuubiSparkSQLExtensionTest {
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  override def sparkConf(): SparkConf = {
+    super.sparkConf()
+      .set(
+        StaticSQLConf.SPARK_SESSION_EXTENSIONS.key,
+        "org.apache.kyuubi.sql.KyuubiSparkSQLCommonExtension")
+  }
+
+  test("force shuffle before join") {
+    def checkShuffleNodeNum(sqlString: String, num: Int): Unit = {
+      var expectedResult: Seq[Row] = Seq.empty
+      withSQLConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED.key -> "false") {
+        expectedResult = sql(sqlString).collect()
+      }
+      val df = sql(sqlString)
+      checkAnswer(df, expectedResult)
+      assert(
+        collect(df.queryExecution.executedPlan) {
+          case shuffle: ShuffleExchangeLike if shuffle.shuffleOrigin == ENSURE_REQUIREMENTS =>
+            shuffle
+        }.size == num)
+    }
+
+    withSQLConf(
+      SQLConf.AUTO_BROADCASTJOIN_THRESHOLD.key -> "-1",
+      KyuubiSQLConf.FORCE_SHUFFLE_BEFORE_JOIN.key -> "true") {
+      Seq("SHUFFLE_HASH", "MERGE").foreach { joinHint =>
+        // positive case
+        checkShuffleNodeNum(
+          s"""
+             |SELECT /*+ $joinHint(t2, t3) */ t1.c1, t1.c2, t2.c1, t3.c1 from t1
+             | JOIN t2 ON t1.c1 = t2.c1
+             | JOIN t3 ON t1.c1 = t3.c1
+             | """.stripMargin,
+          4)
+
+        // negative case
+        checkShuffleNodeNum(
+          s"""
+             |SELECT /*+ $joinHint(t2, t3) */ t1.c1, t1.c2, t2.c1, t3.c1 from t1
+             | JOIN t2 ON t1.c1 = t2.c1
+             | JOIN t3 ON t1.c2 = t3.c2
+             | """.stripMargin,
+          4)
+      }
+
+      checkShuffleNodeNum(
+        """
+          |SELECT t1.c1, t2.c1, t3.c2 from t1
+          | JOIN t2 ON t1.c1 = t2.c1
+          | JOIN (
+          |  SELECT c2, count(*) FROM t1 GROUP BY c2
+          | ) t3 ON t1.c1 = t3.c2
+          | """.stripMargin,
+        5)
+
+      checkShuffleNodeNum(
+        """
+          |SELECT t1.c1, t2.c1, t3.c1 from t1
+          | JOIN t2 ON t1.c1 = t2.c1
+          | JOIN (
+          |  SELECT c1, count(*) FROM t1 GROUP BY c1
+          | ) t3 ON t1.c1 = t3.c1
+          | """.stripMargin,
+        5)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
new file mode 100644
index 000000000..dd9ffbf16
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars
+import org.apache.spark.SparkConf
+import org.apache.spark.sql.execution.QueryExecution
+import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanHelper
+import org.apache.spark.sql.execution.command.{DataWritingCommand, DataWritingCommandExec}
+import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
+import org.apache.spark.sql.test.SQLTestData.TestData
+import org.apache.spark.sql.test.SQLTestUtils
+import org.apache.spark.sql.util.QueryExecutionListener
+import org.apache.spark.util.Utils
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+trait KyuubiSparkSQLExtensionTest extends QueryTest
+  with SQLTestUtils
+  with AdaptiveSparkPlanHelper {
+  sys.props.put("spark.testing", "1")
+
+  private var _spark: Option[SparkSession] = None
+  protected def spark: SparkSession = _spark.getOrElse {
+    throw new RuntimeException("test spark session don't initial before using it.")
+  }
+
+  override protected def beforeAll(): Unit = {
+    if (_spark.isEmpty) {
+      _spark = Option(SparkSession.builder()
+        .master("local[1]")
+        .config(sparkConf)
+        .enableHiveSupport()
+        .getOrCreate())
+    }
+    super.beforeAll()
+  }
+
+  override protected def afterAll(): Unit = {
+    super.afterAll()
+    cleanupData()
+    _spark.foreach(_.stop)
+  }
+
+  protected def setupData(): Unit = {
+    val self = spark
+    import self.implicits._
+    spark.sparkContext.parallelize(
+      (1 to 100).map(i => TestData(i, i.toString)),
+      10)
+      .toDF("c1", "c2").createOrReplaceTempView("t1")
+    spark.sparkContext.parallelize(
+      (1 to 10).map(i => TestData(i, i.toString)),
+      5)
+      .toDF("c1", "c2").createOrReplaceTempView("t2")
+    spark.sparkContext.parallelize(
+      (1 to 50).map(i => TestData(i, i.toString)),
+      2)
+      .toDF("c1", "c2").createOrReplaceTempView("t3")
+  }
+
+  private def cleanupData(): Unit = {
+    spark.sql("DROP VIEW IF EXISTS t1")
+    spark.sql("DROP VIEW IF EXISTS t2")
+    spark.sql("DROP VIEW IF EXISTS t3")
+  }
+
+  def sparkConf(): SparkConf = {
+    val basePath = Utils.createTempDir() + "/" + getClass.getCanonicalName
+    val metastorePath = basePath + "/metastore_db"
+    val warehousePath = basePath + "/warehouse"
+    new SparkConf()
+      .set(
+        StaticSQLConf.SPARK_SESSION_EXTENSIONS.key,
+        "org.apache.kyuubi.sql.KyuubiSparkSQLExtension")
+      .set(KyuubiSQLConf.SQL_CLASSIFICATION_ENABLED.key, "true")
+      .set(SQLConf.ADAPTIVE_EXECUTION_ENABLED.key, "true")
+      .set("spark.hadoop.hive.exec.dynamic.partition.mode", "nonstrict")
+      .set("spark.hadoop.hive.metastore.client.capability.check", "false")
+      .set(
+        ConfVars.METASTORECONNECTURLKEY.varname,
+        s"jdbc:derby:;databaseName=$metastorePath;create=true")
+      .set(StaticSQLConf.WAREHOUSE_PATH, warehousePath)
+      .set("spark.ui.enabled", "false")
+  }
+
+  def withListener(sqlString: String)(callback: DataWritingCommand => Unit): Unit = {
+    withListener(sql(sqlString))(callback)
+  }
+
+  def withListener(df: => DataFrame)(callback: DataWritingCommand => Unit): Unit = {
+    val listener = new QueryExecutionListener {
+      override def onFailure(f: String, qe: QueryExecution, e: Exception): Unit = {}
+
+      override def onSuccess(funcName: String, qe: QueryExecution, duration: Long): Unit = {
+        qe.executedPlan match {
+          case write: DataWritingCommandExec => callback(write.cmd)
+          case _ =>
+        }
+      }
+    }
+    spark.listenerManager.register(listener)
+    try {
+      df.collect()
+      sparkContext.listenerBus.waitUntilEmpty()
+    } finally {
+      spark.listenerManager.unregister(listener)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala
new file mode 100644
index 000000000..1d9630f49
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala
@@ -0,0 +1,271 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, RebalancePartitions, Sort}
+import org.apache.spark.sql.execution.command.DataWritingCommand
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.HiveUtils
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class RebalanceBeforeWritingSuite extends KyuubiSparkSQLExtensionTest {
+
+  test("check rebalance exists") {
+    def check(df: => DataFrame, expectedRebalanceNum: Int = 1): Unit = {
+      withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+        withListener(df) { write =>
+          assert(write.collect {
+            case r: RebalancePartitions => r
+          }.size == expectedRebalanceNum)
+        }
+      }
+      withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "false") {
+        withListener(df) { write =>
+          assert(write.collect {
+            case r: RebalancePartitions => r
+          }.isEmpty)
+        }
+      }
+    }
+
+    // It's better to set config explicitly in case of we change the default value.
+    withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "true") {
+      Seq("USING PARQUET", "").foreach { storage =>
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          check(sql("INSERT INTO TABLE tmp1 PARTITION(c2='a') " +
+            "SELECT * FROM VALUES(1),(2) AS t(c1)"))
+        }
+
+        withTable("tmp1", "tmp2") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          sql(s"CREATE TABLE tmp2 (c1 int) $storage PARTITIONED BY (c2 string)")
+          check(
+            sql(
+              """FROM VALUES(1),(2)
+                |INSERT INTO TABLE tmp1 PARTITION(c2='a') SELECT *
+                |INSERT INTO TABLE tmp2 PARTITION(c2='a') SELECT *
+                |""".stripMargin),
+            2)
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage")
+          check(sql("INSERT INTO TABLE tmp1 SELECT * FROM VALUES(1),(2),(3) AS t(c1)"))
+        }
+
+        withTable("tmp1", "tmp2") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage")
+          sql(s"CREATE TABLE tmp2 (c1 int) $storage")
+          check(
+            sql(
+              """FROM VALUES(1),(2),(3)
+                |INSERT INTO TABLE tmp1 SELECT *
+                |INSERT INTO TABLE tmp2 SELECT *
+                |""".stripMargin),
+            2)
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 $storage AS SELECT * FROM VALUES(1),(2),(3) AS t(c1)")
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 $storage PARTITIONED BY(c2) AS " +
+            s"SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)")
+        }
+      }
+    }
+  }
+
+  test("check rebalance does not exists") {
+    def check(df: DataFrame): Unit = {
+      withListener(df) { write =>
+        assert(write.collect {
+          case r: RebalancePartitions => r
+        }.isEmpty)
+      }
+    }
+
+    withSQLConf(
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "true",
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+      // test no write command
+      check(sql("SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+      check(sql("SELECT count(*) FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+
+      // test not supported plan
+      withTable("tmp1") {
+        sql(s"CREATE TABLE tmp1 (c1 int) PARTITIONED BY (c2 string)")
+        check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+          "SELECT /*+ repartition(10) */ * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+        check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+          "SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2) ORDER BY c1"))
+        check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+          "SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2) LIMIT 10"))
+      }
+    }
+
+    withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "false") {
+      Seq("USING PARQUET", "").foreach { storage =>
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+            "SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage")
+          check(sql("INSERT INTO TABLE tmp1 SELECT * FROM VALUES(1),(2),(3) AS t(c1)"))
+        }
+      }
+    }
+  }
+
+  test("test dynamic partition write") {
+    def checkRepartitionExpression(sqlString: String): Unit = {
+      withListener(sqlString) { write =>
+        assert(write.isInstanceOf[InsertIntoHiveTable])
+        assert(write.collect {
+          case r: RebalancePartitions if r.partitionExpressions.size == 1 =>
+            assert(r.partitionExpressions.head.asInstanceOf[Attribute].name === "c2")
+            r
+        }.size == 1)
+      }
+    }
+
+    withSQLConf(
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "true",
+      KyuubiSQLConf.DYNAMIC_PARTITION_INSERTION_REPARTITION_NUM.key -> "2",
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+      Seq("USING PARQUET", "").foreach { storage =>
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          checkRepartitionExpression("INSERT INTO TABLE tmp1 SELECT 1 as c1, 'a' as c2 ")
+        }
+
+        withTable("tmp1") {
+          checkRepartitionExpression(
+            "CREATE TABLE tmp1 PARTITIONED BY(C2) SELECT 1 as c1, 'a' as c2")
+        }
+      }
+    }
+  }
+
+  test("OptimizedCreateHiveTableAsSelectCommand") {
+    withSQLConf(
+      HiveUtils.CONVERT_METASTORE_PARQUET.key -> "true",
+      HiveUtils.CONVERT_METASTORE_CTAS.key -> "true",
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+      withTable("t") {
+        withListener("CREATE TABLE t STORED AS parquet AS SELECT 1 as a") { write =>
+          assert(write.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+          assert(write.collect {
+            case _: RebalancePartitions => true
+          }.size == 1)
+        }
+      }
+    }
+  }
+
+  test("Infer rebalance and sorder orders") {
+    def checkShuffleAndSort(dataWritingCommand: LogicalPlan, sSize: Int, rSize: Int): Unit = {
+      assert(dataWritingCommand.isInstanceOf[DataWritingCommand])
+      val plan = dataWritingCommand.asInstanceOf[DataWritingCommand].query
+      assert(plan.collect {
+        case s: Sort => s
+      }.size == sSize)
+      assert(plan.collect {
+        case r: RebalancePartitions if r.partitionExpressions.size == rSize => r
+      }.nonEmpty || rSize == 0)
+    }
+
+    withView("v") {
+      withTable("t", "input1", "input2") {
+        withSQLConf(KyuubiSQLConf.INFER_REBALANCE_AND_SORT_ORDERS.key -> "true") {
+          sql(s"CREATE TABLE t (c1 int, c2 long) USING PARQUET PARTITIONED BY (p string)")
+          sql(s"CREATE TABLE input1 USING PARQUET AS SELECT * FROM VALUES(1,2),(1,3)")
+          sql(s"CREATE TABLE input2 USING PARQUET AS SELECT * FROM VALUES(1,3),(1,3)")
+          sql(s"CREATE VIEW v as SELECT col1, count(*) as col2 FROM input1 GROUP BY col1")
+
+          val df0 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT /*+ broadcast(input2) */ input1.col1, input2.col1
+               |FROM input1
+               |JOIN input2
+               |ON input1.col1 = input2.col1
+               |""".stripMargin)
+          checkShuffleAndSort(df0.queryExecution.analyzed, 1, 1)
+
+          val df1 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT /*+ broadcast(input2) */ input1.col1, input1.col2
+               |FROM input1
+               |LEFT JOIN input2
+               |ON input1.col1 = input2.col1 and input1.col2 = input2.col2
+               |""".stripMargin)
+          checkShuffleAndSort(df1.queryExecution.analyzed, 1, 2)
+
+          val df2 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT col1 as c1, count(*) as c2
+               |FROM input1
+               |GROUP BY col1
+               |HAVING count(*) > 0
+               |""".stripMargin)
+          checkShuffleAndSort(df2.queryExecution.analyzed, 1, 1)
+
+          // dynamic partition
+          val df3 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p)
+               |SELECT /*+ broadcast(input2) */ input1.col1, input1.col2, input1.col2
+               |FROM input1
+               |JOIN input2
+               |ON input1.col1 = input2.col1
+               |""".stripMargin)
+          checkShuffleAndSort(df3.queryExecution.analyzed, 0, 1)
+
+          // non-deterministic
+          val df4 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT col1 + rand(), count(*) as c2
+               |FROM input1
+               |GROUP BY col1
+               |""".stripMargin)
+          checkShuffleAndSort(df4.queryExecution.analyzed, 0, 0)
+
+          // view
+          val df5 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT * FROM v
+               |""".stripMargin)
+          checkShuffleAndSort(df5.queryExecution.analyzed, 1, 1)
+        }
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala
new file mode 100644
index 000000000..957089340
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+class WatchDogSuite extends WatchDogSuiteBase {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
new file mode 100644
index 000000000..6254829f2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
@@ -0,0 +1,601 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import java.io.File
+
+import scala.collection.JavaConverters._
+
+import org.apache.commons.io.FileUtils
+import org.apache.spark.sql.catalyst.plans.logical.{GlobalLimit, LogicalPlan}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+import org.apache.kyuubi.sql.watchdog.{MaxFileSizeExceedException, MaxPartitionExceedException}
+
+trait WatchDogSuiteBase extends KyuubiSparkSQLExtensionTest {
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  case class LimitAndExpected(limit: Int, expected: Int)
+
+  val limitAndExpecteds = List(LimitAndExpected(1, 1), LimitAndExpected(11, 10))
+
+  private def checkMaxPartition: Unit = {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS.key -> "100") {
+      checkAnswer(sql("SELECT count(distinct(p)) FROM test"), Row(10) :: Nil)
+    }
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS.key -> "5") {
+      sql("SELECT * FROM test where p=1").queryExecution.sparkPlan
+
+      sql(s"SELECT * FROM test WHERE p in (${Range(0, 5).toList.mkString(",")})")
+        .queryExecution.sparkPlan
+
+      intercept[MaxPartitionExceedException](
+        sql("SELECT * FROM test where p != 1").queryExecution.sparkPlan)
+
+      intercept[MaxPartitionExceedException](
+        sql("SELECT * FROM test").queryExecution.sparkPlan)
+
+      intercept[MaxPartitionExceedException](sql(
+        s"SELECT * FROM test WHERE p in (${Range(0, 6).toList.mkString(",")})")
+        .queryExecution.sparkPlan)
+    }
+  }
+
+  test("watchdog with scan maxPartitions -- hive") {
+    Seq("textfile", "parquet").foreach { format =>
+      withTable("test", "temp") {
+        sql(
+          s"""
+             |CREATE TABLE test(i int)
+             |PARTITIONED BY (p int)
+             |STORED AS $format""".stripMargin)
+        spark.range(0, 10, 1).selectExpr("id as col")
+          .createOrReplaceTempView("temp")
+
+        for (part <- Range(0, 10)) {
+          sql(
+            s"""
+               |INSERT OVERWRITE TABLE test PARTITION (p='$part')
+               |select col from temp""".stripMargin)
+        }
+        checkMaxPartition
+      }
+    }
+  }
+
+  test("watchdog with scan maxPartitions -- data source") {
+    withTempDir { dir =>
+      withTempView("test") {
+        spark.range(10).selectExpr("id", "id as p")
+          .write
+          .partitionBy("p")
+          .mode("overwrite")
+          .save(dir.getCanonicalPath)
+        spark.read.load(dir.getCanonicalPath).createOrReplaceTempView("test")
+        checkMaxPartition
+      }
+    }
+  }
+
+  test("test watchdog: simple SELECT STATEMENT") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      List("", "ORDER BY c1", "ORDER BY c2").foreach { sort =>
+        List("", " DISTINCT").foreach { distinct =>
+          assert(sql(
+            s"""
+               |SELECT $distinct *
+               |FROM t1
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        List("", "ORDER BY c1", "ORDER BY c2").foreach { sort =>
+          List("", "DISTINCT").foreach { distinct =>
+            assert(sql(
+              s"""
+                 |SELECT $distinct *
+                 |FROM t1
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: SELECT ... WITH AGGREGATE STATEMENT ") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      assert(!sql("SELECT count(*) FROM t1")
+        .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+
+      val sorts = List("", "ORDER BY cnt", "ORDER BY c1", "ORDER BY cnt, c1", "ORDER BY c1, cnt")
+      val havingConditions = List("", "HAVING cnt > 1")
+
+      havingConditions.foreach { having =>
+        sorts.foreach { sort =>
+          assert(sql(
+            s"""
+               |SELECT c1, COUNT(*) as cnt
+               |FROM t1
+               |GROUP BY c1
+               |$having
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        havingConditions.foreach { having =>
+          sorts.foreach { sort =>
+            assert(sql(
+              s"""
+                 |SELECT c1, COUNT(*) as cnt
+                 |FROM t1
+                 |GROUP BY c1
+                 |$having
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: SELECT with CTE forceMaxOutputRows") {
+    // simple CTE
+    val q1 =
+      """
+        |WITH t2 AS (
+        |    SELECT * FROM t1
+        |)
+        |""".stripMargin
+
+    // nested CTE
+    val q2 =
+      """
+        |WITH
+        |    t AS (SELECT * FROM t1),
+        |    t2 AS (
+        |        WITH t3 AS (SELECT * FROM t1)
+        |        SELECT * FROM t3
+        |    )
+        |""".stripMargin
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      val sorts = List("", "ORDER BY c1", "ORDER BY c2")
+
+      sorts.foreach { sort =>
+        Seq(q1, q2).foreach { withQuery =>
+          assert(sql(
+            s"""
+               |$withQuery
+               |SELECT * FROM t2
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        sorts.foreach { sort =>
+          Seq(q1, q2).foreach { withQuery =>
+            assert(sql(
+              s"""
+                 |$withQuery
+                 |SELECT * FROM t2
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: SELECT AGGREGATE WITH CTE forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      assert(!sql(
+        """
+          |WITH custom_cte AS (
+          |SELECT * FROM t1
+          |)
+          |
+          |SELECT COUNT(*)
+          |FROM custom_cte
+          |""".stripMargin).queryExecution
+        .analyzed.isInstanceOf[GlobalLimit])
+
+      val sorts = List("", "ORDER BY cnt", "ORDER BY c1", "ORDER BY cnt, c1", "ORDER BY c1, cnt")
+      val havingConditions = List("", "HAVING cnt > 1")
+
+      havingConditions.foreach { having =>
+        sorts.foreach { sort =>
+          assert(sql(
+            s"""
+               |WITH custom_cte AS (
+               |SELECT * FROM t1
+               |)
+               |
+               |SELECT c1, COUNT(*) as cnt
+               |FROM custom_cte
+               |GROUP BY c1
+               |$having
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        havingConditions.foreach { having =>
+          sorts.foreach { sort =>
+            assert(sql(
+              s"""
+                 |WITH custom_cte AS (
+                 |SELECT * FROM t1
+                 |)
+                 |
+                 |SELECT c1, COUNT(*) as cnt
+                 |FROM custom_cte
+                 |GROUP BY c1
+                 |$having
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: UNION Statement for forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      List("", "ALL").foreach { x =>
+        assert(sql(
+          s"""
+             |SELECT c1, c2 FROM t1
+             |UNION $x
+             |SELECT c1, c2 FROM t2
+             |UNION $x
+             |SELECT c1, c2 FROM t3
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+      }
+
+      val sorts = List("", "ORDER BY cnt", "ORDER BY c1", "ORDER BY cnt, c1", "ORDER BY c1, cnt")
+      val havingConditions = List("", "HAVING cnt > 1")
+
+      List("", "ALL").foreach { x =>
+        havingConditions.foreach { having =>
+          sorts.foreach { sort =>
+            assert(sql(
+              s"""
+                 |SELECT c1, count(c2) as cnt
+                 |FROM t1
+                 |GROUP BY c1
+                 |$having
+                 |UNION $x
+                 |SELECT c1, COUNT(c2) as cnt
+                 |FROM t2
+                 |GROUP BY c1
+                 |$having
+                 |UNION $x
+                 |SELECT c1, COUNT(c2) as cnt
+                 |FROM t3
+                 |GROUP BY c1
+                 |$having
+                 |$sort
+                 |""".stripMargin)
+              .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+          }
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        assert(sql(
+          s"""
+             |SELECT c1, c2 FROM t1
+             |UNION
+             |SELECT c1, c2 FROM t2
+             |UNION
+             |SELECT c1, c2 FROM t3
+             |LIMIT $limit
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.maxRows.contains(expected))
+      }
+    }
+  }
+
+  test("test watchdog: Select View Statement for forceMaxOutputRows") {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "3") {
+      withTable("tmp_table", "tmp_union") {
+        withView("tmp_view", "tmp_view2") {
+          sql(s"create table tmp_table (a int, b int)")
+          sql(s"insert into tmp_table values (1,10),(2,20),(3,30),(4,40),(5,50)")
+          sql(s"create table tmp_union (a int, b int)")
+          sql(s"insert into tmp_union values (6,60),(7,70),(8,80),(9,90),(10,100)")
+          sql(s"create view tmp_view2 as select * from tmp_union")
+          assert(!sql(
+            s"""
+               |CREATE VIEW tmp_view
+               |as
+               |SELECT * FROM
+               |tmp_table
+               |""".stripMargin)
+            .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+
+          assert(sql(
+            s"""
+               |SELECT * FROM
+               |tmp_view
+               |""".stripMargin)
+            .queryExecution.optimizedPlan.maxRows.contains(3))
+
+          assert(sql(
+            s"""
+               |SELECT * FROM
+               |tmp_view
+               |limit 11
+               |""".stripMargin)
+            .queryExecution.optimizedPlan.maxRows.contains(3))
+
+          assert(sql(
+            s"""
+               |SELECT * FROM
+               |(select * from tmp_view
+               |UNION
+               |select * from tmp_view2)
+               |ORDER BY a
+               |DESC
+               |""".stripMargin)
+            .collect().head.get(0).equals(10))
+        }
+      }
+    }
+  }
+
+  test("test watchdog: Insert Statement for forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+      withTable("tmp_table", "tmp_insert") {
+        spark.sql(s"create table tmp_table (a int, b int)")
+        spark.sql(s"insert into tmp_table values (1,10),(2,20),(3,30),(4,40),(5,50)")
+        val multiInsertTableName1: String = "tmp_tbl1"
+        val multiInsertTableName2: String = "tmp_tbl2"
+        sql(s"drop table if exists $multiInsertTableName1")
+        sql(s"drop table if exists $multiInsertTableName2")
+        sql(s"create table $multiInsertTableName1 like tmp_table")
+        sql(s"create table $multiInsertTableName2 like tmp_table")
+        assert(!sql(
+          s"""
+             |FROM tmp_table
+             |insert into $multiInsertTableName1 select * limit 2
+             |insert into $multiInsertTableName2 select *
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+      }
+    }
+  }
+
+  test("test watchdog: Distribute by for forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+      withTable("tmp_table") {
+        spark.sql(s"create table tmp_table (a int, b int)")
+        spark.sql(s"insert into tmp_table values (1,10),(2,20),(3,30),(4,40),(5,50)")
+        assert(sql(
+          s"""
+             |SELECT *
+             |FROM tmp_table
+             |DISTRIBUTE BY a
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+      }
+    }
+  }
+
+  test("test watchdog: Subquery for forceMaxOutputRows") {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "1") {
+      withTable("tmp_table1") {
+        sql("CREATE TABLE spark_catalog.`default`.tmp_table1(KEY INT, VALUE STRING) USING PARQUET")
+        sql("INSERT INTO TABLE spark_catalog.`default`.tmp_table1 " +
+          "VALUES (1, 'aa'),(2,'bb'),(3, 'cc'),(4,'aa'),(5,'cc'),(6, 'aa')")
+        assert(
+          sql("select * from tmp_table1").queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        val testSqlText =
+          """
+            |select count(*)
+            |from tmp_table1
+            |where tmp_table1.key in (
+            |select distinct tmp_table1.key
+            |from tmp_table1
+            |where tmp_table1.value = "aa"
+            |)
+            |""".stripMargin
+        val plan = sql(testSqlText).queryExecution.optimizedPlan
+        assert(!findGlobalLimit(plan))
+        checkAnswer(sql(testSqlText), Row(3) :: Nil)
+      }
+
+      def findGlobalLimit(plan: LogicalPlan): Boolean = plan match {
+        case _: GlobalLimit => true
+        case p if p.children.isEmpty => false
+        case p => p.children.exists(findGlobalLimit)
+      }
+
+    }
+  }
+
+  test("test watchdog: Join for forceMaxOutputRows") {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "1") {
+      withTable("tmp_table1", "tmp_table2") {
+        sql("CREATE TABLE spark_catalog.`default`.tmp_table1(KEY INT, VALUE STRING) USING PARQUET")
+        sql("INSERT INTO TABLE spark_catalog.`default`.tmp_table1 " +
+          "VALUES (1, 'aa'),(2,'bb'),(3, 'cc'),(4,'aa'),(5,'cc'),(6, 'aa')")
+        sql("CREATE TABLE spark_catalog.`default`.tmp_table2(KEY INT, VALUE STRING) USING PARQUET")
+        sql("INSERT INTO TABLE spark_catalog.`default`.tmp_table2 " +
+          "VALUES (1, 'aa'),(2,'bb'),(3, 'cc'),(4,'aa'),(5,'cc'),(6, 'aa')")
+        val testSqlText =
+          """
+            |select a.*,b.*
+            |from tmp_table1 a
+            |join
+            |tmp_table2 b
+            |on a.KEY = b.KEY
+            |""".stripMargin
+        val plan = sql(testSqlText).queryExecution.optimizedPlan
+        assert(findGlobalLimit(plan))
+      }
+
+      def findGlobalLimit(plan: LogicalPlan): Boolean = plan match {
+        case _: GlobalLimit => true
+        case p if p.children.isEmpty => false
+        case p => p.children.exists(findGlobalLimit)
+      }
+    }
+  }
+
+  private def checkMaxFileSize(tableSize: Long, nonPartTableSize: Long): Unit = {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> tableSize.toString) {
+      checkAnswer(sql("SELECT count(distinct(p)) FROM test"), Row(10) :: Nil)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> (tableSize / 2).toString) {
+      sql("SELECT * FROM test where p=1").queryExecution.sparkPlan
+
+      sql(s"SELECT * FROM test WHERE p in (${Range(0, 3).toList.mkString(",")})")
+        .queryExecution.sparkPlan
+
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test where p != 1").queryExecution.sparkPlan)
+
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test").queryExecution.sparkPlan)
+
+      intercept[MaxFileSizeExceedException](sql(
+        s"SELECT * FROM test WHERE p in (${Range(0, 6).toList.mkString(",")})")
+        .queryExecution.sparkPlan)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> nonPartTableSize.toString) {
+      checkAnswer(sql("SELECT count(*) FROM test_non_part"), Row(10000) :: Nil)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> (nonPartTableSize - 1).toString) {
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test_non_part").queryExecution.sparkPlan)
+    }
+  }
+
+  test("watchdog with scan maxFileSize -- hive") {
+    Seq(false).foreach { convertMetastoreParquet =>
+      withTable("test", "test_non_part", "temp") {
+        spark.range(10000).selectExpr("id as col")
+          .createOrReplaceTempView("temp")
+
+        // partitioned table
+        sql(
+          s"""
+             |CREATE TABLE test(i int)
+             |PARTITIONED BY (p int)
+             |STORED AS parquet""".stripMargin)
+        for (part <- Range(0, 10)) {
+          sql(
+            s"""
+               |INSERT OVERWRITE TABLE test PARTITION (p='$part')
+               |select col from temp""".stripMargin)
+        }
+
+        val tablePath = new File(spark.sessionState.catalog.externalCatalog
+          .getTable("default", "test").location)
+        val tableSize = FileUtils.listFiles(tablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // non-partitioned table
+        sql(
+          s"""
+             |CREATE TABLE test_non_part(i int)
+             |STORED AS parquet""".stripMargin)
+        sql(
+          s"""
+             |INSERT OVERWRITE TABLE test_non_part
+             |select col from temp""".stripMargin)
+        sql("ANALYZE TABLE test_non_part COMPUTE STATISTICS")
+
+        val nonPartTablePath = new File(spark.sessionState.catalog.externalCatalog
+          .getTable("default", "test_non_part").location)
+        val nonPartTableSize = FileUtils.listFiles(nonPartTablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(nonPartTableSize > 0)
+
+        // check
+        withSQLConf("spark.sql.hive.convertMetastoreParquet" -> convertMetastoreParquet.toString) {
+          checkMaxFileSize(tableSize, nonPartTableSize)
+        }
+      }
+    }
+  }
+
+  test("watchdog with scan maxFileSize -- data source") {
+    withTempDir { dir =>
+      withTempView("test", "test_non_part") {
+        // partitioned table
+        val tablePath = new File(dir, "test")
+        spark.range(10).selectExpr("id", "id as p")
+          .write
+          .partitionBy("p")
+          .mode("overwrite")
+          .parquet(tablePath.getCanonicalPath)
+        spark.read.load(tablePath.getCanonicalPath).createOrReplaceTempView("test")
+
+        val tableSize = FileUtils.listFiles(tablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // non-partitioned table
+        val nonPartTablePath = new File(dir, "test_non_part")
+        spark.range(10000).selectExpr("id", "id as p")
+          .write
+          .mode("overwrite")
+          .parquet(nonPartTablePath.getCanonicalPath)
+        spark.read.load(nonPartTablePath.getCanonicalPath).createOrReplaceTempView("test_non_part")
+
+        val nonPartTableSize = FileUtils.listFiles(nonPartTablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // check
+        checkMaxFileSize(tableSize, nonPartTableSize)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala
new file mode 100644
index 000000000..9b1614fce
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.apache.spark.benchmark.Benchmark
+import org.apache.spark.sql.benchmark.KyuubiBenchmarkBase
+import org.apache.spark.sql.internal.StaticSQLConf
+
+import org.apache.kyuubi.sql.zorder.ZorderBytesUtils
+
+/**
+ * Benchmark to measure performance with zorder core.
+ *
+ * {{{
+ *   RUN_BENCHMARK=1 ./build/mvn clean test \
+ *   -pl extensions/spark/kyuubi-extension-spark-3-1 -am \
+ *   -Pspark-3.1,kyuubi-extension-spark-3-1 \
+ *   -Dtest=none -DwildcardSuites=org.apache.spark.sql.ZorderCoreBenchmark
+ * }}}
+ */
+class ZorderCoreBenchmark extends KyuubiSparkSQLExtensionTest with KyuubiBenchmarkBase {
+  private val runBenchmark = sys.env.contains("RUN_BENCHMARK")
+  private val numRows = 1 * 1000 * 1000
+
+  private def randomInt(numColumns: Int): Seq[Array[Any]] = {
+    (1 to numRows).map { l =>
+      val arr = new Array[Any](numColumns)
+      (0 until numColumns).foreach(col => arr(col) = l)
+      arr
+    }
+  }
+
+  private def randomLong(numColumns: Int): Seq[Array[Any]] = {
+    (1 to numRows).map { l =>
+      val arr = new Array[Any](numColumns)
+      (0 until numColumns).foreach(col => arr(col) = l.toLong)
+      arr
+    }
+  }
+
+  private def interleaveMultiByteArrayBenchmark(): Unit = {
+    val benchmark =
+      new Benchmark(s"$numRows rows zorder core benchmark", numRows, output = output)
+    benchmark.addCase("2 int columns benchmark", 3) { _ =>
+      randomInt(2).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("3 int columns benchmark", 3) { _ =>
+      randomInt(3).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("4 int columns benchmark", 3) { _ =>
+      randomInt(4).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("2 long columns benchmark", 3) { _ =>
+      randomLong(2).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("3 long columns benchmark", 3) { _ =>
+      randomLong(3).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("4 long columns benchmark", 3) { _ =>
+      randomLong(4).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.run()
+  }
+
+  private def paddingTo8ByteBenchmark() {
+    val iterations = 10 * 1000 * 1000
+
+    val b2 = Array('a'.toByte, 'b'.toByte)
+    val benchmark =
+      new Benchmark(s"$iterations iterations paddingTo8Byte benchmark", iterations, output = output)
+    benchmark.addCase("2 length benchmark", 3) { _ =>
+      (1 to iterations).foreach(_ => ZorderBytesUtils.paddingTo8Byte(b2))
+    }
+
+    val b16 = Array.tabulate(16) { i => i.toByte }
+    benchmark.addCase("16 length benchmark", 3) { _ =>
+      (1 to iterations).foreach(_ => ZorderBytesUtils.paddingTo8Byte(b16))
+    }
+
+    benchmark.run()
+  }
+
+  test("zorder core benchmark") {
+    assume(runBenchmark)
+
+    withHeader {
+      interleaveMultiByteArrayBenchmark()
+      paddingTo8ByteBenchmark()
+    }
+  }
+
+  override def sparkConf(): SparkConf = {
+    super.sparkConf().remove(StaticSQLConf.SPARK_SESSION_EXTENSIONS.key)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
new file mode 100644
index 000000000..c2fa16197
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.parser.ParserInterface
+import org.apache.spark.sql.catalyst.plans.logical.{RebalancePartitions, Sort}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, SparkKyuubiSparkSQLParser}
+import org.apache.kyuubi.sql.zorder.Zorder
+
+trait ZorderSuiteSpark extends ZorderSuiteBase {
+
+  test("Add rebalance before zorder") {
+    Seq("true" -> false, "false" -> true).foreach { case (useOriginalOrdering, zorder) =>
+      withSQLConf(
+        KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key -> "false",
+        KyuubiSQLConf.REBALANCE_BEFORE_ZORDER.key -> "true",
+        KyuubiSQLConf.REBALANCE_ZORDER_COLUMNS_ENABLED.key -> "true",
+        KyuubiSQLConf.ZORDER_USING_ORIGINAL_ORDERING_ENABLED.key -> useOriginalOrdering) {
+        withTable("t") {
+          sql(
+            """
+              |CREATE TABLE t (c1 int, c2 string) PARTITIONED BY (d string)
+              | TBLPROPERTIES (
+              |'kyuubi.zorder.enabled'= 'true',
+              |'kyuubi.zorder.cols'= 'c1,C2')
+              |""".stripMargin)
+          val p = sql("INSERT INTO TABLE t PARTITION(d='a') SELECT * FROM VALUES(1,'a')")
+            .queryExecution.analyzed
+          assert(p.collect {
+            case sort: Sort
+                if !sort.global &&
+                  ((sort.order.exists(_.child.isInstanceOf[Zorder]) && zorder) ||
+                    (!sort.order.exists(_.child.isInstanceOf[Zorder]) && !zorder)) => sort
+          }.size == 1)
+          assert(p.collect {
+            case rebalance: RebalancePartitions
+                if rebalance.references.map(_.name).exists(_.equals("c1")) => rebalance
+          }.size == 1)
+
+          val p2 = sql("INSERT INTO TABLE t PARTITION(d) SELECT * FROM VALUES(1,'a','b')")
+            .queryExecution.analyzed
+          assert(p2.collect {
+            case sort: Sort
+                if (!sort.global && Seq("c1", "c2", "d").forall(x =>
+                  sort.references.map(_.name).exists(_.equals(x)))) &&
+                  ((sort.order.exists(_.child.isInstanceOf[Zorder]) && zorder) ||
+                    (!sort.order.exists(_.child.isInstanceOf[Zorder]) && !zorder)) => sort
+          }.size == 1)
+          assert(p2.collect {
+            case rebalance: RebalancePartitions
+                if Seq("c1", "c2", "d").forall(x =>
+                  rebalance.references.map(_.name).exists(_.equals(x))) => rebalance
+          }.size == 1)
+        }
+      }
+    }
+  }
+
+  test("Two phase rebalance before Z-Order") {
+    withSQLConf(
+      SQLConf.OPTIMIZER_EXCLUDED_RULES.key ->
+        "org.apache.spark.sql.catalyst.optimizer.CollapseRepartition",
+      KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key -> "false",
+      KyuubiSQLConf.REBALANCE_BEFORE_ZORDER.key -> "true",
+      KyuubiSQLConf.TWO_PHASE_REBALANCE_BEFORE_ZORDER.key -> "true",
+      KyuubiSQLConf.REBALANCE_ZORDER_COLUMNS_ENABLED.key -> "true") {
+      withTable("t") {
+        sql(
+          """
+            |CREATE TABLE t (c1 int) PARTITIONED BY (d string)
+            | TBLPROPERTIES (
+            |'kyuubi.zorder.enabled'= 'true',
+            |'kyuubi.zorder.cols'= 'c1')
+            |""".stripMargin)
+        val p = sql("INSERT INTO TABLE t PARTITION(d) SELECT * FROM VALUES(1,'a')")
+        val rebalance = p.queryExecution.optimizedPlan.innerChildren
+          .flatMap(_.collect { case r: RebalancePartitions => r })
+        assert(rebalance.size == 2)
+        assert(rebalance.head.partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("d"))
+        assert(rebalance.head.partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("c1"))
+
+        assert(rebalance(1).partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("d"))
+        assert(!rebalance(1).partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("c1"))
+      }
+    }
+  }
+}
+
+trait ParserSuite { self: ZorderSuiteBase =>
+  override def createParser: ParserInterface = {
+    new SparkKyuubiSparkSQLParser(spark.sessionState.sqlParser)
+  }
+}
+
+class ZorderWithCodegenEnabledSuite
+  extends ZorderWithCodegenEnabledSuiteBase
+  with ZorderSuiteSpark
+  with ParserSuite {}
+class ZorderWithCodegenDisabledSuite
+  extends ZorderWithCodegenDisabledSuiteBase
+  with ZorderSuiteSpark
+  with ParserSuite {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
new file mode 100644
index 000000000..2d3eec957
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
@@ -0,0 +1,768 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.apache.spark.sql.catalyst.{InternalRow, TableIdentifier}
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedAttribute, UnresolvedFunction, UnresolvedRelation, UnresolvedStar}
+import org.apache.spark.sql.catalyst.expressions.{Alias, Ascending, AttributeReference, EqualTo, Expression, ExpressionEvalHelper, Literal, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.parser.{ParseException, ParserInterface}
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, OneRowRelation, Project, Sort}
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.functions._
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
+import org.apache.spark.sql.types._
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, KyuubiSQLExtensionException}
+import org.apache.kyuubi.sql.zorder.{OptimizeZorderCommandBase, OptimizeZorderStatement, Zorder, ZorderBytesUtils}
+
+trait ZorderSuiteBase extends KyuubiSparkSQLExtensionTest with ExpressionEvalHelper {
+  override def sparkConf(): SparkConf = {
+    super.sparkConf()
+      .set(
+        StaticSQLConf.SPARK_SESSION_EXTENSIONS.key,
+        "org.apache.kyuubi.sql.KyuubiSparkSQLCommonExtension")
+  }
+
+  test("optimize unpartitioned table") {
+    withSQLConf(SQLConf.SHUFFLE_PARTITIONS.key -> "1") {
+      withTable("up") {
+        sql(s"DROP TABLE IF EXISTS up")
+
+        val target = Seq(
+          Seq(0, 0),
+          Seq(1, 0),
+          Seq(0, 1),
+          Seq(1, 1),
+          Seq(2, 0),
+          Seq(3, 0),
+          Seq(2, 1),
+          Seq(3, 1),
+          Seq(0, 2),
+          Seq(1, 2),
+          Seq(0, 3),
+          Seq(1, 3),
+          Seq(2, 2),
+          Seq(3, 2),
+          Seq(2, 3),
+          Seq(3, 3))
+        sql(s"CREATE TABLE up (c1 INT, c2 INT, c3 INT)")
+        sql(s"INSERT INTO TABLE up VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+
+        val e = intercept[KyuubiSQLExtensionException] {
+          sql("OPTIMIZE up WHERE c1 > 1 ZORDER BY c1, c2")
+        }
+        assert(e.getMessage == "Filters are only supported for partitioned table")
+
+        sql("OPTIMIZE up ZORDER BY c1, c2")
+        val res = sql("SELECT c1, c2 FROM up").collect()
+
+        assert(res.length == 16)
+
+        for (i <- target.indices) {
+          val t = target(i)
+          val r = res(i)
+          assert(t(0) == r.getInt(0))
+          assert(t(1) == r.getInt(1))
+        }
+      }
+    }
+  }
+
+  test("optimize partitioned table") {
+    withSQLConf(SQLConf.SHUFFLE_PARTITIONS.key -> "1") {
+      withTable("p") {
+        sql("DROP TABLE IF EXISTS p")
+
+        val target = Seq(
+          Seq(0, 0),
+          Seq(1, 0),
+          Seq(0, 1),
+          Seq(1, 1),
+          Seq(2, 0),
+          Seq(3, 0),
+          Seq(2, 1),
+          Seq(3, 1),
+          Seq(0, 2),
+          Seq(1, 2),
+          Seq(0, 3),
+          Seq(1, 3),
+          Seq(2, 2),
+          Seq(3, 2),
+          Seq(2, 3),
+          Seq(3, 3))
+
+        sql(s"CREATE TABLE p (c1 INT, c2 INT, c3 INT) PARTITIONED BY (id INT)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 1)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 2)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 1) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 2) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+
+        sql(s"OPTIMIZE p ZORDER BY c1, c2")
+
+        val res1 = sql(s"SELECT c1, c2 FROM p WHERE id = 1").collect()
+        val res2 = sql(s"SELECT c1, c2 FROM p WHERE id = 2").collect()
+
+        assert(res1.length == 16)
+        assert(res2.length == 16)
+
+        for (i <- target.indices) {
+          val t = target(i)
+          val r1 = res1(i)
+          assert(t(0) == r1.getInt(0))
+          assert(t(1) == r1.getInt(1))
+
+          val r2 = res2(i)
+          assert(t(0) == r2.getInt(0))
+          assert(t(1) == r2.getInt(1))
+        }
+      }
+    }
+  }
+
+  test("optimize partitioned table with filters") {
+    withSQLConf(SQLConf.SHUFFLE_PARTITIONS.key -> "1") {
+      withTable("p") {
+        sql("DROP TABLE IF EXISTS p")
+
+        val target1 = Seq(
+          Seq(0, 0),
+          Seq(1, 0),
+          Seq(0, 1),
+          Seq(1, 1),
+          Seq(2, 0),
+          Seq(3, 0),
+          Seq(2, 1),
+          Seq(3, 1),
+          Seq(0, 2),
+          Seq(1, 2),
+          Seq(0, 3),
+          Seq(1, 3),
+          Seq(2, 2),
+          Seq(3, 2),
+          Seq(2, 3),
+          Seq(3, 3))
+        val target2 = Seq(
+          Seq(0, 0),
+          Seq(0, 1),
+          Seq(0, 2),
+          Seq(0, 3),
+          Seq(1, 0),
+          Seq(1, 1),
+          Seq(1, 2),
+          Seq(1, 3),
+          Seq(2, 0),
+          Seq(2, 1),
+          Seq(2, 2),
+          Seq(2, 3),
+          Seq(3, 0),
+          Seq(3, 1),
+          Seq(3, 2),
+          Seq(3, 3))
+        sql(s"CREATE TABLE p (c1 INT, c2 INT, c3 INT) PARTITIONED BY (id INT)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 1)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 2)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 1) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 2) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+
+        val e = intercept[KyuubiSQLExtensionException](
+          sql(s"OPTIMIZE p WHERE id = 1 AND c1 > 1 ZORDER BY c1, c2"))
+        assert(e.getMessage == "Only partition column filters are allowed")
+
+        sql(s"OPTIMIZE p WHERE id = 1 ZORDER BY c1, c2")
+
+        val res1 = sql(s"SELECT c1, c2 FROM p WHERE id = 1").collect()
+        val res2 = sql(s"SELECT c1, c2 FROM p WHERE id = 2").collect()
+
+        assert(res1.length == 16)
+        assert(res2.length == 16)
+
+        for (i <- target1.indices) {
+          val t1 = target1(i)
+          val r1 = res1(i)
+          assert(t1(0) == r1.getInt(0))
+          assert(t1(1) == r1.getInt(1))
+
+          val t2 = target2(i)
+          val r2 = res2(i)
+          assert(t2(0) == r2.getInt(0))
+          assert(t2(1) == r2.getInt(1))
+        }
+      }
+    }
+  }
+
+  test("optimize zorder with datasource table") {
+    // TODO remove this if we support datasource table
+    withTable("t") {
+      sql("CREATE TABLE t (c1 int, c2 int) USING PARQUET")
+      val msg = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE t ZORDER BY c1, c2")
+      }.getMessage
+      assert(msg.contains("only support hive table"))
+    }
+  }
+
+  private def checkZorderTable(
+      enabled: Boolean,
+      cols: String,
+      planHasRepartition: Boolean,
+      resHasSort: Boolean): Unit = {
+    def checkSort(plan: LogicalPlan): Unit = {
+      assert(plan.isInstanceOf[Sort] === resHasSort)
+      plan match {
+        case sort: Sort =>
+          val colArr = cols.split(",")
+          val refs =
+            if (colArr.length == 1) {
+              sort.order.head
+                .child.asInstanceOf[AttributeReference] :: Nil
+            } else {
+              sort.order.head
+                .child.asInstanceOf[Zorder].children.map(_.references.head)
+            }
+          assert(refs.size === colArr.size)
+          refs.zip(colArr).foreach { case (ref, col) =>
+            assert(ref.name === col.trim)
+          }
+        case _ =>
+      }
+    }
+
+    val repartition =
+      if (planHasRepartition) {
+        "/*+ repartition */"
+      } else {
+        ""
+      }
+    withSQLConf("spark.sql.shuffle.partitions" -> "1") {
+      // hive
+      withSQLConf("spark.sql.hive.convertMetastoreParquet" -> "false") {
+        withTable("zorder_t1", "zorder_t2_true", "zorder_t2_false") {
+          sql(
+            s"""
+               |CREATE TABLE zorder_t1 (c1 int, c2 string, c3 long, c4 double) STORED AS PARQUET
+               |TBLPROPERTIES (
+               | 'kyuubi.zorder.enabled' = '$enabled',
+               | 'kyuubi.zorder.cols' = '$cols')
+               |""".stripMargin)
+          val df1 = sql(s"""
+                           |INSERT INTO TABLE zorder_t1
+                           |SELECT $repartition * FROM VALUES(1,'a',2,4D),(2,'b',3,6D)
+                           |""".stripMargin)
+          assert(df1.queryExecution.analyzed.isInstanceOf[InsertIntoHiveTable])
+          checkSort(df1.queryExecution.analyzed.children.head)
+
+          Seq("true", "false").foreach { optimized =>
+            withSQLConf(
+              "spark.sql.hive.convertMetastoreCtas" -> optimized,
+              "spark.sql.hive.convertMetastoreParquet" -> optimized) {
+
+              withListener(
+                s"""
+                   |CREATE TABLE zorder_t2_$optimized STORED AS PARQUET
+                   |TBLPROPERTIES (
+                   | 'kyuubi.zorder.enabled' = '$enabled',
+                   | 'kyuubi.zorder.cols' = '$cols')
+                   |
+                   |SELECT $repartition * FROM
+                   |VALUES(1,'a',2,4D),(2,'b',3,6D) AS t(c1 ,c2 , c3, c4)
+                   |""".stripMargin) { write =>
+                if (optimized.toBoolean) {
+                  assert(write.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+                } else {
+                  assert(write.isInstanceOf[InsertIntoHiveTable])
+                }
+                checkSort(write.query)
+              }
+            }
+          }
+        }
+      }
+
+      // datasource
+      withTable("zorder_t3", "zorder_t4") {
+        sql(
+          s"""
+             |CREATE TABLE zorder_t3 (c1 int, c2 string, c3 long, c4 double) USING PARQUET
+             |TBLPROPERTIES (
+             | 'kyuubi.zorder.enabled' = '$enabled',
+             | 'kyuubi.zorder.cols' = '$cols')
+             |""".stripMargin)
+        val df1 = sql(s"""
+                         |INSERT INTO TABLE zorder_t3
+                         |SELECT $repartition * FROM VALUES(1,'a',2,4D),(2,'b',3,6D)
+                         |""".stripMargin)
+        assert(df1.queryExecution.analyzed.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+        checkSort(df1.queryExecution.analyzed.children.head)
+
+        withListener(
+          s"""
+             |CREATE TABLE zorder_t4 USING PARQUET
+             |TBLPROPERTIES (
+             | 'kyuubi.zorder.enabled' = '$enabled',
+             | 'kyuubi.zorder.cols' = '$cols')
+             |
+             |SELECT $repartition * FROM
+             |VALUES(1,'a',2,4D),(2,'b',3,6D) AS t(c1 ,c2 , c3, c4)
+             |""".stripMargin) { write =>
+          assert(write.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+          checkSort(write.query)
+        }
+      }
+    }
+  }
+
+  test("Support insert zorder by table properties") {
+    withSQLConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING.key -> "false") {
+      checkZorderTable(true, "c1", false, false)
+      checkZorderTable(false, "c1", false, false)
+    }
+    withSQLConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING.key -> "true") {
+      checkZorderTable(true, "", false, false)
+      checkZorderTable(true, "c5", false, false)
+      checkZorderTable(true, "c1,c5", false, false)
+      checkZorderTable(false, "c3", false, false)
+      checkZorderTable(true, "c3", true, false)
+      checkZorderTable(true, "c3", false, true)
+      checkZorderTable(true, "c2,c4", false, true)
+      checkZorderTable(true, "c4, c2, c1, c3", false, true)
+    }
+  }
+
+  test("zorder: check unsupported data type") {
+    def checkZorderPlan(zorder: Expression): Unit = {
+      val msg = intercept[AnalysisException] {
+        val plan = Project(Seq(Alias(zorder, "c")()), OneRowRelation())
+        spark.sessionState.analyzer.checkAnalysis(plan)
+      }.getMessage
+      // before Spark 3.2.0 the null type catalog string is null, after Spark 3.2.0 it's void
+      // see https://github.com/apache/spark/pull/33437
+      assert(msg.contains("Unsupported z-order type:") &&
+        (msg.contains("null") || msg.contains("void")))
+    }
+
+    checkZorderPlan(Zorder(Seq(Literal(null, NullType))))
+    checkZorderPlan(Zorder(Seq(Literal(1, IntegerType), Literal(null, NullType))))
+  }
+
+  test("zorder: check supported data type") {
+    val children = Seq(
+      Literal.create(false, BooleanType),
+      Literal.create(null, BooleanType),
+      Literal.create(1.toByte, ByteType),
+      Literal.create(null, ByteType),
+      Literal.create(1.toShort, ShortType),
+      Literal.create(null, ShortType),
+      Literal.create(1, IntegerType),
+      Literal.create(null, IntegerType),
+      Literal.create(1L, LongType),
+      Literal.create(null, LongType),
+      Literal.create(1f, FloatType),
+      Literal.create(null, FloatType),
+      Literal.create(1d, DoubleType),
+      Literal.create(null, DoubleType),
+      Literal.create("1", StringType),
+      Literal.create(null, StringType),
+      Literal.create(1L, TimestampType),
+      Literal.create(null, TimestampType),
+      Literal.create(1, DateType),
+      Literal.create(null, DateType),
+      Literal.create(BigDecimal(1, 1), DecimalType(1, 1)),
+      Literal.create(null, DecimalType(1, 1)))
+    val zorder = Zorder(children)
+    val plan = Project(Seq(Alias(zorder, "c")()), OneRowRelation())
+    spark.sessionState.analyzer.checkAnalysis(plan)
+    assert(zorder.foldable)
+
+//    // scalastyle:off
+//    val resultGen = org.apache.commons.codec.binary.Hex.encodeHex(
+//      zorder.eval(InternalRow.fromSeq(children)).asInstanceOf[Array[Byte]], false)
+//    resultGen.grouped(2).zipWithIndex.foreach { case (char, i) =>
+//      print("0x" + char(0) + char(1) + ", ")
+//      if ((i + 1) % 10 == 0) {
+//        println()
+//      }
+//    }
+//    // scalastyle:on
+
+    val expected = Array(
+      0xFB, 0xEA, 0xAA, 0xBA, 0xAE, 0xAB, 0xAA, 0xEA, 0xBA, 0xAE, 0xAB, 0xAA, 0xEA, 0xBA, 0xA6,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xBA, 0xBB, 0xAA, 0xAA, 0xAA,
+      0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0x9A, 0xAA, 0xAA,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xEA,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+      0xAA, 0xAA, 0xBE, 0xAA, 0xAA, 0x8A, 0xBA, 0xAA, 0x2A, 0xEA, 0xA8, 0xAA, 0xAA, 0xA2, 0xAA,
+      0xAA, 0x8A, 0xAA, 0xAA, 0x2F, 0xEB, 0xFE)
+      .map(_.toByte)
+    checkEvaluation(zorder, expected, InternalRow.fromSeq(children))
+  }
+
+  private def checkSort(input: DataFrame, expected: Seq[Row], dataType: Array[DataType]): Unit = {
+    withTempDir { dir =>
+      input.repartition(3).write.mode("overwrite").format("parquet").save(dir.getCanonicalPath)
+      val df = spark.read.format("parquet")
+        .load(dir.getCanonicalPath)
+        .repartition(1)
+      assert(df.schema.fields.map(_.dataType).sameElements(dataType))
+      val exprs = Seq("c1", "c2").map(col).map(_.expr)
+      val sortOrder = SortOrder(Zorder(exprs), Ascending, NullsLast, Seq.empty)
+      val zorderSort = Sort(Seq(sortOrder), true, df.logicalPlan)
+      val result = Dataset.ofRows(spark, zorderSort)
+      checkAnswer(result, expected)
+    }
+  }
+
+  test("sort with zorder -- boolean column") {
+    val schema = StructType(StructField("c1", BooleanType) :: StructField("c2", BooleanType) :: Nil)
+    val nonNullDF = spark.createDataFrame(
+      spark.sparkContext.parallelize(
+        Seq(Row(false, false), Row(false, true), Row(true, false), Row(true, true))),
+      schema)
+    val expected =
+      Row(false, false) :: Row(true, false) :: Row(false, true) :: Row(true, true) :: Nil
+    checkSort(nonNullDF, expected, Array(BooleanType, BooleanType))
+    val df = spark.createDataFrame(
+      spark.sparkContext.parallelize(
+        Seq(Row(false, false), Row(false, null), Row(null, false), Row(null, null))),
+      schema)
+    val expected2 =
+      Row(false, false) :: Row(null, false) :: Row(false, null) :: Row(null, null) :: Nil
+    checkSort(df, expected2, Array(BooleanType, BooleanType))
+  }
+
+  test("sort with zorder -- int column") {
+    // TODO: add more datatype unit test
+    val session = spark
+    import session.implicits._
+    // generate 4 * 4 matrix
+    val len = 3
+    val input = spark.range(len + 1).selectExpr("cast(id as int) as c1")
+      .select($"c1", explode(sequence(lit(0), lit(len))) as "c2")
+    val expected =
+      Row(0, 0) :: Row(1, 0) :: Row(0, 1) :: Row(1, 1) ::
+        Row(2, 0) :: Row(3, 0) :: Row(2, 1) :: Row(3, 1) ::
+        Row(0, 2) :: Row(1, 2) :: Row(0, 3) :: Row(1, 3) ::
+        Row(2, 2) :: Row(3, 2) :: Row(2, 3) :: Row(3, 3) :: Nil
+    checkSort(input, expected, Array(IntegerType, IntegerType))
+
+    // contains null value case.
+    val nullDF = spark.range(1).selectExpr("cast(null as int) as c1")
+    val input2 = spark.range(len).selectExpr("cast(id as int) as c1")
+      .union(nullDF)
+      .select(
+        $"c1",
+        explode(concat(sequence(lit(0), lit(len - 1)), array(lit(null)))) as "c2")
+    val expected2 = Row(0, 0) :: Row(1, 0) :: Row(0, 1) :: Row(1, 1) ::
+      Row(2, 0) :: Row(2, 1) :: Row(0, 2) :: Row(1, 2) ::
+      Row(2, 2) :: Row(null, 0) :: Row(null, 1) :: Row(null, 2) ::
+      Row(0, null) :: Row(1, null) :: Row(2, null) :: Row(null, null) :: Nil
+    checkSort(input2, expected2, Array(IntegerType, IntegerType))
+  }
+
+  test("sort with zorder -- string column") {
+    val schema = StructType(StructField("c1", StringType) :: StructField("c2", StringType) :: Nil)
+    val rdd = spark.sparkContext.parallelize(Seq(
+      Row("a", "a"),
+      Row("a", "b"),
+      Row("a", "c"),
+      Row("a", "d"),
+      Row("b", "a"),
+      Row("b", "b"),
+      Row("b", "c"),
+      Row("b", "d"),
+      Row("c", "a"),
+      Row("c", "b"),
+      Row("c", "c"),
+      Row("c", "d"),
+      Row("d", "a"),
+      Row("d", "b"),
+      Row("d", "c"),
+      Row("d", "d")))
+    val input = spark.createDataFrame(rdd, schema)
+    val expected = Row("a", "a") :: Row("b", "a") :: Row("c", "a") :: Row("a", "b") ::
+      Row("a", "c") :: Row("b", "b") :: Row("c", "b") :: Row("b", "c") ::
+      Row("c", "c") :: Row("d", "a") :: Row("d", "b") :: Row("d", "c") ::
+      Row("a", "d") :: Row("b", "d") :: Row("c", "d") :: Row("d", "d") :: Nil
+    checkSort(input, expected, Array(StringType, StringType))
+
+    val rdd2 = spark.sparkContext.parallelize(Seq(
+      Row(null, "a"),
+      Row("a", "b"),
+      Row("a", "c"),
+      Row("a", null),
+      Row("b", "a"),
+      Row(null, "b"),
+      Row("b", null),
+      Row("b", "d"),
+      Row("c", "a"),
+      Row("c", null),
+      Row(null, "c"),
+      Row("c", "d"),
+      Row("d", null),
+      Row("d", "b"),
+      Row("d", "c"),
+      Row(null, "d"),
+      Row(null, null)))
+    val input2 = spark.createDataFrame(rdd2, schema)
+    val expected2 = Row("b", "a") :: Row("c", "a") :: Row("a", "b") :: Row("a", "c") ::
+      Row("d", "b") :: Row("d", "c") :: Row("b", "d") :: Row("c", "d") ::
+      Row(null, "a") :: Row(null, "b") :: Row(null, "c") :: Row(null, "d") ::
+      Row("a", null) :: Row("b", null) :: Row("c", null) :: Row("d", null) ::
+      Row(null, null) :: Nil
+    checkSort(input2, expected2, Array(StringType, StringType))
+  }
+
+  test("test special value of short int long type") {
+    val df1 = spark.createDataFrame(Seq(
+      (-1, -1L),
+      (Int.MinValue, Int.MinValue.toLong),
+      (1, 1L),
+      (Int.MaxValue - 1, Int.MaxValue.toLong),
+      (Int.MaxValue - 1, Int.MaxValue.toLong - 1),
+      (Int.MaxValue, Int.MaxValue.toLong + 1),
+      (Int.MaxValue, Int.MaxValue.toLong))).toDF("c1", "c2")
+    val expected1 =
+      Row(Int.MinValue, Int.MinValue.toLong) ::
+        Row(-1, -1L) ::
+        Row(1, 1L) ::
+        Row(Int.MaxValue - 1, Int.MaxValue.toLong - 1) ::
+        Row(Int.MaxValue - 1, Int.MaxValue.toLong) ::
+        Row(Int.MaxValue, Int.MaxValue.toLong) ::
+        Row(Int.MaxValue, Int.MaxValue.toLong + 1) :: Nil
+    checkSort(df1, expected1, Array(IntegerType, LongType))
+
+    val df2 = spark.createDataFrame(Seq(
+      (-1, -1.toShort),
+      (Short.MinValue.toInt, Short.MinValue),
+      (1, 1.toShort),
+      (Short.MaxValue.toInt, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toInt + 1, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toInt, Short.MaxValue),
+      (Short.MaxValue.toInt + 1, Short.MaxValue))).toDF("c1", "c2")
+    val expected2 =
+      Row(Short.MinValue.toInt, Short.MinValue) ::
+        Row(-1, -1.toShort) ::
+        Row(1, 1.toShort) ::
+        Row(Short.MaxValue.toInt, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toInt, Short.MaxValue) ::
+        Row(Short.MaxValue.toInt + 1, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toInt + 1, Short.MaxValue) :: Nil
+    checkSort(df2, expected2, Array(IntegerType, ShortType))
+
+    val df3 = spark.createDataFrame(Seq(
+      (-1L, -1.toShort),
+      (Short.MinValue.toLong, Short.MinValue),
+      (1L, 1.toShort),
+      (Short.MaxValue.toLong, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toLong + 1, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toLong, Short.MaxValue),
+      (Short.MaxValue.toLong + 1, Short.MaxValue))).toDF("c1", "c2")
+    val expected3 =
+      Row(Short.MinValue.toLong, Short.MinValue) ::
+        Row(-1L, -1.toShort) ::
+        Row(1L, 1.toShort) ::
+        Row(Short.MaxValue.toLong, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toLong, Short.MaxValue) ::
+        Row(Short.MaxValue.toLong + 1, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toLong + 1, Short.MaxValue) :: Nil
+    checkSort(df3, expected3, Array(LongType, ShortType))
+  }
+
+  test("skip zorder if only requires one column") {
+    withTable("t") {
+      withSQLConf("spark.sql.hive.convertMetastoreParquet" -> "false") {
+        sql("CREATE TABLE t (c1 int, c2 string) stored as parquet")
+        val order1 = sql("OPTIMIZE t ZORDER BY c1").queryExecution.analyzed
+          .asInstanceOf[OptimizeZorderCommandBase].query.asInstanceOf[Sort].order.head.child
+        assert(!order1.isInstanceOf[Zorder])
+        assert(order1.isInstanceOf[AttributeReference])
+      }
+    }
+  }
+
+  test("Add config to control if zorder using global sort") {
+    withTable("t") {
+      withSQLConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key -> "false") {
+        sql(
+          """
+            |CREATE TABLE t (c1 int, c2 string) TBLPROPERTIES (
+            |'kyuubi.zorder.enabled'= 'true',
+            |'kyuubi.zorder.cols'= 'c1,c2')
+            |""".stripMargin)
+        val p1 = sql("OPTIMIZE t ZORDER BY c1, c2").queryExecution.analyzed
+        assert(p1.collect {
+          case shuffle: Sort if !shuffle.global => shuffle
+        }.size == 1)
+
+        val p2 = sql("INSERT INTO TABLE t SELECT * FROM VALUES(1,'a')").queryExecution.analyzed
+        assert(p2.collect {
+          case shuffle: Sort if !shuffle.global => shuffle
+        }.size == 1)
+      }
+    }
+  }
+
+  test("fast approach test") {
+    Seq[Seq[Any]](
+      Seq(1L, 2L),
+      Seq(1L, 2L, 3L),
+      Seq(1L, 2L, 3L, 4L),
+      Seq(1L, 2L, 3L, 4L, 5L),
+      Seq(1L, 2L, 3L, 4L, 5L, 6L),
+      Seq(1L, 2L, 3L, 4L, 5L, 6L, 7L),
+      Seq(1L, 2L, 3L, 4L, 5L, 6L, 7L, 8L))
+      .foreach { inputs =>
+        assert(java.util.Arrays.equals(
+          ZorderBytesUtils.interleaveBits(inputs.toArray),
+          ZorderBytesUtils.interleaveBitsDefault(inputs.map(ZorderBytesUtils.toByteArray).toArray)))
+      }
+  }
+
+  test("OPTIMIZE command is parsed as expected") {
+    val parser = createParser
+    val globalSort = spark.conf.get(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED)
+
+    assert(parser.parsePlan("OPTIMIZE p zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(Seq(UnresolvedStar(None)), UnresolvedRelation(TableIdentifier("p"))))))
+
+    assert(parser.parsePlan("OPTIMIZE p zorder by c1, c2") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(
+            Zorder(Seq(UnresolvedAttribute("c1"), UnresolvedAttribute("c2"))),
+            Ascending,
+            NullsLast,
+            Seq.empty) :: Nil,
+          globalSort,
+          Project(Seq(UnresolvedStar(None)), UnresolvedRelation(TableIdentifier("p"))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = 1 zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(UnresolvedAttribute("id"), Literal(1)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = 1 zorder by c1, c2") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(
+            Zorder(Seq(UnresolvedAttribute("c1"), UnresolvedAttribute("c2"))),
+            Ascending,
+            NullsLast,
+            Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(UnresolvedAttribute("id"), Literal(1)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = current_date() zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(
+                UnresolvedAttribute("id"),
+                UnresolvedFunction("current_date", Seq.empty, false)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    // TODO: add following case support
+    intercept[ParseException] {
+      parser.parsePlan("OPTIMIZE p zorder by (c1)")
+    }
+
+    intercept[ParseException] {
+      parser.parsePlan("OPTIMIZE p zorder by (c1, c2)")
+    }
+  }
+
+  test("OPTIMIZE partition predicates constraint") {
+    withTable("p") {
+      sql("CREATE TABLE p (c1 INT, c2 INT) PARTITIONED BY (event_date DATE)")
+      val e1 = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE p WHERE event_date = current_date as c ZORDER BY c1, c2")
+      }
+      assert(e1.getMessage.contains("unsupported partition predicates"))
+
+      val e2 = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE p WHERE c1 = 1 ZORDER BY c1, c2")
+      }
+      assert(e2.getMessage == "Only partition column filters are allowed")
+    }
+  }
+
+  def createParser: ParserInterface
+}
+
+trait ZorderWithCodegenEnabledSuiteBase extends ZorderSuiteBase {
+  override def sparkConf(): SparkConf = {
+    val conf = super.sparkConf
+    conf.set(SQLConf.WHOLESTAGE_CODEGEN_ENABLED.key, "true")
+    conf
+  }
+}
+
+trait ZorderWithCodegenDisabledSuiteBase extends ZorderSuiteBase {
+  override def sparkConf(): SparkConf = {
+    val conf = super.sparkConf
+    conf.set(SQLConf.WHOLESTAGE_CODEGEN_ENABLED.key, "false")
+    conf.set(SQLConf.CODEGEN_FACTORY_MODE.key, "NO_CODEGEN")
+    conf
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
new file mode 100644
index 000000000..b891a7224
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.benchmark
+
+import java.io.{File, FileOutputStream, OutputStream}
+
+import scala.collection.JavaConverters._
+
+import com.google.common.reflect.ClassPath
+import org.scalatest.Assertions._
+
+trait KyuubiBenchmarkBase {
+  var output: Option[OutputStream] = None
+
+  private val prefix = {
+    val benchmarkClasses = ClassPath.from(Thread.currentThread.getContextClassLoader)
+      .getTopLevelClassesRecursive("org.apache.spark.sql").asScala.toArray
+    assert(benchmarkClasses.nonEmpty)
+    val benchmark = benchmarkClasses.find(_.load().getName.endsWith("Benchmark"))
+    val targetDirOrProjDir =
+      new File(benchmark.get.load().getProtectionDomain.getCodeSource.getLocation.toURI)
+        .getParentFile.getParentFile
+    if (targetDirOrProjDir.getName == "target") {
+      targetDirOrProjDir.getParentFile.getCanonicalPath + "/"
+    } else {
+      targetDirOrProjDir.getCanonicalPath + "/"
+    }
+  }
+
+  def withHeader(func: => Unit): Unit = {
+    val version = System.getProperty("java.version").split("\\D+")(0).toInt
+    val jdkString = if (version > 8) s"-jdk$version" else ""
+    val resultFileName =
+      s"${this.getClass.getSimpleName.replace("$", "")}$jdkString-results.txt"
+    val dir = new File(s"${prefix}benchmarks/")
+    if (!dir.exists()) {
+      // scalastyle:off println
+      println(s"Creating ${dir.getAbsolutePath} for benchmark results.")
+      // scalastyle:on println
+      dir.mkdirs()
+    }
+    val file = new File(dir, resultFileName)
+    if (!file.exists()) {
+      file.createNewFile()
+    }
+    output = Some(new FileOutputStream(file))
+
+    func
+
+    output.foreach { o =>
+      if (o != null) {
+        o.close()
+      }
+    }
+  }
+}
diff --git a/pom.xml b/pom.xml
index e0b4e0374..1a1cf4839 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2176,6 +2176,7 @@
         <profile>
             <id>spark-3.4</id>
             <modules>
+                <module>extensions/spark/kyuubi-extension-spark-3-4</module>
                 <module>extensions/spark/kyuubi-spark-connector-hive</module>
                 <module>extensions/spark/kyuubi-spark-connector-kudu</module>
             </modules>

From 7feb5356681f0ce87a0da430ab91b3398ffccbfc Mon Sep 17 00:00:00 2001
From: zhaomin <zhaomin1423@163.com>
Date: Thu, 6 Jul 2023 18:25:12 +0800
Subject: [PATCH 482/760] [KYUUBI #5028] Update session hadoop conf to catalog
 hadoop conf

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5028 from zhaomin1423/fix_hive_connector.

Closes #5028

d9c7e9c8a [zhaomin] Update session hadoop conf to catalog hadoop conf

Authored-by: zhaomin <zhaomin1423@163.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../spark/connector/hive/read/HiveFileIndex.scala    | 12 ++++++++----
 .../kyuubi/spark/connector/hive/read/HiveScan.scala  |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
index 937a9557d..a399cc302 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
@@ -21,6 +21,7 @@ import java.net.URI
 
 import scala.collection.mutable
 
+import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.{FileStatus, Path}
 import org.apache.hadoop.hive.ql.metadata.{Partition => HivePartition, Table}
 import org.apache.spark.sql.SparkSession
@@ -37,7 +38,7 @@ import org.apache.kyuubi.spark.connector.hive.{HiveTableCatalog, KyuubiHiveConne
 class HiveCatalogFileIndex(
     sparkSession: SparkSession,
     val catalogTable: CatalogTable,
-    hiveCatalog: HiveTableCatalog,
+    val hiveCatalog: HiveTableCatalog,
     override val sizeInBytes: Long)
   extends PartitioningAwareFileIndex(
     sparkSession,
@@ -99,14 +100,16 @@ class HiveCatalogFileIndex(
         userSpecifiedSchema = Some(partitionSpec.partitionColumns),
         fileStatusCache = fileStatusCache,
         userSpecifiedPartitionSpec = Some(partitionSpec),
-        metadataOpsTimeNs = Some(timeNs))
+        metadataOpsTimeNs = Some(timeNs),
+        hadoopConf = hiveCatalog.hadoopConfiguration())
     } else {
       new HiveInMemoryFileIndex(
         sparkSession = sparkSession,
         rootPathsSpecified = rootPaths,
         parameters = table.properties,
         userSpecifiedSchema = None,
-        fileStatusCache = fileStatusCache)
+        fileStatusCache = fileStatusCache,
+        hadoopConf = hiveCatalog.hadoopConfiguration())
     }
   }
 
@@ -142,7 +145,8 @@ class HiveInMemoryFileIndex(
     partPathToBindHivePart: Map[PartitionPath, HivePartition] = Map.empty,
     fileStatusCache: FileStatusCache = NoopCache,
     userSpecifiedPartitionSpec: Option[PartitionSpec] = None,
-    override val metadataOpsTimeNs: Option[Long] = None)
+    override val metadataOpsTimeNs: Option[Long] = None,
+    override protected val hadoopConf: Configuration)
   extends InMemoryFileIndex(
     sparkSession,
     rootPathsSpecified,
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
index e71e428b7..5895ecf03 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
@@ -55,7 +55,7 @@ case class HiveScan(
   private val partFileToHivePartMap: mutable.Map[PartitionedFile, HivePartition] = mutable.Map()
 
   override def createReaderFactory(): PartitionReaderFactory = {
-    val hiveConf = sparkSession.sessionState.newHadoopConf()
+    val hiveConf = fileIndex.hiveCatalog.hadoopConfiguration()
     addCatalogTableConfToConf(hiveConf, catalogTable)
 
     val table = HiveClientImpl.toHiveTable(catalogTable)

From da822173883a103dd38cd5583111f213433c9855 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Thu, 6 Jul 2023 18:26:37 +0800
Subject: [PATCH 483/760] [KYUUBI #5023] [KSHC] TableIdentify don't attach
 catalog

### _Why are the changes needed?_

As title, In KSHC, HiveTable's identify does not attach the catalog to prevent an incorrect catalogName. default catalog is "spark_catalog"

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5023 from Yikf/tableName2.

Closes #5023

86b6a58d0 [yikaifei] KSHC v1IdentifierNoCatalog in spark3.4

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../connector/hive/HiveConnectorUtils.scala   |  26 ++
 .../connector/hive/HiveTableCatalog.scala     | 357 +++++++++---------
 .../connector/hive/HiveCatalogSuite.scala     |   4 +-
 3 files changed, 217 insertions(+), 170 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
index 1d2d2b319..d0d0666bb 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
@@ -26,6 +26,7 @@ import org.apache.spark.sql.connector.catalog.TableChange.{AddColumn, After, Col
 import org.apache.spark.sql.execution.command.CommandUtils
 import org.apache.spark.sql.execution.command.CommandUtils.{calculateMultipleLocationSizes, calculateSingleLocationSize}
 import org.apache.spark.sql.execution.datasources.PartitionedFile
+import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.types.{ArrayType, MapType, StructField, StructType}
 
 import org.apache.kyuubi.spark.connector.common.SparkUtils
@@ -253,4 +254,29 @@ object HiveConnectorUtils extends Logging {
 
     new StructType(newFields)
   }
+
+  def withSQLConf[T](pairs: (String, String)*)(f: => T): T = {
+    val conf = SQLConf.get
+    val (keys, values) = pairs.unzip
+    val currentValues = keys.map { key =>
+      if (conf.contains(key)) {
+        Some(conf.getConfString(key))
+      } else {
+        None
+      }
+    }
+    (keys, values).zipped.foreach { (k, v) =>
+      if (SQLConf.isStaticConfigKey(k)) {
+        throw KyuubiHiveConnectorException(s"Cannot modify the value of a static config: $k")
+      }
+      conf.setConfString(k, v)
+    }
+    try f
+    finally {
+      keys.zip(currentValues).foreach {
+        case (key, Some(value)) => conf.setConfString(key, value)
+        case (key, None) => conf.unsetConf(key)
+      }
+    }
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index cfc78940b..2d816c8c4 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -43,6 +43,7 @@ import org.apache.spark.sql.internal.StaticSQLConf.{CATALOG_IMPLEMENTATION, GLOB
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
+import org.apache.kyuubi.spark.connector.hive.HiveConnectorUtils.withSQLConf
 import org.apache.kyuubi.spark.connector.hive.HiveTableCatalog.{toCatalogDatabase, CatalogDatabaseHelper, IdentifierHelper, NamespaceHelper}
 import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorDelegationTokenProvider.metastoreTokenSignature
 
@@ -56,6 +57,8 @@ class HiveTableCatalog(sparkSession: SparkSession)
 
   private val externalCatalogManager = ExternalCatalogManager.getOrCreate(sparkSession)
 
+  private val LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME = "spark.sql.legacy.v1IdentifierNoCatalog"
+
   private val sc = sparkSession.sparkContext
 
   private val sessionState = sparkSession.sessionState
@@ -143,129 +146,136 @@ class HiveTableCatalog(sparkSession: SparkSession)
 
   override val defaultNamespace: Array[String] = Array("default")
 
-  override def listTables(namespace: Array[String]): Array[Identifier] = {
-    namespace match {
-      case Array(db) =>
-        catalog
-          .listTables(db)
-          .map(ident => Identifier.of(ident.database.map(Array(_)).getOrElse(Array()), ident.table))
-          .toArray
-      case _ =>
-        throw new NoSuchNamespaceException(namespace)
+  override def listTables(namespace: Array[String]): Array[Identifier] =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      namespace match {
+        case Array(db) =>
+          catalog
+            .listTables(db)
+            .map(ident =>
+              Identifier.of(ident.database.map(Array(_)).getOrElse(Array()), ident.table))
+            .toArray
+        case _ =>
+          throw new NoSuchNamespaceException(namespace)
+      }
     }
-  }
 
-  override def loadTable(ident: Identifier): Table = {
-    HiveTable(sparkSession, catalog.getTableMetadata(ident.asTableIdentifier), this)
-  }
+  override def loadTable(ident: Identifier): Table =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      HiveTable(sparkSession, catalog.getTableMetadata(ident.asTableIdentifier), this)
+    }
 
   override def createTable(
       ident: Identifier,
       schema: StructType,
       partitions: Array[Transform],
-      properties: util.Map[String, String]): Table = {
-    import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.TransformHelper
-    val (partitionColumns, maybeBucketSpec) = partitions.toSeq.convertTransforms
-    val provider = properties.getOrDefault(TableCatalog.PROP_PROVIDER, conf.defaultDataSourceName)
-    val tableProperties = properties.asScala
-    val location = Option(properties.get(TableCatalog.PROP_LOCATION))
-    val storage = DataSource.buildStorageFormatFromOptions(toOptions(tableProperties.toMap))
-      .copy(locationUri = location.map(CatalogUtils.stringToURI))
-    val isExternal = properties.containsKey(TableCatalog.PROP_EXTERNAL)
-    val tableType =
-      if (isExternal || location.isDefined) {
-        CatalogTableType.EXTERNAL
-      } else {
-        CatalogTableType.MANAGED
+      properties: util.Map[String, String]): Table =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.TransformHelper
+      val (partitionColumns, maybeBucketSpec) = partitions.toSeq.convertTransforms
+      val provider = properties.getOrDefault(TableCatalog.PROP_PROVIDER, conf.defaultDataSourceName)
+      val tableProperties = properties.asScala
+      val location = Option(properties.get(TableCatalog.PROP_LOCATION))
+      val storage = DataSource.buildStorageFormatFromOptions(toOptions(tableProperties.toMap))
+        .copy(locationUri = location.map(CatalogUtils.stringToURI))
+      val isExternal = properties.containsKey(TableCatalog.PROP_EXTERNAL)
+      val tableType =
+        if (isExternal || location.isDefined) {
+          CatalogTableType.EXTERNAL
+        } else {
+          CatalogTableType.MANAGED
+        }
+
+      val tableDesc = CatalogTable(
+        identifier = ident.asTableIdentifier,
+        tableType = tableType,
+        storage = storage,
+        schema = schema,
+        provider = Some(provider),
+        partitionColumnNames = partitionColumns,
+        bucketSpec = maybeBucketSpec,
+        properties = tableProperties.toMap,
+        tracksPartitionsInCatalog = conf.manageFilesourcePartitions,
+        comment = Option(properties.get(TableCatalog.PROP_COMMENT)))
+
+      try {
+        catalog.createTable(tableDesc, ignoreIfExists = false)
+      } catch {
+        case _: TableAlreadyExistsException =>
+          throw new TableAlreadyExistsException(ident)
       }
 
-    val tableDesc = CatalogTable(
-      identifier = ident.asTableIdentifier,
-      tableType = tableType,
-      storage = storage,
-      schema = schema,
-      provider = Some(provider),
-      partitionColumnNames = partitionColumns,
-      bucketSpec = maybeBucketSpec,
-      properties = tableProperties.toMap,
-      tracksPartitionsInCatalog = conf.manageFilesourcePartitions,
-      comment = Option(properties.get(TableCatalog.PROP_COMMENT)))
-
-    try {
-      catalog.createTable(tableDesc, ignoreIfExists = false)
-    } catch {
-      case _: TableAlreadyExistsException =>
-        throw new TableAlreadyExistsException(ident)
+      loadTable(ident)
     }
 
-    loadTable(ident)
-  }
+  override def alterTable(ident: Identifier, changes: TableChange*): Table =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      val catalogTable =
+        try {
+          catalog.getTableMetadata(ident.asTableIdentifier)
+        } catch {
+          case _: NoSuchTableException =>
+            throw new NoSuchTableException(ident)
+        }
+
+      val properties = CatalogV2Util.applyPropertiesChanges(catalogTable.properties, changes)
+      val schema = HiveConnectorUtils.applySchemaChanges(
+        catalogTable.schema,
+        changes)
+      val comment = properties.get(TableCatalog.PROP_COMMENT)
+      val owner = properties.getOrElse(TableCatalog.PROP_OWNER, catalogTable.owner)
+      val location = properties.get(TableCatalog.PROP_LOCATION).map(CatalogUtils.stringToURI)
+      val storage =
+        if (location.isDefined) {
+          catalogTable.storage.copy(locationUri = location)
+        } else {
+          catalogTable.storage
+        }
 
-  override def alterTable(ident: Identifier, changes: TableChange*): Table = {
-    val catalogTable =
       try {
-        catalog.getTableMetadata(ident.asTableIdentifier)
+        catalog.alterTable(
+          catalogTable.copy(
+            properties = properties,
+            schema = schema,
+            owner = owner,
+            comment = comment,
+            storage = storage))
       } catch {
         case _: NoSuchTableException =>
           throw new NoSuchTableException(ident)
       }
 
-    val properties = CatalogV2Util.applyPropertiesChanges(catalogTable.properties, changes)
-    val schema = HiveConnectorUtils.applySchemaChanges(
-      catalogTable.schema,
-      changes)
-    val comment = properties.get(TableCatalog.PROP_COMMENT)
-    val owner = properties.getOrElse(TableCatalog.PROP_OWNER, catalogTable.owner)
-    val location = properties.get(TableCatalog.PROP_LOCATION).map(CatalogUtils.stringToURI)
-    val storage =
-      if (location.isDefined) {
-        catalogTable.storage.copy(locationUri = location)
-      } else {
-        catalogTable.storage
-      }
-
-    try {
-      catalog.alterTable(
-        catalogTable.copy(
-          properties = properties,
-          schema = schema,
-          owner = owner,
-          comment = comment,
-          storage = storage))
-    } catch {
-      case _: NoSuchTableException =>
-        throw new NoSuchTableException(ident)
+      loadTable(ident)
     }
 
-    loadTable(ident)
-  }
-
-  override def dropTable(ident: Identifier): Boolean = {
-    try {
-      if (loadTable(ident) != null) {
-        catalog.dropTable(
-          ident.asTableIdentifier,
-          ignoreIfNotExists = true,
-          purge = true /* skip HDFS trash */ )
-        true
-      } else {
-        false
+  override def dropTable(ident: Identifier): Boolean =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      try {
+        if (loadTable(ident) != null) {
+          catalog.dropTable(
+            ident.asTableIdentifier,
+            ignoreIfNotExists = true,
+            purge = true /* skip HDFS trash */ )
+          true
+        } else {
+          false
+        }
+      } catch {
+        case _: NoSuchTableException =>
+          false
       }
-    } catch {
-      case _: NoSuchTableException =>
-        false
     }
-  }
 
-  override def renameTable(oldIdent: Identifier, newIdent: Identifier): Unit = {
-    if (tableExists(newIdent)) {
-      throw new TableAlreadyExistsException(newIdent)
-    }
+  override def renameTable(oldIdent: Identifier, newIdent: Identifier): Unit =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      if (tableExists(newIdent)) {
+        throw new TableAlreadyExistsException(newIdent)
+      }
 
-    // Load table to make sure the table exists
-    loadTable(oldIdent)
-    catalog.renameTable(oldIdent.asTableIdentifier, newIdent.asTableIdentifier)
-  }
+      // Load table to make sure the table exists
+      loadTable(oldIdent)
+      catalog.renameTable(oldIdent.asTableIdentifier, newIdent.asTableIdentifier)
+    }
 
   private def toOptions(properties: Map[String, String]): Map[String, String] = {
     properties.filterKeys(_.startsWith(TableCatalog.OPTION_PREFIX)).map {
@@ -273,70 +283,78 @@ class HiveTableCatalog(sparkSession: SparkSession)
     }
   }
 
-  override def listNamespaces(): Array[Array[String]] = {
-    catalog.listDatabases().map(Array(_)).toArray
-  }
-
-  override def listNamespaces(namespace: Array[String]): Array[Array[String]] = {
-    namespace match {
-      case Array() =>
-        listNamespaces()
-      case Array(db) if catalog.databaseExists(db) =>
-        Array()
-      case _ =>
-        throw new NoSuchNamespaceException(namespace)
+  override def listNamespaces(): Array[Array[String]] =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      catalog.listDatabases().map(Array(_)).toArray
     }
-  }
 
-  override def loadNamespaceMetadata(namespace: Array[String]): util.Map[String, String] = {
-    namespace match {
-      case Array(db) =>
-        try {
-          catalog.getDatabaseMetadata(db).toMetadata
-        } catch {
-          case _: NoSuchDatabaseException =>
-            throw new NoSuchNamespaceException(namespace)
-        }
+  override def listNamespaces(namespace: Array[String]): Array[Array[String]] =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      namespace match {
+        case Array() =>
+          listNamespaces()
+        case Array(db) if catalog.databaseExists(db) =>
+          Array()
+        case _ =>
+          throw new NoSuchNamespaceException(namespace)
+      }
+    }
 
-      case _ =>
-        throw new NoSuchNamespaceException(namespace)
+  override def loadNamespaceMetadata(namespace: Array[String]): util.Map[String, String] =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      namespace match {
+        case Array(db) =>
+          try {
+            catalog.getDatabaseMetadata(db).toMetadata
+          } catch {
+            case _: NoSuchDatabaseException =>
+              throw new NoSuchNamespaceException(namespace)
+          }
+
+        case _ =>
+          throw new NoSuchNamespaceException(namespace)
+      }
     }
-  }
 
   override def createNamespace(
       namespace: Array[String],
-      metadata: util.Map[String, String]): Unit = namespace match {
-    case Array(db) if !catalog.databaseExists(db) =>
-      catalog.createDatabase(
-        toCatalogDatabase(db, metadata, defaultLocation = Some(catalog.getDefaultDBPath(db))),
-        ignoreIfExists = false)
-
-    case Array(_) =>
-      throw new NamespaceAlreadyExistsException(namespace)
-
-    case _ =>
-      throw new IllegalArgumentException(s"Invalid namespace name: ${namespace.quoted}")
-  }
-
-  override def alterNamespace(namespace: Array[String], changes: NamespaceChange*): Unit = {
-    namespace match {
-      case Array(db) =>
-        // validate that this catalog's reserved properties are not removed
-        changes.foreach {
-          case remove: RemoveProperty if NAMESPACE_RESERVED_PROPERTIES.contains(remove.property) =>
-            throw new UnsupportedOperationException(
-              s"Cannot remove reserved property: ${remove.property}")
-          case _ =>
-        }
-
-        val metadata = catalog.getDatabaseMetadata(db).toMetadata
-        catalog.alterDatabase(
-          toCatalogDatabase(db, CatalogV2Util.applyNamespaceChanges(metadata, changes)))
+      metadata: util.Map[String, String]): Unit =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      namespace match {
+        case Array(db) if !catalog.databaseExists(db) =>
+          catalog.createDatabase(
+            toCatalogDatabase(db, metadata, defaultLocation = Some(catalog.getDefaultDBPath(db))),
+            ignoreIfExists = false)
+
+        case Array(_) =>
+          throw new NamespaceAlreadyExistsException(namespace)
+
+        case _ =>
+          throw new IllegalArgumentException(s"Invalid namespace name: ${namespace.quoted}")
+      }
+    }
 
-      case _ =>
-        throw new NoSuchNamespaceException(namespace)
+  override def alterNamespace(namespace: Array[String], changes: NamespaceChange*): Unit =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      namespace match {
+        case Array(db) =>
+          // validate that this catalog's reserved properties are not removed
+          changes.foreach {
+            case remove: RemoveProperty
+                if NAMESPACE_RESERVED_PROPERTIES.contains(remove.property) =>
+              throw new UnsupportedOperationException(
+                s"Cannot remove reserved property: ${remove.property}")
+            case _ =>
+          }
+
+          val metadata = catalog.getDatabaseMetadata(db).toMetadata
+          catalog.alterDatabase(
+            toCatalogDatabase(db, CatalogV2Util.applyNamespaceChanges(metadata, changes)))
+
+        case _ =>
+          throw new NoSuchNamespaceException(namespace)
+      }
     }
-  }
 
   /**
    * List the metadata of partitions that belong to the specified table, assuming it exists, that
@@ -356,21 +374,24 @@ class HiveTableCatalog(sparkSession: SparkSession)
 
   override def dropNamespace(
       namespace: Array[String],
-      cascade: Boolean): Boolean = namespace match {
-    case Array(db) if catalog.databaseExists(db) =>
-      if (catalog.listTables(db).nonEmpty && !cascade) {
-        throw new IllegalStateException(s"Namespace ${namespace.quoted} is not empty")
+      cascade: Boolean): Boolean =
+    withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
+      namespace match {
+        case Array(db) if catalog.databaseExists(db) =>
+          if (catalog.listTables(db).nonEmpty && !cascade) {
+            throw new IllegalStateException(s"Namespace ${namespace.quoted} is not empty")
+          }
+          catalog.dropDatabase(db, ignoreIfNotExists = false, cascade)
+          true
+
+        case Array(_) =>
+          // exists returned false
+          false
+
+        case _ =>
+          throw new NoSuchNamespaceException(namespace)
       }
-      catalog.dropDatabase(db, ignoreIfNotExists = false, cascade)
-      true
-
-    case Array(_) =>
-      // exists returned false
-      false
-
-    case _ =>
-      throw new NoSuchNamespaceException(namespace)
-  }
+    }
 }
 
 private object HiveTableCatalog {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
index c1575018e..5e0be5ce6 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
@@ -164,7 +164,7 @@ class HiveCatalogSuite extends KyuubiHiveTest {
       catalog.createTable(testIdent, schema, Array.empty[Transform], emptyProps)
 
     val parsed = CatalystSqlParser.parseMultipartIdentifier(table.name)
-    assert(parsed == Seq("db", "test_table") || parsed == Seq("spark_catalog", "db", "test_table"))
+    assert(parsed == Seq("db", "test_table"))
     assert(table.schema == schema)
     assert(filterV2TableProperties(table.properties) == Map())
 
@@ -181,7 +181,7 @@ class HiveCatalogSuite extends KyuubiHiveTest {
     val table = catalog.createTable(testIdent, schema, Array.empty[Transform], properties)
 
     val parsed = CatalystSqlParser.parseMultipartIdentifier(table.name)
-    assert(parsed == Seq("db", "test_table") || parsed == Seq("spark_catalog", "db", "test_table"))
+    assert(parsed == Seq("db", "test_table"))
     assert(table.schema == schema)
     assert(filterV2TableProperties(table.properties).asJava == properties)
 

From 46f8e0ca94e09b7a06ad540b31a70437566ab845 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Thu, 6 Jul 2023 19:21:05 +0800
Subject: [PATCH 484/760] [KYUUBI #5017] [KSHC] Support Parquet/Orc provider is
 splitable

### _Why are the changes needed?_

This PR amins to support Parquet/Orc provider is splitable.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5017 from Yikf/KSHC-support-split.

Closes #5017

9dc3d3d56 [yikaifei] Support Parquet/Orc provider is splitable

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: yikaifei <yikaifei@apache.org>
---
 .../spark/connector/hive/read/HiveScan.scala  | 16 +++++++++++++++-
 .../connector/hive/HiveCatalogSuite.scala     | 19 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
index 5895ecf03..518a9cb68 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
@@ -25,7 +25,7 @@ import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.Path
 import org.apache.hadoop.hive.ql.metadata.{Partition => HivePartition}
 import org.apache.spark.sql.SparkSession
-import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.catalog.{CatalogStorageFormat, CatalogTable}
 import org.apache.spark.sql.catalyst.expressions.{AttributeReference, Expression}
 import org.apache.spark.sql.catalyst.expressions.codegen.GenerateUnsafeProjection
 import org.apache.spark.sql.connector.read.PartitionReaderFactory
@@ -54,6 +54,15 @@ case class HiveScan(
 
   private val partFileToHivePartMap: mutable.Map[PartitionedFile, HivePartition] = mutable.Map()
 
+  override def isSplitable(path: Path): Boolean = {
+    catalogTable.provider.map(_.toUpperCase(Locale.ROOT)).exists {
+      case "PARQUET" => true
+      case "ORC" => true
+      case "HIVE" => isHiveOrcOrParquet(catalogTable.storage)
+      case _ => super.isSplitable(path)
+    }
+  }
+
   override def createReaderFactory(): PartitionReaderFactory = {
     val hiveConf = fileIndex.hiveCatalog.hadoopConfiguration()
     addCatalogTableConfToConf(hiveConf, catalogTable)
@@ -142,6 +151,11 @@ case class HiveScan(
     }
   }
 
+  private def isHiveOrcOrParquet(storage: CatalogStorageFormat): Boolean = {
+    val serde = storage.serde.getOrElse("").toLowerCase(Locale.ROOT)
+    serde.contains("parquet") || serde.contains("orc")
+  }
+
   def toAttributes(structType: StructType): Seq[AttributeReference] =
     structType.map(f => AttributeReference(f.name, f.dataType, f.nullable, f.metadata)())
 }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
index 5e0be5ce6..4719544de 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
@@ -36,6 +36,7 @@ import org.apache.spark.sql.types.{IntegerType, StringType, StructType}
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.spark.connector.hive.HiveTableCatalog.IdentifierHelper
+import org.apache.kyuubi.spark.connector.hive.read.HiveScan
 
 class HiveCatalogSuite extends KyuubiHiveTest {
 
@@ -339,4 +340,22 @@ class HiveCatalogSuite extends KyuubiHiveTest {
 
     catalog.dropNamespace(testNs, cascade = false)
   }
+
+  test("Support Parquet/Orc provider is splitable") {
+    val parquet_table = Identifier.of(testNs, "parquet_table")
+    val parProps: util.Map[String, String] = new util.HashMap[String, String]()
+    parProps.put(TableCatalog.PROP_PROVIDER, "parquet")
+    val pt = catalog.createTable(parquet_table, schema, Array.empty[Transform], parProps)
+    val parScan = pt.asInstanceOf[HiveTable]
+      .newScanBuilder(CaseInsensitiveStringMap.empty()).build().asInstanceOf[HiveScan]
+    assert(parScan.isSplitable(new Path("empty")))
+
+    val orc_table = Identifier.of(testNs, "orc_table")
+    val orcProps: util.Map[String, String] = new util.HashMap[String, String]()
+    orcProps.put(TableCatalog.PROP_PROVIDER, "orc")
+    val ot = catalog.createTable(orc_table, schema, Array.empty[Transform], orcProps)
+    val orcScan = ot.asInstanceOf[HiveTable]
+      .newScanBuilder(CaseInsensitiveStringMap.empty()).build().asInstanceOf[HiveScan]
+    assert(orcScan.isSplitable(new Path("empty")))
+  }
 }

From ea2828070c5d59317f76baefe560fd25eaaf2ecd Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 6 Jul 2023 21:33:50 +0800
Subject: [PATCH 485/760] [KYUUBI #5029] Close the alive probe session after
 engine session closed

### _Why are the changes needed?_

Now the server side session idle time is controlled by kyuubi admin, and the engine session idle time is controlled by users.

If the engine session idle time is short than that of the server session.

The engine session might be closed after engine session idle time, and now the alive probe session will still check the engine alive until the server session idle than the server session idle timeout.

![image](https://github.com/apache/kyuubi/assets/6757692/8d7dbbd3-6883-4e16-8bfd-01236ee26fa9)

In this pr, we will close the alive probe if the engine session transport is not open.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5029 from turboFei/close_alive_session.

Closes #5029

6ac3d9c1f [fwang12] close alive probe session after engine session closed

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/client/KyuubiSyncThriftClient.scala | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index c02851715..6cace4452 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -59,7 +59,7 @@ class KyuubiSyncThriftClient private (
 
   @volatile private var _aliveProbeSessionHandle: TSessionHandle = _
   @volatile private var remoteEngineBroken: Boolean = false
-  @volatile private var clientClosedOnEngineBroken: Boolean = false
+  @volatile private var clientClosedByAliveProbe: Boolean = false
   private val engineAliveProbeClient = engineAliveProbeProtocol.map(new TCLIService.Client(_))
   private var engineAliveThreadPool: ScheduledExecutorService = _
   @volatile private var engineLastAlive: Long = _
@@ -84,7 +84,7 @@ class KyuubiSyncThriftClient private (
       "engine-alive-probe-" + _aliveProbeSessionHandle)
     val task = new Runnable {
       override def run(): Unit = {
-        if (!remoteEngineBroken) {
+        if (!remoteEngineBroken && protocol.getTransport.isOpen) {
           engineAliveProbeClient.foreach { client =>
             val tGetInfoReq = new TGetInfoReq()
             tGetInfoReq.setSessionHandle(_aliveProbeSessionHandle)
@@ -114,7 +114,7 @@ class KyuubiSyncThriftClient private (
               }
             }
           }
-          clientClosedOnEngineBroken = true
+          clientClosedByAliveProbe = true
           shutdownAsyncRequestExecutor()
           Option(engineAliveThreadPool).foreach { pool =>
             ThreadUtils.shutdown(pool, Duration(engineAliveProbeInterval, TimeUnit.MILLISECONDS))
@@ -206,7 +206,7 @@ class KyuubiSyncThriftClient private (
   }
 
   def closeSession(): Unit = {
-    if (clientClosedOnEngineBroken) return
+    if (clientClosedByAliveProbe) return
     try {
       if (_remoteSessionHandle != null) {
         val req = new TCloseSessionReq(_remoteSessionHandle)

From 5915d682b5ea07b96544cabced19264e736a450c Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Fri, 7 Jul 2023 12:04:55 +0800
Subject: [PATCH 486/760] [KYUUBI #5022] [KSHC] CreateTable should use the
 correct provider

### _Why are the changes needed?_

This PR aims to fix a bug, In KSHC, `catalog.createTable` should use the correct provider.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5022 from Yikf/KSHC-createTable.

Closes #5022

cd8cb1cf2 [yikaifei] CreateTable should use the correct provider

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: yikaifei <yikaifei@apache.org>
---
 .../connector/hive/HiveTableCatalog.scala     | 82 +++++++++++++++++--
 .../connector/hive/HiveCatalogSuite.scala     |  1 +
 .../spark/connector/hive/KyuubiHiveTest.scala |  3 +-
 .../hive/command/CreateTableSuite.scala       | 78 ++++++++++++++++++
 4 files changed, 156 insertions(+), 8 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateTableSuite.scala

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index 2d816c8c4..41976b264 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -36,15 +36,16 @@ import org.apache.spark.sql.catalyst.util.quoteIfNeeded
 import org.apache.spark.sql.connector.catalog.{Identifier, NamespaceChange, SupportsNamespaces, Table, TableCatalog, TableChange}
 import org.apache.spark.sql.connector.catalog.NamespaceChange.RemoveProperty
 import org.apache.spark.sql.connector.expressions.Transform
-import org.apache.spark.sql.execution.datasources.DataSource
+import org.apache.spark.sql.execution.command.DDLUtils
 import org.apache.spark.sql.hive.HiveUDFExpressionBuilder
 import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper._
+import org.apache.spark.sql.internal.{HiveSerDe, SQLConf}
 import org.apache.spark.sql.internal.StaticSQLConf.{CATALOG_IMPLEMENTATION, GLOBAL_TEMP_DATABASE}
 import org.apache.spark.sql.types.StructType
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.spark.connector.hive.HiveConnectorUtils.withSQLConf
-import org.apache.kyuubi.spark.connector.hive.HiveTableCatalog.{toCatalogDatabase, CatalogDatabaseHelper, IdentifierHelper, NamespaceHelper}
+import org.apache.kyuubi.spark.connector.hive.HiveTableCatalog.{getStorageFormatAndProvider, toCatalogDatabase, CatalogDatabaseHelper, IdentifierHelper, NamespaceHelper}
 import org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorDelegationTokenProvider.metastoreTokenSignature
 
 /**
@@ -173,11 +174,14 @@ class HiveTableCatalog(sparkSession: SparkSession)
     withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
       import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.TransformHelper
       val (partitionColumns, maybeBucketSpec) = partitions.toSeq.convertTransforms
-      val provider = properties.getOrDefault(TableCatalog.PROP_PROVIDER, conf.defaultDataSourceName)
-      val tableProperties = properties.asScala
       val location = Option(properties.get(TableCatalog.PROP_LOCATION))
-      val storage = DataSource.buildStorageFormatFromOptions(toOptions(tableProperties.toMap))
-        .copy(locationUri = location.map(CatalogUtils.stringToURI))
+      val maybeProvider = Option(properties.get(TableCatalog.PROP_PROVIDER))
+      val (storage, provider) =
+        getStorageFormatAndProvider(
+          maybeProvider,
+          location,
+          properties.asScala.toMap)
+      val tableProperties = properties.asScala
       val isExternal = properties.containsKey(TableCatalog.PROP_EXTERNAL)
       val tableType =
         if (isExternal || location.isDefined) {
@@ -394,7 +398,7 @@ class HiveTableCatalog(sparkSession: SparkSession)
     }
 }
 
-private object HiveTableCatalog {
+private object HiveTableCatalog extends Logging {
   private def toCatalogDatabase(
       db: String,
       metadata: util.Map[String, String],
@@ -410,6 +414,70 @@ private object HiveTableCatalog {
         Seq(SupportsNamespaces.PROP_COMMENT, SupportsNamespaces.PROP_LOCATION))
   }
 
+  private def getStorageFormatAndProvider(
+      provider: Option[String],
+      location: Option[String],
+      options: Map[String, String]): (CatalogStorageFormat, String) = {
+    val nonHiveStorageFormat = CatalogStorageFormat.empty.copy(
+      locationUri = location.map(CatalogUtils.stringToURI),
+      properties = options)
+
+    val conf = SQLConf.get
+    val defaultHiveStorage = HiveSerDe.getDefaultStorage(conf).copy(
+      locationUri = location.map(CatalogUtils.stringToURI),
+      properties = options)
+
+    if (provider.isDefined) {
+      (nonHiveStorageFormat, provider.get)
+    } else if (serdeIsDefined(options)) {
+      val maybeSerde = options.get("hive.serde")
+      val maybeStoredAs = options.get("hive.stored-as")
+      val maybeInputFormat = options.get("hive.input-format")
+      val maybeOutputFormat = options.get("hive.output-format")
+      val storageFormat = if (maybeStoredAs.isDefined) {
+        // If `STORED AS fileFormat` is used, infer inputFormat, outputFormat and serde from it.
+        HiveSerDe.sourceToSerDe(maybeStoredAs.get) match {
+          case Some(hiveSerde) =>
+            defaultHiveStorage.copy(
+              inputFormat = hiveSerde.inputFormat.orElse(defaultHiveStorage.inputFormat),
+              outputFormat = hiveSerde.outputFormat.orElse(defaultHiveStorage.outputFormat),
+              // User specified serde takes precedence over the one inferred from file format.
+              serde = maybeSerde.orElse(hiveSerde.serde).orElse(defaultHiveStorage.serde),
+              properties = options ++ defaultHiveStorage.properties)
+          case _ => throw KyuubiHiveConnectorException(s"Unsupported serde ${maybeSerde.get}.")
+        }
+      } else {
+        defaultHiveStorage.copy(
+          inputFormat =
+            maybeInputFormat.orElse(defaultHiveStorage.inputFormat),
+          outputFormat =
+            maybeOutputFormat.orElse(defaultHiveStorage.outputFormat),
+          serde = maybeSerde.orElse(defaultHiveStorage.serde),
+          properties = options ++ defaultHiveStorage.properties)
+      }
+      (storageFormat, DDLUtils.HIVE_PROVIDER)
+    } else {
+      val createHiveTableByDefault = conf.getConf(SQLConf.LEGACY_CREATE_HIVE_TABLE_BY_DEFAULT)
+      if (!createHiveTableByDefault) {
+        (nonHiveStorageFormat, conf.defaultDataSourceName)
+      } else {
+        logWarning("A Hive serde table will be created as there is no table provider " +
+          s"specified. You can set ${SQLConf.LEGACY_CREATE_HIVE_TABLE_BY_DEFAULT.key} to false " +
+          "so that native data source table will be created instead.")
+        (defaultHiveStorage, DDLUtils.HIVE_PROVIDER)
+      }
+    }
+  }
+
+  private def serdeIsDefined(options: Map[String, String]): Boolean = {
+    val maybeStoredAs = options.get("hive.stored-as")
+    val maybeInputFormat = options.get("hive.input-format")
+    val maybeOutputFormat = options.get("hive.output-format")
+    val maybeSerde = options.get("hive.serde")
+    maybeStoredAs.isDefined || maybeInputFormat.isDefined ||
+    maybeOutputFormat.isDefined || maybeSerde.isDefined
+  }
+
   implicit class NamespaceHelper(namespace: Array[String]) {
     def quoted: String = namespace.map(quoteIfNeeded).mkString(".")
   }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
index 4719544de..f43dafd11 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveCatalogSuite.scala
@@ -220,6 +220,7 @@ class HiveCatalogSuite extends KyuubiHiveTest {
 
   test("createTable: location") {
     val properties = new util.HashMap[String, String]()
+    properties.put(TableCatalog.PROP_PROVIDER, "parquet")
     assert(!catalog.tableExists(testIdent))
 
     // default location
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala
index d0b17dc05..400afdb3e 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala
@@ -35,7 +35,8 @@ abstract class KyuubiHiveTest extends QueryTest with Logging {
       TableCatalog.PROP_PROVIDER,
       TableCatalog.PROP_OWNER,
       TableCatalog.PROP_EXTERNAL,
-      TableCatalog.PROP_IS_MANAGED_LOCATION)
+      TableCatalog.PROP_IS_MANAGED_LOCATION,
+      "transient_lastDdlTime")
 
   protected val NAMESPACE_RESERVED_PROPERTIES =
     Seq(
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateTableSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateTableSuite.scala
new file mode 100644
index 000000000..d26ec4209
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateTableSuite.scala
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.spark.connector.hive.command
+
+import org.apache.spark.sql.connector.catalog.Identifier
+
+import org.apache.kyuubi.spark.connector.hive.{HiveTable, HiveTableCatalog}
+import org.apache.kyuubi.spark.connector.hive.command.DDLCommandTestUtils.V2_COMMAND_VERSION
+
+class CreateTableSuite extends DDLCommandTestUtils {
+
+  override protected def command: String = "CREATE TABLE"
+
+  override protected def catalogVersion: String = "Hive V2"
+
+  override protected def commandVersion: String = V2_COMMAND_VERSION
+
+  test("Create datasource table") {
+    val hiveCatalog = spark.sessionState.catalogManager
+      .catalog(catalogName).asInstanceOf[HiveTableCatalog]
+    val table = "hive.default.employee"
+    Seq("parquet", "orc").foreach { provider =>
+      withTable(table) {
+        sql(
+          s"""
+             | CREATE TABLE IF NOT EXISTS
+             | $table (id String, year String, month string)
+             | USING $provider
+             | PARTITIONED BY (year, month)
+             |""".stripMargin).collect()
+        val employee = Identifier.of(Array("default"), "employee")
+        val loadTable = hiveCatalog.loadTable(employee)
+        assert(loadTable.isInstanceOf[HiveTable])
+        val catalogTable = loadTable.asInstanceOf[HiveTable].catalogTable
+        assert(catalogTable.provider.isDefined)
+        assert(catalogTable.provider.get.equalsIgnoreCase(provider))
+      }
+    }
+  }
+
+  test("Create hive table") {
+    val hiveCatalog = spark.sessionState.catalogManager
+      .catalog(catalogName).asInstanceOf[HiveTableCatalog]
+    val table = "hive.default.employee"
+    Seq("parquet", "orc").foreach { provider =>
+      withTable(table) {
+        sql(
+          s"""
+             | CREATE TABLE IF NOT EXISTS
+             | $table (id String, year String, month string)
+             | STORED AS $provider
+             | PARTITIONED BY (year, month)
+             |""".stripMargin).collect()
+        val employee = Identifier.of(Array("default"), "employee")
+        val loadTable = hiveCatalog.loadTable(employee)
+        assert(loadTable.isInstanceOf[HiveTable])
+        val catalogTable = loadTable.asInstanceOf[HiveTable].catalogTable
+        assert(catalogTable.provider.isDefined)
+        assert(catalogTable.provider.get.equalsIgnoreCase("hive"))
+        assert(catalogTable.storage.serde.getOrElse("Unknown").contains(provider))
+      }
+    }
+  }
+}

From 76daa01681f9ecc04b8e8fcdd3c31ea3dfa56d77 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 7 Jul 2023 18:05:05 +0800
Subject: [PATCH 487/760] [KYUUBI #5019] Shows details of compilation info in
 SparkUI's engine tab

### _Why are the changes needed?_

Adding compilation details info in SparkUI's Engine tab
- shows details of kyuubi version, including revision, revision time and branch
- show compilation version of Spark, Scala, Hadoop and  Hive

![image](https://github.com/apache/kyuubi/assets/1935105/2d58d637-5eef-47b3-94d6-eef923cbc632)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5019 from bowenliang123/enginetab-info.

Closes #5019

3ea108bd6 [liangbowen] shows Compilation Info in SparkUI's Engine tab

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../main/scala/org/apache/spark/ui/EnginePage.scala   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
index 83626dac5..7188ac62f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EnginePage.scala
@@ -29,7 +29,7 @@ import org.apache.commons.text.StringEscapeUtils
 import org.apache.spark.ui.TableSourceUtil._
 import org.apache.spark.ui.UIUtils._
 
-import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
+import org.apache.kyuubi._
 import org.apache.kyuubi.engine.spark.events.{SessionEvent, SparkOperationEvent}
 
 case class EnginePage(parent: EngineTab) extends WebUIPage("") {
@@ -58,6 +58,15 @@ case class EnginePage(parent: EngineTab) extends WebUIPage("") {
         <strong>Kyuubi Version: </strong>
         {KYUUBI_VERSION}
       </li>
+      <li>
+        <strong>Compilation Revision:</strong>
+        {REVISION.substring(0, 7)} ({REVISION_TIME}), branch {BRANCH}
+      </li>
+      <li>
+        <strong>Compilation with:</strong>
+        Spark {SPARK_COMPILE_VERSION}, Scala {SCALA_COMPILE_VERSION},
+          Hadoop {HADOOP_COMPILE_VERSION}, Hive {HIVE_COMPILE_VERSION}
+      </li>
       <li>
         <strong>Started at: </strong>
         {new Date(parent.startTime)}

From 59838015ce1b876c53fa618f8700d18a28001888 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Jul 2023 10:16:30 +0000
Subject: [PATCH 488/760] Bump grpc-protobuf from 1.48.0 to 1.53.0 (#5024)

---
 dev/dependencyList | 16 ++++++++--------
 pom.xml            |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index f533a4fd5..05f694040 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -38,14 +38,14 @@ failsafe/2.4.4//failsafe-2.4.4.jar
 failureaccess/1.0.1//failureaccess-1.0.1.jar
 flatbuffers-java/1.12.0//flatbuffers-java-1.12.0.jar
 fliptables/1.0.2//fliptables-1.0.2.jar
-grpc-api/1.48.0//grpc-api-1.48.0.jar
-grpc-context/1.48.0//grpc-context-1.48.0.jar
-grpc-core/1.48.0//grpc-core-1.48.0.jar
-grpc-grpclb/1.48.0//grpc-grpclb-1.48.0.jar
-grpc-netty/1.48.0//grpc-netty-1.48.0.jar
-grpc-protobuf-lite/1.48.0//grpc-protobuf-lite-1.48.0.jar
-grpc-protobuf/1.48.0//grpc-protobuf-1.48.0.jar
-grpc-stub/1.48.0//grpc-stub-1.48.0.jar
+grpc-api/1.53.0//grpc-api-1.53.0.jar
+grpc-context/1.53.0//grpc-context-1.53.0.jar
+grpc-core/1.53.0//grpc-core-1.53.0.jar
+grpc-grpclb/1.53.0//grpc-grpclb-1.53.0.jar
+grpc-netty/1.53.0//grpc-netty-1.53.0.jar
+grpc-protobuf-lite/1.53.0//grpc-protobuf-lite-1.53.0.jar
+grpc-protobuf/1.53.0//grpc-protobuf-1.53.0.jar
+grpc-stub/1.53.0//grpc-stub-1.53.0.jar
 gson/2.9.0//gson-2.9.0.jar
 guava/32.0.1-jre//guava-32.0.1-jre.jar
 hadoop-client-api/3.3.5//hadoop-client-api-3.3.5.jar
diff --git a/pom.xml b/pom.xml
index 1a1cf4839..e686da143 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@
         <flink.archive.mirror>${apache.archive.dist}/flink/flink-${flink.version}</flink.archive.mirror>
         <flink.archive.download.skip>false</flink.archive.download.skip>
         <google.jsr305.version>3.0.2</google.jsr305.version>
-        <grpc.version>1.48.0</grpc.version>
+        <grpc.version>1.53.0</grpc.version>
         <guava.version>32.0.1-jre</guava.version>
         <guava.failureaccess.version>1.0.1</guava.failureaccess.version>
         <hadoop.version>3.3.5</hadoop.version>

From e36d5d3fc96569eee8e6f8092b6a2ca4974bb2ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Jul 2023 02:16:30 +0000
Subject: [PATCH 489/760] Bump tough-cookie from 4.0.0 to 4.1.3 in
 /kyuubi-server/web-ui (#5034)

---
 kyuubi-server/web-ui/package-lock.json | 74 +++++++++++++++++++++-----
 kyuubi-server/web-ui/pnpm-lock.yaml    | 30 ++++++++---
 2 files changed, 83 insertions(+), 21 deletions(-)

diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index d91bd2f04..a4c883c18 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -3552,6 +3552,12 @@
         "node": ">=6"
       }
     },
+    "node_modules/querystringify": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
+      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==",
+      "dev": true
+    },
     "node_modules/queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -3607,6 +3613,12 @@
         "url": "https://github.com/sponsors/mysticatea"
       }
     },
+    "node_modules/requires-port": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
+      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==",
+      "dev": true
+    },
     "node_modules/resolve-from": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
@@ -3925,14 +3937,15 @@
       }
     },
     "node_modules/tough-cookie": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.0.0.tgz",
-      "integrity": "sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+      "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
       "dev": true,
       "dependencies": {
         "psl": "^1.1.33",
         "punycode": "^2.1.1",
-        "universalify": "^0.1.2"
+        "universalify": "^0.2.0",
+        "url-parse": "^1.5.3"
       },
       "engines": {
         "node": ">=6"
@@ -4024,9 +4037,9 @@
       "dev": true
     },
     "node_modules/universalify": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
-      "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==",
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
+      "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==",
       "dev": true,
       "engines": {
         "node": ">= 4.0.0"
@@ -4041,6 +4054,16 @@
         "punycode": "^2.1.0"
       }
     },
+    "node_modules/url-parse": {
+      "version": "1.5.10",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
+      "dev": true,
+      "dependencies": {
+        "querystringify": "^2.1.1",
+        "requires-port": "^1.0.0"
+      }
+    },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
@@ -6969,6 +6992,12 @@
       "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==",
       "dev": true
     },
+    "querystringify": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
+      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==",
+      "dev": true
+    },
     "queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -7001,6 +7030,12 @@
       "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==",
       "dev": true
     },
+    "requires-port": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
+      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==",
+      "dev": true
+    },
     "resolve-from": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
@@ -7225,14 +7260,15 @@
       }
     },
     "tough-cookie": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.0.0.tgz",
-      "integrity": "sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+      "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
       "dev": true,
       "requires": {
         "psl": "^1.1.33",
         "punycode": "^2.1.1",
-        "universalify": "^0.1.2"
+        "universalify": "^0.2.0",
+        "url-parse": "^1.5.3"
       }
     },
     "tr46": {
@@ -7293,9 +7329,9 @@
       "dev": true
     },
     "universalify": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
-      "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==",
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
+      "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==",
       "dev": true
     },
     "uri-js": {
@@ -7307,6 +7343,16 @@
         "punycode": "^2.1.0"
       }
     },
+    "url-parse": {
+      "version": "1.5.10",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
+      "dev": true,
+      "requires": {
+        "querystringify": "^2.1.1",
+        "requires-port": "^1.0.0"
+      }
+    },
     "util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 47aecc959..398e51691 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -1,4 +1,4 @@
-lockfileVersion: '6.1'
+lockfileVersion: '6.0'
 
 settings:
   autoInstallPeers: true
@@ -1880,7 +1880,7 @@ packages:
       parse5: 7.0.0
       saxes: 6.0.0
       symbol-tree: 3.2.4
-      tough-cookie: 4.0.0
+      tough-cookie: 4.1.3
       w3c-hr-time: 1.0.2
       w3c-xmlserializer: 3.0.0
       webidl-conversions: 7.0.0
@@ -2290,6 +2290,10 @@ packages:
     engines: {node: '>=6'}
     dev: true
 
+  /querystringify@2.2.0:
+    resolution: {integrity: sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==}
+    dev: true
+
   /queue-microtask@1.2.3:
     resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
     dev: true
@@ -2310,6 +2314,10 @@ packages:
     engines: {node: '>=8'}
     dev: true
 
+  /requires-port@1.0.0:
+    resolution: {integrity: sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==}
+    dev: true
+
   /resolve-from@4.0.0:
     resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
     engines: {node: '>=4'}
@@ -2505,13 +2513,14 @@ packages:
       is-number: 7.0.0
     dev: true
 
-  /tough-cookie@4.0.0:
-    resolution: {integrity: sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==}
+  /tough-cookie@4.1.3:
+    resolution: {integrity: sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==}
     engines: {node: '>=6'}
     dependencies:
       psl: 1.9.0
       punycode: 2.1.1
-      universalify: 0.1.2
+      universalify: 0.2.0
+      url-parse: 1.5.10
     dev: true
 
   /tr46@3.0.0:
@@ -2568,8 +2577,8 @@ packages:
     resolution: {integrity: sha512-TrY6DsjTQQgyS3E3dBaOXf0TpPD8u9FVrVYmKVegJuFw51n/YB9XPt+U6ydzFG5ZIN7+DIjPbNmXoBj9esYhgQ==}
     dev: true
 
-  /universalify@0.1.2:
-    resolution: {integrity: sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==}
+  /universalify@0.2.0:
+    resolution: {integrity: sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==}
     engines: {node: '>= 4.0.0'}
     dev: true
 
@@ -2579,6 +2588,13 @@ packages:
       punycode: 2.1.1
     dev: true
 
+  /url-parse@1.5.10:
+    resolution: {integrity: sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==}
+    dependencies:
+      querystringify: 2.2.0
+      requires-port: 1.0.0
+    dev: true
+
   /util-deprecate@1.0.2:
     resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
     dev: true

From 7210234a1c94ee7d822f9b9923e5bb4e62479bb0 Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Mon, 10 Jul 2023 12:27:22 +0800
Subject: [PATCH 490/760] [KYUUBI #4187][FOLLOWUP] Windows build-info script
 supports revision time

### _Why are the changes needed?_
followup : #4187

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5032 from cxzl25/PR_4187_followup.

Closes #4187

f0b6c89df [sychen] cmd revision_time

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/kyuubi-build-info.cmd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build/kyuubi-build-info.cmd b/build/kyuubi-build-info.cmd
index 7717b48e4..d9e8e6c6a 100755
--- a/build/kyuubi-build-info.cmd
+++ b/build/kyuubi-build-info.cmd
@@ -36,6 +36,7 @@ echo kyuubi_trino_version=%~9
 echo user=%username%
 
 FOR /F %%i IN ('git rev-parse HEAD') DO SET "revision=%%i"
+FOR /F "delims=" %%i IN ('git show -s --format^=%%ci HEAD') DO SET "revision_time=%%i"
 FOR /F %%i IN ('git rev-parse --abbrev-ref HEAD') DO SET "branch=%%i"
 FOR /F %%i IN ('git config --get remote.origin.url') DO SET "url=%%i"
 
@@ -44,6 +45,7 @@ FOR /f %%i IN ("%TIME%") DO SET current_time=%%i
 set date=%current_date%_%current_time%
 
 echo revision=%revision%
+echo revision_time=%revision_time%
 echo branch=%branch%
 echo date=%date%
 echo url=%url%

From 47562b464bd4b7a384ee219aabc5fe7b4e1aa364 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 10 Jul 2023 12:28:10 +0800
Subject: [PATCH 491/760] [KYUUBI #4847][FOLLOWUP] Close the session
 immediately when engine connection closed

### _Why are the changes needed?_

If the session between kyuubi server and kyuubi engine has been inactive, we should close the kyuubi session as well.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5031 from turboFei/close_session_inactive.

Closes #4847

2eea080b5 [fwang12] fix
964ead778 [fwang12] check engine connection alive
62642f734 [fwang12] save

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/client/KyuubiSyncThriftClient.scala  |  6 ++++--
 .../org/apache/kyuubi/session/KyuubiSessionImpl.scala  |  3 ++-
 .../apache/kyuubi/session/KyuubiSessionManager.scala   | 10 +++++++---
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
index 6cace4452..ad7191c09 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/client/KyuubiSyncThriftClient.scala
@@ -52,6 +52,8 @@ class KyuubiSyncThriftClient private (
   @volatile private var _engineUrl: Option[String] = _
   @volatile private var _engineName: Option[String] = _
 
+  private[kyuubi] def engineConnectionClosed: Boolean = !protocol.getTransport.isOpen
+
   private val lock = new ReentrantLock()
 
   // Visible for testing.
@@ -84,7 +86,7 @@ class KyuubiSyncThriftClient private (
       "engine-alive-probe-" + _aliveProbeSessionHandle)
     val task = new Runnable {
       override def run(): Unit = {
-        if (!remoteEngineBroken && protocol.getTransport.isOpen) {
+        if (!remoteEngineBroken && !engineConnectionClosed) {
           engineAliveProbeClient.foreach { client =>
             val tGetInfoReq = new TGetInfoReq()
             tGetInfoReq.setSessionHandle(_aliveProbeSessionHandle)
@@ -134,7 +136,7 @@ class KyuubiSyncThriftClient private (
    * Lock every rpc call to send them sequentially
    */
   private def withLockAcquired[T](block: => T): T = Utils.withLockRequired(lock) {
-    if (!protocol.getTransport.isOpen) {
+    if (engineConnectionClosed) {
       throw KyuubiSQLException.connectionDoesNotExist()
     }
     block
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 237eb3ca6..809be86f3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -291,8 +291,9 @@ class KyuubiSessionImpl(
   var engineAliveMaxFailCount = 3
   var engineAliveFailCount = 0
 
-  def checkEngineAlive(): Boolean = {
+  def checkEngineConnectionAlive(): Boolean = {
     try {
+      if (Option(client).exists(_.engineConnectionClosed)) return false
       if (!aliveProbeEnabled) return true
       getInfo(TGetInfoType.CLI_DBMS_VER)
       engineLastAlive = System.currentTimeMillis()
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 6e74bedbf..d2547bca9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -63,7 +63,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   private var batchLimiter: Option[SessionLimiter] = None
   lazy val (signingPrivateKey, signingPublicKey) = SignUtils.generateKeyPair()
 
-  private val engineAliveChecker =
+  private val engineConnectionAliveChecker =
     ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-engine-alive-checker")
 
   override def initialize(conf: KyuubiConf): Unit = {
@@ -350,7 +350,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     val interval = conf.get(KyuubiConf.ENGINE_ALIVE_PROBE_INTERVAL)
     val checkTask: Runnable = () => {
       allSessions().foreach { session =>
-        if (!session.asInstanceOf[KyuubiSessionImpl].checkEngineAlive()) {
+        if (!session.asInstanceOf[KyuubiSessionImpl].checkEngineConnectionAlive()) {
           try {
             closeSession(session.handle)
             logger.info(s"The session ${session.handle} has been closed " +
@@ -362,7 +362,11 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
         }
       }
     }
-    engineAliveChecker.scheduleWithFixedDelay(checkTask, interval, interval, TimeUnit.MILLISECONDS)
+    engineConnectionAliveChecker.scheduleWithFixedDelay(
+      checkTask,
+      interval,
+      interval,
+      TimeUnit.MILLISECONDS)
   }
 
 }

From 8d0010dee079c06b5fca87da4cbf13cdd7429c7d Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Mon, 10 Jul 2023 12:29:55 +0800
Subject: [PATCH 492/760] [KYUUBI #4938][FLINK] Implement Kyuubi UDF in Flink
 engine

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5014 from link3280/KYUUBI-4938.

Closes #4938

c43d480f9 [Paul Lin] [KYUUBI #4938][FLINK] Update function description
0dd991f03 [Paul Lin] [KYUUBI #4938][FLINK] Fix compatibility problems with Flink 1.16
7e6a3b184 [Paul Lin] [KYUUBI #4938][FLINK] Fix inconsistent istant in engine names
6ecde4c60 [Paul Lin] [KYUUBI #4938][FLINK] Implement Kyuubi UDF in Flink engine

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/flink/FlinkSQLEngine.scala  |  53 ++++---
 .../flink/session/FlinkSessionImpl.scala      |   5 +-
 .../kyuubi/engine/flink/udf/KDFRegistry.scala | 150 ++++++++++++++++++
 .../flink/udf/KyuubiDefinedFunction.scala     |  34 ++++
 .../operation/FlinkOperationLocalSuite.scala  |  29 +++-
 .../operation/FlinkOperationOnYarnSuite.scala |  29 +++-
 .../spark/udf/KyuubiDefinedFunction.scala     |   2 +-
 7 files changed, 278 insertions(+), 24 deletions(-)
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KyuubiDefinedFunction.scala

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 48a354b0f..99a9ee56b 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -31,6 +31,7 @@ import org.apache.flink.table.gateway.service.context.DefaultContext
 import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.Utils.{addShutdownHook, currentUser, FLINK_ENGINE_SHUTDOWN_PRIORITY}
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_NAME, KYUUBI_SESSION_USER_KEY}
 import org.apache.kyuubi.engine.flink.FlinkSQLEngine.{countDownLatch, currentEngine}
 import org.apache.kyuubi.service.Serverable
 import org.apache.kyuubi.util.SignalRegister
@@ -92,26 +93,7 @@ object FlinkSQLEngine extends Logging {
       flinkConf.addAll(Configuration.fromMap(flinkConfFromArgs.asJava))
 
       val executionTarget = flinkConf.getString(DeploymentOptions.TARGET)
-      // set cluster name for per-job and application mode
-      executionTarget match {
-        case "yarn-per-job" | "yarn-application" =>
-          if (!flinkConf.containsKey("yarn.application.name")) {
-            val appName = s"kyuubi_${user}_flink_${Instant.now}"
-            flinkConf.setString("yarn.application.name", appName)
-          }
-          if (flinkConf.containsKey("high-availability.cluster-id")) {
-            flinkConf.setString(
-              "yarn.application.id",
-              flinkConf.toMap.get("high-availability.cluster-id"))
-          }
-        case "kubernetes-application" =>
-          if (!flinkConf.containsKey("kubernetes.cluster-id")) {
-            val appName = s"kyuubi-${user}-flink-${Instant.now}"
-            flinkConf.setString("kubernetes.cluster-id", appName)
-          }
-        case other =>
-          debug(s"Skip generating app name for execution target $other")
-      }
+      setDeploymentConf(executionTarget, flinkConf)
 
       kyuubiConf.setIfMissing(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
 
@@ -153,4 +135,35 @@ object FlinkSQLEngine extends Logging {
     res.await()
     info("Initial Flink SQL finished.")
   }
+
+  private def setDeploymentConf(executionTarget: String, flinkConf: Configuration): Unit = {
+    // forward kyuubi engine variables to flink configuration
+    val instant = Instant.now
+    val engineName = s"kyuubi_${user}_flink_$instant"
+    flinkConf.setString(KYUUBI_ENGINE_NAME, engineName)
+
+    kyuubiConf.getOption(KYUUBI_SESSION_USER_KEY).foreach(user =>
+      flinkConf.setString(KYUUBI_SESSION_USER_KEY, user))
+
+    // set cluster name for per-job and application mode
+    executionTarget match {
+      case "yarn-per-job" | "yarn-application" =>
+        if (!flinkConf.containsKey("yarn.application.name")) {
+          val appName = engineName
+          flinkConf.setString("yarn.application.name", appName)
+        }
+        if (flinkConf.containsKey("high-availability.cluster-id")) {
+          flinkConf.setString(
+            "yarn.application.id",
+            flinkConf.toMap.get("high-availability.cluster-id"))
+        }
+      case "kubernetes-application" =>
+        if (!flinkConf.containsKey("kubernetes.cluster-id")) {
+          val appName = s"kyuubi-${user}-flink-$instant"
+          flinkConf.setString("kubernetes.cluster-id", appName)
+        }
+      case other =>
+        debug(s"Skip generating app name for execution target $other")
+    }
+  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
index 10a48f1a1..b8d1f8569 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSessionImpl.scala
@@ -30,6 +30,7 @@ import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtoco
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.engine.flink.udf.KDFRegistry
 import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager, USE_CATALOG, USE_DATABASE}
 
 class FlinkSessionImpl(
@@ -46,10 +47,12 @@ class FlinkSessionImpl(
     conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID)
       .getOrElse(SessionHandle.fromUUID(fSession.getSessionHandle.getIdentifier.toString))
 
-  lazy val sessionContext: SessionContext = {
+  val sessionContext: SessionContext = {
     FlinkEngineUtils.getSessionContext(fSession)
   }
 
+  KDFRegistry.registerAll(sessionContext)
+
   private def setModifiableConfig(key: String, value: String): Unit = {
     try {
       sessionContext.set(key, value)
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala
new file mode 100644
index 000000000..b6729cff3
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.udf
+
+import java.util
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.flink.configuration.Configuration
+import org.apache.flink.table.functions.{ScalarFunction, UserDefinedFunction}
+import org.apache.flink.table.gateway.service.context.SessionContext
+
+import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_NAME, KYUUBI_SESSION_USER_KEY}
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.util.reflect.DynMethods
+
+object KDFRegistry {
+
+  def createKyuubiDefinedFunctions(sessionContext: SessionContext): Array[KyuubiDefinedFunction] = {
+
+    val kyuubiDefinedFunctions = new ArrayBuffer[KyuubiDefinedFunction]
+
+    val flinkConfigMap: util.Map[String, String] = {
+      if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+        DynMethods
+          .builder("getConfigMap")
+          .impl(classOf[SessionContext])
+          .build()
+          .invoke(sessionContext)
+          .asInstanceOf[util.Map[String, String]]
+      } else {
+        DynMethods
+          .builder("getSessionConf")
+          .impl(classOf[SessionContext])
+          .build()
+          .invoke(sessionContext)
+          .asInstanceOf[Configuration]
+          .toMap
+      }
+    }
+
+    val kyuubi_version: KyuubiDefinedFunction = create(
+      "kyuubi_version",
+      new KyuubiVersionFunction(flinkConfigMap),
+      "Return the version of Kyuubi Server",
+      "string",
+      "1.8.0")
+    kyuubiDefinedFunctions += kyuubi_version
+
+    val engineName: KyuubiDefinedFunction = create(
+      "kyuubi_engine_name",
+      new EngineNameFunction(flinkConfigMap),
+      "Return the application name for the associated query engine",
+      "string",
+      "1.8.0")
+    kyuubiDefinedFunctions += engineName
+
+    val engineId: KyuubiDefinedFunction = create(
+      "kyuubi_engine_id",
+      new EngineIdFunction(flinkConfigMap),
+      "Return the application id for the associated query engine",
+      "string",
+      "1.8.0")
+    kyuubiDefinedFunctions += engineId
+
+    val systemUser: KyuubiDefinedFunction = create(
+      "kyuubi_system_user",
+      new SystemUserFunction(flinkConfigMap),
+      "Return the system user name for the associated query engine",
+      "string",
+      "1.8.0")
+    kyuubiDefinedFunctions += systemUser
+
+    val sessionUser: KyuubiDefinedFunction = create(
+      "kyuubi_session_user",
+      new SessionUserFunction(flinkConfigMap),
+      "Return the session username for the associated query engine",
+      "string",
+      "1.8.0")
+    kyuubiDefinedFunctions += sessionUser
+
+    kyuubiDefinedFunctions.toArray
+  }
+
+  def create(
+      name: String,
+      udf: UserDefinedFunction,
+      description: String,
+      returnType: String,
+      since: String): KyuubiDefinedFunction = {
+    val kdf = KyuubiDefinedFunction(name, udf, description, returnType, since)
+    kdf
+  }
+
+  def registerAll(sessionContext: SessionContext): Unit = {
+    val functions = createKyuubiDefinedFunctions(sessionContext)
+    for (func <- functions) {
+      sessionContext.getSessionState.functionCatalog
+        .registerTemporarySystemFunction(func.name, func.udf, true)
+    }
+  }
+}
+
+class KyuubiVersionFunction(confMap: util.Map[String, String]) extends ScalarFunction {
+  def eval(): String = KYUUBI_VERSION
+}
+
+class EngineNameFunction(confMap: util.Map[String, String]) extends ScalarFunction {
+  def eval(): String = {
+    confMap match {
+      case m if m.containsKey("yarn.application.name") => m.get("yarn.application.name")
+      case m if m.containsKey("kubernetes.cluster-id") => m.get("kubernetes.cluster-id")
+      case m => m.getOrDefault(KYUUBI_ENGINE_NAME, "unknown-engine-name")
+    }
+  }
+}
+
+class EngineIdFunction(confMap: util.Map[String, String]) extends ScalarFunction {
+  def eval(): String = {
+    confMap match {
+      case m if m.containsKey("yarn.application.id") => m.get("yarn.application.id")
+      case m if m.containsKey("kubernetes.cluster-id") => m.get("kubernetes.cluster-id")
+      case m => m.getOrDefault("high-availability.cluster-id", "unknown-engine-id")
+    }
+  }
+}
+
+class SystemUserFunction(confMap: util.Map[String, String]) extends ScalarFunction {
+  def eval(): String = Utils.currentUser
+}
+
+class SessionUserFunction(confMap: util.Map[String, String]) extends ScalarFunction {
+  def eval(): String = confMap.getOrDefault(KYUUBI_SESSION_USER_KEY, "unknown-user")
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KyuubiDefinedFunction.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KyuubiDefinedFunction.scala
new file mode 100644
index 000000000..5cfce86d6
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KyuubiDefinedFunction.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.udf
+
+import org.apache.flink.table.functions.UserDefinedFunction
+
+/**
+ * A wrapper for Flink's [[UserDefinedFunction]]
+ *
+ * @param name function name
+ * @param udf user-defined function
+ * @param description function description
+ */
+case class KyuubiDefinedFunction(
+    name: String,
+    udf: UserDefinedFunction,
+    description: String,
+    returnType: String,
+    since: String)
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
index 0f4b38d36..b8f6768cc 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
@@ -19,7 +19,9 @@ package org.apache.kyuubi.engine.flink.operation
 
 import java.util.UUID
 
+import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.flink.{WithDiscoveryFlinkSQLEngine, WithFlinkSQLEngineLocal}
 import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
@@ -33,11 +35,13 @@ class FlinkOperationLocalSuite extends FlinkOperationSuite
   override def withKyuubiConf: Map[String, String] = {
     Map(
       "flink.execution.target" -> "remote",
+      "flink.high-availability.cluster-id" -> "flink-mini-cluster",
       HA_NAMESPACE.key -> namespace,
       HA_ENGINE_REF_ID.key -> engineRefId,
       ENGINE_TYPE.key -> "FLINK_SQL",
       ENGINE_SHARE_LEVEL.key -> shareLevel,
-      OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name) ++ testExtraConf
+      OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name,
+      KYUUBI_SESSION_USER_KEY -> "paullin") ++ testExtraConf
   }
 
   override protected def engineRefId: String = UUID.randomUUID().toString
@@ -48,4 +52,27 @@ class FlinkOperationLocalSuite extends FlinkOperationSuite
 
   def engineType: String = "flink"
 
+  test("execute statement - kyuubi defined functions") {
+    withJdbcStatement() { statement =>
+      var resultSet = statement.executeQuery("select kyuubi_version() as kyuubi_version")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === KYUUBI_VERSION)
+
+      resultSet = statement.executeQuery("select kyuubi_engine_name() as engine_name")
+      assert(resultSet.next())
+      assert(resultSet.getString(1).startsWith(s"kyuubi_${Utils.currentUser}_flink"))
+
+      resultSet = statement.executeQuery("select kyuubi_engine_id() as engine_id")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === "flink-mini-cluster")
+
+      resultSet = statement.executeQuery("select kyuubi_system_user() as `system_user`")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === Utils.currentUser)
+
+      resultSet = statement.executeQuery("select kyuubi_session_user() as `session_user`")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === "paullin")
+    }
+  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
index 931d500f7..25e23d82a 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
@@ -19,7 +19,9 @@ package org.apache.kyuubi.engine.flink.operation
 
 import java.util.UUID
 
+import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_SHARE_LEVEL, ENGINE_TYPE}
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.flink.{WithDiscoveryFlinkSQLEngine, WithFlinkSQLEngineOnYarn}
 import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_NAMESPACE}
@@ -34,7 +36,8 @@ class FlinkOperationOnYarnSuite extends FlinkOperationSuite
       HA_NAMESPACE.key -> namespace,
       HA_ENGINE_REF_ID.key -> engineRefId,
       ENGINE_TYPE.key -> "FLINK_SQL",
-      ENGINE_SHARE_LEVEL.key -> shareLevel) ++ testExtraConf
+      ENGINE_SHARE_LEVEL.key -> shareLevel,
+      KYUUBI_SESSION_USER_KEY -> "paullin") ++ testExtraConf
   }
 
   override protected def engineRefId: String = UUID.randomUUID().toString
@@ -44,4 +47,28 @@ class FlinkOperationOnYarnSuite extends FlinkOperationSuite
   def shareLevel: String = ShareLevel.USER.toString
 
   def engineType: String = "flink"
+
+  test("execute statement - kyuubi defined functions") {
+    withJdbcStatement() { statement =>
+      var resultSet = statement.executeQuery("select kyuubi_version() as kyuubi_version")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === KYUUBI_VERSION)
+
+      resultSet = statement.executeQuery("select kyuubi_engine_name() as engine_name")
+      assert(resultSet.next())
+      assert(resultSet.getString(1).startsWith(s"kyuubi_${Utils.currentUser}_flink"))
+
+      resultSet = statement.executeQuery("select kyuubi_engine_id() as engine_id")
+      assert(resultSet.next())
+      assert(resultSet.getString(1).startsWith("application_"))
+
+      resultSet = statement.executeQuery("select kyuubi_system_user() as `system_user`")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === Utils.currentUser)
+
+      resultSet = statement.executeQuery("select kyuubi_session_user() as `session_user`")
+      assert(resultSet.next())
+      assert(resultSet.getString(1) === "paullin")
+    }
+  }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunction.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunction.scala
index 30228bf72..6bc2e3ddb 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunction.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunction.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.engine.spark.udf
 import org.apache.spark.sql.expressions.UserDefinedFunction
 
 /**
- * A wrapper for Spark' [[UserDefinedFunction]]
+ * A wrapper for Spark's [[UserDefinedFunction]]
  *
  * @param name function name
  * @param udf user-defined function

From 3abc7ce3718eb67f0516df6014d4cc453498e642 Mon Sep 17 00:00:00 2001
From: Deng An <packyande@gmail.com>
Date: Tue, 11 Jul 2023 23:22:59 +0800
Subject: [PATCH 493/760] [KYUUBI #4167] [Authz] Introduce function support in
 PrivilegeBuilder with Serde layers

### _Why are the changes needed?_

to close #4167 which parent issue is #3632
Introduce HiveFunctionPrivilegeBuilder refactored with Serde layers.
The core logic to this is scanning logical plan by transformAllExpressions and build function privileges for UDFs.

As a SQL gateway, Kyuubi also needs to support control user UDF usage behavior.

Therefore, the Spark SQL Authz module needs to add suport for extracting Privilege Objects for UDF usage in queries from a spark logical plans.

In Spark SQL, the hive permanent UDF is wrapped into the following types based on different types:

	Org.apache.spark.sql.live.HiveSimpleUDF
	Org.apache.spark.sql.live.HiveGenericUDF
	Org. apache. park. SQL. live. HiveUDAFFunction
	Org.apache.spark.sql.live.HiveGenericUDTF

Based on the existing serde module, we can define a ScanSpec to extract hive permanent udf expression's info, the most important info is the udf type.

And the udf type decide whether to skip the construction of the privilege object based on whether the function type is a system function or a temporary function, as we only consider the permanent udf uasge.

So we should define QualifiedNameStringFunctionExtractor and FunctionNameFunctionTypeExtractor to achieve the goal. And in `org.apache.kyuubi.plugin.spark.authz.PrivilegesBuilder#buildFunctions`, we define a method `buildFunctions`, use `transformAllExpressions` to gather all hive udf expression, and building input privilege objects for thoese permanent hive udf.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4168 from packyan/feature_introduce_hive_function_privileges_builder.

Closes #4167

1276ac7f6 [Deng An] [KYUUBI #4167] [Authz] Introduce function support in PrivilegeBuilder with Serde layers

Authored-by: Deng An <packyande@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 ...plugin.spark.authz.serde.FunctionExtractor |   1 +
 ...in.spark.authz.serde.FunctionTypeExtractor |   1 +
 .../src/main/resources/scan_command_spec.json |  66 +++++-
 .../spark/authz/PrivilegesBuilder.scala       |  22 ++
 .../spark/authz/serde/CommandSpec.scala       |  16 +-
 .../authz/serde/functionExtractors.scala      |  22 ++
 .../authz/serde/functionTypeExtractors.scala  |  38 +++-
 .../plugin/spark/authz/serde/package.scala    |  18 +-
 .../FunctionPrivilegesBuilderSuite.scala      | 201 ++++++++++++++++++
 .../kyuubi/plugin/spark/authz/gen/Scans.scala |  28 ++-
 10 files changed, 398 insertions(+), 15 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
index 4686bb033..2facb004a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor
@@ -17,4 +17,5 @@
 
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionInfoFunctionExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.FunctionIdentifierFunctionExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.QualifiedNameStringFunctionExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.StringFunctionExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
index 475f47afc..3bb0ee6c2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor
@@ -17,4 +17,5 @@
 
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionInfoFunctionTypeExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.FunctionIdentifierFunctionTypeExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.FunctionNameFunctionTypeExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.TempMarkerFunctionTypeExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
index 9a6aef4ed..3273ccbea 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
@@ -4,26 +4,86 @@
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableTableExtractor",
     "catalogDesc" : null
-  } ]
+  } ],
+  "functionDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.catalog.HiveTableRelation",
   "scanDescs" : [ {
     "fieldName" : "tableMeta",
     "fieldExtractor" : "CatalogTableTableExtractor",
     "catalogDesc" : null
-  } ]
+  } ],
+  "functionDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.LogicalRelation",
   "scanDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableOptionTableExtractor",
     "catalogDesc" : null
-  } ]
+  } ],
+  "functionDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.v2.DataSourceV2Relation",
   "scanDescs" : [ {
     "fieldName" : null,
     "fieldExtractor" : "DataSourceV2RelationTableExtractor",
     "catalogDesc" : null
+  } ],
+  "functionDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveGenericUDF",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveGenericUDTF",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveSimpleUDF",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hive.HiveUDAFFunction",
+  "scanDescs" : [ ],
+  "functionDescs" : [ {
+    "fieldName" : "name",
+    "fieldExtractor" : "QualifiedNameStringFunctionExtractor",
+    "databaseDesc" : null,
+    "functionTypeDesc" : {
+      "fieldName" : "name",
+      "fieldExtractor" : "FunctionNameFunctionTypeExtractor",
+      "skipTypes" : [ "TEMP", "SYSTEM" ]
+    },
+    "isInput" : true
   } ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index eef89deea..b2fa89909 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -211,6 +211,28 @@ object PrivilegesBuilder {
 
   type PrivilegesAndOpType = (Seq[PrivilegeObject], Seq[PrivilegeObject], OperationType)
 
+  /**
+   * Build input  privilege objects from a Spark's LogicalPlan for hive permanent udf
+   *
+   * @param plan      A Spark LogicalPlan
+   */
+  def buildFunctions(
+      plan: LogicalPlan,
+      spark: SparkSession): PrivilegesAndOpType = {
+    val inputObjs = new ArrayBuffer[PrivilegeObject]
+    // TODO: add support for Spark 3.4.x
+    plan transformAllExpressions {
+      case hiveFunction: Expression if isKnownFunction(hiveFunction) =>
+        val functionSpec: ScanSpec = getFunctionSpec(hiveFunction)
+        if (functionSpec.functionDescs.exists(!_.functionTypeDesc.get.skip(hiveFunction, spark))) {
+          functionSpec.functions(hiveFunction).foreach(func =>
+            inputObjs += PrivilegeObject(func))
+        }
+        hiveFunction
+    }
+    (inputObjs, Seq.empty, OperationType.QUERY)
+  }
+
   /**
    * Build input and output privilege objects from a Spark's LogicalPlan
    *
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
index e96ef8cbf..32ad30e21 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import com.fasterxml.jackson.annotation.JsonIgnore
 import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.slf4j.LoggerFactory
 
@@ -94,7 +95,8 @@ case class TableCommandSpec(
 
 case class ScanSpec(
     classname: String,
-    scanDescs: Seq[ScanDesc]) extends CommandSpec {
+    scanDescs: Seq[ScanDesc],
+    functionDescs: Seq[FunctionDesc] = Seq.empty) extends CommandSpec {
   override def opType: String = OperationType.QUERY.toString
   def tables: (LogicalPlan, SparkSession) => Seq[Table] = (plan, spark) => {
     scanDescs.flatMap { td =>
@@ -107,4 +109,16 @@ case class ScanSpec(
       }
     }
   }
+
+  def functions: (Expression) => Seq[Function] = (expr) => {
+    functionDescs.flatMap { fd =>
+      try {
+        Some(fd.extract(expr))
+      } catch {
+        case e: Exception =>
+          LOG.debug(fd.error(expr, e))
+          None
+      }
+    }
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
index 894a6cb8f..729521200 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
@@ -20,12 +20,23 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 import org.apache.spark.sql.catalyst.FunctionIdentifier
 import org.apache.spark.sql.catalyst.expressions.ExpressionInfo
 
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
+
 trait FunctionExtractor extends (AnyRef => Function) with Extractor
 
 object FunctionExtractor {
   val functionExtractors: Map[String, FunctionExtractor] = {
     loadExtractorsToMap[FunctionExtractor]
   }
+
+  def buildFunctionIdentFromQualifiedName(qualifiedName: String): (String, Option[String]) = {
+    val parts: Array[String] = qualifiedName.split("\\.", 2)
+    if (parts.length == 1) {
+      (qualifiedName, None)
+    } else {
+      (parts.last, Some(parts.head))
+    }
+  }
 }
 
 /**
@@ -37,6 +48,17 @@ class StringFunctionExtractor extends FunctionExtractor {
   }
 }
 
+/**
+ *  * String
+ */
+class QualifiedNameStringFunctionExtractor extends FunctionExtractor {
+  override def apply(v1: AnyRef): Function = {
+    val qualifiedName: String = v1.asInstanceOf[String]
+    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
+    Function(database, funcName)
+  }
+}
+
 /**
  * org.apache.spark.sql.catalyst.FunctionIdentifier
  */
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
index b70410342..a2c5b427f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
@@ -19,8 +19,11 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.FunctionIdentifier
+import org.apache.spark.sql.catalyst.catalog.SessionCatalog
 
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType.{FunctionType, PERMANENT, SYSTEM, TEMP}
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.getFunctionType
 
 object FunctionType extends Enumeration {
   type FunctionType = Value
@@ -33,6 +36,19 @@ object FunctionTypeExtractor {
   val functionTypeExtractors: Map[String, FunctionTypeExtractor] = {
     loadExtractorsToMap[FunctionTypeExtractor]
   }
+
+  def getFunctionType(fi: FunctionIdentifier, catalog: SessionCatalog): FunctionType = {
+    fi match {
+      case temp if catalog.isTemporaryFunction(temp) =>
+        TEMP
+      case permanent if catalog.isPersistentFunction(permanent) =>
+        PERMANENT
+      case system if catalog.isRegisteredFunction(system) =>
+        SYSTEM
+      case _ =>
+        TEMP
+    }
+  }
 }
 
 /**
@@ -66,14 +82,18 @@ class FunctionIdentifierFunctionTypeExtractor extends FunctionTypeExtractor {
   override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
     val catalog = spark.sessionState.catalog
     val fi = v1.asInstanceOf[FunctionIdentifier]
-    if (catalog.isTemporaryFunction(fi)) {
-      TEMP
-    } else if (catalog.isPersistentFunction(fi)) {
-      PERMANENT
-    } else if (catalog.isRegisteredFunction(fi)) {
-      SYSTEM
-    } else {
-      TEMP
-    }
+    getFunctionType(fi, catalog)
+  }
+}
+
+/**
+ * String
+ */
+class FunctionNameFunctionTypeExtractor extends FunctionTypeExtractor {
+  override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
+    val catalog: SessionCatalog = spark.sessionState.catalog
+    val qualifiedName: String = v1.asInstanceOf[String]
+    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
+    getFunctionType(FunctionIdentifier(funcName, database), catalog)
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
index c992a231a..6863516b6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
@@ -72,7 +72,8 @@ package object serde {
   final private lazy val SCAN_SPECS: Map[String, ScanSpec] = {
     val is = getClass.getClassLoader.getResourceAsStream("scan_command_spec.json")
     mapper.readValue(is, new TypeReference[Array[ScanSpec]] {})
-      .map(e => (e.classname, e)).toMap
+      .map(e => (e.classname, e))
+      .filter(t => t._2.scanDescs.nonEmpty).toMap
   }
 
   def isKnownScan(r: AnyRef): Boolean = {
@@ -83,6 +84,21 @@ package object serde {
     SCAN_SPECS(r.getClass.getName)
   }
 
+  final private lazy val FUNCTION_SPECS: Map[String, ScanSpec] = {
+    val is = getClass.getClassLoader.getResourceAsStream("scan_command_spec.json")
+    mapper.readValue(is, new TypeReference[Array[ScanSpec]] {})
+      .map(e => (e.classname, e))
+      .filter(t => t._2.functionDescs.nonEmpty).toMap
+  }
+
+  def isKnownFunction(r: AnyRef): Boolean = {
+    FUNCTION_SPECS.contains(r.getClass.getName)
+  }
+
+  def getFunctionSpec(r: AnyRef): ScanSpec = {
+    FUNCTION_SPECS(r.getClass.getName)
+  }
+
   def operationType(plan: LogicalPlan): OperationType = {
     val classname = plan.getClass.getName
     TABLE_COMMAND_SPECS.get(classname)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
new file mode 100644
index 000000000..0f261c2dd
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
@@ -0,0 +1,201 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz
+
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.scalatest.{BeforeAndAfterAll, BeforeAndAfterEach}
+// scalastyle:off
+import org.scalatest.funsuite.AnyFunSuite
+
+import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
+import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isSparkVersionAtMost
+
+abstract class FunctionPrivilegesBuilderSuite extends AnyFunSuite
+  with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
+  // scalastyle:on
+
+  protected def withTable(t: String)(f: String => Unit): Unit = {
+    try {
+      f(t)
+    } finally {
+      sql(s"DROP TABLE IF EXISTS $t")
+    }
+  }
+
+  protected def withDatabase(t: String)(f: String => Unit): Unit = {
+    try {
+      f(t)
+    } finally {
+      sql(s"DROP DATABASE IF EXISTS $t")
+    }
+  }
+
+  protected def checkColumns(plan: LogicalPlan, cols: Seq[String]): Unit = {
+    val (in, out, _) = PrivilegesBuilder.build(plan, spark)
+    assert(out.isEmpty, "Queries shall not check output privileges")
+    val po = in.head
+    assert(po.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assert(po.columns === cols)
+  }
+
+  protected def checkColumns(query: String, cols: Seq[String]): Unit = {
+    checkColumns(sql(query).queryExecution.optimizedPlan, cols)
+  }
+
+  protected val reusedDb: String = getClass.getSimpleName
+  protected val reusedDb2: String = getClass.getSimpleName + "2"
+  protected val reusedTable: String = reusedDb + "." + getClass.getSimpleName
+  protected val reusedTableShort: String = reusedTable.split("\\.").last
+  protected val reusedPartTable: String = reusedTable + "_part"
+  protected val reusedPartTableShort: String = reusedPartTable.split("\\.").last
+  protected val functionCount = 3
+  protected val functionNamePrefix = "kyuubi_fun_"
+  protected val tempFunNamePrefix = "kyuubi_temp_fun_"
+
+  override def beforeAll(): Unit = {
+    sql(s"CREATE DATABASE IF NOT EXISTS $reusedDb")
+    sql(s"CREATE DATABASE IF NOT EXISTS $reusedDb2")
+    sql(s"CREATE TABLE IF NOT EXISTS $reusedTable" +
+      s" (key int, value string) USING parquet")
+    sql(s"CREATE TABLE IF NOT EXISTS $reusedPartTable" +
+      s" (key int, value string, pid string) USING parquet" +
+      s"  PARTITIONED BY(pid)")
+    // scalastyle:off
+    (0 until functionCount).foreach { index =>
+      {
+        sql(s"CREATE FUNCTION ${reusedDb}.${functionNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
+        sql(s"CREATE FUNCTION ${reusedDb2}.${functionNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
+        sql(s"CREATE TEMPORARY FUNCTION ${tempFunNamePrefix}${index} AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFMaskHash'")
+      }
+    }
+    sql(s"USE ${reusedDb2}")
+    // scalastyle:on
+    super.beforeAll()
+  }
+
+  override def afterAll(): Unit = {
+    Seq(reusedTable, reusedPartTable).foreach { t =>
+      sql(s"DROP TABLE IF EXISTS $t")
+    }
+
+    Seq(reusedDb, reusedDb2).foreach { db =>
+      (0 until functionCount).foreach { index =>
+        sql(s"DROP FUNCTION ${db}.${functionNamePrefix}${index}")
+      }
+      sql(s"DROP DATABASE IF EXISTS ${db}")
+    }
+
+    spark.stop()
+    super.afterAll()
+  }
+}
+
+class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite {
+
+  override protected val catalogImpl: String = "hive"
+
+  test("Function Call Query") {
+    assume(isSparkVersionAtMost("3.3"))
+    val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
+      s"kyuubi_fun_2(value), " +
+      s"${reusedDb}.kyuubi_fun_0(value), " +
+      s"kyuubi_temp_fun_1('data2')," +
+      s"kyuubi_temp_fun_2(key) " +
+      s"FROM $reusedTable").queryExecution.analyzed
+    val (inputs, _, _) = PrivilegesBuilder.buildFunctions(plan, spark)
+    assert(inputs.size === 3)
+    inputs.foreach { po =>
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+      assert(po.dbname startsWith reusedDb.toLowerCase)
+      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+      val accessType = ranger.AccessType(po, QUERY, isInput = true)
+      assert(accessType === AccessType.SELECT)
+    }
+  }
+
+  test("Function Call Query with Quoted Name") {
+    assume(isSparkVersionAtMost("3.3"))
+    val plan = sql(s"SELECT `kyuubi_fun_1`('data'), " +
+      s"`kyuubi_fun_2`(value), " +
+      s"`${reusedDb}`.`kyuubi_fun_0`(value), " +
+      s"`kyuubi_temp_fun_1`('data2')," +
+      s"`kyuubi_temp_fun_2`(key) " +
+      s"FROM $reusedTable").queryExecution.analyzed
+    val (inputs, _, _) = PrivilegesBuilder.buildFunctions(plan, spark)
+    assert(inputs.size === 3)
+    inputs.foreach { po =>
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+      assert(po.dbname startsWith reusedDb.toLowerCase)
+      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+      val accessType = ranger.AccessType(po, QUERY, isInput = true)
+      assert(accessType === AccessType.SELECT)
+    }
+  }
+
+  test("Simple Function Call Query") {
+    assume(isSparkVersionAtMost("3.3"))
+    val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
+      s"kyuubi_fun_0('value'), " +
+      s"${reusedDb}.kyuubi_fun_0('value'), " +
+      s"${reusedDb}.kyuubi_fun_2('value'), " +
+      s"kyuubi_temp_fun_1('data2')," +
+      s"kyuubi_temp_fun_2('key') ").queryExecution.analyzed
+    val (inputs, _, _) = PrivilegesBuilder.buildFunctions(plan, spark)
+    assert(inputs.size === 4)
+    inputs.foreach { po =>
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+      assert(po.dbname startsWith reusedDb.toLowerCase)
+      assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+      val accessType = ranger.AccessType(po, QUERY, isInput = true)
+      assert(accessType === AccessType.SELECT)
+    }
+  }
+
+  test("Function Call In CAST Command") {
+    assume(isSparkVersionAtMost("3.3"))
+    val table = "castTable"
+    withTable(table) { table =>
+      val plan = sql(s"CREATE TABLE ${table} " +
+        s"SELECT kyuubi_fun_1('data') col1, " +
+        s"${reusedDb2}.kyuubi_fun_2(value) col2, " +
+        s"kyuubi_fun_0(value) col3, " +
+        s"kyuubi_fun_2('value') col4, " +
+        s"${reusedDb}.kyuubi_fun_2('value') col5, " +
+        s"${reusedDb}.kyuubi_fun_1('value') col6, " +
+        s"kyuubi_temp_fun_1('data2') col7, " +
+        s"kyuubi_temp_fun_2(key) col8 " +
+        s"FROM ${reusedTable} WHERE ${reusedDb2}.kyuubi_fun_1(key)='123'").queryExecution.analyzed
+      val (inputs, _, _) = PrivilegesBuilder.buildFunctions(plan, spark)
+      assert(inputs.size === 7)
+      inputs.foreach { po =>
+        assert(po.actionType === PrivilegeObjectActionType.OTHER)
+        assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+        assert(po.dbname startsWith reusedDb.toLowerCase)
+        assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+        val accessType = ranger.AccessType(po, QUERY, isInput = true)
+        assert(accessType === AccessType.SELECT)
+      }
+    }
+  }
+
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index 7bd8260bb..b2c1868a2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.plugin.spark.authz.gen
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType._
 
 object Scans {
 
@@ -57,9 +58,34 @@ object Scans {
     ScanSpec(r, Seq(tableDesc))
   }
 
+  val HiveSimpleUDF = {
+    ScanSpec(
+      "org.apache.spark.sql.hive.HiveSimpleUDF",
+      Seq.empty,
+      Seq(FunctionDesc(
+        "name",
+        classOf[QualifiedNameStringFunctionExtractor],
+        functionTypeDesc = Some(FunctionTypeDesc(
+          "name",
+          classOf[FunctionNameFunctionTypeExtractor],
+          Seq(TEMP, SYSTEM))),
+        isInput = true)))
+  }
+
+  val HiveGenericUDF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDF")
+
+  val HiveUDAFFunction = HiveSimpleUDF.copy(classname =
+    "org.apache.spark.sql.hive.HiveUDAFFunction")
+
+  val HiveGenericUDTF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDTF")
+
   val data: Array[ScanSpec] = Array(
     HiveTableRelation,
     LogicalRelation,
     DataSourceV2Relation,
-    PermanentViewMarker)
+    PermanentViewMarker,
+    HiveSimpleUDF,
+    HiveGenericUDF,
+    HiveUDAFFunction,
+    HiveGenericUDTF)
 }

From 84748fce1168d6689154c9b9cf138c78dfc9b687 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Wed, 12 Jul 2023 11:23:13 +0800
Subject: [PATCH 494/760] [KYUUBI #5035] Spark engine session page display
 session end time and duration

### _Why are the changes needed?_
close #5035

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
![image](https://github.com/apache/kyuubi/assets/18713676/502b489f-6cbd-4510-a89c-b7816b3e15bf)
- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5038 from lsm1/features/kyuubi_5035.

Closes #5035

9ee06f113 [senmiaoliu] fix style
c68fd65ab [senmiaoliu] fix style
5d3d86972 [senmiaoliu] show session end time

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../org/apache/spark/ui/EngineSessionPage.scala      | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala
index 8ae830a84..cdfc6d313 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/ui/EngineSessionPage.scala
@@ -78,8 +78,18 @@ case class EngineSessionPage(parent: EngineTab)
         <h4>
           User {sessionStat.username},
           IP {sessionStat.ip},
-          Server {sessionStat.serverIp},
+          Server {sessionStat.serverIp}
+        </h4> ++
+        <h4>
           Session created at {formatDate(sessionStat.startTime)},
+          {
+          if (sessionStat.endTime > 0) {
+            s"""
+               | ended at ${formatDate(sessionStat.endTime)},
+               | after ${formatDuration(sessionStat.duration)}.
+               |""".stripMargin
+          }
+        }
           Total run {sessionStat.totalOperations} SQL
         </h4> ++
         sessionPropertiesTable ++

From a8f134e3c6fd9580a2d111952cfe7f80e6ea373d Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Thu, 13 Jul 2023 12:08:31 +0800
Subject: [PATCH 495/760] [KYUUBI #5030] Support get query id in Spark engine

### _Why are the changes needed?_

This PR aims to support `getQueryId` in Spark engine. It get `sparl.sql.execution.id` by adding a Listener.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5037 from Yikf/spark-queryid.

Closes #5030

9f2b5a3cb [yikaifei] Support get query id in Spark engine

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/operation/SparkSQLOperationManager.scala       | 2 +-
 .../engine/spark/operation/SparkOperationSuite.scala     | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
index cd9302cbf..ab0828746 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkSQLOperationManager.scala
@@ -231,6 +231,6 @@ class SparkSQLOperationManager private (name: String) extends OperationManager(n
   }
 
   override def getQueryId(operation: Operation): String = {
-    throw KyuubiSQLException.featureNotSupported()
+    operation.getHandle.identifier.toString
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
index f5d265422..adab0231d 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkOperationSuite.scala
@@ -35,6 +35,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
 import org.apache.kyuubi.engine.spark.schema.SchemaHelper.TIMESTAMP_NTZ
 import org.apache.kyuubi.engine.spark.util.SparkCatalogUtils
+import org.apache.kyuubi.jdbc.hive.KyuubiStatement
 import org.apache.kyuubi.operation.{HiveMetadataTests, SparkQueryTests}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
@@ -728,6 +729,14 @@ class SparkOperationSuite extends WithSparkSQLEngine with HiveMetadataTests with
     }
   }
 
+  test("KYUUBI #5030: Support get query id in Spark engine") {
+    withJdbcStatement() { stmt =>
+      stmt.executeQuery("SELECT 1")
+      val queryId = stmt.asInstanceOf[KyuubiStatement].getQueryId
+      assert(queryId != null && queryId.nonEmpty)
+    }
+  }
+
   private def whenMetaStoreURIsSetTo(uris: String)(func: String => Unit): Unit = {
     val conf = spark.sparkContext.hadoopConfiguration
     val origin = conf.get("hive.metastore.uris", "")

From da4af2aee7cd9d645d25227f836737b5fad4973f Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Thu, 13 Jul 2023 12:09:41 +0800
Subject: [PATCH 496/760] [KYUUBI #5045] Initialize
 EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH before using

### _Why are the changes needed?_
I came cross an issue that is the the value of EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH is 0 when the param is accessed in generateExecutorPodNamePrefixForK8s method.

I tried to move the EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH ahead of generateExecutorPodNamePrefixForK8s method. Then, I found this issue was gone.

So is it necessary to declare the EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH variable before the method definition?

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5045 from zhaohehuhu/Improvement.

Closes #5045

c74732f0c [hezhao2] recover the blank line
99aa14b0c [hezhao2] fix the code style
29929a2cb [hezhao2]  declare EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH param before generateExecutorPodNamePrefixForK8s method

Authored-by: hezhao2 <hezhao2@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/spark/SparkSQLEngine.scala   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index d3783b4fc..bdbc7c08f 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -165,6 +165,10 @@ object SparkSQLEngine extends Logging {
 
   private val sparkSessionCreated = new AtomicBoolean(false)
 
+  // Kubernetes pod name max length - '-exec-' - Int.MAX_VALUE.length
+  // 253 - 10 - 6
+  val EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH = 237
+
   SignalRegister.registerLogger(logger)
   setupConf()
 
@@ -391,8 +395,4 @@ object SparkSQLEngine extends Logging {
       s"kyuubi-${UUID.randomUUID()}"
     }
   }
-
-  // Kubernetes pod name max length - '-exec-' - Int.MAX_VALUE.length
-  // 253 - 10 - 6
-  val EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH = 237
 }

From 66e460dfe2c9e3ff8aca489df982e611bb1c9605 Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Thu, 13 Jul 2023 13:46:31 +0800
Subject: [PATCH 497/760] [KYUUBI #5049] [DOCS] PyHive Kerberos usage doc

### _Why are the changes needed?_

<img width="795" alt="image" src="https://github.com/apache/kyuubi/assets/3898450/2888dd28-a27f-491e-8552-72f5646cdb5f">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5049 from cxzl25/pyhive_kerberos.

Closes #5049

6c8b0e62b [sychen] pyhive kerberos usage doc

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/python/pyhive.md | 40 ++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/docs/client/python/pyhive.md b/docs/client/python/pyhive.md
index 444ec1e81..b5e57ea2e 100644
--- a/docs/client/python/pyhive.md
+++ b/docs/client/python/pyhive.md
@@ -68,3 +68,43 @@ conn = hive.Connection(host=kyuubi_host, port=10009,
                        username='user', password='password', auth='CUSTOM')
 ```
 
+Use Kerberos to connect to Kyuubi.
+
+`kerberos_service_name` must be the name of the service that started the Kyuubi server, usually the prefix of the first slash of `kyuubi.kinit.principal`.
+
+Note that PyHive does not support passing in `principal`, it splices in part of `principal` with `kerberos_service_name` and `kyuubi_host`.
+
+```python
+# open connection
+conn = hive.Connection(host=kyuubi_host, port=10009, auth="KERBEROS", kerberos_service_name="kyuubi")
+```
+
+If you encounter the following errors, you need to install related packages.
+
+```
+thrift.transport.TTransport.TTransportException: Could not start SASL: b'Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found'
+```
+
+```bash
+yum install -y cyrus-sasl-plain cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5
+```
+
+Note that PyHive does not support the connection method based on zookeeper HA, you can connect to zookeeper to get the service address via [Kazoo](https://pypi.org/project/kazoo/).
+
+Code reference [https://stackoverflow.com/a/73326589](https://stackoverflow.com/a/73326589)
+
+```python
+from pyhive import hive
+import random
+from kazoo.client import KazooClient
+zk = KazooClient(hosts='kyuubi1.xx.com:2181,kyuubi2.xx.com:2181,kyuubi3.xx.com:2181', read_only=True)
+zk.start()
+servers = [kyuubi_server.split(';')[0].split('=')[1].split(':') 
+           for kyuubi_server 
+           in zk.get_children(path='kyuubi')]
+kyuubi_host, kyuubi_port = random.choice(servers)
+zk.stop()
+print(kyuubi_host, kyuubi_port)
+conn = hive.Connection(host=kyuubi_host, port=kyuubi_port, auth="KERBEROS", kerberos_service_name="kyuubi")
+```
+

From d1bcb4feb6b8617d772b1a333685655248b667c5 Mon Sep 17 00:00:00 2001
From: zhangliang <zhangliang@trip.com>
Date: Thu, 13 Jul 2023 13:47:49 +0800
Subject: [PATCH 498/760] [KYUUBI #5036] Fix Operation.close not update
 complete timestamp

### _Why are the changes needed?_
To fix #5036, Operation.close() (maybe caused by query timeout) does not update operation complete time.

User may find it confusing and think the query is still running because each refresh on UI will show a different timestamp

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5042 from CavemanIV/kyuubi-5036.

Closes #5036

2e68c0b54 [zhangliang] [KYUUBI-5036] fix Operation.close not update complete timestamp

Authored-by: zhangliang <zhangliang@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/operation/AbstractOperation.scala  |  2 +-
 .../operation/OperationStateSuite.scala       | 27 ++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
index 5264ddebd..94f53111d 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
@@ -115,7 +115,7 @@ abstract class AbstractOperation(session: Session) extends Operation with Loggin
         info(s"Processing ${session.user}'s query[$statementId]: " +
           s"${state.name} -> ${newState.name}, statement:\n$redactedStatement")
         startTime = System.currentTimeMillis()
-      case ERROR | FINISHED | CANCELED | TIMEOUT =>
+      case ERROR | FINISHED | CANCELED | TIMEOUT | CLOSED =>
         completedTime = System.currentTimeMillis()
         val timeCost = s", time taken: ${(completedTime - startTime) / 1000.0} seconds"
         info(s"Processing ${session.user}'s query[$statementId]: " +
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/OperationStateSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/OperationStateSuite.scala
index d35ea246f..86c7e5e80 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/OperationStateSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/OperationStateSuite.scala
@@ -17,11 +17,13 @@
 
 package org.apache.kyuubi.operation
 
-import org.apache.hive.service.rpc.thrift.TOperationState
+import org.apache.hive.service.rpc.thrift.{TOperationState, TProtocolVersion}
 import org.apache.hive.service.rpc.thrift.TOperationState._
 
 import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException}
+import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.operation.OperationState._
+import org.apache.kyuubi.session.NoopSessionManager
 
 class OperationStateSuite extends KyuubiFunSuite {
   test("toTOperationState") {
@@ -79,4 +81,27 @@ class OperationStateSuite extends KyuubiFunSuite {
       assert(!OperationState.isTerminal(state))
     }
   }
+
+  test("kyuubi-5036 operation close should set completeTime") {
+    val sessionManager = new NoopSessionManager
+    sessionManager.initialize(KyuubiConf())
+    val sHandle = sessionManager.openSession(
+      TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
+      "kyuubi",
+      "passwd",
+      "localhost",
+      Map.empty)
+    val session = sessionManager.getSession(sHandle)
+
+    val operation = new NoopOperation(session)
+    assert(operation.getStatus.completed == 0)
+
+    operation.close()
+    val afterClose1 = operation.getStatus
+    assert(afterClose1.state == OperationState.CLOSED)
+    assert(afterClose1.completed != 0)
+    Thread.sleep(1000)
+    val afterClose2 = operation.getStatus
+    assert(afterClose1.completed == afterClose2.completed)
+  }
 }

From 745e3a4d658b314b6fec422665571b6a93cb4f08 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 15 Jul 2023 13:16:11 +0800
Subject: [PATCH 499/760] [KYUUBI #5056] [REST] Return more helpful error
 message to http client

### _Why are the changes needed?_

Return mode helpful information to http client side.

Before this pr, the exception stack is only visible in server side log.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5056 from turboFei/info_err.

Closes #5056

cdda80557 [fwang12] refine
2da2b2072 [fwang12] pretty print

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../apache/kyuubi/server/api/ApiUtils.scala   |  9 +++-
 .../server/api/v1/OperationsResource.scala    | 18 +++-----
 .../server/api/v1/SessionsResource.scala      | 43 ++++++++-----------
 3 files changed, 31 insertions(+), 39 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
index 6b01def5c..5aaf4d778 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/ApiUtils.scala
@@ -19,14 +19,14 @@ package org.apache.kyuubi.server.api
 
 import scala.collection.JavaConverters._
 
-import org.apache.kyuubi.Utils
+import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.client.api.v1.dto.{OperationData, ServerData, SessionData}
 import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 import org.apache.kyuubi.operation.KyuubiOperation
 import org.apache.kyuubi.session.KyuubiSession
 
-object ApiUtils {
+object ApiUtils extends Logging {
 
   def sessionData(session: KyuubiSession): SessionData = {
     val sessionEvent = session.getSessionEvent
@@ -71,4 +71,9 @@ object ApiUtils {
       nodeInfo.attributes.asJava,
       "Running")
   }
+
+  def logAndRefineErrorMsg(errorMsg: String, throwable: Throwable): String = {
+    error(errorMsg, throwable)
+    s"$errorMsg: ${Utils.prettyPrint(throwable)}"
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index b79ee27e3..ae5feea52 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -32,12 +32,13 @@ import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.events.KyuubiOperationEvent
 import org.apache.kyuubi.operation.{FetchOrientation, KyuubiOperation, OperationHandle}
-import org.apache.kyuubi.server.api.ApiRequestContext
+import org.apache.kyuubi.server.api.{ApiRequestContext, ApiUtils}
 
 @Tag(name = "Operation")
 @Produces(Array(MediaType.APPLICATION_JSON))
 @Consumes(Array(MediaType.APPLICATION_JSON))
 private[v1] class OperationsResource extends ApiRequestContext with Logging {
+  import ApiUtils.logAndRefineErrorMsg
 
   @ApiResponse(
     responseCode = "200",
@@ -57,8 +58,7 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting an operation event"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -84,8 +84,7 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
       case NonFatal(e) =>
         val errorMsg =
           s"Error applying ${request.getAction} for operation handle $operationHandleStr"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -124,8 +123,7 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = s"Error getting result set metadata for operation handle $operationHandleStr"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -158,8 +156,7 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
         throw e
       case NonFatal(e) =>
         val errorMsg = s"Error getting operation log for operation handle $operationHandleStr"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -240,8 +237,7 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
         throw new BadRequestException(e.getMessage)
       case NonFatal(e) =>
         val errorMsg = s"Error getting result row set for operation handle $operationHandleStr"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
index bc480c027..10a557867 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/SessionsResource.scala
@@ -42,6 +42,8 @@ import org.apache.kyuubi.session.{KyuubiSession, SessionHandle}
 @Produces(Array(MediaType.APPLICATION_JSON))
 @Consumes(Array(MediaType.APPLICATION_JSON))
 private[v1] class SessionsResource extends ApiRequestContext with Logging {
+  import ApiUtils.logAndRefineErrorMsg
+
   implicit def toSessionHandle(str: String): SessionHandle = SessionHandle.fromUUID(str)
   private def sessionManager = fe.be.sessionManager
 
@@ -89,8 +91,8 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
             .build).get
     } catch {
       case NonFatal(e) =>
-        error(s"Invalid $sessionHandleStr", e)
-        throw new NotFoundException(s"Invalid $sessionHandleStr")
+        val errorMsg = s"Invalid $sessionHandleStr"
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -112,8 +114,8 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
       new InfoDetail(info.toString, infoValue.getStringValue)
     } catch {
       case NonFatal(e) =>
-        error(s"Unrecognized GetInfoType value: $infoType", e)
-        throw new NotFoundException(s"Unrecognized GetInfoType value: $infoType")
+        val errorMsg = s"Unrecognized GetInfoType value: $infoType"
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -198,8 +200,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error executing statement"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -217,8 +218,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting type information"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -236,8 +236,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting catalogs"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -261,8 +260,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting schemas"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -287,8 +285,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting tables"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -306,8 +303,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting table types"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -332,8 +328,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting columns"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -357,8 +352,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting functions"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -382,8 +376,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting primary keys"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -410,8 +403,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting cross reference"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 
@@ -437,8 +429,7 @@ private[v1] class SessionsResource extends ApiRequestContext with Logging {
     } catch {
       case NonFatal(e) =>
         val errorMsg = "Error getting the list of all type operations belong to session"
-        error(errorMsg, e)
-        throw new NotFoundException(errorMsg)
+        throw new NotFoundException(logAndRefineErrorMsg(errorMsg, e))
     }
   }
 }

From c224a63b1cf399da18df58695bc075448b4b4c8d Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Sat, 15 Jul 2023 13:17:05 +0800
Subject: [PATCH 500/760] [KYUUBI #5054] Refine the kyuubi client version
 properties file to prevent conflicts

### _Why are the changes needed?_

To prevent conflicts in case that other dependency also has a resource named `version.properties`.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5054 from turboFei/version_conflicts.

Closes #5054

fe1333dbe [fwang12] prevent version properties conflicts

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java     | 5 ++++-
 .../resources/{ => org/apache/kyuubi}/version.properties     | 0
 .../java/org/apache/kyuubi/client/util/VersionUtils.java     | 5 ++++-
 .../resources/{ => org/apache/kyuubi}/version.properties     | 0
 4 files changed, 8 insertions(+), 2 deletions(-)
 rename kyuubi-hive-jdbc/src/main/resources/{ => org/apache/kyuubi}/version.properties (100%)
 rename kyuubi-rest-client/src/main/resources/{ => org/apache/kyuubi}/version.properties (100%)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
index ef723ea30..d0167e3e4 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
@@ -551,7 +551,10 @@ public static synchronized String getVersion() {
     if (KYUUBI_CLIENT_VERSION == null) {
       try {
         Properties prop = new Properties();
-        prop.load(Utils.class.getClassLoader().getResourceAsStream("version.properties"));
+        prop.load(
+            Utils.class
+                .getClassLoader()
+                .getResourceAsStream("org/apache/kyuubi/version.properties"));
         KYUUBI_CLIENT_VERSION = prop.getProperty(KYUUBI_CLIENT_VERSION_KEY, "unknown");
       } catch (Exception e) {
         LOG.error("Error getting kyuubi client version", e);
diff --git a/kyuubi-hive-jdbc/src/main/resources/version.properties b/kyuubi-hive-jdbc/src/main/resources/org/apache/kyuubi/version.properties
similarity index 100%
rename from kyuubi-hive-jdbc/src/main/resources/version.properties
rename to kyuubi-hive-jdbc/src/main/resources/org/apache/kyuubi/version.properties
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java
index bcabca5b9..1f8cedf4b 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/util/VersionUtils.java
@@ -31,7 +31,10 @@ public static synchronized String getVersion() {
     if (KYUUBI_CLIENT_VERSION == null) {
       try {
         Properties prop = new Properties();
-        prop.load(VersionUtils.class.getClassLoader().getResourceAsStream("version.properties"));
+        prop.load(
+            VersionUtils.class
+                .getClassLoader()
+                .getResourceAsStream("org/apache/kyuubi/version.properties"));
         KYUUBI_CLIENT_VERSION = prop.getProperty(KYUUBI_CLIENT_VERSION_KEY, "unknown");
       } catch (Exception e) {
         LOG.error("Error getting kyuubi client version", e);
diff --git a/kyuubi-rest-client/src/main/resources/version.properties b/kyuubi-rest-client/src/main/resources/org/apache/kyuubi/version.properties
similarity index 100%
rename from kyuubi-rest-client/src/main/resources/version.properties
rename to kyuubi-rest-client/src/main/resources/org/apache/kyuubi/version.properties

From f49182318bdaddf21c644812ba4255a2e5dda2ed Mon Sep 17 00:00:00 2001
From: remzi <13716567376yh@gmail.com>
Date: Sat, 15 Jul 2023 13:17:49 +0800
Subject: [PATCH 501/760] [KYUUBI #5050] Add admin checking in `getProxyUser`

### _Why are the changes needed?_

Closes #5050.
Check the realUser is an admin or not before verifying proxy access.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5051 from HaoYang670/5050_check_admin_in_get_proxy_user.

Closes #5050

cdabd58d2 [remzi] add admin check

Authored-by: remzi <13716567376yh@gmail.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/server/KyuubiRestFrontendService.scala  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 5b6eb0408..fc9080e66 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -235,7 +235,9 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
       realUser
     } else {
       sessionConf.get(KyuubiAuthenticationFactory.HS2_PROXY_USER).map { proxyUser =>
-        KyuubiAuthenticationFactory.verifyProxyAccess(realUser, proxyUser, ipAddress, hadoopConf)
+        if (!getConf.get(KyuubiConf.SERVER_ADMINISTRATORS).contains(realUser)) {
+          KyuubiAuthenticationFactory.verifyProxyAccess(realUser, proxyUser, ipAddress, hadoopConf)
+        }
         proxyUser
       }.getOrElse(realUser)
     }

From ffd8852b608522ec3c5e0458b66a67787f778089 Mon Sep 17 00:00:00 2001
From: Xieming LI <risyomei@gmail.com>
Date: Sun, 16 Jul 2023 23:00:16 +0800
Subject: [PATCH 502/760] [KYUUBI #5002] Fail the engine fast when no incoming
 connection in CONNECTION mode

### _Why are the changes needed?_
Please refer to #4997

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate
1. connect to KyuubiServer with beeline
2. Confirm the Application is ACCEPTed in ResourceManager, Restart KyuubiServer
3. Confirmed that Engine was terminated shortly
```
23/06/28 10:44:59 INFO storage.BlockManagerMaster: Removed 1 successfully in removeExecutor
23/06/28 10:45:00 INFO spark.SparkSQLEngine: Current open session is 0
23/06/28 10:45:00 ERROR spark.SparkSQLEngine: Spark engine has been terminated because no incoming connection for more than 60000 ms, deregistering from engine discovery space.
23/06/28 10:45:00 WARN zookeeper.ZookeeperDiscoveryClient: This Kyuubi instance lniuhpi1616.nhnjp.ism:46588 is now de-registered from ZooKeeper. The server will be shut down after the last client session completes.
23/06/28 10:45:00 INFO spark.SparkSQLEngine: Service: [SparkTBinaryFrontend] is stopping.
```

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5002 from risyomei/feature/failfast.

Closes #5002

402d6c01f [Xieming LI] Changed runInNewThread based on comment
58f11e157 [Xieming LI] Changed runInNewThread to non-blocking
c6bb02d6a [Xieming LI] Fixed Unit Test
168d996d0 [Xieming LI] Start countdown after engine is started
48ee819f2 [Xieming LI] Fixed a typo
a8d305942 [Xieming LI] Using runInNewThread ported from Spark
21f0671df [Xieming LI] Updated document
a7d5d1082 [Xieming LI] Changed the default value to turn off this feature
437be512d [Xieming LI] Trigger CI to test agagin
42a847e84 [Xieming LI] Added Configuration for timeout, changed to ThreadPoolExecutor
639bd5239 [Xieming LI] Fail the engine fast when no incoming connection in CONNECTION mode

Authored-by: Xieming LI <risyomei@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  1 +
 .../kyuubi/engine/spark/SparkSQLEngine.scala  | 28 +++++++++++++++++++
 .../EtcdShareLevelSparkEngineSuite.scala      |  5 ++--
 .../ZookeeperShareLevelSparkEngineSuite.scala |  2 ++
 .../engine/spark/session/SessionSuite.scala   |  4 ++-
 .../org/apache/kyuubi/config/KyuubiConf.scala | 10 +++++++
 .../kyuubi/util/NamedThreadFactory.scala      |  2 +-
 .../org/apache/kyuubi/util/ThreadUtils.scala  | 14 ++++++++++
 .../KyuubiOperationPerConnectionSuite.scala   |  1 +
 9 files changed, 62 insertions(+), 5 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index ca29592e2..2d2c589ae 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -413,6 +413,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.session.engine.open.retry.wait                | PT10S                   | How long to wait before retrying to open the engine after failure.                                                                                                                                                                                                                                                                                                                                                       | duration | 1.7.0 |
 | kyuubi.session.engine.share.level                    | USER                    | (deprecated) - Using kyuubi.engine.share.level instead                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.0.0 |
 | kyuubi.session.engine.spark.main.resource            | &lt;undefined&gt;       | The package used to create Spark SQL engine remote application. If it is undefined, Kyuubi will use the default                                                                                                                                                                                                                                                                                                          | string   | 1.0.0 |
+| kyuubi.session.engine.spark.max.initial.wait         | PT1M                    | Max wait time for the initial connection to Spark engine. The engine will self-terminate no new incoming connection is established within this time. This setting only applies at the CONNECTION share level. 0 or negative means not to self-terminate.                                                                                                                                                                 | duration | 1.8.0 |
 | kyuubi.session.engine.spark.max.lifetime             | PT0S                    | Max lifetime for Spark engine, the engine will self-terminate when it reaches the end of life. 0 or negative means not to self-terminate.                                                                                                                                                                                                                                                                                | duration | 1.6.0 |
 | kyuubi.session.engine.spark.progress.timeFormat      | yyyy-MM-dd HH:mm:ss.SSS | The time format of the progress bar                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.6.0 |
 | kyuubi.session.engine.spark.progress.update.interval | PT1S                    | Update period of progress bar.                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.6.0 |
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index bdbc7c08f..b94367e9e 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -37,6 +37,7 @@ import org.apache.kyuubi.Utils._
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_ENGINE_SUBMIT_TIME_KEY
+import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.spark.SparkSQLEngine.{countDownLatch, currentEngine}
 import org.apache.kyuubi.engine.spark.events.{EngineEvent, EngineEventsStore, SparkEventHandlerRegister}
 import org.apache.kyuubi.engine.spark.session.SparkSessionImpl
@@ -80,6 +81,12 @@ case class SparkSQLEngine(spark: SparkSession) extends Serverable("SparkSQLEngin
       assert(currentEngine.isDefined)
       currentEngine.get.stop()
     })
+
+    val maxInitTimeout = conf.get(ENGINE_SPARK_MAX_INITIAL_WAIT)
+    if (conf.get(ENGINE_SHARE_LEVEL) == ShareLevel.CONNECTION.toString &&
+      maxInitTimeout > 0) {
+      startFastFailChecker(maxInitTimeout)
+    }
   }
 
   override def stop(): Unit = if (shutdown.compareAndSet(false, true)) {
@@ -114,6 +121,27 @@ case class SparkSQLEngine(spark: SparkSession) extends Serverable("SparkSQLEngin
     stopEngineExec.get.execute(stopTask)
   }
 
+  private[kyuubi] def startFastFailChecker(maxTimeout: Long): Unit = {
+    val startedTime = System.currentTimeMillis()
+    Utils.tryLogNonFatalError {
+      ThreadUtils.runInNewThread("spark-engine-failfast-checker") {
+        if (!shutdown.get) {
+          while (backendService.sessionManager.getOpenSessionCount <= 0 &&
+            System.currentTimeMillis() - startedTime < maxTimeout) {
+            info(s"Waiting for the initial connection")
+            Thread.sleep(Duration(10, TimeUnit.SECONDS).toMillis)
+          }
+          if (backendService.sessionManager.getOpenSessionCount <= 0) {
+            error(s"Spark engine has been terminated because no incoming connection" +
+              s" for more than $maxTimeout ms, de-registering from engine discovery space.")
+            assert(currentEngine.isDefined)
+            currentEngine.get.stop()
+          }
+        }
+      }
+    }
+  }
+
   override protected def stopServer(): Unit = {
     countDownLatch.countDown()
   }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/EtcdShareLevelSparkEngineSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/EtcdShareLevelSparkEngineSuite.scala
index 46dc3b54c..727b232e3 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/EtcdShareLevelSparkEngineSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/EtcdShareLevelSparkEngineSuite.scala
@@ -17,9 +17,7 @@
 
 package org.apache.kyuubi.engine.spark
 
-import org.apache.kyuubi.config.KyuubiConf.ENGINE_CHECK_INTERVAL
-import org.apache.kyuubi.config.KyuubiConf.ENGINE_SHARE_LEVEL
-import org.apache.kyuubi.config.KyuubiConf.ENGINE_SPARK_MAX_LIFETIME
+import org.apache.kyuubi.config.KyuubiConf.{ENGINE_CHECK_INTERVAL, ENGINE_SHARE_LEVEL, ENGINE_SPARK_MAX_INITIAL_WAIT, ENGINE_SPARK_MAX_LIFETIME}
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.ShareLevel.ShareLevel
 
@@ -30,6 +28,7 @@ trait EtcdShareLevelSparkEngineSuite
       etcdConf ++ Map(
         ENGINE_SHARE_LEVEL.key -> shareLevel.toString,
         ENGINE_SPARK_MAX_LIFETIME.key -> "PT20s",
+        ENGINE_SPARK_MAX_INITIAL_WAIT.key -> "0",
         ENGINE_CHECK_INTERVAL.key -> "PT5s")
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/ZookeeperShareLevelSparkEngineSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/ZookeeperShareLevelSparkEngineSuite.scala
index 4ef96e61a..f24abb36c 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/ZookeeperShareLevelSparkEngineSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/ZookeeperShareLevelSparkEngineSuite.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.engine.spark
 
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_CHECK_INTERVAL
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_SHARE_LEVEL
+import org.apache.kyuubi.config.KyuubiConf.ENGINE_SPARK_MAX_INITIAL_WAIT
 import org.apache.kyuubi.config.KyuubiConf.ENGINE_SPARK_MAX_LIFETIME
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.ShareLevel.ShareLevel
@@ -30,6 +31,7 @@ trait ZookeeperShareLevelSparkEngineSuite
       zookeeperConf ++ Map(
         ENGINE_SHARE_LEVEL.key -> shareLevel.toString,
         ENGINE_SPARK_MAX_LIFETIME.key -> "PT20s",
+        ENGINE_SPARK_MAX_INITIAL_WAIT.key -> "0",
         ENGINE_CHECK_INTERVAL.key -> "PT5s")
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/session/SessionSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/session/SessionSuite.scala
index 5e0b6c28e..b89c560b3 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/session/SessionSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/session/SessionSuite.scala
@@ -27,7 +27,9 @@ import org.apache.kyuubi.service.ServiceState._
 
 class SessionSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
   override def withKyuubiConf: Map[String, String] = {
-    Map(ENGINE_SHARE_LEVEL.key -> "CONNECTION")
+    Map(
+      ENGINE_SHARE_LEVEL.key -> "CONNECTION",
+      ENGINE_SPARK_MAX_INITIAL_WAIT.key -> "0")
   }
 
   override protected def beforeEach(): Unit = {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 669f72da0..b8a75d27f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1282,6 +1282,16 @@ object KyuubiConf {
       .timeConf
       .createWithDefault(0)
 
+  val ENGINE_SPARK_MAX_INITIAL_WAIT: ConfigEntry[Long] =
+    buildConf("kyuubi.session.engine.spark.max.initial.wait")
+      .doc("Max wait time for the initial connection to Spark engine. The engine will" +
+        " self-terminate no new incoming connection is established within this time." +
+        " This setting only applies at the CONNECTION share level." +
+        " 0 or negative means not to self-terminate.")
+      .version("1.8.0")
+      .timeConf
+      .createWithDefault(Duration.ofSeconds(60).toMillis)
+
   val ENGINE_FLINK_MAIN_RESOURCE: OptionalConfigEntry[String] =
     buildConf("kyuubi.session.engine.flink.main.resource")
       .doc("The package used to create Flink SQL engine remote job. If it is undefined," +
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala
index 13127b59b..3ce421e23 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/NamedThreadFactory.scala
@@ -32,5 +32,5 @@ class NamedThreadFactory(name: String, daemon: Boolean) extends ThreadFactory {
 }
 
 object NamedThreadFactory {
-  private val kyuubiUncaughtExceptionHandler = new KyuubiUncaughtExceptionHandler
+  private[util] val kyuubiUncaughtExceptionHandler = new KyuubiUncaughtExceptionHandler
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ThreadUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ThreadUtils.scala
index 8ce4bb2e5..76d3f416f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ThreadUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/ThreadUtils.scala
@@ -95,4 +95,18 @@ object ThreadUtils extends Logging {
       }
     }
   }
+
+  def runInNewThread(
+      threadName: String,
+      isDaemon: Boolean = true)(body: => Unit): Unit = {
+
+    val thread = new Thread(threadName) {
+      override def run(): Unit = {
+        body
+      }
+    }
+    thread.setDaemon(isDaemon)
+    thread.setUncaughtExceptionHandler(NamedThreadFactory.kyuubiUncaughtExceptionHandler)
+    thread.start()
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
index 0c180db72..97ab21998 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerConnectionSuite.scala
@@ -48,6 +48,7 @@ class KyuubiOperationPerConnectionSuite extends WithKyuubiServer with HiveJDBCTe
   override protected val conf: KyuubiConf = {
     KyuubiConf().set(KyuubiConf.ENGINE_SHARE_LEVEL, "connection")
       .set(SESSION_CONF_ADVISOR.key, classOf[TestSessionConfAdvisor].getName)
+      .set(KyuubiConf.ENGINE_SPARK_MAX_INITIAL_WAIT.key, "0")
   }
 
   test("KYUUBI #647 - async query causes engine crash") {

From 02fb525e11fd060838175e1f0a8671c3ed133fca Mon Sep 17 00:00:00 2001
From: "toshihiko.uchida" <toshihiko.uchida@linecorp.com>
Date: Mon, 17 Jul 2023 11:47:29 +0800
Subject: [PATCH 503/760] [KYUUBI #5010] Make Kyuubi server's connection URL
 configurable

### _Why are the changes needed?_

This PR resolves https://github.com/apache/kyuubi/issues/5010, by introducing a new configuration property that makes it possible to override the hostname or ip of the Kyuubi server's thrift frontend service that will be registered for the service discovery ensemble.

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [X] Add screenshots for manual tests if appropriate

Before applying the patch, when we set `kyuubi.frontend.bind.host=0.0.0.0`, the znode becomes as follows.
```
[zk: some_zk_host:some_zk_port(CONNECTED) 0] ls /some_kyuubi_zk_namespace
[serviceUri=0.0.0.0:10009;version=1.8.0-SNAPSHOT;sequence=0000000007]
```
After applying the patch, when we set `kyuubi.frontend.bind.host=0.0.0.0` and `kyuubi.frontend.advertised.host=some_kyuubi_host`, it becomes as follows.
```
[zk: some_zk_host:some_zk_port(CONNECTED) 0] ls /some_kyuubi_zk_namespace
[serviceUri=some_kyuubi_host:10009;version=1.8.0-SNAPSHOT;sequence=0000000009]
```

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

`./build/mvn clean install -pl kyuubi-common` succeeded.

Closes #5015 from touchida/issue-5010-connection-url.

Closes #5010

4598c2baf [Cheng Pan] Update kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
bf53a8a13 [Cheng Pan] Update kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
0ddf09f0f [toshihiko.uchida] Use pattern matching instead of if-else
34c61d90d [toshihiko.uchida] Rename to kyuubi.frontend.advertised.host and apply to all frontends
7fd980baf [toshihiko.uchida] [KYUUBI #5010] Make Kyuubi server's thrift frontend connection URL configurable

Lead-authored-by: toshihiko.uchida <toshihiko.uchida@linecorp.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  1 +
 .../org/apache/kyuubi/config/KyuubiConf.scala | 10 +++++++
 .../kyuubi/service/TFrontendService.scala     | 12 ++++-----
 .../service/TFrontendServiceSuite.scala       | 27 +++++++++++++++++++
 .../server/KyuubiMySQLFrontendService.scala   |  5 +++-
 .../server/KyuubiRestFrontendService.scala    |  9 +++++--
 .../server/KyuubiTrinoFrontendService.scala   | 11 +++++---
 .../KyuubiMySQLFrontendServiceSuite.scala     | 20 ++++++++++++++
 8 files changed, 83 insertions(+), 12 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 2d2c589ae..5d795864d 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -201,6 +201,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 |                          Key                           |      Default       |                                                                                                                                                                                                                                                           Meaning                                                                                                                                                                                                                                                           |   Type   | Since |
 |--------------------------------------------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.frontend.advertised.host                        | &lt;undefined&gt;  | Hostname or IP of the Kyuubi server's frontend services to publish to external systems such as the service discovery ensemble and metadata store. Use it when you want to advertise a different hostname or IP than the bind host.                                                                                                                                                                                                                                                                                          | string   | 1.8.0 |
 | kyuubi.frontend.backoff.slot.length                    | PT0.1S             | (deprecated) Time to back off during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
 | kyuubi.frontend.bind.host                              | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the frontend services.                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.0.0 |
 | kyuubi.frontend.bind.port                              | 10009              | (deprecated) Port of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                       | int      | 1.0.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index b8a75d27f..116455da7 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -429,6 +429,16 @@ object KyuubiConf {
     .stringConf
     .createOptional
 
+  val FRONTEND_ADVERTISED_HOST: OptionalConfigEntry[String] =
+    buildConf("kyuubi.frontend.advertised.host")
+      .doc("Hostname or IP of the Kyuubi server's frontend services to publish to " +
+        "external systems such as the service discovery ensemble and metadata store. " +
+        "Use it when you want to advertise a different hostname or IP than the bind host.")
+      .version("1.8.0")
+      .serverOnly
+      .stringConf
+      .createOptional
+
   val FRONTEND_THRIFT_BINARY_BIND_HOST: ConfigEntry[Option[String]] =
     buildConf("kyuubi.frontend.thrift.binary.bind.host")
       .doc("Hostname or IP of the machine on which to run the thrift frontend service " +
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
index 7532beccb..aa012ab56 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
@@ -31,7 +31,7 @@ import org.apache.thrift.transport.TTransport
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging, Utils}
 import org.apache.kyuubi.Utils.stringifyException
-import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_CONNECTION_URL_USE_HOSTNAME, SESSION_CLOSE_ON_DISCONNECT}
+import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_ADVERTISED_HOST, FRONTEND_CONNECTION_URL_USE_HOSTNAME, SESSION_CLOSE_ON_DISCONNECT}
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.operation.{FetchOrientation, OperationHandle}
 import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
@@ -112,12 +112,12 @@ abstract class TFrontendService(name: String)
 
   override def connectionUrl: String = {
     checkInitialized()
-    val host = serverHost match {
-      case Some(h) => h // respect user's setting ahead
-      case None if conf.get(FRONTEND_CONNECTION_URL_USE_HOSTNAME) =>
+    val host = (conf.get(FRONTEND_ADVERTISED_HOST), serverHost) match {
+      case (Some(advertisedHost), _) => advertisedHost
+      case (None, Some(h)) => h
+      case (None, None) if conf.get(FRONTEND_CONNECTION_URL_USE_HOSTNAME) =>
         serverAddr.getCanonicalHostName
-      case None =>
-        serverAddr.getHostAddress
+      case (None, None) => serverAddr.getHostAddress
     }
 
     host + ":" + actualPort
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
index 914388b99..53e05f34b 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
@@ -115,6 +115,33 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
     assert(service2.connectionUrl.split("\\.")(0).toInt > 0)
   }
 
+  test("advertised host") {
+
+    def newService: TBinaryFrontendService = {
+      new TBinaryFrontendService("DummyThriftBinaryFrontendService") {
+        override val serverable: Serverable = new NoopTBinaryFrontendServer
+        override val discoveryService: Option[Service] = None
+      }
+    }
+
+    val conf = new KyuubiConf()
+      .set(FRONTEND_THRIFT_BINARY_BIND_HOST.key, "localhost")
+      .set(FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+      .set(FRONTEND_ADVERTISED_HOST, "dummy.host")
+    val service = newService
+
+    service.initialize(conf)
+    assert(service.connectionUrl.startsWith("dummy.host"))
+
+    val service2 = newService
+    val conf2 = KyuubiConf()
+      .set(FRONTEND_THRIFT_BINARY_BIND_HOST.key, "localhost")
+      .set(FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+
+    service2.initialize(conf2)
+    assert(service2.connectionUrl.startsWith("localhost"))
+  }
+
   test("open session") {
     TClientTestUtils.withThriftClient(server.frontendServices.head) {
       client =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendService.scala
index 96a2114aa..1a449dde4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendService.scala
@@ -94,7 +94,10 @@ class KyuubiMySQLFrontendService(override val serverable: Serverable)
 
   override def connectionUrl: String = {
     checkInitialized()
-    s"${serverAddr.getCanonicalHostName}:$port"
+    conf.get(FRONTEND_ADVERTISED_HOST) match {
+      case Some(advertisedHost) => s"$advertisedHost:$port"
+      case None => s"${serverAddr.getCanonicalHostName}:$port"
+    }
   }
 
   override def start(): Unit = synchronized {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index fc9080e66..20df64df2 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -68,19 +68,24 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
       }
     }
 
+  private lazy val port: Int = conf.get(FRONTEND_REST_BIND_PORT)
+
   override def initialize(conf: KyuubiConf): Unit = synchronized {
     this.conf = conf
     server = JettyServer(
       getName,
       host,
-      conf.get(FRONTEND_REST_BIND_PORT),
+      port,
       conf.get(FRONTEND_REST_MAX_WORKER_THREADS))
     super.initialize(conf)
   }
 
   override def connectionUrl: String = {
     checkInitialized()
-    server.getServerUri
+    conf.get(FRONTEND_ADVERTISED_HOST) match {
+      case Some(advertisedHost) => s"$advertisedHost:$port"
+      case None => server.getServerUri
+    }
   }
 
   private def startInternal(): Unit = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala
index 573bb948f..95f6d5902 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTrinoFrontendService.scala
@@ -21,7 +21,7 @@ import java.util.concurrent.atomic.AtomicBoolean
 
 import org.apache.kyuubi.{KyuubiException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_TRINO_BIND_HOST, FRONTEND_TRINO_BIND_PORT, FRONTEND_TRINO_MAX_WORKER_THREADS}
+import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_ADVERTISED_HOST, FRONTEND_TRINO_BIND_HOST, FRONTEND_TRINO_BIND_PORT, FRONTEND_TRINO_MAX_WORKER_THREADS}
 import org.apache.kyuubi.server.trino.api.v1.ApiRootResource
 import org.apache.kyuubi.server.ui.JettyServer
 import org.apache.kyuubi.service.{AbstractFrontendService, Serverable, Service}
@@ -46,19 +46,24 @@ class KyuubiTrinoFrontendService(override val serverable: Serverable)
       }
     }
 
+  private lazy val port: Int = conf.get(FRONTEND_TRINO_BIND_PORT)
+
   override def initialize(conf: KyuubiConf): Unit = synchronized {
     this.conf = conf
     server = JettyServer(
       getName,
       host,
-      conf.get(FRONTEND_TRINO_BIND_PORT),
+      port,
       conf.get(FRONTEND_TRINO_MAX_WORKER_THREADS))
     super.initialize(conf)
   }
 
   override def connectionUrl: String = {
     checkInitialized()
-    server.getServerUri
+    conf.get(FRONTEND_ADVERTISED_HOST) match {
+      case Some(advertisedHost) => s"$advertisedHost:$port"
+      case None => server.getServerUri
+    }
   }
 
   private def startInternal(): Unit = {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendServiceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendServiceSuite.scala
index 735863b8b..4bf8b8eda 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendServiceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiMySQLFrontendServiceSuite.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.server
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_ADVERTISED_HOST, FRONTEND_MYSQL_BIND_HOST, FRONTEND_MYSQL_BIND_PORT}
 import org.apache.kyuubi.service.NoopMySQLFrontendServer
 import org.apache.kyuubi.service.ServiceState._
 
@@ -53,4 +54,23 @@ class KyuubiMySQLFrontendServiceSuite extends KyuubiFunSuite {
     assert(frontendService.getServiceState == STOPPED)
     server.stop()
   }
+
+  test("advertised host") {
+    val server = new NoopMySQLFrontendServer
+    val conf = KyuubiConf()
+      .set(FRONTEND_MYSQL_BIND_HOST.key, "localhost")
+      .set(FRONTEND_MYSQL_BIND_PORT, 0)
+      .set(FRONTEND_ADVERTISED_HOST, "dummy.host")
+
+    server.initialize(conf)
+    assert(server.frontendServices.head.connectionUrl.startsWith("dummy.host"))
+
+    val server2 = new NoopMySQLFrontendServer
+    val conf2 = KyuubiConf()
+      .set(FRONTEND_MYSQL_BIND_HOST.key, "localhost")
+      .set(FRONTEND_MYSQL_BIND_PORT, 0)
+
+    server2.initialize(conf2)
+    assert(server2.frontendServices.head.connectionUrl.startsWith("localhost"))
+  }
 }

From 1ea9f8df987f8955b41152ac4ec06d42172fc6e3 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 17 Jul 2023 18:09:11 +0800
Subject: [PATCH 504/760] [KYUUBI #5059] [BUILD] Upgrade kubernetes client
 version to 6.7.2

### _Why are the changes needed?_

Now the kubernetes client version in apache/spark is 6.7.2(https://github.com/apache/spark/pull/41490), I think it is better to align with that.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5059 from turboFei/k8s_client_version.

Closes #5059

79955d17a [fwang12] deps
4a68cc820 [fwang12] bump

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 50 ++++++++++++++++++++++++----------------------
 pom.xml            |  2 +-
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 05f694040..9ac0d32fa 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -107,30 +107,31 @@ jetty-util/9.4.51.v20230217//jetty-util-9.4.51.v20230217.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
 kafka-clients/3.4.0//kafka-clients-3.4.0.jar
-kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar
-kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar
-kubernetes-httpclient-okhttp/6.4.1//kubernetes-httpclient-okhttp-6.4.1.jar
-kubernetes-model-admissionregistration/6.4.1//kubernetes-model-admissionregistration-6.4.1.jar
-kubernetes-model-apiextensions/6.4.1//kubernetes-model-apiextensions-6.4.1.jar
-kubernetes-model-apps/6.4.1//kubernetes-model-apps-6.4.1.jar
-kubernetes-model-autoscaling/6.4.1//kubernetes-model-autoscaling-6.4.1.jar
-kubernetes-model-batch/6.4.1//kubernetes-model-batch-6.4.1.jar
-kubernetes-model-certificates/6.4.1//kubernetes-model-certificates-6.4.1.jar
-kubernetes-model-common/6.4.1//kubernetes-model-common-6.4.1.jar
-kubernetes-model-coordination/6.4.1//kubernetes-model-coordination-6.4.1.jar
-kubernetes-model-core/6.4.1//kubernetes-model-core-6.4.1.jar
-kubernetes-model-discovery/6.4.1//kubernetes-model-discovery-6.4.1.jar
-kubernetes-model-events/6.4.1//kubernetes-model-events-6.4.1.jar
-kubernetes-model-extensions/6.4.1//kubernetes-model-extensions-6.4.1.jar
-kubernetes-model-flowcontrol/6.4.1//kubernetes-model-flowcontrol-6.4.1.jar
-kubernetes-model-gatewayapi/6.4.1//kubernetes-model-gatewayapi-6.4.1.jar
-kubernetes-model-metrics/6.4.1//kubernetes-model-metrics-6.4.1.jar
-kubernetes-model-networking/6.4.1//kubernetes-model-networking-6.4.1.jar
-kubernetes-model-node/6.4.1//kubernetes-model-node-6.4.1.jar
-kubernetes-model-policy/6.4.1//kubernetes-model-policy-6.4.1.jar
-kubernetes-model-rbac/6.4.1//kubernetes-model-rbac-6.4.1.jar
-kubernetes-model-scheduling/6.4.1//kubernetes-model-scheduling-6.4.1.jar
-kubernetes-model-storageclass/6.4.1//kubernetes-model-storageclass-6.4.1.jar
+kubernetes-client-api/6.7.2//kubernetes-client-api-6.7.2.jar
+kubernetes-client/6.7.2//kubernetes-client-6.7.2.jar
+kubernetes-httpclient-okhttp/6.7.2//kubernetes-httpclient-okhttp-6.7.2.jar
+kubernetes-model-admissionregistration/6.7.2//kubernetes-model-admissionregistration-6.7.2.jar
+kubernetes-model-apiextensions/6.7.2//kubernetes-model-apiextensions-6.7.2.jar
+kubernetes-model-apps/6.7.2//kubernetes-model-apps-6.7.2.jar
+kubernetes-model-autoscaling/6.7.2//kubernetes-model-autoscaling-6.7.2.jar
+kubernetes-model-batch/6.7.2//kubernetes-model-batch-6.7.2.jar
+kubernetes-model-certificates/6.7.2//kubernetes-model-certificates-6.7.2.jar
+kubernetes-model-common/6.7.2//kubernetes-model-common-6.7.2.jar
+kubernetes-model-coordination/6.7.2//kubernetes-model-coordination-6.7.2.jar
+kubernetes-model-core/6.7.2//kubernetes-model-core-6.7.2.jar
+kubernetes-model-discovery/6.7.2//kubernetes-model-discovery-6.7.2.jar
+kubernetes-model-events/6.7.2//kubernetes-model-events-6.7.2.jar
+kubernetes-model-extensions/6.7.2//kubernetes-model-extensions-6.7.2.jar
+kubernetes-model-flowcontrol/6.7.2//kubernetes-model-flowcontrol-6.7.2.jar
+kubernetes-model-gatewayapi/6.7.2//kubernetes-model-gatewayapi-6.7.2.jar
+kubernetes-model-metrics/6.7.2//kubernetes-model-metrics-6.7.2.jar
+kubernetes-model-networking/6.7.2//kubernetes-model-networking-6.7.2.jar
+kubernetes-model-node/6.7.2//kubernetes-model-node-6.7.2.jar
+kubernetes-model-policy/6.7.2//kubernetes-model-policy-6.7.2.jar
+kubernetes-model-rbac/6.7.2//kubernetes-model-rbac-6.7.2.jar
+kubernetes-model-resource/6.7.2//kubernetes-model-resource-6.7.2.jar
+kubernetes-model-scheduling/6.7.2//kubernetes-model-scheduling-6.7.2.jar
+kubernetes-model-storageclass/6.7.2//kubernetes-model-storageclass-6.7.2.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.9.3//libthrift-0.9.3.jar
 log4j-1.2-api/2.20.0//log4j-1.2-api-2.20.0.jar
@@ -181,6 +182,7 @@ simpleclient_tracer_common/0.16.0//simpleclient_tracer_common-0.16.0.jar
 simpleclient_tracer_otel/0.16.0//simpleclient_tracer_otel-0.16.0.jar
 simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
+snakeyaml-engine/2.6//snakeyaml-engine-2.6.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
 snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
 sqlite-jdbc/3.42.0.0//sqlite-jdbc-3.42.0.0.jar
diff --git a/pom.xml b/pom.xml
index e686da143..354867090 100644
--- a/pom.xml
+++ b/pom.xml
@@ -168,7 +168,7 @@
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
         <kafka.version>3.4.0</kafka.version>
-        <kubernetes-client.version>6.4.1</kubernetes-client.version>
+        <kubernetes-client.version>6.7.2</kubernetes-client.version>
         <kudu.version>1.15.0</kudu.version>
         <kyuubi-shaded-zookeeper.artifacts>kyuubi-shaded-zookeeper-34</kyuubi-shaded-zookeeper.artifacts>
         <kyuubi-shaded-zookeeper.version>0.1.0</kyuubi-shaded-zookeeper.version>

From 57672fe5fe1ab7f8bfbb46d5b78f6107e5e256e4 Mon Sep 17 00:00:00 2001
From: camper42 <camper.xlii@gmail.com>
Date: Mon, 17 Jul 2023 18:10:13 +0800
Subject: [PATCH 505/760] [KYUUBI #5058] [HELM] Allow the user to set the
 priorityClass used by Kyuubi server Pod

### _Why are the changes needed?_

This PR allows the user to set the priorityClass used by kyuubi server.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5058 from camper42/priority.

Closes #5058

aa5a9bfe4 [camper42] remove redundant comment
6785270f5 [camper42] remove description field in kyuubi-priorityclass
b8c225524 [camper42] feat(chart): Allows the user to set the priorityClass used by kyuubi.

Authored-by: camper42 <camper.xlii@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/templates/kyuubi-deployment.yaml   |  3 +++
 .../templates/kyuubi-priorityclass.yaml       | 26 +++++++++++++++++++
 charts/kyuubi/values.yaml                     |  9 +++++++
 3 files changed, 38 insertions(+)
 create mode 100644 charts/kyuubi/templates/kyuubi-priorityclass.yaml

diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-deployment.yaml
index 79d49a653..a81ec01e9 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-deployment.yaml
@@ -39,6 +39,9 @@ spec:
       {{- if or .Values.serviceAccount.name .Values.serviceAccount.create }}
       serviceAccountName: {{ .Values.serviceAccount.name | default .Release.Name }}
       {{- end }}
+      {{- if or .Values.priorityClass.name .Values.priorityClass.create }}
+      priorityClassName: {{ .Values.priorityClass.name | default .Release.Name }}
+      {{- end }}
       {{- with .Values.initContainers }}
       initContainers: {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-priorityclass.yaml b/charts/kyuubi/templates/kyuubi-priorityclass.yaml
new file mode 100644
index 000000000..c756108ae
--- /dev/null
+++ b/charts/kyuubi/templates/kyuubi-priorityclass.yaml
@@ -0,0 +1,26 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+{{- if .Values.priorityClass.create }}
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: {{ .Values.priorityClass.name | default .Release.Name }}
+  labels:
+    {{- include "kyuubi.labels" . | nindent 4 }}
+value: {{ .Values.priorityClass.value }}
+{{- end }}
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index 446026fb7..f239e18a3 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -36,6 +36,15 @@ serviceAccount:
   # Specifies ServiceAccount name to be used (created if `create: true`)
   name: ~
 
+# priorityClass used for Kyuubi server pod
+priorityClass:
+  # Specifies whether a priorityClass should be created
+  create: false
+  # Specifies priorityClass name to be used (created if `create: true`)
+  name: ~
+  # half of system-cluster-critical by default
+  value: 1000000000
+
 # Role-based access control
 rbac:
   # Specifies whether RBAC resources should be created

From ac21e271fe717ff8159dc811778ee5a5ef7c9198 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Mon, 17 Jul 2023 18:12:11 +0800
Subject: [PATCH 506/760] [KYUUBI #5043] Destroy the build process when
 waitCompletion is false and the engine is running in cluster mode

### _Why are the changes needed?_

When waitCompletion is false, we need to determine whether it is in cluster mode to avoid killing the engine running locally.

close #5043

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5044 from wForget/KYUUBI-5043.

Closes #5043

9d26aea15 [wforget] fix style
aad322f1a [wforget] fix test
20d082ae1 [wforget] [KYUUBI-5043] Destroy the build process when waitCompletion is false and the engine is running in cluster mode

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/EngineRef.scala  |  8 ++-
 .../apache/kyuubi/engine/ProcBuilder.scala    |  7 +--
 .../engine/spark/SparkProcessBuilder.scala    | 14 ++++++
 .../kyuubi/operation/BatchJobSubmission.scala | 14 ++++--
 .../spark/SparkProcessBuilderSuite.scala      |  4 +-
 .../server/rest/client/BatchCliSuite.scala    | 49 +++++++++++++++----
 6 files changed, 78 insertions(+), 18 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 387758714..5ade86400 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -267,9 +267,15 @@ private[kyuubi] class EngineRef(
       }
       engineRef.get
     } finally {
+      val waitCompletion = conf.get(KyuubiConf.SESSION_ENGINE_STARTUP_WAIT_COMPLETION)
+      val destroyProcess = !waitCompletion && builder.isClusterMode()
+      if (destroyProcess) {
+        info("Destroy the builder process because waitCompletion is false" +
+          " and the engine is running in cluster mode.")
+      }
       // we must close the process builder whether session open is success or failure since
       // we have a log capture thread in process builder.
-      builder.close()
+      builder.close(destroyProcess)
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index d30e72674..a44fe06bc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -155,7 +155,7 @@ trait ProcBuilder {
   @volatile private var error: Throwable = UNCAUGHT_ERROR
 
   private val engineLogMaxLines = conf.get(KyuubiConf.SESSION_ENGINE_STARTUP_MAX_LOG_LINES)
-  private val waitCompletion = conf.get(KyuubiConf.SESSION_ENGINE_STARTUP_WAIT_COMPLETION)
+
   protected val lastRowsOfLog: EvictingQueue[String] = EvictingQueue.create(engineLogMaxLines)
   // Visible for test
   @volatile private[kyuubi] var logCaptureThreadReleased: Boolean = true
@@ -249,13 +249,14 @@ trait ProcBuilder {
     process
   }
 
-  def close(destroyProcess: Boolean = !waitCompletion): Unit = synchronized {
+  def isClusterMode(): Boolean = false
+
+  def close(destroyProcess: Boolean): Unit = synchronized {
     if (logCaptureThread != null) {
       logCaptureThread.interrupt()
       logCaptureThread = null
     }
     if (destroyProcess && process != null) {
-      info("Destroy the process, since waitCompletion is false.")
       process.destroyForcibly()
       process = null
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index 6110c0246..5bfe506da 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -19,6 +19,7 @@ package org.apache.kyuubi.engine.spark
 
 import java.io.{File, IOException}
 import java.nio.file.Paths
+import java.util.Locale
 
 import scala.collection.mutable.ArrayBuffer
 
@@ -210,6 +211,18 @@ class SparkProcessBuilder(
     conf.getOption(MASTER_KEY).orElse(defaultsConf.get(MASTER_KEY))
   }
 
+  def deployMode(): Option[String] = {
+    conf.getOption(DEPLOY_MODE_KEY).orElse(defaultsConf.get(DEPLOY_MODE_KEY))
+  }
+
+  override def isClusterMode(): Boolean = {
+    clusterManager().map(_.toLowerCase(Locale.ROOT)) match {
+      case Some(m) if m.startsWith("yarn") || m.startsWith("k8s") =>
+        deployMode().exists(_.toLowerCase(Locale.ROOT) == "cluster")
+      case _ => false
+    }
+  }
+
   def kubernetesContext(): Option[String] = {
     conf.getOption(KUBERNETES_CONTEXT_KEY).orElse(defaultsConf.get(KUBERNETES_CONTEXT_KEY))
   }
@@ -237,6 +250,7 @@ object SparkProcessBuilder {
   final val APP_KEY = "spark.app.name"
   final val TAG_KEY = "spark.yarn.tags"
   final val MASTER_KEY = "spark.master"
+  final val DEPLOY_MODE_KEY = "spark.submit.deployMode"
   final val KUBERNETES_CONTEXT_KEY = "spark.kubernetes.context"
   final val KUBERNETES_NAMESPACE_KEY = "spark.kubernetes.namespace"
   final val INTERNAL_RESOURCE = "spark-internal"
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 82562541d..8bb9804ec 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -268,7 +268,15 @@ class BatchJobSubmission(
         }
       }
     } finally {
-      builder.close()
+      val waitCompletion = batchConf.get(KyuubiConf.SESSION_ENGINE_STARTUP_WAIT_COMPLETION.key)
+        .map(_.toBoolean).getOrElse(
+          session.sessionConf.get(KyuubiConf.SESSION_ENGINE_STARTUP_WAIT_COMPLETION))
+      val destroyProcess = !waitCompletion && builder.isClusterMode()
+      if (destroyProcess) {
+        info("Destroy the builder process because waitCompletion is false" +
+          " and the engine is running in cluster mode.")
+      }
+      builder.close(destroyProcess)
       updateApplicationInfoMetadataIfNeeded()
       cleanupUploadedResourceIfNeeded()
     }
@@ -335,14 +343,14 @@ class BatchJobSubmission(
       // fast fail
       if (isTerminalState(state)) {
         killMessage = (false, s"batch $batchId is already terminal so can not kill it.")
-        builder.close()
+        builder.close(true)
         cleanupUploadedResourceIfNeeded()
         return
       }
 
       try {
         killMessage = killBatchApplication()
-        builder.close()
+        builder.close(true)
         cleanupUploadedResourceIfNeeded()
       } finally {
         if (state == OperationState.INITIALIZED) {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
index e70acf8ad..ad8324c85 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
@@ -141,7 +141,7 @@ class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
       assert(!process.logCaptureThreadReleased)
       subProcess.waitFor(3, TimeUnit.SECONDS)
     } finally {
-      process.close()
+      process.close(true)
     }
     eventually(timeout(3.seconds), interval(100.milliseconds)) {
       assert(process.logCaptureThreadReleased)
@@ -173,7 +173,7 @@ class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
               val p = pb.start
               p.waitFor()
             } finally {
-              pb.close()
+              pb.close(true)
             }
           })
         }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
index 4e18951b5..7cf939910 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
@@ -40,6 +40,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
 
   val basePath: String = Utils.getCodeSourceLocation(getClass)
   val batchFile: String = s"${basePath}/batch.yaml"
+  val longTimeBatchFile: String = s"${basePath}/batch_long_time.yaml"
 
   override protected val otherConfigs: Map[String, String] = {
     Map(KyuubiConf.BATCH_APPLICATION_CHECK_INTERVAL.key -> "100")
@@ -72,6 +73,27 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
                          |options:
                          |  verbose: true""".stripMargin
     Files.write(Paths.get(batchFile), batch_basic.getBytes(StandardCharsets.UTF_8))
+
+    val long_time_batch_basic = s"""apiVersion: v1
+                                   |username: ${ldapUser}
+                                   |request:
+                                   |  batchType: Spark
+                                   |  name: LongTimeBatch
+                                   |  resource: ${sparkBatchTestResource.get}
+                                   |  className: org.apache.spark.examples.DriverSubmissionTest
+                                   |  args:
+                                   |   - 10
+                                   |  configs:
+                                   |    spark.master: local
+                                   |    wait.completion: true
+                                   |    k1: v1
+                                   |    1: test_integer_key
+                                   |    key:
+                                   |options:
+                                   |  verbose: true""".stripMargin
+    Files.write(
+      Paths.get(longTimeBatchFile),
+      long_time_batch_basic.getBytes(StandardCharsets.UTF_8))
   }
 
   override def afterEach(): Unit = {
@@ -94,7 +116,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "create",
       "batch",
       "-f",
-      batchFile,
+      longTimeBatchFile,
       "--password",
       ldapUserPasswd)
     var result = testPrematureExitForControlCli(createArgs, "")
@@ -110,9 +132,15 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       ldapUser,
       "--password",
       ldapUserPasswd)
-    result = testPrematureExitForControlCli(getArgs, "SPARK")
-    assert(result.contains("SPARK"))
-    assert(result.contains(s"${fe.connectionUrl}"))
+    var invalidCount = 0
+    eventually(timeout(5.seconds), interval(100.milliseconds)) {
+      invalidCount += 1
+      result = testPrematureExitForControlCli(getArgs, "SPARK")
+      assert(result.contains("RUNNING"))
+      assert(result.contains("SPARK"))
+      assert(result.contains(s"${fe.connectionUrl}"))
+      invalidCount -= 1
+    }
 
     val logArgs = Array(
       "log",
@@ -140,7 +168,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
 
     eventually(timeout(3.seconds), interval(200.milliseconds)) {
       assert(MetricsSystem.counterValue(
-        MetricsConstants.REST_CONN_TOTAL).getOrElse(0L) - totalConnections === 5)
+        MetricsConstants.REST_CONN_TOTAL).getOrElse(0L) - totalConnections - invalidCount === 5)
       assert(MetricsSystem.counterValue(MetricsConstants.REST_CONN_OPEN).getOrElse(0L) === 0)
     }
   }
@@ -152,7 +180,7 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "create",
       "batch",
       "-f",
-      batchFile,
+      longTimeBatchFile,
       "--authSchema",
       "SPNEGO")
     var result = testPrematureExitForControlCli(createArgs, "")
@@ -166,9 +194,12 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       batchId,
       "--authSchema",
       "spnego")
-    result = testPrematureExitForControlCli(getArgs, "SPARK")
-    assert(result.contains("SPARK"))
-    assert(result.contains(s"${fe.connectionUrl}"))
+    eventually(timeout(5.seconds), interval(100.milliseconds)) {
+      result = testPrematureExitForControlCli(getArgs, "SPARK")
+      assert(result.contains("RUNNING"))
+      assert(result.contains("SPARK"))
+      assert(result.contains(s"${fe.connectionUrl}"))
+    }
 
     val logArgs = Array(
       "log",

From f66b0e98dced778465e2d013a32dbc5c8ae8fea8 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 19 Jul 2023 15:43:54 +0800
Subject: [PATCH 507/760] [KYUUBI #5064] Audit kubernetes application state
 change in separate log files

### _Why are the changes needed?_

To provide more insights for kyuubi admin.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5064 from turboFei/k8s_log.

Closes #5064

0c072d08e [fwang12] k8s audit
d5f2b44a5 [fwang12] save
c07306283 [fwang12] audit pod
a98234aba [fwang12] log more info

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 conf/log4j2.xml.template                      | 15 +++++++
 .../KubernetesApplicationAuditLogger.scala    | 41 +++++++++++++++++++
 .../KubernetesApplicationOperation.scala      |  8 +++-
 3 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationAuditLogger.scala

diff --git a/conf/log4j2.xml.template b/conf/log4j2.xml.template
index 37fc8acf0..86f9459a1 100644
--- a/conf/log4j2.xml.template
+++ b/conf/log4j2.xml.template
@@ -24,6 +24,10 @@
         <Property name="restAuditLogPath">rest-audit.log</Property>
         <Property name="restAuditLogFilePattern">rest-audit-%d{yyyy-MM-dd}-%i.log</Property>
     </Properties>
+    <Properties>
+        <Property name="k8sAuditLogPath">k8s-audit.log</Property>
+        <Property name="k8sAuditLogFilePattern">k8s-audit-%d{yyyy-MM-dd}-%i.log</Property>
+    </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
@@ -39,6 +43,14 @@
             </Policies>
             <DefaultRolloverStrategy max="10"/>
         </RollingFile>
+        <RollingFile name="k8sAudit" fileName="${sys:k8sAuditLogPath}"
+                     filePattern="${sys:k8sAuditLogFilePattern}">
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
+            <Policies>
+                <SizeBasedTriggeringPolicy size="51200KB" />
+            </Policies>
+            <DefaultRolloverStrategy max="10"/>
+        </RollingFile>
     </Appenders>
     <Loggers>
         <Root level="INFO">
@@ -58,5 +70,8 @@
         <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
             <AppenderRef ref="restAudit" />
         </Logger>
+        <Logger name="org.apache.kyuubi.engine.KubernetesApplicationAuditLogger" additivity="false">
+            <AppenderRef ref="k8sAudit" />
+        </Logger>
     </Loggers>
 </Configuration>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationAuditLogger.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationAuditLogger.scala
new file mode 100644
index 000000000..731b9d7b5
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationAuditLogger.scala
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine
+
+import io.fabric8.kubernetes.api.model.Pod
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.engine.KubernetesApplicationOperation.{toApplicationState, LABEL_KYUUBI_UNIQUE_KEY, SPARK_APP_ID_LABEL}
+
+object KubernetesApplicationAuditLogger extends Logging {
+  final private val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() {
+    override protected def initialValue: StringBuilder = new StringBuilder()
+  }
+
+  def audit(kubernetesInfo: KubernetesInfo, pod: Pod): Unit = {
+    val sb = AUDIT_BUFFER.get()
+    sb.setLength(0)
+    sb.append(s"label=${pod.getMetadata.getLabels.get(LABEL_KYUUBI_UNIQUE_KEY)}").append("\t")
+    sb.append(s"context=${kubernetesInfo.context.orNull}").append("\t")
+    sb.append(s"namespace=${kubernetesInfo.namespace.orNull}").append("\t")
+    sb.append(s"pod=${pod.getMetadata.getName}").append("\t")
+    sb.append(s"appId=${pod.getMetadata.getLabels.get(SPARK_APP_ID_LABEL)}").append("\t")
+    sb.append(s"appState=${toApplicationState(pod.getStatus.getPhase)}")
+    info(sb.toString())
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 5f21342e9..967003394 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -83,7 +83,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
         info(s"[$kubernetesInfo] Initialized Kubernetes Client connect to: ${client.getMasterUrl}")
         val enginePodInformer = client.pods()
           .withLabel(LABEL_KYUUBI_UNIQUE_KEY)
-          .inform(new SparkEnginePodEventHandler)
+          .inform(new SparkEnginePodEventHandler(kubernetesInfo))
         info(s"[$kubernetesInfo] Start Kubernetes Client Informer.")
         enginePodInformers.put(kubernetesInfo, enginePodInformer)
         client
@@ -201,11 +201,13 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     }
   }
 
-  private class SparkEnginePodEventHandler extends ResourceEventHandler[Pod] {
+  private class SparkEnginePodEventHandler(kubernetesInfo: KubernetesInfo)
+    extends ResourceEventHandler[Pod] {
 
     override def onAdd(pod: Pod): Unit = {
       if (isSparkEnginePod(pod)) {
         updateApplicationState(pod)
+        KubernetesApplicationAuditLogger.audit(kubernetesInfo, pod)
       }
     }
 
@@ -216,6 +218,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
         if (isTerminated(appState)) {
           markApplicationTerminated(newPod)
         }
+        KubernetesApplicationAuditLogger.audit(kubernetesInfo, newPod)
       }
     }
 
@@ -223,6 +226,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
       if (isSparkEnginePod(pod)) {
         updateApplicationState(pod)
         markApplicationTerminated(pod)
+        KubernetesApplicationAuditLogger.audit(kubernetesInfo, pod)
       }
     }
   }

From d6290a4dede9e43ab0918473bf32d77c14cd0ba3 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Wed, 19 Jul 2023 15:44:57 +0800
Subject: [PATCH 508/760] [KYUUBI #5063] Support to filter batch with batch
 name

### _Why are the changes needed?_

Support to filter batch with batch name filter condition.
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5063 from turboFei/batch_name.

Closes #5063

63915a56d [fwang12] ut
2548815a2 [fwang12] ut
34a9229b0 [fwang12] style

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/ctl/cli/ControlCliArguments.scala  |  1 +
 .../ctl/cmd/list/ListBatchCommand.scala       |  1 +
 .../org/apache/kyuubi/ctl/opt/CliConfig.scala |  1 +
 .../apache/kyuubi/ctl/opt/CommandLine.scala   |  3 ++
 .../kyuubi/ctl/ControlCliArgumentsSuite.scala |  1 +
 .../apache/kyuubi/client/BatchRestApi.java    | 13 ++++++
 .../server/api/v1/BatchesResource.scala       | 24 ++++++-----
 .../server/metadata/MetadataManager.scala     | 16 +------
 .../server/metadata/api/MetadataFilter.scala  |  1 +
 .../metadata/jdbc/JDBCMetadataStore.scala     |  4 ++
 .../kyuubi/session/KyuubiSessionManager.scala | 15 ++-----
 .../server/api/v1/BatchesResourceSuite.scala  | 42 ++++++++++++++-----
 .../metadata/MetadataManagerSuite.scala       |  4 +-
 .../server/rest/client/BatchCliSuite.scala    |  8 ++--
 14 files changed, 80 insertions(+), 54 deletions(-)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala
index 35b4ccacf..10bb99296 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/ControlCliArguments.scala
@@ -112,6 +112,7 @@ class ControlCliArguments(args: Seq[String], env: Map[String, String] = sys.env)
            |  batchType               ${cliConfig.batchOpts.batchType}
            |  batchUser               ${cliConfig.batchOpts.batchUser}
            |  batchState              ${cliConfig.batchOpts.batchState}
+           |  batchName               ${cliConfig.batchOpts.batchName}
            |  createTime              ${cliConfig.batchOpts.createTime}
            |  endTime                 ${cliConfig.batchOpts.endTime}
            |  from                    ${cliConfig.batchOpts.from}
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListBatchCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListBatchCommand.scala
index 4ce1b49b2..db781da38 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListBatchCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListBatchCommand.scala
@@ -46,6 +46,7 @@ class ListBatchCommand(cliConfig: CliConfig) extends Command[GetBatchesResponse]
         batchOpts.batchType,
         batchOpts.batchUser,
         batchOpts.batchState,
+        batchOpts.batchName,
         batchOpts.createTime,
         batchOpts.endTime,
         if (batchOpts.from < 0) 0 else batchOpts.from,
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala
index 38284c595..7818f694a 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala
@@ -66,6 +66,7 @@ case class BatchOpts(
     batchType: String = null,
     batchUser: String = null,
     batchState: String = null,
+    batchName: String = null,
     createTime: Long = 0,
     endTime: Long = 0,
     from: Int = -1,
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CommandLine.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CommandLine.scala
index 478c439a4..271bb06ab 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CommandLine.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CommandLine.scala
@@ -222,6 +222,9 @@ object CommandLine extends CommonCommandLine {
         opt[String]("batchState")
           .action((v, c) => c.copy(batchOpts = c.batchOpts.copy(batchState = v)))
           .text("Batch state."),
+        opt[String]("batchName")
+          .action((v, c) => c.copy(batchOpts = c.batchOpts.copy(batchName = v)))
+          .text("Batch name."),
         opt[String]("createTime")
           .action((v, c) =>
             c.copy(batchOpts = c.batchOpts.copy(createTime =
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliArgumentsSuite.scala
index 1b973c0eb..bd5b2ac45 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/ControlCliArgumentsSuite.scala
@@ -429,6 +429,7 @@ class ControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExit {
          |  --batchType <value>      Batch type.
          |  --batchUser <value>      Batch user.
          |  --batchState <value>     Batch state.
+         |  --batchName <value>      Batch name.
          |  --createTime <value>     Batch create time, should be in yyyyMMddHHmmss format.
          |  --endTime <value>        Batch end time, should be in yyyyMMddHHmmss format.
          |  --from <value>           Specify which record to start from retrieving info.
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
index f5099568b..afcfe77d3 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
@@ -63,10 +63,23 @@ public GetBatchesResponse listBatches(
       Long endTime,
       int from,
       int size) {
+    return listBatches(batchType, batchUser, batchState, null, createTime, endTime, from, size);
+  }
+
+  public GetBatchesResponse listBatches(
+      String batchType,
+      String batchUser,
+      String batchState,
+      String batchName,
+      Long createTime,
+      Long endTime,
+      int from,
+      int size) {
     Map<String, Object> params = new HashMap<>();
     params.put("batchType", batchType);
     params.put("batchUser", batchUser);
     params.put("batchState", batchState);
+    params.put("batchName", batchName);
     if (null != createTime && createTime > 0) {
       params.put("createTime", createTime);
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index ba043f071..e5ac23905 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -45,8 +45,8 @@ import org.apache.kyuubi.operation.{BatchJobSubmission, FetchOrientation, Operat
 import org.apache.kyuubi.server.api.ApiRequestContext
 import org.apache.kyuubi.server.api.v1.BatchesResource._
 import org.apache.kyuubi.server.metadata.MetadataManager
-import org.apache.kyuubi.server.metadata.api.Metadata
-import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle}
+import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
+import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle, SessionType}
 import org.apache.kyuubi.util.JdbcUtils
 
 @Tag(name = "Batch")
@@ -315,6 +315,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       @QueryParam("batchType") batchType: String,
       @QueryParam("batchState") batchState: String,
       @QueryParam("batchUser") batchUser: String,
+      @QueryParam("batchName") batchName: String,
       @QueryParam("createTime") createTime: Long,
       @QueryParam("endTime") endTime: Long,
       @QueryParam("from") from: Int,
@@ -327,15 +328,16 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
         validBatchState(batchState),
         s"The valid batch state can be one of the following: ${VALID_BATCH_STATES.mkString(",")}")
     }
-    val batches =
-      sessionManager.getBatchesFromMetadataStore(
-        batchType,
-        batchUser,
-        batchState,
-        createTime,
-        endTime,
-        from,
-        size)
+
+    val filter = MetadataFilter(
+      sessionType = SessionType.BATCH,
+      engineType = batchType,
+      username = batchUser,
+      state = batchState,
+      requestName = batchName,
+      createTime = createTime,
+      endTime = endTime)
+    val batches = sessionManager.getBatchesFromMetadataStore(filter, from, size)
     new GetBatchesResponse(from, batches.size, batches.asJava)
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
index 17beeb62a..e2648076d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
@@ -133,21 +133,7 @@ class MetadataManager extends AbstractService("MetadataManager") {
       .filter(_.sessionType == SessionType.BATCH)
   }
 
-  def getBatches(
-      batchType: String,
-      batchUser: String,
-      batchState: String,
-      createTime: Long,
-      endTime: Long,
-      from: Int,
-      size: Int): Seq[Batch] = {
-    val filter = MetadataFilter(
-      sessionType = SessionType.BATCH,
-      engineType = batchType,
-      username = batchUser,
-      state = batchState,
-      createTime = createTime,
-      endTime = endTime)
+  def getBatches(filter: MetadataFilter, from: Int, size: Int): Seq[Batch] = {
     withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size, true)).map(
       buildBatch)
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/MetadataFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/MetadataFilter.scala
index 6213f8e64..d4f7f2b63 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/MetadataFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/MetadataFilter.scala
@@ -27,6 +27,7 @@ case class MetadataFilter(
     engineType: String = null,
     username: String = null,
     state: String = null,
+    requestName: String = null,
     kyuubiInstance: String = null,
     createTime: Long = 0L,
     endTime: Long = 0L,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 3f9463bf7..9f0bd6843 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -238,6 +238,10 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       whereConditions += "state = ?"
       params += state.toUpperCase(Locale.ROOT)
     }
+    Option(filter.requestName).filter(_.nonEmpty).foreach { requestName =>
+      whereConditions += "request_name = ?"
+      params += requestName
+    }
     Option(filter.kyuubiInstance).filter(_.nonEmpty).foreach { kyuubiInstance =>
       whereConditions += "kyuubi_instance = ?"
       params += kyuubiInstance
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index d2547bca9..8d63dfbf7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -36,7 +36,7 @@ import org.apache.kyuubi.metrics.MetricsSystem
 import org.apache.kyuubi.operation.{KyuubiOperationManager, OperationState}
 import org.apache.kyuubi.plugin.{GroupProvider, PluginLoader, SessionConfAdvisor}
 import org.apache.kyuubi.server.metadata.{MetadataManager, MetadataRequestsRetryRef}
-import org.apache.kyuubi.server.metadata.api.Metadata
+import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.sql.parser.server.KyuubiParser
 import org.apache.kyuubi.util.{SignUtils, ThreadUtils}
 
@@ -240,17 +240,8 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     metadataManager.flatMap(mm => mm.getBatch(batchId))
   }
 
-  def getBatchesFromMetadataStore(
-      batchType: String,
-      batchUser: String,
-      batchState: String,
-      createTime: Long,
-      endTime: Long,
-      from: Int,
-      size: Int): Seq[Batch] = {
-    metadataManager.map { mm =>
-      mm.getBatches(batchType, batchUser, batchState, createTime, endTime, from, size)
-    }.getOrElse(Seq.empty)
+  def getBatchesFromMetadataStore(filter: MetadataFilter, from: Int, size: Int): Seq[Batch] = {
+    metadataManager.map(_.getBatches(filter, from, size)).getOrElse(Seq.empty)
   }
 
   def getBatchMetadata(batchId: String): Option[Metadata] = {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 8a797f842..b6bc1af52 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -44,7 +44,7 @@ import org.apache.kyuubi.operation.{BatchJobSubmission, OperationState}
 import org.apache.kyuubi.operation.OperationState.OperationState
 import org.apache.kyuubi.server.KyuubiRestFrontendService
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
-import org.apache.kyuubi.server.metadata.api.Metadata
+import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
 import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle, SessionType}
 
@@ -62,10 +62,9 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     sessionManager.allSessions().foreach { session =>
       sessionManager.closeSession(session.handle)
     }
-    sessionManager.getBatchesFromMetadataStore(null, null, null, 0, 0, 0, Int.MaxValue).foreach {
-      batch =>
-        sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
-        sessionManager.cleanupMetadata(batch.getId)
+    sessionManager.getBatchesFromMetadataStore(MetadataFilter(), 0, Int.MaxValue).foreach { batch =>
+      sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
+      sessionManager.cleanupMetadata(batch.getId)
     }
   }
 
@@ -518,11 +517,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     }
 
     assert(sessionManager.getBatchesFromMetadataStore(
-      "SPARK",
-      null,
-      null,
-      0,
-      0,
+      MetadataFilter(engineType = "SPARK"),
       0,
       Int.MaxValue).size == 2)
   }
@@ -711,4 +706,31 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .replaceAll("\\[", "").replaceAll("\\]", "")
     assert(sessionManager.getBatchMetadata(batchId).map(_.state).contains("CANCELED"))
   }
+
+  test("get batch list with batch name filter condition") {
+    val sessionManager = server.frontendServices.head
+      .be.sessionManager.asInstanceOf[KyuubiSessionManager]
+    sessionManager.allSessions().foreach(_.close())
+
+    val uniqueName = UUID.randomUUID().toString
+    sessionManager.openBatchSession(
+      "kyuubi",
+      "kyuubi",
+      InetAddress.getLocalHost.getCanonicalHostName,
+      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
+      newBatchRequest(
+        "spark",
+        sparkBatchTestResource.get,
+        "",
+        uniqueName))
+
+    val response = webTarget.path("api/v1/batches")
+      .queryParam("batchName", uniqueName)
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .get()
+
+    assert(response.getStatus == 200)
+    val getBatchListResponse = response.readEntity(classOf[GetBatchesResponse])
+    assert(getBatchListResponse.getTotal == 1)
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
index 8064b7f1f..aca416dac 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
@@ -28,7 +28,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.metrics.MetricsConstants._
-import org.apache.kyuubi.server.metadata.api.Metadata
+import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.session.SessionType
 
 class MetadataManagerSuite extends KyuubiFunSuite {
@@ -157,7 +157,7 @@ class MetadataManagerSuite extends KyuubiFunSuite {
       metadataManager.start()
       f(metadataManager)
     } finally {
-      metadataManager.getBatches(null, null, null, 0, 0, 0, Int.MaxValue).foreach { batch =>
+      metadataManager.getBatches(MetadataFilter(), 0, Int.MaxValue).foreach { batch =>
         metadataManager.cleanupMetadataById(batch.getId)
       }
       // ensure no metadata request leak
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
index 7cf939910..0c44fc3a8 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
@@ -34,6 +34,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ctl.{CtlConf, TestPrematureExit}
 import org.apache.kyuubi.engine.ApplicationManagerInfo
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
+import org.apache.kyuubi.server.metadata.api.MetadataFilter
 import org.apache.kyuubi.session.KyuubiSessionManager
 
 class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with BatchTestHelper {
@@ -101,10 +102,9 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
     sessionManager.allSessions().foreach { session =>
       sessionManager.closeSession(session.handle)
     }
-    sessionManager.getBatchesFromMetadataStore(null, null, null, 0, 0, 0, Int.MaxValue).foreach {
-      batch =>
-        sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
-        sessionManager.cleanupMetadata(batch.getId)
+    sessionManager.getBatchesFromMetadataStore(MetadataFilter(), 0, Int.MaxValue).foreach { batch =>
+      sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
+      sessionManager.cleanupMetadata(batch.getId)
     }
   }
 

From acb3362e6d716c866041c13c36f4f89a586303db Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 19 Jul 2023 20:20:19 +0800
Subject: [PATCH 509/760] [KYUUBI #5068] Bump Spark in spark-master profile
 from 3.5.0-SNAPSHOT to 4.0.0-SNAPSHOT

### _Why are the changes needed?_

Welcome to Spark 4.0

https://github.com/apache/spark/pull/42048

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5068 from cfmcgrady/spark-4.0.

Closes #5068

42cf63e2d [Fu Chen] bump spark 4.0.0-SNAPSHOT

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 354867090..e3da6a6a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2191,7 +2191,7 @@
         <profile>
             <id>spark-master</id>
             <properties>
-                <spark.version>3.5.0-SNAPSHOT</spark.version>
+                <spark.version>4.0.0-SNAPSHOT</spark.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
             </properties>
             <repositories>

From 959494b2d5f1a20e8470010c3227197e6c76e0e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Jul 2023 10:29:13 +0800
Subject: [PATCH 510/760] [KYUUBI #5070] Bump word-wrap from 1.2.3 to 1.2.4 in
 web UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jonschlinkert/word-wrap/releases">word-wrap's releases</a>.</em></p>
<blockquote>
<h2>1.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove default indent by <a href="https://github.com/mohd-akram"><code>​mohd-akram</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li>
<li>🔒fix: CVE 2023 26115 (2) by <a href="https://github.com/OlafConijn"><code>​OlafConijn</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li>
<li>:lock: fix: CVE-2023-26115 by <a href="https://github.com/aashutoshrathi"><code>​aashutoshrathi</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li>
<li>chore: publish workflow by <a href="https://github.com/OlafConijn"><code>​OlafConijn</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/42">jonschlinkert/word-wrap#42</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mohd-akram"><code>​mohd-akram</code></a> made their first contribution in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li>
<li><a href="https://github.com/OlafConijn"><code>​OlafConijn</code></a> made their first contribution in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li>
<li><a href="https://github.com/aashutoshrathi"><code>​aashutoshrathi</code></a> made their first contribution in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/f64b188c7261d26b99e1e2075d6b12f21798e83a"><code>f64b188</code></a> run verb to generate README</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/03ea08256ba0c8e8b02b1b304f0f5bd2b1863207"><code>03ea082</code></a> Merge pull request <a href="https://redirect.github.com/jonschlinkert/word-wrap/issues/42">#42</a> from jonschlinkert/chore/publish-workflow</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2e"><code>420dce9</code></a> Merge pull request <a href="https://redirect.github.com/jonschlinkert/word-wrap/issues/41">#41</a> from jonschlinkert/fix/CVE-2023-26115-2</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/bfa694edf55bb84ff84512f13da6d68bf7593f06"><code>bfa694e</code></a> Update .github/workflows/publish.yml</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/ace0b3c78f81aaf43040bab3bc91d3c5546d3fd2"><code>ace0b3c</code></a> chore: bump version to 1.2.4</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/6fd727594676f3e1b196b08a320908bec2f4ca02"><code>6fd7275</code></a> chore: add publish workflow</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/30d6daf60fce429f5f559252fa86ee78200652c4"><code>30d6daf</code></a> chore: fix test</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/655929cabea6299dddf3b4a21fc3713fca701b48"><code>655929c</code></a> chore: remove package-lock</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/49e08bbc32a84da5d79e6b7e0fa74ff6217f6d81"><code>49e08bb</code></a> chore: added an additional testcase</li>
<li><a href="https://github.com/jonschlinkert/word-wrap/commit/9f626935f3fac6ec0f3c4b26baea4eb9740d9645"><code>9f62693</code></a> fix: cve 2023-26115</li>
<li>Additional commits viewable in <a href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=word-wrap&package-manager=npm_and_yarn&previous-version=1.2.3&new-version=1.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/kyuubi/network/alerts).

</details>

Closes #5070 from dependabot[bot]/dependabot/npm_and_yarn/kyuubi-server/web-ui/word-wrap-1.2.4.

Closes #5070

6d161e1ee [dependabot[bot]] Bump word-wrap from 1.2.3 to 1.2.4 in /kyuubi-server/web-ui

Authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/package-lock.json | 12 ++++++------
 kyuubi-server/web-ui/pnpm-lock.yaml    |  8 ++++----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index a4c883c18..ed042d6da 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -4457,9 +4457,9 @@
       }
     },
     "node_modules/word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.4.tgz",
+      "integrity": "sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==",
       "dev": true,
       "engines": {
         "node": ">=0.10.0"
@@ -7591,9 +7591,9 @@
       }
     },
     "word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.4.tgz",
+      "integrity": "sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==",
       "dev": true
     },
     "wrappy": {
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 398e51691..920182f01 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -2098,7 +2098,7 @@ packages:
       levn: 0.3.0
       prelude-ls: 1.1.2
       type-check: 0.3.2
-      word-wrap: 1.2.3
+      word-wrap: 1.2.4
     dev: true
 
   /optionator@0.9.1:
@@ -2110,7 +2110,7 @@ packages:
       levn: 0.4.1
       prelude-ls: 1.2.1
       type-check: 0.4.0
-      word-wrap: 1.2.3
+      word-wrap: 1.2.4
     dev: true
 
   /p-limit@3.1.0:
@@ -2868,8 +2868,8 @@ packages:
       stackback: 0.0.2
     dev: true
 
-  /word-wrap@1.2.3:
-    resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==}
+  /word-wrap@1.2.4:
+    resolution: {integrity: sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==}
     engines: {node: '>=0.10.0'}
     dev: true
 

From dbbcf4f4cd680954d33ade6b20087b7f42a0062a Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Thu, 20 Jul 2023 15:37:29 +0800
Subject: [PATCH 511/760] [KYUUBI #5073] Correct the method name in
 SparkSQLLineageParserHelperSuite

### _Why are the changes needed?_

There are some typos in SparkSQLLineageParserHelperSuite, so this pr is to fix these mistakes.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5073 from zhaohehuhu/Improvement-0720.

Closes #5073

b6346369e [hezhao2] correct the method name in SparkSQLLineageParserHelperSuite

Authored-by: hezhao2 <hezhao2@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../SparkSQLLineageParserHelperSuite.scala    | 173 +++++++++---------
 1 file changed, 86 insertions(+), 87 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index 96003f051..ebc4610ee 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -17,7 +17,6 @@
 
 package org.apache.kyuubi.plugin.lineage.helper
 
-import scala.collection.immutable.List
 import scala.reflect.io.File
 
 import org.apache.spark.SparkConf
@@ -75,7 +74,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     withView("alterviewascommand", "alterviewascommand1") { _ =>
       spark.sql("create view alterviewascommand as select key from test_db0.test_table0")
       val ret0 =
-        exectractLineage("alter view alterviewascommand as select key from test_db0.test_table0")
+        extractLineage("alter view alterviewascommand as select key from test_db0.test_table0")
       assert(ret0 == Lineage(
         List("test_db0.test_table0"),
         List("default.alterviewascommand"),
@@ -83,7 +82,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
       spark.sql("create view alterviewascommand1 as select * from test_db0.test_table0")
       val ret1 =
-        exectractLineage("alter view alterviewascommand1 as select * from test_db0.test_table0")
+        extractLineage("alter view alterviewascommand1 as select * from test_db0.test_table0")
 
       assert(ret1 == Lineage(
         List("test_db0.test_table0"),
@@ -102,7 +101,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
     ddls.split("\n").filter(_.nonEmpty).foreach(spark.sql(_).collect())
     withView("test_view") { _ =>
-      val result = exectractLineage(
+      val result = extractLineage(
         "create view test_view(a, b, c) as" +
           " select col1 as a, col2 as b, col3 as c from v2_catalog.db.tbb")
       assert(result == Lineage(
@@ -123,7 +122,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     ddls.split("\n").filter(_.nonEmpty).foreach(spark.sql(_).collect())
     withTable("v2_catalog.db.tb0") { _ =>
       val ret0 =
-        exectractLineage(
+        extractLineage(
           s"insert into table v2_catalog.db.tb0 " +
             s"select key as col1, value as col2 from test_db0.test_table0")
       assert(ret0 == Lineage(
@@ -134,7 +133,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("v2_catalog.db.tb0.col2", Set("test_db0.test_table0.value")))))
 
       val ret1 =
-        exectractLineage(
+        extractLineage(
           s"insert overwrite table v2_catalog.db.tb0 partition(col2) " +
             s"select key as col1, value as col2 from test_db0.test_table0")
       assert(ret1 == Lineage(
@@ -145,7 +144,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("v2_catalog.db.tb0.col2", Set("test_db0.test_table0.value")))))
 
       val ret2 =
-        exectractLineage(
+        extractLineage(
           s"insert overwrite table v2_catalog.db.tb0 partition(col2 = 'bb') " +
             s"select key as col1 from test_db0.test_table0")
       assert(ret2 == Lineage(
@@ -166,7 +165,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         |""".stripMargin
     ddls.split("\n").filter(_.nonEmpty).foreach(spark.sql(_).collect())
     withTable("v2_catalog.db.target_t", "v2_catalog.db.source_t") { _ =>
-      val ret0 = exectractLineageWithoutExecuting("MERGE INTO v2_catalog.db.target_t AS target " +
+      val ret0 = extractLineageWithoutExecuting("MERGE INTO v2_catalog.db.target_t AS target " +
         "USING v2_catalog.db.source_t AS source " +
         "ON target.id = source.id " +
         "WHEN MATCHED THEN " +
@@ -181,7 +180,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("v2_catalog.db.target_t.name", Set("v2_catalog.db.source_t.name")),
           ("v2_catalog.db.target_t.price", Set("v2_catalog.db.source_t.price")))))
 
-      val ret1 = exectractLineageWithoutExecuting("MERGE INTO v2_catalog.db.target_t AS target " +
+      val ret1 = extractLineageWithoutExecuting("MERGE INTO v2_catalog.db.target_t AS target " +
         "USING v2_catalog.db.source_t AS source " +
         "ON target.id = source.id " +
         "WHEN MATCHED THEN " +
@@ -196,7 +195,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("v2_catalog.db.target_t.name", Set("v2_catalog.db.source_t.name")),
           ("v2_catalog.db.target_t.price", Set("v2_catalog.db.source_t.price")))))
 
-      val ret2 = exectractLineageWithoutExecuting("MERGE INTO v2_catalog.db.target_t AS target " +
+      val ret2 = extractLineageWithoutExecuting("MERGE INTO v2_catalog.db.target_t AS target " +
         "USING (select a.id, a.name, b.price " +
         "from v2_catalog.db.source_t a join v2_catalog.db.pivot_t b) AS source " +
         "ON target.id = source.id " +
@@ -218,7 +217,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
   test("columns lineage extract - CreateViewCommand") {
     withView("createviewcommand", "createviewcommand1", "createviewcommand2") { _ =>
-      val ret0 = exectractLineage(
+      val ret0 = extractLineage(
         "create view createviewcommand(a, b) as select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
         List("test_db0.test_table0"),
@@ -227,7 +226,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.createviewcommand.a", Set("test_db0.test_table0.key")),
           ("default.createviewcommand.b", Set("test_db0.test_table0.value")))))
 
-      val ret1 = exectractLineage(
+      val ret1 = extractLineage(
         "create view createviewcommand1 as select key, value from test_db0.test_table0")
       assert(ret1 == Lineage(
         List("test_db0.test_table0"),
@@ -236,7 +235,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.createviewcommand1.key", Set("test_db0.test_table0.key")),
           ("default.createviewcommand1.value", Set("test_db0.test_table0.value")))))
 
-      val ret2 = exectractLineage(
+      val ret2 = extractLineage(
         "create view createviewcommand2 as select * from test_db0.test_table0")
       assert(ret2 == Lineage(
         List("test_db0.test_table0"),
@@ -251,7 +250,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     withTable("createdatasourcetableasselectcommand", "createdatasourcetableasselectcommand1") {
       _ =>
         val ret0 =
-          exectractLineage("create table createdatasourcetableasselectcommand using parquet" +
+          extractLineage("create table createdatasourcetableasselectcommand using parquet" +
             " AS SELECT key, value FROM test_db0.test_table0")
         assert(ret0 == Lineage(
           List("test_db0.test_table0"),
@@ -263,7 +262,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
               Set("test_db0.test_table0.value")))))
 
         val ret1 =
-          exectractLineage("create table createdatasourcetableasselectcommand1 using parquet" +
+          extractLineage("create table createdatasourcetableasselectcommand1 using parquet" +
             " AS SELECT * FROM test_db0.test_table0")
         assert(ret1 == Lineage(
           List("test_db0.test_table0"),
@@ -278,7 +277,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
   test("columns lineage extract - CreateHiveTableAsSelectCommand") {
     withTable("createhivetableasselectcommand", "createhivetableasselectcommand1") { _ =>
-      val ret0 = exectractLineage("create table createhivetableasselectcommand using hive" +
+      val ret0 = extractLineage("create table createhivetableasselectcommand using hive" +
         " as select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
         List("test_db0.test_table0"),
@@ -287,7 +286,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.createhivetableasselectcommand.key", Set("test_db0.test_table0.key")),
           ("default.createhivetableasselectcommand.value", Set("test_db0.test_table0.value")))))
 
-      val ret1 = exectractLineage("create table createhivetableasselectcommand1 using hive" +
+      val ret1 = extractLineage("create table createhivetableasselectcommand1 using hive" +
         " as select * from test_db0.test_table0")
       assert(ret1 == Lineage(
         List("test_db0.test_table0"),
@@ -301,7 +300,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   test("columns lineage extract - OptimizedCreateHiveTableAsSelectCommand") {
     withTable("optimizedcreatehivetableasselectcommand") { _ =>
       val ret =
-        exectractLineage(
+        extractLineage(
           "create table optimizedcreatehivetableasselectcommand stored as parquet " +
             "as select * from test_db0.test_table0")
       assert(ret == Lineage(
@@ -319,7 +318,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     withTable(
       "v2_catalog.db.createhivetableasselectcommand",
       "v2_catalog.db.createhivetableasselectcommand1") { _ =>
-      val ret0 = exectractLineage("create table v2_catalog.db.createhivetableasselectcommand" +
+      val ret0 = extractLineage("create table v2_catalog.db.createhivetableasselectcommand" +
         " as select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
         List("test_db0.test_table0"),
@@ -330,7 +329,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
             "v2_catalog.db.createhivetableasselectcommand.value",
             Set("test_db0.test_table0.value")))))
 
-      val ret1 = exectractLineage("create table v2_catalog.db.createhivetableasselectcommand1" +
+      val ret1 = extractLineage("create table v2_catalog.db.createhivetableasselectcommand1" +
         " as select * from test_db0.test_table0")
       assert(ret1 == Lineage(
         List("test_db0.test_table0"),
@@ -364,7 +363,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       spark.sessionState.catalog.createTable(newTable, ignoreIfExists = false)
 
       val ret0 =
-        exectractLineage(
+        extractLineage(
           s"insert into table  $tableName select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
         List("test_db0.test_table0"),
@@ -374,7 +373,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.insertintodatasourcecommand.b", Set("test_db0.test_table0.value")))))
 
       val ret1 =
-        exectractLineage(
+        extractLineage(
           s"insert into table  $tableName select * from test_db0.test_table0")
       assert(ret1 == Lineage(
         List("test_db0.test_table0"),
@@ -384,7 +383,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.insertintodatasourcecommand.b", Set("test_db0.test_table0.value")))))
 
       val ret2 =
-        exectractLineage(
+        extractLineage(
           s"insert into table  $tableName " +
             s"select (select key from test_db0.test_table1 limit 1) + 1 as aa, " +
             s"value as bb from test_db0.test_table0")
@@ -403,7 +402,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     withTable(tableName) { _ =>
       spark.sql(s"CREATE TABLE $tableName (a int, b string) USING parquet")
       val ret0 =
-        exectractLineage(
+        extractLineage(
           s"insert into table $tableName select key, value from test_db0.test_table0")
 
       assert(ret0 == Lineage(
@@ -419,10 +418,10 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   test("columns lineage extract - InsertIntoDatasourceDirCommand") {
     val tableDirectory = getClass.getResource("/").getPath + "table_directory"
     val directory = File(tableDirectory).createDirectory()
-    val ret0 = exectractLineage(s"""
-                                   |INSERT OVERWRITE DIRECTORY '$directory.path'
-                                   |USING parquet
-                                   |SELECT * FROM test_db0.test_table_part0""".stripMargin)
+    val ret0 = extractLineage(s"""
+                                 |INSERT OVERWRITE DIRECTORY '$directory.path'
+                                 |USING parquet
+                                 |SELECT * FROM test_db0.test_table_part0""".stripMargin)
     assert(ret0 == Lineage(
       List("test_db0.test_table_part0"),
       List(s"""`$directory.path`"""),
@@ -435,10 +434,10 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   test("columns lineage extract - InsertIntoHiveDirCommand") {
     val tableDirectory = getClass.getResource("/").getPath + "table_directory"
     val directory = File(tableDirectory).createDirectory()
-    val ret0 = exectractLineage(s"""
-                                   |INSERT OVERWRITE DIRECTORY '$directory.path'
-                                   |USING parquet
-                                   |SELECT * FROM test_db0.test_table_part0""".stripMargin)
+    val ret0 = extractLineage(s"""
+                                 |INSERT OVERWRITE DIRECTORY '$directory.path'
+                                 |USING parquet
+                                 |SELECT * FROM test_db0.test_table_part0""".stripMargin)
     assert(ret0 == Lineage(
       List("test_db0.test_table_part0"),
       List(s"""`$directory.path`"""),
@@ -453,7 +452,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     withTable(tableName) { _ =>
       spark.sql(s"CREATE TABLE $tableName (a int, b string) USING hive")
       val ret0 =
-        exectractLineage(
+        extractLineage(
           s"insert into table $tableName select * from test_db0.test_table0")
 
       assert(ret0 == Lineage(
@@ -467,7 +466,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   }
 
   test("columns lineage extract - logical relation sql") {
-    val ret0 = exectractLineage("select key, value from test_db0.test_table0")
+    val ret0 = extractLineage("select key, value from test_db0.test_table0")
     assert(ret0 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -475,7 +474,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("key", Set("test_db0.test_table0.key")),
         ("value", Set("test_db0.test_table0.value")))))
 
-    val ret1 = exectractLineage("select * from test_db0.test_table_part0")
+    val ret1 = extractLineage("select * from test_db0.test_table_part0")
     assert(ret1 == Lineage(
       List("test_db0.test_table_part0"),
       List(),
@@ -487,7 +486,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   }
 
   test("columns lineage extract - not generate lineage sql") {
-    val ret0 = exectractLineage("create table test_table1(a string, b string, c string)")
+    val ret0 = extractLineage("create table test_table1(a string, b string, c string)")
     assert(ret0 == Lineage(List[String](), List[String](), List[(String, Set[String])]()))
   }
 
@@ -500,14 +499,14 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     ddls.split("\n").filter(_.nonEmpty).foreach(spark.sql(_).collect())
     withTable("v2_catalog.db.tb") { _ =>
       val sql0 = "select col1 from v2_catalog.db.tb"
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List("v2_catalog.db.tb"),
         List(),
         List("col1" -> Set("v2_catalog.db.tb.col1"))))
 
       val sql1 = "select col1, hash(hash(col1)) as col2 from v2_catalog.db.tb"
-      val ret1 = exectractLineage(sql1)
+      val ret1 = extractLineage(sql1)
       assert(ret1 == Lineage(
         List("v2_catalog.db.tb"),
         List(),
@@ -515,7 +514,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
       val sql2 =
         "select col1, case col1 when '1' then 's1' else col1 end col2 from v2_catalog.db.tb"
-      val ret2 = exectractLineage(sql2)
+      val ret2 = extractLineage(sql2)
       assert(ret2 == Lineage(
         List("v2_catalog.db.tb"),
         List(),
@@ -524,7 +523,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val sql3 =
         "select col1 as col2, 'col2' as col2, 'col2', first(col3) as col2 " +
           "from v2_catalog.db.tb group by col1"
-      val ret3 = exectractLineage(sql3)
+      val ret3 = extractLineage(sql3)
       assert(ret3 == Lineage(
         List("v2_catalog.db.tb"),
         List[String](),
@@ -537,7 +536,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val sql4 =
         "select col1 as col2, sum(hash(col1) + hash(hash(col1))) " +
           "from v2_catalog.db.tb group by col1"
-      val ret4 = exectractLineage(sql4)
+      val ret4 = extractLineage(sql4)
       assert(ret4 == Lineage(
         List("v2_catalog.db.tb"),
         List(),
@@ -553,7 +552,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
            |  on t1.col2 = t2.col3
            |  group by 1
            |""".stripMargin
-      val ret5 = exectractLineage(sql5)
+      val ret5 = extractLineage(sql5)
       assert(ret5 == Lineage(
         List("v2_catalog.db.tb"),
         List(),
@@ -596,9 +595,9 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           "cnt" -> Set("default.tmp1.tmp1_0"),
           "tmp1_1" -> Set("default.tmp1.tmp1_1")))
 
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == sql0ExpectResult)
-      val ret1 = exectractLineage(sql1)
+      val ret1 = extractLineage(sql1)
       assert(ret1 == sql1ExpectResult)
     }
   }
@@ -658,7 +657,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |FROM goods_cat_new
           |LIMIT 10""".stripMargin
 
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List(
           "test_db.goods_detail0",
@@ -692,7 +691,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |on t1.col1 = t2.col1
           |""".stripMargin
 
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(
         ret0 == Lineage(
           List("v2_catalog.db.tb1", "v2_catalog.db.tb2"),
@@ -727,7 +726,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |select a, b, c as c from test_db.test_table1
           |) a
           |""".stripMargin
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List("test_db.test_table0", "test_db.test_table1"),
         List(),
@@ -768,7 +767,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |GROUP BY
           |stat_date, channel_id, sub_channel_id, user_type, country_name
           |""".stripMargin
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List("test_db.test_order_item"),
         List(),
@@ -806,7 +805,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |) a
           |GROUP BY a.channel_id, a.sub_channel_id, a.country_name
           |""".stripMargin
-      val ret1 = exectractLineage(sql1)
+      val ret1 = extractLineage(sql1)
       assert(ret1 == Lineage(
         List("test_db.test_order_item", "test_db.test_p0_order_item"),
         List(),
@@ -832,7 +831,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
   test("columns lineage extract - agg sql") {
     val sql0 = """select key as a, count(*) as b, 1 as c from test_db0.test_table0 group by key"""
-    val ret0 = exectractLineage(sql0)
+    val ret0 = extractLineage(sql0)
     assert(ret0 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -842,7 +841,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("c", Set()))))
 
     val sql1 = """select count(*) as a, 1 as b from test_db0.test_table0"""
-    val ret1 = exectractLineage(sql1)
+    val ret1 = extractLineage(sql1)
     assert(ret1 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -851,7 +850,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("b", Set()))))
 
     val sql2 = """select every(key == 1) as a, 1 as b from test_db0.test_table0"""
-    val ret2 = exectractLineage(sql2)
+    val ret2 = extractLineage(sql2)
     assert(ret2 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -860,7 +859,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("b", Set()))))
 
     val sql3 = """select count(*) as a, 1 as b from test_db0.test_table0"""
-    val ret3 = exectractLineage(sql3)
+    val ret3 = extractLineage(sql3)
     assert(ret3 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -869,7 +868,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("b", Set()))))
 
     val sql4 = """select first(key) as a, 1 as b from test_db0.test_table0"""
-    val ret4 = exectractLineage(sql4)
+    val ret4 = extractLineage(sql4)
     assert(ret4 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -878,7 +877,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("b", Set()))))
 
     val sql5 = """select avg(key) as a, 1 as b from test_db0.test_table0"""
-    val ret5 = exectractLineage(sql5)
+    val ret5 = extractLineage(sql5)
     assert(ret5 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -889,7 +888,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     val sql6 =
       """select count(value) + sum(key) as a,
         | 1 as b from test_db0.test_table0""".stripMargin
-    val ret6 = exectractLineage(sql6)
+    val ret6 = extractLineage(sql6)
     assert(ret6 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -898,7 +897,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         ("b", Set()))))
 
     val sql7 = """select count(*) + sum(key) as a, 1 as b from test_db0.test_table0"""
-    val ret7 = exectractLineage(sql7)
+    val ret7 = extractLineage(sql7)
     assert(ret7 == Lineage(
       List("test_db0.test_table0"),
       List(),
@@ -921,7 +920,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select b.a as aa, t0_cached.b0 as bb from t0_cached join table1 b on b.a = t0_cached.a0
           |""".stripMargin
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List("default.table1", "default.table0"),
         List(),
@@ -956,7 +955,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select a as aa, bb, cc from (select b as bb, c as cc from table1) t0, table0
           |""".stripMargin
-      val ret0 = exectractLineage(sql0)
+      val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List("default.table0", "default.table1"),
         List(),
@@ -969,7 +968,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select (select a from table1) as aa, b as bb from table1
           |""".stripMargin
-      val ret1 = exectractLineage(sql1)
+      val ret1 = extractLineage(sql1)
       assert(ret1 == Lineage(
         List("default.table1"),
         List(),
@@ -981,7 +980,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select (select count(*) from table0) as aa, b as bb from table1
           |""".stripMargin
-      val ret2 = exectractLineage(sql2)
+      val ret2 = extractLineage(sql2)
       assert(ret2 == Lineage(
         List("default.table0", "default.table1"),
         List(),
@@ -994,7 +993,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select * from table0 where table0.a in (select a from table1)
           |""".stripMargin
-      val ret3 = exectractLineage(sql3)
+      val ret3 = extractLineage(sql3)
       assert(ret3 == Lineage(
         List("default.table0"),
         List(),
@@ -1008,7 +1007,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select * from table0 where exists (select * from table1 where table0.c = table1.c)
           |""".stripMargin
-      val ret4 = exectractLineage(sql4)
+      val ret4 = extractLineage(sql4)
       assert(ret4 == Lineage(
         List("default.table0"),
         List(),
@@ -1021,7 +1020,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select * from table0 where exists (select * from table1 where c = "odone")
           |""".stripMargin
-      val ret5 = exectractLineage(sql5)
+      val ret5 = extractLineage(sql5)
       assert(ret5 == Lineage(
         List("default.table0"),
         List(),
@@ -1034,7 +1033,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select * from table0 where not exists (select * from table1 where c = "odone")
           |""".stripMargin
-      val ret6 = exectractLineage(sql6)
+      val ret6 = extractLineage(sql6)
       assert(ret6 == Lineage(
         List("default.table0"),
         List(),
@@ -1047,7 +1046,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select * from table0 where table0.a not in (select a from table1)
           |""".stripMargin
-      val ret7 = exectractLineage(sql7)
+      val ret7 = extractLineage(sql7)
       assert(ret7 == Lineage(
         List("default.table0"),
         List(),
@@ -1060,7 +1059,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select (select a from table1) + 1, b as bb from table1
           |""".stripMargin
-      val ret8 = exectractLineage(sql8)
+      val ret8 = extractLineage(sql8)
       assert(ret8 == Lineage(
         List("default.table1"),
         List(),
@@ -1072,7 +1071,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         """
           |select (select a from table1 limit 1) + 1 as aa, b as bb from table1
           |""".stripMargin
-      val ret9 = exectractLineage(sql9)
+      val ret9 = extractLineage(sql9)
       assert(ret9 == Lineage(
         List("default.table1"),
         List(),
@@ -1085,7 +1084,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |select (select a from table1 limit 1) + (select a from table0 limit 1) + 1 as aa,
           | b as bb from table1
           |""".stripMargin
-      val ret10 = exectractLineage(sql10)
+      val ret10 = extractLineage(sql10)
       assert(ret10 == Lineage(
         List("default.table1", "default.table0"),
         List(),
@@ -1098,7 +1097,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |select tmp.a, b from (select * from table1) tmp;
           |""".stripMargin
 
-      val ret11 = exectractLineage(sql11)
+      val ret11 = extractLineage(sql11)
       assert(ret11 == Lineage(
         List("default.table1"),
         List(),
@@ -1115,7 +1114,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       spark.sql("CREATE TABLE v2_catalog.db.t1 (a string, b string, c string)")
       spark.sql("CREATE TABLE v2_catalog.db.t2 (a string, b string, c string)")
       val ret0 =
-        exectractLineage(
+        extractLineage(
           s"insert into table t1 select a," +
             s"concat_ws('/', collect_set(b))," +
             s"count(distinct(b)) * count(distinct(c))" +
@@ -1129,7 +1128,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.t1.c", Set("default.t2.b", "default.t2.c")))))
 
       val ret1 =
-        exectractLineage(
+        extractLineage(
           s"insert into table v2_catalog.db.t1 select a," +
             s"concat_ws('/', collect_set(b))," +
             s"count(distinct(b)) * count(distinct(c))" +
@@ -1143,7 +1142,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("v2_catalog.db.t1.c", Set("v2_catalog.db.t2.b", "v2_catalog.db.t2.c")))))
 
       val ret2 =
-        exectractLineage(
+        extractLineage(
           s"insert into table v2_catalog.db.t1 select a," +
             s"count(distinct(b+c))," +
             s"count(distinct(b)) * count(distinct(c))" +
@@ -1163,7 +1162,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
       spark.sql("CREATE TABLE t2 (a string, b string, c string, d string) USING hive")
       val ret0 =
-        exectractLineage(
+        extractLineage(
           s"insert into table t1 select a,b,GROUPING__ID " +
             s"from t2 group by a,b,c,d grouping sets ((a,b,c), (a,b,d))")
       assert(ret0 == Lineage(
@@ -1185,7 +1184,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         s"cache table c1 select * from (" +
           s"select a, b, row_number() over (partition by a order by b asc ) rank from t2)" +
           s" where rank=1")
-      val ret0 = exectractLineage("insert overwrite table t1 select a, b from c1")
+      val ret0 = extractLineage("insert overwrite table t1 select a, b from c1")
       assert(ret0 == Lineage(
         List("default.t2"),
         List("default.t1"),
@@ -1193,7 +1192,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.t1.a", Set("default.t2.a")),
           ("default.t1.b", Set("default.t2.b")))))
 
-      val ret1 = exectractLineage("insert overwrite table t1 select a, rank from c1")
+      val ret1 = extractLineage("insert overwrite table t1 select a, rank from c1")
       assert(ret1 == Lineage(
         List("default.t2"),
         List("default.t1"),
@@ -1205,7 +1204,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         s"cache table c2 select * from (" +
           s"select b, a, row_number() over (partition by a order by b asc ) rank from t2)" +
           s" where rank=1")
-      val ret2 = exectractLineage("insert overwrite table t1 select a, b from c2")
+      val ret2 = extractLineage("insert overwrite table t1 select a, b from c2")
       assert(ret2 == Lineage(
         List("default.t2"),
         List("default.t1"),
@@ -1217,7 +1216,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         s"cache table c3 select * from (" +
           s"select a as aa, b as bb, row_number() over (partition by a order by b asc ) rank" +
           s" from t2) where rank=1")
-      val ret3 = exectractLineage("insert overwrite table t1 select aa, bb from c3")
+      val ret3 = extractLineage("insert overwrite table t1 select aa, bb from c3")
       assert(ret3 == Lineage(
         List("default.t2"),
         List("default.t1"),
@@ -1231,7 +1230,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     withTable("t1", "t2") { _ =>
       spark.sql("CREATE TABLE t1 (a string, b string, c string) USING hive")
       spark.sql("CREATE TABLE t2 (a string, b string, c string) USING hive")
-      val ret0 = exectractLineage("insert into t1 select 1,2,(select count(distinct" +
+      val ret0 = extractLineage("insert into t1 select 1,2,(select count(distinct" +
         " ifnull(get_json_object(a, '$.b.imei'), get_json_object(a, '$.b.android_id'))) from t2)")
 
       assert(ret0 == Lineage(
@@ -1250,7 +1249,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       withView("t2") { _ =>
         spark.sql("CREATE VIEW t2 as select * from t1")
         val ret0 =
-          exectractLineage(
+          extractLineage(
             s"create or replace view view_tst comment 'view'" +
               s" as select a as k,b" +
               s" from t2" +
@@ -1272,7 +1271,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       withView("t2") { _ =>
         spark.sql("CREATE VIEW t2 as select * from t1")
         val ret0 =
-          exectractLineage(
+          extractLineage(
             s"select a as k, b" +
               s" from t2" +
               s" where a in ('HELLO') and c = 'HELLO'")
@@ -1291,7 +1290,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       spark.sql("CREATE TABLE t1 (a string, b string) USING hive")
       spark.sql("CREATE TABLE t2 (a string, b string) USING hive")
       spark.sql("CREATE TABLE t3 (a string, b string) USING hive")
-      val ret0 = exectractLineage("from (select a,b from t1)" +
+      val ret0 = extractLineage("from (select a,b from t1)" +
         " insert overwrite table t2 select a,b where a=1" +
         " insert overwrite table t3 select a,b where b=1")
       assert(ret0 == Lineage(
@@ -1310,7 +1309,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       spark.sql("CREATE TABLE t1 (a string, b string, c string, d string) USING hive")
       spark.sql("CREATE TABLE t2 (a string, b string, c string, d string) USING hive")
 
-      val ret0 = exectractLineage("insert into t1 select 1, t2.b, cc.action, t2.d " +
+      val ret0 = extractLineage("insert into t1 select 1, t2.b, cc.action, t2.d " +
         "from t2 lateral view explode(split(c,'\\},\\{')) cc as action")
       assert(ret0 == Lineage(
         List("default.t2"),
@@ -1321,7 +1320,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.t1.c", Set("default.t2.c")),
           ("default.t1.d", Set("default.t2.d")))))
 
-      val ret1 = exectractLineage("insert into t1 select 1, t2.b, cc.action0, dd.action1 " +
+      val ret1 = extractLineage("insert into t1 select 1, t2.b, cc.action0, dd.action1 " +
         "from t2 " +
         "lateral view explode(split(c,'\\},\\{')) cc as action0 " +
         "lateral view explode(split(d,'\\},\\{')) dd as action1")
@@ -1334,7 +1333,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           ("default.t1.c", Set("default.t2.c")),
           ("default.t1.d", Set("default.t2.d")))))
 
-      val ret2 = exectractLineage("insert into t1 select 1, t2.b, dd.pos, dd.action1 " +
+      val ret2 = extractLineage("insert into t1 select 1, t2.b, dd.pos, dd.action1 " +
         "from t2 " +
         "lateral view posexplode(split(d,'\\},\\{')) dd as pos, action1")
       assert(ret2 == Lineage(
@@ -1348,14 +1347,14 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     }
   }
 
-  private def exectractLineageWithoutExecuting(sql: String): Lineage = {
+  private def extractLineageWithoutExecuting(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val analyzed = spark.sessionState.analyzer.execute(parsed)
     spark.sessionState.analyzer.checkAnalysis(analyzed)
     SparkSQLLineageParseHelper(spark).transformToLineage(0, analyzed).get
   }
 
-  private def exectractLineage(sql: String): Lineage = {
+  private def extractLineage(sql: String): Lineage = {
     val parsed = spark.sessionState.sqlParser.parsePlan(sql)
     val qe = spark.sessionState.executePlan(parsed)
     val analyzed = qe.analyzed

From ea099271ded4147283bed4671dba6276c37525e7 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 20 Jul 2023 17:02:24 +0800
Subject: [PATCH 512/760] [KYUUBI #5072] [TEST] Fix
 KyuubiOperationWithEngineSecuritySuite and related issues

### _Why are the changes needed?_

Currently, the `KyuubiOperationWithEngineSecuritySuite` is not valid, because

1. `InternalSecurityAccessor` is a singleton, only the first initialized one takes effect, which means if we change the testing orders, some tests may fail.
2. `discoveryClient.startSecretNode` calls `PersistentNode#start` underlying, which is async, we should call `waitForInitialCreate` to ensure it is created before running the test. Base on my analysis, it may take 30s for waiting. (mtime-ctime)
   ```
   [zk: 10.221.106.196:55408(CONNECTED) 2] get /SECRET
   _ENGINE_SECRET_
   cZxid = 0x5
   ctime = Wed Jul 19 23:01:57 CST 2023
   mZxid = 0x7
   mtime = Wed Jul 19 23:02:17 CST 2023
   pZxid = 0x5
   cversion = 0
   dataVersion = 1
   aclVersion = 0
   ephemeralOwner = 0x0
   dataLength = 15
   numChildren = 0
   ```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5072 from pan3793/security.

Closes #5072

69cce2935 [Cheng Pan] fix
2d623555c [Cheng Pan] fix
74eb2cb18 [Cheng Pan] fix
6d8f4ce4e [Cheng Pan] KyuubiOperationWithEngineSecurity

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../authentication/InternalSecurityAccessor.scala |  7 +++++++
 .../scala/org/apache/kyuubi/KyuubiFunSuite.scala  |  2 ++
 .../apache/kyuubi/operation/JDBCTestHelper.scala  |  1 +
 .../zookeeper/ZookeeperDiscoveryClient.scala      |  4 ++++
 ... KyuubiOperationWithEngineSecuritySuite.scala} | 15 +++++++++------
 .../operation/KyuubiRestAuthenticationSuite.scala | 10 +++++++++-
 .../server/api/v1/BatchesResourceSuite.scala      |  7 ++++++-
 7 files changed, 38 insertions(+), 8 deletions(-)
 rename kyuubi-server/src/test/scala/org/apache/kyuubi/operation/{KyuubiOperationWithEngineSecurity.scala => KyuubiOperationWithEngineSecuritySuite.scala} (80%)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessor.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessor.scala
index 62680e6a6..afc1dde1f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessor.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/InternalSecurityAccessor.scala
@@ -20,6 +20,8 @@ package org.apache.kyuubi.service.authentication
 import javax.crypto.Cipher
 import javax.crypto.spec.{IvParameterSpec, SecretKeySpec}
 
+import org.apache.hadoop.classification.VisibleForTesting
+
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
@@ -121,4 +123,9 @@ object InternalSecurityAccessor extends Logging {
   def get(): InternalSecurityAccessor = {
     _engineSecurityAccessor
   }
+
+  @VisibleForTesting
+  def reset(): Unit = {
+    _engineSecurityAccessor = null
+  }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala
index 2789d7f89..8d0a14c16 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/KyuubiFunSuite.scala
@@ -30,6 +30,7 @@ import org.scalatest.funsuite.AnyFunSuite
 import org.slf4j.bridge.SLF4JBridgeHandler
 
 import org.apache.kyuubi.config.internal.Tests.IS_TESTING
+import org.apache.kyuubi.service.authentication.InternalSecurityAccessor
 
 trait KyuubiFunSuite extends AnyFunSuite
   with BeforeAndAfterAll
@@ -46,6 +47,7 @@ trait KyuubiFunSuite extends AnyFunSuite
   override def beforeAll(): Unit = {
     System.setProperty(IS_TESTING.key, "true")
     doThreadPreAudit()
+    InternalSecurityAccessor.reset()
     super.beforeAll()
   }
 
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala
index 97330837d..e7802f2fe 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/JDBCTestHelper.scala
@@ -53,6 +53,7 @@ trait JDBCTestHelper extends KyuubiFunSuite {
 
   def withMultipleConnectionJdbcStatement(
       tableNames: String*)(fs: (Statement => Unit)*): Unit = {
+    info(s"Create JDBC connection using: $jdbcUrlWithConf")
     val connections = fs.map { _ => DriverManager.getConnection(jdbcUrlWithConf, user, password) }
     val statements = connections.map(_.createStatement())
 
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
index 33aa5149d..0127f2df1 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
@@ -305,6 +305,10 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
       basePath,
       initData.getBytes(StandardCharsets.UTF_8))
     secretNode.start()
+    val znodeTimeout = conf.get(HA_ZK_NODE_TIMEOUT)
+    if (!secretNode.waitForInitialCreate(znodeTimeout, TimeUnit.MILLISECONDS)) {
+      throw new KyuubiException(s"Max znode creation wait time $znodeTimeout s exhausted")
+    }
   }
 
   override def getAndIncrement(path: String, delta: Int = 1): Int = {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationWithEngineSecurity.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationWithEngineSecuritySuite.scala
similarity index 80%
rename from kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationWithEngineSecurity.scala
rename to kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationWithEngineSecuritySuite.scala
index 63369f4b2..da6367bc4 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationWithEngineSecurity.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationWithEngineSecuritySuite.scala
@@ -17,25 +17,26 @@
 
 package org.apache.kyuubi.operation
 
+import java.nio.charset.StandardCharsets
+
 import org.apache.kyuubi.WithKyuubiServer
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider
-import org.apache.kyuubi.service.authentication.{InternalSecurityAccessor, ZooKeeperEngineSecuritySecretProviderImpl}
+import org.apache.kyuubi.service.authentication.InternalSecurityAccessor
 
-class KyuubiOperationWithEngineSecurity extends WithKyuubiServer with HiveJDBCTestHelper {
+class KyuubiOperationWithEngineSecuritySuite extends WithKyuubiServer with HiveJDBCTestHelper {
   import DiscoveryClientProvider._
 
   override protected def jdbcUrl: String = getJdbcUrl
 
   private val engineSecretNode = "/SECRET"
+  private val engineSecret = "_ENGINE_SECRET_"
 
   override protected val conf: KyuubiConf = {
     KyuubiConf()
       .set(KyuubiConf.ENGINE_SECURITY_ENABLED, false)
-      .set(
-        KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER,
-        classOf[ZooKeeperEngineSecuritySecretProviderImpl].getCanonicalName)
+      .set(KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER, "zookeeper")
       .set(HighAvailabilityConf.HA_ZK_ENGINE_SECURE_SECRET_NODE, engineSecretNode)
   }
 
@@ -43,7 +44,9 @@ class KyuubiOperationWithEngineSecurity extends WithKyuubiServer with HiveJDBCTe
     super.beforeAll()
     withDiscoveryClient(conf) { discoveryClient =>
       discoveryClient.create(engineSecretNode, "PERSISTENT", false)
-      discoveryClient.startSecretNode("PERSISTENT", engineSecretNode, "_ENGINE_SECRET_")
+      discoveryClient.startSecretNode("PERSISTENT", engineSecretNode, engineSecret)
+      val expected = engineSecret.getBytes(StandardCharsets.UTF_8)
+      assert(discoveryClient.getData(engineSecretNode) === expected)
     }
 
     conf.set(KyuubiConf.ENGINE_SECURITY_ENABLED, true)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
index 61de82251..089b756f5 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiRestAuthenticationSuite.scala
@@ -37,12 +37,20 @@ import org.apache.kyuubi.session.KyuubiSession
 class KyuubiRestAuthenticationSuite extends RestClientTestHelper {
 
   override protected val otherConfigs: Map[String, String] = {
-    // allow to impersonate other users with spnego authentication
     Map(
+      KyuubiConf.ENGINE_SECURITY_ENABLED.key -> "true",
+      KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER.key -> "simple",
+      KyuubiConf.SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET.key -> "_KYUUBI_REST_",
+      // allow to impersonate other users with spnego authentication
       s"hadoop.proxyuser.$clientPrincipalUser.groups" -> "*",
       s"hadoop.proxyuser.$clientPrincipalUser.hosts" -> "*")
   }
 
+  override def beforeAll(): Unit = {
+    super.beforeAll()
+    InternalSecurityAccessor.initialize(conf, true)
+  }
+
   test("test with LDAP authorization") {
     val encodeAuthorization = new String(
       Base64.getEncoder.encode(
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index b6bc1af52..dd62ee48d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -45,7 +45,7 @@ import org.apache.kyuubi.operation.OperationState.OperationState
 import org.apache.kyuubi.server.KyuubiRestFrontendService
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
-import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
+import org.apache.kyuubi.service.authentication.{InternalSecurityAccessor, KyuubiAuthenticationFactory}
 import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle, SessionType}
 
 class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper with BatchTestHelper {
@@ -57,6 +57,11 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST,
       Seq(Paths.get(sparkBatchTestResource.get).getParent.toString))
 
+  override def beforeAll(): Unit = {
+    super.beforeAll()
+    InternalSecurityAccessor.initialize(conf, true)
+  }
+
   override def afterEach(): Unit = {
     val sessionManager = fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
     sessionManager.allSessions().foreach { session =>

From b07162a3bbb1235291ba4891711b00f3678730f4 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Thu, 20 Jul 2023 17:49:42 +0800
Subject: [PATCH 513/760] [KYUUBI #5075] Refine tests to adapt Spark 4.0

### _Why are the changes needed?_

to fix

```
SparkDeltaOperationSuite:
org.apache.kyuubi.engine.spark.operation.SparkDeltaOperationSuite *** ABORTED ***
  java.lang.RuntimeException: Unable to load a Suite class org.apache.kyuubi.engine.spark.operation.SparkDeltaOperationSuite that was discovered in the runpath: Not Support spark version (4,0)
  at org.scalatest.tools.DiscoverySuite$.getSuiteInstance(DiscoverySuite.scala:80)
  at org.scalatest.tools.DiscoverySuite.$anonfun$nestedSuites$1(DiscoverySuite.scala:38)
  at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:286)
  at scala.collection.Iterator.foreach(Iterator.scala:943)
  at scala.collection.Iterator.foreach$(Iterator.scala:943)
  at scala.collection.AbstractIterator.foreach(Iterator.scala:1431)
  at scala.collection.IterableLike.foreach(IterableLike.scala:74)
  at scala.collection.IterableLike.foreach$(IterableLike.scala:73)
  at scala.collection.AbstractIterable.foreach(Iterable.scala:56)
  at scala.collection.TraversableLike.map(TraversableLike.scala:286)
  ...
  Cause: java.lang.IllegalArgumentException: Not Support spark version (4,0)
  at org.apache.kyuubi.engine.spark.WithSparkSQLEngine.$init$(WithSparkSQLEngine.scala:42)
  at org.apache.kyuubi.engine.spark.operation.SparkDeltaOperationSuite.<init>(SparkDeltaOperationSuite.scala:25)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
  at java.lang.Class.newInstance(Class.java:442)
  at org.scalatest.tools.DiscoverySuite$.getSuiteInstance(DiscoverySuite.scala:66)
  at org.scalatest.tools.DiscoverySuite.$anonfun$nestedSuites$1(DiscoverySuite.scala:38)
  at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:286)
  ...
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5075 from cfmcgrady/spark-4.0.

Closes #5075

ad38c0d98 [Fu Chen] refine test to adapt Spark 4.0

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/spark/KyuubiSparkUtil.scala   |  8 +++-----
 .../engine/spark/WithSparkSQLEngine.scala       | 12 +++---------
 .../kyuubi/SparkSQLEngineDeregisterSuite.scala  | 17 +++++++++--------
 3 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
index 56bb2d69f..fcfdf55dd 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
@@ -95,9 +95,7 @@ object KyuubiSparkUtil extends Logging {
     }
   }
 
-  lazy val sparkMajorMinorVersion: (Int, Int) = {
-    val runtimeSparkVer = org.apache.spark.SPARK_VERSION
-    val runtimeVersion = SemanticVersion(runtimeSparkVer)
-    (runtimeVersion.majorVersion, runtimeVersion.minorVersion)
-  }
+  // Given that we are on the Spark SQL engine side, the [[org.apache.spark.SPARK_VERSION]] can be
+  // represented as the runtime version of the Spark SQL engine.
+  lazy val SPARK_ENGINE_RUNTIME_VERSION = SemanticVersion(org.apache.spark.SPARK_VERSION)
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/WithSparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/WithSparkSQLEngine.scala
index 629a8374b..3b98c2efb 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/WithSparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/WithSparkSQLEngine.scala
@@ -21,7 +21,7 @@ import org.apache.spark.sql.SparkSession
 
 import org.apache.kyuubi.{KyuubiFunSuite, Utils}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.spark.KyuubiSparkUtil.sparkMajorMinorVersion
+import org.apache.kyuubi.engine.spark.KyuubiSparkUtil.SPARK_ENGINE_RUNTIME_VERSION
 
 trait WithSparkSQLEngine extends KyuubiFunSuite {
   protected var spark: SparkSession = _
@@ -34,14 +34,8 @@ trait WithSparkSQLEngine extends KyuubiFunSuite {
 
   // Affected by such configuration' default value
   //    engine.initialize.sql='SHOW DATABASES'
-  protected var initJobId: Int = {
-    sparkMajorMinorVersion match {
-      case (3, minor) if minor >= 2 => 1 // SPARK-35378
-      case (3, _) => 0
-      case _ =>
-        throw new IllegalArgumentException(s"Not Support spark version $sparkMajorMinorVersion")
-    }
-  }
+  // SPARK-35378
+  protected lazy val initJobId: Int = if (SPARK_ENGINE_RUNTIME_VERSION >= "3.2") 1 else 0
 
   override def beforeAll(): Unit = {
     startSparkEngine()
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala
index 8dc93759b..1e3d6163a 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala
@@ -24,7 +24,7 @@ import org.apache.spark.sql.internal.SQLConf.ANSI_ENABLED
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.spark.KyuubiSparkUtil.sparkMajorMinorVersion
+import org.apache.kyuubi.engine.spark.KyuubiSparkUtil.SPARK_ENGINE_RUNTIME_VERSION
 import org.apache.kyuubi.engine.spark.WithDiscoverySparkSQLEngine
 import org.apache.kyuubi.engine.spark.WithEmbeddedZookeeper
 import org.apache.kyuubi.service.ServiceState
@@ -61,13 +61,13 @@ abstract class SparkSQLEngineDeregisterSuite
 class SparkSQLEngineDeregisterExceptionSuite extends SparkSQLEngineDeregisterSuite {
   override def withKyuubiConf: Map[String, String] = {
     super.withKyuubiConf ++ Map(ENGINE_DEREGISTER_EXCEPTION_CLASSES.key -> {
-      sparkMajorMinorVersion match {
+      if (SPARK_ENGINE_RUNTIME_VERSION > "3.2") {
         // see https://issues.apache.org/jira/browse/SPARK-35958
-        case (3, minor) if minor > 2 => "org.apache.spark.SparkArithmeticException"
-        case _ => classOf[ArithmeticException].getCanonicalName
+        "org.apache.spark.SparkArithmeticException"
+      } else {
+        classOf[ArithmeticException].getCanonicalName
       }
     })
-
   }
 }
 
@@ -94,10 +94,11 @@ class SparkSQLEngineDeregisterExceptionTTLSuite
       zookeeperConf ++ Map(
         ANSI_ENABLED.key -> "true",
         ENGINE_DEREGISTER_EXCEPTION_CLASSES.key -> {
-          sparkMajorMinorVersion match {
+          if (SPARK_ENGINE_RUNTIME_VERSION > "3.2") {
             // see https://issues.apache.org/jira/browse/SPARK-35958
-            case (3, minor) if minor > 2 => "org.apache.spark.SparkArithmeticException"
-            case _ => classOf[ArithmeticException].getCanonicalName
+            "org.apache.spark.SparkArithmeticException"
+          } else {
+            classOf[ArithmeticException].getCanonicalName
           }
         },
         ENGINE_DEREGISTER_JOB_MAX_FAILURES.key -> maxJobFailures.toString,

From 14818cfb43f28c906744d1341e8cf1551c7bb2e8 Mon Sep 17 00:00:00 2001
From: liupeiyue <liupeiyue@yy.com>
Date: Thu, 20 Jul 2023 17:58:40 +0800
Subject: [PATCH 514/760] [KYUUBI #5065] Call destroy first on killing Spark
 startup process to allows it release temp files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

fix bug https://github.com/apache/kyuubi/issues/5065

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5066 from ASiegeLion/master.

Closes #5065

08d1ac077 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
bf908f5af [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
9144582f9 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
f1c95e409 [liupeiyue] [KYUUBI-#5065] Call destroy first on killing Spark startup process to allows it release temp files
907123a93 [liupeiyue] [KYUUBI-#5065] Call destroy first on killing Spark startup process to allows it release temp files
f30a9fc39 [liupeiyue] [KYUUBI-#5065] Call destroy first on killing Spark startup process to allows it release temp files
449be44d7 [文艺攻城狮] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
987ffc7fe [文艺攻城狮] Update kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
995386f98 [文艺攻城狮] Update kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
ad3d11191 [liupeiyue] [KYUUBI-#5065]destroy the spark engine release the submitted temp files

Lead-authored-by: liupeiyue <liupeiyue@yy.com>
Co-authored-by: 文艺攻城狮 <945076608@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                          |  1 +
 .../scala/org/apache/kyuubi/config/KyuubiConf.scala  |  9 +++++++++
 .../scala/org/apache/kyuubi/engine/ProcBuilder.scala | 12 +++++++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 5d795864d..b1b8af143 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -419,6 +419,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.session.engine.spark.progress.timeFormat      | yyyy-MM-dd HH:mm:ss.SSS | The time format of the progress bar                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.6.0 |
 | kyuubi.session.engine.spark.progress.update.interval | PT1S                    | Update period of progress bar.                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.6.0 |
 | kyuubi.session.engine.spark.showProgress             | false                   | When true, show the progress bar in the Spark's engine log.                                                                                                                                                                                                                                                                                                                                                              | boolean  | 1.6.0 |
+| kyuubi.session.engine.startup.destroy.timeout        | PT5S                    | Engine startup process destroy wait time, if the process does not stop after this time, force destroy instead. This configuration only takes effect when `kyuubi.session.engine.startup.waitCompletion=false`.                                                                                                                                                                                                           | duration | 1.8.0 |
 | kyuubi.session.engine.startup.error.max.size         | 8192                    | During engine bootstrapping, if anderror occurs, using this config to limit the length of error message(characters).                                                                                                                                                                                                                                                                                                     | int      | 1.1.0 |
 | kyuubi.session.engine.startup.maxLogLines            | 10                      | The maximum number of engine log lines when errors occur during the engine startup phase. Note that this config effects on client-side to help track engine startup issues.                                                                                                                                                                                                                                              | int      | 1.4.0 |
 | kyuubi.session.engine.startup.waitCompletion         | true                    | Whether to wait for completion after the engine starts. If false, the startup process will be destroyed after the engine is started. Note that only use it when the driver is not running locally, such as in yarn-cluster mode; Otherwise, the engine will be killed.                                                                                                                                                   | boolean  | 1.5.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 116455da7..65f03c654 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1513,6 +1513,15 @@ object KyuubiConf {
       .booleanConf
       .createWithDefault(true)
 
+  val SESSION_ENGINE_STARTUP_DESTROY_TIMEOUT: ConfigEntry[Long] =
+    buildConf("kyuubi.session.engine.startup.destroy.timeout")
+      .doc("Engine startup process destroy wait time, if the process does not " +
+        "stop after this time, force destroy instead. This configuration only " +
+        s"takes effect when `${SESSION_ENGINE_STARTUP_WAIT_COMPLETION.key}=false`.")
+      .version("1.8.0")
+      .timeConf
+      .createWithDefault(Duration.ofSeconds(5).toMillis)
+
   val SESSION_ENGINE_LAUNCH_ASYNC: ConfigEntry[Boolean] =
     buildConf("kyuubi.session.engine.launch.async")
       .doc("When opening kyuubi session, whether to launch the backend engine asynchronously." +
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index a44fe06bc..d0e6bae6b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -21,6 +21,7 @@ import java.io.{File, FilenameFilter, IOException}
 import java.net.URI
 import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, Paths}
+import java.util.concurrent.TimeUnit
 
 import scala.collection.JavaConverters._
 
@@ -156,6 +157,9 @@ trait ProcBuilder {
 
   private val engineLogMaxLines = conf.get(KyuubiConf.SESSION_ENGINE_STARTUP_MAX_LOG_LINES)
 
+  private val engineStartupDestroyTimeout =
+    conf.get(KyuubiConf.SESSION_ENGINE_STARTUP_DESTROY_TIMEOUT)
+
   protected val lastRowsOfLog: EvictingQueue[String] = EvictingQueue.create(engineLogMaxLines)
   // Visible for test
   @volatile private[kyuubi] var logCaptureThreadReleased: Boolean = true
@@ -257,7 +261,13 @@ trait ProcBuilder {
       logCaptureThread = null
     }
     if (destroyProcess && process != null) {
-      process.destroyForcibly()
+      process.destroy()
+      if (!process.waitFor(engineStartupDestroyTimeout, TimeUnit.MILLISECONDS)) {
+        warn("Engine startup process does not exit after " +
+          s"$engineStartupDestroyTimeout ms, try to forcibly kill. " +
+          "Staging files generated by the process may be retained!")
+        process.destroyForcibly()
+      }
       process = null
     }
   }

From 7631e7d8b8ca66b635f9d761c41d40e2bb73ea10 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Fri, 21 Jul 2023 11:21:07 +0800
Subject: [PATCH 515/760] [KYUUBI #5009] Pass Spark Engine Log Path to Spark
 Conf

### _Why are the changes needed?_

Close #5009

When Kyuubi Server Log is Huge, it's difficult to find `Spark Engine Log Path` in logs.

Here pass the path to spark conf, user can find engine log path in spark ui or spark history server.

Submit Command Like:
```shell
XXXX/bin/spark-submit \
  --class org.apache.kyuubi.engine.spark.SparkSQLEngine \
  --conf spark.kyuubi.engine.engineLog.path=XXXX/kyuubi-spark-sql-engine.log.0 \
  --proxy-user kyuubi XXXX/target/kyuubi-spark-sql-engine_2.12-1.8.0-SNAPSHOT.jar
```

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5011 from zwangsheng/KYUUBI_5009.

Closes #5009

36c772209 [zwangsheng] fix compile
1c20f9264 [zwangsheng] retest
70568c758 [zwangsheng] Fix Unit Test
2bc465740 [zwangsheng] try to fix unit test
2197b3503 [zwangsheng] Narrow the scope of access
a44eefc5c [zwangsheng] [KYUUBI #5009]Pass Spark Engine Log Path to Spark COnf

Authored-by: zwangsheng <2213335496@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/engine/ProcBuilder.scala  |  2 ++
 .../engine/spark/SparkBatchProcessBuilder.scala       |  4 ++--
 .../kyuubi/engine/spark/SparkProcessBuilder.scala     | 11 ++++++++---
 .../engine/spark/SparkProcessBuilderSuite.scala       | 11 ++++++++++-
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index d0e6bae6b..f1e49d687 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -359,4 +359,6 @@ object ProcBuilder extends Logging {
   private val PROC_BUILD_LOGGER = new NamedThreadFactory("process-logger-capture", daemon = true)
 
   private val UNCAUGHT_ERROR = new RuntimeException("Uncaught error")
+
+  private[engine] val KYUUBI_ENGINE_LOG_PATH_KEY = "kyuubi.engine.engineLog.path"
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
index 0d20068de..7f1be93b5 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
@@ -36,7 +36,7 @@ class SparkBatchProcessBuilder(
   extends SparkProcessBuilder(proxyUser, conf, batchId, extraEngineLog) {
   import SparkProcessBuilder._
 
-  override protected val commands: Array[String] = {
+  override protected lazy val commands: Array[String] = {
     val buffer = new ArrayBuffer[String]()
     buffer += executable
     Option(mainClass).foreach { cla =>
@@ -51,7 +51,7 @@ class SparkBatchProcessBuilder(
     // tag batch application
     KyuubiApplicationManager.tagApplication(batchId, "spark", clusterManager(), batchKyuubiConf)
 
-    (batchKyuubiConf.getAll ++ sparkAppNameConf()).foreach { case (k, v) =>
+    (batchKyuubiConf.getAll ++ sparkAppNameConf() ++ engineLogPathConf()).foreach { case (k, v) =>
       buffer += CONF
       buffer += s"${convertConfigKey(k)}=$v"
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index 5bfe506da..5998d5d4e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -30,6 +30,7 @@ import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.{ApplicationManagerInfo, KyuubiApplicationManager, ProcBuilder}
 import org.apache.kyuubi.engine.KubernetesApplicationOperation.{KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT}
+import org.apache.kyuubi.engine.ProcBuilder.KYUUBI_ENGINE_LOG_PATH_KEY
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.operation.log.OperationLog
@@ -99,7 +100,7 @@ class SparkProcessBuilder(
     }
   }
 
-  override protected val commands: Array[String] = {
+  override protected lazy val commands: Array[String] = {
     // complete `spark.master` if absent on kubernetes
     completeMasterUrl(conf)
 
@@ -116,8 +117,8 @@ class SparkProcessBuilder(
         == AuthTypes.KERBEROS) {
       allConf = allConf ++ zkAuthKeytabFileConf(allConf)
     }
-
-    allConf.foreach { case (k, v) =>
+    // pass spark engine log path to spark conf
+    (allConf ++ engineLogPathConf).foreach { case (k, v) =>
       buffer += CONF
       buffer += s"${convertConfigKey(k)}=$v"
     }
@@ -244,6 +245,10 @@ class SparkProcessBuilder(
       }
     }
   }
+
+  private[spark] def engineLogPathConf(): Map[String, String] = {
+    Map(KYUUBI_ENGINE_LOG_PATH_KEY -> engineLog.getAbsolutePath)
+  }
 }
 
 object SparkProcessBuilder {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
index ad8324c85..cd549c0f3 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
@@ -29,6 +29,8 @@ import org.scalatestplus.mockito.MockitoSugar
 import org.apache.kyuubi.{KerberizedTestHelper, KyuubiSQLException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_LOG_TIMEOUT, ENGINE_SPARK_MAIN_RESOURCE}
+import org.apache.kyuubi.engine.ProcBuilder.KYUUBI_ENGINE_LOG_PATH_KEY
+import org.apache.kyuubi.engine.spark.SparkProcessBuilder.CONF
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.service.ServiceUtils
@@ -296,9 +298,16 @@ class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
     assert(!c3.contains(s"spark.kubernetes.driverEnv.SPARK_USER_NAME=$proxyName"))
     assert(!c3.contains(s"spark.executorEnv.SPARK_USER_NAME=$proxyName"))
   }
+
+  test("[KYUUBI #5009] Test pass spark engine log path to spark conf") {
+    val b1 = new SparkProcessBuilder("kyuubi", conf)
+    assert(
+      b1.toString.contains(
+        s"$CONF spark.$KYUUBI_ENGINE_LOG_PATH_KEY=${b1.engineLog.getAbsolutePath}"))
+  }
 }
 
 class FakeSparkProcessBuilder(config: KyuubiConf)
   extends SparkProcessBuilder("fake", config) {
-  override protected val commands: Array[String] = Array("ls")
+  override protected lazy val commands: Array[String] = Array("ls")
 }

From b1865fffa6dadbc9fc509b486a9c70327ae88e21 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 21 Jul 2023 16:22:51 +0800
Subject: [PATCH 516/760] [KYUUBI #5078] Make `kyuubi_instance` nullable in
 metadata table schema

### _Why are the changes needed?_

This is required by Batch V2, as it allows the batch job queued in metastore before being picked by Kyuubi Server for scheduling.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

```
mysql> CREATE TABLE IF NOT EXISTS metadata(
    ->     key_id bigint PRIMARY KEY AUTO_INCREMENT COMMENT 'the auto increment key id',
    ->     identifier varchar(36) NOT NULL COMMENT 'the identifier id, which is an UUID',
    ->     session_type varchar(32) NOT NULL COMMENT 'the session type, SQL or BATCH',
    ->     real_user varchar(255) NOT NULL COMMENT 'the real user',
    ->     user_name varchar(255) NOT NULL COMMENT 'the user name, might be a proxy user',
    ->     ip_address varchar(128) COMMENT 'the client ip address',
    ->     kyuubi_instance varchar(1024) NOT NULL COMMENT 'the kyuubi instance that creates this',
    ->     state varchar(128) NOT NULL COMMENT 'the session state',
    ->     resource varchar(1024) COMMENT 'the main resource',
    ->     class_name varchar(1024) COMMENT 'the main class name',
    ->     request_name varchar(1024) COMMENT 'the request name',
    ->     request_conf mediumtext COMMENT 'the request config map',
    ->     request_args mediumtext COMMENT 'the request arguments',
    ->     create_time BIGINT NOT NULL COMMENT 'the metadata create time',
    ->     engine_type varchar(32) NOT NULL COMMENT 'the engine type',
    ->     cluster_manager varchar(128) COMMENT 'the engine cluster manager',
    ->     engine_open_time bigint COMMENT 'the engine open time',
    ->     engine_id varchar(128) COMMENT 'the engine application id',
    ->     engine_name mediumtext COMMENT 'the engine application name',
    ->     engine_url varchar(1024) COMMENT 'the engine tracking url',
    ->     engine_state varchar(32) COMMENT 'the engine application state',
    ->     engine_error mediumtext COMMENT 'the engine application diagnose',
    ->     end_time bigint COMMENT 'the metadata end time',
    ->     peer_instance_closed boolean default '0' COMMENT 'closed by peer kyuubi instance',
    ->     UNIQUE INDEX unique_identifier_index(identifier),
    ->     INDEX user_name_index(user_name),
    ->     INDEX engine_type_index(engine_type)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
Query OK, 0 rows affected (0.04 sec)

mysql> ALTER TABLE metadata MODIFY kyuubi_instance varchar(1024) COMMENT 'the kyuubi instance that creates this';
Query OK, 0 rows affected (0.05 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> SHOW CREATE TABLE metadata;
mysql> SHOW CREATE TABLE metadata;
+----------+---------------------------------------------------------------------------+
| Table    | Create Table                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+----------+---------------------------------------------------------------------------+
| metadata | CREATE TABLE `metadata` (
  `key_id` bigint NOT NULL AUTO_INCREMENT COMMENT 'the auto increment key id',
  `identifier` varchar(36) NOT NULL COMMENT 'the identifier id, which is an UUID',
  `session_type` varchar(32) NOT NULL COMMENT 'the session type, SQL or BATCH',
  `real_user` varchar(255) NOT NULL COMMENT 'the real user',
  `user_name` varchar(255) NOT NULL COMMENT 'the user name, might be a proxy user',
  `ip_address` varchar(128) DEFAULT NULL COMMENT 'the client ip address',
  `kyuubi_instance` varchar(1024) DEFAULT NULL COMMENT 'the kyuubi instance that creates this',
  `state` varchar(128) NOT NULL COMMENT 'the session state',
  `resource` varchar(1024) DEFAULT NULL COMMENT 'the main resource',
  `class_name` varchar(1024) DEFAULT NULL COMMENT 'the main class name',
  `request_name` varchar(1024) DEFAULT NULL COMMENT 'the request name',
  `request_conf` mediumtext COMMENT 'the request config map',
  `request_args` mediumtext COMMENT 'the request arguments',
  `create_time` bigint NOT NULL COMMENT 'the metadata create time',
  `engine_type` varchar(32) NOT NULL COMMENT 'the engine type',
  `cluster_manager` varchar(128) DEFAULT NULL COMMENT 'the engine cluster manager',
  `engine_open_time` bigint DEFAULT NULL COMMENT 'the engine open time',
  `engine_id` varchar(128) DEFAULT NULL COMMENT 'the engine application id',
  `engine_name` mediumtext COMMENT 'the engine application name',
  `engine_url` varchar(1024) DEFAULT NULL COMMENT 'the engine tracking url',
  `engine_state` varchar(32) DEFAULT NULL COMMENT 'the engine application state',
  `engine_error` mediumtext COMMENT 'the engine application diagnose',
  `end_time` bigint DEFAULT NULL COMMENT 'the metadata end time',
  `peer_instance_closed` tinyint(1) DEFAULT '0' COMMENT 'closed by peer kyuubi instance',
  PRIMARY KEY (`key_id`),
  UNIQUE KEY `unique_identifier_index` (`identifier`),
  KEY `user_name_index` (`user_name`),
  KEY `engine_type_index` (`engine_type`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci |
+----------+---------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql>
```

The derby SQL also is tested

<img width="1330" alt="image" src="https://github.com/apache/kyuubi/assets/26535726/4eef0742-05dd-4bd6-a77e-e9de0238375e">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5078 from pan3793/nullable.

Closes #5078

0c5dec85d [Cheng Pan] Make kyuubi_instance nullable in metadata table schema

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../sql/derby/003-KYUUBI-5078.derby.sql       |  1 +
 .../metadata-store-schema-1.8.0.derby.sql     | 36 +++++++++++++++++++
 .../derby/upgrade-1.7.0-to-1.8.0.derby.sql    |  1 +
 .../sql/mysql/003-KYUUBI-5078.mysql.sql       |  3 ++
 .../metadata-store-schema-1.8.0.mysql.sql     | 31 ++++++++++++++++
 .../mysql/upgrade-1.7.0-to-1.8.0.mysql.sql    |  3 ++
 .../metadata-store-schema-1.8.0.sqlite.sql    |  2 +-
 .../metadata/MetadataManagerSuite.scala       |  2 +-
 8 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 kyuubi-server/src/main/resources/sql/derby/003-KYUUBI-5078.derby.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/mysql/003-KYUUBI-5078.mysql.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql

diff --git a/kyuubi-server/src/main/resources/sql/derby/003-KYUUBI-5078.derby.sql b/kyuubi-server/src/main/resources/sql/derby/003-KYUUBI-5078.derby.sql
new file mode 100644
index 000000000..dfdfe6069
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/derby/003-KYUUBI-5078.derby.sql
@@ -0,0 +1 @@
+ALTER TABLE metadata ALTER COLUMN kyuubi_instance DROP NOT NULL;
diff --git a/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql b/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
new file mode 100644
index 000000000..b4a66d8d6
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
@@ -0,0 +1,36 @@
+-- Derby does not support `CREATE TABLE IF NOT EXISTS`
+
+-- the metadata table ddl
+
+CREATE TABLE metadata(
+    key_id bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY, -- the auto increment key id
+    identifier varchar(36) NOT NULL, -- the identifier id, which is an UUID
+    session_type varchar(32) NOT NULL, -- the session type, SQL or BATCH
+    real_user varchar(255) NOT NULL, -- the real user
+    user_name varchar(255) NOT NULL, -- the user name, might be a proxy user
+    ip_address varchar(128), -- the client ip address
+    kyuubi_instance varchar(1024), -- the kyuubi instance that creates this
+    state varchar(128) NOT NULL, -- the session state
+    resource varchar(1024), -- the main resource
+    class_name varchar(1024), -- the main class name
+    request_name varchar(1024), -- the request name
+    request_conf clob, -- the request config map
+    request_args clob, -- the request arguments
+    create_time BIGINT NOT NULL, -- the metadata create time
+    engine_type varchar(32) NOT NULL, -- the engine type
+    cluster_manager varchar(128), -- the engine cluster manager
+    engine_open_time bigint, -- the engine open time
+    engine_id varchar(128), -- the engine application id
+    engine_name clob, -- the engine application name
+    engine_url varchar(1024), -- the engine tracking url
+    engine_state varchar(32), -- the engine application state
+    engine_error clob, -- the engine application diagnose
+    end_time bigint,  -- the metadata end time
+    peer_instance_closed boolean default FALSE -- closed by peer kyuubi instance
+);
+
+CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
+
+CREATE INDEX metadata_user_name_index ON metadata(user_name);
+
+CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
diff --git a/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql b/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql
new file mode 100644
index 000000000..b9e6cff91
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql
@@ -0,0 +1 @@
+RUN '003-KYUUBI-5078.derby.sql';
diff --git a/kyuubi-server/src/main/resources/sql/mysql/003-KYUUBI-5078.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/003-KYUUBI-5078.mysql.sql
new file mode 100644
index 000000000..1d730cd4c
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/mysql/003-KYUUBI-5078.mysql.sql
@@ -0,0 +1,3 @@
+SELECT '< KYUUBI-5078: Make kyuubi_instance nullable in metadata table schema' AS ' ';
+
+ALTER TABLE metadata MODIFY kyuubi_instance varchar(1024) COMMENT 'the kyuubi instance that creates this';
diff --git a/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
new file mode 100644
index 000000000..4c86fbf76
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
@@ -0,0 +1,31 @@
+-- the metadata table ddl
+
+CREATE TABLE IF NOT EXISTS metadata(
+    key_id bigint PRIMARY KEY AUTO_INCREMENT COMMENT 'the auto increment key id',
+    identifier varchar(36) NOT NULL COMMENT 'the identifier id, which is an UUID',
+    session_type varchar(32) NOT NULL COMMENT 'the session type, SQL or BATCH',
+    real_user varchar(255) NOT NULL COMMENT 'the real user',
+    user_name varchar(255) NOT NULL COMMENT 'the user name, might be a proxy user',
+    ip_address varchar(128) COMMENT 'the client ip address',
+    kyuubi_instance varchar(1024) COMMENT 'the kyuubi instance that creates this',
+    state varchar(128) NOT NULL COMMENT 'the session state',
+    resource varchar(1024) COMMENT 'the main resource',
+    class_name varchar(1024) COMMENT 'the main class name',
+    request_name varchar(1024) COMMENT 'the request name',
+    request_conf mediumtext COMMENT 'the request config map',
+    request_args mediumtext COMMENT 'the request arguments',
+    create_time BIGINT NOT NULL COMMENT 'the metadata create time',
+    engine_type varchar(32) NOT NULL COMMENT 'the engine type',
+    cluster_manager varchar(128) COMMENT 'the engine cluster manager',
+    engine_open_time bigint COMMENT 'the engine open time',
+    engine_id varchar(128) COMMENT 'the engine application id',
+    engine_name mediumtext COMMENT 'the engine application name',
+    engine_url varchar(1024) COMMENT 'the engine tracking url',
+    engine_state varchar(32) COMMENT 'the engine application state',
+    engine_error mediumtext COMMENT 'the engine application diagnose',
+    end_time bigint COMMENT 'the metadata end time',
+    peer_instance_closed boolean default '0' COMMENT 'closed by peer kyuubi instance',
+    UNIQUE INDEX unique_identifier_index(identifier),
+    INDEX user_name_index(user_name),
+    INDEX engine_type_index(engine_type)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
new file mode 100644
index 000000000..a3a4bcdf1
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
@@ -0,0 +1,3 @@
+SELECT '< Upgrading MetaStore schema from 1.7.0 to 1.8.0 >' AS ' ';
+SOURCE 003-KYUUBI-5078.mysql.sql;
+SELECT '< Finished upgrading MetaStore schema from 1.7.0 to 1.8.0 >' AS ' ';
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
index 2b05dd5db..6df7405be 100644
--- a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
@@ -7,7 +7,7 @@ CREATE TABLE IF NOT EXISTS metadata(
     real_user varchar(255) NOT NULL, -- the real user
     user_name varchar(255) NOT NULL, -- the user name, might be a proxy user
     ip_address varchar(128), -- the client ip address
-    kyuubi_instance varchar(1024) NOT NULL, -- the kyuubi instance that creates this
+    kyuubi_instance varchar(1024), -- the kyuubi instance that creates this
     state varchar(128) NOT NULL, -- the session state
     resource varchar(1024), -- the main resource
     class_name varchar(1024), -- the main class name
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
index aca416dac..564b5ebe9 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
@@ -116,7 +116,7 @@ class MetadataManagerSuite extends KyuubiFunSuite {
         MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_RETRYING)
           .getOrElse(0L) - retryingRequests === 0)
 
-      val invalidMetadata = metadata.copy(kyuubiInstance = null)
+      val invalidMetadata = metadata.copy(state = null)
       intercept[Exception](metadataManager.insertMetadata(invalidMetadata, false))
       assert(
         MetricsSystem.meterValue(MetricsConstants.METADATA_REQUEST_TOTAL)

From bf0307565cf1196447403c6a6f8e240ac01d1cd5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 21 Jul 2023 20:24:32 +0800
Subject: [PATCH 517/760] [KYUUBI #5081] Minor refactor JDBCMetadataStore

### _Why are the changes needed?_

This is a pure code refactor extracted from https://github.com/apache/kyuubi/pull/4790 to reduce the diff.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5081 from pan3793/dialect.

Closes #5081

537d62303 [Cheng Pan] Minor refactor JDBCMetadataStore

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../metadata/jdbc/JDBCMetadataStore.scala     | 38 ++++++++++---------
 .../metadata/jdbc/JdbcDatabaseDialect.scala   | 10 ++---
 2 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 9f0bd6843..798e52d39 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -54,7 +54,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
         throw new IllegalArgumentException("No jdbc driver defined"))
   }
 
-  private val databaseAdaptor = dbType match {
+  private val dialect = dbType match {
     case DERBY => new DerbyDatabaseDialect
     case SQLITE => new SQLiteDatabaseDialect
     case MYSQL => new MySQLDatabaseDialect
@@ -216,12 +216,24 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       stateOnly: Boolean): Seq[Metadata] = {
     val queryBuilder = new StringBuilder
     val params = ListBuffer[Any]()
-    if (stateOnly) {
-      queryBuilder.append(s"SELECT $METADATA_STATE_ONLY_COLUMNS FROM $METADATA_TABLE")
-    } else {
-      queryBuilder.append(s"SELECT $METADATA_ALL_COLUMNS FROM $METADATA_TABLE")
+    queryBuilder.append("SELECT ")
+    queryBuilder.append(if (stateOnly) METADATA_STATE_ONLY_COLUMNS else METADATA_ALL_COLUMNS)
+    queryBuilder.append(s" FROM $METADATA_TABLE")
+    queryBuilder.append(s" ${assembleWhereClause(filter, params)}")
+    queryBuilder.append(" ORDER BY key_id ")
+    queryBuilder.append(dialect.limitClause(size, from))
+    val query = queryBuilder.toString
+    JdbcUtils.withConnection { connection =>
+      withResultSet(connection, query, params: _*) { rs =>
+        buildMetadata(rs, stateOnly)
+      }
     }
-    val whereConditions = ListBuffer[String]()
+  }
+
+  private def assembleWhereClause(
+      filter: MetadataFilter,
+      params: ListBuffer[Any]): String = {
+    val whereConditions = ListBuffer[String]("1 = 1")
     Option(filter.sessionType).foreach { sessionType =>
       whereConditions += "session_type = ?"
       params += sessionType.toString
@@ -259,16 +271,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       whereConditions += "peer_instance_closed = ?"
       params += filter.peerInstanceClosed
     }
-    if (whereConditions.nonEmpty) {
-      queryBuilder.append(whereConditions.mkString(" WHERE ", " AND ", ""))
-    }
-    queryBuilder.append(" ORDER BY key_id")
-    val query = databaseAdaptor.addLimitAndOffsetToQuery(queryBuilder.toString(), size, from)
-    JdbcUtils.withConnection { connection =>
-      withResultSet(connection, query, params: _*) { rs =>
-        buildMetadata(rs, stateOnly)
-      }
-    }
+    whereConditions.mkString("WHERE ", " AND ", "")
   }
 
   override def updateMetadata(metadata: Metadata): Unit = {
@@ -324,7 +327,8 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
       withUpdateCount(connection, query, params: _*) { updateCount =>
         if (updateCount == 0) {
           throw new KyuubiException(
-            s"Error updating metadata for ${metadata.identifier} with $query")
+            s"Error updating metadata for ${metadata.identifier} by SQL: $query, " +
+              s"with params: ${params.mkString(", ")}")
         }
       }
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala
index 1fbfc1cbc..69bd36519 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JdbcDatabaseDialect.scala
@@ -18,18 +18,18 @@
 package org.apache.kyuubi.server.metadata.jdbc
 
 trait JdbcDatabaseDialect {
-  def addLimitAndOffsetToQuery(sql: String, limit: Int, offset: Int): String
+  def limitClause(limit: Int, offset: Int): String
 }
 
 class DerbyDatabaseDialect extends JdbcDatabaseDialect {
-  override def addLimitAndOffsetToQuery(sql: String, limit: Int, offset: Int): String = {
-    s"$sql OFFSET $offset ROWS FETCH NEXT $limit ROWS ONLY"
+  override def limitClause(limit: Int, offset: Int): String = {
+    s"OFFSET $offset ROWS FETCH NEXT $limit ROWS ONLY"
   }
 }
 
 class GenericDatabaseDialect extends JdbcDatabaseDialect {
-  override def addLimitAndOffsetToQuery(sql: String, limit: Int, offset: Int): String = {
-    s"$sql LIMIT $limit OFFSET $offset"
+  override def limitClause(limit: Int, offset: Int): String = {
+    s"LIMIT $limit OFFSET $offset"
   }
 }
 

From 87974f33f710ba8beb3fd332430d1bf0a0278fc6 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Sat, 22 Jul 2023 21:26:58 +0800
Subject: [PATCH 518/760] [KYUUBI #5080][FLINK] Fix EmbeddedExecutorFactory not
 thread-safe during bootstrap

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5082 from link3280/KYUUBI-5080.

Closes #5080

e8026b89b [Paul Lin] [KYUUBI #4806][FLINK] Improve logs
fd78f3239 [Paul Lin] [KYUUBI #4806][FLINK] Fix gateway NPE
a0a7c4422 [Cheng Pan] Update externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
50830d4d4 [Paul Lin] [KYUUBI #5080][FLINK] Fix EmbeddedExecutorFactory not thread-safe during bootstrap

Lead-authored-by: Paul Lin <paullin3280@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../executors/EmbeddedExecutorFactory.java    | 49 +++++++++++++++----
 1 file changed, 39 insertions(+), 10 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java b/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
index 69d69a55c..558db74a3 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
+++ b/externals/kyuubi-flink-sql-engine/src/main/java/org/apache/flink/client/deployment/application/executors/EmbeddedExecutorFactory.java
@@ -48,6 +48,12 @@ public class EmbeddedExecutorFactory implements PipelineExecutorFactory {
 
   private static ScheduledExecutor retryExecutor;
 
+  private static final Object bootstrapLock = new Object();
+
+  private static final long BOOTSTRAP_WAIT_INTERVAL = 10_000L;
+
+  private static final int BOOTSTRAP_WAIT_RETRIES = 3;
+
   private static final Logger LOGGER = LoggerFactory.getLogger(EmbeddedExecutorFactory.class);
 
   public EmbeddedExecutorFactory() {
@@ -79,13 +85,17 @@ public EmbeddedExecutorFactory(
     checkState(EmbeddedExecutorFactory.submittedJobIds == null);
     checkState(EmbeddedExecutorFactory.dispatcherGateway == null);
     checkState(EmbeddedExecutorFactory.retryExecutor == null);
-    // submittedJobIds would be always 1, because we create a new list to avoid concurrent access
-    // issues
-    EmbeddedExecutorFactory.submittedJobIds =
-        new ConcurrentLinkedQueue<>(checkNotNull(submittedJobIds));
-    EmbeddedExecutorFactory.bootstrapJobIds = submittedJobIds;
-    EmbeddedExecutorFactory.dispatcherGateway = checkNotNull(dispatcherGateway);
-    EmbeddedExecutorFactory.retryExecutor = checkNotNull(retryExecutor);
+    synchronized (bootstrapLock) {
+      // submittedJobIds would be always 1, because we create a new list to avoid concurrent access
+      // issues
+      LOGGER.debug("Bootstrapping EmbeddedExecutorFactory.");
+      EmbeddedExecutorFactory.submittedJobIds =
+          new ConcurrentLinkedQueue<>(checkNotNull(submittedJobIds));
+      EmbeddedExecutorFactory.bootstrapJobIds = submittedJobIds;
+      EmbeddedExecutorFactory.dispatcherGateway = checkNotNull(dispatcherGateway);
+      EmbeddedExecutorFactory.retryExecutor = checkNotNull(retryExecutor);
+      bootstrapLock.notifyAll();
+    }
   }
 
   @Override
@@ -96,7 +106,7 @@ public String getName() {
   @Override
   public boolean isCompatibleWith(final Configuration configuration) {
     // override Flink's implementation to allow usage in Kyuubi
-    LOGGER.debug("matching execution target: {}", configuration.get(DeploymentOptions.TARGET));
+    LOGGER.debug("Matching execution target: {}", configuration.get(DeploymentOptions.TARGET));
     return configuration.get(DeploymentOptions.TARGET).equalsIgnoreCase("yarn-application")
         && configuration.toMap().getOrDefault("yarn.tags", "").toLowerCase().contains("kyuubi");
   }
@@ -105,11 +115,30 @@ public boolean isCompatibleWith(final Configuration configuration) {
   public PipelineExecutor getExecutor(final Configuration configuration) {
     checkNotNull(configuration);
     Collection<JobID> executorJobIDs;
+    synchronized (bootstrapLock) {
+      // wait in a loop to avoid spurious wakeups
+      int retry = 0;
+      while (bootstrapJobIds == null && retry < BOOTSTRAP_WAIT_RETRIES) {
+        try {
+          LOGGER.debug("Waiting for bootstrap to complete. Wait retries: {}.", retry);
+          bootstrapLock.wait(BOOTSTRAP_WAIT_INTERVAL);
+          retry++;
+        } catch (InterruptedException e) {
+          throw new RuntimeException("Interrupted while waiting for bootstrap.", e);
+        }
+      }
+      if (bootstrapJobIds == null) {
+        throw new RuntimeException(
+            "Bootstrap of Flink SQL engine timed out after "
+                + BOOTSTRAP_WAIT_INTERVAL * BOOTSTRAP_WAIT_RETRIES
+                + " ms. Please check the engine log for more details.");
+      }
+    }
     if (bootstrapJobIds.size() > 0) {
-      LOGGER.info("Submitting new Kyuubi job. Job already submitted: {}.", submittedJobIds.size());
+      LOGGER.info("Submitting new Kyuubi job. Job submitted: {}.", submittedJobIds.size());
       executorJobIDs = submittedJobIds;
     } else {
-      LOGGER.info("Bootstrapping Flink SQL engine.");
+      LOGGER.info("Bootstrapping Flink SQL engine with the initial SQL.");
       executorJobIDs = bootstrapJobIds;
     }
     return new EmbeddedExecutor(

From b04829a2fc44e83c4c5f59710c6ec4b01c013b1a Mon Sep 17 00:00:00 2001
From: mans2singh <mans2singh@yahoo.com>
Date: Sun, 23 Jul 2023 19:39:14 +0800
Subject: [PATCH 519/760] [KYUUBI #5085] Update config section of deploy on
 kubernetes

### _Why are the changes needed?_
Updated [kyuubi on kubernetes config section](https://kyuubi.readthedocs.io/en/master/deployment/kyuubi_on_kubernetes.html#config) to state <code> Kyuubi **does** not recommend using this way on Kubernetes</code>

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5086 from mans2singh/ISSUE-5085.

Closes #5086

5faf0df2e [mans2singh] [KYUUBI # 5085] Update config section based on review comments
df9f62f36 [mans2singh] [KYUUBI # 5085] Update config section of deploy on kubernetes

Authored-by: mans2singh <mans2singh@yahoo.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/kyuubi_on_kubernetes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/deployment/kyuubi_on_kubernetes.md b/docs/deployment/kyuubi_on_kubernetes.md
index 8bb1d88c3..11ffe8e48 100644
--- a/docs/deployment/kyuubi_on_kubernetes.md
+++ b/docs/deployment/kyuubi_on_kubernetes.md
@@ -90,7 +90,7 @@ See more related details in [Using RBAC Authorization](https://kubernetes.io/doc
 
 ## Config
 
-You can configure Kyuubi the old-fashioned way by placing kyuubi-default.conf inside the image. Kyuubi do not recommend using this way on Kubernetes.
+You can configure Kyuubi the old-fashioned way by placing `kyuubi-defaults.conf` inside the image. Kyuubi does not recommend using this way on Kubernetes.
 
 Kyuubi provide `${KYUUBI_HOME}/docker/kyuubi-configmap.yaml` to build Configmap for Kyuubi.
 

From 026b88e87b38dde87bf1c1a4bc053815528acbd2 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Mon, 24 Jul 2023 22:40:40 +0800
Subject: [PATCH 520/760] [KYUUBI #5090] Fix AllKyuubiConfiguration to generate
 redundant blank lines in Windows

### _Why are the changes needed?_

close #5090

### _How was this patch tested?_

After this PR it generates normal settings file in windows.

- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5091 from wForget/KYUUBI-5090.

Closes #5090

9e974c7f8 [wforget] fix
dc1ebfc08 [wforget] fix
2cbec60f9 [wforget] [KYUUBI-5090] Fix AllKyuubiConfiguration to generate redundant blank lines in Windows
ecc3b4af6 [mans2singh] [KYUUBI #5086] [KYUUBI # 5085] Update config section of deploy on kubernetes

Lead-authored-by: wforget <643348094@qq.com>
Co-authored-by: mans2singh <mans2singh@yahoo.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/spark/udf/KyuubiDefinedFunctionSuite.scala     | 1 -
 .../src/test/scala/org/apache/kyuubi/MarkdownUtils.scala  | 8 ++++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
index f355e1e6b..566126bb4 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
@@ -56,7 +56,6 @@ class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
       .lines("""
         | Name | Description | Return Type | Since
         | --- | --- | --- | ---
-        |
         |""")
     KDFRegistry.registeredFunctions.foreach { func =>
       builder.line(s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}")
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
index 25a768b75..805913343 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
@@ -22,12 +22,12 @@ import java.nio.file.{Files, Path, StandardOpenOption}
 
 import scala.collection.JavaConverters._
 import scala.collection.mutable.ArrayBuffer
-import scala.compat.Platform.EOL
 
 import com.vladsch.flexmark.formatter.Formatter
 import com.vladsch.flexmark.parser.{Parser, ParserEmulationProfile, PegdownExtensions}
 import com.vladsch.flexmark.profile.pegdown.PegdownOptionsAdapter
 import com.vladsch.flexmark.util.data.{MutableDataHolder, MutableDataSet}
+import com.vladsch.flexmark.util.sequence.SequenceUtils.EOL
 import org.scalatest.Assertions.{assertResult, withClue}
 
 object MarkdownUtils {
@@ -58,7 +58,7 @@ object MarkdownUtils {
   }
 
   def line(str: String): String = {
-    str.stripMargin.replaceAll(EOL, "")
+    str.stripMargin.linesIterator.mkString
   }
 
   def appendBlankLine(buffer: ArrayBuffer[String]): Unit = buffer += ""
@@ -80,7 +80,7 @@ class MarkdownBuilder {
    * @return
    */
   def line(str: String = ""): MarkdownBuilder = {
-    buffer += str.stripMargin.replaceAll(EOL, "")
+    buffer += str.stripMargin.linesIterator.mkString
     this
   }
 
@@ -91,7 +91,7 @@ class MarkdownBuilder {
    * @return
    */
   def lines(multiline: String): MarkdownBuilder = {
-    buffer ++= multiline.stripMargin.split(EOL)
+    buffer ++= multiline.stripMargin.linesIterator
     this
   }
 

From 6ec326adb40720b7fe270f1aee62ef3f94af0756 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 25 Jul 2023 18:04:45 +0800
Subject: [PATCH 521/760] [KYUUBI #5039] [Improvement] Use semantic versions
 and remove redundant version comparison methods

### _Why are the changes needed?_

- Support initializing or comparing version with major version only, e.g "3" equivalent to  "3.0"
- Remove redundant version comparison methods by using semantic versions of Spark, Flink and Kyuubi
- adding common `toDouble` method

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5039 from bowenliang123/improve-semanticversion.

Closes #5039

b6868264f [liangbowen] nit
d39646b7d [liangbowen] SPARK_ENGINE_RUNTIME_VERSION
9148caad0 [liangbowen] use semantic versions
ecc3b4af6 [mans2singh] [KYUUBI #5086] [KYUUBI # 5085] Update config section of deploy on kubernetes

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: mans2singh <mans2singh@yahoo.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../plugin/spark/authz/util/AuthZUtils.scala  | 16 ++---
 .../FunctionPrivilegesBuilderSuite.scala      | 10 +--
 .../spark/authz/PrivilegesBuilderSuite.scala  | 10 +--
 .../spark/connector/common/SparkUtils.scala   | 13 +---
 .../connector/hive/HiveConnectorUtils.scala   |  6 +-
 .../connector/tpcds/TPCDSCatalogSuite.scala   |  4 +-
 .../connector/tpch/TPCHCatalogSuite.scala     |  4 +-
 .../lineage/helper/SparkListenerHelper.scala  | 18 +-----
 .../helper/SparkSQLLineageParseHelper.scala   |  8 +--
 .../atlas/AtlasLineageDispatcherSuite.scala   |  4 +-
 .../events/OperationLineageEventSuite.scala   |  4 +-
 .../SparkSQLLineageParserHelperSuite.scala    |  4 +-
 .../engine/flink/FlinkEngineUtils.scala       | 22 ++-----
 .../flink/shim/FlinkSessionManager.scala      |  4 +-
 .../kyuubi/engine/flink/udf/KDFRegistry.scala |  4 +-
 .../flink/operation/FlinkOperationSuite.scala |  9 +--
 .../kyuubi/engine/spark/KyuubiSparkUtil.scala |  4 +-
 .../SparkArrowbasedOperationSuite.scala       |  2 +-
 .../SparkSQLEngineDeregisterSuite.scala       |  8 +--
 .../authentication/PlainSASLServer.scala      |  5 +-
 .../kyuubi/operation/SparkDataTypeTests.scala |  4 +-
 .../authentication/PlainSASLHelperSuite.scala |  6 +-
 .../apache/kyuubi/util/SparkVersionUtil.scala |  4 +-
 .../apache/kyuubi/util/SemanticVersion.scala  | 64 +++++++++----------
 .../kyuubi/util/SemanticVersionSuite.scala    | 29 +++++++++
 25 files changed, 122 insertions(+), 144 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index 9ac3bfef3..4f7cbb9ef 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -83,18 +83,10 @@ private[authz] object AuthZUtils {
     }
   }
 
-  private lazy val sparkSemanticVersion: SemanticVersion = SemanticVersion(SPARK_VERSION)
-  lazy val isSparkV31OrGreater: Boolean = isSparkVersionAtLeast("3.1")
-  lazy val isSparkV32OrGreater: Boolean = isSparkVersionAtLeast("3.2")
-  lazy val isSparkV33OrGreater: Boolean = isSparkVersionAtLeast("3.3")
-
-  def isSparkVersionAtMost(targetVersionString: String): Boolean = {
-    sparkSemanticVersion.isVersionAtMost(targetVersionString)
-  }
-
-  def isSparkVersionAtLeast(targetVersionString: String): Boolean = {
-    sparkSemanticVersion.isVersionAtLeast(targetVersionString)
-  }
+  lazy val SPARK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(SPARK_VERSION)
+  lazy val isSparkV31OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.1"
+  lazy val isSparkV32OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.2"
+  lazy val isSparkV33OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.3"
 
   def quoteIfNeeded(part: String): String = {
     if (part.matches("[a-zA-Z0-9_]+") && !part.matches("\\d+")) {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
index 0f261c2dd..7181a6760 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
@@ -24,7 +24,7 @@ import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isSparkVersionAtMost
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.SPARK_RUNTIME_VERSION
 
 abstract class FunctionPrivilegesBuilderSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
@@ -112,7 +112,7 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   override protected val catalogImpl: String = "hive"
 
   test("Function Call Query") {
-    assume(isSparkVersionAtMost("3.3"))
+    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
       s"kyuubi_fun_2(value), " +
       s"${reusedDb}.kyuubi_fun_0(value), " +
@@ -132,7 +132,7 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   }
 
   test("Function Call Query with Quoted Name") {
-    assume(isSparkVersionAtMost("3.3"))
+    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val plan = sql(s"SELECT `kyuubi_fun_1`('data'), " +
       s"`kyuubi_fun_2`(value), " +
       s"`${reusedDb}`.`kyuubi_fun_0`(value), " +
@@ -152,7 +152,7 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   }
 
   test("Simple Function Call Query") {
-    assume(isSparkVersionAtMost("3.3"))
+    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
       s"kyuubi_fun_0('value'), " +
       s"${reusedDb}.kyuubi_fun_0('value'), " +
@@ -172,7 +172,7 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   }
 
   test("Function Call In CAST Command") {
-    assume(isSparkVersionAtMost("3.3"))
+    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val table = "castTable"
     withTable(table) { table =>
       val plan = sql(s"CREATE TABLE ${table} " +
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 1e379f648..878aa7dad 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -112,7 +112,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("AlterDatabasePropertiesCommand") {
-    assume(isSparkVersionAtMost("3.2"))
+    assume(SPARK_RUNTIME_VERSION <= "3.2")
     val plan = sql("ALTER DATABASE default SET DBPROPERTIES (abc = '123')").queryExecution.analyzed
     val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
     assertResult(plan.getClass.getName)(
@@ -160,7 +160,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("CreateDatabaseCommand") {
-    assume(isSparkVersionAtMost("3.2"))
+    assume(SPARK_RUNTIME_VERSION <= "3.2")
     withDatabase("CreateDatabaseCommand") { db =>
       val plan = sql(s"CREATE DATABASE $db").queryExecution.analyzed
       val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
@@ -182,7 +182,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("DropDatabaseCommand") {
-    assume(isSparkVersionAtMost("3.2"))
+    assume(SPARK_RUNTIME_VERSION <= "3.2")
     withDatabase("DropDatabaseCommand") { db =>
       sql(s"CREATE DATABASE $db")
       val plan = sql(s"DROP DATABASE DropDatabaseCommand").queryExecution.analyzed
@@ -759,7 +759,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("DescribeDatabaseCommand") {
-    assume(isSparkVersionAtMost("3.2"))
+    assume(SPARK_RUNTIME_VERSION <= "3.2")
     val plan = sql(s"DESC DATABASE $reusedDb").queryExecution.analyzed
     val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
     assert(operationType === DESCDATABASE)
@@ -1253,7 +1253,7 @@ class InMemoryPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
 
   // some hive version does not support set database location
   test("AlterDatabaseSetLocationCommand") {
-    assume(isSparkVersionAtMost("3.2"))
+    assume(SPARK_RUNTIME_VERSION <= "3.2")
     val newLoc = spark.conf.get("spark.sql.warehouse.dir") + "/new_db_location"
     val plan = sql(s"ALTER DATABASE default SET LOCATION '$newLoc'")
       .queryExecution.analyzed
diff --git a/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala b/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala
index a6c1624c1..fcb99ebe6 100644
--- a/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala
+++ b/extensions/spark/kyuubi-spark-connector-common/src/main/scala/org/apache/kyuubi/spark/connector/common/SparkUtils.scala
@@ -22,16 +22,5 @@ import org.apache.spark.SPARK_VERSION
 import org.apache.kyuubi.util.SemanticVersion
 
 object SparkUtils {
-
-  def isSparkVersionAtMost(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionAtMost(targetVersionString)
-  }
-
-  def isSparkVersionAtLeast(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionAtLeast(targetVersionString)
-  }
-
-  def isSparkVersionEqualTo(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionEqualTo(targetVersionString)
-  }
+  lazy val SPARK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(SPARK_VERSION)
 }
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
index d0d0666bb..615093186 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveConnectorUtils.scala
@@ -29,15 +29,15 @@ import org.apache.spark.sql.execution.datasources.PartitionedFile
 import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.types.{ArrayType, MapType, StructField, StructType}
 
-import org.apache.kyuubi.spark.connector.common.SparkUtils
+import org.apache.kyuubi.spark.connector.common.SparkUtils.SPARK_RUNTIME_VERSION
 import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
 
 object HiveConnectorUtils extends Logging {
 
   def partitionedFilePath(file: PartitionedFile): String = {
-    if (SparkUtils.isSparkVersionAtLeast("3.4")) {
+    if (SPARK_RUNTIME_VERSION >= "3.4") {
       invokeAs[String](file, "urlEncodedPath")
-    } else if (SparkUtils.isSparkVersionAtLeast("3.3")) {
+    } else if (SPARK_RUNTIME_VERSION >= "3.3") {
       invokeAs[String](file, "filePath")
     } else {
       throw KyuubiHiveConnectorException(s"Spark version $SPARK_VERSION " +
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
index 451cee135..f5c6563e7 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
@@ -23,7 +23,7 @@ import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSession
-import org.apache.kyuubi.spark.connector.common.SparkUtils
+import org.apache.kyuubi.spark.connector.common.SparkUtils.SPARK_RUNTIME_VERSION
 
 class TPCDSCatalogSuite extends KyuubiFunSuite {
 
@@ -126,7 +126,7 @@ class TPCDSCatalogSuite extends KyuubiFunSuite {
         val stats = spark.table(tableName).queryExecution.analyzed.stats
         assert(stats.sizeInBytes == sizeInBytes)
         // stats.rowCount only has value after SPARK-33954
-        if (SparkUtils.isSparkVersionAtLeast("3.2")) {
+        if (SPARK_RUNTIME_VERSION >= "3.2") {
           assert(stats.rowCount.contains(rowCount), tableName)
         }
       }
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
index 802c8d690..14415141e 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHCatalogSuite.scala
@@ -23,7 +23,7 @@ import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSession
-import org.apache.kyuubi.spark.connector.common.SparkUtils
+import org.apache.kyuubi.spark.connector.common.SparkUtils.SPARK_RUNTIME_VERSION
 
 class TPCHCatalogSuite extends KyuubiFunSuite {
 
@@ -130,7 +130,7 @@ class TPCHCatalogSuite extends KyuubiFunSuite {
         val stats = spark.table(tableName).queryExecution.analyzed.stats
         assert(stats.sizeInBytes == sizeInBytes)
         // stats.rowCount only has value after SPARK-33954
-        if (SparkUtils.isSparkVersionAtLeast("3.2")) {
+        if (SPARK_RUNTIME_VERSION >= "3.2") {
           assert(stats.rowCount.contains(rowCount), tableName)
         }
       }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
index a1747493e..6093e8660 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkListenerHelper.scala
@@ -25,23 +25,7 @@ import org.apache.kyuubi.util.SemanticVersion
 
 object SparkListenerHelper {
 
-  lazy val sparkMajorMinorVersion: (Int, Int) = {
-    val runtimeSparkVer = org.apache.spark.SPARK_VERSION
-    val runtimeVersion = SemanticVersion(runtimeSparkVer)
-    (runtimeVersion.majorVersion, runtimeVersion.minorVersion)
-  }
-
-  def isSparkVersionAtMost(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionAtMost(targetVersionString)
-  }
-
-  def isSparkVersionAtLeast(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionAtLeast(targetVersionString)
-  }
-
-  def isSparkVersionEqualTo(targetVersionString: String): Boolean = {
-    SemanticVersion(SPARK_VERSION).isVersionEqualTo(targetVersionString)
-  }
+  lazy val SPARK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(SPARK_VERSION)
 
   def currentUser: String = UserGroupInformation.getCurrentUser.getShortUserName
 
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index f2806f216..a5f805fa9 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -37,7 +37,7 @@ import org.apache.spark.sql.execution.datasources.LogicalRelation
 import org.apache.spark.sql.execution.datasources.v2.{DataSourceV2Relation, DataSourceV2ScanRelation}
 
 import org.apache.kyuubi.plugin.lineage.Lineage
-import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
+import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.SPARK_RUNTIME_VERSION
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait LineageParser {
@@ -194,7 +194,7 @@ trait LineageParser {
         extractColumnsLineage(commandPlan, parentColumnsLineage)
       case p if p.nodeName == "AlterViewAsCommand" =>
         val query =
-          if (isSparkVersionAtMost("3.1")) {
+          if (SPARK_RUNTIME_VERSION <= "3.1") {
             sparkSession.sessionState.analyzer.execute(getQuery(plan))
           } else {
             getQuery(plan)
@@ -211,7 +211,7 @@ trait LineageParser {
         val outputCols =
           getField[Seq[(String, Option[String])]](plan, "userSpecifiedColumns").map(_._1)
         val query =
-          if (isSparkVersionAtMost("3.1")) {
+          if (SPARK_RUNTIME_VERSION <= "3.1") {
             sparkSession.sessionState.analyzer.execute(getField[LogicalPlan](plan, "child"))
           } else {
             getField[LogicalPlan](plan, "plan")
@@ -240,7 +240,7 @@ trait LineageParser {
           if p.nodeName == "CreateTableAsSelect" ||
             p.nodeName == "ReplaceTableAsSelect" =>
         val (table, namespace, catalog) =
-          if (isSparkVersionAtMost("3.2")) {
+          if (SPARK_RUNTIME_VERSION <= "3.2") {
             (
               getField[Identifier](plan, "tableName").name,
               getField[Identifier](plan, "tableName").namespace.mkString("."),
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
index cb98c52ef..4d41b2a57 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
@@ -34,11 +34,11 @@ import org.scalatest.time.SpanSugar._
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.plugin.lineage.Lineage
 import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasEntityHelper.{COLUMN_LINEAGE_TYPE, PROCESS_TYPE}
-import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
+import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.SPARK_RUNTIME_VERSION
 
 class AtlasLineageDispatcherSuite extends KyuubiFunSuite with SparkListenerExtensionTest {
   val catalogName =
-    if (isSparkVersionAtMost("3.1")) "org.apache.spark.sql.connector.InMemoryTableCatalog"
+    if (SPARK_RUNTIME_VERSION <= "3.1") "org.apache.spark.sql.connector.InMemoryTableCatalog"
     else "org.apache.spark.sql.connector.catalog.InMemoryTableCatalog"
 
   override protected val catalogImpl: String = "hive"
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
index 67e94ad0b..ff0a55ff1 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
@@ -30,12 +30,12 @@ import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.plugin.lineage.Lineage
 import org.apache.kyuubi.plugin.lineage.dispatcher.{OperationLineageKyuubiEvent, OperationLineageSparkEvent}
-import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
+import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.SPARK_RUNTIME_VERSION
 
 class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtensionTest {
 
   val catalogName =
-    if (isSparkVersionAtMost("3.1")) "org.apache.spark.sql.connector.InMemoryTableCatalog"
+    if (SPARK_RUNTIME_VERSION <= "3.1") "org.apache.spark.sql.connector.InMemoryTableCatalog"
     else "org.apache.spark.sql.connector.catalog.InMemoryTableCatalog"
 
   override protected val catalogImpl: String = "hive"
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index ebc4610ee..d3cd41abc 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -29,13 +29,13 @@ import org.apache.spark.sql.types.{IntegerType, StringType, StructType}
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.plugin.lineage.Lineage
-import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.isSparkVersionAtMost
+import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.SPARK_RUNTIME_VERSION
 
 class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   with SparkListenerExtensionTest {
 
   val catalogName =
-    if (isSparkVersionAtMost("3.1")) "org.apache.spark.sql.connector.InMemoryTableCatalog"
+    if (SPARK_RUNTIME_VERSION <= "3.1") "org.apache.spark.sql.connector.InMemoryTableCatalog"
     else "org.apache.spark.sql.connector.catalog.InMemoryTableCatalog"
 
   override protected val catalogImpl: String = "hive"
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
index 81441ffdf..7d42aae8c 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
@@ -48,12 +48,13 @@ object FlinkEngineUtils extends Logging {
 
   val EMBEDDED_MODE_CLIENT_OPTIONS: Options = getEmbeddedModeClientOptions(new Options)
 
-  val SUPPORTED_FLINK_VERSIONS: Array[SemanticVersion] =
-    Array("1.16", "1.17").map(SemanticVersion.apply)
+  private def SUPPORTED_FLINK_VERSIONS = Set("1.16", "1.17").map(SemanticVersion.apply)
+
+  val FLINK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(EnvironmentInformation.getVersion)
 
   def checkFlinkVersion(): Unit = {
     val flinkVersion = EnvironmentInformation.getVersion
-    if (SUPPORTED_FLINK_VERSIONS.contains(SemanticVersion(flinkVersion))) {
+    if (SUPPORTED_FLINK_VERSIONS.contains(FLINK_RUNTIME_VERSION)) {
       info(s"The current Flink version is $flinkVersion")
     } else {
       throw new UnsupportedOperationException(
@@ -62,15 +63,6 @@ object FlinkEngineUtils extends Logging {
     }
   }
 
-  def isFlinkVersionAtMost(targetVersionString: String): Boolean =
-    SemanticVersion(EnvironmentInformation.getVersion).isVersionAtMost(targetVersionString)
-
-  def isFlinkVersionAtLeast(targetVersionString: String): Boolean =
-    SemanticVersion(EnvironmentInformation.getVersion).isVersionAtLeast(targetVersionString)
-
-  def isFlinkVersionEqualTo(targetVersionString: String): Boolean =
-    SemanticVersion(EnvironmentInformation.getVersion).isVersionEqualTo(targetVersionString)
-
   /**
    * Copied and modified from [[org.apache.flink.table.client.cli.CliOptionsParser]]
    * to avoid loading flink-python classes which we doesn't support yet.
@@ -116,7 +108,7 @@ object FlinkEngineUtils extends Logging {
     val libDirs: JList[URL] = Option(checkUrls(line, CliOptionsParser.OPTION_LIBRARY))
       .getOrElse(JCollections.emptyList())
     val dependencies: JList[URL] = discoverDependencies(jars, libDirs)
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+    if (FLINK_RUNTIME_VERSION === "1.16") {
       val commandLines: JList[CustomCommandLine] =
         Seq(new GenericCLI(flinkConf, flinkConfDir), new DefaultCLI).asJava
       DynConstructors.builder()
@@ -127,7 +119,7 @@ object FlinkEngineUtils extends Logging {
         .build()
         .newInstance(flinkConf, commandLines)
         .asInstanceOf[DefaultContext]
-    } else if (FlinkEngineUtils.isFlinkVersionEqualTo("1.17")) {
+    } else if (FLINK_RUNTIME_VERSION === "1.17") {
       invokeAs[DefaultContext](
         classOf[DefaultContext],
         "load",
@@ -144,7 +136,7 @@ object FlinkEngineUtils extends Logging {
   def getSessionContext(session: Session): SessionContext = getField(session, "sessionContext")
 
   def getResultJobId(resultFetch: ResultFetcher): Option[JobID] = {
-    if (FlinkEngineUtils.isFlinkVersionAtMost("1.16")) {
+    if (FLINK_RUNTIME_VERSION <= "1.16") {
       return None
     }
     try {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
index f1a6afed1..89414ac4c 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/shim/FlinkSessionManager.scala
@@ -21,14 +21,14 @@ import org.apache.flink.table.gateway.api.session.{SessionEnvironment, SessionHa
 import org.apache.flink.table.gateway.service.context.DefaultContext
 import org.apache.flink.table.gateway.service.session.Session
 
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils.FLINK_RUNTIME_VERSION
 import org.apache.kyuubi.util.reflect._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class FlinkSessionManager(engineContext: DefaultContext) {
 
   val sessionManager: AnyRef = {
-    if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+    if (FLINK_RUNTIME_VERSION === "1.16") {
       DynConstructors.builder().impl(
         "org.apache.flink.table.gateway.service.session.SessionManager",
         classOf[DefaultContext])
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala
index b6729cff3..9ccbe7940 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/udf/KDFRegistry.scala
@@ -27,7 +27,7 @@ import org.apache.flink.table.gateway.service.context.SessionContext
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
 import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_NAME, KYUUBI_SESSION_USER_KEY}
-import org.apache.kyuubi.engine.flink.FlinkEngineUtils
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils.FLINK_RUNTIME_VERSION
 import org.apache.kyuubi.util.reflect.DynMethods
 
 object KDFRegistry {
@@ -37,7 +37,7 @@ object KDFRegistry {
     val kyuubiDefinedFunctions = new ArrayBuffer[KyuubiDefinedFunction]
 
     val flinkConfigMap: util.Map[String, String] = {
-      if (FlinkEngineUtils.isFlinkVersionEqualTo("1.16")) {
+      if (FLINK_RUNTIME_VERSION === "1.16") {
         DynMethods
           .builder("getConfigMap")
           .impl(classOf[SessionContext])
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 1b27ae974..35b59b661 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -30,7 +30,8 @@ import org.apache.hive.service.rpc.thrift._
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.engine.flink.{FlinkEngineUtils, WithFlinkTestResources}
+import org.apache.kyuubi.engine.flink.FlinkEngineUtils.FLINK_RUNTIME_VERSION
+import org.apache.kyuubi.engine.flink.WithFlinkTestResources
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
@@ -635,7 +636,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
   }
 
   test("execute statement - show/stop jobs") {
-    if (FlinkEngineUtils.isFlinkVersionAtLeast("1.17")) {
+    if (FLINK_RUNTIME_VERSION >= "1.17") {
       withSessionConf()(Map(ENGINE_FLINK_MAX_ROWS.key -> "10"))(Map.empty) {
         withMultipleConnectionJdbcStatement()({ statement =>
           statement.executeQuery(
@@ -1055,7 +1056,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       val jobId = resultSet.getString(1)
       assert(jobId.length == 32)
 
-      if (FlinkEngineUtils.isFlinkVersionAtLeast("1.17")) {
+      if (FLINK_RUNTIME_VERSION >= "1.17") {
         val stopResult = statement.executeQuery(s"stop job '$jobId'")
         assert(stopResult.next())
         assert(stopResult.getString(1) === "OK")
@@ -1244,7 +1245,7 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       stmt.executeQuery("insert into tbl_a values (1)")
       val queryId = stmt.asInstanceOf[KyuubiStatement].getQueryId
       // Flink 1.16 doesn't support query id via ResultFetcher
-      if (FlinkEngineUtils.isFlinkVersionAtLeast("1.17")) {
+      if (FLINK_RUNTIME_VERSION >= "1.17") {
         assert(queryId !== null)
         // parse the string to check if it's valid Flink job id
         assert(JobID.fromHexString(queryId) !== null)
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
index fcfdf55dd..b9fb93259 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/KyuubiSparkUtil.scala
@@ -21,7 +21,7 @@ import java.time.{Instant, LocalDateTime, ZoneId}
 
 import scala.annotation.meta.getter
 
-import org.apache.spark.SparkContext
+import org.apache.spark.{SPARK_VERSION, SparkContext}
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.util.kvstore.KVIndex
 
@@ -97,5 +97,5 @@ object KyuubiSparkUtil extends Logging {
 
   // Given that we are on the Spark SQL engine side, the [[org.apache.spark.SPARK_VERSION]] can be
   // represented as the runtime version of the Spark SQL engine.
-  lazy val SPARK_ENGINE_RUNTIME_VERSION = SemanticVersion(org.apache.spark.SPARK_VERSION)
+  lazy val SPARK_ENGINE_RUNTIME_VERSION: SemanticVersion = SemanticVersion(SPARK_VERSION)
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
index 2e7e41a2a..d3d4a56d7 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/operation/SparkArrowbasedOperationSuite.scala
@@ -258,7 +258,7 @@ class SparkArrowbasedOperationSuite extends WithSparkSQLEngine with SparkDataTyp
   }
 
   test("result offset support") {
-    assume(SPARK_ENGINE_RUNTIME_VERSION > "3.3")
+    assume(SPARK_ENGINE_RUNTIME_VERSION >= "3.4")
     var numStages = 0
     val listener = new SparkListener {
       override def onJobStart(jobStart: SparkListenerJobStart): Unit = {
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala
index 1e3d6163a..4dddcd4ee 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SparkSQLEngineDeregisterSuite.scala
@@ -24,9 +24,8 @@ import org.apache.spark.sql.internal.SQLConf.ANSI_ENABLED
 import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.engine.spark.{WithDiscoverySparkSQLEngine, WithEmbeddedZookeeper}
 import org.apache.kyuubi.engine.spark.KyuubiSparkUtil.SPARK_ENGINE_RUNTIME_VERSION
-import org.apache.kyuubi.engine.spark.WithDiscoverySparkSQLEngine
-import org.apache.kyuubi.engine.spark.WithEmbeddedZookeeper
 import org.apache.kyuubi.service.ServiceState
 
 abstract class SparkSQLEngineDeregisterSuite
@@ -61,13 +60,14 @@ abstract class SparkSQLEngineDeregisterSuite
 class SparkSQLEngineDeregisterExceptionSuite extends SparkSQLEngineDeregisterSuite {
   override def withKyuubiConf: Map[String, String] = {
     super.withKyuubiConf ++ Map(ENGINE_DEREGISTER_EXCEPTION_CLASSES.key -> {
-      if (SPARK_ENGINE_RUNTIME_VERSION > "3.2") {
+      if (SPARK_ENGINE_RUNTIME_VERSION >= "3.3") {
         // see https://issues.apache.org/jira/browse/SPARK-35958
         "org.apache.spark.SparkArithmeticException"
       } else {
         classOf[ArithmeticException].getCanonicalName
       }
     })
+
   }
 }
 
@@ -94,7 +94,7 @@ class SparkSQLEngineDeregisterExceptionTTLSuite
       zookeeperConf ++ Map(
         ANSI_ENABLED.key -> "true",
         ENGINE_DEREGISTER_EXCEPTION_CLASSES.key -> {
-          if (SPARK_ENGINE_RUNTIME_VERSION > "3.2") {
+          if (SPARK_ENGINE_RUNTIME_VERSION >= "3.3") {
             // see https://issues.apache.org/jira/browse/SPARK-35958
             "org.apache.spark.SparkArithmeticException"
           } else {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala
index 63cc4c0f3..737a6d8cd 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/PlainSASLServer.scala
@@ -126,10 +126,7 @@ object PlainSASLServer {
     }
   }
 
-  final private val version: Double = {
-    val runtimeVersion = SemanticVersion(KYUUBI_VERSION)
-    runtimeVersion.majorVersion + runtimeVersion.minorVersion.toDouble / 10
-  }
+  final private val version = SemanticVersion(KYUUBI_VERSION).toDouble
 
   class SaslPlainProvider
     extends Provider("KyuubiSaslPlain", version, "Kyuubi Plain SASL provider") {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
index f0dd3e723..2709bc861 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkDataTypeTests.scala
@@ -245,7 +245,7 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper with SparkVersionUtil {
           assert(resultSet.next())
           val result = resultSet.getString("col")
           val metaData = resultSet.getMetaData
-          if (SPARK_ENGINE_RUNTIME_VERSION < "3.2") {
+          if (SPARK_ENGINE_RUNTIME_VERSION <= "3.1") {
             // for spark 3.1 and backwards
             assert(result === kv._2._2)
             assert(metaData.getPrecision(1) === Int.MaxValue)
@@ -276,7 +276,7 @@ trait SparkDataTypeTests extends HiveJDBCTestHelper with SparkVersionUtil {
         assert(resultSet.next())
         val result = resultSet.getString("col")
         val metaData = resultSet.getMetaData
-        if (SPARK_ENGINE_RUNTIME_VERSION < "3.2") {
+        if (SPARK_ENGINE_RUNTIME_VERSION <= "3.1") {
           // for spark 3.1 and backwards
           assert(result === kv._2._2)
           assert(metaData.getPrecision(1) === Int.MaxValue)
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala
index 795eaa0d6..d4290a2c6 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/PlainSASLHelperSuite.scala
@@ -62,10 +62,6 @@ class PlainSASLHelperSuite extends KyuubiFunSuite {
     val saslPlainProvider = new SaslPlainProvider()
     assert(saslPlainProvider.containsKey("SaslServerFactory.PLAIN"))
     assert(saslPlainProvider.getName === "KyuubiSaslPlain")
-    val version: Double = {
-      val ver = SemanticVersion(KYUUBI_VERSION)
-      ver.majorVersion + ver.minorVersion.toDouble / 10
-    }
-    assert(saslPlainProvider.getVersion === version)
+    assertResult(saslPlainProvider.getVersion)(SemanticVersion(KYUUBI_VERSION).toDouble)
   }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
index 098de23af..ece9d53aa 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/util/SparkVersionUtil.scala
@@ -22,9 +22,7 @@ import org.apache.kyuubi.operation.HiveJDBCTestHelper
 trait SparkVersionUtil {
   this: HiveJDBCTestHelper =>
 
-  protected lazy val SPARK_ENGINE_RUNTIME_VERSION = sparkEngineMajorMinorVersion
-
-  def sparkEngineMajorMinorVersion: SemanticVersion = {
+  protected lazy val SPARK_ENGINE_RUNTIME_VERSION: SemanticVersion = {
     var sparkRuntimeVer = ""
     withJdbcStatement() { stmt =>
       val result = stmt.executeQuery("SELECT version()")
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala
index 2b4e718c9..ba0ae8910 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/SemanticVersion.scala
@@ -20,7 +20,10 @@ package org.apache.kyuubi.util
 /**
  * Encapsulate a component version for the convenience of version checks.
  */
-case class SemanticVersion(majorVersion: Int, minorVersion: Int) {
+case class SemanticVersion(majorVersion: Int, minorVersion: Int)
+  extends Comparable[SemanticVersion] {
+
+  def ===(targetVersionString: String): Boolean = isVersionEqualTo(targetVersionString)
 
   def <=(targetVersionString: String): Boolean = isVersionAtMost(targetVersionString)
 
@@ -30,49 +33,46 @@ case class SemanticVersion(majorVersion: Int, minorVersion: Int) {
 
   def <(targetVersionString: String): Boolean = !isVersionAtLeast(targetVersionString)
 
-  def isVersionAtMost(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor < targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor <= targetMinor
-        })
-  }
+  def isVersionAtMost(targetVersionString: String): Boolean =
+    compareTo(SemanticVersion(targetVersionString)) <= 0
 
-  def isVersionAtLeast(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        (runtimeMajor > targetMajor) || {
-          runtimeMajor == targetMajor && runtimeMinor >= targetMinor
-        })
-  }
+  def isVersionAtLeast(targetVersionString: String): Boolean =
+    compareTo(SemanticVersion(targetVersionString)) >= 0
 
-  def isVersionEqualTo(targetVersionString: String): Boolean = {
-    this.compareVersion(
-      targetVersionString,
-      (targetMajor: Int, targetMinor: Int, runtimeMajor: Int, runtimeMinor: Int) =>
-        runtimeMajor == targetMajor && runtimeMinor == targetMinor)
-  }
+  def isVersionEqualTo(targetVersionString: String): Boolean =
+    compareTo(SemanticVersion(targetVersionString)) == 0
 
-  def compareVersion(
-      targetVersionString: String,
-      callback: (Int, Int, Int, Int) => Boolean): Boolean = {
-    val targetVersion = SemanticVersion(targetVersionString)
-    val targetMajor = targetVersion.majorVersion
-    val targetMinor = targetVersion.minorVersion
-    callback(targetMajor, targetMinor, this.majorVersion, this.minorVersion)
+  override def compareTo(v: SemanticVersion): Int = {
+    if (majorVersion > v.majorVersion) {
+      1
+    } else if (majorVersion < v.majorVersion) {
+      -1
+    } else {
+      minorVersion - v.minorVersion
+    }
   }
 
   override def toString: String = s"$majorVersion.$minorVersion"
+
+  /**
+   * Returning a double in format of "majorVersion.minorVersion".
+   * Note: Not suitable for version comparison, only for logging.
+   * @return
+   */
+  def toDouble: Double = toString.toDouble
+
 }
 
 object SemanticVersion {
 
+  private val semanticVersionRegex = """^(\d+)(?:\.(\d+))?(\..*)?$""".r
+
   def apply(versionString: String): SemanticVersion = {
-    """^(\d+)\.(\d+)(\..*)?$""".r.findFirstMatchIn(versionString) match {
+    semanticVersionRegex.findFirstMatchIn(versionString) match {
       case Some(m) =>
-        SemanticVersion(m.group(1).toInt, m.group(2).toInt)
+        val major = m.group(1).toInt
+        val minor = Option(m.group(2)).getOrElse("0").toInt
+        SemanticVersion(major, minor)
       case None =>
         throw new IllegalArgumentException(s"Tried to parse '$versionString' as a project" +
           s" version string, but it could not find the major and minor version numbers.")
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
index d7eef2fc4..ca208d89c 100644
--- a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
@@ -41,6 +41,11 @@ class SemanticVersionSuite extends AnyFunSuite {
     assert(version.minorVersion === 9)
   }
 
+  test("reject parsing illegal formatted version") {
+    assertThrows[IllegalArgumentException](SemanticVersion("v1.0"))
+    assertThrows[IllegalArgumentException](SemanticVersion(".1.0"))
+  }
+
   test("companion class compare version at most") {
     assert(SemanticVersion("1.12").isVersionAtMost("2.8.8-SNAPSHOT"))
     val runtimeVersion = SemanticVersion("1.12.4")
@@ -73,4 +78,28 @@ class SemanticVersionSuite extends AnyFunSuite {
     assert(!runtimeVersion.isVersionEqualTo("1.10.4"))
     assert(!runtimeVersion.isVersionEqualTo("2.12.8"))
   }
+
+  test("compare version to major version only") {
+    val versionFromMajorOnly = SemanticVersion("3")
+    assert(versionFromMajorOnly === "3.0")
+    assert(versionFromMajorOnly < "3.1")
+    assert(!(versionFromMajorOnly > "3.0"))
+
+    val runtimeVersion = SemanticVersion("2.3.4")
+    assert(runtimeVersion > "1")
+    assert(runtimeVersion > "2")
+    assert(runtimeVersion >= "2")
+    assert(!(runtimeVersion === "2"))
+    assert(runtimeVersion < "3")
+    assert(runtimeVersion <= "4")
+  }
+
+  test("semantic version to double") {
+    assertResult(1.0d)(SemanticVersion("1").toDouble)
+    assertResult(1.2d)(SemanticVersion("1.2").toDouble)
+    assertResult(1.2d)(SemanticVersion("1.2.3").toDouble)
+    assertResult(1.2d)(SemanticVersion("1.2.3-SNAPSHOT").toDouble)
+    assertResult(1.234d)(SemanticVersion("1.234").toDouble)
+    assertResult(1.234d)(SemanticVersion("1.234.567").toDouble)
+  }
 }

From bbc3fdf5e5ac8f8076646d311fdc28abad1c7ade Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Wed, 26 Jul 2023 18:10:27 +0800
Subject: [PATCH 522/760] [KYUUBI #5094] Add Python JayDeBeApi doc

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5094 from dev-lpq/add_python_doc.

Closes #5094

c7d50d75a [pengqli] upgrade Python-JayDeBeApi doc
41f96fc1b [pengqli] upgrade Python-JayDeBeApi doc
dd0f91bd6 [pengqli] upgrade Python-JayDeBeApi doc
ae1b7bc63 [pengqli] upgrade Python-JayDeBeApi doc
189d7c835 [pengqli] upgrade Python-JayDeBeApi doc
2e1e7b418 [pengqli] upgrade Python-JayDeBeApi doc
362a43296 [pengqli] add Python-JayDeBeApi doc

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/python/index.rst     |  2 +-
 docs/client/python/jaydebeapi.md | 87 ++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 docs/client/python/jaydebeapi.md

diff --git a/docs/client/python/index.rst b/docs/client/python/index.rst
index 70d2bc9e3..5e8ae4228 100644
--- a/docs/client/python/index.rst
+++ b/docs/client/python/index.rst
@@ -22,4 +22,4 @@ Python
 
     pyhive
     pyspark
-
+    jaydebeapi
diff --git a/docs/client/python/jaydebeapi.md b/docs/client/python/jaydebeapi.md
new file mode 100644
index 000000000..3d89fd722
--- /dev/null
+++ b/docs/client/python/jaydebeapi.md
@@ -0,0 +1,87 @@
+<!--
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+
+# Python-JayDeBeApi
+
+The [JayDeBeApi](https://pypi.org/project/JayDeBeApi/) module allows you to connect from Python code to databases using Java JDBC.
+It provides a Python DB-API v2.0 to that database.
+
+## Requirements
+
+To install Python-JayDeBeApi, you can use pip, the Python package manager. Open your command-line interface or terminal and run the following command:
+
+```shell
+pip install jaydebeapi
+```
+
+If you want to install JayDeBeApi in Jython, you'll need to ensure that you have either pip or EasyInstall available for Jython. These tools are used to install Python packages, including JayDeBeApi.
+Or you can get a copy of the source by cloning from the [JayDeBeApi GitHub project](https://github.com/baztian/jaydebeapi) and install it.
+
+```shell
+python setup.py install
+```
+
+or if you are using Jython use
+
+```shell
+jython setup.py install
+```
+
+## Preparation
+
+Using the Python-JayDeBeApi package to connect to Kyuubi, you need to install the library and configure the relevant JDBC driver. You can download JDBC driver from maven repository and specify its path in Python. Choose the matching driver `kyuubi-hive-jdbc-*.jar` package based on the Kyuubi server version.
+The driver class name is `org.apache.kyuubi.jdbc.KyuubiHiveDriver`.
+
+|      Package       |                                                Repo                                                 |
+|--------------------|-----------------------------------------------------------------------------------------------------|
+| kyuubi jdbc driver | [kyuubi-hive-jdbc-*.jar](https://repo1.maven.org/maven2/org/apache/kyuubi/kyuubi-hive-jdbc-shaded/) |
+
+## Usage
+
+Below is a simple example demonstrating how to use Python-JayDeBeApi to connect to Kyuubi database and execute a query:
+
+```python
+import jaydebeapi
+
+# Set JDBC driver path and connection URL
+driver = "org.apache.kyuubi.jdbc.KyuubiHiveDriver"
+url = "jdbc:kyuubi://host:port/default"
+jdbc_driver_path = ["/path/to/kyuubi-hive-jdbc-*.jar"]
+
+# Connect to the database using JayDeBeApi
+conn = jaydebeapi.connect(driver, url, ["user", "password"], jdbc_driver_path)
+
+# Create a cursor object
+cursor = conn.cursor()
+
+# Execute the SQL query
+cursor.execute("SELECT * FROM example_table LIMIT 10")
+
+# Retrieve query results
+result_set = cursor.fetchall()
+
+# Process the results
+for row in result_set:
+    print(row)
+
+# Close the cursor and the connection
+cursor.close()
+conn.close()
+```
+
+Make sure to replace the placeholders (host, port, user, password) with your actual Kyuubi configuration.
+With the above code, you can connect to Kyuubi and execute SQL queries in Python. Please handle exceptions and errors appropriately in real-world applications.

From 25e1a165bf73e155b553334c7b94ebc2eb88706e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 27 Jul 2023 18:25:33 +0800
Subject: [PATCH 523/760] [KYUUBI #5100] [Minor] Fix unpaired quote in message
 pattern

### _Why are the changes needed?_

- Remove the existing single quote in message format which causes the argument 0 is not used
- `A single quote itself must be represented by doubled single quotes '' throughout a String.` https://docs.oracle.com/javase/8/docs/api/java/text/MessageFormat.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5100 from bowenliang123/datatype-msg.

Closes #5100

8135ff146 [liangbowen] fix

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java
index a0d4f3bfd..1e53f9401 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiPreparedStatement.java
@@ -168,7 +168,7 @@ public void setObject(int parameterIndex, Object x) throws SQLException {
       // Can't infer a type.
       throw new KyuubiSQLException(
           MessageFormat.format(
-              "Can't infer the SQL type to use for an instance of {0}. Use setObject() with an explicit Types value to specify the type to use.",
+              "Cannot infer the SQL type to use for an instance of {0}. Use setObject() with an explicit Types value to specify the type to use.",
               x.getClass().getName()));
     }
   }

From b2ddef1996c554026b22931ce4697f6052108606 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 28 Jul 2023 08:22:30 +0800
Subject: [PATCH 524/760] [KYUUBI #5101] [MINOR] Remove unused StringBuilders
 in ResultSets

### _Why are the changes needed?_

- remove 2 unused string builders in `KyuubiQueryResultSet` and `KyuubiArrowQueryResultSet`, which are only appended separator only and never queried again

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5101 from bowenliang123/unused-sb.

Closes #5101

ccb6fb77d [liangbowen] remove never queried StringBuilders

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java | 7 -------
 .../org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java  | 7 -------
 2 files changed, 14 deletions(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java
index fda70f463..54491b2d6 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiArrowQueryResultSet.java
@@ -250,9 +250,6 @@ private void retrieveSchema() throws SQLException {
       metadataResp = client.GetResultSetMetadata(metadataReq);
       Utils.verifySuccess(metadataResp.getStatus());
 
-      StringBuilder namesSb = new StringBuilder();
-      StringBuilder typesSb = new StringBuilder();
-
       TTableSchema schema = metadataResp.getSchema();
       if (schema == null || !schema.isSetColumns()) {
         // TODO: should probably throw an exception here.
@@ -262,10 +259,6 @@ private void retrieveSchema() throws SQLException {
 
       List<TColumnDesc> columns = schema.getColumns();
       for (int pos = 0; pos < schema.getColumnsSize(); pos++) {
-        if (pos != 0) {
-          namesSb.append(",");
-          typesSb.append(",");
-        }
         String columnName = columns.get(pos).getColumnName();
         columnNames.add(columnName);
         normalizedColumnNames.add(columnName.toLowerCase());
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java
index f06ada5d4..82ea74a01 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java
@@ -223,9 +223,6 @@ private void retrieveSchema() throws SQLException {
       metadataResp = client.GetResultSetMetadata(metadataReq);
       Utils.verifySuccess(metadataResp.getStatus());
 
-      StringBuilder namesSb = new StringBuilder();
-      StringBuilder typesSb = new StringBuilder();
-
       TTableSchema schema = metadataResp.getSchema();
       if (schema == null || !schema.isSetColumns()) {
         // TODO: should probably throw an exception here.
@@ -235,10 +232,6 @@ private void retrieveSchema() throws SQLException {
 
       List<TColumnDesc> columns = schema.getColumns();
       for (int pos = 0; pos < schema.getColumnsSize(); pos++) {
-        if (pos != 0) {
-          namesSb.append(",");
-          typesSb.append(",");
-        }
         String columnName = columns.get(pos).getColumnName();
         columnNames.add(columnName);
         normalizedColumnNames.add(columnName.toLowerCase());

From 998b5d53493af836bd6d2e06e82842491935aea4 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Fri, 28 Jul 2023 10:46:53 +0800
Subject: [PATCH 525/760] [KYUUBI #5099] Document link failure

### _Why are the changes needed?_

close #5099

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5103 from lsm1/features/kyuubi_5099.

Closes #5099

84a1ecad0 [senmiaoliu] fix doc

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/spark/aqe.md                | 2 +-
 docs/deployment/spark/dynamic_allocation.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/deployment/spark/aqe.md b/docs/deployment/spark/aqe.md
index 90cc5aff8..3682c7f9e 100644
--- a/docs/deployment/spark/aqe.md
+++ b/docs/deployment/spark/aqe.md
@@ -210,7 +210,7 @@ Kyuubi is a long-running service to make it easier for end-users to use Spark SQ
 
 ### Setting Default Configurations
 
-[Configuring by `spark-defaults.conf`](settings.html#via-spark-defaults-conf) at the engine side is the best way to set up Kyuubi with AQE. All engines will be instantiated with AQE enabled.
+[Configuring by `spark-defaults.conf`](../settings.html#via-spark-defaults-conf) at the engine side is the best way to set up Kyuubi with AQE. All engines will be instantiated with AQE enabled.
 
 Here is a config setting that we use in our platform when deploying Kyuubi.
 
diff --git a/docs/deployment/spark/dynamic_allocation.md b/docs/deployment/spark/dynamic_allocation.md
index b177b63c3..1a5057e73 100644
--- a/docs/deployment/spark/dynamic_allocation.md
+++ b/docs/deployment/spark/dynamic_allocation.md
@@ -170,7 +170,7 @@ Kyuubi is a long-running service to make it easier for end-users to use Spark SQ
 
 ### Setting Default Configurations
 
-[Configuring by `spark-defaults.conf`](settings.html#via-spark-defaults-conf) at the engine side is the best way to set up Kyuubi with DRA. All engines will be instantiated with DRA enabled.
+[Configuring by `spark-defaults.conf`](../settings.html#via-spark-defaults-conf) at the engine side is the best way to set up Kyuubi with DRA. All engines will be instantiated with DRA enabled.
 
 Here is a config setting that we use in our platform when deploying Kyuubi.
 

From c0bfebd5543a578c6554530a1575d6485be1d05a Mon Sep 17 00:00:00 2001
From: liupeiyue <liupeiyue@yy.com>
Date: Mon, 31 Jul 2023 11:42:18 +0800
Subject: [PATCH 526/760] [KYUUBI #5065][FOLLOWUP] Graceful close the process
 when launch engine timeout

### _Why are the changes needed?_
#5065

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5097 from ASiegeLion/master.

Closes #5065

d50a388d6 [Cheng Pan] followup
80861dd71 [liupeiyue] [KYUUBI #5065][FOLLOWUP] Graceful close the process when launch engine timeout

Lead-authored-by: liupeiyue <liupeiyue@yy.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/Utils.scala  | 23 +++++++++++++++++++
 .../org/apache/kyuubi/engine/EngineRef.scala  |  2 +-
 .../apache/kyuubi/engine/ProcBuilder.scala    |  9 +-------
 .../kyuubi/operation/BatchJobSubmission.scala |  7 ++++--
 4 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
index 06c572130..fac30a173 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
@@ -23,6 +23,7 @@ import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, Paths, StandardCopyOption}
 import java.text.SimpleDateFormat
 import java.util.{Date, Properties, TimeZone, UUID}
+import java.util.concurrent.TimeUnit
 import java.util.concurrent.atomic.AtomicLong
 import java.util.concurrent.locks.Lock
 
@@ -417,4 +418,26 @@ object Utils extends Logging {
       lock.unlock()
     }
   }
+
+  /**
+   * Try killing the process gracefully first, then forcibly if process does not exit in
+   * graceful period.
+   *
+   * @param process the being killed process
+   * @param gracefulPeriod the graceful killing period, in milliseconds
+   * @return the exit code if process exit normally, None if the process finally was killed
+   *         forcibly
+   */
+  def terminateProcess(process: java.lang.Process, gracefulPeriod: Long): Option[Int] = {
+    process.destroy()
+    if (process.waitFor(gracefulPeriod, TimeUnit.MILLISECONDS)) {
+      Some(process.exitValue())
+    } else {
+      warn(s"Process does not exit after $gracefulPeriod ms, try to forcibly kill. " +
+        "Staging files generated by the process may be retained!")
+      process.destroyForcibly()
+      None
+    }
+  }
+
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 5ade86400..123aec46c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -224,7 +224,7 @@ private[kyuubi] class EngineRef(
 
         if (started + timeout <= System.currentTimeMillis()) {
           val killMessage = engineManager.killApplication(builder.appMgrInfo(), engineRefId)
-          process.destroyForcibly()
+          builder.close(true)
           MetricsSystem.tracing(_.incCount(MetricRegistry.name(ENGINE_TIMEOUT, appUser)))
           throw KyuubiSQLException(
             s"Timeout($timeout ms, you can modify ${ENGINE_INIT_TIMEOUT.key} to change it) to" +
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index f1e49d687..304799db8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -21,7 +21,6 @@ import java.io.{File, FilenameFilter, IOException}
 import java.net.URI
 import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, Paths}
-import java.util.concurrent.TimeUnit
 
 import scala.collection.JavaConverters._
 
@@ -261,13 +260,7 @@ trait ProcBuilder {
       logCaptureThread = null
     }
     if (destroyProcess && process != null) {
-      process.destroy()
-      if (!process.waitFor(engineStartupDestroyTimeout, TimeUnit.MILLISECONDS)) {
-        warn("Engine startup process does not exit after " +
-          s"$engineStartupDestroyTimeout ms, try to forcibly kill. " +
-          "Staging files generated by the process may be retained!")
-        process.destroyForcibly()
-      }
+      Utils.terminateProcess(process, engineStartupDestroyTimeout)
       process = null
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 8bb9804ec..ac723b2c6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -26,7 +26,7 @@ import com.codahale.metrics.MetricRegistry
 import com.google.common.annotations.VisibleForTesting
 import org.apache.hive.service.rpc.thrift._
 
-import org.apache.kyuubi.{KyuubiException, KyuubiSQLException}
+import org.apache.kyuubi.{KyuubiException, KyuubiSQLException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationState, KillResponse, ProcBuilder}
 import org.apache.kyuubi.engine.spark.SparkBatchProcessBuilder
@@ -131,6 +131,9 @@ class BatchJobSubmission(
   private val applicationStarvationTimeout =
     session.sessionConf.get(KyuubiConf.BATCH_APPLICATION_STARVATION_TIMEOUT)
 
+  private val applicationStartupDestroyTimeout =
+    session.sessionConf.get(KyuubiConf.SESSION_ENGINE_STARTUP_DESTROY_TIMEOUT)
+
   private def updateBatchMetadata(): Unit = {
     val endTime = if (isTerminalState(state)) lastAccessTime else 0L
 
@@ -246,7 +249,7 @@ class BatchJobSubmission(
       }
 
       if (applicationFailed(_applicationInfo)) {
-        process.destroyForcibly()
+        Utils.terminateProcess(process, applicationStartupDestroyTimeout)
         throw new KyuubiException(s"Batch job failed: ${_applicationInfo}")
       } else {
         process.waitFor()

From 0417555bb0812ff3f39d0718a9583c3dfcce4eb5 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Mon, 31 Jul 2023 13:50:34 +0800
Subject: [PATCH 527/760] [KYUUBI #5089] Limit maximum engine startup
 concurrency of kyuubi server

### _Why are the changes needed?_

As reported by #4825, a large number of engine builder processes may cause high machine load on the kyuubi server, So I want to add a config to limit engine creation concurrency.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5089 from wForget/engine_builder_limit.

Closes #5089

77507005d [wforget] comment
774a8599b [wforget] comments
373640fc0 [wforget] Limit maximum engine creation concurrency of kyuubi server
ecc3b4af6 [mans2singh] [KYUUBI #5086] [KYUUBI # 5085] Update config section of deploy on kubernetes

Lead-authored-by: wforget <643348094@qq.com>
Co-authored-by: mans2singh <mans2singh@yahoo.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala      | 12 ++++++++++++
 .../scala/org/apache/kyuubi/engine/EngineRef.scala | 14 ++++++++++++--
 .../apache/kyuubi/session/KyuubiSessionImpl.scala  |  3 ++-
 .../kyuubi/session/KyuubiSessionManager.scala      | 11 ++++++++++-
 4 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 65f03c654..44e3fcd17 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2981,4 +2981,16 @@ object KyuubiConf {
       .version("1.8.0")
       .booleanConf
       .createWithDefault(false)
+
+  val SERVER_LIMIT_ENGINE_CREATION: OptionalConfigEntry[Int] =
+    buildConf("kyuubi.server.limit.engine.startup")
+      .internal
+      .doc("The maximum engine startup concurrency of kyuubi server. Highly concurrent engine" +
+        " startup processes may lead to high load on the kyuubi server machine," +
+        " this configuration is used to limit the number of engine startup processes" +
+        " running at the same time to avoid it.")
+      .version("1.8.0")
+      .serverOnly
+      .intConf
+      .createOptional
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 123aec46c..ae40fbd4f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.engine
 
-import java.util.concurrent.TimeUnit
+import java.util.concurrent.{Semaphore, TimeUnit}
 
 import scala.collection.JavaConverters._
 import scala.util.Random
@@ -57,7 +57,8 @@ private[kyuubi] class EngineRef(
     user: String,
     groupProvider: GroupProvider,
     engineRefId: String,
-    engineManager: KyuubiApplicationManager)
+    engineManager: KyuubiApplicationManager,
+    startupProcessSemaphore: Option[Semaphore] = None)
   extends Logging {
   // The corresponding ServerSpace where the engine belongs to
   private val serverSpace: String = conf.get(HA_NAMESPACE)
@@ -202,7 +203,15 @@ private[kyuubi] class EngineRef(
     }
 
     MetricsSystem.tracing(_.incCount(ENGINE_TOTAL))
+    var acquiredPermit = false
     try {
+      if (!startupProcessSemaphore.forall(_.tryAcquire(timeout, TimeUnit.MILLISECONDS))) {
+        MetricsSystem.tracing(_.incCount(MetricRegistry.name(ENGINE_TIMEOUT, appUser)))
+        throw KyuubiSQLException(
+          s"Timeout($timeout ms, you can modify ${ENGINE_INIT_TIMEOUT.key} to change it) to" +
+            s" acquires a permit from engine builder semaphore.")
+      }
+      acquiredPermit = true
       val redactedCmd = builder.toString
       info(s"Launching engine:\n$redactedCmd")
       builder.validateConf
@@ -267,6 +276,7 @@ private[kyuubi] class EngineRef(
       }
       engineRef.get
     } finally {
+      if (acquiredPermit) startupProcessSemaphore.foreach(_.release())
       val waitCompletion = conf.get(KyuubiConf.SESSION_ENGINE_STARTUP_WAIT_COMPLETION)
       val destroyProcess = !waitCompletion && builder.isClusterMode()
       if (destroyProcess) {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 809be86f3..67eb6c86e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -77,7 +77,8 @@ class KyuubiSessionImpl(
     user,
     sessionManager.groupProvider,
     handle.identifier.toString,
-    sessionManager.applicationManager)
+    sessionManager.applicationManager,
+    sessionManager.engineStartupProcessSemaphore)
   private[kyuubi] val launchEngineOp = sessionManager.operationManager
     .newLaunchEngineOperation(this, sessionConf.get(SESSION_ENGINE_LAUNCH_ASYNC))
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 8d63dfbf7..193bfbdfc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.session
 
-import java.util.concurrent.TimeUnit
+import java.util.concurrent.{Semaphore, TimeUnit}
 
 import scala.collection.JavaConverters._
 
@@ -63,6 +63,8 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   private var batchLimiter: Option[SessionLimiter] = None
   lazy val (signingPrivateKey, signingPublicKey) = SignUtils.generateKeyPair()
 
+  var engineStartupProcessSemaphore: Option[Semaphore] = None
+
   private val engineConnectionAliveChecker =
     ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-engine-alive-checker")
 
@@ -72,6 +74,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     addService(credentialsManager)
     metadataManager.foreach(addService)
     initSessionLimiter(conf)
+    initEngineStartupProcessSemaphore(conf)
     super.initialize(conf)
   }
 
@@ -360,4 +363,10 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       TimeUnit.MILLISECONDS)
   }
 
+  private def initEngineStartupProcessSemaphore(conf: KyuubiConf): Unit = {
+    val engineCreationLimit = conf.get(KyuubiConf.SERVER_LIMIT_ENGINE_CREATION)
+    engineCreationLimit.filter(_ > 0).foreach { limit =>
+      engineStartupProcessSemaphore = Some(new Semaphore(limit))
+    }
+  }
 }

From 31620505666c0171068cc73e0339676a484eb877 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Mon, 31 Jul 2023 13:52:21 +0800
Subject: [PATCH 528/760] [KYUUBI #5076] Add KDF engine_url

### _Why are the changes needed?_

close #5076

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5102 from lsm1/features/kyuubi_5076.

Closes #5076

ce7cfe678 [senmiaoliu] kdf support engine url

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/extensions/engines/spark/functions.md     |  1 +
 .../kyuubi/engine/spark/SparkSQLEngine.scala   |  3 ++-
 .../kyuubi/engine/spark/udf/KDFRegistry.scala  | 12 +++++++++++-
 .../KyuubiOperationPerUserSuite.scala          | 18 ++++++++++++++++--
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/docs/extensions/engines/spark/functions.md b/docs/extensions/engines/spark/functions.md
index 66f22aea8..78c269243 100644
--- a/docs/extensions/engines/spark/functions.md
+++ b/docs/extensions/engines/spark/functions.md
@@ -27,4 +27,5 @@ Kyuubi provides several auxiliary SQL functions as supplement to Spark's [Built-
 | engine_id      | Return the spark application id for the associated query engine   | string      | 1.4.0 |
 | system_user    | Return the system user name for the associated query engine       | string      | 1.3.0 |
 | session_user   | Return the session username for the associated query engine       | string      | 1.4.0 |
+| engine_url     | Return the engine url for the associated query engine             | string      | 1.8.0 |
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index b94367e9e..5badf695e 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -36,7 +36,7 @@ import org.apache.kyuubi.{KyuubiException, Logging, Utils}
 import org.apache.kyuubi.Utils._
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_ENGINE_SUBMIT_TIME_KEY
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_SUBMIT_TIME_KEY, KYUUBI_ENGINE_URL}
 import org.apache.kyuubi.engine.ShareLevel
 import org.apache.kyuubi.engine.spark.SparkSQLEngine.{countDownLatch, currentEngine}
 import org.apache.kyuubi.engine.spark.events.{EngineEvent, EngineEventsStore, SparkEventHandlerRegister}
@@ -290,6 +290,7 @@ object SparkSQLEngine extends Logging {
     KyuubiSparkUtil.initializeSparkSession(
       session,
       kyuubiConf.get(ENGINE_INITIALIZE_SQL) ++ kyuubiConf.get(ENGINE_SESSION_INITIALIZE_SQL))
+    session.sparkContext.setLocalProperty(KYUUBI_ENGINE_URL, KyuubiSparkUtil.engineUrl)
     session
   }
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KDFRegistry.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KDFRegistry.scala
index f4612a3d0..a2d50d151 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KDFRegistry.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/udf/KDFRegistry.scala
@@ -25,7 +25,7 @@ import org.apache.spark.sql.expressions.UserDefinedFunction
 import org.apache.spark.sql.functions.udf
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
-import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_URL, KYUUBI_SESSION_USER_KEY}
 
 object KDFRegistry {
 
@@ -73,6 +73,16 @@ object KDFRegistry {
     "string",
     "1.4.0")
 
+  val engine_url: KyuubiDefinedFunction = create(
+    "engine_url",
+    udf { () =>
+      Option(TaskContext.get()).map(_.getLocalProperty(KYUUBI_ENGINE_URL))
+        .getOrElse(throw new RuntimeException("Unable to get engine url"))
+    },
+    "Return the engine url for the associated query engine",
+    "string",
+    "1.8.0")
+
   def create(
       name: String,
       udf: UserDefinedFunction,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
index fb6f4efa7..a67534164 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationPerUserSuite.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.operation
 
-import java.util.UUID
+import java.util.{Properties, UUID}
 
 import org.apache.hadoop.fs.{FileSystem, FileUtil, Path}
 import org.apache.hive.service.rpc.thrift.{TExecuteStatementReq, TGetInfoReq, TGetInfoType, TStatusCode}
@@ -26,7 +26,8 @@ import org.scalatest.time.SpanSugar._
 import org.apache.kyuubi.{KYUUBI_VERSION, Utils, WithKyuubiServer, WithSimpleDFSService}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.KYUUBI_ENGINE_ENV_PREFIX
-import org.apache.kyuubi.jdbc.hive.KyuubiStatement
+import org.apache.kyuubi.jdbc.KyuubiHiveDriver
+import org.apache.kyuubi.jdbc.hive.{KyuubiConnection, KyuubiStatement}
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.session.{KyuubiSessionImpl, SessionHandle}
 import org.apache.kyuubi.util.SemanticVersion
@@ -68,6 +69,19 @@ class KyuubiOperationPerUserSuite
     }
   }
 
+  test("kyuubi defined function - engine_url") {
+    withSessionConf(Map.empty)(Map.empty)(Map(
+      "spark.ui.enabled" -> "true")) {
+      val driver = new KyuubiHiveDriver()
+      val connection = driver.connect(jdbcUrlWithConf, new Properties())
+        .asInstanceOf[KyuubiConnection]
+      val stmt = connection.createStatement()
+      val rs = stmt.executeQuery("SELECT engine_url()")
+      assert(rs.next())
+      assert(rs.getString(1).nonEmpty)
+    }
+  }
+
   test("ensure two connections in user mode share the same engine") {
     var r1: String = null
     var r2: String = null

From 1d5a5c80c7bd30754ed670917210f30adcf365e4 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Mon, 31 Jul 2023 17:49:12 +0800
Subject: [PATCH 529/760] [KYUUBI #5106][Flink] Improve logs for fatal errors

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5107 from link3280/engine_fatal_log.

Closes #5106

db45392d1 [Paul Lin] [KYUUBI #5106][Flink] Improve logs for fatal errors

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Paul Lin <paullin3280@gmail.com>
---
 .../scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 99a9ee56b..10ef9991f 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -109,8 +109,8 @@ object FlinkSQLEngine extends Logging {
       countDownLatch.await()
     } catch {
       case t: Throwable if currentEngine.isDefined =>
+        error("Fatal error occurs, thus stopping the engines", t)
         currentEngine.foreach { engine =>
-          error(t)
           engine.stop()
         }
       case t: Throwable =>

From d5a493af7d8142a8819187d0af24042c1b2335da Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 31 Jul 2023 18:18:11 +0800
Subject: [PATCH 530/760] [KYUUBI #4790] Initial implement Batch V2

### _Why are the changes needed?_

#### How is it done today?

The current procedure of Batch Job API, called V1

##### CREATE batch job procedure in Batch V1

```mermaid
sequenceDiagram
participant Client
participant Server
participant Metastore
participant RM

Client ->> Server : Create Batch Job
Server ->> Server : Create Batch Operator
Server ->> Metastore : Persist Job metadata (PENDING)
Server ->> Server : Put Batch Operator into Execution thread pool
Server ->> Client : Batch Job Info
Server ->> RM : Submit Applicition (in Execution thread pool)
loop Application Check
    Server ->> RM : Query Application Status
    Server ->> Metastore : Update Batch Status
end
```

##### GET batch job info procedure in Batch V1

```mermaid
sequenceDiagram
participant Client
participant Server
participant Metastore
participant RM

Client ->> Server : Query Batch Job Info
alt KyuubiInstance matched
    Server ->> Client : Batch Job Info
else
    Server ->> Server : Forward Request to expected KyuubiInstance
end
```

<!--
```mermaid
sequenceDiagram
participant Client
participant Server
participant Metastore
participant RM

Client ->> Server : Fetch Batch Job logs
alt KyuubiInstance matched
    Server ->> Client : Batch Job logs
else
    Server ->> Server : Forward Request to expected KyuubiInstance
end

Client ->> Server : Close Batch Job
alt KyuubiInstance matched
    Server ->> RM : Close the Application
    Server ->> Metastore : Update Batch Status
    Server ->> Client : Closed Batch Job Info
else
    Server ->> Server : Forward Request to expected KyuubiInstance
end
```
-->

#### What is new in your approach?

This PR proposes a new way for batch job submission, called V2

##### CREATE batch job procedure in Batch V2

```mermaid
sequenceDiagram
participant Client
participant Server
participant Metastore
participant RM

Client ->> Server : Create Batch Job
Server ->> Metastore : Persist Job metadata (INITIALIZED)
Server ->> Client : Batch Job Info

loop Forever in dedicated thread pool
    Server ->> Metastore : Pick up and lock INITIALIZED job
    Server ->> RM : Submit Application
    Server ->> RM : Query Application Status
    Server ->> Metastore : Update Batch Status
end
```

##### GET batch job info procedure in Batch V2

```mermaid
sequenceDiagram
participant Client
participant Server
participant Metastore
participant RM

Client ->> Server : Query Batch Job Info
Server ->> Metastore : Query Batch Job Info
Server ->> Client : Batch Job Info
```

<!--
```mermaid
sequenceDiagram
participant Client
participant Server
participant Metastore
participant RM

Client ->> Server : Fetch Batch Job logs
alt KyuubiInstance matched
    Server ->> Client : Batch Job logs
else
    Server ->> Server : Forward Request to expected KyuubiInstance
end

Client ->> Server : Close Batch Job
alt KyuubiInstance matched
    Server ->> RM : Close the Application
    Server ->> Metastore : Update Batch Status
    Server ->> Client : Closed Batch Job Info
else
    Server ->> Server : Forward Request to expected KyuubiInstance
end
```
-->

#### What are the limits of current practice, and why do you think it will be successful?

Pros:

1. The CREATE request becomes light and returns faster. In V1, we have struggled with whether the response should wait for the engine to be submitted to RM, and how to report the un-submitted job status to the client; in V2, the CREATE request just simply inserts a new record into metastore and returns w/ INITIALIZED state.
2. In common practice, Kyuubi server cluster is deployed behind the load balancer, and the load balancer does not know the real load of each Kyuubi server, suppose it uses Random/RoundRobbin/IPHash policies to forward requests, the existing Batch V1 implementation may cause some Kyuubi servers in high load but others' load are low, because it always uses the requested Kyuubi server to do batch submission; in V2, the Kyuubi server is easy to know the load of itself, e.g. measure by CPU/memory usage, or active batch sessions, and then decides to pick up new batch jobs or not. Besides, when all Kyuubi servers overload, the V1 cannot benefit immediately even if the admin scale up the cluster size.
3. In V1, the metrics are almost independent in each Kyuubi server; in V2, it's easy to expose global metrics of batch jobs when using sharable storage as metastore backend, e.g. we can easily get how many batches are queued in metastore, and how many batches are managed by each Kyuubi server, by querying the metastore backend directly or metrics exposed by each Kyuubi server.

Cons:

1. V1 assumes Kyuubi server tolerant long time outage of metastore, V2 forcibly depends on the availability of metastore. But we can move the existing forwarding logic and async retry logic to the implementation of `Metastore` to overcome this regression.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4790 from pan3793/batch-v2.

Closes #4790

860698ad6 [Cheng Pan] BATCH_IMPL_VERSION
b9c68aa2f [Cheng Pan] kyuubi.batch.impl.version
17e4f199a [Cheng Pan] submitter.threads=100
7c0bdb0c1 [Cheng Pan] Initial implement Batch v2

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala |  35 +++
 .../kyuubi/client/api/v1/dto/Count.java       |  58 ++++
 .../kyuubi/server/KyuubiBatchService.scala    | 129 +++++++++
 .../apache/kyuubi/server/KyuubiServer.scala   |   8 +-
 .../org/apache/kyuubi/server/api/api.scala    |   7 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  27 +-
 .../server/api/v1/BatchesResource.scala       |  47 +++-
 .../server/metadata/MetadataManager.scala     |  21 ++
 .../server/metadata/MetadataStore.scala       |  24 ++
 .../metadata/jdbc/JDBCMetadataStore.scala     |  62 ++++
 .../kyuubi/session/KyuubiSessionManager.scala |  30 ++
 .../src/test/resources/log4j2-test.xml        |   4 +
 .../server/api/v1/BatchesResourceSuite.scala  | 266 +++++++++++-------
 13 files changed, 615 insertions(+), 103 deletions(-)
 create mode 100644 kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Count.java
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 44e3fcd17..175bf79c6 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1612,6 +1612,41 @@ object KyuubiConf {
       .booleanConf
       .createWithDefault(true)
 
+  val BATCH_IMPL_VERSION: ConfigEntry[String] =
+    buildConf("kyuubi.batch.impl.version")
+      .internal
+      .serverOnly
+      .doc("Batch API version, candidates: 1, 2. " +
+        "Note: Batch API v2 is experimental and under rapid development, this configuration " +
+        "is added to allow explorers conveniently testing the developing Batch v2 API, not " +
+        "intended exposing to end users, it may be removed in anytime.")
+      .version("1.8.0")
+      .stringConf
+      .createWithDefault("1")
+
+  val BATCH_SUBMITTER_ENABLED: ConfigEntry[Boolean] =
+    buildConf("kyuubi.batch.submitter.enabled")
+      .internal
+      .serverOnly
+      .doc("When Batch API v2 is enabled, Kyuubi server requires to pick the INITIALIZED " +
+        "batch job from metastore and submits it to Resource Manager. " +
+        "Note: Batch API v2 is experimental and under rapid development, this configuration " +
+        "is added to allow explorers conveniently testing the developing Batch v2 API, not " +
+        "intended exposing to end users, it may be removed in anytime.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val BATCH_SUBMITTER_THREADS: ConfigEntry[Int] =
+    buildConf("kyuubi.batch.submitter.threads")
+      .internal
+      .serverOnly
+      .doc("Number of threads in batch job submitter, this configuration only take effects " +
+        s"when ${BATCH_SUBMITTER_ENABLED.key} is enabled")
+      .version("1.8.0")
+      .intConf
+      .createWithDefault(100)
+
   val SERVER_EXEC_POOL_SIZE: ConfigEntry[Int] =
     buildConf("kyuubi.backend.server.exec.pool.size")
       .doc("Number of threads in the operation execution thread pool of Kyuubi server")
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Count.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Count.java
new file mode 100644
index 000000000..8f77ccd13
--- /dev/null
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/api/v1/dto/Count.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.client.api.v1.dto;
+
+import java.util.Objects;
+import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
+import org.apache.commons.lang3.builder.ToStringStyle;
+
+public class Count {
+  private Integer count;
+
+  public Count() {}
+
+  public Count(Integer count) {
+    this.count = count;
+  }
+
+  public Integer getCount() {
+    return count;
+  }
+
+  public void setCount(Integer count) {
+    this.count = count;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+    Count that = (Count) o;
+    return Objects.equals(getCount(), that.getCount());
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(getCount());
+  }
+
+  @Override
+  public String toString() {
+    return ReflectionToStringBuilder.toString(this, ToStringStyle.JSON_STYLE);
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
new file mode 100644
index 000000000..250662835
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server
+
+import java.util.concurrent.atomic.AtomicBoolean
+
+import org.apache.kyuubi.config.KyuubiConf.BATCH_SUBMITTER_THREADS
+import org.apache.kyuubi.operation.OperationState
+import org.apache.kyuubi.server.metadata.MetadataManager
+import org.apache.kyuubi.server.metadata.api.Metadata
+import org.apache.kyuubi.service.{AbstractService, Serverable}
+import org.apache.kyuubi.session.KyuubiSessionManager
+import org.apache.kyuubi.util.ThreadUtils
+
+class KyuubiBatchService(
+    server: Serverable,
+    sessionManager: KyuubiSessionManager)
+  extends AbstractService(classOf[KyuubiBatchService].getSimpleName) {
+
+  private lazy val restFrontend = server.frontendServices
+    .filter(_.isInstanceOf[KyuubiRestFrontendService])
+    .head
+
+  private def kyuubiInstance: String = restFrontend.connectionUrl
+
+  // TODO expose metrics, including pending/running/succeeded/failed batches
+  // TODO handle dangling batches, e.g. batch is picked and changed state to pending,
+  //      but the Server crashed before submitting or updating status to metastore
+
+  private lazy val metadataManager: MetadataManager = sessionManager.metadataManager.get
+  private val running: AtomicBoolean = new AtomicBoolean(false)
+  private lazy val batchExecutor = ThreadUtils
+    .newDaemonFixedThreadPool(conf.get(BATCH_SUBMITTER_THREADS), "kyuubi-batch-submitter")
+
+  def cancelUnscheduledBatch(batchId: String): Boolean = {
+    metadataManager.cancelUnscheduledBatch(batchId)
+  }
+
+  def countBatch(
+      batchType: String,
+      batchUser: Option[String],
+      batchState: Option[String] = None,
+      kyuubiInstance: Option[String] = None): Int = {
+    metadataManager.countBatch(
+      batchType,
+      batchUser.orNull,
+      batchState.orNull,
+      kyuubiInstance.orNull)
+  }
+
+  override def start(): Unit = {
+    assert(running.compareAndSet(false, true))
+    val submitTask: Runnable = () => {
+      while (running.get) {
+        metadataManager.pickBatchForSubmitting(kyuubiInstance) match {
+          case None => Thread.sleep(1000)
+          case Some(metadata) =>
+            val batchId = metadata.identifier
+            info(s"$batchId is picked for submission.")
+            val batchSession = sessionManager.createBatchSession(
+              metadata.username,
+              "anonymous",
+              metadata.ipAddress,
+              metadata.requestConf,
+              metadata.engineType,
+              Option(metadata.requestName),
+              metadata.resource,
+              metadata.className,
+              metadata.requestConf,
+              metadata.requestArgs,
+              Some(metadata), // TODO some logic need to fix since it's not from recovery
+              shouldRunAsync = true)
+            val metadataForUpdate = Metadata(
+              identifier = batchId,
+              kyuubiInstance = kyuubiInstance,
+              requestConf = batchSession.optimizedConf,
+              clusterManager = batchSession.batchJobSubmissionOp.builder.clusterManager())
+            metadataManager.updateMetadata(metadataForUpdate, asyncRetryOnError = false)
+            val sessionHandle = sessionManager.openBatchSession(batchSession)
+            var terminated = false
+            while (!terminated) { // block until batch job finished
+              terminated = sessionManager.getBatchSession(sessionHandle).map { batchSession =>
+                val batchOp = batchSession.batchJobSubmissionOp
+                OperationState.isTerminal(batchOp.getStatus.state)
+              }.getOrElse {
+                error(s"Batch Session $batchId is not existed, marked as finished")
+                true
+              }
+              // should we always treat metastore as the single of truth?
+              //
+              // terminated = metadataManager.getBatchSessionMetadata(batchId) match {
+              //   case Some(metadata) =>
+              //     OperationState.isTerminal(OperationState.withName(metadata.state))
+              //   case None =>
+              //     error(s"$batchId is not existed in metastore, assume it is finished")
+              //     true
+              // }
+              if (!terminated) Thread.sleep(1000)
+            }
+            info(s"$batchId is finished.")
+        }
+      }
+    }
+    (0 until batchExecutor.getCorePoolSize).foreach(_ => batchExecutor.submit(submitTask))
+    super.start()
+  }
+
+  override def stop(): Unit = {
+    super.stop()
+    if (running.compareAndSet(true, false)) {
+      ThreadUtils.shutdown(batchExecutor)
+    }
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index 12120ea55..2fc0475a3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -25,7 +25,7 @@ import org.apache.hadoop.security.UserGroupInformation
 
 import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.{FRONTEND_PROTOCOLS, FrontendProtocols, KYUUBI_KUBERNETES_CONF_PREFIX}
+import org.apache.kyuubi.config.KyuubiConf.{BATCH_SUBMITTER_ENABLED, FRONTEND_PROTOCOLS, FrontendProtocols, KYUUBI_KUBERNETES_CONF_PREFIX}
 import org.apache.kyuubi.config.KyuubiConf.FrontendProtocols._
 import org.apache.kyuubi.events.{EventBus, KyuubiServerInfoEvent, ServerEventHandlerRegister}
 import org.apache.kyuubi.ha.HighAvailabilityConf._
@@ -188,6 +188,12 @@ class KyuubiServer(name: String) extends Serverable(name) {
     if (conf.get(MetricsConf.METRICS_ENABLED)) {
       addService(new MetricsSystem)
     }
+
+    if (conf.isRESTEnabled && conf.get(BATCH_SUBMITTER_ENABLED)) {
+      addService(new KyuubiBatchService(
+        this,
+        backendService.sessionManager.asInstanceOf[KyuubiSessionManager]))
+    }
     super.initialize(conf)
 
     initLoggerEventHandler(conf)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala
index b56131542..93953a577 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/api.scala
@@ -26,7 +26,7 @@ import javax.ws.rs.ext.{ExceptionMapper, Provider}
 import org.eclipse.jetty.server.handler.ContextHandler
 
 import org.apache.kyuubi.Logging
-import org.apache.kyuubi.server.KyuubiRestFrontendService
+import org.apache.kyuubi.server.{KyuubiBatchService, KyuubiRestFrontendService, KyuubiServer}
 
 private[api] trait ApiRequestContext {
 
@@ -36,6 +36,11 @@ private[api] trait ApiRequestContext {
   @Context
   protected var httpRequest: HttpServletRequest = _
 
+  protected lazy val batchService: Option[KyuubiBatchService] =
+    KyuubiServer.kyuubiServer.getServices
+      .find(_.isInstanceOf[KyuubiBatchService])
+      .map(_.asInstanceOf[KyuubiBatchService])
+
   final protected def fe: KyuubiRestFrontendService = FrontendServiceContext.get(servletContext)
 }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index a0e136e5e..9613b3ef1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -30,7 +30,7 @@ import io.swagger.v3.oas.annotations.tags.Tag
 import org.apache.commons.lang3.StringUtils
 
 import org.apache.kyuubi.{KYUUBI_VERSION, Logging, Utils}
-import org.apache.kyuubi.client.api.v1.dto.{Engine, OperationData, ServerData, SessionData}
+import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.ha.HighAvailabilityConf.HA_NAMESPACE
@@ -384,6 +384,31 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       engine.getSubdomain)
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(
+      mediaType = MediaType.APPLICATION_JSON,
+      schema = new Schema(implementation = classOf[Count]))),
+    description = "get the batch count")
+  @GET
+  @Path("batch/count")
+  def countBatch(
+      @QueryParam("batchType") @DefaultValue("SPARK") batchType: String,
+      @QueryParam("batchUser") batchUser: String,
+      @QueryParam("batchState") batchState: String): Count = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Received counting batches request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to count the batches")
+    }
+    val batchCount = batchService
+      .map(_.countBatch(batchType, Option(batchUser), Option(batchState)))
+      .getOrElse(0)
+    new Count(batchCount)
+  }
+
   private def isAdministrator(userName: String): Boolean = {
     administrators.contains(userName)
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index e5ac23905..3cc98374f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -58,6 +58,10 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
   private lazy val internalConnectTimeout =
     fe.getConf.get(BATCH_INTERNAL_REST_CLIENT_CONNECT_TIMEOUT).toInt
 
+  private def batchV2Enabled(reqConf: Map[String, String]): Boolean = {
+    reqConf.getOrElse(BATCH_IMPL_VERSION.key, fe.getConf.get(BATCH_IMPL_VERSION)) == "2"
+  }
+
   private def getInternalRestClient(kyuubiInstance: String): InternalRestClient = {
     internalRestClients.computeIfAbsent(
       kyuubiInstance,
@@ -233,6 +237,30 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
             KYUUBI_SESSION_CONNECTION_URL_KEY -> fe.connectionUrl,
             KYUUBI_SESSION_REAL_USER_KEY -> fe.getRealUser())).asJava)
 
+        if (batchV2Enabled(request.getConf.asScala.toMap)) {
+          logger.info(s"Submit batch job $batchId using Batch API v2")
+          return Try {
+            sessionManager.initializeBatchState(
+              userName,
+              ipAddress,
+              request.getConf.asScala.toMap,
+              request)
+          } match {
+            case Success(batchId) =>
+              sessionManager.getBatchFromMetadataStore(batchId) match {
+                case Some(batch) => batch
+                case None => throw new IllegalStateException(
+                    s"can not find batch $batchId from metadata store")
+              }
+            case Failure(cause) if JdbcUtils.isDuplicatedKeyDBErr(cause) =>
+              sessionManager.getBatchFromMetadataStore(batchId) match {
+                case Some(batch) => markDuplicated(batch)
+                case None => throw new IllegalStateException(
+                    s"can not find duplicated batch $batchId from metadata store")
+              }
+          }
+        }
+
         Try {
           sessionManager.openBatchSession(
             userName,
@@ -278,7 +306,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       buildBatch(batchSession)
     }.getOrElse {
       sessionManager.getBatchMetadata(batchId).map { metadata =>
-        if (OperationState.isTerminal(OperationState.withName(metadata.state)) ||
+        if (batchV2Enabled(metadata.requestConf) ||
+          OperationState.isTerminal(OperationState.withName(metadata.state)) ||
           metadata.kyuubiInstance == fe.connectionUrl) {
           MetadataManager.buildBatch(metadata)
         } else {
@@ -376,7 +405,11 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       }
     }.getOrElse {
       sessionManager.getBatchMetadata(batchId).map { metadata =>
-        if (fe.connectionUrl != metadata.kyuubiInstance) {
+        if (batchV2Enabled(metadata.requestConf) && metadata.state == "INITIALIZED") {
+          info(s"Batch $batchId is waiting for scheduling")
+          val dummyLogs = List(s"Batch $batchId is waiting for scheduling").asJava
+          new OperationLog(dummyLogs, dummyLogs.size)
+        } else if (fe.connectionUrl != metadata.kyuubiInstance) {
           val internalRestClient = getInternalRestClient(metadata.kyuubiInstance)
           internalRestClient.getBatchLocalLog(userName, batchId, from, size)
         } else {
@@ -430,6 +463,16 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
         checkPermission(userName, metadata.username)
         if (OperationState.isTerminal(OperationState.withName(metadata.state))) {
           new CloseBatchResponse(false, s"The batch[$metadata] has been terminated.")
+        } else if (batchV2Enabled(metadata.requestConf) && metadata.state == "INITIALIZED") {
+          if (batchService.get.cancelUnscheduledBatch(batchId)) {
+            new CloseBatchResponse(true, s"Unscheduled batch $batchId is canceled.")
+          } else if (OperationState.isTerminal(OperationState.withName(metadata.state))) {
+            new CloseBatchResponse(false, s"The batch[$metadata] has been terminated.")
+          } else {
+            info(s"Cancel batch[$batchId] with state ${metadata.state} by killing application")
+            val (killed, msg) = forceKill(metadata.appMgrInfo, batchId)
+            new CloseBatchResponse(killed, msg)
+          }
         } else if (metadata.kyuubiInstance != fe.connectionUrl) {
           info(s"Redirecting delete batch[$batchId] to ${metadata.kyuubiInstance}")
           val internalRestClient = getInternalRestClient(metadata.kyuubiInstance)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
index e2648076d..daa3451d9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
@@ -138,6 +138,27 @@ class MetadataManager extends AbstractService("MetadataManager") {
       buildBatch)
   }
 
+  def countBatch(
+      batchType: String,
+      batchUser: String,
+      batchState: String,
+      kyuubiInstance: String): Int = {
+    val filter = MetadataFilter(
+      sessionType = SessionType.BATCH,
+      engineType = batchType,
+      username = batchUser,
+      state = batchState,
+      kyuubiInstance = kyuubiInstance)
+    withMetadataRequestMetrics(_metadataStore.countMetadata(filter))
+  }
+
+  def pickBatchForSubmitting(kyuubiInstance: String): Option[Metadata] =
+    withMetadataRequestMetrics(_metadataStore.pickMetadata(kyuubiInstance))
+
+  def cancelUnscheduledBatch(batchId: String): Boolean = {
+    _metadataStore.transformMetadataState(batchId, "INITIALIZED", "CANCELED")
+  }
+
   def getBatchesRecoveryMetadata(
       state: String,
       kyuubiInstance: String,
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala
index 4416c4a6d..1eabb224d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala
@@ -28,6 +28,23 @@ trait MetadataStore extends Closeable {
    */
   def insertMetadata(metadata: Metadata): Unit
 
+  /**
+   * Find unscheduled batch job metadata and pick up it to submit.
+   * @param kyuubiInstance the Kyuubi instance picked batch job
+   * @return selected metadata for submitting or None if no sufficient items
+   */
+  def pickMetadata(kyuubiInstance: String): Option[Metadata]
+
+  /**
+   * Transfer state of metadata from the existing state to another
+   * @param identifier the identifier.
+   * @param fromState the desired current state
+   * @param targetState the desired target state
+   * @return `true` if the metadata state was same as `fromState`, and successfully
+   *         transitioned to `targetState`, otherwise `false` is returned
+   */
+  def transformMetadataState(identifier: String, fromState: String, targetState: String): Boolean
+
   /**
    * Get the persisted metadata by batch identifier.
    * @param identifier the identifier.
@@ -50,6 +67,13 @@ trait MetadataStore extends Closeable {
       size: Int,
       stateOnly: Boolean): Seq[Metadata]
 
+  /**
+   * Count the metadata list with filter conditions.
+   * @param filter the metadata filter conditions.
+   * @return the count of metadata satisfied the filter condition.
+   */
+  def countMetadata(filter: MetadataFilter): Int
+
   /**
    * Update the metadata according to identifier.
    * Note that, it will only update the state and engine related metadata.
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 798e52d39..0255aadfd 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -194,6 +194,43 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     }
   }
 
+  override def pickMetadata(kyuubiInstance: String): Option[Metadata] = synchronized {
+    JdbcUtils.executeQueryWithRowMapper(
+      s"""SELECT identifier FROM $METADATA_TABLE
+         |WHERE state=?
+         |ORDER BY create_time DESC LIMIT 1
+         |""".stripMargin) { stmt =>
+      stmt.setString(1, OperationState.INITIALIZED.toString)
+    } { resultSet =>
+      resultSet.getString(1)
+    }.headOption.filter { preSelectedBatchId =>
+      JdbcUtils.executeUpdate(
+        s"""UPDATE $METADATA_TABLE
+           |SET kyuubi_instance=?, state=?
+           |WHERE identifier=? AND state=?
+           |""".stripMargin) { stmt =>
+        stmt.setString(1, kyuubiInstance)
+        stmt.setString(2, OperationState.PENDING.toString)
+        stmt.setString(3, preSelectedBatchId)
+        stmt.setString(4, OperationState.INITIALIZED.toString)
+      } == 1
+    }.map { pickedBatchId =>
+      getMetadata(pickedBatchId, stateOnly = false)
+    }
+  }
+
+  override def transformMetadataState(
+      identifier: String,
+      fromState: String,
+      targetState: String): Boolean = {
+    val query = s"UPDATE $METADATA_TABLE SET state = ? WHERE identifier = ? AND state = ?"
+    JdbcUtils.withConnection { connection =>
+      withUpdateCount(connection, query, fromState, identifier, targetState) { updateCount =>
+        updateCount == 1
+      }
+    }
+  }
+
   override def getMetadata(identifier: String, stateOnly: Boolean): Metadata = {
     val query =
       if (stateOnly) {
@@ -230,6 +267,19 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     }
   }
 
+  override def countMetadata(filter: MetadataFilter): Int = {
+    val queryBuilder = new StringBuilder
+    val params = ListBuffer[Any]()
+    queryBuilder.append(s"SELECT COUNT(1) FROM $METADATA_TABLE")
+    queryBuilder.append(s" ${assembleWhereClause(filter, params)}")
+    val query = queryBuilder.toString
+    JdbcUtils.executeQueryWithRowMapper(query) { stmt =>
+      setStatementParams(stmt, params)
+    } { resultSet =>
+      resultSet.getInt(1)
+    }.head
+  }
+
   private def assembleWhereClause(
       filter: MetadataFilter,
       params: ListBuffer[Any]): String = {
@@ -280,10 +330,22 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 
     queryBuilder.append(s"UPDATE $METADATA_TABLE")
     val setClauses = ListBuffer[String]()
+    Option(metadata.kyuubiInstance).foreach { _ =>
+      setClauses += "kyuubi_instance = ?"
+      params += metadata.kyuubiInstance
+    }
     Option(metadata.state).foreach { _ =>
       setClauses += "state = ?"
       params += metadata.state
     }
+    Option(metadata.requestConf).filter(_.nonEmpty).foreach { _ =>
+      setClauses += "request_conf =?"
+      params += valueAsString(metadata.requestConf)
+    }
+    metadata.clusterManager.foreach { cm =>
+      setClauses += "cluster_manager = ?"
+      params += cm
+    }
     if (metadata.endTime > 0) {
       setClauses += "end_time = ?"
       params += metadata.endTime
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 193bfbdfc..5749f7412 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -27,8 +27,10 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.client.api.v1.dto.{Batch, BatchRequest}
+import org.apache.kyuubi.client.util.BatchUtils.KYUUBI_BATCH_ID_KEY
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_REAL_USER_KEY
 import org.apache.kyuubi.credentials.HadoopCredentialsManager
 import org.apache.kyuubi.engine.KyuubiApplicationManager
 import org.apache.kyuubi.metrics.MetricsConstants._
@@ -219,6 +221,34 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     openBatchSession(batchSession)
   }
 
+  def initializeBatchState(
+      user: String,
+      ipAddress: String,
+      conf: Map[String, String],
+      batchRequest: BatchRequest): String = {
+    val realUser = conf.getOrElse(KYUUBI_SESSION_REAL_USER_KEY, user)
+    val username = Option(user).filter(_.nonEmpty).getOrElse("anonymous")
+    val batchId = conf(KYUUBI_BATCH_ID_KEY)
+    val metadata = Metadata(
+      identifier = batchId,
+      sessionType = SessionType.BATCH,
+      realUser = realUser,
+      username = username,
+      ipAddress = ipAddress,
+      state = OperationState.INITIALIZED.toString,
+      resource = batchRequest.getResource,
+      className = batchRequest.getClassName,
+      requestName = batchRequest.getName,
+      requestConf = conf,
+      requestArgs = batchRequest.getArgs.asScala,
+      createTime = System.currentTimeMillis(),
+      engineType = batchRequest.getBatchType)
+
+    // there is a chance that operation failed w/ duplicated key error
+    metadataManager.foreach(_.insertMetadata(metadata, asyncRetryOnError = false))
+    batchId
+  }
+
   def getBatchSession(sessionHandle: SessionHandle): Option[KyuubiBatchSession] = {
     getSessionOption(sessionHandle).map(_.asInstanceOf[KyuubiBatchSession])
   }
diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index 623dd71fd..25e37e859 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -48,5 +48,9 @@
         <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
             <AppenderRef ref="restAudit" />
         </Logger>
+        <Logger name="org.apache.kyuubi.server.metadata.jdbc" level="DEBUG" additivity="false">
+            <AppenderRef ref="stdout" />
+            <AppenderRef ref="file"/>
+        </Logger>
     </Loggers>
 </Configuration>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index dd62ee48d..ef581f414 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -48,14 +48,40 @@ import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.service.authentication.{InternalSecurityAccessor, KyuubiAuthenticationFactory}
 import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, SessionHandle, SessionType}
 
-class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper with BatchTestHelper {
-  override protected lazy val conf: KyuubiConf = KyuubiConf()
-    .set(KyuubiConf.ENGINE_SECURITY_ENABLED, true)
-    .set(KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER, "simple")
-    .set(KyuubiConf.SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET, "ENGINE____SECRET")
-    .set(
-      KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST,
-      Seq(Paths.get(sparkBatchTestResource.get).getParent.toString))
+class BatchesV1ResourceSuite extends BatchesResourceSuiteBase {
+  override def batchVersion: String = "1"
+
+  override def customConf: Map[String, String] = Map.empty
+}
+
+class BatchesV2ResourceSuite extends BatchesResourceSuiteBase {
+  override def batchVersion: String = "2"
+
+  override def customConf: Map[String, String] = Map(
+    KyuubiConf.METADATA_REQUEST_ASYNC_RETRY_ENABLED.key -> "false",
+    KyuubiConf.BATCH_SUBMITTER_ENABLED.key -> "true")
+}
+
+abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
+  with RestFrontendTestHelper
+  with BatchTestHelper {
+
+  def batchVersion: String
+
+  def customConf: Map[String, String]
+
+  override protected lazy val conf: KyuubiConf = {
+    val kyuubiConf = KyuubiConf()
+      .set(KyuubiConf.ENGINE_SECURITY_ENABLED, true)
+      .set(KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER, "simple")
+      .set(KyuubiConf.SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET, "ENGINE____SECRET")
+      .set(KyuubiConf.BATCH_IMPL_VERSION, batchVersion)
+      .set(
+        KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST,
+        Seq(Paths.get(sparkBatchTestResource.get).getParent.toString))
+    customConf.foreach { case (k, v) => kyuubiConf.set(k, v) }
+    kyuubiConf
+  }
 
   override def beforeAll(): Unit = {
     super.beforeAll()
@@ -79,9 +105,18 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     val response = webTarget.path("api/v1/batches")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
-    assert(200 == response.getStatus)
+    assert(response.getStatus === 200)
     var batch = response.readEntity(classOf[Batch])
-    assert(batch.getKyuubiInstance === fe.connectionUrl)
+    batchVersion match {
+      case "1" =>
+        assert(batch.getKyuubiInstance === fe.connectionUrl)
+      case "2" if batch.getState === "INITIALIZED" =>
+        assert(batch.getKyuubiInstance === null)
+      case "2" if batch.getState === "PENDING" => // batch picked by BatchService
+        assert(batch.getKyuubiInstance === fe.connectionUrl)
+      case _ =>
+        fail(s"unexpected batch info, version: $batchVersion state: ${batch.getState}")
+    }
     assert(batch.getBatchType === "SPARK")
     assert(batch.getName === sparkBatchTestAppName)
     assert(batch.getCreateTime > 0)
@@ -93,16 +128,25 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     val proxyUserResponse = webTarget.path("api/v1/batches")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .post(Entity.entity(proxyUserRequest, MediaType.APPLICATION_JSON_TYPE))
-    assert(405 == proxyUserResponse.getStatus)
+    assert(proxyUserResponse.getStatus === 405)
     var errorMessage = "Failed to validate proxy privilege of anonymous for root"
     assert(proxyUserResponse.readEntity(classOf[String]).contains(errorMessage))
 
-    var getBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId()}")
+    var getBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId}")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(200 == getBatchResponse.getStatus)
+    assert(getBatchResponse.getStatus === 200)
     batch = getBatchResponse.readEntity(classOf[Batch])
-    assert(batch.getKyuubiInstance === fe.connectionUrl)
+    batchVersion match {
+      case "1" =>
+        assert(batch.getKyuubiInstance === fe.connectionUrl)
+      case "2" if batch.getState === "INITIALIZED" =>
+        assert(batch.getKyuubiInstance === null)
+      case "2" if batch.getState === "PENDING" => // batch picked by BatchService
+        assert(batch.getKyuubiInstance === fe.connectionUrl)
+      case _ =>
+        fail(s"unexpected batch info, version: $batchVersion state: ${batch.getState}")
+    }
     assert(batch.getBatchType === "SPARK")
     assert(batch.getName === sparkBatchTestAppName)
     assert(batch.getCreateTime > 0)
@@ -115,26 +159,26 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     getBatchResponse = webTarget.path(s"api/v1/batches/invalidBatchId")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(404 == getBatchResponse.getStatus)
+    assert(getBatchResponse.getStatus === 404)
 
     // get batch log
     var logResponse: Response = null
     var log: OperationLog = null
     eventually(timeout(10.seconds), interval(1.seconds)) {
-      logResponse = webTarget.path(s"api/v1/batches/${batch.getId()}/localLog")
+      logResponse = webTarget.path(s"api/v1/batches/${batch.getId}/localLog")
         .queryParam("from", "0")
         .queryParam("size", "1")
         .request(MediaType.APPLICATION_JSON_TYPE)
         .get()
       log = logResponse.readEntity(classOf[OperationLog])
-      assert(log.getRowCount == 1)
+      assert(log.getRowCount === 1)
     }
     val head = log.getLogRowSet.asScala.head
 
     val logs = new ArrayBuffer[String]
     logs.append(head)
     eventually(timeout(10.seconds), interval(1.seconds)) {
-      logResponse = webTarget.path(s"api/v1/batches/${batch.getId()}/localLog")
+      logResponse = webTarget.path(s"api/v1/batches/${batch.getId}/localLog")
         .queryParam("from", "-1")
         .queryParam("size", "100")
         .request(MediaType.APPLICATION_JSON_TYPE)
@@ -146,67 +190,67 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
 
       // check both kyuubi log and engine log
       assert(
-        logs.exists(_.contains("/bin/spark-submit")) && logs.exists(
-          _.contains(s"SparkContext: Submitted application: $sparkBatchTestAppName")))
+        logs.exists(_.contains("/bin/spark-submit")) &&
+          logs.exists(_.contains(s"SparkContext: Submitted application: $sparkBatchTestAppName")))
     }
 
     // invalid user name
     val encodeAuthorization =
-      new String(Base64.getEncoder.encode(batch.getId().getBytes()), "UTF-8")
-    var deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId()}")
+      new String(Base64.getEncoder.encode(batch.getId.getBytes()), "UTF-8")
+    var deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId}")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .delete()
-    assert(405 == deleteBatchResponse.getStatus)
-    errorMessage = s"${batch.getId()} is not allowed to close the session belong to anonymous"
+    assert(deleteBatchResponse.getStatus === 405)
+    errorMessage = s"${batch.getId} is not allowed to close the session belong to anonymous"
     assert(deleteBatchResponse.readEntity(classOf[String]).contains(errorMessage))
 
     // invalid batchId
     deleteBatchResponse = webTarget.path(s"api/v1/batches/notValidUUID")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .delete()
-    assert(404 == deleteBatchResponse.getStatus)
+    assert(deleteBatchResponse.getStatus === 404)
 
     // non-existed batch session
     deleteBatchResponse = webTarget.path(s"api/v1/batches/${UUID.randomUUID().toString}")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .delete()
-    assert(404 == deleteBatchResponse.getStatus)
+    assert(deleteBatchResponse.getStatus === 404)
 
     // invalid proxy user
-    deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId()}")
+    deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId}")
       .queryParam("hive.server2.proxy.user", "invalidProxy")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .delete()
-    assert(405 == deleteBatchResponse.getStatus)
+    assert(deleteBatchResponse.getStatus === 405)
     errorMessage = "Failed to validate proxy privilege of anonymous for invalidProxy"
     assert(deleteBatchResponse.readEntity(classOf[String]).contains(errorMessage))
 
     // check close batch session
-    deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId()}")
+    deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId}")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .delete()
-    assert(200 == deleteBatchResponse.getStatus)
+    assert(deleteBatchResponse.getStatus === 200)
     val closeBatchResponse = deleteBatchResponse.readEntity(classOf[CloseBatchResponse])
 
     // check state after close batch session
-    getBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId()}")
+    getBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId}")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(200 == getBatchResponse.getStatus)
+    assert(getBatchResponse.getStatus === 200)
     batch = getBatchResponse.readEntity(classOf[Batch])
-    assert(batch.getId == batch.getId())
+    assert(batch.getId === batch.getId)
     if (closeBatchResponse.isSuccess) {
-      assert(batch.getState == "CANCELED")
+      assert(batch.getState === "CANCELED")
     } else {
       assert(batch.getState != "CANCELED")
     }
 
     // close the closed batch session
-    deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId()}")
+    deleteBatchResponse = webTarget.path(s"api/v1/batches/${batch.getId}")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .delete()
-    assert(200 == deleteBatchResponse.getStatus)
+    assert(deleteBatchResponse.getStatus === 200)
     assert(!deleteBatchResponse.readEntity(classOf[CloseBatchResponse]).isSuccess)
   }
 
@@ -221,17 +265,36 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     val response = webTarget.path("api/v1/batches")
       .request(MediaType.APPLICATION_JSON)
       .post(Entity.entity(multipart, MediaType.MULTIPART_FORM_DATA))
-    assert(200 == response.getStatus)
+    assert(response.getStatus === 200)
     val batch = response.readEntity(classOf[Batch])
-    assert(batch.getKyuubiInstance === fe.connectionUrl)
+    batchVersion match {
+      case "1" =>
+        assert(batch.getKyuubiInstance === fe.connectionUrl)
+      case "2" if batch.getState === "INITIALIZED" =>
+        assert(batch.getKyuubiInstance === null)
+      case "2" if batch.getState === "PENDING" => // batch picked by BatchService
+        assert(batch.getKyuubiInstance === fe.connectionUrl)
+      case _ =>
+        fail(s"unexpected batch info, version: $batchVersion state: ${batch.getState}")
+    }
     assert(batch.getBatchType === "SPARK")
     assert(batch.getName === sparkBatchTestAppName)
     assert(batch.getCreateTime > 0)
     assert(batch.getEndTime === 0)
 
-    webTarget.path(s"api/v1/batches/${batch.getId()}").request(
-      MediaType.APPLICATION_JSON_TYPE).delete()
-    eventually(timeout(3.seconds)) {
+    // wait for batch be scheduled
+    eventually(timeout(5.seconds), interval(200.millis)) {
+      val resp = webTarget.path(s"api/v1/batches/${batch.getId}")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .get()
+      val batchState = resp.readEntity(classOf[Batch]).getState
+      assert(batchState === "PENDING" || batchState === "RUNNING")
+    }
+
+    webTarget.path(s"api/v1/batches/${batch.getId}")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .delete()
+    eventually(timeout(5.seconds), interval(200.millis)) {
       assert(KyuubiApplicationManager.uploadWorkDir.toFile.listFiles().isEmpty)
     }
   }
@@ -245,14 +308,14 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     val resp1 = webTarget.path("api/v1/batches")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .post(Entity.entity(reqObj, MediaType.APPLICATION_JSON_TYPE))
-    assert(200 == resp1.getStatus)
+    assert(resp1.getStatus === 200)
     val batch1 = resp1.readEntity(classOf[Batch])
     assert(batch1.getId === batchId)
 
     val resp2 = webTarget.path("api/v1/batches")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .post(Entity.entity(reqObj, MediaType.APPLICATION_JSON_TYPE))
-    assert(200 == resp2.getStatus)
+    assert(resp2.getStatus === 200)
     val batch2 = resp2.readEntity(classOf[Batch])
     assert(batch2.getId === batchId)
 
@@ -276,9 +339,9 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
 
-    assert(response.getStatus == 200)
+    assert(response.getStatus === 200)
     val getBatchListResponse = response.readEntity(classOf[GetBatchesResponse])
-    assert(getBatchListResponse.getBatches.isEmpty && getBatchListResponse.getTotal == 0)
+    assert(getBatchListResponse.getBatches.isEmpty && getBatchListResponse.getTotal === 0)
 
     sessionManager.openBatchSession(
       "kyuubi",
@@ -330,10 +393,10 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
 
-    assert(response2.getStatus == 200)
+    assert(response2.getStatus === 200)
 
     val getBatchListResponse2 = response2.readEntity(classOf[GetBatchesResponse])
-    assert(getBatchListResponse2.getTotal == 2)
+    assert(getBatchListResponse2.getTotal === 2)
 
     val response3 = webTarget.path("api/v1/batches")
       .queryParam("batchType", "spark")
@@ -342,10 +405,10 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
 
-    assert(response3.getStatus == 200)
+    assert(response3.getStatus === 200)
 
     val getBatchListResponse3 = response3.readEntity(classOf[GetBatchesResponse])
-    assert(getBatchListResponse3.getTotal == 1)
+    assert(getBatchListResponse3.getTotal === 1)
 
     val response4 = webTarget.path("api/v1/batches")
       .queryParam("batchType", "spark")
@@ -354,9 +417,9 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
 
-    assert(response4.getStatus == 200)
+    assert(response4.getStatus === 200)
     val getBatchListResponse4 = response4.readEntity(classOf[GetBatchesResponse])
-    assert(getBatchListResponse4.getBatches.isEmpty && getBatchListResponse4.getTotal == 0)
+    assert(getBatchListResponse4.getBatches.isEmpty && getBatchListResponse4.getTotal === 0)
 
     val response5 = webTarget.path("api/v1/batches")
       .queryParam("batchType", "mock")
@@ -365,10 +428,10 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
 
-    assert(response5.getStatus == 200)
+    assert(response5.getStatus === 200)
 
     val getBatchListResponse5 = response5.readEntity(classOf[GetBatchesResponse])
-    assert(getBatchListResponse5.getTotal == 0)
+    assert(getBatchListResponse5.getTotal === 0)
 
     // TODO add more test when add more batchType
     val response6 = webTarget.path("api/v1/batches")
@@ -377,9 +440,9 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
 
-    assert(response6.getStatus == 200)
+    assert(response6.getStatus === 200)
     val getBatchListResponse6 = response6.readEntity(classOf[GetBatchesResponse])
-    assert(getBatchListResponse6.getTotal == 1)
+    assert(getBatchListResponse6.getTotal === 1)
     sessionManager.allSessions().foreach(_.close())
 
     val queryCreateTime = System.currentTimeMillis()
@@ -420,7 +483,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       val response = webTarget.path("api/v1/batches")
         .request(MediaType.APPLICATION_JSON_TYPE)
         .post(Entity.entity(req, MediaType.APPLICATION_JSON_TYPE))
-      assert(500 == response.getStatus)
+      assert(response.getStatus === 500)
       assert(response.readEntity(classOf[String]).contains(msg))
     }
 
@@ -433,7 +496,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       val response = webTarget.path(s"api/v1/batches/$batchId")
         .request(MediaType.APPLICATION_JSON_TYPE)
         .get
-      assert(404 == response.getStatus)
+      assert(response.getStatus === 404)
       assert(response.readEntity(classOf[String]).contains(msg))
     }
   }
@@ -442,7 +505,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     val sessionManager = fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
     val kyuubiInstance = fe.connectionUrl
 
-    assert(sessionManager.getOpenSessionCount == 0)
+    assert(sessionManager.getOpenSessionCount === 0)
     val batchId1 = UUID.randomUUID().toString
     val batchId2 = UUID.randomUUID().toString
 
@@ -502,7 +565,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
 
     val restFe = fe.asInstanceOf[KyuubiRestFrontendService]
     restFe.recoverBatchSessions()
-    assert(sessionManager.getOpenSessionCount == 2)
+    assert(sessionManager.getOpenSessionCount === 2)
 
     val sessionHandle1 = SessionHandle.fromUUID(batchId1)
     val sessionHandle2 = SessionHandle.fromUUID(batchId2)
@@ -524,7 +587,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
     assert(sessionManager.getBatchesFromMetadataStore(
       MetadataFilter(engineType = "SPARK"),
       0,
-      Int.MaxValue).size == 2)
+      Int.MaxValue).size === 2)
   }
 
   test("get local log internal redirection") {
@@ -549,7 +612,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .queryParam("size", "1")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(logResponse.getStatus == 404)
+    assert(logResponse.getStatus === 404)
     assert(logResponse.readEntity(classOf[String]).contains("No local log found"))
 
     // get local batch log that is not existing
@@ -558,7 +621,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .queryParam("size", "1")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(logResponse.getStatus == 404)
+    assert(logResponse.getStatus === 404)
     assert(logResponse.readEntity(classOf[String]).contains("Invalid batchId"))
 
     val metadata2 = metadata.copy(
@@ -572,7 +635,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .queryParam("size", "1")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(logResponse.getStatus == 500)
+    assert(logResponse.getStatus === 500)
     assert(logResponse.readEntity(classOf[String]).contains(
       s"Api request failed for http://${metadata2.kyuubiInstance}"))
   }
@@ -601,7 +664,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .delete()
-    assert(deleteResp.getStatus == 200)
+    assert(deleteResp.getStatus === 200)
     assert(!deleteResp.readEntity(classOf[CloseBatchResponse]).isSuccess)
 
     // delete batch that is not existing
@@ -609,7 +672,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .delete()
-    assert(deleteResp.getStatus == 404)
+    assert(deleteResp.getStatus === 404)
     assert(deleteResp.readEntity(classOf[String]).contains("Invalid batchId:"))
 
     val metadata2 = metadata.copy(
@@ -622,7 +685,7 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
       .delete()
-    assert(deleteResp.getStatus == 200)
+    assert(deleteResp.getStatus === 200)
     assert(deleteResp.readEntity(classOf[CloseBatchResponse]).getMsg.contains(
       s"Api request failed for http://${metadata2.kyuubiInstance}"))
   }
@@ -637,10 +700,12 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       .request(MediaType.APPLICATION_JSON_TYPE)
       .header(conf.get(FRONTEND_PROXY_HTTP_CLIENT_IP_HEADER), realClientIp)
       .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
-    assert(200 == response.getStatus)
+    assert(response.getStatus === 200)
     val batch = response.readEntity(classOf[Batch])
-    val batchSession = sessionManager.getBatchSession(SessionHandle.fromUUID(batch.getId))
-    assert(batchSession.map(_.ipAddress).contains(realClientIp))
+    eventually(timeout(10.seconds)) {
+      val batchSession = sessionManager.getBatchSession(SessionHandle.fromUUID(batch.getId))
+      assert(batchSession.map(_.ipAddress).contains(realClientIp))
+    }
   }
 
   test("expose the metrics with operation type and current state") {
@@ -650,42 +715,47 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
       assert(getBatchJobSubmissionStateCounter(OperationState.RUNNING) === 0)
     }
 
-    val originalTerminateCounter = getBatchJobSubmissionStateCounter(OperationState.CANCELED) +
-      getBatchJobSubmissionStateCounter(OperationState.FINISHED) +
-      getBatchJobSubmissionStateCounter(OperationState.ERROR)
-
-    val requestObj = newSparkBatchRequest(Map("spark.master" -> "local"))
-
-    val response = webTarget.path("api/v1/batches")
-      .request(MediaType.APPLICATION_JSON_TYPE)
-      .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
-    assert(200 == response.getStatus)
-    var batch = response.readEntity(classOf[Batch])
+    val originalTerminatedCount =
+      getBatchJobSubmissionStateCounter(OperationState.CANCELED) +
+        getBatchJobSubmissionStateCounter(OperationState.FINISHED) +
+        getBatchJobSubmissionStateCounter(OperationState.ERROR)
 
-    assert(getBatchJobSubmissionStateCounter(OperationState.INITIALIZED) +
-      getBatchJobSubmissionStateCounter(OperationState.PENDING) +
-      getBatchJobSubmissionStateCounter(OperationState.RUNNING) === 1)
+    val batchId = UUID.randomUUID().toString
+    val requestObj = newSparkBatchRequest(Map(
+      "spark.master" -> "local",
+      KYUUBI_BATCH_ID_KEY -> batchId))
 
-    while (batch.getState == OperationState.PENDING.toString ||
-      batch.getState == OperationState.RUNNING.toString) {
-      val deleteResp = webTarget.path(s"api/v1/batches/${batch.getId}")
+    eventually(timeout(10.seconds)) {
+      val response = webTarget.path("api/v1/batches")
         .request(MediaType.APPLICATION_JSON_TYPE)
-        .delete()
-      assert(200 == deleteResp.getStatus)
+        .post(Entity.entity(requestObj, MediaType.APPLICATION_JSON_TYPE))
+      assert(response.getStatus === 200)
+      val batch = response.readEntity(classOf[Batch])
+      assert(batch.getState === OperationState.PENDING.toString ||
+        batch.getState === OperationState.RUNNING.toString)
+    }
 
-      batch = webTarget.path(s"api/v1/batches/${batch.getId}")
-        .request(MediaType.APPLICATION_JSON_TYPE)
-        .get().readEntity(classOf[Batch])
+    eventually(timeout(10.seconds)) {
+      assert(getBatchJobSubmissionStateCounter(OperationState.INITIALIZED) +
+        getBatchJobSubmissionStateCounter(OperationState.PENDING) +
+        getBatchJobSubmissionStateCounter(OperationState.RUNNING) === 1)
     }
 
-    assert(getBatchJobSubmissionStateCounter(OperationState.INITIALIZED) === 0)
-    assert(getBatchJobSubmissionStateCounter(OperationState.PENDING) === 0)
-    assert(getBatchJobSubmissionStateCounter(OperationState.RUNNING) === 0)
+    val deleteResp = webTarget.path(s"api/v1/batches/$batchId")
+      .request(MediaType.APPLICATION_JSON_TYPE)
+      .delete()
+    assert(deleteResp.getStatus === 200)
+
+    eventually(timeout(10.seconds)) {
+      assert(getBatchJobSubmissionStateCounter(OperationState.INITIALIZED) === 0)
+      assert(getBatchJobSubmissionStateCounter(OperationState.PENDING) === 0)
+      assert(getBatchJobSubmissionStateCounter(OperationState.RUNNING) === 0)
+    }
 
-    val currentTeminateCount = getBatchJobSubmissionStateCounter(OperationState.CANCELED) +
+    val currentTerminatedCount = getBatchJobSubmissionStateCounter(OperationState.CANCELED) +
       getBatchJobSubmissionStateCounter(OperationState.FINISHED) +
       getBatchJobSubmissionStateCounter(OperationState.ERROR)
-    assert(currentTeminateCount - originalTerminateCounter === 1)
+    assert(currentTerminatedCount - originalTerminatedCount === 1)
   }
 
   private def getBatchJobSubmissionStateCounter(state: OperationState): Long = {
@@ -706,9 +776,9 @@ class BatchesResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper wi
         Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
         newSparkBatchRequest(Map("spark.jars" -> "disAllowPath")))
     }
-    val sessionHandleRegex = "\\[[\\S]*\\]".r
+    val sessionHandleRegex = "\\[\\S*]".r
     val batchId = sessionHandleRegex.findFirstMatchIn(e.getMessage).get.group(0)
-      .replaceAll("\\[", "").replaceAll("\\]", "")
+      .replaceAll("\\[", "").replaceAll("]", "")
     assert(sessionManager.getBatchMetadata(batchId).map(_.state).contains("CANCELED"))
   }
 

From 156628cf72bfddbb786d2757ca37ebe5d323f4e0 Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Mon, 31 Jul 2023 20:32:16 +0800
Subject: [PATCH 531/760] [KYUUBI #5083] [DOC] Add LDAP document

### _Why are the changes needed?_

I'd like to update LDAP doc to guide users for setup LDAP authentication in Kyuubi.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="1395" alt="image" src="https://github.com/apache/kyuubi/assets/26535726/6925a8e3-dfaf-48ad-a442-bb635fe75830">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5083 from zhaohehuhu/Improvement-0721.

Closes #5083

8c0e149dd [Cheng Pan] polish
22f8d3aa6 [Cheng Pan] nit
822fa66b3 [hezhao2] sync
78ae12345 [hezhao2] further explanation for LDAP filters
7ebc61acf [Cheng Pan] Update docs/security/ldap.md
bb06810f7 [Cheng Pan] Update docs/security/ldap.md
8d19fdf31 [Cheng Pan] Update docs/security/ldap.md
c2fa2806e [Cheng Pan] Update docs/security/ldap.md
2acbb87db [hezhao2] update LDAP doc
22027e1f2 [hezhao2] update LDAP doc

Lead-authored-by: hezhao2 <hezhao2@cisco.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/security/ldap.md  | 60 ++++++++++++++++++++++++++++++++++++++++++
 docs/security/ldap.rst | 21 ---------------
 2 files changed, 60 insertions(+), 21 deletions(-)
 create mode 100644 docs/security/ldap.md
 delete mode 100644 docs/security/ldap.rst

diff --git a/docs/security/ldap.md b/docs/security/ldap.md
new file mode 100644
index 000000000..f668ad0c9
--- /dev/null
+++ b/docs/security/ldap.md
@@ -0,0 +1,60 @@
+<!--
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+
+# Configure Kyuubi to use LDAP Authentication
+
+Kyuubi can be configured to enable frontend LDAP authentication for clients, such as the BeeLine, or the JDBC and ODBC drivers.
+At present, only simple LDAP authentication mechanism involving username and password is supported. The client sends
+a username and password to the Kyuubi server, and the Kyuubi server validates these credentials using an external LDAP service.
+
+## Enable LDAP Authentication
+
+To enable LDAP authentication for Kyuubi, LDAP-related configurations is required to be configured in
+`$KYUUBI_HOME/conf/kyuubi-defaults.conf` on each node where Kyuubi server is installed.
+
+For example,
+
+```properties example
+kyuubi.authentication=LDAP
+kyuubi.authentication.ldap.baseDN=dc=org
+kyuubi.authentication.ldap.domain=apache.org
+kyuubi.authentication.ldap.binddn=uid=kyuubi,OU=Users,DC=apache,DC=org
+kyuubi.authentication.ldap.bindpw=kyuubi123123
+kyuubi.authentication.ldap.url=ldap://hostname.com:389/
+```
+
+## User and Group Filter in LDAP
+
+Kyuubi also supports complex LDAP cases as [Apache Hive](https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2#UserandGroupFilterSupportwithLDAPAtnProviderinHiveServer2-UserandGroupFilterSupportwithLDAP) does.
+
+For example,
+
+```properties example
+# Group Membership
+kyuubi.authentication.ldap.groupClassKey=groupOfNames
+kyuubi.authentication.ldap.groupDNPattern=CN=%s,OU=Groups,DC=apache,DC=org
+kyuubi.authentication.ldap.groupFilter=group1,group2
+kyuubi.authentication.ldap.groupMembershipKey=memberUid
+# User Search List
+kyuubi.authentication.ldap.userDNPattern=CN=%s,CN=Users,DC=apache,DC=org
+kyuubi.authentication.ldap.userFilter=hive-admin,hive,hive-test,hive-user
+# Custom Query
+kyuubi.authentication.ldap.customLDAPQuery=(&(objectClass=group)(objectClass=top)(instanceType=4)(cn=Domain*)), (&(objectClass=person)(|(sAMAccountName=admin)(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com))))
+```
+
+Please refer to [Settings for LDAP authentication in Kyuubi](../deployment/settings.html?highlight=LDAP#authentication)
+for all configurations.
diff --git a/docs/security/ldap.rst b/docs/security/ldap.rst
deleted file mode 100644
index 35cfcd6de..000000000
--- a/docs/security/ldap.rst
+++ /dev/null
@@ -1,21 +0,0 @@
-.. Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-..    http://www.apache.org/licenses/LICENSE-2.0
-
-.. Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-
-Configure Kyuubi to use LDAP Authentication
-===============================================
-
-.. warning::
-   the page is still in-progress.

From 9983d92b31cf4052fb363ca399976ee27c607681 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Mon, 31 Jul 2023 20:37:43 +0800
Subject: [PATCH 532/760] [KYUUBI #5108][Flink] Fix FileNotFoundException
 during Flink engine bootstrap

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5109 from link3280/bootstrap_file_not_found.

Closes #5108

318199fa2 [Paul Lin] [KYUUBI #5108][Flink] Fix iFileNotFoundException during Flink engine bootstrap

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/engine/flink/FlinkSQLEngine.scala    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 10ef9991f..6adda6390 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -102,7 +102,7 @@ object FlinkSQLEngine extends Logging {
       info("Flink engine started")
 
       if ("yarn-application".equalsIgnoreCase(executionTarget)) {
-        bootstrapFlinkApplicationExecutor(flinkConf)
+        bootstrapFlinkApplicationExecutor()
       }
 
       // blocking main thread
@@ -119,6 +119,7 @@ object FlinkSQLEngine extends Logging {
   }
 
   def startEngine(engineContext: DefaultContext): Unit = {
+    debug(s"Starting Flink SQL engine with default configuration: ${engineContext.getFlinkConfig}")
     currentEngine = Some(new FlinkSQLEngine(engineContext))
     currentEngine.foreach { engine =>
       engine.initialize(kyuubiConf)
@@ -127,9 +128,10 @@ object FlinkSQLEngine extends Logging {
     }
   }
 
-  private def bootstrapFlinkApplicationExecutor(flinkConf: Configuration) = {
-    // trigger an execution to initiate EmbeddedExecutor
-    info("Running initial Flink SQL in application mode.")
+  private def bootstrapFlinkApplicationExecutor() = {
+    // trigger an execution to initiate EmbeddedExecutor with the default flink conf
+    val flinkConf = new Configuration()
+    debug(s"Running initial Flink SQL in application mode with flink conf: $flinkConf.")
     val tableEnv = TableEnvironment.create(flinkConf)
     val res = tableEnv.executeSql("select 'kyuubi'")
     res.await()

From 0bd59e5bbaccfc203d5ef38b541cad309881e554 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 1 Aug 2023 11:34:33 +0800
Subject: [PATCH 533/760] [KYUUBI #3920][TEST] Fix flaky test - distribute lock

### _Why are the changes needed?_

Fix #3920

https://github.com/apache/kyuubi/actions/runs/5711863703/job/15474230690?pr=4790

```
DockerizedZkServiceDiscoverySuite:
- distribute lock *** FAILED ***
  Expected exception org.apache.kyuubi.KyuubiSQLException to be thrown, but no exception was thrown (DiscoveryClientTests.scala:147)
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5112 from pan3793/test-lock.

Closes #3920

d980f87dc [Cheng Pan] Fix flaky test - distribute lock

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/ha/client/DiscoveryClientTests.scala    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala
index a8523f7f9..9caf38646 100644
--- a/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala
+++ b/kyuubi-ha/src/test/scala/org/apache/kyuubi/ha/client/DiscoveryClientTests.scala
@@ -135,17 +135,17 @@ trait DiscoveryClientTests extends KyuubiFunSuite {
 
     new Thread(() => {
       withDiscoveryClient(conf) { discoveryClient =>
-        discoveryClient.tryWithLock(lockPath, 3000) {
+        discoveryClient.tryWithLock(lockPath, 10000) {
           lockLatch.countDown()
-          Thread.sleep(5000)
+          Thread.sleep(15000)
         }
       }
     }).start()
 
     withDiscoveryClient(conf) { discoveryClient =>
-      assert(lockLatch.await(5000, TimeUnit.MILLISECONDS))
+      assert(lockLatch.await(20000, TimeUnit.MILLISECONDS))
       val e = intercept[KyuubiSQLException] {
-        discoveryClient.tryWithLock(lockPath, 2000) {}
+        discoveryClient.tryWithLock(lockPath, 5000) {}
       }
       assert(e.getMessage contains s"Timeout to lock on path [$lockPath]")
     }

From ab3c3331221451dbc01b796f4e729190c6365278 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 1 Aug 2023 11:36:18 +0800
Subject: [PATCH 534/760] [KYUUBI #5117] [Minor] Code improvements for Java and
 Scala code

### _Why are the changes needed?_

- remove duplicated assignment for the same variable in adjacent lines in `FastHiveDecimalImpl`
- replace redundant `putAll` with collection initialization in `BatchRestApi`
- use `try-with-resources` statement with the reader and avoid declaring two variables in the same line of code in `KyuubiCommands`
- fix `warning: Tag 'return:' is not recognised` compilation warning in `KyuubiGetSqlClassification:L53`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5117 from bowenliang123/fastsignum.

Closes #5117

595b5747d [liangbowen] simplify
be530fac4 [liangbowen] fix warning: Tag '@return:' is not recognised compilation warning in KyuubiGetSqlClassification:L53
249706905 [liangbowen] use try-with-resources in KyuubiCommands
a54a97fdd [liangbowen] remove redundant addAll call to collection initialization
cc76d5d0f [liangbowen] remove repeated assignment

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../KyuubiGetSqlClassification.scala                 |  2 +-
 .../java/org/apache/hive/beeline/KyuubiCommands.java | 12 ++++--------
 .../kyuubi/jdbc/hive/common/FastHiveDecimalImpl.java |  1 -
 .../java/org/apache/kyuubi/client/BatchRestApi.java  |  3 +--
 4 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/sqlclassification/KyuubiGetSqlClassification.scala b/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/sqlclassification/KyuubiGetSqlClassification.scala
index e8aadc850..b94cdf346 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/sqlclassification/KyuubiGetSqlClassification.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-1/src/main/scala/org/apache/kyuubi/sql/sqlclassification/KyuubiGetSqlClassification.scala
@@ -55,7 +55,7 @@ object KyuubiGetSqlClassification extends Logging {
    *    You need to make sure that the configuration item: SQL_CLASSIFICATION_ENABLED
    *   is true
    * @param simpleName: the analyzied_logical_plan's getSimpleName
-   * @return: This sql's classification
+   * @return This sql's classification
    */
   def getSqlClassification(simpleName: String): String = {
     jsonNode.map { json =>
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
index af294ac6f..fcfee49ed 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiCommands.java
@@ -21,6 +21,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import java.io.*;
+import java.nio.file.Files;
 import java.sql.*;
 import java.util.*;
 import org.apache.hive.beeline.logs.KyuubiBeelineInPlaceUpdateStream;
@@ -86,10 +87,9 @@ private boolean sourceFile(String cmd) {
   }
 
   private boolean sourceFileInternal(File sourceFile) throws IOException {
-    BufferedReader reader = null;
-    try {
-      reader = new BufferedReader(new FileReader(sourceFile));
-      String lines = null, extra;
+    try (BufferedReader reader = Files.newBufferedReader(sourceFile.toPath())) {
+      String lines = null;
+      String extra;
       while ((extra = reader.readLine()) != null) {
         if (beeLine.isComment(extra)) {
           continue;
@@ -107,10 +107,6 @@ private boolean sourceFileInternal(File sourceFile) throws IOException {
           return false;
         }
       }
-    } finally {
-      if (reader != null) {
-        reader.close();
-      }
     }
     return true;
   }
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/FastHiveDecimalImpl.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/FastHiveDecimalImpl.java
index d3dba0f7b..65f17e734 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/FastHiveDecimalImpl.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/common/FastHiveDecimalImpl.java
@@ -5182,7 +5182,6 @@ public static boolean fastRoundIntegerDown(
       fastResult.fastIntegerDigitCount = 0;
       fastResult.fastScale = 0;
     } else {
-      fastResult.fastSignum = 0;
       fastResult.fastSignum = fastSignum;
       fastResult.fastIntegerDigitCount = fastRawPrecision(fastResult);
       fastResult.fastScale = 0;
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
index afcfe77d3..7d113308d 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/BatchRestApi.java
@@ -115,8 +115,7 @@ private IRestClient getClient() {
 
   private void setClientVersion(BatchRequest request) {
     if (request != null) {
-      Map<String, String> newConf = new HashMap<>();
-      newConf.putAll(request.getConf());
+      Map<String, String> newConf = new HashMap<>(request.getConf());
       newConf.put(VersionUtils.KYUUBI_CLIENT_VERSION_KEY, VersionUtils.getVersion());
       request.setConf(newConf);
     }

From 94b2b9bb336950723df604cc56cf3fbf529e86a9 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 1 Aug 2023 17:05:42 +0800
Subject: [PATCH 535/760] [KYUUBI #5113] Remove dummy Spark Kudu connector
 module

### _Why are the changes needed?_

It was planned but actually delayed, remove this dummy module to save CI and avoid confusing users and release managers.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5113 from pan3793/remove-kudu.

Closes #5113

ff8fd2e6a [Cheng Pan] Remove Spark Kudu connector

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/style.yml                   |   2 +-
 dev/kyuubi-codecov/pom.xml                    |   5 -
 .../spark/kyuubi-spark-connector-kudu/pom.xml | 225 ------------------
 .../src/test/resources/kudu-compose.yml       |  64 -----
 .../src/test/resources/log4j2-test.xml        |  43 ----
 .../connector/kudu/KuduClientSuite.scala      |  32 ---
 .../spark/connector/kudu/KuduMixin.scala      |  41 ----
 pom.xml                                       |   8 -
 8 files changed, 1 insertion(+), 419 deletions(-)
 delete mode 100644 extensions/spark/kyuubi-spark-connector-kudu/pom.xml
 delete mode 100644 extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/kudu-compose.yml
 delete mode 100644 extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/log4j2-test.xml
 delete mode 100644 extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduClientSuite.scala
 delete mode 100644 extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduMixin.scala

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 11a9580c4..6f575302e 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -67,7 +67,7 @@ jobs:
           MVN_OPT="-DskipTests -Dorg.slf4j.simpleLogger.defaultLogLevel=warn -Dmaven.javadoc.skip=true -Drat.skip=true -Dscalastyle.skip=true -Dspotless.check.skip"
           build/mvn clean install ${MVN_OPT} -Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.2,tpcds
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
-          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-kudu,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
+          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-4 -Pspark-3.4
 
       - name: Scalastyle with maven
diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index 3dfc7b986..09ced96a1 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -197,11 +197,6 @@
                     <artifactId>kyuubi-extension-spark-3-3_${scala.binary.version}</artifactId>
                     <version>${project.version}</version>
                 </dependency>
-                <dependency>
-                    <groupId>org.apache.kyuubi</groupId>
-                    <artifactId>kyuubi-spark-connector-kudu_${scala.binary.version}</artifactId>
-                    <version>${project.version}</version>
-                </dependency>
                 <dependency>
                     <groupId>org.apache.kyuubi</groupId>
                     <artifactId>kyuubi-spark-connector-hive_${scala.binary.version}</artifactId>
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/pom.xml b/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
deleted file mode 100644
index cb1cec449..000000000
--- a/extensions/spark/kyuubi-spark-connector-kudu/pom.xml
+++ /dev/null
@@ -1,225 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.apache.kyuubi</groupId>
-        <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
-        <relativePath>../../../pom.xml</relativePath>
-    </parent>
-
-    <artifactId>kyuubi-spark-connector-kudu_2.12</artifactId>
-    <packaging>jar</packaging>
-    <name>Kyuubi Spark Kudu Connector</name>
-    <url>https://kyuubi.apache.org/</url>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.scala-lang</groupId>
-            <artifactId>scala-library</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-api</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-core</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-sql_${scala.binary.version}</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-client-api</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.kudu</groupId>
-            <artifactId>kudu-client</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-catalyst_${scala.binary.version}</artifactId>
-            <type>test-jar</type>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.scalatestplus</groupId>
-            <artifactId>scalacheck-1-17_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>com.dimafeng</groupId>
-            <artifactId>testcontainers-scala-scalatest_${scala.binary.version}</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-sql_${scala.binary.version}</artifactId>
-            <version>${spark.version}</version>
-            <type>test-jar</type>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.kyuubi</groupId>
-            <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.kyuubi</groupId>
-            <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
-            <version>${project.version}</version>
-            <type>test-jar</type>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-client-runtime</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <!--
-          Spark requires `commons-collections` and `commons-io` but got them from transitive
-          dependencies of `hadoop-client`. As we are using Hadoop Shaded Client, we need add
-          them explicitly. See more details at SPARK-33212.
-          -->
-        <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>jakarta.xml.bind</groupId>
-            <artifactId>jakarta.xml.bind-api</artifactId>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-
-    <build>
-
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <configuration>
-                    <skip>true</skip>
-                </configuration>
-            </plugin>
-
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-shade-plugin</artifactId>
-                <configuration>
-                    <shadedArtifactAttached>false</shadedArtifactAttached>
-                    <artifactSet>
-                        <includes>
-                            <include>org.apache.kudu:kudu-client</include>
-                            <include>org.apache.kyuubi:*</include>
-                            <include>com.stumbleupon:async</include>
-                        </includes>
-                    </artifactSet>
-                    <filters>
-                        <filter>
-                            <artifact>org.apache.kudu:kudu-client</artifact>
-                            <excludes>
-                                <exclude>META-INF/maven/**</exclude>
-                                <exclude>META-INF/native/**</exclude>
-                                <exclude>META-INF/native-image/**</exclude>
-                                <exclude>MANIFEST.MF</exclude>
-                                <exclude>LICENSE</exclude>
-                                <exclude>LICENSE.txt</exclude>
-                                <exclude>NOTICE</exclude>
-                                <exclude>NOTICE.txt</exclude>
-                                <exclude>*.properties</exclude>
-                                <exclude>**/*.proto</exclude>
-                            </excludes>
-                        </filter>
-                    </filters>
-                    <relocations>
-                        <relocation>
-                            <pattern>org.apache.kudu</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.kudu</shadedPattern>
-                            <includes>
-                                <include>org.apache.kudu.**</include>
-                            </includes>
-                        </relocation>
-                        <relocation>
-                            <pattern>com.stumbleupon:async</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.com.stumbleupon.async</shadedPattern>
-                            <includes>
-                                <include>com.stumbleupon.async.**</include>
-                            </includes>
-                        </relocation>
-                    </relocations>
-                </configuration>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>shade</goal>
-                        </goals>
-                        <phase>package</phase>
-                    </execution>
-                </executions>
-            </plugin>
-
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>prepare-test-jar</id>
-                        <goals>
-                            <goal>test-jar</goal>
-                        </goals>
-                        <phase>test-compile</phase>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
-        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
-    </build>
-</project>
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/kudu-compose.yml b/extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/kudu-compose.yml
deleted file mode 100644
index 149cd5d47..000000000
--- a/extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/kudu-compose.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-version: "3"
-services:
-  kudu-master:
-    image: apache/kudu:1.15.0
-    hostname: kudu-master
-    ports:
-      - "7051"
-      - "8051"
-    command: ["master"]
-    environment:
-      - KUDU_MASTERS=kudu-master
-
-  kudu-tserver-1:
-    image: apache/kudu:1.15.0
-    depends_on:
-      - kudu-master
-    hostname: kudu-tserver-1
-    ports:
-      - "7050"
-      - "8050"
-    command: ["tserver"]
-    environment:
-      - KUDU_MASTERS=kudu-master
-
-  kudu-tserver-2:
-    image: apache/kudu:1.15.0
-    depends_on:
-      - kudu-master
-    hostname: kudu-tserver-2
-    ports:
-      - "7050"
-      - "8050"
-    command: [ "tserver" ]
-    environment:
-      - KUDU_MASTERS=kudu-master
-
-  kudu-tserver-3:
-    image: apache/kudu:1.15.0
-    depends_on:
-      - kudu-master
-    hostname: kudu-tserver-3
-    ports:
-      - "7050"
-      - "8050"
-    command: [ "tserver" ]
-    environment:
-      - KUDU_MASTERS=kudu-master
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/log4j2-test.xml
deleted file mode 100644
index bfc40dd6d..000000000
--- a/extensions/spark/kyuubi-spark-connector-kudu/src/test/resources/log4j2-test.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~     http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!-- Extra logging related to initialization of Log4j. 
- Set to debug or trace if log4j initialization is failing. -->
-<Configuration status="WARN">
-    <Appenders>
-        <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
-            <Filters>
-                <ThresholdFilter level="FATAL"/>
-                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
-            </Filters>
-        </Console>
-        <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
-            <Filters>
-                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
-            </Filters>
-        </File>
-    </Appenders>
-    <Loggers>
-        <Root level="INFO">
-            <AppenderRef ref="stdout"/>
-            <AppenderRef ref="file"/>
-        </Root>
-    </Loggers>
-</Configuration>
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduClientSuite.scala b/extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduClientSuite.scala
deleted file mode 100644
index eebb4719c..000000000
--- a/extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduClientSuite.scala
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.spark.connector.kudu
-
-import org.apache.kudu.client.KuduClient
-
-import org.apache.kyuubi.KyuubiFunSuite
-
-class KuduClientSuite extends KyuubiFunSuite with KuduMixin {
-
-  test("kudu client") {
-    val builder = new KuduClient.KuduClientBuilder(kuduMasterUrl)
-    val kuduClient = builder.build()
-
-    assert(kuduClient.findLeaderMasterServer().getPort === kuduMasterPort)
-  }
-}
diff --git a/extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduMixin.scala b/extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduMixin.scala
deleted file mode 100644
index dee09db38..000000000
--- a/extensions/spark/kyuubi-spark-connector-kudu/src/test/scala/org/apache/kyuubi/spark/connector/kudu/KuduMixin.scala
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.kyuubi.spark.connector.kudu
-
-import java.io.File
-
-import com.dimafeng.testcontainers.{DockerComposeContainer, ExposedService, ForAllTestContainer}
-
-import org.apache.kyuubi.{KyuubiFunSuite, Utils}
-
-trait KuduMixin extends KyuubiFunSuite with ForAllTestContainer {
-
-  private val KUDU_MASTER_PORT = 7051
-
-  override val container: DockerComposeContainer =
-    DockerComposeContainer
-      .Def(
-        composeFiles =
-          new File(Utils.getContextOrKyuubiClassLoader.getResource("kudu-compose.yml").toURI),
-        exposedServices = ExposedService("kudu-master", KUDU_MASTER_PORT) :: Nil)
-      .createContainer()
-
-  def kuduMasterHost: String = container.getServiceHost("kudu-master", KUDU_MASTER_PORT)
-  def kuduMasterPort: Int = container.getServicePort("kudu-master", KUDU_MASTER_PORT)
-  def kuduMasterUrl: String = s"$kuduMasterHost:$kuduMasterPort"
-}
diff --git a/pom.xml b/pom.xml
index e3da6a6a8..9d30d0ec4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -169,7 +169,6 @@
         <junit.version>4.13.2</junit.version>
         <kafka.version>3.4.0</kafka.version>
         <kubernetes-client.version>6.7.2</kubernetes-client.version>
-        <kudu.version>1.15.0</kudu.version>
         <kyuubi-shaded-zookeeper.artifacts>kyuubi-shaded-zookeeper-34</kyuubi-shaded-zookeeper.artifacts>
         <kyuubi-shaded-zookeeper.version>0.1.0</kyuubi-shaded-zookeeper.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>
@@ -1461,11 +1460,6 @@
                 <version>${sqlite.version}</version>
             </dependency>
 
-            <dependency>
-                <groupId>org.apache.kudu</groupId>
-                <artifactId>kudu-client</artifactId>
-                <version>${kudu.version}</version>
-            </dependency>
             <dependency>
                 <groupId>net.sf.py4j</groupId>
                 <artifactId>py4j</artifactId>
@@ -2166,7 +2160,6 @@
                 <module>extensions/spark/kyuubi-extension-spark-common</module>
                 <module>extensions/spark/kyuubi-extension-spark-3-3</module>
                 <module>extensions/spark/kyuubi-spark-connector-hive</module>
-                <module>extensions/spark/kyuubi-spark-connector-kudu</module>
             </modules>
             <properties>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
@@ -2178,7 +2171,6 @@
             <modules>
                 <module>extensions/spark/kyuubi-extension-spark-3-4</module>
                 <module>extensions/spark/kyuubi-spark-connector-hive</module>
-                <module>extensions/spark/kyuubi-spark-connector-kudu</module>
             </modules>
             <properties>
                 <delta.version>2.4.0</delta.version>

From 64dd50876f2e1535f65f69e48486c6fc1dea2dc5 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Tue, 1 Aug 2023 17:07:07 +0800
Subject: [PATCH 536/760] [KYUUBI #4940] Implement Kyuubi UDF in Hive engine

### _Why are the changes needed?_

close #4940

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5110 from lsm1/features/kyuubi_4940.

Closes #4940

6c0a9a37f [senmiaoliu] add kdf for hive engine

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/hive/HiveSQLEngine.scala    |   4 +
 .../engine/hive/operation/HiveOperation.scala |   3 +
 .../engine/hive/session/HiveSessionImpl.scala |   2 +
 .../kyuubi/engine/hive/udf/KDFRegistry.scala  | 169 ++++++++++++++++++
 .../hive/udf/KyuubiDefinedFunction.scala      |  34 ++++
 .../hive/operation/HiveOperationSuite.scala   |  18 +-
 ...yuubiOperationHiveEnginePerUserSuite.scala |  17 ++
 .../org/apache/kyuubi/engine/EngineRef.scala  |   1 +
 .../engine/hive/HiveProcessBuilder.scala      |   5 +-
 9 files changed, 251 insertions(+), 2 deletions(-)
 create mode 100644 externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KDFRegistry.scala
 create mode 100644 externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunction.scala

diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/HiveSQLEngine.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/HiveSQLEngine.scala
index 839da710e..3cc426c43 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/HiveSQLEngine.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/HiveSQLEngine.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.engine.hive
 
 import java.security.PrivilegedExceptionAction
+import java.time.Instant
 
 import scala.util.control.NonFatal
 
@@ -65,6 +66,7 @@ object HiveSQLEngine extends Logging {
   var currentEngine: Option[HiveSQLEngine] = None
   val hiveConf = new HiveConf()
   val kyuubiConf = new KyuubiConf()
+  val user = UserGroupInformation.getCurrentUser.getShortUserName
 
   def startEngine(): Unit = {
     try {
@@ -97,6 +99,8 @@ object HiveSQLEngine extends Logging {
     }
 
     val engine = new HiveSQLEngine()
+    val appName = s"kyuubi_${user}_hive_${Instant.now}"
+    hiveConf.setIfUnset("hive.engine.name", appName)
     info(s"Starting ${engine.getName}")
     engine.initialize(kyuubiConf)
     EventBus.post(HiveEngineEvent(engine))
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
index 2df4a072a..c7166356d 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
@@ -24,6 +24,7 @@ import org.apache.hive.service.cli.session.{HiveSession, SessionManager => HiveS
 import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet}
 
 import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
 import org.apache.kyuubi.engine.hive.session.HiveSessionImpl
 import org.apache.kyuubi.operation.{AbstractOperation, FetchOrientation, OperationState, OperationStatus}
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
@@ -43,12 +44,14 @@ abstract class HiveOperation(session: Session) extends AbstractOperation(session
 
   override def beforeRun(): Unit = {
     setState(OperationState.RUNNING)
+    hive.getHiveConf.set(KYUUBI_SESSION_USER_KEY, session.user)
   }
 
   override def afterRun(): Unit = {
     withLockRequired {
       if (!isTerminalState(state)) {
         setState(OperationState.FINISHED)
+        hive.getHiveConf.unset(KYUUBI_SESSION_USER_KEY)
       }
     }
   }
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionImpl.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionImpl.scala
index 3b85f94df..5069b1379 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionImpl.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/session/HiveSessionImpl.scala
@@ -27,6 +27,7 @@ import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtoco
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.engine.hive.events.HiveSessionEvent
+import org.apache.kyuubi.engine.hive.udf.KDFRegistry
 import org.apache.kyuubi.events.EventBus
 import org.apache.kyuubi.operation.{Operation, OperationHandle}
 import org.apache.kyuubi.session.{AbstractSession, SessionHandle, SessionManager}
@@ -48,6 +49,7 @@ class HiveSessionImpl(
     val confClone = new HashMap[String, String]()
     confClone.putAll(conf.asJava) // pass conf.asScala not support `put` method
     hive.open(confClone)
+    KDFRegistry.registerAll()
     EventBus.post(sessionEvent)
   }
 
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KDFRegistry.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KDFRegistry.scala
new file mode 100644
index 000000000..5ff468b77
--- /dev/null
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KDFRegistry.scala
@@ -0,0 +1,169 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.hive.udf
+
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.hadoop.hive.ql.exec.{FunctionRegistry, UDFArgumentLengthException}
+import org.apache.hadoop.hive.ql.session.SessionState
+import org.apache.hadoop.hive.ql.udf.generic.GenericUDF
+import org.apache.hadoop.hive.serde2.objectinspector.ObjectInspector
+import org.apache.hadoop.hive.serde2.objectinspector.primitive.{PrimitiveObjectInspectorFactory, StringObjectInspector}
+
+import org.apache.kyuubi.{KYUUBI_VERSION, Utils}
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_ID, KYUUBI_SESSION_USER_KEY}
+
+object KDFRegistry {
+
+  @transient
+  val registeredFunctions = new ArrayBuffer[KyuubiDefinedFunction]()
+
+  val kyuubi_version: KyuubiDefinedFunction = create(
+    "kyuubi_version",
+    new KyuubiVersionFunction,
+    "Return the version of Kyuubi Server",
+    "string",
+    "1.8.0")
+
+  val engine_name: KyuubiDefinedFunction = create(
+    "engine_name",
+    new EngineNameFunction,
+    "Return the name of engine",
+    "string",
+    "1.8.0")
+
+  val engine_id: KyuubiDefinedFunction = create(
+    "engine_id",
+    new EngineIdFunction,
+    "Return the id of engine",
+    "string",
+    "1.8.0")
+
+  val system_user: KyuubiDefinedFunction = create(
+    "system_user",
+    new SystemUserFunction,
+    "Return the system user",
+    "string",
+    "1.8.0")
+
+  val session_user: KyuubiDefinedFunction = create(
+    "session_user",
+    new SessionUserFunction,
+    "Return the session user",
+    "string",
+    "1.8.0")
+
+  def create(
+      name: String,
+      udf: GenericUDF,
+      description: String,
+      returnType: String,
+      since: String): KyuubiDefinedFunction = {
+    val kdf = KyuubiDefinedFunction(name, udf, description, returnType, since)
+    registeredFunctions += kdf
+    kdf
+  }
+
+  def registerAll(): Unit = {
+    for (func <- registeredFunctions) {
+      FunctionRegistry.registerTemporaryUDF(func.name, func.udf.getClass)
+    }
+  }
+}
+
+class KyuubiVersionFunction() extends GenericUDF {
+  private val returnOI: StringObjectInspector =
+    PrimitiveObjectInspectorFactory.javaStringObjectInspector
+  override def initialize(arguments: Array[ObjectInspector]): ObjectInspector = {
+    if (arguments.length != 0) {
+      throw new UDFArgumentLengthException("The function kyuubi_version() takes no arguments, got "
+        + arguments.length)
+    }
+    returnOI
+  }
+
+  override def evaluate(arguments: Array[GenericUDF.DeferredObject]): AnyRef = KYUUBI_VERSION
+
+  override def getDisplayString(children: Array[String]): String = "kyuubi_version()"
+}
+
+class EngineNameFunction() extends GenericUDF {
+  private val returnOI: StringObjectInspector =
+    PrimitiveObjectInspectorFactory.javaStringObjectInspector
+  override def initialize(arguments: Array[ObjectInspector]): ObjectInspector = {
+    if (arguments.length != 0) {
+      throw new UDFArgumentLengthException("The function engine_name() takes no arguments, got "
+        + arguments.length)
+    }
+    returnOI
+  }
+  override def evaluate(arguments: Array[GenericUDF.DeferredObject]): AnyRef =
+    SessionState.get.getConf.get("hive.engine.name", "")
+  override def getDisplayString(children: Array[String]): String = "engine_name()"
+}
+
+class EngineIdFunction() extends GenericUDF {
+  private val returnOI: StringObjectInspector =
+    PrimitiveObjectInspectorFactory.javaStringObjectInspector
+  override def initialize(arguments: Array[ObjectInspector]): ObjectInspector = {
+    if (arguments.length != 0) {
+      throw new UDFArgumentLengthException("The function engine_id() takes no arguments, got "
+        + arguments.length)
+    }
+    returnOI
+  }
+
+  override def evaluate(arguments: Array[GenericUDF.DeferredObject]): AnyRef =
+    SessionState.get.getConf.get(KYUUBI_ENGINE_ID, "")
+
+  override def getDisplayString(children: Array[String]): String = "engine_id()"
+}
+
+class SystemUserFunction() extends GenericUDF {
+  private val returnOI: StringObjectInspector =
+    PrimitiveObjectInspectorFactory.javaStringObjectInspector
+  override def initialize(arguments: Array[ObjectInspector]): ObjectInspector = {
+    if (arguments.length != 0) {
+      throw new UDFArgumentLengthException("The function system_user() takes no arguments, got "
+        + arguments.length)
+    }
+    returnOI
+  }
+
+  override def evaluate(arguments: Array[GenericUDF.DeferredObject]): AnyRef = Utils.currentUser
+
+  override def getDisplayString(children: Array[String]): String = "system_user()"
+}
+
+class SessionUserFunction() extends GenericUDF {
+  private val returnOI: StringObjectInspector =
+    PrimitiveObjectInspectorFactory.javaStringObjectInspector
+  override def initialize(arguments: Array[ObjectInspector]): ObjectInspector = {
+    if (arguments.length != 0) {
+      throw new UDFArgumentLengthException("The function session_user() takes no arguments, got "
+        + arguments.length)
+    }
+    returnOI
+  }
+
+  override def evaluate(arguments: Array[GenericUDF.DeferredObject]): AnyRef = {
+    SessionState.get.getConf.get(KYUUBI_SESSION_USER_KEY, "")
+  }
+
+  override def getDisplayString(children: Array[String]): String = "session_user()"
+}
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunction.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunction.scala
new file mode 100644
index 000000000..ee91a804e
--- /dev/null
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunction.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.hive.udf
+
+import org.apache.hadoop.hive.ql.udf.generic.GenericUDF
+
+/**
+ * A wrapper for Hive's [[UserDefinedFunction]]
+ *
+ * @param name function name
+ * @param udf user-defined function
+ * @param description function description
+ */
+case class KyuubiDefinedFunction(
+    name: String,
+    udf: GenericUDF,
+    description: String,
+    returnType: String,
+    since: String)
diff --git a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationSuite.scala b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationSuite.scala
index f949ec37a..eb10e0b41 100644
--- a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationSuite.scala
+++ b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationSuite.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.hive.operation
 
 import org.apache.commons.lang3.{JavaVersion, SystemUtils}
 
-import org.apache.kyuubi.{HiveEngineTests, Utils}
+import org.apache.kyuubi.{HiveEngineTests, KYUUBI_VERSION, Utils}
 import org.apache.kyuubi.engine.hive.HiveSQLEngine
 import org.apache.kyuubi.jdbc.hive.KyuubiStatement
 
@@ -49,4 +49,20 @@ class HiveOperationSuite extends HiveEngineTests {
       assert(kyuubiStatement.getQueryId != null)
     }
   }
+
+  test("kyuubi defined function - kyuubi_version") {
+    withJdbcStatement("hive_engine_test") { statement =>
+      val rs = statement.executeQuery("SELECT kyuubi_version()")
+      assert(rs.next())
+      assert(rs.getString(1) == KYUUBI_VERSION)
+    }
+  }
+
+  test("kyuubi defined function - engine_name") {
+    withJdbcStatement("hive_engine_test") { statement =>
+      val rs = statement.executeQuery("SELECT engine_name()")
+      assert(rs.next())
+      assert(rs.getString(1).nonEmpty)
+    }
+  }
 }
diff --git a/integration-tests/kyuubi-hive-it/src/test/scala/org/apache/kyuubi/it/hive/operation/KyuubiOperationHiveEnginePerUserSuite.scala b/integration-tests/kyuubi-hive-it/src/test/scala/org/apache/kyuubi/it/hive/operation/KyuubiOperationHiveEnginePerUserSuite.scala
index a4e6bb150..07e2bc0f2 100644
--- a/integration-tests/kyuubi-hive-it/src/test/scala/org/apache/kyuubi/it/hive/operation/KyuubiOperationHiveEnginePerUserSuite.scala
+++ b/integration-tests/kyuubi-hive-it/src/test/scala/org/apache/kyuubi/it/hive/operation/KyuubiOperationHiveEnginePerUserSuite.scala
@@ -61,4 +61,21 @@ class KyuubiOperationHiveEnginePerUserSuite extends WithKyuubiServer with HiveEn
       }
     }
   }
+
+  test("kyuubi defined function - system_user, session_user") {
+    withJdbcStatement("hive_engine_test") { statement =>
+      val rs = statement.executeQuery("SELECT system_user(), session_user()")
+      assert(rs.next())
+      assert(rs.getString(1) === Utils.currentUser)
+      assert(rs.getString(2) === Utils.currentUser)
+    }
+  }
+
+  test("kyuubi defined function - engine_id") {
+    withJdbcStatement("hive_engine_test") { statement =>
+      val rs = statement.executeQuery("SELECT engine_id()")
+      assert(rs.next())
+      assert(rs.getString(1).nonEmpty)
+    }
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index ae40fbd4f..052f1de0f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -195,6 +195,7 @@ private[kyuubi] class EngineRef(
       case TRINO =>
         new TrinoProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case HIVE_SQL =>
+        conf.setIfMissing(HiveProcessBuilder.HIVE_ENGINE_NAME, defaultEngineName)
         new HiveProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case JDBC =>
         new JdbcProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/hive/HiveProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/hive/HiveProcessBuilder.scala
index e86597c5c..61fe55887 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/hive/HiveProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/hive/HiveProcessBuilder.scala
@@ -29,7 +29,7 @@ import com.google.common.annotations.VisibleForTesting
 import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_HIVE_EXTRA_CLASSPATH, ENGINE_HIVE_JAVA_OPTIONS, ENGINE_HIVE_MEMORY}
-import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_ENGINE_ID, KYUUBI_SESSION_USER_KEY}
 import org.apache.kyuubi.engine.{KyuubiApplicationManager, ProcBuilder}
 import org.apache.kyuubi.engine.hive.HiveProcessBuilder._
 import org.apache.kyuubi.operation.log.OperationLog
@@ -106,6 +106,8 @@ class HiveProcessBuilder(
 
     buffer += "--conf"
     buffer += s"$KYUUBI_SESSION_USER_KEY=$proxyUser"
+    buffer += "--conf"
+    buffer += s"$KYUUBI_ENGINE_ID=$engineRefId"
 
     for ((k, v) <- conf.getAll) {
       buffer += "--conf"
@@ -121,4 +123,5 @@ class HiveProcessBuilder(
 
 object HiveProcessBuilder {
   final val HIVE_HADOOP_CLASSPATH_KEY = "HIVE_HADOOP_CLASSPATH"
+  final val HIVE_ENGINE_NAME = "hive.engine.name"
 }

From ea1660659667eda678b1dd1fa1a1e17a268f191c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 1 Aug 2023 17:07:43 +0800
Subject: [PATCH 537/760] [KYUUBI #5116] Bump Hadoop 3.3.6

### _Why are the changes needed?_

https://hadoop.apache.org/release/3.3.6.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5116 from pan3793/hadoop-3.3.6.

Closes #5116

c3717e7fb [Cheng Pan] Bump Hadoop 3.3.6

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 4 ++--
 pom.xml            | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 9ac0d32fa..23573a598 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -48,8 +48,8 @@ grpc-protobuf/1.53.0//grpc-protobuf-1.53.0.jar
 grpc-stub/1.53.0//grpc-stub-1.53.0.jar
 gson/2.9.0//gson-2.9.0.jar
 guava/32.0.1-jre//guava-32.0.1-jre.jar
-hadoop-client-api/3.3.5//hadoop-client-api-3.3.5.jar
-hadoop-client-runtime/3.3.5//hadoop-client-runtime-3.3.5.jar
+hadoop-client-api/3.3.6//hadoop-client-api-3.3.6.jar
+hadoop-client-runtime/3.3.6//hadoop-client-runtime-3.3.6.jar
 hive-common/3.1.3//hive-common-3.1.3.jar
 hive-metastore/3.1.3//hive-metastore-3.1.3.jar
 hive-serde/3.1.3//hive-serde-3.1.3.jar
diff --git a/pom.xml b/pom.xml
index 9d30d0ec4..fe418206a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -145,7 +145,7 @@
         <grpc.version>1.53.0</grpc.version>
         <guava.version>32.0.1-jre</guava.version>
         <guava.failureaccess.version>1.0.1</guava.failureaccess.version>
-        <hadoop.version>3.3.5</hadoop.version>
+        <hadoop.version>3.3.6</hadoop.version>
         <hikaricp.version>4.0.3</hikaricp.version>
         <derby.version>10.14.2.0</derby.version>
         <fliptables.verion>1.0.2</fliptables.verion>

From f0d256a15bb4db2a50f5cd73efb6e3c6173e20e2 Mon Sep 17 00:00:00 2001
From: camper42 <camper.xlii@gmail.com>
Date: Tue, 1 Aug 2023 22:12:11 +0800
Subject: [PATCH 538/760] [KYUUBI #4788][K8S][HELM] Use StatefulSet instead of
 Deployment

### _Why are the changes needed?_

Use StatefulSet instead of Deployment, add a headless service for statefulset

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

![image](https://github.com/apache/kyuubi/assets/3177898/0991c287-cf1a-40f1-8e50-3934bd2886ca)
![image](https://github.com/apache/kyuubi/assets/3177898/9a5d11a5-2ac9-468e-bfcb-9a070f54c6b4)

Closes #5062 from camper42/statefulset.

Closes #4788

a1a7f1b0e [camper42] style: remove redudant Global variable `$`
5286f4ff4 [camper42] fix: set statefulset podManagementPolicy
ed83ae2e8 [camper42] style: move headless service to separate file
97b76ea24 [camper42] use `clusterIP: None` for headless serivce
d2078ffe5 [Cheng Pan] Update charts/kyuubi/templates/kyuubi-statefulset.yaml
35c7e0f90 [Cheng Pan] Update charts/kyuubi/templates/kyuubi-statefulset.yaml
8d970d21d [camper42] style: indent
3cf22748f [camper42] [KYUUBI #4788][K8S][HELM] Use StatefulSet instead of Deployment

Lead-authored-by: camper42 <camper.xlii@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../templates/kyuubi-headless-service.yaml    | 35 +++++++++++++++++++
 ...eployment.yaml => kyuubi-statefulset.yaml} | 11 ++++--
 charts/kyuubi/values.yaml                     | 20 +++++++++++
 3 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 charts/kyuubi/templates/kyuubi-headless-service.yaml
 rename charts/kyuubi/templates/{kyuubi-deployment.yaml => kyuubi-statefulset.yaml} (93%)

diff --git a/charts/kyuubi/templates/kyuubi-headless-service.yaml b/charts/kyuubi/templates/kyuubi-headless-service.yaml
new file mode 100644
index 000000000..895859bac
--- /dev/null
+++ b/charts/kyuubi/templates/kyuubi-headless-service.yaml
@@ -0,0 +1,35 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-headless
+  labels:
+    {{- include "kyuubi.labels" $ | nindent 4 }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    {{- range $name, $frontend := .Values.server }}
+    - name: {{ $name | kebabcase }}
+      port: {{ tpl $frontend.service.port $ }}
+      targetPort: {{ $frontend.port }}
+    {{- end }}
+  selector:
+    {{- include "kyuubi.selectorLabels" $ | nindent 4 }}
+
diff --git a/charts/kyuubi/templates/kyuubi-deployment.yaml b/charts/kyuubi/templates/kyuubi-statefulset.yaml
similarity index 93%
rename from charts/kyuubi/templates/kyuubi-deployment.yaml
rename to charts/kyuubi/templates/kyuubi-statefulset.yaml
index a81ec01e9..626796a78 100644
--- a/charts/kyuubi/templates/kyuubi-deployment.yaml
+++ b/charts/kyuubi/templates/kyuubi-statefulset.yaml
@@ -16,16 +16,23 @@
 */}}
 
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: {{ .Release.Name }}
   labels:
     {{- include "kyuubi.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "kyuubi.selectorLabels" . | nindent 6 }}
+  serviceName: {{ .Release.Name }}-headless
+  minReadySeconds: {{ .Values.minReadySeconds }}
+  replicas: {{ .Values.replicaCount }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  podManagementPolicy: {{ .Values.podManagementPolicy }}
+  {{- with .Values.updateStrategy }}
+  updateStrategy: {{- toYaml . | nindent 4 }}
+  {{- end }}
   template:
     metadata:
       labels:
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index f239e18a3..940a7c80e 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -22,6 +22,26 @@
 # Kyuubi server numbers
 replicaCount: 2
 
+# controls how Kyuubi server pods are created during initial scale up,
+# when replacing pods on nodes, or when scaling down.
+# The default policy is `OrderedReady`, alternative policy is `Parallel`.
+podManagementPolicy: OrderedReady
+
+# Minimum number of seconds for which a newly created kyuubi server
+# should be ready without any of its container crashing for it to be considered available.
+minReadySeconds: 30
+
+# maximum number of revisions that will be maintained in the StatefulSet's revision history.
+revisionHistoryLimit: 10
+
+# indicates the StatefulSetUpdateStrategy that will be employed to update Kyuubi server Pods in the StatefulSet
+# when a revision is made to Template.
+updateStrategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 1
+    partition: 0
+
 image:
   repository: apache/kyuubi
   pullPolicy: IfNotPresent

From 224ae7cc4f1617f9afb69452ba05f09837e5e42b Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Thu, 3 Aug 2023 09:39:49 +0800
Subject: [PATCH 539/760] [KYUUBI #5122][DOC] Hive KDF usage

### _Why are the changes needed?_

close #5122

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5125 from lsm1/features/kyuubi_5122.

Closes #5122

02d0769cc [senmiaoliu] add hive kdf docs

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/extensions/engines/hive/functions.md     | 30 ++++++++
 docs/extensions/engines/hive/index.rst        |  1 +
 externals/kyuubi-hive-sql-engine/pom.xml      |  6 ++
 .../hive/udf/KyuubiDefinedFunctionSuite.scala | 70 +++++++++++++++++++
 4 files changed, 107 insertions(+)
 create mode 100644 docs/extensions/engines/hive/functions.md
 create mode 100644 externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala

diff --git a/docs/extensions/engines/hive/functions.md b/docs/extensions/engines/hive/functions.md
new file mode 100644
index 000000000..24094ecce
--- /dev/null
+++ b/docs/extensions/engines/hive/functions.md
@@ -0,0 +1,30 @@
+<!--
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+<!-- DO NOT MODIFY THIS FILE DIRECTLY, IT IS AUTO-GENERATED BY [org.apache.kyuubi.engine.hive.udf.KyuubiDefinedFunctionSuite] -->
+
+# Auxiliary SQL Functions
+
+Kyuubi provides several auxiliary SQL functions as supplement to Hive's [Built-in Functions](https://cwiki.apache.org/confluence/display/hive/languagemanual+udf#LanguageManualUDF-Built-inFunctions)
+
+|      Name      |             Description             | Return Type | Since |
+|----------------|-------------------------------------|-------------|-------|
+| kyuubi_version | Return the version of Kyuubi Server | string      | 1.8.0 |
+| engine_name    | Return the name of engine           | string      | 1.8.0 |
+| engine_id      | Return the id of engine             | string      | 1.8.0 |
+| system_user    | Return the system user              | string      | 1.8.0 |
+| session_user   | Return the session user             | string      | 1.8.0 |
+
diff --git a/docs/extensions/engines/hive/index.rst b/docs/extensions/engines/hive/index.rst
index 8aeebf1bc..f43ec11e0 100644
--- a/docs/extensions/engines/hive/index.rst
+++ b/docs/extensions/engines/hive/index.rst
@@ -20,6 +20,7 @@ Extensions for Hive
     :maxdepth: 2
 
     ../../../connector/hive/index
+    functions
 
 .. warning::
    This page is still in-progress.
diff --git a/externals/kyuubi-hive-sql-engine/pom.xml b/externals/kyuubi-hive-sql-engine/pom.xml
index 6af94abe5..a6a28a958 100644
--- a/externals/kyuubi-hive-sql-engine/pom.xml
+++ b/externals/kyuubi-hive-sql-engine/pom.xml
@@ -163,6 +163,12 @@
             <artifactId>HikariCP</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>com.vladsch.flexmark</groupId>
+            <artifactId>flexmark-all</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
new file mode 100644
index 000000000..2a7bfdfc2
--- /dev/null
+++ b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.hive.udf
+
+import java.nio.file.Paths
+
+import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
+
+// scalastyle:off line.size.limit
+/**
+ * End-to-end test cases for configuration doc file
+ * The golden result file is "docs/sql/functions.md".
+ *
+ * To run the entire test suite:
+ * {{{
+ *   build/mvn clean test -pl externals/kyuubi-hive-sql-engine -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.engine.hive.udf.KyuubiDefinedFunctionSuite
+ * }}}
+ *
+ * To re-generate golden files for entire suite, run:
+ * {{{
+ *   KYUUBI_UPDATE=1 build/mvn clean test -pl externals/kyuubi-hive-sql-engine -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.engine.hive.udf.KyuubiDefinedFunctionSuite
+ * }}}
+ */
+// scalastyle:on line.size.limit
+class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
+
+  private val kyuubiHome: String = Utils.getCodeSourceLocation(getClass)
+    .split("kyuubi-hive-sql-engine")(0)
+  private val markdown =
+    Paths.get(kyuubiHome, "..", "docs", "extensions", "engines", "hive", "functions.md")
+      .toAbsolutePath
+
+  test("verify or update kyuubi hive sql functions") {
+    val builder = MarkdownBuilder(licenced = true, getClass.getName)
+
+    builder
+      .line("# Auxiliary SQL Functions")
+      .line("""Kyuubi provides several auxiliary SQL functions as supplement to Hive's
+        | [Built-in Functions](https://cwiki.apache.org/confluence/display/hive/languagemanual+udf#
+        |LanguageManualUDF-Built-inFunctions)""")
+      .lines("""
+        | Name | Description | Return Type | Since
+        | --- | --- | --- | ---
+        |""")
+    KDFRegistry.registeredFunctions.foreach { func =>
+      builder.line(s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}")
+    }
+
+    MarkdownUtils.verifyOutput(
+      markdown,
+      builder,
+      getClass.getCanonicalName,
+      "externals/kyuubi-hive-sql-engine")
+  }
+}

From dccb0fe970816cfaf7fecd3cf94eaad063bd6867 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 3 Aug 2023 19:24:39 +0800
Subject: [PATCH 540/760] [KYUUBI #5131] Create index on
 `metastore`.`create_time`

### _Why are the changes needed?_

In Batch implementation v2, the following query is frequently executed to pick the job.
```
SELECT identifier FROM metadata WHERE state='INITIALIZED' ORDER BY create_time DESC LIMIT 1
```
Create an index for `create_time` could speed up the query and reduce the pressure on MySQL server.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

Test the MySQL upgrading SQLs

```
mysql> CREATE TABLE IF NOT EXISTS metadata(
    ->     key_id bigint PRIMARY KEY AUTO_INCREMENT COMMENT 'the auto increment key id',
    ->     identifier varchar(36) NOT NULL COMMENT 'the identifier id, which is an UUID',
    ->     session_type varchar(32) NOT NULL COMMENT 'the session type, SQL or BATCH',
    ->     real_user varchar(255) NOT NULL COMMENT 'the real user',
    ->     user_name varchar(255) NOT NULL COMMENT 'the user name, might be a proxy user',
    ->     ip_address varchar(128) COMMENT 'the client ip address',
    ->     kyuubi_instance varchar(1024) NOT NULL COMMENT 'the kyuubi instance that creates this',
    ->     state varchar(128) NOT NULL COMMENT 'the session state',
    ->     resource varchar(1024) COMMENT 'the main resource',
    ->     class_name varchar(1024) COMMENT 'the main class name',
    ->     request_name varchar(1024) COMMENT 'the request name',
    ->     request_conf mediumtext COMMENT 'the request config map',
    ->     request_args mediumtext COMMENT 'the request arguments',
    ->     create_time BIGINT NOT NULL COMMENT 'the metadata create time',
    ->     engine_type varchar(32) NOT NULL COMMENT 'the engine type',
    ->     cluster_manager varchar(128) COMMENT 'the engine cluster manager',
    ->     engine_open_time bigint COMMENT 'the engine open time',
    ->     engine_id varchar(128) COMMENT 'the engine application id',
    ->     engine_name mediumtext COMMENT 'the engine application name',
    ->     engine_url varchar(1024) COMMENT 'the engine tracking url',
    ->     engine_state varchar(32) COMMENT 'the engine application state',
    ->     engine_error mediumtext COMMENT 'the engine application diagnose',
    ->     end_time bigint COMMENT 'the metadata end time',
    ->     peer_instance_closed boolean default '0' COMMENT 'closed by peer kyuubi instance',
    ->     UNIQUE INDEX unique_identifier_index(identifier),
    ->     INDEX user_name_index(user_name),
    ->     INDEX engine_type_index(engine_type)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
Query OK, 0 rows affected (0.03 sec)

mysql> ALTER TABLE metadata MODIFY kyuubi_instance varchar(1024) COMMENT 'the kyuubi instance that creates this';
Query OK, 0 rows affected (0.06 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> ALTER TABLE metadata ADD INDEX create_time_index(create_time);
Query OK, 0 rows affected (0.03 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> show create table metadata;
+----------+--------------------------------------------------------------------------------+
| Table    | Create Table                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+----------+--------------------------------------------------------------------------------+
| metadata | CREATE TABLE `metadata` (
  `key_id` bigint NOT NULL AUTO_INCREMENT COMMENT 'the auto increment key id',
  `identifier` varchar(36) NOT NULL COMMENT 'the identifier id, which is an UUID',
  `session_type` varchar(32) NOT NULL COMMENT 'the session type, SQL or BATCH',
  `real_user` varchar(255) NOT NULL COMMENT 'the real user',
  `user_name` varchar(255) NOT NULL COMMENT 'the user name, might be a proxy user',
  `ip_address` varchar(128) DEFAULT NULL COMMENT 'the client ip address',
  `kyuubi_instance` varchar(1024) DEFAULT NULL COMMENT 'the kyuubi instance that creates this',
  `state` varchar(128) NOT NULL COMMENT 'the session state',
  `resource` varchar(1024) DEFAULT NULL COMMENT 'the main resource',
  `class_name` varchar(1024) DEFAULT NULL COMMENT 'the main class name',
  `request_name` varchar(1024) DEFAULT NULL COMMENT 'the request name',
  `request_conf` mediumtext COMMENT 'the request config map',
  `request_args` mediumtext COMMENT 'the request arguments',
  `create_time` bigint NOT NULL COMMENT 'the metadata create time',
  `engine_type` varchar(32) NOT NULL COMMENT 'the engine type',
  `cluster_manager` varchar(128) DEFAULT NULL COMMENT 'the engine cluster manager',
  `engine_open_time` bigint DEFAULT NULL COMMENT 'the engine open time',
  `engine_id` varchar(128) DEFAULT NULL COMMENT 'the engine application id',
  `engine_name` mediumtext COMMENT 'the engine application name',
  `engine_url` varchar(1024) DEFAULT NULL COMMENT 'the engine tracking url',
  `engine_state` varchar(32) DEFAULT NULL COMMENT 'the engine application state',
  `engine_error` mediumtext COMMENT 'the engine application diagnose',
  `end_time` bigint DEFAULT NULL COMMENT 'the metadata end time',
  `peer_instance_closed` tinyint(1) DEFAULT '0' COMMENT 'closed by peer kyuubi instance',
  PRIMARY KEY (`key_id`),
  UNIQUE KEY `unique_identifier_index` (`identifier`),
  KEY `user_name_index` (`user_name`),
  KEY `engine_type_index` (`engine_type`),
  KEY `create_time_index` (`create_time`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci |
+----------+--------------------------------------------------------------------------------+
```

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5131 from pan3793/metastore-create-time-index.

Closes #5131

fc18041f2 [Cheng Pan] ALTER TABLE ADD INDEX
c2261edb2 [Cheng Pan] update upgrade script
4f94be5ca [Cheng Pan] Create index on metastore.create_time

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/resources/sql/derby/004-KYUUBI-5131.derby.sql     | 1 +
 .../resources/sql/derby/metadata-store-schema-1.8.0.derby.sql  | 2 ++
 .../main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql  | 1 +
 .../src/main/resources/sql/mysql/004-KYUUBI-5131.mysql.sql     | 3 +++
 .../resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql  | 3 ++-
 .../main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql  | 1 +
 .../sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql          | 2 ++
 7 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-server/src/main/resources/sql/derby/004-KYUUBI-5131.derby.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/mysql/004-KYUUBI-5131.mysql.sql

diff --git a/kyuubi-server/src/main/resources/sql/derby/004-KYUUBI-5131.derby.sql b/kyuubi-server/src/main/resources/sql/derby/004-KYUUBI-5131.derby.sql
new file mode 100644
index 000000000..6a3142ffd
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/derby/004-KYUUBI-5131.derby.sql
@@ -0,0 +1 @@
+CREATE INDEX metadata_create_time_index ON metadata(create_time);
diff --git a/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql b/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
index b4a66d8d6..8d333bda2 100644
--- a/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
+++ b/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
@@ -34,3 +34,5 @@ CREATE UNIQUE INDEX metadata_unique_identifier_index ON metadata(identifier);
 CREATE INDEX metadata_user_name_index ON metadata(user_name);
 
 CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
+
+CREATE INDEX metadata_create_time_index ON metadata(create_time);
diff --git a/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql b/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql
index b9e6cff91..234510665 100644
--- a/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql
+++ b/kyuubi-server/src/main/resources/sql/derby/upgrade-1.7.0-to-1.8.0.derby.sql
@@ -1 +1,2 @@
 RUN '003-KYUUBI-5078.derby.sql';
+RUN '004-KYUUBI-5131.derby.sql';
diff --git a/kyuubi-server/src/main/resources/sql/mysql/004-KYUUBI-5131.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/004-KYUUBI-5131.mysql.sql
new file mode 100644
index 000000000..e743fc3d7
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/mysql/004-KYUUBI-5131.mysql.sql
@@ -0,0 +1,3 @@
+SELECT '< KYUUBI-5131: Create index on metastore.create_time' AS ' ';
+
+ALTER TABLE metadata ADD INDEX create_time_index(create_time);
diff --git a/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
index 4c86fbf76..77df8fa05 100644
--- a/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
+++ b/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
@@ -27,5 +27,6 @@ CREATE TABLE IF NOT EXISTS metadata(
     peer_instance_closed boolean default '0' COMMENT 'closed by peer kyuubi instance',
     UNIQUE INDEX unique_identifier_index(identifier),
     INDEX user_name_index(user_name),
-    INDEX engine_type_index(engine_type)
+    INDEX engine_type_index(engine_type),
+    INDEX create_time_index(create_time)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
index a3a4bcdf1..473997448 100644
--- a/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
+++ b/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
@@ -1,3 +1,4 @@
 SELECT '< Upgrading MetaStore schema from 1.7.0 to 1.8.0 >' AS ' ';
 SOURCE 003-KYUUBI-5078.mysql.sql;
+SOURCE 004-KYUUBI-5131.mysql.sql;
 SELECT '< Finished upgrading MetaStore schema from 1.7.0 to 1.8.0 >' AS ' ';
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
index 6df7405be..656de6e5d 100644
--- a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
@@ -32,3 +32,5 @@ CREATE UNIQUE INDEX IF NOT EXISTS metadata_unique_identifier_index ON metadata(i
 CREATE INDEX IF NOT EXISTS metadata_user_name_index ON metadata(user_name);
 
 CREATE INDEX IF NOT EXISTS metadata_engine_type_index ON metadata(engine_type);
+
+CREATE INDEX IF NOT EXISTS metadata_create_time_index ON metadata(create_time);

From f41a8e5b3dc4b443c988a0867e4b315e8767c0e5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 3 Aug 2023 19:27:31 +0800
Subject: [PATCH 541/760] [KYUUBI #5129] KyuubiBeeline should redirect JDK
 logging

### _Why are the changes needed?_

Otherwise we can not see JDK logs like Krb5.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5129 from pan3793/beeline-log.

Closes #5129

100094823 [Cheng Pan] KyuubiBeeline should redirect JDK logging

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-hive-beeline/pom.xml                      |  5 +++++
 .../org/apache/hive/beeline/KyuubiBeeLine.java   | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/kyuubi-hive-beeline/pom.xml b/kyuubi-hive-beeline/pom.xml
index 7a841f082..ff14e7839 100644
--- a/kyuubi-hive-beeline/pom.xml
+++ b/kyuubi-hive-beeline/pom.xml
@@ -161,6 +161,11 @@
             <artifactId>log4j-slf4j-impl</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jul-to-slf4j</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
diff --git a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
index 50a0c133a..224cbb3ce 100644
--- a/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
+++ b/kyuubi-hive-beeline/src/main/java/org/apache/hive/beeline/KyuubiBeeLine.java
@@ -30,6 +30,22 @@
 import org.apache.kyuubi.util.reflect.DynMethods;
 
 public class KyuubiBeeLine extends BeeLine {
+
+  static {
+    try {
+      // We use reflection here to handle the case where users remove the
+      // slf4j-to-jul bridge order to route their logs to JUL.
+      Class<?> bridgeClass = Class.forName("org.slf4j.bridge.SLF4JBridgeHandler");
+      bridgeClass.getMethod("removeHandlersForRootLogger").invoke(null);
+      boolean installed = (boolean) bridgeClass.getMethod("isInstalled").invoke(null);
+      if (!installed) {
+        bridgeClass.getMethod("install").invoke(null);
+      }
+    } catch (ReflectiveOperationException cnf) {
+      // can't log anything yet so just fail silently
+    }
+  }
+
   public static final String KYUUBI_BEELINE_DEFAULT_JDBC_DRIVER =
       "org.apache.kyuubi.jdbc.KyuubiHiveDriver";
   protected KyuubiCommands commands = new KyuubiCommands(this);

From 7bc0dbf9321a61a646133750b92f22b2bfb34160 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 3 Aug 2023 19:29:02 +0800
Subject: [PATCH 542/760] [KYUUBI #5130] Allow setting Zookeeper SPN using
 Kyuubi configuration

### _Why are the changes needed?_

One of the basic ideas of Kerberos authentication is that the Client MUST provide the Server Principal Name (SPN).

[ZOOKEEPER-1467](https://issues.apache.org/jira/browse/ZOOKEEPER-1467) (fixed in 3.6.0, 3.5.7) allows to configure Zookeeper SPN at the client side.

Previously, there is no way but only `-Dzookeeper.server.principal=zookeeper/_HOSTREALM` to set ZK SPN, this PR allows the user to set it via Kyuubi configuration `kyuubi.ha.zookeeper.auth.serverPrincipal`.

In default, if `zookeeper.server.principal` is not configured, it assumes that the Zookeeper server uses `zookeeper/_HOST<SAME_REALM_WITH_CLIENT_PRINCIPAL>`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5130 from pan3793/zk-spn.

Closes #5130

6f0a1bbdc [Cheng Pan] doc
290e172aa [Cheng Pan] docs
a43b0c67a [Cheng Pan] nit
9a33446b7 [Cheng Pan] Allow set Zookeeper server principal

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   | 53 ++++++++++---------
 .../kyuubi/ha/HighAvailabilityConf.scala      | 31 +++++++----
 .../zookeeper/ZookeeperClientProvider.scala   |  8 ++-
 3 files changed, 54 insertions(+), 38 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index b1b8af143..91c68824c 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -262,32 +262,33 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Ha
 
-|                      Key                       |                            Default                             |                                                                                                      Meaning                                                                                                       |   Type   | Since |
-|------------------------------------------------|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.ha.addresses                                                                                            || The connection string for the discovery ensemble                                                                                                                                                                   | string   | 1.6.0 |
-| kyuubi.ha.client.class                         | org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient | Class name for service discovery client.<ul> <li>Zookeeper: org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient</li> <li>Etcd: org.apache.kyuubi.ha.client.etcd.EtcdDiscoveryClient</li></ul>           | string   | 1.6.0 |
-| kyuubi.ha.etcd.lease.timeout                   | PT10S                                                          | Timeout for etcd keep alive lease. The kyuubi server will know the unexpected loss of engine after up to this seconds.                                                                                             | duration | 1.6.0 |
-| kyuubi.ha.etcd.ssl.ca.path                     | &lt;undefined&gt;                                              | Where the etcd CA certificate file is stored.                                                                                                                                                                      | string   | 1.6.0 |
-| kyuubi.ha.etcd.ssl.client.certificate.path     | &lt;undefined&gt;                                              | Where the etcd SSL certificate file is stored.                                                                                                                                                                     | string   | 1.6.0 |
-| kyuubi.ha.etcd.ssl.client.key.path             | &lt;undefined&gt;                                              | Where the etcd SSL key file is stored.                                                                                                                                                                             | string   | 1.6.0 |
-| kyuubi.ha.etcd.ssl.enabled                     | false                                                          | When set to true, will build an SSL secured etcd client.                                                                                                                                                           | boolean  | 1.6.0 |
-| kyuubi.ha.namespace                            | kyuubi                                                         | The root directory for the service to deploy its instance uri                                                                                                                                                      | string   | 1.6.0 |
-| kyuubi.ha.zookeeper.acl.enabled                | false                                                          | Set to true if the ZooKeeper ensemble is kerberized                                                                                                                                                                | boolean  | 1.0.0 |
-| kyuubi.ha.zookeeper.auth.digest                | &lt;undefined&gt;                                              | The digest auth string is used for ZooKeeper authentication, like: username:password.                                                                                                                              | string   | 1.3.2 |
-| kyuubi.ha.zookeeper.auth.keytab                | &lt;undefined&gt;                                              | Location of the Kyuubi server's keytab is used for ZooKeeper authentication.                                                                                                                                       | string   | 1.3.2 |
-| kyuubi.ha.zookeeper.auth.principal             | &lt;undefined&gt;                                              | Name of the Kerberos principal is used for ZooKeeper authentication.                                                                                                                                               | string   | 1.3.2 |
-| kyuubi.ha.zookeeper.auth.type                  | NONE                                                           | The type of ZooKeeper authentication, all candidates are <ul><li>NONE</li><li> KERBEROS</li><li> DIGEST</li></ul>                                                                                                  | string   | 1.3.2 |
-| kyuubi.ha.zookeeper.connection.base.retry.wait | 1000                                                           | Initial amount of time to wait between retries to the ZooKeeper ensemble                                                                                                                                           | int      | 1.0.0 |
-| kyuubi.ha.zookeeper.connection.max.retries     | 3                                                              | Max retry times for connecting to the ZooKeeper ensemble                                                                                                                                                           | int      | 1.0.0 |
-| kyuubi.ha.zookeeper.connection.max.retry.wait  | 30000                                                          | Max amount of time to wait between retries for BOUNDED_EXPONENTIAL_BACKOFF policy can reach, or max time until elapsed for UNTIL_ELAPSED policy to connect the zookeeper ensemble                                  | int      | 1.0.0 |
-| kyuubi.ha.zookeeper.connection.retry.policy    | EXPONENTIAL_BACKOFF                                            | The retry policy for connecting to the ZooKeeper ensemble, all candidates are: <ul><li>ONE_TIME</li><li> N_TIME</li><li> EXPONENTIAL_BACKOFF</li><li> BOUNDED_EXPONENTIAL_BACKOFF</li><li> UNTIL_ELAPSED</li></ul> | string   | 1.0.0 |
-| kyuubi.ha.zookeeper.connection.timeout         | 15000                                                          | The timeout(ms) of creating the connection to the ZooKeeper ensemble                                                                                                                                               | int      | 1.0.0 |
-| kyuubi.ha.zookeeper.engine.auth.type           | NONE                                                           | The type of ZooKeeper authentication for the engine, all candidates are <ul><li>NONE</li><li> KERBEROS</li><li> DIGEST</li></ul>                                                                                   | string   | 1.3.2 |
-| kyuubi.ha.zookeeper.namespace                  | kyuubi                                                         | (deprecated) The root directory for the service to deploy its instance uri                                                                                                                                         | string   | 1.0.0 |
-| kyuubi.ha.zookeeper.node.creation.timeout      | PT2M                                                           | Timeout for creating ZooKeeper node                                                                                                                                                                                | duration | 1.2.0 |
-| kyuubi.ha.zookeeper.publish.configs            | false                                                          | When set to true, publish Kerberos configs to Zookeeper. Note that the Hive driver needs to be greater than 1.3 or 2.0 or apply HIVE-11581 patch.                                                                  | boolean  | 1.4.0 |
-| kyuubi.ha.zookeeper.quorum                                                                                     || (deprecated) The connection string for the ZooKeeper ensemble                                                                                                                                                      | string   | 1.0.0 |
-| kyuubi.ha.zookeeper.session.timeout            | 60000                                                          | The timeout(ms) of a connected session to be idled                                                                                                                                                                 | int      | 1.0.0 |
+|                      Key                       |                            Default                             |                                                                                                         Meaning                                                                                                          |   Type   | Since |
+|------------------------------------------------|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.ha.addresses                                                                                            || The connection string for the discovery ensemble                                                                                                                                                                         | string   | 1.6.0 |
+| kyuubi.ha.client.class                         | org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient | Class name for service discovery client.<ul> <li>Zookeeper: org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient</li> <li>Etcd: org.apache.kyuubi.ha.client.etcd.EtcdDiscoveryClient</li></ul>                 | string   | 1.6.0 |
+| kyuubi.ha.etcd.lease.timeout                   | PT10S                                                          | Timeout for etcd keep alive lease. The kyuubi server will know the unexpected loss of engine after up to this seconds.                                                                                                   | duration | 1.6.0 |
+| kyuubi.ha.etcd.ssl.ca.path                     | &lt;undefined&gt;                                              | Where the etcd CA certificate file is stored.                                                                                                                                                                            | string   | 1.6.0 |
+| kyuubi.ha.etcd.ssl.client.certificate.path     | &lt;undefined&gt;                                              | Where the etcd SSL certificate file is stored.                                                                                                                                                                           | string   | 1.6.0 |
+| kyuubi.ha.etcd.ssl.client.key.path             | &lt;undefined&gt;                                              | Where the etcd SSL key file is stored.                                                                                                                                                                                   | string   | 1.6.0 |
+| kyuubi.ha.etcd.ssl.enabled                     | false                                                          | When set to true, will build an SSL secured etcd client.                                                                                                                                                                 | boolean  | 1.6.0 |
+| kyuubi.ha.namespace                            | kyuubi                                                         | The root directory for the service to deploy its instance uri                                                                                                                                                            | string   | 1.6.0 |
+| kyuubi.ha.zookeeper.acl.enabled                | false                                                          | Set to true if the ZooKeeper ensemble is kerberized                                                                                                                                                                      | boolean  | 1.0.0 |
+| kyuubi.ha.zookeeper.auth.digest                | &lt;undefined&gt;                                              | The digest auth string is used for ZooKeeper authentication, like: username:password.                                                                                                                                    | string   | 1.3.2 |
+| kyuubi.ha.zookeeper.auth.keytab                | &lt;undefined&gt;                                              | Location of the Kyuubi server's keytab that is used for ZooKeeper authentication.                                                                                                                                        | string   | 1.3.2 |
+| kyuubi.ha.zookeeper.auth.principal             | &lt;undefined&gt;                                              | Kerberos principal name that is used for ZooKeeper authentication.                                                                                                                                                       | string   | 1.3.2 |
+| kyuubi.ha.zookeeper.auth.serverPrincipal       | &lt;undefined&gt;                                              | Kerberos principal name of ZooKeeper Server. It only takes effect when Zookeeper client's version at least 3.5.7 or 3.6.0 or applies ZOOKEEPER-1467. To use Zookeeper 3.6 client, compile Kyuubi with `-Pzookeeper-3.6`. | string   | 1.8.0 |
+| kyuubi.ha.zookeeper.auth.type                  | NONE                                                           | The type of ZooKeeper authentication, all candidates are <ul><li>NONE</li><li> KERBEROS</li><li> DIGEST</li></ul>                                                                                                        | string   | 1.3.2 |
+| kyuubi.ha.zookeeper.connection.base.retry.wait | 1000                                                           | Initial amount of time to wait between retries to the ZooKeeper ensemble                                                                                                                                                 | int      | 1.0.0 |
+| kyuubi.ha.zookeeper.connection.max.retries     | 3                                                              | Max retry times for connecting to the ZooKeeper ensemble                                                                                                                                                                 | int      | 1.0.0 |
+| kyuubi.ha.zookeeper.connection.max.retry.wait  | 30000                                                          | Max amount of time to wait between retries for BOUNDED_EXPONENTIAL_BACKOFF policy can reach, or max time until elapsed for UNTIL_ELAPSED policy to connect the zookeeper ensemble                                        | int      | 1.0.0 |
+| kyuubi.ha.zookeeper.connection.retry.policy    | EXPONENTIAL_BACKOFF                                            | The retry policy for connecting to the ZooKeeper ensemble, all candidates are: <ul><li>ONE_TIME</li><li> N_TIME</li><li> EXPONENTIAL_BACKOFF</li><li> BOUNDED_EXPONENTIAL_BACKOFF</li><li> UNTIL_ELAPSED</li></ul>       | string   | 1.0.0 |
+| kyuubi.ha.zookeeper.connection.timeout         | 15000                                                          | The timeout(ms) of creating the connection to the ZooKeeper ensemble                                                                                                                                                     | int      | 1.0.0 |
+| kyuubi.ha.zookeeper.engine.auth.type           | NONE                                                           | The type of ZooKeeper authentication for the engine, all candidates are <ul><li>NONE</li><li> KERBEROS</li><li> DIGEST</li></ul>                                                                                         | string   | 1.3.2 |
+| kyuubi.ha.zookeeper.namespace                  | kyuubi                                                         | (deprecated) The root directory for the service to deploy its instance uri                                                                                                                                               | string   | 1.0.0 |
+| kyuubi.ha.zookeeper.node.creation.timeout      | PT2M                                                           | Timeout for creating ZooKeeper node                                                                                                                                                                                      | duration | 1.2.0 |
+| kyuubi.ha.zookeeper.publish.configs            | false                                                          | When set to true, publish Kerberos configs to Zookeeper. Note that the Hive driver needs to be greater than 1.3 or 2.0 or apply HIVE-11581 patch.                                                                        | boolean  | 1.4.0 |
+| kyuubi.ha.zookeeper.quorum                                                                                     || (deprecated) The connection string for the ZooKeeper ensemble                                                                                                                                                            | string   | 1.0.0 |
+| kyuubi.ha.zookeeper.session.timeout            | 60000                                                          | The timeout(ms) of a connected session to be idled                                                                                                                                                                       | int      | 1.0.0 |
 
 ### Kinit
 
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
index eba069da2..28305ac52 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
@@ -91,22 +91,33 @@ object HighAvailabilityConf {
       .checkValues(AuthTypes.values.map(_.toString))
       .createWithDefault(AuthTypes.NONE.toString)
 
+  val HA_ZK_AUTH_SERVER_PRINCIPAL: OptionalConfigEntry[String] =
+    buildConf("kyuubi.ha.zookeeper.auth.serverPrincipal")
+      .doc("Kerberos principal name of ZooKeeper Server. It only takes effect when " +
+        "Zookeeper client's version at least 3.5.7 or 3.6.0 or applies ZOOKEEPER-1467. " +
+        "To use Zookeeper 3.6 client, compile Kyuubi with `-Pzookeeper-3.6`.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
   val HA_ZK_AUTH_PRINCIPAL: ConfigEntry[Option[String]] =
     buildConf("kyuubi.ha.zookeeper.auth.principal")
-      .doc("Name of the Kerberos principal is used for ZooKeeper authentication.")
+      .doc("Kerberos principal name that is used for ZooKeeper authentication.")
       .version("1.3.2")
       .fallbackConf(KyuubiConf.SERVER_PRINCIPAL)
 
-  val HA_ZK_AUTH_KEYTAB: ConfigEntry[Option[String]] = buildConf("kyuubi.ha.zookeeper.auth.keytab")
-    .doc("Location of the Kyuubi server's keytab is used for ZooKeeper authentication.")
-    .version("1.3.2")
-    .fallbackConf(KyuubiConf.SERVER_KEYTAB)
+  val HA_ZK_AUTH_KEYTAB: ConfigEntry[Option[String]] =
+    buildConf("kyuubi.ha.zookeeper.auth.keytab")
+      .doc("Location of the Kyuubi server's keytab that is used for ZooKeeper authentication.")
+      .version("1.3.2")
+      .fallbackConf(KyuubiConf.SERVER_KEYTAB)
 
-  val HA_ZK_AUTH_DIGEST: OptionalConfigEntry[String] = buildConf("kyuubi.ha.zookeeper.auth.digest")
-    .doc("The digest auth string is used for ZooKeeper authentication, like: username:password.")
-    .version("1.3.2")
-    .stringConf
-    .createOptional
+  val HA_ZK_AUTH_DIGEST: OptionalConfigEntry[String] =
+    buildConf("kyuubi.ha.zookeeper.auth.digest")
+      .doc("The digest auth string is used for ZooKeeper authentication, like: username:password.")
+      .version("1.3.2")
+      .stringConf
+      .createOptional
 
   val HA_ZK_CONN_MAX_RETRIES: ConfigEntry[Int] =
     buildConf("kyuubi.ha.zookeeper.connection.max.retries")
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
index eaffedd12..d0749c8d9 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperClientProvider.scala
@@ -108,7 +108,11 @@ object ZookeeperClientProvider extends Logging {
           throw new IOException(s"${HA_ZK_AUTH_KEYTAB.key}: $keytab does not exists")
         }
         System.setProperty("zookeeper.sasl.clientconfig", "KyuubiZooKeeperClient")
-        val serverPrincipal = KyuubiHadoopUtils.getServerPrincipal(principal)
+        conf.get(HA_ZK_AUTH_SERVER_PRINCIPAL).foreach { zkServerPrincipal =>
+          // ZOOKEEPER-1467 allows configuring SPN in client
+          System.setProperty("zookeeper.server.principal", zkServerPrincipal)
+        }
+        val zkClientPrincipal = KyuubiHadoopUtils.getServerPrincipal(principal)
         // HDFS-16591 makes breaking change on JaasConfiguration
         val jaasConf = DynConstructors.builder()
           .impl( // Hadoop 3.3.5 and above
@@ -124,7 +128,7 @@ object ZookeeperClientProvider extends Logging {
             classOf[String],
             classOf[String])
           .build[Configuration]()
-          .newInstance("KyuubiZooKeeperClient", serverPrincipal, keytab)
+          .newInstance("KyuubiZooKeeperClient", zkClientPrincipal, keytab)
         Configuration.setConfiguration(jaasConf)
       case _ =>
     }

From ba99744b091de27fbd35e06b0fe603c07383da0f Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 4 Aug 2023 09:50:56 +0800
Subject: [PATCH 543/760] [KYUUBI #3374] Support password authentication for
 Trino engine

### _Why are the changes needed?_

Support SSL for trino engine.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3374 from hddong/support-trino-password.

Closes #3374

f39daaf78 [Cheng Pan] improve
6308c4cf7 [hongdongdong] Support SSL for trino engine

Lead-authored-by: Cheng Pan <chengpan@apache.org>
Co-authored-by: hongdongdong <hongdd@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/settings.md                   |  7 +++
 .../trino/session/TrinoSessionImpl.scala      | 57 ++++++++++++++-----
 .../org/apache/kyuubi/config/KyuubiConf.scala | 49 ++++++++++++++++
 .../engine/trino/TrinoProcessBuilder.scala    | 17 +++++-
 4 files changed, 115 insertions(+), 15 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 91c68824c..a2750fc7c 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -176,6 +176,13 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.7.0 |
 | kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.7.0 |
 | kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not visible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.7.1 |
+| kyuubi.engine.trino.connection.keystore.password         | &lt;undefined&gt;         | The keystore password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.keystore.path             | &lt;undefined&gt;         | The keystore path used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.keystore.type             | &lt;undefined&gt;         | The keystore type used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.password                  | &lt;undefined&gt;         | The password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.truststore.password       | &lt;undefined&gt;         | The truststore password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.truststore.path           | &lt;undefined&gt;         | The truststore path used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.truststore.type           | &lt;undefined&gt;         | The truststore type used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
 | kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
 | kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
 | kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index 42b21fc29..362ee3ed0 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -24,6 +24,7 @@ import java.util.concurrent.TimeUnit
 
 import io.airlift.units.Duration
 import io.trino.client.ClientSession
+import io.trino.client.OkHttpUtil
 import okhttp3.OkHttpClient
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 
@@ -46,14 +47,18 @@ class TrinoSessionImpl(
     sessionManager: SessionManager)
   extends AbstractSession(protocol, user, password, ipAddress, conf, sessionManager) {
 
+  val sessionConf: KyuubiConf = sessionManager.getConf
+
   override val handle: SessionHandle =
     conf.get(KYUUBI_SESSION_HANDLE_KEY).map(SessionHandle.fromUUID).getOrElse(SessionHandle())
 
+  private val username: String = sessionConf
+    .getOption(KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY).getOrElse(currentUser)
+
   var trinoContext: TrinoContext = _
   private var clientSession: ClientSession = _
   private var catalogName: String = _
   private var databaseName: String = _
-
   private val sessionEvent = TrinoSessionEvent(this)
 
   override def open(): Unit = {
@@ -66,34 +71,27 @@ class TrinoSessionImpl(
       case (USE_CATALOG, catalog) => catalogName = catalog
       case (USE_DATABASE, database) => databaseName = database
     }
-
-    val httpClient = new OkHttpClient.Builder().build()
+    if (catalogName == null) {
+      catalogName = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_CATALOG)
+        .getOrElse(throw KyuubiSQLException("Trino default catalog can not be null!"))
+    }
 
     clientSession = createClientSession()
-    trinoContext = TrinoContext(httpClient, clientSession)
+    trinoContext = TrinoContext(createHttpClient(), clientSession)
 
     super.open()
     EventBus.post(sessionEvent)
   }
 
   private def createClientSession(): ClientSession = {
-    val sessionConf = sessionManager.getConf
     val connectionUrl = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_URL).getOrElse(
       throw KyuubiSQLException("Trino server url can not be null!"))
 
-    if (catalogName == null) {
-      catalogName = sessionConf.get(
-        KyuubiConf.ENGINE_TRINO_CONNECTION_CATALOG).getOrElse(
-        throw KyuubiSQLException("Trino default catalog can not be null!"))
-    }
-
-    val user = sessionConf
-      .getOption(KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY).getOrElse(currentUser)
     val clientRequestTimeout = sessionConf.get(TrinoConf.CLIENT_REQUEST_TIMEOUT)
 
     new ClientSession(
       URI.create(connectionUrl),
-      user,
+      username,
       Optional.empty(),
       "kyuubi",
       Optional.empty(),
@@ -114,6 +112,37 @@ class TrinoSessionImpl(
       true)
   }
 
+  private def createHttpClient(): OkHttpClient = {
+    val keystorePath = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_PATH)
+    val keystorePassword = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_PASSWORD)
+    val keystoreType = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_TYPE)
+    val truststorePath = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_PATH)
+    val truststorePassword = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_PASSWORD)
+    val truststoreType = sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_TYPE)
+
+    val serverScheme = clientSession.getServer.getScheme
+
+    val builder = new OkHttpClient.Builder()
+
+    OkHttpUtil.setupSsl(
+      builder,
+      Optional.ofNullable(keystorePath.orNull),
+      Optional.ofNullable(keystorePassword.orNull),
+      Optional.ofNullable(keystoreType.orNull),
+      Optional.ofNullable(truststorePath.orNull),
+      Optional.ofNullable(truststorePassword.orNull),
+      Optional.ofNullable(truststoreType.orNull))
+
+    sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_PASSWORD).foreach { password =>
+      require(
+        serverScheme.equalsIgnoreCase("https"),
+        "Trino engine using username/password requires HTTPS to be enabled")
+      builder.addInterceptor(OkHttpUtil.basicAuth(username, password))
+    }
+
+    builder.build()
+  }
+
   override protected def runOperation(operation: Operation): OperationHandle = {
     sessionEvent.totalOperations += 1
     super.runOperation(operation)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 175bf79c6..2de7abf89 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1341,6 +1341,55 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
+  val ENGINE_TRINO_CONNECTION_PASSWORD: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.password")
+      .doc("The password used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_TRINO_CONNECTION_KEYSTORE_PATH: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.keystore.path")
+      .doc("The keystore path used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_TRINO_CONNECTION_KEYSTORE_PASSWORD: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.keystore.password")
+      .doc("The keystore password used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_TRINO_CONNECTION_KEYSTORE_TYPE: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.keystore.type")
+      .doc("The keystore type used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_TRINO_CONNECTION_TRUSTSTORE_PATH: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.truststore.path")
+      .doc("The truststore path used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_TRINO_CONNECTION_TRUSTSTORE_PASSWORD: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.truststore.password")
+      .doc("The truststore password used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val ENGINE_TRINO_CONNECTION_TRUSTSTORE_TYPE: OptionalConfigEntry[String] =
+    buildConf("kyuubi.engine.trino.connection.truststore.type")
+      .doc("The truststore type used for connecting to trino cluster")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
   val ENGINE_TRINO_SHOW_PROGRESS: ConfigEntry[Boolean] =
     buildConf("kyuubi.session.engine.trino.showProgress")
       .doc("When true, show the progress bar and final info in the Trino engine log.")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/trino/TrinoProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/trino/TrinoProcessBuilder.scala
index 7b68e464a..041219dd0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/trino/TrinoProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/trino/TrinoProcessBuilder.scala
@@ -27,6 +27,7 @@ import scala.collection.mutable.ArrayBuffer
 import com.google.common.annotations.VisibleForTesting
 
 import org.apache.kyuubi.{Logging, SCALA_COMPILE_VERSION, Utils}
+import org.apache.kyuubi.Utils.REDACTION_REPLACEMENT_TEXT
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
@@ -108,5 +109,19 @@ class TrinoProcessBuilder(
 
   override def shortName: String = "trino"
 
-  override def toString: String = Utils.redactCommandLineArgs(conf, commands).mkString("\n")
+  override def toString: String = {
+    if (commands == null) {
+      super.toString()
+    } else {
+      Utils.redactCommandLineArgs(conf, commands).map {
+        case arg if arg.contains(ENGINE_TRINO_CONNECTION_PASSWORD.key) =>
+          s"${ENGINE_TRINO_CONNECTION_PASSWORD.key}=$REDACTION_REPLACEMENT_TEXT"
+        case arg if arg.contains(ENGINE_TRINO_CONNECTION_KEYSTORE_PASSWORD.key) =>
+          s"${ENGINE_TRINO_CONNECTION_KEYSTORE_PASSWORD.key}=$REDACTION_REPLACEMENT_TEXT"
+        case arg if arg.contains(ENGINE_TRINO_CONNECTION_TRUSTSTORE_PASSWORD.key) =>
+          s"${ENGINE_TRINO_CONNECTION_TRUSTSTORE_PASSWORD.key}=$REDACTION_REPLACEMENT_TEXT"
+        case arg => arg
+      }.mkString("\n")
+    }
+  }
 }

From 007fc477b7d724851bb555aabf69324e8b1cb53d Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Fri, 4 Aug 2023 09:58:11 +0800
Subject: [PATCH 544/760] [KYUUBI #5105][Bug] getColumns gets duplicate column
 names when Spark integrates with Iceberg

### _Why are the changes needed?_

close #5105

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5128 from lsm1/features/kyuubi_5105.

Closes #5105

84be7fd6d [senmiaoliu] distinct default namespace

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
index e05e8731d..18a14494e 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/util/SparkCatalogUtils.scala
@@ -137,7 +137,7 @@ object SparkCatalogUtils extends Logging {
     listAllNamespaces(catalog).filter { ns =>
       val quoted = ns.map(quoteIfNeeded).mkString(".")
       schemaPattern.r.pattern.matcher(quoted).matches()
-    }.distinct
+    }.map(_.toList).toList.distinct.map(_.toArray).toArray
   }
 
   private def getSchemasWithPattern(catalog: CatalogPlugin, schemaPattern: String): Seq[String] = {

From f74a70550e05e59213a92285d6bc9f18ae1ae198 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 4 Aug 2023 14:09:11 +0800
Subject: [PATCH 545/760] [KYUUBI #5127] [DOC] Improvements for markdown
 builder

### _Why are the changes needed?_

- use `ListBuffer` instead of `ArrayBuffer` for inner string buffer, to minimize allocations for resizing
- handy `+=` operator in chaining style without explicit quotes, to make the user focus on content assembly and less distraction of quoting
- make `MarkdownBuilder` extending `Growable`, to utilize semantic operators like `+=` and `++=` which is unified inside for single or batch operation
- use `this +=` rather than `line(...)` , to reflect side effects in semantic way
- change list to stream for output comparison
- remove unused methods

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5127 from bowenliang123/md-buff.

Closes #5127

458e18c3d [liangbowen] Improvements for markdown builder

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../hive/udf/KyuubiDefinedFunctionSuite.scala |  13 +-
 .../udf/KyuubiDefinedFunctionSuite.scala      |  13 +-
 .../org/apache/kyuubi/MarkdownUtils.scala     |  88 ++++------
 .../config/AllKyuubiConfiguration.scala       | 161 ++++++++----------
 4 files changed, 117 insertions(+), 158 deletions(-)

diff --git a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
index 2a7bfdfc2..f76eefe84 100644
--- a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
@@ -48,17 +48,16 @@ class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
   test("verify or update kyuubi hive sql functions") {
     val builder = MarkdownBuilder(licenced = true, getClass.getName)
 
-    builder
-      .line("# Auxiliary SQL Functions")
-      .line("""Kyuubi provides several auxiliary SQL functions as supplement to Hive's
+    builder += "# Auxiliary SQL Functions" +=
+      """Kyuubi provides several auxiliary SQL functions as supplement to Hive's
         | [Built-in Functions](https://cwiki.apache.org/confluence/display/hive/languagemanual+udf#
-        |LanguageManualUDF-Built-inFunctions)""")
-      .lines("""
+        |LanguageManualUDF-Built-inFunctions)""" ++=
+      """
         | Name | Description | Return Type | Since
         | --- | --- | --- | ---
-        |""")
+        |"""
     KDFRegistry.registeredFunctions.foreach { func =>
-      builder.line(s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}")
+      builder += s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}"
     }
 
     MarkdownUtils.verifyOutput(
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
index 566126bb4..72f0a198b 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
@@ -48,17 +48,16 @@ class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
   test("verify or update kyuubi spark sql functions") {
     val builder = MarkdownBuilder(licenced = true, getClass.getName)
 
-    builder
-      .line("# Auxiliary SQL Functions")
-      .line("""Kyuubi provides several auxiliary SQL functions as supplement to Spark's
+    builder += "# Auxiliary SQL Functions" +=
+      """Kyuubi provides several auxiliary SQL functions as supplement to Spark's
         | [Built-in Functions](https://spark.apache.org/docs/latest/api/sql/index.html#
-        |built-in-functions)""")
-      .lines("""
+        |built-in-functions)""" ++=
+      """
         | Name | Description | Return Type | Since
         | --- | --- | --- | ---
-        |""")
+        |"""
     KDFRegistry.registeredFunctions.foreach { func =>
-      builder.line(s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}")
+      builder += s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}"
     }
 
     MarkdownUtils.verifyOutput(
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
index 805913343..06c948903 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
@@ -21,7 +21,8 @@ import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, StandardOpenOption}
 
 import scala.collection.JavaConverters._
-import scala.collection.mutable.ArrayBuffer
+import scala.collection.generic.Growable
+import scala.collection.mutable.ListBuffer
 
 import com.vladsch.flexmark.formatter.Formatter
 import com.vladsch.flexmark.parser.{Parser, ParserEmulationProfile, PegdownExtensions}
@@ -37,7 +38,7 @@ object MarkdownUtils {
       newOutput: MarkdownBuilder,
       agent: String,
       module: String): Unit = {
-    val formatted = newOutput.formatMarkdown()
+    val formatted = newOutput.toMarkdown
     if (System.getenv("KYUUBI_UPDATE") == "1") {
       Files.write(
         markdown,
@@ -45,41 +46,33 @@ object MarkdownUtils {
         StandardOpenOption.CREATE,
         StandardOpenOption.TRUNCATE_EXISTING)
     } else {
-      val linesInFile = Files.readAllLines(markdown, StandardCharsets.UTF_8)
-      linesInFile.asScala.zipWithIndex.zip(formatted).foreach { case ((str1, index), str2) =>
-        withClue(s"$markdown out of date, as line ${index + 1} is not expected." +
-          " Please update doc with KYUUBI_UPDATE=1 build/mvn clean test" +
-          s" -pl $module -am -Pflink-provided,spark-provided,hive-provided" +
-          s" -Dtest=none -DwildcardSuites=$agent ") {
-          assertResult(str2)(str1)
+      Files.readAllLines(markdown, StandardCharsets.UTF_8).asScala.toStream
+        .zipWithIndex.zip(formatted).foreach { case ((lineInFile, lineIndex), formattedLine) =>
+          withClue(
+            s""" The markdown file ($markdown:${lineIndex + 1}) is out of date.
+               | Please update doc with KYUUBI_UPDATE=1 build/mvn clean test
+               | -pl $module -am -Pflink-provided,spark-provided,hive-provided
+               | -Dtest=none -DwildcardSuites=$agent \n""".stripMargin) {
+            assertResult(formattedLine)(lineInFile)
+          }
         }
-      }
     }
   }
-
-  def line(str: String): String = {
-    str.stripMargin.linesIterator.mkString
-  }
-
-  def appendBlankLine(buffer: ArrayBuffer[String]): Unit = buffer += ""
-
-  def appendFileContent(buffer: ArrayBuffer[String], path: Path): Unit = {
-    buffer += "```bash"
-    buffer ++= Files.readAllLines(path).asScala
-    buffer += "```"
-  }
 }
 
-class MarkdownBuilder {
-  private val buffer = new ArrayBuffer[String]()
+class MarkdownBuilder extends Growable[String] {
+  private val buffer = new ListBuffer[String]
+
+  override def clear: Unit = buffer.clear
 
   /**
    * append a single line
    * with replacing EOL to empty string
+   *
    * @param str single line
    * @return
    */
-  def line(str: String = ""): MarkdownBuilder = {
+  override def +=(str: String): MarkdownBuilder.this.type = {
     buffer += str.stripMargin.linesIterator.mkString
     this
   }
@@ -87,12 +80,13 @@ class MarkdownBuilder {
   /**
    * append the multiline
    * with splitting EOL into single lines
-   * @param multiline multiline with default line margin "|"
+   *
+   * @param multiline multiline with line margin char
+   * @param marginChar margin char,  default to "|"
    * @return
    */
-  def lines(multiline: String): MarkdownBuilder = {
-    buffer ++= multiline.stripMargin.linesIterator
-    this
+  def ++=(multiline: String, marginChar: Char = '|'): MarkdownBuilder = {
+    this ++= multiline.stripMargin(marginChar).linesIterator
   }
 
   /**
@@ -100,7 +94,7 @@ class MarkdownBuilder {
    * @return
    */
   def licence(): MarkdownBuilder = {
-    lines("""
+    this ++= """
         |<!--
         |- Licensed to the Apache Software Foundation (ASF) under one or more
         |- contributor license agreements.  See the NOTICE file distributed with
@@ -117,7 +111,7 @@ class MarkdownBuilder {
         |- See the License for the specific language governing permissions and
         |- limitations under the License.
         |-->
-        |""")
+        |"""
   }
 
   /**
@@ -126,36 +120,14 @@ class MarkdownBuilder {
    * @return
    */
   def generationHint(className: String): MarkdownBuilder = {
-    lines(s"""
+    this ++=
+      s"""
         |<!-- DO NOT MODIFY THIS FILE DIRECTLY, IT IS AUTO-GENERATED BY [$className] -->
         |
-        |""")
-  }
-
-  /**
-   * append file content
-   * @param path file path
-   * @return
-   */
-  def file(path: Path): MarkdownBuilder = {
-    buffer ++= Files.readAllLines(path).asScala
-    this
-  }
-
-  /**
-   * append file content with code block quote
-   * @param path path to file
-   * @param language language of codeblock
-   * @return
-   */
-  def fileWithBlock(path: Path, language: String = "bash"): MarkdownBuilder = {
-    buffer += s"```$language"
-    file(path)
-    buffer += "```"
-    this
+        |"""
   }
 
-  def formatMarkdown(): Stream[String] = {
+  def toMarkdown: Stream[String] = {
     def createParserOptions(emulationProfile: ParserEmulationProfile): MutableDataHolder = {
       PegdownOptionsAdapter.flexmarkOptions(PegdownExtensions.ALL).toMutable
         .set(Parser.PARSER_EMULATION_PROFILE, emulationProfile)
@@ -175,7 +147,7 @@ class MarkdownBuilder {
     val parser = Parser.builder(parserOptions).build
     val renderer = Formatter.builder(formatterOptions).build
     val document = parser.parse(buffer.mkString(EOL))
-    val formattedLines = new ArrayBuffer[String](buffer.length)
+    val formattedLines = new ListBuffer[String]
     val formattedLinesAppendable = new Appendable {
       override def append(csq: CharSequence): Appendable = {
         if (csq.length() > 0) {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 9fff482d4..5dde9f935 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -62,165 +62,154 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
 
     val builder = MarkdownBuilder(licenced = true, getClass.getName)
 
-    builder
-      .lines(s"""
+    builder ++=
+      s"""
          |# Introduction to the Kyuubi Configurations System
          |
          |Kyuubi provides several ways to configure the system and corresponding engines.
          |
          |## Environments
          |
-         |""")
-      .line("""You can configure the environment variables in `$KYUUBI_HOME/conf/kyuubi-env.sh`,
+         |""" +=
+      """You can configure the environment variables in `$KYUUBI_HOME/conf/kyuubi-env.sh`,
          | e.g, `JAVA_HOME`, then this java runtime will be used both for Kyuubi server instance and
          | the applications it launches. You can also change the variable in the subprocess's env
          | configuration file, e.g.`$SPARK_HOME/conf/spark-env.sh` to use more specific ENV for
          | SQL engine applications. see `$KYUUBI_HOME/conf/kyuubi-env.sh.template` as an example.
-         | """)
-      .line(
-        """
-        | For the environment variables that only needed to be transferred into engine
+         | """ +=
+      """ For the environment variables that only needed to be transferred into engine
         | side, you can set it with a Kyuubi configuration item formatted
         | `kyuubi.engineEnv.VAR_NAME`. For example, with `kyuubi.engineEnv.SPARK_DRIVER_MEMORY=4g`,
         | the environment variable `SPARK_DRIVER_MEMORY` with value `4g` would be transferred into
         | engine side. With `kyuubi.engineEnv.SPARK_CONF_DIR=/apache/confs/spark/conf`, the
         | value of `SPARK_CONF_DIR` on the engine side is set to `/apache/confs/spark/conf`.
-        | """)
-      .line("## Kyuubi Configurations")
-      .line(""" You can configure the Kyuubi properties in
+        | """ += "## Kyuubi Configurations" +=
+      """ You can configure the Kyuubi properties in
          | `$KYUUBI_HOME/conf/kyuubi-defaults.conf`, see
          | `$KYUUBI_HOME/conf/kyuubi-defaults.conf.template` as an example.
-         | """)
+         | """
 
     KyuubiConf.getConfigEntries().asScala
       .toStream
       .filterNot(_.internal)
       .groupBy(_.key.split("\\.")(1))
       .toSeq.sortBy(_._1).foreach { case (category, entries) =>
-        builder.lines(
+        builder ++=
           s"""### ${category.capitalize}
              | Key | Default | Meaning | Type | Since
              | --- | --- | --- | --- | ---
-             |""")
+             |"""
 
         entries.sortBy(_.key).foreach { c =>
           val dft = c.defaultValStr.replace("<", "&lt;").replace(">", "&gt;")
-          builder.line(Seq(
+          builder += Seq(
             s"${c.key}",
             s"$dft",
             s"${c.doc}",
             s"${c.typ}",
-            s"${c.version}").mkString("|"))
+            s"${c.version}").mkString("|")
         }
       }
 
-    builder
-      .lines("""
-        |## Spark Configurations
+    builder ++=
+      """## Spark Configurations
         |### Via spark-defaults.conf
-        |""")
-      .line("""
-        | Setting them in `$SPARK_HOME/conf/spark-defaults.conf`
+        |""" +=
+      """ Setting them in `$SPARK_HOME/conf/spark-defaults.conf`
         | supplies with default values for SQL engine application. Available properties can be
         | found at Spark official online documentation for
         | [Spark Configurations](https://spark.apache.org/docs/latest/configuration.html)
-        | """)
-      .line("### Via kyuubi-defaults.conf")
-      .line("""
-        | Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
+        | """ +=
+      "### Via kyuubi-defaults.conf" +=
+      """ Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
         | supplies with default values for SQL engine application too. These properties will
-        | override all settings in `$SPARK_HOME/conf/spark-defaults.conf`""")
-      .line("### Via JDBC Connection URL")
-      .line("""
-        | Setting them in the JDBC Connection URL
+        | override all settings in `$SPARK_HOME/conf/spark-defaults.conf`""" +=
+      "### Via JDBC Connection URL" +=
+      """ Setting them in the JDBC Connection URL
         | supplies session-specific for each SQL engine. For example:
         | ```
         |jdbc:hive2://localhost:10009/default;#
         |spark.sql.shuffle.partitions=2;spark.executor.memory=5g
-        |```""")
-      .line()
-      .line("- **Runtime SQL Configuration**")
-      .line("""  - For [Runtime SQL Configurations](
+        |```
+        |""" +=
+      "" +=
+      "- **Runtime SQL Configuration**" +=
+      """  - For [Runtime SQL Configurations](
         |https://spark.apache.org/docs/latest/configuration.html#runtime-sql-configuration), they
-        | will take affect every time""")
-      .line("- **Static SQL and Spark Core Configuration**")
-      .line("""  - For [Static SQL Configurations](
+        | will take affect every time""" +=
+      "- **Static SQL and Spark Core Configuration**" +=
+      """  - For [Static SQL Configurations](
         |https://spark.apache.org/docs/latest/configuration.html#static-sql-configuration) and
         | other spark core configs, e.g. `spark.executor.memory`, they will take effect if there
-        | is no existing SQL engine application. Otherwise, they will just be ignored""")
-      .line("### Via SET Syntax")
-      .line("""Please refer to the Spark official online documentation for
+        | is no existing SQL engine application. Otherwise, they will just be ignored
+        | """ +=
+      "### Via SET Syntax" +=
+      """Please refer to the Spark official online documentation for
         | [SET Command](https://spark.apache.org/docs/latest/sql-ref-syntax-aux-conf-mgmt-set.html)
-        |""")
+        |"""
 
-    builder
-      .lines("""
-        |## Flink Configurations
-        |### Via flink-conf.yaml""")
-      .line("""Setting them in `$FLINK_HOME/conf/flink-conf.yaml`
+    builder ++=
+      """## Flink Configurations
+        |### Via flink-conf.yaml""" += """Setting them in `$FLINK_HOME/conf/flink-conf.yaml`
+        |
         | supplies with default values for SQL engine application.
         | Available properties can be found at Flink official online documentation for
         | [Flink Configurations]
-        |(https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/)""")
-      .line("### Via kyuubi-defaults.conf")
-      .line("""Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
+        |(https://nightlies.apache.org/flink/flink-docs-stable/docs/deployment/config/)""" +=
+      "### Via kyuubi-defaults.conf" +=
+      """Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
         | supplies with default values for SQL engine application too.
         | You can use properties with the additional prefix `flink.` to override settings in
-        | `$FLINK_HOME/conf/flink-conf.yaml`.""")
-      .lines("""
-        |
+        | `$FLINK_HOME/conf/flink-conf.yaml`.""" ++=
+      """
         |For example:
         |```
         |flink.parallelism.default 2
         |flink.taskmanager.memory.process.size 5g
-        |```""")
-      .line("""The below options in `kyuubi-defaults.conf` will set `parallelism.default: 2`
-        | and `taskmanager.memory.process.size: 5g` into flink configurations.""")
-      .line("### Via JDBC Connection URL")
-      .line("""Setting them in the JDBC Connection URL supplies session-specific
+        |```""" +=
+      """The below options in `kyuubi-defaults.conf` will set `parallelism.default: 2`
+        | and `taskmanager.memory.process.size: 5g` into flink configurations.""" +=
+      "### Via JDBC Connection URL" +=
+      """Setting them in the JDBC Connection URL supplies session-specific
         | for each SQL engine. For example: ```jdbc:hive2://localhost:10009/default;
         |#parallelism.default=2;taskmanager.memory.process.size=5g```
-        |""")
-      .line("### Via SET Statements")
-      .line("""Please refer to the Flink official online documentation for [SET Statements]
-        |(https://nightlies.apache.org/flink/flink-docs-stable/docs/dev/table/sql/set/)""")
-
-    builder
-      .line("## Logging")
-      .line("""Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging.
+        |""" +=
+      "### Via SET Statements" +=
+      """Please refer to the Flink official online documentation for [SET Statements]
+        |(https://nightlies.apache.org/flink/flink-docs-stable/docs/dev/table/sql/set/)"""
+
+    builder += "## Logging" +=
+      """Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging.
         | You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`, see
         | `$KYUUBI_HOME/conf/log4j2.xml.template` as an example.
-        | """)
+        | """
 
-    builder
-      .lines("""
-        |## Other Configurations
+    builder ++=
+      """## Other Configurations
         |### Hadoop Configurations
-        |""")
-      .line("""Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration
+        |""" +=
+      """Specifying `HADOOP_CONF_DIR` to the directory containing Hadoop configuration
         | files or treating them as Spark properties with a `spark.hadoop.` prefix.
         | Please refer to the Spark official online documentation for
         | [Inheriting Hadoop Cluster Configuration](https://spark.apache.org/docs/latest/
         |configuration.html#inheriting-hadoop-cluster-configuration).
         | Also, please refer to the [Apache Hadoop](https://hadoop.apache.org)'s
-        | online documentation for an overview on how to configure Hadoop.""")
-      .line("### Hive Configurations")
-      .line("""These configurations are used for SQL engine application to talk to
+        | online documentation for an overview on how to configure Hadoop.""" +=
+      "### Hive Configurations" +=
+      """These configurations are used for SQL engine application to talk to
         | Hive MetaStore and could be configured in a `hive-site.xml`.
         | Placed it in `$SPARK_HOME/conf` directory, or treat them as Spark properties with
-        | a `spark.hadoop.` prefix.""")
+        | a `spark.hadoop.` prefix."""
 
-    builder
-      .line("## User Defaults")
-      .line("""In Kyuubi, we can configure user default settings to meet separate needs.
+    builder += "## User Defaults" +=
+      """In Kyuubi, we can configure user default settings to meet separate needs.
         | These user defaults override system defaults, but will be overridden by those from
         | [JDBC Connection URL](#via-jdbc-connection-url) or [Set Command](#via-set-syntax)
-        | if could be. They will take effect when creating the SQL engine application ONLY.""")
-      .line("""User default settings are in the form of `___{username}___.{config key}`.
+        | if could be. They will take effect when creating the SQL engine application ONLY.""" +=
+      """User default settings are in the form of `___{username}___.{config key}`.
         | There are three continuous underscores(`_`) at both sides of the `username` and
-        | a dot(`.`) that separates the config key and the prefix. For example:""")
-      .lines("""
-        |```bash
+        | a dot(`.`) that separates the config key and the prefix. For example:""" ++=
+      """```bash
         |# For system defaults
         |spark.master=local
         |spark.sql.adaptive.enabled=true
@@ -232,13 +221,13 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
         |___bob___.spark.executor.memory=8g
         |```
         |
-        |""")
-      .line("""In the above case, if there are related configurations from
+        |""" +=
+      """In the above case, if there are related configurations from
         | [JDBC Connection URL](#via-jdbc-connection-url), `kent` will run his SQL engine
         | application on YARN and prefer the Spark AQE to be off, while `bob` will activate
         | his SQL engine application on a Spark standalone cluster with 8g heap memory for each
         | executor and obey the Spark AQE behavior of Kyuubi system default. On the other hand,
-        | for those users who do not have custom configurations will use system defaults.""")
+        | for those users who do not have custom configurations will use system defaults."""
 
     MarkdownUtils.verifyOutput(markdown, builder, getClass.getCanonicalName, "kyuubi-server")
   }

From 9a001c8d7cb50c0c68884c7c6f7ab0b12bb6c657 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 7 Aug 2023 13:33:50 +0800
Subject: [PATCH 546/760] [KYUUBI #5120] [JDBC] Allow using session's user and
 password for connecting database in JDBC engine

### _Why are the changes needed?_

- allow using the session's user/password to connect database in the JDBC engine
- it is allowed to be applied on any share level of engines, since every kyuubi session maintains a dedicated JDBC connection in the current implementation

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5120 from bowenliang123/jdbc-user.

Closes #5120

7b8ebd137 [liangbowen] Use session's user and password to connect to database in JDBC engine

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/deployment/settings.md                        |  1 +
 .../engine/jdbc/session/JdbcSessionImpl.scala      | 14 ++++++++++++--
 .../org/apache/kyuubi/config/KyuubiConf.scala      |  7 +++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index a2750fc7c..7ce3c2d4b 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -148,6 +148,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.hive.memory                                | 1g                        | The heap memory for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
 | kyuubi.engine.initialize.sql                             | SHOW DATABASES            | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SHOW DATABASES` to eagerly active HiveClient. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.2.0 |
 | kyuubi.engine.jdbc.connection.password                   | &lt;undefined&gt;         | The password is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.propagateCredential        | false                     | Whether to use the session's user and password to connect to database                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | boolean  | 1.8.0 |
 | kyuubi.engine.jdbc.connection.properties                                            || The additional properties are used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | seq      | 1.6.0 |
 | kyuubi.engine.jdbc.connection.provider                   | &lt;undefined&gt;         | The connection provider is used for getting a connection from the server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
 | kyuubi.engine.jdbc.connection.url                        | &lt;undefined&gt;         | The server url that engine will connect to                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
index 5acae8f24..8b36e5a56 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/session/JdbcSessionImpl.scala
@@ -23,7 +23,8 @@ import scala.util.{Failure, Success, Try}
 import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TProtocolVersion}
 
 import org.apache.kyuubi.KyuubiSQLException
-import org.apache.kyuubi.config.KyuubiConf.ENGINE_JDBC_SESSION_INITIALIZE_SQL
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_HANDLE_KEY
 import org.apache.kyuubi.engine.jdbc.connection.ConnectionProvider
 import org.apache.kyuubi.engine.jdbc.util.KyuubiJdbcUtils
@@ -45,7 +46,16 @@ class JdbcSessionImpl(
 
   private var databaseMetaData: DatabaseMetaData = _
 
-  private val kyuubiConf = sessionManager.getConf
+  private val kyuubiConf: KyuubiConf = normalizeConf
+
+  private def normalizeConf: KyuubiConf = {
+    val kyuubiConf = sessionManager.getConf.clone
+    if (kyuubiConf.get(ENGINE_JDBC_CONNECTION_PROPAGATECREDENTIAL)) {
+      kyuubiConf.set(ENGINE_JDBC_CONNECTION_USER, user)
+      kyuubiConf.set(ENGINE_JDBC_CONNECTION_PASSWORD, password)
+    }
+    kyuubiConf
+  }
 
   override def open(): Unit = {
     info(s"Starting to open jdbc session.")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 2de7abf89..b4102d267 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2706,6 +2706,13 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
+  val ENGINE_JDBC_CONNECTION_PROPAGATECREDENTIAL: ConfigEntry[Boolean] =
+    buildConf("kyuubi.engine.jdbc.connection.propagateCredential")
+      .doc("Whether to use the session's user and password to connect to database")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
   val ENGINE_JDBC_CONNECTION_USER: OptionalConfigEntry[String] =
     buildConf("kyuubi.engine.jdbc.connection.user")
       .doc("The user is used for connecting to server")

From 35716347196fa041e9ccbe02df3bcff455af4438 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 7 Aug 2023 18:14:01 +0800
Subject: [PATCH 547/760] [KYUUBI #5135] [Minor] Exclude web-ui coverage
 reports in rat plugins

### _Why are the changes needed?_

- To avoid the generated web-ui's coverage report files triggering Rat plugin checks on Maven
```
[WARNING] Files with unapproved licenses:
  kyuubi-server/web-ui/coverage/index.html
  kyuubi-server/web-ui/coverage/locales/en_US/index.html
  kyuubi-server/web-ui/coverage/locales/zh_CN/index.html
...
[ERROR] Failed to execute goal org.apache.rat:apache-rat-plugin:0.15:check (default) on project kyuubi-parent: Too many files with unapproved license: 21 See RAT report in: /kyuubi/target/rat.txt ->
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5135 from bowenliang123/rat-exclude.

Closes #5135

1ec4411cb [liangbowen] add web-ui/coverage/* to rat exclusions

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .rat-excludes | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.rat-excludes b/.rat-excludes
index 356fafccd..5735ba69b 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -53,6 +53,7 @@ build/scala-*/**
 **/*.sqlite.sql
 **/node/**
 **/web-ui/dist/**
+**/web-ui/coverage/**
 **/pnpm-lock.yaml
 **/node_modules/**
 **/gen/*

From 0a04f083942d86c29b67e2dcbfc0fc0961a166dc Mon Sep 17 00:00:00 2001
From: Deng An <packyande@gmail.com>
Date: Tue, 8 Aug 2023 15:15:23 +0800
Subject: [PATCH 548/760] [KYUUBI #5055] [Authz] Support building function
 privileges in Spark 3.4

### _Why are the changes needed?_

Add support for function privileges building in 3.4 for #4167

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5055 from packyan/PR_4167_follow_up_support_spark_3.4.

Closes #5055

46fe89e01 [Deng An] add support for function privileges building in 3.4

Authored-by: Deng An <packyande@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/authz/PrivilegesBuilder.scala       | 26 +++++++++++++------
 .../plugin/spark/authz/serde/Function.scala   |  4 +--
 .../authz/serde/functionExtractors.scala      | 24 +++++++++--------
 .../authz/serde/functionTypeExtractors.scala  |  6 ++---
 .../FunctionPrivilegesBuilderSuite.scala      |  5 ----
 5 files changed, 36 insertions(+), 29 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index b2fa89909..08dc49d49 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -220,15 +220,25 @@ object PrivilegesBuilder {
       plan: LogicalPlan,
       spark: SparkSession): PrivilegesAndOpType = {
     val inputObjs = new ArrayBuffer[PrivilegeObject]
-    // TODO: add support for Spark 3.4.x
-    plan transformAllExpressions {
-      case hiveFunction: Expression if isKnownFunction(hiveFunction) =>
-        val functionSpec: ScanSpec = getFunctionSpec(hiveFunction)
-        if (functionSpec.functionDescs.exists(!_.functionTypeDesc.get.skip(hiveFunction, spark))) {
-          functionSpec.functions(hiveFunction).foreach(func =>
-            inputObjs += PrivilegeObject(func))
+    plan match {
+      case command: Command if isKnownTableCommand(command) =>
+        val spec = getTableCommandSpec(command)
+        val functionPrivAndOpType = spec.queries(plan)
+          .map(plan => buildFunctions(plan, spark))
+        functionPrivAndOpType.map(_._1)
+          .reduce(_ ++ _)
+          .foreach(functionPriv => inputObjs += functionPriv)
+
+      case plan => plan transformAllExpressions {
+          case hiveFunction: Expression if isKnownFunction(hiveFunction) =>
+            val functionSpec: ScanSpec = getFunctionSpec(hiveFunction)
+            if (functionSpec.functionDescs
+                .exists(!_.functionTypeDesc.get.skip(hiveFunction, spark))) {
+              functionSpec.functions(hiveFunction).foreach(func =>
+                inputObjs += PrivilegeObject(func))
+            }
+            hiveFunction
         }
-        hiveFunction
     }
     (inputObjs, Seq.empty, OperationType.QUERY)
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Function.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Function.scala
index b7a0010b4..ba19972ed 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Function.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Function.scala
@@ -21,8 +21,8 @@ package org.apache.kyuubi.plugin.spark.authz.serde
  * :: Developer API ::
  *
  * Represents a function identity
- *
+ * @param catalog
  * @param database
  * @param functionName
  */
-case class Function(database: Option[String], functionName: String)
+case class Function(catalog: Option[String], database: Option[String], functionName: String)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
index 729521200..bcd5f2665 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionExtractors.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 import org.apache.spark.sql.catalyst.FunctionIdentifier
 import org.apache.spark.sql.catalyst.expressions.ExpressionInfo
 
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionFromQualifiedName
 
 trait FunctionExtractor extends (AnyRef => Function) with Extractor
 
@@ -29,13 +29,16 @@ object FunctionExtractor {
     loadExtractorsToMap[FunctionExtractor]
   }
 
-  def buildFunctionIdentFromQualifiedName(qualifiedName: String): (String, Option[String]) = {
-    val parts: Array[String] = qualifiedName.split("\\.", 2)
-    if (parts.length == 1) {
-      (qualifiedName, None)
+  private[authz] def buildFunctionFromQualifiedName(qualifiedName: String): Function = {
+    val parts: Array[String] = qualifiedName.split("\\.")
+    val (catalog, database, functionName) = if (parts.length == 3) {
+      (Some(parts.head), Some(parts.tail.head), parts.last)
+    } else if (parts.length == 2) {
+      (None, Some(parts.head), parts.last)
     } else {
-      (parts.last, Some(parts.head))
+      (None, None, qualifiedName)
     }
+    Function(catalog, database, functionName)
   }
 }
 
@@ -44,7 +47,7 @@ object FunctionExtractor {
  */
 class StringFunctionExtractor extends FunctionExtractor {
   override def apply(v1: AnyRef): Function = {
-    Function(None, v1.asInstanceOf[String])
+    Function(None, None, v1.asInstanceOf[String])
   }
 }
 
@@ -54,8 +57,7 @@ class StringFunctionExtractor extends FunctionExtractor {
 class QualifiedNameStringFunctionExtractor extends FunctionExtractor {
   override def apply(v1: AnyRef): Function = {
     val qualifiedName: String = v1.asInstanceOf[String]
-    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
-    Function(database, funcName)
+    buildFunctionFromQualifiedName(qualifiedName)
   }
 }
 
@@ -65,7 +67,7 @@ class QualifiedNameStringFunctionExtractor extends FunctionExtractor {
 class FunctionIdentifierFunctionExtractor extends FunctionExtractor {
   override def apply(v1: AnyRef): Function = {
     val identifier = v1.asInstanceOf[FunctionIdentifier]
-    Function(identifier.database, identifier.funcName)
+    Function(None, identifier.database, identifier.funcName)
   }
 }
 
@@ -75,6 +77,6 @@ class FunctionIdentifierFunctionExtractor extends FunctionExtractor {
 class ExpressionInfoFunctionExtractor extends FunctionExtractor {
   override def apply(v1: AnyRef): Function = {
     val info = v1.asInstanceOf[ExpressionInfo]
-    Function(Option(info.getDb), info.getName)
+    Function(None, Option(info.getDb), info.getName)
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
index a2c5b427f..c134b5018 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/functionTypeExtractors.scala
@@ -21,7 +21,7 @@ import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.FunctionIdentifier
 import org.apache.spark.sql.catalyst.catalog.SessionCatalog
 
-import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionIdentFromQualifiedName
+import org.apache.kyuubi.plugin.spark.authz.serde.FunctionExtractor.buildFunctionFromQualifiedName
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType.{FunctionType, PERMANENT, SYSTEM, TEMP}
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.getFunctionType
 
@@ -93,7 +93,7 @@ class FunctionNameFunctionTypeExtractor extends FunctionTypeExtractor {
   override def apply(v1: AnyRef, spark: SparkSession): FunctionType = {
     val catalog: SessionCatalog = spark.sessionState.catalog
     val qualifiedName: String = v1.asInstanceOf[String]
-    val (funcName, database) = buildFunctionIdentFromQualifiedName(qualifiedName)
-    getFunctionType(FunctionIdentifier(funcName, database), catalog)
+    val function = buildFunctionFromQualifiedName(qualifiedName)
+    getFunctionType(FunctionIdentifier(function.functionName, function.database), catalog)
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
index 7181a6760..ad4b57faa 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala
@@ -24,7 +24,6 @@ import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.SPARK_RUNTIME_VERSION
 
 abstract class FunctionPrivilegesBuilderSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll with BeforeAndAfterEach {
@@ -112,7 +111,6 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   override protected val catalogImpl: String = "hive"
 
   test("Function Call Query") {
-    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
       s"kyuubi_fun_2(value), " +
       s"${reusedDb}.kyuubi_fun_0(value), " +
@@ -132,7 +130,6 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   }
 
   test("Function Call Query with Quoted Name") {
-    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val plan = sql(s"SELECT `kyuubi_fun_1`('data'), " +
       s"`kyuubi_fun_2`(value), " +
       s"`${reusedDb}`.`kyuubi_fun_0`(value), " +
@@ -152,7 +149,6 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   }
 
   test("Simple Function Call Query") {
-    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val plan = sql(s"SELECT kyuubi_fun_1('data'), " +
       s"kyuubi_fun_0('value'), " +
       s"${reusedDb}.kyuubi_fun_0('value'), " +
@@ -172,7 +168,6 @@ class HiveFunctionPrivilegesBuilderSuite extends FunctionPrivilegesBuilderSuite
   }
 
   test("Function Call In CAST Command") {
-    assume(SPARK_RUNTIME_VERSION <= "3.3")
     val table = "castTable"
     withTable(table) { table =>
       val plan = sql(s"CREATE TABLE ${table} " +

From e644cd986c8f3b03335cc1335319645756107668 Mon Sep 17 00:00:00 2001
From: jarvis <liunaijie1996@163.com>
Date: Wed, 9 Aug 2023 16:39:44 +0800
Subject: [PATCH 549/760] [KYUUBI #5146] [DOC] Fix link of IntelliJ IDEA Setup
 Guide

### _Why are the changes needed?_

update error link

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5146 from liunaijie/master.

Closes #5146

9d07aa753 [jarvis] [Doc] update link

Authored-by: jarvis <liunaijie1996@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ef28d560e..dc9094b8b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -60,4 +60,4 @@ TBD, please be patient for the surprise.
 
 ## IDE Setup Guide
 
-[IntelliJ IDEA Setup Guide](https://kyuubi.readthedocs.io/en/master/develop_tools/idea_setup.html)
+[IntelliJ IDEA Setup Guide](https://kyuubi.readthedocs.io/en/master/contributing/code/idea_setup.html)

From bb671be2bd8cd8a29cb996a81b319daf4cfefd6c Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Wed, 9 Aug 2023 18:28:32 +0800
Subject: [PATCH 550/760] [KYUUBI #4925] Add default catalog using
 `spark_catalog` with the lineage result

### _Why are the changes needed?_

close #4925

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4932 from iodone/kyuubi-4868.

Closes #4925

ff3195772 [odone] remove the catalog with atlas supporting
fda2fe321 [odone] add default catalog to v1 table when parsing lineage

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../dispatcher/atlas/AtlasEntityHelper.scala  |  45 +-
 .../helper/SparkSQLLineageParseHelper.scala   |  49 +-
 .../spark/kyuubi/lineage/LineageConf.scala    |   3 +
 .../atlas/AtlasLineageDispatcherSuite.scala   |  33 +-
 .../events/OperationLineageEventSuite.scala   |  20 +-
 .../SparkSQLLineageParserHelperSuite.scala    | 591 ++++++++++--------
 6 files changed, 433 insertions(+), 308 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
index 9575b5258..cfa19b7aa 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasEntityHelper.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
 import scala.collection.JavaConverters._
 
 import org.apache.atlas.model.instance.{AtlasEntity, AtlasObjectId, AtlasRelatedObjectId}
-import org.apache.spark.kyuubi.lineage.SparkContextHelper
+import org.apache.spark.kyuubi.lineage.{LineageConf, SparkContextHelper}
 import org.apache.spark.sql.execution.QueryExecution
 
 import org.apache.kyuubi.plugin.lineage.Lineage
@@ -87,8 +87,9 @@ object AtlasEntityHelper {
 
       if (inputs.nonEmpty && outputs.nonEmpty) {
         val entity = new AtlasEntity(COLUMN_LINEAGE_TYPE)
+        val outputColumnName = buildColumnQualifiedName(columnLineage.column).get
         val qualifiedName =
-          s"${processEntity.getAttribute("qualifiedName")}:${columnLineage.column}"
+          s"${processEntity.getAttribute("qualifiedName")}:${outputColumnName}"
         entity.setAttribute("qualifiedName", qualifiedName)
         entity.setAttribute("name", qualifiedName)
         entity.setRelationshipAttribute("inputs", inputs.asJava)
@@ -104,33 +105,33 @@ object AtlasEntityHelper {
   }
 
   def tableObjectId(tableName: String): Option[AtlasObjectId] = {
-    val dbTb = tableName.split('.')
-    if (dbTb.length == 2) {
-      val qualifiedName = tableQualifiedName(cluster, dbTb(0), dbTb(1))
-      // TODO parse datasource type
-      Some(new AtlasObjectId(HIVE_TABLE_TYPE, "qualifiedName", qualifiedName))
-    } else {
-      None
-    }
+    buildTableQualifiedName(tableName)
+      .map(new AtlasObjectId(HIVE_TABLE_TYPE, "qualifiedName", _))
   }
 
-  def tableQualifiedName(cluster: String, db: String, table: String): String = {
-    s"${db.toLowerCase}.${table.toLowerCase}@$cluster"
+  def buildTableQualifiedName(tableName: String): Option[String] = {
+    val defaultCatalog = LineageConf.DEFAULT_CATALOG
+    tableName.split('.') match {
+      case Array(`defaultCatalog`, db, table) =>
+        Some(s"${db.toLowerCase}.${table.toLowerCase}@$cluster")
+      case _ =>
+        None
+    }
   }
 
   def columnObjectId(columnName: String): Option[AtlasObjectId] = {
-    val dbTbCol = columnName.split('.')
-    if (dbTbCol.length == 3) {
-      val qualifiedName = columnQualifiedName(cluster, dbTbCol(0), dbTbCol(1), dbTbCol(2))
-      // TODO parse datasource type
-      Some(new AtlasObjectId(HIVE_COLUMN_TYPE, "qualifiedName", qualifiedName))
-    } else {
-      None
-    }
+    buildColumnQualifiedName(columnName)
+      .map(new AtlasObjectId(HIVE_COLUMN_TYPE, "qualifiedName", _))
   }
 
-  def columnQualifiedName(cluster: String, db: String, table: String, column: String): String = {
-    s"${db.toLowerCase}.${table.toLowerCase}.${column.toLowerCase}@$cluster"
+  def buildColumnQualifiedName(columnName: String): Option[String] = {
+    val defaultCatalog = LineageConf.DEFAULT_CATALOG
+    columnName.split('.') match {
+      case Array(`defaultCatalog`, db, table, column) =>
+        Some(s"${db.toLowerCase}.${table.toLowerCase}.${column.toLowerCase}@$cluster")
+      case _ =>
+        None
+    }
   }
 
   def objectId(entity: AtlasEntity): AtlasObjectId = {
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index a5f805fa9..dad37eac5 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -199,7 +199,7 @@ trait LineageParser {
           } else {
             getQuery(plan)
           }
-        val view = getField[TableIdentifier](plan, "name").unquotedString
+        val view = getV1TableName(getField[TableIdentifier](plan, "name").unquotedString)
         extractColumnsLineage(query, parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$view.${k.name}") -> v
         }
@@ -207,7 +207,7 @@ trait LineageParser {
       case p
           if p.nodeName == "CreateViewCommand"
             && getField[ViewType](plan, "viewType") == PersistedView =>
-        val view = getField[TableIdentifier](plan, "name").unquotedString
+        val view = getV1TableName(getField[TableIdentifier](plan, "name").unquotedString)
         val outputCols =
           getField[Seq[(String, Option[String])]](plan, "userSpecifiedColumns").map(_._1)
         val query =
@@ -223,7 +223,7 @@ trait LineageParser {
         }
 
       case p if p.nodeName == "CreateDataSourceTableAsSelectCommand" =>
-        val table = getField[CatalogTable](plan, "table").qualifiedName
+        val table = getV1TableName(getField[CatalogTable](plan, "table").qualifiedName)
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -231,7 +231,7 @@ trait LineageParser {
       case p
           if p.nodeName == "CreateHiveTableAsSelectCommand" ||
             p.nodeName == "OptimizedCreateHiveTableAsSelectCommand" =>
-        val table = getField[CatalogTable](plan, "tableDesc").qualifiedName
+        val table = getV1TableName(getField[CatalogTable](plan, "tableDesc").qualifiedName)
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -259,7 +259,8 @@ trait LineageParser {
 
       case p if p.nodeName == "InsertIntoDataSourceCommand" =>
         val logicalRelation = getField[LogicalRelation](plan, "logicalRelation")
-        val table = logicalRelation.catalogTable.map(_.qualifiedName).getOrElse("")
+        val table = logicalRelation
+          .catalogTable.map(t => getV1TableName(t.qualifiedName)).getOrElse("")
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map {
           case (k, v) if table.nonEmpty =>
             k.withName(s"$table.${k.name}") -> v
@@ -267,7 +268,8 @@ trait LineageParser {
 
       case p if p.nodeName == "InsertIntoHadoopFsRelationCommand" =>
         val table =
-          getField[Option[CatalogTable]](plan, "catalogTable").map(_.qualifiedName)
+          getField[Option[CatalogTable]](plan, "catalogTable")
+            .map(t => getV1TableName(t.qualifiedName))
             .getOrElse("")
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map {
           case (k, v) if table.nonEmpty =>
@@ -286,7 +288,7 @@ trait LineageParser {
         }
 
       case p if p.nodeName == "InsertIntoHiveTable" =>
-        val table = getField[CatalogTable](plan, "table").qualifiedName
+        val table = getV1TableName(getField[CatalogTable](plan, "table").qualifiedName)
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -298,7 +300,7 @@ trait LineageParser {
           if p.nodeName == "AppendData"
             || p.nodeName == "OverwriteByExpression"
             || p.nodeName == "OverwritePartitionsDynamic" =>
-        val table = getField[NamedRelation](plan, "table").name
+        val table = getV2TableName(getField[NamedRelation](plan, "table"))
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>
           k.withName(s"$table.${k.name}") -> v
         }
@@ -409,22 +411,22 @@ trait LineageParser {
         joinColumnsLineage(parentColumnsLineage, childrenColumnsLineage)
 
       case p: LogicalRelation if p.catalogTable.nonEmpty =>
-        val tableName = p.catalogTable.get.qualifiedName
+        val tableName = getV1TableName(p.catalogTable.get.qualifiedName)
         joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(tableName))
 
       case p: HiveTableRelation =>
-        val tableName = p.tableMeta.qualifiedName
+        val tableName = getV1TableName(p.tableMeta.qualifiedName)
         joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(tableName))
 
       case p: DataSourceV2ScanRelation =>
-        val tableName = p.name
+        val tableName = getV2TableName(p)
         joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(tableName))
 
       // For creating the view from v2 table, the logical plan of table will
       // be the `DataSourceV2Relation` not the `DataSourceV2ScanRelation`.
       // because the view from the table is not going to read it.
       case p: DataSourceV2Relation =>
-        val tableName = p.name
+        val tableName = getV2TableName(p)
         joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(tableName))
 
       case p: LocalRelation =>
@@ -445,7 +447,7 @@ trait LineageParser {
       case p: View =>
         if (!p.isTempView && SparkContextHelper.getConf(
             LineageConf.SKIP_PARSING_PERMANENT_VIEW_ENABLED)) {
-          val viewName = p.desc.qualifiedName
+          val viewName = getV1TableName(p.desc.qualifiedName)
           joinRelationColumnLineage(parentColumnsLineage, p.output, Seq(viewName))
         } else {
           val viewColumnsLineage =
@@ -476,6 +478,27 @@ trait LineageParser {
   }
 
   private def getQuery(plan: LogicalPlan): LogicalPlan = getField[LogicalPlan](plan, "query")
+
+  private def getV2TableName(plan: NamedRelation): String = {
+    plan match {
+      case relation: DataSourceV2ScanRelation =>
+        val catalog = relation.relation.catalog.map(_.name()).getOrElse(LineageConf.DEFAULT_CATALOG)
+        val database = relation.relation.identifier.get.namespace().mkString(".")
+        val table = relation.relation.identifier.get.name()
+        s"$catalog.$database.$table"
+      case relation: DataSourceV2Relation =>
+        val catalog = relation.catalog.map(_.name()).getOrElse(LineageConf.DEFAULT_CATALOG)
+        val database = relation.identifier.get.namespace().mkString(".")
+        val table = relation.identifier.get.name()
+        s"$catalog.$database.$table"
+      case _ =>
+        plan.name
+    }
+  }
+
+  private def getV1TableName(qualifiedName: String): String = {
+    Seq(LineageConf.DEFAULT_CATALOG, qualifiedName).filter(_.nonEmpty).mkString(".")
+  }
 }
 
 case class SparkSQLLineageParseHelper(sparkSession: SparkSession) extends LineageParser
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
index 5b7d3dfe1..e264b1f35 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/spark/kyuubi/lineage/LineageConf.scala
@@ -18,6 +18,7 @@
 package org.apache.spark.kyuubi.lineage
 
 import org.apache.spark.internal.config.ConfigBuilder
+import org.apache.spark.sql.internal.SQLConf
 
 import org.apache.kyuubi.plugin.lineage.LineageDispatcherType
 
@@ -45,4 +46,6 @@ object LineageConf {
       "Unsupported lineage dispatchers")
     .createWithDefault(Seq(LineageDispatcherType.SPARK_EVENT.toString))
 
+  val DEFAULT_CATALOG: String = SQLConf.get.getConf(SQLConf.DEFAULT_CATALOG)
+
 }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
index 4d41b2a57..8e8d18f21 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/dispatcher/atlas/AtlasLineageDispatcherSuite.scala
@@ -20,12 +20,11 @@ package org.apache.kyuubi.plugin.lineage.dispatcher.atlas
 import java.util
 
 import scala.collection.JavaConverters._
-import scala.collection.immutable.List
 
 import org.apache.atlas.model.instance.{AtlasEntity, AtlasObjectId}
 import org.apache.commons.lang3.StringUtils
 import org.apache.spark.SparkConf
-import org.apache.spark.kyuubi.lineage.LineageConf.{DISPATCHERS, SKIP_PARSING_PERMANENT_VIEW_ENABLED}
+import org.apache.spark.kyuubi.lineage.LineageConf.{DEFAULT_CATALOG, DISPATCHERS, SKIP_PARSING_PERMANENT_VIEW_ENABLED}
 import org.apache.spark.kyuubi.lineage.SparkContextHelper
 import org.apache.spark.sql.SparkListenerExtensionTest
 import org.scalatest.concurrent.PatienceConfiguration.Timeout
@@ -33,7 +32,7 @@ import org.scalatest.time.SpanSugar._
 
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.plugin.lineage.Lineage
-import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasEntityHelper.{COLUMN_LINEAGE_TYPE, PROCESS_TYPE}
+import org.apache.kyuubi.plugin.lineage.dispatcher.atlas.AtlasEntityHelper.{buildColumnQualifiedName, buildTableQualifiedName, COLUMN_LINEAGE_TYPE, PROCESS_TYPE}
 import org.apache.kyuubi.plugin.lineage.helper.SparkListenerHelper.SPARK_RUNTIME_VERSION
 
 class AtlasLineageDispatcherSuite extends KyuubiFunSuite with SparkListenerExtensionTest {
@@ -67,11 +66,17 @@ class AtlasLineageDispatcherSuite extends KyuubiFunSuite with SparkListenerExten
       spark.sql("create table test_table1(a string, d int)")
       spark.sql("insert into test_table1 select a, b + c as d from test_table0").collect()
       val expected = Lineage(
-        List("default.test_table0"),
-        List("default.test_table1"),
+        List(s"$DEFAULT_CATALOG.default.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.test_table1"),
         List(
-          ("default.test_table1.a", Set("default.test_table0.a")),
-          ("default.test_table1.d", Set("default.test_table0.b", "default.test_table0.c"))))
+          (
+            s"$DEFAULT_CATALOG.default.test_table1.a",
+            Set(s"$DEFAULT_CATALOG.default.test_table0.a")),
+          (
+            s"$DEFAULT_CATALOG.default.test_table1.d",
+            Set(
+              s"$DEFAULT_CATALOG.default.test_table0.b",
+              s"$DEFAULT_CATALOG.default.test_table0.c"))))
       eventually(Timeout(5.seconds)) {
         assert(mockAtlasClient.getEntities != null && mockAtlasClient.getEntities.nonEmpty)
       }
@@ -100,8 +105,10 @@ class AtlasLineageDispatcherSuite extends KyuubiFunSuite with SparkListenerExten
       .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
     val outputs = entity.getRelationshipAttribute("outputs")
       .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
-    assertResult(expected.inputTables.map(s => s"$s@$cluster"))(inputs)
-    assertResult(expected.outputTables.map(s => s"$s@$cluster"))(outputs)
+    assertResult(expected.inputTables
+      .flatMap(buildTableQualifiedName(_).toSeq))(inputs)
+    assertResult(expected.outputTables
+      .flatMap(buildTableQualifiedName(_).toSeq))(outputs)
   }
 
   def checkAtlasColumnLineageEntities(
@@ -114,18 +121,20 @@ class AtlasLineageDispatcherSuite extends KyuubiFunSuite with SparkListenerExten
       case (entity, expectedLineage) =>
         assert(entity.getTypeName == COLUMN_LINEAGE_TYPE)
         val expectedQualifiedName =
-          s"${processEntity.getAttribute("qualifiedName")}:${expectedLineage.column}"
+          s"${processEntity.getAttribute("qualifiedName")}:" +
+            s"${buildColumnQualifiedName(expectedLineage.column).get}"
         assert(entity.getAttribute("qualifiedName") == expectedQualifiedName)
         assert(entity.getAttribute("name") == expectedQualifiedName)
 
         val inputs = entity.getRelationshipAttribute("inputs")
           .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
-        assertResult(expectedLineage.originalColumns.map(s => s"$s@$cluster"))(inputs.toSet)
+        assertResult(expectedLineage.originalColumns
+          .flatMap(buildColumnQualifiedName(_).toSet))(inputs.toSet)
 
         val outputs = entity.getRelationshipAttribute("outputs")
           .asInstanceOf[util.Collection[AtlasObjectId]].asScala.map(getQualifiedName)
         assert(outputs.size == 1)
-        assert(s"${expectedLineage.column}@$cluster" == outputs.head)
+        assert(buildColumnQualifiedName(expectedLineage.column).toSeq.head == outputs.head)
 
         assert(getQualifiedName(entity.getRelationshipAttribute("process").asInstanceOf[
           AtlasObjectId]) == processEntity.getAttribute("qualifiedName"))
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
index ff0a55ff1..378eb3bb4 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/events/OperationLineageEventSuite.scala
@@ -19,8 +19,6 @@ package org.apache.kyuubi.plugin.lineage.events
 
 import java.util.concurrent.{CountDownLatch, TimeUnit}
 
-import scala.collection.immutable.List
-
 import org.apache.spark.SparkConf
 import org.apache.spark.kyuubi.lineage.LineageConf._
 import org.apache.spark.scheduler.{SparkListener, SparkListenerEvent}
@@ -82,11 +80,11 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
       spark.sql("create table test_table0(a string, b string)")
       spark.sql("select a as col0, b as col1 from test_table0").collect()
       val expected = Lineage(
-        List("default.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.test_table0"),
         List(),
         List(
-          ("col0", Set("default.test_table0.a")),
-          ("col1", Set("default.test_table0.b"))))
+          ("col0", Set(s"$DEFAULT_CATALOG.default.test_table0.a")),
+          ("col1", Set(s"$DEFAULT_CATALOG.default.test_table0.b"))))
       countDownLatch.await(20, TimeUnit.SECONDS)
       assert(actualSparkEventLineage == expected)
       assert(actualKyuubiEventLineage == expected)
@@ -97,11 +95,11 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
     val countDownLatch = new CountDownLatch(1)
     var executionId: Long = -1
     val expected = Lineage(
-      List("default.table1", "default.table0"),
+      List(s"$DEFAULT_CATALOG.default.table1", s"$DEFAULT_CATALOG.default.table0"),
       List(),
       List(
-        ("aa", Set("default.table1.a")),
-        ("bb", Set("default.table0.b"))))
+        ("aa", Set(s"$DEFAULT_CATALOG.default.table1.a")),
+        ("bb", Set(s"$DEFAULT_CATALOG.default.table0.b"))))
 
     spark.sparkContext.addSparkListener(new SparkListener {
       override def onOtherEvent(event: SparkListenerEvent): Unit = {
@@ -163,11 +161,11 @@ class OperationLineageEventSuite extends KyuubiFunSuite with SparkListenerExtens
           s" where a in ('HELLO') and c = 'HELLO'").collect()
 
       val expected = Lineage(
-        List("default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
         List(),
         List(
-          ("k", Set("default.t2.a")),
-          ("b", Set("default.t2.b"))))
+          ("k", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.t2.b"))))
       countDownLatch.await(20, TimeUnit.SECONDS)
       assert(actual == expected)
     }
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
index d3cd41abc..3c19163db 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParserHelperSuite.scala
@@ -38,6 +38,7 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     if (SPARK_RUNTIME_VERSION <= "3.1") "org.apache.spark.sql.connector.InMemoryTableCatalog"
     else "org.apache.spark.sql.connector.catalog.InMemoryTableCatalog"
 
+  val DEFAULT_CATALOG = LineageConf.DEFAULT_CATALOG
   override protected val catalogImpl: String = "hive"
 
   override def sparkConf(): SparkConf = {
@@ -76,20 +77,26 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val ret0 =
         extractLineage("alter view alterviewascommand as select key from test_db0.test_table0")
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.alterviewascommand"),
-        List(("default.alterviewascommand.key", Set("test_db0.test_table0.key")))))
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.alterviewascommand"),
+        List((
+          s"$DEFAULT_CATALOG.default.alterviewascommand.key",
+          Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")))))
 
       spark.sql("create view alterviewascommand1 as select * from test_db0.test_table0")
       val ret1 =
         extractLineage("alter view alterviewascommand1 as select * from test_db0.test_table0")
 
       assert(ret1 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.alterviewascommand1"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.alterviewascommand1"),
         List(
-          ("default.alterviewascommand1.key", Set("test_db0.test_table0.key")),
-          ("default.alterviewascommand1.value", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.alterviewascommand1.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.alterviewascommand1.value",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
   }
 
@@ -106,11 +113,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           " select col1 as a, col2 as b, col3 as c from v2_catalog.db.tbb")
       assert(result == Lineage(
         List("v2_catalog.db.tbb"),
-        List("default.test_view"),
+        List(s"$DEFAULT_CATALOG.default.test_view"),
         List(
-          ("default.test_view.a", Set("v2_catalog.db.tbb.col1")),
-          ("default.test_view.b", Set("v2_catalog.db.tbb.col2")),
-          ("default.test_view.c", Set("v2_catalog.db.tbb.col3")))))
+          (s"$DEFAULT_CATALOG.default.test_view.a", Set("v2_catalog.db.tbb.col1")),
+          (s"$DEFAULT_CATALOG.default.test_view.b", Set("v2_catalog.db.tbb.col2")),
+          (s"$DEFAULT_CATALOG.default.test_view.c", Set("v2_catalog.db.tbb.col3")))))
     }
   }
 
@@ -126,32 +133,32 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s"insert into table v2_catalog.db.tb0 " +
             s"select key as col1, value as col2 from test_db0.test_table0")
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
         List("v2_catalog.db.tb0"),
         List(
-          ("v2_catalog.db.tb0.col1", Set("test_db0.test_table0.key")),
-          ("v2_catalog.db.tb0.col2", Set("test_db0.test_table0.value")))))
+          ("v2_catalog.db.tb0.col1", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          ("v2_catalog.db.tb0.col2", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret1 =
         extractLineage(
           s"insert overwrite table v2_catalog.db.tb0 partition(col2) " +
             s"select key as col1, value as col2 from test_db0.test_table0")
       assert(ret1 == Lineage(
-        List("test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
         List("v2_catalog.db.tb0"),
         List(
-          ("v2_catalog.db.tb0.col1", Set("test_db0.test_table0.key")),
-          ("v2_catalog.db.tb0.col2", Set("test_db0.test_table0.value")))))
+          ("v2_catalog.db.tb0.col1", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          ("v2_catalog.db.tb0.col2", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret2 =
         extractLineage(
           s"insert overwrite table v2_catalog.db.tb0 partition(col2 = 'bb') " +
             s"select key as col1 from test_db0.test_table0")
       assert(ret2 == Lineage(
-        List("test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
         List("v2_catalog.db.tb0"),
         List(
-          ("v2_catalog.db.tb0.col1", Set("test_db0.test_table0.key")),
+          ("v2_catalog.db.tb0.col1", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
           ("v2_catalog.db.tb0.col2", Set()))))
     }
   }
@@ -220,29 +227,41 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val ret0 = extractLineage(
         "create view createviewcommand(a, b) as select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.createviewcommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.createviewcommand"),
         List(
-          ("default.createviewcommand.a", Set("test_db0.test_table0.key")),
-          ("default.createviewcommand.b", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.createviewcommand.a",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.createviewcommand.b",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret1 = extractLineage(
         "create view createviewcommand1 as select key, value from test_db0.test_table0")
       assert(ret1 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.createviewcommand1"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.createviewcommand1"),
         List(
-          ("default.createviewcommand1.key", Set("test_db0.test_table0.key")),
-          ("default.createviewcommand1.value", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.createviewcommand1.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.createviewcommand1.value",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret2 = extractLineage(
         "create view createviewcommand2 as select * from test_db0.test_table0")
       assert(ret2 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.createviewcommand2"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.createviewcommand2"),
         List(
-          ("default.createviewcommand2.key", Set("test_db0.test_table0.key")),
-          ("default.createviewcommand2.value", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.createviewcommand2.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.createviewcommand2.value",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
   }
 
@@ -253,25 +272,29 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           extractLineage("create table createdatasourcetableasselectcommand using parquet" +
             " AS SELECT key, value FROM test_db0.test_table0")
         assert(ret0 == Lineage(
-          List("test_db0.test_table0"),
-          List("default.createdatasourcetableasselectcommand"),
+          List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+          List(s"$DEFAULT_CATALOG.default.createdatasourcetableasselectcommand"),
           List(
-            ("default.createdatasourcetableasselectcommand.key", Set("test_db0.test_table0.key")),
             (
-              "default.createdatasourcetableasselectcommand.value",
-              Set("test_db0.test_table0.value")))))
+              s"$DEFAULT_CATALOG.default.createdatasourcetableasselectcommand.key",
+              Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+            (
+              s"$DEFAULT_CATALOG.default.createdatasourcetableasselectcommand.value",
+              Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
         val ret1 =
           extractLineage("create table createdatasourcetableasselectcommand1 using parquet" +
             " AS SELECT * FROM test_db0.test_table0")
         assert(ret1 == Lineage(
-          List("test_db0.test_table0"),
-          List("default.createdatasourcetableasselectcommand1"),
+          List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+          List(s"$DEFAULT_CATALOG.default.createdatasourcetableasselectcommand1"),
           List(
-            ("default.createdatasourcetableasselectcommand1.key", Set("test_db0.test_table0.key")),
             (
-              "default.createdatasourcetableasselectcommand1.value",
-              Set("test_db0.test_table0.value")))))
+              s"$DEFAULT_CATALOG.default.createdatasourcetableasselectcommand1.key",
+              Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+            (
+              s"$DEFAULT_CATALOG.default.createdatasourcetableasselectcommand1.value",
+              Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
   }
 
@@ -280,20 +303,28 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val ret0 = extractLineage("create table createhivetableasselectcommand using hive" +
         " as select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.createhivetableasselectcommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.createhivetableasselectcommand"),
         List(
-          ("default.createhivetableasselectcommand.key", Set("test_db0.test_table0.key")),
-          ("default.createhivetableasselectcommand.value", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.createhivetableasselectcommand.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.createhivetableasselectcommand.value",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret1 = extractLineage("create table createhivetableasselectcommand1 using hive" +
         " as select * from test_db0.test_table0")
       assert(ret1 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.createhivetableasselectcommand1"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.createhivetableasselectcommand1"),
         List(
-          ("default.createhivetableasselectcommand1.key", Set("test_db0.test_table0.key")),
-          ("default.createhivetableasselectcommand1.value", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.createhivetableasselectcommand1.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.createhivetableasselectcommand1.value",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
   }
 
@@ -304,13 +335,15 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           "create table optimizedcreatehivetableasselectcommand stored as parquet " +
             "as select * from test_db0.test_table0")
       assert(ret == Lineage(
-        List("test_db0.test_table0"),
-        List("default.optimizedcreatehivetableasselectcommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.optimizedcreatehivetableasselectcommand"),
         List(
-          ("default.optimizedcreatehivetableasselectcommand.key", Set("test_db0.test_table0.key")),
           (
-            "default.optimizedcreatehivetableasselectcommand.value",
-            Set("test_db0.test_table0.value")))))
+            s"$DEFAULT_CATALOG.default.optimizedcreatehivetableasselectcommand.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.optimizedcreatehivetableasselectcommand.value",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
   }
 
@@ -321,24 +354,28 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val ret0 = extractLineage("create table v2_catalog.db.createhivetableasselectcommand" +
         " as select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
         List("v2_catalog.db.createhivetableasselectcommand"),
         List(
-          ("v2_catalog.db.createhivetableasselectcommand.key", Set("test_db0.test_table0.key")),
+          (
+            "v2_catalog.db.createhivetableasselectcommand.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
           (
             "v2_catalog.db.createhivetableasselectcommand.value",
-            Set("test_db0.test_table0.value")))))
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret1 = extractLineage("create table v2_catalog.db.createhivetableasselectcommand1" +
         " as select * from test_db0.test_table0")
       assert(ret1 == Lineage(
-        List("test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
         List("v2_catalog.db.createhivetableasselectcommand1"),
         List(
-          ("v2_catalog.db.createhivetableasselectcommand1.key", Set("test_db0.test_table0.key")),
+          (
+            "v2_catalog.db.createhivetableasselectcommand1.key",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
           (
             "v2_catalog.db.createhivetableasselectcommand1.value",
-            Set("test_db0.test_table0.value")))))
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
   }
 
@@ -366,21 +403,29 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         extractLineage(
           s"insert into table  $tableName select key, value from test_db0.test_table0")
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.insertintodatasourcecommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.insertintodatasourcecommand"),
         List(
-          ("default.insertintodatasourcecommand.a", Set("test_db0.test_table0.key")),
-          ("default.insertintodatasourcecommand.b", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.insertintodatasourcecommand.a",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.insertintodatasourcecommand.b",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret1 =
         extractLineage(
           s"insert into table  $tableName select * from test_db0.test_table0")
       assert(ret1 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.insertintodatasourcecommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.insertintodatasourcecommand"),
         List(
-          ("default.insertintodatasourcecommand.a", Set("test_db0.test_table0.key")),
-          ("default.insertintodatasourcecommand.b", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.insertintodatasourcecommand.a",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.insertintodatasourcecommand.b",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
       val ret2 =
         extractLineage(
@@ -388,11 +433,15 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
             s"select (select key from test_db0.test_table1 limit 1) + 1 as aa, " +
             s"value as bb from test_db0.test_table0")
       assert(ret2 == Lineage(
-        List("test_db0.test_table1", "test_db0.test_table0"),
-        List("default.insertintodatasourcecommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table1", s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.insertintodatasourcecommand"),
         List(
-          ("default.insertintodatasourcecommand.a", Set("test_db0.test_table1.key")),
-          ("default.insertintodatasourcecommand.b", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.insertintodatasourcecommand.a",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table1.key")),
+          (
+            s"$DEFAULT_CATALOG.default.insertintodatasourcecommand.b",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
     }
   }
@@ -406,11 +455,15 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s"insert into table $tableName select key, value from test_db0.test_table0")
 
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
-        List("default.insertintohadoopfsrelationcommand"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.insertintohadoopfsrelationcommand"),
         List(
-          ("default.insertintohadoopfsrelationcommand.a", Set("test_db0.test_table0.key")),
-          ("default.insertintohadoopfsrelationcommand.b", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.insertintohadoopfsrelationcommand.a",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.insertintohadoopfsrelationcommand.b",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
 
   }
@@ -423,12 +476,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
                                  |USING parquet
                                  |SELECT * FROM test_db0.test_table_part0""".stripMargin)
     assert(ret0 == Lineage(
-      List("test_db0.test_table_part0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table_part0"),
       List(s"""`$directory.path`"""),
       List(
-        (s"""`$directory.path`.key""", Set("test_db0.test_table_part0.key")),
-        (s"""`$directory.path`.value""", Set("test_db0.test_table_part0.value")),
-        (s"""`$directory.path`.pid""", Set("test_db0.test_table_part0.pid")))))
+        (s"""`$directory.path`.key""", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.key")),
+        (s"""`$directory.path`.value""", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.value")),
+        (s"""`$directory.path`.pid""", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.pid")))))
   }
 
   test("columns lineage extract - InsertIntoHiveDirCommand") {
@@ -439,12 +492,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
                                  |USING parquet
                                  |SELECT * FROM test_db0.test_table_part0""".stripMargin)
     assert(ret0 == Lineage(
-      List("test_db0.test_table_part0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table_part0"),
       List(s"""`$directory.path`"""),
       List(
-        (s"""`$directory.path`.key""", Set("test_db0.test_table_part0.key")),
-        (s"""`$directory.path`.value""", Set("test_db0.test_table_part0.value")),
-        (s"""`$directory.path`.pid""", Set("test_db0.test_table_part0.pid")))))
+        (s"""`$directory.path`.key""", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.key")),
+        (s"""`$directory.path`.value""", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.value")),
+        (s"""`$directory.path`.pid""", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.pid")))))
   }
 
   test("columns lineage extract - InsertIntoHiveTable") {
@@ -456,11 +509,15 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s"insert into table $tableName select * from test_db0.test_table0")
 
       assert(ret0 == Lineage(
-        List("test_db0.test_table0"),
-        List(s"default.$tableName"),
+        List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
+        List(s"$DEFAULT_CATALOG.default.$tableName"),
         List(
-          (s"default.$tableName.a", Set("test_db0.test_table0.key")),
-          (s"default.$tableName.b", Set("test_db0.test_table0.value")))))
+          (
+            s"$DEFAULT_CATALOG.default.$tableName.a",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+          (
+            s"$DEFAULT_CATALOG.default.$tableName.b",
+            Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
     }
 
   }
@@ -468,20 +525,20 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
   test("columns lineage extract - logical relation sql") {
     val ret0 = extractLineage("select key, value from test_db0.test_table0")
     assert(ret0 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("key", Set("test_db0.test_table0.key")),
-        ("value", Set("test_db0.test_table0.value")))))
+        ("key", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+        ("value", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.value")))))
 
     val ret1 = extractLineage("select * from test_db0.test_table_part0")
     assert(ret1 == Lineage(
-      List("test_db0.test_table_part0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table_part0"),
       List(),
       List(
-        ("key", Set("test_db0.test_table_part0.key")),
-        ("value", Set("test_db0.test_table_part0.value")),
-        ("pid", Set("test_db0.test_table_part0.pid")))))
+        ("key", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.key")),
+        ("value", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.value")),
+        ("pid", Set(s"$DEFAULT_CATALOG.test_db0.test_table_part0.pid")))))
 
   }
 
@@ -578,22 +635,22 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |select tmp0_0 as a0, tmp1_0 as a1 from tmp0 join tmp1 where tmp1_0 = tmp0_0
           |""".stripMargin
       val sql0ExpectResult = Lineage(
-        List("default.tmp0", "default.tmp1"),
+        List(s"$DEFAULT_CATALOG.default.tmp0", s"$DEFAULT_CATALOG.default.tmp1"),
         List(),
         List(
-          "a0" -> Set("default.tmp0.tmp0_0"),
-          "a1" -> Set("default.tmp1.tmp1_0")))
+          "a0" -> Set(s"$DEFAULT_CATALOG.default.tmp0.tmp0_0"),
+          "a1" -> Set(s"$DEFAULT_CATALOG.default.tmp1.tmp1_0")))
 
       val sql1 =
         """
           |select count(tmp1_0) as cnt, tmp1_1 from tmp1 group by tmp1_1
           |""".stripMargin
       val sql1ExpectResult = Lineage(
-        List("default.tmp1"),
+        List(s"$DEFAULT_CATALOG.default.tmp1"),
         List(),
         List(
-          "cnt" -> Set("default.tmp1.tmp1_0"),
-          "tmp1_1" -> Set("default.tmp1.tmp1_1")))
+          "cnt" -> Set(s"$DEFAULT_CATALOG.default.tmp1.tmp1_0"),
+          "tmp1_1" -> Set(s"$DEFAULT_CATALOG.default.tmp1.tmp1_1")))
 
       val ret0 = extractLineage(sql0)
       assert(ret0 == sql0ExpectResult)
@@ -660,14 +717,14 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
         List(
-          "test_db.goods_detail0",
+          s"$DEFAULT_CATALOG.test_db.goods_detail0",
           "v2_catalog.test_db_v2.goods_detail1",
           "v2_catalog.test_db_v2.mall_icon_schedule",
           "v2_catalog.test_db_v2.mall_icon"),
         List(),
         List(
-          ("goods_id", Set("test_db.goods_detail0.goods_id")),
-          ("cate_grory", Set("test_db.goods_detail0.cat_id")),
+          ("goods_id", Set(s"$DEFAULT_CATALOG.test_db.goods_detail0.goods_id")),
+          ("cate_grory", Set(s"$DEFAULT_CATALOG.test_db.goods_detail0.cat_id")),
           ("cat_id", Set("v2_catalog.test_db_v2.goods_detail1.cat_id")),
           ("product_id", Set("v2_catalog.test_db_v2.goods_detail1.product_id")),
           ("start_time", Set("v2_catalog.test_db_v2.mall_icon_schedule.start_time")),
@@ -728,12 +785,24 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
-        List("test_db.test_table0", "test_db.test_table1"),
+        List(s"$DEFAULT_CATALOG.test_db.test_table0", s"$DEFAULT_CATALOG.test_db.test_table1"),
         List(),
         List(
-          ("a", Set("test_db.test_table0.a", "test_db.test_table1.a")),
-          ("b", Set("test_db.test_table0.b", "test_db.test_table1.b")),
-          ("c", Set("test_db.test_table0.b", "test_db.test_table1.c")))))
+          (
+            "a",
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_table0.a",
+              s"$DEFAULT_CATALOG.test_db.test_table1.a")),
+          (
+            "b",
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_table0.b",
+              s"$DEFAULT_CATALOG.test_db.test_table1.b")),
+          (
+            "c",
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_table0.b",
+              s"$DEFAULT_CATALOG.test_db.test_table1.c")))))
     }
   }
 
@@ -769,18 +838,20 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
-        List("test_db.test_order_item"),
+        List(s"$DEFAULT_CATALOG.test_db.test_order_item"),
         List(),
         List(
-          ("stat_date", Set("test_db.test_order_item.stat_date")),
-          ("channel_id", Set("test_db.test_order_item.channel_id")),
-          ("sub_channel_id", Set("test_db.test_order_item.sub_channel_id")),
-          ("user_type", Set("test_db.test_order_item.user_type")),
-          ("country_name", Set("test_db.test_order_item.country_name")),
-          ("get_count0", Set("test_db.test_order_item.order_id")),
+          ("stat_date", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.stat_date")),
+          ("channel_id", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.channel_id")),
+          ("sub_channel_id", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.sub_channel_id")),
+          ("user_type", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.user_type")),
+          ("country_name", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.country_name")),
+          ("get_count0", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.order_id")),
           (
             "get_amount0",
-            Set("test_db.test_order_item.goods_count", "test_db.test_order_item.shop_price")),
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_order_item.goods_count",
+              s"$DEFAULT_CATALOG.test_db.test_order_item.shop_price")),
           ("add_time", Set[String]()))))
       val sql1 =
         """
@@ -807,24 +878,32 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret1 = extractLineage(sql1)
       assert(ret1 == Lineage(
-        List("test_db.test_order_item", "test_db.test_p0_order_item"),
+        List(
+          s"$DEFAULT_CATALOG.test_db.test_order_item",
+          s"$DEFAULT_CATALOG.test_db.test_p0_order_item"),
         List(),
         List(
           (
             "channel_id",
-            Set("test_db.test_order_item.channel_id", "test_db.test_p0_order_item.channel_id")),
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_order_item.channel_id",
+              s"$DEFAULT_CATALOG.test_db.test_p0_order_item.channel_id")),
           (
             "sub_channel_id",
             Set(
-              "test_db.test_order_item.sub_channel_id",
-              "test_db.test_p0_order_item.sub_channel_id")),
+              s"$DEFAULT_CATALOG.test_db.test_order_item.sub_channel_id",
+              s"$DEFAULT_CATALOG.test_db.test_p0_order_item.sub_channel_id")),
           (
             "country_name",
-            Set("test_db.test_order_item.country_name", "test_db.test_p0_order_item.country_name")),
-          ("get_count0", Set("test_db.test_order_item.order_id")),
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_order_item.country_name",
+              s"$DEFAULT_CATALOG.test_db.test_p0_order_item.country_name")),
+          ("get_count0", Set(s"$DEFAULT_CATALOG.test_db.test_order_item.order_id")),
           (
             "get_amount0",
-            Set("test_db.test_order_item.goods_count", "test_db.test_order_item.shop_price")),
+            Set(
+              s"$DEFAULT_CATALOG.test_db.test_order_item.goods_count",
+              s"$DEFAULT_CATALOG.test_db.test_order_item.shop_price")),
           ("add_time", Set[String]()))))
     }
   }
@@ -833,56 +912,56 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
     val sql0 = """select key as a, count(*) as b, 1 as c from test_db0.test_table0 group by key"""
     val ret0 = extractLineage(sql0)
     assert(ret0 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.key")),
-        ("b", Set("test_db0.test_table0.__count__")),
+        ("a", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
+        ("b", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.__count__")),
         ("c", Set()))))
 
     val sql1 = """select count(*) as a, 1 as b from test_db0.test_table0"""
     val ret1 = extractLineage(sql1)
     assert(ret1 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.__count__")),
+        ("a", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.__count__")),
         ("b", Set()))))
 
     val sql2 = """select every(key == 1) as a, 1 as b from test_db0.test_table0"""
     val ret2 = extractLineage(sql2)
     assert(ret2 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.key")),
+        ("a", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
         ("b", Set()))))
 
     val sql3 = """select count(*) as a, 1 as b from test_db0.test_table0"""
     val ret3 = extractLineage(sql3)
     assert(ret3 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.__count__")),
+        ("a", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.__count__")),
         ("b", Set()))))
 
     val sql4 = """select first(key) as a, 1 as b from test_db0.test_table0"""
     val ret4 = extractLineage(sql4)
     assert(ret4 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.key")),
+        ("a", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
         ("b", Set()))))
 
     val sql5 = """select avg(key) as a, 1 as b from test_db0.test_table0"""
     val ret5 = extractLineage(sql5)
     assert(ret5 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.key")),
+        ("a", Set(s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
         ("b", Set()))))
 
     val sql6 =
@@ -890,19 +969,27 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         | 1 as b from test_db0.test_table0""".stripMargin
     val ret6 = extractLineage(sql6)
     assert(ret6 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.value", "test_db0.test_table0.key")),
+        (
+          "a",
+          Set(
+            s"$DEFAULT_CATALOG.test_db0.test_table0.value",
+            s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
         ("b", Set()))))
 
     val sql7 = """select count(*) + sum(key) as a, 1 as b from test_db0.test_table0"""
     val ret7 = extractLineage(sql7)
     assert(ret7 == Lineage(
-      List("test_db0.test_table0"),
+      List(s"$DEFAULT_CATALOG.test_db0.test_table0"),
       List(),
       List(
-        ("a", Set("test_db0.test_table0.__count__", "test_db0.test_table0.key")),
+        (
+          "a",
+          Set(
+            s"$DEFAULT_CATALOG.test_db0.test_table0.__count__",
+            s"$DEFAULT_CATALOG.test_db0.test_table0.key")),
         ("b", Set()))))
 
   }
@@ -922,11 +1009,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
-        List("default.table1", "default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table1", s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("aa", Set("default.table1.a")),
-          ("bb", Set("default.table0.b")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table1.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table0.b")))))
 
       val df0 = spark.sql("select a as a0, b as b0 from table0 where a = 2")
       df0.cache()
@@ -935,11 +1022,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val analyzed = df.queryExecution.analyzed
       val ret1 = SparkSQLLineageParseHelper(spark).transformToLineage(0, analyzed).get
       assert(ret1 == Lineage(
-        List("default.table0", "default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table0", s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("aa", Set("default.table0.a")),
-          ("bb", Set("default.table1.b")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
     }
   }
 
@@ -957,12 +1044,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret0 = extractLineage(sql0)
       assert(ret0 == Lineage(
-        List("default.table0", "default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table0", s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("aa", Set("default.table0.a")),
-          ("bb", Set("default.table1.b")),
-          ("cc", Set("default.table1.c")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")),
+          ("cc", Set(s"$DEFAULT_CATALOG.default.table1.c")))))
 
       val sql1 =
         """
@@ -970,11 +1057,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret1 = extractLineage(sql1)
       assert(ret1 == Lineage(
-        List("default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("aa", Set("default.table1.a")),
-          ("bb", Set("default.table1.b")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table1.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
 
       val sql2 =
         """
@@ -982,11 +1069,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret2 = extractLineage(sql2)
       assert(ret2 == Lineage(
-        List("default.table0", "default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table0", s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("aa", Set("default.table0.__count__")),
-          ("bb", Set("default.table1.b")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table0.__count__")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
 
       // ListQuery
       val sql3 =
@@ -995,12 +1082,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret3 = extractLineage(sql3)
       assert(ret3 == Lineage(
-        List("default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("a", Set("default.table0.a")),
-          ("b", Set("default.table0.b")),
-          ("c", Set("default.table0.c")))))
+          ("a", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.table0.b")),
+          ("c", Set(s"$DEFAULT_CATALOG.default.table0.c")))))
 
       // Exists
       val sql4 =
@@ -1009,12 +1096,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret4 = extractLineage(sql4)
       assert(ret4 == Lineage(
-        List("default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("a", Set("default.table0.a")),
-          ("b", Set("default.table0.b")),
-          ("c", Set("default.table0.c")))))
+          ("a", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.table0.b")),
+          ("c", Set(s"$DEFAULT_CATALOG.default.table0.c")))))
 
       val sql5 =
         """
@@ -1022,12 +1109,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret5 = extractLineage(sql5)
       assert(ret5 == Lineage(
-        List("default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("a", Set("default.table0.a")),
-          ("b", Set("default.table0.b")),
-          ("c", Set("default.table0.c")))))
+          ("a", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.table0.b")),
+          ("c", Set(s"$DEFAULT_CATALOG.default.table0.c")))))
 
       val sql6 =
         """
@@ -1035,12 +1122,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret6 = extractLineage(sql6)
       assert(ret6 == Lineage(
-        List("default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("a", Set("default.table0.a")),
-          ("b", Set("default.table0.b")),
-          ("c", Set("default.table0.c")))))
+          ("a", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.table0.b")),
+          ("c", Set(s"$DEFAULT_CATALOG.default.table0.c")))))
 
       val sql7 =
         """
@@ -1048,12 +1135,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret7 = extractLineage(sql7)
       assert(ret7 == Lineage(
-        List("default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("a", Set("default.table0.a")),
-          ("b", Set("default.table0.b")),
-          ("c", Set("default.table0.c")))))
+          ("a", Set(s"$DEFAULT_CATALOG.default.table0.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.table0.b")),
+          ("c", Set(s"$DEFAULT_CATALOG.default.table0.c")))))
 
       val sql8 =
         """
@@ -1061,11 +1148,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret8 = extractLineage(sql8)
       assert(ret8 == Lineage(
-        List("default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("(scalarsubquery() + 1)", Set("default.table1.a")),
-          ("bb", Set("default.table1.b")))))
+          ("(scalarsubquery() + 1)", Set(s"$DEFAULT_CATALOG.default.table1.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
 
       val sql9 =
         """
@@ -1073,11 +1160,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret9 = extractLineage(sql9)
       assert(ret9 == Lineage(
-        List("default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("aa", Set("default.table1.a")),
-          ("bb", Set("default.table1.b")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table1.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
 
       val sql10 =
         """
@@ -1086,11 +1173,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           |""".stripMargin
       val ret10 = extractLineage(sql10)
       assert(ret10 == Lineage(
-        List("default.table1", "default.table0"),
+        List(s"$DEFAULT_CATALOG.default.table1", s"$DEFAULT_CATALOG.default.table0"),
         List(),
         List(
-          ("aa", Set("default.table1.a", "default.table0.a")),
-          ("bb", Set("default.table1.b")))))
+          ("aa", Set(s"$DEFAULT_CATALOG.default.table1.a", s"$DEFAULT_CATALOG.default.table0.a")),
+          ("bb", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
 
       val sql11 =
         """
@@ -1099,11 +1186,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
 
       val ret11 = extractLineage(sql11)
       assert(ret11 == Lineage(
-        List("default.table1"),
+        List(s"$DEFAULT_CATALOG.default.table1"),
         List(),
         List(
-          ("a", Set("default.table1.a")),
-          ("b", Set("default.table1.b")))))
+          ("a", Set(s"$DEFAULT_CATALOG.default.table1.a")),
+          ("b", Set(s"$DEFAULT_CATALOG.default.table1.b")))))
     }
   }
 
@@ -1120,12 +1207,14 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
             s"count(distinct(b)) * count(distinct(c))" +
             s"from t2 group by a")
       assert(ret0 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set("default.t2.a")),
-          ("default.t1.b", Set("default.t2.b")),
-          ("default.t1.c", Set("default.t2.b", "default.t2.c")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")),
+          (
+            s"$DEFAULT_CATALOG.default.t1.c",
+            Set(s"$DEFAULT_CATALOG.default.t2.b", s"$DEFAULT_CATALOG.default.t2.c")))))
 
       val ret1 =
         extractLineage(
@@ -1166,12 +1255,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s"insert into table t1 select a,b,GROUPING__ID " +
             s"from t2 group by a,b,c,d grouping sets ((a,b,c), (a,b,d))")
       assert(ret0 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set("default.t2.a")),
-          ("default.t1.b", Set("default.t2.b")),
-          ("default.t1.c", Set()))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")),
+          (s"$DEFAULT_CATALOG.default.t1.c", Set()))))
     }
   }
 
@@ -1186,19 +1275,21 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s" where rank=1")
       val ret0 = extractLineage("insert overwrite table t1 select a, b from c1")
       assert(ret0 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set("default.t2.a")),
-          ("default.t1.b", Set("default.t2.b")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")))))
 
       val ret1 = extractLineage("insert overwrite table t1 select a, rank from c1")
       assert(ret1 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set("default.t2.a")),
-          ("default.t1.b", Set("default.t2.a", "default.t2.b")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          (
+            s"$DEFAULT_CATALOG.default.t1.b",
+            Set(s"$DEFAULT_CATALOG.default.t2.a", s"$DEFAULT_CATALOG.default.t2.b")))))
 
       spark.sql(
         s"cache table c2 select * from (" +
@@ -1206,11 +1297,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s" where rank=1")
       val ret2 = extractLineage("insert overwrite table t1 select a, b from c2")
       assert(ret2 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set("default.t2.a")),
-          ("default.t1.b", Set("default.t2.b")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")))))
 
       spark.sql(
         s"cache table c3 select * from (" +
@@ -1218,11 +1309,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
           s" from t2) where rank=1")
       val ret3 = extractLineage("insert overwrite table t1 select aa, bb from c3")
       assert(ret3 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set("default.t2.a")),
-          ("default.t1.b", Set("default.t2.b")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")))))
     }
   }
 
@@ -1234,12 +1325,12 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         " ifnull(get_json_object(a, '$.b.imei'), get_json_object(a, '$.b.android_id'))) from t2)")
 
       assert(ret0 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set()),
-          ("default.t1.b", Set()),
-          ("default.t1.c", Set("default.t2.a")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set()),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set()),
+          (s"$DEFAULT_CATALOG.default.t1.c", Set(s"$DEFAULT_CATALOG.default.t2.a")))))
     }
   }
 
@@ -1255,11 +1346,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
               s" from t2" +
               s" where a in ('HELLO') and c = 'HELLO'")
         assert(ret0 == Lineage(
-          List("default.t1"),
-          List("default.view_tst"),
+          List(s"$DEFAULT_CATALOG.default.t1"),
+          List(s"$DEFAULT_CATALOG.default.view_tst"),
           List(
-            ("default.view_tst.k", Set("default.t1.a")),
-            ("default.view_tst.b", Set("default.t1.b")))))
+            (s"$DEFAULT_CATALOG.default.view_tst.k", Set(s"$DEFAULT_CATALOG.default.t1.a")),
+            (s"$DEFAULT_CATALOG.default.view_tst.b", Set(s"$DEFAULT_CATALOG.default.t1.b")))))
       }
     }
   }
@@ -1276,11 +1367,11 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
               s" from t2" +
               s" where a in ('HELLO') and c = 'HELLO'")
         assert(ret0 == Lineage(
-          List("default.t2"),
+          List(s"$DEFAULT_CATALOG.default.t2"),
           List(),
           List(
-            ("k", Set("default.t2.a")),
-            ("b", Set("default.t2.b")))))
+            ("k", Set(s"$DEFAULT_CATALOG.default.t2.a")),
+            ("b", Set(s"$DEFAULT_CATALOG.default.t2.b")))))
       }
     }
   }
@@ -1294,13 +1385,13 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
         " insert overwrite table t2 select a,b where a=1" +
         " insert overwrite table t3 select a,b where b=1")
       assert(ret0 == Lineage(
-        List("default.t1"),
-        List("default.t2", "default.t3"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2", s"$DEFAULT_CATALOG.default.t3"),
         List(
-          ("default.t2.a", Set("default.t1.a")),
-          ("default.t2.b", Set("default.t1.b")),
-          ("default.t3.a", Set("default.t1.a")),
-          ("default.t3.b", Set("default.t1.b")))))
+          (s"$DEFAULT_CATALOG.default.t2.a", Set(s"$DEFAULT_CATALOG.default.t1.a")),
+          (s"$DEFAULT_CATALOG.default.t2.b", Set(s"$DEFAULT_CATALOG.default.t1.b")),
+          (s"$DEFAULT_CATALOG.default.t3.a", Set(s"$DEFAULT_CATALOG.default.t1.a")),
+          (s"$DEFAULT_CATALOG.default.t3.b", Set(s"$DEFAULT_CATALOG.default.t1.b")))))
     }
   }
 
@@ -1312,38 +1403,38 @@ class SparkSQLLineageParserHelperSuite extends KyuubiFunSuite
       val ret0 = extractLineage("insert into t1 select 1, t2.b, cc.action, t2.d " +
         "from t2 lateral view explode(split(c,'\\},\\{')) cc as action")
       assert(ret0 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set()),
-          ("default.t1.b", Set("default.t2.b")),
-          ("default.t1.c", Set("default.t2.c")),
-          ("default.t1.d", Set("default.t2.d")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set()),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")),
+          (s"$DEFAULT_CATALOG.default.t1.c", Set(s"$DEFAULT_CATALOG.default.t2.c")),
+          (s"$DEFAULT_CATALOG.default.t1.d", Set(s"$DEFAULT_CATALOG.default.t2.d")))))
 
       val ret1 = extractLineage("insert into t1 select 1, t2.b, cc.action0, dd.action1 " +
         "from t2 " +
         "lateral view explode(split(c,'\\},\\{')) cc as action0 " +
         "lateral view explode(split(d,'\\},\\{')) dd as action1")
       assert(ret1 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set()),
-          ("default.t1.b", Set("default.t2.b")),
-          ("default.t1.c", Set("default.t2.c")),
-          ("default.t1.d", Set("default.t2.d")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set()),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")),
+          (s"$DEFAULT_CATALOG.default.t1.c", Set(s"$DEFAULT_CATALOG.default.t2.c")),
+          (s"$DEFAULT_CATALOG.default.t1.d", Set(s"$DEFAULT_CATALOG.default.t2.d")))))
 
       val ret2 = extractLineage("insert into t1 select 1, t2.b, dd.pos, dd.action1 " +
         "from t2 " +
         "lateral view posexplode(split(d,'\\},\\{')) dd as pos, action1")
       assert(ret2 == Lineage(
-        List("default.t2"),
-        List("default.t1"),
+        List(s"$DEFAULT_CATALOG.default.t2"),
+        List(s"$DEFAULT_CATALOG.default.t1"),
         List(
-          ("default.t1.a", Set()),
-          ("default.t1.b", Set("default.t2.b")),
-          ("default.t1.c", Set("default.t2.d")),
-          ("default.t1.d", Set("default.t2.d")))))
+          (s"$DEFAULT_CATALOG.default.t1.a", Set()),
+          (s"$DEFAULT_CATALOG.default.t1.b", Set(s"$DEFAULT_CATALOG.default.t2.b")),
+          (s"$DEFAULT_CATALOG.default.t1.c", Set(s"$DEFAULT_CATALOG.default.t2.d")),
+          (s"$DEFAULT_CATALOG.default.t1.d", Set(s"$DEFAULT_CATALOG.default.t2.d")))))
     }
   }
 

From 1dbb31b601e9be2879c02fcfb46b1435f87df92d Mon Sep 17 00:00:00 2001
From: marcoluo <marcoluo@verizontal.com>
Date: Thu, 10 Aug 2023 00:49:53 +0800
Subject: [PATCH 551/760] [KYUUBI #5148] Improve spark.driver.host assignment
 in Spark on K8s client mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Before this PR, the ip address obtained in the K8s environment is incorrect, and `spark.driver.host` cannot be manually specified.

This time pr will adjust the way the IP is obtained and support the external parameter `spark.driver.host`

### _How was this patch tested?_

It has been tested in the local environment and verified as expected

Add screenshots for manual tests if appropriate

![image](https://github.com/apache/kyuubi/assets/29895551/5a0b821d-2194-441f-9635-d19f3d688057)

Closes #5148 from fantasticKe/feat_k8s_driver_ip.

Closes #5148

330f5f93d [marcoluo] feat: 修改k8s模式下获取spark.driver.host的方式

Authored-by: marcoluo <marcoluo@verizontal.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index 5badf695e..5f91bc73d 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -17,7 +17,6 @@
 
 package org.apache.kyuubi.engine.spark
 
-import java.net.InetAddress
 import java.time.Instant
 import java.util.{Locale, UUID}
 import java.util.concurrent.{CountDownLatch, ScheduledExecutorService, ThreadPoolExecutor, TimeUnit}
@@ -254,7 +253,7 @@ object SparkSQLEngine extends Logging {
 
       if (!isOnK8sClusterMode) {
         // set driver host to ip instead of kyuubi pod name
-        _sparkConf.set("spark.driver.host", InetAddress.getLocalHost.getHostAddress)
+        _sparkConf.setIfMissing("spark.driver.host", Utils.findLocalInetAddress.getHostAddress)
       }
     }
 

From afc227db9c858e8ea26c10bc50f95dcb00bd41cf Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Thu, 10 Aug 2023 11:40:14 +0800
Subject: [PATCH 552/760] [KYUUBI #5149] [Improvement] Correct error message of
 ReflectUtils's invokeAs when method not found

### _Why are the changes needed?_

Currently, overloaded methods are considered the same and deduplicated in ReflectUtils, thus not easy to tell why no method is found.

This PR fixes the problem by adding the argument lists. In addition, it fixes the problem that the arg classes are not printed correctly.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5149 from link3280/reflect_exception_msg.

Closes #5149

b27d743fc [Paul Lin] Update test case
0c04f2709 [Paul Lin] Improve error msg of ReflectUtils

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Paul Lin <paullin3280@gmail.com>
---
 .../apache/kyuubi/util/reflect/ReflectUtils.scala    | 10 ++++++----
 .../kyuubi/util/reflect/ReflectUtilsSuite.scala      | 12 ++++++++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
index 78b0e1df7..08916b8d1 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -93,11 +93,13 @@ object ReflectUtils {
     } catch {
       case e: Exception =>
         val candidates =
-          (clz.getDeclaredMethods ++ clz.getMethods).map(_.getName).distinct.sorted
-        val argClassesNames = argClasses.map(_.getClass.getName)
+          (clz.getDeclaredMethods ++ clz.getMethods)
+            .map(m => s"${m.getName}(${m.getParameterTypes.map(_.getName).mkString(", ")})")
+            .distinct.sorted
+        val argClassesNames = argClasses.map(_.getName)
         throw new RuntimeException(
-          s"Method $methodName(${argClassesNames.mkString(",")})" +
-            s" not found in $clz [${candidates.mkString(",")}]",
+          s"Method $methodName(${argClassesNames.mkString(", ")})" +
+            s" not found in $clz [${candidates.mkString(", ")}]",
           e)
     }
   }
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
index dbfd234de..d81d1d9f9 100644
--- a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
@@ -66,6 +66,18 @@ class ReflectUtilsSuite extends AnyFunSuite {
     assertResult("field5")(getField[String](ObjectA, "field5"))
     assertResult("field6")(getField[String](ObjectA, "field6"))
   }
+
+  test("test invokeAs method not found exception") {
+    val exception = intercept[RuntimeException]{
+      invokeAs[String](ObjectA, "methodNotExists", (classOf[String], "arg1"),
+        (classOf[String], "arg2"))
+    }
+    assert(exception.getMessage ===
+      "Method methodNotExists(java.lang.String, java.lang.String) not found " +
+        "in class org.apache.kyuubi.util.reflect.ObjectA$ " +
+        "[equals(java.lang.Object), field5(), field6(), getClass(), hashCode(), method5(), " +
+        "method6(), notify(), notifyAll(), toString(), wait(), wait(long), wait(long, int)]")
+  }
 }
 
 class ClassA(val field0: String = "field0") {

From ab1c46d431a7988566fba1fd308766b13d90b608 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 11 Aug 2023 18:23:08 +0800
Subject: [PATCH 553/760] [KYUUBI #5154] [Doc] Move configuration docs to the
 top level

### _Why are the changes needed?_

- Move the configuration docs to the top level of docs, which is most commonly used and referenced
- update relevant doc links

![image](https://github.com/apache/kyuubi/assets/1935105/a1dd35cc-d37f-4294-9fed-b275956c2cc5)

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5154 from bowenliang123/config-doc-first.

Closes #5154

b49ed3f8b [liangbowen] nit
db7f0d14d [liangbowen] update doc links
f8fd697a2 [liangbowen] move config docs to the top level
7448e4487 [liangbowen] change title of settings doc
40214ddd8 [liangbowen] move config doc in the front of deployment

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 charts/kyuubi/README.md                                  | 2 +-
 charts/kyuubi/templates/_helpers.tpl                     | 2 +-
 charts/kyuubi/values.yaml                                | 6 +++---
 conf/kyuubi-defaults.conf.template                       | 2 +-
 docker/kyuubi-configmap.yaml                             | 2 +-
 docs/client/rest/rest_api.md                             | 2 +-
 docs/{deployment => configuration}/settings.md           | 2 +-
 docs/deployment/index.rst                                | 9 ---------
 docs/index.rst                                           | 1 +
 docs/security/authentication.rst                         | 2 +-
 docs/security/authorization/spark/overview.rst           | 2 +-
 docs/security/ldap.md                                    | 2 +-
 .../scala/org/apache/kyuubi/engine/ProcBuilder.scala     | 2 +-
 .../apache/kyuubi/config/AllKyuubiConfiguration.scala    | 6 +++---
 14 files changed, 17 insertions(+), 25 deletions(-)
 rename docs/{deployment => configuration}/settings.md (99%)

diff --git a/charts/kyuubi/README.md b/charts/kyuubi/README.md
index a1e5c4b62..dfec578dd 100644
--- a/charts/kyuubi/README.md
+++ b/charts/kyuubi/README.md
@@ -50,7 +50,7 @@ helm install --dry-run --debug --generate-name ../kyuubi
 
 ## Documentation
 
-Configuration guide documentation for Kyuubi lives [on the website](https://kyuubi.readthedocs.io/en/master/deployment/settings.html#kyuubi-configurations). (Not just for Helm Chart)
+Configuration guide documentation for Kyuubi lives [on the website](https://kyuubi.readthedocs.io/en/master/configuration/settings.html#kyuubi-configurations). (Not just for Helm Chart)
 
 ## Contributing
 
diff --git a/charts/kyuubi/templates/_helpers.tpl b/charts/kyuubi/templates/_helpers.tpl
index 4c9da32b9..502bf4646 100644
--- a/charts/kyuubi/templates/_helpers.tpl
+++ b/charts/kyuubi/templates/_helpers.tpl
@@ -17,7 +17,7 @@
 
 {{/*
 A comma separated string of enabled frontend protocols, e.g. "REST,THRIFT_BINARY".
-For details, see 'kyuubi.frontend.protocols': https://kyuubi.readthedocs.io/en/master/deployment/settings.html#frontend
+For details, see 'kyuubi.frontend.protocols': https://kyuubi.readthedocs.io/en/master/configuration/settings.html#frontend
 */}}
 {{- define "kyuubi.frontend.protocols" -}}
   {{- $protocols := list }}
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index 940a7c80e..da4add0ed 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -121,7 +121,7 @@ kyuubiConfDir: /opt/kyuubi/conf
 # Kyuubi configurations files
 kyuubiConf:
   # The value (templated string) is used for kyuubi-env.sh file
-  # See example at conf/kyuubi-env.sh.template and https://kyuubi.readthedocs.io/en/master/deployment/settings.html#environments for more details
+  # See example at conf/kyuubi-env.sh.template and https://kyuubi.readthedocs.io/en/master/configuration/settings.html#environments for more details
   kyuubiEnv: ~
   #  kyuubiEnv: |
   #    export JAVA_HOME=/usr/jdk64/jdk1.8.0_152
@@ -130,7 +130,7 @@ kyuubiConf:
   #    export HIVE_HOME=/opt/hive
 
   # The value (templated string) is used for kyuubi-defaults.conf file
-  # See https://kyuubi.readthedocs.io/en/master/deployment/settings.html#kyuubi-configurations for more details
+  # See https://kyuubi.readthedocs.io/en/master/configuration/settings.html#kyuubi-configurations for more details
   kyuubiDefaults: ~
   #  kyuubiDefaults: |
   #    kyuubi.authentication=NONE
@@ -142,7 +142,7 @@ kyuubiConf:
   #    kyuubi.ha.namespace=kyuubi
 
   # The value (templated string) is used for log4j2.xml file
-  # See example at conf/log4j2.xml.template https://kyuubi.readthedocs.io/en/master/deployment/settings.html#logging for more details
+  # See example at conf/log4j2.xml.template https://kyuubi.readthedocs.io/en/master/configuration/settings.html#logging for more details
   log4j2: ~
 
 # Command to launch Kyuubi server (templated)
diff --git a/conf/kyuubi-defaults.conf.template b/conf/kyuubi-defaults.conf.template
index c93971d91..eef36ad10 100644
--- a/conf/kyuubi-defaults.conf.template
+++ b/conf/kyuubi-defaults.conf.template
@@ -33,4 +33,4 @@
 # kyuubi.ha.namespace                      kyuubi
 #
 
-# Details in https://kyuubi.readthedocs.io/en/master/deployment/settings.html
+# Details in https://kyuubi.readthedocs.io/en/master/configuration/settings.html
diff --git a/docker/kyuubi-configmap.yaml b/docker/kyuubi-configmap.yaml
index 9b7993596..6a6d430ce 100644
--- a/docker/kyuubi-configmap.yaml
+++ b/docker/kyuubi-configmap.yaml
@@ -52,4 +52,4 @@ data:
     # kyuubi.frontend.bind.port       10009
     #
 
-    # Details in https://kyuubi.readthedocs.io/en/master/deployment/settings.html
+    # Details in https://kyuubi.readthedocs.io/en/master/configuration/settings.html
diff --git a/docs/client/rest/rest_api.md b/docs/client/rest/rest_api.md
index bf4917e88..fc04857d0 100644
--- a/docs/client/rest/rest_api.md
+++ b/docs/client/rest/rest_api.md
@@ -449,7 +449,7 @@ Refresh the Hadoop configurations of the Kyuubi server.
 
 ### POST /admin/refresh/user_defaults_conf
 
-Refresh the [user defaults configs](../../deployment/settings.html#user-defaults) with key in format in the form of `___{username}___.{config key}` from default property file.
+Refresh the [user defaults configs](../../configuration/settings.html#user-defaults) with key in format in the form of `___{username}___.{config key}` from default property file.
 
 ### POST /admin/refresh/kubernetes_conf
 
diff --git a/docs/deployment/settings.md b/docs/configuration/settings.md
similarity index 99%
rename from docs/deployment/settings.md
rename to docs/configuration/settings.md
index 7ce3c2d4b..77e1d6dee 100644
--- a/docs/deployment/settings.md
+++ b/docs/configuration/settings.md
@@ -16,7 +16,7 @@
 -->
 <!-- DO NOT MODIFY THIS FILE DIRECTLY, IT IS AUTO-GENERATED BY [org.apache.kyuubi.config.AllKyuubiConfiguration] -->
 
-# Introduction to the Kyuubi Configurations System
+# Configurations
 
 Kyuubi provides several ways to configure the system and corresponding engines.
 
diff --git a/docs/deployment/index.rst b/docs/deployment/index.rst
index ec3ece951..1b6bf8766 100644
--- a/docs/deployment/index.rst
+++ b/docs/deployment/index.rst
@@ -31,15 +31,6 @@ Basics
     high_availability_guide
     migration-guide
 
-Configurations
---------------
-
-.. toctree::
-    :maxdepth: 2
-    :glob:
-
-    settings
-
 Engines
 -------
 
diff --git a/docs/index.rst b/docs/index.rst
index 7f6e0a248..e86041ffc 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -179,6 +179,7 @@ What's Next
    :glob:
 
    quick_start/index
+   configuration/settings
    deployment/index
    Security <security/index>
    monitor/index
diff --git a/docs/security/authentication.rst b/docs/security/authentication.rst
index f16a452c8..00bf368ff 100644
--- a/docs/security/authentication.rst
+++ b/docs/security/authentication.rst
@@ -43,4 +43,4 @@ The related configurations can be found at `Authentication Configurations`_
     jdbc
     ../extensions/server/authentication
 
-.. _Authentication Configurations: ../deployment/settings.html#authentication
+.. _Authentication Configurations: ../configuration/settings.html#authentication
diff --git a/docs/security/authorization/spark/overview.rst b/docs/security/authorization/spark/overview.rst
index fcbaa880b..364d6485f 100644
--- a/docs/security/authorization/spark/overview.rst
+++ b/docs/security/authorization/spark/overview.rst
@@ -106,4 +106,4 @@ You can specify config `spark.kyuubi.conf.restricted.list` values to disable cha
    2. A set statement with key equal to `spark.sql.optimizer.excludedRules` and value containing `org.apache.kyuubi.plugin.spark.authz.ranger.*` also does not allow modification.
 
 .. _Apache Ranger: https://ranger.apache.org/
-.. _Spark Configurations: ../../../deployment/settings.html#spark-configurations
+.. _Spark Configurations: ../../../configuration/settings.html#spark-configurations
diff --git a/docs/security/ldap.md b/docs/security/ldap.md
index f668ad0c9..7994afb51 100644
--- a/docs/security/ldap.md
+++ b/docs/security/ldap.md
@@ -56,5 +56,5 @@ kyuubi.authentication.ldap.userFilter=hive-admin,hive,hive-test,hive-user
 kyuubi.authentication.ldap.customLDAPQuery=(&(objectClass=group)(objectClass=top)(instanceType=4)(cn=Domain*)), (&(objectClass=person)(|(sAMAccountName=admin)(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com))))
 ```
 
-Please refer to [Settings for LDAP authentication in Kyuubi](../deployment/settings.html?highlight=LDAP#authentication)
+Please refer to [Settings for LDAP authentication in Kyuubi](../configuration/settings.html?highlight=LDAP#authentication)
 for all configurations.
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index 304799db8..44b317c71 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -340,7 +340,7 @@ trait ProcBuilder {
   protected def validateEnv(requiredEnv: String): Throwable = {
     KyuubiSQLException(s"$requiredEnv is not set! For more information on installing and " +
       s"configuring $requiredEnv, please visit https://kyuubi.readthedocs.io/en/master/" +
-      s"deployment/settings.html#environments")
+      s"configuration/settings.html#environments")
   }
 
   def clusterManager(): Option[String] = None
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 5dde9f935..1f4c9e171 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -31,7 +31,7 @@ import org.apache.kyuubi.zookeeper.ZookeeperConf
 // scalastyle:off line.size.limit
 /**
  * End-to-end test cases for configuration doc file
- * The golden result file is "docs/deployment/settings.md".
+ * The golden result file is "docs/configuration/settings.md".
  *
  * To run the entire test suite:
  * {{{
@@ -46,7 +46,7 @@ import org.apache.kyuubi.zookeeper.ZookeeperConf
 // scalastyle:on line.size.limit
 class AllKyuubiConfiguration extends KyuubiFunSuite {
   private val kyuubiHome: String = Utils.getCodeSourceLocation(getClass).split("kyuubi-server")(0)
-  private val markdown = Paths.get(kyuubiHome, "docs", "deployment", "settings.md")
+  private val markdown = Paths.get(kyuubiHome, "docs", "configuration", "settings.md")
     .toAbsolutePath
 
   private def loadConfigs = Array(
@@ -64,7 +64,7 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
 
     builder ++=
       s"""
-         |# Introduction to the Kyuubi Configurations System
+         |# Configurations
          |
          |Kyuubi provides several ways to configure the system and corresponding engines.
          |

From 346d7a667339915e4f84fbdef65669a77c576898 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 11 Aug 2023 20:07:45 +0800
Subject: [PATCH 554/760] [KYUUBI #5145] Change embedded Zookeeper server to
 method-local variable

### _Why are the changes needed?_

- Change the embedded Zookeeper server to method variable
- Throw runtime exception for failures when initializing the embedded Zookeeper

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5145 from bowenliang123/embed-zk.

Closes #5145

2a78957e5 [liangbowen] nit
86087117c [liangbowen] update
0f523f265 [liangbowen] throw runtime exception for failures when initializing embedded zookeeper
b33e7a497 [liangbowen] make the embedded zookeeper from member attributes to method-local variable

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../apache/kyuubi/server/KyuubiServer.scala   | 17 +++++++++--------
 .../kyuubi/zookeeper/EmbeddedZookeeper.scala  | 19 +++++++++++++------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index 2fc0475a3..bd707a66f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -38,17 +38,20 @@ import org.apache.kyuubi.util.{KyuubiHadoopUtils, SignalRegister}
 import org.apache.kyuubi.zookeeper.EmbeddedZookeeper
 
 object KyuubiServer extends Logging {
-  private val zkServer = new EmbeddedZookeeper()
   private[kyuubi] var kyuubiServer: KyuubiServer = _
   @volatile private[kyuubi] var hadoopConf: Configuration = _
 
   def startServer(conf: KyuubiConf): KyuubiServer = {
     hadoopConf = KyuubiHadoopUtils.newHadoopConf(conf)
+    var embeddedZkServer: Option[EmbeddedZookeeper] = None
     if (!ServiceDiscovery.supportServiceDiscovery(conf)) {
-      zkServer.initialize(conf)
-      zkServer.start()
-      conf.set(HA_ADDRESSES, zkServer.getConnectString)
-      conf.set(HA_ZK_AUTH_TYPE, AuthTypes.NONE.toString)
+      embeddedZkServer = Some(new EmbeddedZookeeper())
+      embeddedZkServer.foreach(zkServer => {
+        zkServer.initialize(conf)
+        zkServer.start()
+        conf.set(HA_ADDRESSES, zkServer.getConnectString)
+        conf.set(HA_ZK_AUTH_TYPE, AuthTypes.NONE.toString)
+      })
     }
 
     val server = conf.get(KyuubiConf.SERVER_NAME) match {
@@ -59,9 +62,7 @@ object KyuubiServer extends Logging {
       server.initialize(conf)
     } catch {
       case e: Exception =>
-        if (zkServer.getServiceState == ServiceState.STARTED) {
-          zkServer.stop()
-        }
+        embeddedZkServer.filter(_.getServiceState == ServiceState.STARTED).foreach(_.stop())
         throw e
     }
     server.start()
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
index 04457f3ce..25bd67446 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
@@ -44,14 +44,21 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
     val maxSessionTimeout = conf.get(ZK_MAX_SESSION_TIMEOUT)
     host = conf.get(ZK_CLIENT_PORT_ADDRESS).getOrElse(findLocalInetAddress.getCanonicalHostName)
 
-    zks = new ZooKeeperServer(dataDirectory, dataDirectory, tickTime)
-    zks.setMinSessionTimeout(minSessionTimeout)
-    zks.setMaxSessionTimeout(maxSessionTimeout)
+    try {
+      zks = new ZooKeeperServer(dataDirectory, dataDirectory, tickTime)
+      zks.setMinSessionTimeout(minSessionTimeout)
+      zks.setMaxSessionTimeout(maxSessionTimeout)
 
-    serverFactory = new NIOServerCnxnFactory
-    serverFactory.configure(new InetSocketAddress(host, clientPort), maxClientCnxns)
+      serverFactory = new NIOServerCnxnFactory
+      serverFactory.configure(new InetSocketAddress(host, clientPort), maxClientCnxns)
 
-    super.initialize(conf)
+      super.initialize(conf)
+    } catch {
+      case e: Exception =>
+        throw new RuntimeException(
+          s"Failed to initialize the embedded ZooKeeper server, binding to $host:$clientPort",
+          e)
+    }
   }
 
   override def start(): Unit = synchronized {

From 875add4b79d476c6396b860da1e864e2481d121b Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 14 Aug 2023 09:52:18 +0800
Subject: [PATCH 555/760] [KYUUBI #5152] Check milestone and assignees when
 merging pull request

### _Why are the changes needed?_

- Show prompt if milestone or assignees not set when merging pull requests.
<img width="611" alt="image" src="https://github.com/apache/kyuubi/assets/1935105/4f4df661-14ab-45e4-bcfe-9050549048e6">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5152 from bowenliang123/merge-check.

Closes #5152

3a1731d40 [liangbowen] nit
20eb0e2ad [liangbowen] print
51a268e71 [liangbowen] check and print milestone and assignees of pull requests

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/merge_kyuubi_pr.py | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/dev/merge_kyuubi_pr.py b/dev/merge_kyuubi_pr.py
index cb3696d1f..fe8893748 100755
--- a/dev/merge_kyuubi_pr.py
+++ b/dev/merge_kyuubi_pr.py
@@ -30,9 +30,9 @@
 import re
 import subprocess
 import sys
-from urllib.request import urlopen
-from urllib.request import Request
 from urllib.error import HTTPError
+from urllib.request import Request
+from urllib.request import urlopen
 
 KYUUBI_HOME = os.environ.get("KYUUBI_HOME", os.getcwd())
 PR_REMOTE_NAME = os.environ.get("PR_REMOTE_NAME", "apache")
@@ -248,6 +248,8 @@ def main():
     user_login = pr["user"]["login"]
     base_ref = pr["head"]["ref"]
     pr_repo_desc = "%s/%s" % (user_login, base_ref)
+    assignees = pr["assignees"]
+    milestone = pr["milestone"]
 
     # Merged pull requests don't appear as merged in the GitHub API;
     # Instead, they're closed by asfgit.
@@ -276,6 +278,17 @@ def main():
     print("\n=== Pull Request #%s ===" % pr_num)
     print("title:\t%s\nsource:\t%s\ntarget:\t%s\nurl:\t%s\nbody:\n\n%s" %
           (title, pr_repo_desc, target_ref, url, body))
+
+    if assignees is None or len(assignees)==0:
+        continue_maybe("Assignees have NOT been set. Continue?")
+    else:
+        print("assignees: %s" % [assignee["login"] for assignee in assignees])
+
+    if milestone is None:
+        continue_maybe("Milestone has NOT been set. Continue?")
+    else:
+        print("milestone: %s" % milestone["title"])
+
     continue_maybe("Proceed with merging pull request #%s?" % pr_num)
 
     merged_refs = [target_ref]

From 9dcb61e00dedfd5fea166c7f01b4727c6082f85d Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Mon, 14 Aug 2023 17:26:55 +0800
Subject: [PATCH 556/760] [KYUUBI #5153] [DOC] Minor change w/ to with

### _Why are the changes needed?_

Correct a typo in this doc
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5153 from zhaohehuhu/Improvement-0810.

Closes #5153

b2b593d94 [hezhao2] Update quick start hive jdbc instruction

Authored-by: hezhao2 <hezhao2@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start_with_jdbc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start_with_jdbc.md b/docs/quick_start/quick_start_with_jdbc.md
index 862e22fa1..e6f4f7052 100644
--- a/docs/quick_start/quick_start_with_jdbc.md
+++ b/docs/quick_start/quick_start_with_jdbc.md
@@ -19,7 +19,7 @@
 
 ## How to get the Kyuubi JDBC driver
 
-Kyuubi Thrift API is fully compatible w/ HiveServer2, so technically, it allows to use any Hive JDBC driver to connect
+Kyuubi Thrift API is fully compatible with HiveServer2, so technically, it allows to use any Hive JDBC driver to connect
 Kyuubi Server. But it's recommended to use [Kyuubi Hive JDBC driver](../client/jdbc/kyuubi_jdbc), which is forked from
 Hive 3.1.x JDBC driver, aims to support some missing functionalities of the original Hive JDBC driver.
 

From 938384c2259b361cdf1b3bba81f615064289817c Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 15 Aug 2023 08:29:07 +0800
Subject: [PATCH 557/760] [KYUUBI #5121] Extract dev scripts for regenerating
 the golden files

### _Why are the changes needed?_

- extract development scripts for regenerating and verifying  the golden files

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5121 from bowenliang123/gen-golden.

Closes #5121

a8fb20046 [liangbowen] add golden result file path hint in comment
444e5aff9 [liangbowen] nit
eec4fe84f [liangbowen] use the generation scripts for running test suites.
5a97785e6 [liangbowen] fix class name in gen_ranger_spec_json.sh
3be9aacf5 [liangbowen] comments
32993de43 [liangbowen] comments
ca0090909 [liangbowen] update scripts
6439ad3e9 [liangbowen] update scripts
f26d77935 [liangbowen] add scripts for golden files' generation

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/gen/gen_all_config_docs.sh                | 27 +++++++++++++++++++
 dev/gen/gen_kdf.sh                            | 26 ++++++++++++++++++
 dev/gen/gen_ranger_policy_json.sh             | 27 +++++++++++++++++++
 dev/gen/gen_ranger_spec_json.sh               | 27 +++++++++++++++++++
 dev/gen/gen_tpcds_output_schema.sh            | 27 +++++++++++++++++++
 dev/gen/gen_tpcds_queries.sh                  | 27 +++++++++++++++++++
 dev/gen/gen_tpch_queries.sh                   | 27 +++++++++++++++++++
 .../authz/gen/PolicyJsonFileGenerator.scala   | 14 +++++-----
 .../authz/gen/JsonSpecFileGenerator.scala     | 14 +++++-----
 .../connector/tpcds/TPCDSQuerySuite.scala     | 10 ++-----
 .../spark/connector/tpch/TPCHQuerySuite.scala | 10 ++-----
 .../udf/KyuubiDefinedFunctionSuite.scala      |  4 +--
 .../config/AllKyuubiConfiguration.scala       |  4 +--
 .../tpcds/OutputSchemaTPCDSSuite.scala        |  8 ++----
 14 files changed, 212 insertions(+), 40 deletions(-)
 create mode 100755 dev/gen/gen_all_config_docs.sh
 create mode 100755 dev/gen/gen_kdf.sh
 create mode 100755 dev/gen/gen_ranger_policy_json.sh
 create mode 100755 dev/gen/gen_ranger_spec_json.sh
 create mode 100755 dev/gen/gen_tpcds_output_schema.sh
 create mode 100755 dev/gen/gen_tpcds_queries.sh
 create mode 100755 dev/gen/gen_tpch_queries.sh

diff --git a/dev/gen/gen_all_config_docs.sh b/dev/gen/gen_all_config_docs.sh
new file mode 100755
index 000000000..2a5dca7f9
--- /dev/null
+++ b/dev/gen/gen_all_config_docs.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# docs/deployment/settings.md
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean test \
+  -pl kyuubi-server -am \
+  -Pflink-provided,spark-provided,hive-provided \
+  -Dtest=none \
+  -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
diff --git a/dev/gen/gen_kdf.sh b/dev/gen/gen_kdf.sh
new file mode 100755
index 000000000..a10a31afc
--- /dev/null
+++ b/dev/gen/gen_kdf.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# docs/sql/functions.md
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean test \
+  -pl externals/kyuubi-spark-sql-engine -am \
+  -Pflink-provided,spark-provided,hive-provided \
+  -DwildcardSuites=org.apache.kyuubi.engine.spark.udf.KyuubiDefinedFunctionSuite
diff --git a/dev/gen/gen_ranger_policy_json.sh b/dev/gen/gen_ranger_policy_json.sh
new file mode 100755
index 000000000..1f4193d3e
--- /dev/null
+++ b/dev/gen/gen_ranger_policy_json.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean test \
+  -pl extensions/spark/kyuubi-spark-authz \
+  -Pgen-policy \
+  -Dtest=none \
+  -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
diff --git a/dev/gen/gen_ranger_spec_json.sh b/dev/gen/gen_ranger_spec_json.sh
new file mode 100755
index 000000000..e00857f8f
--- /dev/null
+++ b/dev/gen/gen_ranger_spec_json.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# extensions/spark/kyuubi-spark-authz/src/main/resources/*_spec.json
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean test \
+  -pl extensions/spark/kyuubi-spark-authz \
+  -Pgen-policy \
+  -Dtest=none \
+  -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator
diff --git a/dev/gen/gen_tpcds_output_schema.sh b/dev/gen/gen_tpcds_output_schema.sh
new file mode 100755
index 000000000..49f8d7798
--- /dev/null
+++ b/dev/gen/gen_tpcds_output_schema.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# extensions/spark/kyuubi-spark-authz/src/test/resources/*.output.schema
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean install \
+  -pl kyuubi-server -am \
+  -Dmaven.plugin.scalatest.exclude.tags="" \
+  -Dtest=none \
+  -DwildcardSuites=org.apache.kyuubi.operation.tpcds.OutputSchemaTPCDSSuite
diff --git a/dev/gen/gen_tpcds_queries.sh b/dev/gen/gen_tpcds_queries.sh
new file mode 100755
index 000000000..07f075b7a
--- /dev/null
+++ b/dev/gen/gen_tpcds_queries.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# kyuubi-spark-connector-tpcds/src/main/resources/kyuubi/tpcds_*/*.sql
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean install \
+  -pl extensions/spark/kyuubi-spark-connector-tpcds -am \
+  -Dmaven.plugin.scalatest.exclude.tags="" \
+  -Dtest=none \
+  -DwildcardSuites=org.apache.kyuubi.spark.connector.tpcds.TPCDSQuerySuite
diff --git a/dev/gen/gen_tpch_queries.sh b/dev/gen/gen_tpch_queries.sh
new file mode 100755
index 000000000..d0c65256f
--- /dev/null
+++ b/dev/gen/gen_tpch_queries.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# kyuubi-spark-connector-tpcds/src/main/resources/kyuubi/tpcdh_*/*.sql
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean install \
+  -pl extensions/spark/kyuubi-spark-connector-tpch -am \
+  -Dmaven.plugin.scalatest.exclude.tags="" \
+  -Dtest=none \
+  -DwildcardSuites=org.apache.kyuubi.spark.connector.tpch.TPCHQuerySuite
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
index e53d77197..981635a17 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -42,12 +42,14 @@ import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions._
  * Generates the policy file to test/main/resources dir.
  *
  * To run the test suite:
- * build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
- * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
+ * {{{
+ *   KYUUBI_UPDATE=0 dev/gen/gen_ranger_policy_json.sh
+ * }}}
  *
  * To regenerate the ranger policy file:
- * KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
- * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator
+ * {{{
+ *   dev/gen/gen_ranger_policy_json.sh
+ * }}}
  */
 class PolicyJsonFileGenerator extends AnyFunSuite {
   // scalastyle:on
@@ -78,9 +80,7 @@ class PolicyJsonFileGenerator extends AnyFunSuite {
       val existedFileContent =
         FileUtils.readFileToString(policyFilePath.toFile, StandardCharsets.UTF_8)
       withClue("Please regenerate the ranger policy file by running"
-        + "`KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy"
-        + " -pl :kyuubi-spark-authz_2.12 -Dtest=none"
-        + " -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.PolicyJsonFileGenerator`.") {
+        + " `dev/gen/gen_ranger_policy_json.sh`") {
         assert(generatedStr.equals(existedFileContent))
       }
     }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index c95685f34..b10904c1e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -30,12 +30,14 @@ import org.apache.kyuubi.plugin.spark.authz.serde.{mapper, CommandSpec}
  * Generates the default command specs to src/main/resources dir.
  *
  * To run the test suite:
- * build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
- * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator
+ * {{{
+ *   KYUUBI_UPDATE=0 dev/gen/gen_ranger_spec_json.sh
+ * }}}
  *
  * To regenerate the ranger policy file:
- * KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy -pl :kyuubi-spark-authz_2.12 -Dtest=none
- * -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator
+ * {{{
+ *   dev/gen/gen_ranger_spec_json.sh
+ * }}}
  */
 
 class JsonSpecFileGenerator extends AnyFunSuite {
@@ -71,9 +73,7 @@ class JsonSpecFileGenerator extends AnyFunSuite {
       val existedFileContent =
         FileUtils.readFileToString(filePath.toFile, StandardCharsets.UTF_8)
       withClue(s"Check $filename failed. Please regenerate the ranger policy file by running"
-        + "`KYUUBI_UPDATE=1 build/mvn clean test -Pgen-policy"
-        + " -pl :kyuubi-spark-authz_2.12 -Dtest=none"
-        + " -DwildcardSuites=org.apache.kyuubi.plugin.spark.authz.gen.JsonSpecFileGenerator`.") {
+        + " `dev/gen/gen_ranger_spec_json.sh`.") {
         assert(generatedStr.equals(existedFileContent))
       }
     }
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala
index 83679989a..d566e12a4 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala
@@ -32,18 +32,12 @@ import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSessi
 /**
  * To run this test suite:
  * {{{
- *   build/mvn clean install \
- *     -pl extensions/spark/kyuubi-spark-connector-tpcds -am \
- *     -Dmaven.plugin.scalatest.exclude.tags="" \
- *     -Dtest=none -DwildcardSuites=org.apache.kyuubi.spark.connector.tpcds.TPCDSQuerySuite
+ *   KYUUBI_UPDATE=0 dev/gen/gen_tpcds_queries.sh
  * }}}
  *
  * To re-generate golden files for this suite:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean install \
- *     -pl extensions/spark/kyuubi-spark-connector-tpcds -am \
- *     -Dmaven.plugin.scalatest.exclude.tags="" \
- *     -Dtest=none -DwildcardSuites=org.apache.kyuubi.spark.connector.tpcds.TPCDSQuerySuite
+ *   dev/gen/gen_tpcds_queries.sh
  * }}}
  */
 // scalastyle:on line.size.limit
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
index 88495f037..ce119f806 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
@@ -32,18 +32,12 @@ import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSessi
 /**
  * To run this test suite:
  * {{{
- *   build/mvn clean install \
- *     -pl extensions/spark/kyuubi-spark-connector-tpch -am \
- *     -Dmaven.plugin.scalatest.exclude.tags="" \
- *     -Dtest=none -DwildcardSuites=org.apache.kyuubi.spark.connector.tpch.TPCHQuerySuite
+ *   KYUUBI_UPDATE=0 dev/gen/gen_tpcdh_queries.sh
  * }}}
  *
  * To re-generate golden files for this suite:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean install \
- *     -pl extensions/spark/kyuubi-spark-connector-tpch -am \
- *     -Dmaven.plugin.scalatest.exclude.tags="" \
- *     -Dtest=none -DwildcardSuites=org.apache.kyuubi.spark.connector.tpch.TPCHQuerySuite
+ *   dev/gen/gen_tpcdh_queries.sh
  * }}}
  */
 // scalastyle:on line.size.limit
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
index 72f0a198b..7387a7e9b 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
@@ -28,12 +28,12 @@ import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
  *
  * To run the entire test suite:
  * {{{
- *   build/mvn clean test -pl externals/kyuubi-spark-sql-engine -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.engine.spark.udf.KyuubiDefinedFunctionSuite
+ *   KYUUBI_UPDATE=0 dev/gen/gen_kdf.sh
  * }}}
  *
  * To re-generate golden files for entire suite, run:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean test -pl externals/kyuubi-spark-sql-engine -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.engine.spark.udf.KyuubiDefinedFunctionSuite
+ *   dev/gen/gen_kdf.sh
  * }}}
  */
 // scalastyle:on line.size.limit
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 1f4c9e171..0a5329988 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -35,12 +35,12 @@ import org.apache.kyuubi.zookeeper.ZookeeperConf
  *
  * To run the entire test suite:
  * {{{
- *   build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -Dtest=none -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
+ *   KYUUBI_UPDATE=0 dev/gen/gen_all_config_docs.sh
  * }}}
  *
  * To re-generate golden files for entire suite, run:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -Dtest=none -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration
+ *   dev/gen/gen_all_config_docs.sh
  * }}}
  */
 // scalastyle:on line.size.limit
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala
index 80ed6bb17..d17623fcf 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala
@@ -31,16 +31,12 @@ import org.apache.kyuubi.tags.DeltaTest
 /**
  * To run this test suite:
  * {{{
- *   build/mvn clean install \
- *     -Dmaven.plugin.scalatest.exclude.tags="" \
- *     -Dtest=none -DwildcardSuites=org.apache.kyuubi.operation.tpcds.OutputSchemaTPCDSSuite
+ *   KYUUBI_UPDATE=0 dev/gen/gen_tpcds_output_schema.sh
  * }}}
  *
  * To re-generate golden files for this suite:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean install \
- *     -Dmaven.plugin.scalatest.exclude.tags="" \
- *     -Dtest=none -DwildcardSuites=org.apache.kyuubi.operation.tpcds.OutputSchemaTPCDSSuite
+ *   dev/gen/gen_tpcds_output_schema.sh
  * }}}
  */
 // scalastyle:on line.size.limit

From 14d0dab697c314366750b8b80de057aee0155ffd Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Tue, 15 Aug 2023 16:06:10 +0800
Subject: [PATCH 558/760] [KYUUBI #5160] Refactor getNextRowSetInternal to
 support fetch streaming data

### _Why are the changes needed?_
Currently, `getNextRowSetInternal` returns `TRowSet` which is not friendly to explicit EOS in streaming result fetch.

This PR changes the return type to `TFetchResultsResp` to allow the engines to determine the EOS.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5160 from link3280/refactor_result.

Closes #5160

09822f2ee [Paul Lin] Fix hasMoreRows missing
c94907e2b [Paul Lin] Explicitly set `resp.setHasMoreRows(false)` for operations
4d193fb1d [Paul Lin] Revert unrelated changes in FlinkOperation
ffd0367b3 [Paul Lin] Refactor getNextRowSetInternal to support fetch streaming data

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../engine/chat/operation/ChatOperation.scala |  9 +++++--
 .../flink/operation/FlinkOperation.scala      | 11 +++++---
 .../engine/hive/operation/HiveOperation.scala | 19 +++++++++----
 .../hive/operation/HiveOperationManager.scala |  4 +--
 .../engine/jdbc/operation/JdbcOperation.scala | 11 +++++---
 .../spark/operation/SparkOperation.scala      | 11 +++++---
 .../trino/operation/ExecuteStatement.scala    | 11 +++++---
 .../trino/operation/TrinoOperation.scala      | 11 +++++---
 .../kyuubi/operation/AbstractOperation.scala  | 11 ++++----
 .../kyuubi/operation/FetchIterator.scala      |  2 +-
 .../apache/kyuubi/operation/Operation.scala   |  4 +--
 .../kyuubi/operation/OperationManager.scala   | 10 ++++---
 .../service/AbstractBackendService.scala      |  2 +-
 .../kyuubi/service/BackendService.scala       |  2 +-
 .../kyuubi/service/TFrontendService.scala     |  9 +++----
 .../kyuubi/session/AbstractSession.scala      |  2 +-
 .../org/apache/kyuubi/session/Session.scala   |  4 +--
 .../kyuubi/operation/NoopOperation.scala      | 11 +++++---
 .../operation/NoopOperationManager.scala      |  9 ++++---
 .../jdbc/hive/KyuubiQueryResultSet.java       | 27 ++++++++++++-------
 .../operation/ExecutedCommandExec.scala       | 12 ++++++---
 .../KyuubiApplicationOperation.scala          | 12 ++++++---
 .../kyuubi/operation/KyuubiOperation.scala    | 10 +++++--
 .../operation/KyuubiOperationManager.scala    | 11 +++++---
 .../kyuubi/server/BackendServiceMetric.scala  |  7 ++---
 .../server/api/v1/OperationsResource.scala    |  6 +++--
 .../server/mysql/MySQLCommandHandler.scala    |  3 ++-
 .../kyuubi/server/trino/api/Query.scala       |  2 +-
 .../kyuubi/WithKyuubiServerOnYarn.scala       |  2 +-
 .../server/trino/api/TrinoContextSuite.scala  |  4 +--
 30 files changed, 166 insertions(+), 83 deletions(-)

diff --git a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
index 3ae21aa9f..b0b1806f8 100644
--- a/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
+++ b/externals/kyuubi-chat-engine/src/main/scala/org/apache/kyuubi/engine/chat/operation/ChatOperation.scala
@@ -31,7 +31,9 @@ abstract class ChatOperation(session: Session) extends AbstractOperation(session
 
   protected lazy val conf: KyuubiConf = session.sessionManager.getConf
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
@@ -47,7 +49,10 @@ abstract class ChatOperation(session: Session) extends AbstractOperation(session
     val taken = iter.take(rowSetSize)
     val resultRowSet = RowSet.toTRowSet(taken.toSeq, 1, getProtocolVersion)
     resultRowSet.setStartRowOffset(iter.getPosition)
-    resultRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(resultRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def cancel(): Unit = {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
index ef80034d3..5a79d2c0e 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
@@ -25,7 +25,7 @@ import scala.collection.JavaConverters.collectionAsScalaIterableConverter
 import org.apache.flink.configuration.Configuration
 import org.apache.flink.table.gateway.service.context.SessionContext
 import org.apache.flink.table.gateway.service.operation.OperationExecutor
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet, TTableSchema}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp, TTableSchema}
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
 import org.apache.kyuubi.engine.flink.result.ResultSet
@@ -91,7 +91,9 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
     resp
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
@@ -112,7 +114,10 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
       zoneId,
       getProtocolVersion)
     resultRowSet.setStartRowOffset(resultSet.getData.getPosition)
-    resultRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(resultRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def shouldRunAsync: Boolean = false
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
index c7166356d..9759fa00b 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperation.scala
@@ -21,7 +21,7 @@ import java.util.concurrent.Future
 
 import org.apache.hive.service.cli.operation.{Operation, OperationManager}
 import org.apache.hive.service.cli.session.{HiveSession, SessionManager => HiveSessionManager}
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp}
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
@@ -95,22 +95,31 @@ abstract class HiveOperation(session: Session) extends AbstractOperation(session
     resp
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     val tOrder = FetchOrientation.toTFetchOrientation(order)
     val hiveOrder = org.apache.hive.service.cli.FetchOrientation.getFetchOrientation(tOrder)
     val rowSet = internalHiveOperation.getNextRowSet(hiveOrder, rowSetSize)
-    rowSet.toTRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(rowSet.toTRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
-  def getOperationLogRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  def getOperationLogRowSet(order: FetchOrientation, rowSetSize: Int): TFetchResultsResp = {
     val tOrder = FetchOrientation.toTFetchOrientation(order)
     val hiveOrder = org.apache.hive.service.cli.FetchOrientation.getFetchOrientation(tOrder)
     val handle = internalHiveOperation.getHandle
-    delegatedOperationManager.getOperationLogRowSet(
+    val rowSet = delegatedOperationManager.getOperationLogRowSet(
       handle,
       hiveOrder,
       rowSetSize,
       hive.getHiveConf).toTRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(rowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def isTimedOut: Boolean = internalHiveOperation.isTimedOut(System.currentTimeMillis)
diff --git a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationManager.scala b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationManager.scala
index 0762a2938..4e41e742e 100644
--- a/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationManager.scala
+++ b/externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/operation/HiveOperationManager.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.engine.hive.operation
 import java.util.List
 
 import org.apache.hadoop.hive.conf.HiveConf.ConfVars
-import org.apache.hive.service.rpc.thrift.TRowSet
+import org.apache.hive.service.rpc.thrift.TFetchResultsResp
 
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.engine.hive.session.HiveSessionImpl
@@ -154,7 +154,7 @@ class HiveOperationManager() extends OperationManager("HiveOperationManager") {
   override def getOperationLogRowSet(
       opHandle: OperationHandle,
       order: FetchOrientation,
-      maxRows: Int): TRowSet = {
+      maxRows: Int): TFetchResultsResp = {
     val operation = getOperation(opHandle).asInstanceOf[HiveOperation]
     operation.getOperationLogRowSet(order, maxRows)
   }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
index 1c4e0c57f..2ca173757 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/operation/JdbcOperation.scala
@@ -16,7 +16,7 @@
  */
 package org.apache.kyuubi.engine.jdbc.operation
 
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp, TRowSet}
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
@@ -36,7 +36,9 @@ abstract class JdbcOperation(session: Session) extends AbstractOperation(session
 
   protected lazy val dialect: JdbcDialect = JdbcDialects.get(conf)
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
@@ -51,7 +53,10 @@ abstract class JdbcOperation(session: Session) extends AbstractOperation(session
     val taken = iter.take(rowSetSize)
     val resultRowSet = toTRowSet(taken)
     resultRowSet.setStartRowOffset(iter.getPosition)
-    resultRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(resultRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def cancel(): Unit = {
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index 5062a4904..782f443df 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.engine.spark.operation
 import java.io.IOException
 import java.time.ZoneId
 
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TProgressUpdateResp, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp, TProgressUpdateResp, TRowSet}
 import org.apache.spark.kyuubi.{SparkProgressMonitor, SQLOperationListener}
 import org.apache.spark.kyuubi.SparkUtilsHelper.redact
 import org.apache.spark.sql.{DataFrame, Row, SparkSession}
@@ -233,7 +233,9 @@ abstract class SparkOperation(session: Session)
     resp
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     var resultRowSet: TRowSet = null
     try {
       withLocalProperties {
@@ -264,7 +266,10 @@ abstract class SparkOperation(session: Session)
       }
     } catch onError(cancel = true)
 
-    resultRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(resultRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def shouldRunAsync: Boolean = false
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala
index 405c93b0b..3e7cce80c 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/ExecuteStatement.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine.trino.operation
 
 import java.util.concurrent.RejectedExecutionException
 
-import org.apache.hive.service.rpc.thrift.TRowSet
+import org.apache.hive.service.rpc.thrift.TFetchResultsResp
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging}
 import org.apache.kyuubi.engine.trino.TrinoStatement
@@ -82,7 +82,9 @@ class ExecuteStatement(
     }
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
@@ -97,7 +99,10 @@ class ExecuteStatement(
     val taken = iter.take(rowSetSize)
     val resultRowSet = RowSet.toTRowSet(taken.toList, schema, getProtocolVersion)
     resultRowSet.setStartRowOffset(iter.getPosition)
-    resultRowSet
+    val fetchResultsResp = new TFetchResultsResp(OK_STATUS)
+    fetchResultsResp.setResults(resultRowSet)
+    fetchResultsResp.setHasMoreRows(false)
+    fetchResultsResp
   }
 
   private def executeStatement(trinoStatement: TrinoStatement): Unit = {
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
index 20153b84f..11eaa1bc1 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/operation/TrinoOperation.scala
@@ -21,7 +21,7 @@ import java.io.IOException
 
 import io.trino.client.Column
 import io.trino.client.StatementClient
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp}
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.Utils
@@ -54,7 +54,9 @@ abstract class TrinoOperation(session: Session) extends AbstractOperation(sessio
     resp
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
@@ -66,7 +68,10 @@ abstract class TrinoOperation(session: Session) extends AbstractOperation(sessio
     val taken = iter.take(rowSetSize)
     val resultRowSet = RowSet.toTRowSet(taken.toList, schema, getProtocolVersion)
     resultRowSet.setStartRowOffset(iter.getPosition)
-    resultRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(resultRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override protected def beforeRun(): Unit = {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
index 94f53111d..0a185b942 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/AbstractOperation.scala
@@ -23,7 +23,7 @@ import java.util.concurrent.locks.ReentrantLock
 import scala.collection.JavaConverters._
 
 import org.apache.commons.lang3.StringUtils
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TProgressUpdateResp, TProtocolVersion, TRowSet, TStatus, TStatusCode}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp, TProgressUpdateResp, TProtocolVersion, TStatus, TStatusCode}
 
 import org.apache.kyuubi.{KyuubiSQLException, Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_IDLE_TIMEOUT
@@ -182,11 +182,12 @@ abstract class AbstractOperation(session: Session) extends Operation with Loggin
 
   override def getResultSetMetadata: TGetResultSetMetadataResp
 
-  def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet
+  def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TFetchResultsResp
 
-  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet = withLockRequired {
-    getNextRowSetInternal(order, rowSetSize)
-  }
+  override def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TFetchResultsResp =
+    withLockRequired {
+      getNextRowSetInternal(order, rowSetSize)
+    }
 
   /**
    * convert SQL 'like' pattern to a Java regular expression.
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/FetchIterator.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/FetchIterator.scala
index fdada1174..ada155887 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/FetchIterator.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/FetchIterator.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.operation
 /**
  * Borrowed from Apache Spark, see SPARK-33655
  */
-sealed trait FetchIterator[A] extends Iterator[A] {
+trait FetchIterator[A] extends Iterator[A] {
 
   /**
    * Begin a fetch block, forward from the current position.
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/Operation.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/Operation.scala
index 6f496c9b8..c20a16f61 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/Operation.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/Operation.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.operation
 
 import java.util.concurrent.Future
 
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp}
 
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.operation.log.OperationLog
@@ -32,7 +32,7 @@ trait Operation {
   def close(): Unit
 
   def getResultSetMetadata: TGetResultSetMetadataResp
-  def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TRowSet
+  def getNextRowSet(order: FetchOrientation, rowSetSize: Int): TFetchResultsResp
 
   def getSession: Session
   def getHandle: OperationHandle
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
index 3093bcfbe..38dabcc1a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/OperationManager.scala
@@ -137,18 +137,22 @@ abstract class OperationManager(name: String) extends AbstractService(name) {
   final def getOperationNextRowSet(
       opHandle: OperationHandle,
       order: FetchOrientation,
-      maxRows: Int): TRowSet = {
+      maxRows: Int): TFetchResultsResp = {
     getOperation(opHandle).getNextRowSet(order, maxRows)
   }
 
   def getOperationLogRowSet(
       opHandle: OperationHandle,
       order: FetchOrientation,
-      maxRows: Int): TRowSet = {
+      maxRows: Int): TFetchResultsResp = {
     val operationLog = getOperation(opHandle).getOperationLog
-    operationLog.map(_.read(order, maxRows)).getOrElse {
+    val rowSet = operationLog.map(_.read(order, maxRows)).getOrElse {
       throw KyuubiSQLException(s"$opHandle failed to generate operation log")
     }
+    val resp = new TFetchResultsResp(new TStatus(TStatusCode.SUCCESS_STATUS))
+    resp.setResults(rowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   final def removeExpiredOperations(handles: Seq[OperationHandle]): Seq[Operation] = synchronized {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
index 171e04901..443b35354 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/AbstractBackendService.scala
@@ -201,7 +201,7 @@ abstract class AbstractBackendService(name: String)
       operationHandle: OperationHandle,
       orientation: FetchOrientation,
       maxRows: Int,
-      fetchLog: Boolean): TRowSet = {
+      fetchLog: Boolean): TFetchResultsResp = {
     maxRowsLimit.foreach(limit =>
       if (maxRows > limit) {
         throw new IllegalArgumentException(s"Max rows for fetching results " +
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala
index 968a94197..85df9024c 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/BackendService.scala
@@ -101,7 +101,7 @@ trait BackendService {
       operationHandle: OperationHandle,
       orientation: FetchOrientation,
       maxRows: Int,
-      fetchLog: Boolean): TRowSet
+      fetchLog: Boolean): TFetchResultsResp
 
   def sessionManager: SessionManager
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
index aa012ab56..7cc23779f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TFrontendService.scala
@@ -520,23 +520,20 @@ abstract class TFrontendService(name: String)
 
   override def FetchResults(req: TFetchResultsReq): TFetchResultsResp = {
     debug(req.toString)
-    val resp = new TFetchResultsResp
     try {
       val operationHandle = OperationHandle(req.getOperationHandle)
       val orientation = FetchOrientation.getFetchOrientation(req.getOrientation)
       // 1 means fetching log
       val fetchLog = req.getFetchType == 1
       val maxRows = req.getMaxRows.toInt
-      val rowSet = be.fetchResults(operationHandle, orientation, maxRows, fetchLog)
-      resp.setResults(rowSet)
-      resp.setHasMoreRows(false)
-      resp.setStatus(OK_STATUS)
+      be.fetchResults(operationHandle, orientation, maxRows, fetchLog)
     } catch {
       case e: Exception =>
         error("Error fetching results: ", e)
+        val resp = new TFetchResultsResp
         resp.setStatus(KyuubiSQLException.toTStatus(e))
+        resp
     }
-    resp
   }
 
   protected def notSupportTokenErrorStatus = {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/AbstractSession.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/AbstractSession.scala
index 1a8c51ccd..a9e33f5a0 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/AbstractSession.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/AbstractSession.scala
@@ -233,7 +233,7 @@ abstract class AbstractSession(
       operationHandle: OperationHandle,
       orientation: FetchOrientation,
       maxRows: Int,
-      fetchLog: Boolean): TRowSet = {
+      fetchLog: Boolean): TFetchResultsResp = {
     if (fetchLog) {
       sessionManager.operationManager.getOperationLogRowSet(operationHandle, orientation, maxRows)
     } else {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/Session.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/Session.scala
index bc9f9a8f6..2cdac9f3a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/Session.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/Session.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.session
 
-import org.apache.hive.service.rpc.thrift.{TGetInfoType, TGetInfoValue, TGetResultSetMetadataResp, TProtocolVersion, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetInfoType, TGetInfoValue, TGetResultSetMetadataResp, TProtocolVersion}
 
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.operation.OperationHandle
@@ -91,7 +91,7 @@ trait Session {
       operationHandle: OperationHandle,
       orientation: FetchOrientation,
       maxRows: Int,
-      fetchLog: Boolean): TRowSet
+      fetchLog: Boolean): TFetchResultsResp
 
   def closeExpiredOperations(): Unit
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala
index 4093d1fca..c369e00ef 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperation.scala
@@ -21,7 +21,7 @@ import java.nio.ByteBuffer
 
 import scala.collection.JavaConverters._
 
-import org.apache.hive.service.rpc.thrift.{TColumn, TColumnDesc, TGetResultSetMetadataResp, TPrimitiveTypeEntry, TRowSet, TStringColumn, TTableSchema, TTypeDesc, TTypeEntry, TTypeId}
+import org.apache.hive.service.rpc.thrift.{TColumn, TColumnDesc, TFetchResultsResp, TGetResultSetMetadataResp, TPrimitiveTypeEntry, TStringColumn, TTableSchema, TTypeDesc, TTypeEntry, TTypeId}
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
@@ -76,11 +76,16 @@ class NoopOperation(session: Session, shouldFail: Boolean = false)
     resp
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     val col = TColumn.stringVal(new TStringColumn(Seq(opType).asJava, ByteBuffer.allocate(0)))
     val tRowSet = ThriftUtils.newEmptyRowSet
     tRowSet.addToColumns(col)
-    tRowSet
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(tRowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def shouldRunAsync: Boolean = false
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperationManager.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperationManager.scala
index 455e5d4d2..352aae905 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperationManager.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/NoopOperationManager.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.operation
 import java.nio.ByteBuffer
 import java.util
 
-import org.apache.hive.service.rpc.thrift.{TColumn, TRow, TRowSet, TStringColumn}
+import org.apache.hive.service.rpc.thrift.{TColumn, TFetchResultsResp, TRow, TRowSet, TStatus, TStatusCode, TStringColumn}
 
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.session.Session
@@ -136,13 +136,16 @@ class NoopOperationManager extends OperationManager("noop") {
   override def getOperationLogRowSet(
       opHandle: OperationHandle,
       order: FetchOrientation,
-      maxRows: Int): TRowSet = {
+      maxRows: Int): TFetchResultsResp = {
     val logs = new util.ArrayList[String]()
     logs.add("test")
     val tColumn = TColumn.stringVal(new TStringColumn(logs, ByteBuffer.allocate(0)))
     val tRow = new TRowSet(0, new util.ArrayList[TRow](logs.size()))
     tRow.addToColumns(tColumn)
-    tRow
+    val resp = new TFetchResultsResp(new TStatus(TStatusCode.SUCCESS_STATUS))
+    resp.setResults(tRow)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def getQueryId(operation: Operation): String = {
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java
index 82ea74a01..242ec7720 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiQueryResultSet.java
@@ -26,6 +26,7 @@
 import org.apache.kyuubi.jdbc.hive.cli.RowSet;
 import org.apache.kyuubi.jdbc.hive.cli.RowSetFactory;
 import org.apache.kyuubi.jdbc.hive.common.HiveDecimal;
+import org.apache.thrift.TException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -47,6 +48,7 @@ public class KyuubiQueryResultSet extends KyuubiBaseResultSet {
   private boolean emptyResultSet = false;
   private boolean isScrollable = false;
   private boolean fetchFirst = false;
+  private boolean hasMoreToFetch = false;
 
   private final TProtocolVersion protocol;
 
@@ -317,25 +319,20 @@ public boolean next() throws SQLException {
     try {
       TFetchOrientation orientation = TFetchOrientation.FETCH_NEXT;
       if (fetchFirst) {
-        // If we are asked to start from begining, clear the current fetched resultset
+        // If we are asked to start from beginning, clear the current fetched resultset
         orientation = TFetchOrientation.FETCH_FIRST;
         fetchedRows = null;
         fetchedRowsItr = null;
         fetchFirst = false;
       }
       if (fetchedRows == null || !fetchedRowsItr.hasNext()) {
-        TFetchResultsReq fetchReq = new TFetchResultsReq(stmtHandle, orientation, fetchSize);
-        TFetchResultsResp fetchResp;
-        fetchResp = client.FetchResults(fetchReq);
-        Utils.verifySuccessWithInfo(fetchResp.getStatus());
-
-        TRowSet results = fetchResp.getResults();
-        fetchedRows = RowSetFactory.create(results, protocol);
-        fetchedRowsItr = fetchedRows.iterator();
+        fetchResult(orientation);
       }
 
       if (fetchedRowsItr.hasNext()) {
         row = fetchedRowsItr.next();
+      } else if (hasMoreToFetch) {
+        fetchResult(orientation);
       } else {
         return false;
       }
@@ -350,6 +347,18 @@ public boolean next() throws SQLException {
     return true;
   }
 
+  private void fetchResult(TFetchOrientation orientation) throws SQLException, TException {
+    TFetchResultsReq fetchReq = new TFetchResultsReq(stmtHandle, orientation, fetchSize);
+    TFetchResultsResp fetchResp;
+    fetchResp = client.FetchResults(fetchReq);
+    Utils.verifySuccessWithInfo(fetchResp.getStatus());
+    hasMoreToFetch = fetchResp.isSetHasMoreRows() && fetchResp.isHasMoreRows();
+
+    TRowSet results = fetchResp.getResults();
+    fetchedRows = RowSetFactory.create(results, protocol);
+    fetchedRowsItr = fetchedRows.iterator();
+  }
+
   @Override
   public ResultSetMetaData getMetaData() throws SQLException {
     if (isClosed) {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala
index 93379da4b..70b727e5e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecutedCommandExec.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.operation
 
-import org.apache.hive.service.rpc.thrift.{TGetResultSetMetadataResp, TRowSet}
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp}
 
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
 import org.apache.kyuubi.operation.log.OperationLog
@@ -67,11 +67,17 @@ class ExecutedCommandExec(
     if (!shouldRunAsync) getBackgroundHandle.get()
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
-    command.getNextRowSet(order, rowSetSize, getProtocolVersion)
+    val rowSet = command.getNextRowSet(order, rowSetSize, getProtocolVersion)
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(rowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def getResultSetMetadata: TGetResultSetMetadataResp = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
index 54cfdfe93..93929c59c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiApplicationOperation.scala
@@ -22,7 +22,7 @@ import java.util.{ArrayList => JArrayList}
 
 import scala.collection.JavaConverters._
 
-import org.apache.hive.service.rpc.thrift.{TColumn, TColumnDesc, TGetResultSetMetadataResp, TPrimitiveTypeEntry, TRow, TRowSet, TStringColumn, TTableSchema, TTypeDesc, TTypeEntry, TTypeId}
+import org.apache.hive.service.rpc.thrift.{TColumn, TColumnDesc, TFetchResultsResp, TGetResultSetMetadataResp, TPrimitiveTypeEntry, TRow, TRowSet, TStringColumn, TTableSchema, TTypeDesc, TTypeEntry, TTypeId}
 
 import org.apache.kyuubi.engine.ApplicationInfo
 import org.apache.kyuubi.operation.FetchOrientation.FetchOrientation
@@ -54,8 +54,11 @@ abstract class KyuubiApplicationOperation(session: Session) extends KyuubiOperat
     resp
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
-    applicationInfoMap.map { state =>
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
+    val resp = new TFetchResultsResp(OK_STATUS)
+    val rowSet = applicationInfoMap.map { state =>
       val tRow = new TRowSet(0, new JArrayList[TRow](state.size))
       Seq(state.keys, state.values.map(Option(_).getOrElse(""))).map(_.toSeq.asJava).foreach {
         col =>
@@ -64,5 +67,8 @@ abstract class KyuubiApplicationOperation(session: Session) extends KyuubiOperat
       }
       tRow
     }.getOrElse(ThriftUtils.EMPTY_ROW_SET)
+    resp.setResults(rowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
index e357b7912..b85fa8b02 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
@@ -179,11 +179,17 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
     }
   }
 
-  override def getNextRowSetInternal(order: FetchOrientation, rowSetSize: Int): TRowSet = {
+  override def getNextRowSetInternal(
+      order: FetchOrientation,
+      rowSetSize: Int): TFetchResultsResp = {
     validateDefaultFetchOrientation(order)
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
-    client.fetchResults(_remoteOpHandle, order, rowSetSize, fetchLog = false)
+    val rowset = client.fetchResults(_remoteOpHandle, order, rowSetSize, fetchLog = false)
+    val resp = new TFetchResultsResp(OK_STATUS)
+    resp.setResults(rowset)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def shouldRunAsync: Boolean = false
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
index 3078401b0..8ae9c91f8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.operation
 
 import java.util.concurrent.TimeUnit
 
-import org.apache.hive.service.rpc.thrift.TRowSet
+import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TStatus, TStatusCode}
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf
@@ -214,11 +214,11 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
   override def getOperationLogRowSet(
       opHandle: OperationHandle,
       order: FetchOrientation,
-      maxRows: Int): TRowSet = {
-
+      maxRows: Int): TFetchResultsResp = {
+    val resp = new TFetchResultsResp(new TStatus(TStatusCode.SUCCESS_STATUS))
     val operation = getOperation(opHandle).asInstanceOf[KyuubiOperation]
     val operationLog = operation.getOperationLog
-    operationLog match {
+    val rowSet = operationLog match {
       case Some(log) => log.read(order, maxRows)
       case None =>
         val remoteHandle = operation.remoteOpHandle()
@@ -229,6 +229,9 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
           ThriftUtils.EMPTY_ROW_SET
         }
     }
+    resp.setResults(rowSet)
+    resp.setHasMoreRows(false)
+    resp
   }
 
   override def start(): Unit = synchronized {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
index 3a92a5ad0..9da4b78c0 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/BackendServiceMetric.scala
@@ -183,9 +183,10 @@ trait BackendServiceMetric extends BackendService {
       operationHandle: OperationHandle,
       orientation: FetchOrientation,
       maxRows: Int,
-      fetchLog: Boolean): TRowSet = {
+      fetchLog: Boolean): TFetchResultsResp = {
     MetricsSystem.timerTracing(MetricsConstants.BS_FETCH_RESULTS) {
-      val rowSet = super.fetchResults(operationHandle, orientation, maxRows, fetchLog)
+      val fetchResultsResp = super.fetchResults(operationHandle, orientation, maxRows, fetchLog)
+      val rowSet = fetchResultsResp.getResults
       // TODO: the statistics are wrong when we enabled the arrow.
       val rowsSize =
         if (rowSet.getColumnsSize > 0) {
@@ -217,7 +218,7 @@ trait BackendServiceMetric extends BackendService {
         operation.increaseFetchResultsCount(rowsSize)
       }
 
-      rowSet
+      fetchResultsResp
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
index ae5feea52..fdde5bbc5 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/OperationsResource.scala
@@ -145,10 +145,11 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
       if (fetchOrientation != "FETCH_NEXT" && fetchOrientation != "FETCH_FIRST") {
         throw new BadRequestException(s"$fetchOrientation in operation log is not supported")
       }
-      val rowSet = fe.be.sessionManager.operationManager.getOperationLogRowSet(
+      val fetchResultsResp = fe.be.sessionManager.operationManager.getOperationLogRowSet(
         OperationHandle(operationHandleStr),
         FetchOrientation.withName(fetchOrientation),
         maxRows)
+      val rowSet = fetchResultsResp.getResults
       val logRowSet = rowSet.getColumns.get(0).getStringVal.getValues.asScala
       new OperationLog(logRowSet.asJava, logRowSet.size)
     } catch {
@@ -175,11 +176,12 @@ private[v1] class OperationsResource extends ApiRequestContext with Logging {
       @QueryParam("fetchorientation") @DefaultValue("FETCH_NEXT")
       fetchOrientation: String): ResultRowSet = {
     try {
-      val rowSet = fe.be.fetchResults(
+      val fetchResultsResp = fe.be.fetchResults(
         OperationHandle(operationHandleStr),
         FetchOrientation.withName(fetchOrientation),
         maxRows,
         fetchLog = false)
+      val rowSet = fetchResultsResp.getResults
       val rows = rowSet.getRows.asScala.map(i => {
         new Row(i.getColVals.asScala.map(i => {
           new Field(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLCommandHandler.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLCommandHandler.scala
index 2f574d904..5f7a07f58 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLCommandHandler.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLCommandHandler.scala
@@ -196,11 +196,12 @@ class MySQLCommandHandler(
           .getOrElse(KyuubiSQLException(s"Error operator state ${opStatus.state}"))
       }
       val resultSetMetadata = be.getResultSetMetadata(opHandle)
-      val rowSet = be.fetchResults(
+      val fetchResultResp = be.fetchResults(
         opHandle,
         FetchOrientation.FETCH_NEXT,
         Int.MaxValue,
         fetchLog = false)
+      val rowSet = fetchResultResp.getResults
       MySQLQueryResult(resultSetMetadata.getSchema, rowSet)
     } catch {
       case rethrow: Exception =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
index 4e768b04a..dc9de4ae2 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/trino/api/Query.scala
@@ -69,7 +69,7 @@ case class Query(
           queryId.operationHandle,
           defaultFetchOrientation,
           defaultMaxRows,
-          false)
+          false).getResults
         TrinoContext.createQueryResults(
           queryId.getQueryId,
           nextUri,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index 68d95dc80..1826760db 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -151,7 +151,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
     }
 
     val resultColumns = batchJobSubmissionOp.getNextRowSet(FetchOrientation.FETCH_NEXT, 10)
-      .getColumns.asScala
+      .getResults.getColumns.asScala
 
     val keys = resultColumns.head.getStringVal.getValues.asScala
     val values = resultColumns.apply(1).getStringVal.getValues.asScala
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
index 87c8eda96..6c5a01e46 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/trino/api/TrinoContextSuite.scala
@@ -84,7 +84,7 @@ class TrinoContextSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     checkOpState(opHandleStr, FINISHED)
 
     val metadataResp = fe.be.getResultSetMetadata(opHandle)
-    val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false)
+    val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false).getResults
     val status = fe.be.getOperationStatus(opHandle, Some(0))
 
     val uri = new URI("sfdsfsdfdsf")
@@ -111,7 +111,7 @@ class TrinoContextSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     checkOpState(opHandleStr, FINISHED)
 
     val metadataResp = fe.be.getResultSetMetadata(opHandle)
-    val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false)
+    val tRowSet = fe.be.fetchResults(opHandle, FetchOrientation.FETCH_NEXT, 1000, false).getResults
     val status = fe.be.getOperationStatus(opHandle, Some(0))
 
     val uri = new URI("sfdsfsdfdsf")

From 4e4a4e11538dfe6a490368a214bf019af6b4dd2c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 16 Aug 2023 01:53:51 +0800
Subject: [PATCH 559/760] [KYUUBI #5158] Allow embedded Zookeeper binding IP
 address

### _Why are the changes needed?_

This PR provides a new configuration `kyuubi.zookeeper.embedded.client.use.hostname` to control whether use hostname or IP address on binding, to improve the out-of-box experience of K8s case, similar to `kyuubi.frontend.connection.url.use.hostname`.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5158 from pan3793/zk-ip.

Closes #5158

260dae987 [Cheng Pan] nit
3ac0c430e [Cheng Pan] doc
de50f65e8 [Cheng Pan] false
890b13bd9 [Cheng Pan] Allow embedded Zookeeper binding IP address

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                | 25 ++++++++++---------
 .../kyuubi/zookeeper/EmbeddedZookeeper.scala  |  8 +++++-
 .../kyuubi/zookeeper/ZookeeperConf.scala      |  7 ++++++
 3 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 77e1d6dee..928ff0ab8 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -453,18 +453,19 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Zookeeper
 
-|                       Key                        |      Default       |                                                                                 Meaning                                                                                  |  Type  | Since |
-|--------------------------------------------------|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------|
-| kyuubi.zookeeper.embedded.client.port            | 2181               | clientPort for the embedded ZooKeeper server to listen for client connections, a client here could be Kyuubi server, engine, and JDBC client                             | int    | 1.2.0 |
-| kyuubi.zookeeper.embedded.client.port.address    | &lt;undefined&gt;  | clientPortAddress for the embedded ZooKeeper server to                                                                                                                   | string | 1.2.0 |
-| kyuubi.zookeeper.embedded.data.dir               | embedded_zookeeper | dataDir for the embedded zookeeper server where stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database. | string | 1.2.0 |
-| kyuubi.zookeeper.embedded.data.log.dir           | embedded_zookeeper | dataLogDir for the embedded ZooKeeper server where writes the transaction log .                                                                                          | string | 1.2.0 |
-| kyuubi.zookeeper.embedded.directory              | embedded_zookeeper | The temporary directory for the embedded ZooKeeper server                                                                                                                | string | 1.0.0 |
-| kyuubi.zookeeper.embedded.max.client.connections | 120                | maxClientCnxns for the embedded ZooKeeper server to limit the number of concurrent connections of a single client identified by IP address                               | int    | 1.2.0 |
-| kyuubi.zookeeper.embedded.max.session.timeout    | 60000              | maxSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 20 times the tickTime                                | int    | 1.2.0 |
-| kyuubi.zookeeper.embedded.min.session.timeout    | 6000               | minSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 2 times the tickTime                                 | int    | 1.2.0 |
-| kyuubi.zookeeper.embedded.port                   | 2181               | The port of the embedded ZooKeeper server                                                                                                                                | int    | 1.0.0 |
-| kyuubi.zookeeper.embedded.tick.time              | 3000               | tickTime in milliseconds for the embedded ZooKeeper server                                                                                                               | int    | 1.2.0 |
+|                       Key                        |      Default       |                                                                                 Meaning                                                                                  |  Type   | Since |
+|--------------------------------------------------|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|-------|
+| kyuubi.zookeeper.embedded.client.port            | 2181               | clientPort for the embedded ZooKeeper server to listen for client connections, a client here could be Kyuubi server, engine, and JDBC client                             | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.client.port.address    | &lt;undefined&gt;  | clientPortAddress for the embedded ZooKeeper server to                                                                                                                   | string  | 1.2.0 |
+| kyuubi.zookeeper.embedded.client.use.hostname    | false              | When true, embedded Zookeeper prefer to bind hostname, otherwise, ip address.                                                                                            | boolean | 1.7.2 |
+| kyuubi.zookeeper.embedded.data.dir               | embedded_zookeeper | dataDir for the embedded zookeeper server where stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database. | string  | 1.2.0 |
+| kyuubi.zookeeper.embedded.data.log.dir           | embedded_zookeeper | dataLogDir for the embedded ZooKeeper server where writes the transaction log .                                                                                          | string  | 1.2.0 |
+| kyuubi.zookeeper.embedded.directory              | embedded_zookeeper | The temporary directory for the embedded ZooKeeper server                                                                                                                | string  | 1.0.0 |
+| kyuubi.zookeeper.embedded.max.client.connections | 120                | maxClientCnxns for the embedded ZooKeeper server to limit the number of concurrent connections of a single client identified by IP address                               | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.max.session.timeout    | 60000              | maxSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 20 times the tickTime                                | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.min.session.timeout    | 6000               | minSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 2 times the tickTime                                 | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.port                   | 2181               | The port of the embedded ZooKeeper server                                                                                                                                | int     | 1.0.0 |
+| kyuubi.zookeeper.embedded.tick.time              | 3000               | tickTime in milliseconds for the embedded ZooKeeper server                                                                                                               | int     | 1.2.0 |
 
 ## Spark Configurations
 
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
index 25bd67446..4ea63d782 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
@@ -42,7 +42,13 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
     val maxClientCnxns = conf.get(ZK_MAX_CLIENT_CONNECTIONS)
     val minSessionTimeout = conf.get(ZK_MIN_SESSION_TIMEOUT)
     val maxSessionTimeout = conf.get(ZK_MAX_SESSION_TIMEOUT)
-    host = conf.get(ZK_CLIENT_PORT_ADDRESS).getOrElse(findLocalInetAddress.getCanonicalHostName)
+    host = conf.get(ZK_CLIENT_PORT_ADDRESS).getOrElse {
+      if (conf.get(ZK_CLIENT_USE_HOSTNAME)) {
+        findLocalInetAddress.getCanonicalHostName
+      } else {
+        findLocalInetAddress.getHostAddress
+      }
+    }
 
     try {
       zks = new ZooKeeperServer(dataDirectory, dataDirectory, tickTime)
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
index c6256a5e3..6ef494896 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
@@ -49,6 +49,13 @@ object ZookeeperConf {
       .stringConf
       .createOptional
 
+  val ZK_CLIENT_USE_HOSTNAME: ConfigEntry[Boolean] =
+    buildConf("kyuubi.zookeeper.embedded.client.use.hostname")
+      .doc("When true, embedded Zookeeper prefer to bind hostname, otherwise, ip address.")
+      .version("1.7.2")
+      .booleanConf
+      .createWithDefault(false)
+
   val ZK_DATA_DIR: ConfigEntry[String] = buildConf("kyuubi.zookeeper.embedded.data.dir")
     .doc("dataDir for the embedded zookeeper server where stores the in-memory database" +
       " snapshots and, unless specified otherwise, the transaction log of updates to the database.")

From 564ee509f09f3af9a9885847d463f2d39eb1e535 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Wed, 16 Aug 2023 11:58:39 +0800
Subject: [PATCH 560/760] [KYUUBI #5162][DOC] Add statements about
 contributions co-authored with AIGC in developer guide page

### _Why are the changes needed?_

close #5162

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

 No

Closes #5163 from lsm1/features/kyuubi-5162.

Closes #5162

c5bba8c20 [senmiaoliu] fix
af5e816fb [Kent Yao] Update docs/contributing/code/developer.md
ceb44358d [senmiaoliu] Add statements about contributions co-authored with AIGC in developer guide page

Lead-authored-by: senmiaoliu <senmiaoliu@trip.com>
Co-authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/PULL_REQUEST_TEMPLATE       | 9 +++++++++
 docs/contributing/code/developer.md | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/.github/PULL_REQUEST_TEMPLATE b/.github/PULL_REQUEST_TEMPLATE
index d3e0600de..3cab99d1f 100644
--- a/.github/PULL_REQUEST_TEMPLATE
+++ b/.github/PULL_REQUEST_TEMPLATE
@@ -21,3 +21,12 @@ Please clarify why the changes are needed. For instance,
 - [ ] Add screenshots for manual tests if appropriate
 
 - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request
+
+
+### _Was this patch authored or co-authored using generative AI tooling?_
+<!--
+If a generative AI tooling has been used in the process of authoring this patch, please include
+phrase 'Generated-by: ' followed by the name of the tool and its version.
+If no, write 'No'.
+Please refer to the [ASF Generative Tooling Guidance](https://www.apache.org/legal/generative-tooling.html) for details.
+-->
diff --git a/docs/contributing/code/developer.md b/docs/contributing/code/developer.md
index 8b52057e8..ef6fb7988 100644
--- a/docs/contributing/code/developer.md
+++ b/docs/contributing/code/developer.md
@@ -48,3 +48,12 @@ Kyuubi uses settings.md to explain available configurations.
 
 You can run `KYUUBI_UPDATE=1 build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration`
 to append descriptions of new configurations to settings.md.
+
+## Generative Tooling Usage
+
+In general, the ASF allows contributions co-authored using generative AI tools. However, there are several considerations when you submit a patch containing generated content.
+
+Foremost, you are required to disclose usage of such tool. Furthermore, you are responsible for ensuring that the terms and conditions of the tool in question are
+compatible with usage in an Open Source project and inclusion of the generated content doesn't pose a risk of copyright violation.
+
+Please refer to [The ASF Generative Tooling Guidance](https://www.apache.org/legal/generative-tooling.html) for more detailed information.

From 8b7f3c9c70b964d79896fca3039746723e05bd48 Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Wed, 16 Aug 2023 14:16:36 +0800
Subject: [PATCH 561/760] [KYUUBI #5132] [K8S][HELM] Kyuubi add server metrics
 monitor

### _Why are the changes needed?_

Integrating Prometheus as the metrics collection method in the Kyuubi Helm Chart simplifies the configuration and deployment process, provides a standardized monitoring solution, and makes monitoring in the Kubernetes cluster more convenient and reliable.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5132 from dev-lpq/monitor.

Closes #5132

75da2d491 [pengqli] upgrade the kyuubi monitoring
76c2db130 [pengqli] add monitoring api check
5a4c8ee88 [pengqli] add monitoring api check
1ce8c3b7d [pengqli] add monitoring api check
7362aaf0d [pengqli] Merge branch 'master' into monitor
76e5b95b6 [pengqli] update helm chart monitor
50439b603 [pengqli] update helm chart monitor
5fafe6516 [pengqli] add helm chart monitor

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/kyuubi-alert.yaml     | 28 ++++++++++++++
 charts/kyuubi/templates/kyuubi-configmap.yaml |  4 ++
 .../kyuubi/templates/kyuubi-podmonitor.yaml   | 31 ++++++++++++++++
 .../templates/kyuubi-servicemonitor.yaml      | 31 ++++++++++++++++
 charts/kyuubi/values.yaml                     | 37 +++++++++++++++++++
 5 files changed, 131 insertions(+)
 create mode 100644 charts/kyuubi/templates/kyuubi-alert.yaml
 create mode 100644 charts/kyuubi/templates/kyuubi-podmonitor.yaml
 create mode 100644 charts/kyuubi/templates/kyuubi-servicemonitor.yaml

diff --git a/charts/kyuubi/templates/kyuubi-alert.yaml b/charts/kyuubi/templates/kyuubi-alert.yaml
new file mode 100644
index 000000000..8637e9e03
--- /dev/null
+++ b/charts/kyuubi/templates/kyuubi-alert.yaml
@@ -0,0 +1,28 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+{{- if and .Values.server.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "kyuubi.labels" . | nindent 4 }}
+spec:
+  groups:
+    {{- toYaml .Values.prometheusRule.groups | nindent 4 }}
+{{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index 3e7281083..1e5e195d3 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -37,6 +37,10 @@ data:
     kyuubi.frontend.mysql.bind.port={{ .Values.server.mysql.port }}
     kyuubi.frontend.protocols={{ include "kyuubi.frontend.protocols" . }}
 
+    # Kyuubi Metrics
+    kyuubi.metrics.enabled={{ .Values.server.prometheus.enabled }}
+    kyuubi.metrics.reporters={{ .Values.metricsReporters }}
+
     ## User provided Kyuubi configurations
     {{- with .Values.kyuubiConf.kyuubiDefaults }}
       {{- tpl . $ | nindent 4 }}
diff --git a/charts/kyuubi/templates/kyuubi-podmonitor.yaml b/charts/kyuubi/templates/kyuubi-podmonitor.yaml
new file mode 100644
index 000000000..ea0f76214
--- /dev/null
+++ b/charts/kyuubi/templates/kyuubi-podmonitor.yaml
@@ -0,0 +1,31 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+{{- if and .Values.server.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "kyuubi.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  podMetricsEndpoints:
+    {{- toYaml .Values.podMonitor.podMetricsEndpoint | nindent 4 }}
+{{- end }}
diff --git a/charts/kyuubi/templates/kyuubi-servicemonitor.yaml b/charts/kyuubi/templates/kyuubi-servicemonitor.yaml
new file mode 100644
index 000000000..7d997fc11
--- /dev/null
+++ b/charts/kyuubi/templates/kyuubi-servicemonitor.yaml
@@ -0,0 +1,31 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+{{- if and .Values.server.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "kyuubi.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  endpoints:
+    {{- toYaml .Values.serviceMonitor.endpoints | nindent 4 }}
+{{- end }}
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index da4add0ed..cfc79fae5 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -116,6 +116,16 @@ server:
       nodePort: ~
       annotations: {}
 
+  # Exposes metrics in Prometheus format
+  prometheus:
+    enabled: true
+    port: 10019
+    service:
+      type: ClusterIP
+      port: "{{ .Values.server.prometheus.port }}"
+      nodePort: ~
+      annotations: {}
+
 # $KYUUBI_CONF_DIR directory
 kyuubiConfDir: /opt/kyuubi/conf
 # Kyuubi configurations files
@@ -202,3 +212,30 @@ affinity: {}
 
 # Kyuubi pods security context
 securityContext: {}
+
+# Monitoring Kyuubi - Server Metrics
+# PROMETHEUS - PrometheusReporter which exposes metrics in Prometheus format
+metricsReporters: ~
+
+# Prometheus pod monitor
+podMonitor:
+  # If enabled, podMonitor for operator's pod will be created
+  enabled: false
+  # The podMetricsEndpoint contains metrics information such as port, interval, scheme, and possibly other relevant details.
+  # This information is used to configure the endpoint from which Prometheus can scrape and collect metrics for a specific Pod in Kubernetes.
+  podMetricsEndpoint: []
+
+# Prometheus service monitor
+serviceMonitor:
+  # If enabled, ServiceMonitor resources for Prometheus Operator are created
+  enabled: false
+  # The endpoints section in a ServiceMonitor specifies the metrics information for each target endpoint.
+  # This allows you to collect metrics from multiple Services across your Kubernetes cluster in a standardized and automated way.
+  endpoints: []
+
+# Rules for the Prometheus Operator
+prometheusRule:
+  # If enabled, a PrometheusRule resource for Prometheus Operator is created
+  enabled: false
+  # Contents of Prometheus rules file
+  groups: []

From fdfb8f6d66fe442ad86abeb22f44569054b6a9d7 Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Wed, 16 Aug 2023 16:07:54 +0800
Subject: [PATCH 562/760] [KYUUBI #5170] Identifier compatible with spark3.4

### _Why are the changes needed?_

close #5170

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5171 from iodone/kyuubi-5170.

Closes #5170

7cd0e2cbf [odone] identifier compatible with sprk3.4

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/extensions/engines/spark/lineage.md              |  7 ++++---
 .../lineage/helper/SparkSQLLineageParseHelper.scala   | 11 ++++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/docs/extensions/engines/spark/lineage.md b/docs/extensions/engines/spark/lineage.md
index 01acd884d..2dbb2a026 100644
--- a/docs/extensions/engines/spark/lineage.md
+++ b/docs/extensions/engines/spark/lineage.md
@@ -45,14 +45,14 @@ The lineage of this SQL:
 
 ```json
 {
-   "inputTables": ["default.test_table0"],
+   "inputTables": ["spark_catalog.default.test_table0"],
    "outputTables": [],
    "columnLineage": [{
       "column": "col0",
-      "originalColumns": ["default.test_table0.a"]
+      "originalColumns": ["spark_catalog.default.test_table0.a"]
    }, {
       "column": "col1",
-      "originalColumns": ["default.test_table0.b"]
+      "originalColumns": ["spark_catalog.default.test_table0.b"]
    }]
 }
 ```
@@ -125,6 +125,7 @@ The available `spark.version`s are shown in the following table.
 | Spark Version | Supported | Remark |
 |:-------------:|:---------:|:------:|
 |    master     |     √     |   -    |
+|     3.4.x     |     √     |   -    |
 |     3.3.x     |     √     |   -    |
 |     3.2.x     |     √     |   -    |
 |     3.1.x     |     √     |   -    |
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index dad37eac5..ab669aa19 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -53,7 +53,7 @@ trait LineageParser {
     val columnsLineage =
       extractColumnsLineage(plan, ListMap[Attribute, AttributeSet]()).toList.collect {
         case (k, attrs) =>
-          k.name -> attrs.map(_.qualifiedName).toSet
+          k.name -> attrs.map(attr => (attr.qualifier :+ attr.name).mkString(".")).toSet
       }
     val (inputTables, outputTables) = columnsLineage.foldLeft((List[String](), List[String]())) {
       case ((inputs, outputs), (out, in)) =>
@@ -324,7 +324,8 @@ trait LineageParser {
           nextColumnsLlineage.map { case (k, _) => (k, AttributeSet(k)) })
         val sourceColumnsLineage = extractColumnsLineage(sourceTable, nextColumnsLlineage)
         val targetColumnsWithTargetTable = targetColumnsLineage.values.flatten.map { column =>
-          column.withName(s"${column.qualifiedName}")
+          val unquotedQualifiedName = (column.qualifier :+ column.name).mkString(".")
+          column.withName(unquotedQualifiedName)
         }
         ListMap(targetColumnsWithTargetTable.zip(sourceColumnsLineage.values).toSeq: _*)
 
@@ -497,7 +498,11 @@ trait LineageParser {
   }
 
   private def getV1TableName(qualifiedName: String): String = {
-    Seq(LineageConf.DEFAULT_CATALOG, qualifiedName).filter(_.nonEmpty).mkString(".")
+    qualifiedName.split("\\.") match {
+      case Array(database, table) =>
+        Seq(LineageConf.DEFAULT_CATALOG, database, table).filter(_.nonEmpty).mkString(".")
+      case _ => qualifiedName
+    }
   }
 }
 

From d513f1f1e60fc0ab53095a1f24cea5c354174891 Mon Sep 17 00:00:00 2001
From: zhouyifan279 <zhouyifan279@gmail.com>
Date: Wed, 16 Aug 2023 16:09:17 +0800
Subject: [PATCH 563/760] [KYUUBI #5136][Bug] Spark App may hang forever if
 FinalStageResourceManager killed all executors

### _Why are the changes needed?_
In minor cases, Spark Stage hangs forever when spark.sql.finalWriteStage.eagerlyKillExecutors.enabled is true.

The bug occurs if two conditions are met in the same time:

1. All executors are either removed because of idle time out or killed by FinalStageResourceManager.
   Target executor num in YarnAllocator will be set to 0 and no more executor will be launched.
2. Target executor num in ExecutorAllocationManager equals to the executor num needed by final stage.
   Then ExecutorAllocationManager will not sync target executor num to YarnAllocator.

### _How was this patch tested?_
- [x] Add a new test suite `FinalStageResourceManagerSuite`

Closes #5141 from zhouyifan279/adjust-executors.

Closes #5136

c4403eefa [zhouyifan279] assert adjustedTargetExecutors == 1
ea8f24733 [zhouyifan279] Add comment
5f3ca1d9c [zhouyifan279] [KYUUBI #5136][Bug] Spark App may hang forever if FinalStageResourceManager killed all executors
12687eee7 [zhouyifan279] [KYUUBI #5136][Bug] Spark App may hang forever if FinalStageResourceManager killed all executors
9dcbc780d [zhouyifan279] [KYUUBI #5136][Bug] Spark App may hang forever if FinalStageResourceManager killed all executors

Authored-by: zhouyifan279 <zhouyifan279@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  |  6 +-
 .../spark/kyuubi-extension-spark-3-3/pom.xml  | 48 ++++++++++++++
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |  2 +-
 .../spark/sql/FinalStageResourceManager.scala | 42 ++++++++++++-
 .../sql/FinalStageResourceManagerSuite.scala  | 62 +++++++++++++++++++
 .../spark/kyuubi-extension-spark-3-4/pom.xml  | 54 ++++++++++++++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  8 +++
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |  2 +-
 .../spark/sql/FinalStageResourceManager.scala | 42 ++++++++++++-
 .../sql/FinalStageResourceManagerSuite.scala  | 62 +++++++++++++++++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  8 +++
 .../kyuubi/tags/SparkLocalClusterTest.java    | 29 +++++++++
 12 files changed, 358 insertions(+), 7 deletions(-)
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/SparkLocalClusterTest.java

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 674c7d060..00e5772a2 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -59,17 +59,17 @@ jobs:
           - java: 8
             spark: '3.3'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.1.3 -Dspark.archive.name=spark-3.1.3-bin-hadoop3.2.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.3'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.2-binary'
           - java: 8
             spark: '3.3'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.4.0 -Dspark.archive.name=spark-3.4.0-bin-hadoop3.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.4-binary'
         exclude:
           # SPARK-33772: Spark supports JDK 17 since 3.3.0
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
index 98c1cca02..51d21f684 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
@@ -37,6 +37,14 @@
             <version>${project.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-download</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
             <artifactId>kyuubi-extension-spark-common_${scala.binary.version}</artifactId>
@@ -45,6 +53,14 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.scala-lang</groupId>
             <artifactId>scala-library</artifactId>
@@ -130,6 +146,38 @@
     <build>
 
         <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>regex-property</id>
+                        <goals>
+                            <goal>regex-property</goal>
+                        </goals>
+                        <configuration>
+                            <name>spark.home</name>
+                            <value>${project.basedir}/../../../externals/kyuubi-download/target/${spark.archive.name}</value>
+                            <regex>(.+)\.tgz</regex>
+                            <replacement>$1</replacement>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.scalatest</groupId>
+                <artifactId>scalatest-maven-plugin</artifactId>
+                <configuration>
+                    <environmentVariables>
+                        <!--
+                          Some tests run Spark in local-cluster mode.
+                          This mode uses SPARK_HOME and SPARK_SCALA_VERSION to build command to launch a Spark Standalone Cluster.
+                          -->
+                        <SPARK_HOME>${spark.home}</SPARK_HOME>
+                        <SPARK_SCALA_VERSION>${scala.binary.version}</SPARK_SCALA_VERSION>
+                    </environmentVariables>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index 5d3464228..792315d89 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -40,7 +40,7 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
     extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
     extensions.injectPlannerStrategy(MaxScanStrategy)
 
-    extensions.injectQueryStagePrepRule(FinalStageResourceManager)
+    extensions.injectQueryStagePrepRule(FinalStageResourceManager(_))
     extensions.injectQueryStagePrepRule(InjectCustomResourceProfile)
   }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index dc573f838..32fb9f5ce 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -22,6 +22,8 @@ import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 
 import org.apache.spark.{ExecutorAllocationClient, MapOutputTrackerMaster, SparkContext, SparkEnv}
+import org.apache.spark.internal.Logging
+import org.apache.spark.resource.ResourceProfile
 import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
 import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
@@ -185,7 +187,12 @@ case class FinalStageResourceManager(session: SparkSession)
       numReduce: Int): Unit = {
     val executorAllocationClient = sc.schedulerBackend.asInstanceOf[ExecutorAllocationClient]
 
-    val executorsToKill = findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+    val executorsToKill =
+      if (conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL)) {
+        executorAllocationClient.getExecutorIds()
+      } else {
+        findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+      }
     logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
       s"[${executorsToKill.mkString(", ")}].")
     if (executorsToKill.isEmpty) {
@@ -210,6 +217,14 @@ case class FinalStageResourceManager(session: SparkSession)
       adjustTargetNumExecutors = true,
       countFailures = false,
       force = false)
+
+    FinalStageResourceManager.getAdjustedTargetExecutors(sc)
+      .filter(_ < targetExecutors).foreach { adjustedExecutors =>
+        val delta = targetExecutors - adjustedExecutors
+        logInfo(s"Target executors after kill ($adjustedExecutors) is lower than required " +
+          s"($targetExecutors). Requesting $delta additional executor(s).")
+        executorAllocationClient.requestExecutors(delta)
+      }
   }
 
   @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
@@ -218,6 +233,31 @@ case class FinalStageResourceManager(session: SparkSession)
     OptimizeShuffleWithLocalRead)
 }
 
+object FinalStageResourceManager extends Logging {
+
+  private[sql] def getAdjustedTargetExecutors(sc: SparkContext): Option[Int] = {
+    sc.schedulerBackend match {
+      case schedulerBackend: CoarseGrainedSchedulerBackend =>
+        try {
+          val field = classOf[CoarseGrainedSchedulerBackend]
+            .getDeclaredField("requestedTotalExecutorsPerResourceProfile")
+          field.setAccessible(true)
+          schedulerBackend.synchronized {
+            val requestedTotalExecutorsPerResourceProfile =
+              field.get(schedulerBackend).asInstanceOf[mutable.HashMap[ResourceProfile, Int]]
+            val defaultRp = sc.resourceProfileManager.defaultResourceProfile
+            requestedTotalExecutorsPerResourceProfile.get(defaultRp)
+          }
+        } catch {
+          case e: Exception =>
+            logWarning("Failed to get requestedTotalExecutors of Default ResourceProfile", e)
+            None
+        }
+      case _ => None
+    }
+  }
+}
+
 trait FinalRebalanceStageHelper extends AdaptiveSparkPlanHelper {
   @tailrec
   final protected def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala b/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
new file mode 100644
index 000000000..4b9991ef6
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.scalatest.time.{Minutes, Span}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+import org.apache.kyuubi.tags.SparkLocalClusterTest
+
+@SparkLocalClusterTest
+class FinalStageResourceManagerSuite extends KyuubiSparkSQLExtensionTest {
+
+  override def sparkConf(): SparkConf = {
+    // It is difficult to run spark in local-cluster mode when spark.testing is set.
+    sys.props.remove("spark.testing")
+
+    super.sparkConf().set("spark.master", "local-cluster[3, 1, 1024]")
+      .set("spark.dynamicAllocation.enabled", "true")
+      .set("spark.dynamicAllocation.initialExecutors", "3")
+      .set("spark.dynamicAllocation.minExecutors", "1")
+      .set("spark.dynamicAllocation.shuffleTracking.enabled", "true")
+      .set(KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key, "true")
+      .set(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED.key, "true")
+  }
+
+  test("[KYUUBI #5136][Bug] Final Stage hangs forever") {
+    // Prerequisite to reproduce the bug:
+    // 1. Dynamic allocation is enabled.
+    // 2. Dynamic allocation min executors is 1.
+    // 3. target executors < active executors.
+    // 4. No active executor is left after FinalStageResourceManager killed executors.
+    //    This is possible because FinalStageResourceManager retained executors may already be
+    //    requested to be killed but not died yet.
+    // 5. Final Stage required executors is 1.
+    withSQLConf(
+      (KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL.key, "true")) {
+      withTable("final_stage") {
+        eventually(timeout(Span(10, Minutes))) {
+          sql(
+            "CREATE TABLE final_stage AS SELECT id, count(*) as num FROM (SELECT 0 id) GROUP BY id")
+        }
+        assert(FinalStageResourceManager.getAdjustedTargetExecutors(spark.sparkContext).get == 1)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
index 947c03ea0..20db5d12f 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
@@ -55,6 +55,22 @@
             <scope>provided</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-download</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-core_${scala.binary.version}</artifactId>
@@ -111,11 +127,49 @@
             <artifactId>jakarta.xml.bind-api</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
 
         <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>regex-property</id>
+                        <goals>
+                            <goal>regex-property</goal>
+                        </goals>
+                        <configuration>
+                            <name>spark.home</name>
+                            <value>${project.basedir}/../../../externals/kyuubi-download/target/${spark.archive.name}</value>
+                            <regex>(.+)\.tgz</regex>
+                            <replacement>$1</replacement>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.scalatest</groupId>
+                <artifactId>scalatest-maven-plugin</artifactId>
+                <configuration>
+                    <environmentVariables>
+                        <!--
+                        Some tests run Spark in local-cluster mode.
+                        This mode uses SPARK_HOME and SPARK_SCALA_VERSION to build command to launch a Spark Standalone Cluster.
+                        -->
+                        <SPARK_HOME>${spark.home}</SPARK_HOME>
+                        <SPARK_SCALA_VERSION>${scala.binary.version}</SPARK_SCALA_VERSION>
+                    </environmentVariables>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.antlr</groupId>
                 <artifactId>antlr4-maven-plugin</artifactId>
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index fa118a3e2..6f45dae12 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -210,6 +210,14 @@ object KyuubiSQLConf {
       .booleanConf
       .createWithDefault(false)
 
+  val FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL =
+    buildConf("spark.sql.finalWriteStage.eagerlyKillExecutors.killAll")
+      .doc("When true, eagerly kill all executors before running final write stage. " +
+        "Mainly for test.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
   val FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE =
     buildConf("spark.sql.finalWriteStage.skipKillingExecutorsForTableCache")
       .doc("When true, skip killing executors if the plan has table caches.")
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
index 5d3464228..792315d89 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -40,7 +40,7 @@ class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
     extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
     extensions.injectPlannerStrategy(MaxScanStrategy)
 
-    extensions.injectQueryStagePrepRule(FinalStageResourceManager)
+    extensions.injectQueryStagePrepRule(FinalStageResourceManager(_))
     extensions.injectQueryStagePrepRule(InjectCustomResourceProfile)
   }
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
index 16002dfa0..81873476c 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -22,6 +22,8 @@ import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 
 import org.apache.spark.{ExecutorAllocationClient, MapOutputTrackerMaster, SparkContext, SparkEnv}
+import org.apache.spark.internal.Logging
+import org.apache.spark.resource.ResourceProfile
 import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
 import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
@@ -188,7 +190,12 @@ case class FinalStageResourceManager(session: SparkSession)
       numReduce: Int): Unit = {
     val executorAllocationClient = sc.schedulerBackend.asInstanceOf[ExecutorAllocationClient]
 
-    val executorsToKill = findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+    val executorsToKill =
+      if (conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL)) {
+        executorAllocationClient.getExecutorIds()
+      } else {
+        findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+      }
     logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
       s"[${executorsToKill.mkString(", ")}].")
     if (executorsToKill.isEmpty) {
@@ -213,6 +220,14 @@ case class FinalStageResourceManager(session: SparkSession)
       adjustTargetNumExecutors = true,
       countFailures = false,
       force = false)
+
+    FinalStageResourceManager.getAdjustedTargetExecutors(sc)
+      .filter(_ < targetExecutors).foreach { adjustedExecutors =>
+        val delta = targetExecutors - adjustedExecutors
+        logInfo(s"Target executors after kill ($adjustedExecutors) is lower than required " +
+          s"($targetExecutors). Requesting $delta additional executor(s).")
+        executorAllocationClient.requestExecutors(delta)
+      }
   }
 
   @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
@@ -221,6 +236,31 @@ case class FinalStageResourceManager(session: SparkSession)
     OptimizeShuffleWithLocalRead)
 }
 
+object FinalStageResourceManager extends Logging {
+
+  private[sql] def getAdjustedTargetExecutors(sc: SparkContext): Option[Int] = {
+    sc.schedulerBackend match {
+      case schedulerBackend: CoarseGrainedSchedulerBackend =>
+        try {
+          val field = classOf[CoarseGrainedSchedulerBackend]
+            .getDeclaredField("requestedTotalExecutorsPerResourceProfile")
+          field.setAccessible(true)
+          schedulerBackend.synchronized {
+            val requestedTotalExecutorsPerResourceProfile =
+              field.get(schedulerBackend).asInstanceOf[mutable.HashMap[ResourceProfile, Int]]
+            val defaultRp = sc.resourceProfileManager.defaultResourceProfile
+            requestedTotalExecutorsPerResourceProfile.get(defaultRp)
+          }
+        } catch {
+          case e: Exception =>
+            logWarning("Failed to get requestedTotalExecutors of Default ResourceProfile", e)
+            None
+        }
+      case _ => None
+    }
+  }
+}
+
 trait FinalRebalanceStageHelper extends AdaptiveSparkPlanHelper {
   @tailrec
   final protected def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
new file mode 100644
index 000000000..4b9991ef6
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.scalatest.time.{Minutes, Span}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+import org.apache.kyuubi.tags.SparkLocalClusterTest
+
+@SparkLocalClusterTest
+class FinalStageResourceManagerSuite extends KyuubiSparkSQLExtensionTest {
+
+  override def sparkConf(): SparkConf = {
+    // It is difficult to run spark in local-cluster mode when spark.testing is set.
+    sys.props.remove("spark.testing")
+
+    super.sparkConf().set("spark.master", "local-cluster[3, 1, 1024]")
+      .set("spark.dynamicAllocation.enabled", "true")
+      .set("spark.dynamicAllocation.initialExecutors", "3")
+      .set("spark.dynamicAllocation.minExecutors", "1")
+      .set("spark.dynamicAllocation.shuffleTracking.enabled", "true")
+      .set(KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key, "true")
+      .set(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED.key, "true")
+  }
+
+  test("[KYUUBI #5136][Bug] Final Stage hangs forever") {
+    // Prerequisite to reproduce the bug:
+    // 1. Dynamic allocation is enabled.
+    // 2. Dynamic allocation min executors is 1.
+    // 3. target executors < active executors.
+    // 4. No active executor is left after FinalStageResourceManager killed executors.
+    //    This is possible because FinalStageResourceManager retained executors may already be
+    //    requested to be killed but not died yet.
+    // 5. Final Stage required executors is 1.
+    withSQLConf(
+      (KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL.key, "true")) {
+      withTable("final_stage") {
+        eventually(timeout(Span(10, Minutes))) {
+          sql(
+            "CREATE TABLE final_stage AS SELECT id, count(*) as num FROM (SELECT 0 id) GROUP BY id")
+        }
+        assert(FinalStageResourceManager.getAdjustedTargetExecutors(spark.sparkContext).get == 1)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index fa118a3e2..6f45dae12 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -210,6 +210,14 @@ object KyuubiSQLConf {
       .booleanConf
       .createWithDefault(false)
 
+  val FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL =
+    buildConf("spark.sql.finalWriteStage.eagerlyKillExecutors.killAll")
+      .doc("When true, eagerly kill all executors before running final write stage. " +
+        "Mainly for test.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
   val FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE =
     buildConf("spark.sql.finalWriteStage.skipKillingExecutorsForTableCache")
       .doc("When true, skip killing executors if the plan has table caches.")
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/SparkLocalClusterTest.java b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/SparkLocalClusterTest.java
new file mode 100644
index 000000000..dd718f125
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/SparkLocalClusterTest.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.tags;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.scalatest.TagAnnotation;
+
+@TagAnnotation
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface SparkLocalClusterTest {}

From b57bc1cab61385a0ee4222bd89d5d68e8bf587ef Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Wed, 16 Aug 2023 18:31:58 +0800
Subject: [PATCH 564/760] [KYUUBI #5172] [AUTHZ] Check USE permissions for
 DESCRIBE FUNCTION

### _Why are the changes needed?_

Fix a bug, The `DESCRIBE FUNCTION` syntax should also be checked for USE permissions. However, prior to this PR, the syntax was not checked for any permissions

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5172 from Yikf/auth-desc-function.

Closes #5172

112f4f20b [yikaifei] The DESCRIBE FUNCTION syntax should also be checked for USE permissions

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/plugin/spark/authz/ranger/AccessType.scala |  7 ++++++-
 .../authz/ranger/RangerSparkExtensionSuite.scala      | 11 +++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
index 7d62229ee..c0b7d2a03 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
@@ -58,7 +58,12 @@ object AccessType extends Enumeration {
               SHOWPARTITIONS |
               ANALYZE_TABLE => SELECT
           case SHOWCOLUMNS | DESCTABLE => SELECT
-          case SHOWDATABASES | SWITCHDATABASE | DESCDATABASE | SHOWTABLES | SHOWFUNCTIONS => USE
+          case SHOWDATABASES |
+              SWITCHDATABASE |
+              DESCDATABASE |
+              SHOWTABLES |
+              SHOWFUNCTIONS |
+              DESCFUNCTION => USE
           case TRUNCATETABLE => UPDATE
           case _ => NONE
         }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index b5dcf63cb..c32b63a2f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -442,6 +442,17 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     }
     doAs(admin, assert(sql("show tables from global_temp").collect().length == 0))
   }
+
+  test("[KYUUBI #5172] Check USE permissions for DESCRIBE FUNCTION") {
+    val fun = s"$defaultDb.function1"
+
+    withCleanTmpResources(Seq((s"$fun", "function"))) {
+      doAs(admin, sql(s"CREATE FUNCTION $fun AS 'Function1'"))
+      doAs(admin, sql(s"DESC FUNCTION $fun").collect().length == 1)
+      val e = intercept[AccessControlException](doAs(denyUser, sql(s"DESC FUNCTION $fun")))
+      assert(e.getMessage === errorMessage("_any", "default/function1", denyUser))
+    }
+  }
 }
 
 class InMemoryCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {

From f05aefb86643e69c64237ebfb9db208ec509f3b2 Mon Sep 17 00:00:00 2001
From: zwangsheng <2213335496@qq.com>
Date: Wed, 16 Aug 2023 21:10:23 +0800
Subject: [PATCH 565/760] [KYUUBI #5165][K8S][SPARK] Build Spark
 Driver/Executor Pod Name(Prefix) in process

### _Why are the changes needed?_

1. Print those pod name/prefix in kyuubi server log
2. Make sure driver pod name in length limit

close #5165
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5168 from zwangsheng/KYUUBI#5165.

Closes #5165

290a46860 [Cheng Pan] nit
9c9dd2d38 [Cheng Pan] Revert "Add app Name"
50187cddb [zwangsheng] Add app Name
f704a9839 [Cheng Pan] app key
463904bec [Cheng Pan] revise
33d1ffd9e [Cheng Pan] Apply suggestions from code review
0b7e64da5 [Cheng Pan] Apply suggestions from code review
b3b1e08fd [zwangsheng] Fix Test
742e78461 [zwangsheng] modify long app name length to 266
90b165e95 [zwangsheng] fix test
191447058 [zwangsheng] fix test fail
05698fdb1 [zwangsheng] fix test fail
39637ae68 [zwangsheng] fix comments
23513810f [zwangsheng] fix comments
a56630179 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
8599a1430 [zwangsheng] fix style
73aec9a03 [zwangsheng] [KYUUBI #5165][K8S][SPARK] Build Spark Driver/Executor Pod Name(Prefix) in process

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/SparkBatchProcessBuilder.scala      |  5 +-
 .../engine/spark/SparkProcessBuilder.scala    | 24 +++++++-
 .../apache/kyuubi/util/KubernetesUtils.scala  | 33 ++++++++++
 .../spark/SparkProcessBuilderSuite.scala      | 60 ++++++++++++++++++-
 4 files changed, 119 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
index 7f1be93b5..ef159bb93 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkBatchProcessBuilder.scala
@@ -51,7 +51,10 @@ class SparkBatchProcessBuilder(
     // tag batch application
     KyuubiApplicationManager.tagApplication(batchId, "spark", clusterManager(), batchKyuubiConf)
 
-    (batchKyuubiConf.getAll ++ sparkAppNameConf() ++ engineLogPathConf()).foreach { case (k, v) =>
+    (batchKyuubiConf.getAll ++
+      sparkAppNameConf() ++
+      engineLogPathConf() ++
+      appendPodNameConf(batchConf)).foreach { case (k, v) =>
       buffer += CONF
       buffer += s"${convertConfigKey(k)}=$v"
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index 5998d5d4e..351eddb75 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -21,6 +21,7 @@ import java.io.{File, IOException}
 import java.nio.file.Paths
 import java.util.Locale
 
+import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 
 import com.google.common.annotations.VisibleForTesting
@@ -34,6 +35,7 @@ import org.apache.kyuubi.engine.ProcBuilder.KYUUBI_ENGINE_LOG_PATH_KEY
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.operation.log.OperationLog
+import org.apache.kyuubi.util.KubernetesUtils
 import org.apache.kyuubi.util.Validator
 
 class SparkProcessBuilder(
@@ -118,7 +120,7 @@ class SparkProcessBuilder(
       allConf = allConf ++ zkAuthKeytabFileConf(allConf)
     }
     // pass spark engine log path to spark conf
-    (allConf ++ engineLogPathConf).foreach { case (k, v) =>
+    (allConf ++ engineLogPathConf ++ appendPodNameConf(allConf)).foreach { case (k, v) =>
       buffer += CONF
       buffer += s"${convertConfigKey(k)}=$v"
     }
@@ -208,6 +210,24 @@ class SparkProcessBuilder(
       kubernetesNamespace())
   }
 
+  def appendPodNameConf(conf: Map[String, String]): Map[String, String] = {
+    val appName = conf.getOrElse(APP_KEY, "spark")
+    val map = mutable.Map.newBuilder[String, String]
+    if (clusterManager().exists(cm => cm.toLowerCase(Locale.ROOT).startsWith("k8s"))) {
+      if (!conf.contains(KUBERNETES_EXECUTOR_POD_NAME_PREFIX)) {
+        val prefix = KubernetesUtils.generateExecutorPodNamePrefix(appName, engineRefId)
+        map += (KUBERNETES_EXECUTOR_POD_NAME_PREFIX -> prefix)
+      }
+      if (deployMode().exists(_.toLowerCase(Locale.ROOT) == "cluster")) {
+        if (!conf.contains(KUBERNETES_DRIVER_POD_NAME)) {
+          val name = KubernetesUtils.generateDriverPodName(appName, engineRefId)
+          map += (KUBERNETES_DRIVER_POD_NAME -> name)
+        }
+      }
+    }
+    map.result().toMap
+  }
+
   override def clusterManager(): Option[String] = {
     conf.getOption(MASTER_KEY).orElse(defaultsConf.get(MASTER_KEY))
   }
@@ -258,6 +278,8 @@ object SparkProcessBuilder {
   final val DEPLOY_MODE_KEY = "spark.submit.deployMode"
   final val KUBERNETES_CONTEXT_KEY = "spark.kubernetes.context"
   final val KUBERNETES_NAMESPACE_KEY = "spark.kubernetes.namespace"
+  final val KUBERNETES_DRIVER_POD_NAME = "spark.kubernetes.driver.pod.name"
+  final val KUBERNETES_EXECUTOR_POD_NAME_PREFIX = "spark.kubernetes.executor.podNamePrefix"
   final val INTERNAL_RESOURCE = "spark-internal"
 
   /**
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
index f9780bb16..9da3408a3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.util
 
 import java.io.File
+import java.util.Locale
 
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.google.common.base.Charsets
@@ -32,6 +33,10 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 
 object KubernetesUtils extends Logging {
+  // Kubernetes pod name max length - '-exec-' - Int.MAX_VALUE.length
+  // 253 - 10 - 6
+  final val EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH = 237
+  final val DRIVER_POD_NAME_MAX_LENGTH = 253
 
   def buildKubernetesClient(conf: KyuubiConf): Option[KubernetesClient] = {
     val master = conf.get(KUBERNETES_MASTER)
@@ -114,4 +119,32 @@ object KubernetesUtils extends Logging {
     opt1.foreach { _ => require(opt2.isEmpty, errMessage) }
     opt2.foreach { _ => require(opt1.isEmpty, errMessage) }
   }
+
+  private def getResourceNamePrefix(appName: String, engineRefId: String): String = {
+    s"$appName-$engineRefId"
+      .trim
+      .toLowerCase(Locale.ROOT)
+      .replaceAll("[^a-z0-9\\-]", "-")
+      .replaceAll("-+", "-")
+      .replaceAll("^-", "")
+      .replaceAll("^[0-9]", "x")
+  }
+
+  def generateDriverPodName(appName: String, engineRefId: String): String = {
+    val resolvedResourceName = s"kyuubi-${getResourceNamePrefix(appName, engineRefId)}-driver"
+    if (resolvedResourceName.length <= DRIVER_POD_NAME_MAX_LENGTH) {
+      resolvedResourceName
+    } else {
+      s"kyuubi-$engineRefId-driver"
+    }
+  }
+
+  def generateExecutorPodNamePrefix(appName: String, engineRefId: String): String = {
+    val resolvedResourceName = s"kyuubi-${getResourceNamePrefix(appName, engineRefId)}"
+    if (resolvedResourceName.length <= EXECUTOR_POD_NAME_PREFIX_MAX_LENGTH) {
+      resolvedResourceName
+    } else {
+      s"kyuubi-$engineRefId"
+    }
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
index cd549c0f3..a4227d26e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
@@ -30,7 +30,7 @@ import org.apache.kyuubi.{KerberizedTestHelper, KyuubiSQLException, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_LOG_TIMEOUT, ENGINE_SPARK_MAIN_RESOURCE}
 import org.apache.kyuubi.engine.ProcBuilder.KYUUBI_ENGINE_LOG_PATH_KEY
-import org.apache.kyuubi.engine.spark.SparkProcessBuilder.CONF
+import org.apache.kyuubi.engine.spark.SparkProcessBuilder._
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.service.ServiceUtils
@@ -305,6 +305,64 @@ class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
       b1.toString.contains(
         s"$CONF spark.$KYUUBI_ENGINE_LOG_PATH_KEY=${b1.engineLog.getAbsolutePath}"))
   }
+
+  test("[KYUUBI #5165] Test SparkProcessBuilder#appendDriverPodPrefix") {
+    val engineRefId = "kyuubi-test-engine"
+    val appName = "test-app"
+    val processBuilder = new SparkProcessBuilder(
+      "kyuubi",
+      conf.set(MASTER_KEY, "k8s://internal").set(DEPLOY_MODE_KEY, "cluster"),
+      engineRefId)
+    val conf1 = Map(APP_KEY -> "test-app")
+    val driverPodName1 = processBuilder.appendPodNameConf(conf1).get(KUBERNETES_DRIVER_POD_NAME)
+    assert(driverPodName1 === Some(s"kyuubi-$appName-$engineRefId-driver"))
+    // respect user specified driver pod name
+    val conf2 = conf1 ++ Map(KUBERNETES_DRIVER_POD_NAME -> "kyuubi-test-1-driver")
+    val driverPodName2 = processBuilder.appendPodNameConf(conf2).get(KUBERNETES_DRIVER_POD_NAME)
+    assert(driverPodName2 === None)
+    val longAppName = "thisisalonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglongappname"
+    val conf3 = Map(APP_KEY -> longAppName)
+    val driverPodName3 = processBuilder.appendPodNameConf(conf3).get(KUBERNETES_DRIVER_POD_NAME)
+    assert(driverPodName3 === Some(s"kyuubi-$engineRefId-driver"))
+    // scalastyle:off
+    val chineseAppName = "你好_test_任务"
+    // scalastyle:on
+    val conf4 = Map(APP_KEY -> chineseAppName)
+    val driverPodName4 = processBuilder.appendPodNameConf(conf4).get(KUBERNETES_DRIVER_POD_NAME)
+    assert(driverPodName4 === Some(s"kyuubi-test-$engineRefId-driver"))
+  }
+
+  test("[KYUUBI #5165] Test SparkProcessBuilder#appendExecutorPodPrefix") {
+    val engineRefId = "kyuubi-test-engine"
+    val appName = "test-app"
+    val processBuilder = new SparkProcessBuilder(
+      "kyuubi",
+      conf.set(MASTER_KEY, "k8s://internal").set(DEPLOY_MODE_KEY, "cluster"),
+      engineRefId)
+    val conf1 = Map(APP_KEY -> "test-app")
+    val execPodNamePrefix1 = processBuilder
+      .appendPodNameConf(conf1).get(KUBERNETES_EXECUTOR_POD_NAME_PREFIX)
+    assert(execPodNamePrefix1 === Some(s"kyuubi-$appName-$engineRefId"))
+    val conf2 = conf1 ++ Map(KUBERNETES_EXECUTOR_POD_NAME_PREFIX -> "kyuubi-test")
+    val execPodNamePrefix2 = processBuilder
+      .appendPodNameConf(conf2).get(KUBERNETES_EXECUTOR_POD_NAME_PREFIX)
+    assert(execPodNamePrefix2 === None)
+    val longAppName = "thisisalonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglonglong" +
+      "longlonglonglonglonglonglonglonglonglonglonglonglongappname"
+    val conf3 = Map(APP_KEY -> longAppName)
+    val execPodNamePrefix3 = processBuilder
+      .appendPodNameConf(conf3).get(KUBERNETES_EXECUTOR_POD_NAME_PREFIX)
+    assert(execPodNamePrefix3 === Some(s"kyuubi-$engineRefId"))
+  }
 }
 
 class FakeSparkProcessBuilder(config: KyuubiConf)

From 14b3e45bb8d92cfc8110c95bf2e8037b9f4b5fba Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 18 Aug 2023 08:28:34 +0800
Subject: [PATCH 566/760] [KYUUBI #5178] [DOC] Make MarkdownBuilder not
 extending Growable

### _Why are the changes needed?_

- As `scala.collection.generic.Growable` is marked as deprecated and made `+=` is marked as a final method in Scala 2.13, MarkdownBuilder which extends Growable is a blocker issue for Scala 2.13 in the future

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5178 from bowenliang123/markdown-notgrow.

Closes #5178

c34b95649 [liangbowen] update
565fdf6e5 [liangbowen] make MarkdownBuilder not extending Growable

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../test/scala/org/apache/kyuubi/MarkdownUtils.scala   | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
index 06c948903..2ac5e8c69 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
@@ -21,7 +21,6 @@ import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, StandardOpenOption}
 
 import scala.collection.JavaConverters._
-import scala.collection.generic.Growable
 import scala.collection.mutable.ListBuffer
 
 import com.vladsch.flexmark.formatter.Formatter
@@ -60,11 +59,9 @@ object MarkdownUtils {
   }
 }
 
-class MarkdownBuilder extends Growable[String] {
+class MarkdownBuilder {
   private val buffer = new ListBuffer[String]
 
-  override def clear: Unit = buffer.clear
-
   /**
    * append a single line
    * with replacing EOL to empty string
@@ -72,7 +69,7 @@ class MarkdownBuilder extends Growable[String] {
    * @param str single line
    * @return
    */
-  override def +=(str: String): MarkdownBuilder.this.type = {
+  def +=(str: String): MarkdownBuilder = {
     buffer += str.stripMargin.linesIterator.mkString
     this
   }
@@ -86,7 +83,8 @@ class MarkdownBuilder extends Growable[String] {
    * @return
    */
   def ++=(multiline: String, marginChar: Char = '|'): MarkdownBuilder = {
-    this ++= multiline.stripMargin(marginChar).linesIterator
+    buffer ++= multiline.stripMargin(marginChar).linesIterator
+    this
   }
 
   /**

From 4213e20945a891141c320b4e4b8762bd5fa61b38 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Sun, 20 Aug 2023 16:03:23 +0000
Subject: [PATCH 567/760] [KYUUBI #5177] Use Scala binary version placeholder
 in Maven module's artifactId suffix

### _Why are the changes needed?_

- Change hardcoded Scala's version 2.12 in Maven module's `artifactId` to placeholder `scala.binary.version` which is defined in project parent pom as 2.12
- Preparation for Scala 2.13/3.x support in the future
- No impact on using or building Maven modules
- Some ignorable warning messages for unstable artifactId will be thrown by Maven.
```
Warning:  Some problems were encountered while building the effective model for org.apache.kyuubi:kyuubi-server_2.12:jar:1.8.0-SNAPSHOT
Warning:  'artifactId' contains an expression but should be a constant
```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5175 from bowenliang123/artifactId-scala.

Closes #5177

2eba29cfa [liangbowen] use placeholder of scala binary version for artifactId

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/kyuubi-codecov/pom.xml                                   | 2 +-
 dev/kyuubi-tpcds/pom.xml                                     | 2 +-
 extensions/spark/kyuubi-extension-spark-3-1/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-2/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-3/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-common/pom.xml       | 2 +-
 extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml | 2 +-
 extensions/spark/kyuubi-spark-authz/pom.xml                  | 2 +-
 extensions/spark/kyuubi-spark-connector-common/pom.xml       | 2 +-
 extensions/spark/kyuubi-spark-connector-hive/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-connector-tpcds/pom.xml        | 2 +-
 extensions/spark/kyuubi-spark-connector-tpch/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-lineage/pom.xml                | 2 +-
 externals/kyuubi-chat-engine/pom.xml                         | 2 +-
 externals/kyuubi-flink-sql-engine/pom.xml                    | 2 +-
 externals/kyuubi-hive-sql-engine/pom.xml                     | 2 +-
 externals/kyuubi-jdbc-engine/pom.xml                         | 2 +-
 externals/kyuubi-spark-sql-engine/pom.xml                    | 2 +-
 externals/kyuubi-trino-engine/pom.xml                        | 2 +-
 integration-tests/kyuubi-flink-it/pom.xml                    | 2 +-
 integration-tests/kyuubi-hive-it/pom.xml                     | 2 +-
 integration-tests/kyuubi-jdbc-it/pom.xml                     | 2 +-
 integration-tests/kyuubi-trino-it/pom.xml                    | 2 +-
 integration-tests/kyuubi-zookeeper-it/pom.xml                | 2 +-
 kyuubi-assembly/pom.xml                                      | 2 +-
 kyuubi-common/pom.xml                                        | 2 +-
 kyuubi-ctl/pom.xml                                           | 2 +-
 kyuubi-events/pom.xml                                        | 2 +-
 kyuubi-ha/pom.xml                                            | 2 +-
 kyuubi-metrics/pom.xml                                       | 2 +-
 kyuubi-server/pom.xml                                        | 2 +-
 kyuubi-util-scala/pom.xml                                    | 2 +-
 kyuubi-zookeeper/pom.xml                                     | 2 +-
 tools/spark-block-cleaner/pom.xml                            | 2 +-
 34 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index 09ced96a1..0d265a006 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-codecov_2.12</artifactId>
+    <artifactId>kyuubi-codecov_${scala.binary.version}</artifactId>
     <packaging>pom</packaging>
     <name>Kyuubi Dev Code Coverage</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/dev/kyuubi-tpcds/pom.xml b/dev/kyuubi-tpcds/pom.xml
index 1bc69f9f2..bb52f6c21 100644
--- a/dev/kyuubi-tpcds/pom.xml
+++ b/dev/kyuubi-tpcds/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-tpcds_2.12</artifactId>
+    <artifactId>kyuubi-tpcds_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev TPCDS Generator</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
index eb56e435b..21e0d5c83 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-extension-spark-3-1_2.12</artifactId>
+    <artifactId>kyuubi-extension-spark-3-1_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Extensions (for Spark 3.1)</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
index c8caed835..086034890 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-extension-spark-3-2_2.12</artifactId>
+    <artifactId>kyuubi-extension-spark-3-2_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Extensions (for Spark 3.2)</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
index 51d21f684..3d7312829 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-extension-spark-3-3_2.12</artifactId>
+    <artifactId>kyuubi-extension-spark-3-3_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Extensions (for Spark 3.3)</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-extension-spark-common/pom.xml b/extensions/spark/kyuubi-extension-spark-common/pom.xml
index e11600408..9ebacfdbe 100644
--- a/extensions/spark/kyuubi-extension-spark-common/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-common/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-extension-spark-common_2.12</artifactId>
+    <artifactId>kyuubi-extension-spark-common_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Extensions Common (for Spark 3)</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
index 48c4c4379..a68c7a75c 100644
--- a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
@@ -26,7 +26,7 @@
 
     </parent>
 
-    <artifactId>kyuubi-extension-spark-jdbc-dialect_2.12</artifactId>
+    <artifactId>kyuubi-extension-spark-jdbc-dialect_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Spark JDBC Dialect plugin</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 7f95a6b05..7189f6296 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -26,7 +26,7 @@
 
     </parent>
 
-    <artifactId>kyuubi-spark-authz_2.12</artifactId>
+    <artifactId>kyuubi-spark-authz_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Authorization Extension</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-spark-connector-common/pom.xml b/extensions/spark/kyuubi-spark-connector-common/pom.xml
index 132f8ea83..007dac3ae 100644
--- a/extensions/spark/kyuubi-spark-connector-common/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-common/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-spark-connector-common_2.12</artifactId>
+    <artifactId>kyuubi-spark-connector-common_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Spark Connector Common</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-spark-connector-hive/pom.xml b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
index 8a182748a..970cadff7 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-spark-connector-hive_2.12</artifactId>
+    <artifactId>kyuubi-spark-connector-hive_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Spark Hive Connector</name>
     <description>A Kyuubi hive connector based on Spark V2 DataSource</description>
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
index 4bad96dda..6da770dea 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-spark-connector-tpcds_2.12</artifactId>
+    <artifactId>kyuubi-spark-connector-tpcds_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Spark TPC-DS Connector</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
index fe5721c0f..070d76d9b 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-spark-connector-tpch_2.12</artifactId>
+    <artifactId>kyuubi-spark-connector-tpch_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Spark TPC-H Connector</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index 760b0cc08..3515d3789 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-spark-lineage_2.12</artifactId>
+    <artifactId>kyuubi-spark-lineage_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Lineage Extension</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/externals/kyuubi-chat-engine/pom.xml b/externals/kyuubi-chat-engine/pom.xml
index 28779f450..9ec8a966d 100644
--- a/externals/kyuubi-chat-engine/pom.xml
+++ b/externals/kyuubi-chat-engine/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-chat-engine_2.12</artifactId>
+    <artifactId>kyuubi-chat-engine_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Engine Chat</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index 8c62521b7..d485e012b 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-flink-sql-engine_2.12</artifactId>
+    <artifactId>kyuubi-flink-sql-engine_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Engine Flink SQL</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/externals/kyuubi-hive-sql-engine/pom.xml b/externals/kyuubi-hive-sql-engine/pom.xml
index a6a28a958..581e6f3de 100644
--- a/externals/kyuubi-hive-sql-engine/pom.xml
+++ b/externals/kyuubi-hive-sql-engine/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-hive-sql-engine_2.12</artifactId>
+    <artifactId>kyuubi-hive-sql-engine_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Engine Hive SQL</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/externals/kyuubi-jdbc-engine/pom.xml b/externals/kyuubi-jdbc-engine/pom.xml
index 4bcc4fb60..95afd5289 100644
--- a/externals/kyuubi-jdbc-engine/pom.xml
+++ b/externals/kyuubi-jdbc-engine/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-jdbc-engine_2.12</artifactId>
+    <artifactId>kyuubi-jdbc-engine_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Engine JDBC</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 67674e8c9..9dcd6dca1 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-spark-sql-engine_2.12</artifactId>
+    <artifactId>kyuubi-spark-sql-engine_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Engine Spark SQL</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/externals/kyuubi-trino-engine/pom.xml b/externals/kyuubi-trino-engine/pom.xml
index 7aea8f33a..e9926db74 100644
--- a/externals/kyuubi-trino-engine/pom.xml
+++ b/externals/kyuubi-trino-engine/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-trino-engine_2.12</artifactId>
+    <artifactId>kyuubi-trino-engine_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Engine Trino</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml
index eada7841c..970a76d21 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-flink-it_2.12</artifactId>
+    <artifactId>kyuubi-flink-it_${scala.binary.version}</artifactId>
     <name>Kyuubi Test Flink SQL IT</name>
     <url>https://kyuubi.apache.org/</url>
 
diff --git a/integration-tests/kyuubi-hive-it/pom.xml b/integration-tests/kyuubi-hive-it/pom.xml
index ff9a6b35e..55f1f1ef2 100644
--- a/integration-tests/kyuubi-hive-it/pom.xml
+++ b/integration-tests/kyuubi-hive-it/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-hive-it_2.12</artifactId>
+    <artifactId>kyuubi-hive-it_${scala.binary.version}</artifactId>
     <name>Kyuubi Test Hive IT</name>
     <url>https://kyuubi.apache.org/</url>
 
diff --git a/integration-tests/kyuubi-jdbc-it/pom.xml b/integration-tests/kyuubi-jdbc-it/pom.xml
index 2d95de78e..3336a2b2f 100644
--- a/integration-tests/kyuubi-jdbc-it/pom.xml
+++ b/integration-tests/kyuubi-jdbc-it/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-jdbc-it_2.12</artifactId>
+    <artifactId>kyuubi-jdbc-it_${scala.binary.version}</artifactId>
     <name>Kyuubi Test Jdbc IT</name>
     <url>https://kyuubi.apache.org/</url>
 
diff --git a/integration-tests/kyuubi-trino-it/pom.xml b/integration-tests/kyuubi-trino-it/pom.xml
index 107d621b0..faf38e3e0 100644
--- a/integration-tests/kyuubi-trino-it/pom.xml
+++ b/integration-tests/kyuubi-trino-it/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-trino-it_2.12</artifactId>
+    <artifactId>kyuubi-trino-it_${scala.binary.version}</artifactId>
     <name>Kyuubi Test Trino IT</name>
     <url>https://kyuubi.apache.org/</url>
 
diff --git a/integration-tests/kyuubi-zookeeper-it/pom.xml b/integration-tests/kyuubi-zookeeper-it/pom.xml
index bded1585b..c25daffaa 100644
--- a/integration-tests/kyuubi-zookeeper-it/pom.xml
+++ b/integration-tests/kyuubi-zookeeper-it/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-zookeeper-it_2.12</artifactId>
+    <artifactId>kyuubi-zookeeper-it_${scala.binary.version}</artifactId>
     <name>Kyuubi Test Zookeeper IT</name>
     <url>https://kyuubi.apache.org/</url>
 
diff --git a/kyuubi-assembly/pom.xml b/kyuubi-assembly/pom.xml
index 1087201b1..b9785bd7a 100644
--- a/kyuubi-assembly/pom.xml
+++ b/kyuubi-assembly/pom.xml
@@ -26,7 +26,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-assembly_2.12</artifactId>
+    <artifactId>kyuubi-assembly_${scala.binary.version}</artifactId>
     <packaging>pom</packaging>
     <name>Kyuubi Project Assembly</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index 1b0ba3110..b6c9f6dcb 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-common_2.12</artifactId>
+    <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Common</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-ctl/pom.xml b/kyuubi-ctl/pom.xml
index da1a5777a..0b3e527c9 100644
--- a/kyuubi-ctl/pom.xml
+++ b/kyuubi-ctl/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-ctl_2.12</artifactId>
+    <artifactId>kyuubi-ctl_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Control</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-events/pom.xml b/kyuubi-events/pom.xml
index 760955fc6..11a99198c 100644
--- a/kyuubi-events/pom.xml
+++ b/kyuubi-events/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-events_2.12</artifactId>
+    <artifactId>kyuubi-events_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Events</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-ha/pom.xml b/kyuubi-ha/pom.xml
index cf605b37f..b42bed924 100644
--- a/kyuubi-ha/pom.xml
+++ b/kyuubi-ha/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-ha_2.12</artifactId>
+    <artifactId>kyuubi-ha_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project High Availability</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-metrics/pom.xml b/kyuubi-metrics/pom.xml
index 2edeb73c7..adac74d31 100644
--- a/kyuubi-metrics/pom.xml
+++ b/kyuubi-metrics/pom.xml
@@ -24,7 +24,7 @@
         <version>1.8.0-SNAPSHOT</version>
     </parent>
 
-    <artifactId>kyuubi-metrics_2.12</artifactId>
+    <artifactId>kyuubi-metrics_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Metrics</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 8376d84a0..1cb6d424d 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -24,7 +24,7 @@
         <version>1.8.0-SNAPSHOT</version>
     </parent>
 
-    <artifactId>kyuubi-server_2.12</artifactId>
+    <artifactId>kyuubi-server_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Server</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-util-scala/pom.xml b/kyuubi-util-scala/pom.xml
index 19df6d78e..2e86c8cae 100644
--- a/kyuubi-util-scala/pom.xml
+++ b/kyuubi-util-scala/pom.xml
@@ -24,7 +24,7 @@
         <version>1.8.0-SNAPSHOT</version>
     </parent>
 
-    <artifactId>kyuubi-util-scala_2.12</artifactId>
+    <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Util Scala</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/kyuubi-zookeeper/pom.xml b/kyuubi-zookeeper/pom.xml
index e10ac2d9d..f58415c99 100644
--- a/kyuubi-zookeeper/pom.xml
+++ b/kyuubi-zookeeper/pom.xml
@@ -24,7 +24,7 @@
         <version>1.8.0-SNAPSHOT</version>
     </parent>
 
-    <artifactId>kyuubi-zookeeper_2.12</artifactId>
+    <artifactId>kyuubi-zookeeper_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Embedded Zookeeper</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/tools/spark-block-cleaner/pom.xml b/tools/spark-block-cleaner/pom.xml
index 02e682c3a..e0520e463 100644
--- a/tools/spark-block-cleaner/pom.xml
+++ b/tools/spark-block-cleaner/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>spark-block-cleaner_2.12</artifactId>
+    <artifactId>spark-block-cleaner_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Project Spark Block Cleaner</name>
     <url>https://kyuubi.apache.org/</url>

From b9fc85c85946a6b39764db95281f47c830a8827c Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 21 Aug 2023 13:13:55 +0800
Subject: [PATCH 568/760] [KYUUBI #5180] Replace deprecated classes by
 equivalent in scala.tools.nsc.interpreter package

### _Why are the changes needed?_

- Replace deprecated class alias `scala.tools.nsc.interpreter.IR` and `scala.tools.nsc.interpreter.JPrintWriter` in Scala 2.13 with equivalent classes `scala.tools.nsc.interpreter.Results` and `java.io.PrintWriter`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5180 from bowenliang123/interpreter-213.

Closes #5180

e76f1f05a [liangbowen] prevent to use deprecated classes in  the package scala.tools.nsc.interpreter of Scala 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/engine/spark/repl/KyuubiSparkILoop.scala      | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
index a5437df92..fbbda89ed 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
@@ -17,12 +17,11 @@
 
 package org.apache.kyuubi.engine.spark.repl
 
-import java.io.{ByteArrayOutputStream, File}
+import java.io.{ByteArrayOutputStream, File, PrintWriter}
 import java.util.concurrent.locks.ReentrantLock
 
 import scala.tools.nsc.Settings
-import scala.tools.nsc.interpreter.IR
-import scala.tools.nsc.interpreter.JPrintWriter
+import scala.tools.nsc.interpreter.Results
 
 import org.apache.spark.SparkContext
 import org.apache.spark.repl.SparkILoop
@@ -34,7 +33,7 @@ import org.apache.kyuubi.Utils
 private[spark] case class KyuubiSparkILoop private (
     spark: SparkSession,
     output: ByteArrayOutputStream)
-  extends SparkILoop(None, new JPrintWriter(output)) {
+  extends SparkILoop(None, new PrintWriter(output)) {
   import KyuubiSparkILoop._
 
   val result = new DataFrameHolder(spark)
@@ -102,7 +101,7 @@ private[spark] case class KyuubiSparkILoop private (
 
   def clearResult(statementId: String): Unit = result.unset(statementId)
 
-  def interpretWithRedirectOutError(statement: String): IR.Result = withLockRequired {
+  def interpretWithRedirectOutError(statement: String): Results.Result = withLockRequired {
     Console.withOut(output) {
       Console.withErr(output) {
         this.interpret(statement)

From 7979aafe54282469f8885cfc367817daaea1eded Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 21 Aug 2023 14:35:38 +0800
Subject: [PATCH 569/760] [KYUUBI #5179] Use Iterable instead of Seq in
 kyuubi-ctl commands

### _Why are the changes needed?_

- Use `Iterable` instead of `Seq` in kyuubi-ctl commands for Scala  compatibility, as
1.  in Scala 2.13,  the `scala.Seq` is now an alias for `scala.collection.immutable.Seq`  (instead of `scala.collection.Seq`)
2. in Scala 2.13, `scala.collection.mutable.ListBuffer` (or Buffers) does not extend `scala.collection.immutable.Seq` according to [Scala collection migration guide](https://docs.scala-lang.org/overviews/core/collections-migration-213.html)
3. in both Scala 2.12 and 2.13, `ListBuffer` (or Buffers) extends `scala.collection.mutable.Iterable`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5179 from bowenliang123/ctlcmd-iter.

Closes #5179

3265e3b99 [liangbowen] Use Iterable instead of Seq in kyuubi-ctl commands

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/ctl/cmd/create/CreateServerCommand.scala    |  7 ++++---
 .../apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala   |  6 +++---
 .../kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala    |  2 +-
 .../org/apache/kyuubi/ctl/cmd/get/GetCommand.scala     |  7 ++++---
 .../apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala   |  2 +-
 .../apache/kyuubi/ctl/cmd/get/GetServerCommand.scala   |  2 +-
 .../kyuubi/ctl/cmd/list/AdminListEngineCommand.scala   |  7 ++++---
 .../kyuubi/ctl/cmd/list/AdminListServerCommand.scala   |  6 +++---
 .../org/apache/kyuubi/ctl/cmd/list/ListCommand.scala   |  7 ++++---
 .../apache/kyuubi/ctl/cmd/list/ListServerCommand.scala |  2 +-
 .../kyuubi/ctl/cmd/list/ListSessionCommand.scala       |  6 +++---
 .../main/scala/org/apache/kyuubi/ctl/util/Render.scala | 10 +++++-----
 12 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala
index f4d4ce2ea..cbff0c15a 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/create/CreateServerCommand.scala
@@ -25,7 +25,8 @@ import org.apache.kyuubi.ha.HighAvailabilityConf._
 import org.apache.kyuubi.ha.client.{DiscoveryClient, DiscoveryPaths, ServiceNodeInfo}
 import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 
-class CreateServerCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+class CreateServerCommand(cliConfig: CliConfig)
+  extends Command[Iterable[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     if (normalizedCliConfig.resource != ControlObject.SERVER) {
@@ -49,7 +50,7 @@ class CreateServerCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeI
   /**
    * Expose Kyuubi server instance to another domain.
    */
-  def doRun(): Seq[ServiceNodeInfo] = {
+  override def doRun(): Iterable[ServiceNodeInfo] = {
     val kyuubiConf = conf
 
     kyuubiConf.setIfMissing(HA_ADDRESSES, normalizedCliConfig.zkOpts.zkQuorum)
@@ -89,7 +90,7 @@ class CreateServerCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeI
     }
   }
 
-  def render(nodes: Seq[ServiceNodeInfo]): Unit = {
+  override def render(nodes: Iterable[ServiceNodeInfo]): Unit = {
     val title = "Created zookeeper service nodes"
     info(Render.renderServiceNodesInfo(title, nodes))
   }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala
index ddbe083ce..113fb935c 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteCommand.scala
@@ -22,7 +22,7 @@ import org.apache.kyuubi.ctl.util.{Render, Validator}
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 abstract class DeleteCommand(cliConfig: CliConfig)
-  extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+  extends Command[Iterable[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     Validator.validateZkArguments(normalizedCliConfig)
@@ -33,9 +33,9 @@ abstract class DeleteCommand(cliConfig: CliConfig)
   /**
    * Delete zookeeper service node with specified host port.
    */
-  def doRun(): Seq[ServiceNodeInfo]
+  override def doRun(): Iterable[ServiceNodeInfo]
 
-  def render(nodes: Seq[ServiceNodeInfo]): Unit = {
+  override def render(nodes: Iterable[ServiceNodeInfo]): Unit = {
     val title = "Deleted zookeeper service nodes"
     info(Render.renderServiceNodesInfo(title, nodes))
   }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala
index ab6e81e24..f3117a7b1 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteEngineCommand.scala
@@ -34,7 +34,7 @@ class DeleteEngineCommand(cliConfig: CliConfig) extends DeleteCommand(cliConfig)
     }
   }
 
-  def doRun(): Seq[ServiceNodeInfo] = {
+  override def doRun(): Iterable[ServiceNodeInfo] = {
     withDiscoveryClient(conf) { discoveryClient =>
       val hostPortOpt =
         Some((cliConfig.zkOpts.host, cliConfig.zkOpts.port.toInt))
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala
index af8285105..5b7ada27d 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetCommand.scala
@@ -21,7 +21,8 @@ import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.{Render, Validator}
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-abstract class GetCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+abstract class GetCommand(cliConfig: CliConfig)
+  extends Command[Iterable[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     Validator.validateZkArguments(normalizedCliConfig)
@@ -29,9 +30,9 @@ abstract class GetCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeI
     mergeArgsIntoKyuubiConf()
   }
 
-  def doRun(): Seq[ServiceNodeInfo]
+  override def doRun(): Iterable[ServiceNodeInfo]
 
-  def render(nodes: Seq[ServiceNodeInfo]): Unit = {
+  override def render(nodes: Iterable[ServiceNodeInfo]): Unit = {
     val title = "Zookeeper service nodes"
     info(Render.renderServiceNodesInfo(title, nodes))
   }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala
index 13f4d00c8..0d3018372 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetEngineCommand.scala
@@ -31,7 +31,7 @@ class GetEngineCommand(cliConfig: CliConfig) extends GetCommand(cliConfig) {
     }
   }
 
-  override def doRun(): Seq[ServiceNodeInfo] = {
+  override def doRun(): Iterable[ServiceNodeInfo] = {
     CtlUtils.listZkEngineNodes(
       conf,
       normalizedCliConfig,
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala
index faa76b219..744655fd9 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/get/GetServerCommand.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.ctl.util.CtlUtils
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 class GetServerCommand(cliConfig: CliConfig) extends GetCommand(cliConfig) {
-  override def doRun(): Seq[ServiceNodeInfo] = {
+  override def doRun(): Iterable[ServiceNodeInfo] = {
     CtlUtils.listZkServerNodes(
       conf,
       normalizedCliConfig,
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala
index bc0b16e67..acd6fe444 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala
@@ -26,11 +26,12 @@ import org.apache.kyuubi.ctl.cmd.AdminCtlCommand
 import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.Render
 
-class AdminListEngineCommand(cliConfig: CliConfig) extends AdminCtlCommand[Seq[Engine]](cliConfig) {
+class AdminListEngineCommand(cliConfig: CliConfig)
+  extends AdminCtlCommand[Iterable[Engine]](cliConfig) {
 
   override def validate(): Unit = {}
 
-  def doRun(): Seq[Engine] = {
+  override def doRun(): Iterable[Engine] = {
     withKyuubiRestClient(normalizedCliConfig, null, conf) { kyuubiRestClient =>
       val adminRestApi = new AdminRestApi(kyuubiRestClient)
       adminRestApi.listEngines(
@@ -41,7 +42,7 @@ class AdminListEngineCommand(cliConfig: CliConfig) extends AdminCtlCommand[Seq[E
     }
   }
 
-  def render(resp: Seq[Engine]): Unit = {
+  override def render(resp: Iterable[Engine]): Unit = {
     info(Render.renderEngineNodesInfo(resp))
   }
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala
index a8e7e5d06..27471f6ad 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListServerCommand.scala
@@ -27,18 +27,18 @@ import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.Render
 
 class AdminListServerCommand(cliConfig: CliConfig)
-  extends AdminCtlCommand[Seq[ServerData]](cliConfig) {
+  extends AdminCtlCommand[Iterable[ServerData]](cliConfig) {
 
   override def validate(): Unit = {}
 
-  override def doRun(): Seq[ServerData] = {
+  override def doRun(): Iterable[ServerData] = {
     withKyuubiRestClient(normalizedCliConfig, null, conf) { kyuubiRestClient =>
       val adminRestApi = new AdminRestApi(kyuubiRestClient)
       adminRestApi.listServers().asScala
     }
   }
 
-  override def render(resp: Seq[ServerData]): Unit = {
+  override def render(resp: Iterable[ServerData]): Unit = {
     info(Render.renderServerNodesInfo(resp))
   }
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala
index e5a3a6882..95399a2c7 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListCommand.scala
@@ -21,16 +21,17 @@ import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.{Render, Validator}
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
-abstract class ListCommand(cliConfig: CliConfig) extends Command[Seq[ServiceNodeInfo]](cliConfig) {
+abstract class ListCommand(cliConfig: CliConfig)
+  extends Command[Iterable[ServiceNodeInfo]](cliConfig) {
 
   def validate(): Unit = {
     Validator.validateZkArguments(normalizedCliConfig)
     mergeArgsIntoKyuubiConf()
   }
 
-  def doRun(): Seq[ServiceNodeInfo]
+  override def doRun(): Iterable[ServiceNodeInfo]
 
-  def render(nodes: Seq[ServiceNodeInfo]): Unit = {
+  override def render(nodes: Iterable[ServiceNodeInfo]): Unit = {
     val title = "Zookeeper service nodes"
     info(Render.renderServiceNodesInfo(title, nodes))
   }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala
index 56e8f4695..e6c8d6ad3 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListServerCommand.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.ctl.util.CtlUtils
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 class ListServerCommand(cliConfig: CliConfig) extends ListCommand(cliConfig) {
-  override def doRun(): Seq[ServiceNodeInfo] = {
+  override def doRun(): Iterable[ServiceNodeInfo] = {
     CtlUtils.listZkServerNodes(conf, normalizedCliConfig, None)
   }
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListSessionCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListSessionCommand.scala
index 7a3668876..9d1dfead4 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListSessionCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/ListSessionCommand.scala
@@ -26,18 +26,18 @@ import org.apache.kyuubi.ctl.cmd.Command
 import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.Render
 
-class ListSessionCommand(cliConfig: CliConfig) extends Command[Seq[SessionData]](cliConfig) {
+class ListSessionCommand(cliConfig: CliConfig) extends Command[Iterable[SessionData]](cliConfig) {
 
   override def validate(): Unit = {}
 
-  def doRun(): Seq[SessionData] = {
+  override def doRun(): Iterable[SessionData] = {
     withKyuubiRestClient(normalizedCliConfig, null, conf) { kyuubiRestClient =>
       val sessionRestApi = new SessionRestApi(kyuubiRestClient)
       sessionRestApi.listSessions.asScala
     }
   }
 
-  def render(resp: Seq[SessionData]): Unit = {
+  override def render(resp: Iterable[SessionData]): Unit = {
     info(Render.renderSessionDataListInfo(resp))
   }
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
index bb6e3529d..92db46d88 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/util/Render.scala
@@ -25,15 +25,15 @@ import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 private[ctl] object Render {
 
-  def renderServiceNodesInfo(title: String, serviceNodeInfo: Seq[ServiceNodeInfo]): String = {
+  def renderServiceNodesInfo(title: String, serviceNodeInfo: Iterable[ServiceNodeInfo]): String = {
     val header = Array("Namespace", "Host", "Port", "Version")
-    val rows = serviceNodeInfo.sortBy(_.nodeName).map { sn =>
+    val rows = serviceNodeInfo.toSeq.sortBy(_.nodeName).map { sn =>
       Array(sn.namespace, sn.host, sn.port.toString, sn.version.getOrElse(""))
     }.toArray
     Tabulator.format(title, header, rows)
   }
 
-  def renderEngineNodesInfo(engineNodesInfo: Seq[Engine]): String = {
+  def renderEngineNodesInfo(engineNodesInfo: Iterable[Engine]): String = {
     val title = s"Engine Node List (total ${engineNodesInfo.size})"
     val header = Array("Namespace", "Instance", "Attributes")
     val rows = engineNodesInfo.map { engine =>
@@ -45,7 +45,7 @@ private[ctl] object Render {
     Tabulator.format(title, header, rows)
   }
 
-  def renderServerNodesInfo(serverNodesInfo: Seq[ServerData]): String = {
+  def renderServerNodesInfo(serverNodesInfo: Iterable[ServerData]): String = {
     val title = s"Server Node List (total ${serverNodesInfo.size})"
     val header = Array("Namespace", "Instance", "Attributes", "Status")
     val rows = serverNodesInfo.map { server =>
@@ -58,7 +58,7 @@ private[ctl] object Render {
     Tabulator.format(title, header, rows)
   }
 
-  def renderSessionDataListInfo(sessions: Seq[SessionData]): String = {
+  def renderSessionDataListInfo(sessions: Iterable[SessionData]): String = {
     val title = s"Live Session List (total ${sessions.size})"
     val header = Array(
       "Identifier",

From 00ddcd39bb9062f79c26bb14dcb719fe31513a10 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Mon, 21 Aug 2023 19:59:43 +0800
Subject: [PATCH 570/760] [KYUUBI #5184] [Improvement] Rename Kyuubi's
 StageInfo to SparkStageInfo to fix class mismatch

### _Why are the changes needed?_

- Fix class mismatch when trying to compilation on Scala 2.13, due to implicit class reference to `StageInfo`. The compilation fails by type mismatching, if the compiler classloader loads Spark's `org.apache.spark.schedulerStageInfo` ahead of Kyuubi's `org.apache.spark.kyuubi.StageInfo`.
- Change var integer to AtomicInteger for `numActiveTasks` and `numCompleteTasks`, preventing possible concurrent inconsistency

```
[ERROR] [Error] /Users/bw/dev/kyuubi/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala:56: type mismatch;
 found   : java.util.concurrent.ConcurrentHashMap[org.apache.spark.kyuubi.StageAttempt,org.apache.spark.scheduler.StageInfo]
 required: java.util.concurrent.ConcurrentHashMap[org.apache.spark.kyuubi.StageAttempt,org.apache.spark.kyuubi.StageInfo]
[INFO] [Info] : java.util.concurrent.ConcurrentHashMap[org.apache.spark.kyuubi.StageAttempt,org.apache.spark.scheduler.StageInfo] <: java.util.concurrent.ConcurrentHashMap[org.apache.spark.kyuubi.StageAttempt,org.apache.spark.kyuubi.StageInfo]?
[INFO] [Info] : false
[ERROR] [Error] /Users/bw/dev/kyuubi/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala:126: not enough arguments for constructor StageInfo: (stageId: Int, attemptId: Int, name: String, numTasks: Int, rddInfos: Seq[org.apache.spark.storage.RDDInfo], parentIds: Seq[Int], details: String, taskMetrics: org.apache.spark.executor.TaskMetrics, taskLocalityPreferences: Seq[Seq[org.apache.spark.scheduler.TaskLocation]], shuffleDepId: Option[Int], resourceProfileId: Int, isPushBasedShuffleEnabled: Boolean, shuffleMergerCount: Int): org.apache.spark.scheduler.StageInfo.
Unspecified value parameters name, numTasks, rddInfos...
[ERROR] [Error] /Users/bw/dev/kyuubi/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala:148: value numActiveTasks is not a member of org.apache.spark.scheduler.StageInfo
[ERROR] [Error] /Users/bw/dev/kyuubi/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala:156: value numActiveTasks is not a member of org.apache.spark.scheduler.StageInfo
[ERROR] [Error] /Users/bw/dev/kyuubi/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala:158: value numCompleteTasks is not a member of org.apache.spark.scheduler.StageInfo
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5184 from bowenliang123/spark-stage-info.

Closes #5184

fd0b9b564 [liangbowen] update
d410491f3 [liangbowen] rename Kyuubi's StageInfo to SparkStageInfo preventing class mismatch

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../spark/kyuubi/SQLOperationListener.scala    | 18 +++++++++---------
 .../spark/kyuubi/SparkConsoleProgressBar.scala |  6 +++---
 .../org/apache/spark/kyuubi/StageStatus.scala  | 10 ++++++----
 3 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
index 1a57fcf29..4e4a940d2 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
@@ -45,7 +45,7 @@ class SQLOperationListener(
 
   private val operationId: String = operation.getHandle.identifier.toString
   private lazy val activeJobs = new java.util.HashSet[Int]()
-  private lazy val activeStages = new ConcurrentHashMap[StageAttempt, StageInfo]()
+  private lazy val activeStages = new ConcurrentHashMap[SparkStageAttempt, SparkStageInfo]()
   private var executionId: Option[Long] = None
 
   private val conf: KyuubiConf = operation.getSession.sessionManager.getConf
@@ -120,10 +120,10 @@ class SQLOperationListener(
         val stageInfo = stageSubmitted.stageInfo
         val stageId = stageInfo.stageId
         val attemptNumber = stageInfo.attemptNumber()
-        val stageAttempt = StageAttempt(stageId, attemptNumber)
+        val stageAttempt = SparkStageAttempt(stageId, attemptNumber)
         activeStages.put(
           stageAttempt,
-          new StageInfo(stageId, stageInfo.numTasks))
+          new SparkStageInfo(stageId, stageInfo.numTasks))
         withOperationLog {
           info(s"Query [$operationId]: Stage $stageId.$attemptNumber started " +
             s"with ${stageInfo.numTasks} tasks, ${activeStages.size()} active stages running")
@@ -134,7 +134,7 @@ class SQLOperationListener(
 
   override def onStageCompleted(stageCompleted: SparkListenerStageCompleted): Unit = {
     val stageInfo = stageCompleted.stageInfo
-    val stageAttempt = StageAttempt(stageInfo.stageId, stageInfo.attemptNumber())
+    val stageAttempt = SparkStageAttempt(stageInfo.stageId, stageInfo.attemptNumber())
     activeStages.synchronized {
       if (activeStages.remove(stageAttempt) != null) {
         withOperationLog(super.onStageCompleted(stageCompleted))
@@ -143,19 +143,19 @@ class SQLOperationListener(
   }
 
   override def onTaskStart(taskStart: SparkListenerTaskStart): Unit = activeStages.synchronized {
-    val stageAttempt = StageAttempt(taskStart.stageId, taskStart.stageAttemptId)
+    val stageAttempt = SparkStageAttempt(taskStart.stageId, taskStart.stageAttemptId)
     if (activeStages.containsKey(stageAttempt)) {
-      activeStages.get(stageAttempt).numActiveTasks += 1
+      activeStages.get(stageAttempt).numActiveTasks.getAndIncrement()
       super.onTaskStart(taskStart)
     }
   }
 
   override def onTaskEnd(taskEnd: SparkListenerTaskEnd): Unit = activeStages.synchronized {
-    val stageAttempt = StageAttempt(taskEnd.stageId, taskEnd.stageAttemptId)
+    val stageAttempt = SparkStageAttempt(taskEnd.stageId, taskEnd.stageAttemptId)
     if (activeStages.containsKey(stageAttempt)) {
-      activeStages.get(stageAttempt).numActiveTasks -= 1
+      activeStages.get(stageAttempt).numActiveTasks.getAndDecrement()
       if (taskEnd.reason == org.apache.spark.Success) {
-        activeStages.get(stageAttempt).numCompleteTasks += 1
+        activeStages.get(stageAttempt).numCompleteTasks.getAndIncrement()
       }
       super.onTaskEnd(taskEnd)
     }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala
index fc2ebd5f8..dc8b493cc 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala
@@ -29,7 +29,7 @@ import org.apache.kyuubi.operation.Operation
 
 class SparkConsoleProgressBar(
     operation: Operation,
-    liveStages: ConcurrentHashMap[StageAttempt, StageInfo],
+    liveStages: ConcurrentHashMap[SparkStageAttempt, SparkStageInfo],
     updatePeriodMSec: Long,
     timeFormat: String)
   extends Logging {
@@ -77,7 +77,7 @@ class SparkConsoleProgressBar(
    * after your last output, keeps overwriting itself to hold in one line. The logging will follow
    * the progress bar, then progress bar will be showed in next line without overwrite logs.
    */
-  private def show(now: Long, stages: Seq[StageInfo]): Unit = {
+  private def show(now: Long, stages: Seq[SparkStageInfo]): Unit = {
     val width = TerminalWidth / stages.size
     val bar = stages.map { s =>
       val total = s.numTasks
@@ -86,7 +86,7 @@ class SparkConsoleProgressBar(
       val w = width - header.length - tailer.length
       val bar =
         if (w > 0) {
-          val percent = w * s.numCompleteTasks / total
+          val percent = w * s.numCompleteTasks.get / total
           (0 until w).map { i =>
             if (i < percent) "=" else if (i == percent) ">" else " "
           }.mkString("")
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
index 144570862..2ea9c3fda 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
@@ -17,11 +17,13 @@
 
 package org.apache.spark.kyuubi
 
-case class StageAttempt(stageId: Int, stageAttemptId: Int) {
+import java.util.concurrent.atomic.AtomicInteger
+
+case class SparkStageAttempt(stageId: Int, stageAttemptId: Int) {
   override def toString: String = s"Stage $stageId (Attempt $stageAttemptId)"
 }
 
-class StageInfo(val stageId: Int, val numTasks: Int) {
-  var numActiveTasks = 0
-  var numCompleteTasks = 0
+class SparkStageInfo(val stageId: Int, val numTasks: Int) {
+  var numActiveTasks = new AtomicInteger(0)
+  var numCompleteTasks = new AtomicInteger(0)
 }

From 739e1a61a7e6ea394c6a297752e5198c38289110 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 22 Aug 2023 13:03:34 +0800
Subject: [PATCH 571/760] [KYUUBI #5187] [Minor] Fix info message in UserFilter

### _Why are the changes needed?_

- fix info message with correct string placeholder of user in UserFilter

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5187 from bowenliang123/userfilter-str.

Closes #5187

25d370ee3 [liangbowen] fix info message in UserFilter

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/service/authentication/ldap/UserFilterFactory.scala  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
index 7c2f22ed8..d499c67ef 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
@@ -35,7 +35,7 @@ class UserFilter(_userFilter: Seq[String]) extends Filter with Logging {
 
   @throws[AuthenticationException]
   override def apply(ldap: DirSearch, user: String): Unit = {
-    info("Authenticating user '$user' using user filter")
+    info(s"Authenticating user '$user' using user filter")
     val userName = LdapUtils.extractUserName(user).toLowerCase
     if (!userFilter.contains(userName)) {
       info("Authentication failed based on user membership")

From 0b1a0cb4f27dcd386ca690b4380908ba5a62b98a Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 22 Aug 2023 17:36:21 +0800
Subject: [PATCH 572/760] [KYUUBI #5183] Introducing profile scala-2.13 for
 development use

### _Why are the changes needed?_

- introducing `scala-2.13` for development use only
- adapt the common modules compilable on Scala 2.13, including
  - kyuubi-common
  - kyuubi-ctl
  - kyuubi-ha
- use separate compile options for Scala 2.13 , skipping deprecated scala compiler option `-Yno-adapted-args`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5183 from bowenliang123/scala213-common.

Closes #5183

1e65a5d03 [Bowen Liang] Align scala 2.13 version with Spark to 2.13.8
0003c8bed [liangbowen] duplicate scala-maven-plugin configs in profile
8b448a5f0 [liangbowen] 2.13.11
36d2284c4 [liangbowen] comment
28b515a0c [liangbowen] comment
865c5e55b [liangbowen] update
52e381200 [liangbowen] ensure kyuubi-ctl module compilable on scala 2.13
70dbc7ae2 [liangbowen] ensure kyuubi-ha module compilable on scala 2.13
84c1e4b4d [liangbowen] ensure kyuubi-common module compilable on scala 2.13
e116d77f5 [liangbowen] skip deprecated compiler option "-Yno-adapted-args" in 2.13
26c27a2ee [liangbowen] introduce new profile scala-2.13

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../apache/kyuubi/KyuubiSQLException.scala    |  4 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala |  2 +-
 .../LdapAuthenticationProviderImplSuite.scala |  2 +-
 .../ctl/cmd/delete/DeleteServerCommand.scala  |  2 +-
 .../ha/client/etcd/EtcdDiscoveryClient.scala  |  8 +--
 .../zookeeper/ZookeeperDiscoveryClient.scala  | 30 +++--------
 pom.xml                                       | 51 +++++++++++++++++++
 7 files changed, 68 insertions(+), 31 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala
index c9fd8203c..570ee6d38 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/KyuubiSQLException.scala
@@ -156,7 +156,7 @@ object KyuubiSQLException {
     (i1, i2, i3)
   }
 
-  def toCause(details: Seq[String]): Throwable = {
+  def toCause(details: Iterable[String]): Throwable = {
     var ex: Throwable = null
     if (details != null && details.nonEmpty) {
       val head = details.head
@@ -172,7 +172,7 @@ object KyuubiSQLException {
         val lineNum = line.substring(i3 + 1).toInt
         new StackTraceElement(clzName, methodName, fileName, lineNum)
       }
-      ex = newInstance(exClz, msg, toCause(details.slice(length + 2, details.length)))
+      ex = newInstance(exClz, msg, toCause(details.slice(length + 2, details.size)))
       ex.setStackTrace(stackTraceElements.toArray)
     }
     ex
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index b4102d267..515ffbc34 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -42,7 +42,7 @@ case class KyuubiConf(loadSysDefault: Boolean = true) extends Logging {
   }
 
   if (loadSysDefault) {
-    val fromSysDefaults = Utils.getSystemProperties.filterKeys(_.startsWith("kyuubi."))
+    val fromSysDefaults = Utils.getSystemProperties.filterKeys(_.startsWith("kyuubi.")).toMap
     loadFromMap(fromSysDefaults)
   }
 
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
index d822408b9..f10bf7ce2 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImplSuite.scala
@@ -47,7 +47,7 @@ class LdapAuthenticationProviderImplSuite extends WithLdapServer {
   }
 
   test("authenticateGivenBlankOrNullPassword") {
-    Seq("", "\0", null).foreach { pwd =>
+    Seq("", "\u0000", null).foreach { pwd =>
       auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory)
       val thrown = intercept[AuthenticationException] {
         auth.authenticate("user", pwd)
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala
index 197b78645..1f4d67ee6 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/delete/DeleteServerCommand.scala
@@ -24,7 +24,7 @@ import org.apache.kyuubi.ha.client.DiscoveryClientProvider.withDiscoveryClient
 import org.apache.kyuubi.ha.client.ServiceNodeInfo
 
 class DeleteServerCommand(cliConfig: CliConfig) extends DeleteCommand(cliConfig) {
-  override def doRun(): Seq[ServiceNodeInfo] = {
+  override def doRun(): Iterable[ServiceNodeInfo] = {
     withDiscoveryClient(conf) { discoveryClient =>
       val znodeRoot = CtlUtils.getZkServerNamespace(conf, normalizedCliConfig)
       val hostPortOpt =
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
index 548628a88..d979804f4 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala
@@ -358,11 +358,11 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
         client.getLeaseClient.keepAlive(
           leaseId,
           new StreamObserver[LeaseKeepAliveResponse] {
-            override def onNext(v: LeaseKeepAliveResponse): Unit = Unit // do nothing
+            override def onNext(v: LeaseKeepAliveResponse): Unit = () // do nothing
 
-            override def onError(throwable: Throwable): Unit = Unit // do nothing
+            override def onError(throwable: Throwable): Unit = () // do nothing
 
-            override def onCompleted(): Unit = Unit // do nothing
+            override def onCompleted(): Unit = () // do nothing
           })
         client.getKVClient.put(
           ByteSequence.from(realPath.getBytes()),
@@ -388,7 +388,7 @@ class EtcdDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
     override def onError(throwable: Throwable): Unit =
       throw new KyuubiException(throwable.getMessage, throwable.getCause)
 
-    override def onCompleted(): Unit = Unit
+    override def onCompleted(): Unit = ()
   }
 }
 
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
index 0127f2df1..2db7d89d6 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/client/zookeeper/ZookeeperDiscoveryClient.scala
@@ -26,38 +26,24 @@ import scala.collection.JavaConverters._
 
 import com.google.common.annotations.VisibleForTesting
 
-import org.apache.kyuubi.KYUUBI_VERSION
-import org.apache.kyuubi.KyuubiException
-import org.apache.kyuubi.KyuubiSQLException
-import org.apache.kyuubi.Logging
+import org.apache.kyuubi.{KYUUBI_VERSION, KyuubiException, KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_ENGINE_ID
-import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ENGINE_REF_ID
-import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ZK_NODE_TIMEOUT
-import org.apache.kyuubi.ha.HighAvailabilityConf.HA_ZK_PUBLISH_CONFIGS
-import org.apache.kyuubi.ha.client.DiscoveryClient
-import org.apache.kyuubi.ha.client.ServiceDiscovery
-import org.apache.kyuubi.ha.client.ServiceNodeInfo
-import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider.buildZookeeperClient
-import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider.getGracefulStopThreadDelay
+import org.apache.kyuubi.ha.HighAvailabilityConf.{HA_ENGINE_REF_ID, HA_ZK_NODE_TIMEOUT, HA_ZK_PUBLISH_CONFIGS}
+import org.apache.kyuubi.ha.client.{DiscoveryClient, ServiceDiscovery, ServiceNodeInfo}
+import org.apache.kyuubi.ha.client.zookeeper.ZookeeperClientProvider.{buildZookeeperClient, getGracefulStopThreadDelay}
 import org.apache.kyuubi.ha.client.zookeeper.ZookeeperDiscoveryClient.connectionChecker
 import org.apache.kyuubi.shaded.curator.framework.CuratorFramework
 import org.apache.kyuubi.shaded.curator.framework.recipes.atomic.{AtomicValue, DistributedAtomicInteger}
 import org.apache.kyuubi.shaded.curator.framework.recipes.locks.InterProcessSemaphoreMutex
 import org.apache.kyuubi.shaded.curator.framework.recipes.nodes.PersistentNode
-import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState
-import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.CONNECTED
-import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.LOST
-import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.RECONNECTED
-import org.apache.kyuubi.shaded.curator.framework.state.ConnectionStateListener
+import org.apache.kyuubi.shaded.curator.framework.state.{ConnectionState, ConnectionStateListener}
+import org.apache.kyuubi.shaded.curator.framework.state.ConnectionState.{CONNECTED, LOST, RECONNECTED}
 import org.apache.kyuubi.shaded.curator.retry.RetryForever
 import org.apache.kyuubi.shaded.curator.utils.ZKPaths
-import org.apache.kyuubi.shaded.zookeeper.CreateMode
+import org.apache.kyuubi.shaded.zookeeper.{CreateMode, KeeperException, WatchedEvent, Watcher}
 import org.apache.kyuubi.shaded.zookeeper.CreateMode.PERSISTENT
-import org.apache.kyuubi.shaded.zookeeper.KeeperException
 import org.apache.kyuubi.shaded.zookeeper.KeeperException.NodeExistsException
-import org.apache.kyuubi.shaded.zookeeper.WatchedEvent
-import org.apache.kyuubi.shaded.zookeeper.Watcher
 import org.apache.kyuubi.util.ThreadUtils
 
 class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
@@ -226,7 +212,7 @@ class ZookeeperDiscoveryClient(conf: KyuubiConf) extends DiscoveryClient {
         info(s"Get service instance:$instance$engineIdStr and version:${version.getOrElse("")} " +
           s"under $namespace")
         ServiceNodeInfo(namespace, p, host, port, version, engineRefId, attributes)
-      }
+      }.toSeq
     } catch {
       case _: Exception if silent => Nil
       case e: Exception =>
diff --git a/pom.xml b/pom.xml
index fe418206a..ac85961fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2124,6 +2124,57 @@
             </properties>
         </profile>
 
+        <!-- For development only, not generally applicable for all modules -->
+        <profile>
+            <id>scala-2.13</id>
+            <properties>
+                <scala.binary.version>2.13</scala.binary.version>
+                <scala.version>2.13.8</scala.version>
+            </properties>
+            <build>
+                <pluginManagement>
+                    <plugins>
+                        <plugin>
+                            <groupId>net.alchim31.maven</groupId>
+                            <artifactId>scala-maven-plugin</artifactId>
+                            <configuration>
+                                <scalaVersion>${scala.version}</scalaVersion>
+                                <recompileMode>incremental</recompileMode>
+                                <args>
+                                    <arg>-unchecked</arg>
+                                    <arg>-deprecation</arg>
+                                    <arg>-feature</arg>
+                                    <arg>-explaintypes</arg>
+                                    <arg>-P:silencer:globalFilters=.*deprecated.*</arg>
+                                    <arg>-P:silencer:globalFilters=.*Could not find any member to link for.*</arg>
+                                    <arg>-P:silencer:globalFilters=.*undefined in comment for class.*</arg>
+                                    <arg>-Xfatal-warnings</arg>
+                                    <arg>-Ywarn-unused:imports</arg>
+                                </args>
+                                <jvmArgs>
+                                    <jvmArg>-Xms1024m</jvmArg>
+                                    <jvmArg>-Xmx1024m</jvmArg>
+                                    <jvmArg>-XX:ReservedCodeCacheSize=512M</jvmArg>
+                                </jvmArgs>
+                                <javacArgs>
+                                    <javacArg>-Xlint:all,-serial,-path,-try,-processing</javacArg>
+                                </javacArgs>
+                                <compilerPlugins>
+                                    <compilerPlugin>
+                                        <groupId>com.github.ghik</groupId>
+                                        <artifactId>silencer-plugin_${scala.version}</artifactId>
+                                        <version>${maven.plugin.silencer.version}</version>
+                                    </compilerPlugin>
+                                </compilerPlugins>
+                                <!-- only skipping `scala:doc-jar` -->
+                                <skip>${maven.scaladoc.skip}</skip>
+                            </configuration>
+                        </plugin>
+                    </plugins>
+                </pluginManagement>
+            </build>
+        </profile>
+
         <profile>
             <id>spark-3.1</id>
             <modules>

From 5de3a4069089cc7d8f4b97d0a5d25331e427dddb Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 23 Aug 2023 08:41:46 +0800
Subject: [PATCH 573/760] [KYUUBI #5189] [AUTHZ] Make spark authz module
 compilable on Scala 2.13

### _Why are the changes needed?_

- Make spark authz module compilable on Scala 2.13

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5189 from bowenliang123/scala213-authz.

Closes #5189

c5ee61a24 [liangbowen] adapt spark authz module to 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/plugin/spark/authz/PrivilegesBuilder.scala  |  2 +-
 .../plugin/spark/authz/ranger/RuleAuthorization.scala  |  4 ++--
 .../plugin/spark/authz/SparkSessionProvider.scala      |  2 +-
 .../plugin/spark/authz/V2CommandsPrivilegesSuite.scala |  2 +-
 .../V2JdbcTableCatalogPrivilegesBuilderSuite.scala     | 10 +++++-----
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 08dc49d49..5c496b874 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -209,7 +209,7 @@ object PrivilegesBuilder {
     }
   }
 
-  type PrivilegesAndOpType = (Seq[PrivilegeObject], Seq[PrivilegeObject], OperationType)
+  type PrivilegesAndOpType = (Iterable[PrivilegeObject], Iterable[PrivilegeObject], OperationType)
 
   /**
    * Build input  privilege objects from a Spark's LogicalPlan for hive permanent udf
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
index 3d53174f3..3203108df 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
@@ -53,7 +53,7 @@ object RuleAuthorization {
       requests += AccessRequest(resource, ugi, opType, AccessType.USE)
     }
 
-    def addAccessRequest(objects: Seq[PrivilegeObject], isInput: Boolean): Unit = {
+    def addAccessRequest(objects: Iterable[PrivilegeObject], isInput: Boolean): Unit = {
       objects.foreach { obj =>
         val resource = AccessResource(obj, opType)
         val accessType = ranger.AccessType(obj, opType, isInput)
@@ -84,7 +84,7 @@ object RuleAuthorization {
           }
         case _ => Seq(request)
       }
-    }
+    }.toSeq
 
     if (authorizeInSingleCall) {
       verify(requestArrays.flatten, auditHandler)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index 774dbd8b5..e6f70b4d1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -33,7 +33,7 @@ trait SparkSessionProvider {
   protected val catalogImpl: String
   protected def format: String = if (catalogImpl == "hive") "hive" else "parquet"
 
-  protected val extension: SparkSessionExtensions => Unit = _ => Unit
+  protected val extension: SparkSessionExtensions => Unit = _ => ()
   protected val sqlExtensions: String = ""
 
   protected val extraSparkConf: SparkConf = new SparkConf()
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index a1b5f366e..3ebea1ce9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -670,7 +670,7 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
     val spec = DB_COMMAND_SPECS(plan1.getClass.getName)
     var db: Database = null
     spec.databaseDescs.find { d =>
-      Try(db = d.extract(plan1)).isSuccess
+      Try { db = d.extract(plan1) }.isSuccess
     }
     withClue(sql1) {
       assert(db.catalog === None)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
index 582b91fd9..1037d9811 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
@@ -79,7 +79,7 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
           val spec = TABLE_COMMAND_SPECS(plan.getClass.getName)
           var table: Table = null
           spec.tableDescs.find { d =>
-            Try(table = d.extract(plan, spark).get).isSuccess
+            Try { table = d.extract(plan, spark).get }.isSuccess
           }
           withClue(str) {
             assertEqualsIgnoreCase(Some(catalogV2))(table.catalog)
@@ -104,7 +104,7 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
         val spec = TABLE_COMMAND_SPECS(plan.getClass.getName)
         var table: Table = null
         spec.tableDescs.find { d =>
-          Try(table = d.extract(plan, spark).get).isSuccess
+          Try { table = d.extract(plan, spark).get }.isSuccess
         }
         withClue(sql1) {
           assertEqualsIgnoreCase(Some(catalogV2))(table.catalog)
@@ -127,7 +127,7 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
         val plan = executePlan(sql1).analyzed
         val spec = TABLE_COMMAND_SPECS(plan.getClass.getName)
         var table: Table = null
-        spec.tableDescs.find { d => Try(table = d.extract(plan, spark).get).isSuccess }
+        spec.tableDescs.find { d => Try { table = d.extract(plan, spark).get }.isSuccess }
         withClue(sql1) {
           assertEqualsIgnoreCase(Some(catalogV2))(table.catalog)
           assertEqualsIgnoreCase(Some(ns1))(table.database)
@@ -146,7 +146,7 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
       val spec = DB_COMMAND_SPECS(plan.getClass.getName)
       var db: Database = null
       spec.databaseDescs.find { d =>
-        Try(db = d.extract(plan)).isSuccess
+        Try { db = d.extract(plan) }.isSuccess
       }
       withClue(sql) {
         assertEqualsIgnoreCase(Some(catalogV2))(db.catalog)
@@ -165,7 +165,7 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
       val spec = DB_COMMAND_SPECS(plan.getClass.getName)
       var db: Database = null
       spec.databaseDescs.find { d =>
-        Try(db = d.extract(plan)).isSuccess
+        Try { db = d.extract(plan) }.isSuccess
       }
       withClue(sql1) {
         assertEqualsIgnoreCase(Some(catalogV2))(db.catalog)

From ac624b9ff9d2cf18c3d959bc7b39b211939db75e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 23 Aug 2023 08:43:11 +0800
Subject: [PATCH 574/760] [KYUUBI #5191] Make Spark extension plugin compilable
 on Scala 2.13

### _Why are the changes needed?_

- to make Spark extension plugin compilable on Scala 2.13 with Spark 3.2/3.3/3.4 (Spark 3.1 does not support Scala 2.13)
```
mvn clean install -DskipTests -Pflink-provided,hive-provided,spark-provided -Pscala-2.13 -pl :kyuubi-extension-spark-3-2_2.13 -Pspark-3.2 -am

mvn clean install -DskipTests -Pflink-provided,hive-provided,spark-provided -Pscala-2.13 -pl :kyuubi-extension-spark-3-3_2.13 -Pspark-3.3 -am

mvn clean install -DskipTests -Pflink-provided,hive-provided,spark-provided -Pscala-2.13 -pl :kyuubi-extension-spark-3-4_2.13 -Pspark-3.4 -am
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5191 from bowenliang123/scala213-sparkext.

Closes #5191

156ae26c8 [liangbowen] adapt spark ext plugin to Scala 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 extensions/spark/kyuubi-extension-spark-3-4/pom.xml        | 2 +-
 .../org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala   | 7 ++++---
 .../scala/org/apache/spark/sql/WatchDogSuiteBase.scala     | 2 +-
 .../org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala   | 7 ++++---
 .../scala/org/apache/spark/sql/WatchDogSuiteBase.scala     | 2 +-
 5 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
index 20db5d12f..fcd5026da 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
@@ -25,7 +25,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>kyuubi-extension-spark-3-4_2.12</artifactId>
+    <artifactId>kyuubi-extension-spark-3-4_${scala.binary.version}</artifactId>
     <packaging>jar</packaging>
     <name>Kyuubi Dev Spark Extensions (for Spark 3.4)</name>
     <url>https://kyuubi.apache.org/</url>
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
index c937bd575..cc00bf88e 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
@@ -116,6 +116,7 @@ class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQ
     val zorderCols = ctx.zorderClause().order.asScala
       .map(visitMultipartIdentifier)
       .map(UnresolvedAttribute(_))
+      .toSeq
 
     val orderExpr =
       if (zorderCols.length == 1) {
@@ -130,16 +131,16 @@ class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQ
 
   override def visitMultipartIdentifier(ctx: MultipartIdentifierContext): Seq[String] =
     withOrigin(ctx) {
-      ctx.parts.asScala.map(_.getText)
+      ctx.parts.asScala.map(_.getText).toSeq
     }
 
   override def visitZorderClause(ctx: ZorderClauseContext): Seq[UnresolvedAttribute] =
     withOrigin(ctx) {
       val res = ListBuffer[UnresolvedAttribute]()
       ctx.multipartIdentifier().forEach { identifier =>
-        res += UnresolvedAttribute(identifier.parts.asScala.map(_.getText))
+        res += UnresolvedAttribute(identifier.parts.asScala.map(_.getText).toSeq)
       }
-      res
+      res.toSeq
     }
 
   private def typedVisit[T](ctx: ParseTree): T = {
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
index 6254829f2..a202e813c 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
@@ -376,7 +376,7 @@ trait WatchDogSuiteBase extends KyuubiSparkSQLExtensionTest {
                |ORDER BY a
                |DESC
                |""".stripMargin)
-            .collect().head.get(0).equals(10))
+            .collect().head.get(0) === 10)
         }
       }
     }
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
index c937bd575..cc00bf88e 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
@@ -116,6 +116,7 @@ class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQ
     val zorderCols = ctx.zorderClause().order.asScala
       .map(visitMultipartIdentifier)
       .map(UnresolvedAttribute(_))
+      .toSeq
 
     val orderExpr =
       if (zorderCols.length == 1) {
@@ -130,16 +131,16 @@ class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQ
 
   override def visitMultipartIdentifier(ctx: MultipartIdentifierContext): Seq[String] =
     withOrigin(ctx) {
-      ctx.parts.asScala.map(_.getText)
+      ctx.parts.asScala.map(_.getText).toSeq
     }
 
   override def visitZorderClause(ctx: ZorderClauseContext): Seq[UnresolvedAttribute] =
     withOrigin(ctx) {
       val res = ListBuffer[UnresolvedAttribute]()
       ctx.multipartIdentifier().forEach { identifier =>
-        res += UnresolvedAttribute(identifier.parts.asScala.map(_.getText))
+        res += UnresolvedAttribute(identifier.parts.asScala.map(_.getText).toSeq)
       }
-      res
+      res.toSeq
     }
 
   private def typedVisit[T](ctx: ParseTree): T = {
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
index 6254829f2..a202e813c 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
@@ -376,7 +376,7 @@ trait WatchDogSuiteBase extends KyuubiSparkSQLExtensionTest {
                |ORDER BY a
                |DESC
                |""".stripMargin)
-            .collect().head.get(0).equals(10))
+            .collect().head.get(0) === 10)
         }
       }
     }

From bdf867b19a253927022ea782e0e365e86f39493c Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 23 Aug 2023 13:58:17 +0800
Subject: [PATCH 575/760] [KYUUBI #5193] Make Spark hive connector plugin
 compilable on Scala 2.13

### _Why are the changes needed?_

- to make Spark SQL hive connector plugin compilable on Scala 2.13 with Spark 3.3/3.4
- rename class name `FilePartitionReader` which is copied from Spark to `SparkFilePartitionReader`to fix the class mismatch error
```
[ERROR] [Error] /Users/bw/dev/incubator-kyuubi/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala:83: type mismatch;
 found   : Iterator[org.apache.kyuubi.spark.connector.hive.read.HivePartitionedFileReader[org.apache.spark.sql.catalyst.InternalRow]]
 required: Iterator[org.apache.spark.sql.execution.datasources.v2.PartitionedFileReader[org.apache.spark.sql.catalyst.InternalRow]]

```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5193 from bowenliang123/scala213-hivecon.

Closes #5193

d8c6bf5f0 [liangbowen] defer toMap
b20ad4eb1 [liangbowen] adapt spark hive connector plugin to Scala 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: yikaifei <yikaifei@apache.org>
---
 .../apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala   | 2 +-
 .../spark/connector/hive/read/HivePartitionReaderFactory.scala  | 2 +-
 ...FilePartitionReader.scala => SparkFilePartitionReader.scala} | 2 +-
 .../spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)
 rename extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/{FilePartitionReader.scala => SparkFilePartitionReader.scala} (98%)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index 41976b264..75804eb63 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -284,7 +284,7 @@ class HiveTableCatalog(sparkSession: SparkSession)
   private def toOptions(properties: Map[String, String]): Map[String, String] = {
     properties.filterKeys(_.startsWith(TableCatalog.OPTION_PREFIX)).map {
       case (key, value) => key.drop(TableCatalog.OPTION_PREFIX.length) -> value
-    }
+    }.toMap
   }
 
   override def listNamespaces(): Array[Array[String]] =
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
index 2b8e2ffd8..0cbd4f6ef 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
@@ -80,7 +80,7 @@ case class HivePartitionReaderFactory(
             partitionSchema,
             file.partitionValues))
       }
-    new FilePartitionReader[InternalRow](iter)
+    new SparkFilePartitionReader[InternalRow](iter)
   }
 
   def buildReaderInternal(
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/SparkFilePartitionReader.scala
similarity index 98%
rename from extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
rename to extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/SparkFilePartitionReader.scala
index 13b6d4c20..f785694d1 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/FilePartitionReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/SparkFilePartitionReader.scala
@@ -31,7 +31,7 @@ import org.apache.kyuubi.spark.connector.hive.HiveConnectorUtils
 // scalastyle:off line.size.limit
 // copy from https://github.com/apache/spark/blob/master/sql/core/src/main/scala/org/apache/spark/sql/execution/datasources/v2/FilePartitionReader.scala
 // scalastyle:on line.size.limit
-class FilePartitionReader[T](readers: Iterator[HivePartitionedFileReader[T]])
+class SparkFilePartitionReader[T](readers: Iterator[HivePartitionedFileReader[T]])
   extends PartitionReader[T] with Logging {
   private var currentReader: HivePartitionedFileReader[T] = _
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
index 95def8656..8e3a9cd3d 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/spark/sql/hive/kyuubi/connector/HiveBridgeHelper.scala
@@ -80,7 +80,7 @@ object HiveBridgeHelper {
             s"Unsupported partition transform: $transform")
       }
 
-      (identityCols, bucketSpec)
+      (identityCols.toSeq, bucketSpec)
     }
   }
 

From 22a47044e92b2966505575f4bc07e8e576e84eb8 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 23 Aug 2023 16:52:19 +0800
Subject: [PATCH 576/760] [KYUUBI #5188] Make server module and Spark sql
 engine module compilable on Scala 2.13

### _Why are the changes needed?_

- adding a basic compilation CI test on Scala 2.13 , skipping test runs
- separate versions of `KyuubiSparkILoop` for Scala 2.12 and 2.13, adapting the changes of Scala interpreter packages
- rename `export` variable
```
[Error] /Users/bw/dev/kyuubi/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala:563: Wrap `export` in backticks to use it as an identifier, it will become a keyword in Scala 3.
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5188 from bowenliang123/sparksql-213.

Closes #5188

04f192064 [liangbowen] update
9e764271b [liangbowen] add ci for compilation with server module
a465375bd [liangbowen] update
5c3f24fdf [liangbowen] update
4b6a6e339 [liangbowen] use Iterable for the row in MySQLTextResultSetRowPacket
f09d61d26 [liangbowen] use ListMap.newBuilder
6b5480872 [liangbowen] Use Iterable for collections
1abfa29d8 [liangbowen] 2.12's KyuubiSparkILoop
b1c9da591 [liangbowen] rename export variable
b6a6e077b [liangbowen] remove original KyuubiSparkILoop
15438b503 [liangbowen] move back scala 2.12's KyuubiSparkILoop
dd3244351 [liangbowen] adapt spark sql module to 2.13
62d3abbf0 [liangbowen] adapt server module to 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml                  |  31 +++++
 externals/kyuubi-spark-sql-engine/pom.xml     |  31 +++++
 .../engine/spark/repl/KyuubiSparkILoop.scala  |   0
 .../engine/spark/repl/KyuubiSparkILoop.scala  | 128 ++++++++++++++++++
 .../handler/KafkaLoggingEventHandler.scala    |   2 +-
 .../ServerKafkaLoggingEventHandler.scala      |   2 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |   3 +-
 .../server/api/v1/BatchesResource.scala       |   2 +
 .../metadata/jdbc/JDBCMetadataStore.scala     |   6 +-
 .../server/mysql/MySQLDataPackets.scala       |   2 +-
 .../server/mysql/MySQLQueryResult.scala       |   7 +-
 .../kyuubi/session/KyuubiSessionManager.scala |   4 +-
 .../server/api/v1/AdminResourceSuite.scala    |   6 +-
 13 files changed, 209 insertions(+), 15 deletions(-)
 rename externals/kyuubi-spark-sql-engine/src/main/{scala => scala-2.12}/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala (100%)
 create mode 100644 externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 00e5772a2..3bf270cb1 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -168,6 +168,37 @@ jobs:
             **/target/unit-tests.log
             **/kyuubi-spark-sql-engine.log*
 
+  scala213:
+    name: Scala Compilation Test
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        java:
+          - '8'
+        scala:
+          - '2.13'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Tune Runner VM
+        uses: ./.github/actions/tune-runner-vm
+      - name: Setup JDK ${{ matrix.java }}
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: ${{ matrix.java }}
+          cache: 'maven'
+          check-latest: false
+      - name: Setup Maven
+        uses: ./.github/actions/setup-maven
+      - name: Build on Scala
+        run: |
+          MODULES="kyuubi-server"
+          ./build/mvn clean install -pl ${MODULES} -am \
+          -DskipTests -Pflink-provided,hive-provided,spark-provided \
+          -Pjava-${{ matrix.java }} \
+          -Pscala-${{ matrix.scala }}
+
   flink-it:
     name: Flink Test
     runs-on: ubuntu-22.04
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 9dcd6dca1..52ceb945d 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -174,6 +174,37 @@
 
     <build>
         <plugins>
+            <!-- Include a source dir depending on the Scala version -->
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>add-scala-sources</id>
+                        <goals>
+                            <goal>add-source</goal>
+                        </goals>
+                        <phase>generate-sources</phase>
+                        <configuration>
+                            <sources>
+                                <source>src/main/scala-${scala.binary.version}</source>
+                            </sources>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>add-scala-test-sources</id>
+                        <goals>
+                            <goal>add-test-source</goal>
+                        </goals>
+                        <phase>generate-test-sources</phase>
+                        <configuration>
+                            <sources>
+                                <source>src/test/scala-${scala.binary.version}</source>
+                            </sources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala b/externals/kyuubi-spark-sql-engine/src/main/scala-2.12/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
similarity index 100%
rename from externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
rename to externals/kyuubi-spark-sql-engine/src/main/scala-2.12/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala b/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
new file mode 100644
index 000000000..33a95399d
--- /dev/null
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
@@ -0,0 +1,128 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.spark.repl
+
+import org.apache.kyuubi.Utils
+import org.apache.spark.SparkContext
+import org.apache.spark.repl.SparkILoop
+import org.apache.spark.sql.{DataFrame, SparkSession}
+import org.apache.spark.util.MutableURLClassLoader
+
+import java.io.{ByteArrayOutputStream, File, PrintWriter}
+import java.util.concurrent.locks.ReentrantLock
+import scala.tools.nsc.Settings
+import scala.tools.nsc.interpreter.{IMain, Results}
+
+private[spark] case class KyuubiSparkILoop private (
+    spark: SparkSession,
+    output: ByteArrayOutputStream)
+  extends SparkILoop(null, new PrintWriter(output)) {
+  import KyuubiSparkILoop._
+
+  val result = new DataFrameHolder(spark)
+
+  private def initialize(): Unit = withLockRequired {
+    val settings = new Settings
+    val interpArguments = List(
+      "-Yrepl-class-based",
+      "-Yrepl-outdir",
+      s"${spark.sparkContext.getConf.get("spark.repl.class.outputDir")}")
+    settings.processArguments(interpArguments, processAll = true)
+    settings.usejavacp.value = true
+    val currentClassLoader = Thread.currentThread().getContextClassLoader
+    settings.embeddedDefaults(currentClassLoader)
+    this.createInterpreter(settings)
+    val iMain = this.intp.asInstanceOf[IMain]
+    iMain.initializeCompiler()
+    try {
+      this.compilerClasspath
+      iMain.ensureClassLoader()
+      var classLoader: ClassLoader = Thread.currentThread().getContextClassLoader
+      while (classLoader != null) {
+        classLoader match {
+          case loader: MutableURLClassLoader =>
+            val allJars = loader.getURLs.filter { u =>
+              val file = new File(u.getPath)
+              u.getProtocol == "file" && file.isFile &&
+              file.getName.contains("scala-lang_scala-reflect")
+            }
+            this.addUrlsToClassPath(allJars: _*)
+            classLoader = null
+          case _ =>
+            classLoader = classLoader.getParent
+        }
+      }
+
+      this.addUrlsToClassPath(
+        classOf[DataFrameHolder].getProtectionDomain.getCodeSource.getLocation)
+    } finally {
+      Thread.currentThread().setContextClassLoader(currentClassLoader)
+    }
+
+    this.beQuietDuring {
+      // SparkSession/SparkContext and their implicits
+      this.bind("spark", classOf[SparkSession].getCanonicalName, spark, List("""@transient"""))
+      this.bind(
+        "sc",
+        classOf[SparkContext].getCanonicalName,
+        spark.sparkContext,
+        List("""@transient"""))
+
+      this.interpret("import org.apache.spark.SparkContext._")
+      this.interpret("import spark.implicits._")
+      this.interpret("import spark.sql")
+      this.interpret("import org.apache.spark.sql.functions._")
+
+      // for feeding results to client, e.g. beeline
+      this.bind(
+        "result",
+        classOf[DataFrameHolder].getCanonicalName,
+        result)
+    }
+  }
+
+  def getResult(statementId: String): DataFrame = result.get(statementId)
+
+  def clearResult(statementId: String): Unit = result.unset(statementId)
+
+  def interpretWithRedirectOutError(statement: String): Results.Result = withLockRequired {
+    Console.withOut(output) {
+      Console.withErr(output) {
+        this.interpret(statement)
+      }
+    }
+  }
+
+  def getOutput: String = {
+    val res = output.toString.trim
+    output.reset()
+    res
+  }
+}
+
+private[spark] object KyuubiSparkILoop {
+  def apply(spark: SparkSession): KyuubiSparkILoop = {
+    val os = new ByteArrayOutputStream()
+    val iLoop = new KyuubiSparkILoop(spark, os)
+    iLoop.initialize()
+    iLoop
+  }
+
+  private val lock = new ReentrantLock()
+  private def withLockRequired[T](block: => T): T = Utils.withLockRequired(lock)(block)
+}
diff --git a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala
index a245daef0..2625f167b 100644
--- a/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala
+++ b/kyuubi-events/src/main/scala/org/apache/kyuubi/events/handler/KafkaLoggingEventHandler.scala
@@ -32,7 +32,7 @@ import org.apache.kyuubi.events.handler.KafkaLoggingEventHandler._
  */
 class KafkaLoggingEventHandler(
     topic: String,
-    producerConf: Map[String, String],
+    producerConf: Iterable[(String, String)],
     kyuubiConf: KyuubiConf,
     closeTimeoutInMs: Long) extends EventHandler[KyuubiEvent] with Logging {
   private def defaultProducerConf: Properties = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala
index a7421a057..08f8b0d79 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandler.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.config.KyuubiConf
 
 case class ServerKafkaLoggingEventHandler(
     topic: String,
-    producerConf: Map[String, String],
+    producerConf: Iterable[(String, String)],
     kyuubiConf: KyuubiConf,
     closeTimeoutInMs: Long)
   extends KafkaLoggingEventHandler(topic, producerConf, kyuubiConf, closeTimeoutInMs)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 9613b3ef1..f507f3220 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -311,6 +311,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
         node.instance,
         node.namespace,
         node.attributes.asJava))
+      .toSeq
   }
 
   @ApiResponse(
@@ -339,7 +340,7 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
         servers += ApiUtils.serverData(nodeInfo)
       })
     }
-    servers
+    servers.toSeq
   }
 
   private def getEngine(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 3cc98374f..caa768a66 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -258,6 +258,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
                 case None => throw new IllegalStateException(
                     s"can not find duplicated batch $batchId from metadata store")
               }
+            case Failure(cause) => throw new IllegalStateException(cause)
           }
         }
 
@@ -281,6 +282,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
               case None => throw new IllegalStateException(
                   s"can not find duplicated batch $batchId from metadata store")
             }
+          case Failure(cause) => throw new IllegalStateException(cause)
         }
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 0255aadfd..a79832d38 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -261,7 +261,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     queryBuilder.append(dialect.limitClause(size, from))
     val query = queryBuilder.toString
     JdbcUtils.withConnection { connection =>
-      withResultSet(connection, query, params: _*) { rs =>
+      withResultSet(connection, query, params.toSeq: _*) { rs =>
         buildMetadata(rs, stateOnly)
       }
     }
@@ -386,7 +386,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 
     val query = queryBuilder.toString()
     JdbcUtils.withConnection { connection =>
-      withUpdateCount(connection, query, params: _*) { updateCount =>
+      withUpdateCount(connection, query, params.toSeq: _*) { updateCount =>
         if (updateCount == 0) {
           throw new KyuubiException(
             s"Error updating metadata for ${metadata.identifier} by SQL: $query, " +
@@ -470,7 +470,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
           peerInstanceClosed = peerInstanceClosed)
         metadataList += metadata
       }
-      metadataList
+      metadataList.toSeq
     } finally {
       Utils.tryLogNonFatalError(resultSet.close())
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLDataPackets.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLDataPackets.scala
index d7917b51f..273af56b8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLDataPackets.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLDataPackets.scala
@@ -84,7 +84,7 @@ case class MySQLColumnDefinition41Packet(
 
 case class MySQLTextResultSetRowPacket(
     sequenceId: Int,
-    row: Seq[Any]) extends MySQLPacket with SupportsEncode {
+    row: Iterable[Any]) extends MySQLPacket with SupportsEncode {
 
   private def nullVal = 0xFB
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLQueryResult.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLQueryResult.scala
index c398e31e9..59371b923 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLQueryResult.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/mysql/MySQLQueryResult.scala
@@ -42,7 +42,7 @@ trait MySQLQueryResult {
 
   def toColDefinePackets: Seq[MySQLPacket]
 
-  def toRowPackets: Seq[MySQLPacket]
+  def toRowPackets: Iterable[MySQLPacket]
 
   def toPackets: Seq[MySQLPacket] = {
     val buf = Seq.newBuilder[MySQLPacket]
@@ -77,7 +77,7 @@ class MySQLSimpleQueryResult(
         decimals = decimals)
     }
 
-  override def toRowPackets: Seq[MySQLPacket] =
+  override def toRowPackets: Iterable[MySQLPacket] =
     rows.zipWithIndex.map { case (row, i) =>
       val sequenceId = colCount + 3 + i
       MySQLTextResultSetRowPacket(sequenceId = sequenceId, row = row)
@@ -94,8 +94,9 @@ class MySQLThriftQueryResult(
 
   override def toColDefinePackets: Seq[MySQLPacket] = schema.getColumns.asScala
     .zipWithIndex.map { case (tCol, i) => tColDescToMySQL(tCol, 2 + i) }
+    .toSeq
 
-  override def toRowPackets: Seq[MySQLPacket] = rows.getRows.asScala
+  override def toRowPackets: Iterable[MySQLPacket] = rows.getRows.asScala
     .zipWithIndex.map { case (tRow, i) => tRowToMySQL(tRow, colCount + 3 + i) }
 
   private def tColDescToMySQL(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 5749f7412..fab040c09 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -215,7 +215,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       batchRequest.getResource,
       batchRequest.getClassName,
       batchRequest.getConf.asScala.toMap,
-      batchRequest.getArgs.asScala,
+      batchRequest.getArgs.asScala.toSeq,
       None,
       shouldRunAsync)
     openBatchSession(batchSession)
@@ -240,7 +240,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       className = batchRequest.getClassName,
       requestName = batchRequest.getName,
       requestConf = conf,
-      requestArgs = batchRequest.getArgs.asScala,
+      requestArgs = batchRequest.getArgs.asScala.toSeq,
       createTime = System.currentTimeMillis(),
       engineType = batchRequest.getBatchType)
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index f5bbe640e..2d2ff559a 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -560,11 +560,11 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       val result = response.readEntity(new GenericType[Seq[ServerData]]() {})
       assert(result.size == 1)
       val testServer = result.head
-      val export = fe.asInstanceOf[KyuubiRestFrontendService]
+      val restFrontendService = fe.asInstanceOf[KyuubiRestFrontendService]
 
       assert(namespace.equals(testServer.getNamespace.replaceFirst("/", "")))
-      assert(export.host.equals(testServer.getHost))
-      assert(export.connectionUrl.equals(testServer.getInstance()))
+      assert(restFrontendService.host.equals(testServer.getHost))
+      assert(restFrontendService.connectionUrl.equals(testServer.getInstance()))
       assert(!testServer.getAttributes.isEmpty)
       val attributes = testServer.getAttributes
       assert(attributes.containsKey("serviceUri") &&

From 9e3ac23df71302c5b87dab206cdf96f42811035e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 23 Aug 2023 17:15:31 +0800
Subject: [PATCH 577/760] [KYUUBI #5192] Make Spark sql lineage plugin
 compilable on Scala 2.13

### _Why are the changes needed?_

- to make Spark SQL lineage plugin compilable on Scala 2.13 with Spark 3.2/3.3/3.4 (Spark 3.1 does not support Scala 2.13)
`mvn clean install -DskipTests -Pflink-provided,hive-provided,spark-provided -Pscala-2.13 -pl :kyuubi-spark-lineage_2.13 -Pspark-3.3`
- fix type mismatch, by manually converting Iterable to ListMap
```
[ERROR] [Error] /Users/bw/dev/incubator-kyuubi/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala:220: type mismatch;
 found   : scala.collection.immutable.Iterable[(org.apache.spark.sql.catalyst.expressions.Attribute, org.apache.spark.sql.catalyst.expressions.AttributeSet)]
 required: LineageParser.this.AttributeMap[org.apache.spark.sql.catalyst.expressions.AttributeSet]
    (which expands to)  scala.collection.immutable.ListMap[org.apache.spark.sql.catalyst.expressions.Attribute,org.apache.spark.sql.catalyst.expressions.AttributeSet]
```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5192 from bowenliang123/scala213-lineage.

Closes #5192

a68ba8457 [liangbowen] adapt spark lineage plugin to Scala 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../plugin/lineage/helper/SparkSQLLineageParseHelper.scala   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index ab669aa19..6beecba36 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -217,10 +217,11 @@ trait LineageParser {
             getField[LogicalPlan](plan, "plan")
           }
 
-        extractColumnsLineage(query, parentColumnsLineage).zipWithIndex.map {
+        val lineages = extractColumnsLineage(query, parentColumnsLineage).zipWithIndex.map {
           case ((k, v), i) if outputCols.nonEmpty => k.withName(s"$view.${outputCols(i)}") -> v
           case ((k, v), _) => k.withName(s"$view.${k.name}") -> v
-        }
+        }.toSeq
+        ListMap[Attribute, AttributeSet](lineages: _*)
 
       case p if p.nodeName == "CreateDataSourceTableAsSelectCommand" =>
         val table = getV1TableName(getField[CatalogTable](plan, "table").qualifiedName)

From 613297eae0b41f3526e0d126702e5cf4fcd05f62 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 23 Aug 2023 21:17:53 +0800
Subject: [PATCH 578/760] [KYUUBI #5195] Make Spark TPC-H connector plugin
 compilable on Scala 2.13

### _Why are the changes needed?_

- Make Spark TPC-H connector compilable on Scala 2.13
- adding spark extensions to scala 2.13 compilation CI test

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5195 from bowenliang123/scala213-conn.

Closes #5195

ad2558a16 [liangbowen] update
c50d29111 [liangbowen] update
d38eb3b6c [liangbowen] adapt spark connector plugin compilable on Scala 2.13

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml                               | 7 ++++---
 .../apache/kyuubi/spark/connector/tpch/TPCHBatchScan.scala | 2 +-
 .../org/apache/kyuubi/spark/connector/tpch/TPCHTable.scala | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 3bf270cb1..0e050b4a7 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -191,13 +191,14 @@ jobs:
           check-latest: false
       - name: Setup Maven
         uses: ./.github/actions/setup-maven
-      - name: Build on Scala
+      - name: Build on Scala ${{ matrix.scala }}
         run: |
-          MODULES="kyuubi-server"
+          MODULES='!externals/kyuubi-flink-sql-engine'
           ./build/mvn clean install -pl ${MODULES} -am \
           -DskipTests -Pflink-provided,hive-provided,spark-provided \
           -Pjava-${{ matrix.java }} \
-          -Pscala-${{ matrix.scala }}
+          -Pscala-${{ matrix.scala }} \
+          -Pspark-3.3
 
   flink-it:
     name: Flink Test
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHBatchScan.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHBatchScan.scala
index b5bca42cc..63ff82b7a 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHBatchScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHBatchScan.scala
@@ -144,7 +144,7 @@ class TPCHPartitionReader(
           case (value, dt) => throw new IllegalArgumentException(s"value: $value, type: $dt")
         }
       }
-      InternalRow.fromSeq(rowAny)
+      InternalRow.fromSeq(rowAny.toSeq)
     }
     hasNext
   }
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHTable.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHTable.scala
index de4bd49f2..65038d35b 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHTable.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/main/scala/org/apache/kyuubi/spark/connector/tpch/TPCHTable.scala
@@ -44,7 +44,7 @@ class TPCHTable(tbl: String, scale: Double, tpchConf: TPCHConf)
     StructType(
       tpchTable.asInstanceOf[TpchTable[TpchEntity]].getColumns.zipWithIndex.map { case (c, _) =>
         StructField(c.getColumnName, toSparkDataType(c.getType))
-      })
+      }.toSeq)
   }
 
   override def capabilities(): util.Set[TableCapability] =

From d4d79b471633a50ecc457e845e001d332ff14307 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 24 Aug 2023 01:46:33 +0000
Subject: [PATCH 579/760] [KYUUBI #5150] Bump Spark 3.3.3

### _Why are the changes needed?_

https://spark.apache.org/news/spark-3-3-3-released.html

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5150 from pan3793/spark-3.3.3.

Closes #5150

61583609b [Cheng Pan] image
3021dd80b [Cheng Pan] remove staging repo
71b8aa843 [Cheng Pan] Revert "tgz"
d9125e63e [Cheng Pan] tgz
ebe3107c9 [Cheng Pan] Bump Spark 3.3.3

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../test/deployment/KyuubiOnKubernetesTestsSuite.scala          | 2 +-
 .../kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala     | 2 +-
 pom.xml                                                         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
index bc7c98a80..d57ef3742 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
@@ -54,7 +54,7 @@ class KyuubiOnKubernetesWithSparkTestsBase extends WithKyuubiServerOnKubernetes
     super.connectionConf ++
       Map(
         "spark.master" -> s"k8s://$miniKubeApiMaster",
-        "spark.kubernetes.container.image" -> "apache/spark:v3.3.2",
+        "spark.kubernetes.container.image" -> "apache/spark:3.3.3",
         "spark.executor.memory" -> "512M",
         "spark.driver.memory" -> "1024M",
         "spark.kubernetes.driver.request.cores" -> "250m",
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 6345a05f1..ba68d2090 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -51,7 +51,7 @@ abstract class SparkOnKubernetesSuiteBase
     // TODO Support more Spark version
     // Spark official docker image: https://hub.docker.com/r/apache/spark/tags
     KyuubiConf().set("spark.master", s"k8s://$apiServerAddress")
-      .set("spark.kubernetes.container.image", "apache/spark:v3.3.2")
+      .set("spark.kubernetes.container.image", "apache/spark:3.3.3")
       .set("spark.kubernetes.container.image.pullPolicy", "IfNotPresent")
       .set("spark.executor.instances", "1")
       .set("spark.executor.memory", "512M")
diff --git a/pom.xml b/pom.xml
index ac85961fe..d90ef6430 100644
--- a/pom.xml
+++ b/pom.xml
@@ -196,7 +196,7 @@
           DO NOT forget to change the following properties when change the minor version of Spark:
           `delta.version`, `maven.plugin.scalatest.exclude.tags`
           -->
-        <spark.version>3.3.2</spark.version>
+        <spark.version>3.3.3</spark.version>
         <spark.binary.version>3.3</spark.binary.version>
         <spark.archive.name>spark-${spark.version}-bin-hadoop3.tgz</spark.archive.name>
         <spark.archive.mirror>${apache.archive.dist}/spark/spark-${spark.version}</spark.archive.mirror>

From e9ca8272b07e9cc48292c21cb6b035a9381b2c93 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Thu, 24 Aug 2023 11:58:08 +0800
Subject: [PATCH 580/760] [KYUUBI #4806][FLINK] Support time-out incremental
 result fetch for Flink engine

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5134 from link3280/KYUUBI-4806.

Closes #4806

a1b74783c [Paul Lin] Optimize code style
546cfdf5b [Paul Lin] Update externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
b6eb7af4f [Paul Lin] Update externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
1563fa98b [Paul Lin] Remove explicit StartRowOffset for Flink
4e61a348c [Paul Lin] Add comments
c93294650 [Paul Lin] Improve code style
6bd0c8e69 [Paul Lin] Use dedicated thread pool
15412db3a [Paul Lin] Improve logging
d6a2a9cff [Paul Lin] [KYUUBI #4806][FLINK] Implement incremental result fetching

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Paul Lin <paullin3280@gmail.com>
---
 docs/configuration/settings.md                |   1 +
 .../flink/operation/ExecuteStatement.scala    |  11 +-
 .../flink/operation/FlinkOperation.scala      |  34 +++-
 .../operation/FlinkSQLOperationManager.scala  |  23 ++-
 .../flink/operation/PlanOnlyStatement.scala   |  11 +-
 .../result/QueryResultFetchIterator.scala     | 176 ++++++++++++++++++
 .../engine/flink/result/ResultSet.scala       |   7 +
 .../engine/flink/result/ResultSetUtil.scala   |  72 +------
 .../session/FlinkSQLSessionManager.scala      |   5 +-
 .../flink/operation/FlinkOperationSuite.scala |  25 ++-
 .../flink/operation/FlinkOperationSuite.scala |   4 +-
 .../operation/FlinkOperationSuiteOnYarn.scala |   4 +-
 .../org/apache/kyuubi/config/KyuubiConf.scala |   9 +
 13 files changed, 292 insertions(+), 90 deletions(-)
 create mode 100644 externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/QueryResultFetchIterator.scala

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 928ff0ab8..ddb8546c2 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -411,6 +411,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.session.engine.alive.probe.interval           | PT10S                   | The interval for engine alive probe.                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.0 |
 | kyuubi.session.engine.alive.timeout                  | PT2M                    | The timeout for engine alive. If there is no alive probe success in the last timeout window, the engine will be marked as no-alive.                                                                                                                                                                                                                                                                                      | duration | 1.6.0 |
 | kyuubi.session.engine.check.interval                 | PT1M                    | The check interval for engine timeout                                                                                                                                                                                                                                                                                                                                                                                    | duration | 1.0.0 |
+| kyuubi.session.engine.flink.fetch.timeout            | &lt;undefined&gt;       | Result fetch timeout for Flink engine. If the timeout is reached, the result fetch would be stopped and the current fetched would be returned. If no data are fetched, a TimeoutException would be thrown.                                                                                                                                                                                                               | duration | 1.8.0 |
 | kyuubi.session.engine.flink.main.resource            | &lt;undefined&gt;       | The package used to create Flink SQL engine remote job. If it is undefined, Kyuubi will use the default                                                                                                                                                                                                                                                                                                                  | string   | 1.4.0 |
 | kyuubi.session.engine.flink.max.rows                 | 1000000                 | Max rows of Flink query results. For batch queries, rows exceeding the limit would be ignored. For streaming queries, the query would be canceled if the limit is reached.                                                                                                                                                                                                                                               | int      | 1.5.0 |
 | kyuubi.session.engine.hive.main.resource             | &lt;undefined&gt;       | The package used to create Hive engine remote job. If it is undefined, Kyuubi will use the default                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
index 4042756b6..0e0c476e2 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/ExecuteStatement.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import scala.concurrent.duration.Duration
+
 import org.apache.flink.api.common.JobID
 import org.apache.flink.table.gateway.api.operation.OperationHandle
 
@@ -32,7 +34,8 @@ class ExecuteStatement(
     override val statement: String,
     override val shouldRunAsync: Boolean,
     queryTimeout: Long,
-    resultMaxRows: Int)
+    resultMaxRows: Int,
+    resultFetchTimeout: Duration)
   extends FlinkOperation(session) with Logging {
 
   private val operationLog: OperationLog =
@@ -48,10 +51,6 @@ class ExecuteStatement(
     setHasResultSet(true)
   }
 
-  override protected def afterRun(): Unit = {
-    OperationLog.removeCurrentOperationLog()
-  }
-
   override protected def runInternal(): Unit = {
     addTimeoutMonitor(queryTimeout)
     executeStatement()
@@ -64,7 +63,7 @@ class ExecuteStatement(
         new OperationHandle(getHandle.identifier),
         statement)
       jobId = FlinkEngineUtils.getResultJobId(resultFetcher)
-      resultSet = ResultSetUtil.fromResultFetcher(resultFetcher, resultMaxRows)
+      resultSet = ResultSetUtil.fromResultFetcher(resultFetcher, resultMaxRows, resultFetchTimeout)
       setState(OperationState.FINISHED)
     } catch {
       onError(cancel = true)
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
index 5a79d2c0e..1424b721c 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperation.scala
@@ -19,12 +19,15 @@ package org.apache.kyuubi.engine.flink.operation
 
 import java.io.IOException
 import java.time.ZoneId
+import java.util.concurrent.TimeoutException
 
 import scala.collection.JavaConverters.collectionAsScalaIterableConverter
+import scala.collection.mutable.ListBuffer
 
 import org.apache.flink.configuration.Configuration
 import org.apache.flink.table.gateway.service.context.SessionContext
 import org.apache.flink.table.gateway.service.operation.OperationExecutor
+import org.apache.flink.types.Row
 import org.apache.hive.service.rpc.thrift.{TFetchResultsResp, TGetResultSetMetadataResp, TTableSchema}
 
 import org.apache.kyuubi.{KyuubiSQLException, Utils}
@@ -72,6 +75,10 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
 
   override def close(): Unit = {
     cleanup(OperationState.CLOSED)
+    //  the result set may be null if the operation ends exceptionally
+    if (resultSet != null) {
+      resultSet.close
+    }
     try {
       getOperationLog.foreach(_.close())
     } catch {
@@ -98,25 +105,42 @@ abstract class FlinkOperation(session: Session) extends AbstractOperation(sessio
     assertState(OperationState.FINISHED)
     setHasResultSet(true)
     order match {
-      case FETCH_NEXT => resultSet.getData.fetchNext()
       case FETCH_PRIOR => resultSet.getData.fetchPrior(rowSetSize);
       case FETCH_FIRST => resultSet.getData.fetchAbsolute(0);
+      case FETCH_NEXT => // ignored because new data are fetched lazily
+    }
+    val batch = new ListBuffer[Row]
+    try {
+      // there could be null values at the end of the batch
+      // because Flink could return an EOS
+      var rows = 0
+      while (resultSet.getData.hasNext && rows < rowSetSize) {
+        Option(resultSet.getData.next()).foreach { r => batch += r; rows += 1 }
+      }
+    } catch {
+      case e: TimeoutException =>
+        // ignore and return the current batch if there's some data
+        // otherwise, rethrow the timeout exception
+        if (batch.nonEmpty) {
+          debug(s"Timeout fetching more data for $opType operation. " +
+            s"Returning the current fetched data.")
+        } else {
+          throw e
+        }
     }
-    val token = resultSet.getData.take(rowSetSize)
     val timeZone = Option(flinkSession.getSessionConfig.get("table.local-time-zone"))
     val zoneId = timeZone match {
       case Some(tz) => ZoneId.of(tz)
       case None => ZoneId.systemDefault()
     }
     val resultRowSet = RowSet.resultSetToTRowSet(
-      token.toList,
+      batch.toList,
       resultSet,
       zoneId,
       getProtocolVersion)
-    resultRowSet.setStartRowOffset(resultSet.getData.getPosition)
     val resp = new TFetchResultsResp(OK_STATUS)
     resp.setResults(resultRowSet)
-    resp.setHasMoreRows(false)
+    resp.setHasMoreRows(resultSet.getData.hasNext)
     resp
   }
 
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala
index 712c13596..d5c0629ee 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/FlinkSQLOperationManager.scala
@@ -20,6 +20,8 @@ package org.apache.kyuubi.engine.flink.operation
 import java.util
 
 import scala.collection.JavaConverters._
+import scala.concurrent.duration.{Duration, DurationLong}
+import scala.language.postfixOps
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf._
@@ -66,14 +68,31 @@ class FlinkSQLOperationManager extends OperationManager("FlinkSQLOperationManage
       flinkSession.normalizedConf.getOrElse(
         ENGINE_FLINK_MAX_ROWS.key,
         resultMaxRowsDefault.toString).toInt
+
+    val resultFetchTimeout =
+      flinkSession.normalizedConf.get(ENGINE_FLINK_FETCH_TIMEOUT.key).map(_.toLong milliseconds)
+        .getOrElse(Duration.Inf)
+
     val op = mode match {
       case NoneMode =>
         // FLINK-24427 seals calcite classes which required to access in async mode, considering
         // there is no much benefit in async mode, here we just ignore `runAsync` and always run
         // statement in sync mode as a workaround
-        new ExecuteStatement(session, statement, false, queryTimeout, resultMaxRows)
+        new ExecuteStatement(
+          session,
+          statement,
+          false,
+          queryTimeout,
+          resultMaxRows,
+          resultFetchTimeout)
       case mode =>
-        new PlanOnlyStatement(session, statement, mode)
+        new PlanOnlyStatement(
+          session,
+          statement,
+          mode,
+          queryTimeout,
+          resultMaxRows,
+          resultFetchTimeout)
     }
     addOperation(op)
   }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala
index 4f5d8218f..1284bfd73 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/operation/PlanOnlyStatement.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.engine.flink.operation
 
+import scala.concurrent.duration.Duration
+
 import com.google.common.base.Preconditions
 import org.apache.flink.table.api.TableEnvironment
 import org.apache.flink.table.gateway.api.operation.OperationHandle
@@ -34,7 +36,10 @@ import org.apache.kyuubi.session.Session
 class PlanOnlyStatement(
     session: Session,
     override val statement: String,
-    mode: PlanOnlyMode) extends FlinkOperation(session) {
+    mode: PlanOnlyMode,
+    queryTimeout: Long,
+    resultMaxRows: Int,
+    resultFetchTimeout: Duration) extends FlinkOperation(session) {
 
   private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
   private val lineSeparator: String = System.lineSeparator()
@@ -46,6 +51,7 @@ class PlanOnlyStatement(
   }
 
   override protected def runInternal(): Unit = {
+    addTimeoutMonitor(queryTimeout)
     try {
       val operations = executor.getTableEnvironment.getParser.parse(statement)
       Preconditions.checkArgument(
@@ -59,7 +65,8 @@ class PlanOnlyStatement(
           val resultFetcher = executor.executeStatement(
             new OperationHandle(getHandle.identifier),
             statement)
-          resultSet = ResultSetUtil.fromResultFetcher(resultFetcher);
+          resultSet =
+            ResultSetUtil.fromResultFetcher(resultFetcher, resultMaxRows, resultFetchTimeout);
         case _ => explainOperation(statement)
       }
     } catch {
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/QueryResultFetchIterator.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/QueryResultFetchIterator.scala
new file mode 100644
index 000000000..60ae08d9d
--- /dev/null
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/QueryResultFetchIterator.scala
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.engine.flink.result
+
+import java.util
+import java.util.concurrent.Executors
+
+import scala.collection.convert.ImplicitConversions._
+import scala.concurrent.{Await, ExecutionContext, ExecutionContextExecutor, Future}
+import scala.concurrent.duration.Duration
+
+import com.google.common.util.concurrent.ThreadFactoryBuilder
+import org.apache.flink.table.api.DataTypes
+import org.apache.flink.table.catalog.ResolvedSchema
+import org.apache.flink.table.data.RowData
+import org.apache.flink.table.data.conversion.DataStructureConverters
+import org.apache.flink.table.gateway.service.result.ResultFetcher
+import org.apache.flink.table.types.DataType
+import org.apache.flink.types.Row
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.engine.flink.shim.FlinkResultSet
+import org.apache.kyuubi.operation.FetchIterator
+
+class QueryResultFetchIterator(
+    resultFetcher: ResultFetcher,
+    maxRows: Int = 1000000,
+    resultFetchTimeout: Duration = Duration.Inf) extends FetchIterator[Row] with Logging {
+
+  val schema: ResolvedSchema = resultFetcher.getResultSchema
+
+  val dataTypes: util.List[DataType] = schema.getColumnDataTypes
+
+  var token: Long = 0
+
+  var pos: Long = 0
+
+  var fetchStart: Long = 0
+
+  var bufferedRows: Array[Row] = new Array[Row](0)
+
+  var hasNext: Boolean = true
+
+  val FETCH_INTERVAL_MS: Long = 1000
+
+  private val executor = Executors.newSingleThreadScheduledExecutor(
+    new ThreadFactoryBuilder().setNameFormat("flink-query-iterator-%d").setDaemon(true).build)
+
+  implicit private val executionContext: ExecutionContextExecutor =
+    ExecutionContext.fromExecutor(executor)
+
+  /**
+   * Begin a fetch block, forward from the current position.
+   *
+   * Throws TimeoutException if no data is fetched within the timeout.
+   */
+  override def fetchNext(): Unit = {
+    if (!hasNext) {
+      return
+    }
+    val future = Future(() -> {
+      var fetched = false
+      // if no timeout is set, this would block until some rows are fetched
+      debug(s"Fetching from result store with timeout $resultFetchTimeout ms")
+      while (!fetched && !Thread.interrupted()) {
+        val rs = resultFetcher.fetchResults(token, maxRows - bufferedRows.length)
+        val flinkRs = new FlinkResultSet(rs)
+        // TODO: replace string-based match when Flink 1.16 support is dropped
+        flinkRs.getResultType.name() match {
+          case "EOS" =>
+            debug("EOS received, no more data to fetch.")
+            fetched = true
+            hasNext = false
+          case "NOT_READY" =>
+            // if flink jobs are not ready, continue to retry
+            debug("Result not ready, retrying...")
+          case "PAYLOAD" =>
+            val fetchedData = flinkRs.getData
+            // if no data fetched, continue to retry
+            if (!fetchedData.isEmpty) {
+              debug(s"Fetched ${fetchedData.length} rows from result store.")
+              fetched = true
+              bufferedRows ++= fetchedData.map(rd => convertToRow(rd, dataTypes.toList))
+              fetchStart = pos
+            } else {
+              debug("No data fetched, retrying...")
+            }
+          case _ =>
+            throw new RuntimeException(s"Unexpected result type: ${flinkRs.getResultType}")
+        }
+        if (hasNext) {
+          val nextToken = flinkRs.getNextToken
+          if (nextToken == null) {
+            hasNext = false
+          } else {
+            token = nextToken
+          }
+        }
+        Thread.sleep(FETCH_INTERVAL_MS)
+      }
+    })
+    Await.result(future, resultFetchTimeout)
+  }
+
+  /**
+   * Begin a fetch block, moving the iterator to the given position.
+   * Resets the fetch start offset.
+   *
+   * @param pos index to move a position of iterator.
+   */
+  override def fetchAbsolute(pos: Long): Unit = {
+    val effectivePos = Math.max(pos, 0)
+    if (effectivePos < bufferedRows.length) {
+      this.fetchStart = effectivePos
+      return
+    }
+    throw new IllegalArgumentException(s"Cannot skip to an unreachable position $effectivePos.")
+  }
+
+  override def getFetchStart: Long = fetchStart
+
+  override def getPosition: Long = pos
+
+  /**
+   * @return returns row if any and null if no more rows can be fetched.
+   */
+  override def next(): Row = {
+    if (pos < bufferedRows.length) {
+      debug(s"Fetching from buffered rows at pos $pos.")
+      val row = bufferedRows(pos.toInt)
+      pos += 1
+      if (pos >= maxRows) {
+        hasNext = false
+      }
+      row
+    } else {
+      // block until some rows are fetched or TimeoutException is thrown
+      fetchNext()
+      if (hasNext) {
+        val row = bufferedRows(pos.toInt)
+        pos += 1
+        if (pos >= maxRows) {
+          hasNext = false
+        }
+        row
+      } else {
+        null
+      }
+    }
+  }
+
+  def close(): Unit = {
+    resultFetcher.close()
+    executor.shutdown()
+  }
+
+  private[this] def convertToRow(r: RowData, dataTypes: List[DataType]): Row = {
+    val converter = DataStructureConverters.getConverter(DataTypes.ROW(dataTypes: _*))
+    converter.toExternal(r).asInstanceOf[Row]
+  }
+}
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
index 1e94042d0..b8d407297 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSet.scala
@@ -50,6 +50,13 @@ case class ResultSet(
   def getColumns: util.List[Column] = columns
 
   def getData: FetchIterator[Row] = data
+
+  def close: Unit = {
+    data match {
+      case queryIte: QueryResultFetchIterator => queryIte.close()
+      case _ =>
+    }
+  }
 }
 
 /**
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
index c1169528c..8b722f1e5 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/result/ResultSetUtil.scala
@@ -17,25 +17,17 @@
 
 package org.apache.kyuubi.engine.flink.result
 
-import scala.collection.convert.ImplicitConversions._
-import scala.collection.mutable.ListBuffer
+import scala.concurrent.duration.Duration
 
 import org.apache.flink.table.api.DataTypes
 import org.apache.flink.table.api.ResultKind
 import org.apache.flink.table.catalog.Column
-import org.apache.flink.table.data.RowData
-import org.apache.flink.table.data.conversion.DataStructureConverters
 import org.apache.flink.table.gateway.service.result.ResultFetcher
-import org.apache.flink.table.types.DataType
 import org.apache.flink.types.Row
 
-import org.apache.kyuubi.engine.flink.shim.FlinkResultSet
-
 /** Utility object for building ResultSet. */
 object ResultSetUtil {
 
-  private val FETCH_ROWS_PER_SECOND = 1000
-
   /**
    * Build a ResultSet with a column name and a list of String values.
    *
@@ -66,63 +58,19 @@ object ResultSetUtil {
       .data(Array[Row](Row.of("OK")))
       .build
 
-  def fromResultFetcher(resultFetcher: ResultFetcher, maxRows: Int): ResultSet = {
+  def fromResultFetcher(
+      resultFetcher: ResultFetcher,
+      maxRows: Int,
+      resultFetchTimeout: Duration): ResultSet = {
+    if (maxRows <= 0) {
+      throw new IllegalArgumentException("maxRows should be positive")
+    }
     val schema = resultFetcher.getResultSchema
-    val resultRowData = ListBuffer.newBuilder[RowData]
-    var fetched: FlinkResultSet = null
-    var token: Long = 0
-    var rowNum: Int = 0
-    do {
-      fetched = new FlinkResultSet(resultFetcher.fetchResults(token, FETCH_ROWS_PER_SECOND))
-      val data = fetched.getData
-      val slice = data.slice(0, maxRows - rowNum)
-      resultRowData ++= slice
-      rowNum += slice.size
-      token = fetched.getNextToken
-      try Thread.sleep(1000L)
-      catch {
-        case _: InterruptedException => fetched.getNextToken == null
-      }
-    } while (
-      fetched.getNextToken != null &&
-        rowNum < maxRows &&
-        fetched.getResultType != org.apache.flink.table.gateway.api.results.ResultSet.ResultType.EOS
-    )
-    val dataTypes = resultFetcher.getResultSchema.getColumnDataTypes
+    val ite = new QueryResultFetchIterator(resultFetcher, maxRows, resultFetchTimeout)
     ResultSet.builder
       .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
       .columns(schema.getColumns)
-      .data(resultRowData.result().map(rd => convertToRow(rd, dataTypes.toList)).toArray)
+      .data(ite)
       .build
   }
-
-  def fromResultFetcher(resultFetcher: ResultFetcher): ResultSet = {
-    val schema = resultFetcher.getResultSchema
-    val resultRowData = ListBuffer.newBuilder[RowData]
-    var fetched: FlinkResultSet = null
-    var token: Long = 0
-    do {
-      fetched = new FlinkResultSet(resultFetcher.fetchResults(token, FETCH_ROWS_PER_SECOND))
-      resultRowData ++= fetched.getData
-      token = fetched.getNextToken
-      try Thread.sleep(1000L)
-      catch {
-        case _: InterruptedException =>
-      }
-    } while (
-      fetched.getNextToken != null &&
-        fetched.getResultType != org.apache.flink.table.gateway.api.results.ResultSet.ResultType.EOS
-    )
-    val dataTypes = resultFetcher.getResultSchema.getColumnDataTypes
-    ResultSet.builder
-      .resultKind(ResultKind.SUCCESS_WITH_CONTENT)
-      .columns(schema.getColumns)
-      .data(resultRowData.result().map(rd => convertToRow(rd, dataTypes.toList)).toArray)
-      .build
-  }
-
-  private[this] def convertToRow(r: RowData, dataTypes: List[DataType]): Row = {
-    val converter = DataStructureConverters.getConverter(DataTypes.ROW(dataTypes: _*))
-    converter.toExternal(r).asInstanceOf[Row]
-  }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
index c7aa7c3c5..b7cd46217 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/session/FlinkSQLSessionManager.scala
@@ -77,9 +77,10 @@ class FlinkSQLSessionManager(engineContext: DefaultContext)
   }
 
   override def closeSession(sessionHandle: SessionHandle): Unit = {
+    val fSession = super.getSessionOption(sessionHandle)
+    fSession.foreach(s =>
+      sessionManager.closeSession(s.asInstanceOf[FlinkSessionImpl].fSession.getSessionHandle))
     super.closeSession(sessionHandle)
-    sessionManager.closeSession(
-      new org.apache.flink.table.gateway.api.session.SessionHandle(sessionHandle.identifier))
   }
 
   override def stop(): Unit = synchronized {
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 35b59b661..8e7c35a95 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -34,7 +34,7 @@ import org.apache.kyuubi.engine.flink.FlinkEngineUtils.FLINK_RUNTIME_VERSION
 import org.apache.kyuubi.engine.flink.WithFlinkTestResources
 import org.apache.kyuubi.engine.flink.result.Constants
 import org.apache.kyuubi.engine.flink.util.TestUserClassLoaderJar
-import org.apache.kyuubi.jdbc.hive.KyuubiStatement
+import org.apache.kyuubi.jdbc.hive.{KyuubiSQLException, KyuubiStatement}
 import org.apache.kyuubi.jdbc.hive.common.TimestampTZ
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
@@ -676,12 +676,10 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
           assert(stopResult1.next())
           assert(stopResult1.getString(1) === "OK")
 
-          val selectResult = statement.executeQuery("select * from tbl_a")
-          val jobId2 = statement.asInstanceOf[KyuubiStatement].getQueryId
-          assert(jobId2 !== null)
-          while (!selectResult.next()) {
-            Thread.sleep(1000L)
-          }
+          val insertResult2 = statement.executeQuery("insert into tbl_b select * from tbl_a")
+          assert(insertResult2.next())
+          val jobId2 = insertResult2.getString(1)
+
           val stopResult2 = statement.executeQuery(s"stop job '$jobId2' with savepoint")
           assert(stopResult2.getMetaData.getColumnName(1).equals("savepoint path"))
           assert(stopResult2.next())
@@ -1252,4 +1250,17 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
       }
     }
   }
+
+  test("test result fetch timeout") {
+    val exception = intercept[KyuubiSQLException](
+      withSessionConf()(Map(ENGINE_FLINK_FETCH_TIMEOUT.key -> "60000"))() {
+        withJdbcStatement("tbl_a") { stmt =>
+          stmt.executeQuery("create table tbl_a (a int) " +
+            "with ('connector' = 'datagen', 'rows-per-second'='0')")
+          val resultSet = stmt.executeQuery("select * from tbl_a")
+          while (resultSet.next()) {}
+        }
+      })
+    assert(exception.getMessage === "Futures timed out after [60000 milliseconds]")
+  }
 }
diff --git a/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuite.scala b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuite.scala
index 893e0020a..55476bfd0 100644
--- a/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuite.scala
+++ b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuite.scala
@@ -31,7 +31,7 @@ class FlinkOperationSuite extends WithKyuubiServerAndFlinkMiniCluster
   override val conf: KyuubiConf = KyuubiConf()
     .set(s"$KYUUBI_ENGINE_ENV_PREFIX.$KYUUBI_HOME", kyuubiHome)
     .set(ENGINE_TYPE, "FLINK_SQL")
-    .set("flink.parallelism.default", "6")
+    .set("flink.parallelism.default", "2")
 
   override protected def jdbcUrl: String = getJdbcUrl
 
@@ -72,7 +72,7 @@ class FlinkOperationSuite extends WithKyuubiServerAndFlinkMiniCluster
       var success = false
       while (resultSet.next() && !success) {
         if (resultSet.getString(1) == "parallelism.default" &&
-          resultSet.getString(2) == "6") {
+          resultSet.getString(2) == "2") {
           success = true
         }
       }
diff --git a/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala
index afa4dce8f..ee6b9bb98 100644
--- a/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala
+++ b/integration-tests/kyuubi-flink-it/src/test/scala/org/apache/kyuubi/it/flink/operation/FlinkOperationSuiteOnYarn.scala
@@ -40,7 +40,7 @@ class FlinkOperationSuiteOnYarn extends WithKyuubiServerAndYarnMiniCluster
       .set(s"$KYUUBI_ENGINE_ENV_PREFIX.$KYUUBI_HOME", kyuubiHome)
       .set(ENGINE_TYPE, "FLINK_SQL")
       .set("flink.execution.target", "yarn-application")
-      .set("flink.parallelism.default", "6")
+      .set("flink.parallelism.default", "2")
     super.beforeAll()
   }
 
@@ -81,7 +81,7 @@ class FlinkOperationSuiteOnYarn extends WithKyuubiServerAndYarnMiniCluster
       var success = false
       while (resultSet.next() && !success) {
         if (resultSet.getString(1) == "parallelism.default" &&
-          resultSet.getString(2) == "6") {
+          resultSet.getString(2) == "2") {
           success = true
         }
       }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 515ffbc34..3f1c3b868 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1319,6 +1319,15 @@ object KyuubiConf {
       .intConf
       .createWithDefault(1000000)
 
+  val ENGINE_FLINK_FETCH_TIMEOUT: OptionalConfigEntry[Long] =
+    buildConf("kyuubi.session.engine.flink.fetch.timeout")
+      .doc("Result fetch timeout for Flink engine. If the timeout is reached, the result " +
+        "fetch would be stopped and the current fetched would be returned. If no data are " +
+        "fetched, a TimeoutException would be thrown.")
+      .version("1.8.0")
+      .timeConf
+      .createOptional
+
   val ENGINE_TRINO_MAIN_RESOURCE: OptionalConfigEntry[String] =
     buildConf("kyuubi.session.engine.trino.main.resource")
       .doc("The package used to create Trino engine remote job. If it is undefined," +

From f42a7d6cca8f4bbacdd383c700511a7998b2c0b6 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Thu, 24 Aug 2023 15:28:00 +0800
Subject: [PATCH 581/760] [KYUUBI #5190] [FLINK] Explicitly name Flink
 bootstrap SQL in application mode

### _Why are the changes needed?_
Currently, the name of flink bootstrap SQL is auto-generated 'collect'.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5190 from link3280/bootstrap_job_name.

Closes #5190

ac769295c [Paul Lin] Explicit name Flink bootstrap sql

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Paul Lin <paullin3280@gmail.com>
---
 .../org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala    | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 6adda6390..4b147d020 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -24,7 +24,7 @@ import java.util.concurrent.CountDownLatch
 
 import scala.collection.JavaConverters._
 
-import org.apache.flink.configuration.{Configuration, DeploymentOptions, GlobalConfiguration}
+import org.apache.flink.configuration.{Configuration, DeploymentOptions, GlobalConfiguration, PipelineOptions}
 import org.apache.flink.table.api.TableEnvironment
 import org.apache.flink.table.gateway.service.context.DefaultContext
 
@@ -131,11 +131,12 @@ object FlinkSQLEngine extends Logging {
   private def bootstrapFlinkApplicationExecutor() = {
     // trigger an execution to initiate EmbeddedExecutor with the default flink conf
     val flinkConf = new Configuration()
-    debug(s"Running initial Flink SQL in application mode with flink conf: $flinkConf.")
+    flinkConf.set(PipelineOptions.NAME, "kyuubi-bootstrap-sql")
+    debug(s"Running bootstrap Flink SQL in application mode with flink conf: $flinkConf.")
     val tableEnv = TableEnvironment.create(flinkConf)
     val res = tableEnv.executeSql("select 'kyuubi'")
     res.await()
-    info("Initial Flink SQL finished.")
+    info("Bootstrap Flink SQL finished.")
   }
 
   private def setDeploymentConf(executionTarget: String, flinkConf: Configuration): Unit = {

From beea6d5fce94043c29ed2681fc65e704f523a916 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 25 Aug 2023 10:28:15 +0800
Subject: [PATCH 582/760] [KYUUBI #5185] [Improvement] Use Set collection for
 order-insensitive configs

### _Why are the changes needed?_

- Use `Set` collection for order-insensitive configs instead of `Seq`
  - kyuubi.frontend.thrift.binary.ssl.disallowed.protocols
  - kyuubi.authentication
  - kyuubi.authentication.ldap.groupFilter
  - kyuubi.authentication.ldap.userFilter
  - kyuubi.kubernetes.context.allow.list
  - kyuubi.kubernetes.namespace.allow.list
  - kyuubi.session.conf.ignore.list
  - kyuubi.session.conf.restrict.list
  - kyuubi.session.local.dir.allow.list
  - kyuubi.batch.conf.ignore.list
  - kyuubi.engine.deregister.exception.classes
  - kyuubi.engine.deregister.exception.messages
  - kyuubi.operation.plan.only.excludes
  - kyuubi.server.limit.connections.user.unlimited.list
  - kyuubi.server.administrators
  - kyuubi.metrics.reporters
- Support skipping blank elements

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5185 from bowenliang123/conf-toset.

Closes #5185

c656af78a [liangbowen] conf to set

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 docs/configuration/settings.md                | 32 +++----
 .../spark/operation/PlanOnlyStatement.scala   |  4 +-
 .../spark/kyuubi/SparkSQLEngineListener.scala |  6 +-
 .../apache/kyuubi/config/ConfigBuilder.scala  |  7 +-
 .../apache/kyuubi/config/ConfigHelpers.scala  | 10 ++-
 .../org/apache/kyuubi/config/KyuubiConf.scala | 90 +++++++++----------
 .../service/TBinaryFrontendService.scala      |  2 +-
 .../KyuubiAuthenticationFactory.scala         |  2 +-
 .../ldap/GroupFilterFactory.scala             |  4 +-
 .../ldap/UserFilterFactory.scala              |  4 +-
 .../kyuubi/session/SessionManager.scala       |  6 +-
 .../kyuubi/config/ConfigBuilderSuite.scala    |  6 ++
 .../service/TFrontendServiceSuite.scala       |  4 +-
 .../KyuubiAuthenticationFactorySuite.scala    | 10 +--
 .../apache/kyuubi/metrics/MetricsConf.scala   |  6 +-
 .../kyuubi/metrics/MetricsSystemSuite.scala   |  4 +-
 .../KubernetesApplicationOperation.scala      |  4 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  2 +-
 .../authentication/AuthenticationFilter.scala |  2 +-
 .../kyuubi/session/KyuubiSessionManager.scala |  6 +-
 .../apache/kyuubi/RestClientTestHelper.scala  |  2 +-
 .../kyuubi/WithKyuubiServerOnYarn.scala       |  2 +-
 .../KyuubiApplicationManagerSuite.scala       |  2 +-
 ...biOperationKerberosAndPlainAuthSuite.scala |  2 +-
 ...nThriftHttpKerberosAndPlainAuthSuite.scala |  2 +-
 .../server/BackendServiceMetricSuite.scala    |  4 +-
 .../server/api/v1/AdminResourceSuite.scala    |  2 +-
 .../server/api/v1/BatchesResourceSuite.scala  |  2 +-
 .../server/rest/client/AdminCtlSuite.scala    |  2 +-
 .../rest/client/AdminRestApiSuite.scala       |  2 +-
 30 files changed, 125 insertions(+), 108 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index ddb8546c2..8387830ea 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -33,7 +33,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 |                      Key                      |      Default      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  Type  | Since |
 |-----------------------------------------------|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------|
-| kyuubi.authentication                         | NONE              | A comma-separated list of client authentication types.<ul> <li>NOSASL: raw transport.</li> <li>NONE: no authentication check.</li> <li>KERBEROS: Kerberos/GSSAPI authentication.</li> <li>CUSTOM: User-defined authentication.</li> <li>JDBC: JDBC query authentication.</li> <li>LDAP: Lightweight Directory Access Protocol authentication.</li></ul>The following tree describes the catalog of each option.<ul>  <li><code>NOSASL</code></li>  <li>SASL    <ul>      <li>SASL/PLAIN</li>        <ul>          <li><code>NONE</code></li>          <li><code>LDAP</code></li>          <li><code>JDBC</code></li>          <li><code>CUSTOM</code></li>        </ul>      <li>SASL/GSSAPI        <ul>          <li><code>KERBEROS</code></li>        </ul>      </li>    </ul>  </li></ul> Note that: for SASL authentication, KERBEROS and PLAIN auth types are supported at the same time, and only the first specified PLAIN auth type is valid. | seq    | 1.0.0 |
+| kyuubi.authentication                         | NONE              | A comma-separated list of client authentication types.<ul> <li>NOSASL: raw transport.</li> <li>NONE: no authentication check.</li> <li>KERBEROS: Kerberos/GSSAPI authentication.</li> <li>CUSTOM: User-defined authentication.</li> <li>JDBC: JDBC query authentication.</li> <li>LDAP: Lightweight Directory Access Protocol authentication.</li></ul>The following tree describes the catalog of each option.<ul>  <li><code>NOSASL</code></li>  <li>SASL    <ul>      <li>SASL/PLAIN</li>        <ul>          <li><code>NONE</code></li>          <li><code>LDAP</code></li>          <li><code>JDBC</code></li>          <li><code>CUSTOM</code></li>        </ul>      <li>SASL/GSSAPI        <ul>          <li><code>KERBEROS</code></li>        </ul>      </li>    </ul>  </li></ul> Note that: for SASL authentication, KERBEROS and PLAIN auth types are supported at the same time, and only the first specified PLAIN auth type is valid. | set    | 1.0.0 |
 | kyuubi.authentication.custom.class            | &lt;undefined&gt; | User-defined authentication implementation of org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.3.0 |
 | kyuubi.authentication.jdbc.driver.class       | &lt;undefined&gt; | Driver class name for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.6.0 |
 | kyuubi.authentication.jdbc.password           | &lt;undefined&gt; | Database password for JDBC Authentication Provider.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string | 1.6.0 |
@@ -47,12 +47,12 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.authentication.ldap.domain             | &lt;undefined&gt; | LDAP domain.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string | 1.0.0 |
 | kyuubi.authentication.ldap.groupClassKey      | groupOfNames      | LDAP attribute name on the group entry that is to be used in LDAP group searches. For example: group, groupOfNames or groupOfUniqueNames.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string | 1.7.0 |
 | kyuubi.authentication.ldap.groupDNPattern     | &lt;undefined&gt; | COLON-separated list of patterns to use to find DNs for group entities in this directory. Use %s where the actual group name is to be substituted for. For example: CN=%s,CN=Groups,DC=subdomain,DC=domain,DC=com.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string | 1.7.0 |
-| kyuubi.authentication.ldap.groupFilter                           || COMMA-separated list of LDAP Group names (short name not full DNs). For example: HiveAdmins,HadoopAdmins,Administrators                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | seq    | 1.7.0 |
+| kyuubi.authentication.ldap.groupFilter                           || COMMA-separated list of LDAP Group names (short name not full DNs). For example: HiveAdmins,HadoopAdmins,Administrators                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | set    | 1.7.0 |
 | kyuubi.authentication.ldap.groupMembershipKey | member            | LDAP attribute name on the group object that contains the list of distinguished names for the user, group, and contact objects that are members of the group. For example: member, uniqueMember or memberUid                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string | 1.7.0 |
 | kyuubi.authentication.ldap.guidKey            | uid               | LDAP attribute name whose values are unique in this LDAP server. For example: uid or CN.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string | 1.2.0 |
 | kyuubi.authentication.ldap.url                | &lt;undefined&gt; | SPACE character separated LDAP connection URL(s).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string | 1.0.0 |
 | kyuubi.authentication.ldap.userDNPattern      | &lt;undefined&gt; | COLON-separated list of patterns to use to find DNs for users in this directory. Use %s where the actual group name is to be substituted for. For example: CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string | 1.7.0 |
-| kyuubi.authentication.ldap.userFilter                            || COMMA-separated list of LDAP usernames (just short names, not full DNs). For example: hiveuser,impalauser,hiveadmin,hadoopadmin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq    | 1.7.0 |
+| kyuubi.authentication.ldap.userFilter                            || COMMA-separated list of LDAP usernames (just short names, not full DNs). For example: hiveuser,impalauser,hiveadmin,hadoopadmin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | set    | 1.7.0 |
 | kyuubi.authentication.ldap.userMembershipKey  | &lt;undefined&gt; | LDAP attribute name on the user object that contains groups of which the user is a direct member, except for the primary group, which is represented by the primaryGroupId. For example: memberOf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string | 1.7.0 |
 | kyuubi.authentication.sasl.qop                | auth              | Sasl QOP enable higher levels of protection for Kyuubi communication with clients.<ul> <li>auth - authentication only (default)</li> <li>auth-int - authentication plus integrity protection</li> <li>auth-conf - authentication plus integrity and confidentiality protection. This is applicable only if Kyuubi is configured to use Kerberos authentication.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string | 1.0.0 |
 
@@ -79,7 +79,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 |---------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
 | kyuubi.batch.application.check.interval     | PT5S    | The interval to check batch job application information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.6.0 |
 | kyuubi.batch.application.starvation.timeout | PT3M    | Threshold above which to warn batch application may be starved.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | duration | 1.7.0 |
-| kyuubi.batch.conf.ignore.list                        || A comma-separated list of ignored keys for batch conf. If the batch conf contains any of them, the key and the corresponding value will be removed silently during batch job submission. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering. You can also pre-define some config for batch job submission with the prefix: kyuubi.batchConf.[batchType]. For example, you can pre-define `spark.master` for the Spark batch job with key `kyuubi.batchConf.spark.spark.master`. | seq      | 1.6.0 |
+| kyuubi.batch.conf.ignore.list                        || A comma-separated list of ignored keys for batch conf. If the batch conf contains any of them, the key and the corresponding value will be removed silently during batch job submission. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering. You can also pre-define some config for batch job submission with the prefix: kyuubi.batchConf.[batchType]. For example, you can pre-define `spark.master` for the Spark batch job with key `kyuubi.batchConf.spark.spark.master`. | set      | 1.6.0 |
 | kyuubi.batch.session.idle.timeout           | PT6H    | Batch session idle timeout, it will be closed when it's not accessed for this duration                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.2 |
 
 ### Credentials
@@ -132,8 +132,8 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.engine.chat.memory                                | 1g                        | The heap memory for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
 | kyuubi.engine.chat.provider                              | ECHO                      | The provider for the Chat engine. Candidates: <ul> <li>ECHO: simply replies a welcome message.</li> <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
 | kyuubi.engine.connection.url.use.hostname                | true                      | (deprecated) When true, the engine registers with hostname to zookeeper. When Spark runs on K8s with cluster mode, set to false to ensure that server can connect to engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.3.0 |
-| kyuubi.engine.deregister.exception.classes                                          || A comma-separated list of exception classes. If there is any exception thrown, whose class matches the specified classes, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.2.0 |
-| kyuubi.engine.deregister.exception.messages                                         || A comma-separated list of exception messages. If there is any exception thrown, whose message or stacktrace matches the specified message list, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq      | 1.2.0 |
+| kyuubi.engine.deregister.exception.classes                                          || A comma-separated list of exception classes. If there is any exception thrown, whose class matches the specified classes, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | set      | 1.2.0 |
+| kyuubi.engine.deregister.exception.messages                                         || A comma-separated list of exception messages. If there is any exception thrown, whose message or stacktrace matches the specified message list, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | set      | 1.2.0 |
 | kyuubi.engine.deregister.exception.ttl                   | PT30M                     | Time to live(TTL) for exceptions pattern specified in kyuubi.engine.deregister.exception.classes and kyuubi.engine.deregister.exception.messages to deregister engines. Once the total error count hits the kyuubi.engine.deregister.job.max.failures within the TTL, an engine will deregister itself and wait for self-terminated. Otherwise, we suppose that the engine has recovered from temporary failures.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | duration | 1.2.0 |
 | kyuubi.engine.deregister.job.max.failures                | 4                         | Number of failures of job before deregistering the engine.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.2.0 |
 | kyuubi.engine.event.json.log.path                        | file:///tmp/kyuubi/events | The location where all the engine events go for the built-in JSON logger.<ul><li>Local Path: start with 'file://'</li><li>HDFS Path: start with 'hdfs://'</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.3.0 |
@@ -236,7 +236,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.frontend.thrift.backoff.slot.length             | PT0.1S             | Time to back off during login to the thrift frontend service.                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.4.0 |
 | kyuubi.frontend.thrift.binary.bind.host                | &lt;undefined&gt;  | Hostname or IP of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.4.0 |
 | kyuubi.frontend.thrift.binary.bind.port                | 10009              | Port of the machine on which to run the thrift frontend service via the binary protocol.                                                                                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.4.0 |
-| kyuubi.frontend.thrift.binary.ssl.disallowed.protocols | SSLv2,SSLv3        | SSL versions to disallow for Kyuubi thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | seq      | 1.7.0 |
+| kyuubi.frontend.thrift.binary.ssl.disallowed.protocols | SSLv2,SSLv3        | SSL versions to disallow for Kyuubi thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | set      | 1.7.0 |
 | kyuubi.frontend.thrift.binary.ssl.enabled              | false              | Set this to true for using SSL encryption in thrift binary frontend server.                                                                                                                                                                                                                                                                                                                                                                                                                                                 | boolean  | 1.7.0 |
 | kyuubi.frontend.thrift.binary.ssl.include.ciphersuites                     || A comma-separated list of include SSL cipher suite names for thrift binary frontend.                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq      | 1.7.0 |
 | kyuubi.frontend.thrift.http.allow.user.substitution    | true               | Allow alternate user to be specified as part of open connection request when using HTTP transport mode.                                                                                                                                                                                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
@@ -317,10 +317,10 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.kubernetes.authenticate.oauthToken           | &lt;undefined&gt; | The OAuth token to use when authenticating against the Kubernetes API server. Note that unlike, the other authentication options, this must be the exact string value of the token to use for the authentication. | string   | 1.7.0 |
 | kyuubi.kubernetes.authenticate.oauthTokenFile       | &lt;undefined&gt; | Path to the file containing the OAuth token to use when authenticating against the Kubernetes API server. Specify this as a path as opposed to a URI (i.e. do not provide a scheme)                               | string   | 1.7.0 |
 | kyuubi.kubernetes.context                           | &lt;undefined&gt; | The desired context from your kubernetes config file used to configure the K8s client for interacting with the cluster.                                                                                           | string   | 1.6.0 |
-| kyuubi.kubernetes.context.allow.list                                   || The allowed kubernetes context list, if it is empty, there is no kubernetes context limitation.                                                                                                                   | seq      | 1.8.0 |
+| kyuubi.kubernetes.context.allow.list                                   || The allowed kubernetes context list, if it is empty, there is no kubernetes context limitation.                                                                                                                   | set      | 1.8.0 |
 | kyuubi.kubernetes.master.address                    | &lt;undefined&gt; | The internal Kubernetes master (API server) address to be used for kyuubi.                                                                                                                                        | string   | 1.7.0 |
 | kyuubi.kubernetes.namespace                         | default           | The namespace that will be used for running the kyuubi pods and find engines.                                                                                                                                     | string   | 1.7.0 |
-| kyuubi.kubernetes.namespace.allow.list                                 || The allowed kubernetes namespace list, if it is empty, there is no kubernetes namespace limitation.                                                                                                               | seq      | 1.8.0 |
+| kyuubi.kubernetes.namespace.allow.list                                 || The allowed kubernetes namespace list, if it is empty, there is no kubernetes namespace limitation.                                                                                                               | set      | 1.8.0 |
 | kyuubi.kubernetes.terminatedApplicationRetainPeriod | PT5M              | The period for which the Kyuubi server retains application information after the application terminates.                                                                                                          | duration | 1.7.1 |
 | kyuubi.kubernetes.trust.certificates                | false             | If set to true then client can submit to kubernetes cluster only with token                                                                                                                                       | boolean  | 1.7.0 |
 
@@ -354,7 +354,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.metrics.json.location    | metrics  | Where the JSON metrics file located                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.2.0 |
 | kyuubi.metrics.prometheus.path  | /metrics | URI context path of prometheus metrics HTTP server                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.2.0 |
 | kyuubi.metrics.prometheus.port  | 10019    | Prometheus metrics HTTP server port                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.2.0 |
-| kyuubi.metrics.reporters        | JSON     | A comma-separated list for all metrics reporters<ul> <li>CONSOLE - ConsoleReporter which outputs measurements to CONSOLE periodically.</li> <li>JMX - JmxReporter which listens for new metrics and exposes them as MBeans.</li>  <li>JSON - JsonReporter which outputs measurements to json file periodically.</li> <li>PROMETHEUS - PrometheusReporter which exposes metrics in Prometheus format.</li> <li>SLF4J - Slf4jReporter which outputs measurements to system log periodically.</li></ul> | seq      | 1.2.0 |
+| kyuubi.metrics.reporters        | JSON     | A comma-separated list for all metrics reporters<ul> <li>CONSOLE - ConsoleReporter which outputs measurements to CONSOLE periodically.</li> <li>JMX - JmxReporter which listens for new metrics and exposes them as MBeans.</li>  <li>JSON - JsonReporter which outputs measurements to json file periodically.</li> <li>PROMETHEUS - PrometheusReporter which exposes metrics in Prometheus format.</li> <li>SLF4J - Slf4jReporter which outputs measurements to system log periodically.</li></ul> | set      | 1.2.0 |
 | kyuubi.metrics.slf4j.interval   | PT5S     | How often should report metrics to SLF4J logger                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.2.0 |
 
 ### Operation
@@ -366,7 +366,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.operation.interrupt.on.cancel             | true                                                                            | When true, all running tasks will be interrupted if one cancels a query. When false, all running tasks will remain until finished.                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.2.0 |
 | kyuubi.operation.language                        | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
 | kyuubi.operation.log.dir.root                    | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
-| kyuubi.operation.plan.only.excludes              | ResetCommand,SetCommand,SetNamespaceCommand,UseStatement,SetCatalogAndNamespace | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | seq      | 1.5.0 |
+| kyuubi.operation.plan.only.excludes              | SetCatalogAndNamespace,UseStatement,SetNamespaceCommand,SetCommand,ResetCommand | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | set      | 1.5.0 |
 | kyuubi.operation.plan.only.mode                  | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
 | kyuubi.operation.plan.only.output.style          | plain                                                                           | Configures the planOnly output style. The value can be 'plain' or 'json', and the default value is 'plain'. This configuration supports only the output styles of the Spark engine                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
 | kyuubi.operation.progress.enabled                | false                                                                           | Whether to enable the operation progress. When true, the operation progress will be returned in `GetOperationStatus`.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
@@ -382,7 +382,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 |                           Key                            |      Default      |                                                                                                                    Meaning                                                                                                                     |   Type   | Since |
 |----------------------------------------------------------|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.server.administrators                                                || Comma-separated list of Kyuubi service administrators. We use this config to grant admin permission to any service accounts.                                                                                                                   | seq      | 1.8.0 |
+| kyuubi.server.administrators                                                || Comma-separated list of Kyuubi service administrators. We use this config to grant admin permission to any service accounts.                                                                                                                   | set      | 1.8.0 |
 | kyuubi.server.info.provider                              | ENGINE            | The server information provider name, some clients may rely on this information to check the server compatibilities and functionalities. <li>SERVER: Return Kyuubi server information.</li> <li>ENGINE: Return Kyuubi engine information.</li> | string   | 1.6.1 |
 | kyuubi.server.limit.batch.connections.per.ipaddress      | &lt;undefined&gt; | Maximum kyuubi server batch connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                           | int      | 1.7.0 |
 | kyuubi.server.limit.batch.connections.per.user           | &lt;undefined&gt; | Maximum kyuubi server batch connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                | int      | 1.7.0 |
@@ -391,7 +391,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user.ipaddress       | &lt;undefined&gt; | Maximum kyuubi server connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                      | int      | 1.6.0 |
-| kyuubi.server.limit.connections.user.unlimited.list                         || The maximum connections of the user in the white list will not be limited.                                                                                                                                                                     | seq      | 1.7.0 |
+| kyuubi.server.limit.connections.user.unlimited.list                         || The maximum connections of the user in the white list will not be limited.                                                                                                                                                                     | set      | 1.7.0 |
 | kyuubi.server.name                                       | &lt;undefined&gt; | The name of Kyuubi Server.                                                                                                                                                                                                                     | string   | 1.5.0 |
 | kyuubi.server.periodicGC.interval                        | PT30M             | How often to trigger a garbage collection.                                                                                                                                                                                                     | duration | 1.7.0 |
 | kyuubi.server.redaction.regex                            | &lt;undefined&gt; | Regex to decide which Kyuubi contain sensitive information. When this regex matches a property key or value, the value is redacted from the various logs.                                                                                                || 1.6.0 |
@@ -404,9 +404,9 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.session.close.on.disconnect                   | true                    | Session will be closed when client disconnects from kyuubi gateway. Set this to false to have session outlive its parent connection.                                                                                                                                                                                                                                                                                     | boolean  | 1.8.0 |
 | kyuubi.session.conf.advisor                          | &lt;undefined&gt;       | A config advisor plugin for Kyuubi Server. This plugin can provide some custom configs for different users or session configs and overwrite the session configs before opening a new session. This config value should be a subclass of `org.apache.kyuubi.plugin.SessionConfAdvisor` which has a zero-arg constructor.                                                                                                  | string   | 1.5.0 |
 | kyuubi.session.conf.file.reload.interval             | PT10M                   | When `FileSessionConfAdvisor` is used, this configuration defines the expired time of `$KYUUBI_CONF_DIR/kyuubi-session-<profile>.conf` in the cache. After exceeding this value, the file will be reloaded.                                                                                                                                                                                                              | duration | 1.7.0 |
-| kyuubi.session.conf.ignore.list                                               || A comma-separated list of ignored keys. If the client connection contains any of them, the key and the corresponding value will be removed silently during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                  | seq      | 1.2.0 |
+| kyuubi.session.conf.ignore.list                                               || A comma-separated list of ignored keys. If the client connection contains any of them, the key and the corresponding value will be removed silently during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                  | set      | 1.2.0 |
 | kyuubi.session.conf.profile                          | &lt;undefined&gt;       | Specify a profile to load session-level configurations from `$KYUUBI_CONF_DIR/kyuubi-session-<profile>.conf`. This configuration will be ignored if the file does not exist. This configuration only takes effect when `kyuubi.session.conf.advisor` is set as `org.apache.kyuubi.session.FileSessionConfAdvisor`.                                                                                                       | string   | 1.7.0 |
-| kyuubi.session.conf.restrict.list                                             || A comma-separated list of restricted keys. If the client connection contains any of them, the connection will be rejected explicitly during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                                 | seq      | 1.2.0 |
+| kyuubi.session.conf.restrict.list                                             || A comma-separated list of restricted keys. If the client connection contains any of them, the connection will be rejected explicitly during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                                 | set      | 1.2.0 |
 | kyuubi.session.engine.alive.probe.enabled            | false                   | Whether to enable the engine alive probe, it true, we will create a companion thrift client that keeps sending simple requests to check whether the engine is alive.                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
 | kyuubi.session.engine.alive.probe.interval           | PT10S                   | The interval for engine alive probe.                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.0 |
 | kyuubi.session.engine.alive.timeout                  | PT2M                    | The timeout for engine alive. If there is no alive probe success in the last timeout window, the engine will be marked as no-alive.                                                                                                                                                                                                                                                                                      | duration | 1.6.0 |
@@ -440,7 +440,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.session.engine.trino.showProgress.debug       | false                   | When true, show the progress debug info in the Trino engine log.                                                                                                                                                                                                                                                                                                                                                         | boolean  | 1.6.0 |
 | kyuubi.session.group.provider                        | hadoop                  | A group provider plugin for Kyuubi Server. This plugin can provide primary group and groups information for different users or session configs. This config value should be a subclass of `org.apache.kyuubi.plugin.GroupProvider` which has a zero-arg constructor. Kyuubi provides the following built-in implementations: <li>hadoop: delegate the user group mapping to hadoop UserGroupInformation.</li>            | string   | 1.7.0 |
 | kyuubi.session.idle.timeout                          | PT6H                    | session idle timeout, it will be closed when it's not accessed for this duration                                                                                                                                                                                                                                                                                                                                         | duration | 1.2.0 |
-| kyuubi.session.local.dir.allow.list                                           || The local dir list that are allowed to access by the kyuubi session application.  End-users might set some parameters such as `spark.files` and it will  upload some local files when launching the kyuubi engine, if the local dir allow list is defined, kyuubi will check whether the path to upload is in the allow list. Note that, if it is empty, there is no limitation for that. And please use absolute paths. | seq      | 1.6.0 |
+| kyuubi.session.local.dir.allow.list                                           || The local dir list that are allowed to access by the kyuubi session application.  End-users might set some parameters such as `spark.files` and it will  upload some local files when launching the kyuubi engine, if the local dir allow list is defined, kyuubi will check whether the path to upload is in the allow list. Note that, if it is empty, there is no limitation for that. And please use absolute paths. | set      | 1.6.0 |
 | kyuubi.session.name                                  | &lt;undefined&gt;       | A human readable name of the session and we use empty string by default. This name will be recorded in the event. Note that, we only apply this value from session conf.                                                                                                                                                                                                                                                 | string   | 1.4.0 |
 | kyuubi.session.timeout                               | PT6H                    | (deprecated)session timeout, it will be closed when it's not accessed for this duration                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
 | kyuubi.session.user.sign.enabled                     | false                   | Whether to verify the integrity of session user name on the engine side, e.g. Authz plugin in Spark.                                                                                                                                                                                                                                                                                                                     | boolean  | 1.7.0 |
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
index 726b7b0c2..73f856fdf 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
@@ -41,8 +41,8 @@ class PlanOnlyStatement(
   extends SparkOperation(session) {
 
   private val operationLog: OperationLog = OperationLog.createOperationLog(session, getHandle)
-  private val planExcludes: Seq[String] = {
-    spark.conf.getOption(OPERATION_PLAN_ONLY_EXCLUDES.key).map(_.split(",").map(_.trim).toSeq)
+  private val planExcludes: Set[String] = {
+    spark.conf.getOption(OPERATION_PLAN_ONLY_EXCLUDES.key).map(_.split(",").map(_.trim).toSet)
       .getOrElse(session.sessionManager.getConf.get(OPERATION_PLAN_ONLY_EXCLUDES))
   }
 
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSQLEngineListener.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSQLEngineListener.scala
index 8e32b5329..48f157a43 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSQLEngineListener.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkSQLEngineListener.scala
@@ -40,9 +40,9 @@ import org.apache.kyuubi.service.{Serverable, ServiceState}
 class SparkSQLEngineListener(server: Serverable) extends SparkListener with Logging {
 
   // the conf of server is null before initialized, use lazy val here
-  private lazy val deregisterExceptions: Seq[String] =
+  private lazy val deregisterExceptions: Set[String] =
     server.getConf.get(ENGINE_DEREGISTER_EXCEPTION_CLASSES)
-  private lazy val deregisterMessages: Seq[String] =
+  private lazy val deregisterMessages: Set[String] =
     server.getConf.get(ENGINE_DEREGISTER_EXCEPTION_MESSAGES)
   private lazy val deregisterExceptionTTL: Long =
     server.getConf.get(ENGINE_DEREGISTER_EXCEPTION_TTL)
@@ -74,7 +74,7 @@ class SparkSQLEngineListener(server: Serverable) extends SparkListener with Logg
       case JobFailed(e) if e != null =>
         val cause = findCause(e)
         var deregisterInfo: Option[String] = None
-        if (deregisterExceptions.exists(_.equals(cause.getClass.getCanonicalName))) {
+        if (deregisterExceptions.contains(cause.getClass.getCanonicalName)) {
           deregisterInfo = Some("Job failed exception class is in the set of " +
             s"${ENGINE_DEREGISTER_EXCEPTION_CLASSES.key}, deregistering the engine.")
         } else if (deregisterMessages.exists(stringifyException(cause).contains)) {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
index 5f31fade3..b64e5c5eb 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
@@ -206,7 +206,12 @@ private[kyuubi] case class TypedConfigBuilder[T](
   /** Turns the config entry into a sequence of values of the underlying type. */
   def toSequence(sp: String = ","): TypedConfigBuilder[Seq[T]] = {
     parent._type = "seq"
-    TypedConfigBuilder(parent, strToSeq(_, fromStr, sp), seqToStr(_, toStr))
+    TypedConfigBuilder(parent, strToSeq(_, fromStr, sp), iterableToStr(_, toStr))
+  }
+
+  def toSet(sp: String = ",", skipBlank: Boolean = true): TypedConfigBuilder[Set[T]] = {
+    parent._type = "set"
+    TypedConfigBuilder(parent, strToSet(_, fromStr, sp, skipBlank), iterableToStr(_, toStr))
   }
 
   def createOptional: OptionalConfigEntry[T] = {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigHelpers.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigHelpers.scala
index 225f1b537..525ea2ff4 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigHelpers.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigHelpers.scala
@@ -17,6 +17,8 @@
 
 package org.apache.kyuubi.config
 
+import org.apache.commons.lang3.StringUtils
+
 import org.apache.kyuubi.Utils
 
 object ConfigHelpers {
@@ -25,7 +27,11 @@ object ConfigHelpers {
     Utils.strToSeq(str, sp).map(converter)
   }
 
-  def seqToStr[T](v: Seq[T], stringConverter: T => String): String = {
-    v.map(stringConverter).mkString(",")
+  def strToSet[T](str: String, converter: String => T, sp: String, skipBlank: Boolean): Set[T] = {
+    Utils.strToSeq(str, sp).filter(!skipBlank || StringUtils.isNotBlank(_)).map(converter).toSet
+  }
+
+  def iterableToStr[T](v: Iterable[T], stringConverter: T => String, sp: String = ","): String = {
+    v.map(stringConverter).mkString(sp)
   }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 3f1c3b868..1e8ce8c8a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -483,13 +483,13 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
-  val FRONTEND_THRIFT_BINARY_SSL_DISALLOWED_PROTOCOLS: ConfigEntry[Seq[String]] =
+  val FRONTEND_THRIFT_BINARY_SSL_DISALLOWED_PROTOCOLS: ConfigEntry[Set[String]] =
     buildConf("kyuubi.frontend.thrift.binary.ssl.disallowed.protocols")
       .doc("SSL versions to disallow for Kyuubi thrift binary frontend.")
       .version("1.7.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Seq("SSLv2", "SSLv3"))
+      .toSet()
+      .createWithDefault(Set("SSLv2", "SSLv3"))
 
   val FRONTEND_THRIFT_BINARY_SSL_INCLUDE_CIPHER_SUITES: ConfigEntry[Seq[String]] =
     buildConf("kyuubi.frontend.thrift.binary.ssl.include.ciphersuites")
@@ -765,7 +765,7 @@ object KyuubiConf {
       .stringConf
       .createWithDefault("X-Real-IP")
 
-  val AUTHENTICATION_METHOD: ConfigEntry[Seq[String]] = buildConf("kyuubi.authentication")
+  val AUTHENTICATION_METHOD: ConfigEntry[Set[String]] = buildConf("kyuubi.authentication")
     .doc("A comma-separated list of client authentication types." +
       "<ul>" +
       " <li>NOSASL: raw transport.</li>" +
@@ -801,11 +801,11 @@ object KyuubiConf {
     .serverOnly
     .stringConf
     .transformToUpperCase
-    .toSequence()
+    .toSet()
     .checkValue(
       _.forall(AuthTypes.values.map(_.toString).contains),
       s"the authentication type should be one or more of ${AuthTypes.values.mkString(",")}")
-    .createWithDefault(Seq(AuthTypes.NONE.toString))
+    .createWithDefault(Set(AuthTypes.NONE.toString))
 
   val AUTHENTICATION_CUSTOM_CLASS: OptionalConfigEntry[String] =
     buildConf("kyuubi.authentication.custom.class")
@@ -861,25 +861,25 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
-  val AUTHENTICATION_LDAP_GROUP_FILTER: ConfigEntry[Seq[String]] =
+  val AUTHENTICATION_LDAP_GROUP_FILTER: ConfigEntry[Set[String]] =
     buildConf("kyuubi.authentication.ldap.groupFilter")
       .doc("COMMA-separated list of LDAP Group names (short name not full DNs). " +
         "For example: HiveAdmins,HadoopAdmins,Administrators")
       .version("1.7.0")
       .serverOnly
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
-  val AUTHENTICATION_LDAP_USER_FILTER: ConfigEntry[Seq[String]] =
+  val AUTHENTICATION_LDAP_USER_FILTER: ConfigEntry[Set[String]] =
     buildConf("kyuubi.authentication.ldap.userFilter")
       .doc("COMMA-separated list of LDAP usernames (just short names, not full DNs). " +
         "For example: hiveuser,impalauser,hiveadmin,hadoopadmin")
       .version("1.7.0")
       .serverOnly
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val AUTHENTICATION_LDAP_GUID_KEY: ConfigEntry[String] =
     buildConf("kyuubi.authentication.ldap.guidKey")
@@ -1142,14 +1142,14 @@ object KyuubiConf {
       .stringConf
       .createOptional
 
-  val KUBERNETES_CONTEXT_ALLOW_LIST: ConfigEntry[Seq[String]] =
+  val KUBERNETES_CONTEXT_ALLOW_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.kubernetes.context.allow.list")
       .doc("The allowed kubernetes context list, if it is empty," +
         " there is no kubernetes context limitation.")
       .version("1.8.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val KUBERNETES_NAMESPACE: ConfigEntry[String] =
     buildConf("kyuubi.kubernetes.namespace")
@@ -1158,14 +1158,14 @@ object KyuubiConf {
       .stringConf
       .createWithDefault("default")
 
-  val KUBERNETES_NAMESPACE_ALLOW_LIST: ConfigEntry[Seq[String]] =
+  val KUBERNETES_NAMESPACE_ALLOW_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.kubernetes.namespace.allow.list")
       .doc("The allowed kubernetes namespace list, if it is empty," +
         " there is no kubernetes namespace limitation.")
       .version("1.8.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val KUBERNETES_MASTER: OptionalConfigEntry[String] =
     buildConf("kyuubi.kubernetes.master.address")
@@ -1517,7 +1517,7 @@ object KyuubiConf {
     .timeConf
     .createWithDefault(Duration.ofMinutes(30L).toMillis)
 
-  val SESSION_CONF_IGNORE_LIST: ConfigEntry[Seq[String]] =
+  val SESSION_CONF_IGNORE_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.session.conf.ignore.list")
       .doc("A comma-separated list of ignored keys. If the client connection contains any of" +
         " them, the key and the corresponding value will be removed silently during engine" +
@@ -1527,10 +1527,10 @@ object KyuubiConf {
         " configurations via SET syntax.")
       .version("1.2.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
-  val SESSION_CONF_RESTRICT_LIST: ConfigEntry[Seq[String]] =
+  val SESSION_CONF_RESTRICT_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.session.conf.restrict.list")
       .doc("A comma-separated list of restricted keys. If the client connection contains any of" +
         " them, the connection will be rejected explicitly during engine bootstrap and connection" +
@@ -1540,8 +1540,8 @@ object KyuubiConf {
         " configurations via SET syntax.")
       .version("1.2.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val SESSION_USER_SIGN_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.session.user.sign.enabled")
@@ -1589,7 +1589,7 @@ object KyuubiConf {
       .booleanConf
       .createWithDefault(true)
 
-  val SESSION_LOCAL_DIR_ALLOW_LIST: ConfigEntry[Seq[String]] =
+  val SESSION_LOCAL_DIR_ALLOW_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.session.local.dir.allow.list")
       .doc("The local dir list that are allowed to access by the kyuubi session application. " +
         " End-users might set some parameters such as `spark.files` and it will " +
@@ -1602,8 +1602,8 @@ object KyuubiConf {
       .stringConf
       .checkValue(dir => dir.startsWith(File.separator), "the dir should be absolute path")
       .transform(dir => dir.stripSuffix(File.separator) + File.separator)
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val BATCH_APPLICATION_CHECK_INTERVAL: ConfigEntry[Long] =
     buildConf("kyuubi.batch.application.check.interval")
@@ -1619,7 +1619,7 @@ object KyuubiConf {
       .timeConf
       .createWithDefault(Duration.ofMinutes(3).toMillis)
 
-  val BATCH_CONF_IGNORE_LIST: ConfigEntry[Seq[String]] =
+  val BATCH_CONF_IGNORE_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.batch.conf.ignore.list")
       .doc("A comma-separated list of ignored keys for batch conf. If the batch conf contains" +
         " any of them, the key and the corresponding value will be removed silently during batch" +
@@ -1631,8 +1631,8 @@ object KyuubiConf {
         " for the Spark batch job with key `kyuubi.batchConf.spark.spark.master`.")
       .version("1.6.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val BATCH_INTERNAL_REST_CLIENT_SOCKET_TIMEOUT: ConfigEntry[Long] =
     buildConf("kyuubi.batch.internal.rest.client.socket.timeout")
@@ -2076,24 +2076,24 @@ object KyuubiConf {
       .toSequence(";")
       .createWithDefault(Nil)
 
-  val ENGINE_DEREGISTER_EXCEPTION_CLASSES: ConfigEntry[Seq[String]] =
+  val ENGINE_DEREGISTER_EXCEPTION_CLASSES: ConfigEntry[Set[String]] =
     buildConf("kyuubi.engine.deregister.exception.classes")
       .doc("A comma-separated list of exception classes. If there is any exception thrown," +
         " whose class matches the specified classes, the engine would deregister itself.")
       .version("1.2.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
-  val ENGINE_DEREGISTER_EXCEPTION_MESSAGES: ConfigEntry[Seq[String]] =
+  val ENGINE_DEREGISTER_EXCEPTION_MESSAGES: ConfigEntry[Set[String]] =
     buildConf("kyuubi.engine.deregister.exception.messages")
       .doc("A comma-separated list of exception messages. If there is any exception thrown," +
         " whose message or stacktrace matches the specified message list, the engine would" +
         " deregister itself.")
       .version("1.2.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val ENGINE_DEREGISTER_JOB_MAX_FAILURES: ConfigEntry[Int] =
     buildConf("kyuubi.engine.deregister.job.max.failures")
@@ -2400,7 +2400,7 @@ object KyuubiConf {
           "'plain', 'json'.")
       .createWithDefault(PlainStyle.name)
 
-  val OPERATION_PLAN_ONLY_EXCLUDES: ConfigEntry[Seq[String]] =
+  val OPERATION_PLAN_ONLY_EXCLUDES: ConfigEntry[Set[String]] =
     buildConf("kyuubi.operation.plan.only.excludes")
       .doc("Comma-separated list of query plan names, in the form of simple class names, i.e, " +
         "for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as " +
@@ -2410,8 +2410,8 @@ object KyuubiConf {
         s"See also ${OPERATION_PLAN_ONLY_MODE.key}.")
       .version("1.5.0")
       .stringConf
-      .toSequence()
-      .createWithDefault(Seq(
+      .toSet()
+      .createWithDefault(Set(
         "ResetCommand",
         "SetCommand",
         "SetNamespaceCommand",
@@ -2614,14 +2614,14 @@ object KyuubiConf {
       .intConf
       .createOptional
 
-  val SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST: ConfigEntry[Seq[String]] =
+  val SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST: ConfigEntry[Set[String]] =
     buildConf("kyuubi.server.limit.connections.user.unlimited.list")
       .doc("The maximum connections of the user in the white list will not be limited.")
       .version("1.7.0")
       .serverOnly
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val SERVER_LIMIT_BATCH_CONNECTIONS_PER_USER: OptionalConfigEntry[Int] =
     buildConf("kyuubi.server.limit.batch.connections.per.user")
@@ -2683,15 +2683,15 @@ object KyuubiConf {
       .timeConf
       .createWithDefaultString("PT30M")
 
-  val SERVER_ADMINISTRATORS: ConfigEntry[Seq[String]] =
+  val SERVER_ADMINISTRATORS: ConfigEntry[Set[String]] =
     buildConf("kyuubi.server.administrators")
       .doc("Comma-separated list of Kyuubi service administrators. " +
         "We use this config to grant admin permission to any service accounts.")
       .version("1.8.0")
       .serverOnly
       .stringConf
-      .toSequence()
-      .createWithDefault(Nil)
+      .toSet()
+      .createWithDefault(Set.empty)
 
   val OPERATION_SPARK_LISTENER_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.operation.spark.listener.enabled")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
index 2e8a8b765..2f4419374 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
@@ -134,7 +134,7 @@ abstract class TBinaryFrontendService(name: String)
       keyStorePassword: String,
       keyStoreType: Option[String],
       keyStoreAlgorithm: Option[String],
-      disallowedSslProtocols: Seq[String],
+      disallowedSslProtocols: Set[String],
       includeCipherSuites: Seq[String]): TServerSocket = {
     val params =
       if (includeCipherSuites.nonEmpty) {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.scala
index 5f429fa4e..1b62f6030 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.scala
@@ -39,7 +39,7 @@ class KyuubiAuthenticationFactory(conf: KyuubiConf, isServer: Boolean = true) ex
 
   private val authTypes = conf.get(AUTHENTICATION_METHOD).map(AuthTypes.withName)
   private val none = authTypes.contains(NONE)
-  private val noSasl = authTypes == Seq(NOSASL)
+  private val noSasl = authTypes == Set(NOSASL)
   private val kerberosEnabled = authTypes.contains(KERBEROS)
   private val plainAuthTypeOpt = authTypes.filterNot(_.equals(KERBEROS))
     .filterNot(_.equals(NOSASL)).headOption
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala
index fd1c907ec..f3048ea6f 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/GroupFilterFactory.scala
@@ -38,7 +38,7 @@ object GroupFilterFactory extends FilterFactory {
   }
 }
 
-class GroupMembershipKeyFilter(groupFilter: Seq[String]) extends Filter with Logging {
+class GroupMembershipKeyFilter(groupFilter: Set[String]) extends Filter with Logging {
 
   @throws[AuthenticationException]
   override def apply(ldap: DirSearch, user: String): Unit = {
@@ -70,7 +70,7 @@ class GroupMembershipKeyFilter(groupFilter: Seq[String]) extends Filter with Log
   }
 }
 
-class UserMembershipKeyFilter(groupFilter: Seq[String]) extends Filter with Logging {
+class UserMembershipKeyFilter(groupFilter: Set[String]) extends Filter with Logging {
   @throws[AuthenticationException]
   override def apply(ldap: DirSearch, user: String): Unit = {
     info(s"Authenticating user '$user' using $classOf[UserMembershipKeyFilter].getSimpleName")
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
index d499c67ef..3af3c66f5 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/ldap/UserFilterFactory.scala
@@ -29,9 +29,9 @@ object UserFilterFactory extends FilterFactory with Logging {
   }
 }
 
-class UserFilter(_userFilter: Seq[String]) extends Filter with Logging {
+class UserFilter(_userFilter: Set[String]) extends Filter with Logging {
 
-  lazy val userFilter: Seq[String] = _userFilter.map(_.toLowerCase)
+  lazy val userFilter: Set[String] = _userFilter.map(_.toLowerCase)
 
   @throws[AuthenticationException]
   override def apply(ldap: DirSearch, user: String): Unit = {
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
index 7e6c50199..6cf1f082b 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
@@ -265,10 +265,10 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
         conf.get(ENGINE_EXEC_KEEPALIVE_TIME)
       }
 
-    _confRestrictList = conf.get(SESSION_CONF_RESTRICT_LIST).toSet
-    _confIgnoreList = conf.get(SESSION_CONF_IGNORE_LIST).toSet +
+    _confRestrictList = conf.get(SESSION_CONF_RESTRICT_LIST)
+    _confIgnoreList = conf.get(SESSION_CONF_IGNORE_LIST) +
       s"${SESSION_USER_SIGN_ENABLED.key}"
-    _batchConfIgnoreList = conf.get(BATCH_CONF_IGNORE_LIST).toSet
+    _batchConfIgnoreList = conf.get(BATCH_CONF_IGNORE_LIST)
 
     execPool = ThreadUtils.newDaemonQueuedThreadPool(
       poolSize,
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
index 2cb683f52..86dc51155 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
@@ -87,6 +87,12 @@ class ConfigBuilderSuite extends KyuubiFunSuite {
       .createWithDefault(Seq("hehe"))
     assert(stringConfUpperSeq.defaultVal.get === Seq("HEHE"))
 
+    val stringConfSet = ConfigBuilder("kyuubi.string.conf.set")
+      .stringConf
+      .toSet()
+      .createWithDefault(Set("hehe", "haha"))
+    assert(stringConfSet.defaultVal.get === Set("hehe", "haha"))
+
     val stringConfLower = ConfigBuilder("kyuubi.string.conf.lower")
       .stringConf
       .transformToLowerCase
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
index 53e05f34b..444bfe2cc 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/TFrontendServiceSuite.scala
@@ -40,8 +40,8 @@ class TFrontendServiceSuite extends KyuubiFunSuite {
     .set(KyuubiConf.SESSION_CHECK_INTERVAL, Duration.ofSeconds(5).toMillis)
     .set(KyuubiConf.SESSION_IDLE_TIMEOUT, Duration.ofSeconds(5).toMillis)
     .set(KyuubiConf.OPERATION_IDLE_TIMEOUT, Duration.ofSeconds(20).toMillis)
-    .set(KyuubiConf.SESSION_CONF_RESTRICT_LIST, Seq("spark.*"))
-    .set(KyuubiConf.SESSION_CONF_IGNORE_LIST, Seq("session.engine.*"))
+    .set(KyuubiConf.SESSION_CONF_RESTRICT_LIST, Set("spark.*"))
+    .set(KyuubiConf.SESSION_CONF_IGNORE_LIST, Set("session.engine.*"))
 
   private def withSessionHandle(f: (TCLIService.Iface, TSessionHandle) => Unit): Unit = {
     TClientTestUtils.withSessionHandle(server.frontendServices.head.connectionUrl, Map.empty)(f)
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala
index 19b89b47e..949342629 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala
@@ -56,21 +56,21 @@ class KyuubiAuthenticationFactorySuite extends KyuubiFunSuite {
   }
 
   test("AuthType Other") {
-    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("INVALID"))
+    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("INVALID"))
     val e = intercept[IllegalArgumentException](new KyuubiAuthenticationFactory(conf))
     assert(e.getMessage contains "the authentication type should be one or more of" +
       " NOSASL,NONE,LDAP,JDBC,KERBEROS,CUSTOM")
   }
 
   test("AuthType LDAP") {
-    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("LDAP"))
+    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("LDAP"))
     val authFactory = new KyuubiAuthenticationFactory(conf)
     authFactory.getTTransportFactory
     assert(Security.getProviders.exists(_.isInstanceOf[SaslPlainProvider]))
   }
 
   test("AuthType KERBEROS w/o keytab/principal") {
-    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS"))
+    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("KERBEROS"))
 
     val factory = new KyuubiAuthenticationFactory(conf)
     val e = intercept[LoginException](factory.getTTransportFactory)
@@ -78,11 +78,11 @@ class KyuubiAuthenticationFactorySuite extends KyuubiFunSuite {
   }
 
   test("AuthType is NOSASL if only NOSASL is specified") {
-    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("NOSASL"))
+    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("NOSASL"))
     var factory = new KyuubiAuthenticationFactory(conf)
     !factory.getTTransportFactory.isInstanceOf[TSaslServerTransport.Factory]
 
-    conf.set(KyuubiConf.AUTHENTICATION_METHOD, Seq("NOSASL", "NONE"))
+    conf.set(KyuubiConf.AUTHENTICATION_METHOD, Set("NOSASL", "NONE"))
     factory = new KyuubiAuthenticationFactory(conf)
     factory.getTTransportFactory.isInstanceOf[TSaslServerTransport.Factory]
   }
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
index cbdf832bd..b22aa8909 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
@@ -32,7 +32,7 @@ object MetricsConf {
       .booleanConf
       .createWithDefault(true)
 
-  val METRICS_REPORTERS: ConfigEntry[Seq[String]] = buildConf("kyuubi.metrics.reporters")
+  val METRICS_REPORTERS: ConfigEntry[Set[String]] = buildConf("kyuubi.metrics.reporters")
     .doc("A comma-separated list for all metrics reporters" +
       "<ul>" +
       " <li>CONSOLE - ConsoleReporter which outputs measurements to CONSOLE periodically.</li>" +
@@ -44,11 +44,11 @@ object MetricsConf {
     .version("1.2.0")
     .stringConf
     .transformToUpperCase
-    .toSequence()
+    .toSet()
     .checkValue(
       _.forall(ReporterType.values.map(_.toString).contains),
       s"the reporter type should be one or more of ${ReporterType.values.mkString(",")}")
-    .createWithDefault(Seq(JSON.toString))
+    .createWithDefault(Set(JSON.toString))
 
   val METRICS_CONSOLE_INTERVAL: ConfigEntry[Long] = buildConf("kyuubi.metrics.console.interval")
     .doc("How often should report metrics to console")
diff --git a/kyuubi-metrics/src/test/scala/org/apache/kyuubi/metrics/MetricsSystemSuite.scala b/kyuubi-metrics/src/test/scala/org/apache/kyuubi/metrics/MetricsSystemSuite.scala
index 611531d73..bac20181c 100644
--- a/kyuubi-metrics/src/test/scala/org/apache/kyuubi/metrics/MetricsSystemSuite.scala
+++ b/kyuubi-metrics/src/test/scala/org/apache/kyuubi/metrics/MetricsSystemSuite.scala
@@ -49,7 +49,7 @@ class MetricsSystemSuite extends KyuubiFunSuite {
 
     val conf = KyuubiConf()
       .set(MetricsConf.METRICS_ENABLED, true)
-      .set(MetricsConf.METRICS_REPORTERS, Seq(ReporterType.PROMETHEUS.toString))
+      .set(MetricsConf.METRICS_REPORTERS, Set(ReporterType.PROMETHEUS.toString))
       .set(MetricsConf.METRICS_PROMETHEUS_PORT, 0) // random port
       .set(MetricsConf.METRICS_PROMETHEUS_PATH, testContextPath)
     val metricsSystem = new MetricsSystem()
@@ -77,7 +77,7 @@ class MetricsSystemSuite extends KyuubiFunSuite {
       .set(MetricsConf.METRICS_ENABLED, true)
       .set(
         MetricsConf.METRICS_REPORTERS,
-        ReporterType.values.filterNot(_ == ReporterType.PROMETHEUS).map(_.toString).toSeq)
+        ReporterType.values.filterNot(_ == ReporterType.PROMETHEUS).map(_.toString))
       .set(MetricsConf.METRICS_JSON_INTERVAL, Duration.ofSeconds(1).toMillis)
       .set(MetricsConf.METRICS_JSON_LOCATION, reportPath.toString)
     val metricsSystem = new MetricsSystem()
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 967003394..b61abc30b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -43,9 +43,9 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   private var submitTimeout: Long = _
   private var kyuubiConf: KyuubiConf = _
 
-  private def allowedContexts: Seq[String] =
+  private def allowedContexts: Set[String] =
     kyuubiConf.get(KyuubiConf.KUBERNETES_CONTEXT_ALLOW_LIST)
-  private def allowedNamespaces: Seq[String] =
+  private def allowedNamespaces: Set[String] =
     kyuubiConf.get(KyuubiConf.KUBERNETES_NAMESPACE_ALLOW_LIST)
 
   // key is kyuubi_unique_key
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index f507f3220..19370eebc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -45,7 +45,7 @@ import org.apache.kyuubi.shaded.zookeeper.KeeperException.NoNodeException
 @Tag(name = "Admin")
 @Produces(Array(MediaType.APPLICATION_JSON))
 private[v1] class AdminResource extends ApiRequestContext with Logging {
-  private lazy val administrators = fe.getConf.get(KyuubiConf.SERVER_ADMINISTRATORS).toSet +
+  private lazy val administrators = fe.getConf.get(KyuubiConf.SERVER_ADMINISTRATORS) +
     Utils.currentUser
 
   @ApiResponse(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index 8fe245d6a..11e856a29 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -57,7 +57,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
     val authTypes = conf.get(AUTHENTICATION_METHOD).map(AuthTypes.withName)
     val spnegoKerberosEnabled = authTypes.contains(KERBEROS)
     val basicAuthTypeOpt = {
-      if (authTypes == Seq(NOSASL)) {
+      if (authTypes == Set(NOSASL)) {
         authTypes.headOption
       } else {
         authTypes.filterNot(_.equals(KERBEROS)).filterNot(_.equals(NOSASL)).headOption
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index fab040c09..c6a6afa8e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -356,7 +356,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
   }
 
   private[kyuubi] def refreshUnlimitedUsers(conf: KyuubiConf): Unit = {
-    val unlimitedUsers = conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).toSet
+    val unlimitedUsers = conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST)
     limiter.foreach(SessionLimiter.resetUnlimitedUsers(_, unlimitedUsers))
     batchLimiter.foreach(SessionLimiter.resetUnlimitedUsers(_, unlimitedUsers))
   }
@@ -365,9 +365,9 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       userLimit: Int,
       ipAddressLimit: Int,
       userIpAddressLimit: Int,
-      userUnlimitedList: Seq[String]): Option[SessionLimiter] = {
+      userUnlimitedList: Set[String]): Option[SessionLimiter] = {
     Seq(userLimit, ipAddressLimit, userIpAddressLimit).find(_ > 0).map(_ =>
-      SessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, userUnlimitedList.toSet))
+      SessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, userUnlimitedList))
   }
 
   private def startEngineAliveChecker(): Unit = {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala
index 8344cdef0..1c78b9fa6 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/RestClientTestHelper.scala
@@ -48,7 +48,7 @@ trait RestClientTestHelper extends RestFrontendTestHelper with KerberizedTestHel
     UserGroupInformation.setConfiguration(config)
     assert(UserGroupInformation.isSecurityEnabled)
 
-    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "LDAP", "CUSTOM"))
+    val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("KERBEROS", "LDAP", "CUSTOM"))
       .set(KyuubiConf.SERVER_KEYTAB.key, testKeytab)
       .set(KyuubiConf.SERVER_PRINCIPAL, testPrincipal)
       .set(KyuubiConf.SERVER_SPNEGO_KEYTAB, testKeytab)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index 1826760db..7a4bfea1b 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -80,7 +80,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
   override protected val conf: KyuubiConf = {
     new KyuubiConf()
       .set(s"$KYUUBI_BATCH_CONF_PREFIX.spark.spark.master", "yarn")
-      .set(BATCH_CONF_IGNORE_LIST, Seq("spark.master"))
+      .set(BATCH_CONF_IGNORE_LIST, Set("spark.master"))
       .set(BATCH_APPLICATION_CHECK_INTERVAL, 3000L)
   }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
index b01f82a24..0f54520fc 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
@@ -24,7 +24,7 @@ import org.apache.kyuubi.engine.KubernetesApplicationOperation.LABEL_KYUUBI_UNIQ
 class KyuubiApplicationManagerSuite extends KyuubiFunSuite {
   test("application access path") {
     val localDirLimitConf = KyuubiConf()
-      .set(KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST, Seq("/apache/kyuubi"))
+      .set(KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST, Set("/apache/kyuubi"))
     val noLocalDirLimitConf = KyuubiConf()
 
     var path = "/apache/kyuubi/a.jar"
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala
index 31cde6397..1791b492e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/KyuubiOperationKerberosAndPlainAuthSuite.scala
@@ -64,7 +64,7 @@ class KyuubiOperationKerberosAndPlainAuthSuite extends WithKyuubiServer with Ker
     assert(UserGroupInformation.isSecurityEnabled)
 
     KyuubiConf()
-      .set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "LDAP", "CUSTOM"))
+      .set(KyuubiConf.AUTHENTICATION_METHOD, Set("KERBEROS", "LDAP", "CUSTOM"))
       .set(KyuubiConf.SERVER_KEYTAB, testKeytab)
       .set(KyuubiConf.SERVER_PRINCIPAL, testPrincipal)
       .set(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala
index 941e121a6..cee43bf5c 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/thrift/http/KyuubiOperationThriftHttpKerberosAndPlainAuthSuite.scala
@@ -49,7 +49,7 @@ class KyuubiOperationThriftHttpKerberosAndPlainAuthSuite
     UserGroupInformation.setConfiguration(config)
     assert(UserGroupInformation.isSecurityEnabled)
 
-    KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "LDAP", "CUSTOM"))
+    KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("KERBEROS", "LDAP", "CUSTOM"))
       .set(KyuubiConf.SERVER_KEYTAB, testKeytab)
       .set(KyuubiConf.SERVER_PRINCIPAL, testPrincipal)
       .set(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
index 112f9d26f..5a086c860 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/BackendServiceMetricSuite.scala
@@ -25,7 +25,7 @@ import org.scalatest.time.SpanSugar.convertIntToGrainOfTime
 
 import org.apache.kyuubi.{Utils, WithKyuubiServer}
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.metrics.MetricsConf
+import org.apache.kyuubi.metrics.{MetricsConf, ReporterType}
 import org.apache.kyuubi.metrics.MetricsConstants._
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 
@@ -36,7 +36,7 @@ class BackendServiceMetricSuite extends WithKyuubiServer with HiveJDBCTestHelper
   val reportPath: Path = Utils.createTempDir()
   override protected val conf: KyuubiConf = {
     KyuubiConf()
-      .set(MetricsConf.METRICS_REPORTERS, Seq("JSON"))
+      .set(MetricsConf.METRICS_REPORTERS, Set(ReporterType.JSON.toString))
       .set(MetricsConf.METRICS_JSON_LOCATION, reportPath.toString)
       .set(MetricsConf.METRICS_JSON_INTERVAL, Duration.ofMillis(100).toMillis)
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 2d2ff559a..7a65032a6 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -48,7 +48,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
   private val engineMgr = new KyuubiApplicationManager()
 
   override protected lazy val conf: KyuubiConf = KyuubiConf()
-    .set(KyuubiConf.SERVER_ADMINISTRATORS, Seq("admin001"))
+    .set(KyuubiConf.SERVER_ADMINISTRATORS, Set("admin001"))
 
   private val encodeAuthorization: String = {
     new String(
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index ef581f414..8128ab19d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -78,7 +78,7 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
       .set(KyuubiConf.BATCH_IMPL_VERSION, batchVersion)
       .set(
         KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST,
-        Seq(Paths.get(sparkBatchTestResource.get).getParent.toString))
+        Set(Paths.get(sparkBatchTestResource.get).getParent.toString))
     customConf.foreach { case (k, v) => kyuubiConf.set(k, v) }
     kyuubiConf
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
index 986b171c1..32bb6fbb1 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminCtlSuite.scala
@@ -56,7 +56,7 @@ class AdminCtlSuite extends RestClientTestHelper with TestPrematureExit {
     val id = UUID.randomUUID().toString
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
-    conf.set(KyuubiConf.AUTHENTICATION_METHOD, Seq("LDAP", "CUSTOM"))
+    conf.set(KyuubiConf.AUTHENTICATION_METHOD, Set("LDAP", "CUSTOM"))
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val user = ldapUser
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
index 8479a2a3a..e3bb298e0 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
@@ -50,7 +50,7 @@ class AdminRestApiSuite extends RestClientTestHelper {
     val id = UUID.randomUUID().toString
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
     conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
-    conf.set(KyuubiConf.AUTHENTICATION_METHOD, Seq("LDAP", "CUSTOM"))
+    conf.set(KyuubiConf.AUTHENTICATION_METHOD, Set("LDAP", "CUSTOM"))
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
     val user = ldapUser
     val engine = new EngineRef(conf.clone, user, PluginLoader.loadGroupProvider(conf), id, null)

From 56cbd582c4ba86e9558957203527c50d2fe18882 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 25 Aug 2023 16:12:17 +0800
Subject: [PATCH 583/760] [KYUUBI #5199] Read all columns of metadata to
 prevent column missing

### _Why are the changes needed?_

Since https://github.com/apache/kyuubi/issues/4843, we need the `requestConf` column to get application manager info.

So now the stateOnly option for metadata select is not needed.
```
private val METADATA_ALL_COLUMNS = Seq(
    METADATA_STATE_ONLY_COLUMNS,
    "resource",
    "class_name",
    "request_conf",
    "request_args").mkString(",")
```
In this pr, I remove the `stateOnly` flag to select all metadata columns to prevent column missing and make it easy to maintain.
### _How was this patch tested?_
Existing UT.

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5199 from turboFei/metadata_state_only.

Closes #5199

8e02e6a5e [fwang12] all

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../server/metadata/MetadataManager.scala     |  8 +-
 .../server/metadata/MetadataStore.scala       | 10 +--
 .../metadata/jdbc/JDBCMetadataStore.scala     | 52 ++++-------
 .../jdbc/JDBCMetadataStoreSuite.scala         | 87 +++++++------------
 4 files changed, 52 insertions(+), 105 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
index daa3451d9..1da9e1f31 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataManager.scala
@@ -129,12 +129,12 @@ class MetadataManager extends AbstractService("MetadataManager") {
   }
 
   def getBatchSessionMetadata(batchId: String): Option[Metadata] = {
-    Option(withMetadataRequestMetrics(_metadataStore.getMetadata(batchId, true)))
+    Option(withMetadataRequestMetrics(_metadataStore.getMetadata(batchId)))
       .filter(_.sessionType == SessionType.BATCH)
   }
 
   def getBatches(filter: MetadataFilter, from: Int, size: Int): Seq[Batch] = {
-    withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size, true)).map(
+    withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size)).map(
       buildBatch)
   }
 
@@ -168,7 +168,7 @@ class MetadataManager extends AbstractService("MetadataManager") {
       sessionType = SessionType.BATCH,
       state = state,
       kyuubiInstance = kyuubiInstance)
-    withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size, false))
+    withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size))
   }
 
   def getPeerInstanceClosedBatchesMetadata(
@@ -181,7 +181,7 @@ class MetadataManager extends AbstractService("MetadataManager") {
       state = state,
       kyuubiInstance = kyuubiInstance,
       peerInstanceClosed = true)
-    withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size, true))
+    withMetadataRequestMetrics(_metadataStore.getMetadataList(filter, from, size))
   }
 
   def updateMetadata(metadata: Metadata, asyncRetryOnError: Boolean = true): Unit = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala
index 1eabb224d..d8258816a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/MetadataStore.scala
@@ -48,24 +48,18 @@ trait MetadataStore extends Closeable {
   /**
    * Get the persisted metadata by batch identifier.
    * @param identifier the identifier.
-   * @param stateOnly only return the state related column values.
    * @return selected metadata.
    */
-  def getMetadata(identifier: String, stateOnly: Boolean): Metadata
+  def getMetadata(identifier: String): Metadata
 
   /**
    * Get the metadata list with filter conditions, offset and size.
    * @param filter the metadata filter conditions.
    * @param from the metadata offset.
    * @param size the size to get.
-   * @param stateOnly only return the state related column values.
    * @return selected metadata list.
    */
-  def getMetadataList(
-      filter: MetadataFilter,
-      from: Int,
-      size: Int,
-      stateOnly: Boolean): Seq[Metadata]
+  def getMetadataList(filter: MetadataFilter, from: Int, size: Int): Seq[Metadata]
 
   /**
    * Count the metadata list with filter conditions.
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index a79832d38..d32cdc838 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -215,7 +215,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
         stmt.setString(4, OperationState.INITIALIZED.toString)
       } == 1
     }.map { pickedBatchId =>
-      getMetadata(pickedBatchId, stateOnly = false)
+      getMetadata(pickedBatchId)
     }
   }
 
@@ -231,30 +231,21 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     }
   }
 
-  override def getMetadata(identifier: String, stateOnly: Boolean): Metadata = {
-    val query =
-      if (stateOnly) {
-        s"SELECT $METADATA_STATE_ONLY_COLUMNS FROM $METADATA_TABLE WHERE identifier = ?"
-      } else {
-        s"SELECT $METADATA_ALL_COLUMNS FROM $METADATA_TABLE WHERE identifier = ?"
-      }
+  override def getMetadata(identifier: String): Metadata = {
+    val query = s"SELECT $METADATA_COLUMNS FROM $METADATA_TABLE WHERE identifier = ?"
 
     JdbcUtils.withConnection { connection =>
       withResultSet(connection, query, identifier) { rs =>
-        buildMetadata(rs, stateOnly).headOption.orNull
+        buildMetadata(rs).headOption.orNull
       }
     }
   }
 
-  override def getMetadataList(
-      filter: MetadataFilter,
-      from: Int,
-      size: Int,
-      stateOnly: Boolean): Seq[Metadata] = {
+  override def getMetadataList(filter: MetadataFilter, from: Int, size: Int): Seq[Metadata] = {
     val queryBuilder = new StringBuilder
     val params = ListBuffer[Any]()
     queryBuilder.append("SELECT ")
-    queryBuilder.append(if (stateOnly) METADATA_STATE_ONLY_COLUMNS else METADATA_ALL_COLUMNS)
+    queryBuilder.append(METADATA_COLUMNS)
     queryBuilder.append(s" FROM $METADATA_TABLE")
     queryBuilder.append(s" ${assembleWhereClause(filter, params)}")
     queryBuilder.append(" ORDER BY key_id ")
@@ -262,7 +253,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     val query = queryBuilder.toString
     JdbcUtils.withConnection { connection =>
       withResultSet(connection, query, params.toSeq: _*) { rs =>
-        buildMetadata(rs, stateOnly)
+        buildMetadata(rs)
       }
     }
   }
@@ -411,7 +402,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     }
   }
 
-  private def buildMetadata(resultSet: ResultSet, stateOnly: Boolean): Seq[Metadata] = {
+  private def buildMetadata(resultSet: ResultSet): Seq[Metadata] = {
     try {
       val metadataList = ListBuffer[Metadata]()
       while (resultSet.next()) {
@@ -422,7 +413,11 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
         val ipAddress = resultSet.getString("ip_address")
         val kyuubiInstance = resultSet.getString("kyuubi_instance")
         val state = resultSet.getString("state")
+        val resource = resultSet.getString("resource")
+        val className = resultSet.getString("class_name")
         val requestName = resultSet.getString("request_name")
+        val requestConf = string2Map(resultSet.getString("request_conf"))
+        val requestArgs = string2Seq(resultSet.getString("request_args"))
         val createTime = resultSet.getLong("create_time")
         val engineType = resultSet.getString("engine_type")
         val clusterManager = Option(resultSet.getString("cluster_manager"))
@@ -434,17 +429,6 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
         val endTime = resultSet.getLong("end_time")
         val peerInstanceClosed = resultSet.getBoolean("peer_instance_closed")
 
-        var resource: String = null
-        var className: String = null
-        var requestConf: Map[String, String] = Map.empty
-        var requestArgs: Seq[String] = Seq.empty
-
-        if (!stateOnly) {
-          resource = resultSet.getString("resource")
-          className = resultSet.getString("class_name")
-          requestConf = string2Map(resultSet.getString("request_conf"))
-          requestArgs = string2Seq(resultSet.getString("request_args"))
-        }
         val metadata = Metadata(
           identifier = identifier,
           sessionType = sessionType,
@@ -583,7 +567,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
 object JDBCMetadataStore {
   private val SCHEMA_URL_PATTERN = """^metadata-store-schema-(\d+)\.(\d+)\.(\d+)\.(.*)\.sql$""".r
   private val METADATA_TABLE = "metadata"
-  private val METADATA_STATE_ONLY_COLUMNS = Seq(
+  private val METADATA_COLUMNS = Seq(
     "identifier",
     "session_type",
     "real_user",
@@ -591,7 +575,11 @@ object JDBCMetadataStore {
     "ip_address",
     "kyuubi_instance",
     "state",
+    "resource",
+    "class_name",
     "request_name",
+    "request_conf",
+    "request_args",
     "create_time",
     "engine_type",
     "cluster_manager",
@@ -602,10 +590,4 @@ object JDBCMetadataStore {
     "engine_error",
     "end_time",
     "peer_instance_closed").mkString(",")
-  private val METADATA_ALL_COLUMNS = Seq(
-    METADATA_STATE_ONLY_COLUMNS,
-    "resource",
-    "class_name",
-    "request_conf",
-    "request_args").mkString(",")
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
index aee4497df..2ee082a1d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreSuite.scala
@@ -39,11 +39,7 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
 
   override def afterAll(): Unit = {
     super.afterAll()
-    jdbcMetadataStore.getMetadataList(
-      MetadataFilter(),
-      0,
-      Int.MaxValue,
-      true).foreach {
+    jdbcMetadataStore.getMetadataList(MetadataFilter(), 0, Int.MaxValue).foreach {
       batch =>
         jdbcMetadataStore.cleanupMetadataByIdentifier(batch.identifier)
     }
@@ -82,28 +78,18 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
       engineType = "spark",
       clusterManager = Some("local"))
 
-    var batchStateOnlyMetadata = batchMetadata.copy(
-      resource = null,
-      className = null,
-      requestConf = Map.empty,
-      requestArgs = Seq.empty)
-
     jdbcMetadataStore.insertMetadata(batchMetadata)
-    assert(jdbcMetadataStore.getMetadata(batchId, true) != batchStateOnlyMetadata)
-    assert(jdbcMetadataStore.getMetadata(batchId, false) != batchMetadata)
 
     // the engine type is formatted with UPPER
     batchMetadata = batchMetadata.copy(engineType = "SPARK")
-    batchStateOnlyMetadata = batchStateOnlyMetadata.copy(engineType = "SPARK")
-    assert(jdbcMetadataStore.getMetadata(batchId, true) == batchStateOnlyMetadata)
-    assert(jdbcMetadataStore.getMetadata(batchId, false) == batchMetadata)
+    assert(jdbcMetadataStore.getMetadata(batchId) == batchMetadata)
 
     jdbcMetadataStore.cleanupMetadataByIdentifier(batchId)
-    assert(jdbcMetadataStore.getMetadata(batchId, true) == null)
+    assert(jdbcMetadataStore.getMetadata(batchId) == null)
 
     jdbcMetadataStore.insertMetadata(batchMetadata)
 
-    val batchState2 = batchStateOnlyMetadata.copy(identifier = UUID.randomUUID().toString)
+    val batchState2 = batchMetadata.copy(identifier = UUID.randomUUID().toString)
     jdbcMetadataStore.insertMetadata(batchState2)
 
     var batches =
@@ -112,9 +98,8 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
           sessionType = SessionType.BATCH,
           engineType = "Spark"),
         0,
-        1,
-        true)
-    assert(batches == Seq(batchStateOnlyMetadata))
+        1)
+    assert(batches == Seq(batchMetadata))
 
     batches = jdbcMetadataStore.getMetadataList(
       MetadataFilter(
@@ -122,9 +107,8 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         engineType = "Spark",
         username = "kyuubi"),
       0,
-      Int.MaxValue,
-      true)
-    assert(batches == Seq(batchStateOnlyMetadata, batchState2))
+      Int.MaxValue)
+    assert(batches == Seq(batchMetadata, batchState2))
 
     jdbcMetadataStore.cleanupMetadataByIdentifier(batchState2.identifier)
 
@@ -135,8 +119,7 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         username = "kyuubi",
         state = "PENDING"),
       0,
-      Int.MaxValue,
-      true)
+      Int.MaxValue)
     assert(batches.isEmpty)
 
     batches = jdbcMetadataStore.getMetadataList(
@@ -146,9 +129,8 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         username = "kyuubi",
         state = "PENDING"),
       0,
-      Int.MaxValue,
-      true)
-    assert(batches == Seq(batchStateOnlyMetadata))
+      Int.MaxValue)
+    assert(batches == Seq(batchMetadata))
 
     batches = jdbcMetadataStore.getMetadataList(
       MetadataFilter(
@@ -157,8 +139,7 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         username = "kyuubi",
         state = "RUNNING"),
       0,
-      Int.MaxValue,
-      true)
+      Int.MaxValue)
     assert(batches.isEmpty)
 
     batches = jdbcMetadataStore.getMetadataList(
@@ -168,8 +149,7 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         username = "no_kyuubi",
         state = "PENDING"),
       0,
-      Int.MaxValue,
-      true)
+      Int.MaxValue)
     assert(batches.isEmpty)
 
     batches = jdbcMetadataStore.getMetadataList(
@@ -178,31 +158,27 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         engineType = "SPARK",
         state = "PENDING"),
       0,
-      Int.MaxValue,
-      true)
-    assert(batches == Seq(batchStateOnlyMetadata))
+      Int.MaxValue)
+    assert(batches == Seq(batchMetadata))
 
     batches = jdbcMetadataStore.getMetadataList(
       MetadataFilter(sessionType = SessionType.BATCH),
       0,
-      Int.MaxValue,
-      true)
-    assert(batches == Seq(batchStateOnlyMetadata))
+      Int.MaxValue)
+    assert(batches == Seq(batchMetadata))
 
     batches = jdbcMetadataStore.getMetadataList(
       MetadataFilter(
         sessionType = SessionType.BATCH,
         peerInstanceClosed = true),
       0,
-      Int.MaxValue,
-      true)
+      Int.MaxValue)
     assert(batches.isEmpty)
 
     jdbcMetadataStore.updateMetadata(Metadata(
-      identifier = batchStateOnlyMetadata.identifier,
+      identifier = batchMetadata.identifier,
       peerInstanceClosed = true))
 
-    batchStateOnlyMetadata = batchStateOnlyMetadata.copy(peerInstanceClosed = true)
     batchMetadata = batchMetadata.copy(peerInstanceClosed = true)
 
     batches = jdbcMetadataStore.getMetadataList(
@@ -210,9 +186,8 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         sessionType = SessionType.BATCH,
         peerInstanceClosed = true),
       0,
-      Int.MaxValue,
-      true)
-    assert(batches === Seq(batchStateOnlyMetadata))
+      Int.MaxValue)
+    assert(batches === Seq(batchMetadata))
 
     var batchesToRecover = jdbcMetadataStore.getMetadataList(
       MetadataFilter(
@@ -220,8 +195,7 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         state = "PENDING",
         kyuubiInstance = kyuubiInstance),
       0,
-      Int.MaxValue,
-      false)
+      Int.MaxValue)
     assert(batchesToRecover == Seq(batchMetadata))
 
     batchesToRecover = jdbcMetadataStore.getMetadataList(
@@ -230,11 +204,10 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         state = "RUNNING",
         kyuubiInstance = kyuubiInstance),
       0,
-      Int.MaxValue,
-      false)
+      Int.MaxValue)
     assert(batchesToRecover.isEmpty)
 
-    var newBatchState = batchStateOnlyMetadata.copy(
+    var newBatchState = batchMetadata.copy(
       state = "RUNNING",
       engineId = "app_id",
       engineName = "app_name",
@@ -242,12 +215,12 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
       engineState = "RUNNING",
       engineError = None)
     jdbcMetadataStore.updateMetadata(newBatchState)
-    assert(jdbcMetadataStore.getMetadata(batchId, true) == newBatchState)
+    assert(jdbcMetadataStore.getMetadata(batchId) == newBatchState)
 
     newBatchState = newBatchState.copy(state = "FINISHED", endTime = System.currentTimeMillis())
     jdbcMetadataStore.updateMetadata(newBatchState)
 
-    assert(jdbcMetadataStore.getMetadata(batchId, true) == newBatchState)
+    assert(jdbcMetadataStore.getMetadata(batchId) == newBatchState)
 
     assert(jdbcMetadataStore.getMetadataList(
       MetadataFilter(
@@ -255,8 +228,7 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         state = "PENDING",
         kyuubiInstance = kyuubiInstance),
       0,
-      Int.MaxValue,
-      false).isEmpty)
+      Int.MaxValue).isEmpty)
 
     assert(jdbcMetadataStore.getMetadataList(
       MetadataFilter(
@@ -264,12 +236,11 @@ class JDBCMetadataStoreSuite extends KyuubiFunSuite {
         state = "RUNNING",
         kyuubiInstance = kyuubiInstance),
       0,
-      Int.MaxValue,
-      false).isEmpty)
+      Int.MaxValue).isEmpty)
 
     eventually(Timeout(3.seconds)) {
       jdbcMetadataStore.cleanupMetadataByAge(1000)
-      assert(jdbcMetadataStore.getMetadata(batchId, true) == null)
+      assert(jdbcMetadataStore.getMetadata(batchId) == null)
     }
   }
 

From 2fee652efc02ef7c2dee645bb6ba7f16abb2ffcd Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 27 Aug 2023 23:16:23 +0800
Subject: [PATCH 584/760] [KYUUBI #5201] Allow disabling batch impl v2 on
 globally

### _Why are the changes needed?_

It makes no sense to enable batch impl v2 when `kyuubi.batch.submitter.enabled` is disabled, to avoid misuse, globally disable batch impl v2 in such case.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5201 from pan3793/batch-v2-switch.

Closes #5201

2cc24032f [Cheng Pan] nit
f5c8bbf44 [Cheng Pan] nit
d280a209b [Cheng Pan] Allow disabling batch impl v2 on globally

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala | 29 ++++++++++---------
 .../server/api/v1/BatchesResource.scala       |  2 ++
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 1e8ce8c8a..c1b2052d9 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1670,24 +1670,12 @@ object KyuubiConf {
       .booleanConf
       .createWithDefault(true)
 
-  val BATCH_IMPL_VERSION: ConfigEntry[String] =
-    buildConf("kyuubi.batch.impl.version")
-      .internal
-      .serverOnly
-      .doc("Batch API version, candidates: 1, 2. " +
-        "Note: Batch API v2 is experimental and under rapid development, this configuration " +
-        "is added to allow explorers conveniently testing the developing Batch v2 API, not " +
-        "intended exposing to end users, it may be removed in anytime.")
-      .version("1.8.0")
-      .stringConf
-      .createWithDefault("1")
-
   val BATCH_SUBMITTER_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.batch.submitter.enabled")
       .internal
       .serverOnly
-      .doc("When Batch API v2 is enabled, Kyuubi server requires to pick the INITIALIZED " +
-        "batch job from metastore and submits it to Resource Manager. " +
+      .doc("Batch API v2 requires batch submitter to pick the INITIALIZED batch job " +
+        "from metastore and submits it to Resource Manager. " +
         "Note: Batch API v2 is experimental and under rapid development, this configuration " +
         "is added to allow explorers conveniently testing the developing Batch v2 API, not " +
         "intended exposing to end users, it may be removed in anytime.")
@@ -1705,6 +1693,19 @@ object KyuubiConf {
       .intConf
       .createWithDefault(100)
 
+  val BATCH_IMPL_VERSION: ConfigEntry[String] =
+    buildConf("kyuubi.batch.impl.version")
+      .internal
+      .serverOnly
+      .doc("Batch API version, candidates: 1, 2. Only take effect when " +
+        s"${BATCH_SUBMITTER_ENABLED.key} is true, otherwise always use v1 implementation. " +
+        "Note: Batch API v2 is experimental and under rapid development, this configuration " +
+        "is added to allow explorers conveniently testing the developing Batch v2 API, not " +
+        "intended exposing to end users, it may be removed in anytime.")
+      .version("1.8.0")
+      .stringConf
+      .createWithDefault("1")
+
   val SERVER_EXEC_POOL_SIZE: ConfigEntry[Int] =
     buildConf("kyuubi.backend.server.exec.pool.size")
       .doc("Number of threads in the operation execution thread pool of Kyuubi server")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index caa768a66..d7e8b615a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -42,6 +42,7 @@ import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationManagerInfo, KillResponse, KyuubiApplicationManager}
 import org.apache.kyuubi.operation.{BatchJobSubmission, FetchOrientation, OperationState}
+import org.apache.kyuubi.server.KyuubiServer
 import org.apache.kyuubi.server.api.ApiRequestContext
 import org.apache.kyuubi.server.api.v1.BatchesResource._
 import org.apache.kyuubi.server.metadata.MetadataManager
@@ -59,6 +60,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     fe.getConf.get(BATCH_INTERNAL_REST_CLIENT_CONNECT_TIMEOUT).toInt
 
   private def batchV2Enabled(reqConf: Map[String, String]): Boolean = {
+    KyuubiServer.kyuubiServer.getConf.get(BATCH_SUBMITTER_ENABLED) &&
     reqConf.getOrElse(BATCH_IMPL_VERSION.key, fe.getConf.get(BATCH_IMPL_VERSION)) == "2"
   }
 

From 3a06cc3637875b7d8f07ae3d37899525edde2a08 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 27 Aug 2023 23:17:10 +0800
Subject: [PATCH 585/760] [KYUUBI #5202] Switch to Spark 3.4 by default

### _Why are the changes needed?_

Kyuubi fully supports Spark 3.4 now, it's time to move forward.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5202 from pan3793/default-3.4.

Closes #5202

a0efccdbf [Cheng Pan] nit
30456dbb9 [Cheng Pan] nit
1cc83c871 [Cheng Pan] enable lineage test
d8ca7c7d8 [Cheng Pan] Switch to Spark 3.4 by default

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                     | 16 ++++++----------
 .../KyuubiOnKubernetesTestsSuite.scala           |  2 +-
 .../test/spark/SparkOnKubernetesTestsSuite.scala |  2 +-
 pom.xml                                          | 11 +++++++----
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 0e050b4a7..b2dd57a50 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -57,20 +57,20 @@ jobs:
         comment: ["normal"]
         include:
           - java: 8
-            spark: '3.3'
+            spark: '3.4'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.1.3 -Dspark.archive.name=spark-3.1.3-bin-hadoop3.2.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
-            spark: '3.3'
+            spark: '3.4'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.2-binary'
           - java: 8
-            spark: '3.3'
-            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.4.0 -Dspark.archive.name=spark-3.4.0-bin-hadoop3.tgz -Pzookeeper-3.6'
+            spark: '3.4'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.3.3 -Dspark.archive.name=spark-3.3.3-bin-hadoop3.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
-            comment: 'verify-on-spark-3.4-binary'
+            comment: 'verify-on-spark-3.3-binary'
         exclude:
           # SPARK-33772: Spark supports JDK 17 since 3.3.0
           - java: 17
@@ -101,16 +101,12 @@ jobs:
       - name: Build and test Kyuubi and Spark with maven w/o linters
         run: |
           TEST_MODULES="dev/kyuubi-codecov"
-          if [[ "${{ matrix.spark }}" == "3.4" ]]; then
-            # FIXME: Spark 3.4 supports lineage plugin
-            TEST_MODULES="$TEST_MODULES,!extensions/spark/kyuubi-spark-lineage"
-          fi
           ./build/mvn clean install ${MVN_OPT} -pl ${TEST_MODULES} -am \
           -Pspark-${{ matrix.spark }} ${{ matrix.spark-archive }} ${{ matrix.exclude-tags }}
       - name: Code coverage
         if: |
           matrix.java == 8 &&
-          matrix.spark == '3.2' &&
+          matrix.spark == '3.4' &&
           matrix.spark-archive == ''
         uses: codecov/codecov-action@v3
         with:
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
index d57ef3742..73cb5620a 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
@@ -54,7 +54,7 @@ class KyuubiOnKubernetesWithSparkTestsBase extends WithKyuubiServerOnKubernetes
     super.connectionConf ++
       Map(
         "spark.master" -> s"k8s://$miniKubeApiMaster",
-        "spark.kubernetes.container.image" -> "apache/spark:3.3.3",
+        "spark.kubernetes.container.image" -> "apache/spark:3.4.1",
         "spark.executor.memory" -> "512M",
         "spark.driver.memory" -> "1024M",
         "spark.kubernetes.driver.request.cores" -> "250m",
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index ba68d2090..037681a3f 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -51,7 +51,7 @@ abstract class SparkOnKubernetesSuiteBase
     // TODO Support more Spark version
     // Spark official docker image: https://hub.docker.com/r/apache/spark/tags
     KyuubiConf().set("spark.master", s"k8s://$apiServerAddress")
-      .set("spark.kubernetes.container.image", "apache/spark:3.3.3")
+      .set("spark.kubernetes.container.image", "apache/spark:3.4.1")
       .set("spark.kubernetes.container.image.pullPolicy", "IfNotPresent")
       .set("spark.executor.instances", "1")
       .set("spark.executor.memory", "512M")
diff --git a/pom.xml b/pom.xml
index d90ef6430..36edcee40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,7 +133,7 @@
         <commons-lang.version>2.6</commons-lang.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <etcd.version>0.7.3</etcd.version>
-        <delta.version>2.3.0</delta.version>
+        <delta.version>2.4.0</delta.version>
         <failsafe.verion>2.4.4</failsafe.verion>
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>
@@ -196,8 +196,8 @@
           DO NOT forget to change the following properties when change the minor version of Spark:
           `delta.version`, `maven.plugin.scalatest.exclude.tags`
           -->
-        <spark.version>3.3.3</spark.version>
-        <spark.binary.version>3.3</spark.binary.version>
+        <spark.version>3.4.1</spark.version>
+        <spark.binary.version>3.4</spark.binary.version>
         <spark.archive.name>spark-${spark.version}-bin-hadoop3.tgz</spark.archive.name>
         <spark.archive.mirror>${apache.archive.dist}/spark/spark-${spark.version}</spark.archive.mirror>
         <spark.archive.download.skip>false</spark.archive.download.skip>
@@ -233,7 +233,7 @@
         <maven.plugin.frontend.version>1.12.1</maven.plugin.frontend.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
-        <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
+        <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>
         <maven.plugin.scalatest.debug.enabled>false</maven.plugin.scalatest.debug.enabled>
         <maven.plugin.spotless.version>2.30.0</maven.plugin.spotless.version>
@@ -2213,6 +2213,9 @@
                 <module>extensions/spark/kyuubi-spark-connector-hive</module>
             </modules>
             <properties>
+                <delta.version>2.3.0</delta.version>
+                <spark.version>3.3.3</spark.version>
+                <spark.binary.version>3.3</spark.binary.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>

From 37f2c98883cf536b60e84b37a725da95f45dc668 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 28 Aug 2023 10:21:20 +0800
Subject: [PATCH 586/760] [KYUUBI #5204] Thrift HTTP FE checks req conf
 nullable before evaluating proxy user

### _Why are the changes needed?_

This PR fixes a NPE when client opens session with null configuration using Thrift HTTP protocol

```
2023-08-28 02:03:56.512 ERROR org.apache.kyuubi.server.KyuubiTHttpFrontendService: Error opening session:
java.lang.NullPointerException: null
        at org.apache.kyuubi.service.TFrontendService.getProxyUser(TFrontendService.scala:130) ~[kyuubi-common_2.12-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at org.apache.kyuubi.server.KyuubiTHttpFrontendService.getRealUserAndSessionUser(KyuubiTHttpFrontendService.scala:281) ~[kyuubi-server_2.12-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at org.apache.kyuubi.service.TFrontendService.getSessionHandle(TFrontendService.scala:168) ~[kyuubi-common_2.12-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at org.apache.kyuubi.service.TFrontendService.OpenSession(TFrontendService.scala:190) ~[kyuubi-common_2.12-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1497) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1482) ~[hive-service-rpc-3.1.3.jar:3.1.3]
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.thrift.server.TServlet.doPost(TServlet.java:83) ~[libthrift-0.9.3.jar:0.9.3]
        at org.apache.kyuubi.server.http.ThriftHttpServlet.doPost(ThriftHttpServlet.scala:146) ~[kyuubi-server_2.12-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:517) ~[jakarta.servlet-api-4.0.4.jar:4.0.4]
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5204 from pan3793/http-null.

Closes #5204

1116b5efc [Cheng Pan] Thrift HTTP FE checks req conf nullable before evaluating proxy user

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/server/KyuubiTHttpFrontendService.scala   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTHttpFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTHttpFrontendService.scala
index 63933aa77..79351118c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTHttpFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTHttpFrontendService.scala
@@ -278,7 +278,11 @@ final class KyuubiTHttpFrontendService(
     val realUser = getShortName(Option(SessionManager.getUserName).getOrElse(req.getUsername))
     // using the remote ip address instead of that in proxy http header for authentication
     val ipAddress: String = SessionManager.getIpAddress
-    val sessionUser: String = getProxyUser(req.getConfiguration, ipAddress, realUser)
+    val sessionUser: String = if (req.getConfiguration == null) {
+      realUser
+    } else {
+      getProxyUser(req.getConfiguration, ipAddress, realUser)
+    }
     debug(s"Client's real user: $realUser, session user: $sessionUser")
     realUser -> sessionUser
   }

From b1eef09dced8ea752372c41ac5cddbcf1121e3df Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 28 Aug 2023 19:46:08 +0800
Subject: [PATCH 587/760] [KYUUBI #5205] [BUILD][k8s] Upgrade
 `kubernetes-client` to 6.8.1

### _Why are the changes needed?_

This PR aims to upgrade kubernetes-client to 6.8.1.
https://github.com/fabric8io/kubernetes-client/releases/tag/v6.8.0
https://github.com/fabric8io/kubernetes-client/releases/tag/v6.8.1

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5205 from turboFei/k8s_client_version_upgrade.

Closes #5205

3d8d06ca3 [fwang12] Upgrade kubernetes client version to 6.8.1

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 dev/dependencyList | 50 +++++++++++++++++++++++-----------------------
 pom.xml            |  2 +-
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 23573a598..f7b4781ce 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -107,31 +107,31 @@ jetty-util/9.4.51.v20230217//jetty-util-9.4.51.v20230217.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
 kafka-clients/3.4.0//kafka-clients-3.4.0.jar
-kubernetes-client-api/6.7.2//kubernetes-client-api-6.7.2.jar
-kubernetes-client/6.7.2//kubernetes-client-6.7.2.jar
-kubernetes-httpclient-okhttp/6.7.2//kubernetes-httpclient-okhttp-6.7.2.jar
-kubernetes-model-admissionregistration/6.7.2//kubernetes-model-admissionregistration-6.7.2.jar
-kubernetes-model-apiextensions/6.7.2//kubernetes-model-apiextensions-6.7.2.jar
-kubernetes-model-apps/6.7.2//kubernetes-model-apps-6.7.2.jar
-kubernetes-model-autoscaling/6.7.2//kubernetes-model-autoscaling-6.7.2.jar
-kubernetes-model-batch/6.7.2//kubernetes-model-batch-6.7.2.jar
-kubernetes-model-certificates/6.7.2//kubernetes-model-certificates-6.7.2.jar
-kubernetes-model-common/6.7.2//kubernetes-model-common-6.7.2.jar
-kubernetes-model-coordination/6.7.2//kubernetes-model-coordination-6.7.2.jar
-kubernetes-model-core/6.7.2//kubernetes-model-core-6.7.2.jar
-kubernetes-model-discovery/6.7.2//kubernetes-model-discovery-6.7.2.jar
-kubernetes-model-events/6.7.2//kubernetes-model-events-6.7.2.jar
-kubernetes-model-extensions/6.7.2//kubernetes-model-extensions-6.7.2.jar
-kubernetes-model-flowcontrol/6.7.2//kubernetes-model-flowcontrol-6.7.2.jar
-kubernetes-model-gatewayapi/6.7.2//kubernetes-model-gatewayapi-6.7.2.jar
-kubernetes-model-metrics/6.7.2//kubernetes-model-metrics-6.7.2.jar
-kubernetes-model-networking/6.7.2//kubernetes-model-networking-6.7.2.jar
-kubernetes-model-node/6.7.2//kubernetes-model-node-6.7.2.jar
-kubernetes-model-policy/6.7.2//kubernetes-model-policy-6.7.2.jar
-kubernetes-model-rbac/6.7.2//kubernetes-model-rbac-6.7.2.jar
-kubernetes-model-resource/6.7.2//kubernetes-model-resource-6.7.2.jar
-kubernetes-model-scheduling/6.7.2//kubernetes-model-scheduling-6.7.2.jar
-kubernetes-model-storageclass/6.7.2//kubernetes-model-storageclass-6.7.2.jar
+kubernetes-client-api/6.8.1//kubernetes-client-api-6.8.1.jar
+kubernetes-client/6.8.1//kubernetes-client-6.8.1.jar
+kubernetes-httpclient-okhttp/6.8.1//kubernetes-httpclient-okhttp-6.8.1.jar
+kubernetes-model-admissionregistration/6.8.1//kubernetes-model-admissionregistration-6.8.1.jar
+kubernetes-model-apiextensions/6.8.1//kubernetes-model-apiextensions-6.8.1.jar
+kubernetes-model-apps/6.8.1//kubernetes-model-apps-6.8.1.jar
+kubernetes-model-autoscaling/6.8.1//kubernetes-model-autoscaling-6.8.1.jar
+kubernetes-model-batch/6.8.1//kubernetes-model-batch-6.8.1.jar
+kubernetes-model-certificates/6.8.1//kubernetes-model-certificates-6.8.1.jar
+kubernetes-model-common/6.8.1//kubernetes-model-common-6.8.1.jar
+kubernetes-model-coordination/6.8.1//kubernetes-model-coordination-6.8.1.jar
+kubernetes-model-core/6.8.1//kubernetes-model-core-6.8.1.jar
+kubernetes-model-discovery/6.8.1//kubernetes-model-discovery-6.8.1.jar
+kubernetes-model-events/6.8.1//kubernetes-model-events-6.8.1.jar
+kubernetes-model-extensions/6.8.1//kubernetes-model-extensions-6.8.1.jar
+kubernetes-model-flowcontrol/6.8.1//kubernetes-model-flowcontrol-6.8.1.jar
+kubernetes-model-gatewayapi/6.8.1//kubernetes-model-gatewayapi-6.8.1.jar
+kubernetes-model-metrics/6.8.1//kubernetes-model-metrics-6.8.1.jar
+kubernetes-model-networking/6.8.1//kubernetes-model-networking-6.8.1.jar
+kubernetes-model-node/6.8.1//kubernetes-model-node-6.8.1.jar
+kubernetes-model-policy/6.8.1//kubernetes-model-policy-6.8.1.jar
+kubernetes-model-rbac/6.8.1//kubernetes-model-rbac-6.8.1.jar
+kubernetes-model-resource/6.8.1//kubernetes-model-resource-6.8.1.jar
+kubernetes-model-scheduling/6.8.1//kubernetes-model-scheduling-6.8.1.jar
+kubernetes-model-storageclass/6.8.1//kubernetes-model-storageclass-6.8.1.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.9.3//libthrift-0.9.3.jar
 log4j-1.2-api/2.20.0//log4j-1.2-api-2.20.0.jar
diff --git a/pom.xml b/pom.xml
index 36edcee40..ab746643d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -168,7 +168,7 @@
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
         <kafka.version>3.4.0</kafka.version>
-        <kubernetes-client.version>6.7.2</kubernetes-client.version>
+        <kubernetes-client.version>6.8.1</kubernetes-client.version>
         <kyuubi-shaded-zookeeper.artifacts>kyuubi-shaded-zookeeper-34</kyuubi-shaded-zookeeper.artifacts>
         <kyuubi-shaded-zookeeper.version>0.1.0</kyuubi-shaded-zookeeper.version>
         <ldapsdk.version>6.0.5</ldapsdk.version>

From b3b58f0460fcf4dc9f6f831c275de821a68d60db Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Tue, 29 Aug 2023 07:33:50 +0800
Subject: [PATCH 588/760] [KYUUBI #5209] Reformat Scala source code crossing
 versions

### _Why are the changes needed?_

- adding source code in `src/main/scala-2.12/**/*.scala` and `src/main/scala-2.13/**/*.scala` to including paths for Scala spotless styling

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5209 from bowenliang123/scala-reformat.

Closes #5209

84b4205e9 [liangbowen] use wildcard for scala versions
0c32c582d [liangbowen] reformat scala-2.12 specific code

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/engine/spark/repl/KyuubiSparkILoop.scala  | 12 +++++++-----
 pom.xml                                              |  2 ++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala b/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
index 33a95399d..a63d71a78 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala-2.13/org/apache/kyuubi/engine/spark/repl/KyuubiSparkILoop.scala
@@ -17,16 +17,18 @@
 
 package org.apache.kyuubi.engine.spark.repl
 
-import org.apache.kyuubi.Utils
+import java.io.{ByteArrayOutputStream, File, PrintWriter}
+import java.util.concurrent.locks.ReentrantLock
+
+import scala.tools.nsc.Settings
+import scala.tools.nsc.interpreter.{IMain, Results}
+
 import org.apache.spark.SparkContext
 import org.apache.spark.repl.SparkILoop
 import org.apache.spark.sql.{DataFrame, SparkSession}
 import org.apache.spark.util.MutableURLClassLoader
 
-import java.io.{ByteArrayOutputStream, File, PrintWriter}
-import java.util.concurrent.locks.ReentrantLock
-import scala.tools.nsc.Settings
-import scala.tools.nsc.interpreter.{IMain, Results}
+import org.apache.kyuubi.Utils
 
 private[spark] case class KyuubiSparkILoop private (
     spark: SparkSession,
diff --git a/pom.xml b/pom.xml
index ab746643d..99e17ce96 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1884,7 +1884,9 @@
                         <scala>
                             <includes>
                                 <include>src/main/scala/**/*.scala</include>
+                                <include>src/main/scala-*/**/*.scala</include>
                                 <include>src/test/scala/**/*.scala</include>
+                                <include>src/test/scala-*/**/*.scala</include>
                                 <include>src/test/gen/scala/**/*.scala</include>
                             </includes>
                             <scalafmt>

From be48b9404a9e371d277b6f62d40a64e964eccc63 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 29 Aug 2023 13:26:38 +0800
Subject: [PATCH 589/760] [KYUUBI #5206] Try to kill pod with label if no
 ApplicationInfo found to prevent pod leak

### _Why are the changes needed?_

Now for `KubernetesApplicationOperation`, it rely on the appInfoStore.

For batch rest api, if the closeBatch request can not be send to the kyuubiInstance that created the batch, the current kyuubiInstance will try to kill the batch.

I wonder that, in this case, the applicationInfo might can not be found in the appInfoStore.

It is better to try the best to kill the pod with  `kyuubi-unique-tag` label to prevent pod leak.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5206 from turboFei/k8s_pod_kill.

Closes #5206

630bcd04b [fwang12] warning
a9c22e03f [fwang12] delete with label

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../KubernetesApplicationOperation.scala      | 29 ++++++++++++-------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index b61abc30b..7ddd0366b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -125,18 +125,27 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     val kubernetesClient = getOrCreateKubernetesClient(kubernetesInfo)
     debug(s"[$kubernetesInfo] Deleting application info from Kubernetes cluster by $tag tag")
     try {
-      val info = appInfoStore.getOrDefault(tag, ApplicationInfo.NOT_FOUND)
-      debug(s"Application info[tag: $tag] is in ${info.state}")
-      info.state match {
-        case NOT_FOUND | FAILED | UNKNOWN =>
-          (
-            false,
-            s"[$kubernetesInfo] Target application[tag: $tag] is in ${info.state} status")
-        case _ =>
+      Option(appInfoStore.get(tag)) match {
+        case Some(info) =>
+          debug(s"Application info[tag: $tag] is in ${info.state}")
+          info.state match {
+            case NOT_FOUND | FAILED | UNKNOWN =>
+              (
+                false,
+                s"[$kubernetesInfo] Target application[tag: $tag] is in ${info.state} status")
+            case _ =>
+              (
+                !kubernetesClient.pods.withName(info.name).delete().isEmpty,
+                s"[$kubernetesInfo] Operation of deleted" +
+                  s" application[appId: ${info.id} ,tag: $tag] is completed")
+          }
+        case None =>
+          warn(s"No application info found for tag[$tag]," +
+            s" trying to delete pod with label [$LABEL_KYUUBI_UNIQUE_KEY -> $tag]")
           (
-            !kubernetesClient.pods.withName(info.name).delete().isEmpty,
+            !kubernetesClient.pods.withLabel(LABEL_KYUUBI_UNIQUE_KEY, tag).delete().isEmpty,
             s"[$kubernetesInfo] Operation of deleted" +
-              s" application[appId: ${info.id} ,tag: $tag] is completed")
+              s" pod with label [$LABEL_KYUUBI_UNIQUE_KEY -> $tag] is completed")
       }
     } catch {
       case e: Exception =>

From 19d54ec7390a2e74c22aa11bbcc5ac57ff61fa41 Mon Sep 17 00:00:00 2001
From: Fantasy-Jay <13631435453@163.com>
Date: Tue, 29 Aug 2023 14:26:46 +0800
Subject: [PATCH 590/760] [KYUUBI #4540] Support to deny some users to make
 connection

### _Why are the changes needed?_

Improvement: https://github.com/apache/kyuubi/issues/4540

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5182 from zhuyaogai/issue-4540.

Closes #4540

73652ae6d [Fantasy-Jay] Merge remote-tracking branch 'origin/issue-4540' into issue-4540
ae7a3b5bb [Fantasy-Jay] Support to deny some user to make connection.
46ee2f158 [Fantasy-Jay] Support to limit some user to make connection.
3d7e5e534 [Fantasy-Jay] Support to limit some user to make connection.
1f173ffe4 [Fantasy-Jay] Merge branch 'master' into issue-4540
1d3a3d47f [Fantasy-Jay] Support to limit some user to make connection.
e4a1b3eb3 [Fantasy-Jay] Support to limit some user to make connection.
1c120a992 [Fantasy-Jay] Support to limit some user to make connection.
6b657aa99 [Fantasy-Jay] Support to limit some user to make connection.
506c4751b [Fantasy-Jay] Support to limit some user to make connection.
f99072ef5 [Fantasy-Jay] Support to limit some user to make connection.

Authored-by: Fantasy-Jay <13631435453@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                |  1 +
 docs/tools/kyuubi-admin.rst                   |  2 +
 .../org/apache/kyuubi/config/KyuubiConf.scala | 11 +++++
 .../cmd/refresh/RefreshConfigCommand.scala    |  4 +-
 .../kyuubi/ctl/opt/AdminCommandLine.scala     |  3 +-
 .../ctl/AdminControlCliArgumentsSuite.scala   | 11 ++++-
 .../apache/kyuubi/client/AdminRestApi.java    |  5 +++
 .../apache/kyuubi/server/KyuubiServer.scala   | 12 +++++-
 .../kyuubi/server/api/v1/AdminResource.scala  | 19 +++++++++
 .../kyuubi/session/KyuubiSessionManager.scala | 39 ++++++++++++++----
 .../kyuubi/session/SessionLimiter.scala       | 41 +++++++++++++++----
 .../server/api/v1/AdminResourceSuite.scala    | 13 ++++++
 .../kyuubi/session/SessionLimiterSuite.scala  | 34 ++++++++++++++-
 13 files changed, 174 insertions(+), 21 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 8387830ea..674568ad2 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -391,6 +391,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.server.limit.connections.per.ipaddress            | &lt;undefined&gt; | Maximum kyuubi server connections per ipaddress. Any user exceeding this limit will not be allowed to connect.                                                                                                                                 | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user                 | &lt;undefined&gt; | Maximum kyuubi server connections per user. Any user exceeding this limit will not be allowed to connect.                                                                                                                                      | int      | 1.6.0 |
 | kyuubi.server.limit.connections.per.user.ipaddress       | &lt;undefined&gt; | Maximum kyuubi server connections per user:ipaddress combination. Any user-ipaddress exceeding this limit will not be allowed to connect.                                                                                                      | int      | 1.6.0 |
+| kyuubi.server.limit.connections.user.deny.list                              || The user in the deny list will be denied to connect to kyuubi server, if the user has configured both user.unlimited.list and user.deny.list, the priority of the latter is higher.                                                            | set      | 1.8.0 |
 | kyuubi.server.limit.connections.user.unlimited.list                         || The maximum connections of the user in the white list will not be limited.                                                                                                                                                                     | set      | 1.7.0 |
 | kyuubi.server.name                                       | &lt;undefined&gt; | The name of Kyuubi Server.                                                                                                                                                                                                                     | string   | 1.5.0 |
 | kyuubi.server.periodicGC.interval                        | PT30M             | How often to trigger a garbage collection.                                                                                                                                                                                                     | duration | 1.7.0 |
diff --git a/docs/tools/kyuubi-admin.rst b/docs/tools/kyuubi-admin.rst
index 7fd07e973..29149e92f 100644
--- a/docs/tools/kyuubi-admin.rst
+++ b/docs/tools/kyuubi-admin.rst
@@ -73,6 +73,8 @@ Usage: ``bin/kyuubi-admin refresh config [options] [<configType>]``
      - The user defaults configs with key in format in the form of `___{username}___.{config key}` from default property file.
    * - unlimitedUsers
      - The users without maximum connections limitation.
+   * - denyUsers
+     - The user in the deny list will be denied to connect to kyuubi server.
 
 .. _list_engine:
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index c1b2052d9..2c158b8e8 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2624,6 +2624,17 @@ object KyuubiConf {
       .toSet()
       .createWithDefault(Set.empty)
 
+  val SERVER_LIMIT_CONNECTIONS_USER_DENY_LIST: ConfigEntry[Set[String]] =
+    buildConf("kyuubi.server.limit.connections.user.deny.list")
+      .doc("The user in the deny list will be denied to connect to kyuubi server, " +
+        "if the user has configured both user.unlimited.list and user.deny.list, " +
+        "the priority of the latter is higher.")
+      .version("1.8.0")
+      .serverOnly
+      .stringConf
+      .toSet()
+      .createWithDefault(Set.empty)
+
   val SERVER_LIMIT_BATCH_CONNECTIONS_PER_USER: OptionalConfigEntry[Int] =
     buildConf("kyuubi.server.limit.batch.connections.per.user")
       .doc("Maximum kyuubi server batch connections per user." +
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
index 571e7eef3..1cda224df 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/refresh/RefreshConfigCommand.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.KyuubiException
 import org.apache.kyuubi.client.AdminRestApi
 import org.apache.kyuubi.ctl.RestClientFactory.withKyuubiRestClient
 import org.apache.kyuubi.ctl.cmd.AdminCtlCommand
-import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommandConfigType.{HADOOP_CONF, KUBERNETES_CONF, UNLIMITED_USERS, USER_DEFAULTS_CONF}
+import org.apache.kyuubi.ctl.cmd.refresh.RefreshConfigCommandConfigType.{DENY_USERS, HADOOP_CONF, KUBERNETES_CONF, UNLIMITED_USERS, USER_DEFAULTS_CONF}
 import org.apache.kyuubi.ctl.opt.CliConfig
 import org.apache.kyuubi.ctl.util.{Tabulator, Validator}
 
@@ -38,6 +38,7 @@ class RefreshConfigCommand(cliConfig: CliConfig) extends AdminCtlCommand[String]
         case USER_DEFAULTS_CONF => adminRestApi.refreshUserDefaultsConf()
         case KUBERNETES_CONF => adminRestApi.refreshKubernetesConf()
         case UNLIMITED_USERS => adminRestApi.refreshUnlimitedUsers()
+        case DENY_USERS => adminRestApi.refreshDenyUsers()
         case configType => throw new KyuubiException(s"Invalid config type:$configType")
       }
     }
@@ -52,4 +53,5 @@ object RefreshConfigCommandConfigType {
   final val USER_DEFAULTS_CONF = "userDefaultsConf"
   final val KUBERNETES_CONF = "kubernetesConf"
   final val UNLIMITED_USERS = "unlimitedUsers"
+  final val DENY_USERS = "denyUsers"
 }
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
index 588f3ea37..c7e367405 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
@@ -108,6 +108,7 @@ object AdminCommandLine extends CommonCommandLine {
           .optional()
           .action((v, c) => c.copy(adminConfigOpts = c.adminConfigOpts.copy(configType = v)))
           .text("The valid config type can be one of the following: " +
-            s"$HADOOP_CONF, $USER_DEFAULTS_CONF, $KUBERNETES_CONF, $UNLIMITED_USERS."))
+            s"$HADOOP_CONF, $USER_DEFAULTS_CONF, $KUBERNETES_CONF, " +
+            s"$UNLIMITED_USERS, $DENY_USERS."))
   }
 }
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
index 72b6fd3e8..52a2796f4 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
@@ -92,6 +92,15 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
     assert(opArgs4.cliConfig.resource === ControlObject.CONFIG)
     assert(opArgs4.cliConfig.adminConfigOpts.configType === KUBERNETES_CONF)
 
+    args = Array(
+      "refresh",
+      "config",
+      "denyUsers")
+    val opArgs5 = new AdminControlCliArguments(args)
+    assert(opArgs5.cliConfig.action === ControlAction.REFRESH)
+    assert(opArgs5.cliConfig.resource === ControlObject.CONFIG)
+    assert(opArgs5.cliConfig.adminConfigOpts.configType === DENY_USERS)
+
     args = Array(
       "refresh",
       "config",
@@ -174,7 +183,7 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
          |	Refresh the resource.
          |Command: refresh config [<configType>]
          |	Refresh the config with specified type.
-         |  <configType>             The valid config type can be one of the following: $HADOOP_CONF, $USER_DEFAULTS_CONF, $KUBERNETES_CONF, $UNLIMITED_USERS.
+         |  <configType>             The valid config type can be one of the following: $HADOOP_CONF, $USER_DEFAULTS_CONF, $KUBERNETES_CONF, $UNLIMITED_USERS, $DENY_USERS.
          |
          |  -h, --help               Show help message and exit.""".stripMargin
     // scalastyle:on
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index 8287e7368..e315a96cc 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -57,6 +57,11 @@ public String refreshUnlimitedUsers() {
     return this.getClient().post(path, null, client.getAuthHeader());
   }
 
+  public String refreshDenyUsers() {
+    String path = String.format("%s/%s", API_BASE_PATH, "refresh/deny_users");
+    return this.getClient().post(path, null, client.getAuthHeader());
+  }
+
   public String deleteEngine(
       String engineType, String shareLevel, String subdomain, String hs2ProxyUser) {
     Map<String, Object> params = new HashMap<>();
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
index bd707a66f..453ae0b79 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiServer.scala
@@ -148,11 +148,19 @@ object KyuubiServer extends Logging {
 
   private[kyuubi] def refreshUnlimitedUsers(): Unit = synchronized {
     val sessionMgr = kyuubiServer.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
-    val existingUnlimitedUsers = sessionMgr.getUnlimitedUsers()
+    val existingUnlimitedUsers = sessionMgr.getUnlimitedUsers
     sessionMgr.refreshUnlimitedUsers(KyuubiConf().loadFileDefaults())
-    val refreshedUnlimitedUsers = sessionMgr.getUnlimitedUsers()
+    val refreshedUnlimitedUsers = sessionMgr.getUnlimitedUsers
     info(s"Refreshed unlimited users from $existingUnlimitedUsers to $refreshedUnlimitedUsers")
   }
+
+  private[kyuubi] def refreshDenyUsers(): Unit = synchronized {
+    val sessionMgr = kyuubiServer.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
+    val existingDenyUsers = sessionMgr.getDenyUsers
+    sessionMgr.refreshDenyUsers(KyuubiConf().loadFileDefaults())
+    val refreshedDenyUsers = sessionMgr.getDenyUsers
+    info(s"Refreshed deny users from $existingDenyUsers to $refreshedDenyUsers")
+  }
 }
 
 class KyuubiServer(name: String) extends Serverable(name) {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 19370eebc..0c2065ff1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -125,6 +125,25 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
     Response.ok(s"Refresh the unlimited users successfully.").build()
   }
 
+  @ApiResponse(
+    responseCode = "200",
+    content = Array(new Content(mediaType = MediaType.APPLICATION_JSON)),
+    description = "refresh the deny users")
+  @POST
+  @Path("refresh/deny_users")
+  def refreshDenyUser(): Response = {
+    val userName = fe.getSessionUser(Map.empty[String, String])
+    val ipAddress = fe.getIpAddress
+    info(s"Receive refresh deny users request from $userName/$ipAddress")
+    if (!isAdministrator(userName)) {
+      throw new NotAllowedException(
+        s"$userName is not allowed to refresh the deny users")
+    }
+    info(s"Reloading deny users")
+    KyuubiServer.refreshDenyUsers()
+    Response.ok(s"Refresh the deny users successfully.").build()
+  }
+
   @ApiResponse(
     responseCode = "200",
     content = Array(new Content(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index c6a6afa8e..965469deb 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -337,8 +337,15 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     val userLimit = conf.get(SERVER_LIMIT_CONNECTIONS_PER_USER).getOrElse(0)
     val ipAddressLimit = conf.get(SERVER_LIMIT_CONNECTIONS_PER_IPADDRESS).getOrElse(0)
     val userIpAddressLimit = conf.get(SERVER_LIMIT_CONNECTIONS_PER_USER_IPADDRESS).getOrElse(0)
-    val userUnlimitedList = conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST)
-    limiter = applySessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, userUnlimitedList)
+    val userUnlimitedList =
+      conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).filter(_.nonEmpty)
+    val userDenyList = conf.get(SERVER_LIMIT_CONNECTIONS_USER_DENY_LIST).filter(_.nonEmpty)
+    limiter = applySessionLimiter(
+      userLimit,
+      ipAddressLimit,
+      userIpAddressLimit,
+      userUnlimitedList,
+      userDenyList)
 
     val userBatchLimit = conf.get(SERVER_LIMIT_BATCH_CONNECTIONS_PER_USER).getOrElse(0)
     val ipAddressBatchLimit = conf.get(SERVER_LIMIT_BATCH_CONNECTIONS_PER_IPADDRESS).getOrElse(0)
@@ -348,26 +355,44 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       userBatchLimit,
       ipAddressBatchLimit,
       userIpAddressBatchLimit,
-      userUnlimitedList)
+      userUnlimitedList,
+      userDenyList)
   }
 
-  private[kyuubi] def getUnlimitedUsers(): Set[String] = {
+  private[kyuubi] def getUnlimitedUsers: Set[String] = {
     limiter.orElse(batchLimiter).map(SessionLimiter.getUnlimitedUsers).getOrElse(Set.empty)
   }
 
   private[kyuubi] def refreshUnlimitedUsers(conf: KyuubiConf): Unit = {
-    val unlimitedUsers = conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST)
+    val unlimitedUsers =
+      conf.get(SERVER_LIMIT_CONNECTIONS_USER_UNLIMITED_LIST).filter(_.nonEmpty)
     limiter.foreach(SessionLimiter.resetUnlimitedUsers(_, unlimitedUsers))
     batchLimiter.foreach(SessionLimiter.resetUnlimitedUsers(_, unlimitedUsers))
   }
 
+  private[kyuubi] def getDenyUsers: Set[String] = {
+    limiter.orElse(batchLimiter).map(SessionLimiter.getDenyUsers).getOrElse(Set.empty)
+  }
+
+  private[kyuubi] def refreshDenyUsers(conf: KyuubiConf): Unit = {
+    val denyUsers = conf.get(SERVER_LIMIT_CONNECTIONS_USER_DENY_LIST).filter(_.nonEmpty)
+    limiter.foreach(SessionLimiter.resetDenyUsers(_, denyUsers))
+    batchLimiter.foreach(SessionLimiter.resetDenyUsers(_, denyUsers))
+  }
+
   private def applySessionLimiter(
       userLimit: Int,
       ipAddressLimit: Int,
       userIpAddressLimit: Int,
-      userUnlimitedList: Set[String]): Option[SessionLimiter] = {
+      userUnlimitedList: Set[String],
+      userLimitedList: Set[String]): Option[SessionLimiter] = {
     Seq(userLimit, ipAddressLimit, userIpAddressLimit).find(_ > 0).map(_ =>
-      SessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, userUnlimitedList))
+      SessionLimiter(
+        userLimit,
+        ipAddressLimit,
+        userIpAddressLimit,
+        userUnlimitedList,
+        userLimitedList))
   }
 
   private def startEngineAliveChecker(): Unit = {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
index 96ca36df1..c8112d532 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
@@ -101,14 +101,22 @@ class SessionLimiterImpl(userLimit: Int, ipAddressLimit: Int, userIpAddressLimit
   }
 }
 
-class SessionLimiterWithUnlimitedUsersImpl(
+class SessionLimiterWithAccessControlListImpl(
     userLimit: Int,
     ipAddressLimit: Int,
     userIpAddressLimit: Int,
-    var unlimitedUsers: Set[String])
+    var unlimitedUsers: Set[String],
+    var denyUsers: Set[String])
   extends SessionLimiterImpl(userLimit, ipAddressLimit, userIpAddressLimit) {
   override def increment(userIpAddress: UserIpAddress): Unit = {
-    if (!unlimitedUsers.contains(userIpAddress.user)) {
+    val user = userIpAddress.user
+    if (StringUtils.isNotBlank(user) && denyUsers.contains(user)) {
+      val errorMsg =
+        s"Connection denied because the user is in the deny user list. (user: $user)"
+      throw KyuubiSQLException(errorMsg)
+    }
+
+    if (!unlimitedUsers.contains(user)) {
       super.increment(userIpAddress)
     }
   }
@@ -122,6 +130,10 @@ class SessionLimiterWithUnlimitedUsersImpl(
   private[kyuubi] def setUnlimitedUsers(unlimitedUsers: Set[String]): Unit = {
     this.unlimitedUsers = unlimitedUsers
   }
+
+  private[kyuubi] def setDenyUsers(denyUsers: Set[String]): Unit = {
+    this.denyUsers = denyUsers
+  }
 }
 
 object SessionLimiter {
@@ -130,22 +142,35 @@ object SessionLimiter {
       userLimit: Int,
       ipAddressLimit: Int,
       userIpAddressLimit: Int,
-      unlimitedUsers: Set[String] = Set.empty): SessionLimiter = {
-    new SessionLimiterWithUnlimitedUsersImpl(
+      unlimitedUsers: Set[String] = Set.empty,
+      denyUsers: Set[String] = Set.empty): SessionLimiter = {
+    new SessionLimiterWithAccessControlListImpl(
       userLimit,
       ipAddressLimit,
       userIpAddressLimit,
-      unlimitedUsers)
+      unlimitedUsers,
+      denyUsers)
   }
 
   def resetUnlimitedUsers(limiter: SessionLimiter, unlimitedUsers: Set[String]): Unit =
     limiter match {
-      case l: SessionLimiterWithUnlimitedUsersImpl => l.setUnlimitedUsers(unlimitedUsers)
+      case l: SessionLimiterWithAccessControlListImpl => l.setUnlimitedUsers(unlimitedUsers)
       case _ =>
     }
 
   def getUnlimitedUsers(limiter: SessionLimiter): Set[String] = limiter match {
-    case l: SessionLimiterWithUnlimitedUsersImpl => l.unlimitedUsers
+    case l: SessionLimiterWithAccessControlListImpl => l.unlimitedUsers
+    case _ => Set.empty
+  }
+
+  def resetDenyUsers(limiter: SessionLimiter, denyUsers: Set[String]): Unit =
+    limiter match {
+      case l: SessionLimiterWithAccessControlListImpl => l.setDenyUsers(denyUsers)
+      case _ =>
+    }
+
+  def getDenyUsers(limiter: SessionLimiter): Set[String] = limiter match {
+    case l: SessionLimiterWithAccessControlListImpl => l.denyUsers
     case _ => Set.empty
   }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 7a65032a6..ff5a7e844 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -125,6 +125,19 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     assert(200 == response.getStatus)
   }
 
+  test("refresh deny users of the kyuubi server") {
+    var response = webTarget.path("api/v1/admin/refresh/deny_users")
+      .request()
+      .post(null)
+    assert(405 == response.getStatus)
+
+    response = webTarget.path("api/v1/admin/refresh/deny_users")
+      .request()
+      .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+      .post(null)
+    assert(200 == response.getStatus)
+  }
+
   test("list/close sessions") {
     val requestObj = new SessionOpenRequest(Map("testConfig" -> "testValue").asJava)
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala
index a22b84d1c..df75d15f2 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala
@@ -97,7 +97,7 @@ class SessionLimiterSuite extends KyuubiFunSuite {
       .foreach(c => assert(c.get() == 0))
   }
 
-  test("test session limiter with user unlimitted list") {
+  test("test session limiter with user unlimited list") {
     val user = "user001"
     val ipAddress = "127.0.0.1"
     val userLimit = 30
@@ -117,4 +117,36 @@ class SessionLimiterSuite extends KyuubiFunSuite {
     limiter.asInstanceOf[SessionLimiterImpl].counters().asScala.values
       .foreach(c => assert(c.get() == 0))
   }
+
+  test("test session limiter with user deny list") {
+    val ipAddress = "127.0.0.1"
+    val userLimit = 100
+    val ipAddressLimit = 100
+    val userIpAddressLimit = 100
+    val denyUsers = Set("user002", "user003")
+    val limiter =
+      SessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, Set.empty, denyUsers)
+
+    for (i <- 0 until 50) {
+      val userIpAddress = UserIpAddress("user001", ipAddress)
+      limiter.increment(userIpAddress)
+    }
+    limiter.asInstanceOf[SessionLimiterImpl].counters().asScala.values
+      .foreach(c => assert(c.get() == 50))
+
+    for (i <- 0 until 50) {
+      val userIpAddress = UserIpAddress("user001", ipAddress)
+      limiter.decrement(userIpAddress)
+    }
+    limiter.asInstanceOf[SessionLimiterImpl].counters().asScala.values
+      .foreach(c => assert(c.get() == 0))
+
+    val caught = intercept[KyuubiSQLException] {
+      val userIpAddress = UserIpAddress("user002", ipAddress)
+      limiter.increment(userIpAddress)
+    }
+
+    assert(caught.getMessage.equals(
+      "Connection denied because the user is in the deny user list. (user: user002)"))
+  }
 }

From 1efad474fd1979323e9bdcccab4f38e9a1952e56 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 30 Aug 2023 10:56:13 +0800
Subject: [PATCH 591/760] [KYUUBI #5214] Correct file path for scala tests in
 util-scala module

### _Why are the changes needed?_

- Move Scala tests in `kyuubi-util-scala` module from `src/test/java`back to the correct path `src/test/scala`
- Apply Scala style fixes
- Add handy assertion methods for intercepting exception

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5214 from bowenliang123/scalautil-test.

Closes #5214

55bc38cde [liangbowen] correct file path for scala tests in util-scala module

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../apache/kyuubi/util/AssertionUtils.scala   | 26 ++++++++++++++++++-
 .../kyuubi/util/SemanticVersionSuite.scala    | 11 ++++++--
 .../util/reflect/ReflectUtilsSuite.scala      | 20 +++++++-------
 3 files changed, 45 insertions(+), 12 deletions(-)
 rename kyuubi-util-scala/src/test/{java => scala}/org/apache/kyuubi/util/AssertionUtils.scala (71%)
 rename kyuubi-util-scala/src/test/{java => scala}/org/apache/kyuubi/util/SemanticVersionSuite.scala (89%)
 rename kyuubi-util-scala/src/test/{java => scala}/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala (87%)

diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/AssertionUtils.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
similarity index 71%
rename from kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/AssertionUtils.scala
rename to kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
index 7b465cb7f..a6cd9b862 100644
--- a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/AssertionUtils.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
@@ -18,8 +18,10 @@ package org.apache.kyuubi.util
 
 import java.util.Locale
 
+import scala.reflect.ClassTag
+
 import org.scalactic.source
-import org.scalatest.Assertions.fail
+import org.scalatest.Assertions._
 
 object AssertionUtils {
 
@@ -51,4 +53,26 @@ object AssertionUtils {
       fail(s"Expected containing '$expected' ignoring case, but got [$actual]")(pos)
     }
   }
+
+  /**
+   * Asserts that the given function throws an exception of the given type
+   * and with the exception message equals to expected string
+   */
+  def interceptEquals[T <: Exception](f: => Any)(expected: String)(implicit
+      classTag: ClassTag[T],
+      pos: source.Position): Unit = {
+    val exception = intercept[T](f)(classTag, pos)
+    assertResult(expected)(exception.getMessage)
+  }
+
+  /**
+   * Asserts that the given function throws an exception of the given type
+   * and with the exception message equals to expected string
+   */
+  def interceptContains[T <: Exception](f: => Any)(contained: String)(implicit
+      classTag: ClassTag[T],
+      pos: source.Position): Unit = {
+    val exception = intercept[T](f)(classTag, pos)
+    assert(exception.getMessage.contains(contained))
+  }
 }
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/SemanticVersionSuite.scala
similarity index 89%
rename from kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
rename to kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/SemanticVersionSuite.scala
index ca208d89c..6cad67993 100644
--- a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/SemanticVersionSuite.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/SemanticVersionSuite.scala
@@ -17,7 +17,10 @@
 
 package org.apache.kyuubi.util
 // scalastyle:off
+
 import org.scalatest.funsuite.AnyFunSuite
+
+import org.apache.kyuubi.util.AssertionUtils._
 // scalastyle:on
 
 // scalastyle:off
@@ -42,8 +45,12 @@ class SemanticVersionSuite extends AnyFunSuite {
   }
 
   test("reject parsing illegal formatted version") {
-    assertThrows[IllegalArgumentException](SemanticVersion("v1.0"))
-    assertThrows[IllegalArgumentException](SemanticVersion(".1.0"))
+    interceptContains[IllegalArgumentException](SemanticVersion("v1.0"))(
+      "Tried to parse 'v1.0' as a project version string, " +
+        "but it could not find the major and minor version numbers")
+    interceptContains[IllegalArgumentException](SemanticVersion(".1.0"))(
+      "Tried to parse '.1.0' as a project version string, " +
+        "but it could not find the major and minor version numbers")
   }
 
   test("companion class compare version at most") {
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
similarity index 87%
rename from kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
rename to kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
index d81d1d9f9..626aeebe2 100644
--- a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
@@ -16,9 +16,10 @@
  */
 package org.apache.kyuubi.util.reflect
 
+// scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
-// scalastyle:off
+import org.apache.kyuubi.util.AssertionUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 class ReflectUtilsSuite extends AnyFunSuite {
   // scalastyle:on
@@ -68,15 +69,16 @@ class ReflectUtilsSuite extends AnyFunSuite {
   }
 
   test("test invokeAs method not found exception") {
-    val exception = intercept[RuntimeException]{
-      invokeAs[String](ObjectA, "methodNotExists", (classOf[String], "arg1"),
+    interceptEquals[RuntimeException] {
+      invokeAs[String](
+        ObjectA,
+        "methodNotExists",
+        (classOf[String], "arg1"),
         (classOf[String], "arg2"))
-    }
-    assert(exception.getMessage ===
-      "Method methodNotExists(java.lang.String, java.lang.String) not found " +
-        "in class org.apache.kyuubi.util.reflect.ObjectA$ " +
-        "[equals(java.lang.Object), field5(), field6(), getClass(), hashCode(), method5(), " +
-        "method6(), notify(), notifyAll(), toString(), wait(), wait(long), wait(long, int)]")
+    }("Method methodNotExists(java.lang.String, java.lang.String) not found " +
+      "in class org.apache.kyuubi.util.reflect.ObjectA$ " +
+      "[equals(java.lang.Object), field5(), field6(), getClass(), hashCode(), method5(), " +
+      "method6(), notify(), notifyAll(), toString(), wait(), wait(long), wait(long, int)]")
   }
 }
 

From b95d2e24386ec0c2042fc35825ab18156784ab6d Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 30 Aug 2023 19:35:23 +0800
Subject: [PATCH 592/760] [KYUUBI #5218] Improve logs of
 KubernetesApplicationOperation

### _Why are the changes needed?_

This PR improves the log message of `KubernetesApplicationOperation`, by adding `kyuubi-unique-tag=${tag_value}` to each message, which is important for analyzing while the thing goes wrong.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5218 from pan3793/log-tag.

Closes #5218

263fab9ff [Cheng Pan] revert irrelevant changes
610738b20 [Cheng Pan] nit
ad3bf97a5 [Cheng Pan] improve logs

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../KubernetesApplicationOperation.scala      | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index 7ddd0366b..c9d509efe 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -30,7 +30,7 @@ import io.fabric8.kubernetes.client.informers.{ResourceEventHandler, SharedIndex
 import org.apache.kyuubi.{KyuubiException, Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.ApplicationState.{isTerminated, ApplicationState, FAILED, FINISHED, NOT_FOUND, PENDING, RUNNING, UNKNOWN}
-import org.apache.kyuubi.engine.KubernetesApplicationOperation.{toApplicationState, LABEL_KYUUBI_UNIQUE_KEY, SPARK_APP_ID_LABEL}
+import org.apache.kyuubi.engine.KubernetesApplicationOperation.{toApplicationState, toLabel, LABEL_KYUUBI_UNIQUE_KEY, SPARK_APP_ID_LABEL}
 import org.apache.kyuubi.util.KubernetesUtils
 
 class KubernetesApplicationOperation extends ApplicationOperation with Logging {
@@ -103,7 +103,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
       .removalListener((notification: RemovalNotification[String, ApplicationState]) => {
         Option(appInfoStore.remove(notification.getKey)).foreach { removed =>
           info(s"Remove terminated application ${removed.id} with " +
-            s"tag ${notification.getKey} and state ${removed.state}")
+            s"[${toLabel(notification.getKey)}, state: ${removed.state}]")
         }
       })
       .build()
@@ -123,35 +123,34 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     }
     val kubernetesInfo = appMgrInfo.kubernetesInfo
     val kubernetesClient = getOrCreateKubernetesClient(kubernetesInfo)
-    debug(s"[$kubernetesInfo] Deleting application info from Kubernetes cluster by $tag tag")
+    debug(s"[$kubernetesInfo] Deleting application[${toLabel(tag)}]'s info from Kubernetes cluster")
     try {
       Option(appInfoStore.get(tag)) match {
         case Some(info) =>
-          debug(s"Application info[tag: $tag] is in ${info.state}")
+          debug(s"Application[${toLabel(tag)}] is in ${info.state} state")
           info.state match {
             case NOT_FOUND | FAILED | UNKNOWN =>
               (
                 false,
-                s"[$kubernetesInfo] Target application[tag: $tag] is in ${info.state} status")
+                s"[$kubernetesInfo] Target application[${toLabel(tag)}] is in ${info.state} state")
             case _ =>
               (
                 !kubernetesClient.pods.withName(info.name).delete().isEmpty,
                 s"[$kubernetesInfo] Operation of deleted" +
-                  s" application[appId: ${info.id} ,tag: $tag] is completed")
+                  s" application[appId: ${info.id}, ${toLabel(tag)}] is completed")
           }
         case None =>
-          warn(s"No application info found for tag[$tag]," +
-            s" trying to delete pod with label [$LABEL_KYUUBI_UNIQUE_KEY -> $tag]")
+          warn(s"No application info found, trying to delete pod with ${toLabel(tag)}")
           (
             !kubernetesClient.pods.withLabel(LABEL_KYUUBI_UNIQUE_KEY, tag).delete().isEmpty,
-            s"[$kubernetesInfo] Operation of deleted" +
-              s" pod with label [$LABEL_KYUUBI_UNIQUE_KEY -> $tag] is completed")
+            s"[$kubernetesInfo] Operation of deleted pod with ${toLabel(tag)} is completed")
       }
     } catch {
       case e: Exception =>
         (
           false,
-          s"[$kubernetesInfo] Failed to terminate application with $tag, due to ${e.getMessage}")
+          s"[$kubernetesInfo] Failed to terminate application[${toLabel(tag)}], " +
+            s"due to ${e.getMessage}")
     }
   }
 
@@ -162,7 +161,7 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
     if (kyuubiConf == null) {
       throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
     }
-    debug(s"Getting application info from Kubernetes cluster by $tag tag")
+    debug(s"Getting application[${toLabel(tag)}]'s info from Kubernetes cluster")
     try {
       // need to initialize the kubernetes client if not exists
       getOrCreateKubernetesClient(appMgrInfo.kubernetesInfo)
@@ -172,23 +171,23 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
         case (NOT_FOUND, Some(_submitTime)) =>
           val elapsedTime = System.currentTimeMillis - _submitTime
           if (elapsedTime > submitTimeout) {
-            error(s"Can't find target driver pod by tag: $tag, " +
+            error(s"Can't find target driver pod by ${toLabel(tag)}, " +
               s"elapsed time: ${elapsedTime}ms exceeds ${submitTimeout}ms.")
             ApplicationInfo.NOT_FOUND
           } else {
-            warn("Wait for driver pod to be created, " +
+            warn(s"Waiting for driver pod with ${toLabel(tag)} to be created, " +
               s"elapsed time: ${elapsedTime}ms, return UNKNOWN status")
             ApplicationInfo.UNKNOWN
           }
         case (NOT_FOUND, None) =>
           ApplicationInfo.NOT_FOUND
         case _ =>
-          debug(s"Successfully got application info by $tag: $appInfo")
+          debug(s"Successfully got application[${toLabel(tag)}]'s info: $appInfo")
           appInfo
       }
     } catch {
       case e: Exception =>
-        error(s"Failed to get application with $tag, due to ${e.getMessage}")
+        error(s"Failed to get application by ${toLabel(tag)}, due to ${e.getMessage}")
         ApplicationInfo.NOT_FOUND
     }
   }
@@ -271,6 +270,8 @@ object KubernetesApplicationOperation extends Logging {
   val KUBERNETES_SERVICE_HOST = "KUBERNETES_SERVICE_HOST"
   val KUBERNETES_SERVICE_PORT = "KUBERNETES_SERVICE_PORT"
 
+  def toLabel(tag: String): String = s"label: $LABEL_KYUUBI_UNIQUE_KEY=$tag"
+
   def toApplicationState(state: String): ApplicationState = state match {
     // https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go#L2396
     // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/

From 9b932df25af17c345c22fa4759c5e61ae57c24f4 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Wed, 30 Aug 2023 22:32:39 +0800
Subject: [PATCH 593/760] [KYUUBI #5213] [Improvement] Check config value by
 enum values

### _Why are the changes needed?_

- check config values in the range of targeted enum values

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5213 from bowenliang123/config-checkenum.

Closes #5213

857af7c6b [Bowen Liang] is valid enum
2862e5e7c [Bowen Liang] embrace
afe6a5333 [Bowen Liang] assert
00d22f73b [liangbowen] support checking config in the range of enumeration values

Lead-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../apache/kyuubi/config/ConfigBuilder.scala  | 22 +++++++++++++++
 .../org/apache/kyuubi/config/KyuubiConf.scala | 21 +++++---------
 .../kyuubi/config/ConfigBuilderSuite.scala    | 18 ++++++++++++
 .../KyuubiAuthenticationFactorySuite.scala    |  7 +++--
 .../service/authentication/SaslQOPSuite.scala |  2 +-
 .../kyuubi/ha/HighAvailabilityConf.scala      |  6 ++--
 .../apache/kyuubi/metrics/MetricsConf.scala   |  4 +--
 .../org/apache/kyuubi/util/EnumUtils.scala    | 28 +++++++++++++++++++
 .../apache/kyuubi/util/AssertionUtils.scala   |  2 ++
 9 files changed, 86 insertions(+), 24 deletions(-)
 create mode 100644 kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/EnumUtils.scala

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
index b64e5c5eb..d6de40241 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/ConfigBuilder.scala
@@ -24,6 +24,8 @@ import java.util.regex.PatternSyntaxException
 import scala.util.{Failure, Success, Try}
 import scala.util.matching.Regex
 
+import org.apache.kyuubi.util.EnumUtils._
+
 private[kyuubi] case class ConfigBuilder(key: String) {
 
   private[config] var _doc = ""
@@ -203,6 +205,26 @@ private[kyuubi] case class TypedConfigBuilder[T](
     }
   }
 
+  /** Checks if the user-provided value for the config matches the value set of the enumeration. */
+  def checkValues(enumeration: Enumeration): TypedConfigBuilder[T] = {
+    transform { v =>
+      val isValid = v match {
+        case iter: Iterable[Any] => isValidEnums(enumeration, iter)
+        case name => isValidEnum(enumeration, name)
+      }
+      if (!isValid) {
+        val actualValueStr = v match {
+          case iter: Iterable[Any] => iter.mkString(",")
+          case value => value.toString
+        }
+        throw new IllegalArgumentException(
+          s"The value of ${parent.key} should be one of ${enumeration.values.mkString(", ")}," +
+            s" but was $actualValueStr")
+      }
+      v
+    }
+  }
+
   /** Turns the config entry into a sequence of values of the underlying type. */
   def toSequence(sp: String = ","): TypedConfigBuilder[Seq[T]] = {
     parent._type = "seq"
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 2c158b8e8..bec69e95e 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -415,9 +415,7 @@ object KyuubiConf {
       .stringConf
       .transformToUpperCase
       .toSequence()
-      .checkValue(
-        _.forall(FrontendProtocols.values.map(_.toString).contains),
-        s"the frontend protocol should be one or more of ${FrontendProtocols.values.mkString(",")}")
+      .checkValues(FrontendProtocols)
       .createWithDefault(Seq(
         FrontendProtocols.THRIFT_BINARY.toString,
         FrontendProtocols.REST.toString))
@@ -802,9 +800,7 @@ object KyuubiConf {
     .stringConf
     .transformToUpperCase
     .toSet()
-    .checkValue(
-      _.forall(AuthTypes.values.map(_.toString).contains),
-      s"the authentication type should be one or more of ${AuthTypes.values.mkString(",")}")
+    .checkValues(AuthTypes)
     .createWithDefault(Set(AuthTypes.NONE.toString))
 
   val AUTHENTICATION_CUSTOM_CLASS: OptionalConfigEntry[String] =
@@ -1036,7 +1032,7 @@ object KyuubiConf {
     .version("1.0.0")
     .serverOnly
     .stringConf
-    .checkValues(SaslQOP.values.map(_.toString))
+    .checkValues(SaslQOP)
     .transformToLowerCase
     .createWithDefault(SaslQOP.AUTH.toString)
 
@@ -1926,7 +1922,7 @@ object KyuubiConf {
       .version("1.0.0")
       .stringConf
       .transformToUpperCase
-      .checkValues(ShareLevel.values.map(_.toString))
+      .checkValues(ShareLevel)
       .createWithDefault(ShareLevel.USER.toString)
 
   // [ZooKeeper Data Model]
@@ -2007,7 +2003,7 @@ object KyuubiConf {
     .version("1.4.0")
     .stringConf
     .transformToUpperCase
-    .checkValues(EngineType.values.map(_.toString))
+    .checkValues(EngineType)
     .createWithDefault(EngineType.SPARK_SQL.toString)
 
   val ENGINE_POOL_IGNORE_SUBDOMAIN: ConfigEntry[Boolean] =
@@ -2395,10 +2391,7 @@ object KyuubiConf {
       .version("1.7.0")
       .stringConf
       .transformToUpperCase
-      .checkValue(
-        mode => Set("PLAIN", "JSON").contains(mode),
-        "Invalid value for 'kyuubi.operation.plan.only.output.style'. Valid values are " +
-          "'plain', 'json'.")
+      .checkValues(Set("PLAIN", "JSON"))
       .createWithDefault(PlainStyle.name)
 
   val OPERATION_PLAN_ONLY_EXCLUDES: ConfigEntry[Set[String]] =
@@ -2446,7 +2439,7 @@ object KyuubiConf {
       .version("1.5.0")
       .stringConf
       .transformToUpperCase
-      .checkValues(OperationLanguages.values.map(_.toString))
+      .checkValues(OperationLanguages)
       .createWithDefault(OperationLanguages.SQL.toString)
 
   val SESSION_CONF_ADVISOR: OptionalConfigEntry[String] =
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
index 86dc51155..78429d27c 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/config/ConfigBuilderSuite.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.config
 
 import org.apache.kyuubi.KyuubiFunSuite
+import org.apache.kyuubi.util.AssertionUtils._
 
 class ConfigBuilderSuite extends KyuubiFunSuite {
 
@@ -125,4 +126,21 @@ class ConfigBuilderSuite extends KyuubiFunSuite {
     val e = intercept[IllegalArgumentException](kyuubiConf.get(intConf))
     assert(e.getMessage equals "'-1' in kyuubi.invalid.config is invalid. must be positive integer")
   }
+
+  test("invalid config for enum") {
+    object TempEnum extends Enumeration {
+      type TempEnum = Value
+      val ValA, ValB = Value
+    }
+    val stringConf = ConfigBuilder("kyuubi.invalid.config.enum")
+      .stringConf
+      .checkValues(TempEnum)
+      .createWithDefault("ValA")
+    assert(stringConf.key === "kyuubi.invalid.config.enum")
+    assert(stringConf.defaultVal.get === "ValA")
+    val kyuubiConf = KyuubiConf().set(stringConf.key, "ValC")
+    KyuubiConf.register(stringConf)
+    interceptEquals[IllegalArgumentException] { kyuubiConf.get(stringConf) }(
+      "The value of kyuubi.invalid.config.enum should be one of ValA, ValB, but was ValC")
+  }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala
index 949342629..316c9b2df 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactorySuite.scala
@@ -25,6 +25,7 @@ import org.apache.thrift.transport.TSaslServerTransport
 import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.service.authentication.PlainSASLServer.SaslPlainProvider
+import org.apache.kyuubi.util.AssertionUtils._
 import org.apache.kyuubi.util.KyuubiHadoopUtils
 
 class KyuubiAuthenticationFactorySuite extends KyuubiFunSuite {
@@ -57,9 +58,9 @@ class KyuubiAuthenticationFactorySuite extends KyuubiFunSuite {
 
   test("AuthType Other") {
     val conf = KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Set("INVALID"))
-    val e = intercept[IllegalArgumentException](new KyuubiAuthenticationFactory(conf))
-    assert(e.getMessage contains "the authentication type should be one or more of" +
-      " NOSASL,NONE,LDAP,JDBC,KERBEROS,CUSTOM")
+    interceptEquals[IllegalArgumentException] { new KyuubiAuthenticationFactory(conf) }(
+      "The value of kyuubi.authentication should be one of" +
+        " NOSASL, NONE, LDAP, JDBC, KERBEROS, CUSTOM, but was INVALID")
   }
 
   test("AuthType LDAP") {
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/SaslQOPSuite.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/SaslQOPSuite.scala
index c48f12aa7..6cf2793d2 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/SaslQOPSuite.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/SaslQOPSuite.scala
@@ -34,7 +34,7 @@ class SaslQOPSuite extends KyuubiFunSuite {
     val e = intercept[IllegalArgumentException](conf.get(SASL_QOP))
     assert(e.getMessage ===
       "The value of kyuubi.authentication.sasl.qop should be one of" +
-      " auth, auth-conf, auth-int, but was abc")
+      " auth, auth-int, auth-conf, but was abc")
   }
 
 }
diff --git a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
index 28305ac52..626557008 100644
--- a/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
+++ b/kyuubi-ha/src/main/scala/org/apache/kyuubi/ha/HighAvailabilityConf.scala
@@ -79,7 +79,7 @@ object HighAvailabilityConf {
         s"${AuthTypes.values.mkString("<ul><li>", "</li><li> ", "</li></ul>")}")
       .version("1.3.2")
       .stringConf
-      .checkValues(AuthTypes.values.map(_.toString))
+      .checkValues(AuthTypes)
       .createWithDefault(AuthTypes.NONE.toString)
 
   val HA_ZK_ENGINE_AUTH_TYPE: ConfigEntry[String] =
@@ -88,7 +88,7 @@ object HighAvailabilityConf {
         s"${AuthTypes.values.mkString("<ul><li>", "</li><li> ", "</li></ul>")}")
       .version("1.3.2")
       .stringConf
-      .checkValues(AuthTypes.values.map(_.toString))
+      .checkValues(AuthTypes)
       .createWithDefault(AuthTypes.NONE.toString)
 
   val HA_ZK_AUTH_SERVER_PRINCIPAL: OptionalConfigEntry[String] =
@@ -160,7 +160,7 @@ object HighAvailabilityConf {
         s" ${RetryPolicies.values.mkString("<ul><li>", "</li><li> ", "</li></ul>")}")
       .version("1.0.0")
       .stringConf
-      .checkValues(RetryPolicies.values.map(_.toString))
+      .checkValues(RetryPolicies)
       .createWithDefault(RetryPolicies.EXPONENTIAL_BACKOFF.toString)
 
   val HA_ZK_NODE_TIMEOUT: ConfigEntry[Long] =
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
index b22aa8909..fe11f6eb1 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
@@ -45,9 +45,7 @@ object MetricsConf {
     .stringConf
     .transformToUpperCase
     .toSet()
-    .checkValue(
-      _.forall(ReporterType.values.map(_.toString).contains),
-      s"the reporter type should be one or more of ${ReporterType.values.mkString(",")}")
+    .checkValues(ReporterType)
     .createWithDefault(Set(JSON.toString))
 
   val METRICS_CONSOLE_INTERVAL: ConfigEntry[Long] = buildConf("kyuubi.metrics.console.interval")
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/EnumUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/EnumUtils.scala
new file mode 100644
index 000000000..0ab3be381
--- /dev/null
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/EnumUtils.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.util
+
+import scala.util.Try
+
+object EnumUtils {
+  def isValidEnum(enumeration: Enumeration, enumName: Any): Boolean = Try {
+    enumeration.withName(enumName.toString)
+  }.isSuccess
+
+  def isValidEnums(enumeration: Enumeration, enumNames: Iterable[Any]): Boolean =
+    enumNames.forall(isValidEnum(enumeration, _))
+}
diff --git a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
index a6cd9b862..e12eb1bd4 100644
--- a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
@@ -61,6 +61,7 @@ object AssertionUtils {
   def interceptEquals[T <: Exception](f: => Any)(expected: String)(implicit
       classTag: ClassTag[T],
       pos: source.Position): Unit = {
+    assert(expected != null)
     val exception = intercept[T](f)(classTag, pos)
     assertResult(expected)(exception.getMessage)
   }
@@ -72,6 +73,7 @@ object AssertionUtils {
   def interceptContains[T <: Exception](f: => Any)(contained: String)(implicit
       classTag: ClassTag[T],
       pos: source.Position): Unit = {
+    assert(contained != null)
     val exception = intercept[T](f)(classTag, pos)
     assert(exception.getMessage.contains(contained))
   }

From a01d7092eaacbbf1dbb11d421ba3746073b5b586 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 31 Aug 2023 11:05:11 +0800
Subject: [PATCH 594/760] [KYUUBI #5222] [FLINK] Remove unused provided
 dependencies in Flink SQL engine

### _Why are the changes needed?_

- Remove the provided dependency `flink-table-planner_${scala.binary.version}` which provides a legacy table planner API on Scala, but is never used in Kyuubi's source code or in runtime directly.
   - `** The legacy planner is deprecated and will be dropped in Flink 1.14.**` according to [Flink 1.13's doc of Legacy Planner](https://nightlies.apache.org/flink/flink-docs-release-1.13/docs/dev/table/legacy_planner/)
   - Kyuubi has dropped support for Flink 1.14 and before in #4588
- Remove the unused provided dependency `flink-sql-parser`
- All tests on Scala 2.12 work fine without them, as `flink-table-runtime` dependency provides enough Java API for usage.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5222 from bowenliang123/flink-remove-planner.

Closes #5222

716ec06e9 [liangbowen] remove flink-sql-parser dependency
0922ba5af [liangbowen] Remove unnecessary dependency flink-table-planner

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 externals/kyuubi-flink-sql-engine/pom.xml | 12 ------------
 pom.xml                                   | 12 ------------
 2 files changed, 24 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index d485e012b..bf9e100d0 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -99,24 +99,12 @@
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.flink</groupId>
-            <artifactId>flink-table-planner_${scala.binary.version}</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.flink</groupId>
             <artifactId>flink-table-runtime</artifactId>
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.flink</groupId>
-            <artifactId>flink-sql-parser</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
         <!-- tests -->
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
diff --git a/pom.xml b/pom.xml
index 99e17ce96..9ded97e99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1391,12 +1391,6 @@
                 <version>${flink.version}</version>
             </dependency>
 
-            <dependency>
-                <groupId>org.apache.flink</groupId>
-                <artifactId>flink-table-planner_${scala.binary.version}</artifactId>
-                <version>${flink.version}</version>
-            </dependency>
-
             <dependency>
                 <groupId>org.apache.flink</groupId>
                 <artifactId>flink-table-runtime</artifactId>
@@ -1404,12 +1398,6 @@
                 <scope>provided</scope>
             </dependency>
 
-            <dependency>
-                <groupId>org.apache.flink</groupId>
-                <artifactId>flink-sql-parser</artifactId>
-                <version>${flink.version}</version>
-            </dependency>
-
             <dependency>
                 <groupId>org.apache.flink</groupId>
                 <artifactId>flink-sql-client</artifactId>

From a4b6413c2b77850baa393b469a0d2967d06c3797 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Thu, 31 Aug 2023 18:44:22 +0800
Subject: [PATCH 595/760] [KYUUBI #5224] Modify the README file of authz to
 make spark 3.4 the default version

### _Why are the changes needed?_

This PR aims to modify the README file of authz to make spark 3.4 the default version.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5224 from Yikf/authz-ci-across-spark.

Closes #5224

7e28f8619 [yikaifei] fix authz spark version and ci

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: yikaifei <yikaifei@apache.org>
---
 extensions/spark/kyuubi-spark-authz/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index 617a40a16..8964fb7d1 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -34,8 +34,8 @@ build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dran
 `-Dspark.version=`
 
 - [x] master
-- [ ] 3.4.x
-- [x] 3.3.x (default)
+- [x] 3.4.x (default)
+- [x] 3.3.x
 - [x] 3.2.x
 - [x] 3.1.x
 - [x] 3.0.x

From 8172d672a53843c6cded6de1bd6aef353ec822fd Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 1 Sep 2023 03:12:39 +0800
Subject: [PATCH 596/760] [KYUUBI #4540][FOLLOWUP] Create session limiter if
 user unlimited list or deny list nonempty

### _Why are the changes needed?_

We shall create session limiter if user unlimited list or deny list nonempty.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5215 from turboFei/typo_deny.

Closes #4540

c26dec74e [fwang12] comments
01fc61619 [fwang12] fix typo

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/session/KyuubiSessionManager.scala  | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 965469deb..19259bb1b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -385,14 +385,17 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       ipAddressLimit: Int,
       userIpAddressLimit: Int,
       userUnlimitedList: Set[String],
-      userLimitedList: Set[String]): Option[SessionLimiter] = {
-    Seq(userLimit, ipAddressLimit, userIpAddressLimit).find(_ > 0).map(_ =>
-      SessionLimiter(
+      userDenyList: Set[String]): Option[SessionLimiter] = {
+    if (Seq(userLimit, ipAddressLimit, userIpAddressLimit).exists(_ > 0) || userDenyList.nonEmpty) {
+      Some(SessionLimiter(
         userLimit,
         ipAddressLimit,
         userIpAddressLimit,
         userUnlimitedList,
-        userLimitedList))
+        userDenyList))
+    } else {
+      None
+    }
   }
 
   private def startEngineAliveChecker(): Unit = {

From f33ad8b8e6c0ac534f2f970d59cf29f47eb44586 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 1 Sep 2023 03:19:36 +0800
Subject: [PATCH 597/760] [KYUUBI #5220] Batch submitter should only block
 submitting stage

### _Why are the changes needed?_

This PR changes the block phase of the batch submitter

- before: from PENDING until TERMINATED
- after: from PENDING until RUNNING or TERMINATED

Usually, we submit Spark batch applications in cluster mode with waitAppCompletion disabled, after a Spark application goes into the RUNNING or TERMINATED stage, the `spark-submit` process exits and the batch session does not occupy too many resources. Thus, limiting the concurrency on the submitting phase instead of the whole lifecycle of the Spark app makes more sense.

In practice, we use 16 threads for Kyuubi instance with 8C32G. A larger concurrency may result in CPU resources being exhausted and `spark-submit` process hanging.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5220 from pan3793/batch-submitter-threads.

Closes #5220

543c31cd1 [Cheng Pan] nit
dc5d0c816 [Cheng Pan] nit
9b499b0eb [Cheng Pan] Batch submmitter should only block during submit stage

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiConf.scala |  2 +-
 .../kyuubi/server/KyuubiBatchService.scala    | 21 ++++++++++---------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index bec69e95e..88c61e23d 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1687,7 +1687,7 @@ object KyuubiConf {
         s"when ${BATCH_SUBMITTER_ENABLED.key} is enabled")
       .version("1.8.0")
       .intConf
-      .createWithDefault(100)
+      .createWithDefault(16)
 
   val BATCH_IMPL_VERSION: ConfigEntry[String] =
     buildConf("kyuubi.batch.impl.version")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
index 250662835..7ed2ab8e1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
@@ -92,27 +92,28 @@ class KyuubiBatchService(
               clusterManager = batchSession.batchJobSubmissionOp.builder.clusterManager())
             metadataManager.updateMetadata(metadataForUpdate, asyncRetryOnError = false)
             val sessionHandle = sessionManager.openBatchSession(batchSession)
-            var terminated = false
-            while (!terminated) { // block until batch job finished
-              terminated = sessionManager.getBatchSession(sessionHandle).map { batchSession =>
-                val batchOp = batchSession.batchJobSubmissionOp
-                OperationState.isTerminal(batchOp.getStatus.state)
+            var submitted = false
+            while (!submitted) { // block until batch job submitted
+              submitted = sessionManager.getBatchSession(sessionHandle).map { batchSession =>
+                val batchState = batchSession.batchJobSubmissionOp.getStatus.state
+                batchState == OperationState.RUNNING || OperationState.isTerminal(batchState)
               }.getOrElse {
                 error(s"Batch Session $batchId is not existed, marked as finished")
                 true
               }
               // should we always treat metastore as the single of truth?
               //
-              // terminated = metadataManager.getBatchSessionMetadata(batchId) match {
+              // submitted = metadataManager.getBatchSessionMetadata(batchId) match {
               //   case Some(metadata) =>
-              //     OperationState.isTerminal(OperationState.withName(metadata.state))
+              //     val batchState = OperationState.withName(metadata.state)
+              //     batchState == OperationState.RUNNING || OperationState.isTerminal(batchState)
               //   case None =>
-              //     error(s"$batchId is not existed in metastore, assume it is finished")
+              //     error(s"$batchId does not existed in metastore, assume it is finished")
               //     true
               // }
-              if (!terminated) Thread.sleep(1000)
+              if (!submitted) Thread.sleep(1000)
             }
-            info(s"$batchId is finished.")
+            info(s"$batchId is submitted.")
         }
       }
     }

From c844f18723a4468078025525e93e41f2ae39e13a Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Fri, 1 Sep 2023 03:53:39 +0800
Subject: [PATCH 598/760] [KYUUBI #5200] [FLINK] Optimize Flink application
 name generating

### _Why are the changes needed?_

The generated application name is not effective in Flink app mode. The PR moves the name generating to the `ProcessBuilder`.

The generated app name would be like `kyuubi_USER_FLINK_SQL_myuser_default_382c0371-8cc1-4aec-90bd-a2acf4de6fac`.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5200 from link3280/flink_app_name.

Closes #5200

bf06d1c16 [Paul Lin] Fix engine name udf test
6aa09e462 [Paul Lin] Filter out unused conf in app mode
957d18c42 [Paul Lin] Fix test error in local mode
eaa5de9b4 [Paul Lin] Fix engine name missing in tests
109ff46f5 [Paul Lin] Fix test error
efb1cda82 [Paul Lin] Fix compatibility with YARN and local
65e6759b2 [Paul Lin] Remove unused import
49860f65e [Paul Lin] Optimize Flink application name generating

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/flink/FlinkSQLEngine.scala  | 22 +++++--------------
 .../flink/WithFlinkSQLEngineOnYarn.scala      |  1 +
 .../operation/FlinkOperationLocalSuite.scala  |  3 ++-
 .../operation/FlinkOperationOnYarnSuite.scala |  2 +-
 .../org/apache/kyuubi/engine/EngineRef.scala  |  2 +-
 .../engine/flink/FlinkProcessBuilder.scala    |  5 +++--
 .../flink/FlinkProcessBuilderSuite.scala      |  2 ++
 7 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 4b147d020..7e4f31f8a 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -19,7 +19,6 @@ package org.apache.kyuubi.engine.flink
 
 import java.io.File
 import java.nio.file.Paths
-import java.time.Instant
 import java.util.concurrent.CountDownLatch
 
 import scala.collection.JavaConverters._
@@ -141,32 +140,21 @@ object FlinkSQLEngine extends Logging {
 
   private def setDeploymentConf(executionTarget: String, flinkConf: Configuration): Unit = {
     // forward kyuubi engine variables to flink configuration
-    val instant = Instant.now
-    val engineName = s"kyuubi_${user}_flink_$instant"
-    flinkConf.setString(KYUUBI_ENGINE_NAME, engineName)
+    kyuubiConf.getOption("flink.app.name")
+      .foreach(flinkConf.setString(KYUUBI_ENGINE_NAME, _))
 
-    kyuubiConf.getOption(KYUUBI_SESSION_USER_KEY).foreach(user =>
-      flinkConf.setString(KYUUBI_SESSION_USER_KEY, user))
+    kyuubiConf.getOption(KYUUBI_SESSION_USER_KEY)
+      .foreach(flinkConf.setString(KYUUBI_SESSION_USER_KEY, _))
 
-    // set cluster name for per-job and application mode
     executionTarget match {
       case "yarn-per-job" | "yarn-application" =>
-        if (!flinkConf.containsKey("yarn.application.name")) {
-          val appName = engineName
-          flinkConf.setString("yarn.application.name", appName)
-        }
         if (flinkConf.containsKey("high-availability.cluster-id")) {
           flinkConf.setString(
             "yarn.application.id",
             flinkConf.toMap.get("high-availability.cluster-id"))
         }
-      case "kubernetes-application" =>
-        if (!flinkConf.containsKey("kubernetes.cluster-id")) {
-          val appName = s"kyuubi-${user}-flink-$instant"
-          flinkConf.setString("kubernetes.cluster-id", appName)
-        }
       case other =>
-        debug(s"Skip generating app name for execution target $other")
+        debug(s"Skip setting deployment conf for execution target $other")
     }
   }
 }
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
index 553574e65..49fb947a3 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/WithFlinkSQLEngineOnYarn.scala
@@ -162,6 +162,7 @@ trait WithFlinkSQLEngineOnYarn extends KyuubiFunSuite with WithFlinkTestResource
     command += "-t"
     command += "yarn-application"
     command += s"-Dyarn.ship-files=${flinkExtraJars.mkString(";")}"
+    command += s"-Dyarn.application.name=kyuubi_user_flink_paul"
     command += s"-Dyarn.tags=KYUUBI,$engineRefId"
     command += "-Djobmanager.memory.process.size=1g"
     command += "-Dtaskmanager.memory.process.size=1g"
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
index b8f6768cc..279cbea22 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationLocalSuite.scala
@@ -36,6 +36,7 @@ class FlinkOperationLocalSuite extends FlinkOperationSuite
     Map(
       "flink.execution.target" -> "remote",
       "flink.high-availability.cluster-id" -> "flink-mini-cluster",
+      "flink.app.name" -> "kyuubi_connection_flink_paul",
       HA_NAMESPACE.key -> namespace,
       HA_ENGINE_REF_ID.key -> engineRefId,
       ENGINE_TYPE.key -> "FLINK_SQL",
@@ -60,7 +61,7 @@ class FlinkOperationLocalSuite extends FlinkOperationSuite
 
       resultSet = statement.executeQuery("select kyuubi_engine_name() as engine_name")
       assert(resultSet.next())
-      assert(resultSet.getString(1).startsWith(s"kyuubi_${Utils.currentUser}_flink"))
+      assert(resultSet.getString(1).equals(s"kyuubi_connection_flink_paul"))
 
       resultSet = statement.executeQuery("select kyuubi_engine_id() as engine_id")
       assert(resultSet.next())
diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
index 25e23d82a..401c3b0bd 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationOnYarnSuite.scala
@@ -56,7 +56,7 @@ class FlinkOperationOnYarnSuite extends FlinkOperationSuite
 
       resultSet = statement.executeQuery("select kyuubi_engine_name() as engine_name")
       assert(resultSet.next())
-      assert(resultSet.getString(1).startsWith(s"kyuubi_${Utils.currentUser}_flink"))
+      assert(resultSet.getString(1).equals(s"kyuubi_user_flink_paul"))
 
       resultSet = statement.executeQuery("select kyuubi_engine_id() as engine_id")
       assert(resultSet.next())
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 052f1de0f..160e7f39e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -190,7 +190,7 @@ private[kyuubi] class EngineRef(
         conf.setIfMissing(SparkProcessBuilder.APP_KEY, defaultEngineName)
         new SparkProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case FLINK_SQL =>
-        conf.setIfMissing(FlinkProcessBuilder.YARN_APP_KEY, defaultEngineName)
+        conf.setIfMissing(FlinkProcessBuilder.APP_KEY, defaultEngineName)
         new FlinkProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
       case TRINO =>
         new TrinoProcessBuilder(appUser, conf, engineRefId, extraEngineLog)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
index 3da8d1b1a..716db0fcc 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
@@ -106,11 +106,12 @@ class FlinkProcessBuilder(
         buffer += "-t"
         buffer += "yarn-application"
         buffer += s"-Dyarn.ship-files=${flinkExtraJars.mkString(";")}"
+        buffer += s"-Dyarn.application.name=${conf.getOption(APP_KEY).get}"
         buffer += s"-Dyarn.tags=${conf.getOption(YARN_TAG_KEY).get}"
         buffer += "-Dcontainerized.master.env.FLINK_CONF_DIR=."
 
         val customFlinkConf = conf.getAllWithPrefix("flink", "")
-        customFlinkConf.foreach { case (k, v) =>
+        customFlinkConf.filter(_._1 != "app.name").foreach { case (k, v) =>
           buffer += s"-D$k=$v"
         }
 
@@ -203,7 +204,7 @@ class FlinkProcessBuilder(
 
 object FlinkProcessBuilder {
   final val FLINK_EXEC_FILE = "flink"
-  final val YARN_APP_KEY = "yarn.application.name"
+  final val APP_KEY = "flink.app.name"
   final val YARN_TAG_KEY = "yarn.tags"
   final val FLINK_HADOOP_CLASSPATH_KEY = "FLINK_HADOOP_CLASSPATH"
   final val FLINK_PROXY_USER_KEY = "HADOOP_PROXY_USER"
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
index 45272618d..25295c374 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
@@ -41,6 +41,7 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
   private def applicationModeConf = KyuubiConf()
     .set("flink.execution.target", "yarn-application")
     .set(ENGINE_FLINK_APPLICATION_JARS, tempUdfJar.toString)
+    .set(APP_KEY, "kyuubi_connection_flink_paul")
     .set("kyuubi.on", "off")
 
   private val tempFlinkHome = Files.createTempDirectory("flink-home").toFile
@@ -85,6 +86,7 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
       escapePaths(s"${builder.flinkExecutable} run-application ") +
         s"-t yarn-application " +
         s"-Dyarn.ship-files=.*\\/flink-sql-client.*jar;.*\\/flink-sql-gateway.*jar;$tempUdfJar " +
+        s"-Dyarn\\.application\\.name=kyuubi_.* " +
         s"-Dyarn\\.tags=KYUUBI " +
         s"-Dcontainerized\\.master\\.env\\.FLINK_CONF_DIR=\\. " +
         s"-Dexecution.target=yarn-application " +

From 0c987e96fad325030affe2b2f2aaa5a27766e292 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Fri, 1 Sep 2023 12:17:33 +0800
Subject: [PATCH 599/760] [KYUUBI #5225] [KSHC] Unify the exception handling of
 v1 and v2 during dropDatabase

### _Why are the changes needed?_

This PR aims to unify the exception handling of v1 and v2 during dropDatabase

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5225 from Yikf/hive-connector.

Closes #5225

3be33af76 [yikaifei] [KSHC] Improve test

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../spark/connector/hive/HiveTableCatalog.scala  |  3 ---
 .../spark/connector/hive/KyuubiHiveTest.scala    |  2 +-
 .../hive/command/CreateNamespaceSuite.scala      |  4 +---
 .../hive/command/DropNamespaceSuite.scala        | 16 ++++++++++------
 .../connector/hive/command/ShowTablesSuite.scala |  4 +---
 5 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
index 75804eb63..c128d67f1 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/HiveTableCatalog.scala
@@ -382,9 +382,6 @@ class HiveTableCatalog(sparkSession: SparkSession)
     withSQLConf(LEGACY_NON_IDENTIFIER_OUTPUT_CATALOG_NAME -> "true") {
       namespace match {
         case Array(db) if catalog.databaseExists(db) =>
-          if (catalog.listTables(db).nonEmpty && !cascade) {
-            throw new IllegalStateException(s"Namespace ${namespace.quoted} is not empty")
-          }
           catalog.dropDatabase(db, ignoreIfNotExists = false, cascade)
           true
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala
index 400afdb3e..851659b15 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/KyuubiHiveTest.scala
@@ -44,7 +44,7 @@ abstract class KyuubiHiveTest extends QueryTest with Logging {
       SupportsNamespaces.PROP_LOCATION,
       SupportsNamespaces.PROP_OWNER)
 
-  protected def catalogName: String = "hive"
+  protected val catalogName: String = "hive"
 
   override def beforeEach(): Unit = {
     super.beforeAll()
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala
index e2e5b574b..d6b90cc04 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/CreateNamespaceSuite.scala
@@ -133,8 +133,6 @@ trait CreateNamespaceSuiteBase extends DDLCommandTestUtils {
 
 class CreateNamespaceV2Suite extends CreateNamespaceSuiteBase {
 
-  override protected def catalogName: String = super.catalogName
-
   override protected def catalogVersion: String = "Hive V2"
 
   override protected def commandVersion: String = V2_COMMAND_VERSION
@@ -144,7 +142,7 @@ class CreateNamespaceV1Suite extends CreateNamespaceSuiteBase {
 
   val SESSION_CATALOG_NAME: String = "spark_catalog"
 
-  override protected def catalogName: String = SESSION_CATALOG_NAME
+  override protected val catalogName: String = SESSION_CATALOG_NAME
 
   override protected def catalogVersion: String = "V1"
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala
index 81107c24f..eebfbe488 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/DropNamespaceSuite.scala
@@ -20,7 +20,9 @@ package org.apache.kyuubi.spark.connector.hive.command
 import org.apache.spark.sql.{AnalysisException, Row}
 import org.apache.spark.sql.types.{StringType, StructType}
 
+import org.apache.kyuubi.spark.connector.common.SparkUtils.SPARK_RUNTIME_VERSION
 import org.apache.kyuubi.spark.connector.hive.command.DDLCommandTestUtils.{V1_COMMAND_VERSION, V2_COMMAND_VERSION}
+import org.apache.kyuubi.util.AssertionUtils.interceptContains
 
 trait DropNamespaceSuiteBase extends DDLCommandTestUtils {
   override protected def command: String = "DROP NAMESPACE"
@@ -70,10 +72,14 @@ trait DropNamespaceSuiteBase extends DDLCommandTestUtils {
     checkNamespace(Seq(namespace) ++ builtinNamespace)
 
     // $catalog.ns.table is present, thus $catalog.ns cannot be dropped.
-    val e = intercept[IllegalStateException] {
+    interceptContains[AnalysisException] {
       sql(s"DROP NAMESPACE $catalogName.$namespace")
-    }
-    assert(e.getMessage.contains(s"Namespace $namespace is not empty"))
+    }(if (SPARK_RUNTIME_VERSION >= "3.4") {
+      s"[SCHEMA_NOT_EMPTY] Cannot drop a schema `$namespace` because it contains objects"
+    } else {
+      "Use CASCADE option to drop a non-empty database"
+    })
+
     sql(s"DROP TABLE $catalogName.$namespace.table")
 
     // Now that $catalog.ns is empty, it can be dropped.
@@ -100,8 +106,6 @@ trait DropNamespaceSuiteBase extends DDLCommandTestUtils {
 
 class DropNamespaceV2Suite extends DropNamespaceSuiteBase {
 
-  override protected def catalogName: String = super.catalogName
-
   override protected def catalogVersion: String = "Hive V2"
 
   override protected def commandVersion: String = V2_COMMAND_VERSION
@@ -111,7 +115,7 @@ class DropNamespaceV1Suite extends DropNamespaceSuiteBase {
 
   val SESSION_CATALOG_NAME: String = "spark_catalog"
 
-  override protected def catalogName: String = SESSION_CATALOG_NAME
+  override protected val catalogName: String = SESSION_CATALOG_NAME
 
   override protected def catalogVersion: String = "V1"
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/ShowTablesSuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/ShowTablesSuite.scala
index bff47c9de..445ca9fa7 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/ShowTablesSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/command/ShowTablesSuite.scala
@@ -96,8 +96,6 @@ trait ShowTablesSuiteBase extends DDLCommandTestUtils {
 
 class ShowTablesV2Suite extends ShowTablesSuiteBase {
 
-  override protected def catalogName: String = super.catalogName
-
   override protected def catalogVersion: String = "Hive V2"
 
   override protected def commandVersion: String = V2_COMMAND_VERSION
@@ -107,7 +105,7 @@ class ShowTablesV1Suite extends ShowTablesSuiteBase {
 
   val SESSION_CATALOG_NAME: String = "spark_catalog"
 
-  override protected def catalogName: String = SESSION_CATALOG_NAME
+  override protected val catalogName: String = SESSION_CATALOG_NAME
 
   override protected def catalogVersion: String = "V1"
 

From 8c512f467b92fcaada17e01780073ffd5bac1bba Mon Sep 17 00:00:00 2001
From: odone <odone.zhang@gmail.com>
Date: Fri, 1 Sep 2023 18:02:31 +0800
Subject: [PATCH 600/760] [KYUUBI #3444] Support the planOnly mode of kyuubi
 spark engine support SQL lineage

Closes #3444

### _Why are the changes needed?_

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3558 from iodone/kyuubi-3444.

Closes #3444

acaa72afe [odone] remove plugin dependency from kyuubi spark engine
739f7dd5b [odone] remove plugin dependency from kyuubi spark engine
1146eb6e0 [odone] kyuubi-3444

Authored-by: odone <odone.zhang@gmail.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/configuration/settings.md                |  8 +++-
 .../lineage/LineageParserProvider.scala       | 28 +++++++++++++
 externals/kyuubi-spark-sql-engine/pom.xml     |  7 ++++
 .../spark/operation/PlanOnlyStatement.scala   | 41 +++++++++++++++++--
 .../spark/kyuubi/SparkUtilsHelper.scala       |  9 ++++
 .../org/apache/kyuubi/config/KyuubiConf.scala | 12 +++++-
 .../kyuubi/operation/PlanOnlyMode.scala       |  3 ++
 .../kyuubi/operation/SparkQueryTests.scala    | 29 +++++++++++++
 .../operation/PlanOnlyOperationSuite.scala    | 28 +++++++++++++
 9 files changed, 159 insertions(+), 6 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageParserProvider.scala

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 674568ad2..d6d142548 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -324,6 +324,12 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.kubernetes.terminatedApplicationRetainPeriod | PT5M              | The period for which the Kyuubi server retains application information after the application terminates.                                                                                                          | duration | 1.7.1 |
 | kyuubi.kubernetes.trust.certificates                | false             | If set to true then client can submit to kubernetes cluster only with token                                                                                                                                       | boolean  | 1.7.0 |
 
+### Lineage
+
+|                  Key                  |                        Default                         |                      Meaning                      |  Type  | Since |
+|---------------------------------------|--------------------------------------------------------|---------------------------------------------------|--------|-------|
+| kyuubi.lineage.parser.plugin.provider | org.apache.kyuubi.plugin.lineage.LineageParserProvider | The provider for the Spark lineage parser plugin. | string | 1.8.0 |
+
 ### Metadata
 
 |                       Key                       |                         Default                          |                                                                                                                                                                                                                                                                                                    Meaning                                                                                                                                                                                                                                                                                                    |   Type   | Since |
@@ -367,7 +373,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.operation.language                        | SQL                                                                             | Choose a programing language for the following inputs<ul><li>SQL: (Default) Run all following statements as SQL queries.</li><li>SCALA: Run all following input as scala codes</li><li>PYTHON: (Experimental) Run all following input as Python codes with Spark engine</li></ul>                                                                                                                                                                                                                        | string   | 1.5.0 |
 | kyuubi.operation.log.dir.root                    | server_operation_logs                                                           | Root directory for query operation log at server-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.4.0 |
 | kyuubi.operation.plan.only.excludes              | SetCatalogAndNamespace,UseStatement,SetNamespaceCommand,SetCommand,ResetCommand | Comma-separated list of query plan names, in the form of simple class names, i.e, for `SET abc=xyz`, the value will be `SetCommand`. For those auxiliary plans, such as `switch databases`, `set properties`, or `create temporary view` etc., which are used for setup evaluating environments for analyzing actual queries, we can use this config to exclude them and let them take effect. See also kyuubi.operation.plan.only.mode.                                                                 | set      | 1.5.0 |
-| kyuubi.operation.plan.only.mode                  | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.                 | string   | 1.4.0 |
+| kyuubi.operation.plan.only.mode                  | none                                                                            | Configures the statement performed mode, The value can be 'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution', 'lineage' or 'none', when it is 'none', indicate to the statement will be fully executed, otherwise only way without executing the query. different engines currently support different modes, the Spark engine supports all modes, and the Flink engine supports 'parse', 'physical', and 'execution', other engines do not support planOnly currently.       | string   | 1.4.0 |
 | kyuubi.operation.plan.only.output.style          | plain                                                                           | Configures the planOnly output style. The value can be 'plain' or 'json', and the default value is 'plain'. This configuration supports only the output styles of the Spark engine                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
 | kyuubi.operation.progress.enabled                | false                                                                           | Whether to enable the operation progress. When true, the operation progress will be returned in `GetOperationStatus`.                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
 | kyuubi.operation.query.timeout                   | &lt;undefined&gt;                                                               | Timeout for query executions at server-side, take effect with client-side timeout(`java.sql.Statement.setQueryTimeout`) together, a running query will be cancelled automatically if timeout. It's off by default, which means only client-side take full control of whether the query should timeout or not. If set, client-side timeout is capped at this point. To cancel the queries right away without waiting for task to finish, consider enabling kyuubi.operation.interrupt.on.cancel together. | duration | 1.2.0 |
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageParserProvider.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageParserProvider.scala
new file mode 100644
index 000000000..665efef10
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/LineageParserProvider.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.lineage
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+
+import org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParseHelper
+object LineageParserProvider {
+  def parse(spark: SparkSession, plan: LogicalPlan): Lineage = {
+    SparkSQLLineageParseHelper(spark).parse(plan)
+  }
+}
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 52ceb945d..c27f85fa9 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -170,6 +170,13 @@
             <artifactId>flexmark-all</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-spark-lineage_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
index 73f856fdf..4f8808313 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/PlanOnlyStatement.scala
@@ -17,14 +17,17 @@
 
 package org.apache.kyuubi.engine.spark.operation
 
-import org.apache.spark.sql.Row
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.scala.DefaultScalaModule
+import org.apache.spark.kyuubi.SparkUtilsHelper
+import org.apache.spark.sql.{Row, SparkSession}
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.KyuubiSQLException
-import org.apache.kyuubi.config.KyuubiConf.{OPERATION_PLAN_ONLY_EXCLUDES, OPERATION_PLAN_ONLY_OUT_STYLE}
-import org.apache.kyuubi.operation.{AnalyzeMode, ArrayFetchIterator, ExecutionMode, IterableFetchIterator, JsonStyle, OperationHandle, OptimizeMode, OptimizeWithStatsMode, ParseMode, PhysicalMode, PlainStyle, PlanOnlyMode, PlanOnlyStyle, UnknownMode, UnknownStyle}
+import org.apache.kyuubi.config.KyuubiConf.{LINEAGE_PARSER_PLUGIN_PROVIDER, OPERATION_PLAN_ONLY_EXCLUDES, OPERATION_PLAN_ONLY_OUT_STYLE}
+import org.apache.kyuubi.operation.{AnalyzeMode, ArrayFetchIterator, ExecutionMode, IterableFetchIterator, JsonStyle, LineageMode, OperationHandle, OptimizeMode, OptimizeWithStatsMode, ParseMode, PhysicalMode, PlainStyle, PlanOnlyMode, PlanOnlyStyle, UnknownMode, UnknownStyle}
 import org.apache.kyuubi.operation.PlanOnlyMode.{notSupportedModeError, unknownModeError}
 import org.apache.kyuubi.operation.PlanOnlyStyle.{notSupportedStyleError, unknownStyleError}
 import org.apache.kyuubi.operation.log.OperationLog
@@ -119,6 +122,9 @@ class PlanOnlyStatement(
       case ExecutionMode =>
         val executed = spark.sql(statement).queryExecution.executedPlan
         iter = new IterableFetchIterator(Seq(Row(executed.toString())))
+      case LineageMode =>
+        val result = parseLineage(spark, plan)
+        iter = new IterableFetchIterator(Seq(Row(result)))
       case UnknownMode => throw unknownModeError(mode)
       case _ => throw notSupportedModeError(mode, "Spark SQL")
     }
@@ -143,10 +149,39 @@ class PlanOnlyStatement(
       case ExecutionMode =>
         val executed = spark.sql(statement).queryExecution.executedPlan
         iter = new IterableFetchIterator(Seq(Row(executed.toJSON)))
+      case LineageMode =>
+        val result = parseLineage(spark, plan)
+        iter = new IterableFetchIterator(Seq(Row(result)))
       case UnknownMode => throw unknownModeError(mode)
       case _ =>
         throw KyuubiSQLException(s"The operation mode $mode" +
           " doesn't support in Spark SQL engine.")
     }
   }
+
+  private def parseLineage(spark: SparkSession, plan: LogicalPlan): String = {
+    val analyzed = spark.sessionState.analyzer.execute(plan)
+    spark.sessionState.analyzer.checkAnalysis(analyzed)
+    val optimized = spark.sessionState.optimizer.execute(analyzed)
+    val parserProviderClass = session.sessionManager.getConf.get(LINEAGE_PARSER_PLUGIN_PROVIDER)
+
+    try {
+      if (!SparkUtilsHelper.classesArePresent(
+          parserProviderClass)) {
+        throw new Exception(s"'$parserProviderClass' not found," +
+          " need to install kyuubi-spark-lineage plugin before using the 'lineage' mode")
+      }
+
+      val lineage = Class.forName(parserProviderClass)
+        .getMethod("parse", classOf[SparkSession], classOf[LogicalPlan])
+        .invoke(null, spark, optimized)
+
+      val mapper = new ObjectMapper().registerModule(DefaultScalaModule)
+      mapper.writeValueAsString(lineage)
+    } catch {
+      case e: Throwable =>
+        throw KyuubiSQLException(s"Extract columns lineage failed: ${e.getMessage}", e)
+    }
+  }
+
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkUtilsHelper.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkUtilsHelper.scala
index e2f51e648..106be3fc7 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkUtilsHelper.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkUtilsHelper.scala
@@ -43,4 +43,13 @@ object SparkUtilsHelper extends Logging {
   def getLocalDir(conf: SparkConf): String = {
     Utils.getLocalDir(conf)
   }
+
+  def classesArePresent(className: String): Boolean = {
+    try {
+      Utils.classForName(className)
+      true
+    } catch {
+      case _: ClassNotFoundException | _: NoClassDefFoundError => false
+    }
+  }
 }
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 88c61e23d..bbbb73b95 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2360,7 +2360,7 @@ object KyuubiConf {
   val OPERATION_PLAN_ONLY_MODE: ConfigEntry[String] =
     buildConf("kyuubi.operation.plan.only.mode")
       .doc("Configures the statement performed mode, The value can be 'parse', 'analyze', " +
-        "'optimize', 'optimize_with_stats', 'physical', 'execution', or 'none', " +
+        "'optimize', 'optimize_with_stats', 'physical', 'execution', 'lineage' or 'none', " +
         "when it is 'none', indicate to the statement will be fully executed, otherwise " +
         "only way without executing the query. different engines currently support different " +
         "modes, the Spark engine supports all modes, and the Flink engine supports 'parse', " +
@@ -2377,10 +2377,11 @@ object KyuubiConf {
             "OPTIMIZE_WITH_STATS",
             "PHYSICAL",
             "EXECUTION",
+            "LINEAGE",
             "NONE").contains(mode),
         "Invalid value for 'kyuubi.operation.plan.only.mode'. Valid values are" +
           "'parse', 'analyze', 'optimize', 'optimize_with_stats', 'physical', 'execution' and " +
-          "'none'.")
+          "'lineage', 'none'.")
       .createWithDefault(NoneMode.name)
 
   val OPERATION_PLAN_ONLY_OUT_STYLE: ConfigEntry[String] =
@@ -2412,6 +2413,13 @@ object KyuubiConf {
         "UseStatement",
         "SetCatalogAndNamespace"))
 
+  val LINEAGE_PARSER_PLUGIN_PROVIDER: ConfigEntry[String] =
+    buildConf("kyuubi.lineage.parser.plugin.provider")
+      .doc("The provider for the Spark lineage parser plugin.")
+      .version("1.8.0")
+      .stringConf
+      .createWithDefault("org.apache.kyuubi.plugin.lineage.LineageParserProvider")
+
   object OperationLanguages extends Enumeration with Logging {
     type OperationLanguage = Value
     val PYTHON, SQL, SCALA, UNKNOWN = Value
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/PlanOnlyMode.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/PlanOnlyMode.scala
index 3e170f05f..0407dab62 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/PlanOnlyMode.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/PlanOnlyMode.scala
@@ -41,6 +41,8 @@ case object PhysicalMode extends PlanOnlyMode { val name = "physical" }
 
 case object ExecutionMode extends PlanOnlyMode { val name = "execution" }
 
+case object LineageMode extends PlanOnlyMode { val name = "lineage" }
+
 case object NoneMode extends PlanOnlyMode { val name = "none" }
 
 case object UnknownMode extends PlanOnlyMode {
@@ -64,6 +66,7 @@ object PlanOnlyMode {
     case OptimizeWithStatsMode.name => OptimizeWithStatsMode
     case PhysicalMode.name => PhysicalMode
     case ExecutionMode.name => ExecutionMode
+    case LineageMode.name => LineageMode
     case NoneMode.name => NoneMode
     case other => UnknownMode.mode(other)
   }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
index 9c00a11ba..20d3f6fad 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
@@ -218,6 +218,35 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
     }
   }
 
+  test("kyuubi #3444: Plan only mode with lineage mode") {
+
+    val ddl = "create table if not exists t0(a int) using parquet"
+    val dql = "select * from t0"
+    withSessionConf()(Map(KyuubiConf.OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name))() {
+      withJdbcStatement("t0") { statement =>
+        statement.execute(ddl)
+        statement.execute("SET kyuubi.operation.plan.only.mode=lineage")
+        val lineageParserClassName = "org.apache.kyuubi.plugin.lineage.LineageParserProvider"
+
+        try {
+          val resultSet = statement.executeQuery(dql)
+          assert(resultSet.next())
+          val actualResult =
+            """
+              |{"inputTables":["spark_catalog.default.t0"],"outputTables":[],
+              |"columnLineage":[{"column":"a","originalColumns":["spark_catalog.default.t0.a"]}]}
+              |""".stripMargin.split("\n").mkString("")
+          assert(resultSet.getString(1) == actualResult)
+        } catch {
+          case e: Throwable =>
+            assert(e.getMessage.contains(s"'$lineageParserClassName' not found"))
+        } finally {
+          statement.execute("SET kyuubi.operation.plan.only.mode=none")
+        }
+      }
+    }
+  }
+
   test("execute simple scala code") {
     withJdbcStatement() { statement =>
       statement.execute("SET kyuubi.operation.language=scala")
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/PlanOnlyOperationSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/PlanOnlyOperationSuite.scala
index 6a37e823d..8773440a6 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/PlanOnlyOperationSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/PlanOnlyOperationSuite.scala
@@ -201,6 +201,34 @@ class PlanOnlyOperationSuite extends WithKyuubiServer with HiveJDBCTestHelper {
     }
   }
 
+  test("kyuubi #3444: Plan only mode with lineage mode") {
+
+    val ddl = "create table if not exists t0(a int) using parquet"
+    val dql = "select * from t0"
+    withSessionConf()(Map(KyuubiConf.OPERATION_PLAN_ONLY_MODE.key -> NoneMode.name))() {
+      withJdbcStatement("t0") { statement =>
+        statement.execute(ddl)
+        statement.execute("SET kyuubi.operation.plan.only.mode=lineage")
+        val lineageParserClassName = "org.apache.kyuubi.plugin.lineage.LineageParserProvider"
+        try {
+          val resultSet = statement.executeQuery(dql)
+          assert(resultSet.next())
+          val actualResult =
+            """
+              |{"inputTables":["spark_catalog.default.t0"],"outputTables":[],
+              |"columnLineage":[{"column":"a","originalColumns":["spark_catalog.default.t0.a"]}]}
+              |""".stripMargin.split("\n").mkString("")
+          assert(resultSet.getString(1) == actualResult)
+        } catch {
+          case e: Throwable =>
+            assert(e.getMessage.contains(s"'$lineageParserClassName' not found"))
+        } finally {
+          statement.execute("SET kyuubi.operation.plan.only.mode=none")
+        }
+      }
+    }
+  }
+
   private def getOperationPlanWithStatement(statement: Statement): String = {
     val resultSet = statement.executeQuery("select 1 where true")
     assert(resultSet.next())

From 8f8db09cee92bf1602cd2f5f2a84669b58ed330e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 3 Sep 2023 23:54:33 +0800
Subject: [PATCH 601/760] [KYUUBI #5235] [INFRA] Daily deploy snapshot version
 on master and branch-1.7

### _Why are the changes needed?_

`branch-1.5` and `branch-1.6` don't active for a while, the currently active maintained branches are `master` and `branch-1.7`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5235 from pan3793/snapshot.

Closes #5235

d63e1a570 [Cheng Pan] [INFRA] Daily deploy snapshot version on master and branch-1.7

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/publish-snapshot-nexus.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/publish-snapshot-nexus.yml b/.github/workflows/publish-snapshot-nexus.yml
index 0d4222b04..6ef933b52 100644
--- a/.github/workflows/publish-snapshot-nexus.yml
+++ b/.github/workflows/publish-snapshot-nexus.yml
@@ -30,16 +30,14 @@ jobs:
       matrix:
         branch:
           - master
-          - branch-1.6
-          - branch-1.5
+          - branch-1.7
         profiles:
           - -Pflink-provided,spark-provided,hive-provided,spark-3.1
-          - -Pflink-provided,spark-provided,hive-provided,spark-3.2,tpcds
+          - -Pflink-provided,spark-provided,hive-provided,spark-3.2
+          - -Pflink-provided,spark-provided,hive-provided,spark-3.3,tpcds
         include:
           - branch: master
-            profiles: -Pflink-provided,spark-provided,hive-provided,spark-3.3
-          - branch: branch-1.6
-            profiles: -Pflink-provided,spark-provided,hive-provided,spark-3.3
+            profiles: -Pflink-provided,spark-provided,hive-provided,spark-3.4
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

From 6061a05f2469a39b6b9e4c39488104362cdd2494 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 4 Sep 2023 14:23:12 +0800
Subject: [PATCH 602/760] Bump 1.9.0-SNAPSHOT

---
 dev/kyuubi-codecov/pom.xml                                   | 2 +-
 dev/kyuubi-tpcds/pom.xml                                     | 2 +-
 extensions/server/kyuubi-server-plugin/pom.xml               | 2 +-
 extensions/spark/kyuubi-extension-spark-3-1/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-2/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-3/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-3-4/pom.xml          | 2 +-
 extensions/spark/kyuubi-extension-spark-common/pom.xml       | 2 +-
 extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml | 2 +-
 extensions/spark/kyuubi-spark-authz/pom.xml                  | 2 +-
 extensions/spark/kyuubi-spark-connector-common/pom.xml       | 2 +-
 extensions/spark/kyuubi-spark-connector-hive/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-connector-tpcds/pom.xml        | 2 +-
 extensions/spark/kyuubi-spark-connector-tpch/pom.xml         | 2 +-
 extensions/spark/kyuubi-spark-lineage/pom.xml                | 2 +-
 externals/kyuubi-chat-engine/pom.xml                         | 2 +-
 externals/kyuubi-download/pom.xml                            | 2 +-
 externals/kyuubi-flink-sql-engine/pom.xml                    | 2 +-
 externals/kyuubi-hive-sql-engine/pom.xml                     | 2 +-
 externals/kyuubi-jdbc-engine/pom.xml                         | 2 +-
 externals/kyuubi-spark-sql-engine/pom.xml                    | 2 +-
 externals/kyuubi-trino-engine/pom.xml                        | 2 +-
 integration-tests/kyuubi-flink-it/pom.xml                    | 2 +-
 integration-tests/kyuubi-hive-it/pom.xml                     | 2 +-
 integration-tests/kyuubi-jdbc-it/pom.xml                     | 2 +-
 integration-tests/kyuubi-kubernetes-it/pom.xml               | 2 +-
 integration-tests/kyuubi-trino-it/pom.xml                    | 2 +-
 integration-tests/kyuubi-zookeeper-it/pom.xml                | 2 +-
 integration-tests/pom.xml                                    | 2 +-
 kyuubi-assembly/pom.xml                                      | 2 +-
 kyuubi-common/pom.xml                                        | 2 +-
 kyuubi-ctl/pom.xml                                           | 2 +-
 kyuubi-events/pom.xml                                        | 2 +-
 kyuubi-ha/pom.xml                                            | 2 +-
 kyuubi-hive-beeline/pom.xml                                  | 2 +-
 kyuubi-hive-jdbc-shaded/pom.xml                              | 2 +-
 kyuubi-hive-jdbc/pom.xml                                     | 2 +-
 kyuubi-metrics/pom.xml                                       | 2 +-
 kyuubi-rest-client/pom.xml                                   | 2 +-
 kyuubi-server/pom.xml                                        | 2 +-
 kyuubi-util-scala/pom.xml                                    | 2 +-
 kyuubi-util/pom.xml                                          | 2 +-
 kyuubi-zookeeper/pom.xml                                     | 2 +-
 pom.xml                                                      | 2 +-
 tools/spark-block-cleaner/pom.xml                            | 2 +-
 45 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index 0d265a006..31b9d27bc 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/dev/kyuubi-tpcds/pom.xml b/dev/kyuubi-tpcds/pom.xml
index bb52f6c21..b80c1227f 100644
--- a/dev/kyuubi-tpcds/pom.xml
+++ b/dev/kyuubi-tpcds/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/server/kyuubi-server-plugin/pom.xml b/extensions/server/kyuubi-server-plugin/pom.xml
index 799f27c46..12c1699fc 100644
--- a/extensions/server/kyuubi-server-plugin/pom.xml
+++ b/extensions/server/kyuubi-server-plugin/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
index 21e0d5c83..a7fcbabe5 100644
--- a/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-1/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
index 086034890..b1ddcecf8 100644
--- a/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-2/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
index 3d7312829..9b1a30af0 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-3/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
index fcd5026da..ee5b5f155 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-4/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-common/pom.xml b/extensions/spark/kyuubi-extension-spark-common/pom.xml
index 9ebacfdbe..259931a2e 100644
--- a/extensions/spark/kyuubi-extension-spark-common/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-common/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
index a68c7a75c..ea571644e 100644
--- a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
+++ b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
 
     </parent>
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 7189f6296..1ae63fcb3 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
 
     </parent>
diff --git a/extensions/spark/kyuubi-spark-connector-common/pom.xml b/extensions/spark/kyuubi-spark-connector-common/pom.xml
index 007dac3ae..1fc0f5768 100644
--- a/extensions/spark/kyuubi-spark-connector-common/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-common/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/pom.xml b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
index 970cadff7..4f46138e9 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-hive/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
index 6da770dea..5999b8c63 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
index 070d76d9b..22a5405a6 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpch/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/extensions/spark/kyuubi-spark-lineage/pom.xml b/extensions/spark/kyuubi-spark-lineage/pom.xml
index 3515d3789..270bf4d04 100644
--- a/extensions/spark/kyuubi-spark-lineage/pom.xml
+++ b/extensions/spark/kyuubi-spark-lineage/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-chat-engine/pom.xml b/externals/kyuubi-chat-engine/pom.xml
index 9ec8a966d..3639ceed3 100644
--- a/externals/kyuubi-chat-engine/pom.xml
+++ b/externals/kyuubi-chat-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-download/pom.xml b/externals/kyuubi-download/pom.xml
index d7f0c6013..b21e3e5a2 100644
--- a/externals/kyuubi-download/pom.xml
+++ b/externals/kyuubi-download/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml
index bf9e100d0..eec5c1cd9 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-hive-sql-engine/pom.xml b/externals/kyuubi-hive-sql-engine/pom.xml
index 581e6f3de..caed7e27c 100644
--- a/externals/kyuubi-hive-sql-engine/pom.xml
+++ b/externals/kyuubi-hive-sql-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-jdbc-engine/pom.xml b/externals/kyuubi-jdbc-engine/pom.xml
index 95afd5289..3c21fed57 100644
--- a/externals/kyuubi-jdbc-engine/pom.xml
+++ b/externals/kyuubi-jdbc-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index c27f85fa9..37d4f3238 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/externals/kyuubi-trino-engine/pom.xml b/externals/kyuubi-trino-engine/pom.xml
index e9926db74..7d91e4a86 100644
--- a/externals/kyuubi-trino-engine/pom.xml
+++ b/externals/kyuubi-trino-engine/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml
index 970a76d21..3c0e3f31a 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-hive-it/pom.xml b/integration-tests/kyuubi-hive-it/pom.xml
index 55f1f1ef2..24e5529a2 100644
--- a/integration-tests/kyuubi-hive-it/pom.xml
+++ b/integration-tests/kyuubi-hive-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-jdbc-it/pom.xml b/integration-tests/kyuubi-jdbc-it/pom.xml
index 3336a2b2f..08f74512e 100644
--- a/integration-tests/kyuubi-jdbc-it/pom.xml
+++ b/integration-tests/kyuubi-jdbc-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-kubernetes-it/pom.xml b/integration-tests/kyuubi-kubernetes-it/pom.xml
index a796ccab5..a4334e497 100644
--- a/integration-tests/kyuubi-kubernetes-it/pom.xml
+++ b/integration-tests/kyuubi-kubernetes-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-trino-it/pom.xml b/integration-tests/kyuubi-trino-it/pom.xml
index faf38e3e0..628f63818 100644
--- a/integration-tests/kyuubi-trino-it/pom.xml
+++ b/integration-tests/kyuubi-trino-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/kyuubi-zookeeper-it/pom.xml b/integration-tests/kyuubi-zookeeper-it/pom.xml
index c25daffaa..869fd40b2 100644
--- a/integration-tests/kyuubi-zookeeper-it/pom.xml
+++ b/integration-tests/kyuubi-zookeeper-it/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>integration-tests</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index b6a48daae..35d0b4f9e 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>integration-tests</artifactId>
diff --git a/kyuubi-assembly/pom.xml b/kyuubi-assembly/pom.xml
index b9785bd7a..4fa0d9a0f 100644
--- a/kyuubi-assembly/pom.xml
+++ b/kyuubi-assembly/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-common/pom.xml b/kyuubi-common/pom.xml
index b6c9f6dcb..0d5c491b5 100644
--- a/kyuubi-common/pom.xml
+++ b/kyuubi-common/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-ctl/pom.xml b/kyuubi-ctl/pom.xml
index 0b3e527c9..c453cd3af 100644
--- a/kyuubi-ctl/pom.xml
+++ b/kyuubi-ctl/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-events/pom.xml b/kyuubi-events/pom.xml
index 11a99198c..9b30b5750 100644
--- a/kyuubi-events/pom.xml
+++ b/kyuubi-events/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-ha/pom.xml b/kyuubi-ha/pom.xml
index b42bed924..33331d712 100644
--- a/kyuubi-ha/pom.xml
+++ b/kyuubi-ha/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/kyuubi-hive-beeline/pom.xml b/kyuubi-hive-beeline/pom.xml
index ff14e7839..1068a81ce 100644
--- a/kyuubi-hive-beeline/pom.xml
+++ b/kyuubi-hive-beeline/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-hive-beeline</artifactId>
diff --git a/kyuubi-hive-jdbc-shaded/pom.xml b/kyuubi-hive-jdbc-shaded/pom.xml
index e0e390b75..174f199be 100644
--- a/kyuubi-hive-jdbc-shaded/pom.xml
+++ b/kyuubi-hive-jdbc-shaded/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-hive-jdbc-shaded</artifactId>
diff --git a/kyuubi-hive-jdbc/pom.xml b/kyuubi-hive-jdbc/pom.xml
index 36c27efe0..aa5e7c161 100644
--- a/kyuubi-hive-jdbc/pom.xml
+++ b/kyuubi-hive-jdbc/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-hive-jdbc</artifactId>
diff --git a/kyuubi-metrics/pom.xml b/kyuubi-metrics/pom.xml
index adac74d31..5a95291bd 100644
--- a/kyuubi-metrics/pom.xml
+++ b/kyuubi-metrics/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-metrics_${scala.binary.version}</artifactId>
diff --git a/kyuubi-rest-client/pom.xml b/kyuubi-rest-client/pom.xml
index 176051deb..7d7e595c4 100644
--- a/kyuubi-rest-client/pom.xml
+++ b/kyuubi-rest-client/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-rest-client</artifactId>
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 1cb6d424d..a8b133d27 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-server_${scala.binary.version}</artifactId>
diff --git a/kyuubi-util-scala/pom.xml b/kyuubi-util-scala/pom.xml
index 2e86c8cae..b97fc110b 100644
--- a/kyuubi-util-scala/pom.xml
+++ b/kyuubi-util-scala/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
diff --git a/kyuubi-util/pom.xml b/kyuubi-util/pom.xml
index dca500191..19a4f8543 100644
--- a/kyuubi-util/pom.xml
+++ b/kyuubi-util/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-util</artifactId>
diff --git a/kyuubi-zookeeper/pom.xml b/kyuubi-zookeeper/pom.xml
index f58415c99..c4309fbab 100644
--- a/kyuubi-zookeeper/pom.xml
+++ b/kyuubi-zookeeper/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>kyuubi-zookeeper_${scala.binary.version}</artifactId>
diff --git a/pom.xml b/pom.xml
index 9ded97e99..c1b5a41fa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
 
     <groupId>org.apache.kyuubi</groupId>
     <artifactId>kyuubi-parent</artifactId>
-    <version>1.8.0-SNAPSHOT</version>
+    <version>1.9.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>Kyuubi Project Parent</name>
diff --git a/tools/spark-block-cleaner/pom.xml b/tools/spark-block-cleaner/pom.xml
index e0520e463..9c777f121 100644
--- a/tools/spark-block-cleaner/pom.xml
+++ b/tools/spark-block-cleaner/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.apache.kyuubi</groupId>
         <artifactId>kyuubi-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

From be93d897448eb94d8ad044901eeddcaca82e48b0 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Mon, 4 Sep 2023 16:22:04 +0800
Subject: [PATCH 603/760] [KYUUBI #5241] Bump Commons Lang3 from 3.12.0 to
 3.13.0

### _Why are the changes needed?_

- Apache Commons Lang 3.13.0 release note: https://commons.apache.org/proper/commons-lang/changes-report.html#a3.13.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5241 from bowenliang123/commonslang3-3.13.

Closes #5241

99e5ffbd9 [Bowen Liang] update dependencyList
f2bf9c554 [Bowen Liang] bump commons lang3 to 3.13.0

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 dev/dependencyList | 2 +-
 pom.xml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index f7b4781ce..778f64c2e 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -30,7 +30,7 @@ classgraph/4.8.138//classgraph-4.8.138.jar
 commons-codec/1.15//commons-codec-1.15.jar
 commons-collections/3.2.2//commons-collections-3.2.2.jar
 commons-lang/2.6//commons-lang-2.6.jar
-commons-lang3/3.12.0//commons-lang3-3.12.0.jar
+commons-lang3/3.13.0//commons-lang3-3.13.0.jar
 commons-logging/1.1.3//commons-logging-1.1.3.jar
 derby/10.14.2.0//derby-10.14.2.0.jar
 error_prone_annotations/2.14.0//error_prone_annotations-2.14.0.jar
diff --git a/pom.xml b/pom.xml
index c1b5a41fa..3d3fe6180 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,7 @@
         <commons-collections.version>3.2.2</commons-collections.version>
         <commons-io.version>2.11.0</commons-io.version>
         <commons-lang.version>2.6</commons-lang.version>
-        <commons-lang3.version>3.12.0</commons-lang3.version>
+        <commons-lang3.version>3.13.0</commons-lang3.version>
         <etcd.version>0.7.3</etcd.version>
         <delta.version>2.4.0</delta.version>
         <failsafe.verion>2.4.4</failsafe.verion>

From 522ec94ef2b32281c62bb05b5fbe56adb411a23e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 4 Sep 2023 19:01:38 +0800
Subject: [PATCH 604/760] [KYUUBI #5247] Correct building command for Spark
 authz/lineage plugins

### _Why are the changes needed?_

Adding `-DskipTests` and `-am` into maven commands

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5247 from pan3793/minor.

Closes #5247

f373fbd52 [Cheng Pan] Correct building command for Spark authz/lineage plugins

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 extensions/spark/kyuubi-spark-authz/README.md   | 2 +-
 extensions/spark/kyuubi-spark-lineage/README.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index 8964fb7d1..374f83b03 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -26,7 +26,7 @@
 ## Build
 
 ```shell
-build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Dspark.version=3.2.1 -Dranger.version=2.4.0
+build/mvn clean package -DskipTests -pl :kyuubi-spark-authz_2.12 -am -Dspark.version=3.2.1 -Dranger.version=2.4.0
 ```
 
 ### Supported Apache Spark Versions
diff --git a/extensions/spark/kyuubi-spark-lineage/README.md b/extensions/spark/kyuubi-spark-lineage/README.md
index a713221ac..1c42d3736 100644
--- a/extensions/spark/kyuubi-spark-lineage/README.md
+++ b/extensions/spark/kyuubi-spark-lineage/README.md
@@ -26,7 +26,7 @@
 ## Build
 
 ```shell
-build/mvn clean package -pl :kyuubi-spark-lineage_2.12 -am -Dspark.version=3.2.1
+build/mvn clean package -DskipTests -pl :kyuubi-spark-lineage_2.12 -am -Dspark.version=3.2.1
 ```
 
 ### Supported Apache Spark Versions

From 593b582ea5396666f605e321086528b5755602aa Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 4 Sep 2023 19:04:00 +0800
Subject: [PATCH 605/760] [KYUUBI #5245] [INFRA] Daily deploy snapshot version
 on branch-1.8

### _Why are the changes needed?_

branch-1.8 has been cut, we should update the GitHub workflow to daily publish snapshot jars on all active branches.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5245 from pan3793/daily-snapshot-1.8.

Closes #5245

df3979743 [Cheng Pan] [INFRA] Daily deploy snapshot version on branch-1.8

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/publish-snapshot-nexus.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/publish-snapshot-nexus.yml b/.github/workflows/publish-snapshot-nexus.yml
index 6ef933b52..b4191396b 100644
--- a/.github/workflows/publish-snapshot-nexus.yml
+++ b/.github/workflows/publish-snapshot-nexus.yml
@@ -31,6 +31,7 @@ jobs:
         branch:
           - master
           - branch-1.7
+          - branch-1.8
         profiles:
           - -Pflink-provided,spark-provided,hive-provided,spark-3.1
           - -Pflink-provided,spark-provided,hive-provided,spark-3.2
@@ -38,6 +39,8 @@ jobs:
         include:
           - branch: master
             profiles: -Pflink-provided,spark-provided,hive-provided,spark-3.4
+          - branch: branch-1.8
+            profiles: -Pflink-provided,spark-provided,hive-provided,spark-3.4
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

From ea44fb88eac54a799a84fb24fc9ce942e9315420 Mon Sep 17 00:00:00 2001
From: "chenliang.lu" <chenlianglu@tencent.com>
Date: Mon, 4 Sep 2023 21:35:28 +0800
Subject: [PATCH 606/760] [KYUUBI #5250] [TEST] Bump Iceberg from 1.3.0 to
 1.3.1

### _Why are the changes needed?_

https://github.com/apache/iceberg/releases/tag/apache-iceberg-1.3.1

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5250 from yabola/auto_ci.

Closes #5250

85f2625a5 [chenliang.lu] [minor] update iceberg version

Authored-by: chenliang.lu <chenlianglu@tencent.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3d3fe6180..6ae1625d7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,7 +158,7 @@
         <hive.archive.download.skip>false</hive.archive.download.skip>
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
-        <iceberg.version>1.3.0</iceberg.version>
+        <iceberg.version>1.3.1</iceberg.version>
         <jackson.version>2.15.0</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>

From 5abc2625f1bfa3250c7f0b988a00bb881ce58f35 Mon Sep 17 00:00:00 2001
From: Sidhant Nagpal <sidnagpal2000@gmail.com>
Date: Mon, 4 Sep 2023 21:46:34 +0800
Subject: [PATCH 607/760] [KYUUBI #5234] Upgrade Jetty version from
 9.4.51.v20230217 to 9.4.52.v20230823

Fixes #5234

Closes #5239 from sidhant-nagpal/fix#5234/jetty-upgraded-from-9.4.51.v20230217-to-9.4.52.v20230823.

Closes #5234

cbd4b4990 [Sidhant Nagpal] Merge branch 'master' of https://github.com/sidhant-nagpal/kyuubi into fix#5234/jetty-upgraded-from-9.4.51.v20230217-to-9.4.52.v20230823
608a510a9 [Sidhant Nagpal] Merge branch 'master' of https://github.com/sidhant-nagpal/kyuubi into fix#5234/jetty-upgraded-from-9.4.51.v20230217-to-9.4.52.v20230823
d2ac35e08 [Sidhant Nagpal] Revert "#5234 Upgrade Jetty from 9.4.51.v20230217 to 9.4.52.v20230823"
f15af280d [Sidhant Nagpal] #5234 Upgrade Jetty from 9.4.51.v20230217 to 9.4.52.v20230823
2498302b4 [Sidhant Nagpal] #5234 Upgrade Jetty from 9.4.51.v20230217 to 9.4.52.v20230823

Authored-by: Sidhant Nagpal <sidnagpal2000@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 18 +++++++++---------
 pom.xml            |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 778f64c2e..f59095b66 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -95,15 +95,15 @@ jetcd-api/0.7.3//jetcd-api-0.7.3.jar
 jetcd-common/0.7.3//jetcd-common-0.7.3.jar
 jetcd-core/0.7.3//jetcd-core-0.7.3.jar
 jetcd-grpc/0.7.3//jetcd-grpc-0.7.3.jar
-jetty-client/9.4.51.v20230217//jetty-client-9.4.51.v20230217.jar
-jetty-http/9.4.51.v20230217//jetty-http-9.4.51.v20230217.jar
-jetty-io/9.4.51.v20230217//jetty-io-9.4.51.v20230217.jar
-jetty-proxy/9.4.51.v20230217//jetty-proxy-9.4.51.v20230217.jar
-jetty-security/9.4.51.v20230217//jetty-security-9.4.51.v20230217.jar
-jetty-server/9.4.51.v20230217//jetty-server-9.4.51.v20230217.jar
-jetty-servlet/9.4.51.v20230217//jetty-servlet-9.4.51.v20230217.jar
-jetty-util-ajax/9.4.51.v20230217//jetty-util-ajax-9.4.51.v20230217.jar
-jetty-util/9.4.51.v20230217//jetty-util-9.4.51.v20230217.jar
+jetty-client/9.4.52.v20230823//jetty-client-9.4.52.v20230823.jar
+jetty-http/9.4.52.v20230823//jetty-http-9.4.52.v20230823.jar
+jetty-io/9.4.52.v20230823//jetty-io-9.4.52.v20230823.jar
+jetty-proxy/9.4.52.v20230823//jetty-proxy-9.4.52.v20230823.jar
+jetty-security/9.4.52.v20230823//jetty-security-9.4.52.v20230823.jar
+jetty-server/9.4.52.v20230823//jetty-server-9.4.52.v20230823.jar
+jetty-servlet/9.4.52.v20230823//jetty-servlet-9.4.52.v20230823.jar
+jetty-util-ajax/9.4.52.v20230823//jetty-util-ajax-9.4.52.v20230823.jar
+jetty-util/9.4.52.v20230823//jetty-util-9.4.52.v20230823.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
 kafka-clients/3.4.0//kafka-clients-3.4.0.jar
diff --git a/pom.xml b/pom.xml
index 6ae1625d7..2e03256e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -164,7 +164,7 @@
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
         <jakarta.activation.version>1.2.2</jakarta.activation.version>
         <jersey.version>2.39.1</jersey.version>
-        <jetty.version>9.4.51.v20230217</jetty.version>
+        <jetty.version>9.4.52.v20230823</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
         <kafka.version>3.4.0</kafka.version>

From 708a0bec6361811aefb4ad6c9d7815f9daebd591 Mon Sep 17 00:00:00 2001
From: bkhan <bkhan@trip.com>
Date: Mon, 4 Sep 2023 21:54:37 +0800
Subject: [PATCH 608/760] [KYUUBI #5232] In SparkOperation#cleanup always calls
 cancelJobGroup even though it's in the completed state

### _Why are the changes needed?_

Implement this issue: #5232

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5240 from XorSum/always_cancel_job_group.

Closes #5232

7da16aaa7 [bkhan] In SparkOperation#cleanup always calls cancelJobGroup even though it's in the completed state

Authored-by: bkhan <bkhan@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/engine/spark/operation/SparkOperation.scala   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
index 782f443df..1de360f07 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala
@@ -106,8 +106,8 @@ abstract class SparkOperation(session: Session)
     if (!isTerminalState(state)) {
       setState(targetState)
       Option(getBackgroundHandle).foreach(_.cancel(true))
-      if (!spark.sparkContext.isStopped) spark.sparkContext.cancelJobGroup(statementId)
     }
+    if (!spark.sparkContext.isStopped) spark.sparkContext.cancelJobGroup(statementId)
   }
 
   protected val forceCancel =

From 466d35d16935f3c98e5b3fea519408e4a38cda31 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 4 Sep 2023 23:20:38 +0800
Subject: [PATCH 609/760] [KYUUBI #5138][TEST] Fix flaky test
 BatchesResourceSuite - get batch session list

### _Why are the changes needed?_

```
  override def afterEach(): Unit = {
    val sessionManager = fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
    sessionManager.allSessions().foreach { session =>
      sessionManager.closeSession(session.handle)
    }

    // there is a chance that `KyuubiBatchService` do batch job submission during this phase
    // which causes the above cleanup can not catch all sessions.

    sessionManager.getBatchesFromMetadataStore(MetadataFilter(), 0, Int.MaxValue).foreach { batch =>
      sessionManager.applicationManager.killApplication(ApplicationManagerInfo(None), batch.getId)
      sessionManager.cleanupMetadata(batch.getId)
    }
  }
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5246 from pan3793/5138.

Closes #5138

a8d683731 [Cheng Pan] try catch
0c418b428 [Cheng Pan] [KYUUBI #5138][TEST] Fix flaky test BatchesResourceSuite - get batch session list

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/api/v1/BatchesResourceSuite.scala      | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 8128ab19d..504b9ac26 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -31,7 +31,7 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion
 import org.glassfish.jersey.media.multipart.FormDataMultiPart
 import org.glassfish.jersey.media.multipart.file.FileDataBodyPart
 
-import org.apache.kyuubi.{BatchTestHelper, KyuubiFunSuite, RestFrontendTestHelper}
+import org.apache.kyuubi.{BatchTestHelper, KyuubiFunSuite, RestFrontendTestHelper, Utils}
 import org.apache.kyuubi.client.api.v1.dto._
 import org.apache.kyuubi.client.util.BatchUtils
 import org.apache.kyuubi.client.util.BatchUtils._
@@ -42,7 +42,7 @@ import org.apache.kyuubi.engine.spark.SparkBatchProcessBuilder
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.operation.{BatchJobSubmission, OperationState}
 import org.apache.kyuubi.operation.OperationState.OperationState
-import org.apache.kyuubi.server.KyuubiRestFrontendService
+import org.apache.kyuubi.server.{KyuubiBatchService, KyuubiRestFrontendService}
 import org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
 import org.apache.kyuubi.service.authentication.{InternalSecurityAccessor, KyuubiAuthenticationFactory}
@@ -60,6 +60,17 @@ class BatchesV2ResourceSuite extends BatchesResourceSuiteBase {
   override def customConf: Map[String, String] = Map(
     KyuubiConf.METADATA_REQUEST_ASYNC_RETRY_ENABLED.key -> "false",
     KyuubiConf.BATCH_SUBMITTER_ENABLED.key -> "true")
+
+  override def afterEach(): Unit = {
+    val sessionManager = fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
+    val batchService = server.getServices.collectFirst { case b: KyuubiBatchService => b }.get
+    sessionManager.getBatchesFromMetadataStore(MetadataFilter(), 0, Int.MaxValue)
+      .foreach { batch => batchService.cancelUnscheduledBatch(batch.getId) }
+    super.afterEach()
+    sessionManager.allSessions().foreach { session =>
+      Utils.tryLogNonFatalError { sessionManager.closeSession(session.handle) }
+    }
+  }
 }
 
 abstract class BatchesResourceSuiteBase extends KyuubiFunSuite

From 32c5033568cd396fa80173743f0286a722575e27 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Tue, 5 Sep 2023 04:23:28 +0800
Subject: [PATCH 610/760] [KYUUBI #5238] Fix credentials may break Flink engine
 launch command

### _Why are the changes needed?_
Currently, Flink engine doesn't use delegation tokens and these tokens need to be filtered out from the Flink engine launch command, or the command may be corrupted because the credentials could contain new lines.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5238 from link3280/filter_engine_credential.

Closes #5238

5e2403a53 [Paul Lin] Optimize code style
41df6e2a4 [Paul Lin] Fix test error
524189443 [Paul Lin] Fix credentials may break Flink engine launch command

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala | 5 +++--
 .../kyuubi/engine/flink/FlinkProcessBuilderSuite.scala       | 4 ++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
index 716db0fcc..77b9cd6d3 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
@@ -26,7 +26,7 @@ import scala.collection.mutable.{ArrayBuffer, ListBuffer}
 import com.google.common.annotations.VisibleForTesting
 
 import org.apache.kyuubi._
-import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_USER_KEY
 import org.apache.kyuubi.engine.{ApplicationManagerInfo, KyuubiApplicationManager, ProcBuilder}
@@ -79,7 +79,8 @@ class FlinkProcessBuilder(
 
   override protected val commands: Array[String] = {
     KyuubiApplicationManager.tagApplication(engineRefId, shortName, clusterManager(), conf)
-
+    // unset engine credentials because Flink doesn't support them at the moment
+    conf.unset(KyuubiReservedKeys.KYUUBI_ENGINE_CREDENTIALS_KEY)
     // flink.execution.target are required in Kyuubi conf currently
     executionTarget match {
       case Some("yarn-application") =>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
index 25295c374..990d56f15 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
@@ -27,6 +27,7 @@ import scala.util.matching.Regex
 import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_FLINK_APPLICATION_JARS, ENGINE_FLINK_EXTRA_CLASSPATH, ENGINE_FLINK_JAVA_OPTIONS, ENGINE_FLINK_MEMORY}
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_ENGINE_CREDENTIALS_KEY
 import org.apache.kyuubi.engine.flink.FlinkProcessBuilder._
 
 class FlinkProcessBuilderSuite extends KyuubiFunSuite {
@@ -37,12 +38,14 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     .set(
       ENGINE_FLINK_JAVA_OPTIONS,
       "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005")
+    .set(KYUUBI_ENGINE_CREDENTIALS_KEY, "should-not-be-used")
 
   private def applicationModeConf = KyuubiConf()
     .set("flink.execution.target", "yarn-application")
     .set(ENGINE_FLINK_APPLICATION_JARS, tempUdfJar.toString)
     .set(APP_KEY, "kyuubi_connection_flink_paul")
     .set("kyuubi.on", "off")
+    .set(KYUUBI_ENGINE_CREDENTIALS_KEY, "should-not-be-used")
 
   private val tempFlinkHome = Files.createTempDirectory("flink-home").toFile
   private val tempOpt =
@@ -65,6 +68,7 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     (FLINK_HADOOP_CLASSPATH_KEY -> s"${File.separator}hadoop")
   private def confStr: String = {
     sessionModeConf.clone.getAll
+      .filter(!_._1.equals(KYUUBI_ENGINE_CREDENTIALS_KEY))
       .map { case (k, v) => s"\\\\\\n\\t--conf $k=$v" }
       .mkString(" ")
   }

From 6158599c4ff80cc9e33cb53b7b947f119af81d70 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Tue, 5 Sep 2023 12:30:51 +0800
Subject: [PATCH 611/760] [KYUUBI #5253] Upgrade testcontainers-scala from
 0.40.12 to 0.41.0

### _Why are the changes needed?_

close #5253

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

NO

Closes #5254 from lsm1/branch-kyuubi-5253.

Closes #5253

b5c407671 [senmiaoliu] bump testcontainers 0.41.0

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2e03256e0..948e94d41 100644
--- a/pom.xml
+++ b/pom.xml
@@ -204,7 +204,7 @@
         <sqlite.version>3.42.0.0</sqlite.version>
         <swagger.version>2.2.1</swagger.version>
         <swagger-ui.version>4.9.1</swagger-ui.version>
-        <testcontainers-scala.version>0.40.12</testcontainers-scala.version>
+        <testcontainers-scala.version>0.41.0</testcontainers-scala.version>
         <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
         <threeten.version>1.7.0</threeten.version>
         <thrift.version>0.9.3</thrift.version>

From d9e7250bc350f99e931002b7e1329cc7617677cc Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Tue, 5 Sep 2023 14:01:40 +0800
Subject: [PATCH 612/760] [KYUUBI #5252] [MINOR] Remove incubator link

### _Why are the changes needed?_

https://github.com/search?q=repo%3Aapache%2Fkyuubi%20incubator-kyuubi&type=code

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5252 from cxzl25/remove_incubator_link.

Closes #5252

6485e0b57 [sychen] remove incubator link

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .idea/vcs.xml | 2 +-
 README.md     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.idea/vcs.xml b/.idea/vcs.xml
index 740593019..9c45aa8a4 100644
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@@ -25,7 +25,7 @@
             GitHub share the sequence number of issues and pull requests, and it will redirect to
             the right place when the the sequence number not match kind.
            -->
-          <option name="linkRegexp" value="https://github.com/apache/incubator-kyuubi/issues/$1" />
+          <option name="linkRegexp" value="https://github.com/apache/kyuubi/issues/$1" />
         </IssueNavigationLink>
       </list>
     </option>
diff --git a/README.md b/README.md
index 976d2d7c7..6b1423e78 100644
--- a/README.md
+++ b/README.md
@@ -118,7 +118,7 @@ Ready? [Getting Started](https://kyuubi.readthedocs.io/en/master/quick_start/) w
     <img src="http://isitmaintained.com/badge/resolution/apache/kyuubi.svg" />
   </a>
   <a href="https://github.com/apache/kyuubi/issues">
-    <img src="http://isitmaintained.com/badge/open/apache/incubator-kyuubi.svg" />
+    <img src="http://isitmaintained.com/badge/open/apache/kyuubi.svg" />
   </a>
   <a href="https://github.com/apache/kyuubi/pulls">
     <img src="https://img.shields.io/github/issues-pr-closed/apache/kyuubi?style=plastic" />

From c3b7af0b54769c8377df49201e06165ce8a9d72c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 5 Sep 2023 14:18:46 +0800
Subject: [PATCH 613/760] Revert "[KYUUBI #5253] Upgrade testcontainers-scala
 from 0.40.12 to 0.41.0"

This reverts commit d5cc6788d30d7a4658215130a948f9fc9855b5ad.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 948e94d41..2e03256e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -204,7 +204,7 @@
         <sqlite.version>3.42.0.0</sqlite.version>
         <swagger.version>2.2.1</swagger.version>
         <swagger-ui.version>4.9.1</swagger-ui.version>
-        <testcontainers-scala.version>0.41.0</testcontainers-scala.version>
+        <testcontainers-scala.version>0.40.12</testcontainers-scala.version>
         <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
         <threeten.version>1.7.0</threeten.version>
         <thrift.version>0.9.3</thrift.version>

From 6a23f88b00e03b36f8f68c526128b166f866dc6f Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 6 Sep 2023 02:51:43 +0800
Subject: [PATCH 614/760] [KYUUBI #5243] Distinguish metadata between batch
 impl v2 and recovery

### _Why are the changes needed?_

The `recoveryMetadata` is not accurate after batch impl is introduced. This PR proposes to rename `recoveryMetadata` to `metadata` and introduce a dedicated flay `fromRecovery` to distinguish metadata between them.

This PR also partially reverts #4798, by removing unnecessary constructor parameters `shouldRunAsync` and `batchConf`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5243 from pan3793/meta-recov.

Closes #5243

0718fbefe [Cheng Pan] nit
b8358464c [Cheng Pan] simplify
a2d6519c6 [Cheng Pan] fix test
2dad868bd [Cheng Pan] refactor
f83d2a602 [Cheng Pan] Distinguish batch impl v2 metadata from recovery

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/SparkOnKubernetesTestsSuite.scala   |  3 -
 .../kyuubi/operation/BatchJobSubmission.scala | 45 ++++++-----
 .../operation/KyuubiOperationManager.scala    |  6 +-
 .../kyuubi/server/KyuubiBatchService.scala    | 14 +---
 .../server/api/v1/BatchesResource.scala       |  1 -
 .../kyuubi/session/KyuubiBatchSession.scala   | 77 +++++++++++--------
 .../kyuubi/session/KyuubiSessionManager.scala | 22 ++----
 .../kyuubi/WithKyuubiServerOnYarn.scala       |  2 -
 .../ServerJsonLoggingEventHandlerSuite.scala  |  3 +-
 .../server/api/v1/BatchesResourceSuite.scala  | 22 +++---
 .../server/rest/client/BatchCliSuite.scala    | 12 +--
 11 files changed, 102 insertions(+), 105 deletions(-)

diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 037681a3f..3f591e604 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -19,7 +19,6 @@ package org.apache.kyuubi.kubernetes.test.spark
 
 import java.util.UUID
 
-import scala.collection.JavaConverters._
 import scala.concurrent.duration._
 
 import org.apache.hadoop.conf.Configuration
@@ -149,7 +148,6 @@ class KyuubiOperationKubernetesClusterClientModeSuite
       "kyuubi",
       "passwd",
       "localhost",
-      batchRequest.getConf.asScala.toMap,
       batchRequest)
 
     eventually(timeout(3.minutes), interval(50.milliseconds)) {
@@ -217,7 +215,6 @@ class KyuubiOperationKubernetesClusterClusterModeSuite
       "runner",
       "passwd",
       "localhost",
-      batchRequest.getConf.asScala.toMap,
       batchRequest)
 
     // wait for driver pod start
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index ac723b2c6..4ea609540 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -58,11 +58,12 @@ class BatchJobSubmission(
     className: String,
     batchConf: Map[String, String],
     batchArgs: Seq[String],
-    recoveryMetadata: Option[Metadata],
-    override val shouldRunAsync: Boolean)
+    metadata: Option[Metadata])
   extends KyuubiApplicationOperation(session) {
   import BatchJobSubmission._
 
+  override def shouldRunAsync: Boolean = true
+
   private val _operationLog = OperationLog.createOperationLog(session, getHandle)
 
   private val applicationManager = session.sessionManager.applicationManager
@@ -75,7 +76,7 @@ class BatchJobSubmission(
   private var killMessage: KillResponse = (false, "UNKNOWN")
   def getKillMessage: KillResponse = killMessage
 
-  @volatile private var _appStartTime = recoveryMetadata.map(_.engineOpenTime).getOrElse(0L)
+  @volatile private var _appStartTime = metadata.map(_.engineOpenTime).getOrElse(0L)
   def appStartTime: Long = _appStartTime
   def appStarted: Boolean = _appStartTime > 0
 
@@ -184,21 +185,24 @@ class BatchJobSubmission(
   override protected def runInternal(): Unit = session.handleSessionException {
     val asyncOperation: Runnable = () => {
       try {
-        recoveryMetadata match {
+        metadata match {
           case Some(metadata) if metadata.peerInstanceClosed =>
             setState(OperationState.CANCELED)
           case Some(metadata) if metadata.state == OperationState.PENDING.toString =>
-            // In recovery mode, only submit batch job when previous state is PENDING
-            // and fail to fetch the status including appId from resource manager.
-            // Otherwise, monitor the submitted batch application.
+            // case 1: new batch job created using batch impl v2
+            // case 2: batch job from recovery, do submission only when previous state is
+            // PENDING and fail to fetch the status by appId from resource manager, which
+            // is similar with case 1; otherwise, monitor the submitted batch application.
             _applicationInfo = currentApplicationInfo()
             applicationId(_applicationInfo) match {
-              case Some(appId) => monitorBatchJob(appId)
               case None => submitAndMonitorBatchJob()
+              case Some(appId) => monitorBatchJob(appId)
             }
           case Some(metadata) =>
+            // batch job from recovery which was submitted
             monitorBatchJob(metadata.engineId)
           case None =>
+            // brand-new job created using batch impl v1
             submitAndMonitorBatchJob()
         }
         setStateIfNotCanceled(OperationState.FINISHED)
@@ -219,7 +223,6 @@ class BatchJobSubmission(
         updateBatchMetadata()
       }
     }
-    if (!shouldRunAsync) getBackgroundHandle.get()
   }
 
   private def submitAndMonitorBatchJob(): Unit = {
@@ -295,19 +298,19 @@ class BatchJobSubmission(
     }
     if (_applicationInfo.isEmpty) {
       info(s"The $batchType batch[$batchId] job: $appId not found, assume that it has finished.")
-    } else if (applicationFailed(_applicationInfo)) {
+      return
+    }
+    if (applicationFailed(_applicationInfo)) {
+      throw new KyuubiException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
+    }
+    updateBatchMetadata()
+    // TODO: add limit for max batch job submission lifetime
+    while (_applicationInfo.isDefined && !applicationTerminated(_applicationInfo)) {
+      Thread.sleep(applicationCheckInterval)
+      updateApplicationInfoMetadataIfNeeded()
+    }
+    if (applicationFailed(_applicationInfo)) {
       throw new KyuubiException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
-    } else {
-      updateBatchMetadata()
-      // TODO: add limit for max batch job submission lifetime
-      while (_applicationInfo.isDefined && !applicationTerminated(_applicationInfo)) {
-        Thread.sleep(applicationCheckInterval)
-        updateApplicationInfoMetadataIfNeeded()
-      }
-
-      if (applicationFailed(_applicationInfo)) {
-        throw new KyuubiException(s"$batchType batch[$batchId] job failed: ${_applicationInfo}")
-      }
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
index 8ae9c91f8..739c99cd7 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperationManager.scala
@@ -81,8 +81,7 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
       className: String,
       batchConf: Map[String, String],
       batchArgs: Seq[String],
-      recoveryMetadata: Option[Metadata],
-      shouldRunAsync: Boolean): BatchJobSubmission = {
+      metadata: Option[Metadata]): BatchJobSubmission = {
     val operation = new BatchJobSubmission(
       session,
       batchType,
@@ -91,8 +90,7 @@ class KyuubiOperationManager private (name: String) extends OperationManager(nam
       className,
       batchConf,
       batchArgs,
-      recoveryMetadata,
-      shouldRunAsync)
+      metadata)
     addOperation(operation)
     operation
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
index 7ed2ab8e1..bf10a68fa 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
@@ -22,7 +22,6 @@ import java.util.concurrent.atomic.AtomicBoolean
 import org.apache.kyuubi.config.KyuubiConf.BATCH_SUBMITTER_THREADS
 import org.apache.kyuubi.operation.OperationState
 import org.apache.kyuubi.server.metadata.MetadataManager
-import org.apache.kyuubi.server.metadata.api.Metadata
 import org.apache.kyuubi.service.{AbstractService, Serverable}
 import org.apache.kyuubi.session.KyuubiSessionManager
 import org.apache.kyuubi.util.ThreadUtils
@@ -81,16 +80,9 @@ class KyuubiBatchService(
               Option(metadata.requestName),
               metadata.resource,
               metadata.className,
-              metadata.requestConf,
               metadata.requestArgs,
-              Some(metadata), // TODO some logic need to fix since it's not from recovery
-              shouldRunAsync = true)
-            val metadataForUpdate = Metadata(
-              identifier = batchId,
-              kyuubiInstance = kyuubiInstance,
-              requestConf = batchSession.optimizedConf,
-              clusterManager = batchSession.batchJobSubmissionOp.builder.clusterManager())
-            metadataManager.updateMetadata(metadataForUpdate, asyncRetryOnError = false)
+              Some(metadata),
+              fromRecovery = false)
             val sessionHandle = sessionManager.openBatchSession(batchSession)
             var submitted = false
             while (!submitted) { // block until batch job submitted
@@ -113,7 +105,7 @@ class KyuubiBatchService(
               // }
               if (!submitted) Thread.sleep(1000)
             }
-            info(s"$batchId is submitted.")
+            info(s"$batchId is submitted or finished.")
         }
       }
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index d7e8b615a..12db68aeb 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -269,7 +269,6 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
             userName,
             "anonymous",
             ipAddress,
-            request.getConf.asScala.toMap,
             request)
         } match {
           case Success(sessionHandle) =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index 014bbced3..c8563bca1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -41,10 +41,9 @@ class KyuubiBatchSession(
     batchName: Option[String],
     resource: String,
     className: String,
-    batchConf: Map[String, String],
     batchArgs: Seq[String],
-    recoveryMetadata: Option[Metadata] = None,
-    shouldRunAsync: Boolean)
+    metadata: Option[Metadata] = None,
+    fromRecovery: Boolean)
   extends KyuubiSession(
     TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V1,
     user,
@@ -55,11 +54,11 @@ class KyuubiBatchSession(
   override val sessionType: SessionType = SessionType.BATCH
 
   override val handle: SessionHandle = {
-    val batchId = recoveryMetadata.map(_.identifier).getOrElse(conf(KYUUBI_BATCH_ID_KEY))
+    val batchId = metadata.map(_.identifier).getOrElse(conf(KYUUBI_BATCH_ID_KEY))
     SessionHandle.fromUUID(batchId)
   }
 
-  override def createTime: Long = recoveryMetadata.map(_.createTime).getOrElse(super.createTime)
+  override def createTime: Long = metadata.map(_.createTime).getOrElse(super.createTime)
 
   override def getNoOperationTime: Long = {
     if (batchJobSubmissionOp != null && !OperationState.isTerminal(
@@ -74,7 +73,7 @@ class KyuubiBatchSession(
     sessionManager.getConf.get(KyuubiConf.BATCH_SESSION_IDLE_TIMEOUT)
 
   override val normalizedConf: Map[String, String] =
-    sessionConf.getBatchConf(batchType) ++ sessionManager.validateBatchConf(batchConf)
+    sessionConf.getBatchConf(batchType) ++ sessionManager.validateBatchConf(conf)
 
   val optimizedConf: Map[String, String] = {
     val confOverlay = sessionManager.sessionConfAdvisor.getConfOverlay(
@@ -95,7 +94,7 @@ class KyuubiBatchSession(
 
   // whether the resource file is from uploading
   private[kyuubi] val isResourceUploaded: Boolean =
-    batchConf.getOrElse(KyuubiReservedKeys.KYUUBI_BATCH_RESOURCE_UPLOADED_KEY, "false").toBoolean
+    conf.getOrElse(KyuubiReservedKeys.KYUUBI_BATCH_RESOURCE_UPLOADED_KEY, "false").toBoolean
 
   private[kyuubi] lazy val batchJobSubmissionOp = sessionManager.operationManager
     .newBatchJobSubmissionOperation(
@@ -106,8 +105,7 @@ class KyuubiBatchSession(
       className,
       optimizedConf,
       batchArgs,
-      recoveryMetadata,
-      shouldRunAsync)
+      metadata)
 
   private def waitMetadataRequestsRetryCompletion(): Unit = {
     val batchId = batchJobSubmissionOp.batchId
@@ -122,7 +120,9 @@ class KyuubiBatchSession(
   }
 
   private val sessionEvent = KyuubiSessionEvent(this)
-  recoveryMetadata.foreach(metadata => sessionEvent.engineId = metadata.engineId)
+  if (fromRecovery) {
+    metadata.foreach { m => sessionEvent.engineId = m.engineId }
+  }
   EventBus.post(sessionEvent)
 
   override def getSessionEvent: Option[KyuubiSessionEvent] = {
@@ -142,32 +142,47 @@ class KyuubiBatchSession(
   override def open(): Unit = handleSessionException {
     traceMetricsOnOpen()
 
-    if (recoveryMetadata.isEmpty) {
+    lazy val kubernetesInfo: Map[String, String] = {
       val appMgrInfo = batchJobSubmissionOp.builder.appMgrInfo()
-      val kubernetesInfo = appMgrInfo.kubernetesInfo.context.map { context =>
+      appMgrInfo.kubernetesInfo.context.map { context =>
         Map(KyuubiConf.KUBERNETES_CONTEXT.key -> context)
       }.getOrElse(Map.empty) ++ appMgrInfo.kubernetesInfo.namespace.map { namespace =>
         Map(KyuubiConf.KUBERNETES_NAMESPACE.key -> namespace)
       }.getOrElse(Map.empty)
-      val metaData = Metadata(
-        identifier = handle.identifier.toString,
-        sessionType = sessionType,
-        realUser = realUser,
-        username = user,
-        ipAddress = ipAddress,
-        kyuubiInstance = connectionUrl,
-        state = OperationState.PENDING.toString,
-        resource = resource,
-        className = className,
-        requestName = name.orNull,
-        requestConf = optimizedConf ++ kubernetesInfo, // save the kubernetes info into request conf
-        requestArgs = batchArgs,
-        createTime = createTime,
-        engineType = batchType,
-        clusterManager = batchJobSubmissionOp.builder.clusterManager())
-
-      // there is a chance that operation failed w/ duplicated key error
-      sessionManager.insertMetadata(metaData)
+    }
+
+    (metadata, fromRecovery) match {
+      case (Some(initialMetadata), false) =>
+        // new batch job created using batch impl v2
+        val metadataToUpdate = Metadata(
+          identifier = initialMetadata.identifier,
+          kyuubiInstance = connectionUrl,
+          requestName = name.orNull,
+          requestConf = optimizedConf ++ kubernetesInfo, // save the kubernetes info
+          clusterManager = batchJobSubmissionOp.builder.clusterManager())
+        sessionManager.updateMetadata(metadataToUpdate)
+      case (None, _) =>
+        // new batch job created using batch impl v1
+        val newMetadata = Metadata(
+          identifier = handle.identifier.toString,
+          sessionType = sessionType,
+          realUser = realUser,
+          username = user,
+          ipAddress = ipAddress,
+          kyuubiInstance = connectionUrl,
+          state = OperationState.PENDING.toString,
+          resource = resource,
+          className = className,
+          requestName = name.orNull,
+          requestConf = optimizedConf ++ kubernetesInfo, // save the kubernetes info
+          requestArgs = batchArgs,
+          createTime = createTime,
+          engineType = batchType,
+          clusterManager = batchJobSubmissionOp.builder.clusterManager())
+
+        // there is a chance that operation failed w/ duplicated key error
+        sessionManager.insertMetadata(newMetadata)
+      case _ =>
     }
 
     checkSessionAccessPathURIs()
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 19259bb1b..8d3234699 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -144,10 +144,9 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       batchName: Option[String],
       resource: String,
       className: String,
-      batchConf: Map[String, String],
       batchArgs: Seq[String],
-      recoveryMetadata: Option[Metadata] = None,
-      shouldRunAsync: Boolean): KyuubiBatchSession = {
+      metadata: Option[Metadata] = None,
+      fromRecovery: Boolean): KyuubiBatchSession = {
     // scalastyle:on
     val username = Option(user).filter(_.nonEmpty).getOrElse("anonymous")
     val sessionConf = this.getConf.getUserDefaults(user)
@@ -162,10 +161,9 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       batchName,
       resource,
       className,
-      batchConf,
       batchArgs,
-      recoveryMetadata,
-      shouldRunAsync)
+      metadata,
+      fromRecovery)
   }
 
   private[kyuubi] def openBatchSession(batchSession: KyuubiBatchSession): SessionHandle = {
@@ -202,22 +200,19 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       user: String,
       password: String,
       ipAddress: String,
-      conf: Map[String, String],
-      batchRequest: BatchRequest,
-      shouldRunAsync: Boolean = true): SessionHandle = {
+      batchRequest: BatchRequest): SessionHandle = {
     val batchSession = createBatchSession(
       user,
       password,
       ipAddress,
-      conf,
+      batchRequest.getConf.asScala.toMap,
       batchRequest.getBatchType,
       Option(batchRequest.getName),
       batchRequest.getResource,
       batchRequest.getClassName,
-      batchRequest.getConf.asScala.toMap,
       batchRequest.getArgs.asScala.toSeq,
       None,
-      shouldRunAsync)
+      fromRecovery = false)
     openBatchSession(batchSession)
   }
 
@@ -313,10 +308,9 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
           Option(metadata.requestName),
           metadata.resource,
           metadata.className,
-          metadata.requestConf,
           metadata.requestArgs,
           Some(metadata),
-          shouldRunAsync = true)
+          fromRecovery = true)
       }).getOrElse(Seq.empty)
     }
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index 7a4bfea1b..e4382a859 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -116,7 +116,6 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       "kyuubi",
       "passwd",
       "localhost",
-      batchRequest.getConf.asScala.toMap,
       batchRequest)
 
     val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSession]
@@ -180,7 +179,6 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       "kyuubi",
       "passwd",
       "localhost",
-      batchRequest.getConf.asScala.toMap,
       batchRequest)
 
     val session = sessionManager.getSession(sessionHandle).asInstanceOf[KyuubiBatchSession]
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
index 7c79d6a87..2f794ed48 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
@@ -135,13 +135,12 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
       }
     }
 
-    val batchRequest = newSparkBatchRequest()
+    val batchRequest = newSparkBatchRequest(Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))
     val sessionMgr = server.backendService.sessionManager.asInstanceOf[KyuubiSessionManager]
     val batchSessionHandle = sessionMgr.openBatchSession(
       Utils.currentUser,
       "kyuubi",
       "127.0.0.1",
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       batchRequest)
     withSessionConf()(Map.empty)(Map("spark.sql.shuffle.partitions" -> "2")) {
       withJdbcStatement() { statement =>
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 504b9ac26..3a47461a2 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -358,12 +358,12 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
         "",
-        ""))
+        "",
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
     sessionManager.openSession(
       TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
       "",
@@ -380,22 +380,22 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
         "",
-        ""))
+        "",
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
     sessionManager.openBatchSession(
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
         "",
-        ""))
+        "",
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
 
     val response2 = webTarget.path("api/v1/batches")
       .queryParam("batchType", "spark")
@@ -780,12 +780,14 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
       .be.sessionManager.asInstanceOf[KyuubiSessionManager]
 
     val e = intercept[Exception] {
+      val conf = Map(
+        KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString,
+        "spark.jars" -> "disAllowPath")
       sessionManager.openBatchSession(
         "kyuubi",
         "kyuubi",
         InetAddress.getLocalHost.getCanonicalHostName,
-        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
-        newSparkBatchRequest(Map("spark.jars" -> "disAllowPath")))
+        newSparkBatchRequest(conf))
     }
     val sessionHandleRegex = "\\[\\S*]".r
     val batchId = sessionHandleRegex.findFirstMatchIn(e.getMessage).get.group(0)
@@ -803,12 +805,12 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         sparkBatchTestResource.get,
         "",
-        uniqueName))
+        uniqueName,
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
 
     val response = webTarget.path("api/v1/batches")
       .queryParam("batchName", uniqueName)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
index 0c44fc3a8..bcf8c450e 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/BatchCliSuite.scala
@@ -290,12 +290,12 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         "",
         "",
-        ""))
+        "",
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
     sessionManager.openSession(
       TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V11,
       "",
@@ -312,22 +312,22 @@ class BatchCliSuite extends RestClientTestHelper with TestPrematureExit with Bat
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         "",
         "",
-        ""))
+        "",
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
     sessionManager.openBatchSession(
       "kyuubi",
       "kyuubi",
       InetAddress.getLocalHost.getCanonicalHostName,
-      Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString),
       newBatchRequest(
         "spark",
         "",
         "",
-        ""))
+        "",
+        Map(KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString)))
 
     val listArgs = Array(
       "list",

From 086cf1fe668991fe4af79323fe6ccdb0c4bdbe72 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Tue, 5 Sep 2023 12:30:51 +0800
Subject: [PATCH 615/760] [KYUUBI #5253] Upgrade testcontainers-scala from
 0.40.12 to 0.41.0

### _Why are the changes needed?_

close #5253

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

NO

Closes #5254 from lsm1/branch-kyuubi-5253.

Closes #5253

b5c407671 [senmiaoliu] bump testcontainers 0.41.0

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
(cherry picked from commit 6158599c4ff80cc9e33cb53b7b947f119af81d70)
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2e03256e0..5d812f63a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -204,7 +204,7 @@
         <sqlite.version>3.42.0.0</sqlite.version>
         <swagger.version>2.2.1</swagger.version>
         <swagger-ui.version>4.9.1</swagger-ui.version>
-        <testcontainers-scala.version>0.40.12</testcontainers-scala.version>
+        <testcontainers-scala.version>0.41.0</testcontainers-scala.version>
         <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
         <threeten.version>1.7.0</threeten.version>
         <thrift.version>0.9.3</thrift.version>
@@ -1122,6 +1122,12 @@
                 <groupId>io.etcd</groupId>
                 <artifactId>jetcd-launcher</artifactId>
                 <version>${etcd.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.testcontainers</groupId>
+                        <artifactId>testcontainers</artifactId>
+                    </exclusion>
+                </exclusions>
             </dependency>
 
             <dependency>

From 83b2f8326b21561f22464409904bdccb5a4feed1 Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Wed, 6 Sep 2023 07:26:30 +0000
Subject: [PATCH 616/760] [KYUUBI #5257] [LINEAGE] Adapt `CreateTableAsSelect`
 plan to Spark 3.5 changes

### _Why are the changes needed?_

to fix
```
- columns lineage extract - CreateTableAsSelect *** FAILED ***
  java.util.NoSuchElementException: None.get
  at scala.None$.get(Option.scala:529)
  at scala.None$.get(Option.scala:527)
  at org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParserHelperSuite.extractLineage(SparkSQLLineageParserHelperSuite.scala:1452)
  at org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParserHelperSuite.$anonfun$new$24(SparkSQLLineageParserHelperSuite.scala:354)
  at org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParserHelperSuite.$anonfun$new$24$adapted(SparkSQLLineageParserHelperSuite.scala:353)
  at org.apache.spark.sql.SparkListenerExtensionTest.withTable(SparkListenerExtensionTest.scala:48)
  at org.apache.spark.sql.SparkListenerExtensionTest.withTable$(SparkListenerExtensionTest.scala:46)
  at org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParserHelperSuite.withTable(SparkSQLLineageParserHelperSuite.scala:34)
  at org.apache.kyuubi.plugin.lineage.helper.SparkSQLLineageParserHelperSuite.$anonfun$new$23(SparkSQLLineageParserHelperSuite.scala:353)
  at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
  ...
```

the method `CreateTableAsSelect#left` was removed since Spark 3.5, for more details, see https://github.com/apache/spark/pull/40734

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5257 from cfmcgrady/fix-SparkSQLLineageParserHelperSuite.

Closes #5257

aa5e730fc [Fu Chen] fix

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../plugin/lineage/helper/SparkSQLLineageParseHelper.scala      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
index 6beecba36..273111464 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/helper/SparkSQLLineageParseHelper.scala
@@ -251,7 +251,7 @@ trait LineageParser {
               invokeAs[Identifier](plan, "tableName").name(),
               invokeAs[Identifier](plan, "tableName").namespace().mkString("."),
               getField[CatalogPlugin](
-                invokeAs[LogicalPlan](plan, "left"),
+                invokeAs[LogicalPlan](plan, "name"),
                 "catalog").name())
           }
         extractColumnsLineage(getQuery(plan), parentColumnsLineage).map { case (k, v) =>

From 1a925d8c73a96f7853ac531599a2265807bf6450 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 6 Sep 2023 09:23:06 +0000
Subject: [PATCH 617/760] [KYUUBI #5253][FOLLOWUP] Supply
 testcontainers-scala-scalatest deps

### _Why are the changes needed?_

Recover CI.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5258 from pan3793/testcontainers.

Closes #5253

c1c8241af [Cheng Pan] fix
ce4f9ed2c [Cheng Pan] [KYUUBI #5253][FOLLOWUP] Supply testcontainers-scala-scalatest deps for ha module

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 externals/kyuubi-spark-sql-engine/pom.xml | 6 ++++++
 kyuubi-ha/pom.xml                         | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index 37d4f3238..c453bd283 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -159,6 +159,12 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>com.dimafeng</groupId>
+            <artifactId>testcontainers-scala-scalatest_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>io.etcd</groupId>
             <artifactId>jetcd-launcher</artifactId>
diff --git a/kyuubi-ha/pom.xml b/kyuubi-ha/pom.xml
index 33331d712..129f7a53d 100644
--- a/kyuubi-ha/pom.xml
+++ b/kyuubi-ha/pom.xml
@@ -89,6 +89,12 @@
             <artifactId>grpc-stub</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.dimafeng</groupId>
+            <artifactId>testcontainers-scala-scalatest_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>io.etcd</groupId>
             <artifactId>jetcd-launcher</artifactId>

From 5ec2c2ee3f5ebba2b2d2fe37fc606b483445f446 Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Thu, 7 Sep 2023 14:49:57 +0800
Subject: [PATCH 618/760] [KYUUBI #5118][DOC] Add Flink KDF doc

### _Why are the changes needed?_
Add Flink KDF doc to close the issue #5118

<img width="1094" alt="image" src="https://github.com/apache/kyuubi/assets/3898450/23cd886e-c94a-406b-81a2-eb2caf4c1775">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5233 from zhaohehuhu/Improvement-0901.

Closes #5118

fcd45b360 [hezhao2] code reformat
46bb9700c [hezhao2] Add Flink KDF doc

Authored-by: hezhao2 <hezhao2@cisco.com>
Signed-off-by: Shaoyun Chen <csy@apache.org>
---
 docs/extensions/engines/flink/functions.md | 30 ++++++++++++++++++++++
 docs/extensions/engines/flink/index.rst    |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 docs/extensions/engines/flink/functions.md

diff --git a/docs/extensions/engines/flink/functions.md b/docs/extensions/engines/flink/functions.md
new file mode 100644
index 000000000..1d047d078
--- /dev/null
+++ b/docs/extensions/engines/flink/functions.md
@@ -0,0 +1,30 @@
+<!--
+- Licensed to the Apache Software Foundation (ASF) under one or more
+- contributor license agreements.  See the NOTICE file distributed with
+- this work for additional information regarding copyright ownership.
+- The ASF licenses this file to You under the Apache License, Version 2.0
+- (the "License"); you may not use this file except in compliance with
+- the License.  You may obtain a copy of the License at
+-
+-   http://www.apache.org/licenses/LICENSE-2.0
+-
+- Unless required by applicable law or agreed to in writing, software
+- distributed under the License is distributed on an "AS IS" BASIS,
+- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- See the License for the specific language governing permissions and
+- limitations under the License.
+-->
+
+# Auxiliary SQL Functions
+
+Kyuubi provides several auxiliary SQL functions as supplement to
+Flink's [Built-in Functions](https://nightlies.apache.org/flink/flink-docs-release-1.17/docs/dev/table/functions/systemfunctions/)
+
+|        Name         |                         Description                         | Return Type | Since |
+|---------------------|-------------------------------------------------------------|-------------|-------|
+| kyuubi_version      | Return the version of Kyuubi Server                         | string      | 1.8.0 |
+| kyuubi_engine_name  | Return the application name for the associated query engine | string      | 1.8.0 |
+| kyuubi_engine_id    | Return the application id for the associated query engine   | string      | 1.8.0 |
+| kyuubi_system_user  | Return the system user name for the associated query engine | string      | 1.8.0 |
+| kyuubi_session_user | Return the session username for the associated query engine | string      | 1.8.0 |
+
diff --git a/docs/extensions/engines/flink/index.rst b/docs/extensions/engines/flink/index.rst
index 01bbecf92..58105b0fa 100644
--- a/docs/extensions/engines/flink/index.rst
+++ b/docs/extensions/engines/flink/index.rst
@@ -20,6 +20,7 @@ Extensions for Flink
     :maxdepth: 1
 
     ../../../connector/flink/index
+    functions
 
 .. warning::
    This page is still in-progress.

From 9ea0a1b35dd155a34f601a830c1ca5f76aaf3421 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Fri, 8 Sep 2023 10:52:32 +0800
Subject: [PATCH 619/760] [KYUUBI #5244][Improvement] Make
 engineAliveMaxFailCount configurable

### _Why are the changes needed?_

close #5244
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5251 from lsm1/branch-kyuubi-5244.

Closes #5244

bcadaa53a [senmiaoliu] rename
a6c92773d [senmiaoliu] fix style
1f38fa711 [senmiaoliu] fix style
3ff57ff8b [senmiaoliu] Make engineAliveMaxFailCount configurable

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Shaoyun Chen <csy@apache.org>
---
 docs/configuration/settings.md                       |  1 +
 .../scala/org/apache/kyuubi/config/KyuubiConf.scala  |  8 ++++++++
 .../apache/kyuubi/session/KyuubiSessionImpl.scala    | 12 ++++++------
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index d6d142548..add63544d 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -414,6 +414,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.session.conf.ignore.list                                               || A comma-separated list of ignored keys. If the client connection contains any of them, the key and the corresponding value will be removed silently during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                  | set      | 1.2.0 |
 | kyuubi.session.conf.profile                          | &lt;undefined&gt;       | Specify a profile to load session-level configurations from `$KYUUBI_CONF_DIR/kyuubi-session-<profile>.conf`. This configuration will be ignored if the file does not exist. This configuration only takes effect when `kyuubi.session.conf.advisor` is set as `org.apache.kyuubi.session.FileSessionConfAdvisor`.                                                                                                       | string   | 1.7.0 |
 | kyuubi.session.conf.restrict.list                                             || A comma-separated list of restricted keys. If the client connection contains any of them, the connection will be rejected explicitly during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                                 | set      | 1.2.0 |
+| kyuubi.session.engine.alive.max.failures             | 3                       | The maximum number of failures allowed for the engine.                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.8.0 |
 | kyuubi.session.engine.alive.probe.enabled            | false                   | Whether to enable the engine alive probe, it true, we will create a companion thrift client that keeps sending simple requests to check whether the engine is alive.                                                                                                                                                                                                                                                     | boolean  | 1.6.0 |
 | kyuubi.session.engine.alive.probe.interval           | PT10S                   | The interval for engine alive probe.                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.0 |
 | kyuubi.session.engine.alive.timeout                  | PT2M                    | The timeout for engine alive. If there is no alive probe success in the last timeout window, the engine will be marked as no-alive.                                                                                                                                                                                                                                                                                      | duration | 1.6.0 |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index bbbb73b95..61d97da9e 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1423,6 +1423,14 @@ object KyuubiConf {
     .timeConf
     .createWithDefault(Duration.ofSeconds(15).toMillis)
 
+  val ENGINE_ALIVE_MAX_FAILURES: ConfigEntry[Int] =
+    buildConf("kyuubi.session.engine.alive.max.failures")
+      .doc("The maximum number of failures allowed for the engine.")
+      .version("1.8.0")
+      .intConf
+      .checkValue(_ > 0, "Must be positive")
+      .createWithDefault(3)
+
   val ENGINE_ALIVE_PROBE_ENABLED: ConfigEntry[Boolean] =
     buildConf("kyuubi.session.engine.alive.probe.enabled")
       .doc("Whether to enable the engine alive probe, it true, we will create a companion thrift" +
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 67eb6c86e..6dd1810a8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -287,10 +287,10 @@ class KyuubiSessionImpl(
   }
 
   @volatile private var engineLastAlive: Long = _
-  val engineAliveTimeout = sessionConf.get(KyuubiConf.ENGINE_ALIVE_TIMEOUT)
-  val aliveProbeEnabled = sessionConf.get(KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED)
-  var engineAliveMaxFailCount = 3
-  var engineAliveFailCount = 0
+  private val engineAliveTimeout = sessionConf.get(KyuubiConf.ENGINE_ALIVE_TIMEOUT)
+  private val aliveProbeEnabled = sessionConf.get(KyuubiConf.ENGINE_ALIVE_PROBE_ENABLED)
+  private val engineAliveMaxFailCount = sessionConf.get(KyuubiConf.ENGINE_ALIVE_MAX_FAILURES)
+  private var engineAliveFailCount = 0
 
   def checkEngineConnectionAlive(): Boolean = {
     try {
@@ -306,7 +306,7 @@ class KyuubiSessionImpl(
         engineAliveFailCount = engineAliveFailCount + 1
         if (now - engineLastAlive > engineAliveTimeout &&
           engineAliveFailCount >= engineAliveMaxFailCount) {
-          error(s"The engineRef[${engine.getEngineRefId}] is marked as not alive "
+          error(s"The engineRef[${engine.getEngineRefId()}] is marked as not alive "
             + s"due to a lack of recent successful alive probes. "
             + s"The time since last successful probe: "
             + s"${now - engineLastAlive} ms exceeds the timeout of $engineAliveTimeout ms. "
@@ -315,7 +315,7 @@ class KyuubiSessionImpl(
           false
         } else {
           warn(
-            s"The engineRef[${engine.getEngineRefId}] alive probe fails, " +
+            s"The engineRef[${engine.getEngineRefId()}] alive probe fails, " +
               s"${now - engineLastAlive} ms exceeds timeout $engineAliveTimeout ms, " +
               s"and has failed $engineAliveFailCount times.",
             e)

From 2371cc62f3757e643766865f95f5a6f2b46b7cf8 Mon Sep 17 00:00:00 2001
From: Fantasy-Jay <13631435453@163.com>
Date: Fri, 8 Sep 2023 14:01:32 +0800
Subject: [PATCH 620/760] [KYUUBI #5216] Workaround for negative counter in
 SessionLimiter

### _Why are the changes needed?_

Fix: https://github.com/apache/kyuubi/issues/5216

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5217 from zhuyaogai/issue-5216.

Closes #5216

b8d2e1796 [Fantasy-Jay] Limit counter resource leak in SessionLimiter.
cda3702e5 [Fantasy-Jay] Limit counter resource leak in SessionLimiter.
36272d1b1 [Fantasy-Jay] fix test bug.
1e282d20f [Fantasy-Jay] Limit counter resource leak in SessionLimiter.
7fc389ff1 [Fantasy-Jay] Limit counter resource leak in SessionLimiter.

Authored-by: Fantasy-Jay <13631435453@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/session/SessionLimiter.scala       |  9 +---
 .../kyuubi/session/SessionLimiterSuite.scala  | 50 +++++++++++++++++++
 2 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
index c8112d532..8a1ebedf1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala
@@ -95,7 +95,8 @@ class SessionLimiterImpl(userLimit: Int, ipAddressLimit: Int, userIpAddressLimit
 
   private def decrLimitCount(key: String): Unit = {
     _counters.get(key) match {
-      case count: AtomicInteger => count.decrementAndGet()
+      case count: AtomicInteger =>
+        count.accumulateAndGet(1, (l, r) => if (l > 0) l - r else l)
       case _ =>
     }
   }
@@ -121,12 +122,6 @@ class SessionLimiterWithAccessControlListImpl(
     }
   }
 
-  override def decrement(userIpAddress: UserIpAddress): Unit = {
-    if (!unlimitedUsers.contains(userIpAddress.user)) {
-      super.decrement(userIpAddress)
-    }
-  }
-
   private[kyuubi] def setUnlimitedUsers(unlimitedUsers: Set[String]): Unit = {
     this.unlimitedUsers = unlimitedUsers
   }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala
index df75d15f2..775239f9b 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionLimiterSuite.scala
@@ -20,8 +20,10 @@ import java.util.concurrent.{CountDownLatch, Executors}
 import java.util.concurrent.atomic.LongAdder
 
 import scala.collection.JavaConverters._
+import scala.util.Random
 
 import org.apache.kyuubi.{KyuubiFunSuite, KyuubiSQLException}
+import org.apache.kyuubi.util.ThreadUtils
 
 class SessionLimiterSuite extends KyuubiFunSuite {
 
@@ -149,4 +151,52 @@ class SessionLimiterSuite extends KyuubiFunSuite {
     assert(caught.getMessage.equals(
       "Connection denied because the user is in the deny user list. (user: user002)"))
   }
+
+  test("test refresh unlimited users and deny users") {
+    val random: Random = new Random()
+    val latch = new CountDownLatch(600)
+    val userLimit = 100
+    val ipAddressLimit = 101
+    val userIpAddressLimit = 102
+    val limiter =
+      SessionLimiter(userLimit, ipAddressLimit, userIpAddressLimit, Set.empty, Set.empty)
+    val threadPool = ThreadUtils.newDaemonCachedThreadPool("test-refresh-config")
+
+    def checkUserLimit(userIpAddress: UserIpAddress): Unit = {
+      for (i <- 0 until 200) {
+        threadPool.execute(() => {
+          try {
+            Thread.sleep(random.nextInt(200))
+            limiter.increment(userIpAddress)
+          } catch {
+            case _: Throwable =>
+          } finally {
+            Thread.sleep(random.nextInt(500))
+            // finally call limiter#decrement method.
+            limiter.decrement(userIpAddress)
+            latch.countDown()
+          }
+        })
+      }
+    }
+
+    checkUserLimit(UserIpAddress("user001", "127.0.0.1"))
+    checkUserLimit(UserIpAddress("user002", "127.0.0.2"))
+    checkUserLimit(UserIpAddress("user003", "127.0.0.3"))
+
+    Thread.sleep(100)
+    // set unlimited users and deny users
+    SessionLimiter.resetUnlimitedUsers(limiter, Set("user001"))
+    SessionLimiter.resetDenyUsers(limiter, Set("user002"))
+
+    Thread.sleep(300)
+    // unset unlimited users and deny users
+    SessionLimiter.resetUnlimitedUsers(limiter, Set.empty)
+    SessionLimiter.resetDenyUsers(limiter, Set.empty)
+
+    latch.await()
+    threadPool.shutdown()
+    limiter.asInstanceOf[SessionLimiterImpl].counters().asScala.values
+      .foreach(c => assert(c.get() == 0))
+  }
 }

From 1f0901b5de065348cac9fa1f7163efd162e2ce53 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Sat, 9 Sep 2023 01:01:03 +0800
Subject: [PATCH 621/760] [KYUUBI #5265] [DOCS][FLINK] Add notice about
 Jobmanager HA to Flink deployment docs

### _Why are the changes needed?_
As titled.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5265 from link3280/docs_jm_ha.

Closes #5265

947854a5a [Paul Lin] Improve language
f7ea8dc51 [Paul Lin] Improve language
c40b94bf1 [Paul Lin] Add notice about Jobmanager HA to Flink deployment docs

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Paul Lin <paullin3280@gmail.com>
---
 docs/deployment/engine_on_yarn.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/deployment/engine_on_yarn.md b/docs/deployment/engine_on_yarn.md
index 66177bb0f..1025418d9 100644
--- a/docs/deployment/engine_on_yarn.md
+++ b/docs/deployment/engine_on_yarn.md
@@ -154,7 +154,7 @@ The related Flink configurations are listed below (see more details at [Flink Co
 | yarn.appmaster.vcores          | 1       | The number of virtual cores (vcores) used by the JobManager (YARN application master). |
 | jobmanager.memory.process.size | (none)  | Total size of the memory of the JobManager process.                                    |
 
-```bash
+Note that Flink application mode doesn't support HA for multiple jobs as for now, this also applies to Kyuubi's Flink SQL engine. If JobManager fails and restarts, the submitted jobs would not be recovered and should be re-submitted.
 
 #### Environment
 

From 93021109db4bdb6dc6db9464319b13250a792de9 Mon Sep 17 00:00:00 2001
From: Paul Lin <paullin3280@gmail.com>
Date: Sat, 9 Sep 2023 14:09:07 +0800
Subject: [PATCH 622/760] [KYUUBI #5264] [FLINK] Force disable Flink's session
 timeout

### _Why are the changes needed?_
Flink sessions are now managed by Kyuubi, hence disable session timeout from Flink itself.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5264 from link3280/disable_flink_session_timeout.

Closes #5264

fff5c54d7 [Paul Lin] Force disable Flink's session timeout

Authored-by: Paul Lin <paullin3280@gmail.com>
Signed-off-by: Paul Lin <paullin3280@gmail.com>
---
 .../org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
index 7e4f31f8a..8838799bc 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkSQLEngine.scala
@@ -19,12 +19,14 @@ package org.apache.kyuubi.engine.flink
 
 import java.io.File
 import java.nio.file.Paths
+import java.time.Duration
 import java.util.concurrent.CountDownLatch
 
 import scala.collection.JavaConverters._
 
 import org.apache.flink.configuration.{Configuration, DeploymentOptions, GlobalConfiguration, PipelineOptions}
 import org.apache.flink.table.api.TableEnvironment
+import org.apache.flink.table.gateway.api.config.SqlGatewayServiceConfigOptions
 import org.apache.flink.table.gateway.service.context.DefaultContext
 
 import org.apache.kyuubi.{Logging, Utils}
@@ -146,6 +148,11 @@ object FlinkSQLEngine extends Logging {
     kyuubiConf.getOption(KYUUBI_SESSION_USER_KEY)
       .foreach(flinkConf.setString(KYUUBI_SESSION_USER_KEY, _))
 
+    // force disable Flink's session timeout
+    flinkConf.set(
+      SqlGatewayServiceConfigOptions.SQL_GATEWAY_SESSION_IDLE_TIMEOUT,
+      Duration.ofMillis(0))
+
     executionTarget match {
       case "yarn-per-job" | "yarn-application" =>
         if (flinkConf.containsKey("high-availability.cluster-id")) {

From 1a69772356f9eccc25d31aa51d4c9b7c6adafe44 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Mon, 11 Sep 2023 15:16:19 +0800
Subject: [PATCH 623/760] [KYUUBI #5268] [AUTHZ] [TEST] Extract method for
 enabling authorization in single call mode

### _Why are the changes needed?_

- improvements for testing by extracting method for enabling authorization in single call mode

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5268 from bowenliang123/authz-withsingle.

Closes #5268

fe6b9d501 [Bowen Liang] extract withSingleCallEnabled method

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 ...bergCatalogRangerSparkExtensionSuite.scala |  9 +------
 .../ranger/RangerSparkExtensionSuite.scala    | 26 ++++++++++++-------
 ...ableCatalogRangerSparkExtensionSuite.scala |  9 +------
 3 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index 958686c25..b22a812fd 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -103,10 +103,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1/id]"))
 
-    try {
-      SparkRangerAdminPlugin.getRangerConf.setBoolean(
-        s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
-        true)
+    withSingleCallEnabled {
       val e2 = intercept[AccessControlException](
         doAs(
           someone,
@@ -115,10 +112,6 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
         s" [select] privilege" +
         s" on [$namespace1/$table1/id,$namespace1/table1/name,$namespace1/$table1/city]," +
         s" [update] privilege on [$namespace1/$outputTable1]"))
-    } finally {
-      SparkRangerAdminPlugin.getRangerConf.setBoolean(
-        s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
-        false)
     }
 
     doAs(admin, sql(mergeIntoSql))
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index c32b63a2f..0c307195c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -36,7 +36,6 @@ import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
-
 abstract class RangerSparkExtensionSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll {
   // scalastyle:on
@@ -90,6 +89,21 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
     }
   }
 
+  /**
+   * Enables authorizing in single call mode,
+   * and disables authorizing in single call mode after calling `f`
+   */
+  protected def withSingleCallEnabled(f: => Unit): Unit = {
+    val singleCallConfig =
+      s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call"
+    try {
+      SparkRangerAdminPlugin.getRangerConf.setBoolean(singleCallConfig, true)
+      f
+    } finally {
+      SparkRangerAdminPlugin.getRangerConf.setBoolean(singleCallConfig, false)
+    }
+  }
+
   test("[KYUUBI #3226] RuleAuthorization: Should check privileges once only.") {
     val logicalPlan = doAs(admin, sql("SHOW TABLES").queryExecution.logical)
     val rule = new RuleAuthorization(spark)
@@ -628,10 +642,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       val e1 = intercept[AccessControlException](doAs(someone, sql(insertSql1)))
       assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$srcTable1/id]"))
 
-      try {
-        SparkRangerAdminPlugin.getRangerConf.setBoolean(
-          s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
-          true)
+      withSingleCallEnabled {
         val e2 = intercept[AccessControlException](doAs(someone, sql(insertSql1)))
         assert(e2.getMessage.contains(s"does not have" +
           s" [select] privilege on" +
@@ -639,11 +650,6 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
           s"$db1/$srcTable2/age,$db1/$srcTable2/id]," +
           s" [update] privilege on [$db1/$sinkTable1/id,$db1/$sinkTable1/age," +
           s"$db1/$sinkTable1/name,$db1/$sinkTable1/city]"))
-      } finally {
-        // revert to default value
-        SparkRangerAdminPlugin.getRangerConf.setBoolean(
-          s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
-          false)
       }
     }
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 31d616b15..5c27a470f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -205,10 +205,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1/id]"))
 
-    try {
-      SparkRangerAdminPlugin.getRangerConf.setBoolean(
-        s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
-        true)
+    withSingleCallEnabled {
       val e2 = intercept[AccessControlException](
         doAs(
           someone,
@@ -217,10 +214,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
         s" [select] privilege" +
         s" on [$namespace1/$table1/id,$namespace1/table1/name,$namespace1/$table1/city]," +
         s" [update] privilege on [$namespace1/$outputTable1]"))
-    } finally {
-      SparkRangerAdminPlugin.getRangerConf.setBoolean(
-        s"ranger.plugin.${SparkRangerAdminPlugin.getServiceType}.authorize.in.single.call",
-        false)
     }
   }
 

From 8c5fadf6d013baa359feaae228e83bf5b66b4e61 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 11 Sep 2023 11:13:05 +0000
Subject: [PATCH 624/760] [KYUUBI #5266] Upgrade playground to Kyuubi 1.7.1

### _Why are the changes needed?_

Upgrade to latest Kyuubi in playground.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

  Successfully published docker image via `BUILDX=1 docker/playground/build-image.sh`

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5266 from pan3793/playground-171.

Closes #5266

17015e4d9 [Cheng Pan] remove iceberg catalog
a060f7067 [Cheng Pan] spark 3.3.3
c3176049b [Cheng Pan] fix
b11d0bb0f [Cheng Pan] nit
dc6a2b905 [Cheng Pan] Upgrade playground to Kyuubi 1.7.1

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docker/playground/.env                               | 12 ++++++------
 docker/playground/compose.yml                        |  2 +-
 docker/playground/conf/kyuubi-defaults.conf          |  2 +-
 docker/playground/conf/spark-defaults.conf           |  4 ----
 .../image/kyuubi-playground-base.Dockerfile          |  2 +-
 5 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/docker/playground/.env b/docker/playground/.env
index ea2145511..bb666e1e4 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -15,16 +15,16 @@
 # limitations under the License.
 #
 
-AWS_JAVA_SDK_VERSION=1.12.316
-HADOOP_VERSION=3.3.5
+AWS_JAVA_SDK_VERSION=1.12.367
+HADOOP_VERSION=3.3.6
 HIVE_VERSION=2.3.9
-ICEBERG_VERSION=1.2.0
-KYUUBI_VERSION=1.7.0
-KYUUBI_HADOOP_VERSION=3.3.4
+ICEBERG_VERSION=1.3.1
+KYUUBI_VERSION=1.7.1
+KYUUBI_HADOOP_VERSION=3.3.5
 POSTGRES_VERSION=12
 POSTGRES_JDBC_VERSION=42.3.4
 SCALA_BINARY_VERSION=2.12
-SPARK_VERSION=3.3.2
+SPARK_VERSION=3.3.3
 SPARK_BINARY_VERSION=3.3
 SPARK_HADOOP_VERSION=3.3.2
 ZOOKEEPER_VERSION=3.6.3
diff --git a/docker/playground/compose.yml b/docker/playground/compose.yml
index b0d2b1ea8..362b3505b 100644
--- a/docker/playground/compose.yml
+++ b/docker/playground/compose.yml
@@ -21,7 +21,7 @@ services:
     environment:
       MINIO_ROOT_USER: minio
       MINIO_ROOT_PASSWORD: minio_minio
-      MINIO_DEFAULT_BUCKETS: spark-bucket,iceberg-bucket
+      MINIO_DEFAULT_BUCKETS: spark-bucket
     container_name: minio
     hostname: minio
     ports:
diff --git a/docker/playground/conf/kyuubi-defaults.conf b/docker/playground/conf/kyuubi-defaults.conf
index 15b3fbf6e..e4a674634 100644
--- a/docker/playground/conf/kyuubi-defaults.conf
+++ b/docker/playground/conf/kyuubi-defaults.conf
@@ -30,4 +30,4 @@ kyuubi.operation.progress.enabled=true
 kyuubi.engine.session.initialize.sql \
       show namespaces in tpcds; \
       show namespaces in tpch; \
-      show namespaces in postgres;
+      show namespaces in postgres
diff --git a/docker/playground/conf/spark-defaults.conf b/docker/playground/conf/spark-defaults.conf
index 9d1d4a602..7983b5e70 100644
--- a/docker/playground/conf/spark-defaults.conf
+++ b/docker/playground/conf/spark-defaults.conf
@@ -38,7 +38,3 @@ spark.sql.catalog.postgres.url=jdbc:postgresql://postgres:5432/metastore
 spark.sql.catalog.postgres.driver=org.postgresql.Driver
 spark.sql.catalog.postgres.user=postgres
 spark.sql.catalog.postgres.password=postgres
-
-spark.sql.catalog.iceberg=org.apache.iceberg.spark.SparkCatalog
-spark.sql.catalog.iceberg.type=hadoop
-spark.sql.catalog.iceberg.warehouse=s3a://iceberg-bucket/iceberg-warehouse
diff --git a/docker/playground/image/kyuubi-playground-base.Dockerfile b/docker/playground/image/kyuubi-playground-base.Dockerfile
index 6ee4ed405..e8375eb68 100644
--- a/docker/playground/image/kyuubi-playground-base.Dockerfile
+++ b/docker/playground/image/kyuubi-playground-base.Dockerfile
@@ -20,4 +20,4 @@ RUN set -x && \
     mkdir /opt/busybox && \
     busybox --install /opt/busybox
 
-ENV PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/busybox
+ENV PATH=${PATH}:/opt/busybox

From 60b7e8fb9a5824d3b1a3899f9a6785dd1d1d2ee1 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Mon, 11 Sep 2023 11:23:31 +0000
Subject: [PATCH 625/760] [KYUUBI #5259][UI] Web UI supports Swagger pages

### _Why are the changes needed?_

As title, add swagger ui into new kyuubi web ui.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5263 from zwangsheng/KYUUBI#5259.

Closes #5259

34c87797c [zwangsheng] keep static swagger ui in kyuubi server
2efbae03f [zwangsheng] fix license
21c8cae6e [zwangsheng] remove dup dependence and add swagger ui into notive
c1bedcbe1 [Cheng Pan] Update kyuubi-server/web-ui/src/views/swagger/index.vue
182042009 [Fu Chen] Update kyuubi-server/web-ui/src/views/swagger/index.vue
05c3b87c4 [zwangsheng] fix style
fc05bb82f [zwangsheng] Add License header
e56252036 [zwangsheng] Try
9c968005b [zwangsheng] Init swagger page

Lead-authored-by: zwangsheng <binjieyang@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 LICENSE-binary                                |  2 +
 kyuubi-server/web-ui/package-lock.json        | 24 ++++++++++
 kyuubi-server/web-ui/package.json             |  2 +
 kyuubi-server/web-ui/pnpm-lock.yaml           | 14 ++++++
 kyuubi-server/web-ui/src/router/index.ts      |  2 +
 .../web-ui/src/router/swagger/index.ts        | 26 +++++++++++
 .../views/layout/components/aside/types.ts    |  5 +++
 .../web-ui/src/views/swagger/index.vue        | 45 +++++++++++++++++++
 8 files changed, 120 insertions(+)
 create mode 100644 kyuubi-server/web-ui/src/router/swagger/index.ts
 create mode 100644 kyuubi-server/web-ui/src/views/swagger/index.vue

diff --git a/LICENSE-binary b/LICENSE-binary
index d51e52d43..4cad931d7 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -377,6 +377,8 @@ is auto-generated by `pnpm licenses list --prod`.
 ┌────────────────────────────────────┬──────────────┐
 │ Package                            │ License      │
 ├────────────────────────────────────┼──────────────┤
+│ swagger-ui-dist                    │ Apache-2.0   │
+├────────────────────────────────────┼──────────────┤
 │ typescript                         │ Apache-2.0   │
 ├────────────────────────────────────┼──────────────┤
 │ normalize-wheel-es                 │ BSD-3-Clause │
diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index ed042d6da..6d8da8b23 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -14,6 +14,7 @@
         "element-plus": "^2.2.12",
         "pinia": "^2.0.18",
         "pinia-plugin-persistedstate": "^2.1.1",
+        "swagger-ui-dist": "^5.6.2",
         "vue": "^3.2.37",
         "vue-i18n": "^9.2.2",
         "vue-router": "^4.1.3"
@@ -21,6 +22,7 @@
       "devDependencies": {
         "@iconify-json/ep": "^1.1.6",
         "@types/node": "^18.7.1",
+        "@types/swagger-ui-dist": "^3.30.1",
         "@typescript-eslint/eslint-plugin": "^5.33.0",
         "@typescript-eslint/parser": "^5.33.0",
         "@vitejs/plugin-vue": "^4.2.3",
@@ -741,6 +743,12 @@
       "integrity": "sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A==",
       "dev": true
     },
+    "node_modules/@types/swagger-ui-dist": {
+      "version": "3.30.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-dist/-/swagger-ui-dist-3.30.1.tgz",
+      "integrity": "sha512-wWojDensMF33dSrhak4iWSPOsWBbvf+rSJ6VWQ7ohQbGdKAiT2IwUexrDZkMvf3+vVAPVnNFDRDtxADFszbh+Q==",
+      "dev": true
+    },
     "node_modules/@types/web-bluetooth": {
       "version": "0.0.14",
       "resolved": "https://registry.npmjs.org/@types/web-bluetooth/-/web-bluetooth-0.0.14.tgz",
@@ -3865,6 +3873,11 @@
         "node": ">=8"
       }
     },
+    "node_modules/swagger-ui-dist": {
+      "version": "5.6.2",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.6.2.tgz",
+      "integrity": "sha512-2LKVuU2m6RHkemJloKiKJOTpN2RPmbsiad0OfSdtmFHOXJKAgYRZMwJcpT96RX6E9HUB5RkVOFC6vWqVjRgSOg=="
+    },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
@@ -4959,6 +4972,12 @@
       "integrity": "sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A==",
       "dev": true
     },
+    "@types/swagger-ui-dist": {
+      "version": "3.30.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-dist/-/swagger-ui-dist-3.30.1.tgz",
+      "integrity": "sha512-wWojDensMF33dSrhak4iWSPOsWBbvf+rSJ6VWQ7ohQbGdKAiT2IwUexrDZkMvf3+vVAPVnNFDRDtxADFszbh+Q==",
+      "dev": true
+    },
     "@types/web-bluetooth": {
       "version": "0.0.14",
       "resolved": "https://registry.npmjs.org/@types/web-bluetooth/-/web-bluetooth-0.0.14.tgz",
@@ -7203,6 +7222,11 @@
         "has-flag": "^4.0.0"
       }
     },
+    "swagger-ui-dist": {
+      "version": "5.6.2",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.6.2.tgz",
+      "integrity": "sha512-2LKVuU2m6RHkemJloKiKJOTpN2RPmbsiad0OfSdtmFHOXJKAgYRZMwJcpT96RX6E9HUB5RkVOFC6vWqVjRgSOg=="
+    },
     "symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index ad2e00c3b..b1f5d88fd 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -21,6 +21,7 @@
     "element-plus": "^2.2.12",
     "pinia": "^2.0.18",
     "pinia-plugin-persistedstate": "^2.1.1",
+    "swagger-ui-dist": "^4.9.1",
     "vue": "^3.2.37",
     "vue-i18n": "^9.2.2",
     "vue-router": "^4.1.3"
@@ -28,6 +29,7 @@
   "devDependencies": {
     "@iconify-json/ep": "^1.1.6",
     "@types/node": "^18.7.1",
+    "@types/swagger-ui-dist": "^3.30.1",
     "@typescript-eslint/eslint-plugin": "^5.33.0",
     "@typescript-eslint/parser": "^5.33.0",
     "@vitejs/plugin-vue": "^4.2.3",
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 920182f01..83754291b 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -23,6 +23,9 @@ dependencies:
   pinia-plugin-persistedstate:
     specifier: ^2.1.1
     version: 2.1.1(pinia@2.0.18)
+  swagger-ui-dist:
+    specifier: ^4.9.1
+    version: 4.19.1
   vue:
     specifier: ^3.2.37
     version: 3.2.37
@@ -40,6 +43,9 @@ devDependencies:
   '@types/node':
     specifier: ^18.7.1
     version: 18.7.6
+  '@types/swagger-ui-dist':
+    specifier: ^3.30.1
+    version: 3.30.1
   '@typescript-eslint/eslint-plugin':
     specifier: ^5.33.0
     version: 5.33.1(@typescript-eslint/parser@5.33.1)(eslint@8.22.0)(typescript@4.7.4)
@@ -531,6 +537,10 @@ packages:
     resolution: {integrity: sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A==}
     dev: true
 
+  /@types/swagger-ui-dist@3.30.1:
+    resolution: {integrity: sha512-wWojDensMF33dSrhak4iWSPOsWBbvf+rSJ6VWQ7ohQbGdKAiT2IwUexrDZkMvf3+vVAPVnNFDRDtxADFszbh+Q==}
+    dev: true
+
   /@types/web-bluetooth@0.0.14:
     resolution: {integrity: sha512-5d2RhCard1nQUC3aHcq/gHzWYO6K0WJmAbjO7mQJgCQKtZpgXxv1rOM6O/dBDhDYYVutk1sciOgNSe+5YyfM8A==}
     dev: false
@@ -2466,6 +2476,10 @@ packages:
     engines: {node: '>= 0.4'}
     dev: true
 
+  /swagger-ui-dist@4.19.1:
+    resolution: {integrity: sha512-n/gFn+R7G/BXWwl5UZLw6F1YgWOlf3zkwGlsPhTMhNtAAolBGKg0JS5b2RKt5NI6/hSopVaSrki2wTIMUDDy2w==}
+    dev: false
+
   /symbol-tree@3.2.4:
     resolution: {integrity: sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==}
     dev: true
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 0b80aea17..797350bf2 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -22,6 +22,7 @@ import operationRoutes from './operation'
 import contactRoutes from './contact'
 import managementRoutes from './management'
 import detailRoutes from './detail'
+import swaggerRoutes from './swagger'
 
 const routes = [
   {
@@ -42,6 +43,7 @@ const routes = [
       ...operationRoutes,
       ...managementRoutes,
       ...detailRoutes,
+      ...swaggerRoutes,
       ...contactRoutes
     ]
   }
diff --git a/kyuubi-server/web-ui/src/router/swagger/index.ts b/kyuubi-server/web-ui/src/router/swagger/index.ts
new file mode 100644
index 000000000..a2b5fa306
--- /dev/null
+++ b/kyuubi-server/web-ui/src/router/swagger/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const routes = [
+  {
+    path: '/swagger',
+    name: 'swagger',
+    component: () => import('@/views/swagger/index.vue')
+  }
+]
+
+export default routes
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
index 697ee40cf..728ee326d 100644
--- a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
@@ -85,6 +85,11 @@ export const MENUS = [
       }
     ]
   },
+  {
+    label: 'Swagger',
+    icon: 'List',
+    router: '/swagger'
+  },
   {
     label: 'Contact Us',
     icon: 'PhoneFilled',
diff --git a/kyuubi-server/web-ui/src/views/swagger/index.vue b/kyuubi-server/web-ui/src/views/swagger/index.vue
new file mode 100644
index 000000000..7f8fb7f99
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/swagger/index.vue
@@ -0,0 +1,45 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<template>
+  <main>
+    Swagger
+    <div id="swagger-ui" class="swagger-ui"> </div>
+  </main>
+</template>
+<script lang="ts">
+  import 'swagger-ui-dist/swagger-ui.css'
+  import { SwaggerUIBundle, SwaggerUIStandalonePreset } from 'swagger-ui-dist'
+
+  export default {
+    name: 'ImportSwagger',
+    data() {
+      return {}
+    },
+    created() {},
+    mounted() {
+      SwaggerUIBundle({
+        url: '/api/openapi.json',
+        dom_id: '#swagger-ui',
+        presets: [SwaggerUIBundle.presets.apis, SwaggerUIStandalonePreset],
+        layout: 'StandaloneLayout'
+      })
+    }
+  }
+</script>
+<style scoped></style>

From 55feb2b58c05912cc5158c8677ed48b2a0f7bf68 Mon Sep 17 00:00:00 2001
From: Hanna Liashchuk <g.liashchuk@temabit.com>
Date: Mon, 11 Sep 2023 11:46:18 +0000
Subject: [PATCH 626/760] [KYUUBI #5227] [DOCS] Added deploy mode info

### _Why are the changes needed?_

<img width="1080" alt="image" src="https://github.com/apache/kyuubi/assets/3898450/cc118574-c752-449a-9b20-04d2cc59b118">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5227 from hanna-liashchuk/patch-2.

Closes #5227

baf391ba9 [Hanna Liashchuk]  fix DOC style
e46dfddc3 [Cheng Pan] Update docs/deployment/engine_on_kubernetes.md
0746a350a [hanna-liashchuk] upd
233bba00b [hanna-liashchuk] Added deploy mode info

Lead-authored-by: Hanna Liashchuk <g.liashchuk@temabit.com>
Co-authored-by: hanna-liashchuk <47921651+hanna-liashchuk@users.noreply.github.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/deployment/engine_on_kubernetes.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/deployment/engine_on_kubernetes.md b/docs/deployment/engine_on_kubernetes.md
index 44fca1602..a8f7c6ca0 100644
--- a/docs/deployment/engine_on_kubernetes.md
+++ b/docs/deployment/engine_on_kubernetes.md
@@ -36,6 +36,17 @@ Spark on Kubernetes config master by using a special format.
 
 You can use cmd `kubectl cluster-info` to get api-server host and port.
 
+### Deploy Mode
+
+One of the main advantages of the Kyuubi server compared to other interactive Spark clients is that it supports cluster deploy mode.
+It is highly recommended to run Spark in k8s in cluster mode.
+
+The minimum required configurations are:
+
+* spark.submit.deployMode (cluster)
+* spark.kubernetes.file.upload.path (path on s3 or hdfs)
+* spark.kubernetes.authenticate.driver.serviceAccountName ([viz ServiceAccount](#serviceaccount))
+
 ### Docker Image
 
 Spark ships a `./bin/docker-image-tool.sh` script to build and publish the Docker images for running Spark applications on Kubernetes.

From e27ed443850ba338c7d344ac502b0d4e557b3683 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 12 Sep 2023 10:49:59 +0800
Subject: [PATCH 627/760] [KYUUBI #5273] Update release docs

### _Why are the changes needed?_

As title

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5273 from pan3793/doc-release.

Closes #5273

c4f96c69f [Cheng Pan] 1
2266af358 [Cheng Pan] nit
1d52c1a86 [Cheng Pan] Bump version for web-ui and update release docs

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/community/release.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/community/release.md b/docs/community/release.md
index 8252669c0..f2c8541b1 100644
--- a/docs/community/release.md
+++ b/docs/community/release.md
@@ -191,6 +191,7 @@ The tag pattern is `v${RELEASE_VERSION}-rc${RELEASE_RC_NO}`, e.g. `v1.7.0-rc0`
 ```shell
 # Bump to the release version
 build/mvn versions:set -DgenerateBackupPoms=false -DnewVersion="${RELEASE_VERSION}"
+(cd kyuubi-server/web-ui && npm version "${RELEASE_VERSION}")
 git commit -am "[RELEASE] Bump ${RELEASE_VERSION}"
 
 # Create tag
@@ -198,6 +199,7 @@ git tag v${RELEASE_VERSION}-rc${RELEASE_RC_NO}
 
 # Prepare for the next development version
 build/mvn versions:set -DgenerateBackupPoms=false -DnewVersion="${NEXT_VERSION}-SNAPSHOT"
+(cd kyuubi-server/web-ui && npm version "${NEXT_VERSION}-SNAPSHOT")
 git commit -am "[RELEASE] Bump ${NEXT_VERSION}-SNAPSHOT"
 
 # Push branch to apache remote repo
@@ -299,6 +301,9 @@ svn delete https://dist.apache.org/repos/dist/dev/kyuubi/{RELEASE_TAG} \
   --message "Remove deprecated Apache Kyuubi ${RELEASE_TAG}" 
 ```
 
-## Publish docker image
+## Keep other artifacts up-to-date
+
+- Docker Image: https://github.com/apache/kyuubi-docker/blob/master/release/release_guide.md
+- Helm Charts: https://github.com/apache/kyuubi/blob/master/charts/kyuubi/Chart.yaml
+- Playground: https://github.com/apache/kyuubi/blob/master/docker/playground/.env
 
-See steps in `https://github.com/apache/kyuubi-docker/blob/master/release/release_guide.md`

From ef10d69f1b2218ac80b5cb9dbb682233510e1a86 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 12 Sep 2023 10:50:56 +0800
Subject: [PATCH 628/760] [KYUUBI #5274] Bump web-ui version to 1.9.0-SNAPSHOT

### _Why are the changes needed?_

Previous [version bumping](6061a05f2469a39b6b9e4c39488104362cdd2494) missed web-ui, see details #5273

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5274 from pan3793/web-ui-version.

Closes #5274

2c12dbd6e [Cheng Pan] Bump web-ui version to 1.9.0-SNAPSHOT

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/package-lock.json | 4 ++--
 kyuubi-server/web-ui/package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index 6d8da8b23..352560cd7 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "kyuubi-ui",
-  "version": "1.8.0-SNAPSHOT",
+  "version": "1.9.0-SNAPSHOT",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "kyuubi-ui",
-      "version": "1.8.0-SNAPSHOT",
+      "version": "1.9.0-SNAPSHOT",
       "dependencies": {
         "@element-plus/icons-vue": "^2.0.9",
         "axios": "^0.27.2",
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index b1f5d88fd..f31b836dc 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -1,7 +1,7 @@
 {
   "name": "kyuubi-ui",
   "private": true,
-  "version": "1.8.0-SNAPSHOT",
+  "version": "1.9.0-SNAPSHOT",
   "type": "module",
   "scripts": {
     "dev": "vue-tsc --noEmit && vite --port 9090",

From f967f2f8bff5fe18a9fc60f7306b4fb0e4bb1649 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 12 Sep 2023 13:48:54 +0800
Subject: [PATCH 629/760] [KYUUBI #5269][Bug] Dupllicated AnalyzesTablesCommand
 in kyuubi authz

### _Why are the changes needed?_

To close #5269 .

1.  AnalyzesTablesCommand in table_command_spec  is duplicated and won't be processed
2. The extractor desc of AnalyzesTablesCommand in table_command_spec is wrong

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5270 from AngersZhuuuu/KYUUBI-5269.

Closes #5269

75efc1adb [Angerszhuuuu] Update TableCommands.scala
75a6fa223 [Angerszhuuuu] Update table_command_spec.json

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../src/main/resources/table_command_spec.json     | 14 --------------
 .../plugin/spark/authz/gen/TableCommands.scala     |  2 --
 2 files changed, 16 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index a9f2ec06e..0025fae75 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -908,20 +908,6 @@
   } ],
   "opType" : "ANALYZE_TABLE",
   "queryDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.execution.command.AnalyzeTablesCommand",
-  "tableDescs" : [ {
-    "fieldName" : "tableIdent",
-    "fieldExtractor" : "TableIdentifierTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : null,
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : true,
-    "setCurrentDatabaseIfMissing" : false
-  } ],
-  "opType" : "ANALYZE_TABLE",
-  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CacheTableCommand",
   "tableDescs" : [ ],
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index b08169d39..f3754e4b9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -607,8 +607,6 @@ object TableCommands {
     AnalyzeColumn,
     AnalyzePartition,
     AnalyzeTable,
-    AnalyzeTable.copy(classname =
-      "org.apache.spark.sql.execution.command.AnalyzeTablesCommand"),
     AppendDataV2,
     CacheTable,
     CacheTableAsSelect,

From 724ae93989e7e64f858b5c621ef28e9b17e45f99 Mon Sep 17 00:00:00 2001
From: yabola <chenlianglu@tencent.com>
Date: Wed, 13 Sep 2023 14:35:00 +0800
Subject: [PATCH 630/760] [KYUUBI #5248] [AUTHZ] Check previleges for Iceberg's
 CALL to RewriteDataFilesProcedure procedure

### _Why are the changes needed?_

Before this PR, Kyuubi skips authentication for the call command in iceberg. After this PR, it needs `alter` permission to use this command.
This PR supports checking iceberg call rewrite_data_files command:
- CALL ice.system.rewrite_data_files(table => 'ice.lcl.test_ice', options => map('min-input-files','2'))
- some other call statements in iceberg ( https://iceberg.apache.org/docs/latest/spark-procedures ) may be supported but needs to be further determined. The next phase is planned to support all commands as documented.

When the `rewrite_data_files` command is called, there are two situations:
1. When the triggering conditions are not be met(such as input-files < min-input-files) , there is only one logical plan.  We  need to check one logical plan permission:
```
        * == Physical Plan 1 ==
       * Call (1)
```
2. When the triggering  conditions are met, two logical plan will be triggered. We should check two logical plans permission.
```
       * == Physical Plan 1 ==
       * Call (1)
       *
       * == Physical Plan 2 ==
       * AppendData (3)
       * +- * ColumnarToRow (2)
       * +- BatchScan local.iceberg_ns.call_command_table (1)
```

The second plan (`AppendData`) is a bit special,  causing us to have to modify the logic of extracting table names in `DataSourceV2RelationTableExtractor`. The `DataSourceV2Relation#identifier` in `AppendData` will be rewrite task id, so it is a more appropriate way to parse the table name from `DataSourceV2Relation#table`
<img width="1318" alt="image" src="https://github.com/apache/kyuubi/assets/31469905/efc815cb-8dfe-4a9f-8e24-d62883ef6eff">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?
No.

Closes #5248 from yabola/master.

Closes #5248

f3a2d736e [liangbowen] initDataFilesCount
6c0da35f7 [Bowen Liang] skip input checks
4a5ab6da4 [Bowen Liang] comment
850100b6b [Bowen Liang] update
c3158d25a [Bowen Liang] change operation type to ALTERTABLE_PROPERTIES
8d5c8b1f8 [Bowen Liang] rewriteDataFiles2
2d79e1730 [Bowen Liang] nit
36f1d9d60 [chenliang.lu] update description for ut
bd99e0dfa [chenliang.lu] update description for ut
a95e1bb4f [Bowen Liang] nit
7a0089907 [Bowen Liang] nit
06566815b [Bowen Liang] revert opType
1dd211b59 [Bowen Liang] withSingleCallEnabled
657c9dcd3 [Bowen Liang] Merge branch 'master' into yabola/master
cc7dda1f7 [Bowen Liang] update policy
aecfd50cf [Bowen Liang] update table_spec
66ddd89b1 [Bowen Liang] update
b1e12789f [Bowen Liang] remove defaultBob
b8f4fabaf [Bowen Liang] change operation type
465fa48a2 [Bowen Liang] change ut to iceberg namespace
0cfe285ea [Bowen Liang] comment
2b835c943 [Bowen Liang] remove implicit casting in StringTableExtractor
280ad029b [Bowen Liang] removed snapshotCommand tests
83be1d0fd [Bowen Liang] removed snapshotCommand tests
49bd8e14c [Bowen Liang] assertion on all required checks
d65915eb9 [Bowen Liang] separate cases
7513e055f [chenliang.lu] update ut
2ac0e1141 [chenliang.lu] add more ut
31a85a9a2 [Bowen Liang] rename ut
a9773de2f [Bowen Liang] introduce TableTableExtractor
da23d838f [Bowen Liang] input table
45129bc3f [Bowen Liang] update
adbe7535b [Bowen Liang] interceptContains
f24e07d9a [Bowen Liang] update table_command_spec.json
8a71a3c17 [Bowen Liang] rename to CallProcedure
5c0fd5689 [Bowen Liang] rename uts
c0c03176e [Bowen Liang] remove blanks
da55dc597 [Bowen Liang] fix imports
450f0779b [Bowen Liang] rename IcebergCallArgsTableExtractor to ExpressionSeqTableExtractor
0deeffd57 [chenliang.lu] Support iceberg call statement in ranger authentication
414ff2a42 [ChenliangLu] Merge branch 'apache:master' into master
c85059a0b [chenliang.lu] fix comments
85ffd0f88 [chenliang.lu] Support iceberg call statement in ranger authentication
66dbfcc35 [chenliang.lu] optimize codes for table extractor
f1e93fcd7 [chenliang.lu] Support iceberg call statement in ranger authentication

Lead-authored-by: yabola <chenlianglu@tencent.com>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: chenliang.lu <marssss2929@gmail.com>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: ChenliangLu <31469905+yabola@users.noreply.github.com>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 ...bi.plugin.spark.authz.serde.TableExtractor |  3 +
 .../main/resources/table_command_spec.json    | 14 +++++
 .../spark/authz/serde/tableExtractors.scala   | 50 ++++++++++++++--
 .../authz/gen/PolicyJsonFileGenerator.scala   |  2 +-
 ...IcebergCatalogPrivilegesBuilderSuite.scala | 22 +++++++
 .../spark/authz/gen/IcebergCommands.scala     |  8 +++
 ...bergCatalogRangerSparkExtensionSuite.scala | 60 +++++++++++++++++++
 7 files changed, 152 insertions(+), 7 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
index a312682b1..78f836c65 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
@@ -18,9 +18,12 @@
 org.apache.kyuubi.plugin.spark.authz.serde.CatalogTableOptionTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.CatalogTableTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.DataSourceV2RelationTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.ExpressionSeqTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.IdentifierTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.LogicalRelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedDbObjectNameTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedIdentifierTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedTableTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.StringTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.TableIdentifierTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.TableTableExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 0025fae75..e11d94400 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -91,6 +91,20 @@
     "fieldName" : "plan",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.Call",
+  "tableDescs" : [ {
+    "fieldName" : "args",
+    "fieldExtractor" : "ExpressionSeqTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_PROPERTIES",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CommentOnTable",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 9a4435d5a..94641d6d0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -24,6 +24,7 @@ import scala.collection.JavaConverters._
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.TableIdentifier
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
@@ -132,6 +133,34 @@ class IdentifierTableExtractor extends TableExtractor {
   }
 }
 
+/**
+ * java.lang.String
+ * with concat parts by "."
+ */
+class StringTableExtractor extends TableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    val tableNameArr = v1.asInstanceOf[String].split("\\.")
+    val maybeTable = tableNameArr.length match {
+      case 1 => Table(None, None, tableNameArr(0), None)
+      case 2 => Table(None, Some(tableNameArr(0)), tableNameArr(1), None)
+      case 3 => Table(Some(tableNameArr(0)), Some(tableNameArr(1)), tableNameArr(2), None)
+    }
+    Option(maybeTable)
+  }
+}
+
+/**
+ * Seq[org.apache.spark.sql.catalyst.expressions.Expression]
+ */
+class ExpressionSeqTableExtractor extends TableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    val expressions = v1.asInstanceOf[Seq[Expression]]
+    // Iceberg will rearrange the parameters according to the parameter order
+    // defined in the procedure, where the table parameters are currently always the first.
+    lookupExtractor[StringTableExtractor].apply(spark, expressions.head.toString())
+  }
+}
+
 /**
  * org.apache.spark.sql.execution.datasources.v2.DataSourceV2Relation
  */
@@ -145,12 +174,11 @@ class DataSourceV2RelationTableExtractor extends TableExtractor {
         val maybeCatalogPlugin = invokeAs[Option[AnyRef]](v2Relation, "catalog")
         val maybeCatalog = maybeCatalogPlugin.flatMap(catalogPlugin =>
           lookupExtractor[CatalogPluginCatalogExtractor].apply(catalogPlugin))
-        val maybeIdentifier = invokeAs[Option[AnyRef]](v2Relation, "identifier")
-        maybeIdentifier.flatMap { id =>
-          val maybeTable = lookupExtractor[IdentifierTableExtractor].apply(spark, id)
-          val maybeOwner = TableExtractor.getOwner(v2Relation)
-          maybeTable.map(_.copy(catalog = maybeCatalog, owner = maybeOwner))
-        }
+        lookupExtractor[TableTableExtractor].apply(spark, invokeAs[AnyRef](v2Relation, "table"))
+          .map { table =>
+            val maybeOwner = TableExtractor.getOwner(v2Relation)
+            table.copy(catalog = maybeCatalog, owner = maybeOwner)
+          }
     }
   }
 }
@@ -198,3 +226,13 @@ class ResolvedIdentifierTableExtractor extends TableExtractor {
     }
   }
 }
+
+/**
+ * org.apache.spark.sql.connector.catalog.Table
+ */
+class TableTableExtractor extends TableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    val tableName = invokeAs[String](v1, "name")
+    lookupExtractor[StringTableExtractor].apply(spark, tableName)
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
index 981635a17..2686cba20 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -28,9 +28,9 @@ import com.fasterxml.jackson.databind.node.ObjectNode
 import com.fasterxml.jackson.module.scala.DefaultScalaModule
 import org.apache.commons.io.FileUtils
 import org.apache.ranger.plugin.model.RangerPolicy
-// scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
+// scalastyle:off
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess.allowTypes
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index db81cd6e8..45186e250 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -125,4 +125,26 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
       assert(accessType === AccessType.UPDATE)
     }
   }
+
+  test("RewriteDataFilesProcedure") {
+    val table = "RewriteDataFilesProcedure"
+    withV2Table(table) { tableId =>
+      sql(s"CREATE TABLE IF NOT EXISTS $tableId (key int, value String) USING iceberg")
+      sql(s"INSERT INTO $tableId VALUES (1, 'a'), (2, 'b'), (3, 'c')")
+
+      val plan = sql(s"CALL $catalogV2.system.rewrite_data_files (table => '$tableId')")
+        .queryExecution.analyzed
+      val (inputs, outputs, operationType) = PrivilegesBuilder.build(plan, spark)
+      assert(operationType === ALTERTABLE_PROPERTIES)
+      assert(inputs.size === 0)
+      assert(outputs.size === 1)
+      val po = outputs.head
+      assert(po.actionType === PrivilegeObjectActionType.OTHER)
+      assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(table)(po.objectName)
+      val accessType = AccessType(po, operationType, isInput = false)
+      assert(accessType === AccessType.ALTER)
+    }
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
index 208e73c51..355143c40 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.plugin.spark.authz.gen
 
+import org.apache.kyuubi.plugin.spark.authz.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
@@ -49,7 +50,14 @@ object IcebergCommands {
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDesc))
   }
 
+  val CallProcedure = {
+    val cmd = "org.apache.spark.sql.catalyst.plans.logical.Call"
+    val td = TableDesc("args", classOf[ExpressionSeqTableExtractor])
+    TableCommandSpec(cmd, Seq(td), opType = OperationType.ALTERTABLE_PROPERTIES)
+  }
+
   val data: Array[TableCommandSpec] = Array(
+    CallProcedure,
     DeleteFromIcebergTable,
     UpdateIcebergTable,
     MergeIntoIcebergTable,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index b22a812fd..55fde3b68 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -27,6 +27,7 @@ import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
+import org.apache.kyuubi.util.AssertionUtils._
 
 /**
  * Tests for RangerSparkExtensionSuite
@@ -226,4 +227,63 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
       s" on [$namespace1/$table1]"))
   }
+
+  test("CALL RewriteDataFilesProcedure") {
+    val tableName = "table_select_call_command_table"
+    val table = s"$catalogV2.$namespace1.$tableName"
+    val initDataFilesCount = 2
+    val rewriteDataFiles1 = s"CALL $catalogV2.system.rewrite_data_files " +
+      s"(table => '$table', options => map('min-input-files','$initDataFilesCount'))"
+    val rewriteDataFiles2 = s"CALL $catalogV2.system.rewrite_data_files " +
+      s"(table => '$table', options => map('min-input-files','${initDataFilesCount + 1}'))"
+
+    withCleanTmpResources(Seq((table, "table"))) {
+      doAs(
+        admin, {
+          sql(s"CREATE TABLE IF NOT EXISTS $table  (id int, name string) USING iceberg")
+          // insert 2 data files
+          (0 until initDataFilesCount)
+            .foreach(i => sql(s"INSERT INTO $table VALUES ($i, 'user_$i')"))
+        })
+
+      interceptContains[AccessControlException](doAs(someone, sql(rewriteDataFiles1)))(
+        s"does not have [alter] privilege on [$namespace1/$tableName]")
+      interceptContains[AccessControlException](doAs(someone, sql(rewriteDataFiles2)))(
+        s"does not have [alter] privilege on [$namespace1/$tableName]")
+
+      /**
+       * Case 1: Number of input data files equals or greater than minimum expected.
+       * Two logical plans triggered
+       * when ( input-files(2) >= min-input-files(2) ):
+       *
+       * == Physical Plan 1 ==
+       * Call (1)
+       *
+       * == Physical Plan 2 ==
+       * AppendData (3)
+       * +- * ColumnarToRow (2)
+       * +- BatchScan local.iceberg_ns.call_command_table (1)
+       */
+      doAs(
+        admin, {
+          val result1 = sql(rewriteDataFiles1).collect()
+          // rewritten results into 2 data files
+          assert(result1(0)(0) === initDataFilesCount)
+        })
+
+      /**
+       * Case 2: Number of input data files less than minimum expected.
+       * Only one logical plan triggered
+       * when ( input-files(2) < min-input-files(3) )
+       *
+       * == Physical Plan ==
+       *  Call (1)
+       */
+      doAs(
+        admin, {
+          val result2 = sql(rewriteDataFiles2).collect()
+          assert(result2(0)(0) === 0)
+        })
+    }
+  }
 }

From d15322d568c670cb57d2852d9d34d3af7bc44cad Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 13 Sep 2023 17:41:27 +0800
Subject: [PATCH 631/760] [KYUUBI #5275] [DOC] Improve and fix comparation and
 regeneration for golden files

### _Why are the changes needed?_

- Extract common assertion method for verifying file contents
- Ensure integrity of the file by comparing the line count
- Correct the script name for Spark engine KDF doc generation from `gen_kdf.sh` to `gen_spark_kdf_docs.sh`
- Add `gen_hive_kdf_docs.sh` script for Hive engine KDF doc generation
- Fix incorrect hints for Ranger spec file generation
- shows the line number of the incorrect file content
- Streamingly read file content by line with buffered support
- Regeneration hints:

<img width="656" alt="image" src="https://github.com/apache/kyuubi/assets/1935105/d1a7cb70-8b63-4fe9-ae27-80dadbe84799">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5275 from bowenliang123/doc-regen-hint.

Closes #5275

9af97ab86 [Bowen Liang] implicit source position
07020c74d [liangbowen] assertFileContent

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 dev/gen/gen_hive_kdf_docs.sh                  | 26 ++++++++++
 dev/gen/{gen_kdf.sh => gen_spark_kdf_docs.sh} |  2 +-
 .../authz/gen/PolicyJsonFileGenerator.scala   | 13 +++--
 .../authz/gen/JsonSpecFileGenerator.scala     | 14 +++--
 .../connector/tpcds/TPCDSQuerySuite.scala     |  3 --
 .../spark/connector/tpch/TPCHQuerySuite.scala |  3 --
 .../hive/udf/KyuubiDefinedFunctionSuite.scala | 17 +++---
 .../udf/KyuubiDefinedFunctionSuite.scala      | 17 +++---
 .../org/apache/kyuubi/MarkdownUtils.scala     | 34 ------------
 .../config/AllKyuubiConfiguration.scala       |  7 ++-
 .../tpcds/OutputSchemaTPCDSSuite.scala        | 16 +++---
 .../apache/kyuubi/util/AssertionUtils.scala   | 52 ++++++++++++++++++-
 .../apache/kyuubi/util/GoldenFileUtils.scala  | 51 ++++++++++++++++++
 13 files changed, 165 insertions(+), 90 deletions(-)
 create mode 100755 dev/gen/gen_hive_kdf_docs.sh
 rename dev/gen/{gen_kdf.sh => gen_spark_kdf_docs.sh} (95%)
 create mode 100644 kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/GoldenFileUtils.scala

diff --git a/dev/gen/gen_hive_kdf_docs.sh b/dev/gen/gen_hive_kdf_docs.sh
new file mode 100755
index 000000000..b670dc3c5
--- /dev/null
+++ b/dev/gen/gen_hive_kdf_docs.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Golden result file:
+# docs/extensions/engines/hive/functions.md
+
+KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
+build/mvn clean test \
+  -pl externals/kyuubi-hive-sql-engine -am \
+  -Pflink-provided,spark-provided,hive-provided \
+  -DwildcardSuites=org.apache.kyuubi.engine.hive.udf.KyuubiDefinedFunctionSuite
diff --git a/dev/gen/gen_kdf.sh b/dev/gen/gen_spark_kdf_docs.sh
similarity index 95%
rename from dev/gen/gen_kdf.sh
rename to dev/gen/gen_spark_kdf_docs.sh
index a10a31afc..ac13082e3 100755
--- a/dev/gen/gen_kdf.sh
+++ b/dev/gen/gen_spark_kdf_docs.sh
@@ -17,7 +17,7 @@
 #
 
 # Golden result file:
-# docs/sql/functions.md
+# docs/extensions/engines/spark/functions.md
 
 KYUUBI_UPDATE="${KYUUBI_UPDATE:-1}" \
 build/mvn clean test \
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
index 2686cba20..7faddd0c7 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -26,7 +26,6 @@ import com.fasterxml.jackson.databind.{JsonNode, ObjectMapper}
 import com.fasterxml.jackson.databind.json.JsonMapper
 import com.fasterxml.jackson.databind.node.ObjectNode
 import com.fasterxml.jackson.module.scala.DefaultScalaModule
-import org.apache.commons.io.FileUtils
 import org.apache.ranger.plugin.model.RangerPolicy
 import org.scalatest.funsuite.AnyFunSuite
 
@@ -37,6 +36,7 @@ import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyItemAccess.allowTyp
 import org.apache.kyuubi.plugin.spark.authz.gen.KRangerPolicyResource._
 import org.apache.kyuubi.plugin.spark.authz.gen.RangerAccessType._
 import org.apache.kyuubi.plugin.spark.authz.gen.RangerClassConversions._
+import org.apache.kyuubi.util.AssertionUtils._
 
 /**
  * Generates the policy file to test/main/resources dir.
@@ -77,12 +77,11 @@ class PolicyJsonFileGenerator extends AnyFunSuite {
         StandardOpenOption.CREATE,
         StandardOpenOption.TRUNCATE_EXISTING)
     } else {
-      val existedFileContent =
-        FileUtils.readFileToString(policyFilePath.toFile, StandardCharsets.UTF_8)
-      withClue("Please regenerate the ranger policy file by running"
-        + " `dev/gen/gen_ranger_policy_json.sh`") {
-        assert(generatedStr.equals(existedFileContent))
-      }
+      assertFileContent(
+        policyFilePath,
+        Seq(generatedStr),
+        "dev/gen/gen_ranger_policy_json.sh",
+        splitFirstExpectedLine = true)
     }
   }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index b10904c1e..855e25e87 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -20,11 +20,11 @@ package org.apache.kyuubi.plugin.spark.authz.gen
 import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Paths, StandardOpenOption}
 
-import org.apache.commons.io.FileUtils
 //scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.serde.{mapper, CommandSpec}
+import org.apache.kyuubi.util.AssertionUtils._
 
 /**
  * Generates the default command specs to src/main/resources dir.
@@ -39,7 +39,6 @@ import org.apache.kyuubi.plugin.spark.authz.serde.{mapper, CommandSpec}
  *   dev/gen/gen_ranger_spec_json.sh
  * }}}
  */
-
 class JsonSpecFileGenerator extends AnyFunSuite {
   // scalastyle:on
   test("check spec json files") {
@@ -70,12 +69,11 @@ class JsonSpecFileGenerator extends AnyFunSuite {
         StandardOpenOption.CREATE,
         StandardOpenOption.TRUNCATE_EXISTING)
     } else {
-      val existedFileContent =
-        FileUtils.readFileToString(filePath.toFile, StandardCharsets.UTF_8)
-      withClue(s"Check $filename failed. Please regenerate the ranger policy file by running"
-        + " `dev/gen/gen_ranger_spec_json.sh`.") {
-        assert(generatedStr.equals(existedFileContent))
-      }
+      assertFileContent(
+        filePath,
+        Seq(generatedStr),
+        "dev/gen/gen_ranger_spec_json.sh",
+        splitFirstExpectedLine = true)
     }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala
index d566e12a4..c99d7beca 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSQuerySuite.scala
@@ -28,7 +28,6 @@ import org.apache.kyuubi.{KyuubiFunSuite, Utils}
 import org.apache.kyuubi.spark.connector.common.GoldenFileUtils._
 import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSession
 
-// scalastyle:off line.size.limit
 /**
  * To run this test suite:
  * {{{
@@ -40,8 +39,6 @@ import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSessi
  *   dev/gen/gen_tpcds_queries.sh
  * }}}
  */
-// scalastyle:on line.size.limit
-
 @Slow
 class TPCDSQuerySuite extends KyuubiFunSuite {
 
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
index ce119f806..a409a5fe9 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/scala/org/apache/kyuubi/spark/connector/tpch/TPCHQuerySuite.scala
@@ -28,7 +28,6 @@ import org.apache.kyuubi.{KyuubiFunSuite, Utils}
 import org.apache.kyuubi.spark.connector.common.GoldenFileUtils._
 import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSession
 
-// scalastyle:off line.size.limit
 /**
  * To run this test suite:
  * {{{
@@ -40,8 +39,6 @@ import org.apache.kyuubi.spark.connector.common.LocalSparkSession.withSparkSessi
  *   dev/gen/gen_tpcdh_queries.sh
  * }}}
  */
-// scalastyle:on line.size.limit
-
 @Slow
 class TPCHQuerySuite extends KyuubiFunSuite {
 
diff --git a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
index f76eefe84..08cb143e0 100644
--- a/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-hive-sql-engine/src/test/scala/org/apache/kyuubi/engine/hive/udf/KyuubiDefinedFunctionSuite.scala
@@ -19,24 +19,23 @@ package org.apache.kyuubi.engine.hive.udf
 
 import java.nio.file.Paths
 
-import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
+import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, Utils}
+import org.apache.kyuubi.util.GoldenFileUtils._
 
-// scalastyle:off line.size.limit
 /**
  * End-to-end test cases for configuration doc file
- * The golden result file is "docs/sql/functions.md".
+ * The golden result file is "docs/extensions/engines/hive/functions.md".
  *
  * To run the entire test suite:
  * {{{
- *   build/mvn clean test -pl externals/kyuubi-hive-sql-engine -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.engine.hive.udf.KyuubiDefinedFunctionSuite
+ *   KYUUBI_UPDATE=0 dev/gen/gen_hive_kdf_docs.sh
  * }}}
  *
  * To re-generate golden files for entire suite, run:
  * {{{
- *   KYUUBI_UPDATE=1 build/mvn clean test -pl externals/kyuubi-hive-sql-engine -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.engine.hive.udf.KyuubiDefinedFunctionSuite
+ *   dev/gen/gen_hive_kdf_docs.sh
  * }}}
  */
-// scalastyle:on line.size.limit
 class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
 
   private val kyuubiHome: String = Utils.getCodeSourceLocation(getClass)
@@ -60,10 +59,6 @@ class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
       builder += s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}"
     }
 
-    MarkdownUtils.verifyOutput(
-      markdown,
-      builder,
-      getClass.getCanonicalName,
-      "externals/kyuubi-hive-sql-engine")
+    verifyOrRegenerateGoldenFile(markdown, builder.toMarkdown, "dev/gen/gen_hive_kdf_docs.sh")
   }
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
index 7387a7e9b..7a3f8c940 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/udf/KyuubiDefinedFunctionSuite.scala
@@ -19,24 +19,23 @@ package org.apache.kyuubi.engine.spark.udf
 
 import java.nio.file.Paths
 
-import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
+import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, Utils}
+import org.apache.kyuubi.util.GoldenFileUtils._
 
-// scalastyle:off line.size.limit
 /**
  * End-to-end test cases for configuration doc file
- * The golden result file is "docs/sql/functions.md".
+ * The golden result file is "docs/extensions/engines/spark/functions.md".
  *
  * To run the entire test suite:
  * {{{
- *   KYUUBI_UPDATE=0 dev/gen/gen_kdf.sh
+ *   KYUUBI_UPDATE=0 dev/gen/gen_spark_kdf_docs.sh
  * }}}
  *
  * To re-generate golden files for entire suite, run:
  * {{{
- *   dev/gen/gen_kdf.sh
+ *   dev/gen/gen_spark_kdf_docs.sh
  * }}}
  */
-// scalastyle:on line.size.limit
 class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
 
   private val kyuubiHome: String = Utils.getCodeSourceLocation(getClass)
@@ -60,10 +59,6 @@ class KyuubiDefinedFunctionSuite extends KyuubiFunSuite {
       builder += s"${func.name} | ${func.description} | ${func.returnType} | ${func.since}"
     }
 
-    MarkdownUtils.verifyOutput(
-      markdown,
-      builder,
-      getClass.getCanonicalName,
-      "externals/kyuubi-spark-sql-engine")
+    verifyOrRegenerateGoldenFile(markdown, builder.toMarkdown, "dev/gen/gen_spark_kdf_docs.sh")
   }
 }
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
index 2ac5e8c69..4dbe6ea67 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/MarkdownUtils.scala
@@ -17,10 +17,6 @@
 
 package org.apache.kyuubi
 
-import java.nio.charset.StandardCharsets
-import java.nio.file.{Files, Path, StandardOpenOption}
-
-import scala.collection.JavaConverters._
 import scala.collection.mutable.ListBuffer
 
 import com.vladsch.flexmark.formatter.Formatter
@@ -28,36 +24,6 @@ import com.vladsch.flexmark.parser.{Parser, ParserEmulationProfile, PegdownExten
 import com.vladsch.flexmark.profile.pegdown.PegdownOptionsAdapter
 import com.vladsch.flexmark.util.data.{MutableDataHolder, MutableDataSet}
 import com.vladsch.flexmark.util.sequence.SequenceUtils.EOL
-import org.scalatest.Assertions.{assertResult, withClue}
-
-object MarkdownUtils {
-
-  def verifyOutput(
-      markdown: Path,
-      newOutput: MarkdownBuilder,
-      agent: String,
-      module: String): Unit = {
-    val formatted = newOutput.toMarkdown
-    if (System.getenv("KYUUBI_UPDATE") == "1") {
-      Files.write(
-        markdown,
-        formatted.asJava,
-        StandardOpenOption.CREATE,
-        StandardOpenOption.TRUNCATE_EXISTING)
-    } else {
-      Files.readAllLines(markdown, StandardCharsets.UTF_8).asScala.toStream
-        .zipWithIndex.zip(formatted).foreach { case ((lineInFile, lineIndex), formattedLine) =>
-          withClue(
-            s""" The markdown file ($markdown:${lineIndex + 1}) is out of date.
-               | Please update doc with KYUUBI_UPDATE=1 build/mvn clean test
-               | -pl $module -am -Pflink-provided,spark-provided,hive-provided
-               | -Dtest=none -DwildcardSuites=$agent \n""".stripMargin) {
-            assertResult(formattedLine)(lineInFile)
-          }
-        }
-    }
-  }
-}
 
 class MarkdownBuilder {
   private val buffer = new ListBuffer[String]
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index 0a5329988..f53fb3a61 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -21,14 +21,14 @@ import java.nio.file.Paths
 
 import scala.collection.JavaConverters._
 
-import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, MarkdownUtils, Utils}
+import org.apache.kyuubi.{KyuubiFunSuite, MarkdownBuilder, Utils}
 import org.apache.kyuubi.ctl.CtlConf
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.metrics.MetricsConf
 import org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStoreConf
+import org.apache.kyuubi.util.GoldenFileUtils._
 import org.apache.kyuubi.zookeeper.ZookeeperConf
 
-// scalastyle:off line.size.limit
 /**
  * End-to-end test cases for configuration doc file
  * The golden result file is "docs/configuration/settings.md".
@@ -43,7 +43,6 @@ import org.apache.kyuubi.zookeeper.ZookeeperConf
  *   dev/gen/gen_all_config_docs.sh
  * }}}
  */
-// scalastyle:on line.size.limit
 class AllKyuubiConfiguration extends KyuubiFunSuite {
   private val kyuubiHome: String = Utils.getCodeSourceLocation(getClass).split("kyuubi-server")(0)
   private val markdown = Paths.get(kyuubiHome, "docs", "configuration", "settings.md")
@@ -229,6 +228,6 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
         | executor and obey the Spark AQE behavior of Kyuubi system default. On the other hand,
         | for those users who do not have custom configurations will use system defaults."""
 
-    MarkdownUtils.verifyOutput(markdown, builder, getClass.getCanonicalName, "kyuubi-server")
+    verifyOrRegenerateGoldenFile(markdown, builder.toMarkdown, "dev/gen/gen_all_config_docs.sh")
   }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala
index d17623fcf..9505c4a3b 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/operation/tpcds/OutputSchemaTPCDSSuite.scala
@@ -26,8 +26,9 @@ import org.apache.kyuubi.{DeltaSuiteMixin, WithKyuubiServer}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.server.mysql.MySQLJDBCTestHelper
 import org.apache.kyuubi.tags.DeltaTest
+import org.apache.kyuubi.util.AssertionUtils._
+import org.apache.kyuubi.util.GoldenFileUtils._
 
-// scalastyle:off line.size.limit
 /**
  * To run this test suite:
  * {{{
@@ -39,7 +40,6 @@ import org.apache.kyuubi.tags.DeltaTest
  *   dev/gen/gen_tpcds_output_schema.sh
  * }}}
  */
-// scalastyle:on line.size.limit
 @Slow
 @DeltaTest
 class OutputSchemaTPCDSSuite extends WithKyuubiServer
@@ -74,7 +74,6 @@ class OutputSchemaTPCDSSuite extends WithKyuubiServer
     super.afterAll()
   }
 
-  private val regenerateGoldenFiles = sys.env.get("KYUUBI_UPDATE").contains("1")
   protected val baseResourcePath: Path = Paths.get("src", "test", "resources")
 
   private def fileToString(file: Path): String = {
@@ -89,12 +88,15 @@ class OutputSchemaTPCDSSuite extends WithKyuubiServer
         val columnTypes = (1 to result.getMetaData.getColumnCount).map { i =>
           s"${result.getMetaData.getColumnName(i)}:${result.getMetaData.getColumnTypeName(i)}"
         }.mkString("struct<", ",", ">\n")
-        if (regenerateGoldenFiles) {
+        if (isRegenerateGoldenFiles) {
           Files.write(goldenFile, columnTypes.getBytes())
+        } else {
+          assertFileContent(
+            goldenFile,
+            Seq(columnTypes),
+            "dev/gen/gen_tpcds_output_schema.sh",
+            splitFirstExpectedLine = true)
         }
-
-        val expected = fileToString(goldenFile)
-        assert(columnTypes === expected)
       } finally {
         result.close()
       }
diff --git a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
index e12eb1bd4..2e9a0d3fe 100644
--- a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
@@ -16,11 +16,15 @@
  */
 package org.apache.kyuubi.util
 
+import java.nio.charset.StandardCharsets
+import java.nio.file.Path
 import java.util.Locale
 
+import scala.collection.Traversable
+import scala.io.Source
 import scala.reflect.ClassTag
 
-import org.scalactic.source
+import org.scalactic.{source, Prettifier}
 import org.scalatest.Assertions._
 
 object AssertionUtils {
@@ -54,6 +58,52 @@ object AssertionUtils {
     }
   }
 
+  /**
+   * Assert the file content is equal to the expected lines.
+   * If not, throws assertion error with the given regeneration hint.
+   * @param expectedLines expected lines
+   * @param path source file path
+   * @param regenScript regeneration script
+   * @param splitFirstExpectedLine whether to split the first expected line
+   *                               into multiple lines by EOL
+   */
+  def assertFileContent(
+      path: Path,
+      expectedLines: Traversable[String],
+      regenScript: String,
+      splitFirstExpectedLine: Boolean = false)(implicit
+      prettifier: Prettifier,
+      pos: source.Position): Unit = {
+    val fileSource = Source.fromFile(path.toUri, StandardCharsets.UTF_8.name())
+    try {
+      def expectedLinesIter = if (splitFirstExpectedLine) {
+        Source.fromString(expectedLines.head).getLines()
+      } else {
+        expectedLines.toIterator
+      }
+      val fileLinesIter = fileSource.getLines()
+      val regenerationHint = s"The file ($path) is out of date. " + {
+        if (regenScript != null && regenScript.nonEmpty) {
+          s" Please regenerate it by running `${regenScript.stripMargin}`. "
+        } else ""
+      }
+      var fileLineCount = 0
+      fileLinesIter.zipWithIndex.zip(expectedLinesIter)
+        .foreach { case ((lineInFile, lineIndex), expectedLine) =>
+          val lineNum = lineIndex + 1
+          withClue(s"Line $lineNum is not expected. $regenerationHint") {
+            assertResult(expectedLine)(lineInFile)(prettifier, pos)
+          }
+          fileLineCount = Math.max(lineNum, fileLineCount)
+        }
+      withClue(s"Line number is not expected. $regenerationHint") {
+        assertResult(expectedLinesIter.size)(fileLineCount)(prettifier, pos)
+      }
+    } finally {
+      fileSource.close()
+    }
+  }
+
   /**
    * Asserts that the given function throws an exception of the given type
    * and with the exception message equals to expected string
diff --git a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/GoldenFileUtils.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/GoldenFileUtils.scala
new file mode 100644
index 000000000..e9927f7e2
--- /dev/null
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/GoldenFileUtils.scala
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.util
+
+import java.nio.file.{Files, Path, StandardOpenOption}
+
+import scala.collection.JavaConverters._
+
+import org.apache.kyuubi.util.AssertionUtils._
+
+object GoldenFileUtils {
+  def isRegenerateGoldenFiles: Boolean = sys.env.get("KYUUBI_UPDATE").contains("1")
+
+  /**
+   * Verify the golden file content when KYUUBI_UPDATE env is not equals to 1,
+   * or regenerate the golden file content when KYUUBI_UPDATE env is equals to 1.
+   *
+   * @param path the path of file
+   * @param lines the expected lines for validation or regeneration
+   * @param regenScript the script for regeneration, used for hints when verification failed
+   */
+  def verifyOrRegenerateGoldenFile(
+      path: Path,
+      lines: Iterable[String],
+      regenScript: String): Unit = {
+    if (isRegenerateGoldenFiles) {
+      Files.write(
+        path,
+        lines.asJava,
+        StandardOpenOption.CREATE,
+        StandardOpenOption.TRUNCATE_EXISTING)
+    } else {
+      assertFileContent(path, lines, regenScript)
+    }
+  }
+}

From b21ae88545be0d9dce450b7bf0668e8ea61a48ef Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Wed, 13 Sep 2023 19:49:57 +0800
Subject: [PATCH 632/760] [KYUUBI #5271][Bug] AnalyzeTableCommand should also
 add table write privilege

### _Why are the changes needed?_
Since AnalyzeTableCommand also update table's metadata, since alter command also need table write privilege, AnalyzeTableCommand need too

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5272 from AngersZhuuuu/KYUUBI-5271.

Closes #5271

ad5c70403 [Angerszhuuuu] Merge branch 'KYUUBI-5271' of https://github.com/AngersZhuuuu/incubator-kyuubi into KYUUBI-5271
a5932b7e8 [Angerszhuuuu] Update TableCommands.scala
97ee3299c [Angerszhuuuu] Merge branch 'master' into KYUUBI-5271
cdd8100fd [Angerszhuuuu] Update PrivilegesBuilderSuite.scala
5f110563e [Angerszhuuuu] update
92c30454b [Angerszhuuuu] Revert "Update TableCommands.scala"
504ff2a26 [Angerszhuuuu] Update TableCommands.scala
6c4233680 [Angerszhuuuu] [KYUUBI #5271][Bug] AnalyzeTableCommand should also add table write privilege

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../main/resources/table_command_spec.json    | 33 +++++++++++--
 .../spark/authz/PrivilegesBuilderSuite.scala  | 49 +++++++++++++++----
 .../spark/authz/gen/TableCommands.scala       | 13 +++--
 3 files changed, 78 insertions(+), 17 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index e11d94400..3e1911468 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -865,6 +865,15 @@
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AnalyzeColumnCommand",
   "tableDescs" : [ {
+    "fieldName" : "tableIdent",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableIdent",
     "fieldExtractor" : "TableIdentifierTableExtractor",
     "columnDesc" : {
@@ -889,11 +898,20 @@
     "isInput" : true,
     "setCurrentDatabaseIfMissing" : false
   } ],
-  "opType" : "ANALYZE_TABLE",
+  "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AnalyzePartitionCommand",
   "tableDescs" : [ {
+    "fieldName" : "tableIdent",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableIdent",
     "fieldExtractor" : "TableIdentifierTableExtractor",
     "columnDesc" : {
@@ -906,11 +924,20 @@
     "isInput" : true,
     "setCurrentDatabaseIfMissing" : false
   } ],
-  "opType" : "ANALYZE_TABLE",
+  "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AnalyzeTableCommand",
   "tableDescs" : [ {
+    "fieldName" : "tableIdent",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
     "fieldName" : "tableIdent",
     "fieldExtractor" : "TableIdentifierTableExtractor",
     "columnDesc" : null,
@@ -920,7 +947,7 @@
     "isInput" : true,
     "setCurrentDatabaseIfMissing" : false
   } ],
-  "opType" : "ANALYZE_TABLE",
+  "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CacheTableCommand",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 878aa7dad..723fabd7b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -379,7 +379,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     val plan = sql(s"ANALYZE TABLE $reusedPartTable PARTITION (pid=1)" +
       s" COMPUTE STATISTICS FOR COLUMNS key").queryExecution.analyzed
     val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
-    assert(operationType === ANALYZE_TABLE)
+    assert(operationType === ALTERTABLE_PROPERTIES)
     assert(in.size === 1)
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
@@ -390,16 +390,27 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po0.columns === Seq("key"))
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
-    assert(accessType0 === AccessType.SELECT)
+    assert(accessType0 === AccessType.ALTER)
+
+    assert(out.size === 1)
+    val po1 = out.head
+    assert(po1.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po1.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assertEqualsIgnoreCase(reusedDb)(po1.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po1.objectName)
+    // ignore this check as it behaves differently across spark versions
+    assert(po1.columns.isEmpty)
+    checkTableOwner(po1)
+    val accessType1 = ranger.AccessType(po1, operationType, isInput = true)
+    assert(accessType1 === AccessType.ALTER)
 
-    assert(out.size === 0)
   }
 
   test("AnalyzePartitionCommand") {
     val plan = sql(s"ANALYZE TABLE $reusedPartTable" +
       s" PARTITION (pid = 1) COMPUTE STATISTICS").queryExecution.analyzed
     val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
-    assert(operationType === ANALYZE_TABLE)
+    assert(operationType === ALTERTABLE_PROPERTIES)
 
     assert(in.size === 1)
     val po0 = in.head
@@ -411,9 +422,19 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po0.columns === Seq("pid"))
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
-    assert(accessType0 === AccessType.SELECT)
+    assert(accessType0 === AccessType.ALTER)
 
-    assert(out.size === 0)
+    assert(out.size === 1)
+    val po1 = out.head
+    assert(po1.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po1.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assertEqualsIgnoreCase(reusedDb)(po1.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po1.objectName)
+    // ignore this check as it behaves differently across spark versions
+    assert(po1.columns.isEmpty)
+    checkTableOwner(po1)
+    val accessType1 = ranger.AccessType(po1, operationType, isInput = true)
+    assert(accessType1 === AccessType.ALTER)
   }
 
   test("AnalyzeTableCommand") {
@@ -421,7 +442,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
       .queryExecution.analyzed
     val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
 
-    assert(operationType === ANALYZE_TABLE)
+    assert(operationType === ALTERTABLE_PROPERTIES)
     assert(in.size === 1)
     val po0 = in.head
     assert(po0.actionType === PrivilegeObjectActionType.OTHER)
@@ -432,9 +453,19 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
     assert(po0.columns.isEmpty)
     checkTableOwner(po0)
     val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
-    assert(accessType0 === AccessType.SELECT)
+    assert(accessType0 === AccessType.ALTER)
 
-    assert(out.size === 0)
+    assert(out.size === 1)
+    val po1 = out.head
+    assert(po1.actionType === PrivilegeObjectActionType.OTHER)
+    assert(po1.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+    assertEqualsIgnoreCase(reusedDb)(po1.dbname)
+    assertEqualsIgnoreCase(reusedPartTableShort)(po1.objectName)
+    // ignore this check as it behaves differently across spark versions
+    assert(po1.columns.isEmpty)
+    checkTableOwner(po1)
+    val accessType1 = ranger.AccessType(po1, operationType, isInput = true)
+    assert(accessType1 === AccessType.ALTER)
   }
 
   test("AnalyzeTablesCommand") {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index f3754e4b9..ca2ee9294 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -181,7 +181,8 @@ object TableCommands {
     val cd2 = cd1.copy(fieldExtractor = classOf[StringSeqOptionColumnExtractor])
     val td1 = tableIdentDesc.copy(columnDesc = Some(cd1), isInput = true)
     val td2 = td1.copy(columnDesc = Some(cd2))
-    TableCommandSpec(cmd, Seq(td1, td2), ANALYZE_TABLE)
+    // AnalyzeColumn will update table properties, here we use ALTERTABLE_PROPERTIES
+    TableCommandSpec(cmd, Seq(tableIdentDesc, td1, td2), ALTERTABLE_PROPERTIES)
   }
 
   val AnalyzePartition = {
@@ -189,16 +190,18 @@ object TableCommands {
     val columnDesc = ColumnDesc("partitionSpec", classOf[PartitionColumnExtractor])
     TableCommandSpec(
       cmd,
-      Seq(tableIdentDesc.copy(columnDesc = Some(columnDesc), isInput = true)),
-      ANALYZE_TABLE)
+      // AnalyzePartition will update table properties, here we use ALTERTABLE_PROPERTIES
+      Seq(tableIdentDesc, tableIdentDesc.copy(columnDesc = Some(columnDesc), isInput = true)),
+      ALTERTABLE_PROPERTIES)
   }
 
   val AnalyzeTable = {
     val cmd = "org.apache.spark.sql.execution.command.AnalyzeTableCommand"
     TableCommandSpec(
       cmd,
-      Seq(tableIdentDesc.copy(isInput = true)),
-      ANALYZE_TABLE)
+      // AnalyzeTable will update table properties, here we use ALTERTABLE_PROPERTIES
+      Seq(tableIdentDesc, tableIdentDesc.copy(isInput = true)),
+      ALTERTABLE_PROPERTIES)
   }
 
   val CreateTableV2 = {

From dd2cd516d72631b464bcec2d4bcafc29d61d3880 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 14 Sep 2023 12:13:20 +0800
Subject: [PATCH 633/760] [KYUUBI #5220][FOLLOWUP] Batch submitted considers
 application state

### _Why are the changes needed?_

This PR aims to fix the `SparkSubmit` concurrency limit implemented in #5220.

"submitted" judgment in #5220 only considered `OperationState`, actually, `ApplicationState` should be counted too. For instance, if a batch is pending in `ACCEPTED` state, the `SparkSubmit` process won't exit until changed to `RUNNING` or `FAILED` state, in such case, the `OperationState` is `RUNNING` and `ApplicationState` is `PENDING`, it should not be treated as "submitted".

Additionally, this PR treats metastore as the single of truth for batch instead of `SessionManager`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5279 from pan3793/5220-followup.

Closes #5220

903abc6d4 [Cheng Pan] Fix
0af6738d2 [Cheng Pan] [KYUUBI #5220][FOLLOWUP] Batch submmited should not contain application pending state

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/server/KyuubiBatchService.scala    | 37 ++++++++++---------
 .../kyuubi/server/metadata/api/Metadata.scala | 12 +++++-
 2 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
index bf10a68fa..2bfbbce2a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiBatchService.scala
@@ -20,6 +20,7 @@ package org.apache.kyuubi.server
 import java.util.concurrent.atomic.AtomicBoolean
 
 import org.apache.kyuubi.config.KyuubiConf.BATCH_SUBMITTER_THREADS
+import org.apache.kyuubi.engine.ApplicationState
 import org.apache.kyuubi.operation.OperationState
 import org.apache.kyuubi.server.metadata.MetadataManager
 import org.apache.kyuubi.service.{AbstractService, Serverable}
@@ -83,26 +84,28 @@ class KyuubiBatchService(
               metadata.requestArgs,
               Some(metadata),
               fromRecovery = false)
-            val sessionHandle = sessionManager.openBatchSession(batchSession)
+            sessionManager.openBatchSession(batchSession)
             var submitted = false
             while (!submitted) { // block until batch job submitted
-              submitted = sessionManager.getBatchSession(sessionHandle).map { batchSession =>
-                val batchState = batchSession.batchJobSubmissionOp.getStatus.state
-                batchState == OperationState.RUNNING || OperationState.isTerminal(batchState)
-              }.getOrElse {
-                error(s"Batch Session $batchId is not existed, marked as finished")
-                true
+              submitted = metadataManager.getBatchSessionMetadata(batchId) match {
+                case Some(metadata) if OperationState.isTerminal(metadata.opState) =>
+                  true
+                case Some(metadata) if metadata.opState == OperationState.RUNNING =>
+                  metadata.appState match {
+                    // app that is not submitted to resource manager
+                    case None | Some(ApplicationState.NOT_FOUND) => false
+                    // app that is pending in resource manager
+                    case Some(ApplicationState.PENDING) => false
+                    // not sure, added for safe
+                    case Some(ApplicationState.UNKNOWN) => false
+                    case _ => true
+                  }
+                case Some(_) =>
+                  false
+                case None =>
+                  error(s"$batchId does not existed in metastore, assume it is finished")
+                  true
               }
-              // should we always treat metastore as the single of truth?
-              //
-              // submitted = metadataManager.getBatchSessionMetadata(batchId) match {
-              //   case Some(metadata) =>
-              //     val batchState = OperationState.withName(metadata.state)
-              //     batchState == OperationState.RUNNING || OperationState.isTerminal(batchState)
-              //   case None =>
-              //     error(s"$batchId does not existed in metastore, assume it is finished")
-              //     true
-              // }
               if (!submitted) Thread.sleep(1000)
             }
             info(s"$batchId is submitted or finished.")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
index 12759f8cc..3e3d94828 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
@@ -18,7 +18,10 @@
 package org.apache.kyuubi.server.metadata.api
 
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.engine.ApplicationManagerInfo
+import org.apache.kyuubi.engine.{ApplicationManagerInfo, ApplicationState}
+import org.apache.kyuubi.engine.ApplicationState.ApplicationState
+import org.apache.kyuubi.operation.OperationState
+import org.apache.kyuubi.operation.OperationState.OperationState
 import org.apache.kyuubi.session.SessionType.SessionType
 
 /**
@@ -82,4 +85,11 @@ case class Metadata(
       requestConf.get(KyuubiConf.KUBERNETES_CONTEXT.key),
       requestConf.get(KyuubiConf.KUBERNETES_NAMESPACE.key))
   }
+
+  def opState: OperationState = {
+    assert(state != null, "invalid state, a normal batch record must have non-null state")
+    OperationState.withName(state)
+  }
+
+  def appState: Option[ApplicationState] = Option(engineState).map(ApplicationState.withName)
 }

From 721c0a437cd52a2285041d1856b7fddcdbe6b5c5 Mon Sep 17 00:00:00 2001
From: peiyue liu <945076608@qq.com>
Date: Thu, 14 Sep 2023 18:44:18 +0800
Subject: [PATCH 634/760] [KYUUBI #5210]Cancel operation will cause the log
 file node to leak

### _Why are the changes needed?_

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5211 from ASiegeLion/master.

Closes #5210

6366e962d [peiyue liu] Merge branch 'apache:master' into master
34dcc57dc [liupeiyue] [KYUUBI #5210]Cancel operation will cause the log file node to leak

Lead-authored-by: peiyue liu <945076608@qq.com>
Co-authored-by: liupeiyue <liupeiyue@yy.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../apache/kyuubi/operation/KyuubiOperation.scala  | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
index b85fa8b02..83e19cb65 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/KyuubiOperation.scala
@@ -142,13 +142,6 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
     if (!isClosedOrCanceled) {
       setState(OperationState.CLOSED)
       MetricsSystem.tracing(_.decCount(MetricRegistry.name(OPERATION_OPEN, opType)))
-      try {
-        // For launch engine operation, we use OperationLog to pass engine submit log but
-        // at that time we do not have remoteOpHandle
-        getOperationLog.foreach(_.close())
-      } catch {
-        case e: IOException => error(e.getMessage, e)
-      }
       if (_remoteOpHandle != null) {
         try {
           client.closeOperation(_remoteOpHandle)
@@ -158,6 +151,13 @@ abstract class KyuubiOperation(session: Session) extends AbstractOperation(sessi
         }
       }
     }
+    try {
+      // For launch engine operation, we use OperationLog to pass engine submit log but
+      // at that time we do not have remoteOpHandle
+      getOperationLog.foreach(_.close())
+    } catch {
+      case e: IOException => error(e.getMessage, e)
+    }
   }
 
   override def getResultSetMetadata: TGetResultSetMetadataResp = {

From f6e3225d745fa0959b65d51f49ad94db99919308 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Thu, 14 Sep 2023 21:59:07 +0800
Subject: [PATCH 635/760] [KYUUBI #5290] Batch impl v2 should pick batch jobs
 in FIFO

### _Why are the changes needed?_

As title

We should ref to FIFO design, pick oldest task to run.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5290 from zwangsheng/KYUUBI/metadata_pick_order.

Closes #5290

2d3b09604 [zwangsheng] [REST-V2] Should use ASC order when kyuubi server submitter pick task from metadata

Authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index d32cdc838..dcb9c0f66 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -198,7 +198,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     JdbcUtils.executeQueryWithRowMapper(
       s"""SELECT identifier FROM $METADATA_TABLE
          |WHERE state=?
-         |ORDER BY create_time DESC LIMIT 1
+         |ORDER BY create_time ASC LIMIT 1
          |""".stripMargin) { stmt =>
       stmt.setString(1, OperationState.INITIALIZED.toString)
     } { resultSet =>

From 137dcf11e9940ef2f4a9dd075f0ac2df548e0d4c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 14 Sep 2023 22:06:30 +0800
Subject: [PATCH 636/760] [KYUUBI #5289] RESTful API should always print audit
 log

### _Why are the changes needed?_

Previously, the RESTful audit log did not contain HTTP requests that threw non-AuthenticationException during the process.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5289 from pan3793/auth-log.

Closes #5289

9e292793e [Cheng Pan] RESTful API should always print audit log

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../authentication/AuthenticationFilter.scala | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index 11e856a29..523d24907 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -22,7 +22,7 @@ import javax.security.sasl.AuthenticationException
 import javax.servlet.{Filter, FilterChain, FilterConfig, ServletException, ServletRequest, ServletResponse}
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 
-import scala.collection.mutable.HashMap
+import scala.collection.mutable
 
 import org.apache.kyuubi.Logging
 import org.apache.kyuubi.config.KyuubiConf
@@ -35,7 +35,8 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
   import AuthenticationHandler._
   import AuthSchemes._
 
-  private[authentication] val authSchemeHandlers = new HashMap[AuthScheme, AuthenticationHandler]()
+  private[authentication] val authSchemeHandlers =
+    new mutable.HashMap[AuthScheme, AuthenticationHandler]()
 
   private[authentication] def addAuthHandler(authHandler: AuthenticationHandler): Unit = {
     authHandler.init(conf)
@@ -109,32 +110,31 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
     HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.set(
       httpRequest.getHeader(conf.get(FRONTEND_PROXY_HTTP_CLIENT_IP_HEADER)))
 
-    if (matchedHandler == null) {
-      debug(s"No auth scheme matched for url: ${httpRequest.getRequestURL}")
-      httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED)
-      AuthenticationAuditLogger.audit(httpRequest, httpResponse)
-      httpResponse.sendError(
-        HttpServletResponse.SC_UNAUTHORIZED,
-        s"No auth scheme matched for $authorization")
-    } else {
-      HTTP_AUTH_TYPE.set(matchedHandler.authScheme.toString)
-      try {
+    try {
+      if (matchedHandler == null) {
+        debug(s"No auth scheme matched for url: ${httpRequest.getRequestURL}")
+        httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED)
+        httpResponse.sendError(
+          HttpServletResponse.SC_UNAUTHORIZED,
+          s"No auth scheme matched for $authorization")
+      } else {
+        HTTP_AUTH_TYPE.set(matchedHandler.authScheme.toString)
         val authUser = matchedHandler.authenticate(httpRequest, httpResponse)
         if (authUser != null) {
           HTTP_CLIENT_USER_NAME.set(authUser)
           doFilter(filterChain, httpRequest, httpResponse)
         }
-        AuthenticationAuditLogger.audit(httpRequest, httpResponse)
-      } catch {
-        case e: AuthenticationException =>
-          httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN)
-          AuthenticationAuditLogger.audit(httpRequest, httpResponse)
-          HTTP_CLIENT_USER_NAME.remove()
-          HTTP_CLIENT_IP_ADDRESS.remove()
-          HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
-          HTTP_AUTH_TYPE.remove()
-          httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage)
       }
+    } catch {
+      case e: AuthenticationException =>
+        httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN)
+        HTTP_CLIENT_USER_NAME.remove()
+        HTTP_CLIENT_IP_ADDRESS.remove()
+        HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
+        HTTP_AUTH_TYPE.remove()
+        httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage)
+    } finally {
+      AuthenticationAuditLogger.audit(httpRequest, httpResponse)
     }
   }
 

From 9b93e874a0470641ae4e83fea3942c75bd065aac Mon Sep 17 00:00:00 2001
From: pengqli <pengqli@cisco.com>
Date: Fri, 15 Sep 2023 11:32:09 +0000
Subject: [PATCH 637/760] [KYUUBI #5293] upgrade  snakeyaml from 1.33 to 2.2

### _Why are the changes needed?_

upgrade  snakeyaml from 1.33 to 2.2 reducing direct CVE vulnerabilities, see (https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes)
[CVE-2022-1471](https://nvd.nist.gov/vuln/detail/CVE-2022-1471)
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5293 from dev-lpq/snakeyaml_critical.

Closes #5293

5b2412d8e [pengqli] upgrade  snakeyaml from 1.33 to 2.2

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList | 2 +-
 pom.xml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index f59095b66..0675f56f0 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -183,7 +183,7 @@ simpleclient_tracer_otel/0.16.0//simpleclient_tracer_otel-0.16.0.jar
 simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml-engine/2.6//snakeyaml-engine-2.6.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
 snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
 sqlite-jdbc/3.42.0.0//sqlite-jdbc-3.42.0.0.jar
 swagger-annotations/2.2.1//swagger-annotations-2.2.1.jar
diff --git a/pom.xml b/pom.xml
index 5d812f63a..faff83917 100644
--- a/pom.xml
+++ b/pom.xml
@@ -191,7 +191,7 @@
         <scalatestplus.version>3.2.16.0</scalatestplus.version>
         <scopt.version>4.1.0</scopt.version>
         <slf4j.version>1.7.36</slf4j.version>
-        <snakeyaml.version>1.33</snakeyaml.version>
+        <snakeyaml.version>2.2</snakeyaml.version>
         <!--
           DO NOT forget to change the following properties when change the minor version of Spark:
           `delta.version`, `maven.plugin.scalatest.exclude.tags`

From 7ba458a0da3e990700acdc58fc52300e87a0af6d Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 15 Sep 2023 11:35:40 +0000
Subject: [PATCH 638/760] [KYUUBI #5291] Verify Spark engine is compatible with
 Spark 3.5.0

### _Why are the changes needed?_

Apache Spark 3.5.0 released in few days ago, this PR aims to add cross-version verification to ensure that Kyuubi engine built against Spark 3.4.1 works on Spark 3.5.0 runtime.

https://spark.apache.org/releases/spark-release-3-5-0.html

For users who want to try Kyuubi with Spark 3.5.0, please compile master/branch-1.8 via

```
./build/dist --tgz --web-ui --spark-provided --flink-provided --hive-provided
```

And then follow the [Quick Start](https://kyuubi.readthedocs.io/en/master/quick_start/quick_start.html) to setup Kyuubi and Spark properly.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

```log
Connected to: Spark SQL (version 3.5.0)
Driver: Kyuubi Project Hive JDBC Client (version 1.8.0-SNAPSHOT)
Beeline version 1.8.0-SNAPSHOT by Apache Kyuubi
0: jdbc:hive2://0.0.0.0:10009/default> select version();
+-------------------------------------------------+
|                    version()                    |
+-------------------------------------------------+
| 3.5.0 ce5ddad990373636e94071e7cef2f31021add07b  |
+-------------------------------------------------+
1 row selected (0.39 seconds)
0: jdbc:hive2://0.0.0.0:10009/default> select kyuubi_version();
+-------------------+
| kyuubi_version()  |
+-------------------+
| 1.8.0-SNAPSHOT    |
+-------------------+
1 row selected (0.16 seconds)
```

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5291 from pan3793/cross-3.5.

Closes #5291

24107a414 [Cheng Pan] Update .github/workflows/master.yml
1554e7131 [Cheng Pan] Verify Spark engine on Spark 3.5

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index b2dd57a50..3b85530d4 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -71,6 +71,11 @@ jobs:
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.3.3 -Dspark.archive.name=spark-3.3.3-bin-hadoop3.tgz -Pzookeeper-3.6'
             exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.3-binary'
+          - java: 8
+            spark: '3.4'
+            spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.5.0 -Dspark.archive.name=spark-3.5.0-bin-hadoop3.tgz -Pzookeeper-3.6'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
+            comment: 'verify-on-spark-3.5-binary'
         exclude:
           # SPARK-33772: Spark supports JDK 17 since 3.3.0
           - java: 17

From 60ebe7de61710af68a6c5242a7545385056419f1 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Fri, 15 Sep 2023 12:31:16 +0000
Subject: [PATCH 639/760] [KYUUBI #5297] [CLIENT] New RetryableClient  get
 http://null server uri from metadata.kyuubiInstance

### _Why are the changes needed?_

Due to #5078, we marked kyuubi_instance in metadata can be null.

We should append kyuubi_instance after we check it's non-null.

Otherwise we may face the following error when we use v2 submit job
```
2023-09-14 19:05:43 [INFO] [main] org.apache.kyuubi.client.RetryableRestClient#74 - Current connect server uri http://null/api/v1
2023-09-14 19:05:43 [ERROR] [main] org.apache.kyuubi.client.RestClient#189 - Error:
java.net.UnknownHostException: null: Name or service not known
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5297 from zwangsheng/client/resetclient_get_null.

Closes #5297

2b4b56020 [zwangsheng] [CLIENT] Get null from metadata.kyuubiInstance

Authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala
index 75b490a4a..d971eec13 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/RestClientFactory.scala
@@ -47,7 +47,8 @@ object RestClientFactory {
       kyuubiRestClient: KyuubiRestClient,
       kyuubiInstance: String)(f: KyuubiRestClient => Unit): Unit = {
     val kyuubiInstanceRestClient = kyuubiRestClient.clone()
-    val hostUrls = Seq(s"http://$kyuubiInstance") ++ kyuubiRestClient.getHostUrls.asScala
+    val hostUrls = Option(kyuubiInstance).map(instance => s"http://$instance").toSeq ++
+      kyuubiRestClient.getHostUrls.asScala
     kyuubiInstanceRestClient.setHostUrls(hostUrls.asJava)
     try {
       f(kyuubiInstanceRestClient)

From 814b0513081c6ec0657842f96a657f37ccb148fe Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sat, 16 Sep 2023 14:02:06 +0000
Subject: [PATCH 640/760] [KYUUBI #5298] Bump latest 1.7.2 in playground and
 helm charts

### _Why are the changes needed?_

Kyuubi v1.7.2 is available now, follow the [release guide](https://kyuubi.readthedocs.io/en/master/community/release.html#keep-other-artifacts-up-to-date) to update version in playground and helm charts.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5298 from pan3793/172.

Closes #5298

8af52636e [Cheng Pan] Bump latest 1.7.2 in playgound and helm charts

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/Chart.yaml | 2 +-
 docker/playground/.env   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/kyuubi/Chart.yaml b/charts/kyuubi/Chart.yaml
index fa6179425..7c881cc9e 100644
--- a/charts/kyuubi/Chart.yaml
+++ b/charts/kyuubi/Chart.yaml
@@ -20,7 +20,7 @@ name: kyuubi
 description: A Helm chart for Kyuubi server
 type: application
 version: 0.1.0
-appVersion: 1.7.1
+appVersion: 1.7.2
 home: https://kyuubi.apache.org
 icon: https://raw.githubusercontent.com/apache/kyuubi/master/docs/imgs/logo.png
 sources:
diff --git a/docker/playground/.env b/docker/playground/.env
index bb666e1e4..5c3d124a7 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -19,7 +19,7 @@ AWS_JAVA_SDK_VERSION=1.12.367
 HADOOP_VERSION=3.3.6
 HIVE_VERSION=2.3.9
 ICEBERG_VERSION=1.3.1
-KYUUBI_VERSION=1.7.1
+KYUUBI_VERSION=1.7.2
 KYUUBI_HADOOP_VERSION=3.3.5
 POSTGRES_VERSION=12
 POSTGRES_JDBC_VERSION=42.3.4

From 413683507079f8f97217e8099177f0b16bc9192d Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Mon, 18 Sep 2023 16:00:21 +0800
Subject: [PATCH 641/760] [KYUUBI #5300] Batch v2 should not update
 kyuubi_instance when open session

### _Why are the changes needed?_

See more in close #5300

Remove update metadata kyuubi_instance, when open session under batch v2 implementation.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5301 from zwangsheng/server/v2_should_not_update_connect_url.

Closes #5300

0a67bcda1 [zwangsheng] [V2][REST] Not update kyuubi instace  when open session

Authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../scala/org/apache/kyuubi/session/KyuubiBatchSession.scala     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index c8563bca1..e10230ebf 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -156,7 +156,6 @@ class KyuubiBatchSession(
         // new batch job created using batch impl v2
         val metadataToUpdate = Metadata(
           identifier = initialMetadata.identifier,
-          kyuubiInstance = connectionUrl,
           requestName = name.orNull,
           requestConf = optimizedConf ++ kubernetesInfo, // save the kubernetes info
           clusterManager = batchJobSubmissionOp.builder.clusterManager())

From ece25f2b5dbcd6790b023a20c1d2fe1a79d761c0 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Mon, 18 Sep 2023 18:29:20 +0800
Subject: [PATCH 642/760] [KYUUBI #5305] Return dummy log when batch job before
 being added to session manager
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

…sion manager

### _Why are the changes needed?_

As title

Current we open session first then hand this session with batch by SessionManager:
https://github.com/apache/kyuubi/blob/413683507079f8f97217e8099177f0b16bc9192d/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala#L97-L121

We may face `No local log `exception, when kyuubi server picked this batch job to open session but not handled by SessionManager, due to time gap and code gap.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5305 from zwangsheng/server/improve_localLog_when_job_under_submmit.

Closes #5305

14e27c115 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
a5b3ca1f0 [zwangsheng] [V2] Retunr dump log when batch job was picked but not handler by session manager

Lead-authored-by: zwangsheng <binjieyang@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/server/api/v1/BatchesResource.scala  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 12db68aeb..a525ac4b2 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -415,6 +415,13 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
         } else if (fe.connectionUrl != metadata.kyuubiInstance) {
           val internalRestClient = getInternalRestClient(metadata.kyuubiInstance)
           internalRestClient.getBatchLocalLog(userName, batchId, from, size)
+        } else if (batchV2Enabled(metadata.requestConf) &&
+          // in batch v2 impl, the operation state is changed from PENDING to RUNNING
+          // before being added to SessionManager.
+          (metadata.state == "PENDING" || metadata.state == "RUNNING")) {
+          info(s"Batch $batchId is waiting for submitting")
+          val dummyLogs = List(s"Batch $batchId is waiting for submitting").asJava
+          new OperationLog(dummyLogs, dummyLogs.size)
         } else {
           throw new NotFoundException(s"No local log found for batch: $batchId")
         }

From 2732449d3ab378f061f75a25cda32d7cdc4a5f78 Mon Sep 17 00:00:00 2001
From: Cheng Pan <pan3793@gmail.com>
Date: Tue, 19 Sep 2023 12:15:44 +0800
Subject: [PATCH 643/760] [KYUUBI #5305][FOLLOWUP] Fix get local log UT

### _Why are the changes needed?_

Fix UT fail introduced by #5305

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5307 from zwangsheng/KYUUBI#5305-follow-up.

Closes #5305

82a050493 [Cheng Pan] Update kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
5c192c908 [zwangsheng] [KYUUBI #5305][FOLLOWUP] Fix get local log ut

Lead-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/server/api/v1/BatchesResourceSuite.scala | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 3a47461a2..7270f68d6 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -623,8 +623,17 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
       .queryParam("size", "1")
       .request(MediaType.APPLICATION_JSON_TYPE)
       .get()
-    assert(logResponse.getStatus === 404)
-    assert(logResponse.readEntity(classOf[String]).contains("No local log found"))
+    batchVersion match {
+      case "1" =>
+        assert(logResponse.getStatus === 404)
+        assert(logResponse.readEntity(classOf[String]).contains("No local log found"))
+      case "2" =>
+        assert(logResponse.getStatus === 200)
+        assert(logResponse.readEntity(classOf[String]).contains(
+          s"Batch ${metadata.identifier} is waiting for submitting"))
+      case _ =>
+        fail(s"unexpected batch version: $batchVersion")
+    }
 
     // get local batch log that is not existing
     logResponse = webTarget.path(s"api/v1/batches/${UUID.randomUUID.toString}/localLog")

From 2abceeaf50d792b616d5ed4cb2608e30f9ace863 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Tue, 19 Sep 2023 06:43:04 +0000
Subject: [PATCH 644/760] [KYUUBI #5308] Ensure release using Java 8

### _Why are the changes needed?_

Avoid releasing new version with incorrect java version.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5308 from wForget/release_check_java_version.

Closes #5308

8bf3c13ba [Cheng Pan] Update build/release/release.sh
90ddd145d [wforget] comment
b6ab1a480 [wforget] Check java version for release script

Lead-authored-by: wforget <643348094@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/build/release/release.sh b/build/release/release.sh
index fefcce6a9..bb15fb402 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -52,6 +52,21 @@ if [[ ${RELEASE_VERSION} =~ .*-SNAPSHOT ]]; then
   exit 1
 fi
 
+if [ -n "${JAVA_HOME}" ]; then
+  JAVA="${JAVA_HOME}/bin/java"
+elif [ "$(command -v java)" ]; then
+  JAVA="java"
+else
+  echo "JAVA_HOME is not set" >&2
+  exit 1
+fi
+
+JAVA_VERSION=$($JAVA -version 2>&1 | awk -F '"' '/version/ {print $2}')
+if [[ $JAVA_VERSION != 1.8.* ]]; then
+  echo "Unexpected Java version: $JAVA_VERSION. Java 8 is required for release."
+  exit 1
+fi
+
 RELEASE_TAG="v${RELEASE_VERSION}-rc${RELEASE_RC_NO}"
 
 SVN_STAGING_REPO="https://dist.apache.org/repos/dist/dev/kyuubi"

From 18d043fcbd81861a6964a780e962ce7fb47ca744 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Wed, 20 Sep 2023 11:02:52 +0800
Subject: [PATCH 645/760] [KYUUBI #5310] [BATCH] Batch session recovery should
 start after HTTP server getting started

### _Why are the changes needed?_

In rare cases, when JettyServer is not fully started, we start the recovery task, will get the wrong port.

As a result, we cannot get the task that is not properly submitted by the current kyuubi server instance correctly.

Like :
```
mysql> select identifier, kyuubi_instance  from metadata where kyuubi_instance like '%:-1';
+--------------------------------------+----------------------+
| identifier                           | kyuubi_instance      |
+--------------------------------------+----------------------+
| b6e88262-fddb-3ccd-abdf-95ef206e612b | XXXX:-1              |
| 6a02b526-ed10-3b76-ba36-d61fbaf6b28d | XXXX:-1              |
| 70a0446e-d3d0-3b13-9d34-4cc90369c2d9 | XXXX:-1              |
| d290ee2e-b8cd-3bc4-b6c6-72f5b5dfcb9b | XXXX:-1              |
| 9bb10f4-24b4-3eec-b13b-7932b310cb5cd | XXXX:-1              |
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

In local env, start kyuubi server with this PR, kyuubi server start as excpeted.

And i remove start server and runInternal, kyuubi server will wait here.

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5310 from zwangsheng/rest_client/wait_server_start_start_recovery.

Closes #5310

15282c67e [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
d51476b6e [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
a276e39fa [zwangsheng] remove useless thread
2f91f4c85 [zwangsheng] fix comment
a73fa45e8 [zwangsheng] [REST] RestService should wait jetty server started then start to recovery batch session

Lead-authored-by: zwangsheng <binjieyang@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../apache/kyuubi/server/KyuubiRestFrontendService.scala  | 8 +++++++-
 .../scala/org/apache/kyuubi/server/ui/JettyServer.scala   | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 20df64df2..28dfab731 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -183,10 +183,16 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
     if (!isStarted.get) {
       try {
         server.start()
-        recoverBatchSessions()
         isStarted.set(true)
         startBatchChecker()
         startInternal()
+        // block until the HTTP server is started, otherwise, we may get
+        // the wrong HTTP server port -1
+        while (server.getState != "STARTED") {
+          info(s"Waiting for $getName's HTTP server getting started")
+          Thread.sleep(1000)
+        }
+        recoverBatchSessions()
       } catch {
         case e: Exception => throw new KyuubiException(s"Cannot start $getName", e)
       }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/ui/JettyServer.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/ui/JettyServer.scala
index 3ee6f0913..00b172f2c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/ui/JettyServer.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/ui/JettyServer.scala
@@ -67,6 +67,8 @@ private[kyuubi] case class JettyServer(
       dest: String): Unit = {
     addHandler(JettyUtils.createRedirectHandler(src, dest))
   }
+
+  def getState: String = server.getState
 }
 
 object JettyServer {

From cd325b48aeaa9aa155f03f5ad99790e3157fd30f Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 20 Sep 2023 11:34:13 +0800
Subject: [PATCH 646/760] [KYUUBI #5306] YarnApplicationOperation supports
 proxy user

### _Why are the changes needed?_

For the secured YARN cluster, the Kyuubi Server's user typically has no permission to kill the application. Proxy user or admin should be used instead.

https://docs.cloudera.com/documentation/enterprise/latest/topics/cm_mc_yarn_acl.html#concept_yarn_app_acls__section_killing_an_app

> For YARN, the following three groups of users are allowed to kill a running application:
> - The application owner
> - A cluster administrator defined in yarn.admin.acl
> - A queue administrator defined in aclAdministerApps for the queue in which the application is running

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

Verified ADMIN mode in internal deployment. (output message is formatted for readable)
```
Error: Batch e351185f-1ed8-437a-91bf-da2174e611e2 failed:
{
    "id":"e351185f-1ed8-437a-91bf-da2174e611e2",
    "user":"da_music",
    "batchType":"SPARK",
    "name":"SparkPi",
    "appStartTime":0,
    "appId":"application_1694730881181_58306",
    "appUrl":"http://xxxx-rm-2.xxxx:8088/cluster/app/application_1694730881181_58306",
    "appState":"KILLED",
    "appDiagnostic":"Application application_1694730881181_58306 was killed by user yarn at 10.49.59.149",
    "kyuubiInstance":"kyuubi-1.kyuubi-headless.spark.svc.cluster.local:10099",
    "state":"CANCELED",
    "createTime":1695102138188,
    "endTime":1695102163341,
    "batchInfo":{}
}
```

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5306 from pan3793/kill-proxy-user.

Closes #5306

2b2e54307 [Cheng Pan] address comments
e7e9a9c57 [Cheng Pan] nit
9cf2afc61 [Cheng Pan] polish
ff82d1230 [Cheng Pan] polish
bf0057b41 [Cheng Pan] ApplicationManager supports proxy user

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                |   7 +
 .../main/scala/org/apache/kyuubi/Utils.scala  |   9 +
 .../org/apache/kyuubi/config/KyuubiConf.scala |  26 +++
 .../kyuubi/engine/ApplicationOperation.scala  |  14 +-
 .../org/apache/kyuubi/engine/EngineRef.scala  |   6 +-
 .../engine/JpsApplicationOperation.scala      |   6 +-
 .../KubernetesApplicationOperation.scala      |   6 +-
 .../engine/KyuubiApplicationManager.scala     |  10 +-
 .../engine/YarnApplicationOperation.scala     | 183 +++++++++++-------
 .../kyuubi/operation/BatchJobSubmission.scala |   3 +-
 .../server/api/v1/BatchesResource.scala       |  14 +-
 11 files changed, 193 insertions(+), 91 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index add63544d..832099764 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -460,6 +460,13 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.spnego.keytab    | &lt;undefined&gt; | Keytab file for SPNego principal                                                                                                                                                                                                       | string | 1.6.0 |
 | kyuubi.spnego.principal | &lt;undefined&gt; | SPNego service principal, typical value would look like HTTP/_HOST@EXAMPLE.COM. SPNego service principal would be used when restful Kerberos security is enabled. This needs to be set only if SPNEGO is to be used in authentication. | string | 1.6.0 |
 
+### Yarn
+
+|            Key            | Default |                                                                                                                                                 Meaning                                                                                                                                                 |  Type  | Since |
+|---------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------|
+| kyuubi.yarn.user.admin    | yarn    | When kyuubi.yarn.user.strategy is set to ADMIN, use this admin user to construct YARN client for application management, e.g. kill application.                                                                                                                                                         | string | 1.8.0 |
+| kyuubi.yarn.user.strategy | NONE    | Determine which user to use to construct YARN client for application management, e.g. kill application. Options: <ul><li>NONE: use Kyuubi server user.</li><li>ADMIN: use admin user configured in `kyuubi.yarn.user.admin`.</li><li>OWNER: use session user, typically is application owner.</li></ul> | string | 1.8.0 |
+
 ### Zookeeper
 
 |                       Key                        |      Default       |                                                                                 Meaning                                                                                  |  Type   | Since |
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
index fac30a173..accfca4c9 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/Utils.scala
@@ -21,6 +21,7 @@ import java.io._
 import java.net.{Inet4Address, InetAddress, NetworkInterface}
 import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, Paths, StandardCopyOption}
+import java.security.PrivilegedAction
 import java.text.SimpleDateFormat
 import java.util.{Date, Properties, TimeZone, UUID}
 import java.util.concurrent.TimeUnit
@@ -203,6 +204,14 @@ object Utils extends Logging {
 
   def currentUser: String = UserGroupInformation.getCurrentUser.getShortUserName
 
+  def doAs[T](
+      proxyUser: String,
+      realUser: UserGroupInformation = UserGroupInformation.getCurrentUser)(f: () => T): T = {
+    UserGroupInformation.createProxyUser(proxyUser, realUser).doAs(new PrivilegedAction[T] {
+      override def run(): T = f()
+    })
+  }
+
   private val shortVersionRegex = """^(\d+\.\d+\.\d+)(.*)?$""".r
 
   /**
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 61d97da9e..50006b95e 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2826,6 +2826,32 @@ object KyuubiConf {
       .version("1.7.2")
       .fallbackConf(ENGINE_SUBMIT_TIMEOUT)
 
+  object YarnUserStrategy extends Enumeration {
+    type YarnUserStrategy = Value
+    val NONE, ADMIN, OWNER = Value
+  }
+
+  val YARN_USER_STRATEGY: ConfigEntry[String] =
+    buildConf("kyuubi.yarn.user.strategy")
+      .doc("Determine which user to use to construct YARN client for application management, " +
+        "e.g. kill application. Options: <ul>" +
+        "<li>NONE: use Kyuubi server user.</li>" +
+        "<li>ADMIN: use admin user configured in `kyuubi.yarn.user.admin`.</li>" +
+        "<li>OWNER: use session user, typically is application owner.</li>" +
+        "</ul>")
+      .version("1.8.0")
+      .stringConf
+      .checkValues(YarnUserStrategy)
+      .createWithDefault("NONE")
+
+  val YARN_USER_ADMIN: ConfigEntry[String] =
+    buildConf("kyuubi.yarn.user.admin")
+      .doc(s"When ${YARN_USER_STRATEGY.key} is set to ADMIN, use this admin user to " +
+        "construct YARN client for application management, e.g. kill application.")
+      .version("1.8.0")
+      .stringConf
+      .createWithDefault("yarn")
+
   /**
    * Holds information about keys that have been deprecated.
    *
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
index 2acce39cc..23a49c1ae 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ApplicationOperation.scala
@@ -47,11 +47,18 @@ trait ApplicationOperation {
    *            For example,
    *            if the Hadoop Yarn is used, for spark applications,
    *            the tag will be preset via spark.yarn.tags
+   * @param proxyUser the proxy user to use for executing kill commands.
+   *                  For secured YARN cluster, the Kyuubi Server's user typically
+   *                  has no permission to kill the application. Admin user or
+   *                  application owner should be used instead.
    * @return a message contains response describing how the kill process.
    *
    * @note For implementations, please suppress exceptions and always return KillResponse
    */
-  def killApplicationByTag(appMgrInfo: ApplicationManagerInfo, tag: String): KillResponse
+  def killApplicationByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      proxyUser: Option[String] = None): KillResponse
 
   /**
    * Get the engine/application status by the unique application tag
@@ -59,11 +66,16 @@ trait ApplicationOperation {
    * @param appMgrInfo the application manager information
    * @param tag the unique application tag for engine instance.
    * @param submitTime engine submit to resourceManager time
+   * @param proxyUser  the proxy user to use for creating YARN client
+   *                   For secured YARN cluster, the Kyuubi Server's user may have no permission
+   *                   to operate the application. Admin user or application owner could be used
+   *                   instead.
    * @return [[ApplicationInfo]]
    */
   def getApplicationInfoByTag(
       appMgrInfo: ApplicationManagerInfo,
       tag: String,
+      proxyUser: Option[String] = None,
       submitTime: Option[Long] = None): ApplicationInfo
 }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
index 160e7f39e..6122a6f13 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/EngineRef.scala
@@ -233,7 +233,8 @@ private[kyuubi] class EngineRef(
         }
 
         if (started + timeout <= System.currentTimeMillis()) {
-          val killMessage = engineManager.killApplication(builder.appMgrInfo(), engineRefId)
+          val killMessage =
+            engineManager.killApplication(builder.appMgrInfo(), engineRefId, Some(appUser))
           builder.close(true)
           MetricsSystem.tracing(_.incCount(MetricRegistry.name(ENGINE_TIMEOUT, appUser)))
           throw KyuubiSQLException(
@@ -254,6 +255,7 @@ private[kyuubi] class EngineRef(
             val applicationInfo = engineMgr.getApplicationInfo(
               builder.appMgrInfo(),
               engineRefId,
+              Some(appUser),
               Some(started))
 
             applicationInfo.foreach { appInfo =>
@@ -310,7 +312,7 @@ private[kyuubi] class EngineRef(
       try {
         val appMgrInfo = builder.appMgrInfo()
         builder.close(true)
-        engineManager.killApplication(appMgrInfo, engineRefId)
+        engineManager.killApplication(appMgrInfo, engineRefId, Some(appUser))
       } catch {
         case e: Exception =>
           warn(s"Error closing engine builder, engineRefId: $engineRefId", e)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
index 64dacbb64..1d0d58d16 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/JpsApplicationOperation.scala
@@ -83,14 +83,16 @@ class JpsApplicationOperation extends ApplicationOperation {
 
   override def killApplicationByTag(
       appMgrInfo: ApplicationManagerInfo,
-      tag: String): KillResponse = {
+      tag: String,
+      proxyUser: Option[String] = None): KillResponse = {
     killJpsApplicationByTag(tag, true)
   }
 
   override def getApplicationInfoByTag(
       appMgrInfo: ApplicationManagerInfo,
       tag: String,
-      submitTime: Option[Long]): ApplicationInfo = {
+      proxyUser: Option[String] = None,
+      submitTime: Option[Long] = None): ApplicationInfo = {
     val commandOption = getEngine(tag)
     if (commandOption.nonEmpty) {
       val idAndCmd = commandOption.get
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
index c9d509efe..16a0c29d1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KubernetesApplicationOperation.scala
@@ -117,7 +117,8 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
 
   override def killApplicationByTag(
       appMgrInfo: ApplicationManagerInfo,
-      tag: String): KillResponse = {
+      tag: String,
+      proxyUser: Option[String] = None): KillResponse = {
     if (kyuubiConf == null) {
       throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
     }
@@ -157,7 +158,8 @@ class KubernetesApplicationOperation extends ApplicationOperation with Logging {
   override def getApplicationInfoByTag(
       appMgrInfo: ApplicationManagerInfo,
       tag: String,
-      submitTime: Option[Long]): ApplicationInfo = {
+      proxyUser: Option[String] = None,
+      submitTime: Option[Long] = None): ApplicationInfo = {
     if (kyuubiConf == null) {
       throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
     }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index 4e121d297..f8b640053 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -60,11 +60,14 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
     super.stop()
   }
 
-  def killApplication(appMgrInfo: ApplicationManagerInfo, tag: String): KillResponse = {
+  def killApplication(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      proxyUser: Option[String] = None): KillResponse = {
     var (killed, lastMessage): KillResponse = (false, null)
     for (operation <- operations if !killed) {
       if (operation.isSupported(appMgrInfo)) {
-        val (k, m) = operation.killApplicationByTag(appMgrInfo, tag)
+        val (k, m) = operation.killApplicationByTag(appMgrInfo, tag, proxyUser)
         killed = k
         lastMessage = m
       }
@@ -83,10 +86,11 @@ class KyuubiApplicationManager extends AbstractService("KyuubiApplicationManager
   def getApplicationInfo(
       appMgrInfo: ApplicationManagerInfo,
       tag: String,
+      proxyUser: Option[String] = None,
       submitTime: Option[Long] = None): Option[ApplicationInfo] = {
     val operation = operations.find(_.isSupported(appMgrInfo))
     operation match {
-      case Some(op) => Some(op.getApplicationInfoByTag(appMgrInfo, tag, submitTime))
+      case Some(op) => Some(op.getApplicationInfoByTag(appMgrInfo, tag, proxyUser, submitTime))
       case None => None
     }
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
index d87fc406a..1f672ad70 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/YarnApplicationOperation.scala
@@ -21,11 +21,14 @@ import java.util.Locale
 
 import scala.collection.JavaConverters._
 
+import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.yarn.api.records.{FinalApplicationStatus, YarnApplicationState}
 import org.apache.hadoop.yarn.client.api.YarnClient
 
-import org.apache.kyuubi.Logging
+import org.apache.kyuubi.{Logging, Utils}
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.YarnUserStrategy
+import org.apache.kyuubi.config.KyuubiConf.YarnUserStrategy._
 import org.apache.kyuubi.engine.ApplicationOperation._
 import org.apache.kyuubi.engine.ApplicationState.ApplicationState
 import org.apache.kyuubi.engine.YarnApplicationOperation.toApplicationState
@@ -33,106 +36,136 @@ import org.apache.kyuubi.util.KyuubiHadoopUtils
 
 class YarnApplicationOperation extends ApplicationOperation with Logging {
 
-  @volatile private var yarnClient: YarnClient = _
+  private var yarnConf: Configuration = _
+  @volatile private var adminYarnClient: Option[YarnClient] = None
   private var submitTimeout: Long = _
 
   override def initialize(conf: KyuubiConf): Unit = {
     submitTimeout = conf.get(KyuubiConf.ENGINE_YARN_SUBMIT_TIMEOUT)
-    val yarnConf = KyuubiHadoopUtils.newYarnConfiguration(conf)
-    // YarnClient is thread-safe
-    val c = YarnClient.createYarnClient()
-    c.init(yarnConf)
-    c.start()
-    yarnClient = c
-    info(s"Successfully initialized yarn client: ${c.getServiceState}")
+    yarnConf = KyuubiHadoopUtils.newYarnConfiguration(conf)
+
+    def createYarnClientWithCurrentUser(): Unit = {
+      val c = createYarnClient(yarnConf)
+      info(s"Creating admin YARN client with current user: ${Utils.currentUser}.")
+      adminYarnClient = Some(c)
+    }
+
+    def createYarnClientWithProxyUser(proxyUser: String): Unit = Utils.doAs(proxyUser) { () =>
+      val c = createYarnClient(yarnConf)
+      info(s"Creating admin YARN client with proxy user: $proxyUser.")
+      adminYarnClient = Some(c)
+    }
+
+    YarnUserStrategy.withName(conf.get(KyuubiConf.YARN_USER_STRATEGY)) match {
+      case NONE =>
+        createYarnClientWithCurrentUser()
+      case ADMIN if conf.get(KyuubiConf.YARN_USER_ADMIN) == Utils.currentUser =>
+        createYarnClientWithCurrentUser()
+      case ADMIN =>
+        createYarnClientWithProxyUser(conf.get(KyuubiConf.YARN_USER_ADMIN))
+      case OWNER =>
+        info("Skip initializing admin YARN client")
+    }
   }
 
-  override def isSupported(appMgrInfo: ApplicationManagerInfo): Boolean = {
-    yarnClient != null && appMgrInfo.resourceManager.exists(
-      _.toLowerCase(Locale.ROOT).startsWith("yarn"))
+  private def createYarnClient(_yarnConf: Configuration): YarnClient = {
+    // YarnClient is thread-safe
+    val yarnClient = YarnClient.createYarnClient()
+    yarnClient.init(_yarnConf)
+    yarnClient.start()
+    yarnClient
   }
 
-  override def killApplicationByTag(
-      appMgrInfo: ApplicationManagerInfo,
-      tag: String): KillResponse = {
-    if (yarnClient != null) {
-      try {
-        val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
-        if (reports.isEmpty) {
-          (false, NOT_FOUND)
-        } else {
+  private def withYarnClient[T](proxyUser: Option[String])(action: YarnClient => T): T = {
+    (adminYarnClient, proxyUser) match {
+      case (Some(yarnClient), _) =>
+        action(yarnClient)
+      case (None, Some(user)) =>
+        Utils.doAs(user) { () =>
+          var yarnClient: YarnClient = null
           try {
-            val applicationId = reports.get(0).getApplicationId
-            yarnClient.killApplication(applicationId)
-            (true, s"Succeeded to terminate: $applicationId with $tag")
-          } catch {
-            case e: Exception =>
-              (false, s"Failed to terminate application with $tag, due to ${e.getMessage}")
+            yarnClient = createYarnClient(yarnConf)
+            action(yarnClient)
+          } finally {
+            Utils.tryLogNonFatalError(yarnClient.close())
           }
         }
-      } catch {
-        case e: Exception =>
-          (
-            false,
-            s"Failed to get while terminating application with tag $tag," +
-              s" due to ${e.getMessage}")
-      }
-    } else {
-      throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
+      case (None, None) =>
+        throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
     }
   }
 
-  override def getApplicationInfoByTag(
+  override def isSupported(appMgrInfo: ApplicationManagerInfo): Boolean =
+    appMgrInfo.resourceManager.exists(_.toLowerCase(Locale.ROOT).startsWith("yarn"))
+
+  override def killApplicationByTag(
       appMgrInfo: ApplicationManagerInfo,
       tag: String,
-      submitTime: Option[Long]): ApplicationInfo = {
-    if (yarnClient != null) {
-      debug(s"Getting application info from Yarn cluster by $tag tag")
+      proxyUser: Option[String] = None): KillResponse = withYarnClient(proxyUser) { yarnClient =>
+    try {
       val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
       if (reports.isEmpty) {
-        debug(s"Application with tag $tag not found")
-        submitTime match {
-          case Some(_submitTime) =>
-            val elapsedTime = System.currentTimeMillis - _submitTime
-            if (elapsedTime > submitTimeout) {
-              error(s"Can't find target yarn application by tag: $tag, " +
-                s"elapsed time: ${elapsedTime}ms exceeds ${submitTimeout}ms.")
-              ApplicationInfo.NOT_FOUND
-            } else {
-              warn("Wait for yarn application to be submitted, " +
-                s"elapsed time: ${elapsedTime}ms, return UNKNOWN status")
-              ApplicationInfo.UNKNOWN
-            }
-          case _ => ApplicationInfo.NOT_FOUND
-        }
+        (false, NOT_FOUND)
       } else {
-        val report = reports.get(0)
-        val info = ApplicationInfo(
-          id = report.getApplicationId.toString,
-          name = report.getName,
-          state = toApplicationState(
-            report.getApplicationId.toString,
-            report.getYarnApplicationState,
-            report.getFinalApplicationStatus),
-          url = Option(report.getTrackingUrl),
-          error = Option(report.getDiagnostics))
-        debug(s"Successfully got application info by $tag: $info")
-        info
+        try {
+          val applicationId = reports.get(0).getApplicationId
+          yarnClient.killApplication(applicationId)
+          (true, s"Succeeded to terminate: $applicationId with $tag")
+        } catch {
+          case e: Exception =>
+            (false, s"Failed to terminate application with $tag, due to ${e.getMessage}")
+        }
       }
-    } else {
-      throw new IllegalStateException("Methods initialize and isSupported must be called ahead")
+    } catch {
+      case e: Exception =>
+        (
+          false,
+          s"Failed to get while terminating application with tag $tag, due to ${e.getMessage}")
     }
   }
 
-  override def stop(): Unit = {
-    if (yarnClient != null) {
-      try {
-        yarnClient.stop()
-      } catch {
-        case e: Exception => error(e.getMessage)
+  override def getApplicationInfoByTag(
+      appMgrInfo: ApplicationManagerInfo,
+      tag: String,
+      proxyUser: Option[String] = None,
+      submitTime: Option[Long] = None): ApplicationInfo = withYarnClient(proxyUser) { yarnClient =>
+    debug(s"Getting application info from Yarn cluster by $tag tag")
+    val reports = yarnClient.getApplications(null, null, Set(tag).asJava)
+    if (reports.isEmpty) {
+      debug(s"Application with tag $tag not found")
+      submitTime match {
+        case Some(_submitTime) =>
+          val elapsedTime = System.currentTimeMillis - _submitTime
+          if (elapsedTime > submitTimeout) {
+            error(s"Can't find target yarn application by tag: $tag, " +
+              s"elapsed time: ${elapsedTime}ms exceeds ${submitTimeout}ms.")
+            ApplicationInfo.NOT_FOUND
+          } else {
+            warn("Wait for yarn application to be submitted, " +
+              s"elapsed time: ${elapsedTime}ms, return UNKNOWN status")
+            ApplicationInfo.UNKNOWN
+          }
+        case _ => ApplicationInfo.NOT_FOUND
       }
+    } else {
+      val report = reports.get(0)
+      val info = ApplicationInfo(
+        id = report.getApplicationId.toString,
+        name = report.getName,
+        state = toApplicationState(
+          report.getApplicationId.toString,
+          report.getYarnApplicationState,
+          report.getFinalApplicationStatus),
+        url = Option(report.getTrackingUrl),
+        error = Option(report.getDiagnostics))
+      debug(s"Successfully got application info by $tag: $info")
+      info
     }
   }
+
+  override def stop(): Unit = adminYarnClient.foreach { yarnClient =>
+    Utils.tryLogNonFatalError(yarnClient.stop())
+  }
 }
 
 object YarnApplicationOperation extends Logging {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 4ea609540..779dc48ae 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -110,6 +110,7 @@ class BatchJobSubmission(
       applicationManager.getApplicationInfo(
         builder.appMgrInfo(),
         batchId,
+        Some(session.user),
         Some(_submitTime))
     applicationId(applicationInfo).foreach { _ =>
       if (_appStartTime <= 0) {
@@ -124,7 +125,7 @@ class BatchJobSubmission(
   }
 
   private[kyuubi] def killBatchApplication(): KillResponse = {
-    applicationManager.killApplication(builder.appMgrInfo(), batchId)
+    applicationManager.killApplication(builder.appMgrInfo(), batchId, Some(session.user))
   }
 
   private val applicationCheckInterval =
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index a525ac4b2..76d913a98 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -323,6 +323,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
               val batchAppStatus = sessionManager.applicationManager.getApplicationInfo(
                 metadata.appMgrInfo,
                 batchId,
+                Some(userName),
                 // prevent that the batch be marked as terminated if application state is NOT_FOUND
                 Some(metadata.engineOpenTime).filter(_ > 0).orElse(Some(System.currentTimeMillis)))
               buildBatch(metadata, batchAppStatus)
@@ -452,9 +453,12 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
       }
     }
 
-    def forceKill(appMgrInfo: ApplicationManagerInfo, batchId: String): KillResponse = {
+    def forceKill(
+        appMgrInfo: ApplicationManagerInfo,
+        batchId: String,
+        user: String): KillResponse = {
       val (killed, message) = sessionManager.applicationManager
-        .killApplication(appMgrInfo, batchId)
+        .killApplication(appMgrInfo, batchId, Some(user))
       info(s"Mark batch[$batchId] closed by ${fe.connectionUrl}")
       sessionManager.updateMetadata(Metadata(identifier = batchId, peerInstanceClosed = true))
       (killed, message)
@@ -480,7 +484,7 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
             new CloseBatchResponse(false, s"The batch[$metadata] has been terminated.")
           } else {
             info(s"Cancel batch[$batchId] with state ${metadata.state} by killing application")
-            val (killed, msg) = forceKill(metadata.appMgrInfo, batchId)
+            val (killed, msg) = forceKill(metadata.appMgrInfo, batchId, userName)
             new CloseBatchResponse(killed, msg)
           }
         } else if (metadata.kyuubiInstance != fe.connectionUrl) {
@@ -491,12 +495,12 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
           } catch {
             case e: KyuubiRestException =>
               error(s"Error redirecting delete batch[$batchId] to ${metadata.kyuubiInstance}", e)
-              val (killed, msg) = forceKill(metadata.appMgrInfo, batchId)
+              val (killed, msg) = forceKill(metadata.appMgrInfo, batchId, userName)
               new CloseBatchResponse(killed, if (killed) msg else Utils.stringifyException(e))
           }
         } else { // should not happen, but handle this for safe
           warn(s"Something wrong on deleting batch[$batchId], try forcibly killing application")
-          val (killed, msg) = forceKill(metadata.appMgrInfo, batchId)
+          val (killed, msg) = forceKill(metadata.appMgrInfo, batchId, userName)
           new CloseBatchResponse(killed, msg)
         }
       }.getOrElse {

From 83bbefe847c04d163c6a62569c9a038b867c7eaa Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 21 Sep 2023 09:49:59 +0800
Subject: [PATCH 647/760] [KYUUBI #5318] Pin maven-source-plugin 3.2.1

### _Why are the changes needed?_

The current maven-source-plugin version(3.3.0) inherits from `org.apache:parent:pom:30`, unfortunately, MSOURCES-121 breaks shaded modules to create source artifacts.

```
[ERROR] We have duplicated artifacts attached.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-source-plugin:3.3.0:jar-no-fork (attach-sources) on project kyuubi-hive-jdbc-shaded: Presumably you have configured maven-source-plugn to execute twice times in your build. You have to configure a classifier for at least on of them. -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-source-plugin:3.3.0:jar-no-fork (attach-sources) on project kyuubi-hive-jdbc-shaded: Presumably you have configured maven-source-plugn to execute twice times in your build. You have to configure a classifier for at least on of them.
```

We should skip upgrading until MSOURCES-141 gets fixed.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5318 from pan3793/mvn-source.

Closes #5318

7d12d12e3 [Cheng Pan] [KYUUBI #5318] Pin maven-source-plugin 3.2.1

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pom.xml b/pom.xml
index faff83917..7e904e97b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -241,6 +241,9 @@
         <maven.plugin.scalastyle.version>1.0.0</maven.plugin.scalastyle.version>
         <maven.plugin.shade.version>3.4.1</maven.plugin.shade.version>
         <maven.plugin.silencer.version>1.7.13</maven.plugin.silencer.version>
+        <!-- MSOURCES-121 breaks creating source artifacts for shaded modules,
+             we should skip upgrading until MSOURCES-141 gets fixed. -->
+        <maven.plugin.source.version>3.2.1</maven.plugin.source.version>
 
         <maven.scaladoc.skip>false</maven.scaladoc.skip>
         <maven.scalastyle.skip>false</maven.scalastyle.skip>
@@ -1755,6 +1758,12 @@
                     </executions>
                 </plugin>
 
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-source-plugin</artifactId>
+                    <version>${maven.plugin.source.version}</version>
+                </plugin>
+
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-shade-plugin</artifactId>

From d472fb2ab12a4a6e4664fd904905186ba4ec83d3 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 21 Sep 2023 16:15:21 +0800
Subject: [PATCH 648/760] [KYUUBI #5202][FOLLOWUP] Update upload_nexus_staging

### _Why are the changes needed?_

As title.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

- [x] Manually review.

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5277 from pan3793/spark-3.4-release.

Closes #5202

ce513b333 [Cheng Pan] [KYUUBI #5202][FOLLOWUP] Update upload_nexus_staging

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/build/release/release.sh b/build/release/release.sh
index bb15fb402..89ecd5230 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -116,6 +116,9 @@ upload_nexus_staging() {
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-2 -am
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.3 \
+    -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
+    -pl extensions/spark/kyuubi-extension-spark-3-3 -am
+  ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml"
 }
 

From 167e6c1ca318e4415c915bd7d11d07db0ccc7447 Mon Sep 17 00:00:00 2001
From: zhaomin <zhaomin1423@163.com>
Date: Thu, 21 Sep 2023 17:05:24 +0800
Subject: [PATCH 649/760] [KYUUBI #5317] [Bug] Hive Connector throws
 NotSerializableException on reading Hive Avro partitioned table

### _Why are the changes needed?_

close https://github.com/apache/kyuubi/issues/5317#issue-1904751001

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5319 from zhaomin1423/fixhive-connector.

Closes #5317

02e5321dc [Cheng Pan] nit
cadabf4ab [Cheng Pan] nit
d38832f40 [zhaomin] improve
ee5b62d84 [zhaomin] improve
794473468 [zhaomin] improve
e3eca91fb [zhaomin] add tests
d9302e2ba [zhaomin] [KYUUBI #5317] [Bug] Hive Connector throws NotSerializableException on reading Hive Avro partitioned table
0bc8ec16f [zhaomin] [KYUUBI #5317] [Bug] Hive Connector throws NotSerializableException on reading Hive Avro partitioned table

Lead-authored-by: zhaomin <zhaomin1423@163.com>
Co-authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../connector/hive/read/HiveFileIndex.scala   | 24 +++--
 .../read/HivePartitionReaderFactory.scala     | 35 ++++----
 .../hive/read/HivePartitionedReader.scala     | 17 ++--
 .../spark/connector/hive/read/HiveScan.scala  |  6 +-
 .../spark/connector/hive/HiveQuerySuite.scala | 87 ++++++++++++++++++-
 5 files changed, 118 insertions(+), 51 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
index a399cc302..0d79621f8 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveFileIndex.scala
@@ -23,14 +23,12 @@ import scala.collection.mutable
 
 import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.{FileStatus, Path}
-import org.apache.hadoop.hive.ql.metadata.{Partition => HivePartition, Table}
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.{expressions, InternalRow}
 import org.apache.spark.sql.catalyst.catalog.{CatalogTable, CatalogTablePartition, ExternalCatalogUtils}
 import org.apache.spark.sql.catalyst.expressions.{AttributeReference, BoundReference, Expression, Predicate}
 import org.apache.spark.sql.connector.catalog.CatalogPlugin
 import org.apache.spark.sql.execution.datasources._
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.HiveClientImpl
 import org.apache.spark.sql.types.StructType
 
 import org.apache.kyuubi.spark.connector.hive.{HiveTableCatalog, KyuubiHiveConnectorException}
@@ -47,18 +45,17 @@ class HiveCatalogFileIndex(
 
   private val table = catalogTable
 
-  private val partPathToBindHivePart: mutable.Map[PartitionPath, HivePartition] = mutable.Map()
+  private val partPathToBindHivePart: mutable.Map[PartitionPath, CatalogTablePartition] =
+    mutable.Map()
 
   private val fileStatusCache = FileStatusCache.getOrCreate(sparkSession)
 
-  private lazy val hiveTable: Table = HiveClientImpl.toHiveTable(table)
-
   private val baseLocation: Option[URI] = table.storage.locationUri
 
   override def partitionSchema: StructType = table.partitionSchema
 
   private[hive] def listHiveFiles(partitionFilters: Seq[Expression], dataFilters: Seq[Expression])
-      : (Seq[PartitionDirectory], Map[PartitionDirectory, HivePartition]) = {
+      : (Seq[PartitionDirectory], Map[PartitionDirectory, CatalogTablePartition]) = {
     val fileIndex = filterPartitions(partitionFilters)
     val partDirs = fileIndex.listFiles(partitionFilters, dataFilters)
     val partDirToHivePart = fileIndex.partDirToBindHivePartMap()
@@ -79,7 +76,7 @@ class HiveCatalogFileIndex(
       }
 
       val partitions = selectedPartitions.map {
-        case BindPartition(catalogTablePartition, hivePartition) =>
+        case BindPartition(catalogTablePartition) =>
           val path = new Path(catalogTablePartition.location)
           val fs = path.getFileSystem(hiveCatalog.hadoopConfiguration())
           val partPath = PartitionPath(
@@ -87,7 +84,7 @@ class HiveCatalogFileIndex(
               partitionSchema,
               sparkSession.sessionState.conf.sessionLocalTimeZone),
             path.makeQualified(fs.getUri, fs.getWorkingDirectory))
-          partPathToBindHivePart += (partPath -> hivePartition)
+          partPathToBindHivePart += (partPath -> catalogTablePartition)
           partPath
       }
       val partitionSpec = PartitionSpec(partitionSchema, partitions)
@@ -114,7 +111,7 @@ class HiveCatalogFileIndex(
   }
 
   private def buildBindPartition(partition: CatalogTablePartition): BindPartition =
-    BindPartition(partition, HiveClientImpl.toHivePartition(partition, hiveTable))
+    BindPartition(partition)
 
   override def partitionSpec(): PartitionSpec = {
     throw notSupportOperator("partitionSpec")
@@ -142,7 +139,7 @@ class HiveInMemoryFileIndex(
     rootPathsSpecified: Seq[Path],
     parameters: Map[String, String],
     userSpecifiedSchema: Option[StructType],
-    partPathToBindHivePart: Map[PartitionPath, HivePartition] = Map.empty,
+    partPathToBindHivePart: Map[PartitionPath, CatalogTablePartition] = Map.empty,
     fileStatusCache: FileStatusCache = NoopCache,
     userSpecifiedPartitionSpec: Option[PartitionSpec] = None,
     override val metadataOpsTimeNs: Option[Long] = None,
@@ -156,7 +153,8 @@ class HiveInMemoryFileIndex(
     userSpecifiedPartitionSpec,
     metadataOpsTimeNs) {
 
-  private val partDirToBindHivePart: mutable.Map[PartitionDirectory, HivePartition] = mutable.Map()
+  private val partDirToBindHivePart: mutable.Map[PartitionDirectory, CatalogTablePartition] =
+    mutable.Map()
 
   override def listFiles(
       partitionFilters: Seq[Expression],
@@ -234,7 +232,7 @@ class HiveInMemoryFileIndex(
     !((name.startsWith("_") && !name.contains("=")) || name.startsWith("."))
   }
 
-  def partDirToBindHivePartMap(): Map[PartitionDirectory, HivePartition] = {
+  def partDirToBindHivePartMap(): Map[PartitionDirectory, CatalogTablePartition] = {
     partDirToBindHivePart.toMap
   }
 
@@ -247,7 +245,7 @@ class HiveInMemoryFileIndex(
   }
 }
 
-case class BindPartition(catalogTablePartition: CatalogTablePartition, hivePartition: HivePartition)
+case class BindPartition(catalogTablePartition: CatalogTablePartition)
 
 object HiveTableCatalogFileIndex {
   implicit class CatalogHelper(plugin: CatalogPlugin) {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
index 0cbd4f6ef..6a2a7f1d6 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionReaderFactory.scala
@@ -31,10 +31,11 @@ import org.apache.spark.TaskContext
 import org.apache.spark.broadcast.Broadcast
 import org.apache.spark.internal.Logging
 import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.catalog.CatalogTablePartition
 import org.apache.spark.sql.connector.read.{InputPartition, PartitionReader, PartitionReaderFactory}
 import org.apache.spark.sql.execution.datasources.{FilePartition, PartitionedFile}
 import org.apache.spark.sql.execution.datasources.v2._
-import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.NextIterator
+import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper.{HiveClientImpl, NextIterator}
 import org.apache.spark.sql.internal.SQLConf
 import org.apache.spark.sql.sources.Filter
 import org.apache.spark.sql.types._
@@ -49,7 +50,7 @@ case class HivePartitionReaderFactory(
     dataSchema: StructType,
     readDataSchema: StructType,
     partitionSchema: StructType,
-    partFileToHivePart: Map[PartitionedFile, HivePartition],
+    partFileToHivePart: Map[PartitionedFile, CatalogTablePartition],
     pushedFilters: Array[Filter] = Array.empty)
   extends PartitionReaderFactory with Logging {
 
@@ -64,17 +65,18 @@ case class HivePartitionReaderFactory(
     val filePartition = partition.asInstanceOf[FilePartition]
     val iter: Iterator[HivePartitionedFileReader[InternalRow]] =
       filePartition.files.toIterator.map { file =>
-        val bindHivePart = partFileToHivePart.getOrElse(file, null)
+        val bindHivePart = partFileToHivePart.get(file)
+        val hivePartition = bindHivePart.map(HiveClientImpl.toHivePartition(_, hiveTable))
         HivePartitionedFileReader(
           file,
           new PartitionReaderWithPartitionValues(
             HivePartitionedReader(
               file,
-              buildReaderInternal(file, bindHivePart),
+              buildReaderInternal(file, hivePartition),
               tableDesc,
               broadcastHiveConf,
               nonPartitionReadDataKeys,
-              bindHivePart,
+              hivePartition,
               charset),
             readDataSchema,
             partitionSchema,
@@ -83,9 +85,9 @@ case class HivePartitionReaderFactory(
     new SparkFilePartitionReader[InternalRow](iter)
   }
 
-  def buildReaderInternal(
+  private def buildReaderInternal(
       file: PartitionedFile,
-      bindPartition: HivePartition): PartitionReader[Writable] = {
+      bindPartition: Option[HivePartition]): PartitionReader[Writable] = {
     val reader = createPartitionWritableReader(file, bindPartition)
     val fileReader = new PartitionReader[Writable] {
       override def next(): Boolean = reader.hasNext
@@ -97,21 +99,16 @@ case class HivePartitionReaderFactory(
 
   private def createPartitionWritableReader[T](
       file: PartitionedFile,
-      bindPartition: HivePartition): Iterator[Writable] = {
+      bindPartition: Option[HivePartition]): Iterator[Writable] = {
     // Obtain binding HivePartition from input partitioned file
-    val partDesc =
-      if (bindPartition != null) {
-        Utilities.getPartitionDesc(bindPartition)
-      } else null
-
-    val ifc =
-      if (partDesc == null) {
-        hiveTable.getInputFormatClass
-          .asInstanceOf[java.lang.Class[InputFormat[Writable, Writable]]]
-      } else {
+    val ifc = bindPartition.map(Utilities.getPartitionDesc) match {
+      case Some(partDesc) =>
         partDesc.getInputFileFormatClass
           .asInstanceOf[java.lang.Class[InputFormat[Writable, Writable]]]
-      }
+      case None =>
+        hiveTable.getInputFormatClass
+          .asInstanceOf[java.lang.Class[InputFormat[Writable, Writable]]]
+    }
 
     val jobConf = new JobConf(broadcastHiveConf.value.value)
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
index 4c1690524..732643eb1 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
@@ -19,7 +19,6 @@ package org.apache.kyuubi.spark.connector.hive.read
 
 import java.util.Properties
 
-import org.apache.hadoop.hive.ql.exec.Utilities
 import org.apache.hadoop.hive.ql.metadata.{Partition => HivePartition}
 import org.apache.hadoop.hive.ql.plan.TableDesc
 import org.apache.hadoop.hive.serde2.Deserializer
@@ -43,30 +42,24 @@ case class HivePartitionedReader(
     tableDesc: TableDesc,
     broadcastHiveConf: Broadcast[SerializableConfiguration],
     nonPartitionReadDataKeys: Seq[Attribute],
-    bindPartition: HivePartition,
+    bindPartitionOpt: Option[HivePartition],
     charset: String = "utf-8") extends PartitionReader[InternalRow] with Logging {
 
-  private val partDesc =
-    if (bindPartition != null) {
-      Utilities.getPartitionDesc(bindPartition)
-    } else null
   private val hiveConf = broadcastHiveConf.value.value
 
   private val tableDeser = tableDesc.getDeserializerClass.newInstance()
   tableDeser.initialize(hiveConf, tableDesc.getProperties)
 
-  private val localDeser: Deserializer =
-    if (bindPartition != null &&
-      bindPartition.getDeserializer != null) {
+  private val localDeser: Deserializer = bindPartitionOpt match {
+    case Some(bindPartition) if bindPartition.getDeserializer != null =>
       val tableProperties = tableDesc.getProperties
       val props = new Properties(tableProperties)
       val deserializer =
         bindPartition.getDeserializer.getClass.asInstanceOf[Class[Deserializer]].newInstance()
       deserializer.initialize(hiveConf, props)
       deserializer
-    } else {
-      tableDeser
-    }
+    case _ => tableDeser
+  }
 
   private val internalRow = new SpecificInternalRow(nonPartitionReadDataKeys.map(_.dataType))
 
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
index 518a9cb68..0b79d7307 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
@@ -23,9 +23,8 @@ import scala.collection.mutable
 
 import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.Path
-import org.apache.hadoop.hive.ql.metadata.{Partition => HivePartition}
 import org.apache.spark.sql.SparkSession
-import org.apache.spark.sql.catalyst.catalog.{CatalogStorageFormat, CatalogTable}
+import org.apache.spark.sql.catalyst.catalog.{CatalogStorageFormat, CatalogTable, CatalogTablePartition}
 import org.apache.spark.sql.catalyst.expressions.{AttributeReference, Expression}
 import org.apache.spark.sql.catalyst.expressions.codegen.GenerateUnsafeProjection
 import org.apache.spark.sql.connector.read.PartitionReaderFactory
@@ -52,7 +51,8 @@ case class HiveScan(
 
   private val isCaseSensitive = sparkSession.sessionState.conf.caseSensitiveAnalysis
 
-  private val partFileToHivePartMap: mutable.Map[PartitionedFile, HivePartition] = mutable.Map()
+  private val partFileToHivePartMap: mutable.Map[PartitionedFile, CatalogTablePartition] =
+    mutable.Map()
 
   override def isSplitable(path: Path): Boolean = {
     catalogTable.provider.map(_.toUpperCase(Locale.ROOT)).exists {
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
index d0b97676b..1d3d5ae10 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
@@ -22,23 +22,31 @@ import org.apache.spark.sql.catalyst.analysis.UnresolvedRelation
 
 class HiveQuerySuite extends KyuubiHiveTest {
 
-  def withTempNonPartitionedTable(spark: SparkSession, table: String)(f: => Unit): Unit = {
+  def withTempNonPartitionedTable(
+      spark: SparkSession,
+      table: String,
+      format: String = "PARQUET",
+      hiveTable: Boolean = false)(f: => Unit): Unit = {
     spark.sql(
       s"""
          | CREATE TABLE IF NOT EXISTS
          | $table (id String, date String)
-         | USING PARQUET
+         | ${if (hiveTable) "STORED AS" else "USING"} $format
          |""".stripMargin).collect()
     try f
     finally spark.sql(s"DROP TABLE $table")
   }
 
-  def withTempPartitionedTable(spark: SparkSession, table: String)(f: => Unit): Unit = {
+  def withTempPartitionedTable(
+      spark: SparkSession,
+      table: String,
+      format: String = "PARQUET",
+      hiveTable: Boolean = false)(f: => Unit): Unit = {
     spark.sql(
       s"""
          | CREATE TABLE IF NOT EXISTS
          | $table (id String, year String, month string)
-         | USING PARQUET
+         | ${if (hiveTable) "STORED AS" else "USING"} $format
          | PARTITIONED BY (year, month)
          |""".stripMargin).collect()
     try f
@@ -186,4 +194,75 @@ class HiveQuerySuite extends KyuubiHiveTest {
       }
     }
   }
+
+  test("read partitioned avro table") {
+    readPartitionedTable("AVRO", true)
+    readPartitionedTable("AVRO", false)
+  }
+
+  test("read un-partitioned avro table") {
+    readUnPartitionedTable("AVRO", true)
+    readUnPartitionedTable("AVRO", false)
+  }
+
+  test("read partitioned textfile table") {
+    readPartitionedTable("TEXTFILE", true)
+    readPartitionedTable("TEXTFILE", false)
+  }
+
+  test("read un-partitioned textfile table") {
+    readUnPartitionedTable("TEXTFILE", true)
+    readUnPartitionedTable("TEXTFILE", false)
+  }
+
+  test("read partitioned SequenceFile table") {
+    readPartitionedTable("SequenceFile", true)
+    readPartitionedTable("SequenceFile", false)
+  }
+
+  test("read un-partitioned SequenceFile table") {
+    readUnPartitionedTable("SequenceFile", true)
+    readUnPartitionedTable("SequenceFile", false)
+  }
+
+  test("read partitioned ORC table") {
+    readPartitionedTable("ORC", true)
+    readPartitionedTable("ORC", false)
+  }
+
+  test("read un-partitioned ORC table") {
+    readUnPartitionedTable("ORC", true)
+    readUnPartitionedTable("ORC", false)
+  }
+
+  private def readPartitionedTable(format: String, hiveTable: Boolean): Unit = {
+    withSparkSession() { spark =>
+      val table = "hive.default.employee"
+      withTempPartitionedTable(spark, table, format, hiveTable) {
+        spark.sql(
+          s"""
+             | INSERT OVERWRITE
+             | $table PARTITION(year = '2023')
+             | VALUES("zhao", "09")
+             |""".stripMargin)
+        checkQueryResult(s"select * from $table", spark, Array(Row.apply("zhao", "2023", "09")))
+      }
+    }
+  }
+
+  private def readUnPartitionedTable(format: String, hiveTable: Boolean): Unit = {
+    withSparkSession() { spark =>
+      val table = "hive.default.employee"
+      withTempNonPartitionedTable(spark, table, format, hiveTable) {
+        spark.sql(
+          s"""
+             | INSERT OVERWRITE
+             | $table
+             | VALUES("zhao", "2023-09-21")
+             |""".stripMargin).collect()
+
+        checkQueryResult(s"select * from $table", spark, Array(Row.apply("zhao", "2023-09-21")))
+      }
+    }
+  }
 }

From ffebc647f8ec338d614d2f48361643880f6235da Mon Sep 17 00:00:00 2001
From: "kandy01.wang" <kandy01.wang@vipshop.com>
Date: Thu, 21 Sep 2023 17:53:56 +0800
Subject: [PATCH 650/760] [KYUUBI #5315][FLINK] Propagate HIVE_CONF_DIR on
 launching Flink engine

### _Why are the changes needed?_

create a Hive catalog in Flink SQL Client as follows:

```
CREATE CATALOG myhive WITH (
  'type' = 'hive',
  'hive-conf-dir' = '/opt/hive-conf'
)
```
we should propagate `hive-conf-dir` and pass `HIVE_CONF_DIR` as an env variable to the AppMaster

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5316 from hadoopkandy/KYUUBI-5315.

Closes #5315

3f12acb59 [kandy01.wang] [KYUUBI #5315] [Improvement] Propagate HIVE_CONF_DIR on launching Flink engine

Authored-by: kandy01.wang <kandy01.wang@vipshop.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/flink/FlinkProcessBuilder.scala | 15 +++++++++++++++
 .../engine/flink/FlinkProcessBuilderSuite.scala   | 14 ++++++++++----
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
index 77b9cd6d3..f43adfbc2 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilder.scala
@@ -104,6 +104,16 @@ class FlinkProcessBuilder(
         val userJars = conf.get(ENGINE_FLINK_APPLICATION_JARS)
         userJars.foreach(jars => flinkExtraJars ++= jars.split(","))
 
+        val hiveConfDirOpt = env.get("HIVE_CONF_DIR")
+        hiveConfDirOpt.foreach { hiveConfDir =>
+          val hiveConfFile = Paths.get(hiveConfDir).resolve("hive-site.xml")
+          if (!Files.exists(hiveConfFile)) {
+            throw new KyuubiException(s"The file $hiveConfFile does not exists. " +
+              s"Please put hive-site.xml when HIVE_CONF_DIR env $hiveConfDir is configured.")
+          }
+          flinkExtraJars += s"$hiveConfFile"
+        }
+
         buffer += "-t"
         buffer += "yarn-application"
         buffer += s"-Dyarn.ship-files=${flinkExtraJars.mkString(";")}"
@@ -111,6 +121,10 @@ class FlinkProcessBuilder(
         buffer += s"-Dyarn.tags=${conf.getOption(YARN_TAG_KEY).get}"
         buffer += "-Dcontainerized.master.env.FLINK_CONF_DIR=."
 
+        hiveConfDirOpt.foreach { _ =>
+          buffer += "-Dcontainerized.master.env.HIVE_CONF_DIR=."
+        }
+
         val customFlinkConf = conf.getAllWithPrefix("flink", "")
         customFlinkConf.filter(_._1 != "app.name").foreach { case (k, v) =>
           buffer += s"-D$k=$v"
@@ -166,6 +180,7 @@ class FlinkProcessBuilder(
         env.get("HADOOP_CONF_DIR").foreach(classpathEntries.add)
         env.get("YARN_CONF_DIR").foreach(classpathEntries.add)
         env.get("HBASE_CONF_DIR").foreach(classpathEntries.add)
+        env.get("HIVE_CONF_DIR").foreach(classpathEntries.add)
         val hadoopCp = env.get(FLINK_HADOOP_CLASSPATH_KEY)
         hadoopCp.foreach(classpathEntries.add)
         val extraCp = conf.get(ENGINE_FLINK_EXTRA_CLASSPATH)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
index 990d56f15..26e355a87 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/flink/FlinkProcessBuilderSuite.scala
@@ -56,6 +56,9 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     Files.createDirectories(Paths.get(tempFlinkHome.toPath.toString, "usrlib")).toFile
   private val tempUdfJar =
     Files.createFile(Paths.get(tempUsrLib.toPath.toString, "test-udf.jar"))
+  private val tempHiveDir =
+    Files.createDirectories(Paths.get(tempFlinkHome.toPath.toString, "hive-conf")).toFile
+  Files.createFile(Paths.get(tempHiveDir.toPath.toString, "hive-site.xml"))
 
   private def envDefault: ListMap[String, String] = ListMap(
     "JAVA_HOME" -> s"${File.separator}jdk",
@@ -63,7 +66,8 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
   private def envWithoutHadoopCLASSPATH: ListMap[String, String] = envDefault +
     ("HADOOP_CONF_DIR" -> s"${File.separator}hadoop${File.separator}conf") +
     ("YARN_CONF_DIR" -> s"${File.separator}yarn${File.separator}conf") +
-    ("HBASE_CONF_DIR" -> s"${File.separator}hbase${File.separator}conf")
+    ("HBASE_CONF_DIR" -> s"${File.separator}hbase${File.separator}conf") +
+    ("HIVE_CONF_DIR" -> s"$tempHiveDir")
   private def envWithAllHadoop: ListMap[String, String] = envWithoutHadoopCLASSPATH +
     (FLINK_HADOOP_CLASSPATH_KEY -> s"${File.separator}hadoop")
   private def confStr: String = {
@@ -89,10 +93,12 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     val expectedCommands =
       escapePaths(s"${builder.flinkExecutable} run-application ") +
         s"-t yarn-application " +
-        s"-Dyarn.ship-files=.*\\/flink-sql-client.*jar;.*\\/flink-sql-gateway.*jar;$tempUdfJar " +
+        s"-Dyarn.ship-files=.*\\/flink-sql-client.*jar;.*\\/flink-sql-gateway.*jar;$tempUdfJar" +
+        s";.*\\/hive-site\\.xml " +
         s"-Dyarn\\.application\\.name=kyuubi_.* " +
         s"-Dyarn\\.tags=KYUUBI " +
         s"-Dcontainerized\\.master\\.env\\.FLINK_CONF_DIR=\\. " +
+        s"-Dcontainerized\\.master\\.env\\.HIVE_CONF_DIR=\\. " +
         s"-Dexecution.target=yarn-application " +
         s"-c org\\.apache\\.kyuubi\\.engine\\.flink\\.FlinkSQLEngine " +
         s".*kyuubi-flink-sql-engine_.*jar" +
@@ -151,9 +157,9 @@ class FlinkProcessBuilderSuite extends KyuubiFunSuite {
     matchActualAndExpectedSessionMode(builder)
   }
 
-  test("application mode - default env") {
+  test("application mode - all hadoop related environment variables are configured") {
     val builder = new FlinkProcessBuilder("paullam", applicationModeConf) {
-      override def env: Map[String, String] = envDefault
+      override def env: Map[String, String] = envWithAllHadoop
     }
     matchActualAndExpectedApplicationMode(builder)
   }

From 16ae8528919730f553fcfd73703061b340aae488 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Sat, 23 Sep 2023 23:18:32 +0800
Subject: [PATCH 651/760] [KYUUBI #4994][REST] Support listing all engines

### _Why are the changes needed?_

close #4994

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5157 from lsm1/branch-kyuubi_4994.

Closes #4994

02e7eb5fa [senmiaoliu] use abbr a
6d001e519 [senmiaoliu] replace 'allengine' with 'all'
f9c548299 [senmiaoliu] fix style
df64e773e [senmiaoliu] fix style
6a7d40e63 [senmiaoliu] remove allenginecommand
6306dd8a2 [senmiaoliu] support list all engine

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Shaoyun Chen <csy@apache.org>
---
 docs/tools/kyuubi-admin.rst                   |   2 +
 .../ctl/cli/AdminControlCliArguments.scala    |   1 +
 .../ctl/cmd/list/AdminListEngineCommand.scala |   3 +-
 .../kyuubi/ctl/opt/AdminCommandLine.scala     |  24 ++-
 .../org/apache/kyuubi/ctl/opt/CliConfig.scala |   3 +-
 .../ctl/AdminControlCliArgumentsSuite.scala   |   3 +-
 .../apache/kyuubi/client/AdminRestApi.java    |   3 +-
 .../kyuubi/server/api/v1/AdminResource.scala  |  46 +++++-
 .../server/api/v1/AdminResourceSuite.scala    | 151 ++++++++++++++++++
 .../rest/client/AdminRestApiSuite.scala       |   4 +-
 10 files changed, 230 insertions(+), 10 deletions(-)

diff --git a/docs/tools/kyuubi-admin.rst b/docs/tools/kyuubi-admin.rst
index 29149e92f..bd37f7e68 100644
--- a/docs/tools/kyuubi-admin.rst
+++ b/docs/tools/kyuubi-admin.rst
@@ -99,6 +99,8 @@ Usage: ``bin/kyuubi-admin list engine [options]``
      - The subdomain for the share level of an engine. If not specified, it will read the configuration item kyuubi.engine.share.level.subdomain from kyuubi-defaults.conf.
    * - --hs2ProxyUser
      - The proxy user to impersonate. When specified, it will list engines for the hs2ProxyUser.
+   * - -a --all
+     - All the engine.
 
 .. _list_server:
 
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala
index 5a45630c6..e015525b3 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cli/AdminControlCliArguments.scala
@@ -61,6 +61,7 @@ class AdminControlCliArguments(args: Seq[String], env: Map[String, String] = sys
            |  type                    ${cliConfig.engineOpts.engineType}
            |  sharelevel              ${cliConfig.engineOpts.engineShareLevel}
            |  sharesubdomain          ${cliConfig.engineOpts.engineSubdomain}
+           |  all                     ${cliConfig.engineOpts.all}
         """.stripMargin
       case ControlObject.SERVER =>
         s"""Parsed arguments:
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala
index acd6fe444..96be5cc47 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/cmd/list/AdminListEngineCommand.scala
@@ -38,7 +38,8 @@ class AdminListEngineCommand(cliConfig: CliConfig)
         normalizedCliConfig.engineOpts.engineType,
         normalizedCliConfig.engineOpts.engineShareLevel,
         normalizedCliConfig.engineOpts.engineSubdomain,
-        normalizedCliConfig.commonOpts.hs2ProxyUser).asScala
+        normalizedCliConfig.commonOpts.hs2ProxyUser,
+        normalizedCliConfig.engineOpts.all).asScala
     }
   }
 
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
index c7e367405..c02826b68 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/AdminCommandLine.scala
@@ -52,7 +52,7 @@ object AdminCommandLine extends CommonCommandLine {
         .text("\tDelete resources.")
         .action((_, c) => c.copy(action = ControlAction.DELETE))
         .children(
-          engineCmd(builder).text("\tDelete the specified engine node for user.")))
+          deleteEngineCmd(builder).text("\tDelete the specified engine node for user.")))
 
   }
 
@@ -64,7 +64,7 @@ object AdminCommandLine extends CommonCommandLine {
         .text("\tList information about resources.")
         .action((_, c) => c.copy(action = ControlAction.LIST))
         .children(
-          engineCmd(builder).text("\tList all the engine nodes for a user"),
+          listEngineCmd(builder).text("\tList the engine nodes"),
           serverCmd(builder).text("\tList all the server nodes")))
 
   }
@@ -80,7 +80,7 @@ object AdminCommandLine extends CommonCommandLine {
           refreshConfigCmd(builder).text("\tRefresh the config with specified type.")))
   }
 
-  private def engineCmd(builder: OParserBuilder[CliConfig]): OParser[_, CliConfig] = {
+  private def deleteEngineCmd(builder: OParserBuilder[CliConfig]): OParser[_, CliConfig] = {
     import builder._
     cmd("engine").action((_, c) => c.copy(resource = ControlObject.ENGINE))
       .children(
@@ -95,6 +95,24 @@ object AdminCommandLine extends CommonCommandLine {
           .text("The engine share level this engine belong to."))
   }
 
+  private def listEngineCmd(builder: OParserBuilder[CliConfig]): OParser[_, CliConfig] = {
+    import builder._
+    cmd("engine").action((_, c) => c.copy(resource = ControlObject.ENGINE))
+      .children(
+        opt[String]("engine-type").abbr("et")
+          .action((v, c) => c.copy(engineOpts = c.engineOpts.copy(engineType = v)))
+          .text("The engine type this engine belong to."),
+        opt[String]("engine-subdomain").abbr("es")
+          .action((v, c) => c.copy(engineOpts = c.engineOpts.copy(engineSubdomain = v)))
+          .text("The engine subdomain this engine belong to."),
+        opt[String]("engine-share-level").abbr("esl")
+          .action((v, c) => c.copy(engineOpts = c.engineOpts.copy(engineShareLevel = v)))
+          .text("The engine share level this engine belong to."),
+        opt[String]("all").abbr("a")
+          .action((v, c) => c.copy(engineOpts = c.engineOpts.copy(all = v)))
+          .text("All the engine."))
+  }
+
   private def serverCmd(builder: OParserBuilder[CliConfig]): OParser[_, CliConfig] = {
     import builder._
     cmd("server").action((_, c) => c.copy(resource = ControlObject.SERVER))
diff --git a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala
index 7818f694a..4ccae109c 100644
--- a/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala
+++ b/kyuubi-ctl/src/main/scala/org/apache/kyuubi/ctl/opt/CliConfig.scala
@@ -77,6 +77,7 @@ case class EngineOpts(
     user: String = null,
     engineType: String = null,
     engineSubdomain: String = null,
-    engineShareLevel: String = null)
+    engineShareLevel: String = null,
+    all: String = null)
 
 case class AdminConfigOpts(configType: String = null)
diff --git a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
index 52a2796f4..ae7c0fa1b 100644
--- a/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
+++ b/kyuubi-ctl/src/test/scala/org/apache/kyuubi/ctl/AdminControlCliArgumentsSuite.scala
@@ -158,13 +158,14 @@ class AdminControlCliArgumentsSuite extends KyuubiFunSuite with TestPrematureExi
          |Command: list [engine|server]
          |	List information about resources.
          |Command: list engine [options]
-         |	List all the engine nodes for a user
+         |	List the engine nodes
          |  -et, --engine-type <value>
          |                           The engine type this engine belong to.
          |  -es, --engine-subdomain <value>
          |                           The engine subdomain this engine belong to.
          |  -esl, --engine-share-level <value>
          |                           The engine share level this engine belong to.
+         |  -a, --all <value>        All the engine.
          |Command: list server
          |	List all the server nodes
          |
diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index e315a96cc..3b220cbc2 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -73,12 +73,13 @@ public String deleteEngine(
   }
 
   public List<Engine> listEngines(
-      String engineType, String shareLevel, String subdomain, String hs2ProxyUser) {
+      String engineType, String shareLevel, String subdomain, String hs2ProxyUser, String all) {
     Map<String, Object> params = new HashMap<>();
     params.put("type", engineType);
     params.put("sharelevel", shareLevel);
     params.put("subdomain", subdomain);
     params.put("hive.server2.proxy.user", hs2ProxyUser);
+    params.put("all", all);
     Engine[] result =
         this.getClient()
             .get(API_BASE_PATH + "/engine", params, Engine[].class, client.getAuthHeader());
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 0c2065ff1..5f410ab7d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -286,7 +286,51 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       @QueryParam("type") engineType: String,
       @QueryParam("sharelevel") shareLevel: String,
       @QueryParam("subdomain") subdomain: String,
-      @QueryParam("hive.server2.proxy.user") hs2ProxyUser: String): Seq[Engine] = {
+      @QueryParam("hive.server2.proxy.user") hs2ProxyUser: String,
+      @QueryParam("all") @DefaultValue("false") all: String): Seq[Engine] = {
+    if (all.toBoolean) {
+      val userName = fe.getSessionUser(Map.empty[String, String])
+      val ipAddress = fe.getIpAddress
+      info(s"Received list all kyuubi engine request from $userName/$ipAddress")
+      if (!isAdministrator(userName)) {
+        throw new NotAllowedException(
+          s"$userName is not allowed to list all kyuubi engine")
+      }
+      val engines = ListBuffer[Engine]()
+      val engineSpace = fe.getConf.get(HA_NAMESPACE)
+      val shareLevel = fe.getConf.get(ENGINE_SHARE_LEVEL)
+      val engineType = fe.getConf.get(ENGINE_TYPE)
+      withDiscoveryClient(fe.getConf) { discoveryClient =>
+        val commonParent = s"/${engineSpace}_${KYUUBI_VERSION}_${shareLevel}_$engineType"
+        info(s"Listing engine nodes for $commonParent")
+        try {
+          discoveryClient.getChildren(commonParent).map {
+            user =>
+              val engine = getEngine(user, engineType, shareLevel, "", "")
+              val engineSpace = getEngineSpace(engine)
+              discoveryClient.getChildren(engineSpace).map { child =>
+                info(s"Listing engine nodes for $engineSpace/$child")
+                engines ++= discoveryClient.getServiceNodesInfo(s"$engineSpace/$child").map(node =>
+                  new Engine(
+                    engine.getVersion,
+                    engine.getUser,
+                    engine.getEngineType,
+                    engine.getSharelevel,
+                    node.namespace.split("/").last,
+                    node.instance,
+                    node.namespace,
+                    node.attributes.asJava))
+              }
+          }
+        } catch {
+          case nne: NoNodeException =>
+            error(s"No such engine for engine type: $engineType, share level: $shareLevel", nne)
+            throw new NotFoundException(
+              s"No such engine for engine type: $engineType, share level: $shareLevel")
+        }
+      }
+      return engines.toSeq
+    }
     val userName = if (isAdministrator(fe.getRealUser())) {
       Option(hs2ProxyUser).getOrElse(fe.getRealUser())
     } else {
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index ff5a7e844..6ca00c802 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -587,4 +587,155 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
       assert("Running".equals(testServer.getStatus))
     }
   }
+
+  test("list all engine - user share level") {
+    val id = UUID.randomUUID().toString
+    conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, USER.toString)
+    conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
+    conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+    conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
+    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
+
+    val engineSpace = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_USER_SPARK_SQL",
+      Utils.currentUser,
+      "")
+
+    withDiscoveryClient(conf) { client =>
+      engine.getOrCreate(client)
+
+      assert(client.pathExists(engineSpace))
+      assert(client.getChildren(engineSpace).size == 1)
+
+      val response = webTarget.path("api/v1/admin/engine")
+        .queryParam("all", "true")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+        .get
+
+      assert(200 == response.getStatus)
+      val engines = response.readEntity(new GenericType[Seq[Engine]]() {})
+      assert(engines.size == 1)
+      assert(engines(0).getEngineType == "SPARK_SQL")
+      assert(engines(0).getSharelevel == "USER")
+      assert(engines(0).getSubdomain == "default")
+
+      // kill the engine application
+      engineMgr.killApplication(ApplicationManagerInfo(None), id)
+      eventually(timeout(30.seconds), interval(100.milliseconds)) {
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id).exists(
+          _.state == ApplicationState.NOT_FOUND))
+      }
+    }
+  }
+
+  test("list all engines - group share level") {
+    val id = UUID.randomUUID().toString
+    conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, GROUP.toString)
+    conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
+    conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+    conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
+    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engine =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id, null)
+
+    val engineSpace = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_GROUP_SPARK_SQL",
+      fe.asInstanceOf[KyuubiRestFrontendService].sessionManager.groupProvider.primaryGroup(
+        Utils.currentUser,
+        null),
+      "")
+
+    withDiscoveryClient(conf) { client =>
+      engine.getOrCreate(client)
+
+      assert(client.pathExists(engineSpace))
+      assert(client.getChildren(engineSpace).size == 1)
+
+      val response = webTarget.path("api/v1/admin/engine")
+        .queryParam("all", "true")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+        .get
+
+      assert(200 == response.getStatus)
+      val engines = response.readEntity(new GenericType[Seq[Engine]]() {})
+      assert(engines.size == 1)
+      assert(engines(0).getEngineType == "SPARK_SQL")
+      assert(engines(0).getSharelevel == "GROUP")
+      assert(engines(0).getSubdomain == "default")
+
+      // kill the engine application
+      engineMgr.killApplication(ApplicationManagerInfo(None), id)
+      eventually(timeout(30.seconds), interval(100.milliseconds)) {
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id).exists(
+          _.state == ApplicationState.NOT_FOUND))
+      }
+    }
+  }
+
+  test("list all engines - connection share level") {
+    conf.set(KyuubiConf.ENGINE_SHARE_LEVEL, CONNECTION.toString)
+    conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
+    conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
+    conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
+    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
+    conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
+
+    val engineSpace = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
+      Utils.currentUser,
+      "")
+
+    val id1 = UUID.randomUUID().toString
+    val engine1 =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id1, null)
+    val engineSpace1 = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
+      Utils.currentUser,
+      id1)
+
+    val id2 = UUID.randomUUID().toString
+    val engine2 =
+      new EngineRef(conf.clone, Utils.currentUser, PluginLoader.loadGroupProvider(conf), id2, null)
+    val engineSpace2 = DiscoveryPaths.makePath(
+      s"kyuubi_test_${KYUUBI_VERSION}_CONNECTION_SPARK_SQL",
+      Utils.currentUser,
+      id2)
+
+    withDiscoveryClient(conf) { client =>
+      engine1.getOrCreate(client)
+      engine2.getOrCreate(client)
+
+      assert(client.pathExists(engineSpace))
+      assert(client.getChildren(engineSpace).size == 2)
+      assert(client.pathExists(engineSpace1))
+      assert(client.pathExists(engineSpace2))
+
+      val response = webTarget.path("api/v1/admin/engine")
+        .queryParam("all", "true")
+        .request(MediaType.APPLICATION_JSON_TYPE)
+        .header(AUTHORIZATION_HEADER, s"BASIC $encodeAuthorization")
+        .get
+      assert(200 == response.getStatus)
+      val result = response.readEntity(new GenericType[Seq[Engine]]() {})
+      assert(result.size == 2)
+
+      // kill the engine application
+      engineMgr.killApplication(ApplicationManagerInfo(None), id1)
+      engineMgr.killApplication(ApplicationManagerInfo(None), id2)
+      eventually(timeout(30.seconds), interval(100.milliseconds)) {
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id1)
+          .exists(_.state == ApplicationState.NOT_FOUND))
+        assert(engineMgr.getApplicationInfo(ApplicationManagerInfo(None), id2)
+          .exists(_.state == ApplicationState.NOT_FOUND))
+      }
+    }
+  }
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
index e3bb298e0..d63e46607 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/AdminRestApiSuite.scala
@@ -74,7 +74,7 @@ class AdminRestApiSuite extends RestClientTestHelper {
         .build()
 
     val adminRestApi = new AdminRestApi(basicKyuubiRestClient)
-    var engines = adminRestApi.listEngines("spark_sql", "user", "default", "").asScala
+    var engines = adminRestApi.listEngines("spark_sql", "user", "default", "", "false").asScala
     assert(engines.size == 1)
     assert(engines(0).getUser == user)
     assert(engines(0).getVersion == KYUUBI_VERSION)
@@ -87,7 +87,7 @@ class AdminRestApiSuite extends RestClientTestHelper {
     val result = adminRestApi.deleteEngine("spark_sql", "user", "default", "")
     assert(result == s"Engine ${engineSpace} is deleted successfully.")
 
-    engines = adminRestApi.listEngines("spark_sql", "user", "default", "").asScala
+    engines = adminRestApi.listEngines("spark_sql", "user", "default", "", "false").asScala
     assert(engines.isEmpty)
   }
 

From 0627f379e76e9e64154900c3ec9f6d57ed10cee3 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Mon, 25 Sep 2023 08:38:46 +0000
Subject: [PATCH 652/760] [KYUUBI #5322] [INFRA] Enable GitHub Projects

### _Why are the changes needed?_

This PR aims to enable [GitHub Projects](https://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/quickstart-for-projects) for project management boards, we are planning to use this feature for the upcoming 2023 Kyuubi Code Contribution Program.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5322 from pan3793/infra-projects.

Closes #5322

a229b3c4a [Cheng Pan] [INFRA] Enable GitHub Projects

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .asf.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.asf.yaml b/.asf.yaml
index b25937889..ec00d6db0 100644
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -39,7 +39,7 @@ github:
     issues: true
     discussions: true
     wiki: false
-    projects: false
+    projects: true
 notifications:
   commits: commits@kyuubi.apache.org
   issues: notifications@kyuubi.apache.org

From 8ef6ca329e4c4285639ef2d273933f1d3184c77e Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Mon, 25 Sep 2023 17:36:33 +0000
Subject: [PATCH 653/760] [KYUUBI #5324] Bump latest 1.7.3 in playground and
 helm charts

### _Why are the changes needed?_

Follow [Kyuubi Release Guide](https://kyuubi.readthedocs.io/en/master/community/release.html) to update versions for playground and helm charts

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5324 from wForget/dev.

Closes #5324

7110e56bd [wforget] Bump latest 1.7.3 in playground and helm charts

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/Chart.yaml | 2 +-
 docker/playground/.env   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/kyuubi/Chart.yaml b/charts/kyuubi/Chart.yaml
index 7c881cc9e..56abc9edc 100644
--- a/charts/kyuubi/Chart.yaml
+++ b/charts/kyuubi/Chart.yaml
@@ -20,7 +20,7 @@ name: kyuubi
 description: A Helm chart for Kyuubi server
 type: application
 version: 0.1.0
-appVersion: 1.7.2
+appVersion: 1.7.3
 home: https://kyuubi.apache.org
 icon: https://raw.githubusercontent.com/apache/kyuubi/master/docs/imgs/logo.png
 sources:
diff --git a/docker/playground/.env b/docker/playground/.env
index 5c3d124a7..24284bd39 100644
--- a/docker/playground/.env
+++ b/docker/playground/.env
@@ -19,7 +19,7 @@ AWS_JAVA_SDK_VERSION=1.12.367
 HADOOP_VERSION=3.3.6
 HIVE_VERSION=2.3.9
 ICEBERG_VERSION=1.3.1
-KYUUBI_VERSION=1.7.2
+KYUUBI_VERSION=1.7.3
 KYUUBI_HADOOP_VERSION=3.3.5
 POSTGRES_VERSION=12
 POSTGRES_JDBC_VERSION=42.3.4

From 36eb81be26345f3b99a8f7269e401e2d15fb5c02 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 26 Sep 2023 08:06:44 +0000
Subject: [PATCH 654/760] [KYUUBI #5333][JDBC] Adaptive call
 fetchLaunchEngineResult

### _Why are the changes needed?_

After https://github.com/apache/kyuubi/pull/3354, thrift `out of sequence` exception will be thrown when using a higher version of beeline to access a lower version of Kyuubi Server.

```
2023-09-26 11:10:16.426 ERROR org.apache.kyuubi.server.KyuubiTBinaryFrontendService: Error fetching results:
org.apache.thrift.protocol.TProtocolException: Required field 'operationHandle' is unset! Struct:TFetchResultsReq(operationHandle:null, orientation:FETCH_NEXT, maxRows:1000, fetchType:0)
	at org.apache.hive.service.rpc.thrift.TFetchResultsReq.validate(TFetchResultsReq.java:548) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.hive.service.rpc.thrift.TCLIService$FetchResults_args.validate(TCLIService.java:15755) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.hive.service.rpc.thrift.TCLIService$FetchResults_args$FetchResults_argsStandardScheme.write(TCLIService.java:15812) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.hive.service.rpc.thrift.TCLIService$FetchResults_args$FetchResults_argsStandardScheme.write(TCLIService.java:15781) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.hive.service.rpc.thrift.TCLIService$FetchResults_args.write(TCLIService.java:15732) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:71) ~[libthrift-0.9.3.jar:0.9.3]
	at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62) ~[libthrift-0.9.3.jar:0.9.3]
	at org.apache.hive.service.rpc.thrift.TCLIService$Client.send_FetchResults(TCLIService.java:561) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.hive.service.rpc.thrift.TCLIService$Client.FetchResults(TCLIService.java:553) ~[hive-service-rpc-3.1.3.jar:3.1.3]
	at org.apache.kyuubi.client.KyuubiSyncThriftClient.$anonfun$fetchResults$1(KyuubiSyncThriftClient.scala:393) ~[kyuubi-server_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.client.KyuubiSyncThriftClient.$anonfun$withLockAcquiredAsyncRequest$2(KyuubiSyncThriftClient.scala:136) ~[kyuubi-server_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_152]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) ~[?:1.8.0_152]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) ~[?:1.8.0_152]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_152]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_152]
	at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_152]
```

This PR introduces a negotiation mechanism to make the JDBC client adaptively call `fetchLaunchEngineResult` to address such a compatible issue.

It supposes that the higher version of JDBC client could seamlessly communicate with the lower version of Kyuubi Server after this patch, but the JDBC client fetches the engine information only when the connected Server applies this patch too.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5333 from pan3793/launch-engine-result.

Closes #5333

ca9bd5361 [Cheng Pan] [JDBC] Adaptive call fetchLaunchEngineResult

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/config/KyuubiReservedKeys.scala      | 2 ++
 .../java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java | 7 ++++++-
 .../kyuubi/server/KyuubiTBinaryFrontendService.scala       | 2 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
index 8b42e659f..eb209caec 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
@@ -38,6 +38,8 @@ object KyuubiReservedKeys {
     "kyuubi.session.engine.launch.handle.guid"
   final val KYUUBI_SESSION_ENGINE_LAUNCH_HANDLE_SECRET =
     "kyuubi.session.engine.launch.handle.secret"
+  final val KYUUBI_SESSION_ENGINE_LAUNCH_SUPPORT_RESULT =
+    "kyuubi.session.engine.launch.support.result"
   final val KYUUBI_OPERATION_SET_CURRENT_CATALOG = "kyuubi.operation.set.current.catalog"
   final val KYUUBI_OPERATION_GET_CURRENT_CATALOG = "kyuubi.operation.get.current.catalog"
   final val KYUUBI_OPERATION_SET_CURRENT_DATABASE = "kyuubi.operation.set.current.database"
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index f9935d23e..c23985328 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -104,6 +104,7 @@ public class KyuubiConnection implements SQLConnection, KyuubiLoggable {
   private Thread engineLogThread;
   private boolean engineLogInflight = true;
   private volatile boolean launchEngineOpCompleted = false;
+  private boolean launchEngineOpSupportResult = false;
   private String engineId = "";
   private String engineName = "";
   private String engineUrl = "";
@@ -770,6 +771,10 @@ private void openSession() throws SQLException {
       String launchEngineOpHandleSecret =
           openRespConf.get("kyuubi.session.engine.launch.handle.secret");
 
+      launchEngineOpSupportResult =
+          Boolean.parseBoolean(
+              openRespConf.getOrDefault("kyuubi.session.engine.launch.support.result", "false"));
+
       if (launchEngineOpHandleGuid != null && launchEngineOpHandleSecret != null) {
         try {
           byte[] guidBytes = Base64.getMimeDecoder().decode(launchEngineOpHandleGuid);
@@ -1353,7 +1358,7 @@ public void waitLaunchEngineToComplete() throws SQLException {
   }
 
   private void fetchLaunchEngineResult() {
-    if (launchEngineOpHandle == null) return;
+    if (launchEngineOpHandle == null || !launchEngineOpSupportResult) return;
 
     TFetchResultsReq tFetchResultsReq =
         new TFetchResultsReq(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendService.scala
index 069bc63e2..ae388a7c4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendService.scala
@@ -92,6 +92,8 @@ final class KyuubiTBinaryFrontendService(
         KYUUBI_SESSION_ENGINE_LAUNCH_HANDLE_SECRET,
         Base64.getMimeEncoder.encodeToString(opHandleIdentifier.getSecret))
 
+      respConfiguration.put(KYUUBI_SESSION_ENGINE_LAUNCH_SUPPORT_RESULT, true.toString)
+
       resp.setSessionHandle(sessionHandle.toTSessionHandle)
       resp.setConfiguration(respConfiguration)
       resp.setStatus(OK_STATUS)

From 9a2649509f642640ada74f2cc053ee3045994510 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Wed, 27 Sep 2023 22:02:09 +0800
Subject: [PATCH 655/760] [KYUUBI #5335] Set markdown file EOL

### _Why are the changes needed?_

Set markdown file EOL avoids spotless check failure in windows.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5335 from wForget/dev.

Closes #5335

7be3ae514 [wforget] Set markdown file EOL

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Shaoyun Chen <csy@apache.org>
---
 .gitattributes | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitattributes b/.gitattributes
index 6bbad541a..0df00fae2 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -26,6 +26,7 @@ NOTICE-binary export-ignore
 *.bat text eol=crlf
 *.cmd text eol=crlf
 *.java text eol=lf
+*.md text eol=lf
 *.scala text eol=lf
 *.xml text eol=lf
 *.py text eol=lf

From 337729285199ee118cc6588cd5993498dfc1db8a Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Thu, 28 Sep 2023 12:13:16 +0800
Subject: [PATCH 656/760] [KYUUBI #5342] Add label hacktoberfest to project

### _Why are the changes needed?_

We are planning to participate https://github.com/bayoss/Hacktoberfest2023

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5342 from pan3793/hacktoberfest.

Closes #5342

b4860f869 [Cheng Pan] Add label hacktoberfest to project

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .asf.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.asf.yaml b/.asf.yaml
index ec00d6db0..2c4346295 100644
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -30,6 +30,7 @@ github:
     - hive
     - sql
     - kubernetes
+    - hacktoberfest
   enabled_merge_buttons:
     squash: true
     merge: false

From 99789a82c1271a0cfe24147118db70002169df71 Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Thu, 28 Sep 2023 05:05:40 +0000
Subject: [PATCH 657/760] [KYUUBI #5339] [MINOR] Avoid using
 `kyuubi.session.engine.initialize.timeout` string

### _Why are the changes needed?_

Replace string literal with constant variable

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5339 from cxzl25/use_engine_init_timeout_key.

Closes #5339

bef2eaa4a [sychen] fix

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/engine/spark/SparkSQLEngine.scala   | 2 +-
 .../apache/kyuubi/engine/spark/IndividualSparkSuite.scala | 2 +-
 .../test/spark/SparkOnKubernetesTestsSuite.scala          | 8 ++++----
 .../scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala  | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index 5f91bc73d..ba84e1b1b 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -376,7 +376,7 @@ object SparkSQLEngine extends Logging {
         case i: InterruptedException if !sparkSessionCreated.get =>
           error(
             s"The Engine main thread was interrupted, possibly due to `createSpark` timeout." +
-              s" The `kyuubi.session.engine.initialize.timeout` is ($initTimeout ms) " +
+              s" The `${ENGINE_INIT_TIMEOUT.key}` is ($initTimeout ms) " +
               s" and submitted at $submitTime.",
             i)
         case t: Throwable => error(s"Failed to instantiate SparkSession: ${t.getMessage}", t)
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/IndividualSparkSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/IndividualSparkSuite.scala
index c6789d14d..8fca1d0ca 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/IndividualSparkSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/kyuubi/engine/spark/IndividualSparkSuite.scala
@@ -114,7 +114,7 @@ class SparkEngineSuites extends KyuubiFunSuite {
       }
       assert(SparkSQLEngine.currentEngine.isEmpty)
       val errorMsg = s"The Engine main thread was interrupted, possibly due to `createSpark`" +
-        s" timeout. The `kyuubi.session.engine.initialize.timeout` is ($timeout ms) " +
+        s" timeout. The `${ENGINE_INIT_TIMEOUT.key}` is ($timeout ms) " +
         s" and submitted at $submitTime."
       assert(logAppender.loggingEvents.exists(
         _.getMessage.getFormattedMessage.equals(errorMsg)))
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
index 3f591e604..09532efe3 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/spark/SparkOnKubernetesTestsSuite.scala
@@ -27,7 +27,7 @@ import org.apache.hadoop.net.NetUtils
 import org.apache.kyuubi._
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
-import org.apache.kyuubi.config.KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_HOST
+import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.engine.{ApplicationInfo, ApplicationManagerInfo, ApplicationOperation, KubernetesApplicationOperation}
 import org.apache.kyuubi.engine.ApplicationState.{FAILED, NOT_FOUND, RUNNING}
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
@@ -57,9 +57,9 @@ abstract class SparkOnKubernetesSuiteBase
       .set("spark.driver.memory", "512M")
       .set("spark.kubernetes.driver.request.cores", "250m")
       .set("spark.kubernetes.executor.request.cores", "250m")
-      .set("kyuubi.kubernetes.context", "minikube")
-      .set("kyuubi.frontend.protocols", "THRIFT_BINARY,REST")
-      .set("kyuubi.session.engine.initialize.timeout", "PT10M")
+      .set(KUBERNETES_CONTEXT.key, "minikube")
+      .set(FRONTEND_PROTOCOLS.key, "THRIFT_BINARY,REST")
+      .set(ENGINE_INIT_TIMEOUT.key, "PT10M")
   }
 }
 
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
index e4382a859..012f4df16 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/WithKyuubiServerOnYarn.scala
@@ -198,7 +198,7 @@ class KyuubiOperationYarnClusterSuite extends WithKyuubiServerOnYarn with HiveJD
       "spark.submit.deployMode" -> "cluster",
       "spark.sql.defaultCatalog=spark_catalog" -> "spark_catalog",
       "spark.sql.catalog.spark_catalog.type" -> "invalid_type",
-      "kyuubi.session.engine.initialize.timeout" -> "PT10M",
+      ENGINE_INIT_TIMEOUT.key -> "PT10M",
       KYUUBI_BATCH_ID_KEY -> UUID.randomUUID().toString))(Map.empty) {
       val startTime = System.currentTimeMillis()
       val exception = intercept[Exception] {

From 6f7921999379d96cdb48d7f15640e6946ce2ad4b Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Thu, 28 Sep 2023 21:36:17 +0800
Subject: [PATCH 658/760] [KYUUBI #5340] AdminResourceSuite make engine idle
 time 3min

### _Why are the changes needed?_
close #5340

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5341 from cxzl25/KYUUBI-5340.

Closes #5340

4000b267c [sychen] trigger test
0122e8d7c [sychen] trigger test
86affd3e6 [sychen] trigger test
83cb967ad [sychen] trigger test
37fda1113 [sychen] AdminResourceSuite make engine idle time 3min

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Shaoyun Chen <csy@apache.org>
---
 .../apache/kyuubi/server/api/v1/AdminResourceSuite.scala  | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
index 6ca00c802..ea87e3ea0 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/AdminResourceSuite.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.server.api.v1
 
 import java.nio.charset.StandardCharsets
+import java.time.Duration
 import java.util.{Base64, UUID}
 import javax.ws.rs.client.Entity
 import javax.ws.rs.core.{GenericType, MediaType}
@@ -49,6 +50,7 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
 
   override protected lazy val conf: KyuubiConf = KyuubiConf()
     .set(KyuubiConf.SERVER_ADMINISTRATORS, Set("admin001"))
+    .set(KyuubiConf.ENGINE_IDLE_TIMEOUT, Duration.ofMinutes(3).toMillis)
 
   private val encodeAuthorization: String = {
     new String(
@@ -275,7 +277,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
-    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val engine =
@@ -320,7 +321,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
-    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val engine =
@@ -366,7 +366,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
-    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val id = UUID.randomUUID().toString
@@ -401,7 +400,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
-    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val engine =
@@ -446,7 +444,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
-    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val engine =
@@ -492,7 +489,6 @@ class AdminResourceSuite extends KyuubiFunSuite with RestFrontendTestHelper {
     conf.set(KyuubiConf.ENGINE_TYPE, SPARK_SQL.toString)
     conf.set(KyuubiConf.FRONTEND_THRIFT_BINARY_BIND_PORT, 0)
     conf.set(HighAvailabilityConf.HA_NAMESPACE, "kyuubi_test")
-    conf.set(KyuubiConf.ENGINE_IDLE_TIMEOUT, 180000L)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
 
     val engineSpace = DiscoveryPaths.makePath(

From 57b6773c92bedde517727a9cb54cf5291efff948 Mon Sep 17 00:00:00 2001
From: mrtisttt <mrtisttt@126.com>
Date: Sat, 30 Sep 2023 00:16:00 +0800
Subject: [PATCH 659/760] [KYUUBI #5345] [DOCS] Fix non-kerberized code
 description in quick_start_with_jdbc

### _Why are the changes needed?_

In the `Getting Started with Hive JDBC`documentation, section`Connect to non-kerberized Kyuubi Server`, the code description is incorrect:
```
The below java code is using a keytab file to login and connect to Kyuubi server by JDBC.
```
Obviously, the sections and code here are describing how to connect to a kyuubi service without kerberos authentication.

### _How was this patch tested?_
Just fix code description, no test need.

Closes #5345 from mrtisttt/fix-non-kerberized-code-description.

Closes #5345

fa0418f00 [mrtisttt] [DOCS] Fix non-kerberized code description in quick_start_with_jdbc

Authored-by: mrtisttt <mrtisttt@126.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start_with_jdbc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quick_start/quick_start_with_jdbc.md b/docs/quick_start/quick_start_with_jdbc.md
index e6f4f7052..0193a12d0 100644
--- a/docs/quick_start/quick_start_with_jdbc.md
+++ b/docs/quick_start/quick_start_with_jdbc.md
@@ -35,7 +35,7 @@ The driver is available from Maven Central:
 
 ## Connect to non-kerberized Kyuubi Server
 
-The below java code is using a keytab file to login and connect to Kyuubi server by JDBC.
+The following java code connects directly to the Kyuubi Server by JDBC without using kerberos authentication.
 
 ```java
 package org.apache.kyuubi.examples;

From 42f9c7c921fd17d4ccc47a117064ed5341851726 Mon Sep 17 00:00:00 2001
From: mrtisttt <mrtisttt@126.com>
Date: Fri, 6 Oct 2023 11:18:28 +0800
Subject: [PATCH 660/760] [KYUUBI #5347] [DOCS] Fix java code errors in
 quick_start_with_jdbc

### _Why are the changes needed?_

There were obvious errors in the case code, so these cases were fixed.

### _How was this patch tested?_

Just fix case code, no test need. Of course, I have run the case code and have confirmed that there is no problem.

Closes #5347 from mrtisttt/fix-hive-jdbc-example-code.

Closes #5347

ec6ecf758 [mrtisttt] [DOCS] Fix java code errors in quick_start_with_jdbc

Authored-by: mrtisttt <mrtisttt@126.com>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 docs/quick_start/quick_start_with_jdbc.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/quick_start/quick_start_with_jdbc.md b/docs/quick_start/quick_start_with_jdbc.md
index 0193a12d0..abd4fbec4 100644
--- a/docs/quick_start/quick_start_with_jdbc.md
+++ b/docs/quick_start/quick_start_with_jdbc.md
@@ -50,7 +50,7 @@ public class KyuubiJDBC {
   public static void main(String[] args) throws SQLException {
     try (Connection conn = DriverManager.getConnection(kyuubiJdbcUrl)) {
       try (Statement stmt = conn.createStatement()) {
-        try (ResultSet rs = st.executeQuery("show databases")) {
+        try (ResultSet rs = stmt.executeQuery("show databases")) {
           while (rs.next()) {
             System.out.println(rs.getString(1));
           }
@@ -79,11 +79,11 @@ public class KyuubiJDBCDemo {
   public static void main(String[] args) throws SQLException {
     String clientPrincipal = args[0]; // Kerberos principal
     String clientKeytab = args[1];    // Keytab file location
-    String serverPrincipal = arg[2];  // Kerberos principal used by Kyuubi Server
+    String serverPrincipal = args[2]; // Kerberos principal used by Kyuubi Server
     String kyuubiJdbcUrl = String.format(kyuubiJdbcUrlTemplate, clientPrincipal, clientKeytab, serverPrincipal);
     try (Connection conn = DriverManager.getConnection(kyuubiJdbcUrl)) {
       try (Statement stmt = conn.createStatement()) {
-        try (ResultSet rs = st.executeQuery("show databases")) {
+        try (ResultSet rs = stmt.executeQuery("show databases")) {
           while (rs.next()) {
             System.out.println(rs.getString(1));
           }

From 2690d6d90ec61f27f24b326e041507d32c542648 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Sat, 7 Oct 2023 14:52:21 +0800
Subject: [PATCH 661/760] [KYUUBI #5327][BATCH] Add priority field in metadata
 table definition
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Add `priority` field in `metadata` table definition

In the current batch v2 implementation, Kyuubi supports the FIFO schedule strategy, we are planning the enhance it with `priority` support, those with a higher integer value of `priority` have a better opportunity to be scheduled.

It refers priority definition in [Apache Hadoop YARN](https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/CapacityScheduler.html#Setup_for_application_priority) and [Apache YuniKorn](https://yunikorn.apache.org/docs/user_guide/priorities/#application-priority) to define the `priority` as:
1. use a signed 4 bits integer to represent priority with the default value of 10
2. a higher integer value of `priority` has a better opportunity to be scheduled.

In practice, we face some issues when use MySQL as metastore:

MySQL 5.7 could not benefit from index in query mixes `ASC` and `DESC`, for example: `SELECT * FROM metadata ORDER BY priority DESC, create_time ASC`, which is mentioned in [MySQL ORDER BY optimization](https://dev.mysql.com/doc/refman/5.7/en/order-by-optimization.html)
> In some cases, MySQL cannot use indexes to resolve the `ORDER BY`, although it may still use indexes to find the rows that match the `WHERE` clause. Examples:
> - ...
> - The query mixes `ASC` and `DESC`
> - ...

Fortunately, it was enhanced in MySQL 8.0
> Two columns in an ORDER BY can sort in the same direction (both ASC, or both DESC) or in opposite directions (one ASC, one DESC). A condition for index use is that the index must have the same homogeneity, but need not have the same actual direction.
> If a query mixes ASC and DESC, the optimizer can use an index on the columns if the index also uses corresponding mixed ascending and descending columns:

Thus, we create a mixed `ORDER BY` index `ALTER TABLE metadata ADD INDEX priority_create_time_index(priority DESC, create_time ASC)` to improve the query efficiency and avoid slowness in the case of large data volumes.

According to [MySQL 5.7 Index](https://dev.mysql.com/doc/refman/5.7/en/create-index.html), this won't cause SQL error when creating this index in MySQL 5.7 but not take effect.

> A key_part specification can end with ASC or DESC. These keywords are permitted for future extensions for specifying ascending or descending index value storage. Currently, they are parsed but ignored; index values are always stored in ascending order.

Close #5327

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Test MySQL & Derby with DBeaver.

MySQL:
![截屏2023-09-25 19 33 51](https://github.com/apache/kyuubi/assets/52876270/cd8b7015-1fad-45bd-add6-8c327ae9461b)
![截屏2023-09-25 19 33 57](https://github.com/apache/kyuubi/assets/52876270/7e10e5b6-2aa9-405a-a4ef-ec61e42fb210)

Derby:
![截屏2023-09-25 19 33 34](https://github.com/apache/kyuubi/assets/52876270/a8a9e3fc-cb2b-4012-a912-2536d271d38f)
![截屏2023-09-25 19 33 38](https://github.com/apache/kyuubi/assets/52876270/4bf986ec-8190-4fda-ad15-494aca70814d)

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5329 from zwangsheng/KYUUBI#5327.

Closes #5327

8688d6bdc [zwangsheng] fix comments
107221b83 [zwangsheng] fix comments
3e4083deb [zwangsheng] fix comments
313b42ba3 [zwangsheng] EOF
eb6dc9c42 [zwangsheng] [KYUUBI #5327][Umbrella][V2] Kyuubi server pick task from metadata db with priority

Authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../resources/sql/derby/005-KYUUBI-5327.derby.sql   |  3 +++
 .../sql/derby/metadata-store-schema-1.8.0.derby.sql |  3 +++
 .../resources/sql/mysql/005-KYUUBI-5327.mysql.sql   | 13 +++++++++++++
 .../sql/mysql/metadata-store-schema-1.8.0.mysql.sql |  5 ++++-
 .../sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql      |  1 +
 .../sqlite/metadata-store-schema-1.8.0.sqlite.sql   |  3 +++
 6 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-server/src/main/resources/sql/derby/005-KYUUBI-5327.derby.sql
 create mode 100644 kyuubi-server/src/main/resources/sql/mysql/005-KYUUBI-5327.mysql.sql

diff --git a/kyuubi-server/src/main/resources/sql/derby/005-KYUUBI-5327.derby.sql b/kyuubi-server/src/main/resources/sql/derby/005-KYUUBI-5327.derby.sql
new file mode 100644
index 000000000..32c44d0fb
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/derby/005-KYUUBI-5327.derby.sql
@@ -0,0 +1,3 @@
+ALTER TABLE metadata ADD COLUMN priority int NOT NULL DEFAULT 10;
+
+CREATE INDEX metadata_priority_create_time_index ON metadata(priority, create_time);
diff --git a/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql b/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
index 8d333bda2..139f70d3b 100644
--- a/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
+++ b/kyuubi-server/src/main/resources/sql/derby/metadata-store-schema-1.8.0.derby.sql
@@ -26,6 +26,7 @@ CREATE TABLE metadata(
     engine_state varchar(32), -- the engine application state
     engine_error clob, -- the engine application diagnose
     end_time bigint,  -- the metadata end time
+    priority int NOT NULL DEFAULT 10, -- the application priority, high value means high priority
     peer_instance_closed boolean default FALSE -- closed by peer kyuubi instance
 );
 
@@ -36,3 +37,5 @@ CREATE INDEX metadata_user_name_index ON metadata(user_name);
 CREATE INDEX metadata_engine_type_index ON metadata(engine_type);
 
 CREATE INDEX metadata_create_time_index ON metadata(create_time);
+
+CREATE INDEX metadata_priority_create_time_index ON metadata(priority, create_time);
diff --git a/kyuubi-server/src/main/resources/sql/mysql/005-KYUUBI-5327.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/005-KYUUBI-5327.mysql.sql
new file mode 100644
index 000000000..0637e053d
--- /dev/null
+++ b/kyuubi-server/src/main/resources/sql/mysql/005-KYUUBI-5327.mysql.sql
@@ -0,0 +1,13 @@
+SELECT '< KYUUBI-5327: Introduce priority in metadata' AS ' ';
+
+ALTER TABLE metadata ADD COLUMN priority int NOT NULL DEFAULT 10 COMMENT 'the application priority, high value means high priority';
+
+-- In MySQL 5.7, A key_part specification can end with ASC or DESC.
+-- These keywords are permitted for future extensions for specifying ascending or descending index value storage.
+-- Currently, they are parsed but ignored; index values are always stored in ascending order.
+-- In MySQL 8 this can take effect and this index will be hit if query order by priority DESC, create_time ASC.
+-- See more detail in:
+-- https://dev.mysql.com/doc/refman/8.0/en/index-hints.html
+-- https://dev.mysql.com/doc/refman/8.0/en/create-index.html
+-- https://dev.mysql.com/doc/refman/5.7/en/create-index.html
+ALTER TABLE metadata ADD INDEX priority_create_time_index(priority DESC, create_time ASC);
diff --git a/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
index 77df8fa05..fb2019848 100644
--- a/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
+++ b/kyuubi-server/src/main/resources/sql/mysql/metadata-store-schema-1.8.0.mysql.sql
@@ -24,9 +24,12 @@ CREATE TABLE IF NOT EXISTS metadata(
     engine_state varchar(32) COMMENT 'the engine application state',
     engine_error mediumtext COMMENT 'the engine application diagnose',
     end_time bigint COMMENT 'the metadata end time',
+    priority int NOT NULL DEFAULT 10 COMMENT 'the application priority, high value means high priority',
     peer_instance_closed boolean default '0' COMMENT 'closed by peer kyuubi instance',
     UNIQUE INDEX unique_identifier_index(identifier),
     INDEX user_name_index(user_name),
     INDEX engine_type_index(engine_type),
-    INDEX create_time_index(create_time)
+    INDEX create_time_index(create_time),
+    -- See more detail about this index in ./005-KYUUBI-5327.mysql.sql
+    INDEX priority_create_time_index(priority DESC, create_time ASC)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql b/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
index 473997448..0dd3abfda 100644
--- a/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
+++ b/kyuubi-server/src/main/resources/sql/mysql/upgrade-1.7.0-to-1.8.0.mysql.sql
@@ -1,4 +1,5 @@
 SELECT '< Upgrading MetaStore schema from 1.7.0 to 1.8.0 >' AS ' ';
 SOURCE 003-KYUUBI-5078.mysql.sql;
 SOURCE 004-KYUUBI-5131.mysql.sql;
+SOURCE 005-KYUUBI-5327.mysql.sql;
 SELECT '< Finished upgrading MetaStore schema from 1.7.0 to 1.8.0 >' AS ' ';
diff --git a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
index 656de6e5d..aa50267eb 100644
--- a/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
+++ b/kyuubi-server/src/main/resources/sql/sqlite/metadata-store-schema-1.8.0.sqlite.sql
@@ -24,6 +24,7 @@ CREATE TABLE IF NOT EXISTS metadata(
     engine_state varchar(32), -- the engine application state
     engine_error mediumtext, -- the engine application diagnose
     end_time bigint, -- the metadata end time
+    priority INTEGER NOT NULL DEFAULT 10, -- the application priority, high value means high priority
     peer_instance_closed boolean default '0' -- closed by peer kyuubi instance
 );
 
@@ -34,3 +35,5 @@ CREATE INDEX IF NOT EXISTS metadata_user_name_index ON metadata(user_name);
 CREATE INDEX IF NOT EXISTS metadata_engine_type_index ON metadata(engine_type);
 
 CREATE INDEX IF NOT EXISTS metadata_create_time_index ON metadata(create_time);
+
+CREATE INDEX IF NOT EXISTS metadata_priority_create_time_index ON metadata(priority, create_time);

From ef22e9597e488fb8643021a4949922373548a481 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 8 Oct 2023 17:43:01 +0800
Subject: [PATCH 662/760] [KYUUBI #5356] [INFRA] GitHub Issue template for 2023
 Kyuubi Code Contribution Program

### _Why are the changes needed?_

Prepare for 2023 Kyuubi Code Contribution Program

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="1002" alt="image" src="https://github.com/apache/kyuubi/assets/26535726/b6f6ea69-75fa-41b6-b58a-b76e3d87f316">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5356 from pan3793/task.

Closes #5356

6bc5add3d [Cheng Pan] nit
9a68250be [Cheng Pan] nit
44df6ed37 [Cheng Pan] am1
0fa8c9fff [Cheng Pan] nit
498ef8a29 [Cheng Pan] [INFRA] GitHub Issue template for 2023 Kyuubi Code Contribution Program

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/ISSUE_TEMPLATE/code-contrib-task.yml | 115 +++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/code-contrib-task.yml

diff --git a/.github/ISSUE_TEMPLATE/code-contrib-task.yml b/.github/ISSUE_TEMPLATE/code-contrib-task.yml
new file mode 100644
index 000000000..3191e4fe4
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/code-contrib-task.yml
@@ -0,0 +1,115 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# This is a dedicated issue template for 2023 Kyuubi Code Contribution Program, all proposed
+# tasks will be listed at https://github.com/orgs/apache/projects/296 after approval
+#
+name: 2023 Kyuubi Code Contribution Task
+title: "[TASK][<LEVEL>] <The Task Title>"
+description: Propose a task for 2023 Kyuubi Code Contribution Program
+labels: [ "hacktoberfest" ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        You are very welcome to propose new task for 2023 Kyuubi Code Contribution Program.
+        Your brilliant ideas keep Apache Kyuubi evolving.
+        Please replace the placeholder `<LEVEL>` in the issue title with one of the following options:
+        - TRIVIAL - it's usually for new contributors to learn the contributor process, e.g. how to cut branch,
+          how to use GitHub to send PR, how to response with reviewers, the contributor should not stay at this
+          stage too long.
+        - EASY - tasks like minor bugs, or simple features without requirements of knowledge for whole Kyuubi
+          architecture.
+        - MEDIUM - tasks typical requires that contributors have knowledge on one or more Kyuubi components,
+          normally, unit tests and integration tests is also required to verify the implementations.
+        - CHALLENGE - tasks requires that contributors have deep knowledge on one or more Kyuubi components,
+          have good logical thinking and the ability to solve complex problems, be proficient in programming
+          skills or algorithms
+
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: The Code of Conduct helps create a safe space for everyone. We require that everyone agrees to it.
+      options:
+        - label: >
+            I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: Search before creating
+      options:
+        - label: >
+            I have searched in the [task list](https://github.com/orgs/apache/projects/296) and found no similar
+            tasks.
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: Mentor
+      description: Mentor is required for MEDIUM and CHALLENGE tasks, to guide contributors to complete the task.
+      options:
+        - label: >
+            I have sufficient knowledge and experience of this task, and I volunteer to be the mentor of this task
+            to guide contributors to complete the task.
+          required: false
+
+  - type: textarea
+    attributes:
+      label: Skill requirements
+      description: Which stills are required for contributors who want to take this task?
+      placeholder: |
+        e.g.
+        - Basic knowledge on Scala Programing Language
+        - Familiar with Apache Maven, Docker and GitHub Action
+        - Basic knowledge on network programing and Apache Thrift RPC framework
+        - Familiar with Apache Spark
+        - ...
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Background and Goals
+      description: What's the current problem, and what's the final status should be after the task is completed?
+      placeholder: >
+        Please describe the background and your goal for requesting this task.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Implementation steps
+      description: How could it be implemented?
+      placeholder: >
+        Please list the implementation steps in as much detail as possible so that contributors who meet
+        the skill requirements could complete the task quickly and independently.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Additional context
+      placeholder: >
+        Anything else that related to this task that the contributors need to know.
+    validations:
+      required: false
+
+  - type: markdown
+    attributes:
+      value: "Thanks for taking the time to fill out this task form!"

From 34bf47cab3d10fdac4386b1ce2d1bc017625b4bc Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Sun, 8 Oct 2023 17:43:46 +0800
Subject: [PATCH 663/760] [KYUUBI #5358] Bump iceberg 1.4.0

### _Why are the changes needed?_

https://github.com/apache/iceberg/releases/tag/apache-iceberg-1.4.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5358 from wForget/bump_iceberg_1_4.

Closes #5358

e03d8d672 [wforget] comment
db0b6b978 [wforget] Bump iceberg 1.4.0

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7e904e97b..e2b71f771 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,7 +158,7 @@
         <hive.archive.download.skip>false</hive.archive.download.skip>
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
-        <iceberg.version>1.3.1</iceberg.version>
+        <iceberg.version>1.4.0</iceberg.version>
         <jackson.version>2.15.0</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
         <jakarta.xml-bind.version>2.3.2</jakarta.xml-bind.version>
@@ -2190,6 +2190,8 @@
                 <spark.version>3.1.3</spark.version>
                 <spark.binary.version>3.1</spark.binary.version>
                 <delta.version>1.0.1</delta.version>
+                <!-- Iceberg removed the support for Spark 3.1 in apache/iceberg#8661 since 1.4.0 -->
+                <iceberg.version>1.3.1</iceberg.version>
                 <spark.archive.name>spark-${spark.version}-bin-hadoop3.2.tgz</spark.archive.name>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
             </properties>

From d2c072b7c2a4ea76b050db7fcec8916b70aa25f3 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Mon, 9 Oct 2023 10:51:07 +0800
Subject: [PATCH 664/760] [KYUUBI #5336] Spark extension supports Spark 3.5

### _Why are the changes needed?_

It is basically copied from `kyuubi-extension-spark-3-4`.

### _How was this patch tested?_

Compiled successfully:
```
build/mvn clean install -DskipTests -Pflink-provided,spark-provided,hive-provided,spark-3.5
```

- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5336 from wForget/dev_spark_3_5.

Closes #5336

7ba99804a [wforget] remove iceberg.version in spark-3.5 profile
a18ce166a [wforget] Regenerate KyuubiEnsureRequirements based on EnsureRequirements in spark 3.5
4725c4701 [wforget] fix iceberg version
f5a8ea934 [wforget] Bump iceberg 1.4.0
06558dcfa [wforget] make kyuubi-spark-authz plugin compatible with Spark3.5
90d0e4c70 [wforget] make kyuubi-spark-authz plugin compatible with Spark3.5
4bc8d24d6 [wforget] add ci
1b3f2d916 [wforget] Make kyuubi spark extension compatible with Spark3.5

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/license.yml                 |   2 +-
 .github/workflows/master.yml                  |   1 +
 .github/workflows/style.yml                   |   1 +
 build/dist                                    |   2 +-
 dev/kyuubi-codecov/pom.xml                    |  10 +
 dev/reformat                                  |   2 +-
 .../spark/kyuubi-extension-spark-3-5/pom.xml  | 206 +++++
 .../org/apache/kyuubi/sql/KyuubiSparkSQL.g4   | 191 +++++
 .../kyuubi/sql/DropIgnoreNonexistent.scala    |  49 ++
 .../sql/InferRebalanceAndSortOrders.scala     | 110 +++
 .../sql/InsertShuffleNodeBeforeJoin.scala     |  91 +++
 .../kyuubi/sql/KyuubiEnsureRequirements.scala | 464 +++++++++++
 .../sql/KyuubiQueryStagePreparation.scala     | 194 +++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala | 276 +++++++
 .../sql/KyuubiSQLExtensionException.scala     |  28 +
 .../kyuubi/sql/KyuubiSparkSQLAstBuilder.scala | 174 ++++
 .../sql/KyuubiSparkSQLCommonExtension.scala   |  49 ++
 .../kyuubi/sql/KyuubiSparkSQLExtension.scala  |  46 ++
 .../kyuubi/sql/KyuubiSparkSQLParser.scala     | 140 ++++
 .../kyuubi/sql/RebalanceBeforeWriting.scala   |  77 ++
 .../sql/RepartitionBeforeWritingBase.scala    | 125 +++
 .../org/apache/kyuubi/sql/WriteUtils.scala    |  34 +
 .../watchdog/ForcedMaxOutputRowsBase.scala    |  90 ++
 .../watchdog/ForcedMaxOutputRowsRule.scala    |  46 ++
 .../watchdog/KyuubiWatchDogException.scala    |  30 +
 .../kyuubi/sql/watchdog/MaxScanStrategy.scala | 305 +++++++
 .../zorder/InsertZorderBeforeWriting.scala    | 177 ++++
 .../InsertZorderBeforeWritingBase.scala       | 155 ++++
 .../zorder/OptimizeZorderCommandBase.scala    |  78 ++
 .../zorder/OptimizeZorderStatementBase.scala  |  34 +
 .../kyuubi/sql/zorder/ResolveZorderBase.scala |  79 ++
 .../apache/kyuubi/sql/zorder/ZorderBase.scala |  95 +++
 .../kyuubi/sql/zorder/ZorderBytesUtils.scala  | 517 ++++++++++++
 .../spark/sql/FinalStageResourceManager.scala | 289 +++++++
 .../sql/InjectCustomResourceProfile.scala     |  60 ++
 .../sql/PruneFileSourcePartitionHelper.scala  |  46 ++
 .../execution/CustomResourceProfileExec.scala | 112 +++
 .../src/test/resources/log4j2-test.xml        |  43 +
 .../sql/DropIgnoreNonexistentSuite.scala      |  45 +
 .../sql/FinalStageConfigIsolationSuite.scala  | 203 +++++
 .../sql/FinalStageResourceManagerSuite.scala  |  62 ++
 .../sql/InjectResourceProfileSuite.scala      |  79 ++
 .../InsertShuffleNodeBeforeJoinSuite.scala    |  19 +
 ...InsertShuffleNodeBeforeJoinSuiteBase.scala |  98 +++
 .../sql/KyuubiSparkSQLExtensionTest.scala     | 124 +++
 .../sql/RebalanceBeforeWritingSuite.scala     | 271 ++++++
 .../org/apache/spark/sql/WatchDogSuite.scala  |  20 +
 .../apache/spark/sql/WatchDogSuiteBase.scala  | 601 ++++++++++++++
 .../spark/sql/ZorderCoreBenchmark.scala       | 117 +++
 .../org/apache/spark/sql/ZorderSuite.scala    | 123 +++
 .../apache/spark/sql/ZorderSuiteBase.scala    | 768 ++++++++++++++++++
 .../sql/benchmark/KyuubiBenchmarkBase.scala   |  71 ++
 .../main/resources/table_command_spec.json    |   8 +-
 .../spark/authz/gen/TableCommands.scala       |   4 +-
 pom.xml                                       |  13 +
 55 files changed, 7045 insertions(+), 9 deletions(-)
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/pom.xml
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala

diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index 91c53a7a1..55ef485f8 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -45,7 +45,7 @@ jobs:
       - run: >-
           build/mvn org.apache.rat:apache-rat-plugin:check
           -Ptpcds -Pspark-block-cleaner -Pkubernetes-it
-          -Pspark-3.1 -Pspark-3.2 -Pspark-3.3 -Pspark-3.4
+          -Pspark-3.1 -Pspark-3.2 -Pspark-3.3 -Pspark-3.4 -Pspark-3.5
       - name: Upload rat report
         if: failure()
         uses: actions/upload-artifact@v3
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 3b85530d4..586db9c8e 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -52,6 +52,7 @@ jobs:
           - '3.2'
           - '3.3'
           - '3.4'
+          - '3.5'
         spark-archive: [""]
         exclude-tags: [""]
         comment: ["normal"]
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 6f575302e..21cacbc1d 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -69,6 +69,7 @@ jobs:
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-1 -Pspark-3.1
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-3,extensions/spark/kyuubi-spark-connector-hive -Pspark-3.3
           build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-4 -Pspark-3.4
+          build/mvn clean install ${MVN_OPT} -pl extensions/spark/kyuubi-extension-spark-3-5 -Pspark-3.5
 
       - name: Scalastyle with maven
         id: scalastyle-check
diff --git a/build/dist b/build/dist
index b81a2661e..df9498008 100755
--- a/build/dist
+++ b/build/dist
@@ -335,7 +335,7 @@ if [[ -f "$KYUUBI_HOME/tools/spark-block-cleaner/target/spark-block-cleaner_${SC
 fi
 
 # Copy Kyuubi Spark extension
-SPARK_EXTENSION_VERSIONS=('3-1' '3-2' '3-3' '3-4')
+SPARK_EXTENSION_VERSIONS=('3-1' '3-2' '3-3' '3-4' '3-5')
 # shellcheck disable=SC2068
 for SPARK_EXTENSION_VERSION in ${SPARK_EXTENSION_VERSIONS[@]}; do
   if [[ -f $"$KYUUBI_HOME/extensions/spark/kyuubi-extension-spark-$SPARK_EXTENSION_VERSION/target/kyuubi-extension-spark-${SPARK_EXTENSION_VERSION}_${SCALA_VERSION}-${VERSION}.jar" ]]; then
diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index 31b9d27bc..a5ec582f9 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -219,5 +219,15 @@
                 </dependency>
             </dependencies>
         </profile>
+        <profile>
+            <id>spark-3.5</id>
+            <dependencies>
+                <dependency>
+                    <groupId>org.apache.kyuubi</groupId>
+                    <artifactId>kyuubi-extension-spark-3-5_${scala.binary.version}</artifactId>
+                    <version>${project.version}</version>
+                </dependency>
+            </dependencies>
+        </profile>
     </profiles>
 </project>
diff --git a/dev/reformat b/dev/reformat
index 6346e68f6..31e8f49ad 100755
--- a/dev/reformat
+++ b/dev/reformat
@@ -20,7 +20,7 @@ set -x
 
 KYUUBI_HOME="$(cd "`dirname "$0"`/.."; pwd)"
 
-PROFILES="-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.4,spark-3.3,spark-3.2,spark-3.1,tpcds"
+PROFILES="-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.5,spark-3.4,spark-3.3,spark-3.2,spark-3.1,tpcds"
 
 # python style checks rely on `black` in path
 if ! command -v black &> /dev/null
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/pom.xml b/extensions/spark/kyuubi-extension-spark-3-5/pom.xml
new file mode 100644
index 000000000..e78a88a80
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/pom.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.kyuubi</groupId>
+        <artifactId>kyuubi-parent</artifactId>
+        <version>1.9.0-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>kyuubi-extension-spark-3-5_${scala.binary.version}</artifactId>
+    <packaging>jar</packaging>
+    <name>Kyuubi Dev Spark Extensions (for Spark 3.5)</name>
+    <url>https://kyuubi.apache.org/</url>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.scala-lang</groupId>
+            <artifactId>scala-library</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-sql_${scala.binary.version}</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-hive_${scala.binary.version}</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-download</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-core_${scala.binary.version}</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-catalyst_${scala.binary.version}</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.scalatestplus</groupId>
+            <artifactId>scalacheck-1-17_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.spark</groupId>
+            <artifactId>spark-sql_${scala.binary.version}</artifactId>
+            <version>${spark.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-client-runtime</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <!--
+          Spark requires `commons-collections` and `commons-io` but got them from transitive
+          dependencies of `hadoop-client`. As we are using Hadoop Shaded Client, we need add
+          them explicitly. See more details at SPARK-33212.
+          -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.xml.bind</groupId>
+            <artifactId>jakarta.xml.bind-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>regex-property</id>
+                        <goals>
+                            <goal>regex-property</goal>
+                        </goals>
+                        <configuration>
+                            <name>spark.home</name>
+                            <value>${project.basedir}/../../../externals/kyuubi-download/target/${spark.archive.name}</value>
+                            <regex>(.+)\.tgz</regex>
+                            <replacement>$1</replacement>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.scalatest</groupId>
+                <artifactId>scalatest-maven-plugin</artifactId>
+                <configuration>
+                    <environmentVariables>
+                        <!--
+                        Some tests run Spark in local-cluster mode.
+                        This mode uses SPARK_HOME and SPARK_SCALA_VERSION to build command to launch a Spark Standalone Cluster.
+                        -->
+                        <SPARK_HOME>${spark.home}</SPARK_HOME>
+                        <SPARK_SCALA_VERSION>${scala.binary.version}</SPARK_SCALA_VERSION>
+                    </environmentVariables>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.antlr</groupId>
+                <artifactId>antlr4-maven-plugin</artifactId>
+                <configuration>
+                    <visitor>true</visitor>
+                    <sourceDirectory>${project.basedir}/src/main/antlr4</sourceDirectory>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <configuration>
+                    <shadedArtifactAttached>false</shadedArtifactAttached>
+                    <artifactSet>
+                        <includes>
+                            <include>org.apache.kyuubi:*</include>
+                        </includes>
+                    </artifactSet>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <phase>package</phase>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
+</project>
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4 b/extensions/spark/kyuubi-extension-spark-3-5/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
new file mode 100644
index 000000000..e52b7f5cf
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/antlr4/org/apache/kyuubi/sql/KyuubiSparkSQL.g4
@@ -0,0 +1,191 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+grammar KyuubiSparkSQL;
+
+@members {
+   /**
+    * Verify whether current token is a valid decimal token (which contains dot).
+    * Returns true if the character that follows the token is not a digit or letter or underscore.
+    *
+    * For example:
+    * For char stream "2.3", "2." is not a valid decimal token, because it is followed by digit '3'.
+    * For char stream "2.3_", "2.3" is not a valid decimal token, because it is followed by '_'.
+    * For char stream "2.3W", "2.3" is not a valid decimal token, because it is followed by 'W'.
+    * For char stream "12.0D 34.E2+0.12 "  12.0D is a valid decimal token because it is followed
+    * by a space. 34.E2 is a valid decimal token because it is followed by symbol '+'
+    * which is not a digit or letter or underscore.
+    */
+   public boolean isValidDecimal() {
+     int nextChar = _input.LA(1);
+     if (nextChar >= 'A' && nextChar <= 'Z' || nextChar >= '0' && nextChar <= '9' ||
+       nextChar == '_') {
+       return false;
+     } else {
+       return true;
+     }
+   }
+ }
+
+tokens {
+    DELIMITER
+}
+
+singleStatement
+    : statement EOF
+    ;
+
+statement
+    : OPTIMIZE multipartIdentifier whereClause? zorderClause        #optimizeZorder
+    | .*?                                                           #passThrough
+    ;
+
+whereClause
+    : WHERE partitionPredicate = predicateToken
+    ;
+
+zorderClause
+    : ZORDER BY order+=multipartIdentifier (',' order+=multipartIdentifier)*
+    ;
+
+// We don't have an expression rule in our grammar here, so we just grab the tokens and defer
+// parsing them to later.
+predicateToken
+    :  .+?
+    ;
+
+multipartIdentifier
+    : parts+=identifier ('.' parts+=identifier)*
+    ;
+
+identifier
+    : strictIdentifier
+    ;
+
+strictIdentifier
+    : IDENTIFIER              #unquotedIdentifier
+    | quotedIdentifier        #quotedIdentifierAlternative
+    | nonReserved             #unquotedIdentifier
+    ;
+
+quotedIdentifier
+    : BACKQUOTED_IDENTIFIER
+    ;
+
+nonReserved
+    : AND
+    | BY
+    | FALSE
+    | DATE
+    | INTERVAL
+    | OPTIMIZE
+    | OR
+    | TABLE
+    | TIMESTAMP
+    | TRUE
+    | WHERE
+    | ZORDER
+    ;
+
+AND: 'AND';
+BY: 'BY';
+FALSE: 'FALSE';
+DATE: 'DATE';
+INTERVAL: 'INTERVAL';
+OPTIMIZE: 'OPTIMIZE';
+OR: 'OR';
+TABLE: 'TABLE';
+TIMESTAMP: 'TIMESTAMP';
+TRUE: 'TRUE';
+WHERE: 'WHERE';
+ZORDER: 'ZORDER';
+
+MINUS: '-';
+
+BIGINT_LITERAL
+    : DIGIT+ 'L'
+    ;
+
+SMALLINT_LITERAL
+    : DIGIT+ 'S'
+    ;
+
+TINYINT_LITERAL
+    : DIGIT+ 'Y'
+    ;
+
+INTEGER_VALUE
+    : DIGIT+
+    ;
+
+DECIMAL_VALUE
+    : DIGIT+ EXPONENT
+    | DECIMAL_DIGITS EXPONENT? {isValidDecimal()}?
+    ;
+
+DOUBLE_LITERAL
+    : DIGIT+ EXPONENT? 'D'
+    | DECIMAL_DIGITS EXPONENT? 'D' {isValidDecimal()}?
+    ;
+
+BIGDECIMAL_LITERAL
+    : DIGIT+ EXPONENT? 'BD'
+    | DECIMAL_DIGITS EXPONENT? 'BD' {isValidDecimal()}?
+    ;
+
+BACKQUOTED_IDENTIFIER
+    : '`' ( ~'`' | '``' )* '`'
+    ;
+
+IDENTIFIER
+    : (LETTER | DIGIT | '_')+
+    ;
+
+fragment DECIMAL_DIGITS
+    : DIGIT+ '.' DIGIT*
+    | '.' DIGIT+
+    ;
+
+fragment EXPONENT
+    : 'E' [+-]? DIGIT+
+    ;
+
+fragment DIGIT
+    : [0-9]
+    ;
+
+fragment LETTER
+    : [A-Z]
+    ;
+
+SIMPLE_COMMENT
+    : '--' ~[\r\n]* '\r'? '\n'? -> channel(HIDDEN)
+    ;
+
+BRACKETED_COMMENT
+    : '/*' .*? '*/' -> channel(HIDDEN)
+    ;
+
+WS  : [ \r\n\t]+ -> channel(HIDDEN)
+    ;
+
+// Catch-all for anything we can't recognize.
+// We use this to be able to ignore and recover all the text
+// when splitting statements with DelimiterLexer
+UNRECOGNIZED
+    : .
+    ;
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala
new file mode 100644
index 000000000..e33632b8b
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DropIgnoreNonexistent.scala
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedFunctionName, UnresolvedRelation}
+import org.apache.spark.sql.catalyst.plans.logical.{DropFunction, DropNamespace, LogicalPlan, NoopCommand, UncacheTable}
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.command.{AlterTableDropPartitionCommand, DropTableCommand}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+case class DropIgnoreNonexistent(session: SparkSession) extends Rule[LogicalPlan] {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(DROP_IGNORE_NONEXISTENT)) {
+      plan match {
+        case i @ AlterTableDropPartitionCommand(_, _, false, _, _) =>
+          i.copy(ifExists = true)
+        case i @ DropTableCommand(_, false, _, _) =>
+          i.copy(ifExists = true)
+        case i @ DropNamespace(_, false, _) =>
+          i.copy(ifExists = true)
+        case UncacheTable(u: UnresolvedRelation, false, _) =>
+          NoopCommand("UNCACHE TABLE", u.multipartIdentifier)
+        case DropFunction(u: UnresolvedFunctionName, false) =>
+          NoopCommand("DROP FUNCTION", u.multipartIdentifier)
+        case _ => plan
+      }
+    } else {
+      plan
+    }
+  }
+
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala
new file mode 100644
index 000000000..fcbf5c0a1
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InferRebalanceAndSortOrders.scala
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import scala.annotation.tailrec
+
+import org.apache.spark.sql.catalyst.expressions.{Alias, Attribute, AttributeSet, Expression, NamedExpression, UnaryExpression}
+import org.apache.spark.sql.catalyst.planning.ExtractEquiJoinKeys
+import org.apache.spark.sql.catalyst.plans.{FullOuter, Inner, LeftAnti, LeftOuter, LeftSemi, RightOuter}
+import org.apache.spark.sql.catalyst.plans.logical.{Aggregate, Filter, LogicalPlan, Project, Sort, SubqueryAlias, View}
+
+/**
+ * Infer the columns for Rebalance and Sort to improve the compression ratio.
+ *
+ * For example
+ * {{{
+ *   INSERT INTO TABLE t PARTITION(p='a')
+ *   SELECT * FROM t1 JOIN t2 on t1.c1 = t2.c1
+ * }}}
+ * the inferred columns are: t1.c1
+ */
+object InferRebalanceAndSortOrders {
+
+  type PartitioningAndOrdering = (Seq[Expression], Seq[Expression])
+
+  private def getAliasMap(named: Seq[NamedExpression]): Map[Expression, Attribute] = {
+    @tailrec
+    def throughUnary(e: Expression): Expression = e match {
+      case u: UnaryExpression if u.deterministic =>
+        throughUnary(u.child)
+      case _ => e
+    }
+
+    named.flatMap {
+      case a @ Alias(child, _) =>
+        Some((throughUnary(child).canonicalized, a.toAttribute))
+      case _ => None
+    }.toMap
+  }
+
+  def infer(plan: LogicalPlan): Option[PartitioningAndOrdering] = {
+    def candidateKeys(
+        input: LogicalPlan,
+        output: AttributeSet = AttributeSet.empty): Option[PartitioningAndOrdering] = {
+      input match {
+        case ExtractEquiJoinKeys(joinType, leftKeys, rightKeys, _, _, _, _, _) =>
+          joinType match {
+            case LeftSemi | LeftAnti | LeftOuter => Some((leftKeys, leftKeys))
+            case RightOuter => Some((rightKeys, rightKeys))
+            case Inner | FullOuter =>
+              if (output.isEmpty) {
+                Some((leftKeys ++ rightKeys, leftKeys ++ rightKeys))
+              } else {
+                assert(leftKeys.length == rightKeys.length)
+                val keys = leftKeys.zip(rightKeys).flatMap { case (left, right) =>
+                  if (left.references.subsetOf(output)) {
+                    Some(left)
+                  } else if (right.references.subsetOf(output)) {
+                    Some(right)
+                  } else {
+                    None
+                  }
+                }
+                Some((keys, keys))
+              }
+            case _ => None
+          }
+        case agg: Aggregate =>
+          val aliasMap = getAliasMap(agg.aggregateExpressions)
+          Some((
+            agg.groupingExpressions.map(p => aliasMap.getOrElse(p.canonicalized, p)),
+            agg.groupingExpressions.map(o => aliasMap.getOrElse(o.canonicalized, o))))
+        case s: Sort => Some((s.order.map(_.child), s.order.map(_.child)))
+        case p: Project =>
+          val aliasMap = getAliasMap(p.projectList)
+          candidateKeys(p.child, p.references).map { case (partitioning, ordering) =>
+            (
+              partitioning.map(p => aliasMap.getOrElse(p.canonicalized, p)),
+              ordering.map(o => aliasMap.getOrElse(o.canonicalized, o)))
+          }
+        case f: Filter => candidateKeys(f.child, output)
+        case s: SubqueryAlias => candidateKeys(s.child, output)
+        case v: View => candidateKeys(v.child, output)
+
+        case _ => None
+      }
+    }
+
+    candidateKeys(plan).map { case (partitioning, ordering) =>
+      (
+        partitioning.filter(_.references.subsetOf(plan.outputSet)),
+        ordering.filter(_.references.subsetOf(plan.outputSet)))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala
new file mode 100644
index 000000000..1a02e8c1e
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/InsertShuffleNodeBeforeJoin.scala
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.catalyst.plans.physical.Distribution
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{SortExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive.QueryStageExec
+import org.apache.spark.sql.execution.aggregate.BaseAggregateExec
+import org.apache.spark.sql.execution.exchange.{Exchange, ShuffleExchangeExec}
+import org.apache.spark.sql.execution.joins.{ShuffledHashJoinExec, SortMergeJoinExec}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * Insert shuffle node before join if it doesn't exist to make `OptimizeSkewedJoin` works.
+ */
+object InsertShuffleNodeBeforeJoin extends Rule[SparkPlan] {
+
+  override def apply(plan: SparkPlan): SparkPlan = {
+    // this rule has no meaning without AQE
+    if (!conf.getConf(FORCE_SHUFFLE_BEFORE_JOIN) ||
+      !conf.getConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED)) {
+      return plan
+    }
+
+    val newPlan = insertShuffleBeforeJoin(plan)
+    if (plan.fastEquals(newPlan)) {
+      plan
+    } else {
+      // make sure the output partitioning and ordering will not be broken.
+      KyuubiEnsureRequirements.apply(newPlan)
+    }
+  }
+
+  // Since spark 3.3, insertShuffleBeforeJoin shouldn't be applied if join is skewed.
+  private def insertShuffleBeforeJoin(plan: SparkPlan): SparkPlan = plan transformUp {
+    case smj @ SortMergeJoinExec(_, _, _, _, l, r, isSkewJoin) if !isSkewJoin =>
+      smj.withNewChildren(checkAndInsertShuffle(smj.requiredChildDistribution.head, l) ::
+        checkAndInsertShuffle(smj.requiredChildDistribution(1), r) :: Nil)
+
+    case shj: ShuffledHashJoinExec if !shj.isSkewJoin =>
+      if (!shj.left.isInstanceOf[Exchange] && !shj.right.isInstanceOf[Exchange]) {
+        shj.withNewChildren(withShuffleExec(shj.requiredChildDistribution.head, shj.left) ::
+          withShuffleExec(shj.requiredChildDistribution(1), shj.right) :: Nil)
+      } else if (!shj.left.isInstanceOf[Exchange]) {
+        shj.withNewChildren(
+          withShuffleExec(shj.requiredChildDistribution.head, shj.left) :: shj.right :: Nil)
+      } else if (!shj.right.isInstanceOf[Exchange]) {
+        shj.withNewChildren(
+          shj.left :: withShuffleExec(shj.requiredChildDistribution(1), shj.right) :: Nil)
+      } else {
+        shj
+      }
+  }
+
+  private def checkAndInsertShuffle(
+      distribution: Distribution,
+      child: SparkPlan): SparkPlan = child match {
+    case SortExec(_, _, _: Exchange, _) =>
+      child
+    case SortExec(_, _, _: QueryStageExec, _) =>
+      child
+    case sort @ SortExec(_, _, agg: BaseAggregateExec, _) =>
+      sort.withNewChildren(withShuffleExec(distribution, agg) :: Nil)
+    case _ =>
+      withShuffleExec(distribution, child)
+  }
+
+  private def withShuffleExec(distribution: Distribution, child: SparkPlan): SparkPlan = {
+    val numPartitions = distribution.requiredNumPartitions
+      .getOrElse(conf.numShufflePartitions)
+    ShuffleExchangeExec(distribution.createPartitioning(numPartitions), child)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala
new file mode 100644
index 000000000..586cad838
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiEnsureRequirements.scala
@@ -0,0 +1,464 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.expressions.SortOrder
+import org.apache.spark.sql.catalyst.plans._
+import org.apache.spark.sql.catalyst.plans.JoinType
+import org.apache.spark.sql.catalyst.plans.physical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.catalyst.util.InternalRowComparableWrapper
+import org.apache.spark.sql.execution.{SortExec, SparkPlan}
+import org.apache.spark.sql.execution.datasources.v2.BatchScanExec
+import org.apache.spark.sql.execution.exchange._
+import org.apache.spark.sql.execution.joins.{ShuffledHashJoinExec, SortMergeJoinExec}
+import org.apache.spark.sql.internal.SQLConf
+
+/**
+ * Copy from Apache Spark `EnsureRequirements`
+ *   1. remove reorder join predicates
+ *   2. remove shuffle pruning
+ */
+object KyuubiEnsureRequirements extends Rule[SparkPlan] {
+
+  private def ensureDistributionAndOrdering(
+      parent: Option[SparkPlan],
+      originalChildren: Seq[SparkPlan],
+      requiredChildDistributions: Seq[Distribution],
+      requiredChildOrderings: Seq[Seq[SortOrder]],
+      shuffleOrigin: ShuffleOrigin): Seq[SparkPlan] = {
+    assert(requiredChildDistributions.length == originalChildren.length)
+    assert(requiredChildOrderings.length == originalChildren.length)
+    // Ensure that the operator's children satisfy their output distribution requirements.
+    var children = originalChildren.zip(requiredChildDistributions).map {
+      case (child, distribution) if child.outputPartitioning.satisfies(distribution) =>
+        child
+      case (child, BroadcastDistribution(mode)) =>
+        BroadcastExchangeExec(mode, child)
+      case (child, distribution) =>
+        val numPartitions = distribution.requiredNumPartitions
+          .getOrElse(conf.numShufflePartitions)
+        ShuffleExchangeExec(distribution.createPartitioning(numPartitions), child, shuffleOrigin)
+    }
+
+    // Get the indexes of children which have specified distribution requirements and need to be
+    // co-partitioned.
+    val childrenIndexes = requiredChildDistributions.zipWithIndex.filter {
+      case (_: ClusteredDistribution, _) => true
+      case _ => false
+    }.map(_._2)
+
+    // Special case: if all sides of the join are single partition and it's physical size less than
+    // or equal spark.sql.maxSinglePartitionBytes.
+    val preferSinglePartition = childrenIndexes.forall { i =>
+      children(i).outputPartitioning == SinglePartition &&
+      children(i).logicalLink
+        .forall(_.stats.sizeInBytes <= conf.getConf(SQLConf.MAX_SINGLE_PARTITION_BYTES))
+    }
+
+    // If there are more than one children, we'll need to check partitioning & distribution of them
+    // and see if extra shuffles are necessary.
+    if (childrenIndexes.length > 1 && !preferSinglePartition) {
+      val specs = childrenIndexes.map(i => {
+        val requiredDist = requiredChildDistributions(i)
+        assert(
+          requiredDist.isInstanceOf[ClusteredDistribution],
+          s"Expected ClusteredDistribution but found ${requiredDist.getClass.getSimpleName}")
+        i -> children(i).outputPartitioning.createShuffleSpec(
+          requiredDist.asInstanceOf[ClusteredDistribution])
+      }).toMap
+
+      // Find out the shuffle spec that gives better parallelism. Currently this is done by
+      // picking the spec with the largest number of partitions.
+      //
+      // NOTE: this is not optimal for the case when there are more than 2 children. Consider:
+      //   (10, 10, 11)
+      // where the number represent the number of partitions for each child, it's better to pick 10
+      // here since we only need to shuffle one side - we'd need to shuffle two sides if we pick 11.
+      //
+      // However this should be sufficient for now since in Spark nodes with multiple children
+      // always have exactly 2 children.
+
+      // Whether we should consider `spark.sql.shuffle.partitions` and ensure enough parallelism
+      // during shuffle. To achieve a good trade-off between parallelism and shuffle cost, we only
+      // consider the minimum parallelism iff ALL children need to be re-shuffled.
+      //
+      // A child needs to be re-shuffled iff either one of below is true:
+      //   1. It can't create partitioning by itself, i.e., `canCreatePartitioning` returns false
+      //      (as for the case of `RangePartitioning`), therefore it needs to be re-shuffled
+      //      according to other shuffle spec.
+      //   2. It already has `ShuffleExchangeLike`, so we can re-use existing shuffle without
+      //      introducing extra shuffle.
+      //
+      // On the other hand, in scenarios such as:
+      //   HashPartitioning(5) <-> HashPartitioning(6)
+      // while `spark.sql.shuffle.partitions` is 10, we'll only re-shuffle the left side and make it
+      // HashPartitioning(6).
+      val shouldConsiderMinParallelism = specs.forall(p =>
+        !p._2.canCreatePartitioning || children(p._1).isInstanceOf[ShuffleExchangeLike])
+      // Choose all the specs that can be used to shuffle other children
+      val candidateSpecs = specs
+        .filter(_._2.canCreatePartitioning)
+        .filter(p =>
+          !shouldConsiderMinParallelism ||
+            children(p._1).outputPartitioning.numPartitions >= conf.defaultNumShufflePartitions)
+      val bestSpecOpt = if (candidateSpecs.isEmpty) {
+        None
+      } else {
+        // When choosing specs, we should consider those children with no `ShuffleExchangeLike` node
+        // first. For instance, if we have:
+        //   A: (No_Exchange, 100) <---> B: (Exchange, 120)
+        // it's better to pick A and change B to (Exchange, 100) instead of picking B and insert a
+        // new shuffle for A.
+        val candidateSpecsWithoutShuffle = candidateSpecs.filter { case (k, _) =>
+          !children(k).isInstanceOf[ShuffleExchangeLike]
+        }
+        val finalCandidateSpecs = if (candidateSpecsWithoutShuffle.nonEmpty) {
+          candidateSpecsWithoutShuffle
+        } else {
+          candidateSpecs
+        }
+        // Pick the spec with the best parallelism
+        Some(finalCandidateSpecs.values.maxBy(_.numPartitions))
+      }
+
+      // Check if the following conditions are satisfied:
+      //   1. There are exactly two children (e.g., join). Note that Spark doesn't support
+      //      multi-way join at the moment, so this check should be sufficient.
+      //   2. All children are of `KeyGroupedPartitioning`, and they are compatible with each other
+      // If both are true, skip shuffle.
+      val isKeyGroupCompatible = parent.isDefined &&
+        children.length == 2 && childrenIndexes.length == 2 && {
+          val left = children.head
+          val right = children(1)
+          val newChildren = checkKeyGroupCompatible(
+            parent.get,
+            left,
+            right,
+            requiredChildDistributions)
+          if (newChildren.isDefined) {
+            children = newChildren.get
+          }
+          newChildren.isDefined
+        }
+
+      children = children.zip(requiredChildDistributions).zipWithIndex.map {
+        case ((child, _), idx) if isKeyGroupCompatible || !childrenIndexes.contains(idx) =>
+          child
+        case ((child, dist), idx) =>
+          if (bestSpecOpt.isDefined && bestSpecOpt.get.isCompatibleWith(specs(idx))) {
+            child
+          } else {
+            val newPartitioning = bestSpecOpt.map { bestSpec =>
+              // Use the best spec to create a new partitioning to re-shuffle this child
+              val clustering = dist.asInstanceOf[ClusteredDistribution].clustering
+              bestSpec.createPartitioning(clustering)
+            }.getOrElse {
+              // No best spec available, so we create default partitioning from the required
+              // distribution
+              val numPartitions = dist.requiredNumPartitions
+                .getOrElse(conf.numShufflePartitions)
+              dist.createPartitioning(numPartitions)
+            }
+
+            child match {
+              case ShuffleExchangeExec(_, c, so, ps) =>
+                ShuffleExchangeExec(newPartitioning, c, so, ps)
+              case _ => ShuffleExchangeExec(newPartitioning, child)
+            }
+          }
+      }
+    }
+
+    // Now that we've performed any necessary shuffles, add sorts to guarantee output orderings:
+    children = children.zip(requiredChildOrderings).map { case (child, requiredOrdering) =>
+      // If child.outputOrdering already satisfies the requiredOrdering, we do not need to sort.
+      if (SortOrder.orderingSatisfies(child.outputOrdering, requiredOrdering)) {
+        child
+      } else {
+        SortExec(requiredOrdering, global = false, child = child)
+      }
+    }
+
+    children
+  }
+
+  /**
+   * Checks whether two children, `left` and `right`, of a join operator have compatible
+   * `KeyGroupedPartitioning`, and can benefit from storage-partitioned join.
+   *
+   * Returns the updated new children if the check is successful, otherwise `None`.
+   */
+  private def checkKeyGroupCompatible(
+      parent: SparkPlan,
+      left: SparkPlan,
+      right: SparkPlan,
+      requiredChildDistribution: Seq[Distribution]): Option[Seq[SparkPlan]] = {
+    parent match {
+      case smj: SortMergeJoinExec =>
+        checkKeyGroupCompatible(left, right, smj.joinType, requiredChildDistribution)
+      case sj: ShuffledHashJoinExec =>
+        checkKeyGroupCompatible(left, right, sj.joinType, requiredChildDistribution)
+      case _ =>
+        None
+    }
+  }
+
+  private def checkKeyGroupCompatible(
+      left: SparkPlan,
+      right: SparkPlan,
+      joinType: JoinType,
+      requiredChildDistribution: Seq[Distribution]): Option[Seq[SparkPlan]] = {
+    assert(requiredChildDistribution.length == 2)
+
+    var newLeft = left
+    var newRight = right
+
+    val specs = Seq(left, right).zip(requiredChildDistribution).map { case (p, d) =>
+      if (!d.isInstanceOf[ClusteredDistribution]) return None
+      val cd = d.asInstanceOf[ClusteredDistribution]
+      val specOpt = createKeyGroupedShuffleSpec(p.outputPartitioning, cd)
+      if (specOpt.isEmpty) return None
+      specOpt.get
+    }
+
+    val leftSpec = specs.head
+    val rightSpec = specs(1)
+
+    var isCompatible = false
+    if (!conf.v2BucketingPushPartValuesEnabled) {
+      isCompatible = leftSpec.isCompatibleWith(rightSpec)
+    } else {
+      logInfo("Pushing common partition values for storage-partitioned join")
+      isCompatible = leftSpec.areKeysCompatible(rightSpec)
+
+      // Partition expressions are compatible. Regardless of whether partition values
+      // match from both sides of children, we can calculate a superset of partition values and
+      // push-down to respective data sources so they can adjust their output partitioning by
+      // filling missing partition keys with empty partitions. As result, we can still avoid
+      // shuffle.
+      //
+      // For instance, if two sides of a join have partition expressions
+      // `day(a)` and `day(b)` respectively
+      // (the join query could be `SELECT ... FROM t1 JOIN t2 on t1.a = t2.b`), but
+      // with different partition values:
+      //   `day(a)`: [0, 1]
+      //   `day(b)`: [1, 2, 3]
+      // Following the case 2 above, we don't have to shuffle both sides, but instead can
+      // just push the common set of partition values: `[0, 1, 2, 3]` down to the two data
+      // sources.
+      if (isCompatible) {
+        val leftPartValues = leftSpec.partitioning.partitionValues
+        val rightPartValues = rightSpec.partitioning.partitionValues
+
+        logInfo(
+          s"""
+             |Left side # of partitions: ${leftPartValues.size}
+             |Right side # of partitions: ${rightPartValues.size}
+             |""".stripMargin)
+
+        // As partition keys are compatible, we can pick either left or right as partition
+        // expressions
+        val partitionExprs = leftSpec.partitioning.expressions
+
+        var mergedPartValues = InternalRowComparableWrapper
+          .mergePartitions(leftSpec.partitioning, rightSpec.partitioning, partitionExprs)
+          .map(v => (v, 1))
+
+        logInfo(s"After merging, there are ${mergedPartValues.size} partitions")
+
+        var replicateLeftSide = false
+        var replicateRightSide = false
+        var applyPartialClustering = false
+
+        // This means we allow partitions that are not clustered on their values,
+        // that is, multiple partitions with the same partition value. In the
+        // following, we calculate how many partitions that each distinct partition
+        // value has, and pushdown the information to scans, so they can adjust their
+        // final input partitions respectively.
+        if (conf.v2BucketingPartiallyClusteredDistributionEnabled) {
+          logInfo("Calculating partially clustered distribution for " +
+            "storage-partitioned join")
+
+          // Similar to `OptimizeSkewedJoin`, we need to check join type and decide
+          // whether partially clustered distribution can be applied. For instance, the
+          // optimization cannot be applied to a left outer join, where the left hand
+          // side is chosen as the side to replicate partitions according to stats.
+          // Otherwise, query result could be incorrect.
+          val canReplicateLeft = canReplicateLeftSide(joinType)
+          val canReplicateRight = canReplicateRightSide(joinType)
+
+          if (!canReplicateLeft && !canReplicateRight) {
+            logInfo("Skipping partially clustered distribution as it cannot be applied for " +
+              s"join type '$joinType'")
+          } else {
+            val leftLink = left.logicalLink
+            val rightLink = right.logicalLink
+
+            replicateLeftSide =
+              if (leftLink.isDefined && rightLink.isDefined &&
+                leftLink.get.stats.sizeInBytes > 1 &&
+                rightLink.get.stats.sizeInBytes > 1) {
+                logInfo(
+                  s"""
+                     |Using plan statistics to determine which side of join to fully
+                     |cluster partition values:
+                     |Left side size (in bytes): ${leftLink.get.stats.sizeInBytes}
+                     |Right side size (in bytes): ${rightLink.get.stats.sizeInBytes}
+                     |""".stripMargin)
+                leftLink.get.stats.sizeInBytes < rightLink.get.stats.sizeInBytes
+              } else {
+                // As a simple heuristic, we pick the side with fewer number of partitions
+                // to apply the grouping & replication of partitions
+                logInfo("Using number of partitions to determine which side of join " +
+                  "to fully cluster partition values")
+                leftPartValues.size < rightPartValues.size
+              }
+
+            replicateRightSide = !replicateLeftSide
+
+            // Similar to skewed join, we need to check the join type to see whether replication
+            // of partitions can be applied. For instance, replication should not be allowed for
+            // the left-hand side of a right outer join.
+            if (replicateLeftSide && !canReplicateLeft) {
+              logInfo("Left-hand side is picked but cannot be applied to join type " +
+                s"'$joinType'. Skipping partially clustered distribution.")
+              replicateLeftSide = false
+            } else if (replicateRightSide && !canReplicateRight) {
+              logInfo("Right-hand side is picked but cannot be applied to join type " +
+                s"'$joinType'. Skipping partially clustered distribution.")
+              replicateRightSide = false
+            } else {
+              val partValues = if (replicateLeftSide) rightPartValues else leftPartValues
+              val numExpectedPartitions = partValues
+                .map(InternalRowComparableWrapper(_, partitionExprs))
+                .groupBy(identity)
+                .mapValues(_.size)
+
+              mergedPartValues = mergedPartValues.map { case (partVal, numParts) =>
+                (
+                  partVal,
+                  numExpectedPartitions.getOrElse(
+                    InternalRowComparableWrapper(partVal, partitionExprs),
+                    numParts))
+              }
+
+              logInfo("After applying partially clustered distribution, there are " +
+                s"${mergedPartValues.map(_._2).sum} partitions.")
+              applyPartialClustering = true
+            }
+          }
+        }
+
+        // Now we need to push-down the common partition key to the scan in each child
+        newLeft = populatePartitionValues(
+          left,
+          mergedPartValues,
+          applyPartialClustering,
+          replicateLeftSide)
+        newRight = populatePartitionValues(
+          right,
+          mergedPartValues,
+          applyPartialClustering,
+          replicateRightSide)
+      }
+    }
+
+    if (isCompatible) Some(Seq(newLeft, newRight)) else None
+  }
+
+  // Similar to `OptimizeSkewedJoin.canSplitRightSide`
+  private def canReplicateLeftSide(joinType: JoinType): Boolean = {
+    joinType == Inner || joinType == Cross || joinType == RightOuter
+  }
+
+  // Similar to `OptimizeSkewedJoin.canSplitLeftSide`
+  private def canReplicateRightSide(joinType: JoinType): Boolean = {
+    joinType == Inner || joinType == Cross || joinType == LeftSemi ||
+    joinType == LeftAnti || joinType == LeftOuter
+  }
+
+  // Populate the common partition values down to the scan nodes
+  private def populatePartitionValues(
+      plan: SparkPlan,
+      values: Seq[(InternalRow, Int)],
+      applyPartialClustering: Boolean,
+      replicatePartitions: Boolean): SparkPlan = plan match {
+    case scan: BatchScanExec =>
+      scan.copy(spjParams = scan.spjParams.copy(
+        commonPartitionValues = Some(values),
+        applyPartialClustering = applyPartialClustering,
+        replicatePartitions = replicatePartitions))
+    case node =>
+      node.mapChildren(child =>
+        populatePartitionValues(
+          child,
+          values,
+          applyPartialClustering,
+          replicatePartitions))
+  }
+
+  /**
+   * Tries to create a [[KeyGroupedShuffleSpec]] from the input partitioning and distribution, if
+   * the partitioning is a [[KeyGroupedPartitioning]] (either directly or indirectly), and
+   * satisfies the given distribution.
+   */
+  private def createKeyGroupedShuffleSpec(
+      partitioning: Partitioning,
+      distribution: ClusteredDistribution): Option[KeyGroupedShuffleSpec] = {
+    def check(partitioning: KeyGroupedPartitioning): Option[KeyGroupedShuffleSpec] = {
+      val attributes = partitioning.expressions.flatMap(_.collectLeaves())
+      val clustering = distribution.clustering
+
+      val satisfies = if (SQLConf.get.getConf(SQLConf.REQUIRE_ALL_CLUSTER_KEYS_FOR_CO_PARTITION)) {
+        attributes.length == clustering.length && attributes.zip(clustering).forall {
+          case (l, r) => l.semanticEquals(r)
+        }
+      } else {
+        partitioning.satisfies(distribution)
+      }
+
+      if (satisfies) {
+        Some(partitioning.createShuffleSpec(distribution).asInstanceOf[KeyGroupedShuffleSpec])
+      } else {
+        None
+      }
+    }
+
+    partitioning match {
+      case p: KeyGroupedPartitioning => check(p)
+      case PartitioningCollection(partitionings) =>
+        val specs = partitionings.map(p => createKeyGroupedShuffleSpec(p, distribution))
+        assert(specs.forall(_.isEmpty) || specs.forall(_.isDefined))
+        specs.head
+      case _ => None
+    }
+  }
+
+  def apply(plan: SparkPlan): SparkPlan = plan.transformUp {
+    case operator: SparkPlan =>
+      val newChildren = ensureDistributionAndOrdering(
+        Some(operator),
+        operator.children,
+        operator.requiredChildDistribution,
+        operator.requiredChildOrdering,
+        ENSURE_REQUIREMENTS)
+      operator.withNewChildren(newChildren)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
new file mode 100644
index 000000000..a7fcbecd4
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiQueryStagePreparation.scala
@@ -0,0 +1,194 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.adaptive.QueryStageExec
+import org.apache.spark.sql.execution.command.{ResetCommand, SetCommand}
+import org.apache.spark.sql.execution.exchange.{BroadcastExchangeLike, ReusedExchangeExec, ShuffleExchangeLike}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * This rule split stage into two parts:
+ *   1. previous stage
+ *   2. final stage
+ * For final stage, we can inject extra config. It's useful if we use repartition to optimize
+ * small files that needs bigger shuffle partition size than previous.
+ *
+ * Let's say we have a query with 3 stages, then the logical machine like:
+ *
+ * Set/Reset Command -> cleanup previousStage config if user set the spark config.
+ * Query -> AQE -> stage1 -> preparation (use previousStage to overwrite spark config)
+ *       -> AQE -> stage2 -> preparation (use spark config)
+ *       -> AQE -> stage3 -> preparation (use finalStage config to overwrite spark config,
+ *                                        store spark config to previousStage.)
+ *
+ * An example of the new finalStage config:
+ * `spark.sql.adaptive.advisoryPartitionSizeInBytes` ->
+ * `spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`
+ */
+case class FinalStageConfigIsolation(session: SparkSession) extends Rule[SparkPlan] {
+  import FinalStageConfigIsolation._
+
+  override def apply(plan: SparkPlan): SparkPlan = {
+    // this rule has no meaning without AQE
+    if (!conf.getConf(FINAL_STAGE_CONFIG_ISOLATION) ||
+      !conf.getConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED)) {
+      return plan
+    }
+
+    if (isFinalStage(plan)) {
+      // We can not get the whole plan at query preparation phase to detect if current plan is
+      // for writing, so we depend on a tag which is been injected at post resolution phase.
+      // Note: we should still do clean up previous config for non-final stage to avoid such case:
+      // the first statement is write, but the second statement is query.
+      if (conf.getConf(FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY) &&
+        !WriteUtils.isWrite(session, plan)) {
+        return plan
+      }
+
+      // set config for final stage
+      session.conf.getAll.filter(_._1.startsWith(FINAL_STAGE_CONFIG_PREFIX)).foreach {
+        case (k, v) =>
+          val sparkConfigKey = s"spark.sql.${k.substring(FINAL_STAGE_CONFIG_PREFIX.length)}"
+          val previousStageConfigKey =
+            s"$PREVIOUS_STAGE_CONFIG_PREFIX${k.substring(FINAL_STAGE_CONFIG_PREFIX.length)}"
+          // store the previous config only if we have not stored, to avoid some query only
+          // have one stage that will overwrite real config.
+          if (!session.sessionState.conf.contains(previousStageConfigKey)) {
+            val originalValue =
+              if (session.conf.getOption(sparkConfigKey).isDefined) {
+                session.sessionState.conf.getConfString(sparkConfigKey)
+              } else {
+                // the default value of config is None, so we need to use a internal tag
+                INTERNAL_UNSET_CONFIG_TAG
+              }
+            logInfo(s"Store config: $sparkConfigKey to previousStage, " +
+              s"original value: $originalValue ")
+            session.sessionState.conf.setConfString(previousStageConfigKey, originalValue)
+          }
+          logInfo(s"For final stage: set $sparkConfigKey = $v.")
+          session.conf.set(sparkConfigKey, v)
+      }
+    } else {
+      // reset config for previous stage
+      session.conf.getAll.filter(_._1.startsWith(PREVIOUS_STAGE_CONFIG_PREFIX)).foreach {
+        case (k, v) =>
+          val sparkConfigKey = s"spark.sql.${k.substring(PREVIOUS_STAGE_CONFIG_PREFIX.length)}"
+          logInfo(s"For previous stage: set $sparkConfigKey = $v.")
+          if (v == INTERNAL_UNSET_CONFIG_TAG) {
+            session.conf.unset(sparkConfigKey)
+          } else {
+            session.conf.set(sparkConfigKey, v)
+          }
+          // unset config so that we do not need to reset configs for every previous stage
+          session.conf.unset(k)
+      }
+    }
+
+    plan
+  }
+
+  /**
+   * Currently formula depend on AQE in Spark 3.1.1, not sure it can work in future.
+   */
+  private def isFinalStage(plan: SparkPlan): Boolean = {
+    var shuffleNum = 0
+    var broadcastNum = 0
+    var reusedNum = 0
+    var queryStageNum = 0
+
+    def collectNumber(p: SparkPlan): SparkPlan = {
+      p transform {
+        case shuffle: ShuffleExchangeLike =>
+          shuffleNum += 1
+          shuffle
+
+        case broadcast: BroadcastExchangeLike =>
+          broadcastNum += 1
+          broadcast
+
+        case reusedExchangeExec: ReusedExchangeExec =>
+          reusedNum += 1
+          reusedExchangeExec
+
+        // query stage is leaf node so we need to transform it manually
+        // compatible with Spark 3.5:
+        // SPARK-42101: table cache is a independent query stage, so do not need include it.
+        case queryStage: QueryStageExec if queryStage.nodeName != "TableCacheQueryStage" =>
+          queryStageNum += 1
+          collectNumber(queryStage.plan)
+          queryStage
+      }
+    }
+    collectNumber(plan)
+
+    if (shuffleNum == 0) {
+      // we don not care about broadcast stage here since it won't change partition number.
+      true
+    } else if (shuffleNum + broadcastNum + reusedNum == queryStageNum) {
+      true
+    } else {
+      false
+    }
+  }
+}
+object FinalStageConfigIsolation {
+  final val SQL_PREFIX = "spark.sql."
+  final val FINAL_STAGE_CONFIG_PREFIX = "spark.sql.finalStage."
+  final val PREVIOUS_STAGE_CONFIG_PREFIX = "spark.sql.previousStage."
+  final val INTERNAL_UNSET_CONFIG_TAG = "__INTERNAL_UNSET_CONFIG_TAG__"
+
+  def getPreviousStageConfigKey(configKey: String): Option[String] = {
+    if (configKey.startsWith(SQL_PREFIX)) {
+      Some(s"$PREVIOUS_STAGE_CONFIG_PREFIX${configKey.substring(SQL_PREFIX.length)}")
+    } else {
+      None
+    }
+  }
+}
+
+case class FinalStageConfigIsolationCleanRule(session: SparkSession) extends Rule[LogicalPlan] {
+  import FinalStageConfigIsolation._
+
+  override def apply(plan: LogicalPlan): LogicalPlan = plan match {
+    case set @ SetCommand(Some((k, Some(_)))) if k.startsWith(SQL_PREFIX) =>
+      checkAndUnsetPreviousStageConfig(k)
+      set
+
+    case reset @ ResetCommand(Some(k)) if k.startsWith(SQL_PREFIX) =>
+      checkAndUnsetPreviousStageConfig(k)
+      reset
+
+    case other => other
+  }
+
+  private def checkAndUnsetPreviousStageConfig(configKey: String): Unit = {
+    getPreviousStageConfigKey(configKey).foreach { previousStageConfigKey =>
+      if (session.sessionState.conf.contains(previousStageConfigKey)) {
+        logInfo(s"For previous stage: unset $previousStageConfigKey")
+        session.conf.unset(previousStageConfigKey)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
new file mode 100644
index 000000000..6f45dae12
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -0,0 +1,276 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.network.util.ByteUnit
+import org.apache.spark.sql.internal.SQLConf
+import org.apache.spark.sql.internal.SQLConf._
+
+object KyuubiSQLConf {
+
+  val INSERT_REPARTITION_BEFORE_WRITE =
+    buildConf("spark.sql.optimizer.insertRepartitionBeforeWrite.enabled")
+      .doc("Add repartition node at the top of query plan. An approach of merging small files.")
+      .version("1.2.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val INSERT_REPARTITION_NUM =
+    buildConf("spark.sql.optimizer.insertRepartitionNum")
+      .doc(s"The partition number if ${INSERT_REPARTITION_BEFORE_WRITE.key} is enabled. " +
+        s"If AQE is disabled, the default value is ${SQLConf.SHUFFLE_PARTITIONS.key}. " +
+        "If AQE is enabled, the default value is none that means depend on AQE. " +
+        "This config is used for Spark 3.1 only.")
+      .version("1.2.0")
+      .intConf
+      .createOptional
+
+  val DYNAMIC_PARTITION_INSERTION_REPARTITION_NUM =
+    buildConf("spark.sql.optimizer.dynamicPartitionInsertionRepartitionNum")
+      .doc(s"The partition number of each dynamic partition if " +
+        s"${INSERT_REPARTITION_BEFORE_WRITE.key} is enabled. " +
+        "We will repartition by dynamic partition columns to reduce the small file but that " +
+        "can cause data skew. This config is to extend the partition of dynamic " +
+        "partition column to avoid skew but may generate some small files.")
+      .version("1.2.0")
+      .intConf
+      .createWithDefault(100)
+
+  val FORCE_SHUFFLE_BEFORE_JOIN =
+    buildConf("spark.sql.optimizer.forceShuffleBeforeJoin.enabled")
+      .doc("Ensure shuffle node exists before shuffled join (shj and smj) to make AQE " +
+        "`OptimizeSkewedJoin` works (complex scenario join, multi table join).")
+      .version("1.2.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_STAGE_CONFIG_ISOLATION =
+    buildConf("spark.sql.optimizer.finalStageConfigIsolation.enabled")
+      .doc("If true, the final stage support use different config with previous stage. " +
+        "The prefix of final stage config key should be `spark.sql.finalStage.`." +
+        "For example, the raw spark config: `spark.sql.adaptive.advisoryPartitionSizeInBytes`, " +
+        "then the final stage config should be: " +
+        "`spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes`.")
+      .version("1.2.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val SQL_CLASSIFICATION = "spark.sql.analyzer.classification"
+  val SQL_CLASSIFICATION_ENABLED =
+    buildConf("spark.sql.analyzer.classification.enabled")
+      .doc("When true, allows Kyuubi engine to judge this SQL's classification " +
+        s"and set `$SQL_CLASSIFICATION` back into sessionConf. " +
+        "Through this configuration item, Spark can optimizing configuration dynamic")
+      .version("1.4.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val INSERT_ZORDER_BEFORE_WRITING =
+    buildConf("spark.sql.optimizer.insertZorderBeforeWriting.enabled")
+      .doc("When true, we will follow target table properties to insert zorder or not. " +
+        "The key properties are: 1) kyuubi.zorder.enabled; if this property is true, we will " +
+        "insert zorder before writing data. 2) kyuubi.zorder.cols; string split by comma, we " +
+        "will zorder by these cols.")
+      .version("1.4.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val ZORDER_GLOBAL_SORT_ENABLED =
+    buildConf("spark.sql.optimizer.zorderGlobalSort.enabled")
+      .doc("When true, we do a global sort using zorder. Note that, it can cause data skew " +
+        "issue if the zorder columns have less cardinality. When false, we only do local sort " +
+        "using zorder.")
+      .version("1.4.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val REBALANCE_BEFORE_ZORDER =
+    buildConf("spark.sql.optimizer.rebalanceBeforeZorder.enabled")
+      .doc("When true, we do a rebalance before zorder in case data skew. " +
+        "Note that, if the insertion is dynamic partition we will use the partition " +
+        "columns to rebalance. Note that, this config only affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val REBALANCE_ZORDER_COLUMNS_ENABLED =
+    buildConf("spark.sql.optimizer.rebalanceZorderColumns.enabled")
+      .doc(s"When true and ${REBALANCE_BEFORE_ZORDER.key} is true, we do rebalance before " +
+        s"Z-Order. If it's dynamic partition insert, the rebalance expression will include " +
+        s"both partition columns and Z-Order columns. Note that, this config only " +
+        s"affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val TWO_PHASE_REBALANCE_BEFORE_ZORDER =
+    buildConf("spark.sql.optimizer.twoPhaseRebalanceBeforeZorder.enabled")
+      .doc(s"When true and ${REBALANCE_BEFORE_ZORDER.key} is true, we do two phase rebalance " +
+        s"before Z-Order for the dynamic partition write. The first phase rebalance using " +
+        s"dynamic partition column; The second phase rebalance using dynamic partition column + " +
+        s"Z-Order columns. Note that, this config only affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val ZORDER_USING_ORIGINAL_ORDERING_ENABLED =
+    buildConf("spark.sql.optimizer.zorderUsingOriginalOrdering.enabled")
+      .doc(s"When true and ${REBALANCE_BEFORE_ZORDER.key} is true, we do sort by " +
+        s"the original ordering i.e. lexicographical order. Note that, this config only " +
+        s"affects with Spark 3.3.x")
+      .version("1.6.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val WATCHDOG_MAX_PARTITIONS =
+    buildConf("spark.sql.watchdog.maxPartitions")
+      .doc("Set the max partition number when spark scans a data source. " +
+        "Enable maxPartitions Strategy by specifying this configuration. " +
+        "Add maxPartitions Strategy to avoid scan excessive partitions " +
+        "on partitioned table, it's optional that works with defined")
+      .version("1.4.0")
+      .intConf
+      .createOptional
+
+  val WATCHDOG_MAX_FILE_SIZE =
+    buildConf("spark.sql.watchdog.maxFileSize")
+      .doc("Set the maximum size in bytes of files when spark scans a data source. " +
+        "Enable maxFileSize Strategy by specifying this configuration. " +
+        "Add maxFileSize Strategy to avoid scan excessive size of files," +
+        " it's optional that works with defined")
+      .version("1.8.0")
+      .bytesConf(ByteUnit.BYTE)
+      .createOptional
+
+  val WATCHDOG_FORCED_MAXOUTPUTROWS =
+    buildConf("spark.sql.watchdog.forcedMaxOutputRows")
+      .doc("Add ForcedMaxOutputRows rule to avoid huge output rows of non-limit query " +
+        "unexpectedly, it's optional that works with defined")
+      .version("1.4.0")
+      .intConf
+      .createOptional
+
+  val DROP_IGNORE_NONEXISTENT =
+    buildConf("spark.sql.optimizer.dropIgnoreNonExistent")
+      .doc("Do not report an error if DROP DATABASE/TABLE/VIEW/FUNCTION/PARTITION specifies " +
+        "a non-existent database/table/view/function/partition")
+      .version("1.5.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val INFER_REBALANCE_AND_SORT_ORDERS =
+    buildConf("spark.sql.optimizer.inferRebalanceAndSortOrders.enabled")
+      .doc("When ture, infer columns for rebalance and sort orders from original query, " +
+        "e.g. the join keys from join. It can avoid compression ratio regression.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val INFER_REBALANCE_AND_SORT_ORDERS_MAX_COLUMNS =
+    buildConf("spark.sql.optimizer.inferRebalanceAndSortOrdersMaxColumns")
+      .doc("The max columns of inferred columns.")
+      .version("1.7.0")
+      .intConf
+      .checkValue(_ > 0, "must be positive number")
+      .createWithDefault(3)
+
+  val INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE =
+    buildConf("spark.sql.optimizer.insertRepartitionBeforeWriteIfNoShuffle.enabled")
+      .doc("When true, add repartition even if the original plan does not have shuffle.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY =
+    buildConf("spark.sql.optimizer.finalStageConfigIsolationWriteOnly.enabled")
+      .doc("When true, only enable final stage isolation for writing.")
+      .version("1.7.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED =
+    buildConf("spark.sql.finalWriteStage.eagerlyKillExecutors.enabled")
+      .doc("When true, eagerly kill redundant executors before running final write stage.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL =
+    buildConf("spark.sql.finalWriteStage.eagerlyKillExecutors.killAll")
+      .doc("When true, eagerly kill all executors before running final write stage. " +
+        "Mainly for test.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE =
+    buildConf("spark.sql.finalWriteStage.skipKillingExecutorsForTableCache")
+      .doc("When true, skip killing executors if the plan has table caches.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(true)
+
+  val FINAL_WRITE_STAGE_PARTITION_FACTOR =
+    buildConf("spark.sql.finalWriteStage.retainExecutorsFactor")
+      .doc("If the target executors * factor < active executors, and " +
+        "target executors * factor > min executors, then kill redundant executors.")
+      .version("1.8.0")
+      .doubleConf
+      .checkValue(_ >= 1, "must be bigger than or equal to 1")
+      .createWithDefault(1.2)
+
+  val FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED =
+    buildConf("spark.sql.finalWriteStage.resourceIsolation.enabled")
+      .doc(
+        "When true, make final write stage resource isolation using custom RDD resource profile.")
+      .version("1.8.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val FINAL_WRITE_STAGE_EXECUTOR_CORES =
+    buildConf("spark.sql.finalWriteStage.executorCores")
+      .doc("Specify the executor core request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .intConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_MEMORY =
+    buildConf("spark.sql.finalWriteStage.executorMemory")
+      .doc("Specify the executor on heap memory request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_MEMORY_OVERHEAD =
+    buildConf("spark.sql.finalWriteStage.executorMemoryOverhead")
+      .doc("Specify the executor memory overhead request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+
+  val FINAL_WRITE_STAGE_EXECUTOR_OFF_HEAP_MEMORY =
+    buildConf("spark.sql.finalWriteStage.executorOffHeapMemory")
+      .doc("Specify the executor off heap memory request for final write stage. " +
+        "It would be passed to the RDD resource profile.")
+      .version("1.8.0")
+      .stringConf
+      .createOptional
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala
new file mode 100644
index 000000000..88c5a988f
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLExtensionException.scala
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import java.sql.SQLException
+
+class KyuubiSQLExtensionException(reason: String, cause: Throwable)
+  extends SQLException(reason, cause) {
+
+  def this(reason: String) = {
+    this(reason, null)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
new file mode 100644
index 000000000..cc00bf88e
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLAstBuilder.scala
@@ -0,0 +1,174 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import scala.collection.JavaConverters.asScalaBufferConverter
+import scala.collection.mutable.ListBuffer
+
+import org.antlr.v4.runtime.ParserRuleContext
+import org.antlr.v4.runtime.misc.Interval
+import org.antlr.v4.runtime.tree.ParseTree
+import org.apache.spark.sql.catalyst.SQLConfHelper
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedAttribute, UnresolvedRelation, UnresolvedStar}
+import org.apache.spark.sql.catalyst.expressions._
+import org.apache.spark.sql.catalyst.parser.ParserUtils.withOrigin
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, Project, Sort}
+
+import org.apache.kyuubi.sql.KyuubiSparkSQLParser._
+import org.apache.kyuubi.sql.zorder.{OptimizeZorderStatement, Zorder}
+
+class KyuubiSparkSQLAstBuilder extends KyuubiSparkSQLBaseVisitor[AnyRef] with SQLConfHelper {
+
+  def buildOptimizeStatement(
+      unparsedPredicateOptimize: UnparsedPredicateOptimize,
+      parseExpression: String => Expression): LogicalPlan = {
+
+    val UnparsedPredicateOptimize(tableIdent, tablePredicate, orderExpr) =
+      unparsedPredicateOptimize
+
+    val predicate = tablePredicate.map(parseExpression)
+    verifyPartitionPredicates(predicate)
+    val table = UnresolvedRelation(tableIdent)
+    val tableWithFilter = predicate match {
+      case Some(expr) => Filter(expr, table)
+      case None => table
+    }
+    val query =
+      Sort(
+        SortOrder(orderExpr, Ascending, NullsLast, Seq.empty) :: Nil,
+        conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED),
+        Project(Seq(UnresolvedStar(None)), tableWithFilter))
+    OptimizeZorderStatement(tableIdent, query)
+  }
+
+  private def verifyPartitionPredicates(predicates: Option[Expression]): Unit = {
+    predicates.foreach {
+      case p if !isLikelySelective(p) =>
+        throw new KyuubiSQLExtensionException(s"unsupported partition predicates: ${p.sql}")
+      case _ =>
+    }
+  }
+
+  /**
+   * Forked from Apache Spark's org.apache.spark.sql.catalyst.expressions.PredicateHelper
+   * The `PredicateHelper.isLikelySelective()` is available since Spark-3.3, forked for Spark
+   * that is lower than 3.3.
+   *
+   * Returns whether an expression is likely to be selective
+   */
+  private def isLikelySelective(e: Expression): Boolean = e match {
+    case Not(expr) => isLikelySelective(expr)
+    case And(l, r) => isLikelySelective(l) || isLikelySelective(r)
+    case Or(l, r) => isLikelySelective(l) && isLikelySelective(r)
+    case _: StringRegexExpression => true
+    case _: BinaryComparison => true
+    case _: In | _: InSet => true
+    case _: StringPredicate => true
+    case BinaryPredicate(_) => true
+    case _: MultiLikeBase => true
+    case _ => false
+  }
+
+  private object BinaryPredicate {
+    def unapply(expr: Expression): Option[Expression] = expr match {
+      case _: Contains => Option(expr)
+      case _: StartsWith => Option(expr)
+      case _: EndsWith => Option(expr)
+      case _ => None
+    }
+  }
+
+  /**
+   * Create an expression from the given context. This method just passes the context on to the
+   * visitor and only takes care of typing (We assume that the visitor returns an Expression here).
+   */
+  protected def expression(ctx: ParserRuleContext): Expression = typedVisit(ctx)
+
+  protected def multiPart(ctx: ParserRuleContext): Seq[String] = typedVisit(ctx)
+
+  override def visitSingleStatement(ctx: SingleStatementContext): LogicalPlan = {
+    visit(ctx.statement()).asInstanceOf[LogicalPlan]
+  }
+
+  override def visitOptimizeZorder(
+      ctx: OptimizeZorderContext): UnparsedPredicateOptimize = withOrigin(ctx) {
+    val tableIdent = multiPart(ctx.multipartIdentifier())
+
+    val predicate = Option(ctx.whereClause())
+      .map(_.partitionPredicate)
+      .map(extractRawText(_))
+
+    val zorderCols = ctx.zorderClause().order.asScala
+      .map(visitMultipartIdentifier)
+      .map(UnresolvedAttribute(_))
+      .toSeq
+
+    val orderExpr =
+      if (zorderCols.length == 1) {
+        zorderCols.head
+      } else {
+        Zorder(zorderCols)
+      }
+    UnparsedPredicateOptimize(tableIdent, predicate, orderExpr)
+  }
+
+  override def visitPassThrough(ctx: PassThroughContext): LogicalPlan = null
+
+  override def visitMultipartIdentifier(ctx: MultipartIdentifierContext): Seq[String] =
+    withOrigin(ctx) {
+      ctx.parts.asScala.map(_.getText).toSeq
+    }
+
+  override def visitZorderClause(ctx: ZorderClauseContext): Seq[UnresolvedAttribute] =
+    withOrigin(ctx) {
+      val res = ListBuffer[UnresolvedAttribute]()
+      ctx.multipartIdentifier().forEach { identifier =>
+        res += UnresolvedAttribute(identifier.parts.asScala.map(_.getText).toSeq)
+      }
+      res.toSeq
+    }
+
+  private def typedVisit[T](ctx: ParseTree): T = {
+    ctx.accept(this).asInstanceOf[T]
+  }
+
+  private def extractRawText(exprContext: ParserRuleContext): String = {
+    // Extract the raw expression which will be parsed later
+    exprContext.getStart.getInputStream.getText(new Interval(
+      exprContext.getStart.getStartIndex,
+      exprContext.getStop.getStopIndex))
+  }
+}
+
+/**
+ * a logical plan contains an unparsed expression that will be parsed by spark.
+ */
+trait UnparsedExpressionLogicalPlan extends LogicalPlan {
+  override def output: Seq[Attribute] = throw new UnsupportedOperationException()
+
+  override def children: Seq[LogicalPlan] = throw new UnsupportedOperationException()
+
+  protected def withNewChildrenInternal(
+      newChildren: IndexedSeq[LogicalPlan]): LogicalPlan =
+    throw new UnsupportedOperationException()
+}
+
+case class UnparsedPredicateOptimize(
+    tableIdent: Seq[String],
+    tablePredicate: Option[String],
+    orderExpr: Expression) extends UnparsedExpressionLogicalPlan {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
new file mode 100644
index 000000000..f39ad3cc3
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSessionExtensions
+
+import org.apache.kyuubi.sql.zorder.{InsertZorderBeforeWritingDatasource33, InsertZorderBeforeWritingHive33, ResolveZorder}
+
+class KyuubiSparkSQLCommonExtension extends (SparkSessionExtensions => Unit) {
+  override def apply(extensions: SparkSessionExtensions): Unit = {
+    KyuubiSparkSQLCommonExtension.injectCommonExtensions(extensions)
+  }
+}
+
+object KyuubiSparkSQLCommonExtension {
+  def injectCommonExtensions(extensions: SparkSessionExtensions): Unit = {
+    // inject zorder parser and related rules
+    extensions.injectParser { case (_, parser) => new SparkKyuubiSparkSQLParser(parser) }
+    extensions.injectResolutionRule(ResolveZorder)
+
+    // Note that:
+    // InsertZorderBeforeWritingDatasource and InsertZorderBeforeWritingHive
+    // should be applied before
+    // RepartitionBeforeWriting and RebalanceBeforeWriting
+    // because we can only apply one of them (i.e. Global Sort or Repartition/Rebalance)
+    extensions.injectPostHocResolutionRule(InsertZorderBeforeWritingDatasource33)
+    extensions.injectPostHocResolutionRule(InsertZorderBeforeWritingHive33)
+    extensions.injectPostHocResolutionRule(FinalStageConfigIsolationCleanRule)
+
+    extensions.injectQueryStagePrepRule(_ => InsertShuffleNodeBeforeJoin)
+
+    extensions.injectQueryStagePrepRule(FinalStageConfigIsolation(_))
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
new file mode 100644
index 000000000..792315d89
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLExtension.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.{FinalStageResourceManager, InjectCustomResourceProfile, SparkSessionExtensions}
+
+import org.apache.kyuubi.sql.watchdog.{ForcedMaxOutputRowsRule, MaxScanStrategy}
+
+// scalastyle:off line.size.limit
+/**
+ * Depend on Spark SQL Extension framework, we can use this extension follow steps
+ *   1. move this jar into $SPARK_HOME/jars
+ *   2. add config into `spark-defaults.conf`: `spark.sql.extensions=org.apache.kyuubi.sql.KyuubiSparkSQLExtension`
+ */
+// scalastyle:on line.size.limit
+class KyuubiSparkSQLExtension extends (SparkSessionExtensions => Unit) {
+  override def apply(extensions: SparkSessionExtensions): Unit = {
+    KyuubiSparkSQLCommonExtension.injectCommonExtensions(extensions)
+
+    extensions.injectPostHocResolutionRule(RebalanceBeforeWritingDatasource)
+    extensions.injectPostHocResolutionRule(RebalanceBeforeWritingHive)
+    extensions.injectPostHocResolutionRule(DropIgnoreNonexistent)
+
+    // watchdog extension
+    extensions.injectOptimizerRule(ForcedMaxOutputRowsRule)
+    extensions.injectPlannerStrategy(MaxScanStrategy)
+
+    extensions.injectQueryStagePrepRule(FinalStageResourceManager(_))
+    extensions.injectQueryStagePrepRule(InjectCustomResourceProfile)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
new file mode 100644
index 000000000..c4418c33c
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLParser.scala
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.antlr.v4.runtime._
+import org.antlr.v4.runtime.atn.PredictionMode
+import org.antlr.v4.runtime.misc.{Interval, ParseCancellationException}
+import org.apache.spark.sql.AnalysisException
+import org.apache.spark.sql.catalyst.{FunctionIdentifier, SQLConfHelper, TableIdentifier}
+import org.apache.spark.sql.catalyst.expressions.Expression
+import org.apache.spark.sql.catalyst.parser.{ParseErrorListener, ParseException, ParserInterface, PostProcessor}
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.trees.Origin
+import org.apache.spark.sql.types.{DataType, StructType}
+
+abstract class KyuubiSparkSQLParserBase extends ParserInterface with SQLConfHelper {
+  def delegate: ParserInterface
+  def astBuilder: KyuubiSparkSQLAstBuilder
+
+  override def parsePlan(sqlText: String): LogicalPlan = parse(sqlText) { parser =>
+    astBuilder.visit(parser.singleStatement()) match {
+      case optimize: UnparsedPredicateOptimize =>
+        astBuilder.buildOptimizeStatement(optimize, delegate.parseExpression)
+      case plan: LogicalPlan => plan
+      case _ => delegate.parsePlan(sqlText)
+    }
+  }
+
+  protected def parse[T](command: String)(toResult: KyuubiSparkSQLParser => T): T = {
+    val lexer = new KyuubiSparkSQLLexer(
+      new UpperCaseCharStream(CharStreams.fromString(command)))
+    lexer.removeErrorListeners()
+    lexer.addErrorListener(ParseErrorListener)
+
+    val tokenStream = new CommonTokenStream(lexer)
+    val parser = new KyuubiSparkSQLParser(tokenStream)
+    parser.addParseListener(PostProcessor)
+    parser.removeErrorListeners()
+    parser.addErrorListener(ParseErrorListener)
+
+    try {
+      try {
+        // first, try parsing with potentially faster SLL mode
+        parser.getInterpreter.setPredictionMode(PredictionMode.SLL)
+        toResult(parser)
+      } catch {
+        case _: ParseCancellationException =>
+          // if we fail, parse with LL mode
+          tokenStream.seek(0) // rewind input stream
+          parser.reset()
+
+          // Try Again.
+          parser.getInterpreter.setPredictionMode(PredictionMode.LL)
+          toResult(parser)
+      }
+    } catch {
+      case e: ParseException if e.command.isDefined =>
+        throw e
+      case e: ParseException =>
+        throw e.withCommand(command)
+      case e: AnalysisException =>
+        val position = Origin(e.line, e.startPosition)
+        throw new ParseException(Option(command), e.message, position, position)
+    }
+  }
+
+  override def parseExpression(sqlText: String): Expression = {
+    delegate.parseExpression(sqlText)
+  }
+
+  override def parseTableIdentifier(sqlText: String): TableIdentifier = {
+    delegate.parseTableIdentifier(sqlText)
+  }
+
+  override def parseFunctionIdentifier(sqlText: String): FunctionIdentifier = {
+    delegate.parseFunctionIdentifier(sqlText)
+  }
+
+  override def parseMultipartIdentifier(sqlText: String): Seq[String] = {
+    delegate.parseMultipartIdentifier(sqlText)
+  }
+
+  override def parseTableSchema(sqlText: String): StructType = {
+    delegate.parseTableSchema(sqlText)
+  }
+
+  override def parseDataType(sqlText: String): DataType = {
+    delegate.parseDataType(sqlText)
+  }
+
+  /**
+   * This functions was introduced since spark-3.3, for more details, please see
+   * https://github.com/apache/spark/pull/34543
+   */
+  override def parseQuery(sqlText: String): LogicalPlan = {
+    delegate.parseQuery(sqlText)
+  }
+}
+
+class SparkKyuubiSparkSQLParser(
+    override val delegate: ParserInterface)
+  extends KyuubiSparkSQLParserBase {
+  def astBuilder: KyuubiSparkSQLAstBuilder = new KyuubiSparkSQLAstBuilder
+}
+
+/* Copied from Apache Spark's to avoid dependency on Spark Internals */
+class UpperCaseCharStream(wrapped: CodePointCharStream) extends CharStream {
+  override def consume(): Unit = wrapped.consume()
+  override def getSourceName(): String = wrapped.getSourceName
+  override def index(): Int = wrapped.index
+  override def mark(): Int = wrapped.mark
+  override def release(marker: Int): Unit = wrapped.release(marker)
+  override def seek(where: Int): Unit = wrapped.seek(where)
+  override def size(): Int = wrapped.size
+
+  override def getText(interval: Interval): String = wrapped.getText(interval)
+
+  // scalastyle:off
+  override def LA(i: Int): Int = {
+    val la = wrapped.LA(i)
+    if (la == 0 || la == IntStream.EOF) la
+    else Character.toUpperCase(la)
+  }
+  // scalastyle:on
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala
new file mode 100644
index 000000000..3cbacdd2f
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RebalanceBeforeWriting.scala
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.expressions.{Ascending, Attribute, SortOrder}
+import org.apache.spark.sql.catalyst.plans.logical._
+
+trait RepartitionBuilderWithRebalance extends RepartitionBuilder {
+  override def buildRepartition(
+      dynamicPartitionColumns: Seq[Attribute],
+      query: LogicalPlan): LogicalPlan = {
+    if (!conf.getConf(KyuubiSQLConf.INFER_REBALANCE_AND_SORT_ORDERS) ||
+      dynamicPartitionColumns.nonEmpty) {
+      RebalancePartitions(dynamicPartitionColumns, query)
+    } else {
+      val maxColumns = conf.getConf(KyuubiSQLConf.INFER_REBALANCE_AND_SORT_ORDERS_MAX_COLUMNS)
+      val inferred = InferRebalanceAndSortOrders.infer(query)
+      if (inferred.isDefined) {
+        val (partitioning, ordering) = inferred.get
+        val rebalance = RebalancePartitions(partitioning.take(maxColumns), query)
+        if (ordering.nonEmpty) {
+          val sortOrders = ordering.take(maxColumns).map(o => SortOrder(o, Ascending))
+          Sort(sortOrders, false, rebalance)
+        } else {
+          rebalance
+        }
+      } else {
+        RebalancePartitions(dynamicPartitionColumns, query)
+      }
+    }
+  }
+
+  override def canInsertRepartitionByExpression(plan: LogicalPlan): Boolean = {
+    super.canInsertRepartitionByExpression(plan) && {
+      plan match {
+        case _: RebalancePartitions => false
+        case _ => true
+      }
+    }
+  }
+}
+
+/**
+ * For datasource table, there two commands can write data to table
+ * 1. InsertIntoHadoopFsRelationCommand
+ * 2. CreateDataSourceTableAsSelectCommand
+ * This rule add a RebalancePartitions node between write and query
+ */
+case class RebalanceBeforeWritingDatasource(session: SparkSession)
+  extends RepartitionBeforeWritingDatasourceBase
+  with RepartitionBuilderWithRebalance {}
+
+/**
+ * For Hive table, there two commands can write data to table
+ * 1. InsertIntoHiveTable
+ * 2. CreateHiveTableAsSelectCommand
+ * This rule add a RebalancePartitions node between write and query
+ */
+case class RebalanceBeforeWritingHive(session: SparkSession)
+  extends RepartitionBeforeWritingHiveBase
+  with RepartitionBuilderWithRebalance {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala
new file mode 100644
index 000000000..3ebb9740f
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/RepartitionBeforeWritingBase.scala
@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+import org.apache.spark.sql.internal.StaticSQLConf
+
+trait RepartitionBuilder extends Rule[LogicalPlan] with RepartitionBeforeWriteHelper {
+  def buildRepartition(
+      dynamicPartitionColumns: Seq[Attribute],
+      query: LogicalPlan): LogicalPlan
+}
+
+/**
+ * For datasource table, there two commands can write data to table
+ * 1. InsertIntoHadoopFsRelationCommand
+ * 2. CreateDataSourceTableAsSelectCommand
+ * This rule add a repartition node between write and query
+ */
+abstract class RepartitionBeforeWritingDatasourceBase extends RepartitionBuilder {
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE)) {
+      addRepartition(plan)
+    } else {
+      plan
+    }
+  }
+
+  private def addRepartition(plan: LogicalPlan): LogicalPlan = plan match {
+    case i @ InsertIntoHadoopFsRelationCommand(_, sp, _, pc, bucket, _, _, query, _, _, _, _)
+        if query.resolved && bucket.isEmpty && canInsertRepartitionByExpression(query) =>
+      val dynamicPartitionColumns = pc.filterNot(attr => sp.contains(attr.name))
+      i.copy(query = buildRepartition(dynamicPartitionColumns, query))
+
+    case u @ Union(children, _, _) =>
+      u.copy(children = children.map(addRepartition))
+
+    case _ => plan
+  }
+}
+
+/**
+ * For Hive table, there two commands can write data to table
+ * 1. InsertIntoHiveTable
+ * 2. CreateHiveTableAsSelectCommand
+ * This rule add a repartition node between write and query
+ */
+abstract class RepartitionBeforeWritingHiveBase extends RepartitionBuilder {
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(StaticSQLConf.CATALOG_IMPLEMENTATION) == "hive" &&
+      conf.getConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE)) {
+      addRepartition(plan)
+    } else {
+      plan
+    }
+  }
+
+  def addRepartition(plan: LogicalPlan): LogicalPlan = plan match {
+    case i @ InsertIntoHiveTable(table, partition, query, _, _, _, _, _, _, _, _)
+        if query.resolved && table.bucketSpec.isEmpty && canInsertRepartitionByExpression(query) =>
+      val dynamicPartitionColumns = partition.filter(_._2.isEmpty).keys
+        .flatMap(name => query.output.find(_.name == name)).toSeq
+      i.copy(query = buildRepartition(dynamicPartitionColumns, query))
+
+    case u @ Union(children, _, _) =>
+      u.copy(children = children.map(addRepartition))
+
+    case _ => plan
+  }
+}
+
+trait RepartitionBeforeWriteHelper extends Rule[LogicalPlan] {
+  private def hasBenefit(plan: LogicalPlan): Boolean = {
+    def probablyHasShuffle: Boolean = plan.find {
+      case _: Join => true
+      case _: Aggregate => true
+      case _: Distinct => true
+      case _: Deduplicate => true
+      case _: Window => true
+      case s: Sort if s.global => true
+      case _: RepartitionOperation => true
+      case _: GlobalLimit => true
+      case _ => false
+    }.isDefined
+
+    conf.getConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE) || probablyHasShuffle
+  }
+
+  def canInsertRepartitionByExpression(plan: LogicalPlan): Boolean = {
+    def canInsert(p: LogicalPlan): Boolean = p match {
+      case Project(_, child) => canInsert(child)
+      case SubqueryAlias(_, child) => canInsert(child)
+      case Limit(_, _) => false
+      case _: Sort => false
+      case _: RepartitionByExpression => false
+      case _: Repartition => false
+      case _ => true
+    }
+
+    // 1. make sure AQE is enabled, otherwise it is no meaning to add a shuffle
+    // 2. make sure it does not break the semantics of original plan
+    // 3. try to avoid adding a shuffle if it has potential performance regression
+    conf.adaptiveExecutionEnabled && canInsert(plan) && hasBenefit(plan)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala
new file mode 100644
index 000000000..89dd83194
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/WriteUtils.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.execution.{SparkPlan, UnionExec}
+import org.apache.spark.sql.execution.command.DataWritingCommandExec
+import org.apache.spark.sql.execution.datasources.v2.V2TableWriteExec
+
+object WriteUtils {
+  def isWrite(session: SparkSession, plan: SparkPlan): Boolean = {
+    plan match {
+      case _: DataWritingCommandExec => true
+      case _: V2TableWriteExec => true
+      case u: UnionExec if u.children.nonEmpty => u.children.forall(isWrite(session, _))
+      case _ => false
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala
new file mode 100644
index 000000000..4f897d1b6
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsBase.scala
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.spark.sql.catalyst.analysis.MultiInstanceRelation
+import org.apache.spark.sql.catalyst.dsl.expressions._
+import org.apache.spark.sql.catalyst.expressions.Alias
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.command.DataWritingCommand
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/*
+ * Add ForcedMaxOutputRows rule for output rows limitation
+ * to avoid huge output rows of non_limit query unexpectedly
+ * mainly applied to cases as below:
+ *
+ * case 1:
+ * {{{
+ *   SELECT [c1, c2, ...]
+ * }}}
+ *
+ * case 2:
+ * {{{
+ *   WITH CTE AS (
+ *   ...)
+ * SELECT [c1, c2, ...] FROM CTE ...
+ * }}}
+ *
+ * The Logical Rule add a GlobalLimit node before root project
+ * */
+trait ForcedMaxOutputRowsBase extends Rule[LogicalPlan] {
+
+  protected def isChildAggregate(a: Aggregate): Boolean
+
+  protected def canInsertLimitInner(p: LogicalPlan): Boolean = p match {
+    case Aggregate(_, Alias(_, "havingCondition") :: Nil, _) => false
+    case agg: Aggregate => !isChildAggregate(agg)
+    case _: RepartitionByExpression => true
+    case _: Distinct => true
+    case _: Filter => true
+    case _: Project => true
+    case Limit(_, _) => true
+    case _: Sort => true
+    case Union(children, _, _) =>
+      if (children.exists(_.isInstanceOf[DataWritingCommand])) {
+        false
+      } else {
+        true
+      }
+    case _: MultiInstanceRelation => true
+    case _: Join => true
+    case _ => false
+  }
+
+  protected def canInsertLimit(p: LogicalPlan, maxOutputRowsOpt: Option[Int]): Boolean = {
+    maxOutputRowsOpt match {
+      case Some(forcedMaxOutputRows) => canInsertLimitInner(p) &&
+        !p.maxRows.exists(_ <= forcedMaxOutputRows)
+      case None => false
+    }
+  }
+
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    val maxOutputRowsOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS)
+    plan match {
+      case p if p.resolved && canInsertLimit(p, maxOutputRowsOpt) =>
+        Limit(
+          maxOutputRowsOpt.get,
+          plan)
+      case _ => plan
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala
new file mode 100644
index 000000000..a3d990b10
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/ForcedMaxOutputRowsRule.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.{Aggregate, CommandResult, LogicalPlan, Union, WithCTE}
+import org.apache.spark.sql.execution.command.DataWritingCommand
+
+case class ForcedMaxOutputRowsRule(sparkSession: SparkSession) extends ForcedMaxOutputRowsBase {
+
+  override protected def isChildAggregate(a: Aggregate): Boolean = false
+
+  override protected def canInsertLimitInner(p: LogicalPlan): Boolean = p match {
+    case WithCTE(plan, _) => this.canInsertLimitInner(plan)
+    case plan: LogicalPlan => plan match {
+        case Union(children, _, _) => !children.exists {
+            case _: DataWritingCommand => true
+            case p: CommandResult if p.commandLogicalPlan.isInstanceOf[DataWritingCommand] => true
+            case _ => false
+          }
+        case _ => super.canInsertLimitInner(plan)
+      }
+  }
+
+  override protected def canInsertLimit(p: LogicalPlan, maxOutputRowsOpt: Option[Int]): Boolean = {
+    p match {
+      case WithCTE(plan, _) => this.canInsertLimit(plan, maxOutputRowsOpt)
+      case _ => super.canInsertLimit(p, maxOutputRowsOpt)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
new file mode 100644
index 000000000..e44309192
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/KyuubiWatchDogException.scala
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+final class MaxPartitionExceedException(
+    private val reason: String = "",
+    private val cause: Throwable = None.orNull)
+  extends KyuubiSQLExtensionException(reason, cause)
+
+final class MaxFileSizeExceedException(
+    private val reason: String = "",
+    private val cause: Throwable = None.orNull)
+  extends KyuubiSQLExtensionException(reason, cause)
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
new file mode 100644
index 000000000..1ed55ebc2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/watchdog/MaxScanStrategy.scala
@@ -0,0 +1,305 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.watchdog
+
+import org.apache.hadoop.fs.Path
+import org.apache.spark.sql.{PruneFileSourcePartitionHelper, SparkSession, Strategy}
+import org.apache.spark.sql.catalyst.SQLConfHelper
+import org.apache.spark.sql.catalyst.catalog.{CatalogTable, HiveTableRelation}
+import org.apache.spark.sql.catalyst.planning.ScanOperation
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.datasources.{CatalogFileIndex, HadoopFsRelation, InMemoryFileIndex, LogicalRelation}
+import org.apache.spark.sql.types.StructType
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/**
+ * Add MaxScanStrategy to avoid scan excessive partitions or files
+ * 1. Check if scan exceed maxPartition of partitioned table
+ * 2. Check if scan exceed maxFileSize (calculated by hive table and partition statistics)
+ * This Strategy Add Planner Strategy after LogicalOptimizer
+ * @param session
+ */
+case class MaxScanStrategy(session: SparkSession)
+  extends Strategy
+  with SQLConfHelper
+  with PruneFileSourcePartitionHelper {
+  override def apply(plan: LogicalPlan): Seq[SparkPlan] = {
+    val maxScanPartitionsOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS)
+    val maxFileSizeOpt = conf.getConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE)
+    if (maxScanPartitionsOpt.isDefined || maxFileSizeOpt.isDefined) {
+      checkScan(plan, maxScanPartitionsOpt, maxFileSizeOpt)
+    }
+    Nil
+  }
+
+  private def checkScan(
+      plan: LogicalPlan,
+      maxScanPartitionsOpt: Option[Int],
+      maxFileSizeOpt: Option[Long]): Unit = {
+    plan match {
+      case ScanOperation(_, _, _, relation: HiveTableRelation) =>
+        if (relation.isPartitioned) {
+          relation.prunedPartitions match {
+            case Some(prunedPartitions) =>
+              if (maxScanPartitionsOpt.exists(_ < prunedPartitions.size)) {
+                throw new MaxPartitionExceedException(
+                  s"""
+                     |SQL job scan hive partition: ${prunedPartitions.size}
+                     |exceed restrict of hive scan maxPartition ${maxScanPartitionsOpt.get}
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+              lazy val scanFileSize = prunedPartitions.flatMap(_.stats).map(_.sizeInBytes).sum
+              if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+                throw partTableMaxFileExceedError(
+                  scanFileSize,
+                  maxFileSizeOpt.get,
+                  Some(relation.tableMeta),
+                  prunedPartitions.flatMap(_.storage.locationUri).map(_.toString),
+                  relation.partitionCols.map(_.name))
+              }
+            case _ =>
+              lazy val scanPartitions: Int = session
+                .sessionState.catalog.externalCatalog.listPartitionNames(
+                  relation.tableMeta.database,
+                  relation.tableMeta.identifier.table).size
+              if (maxScanPartitionsOpt.exists(_ < scanPartitions)) {
+                throw new MaxPartitionExceedException(
+                  s"""
+                     |Your SQL job scan a whole huge table without any partition filter,
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+
+              lazy val scanFileSize: BigInt =
+                relation.tableMeta.stats.map(_.sizeInBytes).getOrElse {
+                  session
+                    .sessionState.catalog.externalCatalog.listPartitions(
+                      relation.tableMeta.database,
+                      relation.tableMeta.identifier.table).flatMap(_.stats).map(_.sizeInBytes).sum
+                }
+              if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+                throw new MaxFileSizeExceedException(
+                  s"""
+                     |Your SQL job scan a whole huge table without any partition filter,
+                     |You should optimize your SQL logical according partition structure
+                     |or shorten query scope such as p_date, detail as below:
+                     |Table: ${relation.tableMeta.qualifiedName}
+                     |Owner: ${relation.tableMeta.owner}
+                     |Partition Structure: ${relation.partitionCols.map(_.name).mkString(", ")}
+                     |""".stripMargin)
+              }
+          }
+        } else {
+          lazy val scanFileSize = relation.tableMeta.stats.map(_.sizeInBytes).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              Some(relation.tableMeta))
+          }
+        }
+      case ScanOperation(
+            _,
+            _,
+            filters,
+            relation @ LogicalRelation(
+              fsRelation @ HadoopFsRelation(
+                fileIndex: InMemoryFileIndex,
+                partitionSchema,
+                _,
+                _,
+                _,
+                _),
+              _,
+              _,
+              _)) =>
+        if (fsRelation.partitionSchema.nonEmpty) {
+          val (partitionKeyFilters, dataFilter) =
+            getPartitionKeyFiltersAndDataFilters(
+              SparkSession.active,
+              relation,
+              partitionSchema,
+              filters,
+              relation.output)
+          val prunedPartitions = fileIndex.listFiles(
+            partitionKeyFilters.toSeq,
+            dataFilter)
+          if (maxScanPartitionsOpt.exists(_ < prunedPartitions.size)) {
+            throw maxPartitionExceedError(
+              prunedPartitions.size,
+              maxScanPartitionsOpt.get,
+              relation.catalogTable,
+              fileIndex.rootPaths,
+              fsRelation.partitionSchema)
+          }
+          lazy val scanFileSize = prunedPartitions.flatMap(_.files).map(_.getLen).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw partTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              relation.catalogTable,
+              fileIndex.rootPaths.map(_.toString),
+              fsRelation.partitionSchema.map(_.name))
+          }
+        } else {
+          lazy val scanFileSize = fileIndex.sizeInBytes
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              relation.catalogTable)
+          }
+        }
+      case ScanOperation(
+            _,
+            _,
+            filters,
+            logicalRelation @ LogicalRelation(
+              fsRelation @ HadoopFsRelation(
+                catalogFileIndex: CatalogFileIndex,
+                partitionSchema,
+                _,
+                _,
+                _,
+                _),
+              _,
+              _,
+              _)) =>
+        if (fsRelation.partitionSchema.nonEmpty) {
+          val (partitionKeyFilters, _) =
+            getPartitionKeyFiltersAndDataFilters(
+              SparkSession.active,
+              logicalRelation,
+              partitionSchema,
+              filters,
+              logicalRelation.output)
+
+          val fileIndex = catalogFileIndex.filterPartitions(
+            partitionKeyFilters.toSeq)
+
+          lazy val prunedPartitionSize = fileIndex.partitionSpec().partitions.size
+          if (maxScanPartitionsOpt.exists(_ < prunedPartitionSize)) {
+            throw maxPartitionExceedError(
+              prunedPartitionSize,
+              maxScanPartitionsOpt.get,
+              logicalRelation.catalogTable,
+              catalogFileIndex.rootPaths,
+              fsRelation.partitionSchema)
+          }
+
+          lazy val scanFileSize = fileIndex
+            .listFiles(Nil, Nil).flatMap(_.files).map(_.getLen).sum
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw partTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              logicalRelation.catalogTable,
+              catalogFileIndex.rootPaths.map(_.toString),
+              fsRelation.partitionSchema.map(_.name))
+          }
+        } else {
+          lazy val scanFileSize = catalogFileIndex.sizeInBytes
+          if (maxFileSizeOpt.exists(_ < scanFileSize)) {
+            throw nonPartTableMaxFileExceedError(
+              scanFileSize,
+              maxFileSizeOpt.get,
+              logicalRelation.catalogTable)
+          }
+        }
+      case _ =>
+    }
+  }
+
+  def maxPartitionExceedError(
+      prunedPartitionSize: Int,
+      maxPartitionSize: Int,
+      tableMeta: Option[CatalogTable],
+      rootPaths: Seq[Path],
+      partitionSchema: StructType): Throwable = {
+    val truncatedPaths =
+      if (rootPaths.length > 5) {
+        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
+      } else {
+        rootPaths.mkString(",")
+      }
+
+    new MaxPartitionExceedException(
+      s"""
+         |SQL job scan data source partition: $prunedPartitionSize
+         |exceed restrict of data source scan maxPartition $maxPartitionSize
+         |You should optimize your SQL logical according partition structure
+         |or shorten query scope such as p_date, detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |RootPaths: $truncatedPaths
+         |Partition Structure: ${partitionSchema.map(_.name).mkString(", ")}
+         |""".stripMargin)
+  }
+
+  private def partTableMaxFileExceedError(
+      scanFileSize: Number,
+      maxFileSize: Long,
+      tableMeta: Option[CatalogTable],
+      rootPaths: Seq[String],
+      partitions: Seq[String]): Throwable = {
+    val truncatedPaths =
+      if (rootPaths.length > 5) {
+        rootPaths.slice(0, 5).mkString(",") + """... """ + (rootPaths.length - 5) + " more paths"
+      } else {
+        rootPaths.mkString(",")
+      }
+
+    new MaxFileSizeExceedException(
+      s"""
+         |SQL job scan file size in bytes: $scanFileSize
+         |exceed restrict of table scan maxFileSize $maxFileSize
+         |You should optimize your SQL logical according partition structure
+         |or shorten query scope such as p_date, detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |RootPaths: $truncatedPaths
+         |Partition Structure: ${partitions.mkString(", ")}
+         |""".stripMargin)
+  }
+
+  private def nonPartTableMaxFileExceedError(
+      scanFileSize: Number,
+      maxFileSize: Long,
+      tableMeta: Option[CatalogTable]): Throwable = {
+    new MaxFileSizeExceedException(
+      s"""
+         |SQL job scan file size in bytes: $scanFileSize
+         |exceed restrict of table scan maxFileSize $maxFileSize
+         |detail as below:
+         |Table: ${tableMeta.map(_.qualifiedName).getOrElse("")}
+         |Owner: ${tableMeta.map(_.owner).getOrElse("")}
+         |Location: ${tableMeta.map(_.location).getOrElse("")}
+         |""".stripMargin)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala
new file mode 100644
index 000000000..b3f98ec6d
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWriting.scala
@@ -0,0 +1,177 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.expressions.{Ascending, Attribute, Expression, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, KyuubiSQLExtensionException}
+
+trait InsertZorderHelper33 extends Rule[LogicalPlan] with ZorderBuilder {
+  private val KYUUBI_ZORDER_ENABLED = "kyuubi.zorder.enabled"
+  private val KYUUBI_ZORDER_COLS = "kyuubi.zorder.cols"
+
+  def isZorderEnabled(props: Map[String, String]): Boolean = {
+    props.contains(KYUUBI_ZORDER_ENABLED) &&
+    "true".equalsIgnoreCase(props(KYUUBI_ZORDER_ENABLED)) &&
+    props.contains(KYUUBI_ZORDER_COLS)
+  }
+
+  def getZorderColumns(props: Map[String, String]): Seq[String] = {
+    val cols = props.get(KYUUBI_ZORDER_COLS)
+    assert(cols.isDefined)
+    cols.get.split(",").map(_.trim)
+  }
+
+  def canInsertZorder(query: LogicalPlan): Boolean = query match {
+    case Project(_, child) => canInsertZorder(child)
+    // TODO: actually, we can force zorder even if existed some shuffle
+    case _: Sort => false
+    case _: RepartitionByExpression => false
+    case _: Repartition => false
+    case _ => true
+  }
+
+  def insertZorder(
+      catalogTable: CatalogTable,
+      plan: LogicalPlan,
+      dynamicPartitionColumns: Seq[Attribute]): LogicalPlan = {
+    if (!canInsertZorder(plan)) {
+      return plan
+    }
+    val cols = getZorderColumns(catalogTable.properties)
+    val resolver = session.sessionState.conf.resolver
+    val output = plan.output
+    val bound = cols.flatMap(col => output.find(attr => resolver(attr.name, col)))
+    if (bound.size < cols.size) {
+      logWarning(s"target table does not contain all zorder cols: ${cols.mkString(",")}, " +
+        s"please check your table properties ${KYUUBI_ZORDER_COLS}.")
+      plan
+    } else {
+      if (conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED) &&
+        conf.getConf(KyuubiSQLConf.REBALANCE_BEFORE_ZORDER)) {
+        throw new KyuubiSQLExtensionException(s"${KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key} " +
+          s"and ${KyuubiSQLConf.REBALANCE_BEFORE_ZORDER.key} can not be enabled together.")
+      }
+      if (conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED) &&
+        dynamicPartitionColumns.nonEmpty) {
+        logWarning(s"Dynamic partition insertion with global sort may produce small files.")
+      }
+
+      val zorderExpr =
+        if (bound.length == 1) {
+          bound
+        } else if (conf.getConf(KyuubiSQLConf.ZORDER_USING_ORIGINAL_ORDERING_ENABLED)) {
+          bound.asInstanceOf[Seq[Expression]]
+        } else {
+          buildZorder(bound) :: Nil
+        }
+      val (global, orderExprs, child) =
+        if (conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED)) {
+          (true, zorderExpr, plan)
+        } else if (conf.getConf(KyuubiSQLConf.REBALANCE_BEFORE_ZORDER)) {
+          val rebalanceExpr =
+            if (dynamicPartitionColumns.isEmpty) {
+              // static partition insert
+              bound
+            } else if (conf.getConf(KyuubiSQLConf.REBALANCE_ZORDER_COLUMNS_ENABLED)) {
+              // improve data compression ratio
+              dynamicPartitionColumns.asInstanceOf[Seq[Expression]] ++ bound
+            } else {
+              dynamicPartitionColumns.asInstanceOf[Seq[Expression]]
+            }
+          // for dynamic partition insert, Spark always sort the partition columns,
+          // so here we sort partition columns + zorder.
+          val rebalance =
+            if (dynamicPartitionColumns.nonEmpty &&
+              conf.getConf(KyuubiSQLConf.TWO_PHASE_REBALANCE_BEFORE_ZORDER)) {
+              // improve compression ratio
+              RebalancePartitions(
+                rebalanceExpr,
+                RebalancePartitions(dynamicPartitionColumns, plan))
+            } else {
+              RebalancePartitions(rebalanceExpr, plan)
+            }
+          (false, dynamicPartitionColumns.asInstanceOf[Seq[Expression]] ++ zorderExpr, rebalance)
+        } else {
+          (false, zorderExpr, plan)
+        }
+      val order = orderExprs.map { expr =>
+        SortOrder(expr, Ascending, NullsLast, Seq.empty)
+      }
+      Sort(order, global, child)
+    }
+  }
+
+  override def buildZorder(children: Seq[Expression]): ZorderBase = Zorder(children)
+
+  def session: SparkSession
+  def applyInternal(plan: LogicalPlan): LogicalPlan
+
+  final override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING)) {
+      applyInternal(plan)
+    } else {
+      plan
+    }
+  }
+}
+
+case class InsertZorderBeforeWritingDatasource33(session: SparkSession)
+  extends InsertZorderHelper33 {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHadoopFsRelationCommand
+        if insert.query.resolved &&
+          insert.bucketSpec.isEmpty && insert.catalogTable.isDefined &&
+          isZorderEnabled(insert.catalogTable.get.properties) =>
+      val dynamicPartition =
+        insert.partitionColumns.filterNot(attr => insert.staticPartitions.contains(attr.name))
+      val newQuery = insertZorder(insert.catalogTable.get, insert.query, dynamicPartition)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+
+    case _ => plan
+  }
+}
+
+case class InsertZorderBeforeWritingHive33(session: SparkSession)
+  extends InsertZorderHelper33 {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHiveTable
+        if insert.query.resolved &&
+          insert.table.bucketSpec.isEmpty && isZorderEnabled(insert.table.properties) =>
+      val dynamicPartition = insert.partition.filter(_._2.isEmpty).keys
+        .flatMap(name => insert.query.output.find(_.name == name)).toSeq
+      val newQuery = insertZorder(insert.table, insert.query, dynamicPartition)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+
+    case _ => plan
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala
new file mode 100644
index 000000000..2c59d148e
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/InsertZorderBeforeWritingBase.scala
@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import java.util.Locale
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.expressions.{Ascending, Expression, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.plans.logical._
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing datasource if the target table properties has zorder properties
+ */
+abstract class InsertZorderBeforeWritingDatasourceBase
+  extends InsertZorderHelper {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHadoopFsRelationCommand
+        if insert.query.resolved && insert.bucketSpec.isEmpty && insert.catalogTable.isDefined &&
+          isZorderEnabled(insert.catalogTable.get.properties) =>
+      val newQuery = insertZorder(insert.catalogTable.get, insert.query)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+    case _ => plan
+  }
+}
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing hive if the target table properties has zorder properties
+ */
+abstract class InsertZorderBeforeWritingHiveBase
+  extends InsertZorderHelper {
+  override def applyInternal(plan: LogicalPlan): LogicalPlan = plan match {
+    case insert: InsertIntoHiveTable
+        if insert.query.resolved && insert.table.bucketSpec.isEmpty &&
+          isZorderEnabled(insert.table.properties) =>
+      val newQuery = insertZorder(insert.table, insert.query)
+      if (newQuery.eq(insert.query)) {
+        insert
+      } else {
+        insert.copy(query = newQuery)
+      }
+    case _ => plan
+  }
+}
+
+trait ZorderBuilder {
+  def buildZorder(children: Seq[Expression]): ZorderBase
+}
+
+trait InsertZorderHelper extends Rule[LogicalPlan] with ZorderBuilder {
+  private val KYUUBI_ZORDER_ENABLED = "kyuubi.zorder.enabled"
+  private val KYUUBI_ZORDER_COLS = "kyuubi.zorder.cols"
+
+  def isZorderEnabled(props: Map[String, String]): Boolean = {
+    props.contains(KYUUBI_ZORDER_ENABLED) &&
+    "true".equalsIgnoreCase(props(KYUUBI_ZORDER_ENABLED)) &&
+    props.contains(KYUUBI_ZORDER_COLS)
+  }
+
+  def getZorderColumns(props: Map[String, String]): Seq[String] = {
+    val cols = props.get(KYUUBI_ZORDER_COLS)
+    assert(cols.isDefined)
+    cols.get.split(",").map(_.trim.toLowerCase(Locale.ROOT))
+  }
+
+  def canInsertZorder(query: LogicalPlan): Boolean = query match {
+    case Project(_, child) => canInsertZorder(child)
+    // TODO: actually, we can force zorder even if existed some shuffle
+    case _: Sort => false
+    case _: RepartitionByExpression => false
+    case _: Repartition => false
+    case _ => true
+  }
+
+  def insertZorder(catalogTable: CatalogTable, plan: LogicalPlan): LogicalPlan = {
+    if (!canInsertZorder(plan)) {
+      return plan
+    }
+    val cols = getZorderColumns(catalogTable.properties)
+    val attrs = plan.output.map(attr => (attr.name, attr)).toMap
+    if (cols.exists(!attrs.contains(_))) {
+      logWarning(s"target table does not contain all zorder cols: ${cols.mkString(",")}, " +
+        s"please check your table properties ${KYUUBI_ZORDER_COLS}.")
+      plan
+    } else {
+      val bound = cols.map(attrs(_))
+      val orderExpr =
+        if (bound.length == 1) {
+          bound.head
+        } else {
+          buildZorder(bound)
+        }
+      // TODO: We can do rebalance partitions before local sort of zorder after SPARK 3.3
+      //   see https://github.com/apache/spark/pull/34542
+      Sort(
+        SortOrder(orderExpr, Ascending, NullsLast, Seq.empty) :: Nil,
+        conf.getConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED),
+        plan)
+    }
+  }
+
+  def applyInternal(plan: LogicalPlan): LogicalPlan
+
+  final override def apply(plan: LogicalPlan): LogicalPlan = {
+    if (conf.getConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING)) {
+      applyInternal(plan)
+    } else {
+      plan
+    }
+  }
+}
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing datasource if the target table properties has zorder properties
+ */
+case class InsertZorderBeforeWritingDatasource(session: SparkSession)
+  extends InsertZorderBeforeWritingDatasourceBase {
+  override def buildZorder(children: Seq[Expression]): ZorderBase = Zorder(children)
+}
+
+/**
+ * TODO: shall we forbid zorder if it's dynamic partition inserts ?
+ * Insert zorder before writing hive if the target table properties has zorder properties
+ */
+case class InsertZorderBeforeWritingHive(session: SparkSession)
+  extends InsertZorderBeforeWritingHiveBase {
+  override def buildZorder(children: Seq[Expression]): ZorderBase = Zorder(children)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala
new file mode 100644
index 000000000..21d1cf2a2
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderCommandBase.scala
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.catalyst.catalog.CatalogTable
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.execution.SparkPlan
+import org.apache.spark.sql.execution.command.DataWritingCommand
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+/**
+ * A runnable command for zorder, we delegate to real command to execute
+ */
+abstract class OptimizeZorderCommandBase extends DataWritingCommand {
+  def catalogTable: CatalogTable
+
+  override def outputColumnNames: Seq[String] = query.output.map(_.name)
+
+  private def isHiveTable: Boolean = {
+    catalogTable.provider.isEmpty ||
+    (catalogTable.provider.isDefined && "hive".equalsIgnoreCase(catalogTable.provider.get))
+  }
+
+  private def getWritingCommand(session: SparkSession): DataWritingCommand = {
+    // TODO: Support convert hive relation to datasource relation, can see
+    //  [[org.apache.spark.sql.hive.RelationConversions]]
+    InsertIntoHiveTable(
+      catalogTable,
+      catalogTable.partitionColumnNames.map(p => (p, None)).toMap,
+      query,
+      overwrite = true,
+      ifPartitionNotExists = false,
+      outputColumnNames)
+  }
+
+  override def run(session: SparkSession, child: SparkPlan): Seq[Row] = {
+    // TODO: Support datasource relation
+    // TODO: Support read and insert overwrite the same table for some table format
+    if (!isHiveTable) {
+      throw new KyuubiSQLExtensionException("only support hive table")
+    }
+
+    val command = getWritingCommand(session)
+    command.run(session, child)
+    DataWritingCommand.propogateMetrics(session.sparkContext, command, metrics)
+    Seq.empty
+  }
+}
+
+/**
+ * A runnable command for zorder, we delegate to real command to execute
+ */
+case class OptimizeZorderCommand(
+    catalogTable: CatalogTable,
+    query: LogicalPlan)
+  extends OptimizeZorderCommandBase {
+  protected def withNewChildInternal(newChild: LogicalPlan): LogicalPlan = {
+    copy(query = newChild)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
new file mode 100644
index 000000000..895f9e24b
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/OptimizeZorderStatementBase.scala
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
+
+/**
+ * A zorder statement that contains we parsed from SQL.
+ * We should convert this plan to certain command at Analyzer.
+ */
+case class OptimizeZorderStatement(
+    tableIdentifier: Seq[String],
+    query: LogicalPlan) extends UnaryNode {
+  override def child: LogicalPlan = query
+  override def output: Seq[Attribute] = child.output
+  protected def withNewChildInternal(newChild: LogicalPlan): LogicalPlan =
+    copy(query = newChild)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
new file mode 100644
index 000000000..9f735caa7
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ResolveZorderBase.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.TableIdentifier
+import org.apache.spark.sql.catalyst.catalog.{CatalogTable, HiveTableRelation}
+import org.apache.spark.sql.catalyst.expressions.AttributeSet
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, SubqueryAlias}
+import org.apache.spark.sql.catalyst.rules.Rule
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+/**
+ * Resolve `OptimizeZorderStatement` to `OptimizeZorderCommand`
+ */
+abstract class ResolveZorderBase extends Rule[LogicalPlan] {
+  def session: SparkSession
+  def buildOptimizeZorderCommand(
+      catalogTable: CatalogTable,
+      query: LogicalPlan): OptimizeZorderCommandBase
+
+  protected def checkQueryAllowed(query: LogicalPlan): Unit = query foreach {
+    case Filter(condition, SubqueryAlias(_, tableRelation: HiveTableRelation)) =>
+      if (tableRelation.partitionCols.isEmpty) {
+        throw new KyuubiSQLExtensionException("Filters are only supported for partitioned table")
+      }
+
+      val partitionKeyIds = AttributeSet(tableRelation.partitionCols)
+      if (condition.references.isEmpty || !condition.references.subsetOf(partitionKeyIds)) {
+        throw new KyuubiSQLExtensionException("Only partition column filters are allowed")
+      }
+
+    case _ =>
+  }
+
+  protected def getTableIdentifier(tableIdent: Seq[String]): TableIdentifier = tableIdent match {
+    case Seq(tbl) => TableIdentifier.apply(tbl)
+    case Seq(db, tbl) => TableIdentifier.apply(tbl, Some(db))
+    case _ => throw new KyuubiSQLExtensionException(
+        "only support session catalog table, please use db.table instead")
+  }
+
+  override def apply(plan: LogicalPlan): LogicalPlan = plan match {
+    case statement: OptimizeZorderStatement if statement.query.resolved =>
+      checkQueryAllowed(statement.query)
+      val tableIdentifier = getTableIdentifier(statement.tableIdentifier)
+      val catalogTable = session.sessionState.catalog.getTableMetadata(tableIdentifier)
+      buildOptimizeZorderCommand(catalogTable, statement.query)
+
+    case _ => plan
+  }
+}
+
+/**
+ * Resolve `OptimizeZorderStatement` to `OptimizeZorderCommand`
+ */
+case class ResolveZorder(session: SparkSession) extends ResolveZorderBase {
+  override def buildOptimizeZorderCommand(
+      catalogTable: CatalogTable,
+      query: LogicalPlan): OptimizeZorderCommandBase = {
+    OptimizeZorderCommand(catalogTable, query)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala
new file mode 100644
index 000000000..e4d98ccbe
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBase.scala
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.analysis.TypeCheckResult
+import org.apache.spark.sql.catalyst.expressions.Expression
+import org.apache.spark.sql.catalyst.expressions.codegen.{CodegenContext, ExprCode, FalseLiteral}
+import org.apache.spark.sql.catalyst.expressions.codegen.Block._
+import org.apache.spark.sql.types.{BinaryType, DataType}
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+abstract class ZorderBase extends Expression {
+  override def foldable: Boolean = children.forall(_.foldable)
+  override def nullable: Boolean = false
+  override def dataType: DataType = BinaryType
+  override def prettyName: String = "zorder"
+
+  override def checkInputDataTypes(): TypeCheckResult = {
+    try {
+      defaultNullValues
+      TypeCheckResult.TypeCheckSuccess
+    } catch {
+      case e: KyuubiSQLExtensionException =>
+        TypeCheckResult.TypeCheckFailure(e.getMessage)
+    }
+  }
+
+  @transient
+  private[this] lazy val defaultNullValues: Array[Any] =
+    children.map(_.dataType)
+      .map(ZorderBytesUtils.defaultValue)
+      .toArray
+
+  override def eval(input: InternalRow): Any = {
+    val childrenValues = children.zipWithIndex.map {
+      case (child: Expression, index) =>
+        val v = child.eval(input)
+        if (v == null) {
+          defaultNullValues(index)
+        } else {
+          v
+        }
+    }
+    ZorderBytesUtils.interleaveBits(childrenValues.toArray)
+  }
+
+  override protected def doGenCode(ctx: CodegenContext, ev: ExprCode): ExprCode = {
+    val evals = children.map(_.genCode(ctx))
+    val defaultValues = ctx.addReferenceObj("defaultValues", defaultNullValues)
+    val values = ctx.freshName("values")
+    val util = ZorderBytesUtils.getClass.getName.stripSuffix("$")
+    val inputs = evals.zipWithIndex.map {
+      case (eval, index) =>
+        s"""
+           |${eval.code}
+           |if (${eval.isNull}) {
+           |  $values[$index] = $defaultValues[$index];
+           |} else {
+           |  $values[$index] = ${eval.value};
+           |}
+           |""".stripMargin
+    }
+    ev.copy(
+      code =
+        code"""
+              |byte[] ${ev.value} = null;
+              |Object[] $values = new Object[${evals.length}];
+              |${inputs.mkString("\n")}
+              |${ev.value} = $util.interleaveBits($values);
+              |""".stripMargin,
+      isNull = FalseLiteral)
+  }
+}
+
+case class Zorder(children: Seq[Expression]) extends ZorderBase {
+  protected def withNewChildrenInternal(newChildren: IndexedSeq[Expression]): Expression =
+    copy(children = newChildren)
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala
new file mode 100644
index 000000000..d249f1dc3
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/zorder/ZorderBytesUtils.scala
@@ -0,0 +1,517 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.sql.zorder
+
+import java.lang.{Double => jDouble, Float => jFloat}
+
+import org.apache.spark.sql.types._
+import org.apache.spark.unsafe.types.UTF8String
+
+import org.apache.kyuubi.sql.KyuubiSQLExtensionException
+
+object ZorderBytesUtils {
+  final private val BIT_8_MASK = 1 << 7
+  final private val BIT_16_MASK = 1 << 15
+  final private val BIT_32_MASK = 1 << 31
+  final private val BIT_64_MASK = 1L << 63
+
+  def interleaveBits(inputs: Array[Any]): Array[Byte] = {
+    inputs.length match {
+      // it's a more fast approach, use O(8 * 8)
+      // can see http://graphics.stanford.edu/~seander/bithacks.html#InterleaveTableObvious
+      case 1 => longToByte(toLong(inputs(0)))
+      case 2 => interleave2Longs(toLong(inputs(0)), toLong(inputs(1)))
+      case 3 => interleave3Longs(toLong(inputs(0)), toLong(inputs(1)), toLong(inputs(2)))
+      case 4 =>
+        interleave4Longs(toLong(inputs(0)), toLong(inputs(1)), toLong(inputs(2)), toLong(inputs(3)))
+      case 5 => interleave5Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)))
+      case 6 => interleave6Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)),
+          toLong(inputs(5)))
+      case 7 => interleave7Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)),
+          toLong(inputs(5)),
+          toLong(inputs(6)))
+      case 8 => interleave8Longs(
+          toLong(inputs(0)),
+          toLong(inputs(1)),
+          toLong(inputs(2)),
+          toLong(inputs(3)),
+          toLong(inputs(4)),
+          toLong(inputs(5)),
+          toLong(inputs(6)),
+          toLong(inputs(7)))
+
+      case _ =>
+        // it's the default approach, use O(64 * n), n is the length of inputs
+        interleaveBitsDefault(inputs.map(toByteArray))
+    }
+  }
+
+  private def interleave2Longs(l1: Long, l2: Long): Array[Byte] = {
+    // output 8 * 16 bits
+    val result = new Array[Byte](16)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toShort
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toShort
+
+      var z = 0
+      var j = 0
+      while (j < 8) {
+        val x_masked = tmp1 & (1 << j)
+        val y_masked = tmp2 & (1 << j)
+        z |= (x_masked << j)
+        z |= (y_masked << (j + 1))
+        j = j + 1
+      }
+      result((7 - i) * 2 + 1) = (z & 0xFF).toByte
+      result((7 - i) * 2) = ((z >> 8) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave3Longs(l1: Long, l2: Long, l3: Long): Array[Byte] = {
+    // output 8 * 24 bits
+    val result = new Array[Byte](24)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toInt
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toInt
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toInt
+
+      var z = 0
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        z |= (r1_mask << (2 * j)) | (r2_mask << (2 * j + 1)) | (r3_mask << (2 * j + 2))
+        j = j + 1
+      }
+      result((7 - i) * 3 + 2) = (z & 0xFF).toByte
+      result((7 - i) * 3 + 1) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 3) = ((z >> 16) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave4Longs(l1: Long, l2: Long, l3: Long, l4: Long): Array[Byte] = {
+    // output 8 * 32 bits
+    val result = new Array[Byte](32)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toInt
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toInt
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toInt
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toInt
+
+      var z = 0
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        z |= (r1_mask << (3 * j)) | (r2_mask << (3 * j + 1)) | (r3_mask << (3 * j + 2)) |
+          (r4_mask << (3 * j + 3))
+        j = j + 1
+      }
+      result((7 - i) * 4 + 3) = (z & 0xFF).toByte
+      result((7 - i) * 4 + 2) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 4 + 1) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 4) = ((z >> 24) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave5Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long): Array[Byte] = {
+    // output 8 * 40 bits
+    val result = new Array[Byte](40)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        z |= (r1_mask << (4 * j)) | (r2_mask << (4 * j + 1)) | (r3_mask << (4 * j + 2)) |
+          (r4_mask << (4 * j + 3)) | (r5_mask << (4 * j + 4))
+        j = j + 1
+      }
+      result((7 - i) * 5 + 4) = (z & 0xFF).toByte
+      result((7 - i) * 5 + 3) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 5 + 2) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 5 + 1) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 5) = ((z >> 32) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave6Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long,
+      l6: Long): Array[Byte] = {
+    // output 8 * 48 bits
+    val result = new Array[Byte](48)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+      val tmp6 = ((l6 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        val r6_mask = tmp6 & (1 << j)
+        z |= (r1_mask << (5 * j)) | (r2_mask << (5 * j + 1)) | (r3_mask << (5 * j + 2)) |
+          (r4_mask << (5 * j + 3)) | (r5_mask << (5 * j + 4)) | (r6_mask << (5 * j + 5))
+        j = j + 1
+      }
+      result((7 - i) * 6 + 5) = (z & 0xFF).toByte
+      result((7 - i) * 6 + 4) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 6 + 3) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 6 + 2) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 6 + 1) = ((z >> 32) & 0xFF).toByte
+      result((7 - i) * 6) = ((z >> 40) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave7Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long,
+      l6: Long,
+      l7: Long): Array[Byte] = {
+    // output 8 * 56 bits
+    val result = new Array[Byte](56)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+      val tmp6 = ((l6 >> (i * 8)) & 0xFF).toLong
+      val tmp7 = ((l7 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        val r6_mask = tmp6 & (1 << j)
+        val r7_mask = tmp7 & (1 << j)
+        z |= (r1_mask << (6 * j)) | (r2_mask << (6 * j + 1)) | (r3_mask << (6 * j + 2)) |
+          (r4_mask << (6 * j + 3)) | (r5_mask << (6 * j + 4)) | (r6_mask << (6 * j + 5)) |
+          (r7_mask << (6 * j + 6))
+        j = j + 1
+      }
+      result((7 - i) * 7 + 6) = (z & 0xFF).toByte
+      result((7 - i) * 7 + 5) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 7 + 4) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 7 + 3) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 7 + 2) = ((z >> 32) & 0xFF).toByte
+      result((7 - i) * 7 + 1) = ((z >> 40) & 0xFF).toByte
+      result((7 - i) * 7) = ((z >> 48) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  private def interleave8Longs(
+      l1: Long,
+      l2: Long,
+      l3: Long,
+      l4: Long,
+      l5: Long,
+      l6: Long,
+      l7: Long,
+      l8: Long): Array[Byte] = {
+    // output 8 * 64 bits
+    val result = new Array[Byte](64)
+    var i = 0
+    while (i < 8) {
+      val tmp1 = ((l1 >> (i * 8)) & 0xFF).toLong
+      val tmp2 = ((l2 >> (i * 8)) & 0xFF).toLong
+      val tmp3 = ((l3 >> (i * 8)) & 0xFF).toLong
+      val tmp4 = ((l4 >> (i * 8)) & 0xFF).toLong
+      val tmp5 = ((l5 >> (i * 8)) & 0xFF).toLong
+      val tmp6 = ((l6 >> (i * 8)) & 0xFF).toLong
+      val tmp7 = ((l7 >> (i * 8)) & 0xFF).toLong
+      val tmp8 = ((l8 >> (i * 8)) & 0xFF).toLong
+
+      var z = 0L
+      var j = 0
+      while (j < 8) {
+        val r1_mask = tmp1 & (1 << j)
+        val r2_mask = tmp2 & (1 << j)
+        val r3_mask = tmp3 & (1 << j)
+        val r4_mask = tmp4 & (1 << j)
+        val r5_mask = tmp5 & (1 << j)
+        val r6_mask = tmp6 & (1 << j)
+        val r7_mask = tmp7 & (1 << j)
+        val r8_mask = tmp8 & (1 << j)
+        z |= (r1_mask << (7 * j)) | (r2_mask << (7 * j + 1)) | (r3_mask << (7 * j + 2)) |
+          (r4_mask << (7 * j + 3)) | (r5_mask << (7 * j + 4)) | (r6_mask << (7 * j + 5)) |
+          (r7_mask << (7 * j + 6)) | (r8_mask << (7 * j + 7))
+        j = j + 1
+      }
+      result((7 - i) * 8 + 7) = (z & 0xFF).toByte
+      result((7 - i) * 8 + 6) = ((z >> 8) & 0xFF).toByte
+      result((7 - i) * 8 + 5) = ((z >> 16) & 0xFF).toByte
+      result((7 - i) * 8 + 4) = ((z >> 24) & 0xFF).toByte
+      result((7 - i) * 8 + 3) = ((z >> 32) & 0xFF).toByte
+      result((7 - i) * 8 + 2) = ((z >> 40) & 0xFF).toByte
+      result((7 - i) * 8 + 1) = ((z >> 48) & 0xFF).toByte
+      result((7 - i) * 8) = ((z >> 56) & 0xFF).toByte
+      i = i + 1
+    }
+    result
+  }
+
+  def interleaveBitsDefault(arrays: Array[Array[Byte]]): Array[Byte] = {
+    var totalLength = 0
+    var maxLength = 0
+    arrays.foreach { array =>
+      totalLength += array.length
+      maxLength = maxLength.max(array.length * 8)
+    }
+    val result = new Array[Byte](totalLength)
+    var resultBit = 0
+
+    var bit = 0
+    while (bit < maxLength) {
+      val bytePos = bit / 8
+      val bitPos = bit % 8
+
+      for (arr <- arrays) {
+        val len = arr.length
+        if (bytePos < len) {
+          val resultBytePos = totalLength - 1 - resultBit / 8
+          val resultBitPos = resultBit % 8
+          result(resultBytePos) =
+            updatePos(result(resultBytePos), resultBitPos, arr(len - 1 - bytePos), bitPos)
+          resultBit += 1
+        }
+      }
+      bit += 1
+    }
+    result
+  }
+
+  def updatePos(a: Byte, apos: Int, b: Byte, bpos: Int): Byte = {
+    var temp = (b & (1 << bpos)).toByte
+    if (apos > bpos) {
+      temp = (temp << (apos - bpos)).toByte
+    } else if (apos < bpos) {
+      temp = (temp >> (bpos - apos)).toByte
+    }
+    val atemp = (a & (1 << apos)).toByte
+    if (atemp == temp) {
+      return a
+    }
+    (a ^ (1 << apos)).toByte
+  }
+
+  def toLong(a: Any): Long = {
+    a match {
+      case b: Boolean => (if (b) 1 else 0).toLong ^ BIT_64_MASK
+      case b: Byte => b.toLong ^ BIT_64_MASK
+      case s: Short => s.toLong ^ BIT_64_MASK
+      case i: Int => i.toLong ^ BIT_64_MASK
+      case l: Long => l ^ BIT_64_MASK
+      case f: Float => java.lang.Float.floatToRawIntBits(f).toLong ^ BIT_64_MASK
+      case d: Double => java.lang.Double.doubleToRawLongBits(d) ^ BIT_64_MASK
+      case str: UTF8String => str.getPrefix
+      case dec: Decimal => dec.toLong ^ BIT_64_MASK
+      case other: Any =>
+        throw new KyuubiSQLExtensionException("Unsupported z-order type: " + other.getClass)
+    }
+  }
+
+  def toByteArray(a: Any): Array[Byte] = {
+    a match {
+      case bo: Boolean =>
+        booleanToByte(bo)
+      case b: Byte =>
+        byteToByte(b)
+      case s: Short =>
+        shortToByte(s)
+      case i: Int =>
+        intToByte(i)
+      case l: Long =>
+        longToByte(l)
+      case f: Float =>
+        floatToByte(f)
+      case d: Double =>
+        doubleToByte(d)
+      case str: UTF8String =>
+        // truncate or padding str to 8 byte
+        paddingTo8Byte(str.getBytes)
+      case dec: Decimal =>
+        longToByte(dec.toLong)
+      case other: Any =>
+        throw new KyuubiSQLExtensionException("Unsupported z-order type: " + other.getClass)
+    }
+  }
+
+  def booleanToByte(a: Boolean): Array[Byte] = {
+    if (a) {
+      byteToByte(1.toByte)
+    } else {
+      byteToByte(0.toByte)
+    }
+  }
+
+  def byteToByte(a: Byte): Array[Byte] = {
+    val tmp = (a ^ BIT_8_MASK).toByte
+    Array(tmp)
+  }
+
+  def shortToByte(a: Short): Array[Byte] = {
+    val tmp = a ^ BIT_16_MASK
+    Array(((tmp >> 8) & 0xFF).toByte, (tmp & 0xFF).toByte)
+  }
+
+  def intToByte(a: Int): Array[Byte] = {
+    val result = new Array[Byte](4)
+    var i = 0
+    val tmp = a ^ BIT_32_MASK
+    while (i <= 3) {
+      val offset = i * 8
+      result(3 - i) = ((tmp >> offset) & 0xFF).toByte
+      i += 1
+    }
+    result
+  }
+
+  def longToByte(a: Long): Array[Byte] = {
+    val result = new Array[Byte](8)
+    var i = 0
+    val tmp = a ^ BIT_64_MASK
+    while (i <= 7) {
+      val offset = i * 8
+      result(7 - i) = ((tmp >> offset) & 0xFF).toByte
+      i += 1
+    }
+    result
+  }
+
+  def floatToByte(a: Float): Array[Byte] = {
+    val fi = jFloat.floatToRawIntBits(a)
+    intToByte(fi)
+  }
+
+  def doubleToByte(a: Double): Array[Byte] = {
+    val dl = jDouble.doubleToRawLongBits(a)
+    longToByte(dl)
+  }
+
+  def paddingTo8Byte(a: Array[Byte]): Array[Byte] = {
+    val len = a.length
+    if (len == 8) {
+      a
+    } else if (len > 8) {
+      val result = new Array[Byte](8)
+      System.arraycopy(a, 0, result, 0, 8)
+      result
+    } else {
+      val result = new Array[Byte](8)
+      System.arraycopy(a, 0, result, 8 - len, len)
+      result
+    }
+  }
+
+  def defaultByteArrayValue(dataType: DataType): Array[Byte] = toByteArray {
+    defaultValue(dataType)
+  }
+
+  def defaultValue(dataType: DataType): Any = {
+    dataType match {
+      case BooleanType =>
+        true
+      case ByteType =>
+        Byte.MaxValue
+      case ShortType =>
+        Short.MaxValue
+      case IntegerType | DateType =>
+        Int.MaxValue
+      case LongType | TimestampType | _: DecimalType =>
+        Long.MaxValue
+      case FloatType =>
+        Float.MaxValue
+      case DoubleType =>
+        Double.MaxValue
+      case StringType =>
+        // we pad string to 8 bytes so it's equal to long
+        UTF8String.fromBytes(longToByte(Long.MaxValue))
+      case other: Any =>
+        throw new KyuubiSQLExtensionException(s"Unsupported z-order type: ${other.catalogString}")
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
new file mode 100644
index 000000000..81873476c
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/FinalStageResourceManager.scala
@@ -0,0 +1,289 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.mutable.ArrayBuffer
+
+import org.apache.spark.{ExecutorAllocationClient, MapOutputTrackerMaster, SparkContext, SparkEnv}
+import org.apache.spark.internal.Logging
+import org.apache.spark.resource.ResourceProfile
+import org.apache.spark.scheduler.cluster.CoarseGrainedSchedulerBackend
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{FilterExec, ProjectExec, SortExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive._
+import org.apache.spark.sql.execution.columnar.InMemoryTableScanExec
+import org.apache.spark.sql.execution.command.DataWritingCommandExec
+import org.apache.spark.sql.execution.datasources.WriteFilesExec
+import org.apache.spark.sql.execution.datasources.v2.V2TableWriteExec
+import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeExec}
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, WriteUtils}
+
+/**
+ * This rule assumes the final write stage has less cores requirement than previous, otherwise
+ * this rule would take no effect.
+ *
+ * It provide a feature:
+ * 1. Kill redundant executors before running final write stage
+ */
+case class FinalStageResourceManager(session: SparkSession)
+  extends Rule[SparkPlan] with FinalRebalanceStageHelper {
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED)) {
+      return plan
+    }
+
+    if (!WriteUtils.isWrite(session, plan)) {
+      return plan
+    }
+
+    val sc = session.sparkContext
+    val dra = sc.getConf.getBoolean("spark.dynamicAllocation.enabled", false)
+    val coresPerExecutor = sc.getConf.getInt("spark.executor.cores", 1)
+    val minExecutors = sc.getConf.getInt("spark.dynamicAllocation.minExecutors", 0)
+    val maxExecutors = sc.getConf.getInt("spark.dynamicAllocation.maxExecutors", Int.MaxValue)
+    val factor = conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_PARTITION_FACTOR)
+    val hasImprovementRoom = maxExecutors - 1 > minExecutors * factor
+    // Fast fail if:
+    // 1. DRA off
+    // 2. only work with yarn and k8s
+    // 3. maxExecutors is not bigger than minExecutors * factor
+    if (!dra || !sc.schedulerBackend.isInstanceOf[CoarseGrainedSchedulerBackend] ||
+      !hasImprovementRoom) {
+      return plan
+    }
+
+    val stageOpt = findFinalRebalanceStage(plan)
+    if (stageOpt.isEmpty) {
+      return plan
+    }
+
+    // It's not safe to kill executors if this plan contains table cache.
+    // If the executor loses then the rdd would re-compute those partition.
+    if (hasTableCache(plan) &&
+      conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_SKIP_KILLING_EXECUTORS_FOR_TABLE_CACHE)) {
+      return plan
+    }
+
+    // TODO: move this to query stage optimizer when updating Spark to 3.5.x
+    // Since we are in `prepareQueryStage`, the AQE shuffle read has not been applied.
+    // So we need to apply it by self.
+    val shuffleRead = queryStageOptimizerRules.foldLeft(stageOpt.get.asInstanceOf[SparkPlan]) {
+      case (latest, rule) => rule.apply(latest)
+    }
+    val (targetCores, stage) = shuffleRead match {
+      case AQEShuffleReadExec(stage: ShuffleQueryStageExec, partitionSpecs) =>
+        (partitionSpecs.length, stage)
+      case stage: ShuffleQueryStageExec =>
+        // we can still kill executors if no AQE shuffle read, e.g., `.repartition(2)`
+        (stage.shuffle.numPartitions, stage)
+      case _ =>
+        // it should never happen in current Spark, but to be safe do nothing if happens
+        logWarning("BUG, Please report to Apache Kyuubi community")
+        return plan
+    }
+    // The condition whether inject custom resource profile:
+    // - target executors < active executors
+    // - active executors - target executors > min executors
+    val numActiveExecutors = sc.getExecutorIds().length
+    val targetExecutors = (math.ceil(targetCores.toFloat / coresPerExecutor) * factor).toInt
+      .max(1)
+    val hasBenefits = targetExecutors < numActiveExecutors &&
+      (numActiveExecutors - targetExecutors) > minExecutors
+    logInfo(s"The snapshot of current executors view, " +
+      s"active executors: $numActiveExecutors, min executor: $minExecutors, " +
+      s"target executors: $targetExecutors, has benefits: $hasBenefits")
+    if (hasBenefits) {
+      val shuffleId = stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleDependency.shuffleId
+      val numReduce = stage.plan.asInstanceOf[ShuffleExchangeExec].numPartitions
+      // Now, there is only a final rebalance stage waiting to execute and all tasks of previous
+      // stage are finished. Kill redundant existed executors eagerly so the tasks of final
+      // stage can be centralized scheduled.
+      killExecutors(sc, targetExecutors, shuffleId, numReduce)
+    }
+
+    plan
+  }
+
+  /**
+   * The priority of kill executors follow:
+   * 1. kill executor who is younger than other (The older the JIT works better)
+   * 2. kill executor who produces less shuffle data first
+   */
+  private def findExecutorToKill(
+      sc: SparkContext,
+      targetExecutors: Int,
+      shuffleId: Int,
+      numReduce: Int): Seq[String] = {
+    val tracker = SparkEnv.get.mapOutputTracker.asInstanceOf[MapOutputTrackerMaster]
+    val shuffleStatusOpt = tracker.shuffleStatuses.get(shuffleId)
+    if (shuffleStatusOpt.isEmpty) {
+      return Seq.empty
+    }
+    val shuffleStatus = shuffleStatusOpt.get
+    val executorToBlockSize = new mutable.HashMap[String, Long]
+    shuffleStatus.withMapStatuses { mapStatus =>
+      mapStatus.foreach { status =>
+        var i = 0
+        var sum = 0L
+        while (i < numReduce) {
+          sum += status.getSizeForBlock(i)
+          i += 1
+        }
+        executorToBlockSize.getOrElseUpdate(status.location.executorId, sum)
+      }
+    }
+
+    val backend = sc.schedulerBackend.asInstanceOf[CoarseGrainedSchedulerBackend]
+    val executorsWithRegistrationTs = backend.getExecutorsWithRegistrationTs()
+    val existedExecutors = executorsWithRegistrationTs.keys.toSet
+    val expectedNumExecutorToKill = existedExecutors.size - targetExecutors
+    if (expectedNumExecutorToKill < 1) {
+      return Seq.empty
+    }
+
+    val executorIdsToKill = new ArrayBuffer[String]()
+    // We first kill executor who does not hold shuffle block. It would happen because
+    // the last stage is running fast and finished in a short time. The existed executors are
+    // from previous stages that have not been killed by DRA, so we can not find it by tracking
+    // shuffle status.
+    // We should evict executors by their alive time first and retain all of executors which
+    // have better locality for shuffle block.
+    executorsWithRegistrationTs.toSeq.sortBy(_._2).foreach { case (id, _) =>
+      if (executorIdsToKill.length < expectedNumExecutorToKill &&
+        !executorToBlockSize.contains(id)) {
+        executorIdsToKill.append(id)
+      }
+    }
+
+    // Evict the rest executors according to the shuffle block size
+    executorToBlockSize.toSeq.sortBy(_._2).foreach { case (id, _) =>
+      if (executorIdsToKill.length < expectedNumExecutorToKill && existedExecutors.contains(id)) {
+        executorIdsToKill.append(id)
+      }
+    }
+
+    executorIdsToKill.toSeq
+  }
+
+  private def killExecutors(
+      sc: SparkContext,
+      targetExecutors: Int,
+      shuffleId: Int,
+      numReduce: Int): Unit = {
+    val executorAllocationClient = sc.schedulerBackend.asInstanceOf[ExecutorAllocationClient]
+
+    val executorsToKill =
+      if (conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL)) {
+        executorAllocationClient.getExecutorIds()
+      } else {
+        findExecutorToKill(sc, targetExecutors, shuffleId, numReduce)
+      }
+    logInfo(s"Request to kill executors, total count ${executorsToKill.size}, " +
+      s"[${executorsToKill.mkString(", ")}].")
+    if (executorsToKill.isEmpty) {
+      return
+    }
+
+    // Note, `SparkContext#killExecutors` does not allow with DRA enabled,
+    // see `https://github.com/apache/spark/pull/20604`.
+    // It may cause the status in `ExecutorAllocationManager` inconsistent with
+    // `CoarseGrainedSchedulerBackend` for a while. But it should be synchronous finally.
+    //
+    // We should adjust target num executors, otherwise `YarnAllocator` might re-request original
+    // target executors if DRA has not updated target executors yet.
+    // Note, DRA would re-adjust executors if there are more tasks to be executed, so we are safe.
+    //
+    //  * We kill executor
+    //      * YarnAllocator re-request target executors
+    //         * DRA can not release executors since they are new added
+    // ----------------------------------------------------------------> timeline
+    executorAllocationClient.killExecutors(
+      executorIds = executorsToKill,
+      adjustTargetNumExecutors = true,
+      countFailures = false,
+      force = false)
+
+    FinalStageResourceManager.getAdjustedTargetExecutors(sc)
+      .filter(_ < targetExecutors).foreach { adjustedExecutors =>
+        val delta = targetExecutors - adjustedExecutors
+        logInfo(s"Target executors after kill ($adjustedExecutors) is lower than required " +
+          s"($targetExecutors). Requesting $delta additional executor(s).")
+        executorAllocationClient.requestExecutors(delta)
+      }
+  }
+
+  @transient private val queryStageOptimizerRules: Seq[Rule[SparkPlan]] = Seq(
+    OptimizeSkewInRebalancePartitions,
+    CoalesceShufflePartitions(session),
+    OptimizeShuffleWithLocalRead)
+}
+
+object FinalStageResourceManager extends Logging {
+
+  private[sql] def getAdjustedTargetExecutors(sc: SparkContext): Option[Int] = {
+    sc.schedulerBackend match {
+      case schedulerBackend: CoarseGrainedSchedulerBackend =>
+        try {
+          val field = classOf[CoarseGrainedSchedulerBackend]
+            .getDeclaredField("requestedTotalExecutorsPerResourceProfile")
+          field.setAccessible(true)
+          schedulerBackend.synchronized {
+            val requestedTotalExecutorsPerResourceProfile =
+              field.get(schedulerBackend).asInstanceOf[mutable.HashMap[ResourceProfile, Int]]
+            val defaultRp = sc.resourceProfileManager.defaultResourceProfile
+            requestedTotalExecutorsPerResourceProfile.get(defaultRp)
+          }
+        } catch {
+          case e: Exception =>
+            logWarning("Failed to get requestedTotalExecutors of Default ResourceProfile", e)
+            None
+        }
+      case _ => None
+    }
+  }
+}
+
+trait FinalRebalanceStageHelper extends AdaptiveSparkPlanHelper {
+  @tailrec
+  final protected def findFinalRebalanceStage(plan: SparkPlan): Option[ShuffleQueryStageExec] = {
+    plan match {
+      case write: DataWritingCommandExec => findFinalRebalanceStage(write.child)
+      case write: V2TableWriteExec => findFinalRebalanceStage(write.child)
+      case write: WriteFilesExec => findFinalRebalanceStage(write.child)
+      case p: ProjectExec => findFinalRebalanceStage(p.child)
+      case f: FilterExec => findFinalRebalanceStage(f.child)
+      case s: SortExec if !s.global => findFinalRebalanceStage(s.child)
+      case stage: ShuffleQueryStageExec
+          if stage.isMaterialized && stage.mapStats.isDefined &&
+            stage.plan.isInstanceOf[ShuffleExchangeExec] &&
+            stage.plan.asInstanceOf[ShuffleExchangeExec].shuffleOrigin != ENSURE_REQUIREMENTS =>
+        Some(stage)
+      case _ => None
+    }
+  }
+
+  final protected def hasTableCache(plan: SparkPlan): Boolean = {
+    find(plan) {
+      case _: InMemoryTableScanExec => true
+      case _ => false
+    }.isDefined
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
new file mode 100644
index 000000000..64421d6bf
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/InjectCustomResourceProfile.scala
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{CustomResourceProfileExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive._
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, WriteUtils}
+
+/**
+ * Inject custom resource profile for final write stage, so we can specify custom
+ * executor resource configs.
+ */
+case class InjectCustomResourceProfile(session: SparkSession)
+  extends Rule[SparkPlan] with FinalRebalanceStageHelper {
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(KyuubiSQLConf.FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED)) {
+      return plan
+    }
+
+    if (!WriteUtils.isWrite(session, plan)) {
+      return plan
+    }
+
+    val stage = findFinalRebalanceStage(plan)
+    if (stage.isEmpty) {
+      return plan
+    }
+
+    // TODO: Ideally, We can call `CoarseGrainedSchedulerBackend.requestTotalExecutors` eagerly
+    //   to reduce the task submit pending time, but it may lose task locality.
+    //
+    // By default, it would request executors when catch stage submit event.
+    injectCustomResourceProfile(plan, stage.get.id)
+  }
+
+  private def injectCustomResourceProfile(plan: SparkPlan, id: Int): SparkPlan = {
+    plan match {
+      case stage: ShuffleQueryStageExec if stage.id == id =>
+        CustomResourceProfileExec(stage)
+      case _ => plan.mapChildren(child => injectCustomResourceProfile(child, id))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala
new file mode 100644
index 000000000..ce496eb47
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/PruneFileSourcePartitionHelper.scala
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.expressions.{AttributeReference, AttributeSet, Expression, ExpressionSet, PredicateHelper, SubqueryExpression}
+import org.apache.spark.sql.catalyst.plans.logical.LeafNode
+import org.apache.spark.sql.execution.datasources.DataSourceStrategy
+import org.apache.spark.sql.types.StructType
+
+trait PruneFileSourcePartitionHelper extends PredicateHelper {
+
+  def getPartitionKeyFiltersAndDataFilters(
+      sparkSession: SparkSession,
+      relation: LeafNode,
+      partitionSchema: StructType,
+      filters: Seq[Expression],
+      output: Seq[AttributeReference]): (ExpressionSet, Seq[Expression]) = {
+    val normalizedFilters = DataSourceStrategy.normalizeExprs(
+      filters.filter(f => f.deterministic && !SubqueryExpression.hasSubquery(f)),
+      output)
+    val partitionColumns =
+      relation.resolve(partitionSchema, sparkSession.sessionState.analyzer.resolver)
+    val partitionSet = AttributeSet(partitionColumns)
+    val (partitionFilters, dataFilters) = normalizedFilters.partition(f =>
+      f.references.subsetOf(partitionSet))
+    val extraPartitionFilter =
+      dataFilters.flatMap(extractPredicatesWithinOutputSet(_, partitionSet))
+
+    (ExpressionSet(partitionFilters ++ extraPartitionFilter), dataFilters)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
new file mode 100644
index 000000000..3698140fb
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/execution/CustomResourceProfileExec.scala
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.execution
+
+import org.apache.spark.network.util.{ByteUnit, JavaUtils}
+import org.apache.spark.rdd.RDD
+import org.apache.spark.resource.{ExecutorResourceRequests, ResourceProfileBuilder}
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.expressions.{Attribute, SortOrder}
+import org.apache.spark.sql.catalyst.plans.physical.Partitioning
+import org.apache.spark.sql.execution.metric.{SQLMetric, SQLMetrics}
+import org.apache.spark.sql.vectorized.ColumnarBatch
+import org.apache.spark.util.Utils
+
+import org.apache.kyuubi.sql.KyuubiSQLConf._
+
+/**
+ * This node wraps the final executed plan and inject custom resource profile to the RDD.
+ * It assumes that, the produced RDD would create the `ResultStage` in `DAGScheduler`,
+ * so it makes resource isolation between previous and final stage.
+ *
+ * Note that, Spark does not support config `minExecutors` for each resource profile.
+ * Which means, it would retain `minExecutors` for each resource profile.
+ * So, suggest set `spark.dynamicAllocation.minExecutors` to 0 if enable this feature.
+ */
+case class CustomResourceProfileExec(child: SparkPlan) extends UnaryExecNode {
+  override def output: Seq[Attribute] = child.output
+  override def outputPartitioning: Partitioning = child.outputPartitioning
+  override def outputOrdering: Seq[SortOrder] = child.outputOrdering
+  override def supportsColumnar: Boolean = child.supportsColumnar
+  override def supportsRowBased: Boolean = child.supportsRowBased
+  override protected def doCanonicalize(): SparkPlan = child.canonicalized
+
+  private val executorCores = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_CORES).getOrElse(
+    sparkContext.getConf.getInt("spark.executor.cores", 1))
+  private val executorMemory = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_MEMORY).getOrElse(
+    sparkContext.getConf.get("spark.executor.memory", "2G"))
+  private val executorMemoryOverhead =
+    conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_MEMORY_OVERHEAD)
+      .getOrElse(sparkContext.getConf.get("spark.executor.memoryOverhead", "1G"))
+  private val executorOffHeapMemory = conf.getConf(FINAL_WRITE_STAGE_EXECUTOR_OFF_HEAP_MEMORY)
+
+  override lazy val metrics: Map[String, SQLMetric] = {
+    val base = Map(
+      "executorCores" -> SQLMetrics.createMetric(sparkContext, "executor cores"),
+      "executorMemory" -> SQLMetrics.createMetric(sparkContext, "executor memory (MiB)"),
+      "executorMemoryOverhead" -> SQLMetrics.createMetric(
+        sparkContext,
+        "executor memory overhead (MiB)"))
+    val addition = executorOffHeapMemory.map(_ =>
+      "executorOffHeapMemory" ->
+        SQLMetrics.createMetric(sparkContext, "executor off heap memory (MiB)")).toMap
+    base ++ addition
+  }
+
+  private def wrapResourceProfile[T](rdd: RDD[T]): RDD[T] = {
+    if (Utils.isTesting) {
+      // do nothing for local testing
+      return rdd
+    }
+
+    metrics("executorCores") += executorCores
+    metrics("executorMemory") += JavaUtils.byteStringAs(executorMemory, ByteUnit.MiB)
+    metrics("executorMemoryOverhead") += JavaUtils.byteStringAs(
+      executorMemoryOverhead,
+      ByteUnit.MiB)
+    executorOffHeapMemory.foreach(m =>
+      metrics("executorOffHeapMemory") += JavaUtils.byteStringAs(m, ByteUnit.MiB))
+
+    val executionId = sparkContext.getLocalProperty(SQLExecution.EXECUTION_ID_KEY)
+    SQLMetrics.postDriverMetricUpdates(sparkContext, executionId, metrics.values.toSeq)
+
+    val resourceProfileBuilder = new ResourceProfileBuilder()
+    val executorResourceRequests = new ExecutorResourceRequests()
+    executorResourceRequests.cores(executorCores)
+    executorResourceRequests.memory(executorMemory)
+    executorResourceRequests.memoryOverhead(executorMemoryOverhead)
+    executorOffHeapMemory.foreach(executorResourceRequests.offHeapMemory)
+    resourceProfileBuilder.require(executorResourceRequests)
+    rdd.withResources(resourceProfileBuilder.build())
+    rdd
+  }
+
+  override protected def doExecute(): RDD[InternalRow] = {
+    val rdd = child.execute()
+    wrapResourceProfile(rdd)
+  }
+
+  override protected def doExecuteColumnar(): RDD[ColumnarBatch] = {
+    val rdd = child.executeColumnar()
+    wrapResourceProfile(rdd)
+  }
+
+  override protected def withNewChildInternal(newChild: SparkPlan): SparkPlan = {
+    this.copy(child = newChild)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml
new file mode 100644
index 000000000..bfc40dd6d
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!-- Extra logging related to initialization of Log4j. 
+ Set to debug or trace if log4j initialization is failing. -->
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="stdout" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <Filters>
+                <ThresholdFilter level="FATAL"/>
+                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+        </Console>
+        <File name="file" fileName="target/unit-tests.log">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <Filters>
+                <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </Filters>
+        </File>
+    </Appenders>
+    <Loggers>
+        <Root level="INFO">
+            <AppenderRef ref="stdout"/>
+            <AppenderRef ref="file"/>
+        </Root>
+    </Loggers>
+</Configuration>
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala
new file mode 100644
index 000000000..bbc61fb44
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DropIgnoreNonexistentSuite.scala
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.plans.logical.{DropNamespace, NoopCommand}
+import org.apache.spark.sql.execution.command._
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class DropIgnoreNonexistentSuite extends KyuubiSparkSQLExtensionTest {
+
+  test("drop ignore nonexistent") {
+    withSQLConf(KyuubiSQLConf.DROP_IGNORE_NONEXISTENT.key -> "true") {
+      // drop nonexistent database
+      val df1 = sql("DROP DATABASE nonexistent_database")
+      assert(df1.queryExecution.analyzed.asInstanceOf[DropNamespace].ifExists == true)
+
+      // drop nonexistent function
+      val df4 = sql("DROP FUNCTION nonexistent_function")
+      assert(df4.queryExecution.analyzed.isInstanceOf[NoopCommand])
+
+      // drop nonexistent PARTITION
+      withTable("test") {
+        sql("CREATE TABLE IF NOT EXISTS test(i int) PARTITIONED BY (p int)")
+        val df5 = sql("ALTER TABLE test DROP PARTITION (p = 1)")
+        assert(df5.queryExecution.analyzed
+          .asInstanceOf[AlterTableDropPartitionCommand].ifExists == true)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala
new file mode 100644
index 000000000..96c8ae6e8
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageConfigIsolationSuite.scala
@@ -0,0 +1,203 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.execution.adaptive.{AQEShuffleReadExec, QueryStageExec}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.{FinalStageConfigIsolation, KyuubiSQLConf}
+
+class FinalStageConfigIsolationSuite extends KyuubiSparkSQLExtensionTest {
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  test("final stage config set reset check") {
+    withSQLConf(
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY.key -> "false",
+      "spark.sql.finalStage.adaptive.coalescePartitions.minPartitionNum" -> "1",
+      "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes" -> "100") {
+      // use loop to double check final stage config doesn't affect the sql query each other
+      (1 to 3).foreach { _ =>
+        sql("SELECT COUNT(*) FROM VALUES(1) as t(c)").collect()
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.previousStage.adaptive.coalescePartitions.minPartitionNum") ===
+          FinalStageConfigIsolation.INTERNAL_UNSET_CONFIG_TAG)
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.adaptive.coalescePartitions.minPartitionNum") ===
+          "1")
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.finalStage.adaptive.coalescePartitions.minPartitionNum") ===
+          "1")
+
+        // 64MB
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.previousStage.adaptive.advisoryPartitionSizeInBytes") ===
+          "67108864b")
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.adaptive.advisoryPartitionSizeInBytes") ===
+          "100")
+        assert(spark.sessionState.conf.getConfString(
+          "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes") ===
+          "100")
+      }
+
+      sql("SET spark.sql.adaptive.advisoryPartitionSizeInBytes=1")
+      assert(spark.sessionState.conf.getConfString(
+        "spark.sql.adaptive.advisoryPartitionSizeInBytes") ===
+        "1")
+      assert(!spark.sessionState.conf.contains(
+        "spark.sql.previousStage.adaptive.advisoryPartitionSizeInBytes"))
+
+      sql("SET a=1")
+      assert(spark.sessionState.conf.getConfString("a") === "1")
+
+      sql("RESET spark.sql.adaptive.coalescePartitions.minPartitionNum")
+      assert(!spark.sessionState.conf.contains(
+        "spark.sql.adaptive.coalescePartitions.minPartitionNum"))
+      assert(!spark.sessionState.conf.contains(
+        "spark.sql.previousStage.adaptive.coalescePartitions.minPartitionNum"))
+
+      sql("RESET a")
+      assert(!spark.sessionState.conf.contains("a"))
+    }
+  }
+
+  test("final stage config isolation") {
+    def checkPartitionNum(
+        sqlString: String,
+        previousPartitionNum: Int,
+        finalPartitionNum: Int): Unit = {
+      val df = sql(sqlString)
+      df.collect()
+      val shuffleReaders = collect(df.queryExecution.executedPlan) {
+        case customShuffleReader: AQEShuffleReadExec => customShuffleReader
+      }
+      assert(shuffleReaders.nonEmpty)
+      // reorder stage by stage id to ensure we get the right stage
+      val sortedShuffleReaders = shuffleReaders.sortWith {
+        case (s1, s2) =>
+          s1.child.asInstanceOf[QueryStageExec].id < s2.child.asInstanceOf[QueryStageExec].id
+      }
+      if (sortedShuffleReaders.length > 1) {
+        assert(sortedShuffleReaders.head.partitionSpecs.length === previousPartitionNum)
+      }
+      assert(sortedShuffleReaders.last.partitionSpecs.length === finalPartitionNum)
+      assert(df.rdd.partitions.length === finalPartitionNum)
+    }
+
+    withSQLConf(
+      SQLConf.AUTO_BROADCASTJOIN_THRESHOLD.key -> "-1",
+      SQLConf.COALESCE_PARTITIONS_MIN_PARTITION_NUM.key -> "1",
+      SQLConf.SHUFFLE_PARTITIONS.key -> "3",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY.key -> "false",
+      "spark.sql.adaptive.advisoryPartitionSizeInBytes" -> "1",
+      "spark.sql.adaptive.coalescePartitions.minPartitionSize" -> "1",
+      "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes" -> "10000000") {
+
+      // use loop to double check final stage config doesn't affect the sql query each other
+      (1 to 3).foreach { _ =>
+        checkPartitionNum(
+          "SELECT c1, count(*) FROM t1 GROUP BY c1",
+          1,
+          1)
+
+        checkPartitionNum(
+          "SELECT c2, count(*) FROM (SELECT c1, count(*) as c2 FROM t1 GROUP BY c1) GROUP BY c2",
+          3,
+          1)
+
+        checkPartitionNum(
+          "SELECT t1.c1, count(*) FROM t1 JOIN t2 ON t1.c2 = t2.c2 GROUP BY t1.c1",
+          3,
+          1)
+
+        checkPartitionNum(
+          """
+            | SELECT /*+ REPARTITION */
+            | t1.c1, count(*) FROM t1
+            | JOIN t2 ON t1.c2 = t2.c2
+            | JOIN t3 ON t1.c1 = t3.c1
+            | GROUP BY t1.c1
+            |""".stripMargin,
+          3,
+          1)
+
+        // one shuffle reader
+        checkPartitionNum(
+          """
+            | SELECT /*+ BROADCAST(t1) */
+            | t1.c1, t2.c2 FROM t1
+            | JOIN t2 ON t1.c2 = t2.c2
+            | DISTRIBUTE BY c1
+            |""".stripMargin,
+          1,
+          1)
+
+        // test ReusedExchange
+        checkPartitionNum(
+          """
+            |SELECT /*+ REPARTITION */ t0.c2 FROM (
+            |SELECT t1.c1, (count(*) + c1) as c2 FROM t1 GROUP BY t1.c1
+            |) t0 JOIN (
+            |SELECT t1.c1, (count(*) + c1) as c2 FROM t1 GROUP BY t1.c1
+            |) t1 ON t0.c2 = t1.c2
+            |""".stripMargin,
+          3,
+          1)
+
+        // one shuffle reader
+        checkPartitionNum(
+          """
+            |SELECT t0.c1 FROM (
+            |SELECT t1.c1 FROM t1 GROUP BY t1.c1
+            |) t0 JOIN (
+            |SELECT t1.c1 FROM t1 GROUP BY t1.c1
+            |) t1 ON t0.c1 = t1.c1
+            |""".stripMargin,
+          1,
+          1)
+      }
+    }
+  }
+
+  test("final stage config isolation write only") {
+    withSQLConf(
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+      KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION_WRITE_ONLY.key -> "true",
+      "spark.sql.finalStage.adaptive.advisoryPartitionSizeInBytes" -> "7") {
+      sql("set spark.sql.adaptive.advisoryPartitionSizeInBytes=5")
+      sql("SELECT * FROM t1").count()
+      assert(spark.conf.getOption("spark.sql.adaptive.advisoryPartitionSizeInBytes")
+        .contains("5"))
+
+      withTable("tmp") {
+        sql("CREATE TABLE t1 USING PARQUET SELECT /*+ repartition */ 1 AS c1, 'a' AS c2")
+        assert(spark.conf.getOption("spark.sql.adaptive.advisoryPartitionSizeInBytes")
+          .contains("7"))
+      }
+
+      sql("SELECT * FROM t1").count()
+      assert(spark.conf.getOption("spark.sql.adaptive.advisoryPartitionSizeInBytes")
+        .contains("5"))
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
new file mode 100644
index 000000000..4b9991ef6
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/FinalStageResourceManagerSuite.scala
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.scalatest.time.{Minutes, Span}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+import org.apache.kyuubi.tags.SparkLocalClusterTest
+
+@SparkLocalClusterTest
+class FinalStageResourceManagerSuite extends KyuubiSparkSQLExtensionTest {
+
+  override def sparkConf(): SparkConf = {
+    // It is difficult to run spark in local-cluster mode when spark.testing is set.
+    sys.props.remove("spark.testing")
+
+    super.sparkConf().set("spark.master", "local-cluster[3, 1, 1024]")
+      .set("spark.dynamicAllocation.enabled", "true")
+      .set("spark.dynamicAllocation.initialExecutors", "3")
+      .set("spark.dynamicAllocation.minExecutors", "1")
+      .set("spark.dynamicAllocation.shuffleTracking.enabled", "true")
+      .set(KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key, "true")
+      .set(KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_ENABLED.key, "true")
+  }
+
+  test("[KYUUBI #5136][Bug] Final Stage hangs forever") {
+    // Prerequisite to reproduce the bug:
+    // 1. Dynamic allocation is enabled.
+    // 2. Dynamic allocation min executors is 1.
+    // 3. target executors < active executors.
+    // 4. No active executor is left after FinalStageResourceManager killed executors.
+    //    This is possible because FinalStageResourceManager retained executors may already be
+    //    requested to be killed but not died yet.
+    // 5. Final Stage required executors is 1.
+    withSQLConf(
+      (KyuubiSQLConf.FINAL_WRITE_STAGE_EAGERLY_KILL_EXECUTORS_KILL_ALL.key, "true")) {
+      withTable("final_stage") {
+        eventually(timeout(Span(10, Minutes))) {
+          sql(
+            "CREATE TABLE final_stage AS SELECT id, count(*) as num FROM (SELECT 0 id) GROUP BY id")
+        }
+        assert(FinalStageResourceManager.getAdjustedTargetExecutors(spark.sparkContext).get == 1)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
new file mode 100644
index 000000000..b0767b187
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InjectResourceProfileSuite.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.scheduler.{SparkListener, SparkListenerEvent}
+import org.apache.spark.sql.execution.ui.SparkListenerSQLAdaptiveExecutionUpdate
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class InjectResourceProfileSuite extends KyuubiSparkSQLExtensionTest {
+  private def checkCustomResourceProfile(sqlString: String, exists: Boolean): Unit = {
+    @volatile var lastEvent: SparkListenerSQLAdaptiveExecutionUpdate = null
+    val listener = new SparkListener {
+      override def onOtherEvent(event: SparkListenerEvent): Unit = {
+        event match {
+          case e: SparkListenerSQLAdaptiveExecutionUpdate => lastEvent = e
+          case _ =>
+        }
+      }
+    }
+
+    spark.sparkContext.addSparkListener(listener)
+    try {
+      sql(sqlString).collect()
+      spark.sparkContext.listenerBus.waitUntilEmpty()
+      assert(lastEvent != null)
+      var current = lastEvent.sparkPlanInfo
+      var shouldStop = false
+      while (!shouldStop) {
+        if (current.nodeName != "CustomResourceProfile") {
+          if (current.children.isEmpty) {
+            assert(!exists)
+            shouldStop = true
+          } else {
+            current = current.children.head
+          }
+        } else {
+          assert(exists)
+          shouldStop = true
+        }
+      }
+    } finally {
+      spark.sparkContext.removeSparkListener(listener)
+    }
+  }
+
+  test("Inject resource profile") {
+    withTable("t") {
+      withSQLConf(
+        "spark.sql.adaptive.forceApply" -> "true",
+        KyuubiSQLConf.FINAL_STAGE_CONFIG_ISOLATION.key -> "true",
+        KyuubiSQLConf.FINAL_WRITE_STAGE_RESOURCE_ISOLATION_ENABLED.key -> "true") {
+
+        sql("CREATE TABLE t (c1 int, c2 string) USING PARQUET")
+
+        checkCustomResourceProfile("INSERT INTO TABLE t VALUES(1, 'a')", false)
+        checkCustomResourceProfile("SELECT 1", false)
+        checkCustomResourceProfile(
+          "INSERT INTO TABLE t SELECT /*+ rebalance */ * FROM VALUES(1, 'a')",
+          true)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala
new file mode 100644
index 000000000..f0d384657
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuite.scala
@@ -0,0 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+class InsertShuffleNodeBeforeJoinSuite extends InsertShuffleNodeBeforeJoinSuiteBase
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala
new file mode 100644
index 000000000..c657dee49
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/InsertShuffleNodeBeforeJoinSuiteBase.scala
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeLike}
+import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+trait InsertShuffleNodeBeforeJoinSuiteBase extends KyuubiSparkSQLExtensionTest {
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  override def sparkConf(): SparkConf = {
+    super.sparkConf()
+      .set(
+        StaticSQLConf.SPARK_SESSION_EXTENSIONS.key,
+        "org.apache.kyuubi.sql.KyuubiSparkSQLCommonExtension")
+  }
+
+  test("force shuffle before join") {
+    def checkShuffleNodeNum(sqlString: String, num: Int): Unit = {
+      var expectedResult: Seq[Row] = Seq.empty
+      withSQLConf(SQLConf.ADAPTIVE_EXECUTION_ENABLED.key -> "false") {
+        expectedResult = sql(sqlString).collect()
+      }
+      val df = sql(sqlString)
+      checkAnswer(df, expectedResult)
+      assert(
+        collect(df.queryExecution.executedPlan) {
+          case shuffle: ShuffleExchangeLike if shuffle.shuffleOrigin == ENSURE_REQUIREMENTS =>
+            shuffle
+        }.size == num)
+    }
+
+    withSQLConf(
+      SQLConf.AUTO_BROADCASTJOIN_THRESHOLD.key -> "-1",
+      KyuubiSQLConf.FORCE_SHUFFLE_BEFORE_JOIN.key -> "true") {
+      Seq("SHUFFLE_HASH", "MERGE").foreach { joinHint =>
+        // positive case
+        checkShuffleNodeNum(
+          s"""
+             |SELECT /*+ $joinHint(t2, t3) */ t1.c1, t1.c2, t2.c1, t3.c1 from t1
+             | JOIN t2 ON t1.c1 = t2.c1
+             | JOIN t3 ON t1.c1 = t3.c1
+             | """.stripMargin,
+          4)
+
+        // negative case
+        checkShuffleNodeNum(
+          s"""
+             |SELECT /*+ $joinHint(t2, t3) */ t1.c1, t1.c2, t2.c1, t3.c1 from t1
+             | JOIN t2 ON t1.c1 = t2.c1
+             | JOIN t3 ON t1.c2 = t3.c2
+             | """.stripMargin,
+          4)
+      }
+
+      checkShuffleNodeNum(
+        """
+          |SELECT t1.c1, t2.c1, t3.c2 from t1
+          | JOIN t2 ON t1.c1 = t2.c1
+          | JOIN (
+          |  SELECT c2, count(*) FROM t1 GROUP BY c2
+          | ) t3 ON t1.c1 = t3.c2
+          | """.stripMargin,
+        5)
+
+      checkShuffleNodeNum(
+        """
+          |SELECT t1.c1, t2.c1, t3.c1 from t1
+          | JOIN t2 ON t1.c1 = t2.c1
+          | JOIN (
+          |  SELECT c1, count(*) FROM t1 GROUP BY c1
+          | ) t3 ON t1.c1 = t3.c1
+          | """.stripMargin,
+        5)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
new file mode 100644
index 000000000..dd9ffbf16
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/KyuubiSparkSQLExtensionTest.scala
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars
+import org.apache.spark.SparkConf
+import org.apache.spark.sql.execution.QueryExecution
+import org.apache.spark.sql.execution.adaptive.AdaptiveSparkPlanHelper
+import org.apache.spark.sql.execution.command.{DataWritingCommand, DataWritingCommandExec}
+import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
+import org.apache.spark.sql.test.SQLTestData.TestData
+import org.apache.spark.sql.test.SQLTestUtils
+import org.apache.spark.sql.util.QueryExecutionListener
+import org.apache.spark.util.Utils
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+trait KyuubiSparkSQLExtensionTest extends QueryTest
+  with SQLTestUtils
+  with AdaptiveSparkPlanHelper {
+  sys.props.put("spark.testing", "1")
+
+  private var _spark: Option[SparkSession] = None
+  protected def spark: SparkSession = _spark.getOrElse {
+    throw new RuntimeException("test spark session don't initial before using it.")
+  }
+
+  override protected def beforeAll(): Unit = {
+    if (_spark.isEmpty) {
+      _spark = Option(SparkSession.builder()
+        .master("local[1]")
+        .config(sparkConf)
+        .enableHiveSupport()
+        .getOrCreate())
+    }
+    super.beforeAll()
+  }
+
+  override protected def afterAll(): Unit = {
+    super.afterAll()
+    cleanupData()
+    _spark.foreach(_.stop)
+  }
+
+  protected def setupData(): Unit = {
+    val self = spark
+    import self.implicits._
+    spark.sparkContext.parallelize(
+      (1 to 100).map(i => TestData(i, i.toString)),
+      10)
+      .toDF("c1", "c2").createOrReplaceTempView("t1")
+    spark.sparkContext.parallelize(
+      (1 to 10).map(i => TestData(i, i.toString)),
+      5)
+      .toDF("c1", "c2").createOrReplaceTempView("t2")
+    spark.sparkContext.parallelize(
+      (1 to 50).map(i => TestData(i, i.toString)),
+      2)
+      .toDF("c1", "c2").createOrReplaceTempView("t3")
+  }
+
+  private def cleanupData(): Unit = {
+    spark.sql("DROP VIEW IF EXISTS t1")
+    spark.sql("DROP VIEW IF EXISTS t2")
+    spark.sql("DROP VIEW IF EXISTS t3")
+  }
+
+  def sparkConf(): SparkConf = {
+    val basePath = Utils.createTempDir() + "/" + getClass.getCanonicalName
+    val metastorePath = basePath + "/metastore_db"
+    val warehousePath = basePath + "/warehouse"
+    new SparkConf()
+      .set(
+        StaticSQLConf.SPARK_SESSION_EXTENSIONS.key,
+        "org.apache.kyuubi.sql.KyuubiSparkSQLExtension")
+      .set(KyuubiSQLConf.SQL_CLASSIFICATION_ENABLED.key, "true")
+      .set(SQLConf.ADAPTIVE_EXECUTION_ENABLED.key, "true")
+      .set("spark.hadoop.hive.exec.dynamic.partition.mode", "nonstrict")
+      .set("spark.hadoop.hive.metastore.client.capability.check", "false")
+      .set(
+        ConfVars.METASTORECONNECTURLKEY.varname,
+        s"jdbc:derby:;databaseName=$metastorePath;create=true")
+      .set(StaticSQLConf.WAREHOUSE_PATH, warehousePath)
+      .set("spark.ui.enabled", "false")
+  }
+
+  def withListener(sqlString: String)(callback: DataWritingCommand => Unit): Unit = {
+    withListener(sql(sqlString))(callback)
+  }
+
+  def withListener(df: => DataFrame)(callback: DataWritingCommand => Unit): Unit = {
+    val listener = new QueryExecutionListener {
+      override def onFailure(f: String, qe: QueryExecution, e: Exception): Unit = {}
+
+      override def onSuccess(funcName: String, qe: QueryExecution, duration: Long): Unit = {
+        qe.executedPlan match {
+          case write: DataWritingCommandExec => callback(write.cmd)
+          case _ =>
+        }
+      }
+    }
+    spark.listenerManager.register(listener)
+    try {
+      df.collect()
+      sparkContext.listenerBus.waitUntilEmpty()
+    } finally {
+      spark.listenerManager.unregister(listener)
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala
new file mode 100644
index 000000000..1d9630f49
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/RebalanceBeforeWritingSuite.scala
@@ -0,0 +1,271 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.expressions.Attribute
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, RebalancePartitions, Sort}
+import org.apache.spark.sql.execution.command.DataWritingCommand
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.hive.HiveUtils
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+
+class RebalanceBeforeWritingSuite extends KyuubiSparkSQLExtensionTest {
+
+  test("check rebalance exists") {
+    def check(df: => DataFrame, expectedRebalanceNum: Int = 1): Unit = {
+      withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+        withListener(df) { write =>
+          assert(write.collect {
+            case r: RebalancePartitions => r
+          }.size == expectedRebalanceNum)
+        }
+      }
+      withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "false") {
+        withListener(df) { write =>
+          assert(write.collect {
+            case r: RebalancePartitions => r
+          }.isEmpty)
+        }
+      }
+    }
+
+    // It's better to set config explicitly in case of we change the default value.
+    withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "true") {
+      Seq("USING PARQUET", "").foreach { storage =>
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          check(sql("INSERT INTO TABLE tmp1 PARTITION(c2='a') " +
+            "SELECT * FROM VALUES(1),(2) AS t(c1)"))
+        }
+
+        withTable("tmp1", "tmp2") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          sql(s"CREATE TABLE tmp2 (c1 int) $storage PARTITIONED BY (c2 string)")
+          check(
+            sql(
+              """FROM VALUES(1),(2)
+                |INSERT INTO TABLE tmp1 PARTITION(c2='a') SELECT *
+                |INSERT INTO TABLE tmp2 PARTITION(c2='a') SELECT *
+                |""".stripMargin),
+            2)
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage")
+          check(sql("INSERT INTO TABLE tmp1 SELECT * FROM VALUES(1),(2),(3) AS t(c1)"))
+        }
+
+        withTable("tmp1", "tmp2") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage")
+          sql(s"CREATE TABLE tmp2 (c1 int) $storage")
+          check(
+            sql(
+              """FROM VALUES(1),(2),(3)
+                |INSERT INTO TABLE tmp1 SELECT *
+                |INSERT INTO TABLE tmp2 SELECT *
+                |""".stripMargin),
+            2)
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 $storage AS SELECT * FROM VALUES(1),(2),(3) AS t(c1)")
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 $storage PARTITIONED BY(c2) AS " +
+            s"SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)")
+        }
+      }
+    }
+  }
+
+  test("check rebalance does not exists") {
+    def check(df: DataFrame): Unit = {
+      withListener(df) { write =>
+        assert(write.collect {
+          case r: RebalancePartitions => r
+        }.isEmpty)
+      }
+    }
+
+    withSQLConf(
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "true",
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+      // test no write command
+      check(sql("SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+      check(sql("SELECT count(*) FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+
+      // test not supported plan
+      withTable("tmp1") {
+        sql(s"CREATE TABLE tmp1 (c1 int) PARTITIONED BY (c2 string)")
+        check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+          "SELECT /*+ repartition(10) */ * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+        check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+          "SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2) ORDER BY c1"))
+        check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+          "SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2) LIMIT 10"))
+      }
+    }
+
+    withSQLConf(KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "false") {
+      Seq("USING PARQUET", "").foreach { storage =>
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          check(sql("INSERT INTO TABLE tmp1 PARTITION(c2) " +
+            "SELECT * FROM VALUES(1, 'a'),(2, 'b') AS t(c1, c2)"))
+        }
+
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage")
+          check(sql("INSERT INTO TABLE tmp1 SELECT * FROM VALUES(1),(2),(3) AS t(c1)"))
+        }
+      }
+    }
+  }
+
+  test("test dynamic partition write") {
+    def checkRepartitionExpression(sqlString: String): Unit = {
+      withListener(sqlString) { write =>
+        assert(write.isInstanceOf[InsertIntoHiveTable])
+        assert(write.collect {
+          case r: RebalancePartitions if r.partitionExpressions.size == 1 =>
+            assert(r.partitionExpressions.head.asInstanceOf[Attribute].name === "c2")
+            r
+        }.size == 1)
+      }
+    }
+
+    withSQLConf(
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE.key -> "true",
+      KyuubiSQLConf.DYNAMIC_PARTITION_INSERTION_REPARTITION_NUM.key -> "2",
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+      Seq("USING PARQUET", "").foreach { storage =>
+        withTable("tmp1") {
+          sql(s"CREATE TABLE tmp1 (c1 int) $storage PARTITIONED BY (c2 string)")
+          checkRepartitionExpression("INSERT INTO TABLE tmp1 SELECT 1 as c1, 'a' as c2 ")
+        }
+
+        withTable("tmp1") {
+          checkRepartitionExpression(
+            "CREATE TABLE tmp1 PARTITIONED BY(C2) SELECT 1 as c1, 'a' as c2")
+        }
+      }
+    }
+  }
+
+  test("OptimizedCreateHiveTableAsSelectCommand") {
+    withSQLConf(
+      HiveUtils.CONVERT_METASTORE_PARQUET.key -> "true",
+      HiveUtils.CONVERT_METASTORE_CTAS.key -> "true",
+      KyuubiSQLConf.INSERT_REPARTITION_BEFORE_WRITE_IF_NO_SHUFFLE.key -> "true") {
+      withTable("t") {
+        withListener("CREATE TABLE t STORED AS parquet AS SELECT 1 as a") { write =>
+          assert(write.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+          assert(write.collect {
+            case _: RebalancePartitions => true
+          }.size == 1)
+        }
+      }
+    }
+  }
+
+  test("Infer rebalance and sorder orders") {
+    def checkShuffleAndSort(dataWritingCommand: LogicalPlan, sSize: Int, rSize: Int): Unit = {
+      assert(dataWritingCommand.isInstanceOf[DataWritingCommand])
+      val plan = dataWritingCommand.asInstanceOf[DataWritingCommand].query
+      assert(plan.collect {
+        case s: Sort => s
+      }.size == sSize)
+      assert(plan.collect {
+        case r: RebalancePartitions if r.partitionExpressions.size == rSize => r
+      }.nonEmpty || rSize == 0)
+    }
+
+    withView("v") {
+      withTable("t", "input1", "input2") {
+        withSQLConf(KyuubiSQLConf.INFER_REBALANCE_AND_SORT_ORDERS.key -> "true") {
+          sql(s"CREATE TABLE t (c1 int, c2 long) USING PARQUET PARTITIONED BY (p string)")
+          sql(s"CREATE TABLE input1 USING PARQUET AS SELECT * FROM VALUES(1,2),(1,3)")
+          sql(s"CREATE TABLE input2 USING PARQUET AS SELECT * FROM VALUES(1,3),(1,3)")
+          sql(s"CREATE VIEW v as SELECT col1, count(*) as col2 FROM input1 GROUP BY col1")
+
+          val df0 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT /*+ broadcast(input2) */ input1.col1, input2.col1
+               |FROM input1
+               |JOIN input2
+               |ON input1.col1 = input2.col1
+               |""".stripMargin)
+          checkShuffleAndSort(df0.queryExecution.analyzed, 1, 1)
+
+          val df1 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT /*+ broadcast(input2) */ input1.col1, input1.col2
+               |FROM input1
+               |LEFT JOIN input2
+               |ON input1.col1 = input2.col1 and input1.col2 = input2.col2
+               |""".stripMargin)
+          checkShuffleAndSort(df1.queryExecution.analyzed, 1, 2)
+
+          val df2 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT col1 as c1, count(*) as c2
+               |FROM input1
+               |GROUP BY col1
+               |HAVING count(*) > 0
+               |""".stripMargin)
+          checkShuffleAndSort(df2.queryExecution.analyzed, 1, 1)
+
+          // dynamic partition
+          val df3 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p)
+               |SELECT /*+ broadcast(input2) */ input1.col1, input1.col2, input1.col2
+               |FROM input1
+               |JOIN input2
+               |ON input1.col1 = input2.col1
+               |""".stripMargin)
+          checkShuffleAndSort(df3.queryExecution.analyzed, 0, 1)
+
+          // non-deterministic
+          val df4 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT col1 + rand(), count(*) as c2
+               |FROM input1
+               |GROUP BY col1
+               |""".stripMargin)
+          checkShuffleAndSort(df4.queryExecution.analyzed, 0, 0)
+
+          // view
+          val df5 = sql(
+            s"""
+               |INSERT INTO TABLE t PARTITION(p='a')
+               |SELECT * FROM v
+               |""".stripMargin)
+          checkShuffleAndSort(df5.queryExecution.analyzed, 1, 1)
+        }
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala
new file mode 100644
index 000000000..957089340
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuite.scala
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+class WatchDogSuite extends WatchDogSuiteBase {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
new file mode 100644
index 000000000..a202e813c
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/WatchDogSuiteBase.scala
@@ -0,0 +1,601 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import java.io.File
+
+import scala.collection.JavaConverters._
+
+import org.apache.commons.io.FileUtils
+import org.apache.spark.sql.catalyst.plans.logical.{GlobalLimit, LogicalPlan}
+
+import org.apache.kyuubi.sql.KyuubiSQLConf
+import org.apache.kyuubi.sql.watchdog.{MaxFileSizeExceedException, MaxPartitionExceedException}
+
+trait WatchDogSuiteBase extends KyuubiSparkSQLExtensionTest {
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  case class LimitAndExpected(limit: Int, expected: Int)
+
+  val limitAndExpecteds = List(LimitAndExpected(1, 1), LimitAndExpected(11, 10))
+
+  private def checkMaxPartition: Unit = {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS.key -> "100") {
+      checkAnswer(sql("SELECT count(distinct(p)) FROM test"), Row(10) :: Nil)
+    }
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_PARTITIONS.key -> "5") {
+      sql("SELECT * FROM test where p=1").queryExecution.sparkPlan
+
+      sql(s"SELECT * FROM test WHERE p in (${Range(0, 5).toList.mkString(",")})")
+        .queryExecution.sparkPlan
+
+      intercept[MaxPartitionExceedException](
+        sql("SELECT * FROM test where p != 1").queryExecution.sparkPlan)
+
+      intercept[MaxPartitionExceedException](
+        sql("SELECT * FROM test").queryExecution.sparkPlan)
+
+      intercept[MaxPartitionExceedException](sql(
+        s"SELECT * FROM test WHERE p in (${Range(0, 6).toList.mkString(",")})")
+        .queryExecution.sparkPlan)
+    }
+  }
+
+  test("watchdog with scan maxPartitions -- hive") {
+    Seq("textfile", "parquet").foreach { format =>
+      withTable("test", "temp") {
+        sql(
+          s"""
+             |CREATE TABLE test(i int)
+             |PARTITIONED BY (p int)
+             |STORED AS $format""".stripMargin)
+        spark.range(0, 10, 1).selectExpr("id as col")
+          .createOrReplaceTempView("temp")
+
+        for (part <- Range(0, 10)) {
+          sql(
+            s"""
+               |INSERT OVERWRITE TABLE test PARTITION (p='$part')
+               |select col from temp""".stripMargin)
+        }
+        checkMaxPartition
+      }
+    }
+  }
+
+  test("watchdog with scan maxPartitions -- data source") {
+    withTempDir { dir =>
+      withTempView("test") {
+        spark.range(10).selectExpr("id", "id as p")
+          .write
+          .partitionBy("p")
+          .mode("overwrite")
+          .save(dir.getCanonicalPath)
+        spark.read.load(dir.getCanonicalPath).createOrReplaceTempView("test")
+        checkMaxPartition
+      }
+    }
+  }
+
+  test("test watchdog: simple SELECT STATEMENT") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      List("", "ORDER BY c1", "ORDER BY c2").foreach { sort =>
+        List("", " DISTINCT").foreach { distinct =>
+          assert(sql(
+            s"""
+               |SELECT $distinct *
+               |FROM t1
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        List("", "ORDER BY c1", "ORDER BY c2").foreach { sort =>
+          List("", "DISTINCT").foreach { distinct =>
+            assert(sql(
+              s"""
+                 |SELECT $distinct *
+                 |FROM t1
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: SELECT ... WITH AGGREGATE STATEMENT ") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      assert(!sql("SELECT count(*) FROM t1")
+        .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+
+      val sorts = List("", "ORDER BY cnt", "ORDER BY c1", "ORDER BY cnt, c1", "ORDER BY c1, cnt")
+      val havingConditions = List("", "HAVING cnt > 1")
+
+      havingConditions.foreach { having =>
+        sorts.foreach { sort =>
+          assert(sql(
+            s"""
+               |SELECT c1, COUNT(*) as cnt
+               |FROM t1
+               |GROUP BY c1
+               |$having
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        havingConditions.foreach { having =>
+          sorts.foreach { sort =>
+            assert(sql(
+              s"""
+                 |SELECT c1, COUNT(*) as cnt
+                 |FROM t1
+                 |GROUP BY c1
+                 |$having
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: SELECT with CTE forceMaxOutputRows") {
+    // simple CTE
+    val q1 =
+      """
+        |WITH t2 AS (
+        |    SELECT * FROM t1
+        |)
+        |""".stripMargin
+
+    // nested CTE
+    val q2 =
+      """
+        |WITH
+        |    t AS (SELECT * FROM t1),
+        |    t2 AS (
+        |        WITH t3 AS (SELECT * FROM t1)
+        |        SELECT * FROM t3
+        |    )
+        |""".stripMargin
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      val sorts = List("", "ORDER BY c1", "ORDER BY c2")
+
+      sorts.foreach { sort =>
+        Seq(q1, q2).foreach { withQuery =>
+          assert(sql(
+            s"""
+               |$withQuery
+               |SELECT * FROM t2
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        sorts.foreach { sort =>
+          Seq(q1, q2).foreach { withQuery =>
+            assert(sql(
+              s"""
+                 |$withQuery
+                 |SELECT * FROM t2
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: SELECT AGGREGATE WITH CTE forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      assert(!sql(
+        """
+          |WITH custom_cte AS (
+          |SELECT * FROM t1
+          |)
+          |
+          |SELECT COUNT(*)
+          |FROM custom_cte
+          |""".stripMargin).queryExecution
+        .analyzed.isInstanceOf[GlobalLimit])
+
+      val sorts = List("", "ORDER BY cnt", "ORDER BY c1", "ORDER BY cnt, c1", "ORDER BY c1, cnt")
+      val havingConditions = List("", "HAVING cnt > 1")
+
+      havingConditions.foreach { having =>
+        sorts.foreach { sort =>
+          assert(sql(
+            s"""
+               |WITH custom_cte AS (
+               |SELECT * FROM t1
+               |)
+               |
+               |SELECT c1, COUNT(*) as cnt
+               |FROM custom_cte
+               |GROUP BY c1
+               |$having
+               |$sort
+               |""".stripMargin).queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        havingConditions.foreach { having =>
+          sorts.foreach { sort =>
+            assert(sql(
+              s"""
+                 |WITH custom_cte AS (
+                 |SELECT * FROM t1
+                 |)
+                 |
+                 |SELECT c1, COUNT(*) as cnt
+                 |FROM custom_cte
+                 |GROUP BY c1
+                 |$having
+                 |$sort
+                 |LIMIT $limit
+                 |""".stripMargin).queryExecution.optimizedPlan.maxRows.contains(expected))
+          }
+        }
+      }
+    }
+  }
+
+  test("test watchdog: UNION Statement for forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+
+      List("", "ALL").foreach { x =>
+        assert(sql(
+          s"""
+             |SELECT c1, c2 FROM t1
+             |UNION $x
+             |SELECT c1, c2 FROM t2
+             |UNION $x
+             |SELECT c1, c2 FROM t3
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+      }
+
+      val sorts = List("", "ORDER BY cnt", "ORDER BY c1", "ORDER BY cnt, c1", "ORDER BY c1, cnt")
+      val havingConditions = List("", "HAVING cnt > 1")
+
+      List("", "ALL").foreach { x =>
+        havingConditions.foreach { having =>
+          sorts.foreach { sort =>
+            assert(sql(
+              s"""
+                 |SELECT c1, count(c2) as cnt
+                 |FROM t1
+                 |GROUP BY c1
+                 |$having
+                 |UNION $x
+                 |SELECT c1, COUNT(c2) as cnt
+                 |FROM t2
+                 |GROUP BY c1
+                 |$having
+                 |UNION $x
+                 |SELECT c1, COUNT(c2) as cnt
+                 |FROM t3
+                 |GROUP BY c1
+                 |$having
+                 |$sort
+                 |""".stripMargin)
+              .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+          }
+        }
+      }
+
+      limitAndExpecteds.foreach { case LimitAndExpected(limit, expected) =>
+        assert(sql(
+          s"""
+             |SELECT c1, c2 FROM t1
+             |UNION
+             |SELECT c1, c2 FROM t2
+             |UNION
+             |SELECT c1, c2 FROM t3
+             |LIMIT $limit
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.maxRows.contains(expected))
+      }
+    }
+  }
+
+  test("test watchdog: Select View Statement for forceMaxOutputRows") {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "3") {
+      withTable("tmp_table", "tmp_union") {
+        withView("tmp_view", "tmp_view2") {
+          sql(s"create table tmp_table (a int, b int)")
+          sql(s"insert into tmp_table values (1,10),(2,20),(3,30),(4,40),(5,50)")
+          sql(s"create table tmp_union (a int, b int)")
+          sql(s"insert into tmp_union values (6,60),(7,70),(8,80),(9,90),(10,100)")
+          sql(s"create view tmp_view2 as select * from tmp_union")
+          assert(!sql(
+            s"""
+               |CREATE VIEW tmp_view
+               |as
+               |SELECT * FROM
+               |tmp_table
+               |""".stripMargin)
+            .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+
+          assert(sql(
+            s"""
+               |SELECT * FROM
+               |tmp_view
+               |""".stripMargin)
+            .queryExecution.optimizedPlan.maxRows.contains(3))
+
+          assert(sql(
+            s"""
+               |SELECT * FROM
+               |tmp_view
+               |limit 11
+               |""".stripMargin)
+            .queryExecution.optimizedPlan.maxRows.contains(3))
+
+          assert(sql(
+            s"""
+               |SELECT * FROM
+               |(select * from tmp_view
+               |UNION
+               |select * from tmp_view2)
+               |ORDER BY a
+               |DESC
+               |""".stripMargin)
+            .collect().head.get(0) === 10)
+        }
+      }
+    }
+  }
+
+  test("test watchdog: Insert Statement for forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+      withTable("tmp_table", "tmp_insert") {
+        spark.sql(s"create table tmp_table (a int, b int)")
+        spark.sql(s"insert into tmp_table values (1,10),(2,20),(3,30),(4,40),(5,50)")
+        val multiInsertTableName1: String = "tmp_tbl1"
+        val multiInsertTableName2: String = "tmp_tbl2"
+        sql(s"drop table if exists $multiInsertTableName1")
+        sql(s"drop table if exists $multiInsertTableName2")
+        sql(s"create table $multiInsertTableName1 like tmp_table")
+        sql(s"create table $multiInsertTableName2 like tmp_table")
+        assert(!sql(
+          s"""
+             |FROM tmp_table
+             |insert into $multiInsertTableName1 select * limit 2
+             |insert into $multiInsertTableName2 select *
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+      }
+    }
+  }
+
+  test("test watchdog: Distribute by for forceMaxOutputRows") {
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "10") {
+      withTable("tmp_table") {
+        spark.sql(s"create table tmp_table (a int, b int)")
+        spark.sql(s"insert into tmp_table values (1,10),(2,20),(3,30),(4,40),(5,50)")
+        assert(sql(
+          s"""
+             |SELECT *
+             |FROM tmp_table
+             |DISTRIBUTE BY a
+             |""".stripMargin)
+          .queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+      }
+    }
+  }
+
+  test("test watchdog: Subquery for forceMaxOutputRows") {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "1") {
+      withTable("tmp_table1") {
+        sql("CREATE TABLE spark_catalog.`default`.tmp_table1(KEY INT, VALUE STRING) USING PARQUET")
+        sql("INSERT INTO TABLE spark_catalog.`default`.tmp_table1 " +
+          "VALUES (1, 'aa'),(2,'bb'),(3, 'cc'),(4,'aa'),(5,'cc'),(6, 'aa')")
+        assert(
+          sql("select * from tmp_table1").queryExecution.optimizedPlan.isInstanceOf[GlobalLimit])
+        val testSqlText =
+          """
+            |select count(*)
+            |from tmp_table1
+            |where tmp_table1.key in (
+            |select distinct tmp_table1.key
+            |from tmp_table1
+            |where tmp_table1.value = "aa"
+            |)
+            |""".stripMargin
+        val plan = sql(testSqlText).queryExecution.optimizedPlan
+        assert(!findGlobalLimit(plan))
+        checkAnswer(sql(testSqlText), Row(3) :: Nil)
+      }
+
+      def findGlobalLimit(plan: LogicalPlan): Boolean = plan match {
+        case _: GlobalLimit => true
+        case p if p.children.isEmpty => false
+        case p => p.children.exists(findGlobalLimit)
+      }
+
+    }
+  }
+
+  test("test watchdog: Join for forceMaxOutputRows") {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_FORCED_MAXOUTPUTROWS.key -> "1") {
+      withTable("tmp_table1", "tmp_table2") {
+        sql("CREATE TABLE spark_catalog.`default`.tmp_table1(KEY INT, VALUE STRING) USING PARQUET")
+        sql("INSERT INTO TABLE spark_catalog.`default`.tmp_table1 " +
+          "VALUES (1, 'aa'),(2,'bb'),(3, 'cc'),(4,'aa'),(5,'cc'),(6, 'aa')")
+        sql("CREATE TABLE spark_catalog.`default`.tmp_table2(KEY INT, VALUE STRING) USING PARQUET")
+        sql("INSERT INTO TABLE spark_catalog.`default`.tmp_table2 " +
+          "VALUES (1, 'aa'),(2,'bb'),(3, 'cc'),(4,'aa'),(5,'cc'),(6, 'aa')")
+        val testSqlText =
+          """
+            |select a.*,b.*
+            |from tmp_table1 a
+            |join
+            |tmp_table2 b
+            |on a.KEY = b.KEY
+            |""".stripMargin
+        val plan = sql(testSqlText).queryExecution.optimizedPlan
+        assert(findGlobalLimit(plan))
+      }
+
+      def findGlobalLimit(plan: LogicalPlan): Boolean = plan match {
+        case _: GlobalLimit => true
+        case p if p.children.isEmpty => false
+        case p => p.children.exists(findGlobalLimit)
+      }
+    }
+  }
+
+  private def checkMaxFileSize(tableSize: Long, nonPartTableSize: Long): Unit = {
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> tableSize.toString) {
+      checkAnswer(sql("SELECT count(distinct(p)) FROM test"), Row(10) :: Nil)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> (tableSize / 2).toString) {
+      sql("SELECT * FROM test where p=1").queryExecution.sparkPlan
+
+      sql(s"SELECT * FROM test WHERE p in (${Range(0, 3).toList.mkString(",")})")
+        .queryExecution.sparkPlan
+
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test where p != 1").queryExecution.sparkPlan)
+
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test").queryExecution.sparkPlan)
+
+      intercept[MaxFileSizeExceedException](sql(
+        s"SELECT * FROM test WHERE p in (${Range(0, 6).toList.mkString(",")})")
+        .queryExecution.sparkPlan)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> nonPartTableSize.toString) {
+      checkAnswer(sql("SELECT count(*) FROM test_non_part"), Row(10000) :: Nil)
+    }
+
+    withSQLConf(KyuubiSQLConf.WATCHDOG_MAX_FILE_SIZE.key -> (nonPartTableSize - 1).toString) {
+      intercept[MaxFileSizeExceedException](
+        sql("SELECT * FROM test_non_part").queryExecution.sparkPlan)
+    }
+  }
+
+  test("watchdog with scan maxFileSize -- hive") {
+    Seq(false).foreach { convertMetastoreParquet =>
+      withTable("test", "test_non_part", "temp") {
+        spark.range(10000).selectExpr("id as col")
+          .createOrReplaceTempView("temp")
+
+        // partitioned table
+        sql(
+          s"""
+             |CREATE TABLE test(i int)
+             |PARTITIONED BY (p int)
+             |STORED AS parquet""".stripMargin)
+        for (part <- Range(0, 10)) {
+          sql(
+            s"""
+               |INSERT OVERWRITE TABLE test PARTITION (p='$part')
+               |select col from temp""".stripMargin)
+        }
+
+        val tablePath = new File(spark.sessionState.catalog.externalCatalog
+          .getTable("default", "test").location)
+        val tableSize = FileUtils.listFiles(tablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // non-partitioned table
+        sql(
+          s"""
+             |CREATE TABLE test_non_part(i int)
+             |STORED AS parquet""".stripMargin)
+        sql(
+          s"""
+             |INSERT OVERWRITE TABLE test_non_part
+             |select col from temp""".stripMargin)
+        sql("ANALYZE TABLE test_non_part COMPUTE STATISTICS")
+
+        val nonPartTablePath = new File(spark.sessionState.catalog.externalCatalog
+          .getTable("default", "test_non_part").location)
+        val nonPartTableSize = FileUtils.listFiles(nonPartTablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(nonPartTableSize > 0)
+
+        // check
+        withSQLConf("spark.sql.hive.convertMetastoreParquet" -> convertMetastoreParquet.toString) {
+          checkMaxFileSize(tableSize, nonPartTableSize)
+        }
+      }
+    }
+  }
+
+  test("watchdog with scan maxFileSize -- data source") {
+    withTempDir { dir =>
+      withTempView("test", "test_non_part") {
+        // partitioned table
+        val tablePath = new File(dir, "test")
+        spark.range(10).selectExpr("id", "id as p")
+          .write
+          .partitionBy("p")
+          .mode("overwrite")
+          .parquet(tablePath.getCanonicalPath)
+        spark.read.load(tablePath.getCanonicalPath).createOrReplaceTempView("test")
+
+        val tableSize = FileUtils.listFiles(tablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // non-partitioned table
+        val nonPartTablePath = new File(dir, "test_non_part")
+        spark.range(10000).selectExpr("id", "id as p")
+          .write
+          .mode("overwrite")
+          .parquet(nonPartTablePath.getCanonicalPath)
+        spark.read.load(nonPartTablePath.getCanonicalPath).createOrReplaceTempView("test_non_part")
+
+        val nonPartTableSize = FileUtils.listFiles(nonPartTablePath, Array("parquet"), true).asScala
+          .map(_.length()).sum
+        assert(tableSize > 0)
+
+        // check
+        checkMaxFileSize(tableSize, nonPartTableSize)
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala
new file mode 100644
index 000000000..9b1614fce
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderCoreBenchmark.scala
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.apache.spark.benchmark.Benchmark
+import org.apache.spark.sql.benchmark.KyuubiBenchmarkBase
+import org.apache.spark.sql.internal.StaticSQLConf
+
+import org.apache.kyuubi.sql.zorder.ZorderBytesUtils
+
+/**
+ * Benchmark to measure performance with zorder core.
+ *
+ * {{{
+ *   RUN_BENCHMARK=1 ./build/mvn clean test \
+ *   -pl extensions/spark/kyuubi-extension-spark-3-1 -am \
+ *   -Pspark-3.1,kyuubi-extension-spark-3-1 \
+ *   -Dtest=none -DwildcardSuites=org.apache.spark.sql.ZorderCoreBenchmark
+ * }}}
+ */
+class ZorderCoreBenchmark extends KyuubiSparkSQLExtensionTest with KyuubiBenchmarkBase {
+  private val runBenchmark = sys.env.contains("RUN_BENCHMARK")
+  private val numRows = 1 * 1000 * 1000
+
+  private def randomInt(numColumns: Int): Seq[Array[Any]] = {
+    (1 to numRows).map { l =>
+      val arr = new Array[Any](numColumns)
+      (0 until numColumns).foreach(col => arr(col) = l)
+      arr
+    }
+  }
+
+  private def randomLong(numColumns: Int): Seq[Array[Any]] = {
+    (1 to numRows).map { l =>
+      val arr = new Array[Any](numColumns)
+      (0 until numColumns).foreach(col => arr(col) = l.toLong)
+      arr
+    }
+  }
+
+  private def interleaveMultiByteArrayBenchmark(): Unit = {
+    val benchmark =
+      new Benchmark(s"$numRows rows zorder core benchmark", numRows, output = output)
+    benchmark.addCase("2 int columns benchmark", 3) { _ =>
+      randomInt(2).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("3 int columns benchmark", 3) { _ =>
+      randomInt(3).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("4 int columns benchmark", 3) { _ =>
+      randomInt(4).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("2 long columns benchmark", 3) { _ =>
+      randomLong(2).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("3 long columns benchmark", 3) { _ =>
+      randomLong(3).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.addCase("4 long columns benchmark", 3) { _ =>
+      randomLong(4).foreach(ZorderBytesUtils.interleaveBits)
+    }
+
+    benchmark.run()
+  }
+
+  private def paddingTo8ByteBenchmark() {
+    val iterations = 10 * 1000 * 1000
+
+    val b2 = Array('a'.toByte, 'b'.toByte)
+    val benchmark =
+      new Benchmark(s"$iterations iterations paddingTo8Byte benchmark", iterations, output = output)
+    benchmark.addCase("2 length benchmark", 3) { _ =>
+      (1 to iterations).foreach(_ => ZorderBytesUtils.paddingTo8Byte(b2))
+    }
+
+    val b16 = Array.tabulate(16) { i => i.toByte }
+    benchmark.addCase("16 length benchmark", 3) { _ =>
+      (1 to iterations).foreach(_ => ZorderBytesUtils.paddingTo8Byte(b16))
+    }
+
+    benchmark.run()
+  }
+
+  test("zorder core benchmark") {
+    assume(runBenchmark)
+
+    withHeader {
+      interleaveMultiByteArrayBenchmark()
+      paddingTo8ByteBenchmark()
+    }
+  }
+
+  override def sparkConf(): SparkConf = {
+    super.sparkConf().remove(StaticSQLConf.SPARK_SESSION_EXTENSIONS.key)
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
new file mode 100644
index 000000000..c2fa16197
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuite.scala
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.sql.catalyst.parser.ParserInterface
+import org.apache.spark.sql.catalyst.plans.logical.{RebalancePartitions, Sort}
+import org.apache.spark.sql.internal.SQLConf
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, SparkKyuubiSparkSQLParser}
+import org.apache.kyuubi.sql.zorder.Zorder
+
+trait ZorderSuiteSpark extends ZorderSuiteBase {
+
+  test("Add rebalance before zorder") {
+    Seq("true" -> false, "false" -> true).foreach { case (useOriginalOrdering, zorder) =>
+      withSQLConf(
+        KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key -> "false",
+        KyuubiSQLConf.REBALANCE_BEFORE_ZORDER.key -> "true",
+        KyuubiSQLConf.REBALANCE_ZORDER_COLUMNS_ENABLED.key -> "true",
+        KyuubiSQLConf.ZORDER_USING_ORIGINAL_ORDERING_ENABLED.key -> useOriginalOrdering) {
+        withTable("t") {
+          sql(
+            """
+              |CREATE TABLE t (c1 int, c2 string) PARTITIONED BY (d string)
+              | TBLPROPERTIES (
+              |'kyuubi.zorder.enabled'= 'true',
+              |'kyuubi.zorder.cols'= 'c1,C2')
+              |""".stripMargin)
+          val p = sql("INSERT INTO TABLE t PARTITION(d='a') SELECT * FROM VALUES(1,'a')")
+            .queryExecution.analyzed
+          assert(p.collect {
+            case sort: Sort
+                if !sort.global &&
+                  ((sort.order.exists(_.child.isInstanceOf[Zorder]) && zorder) ||
+                    (!sort.order.exists(_.child.isInstanceOf[Zorder]) && !zorder)) => sort
+          }.size == 1)
+          assert(p.collect {
+            case rebalance: RebalancePartitions
+                if rebalance.references.map(_.name).exists(_.equals("c1")) => rebalance
+          }.size == 1)
+
+          val p2 = sql("INSERT INTO TABLE t PARTITION(d) SELECT * FROM VALUES(1,'a','b')")
+            .queryExecution.analyzed
+          assert(p2.collect {
+            case sort: Sort
+                if (!sort.global && Seq("c1", "c2", "d").forall(x =>
+                  sort.references.map(_.name).exists(_.equals(x)))) &&
+                  ((sort.order.exists(_.child.isInstanceOf[Zorder]) && zorder) ||
+                    (!sort.order.exists(_.child.isInstanceOf[Zorder]) && !zorder)) => sort
+          }.size == 1)
+          assert(p2.collect {
+            case rebalance: RebalancePartitions
+                if Seq("c1", "c2", "d").forall(x =>
+                  rebalance.references.map(_.name).exists(_.equals(x))) => rebalance
+          }.size == 1)
+        }
+      }
+    }
+  }
+
+  test("Two phase rebalance before Z-Order") {
+    withSQLConf(
+      SQLConf.OPTIMIZER_EXCLUDED_RULES.key ->
+        "org.apache.spark.sql.catalyst.optimizer.CollapseRepartition",
+      KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key -> "false",
+      KyuubiSQLConf.REBALANCE_BEFORE_ZORDER.key -> "true",
+      KyuubiSQLConf.TWO_PHASE_REBALANCE_BEFORE_ZORDER.key -> "true",
+      KyuubiSQLConf.REBALANCE_ZORDER_COLUMNS_ENABLED.key -> "true") {
+      withTable("t") {
+        sql(
+          """
+            |CREATE TABLE t (c1 int) PARTITIONED BY (d string)
+            | TBLPROPERTIES (
+            |'kyuubi.zorder.enabled'= 'true',
+            |'kyuubi.zorder.cols'= 'c1')
+            |""".stripMargin)
+        val p = sql("INSERT INTO TABLE t PARTITION(d) SELECT * FROM VALUES(1,'a')")
+        val rebalance = p.queryExecution.optimizedPlan.innerChildren
+          .flatMap(_.collect { case r: RebalancePartitions => r })
+        assert(rebalance.size == 2)
+        assert(rebalance.head.partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("d"))
+        assert(rebalance.head.partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("c1"))
+
+        assert(rebalance(1).partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("d"))
+        assert(!rebalance(1).partitionExpressions.flatMap(_.references.map(_.name))
+          .contains("c1"))
+      }
+    }
+  }
+}
+
+trait ParserSuite { self: ZorderSuiteBase =>
+  override def createParser: ParserInterface = {
+    new SparkKyuubiSparkSQLParser(spark.sessionState.sqlParser)
+  }
+}
+
+class ZorderWithCodegenEnabledSuite
+  extends ZorderWithCodegenEnabledSuiteBase
+  with ZorderSuiteSpark
+  with ParserSuite {}
+class ZorderWithCodegenDisabledSuite
+  extends ZorderWithCodegenDisabledSuiteBase
+  with ZorderSuiteSpark
+  with ParserSuite {}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
new file mode 100644
index 000000000..2d3eec957
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/ZorderSuiteBase.scala
@@ -0,0 +1,768 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql
+
+import org.apache.spark.SparkConf
+import org.apache.spark.sql.catalyst.{InternalRow, TableIdentifier}
+import org.apache.spark.sql.catalyst.analysis.{UnresolvedAttribute, UnresolvedFunction, UnresolvedRelation, UnresolvedStar}
+import org.apache.spark.sql.catalyst.expressions.{Alias, Ascending, AttributeReference, EqualTo, Expression, ExpressionEvalHelper, Literal, NullsLast, SortOrder}
+import org.apache.spark.sql.catalyst.parser.{ParseException, ParserInterface}
+import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan, OneRowRelation, Project, Sort}
+import org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand
+import org.apache.spark.sql.functions._
+import org.apache.spark.sql.hive.execution.InsertIntoHiveTable
+import org.apache.spark.sql.internal.{SQLConf, StaticSQLConf}
+import org.apache.spark.sql.types._
+
+import org.apache.kyuubi.sql.{KyuubiSQLConf, KyuubiSQLExtensionException}
+import org.apache.kyuubi.sql.zorder.{OptimizeZorderCommandBase, OptimizeZorderStatement, Zorder, ZorderBytesUtils}
+
+trait ZorderSuiteBase extends KyuubiSparkSQLExtensionTest with ExpressionEvalHelper {
+  override def sparkConf(): SparkConf = {
+    super.sparkConf()
+      .set(
+        StaticSQLConf.SPARK_SESSION_EXTENSIONS.key,
+        "org.apache.kyuubi.sql.KyuubiSparkSQLCommonExtension")
+  }
+
+  test("optimize unpartitioned table") {
+    withSQLConf(SQLConf.SHUFFLE_PARTITIONS.key -> "1") {
+      withTable("up") {
+        sql(s"DROP TABLE IF EXISTS up")
+
+        val target = Seq(
+          Seq(0, 0),
+          Seq(1, 0),
+          Seq(0, 1),
+          Seq(1, 1),
+          Seq(2, 0),
+          Seq(3, 0),
+          Seq(2, 1),
+          Seq(3, 1),
+          Seq(0, 2),
+          Seq(1, 2),
+          Seq(0, 3),
+          Seq(1, 3),
+          Seq(2, 2),
+          Seq(3, 2),
+          Seq(2, 3),
+          Seq(3, 3))
+        sql(s"CREATE TABLE up (c1 INT, c2 INT, c3 INT)")
+        sql(s"INSERT INTO TABLE up VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+
+        val e = intercept[KyuubiSQLExtensionException] {
+          sql("OPTIMIZE up WHERE c1 > 1 ZORDER BY c1, c2")
+        }
+        assert(e.getMessage == "Filters are only supported for partitioned table")
+
+        sql("OPTIMIZE up ZORDER BY c1, c2")
+        val res = sql("SELECT c1, c2 FROM up").collect()
+
+        assert(res.length == 16)
+
+        for (i <- target.indices) {
+          val t = target(i)
+          val r = res(i)
+          assert(t(0) == r.getInt(0))
+          assert(t(1) == r.getInt(1))
+        }
+      }
+    }
+  }
+
+  test("optimize partitioned table") {
+    withSQLConf(SQLConf.SHUFFLE_PARTITIONS.key -> "1") {
+      withTable("p") {
+        sql("DROP TABLE IF EXISTS p")
+
+        val target = Seq(
+          Seq(0, 0),
+          Seq(1, 0),
+          Seq(0, 1),
+          Seq(1, 1),
+          Seq(2, 0),
+          Seq(3, 0),
+          Seq(2, 1),
+          Seq(3, 1),
+          Seq(0, 2),
+          Seq(1, 2),
+          Seq(0, 3),
+          Seq(1, 3),
+          Seq(2, 2),
+          Seq(3, 2),
+          Seq(2, 3),
+          Seq(3, 3))
+
+        sql(s"CREATE TABLE p (c1 INT, c2 INT, c3 INT) PARTITIONED BY (id INT)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 1)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 2)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 1) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 2) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+
+        sql(s"OPTIMIZE p ZORDER BY c1, c2")
+
+        val res1 = sql(s"SELECT c1, c2 FROM p WHERE id = 1").collect()
+        val res2 = sql(s"SELECT c1, c2 FROM p WHERE id = 2").collect()
+
+        assert(res1.length == 16)
+        assert(res2.length == 16)
+
+        for (i <- target.indices) {
+          val t = target(i)
+          val r1 = res1(i)
+          assert(t(0) == r1.getInt(0))
+          assert(t(1) == r1.getInt(1))
+
+          val r2 = res2(i)
+          assert(t(0) == r2.getInt(0))
+          assert(t(1) == r2.getInt(1))
+        }
+      }
+    }
+  }
+
+  test("optimize partitioned table with filters") {
+    withSQLConf(SQLConf.SHUFFLE_PARTITIONS.key -> "1") {
+      withTable("p") {
+        sql("DROP TABLE IF EXISTS p")
+
+        val target1 = Seq(
+          Seq(0, 0),
+          Seq(1, 0),
+          Seq(0, 1),
+          Seq(1, 1),
+          Seq(2, 0),
+          Seq(3, 0),
+          Seq(2, 1),
+          Seq(3, 1),
+          Seq(0, 2),
+          Seq(1, 2),
+          Seq(0, 3),
+          Seq(1, 3),
+          Seq(2, 2),
+          Seq(3, 2),
+          Seq(2, 3),
+          Seq(3, 3))
+        val target2 = Seq(
+          Seq(0, 0),
+          Seq(0, 1),
+          Seq(0, 2),
+          Seq(0, 3),
+          Seq(1, 0),
+          Seq(1, 1),
+          Seq(1, 2),
+          Seq(1, 3),
+          Seq(2, 0),
+          Seq(2, 1),
+          Seq(2, 2),
+          Seq(2, 3),
+          Seq(3, 0),
+          Seq(3, 1),
+          Seq(3, 2),
+          Seq(3, 3))
+        sql(s"CREATE TABLE p (c1 INT, c2 INT, c3 INT) PARTITIONED BY (id INT)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 1)")
+        sql(s"ALTER TABLE p ADD PARTITION (id = 2)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 1) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+        sql(s"INSERT INTO TABLE p PARTITION (id = 2) VALUES" +
+          "(0,0,2),(0,1,2),(0,2,1),(0,3,3)," +
+          "(1,0,4),(1,1,2),(1,2,1),(1,3,3)," +
+          "(2,0,2),(2,1,1),(2,2,5),(2,3,5)," +
+          "(3,0,3),(3,1,4),(3,2,9),(3,3,0)")
+
+        val e = intercept[KyuubiSQLExtensionException](
+          sql(s"OPTIMIZE p WHERE id = 1 AND c1 > 1 ZORDER BY c1, c2"))
+        assert(e.getMessage == "Only partition column filters are allowed")
+
+        sql(s"OPTIMIZE p WHERE id = 1 ZORDER BY c1, c2")
+
+        val res1 = sql(s"SELECT c1, c2 FROM p WHERE id = 1").collect()
+        val res2 = sql(s"SELECT c1, c2 FROM p WHERE id = 2").collect()
+
+        assert(res1.length == 16)
+        assert(res2.length == 16)
+
+        for (i <- target1.indices) {
+          val t1 = target1(i)
+          val r1 = res1(i)
+          assert(t1(0) == r1.getInt(0))
+          assert(t1(1) == r1.getInt(1))
+
+          val t2 = target2(i)
+          val r2 = res2(i)
+          assert(t2(0) == r2.getInt(0))
+          assert(t2(1) == r2.getInt(1))
+        }
+      }
+    }
+  }
+
+  test("optimize zorder with datasource table") {
+    // TODO remove this if we support datasource table
+    withTable("t") {
+      sql("CREATE TABLE t (c1 int, c2 int) USING PARQUET")
+      val msg = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE t ZORDER BY c1, c2")
+      }.getMessage
+      assert(msg.contains("only support hive table"))
+    }
+  }
+
+  private def checkZorderTable(
+      enabled: Boolean,
+      cols: String,
+      planHasRepartition: Boolean,
+      resHasSort: Boolean): Unit = {
+    def checkSort(plan: LogicalPlan): Unit = {
+      assert(plan.isInstanceOf[Sort] === resHasSort)
+      plan match {
+        case sort: Sort =>
+          val colArr = cols.split(",")
+          val refs =
+            if (colArr.length == 1) {
+              sort.order.head
+                .child.asInstanceOf[AttributeReference] :: Nil
+            } else {
+              sort.order.head
+                .child.asInstanceOf[Zorder].children.map(_.references.head)
+            }
+          assert(refs.size === colArr.size)
+          refs.zip(colArr).foreach { case (ref, col) =>
+            assert(ref.name === col.trim)
+          }
+        case _ =>
+      }
+    }
+
+    val repartition =
+      if (planHasRepartition) {
+        "/*+ repartition */"
+      } else {
+        ""
+      }
+    withSQLConf("spark.sql.shuffle.partitions" -> "1") {
+      // hive
+      withSQLConf("spark.sql.hive.convertMetastoreParquet" -> "false") {
+        withTable("zorder_t1", "zorder_t2_true", "zorder_t2_false") {
+          sql(
+            s"""
+               |CREATE TABLE zorder_t1 (c1 int, c2 string, c3 long, c4 double) STORED AS PARQUET
+               |TBLPROPERTIES (
+               | 'kyuubi.zorder.enabled' = '$enabled',
+               | 'kyuubi.zorder.cols' = '$cols')
+               |""".stripMargin)
+          val df1 = sql(s"""
+                           |INSERT INTO TABLE zorder_t1
+                           |SELECT $repartition * FROM VALUES(1,'a',2,4D),(2,'b',3,6D)
+                           |""".stripMargin)
+          assert(df1.queryExecution.analyzed.isInstanceOf[InsertIntoHiveTable])
+          checkSort(df1.queryExecution.analyzed.children.head)
+
+          Seq("true", "false").foreach { optimized =>
+            withSQLConf(
+              "spark.sql.hive.convertMetastoreCtas" -> optimized,
+              "spark.sql.hive.convertMetastoreParquet" -> optimized) {
+
+              withListener(
+                s"""
+                   |CREATE TABLE zorder_t2_$optimized STORED AS PARQUET
+                   |TBLPROPERTIES (
+                   | 'kyuubi.zorder.enabled' = '$enabled',
+                   | 'kyuubi.zorder.cols' = '$cols')
+                   |
+                   |SELECT $repartition * FROM
+                   |VALUES(1,'a',2,4D),(2,'b',3,6D) AS t(c1 ,c2 , c3, c4)
+                   |""".stripMargin) { write =>
+                if (optimized.toBoolean) {
+                  assert(write.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+                } else {
+                  assert(write.isInstanceOf[InsertIntoHiveTable])
+                }
+                checkSort(write.query)
+              }
+            }
+          }
+        }
+      }
+
+      // datasource
+      withTable("zorder_t3", "zorder_t4") {
+        sql(
+          s"""
+             |CREATE TABLE zorder_t3 (c1 int, c2 string, c3 long, c4 double) USING PARQUET
+             |TBLPROPERTIES (
+             | 'kyuubi.zorder.enabled' = '$enabled',
+             | 'kyuubi.zorder.cols' = '$cols')
+             |""".stripMargin)
+        val df1 = sql(s"""
+                         |INSERT INTO TABLE zorder_t3
+                         |SELECT $repartition * FROM VALUES(1,'a',2,4D),(2,'b',3,6D)
+                         |""".stripMargin)
+        assert(df1.queryExecution.analyzed.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+        checkSort(df1.queryExecution.analyzed.children.head)
+
+        withListener(
+          s"""
+             |CREATE TABLE zorder_t4 USING PARQUET
+             |TBLPROPERTIES (
+             | 'kyuubi.zorder.enabled' = '$enabled',
+             | 'kyuubi.zorder.cols' = '$cols')
+             |
+             |SELECT $repartition * FROM
+             |VALUES(1,'a',2,4D),(2,'b',3,6D) AS t(c1 ,c2 , c3, c4)
+             |""".stripMargin) { write =>
+          assert(write.isInstanceOf[InsertIntoHadoopFsRelationCommand])
+          checkSort(write.query)
+        }
+      }
+    }
+  }
+
+  test("Support insert zorder by table properties") {
+    withSQLConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING.key -> "false") {
+      checkZorderTable(true, "c1", false, false)
+      checkZorderTable(false, "c1", false, false)
+    }
+    withSQLConf(KyuubiSQLConf.INSERT_ZORDER_BEFORE_WRITING.key -> "true") {
+      checkZorderTable(true, "", false, false)
+      checkZorderTable(true, "c5", false, false)
+      checkZorderTable(true, "c1,c5", false, false)
+      checkZorderTable(false, "c3", false, false)
+      checkZorderTable(true, "c3", true, false)
+      checkZorderTable(true, "c3", false, true)
+      checkZorderTable(true, "c2,c4", false, true)
+      checkZorderTable(true, "c4, c2, c1, c3", false, true)
+    }
+  }
+
+  test("zorder: check unsupported data type") {
+    def checkZorderPlan(zorder: Expression): Unit = {
+      val msg = intercept[AnalysisException] {
+        val plan = Project(Seq(Alias(zorder, "c")()), OneRowRelation())
+        spark.sessionState.analyzer.checkAnalysis(plan)
+      }.getMessage
+      // before Spark 3.2.0 the null type catalog string is null, after Spark 3.2.0 it's void
+      // see https://github.com/apache/spark/pull/33437
+      assert(msg.contains("Unsupported z-order type:") &&
+        (msg.contains("null") || msg.contains("void")))
+    }
+
+    checkZorderPlan(Zorder(Seq(Literal(null, NullType))))
+    checkZorderPlan(Zorder(Seq(Literal(1, IntegerType), Literal(null, NullType))))
+  }
+
+  test("zorder: check supported data type") {
+    val children = Seq(
+      Literal.create(false, BooleanType),
+      Literal.create(null, BooleanType),
+      Literal.create(1.toByte, ByteType),
+      Literal.create(null, ByteType),
+      Literal.create(1.toShort, ShortType),
+      Literal.create(null, ShortType),
+      Literal.create(1, IntegerType),
+      Literal.create(null, IntegerType),
+      Literal.create(1L, LongType),
+      Literal.create(null, LongType),
+      Literal.create(1f, FloatType),
+      Literal.create(null, FloatType),
+      Literal.create(1d, DoubleType),
+      Literal.create(null, DoubleType),
+      Literal.create("1", StringType),
+      Literal.create(null, StringType),
+      Literal.create(1L, TimestampType),
+      Literal.create(null, TimestampType),
+      Literal.create(1, DateType),
+      Literal.create(null, DateType),
+      Literal.create(BigDecimal(1, 1), DecimalType(1, 1)),
+      Literal.create(null, DecimalType(1, 1)))
+    val zorder = Zorder(children)
+    val plan = Project(Seq(Alias(zorder, "c")()), OneRowRelation())
+    spark.sessionState.analyzer.checkAnalysis(plan)
+    assert(zorder.foldable)
+
+//    // scalastyle:off
+//    val resultGen = org.apache.commons.codec.binary.Hex.encodeHex(
+//      zorder.eval(InternalRow.fromSeq(children)).asInstanceOf[Array[Byte]], false)
+//    resultGen.grouped(2).zipWithIndex.foreach { case (char, i) =>
+//      print("0x" + char(0) + char(1) + ", ")
+//      if ((i + 1) % 10 == 0) {
+//        println()
+//      }
+//    }
+//    // scalastyle:on
+
+    val expected = Array(
+      0xFB, 0xEA, 0xAA, 0xBA, 0xAE, 0xAB, 0xAA, 0xEA, 0xBA, 0xAE, 0xAB, 0xAA, 0xEA, 0xBA, 0xA6,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xBA, 0xBB, 0xAA, 0xAA, 0xAA,
+      0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0xBA, 0xAA, 0x9A, 0xAA, 0xAA,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xEA,
+      0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+      0xAA, 0xAA, 0xBE, 0xAA, 0xAA, 0x8A, 0xBA, 0xAA, 0x2A, 0xEA, 0xA8, 0xAA, 0xAA, 0xA2, 0xAA,
+      0xAA, 0x8A, 0xAA, 0xAA, 0x2F, 0xEB, 0xFE)
+      .map(_.toByte)
+    checkEvaluation(zorder, expected, InternalRow.fromSeq(children))
+  }
+
+  private def checkSort(input: DataFrame, expected: Seq[Row], dataType: Array[DataType]): Unit = {
+    withTempDir { dir =>
+      input.repartition(3).write.mode("overwrite").format("parquet").save(dir.getCanonicalPath)
+      val df = spark.read.format("parquet")
+        .load(dir.getCanonicalPath)
+        .repartition(1)
+      assert(df.schema.fields.map(_.dataType).sameElements(dataType))
+      val exprs = Seq("c1", "c2").map(col).map(_.expr)
+      val sortOrder = SortOrder(Zorder(exprs), Ascending, NullsLast, Seq.empty)
+      val zorderSort = Sort(Seq(sortOrder), true, df.logicalPlan)
+      val result = Dataset.ofRows(spark, zorderSort)
+      checkAnswer(result, expected)
+    }
+  }
+
+  test("sort with zorder -- boolean column") {
+    val schema = StructType(StructField("c1", BooleanType) :: StructField("c2", BooleanType) :: Nil)
+    val nonNullDF = spark.createDataFrame(
+      spark.sparkContext.parallelize(
+        Seq(Row(false, false), Row(false, true), Row(true, false), Row(true, true))),
+      schema)
+    val expected =
+      Row(false, false) :: Row(true, false) :: Row(false, true) :: Row(true, true) :: Nil
+    checkSort(nonNullDF, expected, Array(BooleanType, BooleanType))
+    val df = spark.createDataFrame(
+      spark.sparkContext.parallelize(
+        Seq(Row(false, false), Row(false, null), Row(null, false), Row(null, null))),
+      schema)
+    val expected2 =
+      Row(false, false) :: Row(null, false) :: Row(false, null) :: Row(null, null) :: Nil
+    checkSort(df, expected2, Array(BooleanType, BooleanType))
+  }
+
+  test("sort with zorder -- int column") {
+    // TODO: add more datatype unit test
+    val session = spark
+    import session.implicits._
+    // generate 4 * 4 matrix
+    val len = 3
+    val input = spark.range(len + 1).selectExpr("cast(id as int) as c1")
+      .select($"c1", explode(sequence(lit(0), lit(len))) as "c2")
+    val expected =
+      Row(0, 0) :: Row(1, 0) :: Row(0, 1) :: Row(1, 1) ::
+        Row(2, 0) :: Row(3, 0) :: Row(2, 1) :: Row(3, 1) ::
+        Row(0, 2) :: Row(1, 2) :: Row(0, 3) :: Row(1, 3) ::
+        Row(2, 2) :: Row(3, 2) :: Row(2, 3) :: Row(3, 3) :: Nil
+    checkSort(input, expected, Array(IntegerType, IntegerType))
+
+    // contains null value case.
+    val nullDF = spark.range(1).selectExpr("cast(null as int) as c1")
+    val input2 = spark.range(len).selectExpr("cast(id as int) as c1")
+      .union(nullDF)
+      .select(
+        $"c1",
+        explode(concat(sequence(lit(0), lit(len - 1)), array(lit(null)))) as "c2")
+    val expected2 = Row(0, 0) :: Row(1, 0) :: Row(0, 1) :: Row(1, 1) ::
+      Row(2, 0) :: Row(2, 1) :: Row(0, 2) :: Row(1, 2) ::
+      Row(2, 2) :: Row(null, 0) :: Row(null, 1) :: Row(null, 2) ::
+      Row(0, null) :: Row(1, null) :: Row(2, null) :: Row(null, null) :: Nil
+    checkSort(input2, expected2, Array(IntegerType, IntegerType))
+  }
+
+  test("sort with zorder -- string column") {
+    val schema = StructType(StructField("c1", StringType) :: StructField("c2", StringType) :: Nil)
+    val rdd = spark.sparkContext.parallelize(Seq(
+      Row("a", "a"),
+      Row("a", "b"),
+      Row("a", "c"),
+      Row("a", "d"),
+      Row("b", "a"),
+      Row("b", "b"),
+      Row("b", "c"),
+      Row("b", "d"),
+      Row("c", "a"),
+      Row("c", "b"),
+      Row("c", "c"),
+      Row("c", "d"),
+      Row("d", "a"),
+      Row("d", "b"),
+      Row("d", "c"),
+      Row("d", "d")))
+    val input = spark.createDataFrame(rdd, schema)
+    val expected = Row("a", "a") :: Row("b", "a") :: Row("c", "a") :: Row("a", "b") ::
+      Row("a", "c") :: Row("b", "b") :: Row("c", "b") :: Row("b", "c") ::
+      Row("c", "c") :: Row("d", "a") :: Row("d", "b") :: Row("d", "c") ::
+      Row("a", "d") :: Row("b", "d") :: Row("c", "d") :: Row("d", "d") :: Nil
+    checkSort(input, expected, Array(StringType, StringType))
+
+    val rdd2 = spark.sparkContext.parallelize(Seq(
+      Row(null, "a"),
+      Row("a", "b"),
+      Row("a", "c"),
+      Row("a", null),
+      Row("b", "a"),
+      Row(null, "b"),
+      Row("b", null),
+      Row("b", "d"),
+      Row("c", "a"),
+      Row("c", null),
+      Row(null, "c"),
+      Row("c", "d"),
+      Row("d", null),
+      Row("d", "b"),
+      Row("d", "c"),
+      Row(null, "d"),
+      Row(null, null)))
+    val input2 = spark.createDataFrame(rdd2, schema)
+    val expected2 = Row("b", "a") :: Row("c", "a") :: Row("a", "b") :: Row("a", "c") ::
+      Row("d", "b") :: Row("d", "c") :: Row("b", "d") :: Row("c", "d") ::
+      Row(null, "a") :: Row(null, "b") :: Row(null, "c") :: Row(null, "d") ::
+      Row("a", null) :: Row("b", null) :: Row("c", null) :: Row("d", null) ::
+      Row(null, null) :: Nil
+    checkSort(input2, expected2, Array(StringType, StringType))
+  }
+
+  test("test special value of short int long type") {
+    val df1 = spark.createDataFrame(Seq(
+      (-1, -1L),
+      (Int.MinValue, Int.MinValue.toLong),
+      (1, 1L),
+      (Int.MaxValue - 1, Int.MaxValue.toLong),
+      (Int.MaxValue - 1, Int.MaxValue.toLong - 1),
+      (Int.MaxValue, Int.MaxValue.toLong + 1),
+      (Int.MaxValue, Int.MaxValue.toLong))).toDF("c1", "c2")
+    val expected1 =
+      Row(Int.MinValue, Int.MinValue.toLong) ::
+        Row(-1, -1L) ::
+        Row(1, 1L) ::
+        Row(Int.MaxValue - 1, Int.MaxValue.toLong - 1) ::
+        Row(Int.MaxValue - 1, Int.MaxValue.toLong) ::
+        Row(Int.MaxValue, Int.MaxValue.toLong) ::
+        Row(Int.MaxValue, Int.MaxValue.toLong + 1) :: Nil
+    checkSort(df1, expected1, Array(IntegerType, LongType))
+
+    val df2 = spark.createDataFrame(Seq(
+      (-1, -1.toShort),
+      (Short.MinValue.toInt, Short.MinValue),
+      (1, 1.toShort),
+      (Short.MaxValue.toInt, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toInt + 1, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toInt, Short.MaxValue),
+      (Short.MaxValue.toInt + 1, Short.MaxValue))).toDF("c1", "c2")
+    val expected2 =
+      Row(Short.MinValue.toInt, Short.MinValue) ::
+        Row(-1, -1.toShort) ::
+        Row(1, 1.toShort) ::
+        Row(Short.MaxValue.toInt, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toInt, Short.MaxValue) ::
+        Row(Short.MaxValue.toInt + 1, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toInt + 1, Short.MaxValue) :: Nil
+    checkSort(df2, expected2, Array(IntegerType, ShortType))
+
+    val df3 = spark.createDataFrame(Seq(
+      (-1L, -1.toShort),
+      (Short.MinValue.toLong, Short.MinValue),
+      (1L, 1.toShort),
+      (Short.MaxValue.toLong, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toLong + 1, (Short.MaxValue - 1).toShort),
+      (Short.MaxValue.toLong, Short.MaxValue),
+      (Short.MaxValue.toLong + 1, Short.MaxValue))).toDF("c1", "c2")
+    val expected3 =
+      Row(Short.MinValue.toLong, Short.MinValue) ::
+        Row(-1L, -1.toShort) ::
+        Row(1L, 1.toShort) ::
+        Row(Short.MaxValue.toLong, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toLong, Short.MaxValue) ::
+        Row(Short.MaxValue.toLong + 1, Short.MaxValue - 1) ::
+        Row(Short.MaxValue.toLong + 1, Short.MaxValue) :: Nil
+    checkSort(df3, expected3, Array(LongType, ShortType))
+  }
+
+  test("skip zorder if only requires one column") {
+    withTable("t") {
+      withSQLConf("spark.sql.hive.convertMetastoreParquet" -> "false") {
+        sql("CREATE TABLE t (c1 int, c2 string) stored as parquet")
+        val order1 = sql("OPTIMIZE t ZORDER BY c1").queryExecution.analyzed
+          .asInstanceOf[OptimizeZorderCommandBase].query.asInstanceOf[Sort].order.head.child
+        assert(!order1.isInstanceOf[Zorder])
+        assert(order1.isInstanceOf[AttributeReference])
+      }
+    }
+  }
+
+  test("Add config to control if zorder using global sort") {
+    withTable("t") {
+      withSQLConf(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED.key -> "false") {
+        sql(
+          """
+            |CREATE TABLE t (c1 int, c2 string) TBLPROPERTIES (
+            |'kyuubi.zorder.enabled'= 'true',
+            |'kyuubi.zorder.cols'= 'c1,c2')
+            |""".stripMargin)
+        val p1 = sql("OPTIMIZE t ZORDER BY c1, c2").queryExecution.analyzed
+        assert(p1.collect {
+          case shuffle: Sort if !shuffle.global => shuffle
+        }.size == 1)
+
+        val p2 = sql("INSERT INTO TABLE t SELECT * FROM VALUES(1,'a')").queryExecution.analyzed
+        assert(p2.collect {
+          case shuffle: Sort if !shuffle.global => shuffle
+        }.size == 1)
+      }
+    }
+  }
+
+  test("fast approach test") {
+    Seq[Seq[Any]](
+      Seq(1L, 2L),
+      Seq(1L, 2L, 3L),
+      Seq(1L, 2L, 3L, 4L),
+      Seq(1L, 2L, 3L, 4L, 5L),
+      Seq(1L, 2L, 3L, 4L, 5L, 6L),
+      Seq(1L, 2L, 3L, 4L, 5L, 6L, 7L),
+      Seq(1L, 2L, 3L, 4L, 5L, 6L, 7L, 8L))
+      .foreach { inputs =>
+        assert(java.util.Arrays.equals(
+          ZorderBytesUtils.interleaveBits(inputs.toArray),
+          ZorderBytesUtils.interleaveBitsDefault(inputs.map(ZorderBytesUtils.toByteArray).toArray)))
+      }
+  }
+
+  test("OPTIMIZE command is parsed as expected") {
+    val parser = createParser
+    val globalSort = spark.conf.get(KyuubiSQLConf.ZORDER_GLOBAL_SORT_ENABLED)
+
+    assert(parser.parsePlan("OPTIMIZE p zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(Seq(UnresolvedStar(None)), UnresolvedRelation(TableIdentifier("p"))))))
+
+    assert(parser.parsePlan("OPTIMIZE p zorder by c1, c2") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(
+            Zorder(Seq(UnresolvedAttribute("c1"), UnresolvedAttribute("c2"))),
+            Ascending,
+            NullsLast,
+            Seq.empty) :: Nil,
+          globalSort,
+          Project(Seq(UnresolvedStar(None)), UnresolvedRelation(TableIdentifier("p"))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = 1 zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(UnresolvedAttribute("id"), Literal(1)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = 1 zorder by c1, c2") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(
+            Zorder(Seq(UnresolvedAttribute("c1"), UnresolvedAttribute("c2"))),
+            Ascending,
+            NullsLast,
+            Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(UnresolvedAttribute("id"), Literal(1)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    assert(parser.parsePlan("OPTIMIZE p where id = current_date() zorder by c1") ===
+      OptimizeZorderStatement(
+        Seq("p"),
+        Sort(
+          SortOrder(UnresolvedAttribute("c1"), Ascending, NullsLast, Seq.empty) :: Nil,
+          globalSort,
+          Project(
+            Seq(UnresolvedStar(None)),
+            Filter(
+              EqualTo(
+                UnresolvedAttribute("id"),
+                UnresolvedFunction("current_date", Seq.empty, false)),
+              UnresolvedRelation(TableIdentifier("p")))))))
+
+    // TODO: add following case support
+    intercept[ParseException] {
+      parser.parsePlan("OPTIMIZE p zorder by (c1)")
+    }
+
+    intercept[ParseException] {
+      parser.parsePlan("OPTIMIZE p zorder by (c1, c2)")
+    }
+  }
+
+  test("OPTIMIZE partition predicates constraint") {
+    withTable("p") {
+      sql("CREATE TABLE p (c1 INT, c2 INT) PARTITIONED BY (event_date DATE)")
+      val e1 = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE p WHERE event_date = current_date as c ZORDER BY c1, c2")
+      }
+      assert(e1.getMessage.contains("unsupported partition predicates"))
+
+      val e2 = intercept[KyuubiSQLExtensionException] {
+        sql("OPTIMIZE p WHERE c1 = 1 ZORDER BY c1, c2")
+      }
+      assert(e2.getMessage == "Only partition column filters are allowed")
+    }
+  }
+
+  def createParser: ParserInterface
+}
+
+trait ZorderWithCodegenEnabledSuiteBase extends ZorderSuiteBase {
+  override def sparkConf(): SparkConf = {
+    val conf = super.sparkConf
+    conf.set(SQLConf.WHOLESTAGE_CODEGEN_ENABLED.key, "true")
+    conf
+  }
+}
+
+trait ZorderWithCodegenDisabledSuiteBase extends ZorderSuiteBase {
+  override def sparkConf(): SparkConf = {
+    val conf = super.sparkConf
+    conf.set(SQLConf.WHOLESTAGE_CODEGEN_ENABLED.key, "false")
+    conf.set(SQLConf.CODEGEN_FACTORY_MODE.key, "NO_CODEGEN")
+    conf
+  }
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
new file mode 100644
index 000000000..b891a7224
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/benchmark/KyuubiBenchmarkBase.scala
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.benchmark
+
+import java.io.{File, FileOutputStream, OutputStream}
+
+import scala.collection.JavaConverters._
+
+import com.google.common.reflect.ClassPath
+import org.scalatest.Assertions._
+
+trait KyuubiBenchmarkBase {
+  var output: Option[OutputStream] = None
+
+  private val prefix = {
+    val benchmarkClasses = ClassPath.from(Thread.currentThread.getContextClassLoader)
+      .getTopLevelClassesRecursive("org.apache.spark.sql").asScala.toArray
+    assert(benchmarkClasses.nonEmpty)
+    val benchmark = benchmarkClasses.find(_.load().getName.endsWith("Benchmark"))
+    val targetDirOrProjDir =
+      new File(benchmark.get.load().getProtectionDomain.getCodeSource.getLocation.toURI)
+        .getParentFile.getParentFile
+    if (targetDirOrProjDir.getName == "target") {
+      targetDirOrProjDir.getParentFile.getCanonicalPath + "/"
+    } else {
+      targetDirOrProjDir.getCanonicalPath + "/"
+    }
+  }
+
+  def withHeader(func: => Unit): Unit = {
+    val version = System.getProperty("java.version").split("\\D+")(0).toInt
+    val jdkString = if (version > 8) s"-jdk$version" else ""
+    val resultFileName =
+      s"${this.getClass.getSimpleName.replace("$", "")}$jdkString-results.txt"
+    val dir = new File(s"${prefix}benchmarks/")
+    if (!dir.exists()) {
+      // scalastyle:off println
+      println(s"Creating ${dir.getAbsolutePath} for benchmark results.")
+      // scalastyle:on println
+      dir.mkdirs()
+    }
+    val file = new File(dir, resultFileName)
+    if (!file.exists()) {
+      file.createNewFile()
+    }
+    output = Some(new FileOutputStream(file))
+
+    func
+
+    output.foreach { o =>
+      if (o != null) {
+        o.close()
+      }
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 3e1911468..06d76c7e5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -157,7 +157,7 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CreateTableAsSelect",
   "tableDescs" : [ {
-    "fieldName" : "left",
+    "fieldName" : "name",
     "fieldExtractor" : "ResolvedIdentifierTableExtractor",
     "columnDesc" : null,
     "actionTypeDesc" : null,
@@ -178,7 +178,7 @@
     "isInput" : false,
     "setCurrentDatabaseIfMissing" : false
   }, {
-    "fieldName" : "left",
+    "fieldName" : "name",
     "fieldExtractor" : "ResolvedDbObjectNameTableExtractor",
     "columnDesc" : null,
     "actionTypeDesc" : null,
@@ -508,7 +508,7 @@
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceTableAsSelect",
   "tableDescs" : [ {
-    "fieldName" : "left",
+    "fieldName" : "name",
     "fieldExtractor" : "ResolvedIdentifierTableExtractor",
     "columnDesc" : null,
     "actionTypeDesc" : null,
@@ -529,7 +529,7 @@
     "isInput" : false,
     "setCurrentDatabaseIfMissing" : false
   }, {
-    "fieldName" : "left",
+    "fieldName" : "name",
     "fieldExtractor" : "ResolvedDbObjectNameTableExtractor",
     "columnDesc" : null,
     "actionTypeDesc" : null,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index ca2ee9294..6a6800210 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -234,9 +234,9 @@ object TableCommands {
     TableCommandSpec(
       cmd,
       Seq(
-        resolvedIdentifierTableDesc.copy(fieldName = "left"),
+        resolvedIdentifierTableDesc.copy(fieldName = "name"),
         tableDesc,
-        resolvedDbObjectNameDesc.copy(fieldName = "left")),
+        resolvedDbObjectNameDesc.copy(fieldName = "name")),
       CREATETABLE_AS_SELECT,
       Seq(queryQueryDesc))
   }
diff --git a/pom.xml b/pom.xml
index e2b71f771..e9cee4ce6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2241,6 +2241,19 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>spark-3.5</id>
+            <modules>
+                <module>extensions/spark/kyuubi-extension-spark-3-5</module>
+            </modules>
+            <properties>
+                <delta.version>2.4.0</delta.version>
+                <spark.version>3.5.0</spark.version>
+                <spark.binary.version>3.5</spark.binary.version>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
+            </properties>
+        </profile>
+
         <profile>
             <id>spark-master</id>
             <properties>

From 6444c82d2ed59a90e31ce65461e66e01cac13380 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 9 Oct 2023 14:34:51 +0800
Subject: [PATCH 665/760] [KYUUBI #4498][FOLLOWUP] Support to list sessions
 with conditions in AdminRestApi

### _Why are the changes needed?_

Followup #4498
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5354 from turboFei/list_sessions.

Closes #4498

5a3020ac2 [fwang12] list users sessions

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/client/AdminRestApi.java    | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
index 3b220cbc2..904ecb6c9 100644
--- a/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
+++ b/kyuubi-rest-client/src/main/java/org/apache/kyuubi/client/AdminRestApi.java
@@ -17,10 +17,7 @@
 
 package org.apache.kyuubi.client;
 
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import org.apache.kyuubi.client.api.v1.dto.Engine;
 import org.apache.kyuubi.client.api.v1.dto.OperationData;
 import org.apache.kyuubi.client.api.v1.dto.ServerData;
@@ -87,9 +84,17 @@ public List<Engine> listEngines(
   }
 
   public List<SessionData> listSessions() {
+    return listSessions(Collections.emptyList());
+  }
+
+  public List<SessionData> listSessions(List<String> users) {
+    Map<String, Object> params = new HashMap<>();
+    if (users != null && !users.isEmpty()) {
+      params.put("users", String.join(",", users));
+    }
     SessionData[] result =
         this.getClient()
-            .get(API_BASE_PATH + "/sessions", null, SessionData[].class, client.getAuthHeader());
+            .get(API_BASE_PATH + "/sessions", params, SessionData[].class, client.getAuthHeader());
     return Arrays.asList(result);
   }
 

From 7eac40048807655306fface8dfef9c8795ea595d Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 9 Oct 2023 14:35:47 +0800
Subject: [PATCH 666/760] [KYUUBI #4994][FOLLOWUP] Respect the engine type and
 share level for listing all engines

### _Why are the changes needed?_

Now, the specified engine type and share level does not work

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5353 from turboFei/list_all_engines.

Closes #4994

49ad1acdb [fwang12] refactor
295665bb1 [fwang12] respect the engine share level and type

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../kyuubi/server/api/v1/AdminResource.scala      | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
index 5f410ab7d..3c6f2a197 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/AdminResource.scala
@@ -298,15 +298,15 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
       }
       val engines = ListBuffer[Engine]()
       val engineSpace = fe.getConf.get(HA_NAMESPACE)
-      val shareLevel = fe.getConf.get(ENGINE_SHARE_LEVEL)
-      val engineType = fe.getConf.get(ENGINE_TYPE)
+      val finalShareLevel = Option(shareLevel).getOrElse(fe.getConf.get(ENGINE_SHARE_LEVEL))
+      val finalEngineType = Option(engineType).getOrElse(fe.getConf.get(ENGINE_TYPE))
       withDiscoveryClient(fe.getConf) { discoveryClient =>
-        val commonParent = s"/${engineSpace}_${KYUUBI_VERSION}_${shareLevel}_$engineType"
+        val commonParent = s"/${engineSpace}_${KYUUBI_VERSION}_${finalShareLevel}_$finalEngineType"
         info(s"Listing engine nodes for $commonParent")
         try {
           discoveryClient.getChildren(commonParent).map {
             user =>
-              val engine = getEngine(user, engineType, shareLevel, "", "")
+              val engine = getEngine(user, finalEngineType, finalShareLevel, "", "")
               val engineSpace = getEngineSpace(engine)
               discoveryClient.getChildren(engineSpace).map { child =>
                 info(s"Listing engine nodes for $engineSpace/$child")
@@ -324,9 +324,12 @@ private[v1] class AdminResource extends ApiRequestContext with Logging {
           }
         } catch {
           case nne: NoNodeException =>
-            error(s"No such engine for engine type: $engineType, share level: $shareLevel", nne)
+            error(
+              s"No such engine for engine type: $finalEngineType," +
+                s" share level: $finalShareLevel",
+              nne)
             throw new NotFoundException(
-              s"No such engine for engine type: $engineType, share level: $shareLevel")
+              s"No such engine for engine type: $finalEngineType, share level: $finalShareLevel")
         }
       }
       return engines.toSeq

From e33df9ce6664b7069baceaf3b5a874464ea87cd7 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Tue, 10 Oct 2023 08:42:40 +0800
Subject: [PATCH 667/760] [KYUUBI #5196] Enable CI Test on Scala 2.13 and
 support custom or spark-core extracted Scala version for Spark's engine

### _Why are the changes needed?_

- enable CI test on Scala-2.13 for all modules except Flink SQL engine
- For testing, choose available Spark engine home in `download` module by `SCALA_COMPILE_VERSION` of Kyuubi server
- Choose the Scala version of Spark engine main resource Jar  in the following order:
  1. `SPARK_SCALA_VERSION` system env
  2. Extract Scala version from Spark home's `spark-core` jar filename
- Fixed 1 assertion error of kyuubi-spark-lineage module, as Spark on Scala 2.12 and 2.13 show different order of column linage output in `MergeIntoTable` ut
```
SparkSQLLineageParserHelperSuite:
- columns lineage extract - MergeIntoTable *** FAILED ***
  inputTables(List(v2_catalog.db.source_t))
  outputTables(List(v2_catalog.db.target_t))
  columnLineage(List(ColumnLineage(v2_catalog.db.target_t.name,Set(v2_catalog.db.source_t.name)), ColumnLineage(v2_catalog.db.target_t.price,Set(v2_catalog.db.source_t.price)), ColumnLineage(v2_catalog.db.target_t.id,Set(v2_catalog.db.source_t.id)))) did not equal inputTables(List(v2_catalog.db.source_t))
  outputTables(List(v2_catalog.db.target_t))
  columnLineage(List(ColumnLineage(v2_catalog.db.target_t.id,Set(v2_catalog.db.source_t.id)), ColumnLineage(v2_catalog.db.target_t.name,Set(v2_catalog.db.source_t.name)), ColumnLineage(v2_catalog.db.target_t.price,Set(v2_catalog.db.source_t.price)))) (SparkSQLLineageParserHelperSuite.scala:182)
```
- Fixed other tests relying on Scala scripting results

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5196 from bowenliang123/scala213-test.

Closes #5196

97fafacd3 [liangbowen] prevent repeated compilation for regrex pattern
76b99d423 [Bowen Liang] test on scala-2.13

Lead-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml                  | 32 ++++++++----
 .../kyuubi/plugin/lineage/Lineage.scala       |  5 +-
 integration-tests/kyuubi-flink-it/pom.xml     |  4 ++
 integration-tests/kyuubi-hive-it/pom.xml      |  5 ++
 integration-tests/kyuubi-jdbc-it/pom.xml      |  2 +
 integration-tests/kyuubi-trino-it/pom.xml     |  5 ++
 .../operation/IcebergMetadataTests.scala      | 12 +++--
 .../kyuubi/operation/SparkQueryTests.scala    |  6 +--
 .../apache/kyuubi/engine/ProcBuilder.scala    | 19 ++++---
 .../engine/spark/SparkProcessBuilder.scala    | 34 +++++++++++--
 .../spark/SparkProcessBuilderSuite.scala      | 43 +++++++++++++++-
 .../kyuubi/session/SessionSigningSuite.scala  |  5 +-
 .../apache/kyuubi/util/AssertionUtils.scala   | 51 +++++++++++++++----
 pom.xml                                       |  8 +--
 14 files changed, 186 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 586db9c8e..7c442dd0f 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -170,16 +170,18 @@ jobs:
             **/target/unit-tests.log
             **/kyuubi-spark-sql-engine.log*
 
-  scala213:
-    name: Scala Compilation Test
+  scala-test:
+    name: Scala Test
     runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
-        java:
-          - '8'
         scala:
           - '2.13'
+        java:
+          - '8'
+        spark:
+          - '3.4'
     steps:
       - uses: actions/checkout@v3
       - name: Tune Runner VM
@@ -193,14 +195,24 @@ jobs:
           check-latest: false
       - name: Setup Maven
         uses: ./.github/actions/setup-maven
+      - name: Cache Engine Archives
+        uses: ./.github/actions/cache-engine-archives
       - name: Build on Scala ${{ matrix.scala }}
         run: |
-          MODULES='!externals/kyuubi-flink-sql-engine'
-          ./build/mvn clean install -pl ${MODULES} -am \
-          -DskipTests -Pflink-provided,hive-provided,spark-provided \
-          -Pjava-${{ matrix.java }} \
-          -Pscala-${{ matrix.scala }} \
-          -Pspark-3.3
+          TEST_MODULES="!externals/kyuubi-flink-sql-engine,!integration-tests/kyuubi-flink-it"
+          ./build/mvn clean install ${MVN_OPT} -pl ${TEST_MODULES} -am \
+          -Pscala-${{ matrix.scala }} -Pjava-${{ matrix.java }} -Pspark-${{ matrix.spark }}
+      - name: Upload test logs
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: unit-tests-log-scala-${{ matrix.scala }}-java-${{ matrix.java }}-spark-${{ matrix.spark }}
+          path: |
+            **/target/unit-tests.log
+            **/kyuubi-spark-sql-engine.log*
+            **/kyuubi-spark-batch-submit.log*
+            **/kyuubi-jdbc-engine.log*
+            **/kyuubi-hive-sql-engine.log*
 
   flink-it:
     name: Flink Test
diff --git a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala
index 4bd0bd0b1..730deeb01 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala
+++ b/extensions/spark/kyuubi-spark-lineage/src/main/scala/org/apache/kyuubi/plugin/lineage/Lineage.scala
@@ -32,8 +32,9 @@ class Lineage(
 
   override def equals(other: Any): Boolean = other match {
     case otherLineage: Lineage =>
-      otherLineage.inputTables == inputTables && otherLineage.outputTables == outputTables &&
-      otherLineage.columnLineage == columnLineage
+      otherLineage.inputTables.toSet == inputTables.toSet &&
+      otherLineage.outputTables.toSet == outputTables.toSet &&
+      otherLineage.columnLineage.toSet == columnLineage.toSet
     case _ => false
   }
 
diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml
index 3c0e3f31a..15699be1d 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -112,4 +112,8 @@
 
     </dependencies>
 
+    <build>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
 </project>
diff --git a/integration-tests/kyuubi-hive-it/pom.xml b/integration-tests/kyuubi-hive-it/pom.xml
index 24e5529a2..c4e9f320c 100644
--- a/integration-tests/kyuubi-hive-it/pom.xml
+++ b/integration-tests/kyuubi-hive-it/pom.xml
@@ -69,4 +69,9 @@
             <scope>test</scope>
         </dependency>
     </dependencies>
+
+    <build>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
 </project>
diff --git a/integration-tests/kyuubi-jdbc-it/pom.xml b/integration-tests/kyuubi-jdbc-it/pom.xml
index 08f74512e..95ffd2038 100644
--- a/integration-tests/kyuubi-jdbc-it/pom.xml
+++ b/integration-tests/kyuubi-jdbc-it/pom.xml
@@ -114,5 +114,7 @@
                 </executions>
             </plugin>
         </plugins>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
     </build>
 </project>
diff --git a/integration-tests/kyuubi-trino-it/pom.xml b/integration-tests/kyuubi-trino-it/pom.xml
index 628f63818..c93d43c00 100644
--- a/integration-tests/kyuubi-trino-it/pom.xml
+++ b/integration-tests/kyuubi-trino-it/pom.xml
@@ -88,4 +88,9 @@
         </dependency>
 
     </dependencies>
+
+    <build>
+        <outputDirectory>target/scala-${scala.binary.version}/classes</outputDirectory>
+        <testOutputDirectory>target/scala-${scala.binary.version}/test-classes</testOutputDirectory>
+    </build>
 </project>
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
index e3bb4ccb7..99482f0c5 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
@@ -17,8 +17,11 @@
 
 package org.apache.kyuubi.operation
 
+import scala.collection.mutable.ListBuffer
+
 import org.apache.kyuubi.{IcebergSuiteMixin, SPARK_COMPILE_VERSION}
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
+import org.apache.kyuubi.util.AssertionUtils._
 import org.apache.kyuubi.util.SparkVersionUtil
 
 trait IcebergMetadataTests extends HiveJDBCTestHelper with IcebergSuiteMixin with SparkVersionUtil {
@@ -27,10 +30,11 @@ trait IcebergMetadataTests extends HiveJDBCTestHelper with IcebergSuiteMixin wit
     withJdbcStatement() { statement =>
       val metaData = statement.getConnection.getMetaData
       val catalogs = metaData.getCatalogs
-      catalogs.next()
-      assert(catalogs.getString(TABLE_CAT) === "spark_catalog")
-      catalogs.next()
-      assert(catalogs.getString(TABLE_CAT) === catalog)
+      val results = ListBuffer[String]()
+      while (catalogs.next()) {
+        results += catalogs.getString(TABLE_CAT)
+      }
+      assertContains(results, "spark_catalog", catalog)
     }
   }
 
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
index 20d3f6fad..0ac56e3bc 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/SparkQueryTests.scala
@@ -270,7 +270,7 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
           |""".stripMargin
       val rs1 = statement.executeQuery(code)
       rs1.next()
-      assert(rs1.getString(1) startsWith "df: org.apache.spark.sql.DataFrame")
+      assert(rs1.getString(1) contains "df: org.apache.spark.sql.DataFrame")
 
       // continue
       val rs2 = statement.executeQuery("df.count()")
@@ -311,7 +311,7 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
           |""".stripMargin
       val rs5 = statement.executeQuery(code2)
       rs5.next()
-      assert(rs5.getString(1) startsWith "df: org.apache.spark.sql.DataFrame")
+      assert(rs5.getString(1) contains "df: org.apache.spark.sql.DataFrame")
 
       // re-assign
       val rs6 = statement.executeQuery("result.set(df)")
@@ -420,7 +420,7 @@ trait SparkQueryTests extends SparkDataTypeTests with HiveJDBCTestHelper {
       statement.execute(code1)
       val rs = statement.executeQuery(code2)
       rs.next()
-      assert(rs.getString(1) == "x: Int = 3")
+      assert(rs.getString(1) contains "x: Int = 3")
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
index 44b317c71..84807a62d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/ProcBuilder.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.engine
 
-import java.io.{File, FilenameFilter, IOException}
+import java.io.{File, FileFilter, IOException}
 import java.net.URI
 import java.nio.charset.StandardCharsets
 import java.nio.file.{Files, Path, Paths}
@@ -56,13 +56,14 @@ trait ProcBuilder {
     }
   }
 
+  protected val engineScalaBinaryVersion: String = SCALA_COMPILE_VERSION
+
   /**
    * The engine jar or other runnable jar containing the main method
    */
   def mainResource: Option[String] = {
     // 1. get the main resource jar for user specified config first
-    // TODO use SPARK_SCALA_VERSION instead of SCALA_COMPILE_VERSION
-    val jarName = s"${module}_$SCALA_COMPILE_VERSION-$KYUUBI_VERSION.jar"
+    val jarName: String = s"${module}_$engineScalaBinaryVersion-$KYUUBI_VERSION.jar"
     conf.getOption(s"kyuubi.session.engine.$shortName.main.resource").filter { userSpecified =>
       // skip check exist if not local file.
       val uri = new URI(userSpecified)
@@ -295,6 +296,11 @@ trait ProcBuilder {
     }
   }
 
+  protected lazy val engineHomeDirFilter: FileFilter = file => {
+    val fileName = file.getName
+    file.isDirectory && fileName.contains(s"$shortName-") && !fileName.contains("-engine")
+  }
+
   /**
    * Get the home directly that contains binary distributions of engines.
    *
@@ -311,9 +317,6 @@ trait ProcBuilder {
    * @return SPARK_HOME, HIVE_HOME, etc.
    */
   protected def getEngineHome(shortName: String): String = {
-    val homeDirFilter: FilenameFilter = (dir: File, name: String) =>
-      dir.isDirectory && name.contains(s"$shortName-") && !name.contains("-engine")
-
     val homeKey = s"${shortName.toUpperCase}_HOME"
     // 1. get from env, e.g. SPARK_HOME, FLINK_HOME
     env.get(homeKey)
@@ -321,14 +324,14 @@ trait ProcBuilder {
         // 2. get from $KYUUBI_HOME/externals/kyuubi-download/target
         env.get(KYUUBI_HOME).flatMap { p =>
           val candidates = Paths.get(p, "externals", "kyuubi-download", "target")
-            .toFile.listFiles(homeDirFilter)
+            .toFile.listFiles(engineHomeDirFilter)
           if (candidates == null) None else candidates.map(_.toPath).headOption
         }.filter(Files.exists(_)).map(_.toAbsolutePath.toFile.getCanonicalPath)
       }.orElse {
         // 3. get from kyuubi-server/../externals/kyuubi-download/target
         Utils.getCodeSourceLocation(getClass).split("kyuubi-server").flatMap { cwd =>
           val candidates = Paths.get(cwd, "externals", "kyuubi-download", "target")
-            .toFile.listFiles(homeDirFilter)
+            .toFile.listFiles(engineHomeDirFilter)
           if (candidates == null) None else candidates.map(_.toPath).headOption
         }.find(Files.exists(_)).map(_.toAbsolutePath.toFile.getCanonicalPath)
       } match {
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index 351eddb75..02f4064af 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.engine.spark
 
-import java.io.{File, IOException}
+import java.io.{File, FileFilter, IOException}
 import java.nio.file.Paths
 import java.util.Locale
 
@@ -25,6 +25,7 @@ import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 
 import com.google.common.annotations.VisibleForTesting
+import org.apache.commons.lang3.StringUtils
 import org.apache.hadoop.security.UserGroupInformation
 
 import org.apache.kyuubi._
@@ -35,8 +36,7 @@ import org.apache.kyuubi.engine.ProcBuilder.KYUUBI_ENGINE_LOG_PATH_KEY
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.operation.log.OperationLog
-import org.apache.kyuubi.util.KubernetesUtils
-import org.apache.kyuubi.util.Validator
+import org.apache.kyuubi.util.{KubernetesUtils, Validator}
 
 class SparkProcessBuilder(
     override val proxyUser: String,
@@ -102,6 +102,25 @@ class SparkProcessBuilder(
     }
   }
 
+  private[kyuubi] def extractSparkCoreScalaVersion(fileNames: Iterable[String]): String = {
+    fileNames.collectFirst { case SPARK_CORE_SCALA_VERSION_REGEX(scalaVersion) => scalaVersion }
+      .getOrElse(throw new KyuubiException("Failed to extract Scala version from spark-core jar"))
+  }
+
+  override protected val engineScalaBinaryVersion: String = {
+    val sparkCoreScalaVersion =
+      extractSparkCoreScalaVersion(Paths.get(sparkHome, "jars").toFile.list())
+    StringUtils.defaultIfBlank(System.getenv("SPARK_SCALA_VERSION"), sparkCoreScalaVersion)
+  }
+
+  override protected lazy val engineHomeDirFilter: FileFilter = file => {
+    val r = SCALA_COMPILE_VERSION match {
+      case "2.12" => SPARK_HOME_REGEX_SCALA_212
+      case "2.13" => SPARK_HOME_REGEX_SCALA_213
+    }
+    file.isDirectory && r.findFirstMatchIn(file.getName).isDefined
+  }
+
   override protected lazy val commands: Array[String] = {
     // complete `spark.master` if absent on kubernetes
     completeMasterUrl(conf)
@@ -314,4 +333,13 @@ object SparkProcessBuilder {
   final private val SPARK_SUBMIT_FILE = if (Utils.isWindows) "spark-submit.cmd" else "spark-submit"
   final private val SPARK_CONF_DIR = "SPARK_CONF_DIR"
   final private val SPARK_CONF_FILE_NAME = "spark-defaults.conf"
+
+  final private[kyuubi] val SPARK_CORE_SCALA_VERSION_REGEX =
+    """^spark-core_(\d\.\d+).*.jar$""".r
+
+  final private[kyuubi] val SPARK_HOME_REGEX_SCALA_212 =
+    """^spark-\d+\.\d+\.\d+-bin-hadoop\d+(\.\d+)?$""".r
+
+  final private[kyuubi] val SPARK_HOME_REGEX_SCALA_213 =
+    """^spark-\d+\.\d+\.\d+-bin-hadoop\d(\.\d+)?+-scala\d+(\.\d+)?$""".r
 }
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
index a4227d26e..408f42f64 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilderSuite.scala
@@ -26,7 +26,7 @@ import java.util.concurrent.{Executors, TimeUnit}
 import org.scalatest.time.SpanSugar._
 import org.scalatestplus.mockito.MockitoSugar
 
-import org.apache.kyuubi.{KerberizedTestHelper, KyuubiSQLException, Utils}
+import org.apache.kyuubi._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_LOG_TIMEOUT, ENGINE_SPARK_MAIN_RESOURCE}
 import org.apache.kyuubi.engine.ProcBuilder.KYUUBI_ENGINE_LOG_PATH_KEY
@@ -34,6 +34,7 @@ import org.apache.kyuubi.engine.spark.SparkProcessBuilder._
 import org.apache.kyuubi.ha.HighAvailabilityConf
 import org.apache.kyuubi.ha.client.AuthTypes
 import org.apache.kyuubi.service.ServiceUtils
+import org.apache.kyuubi.util.AssertionUtils._
 
 class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
   private def conf = KyuubiConf().set("kyuubi.on", "off")
@@ -363,6 +364,46 @@ class SparkProcessBuilderSuite extends KerberizedTestHelper with MockitoSugar {
       .appendPodNameConf(conf3).get(KUBERNETES_EXECUTOR_POD_NAME_PREFIX)
     assert(execPodNamePrefix3 === Some(s"kyuubi-$engineRefId"))
   }
+
+  test("extract spark core scala version") {
+    val builder = new SparkProcessBuilder("kentyao", KyuubiConf(false))
+    Seq(
+      "spark-core_2.13-3.4.1.jar",
+      "spark-core_2.13-3.5.0-abc-20230921.jar",
+      "spark-core_2.13-3.5.0-xyz-1.2.3.jar",
+      "spark-core_2.13-3.5.0.1.jar",
+      "spark-core_2.13.2-3.5.0.jar").foreach { f =>
+      assertResult("2.13")(builder.extractSparkCoreScalaVersion(Seq(f)))
+    }
+
+    Seq(
+      "spark-dummy_2.13-3.5.0.jar",
+      "spark-core_2.13-3.5.0.1.zip",
+      "yummy-spark-core_2.13-3.5.0.jar").foreach { f =>
+      assertThrows[KyuubiException](builder.extractSparkCoreScalaVersion(Seq(f)))
+    }
+  }
+
+  test("match scala version of spark home") {
+    SCALA_COMPILE_VERSION match {
+      case "2.12" => Seq(
+          "spark-3.2.4-bin-hadoop3.2",
+          "spark-3.2.4-bin-hadoop2.7",
+          "spark-3.4.1-bin-hadoop3")
+          .foreach { sparkHome =>
+            assertMatches(sparkHome, SPARK_HOME_REGEX_SCALA_212)
+            assertNotMatches(sparkHome, SPARK_HOME_REGEX_SCALA_213)
+          }
+      case "2.13" => Seq(
+          "spark-3.2.4-bin-hadoop3.2-scala2.13",
+          "spark-3.4.1-bin-hadoop3-scala2.13",
+          "spark-3.5.0-bin-hadoop3-scala2.13")
+          .foreach { sparkHome =>
+            assertMatches(sparkHome, SPARK_HOME_REGEX_SCALA_213)
+            assertNotMatches(sparkHome, SPARK_HOME_REGEX_SCALA_212)
+          }
+    }
+  }
 }
 
 class FakeSparkProcessBuilder(config: KyuubiConf)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala
index a53e46507..11121a74f 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala
@@ -86,8 +86,9 @@ class SessionSigningSuite extends WithKyuubiServer with HiveJDBCTestHelper {
         assert(rs2.next())
 
         // skipping prefix "res0: String = " of returned scala result
-        val publicKeyStr = rs1.getString(1).substring(15)
-        val sessionUserSign = rs2.getString(1).substring(15)
+        val sep = " = "
+        val publicKeyStr = StringUtils.substringAfter(rs1.getString(1), sep)
+        val sessionUserSign = StringUtils.substringAfter(rs2.getString(1), sep)
 
         assert(StringUtils.isNotBlank(publicKeyStr))
         assert(StringUtils.isNotBlank(sessionUserSign))
diff --git a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
index 2e9a0d3fe..9d33993b9 100644
--- a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/AssertionUtils.scala
@@ -23,14 +23,16 @@ import java.util.Locale
 import scala.collection.Traversable
 import scala.io.Source
 import scala.reflect.ClassTag
+import scala.util.matching.Regex
 
-import org.scalactic.{source, Prettifier}
+import org.scalactic.Prettifier
+import org.scalactic.source.Position
 import org.scalatest.Assertions._
 
 object AssertionUtils {
 
   def assertEqualsIgnoreCase(expected: AnyRef)(actual: AnyRef)(
-      implicit pos: source.Position): Unit = {
+      implicit pos: Position): Unit = {
     val isEqualsIgnoreCase = (Option(expected), Option(actual)) match {
       case (Some(expectedStr: String), Some(actualStr: String)) =>
         expectedStr.equalsIgnoreCase(actualStr)
@@ -44,15 +46,15 @@ object AssertionUtils {
     }
   }
 
-  def assertStartsWithIgnoreCase(expectedPrefix: String)(actual: String)(
-      implicit pos: source.Position): Unit = {
+  def assertStartsWithIgnoreCase(expectedPrefix: String)(actual: String)(implicit
+      pos: Position): Unit = {
     if (!actual.toLowerCase(Locale.ROOT).startsWith(expectedPrefix.toLowerCase(Locale.ROOT))) {
       fail(s"Expected starting with '$expectedPrefix' ignoring case, but got [$actual]")(pos)
     }
   }
 
-  def assertExistsIgnoreCase(expected: String)(actual: Iterable[String])(
-      implicit pos: source.Position): Unit = {
+  def assertExistsIgnoreCase(expected: String)(actual: Iterable[String])(implicit
+      pos: Position): Unit = {
     if (!actual.exists(_.equalsIgnoreCase(expected))) {
       fail(s"Expected containing '$expected' ignoring case, but got [$actual]")(pos)
     }
@@ -73,7 +75,7 @@ object AssertionUtils {
       regenScript: String,
       splitFirstExpectedLine: Boolean = false)(implicit
       prettifier: Prettifier,
-      pos: source.Position): Unit = {
+      pos: Position): Unit = {
     val fileSource = Source.fromFile(path.toUri, StandardCharsets.UTF_8.name())
     try {
       def expectedLinesIter = if (splitFirstExpectedLine) {
@@ -104,13 +106,44 @@ object AssertionUtils {
     }
   }
 
+  /**
+   * Assert the iterable contains all the expected elements
+   */
+  def assertContains(actual: TraversableOnce[AnyRef], expected: AnyRef*)(implicit
+      prettifier: Prettifier,
+      pos: Position): Unit =
+    withClue(s", expected containing [${expected.mkString(", ")}]") {
+      val actualSeq = actual.toSeq
+      expected.foreach { elem => assert(actualSeq.contains(elem))(prettifier, pos) }
+    }
+
+  /**
+   * Asserts the string matches the regex
+   */
+  def assertMatches(actual: String, regex: Regex)(implicit
+      prettifier: Prettifier,
+      pos: Position): Unit =
+    withClue(s"'$actual' expected matching the regex '$regex'") {
+      assert(regex.findFirstMatchIn(actual).isDefined)(prettifier, pos)
+    }
+
+  /**
+   * Asserts the string does not match the regex
+   */
+  def assertNotMatches(actual: String, regex: Regex)(implicit
+      prettifier: Prettifier,
+      pos: Position): Unit =
+    withClue(s"'$actual' expected not matching the regex '$regex'") {
+      assert(regex.findFirstMatchIn(actual).isEmpty)(prettifier, pos)
+    }
+
   /**
    * Asserts that the given function throws an exception of the given type
    * and with the exception message equals to expected string
    */
   def interceptEquals[T <: Exception](f: => Any)(expected: String)(implicit
       classTag: ClassTag[T],
-      pos: source.Position): Unit = {
+      pos: Position): Unit = {
     assert(expected != null)
     val exception = intercept[T](f)(classTag, pos)
     assertResult(expected)(exception.getMessage)
@@ -122,7 +155,7 @@ object AssertionUtils {
    */
   def interceptContains[T <: Exception](f: => Any)(contained: String)(implicit
       classTag: ClassTag[T],
-      pos: source.Position): Unit = {
+      pos: Position): Unit = {
     assert(contained != null)
     val exception = intercept[T](f)(classTag, pos)
     assert(exception.getMessage.contains(contained))
diff --git a/pom.xml b/pom.xml
index e9cee4ce6..df1e0c3b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -138,7 +138,7 @@
         <fb303.version>0.9.3</fb303.version>
         <flexmark.version>0.62.2</flexmark.version>
         <flink.version>1.17.1</flink.version>
-        <flink.archive.name>flink-${flink.version}-bin-scala_${scala.binary.version}.tgz</flink.archive.name>
+        <flink.archive.name>flink-${flink.version}-bin-scala_2.12.tgz</flink.archive.name>
         <flink.archive.mirror>${apache.archive.dist}/flink/flink-${flink.version}</flink.archive.mirror>
         <flink.archive.download.skip>false</flink.archive.download.skip>
         <google.jsr305.version>3.0.2</google.jsr305.version>
@@ -198,7 +198,8 @@
           -->
         <spark.version>3.4.1</spark.version>
         <spark.binary.version>3.4</spark.binary.version>
-        <spark.archive.name>spark-${spark.version}-bin-hadoop3.tgz</spark.archive.name>
+        <spark.archive.scala.suffix></spark.archive.scala.suffix>
+        <spark.archive.name>spark-${spark.version}-bin-hadoop3${spark.archive.scala.suffix}.tgz</spark.archive.name>
         <spark.archive.mirror>${apache.archive.dist}/spark/spark-${spark.version}</spark.archive.mirror>
         <spark.archive.download.skip>false</spark.archive.download.skip>
         <sqlite.version>3.42.0.0</sqlite.version>
@@ -2135,6 +2136,7 @@
             <properties>
                 <scala.binary.version>2.13</scala.binary.version>
                 <scala.version>2.13.8</scala.version>
+                <spark.archive.scala.suffix>-scala${scala.binary.version}</spark.archive.scala.suffix>
             </properties>
             <build>
                 <pluginManagement>
@@ -2207,7 +2209,7 @@
                 <spark.version>3.2.4</spark.version>
                 <spark.binary.version>3.2</spark.binary.version>
                 <delta.version>2.0.2</delta.version>
-                <spark.archive.name>spark-${spark.version}-bin-hadoop3.2.tgz</spark.archive.name>
+                <spark.archive.name>spark-${spark.version}-bin-hadoop3.2${spark.archive.scala.suffix}.tgz</spark.archive.name>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>

From e1d213ee9961a706cad47a263211ca8cb2c9057f Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 10 Oct 2023 16:40:42 +0800
Subject: [PATCH 668/760] [KYUUBI #5391] Close batch session after batch
 operation completion for idle timeout

### _Why are the changes needed?_

To add a limitation for batch session lifecycle. otherwise, the batch session might always alive.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5391 from turboFei/close_session_with_maxtimeout.

Closes #5391

5639c7d6b [fwang12] session no op

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/session/KyuubiBatchSession.scala | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index e10230ebf..8e4c5137f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -61,9 +61,13 @@ class KyuubiBatchSession(
   override def createTime: Long = metadata.map(_.createTime).getOrElse(super.createTime)
 
   override def getNoOperationTime: Long = {
-    if (batchJobSubmissionOp != null && !OperationState.isTerminal(
-        batchJobSubmissionOp.getStatus.state)) {
-      0L
+    if (batchJobSubmissionOp != null) {
+      val batchStatus = batchJobSubmissionOp.getStatus
+      if (!OperationState.isTerminal(batchStatus.state)) {
+        0L
+      } else {
+        System.currentTimeMillis() - batchStatus.completed
+      }
     } else {
       super.getNoOperationTime
     }

From 79b147ad3a3562ea91531a9c5583c03a97a455a7 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Wed, 11 Oct 2023 10:18:50 +0800
Subject: [PATCH 669/760] [KYUUBI #5362] Remove Spark 3.0 support for Authz

### _Why are the changes needed?_
To close #5362 .

Considering the maintenance burden of the Kyuubi community and easy cross-support for data lake projects.
Drop support EOLs of Spark 3 for the coming Spark 4.x era in kyuubi v1.9.
We will still do bugfix release for these spark3.0.x users.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5363 from AngersZhuuuu/KYUUBI-5362.

Closes #5362

d34cd6e2b [Angerszhuuuu] Update build.md
99f414bd4 [Angerszhuuuu] Update build.md
a5129e4f6 [Angerszhuuuu] Update build.md
6ee008cc5 [Angerszhuuuu] Update README.md
af792cc42 [Angerszhuuuu] Update master.yml
69b333161 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5362
528554e9c [Angerszhuuuu] Update IcebergCatalogPrivilegesBuilderSuite.scala
427ebd48d [Angerszhuuuu] Update DataMaskingForJDBCV2Suite.scala
64809a54f [Angerszhuuuu] update
f7d89fd9b [Angerszhuuuu] [KYUUBI-5362] Kyuubi remove Authz test for spark3.0.3

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                  | 43 ------------
 docs/security/authorization/spark/build.md    |  2 +-
 extensions/spark/kyuubi-spark-authz/README.md |  2 +-
 ...IcebergCatalogPrivilegesBuilderSuite.scala | 22 +++----
 .../spark/authz/PrivilegesBuilderSuite.scala  |  1 -
 ...bcTableCatalogPrivilegesBuilderSuite.scala | 18 ++---
 ...bergCatalogRangerSparkExtensionSuite.scala | 53 +++++++--------
 .../ranger/RangerSparkExtensionSuite.scala    | 20 +-----
 ...ableCatalogRangerSparkExtensionSuite.scala | 65 ++++++-------------
 .../DataMaskingForIcebergSuite.scala          | 34 ++++------
 .../DataMaskingForJDBCV2Suite.scala           | 37 ++++-------
 .../datamasking/DataMaskingTestBase.scala     |  2 -
 .../RowFilteringForIcebergSuite.scala         | 34 ++++------
 .../RowFilteringForJDBCV2Suite.scala          | 37 ++++-------
 .../rowfiltering/RowFilteringTestBase.scala   |  2 -
 15 files changed, 113 insertions(+), 259 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 7c442dd0f..c3cc53736 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -127,49 +127,6 @@ jobs:
             **/kyuubi-spark-sql-engine.log*
             **/kyuubi-spark-batch-submit.log*
 
-  authz:
-    name: Kyuubi-AuthZ and Spark Test
-    runs-on: ubuntu-22.04
-    strategy:
-      fail-fast: false
-      matrix:
-        java:
-          - 8
-          - 11
-        spark:
-          - '3.0.3'
-        comment: ["normal"]
-    env:
-      SPARK_LOCAL_IP: localhost
-    steps:
-      - uses: actions/checkout@v3
-      - name: Tune Runner VM
-        uses: ./.github/actions/tune-runner-vm
-      - name: Setup JDK ${{ matrix.java }}
-        uses: actions/setup-java@v3
-        with:
-          distribution: temurin
-          java-version: ${{ matrix.java }}
-          cache: 'maven'
-          check-latest: false
-      - name: Setup Maven
-        uses: ./.github/actions/setup-maven
-      - name: Cache Engine Archives
-        uses: ./.github/actions/cache-engine-archives
-      - name: Build and test Kyuubi AuthZ with supported Spark versions
-        run: |
-          TEST_MODULES="extensions/spark/kyuubi-spark-authz"
-          ./build/mvn clean test ${MVN_OPT} -pl ${TEST_MODULES} -am \
-          -Dspark.version=${{ matrix.spark }}
-      - name: Upload test logs
-        if: failure()
-        uses: actions/upload-artifact@v3
-        with:
-          name: unit-tests-log-java-${{ matrix.java }}-spark-${{ matrix.spark }}-${{ matrix.comment }}
-          path: |
-            **/target/unit-tests.log
-            **/kyuubi-spark-sql-engine.log*
-
   scala-test:
     name: Scala Test
     runs-on: ubuntu-22.04
diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md
index 7e38f2eed..aa7fc18da 100644
--- a/docs/security/authorization/spark/build.md
+++ b/docs/security/authorization/spark/build.md
@@ -51,7 +51,7 @@ The available `spark.version`s are shown in the following table.
 |       3.3.x       |     √     |                                                           -                                                            |
 |       3.2.x       |     √     |                                                           -                                                            |
 |       3.1.x       |     √     |                                                           -                                                            |
-|       3.0.x       |     √     |                                                           -                                                            |
+|       3.0.x       |     x     |                                                    EOL since v1.9.0                                                    |
 | 2.4.x and earlier |     ×     | [PR 2367](https://github.com/apache/kyuubi/pull/2367) is used to track how we work with older releases with scala 2.11 |
 
 Currently, Spark released with Scala 2.12 are supported.
diff --git a/extensions/spark/kyuubi-spark-authz/README.md b/extensions/spark/kyuubi-spark-authz/README.md
index 374f83b03..9657b5b7a 100644
--- a/extensions/spark/kyuubi-spark-authz/README.md
+++ b/extensions/spark/kyuubi-spark-authz/README.md
@@ -38,7 +38,7 @@ build/mvn clean package -DskipTests -pl :kyuubi-spark-authz_2.12 -am -Dspark.ver
 - [x] 3.3.x
 - [x] 3.2.x
 - [x] 3.1.x
-- [x] 3.0.x
+- [ ] 3.0.x
 - [ ] 2.4.x and earlier
 
 ### Supported Apache Ranger Versions
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index 45186e250..39966af91 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -22,7 +22,6 @@ import org.scalatest.Outcome
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
 import org.apache.kyuubi.util.AssertionUtils._
 
@@ -30,9 +29,7 @@ import org.apache.kyuubi.util.AssertionUtils._
 class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val catalogImpl: String = "hive"
   override protected val sqlExtensions: String =
-    if (isSparkV31OrGreater) {
-      "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions"
-    } else ""
+    "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions"
   override protected def format = "iceberg"
 
   override protected val supportsUpdateTable = false
@@ -42,20 +39,17 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
   override protected val supportsPartitionManagement = false
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2",
-        "org.apache.iceberg.spark.SparkCatalog")
-      spark.conf.set(s"spark.sql.catalog.$catalogV2.type", "hadoop")
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2.warehouse",
-        Utils.createTempDir("iceberg-hadoop").toString)
-    }
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2",
+      "org.apache.iceberg.spark.SparkCatalog")
+    spark.conf.set(s"spark.sql.catalog.$catalogV2.type", "hadoop")
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2.warehouse",
+      Utils.createTempDir("iceberg-hadoop").toString)
     super.beforeAll()
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 723fabd7b..54b91eb28 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -662,7 +662,6 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
   }
 
   test("RefreshFunctionCommand") {
-    assume(isSparkV31OrGreater)
     sql(s"CREATE FUNCTION RefreshFunctionCommand AS '${getClass.getCanonicalName}'")
     val plan = sql("REFRESH FUNCTION RefreshFunctionCommand")
       .queryExecution.analyzed
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
index 1037d9811..4fe13201d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
@@ -23,7 +23,6 @@ import scala.util.Try
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.plugin.spark.authz.serde._
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.util.AssertionUtils._
 
 class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
@@ -39,15 +38,13 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
   val jdbcUrl: String = s"$dbUrl;create=true"
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2",
-        "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
-      spark.conf.set(s"spark.sql.catalog.$catalogV2.url", jdbcUrl)
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2.driver",
-        "org.apache.derby.jdbc.AutoloadedDriver")
-    }
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2",
+      "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+    spark.conf.set(s"spark.sql.catalog.$catalogV2.url", jdbcUrl)
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2.driver",
+      "org.apache.derby.jdbc.AutoloadedDriver")
     super.beforeAll()
   }
 
@@ -61,7 +58,6 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index 55fde3b68..e33fbb7a3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -37,9 +37,7 @@ import org.apache.kyuubi.util.AssertionUtils._
 class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   override protected val catalogImpl: String = "hive"
   override protected val sqlExtensions: String =
-    if (isSparkV31OrGreater)
-      "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions"
-    else ""
+    "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions"
 
   val catalogV2 = "local"
   val namespace1 = icebergNamespace
@@ -47,37 +45,34 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   val outputTable1 = "outputTable1"
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2",
-        "org.apache.iceberg.spark.SparkCatalog")
-      spark.conf.set(s"spark.sql.catalog.$catalogV2.type", "hadoop")
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2.warehouse",
-        Utils.createTempDir("iceberg-hadoop").toString)
-
-      super.beforeAll()
-
-      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
-      doAs(
-        admin,
-        sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1" +
-          " (id int, name string, city string) USING iceberg"))
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2",
+      "org.apache.iceberg.spark.SparkCatalog")
+    spark.conf.set(s"spark.sql.catalog.$catalogV2.type", "hadoop")
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2.warehouse",
+      Utils.createTempDir("iceberg-hadoop").toString)
 
-      doAs(
-        admin,
-        sql(s"INSERT INTO $catalogV2.$namespace1.$table1" +
-          " (id , name , city ) VALUES (1, 'liangbowen','Guangzhou')"))
-      doAs(
-        admin,
-        sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
-          " (id int, name string, city string) USING iceberg"))
-    }
+    super.beforeAll()
+
+    doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
+    doAs(
+      admin,
+      sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1" +
+        " (id int, name string, city string) USING iceberg"))
+
+    doAs(
+      admin,
+      sql(s"INSERT INTO $catalogV2.$namespace1.$table1" +
+        " (id , name , city ) VALUES (1, 'liangbowen','Guangzhou')"))
+    doAs(
+      admin,
+      sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
+        " (id int, name string, city string) USING iceberg"))
   }
 
   override def afterAll(): Unit = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 0c307195c..a4148d9a5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -567,11 +567,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
           someone, {
             sql(s"select * from $db1.$permView").collect()
           }))
-      if (isSparkV31OrGreater) {
-        assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$permView/id]"))
-      } else {
-        assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
-      }
+      assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$permView/id]"))
     }
   }
 
@@ -590,22 +586,12 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       // query all columns of the permanent view
       // with access privileges to the permanent view but no privilege to the source table
       val sql1 = s"SELECT * FROM $db1.$permView"
-      if (isSparkV31OrGreater) {
-        doAs(userPermViewOnly, { sql(sql1).collect() })
-      } else {
-        val e1 = intercept[AccessControlException](doAs(userPermViewOnly, { sql(sql1).collect() }))
-        assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
-      }
+      doAs(userPermViewOnly, { sql(sql1).collect() })
 
       // query the second column of permanent view with multiple columns
       // with access privileges to the permanent view but no privilege to the source table
       val sql2 = s"SELECT name FROM $db1.$permView"
-      if (isSparkV31OrGreater) {
-        doAs(userPermViewOnly, { sql(sql2).collect() })
-      } else {
-        val e2 = intercept[AccessControlException](doAs(userPermViewOnly, { sql(sql2).collect() }))
-        assert(e2.getMessage.contains(s"does not have [select] privilege on [$db1/$table/name]"))
-      }
+      doAs(userPermViewOnly, { sql(sql2).collect() })
     }
   }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 5c27a470f..253880bbf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -44,27 +44,25 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   val jdbcUrl: String = s"$dbUrl;create=true"
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2",
-        "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
-      spark.conf.set(s"spark.sql.catalog.$catalogV2.url", jdbcUrl)
-      spark.conf.set(
-        s"spark.sql.catalog.$catalogV2.driver",
-        "org.apache.derby.jdbc.AutoloadedDriver")
-
-      super.beforeAll()
-
-      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
-      doAs(
-        admin,
-        sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1" +
-          " (id int, name string, city string)"))
-      doAs(
-        admin,
-        sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
-          " (id int, name string, city string)"))
-    }
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2",
+      "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+    spark.conf.set(s"spark.sql.catalog.$catalogV2.url", jdbcUrl)
+    spark.conf.set(
+      s"spark.sql.catalog.$catalogV2.driver",
+      "org.apache.derby.jdbc.AutoloadedDriver")
+
+    super.beforeAll()
+
+    doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
+    doAs(
+      admin,
+      sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1" +
+        " (id int, name string, city string)"))
+    doAs(
+      admin,
+      sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
+        " (id int, name string, city string)"))
   }
 
   override def afterAll(): Unit = {
@@ -79,8 +77,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] CREATE DATABASE") {
-    assume(isSparkV31OrGreater)
-
     // create database
     val e1 = intercept[AccessControlException](
       doAs(someone, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace2").explain()))
@@ -89,8 +85,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] DROP DATABASE") {
-    assume(isSparkV31OrGreater)
-
     // create database
     val e1 = intercept[AccessControlException](
       doAs(someone, sql(s"DROP DATABASE IF EXISTS $catalogV2.$namespace2").explain()))
@@ -99,8 +93,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] SELECT TABLE") {
-    assume(isSparkV31OrGreater)
-
     // select
     val e1 = intercept[AccessControlException](
       doAs(someone, sql(s"select city, id from $catalogV2.$namespace1.$table1").explain()))
@@ -109,7 +101,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #4255] DESCRIBE TABLE") {
-    assume(isSparkV31OrGreater)
     val e1 = intercept[AccessControlException](
       doAs(someone, sql(s"DESCRIBE TABLE $catalogV2.$namespace1.$table1").explain()))
     assert(e1.getMessage.contains(s"does not have [select] privilege" +
@@ -117,8 +108,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] CREATE TABLE") {
-    assume(isSparkV31OrGreater)
-
     // CreateTable
     val e2 = intercept[AccessControlException](
       doAs(someone, sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2")))
@@ -136,8 +125,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] DROP TABLE") {
-    assume(isSparkV31OrGreater)
-
     // DropTable
     val e3 = intercept[AccessControlException](
       doAs(someone, sql(s"DROP TABLE $catalogV2.$namespace1.$table1")))
@@ -146,8 +133,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] INSERT TABLE") {
-    assume(isSparkV31OrGreater)
-
     // AppendData: Insert Using a VALUES Clause
     val e4 = intercept[AccessControlException](
       doAs(
@@ -186,8 +171,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] MERGE INTO") {
-    assume(isSparkV31OrGreater)
-
     val mergeIntoSql =
       s"""
          |MERGE INTO $catalogV2.$namespace1.$outputTable1 AS target
@@ -218,8 +201,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] UPDATE TABLE") {
-    assume(isSparkV31OrGreater)
-
     // UpdateTable
     val e5 = intercept[AccessControlException](
       doAs(
@@ -231,8 +212,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] DELETE FROM TABLE") {
-    assume(isSparkV31OrGreater)
-
     // DeleteFromTable
     val e6 = intercept[AccessControlException](
       doAs(someone, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=1")))
@@ -241,8 +220,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] CACHE TABLE") {
-    assume(isSparkV31OrGreater)
-
     // CacheTable
     val e7 = intercept[AccessControlException](
       doAs(
@@ -281,8 +258,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] ALTER TABLE") {
-    assume(isSparkV31OrGreater)
-
     // AddColumns
     val e61 = intercept[AccessControlException](
       doAs(
@@ -318,8 +293,6 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   }
 
   test("[KYUUBI #3424] COMMENT ON") {
-    assume(isSparkV31OrGreater)
-
     // CommentOnNamespace
     val e1 = intercept[AccessControlException](
       doAs(
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
index 905cd428c..405e53fc2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForIcebergSuite.scala
@@ -21,25 +21,18 @@ import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.Utils
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 class DataMaskingForIcebergSuite extends DataMaskingTestBase {
   override protected val extraSparkConf: SparkConf = {
-    val conf = new SparkConf()
-
-    if (isSparkV31OrGreater) {
-      conf
-        .set("spark.sql.defaultCatalog", "testcat")
-        .set(
-          "spark.sql.catalog.testcat",
-          "org.apache.iceberg.spark.SparkCatalog")
-        .set(s"spark.sql.catalog.testcat.type", "hadoop")
-        .set(
-          "spark.sql.catalog.testcat.warehouse",
-          Utils.createTempDir("iceberg-hadoop").toString)
-    }
-    conf
-
+    new SparkConf()
+      .set("spark.sql.defaultCatalog", "testcat")
+      .set(
+        "spark.sql.catalog.testcat",
+        "org.apache.iceberg.spark.SparkCatalog")
+      .set(s"spark.sql.catalog.testcat.type", "hadoop")
+      .set(
+        "spark.sql.catalog.testcat.warehouse",
+        Utils.createTempDir("iceberg-hadoop").toString)
   }
 
   override protected val catalogImpl: String = "in-memory"
@@ -47,19 +40,14 @@ class DataMaskingForIcebergSuite extends DataMaskingTestBase {
   override protected def format: String = "USING iceberg"
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      super.beforeAll()
-    }
+    super.beforeAll()
   }
 
   override def afterAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      super.afterAll()
-    }
+    super.afterAll()
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
index f74092d0b..249d90352 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
@@ -23,23 +23,17 @@ import scala.util.Try
 import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-
 class DataMaskingForJDBCV2Suite extends DataMaskingTestBase {
   override protected val extraSparkConf: SparkConf = {
-    val conf = new SparkConf()
-    if (isSparkV31OrGreater) {
-      conf
-        .set("spark.sql.defaultCatalog", "testcat")
-        .set(
-          "spark.sql.catalog.testcat",
-          "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
-        .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
-        .set(
-          s"spark.sql.catalog.testcat.driver",
-          "org.apache.derby.jdbc.AutoloadedDriver")
-    }
-    conf
+    new SparkConf()
+      .set("spark.sql.defaultCatalog", "testcat")
+      .set(
+        "spark.sql.catalog.testcat",
+        "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+      .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
+      .set(
+        s"spark.sql.catalog.testcat.driver",
+        "org.apache.derby.jdbc.AutoloadedDriver")
   }
 
   override protected val catalogImpl: String = "in-memory"
@@ -47,21 +41,18 @@ class DataMaskingForJDBCV2Suite extends DataMaskingTestBase {
   override protected def format: String = ""
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) super.beforeAll()
+    super.beforeAll()
   }
 
   override def afterAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      super.afterAll()
-      // cleanup db
-      Try {
-        DriverManager.getConnection(s"jdbc:derby:memory:testcat;shutdown=true")
-      }
+    super.afterAll()
+    // cleanup db
+    Try {
+      DriverManager.getConnection(s"jdbc:derby:memory:testcat;shutdown=true")
     }
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
index af87a39a0..d8877b7f9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingTestBase.scala
@@ -30,7 +30,6 @@ import org.scalatest.funsuite.AnyFunSuite
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
 import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 /**
  * Base trait for data masking tests, derivative classes shall name themselves following:
@@ -279,7 +278,6 @@ trait DataMaskingTestBase extends AnyFunSuite with SparkSessionProvider with Bef
   }
 
   test("KYUUBI #3581: permanent view should lookup rule on itself not the raw table") {
-    assume(isSparkV31OrGreater)
     val supported = doAs(
       permViewUser,
       Try(sql("CREATE OR REPLACE VIEW default.perm_view AS SELECT * FROM default.src")).isSuccess)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
index a93a69662..57a9e29b6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForIcebergSuite.scala
@@ -21,25 +21,18 @@ import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
 import org.apache.kyuubi.Utils
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 class RowFilteringForIcebergSuite extends RowFilteringTestBase {
   override protected val extraSparkConf: SparkConf = {
-    val conf = new SparkConf()
-
-    if (isSparkV31OrGreater) {
-      conf
-        .set("spark.sql.defaultCatalog", "testcat")
-        .set(
-          "spark.sql.catalog.testcat",
-          "org.apache.iceberg.spark.SparkCatalog")
-        .set(s"spark.sql.catalog.testcat.type", "hadoop")
-        .set(
-          "spark.sql.catalog.testcat.warehouse",
-          Utils.createTempDir("iceberg-hadoop").toString)
-    }
-    conf
-
+    new SparkConf()
+      .set("spark.sql.defaultCatalog", "testcat")
+      .set(
+        "spark.sql.catalog.testcat",
+        "org.apache.iceberg.spark.SparkCatalog")
+      .set(s"spark.sql.catalog.testcat.type", "hadoop")
+      .set(
+        "spark.sql.catalog.testcat.warehouse",
+        Utils.createTempDir("iceberg-hadoop").toString)
   }
 
   override protected val catalogImpl: String = "in-memory"
@@ -47,19 +40,14 @@ class RowFilteringForIcebergSuite extends RowFilteringTestBase {
   override protected def format: String = "USING iceberg"
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      super.beforeAll()
-    }
+    super.beforeAll()
   }
 
   override def afterAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      super.afterAll()
-    }
+    super.afterAll()
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
index 09ae6a008..7d20d0515 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
@@ -24,23 +24,17 @@ import scala.util.Try
 import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-
 class RowFilteringForJDBCV2Suite extends RowFilteringTestBase {
   override protected val extraSparkConf: SparkConf = {
-    val conf = new SparkConf()
-    if (isSparkV31OrGreater) {
-      conf
-        .set("spark.sql.defaultCatalog", "testcat")
-        .set(
-          "spark.sql.catalog.testcat",
-          "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
-        .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
-        .set(
-          s"spark.sql.catalog.testcat.driver",
-          "org.apache.derby.jdbc.AutoloadedDriver")
-    }
-    conf
+    new SparkConf()
+      .set("spark.sql.defaultCatalog", "testcat")
+      .set(
+        "spark.sql.catalog.testcat",
+        "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+      .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
+      .set(
+        s"spark.sql.catalog.testcat.driver",
+        "org.apache.derby.jdbc.AutoloadedDriver")
   }
 
   override protected val catalogImpl: String = "in-memory"
@@ -48,21 +42,18 @@ class RowFilteringForJDBCV2Suite extends RowFilteringTestBase {
   override protected def format: String = ""
 
   override def beforeAll(): Unit = {
-    if (isSparkV31OrGreater) super.beforeAll()
+    super.beforeAll()
   }
 
   override def afterAll(): Unit = {
-    if (isSparkV31OrGreater) {
-      super.afterAll()
-      // cleanup db
-      Try {
-        DriverManager.getConnection(s"jdbc:derby:memory:testcat;shutdown=true")
-      }
+    super.afterAll()
+    // cleanup db
+    Try {
+      DriverManager.getConnection(s"jdbc:derby:memory:testcat;shutdown=true")
     }
   }
 
   override def withFixture(test: NoArgTest): Outcome = {
-    assume(isSparkV31OrGreater)
     test()
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
index 8d9561a89..3d0890d19 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringTestBase.scala
@@ -27,7 +27,6 @@ import org.scalatest.funsuite.AnyFunSuite
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider
 import org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtension
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 /**
  * Base trait for row filtering tests, derivative classes shall name themselves following:
@@ -98,7 +97,6 @@ trait RowFilteringTestBase extends AnyFunSuite with SparkSessionProvider with Be
   }
 
   test("[KYUUBI #3581]: row level filter on permanent view") {
-    assume(isSparkV31OrGreater)
     val supported = doAs(
       permViewUser,
       Try(sql("CREATE OR REPLACE VIEW default.perm_view AS SELECT * FROM default.src")).isSuccess)

From e51095edaa783a8d28cec71c51f7367623d6062e Mon Sep 17 00:00:00 2001
From: ITzhangqiang <itzhangqiang@163.com>
Date: Wed, 11 Oct 2023 21:41:22 +0800
Subject: [PATCH 670/760] [KYUUBI #5365] Don't use Log4j2's extended throwable
 conversion pattern in default logging configurations

### _Why are the changes needed?_

The Apache Spark Community found a performance regression with log4j2. See https://github.com/apache/spark/pull/36747.

This PR to fix the performance issue on our side.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5400 from ITzhangqiang/KYUUBI_5365.

Closes #5365

dbb9d8b32 [ITzhangqiang] [KYUUBI #5365] Don't use Log4j2's extended throwable conversion pattern in default logging configurations

Authored-by: ITzhangqiang <itzhangqiang@163.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 conf/log4j2.xml.template                                    | 6 +++---
 docker/playground/conf/kyuubi-log4j2.xml                    | 2 +-
 docs/monitor/logging.md                                     | 2 +-
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/scala/resources/log4j2-test.xml                | 4 ++--
 .../kyuubi-spark-authz/src/test/resources/log4j2-test.xml   | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../kyuubi-spark-lineage/src/test/resources/log4j2-test.xml | 4 ++--
 .../kyuubi-chat-engine/src/test/resources/log4j2-test.xml   | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../kyuubi-jdbc-engine/src/test/resources/log4j2-test.xml   | 4 ++--
 .../src/test/resources/log4j2-test.xml                      | 4 ++--
 .../kyuubi-trino-engine/src/test/resources/log4j2-test.xml  | 4 ++--
 .../kyuubi-flink-it/src/test/resources/log4j2-test.xml      | 4 ++--
 .../kyuubi-hive-it/src/test/resources/log4j2-test.xml       | 4 ++--
 .../kyuubi-jdbc-it/src/test/resources/log4j2-test.xml       | 4 ++--
 .../kyuubi-kubernetes-it/src/test/resources/log4j2-test.xml | 4 ++--
 .../kyuubi-trino-it/src/test/resources/log4j2-test.xml      | 4 ++--
 .../kyuubi-zookeeper-it/src/test/resources/log4j2-test.xml  | 4 ++--
 kyuubi-common/src/main/resources/log4j2-defaults.xml        | 2 +-
 .../apache/kyuubi/operation/log/Log4j2DivertAppender.scala  | 2 +-
 kyuubi-common/src/test/resources/log4j2-test.xml            | 4 ++--
 kyuubi-ctl/src/test/resources/log4j2-test.xml               | 4 ++--
 kyuubi-events/src/test/resources/log4j2-test.xml            | 4 ++--
 kyuubi-ha/src/test/resources/log4j2-test.xml                | 4 ++--
 kyuubi-hive-jdbc/src/test/resources/log4j2-test.xml         | 4 ++--
 kyuubi-metrics/src/test/resources/log4j2-test.xml           | 4 ++--
 kyuubi-rest-client/src/test/resources/log4j2-test.xml       | 4 ++--
 kyuubi-server/src/test/resources/log4j2-test.xml            | 6 +++---
 kyuubi-zookeeper/src/test/resources/log4j2-test.xml         | 4 ++--
 37 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/conf/log4j2.xml.template b/conf/log4j2.xml.template
index 86f9459a1..4139b7dbe 100644
--- a/conf/log4j2.xml.template
+++ b/conf/log4j2.xml.template
@@ -30,14 +30,14 @@
     </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <RollingFile name="restAudit" fileName="${sys:restAuditLogPath}"
                      filePattern="${sys:restAuditLogFilePattern}">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n%ex"/>
             <Policies>
                 <SizeBasedTriggeringPolicy size="51200KB" />
             </Policies>
@@ -45,7 +45,7 @@
         </RollingFile>
         <RollingFile name="k8sAudit" fileName="${sys:k8sAuditLogPath}"
                      filePattern="${sys:k8sAuditLogFilePattern}">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n%ex"/>
             <Policies>
                 <SizeBasedTriggeringPolicy size="51200KB" />
             </Policies>
diff --git a/docker/playground/conf/kyuubi-log4j2.xml b/docker/playground/conf/kyuubi-log4j2.xml
index 6aedf7652..313c121bc 100644
--- a/docker/playground/conf/kyuubi-log4j2.xml
+++ b/docker/playground/conf/kyuubi-log4j2.xml
@@ -22,7 +22,7 @@
 <Configuration status="INFO">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/docs/monitor/logging.md b/docs/monitor/logging.md
index 24a5a88d6..9dce6e22a 100644
--- a/docs/monitor/logging.md
+++ b/docs/monitor/logging.md
@@ -114,7 +114,7 @@ For example, we can disable the console appender and enable the file appender li
 <Configuration status="INFO">
   <Appenders>
     <File name="fa" fileName="log/dummy.log">
-      <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
+      <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n%ex"/>
       <Filters>
         <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
       </Filters>
diff --git a/extensions/spark/kyuubi-extension-spark-3-3/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-3-3/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-extension-spark-3-3/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-3/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-4/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-extension-spark-common/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-common/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-extension-spark-common/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-extension-spark-common/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/src/test/scala/resources/log4j2-test.xml b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/src/test/scala/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-extension-spark-jdbc-dialect/src/test/scala/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-extension-spark-jdbc-dialect/src/test/scala/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml
index 5e01ed4ab..7aaf820ad 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-spark-connector-common/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-connector-common/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-spark-connector-common/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-connector-common/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-connector-hive/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-spark-connector-tpch/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-connector-tpch/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-spark-connector-tpch/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-connector-tpch/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/extensions/spark/kyuubi-spark-lineage/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-lineage/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/extensions/spark/kyuubi-spark-lineage/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-lineage/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml
index 585a12c6f..356d64590 100644
--- a/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml
+++ b/externals/kyuubi-chat-engine/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/externals/kyuubi-flink-sql-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-flink-sql-engine/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/resources/log4j2-test.xml
+++ b/externals/kyuubi-flink-sql-engine/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/externals/kyuubi-hive-sql-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-hive-sql-engine/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/externals/kyuubi-hive-sql-engine/src/test/resources/log4j2-test.xml
+++ b/externals/kyuubi-hive-sql-engine/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/externals/kyuubi-jdbc-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-jdbc-engine/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/externals/kyuubi-jdbc-engine/src/test/resources/log4j2-test.xml
+++ b/externals/kyuubi-jdbc-engine/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/externals/kyuubi-spark-sql-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-spark-sql-engine/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/resources/log4j2-test.xml
+++ b/externals/kyuubi-spark-sql-engine/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/externals/kyuubi-trino-engine/src/test/resources/log4j2-test.xml b/externals/kyuubi-trino-engine/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/externals/kyuubi-trino-engine/src/test/resources/log4j2-test.xml
+++ b/externals/kyuubi-trino-engine/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/integration-tests/kyuubi-flink-it/src/test/resources/log4j2-test.xml b/integration-tests/kyuubi-flink-it/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/integration-tests/kyuubi-flink-it/src/test/resources/log4j2-test.xml
+++ b/integration-tests/kyuubi-flink-it/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/integration-tests/kyuubi-hive-it/src/test/resources/log4j2-test.xml b/integration-tests/kyuubi-hive-it/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/integration-tests/kyuubi-hive-it/src/test/resources/log4j2-test.xml
+++ b/integration-tests/kyuubi-hive-it/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/integration-tests/kyuubi-jdbc-it/src/test/resources/log4j2-test.xml b/integration-tests/kyuubi-jdbc-it/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/integration-tests/kyuubi-jdbc-it/src/test/resources/log4j2-test.xml
+++ b/integration-tests/kyuubi-jdbc-it/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/resources/log4j2-test.xml b/integration-tests/kyuubi-kubernetes-it/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/resources/log4j2-test.xml
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/integration-tests/kyuubi-trino-it/src/test/resources/log4j2-test.xml b/integration-tests/kyuubi-trino-it/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/integration-tests/kyuubi-trino-it/src/test/resources/log4j2-test.xml
+++ b/integration-tests/kyuubi-trino-it/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/integration-tests/kyuubi-zookeeper-it/src/test/resources/log4j2-test.xml b/integration-tests/kyuubi-zookeeper-it/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/integration-tests/kyuubi-zookeeper-it/src/test/resources/log4j2-test.xml
+++ b/integration-tests/kyuubi-zookeeper-it/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-common/src/main/resources/log4j2-defaults.xml b/kyuubi-common/src/main/resources/log4j2-defaults.xml
index 63841959a..630584611 100644
--- a/kyuubi-common/src/main/resources/log4j2-defaults.xml
+++ b/kyuubi-common/src/main/resources/log4j2-defaults.xml
@@ -21,7 +21,7 @@
 <Configuration status="INFO">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
index 0daaeae48..d8e37a019 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/Log4j2DivertAppender.scala
@@ -93,7 +93,7 @@ object Log4j2DivertAppender {
           ap.getLayout.isInstanceOf[StringLayout])
       .map(_.getLayout.asInstanceOf[StringLayout])
       .getOrElse(PatternLayout.newBuilder().withPattern(
-        "%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n").build())
+        "%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n%ex").build())
   }
 
   def initialize(): Unit = {
diff --git a/kyuubi-common/src/test/resources/log4j2-test.xml b/kyuubi-common/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-common/src/test/resources/log4j2-test.xml
+++ b/kyuubi-common/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-ctl/src/test/resources/log4j2-test.xml b/kyuubi-ctl/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-ctl/src/test/resources/log4j2-test.xml
+++ b/kyuubi-ctl/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-events/src/test/resources/log4j2-test.xml b/kyuubi-events/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-events/src/test/resources/log4j2-test.xml
+++ b/kyuubi-events/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-ha/src/test/resources/log4j2-test.xml b/kyuubi-ha/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-ha/src/test/resources/log4j2-test.xml
+++ b/kyuubi-ha/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-hive-jdbc/src/test/resources/log4j2-test.xml b/kyuubi-hive-jdbc/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-hive-jdbc/src/test/resources/log4j2-test.xml
+++ b/kyuubi-hive-jdbc/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-metrics/src/test/resources/log4j2-test.xml b/kyuubi-metrics/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-metrics/src/test/resources/log4j2-test.xml
+++ b/kyuubi-metrics/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-rest-client/src/test/resources/log4j2-test.xml b/kyuubi-rest-client/src/test/resources/log4j2-test.xml
index 13ea5322a..2f13b5777 100644
--- a/kyuubi-rest-client/src/test/resources/log4j2-test.xml
+++ b/kyuubi-rest-client/src/test/resources/log4j2-test.xml
@@ -21,13 +21,13 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
         </File>
     </Appenders>
     <Loggers>
diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index 25e37e859..bccbf1b0d 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -24,20 +24,20 @@
     </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </File>
         <File name="restAudit" fileName="${sys:restAuditLogPath}">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c{1}: %m%n%ex"/>
         </File>
     </Appenders>
     <Loggers>
diff --git a/kyuubi-zookeeper/src/test/resources/log4j2-test.xml b/kyuubi-zookeeper/src/test/resources/log4j2-test.xml
index bfc40dd6d..3110216c1 100644
--- a/kyuubi-zookeeper/src/test/resources/log4j2-test.xml
+++ b/kyuubi-zookeeper/src/test/resources/log4j2-test.xml
@@ -21,14 +21,14 @@
 <Configuration status="WARN">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n%ex"/>
             <Filters>
                 <ThresholdFilter level="FATAL"/>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
         <File name="file" fileName="target/unit-tests.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>

From 98b74d2ad0cf5ff4b84424bb45c8092ced381aec Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Thu, 12 Oct 2023 08:44:02 +0800
Subject: [PATCH 671/760] [KYUUBI #5399] [AUTHZ] Cleanup Spark 3.0 specific
 implementation

### _Why are the changes needed?_

The cleanup follow-up for #5362, which removed the Spark 3.0 tests for Authz plugin.
Remove the `isSpark31OrGreater` and Spark 3.0 specific implementations in Authz plugin.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5399 from bowenliang123/authz-31greater.

Closes #5399

db4369b13 [Bowen Liang] import
cc38b1c1e [Bowen Liang] fix MASK_SHOW_FIRST_4
cf3ef4e1c [Bowen Liang] remove isSparkV31OrGreater

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala  | 6 +-----
 .../apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala  | 3 +--
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 9abb9cd28..d3059ef2d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -26,7 +26,6 @@ import org.apache.ranger.plugin.service.RangerBasePlugin
 import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.plugin.spark.authz.util.RangerConfigProvider
 
 object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
@@ -109,11 +108,8 @@ object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
       } else if (result.getMaskTypeDef != null) {
         result.getMaskTypeDef.getName match {
           case "MASK" => regexp_replace(col)
-          case "MASK_SHOW_FIRST_4" if isSparkV31OrGreater =>
-            regexp_replace(col, hasLen = true)
           case "MASK_SHOW_FIRST_4" =>
-            val right = regexp_replace(s"substr($col, 5)")
-            s"concat(substr($col, 0, 4), $right)"
+            regexp_replace(col, hasLen = true)
           case "MASK_SHOW_LAST_4" =>
             val left = regexp_replace(s"left($col, length($col) - 4)")
             s"concat($left, right($col, 4))"
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index 4f7cbb9ef..e95ff91ed 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -61,7 +61,7 @@ private[authz] object AuthZUtils {
 
   def hasResolvedPermanentView(plan: LogicalPlan): Boolean = {
     plan match {
-      case view: View if view.resolved && isSparkV31OrGreater =>
+      case view: View if view.resolved =>
         !getField[Boolean](view, "isTempView")
       case _ =>
         false
@@ -84,7 +84,6 @@ private[authz] object AuthZUtils {
   }
 
   lazy val SPARK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(SPARK_VERSION)
-  lazy val isSparkV31OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.1"
   lazy val isSparkV32OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.2"
   lazy val isSparkV33OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.3"
 

From fd69c6ee1dd40b7c4f496c74a45f574220448bc6 Mon Sep 17 00:00:00 2001
From: "chenliang.lu" <marssss2929@gmail.com>
Date: Thu, 12 Oct 2023 09:58:16 +0800
Subject: [PATCH 672/760] [KYUUBI #5407][AUTHZ] Tests for Iceberg system
 procedures of snapshot management

### _Why are the changes needed?_
To close #5407 .
Follow up for https://github.com/apache/kyuubi/pull/5248 .
Add some UT for snapshot management procedures. These procedures require alter permissions.

1.  rollback_to_snapshot  (https://iceberg.apache.org/docs/latest/spark-procedures/#rollback_to_snapshot):
Usage: `CALL catalog_name.system.rollback_to_snapshot('db.sample', 1)
`
Meaning: rollback a table to a specific snapshot ID.

2. rollback_to_timestamp (https://iceberg.apache.org/docs/latest/spark-procedures/#rollback_to_timestamp)
Usage: `CALL catalog_name.system.rollback_to_timestamp('db.sample', TIMESTAMP '2021-06-30 00:00:00')`
Meaning:  rollback the table to the latest snapshot less than time.

3.  set_current_snapshot (https://iceberg.apache.org/docs/latest/spark-procedures/#set_current_snapshot)
Usage: `CALL catalog_name.system.set_current_snapshot('db.sample', 1)`
Meaning:  Set a table to a specific snapshot ID.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5394 from yabola/add_call.

Closes #5407

98b7492e0 [Bowen Liang] split into 3 ut for snapshot management
23fe49ae4 [Bowen Liang] refactor ut
8ba97c6ef [chenliang.lu] Add UT for checking previleges in iceberg call snapshot management

Lead-authored-by: chenliang.lu <marssss2929@gmail.com>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 ...bergCatalogRangerSparkExtensionSuite.scala | 66 ++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index e33fbb7a3..492880553 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -16,11 +16,15 @@
  */
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
-// scalastyle:off
+import java.sql.Timestamp
+import java.text.SimpleDateFormat
+
 import scala.util.Try
 
+import org.apache.spark.sql.Row
 import org.scalatest.Outcome
 
+// scalastyle:off
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
@@ -281,4 +285,64 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
         })
     }
   }
+
+  private def prepareExampleIcebergTable(table: String, initSnapshots: Int): Unit = {
+    doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $table (id int, name string) USING iceberg"))
+    (0 until initSnapshots).foreach(i =>
+      doAs(admin, sql(s"INSERT INTO $table VALUES ($i, 'user_$i')")))
+  }
+
+  private def getFirstSnapshot(table: String): Row = {
+    val existedSnapshots =
+      sql(s"SELECT * FROM $table.snapshots ORDER BY committed_at ASC LIMIT 1").collect()
+    existedSnapshots(0)
+  }
+
+  test("CALL rollback_to_snapshot") {
+    val tableName = "table_rollback_to_snapshot"
+    val table = s"$catalogV2.$namespace1.$tableName"
+    withCleanTmpResources(Seq((table, "table"))) {
+      prepareExampleIcebergTable(table, 2)
+      val targetSnapshotId = getFirstSnapshot(table).getAs[Long]("snapshot_id")
+      val callRollbackToSnapshot =
+        s"CALL $catalogV2.system.rollback_to_snapshot (table => '$table', snapshot_id => $targetSnapshotId)"
+
+      interceptContains[AccessControlException](doAs(someone, sql(callRollbackToSnapshot)))(
+        s"does not have [alter] privilege on [$namespace1/$tableName]")
+      doAs(admin, sql(callRollbackToSnapshot))
+    }
+  }
+
+  test("CALL rollback_to_timestamp") {
+    val tableName = "table_rollback_to_timestamp"
+    val table = s"$catalogV2.$namespace1.$tableName"
+    withCleanTmpResources(Seq((table, "table"))) {
+      prepareExampleIcebergTable(table, 2)
+      val callRollbackToTimestamp = {
+        val targetSnapshotCommittedAt = getFirstSnapshot(table).getAs[Timestamp]("committed_at")
+        val targetTimestamp = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS")
+          .format(targetSnapshotCommittedAt.getTime + 1)
+        s"CALL $catalogV2.system.rollback_to_timestamp (table => '$table', timestamp => TIMESTAMP '$targetTimestamp')"
+      }
+
+      interceptContains[AccessControlException](doAs(someone, sql(callRollbackToTimestamp)))(
+        s"does not have [alter] privilege on [$namespace1/$tableName]")
+      doAs(admin, sql(callRollbackToTimestamp))
+    }
+  }
+
+  test("CALL set_current_snapshot") {
+    val tableName = "table_set_current_snapshot"
+    val table = s"$catalogV2.$namespace1.$tableName"
+    withCleanTmpResources(Seq((table, "table"))) {
+      prepareExampleIcebergTable(table, 2)
+      val targetSnapshotId = getFirstSnapshot(table).getAs[Long]("snapshot_id")
+      val callSetCurrentSnapshot =
+        s"CALL $catalogV2.system.set_current_snapshot (table => '$table', snapshot_id => $targetSnapshotId)"
+
+      interceptContains[AccessControlException](doAs(someone, sql(callSetCurrentSnapshot)))(
+        s"does not have [alter] privilege on [$namespace1/$tableName]")
+      doAs(admin, sql(callSetCurrentSnapshot))
+    }
+  }
 }

From 74e52f6924b8bd6a106925673c215383c0d50cf7 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Thu, 12 Oct 2023 15:11:18 +0800
Subject: [PATCH 673/760] [KYUUBI #5409] [DOCS] Update config docs regeneratoin
 hints in developer guide

### _Why are the changes needed?_

- Update the regeneration hits for `setting.md` in `develop.md`, as the config doc`settings.md` is checked and able to regenearted by `dev/gen/gen_all_config_docs.sh` script.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5409 from bowenliang123/regen-settings.

Closes #5409

985f39e51 [Bowen Liang] update docs

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 docs/contributing/code/developer.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/contributing/code/developer.md b/docs/contributing/code/developer.md
index ef6fb7988..518d71871 100644
--- a/docs/contributing/code/developer.md
+++ b/docs/contributing/code/developer.md
@@ -46,8 +46,7 @@ You can run `dev/reformat` to format all Java and Scala code.
 
 Kyuubi uses settings.md to explain available configurations.
 
-You can run `KYUUBI_UPDATE=1 build/mvn clean test -pl kyuubi-server -am -Pflink-provided,spark-provided,hive-provided -DwildcardSuites=org.apache.kyuubi.config.AllKyuubiConfiguration`
-to append descriptions of new configurations to settings.md.
+You can run `dev/gen/gen_all_config_docs.sh` to append and update descriptions of new configurations to `settings.md`.
 
 ## Generative Tooling Usage
 

From 1b229b63a0f101d495057cdbee6f81ee8b426006 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Fri, 13 Oct 2023 14:46:53 +0800
Subject: [PATCH 674/760] [KYUUBI #5323] [AUTHZ] Drop Hive and Iceberg tables
 with PURGE option in tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

- `DROP TABLE` for Iceberg tables only removes the table from catalog by default, which may contaminates other tests with same table
- Enable PURGE option for dropping Iceberg and Hive table
  - Iceberg Spark DDL `DROP TABLE ... PURGE`
  - To drop the table from the catalog and delete the table’s contents

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5323 from bowenliang123/iceberg-purge.

Closes #5323

ce4188dd2 [Bowen Liang] purge

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../spark/authz/SparkSessionProvider.scala     | 18 +++++++++++++++++-
 ...dbcTableCatalogPrivilegesBuilderSuite.scala | 10 +++++++---
 ...TableCatalogRangerSparkExtensionSuite.scala |  5 ++---
 .../DataMaskingForJDBCV2Suite.scala            |  6 +++---
 .../RowFilteringForJDBCV2Suite.scala           |  6 +++---
 .../operation/IcebergMetadataTests.scala       |  2 +-
 6 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index e6f70b4d1..c7e541ef5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -27,6 +27,7 @@ import org.scalatest.Assertions._
 
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 trait SparkSessionProvider {
@@ -79,7 +80,15 @@ trait SparkSessionProvider {
       f
     } finally {
       res.foreach {
-        case (t, "table") => doAs(admin, sql(s"DROP TABLE IF EXISTS $t"))
+        case (t, "table") => doAs(
+            admin, {
+              val purgeOption =
+                if (isSparkV32OrGreater && isCatalogSupportPurge(
+                    spark.sessionState.catalogManager.currentCatalog.name())) {
+                  "PURGE"
+                } else ""
+              sql(s"DROP TABLE IF EXISTS $t $purgeOption")
+            })
         case (db, "database") => doAs(admin, sql(s"DROP DATABASE IF EXISTS $db"))
         case (fn, "function") => doAs(admin, sql(s"DROP FUNCTION IF EXISTS $fn"))
         case (view, "view") => doAs(admin, sql(s"DROP VIEW IF EXISTS $view"))
@@ -96,4 +105,11 @@ trait SparkSessionProvider {
     doAs(user, assert(sql(query).collect() === result))
   }
 
+  private def isCatalogSupportPurge(catalogName: String): Boolean = {
+    val unsupportedCatalogs = Set(v2JdbcTableCatalogClassName)
+    spark.conf.getOption(s"spark.sql.catalog.$catalogName") match {
+      case Some(catalog) if !unsupportedCatalogs.contains(catalog) => true
+      case _ => false
+    }
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
index 4fe13201d..d1a6f4ae8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2JdbcTableCatalogPrivilegesBuilderSuite.scala
@@ -22,6 +22,7 @@ import scala.util.Try
 
 import org.scalatest.Outcome
 
+import org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.util.AssertionUtils._
 
@@ -38,9 +39,7 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
   val jdbcUrl: String = s"$dbUrl;create=true"
 
   override def beforeAll(): Unit = {
-    spark.conf.set(
-      s"spark.sql.catalog.$catalogV2",
-      "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+    spark.conf.set(s"spark.sql.catalog.$catalogV2", v2JdbcTableCatalogClassName)
     spark.conf.set(s"spark.sql.catalog.$catalogV2.url", jdbcUrl)
     spark.conf.set(
       s"spark.sql.catalog.$catalogV2.driver",
@@ -170,3 +169,8 @@ class V2JdbcTableCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite
     }
   }
 }
+
+object V2JdbcTableCatalogPrivilegesBuilderSuite {
+  val v2JdbcTableCatalogClassName: String =
+    "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog"
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
index 253880bbf..046052d55 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/V2JdbcTableCatalogRangerSparkExtensionSuite.scala
@@ -24,6 +24,7 @@ import scala.util.Try
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 /**
@@ -44,9 +45,7 @@ class V2JdbcTableCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSu
   val jdbcUrl: String = s"$dbUrl;create=true"
 
   override def beforeAll(): Unit = {
-    spark.conf.set(
-      s"spark.sql.catalog.$catalogV2",
-      "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+    spark.conf.set(s"spark.sql.catalog.$catalogV2", v2JdbcTableCatalogClassName)
     spark.conf.set(s"spark.sql.catalog.$catalogV2.url", jdbcUrl)
     spark.conf.set(
       s"spark.sql.catalog.$catalogV2.driver",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
index 249d90352..411d98cf9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingForJDBCV2Suite.scala
@@ -23,13 +23,13 @@ import scala.util.Try
 import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
+import org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite._
+
 class DataMaskingForJDBCV2Suite extends DataMaskingTestBase {
   override protected val extraSparkConf: SparkConf = {
     new SparkConf()
       .set("spark.sql.defaultCatalog", "testcat")
-      .set(
-        "spark.sql.catalog.testcat",
-        "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+      .set("spark.sql.catalog.testcat", v2JdbcTableCatalogClassName)
       .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
       .set(
         s"spark.sql.catalog.testcat.driver",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
index 7d20d0515..bfe1cd9e4 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfiltering/RowFilteringForJDBCV2Suite.scala
@@ -24,13 +24,13 @@ import scala.util.Try
 import org.apache.spark.SparkConf
 import org.scalatest.Outcome
 
+import org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite._
+
 class RowFilteringForJDBCV2Suite extends RowFilteringTestBase {
   override protected val extraSparkConf: SparkConf = {
     new SparkConf()
       .set("spark.sql.defaultCatalog", "testcat")
-      .set(
-        "spark.sql.catalog.testcat",
-        "org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog")
+      .set("spark.sql.catalog.testcat", v2JdbcTableCatalogClassName)
       .set(s"spark.sql.catalog.testcat.url", "jdbc:derby:memory:testcat;create=true")
       .set(
         s"spark.sql.catalog.testcat.driver",
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
index 99482f0c5..814c08343 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/operation/IcebergMetadataTests.scala
@@ -133,7 +133,7 @@ trait IcebergMetadataTests extends HiveJDBCTestHelper with IcebergSuiteMixin wit
             }
             assert(!rs1.next())
           } finally {
-            statement.execute(s"DROP TABLE IF EXISTS $cg.$db.tbl")
+            statement.execute(s"DROP TABLE IF EXISTS $cg.$db.tbl PURGE")
           }
         }
       }

From 4bb67bdf3bcabd135102bd85c8992e9b52ba9356 Mon Sep 17 00:00:00 2001
From: hezhao2 <hezhao2@cisco.com>
Date: Mon, 16 Oct 2023 11:46:56 +0800
Subject: [PATCH 675/760] [KYUUBI #5381] Change the default metrics reporter to
 Prometheus

### _Why are the changes needed?_

Close #5381

change default metrics reporter to prometheus since Kyuubi 1.8

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5344 from zhaohehuhu/Improvement-0928.

Closes #5381

84f4c8208 [hezhao2] reset METRICS_REPORTERS for test case
b9ee5f711 [Cheng Pan] Update kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
86165a6fe [Cheng Pan] Update kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
a3605b626 [hezhao2] set METRICS_PROMETHEUS_PORT to 0 for test cases
f1a4d2861 [hezhao2] restore version number for kyuubi.metrics.reporters in doc
dae40e1a2 [hezhao2] change default metrics reporter to prometheus

Lead-authored-by: hezhao2 <hezhao2@cisco.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                | 20 +++++++++----------
 docs/deployment/migration-guide.md            |  3 +++
 .../apache/kyuubi/metrics/MetricsConf.scala   |  2 +-
 .../ServerJsonLoggingEventHandlerSuite.scala  |  2 ++
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 832099764..2869a59cd 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -352,16 +352,16 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Metrics
 
-|               Key               | Default  |                                                                                                                                                                                                                                               Meaning                                                                                                                                                                                                                                                |   Type   | Since |
-|---------------------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.metrics.console.interval | PT5S     | How often should report metrics to console                                                                                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.2.0 |
-| kyuubi.metrics.enabled          | true     | Set to true to enable kyuubi metrics system                                                                                                                                                                                                                                                                                                                                                                                                                                                          | boolean  | 1.2.0 |
-| kyuubi.metrics.json.interval    | PT5S     | How often should report metrics to JSON file                                                                                                                                                                                                                                                                                                                                                                                                                                                         | duration | 1.2.0 |
-| kyuubi.metrics.json.location    | metrics  | Where the JSON metrics file located                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.2.0 |
-| kyuubi.metrics.prometheus.path  | /metrics | URI context path of prometheus metrics HTTP server                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.2.0 |
-| kyuubi.metrics.prometheus.port  | 10019    | Prometheus metrics HTTP server port                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.2.0 |
-| kyuubi.metrics.reporters        | JSON     | A comma-separated list for all metrics reporters<ul> <li>CONSOLE - ConsoleReporter which outputs measurements to CONSOLE periodically.</li> <li>JMX - JmxReporter which listens for new metrics and exposes them as MBeans.</li>  <li>JSON - JsonReporter which outputs measurements to json file periodically.</li> <li>PROMETHEUS - PrometheusReporter which exposes metrics in Prometheus format.</li> <li>SLF4J - Slf4jReporter which outputs measurements to system log periodically.</li></ul> | set      | 1.2.0 |
-| kyuubi.metrics.slf4j.interval   | PT5S     | How often should report metrics to SLF4J logger                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.2.0 |
+|               Key               |  Default   |                                                                                                                                                                                                                                               Meaning                                                                                                                                                                                                                                                |   Type   | Since |
+|---------------------------------|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.metrics.console.interval | PT5S       | How often should report metrics to console                                                                                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.2.0 |
+| kyuubi.metrics.enabled          | true       | Set to true to enable kyuubi metrics system                                                                                                                                                                                                                                                                                                                                                                                                                                                          | boolean  | 1.2.0 |
+| kyuubi.metrics.json.interval    | PT5S       | How often should report metrics to JSON file                                                                                                                                                                                                                                                                                                                                                                                                                                                         | duration | 1.2.0 |
+| kyuubi.metrics.json.location    | metrics    | Where the JSON metrics file located                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.2.0 |
+| kyuubi.metrics.prometheus.path  | /metrics   | URI context path of prometheus metrics HTTP server                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.2.0 |
+| kyuubi.metrics.prometheus.port  | 10019      | Prometheus metrics HTTP server port                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.2.0 |
+| kyuubi.metrics.reporters        | PROMETHEUS | A comma-separated list for all metrics reporters<ul> <li>CONSOLE - ConsoleReporter which outputs measurements to CONSOLE periodically.</li> <li>JMX - JmxReporter which listens for new metrics and exposes them as MBeans.</li>  <li>JSON - JsonReporter which outputs measurements to json file periodically.</li> <li>PROMETHEUS - PrometheusReporter which exposes metrics in Prometheus format.</li> <li>SLF4J - Slf4jReporter which outputs measurements to system log periodically.</li></ul> | set      | 1.2.0 |
+| kyuubi.metrics.slf4j.interval   | PT5S       | How often should report metrics to SLF4J logger                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.2.0 |
 
 ### Operation
 
diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index 27dad2aba..58df0fcc6 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -24,6 +24,9 @@
   To restore previous behavior, set `kyuubi.metadata.store.jdbc.database.type=DERBY` and
   `kyuubi.metadata.store.jdbc.url=jdbc:derby:memory:kyuubi_state_store_db;create=true`.
 
+* Since Kyuubi 1.8, PROMETHEUS is changed as the default metrics reporter. To restore previous behavior,
+  set `kyuubi.metrics.reporters=JSON`.
+
 ## Upgrading from Kyuubi 1.7.1 to 1.7.2
 
 * Since Kyuubi 1.7.2, for Kyuubi BeeLine, please use `--python-mode` option to run python code or script.
diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
index fe11f6eb1..9bc2e6324 100644
--- a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
+++ b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConf.scala
@@ -46,7 +46,7 @@ object MetricsConf {
     .transformToUpperCase
     .toSet()
     .checkValues(ReporterType)
-    .createWithDefault(Set(JSON.toString))
+    .createWithDefault(Set(PROMETHEUS.toString))
 
   val METRICS_CONSOLE_INTERVAL: ConfigEntry[Long] = buildConf("kyuubi.metrics.console.interval")
     .doc("How often should report metrics to console")
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
index 2f794ed48..1dc24aeec 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerJsonLoggingEventHandlerSuite.scala
@@ -34,6 +34,7 @@ import org.apache.kyuubi._
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.events.ServerEventHandlerRegister
+import org.apache.kyuubi.metrics.MetricsConf
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 import org.apache.kyuubi.operation.OperationState._
 import org.apache.kyuubi.server.KyuubiServer
@@ -56,6 +57,7 @@ class ServerJsonLoggingEventHandlerSuite extends WithKyuubiServer with HiveJDBCT
       .set(KyuubiConf.SERVER_EVENT_JSON_LOG_PATH, serverLogRoot)
       .set(KyuubiConf.ENGINE_SPARK_EVENT_LOGGERS, Seq("JSON"))
       .set(KyuubiConf.ENGINE_EVENT_JSON_LOG_PATH, engineLogRoot)
+      .set(MetricsConf.METRICS_REPORTERS, Set.empty[String])
   }
 
   override protected def jdbcUrl: String = getJdbcUrl

From c6113c3dc593b7537f7767f0359cee680c63814c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Oct 2023 07:56:24 +0000
Subject: [PATCH 676/760] Bump postcss from 8.4.16 to 8.4.31 in
 /kyuubi-server/web-ui (#5351)

---
 kyuubi-server/web-ui/package-lock.json | 26 +++++++++++++-------------
 kyuubi-server/web-ui/pnpm-lock.yaml    | 23 ++++-------------------
 2 files changed, 17 insertions(+), 32 deletions(-)

diff --git a/kyuubi-server/web-ui/package-lock.json b/kyuubi-server/web-ui/package-lock.json
index 352560cd7..fa01c2405 100644
--- a/kyuubi-server/web-ui/package-lock.json
+++ b/kyuubi-server/web-ui/package-lock.json
@@ -14,7 +14,7 @@
         "element-plus": "^2.2.12",
         "pinia": "^2.0.18",
         "pinia-plugin-persistedstate": "^2.1.1",
-        "swagger-ui-dist": "^5.6.2",
+        "swagger-ui-dist": "^4.9.1",
         "vue": "^3.2.37",
         "vue-i18n": "^9.2.2",
         "vue-router": "^4.1.3"
@@ -3444,9 +3444,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.24",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
-      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
+      "version": "8.4.31",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
+      "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -3874,9 +3874,9 @@
       }
     },
     "node_modules/swagger-ui-dist": {
-      "version": "5.6.2",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.6.2.tgz",
-      "integrity": "sha512-2LKVuU2m6RHkemJloKiKJOTpN2RPmbsiad0OfSdtmFHOXJKAgYRZMwJcpT96RX6E9HUB5RkVOFC6vWqVjRgSOg=="
+      "version": "4.19.1",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-4.19.1.tgz",
+      "integrity": "sha512-n/gFn+R7G/BXWwl5UZLw6F1YgWOlf3zkwGlsPhTMhNtAAolBGKg0JS5b2RKt5NI6/hSopVaSrki2wTIMUDDy2w=="
     },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
@@ -6940,9 +6940,9 @@
       }
     },
     "postcss": {
-      "version": "8.4.24",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
-      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
+      "version": "8.4.31",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
+      "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
       "requires": {
         "nanoid": "^3.3.6",
         "picocolors": "^1.0.0",
@@ -7223,9 +7223,9 @@
       }
     },
     "swagger-ui-dist": {
-      "version": "5.6.2",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.6.2.tgz",
-      "integrity": "sha512-2LKVuU2m6RHkemJloKiKJOTpN2RPmbsiad0OfSdtmFHOXJKAgYRZMwJcpT96RX6E9HUB5RkVOFC6vWqVjRgSOg=="
+      "version": "4.19.1",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-4.19.1.tgz",
+      "integrity": "sha512-n/gFn+R7G/BXWwl5UZLw6F1YgWOlf3zkwGlsPhTMhNtAAolBGKg0JS5b2RKt5NI6/hSopVaSrki2wTIMUDDy2w=="
     },
     "symbol-tree": {
       "version": "3.2.4",
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 83754291b..ffed6c6bd 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -797,7 +797,7 @@ packages:
       '@vue/shared': 3.2.37
       estree-walker: 2.0.2
       magic-string: 0.25.9
-      postcss: 8.4.16
+      postcss: 8.4.31
       source-map: 0.6.1
 
   /@vue/compiler-ssr@3.2.37:
@@ -2059,16 +2059,10 @@ packages:
     resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==}
     dev: true
 
-  /nanoid@3.3.4:
-    resolution: {integrity: sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==}
-    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
-    hasBin: true
-
   /nanoid@3.3.6:
     resolution: {integrity: sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==}
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
     hasBin: true
-    dev: true
 
   /natural-compare@1.4.0:
     resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
@@ -2242,22 +2236,13 @@ packages:
       util-deprecate: 1.0.2
     dev: true
 
-  /postcss@8.4.16:
-    resolution: {integrity: sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==}
-    engines: {node: ^10 || ^12 || >=14}
-    dependencies:
-      nanoid: 3.3.4
-      picocolors: 1.0.0
-      source-map-js: 1.0.2
-
-  /postcss@8.4.24:
-    resolution: {integrity: sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==}
+  /postcss@8.4.31:
+    resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==}
     engines: {node: ^10 || ^12 || >=14}
     dependencies:
       nanoid: 3.3.6
       picocolors: 1.0.0
       source-map-js: 1.0.2
-    dev: true
 
   /prelude-ls@1.1.2:
     resolution: {integrity: sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==}
@@ -2674,7 +2659,7 @@ packages:
     dependencies:
       '@types/node': 18.7.6
       esbuild: 0.17.19
-      postcss: 8.4.24
+      postcss: 8.4.31
       resolve: 1.22.1
       rollup: 3.24.0
       sass: 1.54.4

From 143b26b6e8b825cc7f75d339e55df2857f94f766 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Mon, 16 Oct 2023 18:54:57 +0800
Subject: [PATCH 677/760] [KYUUBI #5284] Support Hudi Alter Table Command in
 Authz

### _Why are the changes needed?_

To close #5284.

Hudi also is a common used data format, since kyuubi already support iceberg and delta, we should also support hudi.
In this pr we support hoodie sql about ALTER COMMAND in authz

In this PR we use default Hudi version 0.14.0.
We support from spark 3.1 to spark 3.4, since Hudi don't support spark 3.5 yet

- [x] spark 3.1
- [x] spark 3.2
- [x] spark 3.3
- [x] spark 3.4
- [ ] spark 3.5

Also since Hudi only supports Scala 2.12, I also made Hudi as a separate profile to avoid importing Hudi when enable Scala 2.13

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5287 from AngersZhuuuu/KYUUBI-5284.

Closes #5284

f171e11af [Angerszhuuuu] Update pom.xml
3f57a3dc5 [Angerszhuuuu] follow comment
f6c764028 [Angerszhuuuu] follow comment
51797e25c [Angerszhuuuu] trigger
b3c059af9 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
3510e7601 [liangbowen] remove scope in dependencyManagement
14ea0d498 [liangbowen] change to use `spark.binary.version` for hudi dependency by default
354260eb0 [liangbowen] remove the abbreviation tite
658bddbab [liangbowen] remove clarification and use ALTERTABLE_PROPERTIES for opType
150edcd40 [Angerszhuuuu] update
30c417b19 [Angerszhuuuu] trigger
56e5cb17b [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
fe9b75270 [Angerszhuuuu] update
888943831 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
db749a277 [Angerszhuuuu] update
9b09e78c2 [Angerszhuuuu] Update HudiCommands.scala
87de62e52 [Angerszhuuuu] follow comment
2d551d112 [Angerszhuuuu] Update master.yml
89082e06b [Angerszhuuuu] Update master.yml
7c7846378 [Angerszhuuuu] Merge branch 'KYUUBI-5284' of https://github.com/AngersZhuuuu/incubator-kyuubi into KYUUBI-5284
d32ca9839 [Angerszhuuuu] Update master.yml
ec43e2a7b [Angerszhuuuu] Merge branch 'master' into KYUUBI-5284
b3611fd3e [Angerszhuuuu] update
2a0dfa74f [Angerszhuuuu] Update AuthZUtils.scala
45ee9e251 [Angerszhuuuu] update
0560a5e14 [Angerszhuuuu] Update pom.xml
97c50f622 [Angerszhuuuu] update
f57ee0093 [Angerszhuuuu] Update table_command_spec.json
fb72197e6 [Angerszhuuuu] update
2154cf928 [Angerszhuuuu] trigger
44469359f [Angerszhuuuu] trigger
b0e768cb8 [Angerszhuuuu] Update HoodieCatalogRangerSparkExtensionSuite.scala
83795ed63 [Angerszhuuuu] Update pom.xml
eed190f92 [Angerszhuuuu] update
361660145 [Angerszhuuuu] update
1ed1f3ab6 [Angerszhuuuu] Update
7ee3c7dd5 [Angerszhuuuu] Merge branch 'KYUUBI-5284' of https://github.com/AngersZhuuuu/incubator-kyuubi into KYUUBI-5284
ee0916f63 [Angerszhuuuu] Update HoodieCatalogRangerSparkExtensionSuite.scala
010260fa4 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5284
c11d02def [Angerszhuuuu] update
b84f91f65 [Angerszhuuuu] update
42fbb0ffa [Angerszhuuuu] Update HoodieCatalogRangerSparkExtensionSuite.scala
c1346adb1 [Angerszhuuuu] update
2ec63ae94 [Angerszhuuuu] Update pom.xml
39bce7468 [Angerszhuuuu] update
c70b0ea2f [Angerszhuuuu] Update pom.xml
e1d85ff77 [Angerszhuuuu] Update pom.xml
59012ac25 [Angerszhuuuu] Update pom.xml
a46de65b5 [Angerszhuuuu] Update HoodieTest.java
b8173b893 [Angerszhuuuu] update
055713329 [Angerszhuuuu] Update table_command_spec.json
d7b21e820 [Angerszhuuuu] Update HoodieCatalogRangerSparkExtensionSuite.scala
0a93ff794 [Angerszhuuuu] [KYUUBI #5284] Kyuubi authz support Hoodie Alter Table Command

Lead-authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .github/workflows/master.yml                  |   8 +-
 extensions/spark/kyuubi-spark-authz/pom.xml   |  17 +++
 .../main/resources/table_command_spec.json    |  97 +++++++++++++
 .../plugin/spark/authz/util/AuthZUtils.scala  |   6 +
 .../spark/authz/RangerTestResources.scala     |   1 +
 .../plugin/spark/authz/gen/HudiCommands.scala |  82 +++++++++++
 .../authz/gen/JsonSpecFileGenerator.scala     |   2 +-
 ...HudiCatalogRangerSparkExtensionSuite.scala | 132 ++++++++++++++++++
 .../java/org/apache/kyuubi/tags/HudiTest.java |  29 ++++
 pom.xml                                       |  16 ++-
 10 files changed, 382 insertions(+), 8 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/HudiTest.java

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index c3cc53736..f590ea267 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -60,17 +60,17 @@ jobs:
           - java: 8
             spark: '3.4'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.1.3 -Dspark.archive.name=spark-3.1.3-bin-hadoop3.2.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.1-binary'
           - java: 8
             spark: '3.4'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.2.4 -Dspark.archive.name=spark-3.2.4-bin-hadoop3.2.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.2-binary'
           - java: 8
             spark: '3.4'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.3.3 -Dspark.archive.name=spark-3.3.3-bin-hadoop3.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.3-binary'
           - java: 8
             spark: '3.4'
@@ -108,7 +108,7 @@ jobs:
         run: |
           TEST_MODULES="dev/kyuubi-codecov"
           ./build/mvn clean install ${MVN_OPT} -pl ${TEST_MODULES} -am \
-          -Pspark-${{ matrix.spark }} ${{ matrix.spark-archive }} ${{ matrix.exclude-tags }}
+          -Pspark-${{ matrix.spark }} -Pspark-authz-hudi-test ${{ matrix.spark-archive }} ${{ matrix.exclude-tags }}
       - name: Code coverage
         if: |
           matrix.java == 8 &&
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 1ae63fcb3..97145e514 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -336,6 +336,23 @@
     </build>
 
     <profiles>
+        <!--
+          Add spark-authz-hudi-test profile here to avoid import Apache Hudi when enable scala-2.13.
+          Can remove this profile after Apache Hudi support Scala 2.13.
+          https://issues.apache.org/jira/browse/HUDI-6296
+          -->
+        <profile>
+            <id>spark-authz-hudi-test</id>
+            <dependencies>
+                <dependency>
+                    <groupId>org.apache.hudi</groupId>
+                    <artifactId>hudi-spark${hudi.spark.binary.version}-bundle_${scala.binary.version}</artifactId>
+                    <version>${hudi.version}</version>
+                    <scope>test</scope>
+                </dependency>
+            </dependencies>
+        </profile>
+
         <profile>
             <id>gen-policy</id>
             <build>
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 06d76c7e5..2febac11b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1409,4 +1409,101 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableAddColumnsCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableId",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : {
+      "fieldName" : "colsToAdd",
+      "fieldExtractor" : "StructFieldSeqColumnExtractor"
+    },
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_ADDCOLS",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableChangeColumnCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableIdentifier",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : {
+      "fieldName" : "columnName",
+      "fieldExtractor" : "StringColumnExtractor"
+    },
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_REPLACECOLS",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableDropPartitionCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableIdentifier",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : {
+      "fieldName" : "partitionSpecs",
+      "fieldExtractor" : "PartitionSeqColumnExtractor"
+    },
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_DROPPARTS",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableRenameCommand",
+  "tableDescs" : [ {
+    "fieldName" : "oldName",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : {
+      "fieldName" : "oldName",
+      "fieldExtractor" : "TableIdentifierTableTypeExtractor",
+      "skipTypes" : [ "TEMP_VIEW" ]
+    },
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_RENAME",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.AlterTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_PROPERTIES",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_PROPERTIES",
+  "queryDescs" : [ ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index e95ff91ed..2477c9e45 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -86,6 +86,12 @@ private[authz] object AuthZUtils {
   lazy val SPARK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(SPARK_VERSION)
   lazy val isSparkV32OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.2"
   lazy val isSparkV33OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.3"
+  lazy val isSparkV34OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.4"
+  lazy val isSparkV35OrGreater: Boolean = SPARK_RUNTIME_VERSION >= "3.5"
+
+  lazy val SCALA_RUNTIME_VERSION: SemanticVersion =
+    SemanticVersion(scala.util.Properties.versionNumberString)
+  lazy val isScalaV213: Boolean = SCALA_RUNTIME_VERSION >= "2.13"
 
   def quoteIfNeeded(part: String): String = {
     if (part.matches("[a-zA-Z0-9_]+") && !part.matches("\\d+")) {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
index 2297f73f9..0b1df64da 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
@@ -40,6 +40,7 @@ object RangerTestNamespace {
   val defaultDb = "default"
   val sparkCatalog = "spark_catalog"
   val icebergNamespace = "iceberg_ns"
+  val hudiNamespace = "hudi_ns"
   val namespace1 = "ns1"
   val namespace2 = "ns2"
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
new file mode 100644
index 000000000..6e3237d2a
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.gen
+
+import org.apache.kyuubi.plugin.spark.authz.OperationType._
+import org.apache.kyuubi.plugin.spark.authz.serde._
+import org.apache.kyuubi.plugin.spark.authz.serde.TableType._
+
+object HudiCommands {
+  val AlterHoodieTableAddColumnsCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.AlterHoodieTableAddColumnsCommand"
+    val columnDesc = ColumnDesc("colsToAdd", classOf[StructFieldSeqColumnExtractor])
+    val tableDesc = TableDesc("tableId", classOf[TableIdentifierTableExtractor], Some(columnDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_ADDCOLS)
+  }
+
+  val AlterHoodieTableChangeColumnCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.AlterHoodieTableChangeColumnCommand"
+    val columnDesc = ColumnDesc("columnName", classOf[StringColumnExtractor])
+    val tableDesc =
+      TableDesc("tableIdentifier", classOf[TableIdentifierTableExtractor], Some(columnDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_REPLACECOLS)
+  }
+
+  val AlterHoodieTableDropPartitionCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.AlterHoodieTableDropPartitionCommand"
+    val columnDesc = ColumnDesc("partitionSpecs", classOf[PartitionSeqColumnExtractor])
+    val tableDesc =
+      TableDesc("tableIdentifier", classOf[TableIdentifierTableExtractor], Some(columnDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_DROPPARTS)
+  }
+
+  val AlterHoodieTableRenameCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.AlterHoodieTableRenameCommand"
+    val oldTableTableTypeDesc =
+      TableTypeDesc(
+        "oldName",
+        classOf[TableIdentifierTableTypeExtractor],
+        Seq(TEMP_VIEW))
+    val oldTableD = TableDesc(
+      "oldName",
+      classOf[TableIdentifierTableExtractor],
+      tableTypeDesc = Some(oldTableTableTypeDesc))
+
+    TableCommandSpec(cmd, Seq(oldTableD), ALTERTABLE_RENAME)
+  }
+
+  val AlterTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.AlterTableCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor], None)
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_PROPERTIES)
+  }
+
+  val Spark31AlterTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor], None)
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_PROPERTIES)
+  }
+
+  val data: Array[TableCommandSpec] = Array(
+    AlterHoodieTableAddColumnsCommand,
+    AlterHoodieTableChangeColumnCommand,
+    AlterHoodieTableDropPartitionCommand,
+    AlterHoodieTableRenameCommand,
+    AlterTableCommand,
+    Spark31AlterTableCommand)
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index 855e25e87..1b2d330d1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -43,7 +43,7 @@ class JsonSpecFileGenerator extends AnyFunSuite {
   // scalastyle:on
   test("check spec json files") {
     writeCommandSpecJson("database", DatabaseCommands.data)
-    writeCommandSpecJson("table", TableCommands.data ++ IcebergCommands.data)
+    writeCommandSpecJson("table", TableCommands.data ++ IcebergCommands.data ++ HudiCommands.data)
     writeCommandSpecJson("function", FunctionCommands.data)
     writeCommandSpecJson("scan", Scans.data)
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
new file mode 100644
index 000000000..8fcae6cf9
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.plugin.spark.authz.ranger
+
+import org.apache.spark.SparkConf
+import org.scalatest.Outcome
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.tags.HudiTest
+import org.apache.kyuubi.util.AssertionUtils.interceptContains
+
+/**
+ * Tests for RangerSparkExtensionSuite on Hudi SQL.
+ * Run this test should enbale `hudi` profile.
+ */
+@HudiTest
+class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
+  override protected val catalogImpl: String = "hive"
+  // TODO: Apache Hudi not support Spark 3.5 and Scala 2.13 yet,
+  //  should change after Apache Hudi support Spark 3.5 and Scala 2.13.
+  private def isSupportedVersion = !isSparkV35OrGreater && !isScalaV213
+
+  override protected val sqlExtensions: String =
+    if (isSupportedVersion) {
+      "org.apache.spark.sql.hudi.HoodieSparkSessionExtension"
+    } else {
+      ""
+    }
+
+  override protected val extraSparkConf: SparkConf =
+    new SparkConf()
+      .set("spark.serializer", "org.apache.spark.serializer.KryoSerializer")
+
+  val namespace1 = hudiNamespace
+  val table1 = "table1_hoodie"
+  val table2 = "table2_hoodie"
+  val outputTable1 = "outputTable_hoodie"
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSupportedVersion)
+    test()
+  }
+
+  override def beforeAll(): Unit = {
+    if (isSupportedVersion) {
+      if (isSparkV32OrGreater) {
+        spark.conf.set(
+          s"spark.sql.catalog.$sparkCatalog",
+          "org.apache.spark.sql.hudi.catalog.HoodieCatalog")
+        spark.conf.set(s"spark.sql.catalog.$sparkCatalog.type", "hadoop")
+        spark.conf.set(
+          s"spark.sql.catalog.$sparkCatalog.warehouse",
+          Utils.createTempDir("hudi-hadoop").toString)
+      }
+      super.beforeAll()
+    }
+  }
+
+  override def afterAll(): Unit = {
+    if (isSupportedVersion) {
+      super.afterAll()
+      spark.sessionState.catalog.reset()
+      spark.sessionState.conf.clear()
+    }
+  }
+
+  test("AlterTableCommand") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING hudi
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+
+      // AlterHoodieTableAddColumnsCommand
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS(age int)")))(
+        s"does not have [alter] privilege on [$namespace1/$table1/age]")
+
+      // AlterHoodieTableChangeColumnCommand
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 CHANGE COLUMN id id bigint")))(
+        s"does not have [alter] privilege" +
+          s" on [$namespace1/$table1/id]")
+
+      // AlterHoodieTableDropPartitionCommand
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 DROP PARTITION (city='test')")))(
+        s"does not have [alter] privilege" +
+          s" on [$namespace1/$table1/city]")
+
+      // AlterHoodieTableRenameCommand
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 RENAME TO $namespace1.$table2")))(
+        s"does not have [alter] privilege" +
+          s" on [$namespace1/$table1]")
+
+      // AlterTableCommand && Spark31AlterTableCommand
+      sql("set hoodie.schema.on.read.enable=true")
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS(age int)")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
+    }
+  }
+}
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/HudiTest.java b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/HudiTest.java
new file mode 100644
index 000000000..346f146fa
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/HudiTest.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.tags;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.scalatest.TagAnnotation;
+
+@TagAnnotation
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface HudiTest {}
diff --git a/pom.xml b/pom.xml
index df1e0c3b7..5773eda53 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,6 +158,8 @@
         <hive.archive.download.skip>false</hive.archive.download.skip>
         <httpclient.version>4.5.14</httpclient.version>
         <httpcore.version>4.4.16</httpcore.version>
+        <hudi.version>0.14.0</hudi.version>
+        <hudi.spark.binary.version>${spark.binary.version}</hudi.spark.binary.version>
         <iceberg.version>1.4.0</iceberg.version>
         <jackson.version>2.15.0</jackson.version>
         <jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
@@ -234,7 +236,7 @@
         <maven.plugin.frontend.version>1.12.1</maven.plugin.frontend.version>
         <maven.plugin.scala.version>4.8.0</maven.plugin.scala.version>
         <maven.plugin.scalatest.version>2.2.0</maven.plugin.scalatest.version>
-        <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
+        <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>
         <maven.plugin.scalatest.debug.enabled>false</maven.plugin.scalatest.debug.enabled>
         <maven.plugin.spotless.version>2.30.0</maven.plugin.spotless.version>
@@ -1475,6 +1477,12 @@
                 <artifactId>threeten-extra</artifactId>
                 <version>${threeten.version}</version>
             </dependency>
+
+            <dependency>
+                <groupId>org.apache.hudi</groupId>
+                <artifactId>hudi-spark${hudi.spark.binary.version}-bundle_${scala.binary.version}</artifactId>
+                <version>${hudi.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -2239,7 +2247,7 @@
                 <delta.version>2.4.0</delta.version>
                 <spark.version>3.4.1</spark.version>
                 <spark.binary.version>3.4</spark.binary.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 
@@ -2250,6 +2258,8 @@
             </modules>
             <properties>
                 <delta.version>2.4.0</delta.version>
+                <!-- Remove this when Hudi supports Spark 3.5 -->
+                <hudi.spark.binary.version>3.4</hudi.spark.binary.version>
                 <spark.version>3.5.0</spark.version>
                 <spark.binary.version>3.5</spark.binary.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
@@ -2260,7 +2270,7 @@
             <id>spark-master</id>
             <properties>
                 <spark.version>4.0.0-SNAPSHOT</spark.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
             </properties>
             <repositories>
                 <repository>

From 32b6dc3b743c1cf5c97508c1d320f873a694869d Mon Sep 17 00:00:00 2001
From: sychen <sychen@ctrip.com>
Date: Mon, 16 Oct 2023 21:25:39 +0800
Subject: [PATCH 678/760] [KYUUBI #5426] [MINOR][KSHC] Avoid use
 class.newInstance directly

### _Why are the changes needed?_

Remove the deprecated usage.

https://github.com/openjdk/jdk11u-dev/blob/c780db754e14ff77995dc090396d1958cea1ada1/src/java.base/share/classes/java/lang/Class.java#L534-L535

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5426 from cxzl25/newInstance.

Closes #5426

dcb679b95 [sychen] avoid use class.newInstance directly

Authored-by: sychen <sychen@ctrip.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/connector/hive/read/HivePartitionedReader.scala    | 5 +++--
 .../apache/kyuubi/spark/connector/hive/read/HiveReader.scala | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
index 732643eb1..5463a7bdd 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HivePartitionedReader.scala
@@ -47,7 +47,7 @@ case class HivePartitionedReader(
 
   private val hiveConf = broadcastHiveConf.value.value
 
-  private val tableDeser = tableDesc.getDeserializerClass.newInstance()
+  private val tableDeser = tableDesc.getDeserializerClass.getDeclaredConstructor().newInstance()
   tableDeser.initialize(hiveConf, tableDesc.getProperties)
 
   private val localDeser: Deserializer = bindPartitionOpt match {
@@ -55,7 +55,8 @@ case class HivePartitionedReader(
       val tableProperties = tableDesc.getProperties
       val props = new Properties(tableProperties)
       val deserializer =
-        bindPartition.getDeserializer.getClass.asInstanceOf[Class[Deserializer]].newInstance()
+        bindPartition.getDeserializer.getClass.asInstanceOf[
+          Class[Deserializer]].getDeclaredConstructor().newInstance()
       deserializer.initialize(hiveConf, props)
       deserializer
     case _ => tableDeser
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala
index 54f6e80c0..f6a7b194e 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveReader.scala
@@ -62,7 +62,7 @@ object HiveReader {
 
     HiveShim.appendReadColumns(hiveConf, neededColumnIDs, neededColumnNames)
 
-    val deserializer = tableDesc.getDeserializerClass.newInstance
+    val deserializer = tableDesc.getDeserializerClass.getDeclaredConstructor().newInstance()
     deserializer.initialize(hiveConf, tableDesc.getProperties)
 
     // Specifies types and object inspectors of columns to be scanned.

From 64ea27c1ff9da82c273078c70a15e709c3dbfb49 Mon Sep 17 00:00:00 2001
From: minyk <minykreva@gmail.com>
Date: Mon, 16 Oct 2023 21:27:54 +0800
Subject: [PATCH 679/760] [KYUUBI #5425] Add thread name and ID to
 log4j2-defaults.xml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

Add `%tn` to `log4j2-defaults.xml` for more informations.

This close #5425

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [X] Add screenshots for manual tests if appropriate
![Screenshot 2023-10-16 at 6 05 00 PM](https://github.com/apache/kyuubi/assets/1802676/0d155d40-78f5-4f9f-beea-f592e409e523)

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5428 from minyk/kyuubi-5425.

Closes #5425

e42a4b286 [minyk] add thread name and id to log4j2.xml.template
705e86e49 [minyk] add thread name and id to log pattern

Authored-by: minyk <minykreva@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 conf/log4j2.xml.template                             | 2 +-
 kyuubi-common/src/main/resources/log4j2-defaults.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/log4j2.xml.template b/conf/log4j2.xml.template
index 4139b7dbe..2601690eb 100644
--- a/conf/log4j2.xml.template
+++ b/conf/log4j2.xml.template
@@ -30,7 +30,7 @@
     </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n%ex"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %tn %c: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
diff --git a/kyuubi-common/src/main/resources/log4j2-defaults.xml b/kyuubi-common/src/main/resources/log4j2-defaults.xml
index 630584611..7a1a33235 100644
--- a/kyuubi-common/src/main/resources/log4j2-defaults.xml
+++ b/kyuubi-common/src/main/resources/log4j2-defaults.xml
@@ -21,7 +21,7 @@
 <Configuration status="INFO">
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n%ex"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %tn %c: %m%n%ex"/>
             <Filters>
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>

From 5940fd14108b605e8daadd1f25a14bc8dc793a49 Mon Sep 17 00:00:00 2001
From: Omkar Makhare <omimakhare11@gmail.com>
Date: Mon, 16 Oct 2023 22:03:57 +0800
Subject: [PATCH 680/760] [KYUUBI #5432] Fix typo in README.md

## Description:
This Pull Request fixes a typographical error in the README.md file.

## Changes Made:
"e.t.c." has been changed to "etc." for the correct abbreviation.

## Additional Information:
This fix is not related to any existing issue. It's a minor typo that I noticed while reviewing the README.

Thank you for considering this contribution.

Closes #5431 from omimakhare/patch-1.

Closes #5432

b5c1aa650 [OMKAR MAKHARE] Update README.md

Lead-authored-by: Omkar Makhare <omimakhare11@gmail.com>
Co-authored-by: OMKAR MAKHARE <114830033+omimakhare@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6b1423e78..d87cfabd8 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ In typical big data production environments with Kyuubi, there should be system
 - System administrators: A small group consists of Spark experts responsible for Kyuubi deployment, configuration, and tuning.
 - End-users: Focus on business data of their own, not where it stores, how it computes.
 
-Additionally, the Kyuubi community will continuously optimize the whole system with various features, such as History-Based Optimizer, Auto-tuning, Materialized View, SQL Dialects, Functions, e.t.c.
+Additionally, the Kyuubi community will continuously optimize the whole system with various features, such as History-Based Optimizer, Auto-tuning, Materialized View, SQL Dialects, Functions, etc.
 
 ### Usage scenarios
 

From b24d94e74f3cc6648c09d0d44ead781b1b2e70b1 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Mon, 16 Oct 2023 22:43:02 +0800
Subject: [PATCH 681/760] [KYUUBI #5328] Batch supports priority scheduling

### _Why are the changes needed?_

Follow #5329 and close #5328:

1. Add new config `kyuubi.metadata.store.jdbc.priority.enabled` to control whether enable priority scheduling, due to users may experience performance issues when using MySQL5.7 as metastore backend and enabling kyuubi batch v2 priority feature.
2. When priority scheduling is enabled, `KyuubiBatchService` picks metadata job with `ORDER BY priority DESC, create_time ASC`.
3. Insert metadata with priority field, default priority value is `10`.
4. Add new config `kyuubi.batch.priority` for each batch priority.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5352 from zwangsheng/KYUUBI#5328.

Closes #5328

687ed1ed6 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
58621b557 [zwangsheng] fix comments
1bf81e75c [zwangsheng] fix style
7ed2551b3 [zwangsheng] update default priority desc & improve UT
21ceccb01 [zwangsheng] fix doc
27fc5e825 [zwangsheng] enrich desc
c0bbc0dfd [zwangsheng] fix style
6b8d0f091 [zwangsheng] fix comment
67eb2524d [zwangsheng] fix comment
e1705c34d [zwangsheng] Add config to control whether pick order by priority or not
129a46729 [zwangsheng] Add unit test for pickBatchForSubmitting
fcaf85d92 [zwangsheng] Fix unit test
f7ca2219e [zwangsheng] Fix unit test
8d4b276ff [wangsheng] fix code style
4c6b99090 [wangsheng] fix comments
654ad843a [zwangsheng] [KYUUBI #5328][V2] Kyuubi Server Pick Metadata job with priority

Lead-authored-by: zwangsheng <binjieyang@apache.org>
Co-authored-by: wangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                |  1 +
 .../kyuubi/config/KyuubiReservedKeys.scala    |  3 +
 .../kyuubi/server/metadata/api/Metadata.scala |  3 +
 .../metadata/jdbc/JDBCMetadataStore.scala     | 12 ++--
 .../metadata/jdbc/JDBCMetadataStoreConf.scala | 12 ++++
 .../kyuubi/session/KyuubiBatchSession.scala   |  4 +-
 .../kyuubi/session/KyuubiSessionManager.scala |  5 +-
 .../metadata/MetadataManagerSuite.scala       | 67 +++++++++++++++++--
 8 files changed, 96 insertions(+), 11 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 2869a59cd..d9d8d95ef 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -347,6 +347,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 | kyuubi.metadata.store.jdbc.database.type        | SQLITE                                                   | The database type for server jdbc metadata store.<ul> <li>(Deprecated) DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.driver               | &lt;undefined&gt;                                        | JDBC driver class name for server jdbc metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.password                                                                       || The password for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.priority.enabled     | false                                                    | Whether to enable the priority scheduling for batch impl v2. When false, ignore kyuubi.batch.priority and use the FIFO ordering strategy for batch job scheduling. Note: this feature may cause significant performance issues when using MySQL 5.7 as the metastore backend due to the lack of support for mixed order index. See more details at KYUUBI #5329.                                                                                                                                                                                                                                              | boolean  | 1.8.0 |
 | kyuubi.metadata.store.jdbc.url                  | jdbc:sqlite:kyuubi_state_store.db                        | The JDBC url for server JDBC metadata store. By default, it is a SQLite database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
 | kyuubi.metadata.store.jdbc.user                                                                           || The username for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
index eb209caec..592425a4b 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiReservedKeys.scala
@@ -26,6 +26,9 @@ object KyuubiReservedKeys {
   final val KYUUBI_SESSION_USER_SIGN = "kyuubi.session.user.sign"
   final val KYUUBI_SESSION_REAL_USER_KEY = "kyuubi.session.real.user"
   final val KYUUBI_SESSION_CONNECTION_URL_KEY = "kyuubi.session.connection.url"
+  // default priority is 10, higher priority will be scheduled first
+  // when enabled metadata store priority feature
+  final val KYUUBI_BATCH_PRIORITY = "kyuubi.batch.priority"
   final val KYUUBI_BATCH_RESOURCE_UPLOADED_KEY = "kyuubi.batch.resource.uploaded"
   final val KYUUBI_STATEMENT_ID_KEY = "kyuubi.statement.id"
   final val KYUUBI_ENGINE_ID = "kyuubi.engine.id"
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
index 3e3d94828..0553cf90b 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/api/Metadata.scala
@@ -78,6 +78,9 @@ case class Metadata(
     engineState: String = null,
     engineError: Option[String] = None,
     endTime: Long = 0L,
+    // keep consistent with table creation DDL
+    // find why we set 10 as default in KYUUBI #5329
+    priority: Int = 10,
     peerInstanceClosed: Boolean = false) {
   def appMgrInfo: ApplicationManagerInfo = {
     ApplicationManagerInfo(
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index dcb9c0f66..419fa8447 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -61,6 +61,8 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     case CUSTOM => new GenericDatabaseDialect
   }
 
+  private val priorityEnabled = conf.get(METADATA_STORE_JDBC_PRIORITY_ENABLED)
+
   private val datasourceProperties =
     JDBCMetadataStoreConf.getMetadataStoreJDBCDataSourceProperties(conf)
   private val hikariConfig = new HikariConfig(datasourceProperties)
@@ -167,9 +169,10 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
          |request_args,
          |create_time,
          |engine_type,
-         |cluster_manager
+         |cluster_manager,
+         |priority
          |)
-         |VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+         |VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
          |""".stripMargin
 
     JdbcUtils.withConnection { connection =>
@@ -190,7 +193,8 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
         valueAsString(metadata.requestArgs),
         metadata.createTime,
         Option(metadata.engineType).map(_.toUpperCase(Locale.ROOT)).orNull,
-        metadata.clusterManager.orNull)
+        metadata.clusterManager.orNull,
+        metadata.priority)
     }
   }
 
@@ -198,7 +202,7 @@ class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
     JdbcUtils.executeQueryWithRowMapper(
       s"""SELECT identifier FROM $METADATA_TABLE
          |WHERE state=?
-         |ORDER BY create_time ASC LIMIT 1
+         |ORDER BY ${if (priorityEnabled) "priority DESC, " else ""}create_time ASC LIMIT 1
          |""".stripMargin) { stmt =>
       stmt.setString(1, OperationState.INITIALIZED.toString)
     } { resultSet =>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
index dd5d74138..292cf4174 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
@@ -93,4 +93,16 @@ object JDBCMetadataStoreConf {
       .serverOnly
       .stringConf
       .createWithDefault("")
+
+  val METADATA_STORE_JDBC_PRIORITY_ENABLED: ConfigEntry[Boolean] =
+    buildConf("kyuubi.metadata.store.jdbc.priority.enabled")
+      .doc("Whether to enable the priority scheduling for batch impl v2. " +
+        "When false, ignore kyuubi.batch.priority and use the FIFO ordering strategy " +
+        "for batch job scheduling. Note: this feature may cause significant performance issues " +
+        "when using MySQL 5.7 as the metastore backend due to the lack of support " +
+        "for mixed order index. See more details at KYUUBI #5329.")
+      .version("1.8.0")
+      .serverOnly
+      .booleanConf
+      .createWithDefault(false)
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index 8e4c5137f..8489e6d30 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -23,6 +23,7 @@ import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
 import org.apache.kyuubi.client.util.BatchUtils._
 import org.apache.kyuubi.config.{KyuubiConf, KyuubiReservedKeys}
+import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_BATCH_PRIORITY
 import org.apache.kyuubi.engine.KyuubiApplicationManager
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
 import org.apache.kyuubi.events.{EventBus, KyuubiSessionEvent}
@@ -181,7 +182,8 @@ class KyuubiBatchSession(
           requestArgs = batchArgs,
           createTime = createTime,
           engineType = batchType,
-          clusterManager = batchJobSubmissionOp.builder.clusterManager())
+          clusterManager = batchJobSubmissionOp.builder.clusterManager(),
+          priority = conf.get(KYUUBI_BATCH_PRIORITY).map(_.toInt).getOrElse(10))
 
         // there is a chance that operation failed w/ duplicated key error
         sessionManager.insertMetadata(newMetadata)
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 8d3234699..02a3ee32c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -30,7 +30,7 @@ import org.apache.kyuubi.client.api.v1.dto.{Batch, BatchRequest}
 import org.apache.kyuubi.client.util.BatchUtils.KYUUBI_BATCH_ID_KEY
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
-import org.apache.kyuubi.config.KyuubiReservedKeys.KYUUBI_SESSION_REAL_USER_KEY
+import org.apache.kyuubi.config.KyuubiReservedKeys.{KYUUBI_BATCH_PRIORITY, KYUUBI_SESSION_REAL_USER_KEY}
 import org.apache.kyuubi.credentials.HadoopCredentialsManager
 import org.apache.kyuubi.engine.KyuubiApplicationManager
 import org.apache.kyuubi.metrics.MetricsConstants._
@@ -237,7 +237,8 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
       requestConf = conf,
       requestArgs = batchRequest.getArgs.asScala.toSeq,
       createTime = System.currentTimeMillis(),
-      engineType = batchRequest.getBatchType)
+      engineType = batchRequest.getBatchType,
+      priority = conf.get(KYUUBI_BATCH_PRIORITY).map(_.toInt).getOrElse(10))
 
     // there is a chance that operation failed w/ duplicated key error
     metadataManager.foreach(_.insertMetadata(metadata, asyncRetryOnError = false))
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
index 564b5ebe9..fe7fa5868 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/metadata/MetadataManagerSuite.scala
@@ -28,7 +28,9 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf._
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.metrics.MetricsConstants._
+import org.apache.kyuubi.operation.OperationState
 import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
+import org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStoreConf.METADATA_STORE_JDBC_PRIORITY_ENABLED
 import org.apache.kyuubi.session.SessionType
 
 class MetadataManagerSuite extends KyuubiFunSuite {
@@ -142,6 +144,58 @@ class MetadataManagerSuite extends KyuubiFunSuite {
     }
   }
 
+  test("[KYUUBI #5328] Test MetadataManager#pickBatchForSubmitting in order") {
+    // build mock batch jobs
+    val mockKyuubiInstance = "mock_kyuubi_instance"
+    val time = System.currentTimeMillis()
+    val mockBatchJob1 = newMetadata(
+      identifier = "mock_batch_job_1",
+      state = OperationState.INITIALIZED.toString,
+      createTime = time + 10000,
+      // larger than default priority 10
+      priority = 20)
+    val mockBatchJob2 = newMetadata(
+      identifier = "mock_batch_job_2",
+      state = OperationState.INITIALIZED.toString,
+      createTime = time)
+    val mockBatchJob3 = newMetadata(
+      identifier = "mock_batch_job_3",
+      state = OperationState.INITIALIZED.toString,
+      createTime = time + 5000)
+
+    withMetadataManager(Map(METADATA_STORE_JDBC_PRIORITY_ENABLED.key -> "true")) {
+      metadataManager =>
+        metadataManager.insertMetadata(mockBatchJob1, asyncRetryOnError = false)
+        metadataManager.insertMetadata(mockBatchJob2, asyncRetryOnError = false)
+        metadataManager.insertMetadata(mockBatchJob3, asyncRetryOnError = false)
+
+        // pick the highest priority batch job
+        val metadata1 = metadataManager.pickBatchForSubmitting(mockKyuubiInstance)
+        assert(metadata1.exists(m => m.identifier === "mock_batch_job_1"))
+
+        // pick the oldest batch job when same priority
+        val metadata2 = metadataManager.pickBatchForSubmitting(mockKyuubiInstance)
+        assert(metadata2.exists(m => m.identifier === "mock_batch_job_2"))
+
+        val metadata3 = metadataManager.pickBatchForSubmitting(mockKyuubiInstance)
+        assert(metadata3.exists(m => m.identifier === "mock_batch_job_3"))
+    }
+
+    withMetadataManager(Map(METADATA_STORE_JDBC_PRIORITY_ENABLED.key -> "false")) {
+      metadataManager =>
+        metadataManager.insertMetadata(mockBatchJob1, asyncRetryOnError = false)
+        metadataManager.insertMetadata(mockBatchJob2, asyncRetryOnError = false)
+        metadataManager.insertMetadata(mockBatchJob3, asyncRetryOnError = false)
+
+        // pick the oldest batch job
+        val metadata2 = metadataManager.pickBatchForSubmitting(mockKyuubiInstance)
+        assert(metadata2.exists(m => m.identifier === "mock_batch_job_2"))
+
+        val metadata3 = metadataManager.pickBatchForSubmitting(mockKyuubiInstance)
+        assert(metadata3.exists(m => m.identifier === "mock_batch_job_3"))
+    }
+  }
+
   private def withMetadataManager(
       confOverlay: Map[String, String],
       newMetadataMgr: () => MetadataManager = () => new MetadataManager())(
@@ -169,22 +223,27 @@ class MetadataManagerSuite extends KyuubiFunSuite {
     }
   }
 
-  private def newMetadata(): Metadata = {
+  private def newMetadata(
+      identifier: String = UUID.randomUUID().toString,
+      state: String = OperationState.PENDING.toString,
+      createTime: Long = System.currentTimeMillis(),
+      priority: Int = 10): Metadata = {
     Metadata(
-      identifier = UUID.randomUUID().toString,
+      identifier = identifier,
       sessionType = SessionType.BATCH,
       realUser = "kyuubi",
       username = "kyuubi",
       ipAddress = "127.0.0.1",
       kyuubiInstance = "localhost:10009",
-      state = "PENDING",
+      state = state,
       resource = "intern",
       className = "org.apache.kyuubi.SparkWC",
       requestName = "kyuubi_batch",
       requestConf = Map("spark.master" -> "local"),
       requestArgs = Seq("100"),
-      createTime = System.currentTimeMillis(),
+      createTime = createTime,
       engineType = "spark",
+      priority = priority,
       clusterManager = Some("local"))
   }
 }

From c60f5b7e8872efb15597b962da1873a4ba2e71ef Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Mon, 16 Oct 2023 23:46:55 +0800
Subject: [PATCH 682/760] [KYUUBI #5196][FOLLOWUP] Extract spark core scala
 version lazily and respect engine env

### _Why are the changes needed?_

Only extract the spark core scala version if `SPARK_SCALA_VERSION` env is empty, and respect engine env.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5434 from turboFei/lazy_scala_version.

Closes #5196

fdccef77b [fwang12] lazy extract spark core scala version

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
---
 .../org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
index 02f4064af..afc96fb5e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/spark/SparkProcessBuilder.scala
@@ -108,9 +108,9 @@ class SparkProcessBuilder(
   }
 
   override protected val engineScalaBinaryVersion: String = {
-    val sparkCoreScalaVersion =
+    env.get("SPARK_SCALA_VERSION").filter(StringUtils.isNotBlank).getOrElse {
       extractSparkCoreScalaVersion(Paths.get(sparkHome, "jars").toFile.list())
-    StringUtils.defaultIfBlank(System.getenv("SPARK_SCALA_VERSION"), sparkCoreScalaVersion)
+    }
   }
 
   override protected lazy val engineHomeDirFilter: FileFilter = file => {

From f75e4acf6ceee31a74e57b41cd431ee65f184376 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 17 Oct 2023 11:16:02 +0800
Subject: [PATCH 683/760] [KYUUBI #5417] Authz should not check dependent
 subquery plan privilege

### _Why are the changes needed?_
Fix #5417
If there is is a view with subquery, authz will still request this subquery's interval privilege, it's not we want.
For view
```
CREATE VIEW db.view1
AS
WITH temp AS (
    SELECT max(scope) max_scope
    FROM db1.table1)
SELECT id as new_id FROM db1.table2
WHERE scope = (SELECT max_scope FROM temp)
```

When we query the view
```
SEELCT * FROM db.view1
```

Before this pr, since spark will first execute subquery, it will first request `[default/table1/scope]` then request `[default/view1/new_id]`

after this pr, it only request  `[default/view1/new_id]`

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5418 from AngersZhuuuu/KYUUBI-5417.

Closes #5417

e2669faea [Angerszhuuuu] Update tableExtractors.scala
bc72cfc57 [Angerszhuuuu] Update RuleApplyPermanentViewMarker.scala
1731b9317 [Angerszhuuuu] Update RuleEliminateViewMarker.scala
282999ee2 [Angerszhuuuu] follow comment
6b37aaa7f [Angerszhuuuu] Update RuleApplyPermanentViewMarker.scala
d03354d58 [Angerszhuuuu] Revert "update"
7a96627e4 [Angerszhuuuu] update
78a32b3a5 [Angerszhuuuu] follow comment
79e07ab24 [Angerszhuuuu] Update PrivilegesBuilder.scala
518c2b394 [Angerszhuuuu] update
d033624ea [Angerszhuuuu] update
54ff954f0 [Angerszhuuuu] update.
1119f78f6 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
1918381ac [Angerszhuuuu] Add UT
7723f9002 [Angerszhuuuu] [KYUUBI #5417]Authz will still check source table when persist view contains a subquery

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../ranger/RuleApplyPermanentViewMarker.scala | 10 ++++-
 .../spark/authz/serde/tableExtractors.scala   | 12 +++--
 .../authz/util/RuleEliminateViewMarker.scala  |  7 ++-
 .../ranger/RangerSparkExtensionSuite.scala    | 44 +++++++++++++++++++
 4 files changed, 67 insertions(+), 6 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
index 424df7e0b..917410807 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
+import org.apache.spark.sql.catalyst.expressions.ScalarSubquery
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
 
@@ -36,7 +37,14 @@ class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
     plan mapChildren {
       case p: PermanentViewMarker => p
       case permanentView: View if hasResolvedPermanentView(permanentView) =>
-        PermanentViewMarker(permanentView, permanentView.desc)
+        val resolvedSubquery = permanentView.transformAllExpressions {
+          case scalarSubquery: ScalarSubquery =>
+            // TODO: Currently, we do not do an auth check in the subquery
+            //  as the main query part also secures it. But for performance consideration,
+            //  we also pre-check it in subqueries and fail fast with negative privileges.
+            scalarSubquery.copy(plan = PermanentViewMarker(scalarSubquery.plan, null))
+        }
+        PermanentViewMarker(resolvedSubquery, resolvedSubquery.desc)
       case other => apply(other)
     }
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 94641d6d0..57eab9634 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -91,10 +91,14 @@ class TableIdentifierTableExtractor extends TableExtractor {
  */
 class CatalogTableTableExtractor extends TableExtractor {
   override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
-    val catalogTable = v1.asInstanceOf[CatalogTable]
-    val identifier = catalogTable.identifier
-    val owner = Option(catalogTable.owner).filter(_.nonEmpty)
-    Some(Table(None, identifier.database, identifier.table, owner))
+    if (null == v1) {
+      None
+    } else {
+      val catalogTable = v1.asInstanceOf[CatalogTable]
+      val identifier = catalogTable.identifier
+      val owner = Option(catalogTable.owner).filter(_.nonEmpty)
+      Some(Table(None, identifier.database, identifier.table, owner))
+    }
   }
 }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
index 9bda84a03..8044f1283 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
@@ -17,6 +17,7 @@
 
 package org.apache.kyuubi.plugin.spark.authz.util
 
+import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
@@ -25,6 +26,10 @@ import org.apache.spark.sql.catalyst.rules.Rule
  */
 class RuleEliminateViewMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
-    plan.transformUp { case pvm: PermanentViewMarker => pvm.child }
+    plan.transformUp {
+      case pvm: PermanentViewMarker => pvm.child.transformAllExpressions {
+          case s: SubqueryExpression => s.withNewPlan(apply(s.plan))
+        }
+    }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index a4148d9a5..d109a7f2b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -747,4 +747,48 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       assert(e.getMessage.contains(s"does not have [select] privilege on [$db1/$table/id]"))
     }
   }
+
+  test("[KYUUBI #5417] should not check dependent subquery plan privilege") {
+    val db1 = defaultDb
+    val table1 = "table1"
+    val table2 = "table2"
+    val view1 = "view1"
+    withCleanTmpResources(
+      Seq((s"$db1.$table1", "table"), (s"$db1.$table2", "table"), (s"$db1.$view1", "view"))) {
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table2 (id int, scope int)"))
+
+      val e1 = intercept[AccessControlException] {
+        doAs(
+          someone,
+          sql(
+            s"""
+               |WITH temp AS (
+               |    SELECT max(scope) max_scope
+               |    FROM $db1.$table1)
+               |SELECT id as new_id FROM $db1.$table2
+               |WHERE scope = (SELECT max_scope FROM temp)
+               |""".stripMargin).show())
+      }
+      // Will first check subquery privilege.
+      assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table1/scope]"))
+
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE VIEW $db1.$view1
+             |AS
+             |WITH temp AS (
+             |    SELECT max(scope) max_scope
+             |    FROM $db1.$table1)
+             |SELECT id as new_id FROM $db1.$table2
+             |WHERE scope = (SELECT max_scope FROM temp)
+             |""".stripMargin))
+      // Will just check permanent view privilege.
+      val e2 = intercept[AccessControlException](
+        doAs(someone, sql(s"SELECT * FROM $db1.$view1".stripMargin).show()))
+      assert(e2.getMessage.contains(s"does not have [select] privilege on [$db1/$view1/new_id]"))
+    }
+  }
 }

From dcaacc3ed569e419faf70aae563e44c5130d014f Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Tue, 17 Oct 2023 13:04:15 +0800
Subject: [PATCH 684/760] [KYUUBI #4916] [AUTHZ] Support ReplaceData and
 compatible Spark 3.4 and 3.5

### _Why are the changes needed?_

- Iceberg 1.3.0 use Spark's `ReplaceData` since 3.4 as Logical plan for "DELETE FROM", instead of Iceberg's `DeleteFromTable` in Spark3.4
- Requiring select privilege for input table, even it's the same with output table
- compatible Spark 3.4 and 3.5, subquies in the plan
- enable iceberg test for authz plugin on Spark 3.4 and 3.5

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4916 from bowenliang123/authz-replacedata.

Closes #4916

658917752 [Bowen Liang] Merge branch 'master' into authz-replacedata
17f5d84dd [liangbowen] update
25009908a [Bowen Liang] ut of user with select only for DELETE FROM
fa77cea15 [Bowen Liang] ut
fd9bb8f3a [Bowen Liang] update
f9cfb98a9 [Bowen Liang] assertion for Spark 3.5
f574e0da3 [Bowen Liang] assertion for Spark 3.5
2449c27de [Bowen Liang] bring back single call ut for someone
78786988d [Bowen Liang] bring back single call ut for someone
b8e4a6319 [wforget] fix style
0e26c08b4 [wforget] fix IcebergCatalogRangerSparkExtensionSuite with spark-3.5
02781781f [wforget] enable iceberg tests in spark-3.5
215e1b861 [wforget] fix TableCommands
d019b1632 [wforget] followup
ae17e076b [wforget] Merge remote-tracking branch 'origin/master' into authz-replacedata
b88f77355 [Bowen Liang] update
febcb3ee5 [Bowen Liang] isSparkV34OrGreater
91d41b438 [Bowen Liang] replace data

Lead-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: wforget <643348094@qq.com>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../main/resources/table_command_spec.json    | 21 +++++++
 ...IcebergCatalogPrivilegesBuilderSuite.scala | 37 ++++++++++--
 .../authz/V2CommandsPrivilegesSuite.scala     | 12 +++-
 .../spark/authz/gen/TableCommands.scala       | 12 ++++
 ...bergCatalogRangerSparkExtensionSuite.scala | 59 ++++++++++++-------
 pom.xml                                       |  4 +-
 6 files changed, 117 insertions(+), 28 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 2febac11b..513259e13 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -470,6 +470,27 @@
   } ],
   "opType" : "ALTERTABLE_REPLACECOLS",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceData",
+  "tableDescs" : [ {
+    "fieldName" : "originalTable",
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceTable",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
index 39966af91..b8d51bc2c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala
@@ -22,6 +22,7 @@ import org.scalatest.Outcome
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.AccessType
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.tags.IcebergTest
 import org.apache.kyuubi.util.AssertionUtils._
 
@@ -57,7 +58,15 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
     val plan = sql(s"DELETE FROM $catalogTable WHERE key = 1 ").queryExecution.analyzed
     val (inputs, outputs, operationType) = PrivilegesBuilder.build(plan, spark)
     assert(operationType === QUERY)
-    assert(inputs.isEmpty)
+    if (isSparkV34OrGreater) {
+      assert(inputs.size === 1)
+      val po = inputs.head
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
+      assertContains(po.columns, "key", "value")
+    } else {
+      assert(inputs.size === 0)
+    }
     assert(outputs.size === 1)
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.UPDATE)
@@ -74,7 +83,15 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
     val plan = sql(s"UPDATE $catalogTable SET value = 'b' WHERE key = 1 ").queryExecution.analyzed
     val (inputs, outputs, operationType) = PrivilegesBuilder.build(plan, spark)
     assert(operationType === QUERY)
-    assert(inputs.isEmpty)
+    if (isSparkV35OrGreater) {
+      assert(inputs.size === 1)
+      val po = inputs.head
+      assertEqualsIgnoreCase(namespace)(po.dbname)
+      assertEqualsIgnoreCase(catalogTableShort)(po.objectName)
+      assertContains(po.columns, "key", "value")
+    } else {
+      assert(inputs.size === 0)
+    }
     assert(outputs.size === 1)
     val po = outputs.head
     assert(po.actionType === PrivilegeObjectActionType.UPDATE)
@@ -98,8 +115,20 @@ class IcebergCatalogPrivilegesBuilderSuite extends V2CommandsPrivilegesSuite {
         s"WHEN NOT MATCHED THEN INSERT *").queryExecution.analyzed
       val (inputs, outputs, operationType) = PrivilegesBuilder.build(plan, spark)
       assert(operationType === QUERY)
-      assert(inputs.size === 1)
-      val po0 = inputs.head
+      if (isSparkV35OrGreater) {
+        assert(inputs.size === 2)
+        val po = inputs.head
+        assert(po.actionType === PrivilegeObjectActionType.OTHER)
+        assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+        assertEqualsIgnoreCase(namespace)(po.dbname)
+        assertEqualsIgnoreCase(table)(po.objectName)
+        assertContains(po.columns, "key", "value")
+        // The properties of RowLevelOperationTable are empty, so owner is none
+        assert(po.owner.isEmpty)
+      } else {
+        assert(inputs.size === 1)
+      }
+      val po0 = inputs.last
       assert(po0.actionType === PrivilegeObjectActionType.OTHER)
       assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
       assertEqualsIgnoreCase(namespace)(po0.dbname)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
index 3ebea1ce9..149c9ba8f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/V2CommandsPrivilegesSuite.scala
@@ -161,7 +161,11 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       assertEqualsIgnoreCase(namespace)(po.dbname)
       assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
-      assert(po.owner.isEmpty)
+      if (isSparkV34OrGreater) {
+        checkV2TableOwner(po)
+      } else {
+        assert(po.owner.isEmpty)
+      }
       val accessType = AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
     }
@@ -193,7 +197,11 @@ abstract class V2CommandsPrivilegesSuite extends PrivilegesBuilderSuite {
       assertEqualsIgnoreCase(namespace)(po.dbname)
       assertEqualsIgnoreCase(table)(po.objectName)
       assert(po.columns.isEmpty)
-      assert(po.owner.isEmpty)
+      if (isSparkV34OrGreater) {
+        checkV2TableOwner(po)
+      } else {
+        assert(po.owner.isEmpty)
+      }
       val accessType = AccessType(po, operationType, isInput = false)
       assert(accessType === AccessType.CREATE)
     }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 6a6800210..cf73cfbc6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -257,6 +257,17 @@ object TableCommands {
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryQueryDesc))
   }
 
+  val ReplaceData = {
+    val cmd = "org.apache.spark.sql.catalyst.plans.logical.ReplaceData"
+    val actionTypeDesc = ActionTypeDesc(actionType = Some(UPDATE))
+    val tableDesc =
+      TableDesc(
+        "originalTable",
+        classOf[DataSourceV2RelationTableExtractor],
+        actionTypeDesc = Some(actionTypeDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryQueryDesc))
+  }
+
   val UpdateTable = {
     val cmd = "org.apache.spark.sql.catalyst.plans.logical.UpdateTable"
     val actionTypeDesc = ActionTypeDesc(actionType = Some(UPDATE))
@@ -655,6 +666,7 @@ object TableCommands {
     RefreshTable,
     RefreshTableV2,
     RefreshTable3d0,
+    ReplaceData,
     ShowColumns,
     ShowCreateTable,
     ShowCreateTable.copy(classname =
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
index 492880553..28e13aff3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/IcebergCatalogRangerSparkExtensionSuite.scala
@@ -47,6 +47,8 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   val namespace1 = icebergNamespace
   val table1 = "table1"
   val outputTable1 = "outputTable1"
+  val bobNamespace = "default_bob"
+  val bobSelectTable = "table_select_bob_1"
 
   override def withFixture(test: NoArgTest): Outcome = {
     test()
@@ -77,6 +79,11 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
       admin,
       sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$outputTable1" +
         " (id int, name string, city string) USING iceberg"))
+
+    doAs(
+      admin,
+      sql(s"CREATE TABLE IF NOT EXISTS $catalogV2.$bobNamespace.$bobSelectTable" +
+        " (id int, name string, city string) USING iceberg"))
   }
 
   override def afterAll(): Unit = {
@@ -88,7 +95,7 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
   test("[KYUUBI #3515] MERGE INTO") {
     val mergeIntoSql =
       s"""
-         |MERGE INTO $catalogV2.$namespace1.$outputTable1 AS target
+         |MERGE INTO $catalogV2.$bobNamespace.$bobSelectTable AS target
          |USING $catalogV2.$namespace1.$table1  AS source
          |ON target.id = source.id
          |WHEN MATCHED AND (target.name='delete') THEN DELETE
@@ -104,14 +111,19 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
       s" on [$namespace1/$table1/id]"))
 
     withSingleCallEnabled {
-      val e2 = intercept[AccessControlException](
-        doAs(
-          someone,
-          sql(mergeIntoSql)))
-      assert(e2.getMessage.contains(s"does not have" +
-        s" [select] privilege" +
-        s" on [$namespace1/$table1/id,$namespace1/table1/name,$namespace1/$table1/city]," +
-        s" [update] privilege on [$namespace1/$outputTable1]"))
+      interceptContains[AccessControlException](doAs(someone, sql(mergeIntoSql)))(
+        if (isSparkV35OrGreater) {
+          s"does not have [select] privilege on [$namespace1/table1/id" +
+            s",$namespace1/$table1/name,$namespace1/$table1/city]"
+        } else {
+          "does not have " +
+            s"[select] privilege on [$namespace1/$table1/id,$namespace1/$table1/name,$namespace1/$table1/city]," +
+            s" [update] privilege on [$bobNamespace/$bobSelectTable]"
+        })
+
+      interceptContains[AccessControlException] {
+        doAs(bob, sql(mergeIntoSql))
+      }(s"does not have [update] privilege on [$bobNamespace/$bobSelectTable]")
     }
 
     doAs(admin, sql(mergeIntoSql))
@@ -119,13 +131,13 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
 
   test("[KYUUBI #3515] UPDATE TABLE") {
     // UpdateTable
-    val e1 = intercept[AccessControlException](
-      doAs(
-        someone,
-        sql(s"UPDATE $catalogV2.$namespace1.$table1 SET city='Guangzhou' " +
-          " WHERE id=1")))
-    assert(e1.getMessage.contains(s"does not have [update] privilege" +
-      s" on [$namespace1/$table1]"))
+    interceptContains[AccessControlException] {
+      doAs(someone, sql(s"UPDATE $catalogV2.$namespace1.$table1 SET city='Guangzhou'  WHERE id=1"))
+    }(if (isSparkV35OrGreater) {
+      s"does not have [select] privilege on [$namespace1/$table1/id]"
+    } else {
+      s"does not have [update] privilege on [$namespace1/$table1]"
+    })
 
     doAs(
       admin,
@@ -135,10 +147,17 @@ class IcebergCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
 
   test("[KYUUBI #3515] DELETE FROM TABLE") {
     // DeleteFromTable
-    val e6 = intercept[AccessControlException](
-      doAs(someone, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2")))
-    assert(e6.getMessage.contains(s"does not have [update] privilege" +
-      s" on [$namespace1/$table1]"))
+    interceptContains[AccessControlException] {
+      doAs(someone, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2"))
+    }(if (isSparkV34OrGreater) {
+      s"does not have [select] privilege on [$namespace1/$table1/id]"
+    } else {
+      s"does not have [update] privilege on [$namespace1/$table1]"
+    })
+
+    interceptContains[AccessControlException] {
+      doAs(bob, sql(s"DELETE FROM $catalogV2.$bobNamespace.$bobSelectTable WHERE id=2"))
+    }(s"does not have [update] privilege on [$bobNamespace/$bobSelectTable]")
 
     doAs(admin, sql(s"DELETE FROM $catalogV2.$namespace1.$table1 WHERE id=2"))
   }
diff --git a/pom.xml b/pom.xml
index 5773eda53..65498ba49 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2247,7 +2247,7 @@
                 <delta.version>2.4.0</delta.version>
                 <spark.version>3.4.1</spark.version>
                 <spark.binary.version>3.4</spark.binary.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.HudiTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 
@@ -2262,7 +2262,7 @@
                 <hudi.spark.binary.version>3.4</hudi.spark.binary.version>
                 <spark.version>3.5.0</spark.version>
                 <spark.binary.version>3.5</spark.binary.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 

From 47555eb90098d63f5b0be28f33fc23911edfa0c8 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Tue, 17 Oct 2023 13:09:18 +0800
Subject: [PATCH 685/760] [KYUUBI #5414][KSHC] Reader should not pollut the
 global hiveConf instance

### _Why are the changes needed?_

This pr aims to fix https://github.com/apache/kyuubi/issues/5414.

`HiveReader` initialization incorrectly uses the global hadoopConf as hiveconf, which causes reader to pollut the global hadoopConf and cause job read failure.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5424 from Yikf/orc-read.

Closes #5414

d6bdf7be4 [yikaifei] [KYUUBI #5414] Reader should not polluted the global hiveconf instance

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/connector/hive/read/HiveScan.scala    |  2 +-
 .../spark/connector/hive/HiveQuerySuite.scala   | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
index 0b79d7307..ecdfc76c5 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/main/scala/org/apache/kyuubi/spark/connector/hive/read/HiveScan.scala
@@ -64,7 +64,7 @@ case class HiveScan(
   }
 
   override def createReaderFactory(): PartitionReaderFactory = {
-    val hiveConf = fileIndex.hiveCatalog.hadoopConfiguration()
+    val hiveConf = new Configuration(fileIndex.hiveCatalog.hadoopConfiguration())
     addCatalogTableConfToConf(hiveConf, catalogTable)
 
     val table = HiveClientImpl.toHiveTable(catalogTable)
diff --git a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
index 1d3d5ae10..0dd1efdec 100644
--- a/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-hive/src/test/scala/org/apache/kyuubi/spark/connector/hive/HiveQuerySuite.scala
@@ -175,6 +175,23 @@ class HiveQuerySuite extends KyuubiHiveTest {
     }
   }
 
+  test("[KYUUBI #5414] Reader should not polluted the global hiveconf instance") {
+    withSparkSession() { spark =>
+      val table = "hive.default.hiveconf_test"
+      withTempPartitionedTable(spark, table, "ORC", hiveTable = true) {
+        spark.sql(
+          s"""
+             | INSERT OVERWRITE
+             | $table PARTITION(year = '2022')
+             | VALUES("yi", "08")
+             |""".stripMargin).collect()
+
+        checkQueryResult(s"select * from $table", spark, Array(Row.apply("yi", "2022", "08")))
+        checkQueryResult(s"select count(*) as c from $table", spark, Array(Row.apply(1)))
+      }
+    }
+  }
+
   test("Partitioned table insert and static partition value is empty string") {
     withSparkSession() { spark =>
       val table = "hive.default.employee"

From fdd8f1729a8164e7a4dc49f5acaf0a96061e4561 Mon Sep 17 00:00:00 2001
From: lawulu <biangjuang@gmail.com>
Date: Tue, 17 Oct 2023 14:41:28 +0800
Subject: [PATCH 686/760] [KYUUBI #5441] Make the configuration
 kyuubi.zookeeper.embedded.data.log.dir effective

### _Why are the changes needed?_

The configuration `kyuubi.zookeeper.embedded.data.log.dir` exists, but it is not used by the `EmbeddedZookeeper`, it is ineffective

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5440 from biangjuang/zk-log-dir.

Closes #5441

784619cda [lawulu] Make the configuration kyuubi.zookeeper.embedded.data.log.dir effective

Authored-by: lawulu <biangjuang@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala  | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
index 4ea63d782..17caffedf 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
@@ -31,12 +31,14 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
   private var zks: ZooKeeperServer = _
   private var serverFactory: NIOServerCnxnFactory = _
   private var dataDirectory: File = _
+  private var dataLogDirectory: File = _
   // TODO: Is it right in prod?
   private val deleteDataDirectoryOnClose = true
   private var host: String = _
 
   override def initialize(conf: KyuubiConf): Unit = synchronized {
     dataDirectory = new File(conf.get(ZK_DATA_DIR))
+    dataLogDirectory = new File(conf.get(ZK_DATA_LOG_DIR))
     val clientPort = conf.get(ZK_CLIENT_PORT)
     val tickTime = conf.get(ZK_TICK_TIME)
     val maxClientCnxns = conf.get(ZK_MAX_CLIENT_CONNECTIONS)
@@ -51,7 +53,7 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
     }
 
     try {
-      zks = new ZooKeeperServer(dataDirectory, dataDirectory, tickTime)
+      zks = new ZooKeeperServer(dataDirectory, dataLogDirectory, tickTime)
       zks.setMinSessionTimeout(minSessionTimeout)
       zks.setMaxSessionTimeout(maxSessionTimeout)
 
@@ -79,7 +81,10 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
     if (getServiceState == ServiceState.STARTED) {
       if (null != serverFactory) serverFactory.shutdown()
       if (null != zks) zks.shutdown()
-      if (deleteDataDirectoryOnClose) deleteDirectoryRecursively(dataDirectory)
+      if (deleteDataDirectoryOnClose) {
+        deleteDirectoryRecursively(dataDirectory)
+        deleteDirectoryRecursively(dataLogDirectory)
+      }
     }
     super.stop()
   }

From f7143273a52b1b0735108ef1733781820098aa99 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Tue, 17 Oct 2023 16:24:14 +0800
Subject: [PATCH 687/760] [KYUUBI #5443] Add kyuubi-kubernetes-it module to
 reformat script

### _Why are the changes needed?_

- With this PR, the code of module `kyuubi-kubernetes-it` will be auto-reformated by running `dev/reformat` script.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5443 from bowenliang123/reformat-k8sit.

Closes #5443

39a323efc [Bowen Liang] reformat k8s it module

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 dev/reformat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev/reformat b/dev/reformat
index 31e8f49ad..7ad26ae2e 100755
--- a/dev/reformat
+++ b/dev/reformat
@@ -20,7 +20,7 @@ set -x
 
 KYUUBI_HOME="$(cd "`dirname "$0"`/.."; pwd)"
 
-PROFILES="-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.5,spark-3.4,spark-3.3,spark-3.2,spark-3.1,tpcds"
+PROFILES="-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.5,spark-3.4,spark-3.3,spark-3.2,spark-3.1,tpcds,kubernetes-it"
 
 # python style checks rely on `black` in path
 if ! command -v black &> /dev/null

From f6ccc4d80fc925d51540595c3b18556c220dd70e Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 17 Oct 2023 17:33:07 +0800
Subject: [PATCH 688/760] [KYUUBI #5359] [AUTHZ] Support Create Table Commands
 for Hudi

### _Why are the changes needed?_
To close #5359. Kyuubi authz support hudi create table commands

- [CreateHoodieTableCommand](https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/CreateHoodieTableCommand.scala): https://hudi.apache.org/docs/sql_ddl#create-table
- [CreateHoodieTableAsSelectCommand](https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/CreateHoodieTableCommand.scala): https://hudi.apache.org/docs/sql_ddl#create-table-as-select-ctas
- [CreateHoodieTableLikeCommand](https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/CreateHoodieTableLikeCommand.scala): https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/CreateHoodieTableLikeCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5439 from AngersZhuuuu/KYUUBI-5359.

Closes #5359

d07010913 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
f0bc79a77 [Angerszhuuuu] [KYUUBI #5284] Support Hudi Creeate Table Command in Authz

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    | 54 +++++++++++++
 .../plugin/spark/authz/gen/HudiCommands.scala | 33 +++++++-
 ...HudiCatalogRangerSparkExtensionSuite.scala | 77 +++++++++++++++++++
 3 files changed, 163 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 513259e13..913fef016 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1513,6 +1513,60 @@
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableAsSelectCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "CREATETABLE_AS_SELECT",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "CREATETABLE",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableLikeCommand",
+  "tableDescs" : [ {
+    "fieldName" : "targetTable",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : true
+  }, {
+    "fieldName" : "sourceTable",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : true
+  } ],
+  "opType" : "CREATETABLE",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 6e3237d2a..c4488edbf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -72,11 +72,42 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_PROPERTIES)
   }
 
+  val CreateHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CreateHoodieTableCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), CREATETABLE)
+  }
+
+  val CreateHoodieTableAsSelectCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CreateHoodieTableAsSelectCommand"
+    CreateHoodieTableCommand.copy(
+      classname = cmd,
+      opType = CREATETABLE_AS_SELECT,
+      queryDescs = Seq(QueryDesc("query")))
+  }
+
+  val CreateHoodieTableLikeCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CreateHoodieTableLikeCommand"
+    val tableDesc1 = TableDesc(
+      "targetTable",
+      classOf[TableIdentifierTableExtractor],
+      setCurrentDatabaseIfMissing = true)
+    val tableDesc2 = TableDesc(
+      "sourceTable",
+      classOf[TableIdentifierTableExtractor],
+      isInput = true,
+      setCurrentDatabaseIfMissing = true)
+    TableCommandSpec(cmd, Seq(tableDesc1, tableDesc2), CREATETABLE)
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
     AlterHoodieTableDropPartitionCommand,
     AlterHoodieTableRenameCommand,
     AlterTableCommand,
-    Spark31AlterTableCommand)
+    Spark31AlterTableCommand,
+    CreateHoodieTableCommand,
+    CreateHoodieTableAsSelectCommand,
+    CreateHoodieTableLikeCommand)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index 8fcae6cf9..ac1e357a2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -129,4 +129,81 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
         s"does not have [alter] privilege on [$namespace1/$table1]")
     }
   }
+
+  test("CreateHoodieTableCommand") {
+    withCleanTmpResources(Seq((namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin)))(s"does not have [create] privilege on [$namespace1/$table1]")
+    }
+  }
+
+  test("CreateHoodieTableAsSelectCommand") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table2
+               |USING HUDI
+               |AS
+               |SELECT id FROM $namespace1.$table1
+               |""".stripMargin)))(s"does not have [select] privilege on [$namespace1/$table1/id]")
+    }
+  }
+
+  test("CreateHoodieTableLikeCommand") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table2
+               |LIKE  $namespace1.$table1
+               |USING HUDI
+               |""".stripMargin)))(s"does not have [select] privilege on [$namespace1/$table1]")
+    }
+  }
 }

From 8f6b15c91774264fcafe71b38d29fb81807e4df7 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 17 Oct 2023 22:30:58 +0800
Subject: [PATCH 689/760] [KYUUBI #5417] should not check in-subquery in
 permanent view

### _Why are the changes needed?_
Fix #5417
If there is is a view with in-subquery, authz will still request this in-subquery's interval privilege, it's not we want.
For view
```
CREATE VIEW db.view1
AS
WITH temp AS (
    SELECT max(scope) max_scope
    FROM db1.table1)
SELECT id as new_id FROM db1.table2
WHERE scope in (SELECT max_scope FROM temp)
```

When we query the view
```
SEELCT * FROM db.view1
```

Before this pr, since spark will first execute subquery, it will first request `[default/table1/scope]` then request `[default/view1/new_id]`

after this pr, it only request  `[default/view1/new_id]`

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
no

Closes #5442 from AngersZhuuuu/KYUUBI-5417-FOLLOWUP.

Closes #5417

6919903cb [Angerszhuuuu] Update RuleApplyPermanentViewMarker.scala
5097d8059 [Angerszhuuuu] [KYUUBI #5417] should not check in-subquery in permanent view

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../ranger/RuleApplyPermanentViewMarker.scala |  6 +--
 .../ranger/RangerSparkExtensionSuite.scala    | 46 ++++++++++++++++++-
 2 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
index 917410807..679b5d65d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
@@ -17,7 +17,7 @@
 
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
-import org.apache.spark.sql.catalyst.expressions.ScalarSubquery
+import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
 
@@ -38,11 +38,11 @@ class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
       case p: PermanentViewMarker => p
       case permanentView: View if hasResolvedPermanentView(permanentView) =>
         val resolvedSubquery = permanentView.transformAllExpressions {
-          case scalarSubquery: ScalarSubquery =>
+          case subquery: SubqueryExpression =>
             // TODO: Currently, we do not do an auth check in the subquery
             //  as the main query part also secures it. But for performance consideration,
             //  we also pre-check it in subqueries and fail fast with negative privileges.
-            scalarSubquery.copy(plan = PermanentViewMarker(scalarSubquery.plan, null))
+            subquery.withNewPlan(plan = PermanentViewMarker(subquery.plan, null))
         }
         PermanentViewMarker(resolvedSubquery, resolvedSubquery.desc)
       case other => apply(other)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index d109a7f2b..8e1fe0587 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -748,7 +748,7 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
     }
   }
 
-  test("[KYUUBI #5417] should not check dependent subquery plan privilege") {
+  test("[KYUUBI #5417] should not check scalar-subquery in permanent view") {
     val db1 = defaultDb
     val table1 = "table1"
     val table2 = "table2"
@@ -791,4 +791,48 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       assert(e2.getMessage.contains(s"does not have [select] privilege on [$db1/$view1/new_id]"))
     }
   }
+
+  test("[KYUUBI #5417] should not check in-subquery in permanent view") {
+    val db1 = defaultDb
+    val table1 = "table1"
+    val table2 = "table2"
+    val view1 = "view1"
+    withCleanTmpResources(
+      Seq((s"$db1.$table1", "table"), (s"$db1.$table2", "table"), (s"$db1.$view1", "view"))) {
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
+      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table2 (id int, scope int)"))
+
+      val e1 = intercept[AccessControlException] {
+        doAs(
+          someone,
+          sql(
+            s"""
+               |WITH temp AS (
+               |    SELECT max(scope) max_scope
+               |    FROM $db1.$table1)
+               |SELECT id as new_id FROM $db1.$table2
+               |WHERE scope in (SELECT max_scope FROM temp)
+               |""".stripMargin).show())
+      }
+      // Will first check subquery privilege.
+      assert(e1.getMessage.contains(s"does not have [select] privilege on [$db1/$table1/scope]"))
+
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE VIEW $db1.$view1
+             |AS
+             |WITH temp AS (
+             |    SELECT max(scope) max_scope
+             |    FROM $db1.$table1)
+             |SELECT id as new_id FROM $db1.$table2
+             |WHERE scope in (SELECT max_scope FROM temp)
+             |""".stripMargin))
+      // Will just check permanent view privilege.
+      val e2 = intercept[AccessControlException](
+        doAs(someone, sql(s"SELECT * FROM $db1.$view1".stripMargin).show()))
+      assert(e2.getMessage.contains(s"does not have [select] privilege on [$db1/$view1/new_id]"))
+    }
+  }
 }

From 16752164a1e4f433241d7ee4735cf414c27f2a6d Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Wed, 18 Oct 2023 12:55:00 +0800
Subject: [PATCH 690/760] [KYUUBI #5408] MetadataManager tries MySQL 8 driver
 class first

### _Why are the changes needed?_

close #5408

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

NO

Closes #5433 from lsm1/branch-kyuubi-5408.

Closes #5408

8c6cc223d [senmiaoliu] fix style
20415dc44 [senmiaoliu] use com.mysql.cj.jdbc.Driver first

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: Shaoyun Chen <csy@apache.org>
---
 docs/configuration/settings.md                | 36 +++++++++----------
 .../metadata/jdbc/JDBCMetadataStore.scala     |  9 ++++-
 .../metadata/jdbc/JDBCMetadataStoreConf.scala |  3 +-
 3 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index d9d8d95ef..711954ead 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -332,24 +332,24 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Metadata
 
-|                       Key                       |                         Default                          |                                                                                                                                                                                                                                                                                                    Meaning                                                                                                                                                                                                                                                                                                    |   Type   | Since |
-|-------------------------------------------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.metadata.cleaner.enabled                 | true                                                     | Whether to clean the metadata periodically. If it is enabled, Kyuubi will clean the metadata that is in the terminate state with max age limitation.                                                                                                                                                                                                                                                                                                                                                                                                                                                          | boolean  | 1.6.0 |
-| kyuubi.metadata.cleaner.interval                | PT30M                                                    | The interval to check and clean expired metadata.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | duration | 1.6.0 |
-| kyuubi.metadata.max.age                         | PT72H                                                    | The maximum age of metadata, the metadata exceeding the age will be cleaned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.6.0 |
-| kyuubi.metadata.recovery.threads                | 10                                                       | The number of threads for recovery from the metadata store when the Kyuubi server restarts.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | int      | 1.6.0 |
-| kyuubi.metadata.request.async.retry.enabled     | true                                                     | Whether to retry in async when metadata request failed. When true, return success response immediately even the metadata request failed, and schedule it in background until success, to tolerate long-time metadata store outages w/o blocking the submission request.                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.7.0 |
-| kyuubi.metadata.request.async.retry.queue.size  | 65536                                                    | The maximum queue size for buffering metadata requests in memory when the external metadata storage is down. Requests will be dropped if the queue exceeds. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                      | int      | 1.6.0 |
-| kyuubi.metadata.request.async.retry.threads     | 10                                                       | Number of threads in the metadata request async retry manager thread pool. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                                                                                                       | int      | 1.6.0 |
-| kyuubi.metadata.request.retry.interval          | PT5S                                                     | The interval to check and trigger the metadata request retry tasks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | duration | 1.6.0 |
-| kyuubi.metadata.store.class                     | org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStore | Fully qualified class name for server metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.database.schema.init | true                                                     | Whether to init the JDBC metadata store database schema.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | boolean  | 1.6.0 |
-| kyuubi.metadata.store.jdbc.database.type        | SQLITE                                                   | The database type for server jdbc metadata store.<ul> <li>(Deprecated) DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.driver               | &lt;undefined&gt;                                        | JDBC driver class name for server jdbc metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.password                                                                       || The password for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.priority.enabled     | false                                                    | Whether to enable the priority scheduling for batch impl v2. When false, ignore kyuubi.batch.priority and use the FIFO ordering strategy for batch job scheduling. Note: this feature may cause significant performance issues when using MySQL 5.7 as the metastore backend due to the lack of support for mixed order index. See more details at KYUUBI #5329.                                                                                                                                                                                                                                              | boolean  | 1.8.0 |
-| kyuubi.metadata.store.jdbc.url                  | jdbc:sqlite:kyuubi_state_store.db                        | The JDBC url for server JDBC metadata store. By default, it is a SQLite database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
-| kyuubi.metadata.store.jdbc.user                                                                           || The username for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+|                       Key                       |                         Default                          |                                                                                                                                                                                                                                                                                                                       Meaning                                                                                                                                                                                                                                                                                                                       |   Type   | Since |
+|-------------------------------------------------|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.metadata.cleaner.enabled                 | true                                                     | Whether to clean the metadata periodically. If it is enabled, Kyuubi will clean the metadata that is in the terminate state with max age limitation.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.6.0 |
+| kyuubi.metadata.cleaner.interval                | PT30M                                                    | The interval to check and clean expired metadata.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.6.0 |
+| kyuubi.metadata.max.age                         | PT72H                                                    | The maximum age of metadata, the metadata exceeding the age will be cleaned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | duration | 1.6.0 |
+| kyuubi.metadata.recovery.threads                | 10                                                       | The number of threads for recovery from the metadata store when the Kyuubi server restarts.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | int      | 1.6.0 |
+| kyuubi.metadata.request.async.retry.enabled     | true                                                     | Whether to retry in async when metadata request failed. When true, return success response immediately even the metadata request failed, and schedule it in background until success, to tolerate long-time metadata store outages w/o blocking the submission request.                                                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.7.0 |
+| kyuubi.metadata.request.async.retry.queue.size  | 65536                                                    | The maximum queue size for buffering metadata requests in memory when the external metadata storage is down. Requests will be dropped if the queue exceeds. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                                                            | int      | 1.6.0 |
+| kyuubi.metadata.request.async.retry.threads     | 10                                                       | Number of threads in the metadata request async retry manager thread pool. Only take affect when kyuubi.metadata.request.async.retry.enabled is `true`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.6.0 |
+| kyuubi.metadata.request.retry.interval          | PT5S                                                     | The interval to check and trigger the metadata request retry tasks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | duration | 1.6.0 |
+| kyuubi.metadata.store.class                     | org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStore | Fully qualified class name for server metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.database.schema.init | true                                                     | Whether to init the JDBC metadata store database schema.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | boolean  | 1.6.0 |
+| kyuubi.metadata.store.jdbc.database.type        | SQLITE                                                   | The database type for server jdbc metadata store.<ul> <li>(Deprecated) DERBY: Apache Derby, JDBC driver `org.apache.derby.jdbc.AutoloadedDriver`.</li> <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li> <li>MYSQL: MySQL, JDBC driver `com.mysql.cj.jdbc.Driver` (fallback `com.mysql.jdbc.Driver`).</li> <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li> Note that: The JDBC datasource is powered by HiKariCP, for datasource properties, please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource. For example, kyuubi.metadata.store.jdbc.datasource.connectionTimeout=10000. | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.driver               | &lt;undefined&gt;                                        | JDBC driver class name for server jdbc metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.password                                                                       || The password for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.priority.enabled     | false                                                    | Whether to enable the priority scheduling for batch impl v2. When false, ignore kyuubi.batch.priority and use the FIFO ordering strategy for batch job scheduling. Note: this feature may cause significant performance issues when using MySQL 5.7 as the metastore backend due to the lack of support for mixed order index. See more details at KYUUBI #5329.                                                                                                                                                                                                                                                                                    | boolean  | 1.8.0 |
+| kyuubi.metadata.store.jdbc.url                  | jdbc:sqlite:kyuubi_state_store.db                        | The JDBC url for server JDBC metadata store. By default, it is a SQLite database url, and the state information is not shared across kyuubi instances. To enable high availability for multiple kyuubi instances, please specify a production JDBC url.                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.6.0 |
+| kyuubi.metadata.store.jdbc.user                                                                           || The username for server JDBC metadata store.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
 
 ### Metrics
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
index 419fa8447..9b1c89d77 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStore.scala
@@ -40,16 +40,23 @@ import org.apache.kyuubi.server.metadata.jdbc.DatabaseType._
 import org.apache.kyuubi.server.metadata.jdbc.JDBCMetadataStoreConf._
 import org.apache.kyuubi.session.SessionType
 import org.apache.kyuubi.util.JdbcUtils
+import org.apache.kyuubi.util.reflect.ReflectUtils
 
 class JDBCMetadataStore(conf: KyuubiConf) extends MetadataStore with Logging {
   import JDBCMetadataStore._
 
   private val dbType = DatabaseType.withName(conf.get(METADATA_STORE_JDBC_DATABASE_TYPE))
   private val driverClassOpt = conf.get(METADATA_STORE_JDBC_DRIVER)
+  private lazy val mysqlDriverClass =
+    if (ReflectUtils.isClassLoadable("com.mysql.cj.jdbc.Driver")) {
+      "com.mysql.cj.jdbc.Driver"
+    } else {
+      "com.mysql.jdbc.Driver"
+    }
   private val driverClass = dbType match {
     case SQLITE => driverClassOpt.getOrElse("org.sqlite.JDBC")
     case DERBY => driverClassOpt.getOrElse("org.apache.derby.jdbc.AutoloadedDriver")
-    case MYSQL => driverClassOpt.getOrElse("com.mysql.jdbc.Driver")
+    case MYSQL => driverClassOpt.getOrElse(mysqlDriverClass)
     case CUSTOM => driverClassOpt.getOrElse(
         throw new IllegalArgumentException("No jdbc driver defined"))
   }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
index 292cf4174..96a5539fb 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/metadata/jdbc/JDBCMetadataStoreConf.scala
@@ -40,7 +40,8 @@ object JDBCMetadataStoreConf {
         " <li>(Deprecated) DERBY: Apache Derby, JDBC driver " +
         "`org.apache.derby.jdbc.AutoloadedDriver`.</li>" +
         " <li>SQLITE: SQLite3, JDBC driver `org.sqlite.JDBC`.</li>" +
-        " <li>MYSQL: MySQL, JDBC driver `com.mysql.jdbc.Driver`.</li>" +
+        " <li>MYSQL: MySQL, JDBC driver `com.mysql.cj.jdbc.Driver` " +
+        "(fallback `com.mysql.jdbc.Driver`).</li>" +
         " <li>CUSTOM: User-defined database type, need to specify corresponding JDBC driver.</li>" +
         " Note that: The JDBC datasource is powered by HiKariCP, for datasource properties," +
         " please specify them with the prefix: kyuubi.metadata.store.jdbc.datasource." +

From c5854f74b2a69cd5f75b13a55a55e41ecf486ebb Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Wed, 18 Oct 2023 13:16:24 +0800
Subject: [PATCH 691/760] [KYUUBI #5361] [AUTHZ] Support Drop/Truncate Table
 Commands for Hudi

### _Why are the changes needed?_
To close #5361. Kyuubi authz support hudi drop/repair/truncate table commands

- DropHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/DropHoodieTableCommand.scala
- TruncateHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/TruncateHoodieTableCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5445 from AngersZhuuuu/KYUUBI-5361.

Closes #5361

ed9d43acd [Angerszhuuuu] update
a08dcaafc [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
372d1fbed [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
e0aa8a783 [Bowen Liang] add positive cases
9daf0b4d0 [Bowen Liang] compact code style
7eb0828d7 [Bowen Liang] Update extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
81024ac10 [Angerszhuuuu] update
31d440617 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
fae5a64bc [Angerszhuuuu] Merge branch 'master' into KYUUBI-5361
a70617b18 [Angerszhuuuu] [KYUUBI #5361] [AUTHZ] Support Drop/Repair/Truncate Table Commands for Hudi

Lead-authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    | 35 +++++++++
 .../plugin/spark/authz/gen/HudiCommands.scala | 31 +++++++-
 ...HudiCatalogRangerSparkExtensionSuite.scala | 72 +++++++++++++++++--
 3 files changed, 130 insertions(+), 8 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 913fef016..abf4c314c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1567,6 +1567,24 @@
   } ],
   "opType" : "CREATETABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.DropHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableIdentifier",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : {
+      "fieldName" : "tableIdentifier",
+      "fieldExtractor" : "TableIdentifierTableTypeExtractor",
+      "skipTypes" : [ "TEMP_VIEW" ]
+    },
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "DROPTABLE",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
   "tableDescs" : [ {
@@ -1581,4 +1599,21 @@
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.TruncateHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableIdentifier",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : {
+      "fieldName" : "partitionSpec",
+      "fieldExtractor" : "PartitionOptionColumnExtractor"
+    },
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "TRUNCATETABLE",
+  "queryDescs" : [ ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index c4488edbf..a5f65c3d0 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -100,6 +100,33 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc1, tableDesc2), CREATETABLE)
   }
 
+  val DropHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.DropHoodieTableCommand"
+    val tableTypeDesc =
+      TableTypeDesc(
+        "tableIdentifier",
+        classOf[TableIdentifierTableTypeExtractor],
+        Seq(TEMP_VIEW))
+    TableCommandSpec(
+      cmd,
+      Seq(TableDesc(
+        "tableIdentifier",
+        classOf[TableIdentifierTableExtractor],
+        tableTypeDesc = Some(tableTypeDesc))),
+      DROPTABLE)
+  }
+
+  val TruncateHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.TruncateHoodieTableCommand"
+    val columnDesc = ColumnDesc("partitionSpec", classOf[PartitionOptionColumnExtractor])
+    val tableDesc =
+      TableDesc(
+        "tableIdentifier",
+        classOf[TableIdentifierTableExtractor],
+        columnDesc = Some(columnDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), TRUNCATETABLE)
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
@@ -109,5 +136,7 @@ object HudiCommands {
     Spark31AlterTableCommand,
     CreateHoodieTableCommand,
     CreateHoodieTableAsSelectCommand,
-    CreateHoodieTableLikeCommand)
+    CreateHoodieTableLikeCommand,
+    DropHoodieTableCommand,
+    TruncateHoodieTableCommand)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index ac1e357a2..fc3ebf4fe 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -180,7 +180,10 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("CreateHoodieTableLikeCommand") {
-    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+    withCleanTmpResources(Seq(
+      (s"$namespace1.$table1", "table"),
+      (s"$namespace1.$table2", "table"),
+      (namespace1, "database"))) {
       doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
       doAs(
         admin,
@@ -195,15 +198,70 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
              |)
              |PARTITIONED BY(city)
              |""".stripMargin))
-      interceptContains[AccessControlException](
+
+      val createTableSql =
+        s"""
+           |CREATE TABLE IF NOT EXISTS $namespace1.$table2
+           |LIKE  $namespace1.$table1
+           |USING HUDI
+           |""".stripMargin
+      interceptContains[AccessControlException] {
         doAs(
           someone,
           sql(
-            s"""
-               |CREATE TABLE IF NOT EXISTS $namespace1.$table2
-               |LIKE  $namespace1.$table1
-               |USING HUDI
-               |""".stripMargin)))(s"does not have [select] privilege on [$namespace1/$table1]")
+            createTableSql))
+      }(s"does not have [select] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(createTableSql))
+    }
+  }
+
+  test("DropHoodieTableCommand") {
+    withCleanTmpResources(Seq((namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+
+      val dropTableSql = s"DROP TABLE IF EXISTS $namespace1.$table1"
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(dropTableSql))
+      }(s"does not have [drop] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(dropTableSql))
+    }
+  }
+
+  test("TruncateHoodieTableCommand") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+
+      val truncateTableSql = s"TRUNCATE TABLE $namespace1.$table1"
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(truncateTableSql))
+      }(s"does not have [update] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(truncateTableSql))
     }
   }
 }

From 8d2c8d1009791e4d39f858450697a797a6bfbfa7 Mon Sep 17 00:00:00 2001
From: zml1206 <zhuml1206@gmail.com>
Date: Wed, 18 Oct 2023 16:17:59 +0800
Subject: [PATCH 692/760] [KYUUBI #5449] Bump Delta Lake 3.0.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
close [#5449](https://github.com/apache/kyuubi/issues/5449).
Unlike the initial preview release, Delta Spark 3.0.0 is now built on top of Apache Spark™ 3.5.
Delta Spark maven artifact has been renamed from delta-core to delta-spark.
https://github.com/delta-io/delta/releases/tag/v3.0.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5450 from zml1206/5449.

Closes #5449

a7969ed6a [zml1206] bump Delta Lake 3.0.0

Authored-by: zml1206 <zhuml1206@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 externals/kyuubi-spark-sql-engine/pom.xml |  2 +-
 kyuubi-server/pom.xml                     |  2 +-
 pom.xml                                   | 10 ++++++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/pom.xml b/externals/kyuubi-spark-sql-engine/pom.xml
index c453bd283..555e41a44 100644
--- a/externals/kyuubi-spark-sql-engine/pom.xml
+++ b/externals/kyuubi-spark-sql-engine/pom.xml
@@ -148,7 +148,7 @@
 
         <dependency>
             <groupId>io.delta</groupId>
-            <artifactId>delta-core_${scala.binary.version}</artifactId>
+            <artifactId>${delta.artifact}_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
 
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index a8b133d27..886303a11 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -456,7 +456,7 @@
 
         <dependency>
             <groupId>io.delta</groupId>
-            <artifactId>delta-core_${scala.binary.version}</artifactId>
+            <artifactId>${delta.artifact}_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
 
diff --git a/pom.xml b/pom.xml
index 65498ba49..00ee354a1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,6 +133,7 @@
         <commons-lang.version>2.6</commons-lang.version>
         <commons-lang3.version>3.13.0</commons-lang3.version>
         <etcd.version>0.7.3</etcd.version>
+        <delta.artifact>delta-core</delta.artifact>
         <delta.version>2.4.0</delta.version>
         <failsafe.verion>2.4.4</failsafe.verion>
         <fb303.version>0.9.3</fb303.version>
@@ -1192,7 +1193,7 @@
 
             <dependency>
                 <groupId>io.delta</groupId>
-                <artifactId>delta-core_${scala.binary.version}</artifactId>
+                <artifactId>${delta.artifact}_${scala.binary.version}</artifactId>
                 <version>${delta.version}</version>
                 <exclusions>
                     <!--
@@ -2199,6 +2200,7 @@
             <properties>
                 <spark.version>3.1.3</spark.version>
                 <spark.binary.version>3.1</spark.binary.version>
+                <delta.artifact>delta-core</delta.artifact>
                 <delta.version>1.0.1</delta.version>
                 <!-- Iceberg removed the support for Spark 3.1 in apache/iceberg#8661 since 1.4.0 -->
                 <iceberg.version>1.3.1</iceberg.version>
@@ -2216,6 +2218,7 @@
             <properties>
                 <spark.version>3.2.4</spark.version>
                 <spark.binary.version>3.2</spark.binary.version>
+                <delta.artifact>delta-core</delta.artifact>
                 <delta.version>2.0.2</delta.version>
                 <spark.archive.name>spark-${spark.version}-bin-hadoop3.2${spark.archive.scala.suffix}.tgz</spark.archive.name>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
@@ -2231,6 +2234,7 @@
             </modules>
             <properties>
                 <delta.version>2.3.0</delta.version>
+                <delta.artifact>delta-core</delta.artifact>
                 <spark.version>3.3.3</spark.version>
                 <spark.binary.version>3.3</spark.binary.version>
                 <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow</maven.plugin.scalatest.exclude.tags>
@@ -2244,6 +2248,7 @@
                 <module>extensions/spark/kyuubi-spark-connector-hive</module>
             </modules>
             <properties>
+                <delta.artifact>delta-core</delta.artifact>
                 <delta.version>2.4.0</delta.version>
                 <spark.version>3.4.1</spark.version>
                 <spark.binary.version>3.4</spark.binary.version>
@@ -2257,7 +2262,8 @@
                 <module>extensions/spark/kyuubi-extension-spark-3-5</module>
             </modules>
             <properties>
-                <delta.version>2.4.0</delta.version>
+                <delta.artifact>delta-spark</delta.artifact>
+                <delta.version>3.0.0</delta.version>
                 <!-- Remove this when Hudi supports Spark 3.5 -->
                 <hudi.spark.binary.version>3.4</hudi.spark.binary.version>
                 <spark.version>3.5.0</spark.version>

From facfe57a4957b6e89bd7d2004924d7f9ff147b08 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Wed, 18 Oct 2023 18:02:29 +0800
Subject: [PATCH 693/760] [KYUUBI #5452][AUTHZ] Support Compaction table
 commands for Hudi

### _Why are the changes needed?_
To close #5452
Support Compaction table/path related command. The SQL grammar is https://github.com/apache/hudi/blob/release-0.14.0/hudi-spark-datasource/hudi-spark/src/main/antlr4/org/apache/hudi/spark/sql/parser/HoodieSqlCommon.g4

- CompactionHoodieTableCommand :https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/CompactionHoodieTableCommand.scala
- CompactionShowHoodiePathCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/CompactionShowHoodiePathCommand.scala
- CompactionShowHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/CompactionShowHoodieTableCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5454 from AngersZhuuuu/KYUUBI-5452.

Closes #5452

e42200f7e [Angerszhuuuu] follow comment
4d5139e9a [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
0e7cb924b [Angerszhuuuu] follow comment
e14dc4129 [Angerszhuuuu] [KYUUBI #5452][AUTHZ] Support Compaction table/path related command

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    | 37 +++++++++++++++++++
 .../plugin/spark/authz/gen/HudiCommands.scala | 20 ++++++++--
 ...HudiCatalogRangerSparkExtensionSuite.scala | 31 ++++++++++++++++
 3 files changed, 85 insertions(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index abf4c314c..21d647f5d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1513,6 +1513,43 @@
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CompactionHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  }, {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "CREATETABLE",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CompactionShowHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "SHOW_TBLPROPERTIES",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableAsSelectCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index a5f65c3d0..72daa89e2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -127,16 +127,30 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), TRUNCATETABLE)
   }
 
+  val CompactionHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CompactionHoodieTableCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc, tableDesc.copy(isInput = true)), CREATETABLE)
+  }
+
+  val CompactionShowHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CompactionShowHoodieTableCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor], isInput = true)
+    TableCommandSpec(cmd, Seq(tableDesc), SHOW_TBLPROPERTIES)
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
     AlterHoodieTableDropPartitionCommand,
     AlterHoodieTableRenameCommand,
     AlterTableCommand,
-    Spark31AlterTableCommand,
-    CreateHoodieTableCommand,
     CreateHoodieTableAsSelectCommand,
+    CreateHoodieTableCommand,
     CreateHoodieTableLikeCommand,
+    CompactionHoodieTableCommand,
+    CompactionShowHoodieTableCommand,
     DropHoodieTableCommand,
-    TruncateHoodieTableCommand)
+    TruncateHoodieTableCommand,
+    Spark31AlterTableCommand)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index fc3ebf4fe..48af6bf9f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -264,4 +264,35 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       doAs(admin, sql(truncateTableSql))
     }
   }
+
+  test("CompactionHoodieTableCommand / CompactionShowHoodieTableCommand") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'mor',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+
+      val compactionTable = s"RUN COMPACTION ON $namespace1.$table1"
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(compactionTable))
+      }(s"does not have [select] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(compactionTable))
+
+      val showCompactionTable = s"SHOW COMPACTION ON  $namespace1.$table1"
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(showCompactionTable))
+      }(s"does not have [select] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(showCompactionTable))
+    }
+  }
 }

From aab8144e0b88e9c7ad7a37e44a1b3d426bfe6b2e Mon Sep 17 00:00:00 2001
From: minyk <minykreva@gmail.com>
Date: Wed, 18 Oct 2023 18:52:31 +0800
Subject: [PATCH 694/760] [KYUUBI #5451] Ignore NoSuchFileException during
 OperationLog.close()

### _Why are the changes needed?_

OperationLog.close() try to close BufferedReader, but it says file is missing(NoSuchFileException). This happens a lot after restarting kyuubi-server and PV is not set for `kyuubi.operation.log.dir.root`.

Logs are like this:
```
2023-10-18 04:16:34.296 ERROR KyuubiTBinaryFrontendHandler-Pool: Thread-113 org.apache.kyuubi.operation.LaunchEngine: Failed to remove corresponding log file of operation: /opt/kyuubi/work/server_operation_logs/26434238-5615-456a-aa7b-fad4dde8da27/43a9bfd4-6795-422c-8031-5409d7fe3732
java.io.IOException: Failed to remove corresponding log file of operation: /opt/kyuubi/work/server_operation_logs/26434238-5615-456a-aa7b-fad4dde8da27/43a9bfd4-6795-422c-8031-5409d7fe3732
	at org.apache.kyuubi.operation.log.OperationLog.trySafely(OperationLog.scala:230) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.log.OperationLog.close(OperationLog.scala:201) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.KyuubiOperation.$anonfun$close$2(KyuubiOperation.scala:119) ~[kyuubi-server_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.KyuubiOperation.$anonfun$close$2$adapted(KyuubiOperation.scala:119) ~[kyuubi-server_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at scala.Option.foreach(Option.scala:407) ~[scala-library-2.12.15.jar:?]
	at org.apache.kyuubi.operation.KyuubiOperation.liftedTree2$1(KyuubiOperation.scala:119) ~[kyuubi-server_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.KyuubiOperation.close(KyuubiOperation.scala:116) ~[kyuubi-server_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.OperationManager.closeOperation(OperationManager.scala:126) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.session.AbstractSession.$anonfun$close$2(AbstractSession.scala:89) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at java.lang.Iterable.forEach(Iterable.java:75) ~[?:1.8.0_342]
...
Caused by: java.nio.file.NoSuchFileException: /opt/kyuubi/work/server_operation_logs/26434238-5615-456a-aa7b-fad4dde8da27/43a9bfd4-6795-422c-8031-5409d7fe3732
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86) ~[?:1.8.0_342]
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_342]
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:1.8.0_342]
	at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214) ~[?:1.8.0_342]
	at java.nio.file.Files.newByteChannel(Files.java:361) ~[?:1.8.0_342]
	at java.nio.file.Files.newByteChannel(Files.java:407) ~[?:1.8.0_342]
	at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384) ~[?:1.8.0_342]
	at java.nio.file.Files.newInputStream(Files.java:152) ~[?:1.8.0_342]
	at java.nio.file.Files.newBufferedReader(Files.java:2784) ~[?:1.8.0_342]
	at org.apache.kyuubi.operation.log.OperationLog.reader$lzycompute(OperationLog.scala:89) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.log.OperationLog.reader(OperationLog.scala:89) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.log.OperationLog.$anonfun$close$1(OperationLog.scala:201) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	at org.apache.kyuubi.operation.log.OperationLog.trySafely(OperationLog.scala:221) ~[kyuubi-common_2.12-1.6.1-incubating.jar:1.6.1-incubating]
	... 34 more
```

`OperationLog.trySafely()`is called by `OperationLog.close()` only, so we can ignore this exception.

This closes #5451

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [X] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5453 from minyk/kyuubi-5451.

Closes #5451

b95731499 [minyk] ignore NoSuchFileException during OperationLog.close()

Authored-by: minyk <minykreva@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../scala/org/apache/kyuubi/operation/log/OperationLog.scala   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
index 7ee803cb3..2e133df28 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/operation/log/OperationLog.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.operation.log
 import java.io.{BufferedReader, IOException}
 import java.nio.ByteBuffer
 import java.nio.charset.StandardCharsets
-import java.nio.file.{Files, Path, Paths}
+import java.nio.file.{Files, NoSuchFileException, Path, Paths}
 import java.util.{ArrayList => JArrayList, List => JList}
 
 import scala.collection.JavaConverters._
@@ -262,6 +262,7 @@ class OperationLog(path: Path) {
     try {
       f
     } catch {
+      case _: NoSuchFileException =>
       case e: IOException =>
         // Printing log here may cause a deadlock. The lock order of OperationLog.write
         // is RootLogger -> LogDivertAppender -> OperationLog. If printing log here, the

From c5fed9f2e1368e7f4046c4f1f71a9e19ea8611c0 Mon Sep 17 00:00:00 2001
From: labbomb <739955946@qq.com>
Date: Wed, 18 Oct 2023 20:26:45 +0800
Subject: [PATCH 695/760] [KYUUBI #5463] [UI] Adjust the file directory
 structure

### _Why are the changes needed?_

1. Some of the code was duplicated, so it was removed.
2. The current front-end directory is not very reasonable, and some common methods and layout structures are placed under views, which can look strange,  so I adjusted the directory structure to make it reasonable

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="1674" alt="image" src="https://github.com/apache/kyuubi/assets/15062456/e4a66198-cbaa-48b4-9055-4d36399ea228">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5463 from labbomb/dev.

Closes #5463

a1ca90a8b [labbomb] fix: fix test error
b1a73c090 [labbomb] Merge branch 'dev' of github.com:labbomb/kyuubi into dev
f91b7d08c [labbomb] feat: adjust the file directory structure

Authored-by: labbomb <739955946@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../{ => assets}/styles/element/index.scss    |  0
 .../web-ui/src/{ => assets}/styles/index.scss |  0
 .../web-ui/src/components/menu/index.vue      |  2 +-
 .../layout/components/aside/index.vue         |  0
 .../layout/components/aside/types.ts          |  0
 .../layout/components/header/index.vue        |  0
 .../layout/components/header/types.ts         |  0
 .../layout/components/header/use-locales.ts   |  0
 .../web-ui/src/{views => }/layout/index.vue   |  0
 kyuubi-server/web-ui/src/main.ts              |  4 +--
 .../web-ui/src/pinia/modules/layout.ts        | 32 -------------------
 kyuubi-server/web-ui/src/router/index.ts      |  2 +-
 .../src/test/unit/views/layout/aside.spec.ts  |  2 +-
 .../src/test/unit/views/layout/header.spec.ts |  2 +-
 .../src/test/unit/views/layout/layout.spec.ts |  2 +-
 .../src/{views/common => utils}/use-table.ts  |  0
 .../web-ui/src/views/detail/session/index.vue |  2 +-
 .../src/views/management/engine/index.vue     |  2 +-
 .../src/views/management/operation/index.vue  |  2 +-
 .../src/views/management/server/index.vue     |  2 +-
 .../src/views/management/session/index.vue    |  2 +-
 21 files changed, 12 insertions(+), 44 deletions(-)
 rename kyuubi-server/web-ui/src/{ => assets}/styles/element/index.scss (100%)
 rename kyuubi-server/web-ui/src/{ => assets}/styles/index.scss (100%)
 rename kyuubi-server/web-ui/src/{views => }/layout/components/aside/index.vue (100%)
 rename kyuubi-server/web-ui/src/{views => }/layout/components/aside/types.ts (100%)
 rename kyuubi-server/web-ui/src/{views => }/layout/components/header/index.vue (100%)
 rename kyuubi-server/web-ui/src/{views => }/layout/components/header/types.ts (100%)
 rename kyuubi-server/web-ui/src/{views => }/layout/components/header/use-locales.ts (100%)
 rename kyuubi-server/web-ui/src/{views => }/layout/index.vue (100%)
 delete mode 100644 kyuubi-server/web-ui/src/pinia/modules/layout.ts
 rename kyuubi-server/web-ui/src/{views/common => utils}/use-table.ts (100%)

diff --git a/kyuubi-server/web-ui/src/styles/element/index.scss b/kyuubi-server/web-ui/src/assets/styles/element/index.scss
similarity index 100%
rename from kyuubi-server/web-ui/src/styles/element/index.scss
rename to kyuubi-server/web-ui/src/assets/styles/element/index.scss
diff --git a/kyuubi-server/web-ui/src/styles/index.scss b/kyuubi-server/web-ui/src/assets/styles/index.scss
similarity index 100%
rename from kyuubi-server/web-ui/src/styles/index.scss
rename to kyuubi-server/web-ui/src/assets/styles/index.scss
diff --git a/kyuubi-server/web-ui/src/components/menu/index.vue b/kyuubi-server/web-ui/src/components/menu/index.vue
index d6d4d1b56..41a641273 100644
--- a/kyuubi-server/web-ui/src/components/menu/index.vue
+++ b/kyuubi-server/web-ui/src/components/menu/index.vue
@@ -22,7 +22,7 @@
     :collapse="isCollapse"
     :default-active="activePath"
     :router="true">
-    <template v-for="(menu, index) in menus">
+    <template v-for="(menu, index) in (menus as any)">
       <el-menu-item
         v-if="!menu.children || menu.children.length === 0"
         :key="index + '-1'"
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/index.vue b/kyuubi-server/web-ui/src/layout/components/aside/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/layout/components/aside/index.vue
rename to kyuubi-server/web-ui/src/layout/components/aside/index.vue
diff --git a/kyuubi-server/web-ui/src/views/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/layout/components/aside/types.ts
similarity index 100%
rename from kyuubi-server/web-ui/src/views/layout/components/aside/types.ts
rename to kyuubi-server/web-ui/src/layout/components/aside/types.ts
diff --git a/kyuubi-server/web-ui/src/views/layout/components/header/index.vue b/kyuubi-server/web-ui/src/layout/components/header/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/layout/components/header/index.vue
rename to kyuubi-server/web-ui/src/layout/components/header/index.vue
diff --git a/kyuubi-server/web-ui/src/views/layout/components/header/types.ts b/kyuubi-server/web-ui/src/layout/components/header/types.ts
similarity index 100%
rename from kyuubi-server/web-ui/src/views/layout/components/header/types.ts
rename to kyuubi-server/web-ui/src/layout/components/header/types.ts
diff --git a/kyuubi-server/web-ui/src/views/layout/components/header/use-locales.ts b/kyuubi-server/web-ui/src/layout/components/header/use-locales.ts
similarity index 100%
rename from kyuubi-server/web-ui/src/views/layout/components/header/use-locales.ts
rename to kyuubi-server/web-ui/src/layout/components/header/use-locales.ts
diff --git a/kyuubi-server/web-ui/src/views/layout/index.vue b/kyuubi-server/web-ui/src/layout/index.vue
similarity index 100%
rename from kyuubi-server/web-ui/src/views/layout/index.vue
rename to kyuubi-server/web-ui/src/layout/index.vue
diff --git a/kyuubi-server/web-ui/src/main.ts b/kyuubi-server/web-ui/src/main.ts
index 7554bc417..7e7d4d354 100644
--- a/kyuubi-server/web-ui/src/main.ts
+++ b/kyuubi-server/web-ui/src/main.ts
@@ -20,8 +20,8 @@ import router from '@/router'
 import { store } from '@/pinia'
 import i18n from '@/locales'
 import ElementPlus from 'element-plus'
-import '@/styles/element/index.scss'
-import './styles/index.scss'
+import '@/assets/styles/element/index.scss'
+import '@/assets/styles/index.scss'
 import App from './App.vue'
 import * as ElementPlusIconsVue from '@element-plus/icons-vue'
 
diff --git a/kyuubi-server/web-ui/src/pinia/modules/layout.ts b/kyuubi-server/web-ui/src/pinia/modules/layout.ts
deleted file mode 100644
index b8743a86e..000000000
--- a/kyuubi-server/web-ui/src/pinia/modules/layout.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { defineStore } from 'pinia'
-import { ref } from 'vue'
-
-export const useStore = defineStore('aside', () => {
-  const isCollapse = ref(false)
-
-  function changeCollapse() {
-    isCollapse.value = !isCollapse.value
-  }
-
-  return {
-    isCollapse,
-    changeCollapse
-  }
-})
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 797350bf2..423715661 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -35,7 +35,7 @@ const routes = [
   {
     path: '/layout',
     name: 'layout',
-    component: () => import('@/views/layout/index.vue'),
+    component: () => import('@/layout/index.vue'),
     redirect: 'overview',
     children: [
       ...overviewRoutes,
diff --git a/kyuubi-server/web-ui/src/test/unit/views/layout/aside.spec.ts b/kyuubi-server/web-ui/src/test/unit/views/layout/aside.spec.ts
index 788ccee0c..3e31535ae 100644
--- a/kyuubi-server/web-ui/src/test/unit/views/layout/aside.spec.ts
+++ b/kyuubi-server/web-ui/src/test/unit/views/layout/aside.spec.ts
@@ -16,7 +16,7 @@
  */
 
 import { mount } from '@vue/test-utils'
-import Aside from '@/views/layout/components/aside/index.vue'
+import Aside from '@/layout/components/aside/index.vue'
 import { expect, test } from 'vitest'
 import { getStore } from '@/test/unit/utils'
 import { createRouter, createWebHistory } from 'vue-router'
diff --git a/kyuubi-server/web-ui/src/test/unit/views/layout/header.spec.ts b/kyuubi-server/web-ui/src/test/unit/views/layout/header.spec.ts
index 0418ce739..1341258fa 100644
--- a/kyuubi-server/web-ui/src/test/unit/views/layout/header.spec.ts
+++ b/kyuubi-server/web-ui/src/test/unit/views/layout/header.spec.ts
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-import Header from '@/views/layout/components/header/index.vue'
+import Header from '@/layout/components/header/index.vue'
 import { expect, test } from 'vitest'
 import { mount } from '@vue/test-utils'
 import { createI18n, getStore } from '@/test/unit/utils'
diff --git a/kyuubi-server/web-ui/src/test/unit/views/layout/layout.spec.ts b/kyuubi-server/web-ui/src/test/unit/views/layout/layout.spec.ts
index be742d5bf..cfbdbd711 100644
--- a/kyuubi-server/web-ui/src/test/unit/views/layout/layout.spec.ts
+++ b/kyuubi-server/web-ui/src/test/unit/views/layout/layout.spec.ts
@@ -16,7 +16,7 @@
  */
 
 import { mount } from '@vue/test-utils'
-import Layout from '@/views/layout/index.vue'
+import Layout from '@/layout/index.vue'
 import { expect, test } from 'vitest'
 import { createI18n, getStore } from '@/test/unit/utils'
 
diff --git a/kyuubi-server/web-ui/src/views/common/use-table.ts b/kyuubi-server/web-ui/src/utils/use-table.ts
similarity index 100%
rename from kyuubi-server/web-ui/src/views/common/use-table.ts
rename to kyuubi-server/web-ui/src/utils/use-table.ts
diff --git a/kyuubi-server/web-ui/src/views/detail/session/index.vue b/kyuubi-server/web-ui/src/views/detail/session/index.vue
index 4a77b2a66..06626073f 100644
--- a/kyuubi-server/web-ui/src/views/detail/session/index.vue
+++ b/kyuubi-server/web-ui/src/views/detail/session/index.vue
@@ -100,7 +100,7 @@
   import { useRoute } from 'vue-router'
   import { format } from 'date-fns'
   import { secondTransfer } from '@/utils/unit'
-  import { useTable } from '@/views/common/use-table'
+  import { useTable } from '@/utils/use-table'
   const route = useRoute()
   const sessionProperties: Ref<any> = ref({})
   const sessionPropertiesLoading = ref(false)
diff --git a/kyuubi-server/web-ui/src/views/management/engine/index.vue b/kyuubi-server/web-ui/src/views/management/engine/index.vue
index 430482cdd..8ea305754 100644
--- a/kyuubi-server/web-ui/src/views/management/engine/index.vue
+++ b/kyuubi-server/web-ui/src/views/management/engine/index.vue
@@ -124,7 +124,7 @@
   import { reactive } from 'vue'
   import { getAllEngines, deleteEngine } from '@/api/engine'
   import { IEngineSearch } from '@/api/engine/types'
-  import { useTable } from '@/views/common/use-table'
+  import { useTable } from '@/utils/use-table'
   import { ElMessage } from 'element-plus'
   import { useI18n } from 'vue-i18n'
   import { getEngineType, getShareLevel } from '@/utils/engine'
diff --git a/kyuubi-server/web-ui/src/views/management/operation/index.vue b/kyuubi-server/web-ui/src/views/management/operation/index.vue
index 992257eb8..c5d673c8c 100644
--- a/kyuubi-server/web-ui/src/views/management/operation/index.vue
+++ b/kyuubi-server/web-ui/src/views/management/operation/index.vue
@@ -103,7 +103,7 @@
   import { format } from 'date-fns'
   import { useI18n } from 'vue-i18n'
   import { ElMessage } from 'element-plus'
-  import { useTable } from '@/views/common/use-table'
+  import { useTable } from '@/utils/use-table'
 
   const { t } = useI18n()
   const { tableData, loading, getList: _getList } = useTable()
diff --git a/kyuubi-server/web-ui/src/views/management/server/index.vue b/kyuubi-server/web-ui/src/views/management/server/index.vue
index 266c833d7..1c2f7987b 100644
--- a/kyuubi-server/web-ui/src/views/management/server/index.vue
+++ b/kyuubi-server/web-ui/src/views/management/server/index.vue
@@ -35,7 +35,7 @@
 
 <script lang="ts" setup>
   import { getAllServer } from '@/api/server'
-  import { useTable } from '@/views/common/use-table'
+  import { useTable } from '@/utils/use-table'
 
   const { tableData, loading, getList: _getList } = useTable()
   const getList = () => {
diff --git a/kyuubi-server/web-ui/src/views/management/session/index.vue b/kyuubi-server/web-ui/src/views/management/session/index.vue
index 0465c1a4a..aca436da5 100644
--- a/kyuubi-server/web-ui/src/views/management/session/index.vue
+++ b/kyuubi-server/web-ui/src/views/management/session/index.vue
@@ -78,7 +78,7 @@
   import { getAllSessions, deleteSession } from '@/api/session'
   import { ElMessage } from 'element-plus'
   import { useI18n } from 'vue-i18n'
-  import { useTable } from '@/views/common/use-table'
+  import { useTable } from '@/utils/use-table'
   import { Router, useRouter } from 'vue-router'
   const { t } = useI18n()
   const { tableData, loading, getList: _getList } = useTable()

From 6126379d464322bc95994fe7e6f3a9426dc17ae7 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Wed, 18 Oct 2023 21:16:08 +0800
Subject: [PATCH 696/760] [KYUUBI #5457] [AUTHZ] Support RepairTable Commands
 for Hudi

### _Why are the changes needed?_
To close #5457. Kyuubi authz support hudi repair table commands

- RepairHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/RepairHoodieTableCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5458 from AngersZhuuuu/KYUUBI-5457.

Closes #5457

7dcb932ff [Angerszhuuuu] Merge branch 'master' into KYUUBI-5457
85c209fa9 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
4319763df [Angerszhuuuu] [KYUUBI #5457] [AUTHZ] Support RepairTable Commands for Hudi

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    | 14 +++++++
 .../plugin/spark/authz/gen/HudiCommands.scala |  6 +++
 ...HudiCatalogRangerSparkExtensionSuite.scala | 37 +++++++++++++++++--
 3 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 21d647f5d..87831119e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1622,6 +1622,20 @@
   } ],
   "opType" : "DROPTABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.RepairHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableName",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "MSCK",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 72daa89e2..3abac4a88 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -116,6 +116,11 @@ object HudiCommands {
       DROPTABLE)
   }
 
+  val RepairHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.RepairHoodieTableCommand"
+    TableCommandSpec(cmd, Seq(TableDesc("tableName", classOf[TableIdentifierTableExtractor])), MSCK)
+  }
+
   val TruncateHoodieTableCommand = {
     val cmd = "org.apache.spark.sql.hudi.command.TruncateHoodieTableCommand"
     val columnDesc = ColumnDesc("partitionSpec", classOf[PartitionOptionColumnExtractor])
@@ -151,6 +156,7 @@ object HudiCommands {
     CompactionHoodieTableCommand,
     CompactionShowHoodieTableCommand,
     DropHoodieTableCommand,
+    RepairHoodieTableCommand,
     TruncateHoodieTableCommand,
     Spark31AlterTableCommand)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index 48af6bf9f..7d15709f8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -123,10 +123,14 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
           s" on [$namespace1/$table1]")
 
       // AlterTableCommand && Spark31AlterTableCommand
-      sql("set hoodie.schema.on.read.enable=true")
-      interceptContains[AccessControlException](
-        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS(age int)")))(
-        s"does not have [alter] privilege on [$namespace1/$table1]")
+      try {
+        sql("set hoodie.schema.on.read.enable=true")
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS(age int)")))(
+          s"does not have [alter] privilege on [$namespace1/$table1]")
+      } finally {
+        sql("set hoodie.schema.on.read.enable=false")
+      }
     }
   }
 
@@ -240,6 +244,31 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
     }
   }
 
+  test("RepairHoodieTableCommand") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+
+      val repairTableSql = s"MSCK REPAIR TABLE $namespace1.$table1"
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(repairTableSql))
+      }(s"does not have [alter] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(repairTableSql))
+    }
+  }
+
   test("TruncateHoodieTableCommand") {
     withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
       doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))

From bdc28acf411e2cb48c1e5e7699f4aa2db286045a Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Wed, 18 Oct 2023 21:46:06 +0800
Subject: [PATCH 697/760] [KYUUBI #5392] Add query timeout monitor on
 server-side in ExecuteStatement

### _Why are the changes needed?_

As reported in #5392, currently the server is unable to guarantee that the statement timed-out when the engine may have no proper response for the server's request therefore the query timeout does not work.

Introduce a server-side statement query timeout monitor, to ensure the time-out query statements are set to TIMEOUT state and help the JDBC client get out of the blocked status.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5398 from bowenliang123/stmt-timeout.

Closes #5392

f5733b3f9 [Bowen Liang] use addTimeoutMonitor for server-side query timeout checks

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../scala/org/apache/kyuubi/config/KyuubiConf.scala |  9 +++++++++
 .../apache/kyuubi/operation/ExecuteStatement.scala  | 13 ++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 50006b95e..d96f536a8 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1876,6 +1876,15 @@ object KyuubiConf {
       .checkValue(_ >= 1000, "must >= 1s if set")
       .createOptional
 
+  val OPERATION_QUERY_TIMEOUT_MONITOR_ENABLED: ConfigEntry[Boolean] =
+    buildConf("kyuubi.operation.query.timeout.monitor.enabled")
+      .doc("Whether to monitor timeout query timeout check on server side.")
+      .version("1.8.0")
+      .serverOnly
+      .internal
+      .booleanConf
+      .createWithDefault(true)
+
   val OPERATION_RESULT_MAX_ROWS: ConfigEntry[Int] =
     buildConf("kyuubi.operation.result.max.rows")
       .doc("Max rows of Spark query results. Rows exceeding the limit would be ignored. " +
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala
index 4767cbf12..86bd3f8c8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/ExecuteStatement.scala
@@ -25,6 +25,7 @@ import org.apache.hive.service.rpc.thrift.TOperationState._
 
 import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.KyuubiConf.OPERATION_QUERY_TIMEOUT_MONITOR_ENABLED
 import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.operation.FetchOrientation.FETCH_NEXT
 import org.apache.kyuubi.operation.log.OperationLog
@@ -58,6 +59,10 @@ class ExecuteStatement(
     OperationLog.removeCurrentOperationLog()
   }
 
+  private val isTimeoutMonitorEnabled: Boolean = confOverlay.getOrElse[String](
+    OPERATION_QUERY_TIMEOUT_MONITOR_ENABLED.key,
+    OPERATION_QUERY_TIMEOUT_MONITOR_ENABLED.defaultValStr).toBoolean
+
   private def executeStatement(): Unit = {
     try {
       // We need to avoid executing query in sync mode, because there is no heartbeat mechanism
@@ -84,7 +89,7 @@ class ExecuteStatement(
       var lastStateUpdateTime: Long = 0L
       val stateUpdateInterval =
         session.sessionManager.getConf.get(KyuubiConf.OPERATION_STATUS_UPDATE_INTERVAL)
-      while (!isComplete) {
+      while (!isComplete && !isTerminalState(state)) {
         fetchQueryLog()
         verifyTStatus(statusResp.getStatus)
         if (statusResp.getProgressUpdateResponse != null) {
@@ -143,6 +148,9 @@ class ExecuteStatement(
       // see if anymore log could be fetched
       fetchQueryLog()
     } catch onError()
+    finally {
+      shutdownTimeoutMonitor()
+    }
 
   private def fetchQueryLog(): Unit = {
     getOperationLog.foreach { logger =>
@@ -157,6 +165,9 @@ class ExecuteStatement(
   }
 
   override protected def runInternal(): Unit = {
+    if (isTimeoutMonitorEnabled) {
+      addTimeoutMonitor(queryTimeout)
+    }
     executeStatement()
     val sessionManager = session.sessionManager
     val asyncOperation: Runnable = () => waitStatementComplete()

From 411df6043176ffca8673908da902bc9308f6c695 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Thu, 19 Oct 2023 10:13:12 +0800
Subject: [PATCH 698/760] [KYUUBI #5360]  Support Hudi
 InsertIntoHoodieTableCommand

### _Why are the changes needed?_
To close #5360
Support Compaction table/path related command. The SQL grammar is https://github.com/apache/hudi/blob/release-0.14.0/hudi-spark-datasource/hudi-spark/src/main/antlr4/org/apache/hudi/spark/sql/parser/HoodieSqlCommon.g4

- InsertIntoHoodieTableCommand :https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/InsertIntoHoodieTableCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5456 from AngersZhuuuu/KYUUBI-5360.

Closes #5360

ebeb3f270 [Angerszhuuuu] Update table_command_spec.json
fcdc51880 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5360
d1281ca66 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
5a6ce81fb [Angerszhuuuu] Merge branch 'master' into KYUUBI-5360
ead082e39 [Angerszhuuuu] [KYUUBI #5360 ]  Support Hudi InsertIntoHoodieTableCommand

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../main/resources/table_command_spec.json    | 21 +++++++++
 .../plugin/spark/authz/gen/HudiCommands.scala | 11 +++++
 ...HudiCatalogRangerSparkExtensionSuite.scala | 46 +++++++++++++++++++
 3 files changed, 78 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 87831119e..2d7199ff9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1622,6 +1622,27 @@
   } ],
   "opType" : "DROPTABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.InsertIntoHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "logicalRelation",
+    "fieldExtractor" : "LogicalRelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : "overwrite",
+      "fieldExtractor" : "OverwriteOrInsertActionTypeExtractor",
+      "actionType" : null
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.RepairHoodieTableCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 3abac4a88..0b19204f5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -144,6 +144,16 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), SHOW_TBLPROPERTIES)
   }
 
+  val InsertIntoHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.InsertIntoHoodieTableCommand"
+    val tableDesc = TableDesc(
+      "logicalRelation",
+      classOf[LogicalRelationTableExtractor],
+      actionTypeDesc =
+        Some(ActionTypeDesc("overwrite", classOf[OverwriteOrInsertActionTypeExtractor])))
+    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
@@ -156,6 +166,7 @@ object HudiCommands {
     CompactionHoodieTableCommand,
     CompactionShowHoodieTableCommand,
     DropHoodieTableCommand,
+    InsertIntoHoodieTableCommand,
     RepairHoodieTableCommand,
     TruncateHoodieTableCommand,
     Spark31AlterTableCommand)
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index 7d15709f8..e707f0c9e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -324,4 +324,50 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       doAs(admin, sql(showCompactionTable))
     }
   }
+
+  test("InsertIntoHoodieTableCommand") {
+    withSingleCallEnabled {
+      withCleanTmpResources(Seq(
+        (s"$namespace1.$table1", "table"),
+        (s"$namespace1.$table2", "table"),
+        (namespace1, "database"))) {
+        doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin))
+
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table2(id int, name string, city string)
+               |USING $format
+               |""".stripMargin))
+
+        val insertIntoHoodieTableSql =
+          s"""
+             |INSERT INTO $namespace1.$table1
+             |PARTITION(city = 'hangzhou')
+             |SELECT id, name
+             |FROM $namespace1.$table2
+             |WHERE city = 'hangzhou'
+             |""".stripMargin
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(insertIntoHoodieTableSql))
+        }(s"does not have [select] privilege on " +
+          s"[$namespace1/$table2/id,$namespace1/$table2/name,hudi_ns/$table2/city], " +
+          s"[update] privilege on [$namespace1/$table1]")
+      }
+    }
+  }
 }

From d68507d23988dff02fb16b47c1d6448df32be99d Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Thu, 19 Oct 2023 13:04:25 +0800
Subject: [PATCH 699/760] [KYUUBI #5462] [AUTHZ] Support create table command
 for Paimon

### _Why are the changes needed?_

Apache Paimon is an incubating Apache project of data lake platform for high-speed data ingestion, changelog tracking and efficient real-time analytics.

- Initial support for Paimon tables in Authz plugin
  - Create Table Command: https://paimon.apache.org/docs/master/engines/spark3/#create-table
- Paimon `0.5.0-incubating` supports Spark 3.1/3.2/3.3/3.4.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5462 from bowenliang123/authz-paimon-createtable.

Closes #5462

8393f6ecc [liangbowen] remove spark-authz-paimon-test profile, use 3.4 as spark binary version for Paimon
a4e01a2a8 [liangbowen] update workflow inclusions
f372882aa [liangbowen] update workflow exclusions
7785dec52 [liangbowen] update workflow include
64ee20106 [liangbowen] update
73edea38f [liangbowen] add spark-authz-paimon-test profile and excluded for Spark 3.5
de58605bb [liangbowen] nit
81a4a4370 [liangbowen] nit
eb2de8359 [Bowen Liang] exclude paimon tests for spark-3.5
4f58d7727 [Bowen Liang] fix typo
cf360e6da [Bowen Liang] drop database
af8ffda14 [Bowen Liang] drop database
dc3ee9462 [Bowen Liang] support Paimon create table

Lead-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .github/workflows/master.yml                  |  2 +-
 extensions/spark/kyuubi-spark-authz/pom.xml   |  6 ++
 ...imonCatalogRangerSparkExtensionSuite.scala | 85 +++++++++++++++++++
 .../org/apache/kyuubi/tags/PaimonTest.java    | 29 +++++++
 pom.xml                                       | 12 ++-
 5 files changed, 132 insertions(+), 2 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
 create mode 100644 kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PaimonTest.java

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f590ea267..77b8922ca 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -75,7 +75,7 @@ jobs:
           - java: 8
             spark: '3.4'
             spark-archive: '-Dspark.archive.mirror=https://archive.apache.org/dist/spark/spark-3.5.0 -Dspark.archive.name=spark-3.5.0-bin-hadoop3.tgz -Pzookeeper-3.6'
-            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
+            exclude-tags: '-Dmaven.plugin.scalatest.exclude.tags=org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.IcebergTest,org.apache.kyuubi.tags.PaimonTest,org.apache.kyuubi.tags.SparkLocalClusterTest'
             comment: 'verify-on-spark-3.5-binary'
         exclude:
           # SPARK-33772: Spark supports JDK 17 since 3.3.0
diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 97145e514..1b8655612 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -323,6 +323,12 @@
             <artifactId>scala-collection-compat_${scala.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.paimon</groupId>
+            <artifactId>paimon-spark-${paimon.spark.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
new file mode 100644
index 000000000..62cd9d627
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.plugin.spark.authz.ranger
+
+import org.scalatest.Outcome
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.tags.PaimonTest
+import org.apache.kyuubi.util.AssertionUtils._
+
+/**
+ * Tests for RangerSparkExtensionSuite on Paimon
+ */
+@PaimonTest
+class PaimonCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
+  override protected val catalogImpl: String = "hive"
+  private def isSupportedVersion = !isSparkV35OrGreater
+
+  val catalogV2 = "paimon_catalog"
+  val namespace1 = "paimon_ns"
+  val table1 = "table1"
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    assume(isSupportedVersion)
+    test()
+  }
+
+  override def beforeAll(): Unit = {
+    if (isSupportedVersion) {
+      spark.conf.set(s"spark.sql.catalog.$catalogV2", "org.apache.paimon.spark.SparkCatalog")
+      spark.conf.set(
+        s"spark.sql.catalog.$catalogV2.warehouse",
+        Utils.createTempDir(catalogV2).toString)
+      super.beforeAll()
+    }
+
+    doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $catalogV2.$namespace1"))
+  }
+
+  override def afterAll(): Unit = {
+    if (isSupportedVersion) {
+      doAs(admin, sql(s"DROP DATABASE IF EXISTS $catalogV2.$namespace1"))
+
+      super.afterAll()
+      spark.sessionState.catalog.reset()
+      spark.sessionState.conf.clear()
+    }
+  }
+
+  test("CreateTable") {
+    withCleanTmpResources(Seq((s"$catalogV2.$namespace1.$table1", "table"))) {
+      val createTable =
+        s"""
+           |CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1
+           |(id int, name string, city string)
+           |USING paimon
+           |OPTIONS (
+           | primaryKey = 'id'
+           |)
+           |""".stripMargin
+
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(createTable))
+      }(s"does not have [create] privilege on [$namespace1/$table1]")
+      doAs(admin, createTable)
+    }
+  }
+}
diff --git a/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PaimonTest.java b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PaimonTest.java
new file mode 100644
index 000000000..e3e807584
--- /dev/null
+++ b/kyuubi-util-scala/src/test/java/org/apache/kyuubi/tags/PaimonTest.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.tags;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.scalatest.TagAnnotation;
+
+@TagAnnotation
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface PaimonTest {}
diff --git a/pom.xml b/pom.xml
index 00ee354a1..1f3fca53b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -184,6 +184,8 @@
           -->
         <netty.version>4.1.93.Final</netty.version>
         <openai.java.version>0.12.0</openai.java.version>
+        <paimon.version>0.5.0-incubating</paimon.version>
+        <paimon.spark.binary.version>${spark.binary.version}</paimon.spark.binary.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>
         <prometheus.version>0.16.0</prometheus.version>
@@ -1484,6 +1486,12 @@
                 <artifactId>hudi-spark${hudi.spark.binary.version}-bundle_${scala.binary.version}</artifactId>
                 <version>${hudi.version}</version>
             </dependency>
+
+            <dependency>
+                <groupId>org.apache.paimon</groupId>
+                <artifactId>paimon-spark-${paimon.spark.binary.version}</artifactId>
+                <version>${paimon.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -2266,9 +2274,11 @@
                 <delta.version>3.0.0</delta.version>
                 <!-- Remove this when Hudi supports Spark 3.5 -->
                 <hudi.spark.binary.version>3.4</hudi.spark.binary.version>
+                <!-- Remove this when Paimon supports Spark 3.5 -->
+                <paimon.spark.binary.version>3.4</paimon.spark.binary.version>
                 <spark.version>3.5.0</spark.version>
                 <spark.binary.version>3.5</spark.binary.version>
-                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.PySparkTest</maven.plugin.scalatest.exclude.tags>
+                <maven.plugin.scalatest.exclude.tags>org.scalatest.tags.Slow,org.apache.kyuubi.tags.DeltaTest,org.apache.kyuubi.tags.PySparkTest,org.apache.kyuubi.tags.PaimonTest</maven.plugin.scalatest.exclude.tags>
             </properties>
         </profile>
 

From 48bdc7d4cb9023a5de6bef2a10f3ea7512f1940d Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Thu, 19 Oct 2023 14:31:20 +0800
Subject: [PATCH 700/760] [KYUUBI #5444] [CI] Check style with profiles of
 Spark 3.4 and 3.5

### _Why are the changes needed?_

- Check style with profile of Spark 3.4 and 3.5 in the style workflow
- Isolated scalastyle check for Spark 3.1 profile, as Iceberg 1.3.1 does not support Spark 3.5

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5444 from bowenliang123/spotless-spark34.

Closes #5444

ca98c52e6 [Bowen Liang] update
9550a4a0a [Bowen Liang] enable spark-3.1 profile for spotless style checks
dae35290b [Bowen Liang] revert order
3e488cf48 [Bowen Liang] Check with Spark 3.1 profile separately
e879f09f8 [Bowen Liang] revert the order of spark versions in profiles
16456a7fd [Bowen Liang] check style with profile of Spark 3.4 and 3.5

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .github/workflows/style.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 21cacbc1d..87823ddbd 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -34,7 +34,7 @@ jobs:
     strategy:
       matrix:
         profiles:
-          - '-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.3,spark-3.2,spark-3.1,tpcds,kubernetes-it'
+          - '-Pflink-provided,hive-provided,spark-provided,spark-block-cleaner,spark-3.5,spark-3.4,spark-3.3,spark-3.2,tpcds,kubernetes-it'
 
     steps:
       - uses: actions/checkout@v3
@@ -73,7 +73,10 @@ jobs:
 
       - name: Scalastyle with maven
         id: scalastyle-check
-        run: build/mvn scalastyle:check ${{ matrix.profiles }}
+        # Check with Spark 3.1 profile separately as it use Iceberg 1.3.1 which is not compatible with Spark 3.5+
+        run: |
+          build/mvn scalastyle:check ${{ matrix.profiles }}        
+          build/mvn scalastyle:check -Pflink-provided,hive-provided,spark-provided,spark-3.1
       - name: Print scalastyle error report
         if: failure() && steps.scalastyle-check.outcome != 'success'
         run: >-
@@ -87,7 +90,7 @@ jobs:
         run: |
           SPOTLESS_BLACK_VERSION=$(build/mvn help:evaluate -Dexpression=spotless.python.black.version -q -DforceStdout)
           pip install black==$SPOTLESS_BLACK_VERSION
-          build/mvn spotless:check ${{ matrix.profiles }} -Pspotless-python
+          build/mvn spotless:check ${{ matrix.profiles }} -Pspotless-python,spark-3.1
       - name: setup npm
         uses: actions/setup-node@v3
         with:

From c4cdf18aad213c1de030cc5312487340c4074f7b Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Thu, 19 Oct 2023 20:22:29 +0800
Subject: [PATCH 701/760] [KYUUBI #5478][AUTHZ] Support Hudi
 ShowHoodieTablePartitionsCommand

### _Why are the changes needed?_
To close #5478. Kyuubi authz support hudi ShowHoodieTablePartitionsCommand

- ShowHoodieTablePartitionsCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/ShowHoodieTablePartitionsCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5481 from AngersZhuuuu/KYUUBI-5478.

Closes #5478

ef276f36c [Angerszhuuuu] [KYUUBI #5478][AUTHZ] Support Hudi ShowHoodieTablePartitionsCommand

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    | 17 +++++++++
 .../plugin/spark/authz/gen/HudiCommands.scala | 12 ++++++
 ...HudiCatalogRangerSparkExtensionSuite.scala | 37 +++++++++++++++++++
 3 files changed, 66 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 2d7199ff9..c739fe295 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1657,6 +1657,23 @@
   } ],
   "opType" : "MSCK",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.ShowHoodieTablePartitionsCommand",
+  "tableDescs" : [ {
+    "fieldName" : "tableIdentifier",
+    "fieldExtractor" : "TableIdentifierTableExtractor",
+    "columnDesc" : {
+      "fieldName" : "specOpt",
+      "fieldExtractor" : "PartitionOptionColumnExtractor"
+    },
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "SHOWPARTITIONS",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 0b19204f5..d7e40237b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -154,6 +154,17 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
   }
 
+  val ShowHoodieTablePartitionsCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.ShowHoodieTablePartitionsCommand"
+    val columnDesc = ColumnDesc("specOpt", classOf[PartitionOptionColumnExtractor])
+    val tableDesc = TableDesc(
+      "tableIdentifier",
+      classOf[TableIdentifierTableExtractor],
+      isInput = true,
+      columnDesc = Some(columnDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), SHOWPARTITIONS)
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
@@ -169,5 +180,6 @@ object HudiCommands {
     InsertIntoHoodieTableCommand,
     RepairHoodieTableCommand,
     TruncateHoodieTableCommand,
+    ShowHoodieTablePartitionsCommand,
     Spark31AlterTableCommand)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index e707f0c9e..193446bb2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -370,4 +370,41 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       }
     }
   }
+
+  test("ShowHoodieTablePartitionsCommand") {
+    withSingleCallEnabled {
+      withCleanTmpResources(Seq(
+        (s"$namespace1.$table1", "table"),
+        (s"$namespace1.$table2", "table"),
+        (namespace1, "database"))) {
+        doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin))
+
+        val showPartitionsSql = s"SHOW PARTITIONS $namespace1.$table1"
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(showPartitionsSql))
+        }(s"does not have [select] privilege on [$namespace1/$table1]")
+        doAs(admin, sql(showPartitionsSql))
+
+        val showPartitionSpecSql =
+          s"SHOW PARTITIONS $namespace1.$table1 PARTITION (city = 'hangzhou')"
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(showPartitionSpecSql))
+        }(s"does not have [select] privilege on [$namespace1/$table1/city]")
+        doAs(admin, sql(showPartitionSpecSql))
+      }
+    }
+  }
 }

From 59c25b9851ba73a585b3b622404f81f60ebc7c28 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Fri, 20 Oct 2023 20:10:34 +0800
Subject: [PATCH 702/760] [KYUUBI #5427] [AUTHZ] Shade spark authz plugin

### _Why are the changes needed?_

This PR aims to shade the kyuubi spark authz plugin to simplify the user's use.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5427 from Yikf/shade-authz.

Closes #5427

d2f7ea8d1 [yikaifei] fix
695133de4 [Kent Yao] Update docs/security/authorization/spark/install.md
f3a653133 [Kent Yao] Update docs/security/authorization/spark/build.md
963cab372 [yikaifei] bundle
2068c98fc [yikaifei] relocation
6c6e50ea7 [yikaifei] Shade spark authz plugin

Lead-authored-by: yikaifei <yikaifei@apache.org>
Co-authored-by: Kent Yao <yao@apache.org>
Signed-off-by: yikaifei <yikaifei@apache.org>
---
 docs/security/authorization/spark/build.md    |  13 +
 docs/security/authorization/spark/install.md  |   2 +-
 .../spark/kyuubi-spark-authz-shaded/pom.xml   | 317 ++++++++++++++++++
 pom.xml                                       |   1 +
 4 files changed, 332 insertions(+), 1 deletion(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz-shaded/pom.xml

diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md
index aa7fc18da..17e8e00f4 100644
--- a/docs/security/authorization/spark/build.md
+++ b/docs/security/authorization/spark/build.md
@@ -31,6 +31,19 @@ After a while, if everything goes well, you will get the plugin finally in two p
 - The main plugin jar, which is under `./extensions/spark/kyuubi-spark-authz/target/kyuubi-spark-authz_${scala.binary.version}-${project.version}.jar`
 - The least transitive dependencies needed, which are under `./extensions/spark/kyuubi-spark-authz/target/scala-${scala.binary.version}/jars`
 
+## Build shaded jar with Apache Maven
+
+Apache Kyuubi also provides the shaded jar for the Spark AuthZ plugin, You can run the AuthZ plugin using just a shaded jar without the additional dependency of jars,
+To build it, `cd` to the root direct of kyuubi project and run:
+
+```shell
+build/mvn clean package -pl :kyuubi-spark-authz-shaded_2.12 -DskipTests -am
+```
+
+After a while, if everything goes well, you will get the plugin finally:
+
+- The shaded AuthZ plugin jar, which is under `./extensions/spark/kyuubi-spark-authz-shaded/target/kyuubi-spark-authz-shaded_${scala.binary.version}-${project.version}.jar`
+
 ### Build against Different Apache Spark Versions
 
 The maven option `spark.version` is used for specifying Spark version to compile with and generate corresponding transitive dependencies.
diff --git a/docs/security/authorization/spark/install.md b/docs/security/authorization/spark/install.md
index f820f53c4..ff4131c6f 100644
--- a/docs/security/authorization/spark/install.md
+++ b/docs/security/authorization/spark/install.md
@@ -31,7 +31,7 @@
 
 ## Install
 
-With the `kyuubi-spark-authz_*.jar` and its transitive dependencies available for spark runtime classpath, such as
+Use either the shaded jar `kyuubi-spark-authz-shaded_*.jar` or the `kyuubi-spark-authz_*.jar` with its transitive dependencies available for spark runtime classpath, such as
 - Copied to `$SPARK_HOME/jars`, or
 - Specified to `spark.jars` configuration
 
diff --git a/extensions/spark/kyuubi-spark-authz-shaded/pom.xml b/extensions/spark/kyuubi-spark-authz-shaded/pom.xml
new file mode 100644
index 000000000..b135a1d7c
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz-shaded/pom.xml
@@ -0,0 +1,317 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.kyuubi</groupId>
+        <artifactId>kyuubi-parent</artifactId>
+        <version>1.9.0-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>kyuubi-spark-authz-shaded_${scala.binary.version}</artifactId>
+    <packaging>jar</packaging>
+    <name>Kyuubi Dev Spark Authorization Extension Shaded</name>
+    <url>https://kyuubi.apache.org/</url>
+
+    <properties>
+        <!-- the following components' version may need to tune to align w/ the ranger.version-->
+        <gethostname4j.version>1.0.0</gethostname4j.version>
+        <jersey.client.version>1.19.4</jersey.client.version>
+        <jna.version>5.7.0</jna.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-spark-authz_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-common</artifactId>
+            <version>${ranger.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.sun.jersey</groupId>
+                    <artifactId>jersey-bundle</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.ranger</groupId>
+                    <artifactId>ranger-plugin-classloader</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.ranger</groupId>
+                    <artifactId>ranger-plugins-audit</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-lang</groupId>
+                    <artifactId>commons-lang</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>javax.ws.rs</groupId>
+                    <artifactId>jsr311-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-core-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.kstruct</groupId>
+                    <artifactId>gethostname4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.java.dev.jna</groupId>
+                    <artifactId>jna</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.java.dev.jna</groupId>
+                    <artifactId>jna-platform</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>com.sun.jersey</groupId>
+            <artifactId>jersey-client</artifactId>
+            <version>${jersey.client.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>javax.ws.rs</groupId>
+                    <artifactId>jsr311-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>com.kstruct</groupId>
+            <artifactId>gethostname4j</artifactId>
+            <version>${gethostname4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>net.java.dev.jna</groupId>
+            <artifactId>jna</artifactId>
+            <version>${jna.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>net.java.dev.jna</groupId>
+            <artifactId>jna-platform</artifactId>
+            <version>${jna.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-audit</artifactId>
+            <version>${ranger.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.ranger</groupId>
+                    <artifactId>ranger-plugins-cred</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.kafka</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.solr</groupId>
+                    <artifactId>solr-solrj</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.elasticsearch</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.elasticsearch.client</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.elasticsearch.plugin</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.lucene</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-lang</groupId>
+                    <artifactId>commons-lang</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.carrotsearch</groupId>
+                    <artifactId>hppc</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hive</groupId>
+                    <artifactId>hive-storage-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.orc</groupId>
+                    <artifactId>orc-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.google.guava</groupId>
+                    <artifactId>guava</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>joda-time</groupId>
+                    <artifactId>joda-time</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.amazonaws</groupId>
+                    <artifactId>aws-java-sdk-bundle</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <configuration>
+                    <shadedArtifactAttached>false</shadedArtifactAttached>
+                    <artifactSet>
+                        <includes>
+                            <include>org.apache.kyuubi:kyuubi-util-scala_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:kyuubi-spark-authz_${scala.binary.version}</include>
+                            <include>org.apache.kyuubi:kyuubi-util</include>
+                            <include>org.apache.ranger:ranger-plugins-common</include>
+                            <include>org.apache.ranger:ranger-plugins-audit</include>
+                            <include>org.codehaus.jackson:jackson-jaxrs</include>
+                            <include>com.sun.jersey:jersey-client</include>
+                            <include>com.sun.jersey:jersey-core</include>
+                            <include>com.kstruct:gethostname4j</include>
+                            <include>net.java.dev.jna:jna</include>
+                            <include>net.java.dev.jna:jna-platform</include>
+                        </includes>
+                    </artifactSet>
+                    <filters>
+                        <filter>
+                            <artifact>*:*</artifact>
+                            <excludes>
+                                <exclude>**/*.proto</exclude>
+                                <exclude>META-INF/*.SF</exclude>
+                                <exclude>META-INF/*.DSA</exclude>
+                                <exclude>META-INF/*.RSA</exclude>
+                                <exclude>META-INF/DEPENDENCIES</exclude>
+                                <exclude>META-INF/LICENSE.txt</exclude>
+                                <exclude>META-INF/NOTICE.txt</exclude>
+                                <exclude>META-INF/maven/**</exclude>
+                                <exclude>LICENSE.txt</exclude>
+                                <exclude>NOTICE.txt</exclude>
+                                <exclude>mozilla/**</exclude>
+                                <exclude>**/module-info.class</exclude>
+                            </excludes>
+                        </filter>
+                    </filters>
+                    <relocations>
+                        <relocation>
+                            <pattern>org.codehaus.jackson.jaxrs</pattern>
+                            <shadedPattern>${kyuubi.shade.packageName}.org.codehaus.jackson.jaxrs</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.sun.jersey</pattern>
+                            <shadedPattern>${kyuubi.shade.packageName}.com.sun.jersey</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.sun.ws.rs.ext</pattern>
+                            <shadedPattern>${kyuubi.shade.packageName}.com.sun.ws.rs.ext</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.kstruct.gethostname4j</pattern>
+                            <shadedPattern>${kyuubi.shade.packageName}.com.kstruct.gethostname4j</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>org.apache.hadoop.security</pattern>
+                            <shadedPattern>${kyuubi.shade.packageName}.org.apache.hadoop.security</shadedPattern>
+                            <includes>
+                                <include>org.apache.hadoop.security.KrbPasswordSaverLoginModule</include>
+                                <include>org.apache.hadoop.security.SecureClientLogin</include>
+                                <include>org.apache.hadoop.security.SecureClientLoginConfiguration</include>
+                            </includes>
+                        </relocation>
+                    </relocations>
+                    <transformers>
+                        <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"></transformer>
+                    </transformers>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <phase>package</phase>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/pom.xml b/pom.xml
index 1f3fca53b..417800be1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,6 +56,7 @@
         <module>extensions/server/kyuubi-server-plugin</module>
         <module>extensions/spark/kyuubi-extension-spark-jdbc-dialect</module>
         <module>extensions/spark/kyuubi-spark-authz</module>
+        <module>extensions/spark/kyuubi-spark-authz-shaded</module>
         <module>extensions/spark/kyuubi-spark-connector-common</module>
         <module>extensions/spark/kyuubi-spark-connector-tpcds</module>
         <module>extensions/spark/kyuubi-spark-connector-tpch</module>

From abaa3698cb49a17a931ee8c4c6ab24e0dddf95e8 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Sat, 21 Oct 2023 22:46:26 +0800
Subject: [PATCH 703/760] [KYUUBI #5447][AUTHZ] Support Hudi
 DeleteHoodieTableCommand/UpdateHoodieTableCommand/MergeIntoHoodieTableCommand

### _Why are the changes needed?_
To close #5447. Kyuubi authz Support hudi DeleteHoodieTableCommand/UpdateHoodieTableCommand/MergeIntoHoodieTableCommand

- DeleteHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/DeleteHoodieTableCommand.scala
- UpdateHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/UpdateHoodieTableCommand.scala
- MergeIntoHoodieTableCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/MergeIntoHoodieTableCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5482 from AngersZhuuuu/KYUUBI-5447.

Closes #5447

2598af203 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
08be589b7 [Angerszhuuuu] Update org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor
19497d12c [Angerszhuuuu] Update tableExtractors.scala
df6e244e2 [Angerszhuuuu] update
1a72f1323 [Angerszhuuuu] update
f7ca6846c [Angerszhuuuu] Merge branch 'master' into KYUUBI-5447
37006869b [Angerszhuuuu] [KYUUBI #5447][AUTHZ] Support hudi DeleteHoodieTableCommand/UpdateHoodieTableCommand/MergeIntoHoodieTableCommand

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 ...bi.plugin.spark.authz.serde.QueryExtractor |  1 +
 ...bi.plugin.spark.authz.serde.TableExtractor |  2 +
 .../main/resources/table_command_spec.json    | 63 +++++++++++++++++
 .../spark/authz/serde/queryExtractors.scala   |  8 +++
 .../spark/authz/serde/tableExtractors.scala   | 32 ++++++++-
 .../plugin/spark/authz/gen/HudiCommands.scala | 40 ++++++++++-
 ...HudiCatalogRangerSparkExtensionSuite.scala | 67 ++++++++++++++++++-
 7 files changed, 209 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor
index c659114f9..2406a40e1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor
@@ -15,5 +15,6 @@
 # limitations under the License.
 #
 
+org.apache.kyuubi.plugin.spark.authz.serde.HudiMergeIntoSourceTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.LogicalPlanOptionQueryExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.LogicalPlanQueryExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
index 78f836c65..33c8b8759 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
@@ -19,6 +19,8 @@ org.apache.kyuubi.plugin.spark.authz.serde.CatalogTableOptionTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.CatalogTableTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.DataSourceV2RelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionSeqTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.HudiDataSourceV2RelationTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.HudiMergeIntoTargetTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.IdentifierTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.LogicalRelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedDbObjectNameTableExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index c739fe295..1d2b5dc88 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1604,6 +1604,27 @@
   } ],
   "opType" : "CREATETABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.DeleteHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "dft",
+    "fieldExtractor" : "HudiDataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.DropHoodieTableCommand",
   "tableDescs" : [ {
@@ -1643,6 +1664,27 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.MergeIntoHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "mergeInto",
+    "fieldExtractor" : "HudiMergeIntoTargetTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "mergeInto",
+    "fieldExtractor" : "HudiMergeIntoSourceTableExtractor"
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.RepairHoodieTableCommand",
   "tableDescs" : [ {
@@ -1705,4 +1747,25 @@
   } ],
   "opType" : "TRUNCATETABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.UpdateHoodieTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "ut",
+    "fieldExtractor" : "HudiDataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "query",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/queryExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/queryExtractors.scala
index f6fc19ac2..4ac87e100 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/queryExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/queryExtractors.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.plugin.spark.authz.serde
 
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 
+import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
+
 trait QueryExtractor extends (AnyRef => Option[LogicalPlan]) with Extractor
 
 object QueryExtractor {
@@ -44,3 +46,9 @@ class LogicalPlanOptionQueryExtractor extends QueryExtractor {
     v1.asInstanceOf[Option[LogicalPlan]]
   }
 }
+
+class HudiMergeIntoSourceTableExtractor extends QueryExtractor {
+  override def apply(v1: AnyRef): Option[LogicalPlan] = {
+    new LogicalPlanQueryExtractor().apply(invokeAs[LogicalPlan](v1, "sourceTable"))
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 57eab9634..47c486af3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -25,7 +25,7 @@ import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.TableIdentifier
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Expression
-import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, SubqueryAlias}
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
@@ -80,7 +80,9 @@ class TableIdentifierTableExtractor extends TableExtractor {
         val catalogTable = spark.sessionState.catalog.getTableMetadata(identifier)
         Option(catalogTable.owner).filter(_.nonEmpty)
       } catch {
-        case _: Exception => None
+        case e: Exception =>
+          e.printStackTrace()
+          None
       }
     Some(Table(None, identifier.database, identifier.table, owner))
   }
@@ -240,3 +242,29 @@ class TableTableExtractor extends TableExtractor {
     lookupExtractor[StringTableExtractor].apply(spark, tableName)
   }
 }
+
+class HudiDataSourceV2RelationTableExtractor extends TableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    invokeAs[LogicalPlan](v1, "table") match {
+      // Match multipartIdentifier with tableAlias
+      case SubqueryAlias(_, SubqueryAlias(identifier, _)) =>
+        new StringTableExtractor().apply(spark, identifier.toString())
+      // Match multipartIdentifier without tableAlias
+      case SubqueryAlias(identifier, _) =>
+        new StringTableExtractor().apply(spark, identifier.toString())
+    }
+  }
+}
+
+class HudiMergeIntoTargetTableExtractor extends TableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    invokeAs[LogicalPlan](v1, "targetTable") match {
+      // Match multipartIdentifier with tableAlias
+      case SubqueryAlias(_, SubqueryAlias(identifier, relation)) =>
+        new StringTableExtractor().apply(spark, identifier.toString())
+      // Match multipartIdentifier without tableAlias
+      case SubqueryAlias(identifier, _) =>
+        new StringTableExtractor().apply(spark, identifier.toString())
+    }
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index d7e40237b..522059f27 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -18,6 +18,7 @@
 package org.apache.kyuubi.plugin.spark.authz.gen
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
+import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.serde.TableType._
 
@@ -165,6 +166,40 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), SHOWPARTITIONS)
   }
 
+  val DeleteHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.DeleteHoodieTableCommand"
+    val actionTypeDesc = ActionTypeDesc(actionType = Some(UPDATE))
+    val tableDesc =
+      TableDesc(
+        "dft",
+        classOf[HudiDataSourceV2RelationTableExtractor],
+        actionTypeDesc = Some(actionTypeDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
+  }
+
+  val UpdateHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.UpdateHoodieTableCommand"
+    val actionTypeDesc = ActionTypeDesc(actionType = Some(UPDATE))
+    val tableDesc =
+      TableDesc(
+        "ut",
+        classOf[HudiDataSourceV2RelationTableExtractor],
+        actionTypeDesc = Some(actionTypeDesc))
+    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
+  }
+
+  val MergeIntoHoodieTableCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.MergeIntoHoodieTableCommand"
+    val actionTypeDesc = ActionTypeDesc(actionType = Some(UPDATE))
+    val tableDesc =
+      TableDesc(
+        "mergeInto",
+        classOf[HudiMergeIntoTargetTableExtractor],
+        actionTypeDesc = Some(actionTypeDesc))
+    val queryDescs = QueryDesc("mergeInto", classOf[HudiMergeIntoSourceTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDescs))
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
@@ -176,10 +211,13 @@ object HudiCommands {
     CreateHoodieTableLikeCommand,
     CompactionHoodieTableCommand,
     CompactionShowHoodieTableCommand,
+    DeleteHoodieTableCommand,
     DropHoodieTableCommand,
     InsertIntoHoodieTableCommand,
+    MergeIntoHoodieTableCommand,
     RepairHoodieTableCommand,
     TruncateHoodieTableCommand,
     ShowHoodieTablePartitionsCommand,
-    Spark31AlterTableCommand)
+    Spark31AlterTableCommand,
+    UpdateHoodieTableCommand)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index 193446bb2..fd7acd129 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -33,7 +33,7 @@ import org.apache.kyuubi.util.AssertionUtils.interceptContains
  */
 @HudiTest
 class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
-  override protected val catalogImpl: String = "hive"
+  override protected val catalogImpl: String = "in-memory"
   // TODO: Apache Hudi not support Spark 3.5 and Scala 2.13 yet,
   //  should change after Apache Hudi support Spark 3.5 and Scala 2.13.
   private def isSupportedVersion = !isSparkV35OrGreater && !isScalaV213
@@ -407,4 +407,69 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       }
     }
   }
+
+  test("DeleteHoodieTableCommand/UpdateHoodieTableCommand/MergeIntoHoodieTableCommand") {
+    withSingleCallEnabled {
+      withCleanTmpResources(Seq(
+        (s"$namespace1.$table1", "table"),
+        (s"$namespace1.$table2", "table"),
+        (namespace1, "database"))) {
+        doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin))
+
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table2(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin))
+
+        val deleteFrom = s"DELETE FROM $namespace1.$table1 WHERE id = 10"
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(deleteFrom))
+        }(s"does not have [update] privilege on [$namespace1/$table1]")
+        doAs(admin, sql(deleteFrom))
+
+        val updateSql = s"UPDATE $namespace1.$table1 SET name = 'test' WHERE id > 10"
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(updateSql))
+        }(s"does not have [update] privilege on [$namespace1/$table1]")
+        doAs(admin, sql(updateSql))
+
+        val mergeIntoSQL =
+          s"""
+             |MERGE INTO $namespace1.$table1 target
+             |USING $namespace1.$table2 source
+             |ON target.id = source.id
+             |WHEN MATCHED
+             |AND target.name == 'test'
+             | THEN UPDATE SET id = source.id, name = source.name, city = source.city
+             |""".stripMargin
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(mergeIntoSQL))
+        }(s"does not have [select] privilege on " +
+          s"[$namespace1/$table2/id,$namespace1/$table2/name,$namespace1/$table2/city]")
+        doAs(admin, sql(mergeIntoSQL))
+      }
+    }
+  }
 }

From 03d6223a41082aa2d3d0241406738ea9326d1d54 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Sun, 22 Oct 2023 22:35:39 +0800
Subject: [PATCH 704/760] [KYUUBI #5447][FOLLOWUP] Remove unrelated debug
 prints in TableIdentifierTableExtractor

### _Why are the changes needed?_
To close #5447
Remove unrelated debug change in  tableExtractor

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5494 from AngersZhuuuu/KYUUBI-5447-FOLLOWUP.

Closes #5447

90a0bcd91 [Bowen Liang] Update extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
85941e26c [Angerszhuuuu] [KYUUBI #5447][AUTHZ] Remove unrelated debug change in  tableExtractor

Lead-authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/plugin/spark/authz/serde/tableExtractors.scala     | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 47c486af3..fcd8c8207 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -80,9 +80,7 @@ class TableIdentifierTableExtractor extends TableExtractor {
         val catalogTable = spark.sessionState.catalog.getTableMetadata(identifier)
         Option(catalogTable.owner).filter(_.nonEmpty)
       } catch {
-        case e: Exception =>
-          e.printStackTrace()
-          None
+        case _: Exception => None
       }
     Some(Table(None, identifier.database, identifier.table, owner))
   }

From aae38a97d0d51d947b5898c23f162b4f81f0e9cd Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Mon, 23 Oct 2023 16:13:16 +0800
Subject: [PATCH 705/760] [KYUUBI #5492][AUTHZ] saveAsTable create DataSource
 table miss db info
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
To fix #5492
When we use saveAsTable and write as a DataSource table, since CreateTableAsDataSource command's catalogTable was directly constructed by identifier and only will check when executing, so here authz will miss db information as below case
![image](https://github.com/apache/kyuubi/assets/46485123/f6135598-489a-47db-89eb-0dba3843b90d)

This fixes this issue by following the Spark's code
<img width="1256" alt="截屏2023-10-21 下午3 37 37" src="https://github.com/apache/kyuubi/assets/46485123/d7c66db4-400b-4637-b75a-973a8a8a9968">

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5493 from AngersZhuuuu/KYUUBI-5492.

Closes #5492

46867aff2 [Angerszhuuuu] update
7a4c86fe2 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5492
f56f29924 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
7bcfc236a [Angerszhuuuu] Merge branch 'master' into KYUUBI-5492
6f2472811 [Angerszhuuuu] [KYUUBI #5492] saveAsTable create DataSource table miss db info

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../src/main/resources/table_command_spec.json    |  6 +++---
 .../plugin/spark/authz/gen/TableCommands.scala    |  3 ++-
 .../authz/ranger/RangerSparkExtensionSuite.scala  | 15 +++++++++++++++
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 1d2b5dc88..0b09c902f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -988,7 +988,7 @@
     "tableTypeDesc" : null,
     "catalogDesc" : null,
     "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
+    "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE_AS_SELECT",
   "queryDescs" : [ {
@@ -1005,7 +1005,7 @@
     "tableTypeDesc" : null,
     "catalogDesc" : null,
     "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
+    "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE",
   "queryDescs" : [ ]
@@ -1019,7 +1019,7 @@
     "tableTypeDesc" : null,
     "catalogDesc" : null,
     "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
+    "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE",
   "queryDescs" : [ ]
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index cf73cfbc6..cf7fae0d8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -377,7 +377,8 @@ object TableCommands {
 
   val CreateDataSourceTable = {
     val cmd = "org.apache.spark.sql.execution.command.CreateDataSourceTableCommand"
-    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    val tableDesc =
+      TableDesc("table", classOf[CatalogTableTableExtractor], setCurrentDatabaseIfMissing = true)
     TableCommandSpec(cmd, Seq(tableDesc), CREATETABLE)
   }
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 8e1fe0587..e4e3014f5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -35,6 +35,7 @@ import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.AssertionUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 abstract class RangerSparkExtensionSuite extends AnyFunSuite
   with SparkSessionProvider with BeforeAndAfterAll {
@@ -835,4 +836,18 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       assert(e2.getMessage.contains(s"does not have [select] privilege on [$db1/$view1/new_id]"))
     }
   }
+
+  test("[KYUUBI #5492] saveAsTable create DataSource table miss db info") {
+    val table1 = "table1"
+    withSingleCallEnabled {
+      withCleanTmpResources(Seq.empty) {
+        val df = doAs(
+          admin,
+          sql(s"SELECT * FROM VALUES(1, 100),(2, 200),(3, 300) AS t(id, scope)")).persist()
+        interceptContains[AccessControlException](
+          doAs(someone, df.write.mode("overwrite").saveAsTable(table1)))(
+          s"does not have [create] privilege on [$defaultDb/$table1]")
+      }
+    }
+  }
 }

From 1224b0d2c9557db99c5118ad414d0bb8868a9481 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Mon, 23 Oct 2023 17:39:37 +0800
Subject: [PATCH 706/760] [KYUUBI #5500] Add Kyuubi Code Program to Doc

### _Why are the changes needed?_

Add Kyuubi Code Program to Doc for long-term management and sponsorship.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

no

Closes #5500 from yaooqinn/program.

Closes #5500

14f144747 [Kent Yao] Add Kyuubi Code Program to Doc

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Kent Yao <yao@apache.org>
---
 docs/contributing/code/get_started.rst | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/docs/contributing/code/get_started.rst b/docs/contributing/code/get_started.rst
index 33981a8cd..0dcd90304 100644
--- a/docs/contributing/code/get_started.rst
+++ b/docs/contributing/code/get_started.rst
@@ -60,6 +60,31 @@ Since these problems are not urgent, you can take your time when fixing them.
   :class: dropdown, toggle
 
 
+Code Contribution Programs
+--------------------------
+
+Kyuubi Code Program is a **semi-annual** and **annual** coding program. It's
+a 2-month program and the first round will start in October, 2023.
+
+The program is open to all contributors and newbie-friendly as it will provide
+a mentor to help you get through the sub-tasks.
+
+You will be rewarded with a Kyuubi SWAG, such as a Kyuubi Contributor T-shirt,
+after you complete the program.
+
+.. image:: https://img.shields.io/badge/Kyuubi%20Code%20Program-2024H1-blue?style=for-the-badge
+
+- Status: Planning
+- Duration: 2024.02.01 - 2024.04.01
+- Sponsors: (keeping seats vacant in anticipation)
+
+.. image:: https://img.shields.io/badge/Kyuubi%20Code%20Program-2023-blue?style=for-the-badge
+   :target: https://github.com/apache/kyuubi/issues/5357
+
+- Status: In Progress
+- Duration: 2023.10.01 - 2023.12.01
+- Sponsors: NetEase
+
 .. _Good First Issues: https://github.com/apache/kyuubi/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
 .. _develop environment: idea_setup.html
 .. _Build: build.html

From 9e2fcc3f1fa1a0ff9060726d95c76c3ba93e7595 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Mon, 23 Oct 2023 21:53:17 +0800
Subject: [PATCH 707/760] [KYUUBI #5475][FOLLOWUP] Authz check permanent view's
 subquery should check view's correct privilege
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
To fix #5475

In issue #5417 we fixed the problem that AUTHZ will still check scalar-subquery/in-subquery in permanent will.
But we just ignore the check, the subquery still will run, in this PR,  we record the permanent view's visited column to check the permanent view's privilege to avoid extra execution effort.

For the test `[KYUUBI #5417] should not check scalar-subquery in permanent view` I print all the plan that pass to privilege builder as below
<img width="1398" alt="截屏2023-10-19 下午4 05 46" src="https://github.com/apache/kyuubi/assets/46485123/b136bb47-816c-4066-aba7-a74cbe323f7d">

before this pr
<img width="1310" alt="截屏2023-10-19 下午4 15 29" src="https://github.com/apache/kyuubi/assets/46485123/aa2e3cfe-bca7-493d-a364-b2c196c76c3a">

This two graph shows this pr deny the execution of subquery when we don't have  the veiw's privilege

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5476 from AngersZhuuuu/KYUUBI-5475.

Closes #5475

e1f7920f3 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5475
3bfd9e677 [Angerszhuuuu] update
6b8c0e6e5 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5475
f7585a451 [Angerszhuuuu] Update PrivilegesBuilder.scala
faea9c699 [Angerszhuuuu] [KYUUBI #5475] Authz check permanent view's subquery should check view's correct privilege

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../spark/authz/PrivilegesBuilder.scala       |  6 +++
 .../ranger/RuleApplyPermanentViewMarker.scala | 14 +++---
 .../authz/util/PermanentViewMarker.scala      |  5 ++-
 .../ranger/RangerSparkExtensionSuite.scala    | 45 +++++++++++++++++++
 4 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 5c496b874..a0ed5fb6a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -28,6 +28,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object PrivilegesBuilder {
@@ -102,6 +103,11 @@ object PrivilegesBuilder {
         val cols = conditionList ++ aggCols
         buildQuery(a.child, privilegeObjects, projectionList, cols, spark)
 
+      case pvm: PermanentViewMarker =>
+        getScanSpec(pvm).tables(pvm, spark).foreach { table =>
+          privilegeObjects += PrivilegeObject(table, pvm.visitColNames)
+        }
+
       case scan if isKnownScan(scan) && scan.resolved =>
         getScanSpec(scan).tables(scan, spark).foreach(mergeProjection(_, scan))
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
index 679b5d65d..909cd9e93 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
@@ -39,12 +39,16 @@ class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
       case permanentView: View if hasResolvedPermanentView(permanentView) =>
         val resolvedSubquery = permanentView.transformAllExpressions {
           case subquery: SubqueryExpression =>
-            // TODO: Currently, we do not do an auth check in the subquery
-            //  as the main query part also secures it. But for performance consideration,
-            //  we also pre-check it in subqueries and fail fast with negative privileges.
-            subquery.withNewPlan(plan = PermanentViewMarker(subquery.plan, null))
+            subquery.withNewPlan(plan =
+              PermanentViewMarker(
+                subquery.plan,
+                permanentView.desc,
+                permanentView.output.map(_.name)))
         }
-        PermanentViewMarker(resolvedSubquery, resolvedSubquery.desc)
+        PermanentViewMarker(
+          resolvedSubquery,
+          resolvedSubquery.desc,
+          resolvedSubquery.output.map(_.name))
       case other => apply(other)
     }
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
index 69b55e0fc..d19f7a923 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
@@ -21,7 +21,10 @@ import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-case class PermanentViewMarker(child: LogicalPlan, catalogTable: CatalogTable) extends UnaryNode
+case class PermanentViewMarker(
+    child: LogicalPlan,
+    catalogTable: CatalogTable,
+    visitColNames: Seq[String]) extends UnaryNode
   with WithInternalChild {
 
   override def output: Seq[Attribute] = child.output
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index e4e3014f5..532a11436 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -837,6 +837,51 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
     }
   }
 
+  test("[KYUUBI #5475] Check permanent view's subquery should check view's correct privilege") {
+    val db1 = defaultDb
+    val table1 = "table1"
+    val table2 = "table2"
+    val view1 = "view1"
+    withSingleCallEnabled {
+      withCleanTmpResources(
+        Seq((s"$db1.$table1", "table"), (s"$db1.$table2", "table"), (s"$db1.$view1", "view"))) {
+        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1(id int, scope int)"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               | CREATE TABLE IF NOT EXISTS $db1.$table2(
+               |  id int,
+               |  name string,
+               |  age int,
+               |  scope int)
+               | """.stripMargin))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE VIEW $db1.$view1
+               |AS
+               |WITH temp AS (
+               |    SELECT max(scope) max_scope
+               |    FROM $db1.$table1)
+               |SELECT id, name, max(scope) as max_scope, sum(age) sum_age
+               |FROM $db1.$table2
+               |WHERE scope in (SELECT max_scope FROM temp)
+               |GROUP BY id, name
+               |""".stripMargin))
+        // Will just check permanent view privilege.
+        val e2 = intercept[AccessControlException](
+          doAs(
+            someone,
+            sql(s"SELECT id as new_id, name, max_scope FROM $db1.$view1".stripMargin).show()))
+        assert(e2.getMessage.contains(
+          s"does not have [select] privilege on " +
+            s"[$db1/$view1/id,$db1/$view1/name,$db1/$view1/max_scope,$db1/$view1/sum_age]"))
+      }
+    }
+  }
+
   test("[KYUUBI #5492] saveAsTable create DataSource table miss db info") {
     val table1 = "table1"
     withSingleCallEnabled {

From 6ad9307f121e9e6aed606ca89ed82ca7f1cd3bb0 Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Mon, 23 Oct 2023 22:19:34 +0800
Subject: [PATCH 708/760] [KYUUBI #5497] [AuthZ] Simplify debug message for
 missing field/method in ReflectUtils

### _Why are the changes needed?_

It's easy for developers to check a member or method from a Java class using a code viewer or online Java doc.

The current debug msg is kinda noisy for them to locate the key information they want, which is
Java class and field name. It makes our debug log unreadable.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5497 from yaooqinn/debug.

Closes #5497

3ad42d523 [Kent Yao] addr comments
23e8e7a09 [Kent Yao] [AuthZ] Simplify debug message for missing field/methond in ReflectUtils
b7a7fbb7a [Kent Yao] [AuthZ] Simplify debug message for missing field/methond in ReflectUtils
9f94c62e4 [Kent Yao] [AuthZ] Simplify debug message for missing field/methond in ReflectUtils
78a66a33c [Kent Yao] [AuthZ] Simplify debug message for missing field/methond in ReflectUtils

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../src/test/resources/log4j2-test.xml             |  2 +-
 .../apache/kyuubi/util/reflect/ReflectUtils.scala  | 14 ++------------
 .../kyuubi/util/reflect/ReflectUtilsSuite.scala    |  6 ++----
 3 files changed, 5 insertions(+), 17 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml b/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml
index 7aaf820ad..709407281 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/log4j2-test.xml
@@ -35,7 +35,7 @@
         </File>
     </Appenders>
     <Loggers>
-        <Root level="INFO">
+        <Root level="DEBUG">
             <AppenderRef ref="stdout"/>
             <AppenderRef ref="file"/>
         </Root>
diff --git a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
index 08916b8d1..f985e4067 100644
--- a/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
+++ b/kyuubi-util-scala/src/main/scala/org/apache/kyuubi/util/reflect/ReflectUtils.scala
@@ -60,11 +60,7 @@ object ReflectUtils {
       }
     } catch {
       case e: Exception =>
-        val candidates =
-          (clz.getDeclaredFields ++ clz.getFields).map(_.getName).distinct.sorted
-        throw new RuntimeException(
-          s"Field $fieldName not in $clz [${candidates.mkString(",")}]",
-          e)
+        throw new RuntimeException(s"$clz does not have $fieldName field", e)
     }
   }
 
@@ -92,14 +88,8 @@ object ReflectUtils {
       }
     } catch {
       case e: Exception =>
-        val candidates =
-          (clz.getDeclaredMethods ++ clz.getMethods)
-            .map(m => s"${m.getName}(${m.getParameterTypes.map(_.getName).mkString(", ")})")
-            .distinct.sorted
-        val argClassesNames = argClasses.map(_.getName)
         throw new RuntimeException(
-          s"Method $methodName(${argClassesNames.mkString(", ")})" +
-            s" not found in $clz [${candidates.mkString(", ")}]",
+          s"$clz does not have $methodName${argClasses.map(_.getName).mkString("(", ", ", ")")}",
           e)
     }
   }
diff --git a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
index 626aeebe2..8f0090d5d 100644
--- a/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
+++ b/kyuubi-util-scala/src/test/scala/org/apache/kyuubi/util/reflect/ReflectUtilsSuite.scala
@@ -75,10 +75,8 @@ class ReflectUtilsSuite extends AnyFunSuite {
         "methodNotExists",
         (classOf[String], "arg1"),
         (classOf[String], "arg2"))
-    }("Method methodNotExists(java.lang.String, java.lang.String) not found " +
-      "in class org.apache.kyuubi.util.reflect.ObjectA$ " +
-      "[equals(java.lang.Object), field5(), field6(), getClass(), hashCode(), method5(), " +
-      "method6(), notify(), notifyAll(), toString(), wait(), wait(long), wait(long, int)]")
+    }("class org.apache.kyuubi.util.reflect.ObjectA$ does not have methodNotExists(" +
+      "java.lang.String, java.lang.String)")
   }
 }
 

From 81964803c9ea0c9037d7f18422f875f8bb088ac9 Mon Sep 17 00:00:00 2001
From: Fantasy-Jay <13631435453@163.com>
Date: Mon, 23 Oct 2023 22:21:17 +0800
Subject: [PATCH 709/760] [KYUUBI #5382][JDBC] Duplication cleanup improvement
 in JdbcDialect and schema helpers

### _Why are the changes needed?_

To close #5382.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5490 from zhuyaogai/issue-5382.

Closes #5382

4757445e7 [Fantasy-Jay] Remove unrelated comment.
f68c7aa6c [Fantasy-Jay] Refactor JDBC engine to reduce to code duplication.
4ad6b3c53 [Fantasy-Jay] Refactor JDBC engine to reduce to code duplication.

Authored-by: Fantasy-Jay <13631435453@163.com>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../engine/jdbc/dialect/DorisDialect.scala    |  35 +--
 .../engine/jdbc/dialect/JdbcDialect.scala     |  40 ++-
 .../engine/jdbc/dialect/PhoenixDialect.scala  |  39 ---
 .../engine/jdbc/doris/DorisRowSetHelper.scala | 122 +--------
 .../engine/jdbc/doris/DorisSchemaHelper.scala |  35 +--
 .../jdbc/phoenix/PhoenixRowSetHelper.scala    | 142 +----------
 .../jdbc/phoenix/PhoenixSchemaHelper.scala    |  46 +---
 .../engine/jdbc/schema/RowSetHelper.scala     | 231 +++++++++++++++++-
 .../engine/jdbc/schema/SchemaHelper.scala     |  94 ++++++-
 9 files changed, 366 insertions(+), 418 deletions(-)

diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/DorisDialect.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/DorisDialect.scala
index c2ae29953..f7c1ace64 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/DorisDialect.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/DorisDialect.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 package org.apache.kyuubi.engine.jdbc.dialect
-import java.sql.{Connection, ResultSet, Statement}
+import java.sql.{Connection, Statement}
 import java.util
 
 import scala.collection.JavaConverters._
@@ -23,34 +23,19 @@ import scala.collection.mutable.ArrayBuffer
 
 import org.apache.commons.lang3.StringUtils
 
-import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.engine.jdbc.doris.{DorisRowSetHelper, DorisSchemaHelper}
 import org.apache.kyuubi.engine.jdbc.schema.{RowSetHelper, SchemaHelper}
-import org.apache.kyuubi.operation.Operation
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.session.Session
 
 class DorisDialect extends JdbcDialect {
 
   override def createStatement(connection: Connection, fetchSize: Int): Statement = {
-    val statement =
-      connection.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY)
+    val statement = super.createStatement(connection, fetchSize)
     statement.setFetchSize(Integer.MIN_VALUE)
     statement
   }
 
-  override def getTypeInfoOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getCatalogsOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getSchemasOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
   override def getTablesQuery(
       catalog: String,
       schema: String,
@@ -96,10 +81,6 @@ class DorisDialect extends JdbcDialect {
     query.toString()
   }
 
-  override def getTableTypesOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
   override def getColumnsQuery(
       session: Session,
       catalogName: String,
@@ -139,18 +120,6 @@ class DorisDialect extends JdbcDialect {
     query.toString()
   }
 
-  override def getFunctionsOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getPrimaryKeysOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getCrossReferenceOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
   override def getRowSetHelper(): RowSetHelper = {
     new DorisRowSetHelper
   }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala
index e08b22758..62e20a1d2 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/JdbcDialect.scala
@@ -16,10 +16,10 @@
  */
 package org.apache.kyuubi.engine.jdbc.dialect
 
-import java.sql.{Connection, Statement}
+import java.sql.{Connection, ResultSet, Statement}
 import java.util
 
-import org.apache.kyuubi.{KyuubiException, Logging}
+import org.apache.kyuubi.{KyuubiException, KyuubiSQLException, Logging}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.{ENGINE_JDBC_CONNECTION_URL, ENGINE_JDBC_SHORT_NAME}
 import org.apache.kyuubi.engine.jdbc.schema.{RowSetHelper, SchemaHelper}
@@ -30,13 +30,24 @@ import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 abstract class JdbcDialect extends SupportServiceLoader with Logging {
 
-  def createStatement(connection: Connection, fetchSize: Int = 1000): Statement
+  def createStatement(connection: Connection, fetchSize: Int = 1000): Statement = {
+    val statement =
+      connection.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY)
+    statement.setFetchSize(fetchSize)
+    statement
+  }
 
-  def getTypeInfoOperation(session: Session): Operation
+  def getTypeInfoOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
-  def getCatalogsOperation(session: Session): Operation
+  def getCatalogsOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
-  def getSchemasOperation(session: Session): Operation
+  def getSchemasOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
   def getTablesQuery(
       catalog: String,
@@ -44,7 +55,9 @@ abstract class JdbcDialect extends SupportServiceLoader with Logging {
       tableName: String,
       tableTypes: util.List[String]): String
 
-  def getTableTypesOperation(session: Session): Operation
+  def getTableTypesOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
   def getColumnsQuery(
       session: Session,
@@ -53,16 +66,21 @@ abstract class JdbcDialect extends SupportServiceLoader with Logging {
       tableName: String,
       columnName: String): String
 
-  def getFunctionsOperation(session: Session): Operation
+  def getFunctionsOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
-  def getPrimaryKeysOperation(session: Session): Operation
+  def getPrimaryKeysOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
-  def getCrossReferenceOperation(session: Session): Operation
+  def getCrossReferenceOperation(session: Session): Operation = {
+    throw KyuubiSQLException.featureNotSupported()
+  }
 
   def getRowSetHelper(): RowSetHelper
 
   def getSchemaHelper(): SchemaHelper
-
 }
 
 object JdbcDialects extends Logging {
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/PhoenixDialect.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/PhoenixDialect.scala
index 0cce14b42..4c8e8f265 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/PhoenixDialect.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/dialect/PhoenixDialect.scala
@@ -15,8 +15,6 @@
  * limitations under the License.
  */
 package org.apache.kyuubi.engine.jdbc.dialect
-
-import java.sql.{Connection, ResultSet, Statement}
 import java.util
 
 import scala.collection.JavaConverters._
@@ -24,34 +22,13 @@ import scala.collection.mutable.ArrayBuffer
 
 import org.apache.commons.lang3.StringUtils
 
-import org.apache.kyuubi.KyuubiSQLException
 import org.apache.kyuubi.engine.jdbc.phoenix.{PhoenixRowSetHelper, PhoenixSchemaHelper}
 import org.apache.kyuubi.engine.jdbc.schema.{RowSetHelper, SchemaHelper}
-import org.apache.kyuubi.operation.Operation
 import org.apache.kyuubi.operation.meta.ResultSetSchemaConstant._
 import org.apache.kyuubi.session.Session
 
 class PhoenixDialect extends JdbcDialect {
 
-  override def createStatement(connection: Connection, fetchSize: Int): Statement = {
-    val statement =
-      connection.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY)
-    statement.setFetchSize(fetchSize)
-    statement
-  }
-
-  override def getTypeInfoOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getCatalogsOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getSchemasOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
   override def getTablesQuery(
       catalog: String,
       schema: String,
@@ -91,10 +68,6 @@ class PhoenixDialect extends JdbcDialect {
     query.toString()
   }
 
-  override def getTableTypesOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
   override def getColumnsQuery(
       session: Session,
       catalogName: String,
@@ -127,18 +100,6 @@ class PhoenixDialect extends JdbcDialect {
     query.toString()
   }
 
-  override def getFunctionsOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getPrimaryKeysOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
-  override def getCrossReferenceOperation(session: Session): Operation = {
-    throw KyuubiSQLException.featureNotSupported()
-  }
-
   override def getRowSetHelper(): RowSetHelper = {
     new PhoenixRowSetHelper
   }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisRowSetHelper.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisRowSetHelper.scala
index 1ce43c7a4..a92942cec 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisRowSetHelper.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisRowSetHelper.scala
@@ -16,125 +16,21 @@
  */
 package org.apache.kyuubi.engine.jdbc.doris
 
-import java.sql.{Date, Types}
-import java.time.LocalDateTime
-
-import scala.collection.JavaConverters._
-
 import org.apache.hive.service.rpc.thrift._
 
-import org.apache.kyuubi.engine.jdbc.schema.{Column, RowSetHelper}
-import org.apache.kyuubi.util.RowSetUtils.{bitSetToBuffer, formatDate, formatLocalDateTime}
+import org.apache.kyuubi.engine.jdbc.schema.RowSetHelper
 
 class DorisRowSetHelper extends RowSetHelper {
 
-  protected def toTColumn(
-      rows: Seq[Seq[Any]],
-      ordinal: Int,
-      sqlType: Int): TColumn = {
-    val nulls = new java.util.BitSet()
-    sqlType match {
-      case Types.BIT =>
-        val values = getOrSetAsNull[java.lang.Boolean](rows, ordinal, nulls, true)
-        TColumn.boolVal(new TBoolColumn(values, nulls))
-
-      case Types.TINYINT | Types.SMALLINT | Types.INTEGER =>
-        val values = getOrSetAsNull[java.lang.Integer](rows, ordinal, nulls, 0)
-        TColumn.i32Val(new TI32Column(values, nulls))
-
-      case Types.BIGINT =>
-        val values = getOrSetAsNull[java.lang.Long](rows, ordinal, nulls, 0L)
-        TColumn.i64Val(new TI64Column(values, nulls))
-
-      case Types.REAL =>
-        val values = getOrSetAsNull[java.lang.Float](rows, ordinal, nulls, 0.toFloat)
-          .asScala.map(n => java.lang.Double.valueOf(n.toString)).asJava
-        TColumn.doubleVal(new TDoubleColumn(values, nulls))
-
-      case Types.DOUBLE =>
-        val values = getOrSetAsNull[java.lang.Double](rows, ordinal, nulls, 0.toDouble)
-        TColumn.doubleVal(new TDoubleColumn(values, nulls))
-
-      case Types.CHAR | Types.VARCHAR =>
-        val values = getOrSetAsNull[String](rows, ordinal, nulls, "")
-        TColumn.stringVal(new TStringColumn(values, nulls))
-
-      case _ =>
-        val rowSize = rows.length
-        val values = new java.util.ArrayList[String](rowSize)
-        var i = 0
-        while (i < rowSize) {
-          val row = rows(i)
-          nulls.set(i, row(ordinal) == null)
-          val value =
-            if (row(ordinal) == null) {
-              ""
-            } else {
-              toHiveString(row(ordinal), sqlType)
-            }
-          values.add(value)
-          i += 1
-        }
-        TColumn.stringVal(new TStringColumn(values, nulls))
-    }
-  }
-
-  protected def toTColumnValue(ordinal: Int, row: List[Any], types: List[Column]): TColumnValue = {
-    types(ordinal).sqlType match {
-      case Types.BIT =>
-        val boolValue = new TBoolValue
-        if (row(ordinal) != null) boolValue.setValue(row(ordinal).asInstanceOf[Boolean])
-        TColumnValue.boolVal(boolValue)
-
-      case Types.TINYINT | Types.SMALLINT | Types.INTEGER =>
-        val tI32Value = new TI32Value
-        if (row(ordinal) != null) tI32Value.setValue(row(ordinal).asInstanceOf[Int])
-        TColumnValue.i32Val(tI32Value)
-
-      case Types.BIGINT =>
-        val tI64Value = new TI64Value
-        if (row(ordinal) != null) tI64Value.setValue(row(ordinal).asInstanceOf[Long])
-        TColumnValue.i64Val(tI64Value)
-
-      case Types.REAL =>
-        val tDoubleValue = new TDoubleValue
-        if (row(ordinal) != null) {
-          val doubleValue = java.lang.Double.valueOf(row(ordinal).asInstanceOf[Float].toString)
-          tDoubleValue.setValue(doubleValue)
-        }
-        TColumnValue.doubleVal(tDoubleValue)
-
-      case Types.DOUBLE =>
-        val tDoubleValue = new TDoubleValue
-        if (row(ordinal) != null) tDoubleValue.setValue(row(ordinal).asInstanceOf[Double])
-        TColumnValue.doubleVal(tDoubleValue)
+  override def toTinyIntTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn =
+    toIntegerTColumn(rows, ordinal)
 
-      case Types.CHAR | Types.VARCHAR =>
-        val tStringValue = new TStringValue
-        if (row(ordinal) != null) tStringValue.setValue(row(ordinal).asInstanceOf[String])
-        TColumnValue.stringVal(tStringValue)
+  override def toSmallIntTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn =
+    toIntegerTColumn(rows, ordinal)
 
-      case _ =>
-        val tStrValue = new TStringValue
-        if (row(ordinal) != null) {
-          tStrValue.setValue(
-            toHiveString(row(ordinal), types(ordinal).sqlType))
-        }
-        TColumnValue.stringVal(tStrValue)
-    }
-  }
+  override def toTinyIntTColumnValue(row: List[Any], ordinal: Int): TColumnValue =
+    toIntegerTColumnValue(row, ordinal)
 
-  protected def toHiveString(data: Any, sqlType: Int): String = {
-    (data, sqlType) match {
-      case (date: Date, Types.DATE) =>
-        formatDate(date)
-      case (dateTime: LocalDateTime, Types.TIMESTAMP) =>
-        formatLocalDateTime(dateTime)
-      case (decimal: java.math.BigDecimal, Types.DECIMAL) =>
-        decimal.toPlainString
-      // TODO support bitmap and hll
-      case (other, _) =>
-        other.toString
-    }
-  }
+  override def toSmallIntTColumnValue(row: List[Any], ordinal: Int): TColumnValue =
+    toIntegerTColumnValue(row, ordinal)
 }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisSchemaHelper.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisSchemaHelper.scala
index ca8bb6ec3..b323d3731 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisSchemaHelper.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/doris/DorisSchemaHelper.scala
@@ -16,44 +16,13 @@
  */
 package org.apache.kyuubi.engine.jdbc.doris
 
-import java.sql.Types
-
 import org.apache.hive.service.rpc.thrift._
 
 import org.apache.kyuubi.engine.jdbc.schema.SchemaHelper
 
 class DorisSchemaHelper extends SchemaHelper {
 
-  override def toTTypeId(sqlType: Int): TTypeId = sqlType match {
-    case Types.BIT =>
-      TTypeId.BOOLEAN_TYPE
-
-    case Types.TINYINT | Types.SMALLINT | Types.INTEGER =>
-      TTypeId.INT_TYPE
-
-    case Types.BIGINT =>
-      TTypeId.BIGINT_TYPE
-
-    case Types.REAL =>
-      TTypeId.FLOAT_TYPE
-
-    case Types.DOUBLE =>
-      TTypeId.DOUBLE_TYPE
-
-    case Types.CHAR | Types.VARCHAR =>
-      TTypeId.STRING_TYPE
-
-    case Types.DATE =>
-      TTypeId.DATE_TYPE
-
-    case Types.TIMESTAMP =>
-      TTypeId.TIMESTAMP_TYPE
-
-    case Types.DECIMAL =>
-      TTypeId.DECIMAL_TYPE
+  override def tinyIntToTTypeId: TTypeId = TTypeId.INT_TYPE
 
-    // TODO add more type support
-    case _ =>
-      TTypeId.STRING_TYPE
-  }
+  override def smallIntToTTypeId: TTypeId = TTypeId.INT_TYPE
 }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixRowSetHelper.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixRowSetHelper.scala
index a1f6d4ac2..67d9d09e5 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixRowSetHelper.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixRowSetHelper.scala
@@ -16,144 +16,6 @@
  */
 package org.apache.kyuubi.engine.jdbc.phoenix
 
-import java.sql.{Date, Types}
-import java.time.LocalDateTime
+import org.apache.kyuubi.engine.jdbc.schema.RowSetHelper
 
-import scala.collection.JavaConverters._
-
-import org.apache.hive.service.rpc.thrift._
-
-import org.apache.kyuubi.engine.jdbc.schema.{Column, RowSetHelper}
-import org.apache.kyuubi.util.RowSetUtils.{bitSetToBuffer, formatDate, formatLocalDateTime}
-
-class PhoenixRowSetHelper extends RowSetHelper {
-
-  protected def toTColumn(
-      rows: Seq[Seq[Any]],
-      ordinal: Int,
-      sqlType: Int): TColumn = {
-    val nulls = new java.util.BitSet()
-    sqlType match {
-
-      case Types.BIT =>
-        val values = getOrSetAsNull[java.lang.Boolean](rows, ordinal, nulls, true)
-        TColumn.boolVal(new TBoolColumn(values, nulls))
-
-      case Types.TINYINT =>
-        val values = getOrSetAsNull[java.lang.Byte](rows, ordinal, nulls, 0.toByte)
-        TColumn.byteVal(new TByteColumn(values, nulls))
-
-      case Types.SMALLINT =>
-        val values = getOrSetAsNull[java.lang.Short](rows, ordinal, nulls, 0.toShort)
-        TColumn.i16Val(new TI16Column(values, nulls))
-
-      case Types.INTEGER =>
-        val values = getOrSetAsNull[java.lang.Integer](rows, ordinal, nulls, 0)
-        TColumn.i32Val(new TI32Column(values, nulls))
-
-      case Types.BIGINT =>
-        val values = getOrSetAsNull[java.lang.Long](rows, ordinal, nulls, 0L)
-        TColumn.i64Val(new TI64Column(values, nulls))
-
-      case Types.REAL =>
-        val values = getOrSetAsNull[java.lang.Float](rows, ordinal, nulls, 0.toFloat)
-          .asScala.map(n => java.lang.Double.valueOf(n.toString)).asJava
-        TColumn.doubleVal(new TDoubleColumn(values, nulls))
-
-      case Types.DOUBLE =>
-        val values = getOrSetAsNull[java.lang.Double](rows, ordinal, nulls, 0.toDouble)
-        TColumn.doubleVal(new TDoubleColumn(values, nulls))
-
-      case Types.CHAR | Types.VARCHAR =>
-        val values = getOrSetAsNull[String](rows, ordinal, nulls, "")
-        TColumn.stringVal(new TStringColumn(values, nulls))
-
-      case _ =>
-        val rowSize = rows.length
-        val values = new java.util.ArrayList[String](rowSize)
-        var i = 0
-        while (i < rowSize) {
-          val row = rows(i)
-          nulls.set(i, row(ordinal) == null)
-          val value =
-            if (row(ordinal) == null) {
-              ""
-            } else {
-              toHiveString(row(ordinal), sqlType)
-            }
-          values.add(value)
-          i += 1
-        }
-        TColumn.stringVal(new TStringColumn(values, nulls))
-    }
-  }
-
-  protected def toTColumnValue(ordinal: Int, row: List[Any], types: List[Column]): TColumnValue = {
-    types(ordinal).sqlType match {
-      case Types.BIT =>
-        val boolValue = new TBoolValue
-        if (row(ordinal) != null) boolValue.setValue(row(ordinal).asInstanceOf[Boolean])
-        TColumnValue.boolVal(boolValue)
-
-      case Types.TINYINT =>
-        val byteValue = new TByteValue()
-        if (row(ordinal) != null) byteValue.setValue(row(ordinal).asInstanceOf[Byte])
-        TColumnValue.byteVal(byteValue)
-
-      case Types.SMALLINT =>
-        val tI16Value = new TI16Value()
-        if (row(ordinal) != null) tI16Value.setValue(row(ordinal).asInstanceOf[Short])
-        TColumnValue.i16Val(tI16Value)
-
-      case Types.INTEGER =>
-        val tI32Value = new TI32Value
-        if (row(ordinal) != null) tI32Value.setValue(row(ordinal).asInstanceOf[Int])
-        TColumnValue.i32Val(tI32Value)
-
-      case Types.BIGINT =>
-        val tI64Value = new TI64Value
-        if (row(ordinal) != null) tI64Value.setValue(row(ordinal).asInstanceOf[Long])
-        TColumnValue.i64Val(tI64Value)
-
-      case Types.REAL =>
-        val tDoubleValue = new TDoubleValue
-        if (row(ordinal) != null) {
-          val doubleValue = java.lang.Double.valueOf(row(ordinal).asInstanceOf[Float].toString)
-          tDoubleValue.setValue(doubleValue)
-        }
-        TColumnValue.doubleVal(tDoubleValue)
-
-      case Types.DOUBLE =>
-        val tDoubleValue = new TDoubleValue
-        if (row(ordinal) != null) tDoubleValue.setValue(row(ordinal).asInstanceOf[Double])
-        TColumnValue.doubleVal(tDoubleValue)
-
-      case Types.CHAR | Types.VARCHAR =>
-        val tStringValue = new TStringValue
-        if (row(ordinal) != null) tStringValue.setValue(row(ordinal).asInstanceOf[String])
-        TColumnValue.stringVal(tStringValue)
-
-      case _ =>
-        val tStrValue = new TStringValue
-        if (row(ordinal) != null) {
-          tStrValue.setValue(
-            toHiveString(row(ordinal), types(ordinal).sqlType))
-        }
-        TColumnValue.stringVal(tStrValue)
-    }
-  }
-
-  protected def toHiveString(data: Any, sqlType: Int): String = {
-    (data, sqlType) match {
-      case (date: Date, Types.DATE) =>
-        formatDate(date)
-      case (dateTime: LocalDateTime, Types.TIMESTAMP) =>
-        formatLocalDateTime(dateTime)
-      case (decimal: java.math.BigDecimal, Types.DECIMAL) =>
-        decimal.toPlainString
-      // TODO support bitmap and hll
-      case (other, _) =>
-        other.toString
-    }
-  }
-}
+class PhoenixRowSetHelper extends RowSetHelper {}
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixSchemaHelper.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixSchemaHelper.scala
index f5e04f7ca..938956cdc 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixSchemaHelper.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/phoenix/PhoenixSchemaHelper.scala
@@ -16,50 +16,6 @@
  */
 package org.apache.kyuubi.engine.jdbc.phoenix
 
-import java.sql.Types
-
-import org.apache.hive.service.rpc.thrift._
-
 import org.apache.kyuubi.engine.jdbc.schema.SchemaHelper
 
-class PhoenixSchemaHelper extends SchemaHelper {
-
-  override def toTTypeId(sqlType: Int): TTypeId = sqlType match {
-    case Types.BIT =>
-      TTypeId.BOOLEAN_TYPE
-
-    case Types.TINYINT =>
-      TTypeId.TINYINT_TYPE
-
-    case Types.SMALLINT =>
-      TTypeId.SMALLINT_TYPE
-
-    case Types.INTEGER =>
-      TTypeId.INT_TYPE
-
-    case Types.BIGINT =>
-      TTypeId.BIGINT_TYPE
-
-    case Types.REAL =>
-      TTypeId.FLOAT_TYPE
-
-    case Types.DOUBLE =>
-      TTypeId.DOUBLE_TYPE
-
-    case Types.CHAR | Types.VARCHAR =>
-      TTypeId.STRING_TYPE
-
-    case Types.DATE =>
-      TTypeId.DATE_TYPE
-
-    case Types.TIMESTAMP =>
-      TTypeId.TIMESTAMP_TYPE
-
-    case Types.DECIMAL =>
-      TTypeId.DECIMAL_TYPE
-
-    // TODO add more type support
-    case _ =>
-      TTypeId.STRING_TYPE
-  }
-}
+class PhoenixSchemaHelper extends SchemaHelper {}
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/RowSetHelper.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/RowSetHelper.scala
index d489ed8a2..74b4cec10 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/RowSetHelper.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/RowSetHelper.scala
@@ -16,10 +16,16 @@
  */
 package org.apache.kyuubi.engine.jdbc.schema
 
-import java.util
+import java.{lang, util}
+import java.sql.{Date, Types}
+import java.time.LocalDateTime
+
+import scala.collection.JavaConverters._
 
 import org.apache.hive.service.rpc.thrift._
 
+import org.apache.kyuubi.util.RowSetUtils.{bitSetToBuffer, formatDate, formatLocalDateTime}
+
 abstract class RowSetHelper {
 
   def toTRowSet(
@@ -70,9 +76,73 @@ abstract class RowSetHelper {
   protected def toTColumn(
       rows: Seq[Seq[Any]],
       ordinal: Int,
-      sqlType: Int): TColumn
+      sqlType: Int): TColumn = {
+    sqlType match {
+      case Types.BIT =>
+        toBitTColumn(rows, ordinal)
+
+      case Types.TINYINT =>
+        toTinyIntTColumn(rows, ordinal)
+
+      case Types.SMALLINT =>
+        toSmallIntTColumn(rows, ordinal)
+
+      case Types.INTEGER =>
+        toIntegerTColumn(rows, ordinal)
+
+      case Types.BIGINT =>
+        toBigIntTColumn(rows, ordinal)
+
+      case Types.REAL =>
+        toRealTColumn(rows, ordinal)
+
+      case Types.DOUBLE =>
+        toDoubleTColumn(rows, ordinal)
+
+      case Types.CHAR =>
+        toCharTColumn(rows, ordinal)
+
+      case Types.VARCHAR =>
+        toVarcharTColumn(rows, ordinal)
+
+      case _ =>
+        toDefaultTColumn(rows, ordinal, sqlType)
+    }
+  }
+
+  protected def toTColumnValue(ordinal: Int, row: List[Any], types: List[Column]): TColumnValue = {
+    types(ordinal).sqlType match {
+      case Types.BIT =>
+        toBitTColumnValue(row, ordinal)
+
+      case Types.TINYINT =>
+        toTinyIntTColumnValue(row, ordinal)
+
+      case Types.SMALLINT =>
+        toSmallIntTColumnValue(row, ordinal)
+
+      case Types.INTEGER =>
+        toIntegerTColumnValue(row, ordinal)
+
+      case Types.BIGINT =>
+        toBigIntTColumnValue(row, ordinal)
+
+      case Types.REAL =>
+        toRealTColumnValue(row, ordinal)
+
+      case Types.DOUBLE =>
+        toDoubleTColumnValue(row, ordinal)
 
-  protected def toTColumnValue(ordinal: Int, row: List[Any], types: List[Column]): TColumnValue
+      case Types.CHAR =>
+        toCharTColumnValue(row, ordinal)
+
+      case Types.VARCHAR =>
+        toVarcharTColumnValue(row, ordinal)
+
+      case _ =>
+        toDefaultTColumnValue(row, ordinal, types)
+    }
+  }
 
   protected def getOrSetAsNull[T](
       rows: Seq[Seq[Any]],
@@ -95,4 +165,159 @@ abstract class RowSetHelper {
     }
     ret
   }
+
+  protected def toDefaultTColumn(rows: Seq[Seq[Any]], ordinal: Int, sqlType: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val rowSize = rows.length
+    val values = new util.ArrayList[String](rowSize)
+    var i = 0
+    while (i < rowSize) {
+      val row = rows(i)
+      nulls.set(i, row(ordinal) == null)
+      val value =
+        if (row(ordinal) == null) {
+          ""
+        } else {
+          toHiveString(row(ordinal), sqlType)
+        }
+      values.add(value)
+      i += 1
+    }
+    TColumn.stringVal(new TStringColumn(values, nulls))
+  }
+
+  protected def toBitTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[java.lang.Boolean](rows, ordinal, nulls, true)
+    TColumn.boolVal(new TBoolColumn(values, nulls))
+  }
+
+  protected def toTinyIntTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[java.lang.Byte](rows, ordinal, nulls, 0.toByte)
+    TColumn.byteVal(new TByteColumn(values, nulls))
+  }
+
+  protected def toSmallIntTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[java.lang.Short](rows, ordinal, nulls, 0.toShort)
+    TColumn.i16Val(new TI16Column(values, nulls))
+  }
+
+  protected def toIntegerTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[java.lang.Integer](rows, ordinal, nulls, 0)
+    TColumn.i32Val(new TI32Column(values, nulls))
+  }
+
+  protected def toBigIntTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[lang.Long](rows, ordinal, nulls, 0L)
+    TColumn.i64Val(new TI64Column(values, nulls))
+  }
+
+  protected def toRealTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[lang.Float](rows, ordinal, nulls, 0.toFloat)
+      .asScala.map(n => java.lang.Double.valueOf(n.toString)).asJava
+    TColumn.doubleVal(new TDoubleColumn(values, nulls))
+  }
+
+  protected def toDoubleTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[lang.Double](rows, ordinal, nulls, 0.toDouble)
+    TColumn.doubleVal(new TDoubleColumn(values, nulls))
+  }
+
+  protected def toCharTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    toVarcharTColumn(rows, ordinal)
+  }
+
+  protected def toVarcharTColumn(rows: Seq[Seq[Any]], ordinal: Int): TColumn = {
+    val nulls = new java.util.BitSet()
+    val values = getOrSetAsNull[String](rows, ordinal, nulls, "")
+    TColumn.stringVal(new TStringColumn(values, nulls))
+  }
+
+  // ==========================================================
+
+  protected def toBitTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val boolValue = new TBoolValue
+    if (row(ordinal) != null) boolValue.setValue(row(ordinal).asInstanceOf[Boolean])
+    TColumnValue.boolVal(boolValue)
+  }
+
+  protected def toTinyIntTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val byteValue = new TByteValue
+    if (row(ordinal) != null) byteValue.setValue(row(ordinal).asInstanceOf[Byte])
+    TColumnValue.byteVal(byteValue)
+  }
+
+  protected def toSmallIntTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val tI16Value = new TI16Value
+    if (row(ordinal) != null) tI16Value.setValue(row(ordinal).asInstanceOf[Short])
+    TColumnValue.i16Val(tI16Value)
+  }
+
+  protected def toIntegerTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val tI32Value = new TI32Value
+    if (row(ordinal) != null) tI32Value.setValue(row(ordinal).asInstanceOf[Int])
+    TColumnValue.i32Val(tI32Value)
+  }
+
+  protected def toBigIntTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val tI64Value = new TI64Value
+    if (row(ordinal) != null) tI64Value.setValue(row(ordinal).asInstanceOf[Long])
+    TColumnValue.i64Val(tI64Value)
+  }
+
+  protected def toRealTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val tDoubleValue = new TDoubleValue
+    if (row(ordinal) != null) {
+      val doubleValue = java.lang.Double.valueOf(row(ordinal).asInstanceOf[Float].toString)
+      tDoubleValue.setValue(doubleValue)
+    }
+    TColumnValue.doubleVal(tDoubleValue)
+  }
+
+  protected def toDoubleTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val tDoubleValue = new TDoubleValue
+    if (row(ordinal) != null) tDoubleValue.setValue(row(ordinal).asInstanceOf[Double])
+    TColumnValue.doubleVal(tDoubleValue)
+  }
+
+  protected def toCharTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    toVarcharTColumnValue(row, ordinal)
+  }
+
+  protected def toVarcharTColumnValue(row: List[Any], ordinal: Int): TColumnValue = {
+    val tStringValue = new TStringValue
+    if (row(ordinal) != null) tStringValue.setValue(row(ordinal).asInstanceOf[String])
+    TColumnValue.stringVal(tStringValue)
+  }
+
+  protected def toDefaultTColumnValue(
+      row: List[Any],
+      ordinal: Int,
+      types: List[Column]): TColumnValue = {
+    val tStrValue = new TStringValue
+    if (row(ordinal) != null) {
+      tStrValue.setValue(
+        toHiveString(row(ordinal), types(ordinal).sqlType))
+    }
+    TColumnValue.stringVal(tStrValue)
+  }
+
+  protected def toHiveString(data: Any, sqlType: Int): String = {
+    (data, sqlType) match {
+      case (date: Date, Types.DATE) =>
+        formatDate(date)
+      case (dateTime: LocalDateTime, Types.TIMESTAMP) =>
+        formatLocalDateTime(dateTime)
+      case (decimal: java.math.BigDecimal, Types.DECIMAL) =>
+        decimal.toPlainString
+      case (other, _) =>
+        other.toString
+    }
+  }
 }
diff --git a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/SchemaHelper.scala b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/SchemaHelper.scala
index 3be3c7d42..455eb2a92 100644
--- a/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/SchemaHelper.scala
+++ b/externals/kyuubi-jdbc-engine/src/main/scala/org/apache/kyuubi/engine/jdbc/schema/SchemaHelper.scala
@@ -16,6 +16,7 @@
  */
 package org.apache.kyuubi.engine.jdbc.schema
 
+import java.sql.Types
 import java.util.Collections
 
 import scala.collection.JavaConverters._
@@ -62,6 +63,97 @@ abstract class SchemaHelper {
     ret
   }
 
-  protected def toTTypeId(sqlType: Int): TTypeId
+  protected def toTTypeId(sqlType: Int): TTypeId = sqlType match {
+    case Types.BIT =>
+      bitToTTypeId
 
+    case Types.TINYINT =>
+      tinyIntToTTypeId
+
+    case Types.SMALLINT =>
+      smallIntToTTypeId
+
+    case Types.INTEGER =>
+      integerToTTypeId
+
+    case Types.BIGINT =>
+      bigintToTTypeId
+
+    case Types.REAL =>
+      realToTTypeId
+
+    case Types.DOUBLE =>
+      doubleToTTypeId
+
+    case Types.CHAR =>
+      charToTTypeId
+
+    case Types.VARCHAR =>
+      varcharToTTypeId
+
+    case Types.DATE =>
+      dateToTTypeId
+
+    case Types.TIMESTAMP =>
+      timestampToTTypeId
+
+    case Types.DECIMAL =>
+      decimalToTTypeId
+
+    // TODO add more type support
+    case _ =>
+      defaultToTTypeId
+  }
+
+  protected def bitToTTypeId: TTypeId = {
+    TTypeId.BOOLEAN_TYPE
+  }
+
+  protected def tinyIntToTTypeId: TTypeId = {
+    TTypeId.TINYINT_TYPE
+  }
+
+  protected def smallIntToTTypeId: TTypeId = {
+    TTypeId.SMALLINT_TYPE
+  }
+
+  protected def integerToTTypeId: TTypeId = {
+    TTypeId.INT_TYPE
+  }
+
+  protected def bigintToTTypeId: TTypeId = {
+    TTypeId.BIGINT_TYPE
+  }
+
+  protected def realToTTypeId: TTypeId = {
+    TTypeId.FLOAT_TYPE
+  }
+
+  protected def doubleToTTypeId: TTypeId = {
+    TTypeId.DOUBLE_TYPE
+  }
+
+  protected def charToTTypeId: TTypeId = {
+    TTypeId.STRING_TYPE
+  }
+
+  protected def varcharToTTypeId: TTypeId = {
+    TTypeId.STRING_TYPE
+  }
+
+  protected def dateToTTypeId: TTypeId = {
+    TTypeId.DATE_TYPE
+  }
+
+  protected def timestampToTTypeId: TTypeId = {
+    TTypeId.TIMESTAMP_TYPE
+  }
+
+  protected def decimalToTTypeId: TTypeId = {
+    TTypeId.DECIMAL_TYPE
+  }
+
+  protected def defaultToTTypeId: TTypeId = {
+    TTypeId.STRING_TYPE
+  }
 }

From ae29440453c35f4e541fb286effd6561d5234ba9 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 24 Oct 2023 11:19:56 +0800
Subject: [PATCH 710/760] [KYUUBI #5472] Permanent View should pass column when
 child plan no output

### _Why are the changes needed?_
To close #5472

For cases such as `SELECT COUNT(*) FORM  XXX`, when `XXX` is table, will extract table's column, if `XXX` is view, only pass the view name

```
  test("[KYUUBI #xxx] ") {
    val db1 = defaultDb
    val table1 = "table1"
    val view1 = "view1"
    withSingleCallEnabled {
      withCleanTmpResources(Seq((s"$db1.$table1", "table"), (s"$db1.$view1", "view"))) {
        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
        doAs(admin, sql(s"CREATE VIEW $db1.$view1 AS SELECT * FROM $db1.$table1"))
        val e1 = intercept[AccessControlException](
          doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))
        assert(e1.getMessage.contains(
          s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/scope]"))

        val e2 = intercept[AccessControlException](
          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))
        assert(e2.getMessage.contains(
          s"does not have [select] privilege on [$db1/$view1]"))
      }
    }
  }
```

After this pr, view will also extract columns.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5473 from AngersZhuuuu/KYUUBI-5742.

Closes #5472

6575ad2ba [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
8a264a810 [Angerszhuuuu] Update
afa43d356 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742
9f0bfb2a7 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742
275784478 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
88f3d3282 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742
cd62c8d20 [Angerszhuuuu] update
55be7da95 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
4200ed3ed [Angerszhuuuu] [KYUUBI #5742] Permanent View should pass column when child plan no output

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../ranger/RangerSparkExtensionSuite.scala    | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 532a11436..c2e886f02 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -895,4 +895,50 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       }
     }
   }
+
+  test("[KYUUBI #5472] Permanent View should pass column when child plan no output ") {
+    val db1 = defaultDb
+    val table1 = "table1"
+    val view1 = "view1"
+    val view2 = "view2"
+    withSingleCallEnabled {
+      withCleanTmpResources(
+        Seq((s"$db1.$table1", "table"), (s"$db1.$view1", "view"), (s"$db1.$view2", "view"))) {
+        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
+        doAs(admin, sql(s"CREATE VIEW $db1.$view1 AS SELECT * FROM $db1.$table1"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE VIEW $db1.$view2
+               |AS
+               |SELECT count(*) as cnt, sum(id) as sum_id FROM $db1.$table1
+            """.stripMargin))
+        val e1 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))
+        assert(e1.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/scope]"))
+
+        val e2 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))
+        assert(e2.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view1/id,$db1/$view1/scope]"))
+
+        val e3 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2").show()))
+        assert(e3.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+
+        val e4 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2 WHERE cnt > 10").show()))
+        assert(e4.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+
+        val e5 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(cnt) FROM $db1.$view2 WHERE cnt > 10").show()))
+        assert(e5.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+      }
+    }
+  }
 }

From 64578d13328db22405efb2347513301c0cec5ee5 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 24 Oct 2023 14:26:27 +0800
Subject: [PATCH 711/760] [KYUUBI #5479][AUTHZ] Support Hudi
 CallProcedureHoodieCommand for stored procedures

### _Why are the changes needed?_
To close #5479
Support Hudi CallProcedureHoodieCommand,  grammar https://hudi.apache.org/docs/procedures/

- CallProcedureHoodieCommand: https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark-common/src/main/scala/org/apache/spark/sql/hudi/command/CallProcedureHoodieCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5502 from AngersZhuuuu/KYUUBI-5479.

Closes #5479

583df35b4 [Angerszhuuuu] Update tableExtractors.scala
6b51a9d6c [Bowen Liang] refactor extractors in more scala way, and use lookupExtractor for reusing StringTableExtractor singleton
cde7992da [Angerszhuuuu] [KYUUBI #5479][AUTHZ] Support Hudi CallProcedureHoodieCommand

Lead-authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 ...bi.plugin.spark.authz.serde.TableExtractor |   2 +
 .../main/resources/table_command_spec.json    |  31 +++
 .../spark/authz/serde/tableExtractors.scala   | 227 +++++++++++++++++-
 .../plugin/spark/authz/gen/HudiCommands.scala |  19 ++
 ...HudiCatalogRangerSparkExtensionSuite.scala |  50 ++++
 5 files changed, 328 insertions(+), 1 deletion(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
index 33c8b8759..dc35a8f51 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor
@@ -21,6 +21,8 @@ org.apache.kyuubi.plugin.spark.authz.serde.DataSourceV2RelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ExpressionSeqTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.HudiDataSourceV2RelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.HudiMergeIntoTargetTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.HudiCallProcedureInputTableExtractor
+org.apache.kyuubi.plugin.spark.authz.serde.HudiCallProcedureOutputTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.IdentifierTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.LogicalRelationTableExtractor
 org.apache.kyuubi.plugin.spark.authz.serde.ResolvedDbObjectNameTableExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 0b09c902f..f4d5eb60a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1513,6 +1513,37 @@
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CallProcedureHoodieCommand",
+  "tableDescs" : [ {
+    "fieldName" : "clone",
+    "fieldExtractor" : "HudiCallProcedureInputTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "OTHER"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : true
+  }, {
+    "fieldName" : "clone",
+    "fieldExtractor" : "HudiCallProcedureOutputTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : true
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CompactionHoodieTableCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index fcd8c8207..2c212cc5c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -18,14 +18,17 @@
 package org.apache.kyuubi.plugin.spark.authz.serde
 
 import java.util.{Map => JMap}
+import java.util.LinkedHashMap
 
 import scala.collection.JavaConverters._
 
 import org.apache.spark.sql.SparkSession
-import org.apache.spark.sql.catalyst.TableIdentifier
+import org.apache.spark.sql.catalyst.{InternalRow, TableIdentifier}
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Expression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, SubqueryAlias}
+import org.apache.spark.sql.types.DataType
+import org.apache.spark.unsafe.types.UTF8String
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
@@ -266,3 +269,225 @@ class HudiMergeIntoTargetTableExtractor extends TableExtractor {
     }
   }
 }
+
+abstract class HudiCallProcedureTableExtractor extends TableExtractor {
+
+  protected def extractTableIdentifier(
+      procedure: AnyRef,
+      args: AnyRef,
+      tableParameterKey: String): Option[String] = {
+    val tableIdentifierParameter =
+      invokeAs[Array[AnyRef]](procedure, "parameters")
+        .find(invokeAs[String](_, "name").equals(tableParameterKey))
+        .getOrElse(throw new IllegalArgumentException(s"Could not find param $tableParameterKey"))
+    val tableIdentifierParameterIndex = invokeAs[LinkedHashMap[String, Int]](args, "map")
+      .getOrDefault(tableParameterKey, INVALID_INDEX)
+    tableIdentifierParameterIndex match {
+      case INVALID_INDEX =>
+        None
+      case argsIndex =>
+        val dataType = invokeAs[DataType](tableIdentifierParameter, "dataType")
+        val row = invokeAs[InternalRow](args, "internalRow")
+        val tableName = InternalRow.getAccessor(dataType, true)(row, argsIndex)
+        Option(tableName.asInstanceOf[UTF8String].toString)
+    }
+  }
+
+  case class ProcedureArgsInputOutputPair(
+      input: Option[String] = None,
+      output: Option[String] = None)
+
+  protected val PROCEDURE_CLASS_PATH = "org.apache.spark.sql.hudi.command.procedures"
+
+  protected val INVALID_INDEX = -1
+
+  // These pairs are used to get the procedure input/output args which user passed in call command.
+  protected val procedureArgsInputOutputPairs: Map[String, ProcedureArgsInputOutputPair] = Map(
+    (
+      s"$PROCEDURE_CLASS_PATH.ArchiveCommitsProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.CommitsCompareProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.CopyToTableProcedure",
+      ProcedureArgsInputOutputPair(
+        input = Some("table"),
+        output = Some("new_table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.CopyToTempViewProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.CreateMetadataTableProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.CreateSavepointProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.DeleteMarkerProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.DeleteMetadataTableProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.DeleteSavepointProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ExportInstantsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.HdfsParquetImportProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.HelpProcedure",
+      ProcedureArgsInputOutputPair()),
+    (
+      s"$PROCEDURE_CLASS_PATH.HiveSyncProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.InitMetadataTableProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RepairAddpartitionmetaProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RepairCorruptedCleanFilesProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RepairDeduplicateProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RepairMigratePartitionMetaProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RepairOverwriteHoodiePropsProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RollbackToInstantTimeProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RollbackToSavepointProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RunBootstrapProcedure",
+      ProcedureArgsInputOutputPair(
+        input = Some("table"),
+        output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RunCleanProcedure",
+      ProcedureArgsInputOutputPair(
+        input = Some("table"),
+        output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RunClusteringProcedure",
+      ProcedureArgsInputOutputPair(
+        input = Some("table"),
+        output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.RunCompactionProcedure",
+      ProcedureArgsInputOutputPair(
+        input = Some("table"),
+        output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowArchivedCommitsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowBootstrapMappingProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowClusteringProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowCommitExtraMetadataProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowCommitFilesProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowCommitPartitionsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowCommitWriteStatsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowCompactionProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowFileSystemViewProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowFsPathDetailProcedure",
+      ProcedureArgsInputOutputPair()),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowHoodieLogFileMetadataProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowHoodieLogFileRecordsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowInvalidParquetProcedure",
+      ProcedureArgsInputOutputPair()),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowMetadataTableFilesProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowMetadataTablePartitionsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowMetadataTableStatsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowRollbacksProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowSavepointsProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ShowTablePropertiesProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.StatsFileSizeProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.StatsWriteAmplificationProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.UpgradeOrDowngradeProcedure",
+      ProcedureArgsInputOutputPair(output = Some("table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ValidateHoodieSyncProcedure",
+      ProcedureArgsInputOutputPair(
+        input = Some("src_table"),
+        output = Some("dst_table"))),
+    (
+      s"$PROCEDURE_CLASS_PATH.ValidateMetadataTableFilesProcedure",
+      ProcedureArgsInputOutputPair(input = Some("table"))))
+}
+
+class HudiCallProcedureOutputTableExtractor
+  extends HudiCallProcedureTableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    val procedure = invokeAs[AnyRef](v1, "procedure")
+    val args = invokeAs[AnyRef](v1, "args")
+    procedureArgsInputOutputPairs.get(procedure.getClass.getName)
+      .filter(_.output.isDefined)
+      .map { argsPairs =>
+        val tableIdentifier = extractTableIdentifier(procedure, args, argsPairs.output.get)
+        lookupExtractor[StringTableExtractor].apply(spark, tableIdentifier.get).orNull
+      }
+  }
+}
+
+class HudiCallProcedureInputTableExtractor
+  extends HudiCallProcedureTableExtractor {
+  override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
+    val procedure = invokeAs[AnyRef](v1, "procedure")
+    val args = invokeAs[AnyRef](v1, "args")
+    procedureArgsInputOutputPairs.get(procedure.getClass.getName)
+      .filter(_.input.isDefined)
+      .map { argsPairs =>
+        val tableIdentifier = extractTableIdentifier(procedure, args, argsPairs.input.get)
+        lookupExtractor[StringTableExtractor].apply(spark, tableIdentifier.get).orNull
+      }
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 522059f27..7909bef9b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -200,12 +200,31 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDescs))
   }
 
+  val CallProcedureHoodieCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CallProcedureHoodieCommand"
+    TableCommandSpec(
+      cmd,
+      Seq(
+        TableDesc(
+          "clone",
+          classOf[HudiCallProcedureInputTableExtractor],
+          actionTypeDesc = Some(ActionTypeDesc(actionType = Some(OTHER))),
+          isInput = true,
+          setCurrentDatabaseIfMissing = true),
+        TableDesc(
+          "clone",
+          classOf[HudiCallProcedureOutputTableExtractor],
+          actionTypeDesc = Some(ActionTypeDesc(actionType = Some(UPDATE))),
+          setCurrentDatabaseIfMissing = true)))
+  }
+
   val data: Array[TableCommandSpec] = Array(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
     AlterHoodieTableDropPartitionCommand,
     AlterHoodieTableRenameCommand,
     AlterTableCommand,
+    CallProcedureHoodieCommand,
     CreateHoodieTableAsSelectCommand,
     CreateHoodieTableCommand,
     CreateHoodieTableLikeCommand,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index fd7acd129..7e7c3ad9e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -472,4 +472,54 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       }
     }
   }
+
+  test("CallProcedureHoodieCommand") {
+    withSingleCallEnabled {
+      withCleanTmpResources(Seq(
+        (s"$namespace1.$table1", "table"),
+        (s"$namespace1.$table2", "table"),
+        (namespace1, "database"))) {
+        doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE TABLE IF NOT EXISTS $namespace1.$table2(id int, name string, city string)
+               |USING HUDI
+               |OPTIONS (
+               | type = 'cow',
+               | primaryKey = 'id',
+               | 'hoodie.datasource.hive_sync.enable' = 'false'
+               |)
+               |PARTITIONED BY(city)
+               |""".stripMargin))
+
+        val copy_to_table =
+          s"CALL copy_to_table(table => '$namespace1.$table1', new_table => '$namespace1.$table2')"
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(copy_to_table))
+        }(s"does not have [select] privilege on [$namespace1/$table1]")
+        doAs(admin, sql(copy_to_table))
+
+        val show_table_properties = s"CALL show_table_properties(table => '$namespace1.$table1')"
+        interceptContains[AccessControlException] {
+          doAs(someone, sql(show_table_properties))
+        }(s"does not have [select] privilege on [$namespace1/$table1]")
+        doAs(admin, sql(show_table_properties))
+      }
+    }
+  }
 }

From 885b8189a1ce36afe88decdf01c9c5ccfd0d32b4 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Tue, 24 Oct 2023 16:14:20 +0800
Subject: [PATCH 712/760] [KYUUBI #5435][INFRA][TEST] Improve Kyuubi On
 Kubernetes IT

### _Why are the changes needed?_

Improve Kyuubi On Kubernetes IT

Done:
1. Copy spark submit engine log in kyuubi pod to local and upload when test failed.
2. pre install spark image into minikube to avoid image pull error

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5437 from zwangsheng/KYUUBI#5435.

Closes #5435

0cbbafce7 [zwangsheng] add comment
1f1336c59 [zwangsheng] ready
e1c10a6ea [zwangsheng] debug
32759015c [zwangsheng] debug
8e2f1eaf1 [zwangsheng] debug
80eaae30a [zwangsheng] [KYUUBI #5435][NOT_MERGE][TEST] Improve Kyuubi On Kubernetes IT

Authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                               | 7 +++++++
 .../test/deployment/KyuubiOnKubernetesTestsSuite.scala     | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 77b8922ca..c934c2d5e 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -403,6 +403,9 @@ jobs:
           minikube start --cpus 2 --memory 4096 --kubernetes-version=${KUBERNETES_VERSION} --force
           # https://minikube.sigs.k8s.io/docs/handbook/pushing/#7-loading-directly-to-in-cluster-container-runtime
           minikube image load apache/kyuubi:latest
+          # pre-install spark into minikube
+          docker pull apache/spark:3.4.1
+          minikube image load apache/spark:3.4.1
       - name: kubectl pre-check
         run: |
           kubectl get nodes
@@ -425,6 +428,9 @@ jobs:
       - name: Cat kyuubi server log
         if: failure()
         run: kubectl logs kyuubi-test
+      - name: Copy spark engine log from kyuubi pod
+        if: failure()
+        run: kubectl cp kyuubi-test:/opt/kyuubi/work ./target/work
       - name: Cat spark driver log
         if: failure()
         run: |
@@ -437,6 +443,7 @@ jobs:
           name: unit-tests-log-kyuubi-on-k8s-it
           path: |
             **/target/unit-tests.log
+            **/target/work/**
 
   spark-on-k8s-it:
     name: Spark Engine On Kubernetes Integration Test
diff --git a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
index 73cb5620a..95e15e6eb 100644
--- a/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
+++ b/integration-tests/kyuubi-kubernetes-it/src/test/scala/org/apache/kyuubi/kubernetes/test/deployment/KyuubiOnKubernetesTestsSuite.scala
@@ -54,7 +54,9 @@ class KyuubiOnKubernetesWithSparkTestsBase extends WithKyuubiServerOnKubernetes
     super.connectionConf ++
       Map(
         "spark.master" -> s"k8s://$miniKubeApiMaster",
+        // We should update spark docker image in ./github/workflows/master.yml at the same time
         "spark.kubernetes.container.image" -> "apache/spark:3.4.1",
+        "spark.kubernetes.container.image.pullPolicy" -> "IfNotPresent",
         "spark.executor.memory" -> "512M",
         "spark.driver.memory" -> "1024M",
         "spark.kubernetes.driver.request.cores" -> "250m",

From 289549f7f3b531cc84bb6887c1b984544604e4fa Mon Sep 17 00:00:00 2001
From: yangming <261635393@qq.com>
Date: Tue, 24 Oct 2023 16:16:29 +0800
Subject: [PATCH 713/760] [KYUUBI #5294] [DOC] Update supported dialects for
 JDBC engine

### _Why are the changes needed?_

As https://github.com/apache/kyuubi/pull/4000 adds the Apache Phoenix support for the JDBC engine without upgrading the configuration's description.

This PR aims to update the outdated configuration description to reflect the capabilities of the Kyuubi JDBC engine.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5294 from ymZhao1001/doc0915.

Closes #5294

8d61c36f9 [yangming] update jdbc doc
d082b4d34 [yangming] run dev/reformat and dev/gen/gen_all_config_docs.sh
5b814d86b [zhaoyangming] add jdbc Phoenix dialect

Lead-authored-by: yangming <261635393@qq.com>
Co-authored-by: zhaoyangming <zhaoyangming@deepexi.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                | 152 +++++++++---------
 .../org/apache/kyuubi/config/KyuubiConf.scala |   5 +-
 2 files changed, 79 insertions(+), 78 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 711954ead..6ec647e5d 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -120,82 +120,82 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Engine
 
-|                           Key                            |          Default          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |   Type   | Since |
-|----------------------------------------------------------|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
-| kyuubi.engine.chat.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Chat engine, for configuring the location of the SDK and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.8.0 |
-| kyuubi.engine.chat.gpt.apiKey                            | &lt;undefined&gt;         | The key to access OpenAI open API, which could be got at https://platform.openai.com/account/api-keys                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.8.0 |
-| kyuubi.engine.chat.gpt.http.connect.timeout              | PT2M                      | The timeout[ms] for establishing the connection with the Chat GPT server. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.8.0 |
-| kyuubi.engine.chat.gpt.http.proxy                        | &lt;undefined&gt;         | HTTP proxy url for API calling in Chat GPT engine. e.g. http://127.0.0.1:1087                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.8.0 |
-| kyuubi.engine.chat.gpt.http.socket.timeout               | PT2M                      | The timeout[ms] for waiting for data packets after Chat GPT server connection is established. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | duration | 1.8.0 |
-| kyuubi.engine.chat.gpt.model                             | gpt-3.5-turbo             | ID of the model used in ChatGPT. Available models refer to OpenAI's [Model overview](https://platform.openai.com/docs/models/overview).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.8.0 |
-| kyuubi.engine.chat.java.options                          | &lt;undefined&gt;         | The extra Java options for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
-| kyuubi.engine.chat.memory                                | 1g                        | The heap memory for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
-| kyuubi.engine.chat.provider                              | ECHO                      | The provider for the Chat engine. Candidates: <ul> <li>ECHO: simply replies a welcome message.</li> <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
-| kyuubi.engine.connection.url.use.hostname                | true                      | (deprecated) When true, the engine registers with hostname to zookeeper. When Spark runs on K8s with cluster mode, set to false to ensure that server can connect to engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | boolean  | 1.3.0 |
-| kyuubi.engine.deregister.exception.classes                                          || A comma-separated list of exception classes. If there is any exception thrown, whose class matches the specified classes, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | set      | 1.2.0 |
-| kyuubi.engine.deregister.exception.messages                                         || A comma-separated list of exception messages. If there is any exception thrown, whose message or stacktrace matches the specified message list, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | set      | 1.2.0 |
-| kyuubi.engine.deregister.exception.ttl                   | PT30M                     | Time to live(TTL) for exceptions pattern specified in kyuubi.engine.deregister.exception.classes and kyuubi.engine.deregister.exception.messages to deregister engines. Once the total error count hits the kyuubi.engine.deregister.job.max.failures within the TTL, an engine will deregister itself and wait for self-terminated. Otherwise, we suppose that the engine has recovered from temporary failures.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | duration | 1.2.0 |
-| kyuubi.engine.deregister.job.max.failures                | 4                         | Number of failures of job before deregistering the engine.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | int      | 1.2.0 |
-| kyuubi.engine.event.json.log.path                        | file:///tmp/kyuubi/events | The location where all the engine events go for the built-in JSON logger.<ul><li>Local Path: start with 'file://'</li><li>HDFS Path: start with 'hdfs://'</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.3.0 |
-| kyuubi.engine.event.loggers                              | SPARK                     | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a subclass of `org.apache.kyuubi.events.handler.CustomEventHandlerProvider` which has a zero-arg constructor.                                                                                                                                                                                                                                                                                                                                                    | seq      | 1.3.0 |
-| kyuubi.engine.flink.application.jars                     | &lt;undefined&gt;         | A comma-separated list of the local jars to be shipped with the job to the cluster. For example, SQL UDF jars. Only effective in yarn application mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.8.0 |
-| kyuubi.engine.flink.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Flink SQL engine, for configuring the location of hadoop client jars, etc. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
-| kyuubi.engine.flink.java.options                         | &lt;undefined&gt;         | The extra Java options for the Flink SQL engine. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.6.0 |
-| kyuubi.engine.flink.memory                               | 1g                        | The heap memory for the Flink SQL engine. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.6.0 |
-| kyuubi.engine.hive.event.loggers                         | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
-| kyuubi.engine.hive.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Hive query engine, for configuring location of the hadoop client jars and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
-| kyuubi.engine.hive.java.options                          | &lt;undefined&gt;         | The extra Java options for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
-| kyuubi.engine.hive.memory                                | 1g                        | The heap memory for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
-| kyuubi.engine.initialize.sql                             | SHOW DATABASES            | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SHOW DATABASES` to eagerly active HiveClient. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.2.0 |
-| kyuubi.engine.jdbc.connection.password                   | &lt;undefined&gt;         | The password is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
-| kyuubi.engine.jdbc.connection.propagateCredential        | false                     | Whether to use the session's user and password to connect to database                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | boolean  | 1.8.0 |
-| kyuubi.engine.jdbc.connection.properties                                            || The additional properties are used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | seq      | 1.6.0 |
-| kyuubi.engine.jdbc.connection.provider                   | &lt;undefined&gt;         | The connection provider is used for getting a connection from the server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.6.0 |
-| kyuubi.engine.jdbc.connection.url                        | &lt;undefined&gt;         | The server url that engine will connect to                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
-| kyuubi.engine.jdbc.connection.user                       | &lt;undefined&gt;         | The user is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
-| kyuubi.engine.jdbc.driver.class                          | &lt;undefined&gt;         | The driver class for JDBC engine connection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
-| kyuubi.engine.jdbc.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the JDBC query engine, for configuring the location of the JDBC driver and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.6.0 |
-| kyuubi.engine.jdbc.initialize.sql                        | SELECT 1                  | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SELECT 1` to eagerly active JDBCClient.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | seq      | 1.8.0 |
-| kyuubi.engine.jdbc.java.options                          | &lt;undefined&gt;         | The extra Java options for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
-| kyuubi.engine.jdbc.memory                                | 1g                        | The heap memory for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
-| kyuubi.engine.jdbc.session.initialize.sql                                           || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | seq      | 1.8.0 |
-| kyuubi.engine.jdbc.type                                  | &lt;undefined&gt;         | The short name of JDBC type                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.6.0 |
-| kyuubi.engine.kubernetes.submit.timeout                  | PT30S                     | The engine submit timeout for Kubernetes application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.7.2 |
-| kyuubi.engine.operation.convert.catalog.database.enabled | true                      | When set to true, The engine converts the JDBC methods of set/get Catalog and set/get Schema to the implementation of different engines                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
-| kyuubi.engine.operation.log.dir.root                     | engine_operation_logs     | Root directory for query operation log at engine-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.4.0 |
-| kyuubi.engine.pool.name                                  | engine-pool               | The name of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.5.0 |
-| kyuubi.engine.pool.selectPolicy                          | RANDOM                    | The select policy of an engine from the corresponding engine pool engine for a session. <ul><li>RANDOM - Randomly use the engine in the pool</li><li>POLLING - Polling use the engine in the pool</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.7.0 |
-| kyuubi.engine.pool.size                                  | -1                        | The size of the engine pool. Note that, if the size is less than 1, the engine pool will not be enabled; otherwise, the size of the engine pool will be min(this, kyuubi.engine.pool.size.threshold).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | int      | 1.4.0 |
-| kyuubi.engine.pool.size.threshold                        | 9                         | This parameter is introduced as a server-side parameter controlling the upper limit of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | int      | 1.4.0 |
-| kyuubi.engine.session.initialize.sql                                                || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | seq      | 1.3.0 |
-| kyuubi.engine.share.level                                | USER                      | Engines will be shared in different levels, available configs are: <ul> <li>CONNECTION: engine will not be shared but only used by the current client connection</li> <li>USER: engine will be shared by all sessions created by a unique username, see also kyuubi.engine.share.level.subdomain</li> <li>GROUP: the engine will be shared by all sessions created by all users belong to the same primary group name. The engine will be launched by the group name as the effective username, so here the group name is in value of special user who is able to visit the computing resources/data of the team. It follows the [Hadoop GroupsMapping](https://reurl.cc/xE61Y5) to map user to a primary group. If the primary group is not found, it fallback to the USER level. <li>SERVER: the App will be shared by Kyuubi servers</li></ul>                                                                                                          | string   | 1.2.0 |
-| kyuubi.engine.share.level.sub.domain                     | &lt;undefined&gt;         | (deprecated) - Using kyuubi.engine.share.level.subdomain instead                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.2.0 |
-| kyuubi.engine.share.level.subdomain                      | &lt;undefined&gt;         | Allow end-users to create a subdomain for the share level of an engine. A subdomain is a case-insensitive string values that must be a valid zookeeper subpath. For example, for the `USER` share level, an end-user can share a certain engine within a subdomain, not for all of its clients. End-users are free to create multiple engines in the `USER` share level. When disable engine pool, use 'default' if absent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.4.0 |
-| kyuubi.engine.single.spark.session                       | false                     | When set to true, this engine is running in a single session mode. All the JDBC/ODBC connections share the temporary views, function registries, SQL configuration and the current database.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | boolean  | 1.3.0 |
-| kyuubi.engine.spark.event.loggers                        | SPARK                     | A comma-separated list of engine loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | seq      | 1.7.0 |
-| kyuubi.engine.spark.python.env.archive                   | &lt;undefined&gt;         | Portable Python env archive used for Spark engine Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.7.0 |
-| kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.7.0 |
-| kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.7.0 |
-| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not visible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.7.1 |
-| kyuubi.engine.trino.connection.keystore.password         | &lt;undefined&gt;         | The keystore password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
-| kyuubi.engine.trino.connection.keystore.path             | &lt;undefined&gt;         | The keystore path used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.8.0 |
-| kyuubi.engine.trino.connection.keystore.type             | &lt;undefined&gt;         | The keystore type used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.8.0 |
-| kyuubi.engine.trino.connection.password                  | &lt;undefined&gt;         | The password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.8.0 |
-| kyuubi.engine.trino.connection.truststore.password       | &lt;undefined&gt;         | The truststore password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.8.0 |
-| kyuubi.engine.trino.connection.truststore.path           | &lt;undefined&gt;         | The truststore path used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
-| kyuubi.engine.trino.connection.truststore.type           | &lt;undefined&gt;         | The truststore type used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | string   | 1.8.0 |
-| kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | seq      | 1.7.0 |
-| kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | string   | 1.6.0 |
-| kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
-| kyuubi.engine.trino.memory                               | 1g                        | The heap memory for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
-| kyuubi.engine.type                                       | SPARK_SQL                 | Specify the detailed engine supported by Kyuubi. The engine type bindings to SESSION scope. This configuration is experimental. Currently, available configs are: <ul> <li>SPARK_SQL: specify this engine type will launch a Spark engine which can provide all the capacity of the Apache Spark. Note, it's a default engine type.</li> <li>FLINK_SQL: specify this engine type will launch a Flink engine which can provide all the capacity of the Apache Flink.</li> <li>TRINO: specify this engine type will launch a Trino engine which can provide all the capacity of the Trino.</li> <li>HIVE_SQL: specify this engine type will launch a Hive engine which can provide all the capacity of the Hive Server2.</li> <li>JDBC: specify this engine type will launch a JDBC engine which can provide a MySQL protocol connector, for now we only support Doris dialect.</li> <li>CHAT: specify this engine type will launch a Chat engine.</li></ul> | string   | 1.4.0 |
-| kyuubi.engine.ui.retainedSessions                        | 200                       | The number of SQL client sessions kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.4.0 |
-| kyuubi.engine.ui.retainedStatements                      | 200                       | The number of statements kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | int      | 1.4.0 |
-| kyuubi.engine.ui.stop.enabled                            | true                      | When true, allows Kyuubi engine to be killed from the Spark Web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | boolean  | 1.3.0 |
-| kyuubi.engine.user.isolated.spark.session                | true                      | When set to false, if the engine is running in a group or server share level, all the JDBC/ODBC connections will be isolated against the user. Including the temporary views, function registries, SQL configuration, and the current database. Note that, it does not affect if the share level is connection or user.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | boolean  | 1.6.0 |
-| kyuubi.engine.user.isolated.spark.session.idle.interval  | PT1M                      | The interval to check if the user-isolated Spark session is timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | duration | 1.6.0 |
-| kyuubi.engine.user.isolated.spark.session.idle.timeout   | PT6H                      | If kyuubi.engine.user.isolated.spark.session is false, we will release the Spark session if its corresponding user is inactive after this configured timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | duration | 1.6.0 |
-| kyuubi.engine.yarn.submit.timeout                        | PT30S                     | The engine submit timeout for YARN application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | duration | 1.7.2 |
+|                           Key                            |          Default          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Meaning                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |   Type   | Since |
+|----------------------------------------------------------|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
+| kyuubi.engine.chat.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Chat engine, for configuring the location of the SDK and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.8.0 |
+| kyuubi.engine.chat.gpt.apiKey                            | &lt;undefined&gt;         | The key to access OpenAI open API, which could be got at https://platform.openai.com/account/api-keys                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.8.0 |
+| kyuubi.engine.chat.gpt.http.connect.timeout              | PT2M                      | The timeout[ms] for establishing the connection with the Chat GPT server. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | duration | 1.8.0 |
+| kyuubi.engine.chat.gpt.http.proxy                        | &lt;undefined&gt;         | HTTP proxy url for API calling in Chat GPT engine. e.g. http://127.0.0.1:1087                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.8.0 |
+| kyuubi.engine.chat.gpt.http.socket.timeout               | PT2M                      | The timeout[ms] for waiting for data packets after Chat GPT server connection is established. A timeout value of zero is interpreted as an infinite timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | duration | 1.8.0 |
+| kyuubi.engine.chat.gpt.model                             | gpt-3.5-turbo             | ID of the model used in ChatGPT. Available models refer to OpenAI's [Model overview](https://platform.openai.com/docs/models/overview).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.8.0 |
+| kyuubi.engine.chat.java.options                          | &lt;undefined&gt;         | The extra Java options for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
+| kyuubi.engine.chat.memory                                | 1g                        | The heap memory for the Chat engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.8.0 |
+| kyuubi.engine.chat.provider                              | ECHO                      | The provider for the Chat engine. Candidates: <ul> <li>ECHO: simply replies a welcome message.</li> <li>GPT: a.k.a ChatGPT, powered by OpenAI.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.8.0 |
+| kyuubi.engine.connection.url.use.hostname                | true                      | (deprecated) When true, the engine registers with hostname to zookeeper. When Spark runs on K8s with cluster mode, set to false to ensure that server can connect to engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | boolean  | 1.3.0 |
+| kyuubi.engine.deregister.exception.classes                                          || A comma-separated list of exception classes. If there is any exception thrown, whose class matches the specified classes, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | set      | 1.2.0 |
+| kyuubi.engine.deregister.exception.messages                                         || A comma-separated list of exception messages. If there is any exception thrown, whose message or stacktrace matches the specified message list, the engine would deregister itself.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | set      | 1.2.0 |
+| kyuubi.engine.deregister.exception.ttl                   | PT30M                     | Time to live(TTL) for exceptions pattern specified in kyuubi.engine.deregister.exception.classes and kyuubi.engine.deregister.exception.messages to deregister engines. Once the total error count hits the kyuubi.engine.deregister.job.max.failures within the TTL, an engine will deregister itself and wait for self-terminated. Otherwise, we suppose that the engine has recovered from temporary failures.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | duration | 1.2.0 |
+| kyuubi.engine.deregister.job.max.failures                | 4                         | Number of failures of job before deregistering the engine.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | int      | 1.2.0 |
+| kyuubi.engine.event.json.log.path                        | file:///tmp/kyuubi/events | The location where all the engine events go for the built-in JSON logger.<ul><li>Local Path: start with 'file://'</li><li>HDFS Path: start with 'hdfs://'</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | string   | 1.3.0 |
+| kyuubi.engine.event.loggers                              | SPARK                     | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: User-defined event handlers.</li></ul> Note that: Kyuubi supports custom event handlers with the Java SPI. To register a custom event handler, the user needs to implement a subclass of `org.apache.kyuubi.events.handler.CustomEventHandlerProvider` which has a zero-arg constructor.                                                                                                                                                                                                                                                                                                                                                                                           | seq      | 1.3.0 |
+| kyuubi.engine.flink.application.jars                     | &lt;undefined&gt;         | A comma-separated list of the local jars to be shipped with the job to the cluster. For example, SQL UDF jars. Only effective in yarn application mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.8.0 |
+| kyuubi.engine.flink.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Flink SQL engine, for configuring the location of hadoop client jars, etc. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
+| kyuubi.engine.flink.java.options                         | &lt;undefined&gt;         | The extra Java options for the Flink SQL engine. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | string   | 1.6.0 |
+| kyuubi.engine.flink.memory                               | 1g                        | The heap memory for the Flink SQL engine. Only effective in yarn session mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | string   | 1.6.0 |
+| kyuubi.engine.hive.event.loggers                         | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | seq      | 1.7.0 |
+| kyuubi.engine.hive.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the Hive query engine, for configuring location of the hadoop client jars and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
+| kyuubi.engine.hive.java.options                          | &lt;undefined&gt;         | The extra Java options for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.engine.hive.memory                                | 1g                        | The heap memory for the Hive query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.6.0 |
+| kyuubi.engine.initialize.sql                             | SHOW DATABASES            | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SHOW DATABASES` to eagerly active HiveClient. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | seq      | 1.2.0 |
+| kyuubi.engine.jdbc.connection.password                   | &lt;undefined&gt;         | The password is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.propagateCredential        | false                     | Whether to use the session's user and password to connect to database                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | boolean  | 1.8.0 |
+| kyuubi.engine.jdbc.connection.properties                                            || The additional properties are used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | seq      | 1.6.0 |
+| kyuubi.engine.jdbc.connection.provider                   | &lt;undefined&gt;         | The connection provider is used for getting a connection from the server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.url                        | &lt;undefined&gt;         | The server url that engine will connect to                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
+| kyuubi.engine.jdbc.connection.user                       | &lt;undefined&gt;         | The user is used for connecting to server                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.6.0 |
+| kyuubi.engine.jdbc.driver.class                          | &lt;undefined&gt;         | The driver class for JDBC engine connection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
+| kyuubi.engine.jdbc.extra.classpath                       | &lt;undefined&gt;         | The extra classpath for the JDBC query engine, for configuring the location of the JDBC driver and etc.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.6.0 |
+| kyuubi.engine.jdbc.initialize.sql                        | SELECT 1                  | SemiColon-separated list of SQL statements to be initialized in the newly created engine before queries. i.e. use `SELECT 1` to eagerly active JDBCClient.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | seq      | 1.8.0 |
+| kyuubi.engine.jdbc.java.options                          | &lt;undefined&gt;         | The extra Java options for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.6.0 |
+| kyuubi.engine.jdbc.memory                                | 1g                        | The heap memory for the JDBC query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | string   | 1.6.0 |
+| kyuubi.engine.jdbc.session.initialize.sql                                           || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | seq      | 1.8.0 |
+| kyuubi.engine.jdbc.type                                  | &lt;undefined&gt;         | The short name of JDBC type                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.6.0 |
+| kyuubi.engine.kubernetes.submit.timeout                  | PT30S                     | The engine submit timeout for Kubernetes application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | duration | 1.7.2 |
+| kyuubi.engine.operation.convert.catalog.database.enabled | true                      | When set to true, The engine converts the JDBC methods of set/get Catalog and set/get Schema to the implementation of different engines                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | boolean  | 1.6.0 |
+| kyuubi.engine.operation.log.dir.root                     | engine_operation_logs     | Root directory for query operation log at engine-side.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.4.0 |
+| kyuubi.engine.pool.name                                  | engine-pool               | The name of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.5.0 |
+| kyuubi.engine.pool.selectPolicy                          | RANDOM                    | The select policy of an engine from the corresponding engine pool engine for a session. <ul><li>RANDOM - Randomly use the engine in the pool</li><li>POLLING - Polling use the engine in the pool</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.7.0 |
+| kyuubi.engine.pool.size                                  | -1                        | The size of the engine pool. Note that, if the size is less than 1, the engine pool will not be enabled; otherwise, the size of the engine pool will be min(this, kyuubi.engine.pool.size.threshold).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | int      | 1.4.0 |
+| kyuubi.engine.pool.size.threshold                        | 9                         | This parameter is introduced as a server-side parameter controlling the upper limit of the engine pool.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | int      | 1.4.0 |
+| kyuubi.engine.session.initialize.sql                                                || SemiColon-separated list of SQL statements to be initialized in the newly created engine session before queries. This configuration can not be used in JDBC url due to the limitation of Beeline/JDBC driver.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | seq      | 1.3.0 |
+| kyuubi.engine.share.level                                | USER                      | Engines will be shared in different levels, available configs are: <ul> <li>CONNECTION: engine will not be shared but only used by the current client connection</li> <li>USER: engine will be shared by all sessions created by a unique username, see also kyuubi.engine.share.level.subdomain</li> <li>GROUP: the engine will be shared by all sessions created by all users belong to the same primary group name. The engine will be launched by the group name as the effective username, so here the group name is in value of special user who is able to visit the computing resources/data of the team. It follows the [Hadoop GroupsMapping](https://reurl.cc/xE61Y5) to map user to a primary group. If the primary group is not found, it fallback to the USER level. <li>SERVER: the App will be shared by Kyuubi servers</li></ul>                                                                                                                                                 | string   | 1.2.0 |
+| kyuubi.engine.share.level.sub.domain                     | &lt;undefined&gt;         | (deprecated) - Using kyuubi.engine.share.level.subdomain instead                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | string   | 1.2.0 |
+| kyuubi.engine.share.level.subdomain                      | &lt;undefined&gt;         | Allow end-users to create a subdomain for the share level of an engine. A subdomain is a case-insensitive string values that must be a valid zookeeper subpath. For example, for the `USER` share level, an end-user can share a certain engine within a subdomain, not for all of its clients. End-users are free to create multiple engines in the `USER` share level. When disable engine pool, use 'default' if absent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | string   | 1.4.0 |
+| kyuubi.engine.single.spark.session                       | false                     | When set to true, this engine is running in a single session mode. All the JDBC/ODBC connections share the temporary views, function registries, SQL configuration and the current database.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | boolean  | 1.3.0 |
+| kyuubi.engine.spark.event.loggers                        | SPARK                     | A comma-separated list of engine loggers, where engine/session/operation etc events go.<ul> <li>SPARK: the events will be written to the Spark listener bus.</li> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | seq      | 1.7.0 |
+| kyuubi.engine.spark.python.env.archive                   | &lt;undefined&gt;         | Portable Python env archive used for Spark engine Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | string   | 1.7.0 |
+| kyuubi.engine.spark.python.env.archive.exec.path         | bin/python                | The Python exec path under the Python env archive.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | string   | 1.7.0 |
+| kyuubi.engine.spark.python.home.archive                  | &lt;undefined&gt;         | Spark archive containing $SPARK_HOME/python directory, which is used to init session Python worker for Python language mode.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.7.0 |
+| kyuubi.engine.submit.timeout                             | PT30S                     | Period to tolerant Driver Pod ephemerally invisible after submitting. In some Resource Managers, e.g. K8s, the Driver Pod is not visible immediately after `spark-submit` is returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | duration | 1.7.1 |
+| kyuubi.engine.trino.connection.keystore.password         | &lt;undefined&gt;         | The keystore password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.keystore.path             | &lt;undefined&gt;         | The keystore path used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.keystore.type             | &lt;undefined&gt;         | The keystore type used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.password                  | &lt;undefined&gt;         | The password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.truststore.password       | &lt;undefined&gt;         | The truststore password used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.truststore.path           | &lt;undefined&gt;         | The truststore path used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.8.0 |
+| kyuubi.engine.trino.connection.truststore.type           | &lt;undefined&gt;         | The truststore type used for connecting to trino cluster                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | string   | 1.8.0 |
+| kyuubi.engine.trino.event.loggers                        | JSON                      | A comma-separated list of engine history loggers, where engine/session/operation etc events go.<ul> <li>JSON: the events will be written to the location of kyuubi.engine.event.json.log.path</li> <li>JDBC: to be done</li> <li>CUSTOM: to be done.</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | seq      | 1.7.0 |
+| kyuubi.engine.trino.extra.classpath                      | &lt;undefined&gt;         | The extra classpath for the Trino query engine, for configuring other libs which may need by the Trino engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | string   | 1.6.0 |
+| kyuubi.engine.trino.java.options                         | &lt;undefined&gt;         | The extra Java options for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | string   | 1.6.0 |
+| kyuubi.engine.trino.memory                               | 1g                        | The heap memory for the Trino query engine                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | string   | 1.6.0 |
+| kyuubi.engine.type                                       | SPARK_SQL                 | Specify the detailed engine supported by Kyuubi. The engine type bindings to SESSION scope. This configuration is experimental. Currently, available configs are: <ul> <li>SPARK_SQL: specify this engine type will launch a Spark engine which can provide all the capacity of the Apache Spark. Note, it's a default engine type.</li> <li>FLINK_SQL: specify this engine type will launch a Flink engine which can provide all the capacity of the Apache Flink.</li> <li>TRINO: specify this engine type will launch a Trino engine which can provide all the capacity of the Trino.</li> <li>HIVE_SQL: specify this engine type will launch a Hive engine which can provide all the capacity of the Hive Server2.</li> <li>JDBC: specify this engine type will launch a JDBC engine which can forward  queries to the database system through the certain JDBC driver,  for now, it supports Doris and Phoenix.</li> <li>CHAT: specify this engine type will launch a Chat engine.</li></ul> | string   | 1.4.0 |
+| kyuubi.engine.ui.retainedSessions                        | 200                       | The number of SQL client sessions kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | int      | 1.4.0 |
+| kyuubi.engine.ui.retainedStatements                      | 200                       | The number of statements kept in the Kyuubi Query Engine web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | int      | 1.4.0 |
+| kyuubi.engine.ui.stop.enabled                            | true                      | When true, allows Kyuubi engine to be killed from the Spark Web UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | boolean  | 1.3.0 |
+| kyuubi.engine.user.isolated.spark.session                | true                      | When set to false, if the engine is running in a group or server share level, all the JDBC/ODBC connections will be isolated against the user. Including the temporary views, function registries, SQL configuration, and the current database. Note that, it does not affect if the share level is connection or user.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | boolean  | 1.6.0 |
+| kyuubi.engine.user.isolated.spark.session.idle.interval  | PT1M                      | The interval to check if the user-isolated Spark session is timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | duration | 1.6.0 |
+| kyuubi.engine.user.isolated.spark.session.idle.timeout   | PT6H                      | If kyuubi.engine.user.isolated.spark.session is false, we will release the Spark session if its corresponding user is inactive after this configured timeout.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | duration | 1.6.0 |
+| kyuubi.engine.yarn.submit.timeout                        | PT30S                     | The engine submit timeout for YARN application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | duration | 1.7.2 |
 
 ### Event
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index d96f536a8..a5c0aee0a 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2013,8 +2013,9 @@ object KyuubiConf {
       " all the capacity of the Trino.</li>" +
       " <li>HIVE_SQL: specify this engine type will launch a Hive engine which can provide" +
       " all the capacity of the Hive Server2.</li>" +
-      " <li>JDBC: specify this engine type will launch a JDBC engine which can provide" +
-      " a MySQL protocol connector, for now we only support Doris dialect.</li>" +
+      " <li>JDBC: specify this engine type will launch a JDBC engine which can forward " +
+      " queries to the database system through the certain JDBC driver, " +
+      " for now, it supports Doris and Phoenix.</li>" +
       " <li>CHAT: specify this engine type will launch a Chat engine.</li>" +
       "</ul>")
     .version("1.4.0")

From 9a409956a1566220867518ee60bf60e20dc5636c Mon Sep 17 00:00:00 2001
From: liupeiyue <liupeiyue@yy.com>
Date: Tue, 24 Oct 2023 16:19:44 +0800
Subject: [PATCH 714/760] [KYUUBI #5282] Support configure Trino session conf
 in `kyuubi-default.conf`

### _Why are the changes needed?_

Refer to spark and flink settings conf,  support configure Trino session conf in kyuubi-default.conf
issue : https://github.com/apache/kyuubi/issues/5282

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5283 from ASiegeLion/kyuubi-master-trino.

Closes #5282

87a3f57b4 [Cheng Pan] Apply suggestions from code review
effdd79f4 [liupeiyue] [KYUUBI #5282]Add trino's session conf to kyuubi-default.xml
399a200f7 [liupeiyue] [KYUUBI #5282]Add trino's session conf to kyuubi-default.xml
7462b32c2 [liupeiyue] [KYUUBI #5282]Add trino's session conf to kyuubi-default.xml--Update documentation
5295f5f94 [liupeiyue] [KYUUBI #5282]Add trino's session conf to kyuubi-default.xml

Lead-authored-by: liupeiyue <liupeiyue@yy.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                | 27 +++++++++++++++++
 .../trino/session/TrinoSessionImpl.scala      | 12 +++++++-
 .../config/AllKyuubiConfiguration.scala       | 30 +++++++++++++++++++
 3 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 6ec647e5d..66fa45578 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -534,6 +534,33 @@ Setting them in the JDBC Connection URL supplies session-specific for each SQL e
 
 Please refer to the Flink official online documentation for [SET Statements](https://nightlies.apache.org/flink/flink-docs-stable/docs/dev/table/sql/set/)
 
+## Trino Configurations
+
+### Via config.properties
+
+Setting them in `$TRINO_HOME/etc/config.properties` supplies with default values for SQL engine application. Available properties can be found at Trino official online documentation for [Trino Configurations](https://trino.io/docs/current/admin/properties.html)
+
+### Via kyuubi-defaults.conf
+
+Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf` supplies with default values for SQL engine application too. You can use properties with the additional prefix `trino.` to override settings in `$TRINO_HOME/etc/config.properties`.
+
+For example:
+
+```
+trino.query_max_stage_count 500
+trino.parse_decimal_literals_as_double true
+```
+
+The below options in `kyuubi-defaults.conf` will set `query_max_stage_count: 500` and `parse_decimal_literals_as_double: true` into trino session properties.
+
+### Via JDBC Connection URL
+
+Setting them in the JDBC Connection URL supplies session-specific for each SQL engine. For example: ```jdbc:hive2://localhost:10009/default;#trino.query_max_stage_count=500;trino.parse_decimal_literals_as_double=true```
+
+### Via SET Statements
+
+Please refer to the Trino official online documentation for [SET Statements](https://trino.io/docs/current/sql/set-session.html)
+
 ## Logging
 
 Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`, see `$KYUUBI_HOME/conf/log4j2.xml.template` as an example.
diff --git a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index 362ee3ed0..0b3ac01a9 100644
--- a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++ b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -22,6 +22,8 @@ import java.time.ZoneId
 import java.util.{Collections, Locale, Optional}
 import java.util.concurrent.TimeUnit
 
+import scala.collection.JavaConverters._
+
 import io.airlift.units.Duration
 import io.trino.client.ClientSession
 import io.trino.client.OkHttpUtil
@@ -89,6 +91,8 @@ class TrinoSessionImpl(
 
     val clientRequestTimeout = sessionConf.get(TrinoConf.CLIENT_REQUEST_TIMEOUT)
 
+    val properties = getTrinoSessionConf(sessionConf).asJava
+
     new ClientSession(
       URI.create(connectionUrl),
       username,
@@ -104,7 +108,7 @@ class TrinoSessionImpl(
       Locale.getDefault,
       Collections.emptyMap(),
       Collections.emptyMap(),
-      Collections.emptyMap(),
+      properties,
       Collections.emptyMap(),
       Collections.emptyMap(),
       null,
@@ -170,6 +174,12 @@ class TrinoSessionImpl(
     resultSet.next().head.toString
   }
 
+  private def getTrinoSessionConf(sessionConf: KyuubiConf): Map[String, String] = {
+    val trinoSessionConf = sessionConf.getAll.filterKeys(_.startsWith("trino."))
+      .map { case (k, v) => (k.stripPrefix("trino."), v) }
+    trinoSessionConf.toMap
+  }
+
   override def close(): Unit = {
     sessionEvent.endTime = System.currentTimeMillis()
     EventBus.post(sessionEvent)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
index f53fb3a61..8c0806ba3 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/config/AllKyuubiConfiguration.scala
@@ -177,6 +177,36 @@ class AllKyuubiConfiguration extends KyuubiFunSuite {
       """Please refer to the Flink official online documentation for [SET Statements]
         |(https://nightlies.apache.org/flink/flink-docs-stable/docs/dev/table/sql/set/)"""
 
+    builder ++=
+      """## Trino Configurations
+        |### Via config.properties""" += """Setting them in `$TRINO_HOME/etc/config.properties`
+        |
+        | supplies with default values for SQL engine application.
+        | Available properties can be found at Trino official online documentation for
+        | [Trino Configurations]
+        |(https://trino.io/docs/current/admin/properties.html)""" +=
+      "### Via kyuubi-defaults.conf" +=
+      """Setting them in `$KYUUBI_HOME/conf/kyuubi-defaults.conf`
+        | supplies with default values for SQL engine application too.
+        | You can use properties with the additional prefix `trino.` to override settings in
+        | `$TRINO_HOME/etc/config.properties`.""" ++=
+      """
+        |For example:
+        |```
+        |trino.query_max_stage_count 500
+        |trino.parse_decimal_literals_as_double true
+        |```""" +=
+      """The below options in `kyuubi-defaults.conf` will set `query_max_stage_count: 500`
+        | and `parse_decimal_literals_as_double: true` into trino session properties.""" +=
+      "### Via JDBC Connection URL" +=
+      """Setting them in the JDBC Connection URL supplies session-specific
+        | for each SQL engine. For example: ```jdbc:hive2://localhost:10009/default;
+        |#trino.query_max_stage_count=500;trino.parse_decimal_literals_as_double=true```
+        |""" +=
+      "### Via SET Statements" +=
+      """Please refer to the Trino official online documentation for [SET Statements]
+        |(https://trino.io/docs/current/sql/set-session.html)"""
+
     builder += "## Logging" +=
       """Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging.
         | You can configure it using `$KYUUBI_HOME/conf/log4j2.xml`, see

From 5eba900ed124fcb9c684bb11f86c384c143d5fdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BC=9F=E7=A8=8B?= <cheng1483x@gmail.com>
Date: Tue, 24 Oct 2023 16:22:16 +0800
Subject: [PATCH 715/760] [KYUUBI #5212] Fix configuration errors causing by
 helm charts of prometheus services
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

This bug will affect k8s deployments.

https://github.com/apache/kyuubi/issues/5212

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5281 from FourSpaces/fix_k8s_deployment_error.

Closes #5212

484da7e97 [伟程] Remove the monitoring.prometheus.server node that is not being used temporarily
90396c17f [伟程] Specification format
1773c7cd0 [wei.cheng] Separate the configuration of Prometheus from other components.
59159eb7b [伟程] Fix configuration errors causing by k8s deployment of prometheus services.

Lead-authored-by: 伟程 <cheng1483x@gmail.com>
Co-authored-by: wei.cheng <cheng1483x@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 charts/kyuubi/templates/kyuubi-alert.yaml            | 2 +-
 charts/kyuubi/templates/kyuubi-configmap.yaml        | 2 +-
 charts/kyuubi/templates/kyuubi-headless-service.yaml | 5 +++++
 charts/kyuubi/templates/kyuubi-podmonitor.yaml       | 2 +-
 charts/kyuubi/templates/kyuubi-servicemonitor.yaml   | 2 +-
 charts/kyuubi/templates/kyuubi-statefulset.yaml      | 4 ++++
 charts/kyuubi/values.yaml                            | 6 +-----
 7 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/charts/kyuubi/templates/kyuubi-alert.yaml b/charts/kyuubi/templates/kyuubi-alert.yaml
index 8637e9e03..89fd11dc7 100644
--- a/charts/kyuubi/templates/kyuubi-alert.yaml
+++ b/charts/kyuubi/templates/kyuubi-alert.yaml
@@ -15,7 +15,7 @@
   limitations under the License.
 */}}
 
-{{- if and .Values.server.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.prometheusRule.enabled }}
+{{- if and .Values.monitoring.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.prometheusRule.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
diff --git a/charts/kyuubi/templates/kyuubi-configmap.yaml b/charts/kyuubi/templates/kyuubi-configmap.yaml
index 1e5e195d3..62413567d 100644
--- a/charts/kyuubi/templates/kyuubi-configmap.yaml
+++ b/charts/kyuubi/templates/kyuubi-configmap.yaml
@@ -38,7 +38,7 @@ data:
     kyuubi.frontend.protocols={{ include "kyuubi.frontend.protocols" . }}
 
     # Kyuubi Metrics
-    kyuubi.metrics.enabled={{ .Values.server.prometheus.enabled }}
+    kyuubi.metrics.enabled={{ .Values.monitoring.prometheus.enabled }}
     kyuubi.metrics.reporters={{ .Values.metricsReporters }}
 
     ## User provided Kyuubi configurations
diff --git a/charts/kyuubi/templates/kyuubi-headless-service.yaml b/charts/kyuubi/templates/kyuubi-headless-service.yaml
index 895859bac..fa04ffeef 100644
--- a/charts/kyuubi/templates/kyuubi-headless-service.yaml
+++ b/charts/kyuubi/templates/kyuubi-headless-service.yaml
@@ -30,6 +30,11 @@ spec:
       port: {{ tpl $frontend.service.port $ }}
       targetPort: {{ $frontend.port }}
     {{- end }}
+    {{- if .Values.monitoring.prometheus.enabled }}
+    - name: prometheus
+      port: {{ .Values.monitoring.prometheus.port }}
+      targetPort: {{ .Values.monitoring.prometheus.port }}
+    {{- end }}
   selector:
     {{- include "kyuubi.selectorLabels" $ | nindent 4 }}
 
diff --git a/charts/kyuubi/templates/kyuubi-podmonitor.yaml b/charts/kyuubi/templates/kyuubi-podmonitor.yaml
index ea0f76214..458ff66ed 100644
--- a/charts/kyuubi/templates/kyuubi-podmonitor.yaml
+++ b/charts/kyuubi/templates/kyuubi-podmonitor.yaml
@@ -15,7 +15,7 @@
   limitations under the License.
 */}}
 
-{{- if and .Values.server.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.podMonitor.enabled }}
+{{- if and .Values.monitoring.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.podMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
diff --git a/charts/kyuubi/templates/kyuubi-servicemonitor.yaml b/charts/kyuubi/templates/kyuubi-servicemonitor.yaml
index 7d997fc11..11098a0ea 100644
--- a/charts/kyuubi/templates/kyuubi-servicemonitor.yaml
+++ b/charts/kyuubi/templates/kyuubi-servicemonitor.yaml
@@ -15,7 +15,7 @@
   limitations under the License.
 */}}
 
-{{- if and .Values.server.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.serviceMonitor.enabled }}
+{{- if and .Values.monitoring.prometheus.enabled (eq .Values.metricsReporters "PROMETHEUS") .Values.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
diff --git a/charts/kyuubi/templates/kyuubi-statefulset.yaml b/charts/kyuubi/templates/kyuubi-statefulset.yaml
index 626796a78..309ef8ec9 100644
--- a/charts/kyuubi/templates/kyuubi-statefulset.yaml
+++ b/charts/kyuubi/templates/kyuubi-statefulset.yaml
@@ -75,6 +75,10 @@ spec:
               containerPort: {{ $frontend.port }}
             {{- end }}
             {{- end }}
+            {{- if .Values.monitoring.prometheus.enabled }}
+            - name: prometheus
+              containerPort: {{ .Values.monitoring.prometheus.port }}
+            {{- end }}
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             exec:
diff --git a/charts/kyuubi/values.yaml b/charts/kyuubi/values.yaml
index cfc79fae5..faa854b10 100644
--- a/charts/kyuubi/values.yaml
+++ b/charts/kyuubi/values.yaml
@@ -116,15 +116,11 @@ server:
       nodePort: ~
       annotations: {}
 
+monitoring:
   # Exposes metrics in Prometheus format
   prometheus:
     enabled: true
     port: 10019
-    service:
-      type: ClusterIP
-      port: "{{ .Values.server.prometheus.port }}"
-      nodePort: ~
-      annotations: {}
 
 # $KYUUBI_CONF_DIR directory
 kyuubiConfDir: /opt/kyuubi/conf

From 71a45298b80d839a4b4c316607c14f6452ea5172 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Tue, 24 Oct 2023 21:34:42 +0800
Subject: [PATCH 716/760] [KYUUBI #5499][KYUUBI #2503] Catch any exception when
 closing idle session

### _Why are the changes needed?_

Now only the KyuubiSQLException is caught when closing idle session, we wonder some exception is not caught and cause the session timeout checkTask exit.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5515 from turboFei/catch_check_task.

Closes #5499

Closes #2503

861248818 [fwang12] nonfatal
d4dbbfa17 [fwang12] catch exception

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/scala/org/apache/kyuubi/session/SessionManager.scala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
index 6cf1f082b..a83335102 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala
@@ -23,6 +23,7 @@ import java.util.concurrent.{ConcurrentHashMap, Future, ThreadPoolExecutor, Time
 
 import scala.collection.JavaConverters._
 import scala.concurrent.duration.Duration
+import scala.util.control.NonFatal
 
 import org.apache.hive.service.rpc.thrift.TProtocolVersion
 
@@ -312,8 +313,7 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
               try {
                 closeSession(session.handle)
               } catch {
-                case e: KyuubiSQLException =>
-                  warn(s"Error closing idle session ${session.handle}", e)
+                case NonFatal(e) => warn(s"Error closing idle session ${session.handle}", e)
               }
             } else {
               session.closeExpiredOperations()

From aecef5c6e11dbde29d5fccae439a3cdc2215d13f Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Tue, 24 Oct 2023 21:36:38 +0800
Subject: [PATCH 717/760] [KYUUBI #5512] [AuthZ] Remove the non-existent query
 specs in Deletes and Updates

### _Why are the changes needed?_

This PR removes the non-existent query specs in DeleteFromTable and UpdateTable, and all its derives, such as iceberg and hudi.

Timely stop abuse.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

no

Closes #5512 from yaooqinn/du.

Closes #5512

627768666 [Kent Yao] [AuthZ] Remove the non-existent query spec in Deletes and Updates

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../main/resources/table_command_spec.json    | 30 ++++---------------
 .../plugin/spark/authz/gen/HudiCommands.scala |  4 +--
 .../spark/authz/gen/IcebergCommands.scala     |  2 +-
 .../spark/authz/gen/TableCommands.scala       |  2 +-
 4 files changed, 10 insertions(+), 28 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index f4d5eb60a..f5e64f0cb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -226,10 +226,7 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DeleteFromTable",
   "tableDescs" : [ {
@@ -247,10 +244,7 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DescribeRelation",
   "tableDescs" : [ {
@@ -658,10 +652,7 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.UpdateTable",
   "tableDescs" : [ {
@@ -679,10 +670,7 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableAddColumnsCommand",
   "tableDescs" : [ {
@@ -1652,10 +1640,7 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.DropHoodieTableCommand",
   "tableDescs" : [ {
@@ -1795,8 +1780,5 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "query",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  "queryDescs" : [ ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 7909bef9b..62799a9f8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -174,7 +174,7 @@ object HudiCommands {
         "dft",
         classOf[HudiDataSourceV2RelationTableExtractor],
         actionTypeDesc = Some(actionTypeDesc))
-    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
+    TableCommandSpec(cmd, Seq(tableDesc))
   }
 
   val UpdateHoodieTableCommand = {
@@ -185,7 +185,7 @@ object HudiCommands {
         "ut",
         classOf[HudiDataSourceV2RelationTableExtractor],
         actionTypeDesc = Some(actionTypeDesc))
-    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
+    TableCommandSpec(cmd, Seq(tableDesc))
   }
 
   val MergeIntoHoodieTableCommand = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
index 355143c40..fb195b455 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
@@ -31,7 +31,7 @@ object IcebergCommands {
         "table",
         classOf[DataSourceV2RelationTableExtractor],
         actionTypeDesc = Some(actionTypeDesc))
-    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(QueryDesc("query")))
+    TableCommandSpec(cmd, Seq(tableDesc))
   }
 
   val UpdateIcebergTable = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index cf7fae0d8..9893953af 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -276,7 +276,7 @@ object TableCommands {
         "table",
         classOf[DataSourceV2RelationTableExtractor],
         actionTypeDesc = Some(actionTypeDesc))
-    TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryQueryDesc))
+    TableCommandSpec(cmd, Seq(tableDesc))
   }
 
   val DeleteFromTable = {

From 5cff4fb98cdc8d8a8d9a1c289a17a17a52a787e5 Mon Sep 17 00:00:00 2001
From: weixi <weixi62961@outlook.com>
Date: Wed, 25 Oct 2023 01:08:29 +0800
Subject: [PATCH 718/760] [KYUUBI #5380][UT] Create PySpark batch jobs tests
 for RESTful API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

To close #5380.

As PySpark jobs become popular approach for data exploring and processing, we need to create tests for creating PySpark jobs.

According the existing Spark Jar unit tests, two PySpark job unit test were added, they are all simple PI computing jobs from Spark examples.

#### case1, "pyspark submit - basic batch rest client with existing resource file"
It's almost same with the spark jar job test case, except the following two points:
1. param `batchType` should be set to `PYSPARK`, not `SPARK`.  please refer to #3836 for detailed information.
2. For PySpark job，param `className` is useless， should be set to null

#### case2, "pyspark submit - basic batch rest client with uploading resource file"

Through the two test cases, simple PySpark jobs can be submitted normally.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5498 from weixi62961/unittest-batchapi-pyspark-simple.

Closes #5380

b693efc1b [Bowen Liang] simplify sparkBatchTestResource
72a92b5ee [Bowen Liang] Update kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/PySparkBatchRestApiSuite.scala
b2035a3b2 [weixi] remove no necessary wrapper object "PySparkJobPI"
27d12e8bc [weixi] rename from BatchRestApiPySparkSuite to PySparkBatchRestApiSuite
e680e604a [weixi] Create a dedicated batch API suite for PySpark jobs.
dc8b6bfa1 [weixi] add 2 test cases for pyspark batch job submit.

Lead-authored-by: weixi <weixi62961@outlook.com>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../org/apache/kyuubi/BatchTestHelper.scala   |  4 +-
 .../client/PySparkBatchRestApiSuite.scala     | 79 +++++++++++++++++++
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/PySparkBatchRestApiSuite.scala

diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/BatchTestHelper.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/BatchTestHelper.scala
index 27298dbf1..f49ebbeb1 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/BatchTestHelper.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/BatchTestHelper.scala
@@ -26,6 +26,8 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.engine.spark.SparkProcessBuilder
 
 trait BatchTestHelper {
+  val sparkBatchTestBatchType = "SPARK"
+
   val sparkBatchTestMainClass = "org.apache.spark.examples.SparkPi"
 
   val sparkBatchTestAppName = "Spark Pi" // the app name is hard coded in spark example code
@@ -56,7 +58,7 @@ trait BatchTestHelper {
       conf: Map[String, String] = Map.empty,
       args: Seq[String] = Seq.empty): BatchRequest = {
     newBatchRequest(
-      "SPARK",
+      sparkBatchTestBatchType,
       sparkBatchTestResource.get,
       sparkBatchTestMainClass,
       sparkBatchTestAppName,
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/PySparkBatchRestApiSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/PySparkBatchRestApiSuite.scala
new file mode 100644
index 000000000..8e33eb382
--- /dev/null
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/rest/client/PySparkBatchRestApiSuite.scala
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.rest.client
+
+import java.nio.file.Paths
+
+import org.apache.kyuubi.{BatchTestHelper, RestClientTestHelper}
+import org.apache.kyuubi.client.{BatchRestApi, KyuubiRestClient}
+import org.apache.kyuubi.client.api.v1.dto.Batch
+import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.engine.spark.SparkProcessBuilder
+
+class PySparkBatchRestApiSuite extends RestClientTestHelper with BatchTestHelper {
+  override val sparkBatchTestBatchType: String = "PYSPARK"
+  override val sparkBatchTestMainClass: String = null // For PySpark, mainClass isn't needed.
+  override val sparkBatchTestAppName: String = "PythonPi"
+  override val sparkBatchTestResource: Option[String] = {
+    val sparkProcessBuilder = new SparkProcessBuilder("kyuubi", KyuubiConf())
+    val piScript =
+      Paths.get(sparkProcessBuilder.sparkHome, "examples/src/main/python/pi.py")
+    Some(piScript.toAbsolutePath.toString)
+  }
+
+  test("pyspark submit - basic batch rest client with existing resource file") {
+    val basicKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.BASIC)
+        .username(ldapUser)
+        .password(ldapUserPasswd)
+        .socketTimeout(30000)
+        .build()
+    val batchRestApi: BatchRestApi = new BatchRestApi(basicKyuubiRestClient)
+
+    val requestObj = newSparkBatchRequest(
+      conf = Map("spark.master" -> "local"),
+      args = Seq("10"))
+    val batch: Batch = batchRestApi.createBatch(requestObj)
+
+    assert(batch.getKyuubiInstance === fe.connectionUrl)
+    assert(batch.getBatchType === "PYSPARK")
+    basicKyuubiRestClient.close()
+  }
+
+  test("pyspark submit - basic batch rest client with uploading resource file") {
+    val basicKyuubiRestClient: KyuubiRestClient =
+      KyuubiRestClient.builder(baseUri.toString)
+        .authHeaderMethod(KyuubiRestClient.AuthHeaderMethod.BASIC)
+        .username(ldapUser)
+        .password(ldapUserPasswd)
+        .socketTimeout(30000)
+        .build()
+    val batchRestApi: BatchRestApi = new BatchRestApi(basicKyuubiRestClient)
+
+    val requestObj = newSparkBatchRequest(
+      conf = Map("spark.master" -> "local"),
+      args = Seq("10"))
+    val resourceFile = Paths.get(sparkBatchTestResource.get).toFile
+    val batch: Batch = batchRestApi.createBatch(requestObj, resourceFile)
+
+    assert(batch.getKyuubiInstance === fe.connectionUrl)
+    assert(batch.getBatchType === "PYSPARK")
+    basicKyuubiRestClient.close()
+  }
+}

From f4f54666dea6aa5921740ad198acb44078bb4ec9 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Wed, 25 Oct 2023 13:33:53 +0800
Subject: [PATCH 719/760] [KYUUBI #5446][AUTHZ] Support Create/Drop/Show/Reresh
 index command for Hudi

### _Why are the changes needed?_
To close #5446. Kyuubi authz support Create/Drop/Show/Reresh index based command

IndexBasedCommand SQL grammer is in https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark/src/main/antlr4/org/apache/hudi/spark/sql/parser/HoodieSqlCommon.g4

Below command under https://github.com/apache/hudi/blob/master/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/IndexCommands.scala

- CreateIndexCommand
- DropIndexCommand
- RefreshIndexCommand
- ShowIndexesCommand

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5448 from AngersZhuuuu/KYUUBI-5446.

Closes #5446

1be056127 [Angerszhuuuu] Update ObjectType.scala
c4ae073f0 [Angerszhuuuu] follow comment
ed1544e62 [Angerszhuuuu] Update
214bb86b2 [Angerszhuuuu] Update OperationType.scala
97cb0f860 [Angerszhuuuu] Update PrivilegeObject.scala
bc65abdbe [Angerszhuuuu] update
0e6f6dffe [Angerszhuuuu] Update
4019f45e4 [Angerszhuuuu] update
dc9188ded [Angerszhuuuu] update
f9a398c14 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5446
52f67e942 [Angerszhuuuu] update
bed945e91 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5446
f174ef269 [Angerszhuuuu] Update table_command_spec.json
476453168 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5446
a78425b46 [Angerszhuuuu] Update HudiCommands.scala
81881db6f [Angerszhuuuu] Update HudiCommands.scala
544a4433c [Angerszhuuuu] Update HudiCommands.scala
aed91cd78 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5446
9632886d1 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
c404fd780 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
e70c8f1e3 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
fefb021a1 [Angerszhuuuu] Update table_command_spec.json
ab8b96dfd [Angerszhuuuu] Merge branch 'master' into KYUUBI-5446
fcb3d45a0 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
b1657d931 [Angerszhuuuu] follow comment
0222e0238 [Angerszhuuuu] [KYUUBI-5446][AUTHZ] Support Create/Drop/Show/Reresh index command

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../main/resources/table_command_spec.json    | 56 +++++++++++++++++++
 .../plugin/spark/authz/ObjectType.scala       |  3 +-
 .../plugin/spark/authz/OperationType.scala    |  7 ++-
 .../spark/authz/ranger/AccessResource.scala   |  2 +-
 .../spark/authz/ranger/AccessType.scala       |  9 ++-
 .../plugin/spark/authz/gen/HudiCommands.scala | 28 ++++++++++
 ...HudiCatalogRangerSparkExtensionSuite.scala | 55 ++++++++++++++++++
 7 files changed, 153 insertions(+), 7 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index f5e64f0cb..ea6e27576 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1623,6 +1623,20 @@
   } ],
   "opType" : "CREATETABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CreateIndexCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "CREATEINDEX",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.DeleteHoodieTableCommand",
   "tableDescs" : [ {
@@ -1659,6 +1673,20 @@
   } ],
   "opType" : "DROPTABLE",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.DropIndexCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "DROPINDEX",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.InsertIntoHoodieTableCommand",
   "tableDescs" : [ {
@@ -1701,6 +1729,20 @@
     "fieldName" : "mergeInto",
     "fieldExtractor" : "HudiMergeIntoSourceTableExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.RefreshIndexCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERINDEX_REBUILD",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.RepairHoodieTableCommand",
   "tableDescs" : [ {
@@ -1732,6 +1774,20 @@
   } ],
   "opType" : "SHOWPARTITIONS",
   "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.ShowIndexesCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : true,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "SHOWINDEXES",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala
index 39f03147e..c94bf4f8d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala
@@ -23,11 +23,12 @@ object ObjectType extends Enumeration {
 
   type ObjectType = Value
 
-  val DATABASE, TABLE, VIEW, COLUMN, FUNCTION = Value
+  val DATABASE, TABLE, VIEW, COLUMN, FUNCTION, INDEX = Value
 
   def apply(obj: PrivilegeObject, opType: OperationType): ObjectType = {
     obj.privilegeObjectType match {
       case PrivilegeObjectType.DATABASE => DATABASE
+      case PrivilegeObjectType.TABLE_OR_VIEW if opType.toString.contains("INDEX") => INDEX
       case PrivilegeObjectType.TABLE_OR_VIEW if obj.columns.nonEmpty => COLUMN
       case PrivilegeObjectType.TABLE_OR_VIEW if opType.toString.contains("VIEW") => VIEW
       case PrivilegeObjectType.TABLE_OR_VIEW => TABLE
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/OperationType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/OperationType.scala
index 046ab3e2a..3f2062b20 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/OperationType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/OperationType.scala
@@ -20,7 +20,8 @@ package org.apache.kyuubi.plugin.spark.authz
 object OperationType extends Enumeration {
 
   type OperationType = Value
-
+  // According to https://scalameta.org/scalafmt/docs/known-issues.html
+  // format: off
   val ALTERDATABASE, ALTERDATABASE_LOCATION, ALTERTABLE_ADDCOLS, ALTERTABLE_ADDPARTS,
       ALTERTABLE_RENAMECOL, ALTERTABLE_REPLACECOLS, ALTERTABLE_DROPPARTS, ALTERTABLE_RENAMEPART,
       ALTERTABLE_RENAME, ALTERTABLE_PROPERTIES, ALTERTABLE_SERDEPROPERTIES, ALTERTABLE_LOCATION,
@@ -28,5 +29,7 @@ object OperationType extends Enumeration {
       CREATETABLE_AS_SELECT, CREATEFUNCTION, CREATEVIEW, DESCDATABASE, DESCFUNCTION, DESCTABLE,
       DROPDATABASE, DROPFUNCTION, DROPTABLE, DROPVIEW, EXPLAIN, LOAD, MSCK, QUERY, RELOADFUNCTION,
       SHOWCONF, SHOW_CREATETABLE, SHOWCOLUMNS, SHOWDATABASES, SHOWFUNCTIONS, SHOWPARTITIONS,
-      SHOWTABLES, SHOW_TBLPROPERTIES, SWITCHDATABASE, TRUNCATETABLE = Value
+      SHOWTABLES, SHOW_TBLPROPERTIES, SWITCHDATABASE, TRUNCATETABLE,
+      CREATEINDEX, DROPINDEX, ALTERINDEX_REBUILD, SHOWINDEXES = Value
+  // format: on
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala
index 47a0292c7..23cd87b27 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala
@@ -57,7 +57,7 @@ object AccessResource {
         resource.setValue("database", firstLevelResource)
         resource.setValue("table", secondLevelResource)
         resource.setValue("column", thirdLevelResource)
-      case TABLE | VIEW => // fixme spark have added index support
+      case TABLE | VIEW | INDEX =>
         resource.setValue("database", firstLevelResource)
         resource.setValue("table", secondLevelResource)
     }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
index c0b7d2a03..d533d638b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
@@ -25,7 +25,7 @@ object AccessType extends Enumeration {
 
   type AccessType = Value
 
-  val NONE, CREATE, ALTER, DROP, SELECT, UPDATE, USE, READ, WRITE, ALL, ADMIN = Value
+  val NONE, CREATE, ALTER, DROP, SELECT, UPDATE, USE, READ, WRITE, ALL, ADMIN, INDEX = Value
 
   def apply(obj: PrivilegeObject, opType: OperationType, isInput: Boolean): AccessType = {
     obj.actionType match {
@@ -48,14 +48,16 @@ object AccessType extends Enumeration {
               ALTERTABLE_REPLACECOLS |
               ALTERTABLE_SERDEPROPERTIES |
               ALTERVIEW_RENAME |
-              MSCK => ALTER
+              MSCK |
+              ALTERINDEX_REBUILD => ALTER
           case ALTERVIEW_AS => if (isInput) SELECT else ALTER
-          case DROPDATABASE | DROPTABLE | DROPFUNCTION | DROPVIEW => DROP
+          case DROPDATABASE | DROPTABLE | DROPFUNCTION | DROPVIEW | DROPINDEX => DROP
           case LOAD => if (isInput) SELECT else UPDATE
           case QUERY |
               SHOW_CREATETABLE |
               SHOW_TBLPROPERTIES |
               SHOWPARTITIONS |
+              SHOWINDEXES |
               ANALYZE_TABLE => SELECT
           case SHOWCOLUMNS | DESCTABLE => SELECT
           case SHOWDATABASES |
@@ -65,6 +67,7 @@ object AccessType extends Enumeration {
               SHOWFUNCTIONS |
               DESCFUNCTION => USE
           case TRUNCATETABLE => UPDATE
+          case CREATEINDEX => INDEX
           case _ => NONE
         }
       case PrivilegeObjectActionType.DELETE => DROP
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 62799a9f8..9b843b1f6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -145,6 +145,30 @@ object HudiCommands {
     TableCommandSpec(cmd, Seq(tableDesc), SHOW_TBLPROPERTIES)
   }
 
+  val CreateIndexCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CreateIndexCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), CREATEINDEX)
+  }
+
+  val DropIndexCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.DropIndexCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), DROPINDEX)
+  }
+
+  val ShowIndexCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.ShowIndexesCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor], isInput = true)
+    TableCommandSpec(cmd, Seq(tableDesc), SHOWINDEXES)
+  }
+
+  val RefreshIndexCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.RefreshIndexCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERINDEX_REBUILD)
+  }
+
   val InsertIntoHoodieTableCommand = {
     val cmd = "org.apache.spark.sql.hudi.command.InsertIntoHoodieTableCommand"
     val tableDesc = TableDesc(
@@ -228,13 +252,17 @@ object HudiCommands {
     CreateHoodieTableAsSelectCommand,
     CreateHoodieTableCommand,
     CreateHoodieTableLikeCommand,
+    CreateIndexCommand,
     CompactionHoodieTableCommand,
     CompactionShowHoodieTableCommand,
     DeleteHoodieTableCommand,
     DropHoodieTableCommand,
+    DropIndexCommand,
     InsertIntoHoodieTableCommand,
     MergeIntoHoodieTableCommand,
+    RefreshIndexCommand,
     RepairHoodieTableCommand,
+    ShowIndexCommand,
     TruncateHoodieTableCommand,
     ShowHoodieTablePartitionsCommand,
     Spark31AlterTableCommand,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index 7e7c3ad9e..042072910 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -53,6 +53,7 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   val table1 = "table1_hoodie"
   val table2 = "table2_hoodie"
   val outputTable1 = "outputTable_hoodie"
+  val index1 = "table_hoodie_index1"
 
   override def withFixture(test: NoArgTest): Outcome = {
     assume(isSupportedVersion)
@@ -522,4 +523,58 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       }
     }
   }
+
+  test("IndexBasedCommand") {
+    assume(
+      !isSparkV33OrGreater,
+      "Hudi index creation not supported on Spark 3.3 or greater currently")
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string)
+             |USING HUDI
+             |OPTIONS (
+             | type = 'cow',
+             | primaryKey = 'id',
+             | 'hoodie.datasource.hive_sync.enable' = 'false'
+             |)
+             |PARTITIONED BY(city)
+             |""".stripMargin))
+
+      // CreateIndexCommand
+      val createIndex = s"CREATE INDEX $index1 ON $namespace1.$table1 USING LUCENE (id)"
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(createIndex)))(s"does not have [index] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(createIndex))
+
+      // RefreshIndexCommand
+      val refreshIndex = s"REFRESH INDEX $index1 ON $namespace1.$table1"
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(refreshIndex)))(s"does not have [alter] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(refreshIndex))
+
+      // ShowIndexesCommand
+      val showIndex = s"SHOW INDEXES FROM TABLE $namespace1.$table1"
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(showIndex)))(s"does not have [select] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(showIndex))
+
+      // DropIndexCommand
+      val dropIndex = s"DROP INDEX $index1 ON $namespace1.$table1"
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(dropIndex)))(s"does not have [drop] privilege on [$namespace1/$table1]")
+      doAs(admin, sql(dropIndex))
+    }
+  }
 }

From 75428bb979b61730594fb2e475adb51015d42869 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 25 Oct 2023 13:36:00 +0800
Subject: [PATCH 720/760] [KYUUBI #5484] Remove legacy Web UI

### _Why are the changes needed?_

Close https://github.com/apache/kyuubi/issues/5484

Kyuubi provides a basic new Web UI which is built on top of Vue3, we can remove the legacy dummy Web UI in 1.8.

The new UI hosts at `http://<host>:<port>/ui/` and the legacy UI hosts at `http://<host>:<port>/`, we should

1. Remove the legacy UI routing from Jetty
2. Remove all files related to legacy UI
3. Redirect `http://<host>:<port>/` to `http://<host>:<port>/ui/`

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

building with the command `build/dist --web-ui`, then `cd dist` and perform `bin/kyuubi run`

access http://0.0.0.0:10099 could correctly redirect to http://0.0.0.0:10099/ui/

<img width="1428" alt="image" src="https://github.com/apache/kyuubi/assets/26535726/1e8a67f6-e4db-415e-8a47-dd7c41b487cf">

swagger is render correctly too.
<img width="1428" alt="image" src="https://github.com/apache/kyuubi/assets/26535726/1cb4ba31-9965-4468-b7c3-b0319ba959e6">

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5516 from pan3793/5484.

Closes #5484

9d58ef758 [Cheng Pan] address comment and fix test
6d4c0981b [Cheng Pan] [KYUUBI #5484] Remove legacy Web UI

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .rat-excludes                                 |   7 -
 LICENSE                                       |  17 -
 LICENSE-binary                                |   7 -
 dev/dependencyList                            |   1 -
 kyuubi-server/pom.xml                         |   5 -
 .../kyuubi/ui/static/assets/fonts/icons.eot   | Bin 60767 -> 0 bytes
 .../kyuubi/ui/static/assets/fonts/icons.svg   | 565 ------------------
 .../kyuubi/ui/static/assets/fonts/icons.ttf   | Bin 122092 -> 0 bytes
 .../kyuubi/ui/static/assets/fonts/icons.woff  | Bin 71508 -> 0 bytes
 .../kyuubi/ui/static/assets/fonts/icons.woff2 | Bin 56780 -> 0 bytes
 .../apache/kyuubi/ui/static/environment.html  |  59 --
 .../org/apache/kyuubi/ui/static/icon.min.css  |   9 -
 .../org/apache/kyuubi/ui/static/icon.png      | Bin 1179 -> 0 bytes
 .../org/apache/kyuubi/ui/static/index.html    |  58 --
 .../kyuubi/ui/static/jquery-3.6.0.min.js      |   2 -
 .../org/apache/kyuubi/ui/static/kyuubi.js     |  46 --
 .../org/apache/kyuubi/ui/static/metrics.html  |  60 --
 .../apache/kyuubi/ui/static/operations.html   |  59 --
 .../apache/kyuubi/ui/static/semantic.min.css  | 372 ------------
 .../apache/kyuubi/ui/static/semantic.min.js   |  11 -
 .../org/apache/kyuubi/ui/static/sessions.html |  59 --
 .../apache/kyuubi/ui/static/threaddump.html   |  59 --
 .../org/apache/kyuubi/ui/swagger/index.html   |  94 ---
 .../server/KyuubiRestFrontendService.scala    |  12 +-
 .../KyuubiRestFrontendServiceSuite.scala      |   8 -
 .../kyuubi/server/ui/JettyUtilsSuite.scala    |   6 +-
 pom.xml                                       |  13 -
 27 files changed, 6 insertions(+), 1523 deletions(-)
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.eot
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.svg
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.ttf
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.woff
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.woff2
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/environment.html
 delete mode 100755 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.png
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/index.html
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/jquery-3.6.0.min.js
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/kyuubi.js
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/metrics.html
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/operations.html
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.css
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.js
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/sessions.html
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/threaddump.html
 delete mode 100644 kyuubi-server/src/main/resources/org/apache/kyuubi/ui/swagger/index.html

diff --git a/.rat-excludes b/.rat-excludes
index 5735ba69b..6823fa44e 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -39,13 +39,6 @@ build/scala-*/**
 **/*.output.schema
 **/apache-kyuubi-*-bin*/**
 **/benchmarks/**
-**/jquery-*.min.js
-**/semantic.min.js
-**/semantic.min.css
-**/icon.png
-**/icon.min.css
-**/org/apache/kyuubi/ui/static/assets/**
-**/org/apache/kyuubi/ui/swagger/**
 **/org.apache.spark.status.AppHistoryServerPlugin
 **/metadata-store-schema*.sql
 **/*.derby.sql
diff --git a/LICENSE b/LICENSE
index 837c40027..261eeb9e9 100644
--- a/LICENSE
+++ b/LICENSE
@@ -199,20 +199,3 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-
-------------------------------------------------------------------------------------
-This product bundles various third-party components under other open source licenses.
-This section summarizes those components and their licenses. See licenses/
-for text of these licenses.
-
-Apache License Version 2.0
---------------------------
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/swagger/*
-
-MIT license
------------
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/*
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.css
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.js
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/jquery-3.6.0.min.js
diff --git a/LICENSE-binary b/LICENSE-binary
index 4cad931d7..b449a8344 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -276,7 +276,6 @@ org.apache.logging.log4j:log4j-1.2-api
 org.apache.logging.log4j:log4j-api
 org.apache.logging.log4j:log4j-core
 org.apache.logging.log4j:log4j-slf4j-impl
-org.webjars:swagger-ui
 org.yaml:snakeyaml
 io.dropwizard.metrics:metrics-core
 io.dropwizard.metrics:metrics-jmx
@@ -365,12 +364,6 @@ com.theokanning.openai-gpt3-java:api
 com.theokanning.openai-gpt3-java:client
 com.theokanning.openai-gpt3-java:service
 
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/*
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.css
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.js
-kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/jquery-3.6.0.min.js
-
 This product also contains the following third-party components, the information
 is auto-generated by `pnpm licenses list --prod`.
 -----------------------------------------------------
diff --git a/dev/dependencyList b/dev/dependencyList
index 0675f56f0..2f67f86a0 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -191,7 +191,6 @@ swagger-core/2.2.1//swagger-core-2.2.1.jar
 swagger-integration/2.2.1//swagger-integration-2.2.1.jar
 swagger-jaxrs2/2.2.1//swagger-jaxrs2-2.2.1.jar
 swagger-models/2.2.1//swagger-models-2.2.1.jar
-swagger-ui/4.9.1//swagger-ui-4.9.1.jar
 trino-client/363//trino-client-363.jar
 units/1.6//units-1.6.jar
 vertx-core/4.3.2//vertx-core-4.3.2.jar
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 886303a11..56155a27b 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -400,11 +400,6 @@
             </exclusions>
         </dependency>
 
-        <dependency>
-            <groupId>org.webjars</groupId>
-            <artifactId>swagger-ui</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.kafka</groupId>
             <artifactId>kafka-clients</artifactId>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.eot b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.eot
deleted file mode 100644
index 33b2bb80055cc480e797de704925acaba4ba7d7d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 60767
zcmZ^KRZt~7(B;J)F79w~9o+Te?(XjH&fxCu?l25GxVsF4ySuv$FtFcl?ZaQSwVg^%
z=TxUFPpR~&#OMkD@VNv4ApdL7fd6R_fFuaOf1JGX|78ES{~!H-3{trm=l{C@18@M6
z04IPWz#Sk0@B&x>-2R(6{D%MlDnRu=v;uel>;WbK*Z&wwfaZUU>whse|7Q&dzyV+a
zu>aRt03ZO{e<Le^^S?Oi|4&ZP|C12_5LJ`<e|8K7QJ@aEbOBs?00!u>exJqtnMc<t
z6-QJ!k|Y6mXBU+THRNvRZ{q?1qlt7npNM#e>t)u@3*s3?X{FA#mos?(EHiB~!|8@P
zHSlRJs7(;#_>C{=bF-qE5ypoWCp8a4ibb~`lhZnsG|vfL7aUvoGS2-d*~C|XaoBvh
z)O~O54lz6Cpp#=U3+W8~m1Jh8i50Z0*3oy3VuiZ5`2+1iW8vld^?2b-5vInw2r)>+
zBk&gt4J@ryU{&4p#$YBDZMdxcBDJsA;7G>@f)+)zgBLlWL5hewQPFC~yxlnbk9*X(
zX6Nyk%u$KnC?+U9G(y2iD+SyylAV&6#ewy1sMOvYn8_<ECmd9*Xw@>8i!Kynzg}H0
z4auYFzNM=OCc=Iv&<dnDmNT6Q59-raSv+NRwZadIBcalCVYJ7uxTLRXkol;h6B`0h
zJ|qOYEI%e#V9tI1Jb67rH2Xn4Z`%ZKWaL9&4iU!qCrRTl$pECqsG8DFRm3EQnT#HS
zb2gR)t15k~rGoi!!^F+5Q0q@N&8)ev?1jtTAvj;|RCsD6hQxx%@(;@_YKnEuU|OCq
zxDZSeRs5A%(oSzUU42zVi(z8QMoq8!yoJKG_hz}Ro`vPEWh=Ko+y7?p!}I77lZJty
zh)Hvqx!BBK%|EzeTRKyrZs_X6!d-2X_V{!U$XO?8T2he&UOJ&FX<$^CGnU&1c#hNP
zAVh2aa5lEMTiG3nC@|4&za{zy1_jN1kpEjxLuXsTh6!P?t{85lC85SJ!+Ce}LL?%l
z1vF;vS`Ug_mD`0?C3_u}`#Mk&ShmePUokUtc2i*%*QN)|=jUD95k)6dCw3==@7{qB
z$7;Y>ODQ{g6!7A7$%nE6ugJnWBI<~x@AL14_)b-BR2^5j5xS%Z>r!+poCp`hi4>|d
z9sS!BL~)07L%H$A45}!FIeVD8mA>Iv+YDVss|8qla@15boMWkFNfWfDcu~V;BRW}Q
zHbxiK4@ii6{-TFM8V8~H(`(W90xoPe(J*~^m@1@uv-sR;GZ;fq0&I9AMxQ?Vj%|y)
znW!EhuS6QM8RtXJPl!X8!v_!0WPYQz2Kb3pN!J}xCaK2iqm;({?@bivA!C@15rM+7
z&G)j>oszdf@qGAJ>EM)Noqiu=aHZvQ`s%T<l8epbe2(c55(MWCo-@W~@=EWd1Z#Z_
z0M{EOGry+<{-mIx2)I-9OH#PzYd!1LQth+1)G<}af!tC8{UFFA8P-wo+GnQRSYCu$
z?2*kNQj6LNhs{||Tvet&Ig(wzE^g1+8~&EEQ<-57d%$^085^l*bgrnsgfa(>AQzCI
z^t-&7(S%JstVz3stdszdF*a}FnFVMn+jW8TWR%lwK!uh-pLG@1-6E)abeJaJKBS-)
zo)b#7F_1DGpAWCn8AB+pkf45{br3o&6pprbhCJ7vMUq;vFqGXt!r|5P&xe}~Ab8v`
z{flS%lJlHITsGT`+OO>I@)EiKE2yK$&O{)(z?Sm+<7CQ~JEy!94B#r=rfZL)7-<#T
zdZ<OK&Q3L{TpfoEuyLtmiEYuk)O(AvZmJ&`Oi*PhV%?fAUj!*{venf%-!qX-R+{;#
z9B9#<1Y`l)gLaTgbz^ZO;;$$nqWf9Emn@}_@Gx&uQV3cVqc{MI;7=_HxPzcraI)cE
zZTt){>RO4^2)@5yT?)5!`*JS2U~bZ0<`U{OtdT!}rzCDXUY|PH<6d~oBIdw@k*ys*
zCd-VfTJkXJm!Zl#%AcV}BvG^-S>jkKVz1S*!!X9UyyjtV*o|Te8+`#P&68*9&;eh>
zV61v>QV;fMXYCAaE~+B4q7E=E3TUEs;p78<htc#TCulS+L*qNHGqeJ<$$Xq`O6#0c
zjgf3GYpZV*1bDyoD9Emw0T##nnrcw@J{zU62TA&=VS55LkDMr-fk#agb(xn$FH1{C
zr=o^a5o$Bg{O*P}-mugx>YVYUDE(*1*Q|etMpC*bEv$<arHzaHZh0}cdb}6_`lC~j
z6hj#6%qbDblS-_qLIE#D<|ukAXW#s1v0su6c$Gf<dEwc%Y+U(f=KiC7S_wqstoZCB
z=CNcCA<2doC=^qHXHLPk?nXxf8J*w1dIGTpVmWWd{%5Hu8SP!r=hL7L?)+&}k;kMl
zAdq<@N@>T^WtPR)u&3=mnqXpc1Z>uUM%F_cf?AUM%{Un{jTEyS{Tuyf>|lssBMH8r
z(lKw^ft~6)I_&ZCDnm8bs{JBH+MlTj1WC!4P(GR0_%ISZ)JIF_`Q;hPK37yom=XN4
zaH=;q{au8;lPsuw1q8EJ)iOd`zX(pJ_IHkw72{x^g<`7Ob}ZUfcsjYQG@R$rq)kZv
zpqwOr<?(PPXJktVcQ9>u@H+~VJ)V<XD$FBuBiV2;=RZn>2?V_+5^~E2XfJqi$dPYc
z!u6};1!o7$;YRm~I8N9)8EVGJ8seK2T&Zo0`gwfpFh_7HQ1*(<%h7W%^Jc2Vr$&`v
zLcMdy#71nJVjuBXLQV1?z45kUb3p*RDk$a*;$ZZ`U%oYltOpF3a(<!Qa;)Q(!Ax{Q
zj%jLqVFO=o!woRm=R+X0;^XS54s5ND8pb%?xq|wA0UWgZ@CYQfk}kR$dK=+Hiys-(
z*4OP}?E%pry+-T~V9XB~Z>Xp<^+`YwE#TC#TLVlES?7)-kVN6kxX~Q{^V~e;AGN-I
zsVK!c&bzlPgMWREEQrJ5g$^2RkIh+uUk2dW%W%`X#tn-GewEs`E=hzpO~m;weWc#F
zfKaIO!K7Gix2T6*jgEq;FbY+P3W);*e;{1~&F}@Vmm?0w!zHwl)l=Gd)KHj)o}^y|
zn&V3(`0<MiJX`fZ`euX>{7>$K>N#7qT;YtclZ86!!>NoNqXV?Wgu6)kVg+j1SzNq6
zs39?@@wJ)mkzROo7H?tuo8}==6J5%5$-l|@Ct@9Nf8lWZcBl!@61%|TNN_REs&R;0
z1t+Vo4j#}gVJ?RUdgt9xij}OY2cXs&#wqfIv7^gXp;`wwEh#OLSE>wg>R5lDY$?R%
zx~X*^1LM%D*JirmpBuDvaUVxo8T8=!UR&e|WHJNB3i}}RiddkV_^q6*Wj!zy2}L#!
z`@WtPC?>_fy{9v0Ef)W~Vcay?_404FPO;Z$jl*0&tZk*~G-m;qBA01OxK#n)NGpSC
zkXJXbl9ZcUCz$<ZjbV}_Xvk7Asu)EPTuOZ>4i}$d*3ALQ<nw(We>4?sOb)7cn@`N0
z7(MEWHX%`mg~RN_j*Bcg5!!DV$V%zz2Sq*Mq7{arbD^ZBQvQ&}P*TwD{*8}lYoYMp
z9Ay%^y*sH%S6R#?j9C>K_B<J!oZeAj>B~FnTux>wAXJAP1Uz6R=ohF(Vuulg2Z3R-
z{oL}A_KKvz-O*-+bUw+c#U}?GooWRi4S9nLI_TL@V#>{T9+!Wgu-r~!-(F{obENUu
z#@~d&be*nF^H_{cS?jt~NMAu#uY)%J*J5>nnkuie6+&ztH$f7}jo5N%rscJjC_yLD
z%Pf{zbPBF1Am0^wjVE;_P7JkfMEe6Y20BKHUJ_8fAZ-}D@k5YtG8vIApZhAxulthJ
zazt($#?^JJ4Y-shRpkKsJ4=jlEobY`VCSYO&J)iVL0WZ}er!qFlU~vZhI?A-I<>ui
z0<JzzF(EFB)uf2%Jau%=n|Y>*3g@=)u7Ee${zBrcXc4U9j*>EHMb0Ll;-ay-Fk)b@
z5F=x;?*@S)xdR_=NzpBKRlgpNp>uU@tu7ny1KLL6L|AG5^BwM94L?Uy2n`G7G;~l_
z=p@JiHvp%2WAq22q*PJ&VJ<l*Ls<+8e*e(KeOC%}lV+;GyON9NnsB>@@$mAx3UIw0
zwwm8%==0ikJf||)kPI<qa(IpQGVmusG^~iV*)QW<yKIt67DC+jdg+qxY;kR-AZxxi
zSPfdGwm^H5nzA1@=i^uYQNwn1V@<r=BE2#80U&yajYXiF2PE9I*J>{7r7p~r4P?;Y
zi?Cwwuwx(FD*;-p5VKK0{wjZUh<~o0W*?rhQhG|$&9vloUm!(lH^RU0nVgUaaG%YA
z{QF5K^88O2Rw-L8hAx*-1yDQ0d3ehRULceHR8Jf_>Gwk8?SAcZk#T5}Z|H8pP;T2n
z5Cz@+$n3+liVJn;Wmj5&#%JwybF5(yEOZRi$jWVl2+a7C&msDxeoB^9DFGXS1*y=K
zxK#dRa>b-%sl5t?mtjL6qL}wxHMWn9YcCA^4rfA1S4O*jP+%l3+yf|K)`~B&mdyzj
zAM>5dsp;Aq?-FH%{y`UaWY<OD`!%l<D)Mk`L@G<utvgIdEu+uFUe&91kr)}!USDQO
zVqotc#~nCmnW^i1GUqHr496nRMZ;G#AesUi3kej(*D-#1y;&Lyi!>j3de&E{guy&U
zSq(Qgn7z11aCUJ~*Nin6D*O$ZLnx#wwdKN^>p%=c9iBjbNgY!)UCd1z7vhM5;VNjN
zI_b!HJFB#nszk0ebH)~HiJz~v5FV{GY4>@qybr6tzaeTFM^Q64fhn0Kz1B)NkYpMy
zYQn2Dv@l?a2F-7UStSNdO<}OEp`jdaPJq@tljHo-YTb>79%Y4ddpW2-0Rs(KU>CO4
ziNk|G9esRy+&^K!<>a4=Ung1~FFR1{-axStIjGGrK(UWlEW^x`pXcJ9^vYz<vxNxp
zj<^$1%SvBKExA8i8abmT>Q|>ihW@Kis253o+|;8(8#b9DX8JZcx`lL8+=vF(Q)T0F
zp{F^5L`84~pHJ})N47<MKZXN0oIf<yf`pT9z)6Iq4ws}3$xIZI&k-o%zCxAhz%vb`
z;~N{SsdxR<O@>Z~Jk;aF=1()Pd$^YTb~EdhOB7_46wXveC;4(#$g-4GmjE3f^jCfY
z>R0)#1}pL2ZaA;cO%mr_s;`6MyWb#4*X3e~ubnHeo8rkyhbWzvgbe#&nYY7R9Y+ne
zfk-t+qDXRnQ5IhHoAqAE8i@c;hy(Jf_BJr9;`?MM9^IbvBOMq$N2$TWMAfj!&Pqe-
zi6yA#2)e*Mh4iNg#Mr&&DpzrGk_8d`A->sV2ZQ_30U7(7foAz#ND|L~r9v)BeiZaa
zfbmbor-~yOg&uxskH-sxWZWA1M}oInpSVVD+9FMm#ZG|dsDMJ!WvB$<L+3T*vF~FY
zLG$s9xEBUK>#BB^?9UWc>n|@l)J}16{3SLj0K<MfCrZX(Lhgw7(^IE*>_pu-g}pSQ
zv@mNGLqy413Co_SI=psLkVgP)8(ri4`RnzZOR%M-`Ao7xf);&55$B+YBeLOq@=-l3
z4=OtsgmuauO|KCwOZZV!jC)sHx^k|dcVrZj*;%h%lQLBTM5@Ij2i)d2F;bnn=2(p1
zAy+i>=!1<TAwZW<@dzEc85GCUbG(#pQ76>pJ4J~g>m6EfLmKc17;47GyqZ99>M;{J
zRsK2ilwk+YVHF#S8lY^%#7+^8VY2I3_uBOECog37U7kjQh>HQy?ABBywy4+#C#~kD
z4zkNSHA5Wq8}Hunr!^|>oiX9a@BlwL<`wh;m2fw?xyTktD&o%!)#GGj(oM1p11Ntg
zj?T;B9<5!m>OkZc?l$mk?xdM@C3@HZ-M<JC!Fm3ote5&t67gMEj)?*LebaXrv@)~c
zRBDPg{J8huc*afLDU3)z(l)Q5r~kfnR3u`wD1(mb3qn~;@?bsBGGeDKh=Q*!Wx>e3
znfzI3Om6^+j={VwJuGO2TeZCCe%wqKCF-T(K79Lfi_8Mi?k=SE!mAi2N4-<;Se%PR
zl2g`8<RMeeBR6!%Z~vWfe^Mm*O#TpA2*7Uh&&Fdy&cm_iOIUORCaR9SQhQqRSs~?#
zRB7|LQwAI8s-~ukSygniN0ZUo<ngY6-&NiKS%7C6T6;@2<rn#a^zGSc+*ZB4MIH}k
zU5ZrXir9+KtV$S4JIRqe7n1KOIDsYZ*whR8>0j97gXi!k1M<#6hP2XOw>MgYL3^X<
z4e?wH8rjgRA{n#Qm8-3ZdrQ(N^q^;57^~VLI1{Nu19}I9bSFe+$WTMpoiv;BO1w+z
zsLSX|XjNp7em;#&frJ_`B8ZtjB%Jn_Y$V_Kih$Rnp@)PH`u#VEq~DaXs0|vdwHryu
zJyQ|qP5eP|GO6^i1Ayqpd;7A>@LbLB^6xorxyxI1l}^9$*K;JOaoaaJR!Jf)LI**y
zw^)48gHJEY_K;J*2cDLH5zEOfZ0VV+hs;j|<IXdA081&#0ly@k*2(3WLEleNarQ}K
zQ7~{vTg^`2#78Qr4|aZkq#22Z@Bf5ELQ=OLG_y}0kWWmyxO=O(QRjR7YNzS-`xgE$
z>){@=1CszKzT-IHgY$RS;2W2A2Vj^YtSX5n*x@0El@ZRO)NK>(02e{V$r6NH-bF4w
z`F;=?7`!X%0oEq^N%qq38Rhg>A`yI!*+?WI#j_AT9()GWwfkcnQPQ*{pM7<D7BB1m
zf(Vk~Q5#hFHOZqfgzg2xyK83L12w`Rv{ZQP^)WW00?8#x3*a<OOo1VA<b?vP(za$E
zdVQpS9^nui8|Y2b;P@=F$E8eZKteonLlw3>Q<JyAag{AGDAUlQQe?@_N-0dCRpS_|
zrPV7=ds7WX7+?ra1k5si4bSrZUtoGq1N?i_xJJ<v%#z?Z=2LJIbEISaY$<kCnMB5|
z&S2b-`=?T=@a$`@@ccVY`s((iP87PIq7~0Ods;(yTtpkyEEc|47Q7kUf_cF>20(RI
z$pl%24%+3A2^xb%`8w<BE)Ss%-_pX1jOC>#0k={7&;B0F{#jV@_8y(mB5_Dz{Dk;z
zes^!qB<Q%^i>wHy0tvMtHqaKcd`29#570MgvEB<e$jvd=1`*@`Mecnb#BY{CeDU$K
zcWC@I<$Sr(qn!#Xf3%;c#pML=Yyr8tOaXqkfO19xOZ~zQYOYn?<fOgmdAjPGYTUYs
zo+%m1k8t;4ZB`iGUyEGI#dQWIg)#l*agOegV6KkQ&F(yF-|-lVaF_IEM@ZEmGR3}`
zgOX~3aN&>!#mSrwTB`VpdOXzt4}_;zvRL;KvK-Fd%i&Wc<?3)d<o0+c<x)D01FgNQ
z`n=j}yRLGN`u?*Z<smu_WfpxMbTAM6_2pQqBl(Y7vCB*oJ)if7XFwL$R-qT+X~Pe`
z;1HaiOCY&5nQ?*Q0V7xU!4Ds)6^V6k>fRw=lD`Iaa=LV}4A$k!dYa3$iWM*Fk7dV`
zyvX*GU>Z)&2yF9JP^F8ZbQGro!n)bF&_!Cr%HDI>3YI=&3@3^cq9O2u$R$c?@(HE9
zEaVzTG#pLPV5YOn&$37IAT$$aqauD@aunA7zcKoFFk_HdXf#b+JTpc(Y+LjnfX&&2
z9A-GdIM;hr7uvMxNO_j%@qQ{X8KPy=L@M-+4*lW!Vk;?yo92Du>XN&MbEp!$HZKEc
z%+9H$Cj77rU4B2xzxgKKPTm?d{Sa=oA0ok?TL}yG$}=H-83ba9K|;3!_4{4*bJspg
z!OBT)nrNt|&1M><PTKXsx^|w4j2Pm@j1>a7v)c|M@~dU+u7Xs)+L>I`{S~=^NO$N}
zV7T9rGi;Xfw49A^2u}W(ZN{SfUy7^FUI4ss_HL8J>3CX*@{R1aZU?Xc+TKk!I?7FH
zgFVaa%FuHysBI5ynCk5vz=R7wrHB>(4b_s_M`4!AT1A*DOORnSV<D|ri}^$w@pn`&
zib}8Bw<sh?n4v`h3FoYk1aVd<C4ryB<e(T<9XMoCQq-nhLaq&D-P>XouK?i0hLw6~
zmGkPJu%(HjDEc=nfYoZk3!=DZM?@;AyR*3^lD`^+wnY4m9vt;^9U!6;2Yvv%f+K|#
zmz*lNiv<D_!A_bgzEz3m0xsjtm2QBI_9EgoYg|p!GK#Fl5c?6}n-w_x)?O)mgrNAl
zOdSnbEz}3_u$A@a7e=@x#%=hzX`?F+@u+5H<I=P!kC2svm{x5zi}w=MuZbATf=IYo
zPvj2(D6uZF8k12;sP^t^mGpg@`@od-Oc6~t+>A@wWEP0<m-s`hlUW{d%oUx<2@YVz
z(qeOFx{R>TbQv!EN6KsmIvCM98IkrMNZ=?#`6yORnv3ngp*4t5=Y<M(<!xYh?e0(G
zRa;oxlrU9>41&!99|fug<S1~`B+&oJg*s;X`Jc`6w2Pi7lbv-DPGjG1X%(7ey%_Ud
zmv}6gCdo!+l_n$?-NtVTezGBdDWqdI2dNz@KiI)~1tM&=)wt3<k*rQ^o^K+M-xtDV
z>1T7`ZKvP*!&#fXs)Vas{<(g0H{IMl|H09$oB;(2>p;xiR7t!e3dDsQG;vabjjz_H
zaU+9-q;)K7!4)Q#(DWmaG4uvo-J5~)U5ft-EXx$c&z8S6Sj6z+X+LZrwN#-l)|~JI
zgB1Q`#aG0sNmz_a5?B7=4mh~qkqtW(pj~d?h{LLk4uL6~`G-!=PShanfq{pLoaR11
zv;0ek*e{npgo7D@IsX?)F>>p+cZ91bQ)p)#TRR*Tp4iH~x4*rEf0CVFMK41;CdJ;1
z37yeoPjB@;MVKmH=r3S^Hiq{6{-vDhX_4sm@CJCsc6$}d5s{@?I*t$uX@g)MYsZ+Y
zgjAecF8{SmU<LM-65chwy3gk4K2lzX1opAMhas87S5R20l!D3c(as$xyoh!pF%Hl3
zTTJ%3zr<0qxCSI4UUTJ_-QPX6clzMbk50*g#il2&cqo^+*E#awUGj!tGVjQcEOn1$
zsrE%Vja-2Vcz3U0Bj$Pj!Dif`c0R0cjkjn?YFFZ_8`w=^X47^p9$+PdzOaG{STqvC
zc%aDRXl-t6LE@kC0wCmwYJ$2TYO^?0St5k{WgDLWJJk2|C`{Nn{;8x;sr8o6q>@!5
zFeoAHPys`G7XU2`jpIWHfuS;(`1Qy#^84-~zb@?CAS+t1bk?yq%>w@P_)n0Vo_Yxe
z!9(K_%MfMd9ton@Ve*>tOXUJXliCv5I4n2HNd*+=kK5U0PQSkR9~QV&V{j3^$)U`7
z6yAkHRJ*)E$1LdM(6x9BL9OU4?8@YPw!5$#rZqOQ=|ZG{0(BSx8?+5BaTS;_mMM33
zh)ERJE`wnJoS_Km@+$4{d5Kx<S3$bH=_=n$c5&2VI1`OQ*r$fK&%|21>TN2P(;sLk
zxJ8kMARy(szN%V1o(OD2F{9XxI($%28lY|bU3u=g^=iz~i@z%DsDwZJ88L?`T2P~t
zgd17|=Kf-6zm>r3pX0At5ak_jrtTzN2Et@5D(0_e6*YrQM+DkYVkvPTD^?GDv#Ioo
zhRKh;<5ubIgt9<Qh#2@@RM^7?sxQd%mES=?jQtT6va1n<hcNv?9NC^$&GY<TZ5<>)
ztu`jz-fr|;v)DNg@sgV{HU5n?Yla*RW!X1Of|5Xz7`W?8et*6m%tX>Tvw-`&HFn?y
zR`gjkud1|-E-A0{JH2$X0p27jW!YICBSn#^5!>WzjKm&aXLM$`tQ;4S2F>R*TtX4i
zFi}<Ns`)bp)3QJw>a&B*Z$filKvl^n9W}Z(YQJR6ER~O)Lo!P*qu9SFFnH6QUxSar
zSZDHJxZzY2LqmNyIZRbwk-<xir}n6a7=K9@G{Y|szjs~gijo*De1|c_+~0o`cL<+C
zWPtv6BP`ZNXSNg}MWRUTS24UUtg(tKO~^GR!EtC8RJ17*m9I|))ljpTRJ5rxquvFj
z4P<fgqFT;LY<v0cHlw7&W$ZMSVK@yBFK};h7z4OZ$=<xJ!K&;W^uyzk#8*Pfz0jS6
zS0c_&4v&X}XMr&+;Ga4)ZL!IfhH)G!c2vKt`ap6Jc$vZmja+);k85PMxpAfArI`r3
z8Nxpu4q+8UHrDicOcfu0$0TLqiB<YqD&!TCMpoDr3O^wYh&)lD>gk33Z0Z|DR*RUw
zs>F^a3YfX9uIg1&ByNndF_o}b<%B(wvZ#zV@;<?-M;8<G^Nk1p>5nVLPZJl_=y&@Y
z<V!U<Fl9tEkGznE;o^MC?L4BS4E=lKa31{ZLA2U{9Jc!qNLMU>VG(Tnf_CR{dPu#z
zKq6R->NlFYly^nYo6?~AZ@P?>TS~vh@ZjB-8^N@1FhpqM>gf3e?Ih{Y_-Xv`NxfIK
zJT;X4LOb7LB!u%vPyRs2L*5Fwn!60g*wEI?(uTf81GgNm(w-NyL};t<?PtH2d1QQ_
z%M|}6K@Gov^XX&UvSN0ah)zCJCw`<F!+Aq*c}CPeo=VOWk4~}A+CBkKv9eZK7AMX6
zQClC?5IPZg5ymC}zk7O)MYPr>1~K5ri(Kui%+$Hth@ex_Bzn;n`4ZnLRLZ8P9&sw7
zh*H|v$`ub~={ki?$H`ziD>6wzUX2TLS~-DWlxIS@XZzbx^AB(aAZY&APt3VE?HIKy
zVWyr5Q>yfS>z90p?)Rb0!ohxIAapjMp~s?*E83AI<PyQWBY_1k+KOaHt`w&g9&l~3
z2&qtAEK2ihCMd+~IDzZAm7P9-3ehPqsHtu0dXx-xe=^EV3B`$qKUSBquNj9Zt{6cb
z_Fhkptk>4=MG9)>y9o}B-w5-?--y?{AepYBPZ?lQnQRx1TY}p==Jc$%+pI0IlWB0I
z8MfHS<~31?uW&V1k{1+<>&lt!ByRM?8C78;tz6=Jv{#(sjohmdSwJp^<g^-_4wA){
zkW;MB^sGY(=NV2Bz3uDq?8K&vxJt8MC^~aBCjZ@KgQz4P3JJtCVQ~6n9@4<W8YG-J
zMnTS%@E-_czVrcU%A`~)KPnUIVok36Kca&WRF5({f-KmP@(<HxQ4uAA8Zh+;?Uj>r
zzfjD%@R4mDm2PomY}KQ#%DE2Wli@cq9_7=psCQM9<sb(QJ~2&NiM18tWe-7NOd<7!
z9Mt=!t?UetSgezFISL%&WndqA-?81Mf`MY-<Nmj#$RsvY_h1=M>P;O+>`$oulpa#%
z5|VVH<e@CJtMtnx0&qx*$kJ}`m;y0GlsCr})?q3NGwxHIr!TaauedY<Ktb=F;che$
zRN4x`#E?^h1zQJC-}M0@NFG>w1xA%}hD`Sgy8*g%Oauc|XZU6kwf>XX49~13_?iON
zabjH!4`C5>v$_Q~Vo2H?J<k4q=BToQ=Jc74E(TuN_90@bO{VoWy*Y8HSPNQdf5UUH
z*wzkwmXHo`Je26}A_;9ANhFMj)7#fgIINWXS4FL+Qn(PBQ-r3`cX-Ks@-1a?;(mi7
z=riN6KhA?-&wgzpT{?J!q7Nd=O5L0qYw4h+4tI5MeQaEs`jY%1C#(6vy6l~Pc!>#{
z`E%Hn4MXfh?&&lW1Kv$F;M501;>m)wb>lJ=U*aOl{!cymD=anno|Z0s`c<|$K|To&
z4HAW7VBg(LC(U;|O*Sx5IWu=(Z^><dthr2lm%e@l4o`dC5s`Kd{7?O=+f^^-hs|2W
zI?{@Jxg7Z*w9p6NVh@%RhAYN|8yZ0LT4G?v4I6HQ89ZTLE?2Yb?h<VQ4gs<IPJJJu
zz^qlhNR(eoD;Dp8lQftB<)VE?*b3|)k07L2x+Siv0jET*nXyF0zPFRFuLlst!AG@a
ztQ^7)LJa?l*yNHS1l{!$kVv<;5Qr=Be&5G4rsyBh<IVjSgeu^N1%&B94KuyopeWUS
zO{0u{P+-)2Vd29Hi;b07Fj0eMM4Xa!6y(dmCN}qVS9aeD^lX~rG;nMTWk&KqgW?~K
zlA9)55aNL$;HjsltH!LANK$WHH)V^VtAU?hBX>w{rlKrkS>mco7LZELWsMX<V1>$O
zY$WJq=t8XTAJPKJv{wjq6o1iFLr2LEbPrO|yyAe6Im7f_yQGoF3e2Gd-|lGWon)^z
zjSKL&UcOyKGR3OR28!-&9%OD}GbFiGQ3(sA5KnQ|T9YD`7&_`+(DR0I#I87JfoEL7
z{g*1t2J7%f&`&tm2_by+AUYXIBC2ynRkz;Adk!;`$!WBv8Ugd+=%2Lcrw^R72_YB)
z%cL+Y64Rc&viMqRW3iCp7e!@m9j7IzBH{5l?RZTmUef48F&)ltd#mbYKN<k0y6bo^
z>Tmm_F^;9pwQ%3X6*bXpnGRHC)gO79#r5q3jF;Qd_9=$=EwZwD`h_N6DVHKbe{!j9
z#so)@2FW63M~2gF9T7MGtIGiEQeTJ9J=8?-A$r9^oeoWbJ5I+tdcWHHt6MH#N<xzn
zN<)!3hqSVT6!7uGF8Q*5b)!)Th8@krFiZH7F))pD)3}D%dTD)8AH-Bo(W5dyAJNT)
z5)ZQu;z;<4FXB=!C6#E*V*xuc{|4|kNa*rYf=)0pd37GG@Konxuw;Rvd)%o$f$W;#
z?26xz1=$_r2`W1L8oW-b$J6kKx0vg-RTn*iZ?NaoW;5`=1f-MjY-zs-$dp6*v_m^%
zW0R8(m`|O@IImezuNTxDh&vP=lI_FCMOBEPQZW-*u$>S|({T8}j-+lYdqMAt$UAoZ
za(o&{08ULef;i>HXhcBN>|%)iHLc=Vk54(%-^Q3ZtrTl|#dOZU7Q)Q8*&84MR%ao9
zW<2!MO8l7eXvFV(cGeNfE`*{2_}P`YLu??Z_SGDCcT|>{tO%=79ES=iw1ab9_8rJS
z`N=4qATW%j7qNb8KW1A-r5F=n&kAElM$SRO{HQ1o9y}~fh8`sgr_QQ|a_qNorO+a{
zMtdXRpjlH(8`2ajg%B4_pXWmI68VtJ^vK}SE%+^Tk+q7mVA0C4tIN<S)xvJ94Wsot
zhy;ljfG8`*hBiURC=kg92hS)bn#AZ2^<$DF#iD@2Hd{*HV+aK5K$i58w<jr>$)36)
zPvED16qa||G8Lqf6``cKG)9fBppZf@;*fOR9@w51BwwrxFIMBwTv=F$)~L`*T+9J#
zMiq;9SxLr7<4iy}QGq8F4n3Z3q}Q>^S;SFjLY2>V!u!jO|FLx(9+-usB>D1%i~F?=
zYgXUx@xT|oFS5WF5M`+(Qg;E2Bwmh&vp)fh1E=K1{(O1(7@5>`i*~5X$D0g<vk7kE
zdDv#RI%_ahiu_I5=O+D1qo>L(h~6?H9(TlOL89`tc$AirQO04wH=rt=+-ogOLyJZg
zQYQ7i5bDLhY}WbV?7}E9^y;w|_JbrP{+3<`=@0u({pG5kUjqK9T+wlibiX6sUl&ox
z{&mOLoj;<$6&=KOVsoVVO9zr5hMyMOfX%yZ|M>X}%PydwA)TnC@+o~A<MH(9NsiMA
z3d4bTYeT&i;|wfG8&m5zHEO4AQx-u2*f!2cflo>Yau5A_m~etP#)m}(a^_h0OH*1%
z6w%Nj>^!3`gHQrDD;)nWL7U5gMH2qC&aQXqEDE0K4;^wVbqCEs8Hm3dyzzc__|s-#
zBinFNK^)%(+GW?g@tmjnS3Q4<EaF+P?FZzAnLbfHVmo3YsnF`NJ%oI}P*07@ElXp$
z$BkyH9u}8Ke-bG=wNybP#jh4pt#*xv)7CD{t5*bT!%uQOqz|m3GBJ(Ara5w)&hK#z
zRu4y);}70b5jOib#WQu=&MSAta^1;tp=$qrXfsuzU5AV<%s$RbYLu~Rj-|^MQfe8l
z8N4kE*vgS&M?Gn%tunP|#*^{jFE_myOL9)JwvPP;)09P%oyDvA=Ayh=eMx(E8p3Lc
zKw23%R-e4Mk)^8Yb3_~7I%4g{M1~Jj5j0UXxpCAnUt(4IuP<8Zzgy&YFM_hHW{b)5
z>7<~H;$FsOl5w6}R}3wKcI;h`ZYclct#*V6kU1-&$N3xcuB<FDjkOJKh8o%f_JLO^
zm1R?J4EUZdWcja#P2b(6jqPyJ{vU^(+n!T7Bui7BKn&CNT&zTFPU(AukoucY(vX}N
zSZWaTH%nBytl;iAsm=LxemqsF;c6}420&ohv{d^p)_q}U9S70X8%ubFQ<h>7OdfaK
z1|~V)E7U`Uzrm2tWt&4<B|?ID5!rQ}Bjk)9_>_5Y2;s_nBOj;h>{2ZM+ub_pdWRt*
zn8hbai2^;d$W-XDL3);Dqv7xy)qE|3Y5wsbPG9%p+^)Nv`1=Zfu+EQ<soU4>DLsG$
zuv$_ZnKTAwJ%E(xbUq2PT|;?OSbm{G0QzIzXvM|n3tof>=6k}&6H!!W?V&{Epf1f%
zEt`AyC`$}eX*=HJDr8pb;5e%@;<C`)+GI&=-moMAKI4de>6v6;?OUSBFcFRr;4kwn
zlLLh*IIo&>DN047291hE_*030@xCbqvPU$YwS17E+6E#g%1KuBE5ARC{?C-o@fuwl
zk80TWZi7NbxT38rAMmy*^&tYbRu%N>gFl1@2e$i|rZ+rv+1W`L&WD9*o!_T7hGoBC
zMG)FlD$u&_lIS;wO-g4Igso%hTE4>oT7wZmK(<~5@}~-LJ7!r#t}z|mII2RR(Vd;X
z)fcBvipXX}SC}YMp6;BS8Xc}QVu~^tKgd`OV^sDU|6^m#Y-lIxmMm{LB*$*VuZ(*I
z)~`ELpbB?0`ZupxLDDL7T08q`cETwof;wgdDh-F&&k$kCC&LsrQj=drVDMp+gwj=z
zSDE!DdiKO@;;^+YV$d{ViAf>fMPF?iBIA~#l+$7Ha@9~ambDVj`YcHz5(D){c93Le
z)5t2&dHd+Ze}1HAbN-M6RV`GK<THQ=LB-R+QN<1S<}^|`{k4W<?npkkA=vtG@~H8m
zc|(G8zYv?;@n0~<RE&k^I#R?qukoypVR@XkrQ)9Xe2bS%DOa7<GP?0pL{hJJYdwp%
zMf-85>{ghmZoi9)%a$S;_3v8868q6Vj*?b(NWWp(*2h}_)nz~rwFXfhfcC2J8f(!i
zS9ld`237-B^*rBwu>g5L7Q)n<K41_HqtsYUiNe~+fn!38jAwb{hTKAE#VE)I^o4Cu
z%baznwO1@gWPqFox6gorRQ4mfuruT7)|_jl$=Gyvg37z~dM8l?%y#L@0VThu%F-@I
zzkzlN$T-sX(k@s{cBZc^3p6te_qT>5Ri%B2vn3<e7w3qSg&eh-zs1jM!pBHF4(3{&
zz_7lJ((w8j^(+$zQ#n|4P}ZMN1tnj_z^EkeKNz`q|I;fTfs;InH@_CHj=kKVbJ|F<
z!1OPpl5dy5<J?tOQ8xn;ssJRBX&NOZ^Sck{l;)6h6Nlh}xQPP-L@7&qHXFB&1iSgm
zJ?-ApYf}K$@?F>9s37ENHhyWPi0;4=M-Y?&FaxFU&qqMYl?QgLZwxb8=8<n#;QIw4
zW66~I5EC;u5ig53>41cpFFMHPD}P7|u>ol;lT{*1oB=_aPLV$O1^QQMH`=sto-#>H
znIiq337b$E21i#^TI+WM2~6{IX%;jHB!L=9UzG-B6noeCy6qTdUUJ~vn>cP-Cs#$b
ztY<;~f+JT+O61G9?rC9z>5hpc+j7PM9YPWU1h_kf+ibZd)H%B-e<d@)528doun+cU
zjQ*|>EdDsic+6k-p8S4XZu6JM8u&XzB?pp$D=U9fDh32Acs4OBJemgEdC<CND@fdp
zm}FT-B1f~=3R>v$-B`G4_4|{qPciL)gjkl<ig9Rll3)?Xm7{-ldt8d2o0A}v`rxtv
z$o-~Ohs#l<l|;E;3Si=O%!?nCHvylKhMIY4(*m*?u8>0PRwU!xZr~SkVEtuNkZ`Rw
zBNya1A8v7*Lyl=O>5nFiAv*O}>o5Je1j5f~3KH2=<`gms{}8e)k@YS}%m<wBB1hMr
zNAcXD#NA|0TQ4Rka8sybzh#vQDyb+2#_K}yY~nE>q8>Hz7nSUMqX;gN=PjuN>p8x!
zUCL}1qzyH(bRxnMu3j0JYYya*aqPqS(9xQRc~}~8<Ua)8B@GxS^<jj%+kMwowd>;+
zkeoL@n<<S-v8M_~D4?Bo__Y@6Wz^4avWu`CBRoN2#c$+};d&p-F8N&DVo+4IbVBwU
z9AdUGbe7CtJMrW;VM&FyU0ZLdEvmFiI&8S}W7Nh_;Fh)$FTgSlpVo&)HYB5L*@Y|q
z_fZ?;PyCKige4Vbay>nr_b?b|?oVP4VzfrW%(Pw&p;lDC2D!DiCEVgrSJyPSTAGAU
zDXYfGna+*(Xh6+Od0^QUXB=##et#IL9kUdMRk_+(C&qp=_RdnnPzv)d)v9O+TM6|6
z!TFgq!TOS-^Sm>(<stN()qcwm0hZF_wZ|=lHjN;;piTU$v)?JZVbpBrWi6Blm3dPq
zcz^{b8-pTE1H?ZX250UNm4BZe;Oriu&ue?wlb~@T#~Fm1mSNjF(LQU+&HRO+tUN<_
zt=|(|o6BL!OGU#tOko<>qnb7=lX%HSWpRtq48LZ`q_RDhbr>ZEARz^A`H9icBVT}r
znCFPX@Uop4#F10wSmqo~Vgl;?H#zwT1mFPvZdJA}Bp9_@P#hVSS?p!@)eKQ^h9}xD
zdW>+^$Rk(C_uPBoPd9Ou((4h+Kivt3<Z=)#YkaGZ3oF%81K3QhHFYiX-C^8ZDvKWc
zQJ4lf=1X$(Srv#JtW(r5>u_htDt*@HC?zF<=1pd(0cTe89Bb0X`_n}6Sa&ZNFX=g(
zhgqV)EY;Bv96Ht|@tKwDVA?9oQY<C(9Ux`~w+Z<|S5`Is>)+v-QAI1$QK~QG*(&wM
zt(_~};}?^W+NH9B@kbok6k;n|_^Tg|f?}_%NHX-CxWznsf|S^b&b(T+KqDw!<fNz)
zPM%F>nc)lcukdBj`JYO42gj*iZDndPlFSuP){bKOoU_Pb)@|wt4TK+cF_pCtNw~Qz
zkh}`RjbaB1(AZJ5!GHi}J#v(f(Yv0*RUry22HL<Kgu`Lt^g6FPr2&k8fb`R(pSrEK
z0vh)j?p<X0K|b9yjuMJ8&0H7>E~|)%Fr_FeFrHY|ROC6cLyfn5pj}^YL>M^qFZ}R_
zRVIi@zS>6>l=cdBB^9vwbg*R$0lvm^b1_nyH(8-~>%XjjA=5Z9C;ekO4R6?SR0KJ!
z3NaA&tVB2T`9Fdnxj!tR#+6PnL=oV{dEVSK|BU_$KUIr&4rW1|uY#-?)ufy>^irON
z>2r$e6D(B(VDfG6-S|9-(XZWdqDiY*rbI@u2Sni?t6fJ18`vV#kgd%mbqeo~?%hA9
z<s@2n{u$_*(Hr-oJV<Kj)kGmZv|NRiMPNea8Unua1v%QqSf+YYtW}XDg7K!I{Y;~|
zGvT>(>G17XE-@+nlMt$0un=AK^!q}arRoTtS348m^tn+|A|s8xRHCPcMKH<|lz2P}
z7F|zk&@8BFr8Z59Le;%_8Na8435uPT14{7@rA+5p^5mM6b)&00@2mEUcU3SGG}EQf
zCKX&PZoBZ0`0quHG;$KdIN`GXRq~%ciM@jeq^XJ{1wmXia+y%zm8b=9t2jajoa4ay
zWa9q(-{xliizqF!Yb<2>xH{v;`j>G7Q6F5yJgS*2g&Mvr{13>#-l3PE#C~6xAI&~&
z6YCC2o$Pe=lz%20+dSlDnc~EG(K4Hd;ybsbgXXPP%AolnN~F9YE9;Vant?@Ptq)>=
z;W(wNQ(ewICncSr(iq8dTntI=(Y*uXRXz>oIMt-kWwBosf3}q)RvW<<WJxT5IcIw$
z8-!%?-u}k1p48K5^hgL{$<R!z=wd#y*6z`s4>=C;+i$)@{Ro?nQzCHI23d4z5q)8Y
zBP$RWGo?EJ)+E4p=Mk`KA_bH%6ngdV74+%mp_b#5Bf272^L!lgtY;+{Xe|iDETmqn
zkE!Q2lZ>#Zth*8xlnm8x*oLy!AihFbIM`!E{r_~mtJ9v0!d^i4c1hK~GI=B&*0ExV
zUL3!C#2L;Wr$!XbpzgsB^|@9!O=ktcMfGPZ#Q$Df3~=b7-7hAusZ6O#(Jjz~B|9Nv
zEUE-i9#)Y@LJJCFzB(#0(ZUn5qdDn{vAO09;jw=x(_o+B(09`Dboe9)cexfFh$V3p
z8g~>uvq7Z2X<#VKaIM=ix@Ajopn!UPw|`{ca?GZ#%ZT?IfBCp;NB3RcTBh-TDG?70
zLLh{XHAM4u4I=brHBlRdw_-SP;$6bt&*Wx?4^b`aSXa7cjVjTOXNl%UWj~yujVCHb
zItLiea)r7rh=$3-q^Hi7!DWyCfwyiUhr3R38C$2!W#3Ik+gU4T4(WzKq!Z6OL<EDT
z>@|QTvT0EC`cr{UEp`)d{^V%Uum@p;z1wJ0Q8ZcSsnO($az$v&RtW+s6rroUNq%QY
zq$HQbaGi`e{~DI7_24!ihGu<O`ZG*SLl!n1((O8Mp?{$}Ds!(j18cSAtvf_%P8xBB
z1{PRi{{<3@HdKR>I?<Zuf48Ct!lN}1Ob14CGS7|KnZo-{)3mphVx4eBD#KrES;aj+
z856}Wm52EON<=}k51|PDvoL!%e0_3%0Q2fal+&%(o}y#V7EgNj*4kaKJZ#=^-?g!m
z1&ZPb`i=8NJJtN-Ao02x4syGn$Gd+FscOVSiv2PDzO(ulb1=w-y-NV{3P&2AHU6g<
z>uV4}?+3cn5!nb=zYG1MqaXei6<dxuRK6a>dp5h@^wBR$w$&4kwy>isev|UHX`v!)
zNJAct@bNO{eM#1BXN-ti?S`)NY~P65*W<Vz3Ak(tIHSR7`+X=#I~=2k`w93Lqo&x6
zH@xR$o3-NxQnJu6in)@u#8OYp6Na91?zQ#X=tn#v<&azbu-go%z8^dKpIU@qwzU#7
z<;xj`M3MNVf^X!QF}a^`u~jv74*4J_PB+y`&f%88=X(*t89{-(ug4reIva5b8ao(e
z6L0eMv@xioQTKJKCz<(ycIFs4@#=d#7)dhHuJlGG?rjudmky4Nu~8kt$t20pbHT3z
zxp)hm!FoS?><?LEe`310&H3wVwfF&X+P_Iw&x=5c@5}=T1{^gqtzinDe%{D<*4Z5{
zklc6+s@-P}ex0M-VG{bUbU#>~0u1vYe%?_g?*<9PJi@TUY}z<Yy@0aQV1!<}e~Ib>
zzi~=8FJ69<ZLMEDg4^W7I6~d5xolwL`QynprO{Mj5`s~KF~bHirEvz6<C4pe0!A&k
zujvpbK$zL^Ldamc1wQ0yz3D+z-;?~4<w6y2j2&|=t6a%ebSSMch>#g-DTD-%i;C%0
zH=5tuK99qOk24HWds6Gvqo>)3IN@haZUuuOb9Pg8@7P}PZ1%K1w`noWS-cRuT2B7y
z5Cy88t4c=RO*XQO^g7FI<|485GiYplp*Lv}^}j_^q!0Ax<^+DkeW{Ys@KjBVdGd-p
z<mdB5`6}+-1Doyg5eo>!$LT<e0@dByq2A{jMQ}#ha4|S}ZJ!3W4K3{dec22$s7aq3
z&q0rZn9!3v=^q{JoONL@ien6M&iIEzV;ni4VCX{4nEqse@S5FIO5vZ5DQaFW5<fvq
z{-fd@`kUA>_W_9^6jHq^Hk8uqZ`sQ!XZZkCw<(d}13p<1Xf}?Hca?Rh0arV_Sp?pM
zi*Dc8EO-#w$6K*<JAydVGl`UGN{kGISXs&}(36~;dyg?%t*_mMy4bgw)bDSoP9dbK
zkwG&PWl+qb2b2Q+?FR-6GVO|$*-%zMD<Vbw7^N1;C<ry3#K#R2JtC5x*wKipJc^}%
z#cp;qk)HYbhC{>;sn^>S29+^o9jO7$?WrH*&T7@{4apa@(q7a}P8p|)hxDrD4<IJ{
zH7r5|pOu(1)g`##ucCwZV;z+>k?l(*Md;f=1~}0#+(U4K&a=DgT<r$FDO)3SE9zra
zk*{T@5Q>L)O5vfe$p>8;mbC05No3yq_F1a+QSEk2p(xc%TMtAZUcIV(<WOZ&$b(P~
z?*QmQXxf3!VopdaOVj$TIw{v=A~TSzs8LYXRc|g}HD-EAh0^*{ltC>ut<&Vhkq3%J
z5=rUt74|atvrzz9;#3A0DIt4;mm&DWq6t!=PUDbc;YS}E(s5p{PPE9n(BG9i`O^jF
z6>l}=H+1<U4b^oj2TQ$!{^xyy(hB)%Rd`uO3026N8e8KoVnF3MhaSTw|A5wgNZShG
zjr!JP;MwmPa@hxe%3td(YpsZVcCsT?jG#@tM{P{juZnGrpA*AlM&Bwsyg0T6G2E)v
z7yLT1bzsP%Lh#fxV%nj>?{!+<f}Ar6uAyfus;PG9ReBo6Sp@kf24Ex)^_(ljqM)xD
z*>&G;VTo@uWi?dG=fj?dWf-O<NnAXckFE}rri39W&~G$>CE}F8BPj>|&t#e-1oa=3
z7~9^4RI7Z07kYE^r4GV+WT!;R#*V|FLq)Ffa;+<{N>PsDKQ(RdYc#32v8xAg^eTq{
zH<O9j(;Kdaw{_AD)?icUkbuA{z8rK@0fi%Jf2v<$@;j_iWDHptTC~$Q`mAr_g|y>;
z=QxLTI7qt#&CM*+EIMru;f(pQds(?WQRkXpU@+)JrRqPN>P@oC;+0?&*@8=!&Sr$+
zK%`FJk3Hh2ly&$LgXRUk-k+2hZvjbM7aT*k2H7@)nTFVfyp97urrKQ#i=34N6@=1L
z#ELNCiD<Sq$FJSE=><hK9`Gg4zlklrr|x_p8smo-%Obcl8@Dr4^H+eyq^g<@;zk(C
z+%OB!VixiJXYnouQ$1LJK+kIbStn+7v1vdp0F86pvuDTKMWECM*97O|O$$K~li#@)
zS%oA|LI07#BYHK34#fZz?Pg-Y0S+&hdG0FMrJx1tIP?Z^|6E#&@j%8taq$05ktw$n
z^T_G)P6GDyf_<NR>7`Z6?|GQ))e&203nwtoUdmxmw1y}VIsYs~ba@)bZDb$vT>H^N
zd$xOfHX<P*j!L2Gn^+?6W|a)m;9$Mu`3sIgE~UzoyU7>*a>X{08W<~Cwq~cGDcVoW
z?0-T1a<f*K9YZ`p-FL{<QdUePWWgFiv=mI!aNk2f7SEM2`xM$phA=U$f@PJ5*)Z44
zhyM=$6fTAnzX|nCh89Qf9(nCT5yl?Tjxh^vTB7`1$ux1}^79Fr0%9AAQk7^oYf5W(
z2PHST_)}d5Cfua$bEVk|k?i?dCnu9oS5g~3CI=^@uITX}otnCIkbA3lWz65Y7ha1C
zZ#^rTdsMM=-P?BxRUMq^@nXtxDpSJ|^wceqsuXgVesLoS{q=F?T*b6EaWTM0hYYK9
z^)met?_CRg47}XArsf_v|NY@yr@WFkaH%pDZk9te)HTRG>xN|({VcACJhkqk#G#_r
zxph<V+)q$d`xr$qKbtvzF5~=9&tWEhO1z_0A}l+jH;NF4)v<lXP*sKL-tbnO;5e+8
z{&u=mmosFQ&mqiyGhostDkYisYJJ{^SCv@&6>WikMT$!zuHaKFK@`u<22sX7#{8?K
zj5{~Ldk&|ACGU7NGsQCfmip@K-;i_z-cGKb?b?=~4&s!VyB#7+n}v>!ws-b6KQ!&3
z>O1df>Im4_aKH(tT=mtax^6M7TG<1U8V;`Mk&ECcRB@55zpZ~kK%mtUK%7(KDhf>@
zQrFRs%DQd2X22C`oRaO(Q*kaVtY;OWQyR4%0M5NR^>gl&TB$=w;hz)0uvPr~#XIEn
zv_KdtbSLr2#EYE(dygZO%Z-X|_X}7yTUOo+-y=o|v~VptnH^jo6wh%sZfBR2Ml*_b
zn4A4y04YG$zaXYFL<i^Ycsv%e(^7aky(;KgF<CdtV;6WgsZ^L?A8!?Cj?3tC@0V*n
z9(^I&S`P}f-Z2GJMj@jd*iEs7Of1AECuInD$*Sjrv5bI+FAmPr^!!*^t|d7_aO+Dn
zDK-Vqefuk-{0|c%wsh3T8SOBxsg^GkfLuZl^zrF)tDT@8Fu+mjGlr-1vRBh#!6xLX
zi*^f(92^L)Z#6AnMqL=(cruP5(Tcg~(~ab>HL#>q0yJ$@&Ri=Al50TGR!<Sw&|LBs
z8zU5YnKe_br|Ba@Y6R*mci^;ewngXdQs#h5j3q@6;V?~1YA|2rlP?YutwE6=h8iL)
zJ3K71sLjyb{mE&j3>DVFeTo?{FGTQ1M3#xZblbkW#-cLcR1jP~ak@w?T%O;NvDBJd
z2TkA%)l(|G?#q=4+cBuo=?Z@~bAbQ%aI$fE#$oz4tWU|2oJ4LW$8V^|2U<b%xp?Bl
zOk3CwR5}^fAvyFgV;C|Qh#x~E;zp4K@%<0@5?&am($GGt$ZZH}D)|9W;>txhZoVN2
zyzH-hL4^h$3r~b*u|FnIt(D+Fk$uqQz$oiievtrPGG)uQV%K-QT327Ndx^!OvLj1D
z^^dOOq1kCu{!zdnH=A+atEeYCJ;d1dNc>^~0Pn>jSM}AG;4O$0;4%l0Rg4B&`HG=z
zpsp?3W+;KD0~94diRsET&dt&p46~RDOEZ(9W(APWFdxiON4GzG#{F2E_GxD{gy51b
zFmkPwzM@ee1s$q2os=2tjCi$V(W5o|knZIf27wJ>lda9Wq<T{zx>+Y~ko)h`*6c-r
z#t0o;)H-fCz-4CRvHZd9pZc>y(1^$ZXv`tG2H4lVnRf(&K{s>^W5IwLN=_0e>To8a
zh5lp7X9;#Uj*x68c#r_AEC=?((51OT3Eo&h5!FsYGZ$0JAHUpmd~Y}tceaTT724gy
z2y1gbf|h1kf9g&N&}C~LBU+%cKUOw*f(j&3XTqGhMuEAYrHG$<az#>IUjCB5l8Jn0
zy|aJ;JCsNQ>gP-;-)kaXB?rAkEGG!m+N_oZu=I7}h=*M-SYo1fiN}C^Ns#I25j^7m
zhI9#61}_3yQQXgGqO&Pv60o;jDO9Vx>au$hLQ8)^AEhrEDY;Io`F;Vk=MLGYVy8nF
z`4n3z5wG$Nv&WXabRbyiDvBAzS#s^D+K2`3u>jwTuuJ$;)z$u9!0>gPtQq^f@M_I_
z?3D^TAv9>4x#$$OGG85>2}Xw0ul`sNOc?<BfuYWW$UI%CvsHAGN&bqDL))AjRPZ|J
zE65eb$p-z~j8bobi`UyNb+=d>u#mCc6mW5AbNEa<)4P{P6Vtbo{jOcYm|WlD3B>HX
z@_;J^FwrPR)+w}4oVSMZaP#RgvXaVR-u=-+B0r*bE5darWh4VNN!7HfT@8~(VWFz7
zO8&9oh+EEPTXd5d0CS+&+7#;#nKvs;GnrLV{$8lBNjzkhMzhibtZrwIL{CxT9IFLl
zn?7?XNc(#&Tt{WPctUrTQ-PrF7x0q=;5>C+M#+?0i+=t9oy`F?LP@1(lOYgN@aUPT
zyA>r@Fo>dosXzvb`WvHscsGElv!sQ^DFy-><AhT1tA-C#%(pn$(?-yNwNT5Q;WKJM
z-w_lO`yrL_%no3~B#{SmN2kCwK+l2WZHc3TUu}5~-T*qn&XaDPbe^Fn9i|da5S=V^
z!tg3H)$_y_W3XgK9>i$fPXt6T5CW1X4rns6E0T3f6U2r#&3v*jqQMl40SWwFAboRC
zECeU9Scw4V8Y=X%_JofRmL`oi(ZnfvDrym}IU@_SMk3x-@}x(_1PblMu#6^)b*gv;
z3yBIGfd@b!y#t>_7;~IuNUNWI@Ewveg#8=_a`}z2vyRdgt*)#22WTs2PVcT5ieiGd
z5Sk0f6bG?)wr|ggvs8&e$daU>1`<$UVMoEc99z6VUI{qq8D*6eidFzM!{QeYa2<+4
zzSL1c{~BQE0j}Z!1XkxGu=9n=pf>x3+S#&pWICDPM1ZKfho9X&52Y(Nv7da}pX4?U
zU9y&0Dv-`%b8$B&CJm7**HD^SOn;5+f#|ge0AOS-2oQ|p5Ed0kzLVhLpyhZ6_w0z(
zfC=NZRTPwf(A9`h3fLuC6Qe2<1(X({J{bfut>m8IW()*VZv>MK+khujDf^2#?C}xo
zab7w|d^8CL!<nI_+mM1h4&y8)?g80X-(Eo$qCX9u{maRrT}r<wHt*;7!ZtZN+0*wd
z$j%D4uwmPgYT#y24v>!62p{jc7(=6rGe@6L)sz%jAe9Cct)z<JBT!O=-t$6ev8eWa
zsN?J+pV0>%X6WZ*OZg#N^sM$N1xUUCJ}G4qB)mZJzki?SqM4G6`KM8Z%8$22hI<wJ
zT~cGHObok{$xAQtrZBp6jx-1b0_aN~<I;jgqAb41rHrL(DJzBt=t1_trR>QiVP{%R
z4L5g6_(ryhvlL5yXvMsg^YKY)LWGO@=@BiGnOj_hnxH+~7uBMHy5!yYW<_uTH1GeW
zmVV&cjeJ0m>lA|8zs<nQC(?#=;u)era(%W6{9KK0WXyL1$AX1D1cWy9HiFSAECRy*
z0{7bOg`PQ)Oxk2%Sf9W3{HrDn*AF$>FrXl%_5{WHDoGtDaw{XMmOwL?b`hWL#&e5b
zppz53?aG-a*`Jq>Vj*ahsj1i8O0(4i@_{D`1E)AKETH{FtO+zCLUh>#3WT)&P(Ew?
zEGr!835zHs$X8Xa&O8atpD(W`eGOBNUI<QRnMxeQ9+`E2b|DSO7&aEzAotma$6(1U
zO{U59AQ-m?eBh_q4VL-=YGlj`wX591?i+qYWC8q?CXS7G9r2bz1ghqcWdjv7<cBwn
z!BS`Ee1zaPWRUV~;pxH62;=(z%Rg)nwFC1jh8CbPB}WH-N`uK_BfR)==bN59t==sJ
zUm(%KK`<17lAlOeJTnyIWn08`<$0y{Pz=E4CK;e2a6My3BtzDcnGl51K^=jO_b62X
zMMgTAhU|#u_((G&E`E5BU>BBSd|uwZeTyEY%n|K%pP&3GOf?je#lm~sxk?I8f9A?B
zza{XB_u5v|Rg8E6kL2CCuGdUv_dy;&*icnjdQnVpG_x#m?XZISU6}kScwK)rb4-ID
z<vwVsUW6fV$~zepypx)QMIuD|Rb{<AtSqK3)~&Ek<ae50pNKeenVlOO2C3Y%K4S5p
zY@_CYvev>8JVET$gA-t9mcKp<-?S)rVERb(G2z2AUr8B)TApJ26qLIT0Q~s$jeZu1
z2LPSIg9hI4Ju!5o(`Kd;gm3AgZJvn|aiO0J+v?h_Hd9@vn`tSKX@pIP#@Gj0;}iPm
zeD#N}T;ieeeeh|XZ4HEXDqBKNQRqO55T8wQZ5}<-`9eJluR{(1$RLW`!n7Q<cjjl-
z+s!79wVv)`F^YYRET-D(K+{Id-xwyMtJ1%TWSw9X>$(znO~E(JiX?TBHg-6$5dJ2R
zy9ps#$E2WBwpPWnyhT_-Dc=Hoe6@>9veVow3&dDIA!@|p3;@M{_P+>?+B5~$9z6q2
zd!Rtzz+>)>{p3I=9}ZdH5ugCwts1av95)~!1Rv$qzMMT^FBo|7%w<I3zHC$v7t5BG
zL9%gB%$Y`!Vyg`UNXfvAT1fhlSgdyO;7>?cEKo*xR)|8ZHlTfl-5`MiLaPejphP>U
zA{vV!ki{Pk2XpJ)Q`f`A%r?U61gU_dOo28}y9Q=9PVd;L)eM#BVWgr|76y2m!ig3m
zwli}c8TdYHn&n5}k+Ar=EkUP-?dHoMcx*c(5%Y4|iUjENSHWX_JSVdX@NvG?!9T-L
zvV7j!=@X(vEL$a0kSFxhof%BRQwzI!QC-O07_k_f`Jr25m;Wt^bW$0PowCe`TprIW
z=8zyncwCYK0&7-Pj8Z6Sl|X6f3<~2(w3w#K<Mm}MEFdUVg^7W`1dxcV1Xz{xKgeRj
zjv(vd(co9y2e!+Y1y8q;01i&vkAr2xap^5CI*Zy^BN?s>eT^}rFkBF<Ef)oGT=WgR
zZa`{WWEu;yZJXjxZh`^l%;HPjKi7{iYA(Cuk9UD<<RJTm7}qZFlx1ecp-+-s*D_QE
z;OIhKQGjR*o6%2HP^b>rq1=bDECTu7ek2DLP$Y~5z{)XVfDjaD%-q`&z^hO-)%nX>
zqXG;v7-*=U9u%a?;C{7x+xaXBC~wGQX8+Xi07^CwB?(uk^kfjjB83-K$I$=vsy378
zLK6<b4NJ$-Plz`l5P)n^wv%`<3%42ATOL}mqhL3ScwdUW_#E%ls*00sW?KI5@Ofzs
zZLfztw4rQ68V`g)aogt+PSexhH;J`bV=jc+jVKLC0(`9%%R;9(i0Y~3SW7Fqxp<KT
z0f_TfI|)G0##|~;8@kedeNX{BgLbMN%k`}hk>hV449R22K{H~Z#&~#%4B!F=Si?u|
zUr670duU{57H8^;X>q1KTzRfTfnJ+20fwKzQpg1yMilq3#LY`&m5!CgP$&*jl2Y%0
z1_s;+Y8(7dSF!!aZXhgdh&3Bnn-kcY^aL8BRZ=j1btKlt#Lro)4EL+1J<;4WuV0sC
zw-@-GZ1g8=>FTb*Dk!J=zy{an6b~6<?G7ZefB{`+33lXq6-)JIf7el&14UZPO$HLd
z@@%Fki+Ox@;}O8I9Fl?eY>Q9n-Iqi}`%)hqTzbPMFsw=oaS}J8;?8Cb3eRqW#-W46
z1Z`}JW}2j|S!tOivVjw|FE>XIgVC*!pkbs&;+mdOG4$h{rl8nEX35|s2=SsT4??SC
zFGyj2zyaLMwlD;e!fnII4BZ6-qJc1#kQ$f`!e+yz>A9ugV5F(=g2zXWrp9bVU17qA
zWpmNNBcs$P>xd`^*1Sz_Y&!$R)V+yd2nkSBw$5kcXocw}x~3wPK>0V-X;b0M1K6H(
zM?P?F!8>UHjqyhYDrOoSZE<3Yqp`GV0UNPMp=)A^s&@*$mfa|})$v);9@3*CG2gDY
zNGl%7(FiVnMHdaI7X}-B(8O9EiIyST9B+3h<H3{T!Q4kim+r$)ku`Edr=VYA8Z(Jm
z6I?dzX4D|ruy_iDIe~+ign93qp_cT*xGz~8z)fw365?mNT*)zu%;}Nihum!!a(x2;
zJeW1V#vx&dpnOc|hG&>a)c-eMd>ocO36z0TAfQ4a9M1RP9Idjo)L?5t6Fqk)0d??;
zwsa0gK)!Xft_PeC2JQ`lRFt%vINcwJvyXqkLJJUxQ{72~%*0v<w0t2@CY)0xE0D-}
z+uHSum6~LDYTOo?5HQM0TK69@KoCO+?VSXq0~2A$h3;E~oFo)^k+}PwdVTCGVfNlF
zA}~8c1+Lc|Jc6l|t#Lo{9~--V76wXq!<8KDgdS>S2sWJ}!*m2ZNMl-|TNA>6_QQ~d
z@i?jZV>O{A+8C1w$rmm!={_!}!w#2Q3l4z~e^=2VSWh}-@CpeiD8l2}&+6tv43fsL
z_70AY490m#_8<nRq4_LFC@PxRJL;^tMxOSRvv)KXeo~-q&BQOFIg1lB)%B5(-F6Zv
z4F8TeqGO+9yQU99Q6(F68-6GzP+<gS9yBp~9i~~*&ykraf45O4Lm6TvESBDP<;xf`
z+(|iGW*~Ee3D-Yhwhk<Q4eN!j%Y?wb3V^;7yue?9{&J+dPgog+1T-T8cwh=(<r%bD
z2gI}Dx5&JLDHpjEBbJ{ow71Z3x+gQOq8}Z?sV@pbE)D=-q75R$??w|8zvxF_p$ju_
zy$773FBAQW*fV?iI>a<P(TeQ&QA{tn@bg506uuz*Jf{Qu^LG_b789NEjlo)Axy)RK
z?~Ex-i4K*So*1!bP-B`i$PIY_P9f~BHj{Gr#oS}Z1p-awXB2<+Kb3~A%t((G9?Wxb
ziDZ=Vw-^!Q6aqqImL{_F)-{|a3V?~C*j%Y|=>=#6itvlq>g~j7d=SMECO`p<Z~>iQ
zPB((%$OAGGhhD;5L>3Ztgpex|<3L8N5M!1~Yp@{2L;I8u>Z7h=U-?{#zwqv-^<)Pm
zrELw!M?9Ay8w&^CidWHA@Dou+AfK~52xNWkfc_*w(j|r`QJ#^z{g5*h%JV#t-=ozs
zb{${gXMT*r-|dDVVCKc9+E+7Ospp>rADaEilpE4WCi^)e6Ptl!7>WLn&7ztQHn#EL
zJlc-}rq7?D9f{0MqM{M9%PJ!sjfYoagN|H)D+Jgrg4Avy9hK(>fI3c7U_TT`YZ$@O
z<iXzo!Nh=ud`#ivfMxLyiVf7hRbW~KiVkG~mOo1E5Bk}Ooe4dME33tkL(kSFzBTiG
zU@!BsECqKSXe*RYkiG?#F`5g>aEM+lVqQ)!UhGgPnP}5;Igsccs$BYNwht%GjD-z_
zyGu*7=RT@1U&<igW(b~UwSB@e9Tzl6VJ!s&lmXOZdGO+snrigPdsN_^(Pne#Hu_)@
zYAM8WhQdF*isG75?zTzptCWUwu*`x@z62X_?8OVq4h$GnRwr??d<#VcQizFEFAeZg
z>tzs$<O-R%%0UL6@seE<Y0Y67P#e|ox5Q~2G$eBSrr97vF=?NHNCMuS`tO)2AvE0=
zY9~9+i~wb!OS2CU27(0s{Rc4*9?zya1%@glFmPLv-yq;L1xlU0q7|J(zM(Z#AmtSx
zqEq+~JsRn2p5{Lo^ylK8#|5iR^3Ejm=b=&>K+Zs%&zf2(R-O-E*fJ1>1SlF*yO8An
zE&aoCaX&Pk)h8p@>>QIruI&Da&I2%OW;tdn)QZOeuX|8Tj#Gqlk%b^lb3Ee$xRqXo
z!Iq08^1~#a_60#t7183(e;4g_5Fj1AeuCQ+;L|{;{C?W~TrA_<8qKkZ&Zqq3C1Co!
zWa;}cicw}h7-WRK^t|3H3vcfwvF>ColviM>z_A3j5`4EM5(#PnUpV(oG*_sYaU}YH
z*Ij9D^@LM~hQB-Q5eALa-w`v!DagW3vn|5-Oaq7sgB+0(+zm+Wj$O%BVU2TanuEBK
zmmSc5jbk;&23z>^c<P0S5Sx7VGVB8aMM}v4-6?Ne2jZmb$q<yD>WN5KDwb|>7IEZ1
zg{Y1tnYVD>>a0jJpzY>`L?R3VvDqsb$hL64)m^vSZ(nd5{$SH06i`p#$h~lm023?A
z@GKK#4-gCyN7Rj?W?S%^Kn*6wZeO-u5eYZ96!8C<K^yV|ZuR`fY+|@L4v0lYJO~ac
z{vZ^X5Ogc4j~}zyp$32&ui-H8D#OW@qL{ooI#wZ^7=tV@+rcwiPF#ix`&vFYtk^kD
zbP&{@IEKkcm-sWg4K)8bfD8qIK}n_PwG(VrG@{b93xA}goh8tzZ#WoWjZr5p1LDn}
z5f&#CCrRN)%Je4L;$r9sGygLc`9VRu+2nZ0afE?iH%6xxZTrO~J`z$|<x+aEz!I1T
z7m5JmG)txs{(uUghZ+E6l&L-F+OHUFX=;>Dc4XC+of2_@=9jD<@(=HjpF4G|&W!NA
zFdr|IEfI?k<+;Mqp)>~T8LMF5hp45kfm`y0x}unjQkwRD(!{gTlw6r0NaI6(dA$h8
z3-%x*3MhHF5T~_W4r#jDFwo{%(&l6_s5-Pzs6&K^%~zT>Fvl98gNRzbaf#0JRKMuR
zRO2;`3WuR2FB4P*q}*CMUMCLlDKgC%>X~Q`6c<lSzK3Mt)fkI`|1{+04W`Z869tAv
ziNh$a*xhm~2FoBPPMu}oP>(!`V(U_{1^hWiq)mb*ktzS~dVn^GN2Vo6xl29CeVDkx
zc1d%ax;AX(KWH2`%oh?Q+joPIRkTxti$dKefs_)(2rL`zWs{wm(rlm{UB|egDE7>x
z*xxjfk=^0oZXLVmG15O_u4`(0n_mT^=!<n)@qyYNnmXjxZQ^#zv0g^O0?eL*^=ijT
z*$A8aR!3y4ajk&M{DI0CjuEJ6YR=~NxNg7Kt0dB6SehN((Lg}Z*Na~35>c{Zr6Eo}
zgc(X*aV{8-Nk~HQcT%-EMHj~4pww#F*Gwl4%_>>MrkE%2Yrf{AD|YWarQ4n&7`Nqx
zY*Hyy7C%2fkfBaWCO)Fh<a4OKjroYoPI9SdP^7|93d2$Eg%yHGxCztY#ncrgFk6st
zQ_PW10kB+%gG@NuIjv$V>({p8KzEyoUowyKfzL5QhCo7SJ_U~w?m>9RHu1cym}F<r
z(96cW<c7@w#|24D8Vw|{%MvgqVR9f8w9Y5QiX~Tr%MVF%xR?wRQx6_1TKUka`p2Rn
zaxQqYGPXQOUJ$on^94_<0shb)HbV<#Rw2e1TR8-p=pz;@%2CK*t+I=WFoTFbJRT?R
ztw=%{fc+4ivQ9}?-X2S43$+Zd_ujIPS`06P-b>S^A-^_^97zATT>c6)zhU3s!Q$R8
zuRgHX$E|?V>ie_dz)9cg{{vWi_)`u$Iaj1!4RXWq^8MjBL`I}x7_L~F_<{!QA5@dt
z(vX78F48hR`?G`INEnb$7;}|G_zeJbj`r%B(HOi);|Fqj@Pg=0mVKv))pqfJtztO_
z_ym|dm^^M_N8HjJ8R1OfPvo9i*$)>eLx3@?$2!O3atwI~r^sv7aU37L6J`2^kP$=@
zEGl($jLeyJjXWS=`T)Azea;1?GF@}>5hRq6AtX19oJ2~QQpr%j6N27+iUlL9F3$>8
z=^LW1|I#L*mBPToM~SnJavDPFyg&|MXLE)bV^Y|g8zMQKm7Tkl-wMn`_sfv715$}{
z`3LoLrnW8u;lWsC7^qe*|Fb`gn#zu=RER5-aPJhDtQ{lsNj}Eg+4XDOY+=c^p$-Vh
zO8u2f$6)gXL2c0(T?1>Mp&_jDvIxLn%Av2}9ko(sxhg+J<l;C%7uA(F`GbQ)$s;g~
zfDqyBXdSzW_|IhOqhjm5<mNaT1h00LaiT_pgOS$K0r<b9xm_T~9+@=XvL?h(1)Rw@
zaksn}i#n&rzyWMYl)gW700?8f#ZUF!;}T8fzW`KAuZZi$VA_4$V>2OcDDP}Z7SHXv
z&(>J1SEkC89x9;Vw1xjv3K}qBE*oh)x0?}gZUdn*!vx_B%1l+-^lJrAR0X&;Bb88~
z8xhB@u<7X9feO`|EW5K#`n9wf5IH;Ke02tgdFg*fM8~Ixx~f>ro)v{K=`zeyQPC`F
zko~P8jSrysI|(BWoAIqL?X+phB%v2^P^D2tw0g`d3f&<*@|NnsZW&`0?-c~#i^G=v
zT?PdKC8g!>m8et74C`U?@?DwH0Yx&(pJ+#D$CPT&imriKbZIi(IoTjiQRK<>$Z&50
z(rap@aa@(FeewAQgEha@Q;v?ap(&RlO0tQiGhKs*92_tSP0xY=u;BF~_8Zr=z-E2L
z2=pncgHi-~n%#G3463R0r;N?G*GfZy7tDd0N5WuhBU~yxFQhjqI`t|Y%aUiLVC^*`
zEO(I)Ruosq09$<#uDe7L5+!)ha2b^YjbTuUDs=eYQ-wxV1wl`#isT2%eL2sCo+>cD
zfgQ1c0IAazC`oZd7YrUXcXjfH_p*5hV<+_FA^)@)A1L2As2b9r1na;edF=RnRMt_b
z5-i@`c$rBj#a&CpNGD=2lhwqnh+Huf2d#gRaOP9+x0v&|Ht!pNT7bM(<?2`&KZd}k
z)*2{WtdJHe1c`a{5GE`j3<_kOsqN*`&F$>LtdR@~)YsPu)WVApfDkoKFl~;$@)m9A
zm`^UH9Plb_+%JY_<n>N0`l|5SZw=AUoa9Suj(YW|If2ojNfy@0@}$z3-yM^QXpM@X
zP$rC4uoJ;nTO8)!01?X86;=Mq$h46$4I7xdlUA_dfG4uUYgM!hv+FNBqu`B8dYvkS
z@z_)%@YP<dNd;!GJd{?<OLQ2iBro*)q|CN`1h)Q#^|FC5C1_oP$1sn)LJx7MhA#9X
zG5wDZLhL?uFo%}`=X~W;s+p5QH~9%C2HTP>WvpJXdpOxjtuhd39)`<1azWdNuTZ%`
zn~(IbjM*7v&)#3LU?>?WSLg18ly);AU)#KrbR(h$iR_-pXgABFf50z7y6?ib>xPuk
zG9ZUC`!dZYmt_i3heJjput>drUbY4UIJMUs@?d|=Tm#zJm{X&aaF7ICd2mPaG}j;$
z5wNdo@lbH?Toc%fLV)RFft+$Moz>*!1Y#8yqcYqTg^f^#XJ+hQW3g;0%+z!mx0V^@
z^$+n)NRJ&qiUX2AAa_W)1y5h2=vbg)aZ$Av(SD_~5I_w0Ny4o(QZ1w8<?>^IH9@P4
zFyawYLbJ7kDahg%F&zy|l!5@kF{nq)GF1uYebk|sq+G5c065?8U7?{Qv&n&1@<5O$
z_{j}%waYJJp<%pujAnUAJ9r2s>(TfGwIt!v;8Yn<w!*qh?9}IsH4fNWAuI*$6|#1F
zro?IsHS`mZM!>hXj&$HY61**nwQCc?fK77ZYJeZv5j;ee^GEI^xi10FDpkG|-U9=p
zMDFbcXb&nBlrCyLbeBu274yTgh|&}j7M8%afNBiGiCZ~ZmQ^F<Ej3Bdn8|A*qCpBm
zsd*mgB>$_+#0@(n2>LoqvH>BSMfDHlUse4Q4pD#oRd1@hlat}_yMga4Vic$th7!TB
zq$nkB(L{Sy^Or&R8m8W!Q*vAx)iX0DN+TFTA*<*E0{Xn^Nk-_DWEWiS6Qqx{*sg*i
z5a{eN)vR}gbjBMl(RU(dE?c}&W~Pb<gFh75h{mw}g*HX=>_})3W9(GYt<3<o<@pv5
z9eU&?)l?ZhWhX9PW8Z>2P*Fs3I0+FYhwp@*V8D_aS(d(|;wex?mM>-{IEmOkh_tcT
zk2FA2VGZLU*SvHhj!5B0d9%e`yZ}@<@Nnw`nAkHiO0*FJ#couZFSRsJPE;e21Vu8}
z`!1yD;27(`qJW);p(HMWNFT>cJ7s@ME?Ra*v-|WYcpuGffgB$pF#r_)2`3KWC23<e
z;+jZEjNm9Ra|R7-(p(|VwYc8K2L;6qvoMjUl|%?oTN=1qwGknIWg2NMO-Z;q(yh$j
z0GH=W5KxD)rzMG|hXZeN^_B<%&RdW}ulUI(>PD*Rn<$0G?^gU40gfzNW9%^nj1{7t
zY5&Wtss_wb;^#>CqIqK-sfJ3aX3mw3Sc>wS?juJ>Y;V^z^niO{C-Yco$i6#6fUKhO
z2-79ZEpF`Xjm<4M{gGtDXToenI)|<G33h|i-k0g!kp+0@HUpe`m~~NCy}IZqg*#^`
zH4B?!d$f15Z}#YkA}J%=7g$|j>d^ORQl&H-Pz|T65uwU250}bS=W0l~H+AcWgbIIo
zW?UBK21Jz=WG|YI<{)N|M=6;ktn{;rG5ktc+EzI^Y3`kV<J3?Uz1^uH;je!(Jm9by
zjd=KmEZfGti}Ijd@&r+;KFbG?Ru9NYe(~z@GFsi0A#T0P+%nbE!5F44pDw7!;*@-2
zphiL=VTh+hQr~PLD2~w&e9kElU&NpN#E}IjHXv6c^Rj_nc8iMx#FN(2<aj`MXiFe-
zY%#^LLsQn!KA7NIN|8UC16U`xKUy&ZqFUx30%p>>8FKnjSp}+u#HGm(MVG$RE{~MS
zaf~>=%#Q}T_Mbu$t^Gl?L=+IrhmwSxQ3*_}Odyz~%&Da6QW8DeXL-LpTp$zz-Z`cW
zWlLSPfUc&AX2ZH9PF7$bAiT<e18*FlQ{zJ4h*CX#Ey5T&pw34IS<9e1F8Sx(04q6}
zdJDDgB=t-ugnFg$M|`anGx#7UGCBLkO!Y#T6k`(N2c%S48a}0TJP|p7ZoudSXSaNK
zq4DT?D_6VAJRG4lbGBfnu1^|~3S5X%Nwz3FhL70rwhcZir}meF%*<9$Toew<?^^Et
z`^c`oWk4epm9Udfk{0Wl#0R#Tc1IK41FNS@T&@MfCV+x*;v*f34xm_$%@@j57Jej-
zdWm894S=7zQnMhmNFW-)Q!#wgavPRN<QPXzwB9!b-<{J{#IX`#<P)_%_yIkrj%Zv#
zoQZ4-GVTW-pdW5=31IRZXuE{l`iH35b+=QoSYHfso`ItS+_5GmG9}20rrk~gb+c3S
zqY?=VCUfJ?<&qNrkjX`h?Q=-vS%JGcv|q){T`d*~kLYF%c@b6Xx<C=2YZAU*y`&8v
zj)96Q$#s6L>O|*dD0Lw~Ks1-V{7wdVULnaH1&9iv876_)Yj`XdgE)U#>`WGGs?Qd_
zO3}yiOqxgyqM>nZNWbbO;&XV^(g=58Gf5jFq&L37h~OV=3sDnB!01rxE;R6pP--f&
za3AAi0=dF$yxBM`RppiV)?O;jU?+`q5g(6Cs}u}L4RA9t>q;$XNw5_W@A0S#MTUBV
zz32=@v+0f9cz?r&j4|29!0wX4XEpiz2E<6J1%t$iG%8^@86|)WZ`pF6@^u$b7}SmN
z;7U__f$w0kr*qPts5XgBe~lmEktA#zCEITH%h*DnkODyz+i;D85ur3s1`xa|y>pKc
ztEYJCyuQ3BS>U9~^Z|z3r!igIAxNT)Gf5D93gBZ%QYA8zgYZ*t|DrH{jZ+(o1NBJ^
z#UV;}U%NR*>zE=N2?;jD1XM@esshO!KG7d8>n?pQSU6iFu46NxRaA+&ldb?ykDsjo
zfUMI-D}!Z)U7sTxc#!%@M8^r(F8mcdDU?z$_)~ceBX~q$EZf&f0G2QPgn6wt#)94{
z69z}gg<nqla8G7rOI51SN=idaqY4u~s8VxJ=>WCrq5oP1u)SUA#$)#^<%gSG%sjJ(
zo+wNuT0)aUG$cw`fq+k#l^R<81fG-x0mPH|L+MUOo)a6daig?|RnqJ;E!|cWq@g?{
z#Wef4)7^mcn~n4V@!_raE-Kxxyq%sl_W|+D8~X@IaiA74K6E0p9w9xJ4mO1U4#|Ab
z{=Awl7-(=tNT3rUrRzQ%DuFK{cPZkdKpLvYLuDGiNHbKSCh{1O1;wfT^S_Q?kOzU#
zE<h`i;Q;lb4B!wR6WZCVwKeNt2>eAvcp2@jWDa;y1-y|2VI%NB&k!h4dxc|^G?XOM
z>BDc`(T0i)-Jvv#c{oax!^#P3T_@rG6JD4SFXHxrc*oR1{~~6t5N;tBv0EV3fgIdc
zxY^iQ1(1lPkjGJ!#8IhWpgLmRgY`yClndz5POQrgTN-d=%6~=21GY5r_ePlXzC(t%
z`DAGp1<0NGvFNLfyoQ56KaK1k#RQ{AM2&uTfpX+<^nijXPUw(ENz?MfLzQ#rtg@9L
zfF_Im6Pw${yaz1thK(KwrupuBwZfU2*{u*+aTMqUVrO$p1LY5=;`0>ossUZXbpyrp
zr2qdrW1eYx%FJ`o*K-Q!hNI8S*tGfL)PNk~GMVAEX-B<)LPR-$%~RGr77*&Va7bhb
z=Cu){LleCZ0&2#@t<mx*zOG2tD_c#~1MhkPTrhzc_@QQMv1q(t*HWpo8XRb+6fvUF
z+ssw*mj8dp1QSp43oTH!2vrVgxbg+4z?<0CN=LjQ9K#c<T1TP10izg!K_b+#62*ro
zQa*&T#nXzPN!hZ#fZhDFSdWf8U+qHqZ|c*%SH+ftn3*QbKu`i_hqSKe25~?b<){_e
zOI*eB9IL-NG3W7kk`s^MSdgc|Cb?>Qwr&~u!SEZz3>MzAn5!wR0X-zte^!k8e*JW9
zf)r+EZ{<IIc&3EG=t58*3e3VacHCJmCWC9%sc?)uL=_}&1o4sSlY>n4#4%eS?yk-D
zFCa?Ws(0hzH@Bx(YgaV~8}pzrD5RV4;Jyz}bSw*`u;@bvub1)?bGig*o&k&~;U(Gt
z(`vzkE|>LYuBKL_w3GH6*7Uj-Z}VRe-0+uX)Q~pkSm&2OOq|UVZI3zE$89v@K(wfm
zM%L8n5B<$hi<J#126;Au(Tlm8Lf7zu$~S#&jsyYvm~!8wp2l(tz73sl_*wIY<X?-P
z%I``zhMHQcJQ+&w6&JhU1)t9vTH0|4rF0bbK*OPdd5O|*F#*Ymf__8W#({Jk(%0~{
zG$=2bMb%PYp|-d~&ou|{u3loqwto83q{}=Jb`hCGUOO%zQwZXf9!s}v*;`<NK7rIy
z0tBOBHXC;@a_ykALIe<WSkqP{TAKKL+_7O0=QV)>XW4<jNN@YfcforfBWp4K6`Hh8
zX0p3aO<ZRBiZiGO@}vDp>-<1sU3#aB92MF{Mra(XXD1T=0~h=X^M8&I**G^?^pq6j
zQOGlB9IovHX>N~t@kC!I*DhmSg$c49#8Wl@4bgk#*TAGe#}ye%vG}#7;f{6(@5}|t
zD@XA^c`{X*2oerV1M&<BDA=>SW-t~B(GF272JwKZpi_9kN~0GAiJ-Ue&$b~Krlc|W
z7Q$t<v8@y*ie(yQ8iuqT>+K+$5+yiP#7rbiGzDU(8}rbCdYa4>9MXQlT_!`kdo>O^
zeSbh9-BnE?rkb|;ScaL?`nbIeNB|ju>~jZ%t%=&~{n25jvf;T%soc{p=CYl4M-(z5
z0~XcSmap=Q9D2sQLx3&d)Lff1txYuQ-EH<b?#>dbwq!u#(D&^>1gkgQ#r9_l6=^57
z@F6Fp5GOHI6>CrXQn04kMLTGSX1ezig<*`?*aU~)a-n~u>Z|rB655l6qj?{#8igSN
z_zsi?aak5wIZUHUVj<KhY~kV|s1%SGc+%2f0S*Ek0SKu4NG1gaoGjyrEOz%8OP9l3
zgCEX!^@d;~#hlpDS=@>t1a%C#tY%(bT$L0P2)16K!Bw=>bKM2|F1T9`H(cVz!NL?H
ztQypc+@uQ4%Pvr1XwWcl=_Udq;o)W<a3(DqaE~MtXr3E9Ypjv)o}TaoR50O6)9LRC
zZs(M+u1FgBuUv<R7MRk9T4<{19PcQZK>umeO*D6r$f|KE`=2yIKR^-zlg30m80hMf
z9pk|y0;{+SknnHu;3c5pe;DyiiynF$9SD+>9S6*#kV4*=wLKGu0+qB92R_F&E4V6c
zebCA+q}inmI0UU9!1a4J0TQXq%*HfneJy=Cj{|ksO;9`AIg~tz+`vCWLU$g}HAp~d
zR70i(V`aFRb(k^@!vIfx#-V~sM3SrRK{zS~+tvTgOZk-k1jET9DOK7PSYoQ<(E0~=
zX8_`oSU#XZPo_*7=7|1n4yt`??Z;$EX7yOW13(--j^4p7uDzELm<52Bi#14tL=H%b
zjx`4wogw9Lqs>Pd0?1iUScMq7^;<}xPzB)7lPaaDavC7NXx=S*4#WyEzFb?uU@bIT
z*T;P<00;`=L|mtM)%2nN0&jSLv5S`q0z>Plkkl$wL#Ut<40mY?9G7y=1H>f_{MrZk
z6>|^x+)xN$mVa<~(jdM13t_*51L^Gz#2bRTYIm8U;=ky^8x2YDa-nUb6DFZgAPA2`
zIb6{g(W~$SPl=%vz1;eYj0VlYv(#W72iProq~e}yC?$Q5>zpY?T_~ELaGbcU0E)mf
z$lGn9g)AZm8ePDW;^@`u@#7&+Ah=rH?m`-B%_!L?NX90Touzp0zA=#}*Z>0<1$JKt
zzKh{~IOYn81ppLk)dMd`%zVmEkhBjXy5mSt$c)1D+%*=0hIF?J$>aeQS#fK8>nm?}
zw<G+G$T+2Hso_oEBM@T<Eee4dN{Z`(|9PDYASp<Z6~7=7oI%T4sL(_RW%iDqfSlM+
zIpZ^waYAjkAM%(Cqr&c%DSn1F^>K7ryqR?^=cj`byYQFIfgKMLEN>;f)u6OTLO91l
zVySfy?{K5R+`b<UN2^VuzstIO2AK;8P)r@Br(u7R1jX9GMJME%$`)?=M*)!YVJzFe
zeeYYK#14CM#(K*Lm5-f;G=nVB9ZSt|;n{0NrHu!ttDq*eCgjNq1k@zUTpOO(tuzGF
z-AD|SONeqyrjo*$Nuw%qa9Liop(>Ve+l1#*J`EaOh;1iQh?M^fm;zR1$0?A^ETwe^
zFwxa|$V%*>?%ZS2#0=o%|04BV6PV&O?C}<g&1k1-8Y8IZt?Lpg%zXYK1-asD0pOUZ
z+pbVU!@y=WS?(;ZysXM;ez2nn=lzs{BKH233=G0VD?_8q7DorERCGC+hMT|{0U=^k
zX#y~)vk-I;WPTns%i<{tQ|w=}H!>*!CuMb<T|jnn%w{tlROLtow+@tKoZD61TapaS
z9;PMTM%xNw?Ktm9neC`9M*6`UZCCfGK2d9MD`5(M5kzu+CQ8m%Lu3xV$Ag^AlK@~5
zw`t^t2-%?lqt_}}#6r0rB=MtxwzMG+F4gyp9uq8?$n5M|N*q*-j?iQ|77!)c{t4&p
zi%<+02DN1yBMr~%Pbk)GBLybpYmZ<nDhHUHIo=5<$N}eg6=^TPZyd2nNX^Rw%#(b?
zuFejVN{{3>=n`I%N2KGJsVTe^wql|?Wly+ugnY@1w2x3$Q)VQG)t!M&6k%VOzuruf
zAmSnqCvRoS-E}P!j*-5wm+EtLq6|?SGm2ZJTL#}JtUQ9vz!nX-;SOj3v(#U6P}%SN
z=2;~~f;Y1L)8I=th42j#!5?Z#d?NT9Hb)8193>GD7KT2Bw&S?blgqM?iH!xwG<!ld
z-0UugkBQmGl8sF$*yX|=Wwnk6?)BA#G?E!0=Y~LI2zgB-m~W~0%~i%u6*-P$b7&wG
z*b3<)Mz8ETstn+TEJVEVyMc~AsFH?OtP=)n(luQI)&T3u3hh|%=4gyCdq~6u$o<~Q
zwA#M|S21x1xbeMAQECvbH0h-TqAg(|p~Ar_-#30QWhV)be#*xo#vD}Cc-ngtE(>Sy
zqYrSP5ioAxxUgXHR!|ZX{FdsYn&uG5?CxI7m`rY(`iLvdCa{4}`OX^2J&N+J{y#7r
z41m|_wak6xa>Msd5-J~A-rSU5eogtkSo=6+@OuH`96qBr(|bU~^Hh@_!p*5Nb6nT7
z5S-IrIWqrOFRQZ9Qb&4NDrY++J{~QMl;vk_rV~5?4=B&sdSodr4YQYZxW*P>+b><&
zd0=7_O$rP|_cQLHi6AUc!ld`2JLS+xcUZVJW-bAZo2uA0f~<*?PkUvbsVGUSX-0UE
zNB;r9oR1fQSX+Z{iPwv($N;cL5dk2VcHBX#QXsvZktiXq32xf@SB{-+>Y|?X)b2R6
zt%<rvB&R^-6H`wcR&rOZyQ`RT2%lI8sgseQi208zdE2CATIgs4BQl3y5Us(7bonBe
zp`+qEce3nh=?jj-2Ei&}pwn1)5K>H_XIx^>kRjKSw+6HbM|weua!@2m$<0ab*I0$6
z{J02#G#oO1hR`FsLYMRK>YD$JaV&m4XeochIT(JF$L5H1UH)_c!15ZdBG?Ea(qY1?
zOOhHtM)zJ${;M>HeGmvbNkVFbvr8aSQq}d7>iVAl%jC*^^4mR0MA2h;b^`#8P56^R
z856p5A(ToXE-T_bfbBd-AU*WBD8lIswtBK4b>NL6I*<=&{e>)6m%Bt06XUjU3aK2h
znoKHr#tM@1(XjL(R2fXl7nAVr7M&u%$@t0N;Y^+Eg@h2*aq&``h0%dX5ic#d&}IVE
zHn_C<j+zzL=;_g>HZ<?W%cPE(UAgHigi7|CYeM#)ySJ`&SZah|#B|fW1~Y4_?SPHH
z&*>B^A6@`+n`o2J4hs1t5thSM=GxJ0|H6@TKyL@C3rgEoJ5U60b}z#`T!f$xHE1(f
zxN)YDygtR4zjJ2ZzNUuH*h>jXn@%$6*+9*UwY6$g+h*>xkbqJ(Fm*5y`~4(Rh`}{b
zl`<0g7_5G!MDSQbo7!_{lz-qQ2Lez)61Hu9*|l<yli&oWD=@}Q%&=uo;MWN6XznDu
z^Uhn7>YnFlPQygP3Wow5onO5&&z0Z-QQ!Bzi9#h3X_X&4*oKyTXu!<5UGEqv$6lP9
zodEy_=!nLdWK2UnyDl)dIunYft>*M-Hm01R81m`OL12+hS5N~*qI5BriHAQ$;j(7M
zc@}tusKcq}`AbKE2o-WrVDo`rzn)2sP>`THvCXu{+cjG?M8qbQ%L06sK4s5hM0*IT
z0rTQHwAu(p;9zX(F7$FNMvD*pK);kC8L{Bl@vW0!EOmy^iv7e99-+aDJ%A5eF}u_7
zS0UB7^>a^ZjrMM1m6pI@0F#z>8N>B#?Ni>kj?iSms`oDEDRVG|jDxEo&<y)!AHoC3
zNTvgayvYEUUPu@S60uw2Ke-IQ^|=1}S1oK{H@-UIOI5x?ad*PjT<#YuOD>7MH36ZF
zULcNr+Sy2u1Yj1X0YF(T=N5e*?95@y6Y%K3Y=YO_!KSNzu@g&WSU(!OXWQYp@q3?$
z+kj~F2up25HYAXyNQq@46bQ+j^KQ(;M^^PBYj4C#s$P8%Vio`dof*;e%tjbg7jqN^
zK_uydjuZQ!in!jCs@n9CsohG%`$JNIcuoL}V~u<jSOd~2OBnWh69V~m?FLDaQXa5E
z^B!pc;m>T7A|r7TDROId*f6lQ{PNB7eKQXs0-KrWv2N#EwWF3-@D5I9CvSu>-NATk
z>htu2KR(40vJymyQ^3QH!S<g0t`h>pwAQ%<^bjI&y8Q=q{{}{KgO>zUxr;0k@bNmw
zK0{JS1A2TsFZ41jX#iM`j!$|ZK=($e74cpvN*KB1HtJss{Pa0R6!4)Z9s@H<3yu-1
z56J>c<YN9ukH_APNJc$w*Iri=*AX`D2yVFyS|aRh5`cfW`$|yQ0gz!e3&EW?QRER_
z3n@n>8fz~*UCPD<{6K~Y0Y~|TY)DylfhgeQn)_L7lX5Fu1SjFAHQ8fRQ(g`Gp@nnj
z)2)!HjFc9{$HM_V!m#_cm}6Vw0f3oSKBDofP&p!C6v&{H3e0!!BC8!HO0rwY2t|j|
zbm|03TVymTCX6ddJN&_S1NGm@_}jNZz|CUh1`I!SV6i5NlM9zY{T!nzjW3eHCKAl=
zpU#|vUIPCPk;mUO`y=G0N6V-bm7dwVhC}xs(?a&VC%zPuQc(qwcMCZyDgbJS3kNbV
z(N;MHUjx1{i4>4!YDAmFg@4U7<tqJLQf~v0_nPpwU*hUQ(?CT2TtKtBG;-iduop9#
zh;F9jzm`n0J*MsZrtppf-A+X)s%@QawCp|dhjCoyA48_64*Jx#Tn59x6^$9XT8Q!|
zSh<EIYSSc-<5kW1c^ikJaSc{2SCraF{Qy}z<7}W)gwzZHB7%2TVf3m9FZbRjNV;M_
zkr%LRu@eQ!<*=L~BrJ$A+e^933pf<I6c0w3`seAt3`2x06LH2bmfQziO|Xyu<O;~~
zOHWyz>$`&k0dZ+j8pVequ!6(W+vb}Zms2i+4@q-Ha!3o#i}MY>Gr&y6%rEov!#ZeC
zF0K)nGqMTDgCR)30eV0m7dM4Wj6evq(hK0f-GM^)QhB?N1IgGL&_dmNa0v@d@GoM)
z$RCU8f(=iKanOnPg|W~A=pT4MfN2hM_NCJa915tiMNEhpX@#P`l>2Y`Xl2=Ke=(go
z4h&eQ*KWcGKsEqCk+<N+xdQGS-c91bgb--WE*uID@x%l<>Z$`t7*>h_f(%OL8kzx^
z$v(9nsOIp6jr6}jH%+K1eyiX^Et@A$9YfA~@MO@?A>PTU>~c7N(vo+%5hOyW#j`K!
ztSix2p6Vks8>+h}gUuhddBB>yD>X<9>4y5rT}ZA2QV)?~gUJpe)8x?Ze{JA_gOz;#
z0kQDrs%D4+k}ECmf`cc2U<^{cv5N+O^^^*M8sZi$C19TfT3}5mnB$+!LM4_~R`%!2
zI8a49bz+zeyI9;y{BHD``3VV}XCZj{6IN*xxpL);c=eQ)U~P+W;1hmvfZI>h%rHg7
zfpvfp#7>;ZFkKkLeq3QZiZ#|>`54CCw?m0`qh>GP>p!tu2^}7<CwXBxNQ<#T8#Kz@
zyxm|`nL3eCwF}TDKG#k*P&68NE<CeW+ZB<262S2v>Yzz-<O=nQw^eCXW6Oq6BD{Q3
zU^G8OJuZn(jnXLfd(b4O9Kp!$B2#F;`LZ2$wk%!PK%Ev;y@W#q<$?-kzww7;vNZJ)
zt!^Q_32{Aw8BJu`r5=jh6}K0_Th}Y&#4y9f>-QLIagdSDPz@#KSib=7U|7d+4`jf4
z*(1zo*7%v`GIby5%0Xxej7HqJi`Pf~_uDB<uq9eBjGkt2X(3~aP+GzZuxA_e3gf{F
zZe7X2nqk!6xFvaROYUpN!=y{UO6<UL0v`-A<Tvuy6-g|jo;(w@tkFkGBpX{wp;-L^
zq?P(j2ucBk|4;3FsEgeC4@0=$Cf{~lVS#gEyGU`k?ZR-WyelsCAqwM2rTz^tXmK)f
z`pU%fSj6S(w61P{bL^8@kp6?)v)t__Gq8yp<ZxCdhne9}4(Cjb&pqKh(C>f@amoo%
zc3Qqx6VDfUD^OH+c@W4RY0H%kRc=H(H$Z>wO(SJ|;zCy2!E0;{tD(3fEh^k)&gMa|
z_;;`50kGGk1rIEDh)J2Hkt8kxawHAXMcmpL0%{kcY71Q=GmPkSBqYzy#8*8zT1#je
zpjU(*MNC}8?6EB^eRaTeBpM3Z)@+UhGK=y9NMHead;8q-&5(D{Mm3>$zb`=Hu)!c_
zzo%_VGbq3N$laUILVvD9Co*hsaA`Et>?_mHqiKkZWWg0nf2L^;29G9^U)`Jrq{&{?
z$9ynk>7~{xsw2{~_3h$(i*mIcDuR;dMTF)jbO<M-IuOmTLxe6H!PJ(sm%>Cwtd(eI
zK=I9@8yrxT>oodg!Ig*DvC6Y6eG9Ekr+F^>Hda(rr5i$30jOCguv{X{oFb_JA$CVi
zQ<Fe<Iu*%ula>As^3?eT3k=>)5T@2dx2G%VcbgwfCY}WQ&_Ewn8Yakzgsb1w{}=-j
z2-OeAs0$kNkAD#F+RnNBS!Kg^FHIW0*xg)RhzSjVd-x|bsigzlKja`;zMh=YBqlNt
zP<@H<c)Kq!X^p7T74zoG@Y4sh*>=MIbES2B`&mth#<UyBp*DdKH83FQJB$*=c>U#Y
z+<0*V1qFbnv{smr_O-o%mn7|oF!v~jT9mC~j9?sZGRmzcWz)tp-($52CLW?~<vzpG
zAYP=yEbDneW!vln0|+#_5L<$iQ`55~rR<wRk&6wBPd{%Pf`r%ubl7+u8>na<fuDuq
zr>nw+jeXmM5EdHiJXL_%l&~21HXGaEdP2UU*<|tR-P77J!(FG>_VC}9A6t-yQCMI=
z-P{PoM~VXYz*ro;$Ew44R=03;jpB5jxE<<|z|8a8B1vXDu;j>ZOx5E{LnJg4BP$c`
z!A9cITg5bnnOnhf%^AYyZwGN}KN=?Gfno~-vgUc-meoDxi%YePrpCAWkP{SIPH-`3
zxp*(UKkP2g;>G}9vcJ6}D!U~;A7h+vE?;x!-EoLLSqs^2gP&k0{tDKcYG(!m``}nz
zd(Z|4)hha;qS2qKlrA(-J*pn?KPbH&w)5eIYG6&*Er}TyE4o6wxLx5RD*$eyAlfC(
z2Ifh`$SD<=iq7O~7>3q#A<K@+3HNJ=XAh!Sv$_&n0;wz$joA{FKz1zfJ)33G21>dr
zn27>8*bIFEq~0{AL<-mp4a{x?8IV+U3dKgTelG$GZk(6k9O(38W4g0I-&c@jr7cKK
ztcrwGEyKr0*G++<ezYR{ISY}phyJEqpdu)TVdxAT{rHW%6jVT;6|W^Nc`_-M9$Lhv
zQ*30F9lh_g^C8S4Y<!we#sujwuc<HPe66j@Qg1P|AT43<I`<&3j{#obD7p_Z2O`C1
z3V6h{hougYK(0pAwPPa-js*zX0Rrhl7m)ZkWpp%p#?#xq;=1sc2n%i;R>?WzhfY*X
zR@(qKK*+zlwsVw+5|%{U=Ri<NW{iMS$2*Akse(VM9*K-<u1}D-hdx0vuUQ2yPkk0v
ze9vzhumNAEAqg#sN8h0$RDw~6=u6yBEe`hYdkcbzG_XB<yq*p=xpWQk1YkLeNTB|n
z8ZnL1(#-x??3u4L4T<`-!?{-2r&9*`F_dX>$Ap7>)$_V*CjY!K!4^wz@B(RpBv2tu
zRard)HA>_!ftbea@6fMH#DjUV_qAA2<h#p<OpFF>sPvRml>>o56dK23Q1XkY6Ta`~
zZQObYH}r}?F<6X->8?%BR4_}%RRH&kWJ43gFFTw*xvdC5cN7+pvf<dS5}BEO-$Wwt
zEjDVQD-ZSPnPz@b6dcMhEv(kVT(iUREi(7Qj*6SuhZ0OC@j*^IGvngAfg^_cUS#_E
z3gWbEsGt;5l?G9PCS)9ifoFhS-Kbkw8Jr;x%#;zfY!7s|!YdXL7iORz#y8E$3r6hm
zg!Sot3nwY3z=v1}#@7rfq-=^hU!u^!JBu8Bh0mNwyqF-FZE+Esv|+y&F57UuHXsZ+
z$1_oa{Jzm!qBl~79nE2LNZR!Zed=LxFnsmyCka@+YIkZZ3rH0p9W&s3!lyz%K-Yv^
z^B3OjHtZX>T5uIo?7uJZPFLjjV@fhb!APaTfyL7?CK}r^S>UE}P~Br_2F%JW7<b5I
z+VV@@na!?vh@1$hp@BV=g7cLHeGw7Ni%~xBv@%fEbP|~1Vk$+P1D)0i`jIqA$?8|L
z)Txl9KuT;yKVRFp<<g&FYAO_{-YFZSgl{q*wk;h@7Z~t4s!m7&XDz#Gs-z_B<IVC<
zTV6!1@bUrdt+oFTft4P`Wlp|~AGOgb@Vzv>TE#*GDwt6lD#kV-%jOZ87RO`&>G}RS
zLT*m)rPAnA*Y#4Zs9ya-j{-NaiYPp4@aWPR+!BK;iwiR*-9#Z1BtIZ@8)L)90bk^5
z$s3-E`{ih}BI`{=Bi$P#mI#Ot#8<txUp?`X^9=jl3+QCd^*$)`7?Nd#?NN^^%gRKm
z`kP0Gr>$1DVj|IzkVqC_34?)mDlv@+^N!=h91<pU6R}4a75;`LW)<#xm?Cb#%PedC
zIN)rLMy=}`4Zxf8ELkSFMhcxD*R7cG$-9FWGO7GC@xJmD54)r^+DjhF4kU-TFs6>c
zY~cs-f8%Cdx@x_AK*tsk4`7@Egh+kD3=yfq&>;#f{DM9ix`GG#z2NO9tVAjmokl?>
z*UqR=H2b-u@uUeVKez#V7d%1QzO3p+NE9THszMP?1j%0|78?gJyIBc`^Kl*ut&30R
zsj!ir_a#-nrwni}eH{(sKHN?w`2DCvMD(P<54zzb*xC$%YMaVd^&nimdySf<LZDjS
zxHf^dDNo6heOXyw3SY_c@mN~~C@<8;5kr;PURMDoKug$4=Bc14uUyBNe?kDXj`kb7
zXQpbu`Om`qjCE6NCM5v4yZ{jW2-^qnCD{y7r9oO_=gmPBlkk{^EsKc^70jGOryUNZ
zIA$!#Y%_a^)?rpdh1^Bmd}7~@tq;wOC*1Ith<km(ZP*L}0G<=SD<z%yWwCHVR0$|3
z&BUOcoEh(Z6Lr@H=p=M|mr9q5tlNOZIHAo4n}*SO1roMvzw88tuebGb1xBww(NDDG
zhvX{M(N0C0Of!Wt7{%}~zjriZ_WEuCnW#C(;%#p}L`nF>Sep43DdbRJBL_H5utX!S
zDR+_{Xxq4b1)F+yN!IM`%j?^H)3+oL2)PM3Ln^y(&PYgonn{orShhJH37C12jN4F*
zNRP*)5NP1&OvBttKw}oWpaE%-%=rR3Df01reCliyN9BW@HKw9-l(#bAIn>zqaiIvv
zcntR1uS0-|*Xn{^%meeA(KA57at0Ptt+03*U4fBx5Xy0-+zhtW#JnY2iD;Zb-i5UQ
zI+3J18aMT^mEl<0Chq*47+hAEP99DHIdmT=&SOw)H-5poQT>jckXohqAen+}XGJDS
zAhf)MZEv_57HL~CDrbWWp^sX+SrTAnHW3{tQiK_c(_>)Fg_-HdY;+3Pv1l>Ip&}<C
zRoTfLk3NAHL5lbYcLE)UBmz%7&tE43BU7A^j?ogP5R*>|G!ppm0U_GSCoVlAERn_%
zxedkb>Ioyl+#-F-uP1|<8;mSmzt}o<5fOxOg<rOV2e;fixv0I705R0&)-G8Edu+&j
zc23&bd6d+bbd4!)oNj_mN%#yY@9I~qWR)0vDWEmp_2Re<6h(cqkHY3#Glg1LOKml3
zSp=$XHY0fi`~@+vl@ciqHC|E<X&8hyh6W2jX{TuA8v9NnuYcqw$=EL3NG`QOzD#R)
zF>j1A0Nc-X*|)sOI?;XUVFMrYENBWIBqu!~6SV&0Gk0Up!n#q1LQo0lY*s3d0VhHU
zLU!w#VI?CEVp%91bRc&JYt~u^R^R_ZR8w9mes2W+rkCpyhW`f#LbIStDLmls70NP}
z{pkOXpT+^SquWLEuR%WaboNIQLH0{WcP#kBqfZH5Jn2cK-IQmLj@@)$C9g`8l7>on
zO+krr;ted((UZYYYE8=S$fs#>SaPq4EnxLTLZ#I#>EPxF;)5{ANKk<tRhJd*W}(a?
zY7h(_iIl*>U4*D?!&s<Ol40`H=Tz1r2bs7Lt1T{Gt(Hx?_2<`A`V1JvB8;lX#&acv
z)^pGGhOwB-a6IU<-B=jY?TQsZs+DyUo*G6*&u9mgtSc;`65-Mlc*!nk?M~4=$XGHZ
zW6&YsDnO*e9lK7QSgm-WLih*-*};I*aaWo$6+XYo1y-lmwe^RywsIrm!;*OKX;gi_
zPkA@@9A2a!LPv29+7u*9RPm%g(JT_?o++eWh#3^#*el)dGy!j#`G=u}M{3#=CF&i4
ze-xF<6hgw>bj+2BbxrAM6j9bstR?U?v+zL_P0)|HVW`lN-%q%R23m;wH{eaSKpw(G
z0nu=FVxFTcyw(5hH#ht$-~gvRDUaAUbk-Lh6P1$*rao}?j?BZ%=+HeHkTG7cNFwoY
zGA)~mEY0>k5on=Ya~x6Q%pX`VbRXNOiL_6S*P(e#3X6My=9E3N2<tUZ@5ca2Yv&{X
zTrXWefec>T&dE&9-dYkH(35K!?Yl6D0X}2H#<U>->TLZUz)H03o?@P2oJH>ec6;Vw
z$RrFKm$AF`DvGLM7^=csJu!ZVYa6cwH1}vxVX=y}JeKIZO3SBL|J1ezx$P8yfB_oB
z;So`UgmruKDW+q=b=|z&y4r9JY~?`%-`2sp$#-rM0j3=zPkr(ji&QWo$23|q&#M)%
z7}r#T1)H7#z}E9q%rC(R7#?XwW1e7k2Hh?W0DRDfH~h@}NEQO&GV-pj$x-7bpdaWr
zEevrKmPJ+TKaPOEQ7@p85M*A<hBB!_np3gR6Am{`e!!80=x_&5416P`8z_{<st1eu
zn=)(^A3!JK%D1Okxu36Dk>{u_y=MX=YX^~S)<d?n%k9g52hFmT@@REj+QalVSVHT2
z@u}oXE0d75{uqwHC4Wc~NH6ea71F3aBlKXOfvX)1Wj(9Ag2wF#S94E$tuZHtVoE(j
z4S>NiP+Gp6SYAD;7*1ztzkDIvk^5AWQD9$Wp}eq!26}d}69y!OJ`3sxT_RZn2kb~0
zYu7krflx@xtFly;frA`o#M`KmO<EABUM{jnvnhZjn6#|r_Sw`Z<^otB!!r^HxDhIJ
zv3q?5de@HnEpo5jy$Oci+&0U{%W>`nIQkqLJADEa=gGqa8)1l4stea~2C``(sk+Fa
z#+W0OUi6l~$|`eEXQuaRRMY>5tD#U{$Ofs!OxgewpigU~$HPgSjs52&5CaMMQqy5b
zC!H1`b#2i6U={k<+nsJD`~=Ul$Q0KUV*Lr?gYOJYe4Z>&F;_E9aiUEN&o3I;)EV{{
zK<O!2FMM2J1^qdUjOd^ri-|@=F>rX3&0v*8PeNkyQOydldkwBAnz%&ks8m0Av;YQd
z(A-+t_>b^~7K&`X@n`~3w$7V;S`q>xd<Bq)*zst1ZkS6Bz*=Q;=9H3kO}0^Kv!78C
zO3X(ayoLRuuL(%r-kXLy2DM=u-OtA)3DX+515zC`&xB$H8ij$ZzXeYM2iq=zGkESK
z0Stux^+`=ZiN6Qz3&GZh=Sv~`KNLSYH{%%0tU!tN&{pHb^1=Kjypv02d%4TP0j)`e
zRAU+J#3j=yjTeMUY4FP_vq0HX_;LU>Db@?X&e?*H<lZ<bZ8tRIR~$(Uw#YM1!}MTx
z6EBp|O0daD4GKj>X8am<h>jRuRR9G-YBr{$;^~c8x@|BjQMa}*eK9T$AXvnMjb~=g
zZiAP<B}rJho~!IfJbb#K0BOrk$SpOLmuQg`U_{!%@G6I`z|@jSJ&7Y1(;<WX=(sv?
zcz-@ev4_8M?FnS0;(8V9kn9VI>Dk+jM~evz^GR`@%r@QuL^W*u0|4c0mp$Y}{Khn)
zUZEu%?oFsHSu+s=c`j($K)evWxk365_^t|dIW)0Cz&ElW(PLy*D;jZ7^dF3L1o}Q&
zT)d*NRnU~IO17y+o>K2yGk}wW(8~bc5**SciNnUdcH<r2*qhV&MT2@{2BwF$gSb7(
z*1AfIasI!WS(m^r^ITze2fWII0TnYr13vR7<p2?(iTu(e;jRd8y%6C(wfqC(Ji_2|
z-38|G1I97lwP~w0Ht<<LTUvX_GsByo4FiBl7BzTMm)K5Yx_~d^Lq3pbAXQpn+@OZ2
z@muQ$Web>coaJKeu3JK2tktOV2&H_tuwO{+ksWrgi6Ssg`YFDxke1Xfd}Bf2k+Dj-
z<eX6hxS0ilPK0=yw}#_$TZW6jm4iWjD>wlpy$P%^0Y%QH1suf>peca|P$U$q0z5+1
z;Fq1U{lezCNVJ|vCSNWlLav>0lCc7>A%Y$z7c4tSY7s%o=+<bgO6RZ`Sb{e@c`aHU
zi)#>KpuTxsM+?W$3&3VJFeq$>R-5O~V*xpYR4kH-D7Z;y)okEfzpo?iQT5bYEC3?h
z@JNv@*qu=O1WxT?;!@X-Y$qFp3Jl4axH9C@eTm8t_vj$%A}rgCKpG>2>^ikwL_fgT
zq&w?GGS;>*N$NxRL9uUW*fdhwG(L9bB$*E+5kI|B-f(Q3x)Ys&Vj&BgQLF+bs^j67
zqi%<{AIjWAMmYAJUc_os7^_s$JBi2H1}ueV1q8L(A&QOdaiy$@bj$!nGgb&c0JDPe
zFj*)JfZH+G9Cjg(s@uhp>T~5jbLk_x0CaTO*0GZxPM@*)n3KFh<o_GQ3347eN%j<m
zC!)rQSZgvDePx%%_0;`3N6_4`?w$?cemj-|CU>r4sMEbih^ma@CQc)P0n>L)VD>>>
z>2B)0u~b6hi5JfTxekXx^*r<-GUCK4as%`B&cY!n*R!1D&GrUq(lY@LZ&QdyAifaG
zh(yLqVM@m{YX#<Y^6(0<L4q@MN9hUP9_>aBqdCTgrY+3l$f6P*ci`5<)s>20dLMeA
zY{;+*G!giSzj<0^$@=oQ58_xN51(u}!^gT^dU?Pm2mED)SwV#Z^LQM($L=8rbkjCZ
z%o4w$ygU*Tg#c@~tfp;MiXEp4XX`PsQo{oS&2GeyIi(5z`YKj9FPx3&!c~f|OO6o;
ztW5`ln8&lc2kHL55ss|`{2Q1v&`aVG0xA4^=DlYgUB1n+&%&9VQ^I85Ea0-SwE&<F
ze|PH~Z=Y)v&!hkC`GUCf!QDuLS4Lxgg=DLorjya-gIU*u4dDcTsY8zxhg>?-_5A`v
zUB#gbA$uYOk(|zC7}Jo<I&ALj=Eu+`9Nv1Udyvmoi6}!JFne^yIt)+F1gzGUk~52&
zPBLZnGs(s;bFP<dCWWFZ%P>?QWQlRMYl(WHD1lK}GO>s;(w9_N!gO5Az8(h7lZzJQ
zj=V1zIUCHC@Z1dYOTwP`TJXQYNXel?&VH#UAEqk#nazCsN{!KBm}l{wO6L&ZCH(S!
z5UP4G8MC1t*@_d2UN<PKqXjL_dA(!5sA1O>6f>|gVo{q`%FGa!G?PEPHEd6d%^vFq
zi#Xj8#w9#cXq2EBj3vi9lxR`{c}Jv8wYie6yk#2oQ>I~1li$Tj!kgvEI#@C$dZ{xo
zDiL}JE{M!#hs50Ov6PPuv_{7QSnHtm096u!9O6p^4HE^Hi(&Xiu>*qP<uDK|lJX=B
zHJ_y{GF^fW@Z(WNGVZ)6Pf-nt+usQel4p+J;{$vNm6KmV)ikAX3{xGsl141^H1*uF
ze*U7O1ulO94WJ7Dpz}=XdS(PAxf@Fc*q9{{4fmhN>b^8einN48pUln8`zh0-{f}GK
z=sj1gV=5D?eZ2^eN>bITGZ2~S(cdz?fSq~2n=@Zh5#B#N=o$vA?SNA1`_(}Nw=+QY
zYe|}EVgEY?NlvvC?|0L3nFe`6!m2u2KhmW~)S+W^>3)^3|NNp&%pu5}OsKN$Vk+E!
zo-3-J#ZV_nbr70ZcteBgieU7c+Z&=R6k%2KG$n;y4@PfK12l^QFzfkCPvs@q)0(bI
z^R2-gbGTA{KZk7yz#RD~uujpO@hi*gv52IU!fIB{5H-uH4G#9(YgPQo#&oT0lLW9O
zMPeq~#9@Y%P<X8@b}JgmnfgS9L}xM=4ACX9lIlb)+pA*TZz*)Dqj=H6#=?-c=Njgy
ztF0oFXzZEAT@}sBXA$&e^6R3bI{!j+*B1m=0f38prXr-Vhc-R7E?KK*5h2CkH5jXL
z%g&@XEa2U0MdGK27`O#PwjPd7!&D#7P?=5`;XebSMQm}sLy&}iMkp_1GDiggJaQqr
zzd-5<I=uw!itAa9<WcZ^Mq;B-$g}|796d(hJ3v^hhBhz%yRpMmvQe=?N$`OJ2)9O1
zqGsr7PyJlr75=3vTL2Atqs@}q3JL&QSssM(a0-Ag)tQda9yu+6&cqx1;<L83hACir
zas+t(g5hP>U+ip~Es=@T^T1V^2*Dms;Bxe~?}n2*9Wc;y@BE;C!Zo%rzeQ`tI5PXI
zwFCq&c+f?J_W;fCA;RteXI9PW)EWSE9?EU|O7qJjdq{%{Kt;z14FXJJta3Xz43ij&
zO;#T?)IbD(@~i}o?*kogt$2u{4mzjof1%8oBuD|O3C2jQC8WI)>c_37w>g3rz9l`5
z?Ehi8uk+S|HXoz5i|juWotilMvCJub!APpSwr(n6K07Ed82Sb~7&T-#IWG{m-l30B
ziNN&J)J%cl>JiSj9H45!vEVYCmMZePtk{WIKfGeB^amUO>P280=Y{UO6axdkXw}m>
zZu^65o%>z1wJ!=|m<Fmn0O)doiFt!U7;gB$IFB}h3mqL{9RLp592HnY%<YZ1;tLu|
zCJ6-qNJnDZ({v)Xk~#ua2IuoJ0ghS~bCoocJj8Un{&MfTtA6V0$2DI5>5}Hr8o%$&
zzT!G+VG(s(NfpV~RRfL2|L=l9J`?3+aDc<H@2Ur_6smyXYg~|RwPF-AhB2!LI_Jms
zuntk;coY^!j5Jq(=lU#i26RX~S6hgXsf^U35ch^=NXrj6T!4zyqlq+Pg`p1y!W!OH
z0cmuh5<fICbtEKAFC`wXB!C9pei{^Er(RuK7OItxyz&Rcowr`q`|xYgFQYW6q|*Ad
zbOX5qhEP?2)*-+Jpcg@rrwSRI@99GK-{8o?9nr!8-5g(JJ>U?CV9G7KP>dV3Cc(A1
zOjNyhO#nv(Y_NO!Hbln6@=jM*;3o?Fx5YQ!)L(2an#de+11(wO1aI>46DZS+6}kv7
zkhr*VDa@k})&ufPexQ>o^51EpKX~3|l$U|=!~us1NLC``1HSMB98ItH3}jIh5pwZH
zhp0~;p&>Tmgl;8_AJ{U>%m^cea)$$hPV77yXM<h|XE|xtLKHt}7qGj4D$|rc4L5Qm
zmmn>8Nd}Y(<xE!%$C*mtzEr@tbhnQ(M=JfJX_a(L)QY(r!VyJOGA&ifiIsO&=dw_w
z#=bFE63;#e8VDH<$gvogj88OgC>$ceVX+>!=6QzDKdJ+=po2dSmOp*>?LyqvU*=Z?
z)wnoyPvO*H$Fv=ouonJYhSn)cQ0=FWEntqEIgt-CZeT|YUv9MwlN+^1yvS6qALBjX
z?`EQx#}+Hn1*;=5H7k(&Twt+nTmp1tb*xe%ek5FQWSquu3z@OTgbl?U94U!E=0moZ
z+l3q~*p15e>#A(?M*(5jC%5rzduwYzF%?b+byNDg6e^_Hl|Y^q7)<o<m0d-xouA4E
zd^I&g3(T7&)dNq$gI|E`@JyV;rp1hYjnm*O8Xte49VhRQlKAz^0h>w##cXeV3h{&@
zLzIBvY?h2LvQ|=kcB+Cnv>$D%)74JBlKtr*-OyNiStsje97^V3y9rR7^{1*CU`2of
z))T>whPJO5B*fskkwo%LKu$hL6{<VJb1cf3>IOn=GYEET9w!yu+qj1^cY#88ph&M{
z{{DFgDBzqZJq!j5_(7AO>-btFI<!P^l=!PxR4CV5p}51%eazw)qn5~YBcP!NMIA;U
z-hr6!Us%Il-_*?}4|0?OQ$2W{u<LfaMrF|7*hoq<No%ZqUD_h&MUnBg+>d)A`UDAA
zG>F;|Af5U{0VRl1RIUUKPtjoze+TW9I#o2)&GW&+s#2*M%P#0x0ip7mCizSwjYGlR
zf=+$v@l}@2&>oEXv5$)4<Se2^Ph=R>sy0yMg7D>Uu{Bd8wi{v@YfI7FSUI+o$Vw2s
zbEVr(Z(~@%6+)Q3f@t8uFkZkaOH8Vwpm`icRWRXpV<I0=TUy8l%4wUW>;nZdF{Ir@
z7KzGiU|}4W*6{*Z$VfS*8|5<g7BZ5N`IE49CkT^j)H=)bE$M2LRSX8x>4f_=5bHTd
z#da1WXbu`5p#6IPeu_!ZU>r))wP>hG6BC*oQiKl36JCKKym;6}$nDtUlb!+i0X7DU
z(=_vZxJ4V~doZSHIk|FH(g099C^44~&a-F#rV6mlHX;o>1HpxE6SV*16yq7;qLv@g
zDPSUFc*##*n41B=_y^!A!%iaE7869iGRInt@0&SjVyjDOPJ?U7-7pKf<1;g9GiRMJ
zTH)nqW6D9>qn>fpHga=!_StsVQz6sWiy!?$e`O##EKd{ah#cmy2$kZSOftftGinS1
zC*%U9fGOIhuTZI{q#fhfP>_<8Efrb>AQ7ZUZ~2d0NaU}3!iv4H6)Fjg!VBMsnluEm
zss7qnW;X&6db_0{CX!dvpUW>3NO(2_f>*)bCfQubxjZC^ih=s4Bb12?WzGXa_S5re
zEt4rA@tQ(N%6!!<p|Va8tpXfmOUdcBStr6%nAO)Sm%$|#J1xZfc6?7q-nc$@?B2r)
zcfzBPMW{9iOozb;D9adT#ulj$3`A}cnp6u4AR7QKGD2Imq2AC1pokjNmT@BiP#=CI
znAhlZ>VEKwdJL@9hcHA*vM;>qP&~(d**`I2cw{blAuNq0d30i4GX>;%w*Nfr^n(zB
z3X(PCbrlGXExt93-4iFlvxwlr65|7)p3fl=lC6Y+8D|UYwtV@h-eJ_qUmq$OIxcmy
zke#I?1#-xWP|4#is<imaL4CpNi&8)w2T?mmv{tJDW2*=5GPGOxBs9VOm6xyfdp2U@
z!Z|O!-hbob%!G}=?=4A^F6mwrkG3R|fm%imF@t&lPtJ=zSGnCB5R;Nw-BF;*h>lz1
zKH3QP$y;y%$F!_<>PZ%w%Ak2u%J$*cG+2&mo`Ev?Jnn5onH{4^QPM}a+odHpr6oXq
zDXZXghHYp)$74+wv)P9TdEdTKF`G22B+%usdKj7zWg?HgWZ4)e-8nBbk&&SCAkm%~
zQ(tz_cJ@%De~F0?_7*G`116Q1p)&X)+e3g&%DV0JW^480(^XZ8@96Jyo&fb>gD_Sk
zA)&f-^H%A5>?kK6+FF0r6$(e;(jp6{<W_``J9eQ*2Y@2-x?M?csCq?^%^`FBlfIQ&
z$jB>y{<OnD$r!u!pBr5ItcW<kdp!A|V1;$hWS~xY=^iOtH&SG<y~87(8?ffd%nc=`
zu|%c};r`&X06P)tqgz8p#gOLta7cEe4F-7V(S$0=Z2a&X&zUXcc2fhL6LgZvnv&>i
z1(iA`!PIe@!1CasBH-ayxiKt#@Ba#w!{0BU_B!2wxD6&cJQbk3AFvOsd?+!Kn-?KF
z9T|eDf+Ofn#A|?FTW>W?k9!>p545p_W?!lmLGz&G3Kp-I+zpMY935H^`x^$Qk)uLo
z@wDH=X_Eb3pjXHoku&9v;o0H+5IpUHn_`-yb#9vjp=a5a8{?q2h4IVtTkYr*l9Uln
z8d$z~9&yLnH<aj$z@#WXye-?v3)d>i+T?<GhKDRkOYLsxsl<QJeS|@g<$?^6`VtTY
z${K&dXV4lCpkQ25eqfcQHzZ>1o|Le1I6}@OV{M(yJcFtkA8}0VC^1sAz_tBxC1*My
z9tcPSPM0Nj<l!7F%mQfi5vkP}TkMcK=u!j7tQyi})3F4zat_7p!cZ3Zz;o7*bPAyL
zoInNkO%JOwN-b9tG)m2l=`eu-pmD0r>7`ZR5B&3<hiz0<ohr-rtt9F0T?hRHXw|U6
zV${MXMR3-`Q6(!~N+l4tKgF;@9<C@fYrEhYj$~uK2SX#8KMvqq^@qp`xuqF0^!A(*
z(&4p1n5JYZm6WS3L?Nyo;&@8`J!TJpf*82T0M|t3h!wL=;U7)=#Z;fROIm3JD`^YB
zmqmkLZ>^RdqjoGBMK-uTEVeQ_7d`D6*;NCs3hop2*}#7L@Giz{QA!GMu^5ZQkpPqH
zWI<z#O+pi(pQBa!5{APVmV|t4VpybzZ8wdl0IdGc@G{lao3riruFAAVt*Im(Scq*<
zC=!iF0HG$yJeTvMU9>$-#1fW9Myjz!mDzFn3Kk={-V#^)Zu*6NSEv(o!#c^>!=woH
z)PSdIGQ-BxQxe*p!)l9G@Tiq;!=gL*r_mh%eV7E0PPDxV1N!g}EI^Ch1MEt2m4-A!
z*p=-#?1eSN6vf0oPYD`#9i!!efA~KFJ4LQA1H=V}O^Re6n9MyK3D=mW24{#3_BRc2
z4DzE>K;~tb2o(d2mjuS|THN>DNt)D$G~0j~SIEA_jez8we#dd5&MgzAOJ<YQ{CL|K
zYpEP>Lg+kK*`Lq*pFcKtYzi!M`W81}i^g#*1aJqC3vSQ;rl}*32&jn8ICAz<1JxeU
zQ>5bz>9KYl1Ws^(H1t#mpHrluM7j0^Hn=t~CE3h;Hs76N(La&L`Q=9hC@e?Ls#wWS
z^;X#A%b94q-zdNqMbQMnx$ULF=LyDnvR;YPjo;GNFhcov2^5NKaL~}@Y+GRG8IC6!
zIV%hCfX6jDMkSSYl^X35jgXSx+VpXjI*^+#3Fd38xxlXF0db<1!x4O}N&tq}KpPZ7
z38TxFV4Ium)8sjrwk?V-q)=dxNRA;9y8aBsP-oT_bX-FcJYA)tXbWV<<tnW_EE)~`
z(6LI_gx!9xD=RR7)VV9+pHM+MvWOs(1{tpzh8q%?1Sh69P;Qa17Cb^8$9x@yNkUVU
zxv3Vjkz<+M<CL4EgM$2lIG|pt$2EzY<!>tr8FpeQ0}$wz9LlkjcXAqg@C(5*%D36d
z_ZG%MW|h7LV@%MZSadjO8VJ7Co+;(`*@g+@<^7w_I5$WxYf$5qwxS1ohoTM0kGY@Y
z#77>W?jQy0j&#1_78sa;r(44R@oNCD%pv#;&S*hLfoo8~;2W+eLYOU)ZHE*)m>x*m
zm1gHa3BNtu?2^HFcrZeHBS=~Uu*#&cYbmD`BH)3a&qv54)do;jTwN{c7q~c;j$3;W
z4drjzH5f9Sd%2hvt?%(6O@Ly96{Ou1Qj#Kym94^D)mKF!N96HgzuVm*f1*mMPdYFV
zGT@Qd(qVmb+e;|{9c4Djac_s0E~2jhub36d)XPER+`=MThnkForWMROlJQEaWXQaO
zXKq%$BHiSP*0)5;qduKoi7{FxeztnoH@=%ns?xpr9aV@o0Tb)Psrs^u4GP*ad0+;m
zS$}_kIuQm7>vuwtdxhveqH)OZJ4)UMe?<aM3i7={mFQBdtr@8U+Q$d@W}SjEl`|Fd
z4I&guu8>=e27W}DoY=Hal#zapy!t{@b{M{WfP}@8h5A8!5>N~e?>YiyJ{_<vr7Wz{
zZ)RH4WB2uSdmN;Wa$JqfF3x;+)*neLk}Xve$%I?XEH?ZD+9@<D@DwMOeG7Do<-PF8
zc0TPA!VAU#gB#-FK?pH|19N@?>oMe6%TxEGX#RnaJDLd~x(yD?JI9dg=@J><!Sk3?
zBhd}e1rQcY<Z?m{$O0>QW1DRm!-W%wwsvne$ik>kp%nqZ&H@R!nd04!2P;t8P^^Y%
zTOFxV9q5i|0LOKJGH^hns>CCvhy12=hb7nsZZQFNtswvg5QhcQ&^zK16s}E;q5jw-
z_a(OGGhwOK)?_rBh1Q+x%>8mlJCR&-h`3YQm-ZEXZE79$O?+_)JFIx-T+!L)0HS&k
z6CQg)p<nK1Lz(m_;W7nGbAllV9TB#%BN4j@upP;Gx50)w+?O_Gs3>!sNg`!9F9`r>
zfnsl6Jp}yKtP&MDd$mnmR{22Kg*>uPj|J}YBh*7-G23uZTIU%!PHhn}6&r!Iz69Gl
z$uDI$YBMhKB?C_~xz4^dI%H@^J#dfx0>eO171X4?Y+i<aQAA1No@zBj?8LSxe=2B}
zs3Js+wy08s!&K6Y!#JER%rr+xYJo5iqi+-Z@_^tknG(2r`ccw*6mr{^xfPo*20%@A
zS^5p#Tu3~}7aDx7+c>*JGj2?d;A?m*_sMj3FuaPQV>r(1>+b$c<ioX-Y77v?3<|y|
zIQNgy`yLfAw#}Xfh_{FOg8&!GEoenYQg%WaiGKMx4^pe2Bkp-epX$Uwd&DOwt|RZD
zqcHX$$&C^{O0Im5x#bB^CP*_a79*2j7)IR3#zsNrkha7$l0kHoy1-lUbzpU_JG(4m
z45N}h4jJw}<Me*ghk{9WkR6A9g^s6Ip+wZvS5;Mxqi$rVg)yhTH-?f)hNB~St(~-k
zhM2Fh<9ux5nYWI4Z&3nk!k{UC0Gi8b9H1ud_f|@m)XHvJtYLS^)~qU4Zh);jb0V^=
zBuQ0W$=Hb85K;9pdHc7$s~|cHsUuql;&5aL?MZ*7UC6qb!bbr@em2vmb9{=ADb;>P
zx8fs6c|X5V@~<-j_oVaNoKF(cYw}Mz3|x#@2&xM^Yto<@GHiU`cY{gdusMaC^96JR
zRtL5{A{Yx>#>yT<mMoYOMHy*fGR1A}bqbFxb@<Zrwhy?lVai;^nRvByYScQQrC0a|
z)gx?#W#QGZf_T1b(9^B2;##h{!$c0=S=2gw7&Zm3Bnu=$2<G5IG$N&@0ub0&1^5dD
zVBYss0tR89XKc^(!U+SGSl|MrAP%swFDN<{k>_@^Dd#gOx|-PsRsd8m{v)Q~!+Zf8
z1A+c{TUm=%h!D6iXXQtaqrf{w*m$w43la}*v0-!2mwqXEsw~%#dH)GiA$R2-Xy7tH
z&`o!pkwTQIO;6n$N{~RN%<79l9Xg7V?j{n7T?xtux8SK79ko|9LsKUT&`5A2Wpw#~
zZBFQ&Q`>!RFI7Hcm?mZgXVi#!bXqf9Rgi;SAEJQrw3rQs@ll~=0<!s=oVxG%=756c
z<q3~}G_uM!T9E7=wMtca5Yc%CR<Jr}!7hcg?z8H@wJ_y52Nh_Tm6Y@DhR?IJrMtCm
zCrcr*J@a6UGneqpEx=#`#aOcX8(agSU>szt1F5yOP2gTna&!`;HqkL$APAYwa6lS!
z?W^m=zJ8q^>L(LG9ad0HGjx#y?~1SrLqQRSkvG?vX<961V9xd88!-i!V^N3`4%*^c
zHc}mM!Q_aXMl3Lg4ZyS%bUz7|qoj?;_wTTw>=zenPQyCt@$?dl(A0^Yn=C2M0v%s9
zE9429#({t1R^nt4;0%<Q$c3W+7jZT{c8R7lKjK%MfCfmg7QRPUKfi@rn2YiR0s%ef
zT%vjCVLMmo9*{0BYCt?$zj2Z+OQoV7l-i+1avqrOF8CFIsS1ZObQ9EjF!LtQ0RWFC
zRgd^*#(b3N4ExDQi#B<p<8E#iCUb{IH5emp>)5@>Us{lE>$uTU38oOm;DsYLo<ydM
zMDy6z5ljPWkC|-Pl;=)Ti7Ii|p_vsD>;x$4BFA5xFyl@--$yH&UKCb~LyhOC^%As#
z^KoVyspMrwX3KDd<2IBoILeKPMx#7BiS!^qvzvBy@gL!pdLM|_efyOl+rT)9|ADZh
ztPUvIx&fEoy}-CZSU2uIP#mYt{D(~h9g1002Fi-s#Q+$FpjIYHvqp`REejJ#ZCR1X
zHkeg^1ZWj41Cg$rjYdSd(<C%cTDQJEu*7wyJrUkDR(Dgkzb-%oT%r~+6wT0KEa80y
zjoo$vSa@}lxHg!>bjc(-3jHSehV+?VlO6911Q!H*@ghm!FMEmK`(0i-DJnmq;GZ${
z*stx6cD4hpno&>nr!3D~Vr;j*PWVCjW?oM>%rkGU1YdcLB5}`W4rgMYC65Ip;b}dh
zjr^!h#xhD@qEM}i9qYR8i6xx=PFy!o^_7fHsFgsB7NgcxKqzs;{xf8s(j>&yGC2{K
zUU>x03Dij&;~Cxr;;fRmUd!5I$hYz=V`th3v;mJ>IUZSxM4=^!gVx9fmI+}<lmKCV
zN-GS*0r)E-Fi?MoIsiP%1Wyoatk^}_z=@H!n5+eMHi*3fE(w`XQx@7vTSpeOl)WyP
zQdsOUOd^wgp|(q^0>xc}HV>OI+~@`bHWZbBWO5^QGV+0+nan$nkQ615X%pDl!F=Qg
z_&;36M<P~3EUzJ!8x;llM=cqGx<dS`-McIOI&I4h;V^nZY59bDMJy>1P+{*h@g~V%
zdnu<CsTz(e6tO2juw?7SACoc>UFoY{8krt=w22BN818v48cWmJYMe(~pv5P$>{gxd
zIzcnX5|e|M6|@njez}DrDt!|YrYW^bNk}GfBCtX91%u0a0nO`HM@k0X+X=`T*mfL4
z!?Yl1J?m<-*SZ-bbPUu48Pxe5885B{npYUCd}qvGx5+Xi>(w?c$^wQ8nNxG9=>PC1
zj~p)2LL6|UQw5(Yst9+)E!?@=!`n0@I%euQK0_BpJ(BS2>2}v2<>(&s0tRe>s|=l&
zIm8|F7olwh4S`{wfSVMP88fZx-Fr)&aU48ES_0)5CWiIPCX2SH7hc>C`Z^-20!ry@
zM3ku_-C61gU2_McbFz`dH>eO5b(tOcC6N!_10{JMsN?T|Ufn`%NW%MIZY)Qy!^Ykw
z;MBX1t{S96SbZO1J>u+e)g;&h67B)_*X%>ZR|3ihNvQr#G$rRXoh}FqWEU)O%{)`t
z1`?Pcu8?^`XlV$^Fey~%deDtZbo(AeB0>lfRfAQ!yfS*DR6}#CrFIDe&O{Tn0c-+R
zvg$9ZE}hQ=UqqFJnjE8h1&z*o6Gm#<8nz1;Vi*)NN5WWa_MXJ+oYrX9E&V*pp;ecY
zQQgk@7;Jv*x^2cyQ4bM?lANP;9?wLY*{2i{ZcKg=h+j#Uk}EtfC?b44RVsBb(=SjU
zZ#oD~rlzgZk-HGO!^IR1Vi|f2(BD_<klT7t9^KyeZM(gV&1PMdW!L_m=IKvbAm!MR
z5aJbTWM`bHs>`x?Gc{_To_cfnP^g}RKdl<kfCbp{`+f`XGp#%x<noc+q;m!+;kSzb
z5+Js`(z-cX9Yr9AGM=Ey0Fmdq3wyh25z!t_K&Po*3FkK=qf5QzWcnfuEtLNvY`H<(
zgWbd?y=O{>rhF&QQNSvQdK1%nu06k!T<wZxHhPKK94u8;kE85dv%W<-wfY^ltjMh!
z>moA+^nl9X-I+3mXqK3BfMnbb00aSCu$X?fJ0=e@4BkeSNo={Oy#e-IB9tc`)dk22
zkw<9*AyY5RB?Jb;gsFwqQIQ(O>E8`4Wxh-f3L48l2(IGyJL_MJF)wYTKikMyKBv+4
zJkHIqW~rpNO1{VeqG7?o7R`3Sxtrhu=6HpuS9>Q7q$MK;AF}UaX3~~Fd|K||uyFcS
z?YveqPC@Zxwv69XS2M{TYo$xcIlmB$lOJM&+@TWO81lN0hiv4rC~uWWvYd;Uc_d%L
zMzMzH{cOCX@evbd8}1?7ibcio&PZ+$Fdh8$>h<!F&d_2nS*$884Aa+h;5?JaTO*UW
z&t!t1NNQRU>?VdaDgCj9_FygzvSDg9;ss%9qLL<4b~Wd?G3h(t;M36gSiTAQ5{5;3
z4~pIK17R{q$-R%{Hx0fQ`L-r8?4W@X%!ZM<q{n4G7|rA-aD~Rp`T#Gq`|4_h@Ty``
z!lUTO#m`4I;wP}F7^6#C>Ix8D1I&(Z?t#nJNjfJys;}HdLY$+(g7cK+qDe03aTj?j
z6w1dW0Z^&)t8g5HaA3AX^IOU99qrewk1iGjSGn1Bu~))q_6~gkO&AL;3Xg$uKMA-`
zDtTv4IpFNowOV2LPtGk|-M$)E7!Dq=$rbSwrlq)(UZ70JxggrZCYBs8{k>(ZwwrbY
zJ(At7$u-Obp}6weA%Yo5RQW^DN{{|j1~#|;dE3)Xv<9(MC(X3~udmmjLl**F<W_3#
zI^S*wU7=ea|7ue4(9q1XLI5iiV0qzzeLg@Avcf-2Y$zbs80n+Y2;zztikU<(bu*Xr
z)6fDQcms+P6*LIKFogH@&j&#om{)z=JSpb%!?3AQAwDdyQL{??qq!&Q#ROID+P^f&
z7ZWIjwd^K(WZ+P^cX8mv(LT&;$%Iu{WdX<tsyXOE9kx;}<=J8_XL%4ol8<rPe90l&
z`opr!O@S?^LkooW`dxVjiP7vuF?(RpP)L+(%ugyviC7$0+X$J2^T{ZNBLF6_9!;eO
z%NWnx<uMk0FK}$59s>+Pw}g*jkTEuozw<mVA=^M6Jv#xq{;DTXMn==y*$~^TFr;}e
ztPAFK5RQhu#j()QSqaCu0NGk-?_eMC>@KCK1zj-8BC58EphF)>^6}b7Msam~W5y5O
zo=_3gF<Nk1$kDkHbwf4UN<asA@i^cj1w6XXTWCC_CMp;yDDI@DG5TzBaX@0pq2i#C
zO{!mzQveT$7>f;6#tDNa+~_WtI<y$CvY}>ll`Al(7(3tVDThvHWY=uZq#)l-a6^Wv
z*M@#}{42_2f~K0CZ_iX8iuXIllPmMbcMtjdJP&ms0?`rN=J(l>$zU?7x+*nx=3}q$
zo^u#Eqe_i|)fE_B$rC*bSs2_E$rMxUoG!+Hn!$L5r?(06Df_@Unxa}5rO?Aj@w5jL
zcL3yr$573bF4>$n5g%kG)&B?|RsqK0bk)l`n@1u7KHj{A2L#0mC~|8&!AclNxRk8q
zV#zY?kIkU@KvbKvX4GR&;KFXaFQ*|4*@*--yaM9FCTvC%0U&#57(5Xs)5e))Tc1~o
z6*+Ye;0e*{)}0|vK$!fuK)xj`Uy#K`q{^AB>7Y!!e50dC-6d;TezL3i>VFizvMl3-
zP6G~|9cw`q2HKW2FDrrN^ok}-U1|}r!b+C{D_YnVoZg2)==xa(=%VsNXc4?>>f$)f
zT;#^xc_%oqdUm$;3K-}0FH*x*b}N9sh$%XdJ!d8?>l$tT0ZSw&Z6;9u&kEVa@N3Rc
zX-i^!5D?4o2|84~OSRAj$S<&Ql8egc!%%j}4++_fHfs3E6OkxxFQBzl`yU8V8Awff
z7=~}Xu+Y;Nv3za^XA+oF{gpeWnlT*_G$<+4Fmgc<BBfp_QAp`bxk#!79Z<3Ge44XY
zVm<3%JL=#Pkx?1_C}QK#lqX5?WMk>qSI30kylQku`;7?sagDU)>_Ns}fqe*50klk-
z@%C1wLedd{YU@lW#S?ncb9-0eGlbg`TTR+-ID*}cnN1{B33g&g>WWNxBJR9p7pn}Q
z_tqV+u=f>J(>@_`>yiD-G9sJg9ME}<>m0JOt<5AxnJ`q}&r<7cn{RS{4Z2#pkrdm;
zeyVk&w+{@riolQ-bznu1CBqk!C>SnQJ3r0iF=CDf7kG9VBhy3NG_Ai$keO8Op%L@j
z!TZ%jfF<_ID0W`%u{e0%rB<29{M#gv5&m`PId_IIZ6JEIQ!p+mC8@FjBSCwQ0#W$`
znPQyb`>Ya0b3LsQbOQ6>Q9vQ4osv{@C#a`jQ!${QK4JYeaZuH5=_-uTOkuo6k&BSn
zBf*%5hry!A#1=)JrWJZ~_jY_Y?bx=r50D1y6<$ptO)r?qNaz!y+>dGJ@c=ul!o5_F
zBBlCjJ+N7o_7u;cuwh_TmC-IB8MVV(aFT^m#y$8Yewn>HL<9PF(@@SNG9E*<LK>_*
zqd(SFLlPu8T!}X>4)WwVU=)3Cm8G0ma*$%Jgjw7%;yxz-l14=0VUv^H0Qko%h`$^S
z&@8Rwb&jKh6zw2;v-ff@KnFLog_HJc&1ZN!z|HN8<1I8Xu?a&eYHCqzyZPgY>J0&B
zQALjIIyRCaz{fGr#8K9IAE_oc<`7UAAig9l>b=14#CMUJEZ%TDfE1xMC+1|;n-Sp1
zz3_-!d#5SY0QE;oFwGtlwR#O|^GS${VFa7(m2<XPHdN<`=4TT3ZupI)d#%5l`c=Fv
zAsA*?MAr<r!6>2JClfBE4y!G}(YB0ocm}Prn7VR!`CA2VEdyhnTVS_$vgj0e_gu4y
z5+b-)hW&HLC}CcDU${=?1J0C9K)B{38kV7bjiQIEsxRck<0c_1O!3t`L~u1LaH01;
z;ndK^ir(1s>XT*kYU<t|EKZPXSrCU3LO_((eEKcrP1#8GK|$OMLfRR~+vHzq2RuMU
z(NqPD!Js@|#_ALzIn(}XC<L7Fspi{pCWbUH+$ER<t5q?I+I=a+y}N-S=^9-;q;v-o
zm3}!BkP8%l)85ySCDfqAfk@Kf&WX?qOC~6qw1Q&Ce6^AJaf#?ISKZ$r)n<@Dre?>n
zd78_M!~*EpxmU1YL&DJYt8e51F!o;JRj6Yf38rZlBpookT-KH#UEMYKf>{Nnlm#TO
zWxm9)ZwJX>QN}_!n`A5XiGW8c`1(2NMF@aF!UGL!ZxLmg)*1kOP4eyipKnBb^e3=z
zBA4`33%V@!m-*70@{u*W3A5r)h<huN<AvrcfO#K;*+T$-6laYJCBtU36x8-v&2jb7
z*pSa1Cnx$|jTb|oFSHnxw&IP!Q|^2<&@`EMSUVe%b@2DBm+P`mzT#+QiS`D_`2}0*
z({gh}-t1u#si+Fp9q_-1fSOadLHVwtypQsggYhmrb$&_fgC3-onYSpyvz$f7upcA1
zIcqf{IaCDvTK6Lck5Rg?V5!_lX0?K2b3olqL~v7tcWQzn1I=MqeV&`>DEH?B4?boH
z28RfoCq#vRZA0y<!<n(b9VwHqoYVOCI5$03-%JR{)px^8IRXjm1GEs++~2XrJ09Zz
z<L*>S$GG8RdESR9j%c}@f(=lS5eP<pBpJIR1_h!q7P`RYe~u2gnWq3In@qi@5>2h!
zpj^&AK*)f1a7RI4D>cD1o{V62+N=Qx2u94PLgQ%emsWfy3b=s)^hQx(goHqZ7Up~1
zSE@ggjF;yec|N6nCnrSn_n=1yQzu-TkdNSqL#&2F?Iwu8PlBo50(BxjPAx@M#Yhfq
zuI4S699a}h3J7t1^TL)0p`W#;GNGw@r_f(Kt_&|AIy|A{>KsX-pVpS*(DEu`<;Q5-
zlUH#*R)Auh1W`ZxGLXMSQ34nJGmunL3VvF8l*D3#d6C;RjfPTyOz%p*FAlulIlS72
zCa6wVGhKi6qOBYXhd)PXk^Shkb@t}{JbgQ|R0k;HPlSR13&y$^%>RFVqWFj*$SGo|
zGw5r;xfPmec#x1#wN)t0yhC7lFC&T;#8KupX7dw^@y70_p}`T5j{`J~!@{`rnzY9Y
zpE!=<y<(g&0J4Vxb=07rm8?0}4{He99E>TU9AsV!Jh)m~>^x*mFIsTFE301-e>*hM
zHbgN68Z;8TTHG>Tt;>3OK{Eu?bPI-d4q4HpNp=a9tFD4c&=H{-2K71#1A$)3knCdA
zWO4q%yU&;ILDieG4nXQ6QCXQBY|H#8I&r{=i3$E4#PlAV1JSj38=!!#gzeSCMIU7e
z&Q68EC`Dp>FEy3j%?LmXE;Z17!c87aAwaAR5DP$!ZODY;ZJJ`bbr+ZwuozS@0^dlm
zSt?Azh$y+Clule9xdvQR1y)X&yU0YSSHN1p;zddAtg-rhaKoc5PC2!;-n??@1Ho={
z;)3WRXWU4zbsdrX@(5942GmDZhlwP1=f?<hE1JrmjpmFblYA*Co7DRB6B%*CF^~Zf
zTVfZHx+gFgB}xD_gkwrdEQ1?iiiBSdM?aVtqGh{|hTE4I8kt-e{M$X$BN}biDuLRq
zuLTX)_&<%vBvh0LPi!cb{F<JVh^;Id@WAah48fh%cy^JVx64&7v4W>VPG#U-F*gZ4
zgFU?BoX!PdTB76xKGKJziI7kM7W=Xnsnje(C6fO-Nj8y=I|!)3`a~(mQOYG(tu+XJ
z$&b<G2!|>g)T|}a#{r8*mUKCk!2Dtk(CH_1yD|Y`SOq^k2%?7iC$EHSB@Qy}&a<Nf
zMYLwha7r18j$GMYvz6-+#7L%41G%YFUDp;0*>YxO?*0R1_XDM2em=hIJznrQDqnGw
z(r394@k)H#;I}C<tUdIL6#;pwN<-a@eG=B_H_uyNXtT<UwJRbVN|taXWL+(yFZHIb
zM8ODDvDZN$P9}bF?}5l=iAqZBuzh|cEeMGNc~K)66ZkLJos4o!{!+#^0#Z7B!LDwo
zTu{jfu{Bqe!L<|v0fT;JkT<1`^e^js#X@I>CRWv#d!yA%B1U|K&r-gpSklZ)n2(RP
zO2B2CT{7@qKwgx43bENGP$E8YW{mw#QYi5tJT*#t0Jp_2j~Q8n2QUx7aAbGe25{KO
zqvL!gUA%s5Xkc1saZ7zO2n9tc!X%JxlT!f|2}CtR66-lew#;}0q>+TB7^R=<I+dad
zQI%`6Mm&ZsYBW(uP{qDQTOEjGe8MNc)G-78bO`x5c|1XdS1kwvL6RHWhcUnD5>s1=
zv%T(c^~RDg&@<SSSY<F42rA)DIrwB0>Z|BVg2Wlt`kp<d>%xCVUeqParof)XxFb*1
zi0I(><->p=5mb~wmL`f7sc<|F#6(BWXTvlXKsb|Ypd_w=V%+K90M~^K0c^zA;f;Tc
zKz3=D30avHzcXw*=kzU@rY{NCB7zyNbG_=?I)r+7fVu_r5f|ENgaO+z4xkU5VJ7J6
z!F_Q^VU<jEE*4qENxks4VpBvTVziSAlY5SXR_jiTKYFu6ggcJ|X>GE1iiQSI4)`|*
zBk<<#A6ked64W66nI5@{Bt&d{`xTlwTLF0k*+RgpNP@~+)HHbj6`5%wyC`aCr87$^
z!GM&dWPn7vJA@Jgc&0`&WAH&qmHQ_#!@YZ$xU<QQMBb1Xn1DF#z#AQ+kq~Zir1sU0
zE7kB*i2uorafolMo@x;Q&>}wL?T_zmS)zA5!0bHY=pR{vhJawD)e<|VJ-%)G7?0R5
z3G0}djg}2iG=e#hw27yB)rJL5Oi8S@|FP~6Ei9kFa3BZfQy>!|6x&Jxv&ybDF-Rd0
z$kEiH6)w6#i!|Q1(6waz7xv>7s8!+wL=qh6nosUgwyHT8fhP-L$Q}nM<dRsGp;!c7
z2ExjNY`Bj&U2!5RxD5esERfRx`Z^#6e4kS7FSkWeU)K^N4^$=>iIZtV6oX5^<@khj
zx-rWaViKfsT$=cpMj9pJ5YV{daqN`SKHq(j=@q2Ni#Ui3wjzUIIHr=2q|A6J<1k`>
z!V1cE3YzHGvwEtasWjMHH|snQh31P1jV^H@qa-&XDf39mMq>izO-?Tr=DxQih_NGi
zhe-+!{d^c$EhFY$3L_6r+ZL4`PD!bSDw0?ygm`hwQz#uHu0fP@NH{>P=H`%(m6H>P
z>@mgGH&|dav1!M*Xkq)Ya)Q7#AOP{A_>&K#S)i-nS2WP?f5`%0+$XNb_QC2wJE{hx
zimn1f${MNcs2VUyCf;HPR%la79CH^1Gc%2~HWEb1Y%(N2YNA2_wL!lqM`fHviqdrE
zZZe5xER128x1dwF7aIt&euPUGuMeereQkOc1@C8MNMpJoG6_LS-S@h}G*1tr#2}Jc
zR+8kKWyJWr?lqF$93v0`VOoeyF@i7n3?0s3NtmQlZioEk9yNxvUiMv(zZ5|wyxhPB
z;hj<^TT@f2j4C`M@PvtLw09K{%HK*ItFAUXcxG(9BU!)$C}^MBtOf^sT}zLRN8>vw
z;Q|5S5uK}N7qmR5bpmR{ErvTfyJG14{)W%(&(K?-v1cr8eW5L0!^kc)DK>>v^k(x8
z8u!<n7Y&DU77;_bDT&*An+<0T4(v2{A_mjLbvGlwy>ayPWRV(Yvk7YLz*@mW;4;GT
zOc4>(flI*NCpBi5d9i?~&)kflV2!B$5TmBtHW6^vp{7uOjzD(!c;9GJRzyNYW?_`|
z^brSKTJs_7^BhlV@O$6%1_s)y*THuOX!<;V>_RqK(HH5#;W7=o4bB`#v^<}Rd&6lV
zIRbuJ$W1)S4lm5$gJF~#2jUEr_<eQ<%U?Jc`?n0QV4A$li1l@BVw58h=4Vbh=Qm`l
zI)|K&K=#wKYXxm_ABxKQn-L-Q)6NYx5)N{)ml9!3a9<{@2u!8SjZ7JRXvIqcT4X`7
z2e?A{&0UUgc?TmP_6Wl(fVro9xDl2qyiXn~_wg9Qvux0!|GA5DU68r^+VY}>D2WKN
zi6GxP49?^6gw$gymaDQ}BQa@CHi~2}(tsP-1t5rQB$leEHB{s!0!z>WPVW+MT(S!T
zfhhpACle%YGij!MYtyKp!orw+FA3XXHyr>lB0Pwn_V`>jIewVvDfA!(mrXI;Rv!l7
zfk}c?W<Xrb$L7%WanB=)gPWR@Q38sBnhfx}<-K!yth_Es8<d)c&y|G1A+%u6TvLQW
zPc&Oxmc%%yZ&iS{VYq;Lg=BmilLd|0qU`l0f3PRce`#%gW*etP+TOcc#PJdFFnu`(
z8KM<d5b~t7h!&Jvf7&qf44o%p6X}yFTmxNko9~UcrZ|Zj>_}!!EBjkR^35KTRKIy3
zS5D@3>AY=+P{JIUQPP)XW-gi}T~GLUNF)yVL>n2RTo!V=NxWsqykJA8@>e?9f9x0n
z%Y3Arcv3&3;k%PAYt*f_0?1gk5~d|$;M)iq`H42(8AMkWNBl`^mc()lrah)I6u7Iu
zWW5sn5y*j^x7HFV=-VWmSJH(lugEem^j1g*5U|jui<tzN{D=vI=k2xQYBGBf32rn~
zN+Qkj`qLEA0bOJLN9r%?Div*G>kXy5f=-3!L5J+?*~eq@Mz##WNjOSMWqAOh{p<31
zVS;vAONVr;19~kgi^PJo3bzn1K_)7dHzpyWS?~u*nI`8B$ktFPO{kY$;8Z1CcrZFO
z1UE`X&$+c83h382W_)#vWN~P>ai2jd^{(=1BS??t-Y?@8Onm}ClRXN8AALbBeO?F)
zon-W+0xfUO^4mZl0Vngn?JBu1`u4x19NMf;1=9z}%4K~~(2sT^yyOv;BO4X9nCjB0
z_-S=7TP4fqpJ7ro-sU{EE4fHTa->|4I&>^SqQc6Kb;0~AugA4=sSai#Tm_8>&vDOF
zqdvO^SQD_UB*YcP#zN+S05g(|Tplwk%aL|$h>E}R%8J&rPPnvLj#xVyJ~+2(JoEwt
z)WHY`+XoQ=Ze&4GBHwDk+Y$vi%k<Y*Sl_+9$2!L<0cw4wUEHD(#4_S9@I#E7a{&`*
z8b=P0@OXy~jQ)P7QzRFKo}dEP$PEKp;y*_%gPFL=PG3}v+YE^NltX=cXHMeGFm(i8
z4vlO!aRyvHp<K`O4$cmY4{`N)07!Z)`z&;-ygv00H8a>|0JBLbXd6|&@52vSz_v^g
z-MrCFJN3$gDd4CaaGx|lPXpyN7#yvndx}o2EZX#}j7E)7p0~W;dJX?fs>q^T@<ndK
zslGF+f2f({3_2T3GZ_$!t)JwS^wE!FmD#5zvFNw(=f=dMRbx=(K`e=(Fsf4C82SYh
zHlxwPO|-P4s{RH@E@6m@+fYVAg12x=s}$*K_}#GYDkPzOwj3x-`EtD|5{J2*@{3>^
zY)S}*O9v?Fy`w{nsR>W1!&!oP%m@K#nCrobdM|J6yu2Z&m@!yfp$T9M8otz1L#N5L
zm-BjDY!Y?6BZz*Fg;pC$oS;w&JGbEKl?P*^`Mq>*z7~sYUo<&fU<Ra(n2;`YE~JL?
zahGN+g3+B}KR{@GZ4#L-fHJ_bpKf4iLn&QgnBPGlfa87}<=Z%OLR`@I!m+b~dnKOV
zwQ!I|JH;CRfA9G+d569URvbM^k2@EaJWssSJygGQ3RZ<o`1-c|=EPFMe#Srq@fa{x
zQmGdJcT~teuGx*Tg1W_!<9)4wW&u*_aDqx{U6s?@NyULQ%s=T=o4GI2PmB9&(&)-}
zx*1uQ`U^B|vaOcZ5>zq@dI3)&+hb<CA07?Q<>=gV>O!t<gEA87@0U>J$W^=fWAyd)
z^0Kd+!H-f9Q(RRA(%zsTwRhsJXG3z6KS8F=PR^!aMSJ7BB8-AvH_8D-#SKA@v$m5K
zsYDU{3^A0PH#dp2@;8h4Vr^g`hv(imZ3Ef>cn%|dk&GY|KyW^^KByn9>7b)VcIKqt
zYpD-Kp!E0&>hJ`WIko~v1<5m}0O26tBe*fs@z4_PVCb7;Ie|#F<p|vX5e(xZBi$&B
zdZcQrM;gYDGeBAhsx_N$oiO)Tza$G&i(%$Cg3sye6oVQ#yON@CLs)IcRm2wn<b+4V
z$cGp_&2}D7qEL#SIyS@=6k7Xra^$?dq={{nh>4xUUtFON_ygaVJfJQXOq4^1n&ZkJ
znpv#Ztck!}9Oazq|6rgi;C?OnK&Mh?DJF#E@sI89U9b@d?OX1g$1>+L1-=K0dt2iP
zx4bGCER<z$)EHX#mc{9fz!q_}w3dnt`3dd|+}XO#0D4VVqz*HBXrZ;%3Pqot%UMcT
z!7CdX(O03!TAhM4?~e{N28_Od?r~LST}$OmwVM6;X)!zS_9Du-Xn@AIt#aHfy)J{y
zqIEGrDU@Z?_6*%bi-8FQwb6<&r2!6nIx_IORka&%EBU_S_`_lfHYB~*#K?8YQYc1r
zkJ1i5G4?Dj8$imv+tHyQqr<xYqcq&&N7k*j6r6PPwp&Tcq0eN7$xU1nTbD>cjRWLB
zBWN1R*pPwm-r-=NM$_cfYl1aFb{6tfGD7HFNVcUn?DKna_#!ab-<dt8ic!88a%_pT
zqhNU^O)P5)A9v-<hD~b#9QWvx-@uB%-WaQ46Rz1dqAkz)eAn^aT|u2G3o=0I{`}BL
zGmR+GO|b!e21F;LC5<rLNK_=-1z2RC6t={h`9>t8I*xA&yDgj99#tVZT)Z|8P>7y>
z-fJ%PGfV}XRJ7{!mkqmmG=~o;td<61d2My9KOn=~T}J1(5Y&90X9zabU!Kh44aZoz
zzR?IzDRCYtq*!Qxu{@^{Ni0LRJ!Q)yYhbti&YfI7IefT->T{)cLbl=CE%1*6%fvv?
zl7HV?hqKxG?6BqlbS?7o-uhXR8J)z%>6X{Sx=a&mUktyLLez8O1)C6{$=QOG-GZw%
zUHQv1Gk&0V{RD6Tp*#PZB=VGyp=C!=p~=}Rdyc#q%=DK1MRZ;8rng|%=)Kpj0PEN0
zQ*W(^Et@HZ5M!UJ8pz)|qOr$3swo<2!4d)ILna;*f|$OcaQ^@YKBcGNVc2vix^&^b
z1!61^;ykfkqX)yQO+BFGv|w}-ufJdZod6pD1hheP1EJwPR|}>&YID9n*i&ep_09Ij
zdf+HD>wJaD@9Bj%ePq@;3Mne95lr6Q0q;?D6a;Fug4F<Xnek=So+QJIScsDX%6-t5
z1Y>IOkOID7#8U4dN^t3U+0-l;!tPDD;G`L2$&SB3!yZiFulw~;P(ZH2Spf#PY6?s<
z0JxZtL)Ma4f#%85D!#3k>-DqBQ2wCD%yYnsnCdp5Vs=N1GjXmpzP+O|>yU^P%7#!A
zGc^Hbw6lIFka)HIDiOIX8y+n6?yTUz@Wz&t5(9t^{7UU+6Kw+ba9<RR<Yxp&b8FfX
z89+#WUwT$mm5&ug0TNy5Y@qzOq#1;VC9AM1tq4Ew#mk@?eipelj%u>4{;>hmoIiz)
zch?`(D$lbq%qFcRVL(7iI7vYVfjk0@mc)Ss)7z-)Fgp0(Vsz-i2_>kng>=DEfCp%`
z0_%>j6yv<RIKgdSuDpi_J`(WeRS76aibNgoFhxq?%F$9ko$VX2bX9w!0bmuu{=mC-
zkvBD6;GBJbHj*tjbK*g)5GI5QaV}}KKdHZz7){$Qxo|ZkTF+_<%FL>iC;v7uNM33n
z({ivXbJ20h$3(;6kVyAkpE#Ve95(FTE=eg;laLh8A97d>mni%AOE)2z*Eth;_55ix
z{;k3U0eM0`K*+=cv<YeZ-0P4OT}#MSD}$AV0AI^o5#S#g3bTBGg&sJVOvr~ea^TGY
z@c@Z~*=x-9<27oBfOA$O80bK<1@{18V<+0(=p|V2lO#2jkV)xPy$WLB6g5S{$DaNz
zM$H5k&4D`_7B1qOUu4?IA2X03EaWUX<nNm@OX=4M`lE28OF_^>wr^&NQ7*rG8A0MQ
ziAZ|7^1JG#xcBPBIdU$CzUJtup=6#`i9NLBN{vMnA=b8lADbRuu8%P&t3;s<NQULT
z1c)oZ{7LIHO$dvQ6eG00PEFn;j$xfPvz{^6ntP7ha9XZ#8#|fH2wag*<WVhKrY>Nd
z#K|JC=BXt3Vk!LlQIYQgxz!q$x>(J3`YF2L{~!nPX~%^@h=%MGsMu2<0lkq~qgrxQ
z=D^BGtlinuA7w3wt**ryWG*5>i=-47pf4bx%?<n<#u`mbQ<nxPeq0fIdUpFiSr{5&
zw9+7($<f=0;n#JUDRUOIHN7#$z_*|c5*vsQ|BYZ4*)ZU!9Xm7p?=fk8o1{&Wg8iTI
zn8?|kb_IX+MZZx6LKsz1B;Bj06q?)gtPFLXPv}ku5nys+0rsBRO6z)sYR4cQB^wFT
zuDfEah*pA35hhq63)+3^V6XK}9cC?U>~c0R(nnF23!Etwb6ht8S#ys|?lbby3ux|*
z93eo2axTU!eV`60pjEj*=Ok(q`r)Ya0<^5JB)%1&vA}h{`jIO_QMj{#LKoV*tcr!a
z4|a~V-u~gzcan9TV|C*e<gN5TJgt1`bt+_zIu5<ivzfH$9laijN}Z8>9Qb!Lf+`zO
zrY~L<%g>)KBY-(*Lkf0KzA*S3SS=yb@GYTlFnAu~P_zrnUswA5KCCF(^pwA0djx+1
zksLgMJDwgs7k4=hg^PTivIylvqxuey<gQxIE)e?GA87a*O7!Hz!=Ru_8ktzmhv-bs
zj<<E3fzDTedlNO)v~!?AbN=*RN@$z$f&JRbxA2q9oMHmD@f-nk&k-NRrcIxhzk)2p
zgAcF9<P@#m=Px}Z6es=QcoocQ#1is5n)s@GSKTt&mx%kXYL|lUPj0BB7fWPcwY<4H
z-p(ktdC4%VBmyd(|34h97TxGjiCxS6$}LF?&v+OH{Cog3d$WDV`lLw`2mvq+=m&O1
zwL;l<eDhmxzR%*O$(AvY8b2EMj+0H_{eED;dbQN~G3mkDe!L>sjgBd;lllTb!Nr0i
za)nhw?$&$*-Unl2<%#$()dtLLBZQ3pX(|J~B9k&<NmG8L;4R<>c$*C^3AvRlwFp|E
ze)Jz2+YT#Z_w_M}k(XC7T!lUb-<7nDy6AP!3Ian|)(hG1CwJ{!(Q!o^>wcgWdW^_W
zTpZST&6OyQPSiFoq)c?1-S~8dyNUueY`g+D!qIvlv8Wx8Sf<*+8MDXm?D7kP^i=GT
z=PAQ<izR`|-j+^Uusb}^c)6P#4I;;u!EJ6jqQs2g4arWFrX3KB%Q<xdZG8@jJPQi0
zUHo};ll{h18FjU~TX(@@a)0#Xj#c#0IFq+vz@3rXoCx6PE&WW^%K~nmrUR5M%9JQ~
z`1ioEku>#*tZ1^rH~AAEf=qKA_o5`=eIZS@s*fApD54=J6M;U=8X|{*{m79eN?1_*
zMqJ+NZX<jQ=I8IXRXAh<_eOf}uyx$>_$9_BYe)Dmw(|ZP84n%W`mm)^is(jFe@Ysj
zuPi2UWrVOX5+Yc$U=TwdzR60K$rdqY3BD~>d}0(u^OVU8gO+@%{spwdCl>bY_%&J|
ztd6oho={KZ@}!L%ldJ2&&)G#_WPfU|E|&+U6`&IdRotD^(6PsppBX~f+LCaWQzS$Y
zF@OOpE98d$JPri!x>w3$MmC}|ZvoiY7_&+H&D2TsQo)AG@mSb@nz~f+@b>&lmoMky
z(5kFW2BqgGp3{2!dK%%I1=BZq`hQjiB(PyKP~1L0`QUZ}u_e{3?}6?!!MDVj6G?=@
z`TmJo5h?}_f7(=Y;QvG;%z3FsgK@mVBbxw;+B;;F7uos=(IN~NQG7-pKt=4V+8cnx
zhdt%O(8#k>0+>sH*a@lQ>9L6oZY+NpVcBvWS$dx{KxdN?1Eng!^&H%BI1(lXDL`cT
zAY9MLf+4H7>wK3z?wOv!^1P-8dZeFW@6l{kc@1}mKJvQ#Tz>jI*a;U?LPm{+(4=Bc
z&?qo7VawSop0g_{)Pt6^KuAb-mMRU6D2m#&iRHEdrok2TSyESSsfhX`^@}S?c+FEW
zWu=yI%W;i6u>`wnKh!Ib7TPwC3vKX*@DIQb+v3m$D;GJF29&sBOn*YqckQ@nNBMaq
z*cM@kY@jCyijpkn<W`J?B;Al=Mu7-eaA*;^tw`y@GwLXSLDmh7=uVg`qCz00Ib;w+
z^4M*<cj(|p=nwT_g8MgcPKVjpXdD1mHNMeEaIzn^TK@V04%J})D>2V9GRiN)JSyG$
z&%o44o`GWlv0;&nESFG$qWLg8XJ<65<65n1eP&?Amy!ZOnR{QnsSZ^jXbw@kJ_PTS
zG#Lv)Gwr#NaUIA!;3lrpqa1eCm8<EeQVEk?+0QNA^3GyY_B}JWztQy}<TiiOk+ml!
z$w}bhSuf}sGD|c4(0~uuS>ZwA)>&GM_tTHh_3MirSn6E~^DHjZ?Zd!?IIFoBGV~a^
za>f$B!^t&6!17-QkK;4NI8QT(1;Zbf7dwR__r@CvYqlLlz46WkmI*6i5+WIBGH#RH
zUNLe9xjZ)jG4iQl?Ou9|<YF@7-ERRVlEJ}e7ECYuE;g{Xgl2Z?DANjrLSnkSP#3z)
zm5B~mq-5;vwF3nn&`;?3g*tGz%}@W?{1UQe0~CD1*w?;)<nN%uDZrpPrgDb=U>rUl
zXCk{85&-H4V!i9EpcEqey2pv|@5{_FjfBhWlstsOC1V68=u!}1CR5}-T}oA*(kC9Z
ziw50g&z43`hzhZ2^o`48NoqZ<EIC3Tlm@gWAsQ3KzXjL7)2fV3#U}7-2ypDo&Ziiz
z%mu&VcXew5aya0?sYwjar9YM&_DjsuV92gaCZedRt$++UteymfubgAalN7yR_C7gS
zHNTjWK#9NEAmFhXAn+a!2}~KRFVGn?4g>SN<nkauG6dF?E~KmbWj&~<+JuNTw?|4L
z)J5W@l%s$*^N7O<&1UrmgWO)0R}9X^%)PGZZ;dsa2|d8RE6XG)FfsG{oe4o6LmwGo
z99$tH6H<&&q>*s2?mUd*Oh`}I-Mk}J?xheMV*o;nn8O&59Z;!Jgj_O&7!cVzurCs{
zRU|;QVwXCq()Q*3wQPfW#EnW3#1!Zhe}jFIh@<dM_jkjC{U$S3qQ^mI*^8@5odq(0
z;GxMPvM<KcTCbQ!m1=}g>utKO0q%6XSicA%+Dez@&{dJspEgcF%(GWxJ)Cx?2vbt>
zPks{tii@<X)7&8Oje^dMl;y5TK#bD}58jz$KS~47HFiIXaxc`d0?-8T-_{Hl12a|@
zR#ho5?pbT9>3tMyjx2}giUfg#m?d2Ny@P@vL5E`_$jfTZjoGoPFGh!NlDG6fEP~>7
zI5$9yEqe`0eSsXAm1KK#m;y}m)5iWnAHJaY38cI;r;m6UL5d7WszW3-7f=IMgr1@I
zR{*CDjwcTc^N++P<Tsso91UK1b-L>D)u@Wlp^BYo@Cjp14Km3lDZYExSOfj*^*LQ$
zI<IjCuIPFkN&H_?iCpeLfz1d|{8exw9<d&2Y7qp)`cT6>uWaVl?8u*YArMGS+oULf
zi>5}2K9n*iq)nA&b@gpa7BvAm@KM2SZLvRJ#QTaPa?M0&SN-9rk=Srwljw0!pYXAv
zu6I^2dIRlWJ=l<zHx-UA?x9D=f1$OJFB=O8d0)c<m}!y^r2H|t*cdQ?H1<S4Dyr9O
z=^8M%U7c+R2R-sYk7I?gl30`W)d*WnJ<|z^dtj{3$0g`(YG6p{`Tjw+om4SG)W-Bt
z<bVi`ye``>*yoew^G3D_Q4Zp{QXL`PkHQFq3V{hlOFJ~u`@&G0Q!IL-%bXNMie|JR
zreGA(O*&2mU-4@_QII4=`i;Utu!gSkBF&Wm?5VPGWm6R}vR5E_$X9R;=;QiSW6;-?
z!u;O{x(a?;x^~nbjSrO^DefnI;Hc_&EGHmcg!XXzAbBz0qR<9Ho+=pgpIjV664M9G
zobpc~9W((iRBPT)UH{rJESF>G89mf5$#F@seB)i?Icw6|N^Y~LbH5uXWtX~(AaQ#V
zMu@CP(P7#h%fEPI7vR)@MQP_q>xk9N&QQGsX1L>)2mj4|jK~=*3*=qk^<cM5gu}hw
zd5?V}Mx<d5Xf*G`zd=Kq5dHos&b#T{C!J!stqIevNR}akHoQ2*0jD01k_nb)AhD0J
zZLp`l3t*9=5-esl)ucd$n*}}un8e^kqmdL0Xl4E&L|P>i6YdEpwgsC4S2z7F2)CF4
zQF}dl#CvAMiI;^kw3t*1wroCR=L(7wzDq-Xk#06|(Q9m*=1Mxw2DaeEQ0~Y@QqE)e
zS|pdJ0AZ7kMDpJhT^nw4VDLO)A`%?!oTi|%$_)5{)y$w*aw^e9>vsAHqi2rA45y>%
z?D=*o>2@&0%J@V^baMk>Py$9<4mAnsffMr}PRCi80EsoL)52O}T-2=F1>WTluchM!
zHk_>(5Swt)Z>02Q&RB_RyCK*$kgUo$*-pC&I_p1ElS(j2j3E*bjh3q;<wua$APnzd
zIv12$wT2o{8a6YS4eVmNwWUTh63t&-)Kz*S$3O?j+k#?Coq<D1cA#1LHCD}Rl5=Kg
z75S}$5Y$74hR}rhbJg}-XJxP<EJL3oG#t{>n4!jYdm;_xZkdy*V9qCU4=zA^l3Atj
zWP!^ZU$HUV45gjXPEg7y1>$n3w8ySXCOpwKdW0ZA$T~E@#(#r(fsLhY6*iK)WUsHj
zO7GMoqMdlFQAq%)lvhCnNEmP<2}XiSSZXr>-tU0iAc4MAT>-J51C!{xPejE!1D@<u
zhadVE8!7_^<<VTN?^*0t3xGO;K~=4q2Iq~5rR}g9e?P+j5lXzrGmn2LJuNUH&E)_N
zLVQ0>;?2cjxG=700FTaS78SS9j%45r#;gF^5y}BYH4*@3yq$o%r33-ChYt*n0vyMG
zvrq(o<5ZL{{L!92jaoh#9shEZo3Khh?XA-H*tc~mSD>Q00HeKEE+$jW{ynEKwGkR9
z@^6d8=y7NrNNK4<fvn~vhOQtodvI{URwiq%gm`L@&*1-L?1||;fEzNtkehV5Eg)Vk
z6$S}-K`ESsfF%K=WGS};3&Bd`INLde>dy2tWhk~yVqc~pnVq`F^_L72uWQR8C5%LI
zQ%~=w>YDSQ8zd(Xl+js5z_e4awi2#r$M8bJhGKr0@R{2**<*2wa~k&xv<<;mN&ShO
zGJY!BaeI2U?6jsNYJ8IKC6ons7GvBkEdU>OF7;?3U3z`1TBYbw;<`(tOwW+pnS%#3
z$LopEiR*w$WG|MOThxV}i1?_46&Mj47c?jO7wHpzP)}vvtjhcm>^T*E)jR?Nw_VJH
z(hyf&8z9CwR@|p!%gwhWkz_rR+lGfiIR&)phPlmsr)V9-;umGc1K39zvfxO6QPga>
z03Ql7m=%%3;@<I?;W5SovX8HDlxR8ZXU7eW{qz5O=K<*~tbAw4)F<jr;mG*6j-IG}
z@711?s-Jw|J~e);0zV6F$s=7fj=|oiJn5LcYp(IY$rS&crK~mT3f-ajIAnJjm@!~r
zvNUcm?3Z#jmBehUPEB^%r|$L;VLt-~2D3l<oXK()%~E}}s~JsvG~u<>M=}+>oZW-B
zW7r*f;Gfacn-<D#<{d9>uIX+FxaKgJYJm)wDDM0%H3FZy!IXV46_!}K!3z{KRynX7
z8P%iL`n8lvs8|?0kI3bLIi5@d3CX5dMj1=lZAr8atH3Uzgp*A5YVnA&WveVSRe_F+
zKBu`{E5o8(9}y_j1tTEv;<7PG?zVX5+Z(9%hbbM9cR2Hb$s=HtEJcW;j<_D)6#)T4
zfLP?iNe$dH2-HJ54VYa+XpAcx*kQoQk&Hta#taSgFbG+$IOgd9G;INp!w?1yi{LHr
zree(s>|1cNk#QoT3b0gxLt>7_Op7=c?kkK}z^tKJ1Sk@OBX~}zmN6va5X4*wLlPuN
zkuU^j6Kp&n`oj>0_zgrEfIsl#!&C=h4RRVNF#upN!a<IMJcbhw@HG%<u;T&FgFOdt
z4e}dAA!tdEjbUg)LIgVr9uT-Kutva{VGaVC3OEpS7E~*6Q=qY+kRX5{{K3`&F$0AM
zY!7rEI5coj!1n=z0%!>!I6#*J@CSei3=Y&51QrYwFdP^^pke?7K(&F~03raL06GD^
z0j>h)0YU*A0Sy3v0AB$=0M-E40cZgm0e1s-0cir_03iWv0W=2e1~>&C2C!rRp>L5(
zTWCN~w3r0IMuFNZvJHR=ARK^l`#1D{G5?pwKS_MA^54V%0DKehr}RFC`2XTB_<sB5
zf0g^s**z@wJIKCS<c|paIr2Z!zg&FZ^Rvv4G5Dj>?==0w^)u1m5PYii@6f)6_5Ydu
zv+NIZ_(Rt}Q++LT5!n8!J4x!>sE&v_3*cXat{Zq5;17w;B6$epw}$Rg`0nFJg5D-L
zYvw<P?hg2k;Jce{8#u+_%X1rq>@(goc5TeJjM($AJAZxZHZN}RzBc<i=I(j3_WGND
zY}aI)!r5;Ao8#<+-wSHK*6o|xy66e3)_}cPb?neVqF+JQnq4y5xN@Ck7|Fkp<05`j
zyqXy?a;0Sx%D<bxDn4sWggI5Rn$ESGt235&i9l3302K<BJuwV1Fx>P0=_>ZI6WVGU
zO#Nk-YqZTa3{!84P0K~GsI#32<+_AsXU43wILwZS(8n%S9)lP!Dg$$e2$$9$E?^Nj
zql4do#<itb;pZITQ?vU-Hk7{2#(q!JP)EC%!4yy*HfY2j*hQJDEnP205i$CT8yKnr
z&R|?b4Ju$VT#pVUE04I)G3kZCHzxHgK^rMf835sQD#SEl1wh{DcFD;!kJ+Tp0CB~x
zxe%Q`fRK~jADo1}$>+a8qEP(bD2)DpP|$dp<`TZ#bY6^~7Xv_Lle)77^OsVhMOm(@
z??8O8kA%}ZWpR&2v!7qFSw@TF6d*=9YT^Rtk(n8p=CQWvt1Om=n&5uP;Gi<FE_H<?
z&C$A?6ps6+s_UO{EDkXn{D_Ak1~u9YFheG%s=1s51P_}~9O%ke-#DHVJ4L~%?k>T6
zMRvbm39kbp*KB`qoVg12w52Z)T}`X41P>D|q_%K#zuhwb+BpEogY0E)KnSy#@+(m5
z20@LG@LUEvk`I|OIUV^^0_YtG9AElBS!Dsh%k^P9r0moJ25Lkm-gh#ig<tV7v`Iy3
zd3t5#XoACmt8255R4kxa9X7c*Yyxs%&d;f^>wBDhAOj0!EF&8MxV^-m1U1MEd?H7}
zL;r;tfFIT|ei3-Z@gyM=!%Ba7Pa626JRAA`V<2D<{RLRT@0o=bE)XF)nFtUL67`2L
z{?_Q<qIOyU1qoDWGBN{TMf}`X{{rBu(@o7pf>z_`Yy2t+I)?9&z#z__Q%L3pnhN}U
z_rN#WU)kD59D4whbSYERHY01jM7id50EuI1ctl?<_IT=Y5vP>(sNN<OW;PZ?!Nq6@
zvOa;RF_j-T8_?!VN7D)6C$HRYyy%MdoXQ-5GPHrjR&KE1*3wu?hPm|833)bez2l@5
zn#k&Ja#2PDT%IYU%XmZ^tc(1NraoDT$|lx-%3O7|2<xN|g9l}S@f4Tj#-G&n0xR@J
zDFPWb0VoDdx}Z}=_2FI}9?T-}I$M|lYDEp7004}1PGewDY0zW|0bPTcX4@j<r)zOB
zGhQRFDe>kB&U5&F&^kBhm5y{o!y!F+4wdxXoy;!4$W`?_nL(+bK_QDAMUV1O0AwZ|
z6j)s}9YEZbY-C^Y)9Ej`aS&~{sXCG2SS3ce$EY;Yv-c8TlrD$C85ATlLZpGP_YWfi
z`RQ?z1@zIfa{yqfsUDMEPpwuX%XHdO+ASb3EPi1fBPocvfgsC0xa^CG2SWBPWQ&GS
zpCXPti8b>WkYbf#Vg%A?&_UwUsUQE_t4GX?7QqUpKJ2Iw#%)Q4Ft(`9Ja&Yk{C@38
z@%T`)#wWy(kKfEH;ZBQ(m*Iq&L=<)4D7tNO{SsA4Fp4D?(Ex6nQS&f3TK|atgj`fE
z2|OX0(&(ZqxJd~IANX&dvX?U14_<~h2(lP6k^H8ep;2HW6<hT1imONo5oB|bMG@a`
z#Lgj^XVeQ4Za~Fx&wUn%^o(Y8F)`=C6v*v@(L?R;IJbtvVC>oPo?U%v{M>|{sU~;p
zLTv$OTx3H^4zNUn4wUfo>j{CEvTC@C+cw+cW*ABH6u@!M2EdBL?1GbL_#e;7YDBas
zic?MTazk(khXSyPeDom_I~wkLv?Wr8<%egEfM!*M9^kl$><s)t${rCVYPkMa4qe||
zaAZ;PGdOrl))@{&=KbYE^I_b&+v)sO*eakJEuTMFdpO<K3}0qTT$6pt=)oXQa7<`0
z3_qg{T_Koqnwja~buX?Qflt$5%BYN=^^C-mWBQo9UT&W#8;ZEqwbH1S6!8FNcIqK8
z*i?p1+RXp~v^+u8&?5jcT%(1Pg;y;gHk;}^NHf1<u9G+;RphtcS7_pek#oQ}0{{Zx
z7Ygy8>zsVzaP}S!gc<n-P#@Z2g|MGNh9)SgEqV&*jY&(jl)!io3?{XUWCF*zqR2#M
zwNJvP10mPwk#w|Zh_;<u1R_v-Ya<4zuI%S1-um1;5?J%v2Mb`Sk%ysYQ##5zjE<cO
z4dKs})hcFTZWs<zYmk&M?a<jUHD0x({2o#<c3HuZ=)?HCV}Zf6XA!arG9FXtQMn9g
zfCyh&yo=7IX5U@AwDJzSHiJa1%@u$hYyrYm@H_y6L2%G_&t4iufUzFVBYlxQD}Ykc
z!mp1gBy5IHfURLXDAgNIT6p!=47JD&W@rkWvM{Q-MRMxwAR2}N0xit7%lU$V%7a}Y
zwFM;t1gG5()^>D3;Czy#58RTm?`p)RTS8I<-sC3+*n{A)P*rU!@Npj`e{x9xsif2v
zTW`{q3p<R6f~aRR%^dc#!D3~xyW!cgN6^V&b~8CFKvj@q-ali}5n-{gT&CV4p2=D}
z9g^m_X6KZ*%p=CslDP})s;)w%aJMb8L^m*`a$#Z?Ki1>^?A!Mk60Q{(FLt(&TVe9z
z0-!PiOV02JcNeq?AbJaI+B9xC;LB=}Ho0vH(@;Qe0zq~-8ckOa!(u@Wou`p_TR|QT
z38H`lJE$G{q1egUX@&v$x7wNLWD#j*!D58GLv^bT+jpdKBrK#SsQsWK(+RO40VA^w
z0nA7MN1Y1Fc#5JkwD5TtHG1t;lo=i)U+kFG?1Jh11h9382!marrRE2eZh;JGh`wNO
zQA_~n?%97HOKLA^#oG(5*bgSllS%rOc(S%Yj00cYR;!D9G_90{pfq7D4I*$k?byOV
zR|epi%oIJ{ou`5zS!-_dnxOa{uNv)(luMo^5TCOItq}2}sxCztLEzBGS)Mf6dzaw<
z!GweAgvFYJu&mH(Vl9HJBV%=Jz~~i%nDGIF9ncTET-AQ=fv{L11&K_<cvtPj0KcSJ
zqHGrQcbxIF-!%7A9gu^H_1}qa$)EsV25=Zlwv;ml`17G-=5A8~V@Cyp78UF`SCFAx
z5v?-bmG+t539aexV#>;ei!iht(!De;ym|y7ksL|^5Ko~B-vSh80++s?unD}bZaYa@
zPH4M$&fw;xEGN3_H1vHW><%-+dg7dfW)F8$bB+h7sThoOtteO(v{&-+iK}r$%G))#
z*Nhx^!ZMj1VeG?EkWg+0CYQSX1t96fV9^3c+9C393LU&CHsFCa1q99$`zTMsEWwLc
zxsw1|A?k8-m8HCrk6;K7dhNDJN3R9iws%6vTq_}PtR2CZ8TG;ltZ4<jHrnMp8#XOc
zmJK*YX~mYy4EVnTS1tvpiqxTi4NA<Nfuts_IIP*;p$5w0Y{80vN-srDhr7*1GK?Wm
zpc7{Vxs4*qJPbv)k!=J@$XqyN2<nGsklwVJyGU<ZOx>I}sU+^s8`P3F5QxrypG1-{
zGlr^7$Wsy(lo=xfC~BpKfg<2z4OEeEF@~x{Pi7O#CvqMJy+f+}=CB_$&IuEslB@s#
J000000038FvZ??8

diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.svg b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.svg
deleted file mode 100644
index 1ee89d436..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.svg
+++ /dev/null
@@ -1,565 +0,0 @@
-<?xml version="1.0" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
-<metadata></metadata>
-<defs>
-<font id="fontawesomeregular" horiz-adv-x="1536" >
-<font-face units-per-em="1792" ascent="1536" descent="-256" />
-<missing-glyph horiz-adv-x="448" />
-<glyph unicode=" "  horiz-adv-x="448" />
-<glyph unicode="&#x09;" horiz-adv-x="448" />
-<glyph unicode="&#xa0;" horiz-adv-x="448" />
-<glyph unicode="&#xa8;" horiz-adv-x="1792" />
-<glyph unicode="&#xa9;" horiz-adv-x="1792" />
-<glyph unicode="&#xae;" horiz-adv-x="1792" />
-<glyph unicode="&#xb4;" horiz-adv-x="1792" />
-<glyph unicode="&#xc6;" horiz-adv-x="1792" />
-<glyph unicode="&#xd8;" horiz-adv-x="1792" />
-<glyph unicode="&#x2000;" horiz-adv-x="768" />
-<glyph unicode="&#x2001;" horiz-adv-x="1537" />
-<glyph unicode="&#x2002;" horiz-adv-x="768" />
-<glyph unicode="&#x2003;" horiz-adv-x="1537" />
-<glyph unicode="&#x2004;" horiz-adv-x="512" />
-<glyph unicode="&#x2005;" horiz-adv-x="384" />
-<glyph unicode="&#x2006;" horiz-adv-x="256" />
-<glyph unicode="&#x2007;" horiz-adv-x="256" />
-<glyph unicode="&#x2008;" horiz-adv-x="192" />
-<glyph unicode="&#x2009;" horiz-adv-x="307" />
-<glyph unicode="&#x200a;" horiz-adv-x="85" />
-<glyph unicode="&#x202f;" horiz-adv-x="307" />
-<glyph unicode="&#x205f;" horiz-adv-x="384" />
-<glyph unicode="&#x2122;" horiz-adv-x="1792" />
-<glyph unicode="&#x221e;" horiz-adv-x="1792" />
-<glyph unicode="&#x2260;" horiz-adv-x="1792" />
-<glyph unicode="&#x25fc;" horiz-adv-x="500" d="M0 0z" />
-<glyph unicode="&#xf000;" horiz-adv-x="1792" d="M1699 1350q0 -35 -43 -78l-632 -632v-768h320q26 0 45 -19t19 -45t-19 -45t-45 -19h-896q-26 0 -45 19t-19 45t19 45t45 19h320v768l-632 632q-43 43 -43 78q0 23 18 36.5t38 17.5t43 4h1408q23 0 43 -4t38 -17.5t18 -36.5z" />
-<glyph unicode="&#xf001;" d="M1536 1312v-1120q0 -50 -34 -89t-86 -60.5t-103.5 -32t-96.5 -10.5t-96.5 10.5t-103.5 32t-86 60.5t-34 89t34 89t86 60.5t103.5 32t96.5 10.5q105 0 192 -39v537l-768 -237v-709q0 -50 -34 -89t-86 -60.5t-103.5 -32t-96.5 -10.5t-96.5 10.5t-103.5 32t-86 60.5t-34 89 t34 89t86 60.5t103.5 32t96.5 10.5q105 0 192 -39v967q0 31 19 56.5t49 35.5l832 256q12 4 28 4q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf002;" horiz-adv-x="1664" d="M1152 704q0 185 -131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5t316.5 131.5t131.5 316.5zM1664 -128q0 -52 -38 -90t-90 -38q-54 0 -90 38l-343 342q-179 -124 -399 -124q-143 0 -273.5 55.5t-225 150t-150 225t-55.5 273.5 t55.5 273.5t150 225t225 150t273.5 55.5t273.5 -55.5t225 -150t150 -225t55.5 -273.5q0 -220 -124 -399l343 -343q37 -37 37 -90z" />
-<glyph unicode="&#xf003;" horiz-adv-x="1792" d="M1664 32v768q-32 -36 -69 -66q-268 -206 -426 -338q-51 -43 -83 -67t-86.5 -48.5t-102.5 -24.5h-1h-1q-48 0 -102.5 24.5t-86.5 48.5t-83 67q-158 132 -426 338q-37 30 -69 66v-768q0 -13 9.5 -22.5t22.5 -9.5h1472q13 0 22.5 9.5t9.5 22.5zM1664 1083v11v13.5t-0.5 13 t-3 12.5t-5.5 9t-9 7.5t-14 2.5h-1472q-13 0 -22.5 -9.5t-9.5 -22.5q0 -168 147 -284q193 -152 401 -317q6 -5 35 -29.5t46 -37.5t44.5 -31.5t50.5 -27.5t43 -9h1h1q20 0 43 9t50.5 27.5t44.5 31.5t46 37.5t35 29.5q208 165 401 317q54 43 100.5 115.5t46.5 131.5z M1792 1120v-1088q0 -66 -47 -113t-113 -47h-1472q-66 0 -113 47t-47 113v1088q0 66 47 113t113 47h1472q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf004;" horiz-adv-x="1792" d="M896 -128q-26 0 -44 18l-624 602q-10 8 -27.5 26t-55.5 65.5t-68 97.5t-53.5 121t-23.5 138q0 220 127 344t351 124q62 0 126.5 -21.5t120 -58t95.5 -68.5t76 -68q36 36 76 68t95.5 68.5t120 58t126.5 21.5q224 0 351 -124t127 -344q0 -221 -229 -450l-623 -600 q-18 -18 -44 -18z" />
-<glyph unicode="&#xf005;" horiz-adv-x="1664" d="M1664 889q0 -22 -26 -48l-363 -354l86 -500q1 -7 1 -20q0 -21 -10.5 -35.5t-30.5 -14.5q-19 0 -40 12l-449 236l-449 -236q-22 -12 -40 -12q-21 0 -31.5 14.5t-10.5 35.5q0 6 2 20l86 500l-364 354q-25 27 -25 48q0 37 56 46l502 73l225 455q19 41 49 41t49 -41l225 -455 l502 -73q56 -9 56 -46z" />
-<glyph unicode="&#xf006;" horiz-adv-x="1664" d="M1137 532l306 297l-422 62l-189 382l-189 -382l-422 -62l306 -297l-73 -421l378 199l377 -199zM1664 889q0 -22 -26 -48l-363 -354l86 -500q1 -7 1 -20q0 -50 -41 -50q-19 0 -40 12l-449 236l-449 -236q-22 -12 -40 -12q-21 0 -31.5 14.5t-10.5 35.5q0 6 2 20l86 500 l-364 354q-25 27 -25 48q0 37 56 46l502 73l225 455q19 41 49 41t49 -41l225 -455l502 -73q56 -9 56 -46z" />
-<glyph unicode="&#xf007;" horiz-adv-x="1408" d="M1408 131q0 -120 -73 -189.5t-194 -69.5h-874q-121 0 -194 69.5t-73 189.5q0 53 3.5 103.5t14 109t26.5 108.5t43 97.5t62 81t85.5 53.5t111.5 20q9 0 42 -21.5t74.5 -48t108 -48t133.5 -21.5t133.5 21.5t108 48t74.5 48t42 21.5q61 0 111.5 -20t85.5 -53.5t62 -81 t43 -97.5t26.5 -108.5t14 -109t3.5 -103.5zM1088 1024q0 -159 -112.5 -271.5t-271.5 -112.5t-271.5 112.5t-112.5 271.5t112.5 271.5t271.5 112.5t271.5 -112.5t112.5 -271.5z" />
-<glyph unicode="&#xf008;" horiz-adv-x="1920" d="M384 -64v128q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM384 320v128q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM384 704v128q0 26 -19 45t-45 19h-128 q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM1408 -64v512q0 26 -19 45t-45 19h-768q-26 0 -45 -19t-19 -45v-512q0 -26 19 -45t45 -19h768q26 0 45 19t19 45zM384 1088v128q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45 t45 -19h128q26 0 45 19t19 45zM1792 -64v128q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM1408 704v512q0 26 -19 45t-45 19h-768q-26 0 -45 -19t-19 -45v-512q0 -26 19 -45t45 -19h768q26 0 45 19t19 45zM1792 320v128 q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM1792 704v128q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM1792 1088v128q0 26 -19 45t-45 19h-128q-26 0 -45 -19 t-19 -45v-128q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM1920 1248v-1344q0 -66 -47 -113t-113 -47h-1600q-66 0 -113 47t-47 113v1344q0 66 47 113t113 47h1600q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf009;" horiz-adv-x="1664" d="M768 512v-384q0 -52 -38 -90t-90 -38h-512q-52 0 -90 38t-38 90v384q0 52 38 90t90 38h512q52 0 90 -38t38 -90zM768 1280v-384q0 -52 -38 -90t-90 -38h-512q-52 0 -90 38t-38 90v384q0 52 38 90t90 38h512q52 0 90 -38t38 -90zM1664 512v-384q0 -52 -38 -90t-90 -38 h-512q-52 0 -90 38t-38 90v384q0 52 38 90t90 38h512q52 0 90 -38t38 -90zM1664 1280v-384q0 -52 -38 -90t-90 -38h-512q-52 0 -90 38t-38 90v384q0 52 38 90t90 38h512q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf00a;" horiz-adv-x="1792" d="M512 288v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM512 800v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1152 288v-192q0 -40 -28 -68t-68 -28h-320 q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM512 1312v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1152 800v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28 h320q40 0 68 -28t28 -68zM1792 288v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1152 1312v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1792 800v-192 q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1792 1312v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf00b;" horiz-adv-x="1792" d="M512 288v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM512 800v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1792 288v-192q0 -40 -28 -68t-68 -28h-960 q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h960q40 0 68 -28t28 -68zM512 1312v-192q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h320q40 0 68 -28t28 -68zM1792 800v-192q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68v192q0 40 28 68t68 28 h960q40 0 68 -28t28 -68zM1792 1312v-192q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h960q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf00c;" horiz-adv-x="1792" d="M1671 970q0 -40 -28 -68l-724 -724l-136 -136q-28 -28 -68 -28t-68 28l-136 136l-362 362q-28 28 -28 68t28 68l136 136q28 28 68 28t68 -28l294 -295l656 657q28 28 68 28t68 -28l136 -136q28 -28 28 -68z" />
-<glyph unicode="&#xf00d;" horiz-adv-x="1408" d="M1298 214q0 -40 -28 -68l-136 -136q-28 -28 -68 -28t-68 28l-294 294l-294 -294q-28 -28 -68 -28t-68 28l-136 136q-28 28 -28 68t28 68l294 294l-294 294q-28 28 -28 68t28 68l136 136q28 28 68 28t68 -28l294 -294l294 294q28 28 68 28t68 -28l136 -136q28 -28 28 -68 t-28 -68l-294 -294l294 -294q28 -28 28 -68z" />
-<glyph unicode="&#xf00e;" horiz-adv-x="1664" d="M1024 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-224v-224q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v224h-224q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h224v224q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5v-224h224 q13 0 22.5 -9.5t9.5 -22.5zM1152 704q0 185 -131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5t316.5 131.5t131.5 316.5zM1664 -128q0 -53 -37.5 -90.5t-90.5 -37.5q-54 0 -90 38l-343 342q-179 -124 -399 -124q-143 0 -273.5 55.5 t-225 150t-150 225t-55.5 273.5t55.5 273.5t150 225t225 150t273.5 55.5t273.5 -55.5t225 -150t150 -225t55.5 -273.5q0 -220 -124 -399l343 -343q37 -37 37 -90z" />
-<glyph unicode="&#xf010;" horiz-adv-x="1664" d="M1024 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-576q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h576q13 0 22.5 -9.5t9.5 -22.5zM1152 704q0 185 -131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5t316.5 131.5t131.5 316.5z M1664 -128q0 -53 -37.5 -90.5t-90.5 -37.5q-54 0 -90 38l-343 342q-179 -124 -399 -124q-143 0 -273.5 55.5t-225 150t-150 225t-55.5 273.5t55.5 273.5t150 225t225 150t273.5 55.5t273.5 -55.5t225 -150t150 -225t55.5 -273.5q0 -220 -124 -399l343 -343q37 -37 37 -90z " />
-<glyph unicode="&#xf011;" d="M1536 640q0 -156 -61 -298t-164 -245t-245 -164t-298 -61t-298 61t-245 164t-164 245t-61 298q0 182 80.5 343t226.5 270q43 32 95.5 25t83.5 -50q32 -42 24.5 -94.5t-49.5 -84.5q-98 -74 -151.5 -181t-53.5 -228q0 -104 40.5 -198.5t109.5 -163.5t163.5 -109.5 t198.5 -40.5t198.5 40.5t163.5 109.5t109.5 163.5t40.5 198.5q0 121 -53.5 228t-151.5 181q-42 32 -49.5 84.5t24.5 94.5q31 43 84 50t95 -25q146 -109 226.5 -270t80.5 -343zM896 1408v-640q0 -52 -38 -90t-90 -38t-90 38t-38 90v640q0 52 38 90t90 38t90 -38t38 -90z" />
-<glyph unicode="&#xf012;" horiz-adv-x="1792" d="M256 96v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM640 224v-320q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v320q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1024 480v-576q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23 v576q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1408 864v-960q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v960q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1792 1376v-1472q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v1472q0 14 9 23t23 9h192q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf013;" d="M1024 640q0 106 -75 181t-181 75t-181 -75t-75 -181t75 -181t181 -75t181 75t75 181zM1536 749v-222q0 -12 -8 -23t-20 -13l-185 -28q-19 -54 -39 -91q35 -50 107 -138q10 -12 10 -25t-9 -23q-27 -37 -99 -108t-94 -71q-12 0 -26 9l-138 108q-44 -23 -91 -38 q-16 -136 -29 -186q-7 -28 -36 -28h-222q-14 0 -24.5 8.5t-11.5 21.5l-28 184q-49 16 -90 37l-141 -107q-10 -9 -25 -9q-14 0 -25 11q-126 114 -165 168q-7 10 -7 23q0 12 8 23q15 21 51 66.5t54 70.5q-27 50 -41 99l-183 27q-13 2 -21 12.5t-8 23.5v222q0 12 8 23t19 13 l186 28q14 46 39 92q-40 57 -107 138q-10 12 -10 24q0 10 9 23q26 36 98.5 107.5t94.5 71.5q13 0 26 -10l138 -107q44 23 91 38q16 136 29 186q7 28 36 28h222q14 0 24.5 -8.5t11.5 -21.5l28 -184q49 -16 90 -37l142 107q9 9 24 9q13 0 25 -10q129 -119 165 -170q7 -8 7 -22 q0 -12 -8 -23q-15 -21 -51 -66.5t-54 -70.5q26 -50 41 -98l183 -28q13 -2 21 -12.5t8 -23.5z" />
-<glyph unicode="&#xf014;" horiz-adv-x="1408" d="M512 800v-576q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v576q0 14 9 23t23 9h64q14 0 23 -9t9 -23zM768 800v-576q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v576q0 14 9 23t23 9h64q14 0 23 -9t9 -23zM1024 800v-576q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v576 q0 14 9 23t23 9h64q14 0 23 -9t9 -23zM1152 76v948h-896v-948q0 -22 7 -40.5t14.5 -27t10.5 -8.5h832q3 0 10.5 8.5t14.5 27t7 40.5zM480 1152h448l-48 117q-7 9 -17 11h-317q-10 -2 -17 -11zM1408 1120v-64q0 -14 -9 -23t-23 -9h-96v-948q0 -83 -47 -143.5t-113 -60.5h-832 q-66 0 -113 58.5t-47 141.5v952h-96q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h309l70 167q15 37 54 63t79 26h320q40 0 79 -26t54 -63l70 -167h309q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf015;" horiz-adv-x="1664" d="M1408 544v-480q0 -26 -19 -45t-45 -19h-384v384h-256v-384h-384q-26 0 -45 19t-19 45v480q0 1 0.5 3t0.5 3l575 474l575 -474q1 -2 1 -6zM1631 613l-62 -74q-8 -9 -21 -11h-3q-13 0 -21 7l-692 577l-692 -577q-12 -8 -24 -7q-13 2 -21 11l-62 74q-8 10 -7 23.5t11 21.5 l719 599q32 26 76 26t76 -26l244 -204v195q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-408l219 -182q10 -8 11 -21.5t-7 -23.5z" />
-<glyph unicode="&#xf016;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z " />
-<glyph unicode="&#xf017;" d="M896 992v-448q0 -14 -9 -23t-23 -9h-320q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h224v352q0 14 9 23t23 9h64q14 0 23 -9t9 -23zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf018;" horiz-adv-x="1920" d="M1111 540v4l-24 320q-1 13 -11 22.5t-23 9.5h-186q-13 0 -23 -9.5t-11 -22.5l-24 -320v-4q-1 -12 8 -20t21 -8h244q12 0 21 8t8 20zM1870 73q0 -73 -46 -73h-704q13 0 22 9.5t8 22.5l-20 256q-1 13 -11 22.5t-23 9.5h-272q-13 0 -23 -9.5t-11 -22.5l-20 -256 q-1 -13 8 -22.5t22 -9.5h-704q-46 0 -46 73q0 54 26 116l417 1044q8 19 26 33t38 14h339q-13 0 -23 -9.5t-11 -22.5l-15 -192q-1 -14 8 -23t22 -9h166q13 0 22 9t8 23l-15 192q-1 13 -11 22.5t-23 9.5h339q20 0 38 -14t26 -33l417 -1044q26 -62 26 -116z" />
-<glyph unicode="&#xf019;" horiz-adv-x="1664" d="M1280 192q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1536 192q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1664 416v-320q0 -40 -28 -68t-68 -28h-1472q-40 0 -68 28t-28 68v320q0 40 28 68t68 28h465l135 -136 q58 -56 136 -56t136 56l136 136h464q40 0 68 -28t28 -68zM1339 985q17 -41 -14 -70l-448 -448q-18 -19 -45 -19t-45 19l-448 448q-31 29 -14 70q17 39 59 39h256v448q0 26 19 45t45 19h256q26 0 45 -19t19 -45v-448h256q42 0 59 -39z" />
-<glyph unicode="&#xf01a;" d="M1120 608q0 -12 -10 -24l-319 -319q-11 -9 -23 -9t-23 9l-320 320q-15 16 -7 35q8 20 30 20h192v352q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-352h192q14 0 23 -9t9 -23zM768 1184q-148 0 -273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273 t-73 273t-198 198t-273 73zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf01b;" d="M1118 660q-8 -20 -30 -20h-192v-352q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v352h-192q-14 0 -23 9t-9 23q0 12 10 24l319 319q11 9 23 9t23 -9l320 -320q15 -16 7 -35zM768 1184q-148 0 -273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198 t73 273t-73 273t-198 198t-273 73zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf01c;" d="M1023 576h316q-1 3 -2.5 8t-2.5 8l-212 496h-708l-212 -496q-1 -2 -2.5 -8t-2.5 -8h316l95 -192h320zM1536 546v-482q0 -26 -19 -45t-45 -19h-1408q-26 0 -45 19t-19 45v482q0 62 25 123l238 552q10 25 36.5 42t52.5 17h832q26 0 52.5 -17t36.5 -42l238 -552 q25 -61 25 -123z" />
-<glyph unicode="&#xf01d;" d="M1184 640q0 -37 -32 -55l-544 -320q-15 -9 -32 -9q-16 0 -32 8q-32 19 -32 56v640q0 37 32 56q33 18 64 -1l544 -320q32 -18 32 -55zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf01e;" d="M1536 1280v-448q0 -26 -19 -45t-45 -19h-448q-42 0 -59 40q-17 39 14 69l138 138q-148 137 -349 137q-104 0 -198.5 -40.5t-163.5 -109.5t-109.5 -163.5t-40.5 -198.5t40.5 -198.5t109.5 -163.5t163.5 -109.5t198.5 -40.5q119 0 225 52t179 147q7 10 23 12q14 0 25 -9 l137 -138q9 -8 9.5 -20.5t-7.5 -22.5q-109 -132 -264 -204.5t-327 -72.5q-156 0 -298 61t-245 164t-164 245t-61 298t61 298t164 245t245 164t298 61q147 0 284.5 -55.5t244.5 -156.5l130 129q29 31 70 14q39 -17 39 -59z" />
-<glyph unicode="&#xf021;" d="M1511 480q0 -5 -1 -7q-64 -268 -268 -434.5t-478 -166.5q-146 0 -282.5 55t-243.5 157l-129 -129q-19 -19 -45 -19t-45 19t-19 45v448q0 26 19 45t45 19h448q26 0 45 -19t19 -45t-19 -45l-137 -137q71 -66 161 -102t187 -36q134 0 250 65t186 179q11 17 53 117 q8 23 30 23h192q13 0 22.5 -9.5t9.5 -22.5zM1536 1280v-448q0 -26 -19 -45t-45 -19h-448q-26 0 -45 19t-19 45t19 45l138 138q-148 137 -349 137q-134 0 -250 -65t-186 -179q-11 -17 -53 -117q-8 -23 -30 -23h-199q-13 0 -22.5 9.5t-9.5 22.5v7q65 268 270 434.5t480 166.5 q146 0 284 -55.5t245 -156.5l130 129q19 19 45 19t45 -19t19 -45z" />
-<glyph unicode="&#xf022;" horiz-adv-x="1792" d="M384 352v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 608v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M384 864v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM1536 352v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-960q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h960q13 0 22.5 -9.5t9.5 -22.5z M1536 608v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-960q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h960q13 0 22.5 -9.5t9.5 -22.5zM1536 864v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-960q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h960q13 0 22.5 -9.5 t9.5 -22.5zM1664 160v832q0 13 -9.5 22.5t-22.5 9.5h-1472q-13 0 -22.5 -9.5t-9.5 -22.5v-832q0 -13 9.5 -22.5t22.5 -9.5h1472q13 0 22.5 9.5t9.5 22.5zM1792 1248v-1088q0 -66 -47 -113t-113 -47h-1472q-66 0 -113 47t-47 113v1088q0 66 47 113t113 47h1472q66 0 113 -47 t47 -113z" />
-<glyph unicode="&#xf023;" horiz-adv-x="1152" d="M320 768h512v192q0 106 -75 181t-181 75t-181 -75t-75 -181v-192zM1152 672v-576q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68v576q0 40 28 68t68 28h32v192q0 184 132 316t316 132t316 -132t132 -316v-192h32q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf024;" horiz-adv-x="1792" d="M320 1280q0 -72 -64 -110v-1266q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v1266q-64 38 -64 110q0 53 37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1792 1216v-763q0 -25 -12.5 -38.5t-39.5 -27.5q-215 -116 -369 -116q-61 0 -123.5 22t-108.5 48 t-115.5 48t-142.5 22q-192 0 -464 -146q-17 -9 -33 -9q-26 0 -45 19t-19 45v742q0 32 31 55q21 14 79 43q236 120 421 120q107 0 200 -29t219 -88q38 -19 88 -19q54 0 117.5 21t110 47t88 47t54.5 21q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf025;" horiz-adv-x="1664" d="M1664 650q0 -166 -60 -314l-20 -49l-185 -33q-22 -83 -90.5 -136.5t-156.5 -53.5v-32q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v576q0 14 9 23t23 9h64q14 0 23 -9t9 -23v-32q71 0 130 -35.5t93 -95.5l68 12q29 95 29 193q0 148 -88 279t-236.5 209t-315.5 78 t-315.5 -78t-236.5 -209t-88 -279q0 -98 29 -193l68 -12q34 60 93 95.5t130 35.5v32q0 14 9 23t23 9h64q14 0 23 -9t9 -23v-576q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v32q-88 0 -156.5 53.5t-90.5 136.5l-185 33l-20 49q-60 148 -60 314q0 151 67 291t179 242.5 t266 163.5t320 61t320 -61t266 -163.5t179 -242.5t67 -291z" />
-<glyph unicode="&#xf026;" horiz-adv-x="768" d="M768 1184v-1088q0 -26 -19 -45t-45 -19t-45 19l-333 333h-262q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h262l333 333q19 19 45 19t45 -19t19 -45z" />
-<glyph unicode="&#xf027;" horiz-adv-x="1152" d="M768 1184v-1088q0 -26 -19 -45t-45 -19t-45 19l-333 333h-262q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h262l333 333q19 19 45 19t45 -19t19 -45zM1152 640q0 -76 -42.5 -141.5t-112.5 -93.5q-10 -5 -25 -5q-26 0 -45 18.5t-19 45.5q0 21 12 35.5t29 25t34 23t29 35.5 t12 57t-12 57t-29 35.5t-34 23t-29 25t-12 35.5q0 27 19 45.5t45 18.5q15 0 25 -5q70 -27 112.5 -93t42.5 -142z" />
-<glyph unicode="&#xf028;" horiz-adv-x="1664" d="M768 1184v-1088q0 -26 -19 -45t-45 -19t-45 19l-333 333h-262q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h262l333 333q19 19 45 19t45 -19t19 -45zM1152 640q0 -76 -42.5 -141.5t-112.5 -93.5q-10 -5 -25 -5q-26 0 -45 18.5t-19 45.5q0 21 12 35.5t29 25t34 23t29 35.5 t12 57t-12 57t-29 35.5t-34 23t-29 25t-12 35.5q0 27 19 45.5t45 18.5q15 0 25 -5q70 -27 112.5 -93t42.5 -142zM1408 640q0 -153 -85 -282.5t-225 -188.5q-13 -5 -25 -5q-27 0 -46 19t-19 45q0 39 39 59q56 29 76 44q74 54 115.5 135.5t41.5 173.5t-41.5 173.5 t-115.5 135.5q-20 15 -76 44q-39 20 -39 59q0 26 19 45t45 19q13 0 26 -5q140 -59 225 -188.5t85 -282.5zM1664 640q0 -230 -127 -422.5t-338 -283.5q-13 -5 -26 -5q-26 0 -45 19t-19 45q0 36 39 59q7 4 22.5 10.5t22.5 10.5q46 25 82 51q123 91 192 227t69 289t-69 289 t-192 227q-36 26 -82 51q-7 4 -22.5 10.5t-22.5 10.5q-39 23 -39 59q0 26 19 45t45 19q13 0 26 -5q211 -91 338 -283.5t127 -422.5z" />
-<glyph unicode="&#xf029;" horiz-adv-x="1408" d="M384 384v-128h-128v128h128zM384 1152v-128h-128v128h128zM1152 1152v-128h-128v128h128zM128 129h384v383h-384v-383zM128 896h384v384h-384v-384zM896 896h384v384h-384v-384zM640 640v-640h-640v640h640zM1152 128v-128h-128v128h128zM1408 128v-128h-128v128h128z M1408 640v-384h-384v128h-128v-384h-128v640h384v-128h128v128h128zM640 1408v-640h-640v640h640zM1408 1408v-640h-640v640h640z" />
-<glyph unicode="&#xf02a;" horiz-adv-x="1792" d="M63 0h-63v1408h63v-1408zM126 1h-32v1407h32v-1407zM220 1h-31v1407h31v-1407zM377 1h-31v1407h31v-1407zM534 1h-62v1407h62v-1407zM660 1h-31v1407h31v-1407zM723 1h-31v1407h31v-1407zM786 1h-31v1407h31v-1407zM943 1h-63v1407h63v-1407zM1100 1h-63v1407h63v-1407z M1226 1h-63v1407h63v-1407zM1352 1h-63v1407h63v-1407zM1446 1h-63v1407h63v-1407zM1635 1h-94v1407h94v-1407zM1698 1h-32v1407h32v-1407zM1792 0h-63v1408h63v-1408z" />
-<glyph unicode="&#xf02b;" d="M448 1088q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1515 512q0 -53 -37 -90l-491 -492q-39 -37 -91 -37q-53 0 -90 37l-715 716q-38 37 -64.5 101t-26.5 117v416q0 52 38 90t90 38h416q53 0 117 -26.5t102 -64.5 l715 -714q37 -39 37 -91z" />
-<glyph unicode="&#xf02c;" horiz-adv-x="1920" d="M448 1088q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1515 512q0 -53 -37 -90l-491 -492q-39 -37 -91 -37q-53 0 -90 37l-715 716q-38 37 -64.5 101t-26.5 117v416q0 52 38 90t90 38h416q53 0 117 -26.5t102 -64.5 l715 -714q37 -39 37 -91zM1899 512q0 -53 -37 -90l-491 -492q-39 -37 -91 -37q-36 0 -59 14t-53 45l470 470q37 37 37 90q0 52 -37 91l-715 714q-38 38 -102 64.5t-117 26.5h224q53 0 117 -26.5t102 -64.5l715 -714q37 -39 37 -91z" />
-<glyph unicode="&#xf02d;" horiz-adv-x="1664" d="M1639 1058q40 -57 18 -129l-275 -906q-19 -64 -76.5 -107.5t-122.5 -43.5h-923q-77 0 -148.5 53.5t-99.5 131.5q-24 67 -2 127q0 4 3 27t4 37q1 8 -3 21.5t-3 19.5q2 11 8 21t16.5 23.5t16.5 23.5q23 38 45 91.5t30 91.5q3 10 0.5 30t-0.5 28q3 11 17 28t17 23 q21 36 42 92t25 90q1 9 -2.5 32t0.5 28q4 13 22 30.5t22 22.5q19 26 42.5 84.5t27.5 96.5q1 8 -3 25.5t-2 26.5q2 8 9 18t18 23t17 21q8 12 16.5 30.5t15 35t16 36t19.5 32t26.5 23.5t36 11.5t47.5 -5.5l-1 -3q38 9 51 9h761q74 0 114 -56t18 -130l-274 -906 q-36 -119 -71.5 -153.5t-128.5 -34.5h-869q-27 0 -38 -15q-11 -16 -1 -43q24 -70 144 -70h923q29 0 56 15.5t35 41.5l300 987q7 22 5 57q38 -15 59 -43zM575 1056q-4 -13 2 -22.5t20 -9.5h608q13 0 25.5 9.5t16.5 22.5l21 64q4 13 -2 22.5t-20 9.5h-608q-13 0 -25.5 -9.5 t-16.5 -22.5zM492 800q-4 -13 2 -22.5t20 -9.5h608q13 0 25.5 9.5t16.5 22.5l21 64q4 13 -2 22.5t-20 9.5h-608q-13 0 -25.5 -9.5t-16.5 -22.5z" />
-<glyph unicode="&#xf02e;" horiz-adv-x="1280" d="M1164 1408q23 0 44 -9q33 -13 52.5 -41t19.5 -62v-1289q0 -34 -19.5 -62t-52.5 -41q-19 -8 -44 -8q-48 0 -83 32l-441 424l-441 -424q-36 -33 -83 -33q-23 0 -44 9q-33 13 -52.5 41t-19.5 62v1289q0 34 19.5 62t52.5 41q21 9 44 9h1048z" />
-<glyph unicode="&#xf02f;" horiz-adv-x="1664" d="M384 0h896v256h-896v-256zM384 640h896v384h-160q-40 0 -68 28t-28 68v160h-640v-640zM1536 576q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1664 576v-416q0 -13 -9.5 -22.5t-22.5 -9.5h-224v-160q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68 v160h-224q-13 0 -22.5 9.5t-9.5 22.5v416q0 79 56.5 135.5t135.5 56.5h64v544q0 40 28 68t68 28h672q40 0 88 -20t76 -48l152 -152q28 -28 48 -76t20 -88v-256h64q79 0 135.5 -56.5t56.5 -135.5z" />
-<glyph unicode="&#xf030;" horiz-adv-x="1920" d="M960 864q119 0 203.5 -84.5t84.5 -203.5t-84.5 -203.5t-203.5 -84.5t-203.5 84.5t-84.5 203.5t84.5 203.5t203.5 84.5zM1664 1280q106 0 181 -75t75 -181v-896q0 -106 -75 -181t-181 -75h-1408q-106 0 -181 75t-75 181v896q0 106 75 181t181 75h224l51 136 q19 49 69.5 84.5t103.5 35.5h512q53 0 103.5 -35.5t69.5 -84.5l51 -136h224zM960 128q185 0 316.5 131.5t131.5 316.5t-131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5z" />
-<glyph unicode="&#xf031;" horiz-adv-x="1664" d="M725 977l-170 -450q33 0 136.5 -2t160.5 -2q19 0 57 2q-87 253 -184 452zM0 -128l2 79q23 7 56 12.5t57 10.5t49.5 14.5t44.5 29t31 50.5l237 616l280 724h75h53q8 -14 11 -21l205 -480q33 -78 106 -257.5t114 -274.5q15 -34 58 -144.5t72 -168.5q20 -45 35 -57 q19 -15 88 -29.5t84 -20.5q6 -38 6 -57q0 -4 -0.5 -13t-0.5 -13q-63 0 -190 8t-191 8q-76 0 -215 -7t-178 -8q0 43 4 78l131 28q1 0 12.5 2.5t15.5 3.5t14.5 4.5t15 6.5t11 8t9 11t2.5 14q0 16 -31 96.5t-72 177.5t-42 100l-450 2q-26 -58 -76.5 -195.5t-50.5 -162.5 q0 -22 14 -37.5t43.5 -24.5t48.5 -13.5t57 -8.5t41 -4q1 -19 1 -58q0 -9 -2 -27q-58 0 -174.5 10t-174.5 10q-8 0 -26.5 -4t-21.5 -4q-80 -14 -188 -14z" />
-<glyph unicode="&#xf032;" horiz-adv-x="1408" d="M555 15q74 -32 140 -32q376 0 376 335q0 114 -41 180q-27 44 -61.5 74t-67.5 46.5t-80.5 25t-84 10.5t-94.5 2q-73 0 -101 -10q0 -53 -0.5 -159t-0.5 -158q0 -8 -1 -67.5t-0.5 -96.5t4.5 -83.5t12 -66.5zM541 761q42 -7 109 -7q82 0 143 13t110 44.5t74.5 89.5t25.5 142 q0 70 -29 122.5t-79 82t-108 43.5t-124 14q-50 0 -130 -13q0 -50 4 -151t4 -152q0 -27 -0.5 -80t-0.5 -79q0 -46 1 -69zM0 -128l2 94q15 4 85 16t106 27q7 12 12.5 27t8.5 33.5t5.5 32.5t3 37.5t0.5 34v35.5v30q0 982 -22 1025q-4 8 -22 14.5t-44.5 11t-49.5 7t-48.5 4.5 t-30.5 3l-4 83q98 2 340 11.5t373 9.5q23 0 68.5 -0.5t67.5 -0.5q70 0 136.5 -13t128.5 -42t108 -71t74 -104.5t28 -137.5q0 -52 -16.5 -95.5t-39 -72t-64.5 -57.5t-73 -45t-84 -40q154 -35 256.5 -134t102.5 -248q0 -100 -35 -179.5t-93.5 -130.5t-138 -85.5t-163.5 -48.5 t-176 -14q-44 0 -132 3t-132 3q-106 0 -307 -11t-231 -12z" />
-<glyph unicode="&#xf033;" horiz-adv-x="1024" d="M0 -126l17 85q6 2 81.5 21.5t111.5 37.5q28 35 41 101q1 7 62 289t114 543.5t52 296.5v25q-24 13 -54.5 18.5t-69.5 8t-58 5.5l19 103q33 -2 120 -6.5t149.5 -7t120.5 -2.5q48 0 98.5 2.5t121 7t98.5 6.5q-5 -39 -19 -89q-30 -10 -101.5 -28.5t-108.5 -33.5 q-8 -19 -14 -42.5t-9 -40t-7.5 -45.5t-6.5 -42q-27 -148 -87.5 -419.5t-77.5 -355.5q-2 -9 -13 -58t-20 -90t-16 -83.5t-6 -57.5l1 -18q17 -4 185 -31q-3 -44 -16 -99q-11 0 -32.5 -1.5t-32.5 -1.5q-29 0 -87 10t-86 10q-138 2 -206 2q-51 0 -143 -9t-121 -11z" />
-<glyph unicode="&#xf034;" horiz-adv-x="1792" d="M1744 128q33 0 42 -18.5t-11 -44.5l-126 -162q-20 -26 -49 -26t-49 26l-126 162q-20 26 -11 44.5t42 18.5h80v1024h-80q-33 0 -42 18.5t11 44.5l126 162q20 26 49 26t49 -26l126 -162q20 -26 11 -44.5t-42 -18.5h-80v-1024h80zM81 1407l54 -27q12 -5 211 -5q44 0 132 2 t132 2q36 0 107.5 -0.5t107.5 -0.5h293q6 0 21 -0.5t20.5 0t16 3t17.5 9t15 17.5l42 1q4 0 14 -0.5t14 -0.5q2 -112 2 -336q0 -80 -5 -109q-39 -14 -68 -18q-25 44 -54 128q-3 9 -11 48t-14.5 73.5t-7.5 35.5q-6 8 -12 12.5t-15.5 6t-13 2.5t-18 0.5t-16.5 -0.5 q-17 0 -66.5 0.5t-74.5 0.5t-64 -2t-71 -6q-9 -81 -8 -136q0 -94 2 -388t2 -455q0 -16 -2.5 -71.5t0 -91.5t12.5 -69q40 -21 124 -42.5t120 -37.5q5 -40 5 -50q0 -14 -3 -29l-34 -1q-76 -2 -218 8t-207 10q-50 0 -151 -9t-152 -9q-3 51 -3 52v9q17 27 61.5 43t98.5 29t78 27 q19 42 19 383q0 101 -3 303t-3 303v117q0 2 0.5 15.5t0.5 25t-1 25.5t-3 24t-5 14q-11 12 -162 12q-33 0 -93 -12t-80 -26q-19 -13 -34 -72.5t-31.5 -111t-42.5 -53.5q-42 26 -56 44v383z" />
-<glyph unicode="&#xf035;" d="M81 1407l54 -27q12 -5 211 -5q44 0 132 2t132 2q70 0 246.5 1t304.5 0.5t247 -4.5q33 -1 56 31l42 1q4 0 14 -0.5t14 -0.5q2 -112 2 -336q0 -80 -5 -109q-39 -14 -68 -18q-25 44 -54 128q-3 9 -11 47.5t-15 73.5t-7 36q-10 13 -27 19q-5 2 -66 2q-30 0 -93 1t-103 1 t-94 -2t-96 -7q-9 -81 -8 -136l1 -152v52q0 -55 1 -154t1.5 -180t0.5 -153q0 -16 -2.5 -71.5t0 -91.5t12.5 -69q40 -21 124 -42.5t120 -37.5q5 -40 5 -50q0 -14 -3 -29l-34 -1q-76 -2 -218 8t-207 10q-50 0 -151 -9t-152 -9q-3 51 -3 52v9q17 27 61.5 43t98.5 29t78 27 q7 16 11.5 74t6 145.5t1.5 155t-0.5 153.5t-0.5 89q0 7 -2.5 21.5t-2.5 22.5q0 7 0.5 44t1 73t0 76.5t-3 67.5t-6.5 32q-11 12 -162 12q-41 0 -163 -13.5t-138 -24.5q-19 -12 -34 -71.5t-31.5 -111.5t-42.5 -54q-42 26 -56 44v383zM1310 125q12 0 42 -19.5t57.5 -41.5 t59.5 -49t36 -30q26 -21 26 -49t-26 -49q-4 -3 -36 -30t-59.5 -49t-57.5 -41.5t-42 -19.5q-13 0 -20.5 10.5t-10 28.5t-2.5 33.5t1.5 33t1.5 19.5h-1024q0 -2 1.5 -19.5t1.5 -33t-2.5 -33.5t-10 -28.5t-20.5 -10.5q-12 0 -42 19.5t-57.5 41.5t-59.5 49t-36 30q-26 21 -26 49 t26 49q4 3 36 30t59.5 49t57.5 41.5t42 19.5q13 0 20.5 -10.5t10 -28.5t2.5 -33.5t-1.5 -33t-1.5 -19.5h1024q0 2 -1.5 19.5t-1.5 33t2.5 33.5t10 28.5t20.5 10.5z" />
-<glyph unicode="&#xf036;" horiz-adv-x="1792" d="M1792 192v-128q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1408 576v-128q0 -26 -19 -45t-45 -19h-1280q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1280q26 0 45 -19t19 -45zM1664 960v-128q0 -26 -19 -45 t-45 -19h-1536q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1536q26 0 45 -19t19 -45zM1280 1344v-128q0 -26 -19 -45t-45 -19h-1152q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1152q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf037;" horiz-adv-x="1792" d="M1792 192v-128q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1408 576v-128q0 -26 -19 -45t-45 -19h-896q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h896q26 0 45 -19t19 -45zM1664 960v-128q0 -26 -19 -45t-45 -19 h-1408q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1408q26 0 45 -19t19 -45zM1280 1344v-128q0 -26 -19 -45t-45 -19h-640q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h640q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf038;" horiz-adv-x="1792" d="M1792 192v-128q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1792 576v-128q0 -26 -19 -45t-45 -19h-1280q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1280q26 0 45 -19t19 -45zM1792 960v-128q0 -26 -19 -45 t-45 -19h-1536q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1536q26 0 45 -19t19 -45zM1792 1344v-128q0 -26 -19 -45t-45 -19h-1152q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1152q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf039;" horiz-adv-x="1792" d="M1792 192v-128q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1792 576v-128q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1792 960v-128q0 -26 -19 -45 t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1792 1344v-128q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1664q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf03a;" horiz-adv-x="1792" d="M256 224v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-192q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h192q13 0 22.5 -9.5t9.5 -22.5zM256 608v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-192q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h192q13 0 22.5 -9.5 t9.5 -22.5zM256 992v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-192q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h192q13 0 22.5 -9.5t9.5 -22.5zM1792 224v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1344q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1344 q13 0 22.5 -9.5t9.5 -22.5zM256 1376v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-192q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h192q13 0 22.5 -9.5t9.5 -22.5zM1792 608v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1344q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5 t22.5 9.5h1344q13 0 22.5 -9.5t9.5 -22.5zM1792 992v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1344q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1344q13 0 22.5 -9.5t9.5 -22.5zM1792 1376v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1344q-13 0 -22.5 9.5t-9.5 22.5v192 q0 13 9.5 22.5t22.5 9.5h1344q13 0 22.5 -9.5t9.5 -22.5z" />
-<glyph unicode="&#xf03b;" horiz-adv-x="1792" d="M384 992v-576q0 -13 -9.5 -22.5t-22.5 -9.5q-14 0 -23 9l-288 288q-9 9 -9 23t9 23l288 288q9 9 23 9q13 0 22.5 -9.5t9.5 -22.5zM1792 224v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1728q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1728q13 0 22.5 -9.5 t9.5 -22.5zM1792 608v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1088q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1088q13 0 22.5 -9.5t9.5 -22.5zM1792 992v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1088q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1088 q13 0 22.5 -9.5t9.5 -22.5zM1792 1376v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1728q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1728q13 0 22.5 -9.5t9.5 -22.5z" />
-<glyph unicode="&#xf03c;" horiz-adv-x="1792" d="M352 704q0 -14 -9 -23l-288 -288q-9 -9 -23 -9q-13 0 -22.5 9.5t-9.5 22.5v576q0 13 9.5 22.5t22.5 9.5q14 0 23 -9l288 -288q9 -9 9 -23zM1792 224v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1728q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1728q13 0 22.5 -9.5 t9.5 -22.5zM1792 608v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1088q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1088q13 0 22.5 -9.5t9.5 -22.5zM1792 992v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1088q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1088 q13 0 22.5 -9.5t9.5 -22.5zM1792 1376v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1728q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1728q13 0 22.5 -9.5t9.5 -22.5z" />
-<glyph unicode="&#xf03d;" horiz-adv-x="1792" d="M1792 1184v-1088q0 -42 -39 -59q-13 -5 -25 -5q-27 0 -45 19l-403 403v-166q0 -119 -84.5 -203.5t-203.5 -84.5h-704q-119 0 -203.5 84.5t-84.5 203.5v704q0 119 84.5 203.5t203.5 84.5h704q119 0 203.5 -84.5t84.5 -203.5v-165l403 402q18 19 45 19q12 0 25 -5 q39 -17 39 -59z" />
-<glyph unicode="&#xf03e;" horiz-adv-x="1920" d="M640 960q0 -80 -56 -136t-136 -56t-136 56t-56 136t56 136t136 56t136 -56t56 -136zM1664 576v-448h-1408v192l320 320l160 -160l512 512zM1760 1280h-1600q-13 0 -22.5 -9.5t-9.5 -22.5v-1216q0 -13 9.5 -22.5t22.5 -9.5h1600q13 0 22.5 9.5t9.5 22.5v1216 q0 13 -9.5 22.5t-22.5 9.5zM1920 1248v-1216q0 -66 -47 -113t-113 -47h-1600q-66 0 -113 47t-47 113v1216q0 66 47 113t113 47h1600q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf040;" d="M363 0l91 91l-235 235l-91 -91v-107h128v-128h107zM886 928q0 22 -22 22q-10 0 -17 -7l-542 -542q-7 -7 -7 -17q0 -22 22 -22q10 0 17 7l542 542q7 7 7 17zM832 1120l416 -416l-832 -832h-416v416zM1515 1024q0 -53 -37 -90l-166 -166l-416 416l166 165q36 38 90 38 q53 0 91 -38l235 -234q37 -39 37 -91z" />
-<glyph unicode="&#xf041;" horiz-adv-x="1024" d="M768 896q0 106 -75 181t-181 75t-181 -75t-75 -181t75 -181t181 -75t181 75t75 181zM1024 896q0 -109 -33 -179l-364 -774q-16 -33 -47.5 -52t-67.5 -19t-67.5 19t-46.5 52l-365 774q-33 70 -33 179q0 212 150 362t362 150t362 -150t150 -362z" />
-<glyph unicode="&#xf042;" d="M768 96v1088q-148 0 -273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf043;" horiz-adv-x="1024" d="M512 384q0 36 -20 69q-1 1 -15.5 22.5t-25.5 38t-25 44t-21 50.5q-4 16 -21 16t-21 -16q-7 -23 -21 -50.5t-25 -44t-25.5 -38t-15.5 -22.5q-20 -33 -20 -69q0 -53 37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1024 512q0 -212 -150 -362t-362 -150t-362 150t-150 362 q0 145 81 275q6 9 62.5 90.5t101 151t99.5 178t83 201.5q9 30 34 47t51 17t51.5 -17t33.5 -47q28 -93 83 -201.5t99.5 -178t101 -151t62.5 -90.5q81 -127 81 -275z" />
-<glyph unicode="&#xf044;" horiz-adv-x="1792" d="M888 352l116 116l-152 152l-116 -116v-56h96v-96h56zM1328 1072q-16 16 -33 -1l-350 -350q-17 -17 -1 -33t33 1l350 350q17 17 1 33zM1408 478v-190q0 -119 -84.5 -203.5t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h832 q63 0 117 -25q15 -7 18 -23q3 -17 -9 -29l-49 -49q-14 -14 -32 -8q-23 6 -45 6h-832q-66 0 -113 -47t-47 -113v-832q0 -66 47 -113t113 -47h832q66 0 113 47t47 113v126q0 13 9 22l64 64q15 15 35 7t20 -29zM1312 1216l288 -288l-672 -672h-288v288zM1756 1084l-92 -92 l-288 288l92 92q28 28 68 28t68 -28l152 -152q28 -28 28 -68t-28 -68z" />
-<glyph unicode="&#xf045;" horiz-adv-x="1664" d="M1408 547v-259q0 -119 -84.5 -203.5t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h255v0q13 0 22.5 -9.5t9.5 -22.5q0 -27 -26 -32q-77 -26 -133 -60q-10 -4 -16 -4h-112q-66 0 -113 -47t-47 -113v-832q0 -66 47 -113t113 -47h832 q66 0 113 47t47 113v214q0 19 18 29q28 13 54 37q16 16 35 8q21 -9 21 -29zM1645 1043l-384 -384q-18 -19 -45 -19q-12 0 -25 5q-39 17 -39 59v192h-160q-323 0 -438 -131q-119 -137 -74 -473q3 -23 -20 -34q-8 -2 -12 -2q-16 0 -26 13q-10 14 -21 31t-39.5 68.5t-49.5 99.5 t-38.5 114t-17.5 122q0 49 3.5 91t14 90t28 88t47 81.5t68.5 74t94.5 61.5t124.5 48.5t159.5 30.5t196.5 11h160v192q0 42 39 59q13 5 25 5q26 0 45 -19l384 -384q19 -19 19 -45t-19 -45z" />
-<glyph unicode="&#xf046;" horiz-adv-x="1664" d="M1408 606v-318q0 -119 -84.5 -203.5t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h832q63 0 117 -25q15 -7 18 -23q3 -17 -9 -29l-49 -49q-10 -10 -23 -10q-3 0 -9 2q-23 6 -45 6h-832q-66 0 -113 -47t-47 -113v-832 q0 -66 47 -113t113 -47h832q66 0 113 47t47 113v254q0 13 9 22l64 64q10 10 23 10q6 0 12 -3q20 -8 20 -29zM1639 1095l-814 -814q-24 -24 -57 -24t-57 24l-430 430q-24 24 -24 57t24 57l110 110q24 24 57 24t57 -24l263 -263l647 647q24 24 57 24t57 -24l110 -110 q24 -24 24 -57t-24 -57z" />
-<glyph unicode="&#xf047;" horiz-adv-x="1792" d="M1792 640q0 -26 -19 -45l-256 -256q-19 -19 -45 -19t-45 19t-19 45v128h-384v-384h128q26 0 45 -19t19 -45t-19 -45l-256 -256q-19 -19 -45 -19t-45 19l-256 256q-19 19 -19 45t19 45t45 19h128v384h-384v-128q0 -26 -19 -45t-45 -19t-45 19l-256 256q-19 19 -19 45 t19 45l256 256q19 19 45 19t45 -19t19 -45v-128h384v384h-128q-26 0 -45 19t-19 45t19 45l256 256q19 19 45 19t45 -19l256 -256q19 -19 19 -45t-19 -45t-45 -19h-128v-384h384v128q0 26 19 45t45 19t45 -19l256 -256q19 -19 19 -45z" />
-<glyph unicode="&#xf048;" horiz-adv-x="1024" d="M979 1395q19 19 32 13t13 -32v-1472q0 -26 -13 -32t-32 13l-710 710q-9 9 -13 19v-678q0 -26 -19 -45t-45 -19h-128q-26 0 -45 19t-19 45v1408q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-678q4 11 13 19z" />
-<glyph unicode="&#xf049;" horiz-adv-x="1792" d="M1747 1395q19 19 32 13t13 -32v-1472q0 -26 -13 -32t-32 13l-710 710q-9 9 -13 19v-710q0 -26 -13 -32t-32 13l-710 710q-9 9 -13 19v-678q0 -26 -19 -45t-45 -19h-128q-26 0 -45 19t-19 45v1408q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-678q4 11 13 19l710 710 q19 19 32 13t13 -32v-710q4 11 13 19z" />
-<glyph unicode="&#xf04a;" horiz-adv-x="1664" d="M1619 1395q19 19 32 13t13 -32v-1472q0 -26 -13 -32t-32 13l-710 710q-8 9 -13 19v-710q0 -26 -13 -32t-32 13l-710 710q-19 19 -19 45t19 45l710 710q19 19 32 13t13 -32v-710q5 11 13 19z" />
-<glyph unicode="&#xf04b;" horiz-adv-x="1408" d="M1384 609l-1328 -738q-23 -13 -39.5 -3t-16.5 36v1472q0 26 16.5 36t39.5 -3l1328 -738q23 -13 23 -31t-23 -31z" />
-<glyph unicode="&#xf04c;" d="M1536 1344v-1408q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19t-19 45v1408q0 26 19 45t45 19h512q26 0 45 -19t19 -45zM640 1344v-1408q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19t-19 45v1408q0 26 19 45t45 19h512q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf04d;" d="M1536 1344v-1408q0 -26 -19 -45t-45 -19h-1408q-26 0 -45 19t-19 45v1408q0 26 19 45t45 19h1408q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf04e;" horiz-adv-x="1664" d="M45 -115q-19 -19 -32 -13t-13 32v1472q0 26 13 32t32 -13l710 -710q8 -8 13 -19v710q0 26 13 32t32 -13l710 -710q19 -19 19 -45t-19 -45l-710 -710q-19 -19 -32 -13t-13 32v710q-5 -10 -13 -19z" />
-<glyph unicode="&#xf050;" horiz-adv-x="1792" d="M45 -115q-19 -19 -32 -13t-13 32v1472q0 26 13 32t32 -13l710 -710q8 -8 13 -19v710q0 26 13 32t32 -13l710 -710q8 -8 13 -19v678q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-1408q0 -26 -19 -45t-45 -19h-128q-26 0 -45 19t-19 45v678q-5 -10 -13 -19l-710 -710 q-19 -19 -32 -13t-13 32v710q-5 -10 -13 -19z" />
-<glyph unicode="&#xf051;" horiz-adv-x="1024" d="M45 -115q-19 -19 -32 -13t-13 32v1472q0 26 13 32t32 -13l710 -710q8 -8 13 -19v678q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-1408q0 -26 -19 -45t-45 -19h-128q-26 0 -45 19t-19 45v678q-5 -10 -13 -19z" />
-<glyph unicode="&#xf052;" horiz-adv-x="1538" d="M14 557l710 710q19 19 45 19t45 -19l710 -710q19 -19 13 -32t-32 -13h-1472q-26 0 -32 13t13 32zM1473 0h-1408q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h1408q26 0 45 -19t19 -45v-256q0 -26 -19 -45t-45 -19z" />
-<glyph unicode="&#xf053;" horiz-adv-x="1280" d="M1171 1235l-531 -531l531 -531q19 -19 19 -45t-19 -45l-166 -166q-19 -19 -45 -19t-45 19l-742 742q-19 19 -19 45t19 45l742 742q19 19 45 19t45 -19l166 -166q19 -19 19 -45t-19 -45z" />
-<glyph unicode="&#xf054;" horiz-adv-x="1280" d="M1107 659l-742 -742q-19 -19 -45 -19t-45 19l-166 166q-19 19 -19 45t19 45l531 531l-531 531q-19 19 -19 45t19 45l166 166q19 19 45 19t45 -19l742 -742q19 -19 19 -45t-19 -45z" />
-<glyph unicode="&#xf055;" d="M1216 576v128q0 26 -19 45t-45 19h-256v256q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-256h-256q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h256v-256q0 -26 19 -45t45 -19h128q26 0 45 19t19 45v256h256q26 0 45 19t19 45zM1536 640q0 -209 -103 -385.5 t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf056;" d="M1216 576v128q0 26 -19 45t-45 19h-768q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h768q26 0 45 19t19 45zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5 t103 -385.5z" />
-<glyph unicode="&#xf057;" d="M1149 414q0 26 -19 45l-181 181l181 181q19 19 19 45q0 27 -19 46l-90 90q-19 19 -46 19q-26 0 -45 -19l-181 -181l-181 181q-19 19 -45 19q-27 0 -46 -19l-90 -90q-19 -19 -19 -46q0 -26 19 -45l181 -181l-181 -181q-19 -19 -19 -45q0 -27 19 -46l90 -90q19 -19 46 -19 q26 0 45 19l181 181l181 -181q19 -19 45 -19q27 0 46 19l90 90q19 19 19 46zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf058;" d="M1284 802q0 28 -18 46l-91 90q-19 19 -45 19t-45 -19l-408 -407l-226 226q-19 19 -45 19t-45 -19l-91 -90q-18 -18 -18 -46q0 -27 18 -45l362 -362q19 -19 45 -19q27 0 46 19l543 543q18 18 18 45zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103 t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf059;" d="M896 160v192q0 14 -9 23t-23 9h-192q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h192q14 0 23 9t9 23zM1152 832q0 88 -55.5 163t-138.5 116t-170 41q-243 0 -371 -213q-15 -24 8 -42l132 -100q7 -6 19 -6q16 0 25 12q53 68 86 92q34 24 86 24q48 0 85.5 -26t37.5 -59 q0 -38 -20 -61t-68 -45q-63 -28 -115.5 -86.5t-52.5 -125.5v-36q0 -14 9 -23t23 -9h192q14 0 23 9t9 23q0 19 21.5 49.5t54.5 49.5q32 18 49 28.5t46 35t44.5 48t28 60.5t12.5 81zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5 t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf05a;" d="M1024 160v160q0 14 -9 23t-23 9h-96v512q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-160q0 -14 9 -23t23 -9h96v-320h-96q-14 0 -23 -9t-9 -23v-160q0 -14 9 -23t23 -9h448q14 0 23 9t9 23zM896 1056v160q0 14 -9 23t-23 9h-192q-14 0 -23 -9t-9 -23v-160q0 -14 9 -23 t23 -9h192q14 0 23 9t9 23zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf05b;" d="M1197 512h-109q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h109q-32 108 -112.5 188.5t-188.5 112.5v-109q0 -26 -19 -45t-45 -19h-128q-26 0 -45 19t-19 45v109q-108 -32 -188.5 -112.5t-112.5 -188.5h109q26 0 45 -19t19 -45v-128q0 -26 -19 -45t-45 -19h-109 q32 -108 112.5 -188.5t188.5 -112.5v109q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-109q108 32 188.5 112.5t112.5 188.5zM1536 704v-128q0 -26 -19 -45t-45 -19h-143q-37 -161 -154.5 -278.5t-278.5 -154.5v-143q0 -26 -19 -45t-45 -19h-128q-26 0 -45 19t-19 45v143 q-161 37 -278.5 154.5t-154.5 278.5h-143q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h143q37 161 154.5 278.5t278.5 154.5v143q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-143q161 -37 278.5 -154.5t154.5 -278.5h143q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf05c;" d="M1097 457l-146 -146q-10 -10 -23 -10t-23 10l-137 137l-137 -137q-10 -10 -23 -10t-23 10l-146 146q-10 10 -10 23t10 23l137 137l-137 137q-10 10 -10 23t10 23l146 146q10 10 23 10t23 -10l137 -137l137 137q10 10 23 10t23 -10l146 -146q10 -10 10 -23t-10 -23 l-137 -137l137 -137q10 -10 10 -23t-10 -23zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5 t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf05d;" d="M1171 723l-422 -422q-19 -19 -45 -19t-45 19l-294 294q-19 19 -19 45t19 45l102 102q19 19 45 19t45 -19l147 -147l275 275q19 19 45 19t45 -19l102 -102q19 -19 19 -45t-19 -45zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198t-73 -273t73 -273t198 -198 t273 -73t273 73t198 198t73 273zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf05e;" d="M1312 643q0 161 -87 295l-754 -753q137 -89 297 -89q111 0 211.5 43.5t173.5 116.5t116 174.5t43 212.5zM313 344l755 754q-135 91 -300 91q-148 0 -273 -73t-198 -199t-73 -274q0 -162 89 -299zM1536 643q0 -157 -61 -300t-163.5 -246t-245 -164t-298.5 -61t-298.5 61 t-245 164t-163.5 246t-61 300t61 299.5t163.5 245.5t245 164t298.5 61t298.5 -61t245 -164t163.5 -245.5t61 -299.5z" />
-<glyph unicode="&#xf060;" d="M1536 640v-128q0 -53 -32.5 -90.5t-84.5 -37.5h-704l293 -294q38 -36 38 -90t-38 -90l-75 -76q-37 -37 -90 -37q-52 0 -91 37l-651 652q-37 37 -37 90q0 52 37 91l651 650q38 38 91 38q52 0 90 -38l75 -74q38 -38 38 -91t-38 -91l-293 -293h704q52 0 84.5 -37.5 t32.5 -90.5z" />
-<glyph unicode="&#xf061;" d="M1472 576q0 -54 -37 -91l-651 -651q-39 -37 -91 -37q-51 0 -90 37l-75 75q-38 38 -38 91t38 91l293 293h-704q-52 0 -84.5 37.5t-32.5 90.5v128q0 53 32.5 90.5t84.5 37.5h704l-293 294q-38 36 -38 90t38 90l75 75q38 38 90 38q53 0 91 -38l651 -651q37 -35 37 -90z" />
-<glyph unicode="&#xf062;" horiz-adv-x="1664" d="M1611 565q0 -51 -37 -90l-75 -75q-38 -38 -91 -38q-54 0 -90 38l-294 293v-704q0 -52 -37.5 -84.5t-90.5 -32.5h-128q-53 0 -90.5 32.5t-37.5 84.5v704l-294 -293q-36 -38 -90 -38t-90 38l-75 75q-38 38 -38 90q0 53 38 91l651 651q35 37 90 37q54 0 91 -37l651 -651 q37 -39 37 -91z" />
-<glyph unicode="&#xf063;" horiz-adv-x="1664" d="M1611 704q0 -53 -37 -90l-651 -652q-39 -37 -91 -37q-53 0 -90 37l-651 652q-38 36 -38 90q0 53 38 91l74 75q39 37 91 37q53 0 90 -37l294 -294v704q0 52 38 90t90 38h128q52 0 90 -38t38 -90v-704l294 294q37 37 90 37q52 0 91 -37l75 -75q37 -39 37 -91z" />
-<glyph unicode="&#xf064;" horiz-adv-x="1792" d="M1792 896q0 -26 -19 -45l-512 -512q-19 -19 -45 -19t-45 19t-19 45v256h-224q-98 0 -175.5 -6t-154 -21.5t-133 -42.5t-105.5 -69.5t-80 -101t-48.5 -138.5t-17.5 -181q0 -55 5 -123q0 -6 2.5 -23.5t2.5 -26.5q0 -15 -8.5 -25t-23.5 -10q-16 0 -28 17q-7 9 -13 22 t-13.5 30t-10.5 24q-127 285 -127 451q0 199 53 333q162 403 875 403h224v256q0 26 19 45t45 19t45 -19l512 -512q19 -19 19 -45z" />
-<glyph unicode="&#xf065;" d="M755 480q0 -13 -10 -23l-332 -332l144 -144q19 -19 19 -45t-19 -45t-45 -19h-448q-26 0 -45 19t-19 45v448q0 26 19 45t45 19t45 -19l144 -144l332 332q10 10 23 10t23 -10l114 -114q10 -10 10 -23zM1536 1344v-448q0 -26 -19 -45t-45 -19t-45 19l-144 144l-332 -332 q-10 -10 -23 -10t-23 10l-114 114q-10 10 -10 23t10 23l332 332l-144 144q-19 19 -19 45t19 45t45 19h448q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf066;" d="M768 576v-448q0 -26 -19 -45t-45 -19t-45 19l-144 144l-332 -332q-10 -10 -23 -10t-23 10l-114 114q-10 10 -10 23t10 23l332 332l-144 144q-19 19 -19 45t19 45t45 19h448q26 0 45 -19t19 -45zM1523 1248q0 -13 -10 -23l-332 -332l144 -144q19 -19 19 -45t-19 -45 t-45 -19h-448q-26 0 -45 19t-19 45v448q0 26 19 45t45 19t45 -19l144 -144l332 332q10 10 23 10t23 -10l114 -114q10 -10 10 -23z" />
-<glyph unicode="&#xf067;" horiz-adv-x="1408" d="M1408 800v-192q0 -40 -28 -68t-68 -28h-416v-416q0 -40 -28 -68t-68 -28h-192q-40 0 -68 28t-28 68v416h-416q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h416v416q0 40 28 68t68 28h192q40 0 68 -28t28 -68v-416h416q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf068;" horiz-adv-x="1408" d="M1408 800v-192q0 -40 -28 -68t-68 -28h-1216q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h1216q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf069;" horiz-adv-x="1664" d="M1482 486q46 -26 59.5 -77.5t-12.5 -97.5l-64 -110q-26 -46 -77.5 -59.5t-97.5 12.5l-266 153v-307q0 -52 -38 -90t-90 -38h-128q-52 0 -90 38t-38 90v307l-266 -153q-46 -26 -97.5 -12.5t-77.5 59.5l-64 110q-26 46 -12.5 97.5t59.5 77.5l266 154l-266 154 q-46 26 -59.5 77.5t12.5 97.5l64 110q26 46 77.5 59.5t97.5 -12.5l266 -153v307q0 52 38 90t90 38h128q52 0 90 -38t38 -90v-307l266 153q46 26 97.5 12.5t77.5 -59.5l64 -110q26 -46 12.5 -97.5t-59.5 -77.5l-266 -154z" />
-<glyph unicode="&#xf06a;" d="M768 1408q209 0 385.5 -103t279.5 -279.5t103 -385.5t-103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103zM896 161v190q0 14 -9 23.5t-22 9.5h-192q-13 0 -23 -10t-10 -23v-190q0 -13 10 -23t23 -10h192 q13 0 22 9.5t9 23.5zM894 505l18 621q0 12 -10 18q-10 8 -24 8h-220q-14 0 -24 -8q-10 -6 -10 -18l17 -621q0 -10 10 -17.5t24 -7.5h185q14 0 23.5 7.5t10.5 17.5z" />
-<glyph unicode="&#xf06b;" d="M928 180v56v468v192h-320v-192v-468v-56q0 -25 18 -38.5t46 -13.5h192q28 0 46 13.5t18 38.5zM472 1024h195l-126 161q-26 31 -69 31q-40 0 -68 -28t-28 -68t28 -68t68 -28zM1160 1120q0 40 -28 68t-68 28q-43 0 -69 -31l-125 -161h194q40 0 68 28t28 68zM1536 864v-320 q0 -14 -9 -23t-23 -9h-96v-416q0 -40 -28 -68t-68 -28h-1088q-40 0 -68 28t-28 68v416h-96q-14 0 -23 9t-9 23v320q0 14 9 23t23 9h440q-93 0 -158.5 65.5t-65.5 158.5t65.5 158.5t158.5 65.5q107 0 168 -77l128 -165l128 165q61 77 168 77q93 0 158.5 -65.5t65.5 -158.5 t-65.5 -158.5t-158.5 -65.5h440q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf06c;" horiz-adv-x="1792" d="M1280 832q0 26 -19 45t-45 19q-172 0 -318 -49.5t-259.5 -134t-235.5 -219.5q-19 -21 -19 -45q0 -26 19 -45t45 -19q24 0 45 19q27 24 74 71t67 66q137 124 268.5 176t313.5 52q26 0 45 19t19 45zM1792 1030q0 -95 -20 -193q-46 -224 -184.5 -383t-357.5 -268 q-214 -108 -438 -108q-148 0 -286 47q-15 5 -88 42t-96 37q-16 0 -39.5 -32t-45 -70t-52.5 -70t-60 -32q-30 0 -51 11t-31 24t-27 42q-2 4 -6 11t-5.5 10t-3 9.5t-1.5 13.5q0 35 31 73.5t68 65.5t68 56t31 48q0 4 -14 38t-16 44q-9 51 -9 104q0 115 43.5 220t119 184.5 t170.5 139t204 95.5q55 18 145 25.5t179.5 9t178.5 6t163.5 24t113.5 56.5l29.5 29.5t29.5 28t27 20t36.5 16t43.5 4.5q39 0 70.5 -46t47.5 -112t24 -124t8 -96z" />
-<glyph unicode="&#xf06d;" horiz-adv-x="1408" d="M1408 -160v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-1344q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h1344q13 0 22.5 -9.5t9.5 -22.5zM1152 896q0 -78 -24.5 -144t-64 -112.5t-87.5 -88t-96 -77.5t-87.5 -72t-64 -81.5t-24.5 -96.5q0 -96 67 -224l-4 1l1 -1 q-90 41 -160 83t-138.5 100t-113.5 122.5t-72.5 150.5t-27.5 184q0 78 24.5 144t64 112.5t87.5 88t96 77.5t87.5 72t64 81.5t24.5 96.5q0 94 -66 224l3 -1l-1 1q90 -41 160 -83t138.5 -100t113.5 -122.5t72.5 -150.5t27.5 -184z" />
-<glyph unicode="&#xf06e;" horiz-adv-x="1792" d="M1664 576q-152 236 -381 353q61 -104 61 -225q0 -185 -131.5 -316.5t-316.5 -131.5t-316.5 131.5t-131.5 316.5q0 121 61 225q-229 -117 -381 -353q133 -205 333.5 -326.5t434.5 -121.5t434.5 121.5t333.5 326.5zM944 960q0 20 -14 34t-34 14q-125 0 -214.5 -89.5 t-89.5 -214.5q0 -20 14 -34t34 -14t34 14t14 34q0 86 61 147t147 61q20 0 34 14t14 34zM1792 576q0 -34 -20 -69q-140 -230 -376.5 -368.5t-499.5 -138.5t-499.5 139t-376.5 368q-20 35 -20 69t20 69q140 229 376.5 368t499.5 139t499.5 -139t376.5 -368q20 -35 20 -69z" />
-<glyph unicode="&#xf070;" horiz-adv-x="1792" d="M555 201l78 141q-87 63 -136 159t-49 203q0 121 61 225q-229 -117 -381 -353q167 -258 427 -375zM944 960q0 20 -14 34t-34 14q-125 0 -214.5 -89.5t-89.5 -214.5q0 -20 14 -34t34 -14t34 14t14 34q0 86 61 147t147 61q20 0 34 14t14 34zM1307 1151q0 -7 -1 -9 q-105 -188 -315 -566t-316 -567l-49 -89q-10 -16 -28 -16q-12 0 -134 70q-16 10 -16 28q0 12 44 87q-143 65 -263.5 173t-208.5 245q-20 31 -20 69t20 69q153 235 380 371t496 136q89 0 180 -17l54 97q10 16 28 16q5 0 18 -6t31 -15.5t33 -18.5t31.5 -18.5t19.5 -11.5 q16 -10 16 -27zM1344 704q0 -139 -79 -253.5t-209 -164.5l280 502q8 -45 8 -84zM1792 576q0 -35 -20 -69q-39 -64 -109 -145q-150 -172 -347.5 -267t-419.5 -95l74 132q212 18 392.5 137t301.5 307q-115 179 -282 294l63 112q95 -64 182.5 -153t144.5 -184q20 -34 20 -69z " />
-<glyph unicode="&#xf071;" horiz-adv-x="1792" d="M1024 161v190q0 14 -9.5 23.5t-22.5 9.5h-192q-13 0 -22.5 -9.5t-9.5 -23.5v-190q0 -14 9.5 -23.5t22.5 -9.5h192q13 0 22.5 9.5t9.5 23.5zM1022 535l18 459q0 12 -10 19q-13 11 -24 11h-220q-11 0 -24 -11q-10 -7 -10 -21l17 -457q0 -10 10 -16.5t24 -6.5h185 q14 0 23.5 6.5t10.5 16.5zM1008 1469l768 -1408q35 -63 -2 -126q-17 -29 -46.5 -46t-63.5 -17h-1536q-34 0 -63.5 17t-46.5 46q-37 63 -2 126l768 1408q17 31 47 49t65 18t65 -18t47 -49z" />
-<glyph unicode="&#xf072;" horiz-adv-x="1408" d="M1376 1376q44 -52 12 -148t-108 -172l-161 -161l160 -696q5 -19 -12 -33l-128 -96q-7 -6 -19 -6q-4 0 -7 1q-15 3 -21 16l-279 508l-259 -259l53 -194q5 -17 -8 -31l-96 -96q-9 -9 -23 -9h-2q-15 2 -24 13l-189 252l-252 189q-11 7 -13 23q-1 13 9 25l96 97q9 9 23 9 q6 0 8 -1l194 -53l259 259l-508 279q-14 8 -17 24q-2 16 9 27l128 128q14 13 30 8l665 -159l160 160q76 76 172 108t148 -12z" />
-<glyph unicode="&#xf073;" horiz-adv-x="1664" d="M128 -128h288v288h-288v-288zM480 -128h320v288h-320v-288zM128 224h288v320h-288v-320zM480 224h320v320h-320v-320zM128 608h288v288h-288v-288zM864 -128h320v288h-320v-288zM480 608h320v288h-320v-288zM1248 -128h288v288h-288v-288zM864 224h320v320h-320v-320z M512 1088v288q0 13 -9.5 22.5t-22.5 9.5h-64q-13 0 -22.5 -9.5t-9.5 -22.5v-288q0 -13 9.5 -22.5t22.5 -9.5h64q13 0 22.5 9.5t9.5 22.5zM1248 224h288v320h-288v-320zM864 608h320v288h-320v-288zM1248 608h288v288h-288v-288zM1280 1088v288q0 13 -9.5 22.5t-22.5 9.5h-64 q-13 0 -22.5 -9.5t-9.5 -22.5v-288q0 -13 9.5 -22.5t22.5 -9.5h64q13 0 22.5 9.5t9.5 22.5zM1664 1152v-1280q0 -52 -38 -90t-90 -38h-1408q-52 0 -90 38t-38 90v1280q0 52 38 90t90 38h128v96q0 66 47 113t113 47h64q66 0 113 -47t47 -113v-96h384v96q0 66 47 113t113 47 h64q66 0 113 -47t47 -113v-96h128q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf074;" horiz-adv-x="1792" d="M666 1055q-60 -92 -137 -273q-22 45 -37 72.5t-40.5 63.5t-51 56.5t-63 35t-81.5 14.5h-224q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h224q250 0 410 -225zM1792 256q0 -14 -9 -23l-320 -320q-9 -9 -23 -9q-13 0 -22.5 9.5t-9.5 22.5v192q-32 0 -85 -0.5t-81 -1t-73 1 t-71 5t-64 10.5t-63 18.5t-58 28.5t-59 40t-55 53.5t-56 69.5q59 93 136 273q22 -45 37 -72.5t40.5 -63.5t51 -56.5t63 -35t81.5 -14.5h256v192q0 14 9 23t23 9q12 0 24 -10l319 -319q9 -9 9 -23zM1792 1152q0 -14 -9 -23l-320 -320q-9 -9 -23 -9q-13 0 -22.5 9.5t-9.5 22.5 v192h-256q-48 0 -87 -15t-69 -45t-51 -61.5t-45 -77.5q-32 -62 -78 -171q-29 -66 -49.5 -111t-54 -105t-64 -100t-74 -83t-90 -68.5t-106.5 -42t-128 -16.5h-224q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h224q48 0 87 15t69 45t51 61.5t45 77.5q32 62 78 171q29 66 49.5 111 t54 105t64 100t74 83t90 68.5t106.5 42t128 16.5h256v192q0 14 9 23t23 9q12 0 24 -10l319 -319q9 -9 9 -23z" />
-<glyph unicode="&#xf075;" horiz-adv-x="1792" d="M1792 640q0 -174 -120 -321.5t-326 -233t-450 -85.5q-70 0 -145 8q-198 -175 -460 -242q-49 -14 -114 -22q-17 -2 -30.5 9t-17.5 29v1q-3 4 -0.5 12t2 10t4.5 9.5l6 9t7 8.5t8 9q7 8 31 34.5t34.5 38t31 39.5t32.5 51t27 59t26 76q-157 89 -247.5 220t-90.5 281 q0 130 71 248.5t191 204.5t286 136.5t348 50.5q244 0 450 -85.5t326 -233t120 -321.5z" />
-<glyph unicode="&#xf076;" d="M1536 704v-128q0 -201 -98.5 -362t-274 -251.5t-395.5 -90.5t-395.5 90.5t-274 251.5t-98.5 362v128q0 26 19 45t45 19h384q26 0 45 -19t19 -45v-128q0 -52 23.5 -90t53.5 -57t71 -30t64 -13t44 -2t44 2t64 13t71 30t53.5 57t23.5 90v128q0 26 19 45t45 19h384 q26 0 45 -19t19 -45zM512 1344v-384q0 -26 -19 -45t-45 -19h-384q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h384q26 0 45 -19t19 -45zM1536 1344v-384q0 -26 -19 -45t-45 -19h-384q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h384q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf077;" horiz-adv-x="1792" d="M1683 205l-166 -165q-19 -19 -45 -19t-45 19l-531 531l-531 -531q-19 -19 -45 -19t-45 19l-166 165q-19 19 -19 45.5t19 45.5l742 741q19 19 45 19t45 -19l742 -741q19 -19 19 -45.5t-19 -45.5z" />
-<glyph unicode="&#xf078;" horiz-adv-x="1792" d="M1683 728l-742 -741q-19 -19 -45 -19t-45 19l-742 741q-19 19 -19 45.5t19 45.5l166 165q19 19 45 19t45 -19l531 -531l531 531q19 19 45 19t45 -19l166 -165q19 -19 19 -45.5t-19 -45.5z" />
-<glyph unicode="&#xf079;" horiz-adv-x="1920" d="M1280 32q0 -13 -9.5 -22.5t-22.5 -9.5h-960q-8 0 -13.5 2t-9 7t-5.5 8t-3 11.5t-1 11.5v13v11v160v416h-192q-26 0 -45 19t-19 45q0 24 15 41l320 384q19 22 49 22t49 -22l320 -384q15 -17 15 -41q0 -26 -19 -45t-45 -19h-192v-384h576q16 0 25 -11l160 -192q7 -11 7 -21 zM1920 448q0 -24 -15 -41l-320 -384q-20 -23 -49 -23t-49 23l-320 384q-15 17 -15 41q0 26 19 45t45 19h192v384h-576q-16 0 -25 12l-160 192q-7 9 -7 20q0 13 9.5 22.5t22.5 9.5h960q8 0 13.5 -2t9 -7t5.5 -8t3 -11.5t1 -11.5v-13v-11v-160v-416h192q26 0 45 -19t19 -45z " />
-<glyph unicode="&#xf07a;" horiz-adv-x="1664" d="M640 0q0 -52 -38 -90t-90 -38t-90 38t-38 90t38 90t90 38t90 -38t38 -90zM1536 0q0 -52 -38 -90t-90 -38t-90 38t-38 90t38 90t90 38t90 -38t38 -90zM1664 1088v-512q0 -24 -16.5 -42.5t-40.5 -21.5l-1044 -122q13 -60 13 -70q0 -16 -24 -64h920q26 0 45 -19t19 -45 t-19 -45t-45 -19h-1024q-26 0 -45 19t-19 45q0 11 8 31.5t16 36t21.5 40t15.5 29.5l-177 823h-204q-26 0 -45 19t-19 45t19 45t45 19h256q16 0 28.5 -6.5t19.5 -15.5t13 -24.5t8 -26t5.5 -29.5t4.5 -26h1201q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf07b;" horiz-adv-x="1664" d="M1664 928v-704q0 -92 -66 -158t-158 -66h-1216q-92 0 -158 66t-66 158v960q0 92 66 158t158 66h320q92 0 158 -66t66 -158v-32h672q92 0 158 -66t66 -158z" />
-<glyph unicode="&#xf07c;" horiz-adv-x="1920" d="M1879 584q0 -31 -31 -66l-336 -396q-43 -51 -120.5 -86.5t-143.5 -35.5h-1088q-34 0 -60.5 13t-26.5 43q0 31 31 66l336 396q43 51 120.5 86.5t143.5 35.5h1088q34 0 60.5 -13t26.5 -43zM1536 928v-160h-832q-94 0 -197 -47.5t-164 -119.5l-337 -396l-5 -6q0 4 -0.5 12.5 t-0.5 12.5v960q0 92 66 158t158 66h320q92 0 158 -66t66 -158v-32h544q92 0 158 -66t66 -158z" />
-<glyph unicode="&#xf07d;" horiz-adv-x="768" d="M704 1216q0 -26 -19 -45t-45 -19h-128v-1024h128q26 0 45 -19t19 -45t-19 -45l-256 -256q-19 -19 -45 -19t-45 19l-256 256q-19 19 -19 45t19 45t45 19h128v1024h-128q-26 0 -45 19t-19 45t19 45l256 256q19 19 45 19t45 -19l256 -256q19 -19 19 -45z" />
-<glyph unicode="&#xf07e;" horiz-adv-x="1792" d="M1792 640q0 -26 -19 -45l-256 -256q-19 -19 -45 -19t-45 19t-19 45v128h-1024v-128q0 -26 -19 -45t-45 -19t-45 19l-256 256q-19 19 -19 45t19 45l256 256q19 19 45 19t45 -19t19 -45v-128h1024v128q0 26 19 45t45 19t45 -19l256 -256q19 -19 19 -45z" />
-<glyph unicode="&#xf080;" horiz-adv-x="2048" d="M640 640v-512h-256v512h256zM1024 1152v-1024h-256v1024h256zM2048 0v-128h-2048v1536h128v-1408h1920zM1408 896v-768h-256v768h256zM1792 1280v-1152h-256v1152h256z" />
-<glyph unicode="&#xf081;" d="M1280 926q-56 -25 -121 -34q68 40 93 117q-65 -38 -134 -51q-61 66 -153 66q-87 0 -148.5 -61.5t-61.5 -148.5q0 -29 5 -48q-129 7 -242 65t-192 155q-29 -50 -29 -106q0 -114 91 -175q-47 1 -100 26v-2q0 -75 50 -133.5t123 -72.5q-29 -8 -51 -8q-13 0 -39 4 q21 -63 74.5 -104t121.5 -42q-116 -90 -261 -90q-26 0 -50 3q148 -94 322 -94q112 0 210 35.5t168 95t120.5 137t75 162t24.5 168.5q0 18 -1 27q63 45 105 109zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5 t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf082;" d="M1248 1408q119 0 203.5 -84.5t84.5 -203.5v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-188v595h199l30 232h-229v148q0 56 23.5 84t91.5 28l122 1v207q-63 9 -178 9q-136 0 -217.5 -80t-81.5 -226v-171h-200v-232h200v-595h-532q-119 0 -203.5 84.5t-84.5 203.5v960 q0 119 84.5 203.5t203.5 84.5h960z" />
-<glyph unicode="&#xf083;" horiz-adv-x="1792" d="M928 704q0 14 -9 23t-23 9q-66 0 -113 -47t-47 -113q0 -14 9 -23t23 -9t23 9t9 23q0 40 28 68t68 28q14 0 23 9t9 23zM1152 574q0 -106 -75 -181t-181 -75t-181 75t-75 181t75 181t181 75t181 -75t75 -181zM128 0h1536v128h-1536v-128zM1280 574q0 159 -112.5 271.5 t-271.5 112.5t-271.5 -112.5t-112.5 -271.5t112.5 -271.5t271.5 -112.5t271.5 112.5t112.5 271.5zM256 1216h384v128h-384v-128zM128 1024h1536v118v138h-828l-64 -128h-644v-128zM1792 1280v-1280q0 -53 -37.5 -90.5t-90.5 -37.5h-1536q-53 0 -90.5 37.5t-37.5 90.5v1280 q0 53 37.5 90.5t90.5 37.5h1536q53 0 90.5 -37.5t37.5 -90.5z" />
-<glyph unicode="&#xf084;" horiz-adv-x="1792" d="M832 1024q0 80 -56 136t-136 56t-136 -56t-56 -136q0 -42 19 -83q-41 19 -83 19q-80 0 -136 -56t-56 -136t56 -136t136 -56t136 56t56 136q0 42 -19 83q41 -19 83 -19q80 0 136 56t56 136zM1683 320q0 -17 -49 -66t-66 -49q-9 0 -28.5 16t-36.5 33t-38.5 40t-24.5 26 l-96 -96l220 -220q28 -28 28 -68q0 -42 -39 -81t-81 -39q-40 0 -68 28l-671 671q-176 -131 -365 -131q-163 0 -265.5 102.5t-102.5 265.5q0 160 95 313t248 248t313 95q163 0 265.5 -102.5t102.5 -265.5q0 -189 -131 -365l355 -355l96 96q-3 3 -26 24.5t-40 38.5t-33 36.5 t-16 28.5q0 17 49 66t66 49q13 0 23 -10q6 -6 46 -44.5t82 -79.5t86.5 -86t73 -78t28.5 -41z" />
-<glyph unicode="&#xf085;" horiz-adv-x="1920" d="M896 640q0 106 -75 181t-181 75t-181 -75t-75 -181t75 -181t181 -75t181 75t75 181zM1664 128q0 52 -38 90t-90 38t-90 -38t-38 -90q0 -53 37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1664 1152q0 52 -38 90t-90 38t-90 -38t-38 -90q0 -53 37.5 -90.5t90.5 -37.5 t90.5 37.5t37.5 90.5zM1280 731v-185q0 -10 -7 -19.5t-16 -10.5l-155 -24q-11 -35 -32 -76q34 -48 90 -115q7 -10 7 -20q0 -12 -7 -19q-23 -30 -82.5 -89.5t-78.5 -59.5q-11 0 -21 7l-115 90q-37 -19 -77 -31q-11 -108 -23 -155q-7 -24 -30 -24h-186q-11 0 -20 7.5t-10 17.5 l-23 153q-34 10 -75 31l-118 -89q-7 -7 -20 -7q-11 0 -21 8q-144 133 -144 160q0 9 7 19q10 14 41 53t47 61q-23 44 -35 82l-152 24q-10 1 -17 9.5t-7 19.5v185q0 10 7 19.5t16 10.5l155 24q11 35 32 76q-34 48 -90 115q-7 11 -7 20q0 12 7 20q22 30 82 89t79 59q11 0 21 -7 l115 -90q34 18 77 32q11 108 23 154q7 24 30 24h186q11 0 20 -7.5t10 -17.5l23 -153q34 -10 75 -31l118 89q8 7 20 7q11 0 21 -8q144 -133 144 -160q0 -9 -7 -19q-12 -16 -42 -54t-45 -60q23 -48 34 -82l152 -23q10 -2 17 -10.5t7 -19.5zM1920 198v-140q0 -16 -149 -31 q-12 -27 -30 -52q51 -113 51 -138q0 -4 -4 -7q-122 -71 -124 -71q-8 0 -46 47t-52 68q-20 -2 -30 -2t-30 2q-14 -21 -52 -68t-46 -47q-2 0 -124 71q-4 3 -4 7q0 25 51 138q-18 25 -30 52q-149 15 -149 31v140q0 16 149 31q13 29 30 52q-51 113 -51 138q0 4 4 7q4 2 35 20 t59 34t30 16q8 0 46 -46.5t52 -67.5q20 2 30 2t30 -2q51 71 92 112l6 2q4 0 124 -70q4 -3 4 -7q0 -25 -51 -138q17 -23 30 -52q149 -15 149 -31zM1920 1222v-140q0 -16 -149 -31q-12 -27 -30 -52q51 -113 51 -138q0 -4 -4 -7q-122 -71 -124 -71q-8 0 -46 47t-52 68 q-20 -2 -30 -2t-30 2q-14 -21 -52 -68t-46 -47q-2 0 -124 71q-4 3 -4 7q0 25 51 138q-18 25 -30 52q-149 15 -149 31v140q0 16 149 31q13 29 30 52q-51 113 -51 138q0 4 4 7q4 2 35 20t59 34t30 16q8 0 46 -46.5t52 -67.5q20 2 30 2t30 -2q51 71 92 112l6 2q4 0 124 -70 q4 -3 4 -7q0 -25 -51 -138q17 -23 30 -52q149 -15 149 -31z" />
-<glyph unicode="&#xf086;" horiz-adv-x="1792" d="M1408 768q0 -139 -94 -257t-256.5 -186.5t-353.5 -68.5q-86 0 -176 16q-124 -88 -278 -128q-36 -9 -86 -16h-3q-11 0 -20.5 8t-11.5 21q-1 3 -1 6.5t0.5 6.5t2 6l2.5 5t3.5 5.5t4 5t4.5 5t4 4.5q5 6 23 25t26 29.5t22.5 29t25 38.5t20.5 44q-124 72 -195 177t-71 224 q0 139 94 257t256.5 186.5t353.5 68.5t353.5 -68.5t256.5 -186.5t94 -257zM1792 512q0 -120 -71 -224.5t-195 -176.5q10 -24 20.5 -44t25 -38.5t22.5 -29t26 -29.5t23 -25q1 -1 4 -4.5t4.5 -5t4 -5t3.5 -5.5l2.5 -5t2 -6t0.5 -6.5t-1 -6.5q-3 -14 -13 -22t-22 -7 q-50 7 -86 16q-154 40 -278 128q-90 -16 -176 -16q-271 0 -472 132q58 -4 88 -4q161 0 309 45t264 129q125 92 192 212t67 254q0 77 -23 152q129 -71 204 -178t75 -230z" />
-<glyph unicode="&#xf087;" d="M256 192q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1408 768q0 51 -39 89.5t-89 38.5h-352q0 58 48 159.5t48 160.5q0 98 -32 145t-128 47q-26 -26 -38 -85t-30.5 -125.5t-59.5 -109.5q-22 -23 -77 -91q-4 -5 -23 -30t-31.5 -41t-34.5 -42.5 t-40 -44t-38.5 -35.5t-40 -27t-35.5 -9h-32v-640h32q13 0 31.5 -3t33 -6.5t38 -11t35 -11.5t35.5 -12.5t29 -10.5q211 -73 342 -73h121q192 0 192 167q0 26 -5 56q30 16 47.5 52.5t17.5 73.5t-18 69q53 50 53 119q0 25 -10 55.5t-25 47.5q32 1 53.5 47t21.5 81zM1536 769 q0 -89 -49 -163q9 -33 9 -69q0 -77 -38 -144q3 -21 3 -43q0 -101 -60 -178q1 -139 -85 -219.5t-227 -80.5h-36h-93q-96 0 -189.5 22.5t-216.5 65.5q-116 40 -138 40h-288q-53 0 -90.5 37.5t-37.5 90.5v640q0 53 37.5 90.5t90.5 37.5h274q36 24 137 155q58 75 107 128 q24 25 35.5 85.5t30.5 126.5t62 108q39 37 90 37q84 0 151 -32.5t102 -101.5t35 -186q0 -93 -48 -192h176q104 0 180 -76t76 -179z" />
-<glyph unicode="&#xf088;" d="M256 1088q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1408 512q0 35 -21.5 81t-53.5 47q15 17 25 47.5t10 55.5q0 69 -53 119q18 32 18 69t-17.5 73.5t-47.5 52.5q5 30 5 56q0 85 -49 126t-136 41h-128q-131 0 -342 -73q-5 -2 -29 -10.5 t-35.5 -12.5t-35 -11.5t-38 -11t-33 -6.5t-31.5 -3h-32v-640h32q16 0 35.5 -9t40 -27t38.5 -35.5t40 -44t34.5 -42.5t31.5 -41t23 -30q55 -68 77 -91q41 -43 59.5 -109.5t30.5 -125.5t38 -85q96 0 128 47t32 145q0 59 -48 160.5t-48 159.5h352q50 0 89 38.5t39 89.5z M1536 511q0 -103 -76 -179t-180 -76h-176q48 -99 48 -192q0 -118 -35 -186q-35 -69 -102 -101.5t-151 -32.5q-51 0 -90 37q-34 33 -54 82t-25.5 90.5t-17.5 84.5t-31 64q-48 50 -107 127q-101 131 -137 155h-274q-53 0 -90.5 37.5t-37.5 90.5v640q0 53 37.5 90.5t90.5 37.5 h288q22 0 138 40q128 44 223 66t200 22h112q140 0 226.5 -79t85.5 -216v-5q60 -77 60 -178q0 -22 -3 -43q38 -67 38 -144q0 -36 -9 -69q49 -74 49 -163z" />
-<glyph unicode="&#xf089;" horiz-adv-x="896" d="M832 1504v-1339l-449 -236q-22 -12 -40 -12q-21 0 -31.5 14.5t-10.5 35.5q0 6 2 20l86 500l-364 354q-25 27 -25 48q0 37 56 46l502 73l225 455q19 41 49 41z" />
-<glyph unicode="&#xf08a;" horiz-adv-x="1792" d="M1664 940q0 81 -21.5 143t-55 98.5t-81.5 59.5t-94 31t-98 8t-112 -25.5t-110.5 -64t-86.5 -72t-60 -61.5q-18 -22 -49 -22t-49 22q-24 28 -60 61.5t-86.5 72t-110.5 64t-112 25.5t-98 -8t-94 -31t-81.5 -59.5t-55 -98.5t-21.5 -143q0 -168 187 -355l581 -560l580 559 q188 188 188 356zM1792 940q0 -221 -229 -450l-623 -600q-18 -18 -44 -18t-44 18l-624 602q-10 8 -27.5 26t-55.5 65.5t-68 97.5t-53.5 121t-23.5 138q0 220 127 344t351 124q62 0 126.5 -21.5t120 -58t95.5 -68.5t76 -68q36 36 76 68t95.5 68.5t120 58t126.5 21.5 q224 0 351 -124t127 -344z" />
-<glyph unicode="&#xf08b;" horiz-adv-x="1664" d="M640 96q0 -4 1 -20t0.5 -26.5t-3 -23.5t-10 -19.5t-20.5 -6.5h-320q-119 0 -203.5 84.5t-84.5 203.5v704q0 119 84.5 203.5t203.5 84.5h320q13 0 22.5 -9.5t9.5 -22.5q0 -4 1 -20t0.5 -26.5t-3 -23.5t-10 -19.5t-20.5 -6.5h-320q-66 0 -113 -47t-47 -113v-704 q0 -66 47 -113t113 -47h288h11h13t11.5 -1t11.5 -3t8 -5.5t7 -9t2 -13.5zM1568 640q0 -26 -19 -45l-544 -544q-19 -19 -45 -19t-45 19t-19 45v288h-448q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h448v288q0 26 19 45t45 19t45 -19l544 -544q19 -19 19 -45z" />
-<glyph unicode="&#xf08c;" d="M237 122h231v694h-231v-694zM483 1030q-1 52 -36 86t-93 34t-94.5 -34t-36.5 -86q0 -51 35.5 -85.5t92.5 -34.5h1q59 0 95 34.5t36 85.5zM1068 122h231v398q0 154 -73 233t-193 79q-136 0 -209 -117h2v101h-231q3 -66 0 -694h231v388q0 38 7 56q15 35 45 59.5t74 24.5 q116 0 116 -157v-371zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf08d;" horiz-adv-x="1152" d="M480 672v448q0 14 -9 23t-23 9t-23 -9t-9 -23v-448q0 -14 9 -23t23 -9t23 9t9 23zM1152 320q0 -26 -19 -45t-45 -19h-429l-51 -483q-2 -12 -10.5 -20.5t-20.5 -8.5h-1q-27 0 -32 27l-76 485h-404q-26 0 -45 19t-19 45q0 123 78.5 221.5t177.5 98.5v512q-52 0 -90 38 t-38 90t38 90t90 38h640q52 0 90 -38t38 -90t-38 -90t-90 -38v-512q99 0 177.5 -98.5t78.5 -221.5z" />
-<glyph unicode="&#xf08e;" horiz-adv-x="1792" d="M1408 608v-320q0 -119 -84.5 -203.5t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h704q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-704q-66 0 -113 -47t-47 -113v-832q0 -66 47 -113t113 -47h832q66 0 113 47t47 113v320 q0 14 9 23t23 9h64q14 0 23 -9t9 -23zM1792 1472v-512q0 -26 -19 -45t-45 -19t-45 19l-176 176l-652 -652q-10 -10 -23 -10t-23 10l-114 114q-10 10 -10 23t10 23l652 652l-176 176q-19 19 -19 45t19 45t45 19h512q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf090;" d="M1184 640q0 -26 -19 -45l-544 -544q-19 -19 -45 -19t-45 19t-19 45v288h-448q-26 0 -45 19t-19 45v384q0 26 19 45t45 19h448v288q0 26 19 45t45 19t45 -19l544 -544q19 -19 19 -45zM1536 992v-704q0 -119 -84.5 -203.5t-203.5 -84.5h-320q-13 0 -22.5 9.5t-9.5 22.5 q0 4 -1 20t-0.5 26.5t3 23.5t10 19.5t20.5 6.5h320q66 0 113 47t47 113v704q0 66 -47 113t-113 47h-288h-11h-13t-11.5 1t-11.5 3t-8 5.5t-7 9t-2 13.5q0 4 -1 20t-0.5 26.5t3 23.5t10 19.5t20.5 6.5h320q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf091;" horiz-adv-x="1664" d="M458 653q-74 162 -74 371h-256v-96q0 -78 94.5 -162t235.5 -113zM1536 928v96h-256q0 -209 -74 -371q141 29 235.5 113t94.5 162zM1664 1056v-128q0 -71 -41.5 -143t-112 -130t-173 -97.5t-215.5 -44.5q-42 -54 -95 -95q-38 -34 -52.5 -72.5t-14.5 -89.5q0 -54 30.5 -91 t97.5 -37q75 0 133.5 -45.5t58.5 -114.5v-64q0 -14 -9 -23t-23 -9h-832q-14 0 -23 9t-9 23v64q0 69 58.5 114.5t133.5 45.5q67 0 97.5 37t30.5 91q0 51 -14.5 89.5t-52.5 72.5q-53 41 -95 95q-113 5 -215.5 44.5t-173 97.5t-112 130t-41.5 143v128q0 40 28 68t68 28h288v96 q0 66 47 113t113 47h576q66 0 113 -47t47 -113v-96h288q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf092;" d="M394 184q-8 -9 -20 3q-13 11 -4 19q8 9 20 -3q12 -11 4 -19zM352 245q9 -12 0 -19q-8 -6 -17 7t0 18q9 7 17 -6zM291 305q-5 -7 -13 -2q-10 5 -7 12q3 5 13 2q10 -5 7 -12zM322 271q-6 -7 -16 3q-9 11 -2 16q6 6 16 -3q9 -11 2 -16zM451 159q-4 -12 -19 -6q-17 4 -13 15 t19 7q16 -5 13 -16zM514 154q0 -11 -16 -11q-17 -2 -17 11q0 11 16 11q17 2 17 -11zM572 164q2 -10 -14 -14t-18 8t14 15q16 2 18 -9zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-224q-16 0 -24.5 1t-19.5 5t-16 14.5t-5 27.5v239q0 97 -52 142q57 6 102.5 18t94 39 t81 66.5t53 105t20.5 150.5q0 121 -79 206q37 91 -8 204q-28 9 -81 -11t-92 -44l-38 -24q-93 26 -192 26t-192 -26q-16 11 -42.5 27t-83.5 38.5t-86 13.5q-44 -113 -7 -204q-79 -85 -79 -206q0 -85 20.5 -150t52.5 -105t80.5 -67t94 -39t102.5 -18q-40 -36 -49 -103 q-21 -10 -45 -15t-57 -5t-65.5 21.5t-55.5 62.5q-19 32 -48.5 52t-49.5 24l-20 3q-21 0 -29 -4.5t-5 -11.5t9 -14t13 -12l7 -5q22 -10 43.5 -38t31.5 -51l10 -23q13 -38 44 -61.5t67 -30t69.5 -7t55.5 3.5l23 4q0 -38 0.5 -103t0.5 -68q0 -22 -11 -33.5t-22 -13t-33 -1.5 h-224q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf093;" horiz-adv-x="1664" d="M1280 64q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1536 64q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1664 288v-320q0 -40 -28 -68t-68 -28h-1472q-40 0 -68 28t-28 68v320q0 40 28 68t68 28h427q21 -56 70.5 -92 t110.5 -36h256q61 0 110.5 36t70.5 92h427q40 0 68 -28t28 -68zM1339 936q-17 -40 -59 -40h-256v-448q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v448h-256q-42 0 -59 40q-17 39 14 69l448 448q18 19 45 19t45 -19l448 -448q31 -30 14 -69z" />
-<glyph unicode="&#xf094;" d="M1407 710q0 44 -7 113.5t-18 96.5q-12 30 -17 44t-9 36.5t-4 48.5q0 23 5 68.5t5 67.5q0 37 -10 55q-4 1 -13 1q-19 0 -58 -4.5t-59 -4.5q-60 0 -176 24t-175 24q-43 0 -94.5 -11.5t-85 -23.5t-89.5 -34q-137 -54 -202 -103q-96 -73 -159.5 -189.5t-88 -236t-24.5 -248.5 q0 -40 12.5 -120t12.5 -121q0 -23 -11 -66.5t-11 -65.5t12 -36.5t34 -14.5q24 0 72.5 11t73.5 11q57 0 169.5 -15.5t169.5 -15.5q181 0 284 36q129 45 235.5 152.5t166 245.5t59.5 275zM1535 712q0 -165 -70 -327.5t-196 -288t-281 -180.5q-124 -44 -326 -44 q-57 0 -170 14.5t-169 14.5q-24 0 -72.5 -14.5t-73.5 -14.5q-73 0 -123.5 55.5t-50.5 128.5q0 24 11 68t11 67q0 40 -12.5 120.5t-12.5 121.5q0 111 18 217.5t54.5 209.5t100.5 194t150 156q78 59 232 120q194 78 316 78q60 0 175.5 -24t173.5 -24q19 0 57 5t58 5 q81 0 118 -50.5t37 -134.5q0 -23 -5 -68t-5 -68q0 -10 1 -18.5t3 -17t4 -13.5t6.5 -16t6.5 -17q16 -40 25 -118.5t9 -136.5z" />
-<glyph unicode="&#xf095;" horiz-adv-x="1408" d="M1408 296q0 -27 -10 -70.5t-21 -68.5q-21 -50 -122 -106q-94 -51 -186 -51q-27 0 -52.5 3.5t-57.5 12.5t-47.5 14.5t-55.5 20.5t-49 18q-98 35 -175 83q-128 79 -264.5 215.5t-215.5 264.5q-48 77 -83 175q-3 9 -18 49t-20.5 55.5t-14.5 47.5t-12.5 57.5t-3.5 52.5 q0 92 51 186q56 101 106 122q25 11 68.5 21t70.5 10q14 0 21 -3q18 -6 53 -76q11 -19 30 -54t35 -63.5t31 -53.5q3 -4 17.5 -25t21.5 -35.5t7 -28.5q0 -20 -28.5 -50t-62 -55t-62 -53t-28.5 -46q0 -9 5 -22.5t8.5 -20.5t14 -24t11.5 -19q76 -137 174 -235t235 -174 q2 -1 19 -11.5t24 -14t20.5 -8.5t22.5 -5q18 0 46 28.5t53 62t55 62t50 28.5q14 0 28.5 -7t35.5 -21.5t25 -17.5q25 -15 53.5 -31t63.5 -35t54 -30q70 -35 76 -53q3 -7 3 -21z" />
-<glyph unicode="&#xf096;" horiz-adv-x="1408" d="M1120 1280h-832q-66 0 -113 -47t-47 -113v-832q0 -66 47 -113t113 -47h832q66 0 113 47t47 113v832q0 66 -47 113t-113 47zM1408 1120v-832q0 -119 -84.5 -203.5t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h832 q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf097;" horiz-adv-x="1280" d="M1152 1280h-1024v-1242l423 406l89 85l89 -85l423 -406v1242zM1164 1408q23 0 44 -9q33 -13 52.5 -41t19.5 -62v-1289q0 -34 -19.5 -62t-52.5 -41q-19 -8 -44 -8q-48 0 -83 32l-441 424l-441 -424q-36 -33 -83 -33q-23 0 -44 9q-33 13 -52.5 41t-19.5 62v1289 q0 34 19.5 62t52.5 41q21 9 44 9h1048z" />
-<glyph unicode="&#xf098;" d="M1280 343q0 11 -2 16q-3 8 -38.5 29.5t-88.5 49.5l-53 29q-5 3 -19 13t-25 15t-21 5q-18 0 -47 -32.5t-57 -65.5t-44 -33q-7 0 -16.5 3.5t-15.5 6.5t-17 9.5t-14 8.5q-99 55 -170.5 126.5t-126.5 170.5q-2 3 -8.5 14t-9.5 17t-6.5 15.5t-3.5 16.5q0 13 20.5 33.5t45 38.5 t45 39.5t20.5 36.5q0 10 -5 21t-15 25t-13 19q-3 6 -15 28.5t-25 45.5t-26.5 47.5t-25 40.5t-16.5 18t-16 2q-48 0 -101 -22q-46 -21 -80 -94.5t-34 -130.5q0 -16 2.5 -34t5 -30.5t9 -33t10 -29.5t12.5 -33t11 -30q60 -164 216.5 -320.5t320.5 -216.5q6 -2 30 -11t33 -12.5 t29.5 -10t33 -9t30.5 -5t34 -2.5q57 0 130.5 34t94.5 80q22 53 22 101zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf099;" horiz-adv-x="1664" d="M1620 1128q-67 -98 -162 -167q1 -14 1 -42q0 -130 -38 -259.5t-115.5 -248.5t-184.5 -210.5t-258 -146t-323 -54.5q-271 0 -496 145q35 -4 78 -4q225 0 401 138q-105 2 -188 64.5t-114 159.5q33 -5 61 -5q43 0 85 11q-112 23 -185.5 111.5t-73.5 205.5v4q68 -38 146 -41 q-66 44 -105 115t-39 154q0 88 44 163q121 -149 294.5 -238.5t371.5 -99.5q-8 38 -8 74q0 134 94.5 228.5t228.5 94.5q140 0 236 -102q109 21 205 78q-37 -115 -142 -178q93 10 186 50z" />
-<glyph unicode="&#xf09a;" horiz-adv-x="1024" d="M959 1524v-264h-157q-86 0 -116 -36t-30 -108v-189h293l-39 -296h-254v-759h-306v759h-255v296h255v218q0 186 104 288.5t277 102.5q147 0 228 -12z" />
-<glyph unicode="&#xf09b;" d="M1536 640q0 -251 -146.5 -451.5t-378.5 -277.5q-27 -5 -39.5 7t-12.5 30v211q0 97 -52 142q57 6 102.5 18t94 39t81 66.5t53 105t20.5 150.5q0 121 -79 206q37 91 -8 204q-28 9 -81 -11t-92 -44l-38 -24q-93 26 -192 26t-192 -26q-16 11 -42.5 27t-83.5 38.5t-86 13.5 q-44 -113 -7 -204q-79 -85 -79 -206q0 -85 20.5 -150t52.5 -105t80.5 -67t94 -39t102.5 -18q-40 -36 -49 -103q-21 -10 -45 -15t-57 -5t-65.5 21.5t-55.5 62.5q-19 32 -48.5 52t-49.5 24l-20 3q-21 0 -29 -4.5t-5 -11.5t9 -14t13 -12l7 -5q22 -10 43.5 -38t31.5 -51l10 -23 q13 -38 44 -61.5t67 -30t69.5 -7t55.5 3.5l23 4q0 -38 0.5 -89t0.5 -54q0 -18 -13 -30t-40 -7q-232 77 -378.5 277.5t-146.5 451.5q0 209 103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf09c;" horiz-adv-x="1664" d="M1664 960v-256q0 -26 -19 -45t-45 -19h-64q-26 0 -45 19t-19 45v256q0 106 -75 181t-181 75t-181 -75t-75 -181v-192h96q40 0 68 -28t28 -68v-576q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68v576q0 40 28 68t68 28h672v192q0 185 131.5 316.5t316.5 131.5 t316.5 -131.5t131.5 -316.5z" />
-<glyph unicode="&#xf09d;" horiz-adv-x="1920" d="M1760 1408q66 0 113 -47t47 -113v-1216q0 -66 -47 -113t-113 -47h-1600q-66 0 -113 47t-47 113v1216q0 66 47 113t113 47h1600zM160 1280q-13 0 -22.5 -9.5t-9.5 -22.5v-224h1664v224q0 13 -9.5 22.5t-22.5 9.5h-1600zM1760 0q13 0 22.5 9.5t9.5 22.5v608h-1664v-608 q0 -13 9.5 -22.5t22.5 -9.5h1600zM256 128v128h256v-128h-256zM640 128v128h384v-128h-384z" />
-<glyph unicode="&#xf09e;" horiz-adv-x="1408" d="M384 192q0 -80 -56 -136t-136 -56t-136 56t-56 136t56 136t136 56t136 -56t56 -136zM896 69q2 -28 -17 -48q-18 -21 -47 -21h-135q-25 0 -43 16.5t-20 41.5q-22 229 -184.5 391.5t-391.5 184.5q-25 2 -41.5 20t-16.5 43v135q0 29 21 47q17 17 43 17h5q160 -13 306 -80.5 t259 -181.5q114 -113 181.5 -259t80.5 -306zM1408 67q2 -27 -18 -47q-18 -20 -46 -20h-143q-26 0 -44.5 17.5t-19.5 42.5q-12 215 -101 408.5t-231.5 336t-336 231.5t-408.5 102q-25 1 -42.5 19.5t-17.5 43.5v143q0 28 20 46q18 18 44 18h3q262 -13 501.5 -120t425.5 -294 q187 -186 294 -425.5t120 -501.5z" />
-<glyph unicode="&#xf0a0;" d="M1040 320q0 -33 -23.5 -56.5t-56.5 -23.5t-56.5 23.5t-23.5 56.5t23.5 56.5t56.5 23.5t56.5 -23.5t23.5 -56.5zM1296 320q0 -33 -23.5 -56.5t-56.5 -23.5t-56.5 23.5t-23.5 56.5t23.5 56.5t56.5 23.5t56.5 -23.5t23.5 -56.5zM1408 160v320q0 13 -9.5 22.5t-22.5 9.5 h-1216q-13 0 -22.5 -9.5t-9.5 -22.5v-320q0 -13 9.5 -22.5t22.5 -9.5h1216q13 0 22.5 9.5t9.5 22.5zM178 640h1180l-157 482q-4 13 -16 21.5t-26 8.5h-782q-14 0 -26 -8.5t-16 -21.5zM1536 480v-320q0 -66 -47 -113t-113 -47h-1216q-66 0 -113 47t-47 113v320q0 25 16 75 l197 606q17 53 63 86t101 33h782q55 0 101 -33t63 -86l197 -606q16 -50 16 -75z" />
-<glyph unicode="&#xf0a1;" horiz-adv-x="1792" d="M1664 896q53 0 90.5 -37.5t37.5 -90.5t-37.5 -90.5t-90.5 -37.5v-384q0 -52 -38 -90t-90 -38q-417 347 -812 380q-58 -19 -91 -66t-31 -100.5t40 -92.5q-20 -33 -23 -65.5t6 -58t33.5 -55t48 -50t61.5 -50.5q-29 -58 -111.5 -83t-168.5 -11.5t-132 55.5q-7 23 -29.5 87.5 t-32 94.5t-23 89t-15 101t3.5 98.5t22 110.5h-122q-66 0 -113 47t-47 113v192q0 66 47 113t113 47h480q435 0 896 384q52 0 90 -38t38 -90v-384zM1536 292v954q-394 -302 -768 -343v-270q377 -42 768 -341z" />
-<glyph unicode="&#xf0a2;" horiz-adv-x="1792" d="M912 -160q0 16 -16 16q-59 0 -101.5 42.5t-42.5 101.5q0 16 -16 16t-16 -16q0 -73 51.5 -124.5t124.5 -51.5q16 0 16 16zM246 128h1300q-266 300 -266 832q0 51 -24 105t-69 103t-121.5 80.5t-169.5 31.5t-169.5 -31.5t-121.5 -80.5t-69 -103t-24 -105q0 -532 -266 -832z M1728 128q0 -52 -38 -90t-90 -38h-448q0 -106 -75 -181t-181 -75t-181 75t-75 181h-448q-52 0 -90 38t-38 90q50 42 91 88t85 119.5t74.5 158.5t50 206t19.5 260q0 152 117 282.5t307 158.5q-8 19 -8 39q0 40 28 68t68 28t68 -28t28 -68q0 -20 -8 -39q190 -28 307 -158.5 t117 -282.5q0 -139 19.5 -260t50 -206t74.5 -158.5t85 -119.5t91 -88z" />
-<glyph unicode="&#xf0a3;" d="M1376 640l138 -135q30 -28 20 -70q-12 -41 -52 -51l-188 -48l53 -186q12 -41 -19 -70q-29 -31 -70 -19l-186 53l-48 -188q-10 -40 -51 -52q-12 -2 -19 -2q-31 0 -51 22l-135 138l-135 -138q-28 -30 -70 -20q-41 11 -51 52l-48 188l-186 -53q-41 -12 -70 19q-31 29 -19 70 l53 186l-188 48q-40 10 -52 51q-10 42 20 70l138 135l-138 135q-30 28 -20 70q12 41 52 51l188 48l-53 186q-12 41 19 70q29 31 70 19l186 -53l48 188q10 41 51 51q41 12 70 -19l135 -139l135 139q29 30 70 19q41 -10 51 -51l48 -188l186 53q41 12 70 -19q31 -29 19 -70 l-53 -186l188 -48q40 -10 52 -51q10 -42 -20 -70z" />
-<glyph unicode="&#xf0a4;" horiz-adv-x="1792" d="M256 192q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1664 768q0 51 -39 89.5t-89 38.5h-576q0 20 15 48.5t33 55t33 68t15 84.5q0 67 -44.5 97.5t-115.5 30.5q-24 0 -90 -139q-24 -44 -37 -65q-40 -64 -112 -145q-71 -81 -101 -106 q-69 -57 -140 -57h-32v-640h32q72 0 167 -32t193.5 -64t179.5 -32q189 0 189 167q0 26 -5 56q30 16 47.5 52.5t17.5 73.5t-18 69q53 50 53 119q0 25 -10 55.5t-25 47.5h331q52 0 90 38t38 90zM1792 769q0 -105 -75.5 -181t-180.5 -76h-169q-4 -62 -37 -119q3 -21 3 -43 q0 -101 -60 -178q1 -139 -85 -219.5t-227 -80.5q-133 0 -322 69q-164 59 -223 59h-288q-53 0 -90.5 37.5t-37.5 90.5v640q0 53 37.5 90.5t90.5 37.5h288q10 0 21.5 4.5t23.5 14t22.5 18t24 22.5t20.5 21.5t19 21.5t14 17q65 74 100 129q13 21 33 62t37 72t40.5 63t55 49.5 t69.5 17.5q125 0 206.5 -67t81.5 -189q0 -68 -22 -128h374q104 0 180 -76t76 -179z" />
-<glyph unicode="&#xf0a5;" horiz-adv-x="1792" d="M1376 128h32v640h-32q-35 0 -67.5 12t-62.5 37t-50 46t-49 54q-2 3 -3.5 4.5t-4 4.5t-4.5 5q-72 81 -112 145q-14 22 -38 68q-1 3 -10.5 22.5t-18.5 36t-20 35.5t-21.5 30.5t-18.5 11.5q-71 0 -115.5 -30.5t-44.5 -97.5q0 -43 15 -84.5t33 -68t33 -55t15 -48.5h-576 q-50 0 -89 -38.5t-39 -89.5q0 -52 38 -90t90 -38h331q-15 -17 -25 -47.5t-10 -55.5q0 -69 53 -119q-18 -32 -18 -69t17.5 -73.5t47.5 -52.5q-4 -24 -4 -56q0 -85 48.5 -126t135.5 -41q84 0 183 32t194 64t167 32zM1664 192q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45 t45 -19t45 19t19 45zM1792 768v-640q0 -53 -37.5 -90.5t-90.5 -37.5h-288q-59 0 -223 -59q-190 -69 -317 -69q-142 0 -230 77.5t-87 217.5l1 5q-61 76 -61 178q0 22 3 43q-33 57 -37 119h-169q-105 0 -180.5 76t-75.5 181q0 103 76 179t180 76h374q-22 60 -22 128 q0 122 81.5 189t206.5 67q38 0 69.5 -17.5t55 -49.5t40.5 -63t37 -72t33 -62q35 -55 100 -129q2 -3 14 -17t19 -21.5t20.5 -21.5t24 -22.5t22.5 -18t23.5 -14t21.5 -4.5h288q53 0 90.5 -37.5t37.5 -90.5z" />
-<glyph unicode="&#xf0a6;" d="M1280 -64q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1408 700q0 189 -167 189q-26 0 -56 -5q-16 30 -52.5 47.5t-73.5 17.5t-69 -18q-50 53 -119 53q-25 0 -55.5 -10t-47.5 -25v331q0 52 -38 90t-90 38q-51 0 -89.5 -39t-38.5 -89v-576 q-20 0 -48.5 15t-55 33t-68 33t-84.5 15q-67 0 -97.5 -44.5t-30.5 -115.5q0 -24 139 -90q44 -24 65 -37q64 -40 145 -112q81 -71 106 -101q57 -69 57 -140v-32h640v32q0 72 32 167t64 193.5t32 179.5zM1536 705q0 -133 -69 -322q-59 -164 -59 -223v-288q0 -53 -37.5 -90.5 t-90.5 -37.5h-640q-53 0 -90.5 37.5t-37.5 90.5v288q0 10 -4.5 21.5t-14 23.5t-18 22.5t-22.5 24t-21.5 20.5t-21.5 19t-17 14q-74 65 -129 100q-21 13 -62 33t-72 37t-63 40.5t-49.5 55t-17.5 69.5q0 125 67 206.5t189 81.5q68 0 128 -22v374q0 104 76 180t179 76 q105 0 181 -75.5t76 -180.5v-169q62 -4 119 -37q21 3 43 3q101 0 178 -60q139 1 219.5 -85t80.5 -227z" />
-<glyph unicode="&#xf0a7;" d="M1408 576q0 84 -32 183t-64 194t-32 167v32h-640v-32q0 -35 -12 -67.5t-37 -62.5t-46 -50t-54 -49q-9 -8 -14 -12q-81 -72 -145 -112q-22 -14 -68 -38q-3 -1 -22.5 -10.5t-36 -18.5t-35.5 -20t-30.5 -21.5t-11.5 -18.5q0 -71 30.5 -115.5t97.5 -44.5q43 0 84.5 15t68 33 t55 33t48.5 15v-576q0 -50 38.5 -89t89.5 -39q52 0 90 38t38 90v331q46 -35 103 -35q69 0 119 53q32 -18 69 -18t73.5 17.5t52.5 47.5q24 -4 56 -4q85 0 126 48.5t41 135.5zM1280 1344q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1536 580 q0 -142 -77.5 -230t-217.5 -87l-5 1q-76 -61 -178 -61q-22 0 -43 3q-54 -30 -119 -37v-169q0 -105 -76 -180.5t-181 -75.5q-103 0 -179 76t-76 180v374q-54 -22 -128 -22q-121 0 -188.5 81.5t-67.5 206.5q0 38 17.5 69.5t49.5 55t63 40.5t72 37t62 33q55 35 129 100 q3 2 17 14t21.5 19t21.5 20.5t22.5 24t18 22.5t14 23.5t4.5 21.5v288q0 53 37.5 90.5t90.5 37.5h640q53 0 90.5 -37.5t37.5 -90.5v-288q0 -59 59 -223q69 -190 69 -317z" />
-<glyph unicode="&#xf0a8;" d="M1280 576v128q0 26 -19 45t-45 19h-502l189 189q19 19 19 45t-19 45l-91 91q-18 18 -45 18t-45 -18l-362 -362l-91 -91q-18 -18 -18 -45t18 -45l91 -91l362 -362q18 -18 45 -18t45 18l91 91q18 18 18 45t-18 45l-189 189h502q26 0 45 19t19 45zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf0a9;" d="M1285 640q0 27 -18 45l-91 91l-362 362q-18 18 -45 18t-45 -18l-91 -91q-18 -18 -18 -45t18 -45l189 -189h-502q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h502l-189 -189q-19 -19 -19 -45t19 -45l91 -91q18 -18 45 -18t45 18l362 362l91 91q18 18 18 45zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf0aa;" d="M1284 641q0 27 -18 45l-362 362l-91 91q-18 18 -45 18t-45 -18l-91 -91l-362 -362q-18 -18 -18 -45t18 -45l91 -91q18 -18 45 -18t45 18l189 189v-502q0 -26 19 -45t45 -19h128q26 0 45 19t19 45v502l189 -189q19 -19 45 -19t45 19l91 91q18 18 18 45zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf0ab;" d="M1284 639q0 27 -18 45l-91 91q-18 18 -45 18t-45 -18l-189 -189v502q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-502l-189 189q-19 19 -45 19t-45 -19l-91 -91q-18 -18 -18 -45t18 -45l362 -362l91 -91q18 -18 45 -18t45 18l91 91l362 362q18 18 18 45zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf0ac;" d="M768 1408q209 0 385.5 -103t279.5 -279.5t103 -385.5t-103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103zM1042 887q-2 -1 -9.5 -9.5t-13.5 -9.5q2 0 4.5 5t5 11t3.5 7q6 7 22 15q14 6 52 12q34 8 51 -11 q-2 2 9.5 13t14.5 12q3 2 15 4.5t15 7.5l2 22q-12 -1 -17.5 7t-6.5 21q0 -2 -6 -8q0 7 -4.5 8t-11.5 -1t-9 -1q-10 3 -15 7.5t-8 16.5t-4 15q-2 5 -9.5 10.5t-9.5 10.5q-1 2 -2.5 5.5t-3 6.5t-4 5.5t-5.5 2.5t-7 -5t-7.5 -10t-4.5 -5q-3 2 -6 1.5t-4.5 -1t-4.5 -3t-5 -3.5 q-3 -2 -8.5 -3t-8.5 -2q15 5 -1 11q-10 4 -16 3q9 4 7.5 12t-8.5 14h5q-1 4 -8.5 8.5t-17.5 8.5t-13 6q-8 5 -34 9.5t-33 0.5q-5 -6 -4.5 -10.5t4 -14t3.5 -12.5q1 -6 -5.5 -13t-6.5 -12q0 -7 14 -15.5t10 -21.5q-3 -8 -16 -16t-16 -12q-5 -8 -1.5 -18.5t10.5 -16.5 q2 -2 1.5 -4t-3.5 -4.5t-5.5 -4t-6.5 -3.5l-3 -2q-11 -5 -20.5 6t-13.5 26q-7 25 -16 30q-23 8 -29 -1q-5 13 -41 26q-25 9 -58 4q6 1 0 15q-7 15 -19 12q3 6 4 17.5t1 13.5q3 13 12 23q1 1 7 8.5t9.5 13.5t0.5 6q35 -4 50 11q5 5 11.5 17t10.5 17q9 6 14 5.5t14.5 -5.5 t14.5 -5q14 -1 15.5 11t-7.5 20q12 -1 3 17q-5 7 -8 9q-12 4 -27 -5q-8 -4 2 -8q-1 1 -9.5 -10.5t-16.5 -17.5t-16 5q-1 1 -5.5 13.5t-9.5 13.5q-8 0 -16 -15q3 8 -11 15t-24 8q19 12 -8 27q-7 4 -20.5 5t-19.5 -4q-5 -7 -5.5 -11.5t5 -8t10.5 -5.5t11.5 -4t8.5 -3 q14 -10 8 -14q-2 -1 -8.5 -3.5t-11.5 -4.5t-6 -4q-3 -4 0 -14t-2 -14q-5 5 -9 17.5t-7 16.5q7 -9 -25 -6l-10 1q-4 0 -16 -2t-20.5 -1t-13.5 8q-4 8 0 20q1 4 4 2q-4 3 -11 9.5t-10 8.5q-46 -15 -94 -41q6 -1 12 1q5 2 13 6.5t10 5.5q34 14 42 7l5 5q14 -16 20 -25 q-7 4 -30 1q-20 -6 -22 -12q7 -12 5 -18q-4 3 -11.5 10t-14.5 11t-15 5q-16 0 -22 -1q-146 -80 -235 -222q7 -7 12 -8q4 -1 5 -9t2.5 -11t11.5 3q9 -8 3 -19q1 1 44 -27q19 -17 21 -21q3 -11 -10 -18q-1 2 -9 9t-9 4q-3 -5 0.5 -18.5t10.5 -12.5q-7 0 -9.5 -16t-2.5 -35.5 t-1 -23.5l2 -1q-3 -12 5.5 -34.5t21.5 -19.5q-13 -3 20 -43q6 -8 8 -9q3 -2 12 -7.5t15 -10t10 -10.5q4 -5 10 -22.5t14 -23.5q-2 -6 9.5 -20t10.5 -23q-1 0 -2.5 -1t-2.5 -1q3 -7 15.5 -14t15.5 -13q1 -3 2 -10t3 -11t8 -2q2 20 -24 62q-15 25 -17 29q-3 5 -5.5 15.5 t-4.5 14.5q2 0 6 -1.5t8.5 -3.5t7.5 -4t2 -3q-3 -7 2 -17.5t12 -18.5t17 -19t12 -13q6 -6 14 -19.5t0 -13.5q9 0 20 -10t17 -20q5 -8 8 -26t5 -24q2 -7 8.5 -13.5t12.5 -9.5l16 -8t13 -7q5 -2 18.5 -10.5t21.5 -11.5q10 -4 16 -4t14.5 2.5t13.5 3.5q15 2 29 -15t21 -21 q36 -19 55 -11q-2 -1 0.5 -7.5t8 -15.5t9 -14.5t5.5 -8.5q5 -6 18 -15t18 -15q6 4 7 9q-3 -8 7 -20t18 -10q14 3 14 32q-31 -15 -49 18q0 1 -2.5 5.5t-4 8.5t-2.5 8.5t0 7.5t5 3q9 0 10 3.5t-2 12.5t-4 13q-1 8 -11 20t-12 15q-5 -9 -16 -8t-16 9q0 -1 -1.5 -5.5t-1.5 -6.5 q-13 0 -15 1q1 3 2.5 17.5t3.5 22.5q1 4 5.5 12t7.5 14.5t4 12.5t-4.5 9.5t-17.5 2.5q-19 -1 -26 -20q-1 -3 -3 -10.5t-5 -11.5t-9 -7q-7 -3 -24 -2t-24 5q-13 8 -22.5 29t-9.5 37q0 10 2.5 26.5t3 25t-5.5 24.5q3 2 9 9.5t10 10.5q2 1 4.5 1.5t4.5 0t4 1.5t3 6q-1 1 -4 3 q-3 3 -4 3q7 -3 28.5 1.5t27.5 -1.5q15 -11 22 2q0 1 -2.5 9.5t-0.5 13.5q5 -27 29 -9q3 -3 15.5 -5t17.5 -5q3 -2 7 -5.5t5.5 -4.5t5 0.5t8.5 6.5q10 -14 12 -24q11 -40 19 -44q7 -3 11 -2t4.5 9.5t0 14t-1.5 12.5l-1 8v18l-1 8q-15 3 -18.5 12t1.5 18.5t15 18.5q1 1 8 3.5 t15.5 6.5t12.5 8q21 19 15 35q7 0 11 9q-1 0 -5 3t-7.5 5t-4.5 2q9 5 2 16q5 3 7.5 11t7.5 10q9 -12 21 -2q7 8 1 16q5 7 20.5 10.5t18.5 9.5q7 -2 8 2t1 12t3 12q4 5 15 9t13 5l17 11q3 4 0 4q18 -2 31 11q10 11 -6 20q3 6 -3 9.5t-15 5.5q3 1 11.5 0.5t10.5 1.5 q15 10 -7 16q-17 5 -43 -12zM879 10q206 36 351 189q-3 3 -12.5 4.5t-12.5 3.5q-18 7 -24 8q1 7 -2.5 13t-8 9t-12.5 8t-11 7q-2 2 -7 6t-7 5.5t-7.5 4.5t-8.5 2t-10 -1l-3 -1q-3 -1 -5.5 -2.5t-5.5 -3t-4 -3t0 -2.5q-21 17 -36 22q-5 1 -11 5.5t-10.5 7t-10 1.5t-11.5 -7 q-5 -5 -6 -15t-2 -13q-7 5 0 17.5t2 18.5q-3 6 -10.5 4.5t-12 -4.5t-11.5 -8.5t-9 -6.5t-8.5 -5.5t-8.5 -7.5q-3 -4 -6 -12t-5 -11q-2 4 -11.5 6.5t-9.5 5.5q2 -10 4 -35t5 -38q7 -31 -12 -48q-27 -25 -29 -40q-4 -22 12 -26q0 -7 -8 -20.5t-7 -21.5q0 -6 2 -16z" />
-<glyph unicode="&#xf0ad;" horiz-adv-x="1664" d="M384 64q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1028 484l-682 -682q-37 -37 -90 -37q-52 0 -91 37l-106 108q-38 36 -38 90q0 53 38 91l681 681q39 -98 114.5 -173.5t173.5 -114.5zM1662 919q0 -39 -23 -106q-47 -134 -164.5 -217.5 t-258.5 -83.5q-185 0 -316.5 131.5t-131.5 316.5t131.5 316.5t316.5 131.5q58 0 121.5 -16.5t107.5 -46.5q16 -11 16 -28t-16 -28l-293 -169v-224l193 -107q5 3 79 48.5t135.5 81t70.5 35.5q15 0 23.5 -10t8.5 -25z" />
-<glyph unicode="&#xf0ae;" horiz-adv-x="1792" d="M1024 128h640v128h-640v-128zM640 640h1024v128h-1024v-128zM1280 1152h384v128h-384v-128zM1792 320v-256q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1792 832v-256q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19 t-19 45v256q0 26 19 45t45 19h1664q26 0 45 -19t19 -45zM1792 1344v-256q0 -26 -19 -45t-45 -19h-1664q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h1664q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0b0;" horiz-adv-x="1408" d="M1403 1241q17 -41 -14 -70l-493 -493v-742q0 -42 -39 -59q-13 -5 -25 -5q-27 0 -45 19l-256 256q-19 19 -19 45v486l-493 493q-31 29 -14 70q17 39 59 39h1280q42 0 59 -39z" />
-<glyph unicode="&#xf0b1;" horiz-adv-x="1792" d="M640 1280h512v128h-512v-128zM1792 640v-480q0 -66 -47 -113t-113 -47h-1472q-66 0 -113 47t-47 113v480h672v-160q0 -26 19 -45t45 -19h320q26 0 45 19t19 45v160h672zM1024 640v-128h-256v128h256zM1792 1120v-384h-1792v384q0 66 47 113t113 47h352v160q0 40 28 68 t68 28h576q40 0 68 -28t28 -68v-160h352q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf0b2;" d="M1283 995l-355 -355l355 -355l144 144q29 31 70 14q39 -17 39 -59v-448q0 -26 -19 -45t-45 -19h-448q-42 0 -59 40q-17 39 14 69l144 144l-355 355l-355 -355l144 -144q31 -30 14 -69q-17 -40 -59 -40h-448q-26 0 -45 19t-19 45v448q0 42 40 59q39 17 69 -14l144 -144 l355 355l-355 355l-144 -144q-19 -19 -45 -19q-12 0 -24 5q-40 17 -40 59v448q0 26 19 45t45 19h448q42 0 59 -40q17 -39 -14 -69l-144 -144l355 -355l355 355l-144 144q-31 30 -14 69q17 40 59 40h448q26 0 45 -19t19 -45v-448q0 -42 -39 -59q-13 -5 -25 -5q-26 0 -45 19z " />
-<glyph unicode="&#xf0c0;" horiz-adv-x="1920" d="M593 640q-162 -5 -265 -128h-134q-82 0 -138 40.5t-56 118.5q0 353 124 353q6 0 43.5 -21t97.5 -42.5t119 -21.5q67 0 133 23q-5 -37 -5 -66q0 -139 81 -256zM1664 3q0 -120 -73 -189.5t-194 -69.5h-874q-121 0 -194 69.5t-73 189.5q0 53 3.5 103.5t14 109t26.5 108.5 t43 97.5t62 81t85.5 53.5t111.5 20q10 0 43 -21.5t73 -48t107 -48t135 -21.5t135 21.5t107 48t73 48t43 21.5q61 0 111.5 -20t85.5 -53.5t62 -81t43 -97.5t26.5 -108.5t14 -109t3.5 -103.5zM640 1280q0 -106 -75 -181t-181 -75t-181 75t-75 181t75 181t181 75t181 -75 t75 -181zM1344 896q0 -159 -112.5 -271.5t-271.5 -112.5t-271.5 112.5t-112.5 271.5t112.5 271.5t271.5 112.5t271.5 -112.5t112.5 -271.5zM1920 671q0 -78 -56 -118.5t-138 -40.5h-134q-103 123 -265 128q81 117 81 256q0 29 -5 66q66 -23 133 -23q59 0 119 21.5t97.5 42.5 t43.5 21q124 0 124 -353zM1792 1280q0 -106 -75 -181t-181 -75t-181 75t-75 181t75 181t181 75t181 -75t75 -181z" />
-<glyph unicode="&#xf0c1;" horiz-adv-x="1664" d="M1456 320q0 40 -28 68l-208 208q-28 28 -68 28q-42 0 -72 -32q3 -3 19 -18.5t21.5 -21.5t15 -19t13 -25.5t3.5 -27.5q0 -40 -28 -68t-68 -28q-15 0 -27.5 3.5t-25.5 13t-19 15t-21.5 21.5t-18.5 19q-33 -31 -33 -73q0 -40 28 -68l206 -207q27 -27 68 -27q40 0 68 26 l147 146q28 28 28 67zM753 1025q0 40 -28 68l-206 207q-28 28 -68 28q-39 0 -68 -27l-147 -146q-28 -28 -28 -67q0 -40 28 -68l208 -208q27 -27 68 -27q42 0 72 31q-3 3 -19 18.5t-21.5 21.5t-15 19t-13 25.5t-3.5 27.5q0 40 28 68t68 28q15 0 27.5 -3.5t25.5 -13t19 -15 t21.5 -21.5t18.5 -19q33 31 33 73zM1648 320q0 -120 -85 -203l-147 -146q-83 -83 -203 -83q-121 0 -204 85l-206 207q-83 83 -83 203q0 123 88 209l-88 88q-86 -88 -208 -88q-120 0 -204 84l-208 208q-84 84 -84 204t85 203l147 146q83 83 203 83q121 0 204 -85l206 -207 q83 -83 83 -203q0 -123 -88 -209l88 -88q86 88 208 88q120 0 204 -84l208 -208q84 -84 84 -204z" />
-<glyph unicode="&#xf0c2;" horiz-adv-x="1920" d="M1920 384q0 -159 -112.5 -271.5t-271.5 -112.5h-1088q-185 0 -316.5 131.5t-131.5 316.5q0 132 71 241.5t187 163.5q-2 28 -2 43q0 212 150 362t362 150q158 0 286.5 -88t187.5 -230q70 62 166 62q106 0 181 -75t75 -181q0 -75 -41 -138q129 -30 213 -134.5t84 -239.5z " />
-<glyph unicode="&#xf0c3;" horiz-adv-x="1664" d="M1527 88q56 -89 21.5 -152.5t-140.5 -63.5h-1152q-106 0 -140.5 63.5t21.5 152.5l503 793v399h-64q-26 0 -45 19t-19 45t19 45t45 19h512q26 0 45 -19t19 -45t-19 -45t-45 -19h-64v-399zM748 813l-272 -429h712l-272 429l-20 31v37v399h-128v-399v-37z" />
-<glyph unicode="&#xf0c4;" horiz-adv-x="1792" d="M960 640q26 0 45 -19t19 -45t-19 -45t-45 -19t-45 19t-19 45t19 45t45 19zM1260 576l507 -398q28 -20 25 -56q-5 -35 -35 -51l-128 -64q-13 -7 -29 -7q-17 0 -31 8l-690 387l-110 -66q-8 -4 -12 -5q14 -49 10 -97q-7 -77 -56 -147.5t-132 -123.5q-132 -84 -277 -84 q-136 0 -222 78q-90 84 -79 207q7 76 56 147t131 124q132 84 278 84q83 0 151 -31q9 13 22 22l122 73l-122 73q-13 9 -22 22q-68 -31 -151 -31q-146 0 -278 84q-82 53 -131 124t-56 147q-5 59 15.5 113t63.5 93q85 79 222 79q145 0 277 -84q83 -52 132 -123t56 -148 q4 -48 -10 -97q4 -1 12 -5l110 -66l690 387q14 8 31 8q16 0 29 -7l128 -64q30 -16 35 -51q3 -36 -25 -56zM579 836q46 42 21 108t-106 117q-92 59 -192 59q-74 0 -113 -36q-46 -42 -21 -108t106 -117q92 -59 192 -59q74 0 113 36zM494 91q81 51 106 117t-21 108 q-39 36 -113 36q-100 0 -192 -59q-81 -51 -106 -117t21 -108q39 -36 113 -36q100 0 192 59zM672 704l96 -58v11q0 36 33 56l14 8l-79 47l-26 -26q-3 -3 -10 -11t-12 -12q-2 -2 -4 -3.5t-3 -2.5zM896 480l96 -32l736 576l-128 64l-768 -431v-113l-160 -96l9 -8q2 -2 7 -6 q4 -4 11 -12t11 -12l26 -26zM1600 64l128 64l-520 408l-177 -138q-2 -3 -13 -7z" />
-<glyph unicode="&#xf0c5;" horiz-adv-x="1792" d="M1696 1152q40 0 68 -28t28 -68v-1216q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68v288h-544q-40 0 -68 28t-28 68v672q0 40 20 88t48 76l408 408q28 28 76 48t88 20h416q40 0 68 -28t28 -68v-328q68 40 128 40h416zM1152 939l-299 -299h299v299zM512 1323l-299 -299 h299v299zM708 676l316 316v416h-384v-416q0 -40 -28 -68t-68 -28h-416v-640h512v256q0 40 20 88t48 76zM1664 -128v1152h-384v-416q0 -40 -28 -68t-68 -28h-416v-640h896z" />
-<glyph unicode="&#xf0c6;" horiz-adv-x="1408" d="M1404 151q0 -117 -79 -196t-196 -79q-135 0 -235 100l-777 776q-113 115 -113 271q0 159 110 270t269 111q158 0 273 -113l605 -606q10 -10 10 -22q0 -16 -30.5 -46.5t-46.5 -30.5q-13 0 -23 10l-606 607q-79 77 -181 77q-106 0 -179 -75t-73 -181q0 -105 76 -181 l776 -777q63 -63 145 -63q64 0 106 42t42 106q0 82 -63 145l-581 581q-26 24 -60 24q-29 0 -48 -19t-19 -48q0 -32 25 -59l410 -410q10 -10 10 -22q0 -16 -31 -47t-47 -31q-12 0 -22 10l-410 410q-63 61 -63 149q0 82 57 139t139 57q88 0 149 -63l581 -581q100 -98 100 -235 z" />
-<glyph unicode="&#xf0c7;" d="M384 0h768v384h-768v-384zM1280 0h128v896q0 14 -10 38.5t-20 34.5l-281 281q-10 10 -34 20t-39 10v-416q0 -40 -28 -68t-68 -28h-576q-40 0 -68 28t-28 68v416h-128v-1280h128v416q0 40 28 68t68 28h832q40 0 68 -28t28 -68v-416zM896 928v320q0 13 -9.5 22.5t-22.5 9.5 h-192q-13 0 -22.5 -9.5t-9.5 -22.5v-320q0 -13 9.5 -22.5t22.5 -9.5h192q13 0 22.5 9.5t9.5 22.5zM1536 896v-928q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1344q0 40 28 68t68 28h928q40 0 88 -20t76 -48l280 -280q28 -28 48 -76t20 -88z" />
-<glyph unicode="&#xf0c8;" d="M1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf0c9;" d="M1536 192v-128q0 -26 -19 -45t-45 -19h-1408q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1408q26 0 45 -19t19 -45zM1536 704v-128q0 -26 -19 -45t-45 -19h-1408q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1408q26 0 45 -19t19 -45zM1536 1216v-128q0 -26 -19 -45 t-45 -19h-1408q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h1408q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0ca;" horiz-adv-x="1792" d="M384 128q0 -80 -56 -136t-136 -56t-136 56t-56 136t56 136t136 56t136 -56t56 -136zM384 640q0 -80 -56 -136t-136 -56t-136 56t-56 136t56 136t136 56t136 -56t56 -136zM1792 224v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1216q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5 t22.5 9.5h1216q13 0 22.5 -9.5t9.5 -22.5zM384 1152q0 -80 -56 -136t-136 -56t-136 56t-56 136t56 136t136 56t136 -56t56 -136zM1792 736v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1216q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1216q13 0 22.5 -9.5t9.5 -22.5z M1792 1248v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1216q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1216q13 0 22.5 -9.5t9.5 -22.5z" />
-<glyph unicode="&#xf0cb;" horiz-adv-x="1792" d="M381 -84q0 -80 -54.5 -126t-135.5 -46q-106 0 -172 66l57 88q49 -45 106 -45q29 0 50.5 14.5t21.5 42.5q0 64 -105 56l-26 56q8 10 32.5 43.5t42.5 54t37 38.5v1q-16 0 -48.5 -1t-48.5 -1v-53h-106v152h333v-88l-95 -115q51 -12 81 -49t30 -88zM383 543v-159h-362 q-6 36 -6 54q0 51 23.5 93t56.5 68t66 47.5t56.5 43.5t23.5 45q0 25 -14.5 38.5t-39.5 13.5q-46 0 -81 -58l-85 59q24 51 71.5 79.5t105.5 28.5q73 0 123 -41.5t50 -112.5q0 -50 -34 -91.5t-75 -64.5t-75.5 -50.5t-35.5 -52.5h127v60h105zM1792 224v-192q0 -13 -9.5 -22.5 t-22.5 -9.5h-1216q-13 0 -22.5 9.5t-9.5 22.5v192q0 14 9 23t23 9h1216q13 0 22.5 -9.5t9.5 -22.5zM384 1123v-99h-335v99h107q0 41 0.5 122t0.5 121v12h-2q-8 -17 -50 -54l-71 76l136 127h106v-404h108zM1792 736v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1216q-13 0 -22.5 9.5 t-9.5 22.5v192q0 14 9 23t23 9h1216q13 0 22.5 -9.5t9.5 -22.5zM1792 1248v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1216q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1216q13 0 22.5 -9.5t9.5 -22.5z" />
-<glyph unicode="&#xf0cc;" horiz-adv-x="1792" d="M1760 640q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-1728q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h1728zM483 704q-28 35 -51 80q-48 97 -48 188q0 181 134 309q133 127 393 127q50 0 167 -19q66 -12 177 -48q10 -38 21 -118q14 -123 14 -183q0 -18 -5 -45l-12 -3l-84 6 l-14 2q-50 149 -103 205q-88 91 -210 91q-114 0 -182 -59q-67 -58 -67 -146q0 -73 66 -140t279 -129q69 -20 173 -66q58 -28 95 -52h-743zM990 448h411q7 -39 7 -92q0 -111 -41 -212q-23 -55 -71 -104q-37 -35 -109 -81q-80 -48 -153 -66q-80 -21 -203 -21q-114 0 -195 23 l-140 40q-57 16 -72 28q-8 8 -8 22v13q0 108 -2 156q-1 30 0 68l2 37v44l102 2q15 -34 30 -71t22.5 -56t12.5 -27q35 -57 80 -94q43 -36 105 -57q59 -22 132 -22q64 0 139 27q77 26 122 86q47 61 47 129q0 84 -81 157q-34 29 -137 71z" />
-<glyph unicode="&#xf0cd;" d="M48 1313q-37 2 -45 4l-3 88q13 1 40 1q60 0 112 -4q132 -7 166 -7q86 0 168 3q116 4 146 5q56 0 86 2l-1 -14l2 -64v-9q-60 -9 -124 -9q-60 0 -79 -25q-13 -14 -13 -132q0 -13 0.5 -32.5t0.5 -25.5l1 -229l14 -280q6 -124 51 -202q35 -59 96 -92q88 -47 177 -47 q104 0 191 28q56 18 99 51q48 36 65 64q36 56 53 114q21 73 21 229q0 79 -3.5 128t-11 122.5t-13.5 159.5l-4 59q-5 67 -24 88q-34 35 -77 34l-100 -2l-14 3l2 86h84l205 -10q76 -3 196 10l18 -2q6 -38 6 -51q0 -7 -4 -31q-45 -12 -84 -13q-73 -11 -79 -17q-15 -15 -15 -41 q0 -7 1.5 -27t1.5 -31q8 -19 22 -396q6 -195 -15 -304q-15 -76 -41 -122q-38 -65 -112 -123q-75 -57 -182 -89q-109 -33 -255 -33q-167 0 -284 46q-119 47 -179 122q-61 76 -83 195q-16 80 -16 237v333q0 188 -17 213q-25 36 -147 39zM1536 -96v64q0 14 -9 23t-23 9h-1472 q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h1472q14 0 23 9t9 23z" />
-<glyph unicode="&#xf0ce;" horiz-adv-x="1664" d="M512 160v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM512 544v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1024 160v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23 v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM512 928v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1024 544v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1536 160v192 q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1024 928v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1536 544v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192 q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1536 928v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM1664 1248v-1088q0 -66 -47 -113t-113 -47h-1344q-66 0 -113 47t-47 113v1088q0 66 47 113t113 47h1344q66 0 113 -47t47 -113 z" />
-<glyph unicode="&#xf0d0;" horiz-adv-x="1664" d="M1190 955l293 293l-107 107l-293 -293zM1637 1248q0 -27 -18 -45l-1286 -1286q-18 -18 -45 -18t-45 18l-198 198q-18 18 -18 45t18 45l1286 1286q18 18 45 18t45 -18l198 -198q18 -18 18 -45zM286 1438l98 -30l-98 -30l-30 -98l-30 98l-98 30l98 30l30 98zM636 1276 l196 -60l-196 -60l-60 -196l-60 196l-196 60l196 60l60 196zM1566 798l98 -30l-98 -30l-30 -98l-30 98l-98 30l98 30l30 98zM926 1438l98 -30l-98 -30l-30 -98l-30 98l-98 30l98 30l30 98z" />
-<glyph unicode="&#xf0d1;" horiz-adv-x="1792" d="M640 128q0 52 -38 90t-90 38t-90 -38t-38 -90t38 -90t90 -38t90 38t38 90zM256 640h384v256h-158q-13 0 -22 -9l-195 -195q-9 -9 -9 -22v-30zM1536 128q0 52 -38 90t-90 38t-90 -38t-38 -90t38 -90t90 -38t90 38t38 90zM1792 1216v-1024q0 -15 -4 -26.5t-13.5 -18.5 t-16.5 -11.5t-23.5 -6t-22.5 -2t-25.5 0t-22.5 0.5q0 -106 -75 -181t-181 -75t-181 75t-75 181h-384q0 -106 -75 -181t-181 -75t-181 75t-75 181h-64q-3 0 -22.5 -0.5t-25.5 0t-22.5 2t-23.5 6t-16.5 11.5t-13.5 18.5t-4 26.5q0 26 19 45t45 19v320q0 8 -0.5 35t0 38 t2.5 34.5t6.5 37t14 30.5t22.5 30l198 198q19 19 50.5 32t58.5 13h160v192q0 26 19 45t45 19h1024q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0d2;" d="M1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103q-111 0 -218 32q59 93 78 164q9 34 54 211q20 -39 73 -67.5t114 -28.5q121 0 216 68.5t147 188.5t52 270q0 114 -59.5 214t-172.5 163t-255 63q-105 0 -196 -29t-154.5 -77t-109 -110.5t-67 -129.5t-21.5 -134 q0 -104 40 -183t117 -111q30 -12 38 20q2 7 8 31t8 30q6 23 -11 43q-51 61 -51 151q0 151 104.5 259.5t273.5 108.5q151 0 235.5 -82t84.5 -213q0 -170 -68.5 -289t-175.5 -119q-61 0 -98 43.5t-23 104.5q8 35 26.5 93.5t30 103t11.5 75.5q0 50 -27 83t-77 33 q-62 0 -105 -57t-43 -142q0 -73 25 -122l-99 -418q-17 -70 -13 -177q-206 91 -333 281t-127 423q0 209 103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf0d3;" d="M1248 1408q119 0 203.5 -84.5t84.5 -203.5v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-725q85 122 108 210q9 34 53 209q21 -39 73.5 -67t112.5 -28q181 0 295.5 147.5t114.5 373.5q0 84 -35 162.5t-96.5 139t-152.5 97t-197 36.5q-104 0 -194.5 -28.5t-153 -76.5 t-107.5 -109.5t-66.5 -128t-21.5 -132.5q0 -102 39.5 -180t116.5 -110q13 -5 23.5 0t14.5 19q10 44 15 61q6 23 -11 42q-50 62 -50 150q0 150 103.5 256.5t270.5 106.5q149 0 232.5 -81t83.5 -210q0 -168 -67.5 -286t-173.5 -118q-60 0 -97 43.5t-23 103.5q8 34 26.5 92.5 t29.5 102t11 74.5q0 49 -26.5 81.5t-75.5 32.5q-61 0 -103.5 -56.5t-42.5 -139.5q0 -72 24 -121l-98 -414q-24 -100 -7 -254h-183q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960z" />
-<glyph unicode="&#xf0d4;" d="M829 318q0 -76 -58.5 -112.5t-139.5 -36.5q-41 0 -80.5 9.5t-75.5 28.5t-58 53t-22 78q0 46 25 80t65.5 51.5t82 25t84.5 7.5q20 0 31 -2q2 -1 23 -16.5t26 -19t23 -18t24.5 -22t19 -22.5t17 -26t9 -26.5t4.5 -31.5zM755 863q0 -60 -33 -99.5t-92 -39.5q-53 0 -93 42.5 t-57.5 96.5t-17.5 106q0 61 32 104t92 43q53 0 93.5 -45t58 -101t17.5 -107zM861 1120l88 64h-265q-85 0 -161 -32t-127.5 -98t-51.5 -153q0 -93 64.5 -154.5t158.5 -61.5q22 0 43 3q-13 -29 -13 -54q0 -44 40 -94q-175 -12 -257 -63q-47 -29 -75.5 -73t-28.5 -95 q0 -43 18.5 -77.5t48.5 -56.5t69 -37t77.5 -21t76.5 -6q60 0 120.5 15.5t113.5 46t86 82.5t33 117q0 49 -20 89.5t-49 66.5t-58 47.5t-49 44t-20 44.5t15.5 42.5t37.5 39.5t44 42t37.5 59.5t15.5 82.5q0 60 -22.5 99.5t-72.5 90.5h83zM1152 672h128v64h-128v128h-64v-128 h-128v-64h128v-160h64v160zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf0d5;" horiz-adv-x="1664" d="M735 740q0 -36 32 -70.5t77.5 -68t90.5 -73.5t77 -104t32 -142q0 -90 -48 -173q-72 -122 -211 -179.5t-298 -57.5q-132 0 -246.5 41.5t-171.5 137.5q-37 60 -37 131q0 81 44.5 150t118.5 115q131 82 404 100q-32 42 -47.5 74t-15.5 73q0 36 21 85q-46 -4 -68 -4 q-148 0 -249.5 96.5t-101.5 244.5q0 82 36 159t99 131q77 66 182.5 98t217.5 32h418l-138 -88h-131q74 -63 112 -133t38 -160q0 -72 -24.5 -129.5t-59 -93t-69.5 -65t-59.5 -61.5t-24.5 -66zM589 836q38 0 78 16.5t66 43.5q53 57 53 159q0 58 -17 125t-48.5 129.5 t-84.5 103.5t-117 41q-42 0 -82.5 -19.5t-65.5 -52.5q-47 -59 -47 -160q0 -46 10 -97.5t31.5 -103t52 -92.5t75 -67t96.5 -26zM591 -37q58 0 111.5 13t99 39t73 73t27.5 109q0 25 -7 49t-14.5 42t-27 41.5t-29.5 35t-38.5 34.5t-36.5 29t-41.5 30t-36.5 26q-16 2 -48 2 q-53 0 -105 -7t-107.5 -25t-97 -46t-68.5 -74.5t-27 -105.5q0 -70 35 -123.5t91.5 -83t119 -44t127.5 -14.5zM1401 839h213v-108h-213v-219h-105v219h-212v108h212v217h105v-217z" />
-<glyph unicode="&#xf0d6;" horiz-adv-x="1920" d="M768 384h384v96h-128v448h-114l-148 -137l77 -80q42 37 55 57h2v-288h-128v-96zM1280 640q0 -70 -21 -142t-59.5 -134t-101.5 -101t-138 -39t-138 39t-101.5 101t-59.5 134t-21 142t21 142t59.5 134t101.5 101t138 39t138 -39t101.5 -101t59.5 -134t21 -142zM1792 384 v512q-106 0 -181 75t-75 181h-1152q0 -106 -75 -181t-181 -75v-512q106 0 181 -75t75 -181h1152q0 106 75 181t181 75zM1920 1216v-1152q0 -26 -19 -45t-45 -19h-1792q-26 0 -45 19t-19 45v1152q0 26 19 45t45 19h1792q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0d7;" horiz-adv-x="1024" d="M1024 832q0 -26 -19 -45l-448 -448q-19 -19 -45 -19t-45 19l-448 448q-19 19 -19 45t19 45t45 19h896q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0d8;" horiz-adv-x="1024" d="M1024 320q0 -26 -19 -45t-45 -19h-896q-26 0 -45 19t-19 45t19 45l448 448q19 19 45 19t45 -19l448 -448q19 -19 19 -45z" />
-<glyph unicode="&#xf0d9;" horiz-adv-x="640" d="M640 1088v-896q0 -26 -19 -45t-45 -19t-45 19l-448 448q-19 19 -19 45t19 45l448 448q19 19 45 19t45 -19t19 -45z" />
-<glyph unicode="&#xf0da;" horiz-adv-x="640" d="M576 640q0 -26 -19 -45l-448 -448q-19 -19 -45 -19t-45 19t-19 45v896q0 26 19 45t45 19t45 -19l448 -448q19 -19 19 -45z" />
-<glyph unicode="&#xf0db;" horiz-adv-x="1664" d="M160 0h608v1152h-640v-1120q0 -13 9.5 -22.5t22.5 -9.5zM1536 32v1120h-640v-1152h608q13 0 22.5 9.5t9.5 22.5zM1664 1248v-1216q0 -66 -47 -113t-113 -47h-1344q-66 0 -113 47t-47 113v1216q0 66 47 113t113 47h1344q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf0dc;" horiz-adv-x="1024" d="M1024 448q0 -26 -19 -45l-448 -448q-19 -19 -45 -19t-45 19l-448 448q-19 19 -19 45t19 45t45 19h896q26 0 45 -19t19 -45zM1024 832q0 -26 -19 -45t-45 -19h-896q-26 0 -45 19t-19 45t19 45l448 448q19 19 45 19t45 -19l448 -448q19 -19 19 -45z" />
-<glyph unicode="&#xf0dd;" horiz-adv-x="1024" d="M1024 448q0 -26 -19 -45l-448 -448q-19 -19 -45 -19t-45 19l-448 448q-19 19 -19 45t19 45t45 19h896q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0de;" horiz-adv-x="1024" d="M1024 832q0 -26 -19 -45t-45 -19h-896q-26 0 -45 19t-19 45t19 45l448 448q19 19 45 19t45 -19l448 -448q19 -19 19 -45z" />
-<glyph unicode="&#xf0e0;" horiz-adv-x="1792" d="M1792 826v-794q0 -66 -47 -113t-113 -47h-1472q-66 0 -113 47t-47 113v794q44 -49 101 -87q362 -246 497 -345q57 -42 92.5 -65.5t94.5 -48t110 -24.5h1h1q51 0 110 24.5t94.5 48t92.5 65.5q170 123 498 345q57 39 100 87zM1792 1120q0 -79 -49 -151t-122 -123 q-376 -261 -468 -325q-10 -7 -42.5 -30.5t-54 -38t-52 -32.5t-57.5 -27t-50 -9h-1h-1q-23 0 -50 9t-57.5 27t-52 32.5t-54 38t-42.5 30.5q-91 64 -262 182.5t-205 142.5q-62 42 -117 115.5t-55 136.5q0 78 41.5 130t118.5 52h1472q65 0 112.5 -47t47.5 -113z" />
-<glyph unicode="&#xf0e1;" d="M349 911v-991h-330v991h330zM370 1217q1 -73 -50.5 -122t-135.5 -49h-2q-82 0 -132 49t-50 122q0 74 51.5 122.5t134.5 48.5t133 -48.5t51 -122.5zM1536 488v-568h-329v530q0 105 -40.5 164.5t-126.5 59.5q-63 0 -105.5 -34.5t-63.5 -85.5q-11 -30 -11 -81v-553h-329 q2 399 2 647t-1 296l-1 48h329v-144h-2q20 32 41 56t56.5 52t87 43.5t114.5 15.5q171 0 275 -113.5t104 -332.5z" />
-<glyph unicode="&#xf0e2;" d="M1536 640q0 -156 -61 -298t-164 -245t-245 -164t-298 -61q-172 0 -327 72.5t-264 204.5q-7 10 -6.5 22.5t8.5 20.5l137 138q10 9 25 9q16 -2 23 -12q73 -95 179 -147t225 -52q104 0 198.5 40.5t163.5 109.5t109.5 163.5t40.5 198.5t-40.5 198.5t-109.5 163.5 t-163.5 109.5t-198.5 40.5q-98 0 -188 -35.5t-160 -101.5l137 -138q31 -30 14 -69q-17 -40 -59 -40h-448q-26 0 -45 19t-19 45v448q0 42 40 59q39 17 69 -14l130 -129q107 101 244.5 156.5t284.5 55.5q156 0 298 -61t245 -164t164 -245t61 -298z" />
-<glyph unicode="&#xf0e3;" horiz-adv-x="1792" d="M1771 0q0 -53 -37 -90l-107 -108q-39 -37 -91 -37q-53 0 -90 37l-363 364q-38 36 -38 90q0 53 43 96l-256 256l-126 -126q-14 -14 -34 -14t-34 14q2 -2 12.5 -12t12.5 -13t10 -11.5t10 -13.5t6 -13.5t5.5 -16.5t1.5 -18q0 -38 -28 -68q-3 -3 -16.5 -18t-19 -20.5 t-18.5 -16.5t-22 -15.5t-22 -9t-26 -4.5q-40 0 -68 28l-408 408q-28 28 -28 68q0 13 4.5 26t9 22t15.5 22t16.5 18.5t20.5 19t18 16.5q30 28 68 28q10 0 18 -1.5t16.5 -5.5t13.5 -6t13.5 -10t11.5 -10t13 -12.5t12 -12.5q-14 14 -14 34t14 34l348 348q14 14 34 14t34 -14 q-2 2 -12.5 12t-12.5 13t-10 11.5t-10 13.5t-6 13.5t-5.5 16.5t-1.5 18q0 38 28 68q3 3 16.5 18t19 20.5t18.5 16.5t22 15.5t22 9t26 4.5q40 0 68 -28l408 -408q28 -28 28 -68q0 -13 -4.5 -26t-9 -22t-15.5 -22t-16.5 -18.5t-20.5 -19t-18 -16.5q-30 -28 -68 -28 q-10 0 -18 1.5t-16.5 5.5t-13.5 6t-13.5 10t-11.5 10t-13 12.5t-12 12.5q14 -14 14 -34t-14 -34l-126 -126l256 -256q43 43 96 43q52 0 91 -37l363 -363q37 -39 37 -91z" />
-<glyph unicode="&#xf0e4;" horiz-adv-x="1792" d="M384 384q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM576 832q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1004 351l101 382q6 26 -7.5 48.5t-38.5 29.5 t-48 -6.5t-30 -39.5l-101 -382q-60 -5 -107 -43.5t-63 -98.5q-20 -77 20 -146t117 -89t146 20t89 117q16 60 -6 117t-72 91zM1664 384q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1024 1024q0 53 -37.5 90.5 t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1472 832q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1792 384q0 -261 -141 -483q-19 -29 -54 -29h-1402q-35 0 -54 29 q-141 221 -141 483q0 182 71 348t191 286t286 191t348 71t348 -71t286 -191t191 -286t71 -348z" />
-<glyph unicode="&#xf0e5;" horiz-adv-x="1792" d="M896 1152q-204 0 -381.5 -69.5t-282 -187.5t-104.5 -255q0 -112 71.5 -213.5t201.5 -175.5l87 -50l-27 -96q-24 -91 -70 -172q152 63 275 171l43 38l57 -6q69 -8 130 -8q204 0 381.5 69.5t282 187.5t104.5 255t-104.5 255t-282 187.5t-381.5 69.5zM1792 640 q0 -174 -120 -321.5t-326 -233t-450 -85.5q-70 0 -145 8q-198 -175 -460 -242q-49 -14 -114 -22h-5q-15 0 -27 10.5t-16 27.5v1q-3 4 -0.5 12t2 10t4.5 9.5l6 9t7 8.5t8 9q7 8 31 34.5t34.5 38t31 39.5t32.5 51t27 59t26 76q-157 89 -247.5 220t-90.5 281q0 174 120 321.5 t326 233t450 85.5t450 -85.5t326 -233t120 -321.5z" />
-<glyph unicode="&#xf0e6;" horiz-adv-x="1792" d="M704 1152q-153 0 -286 -52t-211.5 -141t-78.5 -191q0 -82 53 -158t149 -132l97 -56l-35 -84q34 20 62 39l44 31l53 -10q78 -14 153 -14q153 0 286 52t211.5 141t78.5 191t-78.5 191t-211.5 141t-286 52zM704 1280q191 0 353.5 -68.5t256.5 -186.5t94 -257t-94 -257 t-256.5 -186.5t-353.5 -68.5q-86 0 -176 16q-124 -88 -278 -128q-36 -9 -86 -16h-3q-11 0 -20.5 8t-11.5 21q-1 3 -1 6.5t0.5 6.5t2 6l2.5 5t3.5 5.5t4 5t4.5 5t4 4.5q5 6 23 25t26 29.5t22.5 29t25 38.5t20.5 44q-124 72 -195 177t-71 224q0 139 94 257t256.5 186.5 t353.5 68.5zM1526 111q10 -24 20.5 -44t25 -38.5t22.5 -29t26 -29.5t23 -25q1 -1 4 -4.5t4.5 -5t4 -5t3.5 -5.5l2.5 -5t2 -6t0.5 -6.5t-1 -6.5q-3 -14 -13 -22t-22 -7q-50 7 -86 16q-154 40 -278 128q-90 -16 -176 -16q-271 0 -472 132q58 -4 88 -4q161 0 309 45t264 129 q125 92 192 212t67 254q0 77 -23 152q129 -71 204 -178t75 -230q0 -120 -71 -224.5t-195 -176.5z" />
-<glyph unicode="&#xf0e7;" horiz-adv-x="896" d="M885 970q18 -20 7 -44l-540 -1157q-13 -25 -42 -25q-4 0 -14 2q-17 5 -25.5 19t-4.5 30l197 808l-406 -101q-4 -1 -12 -1q-18 0 -31 11q-18 15 -13 39l201 825q4 14 16 23t28 9h328q19 0 32 -12.5t13 -29.5q0 -8 -5 -18l-171 -463l396 98q8 2 12 2q19 0 34 -15z" />
-<glyph unicode="&#xf0e8;" horiz-adv-x="1792" d="M1792 288v-320q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v320q0 40 28 68t68 28h96v192h-512v-192h96q40 0 68 -28t28 -68v-320q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v320q0 40 28 68t68 28h96v192h-512v-192h96q40 0 68 -28t28 -68v-320 q0 -40 -28 -68t-68 -28h-320q-40 0 -68 28t-28 68v320q0 40 28 68t68 28h96v192q0 52 38 90t90 38h512v192h-96q-40 0 -68 28t-28 68v320q0 40 28 68t68 28h320q40 0 68 -28t28 -68v-320q0 -40 -28 -68t-68 -28h-96v-192h512q52 0 90 -38t38 -90v-192h96q40 0 68 -28t28 -68 z" />
-<glyph unicode="&#xf0e9;" horiz-adv-x="1664" d="M896 708v-580q0 -104 -76 -180t-180 -76t-180 76t-76 180q0 26 19 45t45 19t45 -19t19 -45q0 -50 39 -89t89 -39t89 39t39 89v580q33 11 64 11t64 -11zM1664 681q0 -13 -9.5 -22.5t-22.5 -9.5q-11 0 -23 10q-49 46 -93 69t-102 23q-68 0 -128 -37t-103 -97 q-7 -10 -17.5 -28t-14.5 -24q-11 -17 -28 -17q-18 0 -29 17q-4 6 -14.5 24t-17.5 28q-43 60 -102.5 97t-127.5 37t-127.5 -37t-102.5 -97q-7 -10 -17.5 -28t-14.5 -24q-11 -17 -29 -17q-17 0 -28 17q-4 6 -14.5 24t-17.5 28q-43 60 -103 97t-128 37q-58 0 -102 -23t-93 -69 q-12 -10 -23 -10q-13 0 -22.5 9.5t-9.5 22.5q0 5 1 7q45 183 172.5 319.5t298 204.5t360.5 68q140 0 274.5 -40t246.5 -113.5t194.5 -187t115.5 -251.5q1 -2 1 -7zM896 1408v-98q-42 2 -64 2t-64 -2v98q0 26 19 45t45 19t45 -19t19 -45z" />
-<glyph unicode="&#xf0ea;" horiz-adv-x="1792" d="M768 -128h896v640h-416q-40 0 -68 28t-28 68v416h-384v-1152zM1024 1312v64q0 13 -9.5 22.5t-22.5 9.5h-704q-13 0 -22.5 -9.5t-9.5 -22.5v-64q0 -13 9.5 -22.5t22.5 -9.5h704q13 0 22.5 9.5t9.5 22.5zM1280 640h299l-299 299v-299zM1792 512v-672q0 -40 -28 -68t-68 -28 h-960q-40 0 -68 28t-28 68v160h-544q-40 0 -68 28t-28 68v1344q0 40 28 68t68 28h1088q40 0 68 -28t28 -68v-328q21 -13 36 -28l408 -408q28 -28 48 -76t20 -88z" />
-<glyph unicode="&#xf0eb;" horiz-adv-x="1024" d="M736 960q0 -13 -9.5 -22.5t-22.5 -9.5t-22.5 9.5t-9.5 22.5q0 46 -54 71t-106 25q-13 0 -22.5 9.5t-9.5 22.5t9.5 22.5t22.5 9.5q50 0 99.5 -16t87 -54t37.5 -90zM896 960q0 72 -34.5 134t-90 101.5t-123 62t-136.5 22.5t-136.5 -22.5t-123 -62t-90 -101.5t-34.5 -134 q0 -101 68 -180q10 -11 30.5 -33t30.5 -33q128 -153 141 -298h228q13 145 141 298q10 11 30.5 33t30.5 33q68 79 68 180zM1024 960q0 -155 -103 -268q-45 -49 -74.5 -87t-59.5 -95.5t-34 -107.5q47 -28 47 -82q0 -37 -25 -64q25 -27 25 -64q0 -52 -45 -81q13 -23 13 -47 q0 -46 -31.5 -71t-77.5 -25q-20 -44 -60 -70t-87 -26t-87 26t-60 70q-46 0 -77.5 25t-31.5 71q0 24 13 47q-45 29 -45 81q0 37 25 64q-25 27 -25 64q0 54 47 82q-4 50 -34 107.5t-59.5 95.5t-74.5 87q-103 113 -103 268q0 99 44.5 184.5t117 142t164 89t186.5 32.5 t186.5 -32.5t164 -89t117 -142t44.5 -184.5z" />
-<glyph unicode="&#xf0ec;" horiz-adv-x="1792" d="M1792 352v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-1376v-192q0 -13 -9.5 -22.5t-22.5 -9.5q-12 0 -24 10l-319 320q-9 9 -9 22q0 14 9 23l320 320q9 9 23 9q13 0 22.5 -9.5t9.5 -22.5v-192h1376q13 0 22.5 -9.5t9.5 -22.5zM1792 896q0 -14 -9 -23l-320 -320q-9 -9 -23 -9 q-13 0 -22.5 9.5t-9.5 22.5v192h-1376q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h1376v192q0 14 9 23t23 9q12 0 24 -10l319 -319q9 -9 9 -23z" />
-<glyph unicode="&#xf0ed;" horiz-adv-x="1920" d="M1280 608q0 14 -9 23t-23 9h-224v352q0 13 -9.5 22.5t-22.5 9.5h-192q-13 0 -22.5 -9.5t-9.5 -22.5v-352h-224q-13 0 -22.5 -9.5t-9.5 -22.5q0 -14 9 -23l352 -352q9 -9 23 -9t23 9l351 351q10 12 10 24zM1920 384q0 -159 -112.5 -271.5t-271.5 -112.5h-1088 q-185 0 -316.5 131.5t-131.5 316.5q0 130 70 240t188 165q-2 30 -2 43q0 212 150 362t362 150q156 0 285.5 -87t188.5 -231q71 62 166 62q106 0 181 -75t75 -181q0 -76 -41 -138q130 -31 213.5 -135.5t83.5 -238.5z" />
-<glyph unicode="&#xf0ee;" horiz-adv-x="1920" d="M1280 672q0 14 -9 23l-352 352q-9 9 -23 9t-23 -9l-351 -351q-10 -12 -10 -24q0 -14 9 -23t23 -9h224v-352q0 -13 9.5 -22.5t22.5 -9.5h192q13 0 22.5 9.5t9.5 22.5v352h224q13 0 22.5 9.5t9.5 22.5zM1920 384q0 -159 -112.5 -271.5t-271.5 -112.5h-1088 q-185 0 -316.5 131.5t-131.5 316.5q0 130 70 240t188 165q-2 30 -2 43q0 212 150 362t362 150q156 0 285.5 -87t188.5 -231q71 62 166 62q106 0 181 -75t75 -181q0 -76 -41 -138q130 -31 213.5 -135.5t83.5 -238.5z" />
-<glyph unicode="&#xf0f0;" horiz-adv-x="1408" d="M384 192q0 -26 -19 -45t-45 -19t-45 19t-19 45t19 45t45 19t45 -19t19 -45zM1408 131q0 -121 -73 -190t-194 -69h-874q-121 0 -194 69t-73 190q0 68 5.5 131t24 138t47.5 132.5t81 103t120 60.5q-22 -52 -22 -120v-203q-58 -20 -93 -70t-35 -111q0 -80 56 -136t136 -56 t136 56t56 136q0 61 -35.5 111t-92.5 70v203q0 62 25 93q132 -104 295 -104t295 104q25 -31 25 -93v-64q-106 0 -181 -75t-75 -181v-89q-32 -29 -32 -71q0 -40 28 -68t68 -28t68 28t28 68q0 42 -32 71v89q0 52 38 90t90 38t90 -38t38 -90v-89q-32 -29 -32 -71q0 -40 28 -68 t68 -28t68 28t28 68q0 42 -32 71v89q0 68 -34.5 127.5t-93.5 93.5q0 10 0.5 42.5t0 48t-2.5 41.5t-7 47t-13 40q68 -15 120 -60.5t81 -103t47.5 -132.5t24 -138t5.5 -131zM1088 1024q0 -159 -112.5 -271.5t-271.5 -112.5t-271.5 112.5t-112.5 271.5t112.5 271.5t271.5 112.5 t271.5 -112.5t112.5 -271.5z" />
-<glyph unicode="&#xf0f1;" horiz-adv-x="1408" d="M1280 832q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1408 832q0 -62 -35.5 -111t-92.5 -70v-395q0 -159 -131.5 -271.5t-316.5 -112.5t-316.5 112.5t-131.5 271.5v132q-164 20 -274 128t-110 252v512q0 26 19 45t45 19q6 0 16 -2q17 30 47 48 t65 18q53 0 90.5 -37.5t37.5 -90.5t-37.5 -90.5t-90.5 -37.5q-33 0 -64 18v-402q0 -106 94 -181t226 -75t226 75t94 181v402q-31 -18 -64 -18q-53 0 -90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5q35 0 65 -18t47 -48q10 2 16 2q26 0 45 -19t19 -45v-512q0 -144 -110 -252 t-274 -128v-132q0 -106 94 -181t226 -75t226 75t94 181v395q-57 21 -92.5 70t-35.5 111q0 80 56 136t136 56t136 -56t56 -136z" />
-<glyph unicode="&#xf0f2;" horiz-adv-x="1792" d="M640 1152h512v128h-512v-128zM288 1152v-1280h-64q-92 0 -158 66t-66 158v832q0 92 66 158t158 66h64zM1408 1152v-1280h-1024v1280h128v160q0 40 28 68t68 28h576q40 0 68 -28t28 -68v-160h128zM1792 928v-832q0 -92 -66 -158t-158 -66h-64v1280h64q92 0 158 -66 t66 -158z" />
-<glyph unicode="&#xf0f3;" horiz-adv-x="1792" d="M912 -160q0 16 -16 16q-59 0 -101.5 42.5t-42.5 101.5q0 16 -16 16t-16 -16q0 -73 51.5 -124.5t124.5 -51.5q16 0 16 16zM1728 128q0 -52 -38 -90t-90 -38h-448q0 -106 -75 -181t-181 -75t-181 75t-75 181h-448q-52 0 -90 38t-38 90q50 42 91 88t85 119.5t74.5 158.5 t50 206t19.5 260q0 152 117 282.5t307 158.5q-8 19 -8 39q0 40 28 68t68 28t68 -28t28 -68q0 -20 -8 -39q190 -28 307 -158.5t117 -282.5q0 -139 19.5 -260t50 -206t74.5 -158.5t85 -119.5t91 -88z" />
-<glyph unicode="&#xf0f4;" horiz-adv-x="1920" d="M1664 896q0 80 -56 136t-136 56h-64v-384h64q80 0 136 56t56 136zM0 128h1792q0 -106 -75 -181t-181 -75h-1280q-106 0 -181 75t-75 181zM1856 896q0 -159 -112.5 -271.5t-271.5 -112.5h-64v-32q0 -92 -66 -158t-158 -66h-704q-92 0 -158 66t-66 158v736q0 26 19 45 t45 19h1152q159 0 271.5 -112.5t112.5 -271.5z" />
-<glyph unicode="&#xf0f5;" horiz-adv-x="1408" d="M640 1472v-640q0 -61 -35.5 -111t-92.5 -70v-779q0 -52 -38 -90t-90 -38h-128q-52 0 -90 38t-38 90v779q-57 20 -92.5 70t-35.5 111v640q0 26 19 45t45 19t45 -19t19 -45v-416q0 -26 19 -45t45 -19t45 19t19 45v416q0 26 19 45t45 19t45 -19t19 -45v-416q0 -26 19 -45 t45 -19t45 19t19 45v416q0 26 19 45t45 19t45 -19t19 -45zM1408 1472v-1600q0 -52 -38 -90t-90 -38h-128q-52 0 -90 38t-38 90v512h-224q-13 0 -22.5 9.5t-9.5 22.5v800q0 132 94 226t226 94h256q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0f6;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M384 736q0 14 9 23t23 9h704q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-704q-14 0 -23 9t-9 23v64zM1120 512q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-704q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h704zM1120 256q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-704 q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h704z" />
-<glyph unicode="&#xf0f7;" horiz-adv-x="1408" d="M384 224v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M640 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M1152 224v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM896 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M640 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 992v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M1152 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM896 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M640 992v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 1248v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M1152 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM896 992v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M640 1248v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM1152 992v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M896 1248v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM1152 1248v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M896 -128h384v1536h-1152v-1536h384v224q0 13 9.5 22.5t22.5 9.5h320q13 0 22.5 -9.5t9.5 -22.5v-224zM1408 1472v-1664q0 -26 -19 -45t-45 -19h-1280q-26 0 -45 19t-19 45v1664q0 26 19 45t45 19h1280q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0f8;" horiz-adv-x="1408" d="M384 224v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M640 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM384 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M1152 224v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM896 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M640 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM1152 480v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M896 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5zM1152 736v-64q0 -13 -9.5 -22.5t-22.5 -9.5h-64q-13 0 -22.5 9.5t-9.5 22.5v64q0 13 9.5 22.5t22.5 9.5h64q13 0 22.5 -9.5t9.5 -22.5z M896 -128h384v1152h-256v-32q0 -40 -28 -68t-68 -28h-448q-40 0 -68 28t-28 68v32h-256v-1152h384v224q0 13 9.5 22.5t22.5 9.5h320q13 0 22.5 -9.5t9.5 -22.5v-224zM896 1056v320q0 13 -9.5 22.5t-22.5 9.5h-64q-13 0 -22.5 -9.5t-9.5 -22.5v-96h-128v96q0 13 -9.5 22.5 t-22.5 9.5h-64q-13 0 -22.5 -9.5t-9.5 -22.5v-320q0 -13 9.5 -22.5t22.5 -9.5h64q13 0 22.5 9.5t9.5 22.5v96h128v-96q0 -13 9.5 -22.5t22.5 -9.5h64q13 0 22.5 9.5t9.5 22.5zM1408 1088v-1280q0 -26 -19 -45t-45 -19h-1280q-26 0 -45 19t-19 45v1280q0 26 19 45t45 19h320 v288q0 40 28 68t68 28h448q40 0 68 -28t28 -68v-288h320q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0f9;" horiz-adv-x="1920" d="M640 128q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM256 640h384v256h-158q-14 -2 -22 -9l-195 -195q-7 -12 -9 -22v-30zM1536 128q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5 t90.5 37.5t37.5 90.5zM1664 800v192q0 14 -9 23t-23 9h-224v224q0 14 -9 23t-23 9h-192q-14 0 -23 -9t-9 -23v-224h-224q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h224v-224q0 -14 9 -23t23 -9h192q14 0 23 9t9 23v224h224q14 0 23 9t9 23zM1920 1344v-1152 q0 -26 -19 -45t-45 -19h-192q0 -106 -75 -181t-181 -75t-181 75t-75 181h-384q0 -106 -75 -181t-181 -75t-181 75t-75 181h-128q-26 0 -45 19t-19 45t19 45t45 19v416q0 26 13 58t32 51l198 198q19 19 51 32t58 13h160v320q0 26 19 45t45 19h1152q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf0fa;" horiz-adv-x="1792" d="M1280 416v192q0 14 -9 23t-23 9h-224v224q0 14 -9 23t-23 9h-192q-14 0 -23 -9t-9 -23v-224h-224q-14 0 -23 -9t-9 -23v-192q0 -14 9 -23t23 -9h224v-224q0 -14 9 -23t23 -9h192q14 0 23 9t9 23v224h224q14 0 23 9t9 23zM640 1152h512v128h-512v-128zM256 1152v-1280h-32 q-92 0 -158 66t-66 158v832q0 92 66 158t158 66h32zM1440 1152v-1280h-1088v1280h160v160q0 40 28 68t68 28h576q40 0 68 -28t28 -68v-160h160zM1792 928v-832q0 -92 -66 -158t-158 -66h-32v1280h32q92 0 158 -66t66 -158z" />
-<glyph unicode="&#xf0fb;" horiz-adv-x="1920" d="M1920 576q-1 -32 -288 -96l-352 -32l-224 -64h-64l-293 -352h69q26 0 45 -4.5t19 -11.5t-19 -11.5t-45 -4.5h-96h-160h-64v32h64v416h-160l-192 -224h-96l-32 32v192h32v32h128v8l-192 24v128l192 24v8h-128v32h-32v192l32 32h96l192 -224h160v416h-64v32h64h160h96 q26 0 45 -4.5t19 -11.5t-19 -11.5t-45 -4.5h-69l293 -352h64l224 -64l352 -32q261 -58 287 -93z" />
-<glyph unicode="&#xf0fc;" horiz-adv-x="1664" d="M640 640v384h-256v-256q0 -53 37.5 -90.5t90.5 -37.5h128zM1664 192v-192h-1152v192l128 192h-128q-159 0 -271.5 112.5t-112.5 271.5v320l-64 64l32 128h480l32 128h960l32 -192l-64 -32v-800z" />
-<glyph unicode="&#xf0fd;" d="M1280 192v896q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-320h-512v320q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-896q0 -26 19 -45t45 -19h128q26 0 45 19t19 45v320h512v-320q0 -26 19 -45t45 -19h128q26 0 45 19t19 45zM1536 1120v-960 q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf0fe;" d="M1280 576v128q0 26 -19 45t-45 19h-320v320q0 26 -19 45t-45 19h-128q-26 0 -45 -19t-19 -45v-320h-320q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h320v-320q0 -26 19 -45t45 -19h128q26 0 45 19t19 45v320h320q26 0 45 19t19 45zM1536 1120v-960 q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf100;" horiz-adv-x="1024" d="M627 160q0 -13 -10 -23l-50 -50q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23t10 23l466 466q10 10 23 10t23 -10l50 -50q10 -10 10 -23t-10 -23l-393 -393l393 -393q10 -10 10 -23zM1011 160q0 -13 -10 -23l-50 -50q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23 t10 23l466 466q10 10 23 10t23 -10l50 -50q10 -10 10 -23t-10 -23l-393 -393l393 -393q10 -10 10 -23z" />
-<glyph unicode="&#xf101;" horiz-adv-x="1024" d="M595 576q0 -13 -10 -23l-466 -466q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l393 393l-393 393q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l466 -466q10 -10 10 -23zM979 576q0 -13 -10 -23l-466 -466q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23 l393 393l-393 393q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l466 -466q10 -10 10 -23z" />
-<glyph unicode="&#xf102;" horiz-adv-x="1152" d="M1075 224q0 -13 -10 -23l-50 -50q-10 -10 -23 -10t-23 10l-393 393l-393 -393q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l466 466q10 10 23 10t23 -10l466 -466q10 -10 10 -23zM1075 608q0 -13 -10 -23l-50 -50q-10 -10 -23 -10t-23 10l-393 393l-393 -393 q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l466 466q10 10 23 10t23 -10l466 -466q10 -10 10 -23z" />
-<glyph unicode="&#xf103;" horiz-adv-x="1152" d="M1075 672q0 -13 -10 -23l-466 -466q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l393 -393l393 393q10 10 23 10t23 -10l50 -50q10 -10 10 -23zM1075 1056q0 -13 -10 -23l-466 -466q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23 t10 23l50 50q10 10 23 10t23 -10l393 -393l393 393q10 10 23 10t23 -10l50 -50q10 -10 10 -23z" />
-<glyph unicode="&#xf104;" horiz-adv-x="640" d="M627 992q0 -13 -10 -23l-393 -393l393 -393q10 -10 10 -23t-10 -23l-50 -50q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23t10 23l466 466q10 10 23 10t23 -10l50 -50q10 -10 10 -23z" />
-<glyph unicode="&#xf105;" horiz-adv-x="640" d="M595 576q0 -13 -10 -23l-466 -466q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l393 393l-393 393q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l466 -466q10 -10 10 -23z" />
-<glyph unicode="&#xf106;" horiz-adv-x="1152" d="M1075 352q0 -13 -10 -23l-50 -50q-10 -10 -23 -10t-23 10l-393 393l-393 -393q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l466 466q10 10 23 10t23 -10l466 -466q10 -10 10 -23z" />
-<glyph unicode="&#xf107;" horiz-adv-x="1152" d="M1075 800q0 -13 -10 -23l-466 -466q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l393 -393l393 393q10 10 23 10t23 -10l50 -50q10 -10 10 -23z" />
-<glyph unicode="&#xf108;" horiz-adv-x="1920" d="M1792 544v832q0 13 -9.5 22.5t-22.5 9.5h-1600q-13 0 -22.5 -9.5t-9.5 -22.5v-832q0 -13 9.5 -22.5t22.5 -9.5h1600q13 0 22.5 9.5t9.5 22.5zM1920 1376v-1088q0 -66 -47 -113t-113 -47h-544q0 -37 16 -77.5t32 -71t16 -43.5q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19 t-19 45q0 14 16 44t32 70t16 78h-544q-66 0 -113 47t-47 113v1088q0 66 47 113t113 47h1600q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf109;" horiz-adv-x="1920" d="M416 256q-66 0 -113 47t-47 113v704q0 66 47 113t113 47h1088q66 0 113 -47t47 -113v-704q0 -66 -47 -113t-113 -47h-1088zM384 1120v-704q0 -13 9.5 -22.5t22.5 -9.5h1088q13 0 22.5 9.5t9.5 22.5v704q0 13 -9.5 22.5t-22.5 9.5h-1088q-13 0 -22.5 -9.5t-9.5 -22.5z M1760 192h160v-96q0 -40 -47 -68t-113 -28h-1600q-66 0 -113 28t-47 68v96h160h1600zM1040 96q16 0 16 16t-16 16h-160q-16 0 -16 -16t16 -16h160z" />
-<glyph unicode="&#xf10a;" horiz-adv-x="1152" d="M640 128q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1024 288v960q0 13 -9.5 22.5t-22.5 9.5h-832q-13 0 -22.5 -9.5t-9.5 -22.5v-960q0 -13 9.5 -22.5t22.5 -9.5h832q13 0 22.5 9.5t9.5 22.5zM1152 1248v-1088q0 -66 -47 -113t-113 -47h-832 q-66 0 -113 47t-47 113v1088q0 66 47 113t113 47h832q66 0 113 -47t47 -113z" />
-<glyph unicode="&#xf10b;" horiz-adv-x="768" d="M464 128q0 33 -23.5 56.5t-56.5 23.5t-56.5 -23.5t-23.5 -56.5t23.5 -56.5t56.5 -23.5t56.5 23.5t23.5 56.5zM672 288v704q0 13 -9.5 22.5t-22.5 9.5h-512q-13 0 -22.5 -9.5t-9.5 -22.5v-704q0 -13 9.5 -22.5t22.5 -9.5h512q13 0 22.5 9.5t9.5 22.5zM480 1136 q0 16 -16 16h-160q-16 0 -16 -16t16 -16h160q16 0 16 16zM768 1152v-1024q0 -52 -38 -90t-90 -38h-512q-52 0 -90 38t-38 90v1024q0 52 38 90t90 38h512q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf10c;" d="M768 1184q-148 0 -273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273t-73 273t-198 198t-273 73zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103 t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf10d;" horiz-adv-x="1664" d="M768 576v-384q0 -80 -56 -136t-136 -56h-384q-80 0 -136 56t-56 136v704q0 104 40.5 198.5t109.5 163.5t163.5 109.5t198.5 40.5h64q26 0 45 -19t19 -45v-128q0 -26 -19 -45t-45 -19h-64q-106 0 -181 -75t-75 -181v-32q0 -40 28 -68t68 -28h224q80 0 136 -56t56 -136z M1664 576v-384q0 -80 -56 -136t-136 -56h-384q-80 0 -136 56t-56 136v704q0 104 40.5 198.5t109.5 163.5t163.5 109.5t198.5 40.5h64q26 0 45 -19t19 -45v-128q0 -26 -19 -45t-45 -19h-64q-106 0 -181 -75t-75 -181v-32q0 -40 28 -68t68 -28h224q80 0 136 -56t56 -136z" />
-<glyph unicode="&#xf10e;" horiz-adv-x="1664" d="M768 1216v-704q0 -104 -40.5 -198.5t-109.5 -163.5t-163.5 -109.5t-198.5 -40.5h-64q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h64q106 0 181 75t75 181v32q0 40 -28 68t-68 28h-224q-80 0 -136 56t-56 136v384q0 80 56 136t136 56h384q80 0 136 -56t56 -136zM1664 1216 v-704q0 -104 -40.5 -198.5t-109.5 -163.5t-163.5 -109.5t-198.5 -40.5h-64q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h64q106 0 181 75t75 181v32q0 40 -28 68t-68 28h-224q-80 0 -136 56t-56 136v384q0 80 56 136t136 56h384q80 0 136 -56t56 -136z" />
-<glyph unicode="&#xf110;" horiz-adv-x="1792" d="M526 142q0 -53 -37.5 -90.5t-90.5 -37.5q-52 0 -90 38t-38 90q0 53 37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1024 -64q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM320 640q0 -53 -37.5 -90.5t-90.5 -37.5 t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1522 142q0 -52 -38 -90t-90 -38q-53 0 -90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM558 1138q0 -66 -47 -113t-113 -47t-113 47t-47 113t47 113t113 47t113 -47t47 -113z M1728 640q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1088 1344q0 -80 -56 -136t-136 -56t-136 56t-56 136t56 136t136 56t136 -56t56 -136zM1618 1138q0 -93 -66 -158.5t-158 -65.5q-93 0 -158.5 65.5t-65.5 158.5 q0 92 65.5 158t158.5 66q92 0 158 -66t66 -158z" />
-<glyph unicode="&#xf111;" d="M1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf112;" horiz-adv-x="1792" d="M1792 416q0 -166 -127 -451q-3 -7 -10.5 -24t-13.5 -30t-13 -22q-12 -17 -28 -17q-15 0 -23.5 10t-8.5 25q0 9 2.5 26.5t2.5 23.5q5 68 5 123q0 101 -17.5 181t-48.5 138.5t-80 101t-105.5 69.5t-133 42.5t-154 21.5t-175.5 6h-224v-256q0 -26 -19 -45t-45 -19t-45 19 l-512 512q-19 19 -19 45t19 45l512 512q19 19 45 19t45 -19t19 -45v-256h224q713 0 875 -403q53 -134 53 -333z" />
-<glyph unicode="&#xf113;" horiz-adv-x="1664" d="M640 320q0 -40 -12.5 -82t-43 -76t-72.5 -34t-72.5 34t-43 76t-12.5 82t12.5 82t43 76t72.5 34t72.5 -34t43 -76t12.5 -82zM1280 320q0 -40 -12.5 -82t-43 -76t-72.5 -34t-72.5 34t-43 76t-12.5 82t12.5 82t43 76t72.5 34t72.5 -34t43 -76t12.5 -82zM1440 320 q0 120 -69 204t-187 84q-41 0 -195 -21q-71 -11 -157 -11t-157 11q-152 21 -195 21q-118 0 -187 -84t-69 -204q0 -88 32 -153.5t81 -103t122 -60t140 -29.5t149 -7h168q82 0 149 7t140 29.5t122 60t81 103t32 153.5zM1664 496q0 -207 -61 -331q-38 -77 -105.5 -133t-141 -86 t-170 -47.5t-171.5 -22t-167 -4.5q-78 0 -142 3t-147.5 12.5t-152.5 30t-137 51.5t-121 81t-86 115q-62 123 -62 331q0 237 136 396q-27 82 -27 170q0 116 51 218q108 0 190 -39.5t189 -123.5q147 35 309 35q148 0 280 -32q105 82 187 121t189 39q51 -102 51 -218 q0 -87 -27 -168q136 -160 136 -398z" />
-<glyph unicode="&#xf114;" horiz-adv-x="1664" d="M1536 224v704q0 40 -28 68t-68 28h-704q-40 0 -68 28t-28 68v64q0 40 -28 68t-68 28h-320q-40 0 -68 -28t-28 -68v-960q0 -40 28 -68t68 -28h1216q40 0 68 28t28 68zM1664 928v-704q0 -92 -66 -158t-158 -66h-1216q-92 0 -158 66t-66 158v960q0 92 66 158t158 66h320 q92 0 158 -66t66 -158v-32h672q92 0 158 -66t66 -158z" />
-<glyph unicode="&#xf115;" horiz-adv-x="1920" d="M1781 605q0 35 -53 35h-1088q-40 0 -85.5 -21.5t-71.5 -52.5l-294 -363q-18 -24 -18 -40q0 -35 53 -35h1088q40 0 86 22t71 53l294 363q18 22 18 39zM640 768h768v160q0 40 -28 68t-68 28h-576q-40 0 -68 28t-28 68v64q0 40 -28 68t-68 28h-320q-40 0 -68 -28t-28 -68 v-853l256 315q44 53 116 87.5t140 34.5zM1909 605q0 -62 -46 -120l-295 -363q-43 -53 -116 -87.5t-140 -34.5h-1088q-92 0 -158 66t-66 158v960q0 92 66 158t158 66h320q92 0 158 -66t66 -158v-32h544q92 0 158 -66t66 -158v-160h192q54 0 99 -24.5t67 -70.5q15 -32 15 -68z " />
-<glyph unicode="&#xf116;" horiz-adv-x="1792" />
-<glyph unicode="&#xf117;" horiz-adv-x="1792" />
-<glyph unicode="&#xf118;" d="M1134 461q-37 -121 -138 -195t-228 -74t-228 74t-138 195q-8 25 4 48.5t38 31.5q25 8 48.5 -4t31.5 -38q25 -80 92.5 -129.5t151.5 -49.5t151.5 49.5t92.5 129.5q8 26 32 38t49 4t37 -31.5t4 -48.5zM640 896q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5 t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1152 896q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1408 640q0 130 -51 248.5t-136.5 204t-204 136.5t-248.5 51t-248.5 -51t-204 -136.5t-136.5 -204t-51 -248.5 t51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf119;" d="M1134 307q8 -25 -4 -48.5t-37 -31.5t-49 4t-32 38q-25 80 -92.5 129.5t-151.5 49.5t-151.5 -49.5t-92.5 -129.5q-8 -26 -31.5 -38t-48.5 -4q-26 8 -38 31.5t-4 48.5q37 121 138 195t228 74t228 -74t138 -195zM640 896q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5 t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1152 896q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1408 640q0 130 -51 248.5t-136.5 204t-204 136.5t-248.5 51t-248.5 -51t-204 -136.5t-136.5 -204 t-51 -248.5t51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf11a;" d="M1152 448q0 -26 -19 -45t-45 -19h-640q-26 0 -45 19t-19 45t19 45t45 19h640q26 0 45 -19t19 -45zM640 896q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1152 896q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5 t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1408 640q0 130 -51 248.5t-136.5 204t-204 136.5t-248.5 51t-248.5 -51t-204 -136.5t-136.5 -204t-51 -248.5t51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf11b;" horiz-adv-x="1920" d="M832 448v128q0 14 -9 23t-23 9h-192v192q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-192h-192q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h192v-192q0 -14 9 -23t23 -9h128q14 0 23 9t9 23v192h192q14 0 23 9t9 23zM1408 384q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5 t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1664 640q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1920 512q0 -212 -150 -362t-362 -150q-192 0 -338 128h-220q-146 -128 -338 -128q-212 0 -362 150 t-150 362t150 362t362 150h896q212 0 362 -150t150 -362z" />
-<glyph unicode="&#xf11c;" horiz-adv-x="1920" d="M384 368v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM512 624v-96q0 -16 -16 -16h-224q-16 0 -16 16v96q0 16 16 16h224q16 0 16 -16zM384 880v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1408 368v-96q0 -16 -16 -16 h-864q-16 0 -16 16v96q0 16 16 16h864q16 0 16 -16zM768 624v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM640 880v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1024 624v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16 h96q16 0 16 -16zM896 880v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1280 624v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1664 368v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1152 880v-96 q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1408 880v-96q0 -16 -16 -16h-96q-16 0 -16 16v96q0 16 16 16h96q16 0 16 -16zM1664 880v-352q0 -16 -16 -16h-224q-16 0 -16 16v96q0 16 16 16h112v240q0 16 16 16h96q16 0 16 -16zM1792 128v896h-1664v-896 h1664zM1920 1024v-896q0 -53 -37.5 -90.5t-90.5 -37.5h-1664q-53 0 -90.5 37.5t-37.5 90.5v896q0 53 37.5 90.5t90.5 37.5h1664q53 0 90.5 -37.5t37.5 -90.5z" />
-<glyph unicode="&#xf11d;" horiz-adv-x="1792" d="M1664 491v616q-169 -91 -306 -91q-82 0 -145 32q-100 49 -184 76.5t-178 27.5q-173 0 -403 -127v-599q245 113 433 113q55 0 103.5 -7.5t98 -26t77 -31t82.5 -39.5l28 -14q44 -22 101 -22q120 0 293 92zM320 1280q0 -35 -17.5 -64t-46.5 -46v-1266q0 -14 -9 -23t-23 -9 h-64q-14 0 -23 9t-9 23v1266q-29 17 -46.5 46t-17.5 64q0 53 37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1792 1216v-763q0 -39 -35 -57q-10 -5 -17 -9q-218 -116 -369 -116q-88 0 -158 35l-28 14q-64 33 -99 48t-91 29t-114 14q-102 0 -235.5 -44t-228.5 -102 q-15 -9 -33 -9q-16 0 -32 8q-32 19 -32 56v742q0 35 31 55q35 21 78.5 42.5t114 52t152.5 49.5t155 19q112 0 209 -31t209 -86q38 -19 89 -19q122 0 310 112q22 12 31 17q31 16 62 -2q31 -20 31 -55z" />
-<glyph unicode="&#xf11e;" horiz-adv-x="1792" d="M832 536v192q-181 -16 -384 -117v-185q205 96 384 110zM832 954v197q-172 -8 -384 -126v-189q215 111 384 118zM1664 491v184q-235 -116 -384 -71v224q-20 6 -39 15q-5 3 -33 17t-34.5 17t-31.5 15t-34.5 15.5t-32.5 13t-36 12.5t-35 8.5t-39.5 7.5t-39.5 4t-44 2 q-23 0 -49 -3v-222h19q102 0 192.5 -29t197.5 -82q19 -9 39 -15v-188q42 -17 91 -17q120 0 293 92zM1664 918v189q-169 -91 -306 -91q-45 0 -78 8v-196q148 -42 384 90zM320 1280q0 -35 -17.5 -64t-46.5 -46v-1266q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v1266 q-29 17 -46.5 46t-17.5 64q0 53 37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1792 1216v-763q0 -39 -35 -57q-10 -5 -17 -9q-218 -116 -369 -116q-88 0 -158 35l-28 14q-64 33 -99 48t-91 29t-114 14q-102 0 -235.5 -44t-228.5 -102q-15 -9 -33 -9q-16 0 -32 8 q-32 19 -32 56v742q0 35 31 55q35 21 78.5 42.5t114 52t152.5 49.5t155 19q112 0 209 -31t209 -86q38 -19 89 -19q122 0 310 112q22 12 31 17q31 16 62 -2q31 -20 31 -55z" />
-<glyph unicode="&#xf120;" horiz-adv-x="1664" d="M585 553l-466 -466q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l393 393l-393 393q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l466 -466q10 -10 10 -23t-10 -23zM1664 96v-64q0 -14 -9 -23t-23 -9h-960q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h960q14 0 23 -9 t9 -23z" />
-<glyph unicode="&#xf121;" horiz-adv-x="1920" d="M617 137l-50 -50q-10 -10 -23 -10t-23 10l-466 466q-10 10 -10 23t10 23l466 466q10 10 23 10t23 -10l50 -50q10 -10 10 -23t-10 -23l-393 -393l393 -393q10 -10 10 -23t-10 -23zM1208 1204l-373 -1291q-4 -13 -15.5 -19.5t-23.5 -2.5l-62 17q-13 4 -19.5 15.5t-2.5 24.5 l373 1291q4 13 15.5 19.5t23.5 2.5l62 -17q13 -4 19.5 -15.5t2.5 -24.5zM1865 553l-466 -466q-10 -10 -23 -10t-23 10l-50 50q-10 10 -10 23t10 23l393 393l-393 393q-10 10 -10 23t10 23l50 50q10 10 23 10t23 -10l466 -466q10 -10 10 -23t-10 -23z" />
-<glyph unicode="&#xf122;" horiz-adv-x="1792" d="M640 454v-70q0 -42 -39 -59q-13 -5 -25 -5q-27 0 -45 19l-512 512q-19 19 -19 45t19 45l512 512q29 31 70 14q39 -17 39 -59v-69l-397 -398q-19 -19 -19 -45t19 -45zM1792 416q0 -58 -17 -133.5t-38.5 -138t-48 -125t-40.5 -90.5l-20 -40q-8 -17 -28 -17q-6 0 -9 1 q-25 8 -23 34q43 400 -106 565q-64 71 -170.5 110.5t-267.5 52.5v-251q0 -42 -39 -59q-13 -5 -25 -5q-27 0 -45 19l-512 512q-19 19 -19 45t19 45l512 512q29 31 70 14q39 -17 39 -59v-262q411 -28 599 -221q169 -173 169 -509z" />
-<glyph unicode="&#xf123;" horiz-adv-x="1664" d="M1186 579l257 250l-356 52l-66 10l-30 60l-159 322v-963l59 -31l318 -168l-60 355l-12 66zM1638 841l-363 -354l86 -500q5 -33 -6 -51.5t-34 -18.5q-17 0 -40 12l-449 236l-449 -236q-23 -12 -40 -12q-23 0 -34 18.5t-6 51.5l86 500l-364 354q-32 32 -23 59.5t54 34.5 l502 73l225 455q20 41 49 41q28 0 49 -41l225 -455l502 -73q45 -7 54 -34.5t-24 -59.5z" />
-<glyph unicode="&#xf124;" horiz-adv-x="1408" d="M1401 1187l-640 -1280q-17 -35 -57 -35q-5 0 -15 2q-22 5 -35.5 22.5t-13.5 39.5v576h-576q-22 0 -39.5 13.5t-22.5 35.5t4 42t29 30l1280 640q13 7 29 7q27 0 45 -19q15 -14 18.5 -34.5t-6.5 -39.5z" />
-<glyph unicode="&#xf125;" horiz-adv-x="1664" d="M557 256h595v595zM512 301l595 595h-595v-595zM1664 224v-192q0 -14 -9 -23t-23 -9h-224v-224q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v224h-864q-14 0 -23 9t-9 23v864h-224q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h224v224q0 14 9 23t23 9h192q14 0 23 -9t9 -23 v-224h851l246 247q10 9 23 9t23 -9q9 -10 9 -23t-9 -23l-247 -246v-851h224q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf126;" horiz-adv-x="1024" d="M288 64q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM288 1216q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM928 1088q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM1024 1088q0 -52 -26 -96.5t-70 -69.5 q-2 -287 -226 -414q-68 -38 -203 -81q-128 -40 -169.5 -71t-41.5 -100v-26q44 -25 70 -69.5t26 -96.5q0 -80 -56 -136t-136 -56t-136 56t-56 136q0 52 26 96.5t70 69.5v820q-44 25 -70 69.5t-26 96.5q0 80 56 136t136 56t136 -56t56 -136q0 -52 -26 -96.5t-70 -69.5v-497 q54 26 154 57q55 17 87.5 29.5t70.5 31t59 39.5t40.5 51t28 69.5t8.5 91.5q-44 25 -70 69.5t-26 96.5q0 80 56 136t136 56t136 -56t56 -136z" />
-<glyph unicode="&#xf127;" horiz-adv-x="1664" d="M439 265l-256 -256q-10 -9 -23 -9q-12 0 -23 9q-9 10 -9 23t9 23l256 256q10 9 23 9t23 -9q9 -10 9 -23t-9 -23zM608 224v-320q0 -14 -9 -23t-23 -9t-23 9t-9 23v320q0 14 9 23t23 9t23 -9t9 -23zM384 448q0 -14 -9 -23t-23 -9h-320q-14 0 -23 9t-9 23t9 23t23 9h320 q14 0 23 -9t9 -23zM1648 320q0 -120 -85 -203l-147 -146q-83 -83 -203 -83q-121 0 -204 85l-334 335q-21 21 -42 56l239 18l273 -274q27 -27 68 -27.5t68 26.5l147 146q28 28 28 67q0 40 -28 68l-274 275l18 239q35 -21 56 -42l336 -336q84 -86 84 -204zM1031 1044l-239 -18 l-273 274q-28 28 -68 28q-39 0 -68 -27l-147 -146q-28 -28 -28 -67q0 -40 28 -68l274 -274l-18 -240q-35 21 -56 42l-336 336q-84 86 -84 204q0 120 85 203l147 146q83 83 203 83q121 0 204 -85l334 -335q21 -21 42 -56zM1664 960q0 -14 -9 -23t-23 -9h-320q-14 0 -23 9 t-9 23t9 23t23 9h320q14 0 23 -9t9 -23zM1120 1504v-320q0 -14 -9 -23t-23 -9t-23 9t-9 23v320q0 14 9 23t23 9t23 -9t9 -23zM1527 1353l-256 -256q-11 -9 -23 -9t-23 9q-9 10 -9 23t9 23l256 256q10 9 23 9t23 -9q9 -10 9 -23t-9 -23z" />
-<glyph unicode="&#xf128;" horiz-adv-x="1024" d="M704 280v-240q0 -16 -12 -28t-28 -12h-240q-16 0 -28 12t-12 28v240q0 16 12 28t28 12h240q16 0 28 -12t12 -28zM1020 880q0 -54 -15.5 -101t-35 -76.5t-55 -59.5t-57.5 -43.5t-61 -35.5q-41 -23 -68.5 -65t-27.5 -67q0 -17 -12 -32.5t-28 -15.5h-240q-15 0 -25.5 18.5 t-10.5 37.5v45q0 83 65 156.5t143 108.5q59 27 84 56t25 76q0 42 -46.5 74t-107.5 32q-65 0 -108 -29q-35 -25 -107 -115q-13 -16 -31 -16q-12 0 -25 8l-164 125q-13 10 -15.5 25t5.5 28q160 266 464 266q80 0 161 -31t146 -83t106 -127.5t41 -158.5z" />
-<glyph unicode="&#xf129;" horiz-adv-x="640" d="M640 192v-128q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h64v384h-64q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h384q26 0 45 -19t19 -45v-576h64q26 0 45 -19t19 -45zM512 1344v-192q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v192 q0 26 19 45t45 19h256q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf12a;" horiz-adv-x="640" d="M512 288v-224q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v224q0 26 19 45t45 19h256q26 0 45 -19t19 -45zM542 1344l-28 -768q-1 -26 -20.5 -45t-45.5 -19h-256q-26 0 -45.5 19t-20.5 45l-28 768q-1 26 17.5 45t44.5 19h320q26 0 44.5 -19t17.5 -45z" />
-<glyph unicode="&#xf12b;" d="M897 167v-167h-248l-159 252l-24 42q-8 9 -11 21h-3l-9 -21q-10 -20 -25 -44l-155 -250h-258v167h128l197 291l-185 272h-137v168h276l139 -228q2 -4 23 -42q8 -9 11 -21h3q3 9 11 21l25 42l140 228h257v-168h-125l-184 -267l204 -296h109zM1534 846v-206h-514l-3 27 q-4 28 -4 46q0 64 26 117t65 86.5t84 65t84 54.5t65 54t26 64q0 38 -29.5 62.5t-70.5 24.5q-51 0 -97 -39q-14 -11 -36 -38l-105 92q26 37 63 66q83 65 188 65q110 0 178 -59.5t68 -158.5q0 -56 -24.5 -103t-62 -76.5t-81.5 -58.5t-82 -50.5t-65.5 -51.5t-30.5 -63h232v80 h126z" />
-<glyph unicode="&#xf12c;" d="M897 167v-167h-248l-159 252l-24 42q-8 9 -11 21h-3l-9 -21q-10 -20 -25 -44l-155 -250h-258v167h128l197 291l-185 272h-137v168h276l139 -228q2 -4 23 -42q8 -9 11 -21h3q3 9 11 21l25 42l140 228h257v-168h-125l-184 -267l204 -296h109zM1536 -50v-206h-514l-4 27 q-3 45 -3 46q0 64 26 117t65 86.5t84 65t84 54.5t65 54t26 64q0 38 -29.5 62.5t-70.5 24.5q-51 0 -97 -39q-14 -11 -36 -38l-105 92q26 37 63 66q80 65 188 65q110 0 178 -59.5t68 -158.5q0 -66 -34.5 -118.5t-84 -86t-99.5 -62.5t-87 -63t-41 -73h232v80h126z" />
-<glyph unicode="&#xf12d;" horiz-adv-x="1920" d="M896 128l336 384h-768l-336 -384h768zM1909 1205q15 -34 9.5 -71.5t-30.5 -65.5l-896 -1024q-38 -44 -96 -44h-768q-38 0 -69.5 20.5t-47.5 54.5q-15 34 -9.5 71.5t30.5 65.5l896 1024q38 44 96 44h768q38 0 69.5 -20.5t47.5 -54.5z" />
-<glyph unicode="&#xf12e;" horiz-adv-x="1664" d="M1664 438q0 -81 -44.5 -135t-123.5 -54q-41 0 -77.5 17.5t-59 38t-56.5 38t-71 17.5q-110 0 -110 -124q0 -39 16 -115t15 -115v-5q-22 0 -33 -1q-34 -3 -97.5 -11.5t-115.5 -13.5t-98 -5q-61 0 -103 26.5t-42 83.5q0 37 17.5 71t38 56.5t38 59t17.5 77.5q0 79 -54 123.5 t-135 44.5q-84 0 -143 -45.5t-59 -127.5q0 -43 15 -83t33.5 -64.5t33.5 -53t15 -50.5q0 -45 -46 -89q-37 -35 -117 -35q-95 0 -245 24q-9 2 -27.5 4t-27.5 4l-13 2q-1 0 -3 1q-2 0 -2 1v1024q2 -1 17.5 -3.5t34 -5t21.5 -3.5q150 -24 245 -24q80 0 117 35q46 44 46 89 q0 22 -15 50.5t-33.5 53t-33.5 64.5t-15 83q0 82 59 127.5t144 45.5q80 0 134 -44.5t54 -123.5q0 -41 -17.5 -77.5t-38 -59t-38 -56.5t-17.5 -71q0 -57 42 -83.5t103 -26.5q64 0 180 15t163 17v-2q-1 -2 -3.5 -17.5t-5 -34t-3.5 -21.5q-24 -150 -24 -245q0 -80 35 -117 q44 -46 89 -46q22 0 50.5 15t53 33.5t64.5 33.5t83 15q82 0 127.5 -59t45.5 -143z" />
-<glyph unicode="&#xf130;" horiz-adv-x="1152" d="M1152 832v-128q0 -221 -147.5 -384.5t-364.5 -187.5v-132h256q26 0 45 -19t19 -45t-19 -45t-45 -19h-640q-26 0 -45 19t-19 45t19 45t45 19h256v132q-217 24 -364.5 187.5t-147.5 384.5v128q0 26 19 45t45 19t45 -19t19 -45v-128q0 -185 131.5 -316.5t316.5 -131.5 t316.5 131.5t131.5 316.5v128q0 26 19 45t45 19t45 -19t19 -45zM896 1216v-512q0 -132 -94 -226t-226 -94t-226 94t-94 226v512q0 132 94 226t226 94t226 -94t94 -226z" />
-<glyph unicode="&#xf131;" horiz-adv-x="1408" d="M271 591l-101 -101q-42 103 -42 214v128q0 26 19 45t45 19t45 -19t19 -45v-128q0 -53 15 -113zM1385 1193l-361 -361v-128q0 -132 -94 -226t-226 -94q-55 0 -109 19l-96 -96q97 -51 205 -51q185 0 316.5 131.5t131.5 316.5v128q0 26 19 45t45 19t45 -19t19 -45v-128 q0 -221 -147.5 -384.5t-364.5 -187.5v-132h256q26 0 45 -19t19 -45t-19 -45t-45 -19h-640q-26 0 -45 19t-19 45t19 45t45 19h256v132q-125 13 -235 81l-254 -254q-10 -10 -23 -10t-23 10l-82 82q-10 10 -10 23t10 23l1234 1234q10 10 23 10t23 -10l82 -82q10 -10 10 -23 t-10 -23zM1005 1325l-621 -621v512q0 132 94 226t226 94q102 0 184.5 -59t116.5 -152z" />
-<glyph unicode="&#xf132;" horiz-adv-x="1280" d="M1088 576v640h-448v-1137q119 63 213 137q235 184 235 360zM1280 1344v-768q0 -86 -33.5 -170.5t-83 -150t-118 -127.5t-126.5 -103t-121 -77.5t-89.5 -49.5t-42.5 -20q-12 -6 -26 -6t-26 6q-16 7 -42.5 20t-89.5 49.5t-121 77.5t-126.5 103t-118 127.5t-83 150 t-33.5 170.5v768q0 26 19 45t45 19h1152q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf133;" horiz-adv-x="1664" d="M128 -128h1408v1024h-1408v-1024zM512 1088v288q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-288q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1280 1088v288q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-288q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1664 1152v-1280 q0 -52 -38 -90t-90 -38h-1408q-52 0 -90 38t-38 90v1280q0 52 38 90t90 38h128v96q0 66 47 113t113 47h64q66 0 113 -47t47 -113v-96h384v96q0 66 47 113t113 47h64q66 0 113 -47t47 -113v-96h128q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf134;" horiz-adv-x="1408" d="M512 1344q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1408 1376v-320q0 -16 -12 -25q-8 -7 -20 -7q-4 0 -7 1l-448 96q-11 2 -18 11t-7 20h-256v-102q111 -23 183.5 -111t72.5 -203v-800q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19t-19 45v800 q0 106 62.5 190.5t161.5 114.5v111h-32q-59 0 -115 -23.5t-91.5 -53t-66 -66.5t-40.5 -53.5t-14 -24.5q-17 -35 -57 -35q-16 0 -29 7q-23 12 -31.5 37t3.5 49q5 10 14.5 26t37.5 53.5t60.5 70t85 67t108.5 52.5q-25 42 -25 86q0 66 47 113t113 47t113 -47t47 -113 q0 -33 -14 -64h302q0 11 7 20t18 11l448 96q3 1 7 1q12 0 20 -7q12 -9 12 -25z" />
-<glyph unicode="&#xf135;" horiz-adv-x="1664" d="M1440 1088q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM1664 1376q0 -249 -75.5 -430.5t-253.5 -360.5q-81 -80 -195 -176l-20 -379q-2 -16 -16 -26l-384 -224q-7 -4 -16 -4q-12 0 -23 9l-64 64q-13 14 -8 32l85 276l-281 281l-276 -85q-3 -1 -9 -1 q-14 0 -23 9l-64 64q-17 19 -5 39l224 384q10 14 26 16l379 20q96 114 176 195q188 187 358 258t431 71q14 0 24 -9.5t10 -22.5z" />
-<glyph unicode="&#xf136;" horiz-adv-x="1792" d="M1745 763l-164 -763h-334l178 832q13 56 -15 88q-27 33 -83 33h-169l-204 -953h-334l204 953h-286l-204 -953h-334l204 953l-153 327h1276q101 0 189.5 -40.5t147.5 -113.5q60 -73 81 -168.5t0 -194.5z" />
-<glyph unicode="&#xf137;" d="M909 141l102 102q19 19 19 45t-19 45l-307 307l307 307q19 19 19 45t-19 45l-102 102q-19 19 -45 19t-45 -19l-454 -454q-19 -19 -19 -45t19 -45l454 -454q19 -19 45 -19t45 19zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5 t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf138;" d="M717 141l454 454q19 19 19 45t-19 45l-454 454q-19 19 -45 19t-45 -19l-102 -102q-19 -19 -19 -45t19 -45l307 -307l-307 -307q-19 -19 -19 -45t19 -45l102 -102q19 -19 45 -19t45 19zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5 t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf139;" d="M1165 397l102 102q19 19 19 45t-19 45l-454 454q-19 19 -45 19t-45 -19l-454 -454q-19 -19 -19 -45t19 -45l102 -102q19 -19 45 -19t45 19l307 307l307 -307q19 -19 45 -19t45 19zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5 t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf13a;" d="M813 237l454 454q19 19 19 45t-19 45l-102 102q-19 19 -45 19t-45 -19l-307 -307l-307 307q-19 19 -45 19t-45 -19l-102 -102q-19 -19 -19 -45t19 -45l454 -454q19 -19 45 -19t45 19zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5 t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf13b;" horiz-adv-x="1408" d="M1130 939l16 175h-884l47 -534h612l-22 -228l-197 -53l-196 53l-13 140h-175l22 -278l362 -100h4v1l359 99l50 544h-644l-15 181h674zM0 1408h1408l-128 -1438l-578 -162l-574 162z" />
-<glyph unicode="&#xf13c;" horiz-adv-x="1792" d="M275 1408h1505l-266 -1333l-804 -267l-698 267l71 356h297l-29 -147l422 -161l486 161l68 339h-1208l58 297h1209l38 191h-1208z" />
-<glyph unicode="&#xf13d;" horiz-adv-x="1792" d="M960 1280q0 26 -19 45t-45 19t-45 -19t-19 -45t19 -45t45 -19t45 19t19 45zM1792 352v-352q0 -22 -20 -30q-8 -2 -12 -2q-13 0 -23 9l-93 93q-119 -143 -318.5 -226.5t-429.5 -83.5t-429.5 83.5t-318.5 226.5l-93 -93q-9 -9 -23 -9q-4 0 -12 2q-20 8 -20 30v352 q0 14 9 23t23 9h352q22 0 30 -20q8 -19 -7 -35l-100 -100q67 -91 189.5 -153.5t271.5 -82.5v647h-192q-26 0 -45 19t-19 45v128q0 26 19 45t45 19h192v163q-58 34 -93 92.5t-35 128.5q0 106 75 181t181 75t181 -75t75 -181q0 -70 -35 -128.5t-93 -92.5v-163h192q26 0 45 -19 t19 -45v-128q0 -26 -19 -45t-45 -19h-192v-647q149 20 271.5 82.5t189.5 153.5l-100 100q-15 16 -7 35q8 20 30 20h352q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf13e;" horiz-adv-x="1152" d="M1056 768q40 0 68 -28t28 -68v-576q0 -40 -28 -68t-68 -28h-960q-40 0 -68 28t-28 68v576q0 40 28 68t68 28h32v320q0 185 131.5 316.5t316.5 131.5t316.5 -131.5t131.5 -316.5q0 -26 -19 -45t-45 -19h-64q-26 0 -45 19t-19 45q0 106 -75 181t-181 75t-181 -75t-75 -181 v-320h736z" />
-<glyph unicode="&#xf140;" d="M1024 640q0 -106 -75 -181t-181 -75t-181 75t-75 181t75 181t181 75t181 -75t75 -181zM1152 640q0 159 -112.5 271.5t-271.5 112.5t-271.5 -112.5t-112.5 -271.5t112.5 -271.5t271.5 -112.5t271.5 112.5t112.5 271.5zM1280 640q0 -212 -150 -362t-362 -150t-362 150 t-150 362t150 362t362 150t362 -150t150 -362zM1408 640q0 130 -51 248.5t-136.5 204t-204 136.5t-248.5 51t-248.5 -51t-204 -136.5t-136.5 -204t-51 -248.5t51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5zM1536 640 q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf141;" horiz-adv-x="1408" d="M384 800v-192q0 -40 -28 -68t-68 -28h-192q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h192q40 0 68 -28t28 -68zM896 800v-192q0 -40 -28 -68t-68 -28h-192q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h192q40 0 68 -28t28 -68zM1408 800v-192q0 -40 -28 -68t-68 -28h-192 q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h192q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf142;" horiz-adv-x="384" d="M384 288v-192q0 -40 -28 -68t-68 -28h-192q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h192q40 0 68 -28t28 -68zM384 800v-192q0 -40 -28 -68t-68 -28h-192q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h192q40 0 68 -28t28 -68zM384 1312v-192q0 -40 -28 -68t-68 -28h-192 q-40 0 -68 28t-28 68v192q0 40 28 68t68 28h192q40 0 68 -28t28 -68z" />
-<glyph unicode="&#xf143;" d="M512 256q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM863 162q-13 232 -177 396t-396 177q-14 1 -24 -9t-10 -23v-128q0 -13 8.5 -22t21.5 -10q154 -11 264 -121t121 -264q1 -13 10 -21.5t22 -8.5h128q13 0 23 10 t9 24zM1247 161q-5 154 -56 297.5t-139.5 260t-205 205t-260 139.5t-297.5 56q-14 1 -23 -9q-10 -10 -10 -23v-128q0 -13 9 -22t22 -10q204 -7 378 -111.5t278.5 -278.5t111.5 -378q1 -13 10 -22t22 -9h128q13 0 23 10q11 9 9 23zM1536 1120v-960q0 -119 -84.5 -203.5 t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf144;" d="M768 1408q209 0 385.5 -103t279.5 -279.5t103 -385.5t-103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103zM1152 585q32 18 32 55t-32 55l-544 320q-31 19 -64 1q-32 -19 -32 -56v-640q0 -37 32 -56 q16 -8 32 -8q17 0 32 9z" />
-<glyph unicode="&#xf145;" horiz-adv-x="1792" d="M1024 1084l316 -316l-572 -572l-316 316zM813 105l618 618q19 19 19 45t-19 45l-362 362q-18 18 -45 18t-45 -18l-618 -618q-19 -19 -19 -45t19 -45l362 -362q18 -18 45 -18t45 18zM1702 742l-907 -908q-37 -37 -90.5 -37t-90.5 37l-126 126q56 56 56 136t-56 136 t-136 56t-136 -56l-125 126q-37 37 -37 90.5t37 90.5l907 906q37 37 90.5 37t90.5 -37l125 -125q-56 -56 -56 -136t56 -136t136 -56t136 56l126 -125q37 -37 37 -90.5t-37 -90.5z" />
-<glyph unicode="&#xf146;" d="M1280 576v128q0 26 -19 45t-45 19h-896q-26 0 -45 -19t-19 -45v-128q0 -26 19 -45t45 -19h896q26 0 45 19t19 45zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5 t84.5 -203.5z" />
-<glyph unicode="&#xf147;" horiz-adv-x="1408" d="M1152 736v-64q0 -14 -9 -23t-23 -9h-832q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h832q14 0 23 -9t9 -23zM1280 288v832q0 66 -47 113t-113 47h-832q-66 0 -113 -47t-47 -113v-832q0 -66 47 -113t113 -47h832q66 0 113 47t47 113zM1408 1120v-832q0 -119 -84.5 -203.5 t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h832q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf148;" horiz-adv-x="1024" d="M1018 933q-18 -37 -58 -37h-192v-864q0 -14 -9 -23t-23 -9h-704q-21 0 -29 18q-8 20 4 35l160 192q9 11 25 11h320v640h-192q-40 0 -58 37q-17 37 9 68l320 384q18 22 49 22t49 -22l320 -384q27 -32 9 -68z" />
-<glyph unicode="&#xf149;" horiz-adv-x="1024" d="M32 1280h704q13 0 22.5 -9.5t9.5 -23.5v-863h192q40 0 58 -37t-9 -69l-320 -384q-18 -22 -49 -22t-49 22l-320 384q-26 31 -9 69q18 37 58 37h192v640h-320q-14 0 -25 11l-160 192q-13 14 -4 34q9 19 29 19z" />
-<glyph unicode="&#xf14a;" d="M685 237l614 614q19 19 19 45t-19 45l-102 102q-19 19 -45 19t-45 -19l-467 -467l-211 211q-19 19 -45 19t-45 -19l-102 -102q-19 -19 -19 -45t19 -45l358 -358q19 -19 45 -19t45 19zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5 t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf14b;" d="M404 428l152 -152l-52 -52h-56v96h-96v56zM818 818q14 -13 -3 -30l-291 -291q-17 -17 -30 -3q-14 13 3 30l291 291q17 17 30 3zM544 128l544 544l-288 288l-544 -544v-288h288zM1152 736l92 92q28 28 28 68t-28 68l-152 152q-28 28 -68 28t-68 -28l-92 -92zM1536 1120 v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf14c;" d="M1280 608v480q0 26 -19 45t-45 19h-480q-42 0 -59 -39q-17 -41 14 -70l144 -144l-534 -534q-19 -19 -19 -45t19 -45l102 -102q19 -19 45 -19t45 19l534 534l144 -144q18 -19 45 -19q12 0 25 5q39 17 39 59zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960 q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf14d;" d="M1005 435l352 352q19 19 19 45t-19 45l-352 352q-30 31 -69 14q-40 -17 -40 -59v-160q-119 0 -216 -19.5t-162.5 -51t-114 -79t-76.5 -95.5t-44.5 -109t-21.5 -111.5t-5 -110.5q0 -181 167 -404q10 -12 25 -12q7 0 13 3q22 9 19 33q-44 354 62 473q46 52 130 75.5 t224 23.5v-160q0 -42 40 -59q12 -5 24 -5q26 0 45 19zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf14e;" d="M640 448l256 128l-256 128v-256zM1024 1039v-542l-512 -256v542zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103 t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf150;" d="M1145 861q18 -35 -5 -66l-320 -448q-19 -27 -52 -27t-52 27l-320 448q-23 31 -5 66q17 35 57 35h640q40 0 57 -35zM1280 160v960q0 13 -9.5 22.5t-22.5 9.5h-960q-13 0 -22.5 -9.5t-9.5 -22.5v-960q0 -13 9.5 -22.5t22.5 -9.5h960q13 0 22.5 9.5t9.5 22.5zM1536 1120 v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf151;" d="M1145 419q-17 -35 -57 -35h-640q-40 0 -57 35q-18 35 5 66l320 448q19 27 52 27t52 -27l320 -448q23 -31 5 -66zM1280 160v960q0 13 -9.5 22.5t-22.5 9.5h-960q-13 0 -22.5 -9.5t-9.5 -22.5v-960q0 -13 9.5 -22.5t22.5 -9.5h960q13 0 22.5 9.5t9.5 22.5zM1536 1120v-960 q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf152;" d="M1088 640q0 -33 -27 -52l-448 -320q-31 -23 -66 -5q-35 17 -35 57v640q0 40 35 57q35 18 66 -5l448 -320q27 -19 27 -52zM1280 160v960q0 14 -9 23t-23 9h-960q-14 0 -23 -9t-9 -23v-960q0 -14 9 -23t23 -9h960q14 0 23 9t9 23zM1536 1120v-960q0 -119 -84.5 -203.5 t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf153;" horiz-adv-x="1024" d="M976 229l35 -159q3 -12 -3 -22.5t-17 -14.5l-5 -1q-4 -2 -10.5 -3.5t-16 -4.5t-21.5 -5.5t-25.5 -5t-30 -5t-33.5 -4.5t-36.5 -3t-38.5 -1q-234 0 -409 130.5t-238 351.5h-95q-13 0 -22.5 9.5t-9.5 22.5v113q0 13 9.5 22.5t22.5 9.5h66q-2 57 1 105h-67q-14 0 -23 9 t-9 23v114q0 14 9 23t23 9h98q67 210 243.5 338t400.5 128q102 0 194 -23q11 -3 20 -15q6 -11 3 -24l-43 -159q-3 -13 -14 -19.5t-24 -2.5l-4 1q-4 1 -11.5 2.5l-17.5 3.5t-22.5 3.5t-26 3t-29 2.5t-29.5 1q-126 0 -226 -64t-150 -176h468q16 0 25 -12q10 -12 7 -26 l-24 -114q-5 -26 -32 -26h-488q-3 -37 0 -105h459q15 0 25 -12q9 -12 6 -27l-24 -112q-2 -11 -11 -18.5t-20 -7.5h-387q48 -117 149.5 -185.5t228.5 -68.5q18 0 36 1.5t33.5 3.5t29.5 4.5t24.5 5t18.5 4.5l12 3l5 2q13 5 26 -2q12 -7 15 -21z" />
-<glyph unicode="&#xf154;" horiz-adv-x="1024" d="M1020 399v-367q0 -14 -9 -23t-23 -9h-956q-14 0 -23 9t-9 23v150q0 13 9.5 22.5t22.5 9.5h97v383h-95q-14 0 -23 9.5t-9 22.5v131q0 14 9 23t23 9h95v223q0 171 123.5 282t314.5 111q185 0 335 -125q9 -8 10 -20.5t-7 -22.5l-103 -127q-9 -11 -22 -12q-13 -2 -23 7 q-5 5 -26 19t-69 32t-93 18q-85 0 -137 -47t-52 -123v-215h305q13 0 22.5 -9t9.5 -23v-131q0 -13 -9.5 -22.5t-22.5 -9.5h-305v-379h414v181q0 13 9 22.5t23 9.5h162q14 0 23 -9.5t9 -22.5z" />
-<glyph unicode="&#xf155;" horiz-adv-x="1024" d="M978 351q0 -153 -99.5 -263.5t-258.5 -136.5v-175q0 -14 -9 -23t-23 -9h-135q-13 0 -22.5 9.5t-9.5 22.5v175q-66 9 -127.5 31t-101.5 44.5t-74 48t-46.5 37.5t-17.5 18q-17 21 -2 41l103 135q7 10 23 12q15 2 24 -9l2 -2q113 -99 243 -125q37 -8 74 -8q81 0 142.5 43 t61.5 122q0 28 -15 53t-33.5 42t-58.5 37.5t-66 32t-80 32.5q-39 16 -61.5 25t-61.5 26.5t-62.5 31t-56.5 35.5t-53.5 42.5t-43.5 49t-35.5 58t-21 66.5t-8.5 78q0 138 98 242t255 134v180q0 13 9.5 22.5t22.5 9.5h135q14 0 23 -9t9 -23v-176q57 -6 110.5 -23t87 -33.5 t63.5 -37.5t39 -29t15 -14q17 -18 5 -38l-81 -146q-8 -15 -23 -16q-14 -3 -27 7q-3 3 -14.5 12t-39 26.5t-58.5 32t-74.5 26t-85.5 11.5q-95 0 -155 -43t-60 -111q0 -26 8.5 -48t29.5 -41.5t39.5 -33t56 -31t60.5 -27t70 -27.5q53 -20 81 -31.5t76 -35t75.5 -42.5t62 -50 t53 -63.5t31.5 -76.5t13 -94z" />
-<glyph unicode="&#xf156;" horiz-adv-x="898" d="M898 1066v-102q0 -14 -9 -23t-23 -9h-168q-23 -144 -129 -234t-276 -110q167 -178 459 -536q14 -16 4 -34q-8 -18 -29 -18h-195q-16 0 -25 12q-306 367 -498 571q-9 9 -9 22v127q0 13 9.5 22.5t22.5 9.5h112q132 0 212.5 43t102.5 125h-427q-14 0 -23 9t-9 23v102 q0 14 9 23t23 9h413q-57 113 -268 113h-145q-13 0 -22.5 9.5t-9.5 22.5v133q0 14 9 23t23 9h832q14 0 23 -9t9 -23v-102q0 -14 -9 -23t-23 -9h-233q47 -61 64 -144h171q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf157;" horiz-adv-x="1027" d="M603 0h-172q-13 0 -22.5 9t-9.5 23v330h-288q-13 0 -22.5 9t-9.5 23v103q0 13 9.5 22.5t22.5 9.5h288v85h-288q-13 0 -22.5 9t-9.5 23v104q0 13 9.5 22.5t22.5 9.5h214l-321 578q-8 16 0 32q10 16 28 16h194q19 0 29 -18l215 -425q19 -38 56 -125q10 24 30.5 68t27.5 61 l191 420q8 19 29 19h191q17 0 27 -16q9 -14 1 -31l-313 -579h215q13 0 22.5 -9.5t9.5 -22.5v-104q0 -14 -9.5 -23t-22.5 -9h-290v-85h290q13 0 22.5 -9.5t9.5 -22.5v-103q0 -14 -9.5 -23t-22.5 -9h-290v-330q0 -13 -9.5 -22.5t-22.5 -9.5z" />
-<glyph unicode="&#xf158;" horiz-adv-x="1280" d="M1043 971q0 100 -65 162t-171 62h-320v-448h320q106 0 171 62t65 162zM1280 971q0 -193 -126.5 -315t-326.5 -122h-340v-118h505q14 0 23 -9t9 -23v-128q0 -14 -9 -23t-23 -9h-505v-192q0 -14 -9.5 -23t-22.5 -9h-167q-14 0 -23 9t-9 23v192h-224q-14 0 -23 9t-9 23v128 q0 14 9 23t23 9h224v118h-224q-14 0 -23 9t-9 23v149q0 13 9 22.5t23 9.5h224v629q0 14 9 23t23 9h539q200 0 326.5 -122t126.5 -315z" />
-<glyph unicode="&#xf159;" horiz-adv-x="1792" d="M514 341l81 299h-159l75 -300q1 -1 1 -3t1 -3q0 1 0.5 3.5t0.5 3.5zM630 768l35 128h-292l32 -128h225zM822 768h139l-35 128h-70zM1271 340l78 300h-162l81 -299q0 -1 0.5 -3.5t1.5 -3.5q0 1 0.5 3t0.5 3zM1382 768l33 128h-297l34 -128h230zM1792 736v-64q0 -14 -9 -23 t-23 -9h-213l-164 -616q-7 -24 -31 -24h-159q-24 0 -31 24l-166 616h-209l-167 -616q-7 -24 -31 -24h-159q-11 0 -19.5 7t-10.5 17l-160 616h-208q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h175l-33 128h-142q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h109l-89 344q-5 15 5 28 q10 12 26 12h137q26 0 31 -24l90 -360h359l97 360q7 24 31 24h126q24 0 31 -24l98 -360h365l93 360q5 24 31 24h137q16 0 26 -12q10 -13 5 -28l-91 -344h111q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-145l-34 -128h179q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf15a;" horiz-adv-x="1280" d="M1167 896q18 -182 -131 -258q117 -28 175 -103t45 -214q-7 -71 -32.5 -125t-64.5 -89t-97 -58.5t-121.5 -34.5t-145.5 -15v-255h-154v251q-80 0 -122 1v-252h-154v255q-18 0 -54 0.5t-55 0.5h-200l31 183h111q50 0 58 51v402h16q-6 1 -16 1v287q-13 68 -89 68h-111v164 l212 -1q64 0 97 1v252h154v-247q82 2 122 2v245h154v-252q79 -7 140 -22.5t113 -45t82.5 -78t36.5 -114.5zM952 351q0 36 -15 64t-37 46t-57.5 30.5t-65.5 18.5t-74 9t-69 3t-64.5 -1t-47.5 -1v-338q8 0 37 -0.5t48 -0.5t53 1.5t58.5 4t57 8.5t55.5 14t47.5 21t39.5 30 t24.5 40t9.5 51zM881 827q0 33 -12.5 58.5t-30.5 42t-48 28t-55 16.5t-61.5 8t-58 2.5t-54 -1t-39.5 -0.5v-307q5 0 34.5 -0.5t46.5 0t50 2t55 5.5t51.5 11t48.5 18.5t37 27t27 38.5t9 51z" />
-<glyph unicode="&#xf15b;" d="M1024 1024v472q22 -14 36 -28l408 -408q14 -14 28 -36h-472zM896 992q0 -40 28 -68t68 -28h544v-1056q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h800v-544z" />
-<glyph unicode="&#xf15c;" d="M1468 1060q14 -14 28 -36h-472v472q22 -14 36 -28zM992 896h544v-1056q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h800v-544q0 -40 28 -68t68 -28zM1152 160v64q0 14 -9 23t-23 9h-704q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h704 q14 0 23 9t9 23zM1152 416v64q0 14 -9 23t-23 9h-704q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h704q14 0 23 9t9 23zM1152 672v64q0 14 -9 23t-23 9h-704q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h704q14 0 23 9t9 23z" />
-<glyph unicode="&#xf15d;" horiz-adv-x="1664" d="M1191 1128h177l-72 218l-12 47q-2 16 -2 20h-4l-3 -20q0 -1 -3.5 -18t-7.5 -29zM736 96q0 -12 -10 -24l-319 -319q-10 -9 -23 -9q-12 0 -23 9l-320 320q-15 16 -7 35q8 20 30 20h192v1376q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1376h192q14 0 23 -9t9 -23zM1572 -23 v-233h-584v90l369 529q12 18 21 27l11 9v3q-2 0 -6.5 -0.5t-7.5 -0.5q-12 -3 -30 -3h-232v-115h-120v229h567v-89l-369 -530q-6 -8 -21 -26l-11 -11v-2l14 2q9 2 30 2h248v119h121zM1661 874v-106h-288v106h75l-47 144h-243l-47 -144h75v-106h-287v106h70l230 662h162 l230 -662h70z" />
-<glyph unicode="&#xf15e;" horiz-adv-x="1664" d="M1191 104h177l-72 218l-12 47q-2 16 -2 20h-4l-3 -20q0 -1 -3.5 -18t-7.5 -29zM736 96q0 -12 -10 -24l-319 -319q-10 -9 -23 -9q-12 0 -23 9l-320 320q-15 16 -7 35q8 20 30 20h192v1376q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1376h192q14 0 23 -9t9 -23zM1661 -150 v-106h-288v106h75l-47 144h-243l-47 -144h75v-106h-287v106h70l230 662h162l230 -662h70zM1572 1001v-233h-584v90l369 529q12 18 21 27l11 9v3q-2 0 -6.5 -0.5t-7.5 -0.5q-12 -3 -30 -3h-232v-115h-120v229h567v-89l-369 -530q-6 -8 -21 -26l-11 -10v-3l14 3q9 1 30 1h248 v119h121z" />
-<glyph unicode="&#xf160;" horiz-adv-x="1792" d="M736 96q0 -12 -10 -24l-319 -319q-10 -9 -23 -9q-12 0 -23 9l-320 320q-15 16 -7 35q8 20 30 20h192v1376q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1376h192q14 0 23 -9t9 -23zM1792 -32v-192q0 -14 -9 -23t-23 -9h-832q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h832 q14 0 23 -9t9 -23zM1600 480v-192q0 -14 -9 -23t-23 -9h-640q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h640q14 0 23 -9t9 -23zM1408 992v-192q0 -14 -9 -23t-23 -9h-448q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h448q14 0 23 -9t9 -23zM1216 1504v-192q0 -14 -9 -23t-23 -9h-256 q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h256q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf161;" horiz-adv-x="1792" d="M1216 -32v-192q0 -14 -9 -23t-23 -9h-256q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h256q14 0 23 -9t9 -23zM736 96q0 -12 -10 -24l-319 -319q-10 -9 -23 -9q-12 0 -23 9l-320 320q-15 16 -7 35q8 20 30 20h192v1376q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1376h192 q14 0 23 -9t9 -23zM1408 480v-192q0 -14 -9 -23t-23 -9h-448q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h448q14 0 23 -9t9 -23zM1600 992v-192q0 -14 -9 -23t-23 -9h-640q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h640q14 0 23 -9t9 -23zM1792 1504v-192q0 -14 -9 -23t-23 -9h-832 q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h832q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf162;" d="M1346 223q0 63 -44 116t-103 53q-52 0 -83 -37t-31 -94t36.5 -95t104.5 -38q50 0 85 27t35 68zM736 96q0 -12 -10 -24l-319 -319q-10 -9 -23 -9q-12 0 -23 9l-320 320q-15 16 -7 35q8 20 30 20h192v1376q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1376h192q14 0 23 -9t9 -23 zM1486 165q0 -62 -13 -121.5t-41 -114t-68 -95.5t-98.5 -65.5t-127.5 -24.5q-62 0 -108 16q-24 8 -42 15l39 113q15 -7 31 -11q37 -13 75 -13q84 0 134.5 58.5t66.5 145.5h-2q-21 -23 -61.5 -37t-84.5 -14q-106 0 -173 71.5t-67 172.5q0 105 72 178t181 73q123 0 205 -94.5 t82 -252.5zM1456 882v-114h-469v114h167v432q0 7 0.5 19t0.5 17v16h-2l-7 -12q-8 -13 -26 -31l-62 -58l-82 86l192 185h123v-654h165z" />
-<glyph unicode="&#xf163;" d="M1346 1247q0 63 -44 116t-103 53q-52 0 -83 -37t-31 -94t36.5 -95t104.5 -38q50 0 85 27t35 68zM736 96q0 -12 -10 -24l-319 -319q-10 -9 -23 -9q-12 0 -23 9l-320 320q-15 16 -7 35q8 20 30 20h192v1376q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1376h192q14 0 23 -9 t9 -23zM1456 -142v-114h-469v114h167v432q0 7 0.5 19t0.5 17v16h-2l-7 -12q-8 -13 -26 -31l-62 -58l-82 86l192 185h123v-654h165zM1486 1189q0 -62 -13 -121.5t-41 -114t-68 -95.5t-98.5 -65.5t-127.5 -24.5q-62 0 -108 16q-24 8 -42 15l39 113q15 -7 31 -11q37 -13 75 -13 q84 0 134.5 58.5t66.5 145.5h-2q-21 -23 -61.5 -37t-84.5 -14q-106 0 -173 71.5t-67 172.5q0 105 72 178t181 73q123 0 205 -94.5t82 -252.5z" />
-<glyph unicode="&#xf164;" horiz-adv-x="1664" d="M256 192q0 26 -19 45t-45 19q-27 0 -45.5 -19t-18.5 -45q0 -27 18.5 -45.5t45.5 -18.5q26 0 45 18.5t19 45.5zM416 704v-640q0 -26 -19 -45t-45 -19h-288q-26 0 -45 19t-19 45v640q0 26 19 45t45 19h288q26 0 45 -19t19 -45zM1600 704q0 -86 -55 -149q15 -44 15 -76 q3 -76 -43 -137q17 -56 0 -117q-15 -57 -54 -94q9 -112 -49 -181q-64 -76 -197 -78h-36h-76h-17q-66 0 -144 15.5t-121.5 29t-120.5 39.5q-123 43 -158 44q-26 1 -45 19.5t-19 44.5v641q0 25 18 43.5t43 20.5q24 2 76 59t101 121q68 87 101 120q18 18 31 48t17.5 48.5 t13.5 60.5q7 39 12.5 61t19.5 52t34 50q19 19 45 19q46 0 82.5 -10.5t60 -26t40 -40.5t24 -45t12 -50t5 -45t0.5 -39q0 -38 -9.5 -76t-19 -60t-27.5 -56q-3 -6 -10 -18t-11 -22t-8 -24h277q78 0 135 -57t57 -135z" />
-<glyph unicode="&#xf165;" horiz-adv-x="1664" d="M256 960q0 -26 -19 -45t-45 -19q-27 0 -45.5 19t-18.5 45q0 27 18.5 45.5t45.5 18.5q26 0 45 -18.5t19 -45.5zM416 448v640q0 26 -19 45t-45 19h-288q-26 0 -45 -19t-19 -45v-640q0 -26 19 -45t45 -19h288q26 0 45 19t19 45zM1545 597q55 -61 55 -149q-1 -78 -57.5 -135 t-134.5 -57h-277q4 -14 8 -24t11 -22t10 -18q18 -37 27 -57t19 -58.5t10 -76.5q0 -24 -0.5 -39t-5 -45t-12 -50t-24 -45t-40 -40.5t-60 -26t-82.5 -10.5q-26 0 -45 19q-20 20 -34 50t-19.5 52t-12.5 61q-9 42 -13.5 60.5t-17.5 48.5t-31 48q-33 33 -101 120q-49 64 -101 121 t-76 59q-25 2 -43 20.5t-18 43.5v641q0 26 19 44.5t45 19.5q35 1 158 44q77 26 120.5 39.5t121.5 29t144 15.5h17h76h36q133 -2 197 -78q58 -69 49 -181q39 -37 54 -94q17 -61 0 -117q46 -61 43 -137q0 -32 -15 -76z" />
-<glyph unicode="&#xf166;" d="M919 233v157q0 50 -29 50q-17 0 -33 -16v-224q16 -16 33 -16q29 0 29 49zM1103 355h66v34q0 51 -33 51t-33 -51v-34zM532 621v-70h-80v-423h-74v423h-78v70h232zM733 495v-367h-67v40q-39 -45 -76 -45q-33 0 -42 28q-6 16 -6 54v290h66v-270q0 -24 1 -26q1 -15 15 -15 q20 0 42 31v280h67zM985 384v-146q0 -52 -7 -73q-12 -42 -53 -42q-35 0 -68 41v-36h-67v493h67v-161q32 40 68 40q41 0 53 -42q7 -21 7 -74zM1236 255v-9q0 -29 -2 -43q-3 -22 -15 -40q-27 -40 -80 -40q-52 0 -81 38q-21 27 -21 86v129q0 59 20 86q29 38 80 38t78 -38 q21 -28 21 -86v-76h-133v-65q0 -51 34 -51q24 0 30 26q0 1 0.5 7t0.5 16.5v21.5h68zM785 1079v-156q0 -51 -32 -51t-32 51v156q0 52 32 52t32 -52zM1318 366q0 177 -19 260q-10 44 -43 73.5t-76 34.5q-136 15 -412 15q-275 0 -411 -15q-44 -5 -76.5 -34.5t-42.5 -73.5 q-20 -87 -20 -260q0 -176 20 -260q10 -43 42.5 -73t75.5 -35q137 -15 412 -15t412 15q43 5 75.5 35t42.5 73q20 84 20 260zM563 1017l90 296h-75l-51 -195l-53 195h-78l24 -69t23 -69q35 -103 46 -158v-201h74v201zM852 936v130q0 58 -21 87q-29 38 -78 38q-51 0 -78 -38 q-21 -29 -21 -87v-130q0 -58 21 -87q27 -38 78 -38q49 0 78 38q21 27 21 87zM1033 816h67v370h-67v-283q-22 -31 -42 -31q-15 0 -16 16q-1 2 -1 26v272h-67v-293q0 -37 6 -55q11 -27 43 -27q36 0 77 45v-40zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960 q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf167;" d="M971 292v-211q0 -67 -39 -67q-23 0 -45 22v301q22 22 45 22q39 0 39 -67zM1309 291v-46h-90v46q0 68 45 68t45 -68zM343 509h107v94h-312v-94h105v-569h100v569zM631 -60h89v494h-89v-378q-30 -42 -57 -42q-18 0 -21 21q-1 3 -1 35v364h-89v-391q0 -49 8 -73 q12 -37 58 -37q48 0 102 61v-54zM1060 88v197q0 73 -9 99q-17 56 -71 56q-50 0 -93 -54v217h-89v-663h89v48q45 -55 93 -55q54 0 71 55q9 27 9 100zM1398 98v13h-91q0 -51 -2 -61q-7 -36 -40 -36q-46 0 -46 69v87h179v103q0 79 -27 116q-39 51 -106 51q-68 0 -107 -51 q-28 -37 -28 -116v-173q0 -79 29 -116q39 -51 108 -51q72 0 108 53q18 27 21 54q2 9 2 58zM790 1011v210q0 69 -43 69t-43 -69v-210q0 -70 43 -70t43 70zM1509 260q0 -234 -26 -350q-14 -59 -58 -99t-102 -46q-184 -21 -555 -21t-555 21q-58 6 -102.5 46t-57.5 99 q-26 112 -26 350q0 234 26 350q14 59 58 99t103 47q183 20 554 20t555 -20q58 -7 102.5 -47t57.5 -99q26 -112 26 -350zM511 1536h102l-121 -399v-271h-100v271q-14 74 -61 212q-37 103 -65 187h106l71 -263zM881 1203v-175q0 -81 -28 -118q-37 -51 -106 -51q-67 0 -105 51 q-28 38 -28 118v175q0 80 28 117q38 51 105 51q69 0 106 -51q28 -37 28 -117zM1216 1365v-499h-91v55q-53 -62 -103 -62q-46 0 -59 37q-8 24 -8 75v394h91v-367q0 -33 1 -35q3 -22 21 -22q27 0 57 43v381h91z" />
-<glyph unicode="&#xf168;" horiz-adv-x="1408" d="M597 869q-10 -18 -257 -456q-27 -46 -65 -46h-239q-21 0 -31 17t0 36l253 448q1 0 0 1l-161 279q-12 22 -1 37q9 15 32 15h239q40 0 66 -45zM1403 1511q11 -16 0 -37l-528 -934v-1l336 -615q11 -20 1 -37q-10 -15 -32 -15h-239q-42 0 -66 45l-339 622q18 32 531 942 q25 45 64 45h241q22 0 31 -15z" />
-<glyph unicode="&#xf169;" d="M685 771q0 1 -126 222q-21 34 -52 34h-184q-18 0 -26 -11q-7 -12 1 -29l125 -216v-1l-196 -346q-9 -14 0 -28q8 -13 24 -13h185q31 0 50 36zM1309 1268q-7 12 -24 12h-187q-30 0 -49 -35l-411 -729q1 -2 262 -481q20 -35 52 -35h184q18 0 25 12q8 13 -1 28l-260 476v1 l409 723q8 16 0 28zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf16a;" horiz-adv-x="1792" d="M1280 640q0 37 -30 54l-512 320q-31 20 -65 2q-33 -18 -33 -56v-640q0 -38 33 -56q16 -8 31 -8q20 0 34 10l512 320q30 17 30 54zM1792 640q0 -96 -1 -150t-8.5 -136.5t-22.5 -147.5q-16 -73 -69 -123t-124 -58q-222 -25 -671 -25t-671 25q-71 8 -124.5 58t-69.5 123 q-14 65 -21.5 147.5t-8.5 136.5t-1 150t1 150t8.5 136.5t22.5 147.5q16 73 69 123t124 58q222 25 671 25t671 -25q71 -8 124.5 -58t69.5 -123q14 -65 21.5 -147.5t8.5 -136.5t1 -150z" />
-<glyph unicode="&#xf16b;" horiz-adv-x="1792" d="M402 829l494 -305l-342 -285l-490 319zM1388 274v-108l-490 -293v-1l-1 1l-1 -1v1l-489 293v108l147 -96l342 284v2l1 -1l1 1v-2l343 -284zM554 1418l342 -285l-494 -304l-338 270zM1390 829l338 -271l-489 -319l-343 285zM1239 1418l489 -319l-338 -270l-494 304z" />
-<glyph unicode="&#xf16c;" horiz-adv-x="1408" d="M928 135v-151l-707 -1v151zM1169 481v-701l-1 -35v-1h-1132l-35 1h-1v736h121v-618h928v618h120zM241 393l704 -65l-13 -150l-705 65zM309 709l683 -183l-39 -146l-683 183zM472 1058l609 -360l-77 -130l-609 360zM832 1389l398 -585l-124 -85l-399 584zM1285 1536 l121 -697l-149 -26l-121 697z" />
-<glyph unicode="&#xf16d;" d="M1362 110v648h-135q20 -63 20 -131q0 -126 -64 -232.5t-174 -168.5t-240 -62q-197 0 -337 135.5t-140 327.5q0 68 20 131h-141v-648q0 -26 17.5 -43.5t43.5 -17.5h1069q25 0 43 17.5t18 43.5zM1078 643q0 124 -90.5 211.5t-218.5 87.5q-127 0 -217.5 -87.5t-90.5 -211.5 t90.5 -211.5t217.5 -87.5q128 0 218.5 87.5t90.5 211.5zM1362 1003v165q0 28 -20 48.5t-49 20.5h-174q-29 0 -49 -20.5t-20 -48.5v-165q0 -29 20 -49t49 -20h174q29 0 49 20t20 49zM1536 1211v-1142q0 -81 -58 -139t-139 -58h-1142q-81 0 -139 58t-58 139v1142q0 81 58 139 t139 58h1142q81 0 139 -58t58 -139z" />
-<glyph unicode="&#xf16e;" d="M1248 1408q119 0 203.5 -84.5t84.5 -203.5v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960zM698 640q0 88 -62 150t-150 62t-150 -62t-62 -150t62 -150t150 -62t150 62t62 150zM1262 640q0 88 -62 150 t-150 62t-150 -62t-62 -150t62 -150t150 -62t150 62t62 150z" />
-<glyph unicode="&#xf170;" d="M768 914l201 -306h-402zM1133 384h94l-459 691l-459 -691h94l104 160h522zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf171;" horiz-adv-x="1408" d="M815 677q8 -63 -50.5 -101t-111.5 -6q-39 17 -53.5 58t-0.5 82t52 58q36 18 72.5 12t64 -35.5t27.5 -67.5zM926 698q-14 107 -113 164t-197 13q-63 -28 -100.5 -88.5t-34.5 -129.5q4 -91 77.5 -155t165.5 -56q91 8 152 84t50 168zM1165 1240q-20 27 -56 44.5t-58 22 t-71 12.5q-291 47 -566 -2q-43 -7 -66 -12t-55 -22t-50 -43q30 -28 76 -45.5t73.5 -22t87.5 -11.5q228 -29 448 -1q63 8 89.5 12t72.5 21.5t75 46.5zM1222 205q-8 -26 -15.5 -76.5t-14 -84t-28.5 -70t-58 -56.5q-86 -48 -189.5 -71.5t-202 -22t-201.5 18.5q-46 8 -81.5 18 t-76.5 27t-73 43.5t-52 61.5q-25 96 -57 292l6 16l18 9q223 -148 506.5 -148t507.5 148q21 -6 24 -23t-5 -45t-8 -37zM1403 1166q-26 -167 -111 -655q-5 -30 -27 -56t-43.5 -40t-54.5 -31q-252 -126 -610 -88q-248 27 -394 139q-15 12 -25.5 26.5t-17 35t-9 34t-6 39.5 t-5.5 35q-9 50 -26.5 150t-28 161.5t-23.5 147.5t-22 158q3 26 17.5 48.5t31.5 37.5t45 30t46 22.5t48 18.5q125 46 313 64q379 37 676 -50q155 -46 215 -122q16 -20 16.5 -51t-5.5 -54z" />
-<glyph unicode="&#xf172;" d="M848 666q0 43 -41 66t-77 1q-43 -20 -42.5 -72.5t43.5 -70.5q39 -23 81 4t36 72zM928 682q8 -66 -36 -121t-110 -61t-119 40t-56 113q-2 49 25.5 93t72.5 64q70 31 141.5 -10t81.5 -118zM1100 1073q-20 -21 -53.5 -34t-53 -16t-63.5 -8q-155 -20 -324 0q-44 6 -63 9.5 t-52.5 16t-54.5 32.5q13 19 36 31t40 15.5t47 8.5q198 35 408 1q33 -5 51 -8.5t43 -16t39 -31.5zM1142 327q0 7 5.5 26.5t3 32t-17.5 16.5q-161 -106 -365 -106t-366 106l-12 -6l-5 -12q26 -154 41 -210q47 -81 204 -108q249 -46 428 53q34 19 49 51.5t22.5 85.5t12.5 71z M1272 1020q9 53 -8 75q-43 55 -155 88q-216 63 -487 36q-132 -12 -226 -46q-38 -15 -59.5 -25t-47 -34t-29.5 -54q8 -68 19 -138t29 -171t24 -137q1 -5 5 -31t7 -36t12 -27t22 -28q105 -80 284 -100q259 -28 440 63q24 13 39.5 23t31 29t19.5 40q48 267 80 473zM1536 1120 v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf173;" horiz-adv-x="1024" d="M944 207l80 -237q-23 -35 -111 -66t-177 -32q-104 -2 -190.5 26t-142.5 74t-95 106t-55.5 120t-16.5 118v544h-168v215q72 26 129 69.5t91 90t58 102t34 99t15 88.5q1 5 4.5 8.5t7.5 3.5h244v-424h333v-252h-334v-518q0 -30 6.5 -56t22.5 -52.5t49.5 -41.5t81.5 -14 q78 2 134 29z" />
-<glyph unicode="&#xf174;" d="M1136 75l-62 183q-44 -22 -103 -22q-36 -1 -62 10.5t-38.5 31.5t-17.5 40.5t-5 43.5v398h257v194h-256v326h-188q-8 0 -9 -10q-5 -44 -17.5 -87t-39 -95t-77 -95t-118.5 -68v-165h130v-418q0 -57 21.5 -115t65 -111t121 -85.5t176.5 -30.5q69 1 136.5 25t85.5 50z M1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf175;" horiz-adv-x="768" d="M765 237q8 -19 -5 -35l-350 -384q-10 -10 -23 -10q-14 0 -24 10l-355 384q-13 16 -5 35q9 19 29 19h224v1248q0 14 9 23t23 9h192q14 0 23 -9t9 -23v-1248h224q21 0 29 -19z" />
-<glyph unicode="&#xf176;" horiz-adv-x="768" d="M765 1043q-9 -19 -29 -19h-224v-1248q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v1248h-224q-21 0 -29 19t5 35l350 384q10 10 23 10q14 0 24 -10l355 -384q13 -16 5 -35z" />
-<glyph unicode="&#xf177;" horiz-adv-x="1792" d="M1792 736v-192q0 -14 -9 -23t-23 -9h-1248v-224q0 -21 -19 -29t-35 5l-384 350q-10 10 -10 23q0 14 10 24l384 354q16 14 35 6q19 -9 19 -29v-224h1248q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf178;" horiz-adv-x="1792" d="M1728 643q0 -14 -10 -24l-384 -354q-16 -14 -35 -6q-19 9 -19 29v224h-1248q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h1248v224q0 21 19 29t35 -5l384 -350q10 -10 10 -23z" />
-<glyph unicode="&#xf179;" horiz-adv-x="1408" d="M1393 321q-39 -125 -123 -250q-129 -196 -257 -196q-49 0 -140 32q-86 32 -151 32q-61 0 -142 -33q-81 -34 -132 -34q-152 0 -301 259q-147 261 -147 503q0 228 113 374q112 144 284 144q72 0 177 -30q104 -30 138 -30q45 0 143 34q102 34 173 34q119 0 213 -65 q52 -36 104 -100q-79 -67 -114 -118q-65 -94 -65 -207q0 -124 69 -223t158 -126zM1017 1494q0 -61 -29 -136q-30 -75 -93 -138q-54 -54 -108 -72q-37 -11 -104 -17q3 149 78 257q74 107 250 148q1 -3 2.5 -11t2.5 -11q0 -4 0.5 -10t0.5 -10z" />
-<glyph unicode="&#xf17a;" horiz-adv-x="1664" d="M682 530v-651l-682 94v557h682zM682 1273v-659h-682v565zM1664 530v-786l-907 125v661h907zM1664 1408v-794h-907v669z" />
-<glyph unicode="&#xf17b;" horiz-adv-x="1408" d="M493 1053q16 0 27.5 11.5t11.5 27.5t-11.5 27.5t-27.5 11.5t-27 -11.5t-11 -27.5t11 -27.5t27 -11.5zM915 1053q16 0 27 11.5t11 27.5t-11 27.5t-27 11.5t-27.5 -11.5t-11.5 -27.5t11.5 -27.5t27.5 -11.5zM103 869q42 0 72 -30t30 -72v-430q0 -43 -29.5 -73t-72.5 -30 t-73 30t-30 73v430q0 42 30 72t73 30zM1163 850v-666q0 -46 -32 -78t-77 -32h-75v-227q0 -43 -30 -73t-73 -30t-73 30t-30 73v227h-138v-227q0 -43 -30 -73t-73 -30q-42 0 -72 30t-30 73l-1 227h-74q-46 0 -78 32t-32 78v666h918zM931 1255q107 -55 171 -153.5t64 -215.5 h-925q0 117 64 215.5t172 153.5l-71 131q-7 13 5 20q13 6 20 -6l72 -132q95 42 201 42t201 -42l72 132q7 12 20 6q12 -7 5 -20zM1408 767v-430q0 -43 -30 -73t-73 -30q-42 0 -72 30t-30 73v430q0 43 30 72.5t72 29.5q43 0 73 -29.5t30 -72.5z" />
-<glyph unicode="&#xf17c;" d="M663 1125q-11 -1 -15.5 -10.5t-8.5 -9.5q-5 -1 -5 5q0 12 19 15h10zM750 1111q-4 -1 -11.5 6.5t-17.5 4.5q24 11 32 -2q3 -6 -3 -9zM399 684q-4 1 -6 -3t-4.5 -12.5t-5.5 -13.5t-10 -13q-7 -10 -1 -12q4 -1 12.5 7t12.5 18q1 3 2 7t2 6t1.5 4.5t0.5 4v3t-1 2.5t-3 2z M1254 325q0 18 -55 42q4 15 7.5 27.5t5 26t3 21.5t0.5 22.5t-1 19.5t-3.5 22t-4 20.5t-5 25t-5.5 26.5q-10 48 -47 103t-72 75q24 -20 57 -83q87 -162 54 -278q-11 -40 -50 -42q-31 -4 -38.5 18.5t-8 83.5t-11.5 107q-9 39 -19.5 69t-19.5 45.5t-15.5 24.5t-13 15t-7.5 7 q-14 62 -31 103t-29.5 56t-23.5 33t-15 40q-4 21 6 53.5t4.5 49.5t-44.5 25q-15 3 -44.5 18t-35.5 16q-8 1 -11 26t8 51t36 27q37 3 51 -30t4 -58q-11 -19 -2 -26.5t30 -0.5q13 4 13 36v37q-5 30 -13.5 50t-21 30.5t-23.5 15t-27 7.5q-107 -8 -89 -134q0 -15 -1 -15 q-9 9 -29.5 10.5t-33 -0.5t-15.5 5q1 57 -16 90t-45 34q-27 1 -41.5 -27.5t-16.5 -59.5q-1 -15 3.5 -37t13 -37.5t15.5 -13.5q10 3 16 14q4 9 -7 8q-7 0 -15.5 14.5t-9.5 33.5q-1 22 9 37t34 14q17 0 27 -21t9.5 -39t-1.5 -22q-22 -15 -31 -29q-8 -12 -27.5 -23.5 t-20.5 -12.5q-13 -14 -15.5 -27t7.5 -18q14 -8 25 -19.5t16 -19t18.5 -13t35.5 -6.5q47 -2 102 15q2 1 23 7t34.5 10.5t29.5 13t21 17.5q9 14 20 8q5 -3 6.5 -8.5t-3 -12t-16.5 -9.5q-20 -6 -56.5 -21.5t-45.5 -19.5q-44 -19 -70 -23q-25 -5 -79 2q-10 2 -9 -2t17 -19 q25 -23 67 -22q17 1 36 7t36 14t33.5 17.5t30 17t24.5 12t17.5 2.5t8.5 -11q0 -2 -1 -4.5t-4 -5t-6 -4.5t-8.5 -5t-9 -4.5t-10 -5t-9.5 -4.5q-28 -14 -67.5 -44t-66.5 -43t-49 -1q-21 11 -63 73q-22 31 -25 22q-1 -3 -1 -10q0 -25 -15 -56.5t-29.5 -55.5t-21 -58t11.5 -63 q-23 -6 -62.5 -90t-47.5 -141q-2 -18 -1.5 -69t-5.5 -59q-8 -24 -29 -3q-32 31 -36 94q-2 28 4 56q4 19 -1 18l-4 -5q-36 -65 10 -166q5 -12 25 -28t24 -20q20 -23 104 -90.5t93 -76.5q16 -15 17.5 -38t-14 -43t-45.5 -23q8 -15 29 -44.5t28 -54t7 -70.5q46 24 7 92 q-4 8 -10.5 16t-9.5 12t-2 6q3 5 13 9.5t20 -2.5q46 -52 166 -36q133 15 177 87q23 38 34 30q12 -6 10 -52q-1 -25 -23 -92q-9 -23 -6 -37.5t24 -15.5q3 19 14.5 77t13.5 90q2 21 -6.5 73.5t-7.5 97t23 70.5q15 18 51 18q1 37 34.5 53t72.5 10.5t60 -22.5zM626 1152 q3 17 -2.5 30t-11.5 15q-9 2 -9 -7q2 -5 5 -6q10 0 7 -15q-3 -20 8 -20q3 0 3 3zM1045 955q-2 8 -6.5 11.5t-13 5t-14.5 5.5q-5 3 -9.5 8t-7 8t-5.5 6.5t-4 4t-4 -1.5q-14 -16 7 -43.5t39 -31.5q9 -1 14.5 8t3.5 20zM867 1168q0 11 -5 19.5t-11 12.5t-9 3q-14 -1 -7 -7l4 -2 q14 -4 18 -31q0 -3 8 2zM921 1401q0 2 -2.5 5t-9 7t-9.5 6q-15 15 -24 15q-9 -1 -11.5 -7.5t-1 -13t-0.5 -12.5q-1 -4 -6 -10.5t-6 -9t3 -8.5q4 -3 8 0t11 9t15 9q1 1 9 1t15 2t9 7zM1486 60q20 -12 31 -24.5t12 -24t-2.5 -22.5t-15.5 -22t-23.5 -19.5t-30 -18.5 t-31.5 -16.5t-32 -15.5t-27 -13q-38 -19 -85.5 -56t-75.5 -64q-17 -16 -68 -19.5t-89 14.5q-18 9 -29.5 23.5t-16.5 25.5t-22 19.5t-47 9.5q-44 1 -130 1q-19 0 -57 -1.5t-58 -2.5q-44 -1 -79.5 -15t-53.5 -30t-43.5 -28.5t-53.5 -11.5q-29 1 -111 31t-146 43q-19 4 -51 9.5 t-50 9t-39.5 9.5t-33.5 14.5t-17 19.5q-10 23 7 66.5t18 54.5q1 16 -4 40t-10 42.5t-4.5 36.5t10.5 27q14 12 57 14t60 12q30 18 42 35t12 51q21 -73 -32 -106q-32 -20 -83 -15q-34 3 -43 -10q-13 -15 5 -57q2 -6 8 -18t8.5 -18t4.5 -17t1 -22q0 -15 -17 -49t-14 -48 q3 -17 37 -26q20 -6 84.5 -18.5t99.5 -20.5q24 -6 74 -22t82.5 -23t55.5 -4q43 6 64.5 28t23 48t-7.5 58.5t-19 52t-20 36.5q-121 190 -169 242q-68 74 -113 40q-11 -9 -15 15q-3 16 -2 38q1 29 10 52t24 47t22 42q8 21 26.5 72t29.5 78t30 61t39 54q110 143 124 195 q-12 112 -16 310q-2 90 24 151.5t106 104.5q39 21 104 21q53 1 106 -13.5t89 -41.5q57 -42 91.5 -121.5t29.5 -147.5q-5 -95 30 -214q34 -113 133 -218q55 -59 99.5 -163t59.5 -191q8 -49 5 -84.5t-12 -55.5t-20 -22q-10 -2 -23.5 -19t-27 -35.5t-40.5 -33.5t-61 -14 q-18 1 -31.5 5t-22.5 13.5t-13.5 15.5t-11.5 20.5t-9 19.5q-22 37 -41 30t-28 -49t7 -97q20 -70 1 -195q-10 -65 18 -100.5t73 -33t85 35.5q59 49 89.5 66.5t103.5 42.5q53 18 77 36.5t18.5 34.5t-25 28.5t-51.5 23.5q-33 11 -49.5 48t-15 72.5t15.5 47.5q1 -31 8 -56.5 t14.5 -40.5t20.5 -28.5t21 -19t21.5 -13t16.5 -9.5z" />
-<glyph unicode="&#xf17d;" d="M1024 36q-42 241 -140 498h-2l-2 -1q-16 -6 -43 -16.5t-101 -49t-137 -82t-131 -114.5t-103 -148l-15 11q184 -150 418 -150q132 0 256 52zM839 643q-21 49 -53 111q-311 -93 -673 -93q-1 -7 -1 -21q0 -124 44 -236.5t124 -201.5q50 89 123.5 166.5t142.5 124.5t130.5 81 t99.5 48l37 13q4 1 13 3.5t13 4.5zM732 855q-120 213 -244 378q-138 -65 -234 -186t-128 -272q302 0 606 80zM1416 536q-210 60 -409 29q87 -239 128 -469q111 75 185 189.5t96 250.5zM611 1277q-1 0 -2 -1q1 1 2 1zM1201 1132q-185 164 -433 164q-76 0 -155 -19 q131 -170 246 -382q69 26 130 60.5t96.5 61.5t65.5 57t37.5 40.5zM1424 647q-3 232 -149 410l-1 -1q-9 -12 -19 -24.5t-43.5 -44.5t-71 -60.5t-100 -65t-131.5 -64.5q25 -53 44 -95q2 -6 6.5 -17.5t7.5 -16.5q36 5 74.5 7t73.5 2t69 -1.5t64 -4t56.5 -5.5t48 -6.5t36.5 -6 t25 -4.5zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf17e;" d="M1173 473q0 50 -19.5 91.5t-48.5 68.5t-73 49t-82.5 34t-87.5 23l-104 24q-30 7 -44 10.5t-35 11.5t-30 16t-16.5 21t-7.5 30q0 77 144 77q43 0 77 -12t54 -28.5t38 -33.5t40 -29t48 -12q47 0 75.5 32t28.5 77q0 55 -56 99.5t-142 67.5t-182 23q-68 0 -132 -15.5 t-119.5 -47t-89 -87t-33.5 -128.5q0 -61 19 -106.5t56 -75.5t80 -48.5t103 -32.5l146 -36q90 -22 112 -36q32 -20 32 -60q0 -39 -40 -64.5t-105 -25.5q-51 0 -91.5 16t-65 38.5t-45.5 45t-46 38.5t-54 16q-50 0 -75.5 -30t-25.5 -75q0 -92 122 -157.5t291 -65.5 q73 0 140 18.5t122.5 53.5t88.5 93.5t33 131.5zM1536 256q0 -159 -112.5 -271.5t-271.5 -112.5q-130 0 -234 80q-77 -16 -150 -16q-143 0 -273.5 55.5t-225 150t-150 225t-55.5 273.5q0 73 16 150q-80 104 -80 234q0 159 112.5 271.5t271.5 112.5q130 0 234 -80 q77 16 150 16q143 0 273.5 -55.5t225 -150t150 -225t55.5 -273.5q0 -73 -16 -150q80 -104 80 -234z" />
-<glyph unicode="&#xf180;" horiz-adv-x="1280" d="M1000 1102l37 194q5 23 -9 40t-35 17h-712q-23 0 -38.5 -17t-15.5 -37v-1101q0 -7 6 -1l291 352q23 26 38 33.5t48 7.5h239q22 0 37 14.5t18 29.5q24 130 37 191q4 21 -11.5 40t-36.5 19h-294q-29 0 -48 19t-19 48v42q0 29 19 47.5t48 18.5h346q18 0 35 13.5t20 29.5z M1227 1324q-15 -73 -53.5 -266.5t-69.5 -350t-35 -173.5q-6 -22 -9 -32.5t-14 -32.5t-24.5 -33t-38.5 -21t-58 -10h-271q-13 0 -22 -10q-8 -9 -426 -494q-22 -25 -58.5 -28.5t-48.5 5.5q-55 22 -55 98v1410q0 55 38 102.5t120 47.5h888q95 0 127 -53t10 -159zM1227 1324 l-158 -790q4 17 35 173.5t69.5 350t53.5 266.5z" />
-<glyph unicode="&#xf181;" d="M704 192v1024q0 14 -9 23t-23 9h-480q-14 0 -23 -9t-9 -23v-1024q0 -14 9 -23t23 -9h480q14 0 23 9t9 23zM1376 576v640q0 14 -9 23t-23 9h-480q-14 0 -23 -9t-9 -23v-640q0 -14 9 -23t23 -9h480q14 0 23 9t9 23zM1536 1344v-1408q0 -26 -19 -45t-45 -19h-1408 q-26 0 -45 19t-19 45v1408q0 26 19 45t45 19h1408q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf182;" horiz-adv-x="1280" d="M1280 480q0 -40 -28 -68t-68 -28q-51 0 -80 43l-227 341h-45v-132l247 -411q9 -15 9 -33q0 -26 -19 -45t-45 -19h-192v-272q0 -46 -33 -79t-79 -33h-160q-46 0 -79 33t-33 79v272h-192q-26 0 -45 19t-19 45q0 18 9 33l247 411v132h-45l-227 -341q-29 -43 -80 -43 q-40 0 -68 28t-28 68q0 29 16 53l256 384q73 107 176 107h384q103 0 176 -107l256 -384q16 -24 16 -53zM864 1280q0 -93 -65.5 -158.5t-158.5 -65.5t-158.5 65.5t-65.5 158.5t65.5 158.5t158.5 65.5t158.5 -65.5t65.5 -158.5z" />
-<glyph unicode="&#xf183;" horiz-adv-x="1024" d="M1024 832v-416q0 -40 -28 -68t-68 -28t-68 28t-28 68v352h-64v-912q0 -46 -33 -79t-79 -33t-79 33t-33 79v464h-64v-464q0 -46 -33 -79t-79 -33t-79 33t-33 79v912h-64v-352q0 -40 -28 -68t-68 -28t-68 28t-28 68v416q0 80 56 136t136 56h640q80 0 136 -56t56 -136z M736 1280q0 -93 -65.5 -158.5t-158.5 -65.5t-158.5 65.5t-65.5 158.5t65.5 158.5t158.5 65.5t158.5 -65.5t65.5 -158.5z" />
-<glyph unicode="&#xf184;" d="M773 234l350 473q16 22 24.5 59t-6 85t-61.5 79q-40 26 -83 25.5t-73.5 -17.5t-54.5 -45q-36 -40 -96 -40q-59 0 -95 40q-24 28 -54.5 45t-73.5 17.5t-84 -25.5q-46 -31 -60.5 -79t-6 -85t24.5 -59zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103 t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf185;" horiz-adv-x="1792" d="M1472 640q0 117 -45.5 223.5t-123 184t-184 123t-223.5 45.5t-223.5 -45.5t-184 -123t-123 -184t-45.5 -223.5t45.5 -223.5t123 -184t184 -123t223.5 -45.5t223.5 45.5t184 123t123 184t45.5 223.5zM1748 363q-4 -15 -20 -20l-292 -96v-306q0 -16 -13 -26q-15 -10 -29 -4 l-292 94l-180 -248q-10 -13 -26 -13t-26 13l-180 248l-292 -94q-14 -6 -29 4q-13 10 -13 26v306l-292 96q-16 5 -20 20q-5 17 4 29l180 248l-180 248q-9 13 -4 29q4 15 20 20l292 96v306q0 16 13 26q15 10 29 4l292 -94l180 248q9 12 26 12t26 -12l180 -248l292 94 q14 6 29 -4q13 -10 13 -26v-306l292 -96q16 -5 20 -20q5 -16 -4 -29l-180 -248l180 -248q9 -12 4 -29z" />
-<glyph unicode="&#xf186;" d="M1262 233q-54 -9 -110 -9q-182 0 -337 90t-245 245t-90 337q0 192 104 357q-201 -60 -328.5 -229t-127.5 -384q0 -130 51 -248.5t136.5 -204t204 -136.5t248.5 -51q144 0 273.5 61.5t220.5 171.5zM1465 318q-94 -203 -283.5 -324.5t-413.5 -121.5q-156 0 -298 61 t-245 164t-164 245t-61 298q0 153 57.5 292.5t156 241.5t235.5 164.5t290 68.5q44 2 61 -39q18 -41 -15 -72q-86 -78 -131.5 -181.5t-45.5 -218.5q0 -148 73 -273t198 -198t273 -73q118 0 228 51q41 18 72 -13q14 -14 17.5 -34t-4.5 -38z" />
-<glyph unicode="&#xf187;" horiz-adv-x="1792" d="M1088 704q0 26 -19 45t-45 19h-256q-26 0 -45 -19t-19 -45t19 -45t45 -19h256q26 0 45 19t19 45zM1664 896v-960q0 -26 -19 -45t-45 -19h-1408q-26 0 -45 19t-19 45v960q0 26 19 45t45 19h1408q26 0 45 -19t19 -45zM1728 1344v-256q0 -26 -19 -45t-45 -19h-1536 q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h1536q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf188;" horiz-adv-x="1664" d="M1632 576q0 -26 -19 -45t-45 -19h-224q0 -171 -67 -290l208 -209q19 -19 19 -45t-19 -45q-18 -19 -45 -19t-45 19l-198 197q-5 -5 -15 -13t-42 -28.5t-65 -36.5t-82 -29t-97 -13v896h-128v-896q-51 0 -101.5 13.5t-87 33t-66 39t-43.5 32.5l-15 14l-183 -207 q-20 -21 -48 -21q-24 0 -43 16q-19 18 -20.5 44.5t15.5 46.5l202 227q-58 114 -58 274h-224q-26 0 -45 19t-19 45t19 45t45 19h224v294l-173 173q-19 19 -19 45t19 45t45 19t45 -19l173 -173h844l173 173q19 19 45 19t45 -19t19 -45t-19 -45l-173 -173v-294h224q26 0 45 -19 t19 -45zM1152 1152h-640q0 133 93.5 226.5t226.5 93.5t226.5 -93.5t93.5 -226.5z" />
-<glyph unicode="&#xf189;" horiz-adv-x="1920" d="M1917 1016q23 -64 -150 -294q-24 -32 -65 -85q-78 -100 -90 -131q-17 -41 14 -81q17 -21 81 -82h1l1 -1l1 -1l2 -2q141 -131 191 -221q3 -5 6.5 -12.5t7 -26.5t-0.5 -34t-25 -27.5t-59 -12.5l-256 -4q-24 -5 -56 5t-52 22l-20 12q-30 21 -70 64t-68.5 77.5t-61 58 t-56.5 15.5q-3 -1 -8 -3.5t-17 -14.5t-21.5 -29.5t-17 -52t-6.5 -77.5q0 -15 -3.5 -27.5t-7.5 -18.5l-4 -5q-18 -19 -53 -22h-115q-71 -4 -146 16.5t-131.5 53t-103 66t-70.5 57.5l-25 24q-10 10 -27.5 30t-71.5 91t-106 151t-122.5 211t-130.5 272q-6 16 -6 27t3 16l4 6 q15 19 57 19l274 2q12 -2 23 -6.5t16 -8.5l5 -3q16 -11 24 -32q20 -50 46 -103.5t41 -81.5l16 -29q29 -60 56 -104t48.5 -68.5t41.5 -38.5t34 -14t27 5q2 1 5 5t12 22t13.5 47t9.5 81t0 125q-2 40 -9 73t-14 46l-6 12q-25 34 -85 43q-13 2 5 24q17 19 38 30q53 26 239 24 q82 -1 135 -13q20 -5 33.5 -13.5t20.5 -24t10.5 -32t3.5 -45.5t-1 -55t-2.5 -70.5t-1.5 -82.5q0 -11 -1 -42t-0.5 -48t3.5 -40.5t11.5 -39t22.5 -24.5q8 -2 17 -4t26 11t38 34.5t52 67t68 107.5q60 104 107 225q4 10 10 17.5t11 10.5l4 3l5 2.5t13 3t20 0.5l288 2 q39 5 64 -2.5t31 -16.5z" />
-<glyph unicode="&#xf18a;" horiz-adv-x="1792" d="M675 252q21 34 11 69t-45 50q-34 14 -73 1t-60 -46q-22 -34 -13 -68.5t43 -50.5t74.5 -2.5t62.5 47.5zM769 373q8 13 3.5 26.5t-17.5 18.5q-14 5 -28.5 -0.5t-21.5 -18.5q-17 -31 13 -45q14 -5 29 0.5t22 18.5zM943 266q-45 -102 -158 -150t-224 -12 q-107 34 -147.5 126.5t6.5 187.5q47 93 151.5 139t210.5 19q111 -29 158.5 -119.5t2.5 -190.5zM1255 426q-9 96 -89 170t-208.5 109t-274.5 21q-223 -23 -369.5 -141.5t-132.5 -264.5q9 -96 89 -170t208.5 -109t274.5 -21q223 23 369.5 141.5t132.5 264.5zM1563 422 q0 -68 -37 -139.5t-109 -137t-168.5 -117.5t-226 -83t-270.5 -31t-275 33.5t-240.5 93t-171.5 151t-65 199.5q0 115 69.5 245t197.5 258q169 169 341.5 236t246.5 -7q65 -64 20 -209q-4 -14 -1 -20t10 -7t14.5 0.5t13.5 3.5l6 2q139 59 246 59t153 -61q45 -63 0 -178 q-2 -13 -4.5 -20t4.5 -12.5t12 -7.5t17 -6q57 -18 103 -47t80 -81.5t34 -116.5zM1489 1046q42 -47 54.5 -108.5t-6.5 -117.5q-8 -23 -29.5 -34t-44.5 -4q-23 8 -34 29.5t-4 44.5q20 63 -24 111t-107 35q-24 -5 -45 8t-25 37q-5 24 8 44.5t37 25.5q60 13 119 -5.5t101 -65.5z M1670 1209q87 -96 112.5 -222.5t-13.5 -241.5q-9 -27 -34 -40t-52 -4t-40 34t-5 52q28 82 10 172t-80 158q-62 69 -148 95.5t-173 8.5q-28 -6 -52 9.5t-30 43.5t9.5 51.5t43.5 29.5q123 26 244 -11.5t208 -134.5z" />
-<glyph unicode="&#xf18b;" d="M1133 -34q-171 -94 -368 -94q-196 0 -367 94q138 87 235.5 211t131.5 268q35 -144 132.5 -268t235.5 -211zM638 1394v-485q0 -252 -126.5 -459.5t-330.5 -306.5q-181 215 -181 495q0 187 83.5 349.5t229.5 269.5t325 137zM1536 638q0 -280 -181 -495 q-204 99 -330.5 306.5t-126.5 459.5v485q179 -30 325 -137t229.5 -269.5t83.5 -349.5z" />
-<glyph unicode="&#xf18c;" horiz-adv-x="1408" d="M1402 433q-32 -80 -76 -138t-91 -88.5t-99 -46.5t-101.5 -14.5t-96.5 8.5t-86.5 22t-69.5 27.5t-46 22.5l-17 10q-113 -228 -289.5 -359.5t-384.5 -132.5q-19 0 -32 13t-13 32t13 31.5t32 12.5q173 1 322.5 107.5t251.5 294.5q-36 -14 -72 -23t-83 -13t-91 2.5t-93 28.5 t-92 59t-84.5 100t-74.5 146q114 47 214 57t167.5 -7.5t124.5 -56.5t88.5 -77t56.5 -82q53 131 79 291q-7 -1 -18 -2.5t-46.5 -2.5t-69.5 0.5t-81.5 10t-88.5 23t-84 42.5t-75 65t-54.5 94.5t-28.5 127.5q70 28 133.5 36.5t112.5 -1t92 -30t73.5 -50t56 -61t42 -63t27.5 -56 t16 -39.5l4 -16q12 122 12 195q-8 6 -21.5 16t-49 44.5t-63.5 71.5t-54 93t-33 112.5t12 127t70 138.5q73 -25 127.5 -61.5t84.5 -76.5t48 -85t20.5 -89t-0.5 -85.5t-13 -76.5t-19 -62t-17 -42l-7 -15q1 -5 1 -50.5t-1 -71.5q3 7 10 18.5t30.5 43t50.5 58t71 55.5t91.5 44.5 t112 14.5t132.5 -24q-2 -78 -21.5 -141.5t-50 -104.5t-69.5 -71.5t-81.5 -45.5t-84.5 -24t-80 -9.5t-67.5 1t-46.5 4.5l-17 3q-23 -147 -73 -283q6 7 18 18.5t49.5 41t77.5 52.5t99.5 42t117.5 20t129 -23.5t137 -77.5z" />
-<glyph unicode="&#xf18d;" horiz-adv-x="1280" d="M1259 283v-66q0 -85 -57.5 -144.5t-138.5 -59.5h-57l-260 -269v269h-529q-81 0 -138.5 59.5t-57.5 144.5v66h1238zM1259 609v-255h-1238v255h1238zM1259 937v-255h-1238v255h1238zM1259 1077v-67h-1238v67q0 84 57.5 143.5t138.5 59.5h846q81 0 138.5 -59.5t57.5 -143.5z " />
-<glyph unicode="&#xf18e;" d="M1152 640q0 -14 -9 -23l-320 -320q-9 -9 -23 -9q-13 0 -22.5 9.5t-9.5 22.5v192h-352q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h352v192q0 14 9 23t23 9q12 0 24 -10l319 -319q9 -9 9 -23zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198 t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf190;" d="M1152 736v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-352v-192q0 -14 -9 -23t-23 -9q-12 0 -24 10l-319 319q-9 9 -9 23t9 23l320 320q9 9 23 9q13 0 22.5 -9.5t9.5 -22.5v-192h352q13 0 22.5 -9.5t9.5 -22.5zM1312 640q0 148 -73 273t-198 198t-273 73t-273 -73t-198 -198 t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf191;" d="M1024 960v-640q0 -26 -19 -45t-45 -19q-20 0 -37 12l-448 320q-27 19 -27 52t27 52l448 320q17 12 37 12q26 0 45 -19t19 -45zM1280 160v960q0 13 -9.5 22.5t-22.5 9.5h-960q-13 0 -22.5 -9.5t-9.5 -22.5v-960q0 -13 9.5 -22.5t22.5 -9.5h960q13 0 22.5 9.5t9.5 22.5z M1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf192;" d="M1024 640q0 -106 -75 -181t-181 -75t-181 75t-75 181t75 181t181 75t181 -75t75 -181zM768 1184q-148 0 -273 -73t-198 -198t-73 -273t73 -273t198 -198t273 -73t273 73t198 198t73 273t-73 273t-198 198t-273 73zM1536 640q0 -209 -103 -385.5t-279.5 -279.5 t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf193;" horiz-adv-x="1664" d="M1023 349l102 -204q-58 -179 -210 -290t-339 -111q-156 0 -288.5 77.5t-210 210t-77.5 288.5q0 181 104.5 330t274.5 211l17 -131q-122 -54 -195 -165.5t-73 -244.5q0 -185 131.5 -316.5t316.5 -131.5q126 0 232.5 65t165 175.5t49.5 236.5zM1571 249l58 -114l-256 -128 q-13 -7 -29 -7q-40 0 -57 35l-239 477h-472q-24 0 -42.5 16.5t-21.5 40.5l-96 779q-2 16 6 42q14 51 57 82.5t97 31.5q66 0 113 -47t47 -113q0 -69 -52 -117.5t-120 -41.5l37 -289h423v-128h-407l16 -128h455q40 0 57 -35l228 -455z" />
-<glyph unicode="&#xf194;" d="M1254 899q16 85 -21 132q-52 65 -187 45q-17 -3 -41 -12.5t-57.5 -30.5t-64.5 -48.5t-59.5 -70t-44.5 -91.5q80 7 113.5 -16t26.5 -99q-5 -52 -52 -143q-43 -78 -71 -99q-44 -32 -87 14q-23 24 -37.5 64.5t-19 73t-10 84t-8.5 71.5q-23 129 -34 164q-12 37 -35.5 69 t-50.5 40q-57 16 -127 -25q-54 -32 -136.5 -106t-122.5 -102v-7q16 -8 25.5 -26t21.5 -20q21 -3 54.5 8.5t58 10.5t41.5 -30q11 -18 18.5 -38.5t15 -48t12.5 -40.5q17 -46 53 -187q36 -146 57 -197q42 -99 103 -125q43 -12 85 -1.5t76 31.5q131 77 250 237 q104 139 172.5 292.5t82.5 226.5zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf195;" horiz-adv-x="1152" d="M1152 704q0 -191 -94.5 -353t-256.5 -256.5t-353 -94.5h-160q-14 0 -23 9t-9 23v611l-215 -66q-3 -1 -9 -1q-10 0 -19 6q-13 10 -13 26v128q0 23 23 31l233 71v93l-215 -66q-3 -1 -9 -1q-10 0 -19 6q-13 10 -13 26v128q0 23 23 31l233 71v250q0 14 9 23t23 9h160 q14 0 23 -9t9 -23v-181l375 116q15 5 28 -5t13 -26v-128q0 -23 -23 -31l-393 -121v-93l375 116q15 5 28 -5t13 -26v-128q0 -23 -23 -31l-393 -121v-487q188 13 318 151t130 328q0 14 9 23t23 9h160q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf196;" horiz-adv-x="1408" d="M1152 736v-64q0 -14 -9 -23t-23 -9h-352v-352q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v352h-352q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h352v352q0 14 9 23t23 9h64q14 0 23 -9t9 -23v-352h352q14 0 23 -9t9 -23zM1280 288v832q0 66 -47 113t-113 47h-832 q-66 0 -113 -47t-47 -113v-832q0 -66 47 -113t113 -47h832q66 0 113 47t47 113zM1408 1120v-832q0 -119 -84.5 -203.5t-203.5 -84.5h-832q-119 0 -203.5 84.5t-84.5 203.5v832q0 119 84.5 203.5t203.5 84.5h832q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf197;" horiz-adv-x="2176" d="M620 416q-110 -64 -268 -64h-128v64h-64q-13 0 -22.5 23.5t-9.5 56.5q0 24 7 49q-58 2 -96.5 10.5t-38.5 20.5t38.5 20.5t96.5 10.5q-7 25 -7 49q0 33 9.5 56.5t22.5 23.5h64v64h128q158 0 268 -64h1113q42 -7 106.5 -18t80.5 -14q89 -15 150 -40.5t83.5 -47.5t22.5 -40 t-22.5 -40t-83.5 -47.5t-150 -40.5q-16 -3 -80.5 -14t-106.5 -18h-1113zM1739 668q53 -36 53 -92t-53 -92l81 -30q68 48 68 122t-68 122zM625 400h1015q-217 -38 -456 -80q-57 0 -113 -24t-83 -48l-28 -24l-288 -288q-26 -26 -70.5 -45t-89.5 -19h-96l-93 464h29 q157 0 273 64zM352 816h-29l93 464h96q46 0 90 -19t70 -45l288 -288q4 -4 11 -10.5t30.5 -23t48.5 -29t61.5 -23t72.5 -10.5l456 -80h-1015q-116 64 -273 64z" />
-<glyph unicode="&#xf198;" horiz-adv-x="1664" d="M1519 760q62 0 103.5 -40.5t41.5 -101.5q0 -97 -93 -130l-172 -59l56 -167q7 -21 7 -47q0 -59 -42 -102t-101 -43q-47 0 -85.5 27t-53.5 72l-55 165l-310 -106l55 -164q8 -24 8 -47q0 -59 -42 -102t-102 -43q-47 0 -85 27t-53 72l-55 163l-153 -53q-29 -9 -50 -9 q-61 0 -101.5 40t-40.5 101q0 47 27.5 85t71.5 53l156 53l-105 313l-156 -54q-26 -8 -48 -8q-60 0 -101 40.5t-41 100.5q0 47 27.5 85t71.5 53l157 53l-53 159q-8 24 -8 47q0 60 42 102.5t102 42.5q47 0 85 -27t53 -72l54 -160l310 105l-54 160q-8 24 -8 47q0 59 42.5 102 t101.5 43q47 0 85.5 -27.5t53.5 -71.5l53 -161l162 55q21 6 43 6q60 0 102.5 -39.5t42.5 -98.5q0 -45 -30 -81.5t-74 -51.5l-157 -54l105 -316l164 56q24 8 46 8zM725 498l310 105l-105 315l-310 -107z" />
-<glyph unicode="&#xf199;" d="M1248 1408q119 0 203.5 -84.5t84.5 -203.5v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960zM1280 352v436q-31 -35 -64 -55q-34 -22 -132.5 -85t-151.5 -99q-98 -69 -164 -69v0v0q-66 0 -164 69 q-46 32 -141.5 92.5t-142.5 92.5q-12 8 -33 27t-31 27v-436q0 -40 28 -68t68 -28h832q40 0 68 28t28 68zM1280 925q0 41 -27.5 70t-68.5 29h-832q-40 0 -68 -28t-28 -68q0 -37 30.5 -76.5t67.5 -64.5q47 -32 137.5 -89t129.5 -83q3 -2 17 -11.5t21 -14t21 -13t23.5 -13 t21.5 -9.5t22.5 -7.5t20.5 -2.5t20.5 2.5t22.5 7.5t21.5 9.5t23.5 13t21 13t21 14t17 11.5l267 174q35 23 66.5 62.5t31.5 73.5z" />
-<glyph unicode="&#xf19a;" horiz-adv-x="1792" d="M127 640q0 163 67 313l367 -1005q-196 95 -315 281t-119 411zM1415 679q0 -19 -2.5 -38.5t-10 -49.5t-11.5 -44t-17.5 -59t-17.5 -58l-76 -256l-278 826q46 3 88 8q19 2 26 18.5t-2.5 31t-28.5 13.5l-205 -10q-75 1 -202 10q-12 1 -20.5 -5t-11.5 -15t-1.5 -18.5t9 -16.5 t19.5 -8l80 -8l120 -328l-168 -504l-280 832q46 3 88 8q19 2 26 18.5t-2.5 31t-28.5 13.5l-205 -10q-7 0 -23 0.5t-26 0.5q105 160 274.5 253.5t367.5 93.5q147 0 280.5 -53t238.5 -149h-10q-55 0 -92 -40.5t-37 -95.5q0 -12 2 -24t4 -21.5t8 -23t9 -21t12 -22.5t12.5 -21 t14.5 -24t14 -23q63 -107 63 -212zM909 573l237 -647q1 -6 5 -11q-126 -44 -255 -44q-112 0 -217 32zM1570 1009q95 -174 95 -369q0 -209 -104 -385.5t-279 -278.5l235 678q59 169 59 276q0 42 -6 79zM896 1536q182 0 348 -71t286 -191t191 -286t71 -348t-71 -348t-191 -286 t-286 -191t-348 -71t-348 71t-286 191t-191 286t-71 348t71 348t191 286t286 191t348 71zM896 -215q173 0 331.5 68t273 182.5t182.5 273t68 331.5t-68 331.5t-182.5 273t-273 182.5t-331.5 68t-331.5 -68t-273 -182.5t-182.5 -273t-68 -331.5t68 -331.5t182.5 -273 t273 -182.5t331.5 -68z" />
-<glyph unicode="&#xf19b;" horiz-adv-x="1792" d="M1086 1536v-1536l-272 -128q-228 20 -414 102t-293 208.5t-107 272.5q0 140 100.5 263.5t275 205.5t391.5 108v-172q-217 -38 -356.5 -150t-139.5 -255q0 -152 154.5 -267t388.5 -145v1360zM1755 954l37 -390l-525 114l147 83q-119 70 -280 99v172q277 -33 481 -157z" />
-<glyph unicode="&#xf19c;" horiz-adv-x="2048" d="M960 1536l960 -384v-128h-128q0 -26 -20.5 -45t-48.5 -19h-1526q-28 0 -48.5 19t-20.5 45h-128v128zM256 896h256v-768h128v768h256v-768h128v768h256v-768h128v768h256v-768h59q28 0 48.5 -19t20.5 -45v-64h-1664v64q0 26 20.5 45t48.5 19h59v768zM1851 -64 q28 0 48.5 -19t20.5 -45v-128h-1920v128q0 26 20.5 45t48.5 19h1782z" />
-<glyph unicode="&#xf19d;" horiz-adv-x="2304" d="M1774 700l18 -316q4 -69 -82 -128t-235 -93.5t-323 -34.5t-323 34.5t-235 93.5t-82 128l18 316l574 -181q22 -7 48 -7t48 7zM2304 1024q0 -23 -22 -31l-1120 -352q-4 -1 -10 -1t-10 1l-652 206q-43 -34 -71 -111.5t-34 -178.5q63 -36 63 -109q0 -69 -58 -107l58 -433 q2 -14 -8 -25q-9 -11 -24 -11h-192q-15 0 -24 11q-10 11 -8 25l58 433q-58 38 -58 107q0 73 65 111q11 207 98 330l-333 104q-22 8 -22 31t22 31l1120 352q4 1 10 1t10 -1l1120 -352q22 -8 22 -31z" />
-<glyph unicode="&#xf19e;" d="M859 579l13 -707q-62 11 -105 11q-41 0 -105 -11l13 707q-40 69 -168.5 295.5t-216.5 374.5t-181 287q58 -15 108 -15q43 0 111 15q63 -111 133.5 -229.5t167 -276.5t138.5 -227q37 61 109.5 177.5t117.5 190t105 176t107 189.5q54 -14 107 -14q56 0 114 14v0 q-28 -39 -60 -88.5t-49.5 -78.5t-56.5 -96t-49 -84q-146 -248 -353 -610z" />
-<glyph unicode="&#xf1a0;" horiz-adv-x="1280" d="M981 197q0 25 -7 49t-14.5 42t-27 41.5t-29.5 35t-38.5 34.5t-36.5 29t-41.5 30t-36.5 26q-16 2 -49 2q-53 0 -104.5 -7t-107 -25t-97 -46t-68.5 -74.5t-27 -105.5q0 -56 23.5 -102t61 -75.5t87 -50t100 -29t101.5 -8.5q58 0 111.5 13t99 39t73 73t27.5 109zM864 1055 q0 59 -17 125.5t-48 129t-84 103.5t-117 41q-42 0 -82.5 -19.5t-66.5 -52.5q-46 -59 -46 -160q0 -46 10 -97.5t31.5 -103t52 -92.5t75 -67t96.5 -26q37 0 77.5 16.5t65.5 43.5q53 56 53 159zM752 1536h417l-137 -88h-132q75 -63 113 -133t38 -160q0 -72 -24.5 -129.5 t-59.5 -93t-69.5 -65t-59 -61.5t-24.5 -66q0 -36 32 -70.5t77 -68t90.5 -73.5t77.5 -104t32 -142q0 -91 -49 -173q-71 -122 -209.5 -179.5t-298.5 -57.5q-132 0 -246.5 41.5t-172.5 137.5q-36 59 -36 131q0 81 44.5 150t118.5 115q131 82 404 100q-32 41 -47.5 73.5 t-15.5 73.5q0 40 21 85q-46 -4 -68 -4q-148 0 -249.5 96.5t-101.5 244.5q0 82 36 159t99 131q76 66 182 98t218 32z" />
-<glyph unicode="&#xf1a1;" horiz-adv-x="2304" d="M1509 107q0 -14 -12 -29q-52 -59 -147.5 -83t-196.5 -24q-252 0 -346 107q-12 15 -12 29q0 17 12 29.5t29 12.5q15 0 30 -12q58 -49 125.5 -66t159.5 -17t160 17t127 66q15 12 30 12q17 0 29 -12.5t12 -29.5zM978 498q0 -61 -43 -104t-104 -43q-60 0 -104.5 43.5 t-44.5 103.5q0 61 44 105t105 44t104 -44t43 -105zM1622 498q0 -61 -43 -104t-104 -43q-60 0 -104.5 43.5t-44.5 103.5q0 61 44 105t105 44t104 -44t43 -105zM415 793q-39 27 -88 27q-66 0 -113 -47t-47 -113q0 -72 54 -121q53 141 194 254zM2020 382q0 222 -249 387 q-128 85 -291.5 126.5t-331.5 41.5t-331.5 -41.5t-292.5 -126.5q-249 -165 -249 -387t249 -387q129 -85 292.5 -126.5t331.5 -41.5t331.5 41.5t291.5 126.5q249 165 249 387zM2137 660q0 66 -47 113t-113 47q-50 0 -93 -30q140 -114 192 -256q61 48 61 126zM1993 1335 q0 49 -34.5 83.5t-82.5 34.5q-49 0 -83.5 -34.5t-34.5 -83.5q0 -48 34.5 -82.5t83.5 -34.5q48 0 82.5 34.5t34.5 82.5zM2220 660q0 -65 -33 -122t-89 -90q5 -35 5 -66q0 -139 -79 -255.5t-208 -201.5q-140 -92 -313.5 -136.5t-354.5 -44.5t-355 44.5t-314 136.5 q-129 85 -208 201.5t-79 255.5q0 36 6 71q-53 33 -83.5 88.5t-30.5 118.5q0 100 71 171.5t172 71.5q91 0 159 -60q265 170 638 177l144 456q10 29 40 29q24 0 384 -90q24 55 74 88t110 33q82 0 141 -59t59 -142t-59 -141.5t-141 -58.5q-83 0 -141.5 58.5t-59.5 140.5 l-339 80l-125 -395q349 -15 603 -179q71 63 163 63q101 0 172 -71.5t71 -171.5z" />
-<glyph unicode="&#xf1a2;" d="M950 393q7 7 17.5 7t17.5 -7t7 -18t-7 -18q-65 -64 -208 -64h-1h-1q-143 0 -207 64q-8 7 -8 18t8 18q7 7 17.5 7t17.5 -7q49 -51 172 -51h1h1q122 0 173 51zM671 613q0 -37 -26 -64t-63 -27t-63 27t-26 64t26 63t63 26t63 -26t26 -63zM1214 1049q-29 0 -50 21t-21 50 q0 30 21 51t50 21q30 0 51 -21t21 -51q0 -29 -21 -50t-51 -21zM1216 1408q132 0 226 -94t94 -227v-894q0 -133 -94 -227t-226 -94h-896q-132 0 -226 94t-94 227v894q0 133 94 227t226 94h896zM1321 596q35 14 57 45.5t22 70.5q0 51 -36 87.5t-87 36.5q-60 0 -98 -48 q-151 107 -375 115l83 265l206 -49q1 -50 36.5 -85t84.5 -35q50 0 86 35.5t36 85.5t-36 86t-86 36q-36 0 -66 -20.5t-45 -53.5l-227 54q-9 2 -17.5 -2.5t-11.5 -14.5l-95 -302q-224 -4 -381 -113q-36 43 -93 43q-51 0 -87 -36.5t-36 -87.5q0 -37 19.5 -67.5t52.5 -45.5 q-7 -25 -7 -54q0 -98 74 -181.5t201.5 -132t278.5 -48.5q150 0 277.5 48.5t201.5 132t74 181.5q0 27 -6 54zM971 702q37 0 63 -26t26 -63t-26 -64t-63 -27t-63 27t-26 64t26 63t63 26z" />
-<glyph unicode="&#xf1a3;" d="M866 697l90 27v62q0 79 -58 135t-138 56t-138 -55.5t-58 -134.5v-283q0 -20 -14 -33.5t-33 -13.5t-32.5 13.5t-13.5 33.5v120h-151v-122q0 -82 57.5 -139t139.5 -57q81 0 138.5 56.5t57.5 136.5v280q0 19 13.5 33t33.5 14q19 0 32.5 -14t13.5 -33v-54zM1199 502v122h-150 v-126q0 -20 -13.5 -33.5t-33.5 -13.5q-19 0 -32.5 14t-13.5 33v123l-90 -26l-60 28v-123q0 -80 58 -137t139 -57t138.5 57t57.5 139zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103 t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf1a4;" horiz-adv-x="1920" d="M1062 824v118q0 42 -30 72t-72 30t-72 -30t-30 -72v-612q0 -175 -126 -299t-303 -124q-178 0 -303.5 125.5t-125.5 303.5v266h328v-262q0 -43 30 -72.5t72 -29.5t72 29.5t30 72.5v620q0 171 126.5 292t301.5 121q176 0 302 -122t126 -294v-136l-195 -58zM1592 602h328 v-266q0 -178 -125.5 -303.5t-303.5 -125.5q-177 0 -303 124.5t-126 300.5v268l131 -61l195 58v-270q0 -42 30 -71.5t72 -29.5t72 29.5t30 71.5v275z" />
-<glyph unicode="&#xf1a5;" d="M1472 160v480h-704v704h-480q-93 0 -158.5 -65.5t-65.5 -158.5v-480h704v-704h480q93 0 158.5 65.5t65.5 158.5zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5 t84.5 -203.5z" />
-<glyph unicode="&#xf1a6;" horiz-adv-x="2048" d="M328 1254h204v-983h-532v697h328v286zM328 435v369h-123v-369h123zM614 968v-697h205v697h-205zM614 1254v-204h205v204h-205zM901 968h533v-942h-533v163h328v82h-328v697zM1229 435v369h-123v-369h123zM1516 968h532v-942h-532v163h327v82h-327v697zM1843 435v369h-123 v-369h123z" />
-<glyph unicode="&#xf1a7;" d="M1046 516q0 -64 -38 -109t-91 -45q-43 0 -70 15v277q28 17 70 17q53 0 91 -45.5t38 -109.5zM703 944q0 -64 -38 -109.5t-91 -45.5q-43 0 -70 15v277q28 17 70 17q53 0 91 -45t38 -109zM1265 513q0 134 -88 229t-213 95q-20 0 -39 -3q-23 -78 -78 -136q-87 -95 -211 -101 v-636l211 41v206q51 -19 117 -19q125 0 213 95t88 229zM922 940q0 134 -88.5 229t-213.5 95q-74 0 -141 -36h-186v-840l211 41v206q55 -19 116 -19q125 0 213.5 95t88.5 229zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960 q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf1a8;" horiz-adv-x="2038" d="M1222 607q75 3 143.5 -20.5t118 -58.5t101 -94.5t84 -108t75.5 -120.5q33 -56 78.5 -109t75.5 -80.5t99 -88.5q-48 -30 -108.5 -57.5t-138.5 -59t-114 -47.5q-44 37 -74 115t-43.5 164.5t-33 180.5t-42.5 168.5t-72.5 123t-122.5 48.5l-10 -2l-6 -4q4 -5 13 -14 q6 -5 28 -23.5t25.5 -22t19 -18t18 -20.5t11.5 -21t10.5 -27.5t4.5 -31t4 -40.5l1 -33q1 -26 -2.5 -57.5t-7.5 -52t-12.5 -58.5t-11.5 -53q-35 1 -101 -9.5t-98 -10.5q-39 0 -72 10q-2 16 -2 47q0 74 3 96q2 13 31.5 41.5t57 59t26.5 51.5q-24 2 -43 -24 q-36 -53 -111.5 -99.5t-136.5 -46.5q-25 0 -75.5 63t-106.5 139.5t-84 96.5q-6 4 -27 30q-482 -112 -513 -112q-16 0 -28 11t-12 27q0 15 8.5 26.5t22.5 14.5l486 106q-8 14 -8 25t5.5 17.5t16 11.5t20 7t23 4.5t18.5 4.5q4 1 15.5 7.5t17.5 6.5q15 0 28 -16t20 -33 q163 37 172 37q17 0 29.5 -11t12.5 -28q0 -15 -8.5 -26t-23.5 -14l-182 -40l-1 -16q-1 -26 81.5 -117.5t104.5 -91.5q47 0 119 80t72 129q0 36 -23.5 53t-51 18.5t-51 11.5t-23.5 34q0 16 10 34l-68 19q43 44 43 117q0 26 -5 58q82 16 144 16q44 0 71.5 -1.5t48.5 -8.5 t31 -13.5t20.5 -24.5t15.5 -33.5t17 -47.5t24 -60l50 25q-3 -40 -23 -60t-42.5 -21t-40 -6.5t-16.5 -20.5zM1282 842q-5 5 -13.5 15.5t-12 14.5t-10.5 11.5t-10 10.5l-8 8t-8.5 7.5t-8 5t-8.5 4.5q-7 3 -14.5 5t-20.5 2.5t-22 0.5h-32.5h-37.5q-126 0 -217 -43 q16 30 36 46.5t54 29.5t65.5 36t46 36.5t50 55t43.5 50.5q12 -9 28 -31.5t32 -36.5t38 -13l12 1v-76l22 -1q247 95 371 190q28 21 50 39t42.5 37.5t33 31t29.5 34t24 31t24.5 37t23 38t27 47.5t29.5 53l7 9q-2 -53 -43 -139q-79 -165 -205 -264t-306 -142q-14 -3 -42 -7.5 t-50 -9.5t-39 -14q3 -19 24.5 -46t21.5 -34q0 -11 -26 -30zM1061 -79q39 26 131.5 47.5t146.5 21.5q9 0 22.5 -15.5t28 -42.5t26 -50t24 -51t14.5 -33q-121 -45 -244 -45q-61 0 -125 11zM822 568l48 12l109 -177l-73 -48zM1323 51q3 -15 3 -16q0 -7 -17.5 -14.5t-46 -13 t-54 -9.5t-53.5 -7.5t-32 -4.5l-7 43q21 2 60.5 8.5t72 10t60.5 3.5h14zM866 679l-96 -20l-6 17q10 1 32.5 7t34.5 6q19 0 35 -10zM1061 45h31l10 -83l-41 -12v95zM1950 1535v1v-1zM1950 1535l-1 -5l-2 -2l1 3zM1950 1535l1 1z" />
-<glyph unicode="&#xf1a9;" d="M1167 -50q-5 19 -24 5q-30 -22 -87 -39t-131 -17q-129 0 -193 49q-5 4 -13 4q-11 0 -26 -12q-7 -6 -7.5 -16t7.5 -20q34 -32 87.5 -46t102.5 -12.5t99 4.5q41 4 84.5 20.5t65 30t28.5 20.5q12 12 7 29zM1128 65q-19 47 -39 61q-23 15 -76 15q-47 0 -71 -10 q-29 -12 -78 -56q-26 -24 -12 -44q9 -8 17.5 -4.5t31.5 23.5q3 2 10.5 8.5t10.5 8.5t10 7t11.5 7t12.5 5t15 4.5t16.5 2.5t20.5 1q27 0 44.5 -7.5t23 -14.5t13.5 -22q10 -17 12.5 -20t12.5 1q23 12 14 34zM1483 346q0 22 -5 44.5t-16.5 45t-34 36.5t-52.5 14 q-33 0 -97 -41.5t-129 -83.5t-101 -42q-27 -1 -63.5 19t-76 49t-83.5 58t-100 49t-111 19q-115 -1 -197 -78.5t-84 -178.5q-2 -112 74 -164q29 -20 62.5 -28.5t103.5 -8.5q57 0 132 32.5t134 71t120 70.5t93 31q26 -1 65 -31.5t71.5 -67t68 -67.5t55.5 -32q35 -3 58.5 14 t55.5 63q28 41 42.5 101t14.5 106zM1536 506q0 -164 -62 -304.5t-166 -236t-242.5 -149.5t-290.5 -54t-293 57.5t-247.5 157t-170.5 241.5t-64 302q0 89 19.5 172.5t49 145.5t70.5 118.5t78.5 94t78.5 69.5t64.5 46.5t42.5 24.5q14 8 51 26.5t54.5 28.5t48 30t60.5 44 q36 28 58 72.5t30 125.5q129 -155 186 -193q44 -29 130 -68t129 -66q21 -13 39 -25t60.5 -46.5t76 -70.5t75 -95t69 -122t47 -148.5t19.5 -177.5z" />
-<glyph unicode="&#xf1aa;" d="M1070 463l-160 -160l-151 -152l-30 -30q-65 -64 -151.5 -87t-171.5 -2q-16 -70 -72 -115t-129 -45q-85 0 -145 60.5t-60 145.5q0 72 44.5 128t113.5 72q-22 86 1 173t88 152l12 12l151 -152l-11 -11q-37 -37 -37 -89t37 -90q37 -37 89 -37t89 37l30 30l151 152l161 160z M729 1145l12 -12l-152 -152l-12 12q-37 37 -89 37t-89 -37t-37 -89.5t37 -89.5l29 -29l152 -152l160 -160l-151 -152l-161 160l-151 152l-30 30q-68 67 -90 159.5t5 179.5q-70 15 -115 71t-45 129q0 85 60 145.5t145 60.5q76 0 133.5 -49t69.5 -123q84 20 169.5 -3.5 t149.5 -87.5zM1536 78q0 -85 -60 -145.5t-145 -60.5q-74 0 -131 47t-71 118q-86 -28 -179.5 -6t-161.5 90l-11 12l151 152l12 -12q37 -37 89 -37t89 37t37 89t-37 89l-30 30l-152 152l-160 160l152 152l160 -160l152 -152l29 -30q64 -64 87.5 -150.5t2.5 -171.5 q76 -11 126.5 -68.5t50.5 -134.5zM1534 1202q0 -77 -51 -135t-127 -69q26 -85 3 -176.5t-90 -158.5l-12 -12l-151 152l12 12q37 37 37 89t-37 89t-89 37t-89 -37l-30 -30l-152 -152l-160 -160l-152 152l161 160l152 152l29 30q67 67 159 89.5t178 -3.5q11 75 68.5 126 t135.5 51q85 0 145 -60.5t60 -145.5z" />
-<glyph unicode="&#xf1ab;" d="M654 458q-1 -3 -12.5 0.5t-31.5 11.5l-20 9q-44 20 -87 49q-7 5 -41 31.5t-38 28.5q-67 -103 -134 -181q-81 -95 -105 -110q-4 -2 -19.5 -4t-18.5 0q6 4 82 92q21 24 85.5 115t78.5 118q17 30 51 98.5t36 77.5q-8 1 -110 -33q-8 -2 -27.5 -7.5t-34.5 -9.5t-17 -5 q-2 -2 -2 -10.5t-1 -9.5q-5 -10 -31 -15q-23 -7 -47 0q-18 4 -28 21q-4 6 -5 23q6 2 24.5 5t29.5 6q58 16 105 32q100 35 102 35q10 2 43 19.5t44 21.5q9 3 21.5 8t14.5 5.5t6 -0.5q2 -12 -1 -33q0 -2 -12.5 -27t-26.5 -53.5t-17 -33.5q-25 -50 -77 -131l64 -28 q12 -6 74.5 -32t67.5 -28q4 -1 10.5 -25.5t4.5 -30.5zM449 944q3 -15 -4 -28q-12 -23 -50 -38q-30 -12 -60 -12q-26 3 -49 26q-14 15 -18 41l1 3q3 -3 19.5 -5t26.5 0t58 16q36 12 55 14q17 0 21 -17zM1147 815l63 -227l-139 42zM39 15l694 232v1032l-694 -233v-1031z M1280 332l102 -31l-181 657l-100 31l-216 -536l102 -31l45 110l211 -65zM777 1294l573 -184v380zM1088 -29l158 -13l-54 -160l-40 66q-130 -83 -276 -108q-58 -12 -91 -12h-84q-79 0 -199.5 39t-183.5 85q-8 7 -8 16q0 8 5 13.5t13 5.5q4 0 18 -7.5t30.5 -16.5t20.5 -11 q73 -37 159.5 -61.5t157.5 -24.5q95 0 167 14.5t157 50.5q15 7 30.5 15.5t34 19t28.5 16.5zM1536 1050v-1079l-774 246q-14 -6 -375 -127.5t-368 -121.5q-13 0 -18 13q0 1 -1 3v1078q3 9 4 10q5 6 20 11q106 35 149 50v384l558 -198q2 0 160.5 55t316 108.5t161.5 53.5 q20 0 20 -21v-418z" />
-<glyph unicode="&#xf1ac;" horiz-adv-x="1792" d="M288 1152q66 0 113 -47t47 -113v-1088q0 -66 -47 -113t-113 -47h-128q-66 0 -113 47t-47 113v1088q0 66 47 113t113 47h128zM1664 989q58 -34 93 -93t35 -128v-768q0 -106 -75 -181t-181 -75h-864q-66 0 -113 47t-47 113v1536q0 40 28 68t68 28h672q40 0 88 -20t76 -48 l152 -152q28 -28 48 -76t20 -88v-163zM928 0v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM928 256v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM928 512v128q0 14 -9 23 t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM1184 0v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM1184 256v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128 q14 0 23 9t9 23zM1184 512v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM1440 0v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM1440 256v128q0 14 -9 23t-23 9h-128 q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM1440 512v128q0 14 -9 23t-23 9h-128q-14 0 -23 -9t-9 -23v-128q0 -14 9 -23t23 -9h128q14 0 23 9t9 23zM1536 896v256h-160q-40 0 -68 28t-28 68v160h-640v-512h896z" />
-<glyph unicode="&#xf1ad;" d="M1344 1536q26 0 45 -19t19 -45v-1664q0 -26 -19 -45t-45 -19h-1280q-26 0 -45 19t-19 45v1664q0 26 19 45t45 19h1280zM512 1248v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23zM512 992v-64q0 -14 9 -23t23 -9h64q14 0 23 9 t9 23v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23zM512 736v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23zM512 480v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23zM384 160v64 q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM384 416v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM384 672v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64 q14 0 23 9t9 23zM384 928v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM384 1184v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM896 -96v192q0 14 -9 23t-23 9h-320q-14 0 -23 -9 t-9 -23v-192q0 -14 9 -23t23 -9h320q14 0 23 9t9 23zM896 416v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM896 672v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM896 928v64 q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM896 1184v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1152 160v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64 q14 0 23 9t9 23zM1152 416v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1152 672v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1152 928v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9 t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1152 1184v64q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-64q0 -14 9 -23t23 -9h64q14 0 23 9t9 23z" />
-<glyph unicode="&#xf1ae;" horiz-adv-x="1280" d="M1188 988l-292 -292v-824q0 -46 -33 -79t-79 -33t-79 33t-33 79v384h-64v-384q0 -46 -33 -79t-79 -33t-79 33t-33 79v824l-292 292q-28 28 -28 68t28 68t68 28t68 -28l228 -228h368l228 228q28 28 68 28t68 -28t28 -68t-28 -68zM864 1152q0 -93 -65.5 -158.5 t-158.5 -65.5t-158.5 65.5t-65.5 158.5t65.5 158.5t158.5 65.5t158.5 -65.5t65.5 -158.5z" />
-<glyph unicode="&#xf1b0;" horiz-adv-x="1664" d="M780 1064q0 -60 -19 -113.5t-63 -92.5t-105 -39q-76 0 -138 57.5t-92 135.5t-30 151q0 60 19 113.5t63 92.5t105 39q77 0 138.5 -57.5t91.5 -135t30 -151.5zM438 581q0 -80 -42 -139t-119 -59q-76 0 -141.5 55.5t-100.5 133.5t-35 152q0 80 42 139.5t119 59.5 q76 0 141.5 -55.5t100.5 -134t35 -152.5zM832 608q118 0 255 -97.5t229 -237t92 -254.5q0 -46 -17 -76.5t-48.5 -45t-64.5 -20t-76 -5.5q-68 0 -187.5 45t-182.5 45q-66 0 -192.5 -44.5t-200.5 -44.5q-183 0 -183 146q0 86 56 191.5t139.5 192.5t187.5 146t193 59zM1071 819 q-61 0 -105 39t-63 92.5t-19 113.5q0 74 30 151.5t91.5 135t138.5 57.5q61 0 105 -39t63 -92.5t19 -113.5q0 -73 -30 -151t-92 -135.5t-138 -57.5zM1503 923q77 0 119 -59.5t42 -139.5q0 -74 -35 -152t-100.5 -133.5t-141.5 -55.5q-77 0 -119 59t-42 139q0 74 35 152.5 t100.5 134t141.5 55.5z" />
-<glyph unicode="&#xf1b1;" horiz-adv-x="768" d="M704 1008q0 -145 -57 -243.5t-152 -135.5l45 -821q2 -26 -16 -45t-44 -19h-192q-26 0 -44 19t-16 45l45 821q-95 37 -152 135.5t-57 243.5q0 128 42.5 249.5t117.5 200t160 78.5t160 -78.5t117.5 -200t42.5 -249.5z" />
-<glyph unicode="&#xf1b2;" horiz-adv-x="1792" d="M896 -93l640 349v636l-640 -233v-752zM832 772l698 254l-698 254l-698 -254zM1664 1024v-768q0 -35 -18 -65t-49 -47l-704 -384q-28 -16 -61 -16t-61 16l-704 384q-31 17 -49 47t-18 65v768q0 40 23 73t61 47l704 256q22 8 44 8t44 -8l704 -256q38 -14 61 -47t23 -73z " />
-<glyph unicode="&#xf1b3;" horiz-adv-x="2304" d="M640 -96l384 192v314l-384 -164v-342zM576 358l404 173l-404 173l-404 -173zM1664 -96l384 192v314l-384 -164v-342zM1600 358l404 173l-404 173l-404 -173zM1152 651l384 165v266l-384 -164v-267zM1088 1030l441 189l-441 189l-441 -189zM2176 512v-416q0 -36 -19 -67 t-52 -47l-448 -224q-25 -14 -57 -14t-57 14l-448 224q-5 2 -7 4q-2 -2 -7 -4l-448 -224q-25 -14 -57 -14t-57 14l-448 224q-33 16 -52 47t-19 67v416q0 38 21.5 70t56.5 48l434 186v400q0 38 21.5 70t56.5 48l448 192q23 10 50 10t50 -10l448 -192q35 -16 56.5 -48t21.5 -70 v-400l434 -186q36 -16 57 -48t21 -70z" />
-<glyph unicode="&#xf1b4;" horiz-adv-x="2048" d="M1848 1197h-511v-124h511v124zM1596 771q-90 0 -146 -52.5t-62 -142.5h408q-18 195 -200 195zM1612 186q63 0 122 32t76 87h221q-100 -307 -427 -307q-214 0 -340.5 132t-126.5 347q0 208 130.5 345.5t336.5 137.5q138 0 240.5 -68t153 -179t50.5 -248q0 -17 -2 -47h-658 q0 -111 57.5 -171.5t166.5 -60.5zM277 236h296q205 0 205 167q0 180 -199 180h-302v-347zM277 773h281q78 0 123.5 36.5t45.5 113.5q0 144 -190 144h-260v-294zM0 1282h594q87 0 155 -14t126.5 -47.5t90 -96.5t31.5 -154q0 -181 -172 -263q114 -32 172 -115t58 -204 q0 -75 -24.5 -136.5t-66 -103.5t-98.5 -71t-121 -42t-134 -13h-611v1260z" />
-<glyph unicode="&#xf1b5;" d="M1248 1408q119 0 203.5 -84.5t84.5 -203.5v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960zM499 1041h-371v-787h382q117 0 197 57.5t80 170.5q0 158 -143 200q107 52 107 164q0 57 -19.5 96.5 t-56.5 60.5t-79 29.5t-97 8.5zM477 723h-176v184h163q119 0 119 -90q0 -94 -106 -94zM486 388h-185v217h189q124 0 124 -113q0 -104 -128 -104zM1136 356q-68 0 -104 38t-36 107h411q1 10 1 30q0 132 -74.5 220.5t-203.5 88.5q-128 0 -210 -86t-82 -216q0 -135 79 -217 t213 -82q205 0 267 191h-138q-11 -34 -47.5 -54t-75.5 -20zM1126 722q113 0 124 -122h-254q4 56 39 89t91 33zM964 988h319v-77h-319v77z" />
-<glyph unicode="&#xf1b6;" horiz-adv-x="1792" d="M1582 954q0 -101 -71.5 -172.5t-172.5 -71.5t-172.5 71.5t-71.5 172.5t71.5 172.5t172.5 71.5t172.5 -71.5t71.5 -172.5zM812 212q0 104 -73 177t-177 73q-27 0 -54 -6l104 -42q77 -31 109.5 -106.5t1.5 -151.5q-31 -77 -107 -109t-152 -1q-21 8 -62 24.5t-61 24.5 q32 -60 91 -96.5t130 -36.5q104 0 177 73t73 177zM1642 953q0 126 -89.5 215.5t-215.5 89.5q-127 0 -216.5 -89.5t-89.5 -215.5q0 -127 89.5 -216t216.5 -89q126 0 215.5 89t89.5 216zM1792 953q0 -189 -133.5 -322t-321.5 -133l-437 -319q-12 -129 -109 -218t-229 -89 q-121 0 -214 76t-118 192l-230 92v429l389 -157q79 48 173 48q13 0 35 -2l284 407q2 187 135.5 319t320.5 132q188 0 321.5 -133.5t133.5 -321.5z" />
-<glyph unicode="&#xf1b7;" d="M1242 889q0 80 -57 136.5t-137 56.5t-136.5 -57t-56.5 -136q0 -80 56.5 -136.5t136.5 -56.5t137 56.5t57 136.5zM632 301q0 -83 -58 -140.5t-140 -57.5q-56 0 -103 29t-72 77q52 -20 98 -40q60 -24 120 1.5t85 86.5q24 60 -1.5 120t-86.5 84l-82 33q22 5 42 5 q82 0 140 -57.5t58 -140.5zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v153l172 -69q20 -92 93.5 -152t168.5 -60q104 0 181 70t87 173l345 252q150 0 255.5 105.5t105.5 254.5q0 150 -105.5 255.5t-255.5 105.5 q-148 0 -253 -104.5t-107 -252.5l-225 -322q-9 1 -28 1q-75 0 -137 -37l-297 119v468q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5zM1289 887q0 -100 -71 -170.5t-171 -70.5t-170.5 70.5t-70.5 170.5t70.5 171t170.5 71q101 0 171.5 -70.5t70.5 -171.5z " />
-<glyph unicode="&#xf1b8;" horiz-adv-x="1792" d="M836 367l-15 -368l-2 -22l-420 29q-36 3 -67 31.5t-47 65.5q-11 27 -14.5 55t4 65t12 55t21.5 64t19 53q78 -12 509 -28zM449 953l180 -379l-147 92q-63 -72 -111.5 -144.5t-72.5 -125t-39.5 -94.5t-18.5 -63l-4 -21l-190 357q-17 26 -18 56t6 47l8 18q35 63 114 188 l-140 86zM1680 436l-188 -359q-12 -29 -36.5 -46.5t-43.5 -20.5l-18 -4q-71 -7 -219 -12l8 -164l-230 367l211 362l7 -173q170 -16 283 -5t170 33zM895 1360q-47 -63 -265 -435l-317 187l-19 12l225 356q20 31 60 45t80 10q24 -2 48.5 -12t42 -21t41.5 -33t36 -34.5 t36 -39.5t32 -35zM1550 1053l212 -363q18 -37 12.5 -76t-27.5 -74q-13 -20 -33 -37t-38 -28t-48.5 -22t-47 -16t-51.5 -14t-46 -12q-34 72 -265 436l313 195zM1407 1279l142 83l-220 -373l-419 20l151 86q-34 89 -75 166t-75.5 123.5t-64.5 80t-47 46.5l-17 13l405 -1 q31 3 58 -10.5t39 -28.5l11 -15q39 -61 112 -190z" />
-<glyph unicode="&#xf1b9;" horiz-adv-x="2048" d="M480 448q0 66 -47 113t-113 47t-113 -47t-47 -113t47 -113t113 -47t113 47t47 113zM516 768h1016l-89 357q-2 8 -14 17.5t-21 9.5h-768q-9 0 -21 -9.5t-14 -17.5zM1888 448q0 66 -47 113t-113 47t-113 -47t-47 -113t47 -113t113 -47t113 47t47 113zM2048 544v-384 q0 -14 -9 -23t-23 -9h-96v-128q0 -80 -56 -136t-136 -56t-136 56t-56 136v128h-1024v-128q0 -80 -56 -136t-136 -56t-136 56t-56 136v128h-96q-14 0 -23 9t-9 23v384q0 93 65.5 158.5t158.5 65.5h28l105 419q23 94 104 157.5t179 63.5h768q98 0 179 -63.5t104 -157.5 l105 -419h28q93 0 158.5 -65.5t65.5 -158.5z" />
-<glyph unicode="&#xf1ba;" horiz-adv-x="2048" d="M1824 640q93 0 158.5 -65.5t65.5 -158.5v-384q0 -14 -9 -23t-23 -9h-96v-64q0 -80 -56 -136t-136 -56t-136 56t-56 136v64h-1024v-64q0 -80 -56 -136t-136 -56t-136 56t-56 136v64h-96q-14 0 -23 9t-9 23v384q0 93 65.5 158.5t158.5 65.5h28l105 419q23 94 104 157.5 t179 63.5h128v224q0 14 9 23t23 9h448q14 0 23 -9t9 -23v-224h128q98 0 179 -63.5t104 -157.5l105 -419h28zM320 160q66 0 113 47t47 113t-47 113t-113 47t-113 -47t-47 -113t47 -113t113 -47zM516 640h1016l-89 357q-2 8 -14 17.5t-21 9.5h-768q-9 0 -21 -9.5t-14 -17.5z M1728 160q66 0 113 47t47 113t-47 113t-113 47t-113 -47t-47 -113t47 -113t113 -47z" />
-<glyph unicode="&#xf1bb;" d="M1504 64q0 -26 -19 -45t-45 -19h-462q1 -17 6 -87.5t5 -108.5q0 -25 -18 -42.5t-43 -17.5h-320q-25 0 -43 17.5t-18 42.5q0 38 5 108.5t6 87.5h-462q-26 0 -45 19t-19 45t19 45l402 403h-229q-26 0 -45 19t-19 45t19 45l402 403h-197q-26 0 -45 19t-19 45t19 45l384 384 q19 19 45 19t45 -19l384 -384q19 -19 19 -45t-19 -45t-45 -19h-197l402 -403q19 -19 19 -45t-19 -45t-45 -19h-229l402 -403q19 -19 19 -45z" />
-<glyph unicode="&#xf1bc;" d="M1127 326q0 32 -30 51q-193 115 -447 115q-133 0 -287 -34q-42 -9 -42 -52q0 -20 13.5 -34.5t35.5 -14.5q5 0 37 8q132 27 243 27q226 0 397 -103q19 -11 33 -11q19 0 33 13.5t14 34.5zM1223 541q0 40 -35 61q-237 141 -548 141q-153 0 -303 -42q-48 -13 -48 -64 q0 -25 17.5 -42.5t42.5 -17.5q7 0 37 8q122 33 251 33q279 0 488 -124q24 -13 38 -13q25 0 42.5 17.5t17.5 42.5zM1331 789q0 47 -40 70q-126 73 -293 110.5t-343 37.5q-204 0 -364 -47q-23 -7 -38.5 -25.5t-15.5 -48.5q0 -31 20.5 -52t51.5 -21q11 0 40 8q133 37 307 37 q159 0 309.5 -34t253.5 -95q21 -12 40 -12q29 0 50.5 20.5t21.5 51.5zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf1bd;" horiz-adv-x="1024" d="M1024 1233l-303 -582l24 -31h279v-415h-507l-44 -30l-142 -273l-30 -30h-301v303l303 583l-24 30h-279v415h507l44 30l142 273l30 30h301v-303z" />
-<glyph unicode="&#xf1be;" horiz-adv-x="2304" d="M784 164l16 241l-16 523q-1 10 -7.5 17t-16.5 7q-9 0 -16 -7t-7 -17l-14 -523l14 -241q1 -10 7.5 -16.5t15.5 -6.5q22 0 24 23zM1080 193l11 211l-12 586q0 16 -13 24q-8 5 -16 5t-16 -5q-13 -8 -13 -24l-1 -6l-10 -579q0 -1 11 -236v-1q0 -10 6 -17q9 -11 23 -11 q11 0 20 9q9 7 9 20zM35 533l20 -128l-20 -126q-2 -9 -9 -9t-9 9l-17 126l17 128q2 9 9 9t9 -9zM121 612l26 -207l-26 -203q-2 -9 -10 -9q-9 0 -9 10l-23 202l23 207q0 9 9 9q8 0 10 -9zM401 159zM213 650l25 -245l-25 -237q0 -11 -11 -11q-10 0 -12 11l-21 237l21 245 q2 12 12 12q11 0 11 -12zM307 657l23 -252l-23 -244q-2 -13 -14 -13q-13 0 -13 13l-21 244l21 252q0 13 13 13q12 0 14 -13zM401 639l21 -234l-21 -246q-2 -16 -16 -16q-6 0 -10.5 4.5t-4.5 11.5l-20 246l20 234q0 6 4.5 10.5t10.5 4.5q14 0 16 -15zM784 164zM495 785 l21 -380l-21 -246q0 -7 -5 -12.5t-12 -5.5q-16 0 -18 18l-18 246l18 380q2 18 18 18q7 0 12 -5.5t5 -12.5zM589 871l19 -468l-19 -244q0 -8 -5.5 -13.5t-13.5 -5.5q-18 0 -20 19l-16 244l16 468q2 19 20 19q8 0 13.5 -5.5t5.5 -13.5zM687 911l18 -506l-18 -242 q-2 -21 -22 -21q-19 0 -21 21l-16 242l16 506q0 9 6.5 15.5t14.5 6.5q9 0 15 -6.5t7 -15.5zM1079 169v0v0zM881 915l15 -510l-15 -239q0 -10 -7.5 -17.5t-17.5 -7.5t-17 7t-8 18l-14 239l14 510q0 11 7.5 18t17.5 7t17.5 -7t7.5 -18zM980 896l14 -492l-14 -236q0 -11 -8 -19 t-19 -8t-19 8t-9 19l-12 236l12 492q1 12 9 20t19 8t18.5 -8t8.5 -20zM1192 404l-14 -231v0q0 -13 -9 -22t-22 -9t-22 9t-10 22l-6 114l-6 117l12 636v3q2 15 12 24q9 7 20 7q8 0 15 -5q14 -8 16 -26zM2304 423q0 -117 -83 -199.5t-200 -82.5h-786q-13 2 -22 11t-9 22v899 q0 23 28 33q85 34 181 34q195 0 338 -131.5t160 -323.5q53 22 110 22q117 0 200 -83t83 -201z" />
-<glyph unicode="&#xf1c0;" d="M768 768q237 0 443 43t325 127v-170q0 -69 -103 -128t-280 -93.5t-385 -34.5t-385 34.5t-280 93.5t-103 128v170q119 -84 325 -127t443 -43zM768 0q237 0 443 43t325 127v-170q0 -69 -103 -128t-280 -93.5t-385 -34.5t-385 34.5t-280 93.5t-103 128v170q119 -84 325 -127 t443 -43zM768 384q237 0 443 43t325 127v-170q0 -69 -103 -128t-280 -93.5t-385 -34.5t-385 34.5t-280 93.5t-103 128v170q119 -84 325 -127t443 -43zM768 1536q208 0 385 -34.5t280 -93.5t103 -128v-128q0 -69 -103 -128t-280 -93.5t-385 -34.5t-385 34.5t-280 93.5 t-103 128v128q0 69 103 128t280 93.5t385 34.5z" />
-<glyph unicode="&#xf1c1;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M894 465q33 -26 84 -56q59 7 117 7q147 0 177 -49q16 -22 2 -52q0 -1 -1 -2l-2 -2v-1q-6 -38 -71 -38q-48 0 -115 20t-130 53q-221 -24 -392 -83q-153 -262 -242 -262q-15 0 -28 7l-24 12q-1 1 -6 5q-10 10 -6 36q9 40 56 91.5t132 96.5q14 9 23 -6q2 -2 2 -4q52 85 107 197 q68 136 104 262q-24 82 -30.5 159.5t6.5 127.5q11 40 42 40h21h1q23 0 35 -15q18 -21 9 -68q-2 -6 -4 -8q1 -3 1 -8v-30q-2 -123 -14 -192q55 -164 146 -238zM318 54q52 24 137 158q-51 -40 -87.5 -84t-49.5 -74zM716 974q-15 -42 -2 -132q1 7 7 44q0 3 7 43q1 4 4 8 q-1 1 -1 2t-0.5 1.5t-0.5 1.5q-1 22 -13 36q0 -1 -1 -2v-2zM592 313q135 54 284 81q-2 1 -13 9.5t-16 13.5q-76 67 -127 176q-27 -86 -83 -197q-30 -56 -45 -83zM1238 329q-24 24 -140 24q76 -28 124 -28q14 0 18 1q0 1 -2 3z" />
-<glyph unicode="&#xf1c2;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M233 768v-107h70l164 -661h159l128 485q7 20 10 46q2 16 2 24h4l3 -24q1 -3 3.5 -20t5.5 -26l128 -485h159l164 661h70v107h-300v-107h90l-99 -438q-5 -20 -7 -46l-2 -21h-4l-3 21q-1 5 -4 21t-5 25l-144 545h-114l-144 -545q-2 -9 -4.5 -24.5t-3.5 -21.5l-4 -21h-4l-2 21 q-2 26 -7 46l-99 438h90v107h-300z" />
-<glyph unicode="&#xf1c3;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M429 106v-106h281v106h-75l103 161q5 7 10 16.5t7.5 13.5t3.5 4h2q1 -4 5 -10q2 -4 4.5 -7.5t6 -8t6.5 -8.5l107 -161h-76v-106h291v106h-68l-192 273l195 282h67v107h-279v-107h74l-103 -159q-4 -7 -10 -16.5t-9 -13.5l-2 -3h-2q-1 4 -5 10q-6 11 -17 23l-106 159h76v107 h-290v-107h68l189 -272l-194 -283h-68z" />
-<glyph unicode="&#xf1c4;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M416 106v-106h327v106h-93v167h137q76 0 118 15q67 23 106.5 87t39.5 146q0 81 -37 141t-100 87q-48 19 -130 19h-368v-107h92v-555h-92zM769 386h-119v268h120q52 0 83 -18q56 -33 56 -115q0 -89 -62 -120q-31 -15 -78 -15z" />
-<glyph unicode="&#xf1c5;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M1280 320v-320h-1024v192l192 192l128 -128l384 384zM448 512q-80 0 -136 56t-56 136t56 136t136 56t136 -56t56 -136t-56 -136t-136 -56z" />
-<glyph unicode="&#xf1c6;" d="M640 1152v128h-128v-128h128zM768 1024v128h-128v-128h128zM640 896v128h-128v-128h128zM768 768v128h-128v-128h128zM1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400 v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-128v-128h-128v128h-512v-1536h1280zM781 593l107 -349q8 -27 8 -52q0 -83 -72.5 -137.5t-183.5 -54.5t-183.5 54.5t-72.5 137.5q0 25 8 52q21 63 120 396v128h128v-128h79 q22 0 39 -13t23 -34zM640 128q53 0 90.5 19t37.5 45t-37.5 45t-90.5 19t-90.5 -19t-37.5 -45t37.5 -45t90.5 -19z" />
-<glyph unicode="&#xf1c7;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M620 686q20 -8 20 -30v-544q0 -22 -20 -30q-8 -2 -12 -2q-12 0 -23 9l-166 167h-131q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h131l166 167q16 15 35 7zM1037 -3q31 0 50 24q129 159 129 363t-129 363q-16 21 -43 24t-47 -14q-21 -17 -23.5 -43.5t14.5 -47.5 q100 -123 100 -282t-100 -282q-17 -21 -14.5 -47.5t23.5 -42.5q18 -15 40 -15zM826 145q27 0 47 20q87 93 87 219t-87 219q-18 19 -45 20t-46 -17t-20 -44.5t18 -46.5q52 -57 52 -131t-52 -131q-19 -20 -18 -46.5t20 -44.5q20 -17 44 -17z" />
-<glyph unicode="&#xf1c8;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M768 768q52 0 90 -38t38 -90v-384q0 -52 -38 -90t-90 -38h-384q-52 0 -90 38t-38 90v384q0 52 38 90t90 38h384zM1260 766q20 -8 20 -30v-576q0 -22 -20 -30q-8 -2 -12 -2q-14 0 -23 9l-265 266v90l265 266q9 9 23 9q4 0 12 -2z" />
-<glyph unicode="&#xf1c9;" d="M1468 1156q28 -28 48 -76t20 -88v-1152q0 -40 -28 -68t-68 -28h-1344q-40 0 -68 28t-28 68v1600q0 40 28 68t68 28h896q40 0 88 -20t76 -48zM1024 1400v-376h376q-10 29 -22 41l-313 313q-12 12 -41 22zM1408 -128v1024h-416q-40 0 -68 28t-28 68v416h-768v-1536h1280z M480 768q8 11 21 12.5t24 -6.5l51 -38q11 -8 12.5 -21t-6.5 -24l-182 -243l182 -243q8 -11 6.5 -24t-12.5 -21l-51 -38q-11 -8 -24 -6.5t-21 12.5l-226 301q-14 19 0 38zM1282 467q14 -19 0 -38l-226 -301q-8 -11 -21 -12.5t-24 6.5l-51 38q-11 8 -12.5 21t6.5 24l182 243 l-182 243q-8 11 -6.5 24t12.5 21l51 38q11 8 24 6.5t21 -12.5zM662 6q-13 2 -20.5 13t-5.5 24l138 831q2 13 13 20.5t24 5.5l63 -10q13 -2 20.5 -13t5.5 -24l-138 -831q-2 -13 -13 -20.5t-24 -5.5z" />
-<glyph unicode="&#xf1ca;" d="M1497 709v-198q-101 -23 -198 -23q-65 -136 -165.5 -271t-181.5 -215.5t-128 -106.5q-80 -45 -162 3q-28 17 -60.5 43.5t-85 83.5t-102.5 128.5t-107.5 184t-105.5 244t-91.5 314.5t-70.5 390h283q26 -218 70 -398.5t104.5 -317t121.5 -235.5t140 -195q169 169 287 406 q-142 72 -223 220t-81 333q0 192 104 314.5t284 122.5q178 0 273 -105.5t95 -297.5q0 -159 -58 -286q-7 -1 -19.5 -3t-46 -2t-63 6t-62 25.5t-50.5 51.5q31 103 31 184q0 87 -29 132t-79 45q-53 0 -85 -49.5t-32 -140.5q0 -186 105 -293.5t267 -107.5q62 0 121 14z" />
-<glyph unicode="&#xf1cb;" horiz-adv-x="1792" d="M216 367l603 -402v359l-334 223zM154 511l193 129l-193 129v-258zM973 -35l603 402l-269 180l-334 -223v-359zM896 458l272 182l-272 182l-272 -182zM485 733l334 223v359l-603 -402zM1445 640l193 -129v258zM1307 733l269 180l-603 402v-359zM1792 913v-546 q0 -41 -34 -64l-819 -546q-21 -13 -43 -13t-43 13l-819 546q-34 23 -34 64v546q0 41 34 64l819 546q21 13 43 13t43 -13l819 -546q34 -23 34 -64z" />
-<glyph unicode="&#xf1cc;" horiz-adv-x="2048" d="M1800 764q111 -46 179.5 -145.5t68.5 -221.5q0 -164 -118 -280.5t-285 -116.5q-4 0 -11.5 0.5t-10.5 0.5h-1209h-1h-2h-5q-170 10 -288 125.5t-118 280.5q0 110 55 203t147 147q-12 39 -12 82q0 115 82 196t199 81q95 0 172 -58q75 154 222.5 248t326.5 94 q166 0 306 -80.5t221.5 -218.5t81.5 -301q0 -6 -0.5 -18t-0.5 -18zM468 498q0 -122 84 -193t208 -71q137 0 240 99q-16 20 -47.5 56.5t-43.5 50.5q-67 -65 -144 -65q-55 0 -93.5 33.5t-38.5 87.5q0 53 38.5 87t91.5 34q44 0 84.5 -21t73 -55t65 -75t69 -82t77 -75t97 -55 t121.5 -21q121 0 204.5 71.5t83.5 190.5q0 121 -84 192t-207 71q-143 0 -241 -97q14 -16 29.5 -34t34.5 -40t29 -34q66 64 142 64q52 0 92 -33t40 -84q0 -57 -37 -91.5t-94 -34.5q-43 0 -82.5 21t-72 55t-65.5 75t-69.5 82t-77.5 75t-96.5 55t-118.5 21q-122 0 -207 -70.5 t-85 -189.5z" />
-<glyph unicode="&#xf1cd;" horiz-adv-x="1792" d="M896 1536q182 0 348 -71t286 -191t191 -286t71 -348t-71 -348t-191 -286t-286 -191t-348 -71t-348 71t-286 191t-191 286t-71 348t71 348t191 286t286 191t348 71zM896 1408q-190 0 -361 -90l194 -194q82 28 167 28t167 -28l194 194q-171 90 -361 90zM218 279l194 194 q-28 82 -28 167t28 167l-194 194q-90 -171 -90 -361t90 -361zM896 -128q190 0 361 90l-194 194q-82 -28 -167 -28t-167 28l-194 -194q171 -90 361 -90zM896 256q159 0 271.5 112.5t112.5 271.5t-112.5 271.5t-271.5 112.5t-271.5 -112.5t-112.5 -271.5t112.5 -271.5 t271.5 -112.5zM1380 473l194 -194q90 171 90 361t-90 361l-194 -194q28 -82 28 -167t-28 -167z" />
-<glyph unicode="&#xf1ce;" horiz-adv-x="1792" d="M1792 640q0 -182 -71 -348t-191 -286t-286 -191t-348 -71t-348 71t-286 191t-191 286t-71 348q0 222 101 414.5t276.5 317t390.5 155.5v-260q-221 -45 -366.5 -221t-145.5 -406q0 -130 51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5 q0 230 -145.5 406t-366.5 221v260q215 -31 390.5 -155.5t276.5 -317t101 -414.5z" />
-<glyph unicode="&#xf1d0;" horiz-adv-x="1792" d="M19 662q8 217 116 406t305 318h5q0 -1 -1 -3q-8 -8 -28 -33.5t-52 -76.5t-60 -110.5t-44.5 -135.5t-14 -150.5t39 -157.5t108.5 -154q50 -50 102 -69.5t90.5 -11.5t69.5 23.5t47 32.5l16 16q39 51 53 116.5t6.5 122.5t-21 107t-26.5 80l-14 29q-10 25 -30.5 49.5t-43 41 t-43.5 29.5t-35 19l-13 6l104 115q39 -17 78 -52t59 -61l19 -27q1 48 -18.5 103.5t-40.5 87.5l-20 31l161 183l160 -181q-33 -46 -52.5 -102.5t-22.5 -90.5l-4 -33q22 37 61.5 72.5t67.5 52.5l28 17l103 -115q-44 -14 -85 -50t-60 -65l-19 -29q-31 -56 -48 -133.5t-7 -170 t57 -156.5q33 -45 77.5 -60.5t85 -5.5t76 26.5t57.5 33.5l21 16q60 53 96.5 115t48.5 121.5t10 121.5t-18 118t-37 107.5t-45.5 93t-45 72t-34.5 47.5l-13 17q-14 13 -7 13l10 -3q40 -29 62.5 -46t62 -50t64 -58t58.5 -65t55.5 -77t45.5 -88t38 -103t23.5 -117t10.5 -136 q3 -259 -108 -465t-312 -321t-456 -115q-185 0 -351 74t-283.5 198t-184 293t-60.5 353z" />
-<glyph unicode="&#xf1d1;" horiz-adv-x="1792" d="M874 -102v-66q-208 6 -385 109.5t-283 275.5l58 34q29 -49 73 -99l65 57q148 -168 368 -212l-17 -86q65 -12 121 -13zM276 428l-83 -28q22 -60 49 -112l-57 -33q-98 180 -98 385t98 385l57 -33q-30 -56 -49 -112l82 -28q-35 -100 -35 -212q0 -109 36 -212zM1528 251 l58 -34q-106 -172 -283 -275.5t-385 -109.5v66q56 1 121 13l-17 86q220 44 368 212l65 -57q44 50 73 99zM1377 805l-233 -80q14 -42 14 -85t-14 -85l232 -80q-31 -92 -98 -169l-185 162q-57 -67 -147 -85l48 -241q-52 -10 -98 -10t-98 10l48 241q-90 18 -147 85l-185 -162 q-67 77 -98 169l232 80q-14 42 -14 85t14 85l-233 80q33 93 99 169l185 -162q59 68 147 86l-48 240q44 10 98 10t98 -10l-48 -240q88 -18 147 -86l185 162q66 -76 99 -169zM874 1448v-66q-65 -2 -121 -13l17 -86q-220 -42 -368 -211l-65 56q-38 -42 -73 -98l-57 33 q106 172 282 275.5t385 109.5zM1705 640q0 -205 -98 -385l-57 33q27 52 49 112l-83 28q36 103 36 212q0 112 -35 212l82 28q-19 56 -49 112l57 33q98 -180 98 -385zM1585 1063l-57 -33q-35 56 -73 98l-65 -56q-148 169 -368 211l17 86q-56 11 -121 13v66q209 -6 385 -109.5 t282 -275.5zM1748 640q0 173 -67.5 331t-181.5 272t-272 181.5t-331 67.5t-331 -67.5t-272 -181.5t-181.5 -272t-67.5 -331t67.5 -331t181.5 -272t272 -181.5t331 -67.5t331 67.5t272 181.5t181.5 272t67.5 331zM1792 640q0 -182 -71 -348t-191 -286t-286 -191t-348 -71 t-348 71t-286 191t-191 286t-71 348t71 348t191 286t286 191t348 71t348 -71t286 -191t191 -286t71 -348z" />
-<glyph unicode="&#xf1d2;" d="M582 228q0 -66 -93 -66q-107 0 -107 63q0 64 98 64q102 0 102 -61zM546 694q0 -85 -74 -85q-77 0 -77 84q0 90 77 90q36 0 55 -25.5t19 -63.5zM712 769v125q-78 -29 -135 -29q-50 29 -110 29q-86 0 -145 -57t-59 -143q0 -50 29.5 -102t73.5 -67v-3q-38 -17 -38 -85 q0 -53 41 -77v-3q-113 -37 -113 -139q0 -45 20 -78.5t54 -51t72 -25.5t81 -8q224 0 224 188q0 67 -48 99t-126 46q-27 5 -51.5 20.5t-24.5 39.5q0 44 49 52q77 15 122 70t45 134q0 24 -10 52q37 9 49 13zM771 350h137q-2 27 -2 82v387q0 46 2 69h-137q3 -23 3 -71v-392 q0 -50 -3 -75zM1280 366v121q-30 -21 -68 -21q-53 0 -53 82v225h52q9 0 26.5 -1t26.5 -1v117h-105q0 82 3 102h-140q4 -24 4 -55v-47h-60v-117q36 3 37 3q3 0 11 -0.5t12 -0.5v-2h-2v-217q0 -37 2.5 -64t11.5 -56.5t24.5 -48.5t43.5 -31t66 -12q64 0 108 24zM924 1072 q0 36 -24 63.5t-60 27.5t-60.5 -27t-24.5 -64q0 -36 25 -62.5t60 -26.5t59.5 27t24.5 62zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf1d3;" horiz-adv-x="1792" d="M595 22q0 100 -165 100q-158 0 -158 -104q0 -101 172 -101q151 0 151 105zM536 777q0 61 -30 102t-89 41q-124 0 -124 -145q0 -135 124 -135q119 0 119 137zM805 1101v-202q-36 -12 -79 -22q16 -43 16 -84q0 -127 -73 -216.5t-197 -112.5q-40 -8 -59.5 -27t-19.5 -58 q0 -31 22.5 -51.5t58 -32t78.5 -22t86 -25.5t78.5 -37.5t58 -64t22.5 -98.5q0 -304 -363 -304q-69 0 -130 12.5t-116 41t-87.5 82t-32.5 127.5q0 165 182 225v4q-67 41 -67 126q0 109 63 137v4q-72 24 -119.5 108.5t-47.5 165.5q0 139 95 231.5t235 92.5q96 0 178 -47 q98 0 218 47zM1123 220h-222q4 45 4 134v609q0 94 -4 128h222q-4 -33 -4 -124v-613q0 -89 4 -134zM1724 442v-196q-71 -39 -174 -39q-62 0 -107 20t-70 50t-39.5 78t-18.5 92t-4 103v351h2v4q-7 0 -19 1t-18 1q-21 0 -59 -6v190h96v76q0 54 -6 89h227q-6 -41 -6 -165h171 v-190q-15 0 -43.5 2t-42.5 2h-85v-365q0 -131 87 -131q61 0 109 33zM1148 1389q0 -58 -39 -101.5t-96 -43.5q-58 0 -98 43.5t-40 101.5q0 59 39.5 103t98.5 44q58 0 96.5 -44.5t38.5 -102.5z" />
-<glyph unicode="&#xf1d4;" d="M825 547l343 588h-150q-21 -39 -63.5 -118.5t-68 -128.5t-59.5 -118.5t-60 -128.5h-3q-21 48 -44.5 97t-52 105.5t-46.5 92t-54 104.5t-49 95h-150l323 -589v-435h134v436zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960 q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf1d5;" horiz-adv-x="1280" d="M842 964q0 -80 -57 -136.5t-136 -56.5q-60 0 -111 35q-62 -67 -115 -146q-247 -371 -202 -859q1 -22 -12.5 -38.5t-34.5 -18.5h-5q-20 0 -35 13.5t-17 33.5q-14 126 -3.5 247.5t29.5 217t54 186t69 155.5t74 125q61 90 132 165q-16 35 -16 77q0 80 56.5 136.5t136.5 56.5 t136.5 -56.5t56.5 -136.5zM1223 953q0 -158 -78 -292t-212.5 -212t-292.5 -78q-64 0 -131 14q-21 5 -32.5 23.5t-6.5 39.5q5 20 23 31.5t39 7.5q51 -13 108 -13q97 0 186 38t153 102t102 153t38 186t-38 186t-102 153t-153 102t-186 38t-186 -38t-153 -102t-102 -153 t-38 -186q0 -114 52 -218q10 -20 3.5 -40t-25.5 -30t-39.5 -3t-30.5 26q-64 123 -64 265q0 119 46.5 227t124.5 186t186 124t226 46q158 0 292.5 -78t212.5 -212.5t78 -292.5z" />
-<glyph unicode="&#xf1d6;" horiz-adv-x="1792" d="M270 730q-8 19 -8 52q0 20 11 49t24 45q-1 22 7.5 53t22.5 43q0 139 92.5 288.5t217.5 209.5q139 66 324 66q133 0 266 -55q49 -21 90 -48t71 -56t55 -68t42 -74t32.5 -84.5t25.5 -89.5t22 -98l1 -5q55 -83 55 -150q0 -14 -9 -40t-9 -38q0 -1 1.5 -3.5t3.5 -5t2 -3.5 q77 -114 120.5 -214.5t43.5 -208.5q0 -43 -19.5 -100t-55.5 -57q-9 0 -19.5 7.5t-19 17.5t-19 26t-16 26.5t-13.5 26t-9 17.5q-1 1 -3 1l-5 -4q-59 -154 -132 -223q20 -20 61.5 -38.5t69 -41.5t35.5 -65q-2 -4 -4 -16t-7 -18q-64 -97 -302 -97q-53 0 -110.5 9t-98 20 t-104.5 30q-15 5 -23 7q-14 4 -46 4.5t-40 1.5q-41 -45 -127.5 -65t-168.5 -20q-35 0 -69 1.5t-93 9t-101 20.5t-74.5 40t-32.5 64q0 40 10 59.5t41 48.5q11 2 40.5 13t49.5 12q4 0 14 2q2 2 2 4l-2 3q-48 11 -108 105.5t-73 156.5l-5 3q-4 0 -12 -20q-18 -41 -54.5 -74.5 t-77.5 -37.5h-1q-4 0 -6 4.5t-5 5.5q-23 54 -23 100q0 275 252 466z" />
-<glyph unicode="&#xf1d7;" horiz-adv-x="2048" d="M580 1075q0 41 -25 66t-66 25q-43 0 -76 -25.5t-33 -65.5q0 -39 33 -64.5t76 -25.5q41 0 66 24.5t25 65.5zM1323 568q0 28 -25.5 50t-65.5 22q-27 0 -49.5 -22.5t-22.5 -49.5q0 -28 22.5 -50.5t49.5 -22.5q40 0 65.5 22t25.5 51zM1087 1075q0 41 -24.5 66t-65.5 25 q-43 0 -76 -25.5t-33 -65.5q0 -39 33 -64.5t76 -25.5q41 0 65.5 24.5t24.5 65.5zM1722 568q0 28 -26 50t-65 22q-27 0 -49.5 -22.5t-22.5 -49.5q0 -28 22.5 -50.5t49.5 -22.5q39 0 65 22t26 51zM1456 965q-31 4 -70 4q-169 0 -311 -77t-223.5 -208.5t-81.5 -287.5 q0 -78 23 -152q-35 -3 -68 -3q-26 0 -50 1.5t-55 6.5t-44.5 7t-54.5 10.5t-50 10.5l-253 -127l72 218q-290 203 -290 490q0 169 97.5 311t264 223.5t363.5 81.5q176 0 332.5 -66t262 -182.5t136.5 -260.5zM2048 404q0 -117 -68.5 -223.5t-185.5 -193.5l55 -181l-199 109 q-150 -37 -218 -37q-169 0 -311 70.5t-223.5 191.5t-81.5 264t81.5 264t223.5 191.5t311 70.5q161 0 303 -70.5t227.5 -192t85.5 -263.5z" />
-<glyph unicode="&#xf1d8;" horiz-adv-x="1792" d="M1764 1525q33 -24 27 -64l-256 -1536q-5 -29 -32 -45q-14 -8 -31 -8q-11 0 -24 5l-453 185l-242 -295q-18 -23 -49 -23q-13 0 -22 4q-19 7 -30.5 23.5t-11.5 36.5v349l864 1059l-1069 -925l-395 162q-37 14 -40 55q-2 40 32 59l1664 960q15 9 32 9q20 0 36 -11z" />
-<glyph unicode="&#xf1d9;" horiz-adv-x="1792" d="M1764 1525q33 -24 27 -64l-256 -1536q-5 -29 -32 -45q-14 -8 -31 -8q-11 0 -24 5l-527 215l-298 -327q-18 -21 -47 -21q-14 0 -23 4q-19 7 -30 23.5t-11 36.5v452l-472 193q-37 14 -40 55q-3 39 32 59l1664 960q35 21 68 -2zM1422 26l221 1323l-1434 -827l336 -137 l863 639l-478 -797z" />
-<glyph unicode="&#xf1da;" d="M1536 640q0 -156 -61 -298t-164 -245t-245 -164t-298 -61q-172 0 -327 72.5t-264 204.5q-7 10 -6.5 22.5t8.5 20.5l137 138q10 9 25 9q16 -2 23 -12q73 -95 179 -147t225 -52q104 0 198.5 40.5t163.5 109.5t109.5 163.5t40.5 198.5t-40.5 198.5t-109.5 163.5 t-163.5 109.5t-198.5 40.5q-98 0 -188 -35.5t-160 -101.5l137 -138q31 -30 14 -69q-17 -40 -59 -40h-448q-26 0 -45 19t-19 45v448q0 42 40 59q39 17 69 -14l130 -129q107 101 244.5 156.5t284.5 55.5q156 0 298 -61t245 -164t164 -245t61 -298zM896 928v-448q0 -14 -9 -23 t-23 -9h-320q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h224v352q0 14 9 23t23 9h64q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf1db;" d="M768 1280q-130 0 -248.5 -51t-204 -136.5t-136.5 -204t-51 -248.5t51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5t-51 248.5t-136.5 204t-204 136.5t-248.5 51zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103 t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf1dc;" horiz-adv-x="1792" d="M1682 -128q-44 0 -132.5 3.5t-133.5 3.5q-44 0 -132 -3.5t-132 -3.5q-24 0 -37 20.5t-13 45.5q0 31 17 46t39 17t51 7t45 15q33 21 33 140l-1 391q0 21 -1 31q-13 4 -50 4h-675q-38 0 -51 -4q-1 -10 -1 -31l-1 -371q0 -142 37 -164q16 -10 48 -13t57 -3.5t45 -15 t20 -45.5q0 -26 -12.5 -48t-36.5 -22q-47 0 -139.5 3.5t-138.5 3.5q-43 0 -128 -3.5t-127 -3.5q-23 0 -35.5 21t-12.5 45q0 30 15.5 45t36 17.5t47.5 7.5t42 15q33 23 33 143l-1 57v813q0 3 0.5 26t0 36.5t-1.5 38.5t-3.5 42t-6.5 36.5t-11 31.5t-16 18q-15 10 -45 12t-53 2 t-41 14t-18 45q0 26 12 48t36 22q46 0 138.5 -3.5t138.5 -3.5q42 0 126.5 3.5t126.5 3.5q25 0 37.5 -22t12.5 -48q0 -30 -17 -43.5t-38.5 -14.5t-49.5 -4t-43 -13q-35 -21 -35 -160l1 -320q0 -21 1 -32q13 -3 39 -3h699q25 0 38 3q1 11 1 32l1 320q0 139 -35 160 q-18 11 -58.5 12.5t-66 13t-25.5 49.5q0 26 12.5 48t37.5 22q44 0 132 -3.5t132 -3.5q43 0 129 3.5t129 3.5q25 0 37.5 -22t12.5 -48q0 -30 -17.5 -44t-40 -14.5t-51.5 -3t-44 -12.5q-35 -23 -35 -161l1 -943q0 -119 34 -140q16 -10 46 -13.5t53.5 -4.5t41.5 -15.5t18 -44.5 q0 -26 -12 -48t-36 -22z" />
-<glyph unicode="&#xf1dd;" horiz-adv-x="1280" d="M1278 1347v-73q0 -29 -18.5 -61t-42.5 -32q-50 0 -54 -1q-26 -6 -32 -31q-3 -11 -3 -64v-1152q0 -25 -18 -43t-43 -18h-108q-25 0 -43 18t-18 43v1218h-143v-1218q0 -25 -17.5 -43t-43.5 -18h-108q-26 0 -43.5 18t-17.5 43v496q-147 12 -245 59q-126 58 -192 179 q-64 117 -64 259q0 166 88 286q88 118 209 159q111 37 417 37h479q25 0 43 -18t18 -43z" />
-<glyph unicode="&#xf1de;" d="M352 128v-128h-352v128h352zM704 256q26 0 45 -19t19 -45v-256q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h256zM864 640v-128h-864v128h864zM224 1152v-128h-224v128h224zM1536 128v-128h-736v128h736zM576 1280q26 0 45 -19t19 -45v-256 q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h256zM1216 768q26 0 45 -19t19 -45v-256q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v256q0 26 19 45t45 19h256zM1536 640v-128h-224v128h224zM1536 1152v-128h-864v128h864z" />
-<glyph unicode="&#xf1e0;" d="M1216 512q133 0 226.5 -93.5t93.5 -226.5t-93.5 -226.5t-226.5 -93.5t-226.5 93.5t-93.5 226.5q0 12 2 34l-360 180q-92 -86 -218 -86q-133 0 -226.5 93.5t-93.5 226.5t93.5 226.5t226.5 93.5q126 0 218 -86l360 180q-2 22 -2 34q0 133 93.5 226.5t226.5 93.5 t226.5 -93.5t93.5 -226.5t-93.5 -226.5t-226.5 -93.5q-126 0 -218 86l-360 -180q2 -22 2 -34t-2 -34l360 -180q92 86 218 86z" />
-<glyph unicode="&#xf1e1;" d="M1280 341q0 88 -62.5 151t-150.5 63q-84 0 -145 -58l-241 120q2 16 2 23t-2 23l241 120q61 -58 145 -58q88 0 150.5 63t62.5 151t-62.5 150.5t-150.5 62.5t-151 -62.5t-63 -150.5q0 -7 2 -23l-241 -120q-62 57 -145 57q-88 0 -150.5 -62.5t-62.5 -150.5t62.5 -150.5 t150.5 -62.5q83 0 145 57l241 -120q-2 -16 -2 -23q0 -88 63 -150.5t151 -62.5t150.5 62.5t62.5 150.5zM1536 1120v-960q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf1e2;" horiz-adv-x="1792" d="M571 947q-10 25 -34 35t-49 0q-108 -44 -191 -127t-127 -191q-10 -25 0 -49t35 -34q13 -5 24 -5q42 0 60 40q34 84 98.5 148.5t148.5 98.5q25 11 35 35t0 49zM1513 1303l46 -46l-244 -243l68 -68q19 -19 19 -45.5t-19 -45.5l-64 -64q89 -161 89 -343q0 -143 -55.5 -273.5 t-150 -225t-225 -150t-273.5 -55.5t-273.5 55.5t-225 150t-150 225t-55.5 273.5t55.5 273.5t150 225t225 150t273.5 55.5q182 0 343 -89l64 64q19 19 45.5 19t45.5 -19l68 -68zM1521 1359q-10 -10 -22 -10q-13 0 -23 10l-91 90q-9 10 -9 23t9 23q10 9 23 9t23 -9l90 -91 q10 -9 10 -22.5t-10 -22.5zM1751 1129q-11 -9 -23 -9t-23 9l-90 91q-10 9 -10 22.5t10 22.5q9 10 22.5 10t22.5 -10l91 -90q9 -10 9 -23t-9 -23zM1792 1312q0 -14 -9 -23t-23 -9h-96q-14 0 -23 9t-9 23t9 23t23 9h96q14 0 23 -9t9 -23zM1600 1504v-96q0 -14 -9 -23t-23 -9 t-23 9t-9 23v96q0 14 9 23t23 9t23 -9t9 -23zM1751 1449l-91 -90q-10 -10 -22 -10q-13 0 -23 10q-10 9 -10 22.5t10 22.5l90 91q10 9 23 9t23 -9q9 -10 9 -23t-9 -23z" />
-<glyph unicode="&#xf1e3;" horiz-adv-x="1792" d="M609 720l287 208l287 -208l-109 -336h-355zM896 1536q182 0 348 -71t286 -191t191 -286t71 -348t-71 -348t-191 -286t-286 -191t-348 -71t-348 71t-286 191t-191 286t-71 348t71 348t191 286t286 191t348 71zM1515 186q149 203 149 454v3l-102 -89l-240 224l63 323 l134 -12q-150 206 -389 282l53 -124l-287 -159l-287 159l53 124q-239 -76 -389 -282l135 12l62 -323l-240 -224l-102 89v-3q0 -251 149 -454l30 132l326 -40l139 -298l-116 -69q117 -39 240 -39t240 39l-116 69l139 298l326 40z" />
-<glyph unicode="&#xf1e4;" horiz-adv-x="1792" d="M448 224v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM256 608v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM832 224v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23 v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM640 608v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM66 768q-28 0 -47 19t-19 46v129h514v-129q0 -27 -19 -46t-46 -19h-383zM1216 224v-192q0 -14 -9 -23t-23 -9h-192 q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1024 608v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1600 224v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23 zM1408 608v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1792 1016v-13h-514v10q0 104 -382 102q-382 -1 -382 -102v-10h-514v13q0 17 8.5 43t34 64t65.5 75.5t110.5 76t160 67.5t224 47.5t293.5 18.5t293 -18.5t224 -47.5 t160.5 -67.5t110.5 -76t65.5 -75.5t34 -64t8.5 -43zM1792 608v-192q0 -14 -9 -23t-23 -9h-192q-14 0 -23 9t-9 23v192q0 14 9 23t23 9h192q14 0 23 -9t9 -23zM1792 962v-129q0 -27 -19 -46t-46 -19h-384q-27 0 -46 19t-19 46v129h514z" />
-<glyph unicode="&#xf1e5;" horiz-adv-x="1792" d="M704 1216v-768q0 -26 -19 -45t-45 -19v-576q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19t-19 45v512l249 873q7 23 31 23h424zM1024 1216v-704h-256v704h256zM1792 320v-512q0 -26 -19 -45t-45 -19h-512q-26 0 -45 19t-19 45v576q-26 0 -45 19t-19 45v768h424q24 0 31 -23z M736 1504v-224h-352v224q0 14 9 23t23 9h288q14 0 23 -9t9 -23zM1408 1504v-224h-352v224q0 14 9 23t23 9h288q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf1e6;" horiz-adv-x="1792" d="M1755 1083q37 -37 37 -90t-37 -91l-401 -400l150 -150l-160 -160q-163 -163 -389.5 -186.5t-411.5 100.5l-362 -362h-181v181l362 362q-124 185 -100.5 411.5t186.5 389.5l160 160l150 -150l400 401q38 37 91 37t90 -37t37 -90.5t-37 -90.5l-400 -401l234 -234l401 400 q38 37 91 37t90 -37z" />
-<glyph unicode="&#xf1e7;" horiz-adv-x="1792" d="M873 796q0 -83 -63.5 -142.5t-152.5 -59.5t-152.5 59.5t-63.5 142.5q0 84 63.5 143t152.5 59t152.5 -59t63.5 -143zM1375 796q0 -83 -63 -142.5t-153 -59.5q-89 0 -152.5 59.5t-63.5 142.5q0 84 63.5 143t152.5 59q90 0 153 -59t63 -143zM1600 616v667q0 87 -32 123.5 t-111 36.5h-1112q-83 0 -112.5 -34t-29.5 -126v-673q43 -23 88.5 -40t81 -28t81 -18.5t71 -11t70 -4t58.5 -0.5t56.5 2t44.5 2q68 1 95 -27q6 -6 10 -9q26 -25 61 -51q7 91 118 87q5 0 36.5 -1.5t43 -2t45.5 -1t53 1t54.5 4.5t61 8.5t62 13.5t67 19.5t67.5 27t72 34.5z M1763 621q-121 -149 -372 -252q84 -285 -23 -465q-66 -113 -183 -148q-104 -32 -182 15q-86 51 -82 164l-1 326v1q-8 2 -24.5 6t-23.5 5l-1 -338q4 -114 -83 -164q-79 -47 -183 -15q-117 36 -182 150q-105 180 -22 463q-251 103 -372 252q-25 37 -4 63t60 -1q3 -2 11 -7 t11 -8v694q0 72 47 123t114 51h1257q67 0 114 -51t47 -123v-694l21 15q39 27 60 1t-4 -63z" />
-<glyph unicode="&#xf1e8;" horiz-adv-x="1792" d="M896 1102v-434h-145v434h145zM1294 1102v-434h-145v434h145zM1294 342l253 254v795h-1194v-1049h326v-217l217 217h398zM1692 1536v-1013l-434 -434h-326l-217 -217h-217v217h-398v1158l109 289h1483z" />
-<glyph unicode="&#xf1e9;" d="M773 217v-127q-1 -292 -6 -305q-12 -32 -51 -40q-54 -9 -181.5 38t-162.5 89q-13 15 -17 36q-1 12 4 26q4 10 34 47t181 216q1 0 60 70q15 19 39.5 24.5t49.5 -3.5q24 -10 37.5 -29t12.5 -42zM624 468q-3 -55 -52 -70l-120 -39q-275 -88 -292 -88q-35 2 -54 36 q-12 25 -17 75q-8 76 1 166.5t30 124.5t56 32q13 0 202 -77q70 -29 115 -47l84 -34q23 -9 35.5 -30.5t11.5 -48.5zM1450 171q-7 -54 -91.5 -161t-135.5 -127q-37 -14 -63 7q-14 10 -184 287l-47 77q-14 21 -11.5 46t19.5 46q35 43 83 26q1 -1 119 -40q203 -66 242 -79.5 t47 -20.5q28 -22 22 -61zM778 803q5 -102 -54 -122q-58 -17 -114 71l-378 598q-8 35 19 62q41 43 207.5 89.5t224.5 31.5q40 -10 49 -45q3 -18 22 -305.5t24 -379.5zM1440 695q3 -39 -26 -59q-15 -10 -329 -86q-67 -15 -91 -23l1 2q-23 -6 -46 4t-37 32q-30 47 0 87 q1 1 75 102q125 171 150 204t34 39q28 19 65 2q48 -23 123 -133.5t81 -167.5v-3z" />
-<glyph unicode="&#xf1ea;" horiz-adv-x="2048" d="M1024 1024h-384v-384h384v384zM1152 384v-128h-640v128h640zM1152 1152v-640h-640v640h640zM1792 384v-128h-512v128h512zM1792 640v-128h-512v128h512zM1792 896v-128h-512v128h512zM1792 1152v-128h-512v128h512zM256 192v960h-128v-960q0 -26 19 -45t45 -19t45 19 t19 45zM1920 192v1088h-1536v-1088q0 -33 -11 -64h1483q26 0 45 19t19 45zM2048 1408v-1216q0 -80 -56 -136t-136 -56h-1664q-80 0 -136 56t-56 136v1088h256v128h1792z" />
-<glyph unicode="&#xf1eb;" horiz-adv-x="2048" d="M1024 13q-20 0 -93 73.5t-73 93.5q0 32 62.5 54t103.5 22t103.5 -22t62.5 -54q0 -20 -73 -93.5t-93 -73.5zM1294 284q-2 0 -40 25t-101.5 50t-128.5 25t-128.5 -25t-101 -50t-40.5 -25q-18 0 -93.5 75t-75.5 93q0 13 10 23q78 77 196 121t233 44t233 -44t196 -121 q10 -10 10 -23q0 -18 -75.5 -93t-93.5 -75zM1567 556q-11 0 -23 8q-136 105 -252 154.5t-268 49.5q-85 0 -170.5 -22t-149 -53t-113.5 -62t-79 -53t-31 -22q-17 0 -92 75t-75 93q0 12 10 22q132 132 320 205t380 73t380 -73t320 -205q10 -10 10 -22q0 -18 -75 -93t-92 -75z M1838 827q-11 0 -22 9q-179 157 -371.5 236.5t-420.5 79.5t-420.5 -79.5t-371.5 -236.5q-11 -9 -22 -9q-17 0 -92.5 75t-75.5 93q0 13 10 23q187 186 445 288t527 102t527 -102t445 -288q10 -10 10 -23q0 -18 -75.5 -93t-92.5 -75z" />
-<glyph unicode="&#xf1ec;" horiz-adv-x="1792" d="M384 0q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM768 0q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM384 384q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5 t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1152 0q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM768 384q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5 t37.5 90.5zM384 768q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1152 384q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM768 768q0 53 -37.5 90.5t-90.5 37.5 t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1536 0v384q0 52 -38 90t-90 38t-90 -38t-38 -90v-384q0 -52 38 -90t90 -38t90 38t38 90zM1152 768q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5z M1536 1088v256q0 26 -19 45t-45 19h-1280q-26 0 -45 -19t-19 -45v-256q0 -26 19 -45t45 -19h1280q26 0 45 19t19 45zM1536 768q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1664 1408v-1536q0 -52 -38 -90t-90 -38 h-1408q-52 0 -90 38t-38 90v1536q0 52 38 90t90 38h1408q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf1ed;" horiz-adv-x="1792" d="M1112 1090q0 159 -237 159h-70q-32 0 -59.5 -21.5t-34.5 -52.5l-63 -276q-2 -5 -2 -16q0 -24 17 -39.5t41 -15.5h53q69 0 128.5 13t112.5 41t83.5 81.5t30.5 126.5zM1716 938q0 -265 -220 -428q-219 -161 -612 -161h-61q-32 0 -59 -21.5t-34 -52.5l-73 -316 q-8 -36 -40.5 -61.5t-69.5 -25.5h-213q-31 0 -53 20t-22 51q0 10 13 65h151q34 0 64 23.5t38 56.5l73 316q8 33 37.5 57t63.5 24h61q390 0 607 160t217 421q0 129 -51 207q183 -92 183 -335zM1533 1123q0 -264 -221 -428q-218 -161 -612 -161h-60q-32 0 -59.5 -22t-34.5 -53 l-73 -315q-8 -36 -40 -61.5t-69 -25.5h-214q-31 0 -52.5 19.5t-21.5 51.5q0 8 2 20l300 1301q8 36 40.5 61.5t69.5 25.5h444q68 0 125 -4t120.5 -15t113.5 -30t96.5 -50.5t77.5 -74t49.5 -103.5t18.5 -136z" />
-<glyph unicode="&#xf1ee;" horiz-adv-x="1792" d="M602 949q19 -61 31 -123.5t17 -141.5t-14 -159t-62 -145q-21 81 -67 157t-95.5 127t-99 90.5t-78.5 57.5t-33 19q-62 34 -81.5 100t14.5 128t101 81.5t129 -14.5q138 -83 238 -177zM927 1236q11 -25 20.5 -46t36.5 -100.5t42.5 -150.5t25.5 -179.5t0 -205.5t-47.5 -209.5 t-105.5 -208.5q-51 -72 -138 -72q-54 0 -98 31q-57 40 -69 109t28 127q60 85 81 195t13 199.5t-32 180.5t-39 128t-22 52q-31 63 -8.5 129.5t85.5 97.5q34 17 75 17q47 0 88.5 -25t63.5 -69zM1248 567q-17 -160 -72 -311q-17 131 -63 246q25 174 -5 361q-27 178 -94 342 q114 -90 212 -211q9 -37 15 -80q26 -179 7 -347zM1520 1440q9 -17 23.5 -49.5t43.5 -117.5t50.5 -178t34 -227.5t5 -269t-47 -300t-112.5 -323.5q-22 -48 -66 -75.5t-95 -27.5q-39 0 -74 16q-67 31 -92.5 100t4.5 136q58 126 90 257.5t37.5 239.5t-3.5 213.5t-26.5 180.5 t-38.5 138.5t-32.5 90t-15.5 32.5q-34 65 -11.5 135.5t87.5 104.5q37 20 81 20q49 0 91.5 -25.5t66.5 -70.5z" />
-<glyph unicode="&#xf1f0;" horiz-adv-x="2304" d="M1975 546h-138q14 37 66 179l3 9q4 10 10 26t9 26l12 -55zM531 611l-58 295q-11 54 -75 54h-268l-2 -13q311 -79 403 -336zM710 960l-162 -438l-17 89q-26 70 -85 129.5t-131 88.5l135 -510h175l261 641h-176zM849 318h166l104 642h-166zM1617 944q-69 27 -149 27 q-123 0 -201 -59t-79 -153q-1 -102 145 -174q48 -23 67 -41t19 -39q0 -30 -30 -46t-69 -16q-86 0 -156 33l-22 11l-23 -144q74 -34 185 -34q130 -1 208.5 59t80.5 160q0 106 -140 174q-49 25 -71 42t-22 38q0 22 24.5 38.5t70.5 16.5q70 1 124 -24l15 -8zM2042 960h-128 q-65 0 -87 -54l-246 -588h174l35 96h212q5 -22 20 -96h154zM2304 1280v-1280q0 -52 -38 -90t-90 -38h-2048q-52 0 -90 38t-38 90v1280q0 52 38 90t90 38h2048q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf1f1;" horiz-adv-x="2304" d="M671 603h-13q-47 0 -47 -32q0 -22 20 -22q17 0 28 15t12 39zM1066 639h62v3q1 4 0.5 6.5t-1 7t-2 8t-4.5 6.5t-7.5 5t-11.5 2q-28 0 -36 -38zM1606 603h-12q-48 0 -48 -32q0 -22 20 -22q17 0 28 15t12 39zM1925 629q0 41 -30 41q-19 0 -31 -20t-12 -51q0 -42 28 -42 q20 0 32.5 20t12.5 52zM480 770h87l-44 -262h-56l32 201l-71 -201h-39l-4 200l-34 -200h-53l44 262h81l2 -163zM733 663q0 -6 -4 -42q-16 -101 -17 -113h-47l1 22q-20 -26 -58 -26q-23 0 -37.5 16t-14.5 42q0 39 26 60.5t73 21.5q14 0 23 -1q0 3 0.5 5.5t1 4.5t0.5 3 q0 20 -36 20q-29 0 -59 -10q0 4 7 48q38 11 67 11q74 0 74 -62zM889 721l-8 -49q-22 3 -41 3q-27 0 -27 -17q0 -8 4.5 -12t21.5 -11q40 -19 40 -60q0 -72 -87 -71q-34 0 -58 6q0 2 7 49q29 -8 51 -8q32 0 32 19q0 7 -4.5 11.5t-21.5 12.5q-43 20 -43 59q0 72 84 72 q30 0 50 -4zM977 721h28l-7 -52h-29q-2 -17 -6.5 -40.5t-7 -38.5t-2.5 -18q0 -16 19 -16q8 0 16 2l-8 -47q-21 -7 -40 -7q-43 0 -45 47q0 12 8 56q3 20 25 146h55zM1180 648q0 -23 -7 -52h-111q-3 -22 10 -33t38 -11q30 0 58 14l-9 -54q-30 -8 -57 -8q-95 0 -95 95 q0 55 27.5 90.5t69.5 35.5q35 0 55.5 -21t20.5 -56zM1319 722q-13 -23 -22 -62q-22 2 -31 -24t-25 -128h-56l3 14q22 130 29 199h51l-3 -33q14 21 25.5 29.5t28.5 4.5zM1506 763l-9 -57q-28 14 -50 14q-31 0 -51 -27.5t-20 -70.5q0 -30 13.5 -47t38.5 -17q21 0 48 13 l-10 -59q-28 -8 -50 -8q-45 0 -71.5 30.5t-26.5 82.5q0 70 35.5 114.5t91.5 44.5q26 0 61 -13zM1668 663q0 -18 -4 -42q-13 -79 -17 -113h-46l1 22q-20 -26 -59 -26q-23 0 -37 16t-14 42q0 39 25.5 60.5t72.5 21.5q15 0 23 -1q2 7 2 13q0 20 -36 20q-29 0 -59 -10q0 4 8 48 q38 11 67 11q73 0 73 -62zM1809 722q-14 -24 -21 -62q-23 2 -31.5 -23t-25.5 -129h-56l3 14q19 104 29 199h52q0 -11 -4 -33q15 21 26.5 29.5t27.5 4.5zM1950 770h56l-43 -262h-53l3 19q-23 -23 -52 -23q-31 0 -49.5 24t-18.5 64q0 53 27.5 92t64.5 39q31 0 53 -29z M2061 640q0 148 -72.5 273t-198 198t-273.5 73q-181 0 -328 -110q127 -116 171 -284h-50q-44 150 -158 253q-114 -103 -158 -253h-50q44 168 171 284q-147 110 -328 110q-148 0 -273.5 -73t-198 -198t-72.5 -273t72.5 -273t198 -198t273.5 -73q181 0 328 110 q-120 111 -165 264h50q46 -138 152 -233q106 95 152 233h50q-45 -153 -165 -264q147 -110 328 -110q148 0 273.5 73t198 198t72.5 273zM2304 1280v-1280q0 -52 -38 -90t-90 -38h-2048q-52 0 -90 38t-38 90v1280q0 52 38 90t90 38h2048q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf1f2;" horiz-adv-x="2304" d="M313 759q0 -51 -36 -84q-29 -26 -89 -26h-17v220h17q61 0 89 -27q36 -31 36 -83zM2089 824q0 -52 -64 -52h-19v101h20q63 0 63 -49zM380 759q0 74 -50 120.5t-129 46.5h-95v-333h95q74 0 119 38q60 51 60 128zM410 593h65v333h-65v-333zM730 694q0 40 -20.5 62t-75.5 42 q-29 10 -39.5 19t-10.5 23q0 16 13.5 26.5t34.5 10.5q29 0 53 -27l34 44q-41 37 -98 37q-44 0 -74 -27.5t-30 -67.5q0 -35 18 -55.5t64 -36.5q37 -13 45 -19q19 -12 19 -34q0 -20 -14 -33.5t-36 -13.5q-48 0 -71 44l-42 -40q44 -64 115 -64q51 0 83 30.5t32 79.5zM1008 604 v77q-37 -37 -78 -37q-49 0 -80.5 32.5t-31.5 82.5q0 48 31.5 81.5t77.5 33.5q43 0 81 -38v77q-40 20 -80 20q-74 0 -125.5 -50.5t-51.5 -123.5t51 -123.5t125 -50.5q42 0 81 19zM2240 0v527q-65 -40 -144.5 -84t-237.5 -117t-329.5 -137.5t-417.5 -134.5t-504 -118h1569 q26 0 45 19t19 45zM1389 757q0 75 -53 128t-128 53t-128 -53t-53 -128t53 -128t128 -53t128 53t53 128zM1541 584l144 342h-71l-90 -224l-89 224h-71l142 -342h35zM1714 593h184v56h-119v90h115v56h-115v74h119v57h-184v-333zM2105 593h80l-105 140q76 16 76 94q0 47 -31 73 t-87 26h-97v-333h65v133h9zM2304 1274v-1268q0 -56 -38.5 -95t-93.5 -39h-2040q-55 0 -93.5 39t-38.5 95v1268q0 56 38.5 95t93.5 39h2040q55 0 93.5 -39t38.5 -95z" />
-<glyph unicode="&#xf1f3;" horiz-adv-x="2304" d="M119 854h89l-45 108zM740 328l74 79l-70 79h-163v-49h142v-55h-142v-54h159zM898 406l99 -110v217zM1186 453q0 33 -40 33h-84v-69h83q41 0 41 36zM1475 457q0 29 -42 29h-82v-61h81q43 0 43 32zM1197 923q0 29 -42 29h-82v-60h81q43 0 43 31zM1656 854h89l-44 108z M699 1009v-271h-66v212l-94 -212h-57l-94 212v-212h-132l-25 60h-135l-25 -60h-70l116 271h96l110 -257v257h106l85 -184l77 184h108zM1255 453q0 -20 -5.5 -35t-14 -25t-22.5 -16.5t-26 -10t-31.5 -4.5t-31.5 -1t-32.5 0.5t-29.5 0.5v-91h-126l-80 90l-83 -90h-256v271h260 l80 -89l82 89h207q109 0 109 -89zM964 794v-56h-217v271h217v-57h-152v-49h148v-55h-148v-54h152zM2304 235v-229q0 -55 -38.5 -94.5t-93.5 -39.5h-2040q-55 0 -93.5 39.5t-38.5 94.5v678h111l25 61h55l25 -61h218v46l19 -46h113l20 47v-47h541v99l10 1q10 0 10 -14v-86h279 v23q23 -12 55 -18t52.5 -6.5t63 0.5t51.5 1l25 61h56l25 -61h227v58l34 -58h182v378h-180v-44l-25 44h-185v-44l-23 44h-249q-69 0 -109 -22v22h-172v-22q-24 22 -73 22h-628l-43 -97l-43 97h-198v-44l-22 44h-169l-78 -179v391q0 55 38.5 94.5t93.5 39.5h2040 q55 0 93.5 -39.5t38.5 -94.5v-678h-120q-51 0 -81 -22v22h-177q-55 0 -78 -22v22h-316v-22q-31 22 -87 22h-209v-22q-23 22 -91 22h-234l-54 -58l-50 58h-349v-378h343l55 59l52 -59h211v89h21q59 0 90 13v-102h174v99h8q8 0 10 -2t2 -10v-87h529q57 0 88 24v-24h168 q60 0 95 17zM1546 469q0 -23 -12 -43t-34 -29q25 -9 34 -26t9 -46v-54h-65v45q0 33 -12 43.5t-46 10.5h-69v-99h-65v271h154q48 0 77 -15t29 -58zM1269 936q0 -24 -12.5 -44t-33.5 -29q26 -9 34.5 -25.5t8.5 -46.5v-53h-65q0 9 0.5 26.5t0 25t-3 18.5t-8.5 16t-17.5 8.5 t-29.5 3.5h-70v-98h-64v271l153 -1q49 0 78 -14.5t29 -57.5zM1798 327v-56h-216v271h216v-56h-151v-49h148v-55h-148v-54zM1372 1009v-271h-66v271h66zM2065 357q0 -86 -102 -86h-126v58h126q34 0 34 25q0 16 -17 21t-41.5 5t-49.5 3.5t-42 22.5t-17 55q0 39 26 60t66 21 h130v-57h-119q-36 0 -36 -25q0 -16 17.5 -20.5t42 -4t49 -2.5t42 -21.5t17.5 -54.5zM2304 407v-101q-24 -35 -88 -35h-125v58h125q33 0 33 25q0 13 -12.5 19t-31 5.5t-40 2t-40 8t-31 24t-12.5 48.5q0 39 26.5 60t66.5 21h129v-57h-118q-36 0 -36 -25q0 -20 29 -22t68.5 -5 t56.5 -26zM2139 1008v-270h-92l-122 203v-203h-132l-26 60h-134l-25 -60h-75q-129 0 -129 133q0 138 133 138h63v-59q-7 0 -28 1t-28.5 0.5t-23 -2t-21.5 -6.5t-14.5 -13.5t-11.5 -23t-3 -33.5q0 -38 13.5 -58t49.5 -20h29l92 213h97l109 -256v256h99l114 -188v188h66z" />
-<glyph unicode="&#xf1f4;" horiz-adv-x="2304" d="M322 689h-15q-19 0 -19 18q0 28 19 85q5 15 15 19.5t28 4.5q77 0 77 -49q0 -41 -30.5 -59.5t-74.5 -18.5zM664 528q-47 0 -47 29q0 62 123 62l3 -3q-5 -88 -79 -88zM1438 687h-15q-19 0 -19 19q0 28 19 85q5 15 14.5 19t28.5 4q77 0 77 -49q0 -41 -30.5 -59.5 t-74.5 -18.5zM1780 527q-47 0 -47 30q0 62 123 62l3 -3q-5 -89 -79 -89zM373 894h-128q-8 0 -14.5 -4t-8.5 -7.5t-7 -12.5q-3 -7 -45 -190t-42 -192q0 -7 5.5 -12.5t13.5 -5.5h62q25 0 32.5 34.5l15 69t32.5 34.5q47 0 87.5 7.5t80.5 24.5t63.5 52.5t23.5 84.5 q0 36 -14.5 61t-41 36.5t-53.5 15.5t-62 4zM719 798q-38 0 -74 -6q-2 0 -8.5 -1t-9 -1.5l-7.5 -1.5t-7.5 -2t-6.5 -3t-6.5 -4t-5 -5t-4.5 -7t-4 -9q-9 -29 -9 -39t9 -10q5 0 21.5 5t19.5 6q30 8 58 8q74 0 74 -36q0 -11 -10 -14q-8 -2 -18 -3t-21.5 -1.5t-17.5 -1.5 q-38 -4 -64.5 -10t-56.5 -19.5t-45.5 -39t-15.5 -62.5q0 -38 26 -59.5t64 -21.5q24 0 45.5 6.5t33 13t38.5 23.5q-3 -7 -3 -15t5.5 -13.5t12.5 -5.5h56q1 1 7 3.5t7.5 3.5t5 3.5t5 5.5t2.5 8l45 194q4 13 4 30q0 81 -145 81zM1247 793h-74q-22 0 -39 -23q-5 -7 -29.5 -51 t-46.5 -81.5t-26 -38.5l-5 4q0 77 -27 166q-1 5 -3.5 8.5t-6 6.5t-6.5 5t-8.5 3t-8.5 1.5t-9.5 1t-9 0.5h-10h-8.5q-38 0 -38 -21l1 -5q5 -53 25 -151t25 -143q2 -16 2 -24q0 -19 -30.5 -61.5t-30.5 -58.5q0 -13 40 -13q61 0 76 25l245 415q10 20 10 26q0 9 -8 9zM1489 892 h-129q-18 0 -29 -23q-6 -13 -46.5 -191.5t-40.5 -190.5q0 -20 43 -20h7.5h9h9t9.5 1t8.5 2t8.5 3t6.5 4.5t5.5 6t3 8.5l21 91q2 10 10.5 17t19.5 7q47 0 87.5 7t80.5 24.5t63.5 52.5t23.5 84q0 36 -14.5 61t-41 36.5t-53.5 15.5t-62 4zM1835 798q-26 0 -74 -6 q-38 -6 -48 -16q-7 -8 -11 -19q-8 -24 -8 -39q0 -10 8 -10q1 0 41 12q30 8 58 8q74 0 74 -36q0 -12 -10 -14q-4 -1 -57 -7q-38 -4 -64.5 -10t-56.5 -19.5t-45.5 -39t-15.5 -62.5t26 -58.5t64 -21.5q24 0 45 6t34 13t38 24q-3 -15 -3 -16q0 -5 2 -8.5t6.5 -5.5t8 -3.5 t10.5 -2t9.5 -0.5h9.5h8q42 0 48 25l45 194q3 15 3 31q0 81 -145 81zM2157 889h-55q-25 0 -33 -40q-10 -44 -36.5 -167t-42.5 -190v-5q0 -16 16 -18h1h57q10 0 18.5 6.5t10.5 16.5l83 374h-1l1 5q0 7 -5.5 12.5t-13.5 5.5zM2304 1280v-1280q0 -52 -38 -90t-90 -38h-2048 q-52 0 -90 38t-38 90v1280q0 52 38 90t90 38h2048q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf1f5;" horiz-adv-x="2304" d="M1597 633q0 -69 -21 -106q-19 -35 -52 -35q-23 0 -41 9v224q29 30 57 30q57 0 57 -122zM2035 669h-110q6 98 56 98q51 0 54 -98zM476 534q0 59 -33 91.5t-101 57.5q-36 13 -52 24t-16 25q0 26 38 26q58 0 124 -33l18 112q-67 32 -149 32q-77 0 -123 -38q-48 -39 -48 -109 q0 -58 32.5 -90.5t99.5 -56.5q39 -14 54.5 -25.5t15.5 -27.5q0 -31 -48 -31q-29 0 -70 12.5t-72 30.5l-18 -113q72 -41 168 -41q81 0 129 37q51 41 51 117zM771 749l19 111h-96v135l-129 -21l-18 -114l-46 -8l-17 -103h62v-219q0 -84 44 -120q38 -30 111 -30q32 0 79 11v118 q-32 -7 -44 -7q-42 0 -42 50v197h77zM1087 724v139q-15 3 -28 3q-32 0 -55.5 -16t-33.5 -46l-10 56h-131v-471h150v306q26 31 82 31q16 0 26 -2zM1124 389h150v471h-150v-471zM1746 638q0 122 -45 179q-40 52 -111 52q-64 0 -117 -56l-8 47h-132v-645l150 25v151 q36 -11 68 -11q83 0 134 56q61 65 61 202zM1278 986q0 33 -23 56t-56 23t-56 -23t-23 -56t23 -56.5t56 -23.5t56 23.5t23 56.5zM2176 629q0 113 -48 176q-50 64 -144 64q-96 0 -151.5 -66t-55.5 -180q0 -128 63 -188q55 -55 161 -55q101 0 160 40l-16 103q-57 -31 -128 -31 q-43 0 -63 19q-23 19 -28 66h248q2 14 2 52zM2304 1280v-1280q0 -52 -38 -90t-90 -38h-2048q-52 0 -90 38t-38 90v1280q0 52 38 90t90 38h2048q52 0 90 -38t38 -90z" />
-<glyph unicode="&#xf1f6;" horiz-adv-x="2048" d="M1558 684q61 -356 298 -556q0 -52 -38 -90t-90 -38h-448q0 -106 -75 -181t-181 -75t-180.5 74.5t-75.5 180.5zM1024 -176q16 0 16 16t-16 16q-59 0 -101.5 42.5t-42.5 101.5q0 16 -16 16t-16 -16q0 -73 51.5 -124.5t124.5 -51.5zM2026 1424q8 -10 7.5 -23.5t-10.5 -22.5 l-1872 -1622q-10 -8 -23.5 -7t-21.5 11l-84 96q-8 10 -7.5 23.5t10.5 21.5l186 161q-19 32 -19 66q50 42 91 88t85 119.5t74.5 158.5t50 206t19.5 260q0 152 117 282.5t307 158.5q-8 19 -8 39q0 40 28 68t68 28t68 -28t28 -68q0 -20 -8 -39q124 -18 219 -82.5t148 -157.5 l418 363q10 8 23.5 7t21.5 -11z" />
-<glyph unicode="&#xf1f7;" horiz-adv-x="2048" d="M1040 -160q0 16 -16 16q-59 0 -101.5 42.5t-42.5 101.5q0 16 -16 16t-16 -16q0 -73 51.5 -124.5t124.5 -51.5q16 0 16 16zM503 315l877 760q-42 88 -132.5 146.5t-223.5 58.5q-93 0 -169.5 -31.5t-121.5 -80.5t-69 -103t-24 -105q0 -384 -137 -645zM1856 128 q0 -52 -38 -90t-90 -38h-448q0 -106 -75 -181t-181 -75t-180.5 74.5t-75.5 180.5l149 129h757q-166 187 -227 459l111 97q61 -356 298 -556zM1942 1520l84 -96q8 -10 7.5 -23.5t-10.5 -22.5l-1872 -1622q-10 -8 -23.5 -7t-21.5 11l-84 96q-8 10 -7.5 23.5t10.5 21.5l186 161 q-19 32 -19 66q50 42 91 88t85 119.5t74.5 158.5t50 206t19.5 260q0 152 117 282.5t307 158.5q-8 19 -8 39q0 40 28 68t68 28t68 -28t28 -68q0 -20 -8 -39q124 -18 219 -82.5t148 -157.5l418 363q10 8 23.5 7t21.5 -11z" />
-<glyph unicode="&#xf1f8;" horiz-adv-x="1408" d="M512 160v704q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-704q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM768 160v704q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-704q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM1024 160v704q0 14 -9 23t-23 9h-64q-14 0 -23 -9t-9 -23v-704 q0 -14 9 -23t23 -9h64q14 0 23 9t9 23zM480 1152h448l-48 117q-7 9 -17 11h-317q-10 -2 -17 -11zM1408 1120v-64q0 -14 -9 -23t-23 -9h-96v-948q0 -83 -47 -143.5t-113 -60.5h-832q-66 0 -113 58.5t-47 141.5v952h-96q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h309l70 167 q15 37 54 63t79 26h320q40 0 79 -26t54 -63l70 -167h309q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf1f9;" d="M1150 462v-109q0 -50 -36.5 -89t-94 -60.5t-118 -32.5t-117.5 -11q-205 0 -342.5 139t-137.5 346q0 203 136 339t339 136q34 0 75.5 -4.5t93 -18t92.5 -34t69 -56.5t28 -81v-109q0 -16 -16 -16h-118q-16 0 -16 16v70q0 43 -65.5 67.5t-137.5 24.5q-140 0 -228.5 -91.5 t-88.5 -237.5q0 -151 91.5 -249.5t233.5 -98.5q68 0 138 24t70 66v70q0 7 4.5 11.5t10.5 4.5h119q6 0 11 -4.5t5 -11.5zM768 1280q-130 0 -248.5 -51t-204 -136.5t-136.5 -204t-51 -248.5t51 -248.5t136.5 -204t204 -136.5t248.5 -51t248.5 51t204 136.5t136.5 204t51 248.5 t-51 248.5t-136.5 204t-204 136.5t-248.5 51zM1536 640q0 -209 -103 -385.5t-279.5 -279.5t-385.5 -103t-385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103t385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf1fa;" d="M972 761q0 108 -53.5 169t-147.5 61q-63 0 -124 -30.5t-110 -84.5t-79.5 -137t-30.5 -180q0 -112 53.5 -173t150.5 -61q96 0 176 66.5t122.5 166t42.5 203.5zM1536 640q0 -111 -37 -197t-98.5 -135t-131.5 -74.5t-145 -27.5q-6 0 -15.5 -0.5t-16.5 -0.5q-95 0 -142 53 q-28 33 -33 83q-52 -66 -131.5 -110t-173.5 -44q-161 0 -249.5 95.5t-88.5 269.5q0 157 66 290t179 210.5t246 77.5q87 0 155 -35.5t106 -99.5l2 19l11 56q1 6 5.5 12t9.5 6h118q5 0 13 -11q5 -5 3 -16l-120 -614q-5 -24 -5 -48q0 -39 12.5 -52t44.5 -13q28 1 57 5.5t73 24 t77 50t57 89.5t24 137q0 292 -174 466t-466 174q-130 0 -248.5 -51t-204 -136.5t-136.5 -204t-51 -248.5t51 -248.5t136.5 -204t204 -136.5t248.5 -51q228 0 405 144q11 9 24 8t21 -12l41 -49q8 -12 7 -24q-2 -13 -12 -22q-102 -83 -227.5 -128t-258.5 -45q-156 0 -298 61 t-245 164t-164 245t-61 298t61 298t164 245t245 164t298 61q344 0 556 -212t212 -556z" />
-<glyph unicode="&#xf1fb;" horiz-adv-x="1792" d="M1698 1442q94 -94 94 -226.5t-94 -225.5l-225 -223l104 -104q10 -10 10 -23t-10 -23l-210 -210q-10 -10 -23 -10t-23 10l-105 105l-603 -603q-37 -37 -90 -37h-203l-256 -128l-64 64l128 256v203q0 53 37 90l603 603l-105 105q-10 10 -10 23t10 23l210 210q10 10 23 10 t23 -10l104 -104l223 225q93 94 225.5 94t226.5 -94zM512 64l576 576l-192 192l-576 -576v-192h192z" />
-<glyph unicode="&#xf1fc;" horiz-adv-x="1792" d="M1615 1536q70 0 122.5 -46.5t52.5 -116.5q0 -63 -45 -151q-332 -629 -465 -752q-97 -91 -218 -91q-126 0 -216.5 92.5t-90.5 219.5q0 128 92 212l638 579q59 54 130 54zM706 502q39 -76 106.5 -130t150.5 -76l1 -71q4 -213 -129.5 -347t-348.5 -134q-123 0 -218 46.5 t-152.5 127.5t-86.5 183t-29 220q7 -5 41 -30t62 -44.5t59 -36.5t46 -17q41 0 55 37q25 66 57.5 112.5t69.5 76t88 47.5t103 25.5t125 10.5z" />
-<glyph unicode="&#xf1fd;" horiz-adv-x="1792" d="M1792 128v-384h-1792v384q45 0 85 14t59 27.5t47 37.5q30 27 51.5 38t56.5 11t55.5 -11t52.5 -38q29 -25 47 -38t58 -27t86 -14q45 0 85 14.5t58 27t48 37.5q21 19 32.5 27t31 15t43.5 7q35 0 56.5 -11t51.5 -38q28 -24 47 -37.5t59 -27.5t85 -14t85 14t59 27.5t47 37.5 q30 27 51.5 38t56.5 11q34 0 55.5 -11t51.5 -38q28 -24 47 -37.5t59 -27.5t85 -14zM1792 448v-192q-35 0 -55.5 11t-52.5 38q-29 25 -47 38t-58 27t-85 14q-46 0 -86 -14t-58 -27t-47 -38q-22 -19 -33 -27t-31 -15t-44 -7q-35 0 -56.5 11t-51.5 38q-29 25 -47 38t-58 27 t-86 14q-45 0 -85 -14.5t-58 -27t-48 -37.5q-21 -19 -32.5 -27t-31 -15t-43.5 -7q-35 0 -56.5 11t-51.5 38q-28 24 -47 37.5t-59 27.5t-85 14q-46 0 -86 -14t-58 -27t-47 -38q-30 -27 -51.5 -38t-56.5 -11v192q0 80 56 136t136 56h64v448h256v-448h256v448h256v-448h256v448 h256v-448h64q80 0 136 -56t56 -136zM512 1312q0 -77 -36 -118.5t-92 -41.5q-53 0 -90.5 37.5t-37.5 90.5q0 29 9.5 51t23.5 34t31 28t31 31.5t23.5 44.5t9.5 67q38 0 83 -74t45 -150zM1024 1312q0 -77 -36 -118.5t-92 -41.5q-53 0 -90.5 37.5t-37.5 90.5q0 29 9.5 51 t23.5 34t31 28t31 31.5t23.5 44.5t9.5 67q38 0 83 -74t45 -150zM1536 1312q0 -77 -36 -118.5t-92 -41.5q-53 0 -90.5 37.5t-37.5 90.5q0 29 9.5 51t23.5 34t31 28t31 31.5t23.5 44.5t9.5 67q38 0 83 -74t45 -150z" />
-<glyph unicode="&#xf1fe;" horiz-adv-x="2048" d="M2048 0v-128h-2048v1536h128v-1408h1920zM1664 1024l256 -896h-1664v576l448 576l576 -576z" />
-<glyph unicode="&#xf200;" horiz-adv-x="1792" d="M768 646l546 -546q-106 -108 -247.5 -168t-298.5 -60q-209 0 -385.5 103t-279.5 279.5t-103 385.5t103 385.5t279.5 279.5t385.5 103v-762zM955 640h773q0 -157 -60 -298.5t-168 -247.5zM1664 768h-768v768q209 0 385.5 -103t279.5 -279.5t103 -385.5z" />
-<glyph unicode="&#xf201;" horiz-adv-x="2048" d="M2048 0v-128h-2048v1536h128v-1408h1920zM1920 1248v-435q0 -21 -19.5 -29.5t-35.5 7.5l-121 121l-633 -633q-10 -10 -23 -10t-23 10l-233 233l-416 -416l-192 192l585 585q10 10 23 10t23 -10l233 -233l464 464l-121 121q-16 16 -7.5 35.5t29.5 19.5h435q14 0 23 -9 t9 -23z" />
-<glyph unicode="&#xf202;" horiz-adv-x="1792" d="M1292 832q0 -6 10 -41q10 -29 25 -49.5t41 -34t44 -20t55 -16.5q325 -91 325 -332q0 -146 -105.5 -242.5t-254.5 -96.5q-59 0 -111.5 18.5t-91.5 45.5t-77 74.5t-63 87.5t-53.5 103.5t-43.5 103t-39.5 106.5t-35.5 95q-32 81 -61.5 133.5t-73.5 96.5t-104 64t-142 20 q-96 0 -183 -55.5t-138 -144.5t-51 -185q0 -160 106.5 -279.5t263.5 -119.5q177 0 258 95q56 63 83 116l84 -152q-15 -34 -44 -70l1 -1q-131 -152 -388 -152q-147 0 -269.5 79t-190.5 207.5t-68 274.5q0 105 43.5 206t116 176.5t172 121.5t204.5 46q87 0 159 -19t123.5 -50 t95 -80t72.5 -99t58.5 -117t50.5 -124.5t50 -130.5t55 -127q96 -200 233 -200q81 0 138.5 48.5t57.5 128.5q0 42 -19 72t-50.5 46t-72.5 31.5t-84.5 27t-87.5 34t-81 52t-65 82t-39 122.5q-3 16 -3 33q0 110 87.5 192t198.5 78q78 -3 120.5 -14.5t90.5 -53.5h-1 q12 -11 23 -24.5t26 -36t19 -27.5l-129 -99q-26 49 -54 70v1q-23 21 -97 21q-49 0 -84 -33t-35 -83z" />
-<glyph unicode="&#xf203;" d="M1432 484q0 173 -234 239q-35 10 -53 16.5t-38 25t-29 46.5q0 2 -2 8.5t-3 12t-1 7.5q0 36 24.5 59.5t60.5 23.5q54 0 71 -15h-1q20 -15 39 -51l93 71q-39 54 -49 64q-33 29 -67.5 39t-85.5 10q-80 0 -142 -57.5t-62 -137.5q0 -7 2 -23q16 -96 64.5 -140t148.5 -73 q29 -8 49 -15.5t45 -21.5t38.5 -34.5t13.5 -46.5v-5q1 -58 -40.5 -93t-100.5 -35q-97 0 -167 144q-23 47 -51.5 121.5t-48 125.5t-54 110.5t-74 95.5t-103.5 60.5t-147 24.5q-101 0 -192 -56t-144 -148t-50 -192v-1q4 -108 50.5 -199t133.5 -147.5t196 -56.5q186 0 279 110 q20 27 31 51l-60 109q-42 -80 -99 -116t-146 -36q-115 0 -191 87t-76 204q0 105 82 189t186 84q112 0 170 -53.5t104 -172.5q8 -21 25.5 -68.5t28.5 -76.5t31.5 -74.5t38.5 -74t45.5 -62.5t55.5 -53.5t66 -33t80 -13.5q107 0 183 69.5t76 174.5zM1536 1120v-960 q0 -119 -84.5 -203.5t-203.5 -84.5h-960q-119 0 -203.5 84.5t-84.5 203.5v960q0 119 84.5 203.5t203.5 84.5h960q119 0 203.5 -84.5t84.5 -203.5z" />
-<glyph unicode="&#xf204;" horiz-adv-x="2048" d="M1152 640q0 104 -40.5 198.5t-109.5 163.5t-163.5 109.5t-198.5 40.5t-198.5 -40.5t-163.5 -109.5t-109.5 -163.5t-40.5 -198.5t40.5 -198.5t109.5 -163.5t163.5 -109.5t198.5 -40.5t198.5 40.5t163.5 109.5t109.5 163.5t40.5 198.5zM1920 640q0 104 -40.5 198.5 t-109.5 163.5t-163.5 109.5t-198.5 40.5h-386q119 -90 188.5 -224t69.5 -288t-69.5 -288t-188.5 -224h386q104 0 198.5 40.5t163.5 109.5t109.5 163.5t40.5 198.5zM2048 640q0 -130 -51 -248.5t-136.5 -204t-204 -136.5t-248.5 -51h-768q-130 0 -248.5 51t-204 136.5 t-136.5 204t-51 248.5t51 248.5t136.5 204t204 136.5t248.5 51h768q130 0 248.5 -51t204 -136.5t136.5 -204t51 -248.5z" />
-<glyph unicode="&#xf205;" horiz-adv-x="2048" d="M0 640q0 130 51 248.5t136.5 204t204 136.5t248.5 51h768q130 0 248.5 -51t204 -136.5t136.5 -204t51 -248.5t-51 -248.5t-136.5 -204t-204 -136.5t-248.5 -51h-768q-130 0 -248.5 51t-204 136.5t-136.5 204t-51 248.5zM1408 128q104 0 198.5 40.5t163.5 109.5 t109.5 163.5t40.5 198.5t-40.5 198.5t-109.5 163.5t-163.5 109.5t-198.5 40.5t-198.5 -40.5t-163.5 -109.5t-109.5 -163.5t-40.5 -198.5t40.5 -198.5t109.5 -163.5t163.5 -109.5t198.5 -40.5z" />
-<glyph unicode="&#xf206;" horiz-adv-x="2304" d="M762 384h-314q-40 0 -57.5 35t6.5 67l188 251q-65 31 -137 31q-132 0 -226 -94t-94 -226t94 -226t226 -94q115 0 203 72.5t111 183.5zM576 512h186q-18 85 -75 148zM1056 512l288 384h-480l-99 -132q105 -103 126 -252h165zM2176 448q0 132 -94 226t-226 94 q-60 0 -121 -24l174 -260q15 -23 10 -49t-27 -40q-15 -11 -36 -11q-35 0 -53 29l-174 260q-93 -95 -93 -225q0 -132 94 -226t226 -94t226 94t94 226zM2304 448q0 -185 -131.5 -316.5t-316.5 -131.5t-316.5 131.5t-131.5 316.5q0 97 39.5 183.5t109.5 149.5l-65 98l-353 -469 q-18 -26 -51 -26h-197q-23 -164 -149 -274t-294 -110q-185 0 -316.5 131.5t-131.5 316.5t131.5 316.5t316.5 131.5q114 0 215 -55l137 183h-224q-26 0 -45 19t-19 45t19 45t45 19h384v-128h435l-85 128h-222q-26 0 -45 19t-19 45t19 45t45 19h256q33 0 53 -28l267 -400 q91 44 192 44q185 0 316.5 -131.5t131.5 -316.5z" />
-<glyph unicode="&#xf207;" d="M384 320q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1408 320q0 53 -37.5 90.5t-90.5 37.5t-90.5 -37.5t-37.5 -90.5t37.5 -90.5t90.5 -37.5t90.5 37.5t37.5 90.5zM1362 716l-72 384q-5 23 -22.5 37.5t-40.5 14.5 h-918q-23 0 -40.5 -14.5t-22.5 -37.5l-72 -384q-5 -30 14 -53t49 -23h1062q30 0 49 23t14 53zM1136 1328q0 20 -14 34t-34 14h-640q-20 0 -34 -14t-14 -34t14 -34t34 -14h640q20 0 34 14t14 34zM1536 603v-603h-128v-128q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5 t-37.5 90.5v128h-768v-128q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5v128h-128v603q0 112 25 223l103 454q9 78 97.5 137t230 89t312.5 30t312.5 -30t230 -89t97.5 -137l105 -454q23 -102 23 -223z" />
-<glyph unicode="&#xf208;" horiz-adv-x="2048" d="M1463 704q0 -35 -25 -60.5t-61 -25.5h-702q-36 0 -61 25.5t-25 60.5t25 60.5t61 25.5h702q36 0 61 -25.5t25 -60.5zM1677 704q0 86 -23 170h-982q-36 0 -61 25t-25 60q0 36 25 61t61 25h908q-88 143 -235 227t-320 84q-177 0 -327.5 -87.5t-238 -237.5t-87.5 -327 q0 -86 23 -170h982q36 0 61 -25t25 -60q0 -36 -25 -61t-61 -25h-908q88 -143 235.5 -227t320.5 -84q132 0 253 51.5t208 139t139 208t52 253.5zM2048 959q0 -35 -25 -60t-61 -25h-131q17 -85 17 -170q0 -167 -65.5 -319.5t-175.5 -263t-262.5 -176t-319.5 -65.5 q-246 0 -448.5 133t-301.5 350h-189q-36 0 -61 25t-25 61q0 35 25 60t61 25h132q-17 85 -17 170q0 167 65.5 319.5t175.5 263t262.5 176t320.5 65.5q245 0 447.5 -133t301.5 -350h188q36 0 61 -25t25 -61z" />
-<glyph unicode="&#xf209;" horiz-adv-x="1280" d="M953 1158l-114 -328l117 -21q165 451 165 518q0 56 -38 56q-57 0 -130 -225zM654 471l33 -88q37 42 71 67l-33 5.5t-38.5 7t-32.5 8.5zM362 1367q0 -98 159 -521q18 10 49 10q15 0 75 -5l-121 351q-75 220 -123 220q-19 0 -29 -17.5t-10 -37.5zM283 608q0 -36 51.5 -119 t117.5 -153t100 -70q14 0 25.5 13t11.5 27q0 24 -32 102q-13 32 -32 72t-47.5 89t-61.5 81t-62 32q-20 0 -45.5 -27t-25.5 -47zM125 273q0 -41 25 -104q59 -145 183.5 -227t281.5 -82q227 0 382 170q152 169 152 427q0 43 -1 67t-11.5 62t-30.5 56q-56 49 -211.5 75.5 t-270.5 26.5q-37 0 -49 -11q-12 -5 -12 -35q0 -34 21.5 -60t55.5 -40t77.5 -23.5t87.5 -11.5t85 -4t70 0h23q24 0 40 -19q15 -19 19 -55q-28 -28 -96 -54q-61 -22 -93 -46q-64 -46 -108.5 -114t-44.5 -137q0 -31 18.5 -88.5t18.5 -87.5l-3 -12q-4 -12 -4 -14 q-137 10 -146 216q-8 -2 -41 -2q2 -7 2 -21q0 -53 -40.5 -89.5t-94.5 -36.5q-82 0 -166.5 78t-84.5 159q0 34 33 67q52 -64 60 -76q77 -104 133 -104q12 0 26.5 8.5t14.5 20.5q0 34 -87.5 145t-116.5 111q-43 0 -70 -44.5t-27 -90.5zM11 264q0 101 42.5 163t136.5 88 q-28 74 -28 104q0 62 61 123t122 61q29 0 70 -15q-163 462 -163 567q0 80 41 130.5t119 50.5q131 0 325 -581q6 -17 8 -23q6 16 29 79.5t43.5 118.5t54 127.5t64.5 123t70.5 86.5t76.5 36q71 0 112 -49t41 -122q0 -108 -159 -550q61 -15 100.5 -46t58.5 -78t26 -93.5 t7 -110.5q0 -150 -47 -280t-132 -225t-211 -150t-278 -55q-111 0 -223 42q-149 57 -258 191.5t-109 286.5z" />
-<glyph unicode="&#xf20a;" horiz-adv-x="2048" d="M785 528h207q-14 -158 -98.5 -248.5t-214.5 -90.5q-162 0 -254.5 116t-92.5 316q0 194 93 311.5t233 117.5q148 0 232 -87t97 -247h-203q-5 64 -35.5 99t-81.5 35q-57 0 -88.5 -60.5t-31.5 -177.5q0 -48 5 -84t18 -69.5t40 -51.5t66 -18q95 0 109 139zM1497 528h206 q-14 -158 -98 -248.5t-214 -90.5q-162 0 -254.5 116t-92.5 316q0 194 93 311.5t233 117.5q148 0 232 -87t97 -247h-204q-4 64 -35 99t-81 35q-57 0 -88.5 -60.5t-31.5 -177.5q0 -48 5 -84t18 -69.5t39.5 -51.5t65.5 -18q49 0 76.5 38t33.5 101zM1856 647q0 207 -15.5 307 t-60.5 161q-6 8 -13.5 14t-21.5 15t-16 11q-86 63 -697 63q-625 0 -710 -63q-5 -4 -17.5 -11.5t-21 -14t-14.5 -14.5q-45 -60 -60 -159.5t-15 -308.5q0 -208 15 -307.5t60 -160.5q6 -8 15 -15t20.5 -14t17.5 -12q44 -33 239.5 -49t470.5 -16q610 0 697 65q5 4 17 11t20.5 14 t13.5 16q46 60 61 159t15 309zM2048 1408v-1536h-2048v1536h2048z" />
-<glyph unicode="&#xf20b;" d="M992 912v-496q0 -14 -9 -23t-23 -9h-160q-14 0 -23 9t-9 23v496q0 112 -80 192t-192 80h-272v-1152q0 -14 -9 -23t-23 -9h-160q-14 0 -23 9t-9 23v1344q0 14 9 23t23 9h464q135 0 249 -66.5t180.5 -180.5t66.5 -249zM1376 1376v-880q0 -135 -66.5 -249t-180.5 -180.5 t-249 -66.5h-464q-14 0 -23 9t-9 23v960q0 14 9 23t23 9h160q14 0 23 -9t9 -23v-768h272q112 0 192 80t80 192v880q0 14 9 23t23 9h160q14 0 23 -9t9 -23z" />
-<glyph unicode="&#xf20c;" d="M1311 694v-114q0 -24 -13.5 -38t-37.5 -14h-202q-24 0 -38 14t-14 38v114q0 24 14 38t38 14h202q24 0 37.5 -14t13.5 -38zM821 464v250q0 53 -32.5 85.5t-85.5 32.5h-133q-68 0 -96 -52q-28 52 -96 52h-130q-53 0 -85.5 -32.5t-32.5 -85.5v-250q0 -22 21 -22h55 q22 0 22 22v230q0 24 13.5 38t38.5 14h94q24 0 38 -14t14 -38v-230q0 -22 21 -22h54q22 0 22 22v230q0 24 14 38t38 14h97q24 0 37.5 -14t13.5 -38v-230q0 -22 22 -22h55q21 0 21 22zM1410 560v154q0 53 -33 85.5t-86 32.5h-264q-53 0 -86 -32.5t-33 -85.5v-410 q0 -21 22 -21h55q21 0 21 21v180q31 -42 94 -42h191q53 0 86 32.5t33 85.5zM1536 1176v-1072q0 -96 -68 -164t-164 -68h-1072q-96 0 -164 68t-68 164v1072q0 96 68 164t164 68h1072q96 0 164 -68t68 -164z" />
-<glyph unicode="&#xf20d;" d="M915 450h-294l147 551zM1001 128h311l-324 1024h-440l-324 -1024h311l383 314zM1536 1120v-960q0 -118 -85 -203t-203 -85h-960q-118 0 -203 85t-85 203v960q0 118 85 203t203 85h960q118 0 203 -85t85 -203z" />
-<glyph unicode="&#xf20e;" horiz-adv-x="2048" d="M2048 641q0 -21 -13 -36.5t-33 -19.5l-205 -356q3 -9 3 -18q0 -20 -12.5 -35.5t-32.5 -19.5l-193 -337q3 -8 3 -16q0 -23 -16.5 -40t-40.5 -17q-25 0 -41 18h-400q-17 -20 -43 -20t-43 20h-399q-17 -20 -43 -20q-23 0 -40 16.5t-17 40.5q0 8 4 20l-193 335 q-20 4 -32.5 19.5t-12.5 35.5q0 9 3 18l-206 356q-20 5 -32.5 20.5t-12.5 35.5q0 21 13.5 36.5t33.5 19.5l199 344q0 1 -0.5 3t-0.5 3q0 36 34 51l209 363q-4 10 -4 18q0 24 17 40.5t40 16.5q26 0 44 -21h396q16 21 43 21t43 -21h398q18 21 44 21q23 0 40 -16.5t17 -40.5 q0 -6 -4 -18l207 -358q23 -1 39 -17.5t16 -38.5q0 -13 -7 -27l187 -324q19 -4 31.5 -19.5t12.5 -35.5zM1063 -158h389l-342 354h-143l-342 -354h360q18 16 39 16t39 -16zM112 654q1 -4 1 -13q0 -10 -2 -15l208 -360q2 0 4.5 -1t5.5 -2.5l5 -2.5l188 199v347l-187 194 q-13 -8 -29 -10zM986 1438h-388l190 -200l554 200h-280q-16 -16 -38 -16t-38 16zM1689 226q1 6 5 11l-64 68l-17 -79h76zM1583 226l22 105l-252 266l-296 -307l63 -64h463zM1495 -142l16 28l65 310h-427l333 -343q8 4 13 5zM578 -158h5l342 354h-373v-335l4 -6q14 -5 22 -13 zM552 226h402l64 66l-309 321l-157 -166v-221zM359 226h163v189l-168 -177q4 -8 5 -12zM358 1051q0 -1 0.5 -2t0.5 -2q0 -16 -8 -29l171 -177v269zM552 1121v-311l153 -157l297 314l-223 236zM556 1425l-4 -8v-264l205 74l-191 201q-6 -2 -10 -3zM1447 1438h-16l-621 -224 l213 -225zM1023 946l-297 -315l311 -319l296 307zM688 634l-136 141v-284zM1038 270l-42 -44h85zM1374 618l238 -251l132 624l-3 5l-1 1zM1718 1018q-8 13 -8 29v2l-216 376q-5 1 -13 5l-437 -463l310 -327zM522 1142v223l-163 -282zM522 196h-163l163 -283v283zM1607 196 l-48 -227l130 227h-82zM1729 266l207 361q-2 10 -2 14q0 1 3 16l-171 296l-129 -612l77 -82q5 3 15 7z" />
-<glyph unicode="&#xf210;" d="M0 856q0 131 91.5 226.5t222.5 95.5h742l352 358v-1470q0 -132 -91.5 -227t-222.5 -95h-780q-131 0 -222.5 95t-91.5 227v790zM1232 102l-176 180v425q0 46 -32 79t-78 33h-484q-46 0 -78 -33t-32 -79v-492q0 -46 32.5 -79.5t77.5 -33.5h770z" />
-<glyph unicode="&#xf211;" d="M934 1386q-317 -121 -556 -362.5t-358 -560.5q-20 89 -20 176q0 208 102.5 384.5t278.5 279t384 102.5q82 0 169 -19zM1203 1267q93 -65 164 -155q-389 -113 -674.5 -400.5t-396.5 -676.5q-93 72 -155 162q112 386 395 671t667 399zM470 -67q115 356 379.5 622t619.5 384 q40 -92 54 -195q-292 -120 -516 -345t-343 -518q-103 14 -194 52zM1536 -125q-193 50 -367 115q-135 -84 -290 -107q109 205 274 370.5t369 275.5q-21 -152 -101 -284q65 -175 115 -370z" />
-<glyph unicode="&#xf212;" horiz-adv-x="2048" d="M1893 1144l155 -1272q-131 0 -257 57q-200 91 -393 91q-226 0 -374 -148q-148 148 -374 148q-193 0 -393 -91q-128 -57 -252 -57h-5l155 1272q224 127 482 127q233 0 387 -106q154 106 387 106q258 0 482 -127zM1398 157q129 0 232 -28.5t260 -93.5l-124 1021 q-171 78 -368 78q-224 0 -374 -141q-150 141 -374 141q-197 0 -368 -78l-124 -1021q105 43 165.5 65t148.5 39.5t178 17.5q202 0 374 -108q172 108 374 108zM1438 191l-55 907q-211 -4 -359 -155q-152 155 -374 155q-176 0 -336 -66l-114 -941q124 51 228.5 76t221.5 25 q209 0 374 -102q172 107 374 102z" />
-<glyph unicode="&#xf213;" horiz-adv-x="2048" d="M1500 165v733q0 21 -15 36t-35 15h-93q-20 0 -35 -15t-15 -36v-733q0 -20 15 -35t35 -15h93q20 0 35 15t15 35zM1216 165v531q0 20 -15 35t-35 15h-101q-20 0 -35 -15t-15 -35v-531q0 -20 15 -35t35 -15h101q20 0 35 15t15 35zM924 165v429q0 20 -15 35t-35 15h-101 q-20 0 -35 -15t-15 -35v-429q0 -20 15 -35t35 -15h101q20 0 35 15t15 35zM632 165v362q0 20 -15 35t-35 15h-101q-20 0 -35 -15t-15 -35v-362q0 -20 15 -35t35 -15h101q20 0 35 15t15 35zM2048 311q0 -166 -118 -284t-284 -118h-1244q-166 0 -284 118t-118 284 q0 116 63 214.5t168 148.5q-10 34 -10 73q0 113 80.5 193.5t193.5 80.5q102 0 180 -67q45 183 194 300t338 117q149 0 275 -73.5t199.5 -199.5t73.5 -275q0 -66 -14 -122q135 -33 221 -142.5t86 -247.5z" />
-<glyph unicode="&#xf214;" d="M0 1536h1536v-1392l-776 -338l-760 338v1392zM1436 209v926h-1336v-926l661 -294zM1436 1235v201h-1336v-201h1336zM181 937v-115h-37v115h37zM181 789v-115h-37v115h37zM181 641v-115h-37v115h37zM181 493v-115h-37v115h37zM181 345v-115h-37v115h37zM207 202l15 34 l105 -47l-15 -33zM343 142l15 34l105 -46l-15 -34zM478 82l15 34l105 -46l-15 -34zM614 23l15 33l104 -46l-15 -34zM797 10l105 46l15 -33l-105 -47zM932 70l105 46l15 -34l-105 -46zM1068 130l105 46l15 -34l-105 -46zM1203 189l105 47l15 -34l-105 -46zM259 1389v-36h-114 v36h114zM421 1389v-36h-115v36h115zM583 1389v-36h-115v36h115zM744 1389v-36h-114v36h114zM906 1389v-36h-114v36h114zM1068 1389v-36h-115v36h115zM1230 1389v-36h-115v36h115zM1391 1389v-36h-114v36h114zM181 1049v-79h-37v115h115v-36h-78zM421 1085v-36h-115v36h115z M583 1085v-36h-115v36h115zM744 1085v-36h-114v36h114zM906 1085v-36h-114v36h114zM1068 1085v-36h-115v36h115zM1230 1085v-36h-115v36h115zM1355 970v79h-78v36h115v-115h-37zM1355 822v115h37v-115h-37zM1355 674v115h37v-115h-37zM1355 526v115h37v-115h-37zM1355 378 v115h37v-115h-37zM1355 230v115h37v-115h-37zM760 265q-129 0 -221 91.5t-92 221.5q0 129 92 221t221 92q130 0 221.5 -92t91.5 -221q0 -130 -91.5 -221.5t-221.5 -91.5zM595 646q0 -36 19.5 -56.5t49.5 -25t64 -7t64 -2t49.5 -9t19.5 -30.5q0 -49 -112 -49q-97 0 -123 51 h-3l-31 -63q67 -42 162 -42q29 0 56.5 5t55.5 16t45.5 33t17.5 53q0 46 -27.5 69.5t-67.5 27t-79.5 3t-67 5t-27.5 25.5q0 21 20.5 33t40.5 15t41 3q34 0 70.5 -11t51.5 -34h3l30 58q-3 1 -21 8.5t-22.5 9t-19.5 7t-22 7t-20 4.5t-24 4t-23 1q-29 0 -56.5 -5t-54 -16.5 t-43 -34t-16.5 -53.5z" />
-<glyph unicode="&#xf215;" horiz-adv-x="2048" d="M863 504q0 112 -79.5 191.5t-191.5 79.5t-191 -79.5t-79 -191.5t79 -191t191 -79t191.5 79t79.5 191zM1726 505q0 112 -79 191t-191 79t-191.5 -79t-79.5 -191q0 -113 79.5 -192t191.5 -79t191 79.5t79 191.5zM2048 1314v-1348q0 -44 -31.5 -75.5t-76.5 -31.5h-1832 q-45 0 -76.5 31.5t-31.5 75.5v1348q0 44 31.5 75.5t76.5 31.5h431q44 0 76 -31.5t32 -75.5v-161h754v161q0 44 32 75.5t76 31.5h431q45 0 76.5 -31.5t31.5 -75.5z" />
-<glyph unicode="&#xf216;" horiz-adv-x="2048" d="M1430 953zM1690 749q148 0 253 -98.5t105 -244.5q0 -157 -109 -261.5t-267 -104.5q-85 0 -162 27.5t-138 73.5t-118 106t-109 126.5t-103.5 132.5t-108.5 126t-117 106t-136 73.5t-159 27.5q-154 0 -251.5 -91.5t-97.5 -244.5q0 -157 104 -250t263 -93q100 0 208 37.5 t193 98.5q5 4 21 18.5t30 24t22 9.5q14 0 24.5 -10.5t10.5 -24.5q0 -24 -60 -77q-101 -88 -234.5 -142t-260.5 -54q-133 0 -245.5 58t-180 165t-67.5 241q0 205 141.5 341t347.5 136q120 0 226.5 -43.5t185.5 -113t151.5 -153t139 -167.5t133.5 -153.5t149.5 -113 t172.5 -43.5q102 0 168.5 61.5t66.5 162.5q0 95 -64.5 159t-159.5 64q-30 0 -81.5 -18.5t-68.5 -18.5q-20 0 -35.5 15t-15.5 35q0 18 8.5 57t8.5 59q0 159 -107.5 263t-266.5 104q-58 0 -111.5 -18.5t-84 -40.5t-55.5 -40.5t-33 -18.5q-15 0 -25.5 10.5t-10.5 25.5 q0 19 25 46q59 67 147 103.5t182 36.5q191 0 318 -125.5t127 -315.5q0 -37 -4 -66q57 15 115 15z" />
-<glyph unicode="&#xf217;" horiz-adv-x="1664" d="M1216 832q0 26 -19 45t-45 19h-128v128q0 26 -19 45t-45 19t-45 -19t-19 -45v-128h-128q-26 0 -45 -19t-19 -45t19 -45t45 -19h128v-128q0 -26 19 -45t45 -19t45 19t19 45v128h128q26 0 45 19t19 45zM640 0q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5 t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1536 0q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1664 1088v-512q0 -24 -16 -42.5t-41 -21.5l-1044 -122q1 -7 4.5 -21.5t6 -26.5t2.5 -22q0 -16 -24 -64h920 q26 0 45 -19t19 -45t-19 -45t-45 -19h-1024q-26 0 -45 19t-19 45q0 14 11 39.5t29.5 59.5t20.5 38l-177 823h-204q-26 0 -45 19t-19 45t19 45t45 19h256q16 0 28.5 -6.5t20 -15.5t13 -24.5t7.5 -26.5t5.5 -29.5t4.5 -25.5h1201q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf218;" horiz-adv-x="1792" d="M1280 832q0 26 -19 45t-45 19t-45 -19l-147 -146v293q0 26 -19 45t-45 19t-45 -19t-19 -45v-293l-147 146q-19 19 -45 19t-45 -19t-19 -45t19 -45l256 -256q19 -19 45 -19t45 19l256 256q19 19 19 45zM640 0q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5 t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1536 0q0 -53 -37.5 -90.5t-90.5 -37.5t-90.5 37.5t-37.5 90.5t37.5 90.5t90.5 37.5t90.5 -37.5t37.5 -90.5zM1664 1088v-512q0 -24 -16 -42.5t-41 -21.5l-1044 -122q1 -7 4.5 -21.5t6 -26.5t2.5 -22q0 -16 -24 -64h920 q26 0 45 -19t19 -45t-19 -45t-45 -19h-1024q-26 0 -45 19t-19 45q0 14 11 39.5t29.5 59.5t20.5 38l-177 823h-204q-26 0 -45 19t-19 45t19 45t45 19h256q16 0 28.5 -6.5t20 -15.5t13 -24.5t7.5 -26.5t5.5 -29.5t4.5 -25.5h1201q26 0 45 -19t19 -45z" />
-<glyph unicode="&#xf219;" horiz-adv-x="2048" d="M212 768l623 -665l-300 665h-323zM1024 -4l349 772h-698zM538 896l204 384h-262l-288 -384h346zM1213 103l623 665h-323zM683 896h682l-204 384h-274zM1510 896h346l-288 384h-262zM1651 1382l384 -512q14 -18 13 -41.5t-17 -40.5l-960 -1024q-18 -20 -47 -20t-47 20 l-960 1024q-16 17 -17 40.5t13 41.5l384 512q18 26 51 26h1152q33 0 51 -26z" />
-<glyph unicode="&#xf21a;" horiz-adv-x="2048" d="M1811 -19q19 19 45 19t45 -19l128 -128l-90 -90l-83 83l-83 -83q-18 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83 q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-128 128l90 90l83 -83l83 83q19 19 45 19t45 -19l83 -83l83 83q19 19 45 19t45 -19l83 -83l83 83q19 19 45 19t45 -19l83 -83l83 83q19 19 45 19t45 -19l83 -83l83 83q19 19 45 19t45 -19l83 -83l83 83 q19 19 45 19t45 -19l83 -83zM237 19q-19 -19 -45 -19t-45 19l-128 128l90 90l83 -82l83 82q19 19 45 19t45 -19l83 -82l64 64v293l-210 314q-17 26 -7 56.5t40 40.5l177 58v299h128v128h256v128h256v-128h256v-128h128v-299l177 -58q30 -10 40 -40.5t-7 -56.5l-210 -314 v-293l19 18q19 19 45 19t45 -19l83 -82l83 82q19 19 45 19t45 -19l128 -128l-90 -90l-83 83l-83 -83q-18 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83l-83 -83 q-19 -19 -45 -19t-45 19l-83 83l-83 -83q-19 -19 -45 -19t-45 19l-83 83zM640 1152v-128l384 128l384 -128v128h-128v128h-512v-128h-128z" />
-<glyph unicode="&#xf21b;" d="M576 0l96 448l-96 128l-128 64zM832 0l128 640l-128 -64l-96 -128zM992 1010q-2 4 -4 6q-10 8 -96 8q-70 0 -167 -19q-7 -2 -21 -2t-21 2q-97 19 -167 19q-86 0 -96 -8q-2 -2 -4 -6q2 -18 4 -27q2 -3 7.5 -6.5t7.5 -10.5q2 -4 7.5 -20.5t7 -20.5t7.5 -17t8.5 -17t9 -14 t12 -13.5t14 -9.5t17.5 -8t20.5 -4t24.5 -2q36 0 59 12.5t32.5 30t14.5 34.5t11.5 29.5t17.5 12.5h12q11 0 17.5 -12.5t11.5 -29.5t14.5 -34.5t32.5 -30t59 -12.5q13 0 24.5 2t20.5 4t17.5 8t14 9.5t12 13.5t9 14t8.5 17t7.5 17t7 20.5t7.5 20.5q2 7 7.5 10.5t7.5 6.5 q2 9 4 27zM1408 131q0 -121 -73 -190t-194 -69h-874q-121 0 -194 69t-73 190q0 61 4.5 118t19 125.5t37.5 123.5t63.5 103.5t93.5 74.5l-90 220h214q-22 64 -22 128q0 12 2 32q-194 40 -194 96q0 57 210 99q17 62 51.5 134t70.5 114q32 37 76 37q30 0 84 -31t84 -31t84 31 t84 31q44 0 76 -37q36 -42 70.5 -114t51.5 -134q210 -42 210 -99q0 -56 -194 -96q7 -81 -20 -160h214l-82 -225q63 -33 107.5 -96.5t65.5 -143.5t29 -151.5t8 -148.5z" />
-<glyph unicode="&#xf21c;" horiz-adv-x="2304" d="M2301 500q12 -103 -22 -198.5t-99 -163.5t-158.5 -106t-196.5 -31q-161 11 -279.5 125t-134.5 274q-12 111 27.5 210.5t118.5 170.5l-71 107q-96 -80 -151 -194t-55 -244q0 -27 -18.5 -46.5t-45.5 -19.5h-256h-69q-23 -164 -149 -274t-294 -110q-185 0 -316.5 131.5 t-131.5 316.5t131.5 316.5t316.5 131.5q76 0 152 -27l24 45q-123 110 -304 110h-64q-26 0 -45 19t-19 45t19 45t45 19h128q78 0 145 -13.5t116.5 -38.5t71.5 -39.5t51 -36.5h512h115l-85 128h-222q-30 0 -49 22.5t-14 52.5q4 23 23 38t43 15h253q33 0 53 -28l70 -105 l114 114q19 19 46 19h101q26 0 45 -19t19 -45v-128q0 -26 -19 -45t-45 -19h-179l115 -172q131 63 275 36q143 -26 244 -134.5t118 -253.5zM448 128q115 0 203 72.5t111 183.5h-314q-35 0 -55 31q-18 32 -1 63l147 277q-47 13 -91 13q-132 0 -226 -94t-94 -226t94 -226 t226 -94zM1856 128q132 0 226 94t94 226t-94 226t-226 94q-60 0 -121 -24l174 -260q15 -23 10 -49t-27 -40q-15 -11 -36 -11q-35 0 -53 29l-174 260q-93 -95 -93 -225q0 -132 94 -226t226 -94z" />
-<glyph unicode="&#xf21d;" d="M1408 0q0 -63 -61.5 -113.5t-164 -81t-225 -46t-253.5 -15.5t-253.5 15.5t-225 46t-164 81t-61.5 113.5q0 49 33 88.5t91 66.5t118 44.5t131 29.5q26 5 48 -10.5t26 -41.5q5 -26 -10.5 -48t-41.5 -26q-58 -10 -106 -23.5t-76.5 -25.5t-48.5 -23.5t-27.5 -19.5t-8.5 -12 q3 -11 27 -26.5t73 -33t114 -32.5t160.5 -25t201.5 -10t201.5 10t160.5 25t114 33t73 33.5t27 27.5q-1 4 -8.5 11t-27.5 19t-48.5 23.5t-76.5 25t-106 23.5q-26 4 -41.5 26t-10.5 48q4 26 26 41.5t48 10.5q71 -12 131 -29.5t118 -44.5t91 -66.5t33 -88.5zM1024 896v-384 q0 -26 -19 -45t-45 -19h-64v-384q0 -26 -19 -45t-45 -19h-256q-26 0 -45 19t-19 45v384h-64q-26 0 -45 19t-19 45v384q0 53 37.5 90.5t90.5 37.5h384q53 0 90.5 -37.5t37.5 -90.5zM928 1280q0 -93 -65.5 -158.5t-158.5 -65.5t-158.5 65.5t-65.5 158.5t65.5 158.5t158.5 65.5 t158.5 -65.5t65.5 -158.5z" />
-<glyph unicode="&#xf21e;" horiz-adv-x="1792" d="M1280 512h305q-5 -6 -10 -10.5t-9 -7.5l-3 -4l-623 -600q-18 -18 -44 -18t-44 18l-624 602q-5 2 -21 20h369q22 0 39.5 13.5t22.5 34.5l70 281l190 -667q6 -20 23 -33t39 -13q21 0 38 13t23 33l146 485l56 -112q18 -35 57 -35zM1792 940q0 -145 -103 -300h-369l-111 221 q-8 17 -25.5 27t-36.5 8q-45 -5 -56 -46l-129 -430l-196 686q-6 20 -23.5 33t-39.5 13t-39 -13.5t-22 -34.5l-116 -464h-423q-103 155 -103 300q0 220 127 344t351 124q62 0 126.5 -21.5t120 -58t95.5 -68.5t76 -68q36 36 76 68t95.5 68.5t120 58t126.5 21.5q224 0 351 -124 t127 -344z" />
-<glyph unicode="&#xf221;" horiz-adv-x="1280" d="M1152 960q0 -221 -147.5 -384.5t-364.5 -187.5v-260h224q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-224v-224q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v224h-224q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h224v260q-150 16 -271.5 103t-186 224t-52.5 292 q11 134 80.5 249t182 188t245.5 88q170 19 319 -54t236 -212t87 -306zM128 960q0 -185 131.5 -316.5t316.5 -131.5t316.5 131.5t131.5 316.5t-131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5z" />
-<glyph unicode="&#xf222;" horiz-adv-x="1792" d="M1280 1504q0 14 9 23t23 9h416q26 0 45 -19t19 -45v-416q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v262l-419 -420q87 -104 129.5 -236.5t30.5 -276.5q-22 -250 -200.5 -431t-428.5 -206q-163 -17 -314 39.5t-256.5 162t-162 256.5t-39.5 314q25 250 206 428.5 t431 200.5q144 12 276.5 -30.5t236.5 -129.5l419 419h-261q-14 0 -23 9t-9 23v64zM704 -128q117 0 223.5 45.5t184 123t123 184t45.5 223.5t-45.5 223.5t-123 184t-184 123t-223.5 45.5t-223.5 -45.5t-184 -123t-123 -184t-45.5 -223.5t45.5 -223.5t123 -184t184 -123 t223.5 -45.5z" />
-<glyph unicode="&#xf223;" horiz-adv-x="1280" d="M830 1220q145 -72 233.5 -210.5t88.5 -305.5q0 -221 -147.5 -384.5t-364.5 -187.5v-132h96q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-96v-96q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v96h-96q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h96v132q-217 24 -364.5 187.5 t-147.5 384.5q0 167 88.5 305.5t233.5 210.5q-165 96 -228 273q-6 16 3.5 29.5t26.5 13.5h69q21 0 29 -20q44 -106 140 -171t214 -65t214 65t140 171q8 20 37 20h61q17 0 26.5 -13.5t3.5 -29.5q-63 -177 -228 -273zM576 256q185 0 316.5 131.5t131.5 316.5t-131.5 316.5 t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5z" />
-<glyph unicode="&#xf224;" d="M1024 1504q0 14 9 23t23 9h288q26 0 45 -19t19 -45v-288q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v134l-254 -255q126 -158 126 -359q0 -221 -147.5 -384.5t-364.5 -187.5v-132h96q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-96v-96q0 -14 -9 -23t-23 -9h-64 q-14 0 -23 9t-9 23v96h-96q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h96v132q-149 16 -270.5 103t-186.5 223.5t-53 291.5q16 204 160 353.5t347 172.5q118 14 228 -19t198 -103l255 254h-134q-14 0 -23 9t-9 23v64zM576 256q185 0 316.5 131.5t131.5 316.5t-131.5 316.5 t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5z" />
-<glyph unicode="&#xf225;" horiz-adv-x="1792" d="M1280 1504q0 14 9 23t23 9h288q26 0 45 -19t19 -45v-288q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v134l-254 -255q126 -158 126 -359q0 -221 -147.5 -384.5t-364.5 -187.5v-132h96q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-96v-96q0 -14 -9 -23t-23 -9h-64 q-14 0 -23 9t-9 23v96h-96q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h96v132q-217 24 -364.5 187.5t-147.5 384.5q0 201 126 359l-52 53l-101 -111q-9 -10 -22 -10.5t-23 7.5l-48 44q-10 8 -10.5 21.5t8.5 23.5l105 115l-111 112v-134q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9 t-9 23v288q0 26 19 45t45 19h288q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-133l106 -107l86 94q9 10 22 10.5t23 -7.5l48 -44q10 -8 10.5 -21.5t-8.5 -23.5l-90 -99l57 -56q158 126 359 126t359 -126l255 254h-134q-14 0 -23 9t-9 23v64zM832 256q185 0 316.5 131.5 t131.5 316.5t-131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5z" />
-<glyph unicode="&#xf226;" horiz-adv-x="1792" d="M1790 1007q12 -155 -52.5 -292t-186 -224t-271.5 -103v-260h224q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-224v-224q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v224h-512v-224q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v224h-224q-14 0 -23 9t-9 23v64q0 14 9 23 t23 9h224v260q-150 16 -271.5 103t-186 224t-52.5 292q17 206 164.5 356.5t352.5 169.5q206 21 377 -94q171 115 377 94q205 -19 352.5 -169.5t164.5 -356.5zM896 647q128 131 128 313t-128 313q-128 -131 -128 -313t128 -313zM576 512q115 0 218 57q-154 165 -154 391 q0 224 154 391q-103 57 -218 57q-185 0 -316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5zM1152 128v260q-137 15 -256 94q-119 -79 -256 -94v-260h512zM1216 512q185 0 316.5 131.5t131.5 316.5t-131.5 316.5t-316.5 131.5q-115 0 -218 -57q154 -167 154 -391 q0 -226 -154 -391q103 -57 218 -57z" />
-<glyph unicode="&#xf227;" horiz-adv-x="1920" d="M1536 1120q0 14 9 23t23 9h288q26 0 45 -19t19 -45v-288q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v134l-254 -255q76 -95 107.5 -214t9.5 -247q-31 -182 -166 -312t-318 -156q-210 -29 -384.5 80t-241.5 300q-117 6 -221 57.5t-177.5 133t-113.5 192.5t-32 230 q9 135 78 252t182 191.5t248 89.5q118 14 227.5 -19t198.5 -103l255 254h-134q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h288q26 0 45 -19t19 -45v-288q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v134l-254 -255q59 -74 93 -169q182 -9 328 -124l255 254h-134q-14 0 -23 9 t-9 23v64zM1024 704q0 20 -4 58q-162 -25 -271 -150t-109 -292q0 -20 4 -58q162 25 271 150t109 292zM128 704q0 -168 111 -294t276 -149q-3 29 -3 59q0 210 135 369.5t338 196.5q-53 120 -163.5 193t-245.5 73q-185 0 -316.5 -131.5t-131.5 -316.5zM1088 -128 q185 0 316.5 131.5t131.5 316.5q0 168 -111 294t-276 149q3 -29 3 -59q0 -210 -135 -369.5t-338 -196.5q53 -120 163.5 -193t245.5 -73z" />
-<glyph unicode="&#xf228;" horiz-adv-x="2048" d="M1664 1504q0 14 9 23t23 9h288q26 0 45 -19t19 -45v-288q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v134l-254 -255q76 -95 107.5 -214t9.5 -247q-32 -180 -164.5 -310t-313.5 -157q-223 -34 -409 90q-117 -78 -256 -93v-132h96q14 0 23 -9t9 -23v-64q0 -14 -9 -23 t-23 -9h-96v-96q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v96h-96q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h96v132q-155 17 -279.5 109.5t-187 237.5t-39.5 307q25 187 159.5 322.5t320.5 164.5q224 34 410 -90q146 97 320 97q201 0 359 -126l255 254h-134q-14 0 -23 9 t-9 23v64zM896 391q128 131 128 313t-128 313q-128 -131 -128 -313t128 -313zM128 704q0 -185 131.5 -316.5t316.5 -131.5q117 0 218 57q-154 167 -154 391t154 391q-101 57 -218 57q-185 0 -316.5 -131.5t-131.5 -316.5zM1216 256q185 0 316.5 131.5t131.5 316.5 t-131.5 316.5t-316.5 131.5q-117 0 -218 -57q154 -167 154 -391t-154 -391q101 -57 218 -57z" />
-<glyph unicode="&#xf229;" horiz-adv-x="1792" d="M1728 1536q26 0 45 -19t19 -45v-416q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v262l-229 -230l156 -156q9 -10 9 -23t-9 -22l-46 -46q-9 -9 -22 -9t-23 9l-156 157l-99 -100q87 -104 129.5 -236.5t30.5 -276.5q-22 -250 -200.5 -431t-428.5 -206q-163 -17 -314 39.5 t-256.5 162t-162 256.5t-39.5 314q25 250 206 428.5t431 200.5q144 12 276.5 -30.5t236.5 -129.5l99 99l-156 156q-9 10 -9 23t9 22l46 46q9 9 22 9t23 -9l156 -156l229 229h-261q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h416zM1280 448q0 117 -45.5 223.5t-123 184t-184 123 t-223.5 45.5t-223.5 -45.5t-184 -123t-123 -184t-45.5 -223.5t45.5 -223.5t123 -184t184 -123t223.5 -45.5t223.5 45.5t184 123t123 184t45.5 223.5z" />
-<glyph unicode="&#xf22a;" horiz-adv-x="1280" d="M640 892q217 -24 364.5 -187.5t147.5 -384.5q0 -167 -87 -306t-236 -212t-319 -54q-133 15 -245.5 88t-182 188t-80.5 249q-12 155 52.5 292t186 224t271.5 103v132h-160q-14 0 -23 9t-9 23v64q0 14 9 23t23 9h160v165l-92 -92q-10 -9 -23 -9t-22 9l-46 46q-9 9 -9 22 t9 23l202 201q19 19 45 19t45 -19l202 -201q9 -10 9 -23t-9 -22l-46 -46q-9 -9 -22 -9t-23 9l-92 92v-165h160q14 0 23 -9t9 -23v-64q0 -14 -9 -23t-23 -9h-160v-132zM576 -128q185 0 316.5 131.5t131.5 316.5t-131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5 t131.5 -316.5t316.5 -131.5z" />
-<glyph unicode="&#xf22b;" horiz-adv-x="2048" d="M2029 685q19 -19 19 -45t-19 -45l-294 -294q-9 -10 -22.5 -10t-22.5 10l-45 45q-10 9 -10 22.5t10 22.5l185 185h-294v-224q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v224h-131q-12 -119 -67 -226t-139 -183.5t-196.5 -121.5t-234.5 -45q-180 0 -330.5 91t-234.5 247 t-74 337q8 162 94 300t226.5 219.5t302.5 85.5q166 4 310.5 -71.5t235.5 -208.5t107 -296h131v224q0 14 9 23t23 9h64q14 0 23 -9t9 -23v-224h294l-185 185q-10 9 -10 22.5t10 22.5l45 45q9 10 22.5 10t22.5 -10zM640 128q104 0 198.5 40.5t163.5 109.5t109.5 163.5 t40.5 198.5t-40.5 198.5t-109.5 163.5t-163.5 109.5t-198.5 40.5t-198.5 -40.5t-163.5 -109.5t-109.5 -163.5t-40.5 -198.5t40.5 -198.5t109.5 -163.5t163.5 -109.5t198.5 -40.5z" />
-<glyph unicode="&#xf22c;" horiz-adv-x="1280" d="M1152 960q0 -221 -147.5 -384.5t-364.5 -187.5v-612q0 -14 -9 -23t-23 -9h-64q-14 0 -23 9t-9 23v612q-217 24 -364.5 187.5t-147.5 384.5q0 117 45.5 223.5t123 184t184 123t223.5 45.5t223.5 -45.5t184 -123t123 -184t45.5 -223.5zM576 512q185 0 316.5 131.5 t131.5 316.5t-131.5 316.5t-316.5 131.5t-316.5 -131.5t-131.5 -316.5t131.5 -316.5t316.5 -131.5z" />
-<glyph unicode="&#xf22d;" horiz-adv-x="1792" />
-<glyph unicode="&#xf22e;" horiz-adv-x="1792" />
-<glyph unicode="&#xf22f;" horiz-adv-x="1792" />
-<glyph unicode="&#xf230;" d="M1451 1408q35 0 60 -25t25 -60v-1366q0 -35 -25 -60t-60 -25h-391v595h199l30 232h-229v148q0 56 23.5 84t91.5 28l122 1v207q-63 9 -178 9q-136 0 -217.5 -80t-81.5 -226v-171h-200v-232h200v-595h-735q-35 0 -60 25t-25 60v1366q0 35 25 60t60 25h1366z" />
-<glyph unicode="&#xf231;" horiz-adv-x="1280" d="M0 939q0 108 37.5 203.5t103.5 166.5t152 123t185 78t202 26q158 0 294 -66.5t221 -193.5t85 -287q0 -96 -19 -188t-60 -177t-100 -149.5t-145 -103t-189 -38.5q-68 0 -135 32t-96 88q-10 -39 -28 -112.5t-23.5 -95t-20.5 -71t-26 -71t-32 -62.5t-46 -77.5t-62 -86.5 l-14 -5l-9 10q-15 157 -15 188q0 92 21.5 206.5t66.5 287.5t52 203q-32 65 -32 169q0 83 52 156t132 73q61 0 95 -40.5t34 -102.5q0 -66 -44 -191t-44 -187q0 -63 45 -104.5t109 -41.5q55 0 102 25t78.5 68t56 95t38 110.5t20 111t6.5 99.5q0 173 -109.5 269.5t-285.5 96.5 q-200 0 -334 -129.5t-134 -328.5q0 -44 12.5 -85t27 -65t27 -45.5t12.5 -30.5q0 -28 -15 -73t-37 -45q-2 0 -17 3q-51 15 -90.5 56t-61 94.5t-32.5 108t-11 106.5z" />
-<glyph unicode="&#xf232;" d="M985 562q13 0 97.5 -44t89.5 -53q2 -5 2 -15q0 -33 -17 -76q-16 -39 -71 -65.5t-102 -26.5q-57 0 -190 62q-98 45 -170 118t-148 185q-72 107 -71 194v8q3 91 74 158q24 22 52 22q6 0 18 -1.5t19 -1.5q19 0 26.5 -6.5t15.5 -27.5q8 -20 33 -88t25 -75q0 -21 -34.5 -57.5 t-34.5 -46.5q0 -7 5 -15q34 -73 102 -137q56 -53 151 -101q12 -7 22 -7q15 0 54 48.5t52 48.5zM782 32q127 0 243.5 50t200.5 134t134 200.5t50 243.5t-50 243.5t-134 200.5t-200.5 134t-243.5 50t-243.5 -50t-200.5 -134t-134 -200.5t-50 -243.5q0 -203 120 -368l-79 -233 l242 77q158 -104 345 -104zM782 1414q153 0 292.5 -60t240.5 -161t161 -240.5t60 -292.5t-60 -292.5t-161 -240.5t-240.5 -161t-292.5 -60q-195 0 -365 94l-417 -134l136 405q-108 178 -108 389q0 153 60 292.5t161 240.5t240.5 161t292.5 60z" />
-<glyph unicode="&#xf233;" horiz-adv-x="1792" d="M128 128h1024v128h-1024v-128zM128 640h1024v128h-1024v-128zM1696 192q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM128 1152h1024v128h-1024v-128zM1696 704q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM1696 1216 q0 40 -28 68t-68 28t-68 -28t-28 -68t28 -68t68 -28t68 28t28 68zM1792 384v-384h-1792v384h1792zM1792 896v-384h-1792v384h1792zM1792 1408v-384h-1792v384h1792z" />
-<glyph unicode="&#xf234;" horiz-adv-x="2048" d="M704 640q-159 0 -271.5 112.5t-112.5 271.5t112.5 271.5t271.5 112.5t271.5 -112.5t112.5 -271.5t-112.5 -271.5t-271.5 -112.5zM1664 512h352q13 0 22.5 -9.5t9.5 -22.5v-192q0 -13 -9.5 -22.5t-22.5 -9.5h-352v-352q0 -13 -9.5 -22.5t-22.5 -9.5h-192q-13 0 -22.5 9.5 t-9.5 22.5v352h-352q-13 0 -22.5 9.5t-9.5 22.5v192q0 13 9.5 22.5t22.5 9.5h352v352q0 13 9.5 22.5t22.5 9.5h192q13 0 22.5 -9.5t9.5 -22.5v-352zM928 288q0 -52 38 -90t90 -38h256v-238q-68 -50 -171 -50h-874q-121 0 -194 69t-73 190q0 53 3.5 103.5t14 109t26.5 108.5 t43 97.5t62 81t85.5 53.5t111.5 20q19 0 39 -17q79 -61 154.5 -91.5t164.5 -30.5t164.5 30.5t154.5 91.5q20 17 39 17q132 0 217 -96h-223q-52 0 -90 -38t-38 -90v-192z" />
-<glyph unicode="&#xf235;" horiz-adv-x="2048" d="M704 640q-159 0 -271.5 112.5t-112.5 271.5t112.5 271.5t271.5 112.5t271.5 -112.5t112.5 -271.5t-112.5 -271.5t-271.5 -112.5zM1781 320l249 -249q9 -9 9 -23q0 -13 -9 -22l-136 -136q-9 -9 -22 -9q-14 0 -23 9l-249 249l-249 -249q-9 -9 -23 -9q-13 0 -22 9l-136 136 q-9 9 -9 22q0 14 9 23l249 249l-249 249q-9 9 -9 23q0 13 9 22l136 136q9 9 22 9q14 0 23 -9l249 -249l249 249q9 9 23 9q13 0 22 -9l136 -136q9 -9 9 -22q0 -14 -9 -23zM1283 320l-181 -181q-37 -37 -37 -91q0 -53 37 -90l83 -83q-21 -3 -44 -3h-874q-121 0 -194 69 t-73 190q0 53 3.5 103.5t14 109t26.5 108.5t43 97.5t62 81t85.5 53.5t111.5 20q19 0 39 -17q154 -122 319 -122t319 122q20 17 39 17q28 0 57 -6q-28 -27 -41 -50t-13 -56q0 -54 37 -91z" />
-<glyph unicode="&#xf236;" horiz-adv-x="2048" d="M256 512h1728q26 0 45 -19t19 -45v-448h-256v256h-1536v-256h-256v1216q0 26 19 45t45 19h128q26 0 45 -19t19 -45v-704zM832 832q0 106 -75 181t-181 75t-181 -75t-75 -181t75 -181t181 -75t181 75t75 181zM2048 576v64q0 159 -112.5 271.5t-271.5 112.5h-704 q-26 0 -45 -19t-19 -45v-384h1152z" />
-<glyph unicode="&#xf237;" d="M1536 1536l-192 -448h192v-192h-274l-55 -128h329v-192h-411l-357 -832l-357 832h-411v192h329l-55 128h-274v192h192l-192 448h256l323 -768h378l323 768h256zM768 320l108 256h-216z" />
-<glyph unicode="&#xf238;" d="M1088 1536q185 0 316.5 -93.5t131.5 -226.5v-896q0 -130 -125.5 -222t-305.5 -97l213 -202q16 -15 8 -35t-30 -20h-1056q-22 0 -30 20t8 35l213 202q-180 5 -305.5 97t-125.5 222v896q0 133 131.5 226.5t316.5 93.5h640zM768 192q80 0 136 56t56 136t-56 136t-136 56 t-136 -56t-56 -136t56 -136t136 -56zM1344 768v512h-1152v-512h1152z" />
-<glyph unicode="&#xf239;" d="M1088 1536q185 0 316.5 -93.5t131.5 -226.5v-896q0 -130 -125.5 -222t-305.5 -97l213 -202q16 -15 8 -35t-30 -20h-1056q-22 0 -30 20t8 35l213 202q-180 5 -305.5 97t-125.5 222v896q0 133 131.5 226.5t316.5 93.5h640zM288 224q66 0 113 47t47 113t-47 113t-113 47 t-113 -47t-47 -113t47 -113t113 -47zM704 768v512h-544v-512h544zM1248 224q66 0 113 47t47 113t-47 113t-113 47t-113 -47t-47 -113t47 -113t113 -47zM1408 768v512h-576v-512h576z" />
-<glyph unicode="&#xf23a;" horiz-adv-x="1792" d="M1792 204v-209h-642v209h134v926h-6l-314 -1135h-243l-310 1135h-8v-926h135v-209h-538v209h69q21 0 43 19.5t22 37.5v881q0 18 -22 40t-43 22h-69v209h672l221 -821h6l223 821h670v-209h-71q-19 0 -41 -22t-22 -40v-881q0 -18 21.5 -37.5t41.5 -19.5h71z" />
-<glyph unicode="&#xf23b;" horiz-adv-x="1792" />
-<glyph unicode="&#xf23c;" horiz-adv-x="1792" />
-<glyph unicode="&#xf23d;" horiz-adv-x="1792" />
-<glyph unicode="&#xf23e;" horiz-adv-x="1792" />
-<glyph unicode="&#xf500;" horiz-adv-x="1792" />
-</font>
-</defs></svg> 
\ No newline at end of file
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.ttf b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.ttf
deleted file mode 100644
index ed9372f8ea0fbaa04f42630a48887e4b38945345..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 122092
zcmd4434B!5**|{Ix!dgfl1wJaOfpLr43K1!03i%vhk$H~0%AZ>1W{BF#BEfHg1Dg~
zwN;~5E8SkZ*k5bKH{JB@BDJlxn{VIPR@=8#3)a_G$lUzD&$%<nB!IU4y`SIb51D(<
zx%b?2&+?q-Jo}ZHBuOqQC&^Op?Agl~ZstGPhAVI37o9V6)@&)wTO^5Dkgqy(+4$z$
z+IHdzR)>7=1)JAy`JUYOIplAXB>t_7*Iu<{Xb3e)N)PT^F23}di`1q$<B?x3u`j;0
zVg1?*t#1Y&kl0tVxZkz`7hE6M>X6@od}71qtve>K^LHZuNj(0UOE14*ZP}4s-;vnA
z&qW=pH?Q5Xg&*KiiGBN1C?C6Q?dJ8(SMPcS`R_=QoZE8wRa^ga_4FwcdvT^D1s~qN
ze%(cx%a(srVz2!k<u&}Mx6;escdnrG50?Db1d)I9jkm=e2XZ0&IC6}S!%-1ADkN(S
z>~2Yw6lI@+5s`MAXMPnb-Ae^d_ixKJS6(G$rP%+V0YfOHiC3A2!ZR_E!?@AdN$4M4
zXU`!=si>r|KAbN^Evl4|Vp5-UNcw{G73l@(7cpCGeC+&qO-)rzZ*uUc>uA-{uA_^N
zt~q+y(HoB5dGz6<UpV@uqeqVZ=IA>|jbpB3RmYl+bsbxDY|XLDj@@wV&SMWB`@*s3
zj~zMon`7@BGv0N*TlH?&|45iaNxbE$;kQVm-Xb0K9E~5%9$kF2_vn_RxubU<?K}GP
z(f*?^A00S)^q6$ab1Zgj!m;eJ#m9P&Z8?@ZcK5NqV^1IJKlbvmfn!JCmEQHd8>hDn
z{ch;Oq4S2$9a=s#W2kw+{$GFiudn^){r^1ipU?iP+7tCuc*;Fxp0Fq633>t^zsKkC
zdK8cB;U4CZ+(T}|op%qqPq>e}KXCuu{Wtgf?*DPW=l-kvUH38fQTJcmZ#!uQ|DXJ0
zfUV-I7{@E=SNab(X=?xf@K4vuENaARD?e>x2<ZRCe+;n0@qY{Y>%pMNk}gT@ac^Aq
z#=Qfq-^gy^eOuJn@hzHkT)d+=Y$7v}hVi^1Nqbz)NtMV1bmomWhXPt{ye8G!))M!!
zRHn6ywZxmNnD%&M{x+74q*9T=935FUe_LasF0AIlbqRHLEpF$fRBH-<vcz{Z)`lxA
zmI^Udc!z{{G$P{-xOhzyZ|&kO&0()PI@{XT&e~d<Lz*;m!^JBv-Y^rVGcH+?ADvBA
z$ytY|u0xHT=xbio7z{Qpx)7%{FMm5frSyXQVs(oRXr+T71Z~Kn4Z0LZ=RH!4ehgi$
zNi!T0Dem#LC1Og*7sN1xl$`N_ai{SC)7h1>-qYHaFb;kBwY!WHhcCbUFjH9-Qx9K$
z9b1v)D8O{Hu#s!+NwKr98!2)5VdKPIuYK7#loTL2l+%G!q=+<CS|~|Lucj-yi#K9G
zSUQzVrM-a=#=6bh$(v-%fffveL*XiA3UBU`+uPc^Si9GpoQ#*I2LqLhC5`tUZpm(*
zz}SS%*_MZm_mVNcQ|)*9nW{M~$FolVz2AIUn_Sc06ksgS)Lt`Ld-<Df=jGOPAJ2BL
zS<|idcdv=bQljd}uEq%yCr)VGb)+hhmz;jTQpbH(uf?YNolk8&_=Gw!lJxnKk%{UP
z2OIC{J%Q)ebSqScImgtu9Pp>4U`U&k3|iP+#lu}PCX~ihez4V-zuQ*Z(>dN4=(_3h
z#fik?%Wvu$Fy6@Dlk@SFmc;oN-Z|s7zc<dyCKB0sjemdbKi|kdW!C+9%-w)ggA6M2
zqdJ<mq>3W|wB1i&+Me{cHHZBw#w23ge>MvS{6S-yF%1(M<YycAm3OfBU-x(VUuW-k
z$k&7-#>0j~cLpmRZ@uNH3~Da+9$QxtOj_r$7whYdN%O3<MhI@qcUuX1tt@HB<jYC5
z*pAaTL%D)A8!HbVHdeCcd2A=UhP^1-Re$<s@c^suVmBB!cNsr7R=xP5Y%4ai`9oSs
zZ3JXv?5m|TpsD~Ntz9aOe={w#Dpm4mv6QDRrsnovGkD;d{dzFgHhcY4YxlB`?f%%Z
zZtK+bv)f`p-ROVa_}1&Mv#wiq+<yCx%=&E?o<F0mG1G{@x*6wRxNW`s2lM{xl4Pef
zrPF)ec=LE^nslagzI3^CqjZ<_i1crgq-I)EjjTqiWP#8W2C)8!JoC1u1k@Ln0UJ~P
zr2I#e|ETwkT}&*OiU`bhnu8*xB6*2WpN!)ma>asb$&&`sBc(p7PAtO@#6r@rkg~=4
zQtZJ~CG!!E7pEcy9hH$HCq|NTX%S=O`l%~?_PBVrDi*QWhy;!-&L?4Ou@@B4O*tV<
z><z{IN8OjDo>oI@?dfUd;y99)bEmt*B|@V;t&EQRhb5W8(#)tkl31(){}kIk0*ew*
zfoSzqW+F}RnEcrL|J(Vo@8eQOozY*{(NV{;bR0?ZTxl*pDmVJx=-h{uEUl5n#B1rm
zeleWPk0j-hWXaW%<f#jkRAy5C*k;Gzh5z+g_{T?8#dr^jk(SZt6Qf3d^u5w@|KeDU
z8VZR?*GMkyR^>~A)4|@QYc=B;OSMj8*sQELR5R_?Xnx#n(Z$i*j04dqC0L5zO?mm<
z#o|`<Hnx%S(WvoDeh<o^-phvGQGLpOsTQnUz|FLpv=xW(sJh)cy8ci=w=&fyYBqjl
z{K~9}rI0GTjim~;{|Z;ddro)Pe1d8*=^2xzs>R+o6MHk(Rik;RNlj(gn`y;O0oul)
zIaJB85rLTyl$V4hc}mJlk^Ig9zY}E307#IL<S2S<LFRPy7#}$4Nvh<{5+d!HjSEgg
zq?Pu`ErliUt7CA%Ki2+yKQ*1BCI3vTMW_GamYTFlP6K5v)k_(ojJT%6K*wfUeeG?b
za7fc#XuY5Su#u*l80g1v$VWKa#Nb3{?>u7s-uMsW_eXX<y1(&~>X^G>-KHgb55IhP
z?~+aH8r-q!jSc%B&F6YH^x%)@K1n5a9%0c>ewB4^j=35eE{V;5^_mSRj;A(U^XmNA
zB@K<P*k<E-K0hz;IHx1gQXqT<{aZ>eNJ#-RMM!B5CDA(23}S~Npc$K|)|cKtDKGh4
z{Vtz4u-reF?kzs(yV4LzmPJkP=0%!Qnq4_aCzni@*t^F?Mx{)FR>XV&@9ENI$hW3y
zv_PntAPDPI$BYCpBehtgnvVa}3oO^PP75KGCJGkxJuWpdS~frs?ZvAtz!Ghs|HU$@
zW}$F9NNaEgL{__)9;yaAqDTi`IdI?=e!%1Sx<61m*JiD_JLGWf9XH<N)GL4E3bN?L
z`a5iHm;HvcZgJ1`Rk;3-)8nx}>ng9CVY5c=2|1mk3*TvVI~_MAMB#`Vg?WhHaDZ+8
zjU&XPZOP_y91&acPV1#%_ifEluk&l3;3lj6$~K$RVGph<Z=P7egHBPlscF&@hr{Mf
z+-2KTTG+O|#o{sxPl)oM*gFcethtX*k!DC21GdM^I@rchP%t*{2mc$WBEGeYu{cII
zuIZ|PG(2b$Fa_+?633_$CsoaG;D8=6r#P_Fq;rEgms^&zvfGvKW&IO$oAGU%E?@3*
z^{(k21U=PD5W+IE-HT{{U*w+6GA^GSD*+?dY0~*B`747xfO&6HnZM1-x%GZDWUy!1
zHQScSUlUFHbh5QI`Dp?-@Fox{Xcw!p<QMB-bPXLZ&}SJd3$+8#0A1J_(gbV7T?3Q~
z_&DedgNp^VYUGAMb45~&Pvg_re|1@$veT09$@e%MPD_`C+xU-S=fvI<i|N-k&SORl
zg>yvcvH_+r_A4XBr_Z-?olnpIyM=M<d|QQuuZTo`_-z^sW5ZWT4gir1$pL_`{NRAG
zZvkq9!}DR1W?|hMPo-H3atOi!aj*JZw63G>xS&<!TwQN;7u#WT7%w{51x9aOM_y8P
zMSJT`<cN;avM3szY1~%nV3QojeF}DZ)+YoX^lo!)2C)B(Ga-rq!Q7$1O%t+_JWVX-
zVxB4%Ym+=2*c3tm$OL2{5)&f~h)H05`;QyHIKF@XaaMPnU3tWK#8_iIa^whG%N}EE
z<pE<Dh6on&21=o<c!Hl_TJ*>fF^|oXq%Q(`^a9!?mXVtnu}!)h)I!8Ju|O?^0%=?(
z?nsw42nlL{E*L>>4Ivj%j4%fZhQg3utSDmv=d;cLD`P&#dk!CezbT(}`d9#$jib08
zU_NI)+Z17sS`q=a3|HK^@+6A5QG_iEBrNRF2#+cZyO`f;^eYaJ2VAk=$t1ckgyX!n
zE+ycP`knnW%l%FyPrTJ7q`069FwZ(T!z5%KQlfwhi)a6+X%B~*r_t(TA)V+LmI8W<
z7X%zZ2&7a~s>DdLlxlqv;DCw7)c*L^$)B8j8+*B~!}x}`+Q|Cad`7m~>uq2XAQL<i
zlNz2B@+ea(#bP6r_H7*<w{>uDeWj80`&oZweVX+P)+#ID)P$8X$bX3j0Nqw-*A(!m
z0#t%tNHur?Sh|=erIf&n(rYumX)m)I{cejT)Grne#^{H`FtdOENl?Rk9S-B0Rx8VT
z`~gOA<1+euytxF@4xa=%r)VqiA_mvoB2DQCQJU=ZZCz8+LK~ZgX0xpOCm-6>`vOKE
zHIViCTn-1DX0;mq9`?b9G!-%mLhgWZr&#%M2)yLDjLj<^j?*4r;40hwCN>WHL-G*o
zWHNgt-}wqotn+-9<-MuMaUiPlcWjx6oQ-5`@09bbY?Ikh!^0iC|1qPACXxNNYbviR
zuc;}||6*#%7`deil8{I=pS0<Mjcsqk*qmnBD}Ay2fZOZw#A5Mk9{bQm&!3p@Gy1I-
zf0E~texKjy|G|f?dNz!YNZ(`jKb@M!QnfWM4w|i{nf80&>MC#y%CLB{rCGt=57G_*
zZe$z0-s-*geXmG-ZGUB+?s3`oSea$B@%_(@kZSib|E8M(;i_b0BdNM{)!sb?5^ux#
zHg4T(DYxyqhlo1X!J<cYUcUY&ETUoh67)<$nj=;Lm*O=E5G*4C0B|1IW<_JgvM4TW
z@HgnnFr71%`J}jLdvi$r1Irp4jCb}Mf7x`CAImdBE6=}Y&R5p%{^M+W1HjSgFQ@+D
zD!Ny=_@dK4oju6>`&nSq&3KFrsN8tZ`0`~J-Q+i`NVWR+bkDu{O7DeXzwD>Sab@ow
z^MX@n4z>_o^QQ<DEp#}EM<v-+fr}~b49%g;7z%Z4ehh~o$`^MQA}pwUY2H6ZYE>Mv
zVVO$KWCVx>I#o)+{Xub0#z37ejY1^)H6_8LWWB6+xZ=N_B9%YY#gS|I7Fj$r*pJGU
zg{4AZvBs60pnt0|j&X1u5MdXfyFk%rTCx8UCm6zVCX!Xo7MboCv#>49607TwrT&cv
z4s0|A^8JM9InaIo*O<ll``7wA2rjb)KEf-t3%DFccp#$N0Aa`zRo%pEYfKR_t#hK8
zK{B@pfhgXd6@!~yuyKLfUtaO^2d7@Y`u2JK#!;^)lBy0)e(UR-p1mQ}+;-!6%bbyv
zD$PxuaM5@w@22Kv7A)A7SIaA0TgSDI+iy)p_?xk?t8&NWDgK7m1_CgwZ{Rx`iv`p|
zHwWQgfFqh`A~q`V!(z^~a!?pN7^tT0e3&#dQTSBi5jc8PP)%sL&cN40d(Ii5Qs-P<
zGqdt(h>O2u{QT+4nKf6>8M$}Pp3v6=ox2BEE9+sc1H1X&C-0jWU$!YmxLfcuuGpMT
z$NB5-W7;P_X&k?A-T98rIpVHKpvE>Wi%-1o$p={3OFMVIWc<<WS4@_a0nl&)Z(+MG
z(3>rBY&0Pmd$r&AvT<DCVT~=sQdRm+&<bY@u}*W?l^2?8kl-bz<V0O(oVqqh31}iQ
z09|rxlZ??JzUNf$V7aqq+uV^<SxrqD{ZbLPZT2Z%Z1@h|5>=BG!OCEH)6AxFoGX$l
zs8gsdfRn$DIh%vNogvMWHvKbg!uDTisnFAa-xkc9Xm80qaCiVjpNHc%>3sg#9<j4N
zv(M?MNToXh^Or4~ALvM@B2MQ%_8H@+PJn4zuhyFq*Y4eWZK4TDar3AD_$ag+M~wUw
zH5Ew*D&1|5f9>%$cV!?A=%4acqt&=^749U$ic=|%tYRM4%si_i<;aE;D6&c-eZD00
z5Tu8+gZA@7hEf6DKrOTbEn=+(YcqcQ;`lLeD)gVu3<*}a4&E(O>#g<1gDn}lPXAdB
z|KuE4FJe3B2W35uLsCAc<ZvN}j5z0Wd91p;xFk!smK$X3MkbzNxSr4PoFT50oEcAX
z6p<ymOh4*^hYn(IIJqBbNV?3vOo6^bYN_?M`2R0{)9^1ATT@;A5dONlZm6!FCjK6p
zHVuC_h`%+{rX60hhKfy_rsj^{q~7>1{RkJCd;0zApOMx{<2x*)C{RS;Ad1@%$RgGc
z<hWp?a&^)Ordu<~d?uBFT)r=pOYt8h6+7KrU}Q5%Balq;A0~4d*4NsTN#)y!$dZWX
zx?kT^co!s8AO1GgYy-GI;6x}8SuNq~k7@<WiN+<Gs@SVZYGE!j@DH>Py+Na+)p!Um
z<KItZ%x23&?}1Oe3vFHw3y`hA0N_c0yMg1<sdlKR+fwaaoCGzLAc@-O1a4_z9qdbU
z@i|??o&)v`tam!366@AXvYiyFEU<DVdF|r5kny(vs_BF47v2>u3uz2{B6kF}@HmUC
zaycpo8x*E1N<#6ESD1x!S4gvXo&G>P4XLq{e=vV>$ap6)=e)sBRM_pdvK{g#D%&h<
zoX%4x-c}qg-s>z^f=J~1kl1k26{Tj<+`+4}D>f~f(Wx}KEESqPP+?1LO4;fx_8Kj*
zrN-K%I&0O)wv?sTY6(Ovj$}Mt9%7no-7<gh>g}`Ko{HJk5&74lT6Y!gmx5X_h*~g{
z7*fE+11c~D>55r1gb*YJ5MnS0DnOT;K#2WX*%uDR)9JXsd_t`;$C#5CZ{~xrIj}lA
zYL5S{ro(B8v8Rl4;*?jd$O}~v;qsi=e`VmMfYb>gsfkR4+$UZHMN$C@k+n&o(N-h2
z=K}Xh^ta&j7_iSEeti%*<dmGrh(fSz(k=r|{}pF~j^TX}P#lcbWzW2V0Y9-^M_pgu
z<UO-SuhWmGaRn@N-<enN7zry5LU=JGT_M&=PR|LRISzTQB#{{gj4(hXl*&k^5Xcd9
zRWr$yqkH6e?;JYx&LMe#NT%aCIu5k>*JrqtS?_PjUpylDmU~g|&^vtIfsKQroQ&gb
z6X(pCc-x5_89JDD40t(ctm63T(qhb#+zi60J%zU`(6&#32+|+&Vdls@0SAya!5R?!
ziVniRxeJP4Y;H*nR85uKLQ+b)snu%yXP=4xXp%p*V(|Ms+&!Ts<#?NwEy!5pm*V^D
z-Dg(@-2T08jZHJMJ;tBX$}KEx30j?M*HUJ5Mb<~Bq<Un=C;#_kOHy7e|JdkKcz*Ee
zGj+SopRVQ`_$w~mh%GWcetyk=PCmoouGCU~#iw{&tg$w#Vt=+dES^WdCG*L~+vTBZ
zAGo!&)fce1Ok4#F378B5!>@%FJ=7BOwx*lFd+F$0K&xW1pdHaQkd=Bs^f@3fK$p_V
zG9Hv2&)O0|T2OPy!GKHF0X#SXs4z0Taeg=3QC~5u`}}#6=S3N37Oi2%(w*yCCSSO<
zyLqvN<$urJ`x3fcQz5`fWSUx3WgYwdE#Xz6*&n-Zbw~V+<z1NvUz)w`k*8LVdwSeP
z<1%-Qoq1*VxX!p&v1MLqwQQe%9)DGjOxwDA_9auI&gSp8RBVhi4Q^SZl(`*M$>{iC
zvns#ZXmMIqg)QTL7MZ;K`UR~kCQXi&)xL25g^ye`E2@RW`phY`J}1GhPoTK=wg^jS
zns~aMSW_T9(k<xdp~i6}iL|C;e$i2yXRr1^BI;y2H?p#+i~Roh7p|W?Vf`IZ)m3#@
z(&Espyy6-!4?%puyidtad!xN_Yjp3-mapA#7Ek+XyLH~m?X~4jyDDGIt*UC}>1JEf
z?H?bX?7T1k`f}^KrDwT)O2xQ#Ilv(aC0M;dm(kt|>3YmubBNSoB<_T?25ll$8=6Rh
z5r8U~Rhl9!p)LqJks|QabdX~_-6T^Vh;0oAU<RZWfgAND2!0_g1oCh5wsI015{y%K
zVZnpPz1quhU*LwoWc+;b#fwWbAN;t@@gn9daaV#RwJLkiWob|X3RlyW<(0C>$ux&w
zujJkfnis{aOi@)^-BSrwuIVv;KOM6ud(XYJ%&#%7$o2=~I|BZyc%;FVOGX}x;4i62
z#nhmr3{_xm8B?8h#<mPBu5>BmmRlFiViv2+8B>%c?Q8O1dDL_H+<36jQ)hFz84vhc
zn6)AnaW$~B*0cN8Z{ro=Xh3n4xt!ZC<`EwQQ%qwl3*E+A>3#@s3*(qj!l5yPn88L_
z7(_^#A%s8eICk+?(7#06W3w+ENk(Qvq%6VGX~IBf;(<^An=lx<G}N19P*ep&gkZci
zg=d$TV>=tdS801ZTsp8Wn^&D$b;III8>|cq?v&%ITV+`EV8j&r1NHBD%&}Fg9G&f1
zB@$7x?VS#%Ta^bTS%o@e%vFW1syAZHIppB6k|AF>n>jVk6?IAb!PfQ{9-DjWA@^+k
zw_86a>y;LL{@f*Ps-wd0*uFuG`SGFjxHdW15tQ4;rGts;TFz^$6Twqn6uiqAd4|xe
zmC7B)$|*i7uS3T40ob)v1O`<p684{vD5v5`0@mXqr{O5><>;P*W4}nzfnD?w$^S>~
zHq8}fG)A;rG)l!$Sn7xz$MJu=-DB+&J}N(Yyh}&BbgXe*wD_MM>3?XfKdOym?~iTs
z2)vZSPHFm|8s!g_(~Z>}Q`<=FZEAFyLu2!&g7?z$WABgc>)1S#p!guN_B00#_m7Kv
zYS!sLUQ&AWozhaJ>4D*T*;S`X4*qrcsxnfb<m#y(6MFbDxZ+Gucp!v9dXxExu)zIi
zN8_Z?$@!fwt1$qDM$8JqnTq@e7ze*o6U{y$j*7TanjR@550DuJJszcl|08==(q9RR
zhLihPkoyY~A95t?|8*aGse?i)=t2|KL;q|S`H?8qV48{`Wmv_i(4nL=r%qzZ3VoCy
zVWIgG98|GSMK->Y(R7AGx|D|8$Y*Rmv^}5Qe(2D4-oO12yVqCYaHdH>)ZkV9?A|Af
zcMffTg6;RK&;popG4Lj!uXOmXR7p*^CU}#!X0TKlhJgex3ob?Qws>(WOu#fO7KENG
zx212(mOf?6@f^$caZnQ<h>mJm^z`0R3rNL71-Im3y528}vY6j_f{Hm6JQ6!WmWtg9
zSuIL}$Ac_mlca&eD~G00inpirU`vp-f<kAY+QGAc?MC~&kijzW>SRd~Vw+a|c~y>I
z9kS{9-|9H>D!q;M4fY$o>YtNO8of^@+A^s>CsArsPVNg)DO-q2ec$LE>}P#^Ad`HO
z^*xbF{Rxr|!7B-RS%<u9l$65-e1tV6gx<1gpurBrjr%;)=1y}P_r}>c_7oc@7wjse
z&9euO$5W}etj*s13L9s<V%A--DS^Z_>8%m!=~2pQ=|0jf%lC~@L-#6KQz6HXovb%R
zn`vUze(*aadj+Q>r&Be8qz}Sqr7cN%axzJg!2m!GQzeIC9T8xap{TBa&x=BS9f0@;
zQnXi$bBtG(XjhzjS=8Fx+G2@bcJ3A05|&HES!29C?D2%#<BcqyfYkh%R}A#)m3wZs
zK7RWz&#QtT&3V7P{c-D!=6cos4j9t_W0RyVX)ao2&Zd;YT!z}29|*n#s>uEYggFSu
z66gc+2e}`T#gyxqaGLLcykqOZt-V}|d5y=sF)v%Q<k0p(!2hA`a&}r9j5!<=UA}OL
zj5pSF%K$NJ)?L@jV)<TUKv})o7+4MaxPwvFi)uQ0dH--d`5!%R*0TLjx$g0z8cj2e
zK-P5M;6yDR{t~npsES8dv)Jk=Y5_YfV21Pq;P)G)m16albZw%rmj@R@Rsh9yg`Sb<
zI2`hux=YyC#dOUd604r9?Ynfcv?CCQ&@7<lid~e3oc_qd4x6^6*gIb|;_(OHHgaP1
z_Zf$;+J1%{wkRH(Ei|d2Ru9%rS#<f{XEyc$Wkmce=jXLXzSvK{vqFv3D8*jB>bE(|
zJQgc^&By^?H1yxH$9Oty=T2A6#l5>aCNA$?ylnd9bVwi=6lpE?{YK37cwsd-8d(&k
zmDIB*Pb^_F^k3{##MTuoC`-FLJfk+J4AEQZoZ6h47Wl*9Ps+N>jHP8|m*LEGek)Fw
zmGL#kw~Adfr_#oUr_#Vw+GGoR1<#hTFNg=qj1TZARYLR0z#joUVm@aeC+r14h{VZA
zKxAlRC3Z9p7%uLzqymZ)gGyVjm^5Nhp*5q7F8PNf=uRM`hU$cpbb!S<h*pvGgZ_XP
zRNST{<#8MK=9J_Q{&VI1qu(a_vlIAXx9|&U6EZ0D0S+pH#xjLuB${e#mw)PyMEv>5
zR%OH<Ua_iI`5lqt*@(l>U$ENpD+T8uDA)W-yTz;@GWOkoe+dhgWL$;%PxBg4sI6Ta
ze%s0K<S+OmC%t*{X_|n-j!1s8Xv@x_osbpoCVQ%r+Cq~f`l&55`w4e0^wy7l`6H@j
zOh3)HVKzpp7k#}_y-~fBJSHIF6!eE!qZ^LD9FE7s>Vz;~o3C;PB5Hpm;6y4xFeUaC
zf&0l8j&}GG9ARoXOVFWd6Clwzlas(8_%&lVr)J4)0=%0zmZa%D1iQdQSdZ?L-$IrK
zBjrccQ+#%(rkP_G9`0Hg@>A*|5I1_O>1WW;@fT?5FfcTH7&?Lwbl8Ec#m-+435*<W
zIwJf9n{~MUBAlF5KfQ)jsRTWy#fx^zH(H>$5<SO3wVeL#XvUK?OlF7qlQwH<V`!X)
z*Tm?yjBUhle@ovxy1!#ygwFDz6W9}URRf$rA?Y`ff|zqwLQGL-T^PjzjL{lXUl^I9
z6hEUl#F6})(6~y}qahs4@qBRTLFGyHO;Ajdm4{5rag*v7TcvVu{%!8}`=6wlhycpp
zMB+)m^3(j=`L{*VyoBpi#;kKC>b$5>rzv_XF+v9zD9cb4RpaM=)FLWJ1^ixm1HFmk
zzgd6^(pU_`B<T(%Y;4#KKv|kQA~t;TDT0xh=~x6q!RAp0drCibSqwh)oJK)pXfRlI
z457rcIg$*R!!-IC);NZA8fh2V5*6B2Y|Y7SDDeY2<y%egIO#2={cjX{)7J5fOa&m+
ztgUeiVHrptvKi3DG1LMJI+Dp@Q!J$omFxY_JmdGT^jAbE5vf4(<SXo!F(bkr{;=YO
z3fPg;j!jtDcu{LXhJ&mWZ3R9cavZjDBZif#;#-AzH#Ynh$5k+?-biia)xN<oEs|@Z
zJ~Z99<hSUJFA7HH0D!65H-AhUNat9@Ws{}ZpqK$U1T;k-GzO_Hm;()DAzEV^g<wyH
zIJ;N^`!BQ{iIP^5`Dec{aU`qY%b#5F*PJ`NOLusznRrd>gavgIrd=XRG{$2!ldH>F
zZcOX@ickCa7tT4b^k-$h3pK~gva;5AswouRHX}im`=|PS!HMJNPaV@GX{1lYdrdC(
zsbEHAHXCF_VM#Q%!AxRQmq%G9N-$F{8ngEH3L`!=uB3zfq{jETd|aZENErR%<dg42
z#!P;5Y<ox6$awezN+W(Ckn#@8XrMj-ZG^@HaYKWIK{st;V6QF8;Qnw~JO?Vtl<PqE
zFkBYTp$_Hqn`!B8jy-y*SWcHd8XJ3oU6qR5mHhLg;{Kz5PToZijJd!~3~`F5hpS`b
zfGAG$c%eSRha>YvxN8bVKsfz~13CUchHa`O3fzesD>u+~Ivd1!`)v{1o;^71x6v7=
zQTdljtS(P7DrMh0^+Uszlz*6!;;6n9?54@dh=^IU2c~8va9RV(dySQ}ynp5QUxYL4
z5OKW7zw^VI%zuh!;Ls~dibv>KGPM2>6YAkH{}?<0eZo%|CIndFU0fA5l>jQ>Mbkf~
z;ODKzR^(lK`Y!+8{<8<m`Co5+0&KJzgPGIs;1BaVGI#<?=wOvE@mn6<op+zRV*d}G
z<L|E8KX~6`P*A>L{8l)^RI$mdl2Vvv*rjDaM=g+I$N+k4<JkLv`-EJL?6up3_yJTA
zv`?Bey)~a@$y90qnIPo1!Gz*=(uXWarHo(m{?_TROvx-TewDa1(Sv*YgrUOTRBC=|
zBMOjN8E{=j?JvBKXf5(BA#MWH0<9KUWQmCq9HH8u%x_D#wxm%%OXjn!)2Fxce&g48
zf2uW;;<qPxwhcv+$pv@;OD@RZ?JR}2<AMCPT6$jwxOIV=mEy=0J2p&unHzthn?Uy3
z0@Or)TE7xiiH@KuetT_u8@ih0nGb0TwUyQqz4IBoGgtKeE)FK(kGeHX02am;FQs0>
zR%IJTiV`f<(+UqHmZI@nkmUWix0S||WIPL!N#j=-Yq*<YE>h?_-b&+|1I^h_egXwv
zE&~MXf(J=h=zYmXfv4eU)$WV8pa~|wW)MR*u<jEdzhYfit*Uz69*6F5%Qt2o<KG(q
zSH>lH!23~($Pq_%+gaQC*0;~pYOU^o*BZf2S^4CPyV<=&iJ(*|4G<<8h*|<fG0X#i
zTocQW_yWv(k?tb&f|-ZV?XNcDD|h2%1xwhwSr0JBm2wzOx!d>(rENCWLnX)nm%SYk
z<%bP&sXU6$6Lz@t0Ln+i11N&#fJSo;-J$+fy$Vt<qR~#%j?=YUSn-{rA*X3K&z`a&
z{N7VGo7#tYEZCzF@QU>~46MT|WEg-jVk+!4jNXpAemE5L3J-%mkzuggkjZoQq^qKQ
z;ayx(VIU%SDDkf18Z_%Yk);Y1R3d5;^}?2wNt>~z{D5!r;H!f3g$srg!_8DR({1Mr
zXh^4lbPB7(?M=491_VBSs`~w=ibytcag*`BfOO;iri+oUXks=b&0EZ7E&^NOmhnD&
z6Hi=*+aEVx65iG=AIBq?;r@dU7VoeYx?{XFe5Z78BOV2kLs)Ran$h%>Au7F;){_0L
zX}SO!)o&8&d^|bG92q8$_?LW8p9BIp__)tzbG_!W*$@)s>n;q*a4BeZ@zjaGJn!-c
zoX<N0es&Sx?9eP0&5^&?<_6aaQ6~NY_h#W=5CXS6pQt1+><poo2!XO_V=Y3%90<V$
zg-Ga@X47X3Lv1qApfF6Cxrls%#YK`dvD{$P+Gq49qW#f?(edpYB8`|y{)>*f#>n;G
zs$)-spz5eQfr;%E)YR9`yXBViHcidtrf#AX`<l!5l@9hwf4?!Vqr9R*UjJxy$KnqB
zRX>VaK~eRZkOp&ztjl-Hv$rgK;)#Vg`G^N9=rDqatUz*Qn2|s#h#rA-CCf7yo4_|k
zlS~;P2rU;(Q$Q_|rEC|_lQ2Ogb2SBjP?~di(nLOIy!N}DSoCGViZy{fO#f<xrvgpJ
zpMU-8z<qn&`@^2`ja`*h4FNB=$a2^Gt|+&zc;NZX?O*xwm+nv7(t(<ES$bN`Bg3xg
zf<w0k%Yd!Q*7&d6z_jz%4H)0reCc>~ezqqYic~5t&8gQeY@6&?X4+aZSN-IX?FpY-
zwx*M|v^Q*By=$xB^RR9pH*>>6R3aZenhtaKf{l1UAl-CW2sl+>@Nl|HAzjjlW^G8C
zcxG?!nG<IyY~{W^E8ERnw`}J6gzkV2iht3r^Ont>yQ-x($5{RHtv7vcUGd7An+sQH
z$U(o+xGOpMW5p#3l9NiqNJJ9yaQJZo*u`AXL^Ojb1DpWIX}C|;32iuswcNosrkXKf
zroM6TW9%OG3cDx&Of+!)m!oyjoo5H+O9T6ibpBl<y)O{h$9@U>@L%rZ*|)ZBxaR8=
zbmr^VY}oeJOMm?<pHvt9^7VmeG;sD#<0ms~-!%TrLT}X0tbK!pj6c0Wa`T}+v~>V<
zPdPlTW=LlN^4noS*9sdQ-`I90shuW80#XCT%ofL+g-0pL`2FC8V19&h<aYuPgA-~y
z2yNcDXvI48<<or6NH5r}>=I-3#)&qcW2a}_UB}J|1U}AQV9s+_wb^`XBvBQYJ;{e}
zW@Q%EA4tzWU~K!%{8!i|*If1KY3Kjjr0?A^t$!2s(=hmDBi;Oq&Y#OW4xj6pjcON6
z|HYo_p6Wj{k9V!d0lyk<GbY^rMl*Z=j9s&9vP(Yq{4U=+&wcr-E!i)D)xg{hy^X!w
zFW@Oo5QSa;BXE)o6VG7_PvBT^6w-)N7g)(@f6eYJU?rz4)h4}DYK}`aQ@qJqS@L$y
z?tB!8$?u{A+r@t1(Cv2JWwhIzPWkEMxoOiXYicUVbhkQ@kSJo4r0!GqN$~jt`gS9j
zO<_KurV<K`Mn)$8<O~GBs%CKJ7wNEyC9n35%l16lr+Ra`Ly_H@@!v*1qdI%7F7CD-
z9<+02Lt5kCVzQyQWNy#7JpAK*J^gBLYk$w9`MG{quf}928#MCY^16Dh+&*|%_c$GE
ztt<mCtFQ$g!8xb;NMBEub~1{Ygt0u?4w|gF$pZRJ=_*MI$4x8l<d`$0+rqkATpt$R
z6!0<b70b7exmV&32Ci_J-HQ*WfS7Y|<{MzWa3$(D`o^aDfViHcBMik+5=P^q<cLEJ
z$_!tJsV36UG!~HsLv)hk<hR}m*BR)8n0dk#QIf^7R2_UsSZq*YG1hOMah1ndjI@=;
z0FHy77e&y}7)lIZUU)*Hs#P3&Nhi~59(yEnf5m!M2f)R&!!A^UuXvM!J+#375~d+K
zA6aMuo3wOWdzI2cBSX}%Z}?^$TLG4^3*7baqhz`U^W@>u{K3wJp{kaa1>**2=NdS!
zYVhMDeRgbP$I8~8=I++X6;ldD$Q!!o>PJO}qzQ{U8_Hr$mGv{Gt~hVUOtX$L7mH6R
z)vKR5qkV3Dr4W-0x}f&%huXWJF<EzoYnrB}&-;qFj|~y7lk)arfvV1FO<kM2SMFGR
zc1v75JnD*B9OK3$$uKZ(l0>8_2ojL!nhG42N@r4SDcS?ob_$Kq#jt5Ax^&dI@V(g!
zUNDYNobIhqWR=<AKd4U#)|XY;AA07_qpatv@3BwHO~$8;Uw+o|Z!=sLSS&Kdqqt=k
zw`9T{O>^tcW!iz8-~QbC&zkdwm7?Y#`DzhfyupB=ii$fKBpp>UqIebaA1%%QuJNcb
z*Ld{1AkQIo7~i?HsiA3U=Xf(q!H39Y+ssj5qLCc$&wbB${+VZ3_xD5zKy50dC?R5m
z@C3hTq-g15G;kQll~Pc9Qi+j#I0=yj`HmO3%7TvSUJ}@zEDe6?iK2A(34g}V-++|A
z!cRv3ROiru_N4r0A#*N~9}H{nG!g`x@@A@hSQ^ZKfjX$Jj32d|f@#!_I!)Rrr{tjZ
z2P<sGylRp=5juf1YJv;Jf*>PZ(y5VXd)SLtpb_|&gIA_?gV=U*6s$h!>QrF<!K}ru
zE4)9Fa<eSrg~1y(73t?$kF`(dIk(Xd6Hhqy;#$6+uKAsEfAI;dam5Dv*8uBdeIT*m
zxDpB(IWLGLBWLfovjb&bBNq-caf#&|{Z{+PBSx>71JEDf337mC@}GvhFHx|zPzq=A
z7}Qm=TLsfnpkG1nwUec>*&!uN44@gcL;j%%-tohD*@?HDW%5A+nn5X&@^~uv7k?-~
zNb;1s9E#4AFGf<WBGQK$??di4q_U*Ev(x68KxXU_dwumpRc=Sx>8lQ=^a9LaLWHe7
zU}h{_L&Zr^>UOO@kzKuO*J_3%?_0e~?#qk3+)r0yyHG=6PFG+J`K1Qb1Y~CJ%QTy&
z)jJD9^p7Aquo?v;L|m?@UtdveJl*(-?i2krnQFEeDJ5HzF%Av(uQ@W+_&1dmUL3>A
z=T_GmTU+Kts;X<*KAhR)zVqiATQ$Y2lr)B9ITG*Jgl!G1T>wPH4FLBF=@+&o0y7fn
z0Lpkj1dCW&rD|Hr7SyuJuUaWsSc%pa>s9D$@c{k-cd@K4$^E3|6ZoA_b{wEPN>dD2
zHRTLKFMP@hN3^~ruLr4LXdG$>Pz~iQgr{gvcY?wV(wxCQhJHaPtj!d1Jckj$PnG^I
z0T|5;IZtu?ho!M}A_t6jJSXS!sEp-K<dhuEVL|>rLCT_LO^3=>2jc=_ISg`>PAN!%
zVK5F14Z4y}U}w6(v83C^0uO>SO`lmleb&^~E3Q><`t6yOtHx(8oL3ogMuMAWZoMZ`
zcHbAad}rVKiQtVJVD2F7nq=5@$PbrW>lUV*-Pf+D^y^#KHg{Y(m6h`a+gui9+ETVs
zUNdL=Ck`$5S<hg6<f%g#AIwFe{ZPTOqGr+C(q2obqCG=Bse~(MOEJnui!wlF1JAu!
z^~U&_JEvWB+vET7ANjZFlCZ!)llZbf-iL5oKeG1i|Lh<0pNGu}T8LL+{P8aAStK(c
zKe<}?rZ>Uz#pLu#xQn*Jx@YlBT=Jx1nkN*av>XSR=%w!SVoAt-K3De|U)0x8=Xw_&
zwg+ArJV5b3m0TgV-{9-yJBP^|{7yE1ot9gWIWECC2eQk|0{*3_Z%sGR19cr15$<L1
zTR8^b)Ys`@1@qs3_1;|Wgm^%uqnPu#+P&yUko?4jYYj~^hRS4+Xo4wl9NBN{!dV29
zE~pqdwvxjHFd1tvx_4G7auz0F{`!W+WC})S`P=Kf)^tsy-1}N|QA1rczxL_FkH7Rh
zYwmmerCZnqy>e4cY@OF>(-tp3car=xOvn~D)cf(UI2)38U96^w9<FOx6y=ZH^3vmd
ztoiwu9zXoF@ldbah)vGB&ZaF~y0RP1m$2xE+^}~$iW%}^UT%~QOVG@Ueo;Ih;nhq%
z1KCP&jTA|jK*m#yAM}Mx)yE@;|3rRapD6_S0U`t2{?CN?5w)2Ce((;|NcCeRQ)wUv
zdXI=31P%do1*kjP_$c0EC=6TyH#3;apgdXyG04CEu$&W6Bp<-80Fy8CXyjbhPuPPs
z9l9Rg?zh{nO4ivOdiYtpkA-XMuhyM*+ugdY%M*4Sw7G_hhIUZVn#R(i76%n|bh^WK
z6y>@59ljQ2C%5#t0)c?5$HI3iEk4Kn_dC5Uiqh3lxY1ItDLa%Fuk-$YwtOLs(U2g*
z0l=`G0yU0=arf74epXgnKVgQ==FqFQ>nr_^OUIYFZ6CJ<&($p-tFYQ!i$dd4Wz1_I
zE^4<rELB(QD}Am@n?@D&^n@nVgt<3Au+QVJD8Hgyk>{)lavoeWM^=!naC>m0GE6t%
z1AZQE&8g?J>0Y?fEg$_?o+9`q9DJjog_A;V<e>l(X#z)r8@Nn>lT?I=fa2X^Vd_;%
zxJo0qC8y=IRvV)gn*gi=DN~4`=ZtUs``Ih6doa-~+x;9wJ6C0msR>VI(01LO&#_tT
z1~!X#-g%uZSm{Zqa0Z00B8mkZ&4~xETY0u|?0b`|9%Xe~uiqWM>41E@@u#=;c+RP_
zg7bt6k*4S}Hr7-ySywjqC);m-YtNqio*h4)TUM70rZk3|il*tZ%fobQ-8r6J%F5-d
zkM3T$V9u+<bT^i)4j;eGBavpXN^9eA9l>ds6T%jbo{~5a{py0vBi%-#9ZQ6k3H>w#
z<HaD17}h{VOdg-$ugH~!l$Nk104>z2Jh`aZ=<Ch)M#_@)p>`!zJ}yz8MywELvT}TQ
zg8I{2uIX2+YJHi2JJy(+Xib4S{oEai^LoE=?beVnKnR!l66+^VEDNU^(=E$)&z|t~
zhJ#O1)hV89SvdIzQ`W7CT>Y`e@JzKimZ?qn@;Oa+TfBVUrz2IKdGlk<v&yG>+3Li(
z^W%wyGlHS@3vYk)jK;bJ8J^25D7$4rru>>+4aw<yx1D#vLBIvkl|XL5(>f$YTSj3t
zi~?=I7!Dc}U@hIH3Yw=%B^N&)CP7y!Lw>A84AD>t>_b+g_#ZC{Pf0FGid;Q7Jfg$H
z)fjUJGQQd>b=`{GEkA|P)A-7yGZyot>l5S3Q%ZZNK3NvQc(UH+MY)3;o}N%!yL)*{
zx~9%v=ASTSeZqK0j9DzSHTV1_TlRgPb;>F0L`6(S%8+VTGw;;$S<SKe^E_3NvzE@|
zUW;4T@;P6kHWO=BXNDU;c6DUUx+y=Hys-J=gBP54^~_n*lks)S&JH#&yair}G-`F@
z#yz}8UAR6JoUt$wpD*Zv&&yer_;JulCj}gqvtt7cs{_ZsdvZYG;<_~V`zU$V!4g3h
zTso9VNWf!|_#wcepfO3{NibK4pRDB?XY{V#uw(t)GGCXkZ0`CU8&>zuX#57B#b-X3
zLjYypX<{qOpIdU>ye3b}!Wq#}C^}<di>GPcbxWT5M*d|!{<)_pz_RaDp_dEo#by`-
z$yg_4iN^{-ygV|~m|*il!9;a3uaXPYE9`NK0AXs!cn;oIZbXqH!iXYD6|yA#U@@Q|
zuVz!^K7W3IOdhj>Dd{JbS*%xy1tU(=Tpc#xlv&fAhe(Dix}7(JX&fL0R?K9CSqx-%
zexP8pE?`{-b(JLTN_&g97FbX0*rrB+EGTO9mP~C(h87Qy+tNHLS_$zNZ~x&B@3Yxk
z=gpbKrp)E@{;+??ZS(jaWcd%eyK~%D_DU()xs!kO)z+CaTU%z$8vHc7^TCI=t?$n7
zW4ltm+KCVGt4b+N!qJkF!&<b1<^yC2QUc~o6zvNla70GJB23FPj(`Jifw3cQ&kGDR
z0O}5Z96YA6tc80WtU~QEE{&ufx`6gF5puEhf`@n?gM<X;9$6fXFMtWHba*S+8>z^(
z-{q3Y;~CO-G1+Jjp-|w_G{rR-ONf)52Bv=47`bTwN##K542uYgy2lagV=fv%6J}ag
zoAJ|fnA@lGTTLA#-}f}8kc<|2uL&VC$YxQnXk|>Q5ud!&KpF9zP({*nq>2=6$6P}Y
zDP_?Ov4X%Lj)p<&aGzQs4#L#7p%cLK4G6Uk)Fv*4lv9BqyXw$(a$pxQ%S2Bg(KBJT
za1B&GRJ*4FMb<*@7Q>Ls`%TETm|!h%a!&Bh8o04}7<nLBEUYAa9(C+Y@E;a(JZwGK
zl7+ntEkPkg5-1tSx2YghB0wo}#O(X?hor;Gw}+(pcO1?wyW^!R8ZxQMsWTRA^SK5w
zCEFIvm|B_2G+go09m^0&Ew-kcqhl;q*TL_2?8m)}o_fFc$B$J$btE_E?yYC4ZS^$^
zTiWKYnnly#%FbFfzpZ6qO?{hs=GMFC<e>QyQcS2bDXvn1e<ELz5WGc_&=R&tcL0BA
zh@b%b^)yV@kw_P^;gU1%h6A-)rnLnrDnxUJb<jlqw&^aQ#B^Ia1xg!sWlb2DFsSb;
z8NSED&!UNq$Lg*Evm$=-G?)lt{AeK!iwoFZi^FNPI2_GZtHo!vW>kw!mTk7EX0yUS
z+`3b7W7qI>;^P<I$vmcbJn{>Nwhwr`AzSODRcoi$pP4)(x-p$P?}hU`nJX*DCC{wS
zu3a^$&KjK1Jw5E75(or6nnTw^jW(OJYwipRU=a!p2+MLHzpq&xb_;$Phpt6beLS?c
zx+<&ny3G#Zt9_e8Q$mXBf%&|h%Qj1y%;hf<+TfO;_b+SD(8}7*yydKG&RTVawXUoz
z60yh5uwJnW7j9nMR;DFDwKmqr>J-`Pa>3WNBOFeRcf#j4b+a4_%O>Lq&J(&)Az$jp
zf_Iziy%?9Tcpe>-s)`~Gw6z1az_i7OHKuVe9|g<x(?#g}Z194qOqzN@kbPDJ>1!aP
zOtQ!vk|=l?>qp2w)?aOI;pP#Nc<53Kp|R)Ag{rl;uDBy0bQ$Z16=1dsphoK+u|kJ{
zLnk6u2li9);l?5Wlo0O;ViyWg*j~Xu8><H#8Z9C0sW<}H``QsNSFloMS@9r{Ezx>H
z^=p>JV*<uN2H)tiJ8Tx4O|kkH1v>vYrSak!9ebwt-Z-&5R2C{*TR!RaNzYt-)6cf&
z_6>gGy6;c=Z3nK+TOTS<%*&m<=)rI8?EJ%Ie@|e^d>dC3D*{XM7slOQQ58KS0uTSB
zk69;#%R+4v=l%CzZmR3653d+k8LCd4@pBfq{R!h6C)&qVR$e}@?3{4jqxF~n?8sNA
zPno)Cf^Gfs@XD~w>$Qcnx`${?7#&0$189taqtJT{gh{1AJ&70v;1KCU668ribX^t3
zhQ^1I3|>BFcq~f71v?Crh=4t~e$DENmTdK6>$-(G<1c4UsFkbiKE0)*xqL;1OZU~<
zQ!%$(>6$cSl1&e?p6~48HLeP)ucNs$;Hqp;$|ueC&(>sCSFxhJxuZq**{kH*31>2I
zZs9uX;_7Tm#p*TdgZ2Qtp8T^Xl`9REu0UsVhtFE!s^NRS)5C(g4RyOJWp^xPuk}H0
zV&Z(!Pt!Jj^xkxm1Deu1;s>(kH$~4F+GbR#xW|y+PhZh12n$xgml>x-6ZWhSkhO=I
z|3d?o<e(1v^ttD<PdiQ<xkNgVVh7GT%h;%{{O}ki0=@+eGmEsk<f8=)N6{yU^rmnH
zBbt6nsvu@W#Aon0Qn(6Ve*hp4?|KD!sVZ@KP9~#9LpI;!4v+44gyakEYUfT(ub)_N
z3&?U=q#|syPslXQR8^<$<DG2Mr?d&a`tpQl(!D`&KcyrOTVYo%jnPUuV4L2pYfj#N
z*9CG2(F~mRiAJ|A6jik|nkM3_D#3dvc@pLIz6si=j2An(Pj{;7%%+Sysgx=r_=U}t
zwj6so>D`661FCVw<VZ<hO^cTTB!|L6#~o6_f<S__19HYTZTXDzS<fe4HGc9r<Jjx9
zjjum_$&=ObXk){cduJ}{UNr6+w(14T;obXsH}@tlIZxTJZk8*0vyp%2|7^ZT*~_nA
ztJ=d~+@_@Dad$2|XTkknwxtrg4__3Vbk#JQSX<{0<>Y?{jU?pULJ}C45vYoSRng|#
zEdTpMXLqt>+Axj`NkcDx{$BMx<L`6l9yWfFxAMQSx?er}lBh=-dQ8mgQd*<1-k|;b
zU)<iXd%{hRg4Fsn$@ujjE6V@XeJWD%N8{Ip5Vl8n?u2pqLbc5I(|>)}xk&bvsSDXX
zCw^?2{GjV5eiHOf5*c%Mr_C9HG!Yb#oEt`X4B<Da<x((bN<joAEM?3<{-A6{yc)T`
zXx~q9Z~8mxN+Je+ox<7Rod71tS##JY+^~@#DQhF%ZOV3s-xZ_=U=~xLuR$4NmkUAM
zOEJjeL2ZEO8}l<APQM206Q}<J9DA9RW2kpc_lR36E)NVi{U@ME;=Ks6<VSe197)@$
zAvdE9^!*`3#2xma1vNwj3Z@b3SxE5^T?Z@Jrw-rYQexzu16Be)W;)dJE!^*`ytO>R
zL&i7WD2KIEMD1gVE3UkiI}z3+dRHXL9AAP#>-9e`uMPMjGSk?9J^PJUnMZip8sCiu
zg7NY<*sKswl;2wE^Ez+6@(Sa%$0`DW+VY>XTUh0noGe*>7nlv_tKWFmh|^e-fD|X9
z9jXzj2;4%kFGc+n+;Tuzk8letE;pH>i%YOkNu*cBGroKL_-=+D{vIiH_&w3AeDWcs
z%r*F~t4vY8XpXe!yWZ99va5Zy_q!gpmYym69W4echN_*t&3^0jdY$<jjDEppX3LxT
znoM_hCjVHo!0lHH*?W@&e-l6haaQ<ANf&U7i(&h7L2lcmw6%kf5cGCDMnEHbCDp5F
zkQFRIFf`+QW836zB^A(o6UV12pZHu8e4Q#}n|G&p=K%XMgLz%fxZ2puu90&TFAeHg
zwkqylvnd^)-ZG`WYI1W$L-?l7tCwHVwx%0RCEJ6+g#4`WlX~M_=)nLxS;%erfp_eH
z-{~OW;NA?ZS3^7ji%VWaB!VCz=n+gB=?dVMkjfCb>?4UVqB4?X3juAaWchB-l(S+N
z&&yw}28{P7to-=1A742^=|@MhSYSpLTK}czOilmkc?&GmEYJTbJ@uTWPsh%h;_=M8
zm`z~gc%bFdb<?J;yR;?$mhnn!53RbM)`r#he&*fV4>C3C4-oB!pwPyNgSWr?nR{2G
z{cPy(LpwB!x<~Lga770JPsi~@n}Ir^GleIoBU#6r$99OXiD4i^Jo6Za!6Pvc^faDV
zd-qn^9CgoS9MzTe&rYz_JM`+nt+z%S>TMIAt*@+hWS*;Y*sAu9DOF#2>#ddbqs#Ez
zn8$dC9<$evRNfFBU3I<9QGNUERd(B`GA2JK;7W(gVZ&H?q%g`O_Y?EKDPaRGRw|Dy
z%GgX<e+UCqDvm^OEu!CG%}0|;B)KV#R3VMb_g5vV&Yc7IRA=4XIaRaf#A0)w|L&5*
z1t}z307!h`l0!;dNFqOW_)}8~V#t^+3~NAF8J}M3tg9J6Ep`3lA$E1CFfuSHv#fE(
z)Z51evrCqgPs-=A*-{~7Pv(+?U6V`+<g6*CD9!5kM%__)etU3fSGIQd&Y7JMLJHls
z7@u}v4%iMQA(aud45x|5dc(F#)F>%>3BKb*(S$*|6R(HOANCuxSwK)y;86q#k7&c7
zYg6PVLK|^h9HG}I8W#pHQ0(`{Vztvd>nb@!({t-wWz6pj1ub*V#fatmn-?Lh;Q~`S
zsjOYG{DtS)2EmOyxgcW<O!?IFH{SU)V^ih0a_Eu=4sKvqhaSH^HEn!NowIg2FLPA{
z%fdDm%Ph$8Tv>BNT$VMyBpU+N9Z!X)&S+egnG{$ETiRjqWLfO2rP-{>?@-*y%z`Pi
zKCw^jxhNEz)OGNZiw}0r+_}3p+qE><K3~Qldi_=yITYl#Le?!{ODT>7g*$*`O9#WF
z>4ba<_hMAVSkhvl|6+R+!fq1d6nEJswZIjCd?9yAA!LC12)Q<xLzts5YN}gX7LI`i
z4rs{Hv{O$`G3^(R0LMxp-j+K{Ve)i<d-gv7p~K)T@T8D$V|-en3xIr^e7%GsUC2;q
z&AAj4h<FR_@3hh5*bbpvJLM3M%KTzS0Jw?Pokl)L1XEsdL=ak9ds@-<0K-TeQZ}0x
z({5EyHR(;0Op!FrImBL&?z2>3uG^;5T(`}?=GHNDEkw~%X7MZ_ac%){Ey`)Yww7e-
z%367<7~1?y6I8484+qr(U}M-!K3dSD)q*l2A}HS8R&d|bHFy~^iqKD2fSgMG3(20?
zupRcpcMq}m55R+O72Aj;5{KFQ<W)Jwh?|qI<zd+PpahjiQR4ufLgH}hL;WB{+axpr
z!XKzw(I{XDa(-)xizbHPTi9OewWq40ZnH6lO~{nrFEo{HT*aJYo3<WB(fUGTA|nk&
zX=99&+X!z~XjdAW71|{lMuRo%nJPYRFsfb3$vq!_8FP(o)kTnyY@~t3IGx;={71D5
z%4akSH~~Z^*1hSB83<zwMI+g$xr8sKn1<oTkUyrFBDV45c3o&ThGzK`Fdz+$X;@)>
z<^-JC*)Mn*u9W%?KvF}21xel37RHxKx?t3yrP2Y|`e@{BBbZ&{d{bD>C=5ZM-j+(Y
zh+8_ue!&p!5OfQ1`=FTskkF0-BPA+{A5>hZme+<*cY7OzS|LPa6(zKA$^{0RrE93l
zHl$Du2|y^cpBB=I?<CnGYC_|X!`>_^3AcyBDc}_p;dmGc$W7WqdK)2JJcftcfl~A^
z&Im>!1TL_72~n^_A!C6Y6q_DPL(zjikPN1lf~}AwhK_`p+E7)yc`pnmHv~UmEe(<n
zC>o8W#$c2Xelv|;b;;BkYBb#;Ye#XFg<u*0Dk6k-wYR3)L+#?_z<SiqE*KoM)(jq?
z;X#X<+u=k|+eVM#ZQ|5M>Jgv-3|?EB#)!@-xs6zI<Y*EQI}zbyVBOOMxf*66g#s>o
z-jwNR3H1dnLtI7t@iAT?@=Wg5xC*_o$Caw_@-T!DGI!XS2D@gP4S^5coXN7PS@022
z4V$ZMm)#zlW|ei7xdXDL6=$6}qlz4nRbA&yQxPiBujtmWrY6ecnx;D-O0_bFF4wwM
zr((7FRhMjaSXJ5Kw%C~0V_{a+Vv(aZe}!Iw2%L7Clf#hOX~P>;)gtRLn^NXg6@|$#
ztZtfsm<JwSV^Lk2jt=Qual0%YZU4DCLIKJ)tHv7r9Cp?o7`W<a9hbdMXB;i}ITXcV
z;bCaUnOu%&ri#WRZlX%K1y9K~7sQf?rxJqoD(6l|KvpX(HiuVrNA-lCt9G5M5fudy
zwzS%($_O!N<p>iT;A%*fofs$1tQxmN1j9&eUZW%S78LRhM4Lq8F^o)a)ZDtt)iSwU
zmC-ZR#_bl}f*6R5xpnx2xx7jcU#4XkZYw0zsuj{|wOZD>tc18%mVHi}M|N0cFL#H$
zhmYJN`(+>W^j43|ZHisfX{tC2x>bi2!Av<8lPbHdF2%_)cQEc$WZhrEAzO!O!5DOB
ze3yBd&B1hwrdj+v!~hl{=5Yd~IELO@CaZRe<f__iutUJOLII;Gu*=mHtA(ppMYH;4
z&86yIr^TaKf*K+)VvN*~yIi$corrwO@bM-sOcU#NC~mb3V`(D?1s`5u#R!D~cje4&
zaWRJ*W2RdXZJF5=#E0Yv*{PN*h!?4F-GTwdaJwUDf|a>+)nip;O>=0n3nRJsPMt9i
zx?pEfuYx&qVH#O1tuV(KvRsFl&UUM&)@oW5A5C)6Gd$2xuBbsp#@qCuC&aaifX$N7
zbf<<dE_r1IeXUXa7UuNXWzDB4s-=v}mF_sR0&aAl0%d`f1Bw9wl?dhIbf5)(*$p2a
zu2>p8wz${B-7w04J^;`tTQ$2A`s@my4C52btm?8salpNH-2%;s>_gx+)uQ-4R=mlM
zuYg1HZP5|#6{D(Jm|cN}0<Xm!aGRzM-kkV2-UGu-2esCMX(mXM@d7L>uBm|Hat$lj
z&aE;&Dvmj^H9M=l<?fK8S6D!?$x?7AsNEpsBSG>eEK>O*BDAp7ZHHP1HlZZ@M2L3K
zsT3kq4Tgoi6EjIG{+ayQ<mb5&X3mGw5AfH*<Nthz=}<HI#&P(7(XYR$-gm9l?KNp{
z_InghUP_*z{Ls1w*uM0P-JdoEOYtgujs4KTCVAByNc$l2z(2van7$Adpp@X*orD!0
zS>lP`2vIHcaAUufIySFJMEV;!1;&&dawLSJ2Q~H45fpPMOMioq3YgZrII=fSmm&Te
zG0ov~A_-eh#3e6=iUVD1eru^&y%yh3@{0&@ur4+H^bsXhYEXWO?;{}$hzJfR`6KL2
z_BOsFgQ0*9iN-_B9N8{n#zv0;DKSZFgfLY>#E64HjrcOboE40AVG|%3k^<=&eTSM<
z*$iU7UZ};T4<M9h@T#K^f3V)}HL3&~QzK@IRQjmXeHelP`Vs(S_9SuWTZ0A+>mFf+
zXvIbb<2Q3oNTNXAHQ*IVGD2SiA;%hG9mPk0Xue3UU=<Pv;urCtxU0&>L+paP(P<Dl
z;)6SP8xI)|-Aw~TS}ACx?#7qM9=h8faX9MG1;n}XR^t*L5?`X~$440`ikAGlQ$JUg
z9`h6h(IS6bs#&~Sl%RL3egTJwGnK=*dm$m81ZmJRX%)IIY`ZcZGExFV1477D*n<xq
z{T1kfC28?%&?p6WBeMAsM!0yE7fSFYk6pZb>6YuX1v{q9=vI}{pN+P4FW!CI?#11<
z!e^rg&DeJG*#!$zIlg7-?u#E=qIS=ivSWdEooPVGbLzEA7O}Mrjp1bF?RnQ}J~6E}
z3%gUJy6~mx{3DB&T&r%oy)qeYY+xJ3O#(kz@(kUrZGoL;93B^!U=)aD0V`YuE)P@N
zB$K(Z2=oEUrEn8eVc}YP(Zog$w@IcqyNPGgcor!NaUlHlA!i|exSFX?M_+~sX_Xwa
z`}K}GcX`B7EytrrD(dT^_eS&6qer53>B@Vf(U&Xg$Ci?BJnP<NJFZ!FWZ60AoV|0$
z@|Ty7$>URjs68fEJ0j)ox(?lMM;f-SKdOlAkMchv5v|xCO`}jn_2@$R*N-mSzwE3Z
zE!%PJ+2@>tnn!18U0|)|fLkjtMuPK)%0L*40*xxvH<BgcOH;YmA34zvbb04ijwpQ(
zGd5**@5Tf5H$BC2kGu}2#9hB`i@FiO@98_c4s2X7t?I|%9hX3tJRWt2F$;*AE>>8(
zX&o=nps<}+Ssd}hp(hEdf9sgF@kDOptPb`!tRK_v0|I{IE#oNv594Scch0#t-gvHD
z&h9dCv~k5uV;TE=b&}m>T#*!A8G0Y`d>QymmljE@rH#@KX}7cww@8W$OBuvZCmAEH
zZme+-=b%9;Bfi*x-jZc3s8+f}<ZBzLdj+*khPH)C2eME>=cY(lhn)tx9njL0a{-UQ
zoEZ^IPzlwHKRlI&mXZj3SRb%<daL}T;K$je>_k*nt8z|{*Ogy%nMDCjyl&a9du}^>
zrCndQbl3i6Gp){@JDt{<%l7YDx=vT?8_(Kv&#q<bbd<DQ#=qq9dYri`RgRum-PF8f
z^@a1(=Ba5(b5nZ$g{#dIbM?kuXGUa~3OecMy?g)|v(E~e&!t4<-dz6gU*vXfZjuq>
z%0QyllLg6lOSi%%PFQ$HX8EG!*Y@0*Szhh5&YNd-Rxi)o*)!$R^qI?B?_4-xB2&8A
zEfziNsZ9j-HtcGdlAuF=O3SW>ggEfN$@WCRGCm@EKo+t8j`3{PSaL<L1*&e35;6L-
z?BHG*n+7Hg_>1<9YD9EM!ZHM3W+1Wp@aAbEXnZaMI%<K4+gcDW1MwXFw22V(ioIkw
zqY3;^TA};^eNlnYCl$zJe`aUS_!(=&7K`I|Sf`OAZ+$M+$-gj@3NDy#`7BoWb^{(p
z9mdz{erEiPf7bY!@hN<Ru8&-_@kJS_u6OY7O3usy+8Cm(?^3T*uOl4@c_0DYOu?h+
zcqH<s2#!LL5RxVI1pHHSpLRrYR8p^dc-yTP4*u<m*B*KJDt?}As>f-|KX&Ft8~69f
zmT60~%cteP5vi$6m9qz7RPC@C7frhol6pSt!UwiJe4%W)>XVQB=8F7dHiu`bji0~p
zz{X2@2LCo~d3NbEKC3KM8LKcZ!o4mVdk_-+D^b}x+QSRBIx^PoL}`}!jSL1`I0P*P
z2RJ+@_`*#=eGL1!qA0=i<0LQoVI>;oD@;^cPL|*klFJ2b#vg1G+@@A8hvAknO$Y)x
z95R`{VqW;RXCFSD!OEg_L<q?_*F+mDw*`vM@h2pjQB0ClqT%rmVqQAxRMc4)HU1dw
z6?0PT6TDYTv`qpPX`@uvunB<vf7mKU$X5%xEz)d(qM-=W)HhT6V@8zzu>9y)dBret
zYL3v{adD({zev%6y?Lr6Esmjn(3)Av)Ul=E2?~m)=mq90?9h;lk7`{}3pe)q$&s1K
zF{1FN9xc_j9XHjAqc4^gcv(Eg?iQzfAB^J6xs-o5_6i$`PK{|npWL+W)xW_atW)X%
z*1lA_4(LFv8X<hmwCZU{A2N`Phz~(wKk^4jkWa2bgm@u`5E~Vw8~8BPn9jp>DbvzQ
z)TXAVVd**c{z-#y{pKYbyC+SYRM~h*#4<7A_e}R}WDC!4>Ey-%ZG3n4_{#F8+Ox{e
zpFHovnM-G}8`VFV<KS~q9OC0S<BOXZw=~STZKL{D>7CNiTE2L7_c>=&MzfX<+l+c2
z<C%l!T;-V0vyUWvEz4UQ$A!x)CQoUZv}{iEvZnU(PUD;AfVzBs`RWTUsDG@^;Z643
zXk2PsKYU}%xQ^&k+|W0z7r3-wtZ9O65_=e#{1Aal|AU}(K-`!c8!(Z$7?$Hi0g!|o
z{{{6UJW7ae&a{&tjQ)eL#8wF`meT$|-rfVSt@7L(*L#Nc-j+Nh%aR<=cspKEVrMwh
z*$D}W$#e!}6CfmrB&<Lo1PGMT7zzanDU{7^dh3=^S~i8Yw6rxX<)gHW_Ldf6>*V`A
z?~!cTNq~F*_y0kBmd<$R^FH(U^phXp7u*|=J(KGjd--Kds@^$qv(aRg&GW6*b&D_B
z*3mw3;#-q?nxcPWx9P_C#zv=hb$0FEHs_jgHa*FWYi;>9IZ|HQ*4&wxKC`@XPN4u8
zGS$P->P$q+&sq9-@)DQ1DAu*R#TkT5c~j%k=BCA+?d@&uid_FmO}uXNnue-K#aO4u
zS8O-yt(Hw=^JCF6p>SGEKQ3D2@dg7etsV0_^T4NM=)x+pI=P_nBD$;Ask%Yu^Pt)~
zkY=yP=gO+BT4VCNL6ZS^ub~DSG#*sLn~LuD5(aOk<w%{#MT&R~>bDrEMOsH)T|YLe
z7cIe-+5?3P=kCaF%x6MNq6N8tm{nUIX<fXeXHjG6SVxh=qq9Ngb`_ScwhHrKo^b(W
z{qlIH)+Xw$S`RYZO`E>)+{5?o+||<RwL5a;g-+{m8ge--2#XowDInup69z+$^?XZQ
z`)B2Yi)S^5D|4OUqTI%&&f90NykTK;yC(ugz(OOm7%_{^Z)PT~Eubqlxs)rOId?|I
zgr;$!a7E?x8N0gfU^9>B6rI?Y=^MDhlRu1x`*EnWl8^vaXefW?b(*7~oTKXQ7<E3n
zZT`2<M}KdmKO;h85zVe9bmpGLS;r%PQAXT1^0$#^Uv_8qw@BRWBSBV9Ky>Y+c|;p_
z?a-kzd?*gV4mz{0W*wgXhOC#dS=kvni4F%(-j>F6a6ul3K#x&FsI+lb#Qmm8@FAzp
z0v7cVrGSy(414K2EV>a$WhKrNCtx>t-szOJv_J9U%9Z)~_+uA8`)o@K{>0y>ucW?}
zJ`jJvpM9&Ip2ef}^sMvw>-lr}E0sb1T+6em<>@Oze)<5zPD<zhB>vy7@oQ!dYl|3s
zvB)~)84A_|n2;2U(2@y{YTAMUQw2XTGHvh?rg)XKS|S}Vt-QpN-?A8<G03WmJe#3+
zS;OYINFEX-$tJ|OIc#<5A?`CcgIb<<jSoV7A!!0J)u$fn91Whgq`t?4sinR_jm>9;
z;*gQQ1pPrhX0ZA&n^{6%@2w0L;w6DT@C2wI<h3+kHVtPgmH`MaboONarqo*S07SS5
z$P_n15P=6V0|f^Sqx5uqy(BghicZ2jAn!0OS>j&bys_D3D0gpYz3@MKcKz|%^-o-~
zw6tqxz8=^IT1U<6_uqW~RU2EUS@luG54J7LS>=#kQ8HQ0=WvTo=<F$l-;a;G>eD0J
zUfA2zz31}wo^OTBA>CN$^;^%n`R%*+fA`}>t&yEe3aTe=ThLjhET6n_DZBVD+y^YX
zZa}*j;`=kTbE?U;(v_pDupxX&<+y1Ubys6>Q>6=hhBD9kmdF1*dG`|=dLG|%R_W}S
z7LR0<wT|jn@4e~XD>k%H<-B!Otqc4s{f;Mz|I5VbUbMLIp?D*U|8f2u7j};8-hJ7`
zwYP_4qqWT8bG0o#^449K-uJgfErmN56;w^wI&W%~vU2sUL&3Zx*Ce@Z%Ll1u9;by|
z)`k_He2PiH)QQwVWR^j1<zr?6qyu~ktwGdTWHccc9rD0MJBTXd6Gu+iNF7)rq&27+
z&CrUiJLim<J+-WQ&b(5$NhmQES#k`9X%n04x*~~|x;c>zi<N&bxMkg?%e@{;@k4Vf
z$3<Ia&5X5NxM5;(Q&Vw4Sy@4OH9J3<OyD0Q#P}hOn6=I5bj3Q#Dmo%Cz7**4Z28^-
z!O=2%!KT{Qg=cMfC6PF==<MBMUQSuHxh8LMP3fevd~-o-&xEQuwWZ}{V`3GZ6)m%C
z6u1T?k@H~`vn^>tXs=mdb;m;P=ms~4*2>4A=Gm@k38h?%QSReOqnb`hAk@KZMmg2u
zWEfLN3)Wt0HkaCLTH<VI0Obp;2Cas+tE;K25&n=^dRAiWROQ2?2mU-Rx@6jZ<_Hyd
zD!ezoICcEYUu<D_9o#={M%ARrRfl6;fx5!+8xkdRaw^@WtxM{gHZE<j+T!kU_IA-8
zs_WT2uYU5@J>tf<-dg|Wo9l)5iYB#pC1;&A@1pJVx?85qIao2*S&|r2R3-iR#<{oF
zPfRQxf6ZA_w@+zKw1tD?);3+fXKp;)yryE^y1BK3HwS8$x8;mQV#5maSV6EBHJ;r(
zd1G^)xM|aGf4k{zlF_*CMuRMdx$uo8X_==-g-VJ7nu_4OjUk2+h7rXOCPY+@LWGbU
ztA6yVM^XC8Z8y#=v5@YyWai!@duNuYJE3I5k%1)9CMkL3L#Uxa%VGf?wk+Ar`mXAV
zx|RO-uQ_z_tXUTyQg=!T@;BoFg>S{gK$0GzyhI>kpkXY5>{v-ewZK16jcHTCDS)n|
zB;WynO)P+<OyXJm*agr2S|We^SyWskEH^yMg`70f0s);2;tTv{Y#8?^p)<TreKw&<
z3Q387m!=EJ<osd4VIb%TA5}jjC9>bc6B47$cs8LvI}}C4Q5S>+FEgAs@HB<`WC{<Y
z#)Jm{aXx$~jt7}lflUo<g*S>VwBVzA0`nn-bP4Ao<!m=xM6-DUDLK#!1Rkk-AnB4`
z9(F8U&Ux5AVDeMDK$ADJRUs9UXgbtRyu8E39Mx>U$!dwyv?1hASSK`J-FGbeMbr*x
zLu7|m%lH+2hkjSvGt+mRM~954(F6$fWSH1_eTYvMng#A35UnSOG7VgL5UC3lZ;X6n
ziKIgLpo86jj0t7q*oG^{O*y}Yv6}OzjQcK|I<9nOr*h>o<Al;y0Mj#HeQW6i<5K0j
zg>C1}n<@8ASRpnIzE5nK7^sT<YgI{QRaIrl?%&7R!r6yvl!1h<GOx(#EXu3YB|h?(
z+%SGt&vM@94}<1!!jTPp6iSQ`0m?JT=@ne_NK*xJL=?&qcG}@S<B3rAIxjn0d4jEA
z>*fn{SFiidYUw)V$vF$hFYuU@Cm|ZKPFMq{tQ-HpYvOf-Vet>Fx^v~q&S~eIGx)pI
z3xad~u1PidHK|{*>)5Ab#~uoeZ7ldxy6w|z5IkDJH&EDj5!9Qc$0p4rEi62FB}~>M
zO(6s%D0#J-i(XOQyZu4s=jZB}{wkx*uIqerSI-X*&Y5%YhdnDFn|xK4)nngA=DOi_
zmivmB3%K0(Ub*P{1I8TvL4#mi(SzGx!&6fx9?Y_CT)Jj6Kysl(gPrfM@~;WoDxATP
z1$if(DF8u0%3&=|Ytj&<PAjDh#8Mt-RH4OvWY6IGGw4xiIhEstvCE}7wEbVB8wvDP
zxhYn9QnS}u47XS)AYs=RgQkEpV1c5jC)Z%`A_OHrX0$tu!0HjKR<`VPw?Z3u>aBa3
zrj#^!8>4m6P0=VL>tQLwx2!Oo;C*&u4DU914F*z07F+ODQxM;WO;+*<_zb>v>a8f%
zX>Q$nQd5e$#EH`df5GPl>4YdlELnfx6qsRjGkfN$uYffO@uTDugGDlyv7~11$aoDh
zJKB$8xEz`6@{IhGr*B{;b@%Tz+F*5sZcWQ_ySwYwgKm47u#*3hdXevh^nF)<!xcGk
zdBpV%Ld}A{d&Z~NGJeB!!K9{$KFan6%B{hGvQM7bGV@?@*UXk}R{oRlBH!&)@9R?r
zexH~3JEnbtUUKcH%40OHi7uc4Ko`8U{=sVqqXe3I$lMs)B*Pcg+hc@sj&VbvU*H!;
zp?(nuEX`1QlsjI(Zr`Gyzv7nNrQ;^GzQk6&{yLkJg#{+t{HK6{eadcUAF$h{B#;TV
zyg048d+D6<n_^o1)qi8ozx{L=Ak5=94L;cSSp0zp)b&BdWN?GFt<J8+P#tPxD5dvH
z&>Gm6<1~Q(7ndM|`@ink(0xv%Ft@C3*7R>O;~jUTzD4*9$G-x_L2mk5=ndCO$(~2n
z&b_6valYGCV6^r;^3o$8T=loFfOHu6{HxI%c3<#1Y}JD&HR2U=lB`LTdmB?6^u57F
zk@qm*xQGel<|;7?+92+9no{ps@+8E-NzW-8B)!w(lz%4q?QAMij6A@ufe(ZDbGLtB
zca9+E+Qs5E%w+S6<E+jchu)}Et;FEMnw7@kp(v{?eKrI`1b}24CkUnfwAX0;foMs#
zWxf)TJp*~AQB)q*qSL^t&_~+pZbiej)~7u~<hJ@NjDd8o0EiOYogEU{*Oz${-81T}
zb_RY`pQZQ1t-r5vm^bMIuGVbL619%$B?=RXykP6ARZT33mfU$uZFaQ$s8ha}aef>?
zr?hI2V;A!v9v4e6fO3<!ymkxhcC%K`3b%=2m&IhRTHMreL8;ConH)}&<k6Mxx^fpk
zbvpRz1szR`tIR+_W96EYY{7qC!z}&xgjq^cQdWXD3D2gE_uO(z5Al}Ovu0Hb9j2JY
zWvr-})?zHuIvm;}W6QMc<BAHS%OVR;GRKu&H~i_KAiS|s5LOaXO7;%W5y%{RXbpmt
zS3?GOMx7Q02QflfM;52_NPq`%cE559ho}*`9S9x>2=qxMNDnSRM~kfArLY{Kw=)JQ
zU_PUtJT_Vjz?h<YdRd6yPn*=axPL(keGC@{)s#WzCyNd1K{tqm%2$G)N<!0746QlI
zl+<-G^nofy`qI%KZf?Q!)sUP7!5Pb_FpO$KssSD&P0w<aAlk!g4?7Ya1fky*aBZrk
zdQ`8P-aBdY6$h`_JgLJt#+bCcXGvn;kz7~a+#*%x<dj>+SGc>DceyLZTgr2CDy5d@
z@^wqDfAT+{yncy@MsQgws`0kajM}Le&n_>Yeeu*avrT2DZ(e`>H?f<&=C-X>GqzXf
z)<=WEXl<U)Ur}9FTU%CL;rHd$(zW{B>g_YCw%)etfvpoJY<+;!|6Y!98{n}zT=mbD
z9o*gq)&O%9-tE<1I|&+S8Qx{8)rL4j6*kRsqSs|Ho0T6UC1rxAr0hm|Nfq$&L@yOv
z?p84_SvP8de@5JgB$n91%Ha~i8Bj`Y^MJk%NR`w_AR$~vOCmZ4I1`9NMqEe6N`?u;
z?R}Jpkmgvp@btEK8Jfm^{^EX0df81$FIO0aj79#M^T{HAI}@9ytbj#+-@QUNa*=dX
zsTEWUnKpY-trg}sxt)IBI}Q03*y+D_2zL4zZ3SefA5}&)oth#Ma5zK0$}m!5e0@n7
z=`(1BJB?X|{gN{FqVc*7xZi9B&~-1BmUX+7kIqm?6p_nOJg!%#Sq#0vkkw0VI~uNH
z161l<aY80ltn{@F-cSPu0IAxEGvJn1PL4*L$Kti*r<yMfIlrjpa4B~9!oedK9yUdr
zdOEyKlVKX0GA`!;n|vT=!;uieph8gU@%^M`==+TN4%jqIN?+R51>k-lQ+qBvc<{oG
zy+^h$wbgdK=w96l?6R)b)$SMD3VM19+7d@LEXgaOSzeO2gb+H0&pLJ$8YdLgmbh$7
zw;$OH+w@P~eHUnJXba+dlIga9jx)o*0f0y6a07(86*gMF-c<XrD)I=nLL_MOhCtA1
z7SPD&ksRE*j!*{v3m29M=@O-m)qZEnI2ES)?st&q+30AAP+VKM;5gGCF9_3dq{U&>
z24e5rO_#<^LF*9mH~uBsR(h13N8f$-=mGby4{`X8{37suPUSqV;XLfbNm0H4$0^OB
zU%L<Ri&uMAwxMY_Elz@`OQOd~nvG)Kz>iLb`Zm3WLUyW2i*<P{jn$6&s9s}AFGr7*
zdIvQispKXmXbvn(;G%?R%K;pVI357c*vm<4|6t#;1G44-+B7i~O9#F8h)6mb`JB2E
zz5mkaIWh4y1LnR~fE*w5x&-)J;_VB0PxHtyhT@P=j{yr_LOo717~15Pu0*2ii%)gX
zz6@wK9ML7-J(@VMj8HX633F5&+q*?cruxw8k^y5XL^zv5KV<=<afO!0I#{lmh<3+1
zhXJLEtqyfaah`{B20VHYgNnEWI#zpvI%%k<s8gnl;|T`FO;N|j&{ov&>!4}J4^UzY
zxi6K(v>5!1CV^<eM4{B%7$V)YWxb=1zv$z5HdtiE(1GJITD%Fv3Og6H1S;0<Jk$YN
z!Sr&S;lO-4N0@T2LI|hQLNZr5vy64LP96oP!bY9T$H^BY?VXT>cftX7fzhn|)C_+=
zEZ8Xxfg5MwZIB|VpKLj)1Z{_}!d!d+{wM=U8irbo)8gC?<;pxW8)rV@l)xvj-V+)T
zv^;J3>>aj%p2X|<+pwXC^K_q`&ffNr=0}=WHGj~20uIUs52SL22;<TDvFk8`NHsz0
zB0+Q!)_(T+==*8JecA7$?;m~s|N8l_`rhdJGVp$C+&(ymQ*fV<^>hdgeE5jCy#y^|
z*uYVC=vd4;&c1%8<NrVI7tT<Ik!2>FR;n8Z;es}G0Fx4VA+hbxRLu2XLq|gu%(|8u
z{`t#~{<m&aPWPGNlAXALz)kyA1}@8enzWZ+GH0ID{8sbX|NB|;KN+QI(hsh7c)aFt
zHj`K$Ak)S$PbsLApbg;zQ-h_Rj<Rv|p^sMSA2gBBKVk%&+Q}nF%J3auXS9CZ(RUIw
zPXQe~smY8&{++DysE6bWuZ~TY0F~^66rA{98>3$_q6Tk}k|844p@AeHS7M*)cGlg^
z8SXyX^5gR1=|k9As9JvvOh+P(H=)|6TQsXiTByl4RhMDsT)g|zeTd#v9Y&flPBOg-
zrkpR&DsRHKDtCt-Rqfa5t`$`Mo$?~=*H-;Ah!oO*1)IL%MR4of&7hywnV~~OjtBZO
zHti&lfq?6IS0d1>T5<TJ)5(-A=$<hfQ^&ZDP7L)~og?2vuM{fC{6j1r{bBjXQl7xu
zxKBTL4lp-q9Sh-aRKa7Cu+F|t)xQ>3$fc*#R1x+SjiOPKocodb2Ksu3xy2AJGV;JU
zO>I8@QYI1{8pEGPmz0v+QlYglT|{NUOT{{v<#draSsm-*bq!>_t%KVTuGYbX0T1O;
z#%g>rAU<?Sro5~4_9v9zPNL@T?oA|m`?^D+WM5x06zcAy^KSZO5{oAKSvQjrZj=b&
zf5>50Lx}bEhx$T#f6}kVzMu7ma2339s0o=#h}TW~=xCwu0G}5Ig{UD<IfAsPbHp3M
z4PmfJLh__$dL8UeV4aV?n+UP~kk}VWP)y264KmOr`uh6bJ&H^g$z)$>u%GjfNp9;V
z{tG$jGxUe79odwKxGr@R(*Pz;Hp84j`k*LNMcwgZn((+Z5?-he_CZviQf<(lOm-9|
zqV!=e{>QMj8mMMzd1<&@s!C_5NJE}j=^~+U>ckpdE~QT`8+`-cQcH!;k1UyxKv~pM
zjebCA8d)#_eD+N7zoZ&)abrlL#q=LCOCmhMturv`bQgu~#%e$$Diw&ydjkj6Mx(Ne
zUBwQb_VO`)1HTa)^_E@AF7>%nF7x)Xpj^MmluNZIa{nLXoZ$%`eJB^1Zbw}d=24l{
z&s~Kt@Ncm<P_ENm7G|ndpsJwol*y7RLNB12jlN9%I8*ZtsYaSNqP<4up>V40HS(fV
z^HsG@7n&NAy@7;xC<x1{0Tqj#f7;8uy=H2Tp<LV5at+&GVPMN-qURY{c;{waM7hpb
z-P5#!fS#n5$?kKs6BX<<mx&f(d<olmKay40pk|%S8e$koG;q>`V(8T(T0l9?5J6oT
zxTl%IyrFk~?Lly+-sbO|$t+ThNd1a(@>%fpI*^@vraobsnXDY|q&}g#r)SpJXne8!
z49%(1Hy&eU<8f^uA)pbQzk=-{ZOeC)ABsxT5M|8)chak{PUEtC!C3@tg4^~}{h<&k
zK?1Q*DAi9!W-V;gLP*5VNH;>aiZjVgFFL2yLPW>f(iK}iQNm4#YRkmhC9#B(?8p7}
zAjV}#DVKXeU%gZ|T;ydX7LXSX%%EId3!?0<VZHQe{?>^Dy+9=8pC7>I<?db;-l|vJ
zVz>7qE*Exm0R>W#cE#>t1-EN(UN`YM-B_ilY*=Pcz$ElIIz#}$P?@nd(yDN3s|^=B
z9gD)glWqYEwFVp^hH?7VaxGK8s!<-K!iq1CaAxGbF`|a+O?;}y{+Yfm@Fr+xBROL5
z!LM=bD9uTzQ8m;X0=9kB1ifr5bUd)XkWHp`#tIHG^(pE2)B1jKW+)UI<TpsP&0c>@
zXbX)dWM%ez7DB>nZk!Ai0rL?SKJiB7*ObeaXS6*fW3SYkl^pknr+_FxcavVzDdvsq
zZqn;ln?OQ6X*XyICSVLM<PR^rr@ukeZ0S;xU0cY+k3|lVSR0Ns7Wa2;5usr^?GHkN
zE^p})`p7kaFONqyfcaH#Kh1S2@~P#v3Mgkr83Cb%vkpU}8fvC5zd_WTQsOOL3<VRD
zXZS(tOC?5^m>$^Db%yIyZasMUgtia*CIcca2|bSHUvoMhgV-o2#WIl>nLX*yN&Q;w
z&0HD1SMT7q39n$CjsyhLHwdkq<4#@8cT$R{B-k*0ux0sy<;xF9pQ^vU2nFnxUSZ#X
zWt3fV*@0(}j{&(0l>fuIb3rwvr>><JPM<FRogQ7D`nLMxAs(cmY*U{+K=lJ3oAwzo
z;S479%qZplqS?bwRQ*3Q0D-ThpM?&W=gDPm5e6r!H)>T!u6cwX4`Br=IMx5k<ERP2
zRbF$6XhU9HyUiiXk+zjvzj@oresavxAkmYC66gv)yQ_}%en<I}t}tM5xNU}rwxeN9
z@6HAF1!f9z=C{#?kYtr}FV~P=FA3i(!bkH#wpfgs0QMK2mY~eY=9hKsBf}XvnqUW0
zLB5DN(k8lKEQ9Yrg+%5sZXHwg=A>4qxCrPsb6V%O=Fmp?=Fs8O2hSgK>y!tl+){e}
z!NkhLm(RU#?&XJ9Ci+`rSKRR9Bg<wb?>%_shH%@J!J18XZ@l5I8xO3%dt*)TO4idg
zzoTRR$j!wU+~+ZwJojC&c>nZrtF?Ukex`r*;+b1oA_lE%Oxx-SyI=e0=-kCS*3O<E
z3C*3gcE_SQy{Kl^yz&upW}52KwE9x&%dKTvh~lXPms<O1OUY@IqZ2jt3;Z{J8;4#L
zJ{X<3iLU{=omc}LSOF$sVAK-j$6D-h)1m~+7vki3fwBq)$7>nuHNyF`<N{tUZZQY`
z^JjGfeZ@-y%5R)?u%Rx?VKL{x)gl#|7l|y~fD1h&kE>ALE<M~n&^MG|3X)x4{aId{
zaCW4$K)K0pkCYX#jo!z4shVn49$?LNlfK>7q})_D3DyGsZ0NwU-l~cawJQcwdS1BU
zcZqzTBuk;N1k?zp8gi#X#oC~E&P?qL_@TyLA%v`gJzoIjA4-i&{wL=}f3EyIs`m$S
zD)l*6+;>Heer&a0G4gpWKupI!Hht{_A1Q+$J+KygCVlk4`=jtN*vl8*c;kh50bbL!
zYE@Uj53jOU`Sj*5n4VJTF?u}x8j$Pd%F$P{=I!b0=H+mQSUTW_Odc0Bb^aT5)BCH(
zrfXH16Y%S)u1dpyuWmItmG(@v^!myiR8=tiPwQrag@8~RVC6?OXpnLJ*VnI7G8RZd
z#zTa1GN8o%do@vwg6#4CR^d561D%2<y~@z~{xvit8Go*fLaE5EfvZdeq?lkb!qs8|
ziV>$ZX>~%^k##5}(nBu2Q{H^D@9;Z^``%PwIet@2zRCJdd4?We$19cg@Oo2Oth@;<
zhB9^^1N{MqivPG?glKUD{4=eU<PX15vrDs|M+bdd^C)WOabx`lodN|0%KgwWa)S*W
z;~w-I?m;bJT^PDP>YlH>p8c)tV^{=+o(02^Ij*BJxyWKP%sg?Y9+tFs+wm`H@3-S$
z`V98uK`@MBw>>rVJHKuC_7SI<%Zf&Q8$h_!-!=5wE%g2`k~(N)z5tpYl5%0ow(vVX
z&Dy52Pt;>2`%?NOy<_T6cK!mp(o41Y)J`$FgGu_M4~ev;?jyWW6ae(xi#&V_(N|<n
z22H@y>3~f+U*MPu;9*9X4b#@aOavjJ4{{GpEUJ`TgWO&-F@zxQ$@{OGJAU<j%a6VP
z+3|*RRy8!_mW{h$;M@o@geI)cya)!R+!rzGeslBU$+?NiTbkA?pRKSt?e<VXWYIV7
z?%eW|EwP%5j(ZIS1qJM{LeJ7rRl_Bz`?uPnIYFye+!|?e3|MKrOaE{*kx_eRN{%~a
zX-C8w&d*)kWYD{!!ut`or?fTJ*5KM=mhDc6klLZT%itzTkfnFBW*f~zt<F>L;#(ZU
zyD(m1Ky#3H7(ydG-kNIsh(-cF_Wze=5fhKU`0}F<zWFQhFMqws?UEZU)vk&_S)|PC
z3%J%kzR~3_sk-3U{a2NTZyb2=f7Dijzt6tr>2CJ$bNcgtxLIj@YDalLfV6V8eq>EH
zNs{>craFW6xI@tWaH;;;687=`tRW#sk(|Qy2SpTLc8U_o>&8?}%c!blLg?gLlF>RD
zsT?UQFeaQ<5d=&aLpqSrN+V-HDd)G)MjgZDC$H1Zll~69KoMoz;kitQV%xaR&Fcnm
z6CtVtu%QiB(|q8+oTiw<divTanipY`a<$|$w^=L_+o>K1-#BdruA&;LDyOsthU;9U
z@QKgxutV}$WRrT3>N$Po(y}Gy<V(QtY39_Ec<nTAP1v3Q9`qqwI?`$3a;(9L=?XGA
z;wBG11y+`${HW|UU~QD`E|=C)SX!5>)x&=@M<~51@z$Lq?_swczn?unnGk4*MaPC5
z!6zx(D2iid)6IMKG@2buA7F>>nKIilFzP<#MDCA|QJ)AWzc_hJdxhMO=+R=-p&V^5
zI()K-9J4Nta~mZuPdIrp@K{k7Ic~Y+d?ww+m~#8X{G-jRt;NhfQ*K%)dwmX{GF};v
zomXC{+!%6}vwywo&dc?@i`3vwq5VXyv4u?>Y%REtt(wT{ly52KaMb*_znP<9_D{Al
z)S&BRKOHkh8P};J4uPFa!PjO#SR*eVt(@LLMGPT=_*V+wV)BKlq@!3idV{GxZ^Y<y
z%NmP4=(OpiZx3i9f*kP*iC|eVoVIi>D-^xpi{Yz4x)A~VBpfkezXOg14SVj+f%OLb
zFz0?zYb<m1*~zXOpi?BzcFH>{lne7<%9xirCM7cloWb4^mJ4y-zc5M-hJW|NFHD15
ze}lj7zTtbsZY<uJ(|;Qbxcgs&$7r%}`HA}&lK+X1yvj3r6lWR{HN#_&?-8Utu!wn>
zE~p3>_ZrA+gvdWGV1<B-eqH(kfHk@rGyjCA_|Yx3WkP?)70G#JwUA|N%hJ30)eRG7
zl*AqU)X$%ip5nWyeA`{SBu9Dol2~bR+oV9wl3EhnaY?KlK2~f2V2VXcT4tv&X7bU%
zT7hgd0py0Bpg9{zK|8^T5KW?~qJ|cD-98dlx&EQr3pno~hEXO(C7)_>LLh@?k-YyK
z;0EdiQdmq4H^to3k+TVb!q8v=f_v60xE!2*wM-hyp^vgBPil-7vkAU?8tT4YHLp{D
zR>ZI@s6au=BOcEu%n_U$1i+B;u`}XfUGq~nf1-Sn1|4EfTvHxS;|j4^9^u-o*QEZT
zzM9>9Qe*NDeUKSWYWP?{z$%7BO;%8JKTk2$djVk!vDu!8Q~5Z^R0tyG`ox1zEfkhJ
znKKPbq<s9T2Sr+VK7T;@zGuCfqDqtX%6mq9jMD@SRGi`<=ADhlw(+@<nGDd+5k(_k
zKT>M(DFV5KL`ewoMB6y=b|QnbAoTgc(fIj>wG_msl*Pw1;LPUPH><h&?A8gTk*OA^
z*>bl<)<d_~b=SVR%%6F{FHEgp-rN%O`sU|23Zky^c{fCYO_e2yyqvS_`aQ;c3p2L$
z+)Ol#7n<gDKIQEqpBEY_>f|MtC^`bW3YR;~TZADF{Y)33^yGSAXxX@~jS_p~09S|6
z+xoc7fepiDew^xyNo)H^5}^&1;T&uVPzKTm6DK|5BQC^#P?_RljF*HAYs0V4&t-8s
zjk8=9CF^XIh5G5;w2`za4IPWL<y1=}EAmE7A?drKo(Q2JL<m|5U>hzmQWxgH5H<DV
z1q3#UE|?a%LotBo)gFpNR7Nu(U{eBShj{7dNBzJfG#G8SDN6FWr>{b88^MDsqCV#u
z#`Zk*lJH?l5vAH$XU(c@9#d0c^{x*@=dC~Q%Bty$XEcZ(+<Wg}iNWk~`%m1<BFui@
zdr}M-p5~JG?o&Qfel6VlN-)=%*wBuY@!?oi+!S0E&6}`mRpavJrqY&hmpa~L@*flT
zp-z*(PMzd4*Gc@Eb^2RMk;IX8>e_VPm6KMjo+f=omEL|OSk6wZ(Zu!bO&xKnkZ^Jk
z@)lehvD!fA93{VXFR5Pm2*5H5a)f~=CRrB{^d8oJW;5jsCSy%0O>Dd!$0CkJ9485O
zN2)8Fo;#>18&inAggpiq*06UtUO*2{Fwi)vID8Xy9zbD%#Rth74mhV|LY(E`skq{W
zbq>M~A>0rO)m7D<YPum@tZ(p;#*i>bC^8M>M4MbPdrW6}NA$c9^O_1T>8WU)9~l$b
zG-v+#`O*A}XxEA(hN!^;#7&_fDjr$U6|KPa^A~h&!d>%Q6CYGEfXMnIW#!&+Rb8cX
zm$E13&`%e~Z;8ubHH>xRq8;U(V`eW|I=8f|YMi&cEaDd=V2CnFGwRWFNygQIw2b%~
zrvWFE60Iq5vVUX#X>=6np-w}Z{&g`8(E+ZG*M!o?v<igyDiHDlMe6Oh$saPKV_=%M
zmAA=lf@d|s!AZ?=<@4j@b1Np2zf+#}AHYTYJK$$iewU;NlPazy9kaEH=D_je2jB#I
z{5VE}1-#65l+Oek0akOYO+&>oaB@)?*P+p~3VBKe;?R-~V?lV`QMk0%qmP(v4TWV$
z>y?|2A84rWK4%lstl+{a_1SYCFt?3!kuHl^-?>KRqSOt?53IdMn7wA*X0-x!LcVfy
z^1yLdcMZVh)N9#QwR9*(JQ<)@&>nA~8lF$%p7e7v$*5Y)WbWGlT7xiKK)+&vMWkTb
z8Yd-`#IEIk?Q36k)sDS&c5|-TUblD0Rjb-nCl?`sOgGn!pZ1jaa7wfA{{0uv?F{Gu
zn;Ynyd-4AJ7pjC1-y<GLGlZKFA$sV8H`cK4L&oE3qz6Q{y(ycy!&D&a4A*pGF*$+h
zH|*>wYKD&~8OVtwS)pJXgF%p~J6wUDsE>t6EK<PoIjvd8vj(_XO2)REjCkGZ7A7jt
zivhG-5<IvLC`>~><tQhgw-j(6_Kb9<g$D})>eJJjG6$1}pNP6HjG%mq!h%$xdXtOa
zF#{J@R1zlZNzLZ#)x~bls!;QmDXnhFQEa#P9A??oIAMKb4(t+ER$(=<J`sS(W?3EH
z-AbR`pkv*F)3nz2@b<xe8tGza!~OZ2E1Rc<^%0%9+HVX^pD@W;Qbu(P7nqzvH^7H!
zO!!ZRIKQofMSQ4kfJO$hAZm3aTwq8;ycjy7@;B5MVe-nooH=Fwn;)684I!aQQinW!
z35&cy`9I3vM6K13aG3jzcDB2_>o}XwWUE_Jxm1??Lb>VDu5RTryRly~B*1^WS<V7x
zNVwcAiBQjNbAE8G3*`YVg-rauDq}E2M*-ZTl=fl#i6{eP4DIW8D~~*4$qhE%|B~{^
zOUfT<`%P(Z&G(yIN`!%wEG8O5;lU~5)AYxt%<1g>5xthr2k!gg2Eoxp0pAa)Dudxq
zvZ1#++q@%wV=cn2UuHEf*IJU|nh+NMysK8Ye3ZT!w;|-c2KUwCM!JvREc|MeQhD_E
z@oBKb1jRyGZ3(S^<oAV_@j3N%crB|@UgiZ6Cy)L<m5Pd{7V~A?M+Nz+?;`?=e;*4W
z|8xUZ#S!(Fc>UA0;qO)}$woH-Q(ItkVcF;gI87g9njhXYYD0`FgIIn_z0^(^t@Qth
zHv-yeM288xPSXbo9xvh`DV8;0WD$f<#3k3%MP1=I@-WF!X@h<6no41{_qk^+4|&-J
ziLI+nU2Ibt<zzDTpQ)dS4?L9m@V&aaYm^UHvsFUqarV}Um3Q5R`Z0|ew$Oiq<`TAE
z*dVyVIvMYE!HtZ$<ad>S4Zf3_JcW(PW8Y!#cMMEzlAewYOa*y+QTdFS*y<bZypzpi
zV`#wAc(Ln1yg`Q$b(zs!V~r$2Q^~Y2L}Cdd0WD3*37;3ih8Z3k)HF-zBt4vJ`gS1t
z4f+q2>*?b}MO^FFOBUnVyOga;t+I93*?=O~yFoF#y?VWEb^B*G^%0fnYnlva$jMFW
z$xWZNueRy+Ue;}OO7HWfcd%FK_38z~+1K5B?{#MbY@7e+cG*`i-QyOn;N1GR3wKT?
z56H<o3%|`Tq%L&tS-RTpay!-e&-sQ3+K)s8m1Cd^A_%J%6E`jBfPW@`6DdUYDsFWv
z4y8GRK!T@28#aS+jN}B*b@nt>gTAixp-G{0z#7SEf-2W@ZY5*?(AZ-kt=$`fjUfGZ
zCbN|a?aRFBcqev_!j=A9<^SNYo$0jZD&a#F%J&>ZG|}_Ie6km))`HaDue4Ng9SW2u
zNl}$`fXSFG3(^ug+N*!`IZHMc!%)aK6qk9rV=<JuI{bUq5w#_BIrw&xkA02}Il3GK
zFqn~1sa&Jav&)h7?xFIq;WDsa4;3ftFs-La_h%51hLeW%G*M)ai*ct9iUQ526zuiU
zm{7rh|DaQ^dnKp(!>KtT1=UTMeb=Hq^?}vxu-y8Ni8(DviyOFyYrp>&<=tDY2BXvR
z5?l7Vj{jgZv4U*0pclDKsPF?e)xz9((8)~i+-h;SEw{3QzkGkK%#aP2uIgS_?taPQ
zG#bR0NBc--#;S>9n`CDO;iMdb0%hBQEFp}}9`OjdRTYGhN#5?Tosv-?b+dDtlO<eE
zS2UH3y7UJ0W&O!I?ThlyapWQoFM~Y1TF^qNs)6e<33X{zO##*sB$$Ch4uV2U>RIJk
zwqDo(f=oGCQb(|YA?uBJ_2ACv#^~P0ExnC<qEYc`oa~{Ky-}$}c{W8DwDc6#Gh~^;
zQ&>umIECv5cSP|}?-ty*F)AL6;vt;uiEhM@8(vpcS)U|p*w)Ft2XftMvU_HnWXW;%
zG#;y}N@1jjDj(Z?-B4qTPSq%Ug)bK=B`K*iH1yzpMmTX1rc@tCSp~9`(2t*0-d2HG
zlGr!y?j`OUzUO{Svy%fD>}L5ASl)qb&fQ2*X#%4JS;qnZ`c58~%qyO77WYxml}E2P
z_ZsXh(O2wrK&#<wLzf4|d!nQzg|BEIu#cnB0+#f8;S5ew`Q!=6aAuH5AnCZkdvSdY
z*agz5HxM}vb6&ANL@r-_#YI7-4=;t|u>+rkO3T!1F#sUWWgWb8T1dfrS+XD&6_Tbt
zs~gPTaKDlL0djeU6&p&x<E<WTUKEZASmQZ6R{jgl=C~Nn#I@No?IYZyvSPSLz4=y`
zczO108m9YNP<M~&8OMA&azy8l3cUT0zJs_VFvMU^vgH)g7qA;|scr0LZ&)45?;IAZ
z16aVyfDlspQ~hFcS#Itvxm~%-gx>6eu?KId?QUfMVWCH?7J4L=5JC)dQ|TAFm*I(9
za&wn;XO}d)opQ)G8ml0UZ=Dt>+G);>1ALrHv&e&7330If)Q4(A2;M`^pxF{1HSD`t
zKQQ>m<Q>9&yyb8oK=y@_?2-)kSCnG7iFL+6AktZA#gd{bG2#NWkMOLdv(cR=e#E*#
z4|;)kv+F1O&uI)B?={*09WIt_sJQQ%VzW6Q#6~pNqqrZGpqor7z47rYx-VMO^7tRj
zNO8he?y9Zqg%w5U%Pyj-r|0xv0ORC@29j(j3}$NhoIw2J-i9O6b5ZaH1==VYF_h(2
zc#6{@Ed5C~JN3tt8c5{7<Bo|ZxRau=Vib=FT9M`{ESfx$viN{fCk+OUYZRpz-AdAh
zPM^}}n&?vcd`?HPkSx9h{+|hQsw6+pkv%7#9Vt)}!5|WZM<S`v2uINDhB>uNr2QHq
z5?@^=M{z1y>~Q+9N=$UIgm34W%f!ANiA0dMJQ!3G1<G%}ewny$vT6zk0M%EPDM9bY
zr|4V1&9;AzY$D;#tfoW_l)lv8$V!@iLVP8=ofznzM*J6em~K!c*x+r*TLUkV_>lD}
zmdSP6%<7REfV8`~hfJh0{N;3Nk_<Gi)~6nlqB);%r6iDMpI3Y>BAQLIWO4a}=m6J;
z%3b4EP~T1z#C9sw%64{6|Jr5993z&BUW+8z+&RGl>)sct*_(EQQS{3}#gDWxFWSH%
z_@M((_Kbb;5@%6Ct_NvnEEe;hkD5J{z6L3okdKGSzjIl(T3qACI<4ER&NrCGhwodC
zl1Ub6nvjtuxdq4r+XB%Jv)Q)AWZQWaQqRbE0g^;v=<@a$M0<=U%A+#lBQ^P4XTyzu
zkYsgQq_*PmS)h<4Z4eZFT9YFVqRBe|+-x~#1=V!Lzkl@f5r_!ukaNf=mvome=wVgV
z6w0gYTTbg;P!e3HTu*l%!LYx?W!Z0a{^5b&@6qQNFEKH}Am<h>pYbcFb-%@>T=qB~
zL|K_83T&J=ATzDR2~2H6EGKy`q6d)iWGwX=$C?K;T7@2^YZ%fs0X+!a$*TcxM{<7z
zteRGQ<EKZR)+;QoiMzWxa%6{Xoz8AE2wV3>qjPrWN4sk4<K?p|CyuGeaXfp6%W{R)
zIc{Tni&N_`&(Yhg7SY$xwy0#q1&)&F^oq*5#_onmFe|M1=I;UzQENP8C@Zh=<6BoC
zFOW%C70@r7om*Wv#^<p+Bf+vU<C>?9Irv)sV-}aw`mnYzTw>Qc-G^<+gC#m6dA@}m
zfwFio;&Qrum9e%7i_?9!4}I2#HsB2aq$@8ad;s?y2N$e%AhgSAvka1fX83Yi*;Faf
z>w~~3?sHo2^S$}qds&gysP{Z$Hz=?40qSGRfjhm*0_q!f$GBfyPemiX#%cXarQ-oe
zgC%RN&O?v6A5m_#JDp~>`6Ywp5{ql$T&ER3Y;{>KqkD1KIu9}*>E|UK$_s8iOzLt9
zN2fAEOFU#aQdtgIyS+Y$uP)LJB07u$%G6<|;t25p=hg~KAH<;Or@;hZAin>l@*}<8
z==_Px_$yb`I7as)z2`>`qd~9y^jCb${hk%7dsKx@b6VF~Tnn7m9*awuXt&#)%A(jJ
z|6&Kb+hw;pQa^NAdaTX`F3UP#c06Hm5idi+B<cVdBOKBajo>Mu5=6qoB^w%yL)3)u
zkkZqM+r%W-K1il8XRytw7nBFt7t~IQ&SkkbW0vlxEB%O{556F-d*Naw!R}P{{`36N
z&TF`E6Ux35aq*Z8q(VU1^gzh8!$Uhya~?*9E8>Dl7Z8|;a0}POBXj|Px#|T~Milvo
z5hHvbi;F|09j1pOX9dwO(A80&WcFSic{8a)Nrxjrm~(VGaQk*dly^ex&Z{Gn+0j{d
z&B2w;VdYna0{G*%?$-H_`gPxV{a)-%4x#ros_R4HYiW1x667<pUlowgV(ZS)`S<#D
zE7`ec%Ym!xMx(rRGu?81;iI4#3ji1NCIfYo*@KAIOF@)Ib_*Hy3wA7-3}KX}Zt?qt
z9&D{fp@;L@_&Bb!#WsuCuiV0V{OZ;WkfHn1H;{abh+OG2v}28CD#sb}QbHKm?L3jX
z!nh{_Xwg#E0P)LFgB0mFuJctl)YW+EYp_9H>Dmej$o&8wt!~rO36=(&v}vX5oHy;<
zVbRsh+HuL;Tf0hbbxw7?P_Vfg$?}Yr8Jpisgm0Z&eCzCsdRkx4FPqY`xO%o;-xTYp
znov=d@0yZR)KcA9IzcBl7fvi|jukn@<P$S;k6b-v)8tC8baH?V0`cI<8g`hmf{wcx
z8~nHM*`ThV`JB`pMU6!{X04!nkBPF`9)Kgq=i!>L57`76)MyN7>b`;s&ZlD#VHl-j
zB+0JtlS#VD($3U`B@O&zZ?Rfa_aT5ZGz1F~f;jkVt5xZ-dPBvH1O23EAe0A87qS;*
z-dl`$GZmxK3!8x#VEZFpjnEy60nQfdM#GnnK9`T<o5fyhM|M#fUpO87L^c!!9ZN-4
zFBLiU>~Lu*aY~8?k1Ct7A=n9L)*<O1U^v$9L0cIi(@fONMU848Kh#BZSd5UGE$t`4
z#V6Ik!KEsgQ0o{Xl_|9Y<{So8*u%hlc<9DDBzdUA1l85h-c{q0?*0B$Go=WWQlA1~
ziM%6}KGMWN&_nt0PwYrN#kL~1Ad<<MogZ8vG$_|;Z6>S1^Z6S}|MbfLs+_L8JNf;)
z-j{lQQ)!pntk67=p8<Y?CQk0Anx5!&UiO!>1c%cATyAmupO>UQ);mow_U#fc-LT=%
zp$!{^BdHBUUPjitmg*fHt~WWclb$jyHfGhEB5kv4CVpu<e2seFF`{;^Gq%D|wf}g!
zS}TLY)srqcr3sASzjk5#qOWx{en~DHhiGl!#zoIqRidaE!0CnURL6(Wju4~Ih5plb
zwG_(MEMNqrlGJwswm4A|bi(@h$w>`A!M6K!wH^l5XaB$hd@MOne@J~kTz}he{YTgG
z%<aLAtXb{h8r43d&n47mxB^P(^sOQEj;iyB))>~ngoY}(?Q~7SwhjG$#s=VHUVbG#
z*W1YpI0_m?>9N6Go_Wki;jlvrnm8P!=+1@+76Nh-s3(StCIpn-$kIYiB$TH`p18QV
zwym?HdUEPpXQ=eYfyS<#liDi$&bZAUjm=+U7d&&yHe7z_+}(HQE2Z}`B;$0p&F$O$
zhw&SxZJSZQ@N{)<Xxnw}+$y_Xw^b)ub}sVeUbklb;U5Z>+qSWXb$;1ywm6#>KAqY&
zG~b8n-oQPehwJ|3bZ%7jTwm54U!(4?W!LYSFKGxVUHO6Up04(TqpK;`oVGo<o*VLg
z0(=1JVV7lk9S$Gp%+V;;7zRjxg8XWfV@<0gJZ8$P2D=P88LAS%5Vk>Of=rBr;tR(Q
zFcbo$NG~Bz1f$VlAl3^l4%9OUv=0ShQg4GztZ+DNaYIw$vZ5J|iMKDBxjPbw73KJQ
zsyf2XfWe?M<+@#giq6Wg4PK)zCsL<M%rk3SAH4+c6oNxR8@RA=d|7BlYh&xU=$1({
zgo0oI*bC8saA{6d5Vj>2g`F+Yl6YB*+vO>!E^f*9$7YljYW;329|xpY(4Z~IkAk-a
z_kT%`<<Sy+)a&8WFj6?f35G)$R|t?7d3$7<gxaH7#LPgRXlgh2nHpk!1KT=F`KzS2
zicnuNgDqUySrKr#b4@yfA>a&mRQ33CieiDt?wN~jpXiuTbXlUw5VtuT6{47FiPWD}
zXf56z54A3ywax1GYoo<8WB&Y>;_3pA%iU5IFNwA|!;2Ez1R<IuTncY6RvHKv2s0*a
ziH<|V%?J_ld`9PE;QpbdnpTXA)yVa7jpkdLM>IddD5<L@Z+Hxn27tB|df+RDWPg!5
z;JMYMjd(R_^}PcFfgAR43$c%+WuPmnu@CYBcYFm93WCR~8*1xoDc2JPfmE|va%zr+
zL+}XXenW&k8sg&&?7c2d8MX1Q8cF~QQpN2as^ZQE@C_cr0Pzc1&G^NPz@Kpx5pT|O
zz<`kV)WnIY=enlNV&89%N5cl~L?q~Od)auMc}yhS-X1C%W7Z7_qB&Sso9A)otqpoE
zEA(rba%mzVcwEMbrB@=A;YU}NO)$FMfE&L`h+PG!ad*mc*7TaXS^AJJVw%Rnp1i7>
zpvM!esmk*_-rmk3tlPCFyq*0!TTS?vJE{>C@<3rt%?Fc}CG6hGdzI^p%X959R;c{L
zFW3s0fAis5Psx}f_R*ciC7ve?c~-BpI2LTav^f}y<u=WjP!nKgk4bF2y{6{&+LZYH
zd1cMA%_cXOEjsq_{L&UWZYiCQNXX)6p7Aa7t!wz%1^b%vVzIm?z6-XnZOWeu?1G;m
zeQwkVhctb*R*BCJ;4J+aYsK*RSPIOWJ({aDw`m^Yayr%o3LTNb{MA-RYY0QvQ4>B*
zw`4l64x^)v##4Q?F2V;4LfKF0Sm=c@+#rZm^UT0HZHNyML~#=J36U|(%W6b)I^y=?
zHLlFqBSwX&k`Dm=r;bqZ#kkMw^~KrTv(6f9+Niv+el-g%S(1-r$!v+<Trswu9Wwwk
zw{*#p^0D>s>7Kh3WUb=SV7$E}o|_k+G!=r1km_ByP<S<9UEK6kD)3a(5=#Kb%})yN
z^W(w5+6z}(E2Fs^rm!b+qm$ZWxw*0SNzq(3dud&Dg+;%ViOyg?EBZydmz8@vDk?gT
zEMK1bDf?Ktyu>4h*e2z|Du1+f`E#9t#`?EY>&G@U1m{_5j75_ct(zUKsfo@$hFx7S
zXb^w$#-vGaOinHOa7S~O*5lE3HE;Qtj&*Lg4#$!ehVj2M+q8r0<||)JerOJ!j&(iM
zMK77FSQ^@*{u*{rxjrm-OW7Xi?70uo<?_E^J&U7vk=L0tEDf$|xSSGCPo^0i^JJ7V
zte(+DVS(}A!PqArw=u=oo$z_~eNr3{e{M3RK4o1dqtW|GiC;P96j)CD?_P0@Q<+v#
zNGTrBg*IC`TW$9Yp2bq%bUSS2!g(R_T5|D$+?t_HR2F#hgGfL)<rV}F(%*RT;ReR9
zz+ao6)yEmc5pwq?jx{s=g=2d?1y4DV2Yt`8NPumBy1*qi=o~-DcPVQiZo5NIIguG#
z8D!to|2BJqf?NJwp~>v{HB-K0wOWeAIp#<zE-2v$1Z?&W6MkX8a^!ST^(oL<kk2!$
zj~dm|kTGu}4->7Epm2OFQ*I9m#!Qc9L?LMM6-_~5IBd5eL>>xz!Dh2>nDYC<y}zHb
z(QdT~>2q;k`h4j$2TQn}&R8lLb0XJ$;z-}7dnR<Q*5~BtS9eahXVb`2;(Zg~0s7>F
zXk8b)N`vHOY>+(66W7&2?#I6dkHHL~`(x$1idQaEypXAVH?W0Jcq~fIVG9+f@;$kN
z%~gEL{cI8Yi}F3iDYh!FDt}_*mG?F&zr~GMh&Oe!T=-rJ%6rnUl|L!3F{|<q<?qUm
zS)RC8`LXg3HWnfX)?j%rXba_7$do366~`kZt2Epe<CL5->;M8&)FtB&u3$(+9(5rL
zeQ&B&e2fj;7-1KRy@S7oB`-C8uJAxSwczK%IWtp7+2icmi<Pay#0zh_@QRz+&1`9^
zJ%aM|r;Z347Ed@bfxYqM;V0QA$}Rg?4|_TF<N{&pUs6*7!qbomGviLRuR((hN<yB_
zV0VG=+kj;TI)v(a(w3=QGx@D!WOCarMrD1&s1Yd7y~3S*XWw(m2kvh~0#bQSk@6lA
z;648MB}w*rao+dxiuvYyJLU`=oU>!c9O?WyJI)iX9N)3`t&5qhuVZ}bf<Pp~9{v2G
zhdzHuxZ$4MF=KM?!9yPn-@YSjzEGqG`jw6JL#fGl;$$K~)YMAq2xhll{P4vWKP)`V
zck+mQL4)_vPw9Wz^HRX7;K6rXVY$Y@Y8t{L+|V>XQ_d6Wmn(Hj-SQs6$OcCFe~E{c
zSNerVQ!{%RQc0Z}$2?oURDJ>a2#Qo}*Q~>LywK8<DjcN0g60v{08AejII$ub+$T9C
zg9~%Pqmc(ZBY{YKJOdj6-#eF<V;CT1A{6S-pHu#ch9blo<ukETzq2l$mm4eUY}jml
ze&zV-qIAQur5C;Do?2F={7(6(v?AfmU)Ip_-aF&#mMzrVEM-LtUwv*}#gw@TcTPy_
z{DaWY@6p;H4=j+&O2dQ7t)CyZc`UL{Fho27gP2#?Sd_o#INQy}+}2`e!ad_>gdB6{
zI-KTa$Hr}Cxff1an$+uW5iSZw4Eo9{ov|>G8!_nea`pPipfj+hz0*CmQgrCug>{kc
zXYGa?Z`2kxicj6E`15OX9eZQJE#|y2!CFK03%ehj8Ys`tx0x!O(M1(A+-)S}r)_$A
zPSKkn>#rwD3i~Jc)cOV<8qUMsU1&kHuRxhP>%r-|YLO!ugvtih7XGJ(g;QfZh9nGX
zTjz_oE|Co2JcZ%vnp;%LO5^jV=@%c^APNoTldpTi-5xKy?f$Y@yT?*dnE(76;iBqB
zlWe<F>AA}+2W*vheDP>uzU>Nwqjbx!6`)(hN^2y&w@AzMTBl|GqfC6<Ur->8WyRSv
zTDY~e!s}k|MAnyy=b4waS1ooI%w<iUfL3-xbCu(E`E@XG$-11BsEg-F8#ZXow>HiR
zR;+SO*dYA0&f5?kA2b)*++*`QuK9V9T<b10b-8nwTHG-Y{MxG3*&&jj1FcC+({XaI
zM9o?Vs^BA1ULk_<1g0=XBDofLpaINB3yKeS`5s=<b8O43@O@Lab&Pe(Oeg)5%~T$-
zgxbf>diA478xtCrU2s8@5c*YM(b=09mCHJ1@nGsier+8RNM_s5)r_@qsMz3X54#jO
zO6V}k!D!L9+F&Rix#CG%+RB=XYIBT?!P#8T<ea)S9s5cb-L`7d73{9;_M85sm-&jv
z_}H~SVUvwz3wsvk+@mZXw`0QufsK_av#Sr^jgtvcM%@vOph@R%7_Ax;KC@etyNnjA
zQMtpSH@N%N$TSE;b|r~e$)w%olKM$WGZ3Qo#5*;jEcekn)BYgDaBv7>H8_uXh1Ae{
zJa!9PPH$(cERxGL5TZ9p{V_Yk%ax=ZuS6duGy}ktm-#!nb_N?L@j$xCl*xf8bQ&tb
zs6q+-(4O=Ue`BSU*MPrMqZ!clrQb=qGO|VuX@Q^v0biu;qautdm9QU80m#PeDxiVz
zPINK+wYQ=@V?2T|Ehdq46DbrCQlWCO#3yq}3co{E2Q!QV{0}+^!sc^(<*o7gmnN&0
zE}YOhXHLy6H{Gyx%Y#$b_Y{_|Tsvjg^4i+jkqHNtck}Yc*Vjke#p%-?W=K}ZChXbs
zY$y~i#EJZm_YNP*&o3;TP?Tt|S-$n+=cS8Ur%xYW?=)#|+O%<uXonj&=}JjvPC|bm
zV(m6@Pf<q{E(#P)ukMBKrWVqlHaWPHT&4tPYUgr9IR2m1xk6oP*Wkx{gqy_k2HzL%
zK>dj}Y2cf50B^IwAE*J?a7%H$n!K~LZYjM7mNR)%s_Yy>`N5E)J4qi2F%m5mt0SXM
zor8iF$!i_X0rdssLj)>@K}s`2eHL0O_PdbJ7xJ>>A+I;&8yqNUX<pdUBF#>ePj6Y+
za<HYeq=ikZNC@BCm>gV{+%!dJw&<p=cyq;6oyDwUN9gyKlF}9_&qwc3|GnB$qRcIA
zX(?sjD`|11)>b6`L}!0ew}}ejR(4avb31oF*RbEB)0z*IlpHW?b(YjknWsvdo3V~E
zB_*HGGT6F+6Ap(^H!EUQYzq4X0~(Bn7Q><1r;X`QDHbETqXP#FrGwZ49PHY78<5*U
zyCFn_R@09-Qdhbd$T*$Q!iitJa15%$0*IWB5o8mJ<JTB&$4ZLdbsPi5hj1Od0w19z
z7E~Tzp(O$KW%a}Hn7Sfh`J|u>D``SvG&-#UCyDqBU1_L?Ng9u-|Fl@2J@r^%K(Fvh
zd`&GVw~N-(5>(R$KAy_s@%pNDT8NZXBLEGcO7(H%#-u9afA@HX6X*e~5JT`uFR{>Y
zn9CQaFjQ(<;fXf`k>quU4IS^NCcv$TGUNrs+ww)2H}FO(BWbhftyB|~y$$E6bpy_+
zX!Udx|32=;qRHQk*P?}}QPVF@w{yNM+-x!+(XYHrvKbK<r`#q<vMB110nq^$1p#gj
z3mTBhR|Gq2V8&??e|S;Y6fdwblfmP(SeUgi$16#0Q{2|9)oZ;u(Ojd+37*1{<F#*e
zGQ*f0krn0!^8{va=!{y)q;oLl_B-5+c@6qFvmm*p*BJCxHV7rbkZdr?qQUI$G?WE$
z>ai%;b4nbs!f?=Q5d^K)q_c>*v+KQ{60gYe^DIu^Y-DlP>OCO|iN<89s6sB5-1iym
zVnM#X#99%TELtYIjTIMMR^~IA1$<KL5q*N-5WKb`);=qBr)bg|1Q_~7lgPd;7#v#J
zAZrEDTH-XA9y6Lns}2bfC4Hl85pD3b69r}zB&fvn%x)DL++IQF_eBFSeQZUpV{Odo
zGZyBTEp*LrmrW_E$<4bv;Yt*h`ekDwgZC*jS{FL<{hqo|O`*Z!6wL4fDHO#*_oWg4
z>IuHmQqk!)UO2X++$4eUIrDYM5*l-#XEjSgZC89k-G-uZlYm!MxT;}^4XlRA7!1}I
zI)hGwRq)1~cDKvecvf+9YiHe9Q#=$7i&kc}1?)j-4RbLqs={od$)Z)}GCg3g^hSZ%
zjmQXw?iQ3=oqk(R(4J>3)RoF(&vU!S-?gJykjgKrh_@8Lzo2byev#KRp-?X(!((+V
z6DQ`l5Obc8^NT$OQNPz_5GCC>sHw&k*vbk7(PUtGE^j_7DUxhfvyWK=vfgKdQ;CC_
z4Gx1<i;{@i0?8$T`-BS)(&3ryE}KCz2=I;3ioj%Q37Ac71qM-<Gk$DGp7y?R&b4~K
zr(k?;E@EdUtTBfq-xUU1MX_jWuBz~N=<RwzHt1^Ywy80_wj!t9m&aT?LZ0<Y0?ug2
zB$hY=0$f^{&HWQSQd5gYSPKPvgT$QuCWjuLez0E$Mfq=nRxj9?#iErgGL#Btkx3_B
zFz5KZUU(8aCD*i|UFS69c`=O9Nx7jM##$^G)@Fyvx5#848!a-JC8M*jurutIMT@OO
z>o<E%whpVqpv}>1Lsn5+Ry!f?_|MvDg$BRfn@5?$*VcEqudChi{8_t8JuEL+a<pT`
zuC42vUt3f)rC1OOqiA%!%bX`it@9fu@0l<~4p&8TP^}!3Y1$NXK}~+pWXr^vW2Hiz
zc?g<_3LuBH!E&$?9AHe0kRd$|ZI&2|OJQ1}eQN4qP!f=dkQ{?T7#v!mu3iR7q7%s#
zi_=q_?f{DkzB=_;@NAN%WThb3>u=n9WyJQ>hX-0cA?0Vv5w^Ii`i6tMV^PVu?t+UC
z_Jvr5_|6+YT{LF%je~#3f-cN{`tupH_ivwc(Ucb3d*WecaJNt2GbzUfQ)<!7$sH|q
zrTIo=0X&*5YZcLxTF=Zy*UmH@5pJkzJ6mVH_}wK-Zd=}AwJ`aYZ{0KDA2)x}Qt-+9
z)Bh}<%h>gIyT1EoU{ZaHM=AW^5oXRwjO)y;E7AHeyucdjWZ{ME*T3>ghR@-?jcpVW
z4%#ik>kNU!upGeGg5pOZSR<Pscv-{}Q3iG_*%h!gQEO8CsG7hE7mFz6F%MD$M+B}&
z@;aek_DVO!n-<Tk>dDV7aoP@*b`%$t1uDmFd9b@9xw$<yZDGsdv%I0M2{m)7N~-g!
zYyNqE=jEFxvW@Q^-Pbd-^EzeVhnwwP=@TZ?346PGUVWM0<k#u!_JCuiKV0Zfls7D?
zC>X!Fvvp}p)LP`Vx{KpAq4M%jOZl?>(aAdx9euaUzWIktzOHj-&p!1;8K4uifv71v
zxkq{zEKdX;X&q<<WbcEHiag&5p@b_9u+Gr6jHR`{L2JZ1BjJ)x3m#x7Tm~*G^#LY+
z5S4R1sYYLcmPLH|;ZMBzqTeDFc$D9ehL@e?EPUTKvrW=!y}|0R@^=e-hL(Ff%?&f=
ziWjU%c)umJ&6H;S#8+789(WWV=nmNOZ2MY0c(x=j8vM9Z*`xf_;q{bx-A02F%+VRV
zGvs{@D>iHx{LsP1vHhsl2%Uo}rJUj=3MGkJPp&f=ZD$f-9aT6N&ma|WE9lS}3`i%E
zWc!h^?UOXb>krbFT`MH%gxg3(>+nr6DiiV5P;|-tzzYOA47cpS1<2!~fyF(}ha?OP
zCRZK2gor~V;Q(44@bQ^A8UT9~*W~@F{NDyd5KXM;t(XY=i{anpf6A*VZUm5O=Q@^L
z*9nX#rF;K>?BD+%489hnY{3C#jm-%F>`yBuPOJbxXuxS>w;fO(C~Yjx^Rwi}jY`rl
zcGCm<)v^MgqaRsv$m2H6=t9H98Q#%*m|9_C%aji}M!Fgk6PHcoe>es}CqOTieqI_e
zL8(lDuirhmg_q<tWi0K*LrO2d-V2xw_VRE!l6;POG-1#+3`sCPpkHVjuxwzdyuP9=
z8YRkXISeY5#S2^gMJ>%m{?>(KDqv)h7LOt@AF{W-)4B@+;8u!@a|>CZpnID4+SAa8
zIAn{r5x{RF^mvV$_zVOAd10d<D-=5xC!8OIfrC4%b3l;;w@BhK8xW`qUQz}NSiquS
zDm@PHrSOIXdQ9Ka+ur){t=pEWJGNP}EALorR^^??j3MJ=$~#t@MR^DAr-sKKGsu#i
z72!u#^q8U0@E9BiZ5CFP{!uUuzXorsv&r4cEAZgbF8|zO`Fyz+E?%s<TedmOpMP$#
z<5yO#{%SU>zbdcbSG(o&&&|Bglk$({OX25Tg|;TTMr2LPDIhXlMtOEup548^h_lH&
zdpLXsaRSVokLw$sP=5Yc&(BUGL~Gw6ESRz7%4PkxQ>xbO&oSpW%N)+|!lj2#+<5+Z
zV+yRgzo0htPxRf>qI~aH`v4%g`<WO2>!Md!?(N@XzL)lBg)w6aX1%)o#uJBYoCVfm
z%xP6etlEi7sW<o(=1R}enugKySxRIfQV46aXE1&_p`q!l#a8$ZkGo@<!3166mQD7Z
zVJr*GWC3}^d$rxr4NN2tD~$S52)~Ha;lluQ5vCtN7F4DODd1b+u0&9PP{Sa$hlWEK
zgCY&I!yp@myxMM{VYI&n<8r<8dD)$qxN>Z=W=&_a)%K)2*AEzC$IqMksX+b5TtF^8
zCeAnp+)~%E{(v$$mHYuS{y;!#;|F%V4*!0a>p9szCWJiKgUMh#Zn3@!$JaXdpSJZP
zG?B&B2i4aozY#Q-{on_f;3rR>9Ms(?b!slh2_y$qj`P(N2;c?;2zs(MhSd=oOv&el
zBLy;^Lg_<SAY^d_8gMPNO42r8tVYl_Bpi5Z@u`5(519svYEU|8L-QG=7!pm8N<#2O
zA;akQ_>TF<%rZL)90}qXzEKUKL|+0(0)N8o&hHvG!7m#9E*o@Jk~6Y>%8{*S`*Vzu
zO+DXe(Tb9-ggMP#S+?ulwKjWReQ9y7MbJ78Mp>}xv^gynr^8eCA9L&6LGbtB>9r24
z-dR}E7Hz3SJPw2jw~>Y7)mriM#QUMT)dgdUJ*_Cj{<CCTEI&t*-Db0A;iO9FtNf8k
zrM4Wc>=LCh6WaZLWAU}UO#2PHSJt|~Z%U%cQ@t@auVrynuFUjBO+B5(6D{UKgWz?U
z0s=G3j)HJg?UI<Ot+2AdAV`7IrENVI8f`G?;GZDd4CGp>Ir&|kU0wqnGf}-tM60fc
z<y#XSl8I?W=Hf8~P)N3DX*4F96|wY1kmYDHBE%eyF$AtlF{@6Tl0b;`yl~nkPhTrV
zwgPB^JTCbQ>LFj^rFb=Z64&rfe53-SSQXKQZvz^!aF)mG?3lAdk0gb8I!C@W|MBua
zZr(Vjvhwu}n^!<e>{U)4{)6&ctD%>%!+&5=7MphH$4W|hU-{=-`>syj&z4M^P%de$
zHm&yRUsjZt3$oQ{9=EJx$NU_ZzSM_;xfhT3mq>EJ-@+Cws)-w_>jV1SqPDgN7v+vM
z7v%2#$6(=Pn>7$FoD>S)W(mpwGAppkrsZq9iwd7!arUxc-s3IZH%_+tK02)KuI;#P
ze@|Qct|vEbXHxS1%cmu-x0*2wgyz=q+bvcA&^epd3oDlIZp7D7hVk7NeBD1rw#@EM
zZ4U;V)xo)sbxf*rY6}`GwE=)z4D%P;pdoR=|5rod{c#BKVBH-E{-*@TMaXsxV(CB>
zq;&2B&prFV!Dk91&nUO0UV0qv-%{P<FQp!3MfVmiU%u$`Lx(<>Tb1CTa?Yw>G5-(P
zq+g~=ln;KjiX9zff6o7<f+-69A@L6vfmcJ69<z$Xu4*+<jbQZ!J+=x^E&v@?@YU0?
zOvf@5PIVPB6mpUkVh%`D8`dBzO=T?|$`^$eFYj5ke0Gc7u~j+xnhWVzj<M3UMN^kA
zUb%2yc-sqCY#X0b7tnd9bgY=WFj20Ze96j%tu<k<3;>1Tl*U?XtfuqamLgf}h8+_!
zlC`pa@rp}3gm~+$1@mV#I~=}ht$%vgt{vC1?|1EJ4T;wL9Ha3)<qH;w<*>JoTb+7K
z*|fd$D&3J;Gs^b&GEop6d5zPyPtJ9?#x#!~UuCmj)Twn(nzm)@H#%}UyUtoXZ*o2S
z2bKnOzVUTU1%hwZC39QzotQu34Oi-X%@r}B3OYd#e2f1Idnb8lyLsFa=dz#`Bt{l0
zIS2hk;U1<kFVbJP&l#r-raqaoUHaufN#<|+9C6m1?JPKP!7k;$m}S?3iEQ#oH~>$@
z=9>2Q`MY*y@tQf{maua2xEoOXk&0MI2F!bgpeZStP70bySg9rjz5mMssDx`zlN<Db
zFAJo~8n=`;l$TZY8sw4<G|`;bBrkJtbIvoCmGXa50f*C?QdZDx5cyN0y`aHHNF&mh
zvhkE<RLyRxocz+#iWu)I@0W=Y<vP>hVx}YahO#7#<^d#4EZ}yi;am<k#ipJ)$V%)Z
zpCxlT9LpRVeEw_1St0EL*)ubIuk#G(`;r>YUh-ua{OPE5mK`&9DipuUmut@kU+&S=
zg9`XKO9n2@*?@Hbs6Y@)S=7g=k%*B_-Vul&gsK{r23OdF$OMEGh$q)JDX;zDcIE%l
z_TGU}Rq6ZqoO|!|$@H3OnM_SDlgXrKQb<BbASBd4AoSjQADRt8MVg8d6?<6~EGW9M
zu4{L3-PNy!-BovWb?pVnTz}8GlR!Xs@$<)za_8Q2&+VtY<$0g?#~a?fTeo&Mm~b}!
zc?DxH`x)$lA>EgJ$m(ai8JT)aaqXnp^?q^(KSxXc5Yl}_x?VZ*!3{)y@L`f!wYB)e
z?H~l&@_y>lIC2ra@3FE<ZECoBQtgl_QvSnu+{;7HNy?Ri3|}rV1HoHItqj!YOaBTs
zQOq;6lt@7YgE@`L91t0VznGAs#lP_6ai3`YMVIRG>#9n%ZFN#{UX~*}%i@$PSy=w^
z?4=FGw}rF@m8q^kr^INX^Z87fm06?Gx2~Ff`T3qYcI)W88Y64SjE*jl=C%|~7;Z|-
zwT`Tr1v{NTCW9ok$03#Z7#I?r`iy8w?#|ueX{jocskLVZ2s{FPh%&xwRlg?=V>BER
z)E7Z@X(PiWRXRakq53lr>4Vpk$ZaRo0~*;O6`KZDbj37fFSKtn7k`pJ{`(%a{x7UV
zAy2V<I`FGkqmZo9q*{<?CHZrla6&25`+NTQlfW!bt0fYJHg1tMcAZ^2O*Pbqmy3<G
zd`;KD3U5Og{ZrUS$1}`l^cj-5F8gD%(fN`ObJh|da7a)u2u6zwv5CKszvIxSF>1tU
zQeJuoq+8e^-4~7C{zZM^O#dsIJLwaO%i<XSgOH!9Mc^%?UOXy?L!$vpKMd%?3yxq|
zMm!<fTR#LQib>K!BXK<vX*vX57&t(f12dY}fNo?VE-ozg1eo~?Z;HoK4AQdJ)-r?>
z#o{+D<i=-i){bABle2cbc5|jA5*b-ve`YlM<2zrLF19-WIUS$V-Q~RTMrT)d?l^!?
zIdxv)P#<}*PrjV=#A10KtBuiFb&SpG$&1CLW>yo<_GO1PtXbOUTkLb?@5$%i4rJyd
zm<Fl<d4rrJZ%`;Jm*TOR+G73v3?n9@1%RDK+cAMhvfpfl8DD&Em9|0p{MAGtSxT-#
zeZ^E*Xoj|WZk77@=-{Ct1_0muaEX3d)zNitiF8zXUaKa`zZ8{?s>o~6M6Yw2Dn~}M
z56(H5YOZLHX5Sb|?f?+0ST>qgj@)80SB$R6zH!cBYhNEJp2NSy{4}z1il_VzQ)>B`
z;+)&&9=2NO%B>N3TP02!A*IE#k@WPDLsm=0=;EB7IX$#WH2dbLWJGz+P)#xaT#1Z7
zJ%^N2>ViRYF~!hBW2bL{P8(>n0_+OB(sY=ScuNtwhd~Gb`cX3j1|k?rX?u_qR*9qj
zDl!<1!h-T4{rSk$+S;kPzt2-;DoR3ZEL0NB=<5xYRQmHC4zdol!(cTTO;!WeSfcb+
zpO0BNbCMkO8qFJhLx!ZSNs|R+d<%>o%#4h(l8}FdEp2HkV}Qk6Ar>p}V_@#LjG)hj
zkJ=v_Ax3L%6paKQ;}Wn4V8RYC0%IjBIFSOHq<w^HVTQ9s=>c!C4^~NwV7hd{vm{2?
zAC*`MzAYm)z}6{BgV9n8ze*a6nOc3ZD9u-l?Eta}NU&|*R7Vy)_aCuLtdZHd7XGu`
zOoQ5Bcy-t&l}>`}8f~lZ<p0%QCQVb!AssJVOO$gI(PoZQN%UyV)w~3JEgLs4p2M!2
z{KoJ8UEX&KnNM22+O_K|{wTkPKT6jSZPrODKfdg;kNIc$+xchd8WX>DU!P$zSq`Ik
zu)@)q0?&LID`q@SqJWo5r8lUFjDL)mu|NSNOM9M}+dVR>vKs6fm&zxecOtPyBF;|Z
z+V6k%P5#hK=JvbhWimzQUARTKnNyEm_A#lv;2!Y)sqHQ<#HQ#edjrvl13ubad{L8x
zGZ{IHju`y#$wfE|SH*wz5r5^|e<WS+yu*J=BA>DM`4it>yXt0QdWEJ9jT;Xqc3=79
z;naHrC$Bp2iA&rDR^hcvI~tt#de-;1VUdsvN(B#mK4k_ldHb6%*c6bX8lLU5{{?AH
z7|Mj?!h$%<_OiY44997OBO^{kM1)21U%4aW6n2zLu<{dDBqBZzu?GwtKZ_FRJm>x=
z=|X$42mAY<UoOI&kRr$(;7+CuC2A0ZqC}8)(}RBWD>Nr560Xph0*b!@uZSAL`nhL`
z<Ue}uUjA+VF#q<woSvyN7n!*>^O+t_#U++!l}M_~${2-Q)2opyn6k1O<yiiR+01og
zH`mP^=bsz0atQvBiif3AMw=_+p<}+5e!~pk&>;bSgj$I|YVu%U$k4#+>t@SxWk_B~
z_#Qm}0^k{tv6W(Dh#>%HhXG8Z)HeckO%Jz7l&%)2F&45DQmV2tVksg1=LfpV3bX2~
zcRrozzov6_UU8(P%n|brSL|l$5|v6N^Xw4vJPGa4Xcm2eJFEQk+E>S_)xl|Hm*{??
z<Io~-eO!ZU+VKUaKzA?7l~C8O8evG(yHLd-Vv$C6Q}?vsZU8jLBL$uu-fE!^1*jut
z8Y(%yE|hYr#z*_dZOC-&pVgY6u~b{fYCVxzi#m$)hE1ChE}J(Yx+1-5ZY*<TYOXP>
za(t10q%E?T+<f`AVJ!s>LkeP@6JiC8{J(p)eO%@n-@KLR(%hz8^PZQRs$1TA-j?sn
zv*fDs;RN-Sbd{G(EYHxT7ENLglyBeA9`uyY$elH-y~txPVVcHOU)kBTtg$?n?i*6q
z79T#LeeJT2?((LQSLC+qGiowIIo#8G+OIFJjiE^cJuvELk?dZ)4+|_BS;%ct4^+i?
z(Js6hWWs@;rGLu7*bA5<opc~oCnu>w%4;l4SA~AOLA);u7$<^sWRgm>7Bd=R6u>dT
zhgHl9*vJ0Z5df{|+=cfDW-sCW(FIO!@d;GlVnH+(&K~r$9QE9o#UHDRem|pclFF*n
zXv!{q?6Pu=MrTcYF{ZL&{J6EuyUE`(hk^yQlZqpfKb?y6$M^^MW1CN%+6-7k8)=M_
zg_CLvv#u<vyn0A}!H^*Z`9uCuTOz(`^OgK<{67Bhm78ypL@Ia9m{5<=YsJ+HmlXlB
z(<|Cnu59mELHPSNkS@M);*4GM)SB}Ac^b9OrYcBJFHqUYk+oySR#c7~m;BjnpH$ma
zuru)!Iey#dj*ii{@%6$lb6xEu*V0}2%-6|_4@vB-S?ck+cYHc};`s3sM}NA*=k+YA
zo_<xu-BR+Rvol(|^7a)g+S~XQn#0vsCFh!?-erc~oQZ6s^F_<ibEwG@J)6O&La&Am
z38_UH>JNZPlL+4@DJrlRPPqg0$$_8&pBJ7r;TwVHNFoJAV)Bz>I>JZeU}eT!<fFu<
zI4}E%)TEZyTt&!LF_}zik`}BZWbH>q%|%7cOouZw)9K30bWj%3K2Uld-^PCG&29=;
z1oofoc#Sj`6gD*#`YJU4kn7mVCvWtXhMR&O=^oL~`}c`{-ovk=XDK3=OVws66}O~P
zX_yo>7Z;;&f^cS+Gn33ZzP)eD_T$I5vm3V`?|VyK9Sjf6pC=>og2INz=}j4)Vn(ju
z|HLiG8XERjYHZG_cTAab$5i`v;Y@?%5f{dR3cN*dBLGE|L=Fj1A&fmjo_oAJClN>b
z!9$fq3NC#!z`TRK8&f-%_bhh=?E9Csk6dOq8tmlqee|cZV)-r0$jA$P9LzC$)riH5
zM(`gS?RMkpwe3rnv=Im<4ny&WYd0G04#T=s$GSEIYTb9C<Act3w@TyUF0=s5K<G97
zH%&VtrXPA|f;>fUS}I0?&_#6?AdKlQE>JP5qVK_n&X6XoB!2fm-?QW@(sbsb2m7`@
zixReEC50>{4*u?^GY=63e;Qz;EN1>a-+XuPWo0+>KRk5i)B{9SS;l{pSzeymKmQ0i
zB;|ks?ip+V^ey7&S7O9^6EQxmYb(=BPIhgL4Tcr=kdsXB)-FCR5!=c+&r{tnMu|kJ
zG7<L)oOE)`b2Rsw6IPN8JU^XoJvPLbgBxGRn!*tSwj=lp1hx)S^11b<R}!C-rgh}H
zS6_X#oiQc;O`7<}Xu<W25qlbWFleshKIzL~j$z*t{wmaIWR4NnD`4L2YrnPqaI*01
zD(+^$4nl2>UVINaq|z5I#J3Du)6zi@!<|$Yji6aE!nQZL@eAXKxh0ZicVtHR@B3Gn
zjSp-v8Z6PV>raGhH{9{yhUU7*Pedy>u$IAZkg1P%B92-|M#d-5-$VgXJ;e?$n=DCe
z%XrPe%)zFw?=h^BpU!{33Q@+-a_Os>1Gb2ci(V4FCVEfw579qGpNhT^Q8Zbxi=}G6
znvsI~g`#_1QaBW_8K93!MTsg#FcQECPw`N6a->ru#0yN}!cZ=Z;8a^-Bto~s6pO=x
z7*c{5+g)NyR1NZwTq#_KnV5560*$(uYGQ)Pv`SVDn<zvWT#!z}EIlFah+dmSEmA5e
zLqY%wIgGAJcN)SdjhHl~n&Dm;cKNhfHCdhs6+`mZ9Q0*Z*n_##h5`U3mt;%bVm%AI
z36aWltan>l&;#Rhc@#a-x4+UhW3fYG;$3d7Ri`GO$do379eJ81npEkna-B`5d4!PL
z%z0PmMe`K(S>pDp>}aOZq_C<A*-(y`REl*{wL~G6b5c#JK2N=If;LoN?QE2(($dT-
z^N;Ht*%`KUwO5%XlQJ12`i`ngvUP0MkHKTba=X)FW7e#zjPa-P7Yrpgv)<Bh3CI^l
z)HwJd-4aEP%5cK1$Y9qH;KB$qnayihHKnO!ZnV-Bt=9Sv-gkWO6b3#@v0v&`xom#3
zC$&1G1#Lp1bvK(+N-IrFYNTu9bw)0Av01CJuyfVs6a^<{NJ^T{Z`NtdY)G5>XitGJ
zoi$pudPDZm)HE%NfEIVmVGD&ArRHt1Nv4rN8DdzDWVt-4x%LjZJjX#u3z<CG<O^DI
zbftzCjXW~uwimL%@-8<NOO<`2QnTE}xh3KpCF@f?n9sifzmY}>`*aqQB4w5vfl5lO
z?@&n!5M@KpoU|9{F~0l<@<}oBH2_2afJ{;@K|2v3{b(cbT2UZgvX{Y56|Djl2h|qg
zD*=84@*EBU@|w0IiZG;do`6)O&aSAjU%LW*xi~5`*=WD6$z3HjxRy3=j)`STjg-jJ
z=S?ll7@H+kWgCo^NS@VMkgAsJEUX5cz*@CIY4<8+3bDdMIu({2mnXi(XCFFZ+~Vl6
z!wl2ntZOLUw{mS->hPLIqc<<j;f$<*ga0@G2LH*Q<H7RwVeNSab+fn9<;#|BF3r9-
z%j6qf*AWdC8r0_W0%&VSMVf<UIgeec+Lou*C{)>2qfBaKQaA;$T8u`m(MdQJ$usBV
zI66j=P+3`skQ-(!E;8zBTH(H{918I?JvU?ZYlr!N{(k<lKM+UH_&e4w85VOYWPW4F
z>KH%rhJbUpJ;getY30UyFq)l<ZE<0i>=doWc%XsXF-Sjw(8~ibR#>E<_B9t)v#bTu
z1F*PmR+`7aQPnTjnJvXM7ZQ#LQWr-Qb-^~rM%~oQg@6hw55kfW1k@A^bZoGisUj9(
z;NWt5_Pc8C8?9YDboA=+L(I7~s{Km8-#^>$+JEy?ssk$j>}J37K+pc0_q*z|?G2r)
zN4G3fjk<@OwR&{(QuUZ8>XrM2I<5mf`0I@2nObHrGh0$~>r~j$jPs!Q<^#^U$Hpj^
z4IjOlyxw!b70Wd>bgmiQv{*al{u<Q*rGIw7Pb)Hddd22B^oscFsyjATgBx2jwb__=
zX7A`VlNue_^+J{8dFiR{8?9W%Sz4DXM?YHEf4|9lan<Fd4x70qi5G(*0psrw<g1(@
znvB?$xrmp%74Mq9E&+~9XAit~p}nHXq7N{5>4KdW4WD|rsC14WG;H|lXgimpq2nLS
zR5;j6YenH^M7=^W;u-xqF|n{g47(O0*5MNdQHvT9`vrdCScpKha{;bRRi0oGCN_GV
zs7_p%jZS3JF}r{$H)dx^>$$qRkyg&lN?J^t)w+5{Hd7Xa8xv{jEmpmPBND%|EN?oa
zs8z~s9LKOW2Wu;esWyNj>~&VE3b<UU7Bxp$k1^k8&@oR{?>O@l^GKqZduQgu)Bid%
z=LDb2RPv{9Dh_SgUFI1z;_GUeLdH2f+|c_PCtp2U<Mu1a-oDf7M6NUi1ph>=nVZGr
zGB6sHgZASk77=?!r#QmQ8a`PAo_}tf^%1-4aydz7lroBkRDcJJ(@AuUgw<-jj2F;E
zfFVsxVX3%qq(f4~09}1jlVZ`RSc@hV-H?N`a`!(n6W9HVlYN>fb~D$w6aR8AtYOO^
zBkND=QhI7TY^ve8QaOeWJ>xHM`lLD-CE{oP_=DtIBrf2J!7WNB)c6Yv=b89PLTojh
z%xDK1A%3w@G!`vkmFQB@e$gGGM@7A84@nU|Y43%?gp5e%S<ztdrMat2R4zoNv+-q=
zH0FP8|NmXzkfdscZ!e89ea7iRd=ezfbNhN~CxJ$%C)5o}$WS6p;CK433nKcjyM!GV
z+usc&QzFiRmh@cq=v&iQ4oQgS?n5eWQK%$@+vpCRiN~oeoGys4yl|EO)zU$AFIs`@
zB7lqa@Q@g(4N)8yzB|RlRf|So3|ItY!BwI|h?)Mq=ylPDki>o_8dwkW2;vKWVLgRP
zLLq_hWC-6GjKlw@ZT2GV<6`aS!u_;8Q4}AXCjyG^!u|i(?f+~0yx950F=|{pBce;v
zo1{8A$8_}H*5bdl;<<VZ8tkB?NB`~2=ME6oXfuw{2KawiNZ?dGCD;rlSn?;&9?E}n
zvDJspRv5(bbkWr_l!7VAox_~F(Tg6|_kXB6=wy&Z7~ssbT(7uW(Eeb3g>p-^-T}}f
z+~nslT)ut-2zQu&uOIQqzvn1vb9_V=f8=N@;d_#x$M^X6`d$>^j&VLNz#U775BnV-
zeT3Q{C((`&It5)X4m+y`R}Uk;bR>GA5aCN@96={RKm|mcevt>k*@Yay#%jo(kV~<H
zCdcs$yOXuCkNBw%r(cwUY^Dl~t87_cfo1Eu3jXd<tu0#{gax@`CDA{YUR|42|7CS;
zqWRIqcf3KGD#ryX*0s{*dNRFrRKwO5y5K?;^M)@wIFv4LNStU}x#(bX+p0x3<~_@Q
zx-7TSsq7rTd(4UZSDqL?ucG;eWmpb9xNP>Sw&sJ2R<<?YxCnOH7|36HF&@!aUC3rI
zD$^M!YDhjR1Z$>u>Es;7ha^-!CTH@}(fjV+H=6zGn&<s}FVil?M*PoT6aV(c8^6V8
z6KpM_vvFYX%Zp*A59W{*`T>(P%Q!KmiJ=H6OkZrAi6`PQ=J7;BqCtGx=T5{NwT?v0
z?E{9S*PLx;dIPy#q>EYq=@OpjnS{t&p+h7cg8Fn7URD&URU<A+1`?%OdVL{oTt>&&
zfjBf8JC0pq$UwLcF_nerZ*X9n-j^8k&j5|~uk_y_prg=hahJlxiv?J9(Qaa74?mxu
zFMey#Ms{-j7~jY@icbYRe9RWJ@i8&Oi2GMTM(HIF;eW3M(SW_)Eb@>qv%8m+9bSCj
zefK4H4y>)djVKN;e)7pD6P0|ouS$DTtv(5EGKT(Yt9+y<5Ys+RuEw%gq3G4d0{r5~
zwXvkVke7+X44zvKJVXGI2sQYkKpU`>!8O1_x(hR&bm-#1Cs5^D>M@%Ao<cCVz;Hs5
z_FfM*g;Y*-H~5@9(h?p)qJ5o<CFFqq_Ue_o_ows6-cAtlYgfEFgGnr0cBYtwUi}0A
zCt@2u;VHh4|2NY<_Ocb#_by#t(6Kb$khqb%Z$1B~Ii1fY9*spozbE_48^mzg2bb$y
zi`Eq0arCL7tyllWQMYlz!|iFeuNk&(R9R~OH^dhd`kxE7pKLryqkvktz^F;>KlH|_
zZ6TLIUNT6j#{M5MMhg$hX@A573EzTOP1r&UB5PT^l))aw6Z}rHaYfHn^McKzS|7M|
z)s$mTu4feWP2>i$cXRykO_#h{b%k<h!4f6UHOvK(!PDn^6ZvcUzF4;8rp%(nr6V$R
z{4<YrPU0VYXUXiemLUq`wg>Osa_QmUr-#VGwI#Jg(Te92^eln9QVP#R5Hi47^oqb5
zKxKI<|HHsSwO7Hco_vPls8Qsl5r64W6?9^lQ!D~uuSk-6)k{}h^-^Nz?%8(x?A98$
z`#_7S-I%traW?zLk&T;<9NDz-$Ugr2<NPqyGuzfYZu^96A2BJ#OnDfTPaG#o&P|WM
z>daGb?3QG@_qVjh+%k`>VkrCJ#v?fXp@%j-$^XDVz4@U7%O{fiZp>%M{wLt@`yRJG
zNN<$kdFtR(pr~NswHGEG2sG{xsswHtw>)43tE37GRXY6i8`AG2WwDgfen*k)&=dt&
z9pD%5F6~*eq=(loZ!ei-E6S}{ZL@|e+s(#ywl8TGyVrQ_<k{CN$oPFHPVC$BC+2T*
z!>}s;FG)zqkGo#nxpVrAooq(WlBFZsmhdm$zN{?YXv8@xR$Dz{W<j3-AGvPG#MM{M
z>N~M_--$Q(@J|u{D)JU!C4A5HojYILwNnIE^`FN`zLOx&7A&$k(2<8xrYyMc;TOW!
zg7RdxLtAD+W1CA8Mn;3c;z5vucE%d$8vtdBKWKoy>k`w<r&5F@22c`Z{ZR@e6c<CH
zH?#E`hM$POuas)!>CEu#qt{kX$#=8dQ%KG$^NzSu5<jjgFz6fi$UZqCz5DN_iD2Hl
z{IiC?8QVhE0&l)GpV|MGUTIDV`6@jP%JhGd()GLE<Gc2!w-2e%>BwGpu}T>vi}<U}
zPPWu<FKPBol&Y9Ae*46xYvznXGRGOI6*_(OhB1lH`0JcrM45>XlSO3ieOj}beW;qh
z@(C50?sjmD(VT57=AY;H`iFas>1MM+&o+_y&wkOt?=X%Te|=XSf)!c2MpKz=BQcCm
zag5N^rd!wFMqsE$8l+sBxKJV;;Gm$mm9v4o9+(m-jE|Zi1h5O<A8j5M3I!o2kxpvT
zwk_;W;~A?wA(C4eF)I}DdUZF_jP{AJ=vM2ub~)x)Zkfu8rru(i<LKH-HqzrJ0lqOq
zW-!PSw&W&Uv4FzR6r=Iv5*V2{YTr6()22y$*H)pe!$^(!C5(K$Lugy?m(Ty_4JY}e
zao0lTFN<Lyj+vZ$_Wp=wDQxDydg~BKDdS<BKESEd$=jVi=(#zMP{zbzS;s@f=tIPk
z%X1HLl1gzW>7(#z!fPU1k}sg|31JiRKpOOulfv_fAXibIZ+rj&x`FA?gB}^BpW^J2
z&f;(sfnP1T6rThfrjRInHon*9QxLu|HDDmSKNgnH(`B5}-^UGs)aS`=EI%f@ftuIt
z4A{J0TVSUS$a-?^*+m@O`ZyrKFAx@k#u^hmnDqjtsGs#KIm**95u<%^6s0saYM?Yt
zC^eweC)g4P$^png^(r#R!^6#TJ<V^wKGSX%r)^vG_j`b`aCCdW;Qx5tzI?Au>RP**
zSl+a%ZQl8zjr>CoywYQFXSkKl?e`xdIkQX#XV$A1_<%@5nqgVGJj>{m*=H&3pNC94
zGgHDgugtSP#Y=Q~mZ8J)q<)t>Q|7O)RAo%Kz!5~KJSy-?fDK$uX#P1VD}{a?#9Gu4
z^>8BoO)IhR;_O{6{shUh0`YJL>m-MJGx4~apW@=bbdfx!(M1lqh|Yz+r^Ej%<sxo5
z;uihTL(4ImHHk(cZgCngEt^C;p^x4ux(E8`33z&<w1;9qhi?EQHa77Z>ARJ(MsT>%
z7l=%c)H0Y3gI{qWEcH|d4n`5hM_?udWSy3W5p;2GM{*qj`rvvCBlU^_(blw{0bAzi
zg<Hv8w5FL9uyik-0zpGU2ZDhugiD$Y(gI;0V~AkJp^X9QvC)17p^g@aEc7I>`)Emu
zLatV;Ns8P|GL@<ngtH>wD}s~NNRxZ!b0f0BF*+Ti9+#TR$mAA_Tt-rl+iXe&V=^%c
z<s^%RQKgtnDXMO4t0i)yQ7%!F&HRTZlR~Ox^m;}sRZKD%lrpSgTc(_fGNS<-V82k2
z%U{rFz~w~LYK>7dO|90NwM3;NTC?WQYJIAnNF*vCF<>%B1i{SPSM>cSMei8h{VZ|m
zBBd*CKm0YLRH)U8#P?q-Qi@J6%~}~EjJ1-)ljPq-AyvwyDP(?pqg=i*E^m1KWx3*|
z*X8J#|Nj09rSgmKRpP$yQc}L_OL2ep0}}83@R>x;o0$dtwjZQQ{SRclUO9r#{!XSe
zd`I3gDARb!Hzw0J<TP0A6FTNIp7~OtQ7gYByi%=p@y5@UTCMVP^0`W@<z@d&(d$!|
zu3*+9dRr=%=@WZa+{Wlr*sTcE=1=vSZ%5Nhj-!GdGzBsPWttTM>=eaNLm@4dh_m~j
zTO5UI_E#+`W(?$Aa&XmaNcP>$-}Krla_}PC$4C#E`r1JK*I3b*QFkYCEq9OVyL-?E
z$sDx7Wui_zSr0$dSBbbZIu{s_W7>=O)oG#?qPXZX%n2AZF^LJoX1_RNk?K4&RWzaC
zcj~@{b4_TUXuVPs+Beldpg<<Wb*POOP(f;cr7<Az^25>#%efQ61b7glYDDH*Fvwv)
zEc1a#AZSG3C+foT3)?QDiOuMgMdITQn7K{^83&YH9Co*DWVJ%Y|3O8j(Ez}N2!v(f
z^0I4Ph^!})n*2+u-@oU&@tPDX5i2<Pq|s_QQxvWDSyNJ!ZWFPn^m58ipo;SLqS4`@
zWHX}Rpw&^z5EWT}>0ZVxZVB5<T+Ax#@|Jux$88hrYxL@r9XsTx=Pz@rNU7?y9`T7G
z(sNqGj7)V&3(U~22nmEd)^h%|R7E&NYG_uD9HeHW7hkrq{f5Gj#*_z+0I_S`ki)#)
zdP!&;yEd~^>Sse7Skdvvj5m^)Q*4J=T(@A%q7tPQ4ywWJEcuP7CjT40jlo1IsqywB
zVGMZ?H4FlEAq&Tam&)a=R}k#Hc-w3^a?!Uur{VCSxReFEH4(G%Lx&sqw>qamJH)nx
zxq9i<jF`Yo&WNXV{)RWk#^)vGk&lh3TA7tiNAxYT7h$8###EC@oF->Hi4Wy&u>GYP
z$s_Xy^|R#jcl@^Jry&_$cmv9*2N;3ZUb@XDUjkGUyal)p@<7Z8K1Tz4(dS3H8r!g0
zVucuAnL`o|c3und*7rVJ$A8*9i&L>^RGdUPw}t<p{>f*4!z=h~?%bQD1{o*e;B>ut
z?p&fHsq^L?k{UP`=TRNP`}m6gn2s~lmNU4ImQcy_x3mD^4M3rU&k+3!?ncU73G4x#
zQ79_x;?JB$8oMrU$*ddET%F&}Up<kCSFJ8`msGib+XLRAvBcX)uC^QICH_pTKv;U(
z$GgEe@XKe)1n0nSdL|4#5qN+&s#XErbJ0iO;(elCYV>I9Sqw4yH{3TtimYCGNF4PS
z_dr}Z`~C;)F<zjVqM~MjMIJyKfNh+BgwtQs#lMS}lE?$*NfBijMKSytkcI&BInysb
zGx0cZmh?Yc@jr*YIFchVJLk!+`QRFvX<B@QIsLeh%Z@{Og|mOi#m29A93$A9{H=Cd
z$ASeNHhVQ`1y++!MUZEph<+<f4(GMMQe@wyJO{sF3<B6;AS)&&2Uz<NiU1EcL@h0b
zAoN0uSu4=r1W`mOa%l-#CUotKepv$PM#ia>w<G-wlFi(%B}d(c&6~BwMw3`KeLA>$
z^-tQ3W5?=?1K@fqGB5_?Z}|FbuFRY`NmFIsA=rxV&?FkIhsc3LCW%fLF|FgDS!ar9
zHG7O*eO(5|7crLZDK$p)R2IFkpHi#qZ+lA@*o4FbZ%ttP1WnLIXFws#GA}II`Si7@
z<@}FCj%1;~<&lx6Ie9F>8IT$@(MzA7C_0G(ZT}bFKMI?{gx~mNRWynhW37ey%Mlie
zFd`4=9fZ70FfRnDHy%+sG)NRWF|A8?1~2-=q+6D%3@cgLBag^ftfb2RuExWv)qlUR
zoL`xuVXk1zDb@YIzv+$O%mJL~+i!8^0IooC5DsnNPh41@kl@TLJ+%TWeNSTr`e*Rx
zx#D-wZD?c_#3Bg;aRx+B3TQj#R4Ow?Y4AIh;V}%WNjhfZ!Dc@3J2R%#{PC8&wsuF&
zoaxKD$J&WKb=;b@Bko$c>y|f;KJ-+X)K*tsqj#4TMq+=urHXm}1<PgpH#eu|<m)0!
zulgI<wHChqF2A4u@`diZzGxz$W4+&>=smQFaH?S1tdV0or%ibLFa3Ue!GFu*8!Mni
z>0v>)QJw|^Jm}&mvM~Dx49(ElbYedw6ZGd~ra@RTk_K?|UzrK~L;S-}Kh1`*_AUQV
zE74-|`f3Lmp16&B^=bZLl9ITM4X5|LYRWeCy_%lRhOvSISa24SSs(f~Z|-}K>^}P8
zC67GvNY{sC7Qc}Hax-CkN6Bvfx~#+p8J5HcDJe|4C4)i!B_<sr{0EezkK*a+gNRo{
zcI`~INveWjs)I8fvtBYh2NRwUw*dc!gnIZ2sgOyl2_L~FrpQTZy`v19$*+Q)$-H5*
zMVEhm2d81rG$N|{?#~xaR2^P1xpf!`9=V-ZZzZQ+xpV#Hv$WN!y4GlGYb1MQP0i4e
zOKR5Kap$_LrmEcmMQuw_TXSjFh??4=?Tf0{-p%yo{$cImPl@86w=I0UIGDBUma^-Q
z-^_o0tHjEGwRYDu<4|=?U2&v7v%bB(KJ%(oYj#c1`m$BA+HmQRWZ6#o$ikT1?|Y|Q
zs5Ck$it-DBFMMf;K>|}802qL;NsuoW%k-dBpH?j7&=rH2Cnz-=nU{VULc#R%+wOU$
z{qFW>&V2oh!|_ZfQ%lw-3tl40l(_8lXF5Bd0s8+}A|TY*;h=}oGu*>(OFShMkig%P
z2g{zhCwV&b7tAlPCI1LSH;r`@bRzT*y)UYhAg!>ANvonJ{~(QkmJYhsOJwq2-sj&3
zNraG%mw*5LzmUl<G4V(GV?bIS`G9Ob<>vcx_?}NFF$ATP_=I%l5YByy-$dUd5g`gh
z@-<%PG_?9+eYCIuJ(3f^Bm%7fMkY#50NtO4!cg-s4Up7;KLju$x<Z*lz(XKV5ae>u
ze8T1em&~GP06;+mj6wF-=Mljlij{c8Lz@a`w^nJjL5Ic;ipPwcOm)ia;BcdX0HS+y
zk0;1-<`E9Ztn7A!!JTf*^Nb(aXf{<0wQ^~h1sUoTwNw$x8BtK5l@Bf}_5*(5&&T+q
z|K85*dxyZD!^pxjR~^`Udt+fx>(*(*TbE9EIc)`=REcDnt|8T)zbMW9=)<{7(mno0
zoo<=B$>}V);aDukZS?50k@c(AFP_y=snex^&$YI&t$F6`Escn`pZ>|7pGbRB1`^tv
z3c79xHmfe6xz_;oa~&o=Q@|Gl1P%Y7*n##*8qh{9uo%N~MI%e4Fk=7-WGQCR)KE&H
zI~FuU#JNZT@}W(W?!~eYC%|biX!chN7W+h6DRv9kOB@iThX_XnBW4bu=CgrCP`YWL
zQL^<Q@CdMeGduSU{-(KQ&g_~!@9An1fA28cOQ%jPbs5^dVp-W-{-!rdYIN`IsmWgZ
zsapLncipkl&itZ@Mfshj$LiewQma4p)E+Azm!Ca9JAYjHv06T}ri4}xcuVJ!ZcaP3
z)NbzZdD{)HQgf*{Krd2K^CrSYQZD_7e-3d+&wX_1r5}+B!~s=&bmUh$$;?{G>-VM?
z6qeqZJx0ao92G^LqvZOdo{|#B^u-JKf2H61I!OFgW3uloEo3INWsb>go7j3wo&IZu
z;%j}~Ev*xUqOO)(>h)hK6kqA<Z)srywTyC1=3OP3C7yd<Pu#=LJnAW`aLih;c)Fvc
z#1rsf$6c9YlngGN5D9mNdpviy%%QU}RLM{#L{lYwl5xSGB}E*3DXhkGM9V0;(GSBI
zWx8Vff6dVduv<xomBoYxAS_%=7*0A045R2<EP};`Ftvq8!8@%pig66mBw#)aN4&Jm
z32luI#9<R)>@=zc4y2?rruf2iuS`SNys0yN&8@Az!0p3J3oFK~EYA*PED6=OWS#6D
zZZ9Zk?Ns<1FK3v`S#sKiAz$v5&tb3RDtv_1LX*?GO9C<e#r!59@e7#ggE7h<)mF#I
z-qE8v!~P9U=h88Svo)-)K4NA4Gjr;^+T(RGwb*UVmT4A_up)?liakoU=2|TI{OUsa
z8dLk<m=*0tt2=K67&+eY7ncXD%)8*b@%tjh9Z7f1S>9a<cy~pT;~0nN`=xfw`9M-3
z+Q*wtb4du%D0GGP45~OlYQT#To3tJ<#NeGqs3H*&W;{%Gg~Ury^}#TW5AZ_*0ozyv
zISHs|UmBsQ2(Tw?qG{1|IBC+sCCr6P$89&=yT81meEs@WB*mAd-Mu~(%xN4mrZI=#
zJ7n#`nn&uYn<hVXWq12j^2i4q_W{RrHO{K)EOg31X(%xTx+VXR+@mQ~j~-i@_-c4*
zS=)&6GV}D=GuVlh?blpNUVTZW$jaDs#3Bm>-N>Zq%IPTO->{X=Yrd_5%NV`D!CCJb
zx#L(~-%~l`nJJUfJrfc)jDPUCV5p*dTsfHxij}8YioF@@pW^syw{q&`W5<@2kHa_)
zIiNqrUr(d6<irb%wHE}TuuX>tymi#~B6#IW$=H3S(c$`3)|6N3Yf9Ni>MmjaF!;+e
zUZy2@XzGsg{HaSCuSiWC;al0SFZgDRs1)1~f510$3Y<<<@SyfD>J_7=umGUBN%^CY
zgJ~W+A?3nx2Kl3kfwNbjgri)Ws7k>W2&`nAmyW0iS4DozA$F4(GoRWNXs8cWHfopj
zkpCRyzr86|X95?U&lE15@=&~`CH~Me_$gAP1Tqw{u7iJFc@s(Dj6F-dbtCwlyw&Vs
z?8c4X{{G=D6`jMpnQcpQ(b2y<s22OtF}alf!|^j^>1<=js5Y$Iwd$`2CmzJSs7HJJ
z51wrfCP^wMMZxGo>0i*iTu5<D8zEXCL7Y9-(7?bI>V<U=5){R9qJWz5u%Mn^v_6~w
z_CRW5M`0eJQ0U}KifD;iW(KxGeQd*yW81eEv{w|SyNxOm)w5jd*q~2t(wUT6(CCQE
zhZ;MgGC;*+|A{Oc8PmwrF<Hia?cVy8qiT$9Wx0_<qR#x)DPm5hADRJk6hiIaHF%6=
zT62|Z2g$0ajhc$fhBr)WD-(Crsf$!ZEGA3;I6rHt#+YVu!+>-B5Tidgle0>u=*<Q(
z1G8KXh$2&q{h^?fF@x9?6qQd_vBr!#4r!Ki37i>8S*!{&=raPBy9e^~P=V){N|Z_8
z&0zO8^XtU~l{pY((KvxzHYknyDDw+t0HlZ(3zb%V0j(g#nwk2-jI7$)tPIu`4%u^Z
z?4j`I1<4ZT-l8Ba2^R4`xPy1`AKhy4dQ$VN?CtVI6aT@pr1kj+Na+b?(d8?mf7n+~
zE8I#Pcil`J_i&2#!Z0ZR_{om!9J?bYn|yg;!QI^T{HcS(n^{)D>6lILzD(SA5y!3D
zK221w`19C@7x;I6LtNkN-1#kdpm@l1luH|)8t_2D#EK_Ca2#DyKL%6_G<zrz;X=tr
z9tj+FcC}8K!k2%ecc;h=7PkA$34Vp2Wzr>a4Q7b%t)bH*C;S7)_;)NEa37?L^Y%@<
zMV%2cu)S1GMQ)FTa7`5~*=grpRY-D2uiAf25SxktW*v0h#Mk`WdZ$`$F!Lcl%X%f?
zoOt>D(=$mMJDE>EclE#U$4tW2pL<%J5j3*BrqgP1R^RiNGn@MULGR)0I8-Ez2~-}z
zmrLroVJa#1cYX>Lpyu#?^SVIkEPQUt08I;%#uC9>47y?wh%G-lcrX9b0-*XYS7@}-
zp>M64{p1xRM_%#d?5Rf^E~lxud7uPCLD!af#Bl9F;&?4_dH~FKQh?^M4*o^Tp?1wS
zg-v#aoKZ}kjl<u-SsH7vK=N;jEu>k=H_uqK_O%1a40SPZLv+Kya^ACPAOk|zP%~OV
zHV47WdC_HC_`amDEr{ha?;+P*;7k;YAc+sI#6S8Ae_<8I^Jm0y(RRp}{fIPSl*9-^
zU3YjzaNfap=R%Mx8dU%<R8Z)EV89rI_l6NE7bq}cTEmcwhK4bVqR^2%3S+Q`jz#dL
z(&>}#yRe3EUdit42XnF?$hM}YXP0R`grxWrU4azj|Io$?LpE#PvD~b?Gc7iEMzIEa
zF-FPMa!p09&uYy*mYaE3rp=a~Rig3Yz*Oc5Fk=v}eq`8Y!zr`w&9d3NIc3<HuC2)P
zS>sY^hRyBb6bjQSa;ZtdaS9W^bC(%eKb`K>Y^gNU>T)61s%3R4o5SYX3)6#EiGp(o
z`?6DAc1EHw?cjTnFA3~nB(?)9mH<5vI~{O_Sgz<Bxe9JQ#_3AU#`hy4D}1s%-Z8e4
zqc{d|A*7JP=aN9h<QlrF5I6;ILIxa^9PhUla;Xy5XPa;HUFA)kpX$AK>c-mGxN&P1
zkwWsJ%_puK>WmSIO&K{8xA}ZF?wK=H^p||4$}3y5V%P1fS7!Kqf?h%8N{V$G$dE!2
z#dSbSAy0}YLJ^09y-);Y23Sz(?=J#GFQ`j1HqjKFq?_+ydMVJapMS5Xujk}Ri71hF
z@?0Sc6zV_)CU){<Uk^2*4wMiPm@=@<h~h9P$K%|2dw5`3&r$pJSHt@qkV*V_zlCP4
zBn_=GO8F2ml4BnA)5e*Ga*T;$Xhz~<t`{tN{0~ns{DFxZvATWZL^7M9w0v}xKL97g
z?1_wsR(WE(%6xPT-8JT@S(Q8tYgQDV*H`_bh)9HtD3JVuFtJ8yLr)6RP}9(91apWG
zG<z1+G$1F5MH|MAs{EQ^zOEcKZo`HLHZosVbzo&&N7dH|@*^7tOH7FeHkPf{s<o@j
z5dODeoK(BIbi)H1N>^*8<2JA-2a8SuzERL6b+B4g!J0e{8QGTMt_72@VEq-G7O)gs
zC?6tX_`oi4PO-zQgNGi(6nJq^xM>hE1QJZ0gSU#4G&2JE4b*Fx+UbZ2SGzC~2~>k{
zgBY11#(dlS+p`r$TZ%GMpT2pNjeRWlyLy8mHh$5Q{2Bi5ls;FWy?x~7m?2`QKci5k
zC??3|id03X;ytBR*{M*-?eYooG+<t+DY{#Izuuw8zx@+vRRyZ0A}9Ryg+@j8?elH<
z3UO%E=5!^wFZbJeoG^CtBLYP)y$0-`;O8A5GZ^YgcK?Amv;9jsUCM=$CxmnN^j}J^
zA2M)#+))y{D!f|`IDLG1Snya6bAefi0C+D&5OpAE5&NSODWD2?MV6@8AO#IW(BNmL
zz}Vqlz~3nTrCo?yuy^KH)tBu1GQ$6j|6AnCeV0~!HFK|vH0)Tu;)fN>caR3=jW^!l
zAK>D@qVS$+die}H{v@eWz1Fh+(4qA$uc`PaPmX8Lyu2;Mzda-v96~ZfXbDKiKvf}(
zO-atKYRslIvkSF2+=9G)$LZ*h{KCnJl4j^Uf18eIboBaf`~7s62bH`Rt9kMLo=B0H
z1KSzIcn)?47l(j`^Da)ele0R7@AuMXg2kX!CibhviDw)Eh6&i2pMQ1te>sZ86Fk3#
z-;&^U;kKPefLyL3s-rvG!n$*33E26#JwOwJB+CY6R^<mJSv|M9J7C|u*&ayz9}Xc`
zq$p-HWQHO|SJX1Bwao7?YaIq>!`O3I9feck#Po9u{u80?Ql>qM=mDZa(A~~X007ni
zFNEOf<lBrOvo~M}fNx=xPwIB!vugldrvk@?f%}xy%KQte8b)cliIMzHtF-SON+U(m
zC@J&68rPe^{zNaG34lVLV@brA-adHQgn}4=;vx%)o;*q4nXnYbc(hZ<xeh!5#&C)t
z;(`PdR6q|4VUp~C{z@Kc_VbJO_1wyrALI8uOy;i7yR~N@V9;|>zW6h8O@Qleo(n8A
zs^qN~Y8)fa(<;~ao9E%s&&bt&JOjsnF6qPdXlAN1#9L9syCCI&azYS<lH$xc9xay`
zvJZe5_*-lNHX1Rb5~-ff^pL+<*bIU+;*L)6pluHnQ>;M0o@~-Zi_PquO%H9tKk~!I
z&heWzjqlv}x7dg?cXpI#O=z4D9`6{<)Y~Oos#m&5Ty3cjG=_&(Hovgu%&2*_D`pQL
z!x5QBO1QBjX0NE3({W~vEi;I0E0gNDPwOU`f|;zNW7VpTQ7c!D>i^|`Vs02aw0>e@
zvL)S&2v&|bB&;oU0?ll|N|aiQ+q!oa|Bs_fylHviC8PmXPr~27v@kEtxAZ8n&)VxR
zvNH;nd8BFP%%()M#tsiACz=jf@*v(B_1|jX;XteMq8WL0hA4hKCIk!;aHha5YhdHo
zFz#!vNt_u&8s34xJe+?V>^n;raKriG<RSV$A>&#5nSZ|X4tIB-k{^!WONb}gen;{@
zi64-tkkKm(GR$z%3_40d;*?78X7RQK4Hy;x7rYM|!U-{s0c>L;qOLF4lIe$F@fD)<
zgW*dc?;nb25+cy9TFiPeHbFxlr6+`OL4eqx8tAIUs$lWY-V~0Axr+UyTvK4P+V`;q
ztNAZ<UV{o4rc7_jlMOkeEH<`OdRN$=s=hl<jU1=>WaZ1lWsXFrxV)@{zeHxwAgyH~
zIU8VZV4WKNg*u?}a@8&uY2HvMclh)7N#5B6lIb*=d{U;yq*5!Ik2DyRaz)^ys3tg$
zNw*cYJY3JTI`sex^2dwcHmXeuVrn%NnzDfQtF=qb%*dHW-8g29*Phj-QF!%<r(X;j
z6)hSW_;by9Au{8hT8Tktd7t8`XdWTz--!#~j^^Y^N{L>`tR?u4_<DkbM+XHe=?(r*
z18oqvOF148C@`4b!4m=8kb3wNaT>WH7Qv4`=syHJIKL(Eiz~&54~Z{sI|U>yK||u>
zKSTIqMZ$4d>-W<OzkM;bw=YIV3NCi0*W(Uw@17B`t6VIOLo-Dw(zo#(G_s+TM&tPU
zd#%YBg|Q@EK*S5yQOGFNx&r1SidaMp1FeV#fXo%N+yD*(tWz=OymHPM+P$HD!)&Hy
z)0R!cSp9y*@XtT_e7Iu2=x3$svVR>Ieb1)pWsGj00{AHsC#$z9_VG&P5q=Y2!f!gF
zRO<GF{F!4?8SV+i{*-HtY1!Fn#`T5xvrnI*XdO4MRgt3KN3^mz)3U3oviIp#ify}h
zZ&RpHsFB}z=+KRFTJiB$UU{5W6aisQaRYJmJKF2cd8w-5Kkk6PWu9mqIwzGy@tFp4
z_6^{tf9o&h?u3;^_|gN%T*&9C?Z3u_T!JJ%jN&E8%fb(z{9#dofBjp(TF4G-ncaea
z{J`-8p?S!>9uSUxxuxi|;Efk!84*AkLisTAvarD?fBLt6wJ?G9S=7?+nP+|$4nsy!
zVJZ@I4gNNvj1`?0(RvcPL@#N<Sa%ffTnBV_J9<bFWFU!@rG_X(Tq4&502dx=ePAge
zq0oe&5m4`YIY|@2Xl$1LvIgV_D9kP~H|~puw5YV2Nw-FZteRWNOnmSE@vAD+ilswk
zHU2-lvs3n`SICCS%3;mFggg{}^wIa<<yThVkfE}e|7~{`L$Xnk9Is!xX?j<cpQ}BT
z<>o&ZE3NL-l6fQeA8)-G+t2yJA-5u$=OGoId=ew#&BG^_@jo5DIor)Y?+XXhWGb=A
z7nYd=)uY!AjPHAdXU>J~oW?V_7>QIc0AO@A`@vc)*d)=RFl6R}{R0CmbbeT+0zt~e
zKqp7D!Nr1C7KX{BrM6gK3`1OhO{UXeRRpq36Q@lp<En!7msDLr?ot|x-A3cE`taD|
z>{4r}B2$|Ws*#-P^o+a?GFBJW<=R~Kx}{U)lGKFUS(atfj2LPj7Y=&s!mhHIQt!>Q
zaOpWU{_KL$?8B8CZtAHSd0^%UA4%V~KA7I|v@P?{u6LgKTX&N?bVb?d_l`W$tf}7a
z))gkAJ^QyVyZ?!Y4tK8cXB}al*45noINa{v@(<sXAJw|AsM|=Se?75pQ$$j;Gu;@b
zLnzg`;sWm)&A(-Zv{EHV)FOBaK%Ne#rWk=M9x3M+5=t4upsF-@X+jrFUYLle_zLYx
zY7Qd=gaUP_lu-<ZN2rx-I10;F_`=>Lee?=-5fZDhs?%G_lrjE0hD3?x7G3Jfrb~ZE
z#Qxi7-_9Hu(zfm(2)^?J6~QqLW=r#;EjKb(7GxLXf}5H2#%s(!-0yu$thpXG?w^Ea
zF2fR;ZFb3#;2^phxQUbz6Zz)x4Xd0y!)#7$WVUGSD<{otviMA{G>`J?bh3K-+<IHO
z$?PFE*$u^squu6a_L(!n$;3jR(Vl%bNSX)Rp%2{4BjA78BH9a1gJYsUi#`&4OPmC_
z2s91qg(*gIV%V3w>EeNH_-W9?ggvY`D)k1Xp!u|bk_@hZ0kSoytq8mnvW;Un#}?JU
z(Jkqy9t2qdRm}yQ9`&bL!cs3y83RRFP*`z9G;A?~Eg!XnqNJP$Sq}79Ub<I`&nT$$
z$+&?234&he!rK7a0pBfo6X%WxsW*v+ar?=cg&s(Grcu*ufvAG3zzIN^Nwn08312L}
zIxZ_gqd;=9vm$v?4rdOf<Qa8la%C0FVyr|ibudO%J}rs43|5EHc6!3t?2@#`AeRo*
z1Vf6Dog$AI0~Tjdo?1?b&*_o|oXrPiW`kX>3yn>;N}c93<jx%Bn(vT0k&?+ElgUhm
zEJntfqt8nhv8gtfL+-Lqj%Io@b^s5r*OoxA4YO*?D{_a~9kSa@c7?;76KO0-eV$9<
za)~i$afI_Aci>{OfOF_hwbY{1m9Pdy5mHOtSdtZCEl#&T>UW#hU2|s7!`E)gF3euK
z6pKyQKD_75HA30yoWk6>b8`!GR?{-F?YxFMA<gWnV8LwzrJxz>g&84tX6Qct^dJBD
z;)_IbYl*}+LuF1)OAUe>7HPeV3NBm86(AX^Olrtz0<tzwW&k6DG1$Zv>GE8xmdTUm
zsj`h5=UAL(v$|L|Iog;Rv;>)=nd&V=JSLsLR2|K7rKgn3DvKJ%FVR~^r1zg6^c(c-
ztTn(C&Q{N!tb}1Ln?G%^<cA`|oi9-e?S;$l+&631zB`vMOcI7KTy)(PlP6zs-J*rN
zIrZQ!BXB<?#}fr+8k%Lf7VHmG!2_}cxzn!@U5~zkRtKhB+KT)}VMR=X{eeD(aEt8e
z*y<lgV9r6iqB9g7hJ~R9pcFJJ!7ogWWH?ELR-wi!c#4RM5ksIGnD6}tuQcd2MBzM!
zb5r<F!UCd-UM}(r{~sy!IT1xx>F`OuiW!X6r#hyOm^`^Tr@~cJLt+_Gr^#+|TGKO1
zvnzbLewo2x&bMS{H-=-x?9V8uuFlO0ghI`;W;SPXKh_+AN9``&$nz3UYM}4Fx%=kM
z-A9<K8#~80?t0^~Rm+yGdW>A!Hm9YkWJ-;kcv_=B$$%7!N`H#BGCzhrsqfj{DMd4u
zHh1wy0^#wb^<SZEqe8FNn(W#BXvmwPO_8X~MtgQBR+-W2uPMy03$z+%?4FT$l+lF7
z?cRK4et>z7UUaUEj5&Fdzgu3?S<+m}AGuOHJg<m9vYqjrQI!lIUc!BcC7lak%kQ5H
z7-YFrLyvR-Jr#g9IRbvG*F=98oq{DwPJF<$Oa&??4Bo1s7ye?e$#02RAW#6U>QDYq
z@d8`oFk+Ft5sZ5#Z_rD}K7%d{*pX4q!7`6Bg!*_aQ5<Fh{1_*q|Ak4#0|`Wj3B(eP
zSi(_=@6kePM{zO51BE)T30Dtd7>amJbdD0Xq-S+hVFz}4OlV#7zf_1R!U@sRz_5mS
z9%rPhg?_lwTo}o{7-mtIBB2HMnotIh0V@<DJ*2R2;5MO0kYoeKVGz~P9?MaI4&B8r
z5;aML#*KYQWO8mF!oqa}uLB4P9FZPSgW?rZSX6jBkyYb!n40E>TX*dumD8RKjq1oC
zp3L@<S^Q^oNnReG-Dj?yR61#!?NVFA^6rImN4GKulsbnsXw8ssZ0q=0M7Xy0*B9{b
zzw^$4J$uA&CEL~_Th#WhVTqA(B6Xm}63ZAZx0Trbk^ab0+cC?jA)$M%1&J%OvR*LX
zH9Xl2SBG5>MlJkv?vghx^`8|N^0$()(V`Qka`*i*8OP{K-FH?ba;#>XzQ&q9q~`kk
zGXCE-Q>v~8tXC?Fz9Dv90rZN${&oMJJ^UB7%#SlSZUoI_VR}($%POC@puqd3HMU`c
z$L7!S+ajUOD}7}n_Do#6E%g%Hu+7`6rI{KxsDJG~=fo)srY&X1%uif0Vnji-c=*D1
zDm+6%&Pwu)vm!7*kN^5D{HdrQ8u0y-#~w?(Wpo)q!$l@^b`s6_@qHykQ;OpfZ+;vd
zF(S&`URjx&o0m6@sK;0klEhS2mX(pU+4y6|pD9zavyYHVY0X3@EueqO%J@sl%g3k8
zoW{w<TCHa+A-O!=S)AiBO(Pl?tVY=OxFT||#;lM|1^COESdOcf;Hu1B{MSU2SU#rA
zrd3FRhsrFqY2jn^t7mx2Y$<RxEB!87Xao&%E&t8SFIQA-zoMKWtU~8B1VVqt*AyLx
zSyO~QInX~<(00>+?W+;3h1K&J(KkppXcnXpK~bck;u0|$SJ)zfAohzgOx;xOg%lx(
z{(|d~MwyG#rRi!Z<^v3|R1l#cRHVRy0Tsh5WPqfuP{je73%e%z7xscnDOW<d?o5JN
z0v8r!6Uz7;MGbn9a2ZRFfvNyCqyIXP9^p}<QcUtX0Ism-u7dnN&`E^L(39Y1VTDEs
z)DdqKX^Ae7DM+oxU=SPit(7D*Zyh+AkJD{~VPN}oG%ia)V#-lUS(QzrvE_|y%X3DG
z0e<u`NEiyvY2@fZHck)gax^Psa2Nz474D*dHOpdWmC_QTVx=qs4#}owvrb%)&57+q
zER`rFDPj$Rp2Q(BQyHq%e6RRyGcpIGi>8QEuvf|v6Qfg}y;^F1Kq2L1G7_Sf;Q-AM
zE|QsQV>vmEmzHHpa@Yr>Hkl%V2)<H<j_Dvox#K*^;X%ElR3k6Q@ZapLV#ggaU`vLr
z9#<7Ro-C3{<x+mPT&f&0M3dfF;48Gqx+REeLQYJHOzcD&BAHJ~Ls9_wwTJzItdta;
zR3=k`rcNvoKa-*xDYi(*4I^CZcswA7dI(;4E=MafjMk>u$RVRdKFyNC-=H$$lwzrP
z0;2T14Z?LMNhAuH(h4>=nGdN^LEvT&H)pBTIt|_x%yhPAG}@69LfJpmiM33Mf~*uv
zmE_XF!UJqN{qv6kx=10gPGd3eP;S^Aq8pNO12nJ*8jRRW7yWVqWB@8A(B?!<V>F3S
zKoAq)CW?9^8eoc(VVn^O1(S&dfdP{Rh&FK+gCKDP=?PFI&{{^%3J}OIOr?wd<AXRJ
zI$^l@!uBVrG#NY=z0*-j9$6?U44?YEw%(T(D67@iwYTQx*VF~w`ObE?zNvd;ewYLe
z-JA8fx~lBJ(6qcXRVKMylaiLFP;A|oTB6O{w~twv6Kae_WZU-n(mKMGe0FYaZf-66
zKz`w*?nTwnxiiYOrHxrei})wzeC=n=5WiP`(luu4r{y)a6f;s7Elvvr8_H^|YKzuw
z(=W;JXAtkAOHE5<v;N;GpG&z?TKK$e2b<<9;o-e?^S>j1`Cx5nQAu86oo&Ceq=r04
zubjvKdr5U{+tPSNG&IX?FyyJ32M2#P*cQ~lS9}9KTM26pWp&acg_qYu?ax7RAyf*8
zYIIgarf>j00F|Za{s2<P)3hQ~jH4cSOu(>)gQnM9`30;Sv3+mtMUb0TTRu8%78jNg
z#ZM0??6Of<dE8LgKCUwO*;6v4{*$eLDnf3-9_C*D;EP2qbNB6?`@6K!<y!5~S(2E-
zE<bg*j8Sx>!p&*vnG>(Q`<opHh}dB;(!f2VLBF|+%tHk_z9P}$+2=4r?txImoxAz4
z9FSiOoQz2e%X<IQML|9i)zc`3i#`~ae3YSyAK3+&4{z_ft}~zO9eB{a%=fofE~+GT
z^!fhxgFevzaOB_2PvcfpPn{p;<9san;G3Ty+9~`&?oK@KZ+me1+|<7k7xHl=eQHsP
zQUX&2L?N_&SkUOmd$DceLD%qrWd<_<MGxW)Q3(#;p8DCs9@tkX#15(H5YQw##|Sl;
zB5Lq@;w0(Kmn!&Y6;gH)e5aFY`+939byE)ui8N@2he#|mT+=`zYJCqQxQ!Aqy7RxR
zv;SFv@J{(&)ah&KShJ#oeN4EAJN!jO{yT)6B>gzSYyo9SaSxR82w74nr3{OZT)YiD
zN^(3fV}=~?A2R<9@4{^yx@=A9tNa&4`*M26to9P^O6}IBD<6DxSN)Z8$tsDWZ!pva
zAoO40VaRI>3WsN*-@N`Z(aP-^O*sp++J>xxM|bakK0mWTDwnfa7emYp#vZAmiNW%R
zXP_noJVX@{Q|JqY$l&u)3m3Yh9>b#9LMLo|cwmtP8(|o|RV(t~Kwx|5w2e;*pMzi(
zOD1&ih0{drEAu8*ubo;sZ%TL1Xr`!n-Ic>62I=HHhq&m_q?;ey_V?{$FAFeAA{Vd3
ztjnwx+tM6m<7)H4*#F)D5dWhG5nGc1E<?r4GuwsSjzZ2xGLGEIoSMJ3a{ld87O&m@
z2i>B3r-m5<dY{^HzrX)RqPU?kW+;)UlwxJ#daE^<O60-HmBXQ}OdNPcSIZe?fl8Gk
z@93nbBqhK?t>r09RKRD!7=|&-3luv%c3K*n1cU*_4$#al;-CQ%4X}$e7a?E;QLr8c
ziAhp_eA3@$D-?f%D}PSnHh<*hpGC2_pP4WxSvLE_uD<7)SZ|_NB0A3h*!AITRQ!`d
zs0+F!(aRB`u244nZ<9{Pgu1=S`;qXtAFaR-EsT(&0oy)7&UZNC%_3j|nFz%}BORh-
zM8ljM{^<58Yc@VSk=a<@_jvHq4#M%@|7G1%%gUtnB~_XXwXFsKeu=27p?X|m$GQo}
zHpNFVb;W0XXqj(r{4@Vu*DbHC6c+~5{k2`?J{pjD&i9&ynRvbEO3^_&Hh6SY9;BQE
z2%!~ZLkd%+8_DwIx&f*Ua8!b{De#B=`UX|IpgB>GTmRpr`Xw|*G`n*S%wKLuMW;kL
zZ2^ZXt05!J>1)f)Y4f>EmY~&}<#GhtI)z={bYUaMD^$tJZS%oK5~5Xpd4#anmE{G&
z2+eGf{0n!@8BtS7WSGH`?l1&8ng6;Gr|u(%-D)?R?Y2~h(`GYh)n;rv`U|l}V!gsn
zM{08C1@%&Gc5^S>O1*q+;QwM)+uAWK;>@<Dxyu53TK?;X&~D;_UrbE(1rJitg@LK`
z;J-}tlPE616P=2aUM7as({WDJ7iZAs61^f3=5fpe5;RmCsfDi+XlVhYi0mxBFyOMt
z<AU$b=~)qzK9~RaMr1m9?KLvx%_ms#>iLHgqBqHu*O*HZAIx8kQgREn5~3UVkLNPC
zup$8c&bv3TrzP)=P8GC=(QXzLdKL}-qf>=&zfw_9yC!idI?bnicP}%Pu8=p@XmuuX
z1cWidGo0jGO**00K&51zAPgD=&xL-?O%Qcc36gRpL)XS|hin<S@Sst+JjOwoNfCZx
zkzme(hC<siO=5#V9_k7_uV|lCyYT|VEDZ!BbPf=!6be_7&rgP&*jqklcuQfat3a7n
zK5lh;_x&^feB*;7OYEaGPO_E%`P%O<8+*+k=8V017BK0VWvShlk6ae0ZXY|YxkSnS
zZqe}3`9x)Qahp>emga&6HYV{pGweVTeZBi>fAQqDO(QOGjGQwrwCJJko-Zd?M-HU>
z$bp++8=v#i{)vIAsnai6w!8SnDQ%e*X>LnS`J4u=ZsB1doHLd79PzXQSW{~83eMqA
zDHki|0CdG5@{i-mAU}J}5TOOHB9(RVq;$eF(@B8_yCL@0lpOP;15<=BL%6_A{R>%G
zeBd*$FC^!f0$(xABZjV^!ZRe?ww}>WneGe~+DS+Glm<&_aL9;w$BakjvRv2w3m)$>
zDl0OVj$d}*@a)CQb7fw0hA&#uk~#0d?7>Jf^3i>@iWI+tNl`MsJdMWJSgddwm$gZ?
z-Q%1xjUyvfT-I=P-rkw3nhF*_Hl56WWXVFibwOLx{VV3&Id7F|a@mB^`k;LW^YLKR
znb7V9Uoz#Zb;CO*Ixh>ekJ4^?XzC*PimQkoY!VP{av3dJ30z-<i}zz?lRvD0yyZ8p
z+OcC5*#ac)n>4sAAsU$7Sh~hoDY*8$<3@J!-|?^T-*t|>0@?7+$H^wYU;jN)hJKM1
zgk1FMO#j^w?ri7)u=n(e!gYkeHsRXbL+4$Q@cj_n0krKk=iQ7j?o%iUhJPCUX@ysv
zde6{3Ah@ITYiZvIh9TYqA7Qp|LLvYf-$2`pATOk02uY(k=0FsN>63~UD51I<hIJ|s
znmjPw32T(-4ao#f^Dl(F*5frzG}Fei2X1{_UrLscG(K(G9Ftgld|O53{ThW?WAf_n
z?>bIoq=G-i@8VC5XsF>2={?U|`tC%oKx7(RI^*(_)Y}eU_L0#a2x}sbktiq3I7Z?P
zX=mKW`Jawo^X2I3JtV$u*52oc?6{ThvlOY7PQp#zvh6q#&WkfmxvzREpOt#}Jp|4!
zCDQ1l@csk(Srl;aivf)l=0<@dh5E7Gz;+CyZRdQywSk4!;DNV{g@XpRX$telCI%f3
zEY^r(f|67zz|H8d7m-i!xWbKZwiwL)erPV~d3H95y_UYY7O%KT9B^>~SKyxxV<K*J
zIE+l(NbaRh=Y$B0xNVmFL1HIki2XtN91Bqn@-s6k61O;=7C!FE&1Dvb9FCA9F(GkV
zJTh!pB%WL{6BaKbFAQH<QL%D3Up7;i7cRq`@)PETT<SZfaY1Mb^eaLO4^ly&u2c3Y
zAyff_HyvX=G~G%SvWMaOqd-8si|9v3?Q$ABf>=DtS%leM{Ai&sQR^!#^f6EQh|JQL
zN!Qsc$MNsp_aJ}bcNX?-TF|$A90}gH?VI~&lVydzt-7u6@vr}XoqY#jR8{u(-20}b
z_d)_8lR^*zB$G@E3rQ$OK@<c*K_pC)mt@FfW|#s55hG2+28gJDh$2Nq6xRl}z*-Oi
z0g+W~=&GwOvaXA$A$j?J=e{=~vFz^mpX9z<&#mX4+s-|A+j*t2=4J9-0z1p!{v*4$
z=A|qv|6652L1n>|Dc4vtv#fV-e^NQIJ7}(d@?UI8rgie<ZOS_zFJ_@1ShIwU<$t_b
zIsbu`?rwyEG3-Z-h19mG!2f`dV=g7d(ixe!t34P+1LK)B2`8i(MhP8H3>acuffaO=
z29_95Sukd(8x(2!Vk-c!$`w;*j6Dh1x4;=1uDj8wgi0yKQHO|!A~jvSsElz5X~iWb
zmEl@4LQBMm&Z%GJ^yAVVZ(vKmQss^`DLW&4K&Eo|q1e7r!<w(ii;Ev$za%3vDLtZJ
z>Bv6u1si+)>6Zupw*G$1|4Wp&eA(gQ14mzb-NZi8rsU`-eeco3(<`RpsiNCL%ocui
z(Zt6rh2|?u!uvegXJC<c@{Hc|hxfT;^Tewb@5kNs!Iz9G8=rmI#D|8D?-w~^NBjM5
z&%LMg%aj)q*k4AKw0kC)2lV15leDy2nF{eJRUc)x|CqJ)j+DsctI{V_R}?7^UQ)j5
z(H)O5J}_@wY`!hbkd{%{I}Xxf;^MM;rz9p1UVdp`Us^aMMIGU$NZXhVS7%r%!W&}3
zGd`JGEH6kIn^rbIiXCxGkUL(CF-G6)S|wjzJ;te2MwQLDp<=Dl{)%frDFeF+t?e<l
z5%Z!H+`cE-^g33ct#?qZILJgdrJWuc=(7LNrzo2?oxmqxNf%qAG<(3L7jHya(n-L4
z8H>XdR*HEi^07sa?Ad$An(Yy98-^E@mWQSk<y7&LM<TZe-4E%@tmJOX$uDM2eFqt%
zdh;nA4|d!=+0ZM-I4CV`kTEvNn9FWualHCkLvoB^a9ZonIv&08*{=`m|HrOP6_w3_
zyvs*r-TrHbanHSTV7NIvmY0|7qaw`1-aK~n&Ee+ANP{JP1SBDZ40}U*yA2plKg<h2
z$YvT^a98b5s1wY_1oMY@tni|RdOG;fVj$6rdOk6NV{M3oLQu4zMLI3s2HoUQz83~8
z)Q{f!#ZuO?^ov`SJX)J?!kv+554bB~kX9<uVln@{XVZliG8wQoU-|_b)4mc=v5`_M
zId<qac_a@^$fjsRO?GOT;1r@&y2x*EEp8A8I2opXv~__sJ2Dyc`aN4Vf)h2yCWi<q
zb~=8&yJzT|ntU+1cW-=BmBbOYrK5ZI9=*smA^{RHd(BAholun6JK2sIe{ll8a->c9
z*)|f!zU8mlMlM`F^TN@Y%a_m8=gnNspYu{I^ikSuBMJ*g*xC{kzaqD<y7W2gY$Hb4
zl)8k3X9kSm4_<_Z;4O82u0vaK49&!?Xh~%j`V%6ggAIeGN|f$VPTlhjD^^}oE>~Ux
zf5pvw){Z&t6?1m%m?O2$*}?Ynoc8-L``59deCtK`9fS@Lpn$j32tlsI%kZ_}$MS&s
z-3Y#iTe1FIgPYwCffjDl?a(~|j_Vh7ujuyaUc>ny=GPeJh>)pYP$mm*b6YgJhJg^&
zO?<JB54m0#>S!ncJ+$D0w}rYPwgKa43zxnqSSEuHjUA>qpda3T0<!_LBxNI7l0XXf
z1__&n#c>u^WGKKQCn-^~fR_Zan@ow=w*p)exNVZaK!6vEa&Q)6NJ<Fd**P%=JjIn1
zH-uxzmHOp`aGMmD8OKcJc)btV3S&t{W?f4BVX0UAJ_*mJMk}6}!Wd<COiEIQeqVeq
z=}3I9)c7}9#xZ?H5~SJP5nU9`?usSfcaqXgFUIw1&tXfI9d|1`SVQc9_UjoxiVb%D
z(u)z%e7myX6^_T(qjUL_OkWX`me{VmU(V)6k5DGFE6wd51Dm4Uu18;4U7@`F;J(e<
z!7TfD+5_y8Pe0Wke$^<=jqbSTJ>{=x)&3nfE@xj2n9Q=zE|FNG`F(>~xq=n7w{FHy
zKRj<y|980b_$^l&_$>*2^~#2jka%cMn$1ZWvGMWomSl4{8?Wyh9}>c94SnMg2D>bJ
zmKDVsL(R#S1pF+?#&BgFvm{1DDlh5#wjXBI%EoA^w;oT3;@*kG-elMBH*?l{;6U_+
zYmA1`;~jWz>u`m#vNtPI9@9r5{BEOx%^S%^Z2kD<-Db%KL0QoeyIDk-^45cF=$TK<
z%Fkop;^C)18wh!;`&dELoyr#<=d$G&II1E6H3q&!y^@cIt<Ha{eARxN@+C|C+utgg
z1FvyJp$;}o#EO(~R=hnxGWWo)28z|S3yB8r>gS0C&oAbX_3-@S_H&D$*B^bVVzAPC
zaK(s0(shepWp!;Mm%Q@IlB{RgV<baei61;lr8|p3cWwgLDZTW52{2u+lYl975fks-
zlLd=S7OTrvEe7I>Dbj%lCsD#9qe{ly_`_`G(TS|~hRc*2J6?C+Q0C!9%4Q$l>!|4;
zseGhV%&nK+*|+P~^-XN-p@az|46~Y*KFYqS*B)i|!z)Hio87Tbx$*L8Y!M%NVHm6B
z@pGov&r`~j4<qBPBd$q0%&u_VzvM}cM&OOHp9HTlQFLMp#pHt&NM&3RxZ;Zn(m}k%
zv_-f}SWLjRSbZ$dBwnUUDoQfR>lZIPu<!FVYd+t1pk;w!{b|O(S-0*R#+85Fa^%4U
zkH3C;?b_3?Kfb`x{M59AJ9qw2{O+3jKY41Ccfqm1u`N3f>gQcBmtMbS&Gn`FpKqQu
z>%!L35mLuhciwqbyEHI2)9K8RZr9(peq{Tk0&86(Cet*Z-hwgudNG@(+g@06{I`AQ
z|LU*KRY7OONduJ=jV5Re?$msg7Joy0n)oPRq{Yi*#z%qs@0ktD&uqPrwe`$GN9e<|
z>#iEa2E2T4`#q7j?%cvZPDo2j=*Xl9AW#b5j_>Hpo}jNXNtkB|^ICkjZas5mtN(Re
z)tmkBsOP`Er~TfMC6*6Cdvj0+WnxXC2aTsU;z;sNA4ou<cj5+t1I-35;o&&>y%c<U
zSAt)7GVZ_JfEPgPL8slgEj1UE`exjYybW?rSAkRQ0o@jGs_8H-!PQ#v1xEzkluP=x
zf@ssEZi=2m>aM`r0LVX9<X@0b{0AYDY~%|e1HVzYZzDzl8aNo{Uqvur=*T2aA8}rc
zBO~m|U@{G6!s5XgO(MBb*Zy;d*|4GQ0Kb=SZaZ)_o>EeO<x!5PzEEjGZ-^T2h;qz>
zYS#4j5ndMWV+lSM55q<Cg%`4Yc;c|9`}bG*g7Ic&cPzi<g%@sF^!)S62RXw=56kh`
zQ>4D5s`?a{WEM{tUwldbgp4s!n3ZRRq(!DAhW9D9S+G5|QrX2Oj*vFCS1YFs{oi^^
zIqCDQ>Gpqj#t=(n#^4N65thLj8G|iDW(>|4OzMUqxITX@>sLQz=XhUFC*Sz29&sZ6
z%;y)Wxn(zHT@nI`+zI&w<pV+!bNdb+Vq#%<KN_;shO#IrOfqu3@kQf4%`bfDe|KWd
z6Aixfo@-gmbg^L7dXvUvLmW9oX))obdg%1Vji)7L<LQSUI?Ya(5BmB2LFMIx*ps;x
z{D+EM_T->)ww(MnQb5n_jrx+dmvYO?a}A^E`|!i~B1M{y_6Pm?06NKS!kfclVKmqz
zX6HZ&ddNwgDbVI5%_-=Brb|?lI@!R!9SEM-bH;csa0iotBEwpyUvvD_#>wmEdmHM#
z^X{Lt?k`6ls(pX5A-%UbGGUmk{CM-y&u(R@N9Mh^an;ggTc*`5y`?IxJ|@0z%wHcG
z+Bn>5j!NkDr>ADTs_09lJ%?Uj{ot|U>GPH@nK!-o`3D}{d&O{lpSXm`WZQL4|H);C
zS@gBHZ`*$RwKvLDE!k=Du~)@EbTm6RJ0U7Ab<~&(uVnX$(&n@+AbqLW*BOWtZ>n`L
z4$(FO7?NnG04zduUxDPHVC5|Y9OA`Vq0?N|WDxHfpb>(k4qNkdIY6{bnm!3Wdfa)U
zjf)oA4p9vqUtz1@idoXzLVG*C*M&29Xfs*5pMtc5ojfs{?>?k%pG5bH3e)4#&F++b
zQqNc@x{mIQ>{6?uOU{<&oBAY&M&}`Lzm&*=(RvBeeELPi_D#$-^+OT6m0RWipCrni
z5fx<H7q72D`nI*0{a?#$&_U8Rq;2=R2b0Y>hPTY|>A2_rT<W;hESsuB`EYd{V(!$%
zQG6NQHdp?~vYR?PF~4SF9#1cUhNHK|<GfiH7b015;w+GJnr)H9#6DX+GRF&%;84dd
znZ<g7yOk5{8+JoS<!y(QHs!R`0hgEC_wyZxl(XE;rYWbDHa3;D;H0j-B6etOdqp(1
z30h(;`WB0%>!{}sw6{z87KpxVY5zNaKp0p{ouZ2!64S1WkJsyBhQxC4JLBdx&cnaM
zI$#W5?%IR_nhw59IYJcnfBqCFiMzLd_{kR1w6#Dn67d6oAro(PBv>Gd6gwv-33trI
zG28!;BumJKh)n>S;?T$~(<V)dEsC8q3FbfiP@w<hKdEhy78Ql6I35$9w!4Mt=&xmW
zT71lLN=ZcVUz5W{1=Mki0(=p9izB$-RU%Wr>ocjDU?)QU*Tf2z&4#874;{(|;zD_g
z^4`$U;VH@+%7?M=M1cPgi5`!w(=XWn#C)0VzKzn&(djI4ID(0bVkCBkCX4F45mQ)k
zAP|DVSi&Ni4jaqNAgSQ4>7qAMG4_H%Xi1R|=rhSxAV6A#f!o@YCh>}yGpQn4W-=Y;
zp;IdDrrsud<rK(f!7mK|Qn(=^EG9N7B5QD5Xhc|eSVU;t;H-$GSO@?ygi90ztV@rq
zZf;-OygH=M;Hz!ZPA2mG$73$dO3zJm4s)jEre|Fmb9}!k_2k6zsRN>MQ=o#bWL30q
ztDc+VIK-}TeQbz?C-N-j6mz@@FTeN7%z!k8Og!cnZi<JaMUOqJkoL{ZD^@fQ_ul5R
zr+idV5e|Nl(g9^F2V|F(We-?cHlVbm|JCC^v)sJtZZU4QfqhJe8|%}tR)$=YNRHDK
zoMX{}35{QtOxkPGHo$3f0>qgrlP6hl?E_B|iL-V(RfemO|2+_EP}Cpsyjjo^SSn*I
zh)(R!AfOMe(|xbq+z~!{(TnvDe-|A-e*9%KUD>Ifx=XvZ!^e$FzVX=#LHDm(R+HO@
z>wJ?xN$Y3O_e<`u#8-ObQf2b|vv2XryAS?+!uM2?@<wKSY|K4Fa<LI_Xu<Y)&%Jkc
zuKv~K<4j>+Y;wPOS>uE+7NzC{cgRx*xj=7It$h+(2BjsX^>%pi2m;2Oo#m-1A9P$;
z<?fr_7b`m2fX5Dg&uw>g{-FaO%4y7T$J0n?0dGP&@y=pr4V*zZUWnA2(s0xv6^lDO
zs5P8ase4vkGZWfG)ut!G$HNURHy-{`Y5Vc;jU)Z@E=vLbUf-0VGfVs9Et9<JMX#QC
zby0Pm#G?9_&K#Q3*Pzc$xon<)q|(wa1vh)?N)>AF3LC@b_)PKER=GU9Z{Oi^dH(pK
z%y2}72t!kolcM!ueKXVI<I}SGhU+7flTyJ|pMv<pGmFMc;}ui`DLR)Rh5dH6U44~{
z)~+q$PJ620p0bemK%9u;dS?#y*NRhd*iZ8wJhKAcc?&QLo5x`o5$IIGqE4QHNoDAn
zi3T0Zhj??TV^wTnY{yDNG@G56X{da~n30%}VO(7j%X8|LyWQr@xItmJyk^YI%`o_t
zsrAa~vRm8}va%+)Zz(&iaGfzk(syi!ME_|#HZ_6u>X748AawgnPbS;BYW>GC@!W8U
zGLi3!Pf1Ns^472V=;wiBDzdUF#ti%!bGXj)*gJ1AMqxgK(=-;ZGZ8~INwo(bb#TKD
z?WAta#SCWHI7JKVW3%YY2uk0geDJ|(+W*6zBDMup<Jy1U5*~K@XG?dm0lTnqCC+5%
z3`lDISlNRkoNhsdk?Es%vDo#?zFHj>w_5o&mQIUQD9R)5MG1b79FmVISd?f#Gr0Z9
z5^)n6{1#ws0Xrb_mc(e^Q`h~N%>Xtgwkf5bNKCom+R5RG%KEm=%JFw+$Mj;e+E%iV
z2DVwb5E<KX#kcRRzyA95@2Q#r<-t5+CKZqwmFW%2Pb=G$wY_3yzsm-1Zewy{_~dKZ
z=Ge$zPIti&DCoA>=Rn=+um-%8C=EoH>P%o^|HJCF^}{I~*z7=!KwCgkfJuVNpnU2f
zU9?oTYBwre<Y%TRjcWWr`C#{|E#<g$duf6>xAjbGuDQ?fm^fp3$D?!}rk=m)U%OoS
z$2Mw#CEY-UaY-_}?Bi`L;qsZgqf_H&Em|}yJ~evx1?@PEz*Srk<IqUR&Hi;eKpF+c
zkN;9WLLX|P#3b-KqlvUa>8W+ngRQgh_sVzgzZZo^v-G#;d~}_za~YcH){Di`+6XNb
z8@a4=<6FO9Kp<Gm`a^7BQsl@=yvlQ7=0&X3+DhDWZ6qlszrwNqsch7C*yrpLi>&pY
zAc0f6R1)Z*CQZ30y=Nr|6#dVYfJR<eD2Jqk=7q8l2UzVY2sugqL2TsGSyMERX{8(4
z>W%-$S|T)fYopB#?&Dl@YN*eHy6)CEjWaZlnv#VJe^ZN?b`m`?g&JdVv%3sutP{oQ
zO(MrL^uNV>%O4OJ!Vrw8iFgJ+8Uk-6tC*}{C<VP?F|=P7!>ll4Y!y=$qY{40zt@W9
zS7{LD$300AZml0a^7!LN4zry0doZnO_0_LiSML*t(EOL%=FYv1SL~r)vPXDG|6H$}
z-4)$~Om&N1BUVQsP&&cqOMpn}j)RMtbMazG-8^5q<@3|qO4a@b1|xmc`0-InJEoO_
z29|C+{rMJLir07kqI_c_+E58OtTVu`^*cC+skNYMIHeRsSM4=KiD?-hB!GmRIHeRF
z3cMmTiAgGB**NUNaHE5iWYim~3#-%|(LvLgu}60sSDx5c`QiEF%H~mlqxVcOhphPg
z);S+e75LMw<&{5WJhxgnDmwimr|{q2^2rv7MZRtO_*PV;)QSp(1Fl8bKGx3^R8!R1
zvd*fr5a-*T(&yBx#`?{l%)Ry7d!y7oSkXPy*s2g8FiP1J->+BOHu2fsp42DpI4jSd
zw_5q7-GpO))kWC{7u4ZDwX=`0sKe>HhW}89z?uI@c!Puq`>j^3Dh2L|X<#u#;R5@*
za4s4zhqrXE8dPDr^3$`Q?hV|If`bFL8+Bd(%S}nWSj67bdspvzOY4<7pdjvsoAw0c
zb?fB79;sACK4I-i%}{sGDD9~k3$BX#EzOSE!!jOukwx{%SYQ{u@$VWMLMAr`(9&(J
zbz5nB7wRb$+ejY6#qsn{#07y#Y!H=fF{-F0TJf2FGpZI}WT?dWD$r09fr*_!u-h10
zH46SE4lf3S7;UKe-Ep=i==~*)x3Q7wJqAvCQ#Lr<ezhSq1u=y@So^!fZjI)>;Y(59
z7kZA|G+rtH660?v_FysoLJl>DKsg)<#}*aax+XO?u|5tmiv}4<FQN<AMk(I%0n6E?
zoZPYWv)jXn;%uVaZ<?;=@gNqN2i0;<S3Q2YI6_Gal9fFlZ&SWq9T&Cwt7Yq1?5=3F
zIk!w#Vcv?1drOUI`WCe`TC<6v7iIZL@D%BB@=I+-QfjD`DA(P{C<&U#!Vn9w+nA!^
z`kZ?9i@iUs?UH)TicH@@9{wo^r5Y3(x<@%B(p?<x+Wy)6XOwrhhnjb?UXN^Lmgl1J
z6dd|0>$fK~bP$4HxVi_25`O|^S5B#ZdrniWoSu8~foadNl4l=b@tgJf`;_yWRrft=
zYVA+-WMaBFSE4;8bsid=-_gKY#<2kFnl8|kQ{)H(qJ}&jT~kaVMKlBG*gzTKwKSpy
z)G1xZ+ug@}Mss;_MxE8w3o^ljiHj(pun@<KRU8R1E>K@ef}7#-Osh3hX?`>9%ORuZ
zm;07)K5(GJLT-i@Yi8SyOe>%C^_r3r_D;yA)sKJO@dP}kWP(KnTM<ahpaZ=hM<-r1
z|JQ>W3&9{ckq{&!7#A`1>)Kw&J|b4{xOPF~9`QQR+7wKF(iKZ~zEQuCMepc0an8>A
z(aZXTW`(6C4zOlJYT>|Xru2ph!$)5?t)h5Fd46idhff_)&h_fkD=m>n6^tL4C_V0c
z^{$4(rOKw6FYLJG%8HVldj{4FoH)j62z{{c^e@@8v=I%HR$pB<vaPIql66W$z%k^B
zeM-lhxfAmShV-5$MNMpMLUF`8dOqrI8P*MDBnd@_9e)~(Y3(f5)5Yq$XD9@1N+9!e
zGl%{l3At-#4mVSAVk}swgw$_<8t7Cvwn#dZ@|c0gM7xHRF0EcU?s6twmfYKzY>JCA
zo2{1`GDeqFg@;CYZvJL_ZSD4N6ln9t|F97xnk5~aH}9bG%>#egp;Rq*&O6Ah*M%5D
zEdz6GWrJ3G8m~29KPpj*NQhr<N*EJrGLNaS<(ZW6S|reJetXL|S2h^xC=%s}^3B0{
zGnTP?pMLiN#7t~<_=)wODu*ae>;>nb7KZ3_#n=?X(>9hMUm14XyUej&@=Hkcm8x3k
zP@j}B9k*jjCbT7Yv%rr3`+q@ds)D2%j2icoYl%KRXyPJRNk=*{GeZDQ*SG6@(a?e@
z2GR`~T{>hILRKN&>!9f<kUiMPf&|?X<Q5T+s3#x@o%j$NleQXxfp+&HQFZ@k^a=p4
zU^64);v$qyaS^Q%ampsLu$jWrkv^`F=|<Pn7LX|+y{J+i4i=~Tp1yB<eB6@BpF#*k
zi}sL!^3ZRg)p$Ev3&)+cu4uN&f!eB3{bPpX7c+AlJ!(T|AT6e!MEMGIQ@WLpFcH@Q
zgtQCsMH$LP7sG`Bdj5~Ly@dQ@6RyrB#P>zmiv>+gCvS*A26kR7=d-_rge(t<hz$AV
zmypN^7|HM}myU#Iv$H29B=sopIyQD)d|dB7y;HKg%G>ejA4hUA+Gn$iY}u2fi-n&*
zAD3(gTZ*!&>>7`$D(yl?Z3-42@uxBT1kun!G{i!jGfYQgbf>Nj2k>IEhvVwj+O;PP
zQ$BmBqavjrr?Iz!!B>xPFej4l+KPuhgSmy06m(jgc_s?37F^h~n6MKJwso5&$6_m>
zy>L9Dm}%6twkl_f*%(Du*5glRV~Ultt*zLV9mVFeQHsv_zEP)Cw6?Uiw@Rcj2yT;f
z7mz%D)V83OpqDfrWD<SW(<}w^6VX)V*iymDDytw?dvJ;Rl%D4B7oK@9Iy&*f>BQ*h
z_nx_cIo9{$(I~_WTL0qG_LfC27!F4D?;my0@WLXgW$BA;t>TR+c9g_N(GQ!0J<=9^
z`;XEOKKMlGcfF?ihk5y2eH*o+1E+7o$SUZz$?s-MeNvX~r)+g}w@@BYNu3u!hnCVQ
zG|5=S)kv`5(8YY11)~?8Oj+V^835PZ#nrF^ldfaoGNbawzm<dLTRXnGG$A)P;ZnZo
zW8<fM<7IKV1LF@JJ0@+suuAW4uReAxCsvvrn|rMNZOL{lH@5xmSfoVhf?~ZscGQr)
zRZ+u!)P<QSH@c%=efeEb@BB{rCL{zaKtfR9i}(S~h*~8A+WB2)XGn;MN%JI)<6S`7
zkA-P6l4(^H#r}JW(BFtSgE}R{TGZ@O7Im#KV?PTg?m{QO?(wj5!hQqrOK0rnM`lt6
za?{M+;F{s?3WgzA@*|zX!@ZY?kK9{yRuN9~54s0+g44GM_zDU~<<LVXvq)Q~#;fL`
z^Bho8_yzMsVZdV7m43H8_9$nUJHk`i1QXOn-pL(G<OhD5+k8<TEo^sxBk#O`ysU$o
z7A(vEpjU`6Ejk<GvWYa*xFaYXkyeYYDHsp=lN;%(>io{o(%BizM-U$RG@%fd{DePr
z)MW*QF++8aliaBONDsP8K|6GE(?jp_hgpQv^k7~^Tj<~inailps$dw3Ta*QUA}!<t
zIRCR|?n*P5b`QNpmq6iA&U3-^wYHAd^s7y}&hu&*oxVG)7JpO_POFPl*pdFlvcf%`
z;vyU%#anb0P*jdCH*)WaM>Y4?;ur2xOJ}?A2Mp=K@DwkpU>#{N6+t)3N0%Sc75)g1
zw7c?%xCTK*=v#DGl0x1FL3P=KX~0h>>9lgeO!-HAA|8sD?7~fT7x|?0gDMyg!3a2{
z0k=UaZ09d%gARhHvT6DZ<U<E#M;s&%-(W&L2tT-^ToJ+k3D^s8PZn_zd^bhqhkH2r
z>0u^6a$}mA?C>iJy6ZvVq1w8~@q1><r>3%{MKDX9?UWx%2YN{tOp7iBc}s!2P;gHX
zszoiQ7A{qkL4!xw3d&<w92BQ!N1CI_T|z!dQCN{C`9o>pu-l}SRj11(Gv!UxEp&v>
zAvb~rOgiedlj0EJT141{Abgh&cQWgtQyOL{N{`$KmK61UnySOC3F*0Ez9tAy?N8<)
zeK4KZT@v&oy(@h+PlRg~<VNvz!N9DAjV3qEJ)PXBY+BkPO!v6|z?>7zGwGU&AYDsC
z)HBLa3b$BF3$#Fi>IlXM_cHh=2kjbMFs|;p9${<Yf3=qH0hA8ZIC7_a|DHnFNK(PJ
z|8@Lop457v_{d+2zpF0Djy#5uPX0mF-5!ML4o_`Mahi3Vo$!w%zhM26yFt*!&VM6r
z#HrFqK`UE2e*w%tVTNDld6<8qFa#4+6qgDYOygp{gZU$!!vE@*2(Hcl|GzZsRIb*Y
zU?Z7_?czE<Ov;iL=`YtG(YG0f8MYeQjn^1oGu4^eAw6NW`E<zTA=^Wg(21cdLr;a}
zhOG-99X>DoU_?>G^oU0zM@MdtN{kv8wKe*>=oQhQ#|(&hB({HSOPn>H$Ipo0n-HJi
zf++bFiS0>wNehx%lg=imBv&V&>UCYO{V4-drlo93Iht}NH9fT~)s^~8>KDBedsp<H
z)%&^L-}V{ZXIY=`(=Jat(06d(MSWlE+n!#S?n>XDe#SD)a))KV<&%t}j71q|GG}CN
z&s4IOWt{}4)K~o$_1lk&=@WA1=X~A2qJM4w9sN&Vl6XnwC0j4~Xh6k)?YZXMg@fV;
z?HY7qaPHt0gHH{~7}7H2lf26O<opFzqjkP@r}a!hUBNR2?-x!fTv>SBR%Bae`@U#G
z(Hq56iqDlSDNQeRmF^vC9D2?0>fuk9MVAdNTT*tud_hHYMOnqX5mQFIG_v=|Wg{OQ
z`SqxYqm<FBFCAK$SUIoq>&vEGw*T^Jm!BOoc1**VWn&&4vwzIFvHizZj;$U0(iQqE
zrd;vEIM2A_SJqv*>8j|f)?9UVyk~stgxCpn6V6;c?dr8xpPraJan8gauDN6KfhiNG
z?7cSp+LCLRTzmAo-q$r;_smq?)B#hknYwW5_Nm`bE1R}p+H2F!UqA8sUDMO151ZaH
zUAdv+h8^@bBYDQM8DCUY&g?&Pt9`6}h5d)>YpNfqK2(!lb64$*+UIJ2mUHE`vQjs=
z?uB}D{rvi;8xk9qG@Nj7$4JK_$7{3nvkGTTn{}cwywTP8bmKW^wex=G*{1ZShNg8*
z2VG{@4A&#BbM7K{i~FD_-m}4TZuXqnN4$C7g}w~mM&Chyq5rACfWVG91Lka>+i&j9
zd3nth^GoJ0od5of{cm*LxOYL~g0Tx0+?0OPft!?tl?y!!*DZW);n|xjZ+6{$Zqfe5
z)r-GaGGWQOCEqVCT<Tx??XscE7B2hx)?Le6mhZi7!fnfL`)GxA#ljUY-JW>+9k-vo
zW5OK=?;LmM3wO=CYu8;r-#z8-l`E51o?W$O)%UAQR?k}f+&w948t(0X@2Rz)+;{2$
z*8@A(Wvm;!ZpC`zdguC&HjLiz!h=&D+`DnW#`zo1J(RX-#-`SXS3eT_$m&PhH&5Jr
z{L#8ck8hc^<&~}JTQ_Xu+bXu5*nZ-%B|EZq%-C`0@#@FV?CiI*Vdu#w!k>6$mu{D9
z*UnvSPi}uIe7AA;%-#1tZGF1#&(VMO|M~1Q+n>#N_L=8KKL61Rd-tw*vF)XkFAshB
zxmQYF+4^e9t1Yj-*1Dl}Z|k@Fvi5D?U$lSu{?@-t{L34!RlMH+^=IA)ePhKNuN+7|
zP<dd(fws369Nc@b{cZo--yd=v+JE?|BU6sFy));XPmbmtz2oS)W7Wrv$Jf0(?A`ZI
zj63o4dl~Od*Zx+&*LHHw$wPk~_Se0CJ^%iI_Z!~d`~LZhe>#S_#vtB{R(AMtC}L&8
zC<LYcVsytbEHOQiLA>ItnHlKO49(1O7u2trCENsDq?z@)e!8bLvjI{vPikf(VB0ja
zN%shg*34#HUwv9Lhv?$jLCqYd8^Au%%#pfb+^m@o=<u?UW`0YT$ERs#Y@P8Hn)z*A
zXwdwDq)Xvzz|-W$+OJvX#p?j|ILGnp(siT3Cp`z!x6|>8h+XHx-IivUt-3tHS3MZ!
z5jZt-Lca**6E+zqxH4P`x)x=xMC>laIRgCF<mc8kL7xa!kGnEX#O~En_d$MM`X7WR
zA2oIBAB0H%Rh(0hf*0vIMEdEvLgb|YDz7Uh+aJU<0lAWqFDeI>PuA6mxYAJyH(dOv
zBl7vZdLx(`gb1cu2MBLB7_w7sP%K`gQH$_Rq7EA2W``@eJ0N`|08=m)7of;igU~*$
zPQ7rUR_I=<zt?Kio_^HuQ0$QoK}po~?LFWIi<JKNkV8;IYHnPjmWF@_Nk*Q7v8Mw|
zsHU$$O$Ct4u_&1fx)p!qXGLxbz)dm~tx_u7RlK6QQp;S~RZo*34>JH)FaBhtOFi;G
z{P-Yvf^ANR7Xx*7K_1o$aQCm&tzr_c>lh&Y4X-~zGGizUW8rw!0SrXAskK^nH;aY@
z`&c|{70(h_BJN5hvtBF(cY}LF+98P$Nyja#3~cgbfvd0|1Tgexm#_hl|D20w?dd(X
zJeH6B?*dlHY!Et943R0NY$)Wy3}eF~AEq3<jUzDc7{x}jOCfasGIlu|!^W~J*f@42
zyNZox6WG;kBAdjnVUuwm`C42rnu@0-uV>TQ4QvLh!jqVGR?TWyEt6Rtt7i?&!Dg{W
zye`tjT+EFb&1_Jef9fJ|?&V{C7GQJOT-*n0#(v+8YyrE8Eo3+2Ap91#h%IJI*iwj>
zzLhO!x3LxMc6JB5likJcW-Hk$wwm3;*06ioT6Q11pFP0VvGr^Ndys8p53x<`VaTi4
z%pPT1*jBcUZD)_M9qe(olRd$9u_xJ6Y&UzF{h2+(o@LLm=h+Kv58KOLWG}Io*(>Z-
zh~M7F_OrjR*Vyaq4cv%2z}{j9+1u<8JIs!-ci2&Oj2&n1vJ>n*c9Q*-z0W>ir`U(=
zBla=-gni0Rv(MP)>~HJ~_9gp@{hfUc2H$VlKiC=e9XreZ$-Za*Vn48dvvcf6cAovj
zerCV0Hg<uvvku(k@5G!BBHp;f@oFVEaudfZ-FSC8jED0G9?7G4G>_r2JdVfn1fIx~
zbQwIE_ku+CRNkBS;c2`tPv;h%fyWKAcsB3Hb9jG#2_L`*@?4A>gZU7i$Md<B7w|%E
z<3+rfm+(?Pl>dnj<HLCwFXt6}1Ru#q@zMNJUdb=xm-8`vEWd(}<5%*l_;@~nU(F}-
zN&Ff<nNQ)@^6U6i@RnWAr}G>53|_@&ayzfq9p^Q?mdm`3*YgJM;Inumck(9g;%@HY
zv$>c1xSt3396p!N<IQ|NzmYHCH}Qr1X5PYY;fwfUzJxF3%lNH)Ilm3hd*9CQ;CJ%7
z_}zRZU&UARd-xjM7+K5j<M;Ci_&UCxZ{QE|jr<|Li9gIA;hXuRd<);oxAE=#F}{O8
z&Uf-B_%8k=e~RzsPxC+XXZW-HIsQC<f$!ma`HTD|{xW}szsg(rKE9v-g}=sM=Wp;g
z`2qeGKgi$ahxlQBgujCefXDc8{w_bk-{U9wU-|p|1AdBs$UovA^H2Dv{51cJf6o8L
zzu;f;ulV2j*Zdp)E&m5U!@uKa`9Jyh{9pVB{%?Mc|H#ktpZL%G7v9D%@OIw872YX<
zG)P>MB)w#ijF4AomO`XZT<-{%BBV$u3a@L#NU>6!6fY%6iBgi3EcKF7q*UD+Q^4iO
z%NvnLx-~B^sOM{TtELxddZDJ<G`&dEi#5GO(@QmdgsNLBRo$lQw#re4dZ*pzGc*N!
zjvAv+wtH(D%(82a>~wo%Lj&x7z0Ys=hSH}>Zu0n>^#Pyk)z>+kO=f>XmDBF6m$|>e
zL}rK2&)tniuiWIGBb(;C-Az>vms#lUfM0Ug)fs(`dY9cP)wt^oey`ovpl@(D$!5eR
zSJ|C@z2DI!>%DG!ZFsGFuFDAnIh%tPW57dh28XNKJul4Tv^Q7PIJ`AZ8EJZCyWixM
z>%6kB!Aw~Z5jx#9jruyLy*?C$sr59tU9vB9j@ub%lB<xPFwIB_glOh~$2i+t<F1uW
z)u;~WlHXphhw|yG-R?#+eVXjvMuW%eaQTfj_9oeD*VnmSe)v0UjSj!v>8J_w%k%tI
z4YH%Y!5=Eja~-w*hEVv`yQ-XWoj+VP*2pfu><v>bUJ4$enr8)ken(xip2`yDaMdE5
z3a6Px*vLA2jZC#xHOEmayG<TPjX&U(jUL%m<8X#H**#U1SJ`W{*HVP2VdPV;b@&aw
z2D?`_)HKMbA!@J)pI`P=RoiPC=i0rs5p{M{VbEp{8uV1@29F&`0K{;6Om%KA1rHa&
zgBB5!W--XK<QjiC(wXCRt0j*JT0{{-JkEfxiV!2T$>GwBVJZ>{XOp{8=n=C6GO7fT
zP~Z@UtIn;0`D(nf?D93Z{Sg|NiWMOMR867Pc3047_j=uPMNNjOMv)7%Y7TfpRfE6?
zQALDD$d1o3U#_YPIGy2|+1F%uI-})zHBNhzy(?S#dPkjK@09Iz=p$a)EH?wu&>A6R
zsByY|ayaVC<#5%Dyc<xTF4<gTcgn6>yVvNoyK3D{rW$us6WZI@WUqJ0{?K531w38#
zNcjW0`{&BCKLSPfcqqymblC7ZV4>_)6ARNUl!YiQ<8x%M-+>fkG<$>F>zEJpwL3$A
z@l`dz3xBwOuEP(!R4bm4jL=@#!c~l~LgHSx)F?OW(VKl{Ez7<Le?y?D+E*3uP{l=Q
zHp(v9Lj)mdusiF*1a(nqiisK&BqGA;a5Vxs)fP5+0=@<mD*`=9_JVAH!nhg*330fL
zNZixV99Hi@3e_qesMLXyF*rekTn5qK!vu<}2}K4wuWAhy0R*r~E3i3OR-+oTF#s}D
z(-;O6L#Lq%u9dt#pVUxWYpw=1pz>V$YT4-wtD$PGL&f^#&;~SPm5SZMNd4U;OaV`b
z(5XUVROGC>h>@{9Ttoy>J)8obo<I~0Xt=vtHqP~;&o>zSc3-2<2#Sh23#s-x<hmNW
zPYxx_Rr`sd-s=u{KvrCh1|Vdh)>tjuK_R4?fFDiiX%6++Jpz9m9=*>#M-HXdsj3E|
zHUi_^ULY3_IJw&iis5xM%KipKSl<v50FCk@S{Zq$cFG1IucHQJK2Xybf@Va1(0wDj
zOrqMO>)q~p5dSV35Z2AXfHstyLs93lzlutVenLicQq@4!8m1aWU7_EAvb%hGpW6#m
z!$*LbgbAG|II<CnV2n_4O^<xLfiU&J|5^-5)o!$Ln1;?2GCYXdWFZ>w2fq4c&{i`r
z-HW!jgCc_Fg@U#>fM^Ds)n?EIv~#^2DXLgxgNCkf)v98uiH6durrI#T`WxInRK9HX
z1sr~AF*6|*rD&|dKqbo<Vcej~G*XJ;go;oda5&Lh>dgT5(6|#~Z$j#JSB-3Jl4~0s
z{;)dA5>lBZBkMB8fd*0U`ntS2Ii}VfKtoj_pZHQ`#`bVg@vnyy@UMrRS|#)%e3)t!
zfM(T96jj7eK~1%?uMxwB(P{UPCJ@CR-sG;Pa*5s;uHn1Dx6s)Ew_nX#m}*qp8Krf(
zP#86=0i(aOIaDJBsF>*PB#`Pbsv8+3d#F6mLtPX`v@ROZ;}a7QgRco0G1Os%a7j&a
zgQ*^)yT@K@2ALChVWznRfkg^~AT7Y_S~KbxqnF)@9#kubhzuc^GpdW;X#@zwL>(+d
zr`OkjiiHqJ6^6@3A~wKEeU-JiG_2dm66On_N22>WJV5I}wQ54Jl7etgVE%lnJBM5&
zV*sTHX_gat(MS^=qp!gsJ8L6@1C5%S7#gCgKwg1E0f(;vHR=VilWE|YS5pfDrH$Hx
z0tf`@;i4i)4<{l}-GKywYVbEXZTcFYufPc01j!6lsVY^ZprSsEj&Z<uhsWpeRb3pA
zV!GUdgO<LkAg=&Z22A}ZQ$~zr$S+D8oH<aO8p#)qW~YqlEYS?rATSnLtWig^5JA={
zD#V;`4ONGHveO`pZcQVbiXay;1*l7*izPYWmFlZKQovU$Ib2?8mZw?r2CAh-?_8<c
zUqjPmIi#!4MhiMr-Ha@H8tm2RkyQoO(%3FnKgelyz%Tm}f9piWiU>Lj8XVKZM*fJd
zppZVc@MesrfofSD+BA!P9-29XKEk;x3{|G77I=e6HAp%pfI;GgITq~oUVD?V4s+T@
zuVk-v>Fe@~^CPPr{%R0*P-C?jKnb1RFu%}*Q<T$<gf32|BD&cFp6<ScSJB;k)h<34
z(_Hslp9$U6>vq%{&@lq@kWEK5jV->$W)B86cfjkL9l)S~=>Sm0ZL9-XcFKDC&;agt
zcqCtdnzpFOM2j2899gOk)blxwhPkq%+Kq*S3;zgEY>gCUM|V&uH@Ouis09d)!A^Aw
zPF_WkwQkG@#PUO{{Nj@EIhcxLRx0v@P$hX0>c}P>s@&vcrB4BUsI5wD^eLiGF?~wt
zBbIHI`6KdB*Y<q4loC*B0a*#Clz>VJsFZ+838=JGUsaeVAgaj(h{8N1Q<x_fi<S8!
z5m8|tfC}>fRG0^#!aM@X&!Z3d<`Ymp0p%l^!h9rCm`@P-1d&e=`C8sai6v@f{wRX8
z5}cLbtOREzI4i+f3C>DzR!XUWQYs(_aLM9B5CvNHMr#p{7Hi(h{Lvx=ffi^<juxw3
z_=wdmbc(!?;wYq43n|q?O0`gU5NM$WdMPDrql9e~t&M<e1Y{#18v)q}$VNam%4!io
z6cI!bK@<^0k(Sj;;YUD4#b}Z`;YUEl<WWpO#RODL9>tVQF(m`eZ3M0%6D3nj5G4dr
zLJ))(g@hM{gcpT`7lniug@hM{gcpS+1W`&5r367pQ3#~Kr%+#K70n2wfJt}|1R;eD
zNP!O^Y=jgxLJC_R(y-+r4I5#EjWEJS7-7pRHO!GgOJO9Guu)t#LJ1q8gpE+bMkrw;
zl&}#>*zze6D<xtj2to!MA%l&O!A8hnBV@1<GS~<iY=jIpLIxWl1K8T=Ll8v1@JbMU
W2%>->3J9Wr?l-V&_Su?ry8j2p&Q&b{

diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.woff b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.woff
deleted file mode 100644
index 8b280b98fa2fa261aa4b0f8fd061f772073ef83e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 71508
zcmZ5nV|4D$*R5?Ex4gZzZQR<n?e?k7Tidp6+qP}nc>DW*e6!Y`lf83hk~Nu?WKPbw
z$cl;r0RsU60b?owA^c}IF8;@VcK`n-Dyk&?;~@N_<NXI~kU3{DVG+?EP49;j{0|f$
zOtOk}j6a(159j@XUMQ<Ou%WfS-H+Du0|g);kiJpSoC;HY#~%$8?Z*e|KYV`!ftp&m
znfz!!?SIJw0oPuD(~8lV8S5JX0R#W|0x|u775WH0+3ZLB(F%Sz@efE5USTNBtesqc
zw2`0oqkftz<1|3!wz4(+@dHx>0s@oxffm+O;DEKhs~r$9)PHpee?SD11cGOyZ*Bae
z4g6eR%Fp?I83BO{cD9aAK)^6sKtOOeKtSkOn_2=~F2)8XKYb<jQxD=lu-GW|{@DL|
z5NKu$UiCjaF27CxKYnz0`M)D@KMdmsAU_Nkg!-oh`ycx$T-OZsOy&(TdV0os`sVr#
zCVF~iAaYZ~u(7b(v2J|*$MOsyAR&UP;jG}k{XAJAL}Tbl;!waLM1k6cp?-S9b!{@X
zT>?}eDah2Y!_cIIg6f>yjDm`nA8I88jTK`Etu#QEh}Z80tget%U_elKV2rT<jTp10
zhH*+g(&fG#2a0k9${*A*7&PQnFF16qWEIuuRbr|3x<Zz)LCeSFx4<Q{2tsRvq#I`r
z6Q_%N28SsNPWWo=#6x-T!cq%4OC^W)vh?Os$CahPxW+t$U=2e!d)!}=5N9g`T(^uI
zUq%ZvSK{fXJ!i(DVlO#>2HKk-F?ythpkmrA%jOJ?v$L#hV~Mgd5*Wf!EI$l(g+8dJ
zU2TXWntYJ^!9UE;oD|7;mOmz|)Ttu%a+j4_$_V4ng~@ZXg9TC}EyASK`Ha8%8A$^e
zi9S&hSfNA727+-vhN?gMrauOvKYE_Ej=8#wqkG5LJU7|qI}Wy!7X@e%&~M0YcxF5=
zeM+XH>{Q>?Tx1W1g>O_nwt>lya{e0?Klk%zEP}YMb$CI0DlIO)v_E$lKc%wSHc64k
zr%t4S#nD?rsR!4@`&xm37zoRQVJaaF1j+w~*@FmEDi^I(YV!ireya@Hww*4ESZG?X
zeSZ!&HGP&fc~|mj65rqPJ$I#!l9J|qer*#nUT=EwJa0Kp@f>p_IBIf4tq8l?p$r=b
zIK+$yxIv*WY^ZRzC_`neQ8^T|zaiQye;3JrzmjCU6vP~#_3X#Q;7PUM8BneuNgKxr
zV2jL`+9be{fBf~VYjuSjbIX^%w#(v`uW}W0WWU0=yK+@a!Sz4+g()qv8*S%m>NuiZ
zKEGJUnTvpMW(E;`QL___k#ROO8mNge<gS=XJw}R38=KyFI>(Z1lLlX1np{a0^(gvD
zYFanA9@KN%JFsU`T<>-}coVjp<`TwK20AkSC=R;!0zjx|J;;Se!3?ZgZvpxwKCuvj
z>m|V(Wc47&+tCJ4zy*X)mlKw_loJv`YYP>8DUnwYypNqfmlQ|qIxpIj67iu#={l2W
zp!dcAiE9|JWS>RnC9*{owVbuMzhy0V=MjX@tnP~5p-|XmB%kkL*lP)6km=Ozm|y{;
zg^T7ftnT{PPK{)?1ohyB%7m;RKHW3f<)s@jt=c3cHjavqJGtxS-1&vRZRL+{pj$&V
zYR5|QmUUr5Q<~)Jsl*VaITbsY9L})mqI2QY(I5ok(X0j|+%DRhOifo`^CX^YcXz2$
zK2#wh(O&S?7PnfjH8dUZP<-tEGF3t2jk<JKH$_6bpI?vSCX>1sy?6?BNxNByJ$i?b
z!8EhUO3IyNxYW$Lx5q;iTI(y$4T9zaxS*!UaTXoqCUm-16EAG9mLWKAJ1oZ8xsEC~
zJ0X_ZVqA}}-{NS$_=jI-J-+d!V;=PFZulShbbWPiQ}b3PeuAg86ITfY$b*OF-(w)}
zKm(;IQ>K`ZNRaQUfMKClzx7BQI8n+pie36aJMSf)eX?Ahe6l6T9Kt_%bG2?ADibP8
z$E~WHy1!d1W-2!1JkJDcm<o3Tb#APb$mr%2OM<DMEh(NX=7%B|B?$*QaFN?W_^?Qn
zSVj@5F6Rt@G{9;{>zG_xWOS&n_~EqAPM%e6o=q<{(sfJ09h#8y79=)A0<F?NJ!-+_
zlz|bK+W1BJ_*YSP_pA=^FC;-jy#_2J5_Wy%9KabJ*<8#$(|!+Z$x>f0x>#qVL$i}L
z-UPo@vTgBiHeYt!Pi3A)uG4ktsdR8`!ui~)V`_DHk-X+(d_xRlpQgo`b*hxKCZ6w3
z?b7a4?ExI0?V|0!hwKG8(XB<{4e%XWOo)Ka>tA9s!Wc{FXh4~HzYL4`G`;pQQOCqO
ztxVGodL89$WAh0>ruA)@MN7s?kIEG@E2Y$e32TB#`vk|7^JaulIl^@&U{p@y3E}y8
z&PW%<7eb~Kb{vb<HbFE8xWQd(-FZ)KcuWE<W?GQBB)NCr6seNWu4VO~@SNj6j2Ke#
z*UfxjW+}e(6HQ-2;s@=lYU@6arPK~$6fKo8=QPNo@AJR)zhB<ymkCs1Z=asn$7YX9
zaF5Hq20sq$33-egalupKd1vUTruItWrLf$Wz?6f4p`_U{zo$)i^P|gv82YIr_*cwr
z?piFKyV+F?gF&XM&N;$exxS63z<Jr3NNaP^bIr;idw=JKi1DD<KBE_J>}u|{3-Mgs
z%R`3kd6Z^<SVM>3ZThh)c25_7p=?9yP(F{vc0&Qah%onBYWl+lf>Q`)>+(x0yscho
zLkh(FGZQPmBt8>WP{RDnm2kt7B)-uDz0E4B6~cn2&E7?zriND6;Mgn?IcbQkZA^Na
z;GzS|5qbpzB~mciu#W~E!`%KdfUYruQI3>2!tpL8XTcHn3z;4iOz|lZn@`(ZrGtr=
zU&SXnI$E3ZUy51!)bd*nwni^oENw+^%+0mZ%^fa{6#g~|6yXJ`6feG5jTpZ~A%ktm
z(g(7;8Pq`9iMC13yjopDkiNaprdZf6|IYpT8mJmZWYtw6tYNiYsdM_iRgJ#ZZ8H{%
zXOZh}J>A(K^!zUJe(8UeolR($A=)nP3U;rCQcFvxg{Ahqe3OpBbFgmvY7FulPfMfm
z`?G*~+xKfdhhaTuH(Rb3S?n2{Rsk3j{_n54qvFf-k?5(T<BKH!!6^dD@7oPf<B(6B
zL=Jg`ET2D&Y(+Lslk{HdQ1F62T!Y*oj}cRl`3zNHK2&Q&oLbN@0yVs3Daeo$f1#F2
zD0_X@EYzwP{(&eki^_}jToado&-VI)XV8R@>!X_jeVg(Gf?rO7SimO$i<Hy+^(W%%
z+1!l}LChWqu`aTujGFNb=z7vg9<B3{D4(QW{2ba7?lO;b!LGpApJWg>&9tp<{Gh9!
zH1V8LK+QIu@wj$Oois$<u53<|ZVps8s76OI#H`$<Z`)%d$9yvW^>2~9n%JTF%c1!(
zDo~cyXY*(yk4-0@Aw^pBcr9(9LF0nCzJZ2jJ~>Sa!tsTmKj~~B7+*Y7L~`S(Uj_h3
zuv3Q@HL<I2k!0a6a8C-Ve?iaj!S|ME29Tfy&ccVq^$=D1*94APa*m&9VhI6)S7@wc
zcKyihk3;S;{t$B*G@?Pu<w`S_Y_tA7plUbP^SY+rQ3Qo^nsclSKZUMe;lwPY0icwC
zkc^XF<z;(1w-D;-MBTtPpEE4+0rmEOj#qDYWq4*Tex?4ULVu0W*8FCn*Gq;8R9ty8
z)eeYCzNu~?XsrV>BL*-IP*%vF;qaF>5ONu_SyB0Bm%SqQv;wIP^0YvHX4_<@rZ^9N
z8FY^tEjgdp0Dn`~aNZDT;&ij>;mLub)fR@*;s|mJb}Qt&9trX!-AwFtpCc{NF)y6m
zP*p#NY!`VcvUx?`0XK9e%G83O(PwA^HBQ+>6==o<%wlD5XwdoB-T2dO5%3L8DaA!2
zzC7h*Ld3t-L2DNv0PXePdU%4~&b#5z^{wJRPpVv(Fy)>WDFO(l0L&v;gavi1_%$xF
z*n?J$Ud3Rn8I|DR)FVe?esHG!HR*jz2wYr#(t_*A!OV78+^!OzgQWqGvbit6ohG3l
z8Js)cR{o)$2tI(d#lV%Kx8&ByDG@LBDj;|YIM1O{tZ<V9>1x2O=fllR<uaQKBuK@E
zDlVMhi9wa5V}U7Ji2eE{#|2-*Km^kY@8qaIdNPHaXBevWL51j$lFh^w1Gy@FoqF-|
znPf0!C58Z{vK?dxS(hH(ib3bDg$c+xL^249$&VR;5ub4oQwt$@HXw{%87;tYjh}>g
zC^8UDV9_J+JNB1iyO#3|Q(tGB+~NKNxTHoQ{YEi6{H2AdM_Jfe^Pw^%)xMs1l3R}0
zN*XqtW0q8x#q4W0)*F~(pD35m83n>lPYVC}@)RZOyy2%4*<3z7{%A3kRa@Tbu5Kg9
zpGGX<X)i6Ns6qP{0+R2#jemI)ayZ1vQcPJQw~QqOF3NUTrZ?ChgpIIM(ohaUCBp%|
zE&{FA7E3dx+6&94C)aKMfVJqaT<nOx(&yJrsG@hY)60|tftVt7#`fr*Q2!eNf(^rY
zCJI$K2JitllbTbxMo?@WjHBsq;BR)<R8?(}3;f7mFF*Abk7#}NiQpV#?Enf09}RSW
zaBtKTBJ}*L$PfS>29mNmhS-#Y1&zYq;eVxPgoaZW)`Z)Rj)^Uh8JZJ6I2C^*n2DK#
zM-b{R+bgPkk14b!>9EzXOUJ@41_#zzzE%T`nI-ob!SuR*MT=K$ZdUU9E3e!lqC$)2
zFh-6$1HY}I4=!SobUcd?4lSgjZW03u?A(4w2$RR#B3GN{#90FDm?TVF9+vN=Mmd_w
zT0-S1Pptt`L<k-Oj$M;cVEP@5XN4@bnkaP?4AGP?2Y?r}K(1c3?eqOSHnJQQ4@;Up
z*diP4q*}85{Xtm<fcmXz0}h4B&T<?%Wcc;@E<w3f1PiCut*dId;z%g{Z!PwEpsJj8
z3naV*CmY)Feub(>tA-d3YW&0-J^>Q1{vV8kg3ikCr9_yl`JfA}m`41mGrqixHu2AK
zfyZi18+iq%Hoe2&??+ybeVsmOmR2Bk%zs!Ke2`!^|A2Q{shH%2#5f>vG;P4F&cygG
zJ}*>jxsB3<sR%O{UYuw8oU_~w+5}NDa|K>(7lWse83~5xSV|=L=h-ND1BVRh7o66=
z49^$-l!^9Qe-7bj6GWk;o_2`6Q{13Pn8*P_d5RN49KD9Fon|=-8`~6i=-*$vv*LXl
z{SCa{@+_z+mG(OOwafD?Sw-!g^=V?l<^t?KzsXMg52fT);{Kp+0v8Br#?m6$QfTSl
z@AjuJ=Kfl*W)Q~gigG&R>(((VwoCmpi_Dm8Y^T0@qt`xewn8*mrfF9qus=EHEMsrN
zpBf)Q4AXe57UJNQ{vIeOeK}2d)@Ht$2@7-9UN?zb=>q8ZjHH>~#FI7xWOr{|M8a%*
zoS4I2vVS+9d^qWDKjq0OTCTE^u^i^`o(=jywa_?oahXs`mlm15W(Cd0dNl;8z=d`@
zQb%b(@~I)6q6Jq%aN$2buvh1p7-NCr01H)1fEA@&J9+ju+CEaUa$dIuuR2ec@TqoJ
ze0`+0t->!);znwAPCvqn9d8jQ2!2wsG+<uyxqmn8+|l^SA288Z&pY)7zsJ6m%9a*i
zZQJ>kI_l`5{f4(vC&&PN&qBr?Cu+Cr$bT0+{^4i$hO%RCvhA%^^V4QG(*m2a5cv#q
z54-IDr2!_HNXRX%%B}%Mj5euNP$>XI2h2M?md0ssp1~TMkSeV}6R7>Wg`xuVa5~en
z#yvkP7y|KAq*JAT1DZ<ZQq1NaI#$Cpv%bg}APL`LNg_xCs=adE1?<Qg-DnEje7N5L
z9krl9*<K9no{nt0zwg@z%HObV7lCq+h(_2dcCs-|K%Z`rUke!SI~>R4Tr-rfUiAd>
zQu!>!?qMchl%(0keY)-@-T;xoc%6^tg;9SD)W{$f?qm?lWVt_B&Yn;^$7AsQ!q!z(
zJiBT{LIvELbPcs*tjd9`F1cIwoFfRuHD>%nenmSv<tac0s02Co|I<XI@cxtG=v2um
zWDf2v@IowFJ|gf2;iM~CXqU4&N6bMAnK{Zl7dJwQ`2CmQFP#KnhH&@9G4RjPt7n#I
zx!V(MpAWD%bEqBjI=x`K{BOd@LAS&pMP4Q_gQOUUdBWi<h;h^Y)Xz}+$-=IQoR3?h
zzcN(ck-CT<uwYBe%X}a{o11LQ%g;64V(#uc*CtQRUB$;QZ;#CCve7Yo&fzuhx^J^?
zvr`X{fz2xf+Ny*3l={N_0!ow&2ZG=$c<-$D%OXmq)QM4O^RrGqFz`k9@*e?Ewgs_X
z7PR>C__0u5`lQ*S0i|C~4JrQ;?dKs2XbRirOv|Nb1pVFucw&cw;s|rmDX0DWX}lja
z0*4Ogg$Q%Keq)@Jhe*j`e|a-kvZP0JK(bHs%p9R_3~sRcs^y4NCtUd-W=Qw0MVhoT
zXb#E0;a&Su&eGJ<Cf<qXrQ_fG1`libk8JQzqT-VsmVN9M+9$t7Ib2TcMuuPAx@rCL
zXF^WT$nyw`f=YP_t^X&6G9BVpm?*{>K|?D~k&Z4#e<UQ&^rg3plKhr@({Ud{SjB<^
zpOtyA+ZKT!9c%aSz|}G84>`fofr>XMU}wci5@?&k>+{mKQAQJP>U>9op<QX_w1AVR
znHStLwL%o!%zB~;=J@x<Ci+a!J+r@@NyNVv2NUI=_j%v$Ibfo8&Ej~;W3*bExV+oH
zsU#>&v3=T0j&c({KTvZYgq}4et2YP&!%pWOa$`!58birqP4JA{S*Jz$o@-N3$JWM{
z{V_TiP*3ZdrJ@R1syh>)tGhLRpVx$$>U(s3&?0Khr0<!nhmBV6@XxqX-z@j;Rtsd@
zeJC&I1muFZ{|2|fg~n5dL>T=(Cb%6gHL-jem>U9d2+~u`^LB$nl_ctl<MOsQPt@aR
z0l1#=Z*8goQ7+_kD-I-O{a&ao5pSQib{zbS*%8q)6i<!;makZHjGsJMSzi^^ZLYOZ
zuWl6n`#1xmuzZoC+Z&z)74CeBq^(liprqLAsL>9VbQmVy7Wc#)vg;Ou^;U<uOU6`w
z7+yc6t$P1qQV(@37?I2><-(LHIy0y|$Rq-j*dQv>p-|Wq1pkX0G}5<lbBs*yE(S7i
z`E5Mup~Bo>2GYH3FV>g*QwgWVo9Ej0W*Tgk&H!#Nb9^^4*P7Y3x+#6-Cry!s{G+!;
zzTubk7|r8_^q?!_zn4!o50jx!sDWHx^+K4$k|WWJHUyX<)m&nXI0<SzTY<6~q%1XR
zp9kRZ-|dEFqZ$;V=v!0k)Fm7Ts5@}1DNaqp-6D1&Z!(ePTL=ppQnoH9)MT7#nc6Zd
zyL1OFp?|Pr6l*bZI!RA5gdRxx?8HuRiu5a{5t?q=Uu6=S1lCl9#hL#eQOJY@{RQH_
zfvJt{orLw6of=x>=)|NxQQHy1Ivprd9|u_f1!#3tvegQQgmn)uf$EP^!i)@t%+rYb
zZTourq<d6aUQyU+EfZw4<#Bz^{BdmNdwOX5JuS6bp<@o8<5+c?IftF#CiG?`(QLT;
z`oc20UT;0PF>dlQ@$Z_#lFdUixVh?>M<t$b&(fJ3>`tS8sshus0q@VqdhK3O*FxDT
zKCtXbAtbH$MH~n3Y~gGXw|4eC$CSFDdIx2aO>ZqVnKW_W7R}!oA>{sehXRpOKbtLL
z&gr@ry%kf@c2*MEWdjjt@7toNrbw4pu<-A!&?(Y0`^!g0z$y*Ys4QxI?W$VyWU~+8
z?wl<<-0(@R`ezz|RmOk|?(lmF)}LS)B{)>s93GHzP1jW`*sZ_Xs=}qqMJ9>2Qq_Al
ziQ@OP<iOTDL8hg0Ngh#UXr>qqfEC3i3ElfnK**6S!3C{o!*UHn$uVSK5;P+`;k^K?
z=zEX%z#j(v{^&yh=JFJk(U+Kz$1)YJ0v7_Pd$O3hY+Ri9X7jWdi8mex5SmKS^=AZK
zL+6K{uyN9~k#F@H604{xidmVErlFN0jAN2vKt6<Gf(d<`*6`!JEpAT-s*~QiC3~PD
z>t|sR!d*F0e&sZe#znhk-}LDQ9*<S&M-i3=wTk?u$3<S_Y$%xOlU2{v<%T?c03#W=
zm#jYz*Y(-}EPmwFuVS#NRX}lFh!<4DyV6LXY($=XMXuXdt{?A66NI}B7p_=}wKp=5
zM_}3!KLZW_F0_Zcw^?oxkP<u1sS&6UGl$d$iH|U3lL7u32b&m*BF!@pdZ+_Sl7WSD
z;ykhAIGKc&l1H;M6TC*&e*{;QA8A*@U2i=R9JqvPD~DV%hzX+oo|L4uog-1RLyamg
zp!l0ZGK5QL<vCpxS-HdJY~t9lJbql4NnWo^)Q^W;adex@4UZ1!Pca<G=U<GWOADX)
zHPlhV>_M97b^7lW6|vQNy?gV^?bqUILC}4&37BH#Y=a>x?!6*O?QiToE0?&5gcK$%
z!ajB-LVyg`h&lH%!v`Fo{%N~aH@T(c8I=6@ucQJE8KzMbKL(ZjEyW26heGzGxDZo)
zrI~}cdiHO=Mom;z(pQD{R9Q;NGkU@=LbK)%hEKzFZJxD7!%w>Chwo(8?9ESx^$%jt
zwp+I0JM|CL-pP=`?8@s<#R<5|%mZS<kKaegK({=D(ilvs9wiDmZGd0LH`{+?y!&SU
z)z^BwFbyf~3(RvxC6N1tf2GF=w5DKmauzJ-`)(PifZh1?xKq{@WthnFvTgCC1;fcR
zz@%-85t?4BJ5x|x82-DizI7;Zn(%3k25kt4_+#cr4l~SagLw;0NF#uX4xC)}jitTd
z8X=X{k~K+~pEKq~g}USn#efh$FgQ`9(e6H2i$Ay#WjGAj>5DQviRoN2ijs$rkEf<Q
znVEH%sKuAf4G1GrHTx}|4^EwtZJA3VZXPcM^0$oH-><^JRA^BCnLUYh$`*g4%{gY<
zohsTP0ITL7q8gttCrU^e8Ic>VbW5X}oFjM=8o1ugitlX<nO$0K?W>@;4zk@-b0AFy
z6q*h^=5C7~D>+BJOacfTKCn9iGi=P}3@<kDogXDE7QH}&@ujBa{R?NZ0M(a@KgE+I
zHZ!}H+|MV)FR?|x{9P%|Hx)1i>(O`tOlf1gS*2}N$Y5AAB*a1zvDqEP*^_KTGL3)B
z2fQ1Gt#}y1uh{ZK59DdS5S(~Q*UgU;*R^FK{$?=lIMT#qtuR+%t^LLRvt}`&j@9h{
zib^PkM-nKN3_AQa6(d_Sj;@NIr4GLA*%UxMW!k;^zMYRcbBD^013_lE5}sia5dMka
zVo6*F4w?RX$jV@(hDHK{=HCfj58{9<b9^NwIN>JbPs+D-Bs^M(KeKo|P`Ew2uX;E|
zEiIUGIdoGEmz3wl6Q1m?ST}Jr4Va|Fl6ijQ@lXiz&g{5W`HXk@y7TlA3i$re-FhwX
zZf?>U^bzC}@vS}8Vq+uJD4Zn63~F^Uj%CDXDE$aegke?EE$W#AbJ`YJNsy%9mHLXj
z*Z>%<108|Xy#?aM%)S*41K^k_DO$545|QSa!#6K+O!WQ&4LopIdIEumfu13C+hlS!
zOf`f3b!G+{Y(U%*EX>%8)>)8PwXYDZ8<mTov=AgZ_poIZ`px<g#;FvTS7VD0Q*kfw
zTas#j`f4P-m1Y0Xs+f$~DUCpOktg3NWxdeMC0UyiEk<~7P=zP4={o7;5+)wbpBDDj
z0kajkeouSB2B|s8!}QtBI_w^wWm@Gs$NggsU-6&j@H!mC@<UO~0o<gT=i-+s8)9G5
zuCgA*Fma>WRk1-8dI!8`YjX8(i2C88`TXTY?h8!mp!KKH>6XY9EAtj7J=ymLbWq8p
z>5I_T6$nsqg~P7v;8q)Bg@8NZd5Lz{qk*|hsoAT&VF~sqKr>@L1QYV`RB11DSQH<^
z_rUzQe6kz2Y9Frn3&2(TwD)|`HZoHJv`VTFM$w#z(+TCyeFjq<BKi&3s4ytu!9rB;
zU!Ug`RVGu!q_Db}@h<R?3JfQ{!D~WcI@7*bV)aR?r$UU5ek(HdGqQ|0a1=}llH(jC
zk*IG2W3fLwK%76nG@h3TXVz?BH-uNm-Pp>yg0EfAXJ!1spD_Xwd@?FBzTROhmHM@G
z?~!T{fk&6@cQs~}vecF$N40n_-6{Mai*W`n{S}L7rb?IaxGjP17wKY+aB78G>E#6H
ztz_79L>d>lIS47MTR46NO}i-IpPQNFB$&0hvV~67Vg>4nqP&^4zfIqoo|9O(saL1y
z3eAQz3;DxeqfG-#r}<LV&E6bMGsk_{aPRv5KWH5YOf7vISZ;!rr-6iyB{2KSel2ke
zeDgq9Q>yQQ8<dNR(!e6)HJVk&5gG#wX!9u!V{R`0@>l^^63ZKf1QHd^dCZ9j_}>2z
z@ZsR_d9gS-9cJ`V@fAtD|8eLY?C9U^CBwZ*yc)A}<a;)AKeZ*Ou*gSp=1M3FvAJFD
zuyb<qzmy2*Zl*9;8dzx#vE?avICmOa;;ABMUdPVY&`J11*(r?Mhc*4KS>;z|5<IVs
z=)(%)*)1$H?^PTZx}f<Ihz|&J7uzX~JQgBBycG-L0~#7Qt(A<&qq`JyA~{4v-|h{|
z!z*Ok1*iN5WsjozkPW{^+t!z%fg)gzR5`+-ypK~zHHFHZ7fcqC*U$l%&<_#<enG1A
zbKB`o@+HRueSf%$$xq|S&8aB8W<Sg+>W_yTOZz3O5sYdOaUkOdNR51lI_I0?mZGF)
z({Z9u4dY-!wBS{YDwRkoS*UWboU#&1B$x?oOfuU#f;Ivfe`K!rm{<Cfmj_a*R5mo0
zVyqIjy+rblM|)Hlao@TxG}^phdaQn$Y7D1vNfLic!!8Tk-v)P?_2DFhj4mh#H9jgb
zebjY!2?PhhjLfn;y(w;tTBT8T=h9MtYf-v8=vbp2-?~V7$Nl}rHFXRk8{a~O?wv--
z`WcwmQ7!irBg#^!u|gG+4U_)pmea5l18l%=WT=7^4aBt0NZ=67?#rb8^@ja+I;?};
zWpP&7XIgX9gEU?`8-cZ8?QPGRC%JayNG~ThzYF4UxY4`jms(VJ%iB#|w%Y|}c+o0>
zEESfu{cF=S%)D8lWGz>5BkctaB3!;#UW2MwtLz=+2?MVSIMiqhZFKC@{zZ~s9sRj4
zc`4jg8NwbD4j+^sUL<&kh8`VPt49r*!S~TmRIpFr&-{DoiC;sGTF|k9fI{3a{)KC?
ztFW-YY;!M+NV?*%uT;iP`Br2!2LX&PbXo$KbLf7<bf)8{cf+9jpfio~*F3S!1g2ZV
z+hH3*`@`URHgy|`K+MK>7lppHjH$%ry;J5Ad~r<-Pd)yB%~esz&IVxqEXSrwLD=^S
z1T5Fs5^^KpoUGGNeUF8RljU7YXO!+$zuL_nFdY^>DzCWkP~qdm!^jaREYBQ%{t;;f
z+X_M2JfM>Yc$E+x$`VKW=TVc53*KkFg<gJu6(3(n$+DvhU3AIlF(v{j&CpBp6%|yH
zfT^I<yhBvKZS^Mhv%Fk4^MM;RAgw%xy>UJAEo{sCQLLb>$#4F7X&QdUs64LZd<nq3
z*<K>R>-vUX$nPrnN)lInlZPzJr*%g-5}lg~=EW+F+d@j$j;u~v!m^aYhh-SBFeytB
ziZyG94kJQq7W?%g<4!n-8Cljn6tp0fF<tz=pc_Po_$;&mOkPsMhog<P2?zbg>`6+4
zCh=(AK?8WmgNc?%rxZno3HodAL7f;O@JgvLQD`zHwd?<8S;ChlA$FUIoG~tJ#`Km0
zf_5q?bV&)*C=|R0Xv=jp$J*y57GpV)Z#6`(5aW80+$;!{Buo%y$?_fyGr;%DyUEP8
zA{Q)|^!cl4rpdDLi|3AdA(igjI~lTmp%Ugw8Ar1u;fWDm7VGyJ|Lm6%?_zYG)5qJd
z79jie6ITTSSzXe+FPNdW?(8WMv^N6WMPoWSSGrjTrKGiAJ;X<pr&-NASixOu0phJv
z)ujpkIBPdI6xCZZ_$Xkj7EI#ge^xWSL40hXN~kB0bH<b;0K`*D*&HtKJ3|*%3<b@c
zMxB^4V{Q3#*CHX5<RGOj49Di>ODN5jXk2u3eB}8{VPmeCn>x%z>)Y^Ws@KZQ0vaV>
zItz&5UpRY3Hjm{C*7P}F9+GqQC-`)dy2vAir^K%y<ROww{O)w)F=0su&l4mr&_0+|
zi)(D^T;!H)@owok#PJQd$K+N}yv+Lbf0}5)r1@$a2>$eFs1u_D<)NW3rsM0ir7JZD
zQbp4v;zTsZ_Xy`wdzI3{IU`2~;|x<29cG#Qs`AWLQcxE_vsdlG`!h4dJRefq*Ncg}
z=!PmRZEZ@G;m2e5)EXq=L4sWd4RPRq^O>Y!JLO>>{>B^N^!S-1*{i$m54W?B7bBnv
z7Oar)#`^{erVBlrt)#1Ou`ntt_>ze9JtK68m0*;%TCHSIHVrC~FJ+99@pKo(r}Ldf
zS&9V@gr__!Xjk53oZRgBVcg!T2VmdP9|i>U-n9+t#o#B|s_Fe5!iOvVe#;ZFPtj%O
zLUV%d>LWdK$}4pp(Q8b)ZpzW-n3`zy)zJA{OUi-oG&Y5@m2AW|fuPDh7;|hSIFDVv
z1UXMhZSoqJIVC=cCebGXu_(BrdK0wxWV?M~9h}<VZ5GYuVf&_n#{=q$CPgPz94zhi
z`LS-p<s+%eyWJSnHnU9gRNa&xALP$j*jdz+WaZh><t5JbvB<~!ceaL6%6u)jna5>4
zuQ*EsjIMo%!q5dv2H+upI~5+m2V3$7eH@D7ce45cGXYUv8|cFjw`idPOQEcLdsOL+
z44Z7E0F>{6r;gXBOS_(%TSntK{(H;=3tbea#zM3A=i1EYdnM#%)6&rur%$}l5T{@p
zCg8osdoh4cC-(D9wd;d_0?CnifV(!!H&R$}Hau$c>Y*p?zCzVzBX9tg6|Qu<ZSPJ+
zU%!g)_-^SIW0pDy!<ZAzyNNip>xm-z5^B9tm@pj6piZ;fW}0=9Hk|)8N2Ls!IHFtM
zzDAnu$OKLX7+~izF+Ja2FzZo=Y_rAz3VJM+KA6t}`BXV-(WR633h^iIyra%_`gQzx
zS~neUgk+(`V4Ws=TMj|p$MSbUpyZ7GajB<U4EE^1A-(10m)*Pr5Is}JT!yh!Fgh_)
z;vV_aK)8-ggRhZv?X(%?<#aJ#zbhe%S+7A;uc-8{z3_KHrBlo}KIDSht*ym{Z@)dz
zCyM3_9pcW$`Z}BTH+&iGN8~x1wa<HE_cy+5^m~^>eE+dy#YW+m5#R*zOmpPX#0+pE
zeW39DK|WuKpHRZxlvTdl)}p@A3iP^)F_30KxIG1BZThbr=6A^oxV1ffFSEq&XkB0p
zs8-h@@1xxU1k?OlYNE9kx7#xKndIpmul!E_=KS#m=k#Liiz4l&-_IY*79sobCuByv
zw$?*>m>v2)F)P2Kx5BtNmFxzN2vnNCO?JhdRv(wWi;n$$(!V;}-C;D%_>|FgIo2k-
zC0>H^PG8)bTIH;^Cv-2$ud97vR}WyV$p@?S0@eV>>Cg{f3p|dv4w8J|dj#*gIxl05
znvS|%zLT3HTy}sza9RFndB03I<DneH(V=C9>9}6X+BH@ZCx(_IkLIe3$h9bcO`EX~
zvP{H~5ciE{I&u+)M2gqWK&}ON>%~Qgj^>%bn=rW@DRmVWSLNnLg<UO$^yA@R15@%5
z;pK4p)OcyeDjWfZA42WB(vi_$i^uq_aOX%SFER8+VL=rgKBEy~9CR3O2dK)vOEKpC
z-S};LRX%U^Nkk#+!e2B)OFDw|47UvWv+*wIpg>CnzxM}U!;JZb2O@$O_nM8yeF<<w
zq9s}DPX&1-Nc=ZA(<f8dV58xmj!(o{^ETx(enV;}`SOOeC+%;L{k|G$VJmx5O<^ni
zY@yNyXlWT`4E_DL0jsi#Y<DQnk1q&HS&XsJduzizu;KPbiU&Wtakf)}17A=YNTQ;l
z$Bc6Lu2`J%<nHZdTjjztr-PKYh&xhi)rtoLC-hp9(@FgE<JwoeL!lqEUsq4uELc$a
zCU1UX<sZ;AuzM$c4$r%!6WmXVBveTXwF}GQalFP06+_S+J^&LWuSg`qxXzmwdtm`8
zrV|A_FdrzXrck5LFRaSAeNe*UL+<!jGGFRNI^%$nrYv-x4$aK_MbFU_OX-)eZCO4*
z^f&aPFKzkTEGdcB`rZ_|Y))a7y~=Xgz01_n7#615)ZlWp2fza0ZHRBk0H^8MfTpGk
zg*>`vV|E&r`K^p0>x{H$8;5@g_BEB2boIx5`9iCX5!)zrIM8gA<wH_=RhwNz8kpD*
zoeZWXM8xpaj9g-xpIB0w#EGO#n8N<L46~c9`I_u;p&`|QMi$Jdhn%{R1DD5ppJaOL
zllJU;&ErI|K;*OGZG8Il%Q{IUL>n-$?)s-zPkU{1i;>Tp00nXTZR(iK+lG2F+eo8B
z2C_eFi~{?D&pYmfJTd;VV&mhwEV}%Dak#tO+`0ikYiVwwzO-8AR(eaUT;Hd{D8+o%
zAN29OfSK)u@#rmU$WZi_Pn+c;FBp0kLWeD_ky$xFsMF6enD6O(=Rl&+s2qETzeqfU
z!yAD6F{WsIb)_hw(Q8X3QL7@J{Ms+HCx54s%I7(BndusO8#28Ev9HUI-B7`dR%RA)
zTCA3fW0MfV#3{&9!JMv2Q-JE6%b-!6Hsuqu`Ibz#H@7C8AzI0pPcQ&kz}s1l%3dZ^
z%p}1Lq0txSAW`h^uvF6Q>&W_<6L_!ExN~Ax0*<3XJwsn+t2za2nZXuXcfucFh9pOg
zeW*>#Lg!IZlUl1M9KutV=F*M~E9j;uV2d}IhoE#Dedk}qw<&PhZZ?PEc`D5ULFTuG
ztQzsiz#J`sV~M}FDRt(reo4e<R80uMQ@qXUF@kK;gJ>p|UWwsz8iJF*u42e=i?Y{!
z5LuK`h<F)|rZk00+|CK##7Z@E#lpHIi~1L1!^ESLiAtoEq0J_W={ouhtD2<Sbn|qh
zjmKk&*mbYh*<(a6_Ep@E7u18wWp9p(QfxPk*+Q2qdA#gOiRzz)IMHvGCQoza&Nr$1
z{?1}p_*3@=FfGq2;z|Ns+6une!mo5+33SLEwr<`68_B8rw{xKrpbq)r9q{`_>tA&D
z%8|JpcnFxn<eL2qL^wW)T<-Saur(t?+Vd*f^>^J8vyU3iu;Y%2lB(7pax!~=1<K1k
zUAVuBTrWCr0>PuU-lEzMX*SQ2tZGii+N4c->@uCE{OgMR&=cYvRzvRTL2gi6d>nux
z(n6?Y<zF-Pb6RAM^@q8@nSb)d*3^nmE$|N28|*m%?#4ifi!pL+Iq47Rk-&myMeK+>
zi4P*LPW-h4jHXs$TJIC9EKJ8vm72~0cH_3wrJCz$U9JL|;}_00shyX+)yH3SHlI^|
zk@LQ+Hk?g{DWfd0KM}TrSsX7<`GpOS{xVLHHGqEJXBw?iz<ZOXljk&JLvTfQ^Zu^k
zpNqFrsOTe3)+1VGDQ88AWOoNf+&oPYR(xa6rx+&nrn=aJ5VJ2#ou}?qP7l@TMi=f^
z!f$!cbO?r6FiJeS@A=Qm%M-D;-hk|P#ambnZJd7$7KkBx%1Z4OLFcsc?#gN&Mby^l
zQji>)%tUKiz-QzFK&Yh}UOG%|5Dld0cQwt!G(LumV*MedpR&BVb(d@(5R1V9HV8fx
zsvYtZ&xNw~r(InQP_iG!*<N0BJmdS9oa9N&AC=r?Vw<)z6WkL%yKSGZALdB{IkK$B
z_k%(aGMTDzK0nXK5$iQ@&fbYR6WA#6D-=-a_yNh)ezNnJ)jF!eY>L*(0L{dqA~H=$
z+q+BnI^LxjDF~fs8k?~9Fic*@k5N?};eWjpx~=fq%={WSAh<^L0$O!@9j6DWy_K5D
z%q&zt6%*sxz;^6>CvJ-dc|TUHtGPKsQRuqv4sJ~s#324M;W^wv1hkl~rs+gR_C%@`
zcHGcT#K7IxrE^VXR>hsqy+QKC|EZ$F<(ooexVyiV{!qex5s)Ge6^D?g;aI^l<DvFQ
z2m_VBB~rmqwgvR-03TYC@s}Tb%b3KO$_XR%$Idjj%6gQ!g@5Vi*XL@-ZE&IG@2>sb
zFpJxm#=accoN>)GV#T>igxh3oJ`L?v5I<WJk7s38rC3ZgQ&22kv<@s_|MnftI&jg~
z?jGE=Q+soE#msI<Cvfedrf}<O??j8WLVL~hRAA-1v7b+#z>1_N#RE!_O~yOx+@_}-
zLA9_-H>OV^{YEg4G-&HsG-UCd+u@d-^U71Pt)T`;|8tMAsvu=Klji((p2KNByh~yb
zxBjeZf?!Ju7lO1}T1zXpbY-;dL^V8qa|?vDtz3jacDBLs>-W1Sw$LHTlHA{LR=K<C
zjw`2Tt4rVQLmpzQ`v-?>Qsk>wr|1jqavveWe=VS=FX2n~A_8NsWX?ez4B|8x3{0he
zsemd#S2F$mKE}evizb7V?+<J~41yes)U?O}&$jgmk``bi>S%Yo$%d2R+*IQ$TviS>
zidQ83l8d`sq4a(3f&Vou@3}7RvDu7A?o#IC?U8Nmtc93B5i1;<428aKC%TvQ%C~BN
zy#D@#{(Sjy>nY2<7ZC>a%S}EZbTF9I%d^oMvD;*@&E=W)Ed5yn{My9bF>?bwKgk5C
z6JOf+<kK?<#h(PvT|!*yM3v1SG^B1sPlR)2OpmV?dtLx%Q}#5kAOUre!w*b}S%XQe
zpHMqP4ieG<R7bX8Ht{f@MX@iEL6b-?YN4@hJurI<;3aSqa$z3AGLw;A6b%A+du{JK
zM&$PCXHDi5ewH;tw7p0<vKLD?97XpyZsMsw4K=BTIF1kJ^rkoLcfWSdHUms!p!hja
zTG1VejF!dU`cJ!lHi5%}{^MZLX4JsswbiHZFiV<mw4cq4mbH$0F0|*}JZ`O|({}vK
zDjJ#iT%Ybffl{sQ9xxJbFPS_k!>1WK;slL~7^07*_Gi@tQNHcBX^R${SBg#~2tCw}
z5|324*GQa)^bNk!i>qhMOWd_UP{TL(7@@OLOYFWZ7EEt%q%}YQv#K4sNl2s2c4iUf
z*1?ixj#10tt2<3?k~6ywGpZoAd7!jrVhvvGu3>;}X*$&HusZjn%aK7@l-+0flt_fF
z6mn3V%n;Vw1xerbxT*tJTT&;hO=%7hI^`EkxwQEjaNc^vHTlRfl;4{p!OZm8yx?FW
z>4hIx<wOm)xi`zl$Ywm8_3F!uq&=<>+1(MGe4-y^aL2nTV50tv+i;ca>YFLO&N44+
z{xz*!7t5WwCD()`S~xFnRfELN=tnS?WH({|6hG*BU*YGR4zS6%u60@Gxo5lDXt2>!
zxxaTs$odrgn%whx61VyjKTX$ZFAz@CYL+y8csHq$(9lTTVt+b6jj20WNyjY>PrXjT
z*vU<mkK^k_Dr4Uo+Hc&u=o(y)CKoq*(c`VqN>ffcZ!>I1K+<cWk{U?fNU40M&;^;N
z(qcT@6E9H6E*ylE8fmYTqiW&@%)9fD#**taIKh4H5#GA>n35d99-F65WS?WSP6QNc
zV_#D7UB2780D(Rev08xVuN|GavK9%Hm}3?bcN!D!n~vW%bxV1|<@2%sZg$lKeqWT2
zeShoEN3h{G4Dul+_(iGCRcs|hQ9e7R{bE^NXfiEBc07Uo1=seTE7oj#K|{drk@qyy
zAa>KZm_okq!KC?Hlu9<5SxL~O1<V?#Rt{B<p|2!cN`V#`kgyi74~YYEf$&8?lX7-P
znj~GKa-vH2EK1l~V&K5wJWJw=#88W15-s)l3n|x`ycMGp`*G_=d%~PKYs{-z&|}t%
znKgEEn{%?twlT(M@NG}n#XEnmC50s?rF?{dsoqTK<RNvB_3{jn&{cGH0PWUSgA#VP
zF3=cQ%Oo_GIv*sGny?+X;PpiLpv3w&ThP3?o}BKfA{C69jJP5(npGd#?SjA7hcHoS
z6;D$DRSi>$NCm~29JGm~zV9I)GXrIw5rZmtYfFwml?>=POr`AM*5n3=`*IA#*fhF0
zBtA-pluQV~ofvScm<4(19cVqe5cT(8X+l+A=<G9Ql-=;FZL}TiHD{Kt_wpZAw!(a8
z?fSQ-b((&9vh{Zp=S7iuY1M9r<+~?#82)j}bS5O*VHcj;eZN83ZoZp+inA=<*ld^U
zCdWW2!~Q%Ylif9rG~-kbOH7lva2y<_K92RP%;e~1%a3t@v~GD`wcf5)2I10{67A?F
z_<IOexWemWiX=)e@*lTNW!pE0zyT*JaceCBJMp%hpt@OuO>Uk%1NokYe0T-eh;YpU
zm?IlbUigJ9i9Z!Ke0d{`AAb?^k{_*zBXLyMs+m$BIpcrlE}vhxduhyILor}^<_XaC
z+G5%UDfTa!$6Gr<BHXazx}B~>5vN};78F%?+L`Qg#FlnV)}Fl5W!g&WDzcF|$QWMr
zHO}w5n`&N5H8b|_+N}wr?zB!q1hjg5QCsx%9pX^YeN>-Ii{gLGk&8dTD3p^z#qkG<
zj_RQaciOj$A82>zF&We&qXtX~(Z8bP6FbYiR%6Pb^Q1c3a6P{{F6&fAdvNPiGtevh
zJZeC-IExRF1Or=I+rSOD<u$8;_0C)Y#55;EkMo;RlGBw!H|nedLH6ltAHQ~=UQ>uC
zrIHY`0U=c)^5Mp0tm{S?Z@kAHC9w9|m>jdmDY0GTRC?ltf5g}=I^fVRu(_xf#3&f%
zmU(|(Gh76r$;pOzHM9PCB^*A7+~}e}OGWmW^Y;m*go+u_+K-Hl9z<CsDz)+dtl7uL
zw$UVOP4U&34)P0)u~~T2$k9s*jWxc241FQ4o3NxIGJAW@69=QF_$JM|oK)VsQbF5`
z7hAY#r-NALw^P0@3Y$Ny#J+lN`q{jF-fY*2t$IaOrCkNQ5BEa48q4pa@g=$qPX$4b
z+<2N+ZzUD4Djwg9+&3+?k-6rYTY0J`8o<9_mo@hSBCnJc&$J$QOZmj2xUv<p`7$#V
zR9zN9rY&4PZimXf0ehBArcN|AOjcUEI{U06b-iRmgxG)X`JLbJA|Sxq()G>peqzOO
ze!ookFlu1=iZtO^P^Fw3K82a0MKV(?44~XXW?St)+t!S#y#IOk=XJa-JFW>1*fvOx
zJ_%2jX@nagV&?<@DXo{vX4xd-kpFgh+J%s;+}g@IaZ)==dr3QWOl<unaJ#0=^6#m@
zi0w_h<Pwkc7}I)&u5_Bra=CK*gqbrG>a=M2M%o!e%rtMas=ASR$7}mkOlB0wSo18D
z1&Jm2LgBTeY~|nKRFUrxV#JwW#rI@M*+`Tjh$^q4*~X4pAVAa-AR#<yk{eNHQ{Y+B
z8}~sU!t1!@cEVI7PLpg`oPToDdR&$s#6oD(Z<LVC8nSh!fKRisTk`lXj@ENgn$H==
zcY;2Ant$KUrn_h2E^}0&-$;j(=0yv_L#$m|L5kL4mPg$Rqj1PP5(1K#z_xN-&q}g+
z0t2kxXgJgCt@vlnl%ezr>t_t=%&SELWF;d^n~5&IJ(kInL>{*3b!%vgRG5(s9GfOQ
zZ8njNbt=Y=_LR`P^=_J|NBWET<DraI@`OKqJDGG*^l`VeU%h8gj#oyoJ#`KEEslu9
zb$O#IrbFv0esj1>vXz-Uuc4?G!#T*p_l@P5EN}JKGH&h>TUP6Znb*wnM#JOG#b9T6
zu~zg_R{>Yob59RCXzcjUMBF;X@OHBd<NL0=swH|m+O|!OzOB0<Gdk|K3!U!fbB`+A
z?9JAGGJCP^x}lzRyB?|R7rq_o(6LEI4-vF{I%6H6SoG^NHZhYDMR5_8WMiaUmz}hu
z_{;I@WB-gU%>4rq?R(L&I>9wUw#H3cbeR%zc(>cTqqlTao>s%RIXvU-oNsaIqx?9b
z`APPydR#D(-AAL-B6g?t`$3n_nU)w3T?4i0@;00{GQHC7KY~?0CC`~MTH9npDcTQC
z<h%g;{{6E=0#X$I0n}vtVlhTgT_t<1{&&N0IW>fLKw5q23jXp_SXvxBolS;zW<mTU
zxiRL5RJN}T`6_dx0ESbTkdx0$g3@GIit2>PA*d??5p8tN#$#u`MJW<DvyqC7V;D9f
z8ssDl3ro_nkwl=T<Tl}1*<6mZxs+fV4^tJ<ArOdC`-LDGgyZfkJ8J!I)$fJ9O10YM
zO&!!B+Q(NmOMjWwKX7?Bi_05PlPmhqoBNSO^T~_brEH%a<Oek#&?vLtZdb3%F-6AZ
z-pj{!5SClQj#}(mjvkrXtlQp`i)ZJu3!HelY1#Sfa+}GMlnRcBNVrGKSw1rGNe|4e
zbDK&$%YSPjZ8km=JU(31{f*}b%>*T@J1QHS8yhhj>y`}{VY-V^KZ*%<d6IU!)w#L9
z$*c>kw-c9*|B<!Jd{x0~uaq0-`&{SATPmL5KWNrdr-!p8k4$JugH+2tKNW?`lCEsI
z<L3`*wx9(-NT~NlhpXw?))KLQQHN$Fr&<jvxcY*?$8rc94RRlfJQOd$E?nYwdM*&J
z6*r2WXT5obGb@*pLAYU-J3@JZcgCGfmoJyT&pwh)zZ8{vH?WpeY@@(VNllqOxR6?;
zZ!|mUH1C~Fyy;kEGi_(%AjBUpWHXofSQ>byZ$MGZwNsMxTubrqD8T8O=P(1qI5?Dn
zBWPVTFzoqaKNky0J)?T4)Q5_{(gWI3V?3;xrr@>Oa$GZa<hE@!??;b$TZ<y;_{AJ*
zdKR?G_-d`3RWGLL&eoC}&UHQ<D=Z)DOhJyPYF06{!q#TcF8=Ct<rbUvACB&=pN%T<
zX*++G7CDFTzBhA46ZICepWHc8@;*Mqa(zFo3Z0*%5xyRe$jJXB=sZN?_N<L%DUs?J
zFpi@z$;xE&M1YHDuSPsom>z|k%wNuBF|!?DLOi|07rnrmD|%_~J6Z>e#w%U7d;)Y8
z^K&m-huYi~--233ceeRxl?^v9o0nOlqyz5v>+~@vO|0-Hmkw|>o$`B?e2z1{^Yx|D
z#@M<}IAtBvhwe#I<p`AdVkMeE6Z#?Eby)c7CJa#};YQ=gtzN;dF(|)=ESt%DVb~Pd
z+t}r)U;4l9kKEjOj$S_8zBukd{9ft2T~2RNFi{?XNqJpY8F)w7W3$=6PO-^Yje2&T
z*ez)YxS5Qi*czUMZQbXBs>)47Ig5&u*{09h9K)EJoy;d640w~vO$48c>A2>2wD<X^
zQgdtP9>Ol_-$wc>9MxTD8(fwzrbx6FUySsRTQExc3MzIPQy5T6J89g{^eNuou&oHu
z^6kSP`eI^xHqG!N`{Z5-3O0?*Ts;{}cEOagCND9u*O-u?0!;uz=k&-oA1#9cXzk;r
z=`I8jYPB(H8`*+hI4*JBc8g)jI>PD95=C^C2$L@l;qBMn5V^D{2hrM3JF(IyoXhcS
zA|4vJdq*=;7qttVJT{;(1@Cw4*W%3J(8#xQ8L%~1dJCH@<!)~7ZHDrUi@N%<?jXms
z<A-^Lvow8rlPUK%z`5Tj$&T*NvE#Hna~vMaTXIz%sZ8xLJw#(+UDa#e-q1}icYoy^
zA!$ndHtQwo03MV~_swgV2P-~+4hEBEHRroVD6%r5d@rA925c>xVEM$+wtT}PPG<;a
zJ>OvN%%{D9dGAw7yNX#}#1(b;_;}!}v1p)Nbi1RnVTwU#g)i2{M+3~$h!DYVO;`9(
zI|Y*gJ&mH50$3Hi$K9|)h?R6<fN9?qRjGvO=+2+`oU*xr0yG6$RipVTO!Bmcq|<!I
zEIRqo!q%yY0>?~s*U!uSqqNFwY)3l;B71LWJLeBlJ>0pRB&XV3nyDrJMLI9`k|ZDx
z>P-1*dXl2~l*xpJXVO{uXr#s&S)rj*b_F+sMLR9|C583(kma>Y%UP5E12sU(zi@)%
zIC`IIRZgV!cwAHVqv;{3dKhwn<M@Z`L9(`SDf;mws!s@ws_0#^Cb|+?l&#j<69iVa
z))>{mu*COEO+}m6BJ=pBZOpLNmm1?8Z78HxC)IT<wJWCSIU=noJ*c9Y%06xo9;@?s
zM$apiA<OtyUBX&xpQJCvv$d<04Od0LQd7osxDjjC7&{_V7juH1+u5j`*{+L6XL$k`
z;6^@7m&}NMfj#4N2P{ZRXr>0?jE_<lMGq3AF^80jim@`WODW$dtY%0Il#-N*#*!>b
z0=mfQq9+865@ENqU@OfI|0VjPsk>2{Ugd>cOm-fQT~{XNVkty-)PiUY4YbG%Es$Y=
zE^3fYbV-!%q{LU0u_~z;i=-9e&br)Dda(}lT8tj+l&6w)Ng0Nr&~~}9u%$?Dc#9>5
z3jz-{mdJQ4*^FigI^l<kSZpZa(l{~9W*#Nsp{T4DM~PflHj@@(fbvlWFw09vNpv>Q
zi_C5kW&AEG_ekmEZp1>7iwPQpT+ps;Dw=g=S>>?n(ROwtK)zCG$e`VH#uC{Ez}GW0
zE7ZnbnG~ClOo#^1F{1A%$uJS}Sf*q<QL+#>Wx_G*kWolr;i(H+;%68iwW|n!<F!D@
zY-|;=ARy6Zi8jdCO^AnJlM#t}3pN-;gsm76B8WN(5fKhoVkB0ZLDUmTKvoCQrQj_g
zvyUfUB1jTOqQDcQ!b^I$D1>W*q9~aNCVFI&NXROfdA&gqEJSb83&dpA8IWw#A-$l}
z5uZV+m1;!+84YG^5wY0-H41``NC5-ykp-Sdgtw5EHc=F8xIrgaL<u@1Vcu%d*~EkA
zNdk|FK`)|a1rsx}AtFi8I!t7<IS4Jcn|R)&!)}BKA~ghIUc_E2#Y(UaauI{Yfkm56
z?-B(OW3$OYgj$`!Bnwub6jrccl(66xAfZENskaLRV_uI%gdA9K3B(NJgpppvMw22T
zdTrhynH72=Z{jg+JPad}nnkN5V8KIb1Oh!14A`iXbcp`5N(KY6$h=dOcm%_(mjpr3
zn<P=FClV&S3(JJq%?2AW>4}W3F8TP0`-np9B9inrf(^V;l;~7p<g^MVy-^e}EGB_i
z^%mZYVeYVkc_Jybn77%`8A?9tcae+?CM4-ZQKw)R0<dr)n;Ad~!_ezJL@-iIu7bgU
z5rT2WNDz6%+eBWk!-Ad{^$HO!f+U-DHeTlxF;B-xa9L{vo!)HL3&>(6qMJ^v)x=u`
z4~(UODk#{Y0zHh78{n=6S#=g<vci~2dI<szJc4=U9lTJ(>j~nqq=Ny4;kJ6A33_Ca
z1e=~GqG%F{1x9ko-4a4J=z<aXWFF?s0@H{BF&>$w5)#)TY}AWFNECf~*vx1i>}aat
z1t(9SHpyvoVX@X>(1k_GEE+HjIuCtq;1wM*+l@rDi@c!oU{YrdB0a#3Wao7rqQ?Nm
z00Dq2*vuwqfkLc0LNKpuvKfN14O<DKHb4OyiC#3Cku22O2~PlgiC{6r!6h3donEga
zc14c_9k1B*P?M3^u*sm)Ns@?RR0SO}^4JVLfR%=@K@^5>4Sy2q0c62MTdRX<rjSOU
z0$5g96ab2AL|C~-tS7t;IztQzbG=++b@5WIj%gS;N1Wo#jBavLZNf5^uP<q}QW;P`
zfH@O8;A|ZGmV-kQoNn!N4jO8OKU-W$^*lF6qxe|tLHxSA^{u-!g_@4tQ*1W%*WVQG
zzd>)6OLq;whvbpVsU|2sw&6i^AU137XEerA&~I!o9vj+1*3NTq)!($#bRlZtbe#dz
zOE4Wo<=<Jpg*x8Pa}@Pg^E@{UE-I0SKaw>?X67FLhI3`s7d0XAhsivY{(f&HFB}j!
zChO^vDyHJ7(k}bfQbM>vu2&UiA#Q|IRE2&-N#L6JUpCgMO3}-V!*Pli{Q<pG*BBeM
zCCO%v$}YCD?|oE_LC{&Y+Z1vJnH~S}SCp7q;OF?#w@K(#HvPExzzCH60k^&v4QOmU
zG|;<V;PORI4QMQtLE5!J7y_!ik?&ov8P#52ExS37+BTuA0_W(Lb@c26Dl?xlRIx@X
ze*{RgJ7tBSm^L0XBa0P?`Utw{Ug&iBgFE-CkEoB_O9!a*F`awSMG&BPO{O@#qhe{$
zMUaVoiK^g@GAml-cN6FH$HwKNMzm-ynu68MQqZ~uMUzeBn4NH$o5oG&W^&89wTx3v
z2^5>gO~_Ki)DwRNy2PO?e+`<MUtlsnOb8e9;!+B{^odLNF57ye*tc`WtX_d1``Kti
z?~=WD>|N4pD1A11ShH<MR+c18NpS13y_Y_*ROp>GV`rauqb5Lz^TG{F7o!WCn%$AQ
zJByY{J~1sMn0%gEU;5H?@v+5AZxFWMSr>6PH=)feQo|>0Bln71g?G6iH;cQhWN`#Y
zVL#8vHXy}DjiY2x*?3AhEL#?_A?^&PX|rqlOsu3wUsAxLd=@uz3D5Xm^~Ia~Bw$pe
z_PDjiYpN$f--+7BxbKj!IMa8+7mw8)^7&q^Z5*G9>^}F<@}1W&Ke2rE>Xo~8u6T9D
zI6un8q4WT$H+gHU@pefug1ag1`%$g;pb!5E9KPCvz8EB`tsk4H_{O`-4=z9VN6UBK
zuyXZkD0!^6WG6Du>|=8pTyWIL2{lVdKPaVLb4q?B<==ShbOE-@ySHI9<>aFX&6qo|
z`EcVcPow-}Z@?b9=hqpZ^(30|%-!9GH~01Ue+=}-Qdo1XOh-LPt)?@m%WBf`C5e@0
zdJF_nEG>s*r|^&VIh#-CH_vHD|HzfiQ$@Ww^=<WC{2%JOj{NHLcJDrq)S!Dxf?Ze7
zR+pnM)JM=g>eUg}m67*H@)BV@=*8SRZZo%&+shpowV5v<#$#lA97E16rKQer_9PQ-
zWpa)U>>DiXx|d<wRM56G>6F2kVWzAZIgw0|Zf14|%A!7Mu>=ZXR?v|IxnjsEF=P1P
z&eB?m#ymrpqtiYj`159)Y$-0jQpW>MykYsC`|en|#wcxAw&&pT*?RM?U1t64<p=jH
z+aL*z&FAjBZ_n}#5~S2!iN9=-ZRWgRAimS<S`tgwUA!=+y;_zgT4D<?UZ=f~Wguud
z$4e{%;7LCpz(cTO4(b8tv+!OrkT3r8OW26DL(;2W;|ParIY9Yt>*dk3wncZPS1ev}
zL;v0B74>HQf(3eW{fhM6{WC6)owFi!_oB9Gi0?(W>7<-36n5-y+LN3SrjO!`<esK5
zd*HziW7wf<^%5JPMd&{RIG0nGUOk}0Ja6N@Y9WV?>?gc-7o(jU^;`oN;ga;r3}fzM
zN+)Dl<HIRuk`fB)QBa|WNa+)osZ7Nq4wi3)ibM2^3W$DEf$HYZ?#!z{L(N6@{0{0=
znRY+s;^Y^aldq`dqd@7~4UieiP`@7knff#QIrV4ir%@->%b{O=KwNxa_@8`U^Rc@u
zeq@huqi`d$r0ghLrqHZkl!V+%nh%IEn^IMN=eYF3jgM}>{o>(&T>biEk6w$<H+0#|
zhT;?FT(bFKKhgCp%dO}sKJRU)i`Jlr4Ba-9LA|8snq{lI@SKYu-2UjrM0f3{9{bJJ
z#U~6VTbBV}u;}pS%le1^(X%4AtOw8WMC$^z>Ln1@Z9orotzLEw6t-cEj2zW-o}+yu
zgUQ9Q@2`yN#>>ev%WJ$I=Xkv}H^tKE2X#1-&pQn29}R6*?N%-i!%bkg)qIt9ZNBnt
zPd5A>Uz~m1CvTZ%Ks5$OSvmeRr&(LTT-6PaGR$HH_SH}IPriY(+p?>^y5<MQUOj7f
zbnI?Rvl;xctz(b1l{cBY$^!NuCUUYfz93Os2HG84jLTAtrmO{KFW(%FtDT!9{7lQt
z?Cwze6W*=9Z9A2pAh6o~D$9oM)r|BGR*Vso-;EDJf3LDsOo!D<*S+u$&JQcTA9n4_
zxf@|SV5=ajtqv*HjkD<nF~mLu1?Q3C3^Jyxc4rdnW*5YinVU?XY0NvAPNpcfDN3<y
zQa<Y-+;qj#&Arp7O|NUd%&VIgR%|nEo6({RlATyREVlOcw$|0OgwFL`(6Qj+*~{jj
z-NK)>aj;vofl|M;1z}y&ygN1vZ&$}ukJgGM>v~sDt@Gt{?S@&6c7)SMR$psch;xsH
z?a39X<|*!)+Kw5?>C5LOmbYYUI@ND#V`i}{<hqM4YJ4JYk|X`Q)yvhJDiPzxl~m~v
zrMZo4FC8N!7||3=GMZsk?IR3SA%z`mmCFGVELof_-^gi7Arx;;XEjM6cgbEFm97$*
zvhN2>8W4Tk=Wg5k3B)J1_g-Z%S_IPyOCr5`*EO?e_4fX3&ZdsY+vs7b(cKoAzhuFZ
z8?IS;V7gUD>BdW}eyb3g+T1;3L9TDn)Yhd9I6wOBx?E`Lg=?S9?^aCV=#m>c?X^Ht
zKG42)M#t&}vu1TWT6~@nE|$J(V|H4orOobi$89E^#e8|2KN^{W8x}@&(<5Q0tJd4u
zHG9Q^x+=ctMfBE5iMDFSWLcjQS;_4bwE=NC-AYw&wH~)<LuN$)T5ea?T^THz-le!k
zM=qv)_f3XD8gCo0Eutgl+RoIThLy{<`P=;ncjh`3GeQ<|YN%`Vd7D<XH@C@Q*(q6p
z=2jY-FSg(nuk`N(T7PP6foLT<i|Dj^qYL}CTygL-+jn$!xomQcu+nZB{S3Jf#CSF0
zB?2_QC8yWdSgte2#5dJH-MDy0u+?V|hJEcF3qEzuhC?f7%yNbhCMylZjH71BV?svJ
z>XqU~MZNvoSM;~c?3f-1wzT&3?^yB(TJ%Cq_|&cCxv_Jcp(4jI-Y)+=++&*6h3dY`
z<NWA<*gw9$@!!~_-}$ck#Cw%{Y>diH9{15xR=X*=%j6LRDsEP>3yAKnIMq=nu}l<t
z)&y0Bp~cl-=%o8_?a0F=n+^)oIc%m@GJx<!VJ0`-TCoKhanqfm2cb#c{81FyqW&5;
z*-xFaXY4Q8?Se?(r+%<ugWnH7bmMov)7c3>@|#jf@zIilJkRp}EJO1`)(p*Sf9XCJ
z>EECZvwWT3DXuStV1LQMcn{k5KPmoi<2>A=s#|tyPnnW<71b8mVd0}8O(=pr0Rhtp
zKR{%<2{o$3OiUz46{gi6qWq&~{kQdkCL)jeb&4fuiV;ebQc5;QVy2))(E;I(c)enN
zN$IH_jCy&XWHgz249FtnHy6LiynJDpv$`#Mf)JILpg)9&-r}}WyP&#^tF^WP3h@>+
zCHzqwW?{va0o{lwX;0O3n4up+b!fFqh|*UiHI$NmgDzdtA9WMaO>G{~+Z~bK#QpfH
zEi)ATRLAD7>tEco<F|KT_O;z>o0lx|>#zxna`OK&_a5+Z6nFpd&g|~(^|E{Yr0YfX
zWa)Hw>N-nuk*h5CCJR?tHdt<$W^>r4*mMJ?V?iKP2SVqG^W>61LP94HLIR0+LU;(F
zC3y&7=~nN|>@^kJ<ayu!|MPxq-Ol!z*(tyImGAeB2XB7x(3a*|T6w?{t7%zcTW4Ti
z6|)GO3y7Z9y?TcChoSmIUmo4@;=YF7y_dE3-Q`xhxhXP>v3bSK@7{ahq0g5#`*tsP
z)wJzc+*vL5Oy9B+T=dsBBr8z9Y;y|a{%q-ZiCimFI5PO2ws5{NF}UgS#TG?{X>-$4
zf0=&a)BSx<?Ojnmf3C*FC|Q}I=C%88y8rV2CR{jkw7Pk*b*<I#Oktev1<SmThU!4*
zzZTtjerJ8}g_pK%yu-~ZwG{@7(6a34+xJ}Zz^6-_yt|jWs;6#WII~(@yZ*LZFfUtx
z)fS)@lChA=#Jpk;O}xP5XtEC^tpn;o9&g64A1iDul9#{afs5*amIR*=h(vu+Bodh-
zrpS1KmTum?pmhGsikbxr%Z(~nru1uU3dO9p#%Px>(G*?a>t7~*z4(?*m-LuTnvzGm
ztLg(y^X3Md&hKw4X=o^MRaCetYrwh5WCHyM$uW+dEps}BU`Iu`!>5D5#TDzEW*0Ox
z&0oB=wt2~lfmaiWgG*OmNEh2GYSfY9Ws&k}6;8FQxo>Lqg4*)Riqc@XGu$*kA|~*&
z2jMtjo1xsOzUHBEXbM_)^df1H!T=d~US&v>B34ku0uqjq<kdll?>L{tsTQh{CT2)T
zrg60iQng_|0MdY*5JXH^l=MX-(FpugV&#g&l$qiu#}59bKCpb&0bp>uOkwklFU@S7
z`<nr9&*1~J=2TCcUVS9kWsiDW`x9jgY*ohc=H;=5Ei2<%UC3CkZ>RO{Xy3MlvFY3Q
z(p%nsd-GdwZH6EEr?qz_=dD<H!On%fO*0l84tMiqiBf+x^V1u<Z;Q1hmbG5BV&={n
zjfobIqkdz<WqZ3rp2iK~O`E!FM{c&)_O#fh_^T{o^%MxT{<_tT)3-Dh(_6Rx;SXEi
z&FEP%7KEBAqAJL0nb4zhmKY9b@*{B=H8Iq}P>TWvX_UhuLMBh`gjo+q=_hyGIJZoL
zb+2V}_Z{6gw@li=vi_sPNjx?&$)leH?cWlu42OY>lf58ys4HL;hd#RMx{Kz`yXZP;
zBbGr5-yo7-I+5ok3T7}37_<hYG}(w8f}4P{!BB#jz^I@JfsiuMD@a-ZDWNutCxMpM
z6rGUnmH5P^Km!bPGD5HoQW)DH1&BY1AO!_T_a>+$#7G319D8pDLIG<(@-Jc%h0hVP
zoXts?U<&dq0Tx;SOprWF@4}%z*~|ws?;RV*Q%q425Ah)lV9v>j@(1b<>7>A(ole4D
ziJm(r6EMl)L5<*MdWVw&^GYG#36^0~jD&IL7+<UWxOy5}$H8&c_WOdGn4}KLd(i97
z`0d6#D044OW%782Z%2=RZ#F)XqU;#;BtO`hEsVtp8zJ!z2*fZ%8O3Rta!3Lj{Go7m
z0_P~nm{3s<`Y*4aac%^F$hkA>9|AM$%hz^_SFBP_EpLulkO&iNE}yDgDL&+FIcMQq
zHZ^q(-7xYIi2|@!2miIMtg5=Ys_eo)hQN~f*G0tP1Xoq;=Xrl|6_@zTT6RP0yuKdt
z%^yQ!{#FuWSf0VrFiS4Y*z1y5J%Z8*W$^I&D&R5sNH`~0Ej|s_fK7{F_xerWU(Z}C
zKC@s+>td5id<HFzKqoYo&DhlX@ay!oBOdxspr&)}+Rj;Loi*})`bEfZ-ZL%YjHKTI
z*McvnOu5cIrOx%|u{i#<L~g(%sXr9NFar^+nZy%IX2cw43c)~vj9Erq@T&OX9gm2=
zKAQvbLrR^V>wIfZ-;WP3SaA5qeQTebeyG5Dv40B?Zny&!y-F8}FNz<&dcpMvl{Wcd
z1yru-Lzlmf?wZkdxWKw`$%btgyo&NzGHR0jjr|?Qw(^Vt$HjrLP8kj?W;4fH7!r2P
zS~5*2EW-!|Y(~GPWk_fX8^Rd7S<KnL1-1}w-<yKvqtrfai58j|JtL=!Xot$q+chOc
zVqcL$VOBY5XHcm(C=D_r)M~-1$u0%AOmgWyK$T-n-j+Z#ur&|>*m_tF(7UwIC_@+N
zl|gia%B)ZjZK4J}O65Qgm7|B7AbJgY*ThRvt|qy3-zZg%$`Z<Bg-Cwam?0Khe`e=n
zxN`!p5DNnwEl+%6Fki8M+!a}`L7?X(+n6ECE)SA~X&I=b&DR@bj+!vHp{Yl2?7Ho+
zQC|Vqk~8U-$OdMvyYgzmck(iya5YBF0$ahHFRuaQ%xsvUU_J)+*(<dUySSg7+cfuZ
zN!Q$_9a`y%m&j(fbX`gu{$p|R`#|<Ie#kXnice<81&Qa%jORZJ3A0FQ!qE3zOhUc)
z$Miua5Bh}#h_R?&1dMu)*eBlk#<lyGI;`PaE-bH~*8DP9_r@DwK>-#RtFul31N#!(
z0X_zIFv%-FJv8vrteW1H3tG1ZW%4UO1^lPK%maj(43pr4{Q!g>&ftSdm<&cVwyiHL
zMXn6BLHrd?gVq2}kJEreWO}*ys`#%v`+Lvwd5bEd^Jd=)ly}~lz6;|soHzrD1KaSO
z&>OB{l6{YF?7pS0Zjn)NDYbo%zx?>ehdw<6q{HwxXGU|l@VqxDFgh|y(U+q!%p=*V
zB_mB-U?l@iCTIYS5_A9u-0bF6=?^u<jM89WUJ&~kIj`Z_Uoloam?_xVhrv~HMxcLf
zv<_crgKUwWF4+K7IxAhT<!uJJQmkGJ^LWom5@j_Od(dNwj3;28^cXR2`^J)Vlmn9|
zgI35<btO_*W3NaNt@WgPb84ZqPl6vydLc##EU7CDiA<%kS5LB6J13RB7avW{sZG`8
zWs?+I@z1B0XXK)6U;swwF~n*lO)Oqo%ChD%>~ROi?UKn%!a#^oc-FvXGhhmOIr2C<
zdCTj!1Z#uy*3a{_&>lgfQdci)=s2&OGchUyuVPGG`JOBGkX_zDcF*f*SXQl8X#`M7
zje^Dhc@@wM-RA*ms;r_6yGK8tKGAo}Eqz#oshKyg26m`|8bKKj&uUWoWd?)HuWXuC
zm=1@Pf`*090K*ksH~jf9gm12ea4i-}nVjuOPFaxz6-Uc9k7RH1Oi(C!a`EELW64*D
zg@Z<tEw)XFNz4M7CK_LuLS>*px%f7u@&>885(cGAIy@I7vAF{b0(TCRHhng_esP+7
z^Fhg!fz3}E9hwh%b8;o&meW%u)GD&3Bq8jQeH904W}-ig5*v3UCJ{Cpu@_(tg9ERg
zNe~(Na@jxZa~~y32MC7*yRfwu=c{Jj?7?Z<E<b$vwrL&8Qe{%}p(cs89m!3VjZI9I
z%~q*t4I8_9x{TpgO{L9N#WXcmZd!i*GynO_^~-6ZoetNar@80U&b(-TW##;fW^S0T
zs!-i}{q?t^&HN3wZ?B%Sv!*B(a5w_B#TIM0rlPjCq9$y$6xZTov7(xtbE>!BzV6}e
zQ>Si!n2i4t#;u*i>JU|a-hL+WRT7sHeF6SuFdq~z!KP_W4hkBzTKuU(0TP6gvKNys
z5;V(`g9J^uS3;`<y{HuEzY<-CnH>`tiBf=`EGQ*WzvrMQvsi@a8`%hocZQrpvXW)(
zeVB-lJ&o<1rFiWSdGHV>z3j!Lmur+TYmvX|Tx^lQ1JI2#*7P4O-G4vq)$*X1*un-0
z)8-&5)*AI&#7@8ey|`2J7O42abuCBx=d`%qn3%^9aqgC|Fmk@ikqr98Df5V5gKFV!
zWkF_7lgB|VE(y9`t=94)sbkP9h@YJzlT;xOJ4Y>}dh=E<Hs{Ym$5AgOiW3O{0Y`zl
z<ER1P-kU{D3z6Yy%ziLbi~UrcOwRd5GKVuk$+bllXz1%OH%uQG9GFpWI|!y9wDli#
z*LBso=k(1X+i8seFiLqxUqe78rZTQBzb9t?z2_f3e16BiqdQmXYCB#su5a!d80czV
zZ+xl6)z{~0NgVB8UR;JdcUkdrjLnhX>)7K}PIc9m3A&X#kM5&?mvMT@#kWg!F*h&i
z#nJM|U}W5WOpKDDG9{)l(j(BfbjPH41)?{Tz8(%&Hc4lQBvF$K?U+$7!BpS-UeGR6
z8k&4KG{ECJ0purK9-Q_y8I&@6@V$HSq52u9c4)~lBhj+fB<?=;!3W0<8h>{kf$wno
zkrc;^=MW9&5gzUMoe=YoUH3cVL2~d))7lnPH5pD($@Yv_vjNF}jLpNaqqS2c=Ps7P
zYL8^S#>7E_9?1-jP)W&63{nSICD1`8iNWa(uA)(T7|C0bci7NKYSlrOI*95tA4?Y*
z7fJWsqvz<vcMO>OP62X~4KI<A?Y-nnlfnXz)aX%zEg#40DoYM@B@$iVe#ucs`-iFi
zqg>*HV~K;SFsde2!W^Tg3=W9NbPBznQJ^;E#`Oh<Fbh~7bG?#klcWJI7l|u1Dbi%j
z63)xmG@HB9SIF-=qn;29)Xyk{a=?*36giHDi4zC0J0hD(CsDT;`3iReT7^0alwfFk
ziNoUH`1H4gn**ZJn|2>OA=$>I7#{)61`^ipLc*M28t;g}89bPK6=Y_30~iBk6O6Ls
zET!Wur|b#r3zG3pNS5>#9R%ko)#5MJU>$J*p)j~{7T!k7!=Y@d@F=fk4i@#63@7nZ
zWW-aUL%gC`4eHe=d4|H`z)6bk%^KFUgLw<+D3wp+i1Qpy{zQA*qts8R*Qh^HUmyue
z2V9^MG*9Hmj*i=B$L$9u;ln=N`N03r?myG@<I9VY#|>GJ)Cssxn7=wFrsZ+LseF30
zAWfg*_~`$|>)|PmkIgg2X~ktDAY4=-%luHTr2m{)@PcFMe@=4npZ^Ch6#seJoSnP@
zgPRUX0$hR1G}b_#rq4V>{ek-G|9&s|-?Y-4?@B>?wSg?JfiF7NBdZxiOcQbRBc9v}
z=Ko0R{;sWW6t9HQIEd3yD<r21@{`OwFWWXj0*#WGZzu8pSsOh=iyFCsNxJcX?H*2&
zc15S8jP~~CoX@0mWxo3Wa)&q+L_$X*$Cr-n(@oU6u@-6q6`K|31oHWEEET>iRfQ?{
zHES|3SYwRXL1Mv<N%rg9G)&ZP;!7ZTmsb9B4zd(E@Dh^Ni93LV(VtCXPRvx+rcL^d
zUHFBNun$UBoQw(&t#BdtbG0&kob1!?3D3bv7{=zGtaTgvy$;$F=xM~KKbXbfknr(C
zR5j|0ol>Of8H@g%q(ZWKnxu$nNm@)2>4!-Trv~%Vq8l9qgOiu$^V15ESsW9BKaVXH
zG7aE-k_cW-M<WIw=L=!0V>A?vW9w}+9<iXK(MBlwLxYHgWh`bc3B(V?!J&lshiSO_
zdj}JV!Bnr?olK>YZg+1A?-OBY8VDpX!v$*xFyTi3&^k=3aD%}icgiidCarR`9Rh=H
z1zrgz+zmb&%Xx{6kB$trLSmi3Vy?*(jg$He#XWHk5|c2l_v|QxCWd74*arzW7;@7o
zcLK+xj8f6rVj`7FeQ*q5LvG4FGBk#p6*H{lX<5hlhDtCh1Z!~u3K8*j6sbHvF3d8t
z7FwZGlI;ppZDeg&ct8-brv&{U<NP<r<?Fj}#!i+mF(u_KCA~|^RbqV3B+}S~l)JGv
zz=p9IgGkPvOaGIJAStdCuV}|}?s5viOm-0NRMsf%N-?Zdf;Um3MyV9{fJ5N$q=%1_
z6gh%^q)YaQdz6zOmiXIHzJ8O<7nS$_$#eHIlO2Q$@yn&>9zt&*4+U?cd`)&3&Xw{?
z_6~tVnH-0elOM+UnoC{HM3{wR>T4_y1wYwACUT}yk2(C=gskHCgL5Z6OiB4Vj`Fp$
zu)fA|S@4q`MEN>paVI$pk5Bx#=n9;%Ne<(&2(>S`lYB><D+L%&>x>#w=ISx+hW>2w
z$|B<%Y8!B2?wQ}Y5uEC4lV{Ea8YV(7l%Dx-d_ZvaslEw*W+i&&&U`+<W98G8r>M@1
z9a@qbt0ZjJLNp`EmTz?CR^+uUAX+enU{&L{L`0A!h;2VT<aSGB>~43OKuO7Pz?+*U
zGQ|k-pPq}|^a2Z-HFylsHgyH_E_($&AUYD&kH@yLmIfavz`nzI#UfxvW{j{kwP*x1
zM!;as5wLA|P|z^s^}{Kw2pyE*tp@1<y?#)y2b6?VDk1ICy?F(<FtU&+t9#KbmGhZr
zBw5FTX7-$%6PUEt3RMOY7RL88HK3uT%F1K$Z6peWAxWb=f^$H>GRB#akupH^CKkzK
z|5R^>qzW3rc&Y^OIsuNNMv+uUkusv+6t03nFlA1yNJ-j<+Bs_^d?``|lD?mw>vp?G
z$OR1kEu4Q;C_faHVZ?0#l5sM}CVgX${PxI^3G}zjU;#Pqk0-;!$js>;!ZMUEPYY}W
zSwiI;-B}^6(Bv1;)IgV*>>9u(elnXS`j6I?40R3A$y1zw34C~<3#PDZ0GaxZ_9Nj}
zx_px3)TH^=!h&TElJ&?uT}X#?`U_}kLdFKVKoaNs6epNeIx#-SfaLfT$0>qmn;1<H
zeW8Lf5cD|Q{~9y#7?NXJO)jc38-Zbz)UWxNjLEN%JR6~QcC>cR?0(oR8P~5Q8zxOC
z3HoP`H1!<p={d-JnK8Xfz;F8xuEOk+s}BCWe>T2Q{BKEGmkjCYYw!bS&!+#5Z|zBc
zPdX`uZHPOhI}eWa8Bs~TrrB018;{(Q@&7DnjAM9mfsw|r6B!^??3%}xkM+MY86s{0
zjgA-7IyI-(>kKUGYgxPf*4x)&a$J!T@EQ_zc=)S(qG0g*;-5LMU12cl6h2u;e8b@G
z#W9x}$2F77@DE0k70<pbhi6NXepgK`!!v;vc*CHUu=y3FEfV^cHzfIxI%!OcMhiwx
z%lN!uCX}^|NqTdvRwv3|n6x!7YPR7Ycxx{C+~IReZ=3PRj9bdjJ)Bs3<g)Gux-UDj
zHZjy3y!?ir9$hsrdH>-n`aLaII3io`-EzY{Hy+%4@0N(;3eeZJsH0=i*q@8ed%&bp
znI1TA*@4-WT5aX*13>=TMRNz5d<vOR+OmG?g|B~htb5t6jq?}z+}-mw?pnHFaBRP_
z;IEJw_i(Q{?dU79GNGk-I*~U&V{+OFL`_4GoJ-`O7vaa_nVTfO%-t;J%M9TtGEggl
z{h=Brz`-CE@I=RF3@u#QJi}9AzKF%#VwQas9Zr?3w2QyzqfDY?l??>>;VWq>i}8pv
z4XBFi*!r;eZuyb+;Z!c)Xl0j*tuX80YG1iayveHfRk*+w^OJ-5qC5;5qtm|E(jeXx
zot7`ms=?~8n;PTKYov-OKUGWEjED&}NFZ69XiSQ?04Ep^en{!V(5;1fCqyGZUr2_2
zPT<$#uLE+c-Bu;HUH-u3Hu;nqtEiNGX=Y2lG_yB8{FylN*~1&r7BHVZ{Ly$q_gBup
z@y7Gf1JGl-)~)NZTlH1owSMVt()C4r+s6E3&~QDj-%egOGl4sl?ETo|0(X~xqik|(
z&6G^3s%&<v9G6v$|9fSN*sAo|V#(2CP*I`ce_J*ciEk*!R{pFXB5q>ey-3NRJx$h|
zFliTq|6WNXqab+d-^zSO&O;k%mTCWP8WLulf0tiR`Me>YOoGYq)X)iDo8q-eEiXld
zWRozFDNJS~zV%k>$a_apZ;5Y#inr+GTOc*z9-Q1nij(p1dP`g;zLiXZ3h)5HZ0Wk3
zUIdTDJ|vUjxf1)sZ=v>32Z-kNd(;!eijT^Kh67ZNctJW;kVe;_?}pN-6oFG;bH?MR
zO0$J&LoOY~`vPG>8*dZP_v+FAq<%<`{%7_WN<V@GM!Hv@&YdS4F!^qFD^i*L{1!cS
z0N?N}npS5=za<!>7-<v?kSo3{_)UK~;gC4VPG$q7P3FHiNUqc47~PR1{=+Y#@h_FZ
z8<li*W~z)@f~B>rZxCl7oFoK40gN*nW~_tR2tw>=%H$9>;>7JW8&!t}_vC|zx?9&j
z&~yBwuTI3zS{IKORn(t1e73Kc*t?2-sBN(+pOX9i&C8}2C8iHFY!ts*qvQ2@x68Nm
z>U%o}el`${TyVmyaJgLIZ?JEryE=Yx`oZnGfX$&b)7yOwhG8wSzx~6|fQ{O_(`<-m
znO#1u$62(jK_M3c@FSnmRNfqHi3<a2R?i!8d{nmVENa1JR1Gzq+JXC_j5Eaq@{7`;
zC>kmis5(rfP!<y^7dnZ`YBK-7sunu&)Jv~C@yJ{6(0~2gO-6yO)6@uIdxfvUY_SU)
zpV}fA%c{>i{@|fX&yB;6{IBW?T2uNB&-H@GUXY*r<85Nyv%4yXWD2@SX5|E#ieczK
zHbfP&69&lrc%}ULGVuBTt|GB+3CSfyf8du`Kga10%*OFCy0CLHg@Tf)<h3Kj5K7}w
zt8{WLidb0?orv3T<><BCLgw$}{q-3x)3NF`vr&O&bWFyE!3Hp__N3W_n<vw@Dd9Bn
zO2(pY(P$X3TS~yICoRCC$u&`o=j2!DW&>l<uqr8$?wh=DdEfY#DHFyW0;Vj44=xbK
z_9UQwMlGEIy5O<9-nffQ=nY7eB`80VxLsTt5_bxMOyez&7RlsB8Eu2*HznS_d+asf
z_7e|+UrfgcG#S|&JAzLWci>2XxeYh(-CL(N0J$Apci)Wpn&ENRi6@JGdYs6rqu-7m
zmtD>dQA(-=m7x;VJ#DbCbVvaNf^!=n{7RTzDTc|FkOVHUPQcs)fOton^H?KjX;Oo)
z#G96|W{bfhwu-H2V`i6#H@f*s@UIVy#YLtMz`rVa*nYBB*#z1~nq3cob!{Lj-X*F%
z0rjV!sskR(%jAx8n3kzjtncLF1fw`Tnq&_UA7d&H>hJMlP&^>vgRtkPlZFyjX?CPj
zW}lKbvXn;e;B_4Hy<y4+S)Umu92F%>nB)X)X%>$Z%jOV`CUt~CKmk0G1u$pk^JIJ}
zq=jyt>^hEGAJ*d$r<Y2&Fr7qy$C+f-R53C*#&SU~{1<933dPsNu!AoBJ^Je{ux`-3
z1s0C46$*6qzebMpRE7_PkuZxf6Xoo@9)%z0Gmd?aBtDvAKonq7WL9>ZGvTohiN$O*
za{yq!sqBCFEZN*rTLFhUE>AA3s70&M+KS93wmv>}PFcu6cCF+V=2^0tNq&24m)pb-
zE)JHLv`n+xme=BiJ32(y=F_6i?lRZ{Wli%l2eW)MSeK`z>{O7NO0A|gQ@fEQlKILR
z)uY*Hk(^?QlS{BbU}SSa3L%U@hDHVK{U67~E`ZA+3RwUbB;JUvnMeet;1QtU(Ja<b
z=3WY(8KsmOwMwA?6#jgJ60g%xLBuc%C7>Yjag*r_U~qIhZYU}eKj(cW(6uOi^B3Y5
z8PFlXqhsP@8C)SS&jhb2cue{q(xbu6qm;^;dm&JaQlu>avWXM~Ef10F2hYP`LSVkh
z$BUmkfCNDVgfC3!RZCzG5BLl$k@)$SCX}Tm=aL)5ADT8x6jfBgBkvpYGHLzVgF4Cx
z(QP(KzMW&N-*`mR79J(e?imPeGM|Dt@4*hNDJzm_tmFqYxk584LZxxEr!(!J*I2W<
zd1|?DriNE*?$xmJK`^E3p8egxn!UjaXU2LOn;d4#BAdY#5Gohm;Bz!ol_iR8EA;Zc
zN~Z=WTl#L!uD2oX(@xCWRfrHGQ37WtGZXH&^!OPrDd~ZO_Cz8}yNwb_i4#WxY|Fue
zfMmuvmQDqkjl{Sl1qegxEcD~bai5HPi9kzh>JS~w#JU$g-dO}fcsB%!Kmc231He6m
zPvRd&mL?a{1UL?lS`;g?TPQEqcLhv7jDq09&`O?YM4)|94*`aV#9E=p<f8>(@(_n&
zCi{g#5|a*z)rmyuOTIZ~mD99Bsk>bilP^4X2pF$~CUk_B+pYp&@3Sw%PtqdI)XrNm
zuePx?64shG+XD+XpL0d^>}7M}^vCz#KT@Vpn~c_z_X8i$Kky+FRHzl|vJW2+zY>23
z?|;=%#3%aOTf;4$V0B34SQRLqx@TQoPh&%Qlc!5+Z!Gp7qxYjSP5&-sVozNr`a72C
z)3nIYW6RXF^_(lFty@2fIYW`&ebrG3CYGpeb9+NasEf?0BWS&Kkd<)wr~vj`H)GWc
zX#qhpcVTU55_F|0@iEy~I+blC8Ei;X!B#y=(<n`&G{GNaqTbm>BUDAH7i}4|m2`aX
zk@2%H7tid&?vk9z%W0v6ik*we#$-a7Sb-|w4SAymj2(i7TO6vJ4df<tOqiU;gf)g3
zgG3@7LW_ds^GiD`I|Appfm!9fxG&ti$XDvyx?s_{&VVx<=vs4B5m0CVgwPeBkFMzo
zgwgSH7k6z%S1oEzd|U-s7Fc~1mFD{DuJZ1c;OPbU)J36NLM#$Bl+pS?M`dT}{N*dV
z%e$)U&6O2CD`X%9fT70Sn#oCh)H&{L8Ci@;60W=m>3<Yw$}zDMr}H3%dn3`dQ|?R}
z&jM~T3%JcpQhfJa0?(MyF#zga@m;JkAmEcIF-n~fzd3<@Zs|nweepT#LCK-=pcTw`
zUm7ALTuXu;v{9rEo;Yz3;$Q4hi)5Ld#K*NA&*tcXx$G!_<T=lwN-xOdgaU-PLM#Zg
zF#sfRc%a*W!!nr7;>{-x#$&x_ZGDd9cS3pgo+F}>zFVne-XvS`g7gh14sN^;&fl<U
zn^b@(bc#1851tTuBbkEO#}rl5Au7?GcKisuMNhybJU8bXEpan>CEo_rF9m~9%MwD(
z97a2n5EFZP{+4QAcWBqXs9s&9)<^g4I<&4`a&mzQm>j;gb=I@=V`*y1g9k3^?zD3<
z8E5b8zUaV%OQeA?BO_5c+zcNc4=o;pCos<AVdDO{D4~pSmrJ1<MU%-%)cx|#o^*lZ
zCnf_qN!T2dJ#CnwPuid(NMcI?HvtzRGF?G>-Y_vsu{e5&F!M>jbI5oxOnl0RkgPW+
z?^7Pgz+K{idyi?XGi^MI1L`x~8popLoT5GGWPrfvK*^h&{=QnSW@s^?(vDKwu9qge
zz3beK12dY9jG;uYu^7~>P&ajRovr6!j~0ZrDv+WXbQddq^IkEfS8$*g@~VxN$99g8
zsfl*?Kj_?6)i}!|_i^ePtI|Dt>NLKr0+-6;Qt_}Ca0=WetfOw3WQ(jUV7E15iItXd
ztb}ZYmKV7c&VM}S#|EcCBAf#2&5tkGVT4*S$tl#Tgoa%#{<rukEz>Fz2KA6q4=(KO
zIsp~|R%>J=DHSBY6>oZ?t5>{KuN-0&_@fztZ81<J1S3dlp>fB8A6+BlxQ{-P));{H
z2(b`qENJUNf3%0-e#_ptSA6_&O_8JS!I#CyUl#uh|K7@sZ1`bgQyCmivvi`)?HQRt
zKZpOoj0K&YKN;)$f(INb5RcWORaF+lUq&KO3e7w8)f)vtd<8@VVIy9}H3$Oug-{DG
z8>h*<8lMFbbX~20?`V)NhVPsbcV2owdUYrR)NfH_K=BLT4_`sAlOBg23nJnxBqQ|n
z@$bjE!da8D`3kxY-*Kk*gLo_(;UZB3D8{{?xw@b<LcWk-d<6ih2F7O=yfYEsev&#M
z)vw4_#Q1MeIiXzAM;Nb8{)|+@_zwp6Oi~945-(yPEi8^&7KZBa32Y=95IiB^q1gb_
zuOGRp3a&T5@Vw?xGw5f)rkeCcI<byTCe#0!{u%x7qv=mRj7F~#KUojfLHASO?UQTo
zxrel0^=Lx&KN)O2j{*uFjz!NEJaG>Y*bl^ijl7qhJ_D2%gYScnI)-O9FwX^tXQJWl
zCGjhu0_$(M`);rhl>Q`BS9(t3GFe>ESEX^N3dm3`g(l$hI)SBNsa&w=G)1zOZ9@x)
zXF+`Flr$=BG|Cx`a`hf@yI3o3-?LhwW#mRQV)mNla^3p&uWpir>xSt^-#R+ILE5?L
ztM>Iex!eqTwLJ3?8Jk81#X++iDpp^6|NYmlRzT^bQP8hnxz`9UC(`=&yt}7k56J1e
zz274T(&roZu3WDdjJ(wUiQM3uz(0n4I8md?EOeq08!+R}6P~#<l0k+FEpG-R7|993
zb@m+2IexpC8f(Ln*7ZbM$s+&<-7>w|P3fu3->K{%60|QcXX2f}St3#T6P5oXXE21o
zPb4Vcvp~xS_<p!3cWXs@-x;krM2CVz_9UIf8Jn;|WY6S3ovbS%^_0S1pOdF)cQ!TY
zPtMN;<nhiX<il`={la`q_5<>H0Kc0oS;%S4Q4T7KEv-3!7fkL+Y(s=Q0ub3F2*bdS
z*)7O%Gs8<KCUQbT$xRqMq!FL}SZg$BZhKD!cui7c1Q)X#fB0ANgWI$UC9ioIta^hZ
zCzLASD)fewqWHZZgP9s&MCW;+dha%k!Kk?nxc>UXjVw?q$x-eN@!pp;yi!5GGTuir
zZ?|)dV+J8ZIUy|~Yl#W$5szcHDwoIY*6R(r35){ioB3HhNC><TNGAh=T!Fr2Y&0r+
ziTyQ^<<PfOu=&{n57LqvIELz$3uPr>qW!X%jcB3Jlzv`(9&CpFXh6oCEa{_Y-0tUN
z^pzvK16u<7>IMeu_67p<m1t)#-q{ymn#AYR7=sqyRg162ch%zi;k6^X0_di}0d(D#
z0DU-sZbCbI16#(_i?r4sAErEs|ElC9OD8AwSd~-?V?9*qF<h!ulV}vq;LC-Tk|RXR
zLrVyEc_*%9A=fG#%IWCE8bZY?T}kgRq+O-J=rC&RYW8BP2>Vu-gFJ{k_5k<gX@}{P
zd`SuiTAAc>^`Jrz5~&j2U<V1l1$}Y{eO~};NqM6#rGm*ozy*?KvzT-feeX%MhEt;<
z616rVtFOtp4`P}{gNI0nF*kPkN|pE>VhTM}OxX?Sm10V(8q_EhEG1}1?w;iq(Q`r4
z6%4?nDy20FV`Tw<fh+(*d0AjWH#`nEW@h)w-(<uAEE8=k{EDB!jTu=0T_at5n?PSy
z_&xLEz6_1*rp!0BaM%%@Kq`>>Q_u#GA$ihG^ozUkmfE^r@TS%vzHiWI4Zvp*hoM^>
zN)OS=RYgU&6m=D?f`elK!ydV%wzm%ahX&uG)!<vw3Fro>Z;C^(cNMzhmZG9ny{GE;
zHtbWI@wMb+t}K&M97qa;Nj<gQ1U5hYiBu8Ld>!vlYeM6ieJ?<Zh)`)UzK+x!x=vsX
zu&gjA`FsR$e6%7v=oAC5mX%Z#@mL6A3^HkN0u<Y4pcj3VL1(CB&(98=Rp(LOuhele
zGhNXie&DJSwb~AYW2);3bUhjgda;RQFx0xH_ks;gPyI<vE39Dcp4zIxG6M@!V=5~@
z{zLR-dCEy_D8K*=Xz~UbZ^JS4TsU|G2ik}f?JjUDoZxf_QpqHkpZ>2=3a!ZBCyt5I
z)o{(YDLK#Kgi)?4GZ-CGr$N;)exw**OU(JaMNA28f|#=Kh7y=8xh3P<si6scLSYrr
zt9>pp;c$SI%jZkG$2fwH8^6ZoNg6IPgT$HhWGG1|OANdP%@S<_NLY5CI#1wxKA+D8
zQVxfhaEZVF?s+1<$&$@CW&vl+QvyHVC%x+rh4#;Jjr;C`sx;ubO@B(0k(k^;zgn0l
zB7f5VLV4;%Ba+1|(*Z5#^HQOlNF9vlk}--fgd?Gwm`GU+{2>Y9D5Elql*Ec=f-A+e
zVgn=nx{p??SVkjQ9q0oHpNRLguE7=52I+R3skQCktf7soR0<hgPMb9hqchqZF73V-
zYrtE2g_5?i4$(@};3XZB5Uh|_iF>EKbTRLD6`Ax5tI??ca!hT)^ffY;Wf=(A_XW*%
zjZi;@*Y42rZvx7K-mf`^O|pPyXc{I5)N1Vxd!R$D)(xn1yARO}x)DH@<1*`UdIZ%+
zYu=M~tR`PVcEQF!9I}OZ$RyV1Y^bmytI459P?dLRc|mj58eGyfU;pH}qiBh+Nukjw
z*|Ofs#eJZf1dqK2?&7ugpbvSics;)IC~9IC3z`F3{!b78aj)E_yjTUGf-Um*%z1~`
z9?%HlrB6v<&wvVyQuLc>{jgTzcF&2J*mJQJgFRWMNYKSt-%5wVa%`N->6$Pvc%~Q`
zmQ4&NM8EmVW4!iqjnH;sSBH%?=r(bBodRy(9|$bC&>85ejfE=bRkf9dZHDLX6f~D>
z`T8yGO}xyYULe<LHMAw(vb1c?d4{sU>~K}It~Wj{U<Ye%ec%2lu8l_(6_pVyde`Mj
z2vu;MUA|;~QH{6MV$$<IM@4CU<E+xduREW_@Y#>ayq+?>j5i+90a{7(zGBOg4tqt&
z;S+eHr7GAmby?<{VIJj{tPHLNoH@gy9HK%whv9fmfC*;h@ND>ZIWSwWb!I=WeZcb8
zL-zx}Rw+0AT(1yc#rPfr2k$nEi-}I{&idb6kF!RT{`c1^!^3DbShi8iU-zW(aq%`i
z&#S?<mlc|eHNui^UW-m_7c`gRYf-X!A&>El(7??R4tL7q%Mcu7ph<GgO%ge3F!D57
zz6vCb#??r+nVIqp&M1Q`A3=?R#3cf^wEeC46S-W;|4dN6BLtMC+)w1DpBR)1x%kU>
zNSpg3@Jd@$6fld|Zqf*gd2OFYfNgrco)?z}ms*z@z`cTAYe@fC(DZ5f#e!y&mKUGa
z2$Ic<mDU|~WUY=HKIV`q%vr86=DSWVC5>u~u)iNia`l64=@-REz_&zU$qAbKvu5e6
ztr|LBq&K~Ik(dB?i~IiP-0{w9=)g@V@4K~p0WXuBQX^@{hDO_SP|FZ}g4t-PjR|p&
z#S;nn@By?4k`72~M4Gf1+DA()+jK6s`SFm>eix50W^3l?oWg;__IbGA*lYm6E}!_G
z8{B=RZ#p<O@16zd$TpAo4#72l`(Dm^%*uWLjr-A7Wq^aP<MKS}xdv~}Ud}3&`a^bh
z1=w^JXWeJz)`GKFv-U%JrIKB_4PSD-_X#v+EC%Ih`OIMEvqzH2WEw4{#kbK8I&?gl
zbfZ?9zQt;Vedt%KgndNTmNd&?nNFj&inoA1tMseZ=)?yy7vS}6-6+L;h3YXv%_KNO
zW=sg9WjK>B>J6EE1~2MHaU=y9B0--4J0)6b;?amH7C}Ewnyw8qUIIK?(;~w=Xlg(^
zEi&d>{-)i#G+bofu8X^G>ngjApDDcP+Eydi%aocq+ulleZtE_&ZT<y)&2Km>W;89U
znJ<?&1UssyhO3>z44c2Hrn7u1$2NM~DjI`+o=!eJr|9UFGqz5zGBcyYV1yb4&qTlx
z09+mS0x<G5{Az@AHJ+8e(_iPesbx_70iap6-tG;9Z#)r?MJWS7d<9Jpa;?P`mas4g
zo<t@_65I7HtQ03$FeNjTSqpB_YSRzYl|Xk67Q&5|gTK>i#XhasT~aqZltp=vcusQ9
zEkXTeCazP9$AH21$HrwF&B7Vr%g67tC(t`f%-W8^tkk_Y8T`cfG~?HrahB81=W~m3
zs?zS<+6-tXOJe!cj>@!GhSA^sR2$WeN)*AANj?ruMnJ+|$}XRzNr$YeSWEyGYXz9v
z0eik+b_alj4->vHDq!Y@kdKSttq>8I`+qo7jVS_|^p{HUr`S6}Okqu2iukW!SC@|T
zvtYYgfyw05{Kx0PxOlBhr_w4+-@GXf&93@q)ok&D=^x$m5!3hkDm`NaUiGju3;d)P
zj4XlMI625)`qvfEz$+9qpm+XddHQoXuYwTnp)cw0zwWyJet0z9FWG(y%Uz4h9mtoP
zJ!QGUxRTMQt%vVW?mNenPB>*P<cj@Yla*Q=$rq2gctRB@k^Hp>wO@M%D-Ey9>ZwkQ
z8y7guCmyRYp#RN%I5c^Y8F!&(0WbBFq#-BCjwlgOq{z-FMRw3{?_{MefW-gD8Isa;
zmo2|8U;go>44mfEkJF%>VV@aO0MR{pZNR~CWgb%-`Fe8ain3#}ssKCATmhubv#(~_
zd^`364iF<hvD}}!%?FHHny_HRB{?+i!+edINGIF@FlYgi5wODr=4oNumNnM4bavEC
zPv3QlLVs?r>)Ji7C2ZwGI(;CxXoDV_7F6_KcHP+*-s=?0?+1{R^DW(}3;)#GKWoRF
z*pkW09B<ikc6YU2&TZ!y&F-a^qH8y7KJsH&wPOc(jI*+OwT5q4@?3fcHKFWr;sKp6
z`{~EIam5o(R~_G>?5`J=@8_qf2qshb;fE$G{mA%YvXM#aBa0Q8$mn5LWxu-QurXfm
z$6{nbGiN3oYcdYwF#|$pOw7gvh7d!rLJ7s!WW;1?ki+UFDrk2E0uFm{FlZNvjTgA>
zL1r+nqr(P+E~IEkT<V`=XuD(S+zWm7px<WgtM2gdc7=jd6&VG4xU<TmQvgBWX|0?A
zrg=Mv)doEiI&wi9=yyqLg?mnOU2}b4VA>q$a@flO2-x8zwg7}X5=%XNQ=lwV(PR`%
zu9^TvK)Sz@CZ{zxr@||<8nrv99G`rG#FaTR*o(Q3H+}^lFq_C~7+SCs41qAlq{vXB
zcg|D^u8&3<bIXxG&UmVd*c=Dj=ZSw~<XW2NjX<IERCR{!g0V=&DHL|z(^1`LwfTc~
z--UCR-qB{5<G(b~pa|&<hA>TMYa;y@sSZeeJlec$-VUwNDhrg%4O*Q|B{eRSU~H-g
zl?9r3&(g#W2m>~Fi9G;7x!vJ{bEXXh>QTkbabx89tS&=A>`3KQGpddC)Wy_Q)Lqo$
z)Xxat3-*S`TCxa+Qwt!05&es@=r3c$i)7UI1~%g(gf7A2Bi1sQj9K;^G$0bk*J9u^
z8PV0Xv0BXagab2bKrNx`^SB8jX$J7pP1+d}@41kV0AQLTm;jdeY9Vn+Qruzi4MQd$
zzDzzQDDZABHt6++;%D31(l2z)ng@Q^9twCAvNiy;Ml)#T)TKU8d%N3Ts^*3vt#(9f
zi%rJjjSkbLUaJg<mn0I<Bq-a;uMj^KKf9u0s?umwPAxwKgNMpdI;~kTI})8IcXK|~
zEZ{K}S4SKslOs}HY<jA_oj_Q(%T(y;;OjyK&tLDX(GTe#_C_KfPZyVi`={>{uP>=A
z(g%T8{D&3lT)?{RNUf=?)DJ$pyQIwYw4zvR=1YQ(#!DI<!C+CtoT(8zP@7bA-5rt0
z9kprthYKqjS)Gn;tXO*du|?%gINemfh;9TWKmWO9m1R@>SLf|-C=LdT8_34d1a^pj
zap|EI=*2$-ct<6WkJaI#-hsx;zmOQ&Z2MSAt)uo*hp5}BN69)JBNL);%_5<vwk8n4
z7`ldtXOhp7{diH-I-=y`1)@IEV46W>!iSAx<{vNGts%_7oXky{2!;tqt-?)O2#C<=
z=@>9MB4pd1)Xs3*3rx~N>6bzlv)K{?-78j%G;9%H+`JyRmoIlZcp5C1tHV=b;JCsN
zt0`Z;ymCs+pa9(~(XbYN!Vzlk2o)8Frp-hP6__4evIM?n*Dh;#Hf?{lVY$YR(v8o+
zk4SpNzVZC^+NwZN{|xYSQD9nou&5~5J}poL=C6#_gf;S&faV=e;Qvj#8C04(!r_ji
zJw54Pg3rav%1pEyY!%P1wg#GeUg)&f#okSCo)V8c7HT3&|For><_98?!2IKA6LmNg
z^v~X$Hto&n>7}3SYV4AkOtP-VfzNT8Ga5ORX0+mV@$W!4>+q&U;<wWuU4ZTmc0JmK
zAJQ#q;w=Gd1RNHx_ds(w*qiksx{Uo7CE$pEAd^<maiJ!ZT`*&<uqmsQ0Wp9N!o|w3
z9l<Y5Mr9g+yVWX%<%<$K{cDvf{Uzv9DV63g%B<pX9s*nF?`C=fFU|^kF;@ZlggRX%
zSg$vYtN`g-jRsvMJjYF6Q<>*oz+;m@c=9l^Dc1L33xbK3S+EyY9FQZx49H$A1dteR
znP7a`XL3Eu%Q^Yp=M@UM{yCRG$2r4~oPxLkEw_#CXL(Mp5J$kR@;{7GQq$mluS#wB
z9T2~-)oT3o0<|w4f}+QV7TDlD0Dq&uVj@lrCE=M9d<kl-c@y}J5~--vmNB;n$hT$;
z!s-+$m)GOb>x^1RK_}Gd^!+pbII{1LGq&ipI+)p~_h<H3&N6_6k>`WyWRRCDLE>m?
z>wQx@*UN1-`TEYO_iY`!OG)@uvJ`um*hewDvkP@?#so|uE{fLu=zrX#P@_fn=i)=6
znXM4bXiaUo0W1LkEKM%}OGIA$0UHM0qD6cVECqiRe<1R7v-q0$XV5BsxK;cE;hGO@
z?FB`c2~PZw`JMP@@pYgT{~`We{3$4=_lZ9h{{f~D+<S`MNBr(|x!m}$=Pnxs2F~OO
zVRA~3K?Asez@k6EDIf;|0!Pz>>1O&#FnpsAoKFvq{0^ox>DF%ea45a_*YK>l>0{t2
zaLq;HcG!0QP3K>JGq@S7Ot<?`eumOVVgItJN2h`}pE>dj_(Hs8Kj;Imq@P&~XZ|%k
z!w#P-u*H}%*m4vaNw9M(rYA?^k1rz^P&vslAI2&92FAxrQ{9&vlke?+LHyWwwa?B}
z+Wg{&PbDvY>Zyy9;Ej^v9~766pC9a6FnoByu3Zb5a~JG72VT+IvG47RfG*Y1nm*6&
z^MNP6dGyh59)&mDS5#VBbRW9uv;5_|3i^wVU}lW>Ly6>~NVAb2gjz{z!Qi%w9=qtG
z$KYdR!;aw#8hHR8%lt3wmk`Ygn0H+8un`4_#64qNpr~Jo=fGHx7!{*EeNYL8$D<A$
z5nmmGPo(D#g6hd)edn{6urDGx9Y-p*Q=71kMHa#_J2BK*!nhxyE`z#{fFv<Li=<EN
zkc^}-fy5Oc*^EZ>LMuRGgcHaF8No0Jpu-G4gZU@oeir*w&{gu?(NJ+w(BB!~rv1g*
z*4Z?3!>W}Rd}y3mQ7yhNepVh%@Xl57rVrn1jjmcE*J&#JOI~|nQ+P&q!f12L_&>q;
zkV&S0%D$MbDEEwrw|#R&XVS17RQODG1zqf|^E>yR02hMN+ne+N-q$+EZRqYc@ajgx
zmK_yE=TBRil*?~{7dU(hc~v#1^xBJj3a+?FF87V__6_Zw#wk^_L2mR$eZ9}?6*t}}
z^VZSN-Y;66wMB+~LC1i)xYSXrsCn_iM`qe9olc!9%m<c+=NMZErmFO<<YW|WKx<vX
zrX3{I$FVpG4JTpm0<Iq{)ncI@NxDL9EEqxql@1WjL|m~k%uT?`IH|6kG&;`UH2^<B
z;Ogr3mxJ=qqFM4~2m5Ilubh7E)5i8t#qAGP1lvuTu-EyEH$DEEIu)zCTkN|>&DwQU
zcYgbX*QvW)VJIK?o%r{IJ;Cw_BRBhHKrZ7oo1XymQ&yLYnF312SjlcH51Wmfc}uLh
z?Hu*0_UdIuS2t)d*=4NJDC2BK!O9_lo#kw4nhV*O{(hPIwz>t5@H$~?Km29X9QU+3
z)Lxx&inHUYU;EiwqgT~sELy2C22DT(YQ~N4fa)0C$KY!9Vmlii%EL60aH6O^5wt#!
z$zw1&Q4P|Mby*%;-gkUpp67v?J36KqS->&>1Llg4YuxQq=DqfruLZ!mRp*`80NwA{
zm#*Hnw36k-Wh3d6&f2IGz(V`E#8?}W`D9@jHF%=fQG!FQ90^+ZT`gdOjd7r*qS0S#
zQvxtbosa|87TwUXzkKQK>!w`}?kTLl+0U4PrKHpXuK5|5uB=$nx5Rdz*i*l&e<}o1
zn5r>0MkE^~Xcm<nBjA`PUn;||^cwLVrADh1@6^Z@#tilzS`6vMq*4izdO=`_Enryk
z)fgV7XqHXkXJ-6CauCGvOuQ9L=bmHIYd{ZvI#{P+1YwvsMl(Y}JwOi^llm-A)G$Xe
zEO}-YQ9g?&Z;^l~I11-rT&CdA*mtbek`iS6dxvGI%rhl>?^q;y%utiUSs0fqcmP$!
zU0Qiz5l{u?{M@&r`V5i?!pt%W3&B1w4Wk(;7R$n9B_(l^f-IM-M672qn%V84MVBP2
zS1y^_ykJ4(mYZ(aKJduQ&3)d=wHs&b>8Y)q@0)s9{Giy`8jA(m>DjX$12meUr|#YR
zyxZ;Zq8;`hA0D~R>GXQ1`V;Mup6wU?g1Ml1_UzUeuae!gbxSF&rx|t5PoCg<b7*Bi
zSeOF_!i<#J!iUmJ@SiL>vKzZhK|Z~^2Uf!WPM-~<={+N#?}azf=Zt&=?<9Pc1jCg*
zNPHNJkc2lEtt}|3CPwBbCbMOwSxjo&5-cPMPHe`@NU~@T5!)LMTEt%K*hAEX-2-sY
zHAi|zreoBY!TWBD#cc*B+-9@eGBRA&)VQRniJ70MoZYmf>2OndSreEQPQV{*Nsg>b
zZk@rYHQdZKZ>^chY1AAziqAKdl{YcP7W^FP|7%TUVt08{Q#trSS(A|77*6~d@BLZ&
zO@!fX;HLNsyLZ13KcL}c>Vsuv2h}o8lfEf?S9xP2nn!_{W>3lh8mD!X7jVD`{Gb}l
z0ACPn5+9~Vs<Fs|94ZtD;&F$Q;qkkLZUR9h7`M>DTC9`+A*_BtC$W4<X1ZW3qo%-v
zJR0@mXxWVp%PdA;7&T*bHYme<LU_f+k-#ELjafzlLCF+L<FTK{Qv#6qLeMM`lx74p
zed3@DE!Ko!F&7D~WJomQOYnEl0huJ(lAE2-6hjjX8n4jJBqkm|jMznEcnXTNAUPiA
z$7HtDa5A){#3f>+nJQF^rhFL*;4-#?TD%nWY0)wSz0!;yP!j`Ah%*BS$O%ngfY2Zr
zk}3i}A6EepxT7S4=xI)xGva6B3}S5-(QyUwNuu3CrH)IpV}!uMaG7h(_$4%XEUF<~
zshJ07>e<P{n^g*i71&jbPHC0X;_VE>(lp1(7y|<!1dv`FXOI|+#90MU&hlA3OFgQP
zO9xa66R*(#t=DE|7^5nrYm~`lW?P_0sp64LVX&F?TX>)-wb8&^<S2$fVc?W9M#UKb
zFj@^p0L%(`2xwTP)~s}xtKzWC;bs*omR6{Zor(&(Eruoqy{*g;^m-g-4TLh8iqp_V
z^J8XHnVAO8VhwMZFNZ)TH@O)oV_3!?W=k030}4Iua>~oJ;Si&d0otexpLc16MWu%5
zl`<1;fzSZWIzMQim%f`;$rO-Q(zJ>O--8N+j8(8QNNdY@h3ZMAn$~g<Y8iPQtD$uY
z1xrJqgbX9s%7I=B<3=;&td@X1C=aeFGHeX;7Nyr&u|$|-teD}C6cyi_5EA}!E35PZ
zfQE0Sc8S4hHAUSKuR_B^HOl}mO?!=(_^j)vTFT35-l#l(N=K!NK?5J}<m3T!(0Gnk
z&A{5O(9~$ZzkV8vWQ29`<vJv4sFV&z%*#7?g%+BFyxu4%>sFLBHg`s+s6uX!ht>kE
z&aQVb8-M_0s3<^3t28pP8^{eTD_26GSJHC)xuJL)Z`Iix`eLP*D`%&iV>Gtjv#SI$
zl^29VO)g#yTDqNnvuUbVPCEgpsReYKP0(>nf_0Xd6tsMwPC+wVeH#GvE?tES(kcZg
z7R*ji=4W(TwFPMHtlXkg0cZefg+ZZ}p`6e%7b7r8`eYcL1pu{P&?y)NWLZW=b3of<
zSF2iF3YxREPU$F?Jy6eYlv_=%)}kT-uv0gv-HhdOg)Uq|>l&-W)(*K|4p{|PtJlp8
z%4K0&yQLTiyWFPD%k6x?t)j~eb_f+L&>4Rw=V*pj$~XY^aR%^1DuWyV832rfW<P~8
zIn)7-M#gAZ8I7t9FehJB+bm|Y!KmRGVU|PB@rq(IYR2dz6}fEyG-*(?RvT27r7HcD
zfM20zl)Ts5=`pgjMpq`Ys?920ht{Bw+2k^}mX=l2P7N9Uvv!tOVbz<9F?0CFScmc2
z+JRrJxUk#=iXCOgI@avjzPa)BrPVV^AoK=MrOO3%F&oe>icjA=bq4FH_SsOeY%0~P
z8ERL==}_siapqVK(^76ELx-svs)bsDJ#_*>+J_D4n5&Bph8Pc?p)C^iFd9kFFyUr{
z93J6-my5A@Zbv(e5DekF$XL<>YMhKEHpVNzY%PTP*p2(H@adlY<Y2SOE&fV83YK-%
z+;I59V1VH_op;gUlpBQU_ul;F($Z}=j{F@>=y3jX-^`hRVCS?8W;E$Oq>liFv3>U5
zX*K~WX#d>l9Zk`4r}BbvYcM~)Q)ZgG^qRS<qwt36merj0q7RlYzrCkJs{!n9-@b3^
zKW_e_$@RrYv;RV$4Z!vH3J<+ypB8H}iQbPN2WnfQzOyJ=CbOXCg+xP+g)dHqYnZ9O
z790_d#%{U_V4mhk4Q9lRWmu0Pjxlus!eftPQR%F0q6JC>R_M=<3E$$9njWLLF_^o9
zGcz}Z8kWti?sFEE@w)5EJ4*Z&_Nw}UM|wMw+uDP(mNXq%VRm;-jV!1xt0}ID{Lh1(
zmu+hUTRu3pzi)2mwc_xPx9PhwJAlPI;N6;qu?nlo%5i$V-7wec@mdp=@#SGx>$cA3
zl}!Py->fy3gd*<BN_SJ`ssn-PyRSR;L6?5pj{$pa=iI*i(vCQccZe>lVstO_0f`T3
zr8-CyQ`W{1Cph0Vgc3PeU^$G%WlHR(L7Zj*CWgzwkkT<bpg#_<MW%F}#U%qii_`Ok
z*-2Y9jLRhc9&32P3f}vXZf*-BlbIbg9`WxQg<R}0cdFxay6N-QB+Pd)EpwT9KeKqf
z#^EQ>3wrIkV%`2`6S}voIN<oaQ`{^5(qJ}Kn2kz>=&*4L^Bi`6d`*A<$R`F+4-Smg
z(PjM00~5R-&wv$*ZM{TZ216MuXl`#XXg^8J94z`xF~o*CLJ<;lNUWp8MoMe*7X@>i
zf-J=j5gtX!vJ;|xCc#X6gT|1Y)W(IVkIt~3k$7q($7kbcSgNihQvB!2uN6Uisx3Si
zZcEvNimxmGTpTH>(*vq=6G(3A1e9LvJ@6j~4*UlgDyb_6iw}w$bi6$%ei?3S3j=-7
z&g;PK2gQfW>q?5PAh~6Wn6%Qp_=W>gUKyO%0P$|k2)e#gY^6HO;ha%*U3H1JRc+)C
zr3boTvTHybBDtXxqQp1XJ2F6W^13($Z|Unqf|Umby9NfpEBSn6bzUCq)82yB0$FxA
zh(s#0#b2o0VL^}HP+V2Aq}l3kYV=#1mz0K!4SHtTxB=!9@UD4Qugi|4m6DPoFR;6M
zXPK{=WQ+)*wZ*&aC~8NYSZ_**&(MHS(*go$Si!Mlp#X_nW{In9Ac)-}v5XlH5WibC
zPKfOZ77k0CTP<cbwet42KY9E1mC^=mWAx&C8l6^r?@6Uw`K0)sR;Ll)(=)8%$tM*o
zqX&L;68N7~cok0qKROBgnUheJe+=40b!@Nrs$Qv-^?akzeA6RSD)peIm(>~6-+ZId
zqqCq!I;&PoXT?|1S-s|)Z`7G}-%r^~C?2&?DuBl|Jgmvc2pFmH2MD_>;kJzViI_~-
z!vQgOIRW!|tnO*?*H8BSYINhnpY6X6O_;$R@zS9?Fjec$7XW{2g@N}hS$X8-jpv?I
z>e6z5MWu;7ow~0{{J}f>KYMuNg+G7kpBKCeite}-SYF;MgQcaed9Urf@#K*R@6wh?
z7-6zh#!g(G@d_l0PR|72_zCeMi2_6lxUsMYqcbPT85!o2`o09CM~x7)3}V>?-_K)N
z5G)M$=%B2ZO;K&w!-^t237o}jB+USgi>O<8!>}q#Vb}^X<Oz+y5W@Y#MUZwfKs&&L
zgY#v*LHkhq>w>_?_+PNbMBCaa$;gJzMy>7{W06%5Xv41?B*={8La<giPR}_m)CPs)
zLw0d`I{71@{1IGH8+>@r8$zuh2rsbuQnww0tT{p<jrKK@o{t*;ykig-EGXS5Jx2UJ
zq%Qr@kFdUDbaaHfk?Eu^BYt=?X&q;YxFC`SAX@0LvLKorX*BLzjD$=AD}C@0w8$a|
zG)QW}vn2j?(lzlGh9EMK<rZ!$XiZ}zs47@P2e2*=txJ$R0xbcwhT-;Fj$2FTsSPee
z0?Q0n*Pum-yev3MSrbO1v#Wlpl~!5>9pD&-_wAf<bo*+nP3ha(cXgADW^`qMSDRT@
zFE`fe^u@9Ak|GV1@d_miwVce>q~Q&w=znxajSeK=Bbi=i(8_slSxca)ia}C2lo^%4
z9jcMh-y}YAN7uVbOH9ou69-nXx}ej>utv4ov}9V99I#g3v~rzI#tJl3I<?(uRhC>c
z2xM35&8$p7@+L#8Of_4Iikp^I7qLL@Z|LhRY162^3TPHob_mq0!R2YFT^>}mc&l6r
z$k@wQw)CB^)X_9R{~@bWNW8lbae8(Gr6i+X6}6b!OkIq6WNuB2XJnE@3s6fII}=rF
zAPoFyEr&Z}JmwFebuStjam*@@cJYGHiJif)u^V+=vbcm!kOAL}q4lM-s0@%}<WLAN
zZlxtU{2n%`&NG?$js?5q3XQgyGdQ)*rz-zz+m;1YRd4ifTZ2}KgW~9sKZ$?PDh2^K
z@+S}g!CBY+R7{H>iU0HV{wtFYg5|TORx&cJPA0qZx8cf4$ZD19`c)mf7TE-Oxdmm+
zxUAJ$#;|s46Ii@75>nK}?D8UiOUolmi>9buMHl{K#5-N5wR^nN+>YBd4whAETv}Gu
zv$5CjeQwR_RgU7PntE@XuC;u2MA}@_aqWS=mi9f*Y~2Z%<b#*ZN?fm1qh<gbn_G8k
zv?|o18aBf<Jr~xYx1&6?_G-}Et);AHes6lG!_L<@x}WTr7UgBGx+<A{cA<Q+gHlie
z=3XaUv1qOB#5zyNVS-~n&~s?8G?*ElIs4%ko`3l8&%M5%i?^p=e(HYUXQEHNoPGlM
z@AvlfEdA!X>%L)|MaPJE*1C6q^+#aZZ_{Ps$M38I$40<koWB)+l)+7=*b9)Xwgu~6
zXe_SED2||Kpz&A>vH1X??iIsn7N=Pkh(*IJTKO|tw9G+66xNMsaaWe%Bzu8-Sx?`(
zp7~9B!*=o5>w?`b90%na{WE)(tzELvv*X3fceL7~cFsJbV@>yxM5S!{#cP)|M?7Yh
zQOg}O>T0#YNaxv2epY7W<s4cgX{%z()?Cs7L(TIRFPhV6Fj#72*4bTqc3lI0*tM(K
zO>3PtrSe1ZTVM~`z}qLZyj)W;Yu~~uqi^1viUWgyhP0u$Zr0A}MFyd?v9+~Yr@x?6
zW}G%_VEfe_w$82<%N9<L>2&N$J7;N)Hn^Z=-o@R`P9F6i`i3hwOJg_)tC8qpLh{Ss
zSc-UP8%f*}k+Oi~3lB^l1O5w`vg}68-*zsj7e~@xEZE8XcDOA2w{rnKZ^2IBXj{BT
z{3p=tS=<Juk5Z#xCi=Omy?xQ1Jq5C+4M|JYnYf!tDM8Jr2%2J&8B)+JVWmV0`rzpT
zsNgk|aDzU4x<INia&acFW0_40iB0)a<`wgQ;tb|#O))Fz;At~El*uA!#Vn%|yQw&O
z+T2c%;U%4EKAYf75lvLkZZt^YTm~bKO+8KER|@+qsWahN>fp#PzC)Z9hx)!NAK%WO
z0)0Od&R%vp4E{{iI&hyBia+B!z8cBpCMt#_EQv^lC9=2$&#qJi3#Jw_8qpFUSDX-a
zVoQVIF?nzll|YYfY!F}n(H-K~x4-d_;esQ8dv4#`yP>0Dl+x%+3}1*P)&SiL<=Q2&
zww}I@0JvY=tOvg=F?<MCzx>1>ZwHDyo&sep2V#G^^f~d{{qNg%Bsm{=-(#g!dV8d`
zr)}C<ocO0?(kIrBS!XvAWT03mh_wu{jFchSL$QVv>qt#ljfs_-kf>CNEfD>iV98@X
z(g$iUH%w`7sn>V4b8J<4QAN3>SfQdVDs`2ketPV_61|`{wO1QdXtXf+{id?!@<rYQ
zd-@KIwbaoE7FSI*(n48$aWxm7Q@e7W$sM*Xn7YY$i7$|lBT4GUB2Mmyv;`LPrEyL8
z>LZbLcD2bgckoIO0l_hrIFRF}z-wtEWTYis&H<<uL<`f|FexMg6(bpvHDwcq7?nB6
zB!4WP_{pG_e}|SS6&lN5vs+$^4uU;8yG7iS*_;3jISNxh5l{S>*TQveK&I3uE%F(w
zbE%Vfh5FPk)`<7cU!6^eHVrWTC-%h6$7cI7h|s1?7?4z$+@O}Tu6@UNZBb&H6bH#d
zx>t%3={;lg_Jr%nlTH`SorznOV|@M)@s#M2tawprK^+DX)iCyfN5is*NJ1GGm^hjw
zEjSX_BjdbC&;?ph4(Lb??GrF;E^smt))RzV&$%m!h6b)-?%W1W&?J&~ox?0IyF|bI
zg38JZmg_GmlSQKoIy#0I(_g>)Mg4%INF1^+uk2l2eCM6Tt9!%C?7+=vt7<y^;KdQe
zE-;u#RC%m6Xs{Zf&FZO2Bsepzi&Xe4B0Ad4jra%r&M7xe5q}#jn_{(MuTAhe7y_?j
z4^Bqov6;FOnSO?`KDvqjFz)ntwJBMn&;m7|%#tRw0y>`zW!y~BYBitC0MDU{5aKZq
zpjq~dmW8VyspA$kR?XGL#b3wei<+wD=;F5)o0=EIEAH5Qhuz%N9j~}EDxHY^KeW9E
zU>imDKfW`&t5xq^vSf9++ma=@TQ0F3$4(qOP8_E>z4zXgMhgiL(ttn=38A+n1OkCG
z^*A~gjyw1Pm%D?zgM*`&B-Z3Vvnx4H;J$GG@9*bCyVG`OXLrhb^WOVB5RHmEN#V#H
z24h8MMeeP$51ae@L3B2H8U8r3a<Z%ZE`zmvbTseIIfu<A5;zo*v{mA3BcL=Y9!c&J
zIcPRjbVl=fXZMmKvE18Zq7mhJLse1qe2EyHn+?k6UcT>>#ru1^OxFZxQqJW|LCU>+
zAk|~j9XN$&AqrKoF<%uJtc*gRak|_uM5ff%PRajGfjnDU5~Sn7l2}%MU$CUoSMX?n
zwkz#Avq5h#>u`t$GEeoTIxFYTfa4y$af5frkj&MYV!s%*5C;d-v&u?>z7dwpC03}D
zXfWr(O7TetA2f}i(lSZjHh{&wxse)4O{Nx8ln$?ie#j$M(!3DKuM+l02p6UsNOJo<
zQ7>_;Etp_pu7TAVP5fGlzb)i+(MU0s$>1d)5)d3eUbdoCrZ<Y?e&Uw{$Bi57z{2PM
z&5Bu-*v7P=PxG^NN}cYtVH@Qd5v`K9t-2fiGnK|=N@s(P7jFcz+0s}u!^lNi+?%VB
z=ySkq*tBRiy>`-@5B;mW{|+z@w0ya9=a=X>+KrBr5a<Nmpz`CZuKE}~hmN4<NC+kl
z?d{i10?U9{7pSmzD=tuU8O=gh29N>?kZW~HAV!ZPF&$5*_C7hMXJkxn*4b1JxtE=L
zI=NcJ=4LYO4?g!6IyeI!xo2)REWV`T7XD$*K6cf|pz^Y381T<T-oKWhHvkRm_mVN<
zjTuCYLC=^pK<A730};l=RG}|FLf5|YJ22thchM&x@+tj*FZs=lD{lveSBcxug#K`H
z*R?+!w%+eQbKU;GJJ>c<jn*vbXvnzVwJxm#&ijIrQ+}$DAOjdYsV?k^02i-&Ht@TM
z?Z&2qVY-j*OJv#4N$pt)fY+o%`hU4S>nzSF7vaE<I3S`>LO|%aKqYa-7k>g=DDg6v
zNc(S2NCew*LU-tld`F4tSYs%b@`2?eR<Q;>r%UNz;#@M>Mq|FTuPxEPwaoqK9dsDI
zb3dbnRmNf?(`G#1%gCAJvYZl8by*pdN>qI+i4>NV)yT%6V@4y>gR_|)cnUo~WW^Bt
zA5=WbaZsHvMwrKZ-F?e+@6aKBG(suEe@gI(f5=e(8*68Y^TnVC0Mv`yKmS64y;0DO
z0Xib=(D^AyWFwee)0(R27zq{;z&U!HqADjVt_Y$F4^Joy<<wX2cqZF-L-(qJXr!df
z9`_8F?t*p6N|_8kHw3%@g4<Q9g`eXmtNi4~*TyK7fvIIzXnrK$aN&gnbAyOreH0Sx
zR9|tvh=_ibG;sk#ga>pnZ`sX>gal0F&@RqH5RQd1L~R%ocYb~@#!NY3<727G8V_sw
z4@y-)U#hO7)vn0Qg&om?VN<7v%jS-YEq7PViD!?r=Ie7R#}@lWS|W?U?N@Id)>70k
zq$u7!E?(4#{?)tn<1+8q<}E;z=``dUcfZn9-SYMemO^iVDPLX)q0(D2p}b^#d6vdn
zJdxgCzHNPbz*Rmyf9A~gVwbH1Hg#2B+ugLZu{`ef4ykKP3?J9NW@$%HdDF;i^4qmp
zHCe$t=9%5?H%DvZf={DS7bx-lypE2G%Atxeebh>grFQZbUPOU0wd4p+PROD|4fr}@
z20}i;FvNrzk^q^RIFZ_9#2qol8_RG;Q<NTTJE9kHJX9Bt?8U#o{FHIMmxuah2YlH3
z13sGJ{noP|%Zq<Ay?>(ItWl}Tu6+Eea+OMBPJTYRvSMu48u*@YK7TM!R68*m5&iyb
z0-Zz;qm!G?p4|i*K^tgHfCUq4Lpj$LS6)A)uxQATqQW76t1V$~+jK3u6YWKZuibQ;
zC{np|`nY;Ldo90S>M(;@=4ln}D^|33EC=X;^<V;O96x>MT&1eKaIQ+JvB-<u?jpGb
z99uJbOhsi^mvGu;n^@aav?KW=ICW=dM@Q$KsGdK=n`$RImh3EqUkQ~DN$#jw;_^7R
zf6_UA?AY<0pKSMfTnnqGT~~202VTnPj@7O>vV3`a8(OY9TzwriNH@=j`Q~h@jG9L+
zBXoO+Y;op59!r|+A(g`rOgooK+o<5zO<%s`rs0$Q0iB8L7DxGS#E}gwTEwNkmx&yh
zaL9|-A}{$U_`dWB&Y<LKt^?q@xLC{?xT3WHtof+8xwyC)c4TB{XE?I6?F5CiKS7T4
zC!XA<aD{*0nU2>%V^OH7DdeqC{Y|2wC!M*~TN-W(xVYWag?)Re3%k)ua+hLoHK#Ok
zgxumdE)0sBqfwkVj=!@bBOA;-wXJ{iwo|9J(Hpj%>VI2V9S9FCoGS*BqEJKQw5BXq
z6iTG%_ssm9p<!R8%91hVuE~?{nqu3=-)Rs%;=uC&L7R@HfYt_7g?Q)$K@BJau#uGV
zP$l33I4^Vw>rGGTUe>$J?zin*+CFlrO|P?otM`&qcg3<hmV%L&^OPrTRU;NH9DzR8
z+idz(YucAAZUdMwvFoCLUb8`Ov+LGc?Q7eXECCN(&S{eQ{t%a7C-BeBV?YTHEx-wA
z$de5`G{?HqIi{G9#rP{mRrEh{^gL+7f#gFE_df@&15M|TKGMJCIh;b5tRN~&$pa7l
zc>XAmqH{Ur<vDQPeP4fj|5atTqwkNNKl?C{SC*l#v&+k~2lJ2w+l2BFH|m1>*Pr1v
z*uG>OWlq=v`@oqATjGPsuU>El_HCJfGL!KwOva^3lw$m|iYeyrn8uRedNjOczmLZV
zB1^5y0z4XkS6$i=j_3#u2ma^N;IzTvrdN}nfu^<Krq^D3tsNSY{{l_uaguN|)Z?5+
zbP_bKW&Ylu1yAC<#ppU*rV*Y5j#pnrf9-ES)P7h<90(4=R+8{Iu!Y2T5<ffg_AP@#
z>J&&hr->0e7RbjvLgXh5w6P_UW3y*R(08c--0<*vz0MRHv+i`bcKuzCtZ%M+;&iNX
zJ#D%~v9&(YtpWxO7?~JH&dDMmf0`a%Hc6D+n)SL4&c;!1|Km6ae!TSkN~x?167DrT
zy=<mVQ7==kQ}0uMqy9mCLVZpVZL+9?CTzbFa`~)>X!kleCotluUoe&_j#WW^lfWa`
z{4uGu5R(^p3FoJBQ<__Wq7)(t5nu%fd_HdvXo@LmQ!Jkg<il*@S_YH&4p<EgCcL7G
zs|7tWqC|`rVVc|!KM_wQ$4nd$;I{)+FpP&L$<&2$YQ&%d)sT5{*ws^K*5tUxRSYRy
zeZZSrVGHC>9V!(u5>YPaWVN&i0Kkbgv}bE(zy)bo9>XKiyRXtReUV*cKn|zctWko$
zi)99#jb%(Cm6bar(O5L969C+4EV#ZPRv@j<VcV;6W7&Fx)GQCt!8{MBWHp>pB;_Ow
zr?P4blpDsWgZ0%JjbeFbrcrMEVVylU%i>mgWI19EW{v1St}Myb&^bQ@PDUlR43h<}
zURxPQXA9>K1-H|l(r^jG8AjCD(U2aIG*7NO?UZKGs{thcCeZ~AD<?OV%!ySxV%2Kj
zfd@|QnG6|L!uq%jxx?Z!x~$b%Ex1oe)y`(4qO{Tgt&s^EZqhT>MMkyCM9)zg6;g(U
zK#{5O88s>+9aLK%>n-xSX}wvk)#VPgW~ynW!t0FNEx{m^sor4?VwDIpLy%@bj>Bcm
zw{=J)d3J!w^+}Tq-he4jQ>trGNg|`~d@+ZXNF}-`C+i<&&2dKaOV~Ua?Ug@Lh~88I
zP9+m_AO|WqxJ<7B^5nV>xu^&L{?5XFffkRke`ES2N=+cX8d!gdE+IP2M7Y9Rmh!6R
z!YJd_968)cczypU;ORM{5=o?FL?@4jDH8P2c|AORio1#w<9^3?*;tC#WUga%jwQ{T
z;;dMv;(*vacS<O0Ob#c{)#*)<0&_-@RVmS!Xq8AQQ7d&an@1*=vQiW1mYVV$uEb`q
zZRm)uMX{xaA#BO0Ybf2jVoj!Xcuk|;Q;=!Th^%`P{R_Q`{{DwVpuBxpdx1{b?5T8k
zbH$rVbMMbFcsuJlVu6rOX>=E1ZcQ)Ew9_=>vT^dQ1xl4vo@>^NIXzS`Qbt5Wl~Sb<
zF>+8~%*(TPi~_;3vLFDrOkY&2*VMGe0jL~`$y0ZJ)~eSJqksHn-qPO!d+*r0)-4_u
z&yb3J`k>i9cH}MojNvwgc}UZW4fj!lamE~YmF%Wg;rT!Xl^~F|U5@#q)xgAw^d@7d
znx;*ddT@*MPMRx#`5;Z!;qh-23}ypF#1X?~qs0Yu%t@qN4nPxnkhhX18oVkxPz|ey
zq7%N5$?x6gsCl4My=Z9Xs<A_i`8D!=GM~>k%jej4`_uCMa^I|GU&j94eYfv()aTk7
zx>t3!ER~PCkDj@zvw4Yf^po|neS8_m{$BhqBVJ%=nGR>PSo7=TIHP$MpK<&CjJn51
z%a#uBTm|0f-S3F!8ydP-cQ!3jkAAR5zF+2><@b?-P)llTo=s}R{~UEE$Efgwt)9}X
zFF3!abM?eVdu}~nWLBy|NBn_K*;2;Tx=hyjSY7IQQ(1L+)?qVN3;JRLKFAQNiyB8w
zqGnQasH>?%WN*x0z`NoL2nx1=l-_8}Po_hWUQn*Z|9Asyq7aM60+H46dbffeEzR%e
zdPu1lFQJTuSW^J_G%PUD0X*%R0IR{DkW|5=-v|^Ve=T8u@ZbU(Ud13#9MJH)zA+6O
z%Eg%m4crM#dVOvVSI^YdjWjb(TGV3Lq}0?y@eFam0U=<mCbL$`0Fh5tRxk}pYh@A(
z!$8_%r!B>C`FfU7yg_qvzr$fQDH%Y!^o3rX20mTA{rr#cM6#KAcgCaB{xl=+G|GpS
z=-h45;O1Rru2CbtsuoMdjNQcyeV}pD^_?oGPYU+*pHn9DIR#6U)KznGU_Jzupq$Zz
zmuXHc(Pyv`ICJ<U6=WdOWj<kZTrB}^C=(NXNGZ#4j7Fq^B3iBXKo3Jp0gxMDsFV$j
zw2O)%C<13x3X@7sn^aaj3>l>y?)qDH@}_?>;!l!MC%nO#{HJq44PE{?Sa(jN=&kLr
z$cN{15<GQip|2>z%V`WECUO3E-;2Ic0LVloKtvYQ#ET2&8qh@EwmOY7LF^YBsWG@G
ztfa1__EC3Hk5PRCyJiE<Z`n)X*$MqXd{-GRw=dKDLj3=Ad7S{F=F)&nvNxO{2lh-^
z!`?aly|oidg0MH(W8ZHNCNp_Zr~h~W)c-EOr#D!VOfZRwwHLidA9Al4lBDMBomeZP
zf+a!x7(K!BiGj<2^5=p``M)gyb^@v-*o!FQt(@33h^Ul2t(qEv=YWOOM&3i>L)34m
zH>f{jO6&qq0VgN`)jzX)I^YCSc<-A3GEV=O-}Be>kIO-e{<ru0zxjMDuS9fS&>rf$
z=wji2J|uo^!HWk-4f4D6tFHpoe_xY`@>|dHdxj!>M1$aUzy77*(O-aj`uX5_<p4+w
z{4Xx+SN{L1jo<5yUr;lBY!A=<QIgA*AHiT9E^k`r@i2NnrSXW~x0kfpKLU$BvbU9>
zUP0;cee{0+OT4;c0ws8L#}eSh`Sy=K!lgeJv>ns<=>jft1}}XZN#uwE&x7ek!jk~O
zCk{w0pKOTH5(^hR^LgAjgE+_W4Ju9SgMFctnJ{sk18BLwtFmQX1wOW}tw8sVYHiul
zz#qUhD}eTKcXe$}{TJ1>$>zrv-SsADs_gPttZgO7bzoZSsD>>q<iG?g<_=$aU?@4>
zl04nEV&Q@2wv`KSEqD%nvNXRkL)JZZ*XYv^t~fn>ZbkDgOYw2&fu*xnwlyDExT3B3
z)`i3#?g9mgpL2tNEvYl6jQWL#$IlM?mQ2cnUTdG#3-cx|>D+to-cI_<8(#4Bzrt(h
zMSL&Zkoe}-Tfe!8oszZ#bK;i?G;AObD98sC5MxuADEwwLrdSd%kxazl6Ul~T1AETv
zOvdfC_GH}Y&G*ATW3CbQ`ST}$32@yfixEOFNqH(XD4|w^gr>qnQ^8s#pv2+}l(JSZ
zugCR^1%EAq9U8G6$62h8e-0L;&Vh8CJQquL&N00z1X2&^;}7^L`GprBAnz<G4tAq?
zXde6aph&I|K8YGpBYW2GLUBvng5oTMY%1vT=Xk(T{OdDCO`y+{1CDyLd-_1x;YANT
z@IZ1$I<)FeAU(Y3si&SwR-ztnmHLcQc?RM?a#mM)L9aiqega&Nk9|^UpE~YGi=I%&
zh5bS#rdWvEEy3^IPvuiJ#9M>GMH2*9KaHuoFm$;w<3kBOl5^>eK36DG>~Te0girUl
ze8i&~&Ji}iJua>U0dS$edyxq2*B+@}q4{7MI{8i#u&-b9+H{y)u=IQs1Yi3t`aQ4=
zANMrsNB@HDW3F0WegBeWMIB2L4ar-X2iBqA&+dLM`B*%LUIXGkz6o?!eR#FTv2b<h
zuH#P+ZN2`F_PPz@9&OJ&vU=FsQDxTDH%!Y99eDKT;+8b>S__x0ggSobiR>$oO$OQ%
z!Bna~bz*TDS2S{QCz?Po(IJxu4?X-+21^uAqa9$w^4{y_2AW5;K7459<daXWgVOpY
za0}S8DRKC=D_*O*MmDr)u?#T{b3iqE=2B@Qx}pE`rHgONE?!hRB3px=eY|@jdgR^3
zvoc$TNcCGExqtJOhkxS^f(2_zYJs#h&1Z3GJpTZ}5E$^z!0*wT()xe_LY0F-yXi4K
z<pKO0Qh>)5ug*jOdnr-=buV9c-OI@xyJp#Jvs!DM&iyThc75iG##!{6$2M#{c5LH@
zV|&qer_eC@vs+g`Vfj1QHe#Z}NN^ZrPo4rY#!0Tf?)=kl?h<7?_qDXfonn``VkrIR
z4ae~HM~`lN3Vn~B*>rUOvhm=7TMHrB_aqRb@2E@oMlo(r9o3rh>p`|o1pz`pP$9t&
z9lf{-R+(lxe4*5L;%L%(U)oMwcqfE0d~Zqb;>Ep4y{x@tqNO;$VwJ@lu535z+v$Gc
zOWd!&anh`trC{vd)2H|D{yqGQL^rGo{ZaTpKkR&I$Bt>!chFhAi<gXOTZ~>hvb3yF
zugCYOSY>vxaK7*{ZyGXw)wMJGPw&}#`mNpQY2aH4-p1*uciN5}FYVkxP}MJt7JVzC
zDFyDAd6-8Y#-l^goR1e`W9G?d!`w2h0yNP$j>ZCjSbzb{ozXh-27rk61$0D9lqJ$T
zPRVk9oD!pbF``JwMlnTir0Z1>jmKkO#;GK3I6U|Gjn$J2oiy{b26AH0h-*cOQ}QC6
zwsE)k@29zY|5}<16ugI?)BQ!?7Bm-m3eAOZ-`iT5Q4#c3x*BBee}K|;JKskW_PN`K
zRA@9{k25Nl1;9ddy)lC>_1Q|Az2iAKEJNGIH{CFMl)(U|TPrl$>h+_OpQ4*GJT$|x
zhrvQH=K;0RNFS|6*FGr+)0}n&>W#UUD0%_y@eTLr-A1ESOE-ae&wbv3w(Ccay?H{N
zLIG%-N>wTJk+@js^JGuA?xOD(oeRG$LO^l@DT57pU1@{fw8Iqq{z&&Q5mgXyX5!X~
z6Sr=re;f<Vk|ZTDLzd=~kXG5VsCQ96g%3SS?Uo7l*`_<D(A1PWOtbA1wtx+!&_r+s
zOc(2P;-p20QV5gl3F1~XAsjI+m%ybDP29L~BAT#8uyYoZ={8K2V;;VB5TEuxJg|T#
z?Miw6GU?KG%-~|%Qz=~Lge^b&=m`P+FF_h`_MGsz(+0Jhaq(#|v1I~jM4UW+TsU5A
zgaEWlnu0R<*90~TFQETPK8opqOw6C0;oC=f$v}0aF%8KE5OEV1BP|;^3ciwwQm1fa
z&-kq<1f*UI>a%#I0EMi69oY3Te|&))69oP~q4Qf`0K4$<W3a2c*ss~)w|G1j{|=2G
z=iWGQNa%D3U*Jdc`NJjnD>+m>uTzu)hZ1J_lv#W<hErXGQZxBf9ZvP~dx-<38Qu*c
z7_2Hd)A0=2c5}AP$YyR`_}BY%N}avO^Evw6O?wMH7S6F|6EMAHR$4ssf*a7$hhObA
zIkTLyjBO7d1bH(Jx{RFHE{EA~$kZ)$OLFuXV%toa?X#d^N46qt@rYgP6ds@{Fby46
z!1)}`Y_YGtQl2&LGC>d!{Pf~)q9c?r@ju7W9OkbBI26;xTnvTYG6NH0b9Xw>X;5HB
zpMdi?4Dy(_l216%WC!}f0SaKF0~~Y!jRTK84gOs#p_pZq60fiYxGz^wP1GoA3N@8l
zjJeSrm><2Bx)1ZCr-@fF(o5aMj+e~XIEr5*dAA&`H>I5<M99vdyMS0*$4o?_DH4bk
z<Jq1zae5D*9>xUw#SCXk0SZTOjs)m9J?{aE$b^lt%VR=Bu+uN1NiJCeb;J*pX&{El
zRiln8;$u)3iKeg-c$jLQs3Qp!FQ1^*n1WPDB}%0dC?rOZEt4z6YOw-HWg>}ECXt-~
zOs|JZsL?=Wm(>cz5|c?H2G&y+i%bd)1}K$HG?}1WVK6A<JvgouN%VS&NC`HfKN}2E
zP7N`uq~@d(bvl_Chj3ghn}XByIvi1mC30}}iz<~0a|BAIO0Sx#RH}_?AeRHRQS}F<
z)~W>}ksL}TGBKxw%#0(;`~R)b+B<um0}f53bor6PUqP8vsgx$a`%0=PJ`J1IVwM%F
zMaieYzkrmJNjL?Vm)IbYY)D8N-greKefbRu9+?07?sJ*!^Y7$r|F;UoxBUv|r{Ak3
z-1nb~B*+Noqpja_GVS+ZomMsi<$f!c>AnST>tvZo^tHk8H8>|xD3TiZDS}@}RZ7_x
z0Lhd}2hx8gQ>$g4fzRY>H4^_rq17suEQjl8m4su(+T`x#cS5a#-eQuv(b+!Zk&Av6
zNuO3=nt>p#QdFilhNl{`J6{Qm|8tDtLAZrzaTMynd*Hyz*U@dL2i^AiN^sy8;wM2b
znDTl${yI&K9(Avv*K+Tu{(A>SK=z;rlZ{UaA%;(b_HuQUmGV#%@z_~TC8(?Lob=PZ
zIuoaH5m(W?@;edV0$x%^HgH9pLD(<nAn%`$APfLvuVWzlufztV9ENy61l(+Vz?6j&
z0Fen#axq?q(jV~$^c+pf2FPthtlvWhWiflo9vnc5P6T`GTfr)+9Q{@frV<0dBn6Qx
zTwZpgL#>2BR8x3G^#}LeG*+cB16ImNCUz<%usBxlH7gV{rvaGcS_#1?kjId%xHCKy
zY*H!k^YD-%a<J~oJ<!Ougl#1bxYE3=rBKN*TlxL9G~RU3UXQNIkb_eBIW0pGE5maX
z9BFlMMMlhB0pJh1%;o4DCkKqw8l0IYQ9;<b=&B9vw}gT!LxBj=tYhtv!^md7BG^T*
z$?oQSbdX_qP%$HZBgxrO8zzhE=8s-jA~V|o7~Ic<Z#44PeH)#D05{{e9|@C<bsXlQ
z3u%!GcnDoidw9amgWonCj{M?Vp51WxV1lC|Lj#sh96a2B-tL}?xkDTm!Rwb?4_Ux4
zm|2|K{VU!WotT@P3qICc)nYU4mLMD4Gj}d()>{n*Hd6v!$v;b+B7?!I2PfwKr2QSg
zuKmO$!$Uwzi3AurfrrFt;U#c<%W)?y0DN3W|6=<=9<U6X$x2!Ll^Mu#^xPKUsqcHP
z4t>%*labT7Q!yghoEG$9{Zr5WidXRIoH@61Ix!<+I0<w6oH;-PtaIlc<a7*;?;}5m
z-^Z8e<Fqfl!R;^Mb*X>t8^D~T;CCET7zDWzcr;|h60NXbZgVDRoN#qZcHM~P>cVz(
z{dmBxTvhBWsdE0h2HvGICE7=>vgzg~{{YNDu64DKb*g@@P1#iFSI#&ZS0rWv49{vB
z^}pBzCecszkxh@b-bI)e{T0s*`cPjVxg@cOTtbjR)6bgTk0H++qnddX`H08BMm!m*
zv*DN9;344Y8o*m?^IGIlT_jALK*ALH3=>4jlKkk3|FLz61ft-Mx#Al>yg_W3niyep
zpW=PlF^NHc;FnsQNZ=XlEp*6c>6kyi!(yujt%-ycS$Y4H13JTlzEvsJ!s8tLs`bH;
z_KG>+m?9P>K$hx&fN*D2^YAx;5b=7N4@iohPx<A}iK!bgBbOc7LKuQAN7UfBQ@3f8
zI;uCYnrYKCtU>#fO+RLgHtL7E;$j`t>3_}4lrJ_W&k$Fcckz40cd3$%=7V7WL4!!6
zi5S+RXV)4cYSnK2g#HOS=#A)0cbDoTTFuY&>F}=|r<d;uvFW$QqkV=$zq|tSUX~Gm
zr00>>qLiQ?fJE}EmM=Pyz82sk#O?1R?FZ6sAeH>g_m5G-2#(dSYFQPr;swNdfY|!-
zW<)L{NArG}05KIHW~7+B#RP&*C`&Q}zx?rg#8z2YMvG6J5Ysqd75`O<8>>|Q_40JI
zLZO1!K%=5Mb^cXv1mD4r@AS<#_zr%2Cy=MZf9Uk(=}8g3BTa5C#ex23Z~*f<feUlk
zck%lo8qSz35<$UnkrZ<~Mk}G2V*UY-@^}ysHKf7YeC)f^C)fP$j)Jy!d(G@=OMAxH
zfX&*qdd-M?R_wgv&ErR(F5@h9<uzJoStt_!{T)^Cg%?d%p|5YZ<`rrpORoD1;J|`6
z-b4G)7cchQ^LY~pp6vVXbl<^^fRP6>XO0}xJ$2j@e@w~oIbmKCQBurBX)#A?Avg^>
zpz*P>fCTu`8_k$!)382FnP~JWr)h*25m@Ix!Exv)di0rR=r9g_gO0WWHD0{F+zy5(
z?_^$k20aQC$vf$=yZ<#quA%=mx0?>*08Ri4(E>2@&)!X&`rik;j{o_J6DLkg_%oP^
z7N9RS0q8vrcA=Yck{@Q7k{>D*&~3_s?kp2@V-o&D(*Pc=m||Dqe%USbNq)D^<H~`&
zWMcqKh1e}<aVFrIW}=~x#zS|o;neOOL48bVetF!2-!SpQt3SJoQPJlc0c7v}Y{7W>
z;pLNBhk?McBfxwJoO|`|byv?+SIg^KW38=`+>tdkLq{&IS$)^tYp<K4bo!;WEyZok
zr8y&NYKOKjtX^|3?9c!0n!}#}=|ApV@I*9_v-FO#n@`=2K072bqc7L&oT?wHtf`Ae
z>a*+H+v~HhTe*7YWVJU}9<L3T4iVCJTx!Q5V4)K0q!{me^b+F>Zzg9VNO2(MFOCI7
zYAO>S-2qOU8RdQGvL-wcb4ERU`KKlnun%p$@7eZy+n+uE)w6c{v)!;3tP>JmPPxRT
zr#;)<{j6O?{fq^KvYT9lFC`b;hqfl4<`aPbFT%y*XYUhkC)gu%6#D}~<^UI!o3!4T
zMnn<Jh|DUo<sTpx(A=Q9UIvr?_yPJL<-d0Z`rv~<f=MsK#EJBSocIuII_pIJd8qgA
zn+1QpoBs}a@&MyJi#7^aiV8fpeTCoSRNU*M+E}Ovk4T1BCgEWP00AE$8=Em=3KQkE
zfe7(PGWmd#$0`sY2=W=s`Gk!{4zWoK1&j-w_)jmeKpc#hxY(ghp;@g}YIVS_vMH3(
zth{WcVpd?dUIzjO{q4Q30L>Uj*zGfO+jTmpTVLQBJF?Mes2FNyGP8@alnNy$4d#s~
zs?RC3>j3>BT5#bcI{vS1aPPZd4IVAx@QjuF_Z(>q1=LQBI=p4cG)IP|$Ym9YmTDTT
zw!(#(&c`0jU+i}I8a0}w%BGBrl3Py3^PGB@MjctVa^0et9hDl5g3fT)hT58E%-Y<D
zl4#oBcmD|51saI&Z*t7*2B|h`0yU3XO<hgh060L$zeIeC_`SqS1pbd1I}RWH>X=Ey
z5mjtrS;|GCu|PCtiqaf0iW3pl9TV<`F@J#b2l%c@a`7>QZ-8%uC(Tr`K-5dA@lnvd
z#23WKCHz%^h>@WN85S{uq0yke&lu@BZ=&1glx5`B?0#QUll*Ik(N;QTN~uHF?qS7c
zbI@&Xmegq8-(8ct<`bpzpU%3IrQL<a<BJQsOHbB0|EW}d;;KDa-c^`8FSoF({A4Z4
zt|=kK{hrb}podXUDYY3pyq<QQqtsaH@smnQYTg1pKyl?q=y`MmJ^#^_SAGO4KsTuP
z=-AH;k{Pw4H|}>Ag-Y+v9W93%dquJ9IJo(^tE9v}ZP9%6Pxt+Ah-!g+bne}yAvmrr
zdvtc&_|`k>v|mZ3Uuo;^XdTZdO=!8JUi+m~`lYu1juz;zg|gAv_mpIpxbA-=c^{f_
z+*Mp*pE-ZgG<!*j%kRP&_hgTjL0mOnN6C|2IrwSe!ONZzhX%{DI7*Evz#-IZYAMlf
z^y!JDI2@u=XJafP@}yPq4aCNR90=?SVL^D?3Brv8qPj4@f_Mn6!$t&*{E#sm@sKp)
zLV--gVS`7oY5{3sO!RVhudrdl+$l4>&8@9o|B>OPp^DKf%5(i$i-YwoIcIu?+lq=>
zyQRLyt0BCa2Im}j%9nT~v*~M@3NN75n3K~wOZ;*4Qejh3sG$f>8!Q(4sJ1!|_H>Tw
z4*S+;WGopSnx&#O^$|1en~_)NQJ<=dD_N&GSFBnv!fcnI$+j5Sl5a8<qE#WuYD4>9
z;PQ68*;%lh2Jl^9wA^oo?|EZUpEnZixD0n!MAhSY=oIf$Ud``g&ZAZmYafrB_>$nQ
zQAmJ{4BixlN6cXjYL}Z=O^y&oB9gXB2>}n$st<&Ts=d#^qm4y0;fR~}PC#4{;GD35
zxJA?GQ<~qxS_nJtyzTyd<rU@Y)~y5zZ;pD`x?mu$arEfMJhW%Xngul{>Z+S2J$-FY
z`xJ2ELx%Z~ffE{MR&|Fm#E>(K4E`R`-$eJRN|l{sDwAIhFD+{uQC?=8HfuUPzOwy>
zE5U0o%cVJ48;_a9{(v*fWN_qll%h8+rE{C_tYES_=i3?cJtMcDEa-naZ!DZV(d`<S
zyk+bo&j*4PJzeEs5(7m~w?sWz>z-!NjawMyvN2=I%DXPH4c8LuED7)^Y0i_+1Ux_!
z{t0?>DHyZY&>60`(uRUkZ<As#sJjCG_7d%M4{Qk>oU*;VaLVGwYpls*sFnWeCs_EU
z7bxbp_?u<$m`(zS8wZJ0jJLNE@HKhMBQ;qLQt&D~<eLBhMK+#!fNG*_fe944dC7>1
za8=}oJYX}hc-SZn{)YNsWutm=FZlNX^v!MYI)jO2y@qh<<fDm}mc-F#@u^s<@MlTm
z6At`o#ce>r=zAA?>PDa)$ZT{$n|{MLzj<_XMfWgIcH827JkY;Apk#fxW=4^^9G@mH
znWYcvmAbV%SN`e1_yc%d)Z+g5Z`?M5rkzrpjS=`4Vp=6~5-oNzu7M#%aS^Og4@WRi
zO#-S`%AF3cc#C_V;8cg~vGZ^~M0_E<q=*_Q#YP3tC{M26esbHkqV|fA+o_j>n3iT*
z#{|3*gT^3J15AFE57l?X#E@a*|Bfsj8CQvwadFlI?VkD-qiXa{S-GB(LRh#;!7^g)
z&@8|(v<beabLq>}#wz)CkW*0`GepaVH%x6SV>{}U#d5&1V9D?1<t$O@GYw7%n45>_
zefimpSu|N|)Ul8OATLO(tWjSukO7SVLP*P=s-pE-b&Lc=^MNi+i&bG7^jRLu-G%Ar
zp*+s-MS^~?_#6IwGQdHG^ap;h2Dq4)Aiod<K%&uN62Jk~JQZt%^`Wes+S;5f+7b@h
z^73rK@MlFr3cSBKKvDw5=zC}29`w;6lgDK(tg^LBl1=Et=RoTV4};RvaN*U<W53;7
zPYN6Y_Iqvz_WKxVdng<XgwZ5>Zl2AamkYkQJmFsEW_0$z@MfBpG8(w?y;p$q9$-JT
z^^;`v@;{7ubiQxL*TC`hjve1n-~z(*0>RRDr2H)N{H%`_psXU8pCAZlJpP90BbVp`
z#oCk_nF5u6t#v9SIuqS<{xn+dqoG@rP~jEgJ9F?Hm7x~1C(*kmhI8q`1jf@p^$ulL
zP)GMk`0;ol$=4~zTx#YewSsi5sXBoUuo5u1-sD&49c_kEqBEkPkET7Mga^Iy!MPcr
zjh=+u7i<3`I%(i*fBqR|RzOep8O|x$oc<TCh8z3;cF8<c%+Cpg9>HHu;B&*qlq!G9
zVv}r#r{*Od(wYCb?4{0p1!x2jwdQs7(SiHX%kw!PzFMkMb3@-=IqRuwMvlDZsaaEw
zH(X6zaih4^9}GA)&jq?04*>h?$#ZFCzB9a18f`}}5e&5(wn{DHYa~!QX%@cxO?;Qe
z+G`wvAki%(UdcC2U%2M={b)eDuP3d~c2TFrMtBV+RP(gCIv-qOUA7tZ3&b{0me05k
z+;EvNk)?3v;6muJpU4ZVa9z*hy0&5ZGNqBm&ysisA)-4TG}1upO%6K6@eM8!!0(Nq
zLl2k};t|I4bwmr@pd;cw7nzH6#esbI^CkHEigx8bl9&5%uG#9&EmOMyQ23G){0abk
z>Ubz<F&CW7&$&0-WN~IiRW5=z#)_2^RYktnY|cNKpM6iZ#p2E>QF-u%R`{d^U+B?}
z3|lPtmO1z5SS+5rGMwpFR}^^7369IMI30{sYFG)bG)NgnYCt=78l@tT;k4#*T(;Ta
zV5L&is!}?S&bNi!0kcTT*!jF%tHTCGQp0xCXOPjf%mCusalqtHW!eENHC@v`a-~7a
z!3>8rm*;)V7ZMD@?>IMw&B2?aTvXWh41|a>zF>nL%_3ML$Y%~QRuS#B%(Hl}^H}Fu
zJvUC-P#f>+TD=g2z@IH%wr*%f9EdEk$oYiD>$Nb?p06Tj@TI(<Z1wV;M^>%K@_Bi_
zg7hhBkiQn9QCvqg5<e-fi0>zw!>)+V;E9m)PYgsa-$%pch>K3pgL)zFS}cXX*W2HF
z=8T9+W}dm2NGC3aVf@UQ{$8?sItc8~4{#h(i9|pCF_+{ZYH%!7Optl=<Hg5oSg1vr
z<Q)<`L_Cw@b<{^XXC_X^vlELsBR0zPZF}-b^!<|%?H|7Z2e)k)4`x9E%SVD}KZIb`
zcu0{VPi~VNkB=r<qmLWq!euyQ#)+4VRUZ|hC@;Ue5r|?I$`}^5nekG?rQN&4c%#{$
znD(*M`mRxxUqSd)<*2Up>mS|#zpCoMfv%3Kui%D<!TP}zQ}W>rWvkRm^{TQB591=7
zdR6KAhu4>`QgdDF=`({#CvJe3)ZlMjMYT{})HKXZP*lF)Jc#!<DELM*5j;c{k1lbM
zu?rLI`;Zgp_>E=Wh!_(jc<CG*iwb?0pFaaBbrxRKF5u=A3-EP%I7DA)nRg^ts<$X)
z*;@CeQ5O2~{BP@Zy7*XvZ;Sp);B$G{+Y`6PbrD_td8u3>9Vd}Ut<rAk`!chvTPl^<
zB;zERS|txE)1!P)YuDoc`^J%?Qe4a`mC!eb^wQiT^DKo@HaKdNTLvD;|E3<_Fn;@q
z>(X@q2f^nZ8`tUTL2l|od}rGi{87TEJjvg?H&vBZJ0x8{exelS19`U$r6*q=_*mKn
zFWVLZQDPRXGx-B1))y0TF&!}yHpN&SXAH#xIv<=2oWMCB-OB!SUx=B%XU3P+SM2>F
zg8qX368U29l~rHP*y8{V+m|i>e)+QPpaH)5=9}nYCh;>2@A;-z&eLPhfI9i>E$a>*
zT-Wlt96fbrEPei!twHq8kU(Gv$PQAx-@cS@?6i%+P~Ni(*>SjoI!c`)vqRczcgl_Z
zWpVHe`M$KGlL!1S??mRJVwT}SGpZQ80y-GYWkoatPE&#4AyaUZc`*p%KbxF<*6xSU
zZ-W>9o2x(~iO^=WIf*pkwjIZS0#pI{@f~ep&BZc)8%o&xXD<3sz35pLE%~|BU4Gl9
zO*Vh>zqkZkqma&mV7gSHDQ+3oTITbWwGL}3Mq@6P7=>?%Z#*Cq<ohl`+9Mi0r75ho
zfq6+s(4vSCFrC1Q8A2v70Kdl$gkYcF>bD|1A)n>U@Sg;RScu}8{BASX|1N=%0+|Gq
zIUQp9k~lxfFBOoYXPc67*w>#xsYL-V5|jzV&Rlf(p5D8}&uk|?WAq%+AYuXlFHnAM
zH82Ta2jna|(d<JD_x2t_<tNeJN5PzR1&4a~g6sWraQdQ8!3}<<r+JPaEy6_#*6}4y
zf)_}U8+^@k@ui=F>wUNl4Ejve&-*JhP-VQ=C_#)EB|c4m&c~;N#gt8y$3TmkLJnBP
z;t{VEEb(G=glGb!{8{LD=NJxPO3nWUO)P4pXKy^Z5&s9@Z|EMoapTzT4S$J`IDdCX
zdCs`TapAG{PFQafF;)+^kgYb=`y0bUE1O?jeSXy3+U2u`k7j__#Q|o_h*`^PW_O%l
zZOIPMYI<TF^GV%ALm->BcdT65F>1w%QK>Wf5#BOpX#M!)B$L~y!dC*jh_+bA5zhv+
zNTxP9&3k5|za3xf$t(yj1`Pm;0eWyrs36n3<T$X++~X^@K`9MSG|iaNlx$Ynipfkk
z4X=d<Qu13BWg)%FgS(MOql*!Hd_xRqfQutySsk6Y0XlEEA$fi@Xm}SB%)`+W@4kzc
z%x8w9;ovCwCB=xgo&U$X?=tuH%g}Iqz5=*}{yP%=$Ucnu4<nU>XRP7WbTUgp@~U|P
zO5lKbfYpFV1sLAO(U0SJAtItLKo-A%pXR|+Q=T{ohA!`f$V<MUmc>yPPuL;>50_W5
z!Nq76u<}6kf=9ssmZ{hW%2h=cvu!V3v<iK$@#y5NSexxpJk^jl%4DHSxqHGstMc9g
zC9Clif)%d}7u%EFY<XD;x<YKr0<C313GIis&>1T9Vx1Y7@|6w;XkH(Z*nNe2MelAz
z?<+FJl8M<WgIp<XKGvX<Nu>UdVyZwFbX!6#kJiK146R#|gHA=?(JKv7U}!aj3^^JQ
zsI_rMIC6$w(*;L+Y&jEDQja$I%u4~iv_&O`m>4Mtg6a3wigX&&2c^8NzaZa9Tw)7h
zqdb^qB|e4l*W)QX4G+T^x#UOaSAN6LrO|Vjz&p4i426h<KgnBeuoS`s)5RYq@chMo
zQQ{mWV_(7a+@iL#iMB<6A{Sl2lpRg+*HHs<dj8iRr~3r3XC{8W&*k(p@15s$SDAPM
zUz$xRxOaH$1t*@@Mq-*QHEIp|m>V-HDXW?oQ2^ut)_7bo0`w!Kll^QyUFS|g)?Aj(
z=!3h~x38ZCTQ+XqIE>crlMesv@1G5q?xQZq<X8Q3f9HK0r<Fm?Ug=h_3M9a)t<t?n
zCOd{Uq7t<6m`tYGCw&q!&<dF+rTY{&>N9h5Gxh62_;0UPA#LsIYLzOqdx2U!dunb~
zRqkG`T)K7FuB}ozPE<*5J$Ud|2`Tu*tFJym3KFe2-j0Uf(;O_Ns-}if9n@56F0~d9
z&dYrEQUB$cV0Q{=fxN%MfwaLGg6cs!*@Nj@kQhevCBQ5E2?-~9*x=aDCep)NX0_n|
zD1Cj}G>^qcKIxT~;&Z%2oyEt<9N}v6AH2e!&?|#uKbx3LfQwRnctObO<DtU^UIX39
zr_t0oij)(PBOWC!c&<Cn)7D{LKc$%15puLhu%N7hteO+KctZsONXT~~qH4@5cxO_Y
z;((F+X$ipVt2<bx>+^=p7*`G5=E#thb1LEZ_x}%CS(zE-hKg%^e{kk1_PHy>L&fFp
zN^k`@8h-4t58gv7D)1#k#c|&|&KwAGaY1mZe#ypZ6RLbn?ZF%;`izyCoz{}MBhU|r
zZpZQGz2Tr!8Y^&t3RfYB19sE!@nz`8!?));(F@*iAX6-74c@TW=&$Zvlb+vq^KH(j
zDtLPa2NZGq1_0S_^*NX{(m(IS2nsHba0d`^{s2K@-~mE)4q8hbQUIY~R2$8w(<NcI
z&Mfuk7{*VXTE<ib>aVD}2HYdlMV)&6u=?<rXl|)FSdpzRba2kRYIjya2N<J?Y4R-&
zTiuc=5|K42$tcUQs74Gmc7+3;y0D`xF4KClO^iFQ#+O^vNk3Y-{<hwlk^5(i@B;VN
zbpdzBGnVXwJKufwFFj4p;5B8P?;ktStg7DT)P$0;-hEq^KKSI(!`-WWImh5Lnwoo`
zK;PhhkKR@oQ#-Gz+W@#fo!+}KBC6Tp)`!zJWdiOR@xNup)JhdkQB%MZB~s3qiKX$F
z;TRw9P)ZjDbXezMd5abTKw%J6nK@(FNYv5=K||CDe3-4I!?Cc@6ux|PagSZ2ET$Pb
zEkC!pOcqDqLJ$M0J2ci6O;<hySl^LZN8tV;ZEFtzu&dBt5g6TIG&L{Wd@H=RD7PrT
zA*up>i5lbg4|?8aRW~PEihtz0xfmaz+qY99&6LJgfk0F-VmxXd+psbNLAWWo0d7{?
zR!p4HWbzsunJ(G&Zm??FoO+AfU~~bC_?Bq$c#pA}e)c?nGnOAS>VbE|QCiAMd8s05
z1T~M^Ozoi#Q75TCP#;m>fDAzVR|ry=s4pCe<})5Qn~oRr8@YTA?TK-o0O!$#O+Es6
z;E4@TWu{^x`@*kGaDB(|LLGj#54Z!xgf-{&^oShI6y`icK7bivzUPv?m#|6Cc?cj4
zpCr(En3nUCI&dzBKO=Y1R*bt??d6XV9rO?vuh)|skjKARkl;-7cxWD?lIw}a2=W}k
zCdT*o2f{>?B`o6j{p-ucat9R!dW{iWTLlQ^CgJQ*FE1o1afi-q*IUkw8<Sg-*%)Bl
zk=&6G6f<g20Q7!SMsa~s0)RKe!TB?q4~UIAn?w^F<2G{{#!QJOXOv@}oy&j{RwovV
z4Z0jCrj4-|xP`RU;;>5`wn?#UPu6yY1T(xPn6M4gO4F+nyU`i6SqwI*-Iy0?EU~`8
zD42Yp518!X0!(+{%EbPRp*xhENuw#Db<$!+WxBN_CqkPtoW7XPX<U25`Q4A+xG^`B
zyJQJIY`pQ&-RE!M(^ln$^5@LS59O^QX<+Lm9d%r$(NRG&tOPR!%{Uy&3Ocic51@0u
z``t?~0nwonk$1Y>Xw9?+asbUTKrdx-WlRyR5sNupRud4x0<n&hi1mRcrdU(ppw+N|
zE0E{vH_SF=7>&xPcv7q}J75aH;u*@#LtF-puT&Y!akv%b;>zNNv5U3l5$@FeIT3$%
z+U$p+S;|?HWSG9sMdx&;!eC^0#>)gwdcm^0_s*QT_wHp21oY?y3vaq+(xhu{TDV{r
zqZ~YBc<cvZ%t-O9OLpyQsWH?PY7VuST2Ea=-OPKDBuKfuqjEhTV2M$?ChgRoP052v
zKZ~U$#%b?J0lri5a^X~0j12f9)+m7-vaXBky-(-i0v=r~Otf8v9|-drRiwJePvn1~
z)SFSE(Nx;KqA%k*ef8OnX(J|0YR;>0)YO1@RxHC{Gh~?ES*5uZ-h7`}XEzp_vU3~5
zabWai6;)T~=lFxc=9x2^vzZ@i4x;DLJxGs`$Yu5SKQL$SoH=^|yuPt}Y~#*1A78n2
z>B`5!m2I<Is!Ar;NPw#~_M<q~+8X12jJ3ia!Y=FkHm9O^`jX}e=$Jn|7PS5|n5&m+
zm1=`6*B1+VveXKZ+^DzZ2IG}kt-hL2VV%EKKYiEq<YQ13?Ao>I+Co2ko>V$V3`U<h
zgYK1-beA-jqGQ*phZhv1W80wjyu4)i@Dk=*d?agucHrAVOi?Q_A8E(*v>$VmBdBrI
z>(pPVvw#H>;04uS3PtI{0T2s#3`7?1Geu08pfH3(KH&s}6B`Z?XY_d9Gk5|XGWY2;
zVN(p~m5kf(!D$>O)J>Ss@EJTBawGB^Fv`;41;iANn8Gnkw#PzbAH@Nq=|qjk5Fr2E
zT*PA_YZM>j26$9H1OHqG{JF`G<86xYwYaAl$dSjPkCBJgi#P|K$vu46AdeE_#cO<8
zF<$QZL=)N38T6P0jZNsl1ida_K-)I(Q+Lz>Vg^w<PsGa-Qh5$QYtpX+&(%29?N>59
z6&B;)PGsfSJXq7*aA@aFP&xIf;HZu);L2_vnS(whNASwn+<s&2#L|gdEmv9^mh~){
z)7c95%QSX#z?>!7(AIH*0!&-`8}rcz@4mZ#_ipxWp>Hj;#4PXW7VBY#R0>R{cvh#x
zQeyd=`^0g}Nz>UO!TZfc$!l|RUNqh_T<C_Y!j4B`CiJ|s<SkSEr_m5P1jfXQPaDde
z4~oSM)Ra2!u1MyYjTUW<**&D@=E5@cFN?vdsR5YjG-(^+Hx*&N;!l6tw|h7GycYg2
zW5WiwyC~!?4sKrQ^%NC(zA(qvuXkB|IX+7yxM_vAY{c&IYqnaiungO@t(wbLIprFW
z&6_cP^8Bew=+X0%SBw}@6pIdD@NR``NHC)ke4SC@pI3msdK>>$Q~(va0KnsqC*RgP
z^a>7waoycOHFj)&2~d^d>ymGM92+qr29H!$=I0j_Oa;o(Cb=BI%F41buqGG(8S&rb
z$+@}5z?GzAvfG&YD=R}+l$VcH%$UlE$C%CMO+ksooe|A*8Kwf21Ke%KahD?^@u-Ya
zZVFI=jN~$0YYDCu-h;jZs^qfKWfrxR^Lqo?r53dWh<wWFo-&I<4p^DbK@#<h2-c#n
zUwNgXV%s(45YSRhhRz@S1OA%SsZ(Tp$_B=#9CN$GBVP@*hPs1#miiiqfRU#{ct(-f
zh>KXFc4HFxekP4@k9gXLDbk-8JrXN(*3G$<99|E?0z@iNLWLYbi{;G-V*;;G#Z&`4
zhqA=f5OM)b^oa=8oq^w$;HCd~d=bRw7?B$hQl*S0*IZH$kIc`P6zU-!OE1>qphNh<
z_-bOjMI&d>n|N1oI!~<F{}X<#R;AOidTnbZ$Szn*v+xv&>vZY(xmZH1U|4#TOk8DA
zsVoH}+X^xwQ4sTcp@NmNVwPo~M8djghrL-U)|*8BNQJZ5Z_Y8<Xc<=m<OKdYj{zH-
zjT*Knmtk#y<wP=(f>i-OV1q2I3|6YXlYY8MD-+=%s$dm3mt%kdYGeboSquGAjuDGN
zkW|A&Qk7&|Ei@w`_R`{PQ6BwB%p#UX)M`*F)xZt_WZN&H93IiyOI4DhEZ^-JRdm-u
z9gc}{tk+RRj|B_GoP<NWB%Ex>5S6>J$Qv?=dqfaG$S@)?o1vEiu~$Y+QUD{jg?;`U
zg+jxL#WKJ`R>VH5(2QhFT-Pwbw2s9MWN<kH8+krYE!K6a6&7$%FOp0(DbOu)J-#K&
zvE!slrKf?fXQD_X70b*jsa))pLm(m*H0Q{b8Wnz53=J&Ls?;OL1#`czW7SY01uIxi
z2Cf`TJV*!84k{`{HDStO9FGmVow`M!8!!P7A&T#wC{H!;bV7<u;8Muy#EFofClg}$
zoqHlGI-D}&6qL!>hyV_YCvt*mspBaQ-pV$RLb8lq+%VuXM5*foynrYW{s|tasM4Tw
znY0=9QgC8{C=@>XS#7;H(_dDrt!r=1FRZBxI14k{o!X|Jk%eK*MD=Xa=4+~Q{X;Vg
zGUeIeYLz0hKq}p`*IJ@3*t-`l$O|^cBjT-ly_p^1N|c*lo1b4xKU^4^*t4)YHfMUd
zy0kGzZ(@IhmvTR=hxj~_Gmg<yJ}IxUD2z(0Yf+{@&`?%mR+`jKi*|9AFAI1UUTIh&
zp80=9c^$G9T<8VMb~@8hg0eu!i5>!f{BTWaaY;dPt!1CAqy{`sYA!(kT3j99x+GB%
z3(j=vbOlQI$R#u%O(`!>+}9#9LzxKT1JIht3nKf^0X9_3lWJsD1V#drLXhC1#AjI*
zL)?m_H@om+Ya%NDB4g#}EyXCl_w79ZP-=B~XXZ>MEC$jaAC}t0qj2B}U8udQGVtls
z;*z!!@w%rY;0~Mv??(q-DsGvxch8)MGCRxF>Y+15aj8vm_FgfR_TU1yXS%b;-+1rW
z+xG+3uG14ef4xq-X#$vw3kY_b7u#XPbkA_I3pMcYVF^gN>r{h**2P?YI;JI748Pbg
zMrg{=<PY@x>_@jvxT(94=}R|s5B%;(<-$r(H|iG~`f#do;9u~^uI1HJ=7muL#f64%
zdJ?E7qXW#{J-@c$Y57WmO$^A?Vnj=c__HKCL}agw%)Gx82QEA`Tq2H5`<fI6h$rpK
zBPJjlIEm*UNc}uS)ZlRP4CpK5r06**M=#VWdjv-uyl@jl8dSrBARZj9Y5)<XwiohZ
zqa=Une+bk6UM_)9vImFzTRK)R@1P&&tGUZpT<p6`I|xTPm)Ei+dJhEhh!P-W=nO*X
zxhn^2W~D`V@IUFhFdK$0U0wPb`W&cVad*sYFHx^hZ)v*rk;it{Un>!<6iNGkNgoEh
zK0h=(2alUKUIA)}EvqSSzFOUoQ}o!beJ>PdH*gXOo%2f?GlOORO5(ehZv)vv;FnvL
zD7LtTnJu-|tmTm|s|D|@CZn)N7{;AiO}X5BTge<r;5>LNM_!$s7r$px^s93xR<D^-
zId^hTZzn8nUVH5@k&c^GU}uXDPQ3k*t$*D%<|;pw0SUVTuexv*Yss{ib=4N4!|46A
zBK}8@$gJWlF@Vw;=eO~`9eJOPpbOj$&(2#@Iq%5iMQgVGR<rQ_DPagAu25~)ZyvlA
zNN;J3>q<m&87oWPY&Hk1KoY22F&uL%<I}I`dI^*j$>j=3M>n}8C;|4@*PyNezel{h
z&O;G7vr$cKlk_S;bO(rM7dD_H`<*ET0phnr0s_Dwsy{XHFSDf5-%G91*~vS7kykEI
z@q`bKn=Pcx`tyYT7ht?E*(ah-p&usvc@|Fmy_7GThy&`C2w#>@oAsB8=i+?XzLXy(
z#LGOhQodF=iW_j)$~)jNQXZn^OZ1>)Rg7pv!|XhCeB0#J8y+1GH<b535xBAgFzCBK
zu6=rG8CPFYrOHxTYMN)v5>XQxs=Jcg*N!{6F)<3(MbCfVGSArf2lVZPJ6>JEh5~M1
z?Syi#>Jr&&4ql1ZQP)xj1a#~WkKY+0CbT@&M$}YEL`WCHI?UPx1khTJ#}E7Y2w}U3
zN}FropTK?zYFkX?q5$)!5so@b<+b_kj+}<9%nWZ^eqNi`VK4>Eo*akW-`34%dE9&?
z&%+nV%Wv~$7>z+v<fm8gx%iSrZE@n+LiiVNTXddkDv1o!+1+-XzZ?F?NP>uu>^8H_
zXtY_Z_6&<fr&bzq+@4CrArSB5GwoI(^RjYQi_O^Awg~j0c>1@9R=0Kxi)7@QGo5Ar
z-7WtyB8+ujF2)jm!DS#`JS4z{e`4xK3Qq%oI-3A}Fph)g5)9R!fVj^k`v!d5^zrMT
z8n1v9W>a|YUwAeP>s-W-3;ynmmZqS44*K}kw}g4-ttV-A)x5(=>McCqz$=m;&Rdn9
zeUj9z=;Jx?4w}Lf+a=HDOg|f0D#!>U!z{p$EMojemJ0rPIVzxDoxBnckWWxg9~?>o
z;LX))jR71}YK1nOL9GT2Un*TlC=<}8{AF<zGmh#Z6ePh)W(2)t;unnczZ6)CV3&f|
zEGVd46DKwT!ncSAk|o@Y#{o^8Kfn`^tXwK}6nlMO$mu=hvxm2YN*zVA%<`^P?L809
z_`|J_j4ZK@Qe}WG=)#TPT{Y&0-_9O${me0C<=JJ{o~uVL^;fr#>1r;K(GM*g-dPCb
zMhCOWYBx0(HPCU9CnL+IkdFIm*E7E8q_&MCuCR}s-4$GTw5RurN!5}4ZZFt>8vwgz
zzr1g}ziP^~E0*qxzBIWlyCTzR$}6AUpw=un%+RK6nJtf<T4Vr*+Dq1eF}!X7(QgbC
zr?=TWModBn1RNASkG6{!JR>g{VaYo(8H71MHUO8*4{$F0GuZh1KlONn5(XA|qZ**s
zO$bO`L&9zApnCGOj9|zHI?5+Em`VdfMkG3>pO`~46CRxZ#00&pB74c$rTY)hTC^-*
z>@j9}V<j!wbNA00tVsqwdZ1RS@Y$h42E7F;mA5e}&CoAx<J3J}8Df<^%gUBDTwkzf
z#>%FmMUPJd^G+;YU^CBeYkF|`?7Qc#G)yWRS6UyiZHFIUs<2O|WXS?<Y4|cP%wD3D
z>mq7WoC`;_YCL%n;|ewIC9aSIFo~3|tZ<@v&0Dl#<@W6>!RA>{UGo-M(~?wrb)!iL
znlE0EK6RsS(W~g&?vdAkyDp;(2H7)GJVHNZ214yH^)!GPFdfi4z(74S2I^*xUQ#1K
zsavOMhZ`<=7=GR-swDVCtUt||Dk9P|{GF?bLb^yz#zr8F$$Q}9j3$P61VHQ?c)x&z
zUdY5#NG9<y7YmT(lk^*$LU=XaRdE=P{y-{3fZoC(cn-Z7^q5c8G!ai5OCLV;gtinc
z2AL>x>TCncp4wVb`JhT_R2e+l2Pd2YVo-t3qMhjMh=v+;Q0scZ)PMI$bQW+YmrTE!
zSKkB)aIEt~LHW|92eNU~Pl7~4=6UBS^y8@;zUZvp4H8>t?s*=FPnl7_saPq?0L-M#
zTTcQ0zW7d)AE=&!a;%5n2OL-exY%R<Vt<0D0NBx@+`)F;9N%+t2#z0hncP~J2En35
zyv!M1;#1mlIj)wbm`GfSiJD25mP0dwj5wo-^_cqSm^^F~>vu4IhyNdTeKMi9+x0M^
z2ltc0NeUklmYI@AfDMcWwnrqhO+YqC&J5)sVamubp@btpA1(;m?Lm8TT=LFDWZ1As
zLO8;4ixz?xhp(upSTP)x&EVICt8m}@5w8pRM0QLGL!SS3n0FTNv%)TdKE<0VxCBdC
z7jd^z1p#3Q1Vv5U2Li(UQ4V-Q(@QXmh*O-$Lf&MpHx%;1r@cUI>dz)&`r0n^-UE-I
z(+`>GcSu72vMvyKVC&Zp&H_tA-YuFf@1r;F`X0@l`V`6CisPW@?(e{!si(Xl__u~|
zxFI}x^r(=>8@lf9htS)Pq{A~G`U-6IggQI#LT`Mq1xViwdHEP9`d|zC{@oC<-H=_N
znD0{G)`t84avsN=Hff2BjJMVP|2n%8z$U8n|K1##Bu#Tojy7%6CTSY%1vE|5B5hMn
z5u{KSkh>t2bD>aya;$_xp^C0h4uL|cvK$sf*}sYiD+O2O7EoM4(Bdj9uDbqpU7<}L
z|M%V`ZOY|;Z8I}(-kW(d@A|%PzW2S~mx+r;Fr3T;+E2z(N9ANSBH=4CVu4N_m+P|0
zikD<bL1E>*SroTPf<edQ#E7F)Trx+<bsiS(Od-ZY)fDXul_hg@(PS>*sXaPN4AB|M
zg8;)Gm_28EN*;Q~$~x_;R0le}RiCKoKEHn#(NH{TnO$v8icZPvkzjDw$3A#-%irrZ
z;C9MI$19vFRa&p%kCr58g&3`di|>`6<Qw5+xu+Cz8#6ek<Rx3S{E=K$!Yc`BIkSh3
zjbD(T@W8f`flH6d7+K~6JqwDReM`3H7pJJlHU>7#EMIqtTaMl|!gqS+2FeG?Q)3xH
zV5=vf5lSA8yX*-3oV?>1i#ldt(x3^x9JJ+u!qtCjd<imXT?Xj8dZKu%Jv(0HI7Sqc
z<1MC`%$nYb6;_psQJ!H0wWr_a!FHQZHCd;!e>TEfw#f3ZwP1k;o|!VJEO<~S(=MK|
zy6m9|{idTnnu4)oeCtu*?HQ?gFuL7eBjJA*kVCQQ0dz+)Ge?N~5k}{{XG)HfD4iHr
ziY<w%Mj_QXF=i8IOCkXC1yID|E35lJ{ZiG72i|&S?XKvPe7-xcP-)3=jblDOquv#c
zKgAVfk$8`*s~7%0F+-+_XNCp01fLtq$LeGmR%?b#Z<eLQ6;Na*4CiBXe5SSO24J-H
zuYY~)=s)*1`1;JB)8(O_$t!P<81Tji$MWSWJyTf7X`<!b-#>Tu{d~Dv&D)ZSIJH{Q
z{XO<%3n5!!zQUK{dPx8eN>-I2Q1+AvkDPR*Q_s_C7-sfi&zw2o6SkT925l%uKhOaF
zP(Qok%WCMa{&EHCLe7alQEhnx4X~?_mR|Eic|$7&6X)^gc=eaCUtkr!ORr|7k9W{e
z&X!B-Ot^@3CI!?|2;6Rg%S-s!LKq|)$Ay#bcINc783fU^5XSp$5=~-U%!!!zc)W{4
zrXo*uulV?0Rh}ZF7mMy=W8#fDrudlgSh)8ZnMZnf&<#%y984@c?CJ4jO=;`d(wdr5
zu1jeR^TuqF3)!I-Pf>Puk*CFEx<=xzwH@bf@)Q+$(BnqqYpF%dmiD`AB7ILXm^Bk?
zMOz%Sk$=S<D;d|IOKYw}FFJ%CLWiIiE@q}S&JFnHHa5;>o8~scql_!?JeK|e?8fY9
zk8dR1!Q6%e`3M*aCW2|898<rApbD(O-+ybtMz9sr!kwTIybS&f4uZGA5%5=VM#5NT
z=_*t<G+S$vkxim&EM4TwO6Ut>Hi;5Lw9S@7HVO7Zr1-sfj|=92I0e#J;>W?ObIAl~
zGdpp%1c6j=cv)zMUeN|~csKsYF`HPM7iyr}Bbamsa-Uh})tO;uDCoQ{nbX0WjS9x;
z((!^Dn#Ilx?l^3UOTl<p(IG;i5K@nVQP7+t2NuI=Hr8;2wZ+70QMoQ#hi2(4W;=Jp
z5X+u1#KsxkhxT)v-E7grXS6w5_(wfS{lJ_g928>%E?A8kpF@psvOYC13NmLIUd9|c
z7_DV?p+#>qspxBMI`azTd^)QsfIcaN^Rz{1D11a7DCglYw35SPrPhZ|ZaK1T7YF6L
ztsCJ3pMTDsJ}hJBX@hGnpugc(?G#*C1FxkHh0gDnvCt&{gqNfKFelKo4gYcZU8*{L
zz_7cQJi;?ejENlDtWX&6;T5^uY}XqM23w3=1&g^vgF*o(@`(m~4SW=GFj)hqDdjOX
zBmT3+$W&+(w3(vS=n$6}I1MMDdMz8zDU>|gz_9RrIO?dJflbGbX<L6M<9iiPfl74R
zhgQYI9P|>W!PoDT@vyQ7EZTA9FZ<-I2Qp9_y$?o5q2pU%w{Jg_qZ<z&XH?Bs)6l!<
z2y|<nMPFV?hc&GXt_mZrF<1#X)D<0o|M?tU3p|Csf^mQUdmlJO$>Fx{6x>|GO8OG&
zdw^i>0XhuY1_f^L2*bbqOPOo1bpO)8znAXk&c5o)MDdxvq73%YrHA3;Ej^aK{r0lt
z*WgP8Lme41drEX?DIRx!07~lVo#<mYz!Cul%P%|@fAI<a*o1oElumeJ6_W$JGQq^|
zK<^;?Ji}>NdbR{k9Mcyq48A*aOhGx5gSJ&LI`~*8HM)#^^Cqz$9ND{~?)UKFQ^r9>
z{M7j<0Ua4J{45-Q`st#Pvw}y^!iPq}DyCa&cQ}zT%pE<c5*46N)rPF1-<eOt{xdc#
zdnH68<beBy+8PszE=nGT=nP336mzh+o#Rd-nj1D8&yo*bEYL{K@&xLc%A8{s%IcOr
zdF;p+YuA2p<d}aEU)Kzo>zg)RhYb4PC1<uQ+Wl_x`t{B4?p`!y{;MNT?Ai09_rtXt
zK6|xc_M&rh&TZdwf~#zm=Z#vsc2pjBWAW6ftvm9H*x<ltpB)%r)6yN&r`y?;-1Buk
z0z=$ck5A(zd3rnM(WBbdc8vb-_0V^mw*$OJAihu<V}<->t6_}6N_Xf>tD%g9@eW<S
zdzi2Jc1LUSj&GlwqI_Z2;{!8b>R;9c)~HwP+0I-sTCK*QgIvgnWFP#F?BUB~kA~3j
zR2p87_d9lc`|XY=-p#VRX1&mJ|2Jy_>w4tcJ_W>^G`LkDlh)}-KH`kjOPr1RiOT?8
zfd}M)d{6{>gMOGk55^RF1Q-Lx<FEQ@U?!*l^Dw1e464CX;90O5ti#lLJGg*H1W^Gw
z>E2^Al9h7i+c&RSh}?)fq{s~te6ss&B;9TF-Xqma>~D<1T{dTgYe$HstQ-@W!gDzU
zQ)s>z%2Fg>117WEn<*p8YZ(aK2+H}*EytL3%(j+egPq~OLd_ISBHpa@I9XFXMKh%m
zZ}UUPK+$YysDQ=_XqZiZp>XS)&WaarkN;s{MO((sV9k;@-&|6)e?PkD>fWont9-nL
zP3$=?!JF&w4l4FO(8*};r@>Nrvcjsim{bW~k4*+zR-wJHq=>B#OhA|TPREa<k1HzH
zM*N<$cebhRnRc>8+cNF;Ok3x%nf6Swjp=O9<jy7E_J{TqS9FZ2C{FH>C;mD1S4nRR
z|B(EEf`_89tGh5&X-ZGb>@2`2gE2;CGIxU-Hj0%oN^?fozd;2af6r2^iPYP^W$(5S
zFys!H2pr?KHrLlTv#7p#>(*x2T$pj=lZ?W`4ERdAkNMG;4qwSAgf%3so?KWytDehk
zIh0;ln9lbi`xjoo`;a`^3Dd8O_(*V@_%P^_(2f&NRm~yqwM3c#kx)$`!!VCD$q_c4
zmu|@6*F$dY`AhXfH!YYwdD8644MR4)b9U>*PlobI@p84Xdl~w9arM;|Fz!s{h5FUi
z%eRkwyn4wv>m;2aQTMm4-KOPd$u-8<2VWg~7;$;*fm83+ZaL>2U0J=Xa<q5<#w~C4
z&*u_EqdLa(==3K(UVa*Chp*hZYvu5TW#jx#t3f}|u=T7n-D%W_aXtIBzU@rVgk)Oc
zN1m)*NCU%Zt*1%;FcTm(ZF>+>fD?j)62{W!LPwE$c%Xg_Y}C=LP4d9uWy87^D@Q)Z
zIpS!UXfLQQW*P`ylWf){)Af@{v8~@ifsbJ~kV^u<l45c)`%X#f6K$*}iW4BW&yvD+
z%!LGkk%sJS69O?#c7c!(qttdGSb-L`yBEiLaWGn+XmScE?YR1++>-tO5UICm!e;x_
z`<fY=vb^xOmYD}B+2R`f*fm(#6d@qc+#tB-H<wzhg-()yKCKmT&bNR_^0WW<WfyMU
z!tynway;<_s-o-KaFVECZ7$KKU~EnsO9gwUG-Xabix5l%Th>R+O!N`F4#x!hJar1S
zpk_9RWBw92$~2xr-!n7eNYsp4;0WkfGunVp-%TIzX&E*2>usFh#)9A^W@8}0a@5~P
z;2+FJ8i4-C5zu$m1%Sc80bOT31IU_DTu9+N%!~Sg=RpHz&_q2ixF{6%{dZnzA?`hQ
z&d7^&ESWafxrvKYBY`3%J|b9M`_;epNN9BO9>Qh>5jV1b<d7ly9Q}|XIDF3?x#)iB
zLs~K-uJWDN8La#K(qxc-pVgo{FGl8c-^W28Buk1A?k`e?;=Q)}q|PU)B_*O*;)71u
z&62O|2GhtwbabJcGT(yUL!at#V#$3o;VcsLXL$VaVP7&m!CU}rBCbhM17XMkr9I?_
zQgR`wz|5G%0u}WwE|(Tzw~am4>v9u9D-m0|Fd|FxwM_wKO@dpnvW%~^lvISj6at1(
z4(l^sh!@898KxvYV3;WUV^w@~lumDsPR<mS(NU_XXr-8$9BtO?qM~^f8%3{zFV@Zv
zte;=2NXQ)Q8Tqk^IeK2#J2@%cI=%aJYkE?0Z{7K$LfpqCg(Fh6u*vTuOR{`^CW~X_
zBEyJshSMupLEvn1i`*cnI4;&<kBzlEVmVGF7;vPG69iTf*f#&^r|0L-erm>e%VnQW
zW$2Wfms+qY)mc#BOkGuwnwQ&YaPd{!;)dra-)vDRFfAK^CDw9+FrsG2YKas&VM0}*
zjtB*KO56H#D`U2~iAK~*=h{hk4=E?GsBR{6PQ>QTCb_z&YWGes=MG)FJgDkbb#T%P
z-)U9F#eGX>IOA@C-fime0Rv(dzD}2)`3Ek4EIok%6+=I>rtn-!OweZNGh2)+BZ>c0
zv2@jQCvJRH@v0fU=P>AXYdWVdJ9LQmL;0bOx_9{RNr!6&2vJ`)%zVG^v_W51#ks;7
z^0<r{nAF8(C7ApfR<kvJ%4`uo){?TPFwSx@*t&XVVp1ahq9Y3UL$|BlL;jU`Ki`aH
z++xBBZ3Z=yl*vfg9VTLAqvixFhdZK|uHm6eCRs^m6=`wOw$>oTF?j#N(?6q@pHDCB
z@kC``OFG9VTDq0yb<#k#%Y>@KA04im(1nGXPI;x>EQvgqZs}Y3L=WUovG}AVRk-&0
zd!XObzm)pgDlE%SOw2DU>{^`TP~og_hRV1YvzCiWbXW}rYjUEBQ^%O&lsG4xpURO_
z%oZc!%*-#%OOVaezdzh1dF5i-eCEVa>nR(750tPpT{hhQaZvIlBbrSR^E?8OD-)tH
zM<BBbwh&e&V=iEcA|1f4ypm&stM%FX;3{4VXPF#)pSNXplhH1#&DArmN$9zma)+1^
zwdAidN4lMV0*#o2nhTc99F&|qXy%fFX2bxQg5`p{^m=9_qmMJf*kGB#Vllw4${lde
z>bfgB1H(UnN|?O{OPmpPsat*dMp{2#a<Z>q+6{uY^PgLQ^UE|?o^cbc5D;|kaIbDt
z*tOyQ>M|iiJ>PQrWHM)jH_nePUTkg$sF8x}e_Eo7T6wj)5vJ}90IA23IUu&_3Oa!M
zQpBZ_IT5Gb3-xu&uhnYATJ()xn$;n9k$3zF{Y32=h=)o5!$#v_jVCne1sM=z$tn27
z0Dd<!nf&sA$Z0kn=+&^nl0qMb#ta{-GNHPbZRq@mvvjd=YRf99m<+d}R<%CZ|C<YS
zqej(TkPbY4Ni0W5#!NCadNTTDRSQ}ltDE&9%-q%j%S@`F!{Ii)`et+6J>(F!Q{f2R
z&c|PXn9}HtxO$EEsa{VCpw?)Z8WD3IE1@Wq%HZ-zlXP0PVD&y+;SzELEsYesh%WA1
zy}eK->UtaH=}q4@rOOlYb)u{=_@{8)qnq4cA431!Nm^i8#H}>AEC%+yvJ)B~D&41z
zGfb_jnrevC?rXi=-gHu5p?s(Zc=(QX$cF^f?pMl3x({h0li5keez;H^X`Q5S>pXe4
z@~!)+N~MKKC+A*%6x>>ln`uRRu|jP`yVLSp^~djCK-|G}b*EsOS>2-#(yLobBZ?NX
z;UQ(4Mo>(COW8=<d0j#qEV8kKMn23aylrU8IY}KWf&cYNz>WN5cA3JW?4pE<DKlvb
zCQwNvv3lyTP{PQ(dRSZk8*7PlgX8s{nMx>6m&Yk9%9qogAAYZCV?zm#<v#i39kqzX
zPSQsNrA!ZUK>_FwO6cs3iILrntk~{BU`P+a9MuFc19i!?Y!($(QYce~I-;-B!7Lmm
ztJ;XjB15VrKdq0TCJ5X{igeI*`poX#XHG*`U=0>)nkpu3+BB(xa$V-;Q}gCM#rO`8
zQXHTO?7!;J_j|P+$kd(0>I}>fjTIF}5q%guu@p{Ux)iNN|H<3_Mf1))smigi&S{E^
zH7J0^N?K2OJDb1Qo`+?+TQ|{lf%LaNU=SD!rr)j4VbPk>HCHC<mDsAY%|^3h=QM`~
z6wIbVjJW_h4JI?LHQ*&PVgOecS(QjTu@%ZX^t1tmrbP7P{_|*C&pBt;43aCJ{$j=4
zPe;)H6M5Z(_BU#2Bm&%vm+&v(|7<%8)h9hyR^W<cn{Wl<2=pV4;7TL=+PLriZ=irB
z;nHE*q-~$gTk*|0jWh;*kykxDPEmp5P=g^Qwq+;X?FyI^tmk2&v$7W53<y|4l48&i
z9E0odU!l2=hjAT_29xhohq%xDzX%g`g(6iY?R!)V^rmP@?`!LGTHNLQw^d;h`sMY{
z-<q@Xjxk$z^AF}&82wiBTeW+Shejpv6W9V=oH=EiHkHjez~)JvkDhiMr?~E3LxDK^
zqJf$_2dnM?w7+-|Y7*>=#?#UGk5D&+GfDT$+X<U?<^|fi9`fzX1Cjjn!3b}L60H*2
z3@L>>xT?3^pfZGQ=Vl_UZ)8oO`uJ+ILXnAy(dNhQ%4Z)7Cx1owtzMnffpHR_vSD_6
zZL`vXFI8-rcvrUjSSWe(SM;&19XU7QSLlB!|IMR5C{4g<U^qG@tk3a!+8bYxK&Pa#
zh0EXGU6>GoX8aeSYcKk^vHI%DC_-`Q#A(B5=_O9!@5d8T!A467H`{41yC?=7xUv&{
zQ!8p}uPv{G`n_7IIk%6N?l~@s$EA!$Z<k8r@4%mK{X%VuxKNv!D1y86))8cs08J$0
z_R=R45zXxOglAA~VYI9cQjzeTD56V>I7Nn1c>rCa&t0mTvFqxB*U*Q%l=3|=_Qf60
z_J($;ME6n-D3uxb^47r}ER>j+aoN!&DeZtnDCd2=apW5?_w^T{VH?LikN&ewia#Jd
zE%0(jBc^s)iRhRlIkXM94v?=3EH<}^3q<6kZ-g0QsJ(+iL~T<cGq{=Bl}{ubZI0A2
zf+r*Ev>n?mIl`x>&g~^Ou5K?i9V8&eZe1G~-EK!#mIKXy-}+VOUJD8<YPKCa7POH#
z-k;@YX>?>UL%v>{n+rcsG}P|?I`}e980N?Vp=a@A%ncwjUPS)qOw_rlJ;kM#X&^OR
z)O*|2>yphkN0p-#KwX-p&1Cy8+w<O}dZ=woDVe)xQm^F+%H$}kDK*QfR%p^j3Q3a(
z<@b7Yq|ZCHuxniOr>`DE|Bg+FwVD`>yEx6n?w)@5kCU^jQA6pQjY}T!<+|3SJ(gC|
zFN;@hNgVwZ9BD0@JfwDTL64S#!Xa71CeNAD`Q;-h_<njxmo!EENLEua?e}5*^8#FV
z%kg(Z0YO3m65>f1c>#X~OMcHx)cO$80#W=T9Kl9n=L%kvJ`8O}F!V%fY{Z_jyu>p)
z?TpTO)e}|?cnGq6W8!5of~b+pvwHLPUb*8`N=^CV>$@gS+;tt{LuK)g^_WCM^NGsJ
z6X^QJcN)>Sn(37%n5;(?ywaBD@)Ts$mQNclAJx;uMjH(^g0Y`ckoWU>x(KK^lnFj8
zKDqt+Ba`{ZNhatFx_+W^>~gs7&mV5YIa5C}Axtv~he)KlU>B~1&H#9A9-9ttZA+3O
z!umG+66*hkZp5S)kWH49J194IP)kh2iS*lW6A-g$viT|4%?6slC51zbbY(D!C<YnO
zzHggfq?ib4WQ7b!O3@OmLKqT9BdkWk1l<<47NJhmjbWt`?+$;B5DQe|fo~i-dX;zq
zV0^GNS`?#EgBaZuEusc;0!!&hFlj(G1idB^6_8*|%IQ;<FB*!U|MT<3265TY&$9<G
z{*WU9wDr!rrF?@;*#o}MdV0R6Y|g}SJv-_0@t>}AKz7&$TKI*Q&kcq}l#ld84V2I>
zBz!?nb|D>N1i_W+ZpfbWSDu)9CBn#pnv!TSsUX!}&ev}$6g7%ywc_SYg*qAsN#M4a
zpz(F5bBNL0p}?Eq!<!6Zd_ug%*;d}*=l9N}J?3?1j>kEKZ7=+S1v*(=rY*-AVFxRr
zT>wbM9?2v>)P&)#XKS;Zfq?MnTc8CKTdM3~eCt12zy2eB*ww8;A3i0#*9QqHrub>d
zL{iuLwqC_yf7{v%I_GJkRxPaCXcKHkn}YOpm(Am5sfml|kb$Nq^t~7MLuIHA|Chmj
zUi5ua69lj)TmX9_F#Qu5K)xn_Q=o|@2iO$E#cK7zcK_WV#19;VK68XVWBG(ORiWg*
zJK3!ddoac2=7<d6`q~Ap*3{Z;(rPcf){14UAE?tPoHM5N2de}AsyF!)nogZGC-^t3
zSbz1wmL}>W3Z5mfQ62qSNzbNZ`(DpyBAyR^^<BP@e53k;%`B2!r~1fhle@l_<Wd$M
zC9f5XJOLqo(u(O&HJODb7^`lb13HLbFcPMQUSwv<Cb~tN(Gjwy5J2$B<udf%Pw0ev
zMetg0V|u!=H`8!M_Bm7ES4>YcoH}=ot#4h;%?wO9ch03}XX(?=1p)XK2kK6;o^$E?
zz;k;1r2hk<$x=lC004N}V_;-pU|?Z5>gBAzE1uuxD+4z>0|;Dr_Vg``{{QyhOHNKU
zAt0B7fe9oE0GBuq2>^K7V_;-pU}N~tz`(%C@c-@q|D2o*KoMlXqyYeVcLg^9004N}
zja0F26fqE;y<OXTf`bSYDUc=&3ZPsA3W5f0krIkXq=^Iwi8eqBmBnZ9HT)2w$mt+l
zf_Ywh)??pBVWp?>j%VyQGoGm}eIk65BckeifT3~JfUc69Kvou@0P_BiA&-Led(yvJ
z^zya#{$kIsJ(Snkd=K~x{Rg(u>_fpGx;r}l!}k%}jKTXg;q1=a)$xD0JDmfaTPWr!
zY#MRDxeAd>LrKbbO|JW*BzLi|CvF8U-+<%GVjDph&)N4dNk3C|$lZy|jmq-wekki)
zR;M73dsq=i$Ytkk+9Kba2XQ~uR^%boWQbcz=Bm>E9&++li`pog-G{i{Z^`*mSlSG6
zyG34m+KBQHd058WG<rR@n;CCQ+lKR=^gAZL8;^;lZW8mxx~AZY_5G~xtUEWf{$`Ab
zU(~LXIZ>&vI+NlXIO421FhdPqdVt#;82<T=CiaWY-*2bOH(k6J(VM*2#r~V&e;$0@
z8ESCBIf?R(&lB(t{>sB34?1!|Of&9J_^u$g#_ApOa-Dmhb(PKX{e<-mxfSr|s{RtS
zyH|gOtlhcdJ|cQ5>VMY*`W~7g<{7Zv#~|LYvg>igdk^{^0#A>aPwr>7s|G)!y(ot{
z1p8f0!yLr>bWYAx*lv#W%FwIcrY+_%_x?24pWuv-Sih3>*J3`HB|RwnDe~mm+{ZPQ
zK1pu0Nx#GOnEwB4^w?$2qSt2Pj)TbO8P>Ogo%;)12+q&3zoo}!UXBKMkNv~Q`(f0-
z@cL=wUIKPEJd_<jzbz!^SJa_jgX6Wfh`%k?ZMn95wsZKut;Lz)jr+OiPQzRdGqRtR
z=w<l)40~>g^)FTM=J%)t|F+=7d+GZJO8cu$004N}ox*KQk_i9+U^FE(O!5o~Q4vj%
z;YWz1&Nw2E6wQ!%sAQayBBH)hnt6!i3`vp9IP(h0^URPV;uOhqoGB4Gjy&@Wl{x3!
z&E1@H%sJ+obMAKAZTJ87JRlGV{=bBS7$7Cc=|%MtdKtVy-WkWDkG1(^`ONzq_-6QO
zd=J3|VB2xt@k2-fL<!mO%ktCu9r-i;d;C{V;7_Qanb0PvBY+f85-@x+^Q1Nq9+(@b
zffd2zus=`XP7MWNgId2J1bYW_g3YIcPXllSTn;}BNeU5%SVG(gB!Y`rJyUeXio_w=
z$U)=+awilWN)81=O`)48IEsQ2pe9h;VVPmFu-)*iaC<~TL|cR{;t)+l186OJCo&^a
z5owKF$B-~>n4Kt2ls4)pS{A*07Jv4yn6?;eY)mX8RusF1rC`gkI_yRqJdPHpiCe=_
za9TVBFNqJ1H^e&=@CovS)kI8UYvOtm?HuBqm;fe-2ztU!GB4Sb>>{#=J;cQnQi>{N
zm&72=o@br+q)OA!X+WAe9h_cpfqTJ7hLO|BQu6+nVhW5xrZin-U7Vt#s50s>b?XxI
z(ov@Jt8^Ni)<oO7%(`sNVrRLt>Dl~jS@v+YHQPhS(rNT^`c#fj4l8FbSD3qag?D8z
z50=-P=e{buYGDL1c#NHVc79*}1{1+-WbPFxzP7WNEOQ~WFtt!xxKM;D;uo2ULB+V@
zf?`Rrws@CKW{cT2_Wm{IHA6{wNk&O)$<cMnb=^NW2#$=i`3<cUTdFCem&wcaxCPuH
z?%WOZjqY+z`9%5W3VcOh#St%oH(3d(6jd7eaK4o9tn#j+R<%{x1U>?yfGu!VL#u&m
zW3{J-Tl1vGU5l>e*Q#nA00iIwLx87_RM%SP5C#j?LeI^{oAbAlZb|Af^#k>e24chL
zZQN~LBd$?<C+3d6Dd}5^C{-j8xtg)fK(kp47t_V!7Icff<w!!42qh|sP2#>wy9?a)
zv{~<Q?`=vMQk8VKo!H*czAa0aNn~614IQl==1xYZtaD9HkW1uKUGOeNms`P5I3DCa
znCx!qHgtb}$a>h*gXnQT>V34UOjQb$6W<|w`H!)WSNqn#UwsNZ)vGWnx=P*;?yu=z
zQ)j9tpRt~q2XF(T0nZQNgPcLjkIJE-A?48FbLR8KVcziK3&D$N4O*if@gAX!IJM57
zq`GJwM>qG9`*KGgqvz|FUqN3@8$brYpf?=+tR01pfyYY6o)`&6-Z*T$Vcc!fzQ(*Z
zO;CSXn>3r{zaC62ze#^HF`YWCnMs{#ov~Te7PDphZS-5Mm1OO(THZ0=&DtpMvF}Z@
z{<HGgX*<GBv#ad~zlj}Y$Ki*D54&@~ob~t7dDi^F$HtHA3rP!#1<xPcMew5PQ^qHk
zGuLTc!Yq~iOSyEg+_*fqlCff5*>~Ywe3#j^|DV4B-wEZz004N}V_;-pVA5rhWKd@S
z0VW`31VRP|2QZ%j01Z|Ew*YwBjZr;I13?gdcZr%P1O*9Vb%j`1<XgmG6ATfoL`A_u
z$ajLtUA#*aTT5$yfxkff6&gDW!NwnA<=eSUyhsFDcIWNR%$ql}0G9BE5R7mXz&W>%
z4a9l#v56S^8i$a;t;S)j<5A-otl?ebS>}FeJckEkQR4_!j3<qwST=?lFJQy?)HsG6
zGotY`;$~6f7o^NHjfa4Fr|~Q1NBARzRr4OZaL~gIT(r?di^?q&QN|VOM0-RwYV=#k
zAcZtG*^z|;I$TyD%adE3woa?EYm6+B-KMvIYw<bg(jIa*F(5;kv3_+Ac`{6o&yTBT
z{)n)Cah`|@kLpykg&ehHxl@5YrZXLop-v7@SXD<2;j$R%$k`Ilw7IFAD$%HFgVqh?
zG;~Gv;<84KuU*l5!M8GB`@&aYA3rQMt-4i3r9V?wSSFQE`?Z#E_Bg>L*QkDZA}=A8
z{vVm-gnTu&bezN~&q|=Xv`qS#oCDtWMU9$!Mtm98$YP6U4%>nMaHMy|Q5rKH;gTF}
zdel#Jz5%Pbi+Fh2eOCpPBgYX{{Sm|7?V0U><1jc`!APs{+2;#0qcR$`G;<ow%ndAD
z7#uL$ahREznVB7CW^kCPs%Nyf_wruu?NwLz^zW{&{#Df~pzweH;Y=1(K*1msE-IW~
zIInPF;gZ6oWKfYxRHh15sYZ2bP?K7;LVF4q6fP@VOnYgS_R(>4Je@!%(n)kOokFM5
zX>=93DqW4PPN&l~=nT3hU5l<w*P-ju_2~L^1G*vIh|Z)N(@kiN+SH*g^~j_?4QQQ)
zbW^$+-JEVgx1?Lqt!Y1<MQ76iI)@I@ZRoaiJGwpHf$m6mqC3-F=&p1(x;x#2?n(Ee
zd((aBzH~pjKRtjRNDrb1(}*5I7LCcK2`QS=j2v?55Y5S>1^E<ENQVn6g)0j!iYTUp
zQre(R+M;bbLJy^f(ZlHx^hkOXJ(?avkEO@ax%7B?0zHwQMCZ}@bOBvR7tzIZ30+E;
z(Ua+NdI~+2o<>inXV5e0S@djr4n3EiN6)7h&<p8B^kRAmy_8-?FQ-?~E9q7AYI+U5
zmR?7%r#H|W=}q)zdJDak-bQbychEcOUG#2x551S(NAIT(&<E*5^kMo4eUv^%AE!^y
zC+So4Y5EL(mOe+Hr!UYI^hNp-eVM*OU!||n*XbMdP5Ksno4!NerSH-A=?C;f`Vsw@
zenLN`pV80h7xYW|75$oiLs!yo>38&d`UCxu{zQMKztCUlZ}fNi2mO=&MgOM%pa243
zpokL6sGy1(>S&;e7FMtad$EdrI1b0-1e}PI3TNPCoPtwv8m@w?;%c}$PRBKH2Cj)~
z;o7(ku8Zs8`nUmZh#TQd+!!~(8rtZfiyln$F~B;8xG8Rio8uO^C2oaVV?WNq**Ji6
za1gh_ZE-u?9(TYUaVOjvcfnn8H{2cfz&&v<+#C17eQ`hB9}mC-@gO`HBRm8a#)T_j
zV*-UKW^mx*5a#f(fR6wn4kJR01SvMKi7jm72p)=u;o*1$9*IZc(Rd6Vi^t(yJRVQL
z6Y(URhx2g(F2qH+7?<EuT!ts(ay$i3#nbR~JOj_fv+!&@2hYXx@O-=gFT{)RV!Q+|
z#mn$=yaKPptMF>P2Cv2I@Or!fZ^WDMX1oP&#oO?9yaVsVyYOzj2k*uE@P2#%AH;|7
zVSEH1#mDe*d;*`ur|@Zf2A{>}@OgXzSKy2I626SD;H&r=zK(C;oA?&Kjql*Q_#VEG
zAK-`h5q^xH;HUT*evV(@m-rQajo;u({1(5%@9_ux5r4v;@fZ9Rf5YGL5BwAV!oTq!
zgHwY6!!U|Q$tW8YqiWQQy3sJ2M$1?+_85DORb!uVoN>Hyf^nj8l5w(eigBuOTH*3a
z>bq-e``4uHtgS8EcHVaKwwt%TyfyQ-pSOd&UC-NL-tN!Z&cUoTv(`L#c4_8Waa>xY
zv1^xOWkt4ARsM$Zf>4zl?kB}Kv7)+&ky?bwb}@}rRGhlrqMA4(&x&RWiBl2XjS~d(
za-<f)hN>J1g2l-7tGW%+#0aL-a_r80%QNg?R!Sl(c8X50P*q+{jVv!IChkHNqrjRp
zC&8xgu_D9OWv85m(v)0(9Beg0&)Oc@Ze)9k_Y9SlR3bHvRP0p66uqDq*z@Alvu1TZ
z%p`OIU&Zx}z)Kfu#P&3DRW_*QdK#7wM|Ln#m9eE;Be7;h{vQ{|K`^h1SXj}#6h^L}
zlx=IFBC9wJ{Di-Ild_vwo@+M}wUvw<<<6X>uJuiKk~nq#HuFcGnkLOmwUwW!sF8Id
zncm9uLus72)9s?1rQ!M$o|oZrUC&*aTDB6ejW*ng3M!#%CuyY0q4I6lt1ql@B(|!k
zY)xcA_AuM2CT>!S9V=2L+fnQxxv*B8sBkp4?D?h@O<GfnUAXL3mr7BbUJ5NH0TUw#
zE7Ks7@ur@>?C6#9PDve7cGBd1HliRqd289xN2rBf8jpk+^@Z!_Y9k|&)+@nWx2?me
zVwW&ZdNtRd1{o~2Bc=S<36fS0%UDrkV5Zf_mcLZ3C<->U9gR%YR#Y=R4fF4s5!yw<
zBQ_^?kEqc!^}J@T#|z8z_Np!0vliBlS;d(<W!fog$}tkDs@i6v@om&ZvArNxP4<fK
z`ZGPf#QyYE)wVq4PpqgMS^gwgRP11};5#lateLNp`qE!%xZ_8$kLjLlDwVYO=wT>J
z+8nUWDYH;T*=CKrBPQ(04c|~v;_{BGdEW^l_XyM1@@mZZk?qJL$)=kyFEhsr$%OX0
z*UT6{;?1MLn5*p~M{``wO^#cMlP<<F+bWLRllR12>DP23aV&4z(Ag!+DHU0lQ$)*i
z{W+5}b7dt=V~3B`;^<Kkr;U+()+xmG%e;B$Y&T{u?=a4IkYxwirsOdX*trt#4NdWE
zqm^awX5G4;kZqP9xVk)RIa|4$`jSH$Ofe1`aqz^5;@EH|92Cq3cAj4xE6;1#;?^lU
zHc@qluQ6x0R)uX9t)*c$A`V&27&$u1$bH9*=mqv1Gn9tMf@B%a;lWsyHzSUDr<7Rn
zJT7xa<-^p*k*lV*6|1^1H;a?fEDF-FD84K)N76}otSrtDhMgvSl_7h@3N?S+uozn#
zsxJN+jhU!(W?T?4pOAV8JkA)AJ6DOr3(lNc%6Tc`Wfj{n_Ed?<>)M>=Q+r<HYh-&k
zd{=ff?e@L1AeixKc5*;t*FcHyP;J-Q=PJ=Bt!63*X{P8P&Q$FyjvG$leq4-$h^fXR
zixaJJ@GL8vE-Fi|71{292{U8<Pq-wF1HR)%PG_0fTvA(C6wdJp^EFYNTdU0Ni0|Iw
zjL12!?uij2rp36*d4cbFrdG6zN6QM<%(@v<D^f~Fi%EmAi4(-^d{vE8H<25w3aMnr
zvdx7`DXuU9XJx6Bx}3-n#;NP^31(FWhf;TH)`EApd|Q<lYBG0|##Bt=T@EQWU2z?7
zvNSbao2u1GkdB2)zIa^o@0gK{f5!|l|BmU)x#~ypja|U%5>Y=owK7rhoXbYpvqEV!
zQIh5&7|XeIG&Xa7YrfSFr$Lf0ovGP9^J#sb50lL;arO7M>v<|*$L!sm0(BbNl?J6>
zS6iV(VRpNGfnheU6ffA2(v(BXHx|mN%sAJD)}+d5PV=HFZwZ;Xq7|K5n9Y+a`<Sbj
z<rU?{P}2tSG;hyNzRMF3CzGsL==d$#oW*Jak#aegWW%g1jyi*3V^?Kq#3@H4hp!tl
zt<!O)@wD}BGfa;h5#PDWR$M@3L2={CQFWvrUXH80$;z_OWY(-oi5fARm_w->JM7Vj
zlbw>nvt>^>LFLsZUOrm(9W#<AsNF-7pmz6lf^w3DXBO=^?v|OGoHFZKR?SJwnTf08
zam;r&jNN!wL0a7zTNbV2sJqs!>8GEpU*<u!cjf5IL6_?+<?F$!r#R?^hMA%nn|;^M
z2%Xk-NQ}DePCYC6x*~Acb687d%LsCmDNJ3NJup-n8MAR{r18XX{m3{JZW~cLHs;Z$
zF-~lGCac;`%<k2BXe`7C9c#=HIqG(X`*ubXPN(BEQSpiYJ0!<yEr)duUOlF#bJM8X
z?TIj(+gwf4aek1zQ{3Wfu5B%!9y@cynUx8Xg&)<N()p#gOkVuP;{GhM7Ue0wY3Gq)
zO*nP52kn)yn~YO&eSQs`3B9P1HF{`|7w|?$t5j=OKMi+(6<+P#)z3nFlb^Z4W?bPg
zjRJR4;=o9^*i3gUwI!Z!hg{TxG>Q+Wd}I6^V5$V=DW_#m6-7t^Pu$RmQ@PrHzal?w
z+zn-n(-}7ArA_6I1ODOQ^B+$bbXN4)N6W*@Snq_)q-D+ZvYI2G`YV$l+4Vuj)|(sr
z6z5l|wuwj9*IHR+(*vVGhB_j;BIK^tO%Z(&0}<;Y^v||~?fq-)Ypcy8LjeuD(iPB9
zKtlly1vC`Ua9AAm)-+-)T1P}zL@!(IthRLeA_gMXMF^<9CPKcp1=JQ$yC=dFA&9mh
z+Jb23ww=9}w}R^kt|PdP;5vfq2(BZzj^H}7Q&)EC3Zg5Bt{}R(c?a?Z547`E&k$%g
z-|~Q&xBa}8#e1?wPj>Ceu07ecr#}d^mqX8yjZN9ulx0l;nF2BeWD3X>kSQQjOzjJz
zFNnS%`hw`^rXJMa1k@j}zo+_}fClnmAfSPO2J&Gb+YDrzL0=}@qRBP`L97d6T@b>H
zp75e4yyyupdcupI@S-QY=&cK4D2SmTgcQA@Acno-w4<+)Nx_=_AP6Ca$)sS>7SR#W
z710x6is*|Nh*%dfENv)Go2&{YOj*kmN|-_kQz&5yB}}1&DU>kVvPnla=?Fr|U<w&b
zA%iJoFog`Jkiir(m_i0q$Y2T?Od*3QWH2RtnO#A21<@6RaKP*i{|k~Z-=Y8kRKYcE
F003Px<E8)r

diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.woff2 b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/assets/fonts/icons.woff2
deleted file mode 100644
index 3311d585145b1cc1b9581e914acbb32d8542b4f5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 56780
zcmV(|K+(T<Pew8T0RR910Nu<04gdfE0o>#O0Nrc=1OUYV00000000000000000000
z0000#Mn+Uk92y=5U;u?e5eN!~<79=jS^+i!Bm<Eu3y53*1Rw>600*lcKX+wfW(HdY
zfN_R#dm&NLolxqx_tG1O83no>L_x*xw{C^(d@;VG{rRcc|NsBLAX$vz?hm|2KvZ=)
zOIuYlvYz^cEXd)e6i3QlvtuZ5)HY)BifjsIEo;AS{=hCrH3#ONR4X&pisNaE6`o9R
zCg{jzY$xUj)qIF1h0WrhL?M}8W@&a!Gh9<Cy-}D4O#J4JPG9D>f-773A;`E>=NG$e
zQTTn4msXK)xyWnukjC7{D2KVM!UQovQoLP36Ms;#ZSl^uAEd?X=VDINb45_R3pZqZ
zIDSR`c&6ED?Z#`2le(q2iuYd=Deu&3#!ySRI&|~R$j+|tJ$mAaCVzKi3FX+15)CaK
z?^A^5Yb|>{jf(*U2|VQkK$fsP2p<{aQXcs3gg)c<56{o7w;~tKHezFpF`~wZ++PsA
zQ6Zy3Qd-?4S|ue6Kn!eDRIr#CC}$KHb!MG6|39a_XFm_-F+9N)48sVKRv;92e@dZq
z3YA@yv1(m6ZfXYr57K@4GMS(GyWsVkN_>l!YT+WE#05TdA*wOmxw#-Y7h}V%1=M-B
z1r&~@FDu>7ms9_LB*#grv5IN>kYK=2N({OLNe$YJ?$SDcr;!Xv(Mb$RN&zgv<=hSw
zHtpvfQMYB4sWI4hAGuziRDN$t2H7T-1ref;Esy{I{hwOWEKA8^>;Pf`_)03Lsb>q6
z0y+9I{Q1R0fJu?Vg4o$J6Kb+ZsU7S<bYEnwvOAL}e)#`6`_38O+Bv&^B_zm5umotQ
z^(o_irG*-$@~qSCc7){qB)gvc5=YujOz=V=2~wp>InvjTJgRHY6l<H`f`;TDt1?9J
z7UkQbX&6@OezpAIyif-n+9Br3E1hY#a>9FePiTiL0BXY(a2@WXNhh_td$RP;vh>mu
z*hwnjT2OSUf`g%Rfx!dOs^V{1!}D|N0V8@;kI|#X0tOrGuL4$#1*~9WW7J?oZ-9t^
z5+;ZzQ&c=LP{G2$x-{xey-+SH8Qf;b9WfnZdO~`~!^_ui2Y`6_R@(ma&*`hS-i)+(
zca>ilGaBKoOl@<wi9>>rg9tImoI0frXaIPxqa~6AxSv~?DqAncbiVO$ug*S=6lXUx
zl9MCg>dNcLvI9%-krFqfR&xvxIH(AU>c4funC_(m^LQ=&Zfi;vRp|(ddV!I!nB?F0
zof@J6XslaoY%~_^QyaC`Me)zcRtJYSu-)E~h=34a00$$t^KYtU3y{Q#m$KF&>q2)f
zx?MS?_T1&7pC4wx|NnddGXs#E8Gs}JQX&9K;tU9h0Lk3}2<iZkpebta9+#W7Yd@{-
z_MKLj5-^~&1S#ne)F#SF+6$?&uX4z-=>1%|yX*X}s9cpUUD~Bxw6*`<bX6+Gt}!k<
zXM$)pySm8O)CT$c-D;^@NYE{8OCu1%N(?0jHxkUuNy3cKIw65pn3=VX;hg&|U}%kP
zVFl*|>%>`@b<A3mp0Pd&F5Ga#OTr7Ci7pN=44n(YBY50TZF*&+D~$Ph8D;<=9HFnB
zaaDF>yFs}U)yRIPFsr*bG`L`T?WetqF{K(Ig(TPtf-PXpyZL|S{QN}g>q$2cUuk9$
zMu<TS!Wf5q{D)k!=>apT8EZ30AxP^G`6y&NV$KQ*nsok5LOg?t9i-Sn>bBY4fqNYz
zQ=n@|#Joqj(KX1nx=r-b1O>z)vB4<gj3R1;@o`On0{mUV!~*#GaQ;iC`SAI>z-vi^
zQh<n}h7Eu*$0q{1tYDp>nAu^R0O0=d&W&Dxdc(f_$*Yv#Agn(E0&x5h5fQ6rxW>FX
z)O-g)e<4;w#t47|5R_&tBWz<glbi*dW_HK!iwMmj8ySn#F8}+emrr4-YpAdByxPY8
z`GMXUu;U|)T7y30JgwKC4|s1hpMy{283xG`ZtG`5Ju(eSm^MrHgg|{?VqyInfW-ks
zNXx=b0Q5ehQ2$2E)c7|Lo&1-Ks*0s)F$-{ha(?Q&?+^bxJRD`F8WrZ4!J&Xf4ucFS
zrXYAYfdiO>@s#AA`#O((TbFqnhrS!$Rht(6d^J~~Ix~WyEyba@TfgA#-$bRZ9rYaa
zZpQb7i{kWut)CQcn3+G9GxphJ{|iR<>o-3ct})Uhn_8~!Ppv_O0%bI0xC>I4w5-zO
zu_LZCX}TfZ#K?cWv=R(2j1r7t38TalXOSGSvEy9Qa+!IR5g0F(iiTAzT4jkN!ATyh
zdXZcu7Z#@2gzHxk7Rx{}NHbm{GW20br{)`XBkoTayP6pU%fZDEJ77TAj-;*USj}G!
zDnaLAQdRJvX=X!aa6*^?9%IU<gq6d!noiwd5nMu&SmQ(&^Q<rh9G%D4T#-&YPU65H
zSr9D|$4oU`5qm7dP^Qk2O%PyGM0mq11jcFP&0LzDO|n6XEX?zQx3IEVBVosCiN~r?
zP*^>LU8{3~cs&!t(#=2iWj$W2V(Kid=4~*-?F)$x?6Zt?#L3xW;Uy>L9<`j1#9Vsg
zSpQ+EdBNh`@PGJyf~UIKb2;x(_j=JWq_QU!!@x6)wv|tXe;^$R4`yLhn2V%mn5~<M
zpuyOJp>xYV-86RT_{^9xL)C)pZ(k_HmcQ!Ud!VL}*IY6`w)Vo6>g%u10iI#U3Q(~x
z3>NDY?|i*Kc`Cox>`OuIq1-ouJRbzI7bn<B3psUa5D`3Ihd4Z3^hXYU8Uro}(l`uv
z_6mj+&=`UgX?pfZfvrQfys{cl+^2aQnRmG<x{fFyI*lcmm=x?8*81BUH^wcWKg}1;
zW_7)BBo@-Io!cmNjTJjLHTc5p+?lhl098N0nf&btt%<m-n4#^-K;rciK0bSi&)q!d
z!<}5G$^U<Eaa@uf3|ca@eUx_0DK8dd<upHxp=r>0UL4+{1_s6;Gf1Fq0B<y&`W7!E
z@TMW3fBM|T$AZ)OTqY=(ho;osKJQ4X^S^NbcxT0!kK4rub4`cvs;N6SFUu-z`8D$c
z(y^8`b9S8T$D*(+<G1dHvQ%SO4Ozyos&qgqbGr#TK$rmrU1R~eW_I?o$WeZ|a(QZ-
zoI?=l5;joBwE+l)*#|+(ZzTszw`0^4o_CgQd@d20S0XWvTGSKom;FHIr?to>RuusQ
z-{-N&1yZRGevvn@L=9I=`7#OBZmYV=p|r12VuVKp%5WNdb?cj(5BPLQRLbjf&C-_!
zfF6|%Hqn#-Z_T2z&7v}E1-G4+I$)EwJfEZn@BIyz0&NrM^idp6n$=%;YfnieW;TS8
z$y)RsG+SS#WbcW2GPiN4vj4)w{+rB7kvO^84V7;eoZ*qJ;0oV{xEuTfL*mg`-Fd%G
zh;%990Q07^h&{Z9`vb6MOy3g9F1W%P$ihjf<4s@Xr=8XzLOEZs<T}`<(ngFx0B~)r
zH75Au3W^n-s7bC}jcwzl9%LS|*OqWF=GUE6!-%buByxmyzN5e@&X6dT2gF8Pn5}g@
zP0BK5&D(Qi({t9&#3Y551CjV3rtid|81o=d(bQExjTp!=_MTGmi0F#RP8c=G{B@h9
z>*oR%V{nnY-GoPGxHxbui*F~%WR3Fx4mUFByJ!Ezq72Rc=SU){(smx4&mn(*ejEX$
z%{U@$l2|11aR{4g=wt>xrK#4nmgNx<>mnCgnkaKa(YADKekz2)NEdBd$6csGT14Q8
z^`xn77TYRGwuqFbK95+*1YYQ=+Qc)t{B8=N`MjT~-01T1x;teM`MphO$^}H$5@8L1
zha*VxZt$nG{cQk2ApW}P<yW5o7=wfYbBY<#Nk1^l^zre$T2j;CWDZZ^1t-e)1EY`M
zlZZUe581%eaU5wK75Q+vd*3I!D!4b5Qyi8DUn=IkGgZ%P{5_>lUW7!~&OV2^P;xcw
zd5s%<mw)BUL8Zt;F4LX{BG+(*k8H=w=ld*EKf<UD4?XYujCJ8TCg%n-t((B4cA41a
z?&umN>lo{IQgY3rv08Rla2?xm0b=G1ZvMoyG04Q;5bO2x3!+lv>-sz$4}`@+Bf?sa
z`C<G0z=N=Z5yIyR<Qd#G(cm3B7GBj6q>|q>2A<sZ5MIBhNH>eDd$roR*51!jr3_~N
z0`!Lco1wLu1getp<<6^}xTed@^|LF9T)Z`8FjwnZWq1>Kd@G&Wwj*I#2nA!+N7ZIk
zq#?ANj>lZqoJ(<F60vdga0@XFA!iD=r}BC>bK2XM8o4f=(RA`~KA9bfS?&t(^^UN<
zn1f)zc>?&W=YdE&3-WNc5z5HpEP$18NTrH>t|RUpz3G{1I-^QKEhkvJoQJ$3dYNBO
zQ;wO%+k2B|IM|Qs@t*zu?FM{<lz0<cSfN#xe;@}tQBRwkRBcJG1)+3#ed9MUl`OS>
zP&$dBc?`8ZHd5%i?X>4@$ro7=g8kr1E#&;cD(HlDIi8M@%e#umoB&`3Um7wvZjls#
z)Bf{~`UA>=_vz{$VyD<GHQeqaaM3$rotEcF6H!Rjefk)Tud&JkpGG4m`<R3n&Vf5r
zh=>J?^q8zK`TBbD3y<{sI$yb`UH2MUi1?^;0&q}3XId{a?h<ARp+r_TiL78Ui$rcr
zSAxr~)%*}bZt~L6CrKEF79uh|w(bhwxt-=zB3|FBb0bAsM0|ak9w9}}>$|^BLX8xS
z)M6eoM5{+-uWipjqn{0g@Z?8^oOT{ci9je<pI3)`plgWFLM@JQT7{;owxkS`XHhX$
z+gOGv1mJBiavcSNRh5p61yU%HFd{35)WI|)YuTZw&Ns+fy@{JjxzS?9bhk@|(6LPq
z_0%XA>PbqCFSdBQ{|PeFPE>&EF#l8FR+oZq2CI&x(GJtdV^T<h8)G;mah#!EGQ9OP
zDt=c$K??T~Vx!xf!PUhh^h#BxtIKECSoX}iO5S^qNS7&{H@Q~7<$O$SS>89-tlsuQ
zcim}R%}mi$N+6sVOvnWu;Rh^DNfi(z@XhH#HpoVHeKq|0gh$(VmJ@l!Jii@#3;Slj
zl-}M9`UD%>8ylUi4c=_yq2_fu`B#(ooE?Dl1?7R?^lh@Qx4bCZ3U%4^*gkKkijWBV
zf`y8UNLH+4JS2$WA@l}RtBm%xug(<ij>qvXM{S;{+F-!rR9aJ4MKRYGl-(xO6s^uc
z`(-k|i1oasBZI0Q$aXn=BcGzmh2)-rklvjZpQ1>uWpGSm{|;z}F;ps4&6}?j5FUje
zAfPNu_Re7G*3H)#+@V;Bq*V}MuM!GIT0XV2XWrISl&xX`c!!d~lrJHnSew|Yo)*BT
z^QgwSJ=*@`L8OYWT4pD;z_}I~Ctpz*EDO|^%-&#u#7S0`d!*;vHXis0wP;?3$jr<X
z-1%ZL4bk_ZM2QLRF%kJ2vE#KuZvBi;zqJ-!ElSAiJM>WSHeY)tj7y2B-2h>F?A_z5
zciF}o@8;A*Uz&77uWQ~hEuhB4DS{m+QU-4?!V-2PiJflXU>&&)#OID&5Xhc-FJ^tV
znILx~Y(<-M5#mE5@tH9$L+K2&o5oeGdq|GLqeL<c_qfc!pd1wzuc*j9fOd%rLxs%D
znTDY=vVZ|4v2R-;sFrl{FQ*#Ky2aigwA-GMzZwXmo<fz1Z{_+8i}R@PTwN6LnL?#D
zYg}5u&0B0t;JQa_XKYc6|3=c?l!@td!_Sv7SMqRpAA<@2Zc8cSNzhoRILq-HK1J0w
z;O)#P&Py(tYW08nNO*oKjHFMgwyM)~hJSncqUF%jkZuxFGQuWlbxxe3t^r^WJTSr^
z*SYJdp9n;7HxSIY51hG$OkMh#($|2d-&>BO-&!SostVdXYchjYM#v#rZ(qbb7b0G&
zFxmjwOC#PGhz#Wo+-~?-dpLPsb!%)#rm`i#NM2I6mM*}6ktz_BAvB|~TYUR{2An=`
z3iL%b)YcaEKi(pB!T$b}g7_T-xFfFWnEC)}1hRnVB$0j&s>~$a0*)HSJWO%Joh<V4
z-mf`UvyRg$vEvKL-@Fw3`!S^!tn*rUq+9v@aeow%g-9OBc76R8PoJjsr)IzKH8N@;
z<PB&~R3TBQ!fnoNaficFh|-3lWQ`TgF_-wc?rFAYC!EADH-=B1I#V_HV9WWYfkrBj
z9fsi6yz%NwxQS)|YFD2t<!TOY+`C5@9&``EnGLx5gNWC<``u}`JzDAMp$cv5U=)&K
z5d#Pl*rLzW{L<n0qFs@1_AK*f^^M<{$=81aL)}$jxn(bBRZvpetEVdHa`;wHtH+sC
zPgQ{68k8O&2q-J7Z(hn0cjD6jlSU*ibiYc>le)zi<ZUrq0VqE`*+4j?wbeB$<H8+>
z*)x{0<M7{}`nljHq*WgL$%#Kg5Fk|sL}4rdV#&ow%a;<SWF4qLFJe85DR`?Mrj#bG
zgsx>cm5?@Dw?#-(8GGtrx7Qx#^P}d_Bh-eoSz#9J)rfo8{q~0#dc@U5^EyN#G>E#W
zEL-{i16l59%I+KhGH#o|>Eyr3#k%mPpmBQps|l(yZN{+$`LEH$-uzev!4p<$RvKoe
zUvq$@fL5_GK>kqBG-Hn%rn+*Mx7ivryiyUH>ee6@4)e;pI8bSD*)w6a<n#4c2;k56
znS~`zb(LUgkxmxwxSq4h(5xn~hP5+W1&6T;Ajl+jRtaDmgl%}QyjkShL8xq4-Chh7
zj#?U2sSgG6qAfGn<F0v&oKRK@Z*e|6P_Bg3ORZw++?j^*l*=fyg`QTcH;$5gD+qP9
z9befJE#q8_&qzl>1wYr#Hws7?;rj4WKagTxywU+ZbT0MrPO!{a*in(GK)E&$JZp><
z2hS=#7<^OkF+KQ&#Umg^u3>~SD#jiW32T%HS8bViOqiTh9%(hAsiTKtw8gU#+Jn=t
z>moLzuWJKa@Yi*)?6hVtOQP#(&P@<jSALyhkC%y*DG(qfN!#a%>K3&Y%&}xWW5&XC
zXm;BzmH6unu{a|$v+^k)%Y!77Kp_**1U<EuvxKUj?8hy(d?bd3gKLnmzJhCl;$s8N
zjBAuc+uhqB$&UxJ__Gg>tO!8}!Yl&?9*Io8G<3`KOCzs{Z{aQhEs5(+mAOXt0_>Eh
zXqlciCX<-<bn#t5(kyI`5RDW}vQuSolj&iYItuZ8k@<lyV~0@tBt)jk1^4p~<?S-E
z6hl-pHoj@>XDjqEA<mf9g^jdQE+{cLmNUvg^UT{Dkz8i96pF1`hDjd;uNkDu2F!=<
z<}f@c-N(=${2~lH$mIV6LXJU*`UQB0$}7d{-<ZcnawnBJZ06xqDSd%j((gzhqZH8-
z2z!IcJVi`sge)uEY&n_FNV3G|uF^7PmP|ijo`Gg*W`$K~^L$3nsD+2<kCE=!0V^?Y
z2qNm^(fyCR8o5@rymw=&^N=TnKQcl9cG;@X#4rq4r4>(q88c4U<ZL&5%YXCVY<eb?
zZdlHBrQ{Se&EOiDpHr!rPSey!NHqwh%ZNW#?T?h6j2<tAyW=OABF3jJp%ya2In_&8
zOxwbN3k0_V7|eZosax^dByQ&fDw+p^$fe;(kX^zD4)0|~#Mm&jy~A{HL@F+kcx)y>
zj)d?1muW<NnrhFx<5Yh@s~CUeA)j}z)02-rV9!$$AmwWJ{`X?*VS@NQXo`v!CaTIX
zzPO%@SA+WdixrzrO^bXNBj8M~`dTl67$!&bm{6Qb&D@i|FVnNKILnvkwyzwU<yy(Y
z0=LJ<XUfY8(1E%YiBOAF$l<!M9`~CiLKX?zGQp2wrw}y}pQYL|+t|gZa&GSJ`j%ik
zvL;rIo~U%-)+*3dJ*MPHz<o7<y#$l@Dh14svTh?82L1rdI<iQvnH%Pg>F%%KVs3<X
zX}Twp)`E{y%(jvAUMd?_#K4)$aeUxv<(Muv_%nf9xiO(8c3gv2+H8b@2&Uv{@xw*k
zHN&D9+@@nnz_&c2kF3&EQ1)?Od(ZG5yS>6`HcJ>kn1dMt&(G&X0msMqAc`bWh-@_A
z7EXlSZrCUiWe5w~)be$Dt?D|}HBT@TWn~Rot(ufkV5?4_&qT=O0y=G^^fREz|1fW5
z^zp2<bOPAA%ZcNe3Djps$K;CT&KZ<gNOeHe5g>EqGoYgN@*vh~wB|1D`m<faSm#`|
zbn!3k0*y!@H{^xW(O5lejl-yl8ffy%TDA6+tmHj%)GmsBHrYC8YhBPQVb|@qW3d_K
zEzm-MYD*nfE5pwK)up!pQ`SOkJWH9FVIK0>7DIY#cfVX1pxXT#ctV8*VNo?c&M5~=
zQ6<Hx`oFP~l~6o&f9`r+qxaaXodjsuX@hOL1~kz2vYP}+;u&Py8Uo~Yj?un~m7<Wv
za#=#S1J;V|$Yg?H+!=F2W#wsDF6WtpE^<2Xn`JPm!_?tFTe63Z<1d+L-4y5-+V5Ry
zp15xbJbmAYr{?RrFFdE$mFbE37Qxe(1SBbE`wXyBYu<vD%t?uQ8f%1I#k*#OXIj%v
z-2M7pDw>?|Ht0FBw=!=(rBf|`lF^KbG)n^(UO5;ubO#36a#V>F3Kr%Jq=Ai2Faq^l
zE>seE2r9l^RJzf?xFAnz*QxFa3LcZ%T7xWx$4Cj=J7nZNqGl$QVD7!SbF)*(D<l)K
zw4W9w4S_JvaKG&i#^@qXFl7>`)W@=PM-omz)a%^q8@k@m<91F3i(W%8lMLi84v!T?
z#vnfGEntC@Ju1OebUdiAM$@Iz{QL7RT3n)wdTXTPDn-Q!@j*mIH%;gQ^H|9OSJOj}
zAcm;`_#me7nQNphyCQYNV}srhAw_MEch``^spG|?L2PG!m*{y~StuCnJGdc9fvvA5
zD47cO#(dDhg+P#>%7F=BVpAwgusC^}wx=Q73r%2z3IrT%U0;~x*a{UmZkD6_V<9ap
z3~%N*<1A<fN#xO-CJaKBVF4Q?g1hbt)%eIzKit{n(Dg*u0%Uh%9vc}0Q{6?+P*%mM
zL-lAmkMVFM68JPY&Nob7l*NICxNBRwU*V#dO2e|EtuVJG;nK>DBVHqljO`ky*EK%-
z+I%&@vRMF30wB1eCy+up68T452-0%&-X?FGd(_Z$gza8s=q(8R?yEc+mLr3K88IGj
z)RFgYN-CGre3~?EV<9D6GI@kK@Aj$}Z78jA535LDD`@oe`F!Hu*nD#Jz*Vgan_Tpn
zL?8XvU;&*w^tnr~^4d>2D|3nh4t0<q0d@I~;jxr(co2ePm_tMpWQM4v0`9#WiX^_2
z;Sk=(@gc!(p>Y~S4^b;XavK<;G}u)SGByi^d?9g?N=A~nd?Uj1civ%c#?{2Q@{qkS
zdKyC4D`se0n<=$UKd<Jw5b%cT-ES*jPL!JQX<rO$#SX|>?@OGzr1NRA&#)4lu?vie
zjCcC(L5JeJ`Prp;QplG7CQQc<)k+xm$0b!GHS8DA_UjiR!fDCw(kSgmd}D<m2SNe$
z@!kh?2ikkrtsFB-jSJx5<S1&Go`K(?tO#bFt#NDv_K=1yN7$)0s8r5qXlXvjv746o
zG||xR_h^INhgSMNF&fo`xB`j*>cC>&awsbdsv1QdMco4wwnYXlx&vGhgtcz{49va0
z=hP9yDH`*?xoqNiy}3=4m@jGmbQxN(_i!BHu#6l;u8B^JK6m|U#4sztM7*nWssd2o
z>{(Rj9@nRLM4k%Wv-#Aa^QSmjz2}5MSK#g^{nyT0O3%uY&zH|{KSRvyF#CcTTZ^>G
zZR%A=e2TVXf9x=So#Nd}Jq`ZIt?obm2vk-@SKOWzH#uaY@{ecSaz`{ER!)+tsmmRy
z6^(JHW?~b<lg;fd1pPwGVThog21|7WE!evCl=S|ic1l9Wwj!{<w;9v@%Pp9O7HbjM
z->E_Pl*wiem+ZsX;`2-@v!+WRipa+*RC6|o*F^4p;k}A4gObSDB9M{wf+oLuwWs}U
zvflQogb7C0f1y1jA*uNdYoeT&mooJ7=b*cArS;Zf;D>D&%@1x4iCcOi?_;m1y(?nh
zOVn~Dr_md<K0j@stCuh9<ax$Z5u`C%8=N|@mWb8{3pKw(crlNwWD%5cse4hNy4vst
zlf?j3hrpvXia>rSp>Wz3{<Nf4PqXgsE2XG!#-;$*xV~zp^-#?<H^G)FCcWpj1%g=F
zI{K!Rll2FZ3fo=0E>3S@ecVw}V=?}qX6f%S!iVKg?G^w$P$2vCJ#Vq6#}-}}(Ww*+
zMEb;lYK2v4=!z6QTaz8NT`f4@F-3u`2ij7(V<922cUCY)ffRm|7>WVxbsYM4c+V>k
zp8G9GO=l=pDnbu_a~sbKVEM4xc`PylB&-BoaAYze;CAeUXO)grC$cobVwB7t1q>X)
z*Rc@|Mgs6mv}DjME6kzfUw~9E5thstFesxgC{9bjM0zp=J{%rQs`%yN1;>qbrTxjL
zMumJy9qb=R!87GF^P~+rlu?yK4t=C42)HSA2u@K|+QCs*T1ca>9i^O_tENyScqjk@
z4v5>3LIy#*BGAWTfk4`3%63f<IIr+j1Zm(FqXJ{F(V#{`!$08hCe9ngC6p>rH=H;Q
z@PKfz&vPQB=f$U5Jt;vGtuR))92~H?#&yNfnOzczp)|2%%h~}u$q=+jPd4TZ_$Q6Z
zRt{;}pvoH=)D)yFPu2H|Ky*DoX;$sClvY_7n1frSW~HNSW<#e0H73$)khVH0QPW1_
z+{XhRscQJXpkIT8rr2RR8n8A{Bn*&YjtlHdMl`@{XyLF-lY$w?!4>96YTEpj0S;Q!
zqEem!v0MKCI9YMBV`RbuV7e$^*{^DAe4KIYfDMBLw(F&VyPOshCx&;4+~;OVk}gbM
zCTjDEA<EvhvU<a4B^79>ER<%?sm;LgYb+zEn3~J?*r))#Jb+~+)@hwp+w~pmEjAGu
zbwpq-p0v3`jl4sOLjEkc_*q2(R%G}g>iVek3814Fprn?Iy#XO^why_+sH2lHs@sX&
zuv$Yl2w{vt7-wI>6}xq$_j#hjmQBI{av7Z}mLVgq{{f1bYzk2rI$4^2om$y45~<*T
zxdJiq5Q7USaH;4j3M7#iA}Z0NOt>*K0UL}5?yhHYJC;6U#89i1Ef6W)c~OQ9O*39X
zfpDTmsB)7^Xj>YMOvp_7nKt|+pA*fLnoT~=Mf|cIicE2`PD&RUSA-oKlu4@H+RiRN
zTt=u_C9EG{Bkb6xed-o0z_>_W0NFmxHX(l6K}#g=#pQK5L`x|cAzU_v;%xddiV;1S
zvv-Wya$;svOR3aN;61AF20RB*Y89o(RLA)Vk4Q(ji&ox(^2SF;x>Pb|OFl^}yn}0e
zI4=DVT*`1Pj7o*Dh{(ax)r2|_@(f%J?b*gwJKFE#wf><F1%W5Cla}ARcle!oEk~#2
zQvQf4*}2KO&&2lh4XPOk<tq`tXg8{ac&pg5k90Gzz*BJUMTj)w3*@|<F0gJAHgf(W
z<pdTeaBO&M2cb|G%nhYZGSwOv=G$-IxQ>^4x4`?>ZW_{t)p~VbAYWi1iQCf@TUQ@F
z^TLL5+oi}2w;#5uJvHh-2<aq!S-d=}^yY0UT`#zbp{*H968TVHl|Oe^=xrK$0(?l=
z8~_KvtR>myRmiN@=2YxgYkOpD#Xq7-%A3$Ig<gt}PxeYMH;DvX&*K<~GEyp4!wgQr
zHg7KXt)8~B$8hzWsY<3Qey~IJIFn8)ZppH0b#*$=kq*iIi?6w4uJpPW!4-@UA(ZCl
zzOwHK{}*c&{l0tjh=2m{_hSQNkb}{_@xDm}hSAjOaoj)Yj|Zs=PT{mqOKw4?y~{NE
zDTt=oj26fAId%xoIwuy4*_2ILq9M6yYjHA_w6xqI4Ae-IPbUTI%L*M!qRB7N=fv;y
ztC4~q4o}F(ERufAT7uX?01b6ydN`U2h4!NG{uwQ3B9e8XYN`QW6tEJLyL#ThT<!hc
z7u<zPW%cX3J`Vu_6)I9>6bYYVem$@gz#!w0b+*u+`B8|C3lg)kLBB>a%jf5~UhebK
zm4geH&8Zl&x5Vth!E*ZAGt37DAGcsr2^A^?1OgJnzZNu@;foe%;_v<UXFF6MiARQK
z+e-qC0`EJA=uOWCcZxxGAM|74Ykw2KHUZ7;?`Oxlo4}QYyU$qXAj^aGS~|`tW4cJa
zA7TlDx4pBF(lCj1_ui^U?4;9p-gJ%jytRc9_<IOQ$CX<|pg3foVQw}${n~|tH$Jd6
zhnJ;e4Er@|Hn|H1tAgO`@=LJp1AhhZi3$%<2c<!H*MIj2jqpq2)fLZuEs!OUJ0Yl@
zkPsjt*J_-ne4*i20h@!Q5sjiFN<c&+%9q~50-Yqr$K|m1E8y-VJTxHe+Ju%!ctOO0
z!C<ytp{@Aik(QR6v&exN*?iOt`TxzI!l6tvf4;+%yr!~<)>fQiEtmf`@cqO%^ol}#
zhivKxy)Mnz`EiS}V<bR}AF@n-&j(lRN;$n1ACc<d-!r;y|L&9SXMfFef#%+2@EUpx
zkVJM&rCR@wbXs-~2a8dQ8)fX6bA)6z!ZJ*6es4+!q^hHIVcSq=ivVu&`kUs;jOT%}
z>=~a##apt`XK;SS>+n`Wx@mfDkQHh!;xpx?D`pe?7G4<`a5X)2gUry3e-2*uY|6_#
zx+`9TT-z~18ue7$GaTAuFXc@x5liI<y3|U2Nc>h=l3X4mOuI8!kACxnyDBe<lEIOP
zDzci~@{&?n)4=8qa2w1_eMCa6BEQSPvIb%ALhLxn%zUOt9j1ZAG6(&!ID9+-;7aP>
zTylOltLSn&=6Y%5;0I1pih1tMw&bJWlX%35haB!3A$n4fG+FBL41CNER1C$Zh%<m&
z>e}dF%a3Z34C@^Ltq^VCva^C=YxBkN_sLd!{Dsql=0EXBmQst($WoIP;w)@KgL8l1
zaPNBe^+vRrjD|T*k0RH$d9^s;>odv(08;*(#X#Mqf2Pc3jxFWgE>u<6h_zQOp&7(s
zZ(5FKVcH-@MqHEhx)kxOm<VzIG{|k?ean^>0Lx~d??UR0S@Kr;8x*f2N6T1p{x1jP
zF3tu2T><|aB>?`NQhCFg7`kM<o(o>@wbbBXT0Ng7eKFCp)^jK*d91cxyWCy2Um#;E
z>F@Ogb>>cT%?E1se^mo^{1^f?>aY$L=t+m6k@6^T9A~gnV{i`^fl%*_`vjCz5Xeei
z6hRdjlG!KGlmMx$3{SN&J2dSv3(lwh&)afyS=)aYSqo4mT;phv4`eX2PBh@~t8=3;
zP(KM`L=1>93KpRsc~tKELV2}Qx&?azE#gw?a%va5@UQyI0V`f4HOoNN@)xe_ptN?m
zP>;J>`|ywc%_saR@WuT=z2cv_OUUIP?U4WHe?Rmu0YrNL3bE!1`Qv^45e&b<2lC_4
zp9z(;=z|Dit(NC?TAu$YdHzBcb^kwesAu}QzxG)e<G2U0++$NW7N4?xM!G%p#n0?O
zPKuZVDrxm%MqS^HJi74TqJ{R9;~RYwAIXAiAlcm_dR#K-N%@a?Xfa<e5f|nMgl3eZ
zI;EX5$?_<ah{Y@d2$e`2vTR^E&+?bTT!gBD2q;v9JMvAC85R$z&$~48Hy;}?;{1X}
z!GG&8hbJ%{^s`b+1IM?+6?1>GY?AE^`h%6Ni8RCzl&yeIr?_sG%m6{x?2`XNy$6_U
z9r~9EWBin;2x+xKLT#BsO~P9k=m^yeg#*#q;0Uab_;Rf*{T-=D84ov!K`^nu;U(Tc
zRbHlxztRl0A>K40%^L-{9Fnirb?!2@ozl5#z3c^0PKjqERArQhjIbB-MxkkDx>{-#
zw6U3UA3r=&{3i}n7=#wIfOU%f-m=%TXU~|GQBzA#HBRR(M`5}CxUn2d4TxxX@&a9G
z1}imDq{dC|y}*4!&7wCqoctqzkw<6&SEW9=wdQqnkN0HqKUrSyA+I9i)`zRq{yr1A
zAF*ek*I&vU!P;jg-Y0xZkeKz65=L$>`}it{ooud1=C1$o1q-sM(uCS4-uzhcV^C|v
z#Ac{?*IJ*EXIeUj(FZWv^5yYP;>N>`;ZjE4DaI#FAX>qi`cwmW`Uu@;^a;0sL2!$F
zad%ynyA%}{IhI$%xyvXu?ec#UhGjQOh`)v+&Ff3#1W>g=H!dLKQ#f6u+%wf@LgP=h
zJfJa`T;(anuT0A9DEUgd|B{h3adN52tW3X>uOBF5TTP0M^x}w7n)PKy9_BO_2Man3
zejQr)z_A_4w&M1#sy0l}BAvuG-6bpyP166{xaYqq2pe(M9N$mUIwMWDsD@J%VwIwL
z<S3u<XKM`uf)=Tdy#{3+ySQla9C^1$Cl<+8xa-1_lQ7z-H^tO~QDurdsQ=bNx1HuY
zv=Z~U5VitcZOO}%sK7Z$=h2$2kYQ0eSex(sWb?{@+AZxSSNH?0b)rN^f1rY<c5EYd
zK`(DU&c$m3A0fgQ3N0b$bmT$2s8y}XO|dXIhMbk0Bq=!oyhNN+>xld1#{SwX%m*7E
zD}ebILdkkp&4dy_owNnc^ENKRNdBU3D{Q8UAU&{A4+PQi+&rNpXeOt3(5xS=>P^Fj
zAKqub(MO?K;Oxw~lccDZDrLKtF~~~|DwTYdfOzo>j1WlEKok~8jupH}aD;sHMs{o<
zYT=|b?1=?#Zi-Ea&nG^A5n^<~P%1@%BP(wNHwOEKH^?DTFZV2&A_3nAptYl?ABEur
zCQnSj9)urFGM#-)+H>?{VY(lwg_@D0gr4vgl2ng8=GmQJJwSGq0+a(|yMg-#dZ>(%
z(3u;w)msS{jk;tENcn@6=yR#=wqBMSvfRhO!%{OmVVEpjU!KuiSkyqH>LAkvE)1e4
zP<eu>d3@9oWw?<Q^Jyz>vb~5*8R{2#x>S#_)MzFHfrK>im(Y?aj6GdFlC$w@KNhc)
zu|H9svdtskl_(RVg7hArGN~p1zQ5qG^??b@%HI`jwAEW;=JPz0zPP%==|a(4u{&E=
zJ?i;=_V1#^?$eU)Jg|c{znRq<fiQn)dtPu$&phYu$1lB<v9pnEW_M-}-3?dNOqRA%
zh}asOP<V*2SiU0FknzJ(vv`?p0KU$Y23CSnV7fB0f++XHV^RtZ^t>>V+6jUT1wtN<
zKM<=`{x1Nrzvsb6;VJ<K$_}!rIMmbPKG^PW$`1l#%5+IJ!NckX5*tG=8}z8CF{3;b
z0<Z8$#1aMaoHe6jkOVkI#!KC8rE;Z(ubAWJ#|ru4iIvArnQD|2QPOw(EcAi=%CE0`
z(fcfZ+ee*`@uo|@X_0-b!Q%Y%LAwS5Q++F4(@V}Guaa0)bAx8Rwk8PQgT$E!R7t1~
z2O|=jwjXI}9xL{gqHv^3`JBHS|H%S`WxlZ@g+Atfw^$f6OS;*r==q4i24`-Gt+Oq7
z>>}?g?lWV_>q*3^<pJAP0J1mmU^baC-xpUc-Qn%7T3>AOK{`f>(>D{}EqUa`s#tfB
zJ<Y6n4qHWkoa))NCSp${o>_yL^j}}z-)Wc!g`vK_sGjk|h!1&@I&gpeU&uh9s&ETI
z<s&F(4Qv}C0b6D#YN*_){%saSQ5k5eGl_(HHUyF)w2*zHvywu&e<Wn~3IQwTKM`y~
zT&!qUtTTgPDdzQLXj?vzx)vJkHsOhq!514~jF#D*<x54D#D#?~SkCXS0?oRvb=TWs
z$Fv7CeeKS$&|GPnc5c6Yn>U6p<L2I1Ab-nEHRMsc0VO4lfIvE_s7fMyilE)!V^C6m
zGcTA{3Bb60tO?}^hg7HL)Fw~uY7UQz-1G!Yo-?5;CyAvX!QehyMLg%j<nfPLLe=cx
zM8;}ym*@q$Xu{i+TdSvD$b9VCjp;;!!sdg{a9ldLx#LU++973jC?yA+&_FV@if7{q
zLxR+`P8$G(xaG4cBVIsxDh6*xX_61#-)cZLq6Qh*bnDq^cEf}S*(2v1ep8Qu{%N6e
zj%TU+tN6G4+Y87SiV@=<JT|X>hAq>9rW<#8b;7&GevdQtvE^-?iF&Hs8yYbGKnQ(*
z)-RN}1tKzxuk@CN4v@myro0bU`%v6mA=K5X8%;yt@VGz;EKqJ`&{;bTCwKRaeWt_)
zORwyHsT=($k>%Fv)VhS+{_Aia<6w@Z9oS2)6KmD#GHP{2f*BP^R3<F*5b$GKB5Yfx
z8z~o4?iyh|N;#q1kIe7Vga|a;J81qBp|G;cGEdfGN4HtPUQFSYMQM~0&ewQf`MxJ_
z=U^X9g73L!*B|eYAVB#7SXx7TX}hKwzCq8)j1AQv8yd6sK04@}fB94hNIq%}f<eLd
zsq_n&z)Y&NCtk>4R5VZhI2l{$OObL@C?wA1C^C4mf3AZN+Pb5Ibw>wBZ5On6OhGW(
zvQF+2bQv%Sn@^lwe;IP+&JhK06P6Akc)*!LjRs-XL<lm^9KuAJ#bwuNkBtB}O&~r8
z(2#lttG2EJ7HXzh#P*Zcnf<i4tpl(WV_Cd_8?JyoUR!uS^R%O^fyF(kEReLq?s_L_
zJ$+PP=9#=LV`ap;jV9A<K=Veh%_Fv^E!UPgtaUvV8q|;04+;EvN4UC<^}JJU0I}Uo
ztcTSN5Q5hU!78ed+fIHm`q1!9l8=4wHJ^Lk7YwWryl36m>@kpq1X-aGg!U`mp;-WF
zGsa);St2LI^Lvlp&zN$YEEJDuH%t!0&`<Ft`cd_|&Zcd!d9Xr59tE}zPH*ca`ci!{
zwC*Y!y*SrnB793&*EobA?6!3=x3+V(NttEI_)@xYk8IZFa#IPczReV%;~0OcXPlms
zG(2ryGBU3kgXWDQ#~Uhc_?T&Zf*+bIuU(*2FxEzDel1omSXLwKvhy!KqTmmGjEsPx
z5LEPTd0drxcQT(Vl)-}9cW+oQykqRM4=j#r%`6yob?*w)!D^94fas!!(nk_dRf|g-
z${)6GDs48_l$sk=rRr{1y}iH=l1#u>IC))}9#Zf{N~@WV&c{7Sg|aR+SrTuN;vjK5
zBsR#eu~y-;SU)evI~Lb)NR5&%S-!@k)bnT`QwDCSgn&ftw7JW^dF^j^ER0_%O3~|!
zq_}z0dTYcsO+*>K#7ut$<NH2&_3dzK;G`io*5*34iJgjv>A~=6=_KPic(X8b`P(Kf
z{;ox``YFR>O;dE*G#7H~ypwze*IU{IFlFUSldL2%vsxRrIB{v4Hx!mcyEZg*QN)=P
z>(QX6WS^$(5U?<HC5dXJ`%Xzryx;7Rn8_3@53XYio+ThmFN8C6WIV&nKmdn!%2xQ)
z2yNt&te}sVJ{g3`fi-BtM9!Hc%{1X9t7E79?d5x%uXaM6${KRAn2B+a^9_nhRCPHt
z10LsxCmN;zf^6{laN{&I;WoqY&a5lK#8g5@?Y!UjQjN;k$s6m$T!Ex*Oc86}Ub>)Y
z5f|<gneU6f4e_12qpsNBi<kY4_~T^UX;0F%+LL>s2^gq=P`or(zo|KdSoH9xJ#Up7
z^+SU#Z6!*JTUrWvLJ+((mxJvfs9|U58d$b!&Mjn!1U+GN0b>e^1eH6qEdF3!*S@bk
zYmCR_SbjV{m#H%32V;59*h=E@HF0y2PddC}tbzYYo?5Lnvo^O;(^lDANJ5!1)8LIj
zPTy(MOKmtB3zTmLcGBU^4m<NB5CFEu-4zs5V|e|BZbq|J*$xRINTD?pTxLNcJ`y#X
zU!v&9Ftovf8~vv-Jf8rT%%!<>caZkE8Mu3r0k6{sNEv++aVBVVZiv24qA$0ZkEYU*
z_$mszD5%T5>DGt+qSMa{yI&bEGN<oJE|GA+tvC<G*P)RQ_;r~4+m<&5QLs_FsqT0p
z)O`k&o^?SwDSLMGhelj?XJ%SK3tH)}AUz%?-skFuVW&fDX)BtW<(I=>8{Z_-E0i7^
zW5gNS?z}KlfWNP7zqTX<Z304h0wb=_<|+E8jV?S>`I3ENR`b=&KJ&E+#AJ5f<X`eq
zp3AthVjX{}r(M+`m}Fbs$qDk25M;9#8{+Y_KP=6UlWgw-ZRf1?h}SMg!NP1}=v3(N
z+6}eY+B>+ID%uT8s=ennJdAr0NSU^+javf=O>ytU-#8S^rrWAQboA;)3kwEb+@<(X
zkld1-jqa~eT;>kFe*Np1h@9c#v3_F~lj-;*0Pv1j^n7U=YX#y5Ou^AbSmrCs=CbY!
zON2KhNn|UOiuG7xHVb002w;7dDJf|)|5}g*b(Wo8qTa5{I(ODVIczqgi^0L9U@)7!
z_?9gM2iwHGL|(ec<Wnd$?+mqW6OrtxM^41uJz0|1PL1?3r9Ew_)=je7l70nL`iRRJ
z1M@8ercp9_+aWbo=U{Oom8w{MLAfn-`a4X$h-Vj=ShLV+ax=Y1?iGoUDcx&X>w}3-
zUX$k#AwHr8&x9us4im*RX_QK*9u6u4nYmDE$Z0+<XJa8Pu@S8v+1W_sAZ8nvcFc`y
zgm(|GCI-*O7}Y(G-a~}LHzt<b=8!_;RQftqTwbeQp#iAp<D=8l)#?KABPDT_70svc
z`6&m{D@u_LtC5**x1_WY8@s3Nlm)MZ`GCsdbeF35&RxyOBssi2@GzBUmG%oFDcjch
z5bon<lyToca0(r4EfqATS+&dS>q}-yx+^FQB{x}O#$ICcmzjxDEUo(@_yUiKH?4k_
zCXYJ4-0790K;cWyk21HEe=W54nqFgaQOX@3aGfLw_kn?w$YV1VzCeqpSq<(OZL-Vf
zT*pqchDlPErP>SJCpL`=?FODuh2qKxZ5dXNGNT}d$1_HR9`i7wbes@#Ab~r<Bm{~a
z)_vT0@iGLHS>kQ2ztg&k?PfX87Pg9JMqbmK9;u;r@y-_(ZTu~SR`GP9No#M4aM4ys
z-DdJF0PHm%^S+{}C{BZsh!nQRWZiK$l5wEwgOkS=W{KIvqci1P1W~s*bm{B6{JFT7
z<CoKY=qs=xZ)M{lpUV_Q76+`=Oc<FP1&ss<s<OpuF?}J1!ZKWfJx3Bz#G$o8YNlgw
zSb6v`{`$8Q{R<H&mh_{wVLd`)Bg;pb!N$S}HKM?LS-M3TzUZN;3VgX2KA_^Z6{8@<
zLl(qXCA6HP$SXWm-B7&EKhj-2``m0XMS4{h*Kk}BMN`imNRpB-?qQ+eJls-E;HI27
z#jh8K22P1{s;s8V7E4H{5xR5}Ww(a)W@4_-V?YZ{)R;(g7A1Sj=P<J#{)w5R$pry}
z#8CqgO8j`Nbvo){?=jH_c=9*ba>Mxfk_JQp2au?H7O9Ks^R8I}0jbm9@V$ezUn}hr
zP$fl_Fc(6+4W-lSKsg5&?kio=^xRG*kJzY!aQ#ldCPO>?H;h{K#5Ik2+8`u2c%0Xy
ztJz+d&K&u{Iwi#!d$Z}om12DxdorVJyHXH?sI9T-{<37U<;2hxt~?uam(aB7fzmd8
zF?+oU2*3S=WY>AKr<YY!vi_4nlAu(Ux6TZutw`}O8VvbFoJvkdt8t_c77@1kLIQv6
zIZ^I7z{QlQyAq|!^dXJ$M^Rd*jw55L_fSI%%xL?M)nMR9QvIqLjp^270`!NGtIRE@
zo}-Ez;|RcP^!yIquF}{jBPBqEKp*V>HCsvs(ne&So$@w4)>;ZY(sL)M@D1cUDJ}%)
z`f-&rZ(`_Lj840o_&9E5_rMLpR}QI(D8P2IE_H-mwG#2`1ApCkl3Y?rL_*4O9$l+V
z2%S=3dgXRe^(7!^yNBIs-I!#;+t?8>dq`|)ha<TSq<#qz3I1fPIoA$(`a?Zs?I<Qd
z1XO)Jns}P|cu2ChwsY57Qt@q!tegZAV0PpvgHiuxHA4A254}xOw=xUzIm$<qf~C`B
z<n_4(L8OrzO`^#3(N^VlK7Gi);+&u~oDn$NdFdI;i#TXohvFH0;t9HxD`{6yMo0>{
z5US{WeK0T0<`(0wv+QTYpxhF~gAE%-9WiF$txiW~)Fhg(WWTWlO6f-f%q#>s$|A$b
zX-F&P&&3gFb_#ojJ++h;>p%wX>F(+k$2thX>VLa*6@z+hA0=%-(ArT=!GWEhbx!Dt
zpNYm;4-0*W<Cpx#%+)H^3g|10&#1m}n~GI^EFFxZwe7|(>pr$ZR9%@p5R&tlA}>kA
z6%JItKXkI6ButW)+(HOTv@(zqZ@y$^Oo`w2P}m2gUOjXNZe&olPhq91^=CFPDWIX+
zA&jGZ{>*kMauLGp4N9up<U%9Wznz#J9~Wtu_S=xozGIIEQE66q&xbtGmrFJ61ILU+
zuTmLHWbs9wC}-`i3WBp=S?lx2-t~PLBe{{AKK)wdn;5Bzg~rc1l2Di6Y<?|zPjm)r
z5A<Ji4Yl{)GHFM{+9uZ&q+0w0g5oN*OP2XrInw4ErxC5KciPoFVUKzs9&QspvF?*+
zj(CIli{4P=t%Ealp->=LC;biP$EbS#L<POQLTGuXyf=8ZDO%R+r88W}RT*Ai4A?(j
zBJ?StI6pch)WrAUp$(pLL+|sS)#<^#X!wGM+%NHI6(d4Eql}Px8D&~~(@CG0oe$H!
zn_ljJ?lT&p7=L<8gVb$|fUF%1k$o54EY$HS1rbU=t1YWMDte3s7*?y8$(CHEkbaD_
zF|O~-7M-0^d=uB|e;(5^6jZ|wK4ez)yRo3UIG04z@IMXa(h@A)yhfRz$@>KE!N3Uj
zaEGGx=t#2$LF*sIr1bo@b!B{z?8g*Wo{jAacPjzch)1?Mguvb6qIT~sGBdI}*bDxj
zQ1Ya0s?C?ujaAS3_r|C|=ri#7itQVzyRzvOuC>+FRZo@s-}A0@d6#bFNTtMUl$tET
zOQKYG<>h?Ly_`Eku^^+CLoMw`{7?M)e2Lm>My`2wm8GtG#c9EI(ep0*?wb9KNP{7(
zdXH+@9a{X=2y*Tg<_SuRm7aAy$W$Kx8>c{GeKVn4=bMKu?n=PimG|ZNI`aH;&y@Rl
zuIL|Ip2nBD3-`?{Hy)euHaxpX4`yRCBs+Sz>;#BAW%69z{&hhO5Ht(n55O_;Cf4%_
zwoHvI&Z97{MJAMMRtea{tv;{CcjI_l$pVIOE7NvH+iZbA1)Ok)%w7F(eo#T7uGyEs
z%wvh_in0d4%-v`K3Gka7U13eV1?JFK(XBhlW?!`);G1n_OX&3X3pFcdeZ6-+%?d^+
zl~Jf?1iMcz9=Il)#AY>BgQG*tA86+?sdN8q{Aw#MO}k`k$JlZ*lk<elX9JO}55<`U
z$q@0K(O8ZoZ`}W`sHjZ7Yjo*mM))*;l_%2X6p8JpH_6o5J#BgKq9EmD?Mj}N08VGH
zv@0r?HjaKG)8qBAOP!_E{E^fgDGSa{UHpn9u+3RQlcQAGw<~Dup1I@_=i!X~UAu5g
zB$}>-YYwlyi0$e4(ap7vj$o9fAXRu_D+WU79*O@YQ~w*jkBTGv6lY*veW=_<0a!YC
z>NjXuRa#$&Ck_^J?-jV7O%W;!x6XEI(p2gcRz~-pQE?vKrLL!*Tj?UBEB3dtZ<<!E
zVyaQYCq8YP_Wb0h60x<PSvzwVWj<@W^kC>m>;pTV`>=ZMEj=mp2mu&RFcmOgGI9i0
zO!-LC$g9`bTEfHB!#b44h#{}FSgM65)Nhf%D!osoz=vukRl-$$`YWrMaIJ*zd&bnz
z@c5-EfuQ>Cjf`E$sJ;p4<dBiGK$b46mQSLg91TqFOCGS-6#Bmss|L8JelWJdl<T&W
zK+I%7qn9^3a3!2AimPwlq<Xq;VtoR*GY@Pk;4Y!`3BMFtj+x^k2frdj$-yc(Lb&rz
zO(1Z9000v}?7#W&YvOe!C)B9ktB>RmVg9OqU1Gw1EyA><xPUW9yXbc+*$YKe7tkc^
zG%XQ~0}wOJ6r5&0<u_}lccJ%$VTnl&2+d&fs2k=q1m9X^fded}NB{?#haqBXMr&tw
zN;036A(TK(BJQ_LE9qYbNVaO3F?9{`$9}6XTZW|N4dffGL{2sLG$?i+3a?vyhJnhD
zxN;V_`CL>8X}6fF14A!jIp1ZFBALFGHWwa&*c3>Bmmg}-VG(`Lx9gzRIA4@J*&+i<
z`&7e}Ha+gwy64ZGFWK^a@aDI4c8xL{EFl0hm*6%iwP28I7QQ{8q|x64Q6Lni+3$k5
zlx|q|giOiGp!SE5T$vk@{}{!@C!oRP=j%bJa0?go$!~+IiEu(yt7w$lgGfX(Eh@WM
z&*J%msOP*X;knBtx?YUU9j2uG@@W28u&In=Guf9+m@_H8u?l#HxH+O(UNwreNrZkh
zTcTVzAkep9oj(&n278OFH4WzGZzG%2qU0=v=SrfaIqHGeS}|gP`L}k38PlXhm0u?!
z@SA>Rg*5aa%thrC2R>hSLDJWCQ)Wz<{qY7h3(Eqk4>{GZQL`QrK72q3=9E;k0y?yJ
zQ{_c#Oo}<YaG@v->#MZ5Wr!l$RL2`6t){?B?dk%trs*)z^ERoqrA;e#RYBJ)DP})@
z34T$ceflBF?hTTHpLH)7j`BaAeUVCr<Vke)>EEfK{`)iQu|PV0FNVSRL=Y|T)$M4~
zRf9$8dm6qLdW|ZMCP9z7>z4?)lV$H_BpH?aK!4#XyWV)=4|;4$${)^eBpO4b=QjND
z3%|QEdyDhl;KpF&4+IlX&xeA7#kkRPTNxq*R;M#%UKoAy&8fH7gI9su!C#DxWoLYP
z3FGzSw!L|I7rY&&V6o~TxZ8M?$DNT0Y&e^TrC!1EVFxf4?YT=--}e^CN1*;(QowDa
zRu2(~<@DH3@(6fw6WM_-fF3Bdqv+x<aRn6J_>8=5R2AE*zQei)=1>PGK=Lv0ps;@L
zR*4|S5jPnS9)2|~70(mbjP*wem~rE2>q(+kg*q5{YboeSlW3kQVb-76RL@!^w-se=
zdBG*k9jR_Wcs|^mX}GS~E=mv|t@lq&nvoEut?q9?jLD6GgzQl&_4f5~v22kdhk-sH
zxN*#QI^Efab+3R9?Mly%Q5wiy9!lYP_iTEwV-)Ps<-$VyDeYfkIg-aTOX^V7FP(!A
zt?}lqJLK@L0Y_F`kIuXG@#L;)#7>3W77!=Tzr)-L{adm)2rtzbqB7<p@t|sca<!&Z
z%dVoM$u{gip32fF3LD+=;#l;e=W=*3zTWGWM&{&e1X%PyOJ0?0;McQlkeT~sAnvU<
z(0mt+E*BDK;Bik1QD5Tu)hu~CKX<(om_;jeXW|D2ydf24WiWh@l~D2MO6ZE7oPBEi
zY{C>+Rg~ypfr{AOPP049Y1w(#*ER$293f6s1k{Ck`!_g7kPfDZiH44^s;E&58`}c#
zV<Q(_0S(9i1QD-VJ?~muw|)b__0kP+eX4wI#juPD!c%6WQnL-n10sQ`C!`&&yG$cG
zMn?DniQE$1qPgP{q=?>uQ(XARH~>=TM!1$+v<d~aTm#2ir>&SVzR#O_;GZNiOG!|v
zf7OX1XQUYr3Gfk^yVSrXbNV_ukzox`?V$2R4OM01oL^)|k_k$1Cti&$BN?nXK0HbV
z&=lHyP^BZE3zUvdGFipmgLT$(eA(}mpH$1x>WXL49ljJC0V#z257D<W#%-A40^>BF
zKh`>osJa2sKq6>YEI*aYCLRzrg54=FA|2d3RsptN5<EJ-#<h=*97bZ8=PX!OLxN)G
zqIZt);fBo2T8Fl%046rY1Cyg0LHQbWx7W49>7T_uv9nz>|J>X3TYl5twMgwD5OLv3
zq>Y;=rKFq)*taM?zc|g;+J&gNX*q6vUYe*x+bNn!I<V)Ut%|aLA(2^NYaJK-NP4;<
z*UW6cIg}$Ve7$)gKbF&uzk(i;Pum+$Dr@V#s+^`iZ00ylmM+-BPSW_&esMdm2HKVS
zTrR!EpE~-t&Amm7we_zLPBsVoMV`#@v(B%JbZrx*ms-$lBcYuKDF}Z6r*eLj*foGv
zIej2i5g%le`{Tz`i8)v~G)bgh&A`zCVzOjoE(ek=Rf+e`?|Fjr=r<rOod>Tk|J$QK
z35+P+iH`4Ktv|TS>PH+gn)VoV_#bCIM~pIBRgiTq;mGrU_NuiHY1<+_<nc<W5VteX
z$ITpkMG<kc@`QZpp8}qO{`JhRW7lb1_2>uCBrNT@5tiMy8j=0_@+{Q~RI6_HHDm26
z>8a<~opBI^2r+Cy87SX9%2%vo(Y@<6<(exl*<`J3t`Aa?!9kccY+IBOddSkgkboFA
zQEA<y>o2^<5BH`|qO$iRPm(CZQ*iBmIBl)Z8SH|smVg&!>++GLzgyvHuSW0p^*a4?
z+1{)b*YAe~yiJ9e<MOEzg)P$q;TFF=gm`p1;UQ+n*H&=Crd1#-M^*>=EUOU-=)L>`
zu<Kn&^a240M5|Z7jHP~Pdee@44XZ${+UV6!VL|vC*B}<y;Ne!SKj`0<^82EQbzXf_
zhn|_NTJxTKXd2ygTbA@%&GfKh?WYAixS7%WV{^#da(2@Ko17xjqEIw&Y^$)z0#S!6
zvGPWvEi%XiPN-Gm3|pgC8fjpV&=rSOejWC~Rg)hn>webJMh@GXs|Newz4|fSp1;GO
z!C9~T)-=liEY*Hk7CFh3HZO`(?3LTMe{Y^@rNwyj-V%G(SSwD(9r3;zmh8A(eSc&<
z;LMyBg@7<hF2Y<ZJD*b%&|1A)?O{GniKR%Pn)inH&?GE9-#v%-(hc*9iI7=2z%#8c
zSsB=hk*DJ<m{c0r&NGR2Fh>dFJcV*V)D-&_>8kxa(M)H-FGJ%L_(f2M{d|B851sp(
zdkkI-4fNDMF4b*@r5;CpMqFVOi<}K5#%5zg5(}ss%B6p~7sapmGla8B!PnJ%fE{87
zB%iRXbt<RD0Y(FK7$D7Ng&}{~AAj=r$`g^CSfkNwKPwrCNzeJKAI!Z-1WsJIeqIMp
zKAjaGpPbBFhtBEk<`L1W5FYk8*%$3g2CulnD4>s#H`dOl8#yNl;FXqD?rxuGo%OUq
z4TH&BNMFVx;&#m$UAoay-Bj(fvxS-q>x{frQz3{(g@v=XJ_BBzV<zmu8^$pT(TEMZ
zt=Jq8l_0sb&@S|N5W(a=ntmTeV!s8MCWLN9Q=ke~U)r=f5xBA-1Phn)tp<H%;531)
zc(Grw2aG?5H4_8?ix5ge&RF|-{;rIaurldPHX1#wZfkTqn0zUn)*02rDBwcbVhV`J
zN^Yrk&%d>sT9BcyA*lG-)kshy)w|lPaWmqS=_AM_USIQF(BOLSr7MIVe8770yfpl=
zo<PW#U#hIzKir~vpWK37uU`kFOuqjf!?{_*v9JGzNaBFEgv!~Ac6+*J4waw;O0xtm
z3tqfubGl==nckDWS*Tx;o;W|CC+pGOC$FnuL@`GoU_@XCLrHbqLD>c`B=C4=eSfSS
zU`jYwL)9MKr2*Bba5aCj$bZQlODE>N_oIP;VoAaN8Zd?5y^!FshaSdp$2ygM{FEQ_
ztF1zG96f_R^&s}8piZD*nb$tHfjs*QMSXR&6BW{@Z{aZj><Ire1i67;ymMM=hUGYp
z-u{<pSC?9^ZHUt9Cj6|uH{+dd=}d<k{E8;d;31wb_OiBsShRH&mENfx&F$zo>T6R-
zQFP2W?M7oHw5@~)S|(kS8G|LpvfQ$4jbv)M5??!B90vk{<807VyTmz^odc8~aq+0h
zQ&N`$MvfE@Lee2&K_c?Kvf6s?($||Gk$oa2h4>>fJLcZ0RVP~ak~lJHCDKt?S3k)M
z^0NvLm+XN_Jqz(vPDJNyMi-GtPg|NSn?3)-2G^+?tf@A7#VyZuIYp`2)WoHa0VfDy
zr=uv)Fazg!pl9Lv8dOw+eu7@sT|w4vhRBx?FGOyYl;(>9wxJ9Kyy41%W{}&r0UaC%
z^^&S7YC_yc^|3hPc9Cfy$fg_)*N-@fOtSy;oWvWc`pIUuYD*s{HT+0cGz)_Zl2aHH
z^$bT;+MP{IxqN&~TJoCeh~R5Zd|$dzi~!Js$7<sC@;A~+Xwd(?K8DG28ly?jGYy+j
zmXa}CSH$l%x;;(76_|8lULZOH#CZja%~6irv&rs>?9E54)Q47;qcdYj@BeW_S(Zus
z00XgCx+*)u$w?>MHG}nPS`lV@#X&L|2(59xk~cQ8r%kK=0R~yg%^-V)K$+LJYoQmb
zx?bB>ZWUcQMg)20{O|z11TN<2^INVRq3UMD<HEDr=KJ4=_SD4)wK$2~d7YO>Zyni3
zXeuh<#nErwuLtE}c2OOhZ{r@1%@274#?PNt3P^g%Gk+eB#l+3k_-Ar9k|0HbRJFo&
z+mL@CBW1jM_;?knUuDuhhxnp`>PKY<YI8O<<^650MAn}}rvauke_j_owki^N!QSL4
zb5-7~X7T<erptCOvCCdoG0l}MX-#tQ1!aFG5^awyQCd~ybZHXz^D|8u&kwOR^Vy<;
z)nYfj)pidoqzI`>5$wCAdhI1^!G6T+<Zj~EKA&wG%LC!%gnvG9qsI}+1X)Eo_vie3
zGl|8h7cM9CKD^T|3J5{S_@6zn&5gpb<4o)jGGtN`7}h!r78af7h&lT`=-@-c!!|#(
zb|^i#RE%cXYPpEg5T)hxejFvJe^}O>H{3|<z~oTc9*%EpyQopOWDoy66o2r)HDvw*
zo*R1=7oaDF04d9o4RAC`5HEE+x6|~gUZ1jx7b{(6M^!B<!VS&Un45>zJkTqJ5m3_L
z##t*to$sYO|8c3MTQ0ri>R$PE-0T`X&{7C~^u`~=@B8@oqV)ZUS6b~Z%kb{HC!~rc
z&-2D&nXzI+)a=k~7b~69H#>od)!CMk>cZWN5Z8>l@vm2;MU(MYwdhj6`tO6z-a5CI
zxgpwCWtq`pR$1;A0gX?UBfN)7!#CHW44_Q&13+HTR6-ow3r6Z{;smyy4BogsvrtVp
z#lKaD@|_8=#K5&s$bk=GB){&G%#&S*heE^Cjd2tBiMuEe2Yj|$gEyIf*RgN>sj|C0
z&m<Pg#YAsMJF(ebO3df${U+VVE|tch#p&V2cM$qCM7lCtz^6emU9UW&va&*>zsB0#
zu_hWLaPg=+lJ-+0%}Mj5H5U}zE?h7_Yapbm-XY}4LkJyGIiW0#QB@eILLC)d;{)1d
z0hrZ}HB%Uh;4ZBbxoIr9a1!~C4z-6+9ie1eR}lC-gvFK6&+|D1U}z@WHfc4m!vvVA
zYHLyf+l9$kL4+diIdkFY7Zn*6gizhtvI7>yfQta!Fm?{~uq>~c)TiaUGq$chvsCoc
z7?Z11j*rwx1MT{ki9oah9E&;E)UA#_flq7Mx15zje{o5Y1~Dv%v{CnbK_?_r{KPm}
zem(ot?sNioisfRq{TWN<Kz$lJo8Y+<OiAR8qIIDrdGLf~h1!WuvyMr2A56vUdE~^?
zW@w@!vT;2UdGJ56fZfUC0&SoK@;h@uMmn{mqwA4LQ)NyuSL>hZktt<F2TQp@F=(eJ
zE))-caY6k8<KdJby0R~|=X+_H^id4emuN<<H`#7L=v4hL8VuME7`oD8+|7cx4e^x%
zRs235c)dUC@c!;r4yvQQr1ZFhFvBZs=Ka$;sENQ%UprfYBD^1Xa3oe(>E>2{w^2d`
zr){3($U5j>M&W9NccZus7BMo;w2g~i-7#UW)wYdM)<CT)l#2yk{}Be`^=-67=@RhM
z!ha3a#2gypRg3>p59lWiaskIGkpNe;uc2gH*Y|3py$(@t>$m%d5=*MqKjnQx%KL3&
z!b4$lHKbcd3KP8dkRNP}?q5;>j#&85-=U7HIk%b<TLH_8le^IX%xrM8R4`3i0Xs^i
zZwT<{|NnZx3roZ(4*YvRhQEw*!X=cpA93Lr?E+_GI{t-%!J2*&+ebvr9U8vjR}7^V
z%#tFSh!gL*Z_<x*#p!dU8*^i!E+4RUqN|JPN*E*2!-`GRS6$!u{SzhIVjOEHQ*{_o
zDGC7DSu9gaNQphh?%0U`pLU{3=Y)UjkUfoOUXIubM)6%}U`VJEWQ%fSJ}#(5^^ZOV
zbXwA738RY?8KhmY@=hl)ju-xdB}Q3hpbk8+0oNF;i@MCZ-qKBe(v<_<{OHaFto(u;
zL?dbz*X?||;wQXT<CY#auitxZoHsy6VF0?S#s`LpLBsSDFu9ogDw$Vp`(xmyn!Awo
zb$Uc4TqZ-7>VK*aSbJDyu0-T>&G-H6$0A8dw&Gq3{9yXpdR2NgdRqE#O8X3e5t`$0
z)%vwK(4K0W`64xNWvR7Moxlx@@L;rEo-@<zSY<na7*c_hVV^!T2((uoGYj*mG>`*e
zQ0V~_D3*dx3pJvu$w~+mQr3Td&@yvlk|Q*4&lo(3*O?J_1u(E5pIQmnaP3kpt;r4@
znp6T_FfP|QCi+b62dj~VM~@c5Oq#$bve2aS3|2p=-4|0v2PS|3UqZdFtgpA)C~!c-
zU=B01VI@uUuY`U9zHCeq05f@TqAu`{U)BLT#Ef^Bt@U5q6g5fL&yry<@@xiuGU~CZ
zx<8>}QmKKcDiswA&Ya3K1o<N>K|oRb9y8t|VwK%C$p?RbEcmFb8Uh4ltkV!~BX+Bz
zh4aoIJbd=7Fcz2))zq0ho%9zi3?+md6s&&Zp+sWtfZ}Ex{Uu*FN=d5v7O;Mn=fw-n
zuy7rKMGSW2ZT7yr%wWQ{ZosDM*Q(AMmFZFFAm5U6m4m^mskUl!XCz#OcgrBRFsq!^
zzEpimp{~eEEZAhVxnTxr<LRAY!4O}=PaL@gr^e-_&%(l_8YqQ!Mm@V(fltX0TLL-1
z0BcVa5`sl{6$i`mbVYMvWQe5Fz_nC)5x9Pv#roD%Mh`YL>Z1ZgNl)sIcViG-1c}_h
z22;(e<UyEv1iHh9Ql?lP<GF;lcygb|W=fSKbEclSgEE)sKzCRiFqQo*TfKR+x%tQi
zJ14gW5R{rHukL(T01@kdFS1YR5hMU0_yUAsV-^-j6Q6CA&!>i$GT6-J;uXbu;`LAj
zP77D9tB$&R#jx6K;DT>5`wotXrV38w`2PC~n=_osF~3utBfQ+&dQ|qHp>1TBb2`oM
zJZ)hPoAc}6T+DD+fkR~DsFB8`PAb#-!YOJj0gDaF66k|^gj9ZV1uThQ^a;2gl@!&v
zf;!jN=ge}!3-q_WQ-(<bQ~%gm#>l4CE2%zrTJz7n$2FhGH-3SI(1wR_4IO#YIPCUi
zO@<m@bj>sWgzy8`4>GQQ#iaaz8l5)$aAg%$IE&Wn=;>TV^}W!VXAQJ6Zwn4Ht*XEn
zvBnWo9}XJU00e>siB91TX)vy-C?8L%CaF&r5D;Qv&I%c%wqKGn<vo>?`(t0EMKKwv
z>X??xTO=108C;!xw>%4VN`-iv{`4Ey*^dC?;H(8kG{dd}cGbgX9fpAU+zl4?2=eAs
zT}NOl_CsYnKXIb!K3H|+o~tpx;{N(_=~OEwG;r@gKLaG5Za8A0;n{iZyix#e2Ldf9
z5j#&~v05+b=-79}jc|mDe-9i1S_hah&+LX+P*+5=Ae+lDjMw$+R~K*KQc#x?^}#C&
z#odh!tw17xQ5p?15Tf~*!x%pLjE~f3qQ9b<-_8cwtzn30k|r<%k01^aqqYlld4&;7
zF7*tK^x9!(Fa*pN%wcB|lthw=rNPeYfe;)KNUwQG=1=WmW)(6ksza<LJ#1?3U)SH<
ze4SS*g?qf6nIYy9cb&I7T2??kIgfD-pnxA-fnMuVG)_AzB!4I^3tdyR6r(_GFF96>
zq+v@g*DlnP-g_jh`C%Q5#OzN8Fyzk=$=MQq^TTOu31$uRS~LS`4m@E*GvvUp*pGcW
z-dPNYA|VE4V12~V0l4tZK|e8tuL$@bpUqX~Kf|6dg~JzjM~)V?2?koT($;#{+S=1{
zA?Ns3Uq9MMXKH_(9iXoH2|M1>+N@JuFz7tFbKM0(O}Jc4c3ls#Ay410x~ftDb;&vk
zCe-f_3EYma&okInY#iN820w8DvZck3a@JqB`Q-}VCWmEJMd%ua4eKG9k#2kZ$X;)V
z(T4N~LxQ%G97mM80=AU%-6{Ek<^;fd8g*ZzHf?IBNO>8GR%K)49_b)MqfOOh4N&Ku
ziO!OTb7EcTY!K=xZS7(dPN`W^7X+g~z_-s7?LL1Cz;lDn&OZoLfYv|swq3W%hP->M
z%biB8Ici*&4xSOs_?-13blscE>HLfCy&htI?sCftC$Xh3BN~|CZCgBdI9y<bM6~3|
z5tkNmEX%)~8Aa1KT9meP4~n-o3_!Lwt-_HuybR1DloHpH7b2cwp*?%H^fwy3yzEpR
z0wAOXI3P!$U1A6caf_7DZc6+DP15`<L;2l6)PQf)P8=i3Fk~q?e3`U2Ja{Q3DvIIX
z>l<lBTB!?W8@%1)7TPeHk&?c&h~q5YI0c|<(bDvk$Y_S|=^xx*J#hK2>PEt842n(6
zO8++fj(bhQ2##-HT>dkdla)vWKO2EfY43+9H&oSbE*h0m&etdfLx3|dQQ{~U4vYf;
z56D7*QVCtYDG>lQN?e~Snd0G0&wny}@_gL&5Q#TLAVZiX1PFM8rLMHMWGwPq<VB{+
z%W7bR)X&><h>0spx8^MU_f3XiI$pdKC9pX=qH}L%4riM{dhvoES*{Xmz$M;q#$t0)
zXPn=~3(-m(eu2(yvw8`#gTf+U+w7ZTD6^sCc~Qj%)I?Y^M!N>Z*dL@Yq?^mrSO%!Q
z<}}MjM~}q<5?^3xx5U}Klooa~KDHaC=DML22jFp-UqOP#5Dp=s&8*Fjt};ZO+%sgr
zsG2oaR|np_pGj1U(6L_ounJ6_mp}|<6sn|wfHNusHaeRPP`d1Fv<2P4erl`3^wiJ?
z7=W82bn^Cvc52qWD@0wP1H;BFj2x+)V*zm-3Ab1T5TZ-m{<Qu5*G3LNI&}fANAdmm
z_=H6Ffd?MzYMxyfmII(nU*|Wo^nQ5YEPaTVHI_S7(Xjuk0GW}q+fJBXMYxmXG5<QH
zx52`)C|<wVF~{F#8$1qn?&aQ@XN7iUrK%rCKe*ua#;(=qvuF|wh7|tAK_MZ&3TsTA
zp;JZ)bLc{_4&Hl2ejR=SHkc6@K|MYi$8$%(Ep!PUuSgy`{)li4u)+p1sa1mJRLTx1
zk-}2r*$9uoX=iX#paZJ_9PK33KWil7&Ip|krYwq?Z%Qw)8dCWJG++CIlOf1uWSO4o
zge5<1Hz>;A6~*(T@KLuCTuA|QW)LDG)#)j*-arXL{Tk@q?&XnrJ;69c%=t+7m;Qt7
zJ7@Yb82gtP_DdHGD{M}oZ1TD&U^%{2zMGq~4=vKFcB;{X)0bWhMY4%muw6P!ksb~i
z$PS&oeh=@i;*^wLm5mrh_Eg2fBWWS21Q8|*3qx#Wq@UH_sBc_Gif)BToz4@$VqiB7
zc3(E?UI5P(Y$^jn^k-=0S53m?Ih#EQ8_p__Xs&gAMEXHZC(;24D_W3+)Zc73lJNXP
z(NZ9rV(Zj!LK?t?BEIOzv=$+PNAa*iq<`m<1uL?@9@Y*Y3^OE&_-_)N*yW`^K5@)i
zdatE4)3qnF)mhKL(8+8^ziGQcp^b3`tGa7&Rta1wN_XF1KZTP9R3Jc6uU!bn7q$*1
z@{U~wljXbg_C9o=Uyuho0}ccX_f+Ij2H)Kb77^MZI@%x*uz=7Px7cs_3*)!7_g%(+
z+~l9Z&<FE><M+Dl<o}j`4vl#xVItuG&SpxUVRUB#3s_SzqzqH|!Y|`QYfz|xAk%<-
z+S6)5^0s`(oIG}DpZuFmzF3yu7R%z6D~r~fVtEW~%&Q|2B41A#swogX78TC$%WnY%
zl4Lo`mQ6rIBoS@c7G_+FkuZwIu;b|ME7(`y3=7SVmLeYlDOV^4Fm9O2BO;;ehr@Qo
z$Poyoz45<3#P04bl}E=b*M#jI?(QN+p-(G7DiS|Z)HuQWJ45O?0MtU^@UW&AFf$xf
z%F*4-wbT{Qz742NP=5XI*iNloWl=Rk4b{ssj>*y!MV;Rq9u~MjBO{B>EI3OyZ{Bg6
zHzlt(75(pPKY&IgNyRjaSq$n;t&h(Go-a^uYL%+RPpqxSVFj8LXlIzbJ9p}*-e@+I
z95lEnJD5dA3bPK%-U4V&L@{?`l7fV}E?Iw^<zU?C;%A0QD+xH$WrT!^)EHqO$XlVX
zTKDu1M}k(dF{1(LMM%&I(O0*Y9|VRZ%U{^Dj(`s-nN%oDO9J;k-xke#Wy&39bFHo{
zgzrhC#KgF`fzmY4EwK+WAcvbFoKbCT($~YVHzcB|N2?h0`!0!ov|nQp@b<n^xtnIz
zYHdW)JW#R4M!+?f!0_wV%L&z%8up-Dj#eaD!xngmL!pNJ5$-a@Jfi;P?HFvO5{dJ$
z9gBPdfA%vNg#10@|9FEKtq9l8Z}OkoRf^kB>=O2@uP=AgYHCu1fdxJ!Kx#B>K{UfY
z%4JCV>q9*T;O$(-o@D@(nz5FB`%H`bk;{Vtpj7h39q||j^#mvTHA3#pnI7|+jT0O8
zsR~@l7O+kG3#tTVb*U2PCk2R4EuuhK#Q_Qw<Wx3r6v^GW0fvqTru<^;sYHW}Qjecr
zWl%c;s|>?c2CY!L0y``;j#&hJZ9G|bno$7&V>+qQcOL#k{SuDgF>!?OxXqh|{hmK3
z7At`-e@8DMo1_$kz#&&PfNO#jPKY{M71k77Q*i89vl|%5$<dn)JJOIHACHVe!VO%Z
z6-OvRMiUa^kvMk$n#Yf4@Z}H?ZAi$?weaFhObCAhyCQ&*47RI9vn#G)*Jiow7v+<e
zsrBgwAAGxjrfnc_2y%+&F8lT-X9+EFa8HqT!atEa-_rt>B)T#vV<b-jl9l8_9;B6#
zU4sr{6;LdNQ>vXP=iUJITXFSzX6?vGe%vA?NV}P}Cfd?;xYh*6@$bJQoC#feLZI%?
z8EKM<0HAkW=;|6|%(RTqthq`g?$9z>^c?=<!;CXG7xv7|%<1kv_y{Eu)xR8=f*4*u
z8Z-3iV@sT)=#7}JuIRUXijRK&)Rb`eiX!r-cVmQ;(4*S;&K09-Hvl2wdASjh&6|kI
zov74EdG5)pL6`s2Bf5X~P8f$hmQrY?-1=5F_oZc#TCHFgL{MSwr>y5u`XagwG8t!2
z);(CE6k!8s)8Q1;G1<UU{c%v3%)D`G2bJQSqd0<&SHfSbkzHPMX}$_&f#22vkT#@0
zU}ACBMHRNN=Q8tP5-qVV4uQi@<Xn8rU2b&boS<>E`@#Zvd)?skTgG58Z(?;8RLSbq
z!Mxw@VoI8FtbwZ5GlV?`8$zRYf9`g+6vz>*c%?FV*|?;@@#J?7Dn?)2Wn`@v*00Zs
ze6Bm-v_WWW(cR5rXzszNrU$+GIA;aOZ>qzGlm)F53CFQSj2h#FInJj{jUmD^33cec
ze(VEme;*oOpyz{~#@Yc7FzNP04XNkc=pIIDqlT}~yt!;-gLP`9to^BLYnYn8VX5OJ
zZ_jYbwPqyKE6edyHI+P2cNjLwwIsgski*pEtM0HDumm7Oa0Stf<7Sml#;Z4T!Wq$w
zaPih;6=qAVTlPUl5-NqHvwcbSzE|*1{z7l7-KSlFVek)D!Slu@eeOP_W#$>$X5Jxz
z_~#^~p@cr*Y>j!iX2Y?Hx&+;R>^}HjonEefFbf@;Lrd{VWDerWfE+lWsIgN1#K9v;
zVGe^~6&kUIRl-6mowQ;b8pQL)BDa(&>@JIGCNHQK^|Sf~COFjp=GhW2WA(+DK095V
zP~lkBaJlpI9E5@hsYl4Y`}QphUX>CmtL`id&OKo#<&QnTL&n~rv_Ip2($9nhg8<a|
z(2kfQ-Aq1(v)=-1S!`Fr=J(pLoFijjaxXi`hlxJbzJJAa%sOZl^yBT=79YOP^uK3t
znD_)ZUNKB`UCVz6H~q!A*1rDP3dgW-ORv@Y<uv*VckO69_9(FaCL!lt)sfOOTS|)>
z7m-iybyEWf95{{*9c!>+d{{l<E%cg;`VaIkuEFBZ>v<g#3E6;~6ArE_yAt#$TMGbt
z6dh)V&Oz*czq6nWrPwdL7R+;u3?CBvDpL$TNY;}i>OXL}-~@CfC1nd1{<!VvpFc;p
zFn!jhXt!Xs@FxUt_#f(Rd**hf?Sroa8-|C2dDnzMsYG<!6eh%iQpkg5g%*NjFy0Oc
zG&tq84(|X1s!XMJUL0bVQX+4Mh_r(A5g8K)LosIzOO+wOwFopv4rUZmU{^#RTWf!i
z!S+GgCMGd4WI5?wzCVv^l(BFtYq;=RR`s({i;x@(8kd@t3oP-@F2NY8$h2_X7LSUM
zv&1U!(HnZ&rwH^^zE2#WLycEAEc?&4z=*<Ah}%hm7-<EjokgeKBts9U(o&4DOZvcF
zyZx&l*Zs_Hlo$hP!!|oQnS~=Z5U&u7U;T!c#jv)ni(5vmsayH>!;WD6xv&4k0WDmu
zx^P;wXn6|2><bBGS3y?r0eQ${tD8}|V#gB{hx<%McLjk+&?~5MxVw2%^y+|3Y&`Q!
zMuOED<no^l1F}hUKn8Y9OtsEfE*`E$hK-D<&k8mRLZvy$JX8zkh!|@s2tGPIlV{td
z_lzzDF0!%EIo_5_fz8QOBuPx7NNXVrTk|=k2I0t35!Cgz9$q=X0>S`i*7W}Q{|MQe
z<a&9@4c{?)Twu`J`}JB(h!J&CeSMO!2;vZq?t=!crR=zm!`n9w`B5Px$3%IsG5HQi
zeRq);OE%^U14v7Y5PSymo)@9*AYS3U<egAyBAF2=m7sG<jZi2<ssxGkw15h@s$?$8
z9!ez$$PW)2svr-EMR*95L`Qpxl4M<7vKXpL>v36__PSeX0%<(}9-Q97_B}_%^n{s3
zG+>RNVl?+8pDe!V*IuFD>u@wG(BrKoOdTt)1SKeyYT}n8UpIdFyw~juX*Ib2s;p(>
zaQBY$ug*u3O&vi2e4kMO_88;*2vRS+N}k^*?YOkP%b1TA02Ln<0ArTt&^dmEr^_>B
zJ;#bRFS4>BXARB3IVcFPCT8A98NeYXG6!Bph)S)q5@r?1;Y@j903kIsz_W;Of~`q;
z|NapkDl`<8dSt_fJ$1*%E?*uSIp&yiY($QEtZq+QrAC8%kMLcW{I2;9Mho~7kz7Hb
z07Blh!95ieiOXZ}t?|g$xUKP`-VN1|!NGvIJaMiUI%{!TTafpfQU$f!EB|<Q*d=`v
zUFraRQ@Om_SHFLCgP~{cdhg<I`78Yflh^g_J#L;SIy<?&b&r4(Cpxxon@@^nJbBNH
zM*FE#*Oknz_?_6pG)yra#;^8s)(K92;z)L!3r_ZczsA78==@^ZrCuzaVDHOXyyHz}
zcTv*g^8H%muu9)Ov@ZYHe55p^AP&(^U40{MnTb*O*T&9R5U2=!dn33u%ADlKE&~kb
zUr+n@*Rr<FR<;9rIo_L|ZB^T@*ZS}AzxCDG7nHG?q$HF!+*UY2B@9}0$140|aOdlL
zOb%Em$|ODILm!$#L%AxyUH^cM%|!vbIycSkR2+iQdT1_srU_Mw8G}~NrnZ<|nn1LA
zl0TRVN2pl7zGvTOe-u3msIOkz$|#;^2L#1Yd?QE;AFUFV2?_^}ic@S(<%DK>^1<ki
zk(C^k;*w35mDM7Yb?~X|!aE)4no;M@MOINe%m=q+U`rbz#z?s;yK*9DPd|Voxqg{6
zNU%!$xZp+i6~%Gc?D<fJG*u+C*WU;b{h0mzSzk=|{SHs9=P$38<8mc2qnu3!t%C}(
zDvhYQ=%L^jhuCtA{rx#h_La$PNE(~o2$f>>_>@$=2m>kSCy$Vf0oOnueJOyTmRZ=W
zuUOX<Z{4{bY(aU3WQHc1i$fFb4jh0(EdW<fwk+u&2eDI*>K3y#ndP{gN{l{)MePnL
zqSO+yupMK%7(t3HH2~EuKYIAEG@E9(dPKRvJa&o$N}3G;Y$-4%GVm=1x<C-uZE9JW
zVz(uP6IlxuxyGXa&KIzm%yVEKLVX?5uCdOA-z=F-@V5Hp!I$6uLHJ5q*fbp0Pnz%K
z=`T&(5&y-ip|15+TLM~~Ghf0*@UoW;T-}oio0j!AOV4Qfm&59F6FKFE<@5zl@IN*L
zXqaJ8@Ta|t7t_7&bUI*yDa3*Fi;DqrxB|+yQbHdYR%%E~PeVk+U@G?PX>X5tzy>=4
zB26ve-U6DksvRrkZz(^I%_<Jw><BzC3$$UEw}zm9SAd5*w!`S*olxFY`HLqy%I<^}
z!}<b5(R`;|uRsZ}MajrJrhQ+B#iNlpE?A=wIeS+z>~dH~nRvp#Jc&Od%tYjT+l(Bl
zTD{mjrsptutf@R=Q&SkTWhXbWyLT#PrY%D{-B#T~{0ve4^y`d19)@{q*iHY#_46mM
z^u245f^|GBwwLfjs@G6LnARBzOC5;rEGbP?+E}J?Q;e|{5wGDJ%-`Wn8E;q@bChAF
zozm2Pp+JFG8Vr?rhy(u;LnxE|f)j@FGx<t}Ua_!d&6!93XfcqaCxaCTYD`4v`ft2J
zLXcdh#CFlYl2r)2gJUiB+iKhyNe~+a#bWYbVDEtJ^I02A+xBB?mqv!^CQy^Q96U*(
zI%Kbx_MX;RRH{L1i!<b)3F!OM;r$9;_^@RdCB~+Q8m^#3xG$KvAIM6u+dR2dL9(@N
zZkPV^d&s5R`YrdzMs75PQAA)y11CHr)*zKOV%cc+B;bnjKr~cbFynPSw1)J#y$2~+
zmn;v|mxg)98+hRz+#4x>5Y_=XjAuxS85imERQw9V<WK*G8xN!+`S!LjI6O?5&1dU)
zG2y$Jm4+33m8+gS8WR+SO`{-vH<~kkzB0S;084Hc=L{1)hZa+uf?H0VY6*r1-`b{2
zta7AIk^Qc$<BzZQO+xvyMO@&A0?>htgis$2p9BQp-vF>t0NmTs7gy@Sytm+XLeB2L
zQf07MeX@n06)%K(Hr|Wq4!KhB?%V@O@s%#)t6VCHw-eLcF)fHToL--2qWRMGBSky(
z9en2`-R^Knz#FN|5YI6;!kDM%6Sbp30C(?}6qmwX+)w$RPX?)ps#DW_jp~A(hu-~j
z(6(+TZlTjG{qdgG9H-4oW3@;l>!G61?GxoNiFq+xWL>;6Ql8GO+L>_XjBYt+^U<SC
z9Vv#oV2xX1X--jvF7W*JRcCz+kri;oJlW#^AN(I0p61@+YnONRq|f|k_lMK@GGtRT
z@$td_c$o-d|E8BAoXJ14sR0RKLZ}a00`VM_WLa%Z!L}K8s1vtm0);45aS2way*NFd
z1Hgi)0~7#6fp`_+6lD?o1606<E1>zDD=LUGBO5o<(KO04sq|CI3Ix5`m;xeE!)UXn
z;-)6cW;35r29{*BnnBgkzqPl{D7tR%EwqXgvDzqyz(AnTkN%lHe0chwM}PuL6@NdD
z*kwtpZTL{CXL`uvck9+Y_A18qvx>cV#DNQ9BPimh)5*w0QJ$Y`#9^nCKWz)H3az2^
zluw2uVU)F9q;koNLAydkuUE+zHaRXbo@d$Ets~3fk-EjG8cK=v{g;*GJM=(2INWO6
z%JZwT1nyvh1^0}KBEq?&z^rP{h`k5`p4Mb1`}}y_w9h37B4pYrI0R;6EwHxv;lkDt
z@<iEouUEN0wGX^T9y4qvr@IWM2A8H#Z`eRP_b0DyvD@Y4pbV~RZMr`=RlRDDo1S`m
zwS8KUeWbsAuQt=Usnt6=HrO^`zd9`#yZUxYaPf$J=hWbRt<uDk23p&%Hnr*cSK3;C
z98sknW#<t2nZP*0nifZ5(I{=Tx0L=urtq26jm14S`<U>SP<||uM1t4lz1eUzYx;9v
z_4WYgX*?>O_aH`)t^=W$Qwl9UswF~!$+s-z#y>paF5B2xLoaXZ>Se%Ad(R1w!RhKX
zBHNe1lG)x_2Iu0V{XG2RNHpu12*EQl6#YS&VHLa()P7f1wBm%)+rnc)<2hYcdbTUi
zF^?-!+xVU#FoyIB&I(P`@!l3h7=hYDTRFY!VB@mnk3Se&$WL>jz`*WDJD_Hh7wcmT
z2!YZW-7DQ|RbThX-vA`{6Zv^Jv2h$WBy=0?-zE{q^m@rHqoVU6f5^J#Ha9vTLh#ti
z=ppH4kNNfAw8;W?_}w8>4phk(r9AxKuJtx<>{{tGyJpXt+*fa^#G!@|;wW(J0CG4K
zMP4f!uvzwE02%H<H%o-9Ka!ua(qPdU9{yf(NxImWwzBsEe(2S2xcicS3SuMwD?>=-
zS`UQx^)CO&s-ZpY0175un-a;8+cuZbHux$jw{!Ex-+k8qvvLc58V8C$|L!o-qDe2n
zQ$0P#q*s72FU0u$=+PVrJs}{MLo*??ni>GWJ9zZycSf`(kL2!z5eB@)81zo-^VjN~
z6j!@e?7-=L|ATeu-4v;w&i8*fe@5%iRRP5lz954K27|I6|3n)&6Ea!xOE@7Dd(iM`
z?G-oi-2<`C<bTO9uDMjJI@ifm#wx|fkFq}f)*~CVH=q!&Tuqm_Rrz|PAy8LP+7n(W
z!)B}uLx4+^I46FSc~MS7wwzDef|MmUoG}lD+q8nK`7UPfr5WM>o6~9OdflRVVufG)
z*;i#f!0k^B*aCShx46=2eKP$(6w_l%&nf)fNc^oHm|3KR-jQJX+=(oM`MDAiru+w{
zkABHSlt1yt71Eb+>6Q49d<y2>?P9#JD_p)U3qr@4_cbSgMOKj2S=e7VCr{xXZsCHr
zMxQ*X9gB}=OgZEBm50>oz)WG>mFCXIu5!}MD-uUaaxSfp1j)Vg&V=aSI=YeZEJ;Y{
z<pb{VqLI=aXe9J_Z#pIgA2OO3$msHwz${!#ZWzDE!vZYADM($a9HH$>43M*&cyJ6J
zZexI0ofLIsf>jCkiH)cXs5)nf*Moq@^eP_?IbadMlnqN8kN&y<29dcX$U$*@n`x!=
z75YM1WfSny($>}0ev;Zf0G?<&iBsI&VCCsf4S7@nWo$ZI#{Aqo)c|fLh{b!EAqba;
zewrU#!2*QW(MbK9%dePq4zQ7?RGC(O<1bS}KmV}Yoy8JI1On(8G}SN~y^258j61&O
zA2;4}JWn)BAqH^}bVr*))=?Au7wzBLT0nULO1%1X+qS$8HMh1PL?0jLKCtd0_uDN(
z#dbsgZdsY7+}@*)b>%nvH)ni7ohROr(8bL4&;WEz9aY+ZovBe~-NJ*Wd{HDX$BX4j
zKsI?-=WUl?Fk65WC57=~v4M`3l?(tYz(dJ-Re+5E3*}&A>mwtfh9(Y$9oQkK1ywN)
z)OO|tfW;ILI(?EhI$>h<Rh0r&;#g3u@yd5v+OH~Bym*`0k?6@{GE_3)9~U4~9zbT*
zY>sFYmgsuif-Kvuh!RmK-FPg(`E!jSkDf&!7_!>ZI1}WyUTYv%e&)>@=hVkpO@BLl
zVrp2UP`o*->i|-=WXzZ@3Z;3rTX8MjmMUw=I{@V{h_`y}+7TXVp8fw0OA~Gb?9RWb
z`|t-g){1xJ%GK?bsngwEM~=T-xa9~h<s!8p7A{vsJpyfAKQli@iMMw}h&wvPrFXB2
z@ot$^Hks7bA(7m_Hp(|@0y<!-;e~}^=;9t^ZCH7)%sC3jKvFoj0i5#K=3A&`Til#C
zt}<S@4m8E`Jh`;bY|jf}9c5bS6Hrztm`;XPlW4e|=W!9Aq}8g`=D;IOb?DyATKeBB
z_nT4YmBQEXgxh=T7E`R~2STlo)U6S?!N{qW=wgM$t41q0b(<WWwmp&-yY+l^fQR1b
z*o4|qeWVDdTd5Tslv=wbs$`_AK2nVB{Io-a4;;!CQ%=|2Cg9I1g)hZsXM>>8yN>lT
zOu2_Xs0xl`-jeYjNA9Kv=^rI1_G{92I3?ekgSZ`LH^Y7@Az;9*S1HVwLZxtHcgbAJ
zFoEXu(rM7e2~v{X`zKn7^T3Q$<-w^DWkB~zN#Rmb=EChfwj_n5oU^jBR&Ez+P9=I0
zM_5WZ0EjBQ2X$2FJdmmT%U@YvKAc{K-l0=mx^MXY!{H63mI~Dj8h;s&8BA7}@T<*J
zeR(xJ9(qvseFP+tK;rME(mm{$Xk$d%;NTbk5RVq)yp4-!Y7)!uNu^afU>_F}V5<Id
zScgGc_}~}Z(M4o<W~q>nHcff<Afls+M?MNF-@2zk*f|0%QW4)#YfH!ZV#zx-UMxog
z+qEdZ--OatinD^Tt;cbQr$&Lkpvi%yk;1xik(ojv$k6V_JB^?m_x@@$)h!-|hw%P!
z&Kn4otDDn_fiU54o+J=!7b(J0tiCazU!>bvMtL+ZA`}Fsi&+?2gea5l;-U0Xj|yq)
zu>@>jKENu{1y!|aV3g+rFYfi@4KFwETy(u2$9JF%g>Y56h@k)gIn^hH`wFtPi7SoD
zP0L~YB}9sTq1i6Ia7>L?V9>ru*ICD2f0?qYnN~n`mj_a){)fmDZz;)WJL~_AW^ER}
zk*Cl4QOwE|*s}=&a(AgPbj)JnO(hmn!1P6tZ8BkxjRT+i^KOmJZ4QLEk$n2wZ>3Q}
zb~HesOhqNmv1&svr+O`RjNG{laouee!_=LENU2vUFj`vR8O8urYg25s7Hg--DT`_v
z`J(TtOAc5U?v{$}Mn!wT#GJs9bf+7z=%_oo!SG5nAsVCYdPx!B75$!}ZJ}R^sY0D3
z7hr?en?r&5TsJebj<tR3lFT+cVvrY)(uNCPA9`7*KHAW?4YHHA2HA-Qn&C=cgcxWQ
z8cI{r-5?eMYuw`GKD|^cD|xI~Dpy<pH+_|pn3p$PEazMZvP?I^j5>3MFt3V~O{K;-
zny7W6vDW33ry{661-tNmveA&3dZAIk7Mv^fAh0$S*pF#Bd9no~gGcBM8hlF){3~pq
z!6y_hNkolZtPi;;Cg68$D{wbsdmR+Yr_J<Ed8vxmh9hdmt{j9sRC*(yEy{~4NFp*<
z*eto!xD{3(Ysvm$O=;WfkC&~=U2*SAQTCvQBqqTtA#v|3sn;lF2%Cid>vy*GkB`-F
zZ+VyR&58M-l+!|$GcnF0eo=IZlw(gjfM+1`t|a`e{VG+#I|t~d`c71JsBDGxNk3B_
z>A*AYlPKSPH61GfX4A4;Pl}=owMkrEG8+<iE6{ruDswiDTXS`8Yu}d972{2B^1L`P
z@0V~|C}qqX0pwU1RV-m!bgvjx;b#sxeQO5TS)Y(4Y*AVXk!7APvB`3j$dF>JHF*@j
ze~s6@m5r+c;UrNQ5g#6ftQ8arqrLF5cw}Sl-B_V#bic5=K2~L~QHN45(``z2>&yAy
zy2U!BbEHQ?WBB@9uPT!oFG@BgCq>pXv^3+(1IJ9*b|jlHV(W|wvQN%&1hQ!^qCb;f
zJmm<b2~>rEYztFni~T!8nui;nMYw5#St9vJVCH}v9`NgfB?r1m?Y*e(jbP0@4-q{Q
z7H@2g9SkhuwI{IA%~B?#z`x5oIh?gOpt>Nw(WfU@1fhgn`@flXL0MMSUZOaxOL}gB
znXYuoP4<bHe_H6W?T<J+{u9eN8&hZ|cEu-oGJVaKf*zyX{RQuMD(>grpDUQVn+rCS
zDurEL+S3vu*m(-hQfZ!dSWbj=_ZII~Af)%F-#c|3lyVMsETNZex%iWCO#mSh1jv~g
zwm|5X0|=H-&tCC$7LbaBP=pl)$b<Og_dvj*u&Wfl?3n8;>C8IFE9xWEbBO2%y60iY
zr1)MV=A=)3_0McUcrc>4qLE9DxxY1~jre7?I$&WirwQ9Mk8G=9eb{6r4cAQsVA_$1
z!rf5T@l$dGCzyf!)J`aCcLG`Z*5K~qZedA;v6#xNix#Os$j#OBLGz0oK|q$S)Hxzu
z$Kh6MkECnaznHlN5^H2_W#m#R^@LMeAZ*n~94@dEE*$pDt2QC;xc21K%`&QU_kpz2
zd9q+I*Q2tfbpZD%m#u!BU0H8$)0Joa7?drok!t4^syuyQLr?v^dZ1wf;H7!BC9hO@
z@s25M*Jze4`;hmLAaVZDz1ZH1dyIWzdmn8Y!;1nX!1HZg5r6C+`#x9ivvv<IQV@U_
z!Nf#T^Ri_dn(gtNUh>RLU<<026y&9+xc;ut_bQGXzn4q=ax(uPQb_p7pv6dd(94;u
zOHzGFf^l!zU15pTQK4(cLmRW$5s+Zh@j&a~%HSV91g|Ur5OV5(ep)q<HhTR{Yw`HS
z6@g_rktqgBTVcOXSN`Efsk`@OeVS+?WoOwa&KZSU;?Py?#$sL#rhxBN@jbKG?adO`
z>`BSfx*{V<XO0IJ`vwo{(3iobevwxhp(AgKHaBkMCY?M@rnVsTDhGLy7fD-9Z#AAb
zMs^|fh3H7$t_-vX@uG=8y2rh+1kWZ-6FdU9Uu{oqf{{RRr9}l_tW|@I-)1b63^R?A
z5t;;N1_bzNX?hiX9ho@^2qPvmR4-QrhOXzs$8#}kjQ%tx*0w-e$yv;$;T?p)5ocQN
zVg+YQg=%kNzzkJ#=mj!c-)Vge8-s$`9Q+?2)qK1I9X{W^=?SY9rkPFavYASwPF%{U
zD0nChGYY)ArrR22rP*HkE}In<CU`wN<ogO=Jjg<jIWyQ8yL?BSB*sr;a)alb*wXHX
zlFc@w077Ef23pD9_95joy7QTWA|**liA_J7Wm)qG_H1_i#>Kp?%^Y|6EY0q*ooBd{
zS{b5jqMf}g(3Fz<#?iCXgQw0ao=uk@>nuJ8T~#0?`X$KduPz3F4r1!5B)4F&rG${y
z*<jeFMralWTTu>3FM}&;XH(joVnG-Z+mfQ$VzgzEdRF;3Hu%_e?f1)FVlYp&4!+A{
z!mm(s0)N{IlOs_=_=t^wXvZR<B+|&U-HjzWP!+wMQ>{sHh*8kJmT`8uH)ktpev#6*
zdwi=3Sut?JLT38lC7)IG*-YrheIO?|nu>p|GQ4A`|Kf90olAe}bb8wXJpf^y21{vv
z*$Mg0oLzd$$S!wU{Xk5HXx!+qu*ffUQ~R*iLMg5|+%QIZ|8^&cjApoXVfLG)_fL+0
z+?}`Drz2x|+aH@QrxNyKy0l0_p!3hMG14ZpiLnMhU6G&1K`K%O`~-~>xB`f+hd7Wb
zkSvQjH1j4RPU(Ds`vvFZkp6F&5DwdJ7G#HnI%lZ3ULq6D5=&sZKD#N1U{^wI2iS%|
zDoU-|*g^fWqapA5Di^kevjoTVn1&9tAX1dq^I^?uIC7)`L`F9$unr!fXaZs#?EG+e
zd_C-pMs;t1a=y;@sv0y{=Fg^Ils?-($t#w`qZX^!zW~n{w9aCo6u_<WoKyLN+_oos
zojiyk6+mR!3;@-d1=IxVC{zk^$I@9E8-M~UkCY%pi9#E}89kx6#8~faMQ=X6B2v%v
z+0SCm^q13|U(z(T>=~uvYtm6h=jyeL{bGzj%#-(42pe%uQ@%^}1-=fl&NtpQFLclm
zj=-^l4mgA}5oU!wBZ#B%jg({K7}^mC0ga5z%qui%7E7fwV_?T*4;2fc)+jF6hzU~=
zr5GFy^wMGy=H3l2MTl7IX0c&vwMwm=$z&YaU@8|dRn45yuz)NJ3G(Ye0Adk!EZr^M
z<#4=7%tZ=7cFK?z*A&-ZqIoA{hA_jJnVl6lp~A+UY5-M0s=w9MT@Q#umc*etJ8Pkg
z&O-s3!*?I3f2VZI;X?u%|AhN+4sDdtc}QU4^v)sFFVp7_6VM#%ees=g$~*>&;Vh`e
zq+br}AW}$j5J^ngf0)996a4-#!?}nQlOFwwIZXk(UtW*tqNw*dD+aM^M3Jg;wbCpv
zRWafU6nF%FgdYOR%qw@Td3bj^h%2Q_V&MLw;{TWa|3NK<j(`|NBSI-29<h%DO<?(j
z9}AE#9ciE?dqb#_H8u)CWGyGL<v$?dO&4B5$hy&eLI5(n9|b@o)k6mzK=Y(@V!-z#
z+bQ~3K?=WYRkkFVh6ImFjnPLAiT0@>Sv6T3?wouPbY|va>{hHy9;{2M(qT!i7^qLa
zv?x-Td~7U13v6V|^62Ep(>Y7{>N?}n6>A|St_Jp;cS~xi1wU=FS3j-Jjvu?SkI045
zZov?+WedY4UbH9x6>^w?$YtzQZO6#ginJLrQ*Wmk`^o7Q6<;MM52SLZY=$rq;}HRi
z)dd~WH?MuotJa*~RJ7f5joqh{6lQbXLLA`@d)K5RAn&g0@0vF-L~$(`L&1EQS+bpd
zu(zIRlFx_M-rw0JvPfa`FwlZ^b;%e%sNkTT$}h@>3pPfm67UdDX|><nT&RfV2b5cn
z_ld%iEdxga>H|os@t9mKl}wKLJm=<Z>XOnR$5aR?>QKAHJE%SY=Hn}zstY~;1Bk2Y
z+td8AnkHyUJ1QW(RR6(T{_X0H^M+6Egv@-qef!%?Bxsw=Z;^1%g}-6%%*Reu%j5oV
zxaN!I{^cFsJ{->LxKYf8-D{HZC&A8mK1tJrgQ-=wP9W@-Dcu=imRt03z3UNmm+}Mf
zwOZJ>Q_TTekroaIitWRUEiCjbNN`;UjwdMtE(1=t2z;B34+q8JplHP(?ab7uasW^j
zyQs=*$fm2ed*!KIZNLP3lQW($67fU2!-9)?*YoAEzZPG1)nd~)ro1Z$+&coXO=fB8
z&(ZKReO6nVwPQ4F3)9~8=VkqI4CIxMzA=r41zCEri}JrDwo5f{Uzk1R#8_?hnm6YZ
zU-vF@5j%AqDJtLe;qg;|gVWTLxQiLnms9rbIkQ9iX8EyOg+5c~r~WPLwOM!OiED2g
zaBuV-HaklV>wZManshe{Qk{=>I(F>TIu^{IQnv1=dn_5E?}OA1Ht%YBaf1x%?9Ha@
zdH`}-A{09tWF$tJhDGap73{x$>a3UCu8w}nl|XsMulSuf6B7C5JfmZ!@`<gO-R}{<
z#;Qlqb12ag?8a)QqgMBB5;Et)M$muAr|33hxT+rC3Ak(;_$wVt(Y?PxbaS`&f@h_^
z=&PXVO$$^S7Ld<b@(E#4P*1l(J<FNgjEw>S<~1sa?H%K}0{HlZ>xw!^g`iN>T7!HU
zTy++2NPL$AGBlBqwj^<cgzX$%%}|_#BGf7v`R)4vW4e_w^8H(+Mm1m>$STJMmxd`h
z@4P=Z<~=DmY}^#gWPZ6MX|t8hLhQ|8TyT;LvIz)-Kmzp6e~Pb))k5Js&P+bM1h|89
zIvULY20iX6k_gZBb9{)Eo1Es)&&vp$Nyc(i6{rtbTtcUQPrwtl%fYdH`j~`3!h4Q1
zTp*E}RJtBH_%xxbKfnNOwu86jI30}9c-rflO&ZNOEl9nC8G|43m3V$OJy|ZX$$3oT
zrOeGP5_-UL{Es*(DKm0KcPR20J=-ctSSZ@bW5wSmqR)*jeKU0FoUVgx)Vn`hv>Qao
zJ?o{nfm9)IBJ5nOgUn)EmW$<JgSoIo0ejdpEkliN<|mh_D@}_p17a`$0l#(Y&kcX7
zJJMYmdR`9wf^SuwW>4W-$H}8lNxnMYS>)BWwm*f9FFUVy$>Q~vt8gn%BIHyPN>vmU
z+ZLK~M=Y_o?j_`u?+g(`H4VcRRRnZ$P=U;yXI0DkQbv1^H+P-`4;$D)0;nzqm2Rq}
zR^@Xfxm*=ch1&ogQe!FpBfX$@HyB9t0Nhuf7SKg-&K#7>YXxa+_8Ss*QsL5+xPC1Z
zb%fZ5H|pAXM+)-I*^&-6+ftA(7nQau#pyBO&@-y-eX&fl%b;J<e*%Vw!vOx7l=c3-
zP$Q$hZ%e%c84Ik%<w~irRxU_G26V7#=J}C=Lg=OOV>m2K>TJ-LB22tu8@du1Zk!&G
z&<fZHNcE8GcgLUsG*es~G~6-Z`aSGu?B#>VZ(frLQesp(pK@_6;1`ymPpd8>vv+28
zo0xL!`s+5hic>UNOx?7#lV-RgwA5#@<iEdzj2XE|FoY&Pnp=jd>*@fF6lEPM2Xr{3
zQkPT|sRF+~ghot&GV#&0ftFgUsF%(8{eaQR_rL`O4sc-*AB{N-tAI@@2OaVG%9%Fl
zC^3`<ql&OHw3=o<0+r!6)&hkBf?ufcL9%924$SI<tisUAJ!Oc)`$|FNEj^kR)5szg
z*)csxfev|a9{y}T>`-8KUJwMC=uIOw)DZ9(sPQlC^k+wBQV=k7#S~B?X&0#Z6K4Ch
zChzn<nV?A%)Wv+RoKM$9k87@oqJqL{q$rjfwnYQqKd)T>sU}EMA`q?~j@*XA^1))_
zKV!ecyv?9<Gb3)VqEAhS@fs6xs{?-jW-iGJ*q&_5tAKEQWpe=xe?$RgyBpmJ8gE5%
z3hs261!P<6PLOt+xC{2|N+-SSH12%&nCtJHCT)g$UI8c19NU50y(B9ngYwB~!6^Z{
zeGerhHysAcO3R6Bz)qf<`)w1^L2VEn@IC+noK=h90KeH8BdX^%M!)p5=<dxU&qpNU
z3+}1Y=2xcx3Hjn%JU3mT4b3Y-Vg`~b+QwIHxeOqr(-thU#5ME=G&I#(`a^m;Rr%}E
zouuK)GBsmezAem57@BDXQ)9aIn|n#WE~P4~su}`C+}Qy!0<gmGgMc*CtZ$SP7lHr;
z|CbFch_WFITCa#a8e$|Sk=(H&+!{E%m4FUuEL0l;Y|JK)eSQUljU2T^Up4i4>F@sq
z`nnTFg@LID_3q!-8${y=2{<iBBL_2MmtMV^Ffj}wueT0r2oltnv=XmhPt>}ECiE|H
zaGdbVl}wq&%g35Lk-49mFwJ=a>oxp=C%gg>(#vz?oU<mk28m;{@hat*Zu?fdo$Zj;
z(tCT`W1)OyPw$W?oNb%t_VlRt=<QKtAbIjl$SmrT4PR)ex6!nPZaolnl~-1g$2OBw
z+kKTpDJi=;Jky4URB9d>xj|^76j5S(dw??vs4;A8ikfE@xJQTEfU?oA3i8`NJaeVK
z4jg}b^pG9q#z>(Muv?e(CO>a|$BzDfCxSvjcsTt4Alcx`RF9ltjw)Gha7Cj{^y=1*
zxs+74JrxV<u3Ks8yj{JT65=K(?8x?-!fGt7n2Tojr)Y2>zNo%X6r&uK*SU2*+C_O9
zR;O-;*UFYhYjN5UaVhDkxowZP+HD=NvP_~G<};2MZ8I9Bzj-K2VmCA<e3)5FC>T~x
za$tk-nibW``dS$1%v169G{6=fk2w5vtgbO!KWD2EXi2gqK!=Zt56%cbH)VbI4Pp9X
zM))47HJxtph^sK+Lhziu!FqWN%DG{_WD}B<O8Pn(>GL4PEvAHj3NbBPf+b)}=Utlk
zp+d8el^A-kJs|_N!KUJrgToW2x{Z&q%g-qt8|U!tYi+|y0;9g<z$KS(YuoL@iWsr_
z_4X|nTa<yAr<2lO97Lzj9t7kQtBd>y*rRXE8prKZl^Q=Hrk<O8%KVP+4`-(PmJZW8
zv-(EWCkCXmDG8a;*(&~1M~o@9o-kp@+6@OVMC?W^5qO)X44!?kfqn{0z&2~o-X4)h
zjkUmr#vk^DJ<V#${poQV2q;eLr?bpOHBv$JLs58YZdB3rQ1;g%>n(TM@Ept0Q`goR
zFWZ}!%~%3<qA@R?%DTvu!uHFimapHqz)ns3Acl%csg%+qz1IYBk&hlrDl}OJX<;Hn
zmjMFDDho@%j#DRY?%zf_ve(Qo-&GQF6W{LGFmtH|qof(5xM3tZM6?4-z!I6)yIF2_
z>1Y~HW8$ae^;>*|84nV7t{fM{5}0gLEh}2i$eHXdNMy6k5pR&XZjGBK#`N=KimPL#
zA=e0VD~k!#+rT~tYl>k<v%#WlItXI}A}8bd6}4t)4a#e9)cyD6d{o6>nFz99yeVd@
zl&4-;(k@iUOy36O7Ro!44bKCoC>d%lC><aH3|Y2=ZR5l#N89P{x8J(h`k)Nuq!$BG
zxRYhGj8`h-RwCv<W7)>=Iht{E_QNf59eoUaIQzjGmhWNNR(;1=949N;w-!IbV8t7a
zTB0%Z(Tu6a`U)c}as)rSE=(zFd^2{L+V)EtLBJOkVWl^?CCb`|ZqxGP*M>5zS$z}{
zLNoM7Hu>L>hUgE1&YK)8!Zdf|g?dc1B&6}sO#p%GwEd7f@xBfH7v@%NV)P&>uBUOH
z?)M8{jdkUR!E_>YI=M7B64Ia7owfD*VOr;Kj?PAnK)~H;jt@_PAKDdD6aye6xRd;_
zzyIMsu}s!mucAW+k*i2^eqiokgpqiDBUPw#^KtQJiNgRvOH8NzpC4z!kY=z{&v@jM
zX1a-_A=UbKK5%_UGMc4S05!f2NU*?9w~Qm;D#SkGmt|F-xyBa<$R2Np&#s{SS?O!G
zA`f8>&YJjwCkr;mnf*TN+t>+ki(To6|6{H@_gSO^J%S089v`_4aYMBs;AM)VA;o~v
zv0&y?mX}<Vt2}u*SPD?*>_7-W^gA+N;%fNe5(j;Mc?Rmk3W#F86vpNfao&NYY#trM
zaMne8@B`617aw|sYhAdg1<mkzSxHSUe(@zFxiq82KL+k6i^|ArT$Ncf(Y3gH{-|+Q
z=|81gC$zOuczFKOfamh)Yg4u3pp@g?h9q-hx?!*Vab)A5ot=WggN>Q%E*s^W^M-1v
zVPw>B^hAS*rXcZ0(?K9IrtljUJote&`c;Nbkvm<;Yk+Y=2-LMEWeh&O%L>sM71>Y6
zttc@z`AcFzz}kk^ti>ZvNQPYi`Fq&Qb_|V647Lt1zg^}X5?0a#;0U#Asq~xNQy>S$
z#Z4t4g=M$R$p)klZaAj>CG33wIg7z|I<g~cq+u-qNMiik&%UO9LBtA1X(y}8icc?N
z%$iUMe9k7AFxZ{0Q<U)~TKfS!m<8O6U$5uK5Ht%Kg7Km4VkB1VRPfSIwh*)s##~y~
zNK36Vk8e*&MvAdC7#2%jL@O%n7U-uf6LdI|caqT`9Lwp9zYpjd8=LRl>Wn)R<k|08
za3*VWZ~?zjghkTgVfqw(gD-CDoFJ!t0*L(YUZQxdsNhgDmP{JrlTg7dschE-NiqZx
z54B*qFm8f~d+TKFv7Yf3JpK*A$*_vJ@+@TamJ30w_Bs##8AqqhAqCPW<z}axGeMJ{
zv{G7>n(U8*(eM)UB>8q$V#jywoBP5g?d3d{ScFB}N)1xvk}RbiJ%OZMldmSIbMy5q
z#ryc0=Y~WMoK+A%?AShOhfdm=d^@mJ+l9aRZhU_{`ZWg^tv0#XH_<5~-89QL_H4G`
zP#TS1xg35X{8pMT8y9Is<04Mp@Qq<S@{74Q{x7}kUTpZTL*&n`_O3X=TlAv$>I04(
zB<)Sw{dW^SdTdtJI4%Q+3A7vGR2xe2m~IDrPsx|X44QaFc1pG!L1R#t!$iL%<`wg^
zPFFgOCN{=9nG+4~EdxoBnN!~n?Bf1FaqRwY1_nl`E4x=2{J>l1bs*!^CR3L!u<)$;
z&JENbtd>U9$010oIxK#o0;`({*s=#A<^^I`zNP0W>{R^9l}q6lnF&s1^4fq^6Xehx
z81fOHHASplI*zyx8@Qpo*BmAlO$>UV5k4irxGJvG4;=Y!kzm}XhUH^7VIf>VZWYu0
zA+64UY+ibOC1W7$CRn~nN<f5}_dADZqpy4-P8b!u=D+}ez2X#fr%0om0f5ICqQ2f~
zqTkueF%gfka_lRg7^9G~<;u!2=hOfX(A<9#?D3=|UV+03SWXMod5%1cJ?<Lh)2D{y
z54RuWPK`&q@LrM4?-yCVyfUD>bljivWz|$Ky`=(3Sq&}CKJ?|bC--aX&KO|TQlD)t
z3?##r&Ntlmb8@#z*$|AUv|sPuY}8?V(zwIuuyK3$^=RMqwnA>TiUe=AY7bB+Vm@xE
zwtEt^r&hrNG@|>wW4H6mMHlz^E4auwr}x_-KA-;2o0qrn1lnkkp-7g)*3T=1`{tb~
zNlpJIsLEN2Na$9UyC-N@_dl)nV6iV~v+aluTkd|M-%n(l4n8%yZ}`%G`=3eI^!L@+
z47Avq?Ig9oXLlN&g@5Wt5}E$Wr=>7&rqEvWxW4T175$+fIYmDb^+o9Z9pIm3hNM3j
zT}9u7oDWJ5?`OYGuAwjL_*>pFUgq=OQrlHR7bi7l$d(xV1p}PnL)Ic&{1`BeW=ZfI
zFLzOF{h)qsqO%yE8+*#vWL&=DjuX=jlS8DVq?H(IIPK(Z>f9OjtSQok=K7!ZmVi%2
za;HagSArvEUfRjlG5)mOmlhZUVRM_#HlVf?A)fkR8TI<frs^^KLTw3U%<RobWLadu
zTRGupNX~|n2|b@Y7uf4rI3BFiM+Dcx-=^*HmIEVfr)y(kaXX^j12KNvpWYNhtH^F3
zm4(2vkYC3`!%E*gO-_9k$NU)T1pEQd``iIfv`h1V!8q(BU>?=c4W>y2#tbPf{BYey
zcT`zS&0eU|NeVXGM{?|4ebB#ZzWqs7&S0>EX}0^Nbz~Nivx4k7lFFZgR}L)j1)ZZ(
z{!^-|mAd~dc%)|m1@L;b6_#ih1~LML+Y{MiKc#Y1GNnw4w~!??#SZksyOE!t6?YX)
z><lo)7>$v(sip=~R;3EUlEcJED7mR;<P70!O<{D9G53A6oJ)0u_XgE+%%^zH_Hd*=
z*!GuCPa^Zx7d_jZP4HGCVPe@Xx3h(jW9vc8oG~kFTvEnbr3y^h9FLY=vpQmR(t0sw
z)%xU}kn~5=klluD@Kfs}D(;guk+nua6g&yC+prtj)ti@VJ6*oMJn;E0%({YeXY&0A
z7o|NBVD0?d2Mc!Pog@WeFIn0D9|h8uWIF1QkQSPaO2jz4@2=@d((iJ}gE)!VxgxZ`
zJKTVTL?8&x@~l9kkI5?ANH0~Z4LKZGpJ2ttjIyj-Q$KkNI(Ib%$6mh#J~WlDjKt$e
z&}jC@yJQxT#4e7a3~V%Eo`O)J+6{3(=eZM>;b1Lw^;{2A(ZtAk6Kp#+wL5{}&_=^i
z-o=D`1Y*(3+G=n&u=jS%hV8PC6!_Wkj{(~@i&0zmIkQa$_w_WyOd$~eH+6z?rt|K&
zn>08%D)MmJYpi2oL`5R^l|`w}+Vn@)&=Mm<*g{nR$c$~L|L<d%$cF?8kgY!0hRxmD
z)bhXW%NxswuG`(_N?h;9!Z>bgZdT$Nu-5*W3kQrnDB`9h2pL+&494fc;^IHzAjQmL
zJ@YSCtZnjsT{270&P*S%@q|GWJW@R3TLzDxUqiBw?w{B1Jj8mCiHG0xKrC_n2JU;#
z^u4YsBqIc|j*RD*-!BF5n`Y&1#5k&<Tua+0w~E!AOSnueIjyb_|6n2}hzEC=@QWhz
zCe&k||C;@F*-^~hZCa*>8}3C6+>b`+&X%x)1E60x#Ez?U%AsJq7tT~-i=a8HXes6C
zaS$eL^A58B$YrwX$`=Xe`nYR03T-@}x+KvMokVl0Uv*Qz2yq4$@6;8J(u<&)=z>=1
zexwAsh}~vtNi&({_pvd>u6_mwx<)r8!{J+rV-Ltt$pMn@Bwu2WF67FLhZT>U44_fI
z?#cOEj}-{_yN|u`Zs_-J0D(lykEy^J|1D}qNN?HjN;d!BLw)}?cx{LNb4ki`!!C_o
z50A@{cMr8DchOXQba2)`m2<V5TA^#7m}~3`)gNX(&zi)%=RGeB+VRZc%VH-0!aAqM
zeuk6;4s0uZETwl!nfTRbPancxcI^dYZd4)HttWsUwaGH1iGvG4_(_~6eUHp_RlmNm
zMcQ3e{+!Q^=!;F~8+c_KynAq%`4u6w)0$>raXin+UTvFK6t`%rmD*w(e5i$-!lZ;i
zqLg!`%S=I0ec@Sz^C?b3rq4QN4By%|=}X<Vz#&e9FQvsi!2(vNE?dC&54`W#D`$0}
ze@M7-KyRLdqK2@<>wbGFZx}o#hiXT&HMuWLKTsdo8LYT0cuwIOM;oJzql}fr$mj2{
z0U-n41c&IT^24Nf9HzDEz_Yjjx2a4%aIJIYEfRNV$TgH2-KSIsZ?}*-aBT(*Gz*Cp
zBpQZSs#Fx{ksbou+;v<bY=KwF!(Mz6WxMJ7&?=&);~L&hB+7CKDtHu{4P2#m4YnUg
zU34OHjrpNb2AGZZY=c$(gMm;SZt9enRs#qDjg;Euwa}zZrsC7^0J<*gCn2qVmV;d<
zIPQ+MFG6V9zsYyL;RB5{@2jK1^;%bwr)%wrXfX1~C<V{?=4)Sd9miF`_5V$n8ycER
z_!mG(uTKeuxT3FSDSY^a*Z-I$@BgumwJ-2y$^X2*fajZ~eD#6aU%}gUgkwB&J9})e
z@QzWogOY{Uac<|F&+d0Vr_SDV-t&L?)4Gi8!Rk8UHRd;xFV=iscwp49_6?SX-nv9s
zI)K`%L&HXgD({u`X6_ByTTzecfB!HW(BWHZ8(RS*Q={G`O1W5g7(CoT33Q+uUVX=I
zeTTU1{&h}-=t4YmS}Ocg6sM!3RehvRdIp<&<iWdxR|Q5ids7bL!V~wBkp(YY*SR})
zvT@M@B(p<g40oL|tx+`|KCFlTuz>cPKZ}k(S2l!JUDbJs{0{~Ip`*@G!D-0so#t*J
zmVEK_oC}X8(4nk$*3L?#pHvT*<BTJ+%lusWcowLF+CDsJQM)pGt^?)SkrJBd{KSd?
z+Z#ut{=FmzoA>6wOU|()wb8fmv7`~*Y-E6euc)BBf9eDU9u#;HCI>u$<B`H62p-4v
zHij+2-YFqP40$U<iAK8)_p4$IJc2*TbjmQ1gM)uWK@7W?P&y<JpiAO}4C~O+(bIDm
z3$PF8?oB3V7#^n-CYViyQ+8^*itCBFkqt)bNj*=Ul;Ix0=)ydra^7OPkcDi%Qpy=$
zU8l~5do%RKa}_HN7Fb6SO6Ae<xS>D}M9%2+E}wlOmyde9`{1fgsZsI0p8YEl^JzI&
zwL}%(Wzn`d%c!g_lBImRWYCp0u;g-7Ntp)oFSoRfF6yd@5}BR#rg_tM2+9a6{~vmP
zpeEv{Ai%uN-kyB>^l%x8x$(nvHG5)8p+<Xu_TPUSE~QQ0q8-^HO?XEVvEUi@a5nz;
ze4nv^{B8hbqkEZxSgVR;WLCnHF=56Re(4rJRcKuUL4(|B(s6*A%RJ)EBB-=u(W%zb
zKyfcZT$1%VsfpbbTEuG?4AAEkVy2S>z6dWelDd)uZJJTOzEOR69Z|}A%ML3GBYRf|
zw$A&}^Egh8m}2v-d|E(wT>w#Fra;D`B1jBMUm+|}mwW4dRBXQ5#14~CokF>NUZPM^
zsj-B>0|()7YPaKXOdGdAVB2PHg{^b|VS5d!(amk5d>1r^AYU$0YO#*FaZ587vF#LF
zCGSe2%$O4WGXXYyRjm(YH4H_Kk4TJfPcvuO;XN-)ty?HYVi?fKfe__-Ey4OT!h`AI
ztT$OU0^Y?V4c$A3EFzZ7`{GUIQ?lW0_kH#s9$BX|G^Dfcz;(-Q-tf9={M4hyJnShh
zf3jl92MoG<iAH%A&x5~zaEAt2xFPhJ)i<Jjatm*!kzv%*+&HYQs(zgE91s5VEGS7I
z#6^W+p(c{^XK~uQZc!h@-Nd$T!AbXTF|3LwXLe;r3w0p9EVEG6#>o#`SNo=FHucoH
z|1jGtriMD9M_;`N!I*WJO^MSgFYJg64z3Gno68<;;is4vFS)5_j!I~kXGVGtHT{-|
z<)+to0k1MJzVb^(G`}0jw;ZUje%hmsYN=AqYkhG9jUXL2Ruoy~DHPo%NG(>3C0;wc
zn7m&FLB4jTw4AOGcsL|a<%GxEVIau9VKG^;Mn(BK&aayPHs?}^%CVnSl-;O55(`Zj
zL$lv0$#C~t{c*?qy`_7R{lXz;++bW%rXuOS@%nZ1#+(&}oy>fO8Rzt1ffhhcJQx0>
zj0_fi{^=7TE7T<+7CrK|WJD4pqlwue&fmIha;|ZiuM9&EBxMH=f8&7Q4T`rcyfE7(
z`1o3Z$!*qo50xaBk=`1v6W}&fhLIwp$c)az&ZdFvsiK_ul;iS^U}V&VK_x|n5i>ml
zj<0hzdCt4GJ5aQob8-ssd2wmcA{cA(34(HZnM6mY0wA7iygXj@!=b+Z$sFL4%(NQI
z*^QEy<P{e1!(>TK{FyrwyiRE_y*hR2&OTGGUEHED(5IXi@1p+l?$n}pWwL%9lHZ$J
zhQf=dA*6de>NR~}!@8^+1p0I)^yTdDCc@n-{TF@^>LKm-uJ%X0oZ*N|XM6N=b2MJA
zfwDXwSN`EeF}0D2MR~t&ylp}WmRa`~o8s~&Bh)8O&0bUN&is0_$I*Ng{)wQ%W9z!=
zk0gSl!~`ly!_S^Idno~g^y=sU?M1bmbl{XvNo8aI{MX%a{(I8=9s15Y=G6Js1A@<9
z8v~Tg<KYQTBf6wJqK)A&I!;Dhss$u15N%V$VhkB+6d<~hVORanVS-eEXFPSxP!0f)
zxrvxQq3$wOJ+v4H6h1jhAR?qY%G2mcX*1SEDk<`wjKP)pI^*qP{hSmIJ`U|yMqT%!
zGM)zd?s8u;-rI&#<JyLdbF+QE94N`_YD^8^C?i8t48ZS`_?*0FZTY)>&Ra;qtvwbM
zZ5#OM60A>Q$6K|hr8H#nReX2l9lMxhJYhXJC#<wAZtU#(0SaYjYEU0$>YOzQ!7eeV
zppvJ@V{2O1)s7tSjBoI+jr}x}_XfwA%UGlSjjRJLv73TwaUbBzq&u=XLTNlzSsVN*
z%F!af&fw;e<J~nL>|TDFK$fW?T|QX!_!Rm4lGXYh_qb|r_%GRf6-%fh_`m6FGQH4j
z>Ue`AR1weANTr3OxENAlY;4!_Sj57FZ_mp);l<cO+}6cNkE1^~DNC7RAy|7<qRtYP
z$yQoFjU$XX(O!bxc5U@XN2wIe?~{X;^l_<((qy5=jjeyBiW*B)%FX3+vi7JthuS$}
zh}0m|uUwT`P9u73TjI9*+&Yu+?D)1S3Q1hvdZfHXENN*0q6k6HXp-OGF~6dU%x$Xx
zF|{=-<U?u}M4o`bR%<G#ZLP2xUi)OOdFmA8Jcj8Ip^TX^j-AjZ%f+y|;mDE3<wH@>
zpps|WXNOJZaSN<}0G5=pChw(ogw7QQn4fPB#@|oRVqp@e7M?h-(6L-(`x3FPpdcR$
zn^b_!F|O>{^1ouwngO>}X;E7mf;>wF$YoE*M;3*bH9E=~1X00<xyQ&I{Wap|Cb6j5
zA`B1OK}LO2Zp)*ZHOqsKDfe7=e8g(4(Aspcv`KjUmNkRabV8feYSgNge$SsDd-whR
zy-zPd%ldHCCF{B!|9#ps@#o9VmXq$QMgqL_ZTJ59If1V8I&fGk<N8)02{;zi>IL?C
zO6(SiG`_LmgBxC4zD=GE2x+QqnwA8vOkXy>eC4v-IAk|vK0wT7&FjUOAqVd!&-;s6
zOk^y8l18@&EAZ*NDN9y(J(((4*-K*CRrH=?%Yu>A(A+Y0x9idyysK>SvLiV@6W^G*
z)Pzd`s#h@0yVtSlXCVHF%umyBom=cGeXH9bEsCX`kb6!_`mZW?)`vXlIm<ZCUA5hr
zrsYgU;<iLBXMG!NoEn7!x`kD6o*kl|jIhvUGK0*c#|vO3mbf)Zg%KIc8mIS1ay}|z
z!prggS~s5OE(<*#m~cphuG7K|D-Loz35^7Q)RO}i{<@nEQnObNJ0?C(drHH1NdgxG
zBL#AQADguGUbGF$Ra#2r2`jAEKT>4&qv*kmO^%gMJBiuY<q4?&ifIwwUG$6SxbWW}
z*;0t`_eI_6<^4@fMh|!!t$52#!Ku+<hyI+|Z}q5ZT8F(^TOU`pGxvg3uI}zLi<`+E
zHr?KT<I6bz6f6Z~JM6Py+IDRgZ4PEpi4UY@bhu0tB<#F|Cf%rKdPcOn?sjy7Aqj92
z00AHQV%v90Ot~vQN<8%6WFo4WW<wpESRaEpmbGd<XjfS1oLzlMzyD^lR=Vl8k$3CA
z-7wWRwA;0O(sxI`A}e%V!P_RL%835RL`OhMiM!0b(L!4a=7(Szu%ck>O);M7z6)yQ
zcaneX3?)GU%tAE#@!u(<cER0Ewc+=VlWQF!O6Sfh4IS~xM?AXa7A{vr{?_t#ASdD6
zZBOesZJBDQ@#v1wV<CB^QYuT_n%m1g2B?p(4G*vBe+UVW+m@33eTx(vX?us1EpMdz
zQ=)B8K+x)%{_Ro|1NG=1uIV2cK1L{iQeSG~aBApx`ui=aMlAOu5vN~Zl==F_7rn*g
zH|x9uBZH3F<u1ub2j(`ZeEp)ME?Ltgi)+3RH3G<a(JLCeo#fJBuZ&WVXb_rd-TF$8
zvOOoJu3|145fY2f+eqnNL8XQg$_pQCy8zE}CG6jsLBr*Uv#7;FbzjaWrjfximi@pz
zjHHET$&7Exdx|FzKwxiHThOF4koz7S{*cag?h+yA>slSqh8*~cDNetW@XvvzSc=2i
z)p@&ugNxob>CSrL4re2r{(71cj&=Eb+-3>YWv{%{Iq)j9`(mcaa%Xz%Q-j-0I%Dw-
z$T-2%>(ElT;lp~g^RNYFMZ^?s*0ePI$I$O8bajSwkjG(;0i5Fwtdt3(QnSw&q<!>K
zl`C5D{h!&-+L#a+%!LPhpXIVos%&q=y%u|zkz~q75QtPo@;qc`HJI=6ZDrI7R%umT
z05|Zk)AB5&N|i3s68ytj^9j2sWhH23D^!$LHC0Lpb&XkWt3|=-sSLI36LiT!er7mW
zpZp^UkN6zCx*$mMfti_G_LIR5*<~ET%<PD)UAX%6X)y@UM)PS#)HY7@yv*}riwpU+
z&BWQj{vO3OTiqL-A&hJ-<_{DyW`l&1Hh2~9Yqe`5+&DzF+C{$==~+wP#|x?d#c|Jf
z$230Lvg=y8|0D0%&?K`L*K==8b1@L-c+S=~R~d^XZ9*<%wyuyb8LhH?;vfU@v8&|P
zB98M-XSy>(&6o&4b!|G`rHcBwZ{2nPV*>(6R#x=bz7!Tu{~cpf9B^RfxiF)=CcYN<
zbx$+EvlS&@)5O}y8l9Xmfi1;$&BHb(Z0y+yJ10}EsKvTnc}S1bP925Vl<lWRI4a!C
z{7PtBl#2)fqPYMrnd9J|vOhiDIjy=jlbc(kM*CCT$-|F+gmb{!uuHR4^QR}F$mAM7
zK)A6vfZQr{dzj8=-TF`a_H`ujYTM=Jj1OB0G2KPY9ef8r^~%=Cb9Tq+B?;`}$>T`!
zt%%rR!xnK-Z{o@hc~hKqb2Sg$6(MQLx6zsDv6ma_qr$SFzVf-!rv0ld%}y5g<gmar
z37+r0G&NSKRBKBv-aWRo$>hnD`tumGy5xr5i504`9d*s?$C|EqA8#8CNI@?y@v8pc
z)mK#GDGU{Yv}eqVt5!{<SqQ|}ySj3s4rizFO`tU<JQIGu(6-K!Bl7-~vstD>m-*%U
z_AR&Z2kce$O?Th&D|)&|Cw;tCC-yc}U+kw@pC|5WSQnP9#>fqK!w&0dA33V02SUdz
z9VHe=aY<>~!jH)Z*DYnuVuH$j!s+p$O3c<;O#3-GtCTDj-dMbviOlSf29<YLYD_cj
zx><4mthsTcud|~yy|dS0Jqscgi8sfqm?O0Ro}%B@alT_xxH7}QKT7~kRODAgnK#1R
z`MN#ZFR<RUoLa1J?Y_TedtwnwF==lyk#KOwGCU0xC0Qj)$D&Qn)FWA!;cSwhRu58p
z?0MmhT&<nkaE~dCwmbH{zgy;Y$$CBAM__0zaWVf>_1hYc$9ZJ0(1@EQ&bM`a2?tGC
zFY?`P)V^IA@&1yHq}|c+a`}w3f=ET9d%?#E$9ETim&@v1KA08rKjZXa&ALFh)IiAp
zLUXOZ8Wom+Rj6vd6xe~xDD+gS&>|+<w2`VBU0w+)gAG*`#z;dCn&JAS#idXI1Z3YJ
z+g|LaQPGG}=+^xZl-?h-XP}Z8I-mwAvhMeQX9qWePltG#n_6(Mis#C%?&q^bXNbFd
zl7c0gal5M<%05dIV3sfukJP3AHx8OkTL<r?y8ftVG(Op$h4LdEPWgt%dE4PS(`Wgw
z6P-=hzFp1gH+WFH)USLI%*SU}EMpgQmo5+6RX;OfwlclXHE>Q2+t9K|JW|Z~<%Eo^
z9V2J$e3ysK{W-Q0|DmnDo!_!A3~&USa367cx>r#6P!HphKk8oArCK`a-OvxjzrF<D
zat@Eu6~pxYmAMnshShIr!iYq5K{iq^&5wp(hPToDVtpg-(J#_;boHngs8@A$b?8@)
z{7d^vd#kUn#~{BYe>K$8PexMzP`?<VF&Od}@}DV+PB967P5#EjYPD#SzL8$vOVh%t
zUb70w-Q?f2hqUno!Z$)K0iGhsC4rBLUv#$X5Q(@ixF#b`HZ?Bb7vU3`Od{hx;eP2}
z*3muM@*doNjs1&#ulJt30=V~>zxwaU@6wEY-*`QJ4OOG3|3+V$6CdV&U|s-U0)v1?
zm7tdB*CI>?n)G!tZWH{{>RJzPDi6F)z|<RDjEdKuGS<S+_~y56-V6dY_tr+YNsjs6
zEl;I80AziS)ovqh#%P6|wd7Vt?X*(-?R^5YbbBHT;IGWnc8kZ3>)#&22mlr>LJwK2
zKQP$tF^!7Hovj75LHFV0>e7s7s|e0cQ7(;=VY6NX5qjvvR%Qsy;5d1l5&%b;z-siR
zF7wZxxkfcwuw%o6YF?w`wW1K&2r~eKfkhpQ&!}tHG&%2Nz-3Y%6;sEMx;EUd(5qa+
zi$Y@^V1AaO)uYO1&i4*0KTWrc(?MFmMZA<YJl5-1n^Bukxgv=OMskoTv<X(T-EW77
zp#(@WU6QtvQ0tCVo7Z`Cb8xl8Z@a$}9N|pz%SkYggqS0)^cwyKU6LPG8&tjD<&0UN
z!Too_j@<nrwa8lOW!wpdH!|i|p#9CNh1QV$;?NSMSj1`n`g4S(wjv#7P>HS*d{i8v
zc=6szy8xIP0&7=uGzvPUtc_j_QjyPdpp+u!be%R~g`kh=xSp5P6(Q*?cmX>}L|0fP
zU(+=_G~&qfyr3kU5Yv_pw1dehJ69^Jwn`0peDjw2Gb>%6F8}YJVy37z4B*MXMx!Aq
zEWM@(2a|@!UhXl(#w7jQ?zaO)k--UWy>1C)QwL9rc?eajJsyHXt{U!2g@RIrZPC$9
zz{YODA}PzLt~J}YnlD&(9r)~AP1@YHyXGUC8#j;!Y(#s=kzXgC8|jP*qZgfcEiVY5
z>OONegQ|mu&tpbMUWeO=?3W;%sibPWbUj5YW^v>_L;Bs=oDO*BnXr_j<K^G3^gm#6
zQGM;}<i2A!)Whz5ib2UDlpJT0C70zZ_;_Jj;-%SJ8-2j-!i1^p;uk??Ybq~v!g6*j
zdjGvCq!D)jvTaEp!r2K^ArA>^6+FnyXFsMO7H!S8q&o50AvXMJTdF0pyMp4n{|Ym=
zoUPgP=G9i@0%95lM{U!6^I~&h{l!H5Icw|KXt{=;&mH8h?%!hI*hre!(vB3tySA=e
zI+9iSi%-BYF;tw#7w6(bB=`)OB_x4FY>|*=NuyLBSykD&u(Ea{Rr~U3;#v`zFA#{Z
z`GL~>^e~bP%DqxVYe*y4Z0i6STR;XcW(Ko#d;Ikia>HW)7D8WfQD`XNuAmo*-@cSW
zF$lU~UP(#s0_m6nNYb+b7PzVfy@z`4(FN6_KW~{JAK0){UewiMvaNf;PI+L1`~iNP
zM;BBeuuuEW?dsDi6oA1hOUVY;Hr5_wZ@^)HW`L2)$36O}Ni!V4mN2TWJQz@^2md*f
zU8*f+<fCxh!tf%;!Qn{^x7ZXN#Ui?(CbF8Z$XOW~FHMI?7e1ilOoSvROBlW!&>hx>
zsAV=<Ry&A0uB#ttcY~f2VIn6<IErI$Ff<bT0TT{?xVG!LW;%Gszdst}Aa^8-dLNZ~
zHFrmsdM`xSvGu++J{s~i#zz>IkEv464k2x-+ZJ*|WO{MEu%9-SyO?_K8cJLYdE=w+
zTlZ{*2&b!+Uxwd}x%)EQq+HCuFzQB)56J%Lp5z{};sXfcsZlXMw)~~(qrD1eRfu>8
zc+g^vAEpZ~3L8r(0#l<R-aF=E$f<_jmMnY5p*)3!J$EtXo(LZ8c525G#Zd`ai!I11
zc~r`6RkYng0p;x&zi)|;u7RAy*HI}~(VB!N&rhCuHYETE>Gc_I--ZK$0)I0EjHlw{
zS~8SYov<^STU@FvP84tE^oB;~8+pZ)H<e)uvX3KVQv5KYm{V<=B9<U|IO~O@5)HW+
zvk6PH(GJ1JFBXK)1~B)xGV<!}LR-1$7XDv4)pK0uh{pn5Q{D1hal%&DID4;hz7ygj
z5)Qv>?#uYBk_)*$=X?)vHRq81Q0Wm_hJVWyQ}mlR<QR_kBlag166KyfUCm3|eJ)@0
z-1gg2*|o1Wv^_H=?z|sWN|qWkZ89R<(fPie;q`7%9{2D8Pneh|UHlEw-#|SsA3HYH
zp%7(N8diy4c*Uoxb6z+kW-2O{PWy3<J_?H{qZI8}PYoQYU7|&aKCa;Bil4?UT|ADf
z$3`z6j4g~uVwZ%L<rjp<6cEE=i3Px^+pH{jw_oXgzD_bagb26OxmnDZ{v#LGi1}xm
zY^<MFg~x3oCt+qnKtg(p1ts50GrmBLh+N6{NSI~hpUsc^E=&4rNeVyi&sK4qWZv0&
zt<^`b-2hR2r5SWuF3l!Cb#JiE#yfoyKuGnC&)qMz8Efo07rC-q*tM#%;_2G8w-YP&
zqt^o8yQQYV@z+q8`|VR!J)WbYi;WE~FuC(Z$6`~4NhL`zjdY2S_>s^sjsO-?QuaoH
zb#e*EGYk>F>3<l2OFU)*=vXnQzB(w+SEzmOTuKm9etuSR^W$CNrpZEVMuV4QBk7QH
z63^xB=w=647r~kMyYliCF|v%t77xOZZmfI{EZ|7>A_!^LB7UmHz@}R|c8waP^9(N=
z8le}S^_%w*F#T0KMvRCST$(LBb+<jW*k(AhQEOdTD2E--_<VOv4)6bOIqSLUMdr4X
zh9MizOt=l+cvYw_Z<$*Xle>JjppQe}X1I0ZCldv-+eU}o_RpZf_qWGRe1UQUA$x8U
z^iQ9j`oyI&G4)(6S>*yV6W?6lHX525M$AE|UlGWdkB+@%=|_&ix(ms-ZmUCi$!0iz
z0^*ROKV$x}jvw<Bv^f8)jQPa40oJgn{@3X_C*WodDuq%=xXys2%lxZh*=?4zY;E>v
z+0X{)amM=xe<3TuW{T%2^D*vCT?!~&<@?t+{8DCQJ1u)k%g%b6mX$#(E%seQ{8w64
zI<^Rm9zj&`wDI+RJ0g=&OUp9f!)ko$^maxpW3>D$PCFn|^iDF4&~NBbfUuntDT8yl
zjCQ(bChHwq)>zYHt?qrzZ397jDue$z_}I&YQ40jmC4n&l8pfe74ux0IvGf9dW=^g?
zNjGB@FcRn=yY*A;dfh2i<d#)iV%ue{9jOf*%skx*q%=z0c}5xe993GzoQ`o`qgo&b
z16)^Fq{_4_0vs%HWF;0Nucfd9J{*+iL7!_hqAA(?6QzABW8?C2=|d33$4Cw{!!g8w
z5d1f>v{zpG=Eur7KV}rZ85LLEmX`J`E$flHcll?LaUUSOT=LAc&^>OMc5Co>;d1bK
zoESOe_)BYk`r*yiwFAPD)B08hrjaUDWc;XS|E`B$K1*mwJX;eta&YyFI;l+%^Xh{m
zaT|uimq`A$9z<gX6BHwikpaeZymH#`{rBUvqmpU5)o?`9DekaQ09Mh+M1=yoYgk58
z(;BH#VHJ@fY_h!xUUAK2{7NhcuL7m2$b?kCxvAcZe-N2*Kg|1x8}<9Hybl(1o9q{u
zu)$7hlfJk3!+d6(%b(th#`V4_qn1`_OY-jkLPG5l%*@vU3RKeXkZ`4`t9O@?)UY4E
z!f>9>|1)VNt8B%<^>UUuEdvHUIEH}W2ZwXFhMaNt;rQrt_Pb}F1Y8UcvCW1m%5BEZ
zpQ#^YAn%+;fX(81a;w9?RD(4Lq1yjQ1LtvCHNVMqy*U&at6&&2mkjbVv>c9^F}b?0
zZ+Lj)#?y9FwKX*>2Zl}e1-n}tH=Z$leXBd8%p6WF{f2-2x^s0D$n7zbEN?r56C|a5
zt!HZg7Afg%Q!3Dfs!;Z}u4}K2C9}ijk^)-Nfh`H~Oo|fAjRVn92)G0+Mq{Qe-4Y62
zP)`&RAog>$3c#HWG`Ve1)%!b35^dfuva}$L%wjt!-=!EZU?tiLAVQSH<doPMnJs2e
ziRo-a<lk8xI~#iP;{ReF3{V+pUr9okeJ;$r0}zm5`?~fqdAH6V|NS-GPG>%Cv#sOl
z?cet9^;^Gy?%rM1RDb{uvb#!<5Hgc3|35kHo<Kj;ofx=gAI!t|iC#<f;l8I_Y$Z1^
zmJn|`C2|iYEL+k{eUFAPqOV7qn%bPEq=uvan1%M<-A2v|nG+$cK7v;6TcXg&wga1G
zu*|VeS6Q{R`B+;>#s2C6(<GmvbKFy}-Gjw`m9Wg4|2(=4I2k?194U?apx^r*#8p02
zJmC*17-cR%<!v<@V1ZoJYSknDw;;^{k&pra$n<2=5@<d}drw_zQ)dET#z6LP6v&s?
z)lEh$wH5<|AZOP)2RrsT4m1(2qYH6OAJKO(l>bfaiw4TgU{uNdkJCTYobyH6K=d)|
zKJO~;SvaAukLWX4Utc+;Qc#gWG_kMmFIIni-#XQX^8%tD*C$Y^Iy{ZI#86NYMgg0k
z_I^9w3Ti65C%Dtjn$5=ubw>59U%|Hjz4M=GPE#TKCz^HE0Ig;`ypUZSFdD>j@BCQi
z!lEFuKFx&Y>{}60<4Vd)Eb+X*@!m+QHzJ{sO|(Loq<@%)m|kc5*;k9%M9Us_Vbflr
z>k5AH!Nha!9uLOuj<k6p@(bAo*3ag*m|IvLhQu=zE5ExOl{UFAr&O6&_!LHQIziId
z0h_R;y6es7tRS*5aZj3|vSf$DLvFpKdx-n6HR7mx+!DXRWE<%j=|s?iBn88Y&Ar-e
zFj7q{wR|79&wj<2Q~142!+X4?eS~A#dHk@;Zv234Gwp=&CB|v-e2GHWu_+<q%ztW?
z5#;`=)kT^Q79AGEekDbgi?y&9n_yavsqVc(H@(}08|*&Iz6^XkWV02Dr`hC0@j-1V
za&*pVB`<%*@?7kCm3#7L$j8Vf44XK5057LA%G+4coB!@XsyO{yvT-Bm$4ME&+SziT
z0){UC-y=g}XDrHm5lZSrV0_~Wu&>f7J#S3nv6m7G?0kXz<;;*uB>gS;BwI7*iwzvo
zL7Z$-#YY1x@|`mB{RzJIEGn6h-0oR~Kp=Iv(e>I!q(HQTMgqbdOA}Hh6J<nhP7t1m
zO?Pz*qyMr#Z-F>xdd}GzC5LTv%F}YfW$4?Z+_?tV7#1G(SQP?^fRQ=IcaixCG2FF?
z;)tLqf=;tmsU<rGAj{!}=cp`_c8m6y1v@IX7Gacb3||%Mf+y*eEN2F#o1kmWLYBGS
z$}y-bO4>z_J=S>JFeN1~*Uu`UwT=5)lRU^j(=C&-LQCp|m{VNhv>c<xRanQ4(nEF*
z9inE22$+6yLgeXUVjeooF$?8xVKBo;v9iY%Q{93it4$-P1AaR*)d`>NmPyRkT_o^!
zex_JwO|U{av$Krj!g+X?Q1iH?nm2i!zkYZ19_U`&XH8$=r}vdqJ4~AYHN<l3_Qfl`
zzq>kr8N0SOWK8ojTXWS0M)NJVvZ2#s8XddgZ}WujP7W8m2oDI}hkY7>uK*$$$mG21
zr9o8{0!^`odwZX;TvSXUf5B@{e^Z3TZ=%H17;bXUILJ$In-3{Z4<#R_qVxM_{IUO1
zc%jm?93O~}_7U5qM~7Ndxmo({nR+ftP|ER#EcV9|r(*1H+F|x-c)*Bu#++W0TQf-u
zOnY@SOYt&p-hXBEeVr+{_5>@z8q}VDp(#XY8VmLhvw!TC8cG?`Wtn|-3kl7$sX!k6
z3Cc7A_p%s8MlICIDPfe%JC3`KyO2WD>YpF=jORu9O41M(##RyDBI}S(qRdO=E%SKm
zS|5kKzj!YBrn|kT=Nj6Z+x@J5ip9VwFY0{A`F`u*U5KL<x^TO0;&OpPtN{MV@HmnD
z{$ln&Zg+8a-3J_Zy6$vQiL*a*4G9YXFbzkFwz_V;XJ=dDlWm;dsfUd*2+RMYigMEJ
zaNGLSgMP4P*=B6oruLU_Yv^%mt7D6m);D$5CUINnnPvyB`&HO?sC!)vR1)>M+blIx
z`gJ^ARU<POJdURj-)8Mj_t0_Di6!K}q>Xz$`fX4dw}lYnBC?HN!e*pX{D&M~AurH|
z1ExW&vq%??^_|WNWTrv>10ZJ|e$4F|?v7i3uzwx|j^o6*@9i<weFc5&2t3`9O5s?z
z^XlB&IT3gsKylt<GE1S}f?m@IOgnTaXp>1wAg|xOjT1rc33Kfc`6X4qb*W)(Q+sfK
zV_Tz;sNJ>jWExbElDBeV66aD2Hb8pG>QO+Mz>$bXyfC-GP{*{>mLv8tKDBIE?2!#P
z5=m=si=cys?PDdyB~2CCb<Vj2a3za9wYTf|(6Lf;r)SHs;ig%Bjukn6rNriHxOn&p
zs7qv}G4g^t$et)&)@`F8j(2xSj#eh&U3y~9_2ANW7C5*bI@`6~z@(|(9A<OEiy&VP
z3!=LDImoQJ4z$onInpmvazM6*!oj!{q}1YO2-Ab)6@~ZZdB6I)p+`&ib=nHzktCts
zhinbQpfK{$NPRAhoIv;0x0hkU*;&3piLGM%7Cn<)(2mp7fz<}W<kRKA=rKW@*xL0f
zJ13M&ecA(*wvJU?`_ycQmro?*MO3a8{Du>w@SkArdT4q?xf4=*dt1|Ky6~!QRQuAA
z@dmVoD@N`Iq8nUO`PfwGD^C$b3nzWUGPoWhRzQ(BP8|BqcfSG%qK4JKz%w0;<+P6o
z#r~;U`L8@Kn^>qAR*?frZsW6j-jCX!%t3rz@f~f&Khr`RdxBwoSl?fNdkufT8{AH|
zW+lA%!<zGD{t&BgQ)3@(j|U>sf&|?>C4M;mRQ*Wo=|m~{pSeiUFj#7Tla*&!z-6uS
zPsgN%{b{V6Sc%njX~(^)-kxiVep9`@phmMB-&VZ{Ef=cx8Yp**=^w3@X!26^PmkCm
zfm?0B6_uc3G><G4ptN~En8&{^H-1{iPA(Zreh@C&W3N`byG5_++vdYw{)Gxs6&W|~
z(MkT9=dM$4mIkA`@7aj=FX(pz{2yOk%x8x-qdF-0SBR8rmvFdC><FDKhKQHvZ(EOt
zSKyzMe%1pH?2d_p-Tenouab`0qx`g6v?{d*aHp)3{+p6c{wgqcs>z*Rx_r{%RLj@D
zpgQebL)2?d_@cnY8r>M53)5n0r#zbwVJRD8)dwby?_OW8`*^4^cGyo7xPWR$RiJ95
zk?onR@RU~8(m-r7#Vfl!EU`Q>aUc-Ce|66$R*!ep*lWFw1~SEe#}7RX-c{okwgSB$
zSUsYfoV5NZJG&`NdyYw|q~qUi<7Y&3$yr+ZO(yNe*~S+ONy*q1wNN-SGd`EpK>r;u
zb1InRjM(6oO*L9&XW#Oa(w->kr5+ZQeN%KDT(ou4u(54Bjm^e5vGv6`VPo5FY@3a3
zHRg%U<^*kWV%?1KKm0HE<*xm_#+dtU@3kh*?m7mQpAIngA~Tnk`i*>9s-A*gHgO4C
za@+KBk4cnawVaVqtYlai;O~Xhcw2A@n9#R3FZduYJ-+vrE9Ej_LI=gqf5T=T&}h#N
z=NbvI608tctfY#Rx|3(c$deb5Pue4t2l<d*(7yx!Q=&|pfg?X>r{k`9-js~Hqdd`?
zvT*cEr1PqT@+~A~cQDl$fFdhm;z8w|JwysFU*Hzy6KnE+yC9qQxo?DT?c;3X^$fs)
zs#6Eu#+V|%FzPF>AlhFOHW;I#&rQQNp56mjtE+ii7~%)~d@L#`>aN^9g?qk~O%`-H
zRlW!-=bBmX6q5uS6u3kW&!d&k592TcRWO+WI79$u64&e1YgV3z4;+%1t=mT&g0sjw
zKciigw$t?9_0AJ}vwHiXo{er6p8iSmiKcb`YWCwhZSQ97D5ehzKE{$sdww!+0iV8m
z=<x1wBqPavwdMZ*BC$m=Di`VKO$j9gP%u?%z1qO76F*x@Nv}qOTpLO7S*FKXe$Rai
zP5;^0v|&{wgq=~Gq$S<oxAm7{Sc`8cqw+S7f#%|fsMLX$g;@V*r@E#qSw7nLBl@}v
zruzO=O_RnwJ!?h=Q^s0fkF?ckr<q^6Gg%IbN#~E6Wd`-7A^6dg*G^OKE$<Pawia-M
z<ezYY-2L&cw(?-4(aJt3@k{XpkM}!PdKC(1&fg1YK_4?+$TCWuGL)gA{i$$O_9n;Y
zP7LYWkB81v0QXNJNv3L7wHLxtTatEx25FB5T~As3t&czcfwaoaDh^jknW8?oc+cXk
zwXL~Fi5#oIl>uy-UBSHaoa*@d7I^{4K&yIg`$uC}Zi-Q>*yO!gfOT+H#m;${+c0<I
z_8?<SAI{dewC@XZ7NIE+h4VGt{1+4NI?dCl#*D>=n09jtJ|FGIbz45F1*TRpZ4V{5
z4R9vqO~U~%K2dkHRc;k>v#9bK6+JExtfBL8mZ|!i6>V_(O0a_3W6RHU)i@`myG{i>
z(UD^RnCfokd7oGoY6YF^<7W$z%o~0|Cpm8mxL#52c11zB)3I3tzUEw<%^B^jZ)y(N
zeHC?6KS;lDr1-;)r|WD}vFaR}OSE+FR5ZR%SF^nJKq}{VgzpakojiNAnXsjgq4Zjj
zU6o@en@^m8mlnrF=mHb!0tH*@0!bWaXb^<-4V^7dGU$|(%zsvL7Nbzg<_-XtM8#YL
zsiHgH4xP3doea&Y<h$s5q;*aeqHP&KdU#39WG2kAUrZgMlJ`nvnmxt1+dLAOfAdJW
z*H9IIQI4suK{jU!QJ6@JhR}x6mo{O<JCHXR3;!_+95AE(btDMbe*aTrx+DKPlg7rg
zX{yaU5Kjf4r~J~*Hvv9D>Xm2u`QPuZcn$Wsg53A^5>GH2<ZqcXdxS=xik85}QUM@d
zY2kIr1GhPVd9Z{Hx!3<mUP1kbVF<EzeO7Ka$%_@c#JPr+y1tY_ctWp*pU3?(!Tz!C
z;d5mfot3ISiWK+`wZq8|KEA^(!EB%f{*gjZ4CF7kZ~kw~nIrr!6r9BL-AM&1s!AGk
z`aZmY=B@h$SjrYUU(;bfEco?yaPhD7hCvH;ixrup!P>v)YbR^OA$0k<s|>UW$v_Rp
zdd+j>4YaO}Wr#r9LC9ZO8$lt8UzPQ#NjJT-IEdGj&c2M_xh!v5o#F4xJPShGI`yCr
zgZ;)+wjAqCR2+>PaSZpaBYKXncyd;7H`}y=mcI!3!CCe%<+<h4d#5dBPY(@4$&>`1
zOCe&^V4}bXE01fCo^S*1kBsE;ogXQ?^NeG|DgPr$0efGOarZ!nZv9(11~YNy)3DCf
zWW|tIWsXMDem&d~%8e*?$Ih%N=TDU_O^&T6d(!7M#DO*u$?<v|=~OYWCQ8U_7M5LF
z)Aiqu#zLfh#7arZ73;!#MaPx?5Puv^;slBg6cuY2z&+B3O*&FaL)C5827L3d2Zu3}
zf$-@9{@j0^7Fi8;?|GGVA`@|2=_K)b?b%uh8N;8RW7WMCHuPh8L|r>UE14s!jR%kf
zJaqRlU`nxu3+>j2)lTW;y}<%@Px%&mbD73@Ic=IF?p3sffBo&v{vJ7a(Ppr=^hCv!
zv`Q{){6R&F-9hHW?^R1?WKIr5gp2mQcWS1Ny%5Fq$Z@))aH0D<F-`3*?5Dnujf4NP
z*F<$Zdlv;srirRr(==4oTuT~Z(!{wFI@LG<WRwqwE>3Dpa_CuIa?vyKuMjjOTC^Ur
z*|;7V+if2Y6t?51JcOZ3(n}a<MxGwcJzIvYVgrQ#1Ye|J8$|z{4_*9~Wr7wck_lGt
z3pwnkgP6D&AaoWycZ)#oB~4__@n;$IM~(^wYgK-w;d>r|<K8S{7=Zo3XL?Iw5F0by
zBgeKHyxW0aejXYpW;;1@Nwqt#NjFKkO8GyjoaCt7vy}2f;JFsrR+@|yZy8kC0j-u(
zIeZ3Wh#E$VzRcq;lf||crKMe&*)Fp;HRk?-UELp$=mOqfc-N#xEs|KUm1dFeQDR3i
zJPQ$WLTkIggdZnHNxMOOmg(BA%+?5AZUz6w1w6plXiaZt`_NAKP3zw@I2umZTIp-V
zmr0wcH&c}KBu5&WbJYRgD&nw*tl^nO=VeP8qOfT6HeCl$4sqX$xO-?8&hgb7tEBG9
z1$Frn1Y3%)_G-zG?wyr1u-2sX<p3_{9wWZL%Emg%g+*rTziqLiWd5d{Ii{R|nmmo_
zW+~|M<$FF79qSAb9eC218j3(g2GghCArFP`uYV;5;qzVYrhi>TEiC2T-Au0*Kk+3V
z4M?2%;4LYTt$^fnq2v7d)1dBSt>W3x@9X~^5~pZwrqS)90V>=v+n9Rjkc$A2kr)O#
z`0yXvs^Uc7?~0Pv;wa`!CwU(;N8(LpzuR^V4H(sB$Lj5ZI?GIf=9}dNmUrbup=0&S
zBigQCCax!>{208iK&__eT&E6AXn+{%R&Uh@*vf{tH~+2N7NoxgB}{YmU92zJPqG%9
zZB*Moue;^~co0AI=|j4<kX{S?&%$4+__-Gs5<P{$$BAmp(jJ~!z$JO+sCeK1#)r%H
ziiG4vK{#l-DmfS8>W)<C?F_rxb{uI#<B%cfuO3FNy>wFcs!WIW`Yu^*@p>tV#&Y5}
z6v{6jHk>uf^U7M~g(H-eN{kJvQL<eFh6gCDJopSOEl`wl$w=GlWzvA4x(U8%>uvYm
zD?mp@jV4qh6ZqhDOVJawy|tV=VyD)h6>5r-_9NBSvym+I2kWR6^=1%(Udfg-4d%0X
z=7xA)GTRRObf!oc#h3Vwa3XFqmxYfLJb!h;2-nDMcVqIpz`oeGxKMd|Zzq9cF^7GM
za7W4ruIZoGvl)Ixve658n?70TC0-xeNJrlVP4`bkfziqJ9v>@XG`l&l=Cw0A5BlL*
zt!|z#`(R1MF@{cB6Wu6-eBMX{I6ABTb8GqfdK*y^!%N=chkHgx-TrSEt>47T^{6X9
zN@tU75&fvsfnk5CeC^J43OyehDP_tIkGTej#<uF^)otoy?hC3aoB$fwoJ`GmUHsOH
z_+URef<p-3b!xs;xEn$-uNTeZw_n>wP7YN4Qi_YE%W|3-(9di`*>OU~Cdw^PVM^J#
z)JV+-o9jw%JBL@fd?KNY$-}r}6t(Xv()YwBv?6Nr?ef<5{X7RomKq92N^?2l4>i33
zJ8AYcT(m4(v^|#o(p)c0a;n0b)Vj^8?q;l%B>c~4f3b~&PZilGRcMPCs+=CviYB5|
zkwlunSwKt<Z&@AC&d&(+n3)5W#2Syh4cx5s!KC!<-R#fLqn0<sKCJ7{z2A|fe27eG
zB4rc$gLg*Eo=EBH+Pz;<4Rm*WCa5*`OYo=OeFaIabUNyq2Tf?Hyw!zeO!vH~Kl?^U
zX2zr?{&D(%m@md*pV&6=`23@|7PJ~Y$tKi+IqGgrI&5bbCQ0<=qIoIrUGWIcB!4Sn
z^8BX!lGY)QLgkrUfl*&U0`5`07R1BF{2BAc7RyMZYb%|zdjRXrkvga!<Auxn_7=F#
zjBjY>(>_7Q{P&-8My57?)p6!avF_MMU=F0a?TmDtiS>%VlgYfJ(Y{yQgnx1Uqr#+t
zr=qjSr8z6ZoF~51s%mnJuJ4D}ThpZtH^GDE;S&1ucc!7a?q_GAm!pvFgu&h84MRF(
zN+)*r&)NFy*l|Q`Q$3X2fYB1`6xFo7Pt&)K<MKALj5e{fMm&4z%vJkAs_;qkv;hIr
zsiBlX<x?mexl!KE=a3cYUA0s?W`Yrk=kFz@-3Nz?h7FePPADI$-I5hmcXx+7boK%#
z`3#O+n+MVq;AY`3$}0$NT?(kyK=p}7wT)X718dUG;JQQf5Bp-P%&mb(!y`l{ayK3X
z#RtjPY)~#pl=a&sFG-Ks(R8z5l>8X-(w~j=1GNh_d%my_S36t3GloknA|VF|*2jG6
z!BKb~*HKWZ)AtonV{pDf{k6vTy&{lp1!<y<^O;RyAzRJ|&P&PT#nVP>T^uXA0l^Y*
zwM>iDg_()@*EmSjH=_6l`u+sW<$GL+=E$Nsn5mn=)@U;-rxDr6VeXFTp-eo~gp)c4
zd#a*So*I9)8SVmO8?!zna;C<GT>yB$y>{mlS_t{tIjzkp%rhzixdGoX<MlVY|3}%U
z3-{Vupfc{N?(2rY=y%9q#ud_f62#_cE|Nc+m)#`CrqNL$(Jy7?DR(NAKlm$7tD4OO
zoF)brFr`DLngy2$tvT(+IKxhZm&^CoKzzZlXIy8}N&V8MaSv}e+}2MWQ+j)&Gj%B>
z83&=<2Lq?uocQXM<gf*rq*e5PfirQn3&zG*$0Y=?4pVEB=$MPg-jAu{5`%6u6Qmc=
zWMq&9$KOXp?nb=*9|efBU-fh9lU;;Yo}!I1Ni55kp%>*v&4trRFD$Dc{5jY*dj}1y
zxfXD@COAVmNxeeITX{C>G;<&x@_Mt4ywXH_WtUEq=}887mIX`0xXKLuO1oV=Z&M$X
zs&Y>sb9s#HT8>CBHyRVn>$4|%uk(}0_)Jv<*h=442Q@Z-lE%;UK2<oOv2pyxqI4#y
z2|E=A9n_yIvvB{+pttos(a^ruzd#v5fO@sY#r_whx*(;T^^=#K#Y3(ygP(|+ls13K
zobxy3G_ZY@5OG>Eg{YXDog-GnIm_bhsTnTT*4D94<umN{RON{8b+;fTWzn#QTT%)2
z*3G#wJC^Q@qJ%4QHRnV@Vi}L`ySp$H5)@R2&Ir;C*ux%c0ST(rIRdf?Q-_zCrB)No
zHaXDRs`-_hFjouV3g<w-EF4pOW%-QDoO0zUTPTQ(RZF;g*wgrx&t!J{{Ug#+E$}E^
zHEh^7Wp!nEP6S7DaDTxLR#R7ZiN|_nv<qY3a)9bpuj>zn^TEvzBa<a&t;O=<j{!pI
zx6NUp!`(SXglKlGMAZOMU*UJF-eJGN2))3?<cE*XScCuEP>~4ON9)0PGeYINQ6P-B
zQxEBX#o3;nt6g3CQc#E=?4YO{lU08)?4vvztjG^UM{TzRRW%lsE$F+MK>D6rn?1=~
zEa(-{@0vy1(FRbu7vgVJl~pEQJ2PKMP`dLat5@p}3>;5gy5;x12mV-YkgU!lLn4R*
zvf2S&|Jj$g5Ee~73bF|QCubEkdz%(vC80H<YuZv=$@4m{VaIEKy6(ip$BpmR64a`D
zi%VvpddifBO~RQIW3Xbzwvz7M&?BVP7w2paY+XdmJcJuXMy#cU2VA$F;mMM{Pe>~d
z)izq6wq^xgPD-26`G`=l9nm{_^K7V6HBh-;Vg9|0@}u1C%!SwcRehUO5?|!`%Rj8u
zif%5bGMH&mfgDIUjo{nTuw`J|$;F-~+Qrpgof+BB?#XLLBbHwyF$Zf=9y9MVg<<ev
z@S6<L_z9~ymL=x2bGep(RsH<d>keo7X3%{6w}iJ>)XWx9lR^dFngSlo^0>>F%oSMk
z9iW;%h$=<g=dvuZqS}h|3_ObZqyc{J)t}vBTlnb?m6E-QR5vPqpQ>ikIN&<jIrS4w
z>v8spbq5Bw$>KyM3yla<JGrc7@+V!TjM<svJ1O_c0^JYcoQjEd74peq3*}d!58Gx?
zV{BRLwR}&*FlqvNW0HT_CaN{$qe+hzQ*C34L0wDo+J^b&!MIQ~)>7eOw1mH9U;9x%
z>z8btwH^wac#%x<hvKoxRy%JS^rWZcZ}WP+pwJM#PeubcJBZWi>1UAr0?G1CZEW@k
zC<~hDv`OxA0T`YU8X>-!Z^8{NZMk~658ysV9(+lDh6fRx9i#h8_x0D_!!&WnrlIvt
z^fQ#-o=W2u6Z4bmLcJabJ3gC_ry*@YA=;gPS^Hw_RtCYF3YG(nLf7eRLzk?KK-a9-
z!2qgu5qjvu#V}IGMT2!+3{znk^ZuQQgC^z${-RZW_t}Htj|+n-fRZAPY4Ex9!mjn3
z8^BFZ`OS7TM0)x3`z15xP`)pq21Jnh-1=V40<Y^+;`%&hKQEY0=A83;HL@?^DWWGZ
zr`wg*HNapoO_I3hXIV={E0WMXD#d`5Eh|L9sIHbe)%0dj$C8F$=^-7*gpiHJ?bH(f
zZaC*cuFZt`a?gP8k<yYoz>>@EUbApZ$N=QH7ylP^6Ur=qS|Qr$mToM>$gWfU?PpJo
zZCDx`y*zFW17fV{oXOL^`!|p(z#pD{o871A4eq5>1Ty<%>2S@79I-YWRfXtxH(tP{
zSj6_$z#Eu48O}Eygwuj<!=MW*mF5hK1&4bc$mpU%>VraXiTd@u9t{eUE;X6?`3<hN
zGTSjT{ZelAHuPIe3iniOQ*}-oIMO9M!+kUH_6wB6e~38nvJ`4ID0q?d81fdAAB|^$
z4sP%%qbJVZe!;3V>2j7o!qv+_Hts&dUZ!--qjt?gxoqv@;M?7~mp4gMehGE%;U7H|
z3Qfg!U8eeNhd!c+LkxgVU(v~G$BlaOF<WDhgV-!MU}qO$FzOpa1U8K{7t1(uF%5Hd
zIdQqAQ2i-_DGt4DI=-bA-zB-*+c&^%ljDnv@x$!~stLvKnCd?fw(AMtCp)!w6$BYo
z6m)gfN^Zf>-)63IY>Dg`F(X)2O7*JM%S3emr*GNQcr`Ou&RtOA7zAI!2QlSvh(bsA
zze-_cNtP`TD&ge}AOC|JqWJh<o3_XrROBN+&?LWwnEjuwg&4CBE5Cp;^)H0s|KpV)
z7?saHmeyNQenBu2i(Bfc-3-WGee1D&6~-xk_V|Qcsa_{@DVDiH!u@WbIY=JoMk)_b
zP+y|3l~<7=dcI{BQ?p~C=&OeFgZ#D@eF$gwKL+kXSd0rDR1iIVjRefsi&SHH*caOW
z!w7_k^d+gw2&r`wStO}-h(_vw8U((MM$NBSJHs{|szd-f$8;gqDh_|sjMv_%jo5y$
zUvX$T+<O2ig<yE%w#y|1rbohizvmUfsHglW`YN7DyrYD*j08cJ@lBUN@EGOsr_*^9
zBp=20InBpxLEeF#T6lp`+e{fMkiofk;SBSm8RHZ!^eI9{DmY0JB=0i-ZS9<B3?#@Y
z@yK`YUyfodt|OBgQ&hOe*0L^ze~}rm^N7dUNDD45_@p4C#k~}jn0b#Ej#r8Stz|p@
zyz;D2GfzSQa5~0)Nbfb$hxa^S4tISHiW*W(swRl?#3A0NOgRQx<Mf~vscrUxI$mZS
zjw^l<l&mjH7rp}FsFsG3n1XIcdu`314T)Q?+neK)(+!KE3N|jb3U#u~vy%wT{Xvf*
z!h5KIJb{U+>+m7n(2T#3QQC^eg3(I<&mk1Z3Sb<Q!4CMH@}($r{qm2gk>hwV2eJiS
z1a5mvKLKyZ#Ial#fiCrg^AKcSZbZ90yR;qU2KJ2MAyRHeO^#Ug)^HvA502phyPE;+
z=Z2phA43FCK;I!=I%YLdE<?ymt<L5zR-{Pi?WHeV7Sfz`G~v6YlH?9ImLHu2BS$<!
zX+(P1mGt>mB6PQ}3C`Zcm~4~AuXU0#!cd=mayXK3!&4RCAE`i}DA*0pf00}`3(mjT
zOFo)ZtQCh*!}B>xn*6TWs#@|LE|e)TNf`Kon^&k{$M#M%X6)nApqq|zrypDMi7+p?
zcnF(VCV3jVMHw48A7G<%BvW->JVYO{7T0~YHI+=w{#MC=ax^smxWN4*C;jGMUIY$X
zgJ2Ln{KWTPG2Ct6^OVoyJ7FC~@B^DTa9pvNiO;}{?cqe1(Mys3X2Te*E@F;F(VE!;
z5&5}iazhcBHfDJ729QF2z(L{qSsLY5i$OT>eqb!AV8e@9=S@hms^&UU%MJj2>*aAV
z-(vPc)FfuFE}+OP8N-<*y(Nr8(u#+U*-e^m$9uV!WvR^5GU8m!ePKt?Da}3ErGe25
z-Ro?h6X8g^*NhCnI)j{^&4J+b4x)YJs$V#A2_Ba!CTvo)C4nunPD|Bd2>9AKEIuWb
zzpwvxT(n?!?VAX6>g&TCdRkyD>rcKht2g7{{fC0sc1EDd&IXS`irCedfVLvcZf7Ht
z47rfc#{S+kDKtM{Ndo-xHHB$d$}eEa%&3Ag$pd2)`A6W1RuW>Zh8l@h(B+oC?d8h?
z`GC+)Hs2l|yZ8Hue%H$t4UT8{SHe5F(TX?`;qz4=c@-2z;5KI)>H?y=E}lGhhWNk3
zqh#&Lor-1G<zDsEpWDGAZDad!g3<iMB^@8Cs2mDH<CPxjpV=B6V1=`w2jazEGxUf9
zn4kl$uow>DaVpb1eLcZpr$_u$6=S=?Q$p%UakFVWBC3=qn0K+2`tVZzc9b2qS%@W>
zuuM4}7|P{8?y@H#{!H*uSaTx^KjeS4mPp9&x2{GtA%B49%5uIjvY11BSVHV(8ZmG3
zx)SZij`Whgoo{2<iHC#Y-(;8^j6%IfG0lM>^-u*M@h?Ua(<m$ga@jMY|66iY{E@(Y
zEplV4U~t=2Y3LDRoq9lPMY_if=i;$&fAS8-FPg#>NucW-q^s@d&3ySI$R<_l{K@{I
z=?=)xC>&0d*#WX3C=mappA~F)dK{P&e=@Cl-=<CgNFyLhTf-___nqwu0gekIyJG1G
z={41Y1KXwG`X9&T8BegL>~Z{j$_SaKQqk@|&1quk>gHeo%bQ}THuYnNBAgDrH^}mE
z|FA=ZWd=L!36?1H%oJpMryr8Sxf+v;SnPBKNc7EYCchShcU`j0=$@XG&et-`I6d+1
z16|j<i!PK+P|=3dM9L|;m_`pzV6-(g1ZPwRoPw%HTA9-O+Zz>vN70r0S5)AY6^G{(
ztpUa(o8;A?R;(rR_8Iyf^j)WMdpGVQKBMN;Rft~FU;*{&P9xPzqS2n6bctA56*aMK
z3^`2~$g1Ef1Q<|9v(!sMca5}zU->WGU&~eMZ21vp@?WiQ_)?En7g1;_K`qj1ViefL
zNIM|*PmT+YCgX<=hW%0!gG)3!1vib=wIY!#%r&UrLR9-!*3a~N--mFDzd(Hzs?})>
zqtulG`JJ(`-u^Zu(8Vf!Q`*RJD3DW(=ti(-?)fq~>(@_ua&+SBSpD^ehQ=zYIOHm~
zr>XnDMS6RHY*G<0wdUotw6dz;j7;Llr-lo~$3hnp0?O!FrcscM89^Zk0=r?j$QTwI
z8ZZmrSgry4Gt}5Pxh-ra<}s33uu=Xq+SET>u#8^b{v*R@(0XO{gEF=uAE3i$7>)tn
zFHcg4%v4ucp9yzpBw5MhK9ws<RR<rJR}wap**HXv=mYEA&*L<Mc*ioi5f&HQ>6kFA
zfDthN@4&-wMn!xYE#$sLme2$9Xhu4c6c7-oKC4<`n!r4cV+>^f9{T<+h643J$naE}

diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/environment.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/environment.html
deleted file mode 100644
index 036111b1e..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/environment.html
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>Kyuubi Server Environments</title>
-	<link rel="stylesheet" href="semantic.min.css">
-	<link rel="stylesheet" href="icon.min.css">
-	<script src="jquery-3.6.0.min.js"></script>
-	<script src="semantic.min.js"></script>
-	<script src="kyuubi.js"></script>
-</head>
-<body>
-
-<div class="ui page">
-	<div class="ui black inverted massive menu">
-		<div class="item">
-			<img src="icon.png" alt="">
-		</div>
-		<a class="item" href="./"><i class="home icon"></i>Home</a>
-		<a class="active item" href="./environment.html" ><i class="settings icon"></i>Environment</a>
-		<a class="item" href="./sessions.html" ><i class="envelope icon"></i>Sessions</a>
-		<a class="item" href="./operations.html" ><i class="tasks icon"></i>Operations</a>
-		<a class="item" href="./metrics.html" ><i class="bars icon"></i>Metrics</a>
-		<a class="item" href="./threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-		<a class="item" href="../swagger/"><i class="h square icon"></i>REST API</a>
-		<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-		<a class="item server version right padded"><i class="flag icon"></i>En</a>
-	</div>
-</div>
-
-<div class="ui raised inverted segment">
-	<div class="ui icon message">
-		<i class="notched circle loading icon"></i>
-		<div class="content">
-			<div class="header">Hang on... </div>
-			<p>We are looking for developers to help us build the UI.</p>
-		</div>
-	</div>
-</div>
-
-</body>
-</html>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css
deleted file mode 100755
index 8edb4dd0d..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.min.css
+++ /dev/null
@@ -1,9 +0,0 @@
-/*!
- * # Semantic UI 2.3.3 - Icon
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */@font-face{font-family:Icons;src:url(assets/fonts/icons.eot);src:url(assets/fonts/icons.eot?#iefix) format('embedded-opentype'),url(assets/fonts/icons.woff2) format('woff2'),url(assets/fonts/icons.woff) format('woff'),url(assets/fonts/icons.ttf) format('truetype'),url(assets/fonts/icons.svg#icons) format('svg');font-style:normal;font-weight:400;font-variant:normal;text-decoration:inherit;text-transform:none}i.icon{display:inline-block;opacity:1;margin:0 .25rem 0 0;width:1.18em;height:1em;font-family:Icons;font-style:normal;font-weight:400;text-decoration:inherit;text-align:center;speak:none;font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;-webkit-backface-visibility:hidden;backface-visibility:hidden}i.icon:before{background:0 0!important}i.icon.loading{height:1em;line-height:1;-webkit-animation:icon-loading 2s linear infinite;animation:icon-loading 2s linear infinite}@-webkit-keyframes icon-loading{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes icon-loading{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}i.icon.hover{opacity:1!important}i.icon.active{opacity:1!important}i.emphasized.icon{opacity:1!important}i.disabled.icon{opacity:.45!important}i.fitted.icon{width:auto;margin:0!important}i.link.icon,i.link.icons{cursor:pointer;opacity:.8;-webkit-transition:opacity .1s ease;transition:opacity .1s ease}i.link.icon:hover,i.link.icons:hover{opacity:1!important}i.circular.icon{border-radius:500em!important;line-height:1!important;padding:.5em 0!important;-webkit-box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset;box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset;width:2em!important;height:2em!important}i.circular.inverted.icon{border:none;-webkit-box-shadow:none;box-shadow:none}i.flipped.icon,i.horizontally.flipped.icon{-webkit-transform:scale(-1,1);transform:scale(-1,1)}i.vertically.flipped.icon{-webkit-transform:scale(1,-1);transform:scale(1,-1)}i.clockwise.rotated.icon,i.right.rotated.icon,i.rotated.icon{-webkit-transform:rotate(90deg);transform:rotate(90deg)}i.counterclockwise.rotated.icon,i.left.rotated.icon{-webkit-transform:rotate(-90deg);transform:rotate(-90deg)}i.bordered.icon{line-height:1;vertical-align:baseline;width:2em;height:2em;padding:.5em 0!important;-webkit-box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset;box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset}i.bordered.inverted.icon{border:none;-webkit-box-shadow:none;box-shadow:none}i.inverted.bordered.icon,i.inverted.circular.icon{background-color:#1b1c1d!important;color:#fff!important}i.inverted.icon{color:#fff}i.red.icon{color:#db2828!important}i.inverted.red.icon{color:#ff695e!important}i.inverted.bordered.red.icon,i.inverted.circular.red.icon{background-color:#db2828!important;color:#fff!important}i.orange.icon{color:#f2711c!important}i.inverted.orange.icon{color:#ff851b!important}i.inverted.bordered.orange.icon,i.inverted.circular.orange.icon{background-color:#f2711c!important;color:#fff!important}i.yellow.icon{color:#fbbd08!important}i.inverted.yellow.icon{color:#ffe21f!important}i.inverted.bordered.yellow.icon,i.inverted.circular.yellow.icon{background-color:#fbbd08!important;color:#fff!important}i.olive.icon{color:#b5cc18!important}i.inverted.olive.icon{color:#d9e778!important}i.inverted.bordered.olive.icon,i.inverted.circular.olive.icon{background-color:#b5cc18!important;color:#fff!important}i.green.icon{color:#21ba45!important}i.inverted.green.icon{color:#2ecc40!important}i.inverted.bordered.green.icon,i.inverted.circular.green.icon{background-color:#21ba45!important;color:#fff!important}i.teal.icon{color:#00b5ad!important}i.inverted.teal.icon{color:#6dffff!important}i.inverted.bordered.teal.icon,i.inverted.circular.teal.icon{background-color:#00b5ad!important;color:#fff!important}i.blue.icon{color:#2185d0!important}i.inverted.blue.icon{color:#54c8ff!important}i.inverted.bordered.blue.icon,i.inverted.circular.blue.icon{background-color:#2185d0!important;color:#fff!important}i.violet.icon{color:#6435c9!important}i.inverted.violet.icon{color:#a291fb!important}i.inverted.bordered.violet.icon,i.inverted.circular.violet.icon{background-color:#6435c9!important;color:#fff!important}i.purple.icon{color:#a333c8!important}i.inverted.purple.icon{color:#dc73ff!important}i.inverted.bordered.purple.icon,i.inverted.circular.purple.icon{background-color:#a333c8!important;color:#fff!important}i.pink.icon{color:#e03997!important}i.inverted.pink.icon{color:#ff8edf!important}i.inverted.bordered.pink.icon,i.inverted.circular.pink.icon{background-color:#e03997!important;color:#fff!important}i.brown.icon{color:#a5673f!important}i.inverted.brown.icon{color:#d67c1c!important}i.inverted.bordered.brown.icon,i.inverted.circular.brown.icon{background-color:#a5673f!important;color:#fff!important}i.grey.icon{color:#767676!important}i.inverted.grey.icon{color:#dcddde!important}i.inverted.bordered.grey.icon,i.inverted.circular.grey.icon{background-color:#767676!important;color:#fff!important}i.black.icon{color:#1b1c1d!important}i.inverted.black.icon{color:#545454!important}i.inverted.bordered.black.icon,i.inverted.circular.black.icon{background-color:#1b1c1d!important;color:#fff!important}i.mini.icon,i.mini.icons{line-height:1;font-size:.4em}i.tiny.icon,i.tiny.icons{line-height:1;font-size:.5em}i.small.icon,i.small.icons{line-height:1;font-size:.75em}i.icon,i.icons{font-size:1em}i.large.icon,i.large.icons{line-height:1;vertical-align:middle;font-size:1.5em}i.big.icon,i.big.icons{line-height:1;vertical-align:middle;font-size:2em}i.huge.icon,i.huge.icons{line-height:1;vertical-align:middle;font-size:4em}i.massive.icon,i.massive.icons{line-height:1;vertical-align:middle;font-size:8em}i.icons{display:inline-block;position:relative;line-height:1}i.icons .icon{position:absolute;top:50%;left:50%;-webkit-transform:translateX(-50%) translateY(-50%);transform:translateX(-50%) translateY(-50%);margin:0;margin:0}i.icons .icon:first-child{position:static;width:auto;height:auto;vertical-align:top;-webkit-transform:none;transform:none;margin-right:.25rem}i.icons .corner.icon{top:auto;left:auto;right:0;bottom:0;-webkit-transform:none;transform:none;font-size:.45em;text-shadow:-1px -1px 0 #fff,1px -1px 0 #fff,-1px 1px 0 #fff,1px 1px 0 #fff}i.icons .top.right.corner.icon{top:0;left:auto;right:0;bottom:auto}i.icons .top.left.corner.icon{top:0;left:0;right:auto;bottom:auto}i.icons .bottom.left.corner.icon{top:auto;left:0;right:auto;bottom:0}i.icons .bottom.right.corner.icon{top:auto;left:auto;right:0;bottom:0}i.icons .inverted.corner.icon{text-shadow:-1px -1px 0 #1b1c1d,1px -1px 0 #1b1c1d,-1px 1px 0 #1b1c1d,1px 1px 0 #1b1c1d}i.icon.linkedin.in:before{content:"\f0e1"}i.icon.zoom.in:before{content:"\f00e"}i.icon.zoom.out:before{content:"\f010"}i.icon.sign.in:before{content:"\f2f6"}i.icon.in.cart:before{content:"\f218"}i.icon.log.out:before{content:"\f2f5"}i.icon.sign.out:before{content:"\f2f5"}i.icon.\35 00px:before{content:"\f26e"}i.icon.accessible.icon:before{content:"\f368"}i.icon.accusoft:before{content:"\f369"}i.icon.address.book:before{content:"\f2b9"}i.icon.address.card:before{content:"\f2bb"}i.icon.adjust:before{content:"\f042"}i.icon.adn:before{content:"\f170"}i.icon.adversal:before{content:"\f36a"}i.icon.affiliatetheme:before{content:"\f36b"}i.icon.algolia:before{content:"\f36c"}i.icon.align.center:before{content:"\f037"}i.icon.align.justify:before{content:"\f039"}i.icon.align.left:before{content:"\f036"}i.icon.align.right:before{content:"\f038"}i.icon.amazon:before{content:"\f270"}i.icon.amazon.pay:before{content:"\f42c"}i.icon.ambulance:before{content:"\f0f9"}i.icon.american.sign.language.interpreting:before{content:"\f2a3"}i.icon.amilia:before{content:"\f36d"}i.icon.anchor:before{content:"\f13d"}i.icon.android:before{content:"\f17b"}i.icon.angellist:before{content:"\f209"}i.icon.angle.double.down:before{content:"\f103"}i.icon.angle.double.left:before{content:"\f100"}i.icon.angle.double.right:before{content:"\f101"}i.icon.angle.double.up:before{content:"\f102"}i.icon.angle.down:before{content:"\f107"}i.icon.angle.left:before{content:"\f104"}i.icon.angle.right:before{content:"\f105"}i.icon.angle.up:before{content:"\f106"}i.icon.angrycreative:before{content:"\f36e"}i.icon.angular:before{content:"\f420"}i.icon.app.store:before{content:"\f36f"}i.icon.app.store.ios:before{content:"\f370"}i.icon.apper:before{content:"\f371"}i.icon.apple:before{content:"\f179"}i.icon.apple.pay:before{content:"\f415"}i.icon.archive:before{content:"\f187"}i.icon.arrow.alternate.circle.down:before{content:"\f358"}i.icon.arrow.alternate.circle.left:before{content:"\f359"}i.icon.arrow.alternate.circle.right:before{content:"\f35a"}i.icon.arrow.alternate.circle.up:before{content:"\f35b"}i.icon.arrow.circle.down:before{content:"\f0ab"}i.icon.arrow.circle.left:before{content:"\f0a8"}i.icon.arrow.circle.right:before{content:"\f0a9"}i.icon.arrow.circle.up:before{content:"\f0aa"}i.icon.arrow.down:before{content:"\f063"}i.icon.arrow.left:before{content:"\f060"}i.icon.arrow.right:before{content:"\f061"}i.icon.arrow.up:before{content:"\f062"}i.icon.arrows.alternate:before{content:"\f0b2"}i.icon.arrows.alternate.horizontal:before{content:"\f337"}i.icon.arrows.alternate.vertical:before{content:"\f338"}i.icon.assistive.listening.systems:before{content:"\f2a2"}i.icon.asterisk:before{content:"\f069"}i.icon.asymmetrik:before{content:"\f372"}i.icon.at:before{content:"\f1fa"}i.icon.audible:before{content:"\f373"}i.icon.audio.description:before{content:"\f29e"}i.icon.autoprefixer:before{content:"\f41c"}i.icon.avianex:before{content:"\f374"}i.icon.aviato:before{content:"\f421"}i.icon.aws:before{content:"\f375"}i.icon.backward:before{content:"\f04a"}i.icon.balance.scale:before{content:"\f24e"}i.icon.ban:before{content:"\f05e"}i.icon.band.aid:before{content:"\f462"}i.icon.bandcamp:before{content:"\f2d5"}i.icon.barcode:before{content:"\f02a"}i.icon.bars:before{content:"\f0c9"}i.icon.baseball.ball:before{content:"\f433"}i.icon.basketball.ball:before{content:"\f434"}i.icon.bath:before{content:"\f2cd"}i.icon.battery.empty:before{content:"\f244"}i.icon.battery.full:before{content:"\f240"}i.icon.battery.half:before{content:"\f242"}i.icon.battery.quarter:before{content:"\f243"}i.icon.battery.three.quarters:before{content:"\f241"}i.icon.bed:before{content:"\f236"}i.icon.beer:before{content:"\f0fc"}i.icon.behance:before{content:"\f1b4"}i.icon.behance.square:before{content:"\f1b5"}i.icon.bell:before{content:"\f0f3"}i.icon.bell.slash:before{content:"\f1f6"}i.icon.bicycle:before{content:"\f206"}i.icon.bimobject:before{content:"\f378"}i.icon.binoculars:before{content:"\f1e5"}i.icon.birthday.cake:before{content:"\f1fd"}i.icon.bitbucket:before{content:"\f171"}i.icon.bitcoin:before{content:"\f379"}i.icon.bity:before{content:"\f37a"}i.icon.black.tie:before{content:"\f27e"}i.icon.blackberry:before{content:"\f37b"}i.icon.blind:before{content:"\f29d"}i.icon.blogger:before{content:"\f37c"}i.icon.blogger.b:before{content:"\f37d"}i.icon.bluetooth:before{content:"\f293"}i.icon.bluetooth.b:before{content:"\f294"}i.icon.bold:before{content:"\f032"}i.icon.bolt:before{content:"\f0e7"}i.icon.bomb:before{content:"\f1e2"}i.icon.book:before{content:"\f02d"}i.icon.bookmark:before{content:"\f02e"}i.icon.bowling.ball:before{content:"\f436"}i.icon.box:before{content:"\f466"}i.icon.boxes:before{content:"\f468"}i.icon.braille:before{content:"\f2a1"}i.icon.briefcase:before{content:"\f0b1"}i.icon.btc:before{content:"\f15a"}i.icon.bug:before{content:"\f188"}i.icon.building:before{content:"\f1ad"}i.icon.bullhorn:before{content:"\f0a1"}i.icon.bullseye:before{content:"\f140"}i.icon.buromobelexperte:before{content:"\f37f"}i.icon.bus:before{content:"\f207"}i.icon.buysellads:before{content:"\f20d"}i.icon.calculator:before{content:"\f1ec"}i.icon.calendar:before{content:"\f133"}i.icon.calendar.alternate:before{content:"\f073"}i.icon.calendar.check:before{content:"\f274"}i.icon.calendar.minus:before{content:"\f272"}i.icon.calendar.plus:before{content:"\f271"}i.icon.calendar.times:before{content:"\f273"}i.icon.camera:before{content:"\f030"}i.icon.camera.retro:before{content:"\f083"}i.icon.car:before{content:"\f1b9"}i.icon.caret.down:before{content:"\f0d7"}i.icon.caret.left:before{content:"\f0d9"}i.icon.caret.right:before{content:"\f0da"}i.icon.caret.square.down:before{content:"\f150"}i.icon.caret.square.left:before{content:"\f191"}i.icon.caret.square.right:before{content:"\f152"}i.icon.caret.square.up:before{content:"\f151"}i.icon.caret.up:before{content:"\f0d8"}i.icon.cart.arrow.down:before{content:"\f218"}i.icon.cart.plus:before{content:"\f217"}i.icon.cc.amazon.pay:before{content:"\f42d"}i.icon.cc.amex:before{content:"\f1f3"}i.icon.cc.apple.pay:before{content:"\f416"}i.icon.cc.diners.club:before{content:"\f24c"}i.icon.cc.discover:before{content:"\f1f2"}i.icon.cc.jcb:before{content:"\f24b"}i.icon.cc.mastercard:before{content:"\f1f1"}i.icon.cc.paypal:before{content:"\f1f4"}i.icon.cc.stripe:before{content:"\f1f5"}i.icon.cc.visa:before{content:"\f1f0"}i.icon.centercode:before{content:"\f380"}i.icon.certificate:before{content:"\f0a3"}i.icon.chart.area:before{content:"\f1fe"}i.icon.chart.bar:before{content:"\f080"}i.icon.chart.line:before{content:"\f201"}i.icon.chart.pie:before{content:"\f200"}i.icon.check:before{content:"\f00c"}i.icon.check.circle:before{content:"\f058"}i.icon.check.square:before{content:"\f14a"}i.icon.chess:before{content:"\f439"}i.icon.chess.bishop:before{content:"\f43a"}i.icon.chess.board:before{content:"\f43c"}i.icon.chess.king:before{content:"\f43f"}i.icon.chess.knight:before{content:"\f441"}i.icon.chess.pawn:before{content:"\f443"}i.icon.chess.queen:before{content:"\f445"}i.icon.chess.rook:before{content:"\f447"}i.icon.chevron.circle.down:before{content:"\f13a"}i.icon.chevron.circle.left:before{content:"\f137"}i.icon.chevron.circle.right:before{content:"\f138"}i.icon.chevron.circle.up:before{content:"\f139"}i.icon.chevron.down:before{content:"\f078"}i.icon.chevron.left:before{content:"\f053"}i.icon.chevron.right:before{content:"\f054"}i.icon.chevron.up:before{content:"\f077"}i.icon.child:before{content:"\f1ae"}i.icon.chrome:before{content:"\f268"}i.icon.circle:before{content:"\f111"}i.icon.circle.notch:before{content:"\f1ce"}i.icon.clipboard:before{content:"\f328"}i.icon.clipboard.check:before{content:"\f46c"}i.icon.clipboard.list:before{content:"\f46d"}i.icon.clock:before{content:"\f017"}i.icon.clone:before{content:"\f24d"}i.icon.closed.captioning:before{content:"\f20a"}i.icon.cloud:before{content:"\f0c2"}i.icon.cloudscale:before{content:"\f383"}i.icon.cloudsmith:before{content:"\f384"}i.icon.cloudversify:before{content:"\f385"}i.icon.code:before{content:"\f121"}i.icon.code.branch:before{content:"\f126"}i.icon.codepen:before{content:"\f1cb"}i.icon.codiepie:before{content:"\f284"}i.icon.coffee:before{content:"\f0f4"}i.icon.cog:before{content:"\f013"}i.icon.cogs:before{content:"\f085"}i.icon.columns:before{content:"\f0db"}i.icon.comment:before{content:"\f075"}i.icon.comment.alternate:before{content:"\f27a"}i.icon.comments:before{content:"\f086"}i.icon.compass:before{content:"\f14e"}i.icon.compress:before{content:"\f066"}i.icon.connectdevelop:before{content:"\f20e"}i.icon.contao:before{content:"\f26d"}i.icon.copy:before{content:"\f0c5"}i.icon.copyright:before{content:"\f1f9"}i.icon.cpanel:before{content:"\f388"}i.icon.creative.commons:before{content:"\f25e"}i.icon.credit.card:before{content:"\f09d"}i.icon.crop:before{content:"\f125"}i.icon.crosshairs:before{content:"\f05b"}i.icon.css3:before{content:"\f13c"}i.icon.css3.alternate:before{content:"\f38b"}i.icon.cube:before{content:"\f1b2"}i.icon.cubes:before{content:"\f1b3"}i.icon.cut:before{content:"\f0c4"}i.icon.cuttlefish:before{content:"\f38c"}i.icon.d.and.d:before{content:"\f38d"}i.icon.dashcube:before{content:"\f210"}i.icon.database:before{content:"\f1c0"}i.icon.deaf:before{content:"\f2a4"}i.icon.delicious:before{content:"\f1a5"}i.icon.deploydog:before{content:"\f38e"}i.icon.deskpro:before{content:"\f38f"}i.icon.desktop:before{content:"\f108"}i.icon.deviantart:before{content:"\f1bd"}i.icon.digg:before{content:"\f1a6"}i.icon.digital.ocean:before{content:"\f391"}i.icon.discord:before{content:"\f392"}i.icon.discourse:before{content:"\f393"}i.icon.dna:before{content:"\f471"}i.icon.dochub:before{content:"\f394"}i.icon.docker:before{content:"\f395"}i.icon.dollar.sign:before{content:"\f155"}i.icon.dolly:before{content:"\f472"}i.icon.dolly.flatbed:before{content:"\f474"}i.icon.dot.circle:before{content:"\f192"}i.icon.download:before{content:"\f019"}i.icon.draft2digital:before{content:"\f396"}i.icon.dribbble:before{content:"\f17d"}i.icon.dribbble.square:before{content:"\f397"}i.icon.dropbox:before{content:"\f16b"}i.icon.drupal:before{content:"\f1a9"}i.icon.dyalog:before{content:"\f399"}i.icon.earlybirds:before{content:"\f39a"}i.icon.edge:before{content:"\f282"}i.icon.edit:before{content:"\f044"}i.icon.eject:before{content:"\f052"}i.icon.elementor:before{content:"\f430"}i.icon.ellipsis.horizontal:before{content:"\f141"}i.icon.ellipsis.vertical:before{content:"\f142"}i.icon.ember:before{content:"\f423"}i.icon.empire:before{content:"\f1d1"}i.icon.envelope:before{content:"\f0e0"}i.icon.envelope.open:before{content:"\f2b6"}i.icon.envelope.square:before{content:"\f199"}i.icon.envira:before{content:"\f299"}i.icon.eraser:before{content:"\f12d"}i.icon.erlang:before{content:"\f39d"}i.icon.ethereum:before{content:"\f42e"}i.icon.etsy:before{content:"\f2d7"}i.icon.euro.sign:before{content:"\f153"}i.icon.exchange.alternate:before{content:"\f362"}i.icon.exclamation:before{content:"\f12a"}i.icon.exclamation.circle:before{content:"\f06a"}i.icon.exclamation.triangle:before{content:"\f071"}i.icon.expand:before{content:"\f065"}i.icon.expand.arrows.alternate:before{content:"\f31e"}i.icon.expeditedssl:before{content:"\f23e"}i.icon.external.alternate:before{content:"\f35d"}i.icon.external.square.alternate:before{content:"\f360"}i.icon.eye:before{content:"\f06e"}i.icon.eye.dropper:before{content:"\f1fb"}i.icon.eye.slash:before{content:"\f070"}i.icon.facebook:before{content:"\f09a"}i.icon.facebook.f:before{content:"\f39e"}i.icon.facebook.messenger:before{content:"\f39f"}i.icon.facebook.square:before{content:"\f082"}i.icon.fast.backward:before{content:"\f049"}i.icon.fast.forward:before{content:"\f050"}i.icon.fax:before{content:"\f1ac"}i.icon.female:before{content:"\f182"}i.icon.fighter.jet:before{content:"\f0fb"}i.icon.file:before{content:"\f15b"}i.icon.file.alternate:before{content:"\f15c"}i.icon.file.archive:before{content:"\f1c6"}i.icon.file.audio:before{content:"\f1c7"}i.icon.file.code:before{content:"\f1c9"}i.icon.file.excel:before{content:"\f1c3"}i.icon.file.image:before{content:"\f1c5"}i.icon.file.pdf:before{content:"\f1c1"}i.icon.file.powerpoint:before{content:"\f1c4"}i.icon.file.video:before{content:"\f1c8"}i.icon.file.word:before{content:"\f1c2"}i.icon.film:before{content:"\f008"}i.icon.filter:before{content:"\f0b0"}i.icon.fire:before{content:"\f06d"}i.icon.fire.extinguisher:before{content:"\f134"}i.icon.firefox:before{content:"\f269"}i.icon.first.aid:before{content:"\f479"}i.icon.first.order:before{content:"\f2b0"}i.icon.firstdraft:before{content:"\f3a1"}i.icon.flag:before{content:"\f024"}i.icon.flag.checkered:before{content:"\f11e"}i.icon.flask:before{content:"\f0c3"}i.icon.flickr:before{content:"\f16e"}i.icon.flipboard:before{content:"\f44d"}i.icon.fly:before{content:"\f417"}i.icon.folder:before{content:"\f07b"}i.icon.folder.open:before{content:"\f07c"}i.icon.font:before{content:"\f031"}i.icon.font.awesome:before{content:"\f2b4"}i.icon.font.awesome.alternate:before{content:"\f35c"}i.icon.font.awesome.flag:before{content:"\f425"}i.icon.fonticons:before{content:"\f280"}i.icon.fonticons.fi:before{content:"\f3a2"}i.icon.football.ball:before{content:"\f44e"}i.icon.fort.awesome:before{content:"\f286"}i.icon.fort.awesome.alternate:before{content:"\f3a3"}i.icon.forumbee:before{content:"\f211"}i.icon.forward:before{content:"\f04e"}i.icon.foursquare:before{content:"\f180"}i.icon.free.code.camp:before{content:"\f2c5"}i.icon.freebsd:before{content:"\f3a4"}i.icon.frown:before{content:"\f119"}i.icon.futbol:before{content:"\f1e3"}i.icon.gamepad:before{content:"\f11b"}i.icon.gavel:before{content:"\f0e3"}i.icon.gem:before{content:"\f3a5"}i.icon.genderless:before{content:"\f22d"}i.icon.get.pocket:before{content:"\f265"}i.icon.gg:before{content:"\f260"}i.icon.gg.circle:before{content:"\f261"}i.icon.gift:before{content:"\f06b"}i.icon.git:before{content:"\f1d3"}i.icon.git.square:before{content:"\f1d2"}i.icon.github:before{content:"\f09b"}i.icon.github.alternate:before{content:"\f113"}i.icon.github.square:before{content:"\f092"}i.icon.gitkraken:before{content:"\f3a6"}i.icon.gitlab:before{content:"\f296"}i.icon.gitter:before{content:"\f426"}i.icon.glass.martini:before{content:"\f000"}i.icon.glide:before{content:"\f2a5"}i.icon.glide.g:before{content:"\f2a6"}i.icon.globe:before{content:"\f0ac"}i.icon.gofore:before{content:"\f3a7"}i.icon.golf.ball:before{content:"\f450"}i.icon.goodreads:before{content:"\f3a8"}i.icon.goodreads.g:before{content:"\f3a9"}i.icon.google:before{content:"\f1a0"}i.icon.google.drive:before{content:"\f3aa"}i.icon.google.play:before{content:"\f3ab"}i.icon.google.plus:before{content:"\f2b3"}i.icon.google.plus.g:before{content:"\f0d5"}i.icon.google.plus.square:before{content:"\f0d4"}i.icon.google.wallet:before{content:"\f1ee"}i.icon.graduation.cap:before{content:"\f19d"}i.icon.gratipay:before{content:"\f184"}i.icon.grav:before{content:"\f2d6"}i.icon.gripfire:before{content:"\f3ac"}i.icon.grunt:before{content:"\f3ad"}i.icon.gulp:before{content:"\f3ae"}i.icon.h.square:before{content:"\f0fd"}i.icon.hacker.news:before{content:"\f1d4"}i.icon.hacker.news.square:before{content:"\f3af"}i.icon.hand.lizard:before{content:"\f258"}i.icon.hand.paper:before{content:"\f256"}i.icon.hand.peace:before{content:"\f25b"}i.icon.hand.point.down:before{content:"\f0a7"}i.icon.hand.point.left:before{content:"\f0a5"}i.icon.hand.point.right:before{content:"\f0a4"}i.icon.hand.point.up:before{content:"\f0a6"}i.icon.hand.pointer:before{content:"\f25a"}i.icon.hand.rock:before{content:"\f255"}i.icon.hand.scissors:before{content:"\f257"}i.icon.hand.spock:before{content:"\f259"}i.icon.handshake:before{content:"\f2b5"}i.icon.hashtag:before{content:"\f292"}i.icon.hdd:before{content:"\f0a0"}i.icon.heading:before{content:"\f1dc"}i.icon.headphones:before{content:"\f025"}i.icon.heart:before{content:"\f004"}i.icon.heartbeat:before{content:"\f21e"}i.icon.hips:before{content:"\f452"}i.icon.hire.a.helper:before{content:"\f3b0"}i.icon.history:before{content:"\f1da"}i.icon.hockey.puck:before{content:"\f453"}i.icon.home:before{content:"\f015"}i.icon.hooli:before{content:"\f427"}i.icon.hospital:before{content:"\f0f8"}i.icon.hospital.symbol:before{content:"\f47e"}i.icon.hotjar:before{content:"\f3b1"}i.icon.hourglass:before{content:"\f254"}i.icon.hourglass.end:before{content:"\f253"}i.icon.hourglass.half:before{content:"\f252"}i.icon.hourglass.start:before{content:"\f251"}i.icon.houzz:before{content:"\f27c"}i.icon.html5:before{content:"\f13b"}i.icon.hubspot:before{content:"\f3b2"}i.icon.i.cursor:before{content:"\f246"}i.icon.id.badge:before{content:"\f2c1"}i.icon.id.card:before{content:"\f2c2"}i.icon.image:before{content:"\f03e"}i.icon.images:before{content:"\f302"}i.icon.imdb:before{content:"\f2d8"}i.icon.inbox:before{content:"\f01c"}i.icon.indent:before{content:"\f03c"}i.icon.industry:before{content:"\f275"}i.icon.info:before{content:"\f129"}i.icon.info.circle:before{content:"\f05a"}i.icon.instagram:before{content:"\f16d"}i.icon.internet.explorer:before{content:"\f26b"}i.icon.ioxhost:before{content:"\f208"}i.icon.italic:before{content:"\f033"}i.icon.itunes:before{content:"\f3b4"}i.icon.itunes.note:before{content:"\f3b5"}i.icon.jenkins:before{content:"\f3b6"}i.icon.joget:before{content:"\f3b7"}i.icon.joomla:before{content:"\f1aa"}i.icon.js:before{content:"\f3b8"}i.icon.js.square:before{content:"\f3b9"}i.icon.jsfiddle:before{content:"\f1cc"}i.icon.key:before{content:"\f084"}i.icon.keyboard:before{content:"\f11c"}i.icon.keycdn:before{content:"\f3ba"}i.icon.kickstarter:before{content:"\f3bb"}i.icon.kickstarter.k:before{content:"\f3bc"}i.icon.korvue:before{content:"\f42f"}i.icon.language:before{content:"\f1ab"}i.icon.laptop:before{content:"\f109"}i.icon.laravel:before{content:"\f3bd"}i.icon.lastfm:before{content:"\f202"}i.icon.lastfm.square:before{content:"\f203"}i.icon.leaf:before{content:"\f06c"}i.icon.leanpub:before{content:"\f212"}i.icon.lemon:before{content:"\f094"}i.icon.less:before{content:"\f41d"}i.icon.level.down.alternate:before{content:"\f3be"}i.icon.level.up.alternate:before{content:"\f3bf"}i.icon.life.ring:before{content:"\f1cd"}i.icon.lightbulb:before{content:"\f0eb"}i.icon.linechat:before{content:"\f3c0"}i.icon.linkify:before{content:"\f0c1"}i.icon.linkedin:before{content:"\f08c"}i.icon.linkedin.alt:before{content:"\f0e1"}i.icon.linode:before{content:"\f2b8"}i.icon.linux:before{content:"\f17c"}i.icon.lira.sign:before{content:"\f195"}i.icon.list:before{content:"\f03a"}i.icon.list.alternate:before{content:"\f022"}i.icon.list.ol:before{content:"\f0cb"}i.icon.list.ul:before{content:"\f0ca"}i.icon.location.arrow:before{content:"\f124"}i.icon.lock:before{content:"\f023"}i.icon.lock.open:before{content:"\f3c1"}i.icon.long.arrow.alternate.down:before{content:"\f309"}i.icon.long.arrow.alternate.left:before{content:"\f30a"}i.icon.long.arrow.alternate.right:before{content:"\f30b"}i.icon.long.arrow.alternate.up:before{content:"\f30c"}i.icon.low.vision:before{content:"\f2a8"}i.icon.lyft:before{content:"\f3c3"}i.icon.magento:before{content:"\f3c4"}i.icon.magic:before{content:"\f0d0"}i.icon.magnet:before{content:"\f076"}i.icon.male:before{content:"\f183"}i.icon.map:before{content:"\f279"}i.icon.map.marker:before{content:"\f041"}i.icon.map.marker.alternate:before{content:"\f3c5"}i.icon.map.pin:before{content:"\f276"}i.icon.map.signs:before{content:"\f277"}i.icon.mars:before{content:"\f222"}i.icon.mars.double:before{content:"\f227"}i.icon.mars.stroke:before{content:"\f229"}i.icon.mars.stroke.horizontal:before{content:"\f22b"}i.icon.mars.stroke.vertical:before{content:"\f22a"}i.icon.maxcdn:before{content:"\f136"}i.icon.medapps:before{content:"\f3c6"}i.icon.medium:before{content:"\f23a"}i.icon.medium.m:before{content:"\f3c7"}i.icon.medkit:before{content:"\f0fa"}i.icon.medrt:before{content:"\f3c8"}i.icon.meetup:before{content:"\f2e0"}i.icon.meh:before{content:"\f11a"}i.icon.mercury:before{content:"\f223"}i.icon.microchip:before{content:"\f2db"}i.icon.microphone:before{content:"\f130"}i.icon.microphone.slash:before{content:"\f131"}i.icon.microsoft:before{content:"\f3ca"}i.icon.minus:before{content:"\f068"}i.icon.minus.circle:before{content:"\f056"}i.icon.minus.square:before{content:"\f146"}i.icon.mix:before{content:"\f3cb"}i.icon.mixcloud:before{content:"\f289"}i.icon.mizuni:before{content:"\f3cc"}i.icon.mobile:before{content:"\f10b"}i.icon.mobile.alternate:before{content:"\f3cd"}i.icon.modx:before{content:"\f285"}i.icon.monero:before{content:"\f3d0"}i.icon.money.bill.alternate:before{content:"\f3d1"}i.icon.moon:before{content:"\f186"}i.icon.motorcycle:before{content:"\f21c"}i.icon.mouse.pointer:before{content:"\f245"}i.icon.music:before{content:"\f001"}i.icon.napster:before{content:"\f3d2"}i.icon.neuter:before{content:"\f22c"}i.icon.newspaper:before{content:"\f1ea"}i.icon.nintendo.switch:before{content:"\f418"}i.icon.node:before{content:"\f419"}i.icon.node.js:before{content:"\f3d3"}i.icon.npm:before{content:"\f3d4"}i.icon.ns8:before{content:"\f3d5"}i.icon.nutritionix:before{content:"\f3d6"}i.icon.object.group:before{content:"\f247"}i.icon.object.ungroup:before{content:"\f248"}i.icon.odnoklassniki:before{content:"\f263"}i.icon.odnoklassniki.square:before{content:"\f264"}i.icon.opencart:before{content:"\f23d"}i.icon.openid:before{content:"\f19b"}i.icon.opera:before{content:"\f26a"}i.icon.optin.monster:before{content:"\f23c"}i.icon.osi:before{content:"\f41a"}i.icon.outdent:before{content:"\f03b"}i.icon.page4:before{content:"\f3d7"}i.icon.pagelines:before{content:"\f18c"}i.icon.paint.brush:before{content:"\f1fc"}i.icon.palfed:before{content:"\f3d8"}i.icon.pallet:before{content:"\f482"}i.icon.paper.plane:before{content:"\f1d8"}i.icon.paperclip:before{content:"\f0c6"}i.icon.paragraph:before{content:"\f1dd"}i.icon.paste:before{content:"\f0ea"}i.icon.patreon:before{content:"\f3d9"}i.icon.pause:before{content:"\f04c"}i.icon.pause.circle:before{content:"\f28b"}i.icon.paw:before{content:"\f1b0"}i.icon.paypal:before{content:"\f1ed"}i.icon.pen.square:before{content:"\f14b"}i.icon.pencil.alternate:before{content:"\f303"}i.icon.percent:before{content:"\f295"}i.icon.periscope:before{content:"\f3da"}i.icon.phabricator:before{content:"\f3db"}i.icon.phoenix.framework:before{content:"\f3dc"}i.icon.phone:before{content:"\f095"}i.icon.phone.square:before{content:"\f098"}i.icon.phone.volume:before{content:"\f2a0"}i.icon.php:before{content:"\f457"}i.icon.pied.piper:before{content:"\f2ae"}i.icon.pied.piper.alternate:before{content:"\f1a8"}i.icon.pied.piper.pp:before{content:"\f1a7"}i.icon.pills:before{content:"\f484"}i.icon.pinterest:before{content:"\f0d2"}i.icon.pinterest.p:before{content:"\f231"}i.icon.pinterest.square:before{content:"\f0d3"}i.icon.plane:before{content:"\f072"}i.icon.play:before{content:"\f04b"}i.icon.play.circle:before{content:"\f144"}i.icon.playstation:before{content:"\f3df"}i.icon.plug:before{content:"\f1e6"}i.icon.plus:before{content:"\f067"}i.icon.plus.circle:before{content:"\f055"}i.icon.plus.square:before{content:"\f0fe"}i.icon.podcast:before{content:"\f2ce"}i.icon.pound.sign:before{content:"\f154"}i.icon.power.off:before{content:"\f011"}i.icon.print:before{content:"\f02f"}i.icon.product.hunt:before{content:"\f288"}i.icon.pushed:before{content:"\f3e1"}i.icon.puzzle.piece:before{content:"\f12e"}i.icon.python:before{content:"\f3e2"}i.icon.qq:before{content:"\f1d6"}i.icon.qrcode:before{content:"\f029"}i.icon.question:before{content:"\f128"}i.icon.question.circle:before{content:"\f059"}i.icon.quidditch:before{content:"\f458"}i.icon.quinscape:before{content:"\f459"}i.icon.quora:before{content:"\f2c4"}i.icon.quote.left:before{content:"\f10d"}i.icon.quote.right:before{content:"\f10e"}i.icon.random:before{content:"\f074"}i.icon.ravelry:before{content:"\f2d9"}i.icon.react:before{content:"\f41b"}i.icon.rebel:before{content:"\f1d0"}i.icon.recycle:before{content:"\f1b8"}i.icon.redriver:before{content:"\f3e3"}i.icon.reddit:before{content:"\f1a1"}i.icon.reddit.alien:before{content:"\f281"}i.icon.reddit.square:before{content:"\f1a2"}i.icon.redo:before{content:"\f01e"}i.icon.redo.alternate:before{content:"\f2f9"}i.icon.registered:before{content:"\f25d"}i.icon.rendact:before{content:"\f3e4"}i.icon.renren:before{content:"\f18b"}i.icon.reply:before{content:"\f3e5"}i.icon.reply.all:before{content:"\f122"}i.icon.replyd:before{content:"\f3e6"}i.icon.resolving:before{content:"\f3e7"}i.icon.retweet:before{content:"\f079"}i.icon.road:before{content:"\f018"}i.icon.rocket:before{content:"\f135"}i.icon.rocketchat:before{content:"\f3e8"}i.icon.rockrms:before{content:"\f3e9"}i.icon.rss:before{content:"\f09e"}i.icon.rss.square:before{content:"\f143"}i.icon.ruble.sign:before{content:"\f158"}i.icon.rupee.sign:before{content:"\f156"}i.icon.safari:before{content:"\f267"}i.icon.sass:before{content:"\f41e"}i.icon.save:before{content:"\f0c7"}i.icon.schlix:before{content:"\f3ea"}i.icon.scribd:before{content:"\f28a"}i.icon.search:before{content:"\f002"}i.icon.search.minus:before{content:"\f010"}i.icon.search.plus:before{content:"\f00e"}i.icon.searchengin:before{content:"\f3eb"}i.icon.sellcast:before{content:"\f2da"}i.icon.sellsy:before{content:"\f213"}i.icon.server:before{content:"\f233"}i.icon.servicestack:before{content:"\f3ec"}i.icon.share:before{content:"\f064"}i.icon.share.alternate:before{content:"\f1e0"}i.icon.share.alternate.square:before{content:"\f1e1"}i.icon.share.square:before{content:"\f14d"}i.icon.shekel.sign:before{content:"\f20b"}i.icon.shield.alternate:before{content:"\f3ed"}i.icon.ship:before{content:"\f21a"}i.icon.shipping.fast:before{content:"\f48b"}i.icon.shirtsinbulk:before{content:"\f214"}i.icon.shopping.bag:before{content:"\f290"}i.icon.shopping.basket:before{content:"\f291"}i.icon.shopping.cart:before{content:"\f07a"}i.icon.shower:before{content:"\f2cc"}i.icon.sign.language:before{content:"\f2a7"}i.icon.signal:before{content:"\f012"}i.icon.simplybuilt:before{content:"\f215"}i.icon.sistrix:before{content:"\f3ee"}i.icon.sitemap:before{content:"\f0e8"}i.icon.skyatlas:before{content:"\f216"}i.icon.skype:before{content:"\f17e"}i.icon.slack:before{content:"\f198"}i.icon.slack.hash:before{content:"\f3ef"}i.icon.sliders.horizontal:before{content:"\f1de"}i.icon.slideshare:before{content:"\f1e7"}i.icon.smile:before{content:"\f118"}i.icon.snapchat:before{content:"\f2ab"}i.icon.snapchat.ghost:before{content:"\f2ac"}i.icon.snapchat.square:before{content:"\f2ad"}i.icon.snowflake:before{content:"\f2dc"}i.icon.sort:before{content:"\f0dc"}i.icon.sort.alphabet.down:before{content:"\f15d"}i.icon.sort.alphabet.up:before{content:"\f15e"}i.icon.sort.amount.down:before{content:"\f160"}i.icon.sort.amount.up:before{content:"\f161"}i.icon.sort.down:before{content:"\f0dd"}i.icon.sort.numeric.down:before{content:"\f162"}i.icon.sort.numeric.up:before{content:"\f163"}i.icon.sort.up:before{content:"\f0de"}i.icon.soundcloud:before{content:"\f1be"}i.icon.space.shuttle:before{content:"\f197"}i.icon.speakap:before{content:"\f3f3"}i.icon.spinner:before{content:"\f110"}i.icon.spotify:before{content:"\f1bc"}i.icon.square:before{content:"\f0c8"}i.icon.square.full:before{content:"\f45c"}i.icon.stack.exchange:before{content:"\f18d"}i.icon.stack.overflow:before{content:"\f16c"}i.icon.star:before{content:"\f005"}i.icon.star.half:before{content:"\f089"}i.icon.staylinked:before{content:"\f3f5"}i.icon.steam:before{content:"\f1b6"}i.icon.steam.square:before{content:"\f1b7"}i.icon.steam.symbol:before{content:"\f3f6"}i.icon.step.backward:before{content:"\f048"}i.icon.step.forward:before{content:"\f051"}i.icon.stethoscope:before{content:"\f0f1"}i.icon.sticker.mule:before{content:"\f3f7"}i.icon.sticky.note:before{content:"\f249"}i.icon.stop:before{content:"\f04d"}i.icon.stop.circle:before{content:"\f28d"}i.icon.stopwatch:before{content:"\f2f2"}i.icon.strava:before{content:"\f428"}i.icon.street.view:before{content:"\f21d"}i.icon.strikethrough:before{content:"\f0cc"}i.icon.stripe:before{content:"\f429"}i.icon.stripe.s:before{content:"\f42a"}i.icon.studiovinari:before{content:"\f3f8"}i.icon.stumbleupon:before{content:"\f1a4"}i.icon.stumbleupon.circle:before{content:"\f1a3"}i.icon.subscript:before{content:"\f12c"}i.icon.subway:before{content:"\f239"}i.icon.suitcase:before{content:"\f0f2"}i.icon.sun:before{content:"\f185"}i.icon.superpowers:before{content:"\f2dd"}i.icon.superscript:before{content:"\f12b"}i.icon.supple:before{content:"\f3f9"}i.icon.sync:before{content:"\f021"}i.icon.sync.alternate:before{content:"\f2f1"}i.icon.syringe:before{content:"\f48e"}i.icon.table:before{content:"\f0ce"}i.icon.table.tennis:before{content:"\f45d"}i.icon.tablet:before{content:"\f10a"}i.icon.tablet.alternate:before{content:"\f3fa"}i.icon.tachometer.alternate:before{content:"\f3fd"}i.icon.tag:before{content:"\f02b"}i.icon.tags:before{content:"\f02c"}i.icon.tasks:before{content:"\f0ae"}i.icon.taxi:before{content:"\f1ba"}i.icon.telegram:before{content:"\f2c6"}i.icon.telegram.plane:before{content:"\f3fe"}i.icon.tencent.weibo:before{content:"\f1d5"}i.icon.terminal:before{content:"\f120"}i.icon.text.height:before{content:"\f034"}i.icon.text.width:before{content:"\f035"}i.icon.th:before{content:"\f00a"}i.icon.th.large:before{content:"\f009"}i.icon.th.list:before{content:"\f00b"}i.icon.themeisle:before{content:"\f2b2"}i.icon.thermometer:before{content:"\f491"}i.icon.thermometer.empty:before{content:"\f2cb"}i.icon.thermometer.full:before{content:"\f2c7"}i.icon.thermometer.half:before{content:"\f2c9"}i.icon.thermometer.quarter:before{content:"\f2ca"}i.icon.thermometer.three.quarters:before{content:"\f2c8"}i.icon.thumbs.down:before{content:"\f165"}i.icon.thumbs.up:before{content:"\f164"}i.icon.thumbtack:before{content:"\f08d"}i.icon.ticket.alternate:before{content:"\f3ff"}i.icon.times:before{content:"\f00d"}i.icon.times.circle:before{content:"\f057"}i.icon.tint:before{content:"\f043"}i.icon.toggle.off:before{content:"\f204"}i.icon.toggle.on:before{content:"\f205"}i.icon.trademark:before{content:"\f25c"}i.icon.train:before{content:"\f238"}i.icon.transgender:before{content:"\f224"}i.icon.transgender.alternate:before{content:"\f225"}i.icon.trash:before{content:"\f1f8"}i.icon.trash.alternate:before{content:"\f2ed"}i.icon.tree:before{content:"\f1bb"}i.icon.trello:before{content:"\f181"}i.icon.tripadvisor:before{content:"\f262"}i.icon.trophy:before{content:"\f091"}i.icon.truck:before{content:"\f0d1"}i.icon.tty:before{content:"\f1e4"}i.icon.tumblr:before{content:"\f173"}i.icon.tumblr.square:before{content:"\f174"}i.icon.tv:before{content:"\f26c"}i.icon.twitch:before{content:"\f1e8"}i.icon.twitter:before{content:"\f099"}i.icon.twitter.square:before{content:"\f081"}i.icon.typo3:before{content:"\f42b"}i.icon.uber:before{content:"\f402"}i.icon.uikit:before{content:"\f403"}i.icon.umbrella:before{content:"\f0e9"}i.icon.underline:before{content:"\f0cd"}i.icon.undo:before{content:"\f0e2"}i.icon.undo.alternate:before{content:"\f2ea"}i.icon.uniregistry:before{content:"\f404"}i.icon.universal.access:before{content:"\f29a"}i.icon.university:before{content:"\f19c"}i.icon.unlink:before{content:"\f127"}i.icon.unlock:before{content:"\f09c"}i.icon.unlock.alternate:before{content:"\f13e"}i.icon.untappd:before{content:"\f405"}i.icon.upload:before{content:"\f093"}i.icon.usb:before{content:"\f287"}i.icon.user:before{content:"\f007"}i.icon.user.circle:before{content:"\f2bd"}i.icon.user.md:before{content:"\f0f0"}i.icon.user.plus:before{content:"\f234"}i.icon.user.secret:before{content:"\f21b"}i.icon.user.times:before{content:"\f235"}i.icon.users:before{content:"\f0c0"}i.icon.ussunnah:before{content:"\f407"}i.icon.utensil.spoon:before{content:"\f2e5"}i.icon.utensils:before{content:"\f2e7"}i.icon.vaadin:before{content:"\f408"}i.icon.venus:before{content:"\f221"}i.icon.venus.double:before{content:"\f226"}i.icon.venus.mars:before{content:"\f228"}i.icon.viacoin:before{content:"\f237"}i.icon.viadeo:before{content:"\f2a9"}i.icon.viadeo.square:before{content:"\f2aa"}i.icon.viber:before{content:"\f409"}i.icon.video:before{content:"\f03d"}i.icon.vimeo:before{content:"\f40a"}i.icon.vimeo.square:before{content:"\f194"}i.icon.vimeo.v:before{content:"\f27d"}i.icon.vine:before{content:"\f1ca"}i.icon.vk:before{content:"\f189"}i.icon.vnv:before{content:"\f40b"}i.icon.volleyball.ball:before{content:"\f45f"}i.icon.volume.down:before{content:"\f027"}i.icon.volume.off:before{content:"\f026"}i.icon.volume.up:before{content:"\f028"}i.icon.vuejs:before{content:"\f41f"}i.icon.warehouse:before{content:"\f494"}i.icon.weibo:before{content:"\f18a"}i.icon.weight:before{content:"\f496"}i.icon.weixin:before{content:"\f1d7"}i.icon.whatsapp:before{content:"\f232"}i.icon.whatsapp.square:before{content:"\f40c"}i.icon.wheelchair:before{content:"\f193"}i.icon.whmcs:before{content:"\f40d"}i.icon.wifi:before{content:"\f1eb"}i.icon.wikipedia.w:before{content:"\f266"}i.icon.window.close:before{content:"\f410"}i.icon.window.maximize:before{content:"\f2d0"}i.icon.window.minimize:before{content:"\f2d1"}i.icon.window.restore:before{content:"\f2d2"}i.icon.windows:before{content:"\f17a"}i.icon.won.sign:before{content:"\f159"}i.icon.wordpress:before{content:"\f19a"}i.icon.wordpress.simple:before{content:"\f411"}i.icon.wpbeginner:before{content:"\f297"}i.icon.wpexplorer:before{content:"\f2de"}i.icon.wpforms:before{content:"\f298"}i.icon.wrench:before{content:"\f0ad"}i.icon.xbox:before{content:"\f412"}i.icon.xing:before{content:"\f168"}i.icon.xing.square:before{content:"\f169"}i.icon.y.combinator:before{content:"\f23b"}i.icon.yahoo:before{content:"\f19e"}i.icon.yandex:before{content:"\f413"}i.icon.yandex.international:before{content:"\f414"}i.icon.yelp:before{content:"\f1e9"}i.icon.yen.sign:before{content:"\f157"}i.icon.yoast:before{content:"\f2b1"}i.icon.youtube:before{content:"\f167"}i.icon.youtube.square:before{content:"\f431"}i.icon.chess.rock:before{content:"\f447"}i.icon.ordered.list:before{content:"\f0cb"}i.icon.unordered.list:before{content:"\f0ca"}i.icon.user.doctor:before{content:"\f0f0"}i.icon.shield:before{content:"\f3ed"}i.icon.puzzle:before{content:"\f12e"}i.icon.credit.card.amazon.pay:before{content:"\f42d"}i.icon.credit.card.american.express:before{content:"\f1f3"}i.icon.credit.card.diners.club:before{content:"\f24c"}i.icon.credit.card.discover:before{content:"\f1f2"}i.icon.credit.card.jcb:before{content:"\f24b"}i.icon.credit.card.mastercard:before{content:"\f1f1"}i.icon.credit.card.paypal:before{content:"\f1f4"}i.icon.credit.card.stripe:before{content:"\f1f5"}i.icon.credit.card.visa:before{content:"\f1f0"}i.icon.add.circle:before{content:"\f055"}i.icon.add.square:before{content:"\f0fe"}i.icon.add.to.calendar:before{content:"\f271"}i.icon.add.to.cart:before{content:"\f217"}i.icon.add.user:before{content:"\f234"}i.icon.add:before{content:"\f067"}i.icon.alarm.mute:before{content:"\f1f6"}i.icon.alarm:before{content:"\f0f3"}i.icon.ald:before{content:"\f2a2"}i.icon.als:before{content:"\f2a2"}i.icon.american.express.card:before{content:"\f1f3"}i.icon.american.express:before{content:"\f1f3"}i.icon.amex:before{content:"\f1f3"}i.icon.announcement:before{content:"\f0a1"}i.icon.area.chart:before{content:"\f1fe"}i.icon.area.graph:before{content:"\f1fe"}i.icon.arrow.down.cart:before{content:"\f218"}i.icon.asexual:before{content:"\f22d"}i.icon.asl.interpreting:before{content:"\f2a3"}i.icon.asl:before{content:"\f2a3"}i.icon.assistive.listening.devices:before{content:"\f2a2"}i.icon.attach:before{content:"\f0c6"}i.icon.attention:before{content:"\f06a"}i.icon.balance:before{content:"\f24e"}i.icon.bar:before{content:"\f0fc"}i.icon.bathtub:before{content:"\f2cd"}i.icon.battery.four:before{content:"\f240"}i.icon.battery.high:before{content:"\f241"}i.icon.battery.low:before{content:"\f243"}i.icon.battery.medium:before{content:"\f242"}i.icon.battery.one:before{content:"\f243"}i.icon.battery.three:before{content:"\f241"}i.icon.battery.two:before{content:"\f242"}i.icon.battery.zero:before{content:"\f244"}i.icon.birthday:before{content:"\f1fd"}i.icon.block.layout:before{content:"\f009"}i.icon.bluetooth.alternative:before{content:"\f294"}i.icon.broken.chain:before{content:"\f127"}i.icon.browser:before{content:"\f022"}i.icon.call.square:before{content:"\f098"}i.icon.call:before{content:"\f095"}i.icon.cancel:before{content:"\f00d"}i.icon.cart:before{content:"\f07a"}i.icon.cc:before{content:"\f20a"}i.icon.chain:before{content:"\f0c1"}i.icon.chat:before{content:"\f075"}i.icon.checked.calendar:before{content:"\f274"}i.icon.checkmark:before{content:"\f00c"}i.icon.circle.notched:before{content:"\f1ce"}i.icon.close:before{content:"\f00d"}i.icon.cny:before{content:"\f157"}i.icon.cocktail:before{content:"\f000"}i.icon.commenting:before{content:"\f27a"}i.icon.computer:before{content:"\f108"}i.icon.configure:before{content:"\f0ad"}i.icon.content:before{content:"\f0c9"}i.icon.deafness:before{content:"\f2a4"}i.icon.delete.calendar:before{content:"\f273"}i.icon.delete:before{content:"\f00d"}i.icon.detective:before{content:"\f21b"}i.icon.diners.club.card:before{content:"\f24c"}i.icon.diners.club:before{content:"\f24c"}i.icon.discover.card:before{content:"\f1f2"}i.icon.discover:before{content:"\f1f2"}i.icon.discussions:before{content:"\f086"}i.icon.doctor:before{content:"\f0f0"}i.icon.dollar:before{content:"\f155"}i.icon.dont:before{content:"\f05e"}i.icon.dribble:before{content:"\f17d"}i.icon.drivers.license:before{content:"\f2c2"}i.icon.dropdown:before{content:"\f0d7"}i.icon.eercast:before{content:"\f2da"}i.icon.emergency:before{content:"\f0f9"}i.icon.envira.gallery:before{content:"\f299"}i.icon.erase:before{content:"\f12d"}i.icon.eur:before{content:"\f153"}i.icon.euro:before{content:"\f153"}i.icon.eyedropper:before{content:"\f1fb"}i.icon.fa:before{content:"\f2b4"}i.icon.factory:before{content:"\f275"}i.icon.favorite:before{content:"\f005"}i.icon.feed:before{content:"\f09e"}i.icon.female.homosexual:before{content:"\f226"}i.icon.file.text:before{content:"\f15c"}i.icon.find:before{content:"\f1e5"}i.icon.first.aid:before{content:"\f0fa"}i.icon.five.hundred.pixels:before{content:"\f26e"}i.icon.fork:before{content:"\f126"}i.icon.game:before{content:"\f11b"}i.icon.gay:before{content:"\f227"}i.icon.gbp:before{content:"\f154"}i.icon.gittip:before{content:"\f184"}i.icon.google.plus.circle:before{content:"\f2b3"}i.icon.google.plus.official:before{content:"\f2b3"}i.icon.grab:before{content:"\f255"}i.icon.graduation:before{content:"\f19d"}i.icon.grid.layout:before{content:"\f00a"}i.icon.group:before{content:"\f0c0"}i.icon.h:before{content:"\f0fd"}i.icon.hand.victory:before{content:"\f25b"}i.icon.handicap:before{content:"\f193"}i.icon.hard.of.hearing:before{content:"\f2a4"}i.icon.header:before{content:"\f1dc"}i.icon.help.circle:before{content:"\f059"}i.icon.help:before{content:"\f128"}i.icon.heterosexual:before{content:"\f228"}i.icon.hide:before{content:"\f070"}i.icon.hotel:before{content:"\f236"}i.icon.hourglass.four:before{content:"\f254"}i.icon.hourglass.full:before{content:"\f254"}i.icon.hourglass.one:before{content:"\f251"}i.icon.hourglass.three:before{content:"\f253"}i.icon.hourglass.two:before{content:"\f252"}i.icon.idea:before{content:"\f0eb"}i.icon.ils:before{content:"\f20b"}i.icon.in-cart:before{content:"\f218"}i.icon.inr:before{content:"\f156"}i.icon.intergender:before{content:"\f224"}i.icon.intersex:before{content:"\f224"}i.icon.japan.credit.bureau.card:before{content:"\f24b"}i.icon.japan.credit.bureau:before{content:"\f24b"}i.icon.jcb:before{content:"\f24b"}i.icon.jpy:before{content:"\f157"}i.icon.krw:before{content:"\f159"}i.icon.lab:before{content:"\f0c3"}i.icon.law:before{content:"\f24e"}i.icon.legal:before{content:"\f0e3"}i.icon.lesbian:before{content:"\f226"}i.icon.lightning:before{content:"\f0e7"}i.icon.like:before{content:"\f004"}i.icon.line.graph:before{content:"\f201"}i.icon.linkedin.square:before{content:"\f08c"}i.icon.linkify:before{content:"\f0c1"}i.icon.lira:before{content:"\f195"}i.icon.list.layout:before{content:"\f00b"}i.icon.magnify:before{content:"\f00e"}i.icon.mail.forward:before{content:"\f064"}i.icon.mail.square:before{content:"\f199"}i.icon.mail:before{content:"\f0e0"}i.icon.male.homosexual:before{content:"\f227"}i.icon.man:before{content:"\f222"}i.icon.marker:before{content:"\f041"}i.icon.mars.alternate:before{content:"\f229"}i.icon.mars.horizontal:before{content:"\f22b"}i.icon.mars.vertical:before{content:"\f22a"}i.icon.mastercard.card:before{content:"\f1f1"}i.icon.mastercard:before{content:"\f1f1"}i.icon.microsoft.edge:before{content:"\f282"}i.icon.military:before{content:"\f0fb"}i.icon.ms.edge:before{content:"\f282"}i.icon.mute:before{content:"\f131"}i.icon.new.pied.piper:before{content:"\f2ae"}i.icon.non.binary.transgender:before{content:"\f223"}i.icon.numbered.list:before{content:"\f0cb"}i.icon.optinmonster:before{content:"\f23c"}i.icon.options:before{content:"\f1de"}i.icon.other.gender.horizontal:before{content:"\f22b"}i.icon.other.gender.vertical:before{content:"\f22a"}i.icon.other.gender:before{content:"\f229"}i.icon.payment:before{content:"\f09d"}i.icon.paypal.card:before{content:"\f1f4"}i.icon.pencil.square:before{content:"\f14b"}i.icon.photo:before{content:"\f030"}i.icon.picture:before{content:"\f03e"}i.icon.pie.chart:before{content:"\f200"}i.icon.pie.graph:before{content:"\f200"}i.icon.pied.piper.hat:before{content:"\f2ae"}i.icon.pin:before{content:"\f08d"}i.icon.plus.cart:before{content:"\f217"}i.icon.pocket:before{content:"\f265"}i.icon.point:before{content:"\f041"}i.icon.pointing.down:before{content:"\f0a7"}i.icon.pointing.left:before{content:"\f0a5"}i.icon.pointing.right:before{content:"\f0a4"}i.icon.pointing.up:before{content:"\f0a6"}i.icon.pound:before{content:"\f154"}i.icon.power.cord:before{content:"\f1e6"}i.icon.power:before{content:"\f011"}i.icon.privacy:before{content:"\f084"}i.icon.r.circle:before{content:"\f25d"}i.icon.rain:before{content:"\f0e9"}i.icon.record:before{content:"\f03d"}i.icon.refresh:before{content:"\f021"}i.icon.remove.circle:before{content:"\f057"}i.icon.remove.from.calendar:before{content:"\f272"}i.icon.remove.user:before{content:"\f235"}i.icon.remove:before{content:"\f00d"}i.icon.repeat:before{content:"\f01e"}i.icon.rmb:before{content:"\f157"}i.icon.rouble:before{content:"\f158"}i.icon.rub:before{content:"\f158"}i.icon.ruble:before{content:"\f158"}i.icon.rupee:before{content:"\f156"}i.icon.s15:before{content:"\f2cd"}i.icon.selected.radio:before{content:"\f192"}i.icon.send:before{content:"\f1d8"}i.icon.setting:before{content:"\f013"}i.icon.settings:before{content:"\f085"}i.icon.shekel:before{content:"\f20b"}i.icon.sheqel:before{content:"\f20b"}i.icon.shipping:before{content:"\f0d1"}i.icon.shop:before{content:"\f07a"}i.icon.shuffle:before{content:"\f074"}i.icon.shutdown:before{content:"\f011"}i.icon.sidebar:before{content:"\f0c9"}i.icon.signing:before{content:"\f2a7"}i.icon.signup:before{content:"\f044"}i.icon.sliders:before{content:"\f1de"}i.icon.soccer:before{content:"\f1e3"}i.icon.sort.alphabet.ascending:before{content:"\f15d"}i.icon.sort.alphabet.descending:before{content:"\f15e"}i.icon.sort.ascending:before{content:"\f0de"}i.icon.sort.content.ascending:before{content:"\f160"}i.icon.sort.content.descending:before{content:"\f161"}i.icon.sort.descending:before{content:"\f0dd"}i.icon.sort.numeric.ascending:before{content:"\f162"}i.icon.sort.numeric.descending:before{content:"\f163"}i.icon.sound:before{content:"\f025"}i.icon.spy:before{content:"\f21b"}i.icon.stripe.card:before{content:"\f1f5"}i.icon.student:before{content:"\f19d"}i.icon.talk:before{content:"\f27a"}i.icon.target:before{content:"\f140"}i.icon.teletype:before{content:"\f1e4"}i.icon.television:before{content:"\f26c"}i.icon.text.cursor:before{content:"\f246"}i.icon.text.telephone:before{content:"\f1e4"}i.icon.theme.isle:before{content:"\f2b2"}i.icon.theme:before{content:"\f043"}i.icon.thermometer:before{content:"\f2c7"}i.icon.thumb.tack:before{content:"\f08d"}i.icon.time:before{content:"\f017"}i.icon.tm:before{content:"\f25c"}i.icon.toggle.down:before{content:"\f150"}i.icon.toggle.left:before{content:"\f191"}i.icon.toggle.right:before{content:"\f152"}i.icon.toggle.up:before{content:"\f151"}i.icon.translate:before{content:"\f1ab"}i.icon.travel:before{content:"\f0b1"}i.icon.treatment:before{content:"\f0f1"}i.icon.triangle.down:before{content:"\f0d7"}i.icon.triangle.left:before{content:"\f0d9"}i.icon.triangle.right:before{content:"\f0da"}i.icon.triangle.up:before{content:"\f0d8"}i.icon.try:before{content:"\f195"}i.icon.unhide:before{content:"\f06e"}i.icon.unlinkify:before{content:"\f127"}i.icon.unmute:before{content:"\f130"}i.icon.usd:before{content:"\f155"}i.icon.user.cancel:before{content:"\f235"}i.icon.user.close:before{content:"\f235"}i.icon.user.delete:before{content:"\f235"}i.icon.user.x:before{content:"\f235"}i.icon.vcard:before{content:"\f2bb"}i.icon.video.camera:before{content:"\f03d"}i.icon.video.play:before{content:"\f144"}i.icon.visa.card:before{content:"\f1f0"}i.icon.visa:before{content:"\f1f0"}i.icon.volume.control.phone:before{content:"\f2a0"}i.icon.wait:before{content:"\f017"}i.icon.warning.circle:before{content:"\f06a"}i.icon.warning.sign:before{content:"\f071"}i.icon.warning:before{content:"\f12a"}i.icon.wechat:before{content:"\f1d7"}i.icon.wi-fi:before{content:"\f1eb"}i.icon.wikipedia:before{content:"\f266"}i.icon.winner:before{content:"\f091"}i.icon.wizard:before{content:"\f0d0"}i.icon.woman:before{content:"\f221"}i.icon.won:before{content:"\f159"}i.icon.wordpress.beginner:before{content:"\f297"}i.icon.wordpress.forms:before{content:"\f298"}i.icon.world:before{content:"\f0ac"}i.icon.write.square:before{content:"\f14b"}i.icon.x:before{content:"\f00d"}i.icon.yc:before{content:"\f23b"}i.icon.ycombinator:before{content:"\f23b"}i.icon.yen:before{content:"\f157"}i.icon.zip:before{content:"\f187"}i.icon.zoom-in:before{content:"\f00e"}i.icon.zoom-out:before{content:"\f010"}i.icon.zoom:before{content:"\f00e"}i.icon.bitbucket.square:before{content:"\f171"}i.icon.checkmark.box:before{content:"\f14a"}i.icon.circle.thin:before{content:"\f111"}i.icon.cloud.download:before{content:"\f381"}i.icon.cloud.upload:before{content:"\f382"}i.icon.compose:before{content:"\f303"}i.icon.conversation:before{content:"\f086"}i.icon.credit.card.alternative:before{content:"\f09d"}i.icon.currency:before{content:"\f3d1"}i.icon.dashboard:before{content:"\f3fd"}i.icon.diamond:before{content:"\f3a5"}i.icon.disk:before{content:"\f0a0"}i.icon.exchange:before{content:"\f362"}i.icon.external.share:before{content:"\f14d"}i.icon.external.square:before{content:"\f360"}i.icon.external:before{content:"\f35d"}i.icon.facebook.official:before{content:"\f082"}i.icon.food:before{content:"\f2e7"}i.icon.hourglass.zero:before{content:"\f253"}i.icon.level.down:before{content:"\f3be"}i.icon.level.up:before{content:"\f3bf"}i.icon.logout:before{content:"\f2f5"}i.icon.meanpath:before{content:"\f0c8"}i.icon.money:before{content:"\f3d1"}i.icon.move:before{content:"\f0b2"}i.icon.pencil:before{content:"\f303"}i.icon.protect:before{content:"\f023"}i.icon.radio:before{content:"\f192"}i.icon.remove.bookmark:before{content:"\f02e"}i.icon.resize.horizontal:before{content:"\f337"}i.icon.resize.vertical:before{content:"\f338"}i.icon.sign-in:before{content:"\f2f6"}i.icon.sign-out:before{content:"\f2f5"}i.icon.spoon:before{content:"\f2e5"}i.icon.star.half.empty:before{content:"\f089"}i.icon.star.half.full:before{content:"\f089"}i.icon.ticket:before{content:"\f3ff"}i.icon.times.rectangle:before{content:"\f410"}i.icon.write:before{content:"\f303"}i.icon.youtube.play:before{content:"\f167"}@font-face{font-family:outline-icons;src:url(assets/fonts/outline-icons.eot);src:url(assets/fonts/outline-icons.eot?#iefix) format('embedded-opentype'),url(assets/fonts/outline-icons.woff2) format('woff2'),url(assets/fonts/outline-icons.woff) format('woff'),url(assets/fonts/outline-icons.ttf) format('truetype'),url(assets/fonts/outline-icons.svg#icons) format('svg');font-style:normal;font-weight:400;font-variant:normal;text-decoration:inherit;text-transform:none}i.icon.outline{font-family:outline-icons}i.icon.address.book.outline:before{content:"\f2b9"}i.icon.address.card.outline:before{content:"\f2bb"}i.icon.arrow.alternate.circle.down.outline:before{content:"\f358"}i.icon.arrow.alternate.circle.left.outline:before{content:"\f359"}i.icon.arrow.alternate.circle.right.outline:before{content:"\f35a"}i.icon.arrow.alternate.circle.up.outline:before{content:"\f35b"}i.icon.bell.outline:before{content:"\f0f3"}i.icon.bell.slash.outline:before{content:"\f1f6"}i.icon.bookmark.outline:before{content:"\f02e"}i.icon.building.outline:before{content:"\f1ad"}i.icon.calendar.outline:before{content:"\f133"}i.icon.calendar.alternate.outline:before{content:"\f073"}i.icon.calendar.check.outline:before{content:"\f274"}i.icon.calendar.minus.outline:before{content:"\f272"}i.icon.calendar.plus.outline:before{content:"\f271"}i.icon.calendar.times.outline:before{content:"\f273"}i.icon.caret.square.down.outline:before{content:"\f150"}i.icon.caret.square.left.outline:before{content:"\f191"}i.icon.caret.square.right.outline:before{content:"\f152"}i.icon.caret.square.up.outline:before{content:"\f151"}i.icon.chart.bar.outline:before{content:"\f080"}i.icon.check.circle.outline:before{content:"\f058"}i.icon.check.square.outline:before{content:"\f14a"}i.icon.circle.outline:before{content:"\f111"}i.icon.clipboard.outline:before{content:"\f328"}i.icon.clock.outline:before{content:"\f017"}i.icon.clone.outline:before{content:"\f24d"}i.icon.closed.captioning.outline:before{content:"\f20a"}i.icon.comment.outline:before{content:"\f075"}i.icon.comment.alternate.outline:before{content:"\f27a"}i.icon.comments.outline:before{content:"\f086"}i.icon.compass.outline:before{content:"\f14e"}i.icon.copy.outline:before{content:"\f0c5"}i.icon.copyright.outline:before{content:"\f1f9"}i.icon.credit.card.outline:before{content:"\f09d"}i.icon.dot.circle.outline:before{content:"\f192"}i.icon.edit.outline:before{content:"\f044"}i.icon.envelope.outline:before{content:"\f0e0"}i.icon.envelope.open.outline:before{content:"\f2b6"}i.icon.eye.slash.outline:before{content:"\f070"}i.icon.file.outline:before{content:"\f15b"}i.icon.file.alternate.outline:before{content:"\f15c"}i.icon.file.archive.outline:before{content:"\f1c6"}i.icon.file.audio.outline:before{content:"\f1c7"}i.icon.file.code.outline:before{content:"\f1c9"}i.icon.file.excel.outline:before{content:"\f1c3"}i.icon.file.image.outline:before{content:"\f1c5"}i.icon.file.pdf.outline:before{content:"\f1c1"}i.icon.file.powerpoint.outline:before{content:"\f1c4"}i.icon.file.video.outline:before{content:"\f1c8"}i.icon.file.word.outline:before{content:"\f1c2"}i.icon.flag.outline:before{content:"\f024"}i.icon.folder.outline:before{content:"\f07b"}i.icon.folder.open.outline:before{content:"\f07c"}i.icon.frown.outline:before{content:"\f119"}i.icon.futbol.outline:before{content:"\f1e3"}i.icon.gem.outline:before{content:"\f3a5"}i.icon.hand.lizard.outline:before{content:"\f258"}i.icon.hand.paper.outline:before{content:"\f256"}i.icon.hand.peace.outline:before{content:"\f25b"}i.icon.hand.point.down.outline:before{content:"\f0a7"}i.icon.hand.point.left.outline:before{content:"\f0a5"}i.icon.hand.point.right.outline:before{content:"\f0a4"}i.icon.hand.point.up.outline:before{content:"\f0a6"}i.icon.hand.pointer.outline:before{content:"\f25a"}i.icon.hand.rock.outline:before{content:"\f255"}i.icon.hand.scissors.outline:before{content:"\f257"}i.icon.hand.spock.outline:before{content:"\f259"}i.icon.handshake.outline:before{content:"\f2b5"}i.icon.hdd.outline:before{content:"\f0a0"}i.icon.heart.outline:before{content:"\f004"}i.icon.hospital.outline:before{content:"\f0f8"}i.icon.hourglass.outline:before{content:"\f254"}i.icon.id.badge.outline:before{content:"\f2c1"}i.icon.id.card.outline:before{content:"\f2c2"}i.icon.image.outline:before{content:"\f03e"}i.icon.images.outline:before{content:"\f302"}i.icon.keyboard.outline:before{content:"\f11c"}i.icon.lemon.outline:before{content:"\f094"}i.icon.life.ring.outline:before{content:"\f1cd"}i.icon.lightbulb.outline:before{content:"\f0eb"}i.icon.list.alternate.outline:before{content:"\f022"}i.icon.map.outline:before{content:"\f279"}i.icon.meh.outline:before{content:"\f11a"}i.icon.minus.square.outline:before{content:"\f146"}i.icon.money.bill.alternate.outline:before{content:"\f3d1"}i.icon.moon.outline:before{content:"\f186"}i.icon.newspaper.outline:before{content:"\f1ea"}i.icon.object.group.outline:before{content:"\f247"}i.icon.object.ungroup.outline:before{content:"\f248"}i.icon.paper.plane.outline:before{content:"\f1d8"}i.icon.pause.circle.outline:before{content:"\f28b"}i.icon.play.circle.outline:before{content:"\f144"}i.icon.plus.square.outline:before{content:"\f0fe"}i.icon.question.circle.outline:before{content:"\f059"}i.icon.registered.outline:before{content:"\f25d"}i.icon.save.outline:before{content:"\f0c7"}i.icon.share.square.outline:before{content:"\f14d"}i.icon.smile.outline:before{content:"\f118"}i.icon.snowflake.outline:before{content:"\f2dc"}i.icon.square.outline:before{content:"\f0c8"}i.icon.star.outline:before{content:"\f005"}i.icon.star.half.outline:before{content:"\f089"}i.icon.sticky.note.outline:before{content:"\f249"}i.icon.stop.circle.outline:before{content:"\f28d"}i.icon.sun.outline:before{content:"\f185"}i.icon.thumbs.down.outline:before{content:"\f165"}i.icon.thumbs.up.outline:before{content:"\f164"}i.icon.times.circle.outline:before{content:"\f057"}i.icon.trash.alternate.outline:before{content:"\f2ed"}i.icon.user.outline:before{content:"\f007"}i.icon.user.circle.outline:before{content:"\f2bd"}i.icon.window.close.outline:before{content:"\f410"}i.icon.window.maximize.outline:before{content:"\f2d0"}i.icon.window.minimize.outline:before{content:"\f2d1"}i.icon.window.restore.outline:before{content:"\f2d2"}i.icon.disk.outline:before{content:"\f369"}i.icon.heart.empty,i.icon.star.empty{font-family:outline-icons}i.icon.heart.empty:before{content:"\f004"}i.icon.star.empty:before{content:"\f089"}@font-face{font-family:brand-icons;src:url(assets/fonts/brand-icons.eot);src:url(assets/fonts/brand-icons.eot?#iefix) format('embedded-opentype'),url(assets/fonts/brand-icons.woff2) format('woff2'),url(assets/fonts/brand-icons.woff) format('woff'),url(assets/fonts/brand-icons.ttf) format('truetype'),url(assets/fonts/brand-icons.svg#icons) format('svg');font-style:normal;font-weight:400;font-variant:normal;text-decoration:inherit;text-transform:none}i.icon.\35 00px,i.icon.accessible.icon,i.icon.accusoft,i.icon.adn,i.icon.adversal,i.icon.affiliatetheme,i.icon.algolia,i.icon.amazon,i.icon.amazon.pay,i.icon.amilia,i.icon.android,i.icon.angellist,i.icon.angrycreative,i.icon.angular,i.icon.app.store,i.icon.app.store.ios,i.icon.apper,i.icon.apple,i.icon.apple.pay,i.icon.asymmetrik,i.icon.audible,i.icon.autoprefixer,i.icon.avianex,i.icon.aviato,i.icon.aws,i.icon.bandcamp,i.icon.behance,i.icon.behance.square,i.icon.bimobject,i.icon.bitbucket,i.icon.bitcoin,i.icon.bity,i.icon.black.tie,i.icon.blackberry,i.icon.blogger,i.icon.blogger.b,i.icon.bluetooth,i.icon.bluetooth.b,i.icon.btc,i.icon.buromobelexperte,i.icon.buysellads,i.icon.cc.amazon.pay,i.icon.cc.amex,i.icon.cc.apple.pay,i.icon.cc.diners.club,i.icon.cc.discover,i.icon.cc.jcb,i.icon.cc.mastercard,i.icon.cc.paypal,i.icon.cc.stripe,i.icon.cc.visa,i.icon.centercode,i.icon.chrome,i.icon.cloudscale,i.icon.cloudsmith,i.icon.cloudversify,i.icon.codepen,i.icon.codiepie,i.icon.connectdevelop,i.icon.contao,i.icon.cpanel,i.icon.creative.commons,i.icon.css3,i.icon.css3.alternate,i.icon.cuttlefish,i.icon.d.and.d,i.icon.dashcube,i.icon.delicious,i.icon.deploydog,i.icon.deskpro,i.icon.deviantart,i.icon.digg,i.icon.digital.ocean,i.icon.discord,i.icon.discourse,i.icon.dochub,i.icon.docker,i.icon.draft2digital,i.icon.dribbble,i.icon.dribbble.square,i.icon.dropbox,i.icon.drupal,i.icon.dyalog,i.icon.earlybirds,i.icon.edge,i.icon.elementor,i.icon.ember,i.icon.empire,i.icon.envira,i.icon.erlang,i.icon.ethereum,i.icon.etsy,i.icon.expeditedssl,i.icon.facebook,i.icon.facebook.f,i.icon.facebook.messenger,i.icon.facebook.square,i.icon.firefox,i.icon.first.order,i.icon.firstdraft,i.icon.flickr,i.icon.flipboard,i.icon.fly,i.icon.font.awesome,i.icon.font.awesome.alternate,i.icon.font.awesome.flag,i.icon.fonticons,i.icon.fonticons.fi,i.icon.fort.awesome,i.icon.fort.awesome.alternate,i.icon.forumbee,i.icon.foursquare,i.icon.free.code.camp,i.icon.freebsd,i.icon.get.pocket,i.icon.gg,i.icon.gg.circle,i.icon.git,i.icon.git.square,i.icon.github,i.icon.github.alternate,i.icon.github.square,i.icon.gitkraken,i.icon.gitlab,i.icon.gitter,i.icon.glide,i.icon.glide.g,i.icon.gofore,i.icon.goodreads,i.icon.goodreads.g,i.icon.google,i.icon.google.drive,i.icon.google.play,i.icon.google.plus,i.icon.google.plus.g,i.icon.google.plus.square,i.icon.google.wallet,i.icon.gratipay,i.icon.grav,i.icon.gripfire,i.icon.grunt,i.icon.gulp,i.icon.hacker.news,i.icon.hacker.news.square,i.icon.hips,i.icon.hire.a.helper,i.icon.hooli,i.icon.hotjar,i.icon.houzz,i.icon.html5,i.icon.hubspot,i.icon.imdb,i.icon.instagram,i.icon.internet.explorer,i.icon.ioxhost,i.icon.itunes,i.icon.itunes.note,i.icon.jenkins,i.icon.joget,i.icon.joomla,i.icon.js,i.icon.js.square,i.icon.jsfiddle,i.icon.keycdn,i.icon.kickstarter,i.icon.kickstarter.k,i.icon.korvue,i.icon.laravel,i.icon.lastfm,i.icon.lastfm.square,i.icon.leanpub,i.icon.less,i.icon.linechat,i.icon.linkedin,i.icon.linkedin.alternate,i.icon.linkedin.in,i.icon.linode,i.icon.linux,i.icon.lyft,i.icon.magento,i.icon.maxcdn,i.icon.medapps,i.icon.medium,i.icon.medium.m,i.icon.medrt,i.icon.meetup,i.icon.microsoft,i.icon.mix,i.icon.mixcloud,i.icon.mizuni,i.icon.modx,i.icon.monero,i.icon.napster,i.icon.nintendo.switch,i.icon.node,i.icon.node.js,i.icon.npm,i.icon.ns8,i.icon.nutritionix,i.icon.odnoklassniki,i.icon.odnoklassniki.square,i.icon.opencart,i.icon.openid,i.icon.opera,i.icon.optin.monster,i.icon.osi,i.icon.page4,i.icon.pagelines,i.icon.palfed,i.icon.patreon,i.icon.paypal,i.icon.periscope,i.icon.phabricator,i.icon.phoenix.framework,i.icon.php,i.icon.pied.piper,i.icon.pied.piper.alternate,i.icon.pied.piper.pp,i.icon.pinterest,i.icon.pinterest.p,i.icon.pinterest.square,i.icon.playstation,i.icon.product.hunt,i.icon.pushed,i.icon.python,i.icon.qq,i.icon.quinscape,i.icon.quora,i.icon.ravelry,i.icon.react,i.icon.rebel,i.icon.reddit,i.icon.reddit.alien,i.icon.reddit.square,i.icon.redriver,i.icon.rendact,i.icon.renren,i.icon.replyd,i.icon.resolving,i.icon.rocketchat,i.icon.rockrms,i.icon.safari,i.icon.sass,i.icon.schlix,i.icon.scribd,i.icon.searchengin,i.icon.sellcast,i.icon.sellsy,i.icon.servicestack,i.icon.shirtsinbulk,i.icon.simplybuilt,i.icon.sistrix,i.icon.skyatlas,i.icon.skype,i.icon.slack,i.icon.slack.hash,i.icon.slideshare,i.icon.snapchat,i.icon.snapchat.ghost,i.icon.snapchat.square,i.icon.soundcloud,i.icon.speakap,i.icon.spotify,i.icon.stack.exchange,i.icon.stack.overflow,i.icon.staylinked,i.icon.steam,i.icon.steam.square,i.icon.steam.symbol,i.icon.sticker.mule,i.icon.strava,i.icon.stripe,i.icon.stripe.s,i.icon.studiovinari,i.icon.stumbleupon,i.icon.stumbleupon.circle,i.icon.superpowers,i.icon.supple,i.icon.telegram,i.icon.telegram.plane,i.icon.tencent.weibo,i.icon.themeisle,i.icon.trello,i.icon.tripadvisor,i.icon.tumblr,i.icon.tumblr.square,i.icon.twitch,i.icon.twitter,i.icon.twitter.square,i.icon.typo3,i.icon.uber,i.icon.uikit,i.icon.uniregistry,i.icon.untappd,i.icon.usb,i.icon.ussunnah,i.icon.vaadin,i.icon.viacoin,i.icon.viadeo,i.icon.viadeo.square,i.icon.viber,i.icon.vimeo,i.icon.vimeo.square,i.icon.vimeo.v,i.icon.vine,i.icon.vk,i.icon.vnv,i.icon.vuejs,i.icon.wechat,i.icon.weibo,i.icon.weixin,i.icon.whatsapp,i.icon.whatsapp.square,i.icon.whmcs,i.icon.wikipedia.w,i.icon.windows,i.icon.wordpress,i.icon.wordpress.simple,i.icon.wpbeginner,i.icon.wpexplorer,i.icon.wpforms,i.icon.xbox,i.icon.xing,i.icon.xing.square,i.icon.y.combinator,i.icon.yahoo,i.icon.yandex,i.icon.yandex.international,i.icon.yelp,i.icon.yoast,i.icon.youtube,i.icon.youtube.square{font-family:brand-icons}
\ No newline at end of file
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.png b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/icon.png
deleted file mode 100644
index f0090030d38eeb4eae06e6fd32dc5f420acd6b29..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1179
zcmeAS@N?(olHy`uVBq!ia0vp^jX<2i!3-oHnkH)iDYF2d5LfpCpZ|=Eq$0PwSLOgs
z5G)Du3ub6AP&jZQ;e&v~g9QZ}0w$EKGkFyYl;kY%h%9Dc;1&X5#!GkW{xC2wzw>l)
z49RFb8hvxyY6TuqRu<R2fBv7p_p~5tV@nIe+q$ruXKgO@@vJ_o^z_Nz?~|u=UzqkU
z&ydYlTfTAD)}O~d>Q()cpCUa=F2Cf{58<Hg*6}?*ep<U-bdlcjdFqC1QG0j(lJR(c
zK41BT_WXSHt`D~@m)zudUj6@g(5c8Zp|OjWb36!E@-{twWzJ{)l{uzo5}yg*Sm?F5
zd15L{*WzZyBL|kryb`#<oAlSP@vduRU*N=s@5+Z&xc5F_E?#HK@gaB($JXk!d1^Xe
z=3Xp~5tl7yn$lRb@YU|T1fvs+HaM{GrCtgO<w>cInapB!*p&5sXHY}Qhe=8qsu~?#
z4NKm{`5&0q6ttj%B_;FnTgejv1sYB<4SU|^x!qK(zT$j6df}e=flL!79dEFCv7Vz=
zyRg0C&_^M=YtI8Ku5aWsW;M9C<9KtWNZ!;fvGdZ~7!IFxH=UQtUH*3c%PPh{sq^RM
z7}+RoSd@~@*y{W~+27iVb>g49<_GMxUmdrN6jt79*I>`s(RV8-xRpVhu_W1f?Xpur
zP2cO7<E1i+0#w*IxB9L8ZgNytqsm|<zrx#}R*NSoeBnKLME~M-(;z3IRm~;$)X!+-
z%wqOa%)KUjbm?VBuB8ngg8pwajvdlS*ygf$!auiNHVyZJ4$pC9T&Xnquk?pLll6_W
zmfT=cI^|-{Z}Ir+;qwdM{a6$7srA9$mOEN<6Yf2%DA>Kyk7@M|&RW?cic0&^pXYx&
zsH?`}wP}{i8C|>kA!|DCIC$T@Toc{<W%UnnLHV7VDis!2eDd<r<UeIS_d?r>$MV}x
zEcdW<ZZrOUkE^BCV)eePXBW0v{Qa6*`0Y>Ju|v<k7B@?&ZC=dDHNla4wqe;W)`<(W
z&n`PK$ExjW=>y9zR=*hH>KqD||Et!1qWtw~iOH6OOkA7w5_vaXdOLA#vwGWw#uL(3
zJB0MvSN5o-{$+|VJT1(?cq(H#mjZiio$rFJTmejP&93sluwab)mCn%NH)Ym(zL*e(
z-fLgx8(2w6T@BaEb+9cxy4IlQUexPt9y~&a%&hK4s2{0wcVBk7NcpkxjW-XLHL3|I
z_+P1+turB#_v&&6m)#<*yBa4HdoIe-Nm;iyWa}oK@|&NIZMnL0-{Jd}KOd*XZ?yWc
z`Z)K|gA09F{yh7``c3Q)Q>M#ImxHBCnV)Wps0d!{G(V^;vUOXb$Kno$sVb327I-;m
zDF!U}|6$q4<h|zVs*TP`g*tzn&pr9nSG8A3U#mE8Wn;owztz_=dX5BC$4%63`E}Q5
z)Ag#R@^GVG8QX&Q-AW4SFUlTsJ=*$d+G8fC%UiZg{Lk$iCA{{3Y*E6E2E}h*=GNbs
pqq1d(S=jQso|-Y|RxNqG>;K|K<tHX9UIG<844$rjF6*2UngGp-BX9r!

diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/index.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/index.html
deleted file mode 100644
index e3761df62..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/index.html
+++ /dev/null
@@ -1,58 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>Kyuubi Web UI</title>
-	<link rel="stylesheet" href="semantic.min.css">
-	<link rel="stylesheet" href="icon.min.css">
-	<script src="jquery-3.6.0.min.js"></script>
-	<script src="semantic.min.js"></script>
-	<script src="kyuubi.js"></script>
-</head>
-<body>
-<div class="ui page">
-	<div class="ui black inverted massive menu">
-		<div class="item">
-			<img src="icon.png" alt="">
-		</div>
-		<a class="active item" href="./"><i class="home icon"></i>Home</a>
-		<a class="item" href="./environment.html" ><i class="settings icon"></i>Environment</a>
-		<a class="item" href="./sessions.html" ><i class="envelope icon"></i>Sessions</a>
-		<a class="item" href="./operations.html" ><i class="tasks icon"></i>Operations</a>
-		<a class="item" href="./metrics.html" ><i class="bars icon"></i>Metrics</a>
-		<a class="item" href="./threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-		<a class="item" href="../swagger"><i class="h square icon"></i>REST API</a>
-		<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-		<a class="item server version right padded"><i class="flag icon"></i>En</a>
-	</div>
-</div>
-
-<div class="ui raised inverted segment">
-	<div class="ui icon message">
-		<i class="notched circle loading icon"></i>
-		<div class="content">
-			<div class="header">Hang on... </div>
-			<p>We are looking for developers to help us build the UI.</p>
-		</div>
-	</div>
-</div>
-
-</body>
-</html>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/jquery-3.6.0.min.js b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/jquery-3.6.0.min.js
deleted file mode 100644
index c4c6022f2..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/jquery-3.6.0.min.js
+++ /dev/null
@@ -1,2 +0,0 @@
-/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
-!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document,k=0,r=0,m=ue(),x=ue(),A=ue(),N=ue(),j=function(e,t){return e===t&&(l=!0),0},D={}.hasOwnProperty,t=[],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",I="(?:\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+",W="\\["+M+"*("+I+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+I+"))|)"+M+"*\\]",F=":("+I+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+W+")*)|.*)\\)|)",B=new RegExp(M+"+","g"),$=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),_=new RegExp("^"+M+"*,"+M+"*"),z=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="<a id='"+S+"'></a><select id='"+S+"-\r\\' msallowcapture=''><option selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='disabled'></a><select disabled='disabled'><option/></select>";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0<se(t,C,null,[e]).length},se.contains=function(e,t){return(e.ownerDocument||e)!=C&&T(e),y(e,t)},se.attr=function(e,t){(e.ownerDocument||e)!=C&&T(e);var n=b.attrHandle[t.toLowerCase()],r=n&&D.call(b.attrHandle,t.toLowerCase())?n(e,t,!E):void 0;return void 0!==r?r:d.attributes||!E?e.getAttribute(t):(r=e.getAttributeNode(t))&&r.specified?r.value:null},se.escape=function(e){return(e+"").replace(re,ie)},se.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},se.uniqueSort=function(e){var t,n=[],r=0,i=0;if(l=!d.detectDuplicates,u=!d.sortStable&&e.slice(0),e.sort(j),l){while(t=e[i++])t===e[i]&&(r=n.push(i));while(r--)e.splice(n[r],1)}return u=null,e},o=se.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=o(e)}else if(3===i||4===i)return e.nodeValue}else while(t=e[r++])n+=o(t);return n},(b=se.selectors={cacheLength:50,createPseudo:le,match:G,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1<t.indexOf(i):"$="===r?i&&t.slice(-i.length)===i:"~="===r?-1<(" "+t.replace(B," ")+" ").indexOf(i):"|="===r&&(t===i||t.slice(0,i.length+1)===i+"-"))}},CHILD:function(h,e,t,g,v){var y="nth"!==h.slice(0,3),m="last"!==h.slice(-4),x="of-type"===e;return 1===g&&0===v?function(e){return!!e.parentNode}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if(1===a.nodeType&&++d&&a===e){i[h]=[k,s,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]=[k,d]),a===e))break;return(d-=v)===g||d%g==0&&0<=d/g}}},PSEUDO:function(e,o){var t,a=b.pseudos[e]||b.setFilters[e.toLowerCase()]||se.error("unsupported pseudo: "+e);return a[S]?a(o):1<a.length?(t=[e,e,"",o],b.setFilters.hasOwnProperty(e.toLowerCase())?le(function(e,t){var n,r=a(e,o),i=r.length;while(i--)e[n=P(e,r[i])]=!(t[n]=r[i])}):function(e){return a(e,0,t)}):a}},pseudos:{not:le(function(e){var r=[],i=[],s=f(e.replace($,"$1"));return s[S]?le(function(e,t,n,r){var i,o=s(e,null,r,[]),a=e.length;while(a--)(i=o[a])&&(e[a]=!(t[a]=i))}):function(e,t,n){return r[0]=e,s(r,null,n,i),r[0]=null,!i.pop()}}),has:le(function(t){return function(e){return 0<se(t,e).length}}),contains:le(function(t){return t=t.replace(te,ne),function(e){return-1<(e.textContent||o(e)).indexOf(t)}}),lang:le(function(n){return V.test(n||"")||se.error("unsupported lang: "+n),n=n.replace(te,ne).toLowerCase(),function(e){var t;do{if(t=E?e.lang:e.getAttribute("xml:lang")||e.getAttribute("lang"))return(t=t.toLowerCase())===n||0===t.indexOf(n+"-")}while((e=e.parentNode)&&1===e.nodeType);return!1}}),target:function(e){var t=n.location&&n.location.hash;return t&&t.slice(1)===e.id},root:function(e){return e===a},focus:function(e){return e===C.activeElement&&(!C.hasFocus||C.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:ge(!1),disabled:ge(!0),checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,!0===e.selected},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeType<6)return!1;return!0},parent:function(e){return!b.pseudos.empty(e)},header:function(e){return J.test(e.nodeName)},input:function(e){return Q.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},first:ve(function(){return[0]}),last:ve(function(e,t){return[t-1]}),eq:ve(function(e,t,n){return[n<0?n+t:n]}),even:ve(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:ve(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:ve(function(e,t,n){for(var r=n<0?n+t:t<n?t:n;0<=--r;)e.push(r);return e}),gt:ve(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}}).pseudos.nth=b.pseudos.eq,{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})b.pseudos[e]=de(e);for(e in{submit:!0,reset:!0})b.pseudos[e]=he(e);function me(){}function xe(e){for(var t=0,n=e.length,r="";t<n;t++)r+=e[t].value;return r}function be(s,e,t){var u=e.dir,l=e.next,c=l||u,f=t&&"parentNode"===c,p=r++;return e.first?function(e,t,n){while(e=e[u])if(1===e.nodeType||f)return s(e,t,n);return!1}:function(e,t,n){var r,i,o,a=[k,p];if(n){while(e=e[u])if((1===e.nodeType||f)&&s(e,t,n))return!0}else while(e=e[u])if(1===e.nodeType||f)if(i=(o=e[S]||(e[S]={}))[e.uniqueID]||(o[e.uniqueID]={}),l&&l===e.nodeName.toLowerCase())e=e[u]||e;else{if((r=i[c])&&r[0]===k&&r[1]===p)return a[2]=r[2];if((i[c]=a)[2]=s(e,t,n))return!0}return!1}}function we(i){return 1<i.length?function(e,t,n){var r=i.length;while(r--)if(!i[r](e,t,n))return!1;return!0}:i[0]}function Te(e,t,n,r,i){for(var o,a=[],s=0,u=e.length,l=null!=t;s<u;s++)(o=e[s])&&(n&&!n(o,r,i)||(a.push(o),l&&t.push(s)));return a}function Ce(d,h,g,v,y,e){return v&&!v[S]&&(v=Ce(v)),y&&!y[S]&&(y=Ce(y,e)),le(function(e,t,n,r){var i,o,a,s=[],u=[],l=t.length,c=e||function(e,t,n){for(var r=0,i=t.length;r<i;r++)se(e,t[r],n);return n}(h||"*",n.nodeType?[n]:n,[]),f=!d||!e&&h?c:Te(c,s,d,n,r),p=g?y||(e?d:l||v)?[]:t:f;if(g&&g(f,p,n,r),v){i=Te(p,u),v(i,[],n,r),o=i.length;while(o--)(a=i[o])&&(p[u[o]]=!(f[u[o]]=a))}if(e){if(y||d){if(y){i=[],o=p.length;while(o--)(a=p[o])&&i.push(f[o]=a);y(null,p=[],i,r)}o=p.length;while(o--)(a=p[o])&&-1<(i=y?P(e,a):s[o])&&(e[i]=!(t[i]=a))}}else p=Te(p===t?p.splice(l,p.length):p),y?y(null,t,p,r):H.apply(t,p)})}function Ee(e){for(var i,t,n,r=e.length,o=b.relative[e[0].type],a=o||b.relative[" "],s=o?1:0,u=be(function(e){return e===i},a,!0),l=be(function(e){return-1<P(i,e)},a,!0),c=[function(e,t,n){var r=!o&&(n||t!==w)||((i=t).nodeType?u(e,t,n):l(e,t,n));return i=null,r}];s<r;s++)if(t=b.relative[e[s].type])c=[be(we(c),t)];else{if((t=b.filter[e[s].type].apply(null,e[s].matches))[S]){for(n=++s;n<r;n++)if(b.relative[e[n].type])break;return Ce(1<s&&we(c),1<s&&xe(e.slice(0,s-1).concat({value:" "===e[s-2].type?"*":""})).replace($,"$1"),t,s<n&&Ee(e.slice(s,n)),n<r&&Ee(e=e.slice(n)),n<r&&xe(e))}c.push(t)}return we(c)}return me.prototype=b.filters=b.pseudos,b.setFilters=new me,h=se.tokenize=function(e,t){var n,r,i,o,a,s,u,l=x[e+" "];if(l)return t?0:l.slice(0);a=e,s=[],u=b.preFilter;while(a){for(o in n&&!(r=_.exec(a))||(r&&(a=a.slice(r[0].length)||a),s.push(i=[])),n=!1,(r=z.exec(a))&&(n=r.shift(),i.push({value:n,type:r[0].replace($," ")}),a=a.slice(n.length)),b.filter)!(r=G[o].exec(a))||u[o]&&!(r=u[o](r))||(n=r.shift(),i.push({value:n,type:o,matches:r}),a=a.slice(n.length));if(!n)break}return t?a.length:a?se.error(e):x(e,s).slice(0)},f=se.compile=function(e,t){var n,v,y,m,x,r,i=[],o=[],a=A[e+" "];if(!a){t||(t=h(e)),n=t.length;while(n--)(a=Ee(t[n]))[S]?i.push(a):o.push(a);(a=A(e,(v=o,m=0<(y=i).length,x=0<v.length,r=function(e,t,n,r,i){var o,a,s,u=0,l="0",c=e&&[],f=[],p=w,d=e||x&&b.find.TAG("*",i),h=k+=null==p?1:Math.random()||.1,g=d.length;for(i&&(w=t==C||t||i);l!==g&&null!=(o=d[l]);l++){if(x&&o){a=0,t||o.ownerDocument==C||(T(o),n=!E);while(s=v[a++])if(s(o,t||C,n)){r.push(o);break}i&&(k=h)}m&&((o=!s&&o)&&u--,e&&c.push(o))}if(u+=l,m&&l!==u){a=0;while(s=y[a++])s(c,f,t,n);if(e){if(0<u)while(l--)c[l]||f[l]||(f[l]=q.call(r));f=Te(f)}H.apply(r,f),i&&!e&&0<f.length&&1<u+y.length&&se.uniqueSort(r)}return i&&(k=h,w=p),c},m?le(r):r))).selector=e}return a},g=se.select=function(e,t,n,r){var i,o,a,s,u,l="function"==typeof e&&e,c=!r&&h(e=l.selector||e);if(n=n||[],1===c.length){if(2<(o=c[0]=c[0].slice(0)).length&&"ID"===(a=o[0]).type&&9===t.nodeType&&E&&b.relative[o[1].type]){if(!(t=(b.find.ID(a.matches[0].replace(te,ne),t)||[])[0]))return n;l&&(t=t.parentNode),e=e.slice(o.shift().value.length)}i=G.needsContext.test(e)?0:o.length;while(i--){if(a=o[i],b.relative[s=a.type])break;if((u=b.find[s])&&(r=u(a.matches[0].replace(te,ne),ee.test(o[0].type)&&ye(t.parentNode)||t))){if(o.splice(i,1),!(e=r.length&&xe(o)))return H.apply(n,r),n;break}}}return(l||f(e,c))(r,t,!E,n,!t||ee.test(e)&&ye(t.parentNode)||t),n},d.sortStable=S.split("").sort(j).join("")===S,d.detectDuplicates=!!l,T(),d.sortDetached=ce(function(e){return 1&e.compareDocumentPosition(C.createElement("fieldset"))}),ce(function(e){return e.innerHTML="<a href='#'></a>","#"===e.firstChild.getAttribute("href")})||fe("type|href|height|width",function(e,t,n){if(!n)return e.getAttribute(t,"type"===t.toLowerCase()?1:2)}),d.attributes&&ce(function(e){return e.innerHTML="<input/>",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")})||fe("value",function(e,t,n){if(!n&&"input"===e.nodeName.toLowerCase())return e.defaultValue}),ce(function(e){return null==e.getAttribute("disabled")})||fe(R,function(e,t,n){var r;if(!n)return!0===e[t]?t.toLowerCase():(r=e.getAttributeNode(t))&&r.specified?r.value:null}),se}(C);S.find=d,S.expr=d.selectors,S.expr[":"]=S.expr.pseudos,S.uniqueSort=S.unique=d.uniqueSort,S.text=d.getText,S.isXMLDoc=d.isXML,S.contains=d.contains,S.escapeSelector=d.escape;var h=function(e,t,n){var r=[],i=void 0!==n;while((e=e[t])&&9!==e.nodeType)if(1===e.nodeType){if(i&&S(e).is(n))break;r.push(e)}return r},T=function(e,t){for(var n=[];e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n},k=S.expr.match.needsContext;function A(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}var N=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1<i.call(n,e)!==r}):S.filter(n,e,r)}S.filter=function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?S.find.matchesSelector(r,e)?[r]:[]:S.find.matches(e,S.grep(t,function(e){return 1===e.nodeType}))},S.fn.extend({find:function(e){var t,n,r=this.length,i=this;if("string"!=typeof e)return this.pushStack(S(e).filter(function(){for(t=0;t<r;t++)if(S.contains(i[t],this))return!0}));for(n=this.pushStack([]),t=0;t<r;t++)S.find(e,i[t],n);return 1<r?S.uniqueSort(n):n},filter:function(e){return this.pushStack(j(this,e||[],!1))},not:function(e){return this.pushStack(j(this,e||[],!0))},is:function(e){return!!j(this,"string"==typeof e&&k.test(e)?S(e):e||[],!1).length}});var D,q=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e<n;e++)if(S.contains(this,t[e]))return!0})},closest:function(e,t){var n,r=0,i=this.length,o=[],a="string"!=typeof e&&S(e);if(!k.test(e))for(;r<i;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(n.nodeType<11&&(a?-1<a.index(n):1===n.nodeType&&S.find.matchesSelector(n,e))){o.push(n);break}return this.pushStack(1<o.length?S.uniqueSort(o):o)},index:function(e){return e?"string"==typeof e?i.call(S(e),this[0]):i.call(this,e.jquery?e[0]:e):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){return this.pushStack(S.uniqueSort(S.merge(this.get(),S(e,t))))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),S.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return h(e,"parentNode")},parentsUntil:function(e,t,n){return h(e,"parentNode",n)},next:function(e){return O(e,"nextSibling")},prev:function(e){return O(e,"previousSibling")},nextAll:function(e){return h(e,"nextSibling")},prevAll:function(e){return h(e,"previousSibling")},nextUntil:function(e,t,n){return h(e,"nextSibling",n)},prevUntil:function(e,t,n){return h(e,"previousSibling",n)},siblings:function(e){return T((e.parentNode||{}).firstChild,e)},children:function(e){return T(e.firstChild)},contents:function(e){return null!=e.contentDocument&&r(e.contentDocument)?e.contentDocument:(A(e,"template")&&(e=e.content||e),S.merge([],e.childNodes))}},function(r,i){S.fn[r]=function(e,t){var n=S.map(this,i,e);return"Until"!==r.slice(-5)&&(t=e),t&&"string"==typeof t&&(n=S.filter(t,n)),1<this.length&&(H[r]||S.uniqueSort(n),L.test(r)&&n.reverse()),this.pushStack(n)}});var P=/[^\x20\t\r\n\f]+/g;function R(e){return e}function M(e){throw e}function I(e,t,n,r){var i;try{e&&m(i=e.promise)?i.call(e).done(t).fail(n):e&&m(i=e.then)?i.call(e,t,n):t.apply(void 0,[e].slice(r))}catch(e){n.apply(void 0,[e])}}S.Callbacks=function(r){var e,n;r="string"==typeof r?(e=r,n={},S.each(e.match(P)||[],function(e,t){n[t]=!0}),n):S.extend({},r);var i,t,o,a,s=[],u=[],l=-1,c=function(){for(a=a||r.once,o=i=!0;u.length;l=-1){t=u.shift();while(++l<s.length)!1===s[l].apply(t[0],t[1])&&r.stopOnFalse&&(l=s.length,t=!1)}r.memory||(t=!1),i=!1,a&&(s=t?[]:"")},f={add:function(){return s&&(t&&!i&&(l=s.length-1,u.push(t)),function n(e){S.each(e,function(e,t){m(t)?r.unique&&f.has(t)||s.push(t):t&&t.length&&"string"!==w(t)&&n(t)})}(arguments),t&&!i&&c()),this},remove:function(){return S.each(arguments,function(e,t){var n;while(-1<(n=S.inArray(t,s,n)))s.splice(n,1),n<=l&&l--}),this},has:function(e){return e?-1<S.inArray(e,s):0<s.length},empty:function(){return s&&(s=[]),this},disable:function(){return a=u=[],s=t="",this},disabled:function(){return!s},lock:function(){return a=u=[],t||i||(s=t=""),this},locked:function(){return!!a},fireWith:function(e,t){return a||(t=[e,(t=t||[]).slice?t.slice():t],u.push(t),i||c()),this},fire:function(){return f.fireWith(this,arguments),this},fired:function(){return!!o}};return f},S.extend({Deferred:function(e){var o=[["notify","progress",S.Callbacks("memory"),S.Callbacks("memory"),2],["resolve","done",S.Callbacks("once memory"),S.Callbacks("once memory"),0,"resolved"],["reject","fail",S.Callbacks("once memory"),S.Callbacks("once memory"),1,"rejected"]],i="pending",a={state:function(){return i},always:function(){return s.done(arguments).fail(arguments),this},"catch":function(e){return a.then(null,e)},pipe:function(){var i=arguments;return S.Deferred(function(r){S.each(o,function(e,t){var n=m(i[t[4]])&&i[t[4]];s[t[1]](function(){var e=n&&n.apply(this,arguments);e&&m(e.promise)?e.promise().progress(r.notify).done(r.resolve).fail(r.reject):r[t[0]+"With"](this,n?[e]:arguments)})}),i=null}).promise()},then:function(t,n,r){var u=0;function l(i,o,a,s){return function(){var n=this,r=arguments,e=function(){var e,t;if(!(i<u)){if((e=a.apply(n,r))===o.promise())throw new TypeError("Thenable self-resolution");t=e&&("object"==typeof e||"function"==typeof e)&&e.then,m(t)?s?t.call(e,l(u,o,R,s),l(u,o,M,s)):(u++,t.call(e,l(u,o,R,s),l(u,o,M,s),l(u,o,R,o.notifyWith))):(a!==R&&(n=void 0,r=[e]),(s||o.resolveWith)(n,r))}},t=s?e:function(){try{e()}catch(e){S.Deferred.exceptionHook&&S.Deferred.exceptionHook(e,t.stackTrace),u<=i+1&&(a!==M&&(n=void 0,r=[e]),o.rejectWith(n,r))}};i?t():(S.Deferred.getStackHook&&(t.stackTrace=S.Deferred.getStackHook()),C.setTimeout(t))}}return S.Deferred(function(e){o[0][3].add(l(0,e,m(r)?r:R,e.notifyWith)),o[1][3].add(l(0,e,m(t)?t:R)),o[2][3].add(l(0,e,m(n)?n:M))}).promise()},promise:function(e){return null!=e?S.extend(e,a):a}},s={};return S.each(o,function(e,t){var n=t[2],r=t[5];a[t[1]]=n.add,r&&n.add(function(){i=r},o[3-e][2].disable,o[3-e][3].disable,o[0][2].lock,o[0][3].lock),n.add(t[3].fire),s[t[0]]=function(){return s[t[0]+"With"](this===s?void 0:this,arguments),this},s[t[0]+"With"]=n.fireWith}),a.promise(s),e&&e.call(s,s),s},when:function(e){var n=arguments.length,t=n,r=Array(t),i=s.call(arguments),o=S.Deferred(),a=function(t){return function(e){r[t]=this,i[t]=1<arguments.length?s.call(arguments):e,--n||o.resolveWith(r,i)}};if(n<=1&&(I(e,o.done(a(t)).resolve,o.reject,!n),"pending"===o.state()||m(i[t]&&i[t].then)))return o.then();while(t--)I(i[t],a(t),o.reject);return o.promise()}});var W=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;S.Deferred.exceptionHook=function(e,t){C.console&&C.console.warn&&e&&W.test(e.name)&&C.console.warn("jQuery.Deferred exception: "+e.message,e.stack,t)},S.readyException=function(e){C.setTimeout(function(){throw e})};var F=S.Deferred();function B(){E.removeEventListener("DOMContentLoaded",B),C.removeEventListener("load",B),S.ready()}S.fn.ready=function(e){return F.then(e)["catch"](function(e){S.readyException(e)}),this},S.extend({isReady:!1,readyWait:1,ready:function(e){(!0===e?--S.readyWait:S.isReady)||(S.isReady=!0)!==e&&0<--S.readyWait||F.resolveWith(E,[S])}}),S.ready.then=F.then,"complete"===E.readyState||"loading"!==E.readyState&&!E.documentElement.doScroll?C.setTimeout(S.ready):(E.addEventListener("DOMContentLoaded",B),C.addEventListener("load",B));var $=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t){return t.toUpperCase()}function X(e){return e.replace(_,"ms-").replace(z,U)}var V=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t||(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.defineProperty(e,this.expando,{value:t,configurable:!0}))),t},set:function(e,t,n){var r,i=this.cache(e);if("string"==typeof t)i[X(t)]=n;else for(r in t)i[X(r)]=t[r];return i},get:function(e,t){return void 0===t?this.cache(e):e[this.expando]&&e[this.expando][X(t)]},access:function(e,t,n){return void 0===t||t&&"string"==typeof t&&void 0===n?this.get(e,t):(this.set(e,t,n),void 0!==n?n:t)},remove:function(e,t){var n,r=e[this.expando];if(void 0!==r){if(void 0!==t){n=(t=Array.isArray(t)?t.map(X):(t=X(t))in r?[t]:t.match(P)||[]).length;while(n--)delete r[t[n]]}(void 0===t||S.isEmptyObject(r))&&(e.nodeType?e[this.expando]=void 0:delete e[this.expando])}},hasData:function(e){var t=e[this.expando];return void 0!==t&&!S.isEmptyObject(t)}};var Y=new G,Q=new G,J=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,K=/[A-Z]/g;function Z(e,t,n){var r,i;if(void 0===n&&1===e.nodeType)if(r="data-"+t.replace(K,"-$&").toLowerCase(),"string"==typeof(n=e.getAttribute(r))){try{n="true"===(i=n)||"false"!==i&&("null"===i?null:i===+i+""?+i:J.test(i)?JSON.parse(i):i)}catch(e){}Q.set(e,t,n)}else n=void 0;return n}S.extend({hasData:function(e){return Q.hasData(e)||Y.hasData(e)},data:function(e,t,n){return Q.access(e,t,n)},removeData:function(e,t){Q.remove(e,t)},_data:function(e,t,n){return Y.access(e,t,n)},_removeData:function(e,t){Y.remove(e,t)}}),S.fn.extend({data:function(n,e){var t,r,i,o=this[0],a=o&&o.attributes;if(void 0===n){if(this.length&&(i=Q.get(o),1===o.nodeType&&!Y.get(o,"hasDataAttrs"))){t=a.length;while(t--)a[t]&&0===(r=a[t].name).indexOf("data-")&&(r=X(r.slice(5)),Z(o,r,i[r]));Y.set(o,"hasDataAttrs",!0)}return i}return"object"==typeof n?this.each(function(){Q.set(this,n)}):$(this,function(e){var t;if(o&&void 0===e)return void 0!==(t=Q.get(o,n))?t:void 0!==(t=Z(o,n))?t:void 0;this.each(function(){Q.set(this,n,e)})},null,e,1<arguments.length,null,!0)},removeData:function(e){return this.each(function(){Q.remove(this,e)})}}),S.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=Y.get(e,t),n&&(!r||Array.isArray(n)?r=Y.access(e,t,S.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=S.queue(e,t),r=n.length,i=n.shift(),o=S._queueHooks(e,t);"inprogress"===i&&(i=n.shift(),r--),i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,function(){S.dequeue(e,t)},o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return Y.get(e,n)||Y.access(e,n,{empty:S.Callbacks("once memory").add(function(){Y.remove(e,[t+"queue",n])})})}}),S.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?S.queue(this[0],t):void 0===n?this:this.each(function(){var e=S.queue(this,t,n);S._queueHooks(this,t),"fx"===t&&"inprogress"!==e[0]&&S.dequeue(this,t)})},dequeue:function(e){return this.each(function(){S.dequeue(this,e)})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,t){var n,r=1,i=S.Deferred(),o=this,a=this.length,s=function(){--r||i.resolveWith(o,[o])};"string"!=typeof e&&(t=e,e=void 0),e=e||"fx";while(a--)(n=Y.get(o[a],e+"queueHooks"))&&n.empty&&(r++,n.empty.add(s));return s(),i.promise(t)}});var ee=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,te=new RegExp("^(?:([+-])=|)("+ee+")([a-z%]*)$","i"),ne=["Top","Right","Bottom","Left"],re=E.documentElement,ie=function(e){return S.contains(e.ownerDocument,e)},oe={composed:!0};re.getRootNode&&(ie=function(e){return S.contains(e.ownerDocument,e)||e.getRootNode(oe)===e.ownerDocument});var ae=function(e,t){return"none"===(e=t||e).style.display||""===e.style.display&&ie(e)&&"none"===S.css(e,"display")};function se(e,t,n,r){var i,o,a=20,s=r?function(){return r.cur()}:function(){return S.css(e,t,"")},u=s(),l=n&&n[3]||(S.cssNumber[t]?"":"px"),c=e.nodeType&&(S.cssNumber[t]||"px"!==l&&+u)&&te.exec(S.css(e,t));if(c&&c[3]!==l){u/=2,l=l||c[3],c=+u||1;while(a--)S.style(e,t,c+l),(1-o)*(1-(o=s()/u||.5))<=0&&(a=0),c/=o;c*=2,S.style(e,t,c+l),n=n||[]}return n&&(c=+c||+u||0,i=n[1]?c+(n[1]+1)*n[2]:+n[2],r&&(r.unit=l,r.start=c,r.end=i)),i}var ue={};function le(e,t){for(var n,r,i,o,a,s,u,l=[],c=0,f=e.length;c<f;c++)(r=e[c]).style&&(n=r.style.display,t?("none"===n&&(l[c]=Y.get(r,"display")||null,l[c]||(r.style.display="")),""===r.style.display&&ae(r)&&(l[c]=(u=a=o=void 0,a=(i=r).ownerDocument,s=i.nodeName,(u=ue[s])||(o=a.body.appendChild(a.createElement(s)),u=S.css(o,"display"),o.parentNode.removeChild(o),"none"===u&&(u="block"),ue[s]=u)))):"none"!==n&&(l[c]="none",Y.set(r,"display",n)));for(c=0;c<f;c++)null!=l[c]&&(e[c].style.display=l[c]);return e}S.fn.extend({show:function(){return le(this,!0)},hide:function(){return le(this)},toggle:function(e){return"boolean"==typeof e?e?this.show():this.hide():this.each(function(){ae(this)?S(this).show():S(this).hide()})}});var ce,fe,pe=/^(?:checkbox|radio)$/i,de=/<([a-z][^\/\0>\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="<textarea>x</textarea>",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="<option></option>",y.option=!!ce.lastChild;var ge={thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n<r;n++)Y.set(e[n],"globalEval",!t||Y.get(t[n],"globalEval"))}ge.tbody=ge.tfoot=ge.colgroup=ge.caption=ge.thead,ge.th=ge.td,y.option||(ge.optgroup=ge.option=[1,"<select multiple='multiple'>","</select>"]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d<h;d++)if((o=e[d])||0===o)if("object"===w(o))S.merge(p,o.nodeType?[o]:o);else if(me.test(o)){a=a||f.appendChild(t.createElement("div")),s=(de.exec(o)||["",""])[1].toLowerCase(),u=ge[s]||ge._default,a.innerHTML=u[1]+S.htmlPrefilter(o)+u[2],c=u[0];while(c--)a=a.lastChild;S.merge(p,a.childNodes),(a=f.firstChild).textContent=""}else p.push(t.createTextNode(o));f.textContent="",d=0;while(o=p[d++])if(r&&-1<S.inArray(o,r))i&&i.push(o);else if(l=ie(o),a=ve(f.appendChild(o),"script"),l&&ye(a),n){c=0;while(o=a[c++])he.test(o.type||"")&&n.push(o)}return f}var be=/^([^.]*)(?:\.(.+)|)/;function we(){return!0}function Te(){return!1}function Ce(e,t){return e===function(){try{return E.activeElement}catch(e){}}()==("focus"===t)}function Ee(e,t,n,r,i,o){var a,s;if("object"==typeof t){for(s in"string"!=typeof n&&(r=r||n,n=void 0),t)Ee(e,s,n,r,t[s],o);return e}if(null==r&&null==i?(i=n,r=n=void 0):null==i&&("string"==typeof n?(i=r,r=void 0):(i=r,r=n,n=void 0)),!1===i)i=Te;else if(!i)return e;return 1===o&&(a=i,(i=function(e){return S().off(e),a.apply(this,arguments)}).guid=a.guid||(a.guid=S.guid++)),e.each(function(){S.event.add(this,t,i,r,n)})}function Se(e,i,o){o?(Y.set(e,i,!1),S.event.add(e,i,{namespace:!1,handler:function(e){var t,n,r=Y.get(this,i);if(1&e.isTrigger&&this[i]){if(r.length)(S.event.special[i]||{}).delegateType&&e.stopPropagation();else if(r=s.call(arguments),Y.set(this,i,r),t=o(this,i),this[i](),r!==(n=Y.get(this,i))||t?Y.set(this,i,!1):n={},r!==n)return e.stopImmediatePropagation(),e.preventDefault(),n&&n.value}else r.length&&(Y.set(this,i,{value:S.event.trigger(S.extend(r[0],S.Event.prototype),r.slice(1),this)}),e.stopImmediatePropagation())}})):void 0===Y.get(e,i)&&S.event.add(e,i,we)}S.event={global:{},add:function(t,e,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Y.get(t);if(V(t)){n.handler&&(n=(o=n).handler,i=o.selector),i&&S.find.matchesSelector(re,i),n.guid||(n.guid=S.guid++),(u=v.events)||(u=v.events=Object.create(null)),(a=v.handle)||(a=v.handle=function(e){return"undefined"!=typeof S&&S.event.triggered!==e.type?S.event.dispatch.apply(t,arguments):void 0}),l=(e=(e||"").match(P)||[""]).length;while(l--)d=g=(s=be.exec(e[l])||[])[1],h=(s[2]||"").split(".").sort(),d&&(f=S.event.special[d]||{},d=(i?f.delegateType:f.bindType)||d,f=S.event.special[d]||{},c=S.extend({type:d,origType:g,data:r,handler:n,guid:n.guid,selector:i,needsContext:i&&S.expr.match.needsContext.test(i),namespace:h.join(".")},o),(p=u[d])||((p=u[d]=[]).delegateCount=0,f.setup&&!1!==f.setup.call(t,r,h,a)||t.addEventListener&&t.addEventListener(d,a)),f.add&&(f.add.call(t,c),c.handler.guid||(c.handler.guid=n.guid)),i?p.splice(p.delegateCount++,0,c):p.push(c),S.event.global[d]=!0)}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Y.hasData(e)&&Y.get(e);if(v&&(u=v.events)){l=(t=(t||"").match(P)||[""]).length;while(l--)if(d=g=(s=be.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d){f=S.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&!1!==f.teardown.call(e,h,v.handle)||S.removeEvent(e,d,v.handle),delete u[d])}else for(d in u)S.event.remove(e,d+t[l],n,r,!0);S.isEmptyObject(u)&&Y.remove(e,"handle events")}},dispatch:function(e){var t,n,r,i,o,a,s=new Array(arguments.length),u=S.event.fix(e),l=(Y.get(this,"events")||Object.create(null))[u.type]||[],c=S.event.special[u.type]||{};for(s[0]=u,t=1;t<arguments.length;t++)s[t]=arguments[t];if(u.delegateTarget=this,!c.preDispatch||!1!==c.preDispatch.call(this,u)){a=S.event.handlers.call(this,u,l),t=0;while((i=a[t++])&&!u.isPropagationStopped()){u.currentTarget=i.elem,n=0;while((o=i.handlers[n++])&&!u.isImmediatePropagationStopped())u.rnamespace&&!1!==o.namespace&&!u.rnamespace.test(o.namespace)||(u.handleObj=o,u.data=o.data,void 0!==(r=((S.event.special[o.origType]||{}).handle||o.handler).apply(i.elem,s))&&!1===(u.result=r)&&(u.preventDefault(),u.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,u),u.result}},handlers:function(e,t){var n,r,i,o,a,s=[],u=t.delegateCount,l=e.target;if(u&&l.nodeType&&!("click"===e.type&&1<=e.button))for(;l!==this;l=l.parentNode||this)if(1===l.nodeType&&("click"!==e.type||!0!==l.disabled)){for(o=[],a={},n=0;n<u;n++)void 0===a[i=(r=t[n]).selector+" "]&&(a[i]=r.needsContext?-1<S(i,this).index(l):S.find(i,this,null,[l]).length),a[i]&&o.push(r);o.length&&s.push({elem:l,handlers:o})}return l=this,u<t.length&&s.push({elem:l,handlers:t.slice(u)}),s},addProp:function(t,e){Object.defineProperty(S.Event.prototype,t,{enumerable:!0,configurable:!0,get:m(e)?function(){if(this.originalEvent)return e(this.originalEvent)}:function(){if(this.originalEvent)return this.originalEvent[t]},set:function(e){Object.defineProperty(this,t,{enumerable:!0,configurable:!0,writable:!0,value:e})}})},fix:function(e){return e[S.expando]?e:new S.Event(e)},special:{load:{noBubble:!0},click:{setup:function(e){var t=this||e;return pe.test(t.type)&&t.click&&A(t,"input")&&Se(t,"click",we),!1},trigger:function(e){var t=this||e;return pe.test(t.type)&&t.click&&A(t,"input")&&Se(t,"click"),!0},_default:function(e){var t=e.target;return pe.test(t.type)&&t.click&&A(t,"input")&&Y.get(t,"click")||A(t,"a")}},beforeunload:{postDispatch:function(e){void 0!==e.result&&e.originalEvent&&(e.originalEvent.returnValue=e.result)}}}},S.removeEvent=function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n)},S.Event=function(e,t){if(!(this instanceof S.Event))return new S.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||void 0===e.defaultPrevented&&!1===e.returnValue?we:Te,this.target=e.target&&3===e.target.nodeType?e.target.parentNode:e.target,this.currentTarget=e.currentTarget,this.relatedTarget=e.relatedTarget):this.type=e,t&&S.extend(this,t),this.timeStamp=e&&e.timeStamp||Date.now(),this[S.expando]=!0},S.Event.prototype={constructor:S.Event,isDefaultPrevented:Te,isPropagationStopped:Te,isImmediatePropagationStopped:Te,isSimulated:!1,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=we,e&&!this.isSimulated&&e.preventDefault()},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=we,e&&!this.isSimulated&&e.stopPropagation()},stopImmediatePropagation:function(){var e=this.originalEvent;this.isImmediatePropagationStopped=we,e&&!this.isSimulated&&e.stopImmediatePropagation(),this.stopPropagation()}},S.each({altKey:!0,bubbles:!0,cancelable:!0,changedTouches:!0,ctrlKey:!0,detail:!0,eventPhase:!0,metaKey:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,code:!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:!0},S.event.addProp),S.each({focus:"focusin",blur:"focusout"},function(e,t){S.event.special[e]={setup:function(){return Se(this,e,Ce),!1},trigger:function(){return Se(this,e),!0},_default:function(){return!0},delegateType:t}}),S.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(e,i){S.event.special[e]={delegateType:i,bindType:i,handle:function(e){var t,n=e.relatedTarget,r=e.handleObj;return n&&(n===this||S.contains(this,n))||(e.type=r.origType,t=r.handler.apply(this,arguments),e.type=i),t}}}),S.fn.extend({on:function(e,t,n,r){return Ee(this,e,t,n,r)},one:function(e,t,n,r){return Ee(this,e,t,n,r,1)},off:function(e,t,n){var r,i;if(e&&e.preventDefault&&e.handleObj)return r=e.handleObj,S(e.delegateTarget).off(r.namespace?r.origType+"."+r.namespace:r.origType,r.selector,r.handler),this;if("object"==typeof e){for(i in e)this.off(i,t,e[i]);return this}return!1!==t&&"function"!=typeof t||(n=t,t=void 0),!1===n&&(n=Te),this.each(function(){S.event.remove(this,e,n,t)})}});var ke=/<script|<style|<link/i,Ae=/checked\s*(?:[^=]|=\s*.checked.)/i,Ne=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n<r;n++)S.event.add(t,i,s[i][n]);Q.hasData(e)&&(o=Q.access(e),a=S.extend({},o),Q.set(t,a))}}function He(n,r,i,o){r=g(r);var e,t,a,s,u,l,c=0,f=n.length,p=f-1,d=r[0],h=m(d);if(h||1<f&&"string"==typeof d&&!y.checkClone&&Ae.test(d))return n.each(function(e){var t=n.eq(e);h&&(r[0]=d.call(this,e,t.html())),He(t,r,i,o)});if(f&&(t=(e=xe(r,n[0].ownerDocument,!1,n,o)).firstChild,1===e.childNodes.length&&(e=t),t||o)){for(s=(a=S.map(ve(e,"script"),De)).length;c<f;c++)u=e,c!==p&&(u=S.clone(u,!0,!0),s&&S.merge(a,ve(u,"script"))),i.call(n[c],u,c);if(s)for(l=a[a.length-1].ownerDocument,S.map(a,qe),c=0;c<s;c++)u=a[c],he.test(u.type||"")&&!Y.access(u,"globalEval")&&S.contains(l,u)&&(u.src&&"module"!==(u.type||"").toLowerCase()?S._evalUrl&&!u.noModule&&S._evalUrl(u.src,{nonce:u.nonce||u.getAttribute("nonce")},l):b(u.textContent.replace(Ne,""),u,l))}return n}function Oe(e,t,n){for(var r,i=t?S.filter(t,e):e,o=0;null!=(r=i[o]);o++)n||1!==r.nodeType||S.cleanData(ve(r)),r.parentNode&&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return e}S.extend({htmlPrefilter:function(e){return e},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=ie(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||S.isXMLDoc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l||(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o||ve(e),a=a||ve(c),r=0,i=o.length;r<i;r++)Le(o[r],a[r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEvent(n,r,t.handle);n[Y.expando]=void 0}n[Q.expando]&&(n[Q.expando]=void 0)}}}),S.fn.extend({detach:function(e){return Oe(this,e,!0)},remove:function(e){return Oe(this,e)},text:function(e){return $(this,function(e){return void 0===e?S.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=e)})},null,e,arguments.length)},append:function(){return He(this,arguments,function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||je(this,e).appendChild(e)})},prepend:function(){return He(this,arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=je(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return He(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return He(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},empty:function(){for(var e,t=0;null!=(e=this[t]);t++)1===e.nodeType&&(S.cleanData(ve(e,!1)),e.textContent="");return this},clone:function(e,t){return e=null!=e&&e,t=null==t?e:t,this.map(function(){return S.clone(this,e,t)})},html:function(e){return $(this,function(e){var t=this[0]||{},n=0,r=this.length;if(void 0===e&&1===t.nodeType)return t.innerHTML;if("string"==typeof e&&!ke.test(e)&&!ge[(de.exec(e)||["",""])[1].toLowerCase()]){e=S.htmlPrefilter(e);try{for(;n<r;n++)1===(t=this[n]||{}).nodeType&&(S.cleanData(ve(t,!1)),t.innerHTML=e);t=0}catch(e){}}t&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var n=[];return He(this,arguments,function(e){var t=this.parentNode;S.inArray(this,n)<0&&(S.cleanData(ve(this)),t&&t.replaceChild(e,this))},n)}}),S.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){S.fn[e]=function(e){for(var t,n=[],r=S(e),i=r.length-1,o=0;o<=i;o++)t=o===i?this:this.clone(!0),S(r[o])[a](t),u.apply(n,t.get());return this.pushStack(n)}});var Pe=new RegExp("^("+ee+")(?!px)[a-z%]+$","i"),Re=function(e){var t=e.ownerDocument.defaultView;return t&&t.opener||(t=C),t.getComputedStyle(e)},Me=function(e,t,n){var r,i,o={};for(i in t)o[i]=e.style[i],e.style[i]=t[i];for(i in r=n.call(e),t)e.style[i]=o[i];return r},Ie=new RegExp(ne.join("|"),"i");function We(e,t,n){var r,i,o,a,s=e.style;return(n=n||Re(e))&&(""!==(a=n.getPropertyValue(t)||n[t])||ie(e)||(a=S.style(e,t)),!y.pixelBoxStyles()&&Pe.test(a)&&Ie.test(t)&&(r=s.width,i=s.minWidth,o=s.maxWidth,s.minWidth=s.maxWidth=s.width=a,a=n.width,s.width=r,s.minWidth=i,s.maxWidth=o)),void 0!==a?a+"":a}function Fe(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}!function(){function e(){if(l){u.style.cssText="position:absolute;left:-11111px;width:60px;margin-top:1px;padding:0;border:0",l.style.cssText="position:relative;display:block;box-sizing:border-box;overflow:scroll;margin:auto;border:1px;padding:1px;width:60%;top:1%",re.appendChild(u).appendChild(l);var e=C.getComputedStyle(l);n="1%"!==e.top,s=12===t(e.marginLeft),l.style.right="60%",o=36===t(e.right),r=36===t(e.width),l.style.position="absolute",i=12===t(l.offsetWidth/3),re.removeChild(u),l=null}}function t(e){return Math.round(parseFloat(e))}var n,r,i,o,a,s,u=E.createElement("div"),l=E.createElement("div");l.style&&(l.style.backgroundClip="content-box",l.cloneNode(!0).style.backgroundClip="",y.clearCloneStyle="content-box"===l.style.backgroundClip,S.extend(y,{boxSizingReliable:function(){return e(),r},pixelBoxStyles:function(){return e(),o},pixelPosition:function(){return e(),n},reliableMarginLeft:function(){return e(),s},scrollboxSize:function(){return e(),i},reliableTrDimensions:function(){var e,t,n,r;return null==a&&(e=E.createElement("table"),t=E.createElement("tr"),n=E.createElement("div"),e.style.cssText="position:absolute;left:-11111px;border-collapse:separate",t.style.cssText="border:1px solid",t.style.height="1px",n.style.height="9px",n.style.display="block",re.appendChild(e).appendChild(t).appendChild(n),r=C.getComputedStyle(t),a=parseInt(r.height,10)+parseInt(r.borderTopWidth,10)+parseInt(r.borderBottomWidth,10)===t.offsetHeight,re.removeChild(e)),a}}))}();var Be=["Webkit","Moz","ms"],$e=E.createElement("div").style,_e={};function ze(e){var t=S.cssProps[e]||_e[e];return t||(e in $e?e:_e[e]=function(e){var t=e[0].toUpperCase()+e.slice(1),n=Be.length;while(n--)if((e=Be[n]+t)in $e)return e}(e)||e)}var Ue=/^(none|table(?!-c[ea]).+)/,Xe=/^--/,Ve={position:"absolute",visibility:"hidden",display:"block"},Ge={letterSpacing:"0",fontWeight:"400"};function Ye(e,t,n){var r=te.exec(t);return r?Math.max(0,r[2]-(n||0))+(r[3]||"px"):t}function Qe(e,t,n,r,i,o){var a="width"===t?1:0,s=0,u=0;if(n===(r?"border":"content"))return 0;for(;a<4;a+=2)"margin"===n&&(u+=S.css(e,n+ne[a],!0,i)),r?("content"===n&&(u-=S.css(e,"padding"+ne[a],!0,i)),"margin"!==n&&(u-=S.css(e,"border"+ne[a]+"Width",!0,i))):(u+=S.css(e,"padding"+ne[a],!0,i),"padding"!==n?u+=S.css(e,"border"+ne[a]+"Width",!0,i):s+=S.css(e,"border"+ne[a]+"Width",!0,i));return!r&&0<=o&&(u+=Math.max(0,Math.ceil(e["offset"+t[0].toUpperCase()+t.slice(1)]-o-u-s-.5))||0),u}function Je(e,t,n){var r=Re(e),i=(!y.boxSizingReliable()||n)&&"border-box"===S.css(e,"boxSizing",!1,r),o=i,a=We(e,t,r),s="offset"+t[0].toUpperCase()+t.slice(1);if(Pe.test(a)){if(!n)return a;a="auto"}return(!y.boxSizingReliable()&&i||!y.reliableTrDimensions()&&A(e,"tr")||"auto"===a||!parseFloat(a)&&"inline"===S.css(e,"display",!1,r))&&e.getClientRects().length&&(i="border-box"===S.css(e,"boxSizing",!1,r),(o=s in e)&&(a=e[s])),(a=parseFloat(a)||0)+Qe(e,t,n||(i?"border":"content"),o,r,a)+"px"}function Ke(e,t,n,r,i){return new Ke.prototype.init(e,t,n,r,i)}S.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=We(e,"opacity");return""===n?"1":n}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,gridArea:!0,gridColumn:!0,gridColumnEnd:!0,gridColumnStart:!0,gridRow:!0,gridRowEnd:!0,gridRowStart:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{},style:function(e,t,n,r){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var i,o,a,s=X(t),u=Xe.test(t),l=e.style;if(u||(t=ze(s)),a=S.cssHooks[t]||S.cssHooks[s],void 0===n)return a&&"get"in a&&void 0!==(i=a.get(e,!1,r))?i:l[t];"string"===(o=typeof n)&&(i=te.exec(n))&&i[1]&&(n=se(e,t,i),o="number"),null!=n&&n==n&&("number"!==o||u||(n+=i&&i[3]||(S.cssNumber[s]?"":"px")),y.clearCloneStyle||""!==n||0!==t.indexOf("background")||(l[t]="inherit"),a&&"set"in a&&void 0===(n=a.set(e,n,r))||(u?l.setProperty(t,n):l[t]=n))}},css:function(e,t,n,r){var i,o,a,s=X(t);return Xe.test(t)||(t=ze(s)),(a=S.cssHooks[t]||S.cssHooks[s])&&"get"in a&&(i=a.get(e,!0,n)),void 0===i&&(i=We(e,t,r)),"normal"===i&&t in Ge&&(i=Ge[t]),""===n||n?(o=parseFloat(i),!0===n||isFinite(o)?o||0:i):i}}),S.each(["height","width"],function(e,u){S.cssHooks[u]={get:function(e,t,n){if(t)return!Ue.test(S.css(e,"display"))||e.getClientRects().length&&e.getBoundingClientRect().width?Je(e,u,n):Me(e,Ve,function(){return Je(e,u,n)})},set:function(e,t,n){var r,i=Re(e),o=!y.scrollboxSize()&&"absolute"===i.position,a=(o||n)&&"border-box"===S.css(e,"boxSizing",!1,i),s=n?Qe(e,u,n,a,i):0;return a&&o&&(s-=Math.ceil(e["offset"+u[0].toUpperCase()+u.slice(1)]-parseFloat(i[u])-Qe(e,u,"border",!1,i)-.5)),s&&(r=te.exec(t))&&"px"!==(r[3]||"px")&&(e.style[u]=t,t=S.css(e,u)),Ye(0,t,s)}}}),S.cssHooks.marginLeft=Fe(y.reliableMarginLeft,function(e,t){if(t)return(parseFloat(We(e,"marginLeft"))||e.getBoundingClientRect().left-Me(e,{marginLeft:0},function(){return e.getBoundingClientRect().left}))+"px"}),S.each({margin:"",padding:"",border:"Width"},function(i,o){S.cssHooks[i+o]={expand:function(e){for(var t=0,n={},r="string"==typeof e?e.split(" "):[e];t<4;t++)n[i+ne[t]+o]=r[t]||r[t-2]||r[0];return n}},"margin"!==i&&(S.cssHooks[i+o].set=Ye)}),S.fn.extend({css:function(e,t){return $(this,function(e,t,n){var r,i,o={},a=0;if(Array.isArray(t)){for(r=Re(e),i=t.length;a<i;a++)o[t[a]]=S.css(e,t[a],!1,r);return o}return void 0!==n?S.style(e,t,n):S.css(e,t)},e,t,1<arguments.length)}}),((S.Tween=Ke).prototype={constructor:Ke,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||S.easing._default,this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(S.cssNumber[n]?"":"px")},cur:function(){var e=Ke.propHooks[this.prop];return e&&e.get?e.get(this):Ke.propHooks._default.get(this)},run:function(e){var t,n=Ke.propHooks[this.prop];return this.options.duration?this.pos=t=S.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):Ke.propHooks._default.set(this),this}}).init.prototype=Ke.prototype,(Ke.propHooks={_default:{get:function(e){var t;return 1!==e.elem.nodeType||null!=e.elem[e.prop]&&null==e.elem.style[e.prop]?e.elem[e.prop]:(t=S.css(e.elem,e.prop,""))&&"auto"!==t?t:0},set:function(e){S.fx.step[e.prop]?S.fx.step[e.prop](e):1!==e.elem.nodeType||!S.cssHooks[e.prop]&&null==e.elem.style[ze(e.prop)]?e.elem[e.prop]=e.now:S.style(e.elem,e.prop,e.now+e.unit)}}}).scrollTop=Ke.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},S.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2},_default:"swing"},S.fx=Ke.prototype.init,S.fx.step={};var Ze,et,tt,nt,rt=/^(?:toggle|show|hide)$/,it=/queueHooks$/;function ot(){et&&(!1===E.hidden&&C.requestAnimationFrame?C.requestAnimationFrame(ot):C.setTimeout(ot,S.fx.interval),S.fx.tick())}function at(){return C.setTimeout(function(){Ze=void 0}),Ze=Date.now()}function st(e,t){var n,r=0,i={height:e};for(t=t?1:0;r<4;r+=2-t)i["margin"+(n=ne[r])]=i["padding"+n]=e;return t&&(i.opacity=i.width=e),i}function ut(e,t,n){for(var r,i=(lt.tweeners[t]||[]).concat(lt.tweeners["*"]),o=0,a=i.length;o<a;o++)if(r=i[o].call(n,t,e))return r}function lt(o,e,t){var n,a,r=0,i=lt.prefilters.length,s=S.Deferred().always(function(){delete u.elem}),u=function(){if(a)return!1;for(var e=Ze||at(),t=Math.max(0,l.startTime+l.duration-e),n=1-(t/l.duration||0),r=0,i=l.tweens.length;r<i;r++)l.tweens[r].run(n);return s.notifyWith(o,[l,n,t]),n<1&&i?t:(i||s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l]),!1)},l=s.promise({elem:o,props:S.extend({},e),opts:S.extend(!0,{specialEasing:{},easing:S.easing._default},t),originalProperties:e,originalOptions:t,startTime:Ze||at(),duration:t.duration,tweens:[],createTween:function(e,t){var n=S.Tween(o,l.opts,e,t,l.opts.specialEasing[e]||l.opts.easing);return l.tweens.push(n),n},stop:function(e){var t=0,n=e?l.tweens.length:0;if(a)return this;for(a=!0;t<n;t++)l.tweens[t].run(1);return e?(s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l,e])):s.rejectWith(o,[l,e]),this}}),c=l.props;for(!function(e,t){var n,r,i,o,a;for(n in e)if(i=t[r=X(n)],o=e[n],Array.isArray(o)&&(i=o[1],o=e[n]=o[0]),n!==r&&(e[r]=o,delete e[n]),(a=S.cssHooks[r])&&"expand"in a)for(n in o=a.expand(o),delete e[r],o)n in e||(e[n]=o[n],t[n]=i);else t[r]=i}(c,l.opts.specialEasing);r<i;r++)if(n=lt.prefilters[r].call(l,o,c,l.opts))return m(n.stop)&&(S._queueHooks(l.elem,l.opts.queue).stop=n.stop.bind(n)),n;return S.map(c,ut,l),m(l.opts.start)&&l.opts.start.call(o,l),l.progress(l.opts.progress).done(l.opts.done,l.opts.complete).fail(l.opts.fail).always(l.opts.always),S.fx.timer(S.extend(u,{elem:o,anim:l,queue:l.opts.queue})),l}S.Animation=S.extend(lt,{tweeners:{"*":[function(e,t){var n=this.createTween(e,t);return se(n.elem,e,te.exec(t),n),n}]},tweener:function(e,t){m(e)?(t=e,e=["*"]):e=e.match(P);for(var n,r=0,i=e.length;r<i;r++)n=e[r],lt.tweeners[n]=lt.tweeners[n]||[],lt.tweeners[n].unshift(t)},prefilters:[function(e,t,n){var r,i,o,a,s,u,l,c,f="width"in t||"height"in t,p=this,d={},h=e.style,g=e.nodeType&&ae(e),v=Y.get(e,"fxshow");for(r in n.queue||(null==(a=S._queueHooks(e,"fx")).unqueued&&(a.unqueued=0,s=a.empty.fire,a.empty.fire=function(){a.unqueued||s()}),a.unqueued++,p.always(function(){p.always(function(){a.unqueued--,S.queue(e,"fx").length||a.empty.fire()})})),t)if(i=t[r],rt.test(i)){if(delete t[r],o=o||"toggle"===i,i===(g?"hide":"show")){if("show"!==i||!v||void 0===v[r])continue;g=!0}d[r]=v&&v[r]||S.style(e,r)}if((u=!S.isEmptyObject(t))||!S.isEmptyObject(d))for(r in f&&1===e.nodeType&&(n.overflow=[h.overflow,h.overflowX,h.overflowY],null==(l=v&&v.display)&&(l=Y.get(e,"display")),"none"===(c=S.css(e,"display"))&&(l?c=l:(le([e],!0),l=e.style.display||l,c=S.css(e,"display"),le([e]))),("inline"===c||"inline-block"===c&&null!=l)&&"none"===S.css(e,"float")&&(u||(p.done(function(){h.display=l}),null==l&&(c=h.display,l="none"===c?"":c)),h.display="inline-block")),n.overflow&&(h.overflow="hidden",p.always(function(){h.overflow=n.overflow[0],h.overflowX=n.overflow[1],h.overflowY=n.overflow[2]})),u=!1,d)u||(v?"hidden"in v&&(g=v.hidden):v=Y.access(e,"fxshow",{display:l}),o&&(v.hidden=!g),g&&le([e],!0),p.done(function(){for(r in g||le([e]),Y.remove(e,"fxshow"),d)S.style(e,r,d[r])})),u=ut(g?v[r]:0,r,p),r in v||(v[r]=u.start,g&&(u.end=u.start,u.start=0))}],prefilter:function(e,t){t?lt.prefilters.unshift(e):lt.prefilters.push(e)}}),S.speed=function(e,t,n){var r=e&&"object"==typeof e?S.extend({},e):{complete:n||!n&&t||m(e)&&e,duration:e,easing:n&&t||t&&!m(t)&&t};return S.fx.off?r.duration=0:"number"!=typeof r.duration&&(r.duration in S.fx.speeds?r.duration=S.fx.speeds[r.duration]:r.duration=S.fx.speeds._default),null!=r.queue&&!0!==r.queue||(r.queue="fx"),r.old=r.complete,r.complete=function(){m(r.old)&&r.old.call(this),r.queue&&S.dequeue(this,r.queue)},r},S.fn.extend({fadeTo:function(e,t,n,r){return this.filter(ae).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(t,e,n,r){var i=S.isEmptyObject(t),o=S.speed(e,n,r),a=function(){var e=lt(this,S.extend({},t),o);(i||Y.get(this,"finish"))&&e.stop(!0)};return a.finish=a,i||!1===o.queue?this.each(a):this.queue(o.queue,a)},stop:function(i,e,o){var a=function(e){var t=e.stop;delete e.stop,t(o)};return"string"!=typeof i&&(o=e,e=i,i=void 0),e&&this.queue(i||"fx",[]),this.each(function(){var e=!0,t=null!=i&&i+"queueHooks",n=S.timers,r=Y.get(this);if(t)r[t]&&r[t].stop&&a(r[t]);else for(t in r)r[t]&&r[t].stop&&it.test(t)&&a(r[t]);for(t=n.length;t--;)n[t].elem!==this||null!=i&&n[t].queue!==i||(n[t].anim.stop(o),e=!1,n.splice(t,1));!e&&o||S.dequeue(this,i)})},finish:function(a){return!1!==a&&(a=a||"fx"),this.each(function(){var e,t=Y.get(this),n=t[a+"queue"],r=t[a+"queueHooks"],i=S.timers,o=n?n.length:0;for(t.finish=!0,S.queue(this,a,[]),r&&r.stop&&r.stop.call(this,!0),e=i.length;e--;)i[e].elem===this&&i[e].queue===a&&(i[e].anim.stop(!0),i.splice(e,1));for(e=0;e<o;e++)n[e]&&n[e].finish&&n[e].finish.call(this);delete t.finish})}}),S.each(["toggle","show","hide"],function(e,r){var i=S.fn[r];S.fn[r]=function(e,t,n){return null==e||"boolean"==typeof e?i.apply(this,arguments):this.animate(st(r,!0),e,t,n)}}),S.each({slideDown:st("show"),slideUp:st("hide"),slideToggle:st("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,r){S.fn[e]=function(e,t,n){return this.animate(r,e,t,n)}}),S.timers=[],S.fx.tick=function(){var e,t=0,n=S.timers;for(Ze=Date.now();t<n.length;t++)(e=n[t])()||n[t]!==e||n.splice(t--,1);n.length||S.fx.stop(),Ze=void 0},S.fx.timer=function(e){S.timers.push(e),S.fx.start()},S.fx.interval=13,S.fx.start=function(){et||(et=!0,ot())},S.fx.stop=function(){et=null},S.fx.speeds={slow:600,fast:200,_default:400},S.fn.delay=function(r,e){return r=S.fx&&S.fx.speeds[r]||r,e=e||"fx",this.queue(e,function(e,t){var n=C.setTimeout(e,r);t.stop=function(){C.clearTimeout(n)}})},tt=E.createElement("input"),nt=E.createElement("select").appendChild(E.createElement("option")),tt.type="checkbox",y.checkOn=""!==tt.value,y.optSelected=nt.selected,(tt=E.createElement("input")).value="t",tt.type="radio",y.radioValue="t"===tt.value;var ct,ft=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){S.removeAttr(this,e)})}}),S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)||(i=S.attrHooks[t.toLowerCase()]||(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.removeAttr(e,t):i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:(e.setAttribute(t,n+""),n):i&&"get"in i&&null!==(r=i.get(e,t))?r:null==(r=S.find.attr(e,t))?void 0:r)},attrHooks:{type:{set:function(e,t){if(!y.radioValue&&"radio"===t&&A(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},removeAttr:function(e,t){var n,r=0,i=t&&t.match(P);if(i&&1===e.nodeType)while(n=i[r++])e.removeAttribute(n)}}),ct={set:function(e,t,n){return!1===t?S.removeAttr(e,n):e.setAttribute(n,n),n}},S.each(S.expr.match.bool.source.match(/\w+/g),function(e,t){var a=ft[t]||S.find.attr;ft[t]=function(e,t,n){var r,i,o=t.toLowerCase();return n||(i=ft[o],ft[o]=r,r=null!=a(e,t,n)?o:null,ft[o]=i),r}});var pt=/^(?:input|select|textarea|button)$/i,dt=/^(?:a|area)$/i;function ht(e){return(e.match(P)||[]).join(" ")}function gt(e){return e.getAttribute&&e.getAttribute("class")||""}function vt(e){return Array.isArray(e)?e:"string"==typeof e&&e.match(P)||[]}S.fn.extend({prop:function(e,t){return $(this,S.prop,e,t,1<arguments.length)},removeProp:function(e){return this.each(function(){delete this[S.propFix[e]||e]})}}),S.extend({prop:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return 1===o&&S.isXMLDoc(e)||(t=S.propFix[t]||t,i=S.propHooks[t]),void 0!==n?i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=S.find.attr(e,"tabindex");return t?parseInt(t,10):pt.test(e.nodeName)||dt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),y.optSelected||(S.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex)}}),S.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){S.propFix[this.toLowerCase()]=this}),S.fn.extend({addClass:function(t){var e,n,r,i,o,a,s,u=0;if(m(t))return this.each(function(e){S(this).addClass(t.call(this,e,gt(this)))});if((e=vt(t)).length)while(n=this[u++])if(i=gt(n),r=1===n.nodeType&&" "+ht(i)+" "){a=0;while(o=e[a++])r.indexOf(" "+o+" ")<0&&(r+=o+" ");i!==(s=ht(r))&&n.setAttribute("class",s)}return this},removeClass:function(t){var e,n,r,i,o,a,s,u=0;if(m(t))return this.each(function(e){S(this).removeClass(t.call(this,e,gt(this)))});if(!arguments.length)return this.attr("class","");if((e=vt(t)).length)while(n=this[u++])if(i=gt(n),r=1===n.nodeType&&" "+ht(i)+" "){a=0;while(o=e[a++])while(-1<r.indexOf(" "+o+" "))r=r.replace(" "+o+" "," ");i!==(s=ht(r))&&n.setAttribute("class",s)}return this},toggleClass:function(i,t){var o=typeof i,a="string"===o||Array.isArray(i);return"boolean"==typeof t&&a?t?this.addClass(i):this.removeClass(i):m(i)?this.each(function(e){S(this).toggleClass(i.call(this,e,gt(this),t),t)}):this.each(function(){var e,t,n,r;if(a){t=0,n=S(this),r=vt(i);while(e=r[t++])n.hasClass(e)?n.removeClass(e):n.addClass(e)}else void 0!==i&&"boolean"!==o||((e=gt(this))&&Y.set(this,"__className__",e),this.setAttribute&&this.setAttribute("class",e||!1===i?"":Y.get(this,"__className__")||""))})},hasClass:function(e){var t,n,r=0;t=" "+e+" ";while(n=this[r++])if(1===n.nodeType&&-1<(" "+ht(gt(n))+" ").indexOf(t))return!0;return!1}});var yt=/\r/g;S.fn.extend({val:function(n){var r,e,i,t=this[0];return arguments.length?(i=m(n),this.each(function(e){var t;1===this.nodeType&&(null==(t=i?n.call(this,e,S(this).val()):n)?t="":"number"==typeof t?t+="":Array.isArray(t)&&(t=S.map(t,function(e){return null==e?"":e+""})),(r=S.valHooks[this.type]||S.valHooks[this.nodeName.toLowerCase()])&&"set"in r&&void 0!==r.set(this,t,"value")||(this.value=t))})):t?(r=S.valHooks[t.type]||S.valHooks[t.nodeName.toLowerCase()])&&"get"in r&&void 0!==(e=r.get(t,"value"))?e:"string"==typeof(e=t.value)?e.replace(yt,""):null==e?"":e:void 0}}),S.extend({valHooks:{option:{get:function(e){var t=S.find.attr(e,"value");return null!=t?t:ht(S.text(e))}},select:{get:function(e){var t,n,r,i=e.options,o=e.selectedIndex,a="select-one"===e.type,s=a?null:[],u=a?o+1:i.length;for(r=o<0?u:a?o:0;r<u;r++)if(((n=i[r]).selected||r===o)&&!n.disabled&&(!n.parentNode.disabled||!A(n.parentNode,"optgroup"))){if(t=S(n).val(),a)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=S.makeArray(t),a=i.length;while(a--)((r=i[a]).selected=-1<S.inArray(S.valHooks.option.get(r),o))&&(n=!0);return n||(e.selectedIndex=-1),o}}}}),S.each(["radio","checkbox"],function(){S.valHooks[this]={set:function(e,t){if(Array.isArray(t))return e.checked=-1<S.inArray(S(e).val(),t)}},y.checkOn||(S.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})}),y.focusin="onfocusin"in C;var mt=/^(?:focusinfocus|focusoutblur)$/,xt=function(e){e.stopPropagation()};S.extend(S.event,{trigger:function(e,t,n,r){var i,o,a,s,u,l,c,f,p=[n||E],d=v.call(e,"type")?e.type:e,h=v.call(e,"namespace")?e.namespace.split("."):[];if(o=f=a=n=n||E,3!==n.nodeType&&8!==n.nodeType&&!mt.test(d+S.event.triggered)&&(-1<d.indexOf(".")&&(d=(h=d.split(".")).shift(),h.sort()),u=d.indexOf(":")<0&&"on"+d,(e=e[S.expando]?e:new S.Event(d,"object"==typeof e&&e)).isTrigger=r?2:3,e.namespace=h.join("."),e.rnamespace=e.namespace?new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,e.result=void 0,e.target||(e.target=n),t=null==t?[e]:S.makeArray(t,[e]),c=S.event.special[d]||{},r||!c.trigger||!1!==c.trigger.apply(n,t))){if(!r&&!c.noBubble&&!x(n)){for(s=c.delegateType||d,mt.test(s+d)||(o=o.parentNode);o;o=o.parentNode)p.push(o),a=o;a===(n.ownerDocument||E)&&p.push(a.defaultView||a.parentWindow||C)}i=0;while((o=p[i++])&&!e.isPropagationStopped())f=o,e.type=1<i?s:c.bindType||d,(l=(Y.get(o,"events")||Object.create(null))[e.type]&&Y.get(o,"handle"))&&l.apply(o,t),(l=u&&o[u])&&l.apply&&V(o)&&(e.result=l.apply(o,t),!1===e.result&&e.preventDefault());return e.type=d,r||e.isDefaultPrevented()||c._default&&!1!==c._default.apply(p.pop(),t)||!V(n)||u&&m(n[d])&&!x(n)&&((a=n[u])&&(n[u]=null),S.event.triggered=d,e.isPropagationStopped()&&f.addEventListener(d,xt),n[d](),e.isPropagationStopped()&&f.removeEventListener(d,xt),S.event.triggered=void 0,a&&(n[u]=a)),e.result}},simulate:function(e,t,n){var r=S.extend(new S.Event,n,{type:e,isSimulated:!0});S.event.trigger(r,null,t)}}),S.fn.extend({trigger:function(e,t){return this.each(function(){S.event.trigger(e,t,this)})},triggerHandler:function(e,t){var n=this[0];if(n)return S.event.trigger(e,t,n,!0)}}),y.focusin||S.each({focus:"focusin",blur:"focusout"},function(n,r){var i=function(e){S.event.simulate(r,e.target,S.event.fix(e))};S.event.special[r]={setup:function(){var e=this.ownerDocument||this.document||this,t=Y.access(e,r);t||e.addEventListener(n,i,!0),Y.access(e,r,(t||0)+1)},teardown:function(){var e=this.ownerDocument||this.document||this,t=Y.access(e,r)-1;t?Y.access(e,r,t):(e.removeEventListener(n,i,!0),Y.remove(e,r))}}});var bt=C.location,wt={guid:Date.now()},Tt=/\?/;S.parseXML=function(e){var t,n;if(!e||"string"!=typeof e)return null;try{t=(new C.DOMParser).parseFromString(e,"text/xml")}catch(e){}return n=t&&t.getElementsByTagName("parsererror")[0],t&&!n||S.error("Invalid XML: "+(n?S.map(n.childNodes,function(e){return e.textContent}).join("\n"):e)),t};var Ct=/\[\]$/,Et=/\r?\n/g,St=/^(?:submit|button|image|reset|file)$/i,kt=/^(?:input|select|textarea|keygen)/i;function At(n,e,r,i){var t;if(Array.isArray(e))S.each(e,function(e,t){r||Ct.test(n)?i(n,t):At(n+"["+("object"==typeof t&&null!=t?e:"")+"]",t,r,i)});else if(r||"object"!==w(e))i(n,e);else for(t in e)At(n+"["+t+"]",e[t],r,i)}S.param=function(e,t){var n,r=[],i=function(e,t){var n=m(t)?t():t;r[r.length]=encodeURIComponent(e)+"="+encodeURIComponent(null==n?"":n)};if(null==e)return"";if(Array.isArray(e)||e.jquery&&!S.isPlainObject(e))S.each(e,function(){i(this.name,this.value)});else for(n in e)At(n,e[n],t,i);return r.join("&")},S.fn.extend({serialize:function(){return S.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var e=S.prop(this,"elements");return e?S.makeArray(e):this}).filter(function(){var e=this.type;return this.name&&!S(this).is(":disabled")&&kt.test(this.nodeName)&&!St.test(e)&&(this.checked||!pe.test(e))}).map(function(e,t){var n=S(this).val();return null==n?null:Array.isArray(n)?S.map(n,function(e){return{name:t.name,value:e.replace(Et,"\r\n")}}):{name:t.name,value:n.replace(Et,"\r\n")}}).get()}});var Nt=/%20/g,jt=/#.*$/,Dt=/([?&])_=[^&]*/,qt=/^(.*?):[ \t]*([^\r\n]*)$/gm,Lt=/^(?:GET|HEAD)$/,Ht=/^\/\//,Ot={},Pt={},Rt="*/".concat("*"),Mt=E.createElement("a");function It(o){return function(e,t){"string"!=typeof e&&(t=e,e="*");var n,r=0,i=e.toLowerCase().match(P)||[];if(m(t))while(n=i[r++])"+"===n[0]?(n=n.slice(1)||"*",(o[n]=o[n]||[]).unshift(t)):(o[n]=o[n]||[]).push(t)}}function Wt(t,i,o,a){var s={},u=t===Pt;function l(e){var r;return s[e]=!0,S.each(t[e]||[],function(e,t){var n=t(i,o,a);return"string"!=typeof n||u||s[n]?u?!(r=n):void 0:(i.dataTypes.unshift(n),l(n),!1)}),r}return l(i.dataTypes[0])||!s["*"]&&l("*")}function Ft(e,t){var n,r,i=S.ajaxSettings.flatOptions||{};for(n in t)void 0!==t[n]&&((i[n]?e:r||(r={}))[n]=t[n]);return r&&S.extend(!0,e,r),e}Mt.href=bt.href,S.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:bt.href,type:"GET",isLocal:/^(?:about|app|app-storage|.+-extension|file|res|widget):$/.test(bt.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Rt,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":S.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(e,t){return t?Ft(Ft(e,S.ajaxSettings),t):Ft(S.ajaxSettings,e)},ajaxPrefilter:It(Ot),ajaxTransport:It(Pt),ajax:function(e,t){"object"==typeof e&&(t=e,e=void 0),t=t||{};var c,f,p,n,d,r,h,g,i,o,v=S.ajaxSetup({},t),y=v.context||v,m=v.context&&(y.nodeType||y.jquery)?S(y):S.event,x=S.Deferred(),b=S.Callbacks("once memory"),w=v.statusCode||{},a={},s={},u="canceled",T={readyState:0,getResponseHeader:function(e){var t;if(h){if(!n){n={};while(t=qt.exec(p))n[t[1].toLowerCase()+" "]=(n[t[1].toLowerCase()+" "]||[]).concat(t[2])}t=n[e.toLowerCase()+" "]}return null==t?null:t.join(", ")},getAllResponseHeaders:function(){return h?p:null},setRequestHeader:function(e,t){return null==h&&(e=s[e.toLowerCase()]=s[e.toLowerCase()]||e,a[e]=t),this},overrideMimeType:function(e){return null==h&&(v.mimeType=e),this},statusCode:function(e){var t;if(e)if(h)T.always(e[T.status]);else for(t in e)w[t]=[w[t],e[t]];return this},abort:function(e){var t=e||u;return c&&c.abort(t),l(0,t),this}};if(x.promise(T),v.url=((e||v.url||bt.href)+"").replace(Ht,bt.protocol+"//"),v.type=t.method||t.type||v.method||v.type,v.dataTypes=(v.dataType||"*").toLowerCase().match(P)||[""],null==v.crossDomain){r=E.createElement("a");try{r.href=v.url,r.href=r.href,v.crossDomain=Mt.protocol+"//"+Mt.host!=r.protocol+"//"+r.host}catch(e){v.crossDomain=!0}}if(v.data&&v.processData&&"string"!=typeof v.data&&(v.data=S.param(v.data,v.traditional)),Wt(Ot,v,t,T),h)return T;for(i in(g=S.event&&v.global)&&0==S.active++&&S.event.trigger("ajaxStart"),v.type=v.type.toUpperCase(),v.hasContent=!Lt.test(v.type),f=v.url.replace(jt,""),v.hasContent?v.data&&v.processData&&0===(v.contentType||"").indexOf("application/x-www-form-urlencoded")&&(v.data=v.data.replace(Nt,"+")):(o=v.url.slice(f.length),v.data&&(v.processData||"string"==typeof v.data)&&(f+=(Tt.test(f)?"&":"?")+v.data,delete v.data),!1===v.cache&&(f=f.replace(Dt,"$1"),o=(Tt.test(f)?"&":"?")+"_="+wt.guid+++o),v.url=f+o),v.ifModified&&(S.lastModified[f]&&T.setRequestHeader("If-Modified-Since",S.lastModified[f]),S.etag[f]&&T.setRequestHeader("If-None-Match",S.etag[f])),(v.data&&v.hasContent&&!1!==v.contentType||t.contentType)&&T.setRequestHeader("Content-Type",v.contentType),T.setRequestHeader("Accept",v.dataTypes[0]&&v.accepts[v.dataTypes[0]]?v.accepts[v.dataTypes[0]]+("*"!==v.dataTypes[0]?", "+Rt+"; q=0.01":""):v.accepts["*"]),v.headers)T.setRequestHeader(i,v.headers[i]);if(v.beforeSend&&(!1===v.beforeSend.call(y,T,v)||h))return T.abort();if(u="abort",b.add(v.complete),T.done(v.success),T.fail(v.error),c=Wt(Pt,v,t,T)){if(T.readyState=1,g&&m.trigger("ajaxSend",[T,v]),h)return T;v.async&&0<v.timeout&&(d=C.setTimeout(function(){T.abort("timeout")},v.timeout));try{h=!1,c.send(a,l)}catch(e){if(h)throw e;l(-1,e)}}else l(-1,"No Transport");function l(e,t,n,r){var i,o,a,s,u,l=t;h||(h=!0,d&&C.clearTimeout(d),c=void 0,p=r||"",T.readyState=0<e?4:0,i=200<=e&&e<300||304===e,n&&(s=function(e,t,n){var r,i,o,a,s=e.contents,u=e.dataTypes;while("*"===u[0])u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(i in s)if(s[i]&&s[i].test(r)){u.unshift(i);break}if(u[0]in n)o=u[0];else{for(i in n){if(!u[0]||e.converters[i+" "+u[0]]){o=i;break}a||(a=i)}o=o||a}if(o)return o!==u[0]&&u.unshift(o),n[o]}(v,T,n)),!i&&-1<S.inArray("script",v.dataTypes)&&S.inArray("json",v.dataTypes)<0&&(v.converters["text script"]=function(){}),s=function(e,t,n,r){var i,o,a,s,u,l={},c=e.dataTypes.slice();if(c[1])for(a in e.converters)l[a.toLowerCase()]=e.converters[a];o=c.shift();while(o)if(e.responseFields[o]&&(n[e.responseFields[o]]=t),!u&&r&&e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u=o,o=c.shift())if("*"===o)o=u;else if("*"!==u&&u!==o){if(!(a=l[u+" "+o]||l["* "+o]))for(i in l)if((s=i.split(" "))[1]===o&&(a=l[u+" "+s[0]]||l["* "+s[0]])){!0===a?a=l[i]:!0!==l[i]&&(o=s[0],c.unshift(s[1]));break}if(!0!==a)if(a&&e["throws"])t=a(t);else try{t=a(t)}catch(e){return{state:"parsererror",error:a?e:"No conversion from "+u+" to "+o}}}return{state:"success",data:t}}(v,s,T,i),i?(v.ifModified&&((u=T.getResponseHeader("Last-Modified"))&&(S.lastModified[f]=u),(u=T.getResponseHeader("etag"))&&(S.etag[f]=u)),204===e||"HEAD"===v.type?l="nocontent":304===e?l="notmodified":(l=s.state,o=s.data,i=!(a=s.error))):(a=l,!e&&l||(l="error",e<0&&(e=0))),T.status=e,T.statusText=(t||l)+"",i?x.resolveWith(y,[o,l,T]):x.rejectWith(y,[T,l,a]),T.statusCode(w),w=void 0,g&&m.trigger(i?"ajaxSuccess":"ajaxError",[T,v,i?o:a]),b.fireWith(y,[T,l]),g&&(m.trigger("ajaxComplete",[T,v]),--S.active||S.event.trigger("ajaxStop")))}return T},getJSON:function(e,t,n){return S.get(e,t,n,"json")},getScript:function(e,t){return S.get(e,void 0,t,"script")}}),S.each(["get","post"],function(e,i){S[i]=function(e,t,n,r){return m(t)&&(r=r||n,n=t,t=void 0),S.ajax(S.extend({url:e,type:i,dataType:r,data:t,success:n},S.isPlainObject(e)&&e))}}),S.ajaxPrefilter(function(e){var t;for(t in e.headers)"content-type"===t.toLowerCase()&&(e.contentType=e.headers[t]||"")}),S._evalUrl=function(e,t,n){return S.ajax({url:e,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,converters:{"text script":function(){}},dataFilter:function(e){S.globalEval(e,t,n)}})},S.fn.extend({wrapAll:function(e){var t;return this[0]&&(m(e)&&(e=e.call(this[0])),t=S(e,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstElementChild)e=e.firstElementChild;return e}).append(this)),this},wrapInner:function(n){return m(n)?this.each(function(e){S(this).wrapInner(n.call(this,e))}):this.each(function(){var e=S(this),t=e.contents();t.length?t.wrapAll(n):e.append(n)})},wrap:function(t){var n=m(t);return this.each(function(e){S(this).wrapAll(n?t.call(this,e):t)})},unwrap:function(e){return this.parent(e).not("body").each(function(){S(this).replaceWith(this.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var Bt={0:200,1223:204},$t=S.ajaxSettings.xhr();y.cors=!!$t&&"withCredentials"in $t,y.ajax=$t=!!$t,S.ajaxTransport(function(i){var o,a;if(y.cors||$t&&!i.crossDomain)return{send:function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest"),e)r.setRequestHeader(n,e[n]);o=function(e){return function(){o&&(o=a=r.onload=r.onerror=r.onabort=r.ontimeout=r.onreadystatechange=null,"abort"===e?r.abort():"error"===e?"number"!=typeof r.status?t(0,"error"):t(r.status,r.statusText):t(Bt[r.status]||r.status,r.statusText,"text"!==(r.responseType||"text")||"string"!=typeof r.responseText?{binary:r.response}:{text:r.responseText},r.getAllResponseHeaders()))}},r.onload=o(),a=r.onerror=r.ontimeout=o("error"),void 0!==r.onabort?r.onabort=a:r.onreadystatechange=function(){4===r.readyState&&C.setTimeout(function(){o&&a()})},o=o("abort");try{r.send(i.hasContent&&i.data||null)}catch(e){if(o)throw e}},abort:function(){o&&o()}}}),S.ajaxPrefilter(function(e){e.crossDomain&&(e.contents.script=!1)}),S.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(e){return S.globalEval(e),e}}}),S.ajaxPrefilter("script",function(e){void 0===e.cache&&(e.cache=!1),e.crossDomain&&(e.type="GET")}),S.ajaxTransport("script",function(n){var r,i;if(n.crossDomain||n.scriptAttrs)return{send:function(e,t){r=S("<script>").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="<form></form><form></form>",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1<s&&(r=ht(e.slice(s)),e=e.slice(0,s)),m(t)?(n=t,t=void 0):t&&"object"==typeof t&&(i="POST"),0<a.length&&S.ajax({url:e,type:i||"GET",dataType:"html",data:t}).done(function(e){o=arguments,a.html(r?S("<div>").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0<arguments.length?this.on(n,null,e,t):this.trigger(n)}});var Xt=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;S.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),m(e))return r=s.call(arguments,2),(i=function(){return e.apply(t||this,r.concat(s.call(arguments)))}).guid=e.guid=e.guid||S.guid++,i},S.holdReady=function(e){e?S.readyWait++:S.ready(!0)},S.isArray=Array.isArray,S.parseJSON=JSON.parse,S.nodeName=A,S.isFunction=m,S.isWindow=x,S.camelCase=X,S.type=w,S.now=Date.now,S.isNumeric=function(e){var t=S.type(e);return("number"===t||"string"===t)&&!isNaN(e-parseFloat(e))},S.trim=function(e){return null==e?"":(e+"").replace(Xt,"")},"function"==typeof define&&define.amd&&define("jquery",[],function(){return S});var Vt=C.jQuery,Gt=C.$;return S.noConflict=function(e){return C.$===S&&(C.$=Gt),e&&C.jQuery===S&&(C.jQuery=Vt),S},"undefined"==typeof e&&(C.jQuery=C.$=S),S});
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/kyuubi.js b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/kyuubi.js
deleted file mode 100644
index 84c3a8f9d..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/kyuubi.js
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-'use strict';
-
-var kyuubiVersion = "";
-
-$.fn.api.settings.api = {
-	'get version' : '/api/v1/version',
-	'ping' : '/api/v1/version'
-};
-
-$('.item.server.version')
-	.api({
-		action: 'get version',
-		on: 'now',
-		onload: function (response) {
-			if (response) {
-				$('.item.server.version.right.padded').val(response.version)
-			}
-		}
-	})
-;
-
-$(function(){
-	if (kyuubiVersion === "") {
-		$.getJSON(location.origin + "/api/v1/version", function (response) {
-			kyuubiVersion = response.version;
-		});
-	}
-	$('.item.server.version.right.padded').val(kyuubiVersion)
-});
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/metrics.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/metrics.html
deleted file mode 100644
index 88ac40cdd..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/metrics.html
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>Kyuubi Server Metrics</title>
-	<link rel="stylesheet" href="semantic.min.css">
-	<link rel="stylesheet" href="icon.min.css">
-	<script src="jquery-3.6.0.min.js"></script>
-	<script src="semantic.min.js"></script>
-	<script src="kyuubi.js"></script>
-</head>
-<body>
-
-<div class="ui page">
-	<div class="ui black inverted massive menu">
-		<div class="item">
-			<img src="icon.png" alt="">
-		</div>
-		<a class="item" href="./"><i class="home icon"></i>Home</a>
-		<a class="item" href="./environment.html" ><i class="settings icon"></i>Environment</a>
-		<a class="item" href="./sessions.html" ><i class="envelope icon"></i>Sessions</a>
-		<a class="item" href="./operations.html" ><i class="tasks icon"></i>Operations</a>
-		<a class="active item" href="./metrics.html" ><i class="bars icon"></i>Metrics</a>
-		<a class="item" href="./threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-		<a class="item" href="../swagger"><i class="h square icon"></i>REST API</a>
-		<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-		<a class="item server version right padded"><i class="flag icon"></i>En</a>
-	</div>
-</div>
-
-<div class="ui raised inverted segment">
-	<div class="ui icon message">
-		<i class="notched circle loading icon"></i>
-		<div class="content">
-			<div class="header">Hang on... </div>
-			<p>We are looking for developers to help us build the UI.</p>
-		</div>
-	</div>
-</div>
-
-
-</body>
-</html>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/operations.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/operations.html
deleted file mode 100644
index e25fe9ceb..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/operations.html
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>Title</title>
-	<link rel="stylesheet" href="semantic.min.css">
-	<link rel="stylesheet" href="icon.min.css">
-	<script src="jquery-3.6.0.min.js"></script>
-	<script src="semantic.min.js"></script>
-	<script src="kyuubi.js"></script>
-</head>
-<body>
-
-<div class="ui page">
-	<div class="ui black inverted massive menu">
-		<div class="item">
-			<img src="icon.png" alt="">
-		</div>
-		<a class="item" href="./"><i class="home icon"></i>Home</a>
-		<a class="item" href="./environment.html" ><i class="settings icon"></i>Environment</a>
-		<a class="item" href="./sessions.html" ><i class="envelope icon"></i>Sessions</a>
-		<a class="active item" href="./operations.html" ><i class="tasks icon"></i>Operations</a>
-		<a class="item" href="./metrics.html" ><i class="bars icon"></i>Metrics</a>
-		<a class="item" href="./threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-		<a class="item" href="../swagger"><i class="h square icon"></i>REST API</a>
-		<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-		<a class="item server version right padded"><i class="flag icon"></i>En</a>
-	</div>
-</div>
-
-<div class="ui raised inverted segment">
-	<div class="ui icon message">
-		<i class="notched circle loading icon"></i>
-		<div class="content">
-			<div class="header">Hang on... </div>
-			<p>We are looking for developers to help us build the UI.</p>
-		</div>
-	</div>
-</div>
-
-</body>
-</html>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.css b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.css
deleted file mode 100644
index e2386193d..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.css
+++ /dev/null
@@ -1,372 +0,0 @@
- /*
- * # Semantic UI - 2.4.0
- * https://github.com/Semantic-Org/Semantic-UI
- * http://www.semantic-ui.com/
- *
- * Copyright 2014 Contributors
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */
-@import url(https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin);/*!
- * # Semantic UI 2.4.0 - Reset
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */*,:after,:before{-webkit-box-sizing:inherit;box-sizing:inherit}html{-webkit-box-sizing:border-box;box-sizing:border-box}input[type=email],input[type=password],input[type=search],input[type=text]{-webkit-appearance:none;-moz-appearance:none}/*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{-webkit-box-sizing:border-box;box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}/*!
- * # Semantic UI 2.4.0 - Site
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */body,html{height:100%}html{font-size:14px}body{margin:0;padding:0;overflow-x:hidden;min-width:320px;background:#fff;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:14px;line-height:1.4285em;color:rgba(0,0,0,.87);font-smoothing:antialiased}h1,h2,h3,h4,h5{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;line-height:1.28571429em;margin:calc(2rem - .14285714em) 0 1rem;font-weight:700;padding:0}h1{min-height:1rem;font-size:2rem}h2{font-size:1.71428571rem}h3{font-size:1.28571429rem}h4{font-size:1.07142857rem}h5{font-size:1rem}h1:first-child,h2:first-child,h3:first-child,h4:first-child,h5:first-child{margin-top:0}h1:last-child,h2:last-child,h3:last-child,h4:last-child,h5:last-child{margin-bottom:0}p{margin:0 0 1em;line-height:1.4285em}p:first-child{margin-top:0}p:last-child{margin-bottom:0}a{color:#4183c4;text-decoration:none}a:hover{color:#1e70bf;text-decoration:none}::-webkit-selection{background-color:#cce2ff;color:rgba(0,0,0,.87)}::-moz-selection{background-color:#cce2ff;color:rgba(0,0,0,.87)}::selection{background-color:#cce2ff;color:rgba(0,0,0,.87)}input::-webkit-selection,textarea::-webkit-selection{background-color:rgba(100,100,100,.4);color:rgba(0,0,0,.87)}input::-moz-selection,textarea::-moz-selection{background-color:rgba(100,100,100,.4);color:rgba(0,0,0,.87)}input::selection,textarea::selection{background-color:rgba(100,100,100,.4);color:rgba(0,0,0,.87)}body ::-webkit-scrollbar{-webkit-appearance:none;width:10px;height:10px}body ::-webkit-scrollbar-track{background:rgba(0,0,0,.1);border-radius:0}body ::-webkit-scrollbar-thumb{cursor:pointer;border-radius:5px;background:rgba(0,0,0,.25);-webkit-transition:color .2s ease;transition:color .2s ease}body ::-webkit-scrollbar-thumb:window-inactive{background:rgba(0,0,0,.15)}body ::-webkit-scrollbar-thumb:hover{background:rgba(128,135,139,.8)}body .ui.inverted::-webkit-scrollbar-track{background:rgba(255,255,255,.1)}body .ui.inverted::-webkit-scrollbar-thumb{background:rgba(255,255,255,.25)}body .ui.inverted::-webkit-scrollbar-thumb:window-inactive{background:rgba(255,255,255,.15)}body .ui.inverted::-webkit-scrollbar-thumb:hover{background:rgba(255,255,255,.35)}/*!
- * # Semantic UI 2.4.0 - Button
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.button{cursor:pointer;display:inline-block;min-height:1em;outline:0;border:none;vertical-align:baseline;background:#e0e1e2 none;color:rgba(0,0,0,.6);font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;margin:0 .25em 0 0;padding:.78571429em 1.5em .78571429em;text-transform:none;text-shadow:none;font-weight:700;line-height:1em;font-style:normal;text-align:center;text-decoration:none;border-radius:.28571429rem;-webkit-box-shadow:0 0 0 1px transparent inset,0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px transparent inset,0 0 0 0 rgba(34,36,38,.15) inset;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:opacity .1s ease,background-color .1s ease,color .1s ease,background .1s ease,-webkit-box-shadow .1s ease;transition:opacity .1s ease,background-color .1s ease,color .1s ease,background .1s ease,-webkit-box-shadow .1s ease;transition:opacity .1s ease,background-color .1s ease,color .1s ease,box-shadow .1s ease,background .1s ease;transition:opacity .1s ease,background-color .1s ease,color .1s ease,box-shadow .1s ease,background .1s ease,-webkit-box-shadow .1s ease;will-change:'';-webkit-tap-highlight-color:transparent}.ui.button:hover{background-color:#cacbcd;background-image:none;-webkit-box-shadow:0 0 0 1px transparent inset,0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px transparent inset,0 0 0 0 rgba(34,36,38,.15) inset;color:rgba(0,0,0,.8)}.ui.button:hover .icon{opacity:.85}.ui.button:focus{background-color:#cacbcd;color:rgba(0,0,0,.8);background-image:''!important;-webkit-box-shadow:''!important;box-shadow:''!important}.ui.button:focus .icon{opacity:.85}.ui.active.button:active,.ui.button:active{background-color:#babbbc;background-image:'';color:rgba(0,0,0,.9);-webkit-box-shadow:0 0 0 1px transparent inset,none;box-shadow:0 0 0 1px transparent inset,none}.ui.active.button{background-color:#c0c1c2;background-image:none;-webkit-box-shadow:0 0 0 1px transparent inset;box-shadow:0 0 0 1px transparent inset;color:rgba(0,0,0,.95)}.ui.active.button:hover{background-color:#c0c1c2;background-image:none;color:rgba(0,0,0,.95)}.ui.active.button:active{background-color:#c0c1c2;background-image:none}.ui.loading.loading.loading.loading.loading.loading.button{position:relative;cursor:default;text-shadow:none!important;color:transparent!important;opacity:1;pointer-events:auto;-webkit-transition:all 0s linear,opacity .1s ease;transition:all 0s linear,opacity .1s ease}.ui.loading.button:before{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;border-radius:500rem;border:.2em solid rgba(0,0,0,.15)}.ui.loading.button:after{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;-webkit-animation:button-spin .6s linear;animation:button-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#fff transparent transparent;border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent}.ui.labeled.icon.loading.button .icon{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}@-webkit-keyframes button-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes button-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.ui.basic.loading.button:not(.inverted):before{border-color:rgba(0,0,0,.1)}.ui.basic.loading.button:not(.inverted):after{border-top-color:#767676}.ui.button:disabled,.ui.buttons .disabled.button,.ui.disabled.active.button,.ui.disabled.button,.ui.disabled.button:hover{cursor:default;opacity:.45!important;background-image:none!important;-webkit-box-shadow:none!important;box-shadow:none!important;pointer-events:none!important}.ui.basic.buttons .ui.disabled.button{border-color:rgba(34,36,38,.5)}.ui.animated.button{position:relative;overflow:hidden;padding-right:0!important;vertical-align:middle;z-index:1}.ui.animated.button .content{will-change:transform,opacity}.ui.animated.button .visible.content{position:relative;margin-right:1.5em}.ui.animated.button .hidden.content{position:absolute;width:100%}.ui.animated.button .hidden.content,.ui.animated.button .visible.content{-webkit-transition:right .3s ease 0s;transition:right .3s ease 0s}.ui.animated.button .visible.content{left:auto;right:0}.ui.animated.button .hidden.content{top:50%;left:auto;right:-100%;margin-top:-.5em}.ui.animated.button:focus .visible.content,.ui.animated.button:hover .visible.content{left:auto;right:200%}.ui.animated.button:focus .hidden.content,.ui.animated.button:hover .hidden.content{left:auto;right:0}.ui.vertical.animated.button .hidden.content,.ui.vertical.animated.button .visible.content{-webkit-transition:top .3s ease,-webkit-transform .3s ease;transition:top .3s ease,-webkit-transform .3s ease;transition:top .3s ease,transform .3s ease;transition:top .3s ease,transform .3s ease,-webkit-transform .3s ease}.ui.vertical.animated.button .visible.content{-webkit-transform:translateY(0);transform:translateY(0);right:auto}.ui.vertical.animated.button .hidden.content{top:-50%;left:0;right:auto}.ui.vertical.animated.button:focus .visible.content,.ui.vertical.animated.button:hover .visible.content{-webkit-transform:translateY(200%);transform:translateY(200%);right:auto}.ui.vertical.animated.button:focus .hidden.content,.ui.vertical.animated.button:hover .hidden.content{top:50%;right:auto}.ui.fade.animated.button .hidden.content,.ui.fade.animated.button .visible.content{-webkit-transition:opacity .3s ease,-webkit-transform .3s ease;transition:opacity .3s ease,-webkit-transform .3s ease;transition:opacity .3s ease,transform .3s ease;transition:opacity .3s ease,transform .3s ease,-webkit-transform .3s ease}.ui.fade.animated.button .visible.content{left:auto;right:auto;opacity:1;-webkit-transform:scale(1);transform:scale(1)}.ui.fade.animated.button .hidden.content{opacity:0;left:0;right:auto;-webkit-transform:scale(1.5);transform:scale(1.5)}.ui.fade.animated.button:focus .visible.content,.ui.fade.animated.button:hover .visible.content{left:auto;right:auto;opacity:0;-webkit-transform:scale(.75);transform:scale(.75)}.ui.fade.animated.button:focus .hidden.content,.ui.fade.animated.button:hover .hidden.content{left:0;right:auto;opacity:1;-webkit-transform:scale(1);transform:scale(1)}.ui.inverted.button{-webkit-box-shadow:0 0 0 2px #fff inset!important;box-shadow:0 0 0 2px #fff inset!important;background:transparent none;color:#fff;text-shadow:none!important}.ui.inverted.buttons .button{margin:0 0 0 -2px}.ui.inverted.buttons .button:first-child{margin-left:0}.ui.inverted.vertical.buttons .button{margin:0 0 -2px 0}.ui.inverted.vertical.buttons .button:first-child{margin-top:0}.ui.inverted.button:hover{background:#fff;-webkit-box-shadow:0 0 0 2px #fff inset!important;box-shadow:0 0 0 2px #fff inset!important;color:rgba(0,0,0,.8)}.ui.inverted.button.active,.ui.inverted.button:focus{background:#fff;-webkit-box-shadow:0 0 0 2px #fff inset!important;box-shadow:0 0 0 2px #fff inset!important;color:rgba(0,0,0,.8)}.ui.inverted.button.active:focus{background:#dcddde;-webkit-box-shadow:0 0 0 2px #dcddde inset!important;box-shadow:0 0 0 2px #dcddde inset!important;color:rgba(0,0,0,.8)}.ui.labeled.button:not(.icon){display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;background:0 0!important;padding:0!important;border:none!important;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.labeled.button>.button{margin:0}.ui.labeled.button>.label{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;margin:0 0 0 -1px!important;padding:'';font-size:1em;border-color:rgba(34,36,38,.15)}.ui.labeled.button>.tag.label:before{width:1.85em;height:1.85em}.ui.labeled.button:not([class*="left labeled"])>.button{border-top-right-radius:0;border-bottom-right-radius:0}.ui.labeled.button:not([class*="left labeled"])>.label{border-top-left-radius:0;border-bottom-left-radius:0}.ui[class*="left labeled"].button>.button{border-top-left-radius:0;border-bottom-left-radius:0}.ui[class*="left labeled"].button>.label{border-top-right-radius:0;border-bottom-right-radius:0}.ui.facebook.button{background-color:#3b5998;color:#fff;text-shadow:none;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.facebook.button:hover{background-color:#304d8a;color:#fff;text-shadow:none}.ui.facebook.button:active{background-color:#2d4373;color:#fff;text-shadow:none}.ui.twitter.button{background-color:#55acee;color:#fff;text-shadow:none;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.twitter.button:hover{background-color:#35a2f4;color:#fff;text-shadow:none}.ui.twitter.button:active{background-color:#2795e9;color:#fff;text-shadow:none}.ui.google.plus.button{background-color:#dd4b39;color:#fff;text-shadow:none;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.google.plus.button:hover{background-color:#e0321c;color:#fff;text-shadow:none}.ui.google.plus.button:active{background-color:#c23321;color:#fff;text-shadow:none}.ui.linkedin.button{background-color:#1f88be;color:#fff;text-shadow:none}.ui.linkedin.button:hover{background-color:#147baf;color:#fff;text-shadow:none}.ui.linkedin.button:active{background-color:#186992;color:#fff;text-shadow:none}.ui.youtube.button{background-color:red;color:#fff;text-shadow:none;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.youtube.button:hover{background-color:#e60000;color:#fff;text-shadow:none}.ui.youtube.button:active{background-color:#c00;color:#fff;text-shadow:none}.ui.instagram.button{background-color:#49769c;color:#fff;text-shadow:none;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.instagram.button:hover{background-color:#3d698e;color:#fff;text-shadow:none}.ui.instagram.button:active{background-color:#395c79;color:#fff;text-shadow:none}.ui.pinterest.button{background-color:#bd081c;color:#fff;text-shadow:none;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.pinterest.button:hover{background-color:#ac0013;color:#fff;text-shadow:none}.ui.pinterest.button:active{background-color:#8c0615;color:#fff;text-shadow:none}.ui.vk.button{background-color:#4d7198;color:#fff;background-image:none;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.vk.button:hover{background-color:#41648a;color:#fff}.ui.vk.button:active{background-color:#3c5876;color:#fff}.ui.button>.icon:not(.button){height:.85714286em;opacity:.8;margin:0 .42857143em 0 -.21428571em;-webkit-transition:opacity .1s ease;transition:opacity .1s ease;vertical-align:'';color:''}.ui.button:not(.icon)>.icon:not(.button):not(.dropdown){margin:0 .42857143em 0 -.21428571em}.ui.button:not(.icon)>.right.icon:not(.button):not(.dropdown){margin:0 -.21428571em 0 .42857143em}.ui[class*="left floated"].button,.ui[class*="left floated"].buttons{float:left;margin-left:0;margin-right:.25em}.ui[class*="right floated"].button,.ui[class*="right floated"].buttons{float:right;margin-right:0;margin-left:.25em}.ui.compact.button,.ui.compact.buttons .button{padding:.58928571em 1.125em .58928571em}.ui.compact.icon.button,.ui.compact.icon.buttons .button{padding:.58928571em .58928571em .58928571em}.ui.compact.labeled.icon.button,.ui.compact.labeled.icon.buttons .button{padding:.58928571em 3.69642857em .58928571em}.ui.mini.button,.ui.mini.buttons .button,.ui.mini.buttons .or{font-size:.78571429rem}.ui.tiny.button,.ui.tiny.buttons .button,.ui.tiny.buttons .or{font-size:.85714286rem}.ui.small.button,.ui.small.buttons .button,.ui.small.buttons .or{font-size:.92857143rem}.ui.button,.ui.buttons .button,.ui.buttons .or{font-size:1rem}.ui.large.button,.ui.large.buttons .button,.ui.large.buttons .or{font-size:1.14285714rem}.ui.big.button,.ui.big.buttons .button,.ui.big.buttons .or{font-size:1.28571429rem}.ui.huge.button,.ui.huge.buttons .button,.ui.huge.buttons .or{font-size:1.42857143rem}.ui.massive.button,.ui.massive.buttons .button,.ui.massive.buttons .or{font-size:1.71428571rem}.ui.icon.button,.ui.icon.buttons .button{padding:.78571429em .78571429em .78571429em}.ui.icon.button>.icon,.ui.icon.buttons .button>.icon{opacity:.9;margin:0!important;vertical-align:top}.ui.basic.button,.ui.basic.buttons .button{background:transparent none!important;color:rgba(0,0,0,.6)!important;font-weight:400;border-radius:.28571429rem;text-transform:none;text-shadow:none!important;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px rgba(34,36,38,.15) inset}.ui.basic.buttons{-webkit-box-shadow:none;box-shadow:none;border:1px solid rgba(34,36,38,.15);border-radius:.28571429rem}.ui.basic.buttons .button{border-radius:0}.ui.basic.button:hover,.ui.basic.buttons .button:hover{background:#fff!important;color:rgba(0,0,0,.8)!important;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.35) inset,0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px rgba(34,36,38,.35) inset,0 0 0 0 rgba(34,36,38,.15) inset}.ui.basic.button:focus,.ui.basic.buttons .button:focus{background:#fff!important;color:rgba(0,0,0,.8)!important;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.35) inset,0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px rgba(34,36,38,.35) inset,0 0 0 0 rgba(34,36,38,.15) inset}.ui.basic.button:active,.ui.basic.buttons .button:active{background:#f8f8f8!important;color:rgba(0,0,0,.9)!important;-webkit-box-shadow:0 0 0 1px rgba(0,0,0,.15) inset,0 1px 4px 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px rgba(0,0,0,.15) inset,0 1px 4px 0 rgba(34,36,38,.15) inset}.ui.basic.active.button,.ui.basic.buttons .active.button{background:rgba(0,0,0,.05)!important;-webkit-box-shadow:''!important;box-shadow:''!important;color:rgba(0,0,0,.95)!important}.ui.basic.active.button:hover,.ui.basic.buttons .active.button:hover{background-color:rgba(0,0,0,.05)}.ui.basic.buttons .button:hover{-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.35) inset,0 0 0 0 rgba(34,36,38,.15) inset inset;box-shadow:0 0 0 1px rgba(34,36,38,.35) inset,0 0 0 0 rgba(34,36,38,.15) inset inset}.ui.basic.buttons .button:active{-webkit-box-shadow:0 0 0 1px rgba(0,0,0,.15) inset,0 1px 4px 0 rgba(34,36,38,.15) inset inset;box-shadow:0 0 0 1px rgba(0,0,0,.15) inset,0 1px 4px 0 rgba(34,36,38,.15) inset inset}.ui.basic.buttons .active.button{-webkit-box-shadow:''!important;box-shadow:''!important}.ui.basic.inverted.button,.ui.basic.inverted.buttons .button{background-color:transparent!important;color:#f9fafb!important;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important}.ui.basic.inverted.button:hover,.ui.basic.inverted.buttons .button:hover{color:#fff!important;-webkit-box-shadow:0 0 0 2px #fff inset!important;box-shadow:0 0 0 2px #fff inset!important}.ui.basic.inverted.button:focus,.ui.basic.inverted.buttons .button:focus{color:#fff!important;-webkit-box-shadow:0 0 0 2px #fff inset!important;box-shadow:0 0 0 2px #fff inset!important}.ui.basic.inverted.button:active,.ui.basic.inverted.buttons .button:active{background-color:rgba(255,255,255,.08)!important;color:#fff!important;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.9) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.9) inset!important}.ui.basic.inverted.active.button,.ui.basic.inverted.buttons .active.button{background-color:rgba(255,255,255,.08);color:#fff;text-shadow:none;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.7) inset;box-shadow:0 0 0 2px rgba(255,255,255,.7) inset}.ui.basic.inverted.active.button:hover,.ui.basic.inverted.buttons .active.button:hover{background-color:rgba(255,255,255,.15);-webkit-box-shadow:0 0 0 2px #fff inset!important;box-shadow:0 0 0 2px #fff inset!important}.ui.basic.buttons .button{border-left:1px solid rgba(34,36,38,.15);-webkit-box-shadow:none;box-shadow:none}.ui.basic.vertical.buttons .button{border-left:none}.ui.basic.vertical.buttons .button{border-left-width:0;border-top:1px solid rgba(34,36,38,.15)}.ui.basic.vertical.buttons .button:first-child{border-top-width:0}.ui.labeled.icon.button,.ui.labeled.icon.buttons .button{position:relative;padding-left:4.07142857em!important;padding-right:1.5em!important}.ui.labeled.icon.button>.icon,.ui.labeled.icon.buttons>.button>.icon{position:absolute;height:100%;line-height:1;border-radius:0;border-top-left-radius:inherit;border-bottom-left-radius:inherit;text-align:center;margin:0;width:2.57142857em;background-color:rgba(0,0,0,.05);color:'';-webkit-box-shadow:-1px 0 0 0 transparent inset;box-shadow:-1px 0 0 0 transparent inset}.ui.labeled.icon.button>.icon,.ui.labeled.icon.buttons>.button>.icon{top:0;left:0}.ui[class*="right labeled"].icon.button{padding-right:4.07142857em!important;padding-left:1.5em!important}.ui[class*="right labeled"].icon.button>.icon{left:auto;right:0;border-radius:0;border-top-right-radius:inherit;border-bottom-right-radius:inherit;-webkit-box-shadow:1px 0 0 0 transparent inset;box-shadow:1px 0 0 0 transparent inset}.ui.labeled.icon.button>.icon:after,.ui.labeled.icon.button>.icon:before,.ui.labeled.icon.buttons>.button>.icon:after,.ui.labeled.icon.buttons>.button>.icon:before{display:block;position:absolute;width:100%;top:50%;text-align:center;-webkit-transform:translateY(-50%);transform:translateY(-50%)}.ui.labeled.icon.buttons .button>.icon{border-radius:0}.ui.labeled.icon.buttons .button:first-child>.icon{border-top-left-radius:.28571429rem;border-bottom-left-radius:.28571429rem}.ui.labeled.icon.buttons .button:last-child>.icon{border-top-right-radius:.28571429rem;border-bottom-right-radius:.28571429rem}.ui.vertical.labeled.icon.buttons .button:first-child>.icon{border-radius:0;border-top-left-radius:.28571429rem}.ui.vertical.labeled.icon.buttons .button:last-child>.icon{border-radius:0;border-bottom-left-radius:.28571429rem}.ui.fluid[class*="left labeled"].icon.button,.ui.fluid[class*="right labeled"].icon.button{padding-left:1.5em!important;padding-right:1.5em!important}.ui.button.toggle.active,.ui.buttons .button.toggle.active,.ui.toggle.buttons .active.button{background-color:#21ba45!important;-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none;color:#fff!important}.ui.button.toggle.active:hover{background-color:#16ab39!important;text-shadow:none;color:#fff!important}.ui.circular.button{border-radius:10em}.ui.circular.button>.icon{width:1em;vertical-align:baseline}.ui.buttons .or{position:relative;width:.3em;height:2.57142857em;z-index:3}.ui.buttons .or:before{position:absolute;text-align:center;border-radius:500rem;content:'or';top:50%;left:50%;background-color:#fff;text-shadow:none;margin-top:-.89285714em;margin-left:-.89285714em;width:1.78571429em;height:1.78571429em;line-height:1.78571429em;color:rgba(0,0,0,.4);font-style:normal;font-weight:700;-webkit-box-shadow:0 0 0 1px transparent inset;box-shadow:0 0 0 1px transparent inset}.ui.buttons .or[data-text]:before{content:attr(data-text)}.ui.fluid.buttons .or{width:0!important}.ui.fluid.buttons .or:after{display:none}.ui.attached.button{position:relative;display:block;margin:0;border-radius:0;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.15)!important;box-shadow:0 0 0 1px rgba(34,36,38,.15)!important}.ui.attached.top.button{border-radius:.28571429rem .28571429rem 0 0}.ui.attached.bottom.button{border-radius:0 0 .28571429rem .28571429rem}.ui.left.attached.button{display:inline-block;border-left:none;text-align:right;padding-right:.75em;border-radius:.28571429rem 0 0 .28571429rem}.ui.right.attached.button{display:inline-block;text-align:left;padding-left:.75em;border-radius:0 .28571429rem .28571429rem 0}.ui.attached.buttons{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;border-radius:0;width:auto!important;z-index:2;margin-left:-1px;margin-right:-1px}.ui.attached.buttons .button{margin:0}.ui.attached.buttons .button:first-child{border-radius:0}.ui.attached.buttons .button:last-child{border-radius:0}.ui[class*="top attached"].buttons{margin-bottom:-1px;border-radius:.28571429rem .28571429rem 0 0}.ui[class*="top attached"].buttons .button:first-child{border-radius:.28571429rem 0 0 0}.ui[class*="top attached"].buttons .button:last-child{border-radius:0 .28571429rem 0 0}.ui[class*="bottom attached"].buttons{margin-top:-1px;border-radius:0 0 .28571429rem .28571429rem}.ui[class*="bottom attached"].buttons .button:first-child{border-radius:0 0 0 .28571429rem}.ui[class*="bottom attached"].buttons .button:last-child{border-radius:0 0 .28571429rem 0}.ui[class*="left attached"].buttons{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin-right:0;margin-left:-1px;border-radius:0 .28571429rem .28571429rem 0}.ui[class*="left attached"].buttons .button:first-child{margin-left:-1px;border-radius:0 .28571429rem 0 0}.ui[class*="left attached"].buttons .button:last-child{margin-left:-1px;border-radius:0 0 .28571429rem 0}.ui[class*="right attached"].buttons{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin-left:0;margin-right:-1px;border-radius:.28571429rem 0 0 .28571429rem}.ui[class*="right attached"].buttons .button:first-child{margin-left:-1px;border-radius:.28571429rem 0 0 0}.ui[class*="right attached"].buttons .button:last-child{margin-left:-1px;border-radius:0 0 0 .28571429rem}.ui.fluid.button,.ui.fluid.buttons{width:100%}.ui.fluid.button{display:block}.ui.two.buttons{width:100%}.ui.two.buttons>.button{width:50%}.ui.three.buttons{width:100%}.ui.three.buttons>.button{width:33.333%}.ui.four.buttons{width:100%}.ui.four.buttons>.button{width:25%}.ui.five.buttons{width:100%}.ui.five.buttons>.button{width:20%}.ui.six.buttons{width:100%}.ui.six.buttons>.button{width:16.666%}.ui.seven.buttons{width:100%}.ui.seven.buttons>.button{width:14.285%}.ui.eight.buttons{width:100%}.ui.eight.buttons>.button{width:12.5%}.ui.nine.buttons{width:100%}.ui.nine.buttons>.button{width:11.11%}.ui.ten.buttons{width:100%}.ui.ten.buttons>.button{width:10%}.ui.eleven.buttons{width:100%}.ui.eleven.buttons>.button{width:9.09%}.ui.twelve.buttons{width:100%}.ui.twelve.buttons>.button{width:8.3333%}.ui.fluid.vertical.buttons,.ui.fluid.vertical.buttons>.button{display:-webkit-box;display:-ms-flexbox;display:flex;width:auto}.ui.two.vertical.buttons>.button{height:50%}.ui.three.vertical.buttons>.button{height:33.333%}.ui.four.vertical.buttons>.button{height:25%}.ui.five.vertical.buttons>.button{height:20%}.ui.six.vertical.buttons>.button{height:16.666%}.ui.seven.vertical.buttons>.button{height:14.285%}.ui.eight.vertical.buttons>.button{height:12.5%}.ui.nine.vertical.buttons>.button{height:11.11%}.ui.ten.vertical.buttons>.button{height:10%}.ui.eleven.vertical.buttons>.button{height:9.09%}.ui.twelve.vertical.buttons>.button{height:8.3333%}.ui.black.button,.ui.black.buttons .button{background-color:#1b1c1d;color:#fff;text-shadow:none;background-image:none}.ui.black.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.black.button:hover,.ui.black.buttons .button:hover{background-color:#27292a;color:#fff;text-shadow:none}.ui.black.button:focus,.ui.black.buttons .button:focus{background-color:#2f3032;color:#fff;text-shadow:none}.ui.black.button:active,.ui.black.buttons .button:active{background-color:#343637;color:#fff;text-shadow:none}.ui.black.active.button,.ui.black.button .active.button:active,.ui.black.buttons .active.button,.ui.black.buttons .active.button:active{background-color:#0f0f10;color:#fff;text-shadow:none}.ui.basic.black.button,.ui.basic.black.buttons .button{-webkit-box-shadow:0 0 0 1px #1b1c1d inset!important;box-shadow:0 0 0 1px #1b1c1d inset!important;color:#1b1c1d!important}.ui.basic.black.button:hover,.ui.basic.black.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #27292a inset!important;box-shadow:0 0 0 1px #27292a inset!important;color:#27292a!important}.ui.basic.black.button:focus,.ui.basic.black.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #2f3032 inset!important;box-shadow:0 0 0 1px #2f3032 inset!important;color:#27292a!important}.ui.basic.black.active.button,.ui.basic.black.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #0f0f10 inset!important;box-shadow:0 0 0 1px #0f0f10 inset!important;color:#343637!important}.ui.basic.black.button:active,.ui.basic.black.buttons .button:active{-webkit-box-shadow:0 0 0 1px #343637 inset!important;box-shadow:0 0 0 1px #343637 inset!important;color:#343637!important}.ui.buttons:not(.vertical)>.basic.black.button:not(:first-child){margin-left:-1px}.ui.inverted.black.button,.ui.inverted.black.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #d4d4d5 inset!important;box-shadow:0 0 0 2px #d4d4d5 inset!important;color:#fff}.ui.inverted.black.button.active,.ui.inverted.black.button:active,.ui.inverted.black.button:focus,.ui.inverted.black.button:hover,.ui.inverted.black.buttons .button.active,.ui.inverted.black.buttons .button:active,.ui.inverted.black.buttons .button:focus,.ui.inverted.black.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.black.button:hover,.ui.inverted.black.buttons .button:hover{background-color:#000}.ui.inverted.black.button:focus,.ui.inverted.black.buttons .button:focus{background-color:#000}.ui.inverted.black.active.button,.ui.inverted.black.buttons .active.button{background-color:#000}.ui.inverted.black.button:active,.ui.inverted.black.buttons .button:active{background-color:#000}.ui.inverted.black.basic.button,.ui.inverted.black.basic.buttons .button,.ui.inverted.black.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.black.basic.button:hover,.ui.inverted.black.basic.buttons .button:hover,.ui.inverted.black.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #000 inset!important;box-shadow:0 0 0 2px #000 inset!important;color:#fff!important}.ui.inverted.black.basic.button:focus,.ui.inverted.black.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #000 inset!important;box-shadow:0 0 0 2px #000 inset!important;color:#545454!important}.ui.inverted.black.basic.active.button,.ui.inverted.black.basic.buttons .active.button,.ui.inverted.black.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #000 inset!important;box-shadow:0 0 0 2px #000 inset!important;color:#fff!important}.ui.inverted.black.basic.button:active,.ui.inverted.black.basic.buttons .button:active,.ui.inverted.black.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #000 inset!important;box-shadow:0 0 0 2px #000 inset!important;color:#fff!important}.ui.grey.button,.ui.grey.buttons .button{background-color:#767676;color:#fff;text-shadow:none;background-image:none}.ui.grey.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.grey.button:hover,.ui.grey.buttons .button:hover{background-color:#838383;color:#fff;text-shadow:none}.ui.grey.button:focus,.ui.grey.buttons .button:focus{background-color:#8a8a8a;color:#fff;text-shadow:none}.ui.grey.button:active,.ui.grey.buttons .button:active{background-color:#909090;color:#fff;text-shadow:none}.ui.grey.active.button,.ui.grey.button .active.button:active,.ui.grey.buttons .active.button,.ui.grey.buttons .active.button:active{background-color:#696969;color:#fff;text-shadow:none}.ui.basic.grey.button,.ui.basic.grey.buttons .button{-webkit-box-shadow:0 0 0 1px #767676 inset!important;box-shadow:0 0 0 1px #767676 inset!important;color:#767676!important}.ui.basic.grey.button:hover,.ui.basic.grey.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #838383 inset!important;box-shadow:0 0 0 1px #838383 inset!important;color:#838383!important}.ui.basic.grey.button:focus,.ui.basic.grey.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #8a8a8a inset!important;box-shadow:0 0 0 1px #8a8a8a inset!important;color:#838383!important}.ui.basic.grey.active.button,.ui.basic.grey.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #696969 inset!important;box-shadow:0 0 0 1px #696969 inset!important;color:#909090!important}.ui.basic.grey.button:active,.ui.basic.grey.buttons .button:active{-webkit-box-shadow:0 0 0 1px #909090 inset!important;box-shadow:0 0 0 1px #909090 inset!important;color:#909090!important}.ui.buttons:not(.vertical)>.basic.grey.button:not(:first-child){margin-left:-1px}.ui.inverted.grey.button,.ui.inverted.grey.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #d4d4d5 inset!important;box-shadow:0 0 0 2px #d4d4d5 inset!important;color:#fff}.ui.inverted.grey.button.active,.ui.inverted.grey.button:active,.ui.inverted.grey.button:focus,.ui.inverted.grey.button:hover,.ui.inverted.grey.buttons .button.active,.ui.inverted.grey.buttons .button:active,.ui.inverted.grey.buttons .button:focus,.ui.inverted.grey.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:rgba(0,0,0,.6)}.ui.inverted.grey.button:hover,.ui.inverted.grey.buttons .button:hover{background-color:#cfd0d2}.ui.inverted.grey.button:focus,.ui.inverted.grey.buttons .button:focus{background-color:#c7c9cb}.ui.inverted.grey.active.button,.ui.inverted.grey.buttons .active.button{background-color:#cfd0d2}.ui.inverted.grey.button:active,.ui.inverted.grey.buttons .button:active{background-color:#c2c4c5}.ui.inverted.grey.basic.button,.ui.inverted.grey.basic.buttons .button,.ui.inverted.grey.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.grey.basic.button:hover,.ui.inverted.grey.basic.buttons .button:hover,.ui.inverted.grey.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #cfd0d2 inset!important;box-shadow:0 0 0 2px #cfd0d2 inset!important;color:#fff!important}.ui.inverted.grey.basic.button:focus,.ui.inverted.grey.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #c7c9cb inset!important;box-shadow:0 0 0 2px #c7c9cb inset!important;color:#dcddde!important}.ui.inverted.grey.basic.active.button,.ui.inverted.grey.basic.buttons .active.button,.ui.inverted.grey.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #cfd0d2 inset!important;box-shadow:0 0 0 2px #cfd0d2 inset!important;color:#fff!important}.ui.inverted.grey.basic.button:active,.ui.inverted.grey.basic.buttons .button:active,.ui.inverted.grey.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #c2c4c5 inset!important;box-shadow:0 0 0 2px #c2c4c5 inset!important;color:#fff!important}.ui.brown.button,.ui.brown.buttons .button{background-color:#a5673f;color:#fff;text-shadow:none;background-image:none}.ui.brown.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.brown.button:hover,.ui.brown.buttons .button:hover{background-color:#975b33;color:#fff;text-shadow:none}.ui.brown.button:focus,.ui.brown.buttons .button:focus{background-color:#90532b;color:#fff;text-shadow:none}.ui.brown.button:active,.ui.brown.buttons .button:active{background-color:#805031;color:#fff;text-shadow:none}.ui.brown.active.button,.ui.brown.button .active.button:active,.ui.brown.buttons .active.button,.ui.brown.buttons .active.button:active{background-color:#995a31;color:#fff;text-shadow:none}.ui.basic.brown.button,.ui.basic.brown.buttons .button{-webkit-box-shadow:0 0 0 1px #a5673f inset!important;box-shadow:0 0 0 1px #a5673f inset!important;color:#a5673f!important}.ui.basic.brown.button:hover,.ui.basic.brown.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #975b33 inset!important;box-shadow:0 0 0 1px #975b33 inset!important;color:#975b33!important}.ui.basic.brown.button:focus,.ui.basic.brown.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #90532b inset!important;box-shadow:0 0 0 1px #90532b inset!important;color:#975b33!important}.ui.basic.brown.active.button,.ui.basic.brown.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #995a31 inset!important;box-shadow:0 0 0 1px #995a31 inset!important;color:#805031!important}.ui.basic.brown.button:active,.ui.basic.brown.buttons .button:active{-webkit-box-shadow:0 0 0 1px #805031 inset!important;box-shadow:0 0 0 1px #805031 inset!important;color:#805031!important}.ui.buttons:not(.vertical)>.basic.brown.button:not(:first-child){margin-left:-1px}.ui.inverted.brown.button,.ui.inverted.brown.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #d67c1c inset!important;box-shadow:0 0 0 2px #d67c1c inset!important;color:#d67c1c}.ui.inverted.brown.button.active,.ui.inverted.brown.button:active,.ui.inverted.brown.button:focus,.ui.inverted.brown.button:hover,.ui.inverted.brown.buttons .button.active,.ui.inverted.brown.buttons .button:active,.ui.inverted.brown.buttons .button:focus,.ui.inverted.brown.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.brown.button:hover,.ui.inverted.brown.buttons .button:hover{background-color:#c86f11}.ui.inverted.brown.button:focus,.ui.inverted.brown.buttons .button:focus{background-color:#c16808}.ui.inverted.brown.active.button,.ui.inverted.brown.buttons .active.button{background-color:#cc6f0d}.ui.inverted.brown.button:active,.ui.inverted.brown.buttons .button:active{background-color:#a96216}.ui.inverted.brown.basic.button,.ui.inverted.brown.basic.buttons .button,.ui.inverted.brown.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.brown.basic.button:hover,.ui.inverted.brown.basic.buttons .button:hover,.ui.inverted.brown.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #c86f11 inset!important;box-shadow:0 0 0 2px #c86f11 inset!important;color:#d67c1c!important}.ui.inverted.brown.basic.button:focus,.ui.inverted.brown.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #c16808 inset!important;box-shadow:0 0 0 2px #c16808 inset!important;color:#d67c1c!important}.ui.inverted.brown.basic.active.button,.ui.inverted.brown.basic.buttons .active.button,.ui.inverted.brown.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #cc6f0d inset!important;box-shadow:0 0 0 2px #cc6f0d inset!important;color:#d67c1c!important}.ui.inverted.brown.basic.button:active,.ui.inverted.brown.basic.buttons .button:active,.ui.inverted.brown.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #a96216 inset!important;box-shadow:0 0 0 2px #a96216 inset!important;color:#d67c1c!important}.ui.blue.button,.ui.blue.buttons .button{background-color:#2185d0;color:#fff;text-shadow:none;background-image:none}.ui.blue.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.blue.button:hover,.ui.blue.buttons .button:hover{background-color:#1678c2;color:#fff;text-shadow:none}.ui.blue.button:focus,.ui.blue.buttons .button:focus{background-color:#0d71bb;color:#fff;text-shadow:none}.ui.blue.button:active,.ui.blue.buttons .button:active{background-color:#1a69a4;color:#fff;text-shadow:none}.ui.blue.active.button,.ui.blue.button .active.button:active,.ui.blue.buttons .active.button,.ui.blue.buttons .active.button:active{background-color:#1279c6;color:#fff;text-shadow:none}.ui.basic.blue.button,.ui.basic.blue.buttons .button{-webkit-box-shadow:0 0 0 1px #2185d0 inset!important;box-shadow:0 0 0 1px #2185d0 inset!important;color:#2185d0!important}.ui.basic.blue.button:hover,.ui.basic.blue.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #1678c2 inset!important;box-shadow:0 0 0 1px #1678c2 inset!important;color:#1678c2!important}.ui.basic.blue.button:focus,.ui.basic.blue.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #0d71bb inset!important;box-shadow:0 0 0 1px #0d71bb inset!important;color:#1678c2!important}.ui.basic.blue.active.button,.ui.basic.blue.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #1279c6 inset!important;box-shadow:0 0 0 1px #1279c6 inset!important;color:#1a69a4!important}.ui.basic.blue.button:active,.ui.basic.blue.buttons .button:active{-webkit-box-shadow:0 0 0 1px #1a69a4 inset!important;box-shadow:0 0 0 1px #1a69a4 inset!important;color:#1a69a4!important}.ui.buttons:not(.vertical)>.basic.blue.button:not(:first-child){margin-left:-1px}.ui.inverted.blue.button,.ui.inverted.blue.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #54c8ff inset!important;box-shadow:0 0 0 2px #54c8ff inset!important;color:#54c8ff}.ui.inverted.blue.button.active,.ui.inverted.blue.button:active,.ui.inverted.blue.button:focus,.ui.inverted.blue.button:hover,.ui.inverted.blue.buttons .button.active,.ui.inverted.blue.buttons .button:active,.ui.inverted.blue.buttons .button:focus,.ui.inverted.blue.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.blue.button:hover,.ui.inverted.blue.buttons .button:hover{background-color:#3ac0ff}.ui.inverted.blue.button:focus,.ui.inverted.blue.buttons .button:focus{background-color:#2bbbff}.ui.inverted.blue.active.button,.ui.inverted.blue.buttons .active.button{background-color:#3ac0ff}.ui.inverted.blue.button:active,.ui.inverted.blue.buttons .button:active{background-color:#21b8ff}.ui.inverted.blue.basic.button,.ui.inverted.blue.basic.buttons .button,.ui.inverted.blue.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.blue.basic.button:hover,.ui.inverted.blue.basic.buttons .button:hover,.ui.inverted.blue.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #3ac0ff inset!important;box-shadow:0 0 0 2px #3ac0ff inset!important;color:#54c8ff!important}.ui.inverted.blue.basic.button:focus,.ui.inverted.blue.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #2bbbff inset!important;box-shadow:0 0 0 2px #2bbbff inset!important;color:#54c8ff!important}.ui.inverted.blue.basic.active.button,.ui.inverted.blue.basic.buttons .active.button,.ui.inverted.blue.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #3ac0ff inset!important;box-shadow:0 0 0 2px #3ac0ff inset!important;color:#54c8ff!important}.ui.inverted.blue.basic.button:active,.ui.inverted.blue.basic.buttons .button:active,.ui.inverted.blue.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #21b8ff inset!important;box-shadow:0 0 0 2px #21b8ff inset!important;color:#54c8ff!important}.ui.green.button,.ui.green.buttons .button{background-color:#21ba45;color:#fff;text-shadow:none;background-image:none}.ui.green.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.green.button:hover,.ui.green.buttons .button:hover{background-color:#16ab39;color:#fff;text-shadow:none}.ui.green.button:focus,.ui.green.buttons .button:focus{background-color:#0ea432;color:#fff;text-shadow:none}.ui.green.button:active,.ui.green.buttons .button:active{background-color:#198f35;color:#fff;text-shadow:none}.ui.green.active.button,.ui.green.button .active.button:active,.ui.green.buttons .active.button,.ui.green.buttons .active.button:active{background-color:#13ae38;color:#fff;text-shadow:none}.ui.basic.green.button,.ui.basic.green.buttons .button{-webkit-box-shadow:0 0 0 1px #21ba45 inset!important;box-shadow:0 0 0 1px #21ba45 inset!important;color:#21ba45!important}.ui.basic.green.button:hover,.ui.basic.green.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #16ab39 inset!important;box-shadow:0 0 0 1px #16ab39 inset!important;color:#16ab39!important}.ui.basic.green.button:focus,.ui.basic.green.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #0ea432 inset!important;box-shadow:0 0 0 1px #0ea432 inset!important;color:#16ab39!important}.ui.basic.green.active.button,.ui.basic.green.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #13ae38 inset!important;box-shadow:0 0 0 1px #13ae38 inset!important;color:#198f35!important}.ui.basic.green.button:active,.ui.basic.green.buttons .button:active{-webkit-box-shadow:0 0 0 1px #198f35 inset!important;box-shadow:0 0 0 1px #198f35 inset!important;color:#198f35!important}.ui.buttons:not(.vertical)>.basic.green.button:not(:first-child){margin-left:-1px}.ui.inverted.green.button,.ui.inverted.green.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #2ecc40 inset!important;box-shadow:0 0 0 2px #2ecc40 inset!important;color:#2ecc40}.ui.inverted.green.button.active,.ui.inverted.green.button:active,.ui.inverted.green.button:focus,.ui.inverted.green.button:hover,.ui.inverted.green.buttons .button.active,.ui.inverted.green.buttons .button:active,.ui.inverted.green.buttons .button:focus,.ui.inverted.green.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.green.button:hover,.ui.inverted.green.buttons .button:hover{background-color:#22be34}.ui.inverted.green.button:focus,.ui.inverted.green.buttons .button:focus{background-color:#19b82b}.ui.inverted.green.active.button,.ui.inverted.green.buttons .active.button{background-color:#1fc231}.ui.inverted.green.button:active,.ui.inverted.green.buttons .button:active{background-color:#25a233}.ui.inverted.green.basic.button,.ui.inverted.green.basic.buttons .button,.ui.inverted.green.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.green.basic.button:hover,.ui.inverted.green.basic.buttons .button:hover,.ui.inverted.green.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #22be34 inset!important;box-shadow:0 0 0 2px #22be34 inset!important;color:#2ecc40!important}.ui.inverted.green.basic.button:focus,.ui.inverted.green.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #19b82b inset!important;box-shadow:0 0 0 2px #19b82b inset!important;color:#2ecc40!important}.ui.inverted.green.basic.active.button,.ui.inverted.green.basic.buttons .active.button,.ui.inverted.green.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #1fc231 inset!important;box-shadow:0 0 0 2px #1fc231 inset!important;color:#2ecc40!important}.ui.inverted.green.basic.button:active,.ui.inverted.green.basic.buttons .button:active,.ui.inverted.green.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #25a233 inset!important;box-shadow:0 0 0 2px #25a233 inset!important;color:#2ecc40!important}.ui.orange.button,.ui.orange.buttons .button{background-color:#f2711c;color:#fff;text-shadow:none;background-image:none}.ui.orange.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.orange.button:hover,.ui.orange.buttons .button:hover{background-color:#f26202;color:#fff;text-shadow:none}.ui.orange.button:focus,.ui.orange.buttons .button:focus{background-color:#e55b00;color:#fff;text-shadow:none}.ui.orange.button:active,.ui.orange.buttons .button:active{background-color:#cf590c;color:#fff;text-shadow:none}.ui.orange.active.button,.ui.orange.button .active.button:active,.ui.orange.buttons .active.button,.ui.orange.buttons .active.button:active{background-color:#f56100;color:#fff;text-shadow:none}.ui.basic.orange.button,.ui.basic.orange.buttons .button{-webkit-box-shadow:0 0 0 1px #f2711c inset!important;box-shadow:0 0 0 1px #f2711c inset!important;color:#f2711c!important}.ui.basic.orange.button:hover,.ui.basic.orange.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #f26202 inset!important;box-shadow:0 0 0 1px #f26202 inset!important;color:#f26202!important}.ui.basic.orange.button:focus,.ui.basic.orange.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #e55b00 inset!important;box-shadow:0 0 0 1px #e55b00 inset!important;color:#f26202!important}.ui.basic.orange.active.button,.ui.basic.orange.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #f56100 inset!important;box-shadow:0 0 0 1px #f56100 inset!important;color:#cf590c!important}.ui.basic.orange.button:active,.ui.basic.orange.buttons .button:active{-webkit-box-shadow:0 0 0 1px #cf590c inset!important;box-shadow:0 0 0 1px #cf590c inset!important;color:#cf590c!important}.ui.buttons:not(.vertical)>.basic.orange.button:not(:first-child){margin-left:-1px}.ui.inverted.orange.button,.ui.inverted.orange.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #ff851b inset!important;box-shadow:0 0 0 2px #ff851b inset!important;color:#ff851b}.ui.inverted.orange.button.active,.ui.inverted.orange.button:active,.ui.inverted.orange.button:focus,.ui.inverted.orange.button:hover,.ui.inverted.orange.buttons .button.active,.ui.inverted.orange.buttons .button:active,.ui.inverted.orange.buttons .button:focus,.ui.inverted.orange.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.orange.button:hover,.ui.inverted.orange.buttons .button:hover{background-color:#ff7701}.ui.inverted.orange.button:focus,.ui.inverted.orange.buttons .button:focus{background-color:#f17000}.ui.inverted.orange.active.button,.ui.inverted.orange.buttons .active.button{background-color:#ff7701}.ui.inverted.orange.button:active,.ui.inverted.orange.buttons .button:active{background-color:#e76b00}.ui.inverted.orange.basic.button,.ui.inverted.orange.basic.buttons .button,.ui.inverted.orange.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.orange.basic.button:hover,.ui.inverted.orange.basic.buttons .button:hover,.ui.inverted.orange.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #ff7701 inset!important;box-shadow:0 0 0 2px #ff7701 inset!important;color:#ff851b!important}.ui.inverted.orange.basic.button:focus,.ui.inverted.orange.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #f17000 inset!important;box-shadow:0 0 0 2px #f17000 inset!important;color:#ff851b!important}.ui.inverted.orange.basic.active.button,.ui.inverted.orange.basic.buttons .active.button,.ui.inverted.orange.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #ff7701 inset!important;box-shadow:0 0 0 2px #ff7701 inset!important;color:#ff851b!important}.ui.inverted.orange.basic.button:active,.ui.inverted.orange.basic.buttons .button:active,.ui.inverted.orange.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #e76b00 inset!important;box-shadow:0 0 0 2px #e76b00 inset!important;color:#ff851b!important}.ui.pink.button,.ui.pink.buttons .button{background-color:#e03997;color:#fff;text-shadow:none;background-image:none}.ui.pink.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.pink.button:hover,.ui.pink.buttons .button:hover{background-color:#e61a8d;color:#fff;text-shadow:none}.ui.pink.button:focus,.ui.pink.buttons .button:focus{background-color:#e10f85;color:#fff;text-shadow:none}.ui.pink.button:active,.ui.pink.buttons .button:active{background-color:#c71f7e;color:#fff;text-shadow:none}.ui.pink.active.button,.ui.pink.button .active.button:active,.ui.pink.buttons .active.button,.ui.pink.buttons .active.button:active{background-color:#ea158d;color:#fff;text-shadow:none}.ui.basic.pink.button,.ui.basic.pink.buttons .button{-webkit-box-shadow:0 0 0 1px #e03997 inset!important;box-shadow:0 0 0 1px #e03997 inset!important;color:#e03997!important}.ui.basic.pink.button:hover,.ui.basic.pink.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #e61a8d inset!important;box-shadow:0 0 0 1px #e61a8d inset!important;color:#e61a8d!important}.ui.basic.pink.button:focus,.ui.basic.pink.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #e10f85 inset!important;box-shadow:0 0 0 1px #e10f85 inset!important;color:#e61a8d!important}.ui.basic.pink.active.button,.ui.basic.pink.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #ea158d inset!important;box-shadow:0 0 0 1px #ea158d inset!important;color:#c71f7e!important}.ui.basic.pink.button:active,.ui.basic.pink.buttons .button:active{-webkit-box-shadow:0 0 0 1px #c71f7e inset!important;box-shadow:0 0 0 1px #c71f7e inset!important;color:#c71f7e!important}.ui.buttons:not(.vertical)>.basic.pink.button:not(:first-child){margin-left:-1px}.ui.inverted.pink.button,.ui.inverted.pink.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #ff8edf inset!important;box-shadow:0 0 0 2px #ff8edf inset!important;color:#ff8edf}.ui.inverted.pink.button.active,.ui.inverted.pink.button:active,.ui.inverted.pink.button:focus,.ui.inverted.pink.button:hover,.ui.inverted.pink.buttons .button.active,.ui.inverted.pink.buttons .button:active,.ui.inverted.pink.buttons .button:focus,.ui.inverted.pink.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.pink.button:hover,.ui.inverted.pink.buttons .button:hover{background-color:#ff74d8}.ui.inverted.pink.button:focus,.ui.inverted.pink.buttons .button:focus{background-color:#ff65d3}.ui.inverted.pink.active.button,.ui.inverted.pink.buttons .active.button{background-color:#ff74d8}.ui.inverted.pink.button:active,.ui.inverted.pink.buttons .button:active{background-color:#ff5bd1}.ui.inverted.pink.basic.button,.ui.inverted.pink.basic.buttons .button,.ui.inverted.pink.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.pink.basic.button:hover,.ui.inverted.pink.basic.buttons .button:hover,.ui.inverted.pink.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #ff74d8 inset!important;box-shadow:0 0 0 2px #ff74d8 inset!important;color:#ff8edf!important}.ui.inverted.pink.basic.button:focus,.ui.inverted.pink.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #ff65d3 inset!important;box-shadow:0 0 0 2px #ff65d3 inset!important;color:#ff8edf!important}.ui.inverted.pink.basic.active.button,.ui.inverted.pink.basic.buttons .active.button,.ui.inverted.pink.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #ff74d8 inset!important;box-shadow:0 0 0 2px #ff74d8 inset!important;color:#ff8edf!important}.ui.inverted.pink.basic.button:active,.ui.inverted.pink.basic.buttons .button:active,.ui.inverted.pink.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #ff5bd1 inset!important;box-shadow:0 0 0 2px #ff5bd1 inset!important;color:#ff8edf!important}.ui.violet.button,.ui.violet.buttons .button{background-color:#6435c9;color:#fff;text-shadow:none;background-image:none}.ui.violet.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.violet.button:hover,.ui.violet.buttons .button:hover{background-color:#5829bb;color:#fff;text-shadow:none}.ui.violet.button:focus,.ui.violet.buttons .button:focus{background-color:#4f20b5;color:#fff;text-shadow:none}.ui.violet.button:active,.ui.violet.buttons .button:active{background-color:#502aa1;color:#fff;text-shadow:none}.ui.violet.active.button,.ui.violet.button .active.button:active,.ui.violet.buttons .active.button,.ui.violet.buttons .active.button:active{background-color:#5626bf;color:#fff;text-shadow:none}.ui.basic.violet.button,.ui.basic.violet.buttons .button{-webkit-box-shadow:0 0 0 1px #6435c9 inset!important;box-shadow:0 0 0 1px #6435c9 inset!important;color:#6435c9!important}.ui.basic.violet.button:hover,.ui.basic.violet.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #5829bb inset!important;box-shadow:0 0 0 1px #5829bb inset!important;color:#5829bb!important}.ui.basic.violet.button:focus,.ui.basic.violet.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #4f20b5 inset!important;box-shadow:0 0 0 1px #4f20b5 inset!important;color:#5829bb!important}.ui.basic.violet.active.button,.ui.basic.violet.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #5626bf inset!important;box-shadow:0 0 0 1px #5626bf inset!important;color:#502aa1!important}.ui.basic.violet.button:active,.ui.basic.violet.buttons .button:active{-webkit-box-shadow:0 0 0 1px #502aa1 inset!important;box-shadow:0 0 0 1px #502aa1 inset!important;color:#502aa1!important}.ui.buttons:not(.vertical)>.basic.violet.button:not(:first-child){margin-left:-1px}.ui.inverted.violet.button,.ui.inverted.violet.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #a291fb inset!important;box-shadow:0 0 0 2px #a291fb inset!important;color:#a291fb}.ui.inverted.violet.button.active,.ui.inverted.violet.button:active,.ui.inverted.violet.button:focus,.ui.inverted.violet.button:hover,.ui.inverted.violet.buttons .button.active,.ui.inverted.violet.buttons .button:active,.ui.inverted.violet.buttons .button:focus,.ui.inverted.violet.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.violet.button:hover,.ui.inverted.violet.buttons .button:hover{background-color:#8a73ff}.ui.inverted.violet.button:focus,.ui.inverted.violet.buttons .button:focus{background-color:#7d64ff}.ui.inverted.violet.active.button,.ui.inverted.violet.buttons .active.button{background-color:#8a73ff}.ui.inverted.violet.button:active,.ui.inverted.violet.buttons .button:active{background-color:#7860f9}.ui.inverted.violet.basic.button,.ui.inverted.violet.basic.buttons .button,.ui.inverted.violet.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.violet.basic.button:hover,.ui.inverted.violet.basic.buttons .button:hover,.ui.inverted.violet.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #8a73ff inset!important;box-shadow:0 0 0 2px #8a73ff inset!important;color:#a291fb!important}.ui.inverted.violet.basic.button:focus,.ui.inverted.violet.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #7d64ff inset!important;box-shadow:0 0 0 2px #7d64ff inset!important;color:#a291fb!important}.ui.inverted.violet.basic.active.button,.ui.inverted.violet.basic.buttons .active.button,.ui.inverted.violet.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #8a73ff inset!important;box-shadow:0 0 0 2px #8a73ff inset!important;color:#a291fb!important}.ui.inverted.violet.basic.button:active,.ui.inverted.violet.basic.buttons .button:active,.ui.inverted.violet.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #7860f9 inset!important;box-shadow:0 0 0 2px #7860f9 inset!important;color:#a291fb!important}.ui.purple.button,.ui.purple.buttons .button{background-color:#a333c8;color:#fff;text-shadow:none;background-image:none}.ui.purple.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.purple.button:hover,.ui.purple.buttons .button:hover{background-color:#9627ba;color:#fff;text-shadow:none}.ui.purple.button:focus,.ui.purple.buttons .button:focus{background-color:#8f1eb4;color:#fff;text-shadow:none}.ui.purple.button:active,.ui.purple.buttons .button:active{background-color:#82299f;color:#fff;text-shadow:none}.ui.purple.active.button,.ui.purple.button .active.button:active,.ui.purple.buttons .active.button,.ui.purple.buttons .active.button:active{background-color:#9724be;color:#fff;text-shadow:none}.ui.basic.purple.button,.ui.basic.purple.buttons .button{-webkit-box-shadow:0 0 0 1px #a333c8 inset!important;box-shadow:0 0 0 1px #a333c8 inset!important;color:#a333c8!important}.ui.basic.purple.button:hover,.ui.basic.purple.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #9627ba inset!important;box-shadow:0 0 0 1px #9627ba inset!important;color:#9627ba!important}.ui.basic.purple.button:focus,.ui.basic.purple.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #8f1eb4 inset!important;box-shadow:0 0 0 1px #8f1eb4 inset!important;color:#9627ba!important}.ui.basic.purple.active.button,.ui.basic.purple.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #9724be inset!important;box-shadow:0 0 0 1px #9724be inset!important;color:#82299f!important}.ui.basic.purple.button:active,.ui.basic.purple.buttons .button:active{-webkit-box-shadow:0 0 0 1px #82299f inset!important;box-shadow:0 0 0 1px #82299f inset!important;color:#82299f!important}.ui.buttons:not(.vertical)>.basic.purple.button:not(:first-child){margin-left:-1px}.ui.inverted.purple.button,.ui.inverted.purple.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #dc73ff inset!important;box-shadow:0 0 0 2px #dc73ff inset!important;color:#dc73ff}.ui.inverted.purple.button.active,.ui.inverted.purple.button:active,.ui.inverted.purple.button:focus,.ui.inverted.purple.button:hover,.ui.inverted.purple.buttons .button.active,.ui.inverted.purple.buttons .button:active,.ui.inverted.purple.buttons .button:focus,.ui.inverted.purple.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.purple.button:hover,.ui.inverted.purple.buttons .button:hover{background-color:#d65aff}.ui.inverted.purple.button:focus,.ui.inverted.purple.buttons .button:focus{background-color:#d24aff}.ui.inverted.purple.active.button,.ui.inverted.purple.buttons .active.button{background-color:#d65aff}.ui.inverted.purple.button:active,.ui.inverted.purple.buttons .button:active{background-color:#cf40ff}.ui.inverted.purple.basic.button,.ui.inverted.purple.basic.buttons .button,.ui.inverted.purple.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.purple.basic.button:hover,.ui.inverted.purple.basic.buttons .button:hover,.ui.inverted.purple.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #d65aff inset!important;box-shadow:0 0 0 2px #d65aff inset!important;color:#dc73ff!important}.ui.inverted.purple.basic.button:focus,.ui.inverted.purple.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #d24aff inset!important;box-shadow:0 0 0 2px #d24aff inset!important;color:#dc73ff!important}.ui.inverted.purple.basic.active.button,.ui.inverted.purple.basic.buttons .active.button,.ui.inverted.purple.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #d65aff inset!important;box-shadow:0 0 0 2px #d65aff inset!important;color:#dc73ff!important}.ui.inverted.purple.basic.button:active,.ui.inverted.purple.basic.buttons .button:active,.ui.inverted.purple.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #cf40ff inset!important;box-shadow:0 0 0 2px #cf40ff inset!important;color:#dc73ff!important}.ui.red.button,.ui.red.buttons .button{background-color:#db2828;color:#fff;text-shadow:none;background-image:none}.ui.red.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.red.button:hover,.ui.red.buttons .button:hover{background-color:#d01919;color:#fff;text-shadow:none}.ui.red.button:focus,.ui.red.buttons .button:focus{background-color:#ca1010;color:#fff;text-shadow:none}.ui.red.button:active,.ui.red.buttons .button:active{background-color:#b21e1e;color:#fff;text-shadow:none}.ui.red.active.button,.ui.red.button .active.button:active,.ui.red.buttons .active.button,.ui.red.buttons .active.button:active{background-color:#d41515;color:#fff;text-shadow:none}.ui.basic.red.button,.ui.basic.red.buttons .button{-webkit-box-shadow:0 0 0 1px #db2828 inset!important;box-shadow:0 0 0 1px #db2828 inset!important;color:#db2828!important}.ui.basic.red.button:hover,.ui.basic.red.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #d01919 inset!important;box-shadow:0 0 0 1px #d01919 inset!important;color:#d01919!important}.ui.basic.red.button:focus,.ui.basic.red.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #ca1010 inset!important;box-shadow:0 0 0 1px #ca1010 inset!important;color:#d01919!important}.ui.basic.red.active.button,.ui.basic.red.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #d41515 inset!important;box-shadow:0 0 0 1px #d41515 inset!important;color:#b21e1e!important}.ui.basic.red.button:active,.ui.basic.red.buttons .button:active{-webkit-box-shadow:0 0 0 1px #b21e1e inset!important;box-shadow:0 0 0 1px #b21e1e inset!important;color:#b21e1e!important}.ui.buttons:not(.vertical)>.basic.red.button:not(:first-child){margin-left:-1px}.ui.inverted.red.button,.ui.inverted.red.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #ff695e inset!important;box-shadow:0 0 0 2px #ff695e inset!important;color:#ff695e}.ui.inverted.red.button.active,.ui.inverted.red.button:active,.ui.inverted.red.button:focus,.ui.inverted.red.button:hover,.ui.inverted.red.buttons .button.active,.ui.inverted.red.buttons .button:active,.ui.inverted.red.buttons .button:focus,.ui.inverted.red.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.red.button:hover,.ui.inverted.red.buttons .button:hover{background-color:#ff5144}.ui.inverted.red.button:focus,.ui.inverted.red.buttons .button:focus{background-color:#ff4335}.ui.inverted.red.active.button,.ui.inverted.red.buttons .active.button{background-color:#ff5144}.ui.inverted.red.button:active,.ui.inverted.red.buttons .button:active{background-color:#ff392b}.ui.inverted.red.basic.button,.ui.inverted.red.basic.buttons .button,.ui.inverted.red.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.red.basic.button:hover,.ui.inverted.red.basic.buttons .button:hover,.ui.inverted.red.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #ff5144 inset!important;box-shadow:0 0 0 2px #ff5144 inset!important;color:#ff695e!important}.ui.inverted.red.basic.button:focus,.ui.inverted.red.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #ff4335 inset!important;box-shadow:0 0 0 2px #ff4335 inset!important;color:#ff695e!important}.ui.inverted.red.basic.active.button,.ui.inverted.red.basic.buttons .active.button,.ui.inverted.red.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #ff5144 inset!important;box-shadow:0 0 0 2px #ff5144 inset!important;color:#ff695e!important}.ui.inverted.red.basic.button:active,.ui.inverted.red.basic.buttons .button:active,.ui.inverted.red.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #ff392b inset!important;box-shadow:0 0 0 2px #ff392b inset!important;color:#ff695e!important}.ui.teal.button,.ui.teal.buttons .button{background-color:#00b5ad;color:#fff;text-shadow:none;background-image:none}.ui.teal.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.teal.button:hover,.ui.teal.buttons .button:hover{background-color:#009c95;color:#fff;text-shadow:none}.ui.teal.button:focus,.ui.teal.buttons .button:focus{background-color:#008c86;color:#fff;text-shadow:none}.ui.teal.button:active,.ui.teal.buttons .button:active{background-color:#00827c;color:#fff;text-shadow:none}.ui.teal.active.button,.ui.teal.button .active.button:active,.ui.teal.buttons .active.button,.ui.teal.buttons .active.button:active{background-color:#009c95;color:#fff;text-shadow:none}.ui.basic.teal.button,.ui.basic.teal.buttons .button{-webkit-box-shadow:0 0 0 1px #00b5ad inset!important;box-shadow:0 0 0 1px #00b5ad inset!important;color:#00b5ad!important}.ui.basic.teal.button:hover,.ui.basic.teal.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #009c95 inset!important;box-shadow:0 0 0 1px #009c95 inset!important;color:#009c95!important}.ui.basic.teal.button:focus,.ui.basic.teal.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #008c86 inset!important;box-shadow:0 0 0 1px #008c86 inset!important;color:#009c95!important}.ui.basic.teal.active.button,.ui.basic.teal.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #009c95 inset!important;box-shadow:0 0 0 1px #009c95 inset!important;color:#00827c!important}.ui.basic.teal.button:active,.ui.basic.teal.buttons .button:active{-webkit-box-shadow:0 0 0 1px #00827c inset!important;box-shadow:0 0 0 1px #00827c inset!important;color:#00827c!important}.ui.buttons:not(.vertical)>.basic.teal.button:not(:first-child){margin-left:-1px}.ui.inverted.teal.button,.ui.inverted.teal.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #6dffff inset!important;box-shadow:0 0 0 2px #6dffff inset!important;color:#6dffff}.ui.inverted.teal.button.active,.ui.inverted.teal.button:active,.ui.inverted.teal.button:focus,.ui.inverted.teal.button:hover,.ui.inverted.teal.buttons .button.active,.ui.inverted.teal.buttons .button:active,.ui.inverted.teal.buttons .button:focus,.ui.inverted.teal.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:rgba(0,0,0,.6)}.ui.inverted.teal.button:hover,.ui.inverted.teal.buttons .button:hover{background-color:#54ffff}.ui.inverted.teal.button:focus,.ui.inverted.teal.buttons .button:focus{background-color:#4ff}.ui.inverted.teal.active.button,.ui.inverted.teal.buttons .active.button{background-color:#54ffff}.ui.inverted.teal.button:active,.ui.inverted.teal.buttons .button:active{background-color:#3affff}.ui.inverted.teal.basic.button,.ui.inverted.teal.basic.buttons .button,.ui.inverted.teal.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.teal.basic.button:hover,.ui.inverted.teal.basic.buttons .button:hover,.ui.inverted.teal.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #54ffff inset!important;box-shadow:0 0 0 2px #54ffff inset!important;color:#6dffff!important}.ui.inverted.teal.basic.button:focus,.ui.inverted.teal.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #4ff inset!important;box-shadow:0 0 0 2px #4ff inset!important;color:#6dffff!important}.ui.inverted.teal.basic.active.button,.ui.inverted.teal.basic.buttons .active.button,.ui.inverted.teal.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #54ffff inset!important;box-shadow:0 0 0 2px #54ffff inset!important;color:#6dffff!important}.ui.inverted.teal.basic.button:active,.ui.inverted.teal.basic.buttons .button:active,.ui.inverted.teal.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #3affff inset!important;box-shadow:0 0 0 2px #3affff inset!important;color:#6dffff!important}.ui.olive.button,.ui.olive.buttons .button{background-color:#b5cc18;color:#fff;text-shadow:none;background-image:none}.ui.olive.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.olive.button:hover,.ui.olive.buttons .button:hover{background-color:#a7bd0d;color:#fff;text-shadow:none}.ui.olive.button:focus,.ui.olive.buttons .button:focus{background-color:#a0b605;color:#fff;text-shadow:none}.ui.olive.button:active,.ui.olive.buttons .button:active{background-color:#8d9e13;color:#fff;text-shadow:none}.ui.olive.active.button,.ui.olive.button .active.button:active,.ui.olive.buttons .active.button,.ui.olive.buttons .active.button:active{background-color:#aac109;color:#fff;text-shadow:none}.ui.basic.olive.button,.ui.basic.olive.buttons .button{-webkit-box-shadow:0 0 0 1px #b5cc18 inset!important;box-shadow:0 0 0 1px #b5cc18 inset!important;color:#b5cc18!important}.ui.basic.olive.button:hover,.ui.basic.olive.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #a7bd0d inset!important;box-shadow:0 0 0 1px #a7bd0d inset!important;color:#a7bd0d!important}.ui.basic.olive.button:focus,.ui.basic.olive.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #a0b605 inset!important;box-shadow:0 0 0 1px #a0b605 inset!important;color:#a7bd0d!important}.ui.basic.olive.active.button,.ui.basic.olive.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #aac109 inset!important;box-shadow:0 0 0 1px #aac109 inset!important;color:#8d9e13!important}.ui.basic.olive.button:active,.ui.basic.olive.buttons .button:active{-webkit-box-shadow:0 0 0 1px #8d9e13 inset!important;box-shadow:0 0 0 1px #8d9e13 inset!important;color:#8d9e13!important}.ui.buttons:not(.vertical)>.basic.olive.button:not(:first-child){margin-left:-1px}.ui.inverted.olive.button,.ui.inverted.olive.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #d9e778 inset!important;box-shadow:0 0 0 2px #d9e778 inset!important;color:#d9e778}.ui.inverted.olive.button.active,.ui.inverted.olive.button:active,.ui.inverted.olive.button:focus,.ui.inverted.olive.button:hover,.ui.inverted.olive.buttons .button.active,.ui.inverted.olive.buttons .button:active,.ui.inverted.olive.buttons .button:focus,.ui.inverted.olive.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:rgba(0,0,0,.6)}.ui.inverted.olive.button:hover,.ui.inverted.olive.buttons .button:hover{background-color:#d8ea5c}.ui.inverted.olive.button:focus,.ui.inverted.olive.buttons .button:focus{background-color:#daef47}.ui.inverted.olive.active.button,.ui.inverted.olive.buttons .active.button{background-color:#daed59}.ui.inverted.olive.button:active,.ui.inverted.olive.buttons .button:active{background-color:#cddf4d}.ui.inverted.olive.basic.button,.ui.inverted.olive.basic.buttons .button,.ui.inverted.olive.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.olive.basic.button:hover,.ui.inverted.olive.basic.buttons .button:hover,.ui.inverted.olive.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #d8ea5c inset!important;box-shadow:0 0 0 2px #d8ea5c inset!important;color:#d9e778!important}.ui.inverted.olive.basic.button:focus,.ui.inverted.olive.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #daef47 inset!important;box-shadow:0 0 0 2px #daef47 inset!important;color:#d9e778!important}.ui.inverted.olive.basic.active.button,.ui.inverted.olive.basic.buttons .active.button,.ui.inverted.olive.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #daed59 inset!important;box-shadow:0 0 0 2px #daed59 inset!important;color:#d9e778!important}.ui.inverted.olive.basic.button:active,.ui.inverted.olive.basic.buttons .button:active,.ui.inverted.olive.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #cddf4d inset!important;box-shadow:0 0 0 2px #cddf4d inset!important;color:#d9e778!important}.ui.yellow.button,.ui.yellow.buttons .button{background-color:#fbbd08;color:#fff;text-shadow:none;background-image:none}.ui.yellow.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.yellow.button:hover,.ui.yellow.buttons .button:hover{background-color:#eaae00;color:#fff;text-shadow:none}.ui.yellow.button:focus,.ui.yellow.buttons .button:focus{background-color:#daa300;color:#fff;text-shadow:none}.ui.yellow.button:active,.ui.yellow.buttons .button:active{background-color:#cd9903;color:#fff;text-shadow:none}.ui.yellow.active.button,.ui.yellow.button .active.button:active,.ui.yellow.buttons .active.button,.ui.yellow.buttons .active.button:active{background-color:#eaae00;color:#fff;text-shadow:none}.ui.basic.yellow.button,.ui.basic.yellow.buttons .button{-webkit-box-shadow:0 0 0 1px #fbbd08 inset!important;box-shadow:0 0 0 1px #fbbd08 inset!important;color:#fbbd08!important}.ui.basic.yellow.button:hover,.ui.basic.yellow.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #eaae00 inset!important;box-shadow:0 0 0 1px #eaae00 inset!important;color:#eaae00!important}.ui.basic.yellow.button:focus,.ui.basic.yellow.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #daa300 inset!important;box-shadow:0 0 0 1px #daa300 inset!important;color:#eaae00!important}.ui.basic.yellow.active.button,.ui.basic.yellow.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #eaae00 inset!important;box-shadow:0 0 0 1px #eaae00 inset!important;color:#cd9903!important}.ui.basic.yellow.button:active,.ui.basic.yellow.buttons .button:active{-webkit-box-shadow:0 0 0 1px #cd9903 inset!important;box-shadow:0 0 0 1px #cd9903 inset!important;color:#cd9903!important}.ui.buttons:not(.vertical)>.basic.yellow.button:not(:first-child){margin-left:-1px}.ui.inverted.yellow.button,.ui.inverted.yellow.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #ffe21f inset!important;box-shadow:0 0 0 2px #ffe21f inset!important;color:#ffe21f}.ui.inverted.yellow.button.active,.ui.inverted.yellow.button:active,.ui.inverted.yellow.button:focus,.ui.inverted.yellow.button:hover,.ui.inverted.yellow.buttons .button.active,.ui.inverted.yellow.buttons .button:active,.ui.inverted.yellow.buttons .button:focus,.ui.inverted.yellow.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:rgba(0,0,0,.6)}.ui.inverted.yellow.button:hover,.ui.inverted.yellow.buttons .button:hover{background-color:#ffdf05}.ui.inverted.yellow.button:focus,.ui.inverted.yellow.buttons .button:focus{background-color:#f5d500}.ui.inverted.yellow.active.button,.ui.inverted.yellow.buttons .active.button{background-color:#ffdf05}.ui.inverted.yellow.button:active,.ui.inverted.yellow.buttons .button:active{background-color:#ebcd00}.ui.inverted.yellow.basic.button,.ui.inverted.yellow.basic.buttons .button,.ui.inverted.yellow.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.yellow.basic.button:hover,.ui.inverted.yellow.basic.buttons .button:hover,.ui.inverted.yellow.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #ffdf05 inset!important;box-shadow:0 0 0 2px #ffdf05 inset!important;color:#ffe21f!important}.ui.inverted.yellow.basic.button:focus,.ui.inverted.yellow.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #f5d500 inset!important;box-shadow:0 0 0 2px #f5d500 inset!important;color:#ffe21f!important}.ui.inverted.yellow.basic.active.button,.ui.inverted.yellow.basic.buttons .active.button,.ui.inverted.yellow.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #ffdf05 inset!important;box-shadow:0 0 0 2px #ffdf05 inset!important;color:#ffe21f!important}.ui.inverted.yellow.basic.button:active,.ui.inverted.yellow.basic.buttons .button:active,.ui.inverted.yellow.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #ebcd00 inset!important;box-shadow:0 0 0 2px #ebcd00 inset!important;color:#ffe21f!important}.ui.primary.button,.ui.primary.buttons .button{background-color:#2185d0;color:#fff;text-shadow:none;background-image:none}.ui.primary.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.primary.button:hover,.ui.primary.buttons .button:hover{background-color:#1678c2;color:#fff;text-shadow:none}.ui.primary.button:focus,.ui.primary.buttons .button:focus{background-color:#0d71bb;color:#fff;text-shadow:none}.ui.primary.button:active,.ui.primary.buttons .button:active{background-color:#1a69a4;color:#fff;text-shadow:none}.ui.primary.active.button,.ui.primary.button .active.button:active,.ui.primary.buttons .active.button,.ui.primary.buttons .active.button:active{background-color:#1279c6;color:#fff;text-shadow:none}.ui.basic.primary.button,.ui.basic.primary.buttons .button{-webkit-box-shadow:0 0 0 1px #2185d0 inset!important;box-shadow:0 0 0 1px #2185d0 inset!important;color:#2185d0!important}.ui.basic.primary.button:hover,.ui.basic.primary.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #1678c2 inset!important;box-shadow:0 0 0 1px #1678c2 inset!important;color:#1678c2!important}.ui.basic.primary.button:focus,.ui.basic.primary.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #0d71bb inset!important;box-shadow:0 0 0 1px #0d71bb inset!important;color:#1678c2!important}.ui.basic.primary.active.button,.ui.basic.primary.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #1279c6 inset!important;box-shadow:0 0 0 1px #1279c6 inset!important;color:#1a69a4!important}.ui.basic.primary.button:active,.ui.basic.primary.buttons .button:active{-webkit-box-shadow:0 0 0 1px #1a69a4 inset!important;box-shadow:0 0 0 1px #1a69a4 inset!important;color:#1a69a4!important}.ui.buttons:not(.vertical)>.basic.primary.button:not(:first-child){margin-left:-1px}.ui.inverted.primary.button,.ui.inverted.primary.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #54c8ff inset!important;box-shadow:0 0 0 2px #54c8ff inset!important;color:#54c8ff}.ui.inverted.primary.button.active,.ui.inverted.primary.button:active,.ui.inverted.primary.button:focus,.ui.inverted.primary.button:hover,.ui.inverted.primary.buttons .button.active,.ui.inverted.primary.buttons .button:active,.ui.inverted.primary.buttons .button:focus,.ui.inverted.primary.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.primary.button:hover,.ui.inverted.primary.buttons .button:hover{background-color:#3ac0ff}.ui.inverted.primary.button:focus,.ui.inverted.primary.buttons .button:focus{background-color:#2bbbff}.ui.inverted.primary.active.button,.ui.inverted.primary.buttons .active.button{background-color:#3ac0ff}.ui.inverted.primary.button:active,.ui.inverted.primary.buttons .button:active{background-color:#21b8ff}.ui.inverted.primary.basic.button,.ui.inverted.primary.basic.buttons .button,.ui.inverted.primary.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.primary.basic.button:hover,.ui.inverted.primary.basic.buttons .button:hover,.ui.inverted.primary.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #3ac0ff inset!important;box-shadow:0 0 0 2px #3ac0ff inset!important;color:#54c8ff!important}.ui.inverted.primary.basic.button:focus,.ui.inverted.primary.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #2bbbff inset!important;box-shadow:0 0 0 2px #2bbbff inset!important;color:#54c8ff!important}.ui.inverted.primary.basic.active.button,.ui.inverted.primary.basic.buttons .active.button,.ui.inverted.primary.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #3ac0ff inset!important;box-shadow:0 0 0 2px #3ac0ff inset!important;color:#54c8ff!important}.ui.inverted.primary.basic.button:active,.ui.inverted.primary.basic.buttons .button:active,.ui.inverted.primary.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #21b8ff inset!important;box-shadow:0 0 0 2px #21b8ff inset!important;color:#54c8ff!important}.ui.secondary.button,.ui.secondary.buttons .button{background-color:#1b1c1d;color:#fff;text-shadow:none;background-image:none}.ui.secondary.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.secondary.button:hover,.ui.secondary.buttons .button:hover{background-color:#27292a;color:#fff;text-shadow:none}.ui.secondary.button:focus,.ui.secondary.buttons .button:focus{background-color:#2e3032;color:#fff;text-shadow:none}.ui.secondary.button:active,.ui.secondary.buttons .button:active{background-color:#343637;color:#fff;text-shadow:none}.ui.secondary.active.button,.ui.secondary.button .active.button:active,.ui.secondary.buttons .active.button,.ui.secondary.buttons .active.button:active{background-color:#27292a;color:#fff;text-shadow:none}.ui.basic.secondary.button,.ui.basic.secondary.buttons .button{-webkit-box-shadow:0 0 0 1px #1b1c1d inset!important;box-shadow:0 0 0 1px #1b1c1d inset!important;color:#1b1c1d!important}.ui.basic.secondary.button:hover,.ui.basic.secondary.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #27292a inset!important;box-shadow:0 0 0 1px #27292a inset!important;color:#27292a!important}.ui.basic.secondary.button:focus,.ui.basic.secondary.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #2e3032 inset!important;box-shadow:0 0 0 1px #2e3032 inset!important;color:#27292a!important}.ui.basic.secondary.active.button,.ui.basic.secondary.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #27292a inset!important;box-shadow:0 0 0 1px #27292a inset!important;color:#343637!important}.ui.basic.secondary.button:active,.ui.basic.secondary.buttons .button:active{-webkit-box-shadow:0 0 0 1px #343637 inset!important;box-shadow:0 0 0 1px #343637 inset!important;color:#343637!important}.ui.buttons:not(.vertical)>.basic.primary.button:not(:first-child){margin-left:-1px}.ui.inverted.secondary.button,.ui.inverted.secondary.buttons .button{background-color:transparent;-webkit-box-shadow:0 0 0 2px #545454 inset!important;box-shadow:0 0 0 2px #545454 inset!important;color:#545454}.ui.inverted.secondary.button.active,.ui.inverted.secondary.button:active,.ui.inverted.secondary.button:focus,.ui.inverted.secondary.button:hover,.ui.inverted.secondary.buttons .button.active,.ui.inverted.secondary.buttons .button:active,.ui.inverted.secondary.buttons .button:focus,.ui.inverted.secondary.buttons .button:hover{-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.inverted.secondary.button:hover,.ui.inverted.secondary.buttons .button:hover{background-color:#616161}.ui.inverted.secondary.button:focus,.ui.inverted.secondary.buttons .button:focus{background-color:#686868}.ui.inverted.secondary.active.button,.ui.inverted.secondary.buttons .active.button{background-color:#616161}.ui.inverted.secondary.button:active,.ui.inverted.secondary.buttons .button:active{background-color:#6e6e6e}.ui.inverted.secondary.basic.button,.ui.inverted.secondary.basic.buttons .button,.ui.inverted.secondary.buttons .basic.button{background-color:transparent;-webkit-box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;box-shadow:0 0 0 2px rgba(255,255,255,.5) inset!important;color:#fff!important}.ui.inverted.secondary.basic.button:hover,.ui.inverted.secondary.basic.buttons .button:hover,.ui.inverted.secondary.buttons .basic.button:hover{-webkit-box-shadow:0 0 0 2px #616161 inset!important;box-shadow:0 0 0 2px #616161 inset!important;color:#545454!important}.ui.inverted.secondary.basic.button:focus,.ui.inverted.secondary.basic.buttons .button:focus{-webkit-box-shadow:0 0 0 2px #686868 inset!important;box-shadow:0 0 0 2px #686868 inset!important;color:#545454!important}.ui.inverted.secondary.basic.active.button,.ui.inverted.secondary.basic.buttons .active.button,.ui.inverted.secondary.buttons .basic.active.button{-webkit-box-shadow:0 0 0 2px #616161 inset!important;box-shadow:0 0 0 2px #616161 inset!important;color:#545454!important}.ui.inverted.secondary.basic.button:active,.ui.inverted.secondary.basic.buttons .button:active,.ui.inverted.secondary.buttons .basic.button:active{-webkit-box-shadow:0 0 0 2px #6e6e6e inset!important;box-shadow:0 0 0 2px #6e6e6e inset!important;color:#545454!important}.ui.positive.button,.ui.positive.buttons .button{background-color:#21ba45;color:#fff;text-shadow:none;background-image:none}.ui.positive.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.positive.button:hover,.ui.positive.buttons .button:hover{background-color:#16ab39;color:#fff;text-shadow:none}.ui.positive.button:focus,.ui.positive.buttons .button:focus{background-color:#0ea432;color:#fff;text-shadow:none}.ui.positive.button:active,.ui.positive.buttons .button:active{background-color:#198f35;color:#fff;text-shadow:none}.ui.positive.active.button,.ui.positive.button .active.button:active,.ui.positive.buttons .active.button,.ui.positive.buttons .active.button:active{background-color:#13ae38;color:#fff;text-shadow:none}.ui.basic.positive.button,.ui.basic.positive.buttons .button{-webkit-box-shadow:0 0 0 1px #21ba45 inset!important;box-shadow:0 0 0 1px #21ba45 inset!important;color:#21ba45!important}.ui.basic.positive.button:hover,.ui.basic.positive.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #16ab39 inset!important;box-shadow:0 0 0 1px #16ab39 inset!important;color:#16ab39!important}.ui.basic.positive.button:focus,.ui.basic.positive.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #0ea432 inset!important;box-shadow:0 0 0 1px #0ea432 inset!important;color:#16ab39!important}.ui.basic.positive.active.button,.ui.basic.positive.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #13ae38 inset!important;box-shadow:0 0 0 1px #13ae38 inset!important;color:#198f35!important}.ui.basic.positive.button:active,.ui.basic.positive.buttons .button:active{-webkit-box-shadow:0 0 0 1px #198f35 inset!important;box-shadow:0 0 0 1px #198f35 inset!important;color:#198f35!important}.ui.buttons:not(.vertical)>.basic.primary.button:not(:first-child){margin-left:-1px}.ui.negative.button,.ui.negative.buttons .button{background-color:#db2828;color:#fff;text-shadow:none;background-image:none}.ui.negative.button{-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 0 rgba(34,36,38,.15) inset}.ui.negative.button:hover,.ui.negative.buttons .button:hover{background-color:#d01919;color:#fff;text-shadow:none}.ui.negative.button:focus,.ui.negative.buttons .button:focus{background-color:#ca1010;color:#fff;text-shadow:none}.ui.negative.button:active,.ui.negative.buttons .button:active{background-color:#b21e1e;color:#fff;text-shadow:none}.ui.negative.active.button,.ui.negative.button .active.button:active,.ui.negative.buttons .active.button,.ui.negative.buttons .active.button:active{background-color:#d41515;color:#fff;text-shadow:none}.ui.basic.negative.button,.ui.basic.negative.buttons .button{-webkit-box-shadow:0 0 0 1px #db2828 inset!important;box-shadow:0 0 0 1px #db2828 inset!important;color:#db2828!important}.ui.basic.negative.button:hover,.ui.basic.negative.buttons .button:hover{background:0 0!important;-webkit-box-shadow:0 0 0 1px #d01919 inset!important;box-shadow:0 0 0 1px #d01919 inset!important;color:#d01919!important}.ui.basic.negative.button:focus,.ui.basic.negative.buttons .button:focus{background:0 0!important;-webkit-box-shadow:0 0 0 1px #ca1010 inset!important;box-shadow:0 0 0 1px #ca1010 inset!important;color:#d01919!important}.ui.basic.negative.active.button,.ui.basic.negative.buttons .active.button{background:0 0!important;-webkit-box-shadow:0 0 0 1px #d41515 inset!important;box-shadow:0 0 0 1px #d41515 inset!important;color:#b21e1e!important}.ui.basic.negative.button:active,.ui.basic.negative.buttons .button:active{-webkit-box-shadow:0 0 0 1px #b21e1e inset!important;box-shadow:0 0 0 1px #b21e1e inset!important;color:#b21e1e!important}.ui.buttons:not(.vertical)>.basic.primary.button:not(:first-child){margin-left:-1px}.ui.buttons{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;font-size:0;vertical-align:baseline;margin:0 .25em 0 0}.ui.buttons:not(.basic):not(.inverted){-webkit-box-shadow:none;box-shadow:none}.ui.buttons:after{content:".";display:block;height:0;clear:both;visibility:hidden}.ui.buttons .button{-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto;margin:0;border-radius:0;margin:0}.ui.buttons:not(.basic):not(.inverted)>.button,.ui.buttons>.ui.button:not(.basic):not(.inverted){-webkit-box-shadow:0 0 0 1px transparent inset,0 0 0 0 rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px transparent inset,0 0 0 0 rgba(34,36,38,.15) inset}.ui.buttons .button:first-child{border-left:none;margin-left:0;border-top-left-radius:.28571429rem;border-bottom-left-radius:.28571429rem}.ui.buttons .button:last-child{border-top-right-radius:.28571429rem;border-bottom-right-radius:.28571429rem}.ui.vertical.buttons{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui.vertical.buttons .button{display:block;float:none;width:100%;margin:0;-webkit-box-shadow:none;box-shadow:none;border-radius:0}.ui.vertical.buttons .button:first-child{border-top-left-radius:.28571429rem;border-top-right-radius:.28571429rem}.ui.vertical.buttons .button:last-child{margin-bottom:0;border-bottom-left-radius:.28571429rem;border-bottom-right-radius:.28571429rem}.ui.vertical.buttons .button:only-child{border-radius:.28571429rem}/*!
- * # Semantic UI 2.4.0 - Container
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.container{display:block;max-width:100%!important}@media only screen and (max-width:767px){.ui.container{width:auto!important;margin-left:1em!important;margin-right:1em!important}.ui.grid.container{width:auto!important}.ui.relaxed.grid.container{width:auto!important}.ui.very.relaxed.grid.container{width:auto!important}}@media only screen and (min-width:768px) and (max-width:991px){.ui.container{width:723px;margin-left:auto!important;margin-right:auto!important}.ui.grid.container{width:calc(723px + 2rem)!important}.ui.relaxed.grid.container{width:calc(723px + 3rem)!important}.ui.very.relaxed.grid.container{width:calc(723px + 5rem)!important}}@media only screen and (min-width:992px) and (max-width:1199px){.ui.container{width:933px;margin-left:auto!important;margin-right:auto!important}.ui.grid.container{width:calc(933px + 2rem)!important}.ui.relaxed.grid.container{width:calc(933px + 3rem)!important}.ui.very.relaxed.grid.container{width:calc(933px + 5rem)!important}}@media only screen and (min-width:1200px){.ui.container{width:1127px;margin-left:auto!important;margin-right:auto!important}.ui.grid.container{width:calc(1127px + 2rem)!important}.ui.relaxed.grid.container{width:calc(1127px + 3rem)!important}.ui.very.relaxed.grid.container{width:calc(1127px + 5rem)!important}}.ui.text.container{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;max-width:700px!important;line-height:1.5}.ui.text.container{font-size:1.14285714rem}.ui.fluid.container{width:100%}.ui[class*="left aligned"].container{text-align:left}.ui[class*="center aligned"].container{text-align:center}.ui[class*="right aligned"].container{text-align:right}.ui.justified.container{text-align:justify;-webkit-hyphens:auto;-ms-hyphens:auto;hyphens:auto}/*!
- * # Semantic UI 2.4.0 - Divider
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.divider{margin:1rem 0;line-height:1;height:0;font-weight:700;text-transform:uppercase;letter-spacing:.05em;color:rgba(0,0,0,.85);-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-tap-highlight-color:transparent}.ui.divider:not(.vertical):not(.horizontal){border-top:1px solid rgba(34,36,38,.15);border-bottom:1px solid rgba(255,255,255,.1)}.ui.grid>.column+.divider,.ui.grid>.row>.column+.divider{left:auto}.ui.horizontal.divider{display:table;white-space:nowrap;height:auto;margin:'';line-height:1;text-align:center}.ui.horizontal.divider:after,.ui.horizontal.divider:before{content:'';display:table-cell;position:relative;top:50%;width:50%;background-repeat:no-repeat}.ui.horizontal.divider:before{background-position:right 1em top 50%}.ui.horizontal.divider:after{background-position:left 1em top 50%}.ui.vertical.divider{position:absolute;z-index:2;top:50%;left:50%;margin:0;padding:0;width:auto;height:50%;line-height:0;text-align:center;-webkit-transform:translateX(-50%);transform:translateX(-50%)}.ui.vertical.divider:after,.ui.vertical.divider:before{position:absolute;left:50%;content:'';z-index:3;border-left:1px solid rgba(34,36,38,.15);border-right:1px solid rgba(255,255,255,.1);width:0%;height:calc(100% - 1rem)}.ui.vertical.divider:before{top:-100%}.ui.vertical.divider:after{top:auto;bottom:0}@media only screen and (max-width:767px){.ui.grid .stackable.row .ui.vertical.divider,.ui.stackable.grid .ui.vertical.divider{display:table;white-space:nowrap;height:auto;margin:'';overflow:hidden;line-height:1;text-align:center;position:static;top:0;left:0;-webkit-transform:none;transform:none}.ui.grid .stackable.row .ui.vertical.divider:after,.ui.grid .stackable.row .ui.vertical.divider:before,.ui.stackable.grid .ui.vertical.divider:after,.ui.stackable.grid .ui.vertical.divider:before{position:static;left:0;border-left:none;border-right:none;content:'';display:table-cell;position:relative;top:50%;width:50%;background-repeat:no-repeat}.ui.grid .stackable.row .ui.vertical.divider:before,.ui.stackable.grid .ui.vertical.divider:before{background-position:right 1em top 50%}.ui.grid .stackable.row .ui.vertical.divider:after,.ui.stackable.grid .ui.vertical.divider:after{background-position:left 1em top 50%}}.ui.divider>.icon{margin:0;font-size:1rem;height:1em;vertical-align:middle}.ui.hidden.divider{border-color:transparent!important}.ui.hidden.divider:after,.ui.hidden.divider:before{display:none}.ui.divider.inverted,.ui.horizontal.inverted.divider,.ui.vertical.inverted.divider{color:#fff}.ui.divider.inverted,.ui.divider.inverted:after,.ui.divider.inverted:before{border-top-color:rgba(34,36,38,.15)!important;border-left-color:rgba(34,36,38,.15)!important;border-bottom-color:rgba(255,255,255,.15)!important;border-right-color:rgba(255,255,255,.15)!important}.ui.fitted.divider{margin:0}.ui.clearing.divider{clear:both}.ui.section.divider{margin-top:2rem;margin-bottom:2rem}.ui.divider{font-size:1rem}.ui.horizontal.divider:after,.ui.horizontal.divider:before{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABaAAAAACCAYAAACuTHuKAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1OThBRDY4OUNDMTYxMUU0OUE3NUVGOEJDMzMzMjE2NyIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1OThBRDY4QUNDMTYxMUU0OUE3NUVGOEJDMzMzMjE2NyI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjU5OEFENjg3Q0MxNjExRTQ5QTc1RUY4QkMzMzMyMTY3IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjU5OEFENjg4Q0MxNjExRTQ5QTc1RUY4QkMzMzMyMTY3Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+VU513gAAADVJREFUeNrs0DENACAQBDBIWLGBJQby/mUcJn5sJXQmOQMAAAAAAJqt+2prAAAAAACg2xdgANk6BEVuJgyMAAAAAElFTkSuQmCC)}@media only screen and (max-width:767px){.ui.grid .stackable.row .ui.vertical.divider:after,.ui.grid .stackable.row .ui.vertical.divider:before,.ui.stackable.grid .ui.vertical.divider:after,.ui.stackable.grid .ui.vertical.divider:before{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABaAAAAACCAYAAACuTHuKAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1OThBRDY4OUNDMTYxMUU0OUE3NUVGOEJDMzMzMjE2NyIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1OThBRDY4QUNDMTYxMUU0OUE3NUVGOEJDMzMzMjE2NyI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjU5OEFENjg3Q0MxNjExRTQ5QTc1RUY4QkMzMzMyMTY3IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjU5OEFENjg4Q0MxNjExRTQ5QTc1RUY4QkMzMzMyMTY3Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+VU513gAAADVJREFUeNrs0DENACAQBDBIWLGBJQby/mUcJn5sJXQmOQMAAAAAAJqt+2prAAAAAACg2xdgANk6BEVuJgyMAAAAAElFTkSuQmCC)}}/*!
- * # Semantic UI 2.4.0 - Flag
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */i.flag:not(.icon){display:inline-block;width:16px;height:11px;line-height:11px;vertical-align:baseline;margin:0 .5em 0 0;text-decoration:inherit;speak:none;font-smoothing:antialiased;-webkit-backface-visibility:hidden;backface-visibility:hidden}i.flag:not(.icon):before{display:inline-block;content:'';background:url(themes/default/assets/images/flags.png) no-repeat -108px -1976px;width:16px;height:11px}i.flag.ad:before,i.flag.andorra:before{background-position:0 0}i.flag.ae:before,i.flag.uae:before,i.flag.united.arab.emirates:before{background-position:0 -26px}i.flag.af:before,i.flag.afghanistan:before{background-position:0 -52px}i.flag.ag:before,i.flag.antigua:before{background-position:0 -78px}i.flag.ai:before,i.flag.anguilla:before{background-position:0 -104px}i.flag.al:before,i.flag.albania:before{background-position:0 -130px}i.flag.am:before,i.flag.armenia:before{background-position:0 -156px}i.flag.an:before,i.flag.netherlands.antilles:before{background-position:0 -182px}i.flag.angola:before,i.flag.ao:before{background-position:0 -208px}i.flag.ar:before,i.flag.argentina:before{background-position:0 -234px}i.flag.american.samoa:before,i.flag.as:before{background-position:0 -260px}i.flag.at:before,i.flag.austria:before{background-position:0 -286px}i.flag.au:before,i.flag.australia:before{background-position:0 -312px}i.flag.aruba:before,i.flag.aw:before{background-position:0 -338px}i.flag.aland.islands:before,i.flag.ax:before{background-position:0 -364px}i.flag.az:before,i.flag.azerbaijan:before{background-position:0 -390px}i.flag.ba:before,i.flag.bosnia:before{background-position:0 -416px}i.flag.barbados:before,i.flag.bb:before{background-position:0 -442px}i.flag.bangladesh:before,i.flag.bd:before{background-position:0 -468px}i.flag.be:before,i.flag.belgium:before{background-position:0 -494px}i.flag.bf:before,i.flag.burkina.faso:before{background-position:0 -520px}i.flag.bg:before,i.flag.bulgaria:before{background-position:0 -546px}i.flag.bahrain:before,i.flag.bh:before{background-position:0 -572px}i.flag.bi:before,i.flag.burundi:before{background-position:0 -598px}i.flag.benin:before,i.flag.bj:before{background-position:0 -624px}i.flag.bermuda:before,i.flag.bm:before{background-position:0 -650px}i.flag.bn:before,i.flag.brunei:before{background-position:0 -676px}i.flag.bo:before,i.flag.bolivia:before{background-position:0 -702px}i.flag.br:before,i.flag.brazil:before{background-position:0 -728px}i.flag.bahamas:before,i.flag.bs:before{background-position:0 -754px}i.flag.bhutan:before,i.flag.bt:before{background-position:0 -780px}i.flag.bouvet.island:before,i.flag.bv:before{background-position:0 -806px}i.flag.botswana:before,i.flag.bw:before{background-position:0 -832px}i.flag.belarus:before,i.flag.by:before{background-position:0 -858px}i.flag.belize:before,i.flag.bz:before{background-position:0 -884px}i.flag.ca:before,i.flag.canada:before{background-position:0 -910px}i.flag.cc:before,i.flag.cocos.islands:before{background-position:0 -962px}i.flag.cd:before,i.flag.congo:before{background-position:0 -988px}i.flag.central.african.republic:before,i.flag.cf:before{background-position:0 -1014px}i.flag.cg:before,i.flag.congo.brazzaville:before{background-position:0 -1040px}i.flag.ch:before,i.flag.switzerland:before{background-position:0 -1066px}i.flag.ci:before,i.flag.cote.divoire:before{background-position:0 -1092px}i.flag.ck:before,i.flag.cook.islands:before{background-position:0 -1118px}i.flag.chile:before,i.flag.cl:before{background-position:0 -1144px}i.flag.cameroon:before,i.flag.cm:before{background-position:0 -1170px}i.flag.china:before,i.flag.cn:before{background-position:0 -1196px}i.flag.co:before,i.flag.colombia:before{background-position:0 -1222px}i.flag.costa.rica:before,i.flag.cr:before{background-position:0 -1248px}i.flag.cs:before,i.flag.serbia:before{background-position:0 -1274px}i.flag.cu:before,i.flag.cuba:before{background-position:0 -1300px}i.flag.cape.verde:before,i.flag.cv:before{background-position:0 -1326px}i.flag.christmas.island:before,i.flag.cx:before{background-position:0 -1352px}i.flag.cy:before,i.flag.cyprus:before{background-position:0 -1378px}i.flag.cz:before,i.flag.czech.republic:before{background-position:0 -1404px}i.flag.de:before,i.flag.germany:before{background-position:0 -1430px}i.flag.dj:before,i.flag.djibouti:before{background-position:0 -1456px}i.flag.denmark:before,i.flag.dk:before{background-position:0 -1482px}i.flag.dm:before,i.flag.dominica:before{background-position:0 -1508px}i.flag.do:before,i.flag.dominican.republic:before{background-position:0 -1534px}i.flag.algeria:before,i.flag.dz:before{background-position:0 -1560px}i.flag.ec:before,i.flag.ecuador:before{background-position:0 -1586px}i.flag.ee:before,i.flag.estonia:before{background-position:0 -1612px}i.flag.eg:before,i.flag.egypt:before{background-position:0 -1638px}i.flag.eh:before,i.flag.western.sahara:before{background-position:0 -1664px}i.flag.england:before,i.flag.gb.eng:before{background-position:0 -1690px}i.flag.er:before,i.flag.eritrea:before{background-position:0 -1716px}i.flag.es:before,i.flag.spain:before{background-position:0 -1742px}i.flag.et:before,i.flag.ethiopia:before{background-position:0 -1768px}i.flag.eu:before,i.flag.european.union:before{background-position:0 -1794px}i.flag.fi:before,i.flag.finland:before{background-position:0 -1846px}i.flag.fiji:before,i.flag.fj:before{background-position:0 -1872px}i.flag.falkland.islands:before,i.flag.fk:before{background-position:0 -1898px}i.flag.fm:before,i.flag.micronesia:before{background-position:0 -1924px}i.flag.faroe.islands:before,i.flag.fo:before{background-position:0 -1950px}i.flag.fr:before,i.flag.france:before{background-position:0 -1976px}i.flag.ga:before,i.flag.gabon:before{background-position:-36px 0}i.flag.gb:before,i.flag.uk:before,i.flag.united.kingdom:before{background-position:-36px -26px}i.flag.gd:before,i.flag.grenada:before{background-position:-36px -52px}i.flag.ge:before,i.flag.georgia:before{background-position:-36px -78px}i.flag.french.guiana:before,i.flag.gf:before{background-position:-36px -104px}i.flag.gh:before,i.flag.ghana:before{background-position:-36px -130px}i.flag.gi:before,i.flag.gibraltar:before{background-position:-36px -156px}i.flag.gl:before,i.flag.greenland:before{background-position:-36px -182px}i.flag.gambia:before,i.flag.gm:before{background-position:-36px -208px}i.flag.gn:before,i.flag.guinea:before{background-position:-36px -234px}i.flag.gp:before,i.flag.guadeloupe:before{background-position:-36px -260px}i.flag.equatorial.guinea:before,i.flag.gq:before{background-position:-36px -286px}i.flag.gr:before,i.flag.greece:before{background-position:-36px -312px}i.flag.gs:before,i.flag.sandwich.islands:before{background-position:-36px -338px}i.flag.gt:before,i.flag.guatemala:before{background-position:-36px -364px}i.flag.gu:before,i.flag.guam:before{background-position:-36px -390px}i.flag.guinea-bissau:before,i.flag.gw:before{background-position:-36px -416px}i.flag.guyana:before,i.flag.gy:before{background-position:-36px -442px}i.flag.hk:before,i.flag.hong.kong:before{background-position:-36px -468px}i.flag.heard.island:before,i.flag.hm:before{background-position:-36px -494px}i.flag.hn:before,i.flag.honduras:before{background-position:-36px -520px}i.flag.croatia:before,i.flag.hr:before{background-position:-36px -546px}i.flag.haiti:before,i.flag.ht:before{background-position:-36px -572px}i.flag.hu:before,i.flag.hungary:before{background-position:-36px -598px}i.flag.id:before,i.flag.indonesia:before{background-position:-36px -624px}i.flag.ie:before,i.flag.ireland:before{background-position:-36px -650px}i.flag.il:before,i.flag.israel:before{background-position:-36px -676px}i.flag.in:before,i.flag.india:before{background-position:-36px -702px}i.flag.indian.ocean.territory:before,i.flag.io:before{background-position:-36px -728px}i.flag.iq:before,i.flag.iraq:before{background-position:-36px -754px}i.flag.ir:before,i.flag.iran:before{background-position:-36px -780px}i.flag.iceland:before,i.flag.is:before{background-position:-36px -806px}i.flag.it:before,i.flag.italy:before{background-position:-36px -832px}i.flag.jamaica:before,i.flag.jm:before{background-position:-36px -858px}i.flag.jo:before,i.flag.jordan:before{background-position:-36px -884px}i.flag.japan:before,i.flag.jp:before{background-position:-36px -910px}i.flag.ke:before,i.flag.kenya:before{background-position:-36px -936px}i.flag.kg:before,i.flag.kyrgyzstan:before{background-position:-36px -962px}i.flag.cambodia:before,i.flag.kh:before{background-position:-36px -988px}i.flag.ki:before,i.flag.kiribati:before{background-position:-36px -1014px}i.flag.comoros:before,i.flag.km:before{background-position:-36px -1040px}i.flag.kn:before,i.flag.saint.kitts.and.nevis:before{background-position:-36px -1066px}i.flag.kp:before,i.flag.north.korea:before{background-position:-36px -1092px}i.flag.kr:before,i.flag.south.korea:before{background-position:-36px -1118px}i.flag.kuwait:before,i.flag.kw:before{background-position:-36px -1144px}i.flag.cayman.islands:before,i.flag.ky:before{background-position:-36px -1170px}i.flag.kazakhstan:before,i.flag.kz:before{background-position:-36px -1196px}i.flag.la:before,i.flag.laos:before{background-position:-36px -1222px}i.flag.lb:before,i.flag.lebanon:before{background-position:-36px -1248px}i.flag.lc:before,i.flag.saint.lucia:before{background-position:-36px -1274px}i.flag.li:before,i.flag.liechtenstein:before{background-position:-36px -1300px}i.flag.lk:before,i.flag.sri.lanka:before{background-position:-36px -1326px}i.flag.liberia:before,i.flag.lr:before{background-position:-36px -1352px}i.flag.lesotho:before,i.flag.ls:before{background-position:-36px -1378px}i.flag.lithuania:before,i.flag.lt:before{background-position:-36px -1404px}i.flag.lu:before,i.flag.luxembourg:before{background-position:-36px -1430px}i.flag.latvia:before,i.flag.lv:before{background-position:-36px -1456px}i.flag.libya:before,i.flag.ly:before{background-position:-36px -1482px}i.flag.ma:before,i.flag.morocco:before{background-position:-36px -1508px}i.flag.mc:before,i.flag.monaco:before{background-position:-36px -1534px}i.flag.md:before,i.flag.moldova:before{background-position:-36px -1560px}i.flag.me:before,i.flag.montenegro:before{background-position:-36px -1586px}i.flag.madagascar:before,i.flag.mg:before{background-position:-36px -1613px}i.flag.marshall.islands:before,i.flag.mh:before{background-position:-36px -1639px}i.flag.macedonia:before,i.flag.mk:before{background-position:-36px -1665px}i.flag.mali:before,i.flag.ml:before{background-position:-36px -1691px}i.flag.burma:before,i.flag.mm:before,i.flag.myanmar:before{background-position:-73px -1821px}i.flag.mn:before,i.flag.mongolia:before{background-position:-36px -1743px}i.flag.macau:before,i.flag.mo:before{background-position:-36px -1769px}i.flag.mp:before,i.flag.northern.mariana.islands:before{background-position:-36px -1795px}i.flag.martinique:before,i.flag.mq:before{background-position:-36px -1821px}i.flag.mauritania:before,i.flag.mr:before{background-position:-36px -1847px}i.flag.montserrat:before,i.flag.ms:before{background-position:-36px -1873px}i.flag.malta:before,i.flag.mt:before{background-position:-36px -1899px}i.flag.mauritius:before,i.flag.mu:before{background-position:-36px -1925px}i.flag.maldives:before,i.flag.mv:before{background-position:-36px -1951px}i.flag.malawi:before,i.flag.mw:before{background-position:-36px -1977px}i.flag.mexico:before,i.flag.mx:before{background-position:-72px 0}i.flag.malaysia:before,i.flag.my:before{background-position:-72px -26px}i.flag.mozambique:before,i.flag.mz:before{background-position:-72px -52px}i.flag.na:before,i.flag.namibia:before{background-position:-72px -78px}i.flag.nc:before,i.flag.new.caledonia:before{background-position:-72px -104px}i.flag.ne:before,i.flag.niger:before{background-position:-72px -130px}i.flag.nf:before,i.flag.norfolk.island:before{background-position:-72px -156px}i.flag.ng:before,i.flag.nigeria:before{background-position:-72px -182px}i.flag.ni:before,i.flag.nicaragua:before{background-position:-72px -208px}i.flag.netherlands:before,i.flag.nl:before{background-position:-72px -234px}i.flag.no:before,i.flag.norway:before{background-position:-72px -260px}i.flag.nepal:before,i.flag.np:before{background-position:-72px -286px}i.flag.nauru:before,i.flag.nr:before{background-position:-72px -312px}i.flag.niue:before,i.flag.nu:before{background-position:-72px -338px}i.flag.new.zealand:before,i.flag.nz:before{background-position:-72px -364px}i.flag.om:before,i.flag.oman:before{background-position:-72px -390px}i.flag.pa:before,i.flag.panama:before{background-position:-72px -416px}i.flag.pe:before,i.flag.peru:before{background-position:-72px -442px}i.flag.french.polynesia:before,i.flag.pf:before{background-position:-72px -468px}i.flag.new.guinea:before,i.flag.pg:before{background-position:-72px -494px}i.flag.ph:before,i.flag.philippines:before{background-position:-72px -520px}i.flag.pakistan:before,i.flag.pk:before{background-position:-72px -546px}i.flag.pl:before,i.flag.poland:before{background-position:-72px -572px}i.flag.pm:before,i.flag.saint.pierre:before{background-position:-72px -598px}i.flag.pitcairn.islands:before,i.flag.pn:before{background-position:-72px -624px}i.flag.pr:before,i.flag.puerto.rico:before{background-position:-72px -650px}i.flag.palestine:before,i.flag.ps:before{background-position:-72px -676px}i.flag.portugal:before,i.flag.pt:before{background-position:-72px -702px}i.flag.palau:before,i.flag.pw:before{background-position:-72px -728px}i.flag.paraguay:before,i.flag.py:before{background-position:-72px -754px}i.flag.qa:before,i.flag.qatar:before{background-position:-72px -780px}i.flag.re:before,i.flag.reunion:before{background-position:-72px -806px}i.flag.ro:before,i.flag.romania:before{background-position:-72px -832px}i.flag.rs:before,i.flag.serbia:before{background-position:-72px -858px}i.flag.ru:before,i.flag.russia:before{background-position:-72px -884px}i.flag.rw:before,i.flag.rwanda:before{background-position:-72px -910px}i.flag.sa:before,i.flag.saudi.arabia:before{background-position:-72px -936px}i.flag.sb:before,i.flag.solomon.islands:before{background-position:-72px -962px}i.flag.sc:before,i.flag.seychelles:before{background-position:-72px -988px}i.flag.gb.sct:before,i.flag.scotland:before{background-position:-72px -1014px}i.flag.sd:before,i.flag.sudan:before{background-position:-72px -1040px}i.flag.se:before,i.flag.sweden:before{background-position:-72px -1066px}i.flag.sg:before,i.flag.singapore:before{background-position:-72px -1092px}i.flag.saint.helena:before,i.flag.sh:before{background-position:-72px -1118px}i.flag.si:before,i.flag.slovenia:before{background-position:-72px -1144px}i.flag.jan.mayen:before,i.flag.sj:before,i.flag.svalbard:before{background-position:-72px -1170px}i.flag.sk:before,i.flag.slovakia:before{background-position:-72px -1196px}i.flag.sierra.leone:before,i.flag.sl:before{background-position:-72px -1222px}i.flag.san.marino:before,i.flag.sm:before{background-position:-72px -1248px}i.flag.senegal:before,i.flag.sn:before{background-position:-72px -1274px}i.flag.so:before,i.flag.somalia:before{background-position:-72px -1300px}i.flag.sr:before,i.flag.suriname:before{background-position:-72px -1326px}i.flag.sao.tome:before,i.flag.st:before{background-position:-72px -1352px}i.flag.el.salvador:before,i.flag.sv:before{background-position:-72px -1378px}i.flag.sy:before,i.flag.syria:before{background-position:-72px -1404px}i.flag.swaziland:before,i.flag.sz:before{background-position:-72px -1430px}i.flag.caicos.islands:before,i.flag.tc:before{background-position:-72px -1456px}i.flag.chad:before,i.flag.td:before{background-position:-72px -1482px}i.flag.french.territories:before,i.flag.tf:before{background-position:-72px -1508px}i.flag.tg:before,i.flag.togo:before{background-position:-72px -1534px}i.flag.th:before,i.flag.thailand:before{background-position:-72px -1560px}i.flag.tajikistan:before,i.flag.tj:before{background-position:-72px -1586px}i.flag.tk:before,i.flag.tokelau:before{background-position:-72px -1612px}i.flag.timorleste:before,i.flag.tl:before{background-position:-72px -1638px}i.flag.tm:before,i.flag.turkmenistan:before{background-position:-72px -1664px}i.flag.tn:before,i.flag.tunisia:before{background-position:-72px -1690px}i.flag.to:before,i.flag.tonga:before{background-position:-72px -1716px}i.flag.tr:before,i.flag.turkey:before{background-position:-72px -1742px}i.flag.trinidad:before,i.flag.tt:before{background-position:-72px -1768px}i.flag.tuvalu:before,i.flag.tv:before{background-position:-72px -1794px}i.flag.taiwan:before,i.flag.tw:before{background-position:-72px -1820px}i.flag.tanzania:before,i.flag.tz:before{background-position:-72px -1846px}i.flag.ua:before,i.flag.ukraine:before{background-position:-72px -1872px}i.flag.ug:before,i.flag.uganda:before{background-position:-72px -1898px}i.flag.um:before,i.flag.us.minor.islands:before{background-position:-72px -1924px}i.flag.america:before,i.flag.united.states:before,i.flag.us:before{background-position:-72px -1950px}i.flag.uruguay:before,i.flag.uy:before{background-position:-72px -1976px}i.flag.uz:before,i.flag.uzbekistan:before{background-position:-108px 0}i.flag.va:before,i.flag.vatican.city:before{background-position:-108px -26px}i.flag.saint.vincent:before,i.flag.vc:before{background-position:-108px -52px}i.flag.ve:before,i.flag.venezuela:before{background-position:-108px -78px}i.flag.british.virgin.islands:before,i.flag.vg:before{background-position:-108px -104px}i.flag.us.virgin.islands:before,i.flag.vi:before{background-position:-108px -130px}i.flag.vietnam:before,i.flag.vn:before{background-position:-108px -156px}i.flag.vanuatu:before,i.flag.vu:before{background-position:-108px -182px}i.flag.gb.wls:before,i.flag.wales:before{background-position:-108px -208px}i.flag.wallis.and.futuna:before,i.flag.wf:before{background-position:-108px -234px}i.flag.samoa:before,i.flag.ws:before{background-position:-108px -260px}i.flag.ye:before,i.flag.yemen:before{background-position:-108px -286px}i.flag.mayotte:before,i.flag.yt:before{background-position:-108px -312px}i.flag.south.africa:before,i.flag.za:before{background-position:-108px -338px}i.flag.zambia:before,i.flag.zm:before{background-position:-108px -364px}i.flag.zimbabwe:before,i.flag.zw:before{background-position:-108px -390px}/*!
- * # Semantic UI 2.4.0 - Header
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.header{border:none;margin:calc(2rem - .14285714em) 0 1rem;padding:0 0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-weight:700;line-height:1.28571429em;text-transform:none;color:rgba(0,0,0,.87)}.ui.header:first-child{margin-top:-.14285714em}.ui.header:last-child{margin-bottom:0}.ui.header .sub.header{display:block;font-weight:400;padding:0;margin:0;font-size:1rem;line-height:1.2em;color:rgba(0,0,0,.6)}.ui.header>.icon{display:table-cell;opacity:1;font-size:1.5em;padding-top:0;vertical-align:middle}.ui.header .icon:only-child{display:inline-block;padding:0;margin-right:.75rem}.ui.header>.image:not(.icon),.ui.header>img{display:inline-block;margin-top:.14285714em;width:2.5em;height:auto;vertical-align:middle}.ui.header>.image:not(.icon):only-child,.ui.header>img:only-child{margin-right:.75rem}.ui.header .content{display:inline-block;vertical-align:top}.ui.header>.image+.content,.ui.header>img+.content{padding-left:.75rem;vertical-align:middle}.ui.header>.icon+.content{padding-left:.75rem;display:table-cell;vertical-align:middle}.ui.header .ui.label{font-size:'';margin-left:.5rem;vertical-align:middle}.ui.header+p{margin-top:0}h1.ui.header{font-size:2rem}h2.ui.header{font-size:1.71428571rem}h3.ui.header{font-size:1.28571429rem}h4.ui.header{font-size:1.07142857rem}h5.ui.header{font-size:1rem}h1.ui.header .sub.header{font-size:1.14285714rem}h2.ui.header .sub.header{font-size:1.14285714rem}h3.ui.header .sub.header{font-size:1rem}h4.ui.header .sub.header{font-size:1rem}h5.ui.header .sub.header{font-size:.92857143rem}.ui.huge.header{min-height:1em;font-size:2em}.ui.large.header{font-size:1.71428571em}.ui.medium.header{font-size:1.28571429em}.ui.small.header{font-size:1.07142857em}.ui.tiny.header{font-size:1em}.ui.huge.header .sub.header{font-size:1.14285714rem}.ui.large.header .sub.header{font-size:1.14285714rem}.ui.header .sub.header{font-size:1rem}.ui.small.header .sub.header{font-size:1rem}.ui.tiny.header .sub.header{font-size:.92857143rem}.ui.sub.header{padding:0;margin-bottom:.14285714rem;font-weight:700;font-size:.85714286em;text-transform:uppercase;color:''}.ui.small.sub.header{font-size:.78571429em}.ui.sub.header{font-size:.85714286em}.ui.large.sub.header{font-size:.92857143em}.ui.huge.sub.header{font-size:1em}.ui.icon.header{display:inline-block;text-align:center;margin:2rem 0 1rem}.ui.icon.header:after{content:'';display:block;height:0;clear:both;visibility:hidden}.ui.icon.header:first-child{margin-top:0}.ui.icon.header .icon{float:none;display:block;width:auto;height:auto;line-height:1;padding:0;font-size:3em;margin:0 auto .5rem;opacity:1}.ui.icon.header .content{display:block;padding:0}.ui.icon.header .circular.icon{font-size:2em}.ui.icon.header .square.icon{font-size:2em}.ui.block.icon.header .icon{margin-bottom:0}.ui.icon.header.aligned{margin-left:auto;margin-right:auto;display:block}.ui.disabled.header{opacity:.45}.ui.inverted.header{color:#fff}.ui.inverted.header .sub.header{color:rgba(255,255,255,.8)}.ui.inverted.attached.header{background:#545454 -webkit-gradient(linear,left top,left bottom,from(transparent),to(rgba(0,0,0,.05)));background:#545454 -webkit-linear-gradient(transparent,rgba(0,0,0,.05));background:#545454 linear-gradient(transparent,rgba(0,0,0,.05));-webkit-box-shadow:none;box-shadow:none;border-color:transparent}.ui.inverted.block.header{background:#545454 -webkit-gradient(linear,left top,left bottom,from(transparent),to(rgba(0,0,0,.05)));background:#545454 -webkit-linear-gradient(transparent,rgba(0,0,0,.05));background:#545454 linear-gradient(transparent,rgba(0,0,0,.05));-webkit-box-shadow:none;box-shadow:none}.ui.inverted.block.header{border-bottom:none}.ui.red.header{color:#db2828!important}a.ui.red.header:hover{color:#d01919!important}.ui.red.dividing.header{border-bottom:2px solid #db2828}.ui.inverted.red.header{color:#ff695e!important}a.ui.inverted.red.header:hover{color:#ff5144!important}.ui.orange.header{color:#f2711c!important}a.ui.orange.header:hover{color:#f26202!important}.ui.orange.dividing.header{border-bottom:2px solid #f2711c}.ui.inverted.orange.header{color:#ff851b!important}a.ui.inverted.orange.header:hover{color:#ff7701!important}.ui.olive.header{color:#b5cc18!important}a.ui.olive.header:hover{color:#a7bd0d!important}.ui.olive.dividing.header{border-bottom:2px solid #b5cc18}.ui.inverted.olive.header{color:#d9e778!important}a.ui.inverted.olive.header:hover{color:#d8ea5c!important}.ui.yellow.header{color:#fbbd08!important}a.ui.yellow.header:hover{color:#eaae00!important}.ui.yellow.dividing.header{border-bottom:2px solid #fbbd08}.ui.inverted.yellow.header{color:#ffe21f!important}a.ui.inverted.yellow.header:hover{color:#ffdf05!important}.ui.green.header{color:#21ba45!important}a.ui.green.header:hover{color:#16ab39!important}.ui.green.dividing.header{border-bottom:2px solid #21ba45}.ui.inverted.green.header{color:#2ecc40!important}a.ui.inverted.green.header:hover{color:#22be34!important}.ui.teal.header{color:#00b5ad!important}a.ui.teal.header:hover{color:#009c95!important}.ui.teal.dividing.header{border-bottom:2px solid #00b5ad}.ui.inverted.teal.header{color:#6dffff!important}a.ui.inverted.teal.header:hover{color:#54ffff!important}.ui.blue.header{color:#2185d0!important}a.ui.blue.header:hover{color:#1678c2!important}.ui.blue.dividing.header{border-bottom:2px solid #2185d0}.ui.inverted.blue.header{color:#54c8ff!important}a.ui.inverted.blue.header:hover{color:#3ac0ff!important}.ui.violet.header{color:#6435c9!important}a.ui.violet.header:hover{color:#5829bb!important}.ui.violet.dividing.header{border-bottom:2px solid #6435c9}.ui.inverted.violet.header{color:#a291fb!important}a.ui.inverted.violet.header:hover{color:#8a73ff!important}.ui.purple.header{color:#a333c8!important}a.ui.purple.header:hover{color:#9627ba!important}.ui.purple.dividing.header{border-bottom:2px solid #a333c8}.ui.inverted.purple.header{color:#dc73ff!important}a.ui.inverted.purple.header:hover{color:#d65aff!important}.ui.pink.header{color:#e03997!important}a.ui.pink.header:hover{color:#e61a8d!important}.ui.pink.dividing.header{border-bottom:2px solid #e03997}.ui.inverted.pink.header{color:#ff8edf!important}a.ui.inverted.pink.header:hover{color:#ff74d8!important}.ui.brown.header{color:#a5673f!important}a.ui.brown.header:hover{color:#975b33!important}.ui.brown.dividing.header{border-bottom:2px solid #a5673f}.ui.inverted.brown.header{color:#d67c1c!important}a.ui.inverted.brown.header:hover{color:#c86f11!important}.ui.grey.header{color:#767676!important}a.ui.grey.header:hover{color:#838383!important}.ui.grey.dividing.header{border-bottom:2px solid #767676}.ui.inverted.grey.header{color:#dcddde!important}a.ui.inverted.grey.header:hover{color:#cfd0d2!important}.ui.left.aligned.header{text-align:left}.ui.right.aligned.header{text-align:right}.ui.center.aligned.header,.ui.centered.header{text-align:center}.ui.justified.header{text-align:justify}.ui.justified.header:after{display:inline-block;content:'';width:100%}.ui.floated.header,.ui[class*="left floated"].header{float:left;margin-top:0;margin-right:.5em}.ui[class*="right floated"].header{float:right;margin-top:0;margin-left:.5em}.ui.fitted.header{padding:0}.ui.dividing.header{padding-bottom:.21428571rem;border-bottom:1px solid rgba(34,36,38,.15)}.ui.dividing.header .sub.header{padding-bottom:.21428571rem}.ui.dividing.header .icon{margin-bottom:0}.ui.inverted.dividing.header{border-bottom-color:rgba(255,255,255,.1)}.ui.block.header{background:#f3f4f5;padding:.78571429rem 1rem;-webkit-box-shadow:none;box-shadow:none;border:1px solid #d4d4d5;border-radius:.28571429rem}.ui.tiny.block.header{font-size:.85714286rem}.ui.small.block.header{font-size:.92857143rem}.ui.block.header:not(h1):not(h2):not(h3):not(h4):not(h5):not(h6){font-size:1rem}.ui.large.block.header{font-size:1.14285714rem}.ui.huge.block.header{font-size:1.42857143rem}.ui.attached.header{background:#fff;padding:.78571429rem 1rem;margin-left:-1px;margin-right:-1px;-webkit-box-shadow:none;box-shadow:none;border:1px solid #d4d4d5}.ui.attached.block.header{background:#f3f4f5}.ui.attached:not(.top):not(.bottom).header{margin-top:0;margin-bottom:0;border-top:none;border-radius:0}.ui.top.attached.header{margin-bottom:0;border-radius:.28571429rem .28571429rem 0 0}.ui.bottom.attached.header{margin-top:0;border-top:none;border-radius:0 0 .28571429rem .28571429rem}.ui.tiny.attached.header{font-size:.85714286em}.ui.small.attached.header{font-size:.92857143em}.ui.attached.header:not(h1):not(h2):not(h3):not(h4):not(h5):not(h6){font-size:1em}.ui.large.attached.header{font-size:1.14285714em}.ui.huge.attached.header{font-size:1.42857143em}.ui.header:not(h1):not(h2):not(h3):not(h4):not(h5):not(h6){font-size:1.28571429em}/*!
- * # Semantic UI 2.4.0 - Icon
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */@font-face{font-family:Icons;src:url(themes/default/assets/fonts/icons.eot);src:url(themes/default/assets/fonts/icons.eot?#iefix) format('embedded-opentype'),url(themes/default/assets/fonts/icons.woff2) format('woff2'),url(themes/default/assets/fonts/icons.woff) format('woff'),url(themes/default/assets/fonts/icons.ttf) format('truetype'),url(themes/default/assets/fonts/icons.svg#icons) format('svg');font-style:normal;font-weight:400;font-variant:normal;text-decoration:inherit;text-transform:none}i.icon{display:inline-block;opacity:1;margin:0 .25rem 0 0;width:1.18em;height:1em;font-family:Icons;font-style:normal;font-weight:400;text-decoration:inherit;text-align:center;speak:none;font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;-webkit-backface-visibility:hidden;backface-visibility:hidden}i.icon:before{background:0 0!important}i.icon.loading{height:1em;line-height:1;-webkit-animation:icon-loading 2s linear infinite;animation:icon-loading 2s linear infinite}@-webkit-keyframes icon-loading{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes icon-loading{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}i.icon.hover{opacity:1!important}i.icon.active{opacity:1!important}i.emphasized.icon{opacity:1!important}i.disabled.icon{opacity:.45!important}i.fitted.icon{width:auto;margin:0!important}i.link.icon,i.link.icons{cursor:pointer;opacity:.8;-webkit-transition:opacity .1s ease;transition:opacity .1s ease}i.link.icon:hover,i.link.icons:hover{opacity:1!important}i.circular.icon{border-radius:500em!important;line-height:1!important;padding:.5em 0!important;-webkit-box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset;box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset;width:2em!important;height:2em!important}i.circular.inverted.icon{border:none;-webkit-box-shadow:none;box-shadow:none}i.flipped.icon,i.horizontally.flipped.icon{-webkit-transform:scale(-1,1);transform:scale(-1,1)}i.vertically.flipped.icon{-webkit-transform:scale(1,-1);transform:scale(1,-1)}i.clockwise.rotated.icon,i.right.rotated.icon,i.rotated.icon{-webkit-transform:rotate(90deg);transform:rotate(90deg)}i.counterclockwise.rotated.icon,i.left.rotated.icon{-webkit-transform:rotate(-90deg);transform:rotate(-90deg)}i.bordered.icon{line-height:1;vertical-align:baseline;width:2em;height:2em;padding:.5em 0!important;-webkit-box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset;box-shadow:0 0 0 .1em rgba(0,0,0,.1) inset}i.bordered.inverted.icon{border:none;-webkit-box-shadow:none;box-shadow:none}i.inverted.bordered.icon,i.inverted.circular.icon{background-color:#1b1c1d!important;color:#fff!important}i.inverted.icon{color:#fff}i.red.icon{color:#db2828!important}i.inverted.red.icon{color:#ff695e!important}i.inverted.bordered.red.icon,i.inverted.circular.red.icon{background-color:#db2828!important;color:#fff!important}i.orange.icon{color:#f2711c!important}i.inverted.orange.icon{color:#ff851b!important}i.inverted.bordered.orange.icon,i.inverted.circular.orange.icon{background-color:#f2711c!important;color:#fff!important}i.yellow.icon{color:#fbbd08!important}i.inverted.yellow.icon{color:#ffe21f!important}i.inverted.bordered.yellow.icon,i.inverted.circular.yellow.icon{background-color:#fbbd08!important;color:#fff!important}i.olive.icon{color:#b5cc18!important}i.inverted.olive.icon{color:#d9e778!important}i.inverted.bordered.olive.icon,i.inverted.circular.olive.icon{background-color:#b5cc18!important;color:#fff!important}i.green.icon{color:#21ba45!important}i.inverted.green.icon{color:#2ecc40!important}i.inverted.bordered.green.icon,i.inverted.circular.green.icon{background-color:#21ba45!important;color:#fff!important}i.teal.icon{color:#00b5ad!important}i.inverted.teal.icon{color:#6dffff!important}i.inverted.bordered.teal.icon,i.inverted.circular.teal.icon{background-color:#00b5ad!important;color:#fff!important}i.blue.icon{color:#2185d0!important}i.inverted.blue.icon{color:#54c8ff!important}i.inverted.bordered.blue.icon,i.inverted.circular.blue.icon{background-color:#2185d0!important;color:#fff!important}i.violet.icon{color:#6435c9!important}i.inverted.violet.icon{color:#a291fb!important}i.inverted.bordered.violet.icon,i.inverted.circular.violet.icon{background-color:#6435c9!important;color:#fff!important}i.purple.icon{color:#a333c8!important}i.inverted.purple.icon{color:#dc73ff!important}i.inverted.bordered.purple.icon,i.inverted.circular.purple.icon{background-color:#a333c8!important;color:#fff!important}i.pink.icon{color:#e03997!important}i.inverted.pink.icon{color:#ff8edf!important}i.inverted.bordered.pink.icon,i.inverted.circular.pink.icon{background-color:#e03997!important;color:#fff!important}i.brown.icon{color:#a5673f!important}i.inverted.brown.icon{color:#d67c1c!important}i.inverted.bordered.brown.icon,i.inverted.circular.brown.icon{background-color:#a5673f!important;color:#fff!important}i.grey.icon{color:#767676!important}i.inverted.grey.icon{color:#dcddde!important}i.inverted.bordered.grey.icon,i.inverted.circular.grey.icon{background-color:#767676!important;color:#fff!important}i.black.icon{color:#1b1c1d!important}i.inverted.black.icon{color:#545454!important}i.inverted.bordered.black.icon,i.inverted.circular.black.icon{background-color:#1b1c1d!important;color:#fff!important}i.mini.icon,i.mini.icons{line-height:1;font-size:.4em}i.tiny.icon,i.tiny.icons{line-height:1;font-size:.5em}i.small.icon,i.small.icons{line-height:1;font-size:.75em}i.icon,i.icons{font-size:1em}i.large.icon,i.large.icons{line-height:1;vertical-align:middle;font-size:1.5em}i.big.icon,i.big.icons{line-height:1;vertical-align:middle;font-size:2em}i.huge.icon,i.huge.icons{line-height:1;vertical-align:middle;font-size:4em}i.massive.icon,i.massive.icons{line-height:1;vertical-align:middle;font-size:8em}i.icons{display:inline-block;position:relative;line-height:1}i.icons .icon{position:absolute;top:50%;left:50%;-webkit-transform:translateX(-50%) translateY(-50%);transform:translateX(-50%) translateY(-50%);margin:0;margin:0}i.icons .icon:first-child{position:static;width:auto;height:auto;vertical-align:top;-webkit-transform:none;transform:none;margin-right:.25rem}i.icons .corner.icon{top:auto;left:auto;right:0;bottom:0;-webkit-transform:none;transform:none;font-size:.45em;text-shadow:-1px -1px 0 #fff,1px -1px 0 #fff,-1px 1px 0 #fff,1px 1px 0 #fff}i.icons .top.right.corner.icon{top:0;left:auto;right:0;bottom:auto}i.icons .top.left.corner.icon{top:0;left:0;right:auto;bottom:auto}i.icons .bottom.left.corner.icon{top:auto;left:0;right:auto;bottom:0}i.icons .bottom.right.corner.icon{top:auto;left:auto;right:0;bottom:0}i.icons .inverted.corner.icon{text-shadow:-1px -1px 0 #1b1c1d,1px -1px 0 #1b1c1d,-1px 1px 0 #1b1c1d,1px 1px 0 #1b1c1d}i.icon.linkedin.in:before{content:"\f0e1"}i.icon.zoom.in:before{content:"\f00e"}i.icon.zoom.out:before{content:"\f010"}i.icon.sign.in:before{content:"\f2f6"}i.icon.in.cart:before{content:"\f218"}i.icon.log.out:before{content:"\f2f5"}i.icon.sign.out:before{content:"\f2f5"}i.icon.\35 00px:before{content:"\f26e"}i.icon.accessible.icon:before{content:"\f368"}i.icon.accusoft:before{content:"\f369"}i.icon.address.book:before{content:"\f2b9"}i.icon.address.card:before{content:"\f2bb"}i.icon.adjust:before{content:"\f042"}i.icon.adn:before{content:"\f170"}i.icon.adversal:before{content:"\f36a"}i.icon.affiliatetheme:before{content:"\f36b"}i.icon.algolia:before{content:"\f36c"}i.icon.align.center:before{content:"\f037"}i.icon.align.justify:before{content:"\f039"}i.icon.align.left:before{content:"\f036"}i.icon.align.right:before{content:"\f038"}i.icon.amazon:before{content:"\f270"}i.icon.amazon.pay:before{content:"\f42c"}i.icon.ambulance:before{content:"\f0f9"}i.icon.american.sign.language.interpreting:before{content:"\f2a3"}i.icon.amilia:before{content:"\f36d"}i.icon.anchor:before{content:"\f13d"}i.icon.android:before{content:"\f17b"}i.icon.angellist:before{content:"\f209"}i.icon.angle.double.down:before{content:"\f103"}i.icon.angle.double.left:before{content:"\f100"}i.icon.angle.double.right:before{content:"\f101"}i.icon.angle.double.up:before{content:"\f102"}i.icon.angle.down:before{content:"\f107"}i.icon.angle.left:before{content:"\f104"}i.icon.angle.right:before{content:"\f105"}i.icon.angle.up:before{content:"\f106"}i.icon.angrycreative:before{content:"\f36e"}i.icon.angular:before{content:"\f420"}i.icon.app.store:before{content:"\f36f"}i.icon.app.store.ios:before{content:"\f370"}i.icon.apper:before{content:"\f371"}i.icon.apple:before{content:"\f179"}i.icon.apple.pay:before{content:"\f415"}i.icon.archive:before{content:"\f187"}i.icon.arrow.alternate.circle.down:before{content:"\f358"}i.icon.arrow.alternate.circle.left:before{content:"\f359"}i.icon.arrow.alternate.circle.right:before{content:"\f35a"}i.icon.arrow.alternate.circle.up:before{content:"\f35b"}i.icon.arrow.circle.down:before{content:"\f0ab"}i.icon.arrow.circle.left:before{content:"\f0a8"}i.icon.arrow.circle.right:before{content:"\f0a9"}i.icon.arrow.circle.up:before{content:"\f0aa"}i.icon.arrow.down:before{content:"\f063"}i.icon.arrow.left:before{content:"\f060"}i.icon.arrow.right:before{content:"\f061"}i.icon.arrow.up:before{content:"\f062"}i.icon.arrows.alternate:before{content:"\f0b2"}i.icon.arrows.alternate.horizontal:before{content:"\f337"}i.icon.arrows.alternate.vertical:before{content:"\f338"}i.icon.assistive.listening.systems:before{content:"\f2a2"}i.icon.asterisk:before{content:"\f069"}i.icon.asymmetrik:before{content:"\f372"}i.icon.at:before{content:"\f1fa"}i.icon.audible:before{content:"\f373"}i.icon.audio.description:before{content:"\f29e"}i.icon.autoprefixer:before{content:"\f41c"}i.icon.avianex:before{content:"\f374"}i.icon.aviato:before{content:"\f421"}i.icon.aws:before{content:"\f375"}i.icon.backward:before{content:"\f04a"}i.icon.balance.scale:before{content:"\f24e"}i.icon.ban:before{content:"\f05e"}i.icon.band.aid:before{content:"\f462"}i.icon.bandcamp:before{content:"\f2d5"}i.icon.barcode:before{content:"\f02a"}i.icon.bars:before{content:"\f0c9"}i.icon.baseball.ball:before{content:"\f433"}i.icon.basketball.ball:before{content:"\f434"}i.icon.bath:before{content:"\f2cd"}i.icon.battery.empty:before{content:"\f244"}i.icon.battery.full:before{content:"\f240"}i.icon.battery.half:before{content:"\f242"}i.icon.battery.quarter:before{content:"\f243"}i.icon.battery.three.quarters:before{content:"\f241"}i.icon.bed:before{content:"\f236"}i.icon.beer:before{content:"\f0fc"}i.icon.behance:before{content:"\f1b4"}i.icon.behance.square:before{content:"\f1b5"}i.icon.bell:before{content:"\f0f3"}i.icon.bell.slash:before{content:"\f1f6"}i.icon.bicycle:before{content:"\f206"}i.icon.bimobject:before{content:"\f378"}i.icon.binoculars:before{content:"\f1e5"}i.icon.birthday.cake:before{content:"\f1fd"}i.icon.bitbucket:before{content:"\f171"}i.icon.bitcoin:before{content:"\f379"}i.icon.bity:before{content:"\f37a"}i.icon.black.tie:before{content:"\f27e"}i.icon.blackberry:before{content:"\f37b"}i.icon.blind:before{content:"\f29d"}i.icon.blogger:before{content:"\f37c"}i.icon.blogger.b:before{content:"\f37d"}i.icon.bluetooth:before{content:"\f293"}i.icon.bluetooth.b:before{content:"\f294"}i.icon.bold:before{content:"\f032"}i.icon.bolt:before{content:"\f0e7"}i.icon.bomb:before{content:"\f1e2"}i.icon.book:before{content:"\f02d"}i.icon.bookmark:before{content:"\f02e"}i.icon.bowling.ball:before{content:"\f436"}i.icon.box:before{content:"\f466"}i.icon.boxes:before{content:"\f468"}i.icon.braille:before{content:"\f2a1"}i.icon.briefcase:before{content:"\f0b1"}i.icon.btc:before{content:"\f15a"}i.icon.bug:before{content:"\f188"}i.icon.building:before{content:"\f1ad"}i.icon.bullhorn:before{content:"\f0a1"}i.icon.bullseye:before{content:"\f140"}i.icon.buromobelexperte:before{content:"\f37f"}i.icon.bus:before{content:"\f207"}i.icon.buysellads:before{content:"\f20d"}i.icon.calculator:before{content:"\f1ec"}i.icon.calendar:before{content:"\f133"}i.icon.calendar.alternate:before{content:"\f073"}i.icon.calendar.check:before{content:"\f274"}i.icon.calendar.minus:before{content:"\f272"}i.icon.calendar.plus:before{content:"\f271"}i.icon.calendar.times:before{content:"\f273"}i.icon.camera:before{content:"\f030"}i.icon.camera.retro:before{content:"\f083"}i.icon.car:before{content:"\f1b9"}i.icon.caret.down:before{content:"\f0d7"}i.icon.caret.left:before{content:"\f0d9"}i.icon.caret.right:before{content:"\f0da"}i.icon.caret.square.down:before{content:"\f150"}i.icon.caret.square.left:before{content:"\f191"}i.icon.caret.square.right:before{content:"\f152"}i.icon.caret.square.up:before{content:"\f151"}i.icon.caret.up:before{content:"\f0d8"}i.icon.cart.arrow.down:before{content:"\f218"}i.icon.cart.plus:before{content:"\f217"}i.icon.cc.amazon.pay:before{content:"\f42d"}i.icon.cc.amex:before{content:"\f1f3"}i.icon.cc.apple.pay:before{content:"\f416"}i.icon.cc.diners.club:before{content:"\f24c"}i.icon.cc.discover:before{content:"\f1f2"}i.icon.cc.jcb:before{content:"\f24b"}i.icon.cc.mastercard:before{content:"\f1f1"}i.icon.cc.paypal:before{content:"\f1f4"}i.icon.cc.stripe:before{content:"\f1f5"}i.icon.cc.visa:before{content:"\f1f0"}i.icon.centercode:before{content:"\f380"}i.icon.certificate:before{content:"\f0a3"}i.icon.chart.area:before{content:"\f1fe"}i.icon.chart.bar:before{content:"\f080"}i.icon.chart.line:before{content:"\f201"}i.icon.chart.pie:before{content:"\f200"}i.icon.check:before{content:"\f00c"}i.icon.check.circle:before{content:"\f058"}i.icon.check.square:before{content:"\f14a"}i.icon.chess:before{content:"\f439"}i.icon.chess.bishop:before{content:"\f43a"}i.icon.chess.board:before{content:"\f43c"}i.icon.chess.king:before{content:"\f43f"}i.icon.chess.knight:before{content:"\f441"}i.icon.chess.pawn:before{content:"\f443"}i.icon.chess.queen:before{content:"\f445"}i.icon.chess.rook:before{content:"\f447"}i.icon.chevron.circle.down:before{content:"\f13a"}i.icon.chevron.circle.left:before{content:"\f137"}i.icon.chevron.circle.right:before{content:"\f138"}i.icon.chevron.circle.up:before{content:"\f139"}i.icon.chevron.down:before{content:"\f078"}i.icon.chevron.left:before{content:"\f053"}i.icon.chevron.right:before{content:"\f054"}i.icon.chevron.up:before{content:"\f077"}i.icon.child:before{content:"\f1ae"}i.icon.chrome:before{content:"\f268"}i.icon.circle:before{content:"\f111"}i.icon.circle.notch:before{content:"\f1ce"}i.icon.clipboard:before{content:"\f328"}i.icon.clipboard.check:before{content:"\f46c"}i.icon.clipboard.list:before{content:"\f46d"}i.icon.clock:before{content:"\f017"}i.icon.clone:before{content:"\f24d"}i.icon.closed.captioning:before{content:"\f20a"}i.icon.cloud:before{content:"\f0c2"}i.icon.cloudscale:before{content:"\f383"}i.icon.cloudsmith:before{content:"\f384"}i.icon.cloudversify:before{content:"\f385"}i.icon.code:before{content:"\f121"}i.icon.code.branch:before{content:"\f126"}i.icon.codepen:before{content:"\f1cb"}i.icon.codiepie:before{content:"\f284"}i.icon.coffee:before{content:"\f0f4"}i.icon.cog:before{content:"\f013"}i.icon.cogs:before{content:"\f085"}i.icon.columns:before{content:"\f0db"}i.icon.comment:before{content:"\f075"}i.icon.comment.alternate:before{content:"\f27a"}i.icon.comments:before{content:"\f086"}i.icon.compass:before{content:"\f14e"}i.icon.compress:before{content:"\f066"}i.icon.connectdevelop:before{content:"\f20e"}i.icon.contao:before{content:"\f26d"}i.icon.copy:before{content:"\f0c5"}i.icon.copyright:before{content:"\f1f9"}i.icon.cpanel:before{content:"\f388"}i.icon.creative.commons:before{content:"\f25e"}i.icon.credit.card:before{content:"\f09d"}i.icon.crop:before{content:"\f125"}i.icon.crosshairs:before{content:"\f05b"}i.icon.css3:before{content:"\f13c"}i.icon.css3.alternate:before{content:"\f38b"}i.icon.cube:before{content:"\f1b2"}i.icon.cubes:before{content:"\f1b3"}i.icon.cut:before{content:"\f0c4"}i.icon.cuttlefish:before{content:"\f38c"}i.icon.d.and.d:before{content:"\f38d"}i.icon.dashcube:before{content:"\f210"}i.icon.database:before{content:"\f1c0"}i.icon.deaf:before{content:"\f2a4"}i.icon.delicious:before{content:"\f1a5"}i.icon.deploydog:before{content:"\f38e"}i.icon.deskpro:before{content:"\f38f"}i.icon.desktop:before{content:"\f108"}i.icon.deviantart:before{content:"\f1bd"}i.icon.digg:before{content:"\f1a6"}i.icon.digital.ocean:before{content:"\f391"}i.icon.discord:before{content:"\f392"}i.icon.discourse:before{content:"\f393"}i.icon.dna:before{content:"\f471"}i.icon.dochub:before{content:"\f394"}i.icon.docker:before{content:"\f395"}i.icon.dollar.sign:before{content:"\f155"}i.icon.dolly:before{content:"\f472"}i.icon.dolly.flatbed:before{content:"\f474"}i.icon.dot.circle:before{content:"\f192"}i.icon.download:before{content:"\f019"}i.icon.draft2digital:before{content:"\f396"}i.icon.dribbble:before{content:"\f17d"}i.icon.dribbble.square:before{content:"\f397"}i.icon.dropbox:before{content:"\f16b"}i.icon.drupal:before{content:"\f1a9"}i.icon.dyalog:before{content:"\f399"}i.icon.earlybirds:before{content:"\f39a"}i.icon.edge:before{content:"\f282"}i.icon.edit:before{content:"\f044"}i.icon.eject:before{content:"\f052"}i.icon.elementor:before{content:"\f430"}i.icon.ellipsis.horizontal:before{content:"\f141"}i.icon.ellipsis.vertical:before{content:"\f142"}i.icon.ember:before{content:"\f423"}i.icon.empire:before{content:"\f1d1"}i.icon.envelope:before{content:"\f0e0"}i.icon.envelope.open:before{content:"\f2b6"}i.icon.envelope.square:before{content:"\f199"}i.icon.envira:before{content:"\f299"}i.icon.eraser:before{content:"\f12d"}i.icon.erlang:before{content:"\f39d"}i.icon.ethereum:before{content:"\f42e"}i.icon.etsy:before{content:"\f2d7"}i.icon.euro.sign:before{content:"\f153"}i.icon.exchange.alternate:before{content:"\f362"}i.icon.exclamation:before{content:"\f12a"}i.icon.exclamation.circle:before{content:"\f06a"}i.icon.exclamation.triangle:before{content:"\f071"}i.icon.expand:before{content:"\f065"}i.icon.expand.arrows.alternate:before{content:"\f31e"}i.icon.expeditedssl:before{content:"\f23e"}i.icon.external.alternate:before{content:"\f35d"}i.icon.external.square.alternate:before{content:"\f360"}i.icon.eye:before{content:"\f06e"}i.icon.eye.dropper:before{content:"\f1fb"}i.icon.eye.slash:before{content:"\f070"}i.icon.facebook:before{content:"\f09a"}i.icon.facebook.f:before{content:"\f39e"}i.icon.facebook.messenger:before{content:"\f39f"}i.icon.facebook.square:before{content:"\f082"}i.icon.fast.backward:before{content:"\f049"}i.icon.fast.forward:before{content:"\f050"}i.icon.fax:before{content:"\f1ac"}i.icon.female:before{content:"\f182"}i.icon.fighter.jet:before{content:"\f0fb"}i.icon.file:before{content:"\f15b"}i.icon.file.alternate:before{content:"\f15c"}i.icon.file.archive:before{content:"\f1c6"}i.icon.file.audio:before{content:"\f1c7"}i.icon.file.code:before{content:"\f1c9"}i.icon.file.excel:before{content:"\f1c3"}i.icon.file.image:before{content:"\f1c5"}i.icon.file.pdf:before{content:"\f1c1"}i.icon.file.powerpoint:before{content:"\f1c4"}i.icon.file.video:before{content:"\f1c8"}i.icon.file.word:before{content:"\f1c2"}i.icon.film:before{content:"\f008"}i.icon.filter:before{content:"\f0b0"}i.icon.fire:before{content:"\f06d"}i.icon.fire.extinguisher:before{content:"\f134"}i.icon.firefox:before{content:"\f269"}i.icon.first.aid:before{content:"\f479"}i.icon.first.order:before{content:"\f2b0"}i.icon.firstdraft:before{content:"\f3a1"}i.icon.flag:before{content:"\f024"}i.icon.flag.checkered:before{content:"\f11e"}i.icon.flask:before{content:"\f0c3"}i.icon.flickr:before{content:"\f16e"}i.icon.flipboard:before{content:"\f44d"}i.icon.fly:before{content:"\f417"}i.icon.folder:before{content:"\f07b"}i.icon.folder.open:before{content:"\f07c"}i.icon.font:before{content:"\f031"}i.icon.font.awesome:before{content:"\f2b4"}i.icon.font.awesome.alternate:before{content:"\f35c"}i.icon.font.awesome.flag:before{content:"\f425"}i.icon.fonticons:before{content:"\f280"}i.icon.fonticons.fi:before{content:"\f3a2"}i.icon.football.ball:before{content:"\f44e"}i.icon.fort.awesome:before{content:"\f286"}i.icon.fort.awesome.alternate:before{content:"\f3a3"}i.icon.forumbee:before{content:"\f211"}i.icon.forward:before{content:"\f04e"}i.icon.foursquare:before{content:"\f180"}i.icon.free.code.camp:before{content:"\f2c5"}i.icon.freebsd:before{content:"\f3a4"}i.icon.frown:before{content:"\f119"}i.icon.futbol:before{content:"\f1e3"}i.icon.gamepad:before{content:"\f11b"}i.icon.gavel:before{content:"\f0e3"}i.icon.gem:before{content:"\f3a5"}i.icon.genderless:before{content:"\f22d"}i.icon.get.pocket:before{content:"\f265"}i.icon.gg:before{content:"\f260"}i.icon.gg.circle:before{content:"\f261"}i.icon.gift:before{content:"\f06b"}i.icon.git:before{content:"\f1d3"}i.icon.git.square:before{content:"\f1d2"}i.icon.github:before{content:"\f09b"}i.icon.github.alternate:before{content:"\f113"}i.icon.github.square:before{content:"\f092"}i.icon.gitkraken:before{content:"\f3a6"}i.icon.gitlab:before{content:"\f296"}i.icon.gitter:before{content:"\f426"}i.icon.glass.martini:before{content:"\f000"}i.icon.glide:before{content:"\f2a5"}i.icon.glide.g:before{content:"\f2a6"}i.icon.globe:before{content:"\f0ac"}i.icon.gofore:before{content:"\f3a7"}i.icon.golf.ball:before{content:"\f450"}i.icon.goodreads:before{content:"\f3a8"}i.icon.goodreads.g:before{content:"\f3a9"}i.icon.google:before{content:"\f1a0"}i.icon.google.drive:before{content:"\f3aa"}i.icon.google.play:before{content:"\f3ab"}i.icon.google.plus:before{content:"\f2b3"}i.icon.google.plus.g:before{content:"\f0d5"}i.icon.google.plus.square:before{content:"\f0d4"}i.icon.google.wallet:before{content:"\f1ee"}i.icon.graduation.cap:before{content:"\f19d"}i.icon.gratipay:before{content:"\f184"}i.icon.grav:before{content:"\f2d6"}i.icon.gripfire:before{content:"\f3ac"}i.icon.grunt:before{content:"\f3ad"}i.icon.gulp:before{content:"\f3ae"}i.icon.h.square:before{content:"\f0fd"}i.icon.hacker.news:before{content:"\f1d4"}i.icon.hacker.news.square:before{content:"\f3af"}i.icon.hand.lizard:before{content:"\f258"}i.icon.hand.paper:before{content:"\f256"}i.icon.hand.peace:before{content:"\f25b"}i.icon.hand.point.down:before{content:"\f0a7"}i.icon.hand.point.left:before{content:"\f0a5"}i.icon.hand.point.right:before{content:"\f0a4"}i.icon.hand.point.up:before{content:"\f0a6"}i.icon.hand.pointer:before{content:"\f25a"}i.icon.hand.rock:before{content:"\f255"}i.icon.hand.scissors:before{content:"\f257"}i.icon.hand.spock:before{content:"\f259"}i.icon.handshake:before{content:"\f2b5"}i.icon.hashtag:before{content:"\f292"}i.icon.hdd:before{content:"\f0a0"}i.icon.heading:before{content:"\f1dc"}i.icon.headphones:before{content:"\f025"}i.icon.heart:before{content:"\f004"}i.icon.heartbeat:before{content:"\f21e"}i.icon.hips:before{content:"\f452"}i.icon.hire.a.helper:before{content:"\f3b0"}i.icon.history:before{content:"\f1da"}i.icon.hockey.puck:before{content:"\f453"}i.icon.home:before{content:"\f015"}i.icon.hooli:before{content:"\f427"}i.icon.hospital:before{content:"\f0f8"}i.icon.hospital.symbol:before{content:"\f47e"}i.icon.hotjar:before{content:"\f3b1"}i.icon.hourglass:before{content:"\f254"}i.icon.hourglass.end:before{content:"\f253"}i.icon.hourglass.half:before{content:"\f252"}i.icon.hourglass.start:before{content:"\f251"}i.icon.houzz:before{content:"\f27c"}i.icon.html5:before{content:"\f13b"}i.icon.hubspot:before{content:"\f3b2"}i.icon.i.cursor:before{content:"\f246"}i.icon.id.badge:before{content:"\f2c1"}i.icon.id.card:before{content:"\f2c2"}i.icon.image:before{content:"\f03e"}i.icon.images:before{content:"\f302"}i.icon.imdb:before{content:"\f2d8"}i.icon.inbox:before{content:"\f01c"}i.icon.indent:before{content:"\f03c"}i.icon.industry:before{content:"\f275"}i.icon.info:before{content:"\f129"}i.icon.info.circle:before{content:"\f05a"}i.icon.instagram:before{content:"\f16d"}i.icon.internet.explorer:before{content:"\f26b"}i.icon.ioxhost:before{content:"\f208"}i.icon.italic:before{content:"\f033"}i.icon.itunes:before{content:"\f3b4"}i.icon.itunes.note:before{content:"\f3b5"}i.icon.jenkins:before{content:"\f3b6"}i.icon.joget:before{content:"\f3b7"}i.icon.joomla:before{content:"\f1aa"}i.icon.js:before{content:"\f3b8"}i.icon.js.square:before{content:"\f3b9"}i.icon.jsfiddle:before{content:"\f1cc"}i.icon.key:before{content:"\f084"}i.icon.keyboard:before{content:"\f11c"}i.icon.keycdn:before{content:"\f3ba"}i.icon.kickstarter:before{content:"\f3bb"}i.icon.kickstarter.k:before{content:"\f3bc"}i.icon.korvue:before{content:"\f42f"}i.icon.language:before{content:"\f1ab"}i.icon.laptop:before{content:"\f109"}i.icon.laravel:before{content:"\f3bd"}i.icon.lastfm:before{content:"\f202"}i.icon.lastfm.square:before{content:"\f203"}i.icon.leaf:before{content:"\f06c"}i.icon.leanpub:before{content:"\f212"}i.icon.lemon:before{content:"\f094"}i.icon.less:before{content:"\f41d"}i.icon.level.down.alternate:before{content:"\f3be"}i.icon.level.up.alternate:before{content:"\f3bf"}i.icon.life.ring:before{content:"\f1cd"}i.icon.lightbulb:before{content:"\f0eb"}i.icon.linechat:before{content:"\f3c0"}i.icon.linkify:before{content:"\f0c1"}i.icon.linkedin:before{content:"\f08c"}i.icon.linkedin.alt:before{content:"\f0e1"}i.icon.linode:before{content:"\f2b8"}i.icon.linux:before{content:"\f17c"}i.icon.lira.sign:before{content:"\f195"}i.icon.list:before{content:"\f03a"}i.icon.list.alternate:before{content:"\f022"}i.icon.list.ol:before{content:"\f0cb"}i.icon.list.ul:before{content:"\f0ca"}i.icon.location.arrow:before{content:"\f124"}i.icon.lock:before{content:"\f023"}i.icon.lock.open:before{content:"\f3c1"}i.icon.long.arrow.alternate.down:before{content:"\f309"}i.icon.long.arrow.alternate.left:before{content:"\f30a"}i.icon.long.arrow.alternate.right:before{content:"\f30b"}i.icon.long.arrow.alternate.up:before{content:"\f30c"}i.icon.low.vision:before{content:"\f2a8"}i.icon.lyft:before{content:"\f3c3"}i.icon.magento:before{content:"\f3c4"}i.icon.magic:before{content:"\f0d0"}i.icon.magnet:before{content:"\f076"}i.icon.male:before{content:"\f183"}i.icon.map:before{content:"\f279"}i.icon.map.marker:before{content:"\f041"}i.icon.map.marker.alternate:before{content:"\f3c5"}i.icon.map.pin:before{content:"\f276"}i.icon.map.signs:before{content:"\f277"}i.icon.mars:before{content:"\f222"}i.icon.mars.double:before{content:"\f227"}i.icon.mars.stroke:before{content:"\f229"}i.icon.mars.stroke.horizontal:before{content:"\f22b"}i.icon.mars.stroke.vertical:before{content:"\f22a"}i.icon.maxcdn:before{content:"\f136"}i.icon.medapps:before{content:"\f3c6"}i.icon.medium:before{content:"\f23a"}i.icon.medium.m:before{content:"\f3c7"}i.icon.medkit:before{content:"\f0fa"}i.icon.medrt:before{content:"\f3c8"}i.icon.meetup:before{content:"\f2e0"}i.icon.meh:before{content:"\f11a"}i.icon.mercury:before{content:"\f223"}i.icon.microchip:before{content:"\f2db"}i.icon.microphone:before{content:"\f130"}i.icon.microphone.slash:before{content:"\f131"}i.icon.microsoft:before{content:"\f3ca"}i.icon.minus:before{content:"\f068"}i.icon.minus.circle:before{content:"\f056"}i.icon.minus.square:before{content:"\f146"}i.icon.mix:before{content:"\f3cb"}i.icon.mixcloud:before{content:"\f289"}i.icon.mizuni:before{content:"\f3cc"}i.icon.mobile:before{content:"\f10b"}i.icon.mobile.alternate:before{content:"\f3cd"}i.icon.modx:before{content:"\f285"}i.icon.monero:before{content:"\f3d0"}i.icon.money.bill.alternate:before{content:"\f3d1"}i.icon.moon:before{content:"\f186"}i.icon.motorcycle:before{content:"\f21c"}i.icon.mouse.pointer:before{content:"\f245"}i.icon.music:before{content:"\f001"}i.icon.napster:before{content:"\f3d2"}i.icon.neuter:before{content:"\f22c"}i.icon.newspaper:before{content:"\f1ea"}i.icon.nintendo.switch:before{content:"\f418"}i.icon.node:before{content:"\f419"}i.icon.node.js:before{content:"\f3d3"}i.icon.npm:before{content:"\f3d4"}i.icon.ns8:before{content:"\f3d5"}i.icon.nutritionix:before{content:"\f3d6"}i.icon.object.group:before{content:"\f247"}i.icon.object.ungroup:before{content:"\f248"}i.icon.odnoklassniki:before{content:"\f263"}i.icon.odnoklassniki.square:before{content:"\f264"}i.icon.opencart:before{content:"\f23d"}i.icon.openid:before{content:"\f19b"}i.icon.opera:before{content:"\f26a"}i.icon.optin.monster:before{content:"\f23c"}i.icon.osi:before{content:"\f41a"}i.icon.outdent:before{content:"\f03b"}i.icon.page4:before{content:"\f3d7"}i.icon.pagelines:before{content:"\f18c"}i.icon.paint.brush:before{content:"\f1fc"}i.icon.palfed:before{content:"\f3d8"}i.icon.pallet:before{content:"\f482"}i.icon.paper.plane:before{content:"\f1d8"}i.icon.paperclip:before{content:"\f0c6"}i.icon.paragraph:before{content:"\f1dd"}i.icon.paste:before{content:"\f0ea"}i.icon.patreon:before{content:"\f3d9"}i.icon.pause:before{content:"\f04c"}i.icon.pause.circle:before{content:"\f28b"}i.icon.paw:before{content:"\f1b0"}i.icon.paypal:before{content:"\f1ed"}i.icon.pen.square:before{content:"\f14b"}i.icon.pencil.alternate:before{content:"\f303"}i.icon.percent:before{content:"\f295"}i.icon.periscope:before{content:"\f3da"}i.icon.phabricator:before{content:"\f3db"}i.icon.phoenix.framework:before{content:"\f3dc"}i.icon.phone:before{content:"\f095"}i.icon.phone.square:before{content:"\f098"}i.icon.phone.volume:before{content:"\f2a0"}i.icon.php:before{content:"\f457"}i.icon.pied.piper:before{content:"\f2ae"}i.icon.pied.piper.alternate:before{content:"\f1a8"}i.icon.pied.piper.pp:before{content:"\f1a7"}i.icon.pills:before{content:"\f484"}i.icon.pinterest:before{content:"\f0d2"}i.icon.pinterest.p:before{content:"\f231"}i.icon.pinterest.square:before{content:"\f0d3"}i.icon.plane:before{content:"\f072"}i.icon.play:before{content:"\f04b"}i.icon.play.circle:before{content:"\f144"}i.icon.playstation:before{content:"\f3df"}i.icon.plug:before{content:"\f1e6"}i.icon.plus:before{content:"\f067"}i.icon.plus.circle:before{content:"\f055"}i.icon.plus.square:before{content:"\f0fe"}i.icon.podcast:before{content:"\f2ce"}i.icon.pound.sign:before{content:"\f154"}i.icon.power.off:before{content:"\f011"}i.icon.print:before{content:"\f02f"}i.icon.product.hunt:before{content:"\f288"}i.icon.pushed:before{content:"\f3e1"}i.icon.puzzle.piece:before{content:"\f12e"}i.icon.python:before{content:"\f3e2"}i.icon.qq:before{content:"\f1d6"}i.icon.qrcode:before{content:"\f029"}i.icon.question:before{content:"\f128"}i.icon.question.circle:before{content:"\f059"}i.icon.quidditch:before{content:"\f458"}i.icon.quinscape:before{content:"\f459"}i.icon.quora:before{content:"\f2c4"}i.icon.quote.left:before{content:"\f10d"}i.icon.quote.right:before{content:"\f10e"}i.icon.random:before{content:"\f074"}i.icon.ravelry:before{content:"\f2d9"}i.icon.react:before{content:"\f41b"}i.icon.rebel:before{content:"\f1d0"}i.icon.recycle:before{content:"\f1b8"}i.icon.redriver:before{content:"\f3e3"}i.icon.reddit:before{content:"\f1a1"}i.icon.reddit.alien:before{content:"\f281"}i.icon.reddit.square:before{content:"\f1a2"}i.icon.redo:before{content:"\f01e"}i.icon.redo.alternate:before{content:"\f2f9"}i.icon.registered:before{content:"\f25d"}i.icon.rendact:before{content:"\f3e4"}i.icon.renren:before{content:"\f18b"}i.icon.reply:before{content:"\f3e5"}i.icon.reply.all:before{content:"\f122"}i.icon.replyd:before{content:"\f3e6"}i.icon.resolving:before{content:"\f3e7"}i.icon.retweet:before{content:"\f079"}i.icon.road:before{content:"\f018"}i.icon.rocket:before{content:"\f135"}i.icon.rocketchat:before{content:"\f3e8"}i.icon.rockrms:before{content:"\f3e9"}i.icon.rss:before{content:"\f09e"}i.icon.rss.square:before{content:"\f143"}i.icon.ruble.sign:before{content:"\f158"}i.icon.rupee.sign:before{content:"\f156"}i.icon.safari:before{content:"\f267"}i.icon.sass:before{content:"\f41e"}i.icon.save:before{content:"\f0c7"}i.icon.schlix:before{content:"\f3ea"}i.icon.scribd:before{content:"\f28a"}i.icon.search:before{content:"\f002"}i.icon.search.minus:before{content:"\f010"}i.icon.search.plus:before{content:"\f00e"}i.icon.searchengin:before{content:"\f3eb"}i.icon.sellcast:before{content:"\f2da"}i.icon.sellsy:before{content:"\f213"}i.icon.server:before{content:"\f233"}i.icon.servicestack:before{content:"\f3ec"}i.icon.share:before{content:"\f064"}i.icon.share.alternate:before{content:"\f1e0"}i.icon.share.alternate.square:before{content:"\f1e1"}i.icon.share.square:before{content:"\f14d"}i.icon.shekel.sign:before{content:"\f20b"}i.icon.shield.alternate:before{content:"\f3ed"}i.icon.ship:before{content:"\f21a"}i.icon.shipping.fast:before{content:"\f48b"}i.icon.shirtsinbulk:before{content:"\f214"}i.icon.shopping.bag:before{content:"\f290"}i.icon.shopping.basket:before{content:"\f291"}i.icon.shopping.cart:before{content:"\f07a"}i.icon.shower:before{content:"\f2cc"}i.icon.sign.language:before{content:"\f2a7"}i.icon.signal:before{content:"\f012"}i.icon.simplybuilt:before{content:"\f215"}i.icon.sistrix:before{content:"\f3ee"}i.icon.sitemap:before{content:"\f0e8"}i.icon.skyatlas:before{content:"\f216"}i.icon.skype:before{content:"\f17e"}i.icon.slack:before{content:"\f198"}i.icon.slack.hash:before{content:"\f3ef"}i.icon.sliders.horizontal:before{content:"\f1de"}i.icon.slideshare:before{content:"\f1e7"}i.icon.smile:before{content:"\f118"}i.icon.snapchat:before{content:"\f2ab"}i.icon.snapchat.ghost:before{content:"\f2ac"}i.icon.snapchat.square:before{content:"\f2ad"}i.icon.snowflake:before{content:"\f2dc"}i.icon.sort:before{content:"\f0dc"}i.icon.sort.alphabet.down:before{content:"\f15d"}i.icon.sort.alphabet.up:before{content:"\f15e"}i.icon.sort.amount.down:before{content:"\f160"}i.icon.sort.amount.up:before{content:"\f161"}i.icon.sort.down:before{content:"\f0dd"}i.icon.sort.numeric.down:before{content:"\f162"}i.icon.sort.numeric.up:before{content:"\f163"}i.icon.sort.up:before{content:"\f0de"}i.icon.soundcloud:before{content:"\f1be"}i.icon.space.shuttle:before{content:"\f197"}i.icon.speakap:before{content:"\f3f3"}i.icon.spinner:before{content:"\f110"}i.icon.spotify:before{content:"\f1bc"}i.icon.square:before{content:"\f0c8"}i.icon.square.full:before{content:"\f45c"}i.icon.stack.exchange:before{content:"\f18d"}i.icon.stack.overflow:before{content:"\f16c"}i.icon.star:before{content:"\f005"}i.icon.star.half:before{content:"\f089"}i.icon.staylinked:before{content:"\f3f5"}i.icon.steam:before{content:"\f1b6"}i.icon.steam.square:before{content:"\f1b7"}i.icon.steam.symbol:before{content:"\f3f6"}i.icon.step.backward:before{content:"\f048"}i.icon.step.forward:before{content:"\f051"}i.icon.stethoscope:before{content:"\f0f1"}i.icon.sticker.mule:before{content:"\f3f7"}i.icon.sticky.note:before{content:"\f249"}i.icon.stop:before{content:"\f04d"}i.icon.stop.circle:before{content:"\f28d"}i.icon.stopwatch:before{content:"\f2f2"}i.icon.strava:before{content:"\f428"}i.icon.street.view:before{content:"\f21d"}i.icon.strikethrough:before{content:"\f0cc"}i.icon.stripe:before{content:"\f429"}i.icon.stripe.s:before{content:"\f42a"}i.icon.studiovinari:before{content:"\f3f8"}i.icon.stumbleupon:before{content:"\f1a4"}i.icon.stumbleupon.circle:before{content:"\f1a3"}i.icon.subscript:before{content:"\f12c"}i.icon.subway:before{content:"\f239"}i.icon.suitcase:before{content:"\f0f2"}i.icon.sun:before{content:"\f185"}i.icon.superpowers:before{content:"\f2dd"}i.icon.superscript:before{content:"\f12b"}i.icon.supple:before{content:"\f3f9"}i.icon.sync:before{content:"\f021"}i.icon.sync.alternate:before{content:"\f2f1"}i.icon.syringe:before{content:"\f48e"}i.icon.table:before{content:"\f0ce"}i.icon.table.tennis:before{content:"\f45d"}i.icon.tablet:before{content:"\f10a"}i.icon.tablet.alternate:before{content:"\f3fa"}i.icon.tachometer.alternate:before{content:"\f3fd"}i.icon.tag:before{content:"\f02b"}i.icon.tags:before{content:"\f02c"}i.icon.tasks:before{content:"\f0ae"}i.icon.taxi:before{content:"\f1ba"}i.icon.telegram:before{content:"\f2c6"}i.icon.telegram.plane:before{content:"\f3fe"}i.icon.tencent.weibo:before{content:"\f1d5"}i.icon.terminal:before{content:"\f120"}i.icon.text.height:before{content:"\f034"}i.icon.text.width:before{content:"\f035"}i.icon.th:before{content:"\f00a"}i.icon.th.large:before{content:"\f009"}i.icon.th.list:before{content:"\f00b"}i.icon.themeisle:before{content:"\f2b2"}i.icon.thermometer:before{content:"\f491"}i.icon.thermometer.empty:before{content:"\f2cb"}i.icon.thermometer.full:before{content:"\f2c7"}i.icon.thermometer.half:before{content:"\f2c9"}i.icon.thermometer.quarter:before{content:"\f2ca"}i.icon.thermometer.three.quarters:before{content:"\f2c8"}i.icon.thumbs.down:before{content:"\f165"}i.icon.thumbs.up:before{content:"\f164"}i.icon.thumbtack:before{content:"\f08d"}i.icon.ticket.alternate:before{content:"\f3ff"}i.icon.times:before{content:"\f00d"}i.icon.times.circle:before{content:"\f057"}i.icon.tint:before{content:"\f043"}i.icon.toggle.off:before{content:"\f204"}i.icon.toggle.on:before{content:"\f205"}i.icon.trademark:before{content:"\f25c"}i.icon.train:before{content:"\f238"}i.icon.transgender:before{content:"\f224"}i.icon.transgender.alternate:before{content:"\f225"}i.icon.trash:before{content:"\f1f8"}i.icon.trash.alternate:before{content:"\f2ed"}i.icon.tree:before{content:"\f1bb"}i.icon.trello:before{content:"\f181"}i.icon.tripadvisor:before{content:"\f262"}i.icon.trophy:before{content:"\f091"}i.icon.truck:before{content:"\f0d1"}i.icon.tty:before{content:"\f1e4"}i.icon.tumblr:before{content:"\f173"}i.icon.tumblr.square:before{content:"\f174"}i.icon.tv:before{content:"\f26c"}i.icon.twitch:before{content:"\f1e8"}i.icon.twitter:before{content:"\f099"}i.icon.twitter.square:before{content:"\f081"}i.icon.typo3:before{content:"\f42b"}i.icon.uber:before{content:"\f402"}i.icon.uikit:before{content:"\f403"}i.icon.umbrella:before{content:"\f0e9"}i.icon.underline:before{content:"\f0cd"}i.icon.undo:before{content:"\f0e2"}i.icon.undo.alternate:before{content:"\f2ea"}i.icon.uniregistry:before{content:"\f404"}i.icon.universal.access:before{content:"\f29a"}i.icon.university:before{content:"\f19c"}i.icon.unlink:before{content:"\f127"}i.icon.unlock:before{content:"\f09c"}i.icon.unlock.alternate:before{content:"\f13e"}i.icon.untappd:before{content:"\f405"}i.icon.upload:before{content:"\f093"}i.icon.usb:before{content:"\f287"}i.icon.user:before{content:"\f007"}i.icon.user.circle:before{content:"\f2bd"}i.icon.user.md:before{content:"\f0f0"}i.icon.user.plus:before{content:"\f234"}i.icon.user.secret:before{content:"\f21b"}i.icon.user.times:before{content:"\f235"}i.icon.users:before{content:"\f0c0"}i.icon.ussunnah:before{content:"\f407"}i.icon.utensil.spoon:before{content:"\f2e5"}i.icon.utensils:before{content:"\f2e7"}i.icon.vaadin:before{content:"\f408"}i.icon.venus:before{content:"\f221"}i.icon.venus.double:before{content:"\f226"}i.icon.venus.mars:before{content:"\f228"}i.icon.viacoin:before{content:"\f237"}i.icon.viadeo:before{content:"\f2a9"}i.icon.viadeo.square:before{content:"\f2aa"}i.icon.viber:before{content:"\f409"}i.icon.video:before{content:"\f03d"}i.icon.vimeo:before{content:"\f40a"}i.icon.vimeo.square:before{content:"\f194"}i.icon.vimeo.v:before{content:"\f27d"}i.icon.vine:before{content:"\f1ca"}i.icon.vk:before{content:"\f189"}i.icon.vnv:before{content:"\f40b"}i.icon.volleyball.ball:before{content:"\f45f"}i.icon.volume.down:before{content:"\f027"}i.icon.volume.off:before{content:"\f026"}i.icon.volume.up:before{content:"\f028"}i.icon.vuejs:before{content:"\f41f"}i.icon.warehouse:before{content:"\f494"}i.icon.weibo:before{content:"\f18a"}i.icon.weight:before{content:"\f496"}i.icon.weixin:before{content:"\f1d7"}i.icon.whatsapp:before{content:"\f232"}i.icon.whatsapp.square:before{content:"\f40c"}i.icon.wheelchair:before{content:"\f193"}i.icon.whmcs:before{content:"\f40d"}i.icon.wifi:before{content:"\f1eb"}i.icon.wikipedia.w:before{content:"\f266"}i.icon.window.close:before{content:"\f410"}i.icon.window.maximize:before{content:"\f2d0"}i.icon.window.minimize:before{content:"\f2d1"}i.icon.window.restore:before{content:"\f2d2"}i.icon.windows:before{content:"\f17a"}i.icon.won.sign:before{content:"\f159"}i.icon.wordpress:before{content:"\f19a"}i.icon.wordpress.simple:before{content:"\f411"}i.icon.wpbeginner:before{content:"\f297"}i.icon.wpexplorer:before{content:"\f2de"}i.icon.wpforms:before{content:"\f298"}i.icon.wrench:before{content:"\f0ad"}i.icon.xbox:before{content:"\f412"}i.icon.xing:before{content:"\f168"}i.icon.xing.square:before{content:"\f169"}i.icon.y.combinator:before{content:"\f23b"}i.icon.yahoo:before{content:"\f19e"}i.icon.yandex:before{content:"\f413"}i.icon.yandex.international:before{content:"\f414"}i.icon.yelp:before{content:"\f1e9"}i.icon.yen.sign:before{content:"\f157"}i.icon.yoast:before{content:"\f2b1"}i.icon.youtube:before{content:"\f167"}i.icon.youtube.square:before{content:"\f431"}i.icon.chess.rock:before{content:"\f447"}i.icon.ordered.list:before{content:"\f0cb"}i.icon.unordered.list:before{content:"\f0ca"}i.icon.user.doctor:before{content:"\f0f0"}i.icon.shield:before{content:"\f3ed"}i.icon.puzzle:before{content:"\f12e"}i.icon.credit.card.amazon.pay:before{content:"\f42d"}i.icon.credit.card.american.express:before{content:"\f1f3"}i.icon.credit.card.diners.club:before{content:"\f24c"}i.icon.credit.card.discover:before{content:"\f1f2"}i.icon.credit.card.jcb:before{content:"\f24b"}i.icon.credit.card.mastercard:before{content:"\f1f1"}i.icon.credit.card.paypal:before{content:"\f1f4"}i.icon.credit.card.stripe:before{content:"\f1f5"}i.icon.credit.card.visa:before{content:"\f1f0"}i.icon.add.circle:before{content:"\f055"}i.icon.add.square:before{content:"\f0fe"}i.icon.add.to.calendar:before{content:"\f271"}i.icon.add.to.cart:before{content:"\f217"}i.icon.add.user:before{content:"\f234"}i.icon.add:before{content:"\f067"}i.icon.alarm.mute:before{content:"\f1f6"}i.icon.alarm:before{content:"\f0f3"}i.icon.ald:before{content:"\f2a2"}i.icon.als:before{content:"\f2a2"}i.icon.american.express.card:before{content:"\f1f3"}i.icon.american.express:before{content:"\f1f3"}i.icon.amex:before{content:"\f1f3"}i.icon.announcement:before{content:"\f0a1"}i.icon.area.chart:before{content:"\f1fe"}i.icon.area.graph:before{content:"\f1fe"}i.icon.arrow.down.cart:before{content:"\f218"}i.icon.asexual:before{content:"\f22d"}i.icon.asl.interpreting:before{content:"\f2a3"}i.icon.asl:before{content:"\f2a3"}i.icon.assistive.listening.devices:before{content:"\f2a2"}i.icon.attach:before{content:"\f0c6"}i.icon.attention:before{content:"\f06a"}i.icon.balance:before{content:"\f24e"}i.icon.bar:before{content:"\f0fc"}i.icon.bathtub:before{content:"\f2cd"}i.icon.battery.four:before{content:"\f240"}i.icon.battery.high:before{content:"\f241"}i.icon.battery.low:before{content:"\f243"}i.icon.battery.medium:before{content:"\f242"}i.icon.battery.one:before{content:"\f243"}i.icon.battery.three:before{content:"\f241"}i.icon.battery.two:before{content:"\f242"}i.icon.battery.zero:before{content:"\f244"}i.icon.birthday:before{content:"\f1fd"}i.icon.block.layout:before{content:"\f009"}i.icon.bluetooth.alternative:before{content:"\f294"}i.icon.broken.chain:before{content:"\f127"}i.icon.browser:before{content:"\f022"}i.icon.call.square:before{content:"\f098"}i.icon.call:before{content:"\f095"}i.icon.cancel:before{content:"\f00d"}i.icon.cart:before{content:"\f07a"}i.icon.cc:before{content:"\f20a"}i.icon.chain:before{content:"\f0c1"}i.icon.chat:before{content:"\f075"}i.icon.checked.calendar:before{content:"\f274"}i.icon.checkmark:before{content:"\f00c"}i.icon.circle.notched:before{content:"\f1ce"}i.icon.close:before{content:"\f00d"}i.icon.cny:before{content:"\f157"}i.icon.cocktail:before{content:"\f000"}i.icon.commenting:before{content:"\f27a"}i.icon.computer:before{content:"\f108"}i.icon.configure:before{content:"\f0ad"}i.icon.content:before{content:"\f0c9"}i.icon.deafness:before{content:"\f2a4"}i.icon.delete.calendar:before{content:"\f273"}i.icon.delete:before{content:"\f00d"}i.icon.detective:before{content:"\f21b"}i.icon.diners.club.card:before{content:"\f24c"}i.icon.diners.club:before{content:"\f24c"}i.icon.discover.card:before{content:"\f1f2"}i.icon.discover:before{content:"\f1f2"}i.icon.discussions:before{content:"\f086"}i.icon.doctor:before{content:"\f0f0"}i.icon.dollar:before{content:"\f155"}i.icon.dont:before{content:"\f05e"}i.icon.dribble:before{content:"\f17d"}i.icon.drivers.license:before{content:"\f2c2"}i.icon.dropdown:before{content:"\f0d7"}i.icon.eercast:before{content:"\f2da"}i.icon.emergency:before{content:"\f0f9"}i.icon.envira.gallery:before{content:"\f299"}i.icon.erase:before{content:"\f12d"}i.icon.eur:before{content:"\f153"}i.icon.euro:before{content:"\f153"}i.icon.eyedropper:before{content:"\f1fb"}i.icon.fa:before{content:"\f2b4"}i.icon.factory:before{content:"\f275"}i.icon.favorite:before{content:"\f005"}i.icon.feed:before{content:"\f09e"}i.icon.female.homosexual:before{content:"\f226"}i.icon.file.text:before{content:"\f15c"}i.icon.find:before{content:"\f1e5"}i.icon.first.aid:before{content:"\f0fa"}i.icon.five.hundred.pixels:before{content:"\f26e"}i.icon.fork:before{content:"\f126"}i.icon.game:before{content:"\f11b"}i.icon.gay:before{content:"\f227"}i.icon.gbp:before{content:"\f154"}i.icon.gittip:before{content:"\f184"}i.icon.google.plus.circle:before{content:"\f2b3"}i.icon.google.plus.official:before{content:"\f2b3"}i.icon.grab:before{content:"\f255"}i.icon.graduation:before{content:"\f19d"}i.icon.grid.layout:before{content:"\f00a"}i.icon.group:before{content:"\f0c0"}i.icon.h:before{content:"\f0fd"}i.icon.hand.victory:before{content:"\f25b"}i.icon.handicap:before{content:"\f193"}i.icon.hard.of.hearing:before{content:"\f2a4"}i.icon.header:before{content:"\f1dc"}i.icon.help.circle:before{content:"\f059"}i.icon.help:before{content:"\f128"}i.icon.heterosexual:before{content:"\f228"}i.icon.hide:before{content:"\f070"}i.icon.hotel:before{content:"\f236"}i.icon.hourglass.four:before{content:"\f254"}i.icon.hourglass.full:before{content:"\f254"}i.icon.hourglass.one:before{content:"\f251"}i.icon.hourglass.three:before{content:"\f253"}i.icon.hourglass.two:before{content:"\f252"}i.icon.idea:before{content:"\f0eb"}i.icon.ils:before{content:"\f20b"}i.icon.in-cart:before{content:"\f218"}i.icon.inr:before{content:"\f156"}i.icon.intergender:before{content:"\f224"}i.icon.intersex:before{content:"\f224"}i.icon.japan.credit.bureau.card:before{content:"\f24b"}i.icon.japan.credit.bureau:before{content:"\f24b"}i.icon.jcb:before{content:"\f24b"}i.icon.jpy:before{content:"\f157"}i.icon.krw:before{content:"\f159"}i.icon.lab:before{content:"\f0c3"}i.icon.law:before{content:"\f24e"}i.icon.legal:before{content:"\f0e3"}i.icon.lesbian:before{content:"\f226"}i.icon.lightning:before{content:"\f0e7"}i.icon.like:before{content:"\f004"}i.icon.line.graph:before{content:"\f201"}i.icon.linkedin.square:before{content:"\f08c"}i.icon.linkify:before{content:"\f0c1"}i.icon.lira:before{content:"\f195"}i.icon.list.layout:before{content:"\f00b"}i.icon.magnify:before{content:"\f00e"}i.icon.mail.forward:before{content:"\f064"}i.icon.mail.square:before{content:"\f199"}i.icon.mail:before{content:"\f0e0"}i.icon.male.homosexual:before{content:"\f227"}i.icon.man:before{content:"\f222"}i.icon.marker:before{content:"\f041"}i.icon.mars.alternate:before{content:"\f229"}i.icon.mars.horizontal:before{content:"\f22b"}i.icon.mars.vertical:before{content:"\f22a"}i.icon.mastercard.card:before{content:"\f1f1"}i.icon.mastercard:before{content:"\f1f1"}i.icon.microsoft.edge:before{content:"\f282"}i.icon.military:before{content:"\f0fb"}i.icon.ms.edge:before{content:"\f282"}i.icon.mute:before{content:"\f131"}i.icon.new.pied.piper:before{content:"\f2ae"}i.icon.non.binary.transgender:before{content:"\f223"}i.icon.numbered.list:before{content:"\f0cb"}i.icon.optinmonster:before{content:"\f23c"}i.icon.options:before{content:"\f1de"}i.icon.other.gender.horizontal:before{content:"\f22b"}i.icon.other.gender.vertical:before{content:"\f22a"}i.icon.other.gender:before{content:"\f229"}i.icon.payment:before{content:"\f09d"}i.icon.paypal.card:before{content:"\f1f4"}i.icon.pencil.square:before{content:"\f14b"}i.icon.photo:before{content:"\f030"}i.icon.picture:before{content:"\f03e"}i.icon.pie.chart:before{content:"\f200"}i.icon.pie.graph:before{content:"\f200"}i.icon.pied.piper.hat:before{content:"\f2ae"}i.icon.pin:before{content:"\f08d"}i.icon.plus.cart:before{content:"\f217"}i.icon.pocket:before{content:"\f265"}i.icon.point:before{content:"\f041"}i.icon.pointing.down:before{content:"\f0a7"}i.icon.pointing.left:before{content:"\f0a5"}i.icon.pointing.right:before{content:"\f0a4"}i.icon.pointing.up:before{content:"\f0a6"}i.icon.pound:before{content:"\f154"}i.icon.power.cord:before{content:"\f1e6"}i.icon.power:before{content:"\f011"}i.icon.privacy:before{content:"\f084"}i.icon.r.circle:before{content:"\f25d"}i.icon.rain:before{content:"\f0e9"}i.icon.record:before{content:"\f03d"}i.icon.refresh:before{content:"\f021"}i.icon.remove.circle:before{content:"\f057"}i.icon.remove.from.calendar:before{content:"\f272"}i.icon.remove.user:before{content:"\f235"}i.icon.remove:before{content:"\f00d"}i.icon.repeat:before{content:"\f01e"}i.icon.rmb:before{content:"\f157"}i.icon.rouble:before{content:"\f158"}i.icon.rub:before{content:"\f158"}i.icon.ruble:before{content:"\f158"}i.icon.rupee:before{content:"\f156"}i.icon.s15:before{content:"\f2cd"}i.icon.selected.radio:before{content:"\f192"}i.icon.send:before{content:"\f1d8"}i.icon.setting:before{content:"\f013"}i.icon.settings:before{content:"\f085"}i.icon.shekel:before{content:"\f20b"}i.icon.sheqel:before{content:"\f20b"}i.icon.shipping:before{content:"\f0d1"}i.icon.shop:before{content:"\f07a"}i.icon.shuffle:before{content:"\f074"}i.icon.shutdown:before{content:"\f011"}i.icon.sidebar:before{content:"\f0c9"}i.icon.signing:before{content:"\f2a7"}i.icon.signup:before{content:"\f044"}i.icon.sliders:before{content:"\f1de"}i.icon.soccer:before{content:"\f1e3"}i.icon.sort.alphabet.ascending:before{content:"\f15d"}i.icon.sort.alphabet.descending:before{content:"\f15e"}i.icon.sort.ascending:before{content:"\f0de"}i.icon.sort.content.ascending:before{content:"\f160"}i.icon.sort.content.descending:before{content:"\f161"}i.icon.sort.descending:before{content:"\f0dd"}i.icon.sort.numeric.ascending:before{content:"\f162"}i.icon.sort.numeric.descending:before{content:"\f163"}i.icon.sound:before{content:"\f025"}i.icon.spy:before{content:"\f21b"}i.icon.stripe.card:before{content:"\f1f5"}i.icon.student:before{content:"\f19d"}i.icon.talk:before{content:"\f27a"}i.icon.target:before{content:"\f140"}i.icon.teletype:before{content:"\f1e4"}i.icon.television:before{content:"\f26c"}i.icon.text.cursor:before{content:"\f246"}i.icon.text.telephone:before{content:"\f1e4"}i.icon.theme.isle:before{content:"\f2b2"}i.icon.theme:before{content:"\f043"}i.icon.thermometer:before{content:"\f2c7"}i.icon.thumb.tack:before{content:"\f08d"}i.icon.time:before{content:"\f017"}i.icon.tm:before{content:"\f25c"}i.icon.toggle.down:before{content:"\f150"}i.icon.toggle.left:before{content:"\f191"}i.icon.toggle.right:before{content:"\f152"}i.icon.toggle.up:before{content:"\f151"}i.icon.translate:before{content:"\f1ab"}i.icon.travel:before{content:"\f0b1"}i.icon.treatment:before{content:"\f0f1"}i.icon.triangle.down:before{content:"\f0d7"}i.icon.triangle.left:before{content:"\f0d9"}i.icon.triangle.right:before{content:"\f0da"}i.icon.triangle.up:before{content:"\f0d8"}i.icon.try:before{content:"\f195"}i.icon.unhide:before{content:"\f06e"}i.icon.unlinkify:before{content:"\f127"}i.icon.unmute:before{content:"\f130"}i.icon.usd:before{content:"\f155"}i.icon.user.cancel:before{content:"\f235"}i.icon.user.close:before{content:"\f235"}i.icon.user.delete:before{content:"\f235"}i.icon.user.x:before{content:"\f235"}i.icon.vcard:before{content:"\f2bb"}i.icon.video.camera:before{content:"\f03d"}i.icon.video.play:before{content:"\f144"}i.icon.visa.card:before{content:"\f1f0"}i.icon.visa:before{content:"\f1f0"}i.icon.volume.control.phone:before{content:"\f2a0"}i.icon.wait:before{content:"\f017"}i.icon.warning.circle:before{content:"\f06a"}i.icon.warning.sign:before{content:"\f071"}i.icon.warning:before{content:"\f12a"}i.icon.wechat:before{content:"\f1d7"}i.icon.wi-fi:before{content:"\f1eb"}i.icon.wikipedia:before{content:"\f266"}i.icon.winner:before{content:"\f091"}i.icon.wizard:before{content:"\f0d0"}i.icon.woman:before{content:"\f221"}i.icon.won:before{content:"\f159"}i.icon.wordpress.beginner:before{content:"\f297"}i.icon.wordpress.forms:before{content:"\f298"}i.icon.world:before{content:"\f0ac"}i.icon.write.square:before{content:"\f14b"}i.icon.x:before{content:"\f00d"}i.icon.yc:before{content:"\f23b"}i.icon.ycombinator:before{content:"\f23b"}i.icon.yen:before{content:"\f157"}i.icon.zip:before{content:"\f187"}i.icon.zoom-in:before{content:"\f00e"}i.icon.zoom-out:before{content:"\f010"}i.icon.zoom:before{content:"\f00e"}i.icon.bitbucket.square:before{content:"\f171"}i.icon.checkmark.box:before{content:"\f14a"}i.icon.circle.thin:before{content:"\f111"}i.icon.cloud.download:before{content:"\f381"}i.icon.cloud.upload:before{content:"\f382"}i.icon.compose:before{content:"\f303"}i.icon.conversation:before{content:"\f086"}i.icon.credit.card.alternative:before{content:"\f09d"}i.icon.currency:before{content:"\f3d1"}i.icon.dashboard:before{content:"\f3fd"}i.icon.diamond:before{content:"\f3a5"}i.icon.disk:before{content:"\f0a0"}i.icon.exchange:before{content:"\f362"}i.icon.external.share:before{content:"\f14d"}i.icon.external.square:before{content:"\f360"}i.icon.external:before{content:"\f35d"}i.icon.facebook.official:before{content:"\f082"}i.icon.food:before{content:"\f2e7"}i.icon.hourglass.zero:before{content:"\f253"}i.icon.level.down:before{content:"\f3be"}i.icon.level.up:before{content:"\f3bf"}i.icon.logout:before{content:"\f2f5"}i.icon.meanpath:before{content:"\f0c8"}i.icon.money:before{content:"\f3d1"}i.icon.move:before{content:"\f0b2"}i.icon.pencil:before{content:"\f303"}i.icon.protect:before{content:"\f023"}i.icon.radio:before{content:"\f192"}i.icon.remove.bookmark:before{content:"\f02e"}i.icon.resize.horizontal:before{content:"\f337"}i.icon.resize.vertical:before{content:"\f338"}i.icon.sign-in:before{content:"\f2f6"}i.icon.sign-out:before{content:"\f2f5"}i.icon.spoon:before{content:"\f2e5"}i.icon.star.half.empty:before{content:"\f089"}i.icon.star.half.full:before{content:"\f089"}i.icon.ticket:before{content:"\f3ff"}i.icon.times.rectangle:before{content:"\f410"}i.icon.write:before{content:"\f303"}i.icon.youtube.play:before{content:"\f167"}@font-face{font-family:outline-icons;src:url(themes/default/assets/fonts/outline-icons.eot);src:url(themes/default/assets/fonts/outline-icons.eot?#iefix) format('embedded-opentype'),url(themes/default/assets/fonts/outline-icons.woff2) format('woff2'),url(themes/default/assets/fonts/outline-icons.woff) format('woff'),url(themes/default/assets/fonts/outline-icons.ttf) format('truetype'),url(themes/default/assets/fonts/outline-icons.svg#icons) format('svg');font-style:normal;font-weight:400;font-variant:normal;text-decoration:inherit;text-transform:none}i.icon.outline{font-family:outline-icons}i.icon.address.book.outline:before{content:"\f2b9"}i.icon.address.card.outline:before{content:"\f2bb"}i.icon.arrow.alternate.circle.down.outline:before{content:"\f358"}i.icon.arrow.alternate.circle.left.outline:before{content:"\f359"}i.icon.arrow.alternate.circle.right.outline:before{content:"\f35a"}i.icon.arrow.alternate.circle.up.outline:before{content:"\f35b"}i.icon.bell.outline:before{content:"\f0f3"}i.icon.bell.slash.outline:before{content:"\f1f6"}i.icon.bookmark.outline:before{content:"\f02e"}i.icon.building.outline:before{content:"\f1ad"}i.icon.calendar.outline:before{content:"\f133"}i.icon.calendar.alternate.outline:before{content:"\f073"}i.icon.calendar.check.outline:before{content:"\f274"}i.icon.calendar.minus.outline:before{content:"\f272"}i.icon.calendar.plus.outline:before{content:"\f271"}i.icon.calendar.times.outline:before{content:"\f273"}i.icon.caret.square.down.outline:before{content:"\f150"}i.icon.caret.square.left.outline:before{content:"\f191"}i.icon.caret.square.right.outline:before{content:"\f152"}i.icon.caret.square.up.outline:before{content:"\f151"}i.icon.chart.bar.outline:before{content:"\f080"}i.icon.check.circle.outline:before{content:"\f058"}i.icon.check.square.outline:before{content:"\f14a"}i.icon.circle.outline:before{content:"\f111"}i.icon.clipboard.outline:before{content:"\f328"}i.icon.clock.outline:before{content:"\f017"}i.icon.clone.outline:before{content:"\f24d"}i.icon.closed.captioning.outline:before{content:"\f20a"}i.icon.comment.outline:before{content:"\f075"}i.icon.comment.alternate.outline:before{content:"\f27a"}i.icon.comments.outline:before{content:"\f086"}i.icon.compass.outline:before{content:"\f14e"}i.icon.copy.outline:before{content:"\f0c5"}i.icon.copyright.outline:before{content:"\f1f9"}i.icon.credit.card.outline:before{content:"\f09d"}i.icon.dot.circle.outline:before{content:"\f192"}i.icon.edit.outline:before{content:"\f044"}i.icon.envelope.outline:before{content:"\f0e0"}i.icon.envelope.open.outline:before{content:"\f2b6"}i.icon.eye.slash.outline:before{content:"\f070"}i.icon.file.outline:before{content:"\f15b"}i.icon.file.alternate.outline:before{content:"\f15c"}i.icon.file.archive.outline:before{content:"\f1c6"}i.icon.file.audio.outline:before{content:"\f1c7"}i.icon.file.code.outline:before{content:"\f1c9"}i.icon.file.excel.outline:before{content:"\f1c3"}i.icon.file.image.outline:before{content:"\f1c5"}i.icon.file.pdf.outline:before{content:"\f1c1"}i.icon.file.powerpoint.outline:before{content:"\f1c4"}i.icon.file.video.outline:before{content:"\f1c8"}i.icon.file.word.outline:before{content:"\f1c2"}i.icon.flag.outline:before{content:"\f024"}i.icon.folder.outline:before{content:"\f07b"}i.icon.folder.open.outline:before{content:"\f07c"}i.icon.frown.outline:before{content:"\f119"}i.icon.futbol.outline:before{content:"\f1e3"}i.icon.gem.outline:before{content:"\f3a5"}i.icon.hand.lizard.outline:before{content:"\f258"}i.icon.hand.paper.outline:before{content:"\f256"}i.icon.hand.peace.outline:before{content:"\f25b"}i.icon.hand.point.down.outline:before{content:"\f0a7"}i.icon.hand.point.left.outline:before{content:"\f0a5"}i.icon.hand.point.right.outline:before{content:"\f0a4"}i.icon.hand.point.up.outline:before{content:"\f0a6"}i.icon.hand.pointer.outline:before{content:"\f25a"}i.icon.hand.rock.outline:before{content:"\f255"}i.icon.hand.scissors.outline:before{content:"\f257"}i.icon.hand.spock.outline:before{content:"\f259"}i.icon.handshake.outline:before{content:"\f2b5"}i.icon.hdd.outline:before{content:"\f0a0"}i.icon.heart.outline:before{content:"\f004"}i.icon.hospital.outline:before{content:"\f0f8"}i.icon.hourglass.outline:before{content:"\f254"}i.icon.id.badge.outline:before{content:"\f2c1"}i.icon.id.card.outline:before{content:"\f2c2"}i.icon.image.outline:before{content:"\f03e"}i.icon.images.outline:before{content:"\f302"}i.icon.keyboard.outline:before{content:"\f11c"}i.icon.lemon.outline:before{content:"\f094"}i.icon.life.ring.outline:before{content:"\f1cd"}i.icon.lightbulb.outline:before{content:"\f0eb"}i.icon.list.alternate.outline:before{content:"\f022"}i.icon.map.outline:before{content:"\f279"}i.icon.meh.outline:before{content:"\f11a"}i.icon.minus.square.outline:before{content:"\f146"}i.icon.money.bill.alternate.outline:before{content:"\f3d1"}i.icon.moon.outline:before{content:"\f186"}i.icon.newspaper.outline:before{content:"\f1ea"}i.icon.object.group.outline:before{content:"\f247"}i.icon.object.ungroup.outline:before{content:"\f248"}i.icon.paper.plane.outline:before{content:"\f1d8"}i.icon.pause.circle.outline:before{content:"\f28b"}i.icon.play.circle.outline:before{content:"\f144"}i.icon.plus.square.outline:before{content:"\f0fe"}i.icon.question.circle.outline:before{content:"\f059"}i.icon.registered.outline:before{content:"\f25d"}i.icon.save.outline:before{content:"\f0c7"}i.icon.share.square.outline:before{content:"\f14d"}i.icon.smile.outline:before{content:"\f118"}i.icon.snowflake.outline:before{content:"\f2dc"}i.icon.square.outline:before{content:"\f0c8"}i.icon.star.outline:before{content:"\f005"}i.icon.star.half.outline:before{content:"\f089"}i.icon.sticky.note.outline:before{content:"\f249"}i.icon.stop.circle.outline:before{content:"\f28d"}i.icon.sun.outline:before{content:"\f185"}i.icon.thumbs.down.outline:before{content:"\f165"}i.icon.thumbs.up.outline:before{content:"\f164"}i.icon.times.circle.outline:before{content:"\f057"}i.icon.trash.alternate.outline:before{content:"\f2ed"}i.icon.user.outline:before{content:"\f007"}i.icon.user.circle.outline:before{content:"\f2bd"}i.icon.window.close.outline:before{content:"\f410"}i.icon.window.maximize.outline:before{content:"\f2d0"}i.icon.window.minimize.outline:before{content:"\f2d1"}i.icon.window.restore.outline:before{content:"\f2d2"}i.icon.disk.outline:before{content:"\f0a0"}i.icon.heart.empty,i.icon.star.empty{font-family:outline-icons}i.icon.heart.empty:before{content:"\f004"}i.icon.star.empty:before{content:"\f089"}@font-face{font-family:brand-icons;src:url(themes/default/assets/fonts/brand-icons.eot);src:url(themes/default/assets/fonts/brand-icons.eot?#iefix) format('embedded-opentype'),url(themes/default/assets/fonts/brand-icons.woff2) format('woff2'),url(themes/default/assets/fonts/brand-icons.woff) format('woff'),url(themes/default/assets/fonts/brand-icons.ttf) format('truetype'),url(themes/default/assets/fonts/brand-icons.svg#icons) format('svg');font-style:normal;font-weight:400;font-variant:normal;text-decoration:inherit;text-transform:none}i.icon.\35 00px,i.icon.accessible.icon,i.icon.accusoft,i.icon.adn,i.icon.adversal,i.icon.affiliatetheme,i.icon.algolia,i.icon.amazon,i.icon.amazon.pay,i.icon.amilia,i.icon.android,i.icon.angellist,i.icon.angrycreative,i.icon.angular,i.icon.app.store,i.icon.app.store.ios,i.icon.apper,i.icon.apple,i.icon.apple.pay,i.icon.asymmetrik,i.icon.audible,i.icon.autoprefixer,i.icon.avianex,i.icon.aviato,i.icon.aws,i.icon.bandcamp,i.icon.behance,i.icon.behance.square,i.icon.bimobject,i.icon.bitbucket,i.icon.bitcoin,i.icon.bity,i.icon.black.tie,i.icon.blackberry,i.icon.blogger,i.icon.blogger.b,i.icon.bluetooth,i.icon.bluetooth.b,i.icon.btc,i.icon.buromobelexperte,i.icon.buysellads,i.icon.cc.amazon.pay,i.icon.cc.amex,i.icon.cc.apple.pay,i.icon.cc.diners.club,i.icon.cc.discover,i.icon.cc.jcb,i.icon.cc.mastercard,i.icon.cc.paypal,i.icon.cc.stripe,i.icon.cc.visa,i.icon.centercode,i.icon.chrome,i.icon.cloudscale,i.icon.cloudsmith,i.icon.cloudversify,i.icon.codepen,i.icon.codiepie,i.icon.connectdevelop,i.icon.contao,i.icon.cpanel,i.icon.creative.commons,i.icon.css3,i.icon.css3.alternate,i.icon.cuttlefish,i.icon.d.and.d,i.icon.dashcube,i.icon.delicious,i.icon.deploydog,i.icon.deskpro,i.icon.deviantart,i.icon.digg,i.icon.digital.ocean,i.icon.discord,i.icon.discourse,i.icon.dochub,i.icon.docker,i.icon.draft2digital,i.icon.dribbble,i.icon.dribbble.square,i.icon.dropbox,i.icon.drupal,i.icon.dyalog,i.icon.earlybirds,i.icon.edge,i.icon.elementor,i.icon.ember,i.icon.empire,i.icon.envira,i.icon.erlang,i.icon.ethereum,i.icon.etsy,i.icon.expeditedssl,i.icon.facebook,i.icon.facebook.f,i.icon.facebook.messenger,i.icon.facebook.square,i.icon.firefox,i.icon.first.order,i.icon.firstdraft,i.icon.flickr,i.icon.flipboard,i.icon.fly,i.icon.font.awesome,i.icon.font.awesome.alternate,i.icon.font.awesome.flag,i.icon.fonticons,i.icon.fonticons.fi,i.icon.fort.awesome,i.icon.fort.awesome.alternate,i.icon.forumbee,i.icon.foursquare,i.icon.free.code.camp,i.icon.freebsd,i.icon.get.pocket,i.icon.gg,i.icon.gg.circle,i.icon.git,i.icon.git.square,i.icon.github,i.icon.github.alternate,i.icon.github.square,i.icon.gitkraken,i.icon.gitlab,i.icon.gitter,i.icon.glide,i.icon.glide.g,i.icon.gofore,i.icon.goodreads,i.icon.goodreads.g,i.icon.google,i.icon.google.drive,i.icon.google.play,i.icon.google.plus,i.icon.google.plus.g,i.icon.google.plus.square,i.icon.google.wallet,i.icon.gratipay,i.icon.grav,i.icon.gripfire,i.icon.grunt,i.icon.gulp,i.icon.hacker.news,i.icon.hacker.news.square,i.icon.hips,i.icon.hire.a.helper,i.icon.hooli,i.icon.hotjar,i.icon.houzz,i.icon.html5,i.icon.hubspot,i.icon.imdb,i.icon.instagram,i.icon.internet.explorer,i.icon.ioxhost,i.icon.itunes,i.icon.itunes.note,i.icon.jenkins,i.icon.joget,i.icon.joomla,i.icon.js,i.icon.js.square,i.icon.jsfiddle,i.icon.keycdn,i.icon.kickstarter,i.icon.kickstarter.k,i.icon.korvue,i.icon.laravel,i.icon.lastfm,i.icon.lastfm.square,i.icon.leanpub,i.icon.less,i.icon.linechat,i.icon.linkedin,i.icon.linkedin.alternate,i.icon.linkedin.in,i.icon.linode,i.icon.linux,i.icon.lyft,i.icon.magento,i.icon.maxcdn,i.icon.medapps,i.icon.medium,i.icon.medium.m,i.icon.medrt,i.icon.meetup,i.icon.microsoft,i.icon.mix,i.icon.mixcloud,i.icon.mizuni,i.icon.modx,i.icon.monero,i.icon.napster,i.icon.nintendo.switch,i.icon.node,i.icon.node.js,i.icon.npm,i.icon.ns8,i.icon.nutritionix,i.icon.odnoklassniki,i.icon.odnoklassniki.square,i.icon.opencart,i.icon.openid,i.icon.opera,i.icon.optin.monster,i.icon.osi,i.icon.page4,i.icon.pagelines,i.icon.palfed,i.icon.patreon,i.icon.paypal,i.icon.periscope,i.icon.phabricator,i.icon.phoenix.framework,i.icon.php,i.icon.pied.piper,i.icon.pied.piper.alternate,i.icon.pied.piper.pp,i.icon.pinterest,i.icon.pinterest.p,i.icon.pinterest.square,i.icon.playstation,i.icon.product.hunt,i.icon.pushed,i.icon.python,i.icon.qq,i.icon.quinscape,i.icon.quora,i.icon.ravelry,i.icon.react,i.icon.rebel,i.icon.reddit,i.icon.reddit.alien,i.icon.reddit.square,i.icon.redriver,i.icon.rendact,i.icon.renren,i.icon.replyd,i.icon.resolving,i.icon.rocketchat,i.icon.rockrms,i.icon.safari,i.icon.sass,i.icon.schlix,i.icon.scribd,i.icon.searchengin,i.icon.sellcast,i.icon.sellsy,i.icon.servicestack,i.icon.shirtsinbulk,i.icon.simplybuilt,i.icon.sistrix,i.icon.skyatlas,i.icon.skype,i.icon.slack,i.icon.slack.hash,i.icon.slideshare,i.icon.snapchat,i.icon.snapchat.ghost,i.icon.snapchat.square,i.icon.soundcloud,i.icon.speakap,i.icon.spotify,i.icon.stack.exchange,i.icon.stack.overflow,i.icon.staylinked,i.icon.steam,i.icon.steam.square,i.icon.steam.symbol,i.icon.sticker.mule,i.icon.strava,i.icon.stripe,i.icon.stripe.s,i.icon.studiovinari,i.icon.stumbleupon,i.icon.stumbleupon.circle,i.icon.superpowers,i.icon.supple,i.icon.telegram,i.icon.telegram.plane,i.icon.tencent.weibo,i.icon.themeisle,i.icon.trello,i.icon.tripadvisor,i.icon.tumblr,i.icon.tumblr.square,i.icon.twitch,i.icon.twitter,i.icon.twitter.square,i.icon.typo3,i.icon.uber,i.icon.uikit,i.icon.uniregistry,i.icon.untappd,i.icon.usb,i.icon.ussunnah,i.icon.vaadin,i.icon.viacoin,i.icon.viadeo,i.icon.viadeo.square,i.icon.viber,i.icon.vimeo,i.icon.vimeo.square,i.icon.vimeo.v,i.icon.vine,i.icon.vk,i.icon.vnv,i.icon.vuejs,i.icon.wechat,i.icon.weibo,i.icon.weixin,i.icon.whatsapp,i.icon.whatsapp.square,i.icon.whmcs,i.icon.wikipedia.w,i.icon.windows,i.icon.wordpress,i.icon.wordpress.simple,i.icon.wpbeginner,i.icon.wpexplorer,i.icon.wpforms,i.icon.xbox,i.icon.xing,i.icon.xing.square,i.icon.y.combinator,i.icon.yahoo,i.icon.yandex,i.icon.yandex.international,i.icon.yelp,i.icon.yoast,i.icon.youtube,i.icon.youtube.square{font-family:brand-icons}/*!
- * # Semantic UI 2.4.0 - Image
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.image{position:relative;display:inline-block;vertical-align:middle;max-width:100%;background-color:transparent}img.ui.image{display:block}.ui.image img,.ui.image svg{display:block;max-width:100%;height:auto}.ui.hidden.image,.ui.hidden.images{display:none}.ui.hidden.transition.image,.ui.hidden.transition.images{display:block;visibility:hidden}.ui.images>.hidden.transition{display:inline-block;visibility:hidden}.ui.disabled.image,.ui.disabled.images{cursor:default;opacity:.45}.ui.inline.image,.ui.inline.image img,.ui.inline.image svg{display:inline-block}.ui.top.aligned.image,.ui.top.aligned.image img,.ui.top.aligned.image svg,.ui.top.aligned.images .image{display:inline-block;vertical-align:top}.ui.middle.aligned.image,.ui.middle.aligned.image img,.ui.middle.aligned.image svg,.ui.middle.aligned.images .image{display:inline-block;vertical-align:middle}.ui.bottom.aligned.image,.ui.bottom.aligned.image img,.ui.bottom.aligned.image svg,.ui.bottom.aligned.images .image{display:inline-block;vertical-align:bottom}.ui.rounded.image,.ui.rounded.image>*,.ui.rounded.images .image,.ui.rounded.images .image>*{border-radius:.3125em}.ui.bordered.image img,.ui.bordered.image svg,.ui.bordered.images .image,.ui.bordered.images img,.ui.bordered.images svg,img.ui.bordered.image{border:1px solid rgba(0,0,0,.1)}.ui.circular.image,.ui.circular.images{overflow:hidden}.ui.circular.image,.ui.circular.image>*,.ui.circular.images .image,.ui.circular.images .image>*{border-radius:500rem}.ui.fluid.image,.ui.fluid.image img,.ui.fluid.image svg,.ui.fluid.images,.ui.fluid.images img,.ui.fluid.images svg{display:block;width:100%;height:auto}.ui.avatar.image,.ui.avatar.image img,.ui.avatar.image svg,.ui.avatar.images .image,.ui.avatar.images img,.ui.avatar.images svg{margin-right:.25em;display:inline-block;width:2em;height:2em;border-radius:500rem}.ui.spaced.image{display:inline-block!important;margin-left:.5em;margin-right:.5em}.ui[class*="left spaced"].image{margin-left:.5em;margin-right:0}.ui[class*="right spaced"].image{margin-left:0;margin-right:.5em}.ui.floated.image,.ui.floated.images{float:left;margin-right:1em;margin-bottom:1em}.ui.right.floated.image,.ui.right.floated.images{float:right;margin-right:0;margin-bottom:1em;margin-left:1em}.ui.floated.image:last-child,.ui.floated.images:last-child{margin-bottom:0}.ui.centered.image,.ui.centered.images{margin-left:auto;margin-right:auto}.ui.mini.image,.ui.mini.images .image,.ui.mini.images img,.ui.mini.images svg{width:35px;height:auto;font-size:.78571429rem}.ui.tiny.image,.ui.tiny.images .image,.ui.tiny.images img,.ui.tiny.images svg{width:80px;height:auto;font-size:.85714286rem}.ui.small.image,.ui.small.images .image,.ui.small.images img,.ui.small.images svg{width:150px;height:auto;font-size:.92857143rem}.ui.medium.image,.ui.medium.images .image,.ui.medium.images img,.ui.medium.images svg{width:300px;height:auto;font-size:1rem}.ui.large.image,.ui.large.images .image,.ui.large.images img,.ui.large.images svg{width:450px;height:auto;font-size:1.14285714rem}.ui.big.image,.ui.big.images .image,.ui.big.images img,.ui.big.images svg{width:600px;height:auto;font-size:1.28571429rem}.ui.huge.image,.ui.huge.images .image,.ui.huge.images img,.ui.huge.images svg{width:800px;height:auto;font-size:1.42857143rem}.ui.massive.image,.ui.massive.images .image,.ui.massive.images img,.ui.massive.images svg{width:960px;height:auto;font-size:1.71428571rem}.ui.images{font-size:0;margin:0 -.25rem 0}.ui.images .image,.ui.images>img,.ui.images>svg{display:inline-block;margin:0 .25rem .5rem}/*!
- * # Semantic UI 2.4.0 - Input
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.input{position:relative;font-weight:400;font-style:normal;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;color:rgba(0,0,0,.87)}.ui.input>input{margin:0;max-width:100%;-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto;outline:0;-webkit-tap-highlight-color:rgba(255,255,255,0);text-align:left;line-height:1.21428571em;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;padding:.67857143em 1em;background:#fff;border:1px solid rgba(34,36,38,.15);color:rgba(0,0,0,.87);border-radius:.28571429rem;-webkit-transition:border-color .1s ease,-webkit-box-shadow .1s ease;transition:border-color .1s ease,-webkit-box-shadow .1s ease;transition:box-shadow .1s ease,border-color .1s ease;transition:box-shadow .1s ease,border-color .1s ease,-webkit-box-shadow .1s ease;-webkit-box-shadow:none;box-shadow:none}.ui.input>input::-webkit-input-placeholder{color:rgba(191,191,191,.87)}.ui.input>input::-moz-placeholder{color:rgba(191,191,191,.87)}.ui.input>input:-ms-input-placeholder{color:rgba(191,191,191,.87)}.ui.disabled.input,.ui.input:not(.disabled) input[disabled]{opacity:.45}.ui.disabled.input>input,.ui.input:not(.disabled) input[disabled]{pointer-events:none}.ui.input.down input,.ui.input>input:active{border-color:rgba(0,0,0,.3);background:#fafafa;color:rgba(0,0,0,.87);-webkit-box-shadow:none;box-shadow:none}.ui.loading.loading.input>i.icon:before{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;border-radius:500rem;border:.2em solid rgba(0,0,0,.1)}.ui.loading.loading.input>i.icon:after{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;-webkit-animation:button-spin .6s linear;animation:button-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 transparent transparent;border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent}.ui.input.focus>input,.ui.input>input:focus{border-color:#85b7d9;background:#fff;color:rgba(0,0,0,.8);-webkit-box-shadow:none;box-shadow:none}.ui.input.focus>input::-webkit-input-placeholder,.ui.input>input:focus::-webkit-input-placeholder{color:rgba(115,115,115,.87)}.ui.input.focus>input::-moz-placeholder,.ui.input>input:focus::-moz-placeholder{color:rgba(115,115,115,.87)}.ui.input.focus>input:-ms-input-placeholder,.ui.input>input:focus:-ms-input-placeholder{color:rgba(115,115,115,.87)}.ui.input.error>input{background-color:#fff6f6;border-color:#e0b4b4;color:#9f3a38;-webkit-box-shadow:none;box-shadow:none}.ui.input.error>input::-webkit-input-placeholder{color:#e7bdbc}.ui.input.error>input::-moz-placeholder{color:#e7bdbc}.ui.input.error>input:-ms-input-placeholder{color:#e7bdbc!important}.ui.input.error>input:focus::-webkit-input-placeholder{color:#da9796}.ui.input.error>input:focus::-moz-placeholder{color:#da9796}.ui.input.error>input:focus:-ms-input-placeholder{color:#da9796!important}.ui.transparent.input>input{border-color:transparent!important;background-color:transparent!important;padding:0!important;-webkit-box-shadow:none!important;box-shadow:none!important;border-radius:0!important}.ui.transparent.icon.input>i.icon{width:1.1em}.ui.transparent.icon.input>input{padding-left:0!important;padding-right:2em!important}.ui.transparent[class*="left icon"].input>input{padding-left:2em!important;padding-right:0!important}.ui.transparent.inverted.input{color:#fff}.ui.transparent.inverted.input>input{color:inherit}.ui.transparent.inverted.input>input::-webkit-input-placeholder{color:rgba(255,255,255,.5)}.ui.transparent.inverted.input>input::-moz-placeholder{color:rgba(255,255,255,.5)}.ui.transparent.inverted.input>input:-ms-input-placeholder{color:rgba(255,255,255,.5)}.ui.icon.input>i.icon{cursor:default;position:absolute;line-height:1;text-align:center;top:0;right:0;margin:0;height:100%;width:2.67142857em;opacity:.5;border-radius:0 .28571429rem .28571429rem 0;-webkit-transition:opacity .3s ease;transition:opacity .3s ease}.ui.icon.input>i.icon:not(.link){pointer-events:none}.ui.icon.input>input{padding-right:2.67142857em!important}.ui.icon.input>i.icon:after,.ui.icon.input>i.icon:before{left:0;position:absolute;text-align:center;top:50%;width:100%;margin-top:-.5em}.ui.icon.input>i.link.icon{cursor:pointer}.ui.icon.input>i.circular.icon{top:.35em;right:.5em}.ui[class*="left icon"].input>i.icon{right:auto;left:1px;border-radius:.28571429rem 0 0 .28571429rem}.ui[class*="left icon"].input>i.circular.icon{right:auto;left:.5em}.ui[class*="left icon"].input>input{padding-left:2.67142857em!important;padding-right:1em!important}.ui.icon.input>input:focus~i.icon{opacity:1}.ui.labeled.input>.label{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;margin:0;font-size:1em}.ui.labeled.input>.label:not(.corner){padding-top:.78571429em;padding-bottom:.78571429em}.ui.labeled.input:not([class*="corner labeled"]) .label:first-child{border-top-right-radius:0;border-bottom-right-radius:0}.ui.labeled.input:not([class*="corner labeled"]) .label:first-child+input{border-top-left-radius:0;border-bottom-left-radius:0;border-left-color:transparent}.ui.labeled.input:not([class*="corner labeled"]) .label:first-child+input:focus{border-left-color:#85b7d9}.ui[class*="right labeled"].input>input{border-top-right-radius:0!important;border-bottom-right-radius:0!important;border-right-color:transparent!important}.ui[class*="right labeled"].input>input+.label{border-top-left-radius:0;border-bottom-left-radius:0}.ui[class*="right labeled"].input>input:focus{border-right-color:#85b7d9!important}.ui.labeled.input .corner.label{top:1px;right:1px;font-size:.64285714em;border-radius:0 .28571429rem 0 0}.ui[class*="corner labeled"]:not([class*="left corner labeled"]).labeled.input>input{padding-right:2.5em!important}.ui[class*="corner labeled"].icon.input:not([class*="left corner labeled"])>input{padding-right:3.25em!important}.ui[class*="corner labeled"].icon.input:not([class*="left corner labeled"])>.icon{margin-right:1.25em}.ui[class*="left corner labeled"].labeled.input>input{padding-left:2.5em!important}.ui[class*="left corner labeled"].icon.input>input{padding-left:3.25em!important}.ui[class*="left corner labeled"].icon.input>.icon{margin-left:1.25em}.ui.input>.ui.corner.label{top:1px;right:1px}.ui.input>.ui.left.corner.label{right:auto;left:1px}.ui.action.input>.button,.ui.action.input>.buttons{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto}.ui.action.input>.button,.ui.action.input>.buttons>.button{padding-top:.78571429em;padding-bottom:.78571429em;margin:0}.ui.action.input:not([class*="left action"])>input{border-top-right-radius:0!important;border-bottom-right-radius:0!important;border-right-color:transparent!important}.ui.action.input:not([class*="left action"])>.button:not(:first-child),.ui.action.input:not([class*="left action"])>.buttons:not(:first-child)>.button,.ui.action.input:not([class*="left action"])>.dropdown:not(:first-child){border-radius:0}.ui.action.input:not([class*="left action"])>.button:last-child,.ui.action.input:not([class*="left action"])>.buttons:last-child>.button,.ui.action.input:not([class*="left action"])>.dropdown:last-child{border-radius:0 .28571429rem .28571429rem 0}.ui.action.input:not([class*="left action"])>input:focus{border-right-color:#85b7d9!important}.ui[class*="left action"].input>input{border-top-left-radius:0!important;border-bottom-left-radius:0!important;border-left-color:transparent!important}.ui[class*="left action"].input>.button,.ui[class*="left action"].input>.buttons>.button,.ui[class*="left action"].input>.dropdown{border-radius:0}.ui[class*="left action"].input>.button:first-child,.ui[class*="left action"].input>.buttons:first-child>.button,.ui[class*="left action"].input>.dropdown:first-child{border-radius:.28571429rem 0 0 .28571429rem}.ui[class*="left action"].input>input:focus{border-left-color:#85b7d9!important}.ui.inverted.input>input{border:none}.ui.fluid.input{display:-webkit-box;display:-ms-flexbox;display:flex}.ui.fluid.input>input{width:0!important}.ui.mini.input{font-size:.78571429em}.ui.small.input{font-size:.92857143em}.ui.input{font-size:1em}.ui.large.input{font-size:1.14285714em}.ui.big.input{font-size:1.28571429em}.ui.huge.input{font-size:1.42857143em}.ui.massive.input{font-size:1.71428571em}/*!
- * # Semantic UI 2.4.0 - Label
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.label{display:inline-block;line-height:1;vertical-align:baseline;margin:0 .14285714em;background-color:#e8e8e8;background-image:none;padding:.5833em .833em;color:rgba(0,0,0,.6);text-transform:none;font-weight:700;border:0 solid transparent;border-radius:.28571429rem;-webkit-transition:background .1s ease;transition:background .1s ease}.ui.label:first-child{margin-left:0}.ui.label:last-child{margin-right:0}a.ui.label{cursor:pointer}.ui.label>a{cursor:pointer;color:inherit;opacity:.5;-webkit-transition:.1s opacity ease;transition:.1s opacity ease}.ui.label>a:hover{opacity:1}.ui.label>img{width:auto!important;vertical-align:middle;height:2.1666em!important}.ui.label>.icon{width:auto;margin:0 .75em 0 0}.ui.label>.detail{display:inline-block;vertical-align:top;font-weight:700;margin-left:1em;opacity:.8}.ui.label>.detail .icon{margin:0 .25em 0 0}.ui.label>.close.icon,.ui.label>.delete.icon{cursor:pointer;margin-right:0;margin-left:.5em;font-size:.92857143em;opacity:.5;-webkit-transition:background .1s ease;transition:background .1s ease}.ui.label>.delete.icon:hover{opacity:1}.ui.labels>.label{margin:0 .5em .5em 0}.ui.header>.ui.label{margin-top:-.29165em}.ui.attached.segment>.ui.top.left.attached.label,.ui.bottom.attached.segment>.ui.top.left.attached.label{border-top-left-radius:0}.ui.attached.segment>.ui.top.right.attached.label,.ui.bottom.attached.segment>.ui.top.right.attached.label{border-top-right-radius:0}.ui.top.attached.segment>.ui.bottom.left.attached.label{border-bottom-left-radius:0}.ui.top.attached.segment>.ui.bottom.right.attached.label{border-bottom-right-radius:0}.ui.top.attached.label+[class*="right floated"]+*,.ui.top.attached.label:first-child+:not(.attached){margin-top:2rem!important}.ui.bottom.attached.label:first-child~:last-child:not(.attached){margin-top:0;margin-bottom:2rem!important}.ui.image.label{width:auto!important;margin-top:0;margin-bottom:0;max-width:9999px;vertical-align:baseline;text-transform:none;background:#e8e8e8;padding:.5833em .833em .5833em .5em;border-radius:.28571429rem;-webkit-box-shadow:none;box-shadow:none}.ui.image.label img{display:inline-block;vertical-align:top;height:2.1666em;margin:-.5833em .5em -.5833em -.5em;border-radius:.28571429rem 0 0 .28571429rem}.ui.image.label .detail{background:rgba(0,0,0,.1);margin:-.5833em -.833em -.5833em .5em;padding:.5833em .833em;border-radius:0 .28571429rem .28571429rem 0}.ui.tag.label,.ui.tag.labels .label{margin-left:1em;position:relative;padding-left:1.5em;padding-right:1.5em;border-radius:0 .28571429rem .28571429rem 0;-webkit-transition:none;transition:none}.ui.tag.label:before,.ui.tag.labels .label:before{position:absolute;-webkit-transform:translateY(-50%) translateX(50%) rotate(-45deg);transform:translateY(-50%) translateX(50%) rotate(-45deg);top:50%;right:100%;content:'';background-color:inherit;background-image:none;width:1.56em;height:1.56em;-webkit-transition:none;transition:none}.ui.tag.label:after,.ui.tag.labels .label:after{position:absolute;content:'';top:50%;left:-.25em;margin-top:-.25em;background-color:#fff!important;width:.5em;height:.5em;-webkit-box-shadow:0 -1px 1px 0 rgba(0,0,0,.3);box-shadow:0 -1px 1px 0 rgba(0,0,0,.3);border-radius:500rem}.ui.corner.label{position:absolute;top:0;right:0;margin:0;padding:0;text-align:center;border-color:#e8e8e8;width:4em;height:4em;z-index:1;-webkit-transition:border-color .1s ease;transition:border-color .1s ease}.ui.corner.label{background-color:transparent!important}.ui.corner.label:after{position:absolute;content:"";right:0;top:0;z-index:-1;width:0;height:0;background-color:transparent!important;border-top:0 solid transparent;border-right:4em solid transparent;border-bottom:4em solid transparent;border-left:0 solid transparent;border-right-color:inherit;-webkit-transition:border-color .1s ease;transition:border-color .1s ease}.ui.corner.label .icon{cursor:default;position:relative;top:.64285714em;left:.78571429em;font-size:1.14285714em;margin:0}.ui.left.corner.label,.ui.left.corner.label:after{right:auto;left:0}.ui.left.corner.label:after{border-top:4em solid transparent;border-right:4em solid transparent;border-bottom:0 solid transparent;border-left:0 solid transparent;border-top-color:inherit}.ui.left.corner.label .icon{left:-.78571429em}.ui.segment>.ui.corner.label{top:-1px;right:-1px}.ui.segment>.ui.left.corner.label{right:auto;left:-1px}.ui.ribbon.label{position:relative;margin:0;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;border-radius:0 .28571429rem .28571429rem 0;border-color:rgba(0,0,0,.15)}.ui.ribbon.label:after{position:absolute;content:'';top:100%;left:0;background-color:transparent!important;border-style:solid;border-width:0 1.2em 1.2em 0;border-color:transparent;border-right-color:inherit;width:0;height:0}.ui.ribbon.label{left:calc(-1rem - 1.2em);margin-right:-1.2em;padding-left:calc(1rem + 1.2em);padding-right:1.2em}.ui[class*="right ribbon"].label{left:calc(100% + 1rem + 1.2em);padding-left:1.2em;padding-right:calc(1rem + 1.2em)}.ui[class*="right ribbon"].label{text-align:left;-webkit-transform:translateX(-100%);transform:translateX(-100%);border-radius:.28571429rem 0 0 .28571429rem}.ui[class*="right ribbon"].label:after{left:auto;right:0;border-style:solid;border-width:1.2em 1.2em 0 0;border-color:transparent;border-top-color:inherit}.ui.card .image>.ribbon.label,.ui.image>.ribbon.label{position:absolute;top:1rem}.ui.card .image>.ui.ribbon.label,.ui.image>.ui.ribbon.label{left:calc(.05rem - 1.2em)}.ui.card .image>.ui[class*="right ribbon"].label,.ui.image>.ui[class*="right ribbon"].label{left:calc(100% + -.05rem + 1.2em);padding-left:.833em}.ui.table td>.ui.ribbon.label{left:calc(-.78571429em - 1.2em)}.ui.table td>.ui[class*="right ribbon"].label{left:calc(100% + .78571429em + 1.2em);padding-left:.833em}.ui.attached.label,.ui[class*="top attached"].label{width:100%;position:absolute;margin:0;top:0;left:0;padding:.75em 1em;border-radius:.21428571rem .21428571rem 0 0}.ui[class*="bottom attached"].label{top:auto;bottom:0;border-radius:0 0 .21428571rem .21428571rem}.ui[class*="top left attached"].label{width:auto;margin-top:0!important;border-radius:.21428571rem 0 .28571429rem 0}.ui[class*="top right attached"].label{width:auto;left:auto;right:0;border-radius:0 .21428571rem 0 .28571429rem}.ui[class*="bottom left attached"].label{width:auto;top:auto;bottom:0;border-radius:0 .28571429rem 0 .21428571rem}.ui[class*="bottom right attached"].label{top:auto;bottom:0;left:auto;right:0;width:auto;border-radius:.28571429rem 0 .21428571rem 0}.ui.label.disabled{opacity:.5}a.ui.label:hover,a.ui.labels .label:hover{background-color:#e0e0e0;border-color:#e0e0e0;background-image:none;color:rgba(0,0,0,.8)}.ui.labels a.label:hover:before,a.ui.label:hover:before{color:rgba(0,0,0,.8)}.ui.active.label{background-color:#d0d0d0;border-color:#d0d0d0;background-image:none;color:rgba(0,0,0,.95)}.ui.active.label:before{background-color:#d0d0d0;background-image:none;color:rgba(0,0,0,.95)}a.ui.active.label:hover,a.ui.labels .active.label:hover{background-color:#c8c8c8;border-color:#c8c8c8;background-image:none;color:rgba(0,0,0,.95)}.ui.labels a.active.label:ActiveHover:before,a.ui.active.label:ActiveHover:before{background-color:#c8c8c8;background-image:none;color:rgba(0,0,0,.95)}.ui.label.visible:not(.dropdown),.ui.labels.visible .label{display:inline-block!important}.ui.label.hidden,.ui.labels.hidden .label{display:none!important}.ui.red.label,.ui.red.labels .label{background-color:#db2828!important;border-color:#db2828!important;color:#fff!important}.ui.red.labels .label:hover,a.ui.red.label:hover{background-color:#d01919!important;border-color:#d01919!important;color:#fff!important}.ui.red.corner.label,.ui.red.corner.label:hover{background-color:transparent!important}.ui.red.ribbon.label{border-color:#b21e1e!important}.ui.basic.red.label{background:none #fff!important;color:#db2828!important;border-color:#db2828!important}.ui.basic.red.labels a.label:hover,a.ui.basic.red.label:hover{background-color:#fff!important;color:#d01919!important;border-color:#d01919!important}.ui.orange.label,.ui.orange.labels .label{background-color:#f2711c!important;border-color:#f2711c!important;color:#fff!important}.ui.orange.labels .label:hover,a.ui.orange.label:hover{background-color:#f26202!important;border-color:#f26202!important;color:#fff!important}.ui.orange.corner.label,.ui.orange.corner.label:hover{background-color:transparent!important}.ui.orange.ribbon.label{border-color:#cf590c!important}.ui.basic.orange.label{background:none #fff!important;color:#f2711c!important;border-color:#f2711c!important}.ui.basic.orange.labels a.label:hover,a.ui.basic.orange.label:hover{background-color:#fff!important;color:#f26202!important;border-color:#f26202!important}.ui.yellow.label,.ui.yellow.labels .label{background-color:#fbbd08!important;border-color:#fbbd08!important;color:#fff!important}.ui.yellow.labels .label:hover,a.ui.yellow.label:hover{background-color:#eaae00!important;border-color:#eaae00!important;color:#fff!important}.ui.yellow.corner.label,.ui.yellow.corner.label:hover{background-color:transparent!important}.ui.yellow.ribbon.label{border-color:#cd9903!important}.ui.basic.yellow.label{background:none #fff!important;color:#fbbd08!important;border-color:#fbbd08!important}.ui.basic.yellow.labels a.label:hover,a.ui.basic.yellow.label:hover{background-color:#fff!important;color:#eaae00!important;border-color:#eaae00!important}.ui.olive.label,.ui.olive.labels .label{background-color:#b5cc18!important;border-color:#b5cc18!important;color:#fff!important}.ui.olive.labels .label:hover,a.ui.olive.label:hover{background-color:#a7bd0d!important;border-color:#a7bd0d!important;color:#fff!important}.ui.olive.corner.label,.ui.olive.corner.label:hover{background-color:transparent!important}.ui.olive.ribbon.label{border-color:#198f35!important}.ui.basic.olive.label{background:none #fff!important;color:#b5cc18!important;border-color:#b5cc18!important}.ui.basic.olive.labels a.label:hover,a.ui.basic.olive.label:hover{background-color:#fff!important;color:#a7bd0d!important;border-color:#a7bd0d!important}.ui.green.label,.ui.green.labels .label{background-color:#21ba45!important;border-color:#21ba45!important;color:#fff!important}.ui.green.labels .label:hover,a.ui.green.label:hover{background-color:#16ab39!important;border-color:#16ab39!important;color:#fff!important}.ui.green.corner.label,.ui.green.corner.label:hover{background-color:transparent!important}.ui.green.ribbon.label{border-color:#198f35!important}.ui.basic.green.label{background:none #fff!important;color:#21ba45!important;border-color:#21ba45!important}.ui.basic.green.labels a.label:hover,a.ui.basic.green.label:hover{background-color:#fff!important;color:#16ab39!important;border-color:#16ab39!important}.ui.teal.label,.ui.teal.labels .label{background-color:#00b5ad!important;border-color:#00b5ad!important;color:#fff!important}.ui.teal.labels .label:hover,a.ui.teal.label:hover{background-color:#009c95!important;border-color:#009c95!important;color:#fff!important}.ui.teal.corner.label,.ui.teal.corner.label:hover{background-color:transparent!important}.ui.teal.ribbon.label{border-color:#00827c!important}.ui.basic.teal.label{background:none #fff!important;color:#00b5ad!important;border-color:#00b5ad!important}.ui.basic.teal.labels a.label:hover,a.ui.basic.teal.label:hover{background-color:#fff!important;color:#009c95!important;border-color:#009c95!important}.ui.blue.label,.ui.blue.labels .label{background-color:#2185d0!important;border-color:#2185d0!important;color:#fff!important}.ui.blue.labels .label:hover,a.ui.blue.label:hover{background-color:#1678c2!important;border-color:#1678c2!important;color:#fff!important}.ui.blue.corner.label,.ui.blue.corner.label:hover{background-color:transparent!important}.ui.blue.ribbon.label{border-color:#1a69a4!important}.ui.basic.blue.label{background:none #fff!important;color:#2185d0!important;border-color:#2185d0!important}.ui.basic.blue.labels a.label:hover,a.ui.basic.blue.label:hover{background-color:#fff!important;color:#1678c2!important;border-color:#1678c2!important}.ui.violet.label,.ui.violet.labels .label{background-color:#6435c9!important;border-color:#6435c9!important;color:#fff!important}.ui.violet.labels .label:hover,a.ui.violet.label:hover{background-color:#5829bb!important;border-color:#5829bb!important;color:#fff!important}.ui.violet.corner.label,.ui.violet.corner.label:hover{background-color:transparent!important}.ui.violet.ribbon.label{border-color:#502aa1!important}.ui.basic.violet.label{background:none #fff!important;color:#6435c9!important;border-color:#6435c9!important}.ui.basic.violet.labels a.label:hover,a.ui.basic.violet.label:hover{background-color:#fff!important;color:#5829bb!important;border-color:#5829bb!important}.ui.purple.label,.ui.purple.labels .label{background-color:#a333c8!important;border-color:#a333c8!important;color:#fff!important}.ui.purple.labels .label:hover,a.ui.purple.label:hover{background-color:#9627ba!important;border-color:#9627ba!important;color:#fff!important}.ui.purple.corner.label,.ui.purple.corner.label:hover{background-color:transparent!important}.ui.purple.ribbon.label{border-color:#82299f!important}.ui.basic.purple.label{background:none #fff!important;color:#a333c8!important;border-color:#a333c8!important}.ui.basic.purple.labels a.label:hover,a.ui.basic.purple.label:hover{background-color:#fff!important;color:#9627ba!important;border-color:#9627ba!important}.ui.pink.label,.ui.pink.labels .label{background-color:#e03997!important;border-color:#e03997!important;color:#fff!important}.ui.pink.labels .label:hover,a.ui.pink.label:hover{background-color:#e61a8d!important;border-color:#e61a8d!important;color:#fff!important}.ui.pink.corner.label,.ui.pink.corner.label:hover{background-color:transparent!important}.ui.pink.ribbon.label{border-color:#c71f7e!important}.ui.basic.pink.label{background:none #fff!important;color:#e03997!important;border-color:#e03997!important}.ui.basic.pink.labels a.label:hover,a.ui.basic.pink.label:hover{background-color:#fff!important;color:#e61a8d!important;border-color:#e61a8d!important}.ui.brown.label,.ui.brown.labels .label{background-color:#a5673f!important;border-color:#a5673f!important;color:#fff!important}.ui.brown.labels .label:hover,a.ui.brown.label:hover{background-color:#975b33!important;border-color:#975b33!important;color:#fff!important}.ui.brown.corner.label,.ui.brown.corner.label:hover{background-color:transparent!important}.ui.brown.ribbon.label{border-color:#805031!important}.ui.basic.brown.label{background:none #fff!important;color:#a5673f!important;border-color:#a5673f!important}.ui.basic.brown.labels a.label:hover,a.ui.basic.brown.label:hover{background-color:#fff!important;color:#975b33!important;border-color:#975b33!important}.ui.grey.label,.ui.grey.labels .label{background-color:#767676!important;border-color:#767676!important;color:#fff!important}.ui.grey.labels .label:hover,a.ui.grey.label:hover{background-color:#838383!important;border-color:#838383!important;color:#fff!important}.ui.grey.corner.label,.ui.grey.corner.label:hover{background-color:transparent!important}.ui.grey.ribbon.label{border-color:#805031!important}.ui.basic.grey.label{background:none #fff!important;color:#767676!important;border-color:#767676!important}.ui.basic.grey.labels a.label:hover,a.ui.basic.grey.label:hover{background-color:#fff!important;color:#838383!important;border-color:#838383!important}.ui.black.label,.ui.black.labels .label{background-color:#1b1c1d!important;border-color:#1b1c1d!important;color:#fff!important}.ui.black.labels .label:hover,a.ui.black.label:hover{background-color:#27292a!important;border-color:#27292a!important;color:#fff!important}.ui.black.corner.label,.ui.black.corner.label:hover{background-color:transparent!important}.ui.black.ribbon.label{border-color:#805031!important}.ui.basic.black.label{background:none #fff!important;color:#1b1c1d!important;border-color:#1b1c1d!important}.ui.basic.black.labels a.label:hover,a.ui.basic.black.label:hover{background-color:#fff!important;color:#27292a!important;border-color:#27292a!important}.ui.basic.label{background:none #fff;border:1px solid rgba(34,36,38,.15);color:rgba(0,0,0,.87);-webkit-box-shadow:none;box-shadow:none}a.ui.basic.label:hover{text-decoration:none;background:none #fff;color:#1e70bf;-webkit-box-shadow:1px solid rgba(34,36,38,.15);box-shadow:1px solid rgba(34,36,38,.15);-webkit-box-shadow:none;box-shadow:none}.ui.basic.pointing.label:before{border-color:inherit}.ui.fluid.labels>.label,.ui.label.fluid{width:100%;-webkit-box-sizing:border-box;box-sizing:border-box}.ui.inverted.label,.ui.inverted.labels .label{color:rgba(255,255,255,.9)!important}.ui.horizontal.label,.ui.horizontal.labels .label{margin:0 .5em 0 0;padding:.4em .833em;min-width:3em;text-align:center}.ui.circular.label,.ui.circular.labels .label{min-width:2em;min-height:2em;padding:.5em!important;line-height:1em;text-align:center;border-radius:500rem}.ui.empty.circular.label,.ui.empty.circular.labels .label{min-width:0;min-height:0;overflow:hidden;width:.5em;height:.5em;vertical-align:baseline}.ui.pointing.label{position:relative}.ui.attached.pointing.label{position:absolute}.ui.pointing.label:before{background-color:inherit;background-image:inherit;border-width:none;border-style:solid;border-color:inherit}.ui.pointing.label:before{position:absolute;content:'';-webkit-transform:rotate(45deg);transform:rotate(45deg);background-image:none;z-index:2;width:.6666em;height:.6666em;-webkit-transition:background .1s ease;transition:background .1s ease}.ui.pointing.label,.ui[class*="pointing above"].label{margin-top:1em}.ui.pointing.label:before,.ui[class*="pointing above"].label:before{border-width:1px 0 0 1px;-webkit-transform:translateX(-50%) translateY(-50%) rotate(45deg);transform:translateX(-50%) translateY(-50%) rotate(45deg);top:0;left:50%}.ui[class*="bottom pointing"].label,.ui[class*="pointing below"].label{margin-top:0;margin-bottom:1em}.ui[class*="bottom pointing"].label:before,.ui[class*="pointing below"].label:before{border-width:0 1px 1px 0;top:auto;right:auto;-webkit-transform:translateX(-50%) translateY(-50%) rotate(45deg);transform:translateX(-50%) translateY(-50%) rotate(45deg);top:100%;left:50%}.ui[class*="left pointing"].label{margin-top:0;margin-left:.6666em}.ui[class*="left pointing"].label:before{border-width:0 0 1px 1px;-webkit-transform:translateX(-50%) translateY(-50%) rotate(45deg);transform:translateX(-50%) translateY(-50%) rotate(45deg);bottom:auto;right:auto;top:50%;left:0}.ui[class*="right pointing"].label{margin-top:0;margin-right:.6666em}.ui[class*="right pointing"].label:before{border-width:1px 1px 0 0;-webkit-transform:translateX(50%) translateY(-50%) rotate(45deg);transform:translateX(50%) translateY(-50%) rotate(45deg);top:50%;right:0;bottom:auto;left:auto}.ui.basic.pointing.label:before,.ui.basic[class*="pointing above"].label:before{margin-top:-1px}.ui.basic[class*="bottom pointing"].label:before,.ui.basic[class*="pointing below"].label:before{bottom:auto;top:100%;margin-top:1px}.ui.basic[class*="left pointing"].label:before{top:50%;left:-1px}.ui.basic[class*="right pointing"].label:before{top:50%;right:-1px}.ui.floating.label{position:absolute;z-index:100;top:-1em;left:100%;margin:0 0 0 -1.5em!important}.ui.mini.label,.ui.mini.labels .label{font-size:.64285714rem}.ui.tiny.label,.ui.tiny.labels .label{font-size:.71428571rem}.ui.small.label,.ui.small.labels .label{font-size:.78571429rem}.ui.label,.ui.labels .label{font-size:.85714286rem}.ui.large.label,.ui.large.labels .label{font-size:1rem}.ui.big.label,.ui.big.labels .label{font-size:1.28571429rem}.ui.huge.label,.ui.huge.labels .label{font-size:1.42857143rem}.ui.massive.label,.ui.massive.labels .label{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - List
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.list,ol.ui.list,ul.ui.list{list-style-type:none;margin:1em 0;padding:0 0}.ui.list:first-child,ol.ui.list:first-child,ul.ui.list:first-child{margin-top:0;padding-top:0}.ui.list:last-child,ol.ui.list:last-child,ul.ui.list:last-child{margin-bottom:0;padding-bottom:0}.ui.list .list>.item,.ui.list>.item,ol.ui.list li,ul.ui.list li{display:list-item;table-layout:fixed;list-style-type:none;list-style-position:outside;padding:.21428571em 0;line-height:1.14285714em}.ui.list>.item:after,.ui.list>.list>.item,ol.ui.list>li:first-child:after,ul.ui.list>li:first-child:after{content:'';display:block;height:0;clear:both;visibility:hidden}.ui.list .list>.item:first-child,.ui.list>.item:first-child,ol.ui.list li:first-child,ul.ui.list li:first-child{padding-top:0}.ui.list .list>.item:last-child,.ui.list>.item:last-child,ol.ui.list li:last-child,ul.ui.list li:last-child{padding-bottom:0}.ui.list .list,ol.ui.list ol,ul.ui.list ul{clear:both;margin:0;padding:.75em 0 .25em .5em}.ui.list .list>.item,ol.ui.list ol li,ul.ui.list ul li{padding:.14285714em 0;line-height:inherit}.ui.list .list>.item>i.icon,.ui.list>.item>i.icon{display:table-cell;margin:0;padding-top:0;padding-right:.28571429em;vertical-align:top;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.list .list>.item>i.icon:only-child,.ui.list>.item>i.icon:only-child{display:inline-block;vertical-align:top}.ui.list .list>.item>.image,.ui.list>.item>.image{display:table-cell;background-color:transparent;margin:0;vertical-align:top}.ui.list .list>.item>.image:not(:only-child):not(img),.ui.list>.item>.image:not(:only-child):not(img){padding-right:.5em}.ui.list .list>.item>.image img,.ui.list>.item>.image img{vertical-align:top}.ui.list .list>.item>.image:only-child,.ui.list .list>.item>img.image,.ui.list>.item>.image:only-child,.ui.list>.item>img.image{display:inline-block}.ui.list .list>.item>.content,.ui.list>.item>.content{line-height:1.14285714em}.ui.list .list>.item>.icon+.content,.ui.list .list>.item>.image+.content,.ui.list>.item>.icon+.content,.ui.list>.item>.image+.content{display:table-cell;width:100%;padding:0 0 0 .5em;vertical-align:top}.ui.list .list>.item>img.image+.content,.ui.list>.item>img.image+.content{display:inline-block;width:auto}.ui.list .list>.item>.content>.list,.ui.list>.item>.content>.list{margin-left:0;padding-left:0}.ui.list .list>.item .header,.ui.list>.item .header{display:block;margin:0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-weight:700;color:rgba(0,0,0,.87)}.ui.list .list>.item .description,.ui.list>.item .description{display:block;color:rgba(0,0,0,.7)}.ui.list .list>.item a,.ui.list>.item a{cursor:pointer}.ui.list .list>a.item,.ui.list>a.item{cursor:pointer;color:#4183c4}.ui.list .list>a.item:hover,.ui.list>a.item:hover{color:#1e70bf}.ui.list .list>a.item i.icon,.ui.list>a.item i.icon{color:rgba(0,0,0,.4)}.ui.list .list>.item a.header,.ui.list>.item a.header{cursor:pointer;color:#4183c4!important}.ui.list .list>.item a.header:hover,.ui.list>.item a.header:hover{color:#1e70bf!important}.ui[class*="left floated"].list{float:left}.ui[class*="right floated"].list{float:right}.ui.list .list>.item [class*="left floated"],.ui.list>.item [class*="left floated"]{float:left;margin:0 1em 0 0}.ui.list .list>.item [class*="right floated"],.ui.list>.item [class*="right floated"]{float:right;margin:0 0 0 1em}.ui.menu .ui.list .list>.item,.ui.menu .ui.list>.item{display:list-item;table-layout:fixed;background-color:transparent;list-style-type:none;list-style-position:outside;padding:.21428571em 0;line-height:1.14285714em}.ui.menu .ui.list .list>.item:before,.ui.menu .ui.list>.item:before{border:none;background:0 0}.ui.menu .ui.list .list>.item:first-child,.ui.menu .ui.list>.item:first-child{padding-top:0}.ui.menu .ui.list .list>.item:last-child,.ui.menu .ui.list>.item:last-child{padding-bottom:0}.ui.horizontal.list{display:inline-block;font-size:0}.ui.horizontal.list>.item{display:inline-block;margin-left:1em;font-size:1rem}.ui.horizontal.list:not(.celled)>.item:first-child{margin-left:0!important;padding-left:0!important}.ui.horizontal.list .list{padding-left:0;padding-bottom:0}.ui.horizontal.list .list>.item>.content,.ui.horizontal.list .list>.item>.icon,.ui.horizontal.list .list>.item>.image,.ui.horizontal.list>.item>.content,.ui.horizontal.list>.item>.icon,.ui.horizontal.list>.item>.image{vertical-align:middle}.ui.horizontal.list>.item:first-child,.ui.horizontal.list>.item:last-child{padding-top:.21428571em;padding-bottom:.21428571em}.ui.horizontal.list>.item>i.icon{margin:0;padding:0 .25em 0 0}.ui.horizontal.list>.item>.icon,.ui.horizontal.list>.item>.icon+.content{float:none;display:inline-block}.ui.list .list>.disabled.item,.ui.list>.disabled.item{pointer-events:none;color:rgba(40,40,40,.3)!important}.ui.inverted.list .list>.disabled.item,.ui.inverted.list>.disabled.item{color:rgba(225,225,225,.3)!important}.ui.list .list>a.item:hover .icon,.ui.list>a.item:hover .icon{color:rgba(0,0,0,.87)}.ui.inverted.list .list>a.item>.icon,.ui.inverted.list>a.item>.icon{color:rgba(255,255,255,.7)}.ui.inverted.list .list>.item .header,.ui.inverted.list>.item .header{color:rgba(255,255,255,.9)}.ui.inverted.list .list>.item .description,.ui.inverted.list>.item .description{color:rgba(255,255,255,.7)}.ui.inverted.list .list>a.item,.ui.inverted.list>a.item{cursor:pointer;color:rgba(255,255,255,.9)}.ui.inverted.list .list>a.item:hover,.ui.inverted.list>a.item:hover{color:#1e70bf}.ui.inverted.list .item a:not(.ui){color:rgba(255,255,255,.9)!important}.ui.inverted.list .item a:not(.ui):hover{color:#1e70bf!important}.ui.list [class*="top aligned"],.ui.list[class*="top aligned"] .content,.ui.list[class*="top aligned"] .image{vertical-align:top!important}.ui.list [class*="middle aligned"],.ui.list[class*="middle aligned"] .content,.ui.list[class*="middle aligned"] .image{vertical-align:middle!important}.ui.list [class*="bottom aligned"],.ui.list[class*="bottom aligned"] .content,.ui.list[class*="bottom aligned"] .image{vertical-align:bottom!important}.ui.link.list .item,.ui.link.list .item a:not(.ui),.ui.link.list a.item{color:rgba(0,0,0,.4);-webkit-transition:.1s color ease;transition:.1s color ease}.ui.link.list.list .item a:not(.ui):hover,.ui.link.list.list a.item:hover{color:rgba(0,0,0,.8)}.ui.link.list.list .item a:not(.ui):active,.ui.link.list.list a.item:active{color:rgba(0,0,0,.9)}.ui.link.list.list .active.item,.ui.link.list.list .active.item a:not(.ui){color:rgba(0,0,0,.95)}.ui.inverted.link.list .item,.ui.inverted.link.list .item a:not(.ui),.ui.inverted.link.list a.item{color:rgba(255,255,255,.5)}.ui.inverted.link.list.list .item a:not(.ui):hover,.ui.inverted.link.list.list a.item:hover{color:#fff}.ui.inverted.link.list.list .item a:not(.ui):active,.ui.inverted.link.list.list a.item:active{color:#fff}.ui.inverted.link.list.list .active.item a:not(.ui),.ui.inverted.link.list.list a.active.item{color:#fff}.ui.selection.list .list>.item,.ui.selection.list>.item{cursor:pointer;background:0 0;padding:.5em .5em;margin:0;color:rgba(0,0,0,.4);border-radius:.5em;-webkit-transition:.1s color ease,.1s padding-left ease,.1s background-color ease;transition:.1s color ease,.1s padding-left ease,.1s background-color ease}.ui.selection.list .list>.item:last-child,.ui.selection.list>.item:last-child{margin-bottom:0}.ui.selection.list.list>.item:hover,.ui.selection.list>.item:hover{background:rgba(0,0,0,.03);color:rgba(0,0,0,.8)}.ui.selection.list .list>.item:active,.ui.selection.list>.item:active{background:rgba(0,0,0,.05);color:rgba(0,0,0,.9)}.ui.selection.list .list>.item.active,.ui.selection.list>.item.active{background:rgba(0,0,0,.05);color:rgba(0,0,0,.95)}.ui.inverted.selection.list>.item{background:0 0;color:rgba(255,255,255,.5)}.ui.inverted.selection.list>.item:hover{background:rgba(255,255,255,.02);color:#fff}.ui.inverted.selection.list>.item:active{background:rgba(255,255,255,.08);color:#fff}.ui.inverted.selection.list>.item.active{background:rgba(255,255,255,.08);color:#fff}.ui.celled.selection.list .list>.item,.ui.celled.selection.list>.item,.ui.divided.selection.list .list>.item,.ui.divided.selection.list>.item{border-radius:0}.ui.animated.list>.item{-webkit-transition:.25s color ease .1s,.25s padding-left ease .1s,.25s background-color ease .1s;transition:.25s color ease .1s,.25s padding-left ease .1s,.25s background-color ease .1s}.ui.animated.list:not(.horizontal)>.item:hover{padding-left:1em}.ui.fitted.list:not(.selection) .list>.item,.ui.fitted.list:not(.selection)>.item{padding-left:0;padding-right:0}.ui.fitted.selection.list .list>.item,.ui.fitted.selection.list>.item{margin-left:-.5em;margin-right:-.5em}.ui.bulleted.list,ul.ui.list{margin-left:1.25rem}.ui.bulleted.list .list>.item,.ui.bulleted.list>.item,ul.ui.list li{position:relative}.ui.bulleted.list .list>.item:before,.ui.bulleted.list>.item:before,ul.ui.list li:before{-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;pointer-events:none;position:absolute;top:auto;left:auto;font-weight:400;margin-left:-1.25rem;content:'•';opacity:1;color:inherit;vertical-align:top}.ui.bulleted.list .list>a.item:before,.ui.bulleted.list>a.item:before,ul.ui.list li:before{color:rgba(0,0,0,.87)}.ui.bulleted.list .list,ul.ui.list ul{padding-left:1.25rem}.ui.horizontal.bulleted.list,ul.ui.horizontal.bulleted.list{margin-left:0}.ui.horizontal.bulleted.list>.item,ul.ui.horizontal.bulleted.list li{margin-left:1.75rem}.ui.horizontal.bulleted.list>.item:first-child,ul.ui.horizontal.bulleted.list li:first-child{margin-left:0}.ui.horizontal.bulleted.list>.item::before,ul.ui.horizontal.bulleted.list li::before{color:rgba(0,0,0,.87)}.ui.horizontal.bulleted.list>.item:first-child::before,ul.ui.horizontal.bulleted.list li:first-child::before{display:none}.ui.ordered.list,.ui.ordered.list .list,ol.ui.list,ol.ui.list ol{counter-reset:ordered;margin-left:1.25rem;list-style-type:none}.ui.ordered.list .list>.item,.ui.ordered.list>.item,ol.ui.list li{list-style-type:none;position:relative}.ui.ordered.list .list>.item:before,.ui.ordered.list>.item:before,ol.ui.list li:before{position:absolute;top:auto;left:auto;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;pointer-events:none;margin-left:-1.25rem;counter-increment:ordered;content:counters(ordered, ".") " ";text-align:right;color:rgba(0,0,0,.87);vertical-align:middle;opacity:.8}.ui.ordered.inverted.list .list>.item:before,.ui.ordered.inverted.list>.item:before,ol.ui.inverted.list li:before{color:rgba(255,255,255,.7)}.ui.ordered.list>.item[data-value],.ui.ordered.list>.list>.item[data-value]{content:attr(data-value)}ol.ui.list li[value]:before{content:attr(value)}.ui.ordered.list .list,ol.ui.list ol{margin-left:1em}.ui.ordered.list .list>.item:before,ol.ui.list ol li:before{margin-left:-2em}.ui.ordered.horizontal.list,ol.ui.horizontal.list{margin-left:0}.ui.ordered.horizontal.list .list>.item:before,.ui.ordered.horizontal.list>.item:before,ol.ui.horizontal.list li:before{position:static;margin:0 .5em 0 0}.ui.divided.list>.item{border-top:1px solid rgba(34,36,38,.15)}.ui.divided.list .list>.item{border-top:none}.ui.divided.list .item .list>.item{border-top:none}.ui.divided.list .list>.item:first-child,.ui.divided.list>.item:first-child{border-top:none}.ui.divided.list:not(.horizontal) .list>.item:first-child{border-top-width:1px}.ui.divided.bulleted.list .list,.ui.divided.bulleted.list:not(.horizontal){margin-left:0;padding-left:0}.ui.divided.bulleted.list>.item:not(.horizontal){padding-left:1.25rem}.ui.divided.ordered.list{margin-left:0}.ui.divided.ordered.list .list>.item,.ui.divided.ordered.list>.item{padding-left:1.25rem}.ui.divided.ordered.list .item .list{margin-left:0;margin-right:0;padding-bottom:.21428571em}.ui.divided.ordered.list .item .list>.item{padding-left:1em}.ui.divided.selection.list .list>.item,.ui.divided.selection.list>.item{margin:0;border-radius:0}.ui.divided.horizontal.list{margin-left:0}.ui.divided.horizontal.list>.item:not(:first-child){padding-left:.5em}.ui.divided.horizontal.list>.item:not(:last-child){padding-right:.5em}.ui.divided.horizontal.list>.item{border-top:none;border-left:1px solid rgba(34,36,38,.15);margin:0;line-height:.6}.ui.horizontal.divided.list>.item:first-child{border-left:none}.ui.divided.inverted.horizontal.list>.item,.ui.divided.inverted.list>.item,.ui.divided.inverted.list>.list{border-color:rgba(255,255,255,.1)}.ui.celled.list>.item,.ui.celled.list>.list{border-top:1px solid rgba(34,36,38,.15);padding-left:.5em;padding-right:.5em}.ui.celled.list>.item:last-child{border-bottom:1px solid rgba(34,36,38,.15)}.ui.celled.list>.item:first-child,.ui.celled.list>.item:last-child{padding-top:.21428571em;padding-bottom:.21428571em}.ui.celled.list .item .list>.item{border-width:0}.ui.celled.list .list>.item:first-child{border-top-width:0}.ui.celled.bulleted.list{margin-left:0}.ui.celled.bulleted.list .list>.item,.ui.celled.bulleted.list>.item{padding-left:1.25rem}.ui.celled.bulleted.list .item .list{margin-left:-1.25rem;margin-right:-1.25rem;padding-bottom:.21428571em}.ui.celled.ordered.list{margin-left:0}.ui.celled.ordered.list .list>.item,.ui.celled.ordered.list>.item{padding-left:1.25rem}.ui.celled.ordered.list .item .list{margin-left:0;margin-right:0;padding-bottom:.21428571em}.ui.celled.ordered.list .list>.item{padding-left:1em}.ui.horizontal.celled.list{margin-left:0}.ui.horizontal.celled.list .list>.item,.ui.horizontal.celled.list>.item{border-top:none;border-left:1px solid rgba(34,36,38,.15);margin:0;padding-left:.5em;padding-right:.5em;line-height:.6}.ui.horizontal.celled.list .list>.item:last-child,.ui.horizontal.celled.list>.item:last-child{border-bottom:none;border-right:1px solid rgba(34,36,38,.15)}.ui.celled.inverted.list>.item,.ui.celled.inverted.list>.list{border-color:1px solid rgba(255,255,255,.1)}.ui.celled.inverted.horizontal.list .list>.item,.ui.celled.inverted.horizontal.list>.item{border-color:1px solid rgba(255,255,255,.1)}.ui.relaxed.list:not(.horizontal)>.item:not(:first-child){padding-top:.42857143em}.ui.relaxed.list:not(.horizontal)>.item:not(:last-child){padding-bottom:.42857143em}.ui.horizontal.relaxed.list .list>.item:not(:first-child),.ui.horizontal.relaxed.list>.item:not(:first-child){padding-left:1rem}.ui.horizontal.relaxed.list .list>.item:not(:last-child),.ui.horizontal.relaxed.list>.item:not(:last-child){padding-right:1rem}.ui[class*="very relaxed"].list:not(.horizontal)>.item:not(:first-child){padding-top:.85714286em}.ui[class*="very relaxed"].list:not(.horizontal)>.item:not(:last-child){padding-bottom:.85714286em}.ui.horizontal[class*="very relaxed"].list .list>.item:not(:first-child),.ui.horizontal[class*="very relaxed"].list>.item:not(:first-child){padding-left:1.5rem}.ui.horizontal[class*="very relaxed"].list .list>.item:not(:last-child),.ui.horizontal[class*="very relaxed"].list>.item:not(:last-child){padding-right:1.5rem}.ui.mini.list{font-size:.78571429em}.ui.tiny.list{font-size:.85714286em}.ui.small.list{font-size:.92857143em}.ui.list{font-size:1em}.ui.large.list{font-size:1.14285714em}.ui.big.list{font-size:1.28571429em}.ui.huge.list{font-size:1.42857143em}.ui.massive.list{font-size:1.71428571em}.ui.mini.horizontal.list .list>.item,.ui.mini.horizontal.list>.item{font-size:.78571429rem}.ui.tiny.horizontal.list .list>.item,.ui.tiny.horizontal.list>.item{font-size:.85714286rem}.ui.small.horizontal.list .list>.item,.ui.small.horizontal.list>.item{font-size:.92857143rem}.ui.horizontal.list .list>.item,.ui.horizontal.list>.item{font-size:1rem}.ui.large.horizontal.list .list>.item,.ui.large.horizontal.list>.item{font-size:1.14285714rem}.ui.big.horizontal.list .list>.item,.ui.big.horizontal.list>.item{font-size:1.28571429rem}.ui.huge.horizontal.list .list>.item,.ui.huge.horizontal.list>.item{font-size:1.42857143rem}.ui.massive.horizontal.list .list>.item,.ui.massive.horizontal.list>.item{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - Loader
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.loader{display:none;position:absolute;top:50%;left:50%;margin:0;text-align:center;z-index:1000;-webkit-transform:translateX(-50%) translateY(-50%);transform:translateX(-50%) translateY(-50%)}.ui.loader:before{position:absolute;content:'';top:0;left:50%;width:100%;height:100%;border-radius:500rem;border:.2em solid rgba(0,0,0,.1)}.ui.loader:after{position:absolute;content:'';top:0;left:50%;width:100%;height:100%;-webkit-animation:loader .6s linear;animation:loader .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 transparent transparent;border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent}@-webkit-keyframes loader{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes loader{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.ui.mini.loader:after,.ui.mini.loader:before{width:1rem;height:1rem;margin:0 0 0 -.5rem}.ui.tiny.loader:after,.ui.tiny.loader:before{width:1.14285714rem;height:1.14285714rem;margin:0 0 0 -.57142857rem}.ui.small.loader:after,.ui.small.loader:before{width:1.71428571rem;height:1.71428571rem;margin:0 0 0 -.85714286rem}.ui.loader:after,.ui.loader:before{width:2.28571429rem;height:2.28571429rem;margin:0 0 0 -1.14285714rem}.ui.large.loader:after,.ui.large.loader:before{width:3.42857143rem;height:3.42857143rem;margin:0 0 0 -1.71428571rem}.ui.big.loader:after,.ui.big.loader:before{width:3.71428571rem;height:3.71428571rem;margin:0 0 0 -1.85714286rem}.ui.huge.loader:after,.ui.huge.loader:before{width:4.14285714rem;height:4.14285714rem;margin:0 0 0 -2.07142857rem}.ui.massive.loader:after,.ui.massive.loader:before{width:4.57142857rem;height:4.57142857rem;margin:0 0 0 -2.28571429rem}.ui.dimmer .loader{display:block}.ui.dimmer .ui.loader{color:rgba(255,255,255,.9)}.ui.dimmer .ui.loader:before{border-color:rgba(255,255,255,.15)}.ui.dimmer .ui.loader:after{border-color:#fff transparent transparent}.ui.inverted.dimmer .ui.loader{color:rgba(0,0,0,.87)}.ui.inverted.dimmer .ui.loader:before{border-color:rgba(0,0,0,.1)}.ui.inverted.dimmer .ui.loader:after{border-color:#767676 transparent transparent}.ui.text.loader{width:auto!important;height:auto!important;text-align:center;font-style:normal}.ui.indeterminate.loader:after{animation-direction:reverse;-webkit-animation-duration:1.2s;animation-duration:1.2s}.ui.loader.active,.ui.loader.visible{display:block}.ui.loader.disabled,.ui.loader.hidden{display:none}.ui.inverted.dimmer .ui.mini.loader,.ui.mini.loader{width:1rem;height:1rem;font-size:.78571429em}.ui.inverted.dimmer .ui.tiny.loader,.ui.tiny.loader{width:1.14285714rem;height:1.14285714rem;font-size:.85714286em}.ui.inverted.dimmer .ui.small.loader,.ui.small.loader{width:1.71428571rem;height:1.71428571rem;font-size:.92857143em}.ui.inverted.dimmer .ui.loader,.ui.loader{width:2.28571429rem;height:2.28571429rem;font-size:1em}.ui.inverted.dimmer .ui.large.loader,.ui.large.loader{width:3.42857143rem;height:3.42857143rem;font-size:1.14285714em}.ui.big.loader,.ui.inverted.dimmer .ui.big.loader{width:3.71428571rem;height:3.71428571rem;font-size:1.28571429em}.ui.huge.loader,.ui.inverted.dimmer .ui.huge.loader{width:4.14285714rem;height:4.14285714rem;font-size:1.42857143em}.ui.inverted.dimmer .ui.massive.loader,.ui.massive.loader{width:4.57142857rem;height:4.57142857rem;font-size:1.71428571em}.ui.mini.text.loader{min-width:1rem;padding-top:1.78571429rem}.ui.tiny.text.loader{min-width:1.14285714rem;padding-top:1.92857143rem}.ui.small.text.loader{min-width:1.71428571rem;padding-top:2.5rem}.ui.text.loader{min-width:2.28571429rem;padding-top:3.07142857rem}.ui.large.text.loader{min-width:3.42857143rem;padding-top:4.21428571rem}.ui.big.text.loader{min-width:3.71428571rem;padding-top:4.5rem}.ui.huge.text.loader{min-width:4.14285714rem;padding-top:4.92857143rem}.ui.massive.text.loader{min-width:4.57142857rem;padding-top:5.35714286rem}.ui.inverted.loader{color:rgba(255,255,255,.9)}.ui.inverted.loader:before{border-color:rgba(255,255,255,.15)}.ui.inverted.loader:after{border-top-color:#fff}.ui.inline.loader{position:relative;vertical-align:middle;margin:0;left:0;top:0;-webkit-transform:none;transform:none}.ui.inline.loader.active,.ui.inline.loader.visible{display:inline-block}.ui.centered.inline.loader.active,.ui.centered.inline.loader.visible{display:block;margin-left:auto;margin-right:auto}/*!
- * # Semantic UI 2.4.0 - Loader
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.placeholder{position:static;overflow:hidden;-webkit-animation:placeholderShimmer 2s linear;animation:placeholderShimmer 2s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;background-color:#fff;background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.08)),color-stop(15%,rgba(0,0,0,.15)),color-stop(30%,rgba(0,0,0,.08)));background-image:-webkit-linear-gradient(left,rgba(0,0,0,.08) 0,rgba(0,0,0,.15) 15%,rgba(0,0,0,.08) 30%);background-image:linear-gradient(to right,rgba(0,0,0,.08) 0,rgba(0,0,0,.15) 15%,rgba(0,0,0,.08) 30%);background-size:1200px 100%;max-width:30rem}@-webkit-keyframes placeholderShimmer{0%{background-position:-1200px 0}100%{background-position:1200px 0}}@keyframes placeholderShimmer{0%{background-position:-1200px 0}100%{background-position:1200px 0}}.ui.placeholder+.ui.placeholder{margin-top:2rem}.ui.placeholder+.ui.placeholder{-webkit-animation-delay:.15s;animation-delay:.15s}.ui.placeholder+.ui.placeholder+.ui.placeholder{-webkit-animation-delay:.3s;animation-delay:.3s}.ui.placeholder+.ui.placeholder+.ui.placeholder+.ui.placeholder{-webkit-animation-delay:.45s;animation-delay:.45s}.ui.placeholder+.ui.placeholder+.ui.placeholder+.ui.placeholder+.ui.placeholder{-webkit-animation-delay:.6s;animation-delay:.6s}.ui.placeholder,.ui.placeholder .image.header:after,.ui.placeholder .line,.ui.placeholder .line:after,.ui.placeholder>:before{background-color:#fff}.ui.placeholder .image:not(.header):not(.ui){height:100px}.ui.placeholder .square.image:not(.header){height:0;overflow:hidden;padding-top:100%}.ui.placeholder .rectangular.image:not(.header){height:0;overflow:hidden;padding-top:75%}.ui.placeholder .line{position:relative;height:.85714286em}.ui.placeholder .line:after,.ui.placeholder .line:before{top:100%;position:absolute;content:'';background-color:inherit}.ui.placeholder .line:before{left:0}.ui.placeholder .line:after{right:0}.ui.placeholder .line{margin-bottom:.5em}.ui.placeholder .line:after,.ui.placeholder .line:before{height:.5em}.ui.placeholder .line:not(:first-child){margin-top:.5em}.ui.placeholder .header{position:relative;overflow:hidden}.ui.placeholder .line:nth-child(1):after{width:0%}.ui.placeholder .line:nth-child(2):after{width:50%}.ui.placeholder .line:nth-child(3):after{width:10%}.ui.placeholder .line:nth-child(4):after{width:35%}.ui.placeholder .line:nth-child(5):after{width:65%}.ui.placeholder .header .line{margin-bottom:.64285714em}.ui.placeholder .header .line:after,.ui.placeholder .header .line:before{height:.64285714em}.ui.placeholder .header .line:not(:first-child){margin-top:.64285714em}.ui.placeholder .header .line:after{width:20%}.ui.placeholder .header .line:nth-child(2):after{width:60%}.ui.placeholder .image.header .line{margin-left:3em}.ui.placeholder .image.header .line:before{width:.71428571rem}.ui.placeholder .image.header:after{display:block;height:.85714286em;content:'';margin-left:3em}.ui.placeholder .header .line:first-child,.ui.placeholder .image .line:first-child,.ui.placeholder .paragraph .line:first-child{height:.01px}.ui.placeholder .header:not(:first-child):before,.ui.placeholder .image:not(:first-child):before,.ui.placeholder .paragraph:not(:first-child):before{height:1.42857143em;content:'';display:block}.ui.inverted.placeholder{background-image:-webkit-gradient(linear,left top,right top,from(rgba(255,255,255,.08)),color-stop(15%,rgba(255,255,255,.14)),color-stop(30%,rgba(255,255,255,.08)));background-image:-webkit-linear-gradient(left,rgba(255,255,255,.08) 0,rgba(255,255,255,.14) 15%,rgba(255,255,255,.08) 30%);background-image:linear-gradient(to right,rgba(255,255,255,.08) 0,rgba(255,255,255,.14) 15%,rgba(255,255,255,.08) 30%)}.ui.inverted.placeholder,.ui.inverted.placeholder .image.header:after,.ui.inverted.placeholder .line,.ui.inverted.placeholder .line:after,.ui.inverted.placeholder>:before{background-color:#1b1c1d}.ui.placeholder .full.line.line.line:after{width:0%}.ui.placeholder .very.long.line.line.line:after{width:10%}.ui.placeholder .long.line.line.line:after{width:35%}.ui.placeholder .medium.line.line.line:after{width:50%}.ui.placeholder .short.line.line.line:after{width:65%}.ui.placeholder .very.short.line.line.line:after{width:80%}.ui.fluid.placeholder{max-width:none}/*!
- * # Semantic UI 2.4.0 - Rail
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.rail{position:absolute;top:0;width:300px;height:100%}.ui.left.rail{left:auto;right:100%;padding:0 2rem 0 0;margin:0 2rem 0 0}.ui.right.rail{left:100%;right:auto;padding:0 0 0 2rem;margin:0 0 0 2rem}.ui.left.internal.rail{left:0;right:auto;padding:0 0 0 2rem;margin:0 0 0 2rem}.ui.right.internal.rail{left:auto;right:0;padding:0 2rem 0 0;margin:0 2rem 0 0}.ui.dividing.rail{width:302.5px}.ui.left.dividing.rail{padding:0 2.5rem 0 0;margin:0 2.5rem 0 0;border-right:1px solid rgba(34,36,38,.15)}.ui.right.dividing.rail{border-left:1px solid rgba(34,36,38,.15);padding:0 0 0 2.5rem;margin:0 0 0 2.5rem}.ui.close.rail{width:calc(300px + 1em)}.ui.close.left.rail{padding:0 1em 0 0;margin:0 1em 0 0}.ui.close.right.rail{padding:0 0 0 1em;margin:0 0 0 1em}.ui.very.close.rail{width:calc(300px + .5em)}.ui.very.close.left.rail{padding:0 .5em 0 0;margin:0 .5em 0 0}.ui.very.close.right.rail{padding:0 0 0 .5em;margin:0 0 0 .5em}.ui.attached.left.rail,.ui.attached.right.rail{padding:0;margin:0}.ui.mini.rail{font-size:.78571429rem}.ui.tiny.rail{font-size:.85714286rem}.ui.small.rail{font-size:.92857143rem}.ui.rail{font-size:1rem}.ui.large.rail{font-size:1.14285714rem}.ui.big.rail{font-size:1.28571429rem}.ui.huge.rail{font-size:1.42857143rem}.ui.massive.rail{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - Reveal
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.reveal{display:inherit;position:relative!important;font-size:0!important}.ui.reveal>.visible.content{position:absolute!important;top:0!important;left:0!important;z-index:3!important;-webkit-transition:all .5s ease .1s;transition:all .5s ease .1s}.ui.reveal>.hidden.content{position:relative!important;z-index:2!important}.ui.active.reveal .visible.content,.ui.reveal:hover .visible.content{z-index:4!important}.ui.slide.reveal{position:relative!important;overflow:hidden!important;white-space:nowrap}.ui.slide.reveal>.content{display:block;width:100%;white-space:normal;float:left;margin:0;-webkit-transition:-webkit-transform .5s ease .1s;transition:-webkit-transform .5s ease .1s;transition:transform .5s ease .1s;transition:transform .5s ease .1s,-webkit-transform .5s ease .1s}.ui.slide.reveal>.visible.content{position:relative!important}.ui.slide.reveal>.hidden.content{position:absolute!important;left:0!important;width:100%!important;-webkit-transform:translateX(100%)!important;transform:translateX(100%)!important}.ui.slide.active.reveal>.visible.content,.ui.slide.reveal:hover>.visible.content{-webkit-transform:translateX(-100%)!important;transform:translateX(-100%)!important}.ui.slide.active.reveal>.hidden.content,.ui.slide.reveal:hover>.hidden.content{-webkit-transform:translateX(0)!important;transform:translateX(0)!important}.ui.slide.right.reveal>.visible.content{-webkit-transform:translateX(0)!important;transform:translateX(0)!important}.ui.slide.right.reveal>.hidden.content{-webkit-transform:translateX(-100%)!important;transform:translateX(-100%)!important}.ui.slide.right.active.reveal>.visible.content,.ui.slide.right.reveal:hover>.visible.content{-webkit-transform:translateX(100%)!important;transform:translateX(100%)!important}.ui.slide.right.active.reveal>.hidden.content,.ui.slide.right.reveal:hover>.hidden.content{-webkit-transform:translateX(0)!important;transform:translateX(0)!important}.ui.slide.up.reveal>.hidden.content{-webkit-transform:translateY(100%)!important;transform:translateY(100%)!important}.ui.slide.up.active.reveal>.visible.content,.ui.slide.up.reveal:hover>.visible.content{-webkit-transform:translateY(-100%)!important;transform:translateY(-100%)!important}.ui.slide.up.active.reveal>.hidden.content,.ui.slide.up.reveal:hover>.hidden.content{-webkit-transform:translateY(0)!important;transform:translateY(0)!important}.ui.slide.down.reveal>.hidden.content{-webkit-transform:translateY(-100%)!important;transform:translateY(-100%)!important}.ui.slide.down.active.reveal>.visible.content,.ui.slide.down.reveal:hover>.visible.content{-webkit-transform:translateY(100%)!important;transform:translateY(100%)!important}.ui.slide.down.active.reveal>.hidden.content,.ui.slide.down.reveal:hover>.hidden.content{-webkit-transform:translateY(0)!important;transform:translateY(0)!important}.ui.fade.reveal>.visible.content{opacity:1}.ui.fade.active.reveal>.visible.content,.ui.fade.reveal:hover>.visible.content{opacity:0}.ui.move.reveal{position:relative!important;overflow:hidden!important;white-space:nowrap}.ui.move.reveal>.content{display:block;float:left;white-space:normal;margin:0;-webkit-transition:-webkit-transform .5s cubic-bezier(.175,.885,.32,1) .1s;transition:-webkit-transform .5s cubic-bezier(.175,.885,.32,1) .1s;transition:transform .5s cubic-bezier(.175,.885,.32,1) .1s;transition:transform .5s cubic-bezier(.175,.885,.32,1) .1s,-webkit-transform .5s cubic-bezier(.175,.885,.32,1) .1s}.ui.move.reveal>.visible.content{position:relative!important}.ui.move.reveal>.hidden.content{position:absolute!important;left:0!important;width:100%!important}.ui.move.active.reveal>.visible.content,.ui.move.reveal:hover>.visible.content{-webkit-transform:translateX(-100%)!important;transform:translateX(-100%)!important}.ui.move.right.active.reveal>.visible.content,.ui.move.right.reveal:hover>.visible.content{-webkit-transform:translateX(100%)!important;transform:translateX(100%)!important}.ui.move.up.active.reveal>.visible.content,.ui.move.up.reveal:hover>.visible.content{-webkit-transform:translateY(-100%)!important;transform:translateY(-100%)!important}.ui.move.down.active.reveal>.visible.content,.ui.move.down.reveal:hover>.visible.content{-webkit-transform:translateY(100%)!important;transform:translateY(100%)!important}.ui.rotate.reveal>.visible.content{-webkit-transition-duration:.5s;transition-duration:.5s;-webkit-transform:rotate(0);transform:rotate(0)}.ui.rotate.reveal>.visible.content,.ui.rotate.right.reveal>.visible.content{-webkit-transform-origin:bottom right;transform-origin:bottom right}.ui.rotate.active.reveal>.visible.content,.ui.rotate.reveal:hover>.visible.content,.ui.rotate.right.active.reveal>.visible.content,.ui.rotate.right.reveal:hover>.visible.content{-webkit-transform:rotate(110deg);transform:rotate(110deg)}.ui.rotate.left.reveal>.visible.content{-webkit-transform-origin:bottom left;transform-origin:bottom left}.ui.rotate.left.active.reveal>.visible.content,.ui.rotate.left.reveal:hover>.visible.content{-webkit-transform:rotate(-110deg);transform:rotate(-110deg)}.ui.disabled.reveal:hover>.visible.visible.content{position:static!important;display:block!important;opacity:1!important;top:0!important;left:0!important;right:auto!important;bottom:auto!important;-webkit-transform:none!important;transform:none!important}.ui.disabled.reveal:hover>.hidden.hidden.content{display:none!important}.ui.reveal>.ui.ribbon.label{z-index:5}.ui.visible.reveal{overflow:visible}.ui.instant.reveal>.content{-webkit-transition-delay:0s!important;transition-delay:0s!important}.ui.reveal>.content{font-size:1rem!important}/*!
- * # Semantic UI 2.4.0 - Segment
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.segment{position:relative;background:#fff;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15);margin:1rem 0;padding:1em 1em;border-radius:.28571429rem;border:1px solid rgba(34,36,38,.15)}.ui.segment:first-child{margin-top:0}.ui.segment:last-child{margin-bottom:0}.ui.vertical.segment{margin:0;padding-left:0;padding-right:0;background:none transparent;border-radius:0;-webkit-box-shadow:none;box-shadow:none;border:none;border-bottom:1px solid rgba(34,36,38,.15)}.ui.vertical.segment:last-child{border-bottom:none}.ui.inverted.segment>.ui.header{color:#fff}.ui[class*="bottom attached"].segment>[class*="top attached"].label{border-top-left-radius:0;border-top-right-radius:0}.ui[class*="top attached"].segment>[class*="bottom attached"].label{border-bottom-left-radius:0;border-bottom-right-radius:0}.ui.attached.segment:not(.top):not(.bottom)>[class*="top attached"].label{border-top-left-radius:0;border-top-right-radius:0}.ui.attached.segment:not(.top):not(.bottom)>[class*="bottom attached"].label{border-bottom-left-radius:0;border-bottom-right-radius:0}.ui.grid>.row>.ui.segment.column,.ui.grid>.ui.segment.column,.ui.page.grid.segment{padding-top:2em;padding-bottom:2em}.ui.grid.segment{margin:1rem 0;border-radius:.28571429rem}.ui.basic.table.segment{background:#fff;border:1px solid rgba(34,36,38,.15);-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15)}.ui[class*="very basic"].table.segment{padding:1em 1em}.ui.placeholder.segment{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;max-width:initial;-webkit-animation:none;animation:none;overflow:visible;padding:1em 1em;min-height:18rem;background:#f9fafb;border-color:rgba(34,36,38,.15);-webkit-box-shadow:0 2px 25px 0 rgba(34,36,38,.05) inset;box-shadow:0 2px 25px 0 rgba(34,36,38,.05) inset}.ui.placeholder.segment .button,.ui.placeholder.segment textarea{display:block}.ui.placeholder.segment .button,.ui.placeholder.segment .field,.ui.placeholder.segment textarea,.ui.placeholder.segment>.ui.input{max-width:15rem;margin-left:auto;margin-right:auto}.ui.placeholder.segment .column .button,.ui.placeholder.segment .column .field,.ui.placeholder.segment .column textarea,.ui.placeholder.segment .column>.ui.input{max-width:15rem;margin-left:auto;margin-right:auto}.ui.placeholder.segment>.inline{-ms-flex-item-align:center;align-self:center}.ui.placeholder.segment>.inline>.button{display:inline-block;width:auto;margin:0 .35714286rem 0 0}.ui.placeholder.segment>.inline>.button:last-child{margin-right:0}.ui.piled.segment,.ui.piled.segments{margin:3em 0;-webkit-box-shadow:'';box-shadow:'';z-index:auto}.ui.piled.segment:first-child{margin-top:0}.ui.piled.segment:last-child{margin-bottom:0}.ui.piled.segment:after,.ui.piled.segment:before,.ui.piled.segments:after,.ui.piled.segments:before{background-color:#fff;visibility:visible;content:'';display:block;height:100%;left:0;position:absolute;width:100%;border:1px solid rgba(34,36,38,.15);-webkit-box-shadow:'';box-shadow:''}.ui.piled.segment:before,.ui.piled.segments:before{-webkit-transform:rotate(-1.2deg);transform:rotate(-1.2deg);top:0;z-index:-2}.ui.piled.segment:after,.ui.piled.segments:after{-webkit-transform:rotate(1.2deg);transform:rotate(1.2deg);top:0;z-index:-1}.ui[class*="top attached"].piled.segment{margin-top:3em;margin-bottom:0}.ui.piled.segment[class*="top attached"]:first-child{margin-top:0}.ui.piled.segment[class*="bottom attached"]{margin-top:0;margin-bottom:3em}.ui.piled.segment[class*="bottom attached"]:last-child{margin-bottom:0}.ui.stacked.segment{padding-bottom:1.4em}.ui.stacked.segment:after,.ui.stacked.segment:before,.ui.stacked.segments:after,.ui.stacked.segments:before{content:'';position:absolute;bottom:-3px;left:0;border-top:1px solid rgba(34,36,38,.15);background:rgba(0,0,0,.03);width:100%;height:6px;visibility:visible}.ui.stacked.segment:before,.ui.stacked.segments:before{display:none}.ui.tall.stacked.segment:before,.ui.tall.stacked.segments:before{display:block;bottom:0}.ui.stacked.inverted.segment:after,.ui.stacked.inverted.segment:before,.ui.stacked.inverted.segments:after,.ui.stacked.inverted.segments:before{background-color:rgba(0,0,0,.03);border-top:1px solid rgba(34,36,38,.35)}.ui.padded.segment{padding:1.5em}.ui[class*="very padded"].segment{padding:3em}.ui.padded.segment.vertical.segment,.ui[class*="very padded"].vertical.segment{padding-left:0;padding-right:0}.ui.compact.segment{display:table}.ui.compact.segments{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}.ui.compact.segments .segment,.ui.segments .compact.segment{display:block;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto}.ui.circular.segment{display:table-cell;padding:2em;text-align:center;vertical-align:middle;border-radius:500em}.ui.raised.segment,.ui.raised.segments{-webkit-box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)}.ui.segments{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;position:relative;margin:1rem 0;border:1px solid rgba(34,36,38,.15);-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15);border-radius:.28571429rem}.ui.segments:first-child{margin-top:0}.ui.segments:last-child{margin-bottom:0}.ui.segments>.segment{top:0;bottom:0;border-radius:0;margin:0;width:auto;-webkit-box-shadow:none;box-shadow:none;border:none;border-top:1px solid rgba(34,36,38,.15)}.ui.segments:not(.horizontal)>.segment:first-child{border-top:none;margin-top:0;bottom:0;margin-bottom:0;top:0;border-radius:.28571429rem .28571429rem 0 0}.ui.segments:not(.horizontal)>.segment:last-child{top:0;bottom:0;margin-top:0;margin-bottom:0;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),none;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),none;border-radius:0 0 .28571429rem .28571429rem}.ui.segments:not(.horizontal)>.segment:only-child{border-radius:.28571429rem}.ui.segments>.ui.segments{border-top:1px solid rgba(34,36,38,.15);margin:1rem 1rem}.ui.segments>.segments:first-child{border-top:none}.ui.segments>.segment+.segments:not(.horizontal){margin-top:0}.ui.horizontal.segments{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;background-color:transparent;border-radius:0;padding:0;background-color:#fff;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15);margin:1rem 0;border-radius:.28571429rem;border:1px solid rgba(34,36,38,.15)}.ui.segments>.horizontal.segments{margin:0;background-color:transparent;border-radius:0;border:none;-webkit-box-shadow:none;box-shadow:none;border-top:1px solid rgba(34,36,38,.15)}.ui.horizontal.segments>.segment{-webkit-box-flex:1;flex:1 1 auto;-ms-flex:1 1 0px;margin:0;min-width:0;background-color:transparent;border-radius:0;border:none;-webkit-box-shadow:none;box-shadow:none;border-left:1px solid rgba(34,36,38,.15)}.ui.segments>.horizontal.segments:first-child{border-top:none}.ui.horizontal.segments>.segment:first-child{border-left:none}.ui.disabled.segment{opacity:.45;color:rgba(40,40,40,.3)}.ui.loading.segment{position:relative;cursor:default;pointer-events:none;text-shadow:none!important;color:transparent!important;-webkit-transition:all 0s linear;transition:all 0s linear}.ui.loading.segment:before{position:absolute;content:'';top:0;left:0;background:rgba(255,255,255,.8);width:100%;height:100%;border-radius:.28571429rem;z-index:100}.ui.loading.segment:after{position:absolute;content:'';top:50%;left:50%;margin:-1.5em 0 0 -1.5em;width:3em;height:3em;-webkit-animation:segment-spin .6s linear;animation:segment-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.1);border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent;visibility:visible;z-index:101}@-webkit-keyframes segment-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes segment-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.ui.basic.segment{background:none transparent;-webkit-box-shadow:none;box-shadow:none;border:none;border-radius:0}.ui.clearing.segment:after{content:".";display:block;height:0;clear:both;visibility:hidden}.ui.red.segment:not(.inverted){border-top:2px solid #db2828!important}.ui.inverted.red.segment{background-color:#db2828!important;color:#fff!important}.ui.orange.segment:not(.inverted){border-top:2px solid #f2711c!important}.ui.inverted.orange.segment{background-color:#f2711c!important;color:#fff!important}.ui.yellow.segment:not(.inverted){border-top:2px solid #fbbd08!important}.ui.inverted.yellow.segment{background-color:#fbbd08!important;color:#fff!important}.ui.olive.segment:not(.inverted){border-top:2px solid #b5cc18!important}.ui.inverted.olive.segment{background-color:#b5cc18!important;color:#fff!important}.ui.green.segment:not(.inverted){border-top:2px solid #21ba45!important}.ui.inverted.green.segment{background-color:#21ba45!important;color:#fff!important}.ui.teal.segment:not(.inverted){border-top:2px solid #00b5ad!important}.ui.inverted.teal.segment{background-color:#00b5ad!important;color:#fff!important}.ui.blue.segment:not(.inverted){border-top:2px solid #2185d0!important}.ui.inverted.blue.segment{background-color:#2185d0!important;color:#fff!important}.ui.violet.segment:not(.inverted){border-top:2px solid #6435c9!important}.ui.inverted.violet.segment{background-color:#6435c9!important;color:#fff!important}.ui.purple.segment:not(.inverted){border-top:2px solid #a333c8!important}.ui.inverted.purple.segment{background-color:#a333c8!important;color:#fff!important}.ui.pink.segment:not(.inverted){border-top:2px solid #e03997!important}.ui.inverted.pink.segment{background-color:#e03997!important;color:#fff!important}.ui.brown.segment:not(.inverted){border-top:2px solid #a5673f!important}.ui.inverted.brown.segment{background-color:#a5673f!important;color:#fff!important}.ui.grey.segment:not(.inverted){border-top:2px solid #767676!important}.ui.inverted.grey.segment{background-color:#767676!important;color:#fff!important}.ui.black.segment:not(.inverted){border-top:2px solid #1b1c1d!important}.ui.inverted.black.segment{background-color:#1b1c1d!important;color:#fff!important}.ui[class*="left aligned"].segment{text-align:left}.ui[class*="right aligned"].segment{text-align:right}.ui[class*="center aligned"].segment{text-align:center}.ui.floated.segment,.ui[class*="left floated"].segment{float:left;margin-right:1em}.ui[class*="right floated"].segment{float:right;margin-left:1em}.ui.inverted.segment{border:none;-webkit-box-shadow:none;box-shadow:none}.ui.inverted.segment,.ui.primary.inverted.segment{background:#1b1c1d;color:rgba(255,255,255,.9)}.ui.inverted.segment .segment{color:rgba(0,0,0,.87)}.ui.inverted.segment .inverted.segment{color:rgba(255,255,255,.9)}.ui.inverted.attached.segment{border-color:#555}.ui.secondary.segment{background:#f3f4f5;color:rgba(0,0,0,.6)}.ui.secondary.inverted.segment{background:#4c4f52 -webkit-gradient(linear,left top,left bottom,from(rgba(255,255,255,.2)),to(rgba(255,255,255,.2)));background:#4c4f52 -webkit-linear-gradient(rgba(255,255,255,.2) 0,rgba(255,255,255,.2) 100%);background:#4c4f52 linear-gradient(rgba(255,255,255,.2) 0,rgba(255,255,255,.2) 100%);color:rgba(255,255,255,.8)}.ui.tertiary.segment{background:#dcddde;color:rgba(0,0,0,.6)}.ui.tertiary.inverted.segment{background:#717579 -webkit-gradient(linear,left top,left bottom,from(rgba(255,255,255,.35)),to(rgba(255,255,255,.35)));background:#717579 -webkit-linear-gradient(rgba(255,255,255,.35) 0,rgba(255,255,255,.35) 100%);background:#717579 linear-gradient(rgba(255,255,255,.35) 0,rgba(255,255,255,.35) 100%);color:rgba(255,255,255,.8)}.ui.attached.segment{top:0;bottom:0;border-radius:0;margin:0 -1px;width:calc(100% + 2px);max-width:calc(100% + 2px);-webkit-box-shadow:none;box-shadow:none;border:1px solid #d4d4d5}.ui.attached:not(.message)+.ui.attached.segment:not(.top){border-top:none}.ui[class*="top attached"].segment{bottom:0;margin-bottom:0;top:0;margin-top:1rem;border-radius:.28571429rem .28571429rem 0 0}.ui.segment[class*="top attached"]:first-child{margin-top:0}.ui.segment[class*="bottom attached"]{bottom:0;margin-top:0;top:0;margin-bottom:1rem;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),none;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),none;border-radius:0 0 .28571429rem .28571429rem}.ui.segment[class*="bottom attached"]:last-child{margin-bottom:0}.ui.mini.segment,.ui.mini.segments .segment{font-size:.78571429rem}.ui.tiny.segment,.ui.tiny.segments .segment{font-size:.85714286rem}.ui.small.segment,.ui.small.segments .segment{font-size:.92857143rem}.ui.segment,.ui.segments .segment{font-size:1rem}.ui.large.segment,.ui.large.segments .segment{font-size:1.14285714rem}.ui.big.segment,.ui.big.segments .segment{font-size:1.28571429rem}.ui.huge.segment,.ui.huge.segments .segment{font-size:1.42857143rem}.ui.massive.segment,.ui.massive.segments .segment{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - Step
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.steps{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;margin:1em 0;background:'';-webkit-box-shadow:none;box-shadow:none;line-height:1.14285714em;border-radius:.28571429rem;border:1px solid rgba(34,36,38,.15)}.ui.steps:first-child{margin-top:0}.ui.steps:last-child{margin-bottom:0}.ui.steps .step{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;vertical-align:middle;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;margin:0 0;padding:1.14285714em 2em;background:#fff;color:rgba(0,0,0,.87);-webkit-box-shadow:none;box-shadow:none;border-radius:0;border:none;border-right:1px solid rgba(34,36,38,.15);-webkit-transition:background-color .1s ease,opacity .1s ease,color .1s ease,-webkit-box-shadow .1s ease;transition:background-color .1s ease,opacity .1s ease,color .1s ease,-webkit-box-shadow .1s ease;transition:background-color .1s ease,opacity .1s ease,color .1s ease,box-shadow .1s ease;transition:background-color .1s ease,opacity .1s ease,color .1s ease,box-shadow .1s ease,-webkit-box-shadow .1s ease}.ui.steps .step:after{display:none;position:absolute;z-index:2;content:'';top:50%;right:0;border:medium none;background-color:#fff;width:1.14285714em;height:1.14285714em;border-style:solid;border-color:rgba(34,36,38,.15);border-width:0 1px 1px 0;-webkit-transition:background-color .1s ease,opacity .1s ease,color .1s ease,-webkit-box-shadow .1s ease;transition:background-color .1s ease,opacity .1s ease,color .1s ease,-webkit-box-shadow .1s ease;transition:background-color .1s ease,opacity .1s ease,color .1s ease,box-shadow .1s ease;transition:background-color .1s ease,opacity .1s ease,color .1s ease,box-shadow .1s ease,-webkit-box-shadow .1s ease;-webkit-transform:translateY(-50%) translateX(50%) rotate(-45deg);transform:translateY(-50%) translateX(50%) rotate(-45deg)}.ui.steps .step:first-child{padding-left:2em;border-radius:.28571429rem 0 0 .28571429rem}.ui.steps .step:last-child{border-radius:0 .28571429rem .28571429rem 0}.ui.steps .step:last-child{border-right:none;margin-right:0}.ui.steps .step:only-child{border-radius:.28571429rem}.ui.steps .step .title{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:1.14285714em;font-weight:700}.ui.steps .step>.title{width:100%}.ui.steps .step .description{font-weight:400;font-size:.92857143em;color:rgba(0,0,0,.87)}.ui.steps .step>.description{width:100%}.ui.steps .step .title~.description{margin-top:.25em}.ui.steps .step>.icon{line-height:1;font-size:2.5em;margin:0 1rem 0 0}.ui.steps .step>.icon,.ui.steps .step>.icon~.content{display:block;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;-ms-flex-item-align:middle;align-self:middle}.ui.steps .step>.icon~.content{-webkit-box-flex:1 0 auto;-ms-flex-positive:1 0 auto;flex-grow:1 0 auto}.ui.steps:not(.vertical) .step>.icon{width:auto}.ui.steps .link.step,.ui.steps a.step{cursor:pointer}.ui.ordered.steps{counter-reset:ordered}.ui.ordered.steps .step:before{display:block;position:static;text-align:center;content:counters(ordered, ".");-ms-flex-item-align:middle;align-self:middle;margin-right:1rem;font-size:2.5em;counter-increment:ordered;font-family:inherit;font-weight:700}.ui.ordered.steps .step>*{display:block;-ms-flex-item-align:middle;align-self:middle}.ui.vertical.steps{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;overflow:visible}.ui.vertical.steps .step{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start;border-radius:0;padding:1.14285714em 2em;border-right:none;border-bottom:1px solid rgba(34,36,38,.15)}.ui.vertical.steps .step:first-child{padding:1.14285714em 2em;border-radius:.28571429rem .28571429rem 0 0}.ui.vertical.steps .step:last-child{border-bottom:none;border-radius:0 0 .28571429rem .28571429rem}.ui.vertical.steps .step:only-child{border-radius:.28571429rem}.ui.vertical.steps .step:after{display:none}.ui.vertical.steps .step:after{top:50%;right:0;border-width:0 1px 1px 0}.ui.vertical.steps .step:after{display:none}.ui.vertical.steps .active.step:after{display:block}.ui.vertical.steps .step:last-child:after{display:none}.ui.vertical.steps .active.step:last-child:after{display:block}@media only screen and (max-width:767px){.ui.steps:not(.unstackable){display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;overflow:visible;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui.steps:not(.unstackable) .step{width:100%!important;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;border-radius:0;padding:1.14285714em 2em}.ui.steps:not(.unstackable) .step:first-child{padding:1.14285714em 2em;border-radius:.28571429rem .28571429rem 0 0}.ui.steps:not(.unstackable) .step:last-child{border-radius:0 0 .28571429rem .28571429rem}.ui.steps:not(.unstackable) .step:after{display:none!important}.ui.steps:not(.unstackable) .step .content{text-align:center}.ui.ordered.steps:not(.unstackable) .step:before,.ui.steps:not(.unstackable) .step>.icon{margin:0 0 1rem 0}}.ui.steps .link.step:hover,.ui.steps .link.step:hover::after,.ui.steps a.step:hover,.ui.steps a.step:hover::after{background:#f9fafb;color:rgba(0,0,0,.8)}.ui.steps .link.step:active,.ui.steps .link.step:active::after,.ui.steps a.step:active,.ui.steps a.step:active::after{background:#f3f4f5;color:rgba(0,0,0,.9)}.ui.steps .step.active{cursor:auto;background:#f3f4f5}.ui.steps .step.active:after{background:#f3f4f5}.ui.steps .step.active .title{color:#4183c4}.ui.ordered.steps .step.active:before,.ui.steps .active.step .icon{color:rgba(0,0,0,.85)}.ui.steps .step:after{display:block}.ui.steps .active.step:after{display:block}.ui.steps .step:last-child:after{display:none}.ui.steps .active.step:last-child:after{display:none}.ui.steps .link.active.step:hover,.ui.steps .link.active.step:hover::after,.ui.steps a.active.step:hover,.ui.steps a.active.step:hover::after{cursor:pointer;background:#dcddde;color:rgba(0,0,0,.87)}.ui.ordered.steps .step.completed:before,.ui.steps .step.completed>.icon:before{color:#21ba45}.ui.steps .disabled.step{cursor:auto;background:#fff;pointer-events:none}.ui.steps .disabled.step,.ui.steps .disabled.step .description,.ui.steps .disabled.step .title{color:rgba(40,40,40,.3)}.ui.steps .disabled.step:after{background:#fff}@media only screen and (max-width:991px){.ui[class*="tablet stackable"].steps{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;overflow:visible;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui[class*="tablet stackable"].steps .step{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;border-radius:0;padding:1.14285714em 2em}.ui[class*="tablet stackable"].steps .step:first-child{padding:1.14285714em 2em;border-radius:.28571429rem .28571429rem 0 0}.ui[class*="tablet stackable"].steps .step:last-child{border-radius:0 0 .28571429rem .28571429rem}.ui[class*="tablet stackable"].steps .step:after{display:none!important}.ui[class*="tablet stackable"].steps .step .content{text-align:center}.ui[class*="tablet stackable"].ordered.steps .step:before,.ui[class*="tablet stackable"].steps .step>.icon{margin:0 0 1rem 0}}.ui.fluid.steps{display:-webkit-box;display:-ms-flexbox;display:flex;width:100%}.ui.attached.steps{width:calc(100% + 2px)!important;margin:0 -1px 0;max-width:calc(100% + 2px);border-radius:.28571429rem .28571429rem 0 0}.ui.attached.steps .step:first-child{border-radius:.28571429rem 0 0 0}.ui.attached.steps .step:last-child{border-radius:0 .28571429rem 0 0}.ui.bottom.attached.steps{margin:0 -1px 0;border-radius:0 0 .28571429rem .28571429rem}.ui.bottom.attached.steps .step:first-child{border-radius:0 0 0 .28571429rem}.ui.bottom.attached.steps .step:last-child{border-radius:0 0 .28571429rem 0}.ui.eight.steps,.ui.five.steps,.ui.four.steps,.ui.one.steps,.ui.seven.steps,.ui.six.steps,.ui.three.steps,.ui.two.steps{width:100%}.ui.eight.steps>.step,.ui.five.steps>.step,.ui.four.steps>.step,.ui.one.steps>.step,.ui.seven.steps>.step,.ui.six.steps>.step,.ui.three.steps>.step,.ui.two.steps>.step{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.ui.one.steps>.step{width:100%}.ui.two.steps>.step{width:50%}.ui.three.steps>.step{width:33.333%}.ui.four.steps>.step{width:25%}.ui.five.steps>.step{width:20%}.ui.six.steps>.step{width:16.666%}.ui.seven.steps>.step{width:14.285%}.ui.eight.steps>.step{width:12.5%}.ui.mini.step,.ui.mini.steps .step{font-size:.78571429rem}.ui.tiny.step,.ui.tiny.steps .step{font-size:.85714286rem}.ui.small.step,.ui.small.steps .step{font-size:.92857143rem}.ui.step,.ui.steps .step{font-size:1rem}.ui.large.step,.ui.large.steps .step{font-size:1.14285714rem}.ui.big.step,.ui.big.steps .step{font-size:1.28571429rem}.ui.huge.step,.ui.huge.steps .step{font-size:1.42857143rem}.ui.massive.step,.ui.massive.steps .step{font-size:1.71428571rem}@font-face{font-family:Step;src:url(data:application/x-font-ttf;charset=utf-8;base64,AAEAAAAOAIAAAwBgT1MvMj3hSQEAAADsAAAAVmNtYXDQEhm3AAABRAAAAUpjdnQgBkn/lAAABuwAAAAcZnBnbYoKeDsAAAcIAAAJkWdhc3AAAAAQAAAG5AAAAAhnbHlm32cEdgAAApAAAAC2aGVhZAErPHsAAANIAAAANmhoZWEHUwNNAAADgAAAACRobXR4CykAAAAAA6QAAAAMbG9jYQA4AFsAAAOwAAAACG1heHAApgm8AAADuAAAACBuYW1lzJ0aHAAAA9gAAALNcG9zdK69QJgAAAaoAAAAO3ByZXCSoZr/AAAQnAAAAFYAAQO4AZAABQAIAnoCvAAAAIwCegK8AAAB4AAxAQIAAAIABQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUGZFZABA6ADoAQNS/2oAWgMLAE8AAAABAAAAAAAAAAAAAwAAAAMAAAAcAAEAAAAAAEQAAwABAAAAHAAEACgAAAAGAAQAAQACAADoAf//AAAAAOgA//8AABgBAAEAAAAAAAAAAAEGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAADpAKYABUAHEAZDwEAAQFCAAIBAmoAAQABagAAAGEUFxQDEisBFAcBBiInASY0PwE2Mh8BATYyHwEWA6QP/iAQLBD+6g8PTBAsEKQBbhAsEEwPAhYWEP4gDw8BFhAsEEwQEKUBbxAQTBAAAAH//f+xA18DCwAMABJADwABAQpDAAAACwBEFRMCESsBFA4BIi4CPgEyHgEDWXLG6MhuBnq89Lp+AV51xHR0xOrEdHTEAAAAAAEAAAABAADDeRpdXw889QALA+gAAAAAzzWYjQAAAADPNWBN//3/sQOkAwsAAAAIAAIAAAAAAAAAAQAAA1L/agBaA+gAAP/3A6QAAQAAAAAAAAAAAAAAAAAAAAMD6AAAA+gAAANZAAAAAAAAADgAWwABAAAAAwAWAAEAAAAAAAIABgATAG4AAAAtCZEAAAAAAAAAEgDeAAEAAAAAAAAANQAAAAEAAAAAAAEACAA1AAEAAAAAAAIABwA9AAEAAAAAAAMACABEAAEAAAAAAAQACABMAAEAAAAAAAUACwBUAAEAAAAAAAYACABfAAEAAAAAAAoAKwBnAAEAAAAAAAsAEwCSAAMAAQQJAAAAagClAAMAAQQJAAEAEAEPAAMAAQQJAAIADgEfAAMAAQQJAAMAEAEtAAMAAQQJAAQAEAE9AAMAAQQJAAUAFgFNAAMAAQQJAAYAEAFjAAMAAQQJAAoAVgFzAAMAAQQJAAsAJgHJQ29weXJpZ2h0IChDKSAyMDE0IGJ5IG9yaWdpbmFsIGF1dGhvcnMgQCBmb250ZWxsby5jb21mb250ZWxsb1JlZ3VsYXJmb250ZWxsb2ZvbnRlbGxvVmVyc2lvbiAxLjBmb250ZWxsb0dlbmVyYXRlZCBieSBzdmcydHRmIGZyb20gRm9udGVsbG8gcHJvamVjdC5odHRwOi8vZm9udGVsbG8uY29tAEMAbwBwAHkAcgBpAGcAaAB0ACAAKABDACkAIAAyADAAMQA0ACAAYgB5ACAAbwByAGkAZwBpAG4AYQBsACAAYQB1AHQAaABvAHIAcwAgAEAAIABmAG8AbgB0AGUAbABsAG8ALgBjAG8AbQBmAG8AbgB0AGUAbABsAG8AUgBlAGcAdQBsAGEAcgBmAG8AbgB0AGUAbABsAG8AZgBvAG4AdABlAGwAbABvAFYAZQByAHMAaQBvAG4AIAAxAC4AMABmAG8AbgB0AGUAbABsAG8ARwBlAG4AZQByAGEAdABlAGQAIABiAHkAIABzAHYAZwAyAHQAdABmACAAZgByAG8AbQAgAEYAbwBuAHQAZQBsAGwAbwAgAHAAcgBvAGoAZQBjAHQALgBoAHQAdABwADoALwAvAGYAbwBuAHQAZQBsAGwAbwAuAGMAbwBtAAAAAAIAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAQIBAwljaGVja21hcmsGY2lyY2xlAAAAAAEAAf//AA8AAAAAAAAAAAAAAAAAAAAAADIAMgML/7EDC/+xsAAssCBgZi2wASwgZCCwwFCwBCZasARFW1ghIyEbilggsFBQWCGwQFkbILA4UFghsDhZWSCwCkVhZLAoUFghsApFILAwUFghsDBZGyCwwFBYIGYgiophILAKUFhgGyCwIFBYIbAKYBsgsDZQWCGwNmAbYFlZWRuwACtZWSOwAFBYZVlZLbACLCBFILAEJWFkILAFQ1BYsAUjQrAGI0IbISFZsAFgLbADLCMhIyEgZLEFYkIgsAYjQrIKAAIqISCwBkMgiiCKsAArsTAFJYpRWGBQG2FSWVgjWSEgsEBTWLAAKxshsEBZI7AAUFhlWS2wBCywB0MrsgACAENgQi2wBSywByNCIyCwACNCYbCAYrABYLAEKi2wBiwgIEUgsAJFY7ABRWJgRLABYC2wBywgIEUgsAArI7ECBCVgIEWKI2EgZCCwIFBYIbAAG7AwUFiwIBuwQFlZI7AAUFhlWbADJSNhRESwAWAtsAgssQUFRbABYUQtsAkssAFgICCwCUNKsABQWCCwCSNCWbAKQ0qwAFJYILAKI0JZLbAKLCC4BABiILgEAGOKI2GwC0NgIIpgILALI0IjLbALLEtUWLEHAURZJLANZSN4LbAMLEtRWEtTWLEHAURZGyFZJLATZSN4LbANLLEADENVWLEMDEOwAWFCsAorWbAAQ7ACJUKxCQIlQrEKAiVCsAEWIyCwAyVQWLEBAENgsAQlQoqKIIojYbAJKiEjsAFhIIojYbAJKiEbsQEAQ2CwAiVCsAIlYbAJKiFZsAlDR7AKQ0dgsIBiILACRWOwAUViYLEAABMjRLABQ7AAPrIBAQFDYEItsA4ssQAFRVRYALAMI0IgYLABYbUNDQEACwBCQopgsQ0FK7BtKxsiWS2wDyyxAA4rLbAQLLEBDistsBEssQIOKy2wEiyxAw4rLbATLLEEDistsBQssQUOKy2wFSyxBg4rLbAWLLEHDistsBcssQgOKy2wGCyxCQ4rLbAZLLAIK7EABUVUWACwDCNCIGCwAWG1DQ0BAAsAQkKKYLENBSuwbSsbIlktsBossQAZKy2wGyyxARkrLbAcLLECGSstsB0ssQMZKy2wHiyxBBkrLbAfLLEFGSstsCAssQYZKy2wISyxBxkrLbAiLLEIGSstsCMssQkZKy2wJCwgPLABYC2wJSwgYLANYCBDI7ABYEOwAiVhsAFgsCQqIS2wJiywJSuwJSotsCcsICBHICCwAkVjsAFFYmAjYTgjIIpVWCBHICCwAkVjsAFFYmAjYTgbIVktsCgssQAFRVRYALABFrAnKrABFTAbIlktsCkssAgrsQAFRVRYALABFrAnKrABFTAbIlktsCosIDWwAWAtsCssALADRWOwAUVisAArsAJFY7ABRWKwACuwABa0AAAAAABEPiM4sSoBFSotsCwsIDwgRyCwAkVjsAFFYmCwAENhOC2wLSwuFzwtsC4sIDwgRyCwAkVjsAFFYmCwAENhsAFDYzgtsC8ssQIAFiUgLiBHsAAjQrACJUmKikcjRyNhIFhiGyFZsAEjQrIuAQEVFCotsDAssAAWsAQlsAQlRyNHI2GwBkUrZYouIyAgPIo4LbAxLLAAFrAEJbAEJSAuRyNHI2EgsAQjQrAGRSsgsGBQWCCwQFFYswIgAyAbswImAxpZQkIjILAIQyCKI0cjRyNhI0ZgsARDsIBiYCCwACsgiophILACQ2BkI7ADQ2FkUFiwAkNhG7ADQ2BZsAMlsIBiYSMgILAEJiNGYTgbI7AIQ0awAiWwCENHI0cjYWAgsARDsIBiYCMgsAArI7AEQ2CwACuwBSVhsAUlsIBisAQmYSCwBCVgZCOwAyVgZFBYIRsjIVkjICCwBCYjRmE4WS2wMiywABYgICCwBSYgLkcjRyNhIzw4LbAzLLAAFiCwCCNCICAgRiNHsAArI2E4LbA0LLAAFrADJbACJUcjRyNhsABUWC4gPCMhG7ACJbACJUcjRyNhILAFJbAEJUcjRyNhsAYlsAUlSbACJWGwAUVjIyBYYhshWWOwAUViYCMuIyAgPIo4IyFZLbA1LLAAFiCwCEMgLkcjRyNhIGCwIGBmsIBiIyAgPIo4LbA2LCMgLkawAiVGUlggPFkusSYBFCstsDcsIyAuRrACJUZQWCA8WS6xJgEUKy2wOCwjIC5GsAIlRlJYIDxZIyAuRrACJUZQWCA8WS6xJgEUKy2wOSywMCsjIC5GsAIlRlJYIDxZLrEmARQrLbA6LLAxK4ogIDywBCNCijgjIC5GsAIlRlJYIDxZLrEmARQrsARDLrAmKy2wOyywABawBCWwBCYgLkcjRyNhsAZFKyMgPCAuIzixJgEUKy2wPCyxCAQlQrAAFrAEJbAEJSAuRyNHI2EgsAQjQrAGRSsgsGBQWCCwQFFYswIgAyAbswImAxpZQkIjIEewBEOwgGJgILAAKyCKimEgsAJDYGQjsANDYWRQWLACQ2EbsANDYFmwAyWwgGJhsAIlRmE4IyA8IzgbISAgRiNHsAArI2E4IVmxJgEUKy2wPSywMCsusSYBFCstsD4ssDErISMgIDywBCNCIzixJgEUK7AEQy6wJistsD8ssAAVIEewACNCsgABARUUEy6wLCotsEAssAAVIEewACNCsgABARUUEy6wLCotsEEssQABFBOwLSotsEIssC8qLbBDLLAAFkUjIC4gRoojYTixJgEUKy2wRCywCCNCsEMrLbBFLLIAADwrLbBGLLIAATwrLbBHLLIBADwrLbBILLIBATwrLbBJLLIAAD0rLbBKLLIAAT0rLbBLLLIBAD0rLbBMLLIBAT0rLbBNLLIAADkrLbBOLLIAATkrLbBPLLIBADkrLbBQLLIBATkrLbBRLLIAADsrLbBSLLIAATsrLbBTLLIBADsrLbBULLIBATsrLbBVLLIAAD4rLbBWLLIAAT4rLbBXLLIBAD4rLbBYLLIBAT4rLbBZLLIAADorLbBaLLIAATorLbBbLLIBADorLbBcLLIBATorLbBdLLAyKy6xJgEUKy2wXiywMiuwNistsF8ssDIrsDcrLbBgLLAAFrAyK7A4Ky2wYSywMysusSYBFCstsGIssDMrsDYrLbBjLLAzK7A3Ky2wZCywMyuwOCstsGUssDQrLrEmARQrLbBmLLA0K7A2Ky2wZyywNCuwNystsGgssDQrsDgrLbBpLLA1Ky6xJgEUKy2waiywNSuwNistsGsssDUrsDcrLbBsLLA1K7A4Ky2wbSwrsAhlsAMkUHiwARUwLQAAAEu4AMhSWLEBAY5ZuQgACABjILABI0SwAyNwsgQoCUVSRLIKAgcqsQYBRLEkAYhRWLBAiFixBgNEsSYBiFFYuAQAiFixBgFEWVlZWbgB/4WwBI2xBQBEAAA=) format('truetype'),url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAAoUAA4AAAAAEPQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAABRAAAAEQAAABWPeFJAWNtYXAAAAGIAAAAOgAAAUrQEhm3Y3Z0IAAAAcQAAAAUAAAAHAZJ/5RmcGdtAAAB2AAABPkAAAmRigp4O2dhc3AAAAbUAAAACAAAAAgAAAAQZ2x5ZgAABtwAAACuAAAAtt9nBHZoZWFkAAAHjAAAADUAAAA2ASs8e2hoZWEAAAfEAAAAIAAAACQHUwNNaG10eAAAB+QAAAAMAAAADAspAABsb2NhAAAH8AAAAAgAAAAIADgAW21heHAAAAf4AAAAIAAAACAApgm8bmFtZQAACBgAAAF3AAACzcydGhxwb3N0AAAJkAAAACoAAAA7rr1AmHByZXAAAAm8AAAAVgAAAFaSoZr/eJxjYGTewTiBgZWBg6mKaQ8DA0MPhGZ8wGDIyMTAwMTAysyAFQSkuaYwOLxgeMHIHPQ/iyGKmZvBHyjMCJIDAPe9C2B4nGNgYGBmgGAZBkYGEHAB8hjBfBYGDSDNBqQZGZgYGF4w/v8PUvCCAURLMELVAwEjG8OIBwBk5AavAAB4nGNgQANGDEbM3P83gjAAELQD4XicnVXZdtNWFJU8ZHASOmSgoA7X3DhQ68qEKRgwaSrFdiEdHAitBB2kDHTkncc+62uOQrtWH/m07n09JLR0rbYsls++R1tn2DrnRhwjKn0aiGvUoZKXA6msPZZK90lc13Uvj5UMBnFdthJPSZuonSRKat3sUC7xWOsqWSdYJ+PlIFZPVZ5noAziFB5lSUQbRBuplyZJ4onjJ4kWZxAfJUkgJaMQp9LIUEI1GsRS1aFM6dCr1xNx00DKRqMedVhU90PFJ8c1p9SsA0YqVznCFevVRr4bpwMve5DEOsGzrYcxHnisfpQqkIqR6cg/dkpOlIaBVHHUoVbi6DCTX/eRTCrNQKaMYkWl7oG43f102xYxPXQ6vi5KlUaqurnOKJrt0fGogygP2cbppNzQ2fbw5RlTVKtdcbPtQGYNXErJbHSfRAAdJlLj6QFONZwCqRn1R8XZ588BEslclKo8VTKHegOZMzt7cTHtbiersnCknwcyb3Z2452HQ6dXh3/R+hdM4cxHj+Jifj5C+lBqfiJOJKVGWMzyp4YfcVcgQrkxiAsXyuBThDl0RdrZZl3jtTH2hs/5SqlhPQna6KP4fgr9TiQrHGdRo/VInM1j13Wt3GdQS7W7Fzsyr0OVIu7vCwuuM+eEYZ4WC1VfnvneBTT/Bohn/EDeNIVL+5YpSrRvm6JMu2iKCu0SVKVdNsUU7YoppmnPmmKG9h1TzNKeMzLj/8vc55H7HN7xkJv2XeSmfQ+5ad9HbtoPkJtWITdtHblpLyA3rUZu2lWjOnYEGgZpF1IVQdA0svph3Fab9UDWjDR8aWDyLmLI+upER521tcofxX914gsHcmmip7siF5viLq/bFj483e6rj5pG3bDV+MaR8jAeRnocmtBZ+c3hv+1N3S6a7jKqMugBFUwKwABl7UAC0zrbCaT1mqf48gdgXIZ4zkpDtVSfO4am7+V5X/exOfG+x+3GLrdcd3kJWdYNcmP28N9SZKrrH+UtrVQnR6wrJ49VaxhDKrwour6SlHu0tRu/KKmy8l6U1srnk5CbPYMbQlu27mGwI0xpyiUeXlOlKD3UUo6yQyxvKco84JSLC1qGxLgOdQ9qa8TpoXoYGwshhqG0vRBwSCldFd+0ynfxHqtr2Oj4xRXh6XpyEhGf4ir7UfBU10b96A7avGbdMoMpVaqn+4xPsa/b9lFZaaSOsxe3VAfXNOsaORXTT+Rr4HRvOGjdAz1UfDRBI1U1x+jGKGM0ljXl3wR0MVZ+w2jVYvs93E+dpFWsuUuY7JsT9+C0u/0q+7WcW0bW/dcGvW3kip8jMb8tCvw7B2K3ZA3UO5OBGAvIWdAYxhYmdxiug23EbfY/Jqf/34aFRXJXOxq7eerD1ZNRJXfZ8rjLTXZZ16M2R9VOGvsIjS0PN+bY4XIstsRgQbb+wf8x7gF3aVEC4NDIZZiI2nShnurh6h6rsW04VxIBds2x43QAegAuQd8cu9bzCYD13CPnLsB9cgh2yCH4lByCz8i5BfA5OQRfkEMwIIdgl5w7AA/IIXhIDsEeOQSPyNkE+JIcgq/IIYjJIUjIuQ3wmByCJ+QQfE0OwTdGrk5k/pYH2QD6zqKbQKmdGhzaOGRGrk3Y+zxY9oFFZB9aROqRkesT6lMeLPV7i0j9wSJSfzRyY0L9iQdL/dkiUn+xiNRnxpeZIymvDp7zjg7+BJfqrV4AAAAAAQAB//8AD3icY2BkAALmJUwzGEQZZBwk+RkZGBmdGJgYmbIYgMwsoGSiiLgIs5A2owg7I5uSOqOaiT2jmZE8I5gQY17C/09BQEfg3yt+fh8gvYQxD0j68DOJiQn8U+DnZxQDcQUEljLmCwBpBgbG/3//b2SOZ+Zm4GEQcuAH2sblDLSEm8FFVJhJEGgLH6OSHpMdo5EcI3Nk0bEXJ/LYqvZ82VXHGFd6pKTkyCsQwQAAq+QkqAAAeJxjYGRgYADiw5VSsfH8Nl8ZuJlfAEUYzpvO6IXQCb7///7fyLyEmRvI5WBgAokCAFb/DJAAAAB4nGNgZGBgDvqfxRDF/IKB4f935iUMQBEUwAwAi5YFpgPoAAAD6AAAA1kAAAAAAAAAOABbAAEAAAADABYAAQAAAAAAAgAGABMAbgAAAC0JkQAAAAB4nHWQy2rCQBSG//HSi0JbWui2sypKabxgN4IgWHTTbqS4LTHGJBIzMhkFX6Pv0IfpS/RZ+puMpShNmMx3vjlz5mQAXOMbAvnzxJGzwBmjnAs4Rc9ykf7Zcon8YrmMKt4sn9C/W67gAYHlKm7wwQqidM5ogU/LAlfi0nIBF+LOcpH+0XKJ3LNcxq14tXxC71muYCJSy1Xci6+BWm11FIRG1gZ12W62OnK6lYoqStxYumsTKp3KvpyrxPhxrBxPLfc89oN17Op9uJ8nvk4jlciW09yrkZ/42jX+bFc93QRtY+ZyrtVSDm2GXGm18D3jhMasuo3G3/MwgMIKW2hEvKoQBhI12jrnNppooUOaMkMyM8+KkMBFTONizR1htpIy7nPMGSW0PjNisgOP3+WRH5MC7o9ZRR+tHsYT0u6MKPOSfTns7jBrREqyTDezs9/eU2x4WpvWcNeuS511JTE8qCF5H7u1BY1H72S3Ymi7aPD95/9+AN1fhEsAeJxjYGKAAC4G7ICZgYGRiZGZMzkjNTk7N7Eomy05syg5J5WBAQBE1QZBAABLuADIUlixAQGOWbkIAAgAYyCwASNEsAMjcLIEKAlFUkSyCgIHKrEGAUSxJAGIUViwQIhYsQYDRLEmAYhRWLgEAIhYsQYBRFlZWVm4Af+FsASNsQUARAAA) format('woff')}.ui.ordered.steps .step.completed:before,.ui.steps .step.completed>.icon:before{font-family:Step;content:'\e800'}/*!
- * # Semantic UI 2.4.0 - Breadcrumb
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.breadcrumb{line-height:1;display:inline-block;margin:0 0;vertical-align:middle}.ui.breadcrumb:first-child{margin-top:0}.ui.breadcrumb:last-child{margin-bottom:0}.ui.breadcrumb .divider{display:inline-block;opacity:.7;margin:0 .21428571rem 0;font-size:.92857143em;color:rgba(0,0,0,.4);vertical-align:baseline}.ui.breadcrumb a{color:#4183c4}.ui.breadcrumb a:hover{color:#1e70bf}.ui.breadcrumb .icon.divider{font-size:.85714286em;vertical-align:baseline}.ui.breadcrumb a.section{cursor:pointer}.ui.breadcrumb .section{display:inline-block;margin:0;padding:0}.ui.breadcrumb.segment{display:inline-block;padding:.78571429em 1em}.ui.breadcrumb .active.section{font-weight:700}.ui.mini.breadcrumb{font-size:.78571429rem}.ui.tiny.breadcrumb{font-size:.85714286rem}.ui.small.breadcrumb{font-size:.92857143rem}.ui.breadcrumb{font-size:1rem}.ui.large.breadcrumb{font-size:1.14285714rem}.ui.big.breadcrumb{font-size:1.28571429rem}.ui.huge.breadcrumb{font-size:1.42857143rem}.ui.massive.breadcrumb{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - Form
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.form{position:relative;max-width:100%}.ui.form>p{margin:1em 0}.ui.form .field{clear:both;margin:0 0 1em}.ui.form .field:last-child,.ui.form .fields:last-child .field{margin-bottom:0}.ui.form .fields .field{clear:both;margin:0}.ui.form .field>label{display:block;margin:0 0 .28571429rem 0;color:rgba(0,0,0,.87);font-size:.92857143em;font-weight:700;text-transform:none}.ui.form input:not([type]),.ui.form input[type=date],.ui.form input[type=datetime-local],.ui.form input[type=email],.ui.form input[type=file],.ui.form input[type=number],.ui.form input[type=password],.ui.form input[type=search],.ui.form input[type=tel],.ui.form input[type=text],.ui.form input[type=time],.ui.form input[type=url],.ui.form textarea{width:100%;vertical-align:top}.ui.form ::-webkit-datetime-edit,.ui.form ::-webkit-inner-spin-button{height:1.21428571em}.ui.form input:not([type]),.ui.form input[type=date],.ui.form input[type=datetime-local],.ui.form input[type=email],.ui.form input[type=file],.ui.form input[type=number],.ui.form input[type=password],.ui.form input[type=search],.ui.form input[type=tel],.ui.form input[type=text],.ui.form input[type=time],.ui.form input[type=url]{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;margin:0;outline:0;-webkit-appearance:none;tap-highlight-color:rgba(255,255,255,0);line-height:1.21428571em;padding:.67857143em 1em;font-size:1em;background:#fff;border:1px solid rgba(34,36,38,.15);color:rgba(0,0,0,.87);border-radius:.28571429rem;-webkit-box-shadow:0 0 0 0 transparent inset;box-shadow:0 0 0 0 transparent inset;-webkit-transition:color .1s ease,border-color .1s ease;transition:color .1s ease,border-color .1s ease}.ui.form textarea{margin:0;-webkit-appearance:none;tap-highlight-color:rgba(255,255,255,0);padding:.78571429em 1em;background:#fff;border:1px solid rgba(34,36,38,.15);outline:0;color:rgba(0,0,0,.87);border-radius:.28571429rem;-webkit-box-shadow:0 0 0 0 transparent inset;box-shadow:0 0 0 0 transparent inset;-webkit-transition:color .1s ease,border-color .1s ease;transition:color .1s ease,border-color .1s ease;font-size:1em;line-height:1.2857;resize:vertical}.ui.form textarea:not([rows]){height:12em;min-height:8em;max-height:24em}.ui.form input[type=checkbox],.ui.form textarea{vertical-align:top}.ui.form input.attached{width:auto}.ui.form select{display:block;height:auto;width:100%;background:#fff;border:1px solid rgba(34,36,38,.15);border-radius:.28571429rem;-webkit-box-shadow:0 0 0 0 transparent inset;box-shadow:0 0 0 0 transparent inset;padding:.62em 1em;color:rgba(0,0,0,.87);-webkit-transition:color .1s ease,border-color .1s ease;transition:color .1s ease,border-color .1s ease}.ui.form .field>.selection.dropdown{width:100%}.ui.form .field>.selection.dropdown>.dropdown.icon{float:right}.ui.form .inline.field>.selection.dropdown,.ui.form .inline.fields .field>.selection.dropdown{width:auto}.ui.form .inline.field>.selection.dropdown>.dropdown.icon,.ui.form .inline.fields .field>.selection.dropdown>.dropdown.icon{float:none}.ui.form .field .ui.input,.ui.form .fields .field .ui.input,.ui.form .wide.field .ui.input{width:100%}.ui.form .inline.field:not(.wide) .ui.input,.ui.form .inline.fields .field:not(.wide) .ui.input{width:auto;vertical-align:middle}.ui.form .field .ui.input input,.ui.form .fields .field .ui.input input{width:auto}.ui.form .eight.fields .ui.input input,.ui.form .five.fields .ui.input input,.ui.form .four.fields .ui.input input,.ui.form .nine.fields .ui.input input,.ui.form .seven.fields .ui.input input,.ui.form .six.fields .ui.input input,.ui.form .ten.fields .ui.input input,.ui.form .three.fields .ui.input input,.ui.form .two.fields .ui.input input,.ui.form .wide.field .ui.input input{-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto;width:0}.ui.form .error.message,.ui.form .success.message,.ui.form .warning.message{display:none}.ui.form .message:first-child{margin-top:0}.ui.form .field .prompt.label{white-space:normal;background:#fff!important;border:1px solid #e0b4b4!important;color:#9f3a38!important}.ui.form .inline.field .prompt,.ui.form .inline.fields .field .prompt{vertical-align:top;margin:-.25em 0 -.5em .5em}.ui.form .inline.field .prompt:before,.ui.form .inline.fields .field .prompt:before{border-width:0 0 1px 1px;bottom:auto;right:auto;top:50%;left:0}.ui.form .field.field input:-webkit-autofill{-webkit-box-shadow:0 0 0 100px ivory inset!important;box-shadow:0 0 0 100px ivory inset!important;border-color:#e5dfa1!important}.ui.form .field.field input:-webkit-autofill:focus{-webkit-box-shadow:0 0 0 100px ivory inset!important;box-shadow:0 0 0 100px ivory inset!important;border-color:#d5c315!important}.ui.form .error.error input:-webkit-autofill{-webkit-box-shadow:0 0 0 100px #fffaf0 inset!important;box-shadow:0 0 0 100px #fffaf0 inset!important;border-color:#e0b4b4!important}.ui.form ::-webkit-input-placeholder{color:rgba(191,191,191,.87)}.ui.form :-ms-input-placeholder{color:rgba(191,191,191,.87)!important}.ui.form ::-moz-placeholder{color:rgba(191,191,191,.87)}.ui.form :focus::-webkit-input-placeholder{color:rgba(115,115,115,.87)}.ui.form :focus:-ms-input-placeholder{color:rgba(115,115,115,.87)!important}.ui.form :focus::-moz-placeholder{color:rgba(115,115,115,.87)}.ui.form .error ::-webkit-input-placeholder{color:#e7bdbc}.ui.form .error :-ms-input-placeholder{color:#e7bdbc!important}.ui.form .error ::-moz-placeholder{color:#e7bdbc}.ui.form .error :focus::-webkit-input-placeholder{color:#da9796}.ui.form .error :focus:-ms-input-placeholder{color:#da9796!important}.ui.form .error :focus::-moz-placeholder{color:#da9796}.ui.form input:not([type]):focus,.ui.form input[type=date]:focus,.ui.form input[type=datetime-local]:focus,.ui.form input[type=email]:focus,.ui.form input[type=file]:focus,.ui.form input[type=number]:focus,.ui.form input[type=password]:focus,.ui.form input[type=search]:focus,.ui.form input[type=tel]:focus,.ui.form input[type=text]:focus,.ui.form input[type=time]:focus,.ui.form input[type=url]:focus{color:rgba(0,0,0,.95);border-color:#85b7d9;border-radius:.28571429rem;background:#fff;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.35) inset;box-shadow:0 0 0 0 rgba(34,36,38,.35) inset}.ui.form textarea:focus{color:rgba(0,0,0,.95);border-color:#85b7d9;border-radius:.28571429rem;background:#fff;-webkit-box-shadow:0 0 0 0 rgba(34,36,38,.35) inset;box-shadow:0 0 0 0 rgba(34,36,38,.35) inset;-webkit-appearance:none}.ui.form.success .success.message:not(:empty){display:block}.ui.form.success .compact.success.message:not(:empty){display:inline-block}.ui.form.success .icon.success.message:not(:empty){display:-webkit-box;display:-ms-flexbox;display:flex}.ui.form.warning .warning.message:not(:empty){display:block}.ui.form.warning .compact.warning.message:not(:empty){display:inline-block}.ui.form.warning .icon.warning.message:not(:empty){display:-webkit-box;display:-ms-flexbox;display:flex}.ui.form.error .error.message:not(:empty){display:block}.ui.form.error .compact.error.message:not(:empty){display:inline-block}.ui.form.error .icon.error.message:not(:empty){display:-webkit-box;display:-ms-flexbox;display:flex}.ui.form .field.error .input,.ui.form .field.error label,.ui.form .fields.error .field .input,.ui.form .fields.error .field label{color:#9f3a38}.ui.form .field.error .corner.label,.ui.form .fields.error .field .corner.label{border-color:#9f3a38;color:#fff}.ui.form .field.error input:not([type]),.ui.form .field.error input[type=date],.ui.form .field.error input[type=datetime-local],.ui.form .field.error input[type=email],.ui.form .field.error input[type=file],.ui.form .field.error input[type=number],.ui.form .field.error input[type=password],.ui.form .field.error input[type=search],.ui.form .field.error input[type=tel],.ui.form .field.error input[type=text],.ui.form .field.error input[type=time],.ui.form .field.error input[type=url],.ui.form .field.error select,.ui.form .field.error textarea,.ui.form .fields.error .field input:not([type]),.ui.form .fields.error .field input[type=date],.ui.form .fields.error .field input[type=datetime-local],.ui.form .fields.error .field input[type=email],.ui.form .fields.error .field input[type=file],.ui.form .fields.error .field input[type=number],.ui.form .fields.error .field input[type=password],.ui.form .fields.error .field input[type=search],.ui.form .fields.error .field input[type=tel],.ui.form .fields.error .field input[type=text],.ui.form .fields.error .field input[type=time],.ui.form .fields.error .field input[type=url],.ui.form .fields.error .field select,.ui.form .fields.error .field textarea{background:#fff6f6;border-color:#e0b4b4;color:#9f3a38;border-radius:'';-webkit-box-shadow:none;box-shadow:none}.ui.form .field.error input:not([type]):focus,.ui.form .field.error input[type=date]:focus,.ui.form .field.error input[type=datetime-local]:focus,.ui.form .field.error input[type=email]:focus,.ui.form .field.error input[type=file]:focus,.ui.form .field.error input[type=number]:focus,.ui.form .field.error input[type=password]:focus,.ui.form .field.error input[type=search]:focus,.ui.form .field.error input[type=tel]:focus,.ui.form .field.error input[type=text]:focus,.ui.form .field.error input[type=time]:focus,.ui.form .field.error input[type=url]:focus,.ui.form .field.error select:focus,.ui.form .field.error textarea:focus{background:#fff6f6;border-color:#e0b4b4;color:#9f3a38;-webkit-appearance:none;-webkit-box-shadow:none;box-shadow:none}.ui.form .field.error select{-webkit-appearance:menulist-button}.ui.form .field.error .ui.dropdown,.ui.form .field.error .ui.dropdown .item,.ui.form .field.error .ui.dropdown .text,.ui.form .fields.error .field .ui.dropdown,.ui.form .fields.error .field .ui.dropdown .item{background:#fff6f6;color:#9f3a38}.ui.form .field.error .ui.dropdown,.ui.form .fields.error .field .ui.dropdown{border-color:#e0b4b4!important}.ui.form .field.error .ui.dropdown:hover,.ui.form .fields.error .field .ui.dropdown:hover{border-color:#e0b4b4!important}.ui.form .field.error .ui.dropdown:hover .menu,.ui.form .fields.error .field .ui.dropdown:hover .menu{border-color:#e0b4b4}.ui.form .field.error .ui.multiple.selection.dropdown>.label,.ui.form .fields.error .field .ui.multiple.selection.dropdown>.label{background-color:#eacbcb;color:#9f3a38}.ui.form .field.error .ui.dropdown .menu .item:hover,.ui.form .fields.error .field .ui.dropdown .menu .item:hover{background-color:#fbe7e7}.ui.form .field.error .ui.dropdown .menu .selected.item,.ui.form .fields.error .field .ui.dropdown .menu .selected.item{background-color:#fbe7e7}.ui.form .field.error .ui.dropdown .menu .active.item,.ui.form .fields.error .field .ui.dropdown .menu .active.item{background-color:#fdcfcf!important}.ui.form .field.error .checkbox:not(.toggle):not(.slider) .box,.ui.form .field.error .checkbox:not(.toggle):not(.slider) label,.ui.form .fields.error .field .checkbox:not(.toggle):not(.slider) .box,.ui.form .fields.error .field .checkbox:not(.toggle):not(.slider) label{color:#9f3a38}.ui.form .field.error .checkbox:not(.toggle):not(.slider) .box:before,.ui.form .field.error .checkbox:not(.toggle):not(.slider) label:before,.ui.form .fields.error .field .checkbox:not(.toggle):not(.slider) .box:before,.ui.form .fields.error .field .checkbox:not(.toggle):not(.slider) label:before{background:#fff6f6;border-color:#e0b4b4}.ui.form .field.error .checkbox .box:after,.ui.form .field.error .checkbox label:after,.ui.form .fields.error .field .checkbox .box:after,.ui.form .fields.error .field .checkbox label:after{color:#9f3a38}.ui.form .disabled.field,.ui.form .disabled.fields .field,.ui.form .field :disabled{pointer-events:none;opacity:.45}.ui.form .field.disabled>label,.ui.form .fields.disabled>label{opacity:.45}.ui.form .field.disabled :disabled{opacity:1}.ui.loading.form{position:relative;cursor:default;pointer-events:none}.ui.loading.form:before{position:absolute;content:'';top:0;left:0;background:rgba(255,255,255,.8);width:100%;height:100%;z-index:100}.ui.loading.form:after{position:absolute;content:'';top:50%;left:50%;margin:-1.5em 0 0 -1.5em;width:3em;height:3em;-webkit-animation:form-spin .6s linear;animation:form-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.1);border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent;visibility:visible;z-index:101}@-webkit-keyframes form-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes form-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.ui.form .required.field>.checkbox:after,.ui.form .required.field>label:after,.ui.form .required.fields.grouped>label:after,.ui.form .required.fields:not(.grouped)>.field>.checkbox:after,.ui.form .required.fields:not(.grouped)>.field>label:after{margin:-.2em 0 0 .2em;content:'*';color:#db2828}.ui.form .required.field>label:after,.ui.form .required.fields.grouped>label:after,.ui.form .required.fields:not(.grouped)>.field>label:after{display:inline-block;vertical-align:top}.ui.form .required.field>.checkbox:after,.ui.form .required.fields:not(.grouped)>.field>.checkbox:after{position:absolute;top:0;left:100%}.ui.form .inverted.segment .ui.checkbox .box,.ui.form .inverted.segment .ui.checkbox label,.ui.form .inverted.segment label,.ui.inverted.form .inline.field>label,.ui.inverted.form .inline.field>p,.ui.inverted.form .inline.fields .field>label,.ui.inverted.form .inline.fields .field>p,.ui.inverted.form .inline.fields>label,.ui.inverted.form .ui.checkbox .box,.ui.inverted.form .ui.checkbox label,.ui.inverted.form label{color:rgba(255,255,255,.9)}.ui.inverted.form input:not([type]),.ui.inverted.form input[type=date],.ui.inverted.form input[type=datetime-local],.ui.inverted.form input[type=email],.ui.inverted.form input[type=file],.ui.inverted.form input[type=number],.ui.inverted.form input[type=password],.ui.inverted.form input[type=search],.ui.inverted.form input[type=tel],.ui.inverted.form input[type=text],.ui.inverted.form input[type=time],.ui.inverted.form input[type=url]{background:#fff;border-color:rgba(255,255,255,.1);color:rgba(0,0,0,.87);-webkit-box-shadow:none;box-shadow:none}.ui.form .grouped.fields{display:block;margin:0 0 1em}.ui.form .grouped.fields:last-child{margin-bottom:0}.ui.form .grouped.fields>label{margin:0 0 .28571429rem 0;color:rgba(0,0,0,.87);font-size:.92857143em;font-weight:700;text-transform:none}.ui.form .grouped.fields .field,.ui.form .grouped.inline.fields .field{display:block;margin:.5em 0;padding:0}.ui.form .fields{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;margin:0 -.5em 1em}.ui.form .fields>.field{-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;padding-left:.5em;padding-right:.5em}.ui.form .fields>.field:first-child{border-left:none;-webkit-box-shadow:none;box-shadow:none}.ui.form .two.fields>.field,.ui.form .two.fields>.fields{width:50%}.ui.form .three.fields>.field,.ui.form .three.fields>.fields{width:33.33333333%}.ui.form .four.fields>.field,.ui.form .four.fields>.fields{width:25%}.ui.form .five.fields>.field,.ui.form .five.fields>.fields{width:20%}.ui.form .six.fields>.field,.ui.form .six.fields>.fields{width:16.66666667%}.ui.form .seven.fields>.field,.ui.form .seven.fields>.fields{width:14.28571429%}.ui.form .eight.fields>.field,.ui.form .eight.fields>.fields{width:12.5%}.ui.form .nine.fields>.field,.ui.form .nine.fields>.fields{width:11.11111111%}.ui.form .ten.fields>.field,.ui.form .ten.fields>.fields{width:10%}@media only screen and (max-width:767px){.ui.form .fields{-ms-flex-wrap:wrap;flex-wrap:wrap}.ui.form:not(.unstackable) .eight.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .eight.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .five.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .five.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .four.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .four.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .nine.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .nine.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .seven.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .seven.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .six.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .six.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .ten.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .ten.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .three.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .three.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .two.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .two.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) [class*="equal width"].fields:not(.unstackable)>.field,.ui[class*="equal width"].form:not(.unstackable) .fields>.field{width:100%!important;margin:0 0 1em}}.ui.form .fields .wide.field{width:6.25%;padding-left:.5em;padding-right:.5em}.ui.form .one.wide.field{width:6.25%!important}.ui.form .two.wide.field{width:12.5%!important}.ui.form .three.wide.field{width:18.75%!important}.ui.form .four.wide.field{width:25%!important}.ui.form .five.wide.field{width:31.25%!important}.ui.form .six.wide.field{width:37.5%!important}.ui.form .seven.wide.field{width:43.75%!important}.ui.form .eight.wide.field{width:50%!important}.ui.form .nine.wide.field{width:56.25%!important}.ui.form .ten.wide.field{width:62.5%!important}.ui.form .eleven.wide.field{width:68.75%!important}.ui.form .twelve.wide.field{width:75%!important}.ui.form .thirteen.wide.field{width:81.25%!important}.ui.form .fourteen.wide.field{width:87.5%!important}.ui.form .fifteen.wide.field{width:93.75%!important}.ui.form .sixteen.wide.field{width:100%!important}@media only screen and (max-width:767px){.ui.form:not(.unstackable) .fields:not(.unstackable)>.eight.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.eleven.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.fifteen.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.five.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.four.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.fourteen.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.nine.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.seven.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.six.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.sixteen.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.ten.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.thirteen.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.three.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.twelve.wide.field,.ui.form:not(.unstackable) .fields:not(.unstackable)>.two.wide.field,.ui.form:not(.unstackable) .five.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .five.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .four.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .four.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .three.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .three.fields:not(.unstackable)>.fields,.ui.form:not(.unstackable) .two.fields:not(.unstackable)>.field,.ui.form:not(.unstackable) .two.fields:not(.unstackable)>.fields{width:100%!important}.ui.form .fields{margin-bottom:0}}.ui.form [class*="equal width"].fields>.field,.ui[class*="equal width"].form .fields>.field{width:100%;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto}.ui.form .inline.fields{margin:0 0 1em;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.ui.form .inline.fields .field{margin:0;padding:0 1em 0 0}.ui.form .inline.field>label,.ui.form .inline.field>p,.ui.form .inline.fields .field>label,.ui.form .inline.fields .field>p,.ui.form .inline.fields>label{display:inline-block;width:auto;margin-top:0;margin-bottom:0;vertical-align:baseline;font-size:.92857143em;font-weight:700;color:rgba(0,0,0,.87);text-transform:none}.ui.form .inline.fields>label{margin:.035714em 1em 0 0}.ui.form .inline.field>input,.ui.form .inline.field>select,.ui.form .inline.fields .field>input,.ui.form .inline.fields .field>select{display:inline-block;width:auto;margin-top:0;margin-bottom:0;vertical-align:middle;font-size:1em}.ui.form .inline.field>:first-child,.ui.form .inline.fields .field>:first-child{margin:0 .85714286em 0 0}.ui.form .inline.field>:only-child,.ui.form .inline.fields .field>:only-child{margin:0}.ui.form .inline.fields .wide.field{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.ui.form .inline.fields .wide.field>input,.ui.form .inline.fields .wide.field>select{width:100%}.ui.mini.form{font-size:.78571429rem}.ui.tiny.form{font-size:.85714286rem}.ui.small.form{font-size:.92857143rem}.ui.form{font-size:1rem}.ui.large.form{font-size:1.14285714rem}.ui.big.form{font-size:1.28571429rem}.ui.huge.form{font-size:1.42857143rem}.ui.massive.form{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - Grid
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.grid{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;padding:0}.ui.grid{margin-top:-1rem;margin-bottom:-1rem;margin-left:-1rem;margin-right:-1rem}.ui.relaxed.grid{margin-left:-1.5rem;margin-right:-1.5rem}.ui[class*="very relaxed"].grid{margin-left:-2.5rem;margin-right:-2.5rem}.ui.grid+.grid{margin-top:1rem}.ui.grid>.column:not(.row),.ui.grid>.row>.column{position:relative;display:inline-block;width:6.25%;padding-left:1rem;padding-right:1rem;vertical-align:top}.ui.grid>*{padding-left:1rem;padding-right:1rem}.ui.grid>.row{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:inherit;-ms-flex-pack:inherit;justify-content:inherit;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;width:100%!important;padding:0;padding-top:1rem;padding-bottom:1rem}.ui.grid>.column:not(.row){padding-top:1rem;padding-bottom:1rem}.ui.grid>.row>.column{margin-top:0;margin-bottom:0}.ui.grid>.row>.column>img,.ui.grid>.row>img{max-width:100%}.ui.grid>.ui.grid:first-child{margin-top:0}.ui.grid>.ui.grid:last-child{margin-bottom:0}.ui.aligned.grid .column>.segment:not(.compact):not(.attached),.ui.grid .aligned.row>.column>.segment:not(.compact):not(.attached){width:100%}.ui.grid .row+.ui.divider{-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;margin:1rem 1rem}.ui.grid .column+.ui.vertical.divider{height:calc(50% - 1rem)}.ui.grid>.column:last-child>.horizontal.segment,.ui.grid>.row>.column:last-child>.horizontal.segment{-webkit-box-shadow:none;box-shadow:none}@media only screen and (max-width:767px){.ui.page.grid{width:auto;padding-left:0;padding-right:0;margin-left:0;margin-right:0}}@media only screen and (min-width:768px) and (max-width:991px){.ui.page.grid{width:auto;margin-left:0;margin-right:0;padding-left:2em;padding-right:2em}}@media only screen and (min-width:992px) and (max-width:1199px){.ui.page.grid{width:auto;margin-left:0;margin-right:0;padding-left:3%;padding-right:3%}}@media only screen and (min-width:1200px) and (max-width:1919px){.ui.page.grid{width:auto;margin-left:0;margin-right:0;padding-left:15%;padding-right:15%}}@media only screen and (min-width:1920px){.ui.page.grid{width:auto;margin-left:0;margin-right:0;padding-left:23%;padding-right:23%}}.ui.grid>.column:only-child,.ui.grid>.row>.column:only-child{width:100%}.ui[class*="one column"].grid>.column:not(.row),.ui[class*="one column"].grid>.row>.column{width:100%}.ui[class*="two column"].grid>.column:not(.row),.ui[class*="two column"].grid>.row>.column{width:50%}.ui[class*="three column"].grid>.column:not(.row),.ui[class*="three column"].grid>.row>.column{width:33.33333333%}.ui[class*="four column"].grid>.column:not(.row),.ui[class*="four column"].grid>.row>.column{width:25%}.ui[class*="five column"].grid>.column:not(.row),.ui[class*="five column"].grid>.row>.column{width:20%}.ui[class*="six column"].grid>.column:not(.row),.ui[class*="six column"].grid>.row>.column{width:16.66666667%}.ui[class*="seven column"].grid>.column:not(.row),.ui[class*="seven column"].grid>.row>.column{width:14.28571429%}.ui[class*="eight column"].grid>.column:not(.row),.ui[class*="eight column"].grid>.row>.column{width:12.5%}.ui[class*="nine column"].grid>.column:not(.row),.ui[class*="nine column"].grid>.row>.column{width:11.11111111%}.ui[class*="ten column"].grid>.column:not(.row),.ui[class*="ten column"].grid>.row>.column{width:10%}.ui[class*="eleven column"].grid>.column:not(.row),.ui[class*="eleven column"].grid>.row>.column{width:9.09090909%}.ui[class*="twelve column"].grid>.column:not(.row),.ui[class*="twelve column"].grid>.row>.column{width:8.33333333%}.ui[class*="thirteen column"].grid>.column:not(.row),.ui[class*="thirteen column"].grid>.row>.column{width:7.69230769%}.ui[class*="fourteen column"].grid>.column:not(.row),.ui[class*="fourteen column"].grid>.row>.column{width:7.14285714%}.ui[class*="fifteen column"].grid>.column:not(.row),.ui[class*="fifteen column"].grid>.row>.column{width:6.66666667%}.ui[class*="sixteen column"].grid>.column:not(.row),.ui[class*="sixteen column"].grid>.row>.column{width:6.25%}.ui.grid>[class*="one column"].row>.column{width:100%!important}.ui.grid>[class*="two column"].row>.column{width:50%!important}.ui.grid>[class*="three column"].row>.column{width:33.33333333%!important}.ui.grid>[class*="four column"].row>.column{width:25%!important}.ui.grid>[class*="five column"].row>.column{width:20%!important}.ui.grid>[class*="six column"].row>.column{width:16.66666667%!important}.ui.grid>[class*="seven column"].row>.column{width:14.28571429%!important}.ui.grid>[class*="eight column"].row>.column{width:12.5%!important}.ui.grid>[class*="nine column"].row>.column{width:11.11111111%!important}.ui.grid>[class*="ten column"].row>.column{width:10%!important}.ui.grid>[class*="eleven column"].row>.column{width:9.09090909%!important}.ui.grid>[class*="twelve column"].row>.column{width:8.33333333%!important}.ui.grid>[class*="thirteen column"].row>.column{width:7.69230769%!important}.ui.grid>[class*="fourteen column"].row>.column{width:7.14285714%!important}.ui.grid>[class*="fifteen column"].row>.column{width:6.66666667%!important}.ui.grid>[class*="sixteen column"].row>.column{width:6.25%!important}.ui.celled.page.grid{-webkit-box-shadow:none;box-shadow:none}.ui.column.grid>[class*="one wide"].column,.ui.grid>.column.row>[class*="one wide"].column,.ui.grid>.row>[class*="one wide"].column,.ui.grid>[class*="one wide"].column{width:6.25%!important}.ui.column.grid>[class*="two wide"].column,.ui.grid>.column.row>[class*="two wide"].column,.ui.grid>.row>[class*="two wide"].column,.ui.grid>[class*="two wide"].column{width:12.5%!important}.ui.column.grid>[class*="three wide"].column,.ui.grid>.column.row>[class*="three wide"].column,.ui.grid>.row>[class*="three wide"].column,.ui.grid>[class*="three wide"].column{width:18.75%!important}.ui.column.grid>[class*="four wide"].column,.ui.grid>.column.row>[class*="four wide"].column,.ui.grid>.row>[class*="four wide"].column,.ui.grid>[class*="four wide"].column{width:25%!important}.ui.column.grid>[class*="five wide"].column,.ui.grid>.column.row>[class*="five wide"].column,.ui.grid>.row>[class*="five wide"].column,.ui.grid>[class*="five wide"].column{width:31.25%!important}.ui.column.grid>[class*="six wide"].column,.ui.grid>.column.row>[class*="six wide"].column,.ui.grid>.row>[class*="six wide"].column,.ui.grid>[class*="six wide"].column{width:37.5%!important}.ui.column.grid>[class*="seven wide"].column,.ui.grid>.column.row>[class*="seven wide"].column,.ui.grid>.row>[class*="seven wide"].column,.ui.grid>[class*="seven wide"].column{width:43.75%!important}.ui.column.grid>[class*="eight wide"].column,.ui.grid>.column.row>[class*="eight wide"].column,.ui.grid>.row>[class*="eight wide"].column,.ui.grid>[class*="eight wide"].column{width:50%!important}.ui.column.grid>[class*="nine wide"].column,.ui.grid>.column.row>[class*="nine wide"].column,.ui.grid>.row>[class*="nine wide"].column,.ui.grid>[class*="nine wide"].column{width:56.25%!important}.ui.column.grid>[class*="ten wide"].column,.ui.grid>.column.row>[class*="ten wide"].column,.ui.grid>.row>[class*="ten wide"].column,.ui.grid>[class*="ten wide"].column{width:62.5%!important}.ui.column.grid>[class*="eleven wide"].column,.ui.grid>.column.row>[class*="eleven wide"].column,.ui.grid>.row>[class*="eleven wide"].column,.ui.grid>[class*="eleven wide"].column{width:68.75%!important}.ui.column.grid>[class*="twelve wide"].column,.ui.grid>.column.row>[class*="twelve wide"].column,.ui.grid>.row>[class*="twelve wide"].column,.ui.grid>[class*="twelve wide"].column{width:75%!important}.ui.column.grid>[class*="thirteen wide"].column,.ui.grid>.column.row>[class*="thirteen wide"].column,.ui.grid>.row>[class*="thirteen wide"].column,.ui.grid>[class*="thirteen wide"].column{width:81.25%!important}.ui.column.grid>[class*="fourteen wide"].column,.ui.grid>.column.row>[class*="fourteen wide"].column,.ui.grid>.row>[class*="fourteen wide"].column,.ui.grid>[class*="fourteen wide"].column{width:87.5%!important}.ui.column.grid>[class*="fifteen wide"].column,.ui.grid>.column.row>[class*="fifteen wide"].column,.ui.grid>.row>[class*="fifteen wide"].column,.ui.grid>[class*="fifteen wide"].column{width:93.75%!important}.ui.column.grid>[class*="sixteen wide"].column,.ui.grid>.column.row>[class*="sixteen wide"].column,.ui.grid>.row>[class*="sixteen wide"].column,.ui.grid>[class*="sixteen wide"].column{width:100%!important}@media only screen and (min-width:320px) and (max-width:767px){.ui.column.grid>[class*="one wide mobile"].column,.ui.grid>.column.row>[class*="one wide mobile"].column,.ui.grid>.row>[class*="one wide mobile"].column,.ui.grid>[class*="one wide mobile"].column{width:6.25%!important}.ui.column.grid>[class*="two wide mobile"].column,.ui.grid>.column.row>[class*="two wide mobile"].column,.ui.grid>.row>[class*="two wide mobile"].column,.ui.grid>[class*="two wide mobile"].column{width:12.5%!important}.ui.column.grid>[class*="three wide mobile"].column,.ui.grid>.column.row>[class*="three wide mobile"].column,.ui.grid>.row>[class*="three wide mobile"].column,.ui.grid>[class*="three wide mobile"].column{width:18.75%!important}.ui.column.grid>[class*="four wide mobile"].column,.ui.grid>.column.row>[class*="four wide mobile"].column,.ui.grid>.row>[class*="four wide mobile"].column,.ui.grid>[class*="four wide mobile"].column{width:25%!important}.ui.column.grid>[class*="five wide mobile"].column,.ui.grid>.column.row>[class*="five wide mobile"].column,.ui.grid>.row>[class*="five wide mobile"].column,.ui.grid>[class*="five wide mobile"].column{width:31.25%!important}.ui.column.grid>[class*="six wide mobile"].column,.ui.grid>.column.row>[class*="six wide mobile"].column,.ui.grid>.row>[class*="six wide mobile"].column,.ui.grid>[class*="six wide mobile"].column{width:37.5%!important}.ui.column.grid>[class*="seven wide mobile"].column,.ui.grid>.column.row>[class*="seven wide mobile"].column,.ui.grid>.row>[class*="seven wide mobile"].column,.ui.grid>[class*="seven wide mobile"].column{width:43.75%!important}.ui.column.grid>[class*="eight wide mobile"].column,.ui.grid>.column.row>[class*="eight wide mobile"].column,.ui.grid>.row>[class*="eight wide mobile"].column,.ui.grid>[class*="eight wide mobile"].column{width:50%!important}.ui.column.grid>[class*="nine wide mobile"].column,.ui.grid>.column.row>[class*="nine wide mobile"].column,.ui.grid>.row>[class*="nine wide mobile"].column,.ui.grid>[class*="nine wide mobile"].column{width:56.25%!important}.ui.column.grid>[class*="ten wide mobile"].column,.ui.grid>.column.row>[class*="ten wide mobile"].column,.ui.grid>.row>[class*="ten wide mobile"].column,.ui.grid>[class*="ten wide mobile"].column{width:62.5%!important}.ui.column.grid>[class*="eleven wide mobile"].column,.ui.grid>.column.row>[class*="eleven wide mobile"].column,.ui.grid>.row>[class*="eleven wide mobile"].column,.ui.grid>[class*="eleven wide mobile"].column{width:68.75%!important}.ui.column.grid>[class*="twelve wide mobile"].column,.ui.grid>.column.row>[class*="twelve wide mobile"].column,.ui.grid>.row>[class*="twelve wide mobile"].column,.ui.grid>[class*="twelve wide mobile"].column{width:75%!important}.ui.column.grid>[class*="thirteen wide mobile"].column,.ui.grid>.column.row>[class*="thirteen wide mobile"].column,.ui.grid>.row>[class*="thirteen wide mobile"].column,.ui.grid>[class*="thirteen wide mobile"].column{width:81.25%!important}.ui.column.grid>[class*="fourteen wide mobile"].column,.ui.grid>.column.row>[class*="fourteen wide mobile"].column,.ui.grid>.row>[class*="fourteen wide mobile"].column,.ui.grid>[class*="fourteen wide mobile"].column{width:87.5%!important}.ui.column.grid>[class*="fifteen wide mobile"].column,.ui.grid>.column.row>[class*="fifteen wide mobile"].column,.ui.grid>.row>[class*="fifteen wide mobile"].column,.ui.grid>[class*="fifteen wide mobile"].column{width:93.75%!important}.ui.column.grid>[class*="sixteen wide mobile"].column,.ui.grid>.column.row>[class*="sixteen wide mobile"].column,.ui.grid>.row>[class*="sixteen wide mobile"].column,.ui.grid>[class*="sixteen wide mobile"].column{width:100%!important}}@media only screen and (min-width:768px) and (max-width:991px){.ui.column.grid>[class*="one wide tablet"].column,.ui.grid>.column.row>[class*="one wide tablet"].column,.ui.grid>.row>[class*="one wide tablet"].column,.ui.grid>[class*="one wide tablet"].column{width:6.25%!important}.ui.column.grid>[class*="two wide tablet"].column,.ui.grid>.column.row>[class*="two wide tablet"].column,.ui.grid>.row>[class*="two wide tablet"].column,.ui.grid>[class*="two wide tablet"].column{width:12.5%!important}.ui.column.grid>[class*="three wide tablet"].column,.ui.grid>.column.row>[class*="three wide tablet"].column,.ui.grid>.row>[class*="three wide tablet"].column,.ui.grid>[class*="three wide tablet"].column{width:18.75%!important}.ui.column.grid>[class*="four wide tablet"].column,.ui.grid>.column.row>[class*="four wide tablet"].column,.ui.grid>.row>[class*="four wide tablet"].column,.ui.grid>[class*="four wide tablet"].column{width:25%!important}.ui.column.grid>[class*="five wide tablet"].column,.ui.grid>.column.row>[class*="five wide tablet"].column,.ui.grid>.row>[class*="five wide tablet"].column,.ui.grid>[class*="five wide tablet"].column{width:31.25%!important}.ui.column.grid>[class*="six wide tablet"].column,.ui.grid>.column.row>[class*="six wide tablet"].column,.ui.grid>.row>[class*="six wide tablet"].column,.ui.grid>[class*="six wide tablet"].column{width:37.5%!important}.ui.column.grid>[class*="seven wide tablet"].column,.ui.grid>.column.row>[class*="seven wide tablet"].column,.ui.grid>.row>[class*="seven wide tablet"].column,.ui.grid>[class*="seven wide tablet"].column{width:43.75%!important}.ui.column.grid>[class*="eight wide tablet"].column,.ui.grid>.column.row>[class*="eight wide tablet"].column,.ui.grid>.row>[class*="eight wide tablet"].column,.ui.grid>[class*="eight wide tablet"].column{width:50%!important}.ui.column.grid>[class*="nine wide tablet"].column,.ui.grid>.column.row>[class*="nine wide tablet"].column,.ui.grid>.row>[class*="nine wide tablet"].column,.ui.grid>[class*="nine wide tablet"].column{width:56.25%!important}.ui.column.grid>[class*="ten wide tablet"].column,.ui.grid>.column.row>[class*="ten wide tablet"].column,.ui.grid>.row>[class*="ten wide tablet"].column,.ui.grid>[class*="ten wide tablet"].column{width:62.5%!important}.ui.column.grid>[class*="eleven wide tablet"].column,.ui.grid>.column.row>[class*="eleven wide tablet"].column,.ui.grid>.row>[class*="eleven wide tablet"].column,.ui.grid>[class*="eleven wide tablet"].column{width:68.75%!important}.ui.column.grid>[class*="twelve wide tablet"].column,.ui.grid>.column.row>[class*="twelve wide tablet"].column,.ui.grid>.row>[class*="twelve wide tablet"].column,.ui.grid>[class*="twelve wide tablet"].column{width:75%!important}.ui.column.grid>[class*="thirteen wide tablet"].column,.ui.grid>.column.row>[class*="thirteen wide tablet"].column,.ui.grid>.row>[class*="thirteen wide tablet"].column,.ui.grid>[class*="thirteen wide tablet"].column{width:81.25%!important}.ui.column.grid>[class*="fourteen wide tablet"].column,.ui.grid>.column.row>[class*="fourteen wide tablet"].column,.ui.grid>.row>[class*="fourteen wide tablet"].column,.ui.grid>[class*="fourteen wide tablet"].column{width:87.5%!important}.ui.column.grid>[class*="fifteen wide tablet"].column,.ui.grid>.column.row>[class*="fifteen wide tablet"].column,.ui.grid>.row>[class*="fifteen wide tablet"].column,.ui.grid>[class*="fifteen wide tablet"].column{width:93.75%!important}.ui.column.grid>[class*="sixteen wide tablet"].column,.ui.grid>.column.row>[class*="sixteen wide tablet"].column,.ui.grid>.row>[class*="sixteen wide tablet"].column,.ui.grid>[class*="sixteen wide tablet"].column{width:100%!important}}@media only screen and (min-width:992px){.ui.column.grid>[class*="one wide computer"].column,.ui.grid>.column.row>[class*="one wide computer"].column,.ui.grid>.row>[class*="one wide computer"].column,.ui.grid>[class*="one wide computer"].column{width:6.25%!important}.ui.column.grid>[class*="two wide computer"].column,.ui.grid>.column.row>[class*="two wide computer"].column,.ui.grid>.row>[class*="two wide computer"].column,.ui.grid>[class*="two wide computer"].column{width:12.5%!important}.ui.column.grid>[class*="three wide computer"].column,.ui.grid>.column.row>[class*="three wide computer"].column,.ui.grid>.row>[class*="three wide computer"].column,.ui.grid>[class*="three wide computer"].column{width:18.75%!important}.ui.column.grid>[class*="four wide computer"].column,.ui.grid>.column.row>[class*="four wide computer"].column,.ui.grid>.row>[class*="four wide computer"].column,.ui.grid>[class*="four wide computer"].column{width:25%!important}.ui.column.grid>[class*="five wide computer"].column,.ui.grid>.column.row>[class*="five wide computer"].column,.ui.grid>.row>[class*="five wide computer"].column,.ui.grid>[class*="five wide computer"].column{width:31.25%!important}.ui.column.grid>[class*="six wide computer"].column,.ui.grid>.column.row>[class*="six wide computer"].column,.ui.grid>.row>[class*="six wide computer"].column,.ui.grid>[class*="six wide computer"].column{width:37.5%!important}.ui.column.grid>[class*="seven wide computer"].column,.ui.grid>.column.row>[class*="seven wide computer"].column,.ui.grid>.row>[class*="seven wide computer"].column,.ui.grid>[class*="seven wide computer"].column{width:43.75%!important}.ui.column.grid>[class*="eight wide computer"].column,.ui.grid>.column.row>[class*="eight wide computer"].column,.ui.grid>.row>[class*="eight wide computer"].column,.ui.grid>[class*="eight wide computer"].column{width:50%!important}.ui.column.grid>[class*="nine wide computer"].column,.ui.grid>.column.row>[class*="nine wide computer"].column,.ui.grid>.row>[class*="nine wide computer"].column,.ui.grid>[class*="nine wide computer"].column{width:56.25%!important}.ui.column.grid>[class*="ten wide computer"].column,.ui.grid>.column.row>[class*="ten wide computer"].column,.ui.grid>.row>[class*="ten wide computer"].column,.ui.grid>[class*="ten wide computer"].column{width:62.5%!important}.ui.column.grid>[class*="eleven wide computer"].column,.ui.grid>.column.row>[class*="eleven wide computer"].column,.ui.grid>.row>[class*="eleven wide computer"].column,.ui.grid>[class*="eleven wide computer"].column{width:68.75%!important}.ui.column.grid>[class*="twelve wide computer"].column,.ui.grid>.column.row>[class*="twelve wide computer"].column,.ui.grid>.row>[class*="twelve wide computer"].column,.ui.grid>[class*="twelve wide computer"].column{width:75%!important}.ui.column.grid>[class*="thirteen wide computer"].column,.ui.grid>.column.row>[class*="thirteen wide computer"].column,.ui.grid>.row>[class*="thirteen wide computer"].column,.ui.grid>[class*="thirteen wide computer"].column{width:81.25%!important}.ui.column.grid>[class*="fourteen wide computer"].column,.ui.grid>.column.row>[class*="fourteen wide computer"].column,.ui.grid>.row>[class*="fourteen wide computer"].column,.ui.grid>[class*="fourteen wide computer"].column{width:87.5%!important}.ui.column.grid>[class*="fifteen wide computer"].column,.ui.grid>.column.row>[class*="fifteen wide computer"].column,.ui.grid>.row>[class*="fifteen wide computer"].column,.ui.grid>[class*="fifteen wide computer"].column{width:93.75%!important}.ui.column.grid>[class*="sixteen wide computer"].column,.ui.grid>.column.row>[class*="sixteen wide computer"].column,.ui.grid>.row>[class*="sixteen wide computer"].column,.ui.grid>[class*="sixteen wide computer"].column{width:100%!important}}@media only screen and (min-width:1200px) and (max-width:1919px){.ui.column.grid>[class*="one wide large screen"].column,.ui.grid>.column.row>[class*="one wide large screen"].column,.ui.grid>.row>[class*="one wide large screen"].column,.ui.grid>[class*="one wide large screen"].column{width:6.25%!important}.ui.column.grid>[class*="two wide large screen"].column,.ui.grid>.column.row>[class*="two wide large screen"].column,.ui.grid>.row>[class*="two wide large screen"].column,.ui.grid>[class*="two wide large screen"].column{width:12.5%!important}.ui.column.grid>[class*="three wide large screen"].column,.ui.grid>.column.row>[class*="three wide large screen"].column,.ui.grid>.row>[class*="three wide large screen"].column,.ui.grid>[class*="three wide large screen"].column{width:18.75%!important}.ui.column.grid>[class*="four wide large screen"].column,.ui.grid>.column.row>[class*="four wide large screen"].column,.ui.grid>.row>[class*="four wide large screen"].column,.ui.grid>[class*="four wide large screen"].column{width:25%!important}.ui.column.grid>[class*="five wide large screen"].column,.ui.grid>.column.row>[class*="five wide large screen"].column,.ui.grid>.row>[class*="five wide large screen"].column,.ui.grid>[class*="five wide large screen"].column{width:31.25%!important}.ui.column.grid>[class*="six wide large screen"].column,.ui.grid>.column.row>[class*="six wide large screen"].column,.ui.grid>.row>[class*="six wide large screen"].column,.ui.grid>[class*="six wide large screen"].column{width:37.5%!important}.ui.column.grid>[class*="seven wide large screen"].column,.ui.grid>.column.row>[class*="seven wide large screen"].column,.ui.grid>.row>[class*="seven wide large screen"].column,.ui.grid>[class*="seven wide large screen"].column{width:43.75%!important}.ui.column.grid>[class*="eight wide large screen"].column,.ui.grid>.column.row>[class*="eight wide large screen"].column,.ui.grid>.row>[class*="eight wide large screen"].column,.ui.grid>[class*="eight wide large screen"].column{width:50%!important}.ui.column.grid>[class*="nine wide large screen"].column,.ui.grid>.column.row>[class*="nine wide large screen"].column,.ui.grid>.row>[class*="nine wide large screen"].column,.ui.grid>[class*="nine wide large screen"].column{width:56.25%!important}.ui.column.grid>[class*="ten wide large screen"].column,.ui.grid>.column.row>[class*="ten wide large screen"].column,.ui.grid>.row>[class*="ten wide large screen"].column,.ui.grid>[class*="ten wide large screen"].column{width:62.5%!important}.ui.column.grid>[class*="eleven wide large screen"].column,.ui.grid>.column.row>[class*="eleven wide large screen"].column,.ui.grid>.row>[class*="eleven wide large screen"].column,.ui.grid>[class*="eleven wide large screen"].column{width:68.75%!important}.ui.column.grid>[class*="twelve wide large screen"].column,.ui.grid>.column.row>[class*="twelve wide large screen"].column,.ui.grid>.row>[class*="twelve wide large screen"].column,.ui.grid>[class*="twelve wide large screen"].column{width:75%!important}.ui.column.grid>[class*="thirteen wide large screen"].column,.ui.grid>.column.row>[class*="thirteen wide large screen"].column,.ui.grid>.row>[class*="thirteen wide large screen"].column,.ui.grid>[class*="thirteen wide large screen"].column{width:81.25%!important}.ui.column.grid>[class*="fourteen wide large screen"].column,.ui.grid>.column.row>[class*="fourteen wide large screen"].column,.ui.grid>.row>[class*="fourteen wide large screen"].column,.ui.grid>[class*="fourteen wide large screen"].column{width:87.5%!important}.ui.column.grid>[class*="fifteen wide large screen"].column,.ui.grid>.column.row>[class*="fifteen wide large screen"].column,.ui.grid>.row>[class*="fifteen wide large screen"].column,.ui.grid>[class*="fifteen wide large screen"].column{width:93.75%!important}.ui.column.grid>[class*="sixteen wide large screen"].column,.ui.grid>.column.row>[class*="sixteen wide large screen"].column,.ui.grid>.row>[class*="sixteen wide large screen"].column,.ui.grid>[class*="sixteen wide large screen"].column{width:100%!important}}@media only screen and (min-width:1920px){.ui.column.grid>[class*="one wide widescreen"].column,.ui.grid>.column.row>[class*="one wide widescreen"].column,.ui.grid>.row>[class*="one wide widescreen"].column,.ui.grid>[class*="one wide widescreen"].column{width:6.25%!important}.ui.column.grid>[class*="two wide widescreen"].column,.ui.grid>.column.row>[class*="two wide widescreen"].column,.ui.grid>.row>[class*="two wide widescreen"].column,.ui.grid>[class*="two wide widescreen"].column{width:12.5%!important}.ui.column.grid>[class*="three wide widescreen"].column,.ui.grid>.column.row>[class*="three wide widescreen"].column,.ui.grid>.row>[class*="three wide widescreen"].column,.ui.grid>[class*="three wide widescreen"].column{width:18.75%!important}.ui.column.grid>[class*="four wide widescreen"].column,.ui.grid>.column.row>[class*="four wide widescreen"].column,.ui.grid>.row>[class*="four wide widescreen"].column,.ui.grid>[class*="four wide widescreen"].column{width:25%!important}.ui.column.grid>[class*="five wide widescreen"].column,.ui.grid>.column.row>[class*="five wide widescreen"].column,.ui.grid>.row>[class*="five wide widescreen"].column,.ui.grid>[class*="five wide widescreen"].column{width:31.25%!important}.ui.column.grid>[class*="six wide widescreen"].column,.ui.grid>.column.row>[class*="six wide widescreen"].column,.ui.grid>.row>[class*="six wide widescreen"].column,.ui.grid>[class*="six wide widescreen"].column{width:37.5%!important}.ui.column.grid>[class*="seven wide widescreen"].column,.ui.grid>.column.row>[class*="seven wide widescreen"].column,.ui.grid>.row>[class*="seven wide widescreen"].column,.ui.grid>[class*="seven wide widescreen"].column{width:43.75%!important}.ui.column.grid>[class*="eight wide widescreen"].column,.ui.grid>.column.row>[class*="eight wide widescreen"].column,.ui.grid>.row>[class*="eight wide widescreen"].column,.ui.grid>[class*="eight wide widescreen"].column{width:50%!important}.ui.column.grid>[class*="nine wide widescreen"].column,.ui.grid>.column.row>[class*="nine wide widescreen"].column,.ui.grid>.row>[class*="nine wide widescreen"].column,.ui.grid>[class*="nine wide widescreen"].column{width:56.25%!important}.ui.column.grid>[class*="ten wide widescreen"].column,.ui.grid>.column.row>[class*="ten wide widescreen"].column,.ui.grid>.row>[class*="ten wide widescreen"].column,.ui.grid>[class*="ten wide widescreen"].column{width:62.5%!important}.ui.column.grid>[class*="eleven wide widescreen"].column,.ui.grid>.column.row>[class*="eleven wide widescreen"].column,.ui.grid>.row>[class*="eleven wide widescreen"].column,.ui.grid>[class*="eleven wide widescreen"].column{width:68.75%!important}.ui.column.grid>[class*="twelve wide widescreen"].column,.ui.grid>.column.row>[class*="twelve wide widescreen"].column,.ui.grid>.row>[class*="twelve wide widescreen"].column,.ui.grid>[class*="twelve wide widescreen"].column{width:75%!important}.ui.column.grid>[class*="thirteen wide widescreen"].column,.ui.grid>.column.row>[class*="thirteen wide widescreen"].column,.ui.grid>.row>[class*="thirteen wide widescreen"].column,.ui.grid>[class*="thirteen wide widescreen"].column{width:81.25%!important}.ui.column.grid>[class*="fourteen wide widescreen"].column,.ui.grid>.column.row>[class*="fourteen wide widescreen"].column,.ui.grid>.row>[class*="fourteen wide widescreen"].column,.ui.grid>[class*="fourteen wide widescreen"].column{width:87.5%!important}.ui.column.grid>[class*="fifteen wide widescreen"].column,.ui.grid>.column.row>[class*="fifteen wide widescreen"].column,.ui.grid>.row>[class*="fifteen wide widescreen"].column,.ui.grid>[class*="fifteen wide widescreen"].column{width:93.75%!important}.ui.column.grid>[class*="sixteen wide widescreen"].column,.ui.grid>.column.row>[class*="sixteen wide widescreen"].column,.ui.grid>.row>[class*="sixteen wide widescreen"].column,.ui.grid>[class*="sixteen wide widescreen"].column{width:100%!important}}.ui.centered.grid,.ui.centered.grid>.row,.ui.grid>.centered.row{text-align:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.ui.centered.grid>.column:not(.aligned):not(.justified):not(.row),.ui.centered.grid>.row>.column:not(.aligned):not(.justified),.ui.grid .centered.row>.column:not(.aligned):not(.justified){text-align:left}.ui.grid>.centered.column,.ui.grid>.row>.centered.column{display:block;margin-left:auto;margin-right:auto}.ui.grid>.relaxed.row>.column,.ui.relaxed.grid>.column:not(.row),.ui.relaxed.grid>.row>.column{padding-left:1.5rem;padding-right:1.5rem}.ui.grid>[class*="very relaxed"].row>.column,.ui[class*="very relaxed"].grid>.column:not(.row),.ui[class*="very relaxed"].grid>.row>.column{padding-left:2.5rem;padding-right:2.5rem}.ui.grid .relaxed.row+.ui.divider,.ui.relaxed.grid .row+.ui.divider{margin-left:1.5rem;margin-right:1.5rem}.ui.grid [class*="very relaxed"].row+.ui.divider,.ui[class*="very relaxed"].grid .row+.ui.divider{margin-left:2.5rem;margin-right:2.5rem}.ui.padded.grid:not(.vertically):not(.horizontally){margin:0!important}[class*="horizontally padded"].ui.grid{margin-left:0!important;margin-right:0!important}[class*="vertically padded"].ui.grid{margin-top:0!important;margin-bottom:0!important}.ui.grid [class*="left floated"].column{margin-right:auto}.ui.grid [class*="right floated"].column{margin-left:auto}.ui.divided.grid:not([class*="vertically divided"])>.column:not(.row),.ui.divided.grid:not([class*="vertically divided"])>.row>.column{-webkit-box-shadow:-1px 0 0 0 rgba(34,36,38,.15);box-shadow:-1px 0 0 0 rgba(34,36,38,.15)}.ui[class*="vertically divided"].grid>.column:not(.row),.ui[class*="vertically divided"].grid>.row>.column{margin-top:1rem;margin-bottom:1rem;padding-top:0;padding-bottom:0}.ui[class*="vertically divided"].grid>.row{margin-top:0;margin-bottom:0}.ui.divided.grid:not([class*="vertically divided"])>.column:first-child,.ui.divided.grid:not([class*="vertically divided"])>.row>.column:first-child{-webkit-box-shadow:none;box-shadow:none}.ui[class*="vertically divided"].grid>.row:first-child>.column{margin-top:0}.ui.grid>.divided.row>.column{-webkit-box-shadow:-1px 0 0 0 rgba(34,36,38,.15);box-shadow:-1px 0 0 0 rgba(34,36,38,.15)}.ui.grid>.divided.row>.column:first-child{-webkit-box-shadow:none;box-shadow:none}.ui[class*="vertically divided"].grid>.row{position:relative}.ui[class*="vertically divided"].grid>.row:before{position:absolute;content:"";top:0;left:0;width:calc(100% - 2rem);height:1px;margin:0 1rem;-webkit-box-shadow:0 -1px 0 0 rgba(34,36,38,.15);box-shadow:0 -1px 0 0 rgba(34,36,38,.15)}.ui.padded.divided.grid:not(.vertically):not(.horizontally),[class*="horizontally padded"].ui.divided.grid{width:100%}.ui[class*="vertically divided"].grid>.row:first-child:before{-webkit-box-shadow:none;box-shadow:none}.ui.inverted.divided.grid:not([class*="vertically divided"])>.column:not(.row),.ui.inverted.divided.grid:not([class*="vertically divided"])>.row>.column{-webkit-box-shadow:-1px 0 0 0 rgba(255,255,255,.1);box-shadow:-1px 0 0 0 rgba(255,255,255,.1)}.ui.inverted.divided.grid:not([class*="vertically divided"])>.column:not(.row):first-child,.ui.inverted.divided.grid:not([class*="vertically divided"])>.row>.column:first-child{-webkit-box-shadow:none;box-shadow:none}.ui.inverted[class*="vertically divided"].grid>.row:before{-webkit-box-shadow:0 -1px 0 0 rgba(255,255,255,.1);box-shadow:0 -1px 0 0 rgba(255,255,255,.1)}.ui.relaxed[class*="vertically divided"].grid>.row:before{margin-left:1.5rem;margin-right:1.5rem;width:calc(100% - 3rem)}.ui[class*="very relaxed"][class*="vertically divided"].grid>.row:before{margin-left:5rem;margin-right:5rem;width:calc(100% - 5rem)}.ui.celled.grid{width:100%;margin:1em 0;-webkit-box-shadow:0 0 0 1px #d4d4d5;box-shadow:0 0 0 1px #d4d4d5}.ui.celled.grid>.row{width:100%!important;margin:0;padding:0;-webkit-box-shadow:0 -1px 0 0 #d4d4d5;box-shadow:0 -1px 0 0 #d4d4d5}.ui.celled.grid>.column:not(.row),.ui.celled.grid>.row>.column{-webkit-box-shadow:-1px 0 0 0 #d4d4d5;box-shadow:-1px 0 0 0 #d4d4d5}.ui.celled.grid>.column:first-child,.ui.celled.grid>.row>.column:first-child{-webkit-box-shadow:none;box-shadow:none}.ui.celled.grid>.column:not(.row),.ui.celled.grid>.row>.column{padding:1em}.ui.relaxed.celled.grid>.column:not(.row),.ui.relaxed.celled.grid>.row>.column{padding:1.5em}.ui[class*="very relaxed"].celled.grid>.column:not(.row),.ui[class*="very relaxed"].celled.grid>.row>.column{padding:2em}.ui[class*="internally celled"].grid{-webkit-box-shadow:none;box-shadow:none;margin:0}.ui[class*="internally celled"].grid>.row:first-child{-webkit-box-shadow:none;box-shadow:none}.ui[class*="internally celled"].grid>.row>.column:first-child{-webkit-box-shadow:none;box-shadow:none}.ui.grid>.row>[class*="top aligned"].column,.ui.grid>[class*="top aligned"].column:not(.row),.ui.grid>[class*="top aligned"].row>.column,.ui[class*="top aligned"].grid>.column:not(.row),.ui[class*="top aligned"].grid>.row>.column{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;vertical-align:top;-ms-flex-item-align:start!important;align-self:flex-start!important}.ui.grid>.row>[class*="middle aligned"].column,.ui.grid>[class*="middle aligned"].column:not(.row),.ui.grid>[class*="middle aligned"].row>.column,.ui[class*="middle aligned"].grid>.column:not(.row),.ui[class*="middle aligned"].grid>.row>.column{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;vertical-align:middle;-ms-flex-item-align:center!important;align-self:center!important}.ui.grid>.row>[class*="bottom aligned"].column,.ui.grid>[class*="bottom aligned"].column:not(.row),.ui.grid>[class*="bottom aligned"].row>.column,.ui[class*="bottom aligned"].grid>.column:not(.row),.ui[class*="bottom aligned"].grid>.row>.column{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;vertical-align:bottom;-ms-flex-item-align:end!important;align-self:flex-end!important}.ui.grid>.row>.stretched.column,.ui.grid>.stretched.column:not(.row),.ui.grid>.stretched.row>.column,.ui.stretched.grid>.column,.ui.stretched.grid>.row>.column{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important;-ms-flex-item-align:stretch;align-self:stretch;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui.grid>.row>.stretched.column>*,.ui.grid>.stretched.column:not(.row)>*,.ui.grid>.stretched.row>.column>*,.ui.stretched.grid>.column>*,.ui.stretched.grid>.row>.column>*{-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1}.ui.grid>.row>[class*="left aligned"].column.column,.ui.grid>[class*="left aligned"].column.column,.ui.grid>[class*="left aligned"].row>.column,.ui[class*="left aligned"].grid>.column,.ui[class*="left aligned"].grid>.row>.column{text-align:left;-ms-flex-item-align:inherit;align-self:inherit}.ui.grid>.row>[class*="center aligned"].column.column,.ui.grid>[class*="center aligned"].column.column,.ui.grid>[class*="center aligned"].row>.column,.ui[class*="center aligned"].grid>.column,.ui[class*="center aligned"].grid>.row>.column{text-align:center;-ms-flex-item-align:inherit;align-self:inherit}.ui[class*="center aligned"].grid{-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.ui.grid>.row>[class*="right aligned"].column.column,.ui.grid>[class*="right aligned"].column.column,.ui.grid>[class*="right aligned"].row>.column,.ui[class*="right aligned"].grid>.column,.ui[class*="right aligned"].grid>.row>.column{text-align:right;-ms-flex-item-align:inherit;align-self:inherit}.ui.grid>.justified.column.column,.ui.grid>.justified.row>.column,.ui.grid>.row>.justified.column.column,.ui.justified.grid>.column,.ui.justified.grid>.row>.column{text-align:justify;-webkit-hyphens:auto;-ms-hyphens:auto;hyphens:auto}.ui.grid>.row>.black.column,.ui.grid>.row>.blue.column,.ui.grid>.row>.brown.column,.ui.grid>.row>.green.column,.ui.grid>.row>.grey.column,.ui.grid>.row>.olive.column,.ui.grid>.row>.orange.column,.ui.grid>.row>.pink.column,.ui.grid>.row>.purple.column,.ui.grid>.row>.red.column,.ui.grid>.row>.teal.column,.ui.grid>.row>.violet.column,.ui.grid>.row>.yellow.column{margin-top:-1rem;margin-bottom:-1rem;padding-top:1rem;padding-bottom:1rem}.ui.grid>.red.column,.ui.grid>.red.row,.ui.grid>.row>.red.column{background-color:#db2828!important;color:#fff}.ui.grid>.orange.column,.ui.grid>.orange.row,.ui.grid>.row>.orange.column{background-color:#f2711c!important;color:#fff}.ui.grid>.row>.yellow.column,.ui.grid>.yellow.column,.ui.grid>.yellow.row{background-color:#fbbd08!important;color:#fff}.ui.grid>.olive.column,.ui.grid>.olive.row,.ui.grid>.row>.olive.column{background-color:#b5cc18!important;color:#fff}.ui.grid>.green.column,.ui.grid>.green.row,.ui.grid>.row>.green.column{background-color:#21ba45!important;color:#fff}.ui.grid>.row>.teal.column,.ui.grid>.teal.column,.ui.grid>.teal.row{background-color:#00b5ad!important;color:#fff}.ui.grid>.blue.column,.ui.grid>.blue.row,.ui.grid>.row>.blue.column{background-color:#2185d0!important;color:#fff}.ui.grid>.row>.violet.column,.ui.grid>.violet.column,.ui.grid>.violet.row{background-color:#6435c9!important;color:#fff}.ui.grid>.purple.column,.ui.grid>.purple.row,.ui.grid>.row>.purple.column{background-color:#a333c8!important;color:#fff}.ui.grid>.pink.column,.ui.grid>.pink.row,.ui.grid>.row>.pink.column{background-color:#e03997!important;color:#fff}.ui.grid>.brown.column,.ui.grid>.brown.row,.ui.grid>.row>.brown.column{background-color:#a5673f!important;color:#fff}.ui.grid>.grey.column,.ui.grid>.grey.row,.ui.grid>.row>.grey.column{background-color:#767676!important;color:#fff}.ui.grid>.black.column,.ui.grid>.black.row,.ui.grid>.row>.black.column{background-color:#1b1c1d!important;color:#fff}.ui.grid>[class*="equal width"].row>.column,.ui[class*="equal width"].grid>.column:not(.row),.ui[class*="equal width"].grid>.row>.column{display:inline-block;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1}.ui.grid>[class*="equal width"].row>.wide.column,.ui[class*="equal width"].grid>.row>.wide.column,.ui[class*="equal width"].grid>.wide.column{-webkit-box-flex:0;-ms-flex-positive:0;flex-grow:0}@media only screen and (max-width:767px){.ui.grid>[class*="mobile reversed"].row,.ui[class*="mobile reversed"].grid,.ui[class*="mobile reversed"].grid>.row{-webkit-box-orient:horizontal;-webkit-box-direction:reverse;-ms-flex-direction:row-reverse;flex-direction:row-reverse}.ui.stackable[class*="mobile reversed"],.ui[class*="mobile vertically reversed"].grid{-webkit-box-orient:vertical;-webkit-box-direction:reverse;-ms-flex-direction:column-reverse;flex-direction:column-reverse}.ui[class*="mobile reversed"].divided.grid:not([class*="vertically divided"])>.column:first-child,.ui[class*="mobile reversed"].divided.grid:not([class*="vertically divided"])>.row>.column:first-child{-webkit-box-shadow:-1px 0 0 0 rgba(34,36,38,.15);box-shadow:-1px 0 0 0 rgba(34,36,38,.15)}.ui[class*="mobile reversed"].divided.grid:not([class*="vertically divided"])>.column:last-child,.ui[class*="mobile reversed"].divided.grid:not([class*="vertically divided"])>.row>.column:last-child{-webkit-box-shadow:none;box-shadow:none}.ui.grid[class*="vertically divided"][class*="mobile vertically reversed"]>.row:first-child:before{-webkit-box-shadow:0 -1px 0 0 rgba(34,36,38,.15);box-shadow:0 -1px 0 0 rgba(34,36,38,.15)}.ui.grid[class*="vertically divided"][class*="mobile vertically reversed"]>.row:last-child:before{-webkit-box-shadow:none;box-shadow:none}.ui[class*="mobile reversed"].celled.grid>.row>.column:first-child{-webkit-box-shadow:-1px 0 0 0 #d4d4d5;box-shadow:-1px 0 0 0 #d4d4d5}.ui[class*="mobile reversed"].celled.grid>.row>.column:last-child{-webkit-box-shadow:none;box-shadow:none}}@media only screen and (min-width:768px) and (max-width:991px){.ui.grid>[class*="tablet reversed"].row,.ui[class*="tablet reversed"].grid,.ui[class*="tablet reversed"].grid>.row{-webkit-box-orient:horizontal;-webkit-box-direction:reverse;-ms-flex-direction:row-reverse;flex-direction:row-reverse}.ui[class*="tablet vertically reversed"].grid{-webkit-box-orient:vertical;-webkit-box-direction:reverse;-ms-flex-direction:column-reverse;flex-direction:column-reverse}.ui[class*="tablet reversed"].divided.grid:not([class*="vertically divided"])>.column:first-child,.ui[class*="tablet reversed"].divided.grid:not([class*="vertically divided"])>.row>.column:first-child{-webkit-box-shadow:-1px 0 0 0 rgba(34,36,38,.15);box-shadow:-1px 0 0 0 rgba(34,36,38,.15)}.ui[class*="tablet reversed"].divided.grid:not([class*="vertically divided"])>.column:last-child,.ui[class*="tablet reversed"].divided.grid:not([class*="vertically divided"])>.row>.column:last-child{-webkit-box-shadow:none;box-shadow:none}.ui.grid[class*="vertically divided"][class*="tablet vertically reversed"]>.row:first-child:before{-webkit-box-shadow:0 -1px 0 0 rgba(34,36,38,.15);box-shadow:0 -1px 0 0 rgba(34,36,38,.15)}.ui.grid[class*="vertically divided"][class*="tablet vertically reversed"]>.row:last-child:before{-webkit-box-shadow:none;box-shadow:none}.ui[class*="tablet reversed"].celled.grid>.row>.column:first-child{-webkit-box-shadow:-1px 0 0 0 #d4d4d5;box-shadow:-1px 0 0 0 #d4d4d5}.ui[class*="tablet reversed"].celled.grid>.row>.column:last-child{-webkit-box-shadow:none;box-shadow:none}}@media only screen and (min-width:992px){.ui.grid>[class*="computer reversed"].row,.ui[class*="computer reversed"].grid,.ui[class*="computer reversed"].grid>.row{-webkit-box-orient:horizontal;-webkit-box-direction:reverse;-ms-flex-direction:row-reverse;flex-direction:row-reverse}.ui[class*="computer vertically reversed"].grid{-webkit-box-orient:vertical;-webkit-box-direction:reverse;-ms-flex-direction:column-reverse;flex-direction:column-reverse}.ui[class*="computer reversed"].divided.grid:not([class*="vertically divided"])>.column:first-child,.ui[class*="computer reversed"].divided.grid:not([class*="vertically divided"])>.row>.column:first-child{-webkit-box-shadow:-1px 0 0 0 rgba(34,36,38,.15);box-shadow:-1px 0 0 0 rgba(34,36,38,.15)}.ui[class*="computer reversed"].divided.grid:not([class*="vertically divided"])>.column:last-child,.ui[class*="computer reversed"].divided.grid:not([class*="vertically divided"])>.row>.column:last-child{-webkit-box-shadow:none;box-shadow:none}.ui.grid[class*="vertically divided"][class*="computer vertically reversed"]>.row:first-child:before{-webkit-box-shadow:0 -1px 0 0 rgba(34,36,38,.15);box-shadow:0 -1px 0 0 rgba(34,36,38,.15)}.ui.grid[class*="vertically divided"][class*="computer vertically reversed"]>.row:last-child:before{-webkit-box-shadow:none;box-shadow:none}.ui[class*="computer reversed"].celled.grid>.row>.column:first-child{-webkit-box-shadow:-1px 0 0 0 #d4d4d5;box-shadow:-1px 0 0 0 #d4d4d5}.ui[class*="computer reversed"].celled.grid>.row>.column:last-child{-webkit-box-shadow:none;box-shadow:none}}@media only screen and (min-width:768px) and (max-width:991px){.ui.doubling.grid{width:auto}.ui.doubling.grid>.row,.ui.grid>.doubling.row{margin:0!important;padding:0!important}.ui.doubling.grid>.row>.column,.ui.grid>.doubling.row>.column{display:inline-block!important;padding-top:1rem!important;padding-bottom:1rem!important;-webkit-box-shadow:none!important;box-shadow:none!important;margin:0}.ui.grid>[class*="two column"].doubling.row.row>.column,.ui[class*="two column"].doubling.grid>.column:not(.row),.ui[class*="two column"].doubling.grid>.row>.column{width:100%!important}.ui.grid>[class*="three column"].doubling.row.row>.column,.ui[class*="three column"].doubling.grid>.column:not(.row),.ui[class*="three column"].doubling.grid>.row>.column{width:50%!important}.ui.grid>[class*="four column"].doubling.row.row>.column,.ui[class*="four column"].doubling.grid>.column:not(.row),.ui[class*="four column"].doubling.grid>.row>.column{width:50%!important}.ui.grid>[class*="five column"].doubling.row.row>.column,.ui[class*="five column"].doubling.grid>.column:not(.row),.ui[class*="five column"].doubling.grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="six column"].doubling.row.row>.column,.ui[class*="six column"].doubling.grid>.column:not(.row),.ui[class*="six column"].doubling.grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="seven column"].doubling.row.row>.column,.ui[class*="seven column"].doubling.grid>.column:not(.row),.ui[class*="seven column"].doubling.grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="eight column"].doubling.row.row>.column,.ui[class*="eight column"].doubling.grid>.column:not(.row),.ui[class*="eight column"].doubling.grid>.row>.column{width:25%!important}.ui.grid>[class*="nine column"].doubling.row.row>.column,.ui[class*="nine column"].doubling.grid>.column:not(.row),.ui[class*="nine column"].doubling.grid>.row>.column{width:25%!important}.ui.grid>[class*="ten column"].doubling.row.row>.column,.ui[class*="ten column"].doubling.grid>.column:not(.row),.ui[class*="ten column"].doubling.grid>.row>.column{width:20%!important}.ui.grid>[class*="eleven column"].doubling.row.row>.column,.ui[class*="eleven column"].doubling.grid>.column:not(.row),.ui[class*="eleven column"].doubling.grid>.row>.column{width:20%!important}.ui.grid>[class*="twelve column"].doubling.row.row>.column,.ui[class*="twelve column"].doubling.grid>.column:not(.row),.ui[class*="twelve column"].doubling.grid>.row>.column{width:16.66666667%!important}.ui.grid>[class*="thirteen column"].doubling.row.row>.column,.ui[class*="thirteen column"].doubling.grid>.column:not(.row),.ui[class*="thirteen column"].doubling.grid>.row>.column{width:16.66666667%!important}.ui.grid>[class*="fourteen column"].doubling.row.row>.column,.ui[class*="fourteen column"].doubling.grid>.column:not(.row),.ui[class*="fourteen column"].doubling.grid>.row>.column{width:14.28571429%!important}.ui.grid>[class*="fifteen column"].doubling.row.row>.column,.ui[class*="fifteen column"].doubling.grid>.column:not(.row),.ui[class*="fifteen column"].doubling.grid>.row>.column{width:14.28571429%!important}.ui.grid>[class*="sixteen column"].doubling.row.row>.column,.ui[class*="sixteen column"].doubling.grid>.column:not(.row),.ui[class*="sixteen column"].doubling.grid>.row>.column{width:12.5%!important}}@media only screen and (max-width:767px){.ui.doubling.grid>.row,.ui.grid>.doubling.row{margin:0!important;padding:0!important}.ui.doubling.grid>.row>.column,.ui.grid>.doubling.row>.column{padding-top:1rem!important;padding-bottom:1rem!important;margin:0!important;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.grid>[class*="two column"].doubling:not(.stackable).row.row>.column,.ui[class*="two column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="two column"].doubling:not(.stackable).grid>.row>.column{width:100%!important}.ui.grid>[class*="three column"].doubling:not(.stackable).row.row>.column,.ui[class*="three column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="three column"].doubling:not(.stackable).grid>.row>.column{width:50%!important}.ui.grid>[class*="four column"].doubling:not(.stackable).row.row>.column,.ui[class*="four column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="four column"].doubling:not(.stackable).grid>.row>.column{width:50%!important}.ui.grid>[class*="five column"].doubling:not(.stackable).row.row>.column,.ui[class*="five column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="five column"].doubling:not(.stackable).grid>.row>.column{width:50%!important}.ui.grid>[class*="six column"].doubling:not(.stackable).row.row>.column,.ui[class*="six column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="six column"].doubling:not(.stackable).grid>.row>.column{width:50%!important}.ui.grid>[class*="seven column"].doubling:not(.stackable).row.row>.column,.ui[class*="seven column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="seven column"].doubling:not(.stackable).grid>.row>.column{width:50%!important}.ui.grid>[class*="eight column"].doubling:not(.stackable).row.row>.column,.ui[class*="eight column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="eight column"].doubling:not(.stackable).grid>.row>.column{width:50%!important}.ui.grid>[class*="nine column"].doubling:not(.stackable).row.row>.column,.ui[class*="nine column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="nine column"].doubling:not(.stackable).grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="ten column"].doubling:not(.stackable).row.row>.column,.ui[class*="ten column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="ten column"].doubling:not(.stackable).grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="eleven column"].doubling:not(.stackable).row.row>.column,.ui[class*="eleven column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="eleven column"].doubling:not(.stackable).grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="twelve column"].doubling:not(.stackable).row.row>.column,.ui[class*="twelve column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="twelve column"].doubling:not(.stackable).grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="thirteen column"].doubling:not(.stackable).row.row>.column,.ui[class*="thirteen column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="thirteen column"].doubling:not(.stackable).grid>.row>.column{width:33.33333333%!important}.ui.grid>[class*="fourteen column"].doubling:not(.stackable).row.row>.column,.ui[class*="fourteen column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="fourteen column"].doubling:not(.stackable).grid>.row>.column{width:25%!important}.ui.grid>[class*="fifteen column"].doubling:not(.stackable).row.row>.column,.ui[class*="fifteen column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="fifteen column"].doubling:not(.stackable).grid>.row>.column{width:25%!important}.ui.grid>[class*="sixteen column"].doubling:not(.stackable).row.row>.column,.ui[class*="sixteen column"].doubling:not(.stackable).grid>.column:not(.row),.ui[class*="sixteen column"].doubling:not(.stackable).grid>.row>.column{width:25%!important}}@media only screen and (max-width:767px){.ui.stackable.grid{width:auto;margin-left:0!important;margin-right:0!important}.ui.grid>.stackable.stackable.row>.column,.ui.stackable.grid>.column.grid>.column,.ui.stackable.grid>.column.row>.column,.ui.stackable.grid>.column:not(.row),.ui.stackable.grid>.row>.column,.ui.stackable.grid>.row>.wide.column,.ui.stackable.grid>.wide.column{width:100%!important;margin:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important;padding:1rem 1rem!important}.ui.stackable.grid:not(.vertically)>.row{margin:0;padding:0}.ui.container>.ui.stackable.grid>.column,.ui.container>.ui.stackable.grid>.row>.column{padding-left:0!important;padding-right:0!important}.ui.grid .ui.stackable.grid,.ui.segment:not(.vertical) .ui.stackable.page.grid{margin-left:-1rem!important;margin-right:-1rem!important}.ui.stackable.celled.grid>.column:not(.row):first-child,.ui.stackable.celled.grid>.row:first-child>.column:first-child,.ui.stackable.divided.grid>.column:not(.row):first-child,.ui.stackable.divided.grid>.row:first-child>.column:first-child{border-top:none!important}.ui.inverted.stackable.celled.grid>.column:not(.row),.ui.inverted.stackable.celled.grid>.row>.column,.ui.inverted.stackable.divided.grid>.column:not(.row),.ui.inverted.stackable.divided.grid>.row>.column{border-top:1px solid rgba(255,255,255,.1)}.ui.stackable.celled.grid>.column:not(.row),.ui.stackable.celled.grid>.row>.column,.ui.stackable.divided:not(.vertically).grid>.column:not(.row),.ui.stackable.divided:not(.vertically).grid>.row>.column{border-top:1px solid rgba(34,36,38,.15);-webkit-box-shadow:none!important;box-shadow:none!important;padding-top:2rem!important;padding-bottom:2rem!important}.ui.stackable.celled.grid>.row{-webkit-box-shadow:none!important;box-shadow:none!important}.ui.stackable.divided:not(.vertically).grid>.column:not(.row),.ui.stackable.divided:not(.vertically).grid>.row>.column{padding-left:0!important;padding-right:0!important}}@media only screen and (max-width:767px){.ui.grid.grid.grid>.row>[class*="tablet only"].column:not(.mobile),.ui.grid.grid.grid>[class*="tablet only"].column:not(.mobile),.ui.grid.grid.grid>[class*="tablet only"].row:not(.mobile),.ui[class*="tablet only"].grid.grid.grid:not(.mobile){display:none!important}.ui.grid.grid.grid>.row>[class*="computer only"].column:not(.mobile),.ui.grid.grid.grid>[class*="computer only"].column:not(.mobile),.ui.grid.grid.grid>[class*="computer only"].row:not(.mobile),.ui[class*="computer only"].grid.grid.grid:not(.mobile){display:none!important}.ui.grid.grid.grid>.row>[class*="large screen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="large screen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="large screen only"].row:not(.mobile),.ui[class*="large screen only"].grid.grid.grid:not(.mobile){display:none!important}.ui.grid.grid.grid>.row>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].row:not(.mobile),.ui[class*="widescreen only"].grid.grid.grid:not(.mobile){display:none!important}}@media only screen and (min-width:768px) and (max-width:991px){.ui.grid.grid.grid>.row>[class*="mobile only"].column:not(.tablet),.ui.grid.grid.grid>[class*="mobile only"].column:not(.tablet),.ui.grid.grid.grid>[class*="mobile only"].row:not(.tablet),.ui[class*="mobile only"].grid.grid.grid:not(.tablet){display:none!important}.ui.grid.grid.grid>.row>[class*="computer only"].column:not(.tablet),.ui.grid.grid.grid>[class*="computer only"].column:not(.tablet),.ui.grid.grid.grid>[class*="computer only"].row:not(.tablet),.ui[class*="computer only"].grid.grid.grid:not(.tablet){display:none!important}.ui.grid.grid.grid>.row>[class*="large screen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="large screen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="large screen only"].row:not(.mobile),.ui[class*="large screen only"].grid.grid.grid:not(.mobile){display:none!important}.ui.grid.grid.grid>.row>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].row:not(.mobile),.ui[class*="widescreen only"].grid.grid.grid:not(.mobile){display:none!important}}@media only screen and (min-width:992px) and (max-width:1199px){.ui.grid.grid.grid>.row>[class*="mobile only"].column:not(.computer),.ui.grid.grid.grid>[class*="mobile only"].column:not(.computer),.ui.grid.grid.grid>[class*="mobile only"].row:not(.computer),.ui[class*="mobile only"].grid.grid.grid:not(.computer){display:none!important}.ui.grid.grid.grid>.row>[class*="tablet only"].column:not(.computer),.ui.grid.grid.grid>[class*="tablet only"].column:not(.computer),.ui.grid.grid.grid>[class*="tablet only"].row:not(.computer),.ui[class*="tablet only"].grid.grid.grid:not(.computer){display:none!important}.ui.grid.grid.grid>.row>[class*="large screen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="large screen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="large screen only"].row:not(.mobile),.ui[class*="large screen only"].grid.grid.grid:not(.mobile){display:none!important}.ui.grid.grid.grid>.row>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].row:not(.mobile),.ui[class*="widescreen only"].grid.grid.grid:not(.mobile){display:none!important}}@media only screen and (min-width:1200px) and (max-width:1919px){.ui.grid.grid.grid>.row>[class*="mobile only"].column:not(.computer),.ui.grid.grid.grid>[class*="mobile only"].column:not(.computer),.ui.grid.grid.grid>[class*="mobile only"].row:not(.computer),.ui[class*="mobile only"].grid.grid.grid:not(.computer){display:none!important}.ui.grid.grid.grid>.row>[class*="tablet only"].column:not(.computer),.ui.grid.grid.grid>[class*="tablet only"].column:not(.computer),.ui.grid.grid.grid>[class*="tablet only"].row:not(.computer),.ui[class*="tablet only"].grid.grid.grid:not(.computer){display:none!important}.ui.grid.grid.grid>.row>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].column:not(.mobile),.ui.grid.grid.grid>[class*="widescreen only"].row:not(.mobile),.ui[class*="widescreen only"].grid.grid.grid:not(.mobile){display:none!important}}@media only screen and (min-width:1920px){.ui.grid.grid.grid>.row>[class*="mobile only"].column:not(.computer),.ui.grid.grid.grid>[class*="mobile only"].column:not(.computer),.ui.grid.grid.grid>[class*="mobile only"].row:not(.computer),.ui[class*="mobile only"].grid.grid.grid:not(.computer){display:none!important}.ui.grid.grid.grid>.row>[class*="tablet only"].column:not(.computer),.ui.grid.grid.grid>[class*="tablet only"].column:not(.computer),.ui.grid.grid.grid>[class*="tablet only"].row:not(.computer),.ui[class*="tablet only"].grid.grid.grid:not(.computer){display:none!important}}.ui.menu{display:-webkit-box;display:-ms-flexbox;display:flex;margin:1rem 0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;background:#fff;font-weight:400;border:1px solid rgba(34,36,38,.15);-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15);border-radius:.28571429rem;min-height:2.85714286em}.ui.menu:after{content:'';display:block;height:0;clear:both;visibility:hidden}.ui.menu:first-child{margin-top:0}.ui.menu:last-child{margin-bottom:0}.ui.menu .menu{margin:0}.ui.menu:not(.vertical)>.menu{display:-webkit-box;display:-ms-flexbox;display:flex}.ui.menu:not(.vertical) .item{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.ui.menu .item{position:relative;vertical-align:middle;line-height:1;text-decoration:none;-webkit-tap-highlight-color:transparent;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background:0 0;padding:.92857143em 1.14285714em;text-transform:none;color:rgba(0,0,0,.87);font-weight:400;-webkit-transition:background .1s ease,color .1s ease,-webkit-box-shadow .1s ease;transition:background .1s ease,color .1s ease,-webkit-box-shadow .1s ease;transition:background .1s ease,box-shadow .1s ease,color .1s ease;transition:background .1s ease,box-shadow .1s ease,color .1s ease,-webkit-box-shadow .1s ease}.ui.menu>.item:first-child{border-radius:.28571429rem 0 0 .28571429rem}.ui.menu .item:before{position:absolute;content:'';top:0;right:0;height:100%;width:1px;background:rgba(34,36,38,.1)}.ui.menu .item>a:not(.ui),.ui.menu .item>p:only-child,.ui.menu .text.item>*{-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text;line-height:1.3}.ui.menu .item>p:first-child{margin-top:0}.ui.menu .item>p:last-child{margin-bottom:0}.ui.menu .item>i.icon{opacity:.9;float:none;margin:0 .35714286em 0 0}.ui.menu:not(.vertical) .item>.button{position:relative;top:0;margin:-.5em 0;padding-bottom:.78571429em;padding-top:.78571429em;font-size:1em}.ui.menu>.container,.ui.menu>.grid{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:inherit;-ms-flex-align:inherit;align-items:inherit;-webkit-box-orient:inherit;-webkit-box-direction:inherit;-ms-flex-direction:inherit;flex-direction:inherit}.ui.menu .item>.input{width:100%}.ui.menu:not(.vertical) .item>.input{position:relative;top:0;margin:-.5em 0}.ui.menu .item>.input input{font-size:1em;padding-top:.57142857em;padding-bottom:.57142857em}.ui.menu .header.item,.ui.vertical.menu .header.item{margin:0;background:'';text-transform:normal;font-weight:700}.ui.vertical.menu .item>.header:not(.ui){margin:0 0 .5em;font-size:1em;font-weight:700}.ui.menu .item>i.dropdown.icon{padding:0;float:right;margin:0 0 0 1em}.ui.menu .dropdown.item .menu{min-width:calc(100% - 1px);border-radius:0 0 .28571429rem .28571429rem;background:#fff;margin:0 0 0;-webkit-box-shadow:0 1px 3px 0 rgba(0,0,0,.08);box-shadow:0 1px 3px 0 rgba(0,0,0,.08);-webkit-box-orient:vertical!important;-webkit-box-direction:normal!important;-ms-flex-direction:column!important;flex-direction:column!important}.ui.menu .ui.dropdown .menu>.item{margin:0;text-align:left;font-size:1em!important;padding:.78571429em 1.14285714em!important;background:0 0!important;color:rgba(0,0,0,.87)!important;text-transform:none!important;font-weight:400!important;-webkit-box-shadow:none!important;box-shadow:none!important;-webkit-transition:none!important;transition:none!important}.ui.menu .ui.dropdown .menu>.item:hover{background:rgba(0,0,0,.05)!important;color:rgba(0,0,0,.95)!important}.ui.menu .ui.dropdown .menu>.selected.item{background:rgba(0,0,0,.05)!important;color:rgba(0,0,0,.95)!important}.ui.menu .ui.dropdown .menu>.active.item{background:rgba(0,0,0,.03)!important;font-weight:700!important;color:rgba(0,0,0,.95)!important}.ui.menu .ui.dropdown.item .menu .item:not(.filtered){display:block}.ui.menu .ui.dropdown .menu>.item .icon:not(.dropdown){display:inline-block;font-size:1em!important;float:none;margin:0 .75em 0 0!important}.ui.secondary.menu .dropdown.item>.menu,.ui.text.menu .dropdown.item>.menu{border-radius:.28571429rem;margin-top:.35714286em}.ui.menu .pointing.dropdown.item .menu{margin-top:.75em}.ui.inverted.menu .search.dropdown.item>.search,.ui.inverted.menu .search.dropdown.item>.text{color:rgba(255,255,255,.9)}.ui.vertical.menu .dropdown.item>.icon{float:right;content:"\f0da";margin-left:1em}.ui.vertical.menu .dropdown.item .menu{left:100%;min-width:0;margin:0;-webkit-box-shadow:0 1px 3px 0 rgba(0,0,0,.08);box-shadow:0 1px 3px 0 rgba(0,0,0,.08);border-radius:0 .28571429rem .28571429rem .28571429rem}.ui.vertical.menu .dropdown.item.upward .menu{bottom:0}.ui.vertical.menu .dropdown.item:not(.upward) .menu{top:0}.ui.vertical.menu .active.dropdown.item{border-top-right-radius:0;border-bottom-right-radius:0}.ui.vertical.menu .dropdown.active.item{-webkit-box-shadow:none;box-shadow:none}.ui.item.menu .dropdown .menu .item{width:100%}.ui.menu .item>.label{background:#999;color:#fff;margin-left:1em;padding:.3em .78571429em}.ui.vertical.menu .item>.label{background:#999;color:#fff;margin-top:-.15em;margin-bottom:-.15em;padding:.3em .78571429em}.ui.menu .item>.floating.label{padding:.3em .78571429em}.ui.menu .item>img:not(.ui){display:inline-block;vertical-align:middle;margin:-.3em 0;width:2.5em}.ui.vertical.menu .item>img:not(.ui):only-child{display:block;max-width:100%;width:auto}.ui.menu .list .item:before{background:0 0!important}.ui.vertical.sidebar.menu>.item:first-child:before{display:block!important}.ui.vertical.sidebar.menu>.item::before{top:auto;bottom:0}@media only screen and (max-width:767px){.ui.menu>.ui.container{width:100%!important;margin-left:0!important;margin-right:0!important}}@media only screen and (min-width:768px){.ui.menu:not(.secondary):not(.text):not(.tabular):not(.borderless)>.container>.item:not(.right):not(.borderless):first-child{border-left:1px solid rgba(34,36,38,.1)}}.ui.link.menu .item:hover,.ui.menu .dropdown.item:hover,.ui.menu .link.item:hover,.ui.menu a.item:hover{cursor:pointer;background:rgba(0,0,0,.03);color:rgba(0,0,0,.95)}.ui.link.menu .item:active,.ui.menu .link.item:active,.ui.menu a.item:active{background:rgba(0,0,0,.03);color:rgba(0,0,0,.95)}.ui.menu .active.item{background:rgba(0,0,0,.05);color:rgba(0,0,0,.95);font-weight:400;-webkit-box-shadow:none;box-shadow:none}.ui.menu .active.item>i.icon{opacity:1}.ui.menu .active.item:hover,.ui.vertical.menu .active.item:hover{background-color:rgba(0,0,0,.05);color:rgba(0,0,0,.95)}.ui.menu .item.disabled,.ui.menu .item.disabled:hover{cursor:default!important;background-color:transparent!important;color:rgba(40,40,40,.3)!important}.ui.menu:not(.vertical) .left.item,.ui.menu:not(.vertical) :not(.dropdown)>.left.menu{display:-webkit-box;display:-ms-flexbox;display:flex;margin-right:auto!important}.ui.menu:not(.vertical) .right.item,.ui.menu:not(.vertical) .right.menu{display:-webkit-box;display:-ms-flexbox;display:flex;margin-left:auto!important}.ui.menu .right.item::before,.ui.menu .right.menu>.item::before{right:auto;left:0}.ui.vertical.menu{display:block;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;background:#fff;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15)}.ui.vertical.menu .item{display:block;background:0 0;border-top:none;border-right:none}.ui.vertical.menu>.item:first-child{border-radius:.28571429rem .28571429rem 0 0}.ui.vertical.menu>.item:last-child{border-radius:0 0 .28571429rem .28571429rem}.ui.vertical.menu .item>.label{float:right;text-align:center}.ui.vertical.menu .item>i.icon{width:1.18em;float:right;margin:0 0 0 .5em}.ui.vertical.menu .item>.label+i.icon{float:none;margin:0 .5em 0 0}.ui.vertical.menu .item:before{position:absolute;content:'';top:0;left:0;width:100%;height:1px;background:rgba(34,36,38,.1)}.ui.vertical.menu .item:first-child:before{display:none!important}.ui.vertical.menu .item>.menu{margin:.5em -1.14285714em 0}.ui.vertical.menu .menu .item{background:0 0;padding:.5em 1.33333333em;font-size:.85714286em;color:rgba(0,0,0,.5)}.ui.vertical.menu .item .menu .link.item:hover,.ui.vertical.menu .item .menu a.item:hover{color:rgba(0,0,0,.85)}.ui.vertical.menu .menu .item:before{display:none}.ui.vertical.menu .active.item{background:rgba(0,0,0,.05);border-radius:0;-webkit-box-shadow:none;box-shadow:none}.ui.vertical.menu>.active.item:first-child{border-radius:.28571429rem .28571429rem 0 0}.ui.vertical.menu>.active.item:last-child{border-radius:0 0 .28571429rem .28571429rem}.ui.vertical.menu>.active.item:only-child{border-radius:.28571429rem}.ui.vertical.menu .active.item .menu .active.item{border-left:none}.ui.vertical.menu .item .menu .active.item{background-color:transparent;font-weight:700;color:rgba(0,0,0,.95)}.ui.tabular.menu{border-radius:0;-webkit-box-shadow:none!important;box-shadow:none!important;border:none;background:none transparent;border-bottom:1px solid #d4d4d5}.ui.tabular.fluid.menu{width:calc(100% + 2px)!important}.ui.tabular.menu .item{background:0 0;border-bottom:none;border-left:1px solid transparent;border-right:1px solid transparent;border-top:2px solid transparent;padding:.92857143em 1.42857143em;color:rgba(0,0,0,.87)}.ui.tabular.menu .item:before{display:none}.ui.tabular.menu .item:hover{background-color:transparent;color:rgba(0,0,0,.8)}.ui.tabular.menu .active.item{background:none #fff;color:rgba(0,0,0,.95);border-top-width:1px;border-color:#d4d4d5;font-weight:700;margin-bottom:-1px;-webkit-box-shadow:none;box-shadow:none;border-radius:.28571429rem .28571429rem 0 0!important}.ui.tabular.menu+.attached:not(.top).segment,.ui.tabular.menu+.attached:not(.top).segment+.attached:not(.top).segment{border-top:none;margin-left:0;margin-top:0;margin-right:0;width:100%}.top.attached.segment+.ui.bottom.tabular.menu{position:relative;width:calc(100% + 2px);left:-1px}.ui.bottom.tabular.menu{background:none transparent;border-radius:0;-webkit-box-shadow:none!important;box-shadow:none!important;border-bottom:none;border-top:1px solid #d4d4d5}.ui.bottom.tabular.menu .item{background:0 0;border-left:1px solid transparent;border-right:1px solid transparent;border-bottom:1px solid transparent;border-top:none}.ui.bottom.tabular.menu .active.item{background:none #fff;color:rgba(0,0,0,.95);border-color:#d4d4d5;margin:-1px 0 0 0;border-radius:0 0 .28571429rem .28571429rem!important}.ui.vertical.tabular.menu{background:none transparent;border-radius:0;-webkit-box-shadow:none!important;box-shadow:none!important;border-bottom:none;border-right:1px solid #d4d4d5}.ui.vertical.tabular.menu .item{background:0 0;border-left:1px solid transparent;border-bottom:1px solid transparent;border-top:1px solid transparent;border-right:none}.ui.vertical.tabular.menu .active.item{background:none #fff;color:rgba(0,0,0,.95);border-color:#d4d4d5;margin:0 -1px 0 0;border-radius:.28571429rem 0 0 .28571429rem!important}.ui.vertical.right.tabular.menu{background:none transparent;border-radius:0;-webkit-box-shadow:none!important;box-shadow:none!important;border-bottom:none;border-right:none;border-left:1px solid #d4d4d5}.ui.vertical.right.tabular.menu .item{background:0 0;border-right:1px solid transparent;border-bottom:1px solid transparent;border-top:1px solid transparent;border-left:none}.ui.vertical.right.tabular.menu .active.item{background:none #fff;color:rgba(0,0,0,.95);border-color:#d4d4d5;margin:0 0 0 -1px;border-radius:0 .28571429rem .28571429rem 0!important}.ui.tabular.menu .active.dropdown.item{margin-bottom:0;border-left:1px solid transparent;border-right:1px solid transparent;border-top:2px solid transparent;border-bottom:none}.ui.pagination.menu{margin:0;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;vertical-align:middle}.ui.pagination.menu .item:last-child{border-radius:0 .28571429rem .28571429rem 0}.ui.compact.menu .item:last-child{border-radius:0 .28571429rem .28571429rem 0}.ui.pagination.menu .item:last-child:before{display:none}.ui.pagination.menu .item{min-width:3em;text-align:center}.ui.pagination.menu .icon.item i.icon{vertical-align:top}.ui.pagination.menu .active.item{border-top:none;padding-top:.92857143em;background-color:rgba(0,0,0,.05);color:rgba(0,0,0,.95);-webkit-box-shadow:none;box-shadow:none}.ui.secondary.menu{background:0 0;margin-left:-.35714286em;margin-right:-.35714286em;border-radius:0;border:none;-webkit-box-shadow:none;box-shadow:none}.ui.secondary.menu .item{-ms-flex-item-align:center;align-self:center;-webkit-box-shadow:none;box-shadow:none;border:none;padding:.78571429em .92857143em;margin:0 .35714286em;background:0 0;-webkit-transition:color .1s ease;transition:color .1s ease;border-radius:.28571429rem}.ui.secondary.menu .item:before{display:none!important}.ui.secondary.menu .header.item{border-radius:0;border-right:none;background:none transparent}.ui.secondary.menu .item>img:not(.ui){margin:0}.ui.secondary.menu .dropdown.item:hover,.ui.secondary.menu .link.item:hover,.ui.secondary.menu a.item:hover{background:rgba(0,0,0,.05);color:rgba(0,0,0,.95)}.ui.secondary.menu .active.item{-webkit-box-shadow:none;box-shadow:none;background:rgba(0,0,0,.05);color:rgba(0,0,0,.95);border-radius:.28571429rem}.ui.secondary.menu .active.item:hover{-webkit-box-shadow:none;box-shadow:none;background:rgba(0,0,0,.05);color:rgba(0,0,0,.95)}.ui.secondary.inverted.menu .link.item,.ui.secondary.inverted.menu a.item{color:rgba(255,255,255,.7)!important}.ui.secondary.inverted.menu .dropdown.item:hover,.ui.secondary.inverted.menu .link.item:hover,.ui.secondary.inverted.menu a.item:hover{background:rgba(255,255,255,.08);color:#fff!important}.ui.secondary.inverted.menu .active.item{background:rgba(255,255,255,.15);color:#fff!important}.ui.secondary.item.menu{margin-left:0;margin-right:0}.ui.secondary.item.menu .item:last-child{margin-right:0}.ui.secondary.attached.menu{-webkit-box-shadow:none;box-shadow:none}.ui.vertical.secondary.menu .item:not(.dropdown)>.menu{margin:0 -.92857143em}.ui.vertical.secondary.menu .item:not(.dropdown)>.menu>.item{margin:0;padding:.5em 1.33333333em}.ui.secondary.vertical.menu>.item{border:none;margin:0 0 .35714286em;border-radius:.28571429rem!important}.ui.secondary.vertical.menu>.header.item{border-radius:0}.ui.vertical.secondary.menu .item>.menu .item{background-color:transparent}.ui.secondary.inverted.menu{background-color:transparent}.ui.secondary.pointing.menu{margin-left:0;margin-right:0;border-bottom:2px solid rgba(34,36,38,.15)}.ui.secondary.pointing.menu .item{border-bottom-color:transparent;border-bottom-style:solid;border-radius:0;-ms-flex-item-align:end;align-self:flex-end;margin:0 0 -2px;padding:.85714286em 1.14285714em;border-bottom-width:2px;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.secondary.pointing.menu .header.item{color:rgba(0,0,0,.85)!important}.ui.secondary.pointing.menu .text.item{-webkit-box-shadow:none!important;box-shadow:none!important}.ui.secondary.pointing.menu .item:after{display:none}.ui.secondary.pointing.menu .dropdown.item:hover,.ui.secondary.pointing.menu .link.item:hover,.ui.secondary.pointing.menu a.item:hover{background-color:transparent;color:rgba(0,0,0,.87)}.ui.secondary.pointing.menu .dropdown.item:active,.ui.secondary.pointing.menu .link.item:active,.ui.secondary.pointing.menu a.item:active{background-color:transparent;border-color:rgba(34,36,38,.15)}.ui.secondary.pointing.menu .active.item{background-color:transparent;-webkit-box-shadow:none;box-shadow:none;border-color:#1b1c1d;font-weight:700;color:rgba(0,0,0,.95)}.ui.secondary.pointing.menu .active.item:hover{border-color:#1b1c1d;color:rgba(0,0,0,.95)}.ui.secondary.pointing.menu .active.dropdown.item{border-color:transparent}.ui.secondary.vertical.pointing.menu{border-bottom-width:0;border-right-width:2px;border-right-style:solid;border-right-color:rgba(34,36,38,.15)}.ui.secondary.vertical.pointing.menu .item{border-bottom:none;border-right-style:solid;border-right-color:transparent;border-radius:0!important;margin:0 -2px 0 0;border-right-width:2px}.ui.secondary.vertical.pointing.menu .active.item{border-color:#1b1c1d}.ui.secondary.inverted.pointing.menu{border-color:rgba(255,255,255,.1)}.ui.secondary.inverted.pointing.menu{border-width:2px;border-color:rgba(34,36,38,.15)}.ui.secondary.inverted.pointing.menu .item{color:rgba(255,255,255,.9)}.ui.secondary.inverted.pointing.menu .header.item{color:#fff!important}.ui.secondary.inverted.pointing.menu .link.item:hover,.ui.secondary.inverted.pointing.menu a.item:hover{color:rgba(0,0,0,.95)}.ui.secondary.inverted.pointing.menu .active.item{border-color:#fff;color:#fff}.ui.text.menu{background:none transparent;border-radius:0;-webkit-box-shadow:none;box-shadow:none;border:none;margin:1em -.5em}.ui.text.menu .item{border-radius:0;-webkit-box-shadow:none;box-shadow:none;-ms-flex-item-align:center;align-self:center;margin:0 0;padding:.35714286em .5em;font-weight:400;color:rgba(0,0,0,.6);-webkit-transition:opacity .1s ease;transition:opacity .1s ease}.ui.text.menu .item:before,.ui.text.menu .menu .item:before{display:none!important}.ui.text.menu .header.item{background-color:transparent;opacity:1;color:rgba(0,0,0,.85);font-size:.92857143em;text-transform:uppercase;font-weight:700}.ui.text.menu .item>img:not(.ui){margin:0}.ui.text.item.menu .item{margin:0}.ui.vertical.text.menu{margin:1em 0}.ui.vertical.text.menu:first-child{margin-top:0}.ui.vertical.text.menu:last-child{margin-bottom:0}.ui.vertical.text.menu .item{margin:.57142857em 0;padding-left:0;padding-right:0}.ui.vertical.text.menu .item>i.icon{float:none;margin:0 .35714286em 0 0}.ui.vertical.text.menu .header.item{margin:.57142857em 0 .71428571em}.ui.vertical.text.menu .item:not(.dropdown)>.menu{margin:0}.ui.vertical.text.menu .item:not(.dropdown)>.menu>.item{margin:0;padding:.5em 0}.ui.text.menu .item:hover{opacity:1;background-color:transparent}.ui.text.menu .active.item{background-color:transparent;border:none;-webkit-box-shadow:none;box-shadow:none;font-weight:400;color:rgba(0,0,0,.95)}.ui.text.menu .active.item:hover{background-color:transparent}.ui.text.pointing.menu .active.item:after{-webkit-box-shadow:none;box-shadow:none}.ui.text.attached.menu{-webkit-box-shadow:none;box-shadow:none}.ui.inverted.text.menu,.ui.inverted.text.menu .active.item,.ui.inverted.text.menu .item,.ui.inverted.text.menu .item:hover{background-color:transparent!important}.ui.fluid.text.menu{margin-left:0;margin-right:0}.ui.vertical.icon.menu{display:inline-block;width:auto}.ui.icon.menu .item{height:auto;text-align:center;color:#1b1c1d}.ui.icon.menu .item>.icon:not(.dropdown){margin:0;opacity:1}.ui.icon.menu .icon:before{opacity:1}.ui.menu .icon.item>.icon{width:auto;margin:0 auto}.ui.vertical.icon.menu .item>.icon:not(.dropdown){display:block;opacity:1;margin:0 auto;float:none}.ui.inverted.icon.menu .item{color:#fff}.ui.labeled.icon.menu{text-align:center}.ui.labeled.icon.menu .item{min-width:6em;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui.labeled.icon.menu .item>.icon:not(.dropdown){height:1em;display:block;font-size:1.71428571em!important;margin:0 auto .5rem!important}.ui.fluid.labeled.icon.menu>.item{min-width:0}@media only screen and (max-width:767px){.ui.stackable.menu{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui.stackable.menu .item{width:100%!important}.ui.stackable.menu .item:before{position:absolute;content:'';top:auto;bottom:0;left:0;width:100%;height:1px;background:rgba(34,36,38,.1)}.ui.stackable.menu .left.item,.ui.stackable.menu .left.menu{margin-right:0!important}.ui.stackable.menu .right.item,.ui.stackable.menu .right.menu{margin-left:0!important}.ui.stackable.menu .left.menu,.ui.stackable.menu .right.menu{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}}.ui.menu .red.active.item,.ui.red.menu .active.item{border-color:#db2828!important;color:#db2828!important}.ui.menu .orange.active.item,.ui.orange.menu .active.item{border-color:#f2711c!important;color:#f2711c!important}.ui.menu .yellow.active.item,.ui.yellow.menu .active.item{border-color:#fbbd08!important;color:#fbbd08!important}.ui.menu .olive.active.item,.ui.olive.menu .active.item{border-color:#b5cc18!important;color:#b5cc18!important}.ui.green.menu .active.item,.ui.menu .green.active.item{border-color:#21ba45!important;color:#21ba45!important}.ui.menu .teal.active.item,.ui.teal.menu .active.item{border-color:#00b5ad!important;color:#00b5ad!important}.ui.blue.menu .active.item,.ui.menu .blue.active.item{border-color:#2185d0!important;color:#2185d0!important}.ui.menu .violet.active.item,.ui.violet.menu .active.item{border-color:#6435c9!important;color:#6435c9!important}.ui.menu .purple.active.item,.ui.purple.menu .active.item{border-color:#a333c8!important;color:#a333c8!important}.ui.menu .pink.active.item,.ui.pink.menu .active.item{border-color:#e03997!important;color:#e03997!important}.ui.brown.menu .active.item,.ui.menu .brown.active.item{border-color:#a5673f!important;color:#a5673f!important}.ui.grey.menu .active.item,.ui.menu .grey.active.item{border-color:#767676!important;color:#767676!important}.ui.inverted.menu{border:0 solid transparent;background:#1b1c1d;-webkit-box-shadow:none;box-shadow:none}.ui.inverted.menu .item,.ui.inverted.menu .item>a:not(.ui){background:0 0;color:rgba(255,255,255,.9)}.ui.inverted.menu .item.menu{background:0 0}.ui.inverted.menu .item:before{background:rgba(255,255,255,.08)}.ui.vertical.inverted.menu .item:before{background:rgba(255,255,255,.08)}.ui.vertical.inverted.menu .menu .item,.ui.vertical.inverted.menu .menu .item a:not(.ui){color:rgba(255,255,255,.5)}.ui.inverted.menu .header.item{margin:0;background:0 0;-webkit-box-shadow:none;box-shadow:none}.ui.inverted.menu .item.disabled,.ui.inverted.menu .item.disabled:hover{color:rgba(225,225,225,.3)}.ui.inverted.menu .dropdown.item:hover,.ui.inverted.menu .link.item:hover,.ui.inverted.menu a.item:hover,.ui.link.inverted.menu .item:hover{background:rgba(255,255,255,.08);color:#fff}.ui.vertical.inverted.menu .item .menu .link.item:hover,.ui.vertical.inverted.menu .item .menu a.item:hover{background:0 0;color:#fff}.ui.inverted.menu .link.item:active,.ui.inverted.menu a.item:active{background:rgba(255,255,255,.08);color:#fff}.ui.inverted.menu .active.item{background:rgba(255,255,255,.15);color:#fff!important}.ui.inverted.vertical.menu .item .menu .active.item{background:0 0;color:#fff}.ui.inverted.pointing.menu .active.item:after{background:#3d3e3f!important;margin:0!important;-webkit-box-shadow:none!important;box-shadow:none!important;border:none!important}.ui.inverted.menu .active.item:hover{background:rgba(255,255,255,.15);color:#fff!important}.ui.inverted.pointing.menu .active.item:hover:after{background:#3d3e3f!important}.ui.floated.menu{float:left;margin:0 .5rem 0 0}.ui.floated.menu .item:last-child:before{display:none}.ui.right.floated.menu{float:right;margin:0 0 0 .5rem}.ui.inverted.menu .red.active.item,.ui.inverted.red.menu{background-color:#db2828}.ui.inverted.red.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.red.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .orange.active.item,.ui.inverted.orange.menu{background-color:#f2711c}.ui.inverted.orange.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.orange.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .yellow.active.item,.ui.inverted.yellow.menu{background-color:#fbbd08}.ui.inverted.yellow.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.yellow.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .olive.active.item,.ui.inverted.olive.menu{background-color:#b5cc18}.ui.inverted.olive.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.olive.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.green.menu,.ui.inverted.menu .green.active.item{background-color:#21ba45}.ui.inverted.green.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.green.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .teal.active.item,.ui.inverted.teal.menu{background-color:#00b5ad}.ui.inverted.teal.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.teal.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.blue.menu,.ui.inverted.menu .blue.active.item{background-color:#2185d0}.ui.inverted.blue.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.blue.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .violet.active.item,.ui.inverted.violet.menu{background-color:#6435c9}.ui.inverted.violet.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.violet.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .purple.active.item,.ui.inverted.purple.menu{background-color:#a333c8}.ui.inverted.purple.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.purple.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.menu .pink.active.item,.ui.inverted.pink.menu{background-color:#e03997}.ui.inverted.pink.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.pink.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.brown.menu,.ui.inverted.menu .brown.active.item{background-color:#a5673f}.ui.inverted.brown.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.brown.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.inverted.grey.menu,.ui.inverted.menu .grey.active.item{background-color:#767676}.ui.inverted.grey.menu .item:before{background-color:rgba(34,36,38,.1)}.ui.inverted.grey.menu .active.item{background-color:rgba(0,0,0,.1)!important}.ui.fitted.menu .item,.ui.fitted.menu .item .menu .item,.ui.menu .fitted.item{padding:0}.ui.horizontally.fitted.menu .item,.ui.horizontally.fitted.menu .item .menu .item,.ui.menu .horizontally.fitted.item{padding-top:.92857143em;padding-bottom:.92857143em}.ui.menu .vertically.fitted.item,.ui.vertically.fitted.menu .item,.ui.vertically.fitted.menu .item .menu .item{padding-left:1.14285714em;padding-right:1.14285714em}.ui.borderless.menu .item .menu .item:before,.ui.borderless.menu .item:before,.ui.menu .borderless.item:before{background:0 0!important}.ui.compact.menu{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin:0;vertical-align:middle}.ui.compact.vertical.menu{display:inline-block}.ui.compact.menu .item:last-child{border-radius:0 .28571429rem .28571429rem 0}.ui.compact.menu .item:last-child:before{display:none}.ui.compact.vertical.menu{width:auto!important}.ui.compact.vertical.menu .item:last-child::before{display:block}.ui.menu.fluid,.ui.vertical.menu.fluid{width:100%!important}.ui.item.menu,.ui.item.menu .item{width:100%;padding-left:0!important;padding-right:0!important;margin-left:0!important;margin-right:0!important;text-align:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.ui.attached.item.menu{margin:0 -1px!important}.ui.item.menu .item:last-child:before{display:none}.ui.menu.two.item .item{width:50%}.ui.menu.three.item .item{width:33.333%}.ui.menu.four.item .item{width:25%}.ui.menu.five.item .item{width:20%}.ui.menu.six.item .item{width:16.666%}.ui.menu.seven.item .item{width:14.285%}.ui.menu.eight.item .item{width:12.5%}.ui.menu.nine.item .item{width:11.11%}.ui.menu.ten.item .item{width:10%}.ui.menu.eleven.item .item{width:9.09%}.ui.menu.twelve.item .item{width:8.333%}.ui.menu.fixed{position:fixed;z-index:101;margin:0;width:100%}.ui.menu.fixed,.ui.menu.fixed .item:first-child,.ui.menu.fixed .item:last-child{border-radius:0!important}.ui.fixed.menu,.ui[class*="top fixed"].menu{top:0;left:0;right:auto;bottom:auto}.ui[class*="top fixed"].menu{border-top:none;border-left:none;border-right:none}.ui[class*="right fixed"].menu{border-top:none;border-bottom:none;border-right:none;top:0;right:0;left:auto;bottom:auto;width:auto;height:100%}.ui[class*="bottom fixed"].menu{border-bottom:none;border-left:none;border-right:none;bottom:0;left:0;top:auto;right:auto}.ui[class*="left fixed"].menu{border-top:none;border-bottom:none;border-left:none;top:0;left:0;right:auto;bottom:auto;width:auto;height:100%}.ui.fixed.menu+.ui.grid{padding-top:2.75rem}.ui.pointing.menu .item:after{visibility:hidden;position:absolute;content:'';top:100%;left:50%;-webkit-transform:translateX(-50%) translateY(-50%) rotate(45deg);transform:translateX(-50%) translateY(-50%) rotate(45deg);background:0 0;margin:.5px 0 0;width:.57142857em;height:.57142857em;border:none;border-bottom:1px solid #d4d4d5;border-right:1px solid #d4d4d5;z-index:2;-webkit-transition:background .1s ease;transition:background .1s ease}.ui.vertical.pointing.menu .item:after{position:absolute;top:50%;right:0;bottom:auto;left:auto;-webkit-transform:translateX(50%) translateY(-50%) rotate(45deg);transform:translateX(50%) translateY(-50%) rotate(45deg);margin:0 -.5px 0 0;border:none;border-top:1px solid #d4d4d5;border-right:1px solid #d4d4d5}.ui.pointing.menu .active.item:after{visibility:visible}.ui.pointing.menu .active.dropdown.item:after{visibility:hidden}.ui.pointing.menu .active.item .menu .active.item:after,.ui.pointing.menu .dropdown.active.item:after{display:none}.ui.pointing.menu .active.item:hover:after{background-color:#f2f2f2}.ui.pointing.menu .active.item:after{background-color:#f2f2f2}.ui.pointing.menu .active.item:hover:after{background-color:#f2f2f2}.ui.vertical.pointing.menu .active.item:hover:after{background-color:#f2f2f2}.ui.vertical.pointing.menu .active.item:after{background-color:#f2f2f2}.ui.vertical.pointing.menu .menu .active.item:after{background-color:#fff}.ui.attached.menu{top:0;bottom:0;border-radius:0;margin:0 -1px;width:calc(100% + 2px);max-width:calc(100% + 2px);-webkit-box-shadow:none;box-shadow:none}.ui.attached+.ui.attached.menu:not(.top){border-top:none}.ui[class*="top attached"].menu{bottom:0;margin-bottom:0;top:0;margin-top:1rem;border-radius:.28571429rem .28571429rem 0 0}.ui.menu[class*="top attached"]:first-child{margin-top:0}.ui[class*="bottom attached"].menu{bottom:0;margin-top:0;top:0;margin-bottom:1rem;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),none;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),none;border-radius:0 0 .28571429rem .28571429rem}.ui[class*="bottom attached"].menu:last-child{margin-bottom:0}.ui.top.attached.menu>.item:first-child{border-radius:.28571429rem 0 0 0}.ui.bottom.attached.menu>.item:first-child{border-radius:0 0 0 .28571429rem}.ui.attached.menu:not(.tabular){border:1px solid #d4d4d5}.ui.attached.inverted.menu{border:none}.ui.attached.tabular.menu{margin-left:0;margin-right:0;width:100%}.ui.mini.menu{font-size:.78571429rem}.ui.mini.vertical.menu{width:9rem}.ui.tiny.menu{font-size:.85714286rem}.ui.tiny.vertical.menu{width:11rem}.ui.small.menu{font-size:.92857143rem}.ui.small.vertical.menu{width:13rem}.ui.menu{font-size:1rem}.ui.vertical.menu{width:15rem}.ui.large.menu{font-size:1.07142857rem}.ui.large.vertical.menu{width:18rem}.ui.huge.menu{font-size:1.21428571rem}.ui.huge.vertical.menu{width:22rem}.ui.big.menu{font-size:1.14285714rem}.ui.big.vertical.menu{width:20rem}.ui.massive.menu{font-size:1.28571429rem}.ui.massive.vertical.menu{width:25rem}/*!
- * # Semantic UI 2.4.0 - Message
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.message{position:relative;min-height:1em;margin:1em 0;background:#f8f8f9;padding:1em 1.5em;line-height:1.4285em;color:rgba(0,0,0,.87);-webkit-transition:opacity .1s ease,color .1s ease,background .1s ease,-webkit-box-shadow .1s ease;transition:opacity .1s ease,color .1s ease,background .1s ease,-webkit-box-shadow .1s ease;transition:opacity .1s ease,color .1s ease,background .1s ease,box-shadow .1s ease;transition:opacity .1s ease,color .1s ease,background .1s ease,box-shadow .1s ease,-webkit-box-shadow .1s ease;border-radius:.28571429rem;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.22) inset,0 0 0 0 transparent;box-shadow:0 0 0 1px rgba(34,36,38,.22) inset,0 0 0 0 transparent}.ui.message:first-child{margin-top:0}.ui.message:last-child{margin-bottom:0}.ui.message .header{display:block;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-weight:700;margin:-.14285714em 0 0 0}.ui.message .header:not(.ui){font-size:1.14285714em}.ui.message p{opacity:.85;margin:.75em 0}.ui.message p:first-child{margin-top:0}.ui.message p:last-child{margin-bottom:0}.ui.message .header+p{margin-top:.25em}.ui.message .list:not(.ui){text-align:left;padding:0;opacity:.85;list-style-position:inside;margin:.5em 0 0}.ui.message .list:not(.ui):first-child{margin-top:0}.ui.message .list:not(.ui):last-child{margin-bottom:0}.ui.message .list:not(.ui) li{position:relative;list-style-type:none;margin:0 0 .3em 1em;padding:0}.ui.message .list:not(.ui) li:before{position:absolute;content:'•';left:-1em;height:100%;vertical-align:baseline}.ui.message .list:not(.ui) li:last-child{margin-bottom:0}.ui.message>.icon{margin-right:.6em}.ui.message>.close.icon{cursor:pointer;position:absolute;margin:0;top:.78575em;right:.5em;opacity:.7;-webkit-transition:opacity .1s ease;transition:opacity .1s ease}.ui.message>.close.icon:hover{opacity:1}.ui.message>:first-child{margin-top:0}.ui.message>:last-child{margin-bottom:0}.ui.dropdown .menu>.message{margin:0 -1px}.ui.visible.visible.visible.visible.message{display:block}.ui.icon.visible.visible.visible.visible.message{display:-webkit-box;display:-ms-flexbox;display:flex}.ui.hidden.hidden.hidden.hidden.message{display:none}.ui.compact.message{display:inline-block}.ui.compact.icon.message{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}.ui.attached.message{margin-bottom:-1px;border-radius:.28571429rem .28571429rem 0 0;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px rgba(34,36,38,.15) inset;margin-left:-1px;margin-right:-1px}.ui.attached+.ui.attached.message:not(.top):not(.bottom){margin-top:-1px;border-radius:0}.ui.bottom.attached.message{margin-top:-1px;border-radius:0 0 .28571429rem .28571429rem;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.15) inset,0 1px 2px 0 rgba(34,36,38,.15);box-shadow:0 0 0 1px rgba(34,36,38,.15) inset,0 1px 2px 0 rgba(34,36,38,.15)}.ui.bottom.attached.message:not(:last-child){margin-bottom:1em}.ui.attached.icon.message{width:auto}.ui.icon.message{display:-webkit-box;display:-ms-flexbox;display:flex;width:100%;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.ui.icon.message>.icon:not(.close){display:block;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;line-height:1;vertical-align:middle;font-size:3em;opacity:.8}.ui.icon.message>.content{display:block;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;vertical-align:middle}.ui.icon.message .icon:not(.close)+.content{padding-left:0}.ui.icon.message .circular.icon{width:1em}.ui.floating.message{-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.22) inset,0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 0 0 1px rgba(34,36,38,.22) inset,0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)}.ui.black.message{background-color:#1b1c1d;color:rgba(255,255,255,.9)}.ui.positive.message{background-color:#fcfff5;color:#2c662d}.ui.attached.positive.message,.ui.positive.message{-webkit-box-shadow:0 0 0 1px #a3c293 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #a3c293 inset,0 0 0 0 transparent}.ui.positive.message .header{color:#1a531b}.ui.negative.message{background-color:#fff6f6;color:#9f3a38}.ui.attached.negative.message,.ui.negative.message{-webkit-box-shadow:0 0 0 1px #e0b4b4 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #e0b4b4 inset,0 0 0 0 transparent}.ui.negative.message .header{color:#912d2b}.ui.info.message{background-color:#f8ffff;color:#276f86}.ui.attached.info.message,.ui.info.message{-webkit-box-shadow:0 0 0 1px #a9d5de inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #a9d5de inset,0 0 0 0 transparent}.ui.info.message .header{color:#0e566c}.ui.warning.message{background-color:#fffaf3;color:#573a08}.ui.attached.warning.message,.ui.warning.message{-webkit-box-shadow:0 0 0 1px #c9ba9b inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #c9ba9b inset,0 0 0 0 transparent}.ui.warning.message .header{color:#794b02}.ui.error.message{background-color:#fff6f6;color:#9f3a38}.ui.attached.error.message,.ui.error.message{-webkit-box-shadow:0 0 0 1px #e0b4b4 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #e0b4b4 inset,0 0 0 0 transparent}.ui.error.message .header{color:#912d2b}.ui.success.message{background-color:#fcfff5;color:#2c662d}.ui.attached.success.message,.ui.success.message{-webkit-box-shadow:0 0 0 1px #a3c293 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #a3c293 inset,0 0 0 0 transparent}.ui.success.message .header{color:#1a531b}.ui.black.message,.ui.inverted.message{background-color:#1b1c1d;color:rgba(255,255,255,.9)}.ui.red.message{background-color:#ffe8e6;color:#db2828;-webkit-box-shadow:0 0 0 1px #db2828 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #db2828 inset,0 0 0 0 transparent}.ui.red.message .header{color:#c82121}.ui.orange.message{background-color:#ffedde;color:#f2711c;-webkit-box-shadow:0 0 0 1px #f2711c inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #f2711c inset,0 0 0 0 transparent}.ui.orange.message .header{color:#e7640d}.ui.yellow.message{background-color:#fff8db;color:#b58105;-webkit-box-shadow:0 0 0 1px #b58105 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #b58105 inset,0 0 0 0 transparent}.ui.yellow.message .header{color:#9c6f04}.ui.olive.message{background-color:#fbfdef;color:#8abc1e;-webkit-box-shadow:0 0 0 1px #8abc1e inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #8abc1e inset,0 0 0 0 transparent}.ui.olive.message .header{color:#7aa61a}.ui.green.message{background-color:#e5f9e7;color:#1ebc30;-webkit-box-shadow:0 0 0 1px #1ebc30 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #1ebc30 inset,0 0 0 0 transparent}.ui.green.message .header{color:#1aa62a}.ui.teal.message{background-color:#e1f7f7;color:#10a3a3;-webkit-box-shadow:0 0 0 1px #10a3a3 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #10a3a3 inset,0 0 0 0 transparent}.ui.teal.message .header{color:#0e8c8c}.ui.blue.message{background-color:#dff0ff;color:#2185d0;-webkit-box-shadow:0 0 0 1px #2185d0 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #2185d0 inset,0 0 0 0 transparent}.ui.blue.message .header{color:#1e77ba}.ui.violet.message{background-color:#eae7ff;color:#6435c9;-webkit-box-shadow:0 0 0 1px #6435c9 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #6435c9 inset,0 0 0 0 transparent}.ui.violet.message .header{color:#5a30b5}.ui.purple.message{background-color:#f6e7ff;color:#a333c8;-webkit-box-shadow:0 0 0 1px #a333c8 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #a333c8 inset,0 0 0 0 transparent}.ui.purple.message .header{color:#922eb4}.ui.pink.message{background-color:#ffe3fb;color:#e03997;-webkit-box-shadow:0 0 0 1px #e03997 inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #e03997 inset,0 0 0 0 transparent}.ui.pink.message .header{color:#dd238b}.ui.brown.message{background-color:#f1e2d3;color:#a5673f;-webkit-box-shadow:0 0 0 1px #a5673f inset,0 0 0 0 transparent;box-shadow:0 0 0 1px #a5673f inset,0 0 0 0 transparent}.ui.brown.message .header{color:#935b38}.ui.mini.message{font-size:.78571429em}.ui.tiny.message{font-size:.85714286em}.ui.small.message{font-size:.92857143em}.ui.message{font-size:1em}.ui.large.message{font-size:1.14285714em}.ui.big.message{font-size:1.28571429em}.ui.huge.message{font-size:1.42857143em}.ui.massive.message{font-size:1.71428571em}/*!
- * # Semantic UI 2.4.0 - Table
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.table{width:100%;background:#fff;margin:1em 0;border:1px solid rgba(34,36,38,.15);-webkit-box-shadow:none;box-shadow:none;border-radius:.28571429rem;text-align:left;color:rgba(0,0,0,.87);border-collapse:separate;border-spacing:0}.ui.table:first-child{margin-top:0}.ui.table:last-child{margin-bottom:0}.ui.table td,.ui.table th{-webkit-transition:background .1s ease,color .1s ease;transition:background .1s ease,color .1s ease}.ui.table thead{-webkit-box-shadow:none;box-shadow:none}.ui.table thead th{cursor:auto;background:#f9fafb;text-align:inherit;color:rgba(0,0,0,.87);padding:.92857143em .78571429em;vertical-align:inherit;font-style:none;font-weight:700;text-transform:none;border-bottom:1px solid rgba(34,36,38,.1);border-left:none}.ui.table thead tr>th:first-child{border-left:none}.ui.table thead tr:first-child>th:first-child{border-radius:.28571429rem 0 0 0}.ui.table thead tr:first-child>th:last-child{border-radius:0 .28571429rem 0 0}.ui.table thead tr:first-child>th:only-child{border-radius:.28571429rem .28571429rem 0 0}.ui.table tfoot{-webkit-box-shadow:none;box-shadow:none}.ui.table tfoot th{cursor:auto;border-top:1px solid rgba(34,36,38,.15);background:#f9fafb;text-align:inherit;color:rgba(0,0,0,.87);padding:.78571429em .78571429em;vertical-align:middle;font-style:normal;font-weight:400;text-transform:none}.ui.table tfoot tr>th:first-child{border-left:none}.ui.table tfoot tr:first-child>th:first-child{border-radius:0 0 0 .28571429rem}.ui.table tfoot tr:first-child>th:last-child{border-radius:0 0 .28571429rem 0}.ui.table tfoot tr:first-child>th:only-child{border-radius:0 0 .28571429rem .28571429rem}.ui.table tr td{border-top:1px solid rgba(34,36,38,.1)}.ui.table tr:first-child td{border-top:none}.ui.table tbody+tbody tr:first-child td{border-top:1px solid rgba(34,36,38,.1)}.ui.table td{padding:.78571429em .78571429em;text-align:inherit}.ui.table>.icon{vertical-align:baseline}.ui.table>.icon:only-child{margin:0}.ui.table.segment{padding:0}.ui.table.segment:after{display:none}.ui.table.segment.stacked:after{display:block}@media only screen and (max-width:767px){.ui.table:not(.unstackable){width:100%}.ui.table:not(.unstackable) tbody,.ui.table:not(.unstackable) tr,.ui.table:not(.unstackable) tr>td,.ui.table:not(.unstackable) tr>th{width:auto!important;display:block!important}.ui.table:not(.unstackable){padding:0}.ui.table:not(.unstackable) thead{display:block}.ui.table:not(.unstackable) tfoot{display:block}.ui.table:not(.unstackable) tr{padding-top:1em;padding-bottom:1em;-webkit-box-shadow:0 -1px 0 0 rgba(0,0,0,.1) inset!important;box-shadow:0 -1px 0 0 rgba(0,0,0,.1) inset!important}.ui.table:not(.unstackable) tr>td,.ui.table:not(.unstackable) tr>th{background:0 0;border:none!important;padding:.25em .75em!important;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.table:not(.unstackable) td:first-child,.ui.table:not(.unstackable) th:first-child{font-weight:700}.ui.definition.table:not(.unstackable) thead th:first-child{-webkit-box-shadow:none!important;box-shadow:none!important}}.ui.table td .image,.ui.table td .image img,.ui.table th .image,.ui.table th .image img{max-width:none}.ui.structured.table{border-collapse:collapse}.ui.structured.table thead th{border-left:none;border-right:none}.ui.structured.sortable.table thead th{border-left:1px solid rgba(34,36,38,.15);border-right:1px solid rgba(34,36,38,.15)}.ui.structured.basic.table th{border-left:none;border-right:none}.ui.structured.celled.table tr td,.ui.structured.celled.table tr th{border-left:1px solid rgba(34,36,38,.1);border-right:1px solid rgba(34,36,38,.1)}.ui.definition.table thead:not(.full-width) th:first-child{pointer-events:none;background:0 0;font-weight:400;color:rgba(0,0,0,.4);-webkit-box-shadow:-1px -1px 0 1px #fff;box-shadow:-1px -1px 0 1px #fff}.ui.definition.table tfoot:not(.full-width) th:first-child{pointer-events:none;background:0 0;font-weight:rgba(0,0,0,.4);color:normal;-webkit-box-shadow:1px 1px 0 1px #fff;box-shadow:1px 1px 0 1px #fff}.ui.celled.definition.table thead:not(.full-width) th:first-child{-webkit-box-shadow:0 -1px 0 1px #fff;box-shadow:0 -1px 0 1px #fff}.ui.celled.definition.table tfoot:not(.full-width) th:first-child{-webkit-box-shadow:0 1px 0 1px #fff;box-shadow:0 1px 0 1px #fff}.ui.definition.table tr td.definition,.ui.definition.table tr td:first-child:not(.ignored){background:rgba(0,0,0,.03);font-weight:700;color:rgba(0,0,0,.95);text-transform:'';-webkit-box-shadow:'';box-shadow:'';text-align:'';font-size:1em;padding-left:'';padding-right:''}.ui.definition.table thead:not(.full-width) th:nth-child(2){border-left:1px solid rgba(34,36,38,.15)}.ui.definition.table tfoot:not(.full-width) th:nth-child(2){border-left:1px solid rgba(34,36,38,.15)}.ui.definition.table td:nth-child(2){border-left:1px solid rgba(34,36,38,.15)}.ui.table td.positive,.ui.table tr.positive{-webkit-box-shadow:0 0 0 #a3c293 inset;box-shadow:0 0 0 #a3c293 inset}.ui.table td.positive,.ui.table tr.positive{background:#fcfff5!important;color:#2c662d!important}.ui.table td.negative,.ui.table tr.negative{-webkit-box-shadow:0 0 0 #e0b4b4 inset;box-shadow:0 0 0 #e0b4b4 inset}.ui.table td.negative,.ui.table tr.negative{background:#fff6f6!important;color:#9f3a38!important}.ui.table td.error,.ui.table tr.error{-webkit-box-shadow:0 0 0 #e0b4b4 inset;box-shadow:0 0 0 #e0b4b4 inset}.ui.table td.error,.ui.table tr.error{background:#fff6f6!important;color:#9f3a38!important}.ui.table td.warning,.ui.table tr.warning{-webkit-box-shadow:0 0 0 #c9ba9b inset;box-shadow:0 0 0 #c9ba9b inset}.ui.table td.warning,.ui.table tr.warning{background:#fffaf3!important;color:#573a08!important}.ui.table td.active,.ui.table tr.active{-webkit-box-shadow:0 0 0 rgba(0,0,0,.87) inset;box-shadow:0 0 0 rgba(0,0,0,.87) inset}.ui.table td.active,.ui.table tr.active{background:#e0e0e0!important;color:rgba(0,0,0,.87)!important}.ui.table tr td.disabled,.ui.table tr.disabled td,.ui.table tr.disabled:hover,.ui.table tr:hover td.disabled{pointer-events:none;color:rgba(40,40,40,.3)}@media only screen and (max-width:991px){.ui[class*="tablet stackable"].table,.ui[class*="tablet stackable"].table tbody,.ui[class*="tablet stackable"].table tr,.ui[class*="tablet stackable"].table tr>td,.ui[class*="tablet stackable"].table tr>th{width:100%!important;display:block!important}.ui[class*="tablet stackable"].table{padding:0}.ui[class*="tablet stackable"].table thead{display:block}.ui[class*="tablet stackable"].table tfoot{display:block}.ui[class*="tablet stackable"].table tr{padding-top:1em;padding-bottom:1em;-webkit-box-shadow:0 -1px 0 0 rgba(0,0,0,.1) inset!important;box-shadow:0 -1px 0 0 rgba(0,0,0,.1) inset!important}.ui[class*="tablet stackable"].table tr>td,.ui[class*="tablet stackable"].table tr>th{background:0 0;border:none!important;padding:.25em .75em;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.definition[class*="tablet stackable"].table thead th:first-child{-webkit-box-shadow:none!important;box-shadow:none!important}}.ui.table [class*="left aligned"],.ui.table[class*="left aligned"]{text-align:left}.ui.table [class*="center aligned"],.ui.table[class*="center aligned"]{text-align:center}.ui.table [class*="right aligned"],.ui.table[class*="right aligned"]{text-align:right}.ui.table [class*="top aligned"],.ui.table[class*="top aligned"]{vertical-align:top}.ui.table [class*="middle aligned"],.ui.table[class*="middle aligned"]{vertical-align:middle}.ui.table [class*="bottom aligned"],.ui.table[class*="bottom aligned"]{vertical-align:bottom}.ui.table td.collapsing,.ui.table th.collapsing{width:1px;white-space:nowrap}.ui.fixed.table{table-layout:fixed}.ui.fixed.table td,.ui.fixed.table th{overflow:hidden;text-overflow:ellipsis}.ui.selectable.table tbody tr:hover,.ui.table tbody tr td.selectable:hover{background:rgba(0,0,0,.05)!important;color:rgba(0,0,0,.95)!important}.ui.inverted.table tbody tr td.selectable:hover,.ui.selectable.inverted.table tbody tr:hover{background:rgba(255,255,255,.08)!important;color:#fff!important}.ui.table tbody tr td.selectable{padding:0}.ui.table tbody tr td.selectable>a:not(.ui){display:block;color:inherit;padding:.78571429em .78571429em}.ui.selectable.table tr.error:hover,.ui.selectable.table tr:hover td.error,.ui.table tr td.selectable.error:hover{background:#ffe7e7!important;color:#943634!important}.ui.selectable.table tr.warning:hover,.ui.selectable.table tr:hover td.warning,.ui.table tr td.selectable.warning:hover{background:#fff4e4!important;color:#493107!important}.ui.selectable.table tr.active:hover,.ui.selectable.table tr:hover td.active,.ui.table tr td.selectable.active:hover{background:#e0e0e0!important;color:rgba(0,0,0,.87)!important}.ui.selectable.table tr.positive:hover,.ui.selectable.table tr:hover td.positive,.ui.table tr td.selectable.positive:hover{background:#f7ffe6!important;color:#275b28!important}.ui.selectable.table tr.negative:hover,.ui.selectable.table tr:hover td.negative,.ui.table tr td.selectable.negative:hover{background:#ffe7e7!important;color:#943634!important}.ui.attached.table{top:0;bottom:0;border-radius:0;margin:0 -1px;width:calc(100% + 2px);max-width:calc(100% + 2px);-webkit-box-shadow:none;box-shadow:none;border:1px solid #d4d4d5}.ui.attached+.ui.attached.table:not(.top){border-top:none}.ui[class*="top attached"].table{bottom:0;margin-bottom:0;top:0;margin-top:1em;border-radius:.28571429rem .28571429rem 0 0}.ui.table[class*="top attached"]:first-child{margin-top:0}.ui[class*="bottom attached"].table{bottom:0;margin-top:0;top:0;margin-bottom:1em;-webkit-box-shadow:none,none;box-shadow:none,none;border-radius:0 0 .28571429rem .28571429rem}.ui[class*="bottom attached"].table:last-child{margin-bottom:0}.ui.striped.table tbody tr:nth-child(2n),.ui.striped.table>tr:nth-child(2n){background-color:rgba(0,0,50,.02)}.ui.inverted.striped.table tbody tr:nth-child(2n),.ui.inverted.striped.table>tr:nth-child(2n){background-color:rgba(255,255,255,.05)}.ui.striped.selectable.selectable.selectable.table tbody tr.active:hover{background:#efefef!important;color:rgba(0,0,0,.95)!important}.ui.table [class*="single line"],.ui.table[class*="single line"]{white-space:nowrap}.ui.table [class*="single line"],.ui.table[class*="single line"]{white-space:nowrap}.ui.red.table{border-top:.2em solid #db2828}.ui.inverted.red.table{background-color:#db2828!important;color:#fff!important}.ui.orange.table{border-top:.2em solid #f2711c}.ui.inverted.orange.table{background-color:#f2711c!important;color:#fff!important}.ui.yellow.table{border-top:.2em solid #fbbd08}.ui.inverted.yellow.table{background-color:#fbbd08!important;color:#fff!important}.ui.olive.table{border-top:.2em solid #b5cc18}.ui.inverted.olive.table{background-color:#b5cc18!important;color:#fff!important}.ui.green.table{border-top:.2em solid #21ba45}.ui.inverted.green.table{background-color:#21ba45!important;color:#fff!important}.ui.teal.table{border-top:.2em solid #00b5ad}.ui.inverted.teal.table{background-color:#00b5ad!important;color:#fff!important}.ui.blue.table{border-top:.2em solid #2185d0}.ui.inverted.blue.table{background-color:#2185d0!important;color:#fff!important}.ui.violet.table{border-top:.2em solid #6435c9}.ui.inverted.violet.table{background-color:#6435c9!important;color:#fff!important}.ui.purple.table{border-top:.2em solid #a333c8}.ui.inverted.purple.table{background-color:#a333c8!important;color:#fff!important}.ui.pink.table{border-top:.2em solid #e03997}.ui.inverted.pink.table{background-color:#e03997!important;color:#fff!important}.ui.brown.table{border-top:.2em solid #a5673f}.ui.inverted.brown.table{background-color:#a5673f!important;color:#fff!important}.ui.grey.table{border-top:.2em solid #767676}.ui.inverted.grey.table{background-color:#767676!important;color:#fff!important}.ui.black.table{border-top:.2em solid #1b1c1d}.ui.inverted.black.table{background-color:#1b1c1d!important;color:#fff!important}.ui.one.column.table td{width:100%}.ui.two.column.table td{width:50%}.ui.three.column.table td{width:33.33333333%}.ui.four.column.table td{width:25%}.ui.five.column.table td{width:20%}.ui.six.column.table td{width:16.66666667%}.ui.seven.column.table td{width:14.28571429%}.ui.eight.column.table td{width:12.5%}.ui.nine.column.table td{width:11.11111111%}.ui.ten.column.table td{width:10%}.ui.eleven.column.table td{width:9.09090909%}.ui.twelve.column.table td{width:8.33333333%}.ui.thirteen.column.table td{width:7.69230769%}.ui.fourteen.column.table td{width:7.14285714%}.ui.fifteen.column.table td{width:6.66666667%}.ui.sixteen.column.table td{width:6.25%}.ui.table td.one.wide,.ui.table th.one.wide{width:6.25%}.ui.table td.two.wide,.ui.table th.two.wide{width:12.5%}.ui.table td.three.wide,.ui.table th.three.wide{width:18.75%}.ui.table td.four.wide,.ui.table th.four.wide{width:25%}.ui.table td.five.wide,.ui.table th.five.wide{width:31.25%}.ui.table td.six.wide,.ui.table th.six.wide{width:37.5%}.ui.table td.seven.wide,.ui.table th.seven.wide{width:43.75%}.ui.table td.eight.wide,.ui.table th.eight.wide{width:50%}.ui.table td.nine.wide,.ui.table th.nine.wide{width:56.25%}.ui.table td.ten.wide,.ui.table th.ten.wide{width:62.5%}.ui.table td.eleven.wide,.ui.table th.eleven.wide{width:68.75%}.ui.table td.twelve.wide,.ui.table th.twelve.wide{width:75%}.ui.table td.thirteen.wide,.ui.table th.thirteen.wide{width:81.25%}.ui.table td.fourteen.wide,.ui.table th.fourteen.wide{width:87.5%}.ui.table td.fifteen.wide,.ui.table th.fifteen.wide{width:93.75%}.ui.table td.sixteen.wide,.ui.table th.sixteen.wide{width:100%}.ui.sortable.table thead th{cursor:pointer;white-space:nowrap;border-left:1px solid rgba(34,36,38,.15);color:rgba(0,0,0,.87)}.ui.sortable.table thead th:first-child{border-left:none}.ui.sortable.table thead th.sorted,.ui.sortable.table thead th.sorted:hover{-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.ui.sortable.table thead th:after{display:none;font-style:normal;font-weight:400;text-decoration:inherit;content:'';height:1em;width:auto;opacity:.8;margin:0 0 0 .5em;font-family:Icons}.ui.sortable.table thead th.ascending:after{content:'\f0d8'}.ui.sortable.table thead th.descending:after{content:'\f0d7'}.ui.sortable.table th.disabled:hover{cursor:auto;color:rgba(40,40,40,.3)}.ui.sortable.table thead th:hover{background:rgba(0,0,0,.05);color:rgba(0,0,0,.8)}.ui.sortable.table thead th.sorted{background:rgba(0,0,0,.05);color:rgba(0,0,0,.95)}.ui.sortable.table thead th.sorted:after{display:inline-block}.ui.sortable.table thead th.sorted:hover{background:rgba(0,0,0,.05);color:rgba(0,0,0,.95)}.ui.inverted.sortable.table thead th.sorted{background:rgba(255,255,255,.15) -webkit-gradient(linear,left top,left bottom,from(transparent),to(rgba(0,0,0,.05)));background:rgba(255,255,255,.15) -webkit-linear-gradient(transparent,rgba(0,0,0,.05));background:rgba(255,255,255,.15) linear-gradient(transparent,rgba(0,0,0,.05));color:#fff}.ui.inverted.sortable.table thead th:hover{background:rgba(255,255,255,.08) -webkit-gradient(linear,left top,left bottom,from(transparent),to(rgba(0,0,0,.05)));background:rgba(255,255,255,.08) -webkit-linear-gradient(transparent,rgba(0,0,0,.05));background:rgba(255,255,255,.08) linear-gradient(transparent,rgba(0,0,0,.05));color:#fff}.ui.inverted.sortable.table thead th{border-left-color:transparent;border-right-color:transparent}.ui.inverted.table{background:#333;color:rgba(255,255,255,.9);border:none}.ui.inverted.table th{background-color:rgba(0,0,0,.15);border-color:rgba(255,255,255,.1)!important;color:rgba(255,255,255,.9)!important}.ui.inverted.table tr td{border-color:rgba(255,255,255,.1)!important}.ui.inverted.table tr td.disabled,.ui.inverted.table tr.disabled td,.ui.inverted.table tr.disabled:hover td,.ui.inverted.table tr:hover td.disabled{pointer-events:none;color:rgba(225,225,225,.3)}.ui.inverted.definition.table tfoot:not(.full-width) th:first-child,.ui.inverted.definition.table thead:not(.full-width) th:first-child{background:#fff}.ui.inverted.definition.table tr td:first-child{background:rgba(255,255,255,.02);color:#fff}.ui.collapsing.table{width:auto}.ui.basic.table{background:0 0;border:1px solid rgba(34,36,38,.15);-webkit-box-shadow:none;box-shadow:none}.ui.basic.table tfoot,.ui.basic.table thead{-webkit-box-shadow:none;box-shadow:none}.ui.basic.table th{background:0 0;border-left:none}.ui.basic.table tbody tr{border-bottom:1px solid rgba(0,0,0,.1)}.ui.basic.table td{background:0 0}.ui.basic.striped.table tbody tr:nth-child(2n){background-color:rgba(0,0,0,.05)!important}.ui[class*="very basic"].table{border:none}.ui[class*="very basic"].table:not(.sortable):not(.striped) td,.ui[class*="very basic"].table:not(.sortable):not(.striped) th{padding:''}.ui[class*="very basic"].table:not(.sortable):not(.striped) td:first-child,.ui[class*="very basic"].table:not(.sortable):not(.striped) th:first-child{padding-left:0}.ui[class*="very basic"].table:not(.sortable):not(.striped) td:last-child,.ui[class*="very basic"].table:not(.sortable):not(.striped) th:last-child{padding-right:0}.ui[class*="very basic"].table:not(.sortable):not(.striped) thead tr:first-child th{padding-top:0}.ui.celled.table tr td,.ui.celled.table tr th{border-left:1px solid rgba(34,36,38,.1)}.ui.celled.table tr td:first-child,.ui.celled.table tr th:first-child{border-left:none}.ui.padded.table th{padding-left:1em;padding-right:1em}.ui.padded.table td,.ui.padded.table th{padding:1em 1em}.ui[class*="very padded"].table th{padding-left:1.5em;padding-right:1.5em}.ui[class*="very padded"].table td{padding:1.5em 1.5em}.ui.compact.table th{padding-left:.7em;padding-right:.7em}.ui.compact.table td{padding:.5em .7em}.ui[class*="very compact"].table th{padding-left:.6em;padding-right:.6em}.ui[class*="very compact"].table td{padding:.4em .6em}.ui.small.table{font-size:.9em}.ui.table{font-size:1em}.ui.large.table{font-size:1.1em}/*!
- * # Semantic UI 2.4.0 - Ad
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Copyright 2013 Contributors
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.ad{display:block;overflow:hidden;margin:1em 0}.ui.ad:first-child{margin:0}.ui.ad:last-child{margin:0}.ui.ad iframe{margin:0;padding:0;border:none;overflow:hidden}.ui.leaderboard.ad{width:728px;height:90px}.ui[class*="medium rectangle"].ad{width:300px;height:250px}.ui[class*="large rectangle"].ad{width:336px;height:280px}.ui[class*="half page"].ad{width:300px;height:600px}.ui.square.ad{width:250px;height:250px}.ui[class*="small square"].ad{width:200px;height:200px}.ui[class*="small rectangle"].ad{width:180px;height:150px}.ui[class*="vertical rectangle"].ad{width:240px;height:400px}.ui.button.ad{width:120px;height:90px}.ui[class*="square button"].ad{width:125px;height:125px}.ui[class*="small button"].ad{width:120px;height:60px}.ui.skyscraper.ad{width:120px;height:600px}.ui[class*="wide skyscraper"].ad{width:160px}.ui.banner.ad{width:468px;height:60px}.ui[class*="vertical banner"].ad{width:120px;height:240px}.ui[class*="top banner"].ad{width:930px;height:180px}.ui[class*="half banner"].ad{width:234px;height:60px}.ui[class*="large leaderboard"].ad{width:970px;height:90px}.ui.billboard.ad{width:970px;height:250px}.ui.panorama.ad{width:980px;height:120px}.ui.netboard.ad{width:580px;height:400px}.ui[class*="large mobile banner"].ad{width:320px;height:100px}.ui[class*="mobile leaderboard"].ad{width:320px;height:50px}.ui.mobile.ad{display:none}@media only screen and (max-width:767px){.ui.mobile.ad{display:block}}.ui.centered.ad{margin-left:auto;margin-right:auto}.ui.test.ad{position:relative;background:#545454}.ui.test.ad:after{position:absolute;top:50%;left:50%;width:100%;text-align:center;-webkit-transform:translateX(-50%) translateY(-50%);transform:translateX(-50%) translateY(-50%);content:'Ad';color:#fff;font-size:1em;font-weight:700}.ui.mobile.test.ad:after{font-size:.85714286em}.ui.test.ad[data-text]:after{content:attr(data-text)}/*!
- * # Semantic UI 2.4.0 - Item
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.card,.ui.cards>.card{max-width:100%;position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;width:290px;min-height:0;background:#fff;padding:0;border:none;border-radius:.28571429rem;-webkit-box-shadow:0 1px 3px 0 #d4d4d5,0 0 0 1px #d4d4d5;box-shadow:0 1px 3px 0 #d4d4d5,0 0 0 1px #d4d4d5;-webkit-transition:-webkit-box-shadow .1s ease,-webkit-transform .1s ease;transition:-webkit-box-shadow .1s ease,-webkit-transform .1s ease;transition:box-shadow .1s ease,transform .1s ease;transition:box-shadow .1s ease,transform .1s ease,-webkit-box-shadow .1s ease,-webkit-transform .1s ease;z-index:''}.ui.card{margin:1em 0}.ui.card a,.ui.cards>.card a{cursor:pointer}.ui.card:first-child{margin-top:0}.ui.card:last-child{margin-bottom:0}.ui.cards{display:-webkit-box;display:-ms-flexbox;display:flex;margin:-.875em -.5em;-ms-flex-wrap:wrap;flex-wrap:wrap}.ui.cards>.card{display:-webkit-box;display:-ms-flexbox;display:flex;margin:.875em .5em;float:none}.ui.card:after,.ui.cards:after{display:block;content:' ';height:0;clear:both;overflow:hidden;visibility:hidden}.ui.cards~.ui.cards{margin-top:.875em}.ui.card>:first-child,.ui.cards>.card>:first-child{border-radius:.28571429rem .28571429rem 0 0!important;border-top:none!important}.ui.card>:last-child,.ui.cards>.card>:last-child{border-radius:0 0 .28571429rem .28571429rem!important}.ui.card>:only-child,.ui.cards>.card>:only-child{border-radius:.28571429rem!important}.ui.card>.image,.ui.cards>.card>.image{position:relative;display:block;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;padding:0;background:rgba(0,0,0,.05)}.ui.card>.image>img,.ui.cards>.card>.image>img{display:block;width:100%;height:auto;border-radius:inherit}.ui.card>.image:not(.ui)>img,.ui.cards>.card>.image:not(.ui)>img{border:none}.ui.card>.content,.ui.cards>.card>.content{-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;border:none;border-top:1px solid rgba(34,36,38,.1);background:0 0;margin:0;padding:1em 1em;-webkit-box-shadow:none;box-shadow:none;font-size:1em;border-radius:0}.ui.card>.content:after,.ui.cards>.card>.content:after{display:block;content:' ';height:0;clear:both;overflow:hidden;visibility:hidden}.ui.card>.content>.header,.ui.cards>.card>.content>.header{display:block;margin:'';font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;color:rgba(0,0,0,.85)}.ui.card>.content>.header:not(.ui),.ui.cards>.card>.content>.header:not(.ui){font-weight:700;font-size:1.28571429em;margin-top:-.21425em;line-height:1.28571429em}.ui.card>.content>.header+.description,.ui.card>.content>.meta+.description,.ui.cards>.card>.content>.header+.description,.ui.cards>.card>.content>.meta+.description{margin-top:.5em}.ui.card [class*="left floated"],.ui.cards>.card [class*="left floated"]{float:left}.ui.card [class*="right floated"],.ui.cards>.card [class*="right floated"]{float:right}.ui.card [class*="left aligned"],.ui.cards>.card [class*="left aligned"]{text-align:left}.ui.card [class*="center aligned"],.ui.cards>.card [class*="center aligned"]{text-align:center}.ui.card [class*="right aligned"],.ui.cards>.card [class*="right aligned"]{text-align:right}.ui.card .content img,.ui.cards>.card .content img{display:inline-block;vertical-align:middle;width:''}.ui.card .avatar img,.ui.card img.avatar,.ui.cards>.card .avatar img,.ui.cards>.card img.avatar{width:2em;height:2em;border-radius:500rem}.ui.card>.content>.description,.ui.cards>.card>.content>.description{clear:both;color:rgba(0,0,0,.68)}.ui.card>.content p,.ui.cards>.card>.content p{margin:0 0 .5em}.ui.card>.content p:last-child,.ui.cards>.card>.content p:last-child{margin-bottom:0}.ui.card .meta,.ui.cards>.card .meta{font-size:1em;color:rgba(0,0,0,.4)}.ui.card .meta *,.ui.cards>.card .meta *{margin-right:.3em}.ui.card .meta :last-child,.ui.cards>.card .meta :last-child{margin-right:0}.ui.card .meta [class*="right floated"],.ui.cards>.card .meta [class*="right floated"]{margin-right:0;margin-left:.3em}.ui.card>.content a:not(.ui),.ui.cards>.card>.content a:not(.ui){color:'';-webkit-transition:color .1s ease;transition:color .1s ease}.ui.card>.content a:not(.ui):hover,.ui.cards>.card>.content a:not(.ui):hover{color:''}.ui.card>.content>a.header,.ui.cards>.card>.content>a.header{color:rgba(0,0,0,.85)}.ui.card>.content>a.header:hover,.ui.cards>.card>.content>a.header:hover{color:#1e70bf}.ui.card .meta>a:not(.ui),.ui.cards>.card .meta>a:not(.ui){color:rgba(0,0,0,.4)}.ui.card .meta>a:not(.ui):hover,.ui.cards>.card .meta>a:not(.ui):hover{color:rgba(0,0,0,.87)}.ui.card>.button,.ui.card>.buttons,.ui.cards>.card>.button,.ui.cards>.card>.buttons{margin:0 -1px;width:calc(100% + 2px)}.ui.card .dimmer,.ui.cards>.card .dimmer{background-color:'';z-index:10}.ui.card>.content .star.icon,.ui.cards>.card>.content .star.icon{cursor:pointer;opacity:.75;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.card>.content .star.icon:hover,.ui.cards>.card>.content .star.icon:hover{opacity:1;color:#ffb70a}.ui.card>.content .active.star.icon,.ui.cards>.card>.content .active.star.icon{color:#ffe623}.ui.card>.content .like.icon,.ui.cards>.card>.content .like.icon{cursor:pointer;opacity:.75;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.card>.content .like.icon:hover,.ui.cards>.card>.content .like.icon:hover{opacity:1;color:#ff2733}.ui.card>.content .active.like.icon,.ui.cards>.card>.content .active.like.icon{color:#ff2733}.ui.card>.extra,.ui.cards>.card>.extra{max-width:100%;min-height:0!important;-webkit-box-flex:0;-ms-flex-positive:0;flex-grow:0;border-top:1px solid rgba(0,0,0,.05)!important;position:static;background:0 0;width:auto;margin:0 0;padding:.75em 1em;top:0;left:0;color:rgba(0,0,0,.4);-webkit-box-shadow:none;box-shadow:none;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.card>.extra a:not(.ui),.ui.cards>.card>.extra a:not(.ui){color:rgba(0,0,0,.4)}.ui.card>.extra a:not(.ui):hover,.ui.cards>.card>.extra a:not(.ui):hover{color:#1e70bf}.ui.raised.card,.ui.raised.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 0 0 1px #d4d4d5,0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)}.ui.link.cards .raised.card:hover,.ui.link.raised.card:hover,.ui.raised.cards a.card:hover,a.ui.raised.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 4px 0 rgba(34,36,38,.15),0 2px 10px 0 rgba(34,36,38,.25);box-shadow:0 0 0 1px #d4d4d5,0 2px 4px 0 rgba(34,36,38,.15),0 2px 10px 0 rgba(34,36,38,.25)}.ui.raised.card,.ui.raised.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 0 0 1px #d4d4d5,0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)}.ui.centered.cards{-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.ui.centered.card{margin-left:auto;margin-right:auto}.ui.fluid.card{width:100%;max-width:9999px}.ui.cards a.card,.ui.link.card,.ui.link.cards .card,a.ui.card{-webkit-transform:none;transform:none}.ui.cards a.card:hover,.ui.link.card:hover,.ui.link.cards .card:hover,a.ui.card:hover{cursor:pointer;z-index:5;background:#fff;border:none;-webkit-box-shadow:0 1px 3px 0 #bcbdbd,0 0 0 1px #d4d4d5;box-shadow:0 1px 3px 0 #bcbdbd,0 0 0 1px #d4d4d5;-webkit-transform:translateY(-3px);transform:translateY(-3px)}.ui.cards>.red.card,.ui.red.card,.ui.red.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #db2828,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #db2828,0 1px 3px 0 #d4d4d5}.ui.cards>.red.card:hover,.ui.red.card:hover,.ui.red.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #d01919,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #d01919,0 1px 3px 0 #bcbdbd}.ui.cards>.orange.card,.ui.orange.card,.ui.orange.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #f2711c,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #f2711c,0 1px 3px 0 #d4d4d5}.ui.cards>.orange.card:hover,.ui.orange.card:hover,.ui.orange.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #f26202,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #f26202,0 1px 3px 0 #bcbdbd}.ui.cards>.yellow.card,.ui.yellow.card,.ui.yellow.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #fbbd08,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #fbbd08,0 1px 3px 0 #d4d4d5}.ui.cards>.yellow.card:hover,.ui.yellow.card:hover,.ui.yellow.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #eaae00,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #eaae00,0 1px 3px 0 #bcbdbd}.ui.cards>.olive.card,.ui.olive.card,.ui.olive.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #b5cc18,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #b5cc18,0 1px 3px 0 #d4d4d5}.ui.cards>.olive.card:hover,.ui.olive.card:hover,.ui.olive.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #a7bd0d,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #a7bd0d,0 1px 3px 0 #bcbdbd}.ui.cards>.green.card,.ui.green.card,.ui.green.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #21ba45,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #21ba45,0 1px 3px 0 #d4d4d5}.ui.cards>.green.card:hover,.ui.green.card:hover,.ui.green.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #16ab39,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #16ab39,0 1px 3px 0 #bcbdbd}.ui.cards>.teal.card,.ui.teal.card,.ui.teal.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #00b5ad,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #00b5ad,0 1px 3px 0 #d4d4d5}.ui.cards>.teal.card:hover,.ui.teal.card:hover,.ui.teal.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #009c95,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #009c95,0 1px 3px 0 #bcbdbd}.ui.blue.card,.ui.blue.cards>.card,.ui.cards>.blue.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #2185d0,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #2185d0,0 1px 3px 0 #d4d4d5}.ui.blue.card:hover,.ui.blue.cards>.card:hover,.ui.cards>.blue.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #1678c2,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #1678c2,0 1px 3px 0 #bcbdbd}.ui.cards>.violet.card,.ui.violet.card,.ui.violet.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #6435c9,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #6435c9,0 1px 3px 0 #d4d4d5}.ui.cards>.violet.card:hover,.ui.violet.card:hover,.ui.violet.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #5829bb,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #5829bb,0 1px 3px 0 #bcbdbd}.ui.cards>.purple.card,.ui.purple.card,.ui.purple.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #a333c8,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #a333c8,0 1px 3px 0 #d4d4d5}.ui.cards>.purple.card:hover,.ui.purple.card:hover,.ui.purple.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #9627ba,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #9627ba,0 1px 3px 0 #bcbdbd}.ui.cards>.pink.card,.ui.pink.card,.ui.pink.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #e03997,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #e03997,0 1px 3px 0 #d4d4d5}.ui.cards>.pink.card:hover,.ui.pink.card:hover,.ui.pink.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #e61a8d,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #e61a8d,0 1px 3px 0 #bcbdbd}.ui.brown.card,.ui.brown.cards>.card,.ui.cards>.brown.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #a5673f,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #a5673f,0 1px 3px 0 #d4d4d5}.ui.brown.card:hover,.ui.brown.cards>.card:hover,.ui.cards>.brown.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #975b33,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #975b33,0 1px 3px 0 #bcbdbd}.ui.cards>.grey.card,.ui.grey.card,.ui.grey.cards>.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #767676,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #767676,0 1px 3px 0 #d4d4d5}.ui.cards>.grey.card:hover,.ui.grey.card:hover,.ui.grey.cards>.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #838383,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #838383,0 1px 3px 0 #bcbdbd}.ui.black.card,.ui.black.cards>.card,.ui.cards>.black.card{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #1b1c1d,0 1px 3px 0 #d4d4d5;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #1b1c1d,0 1px 3px 0 #d4d4d5}.ui.black.card:hover,.ui.black.cards>.card:hover,.ui.cards>.black.card:hover{-webkit-box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #27292a,0 1px 3px 0 #bcbdbd;box-shadow:0 0 0 1px #d4d4d5,0 2px 0 0 #27292a,0 1px 3px 0 #bcbdbd}.ui.one.cards{margin-left:0;margin-right:0}.ui.one.cards>.card{width:100%}.ui.two.cards{margin-left:-1em;margin-right:-1em}.ui.two.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.three.cards{margin-left:-1em;margin-right:-1em}.ui.three.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.four.cards{margin-left:-.75em;margin-right:-.75em}.ui.four.cards>.card{width:calc(25% - 1.5em);margin-left:.75em;margin-right:.75em}.ui.five.cards{margin-left:-.75em;margin-right:-.75em}.ui.five.cards>.card{width:calc(20% - 1.5em);margin-left:.75em;margin-right:.75em}.ui.six.cards{margin-left:-.75em;margin-right:-.75em}.ui.six.cards>.card{width:calc(16.66666667% - 1.5em);margin-left:.75em;margin-right:.75em}.ui.seven.cards{margin-left:-.5em;margin-right:-.5em}.ui.seven.cards>.card{width:calc(14.28571429% - 1em);margin-left:.5em;margin-right:.5em}.ui.eight.cards{margin-left:-.5em;margin-right:-.5em}.ui.eight.cards>.card{width:calc(12.5% - 1em);margin-left:.5em;margin-right:.5em;font-size:11px}.ui.nine.cards{margin-left:-.5em;margin-right:-.5em}.ui.nine.cards>.card{width:calc(11.11111111% - 1em);margin-left:.5em;margin-right:.5em;font-size:10px}.ui.ten.cards{margin-left:-.5em;margin-right:-.5em}.ui.ten.cards>.card{width:calc(10% - 1em);margin-left:.5em;margin-right:.5em}@media only screen and (max-width:767px){.ui.two.doubling.cards{margin-left:0;margin-right:0}.ui.two.doubling.cards>.card{width:100%;margin-left:0;margin-right:0}.ui.three.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.three.doubling.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.four.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.four.doubling.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.five.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.five.doubling.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.six.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.six.doubling.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.seven.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.seven.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.eight.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.eight.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.nine.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.nine.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.ten.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.ten.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}}@media only screen and (min-width:768px) and (max-width:991px){.ui.two.doubling.cards{margin-left:0;margin-right:0}.ui.two.doubling.cards>.card{width:100%;margin-left:0;margin-right:0}.ui.three.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.three.doubling.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.four.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.four.doubling.cards>.card{width:calc(50% - 2em);margin-left:1em;margin-right:1em}.ui.five.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.five.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.six.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.six.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.eight.doubling.cards{margin-left:-1em;margin-right:-1em}.ui.eight.doubling.cards>.card{width:calc(33.33333333% - 2em);margin-left:1em;margin-right:1em}.ui.eight.doubling.cards{margin-left:-.75em;margin-right:-.75em}.ui.eight.doubling.cards>.card{width:calc(25% - 1.5em);margin-left:.75em;margin-right:.75em}.ui.nine.doubling.cards{margin-left:-.75em;margin-right:-.75em}.ui.nine.doubling.cards>.card{width:calc(25% - 1.5em);margin-left:.75em;margin-right:.75em}.ui.ten.doubling.cards{margin-left:-.75em;margin-right:-.75em}.ui.ten.doubling.cards>.card{width:calc(20% - 1.5em);margin-left:.75em;margin-right:.75em}}@media only screen and (max-width:767px){.ui.stackable.cards{display:block!important}.ui.stackable.cards .card:first-child{margin-top:0!important}.ui.stackable.cards>.card{display:block!important;height:auto!important;margin:1em 1em;padding:0!important;width:calc(100% - 2em)!important}}.ui.cards>.card{font-size:1em}/*!
- * # Semantic UI 2.4.0 - Comment
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.comments{margin:1.5em 0;max-width:650px}.ui.comments:first-child{margin-top:0}.ui.comments:last-child{margin-bottom:0}.ui.comments .comment{position:relative;background:0 0;margin:.5em 0 0;padding:.5em 0 0;border:none;border-top:none;line-height:1.2}.ui.comments .comment:first-child{margin-top:0;padding-top:0}.ui.comments .comment .comments{margin:0 0 .5em .5em;padding:1em 0 1em 1em}.ui.comments .comment .comments:before{position:absolute;top:0;left:0}.ui.comments .comment .comments .comment{border:none;border-top:none;background:0 0}.ui.comments .comment .avatar{display:block;width:2.5em;height:auto;float:left;margin:.2em 0 0}.ui.comments .comment .avatar img,.ui.comments .comment img.avatar{display:block;margin:0 auto;width:100%;height:100%;border-radius:.25rem}.ui.comments .comment>.content{display:block}.ui.comments .comment>.avatar~.content{margin-left:3.5em}.ui.comments .comment .author{font-size:1em;color:rgba(0,0,0,.87);font-weight:700}.ui.comments .comment a.author{cursor:pointer}.ui.comments .comment a.author:hover{color:#1e70bf}.ui.comments .comment .metadata{display:inline-block;margin-left:.5em;color:rgba(0,0,0,.4);font-size:.875em}.ui.comments .comment .metadata>*{display:inline-block;margin:0 .5em 0 0}.ui.comments .comment .metadata>:last-child{margin-right:0}.ui.comments .comment .text{margin:.25em 0 .5em;font-size:1em;word-wrap:break-word;color:rgba(0,0,0,.87);line-height:1.3}.ui.comments .comment .actions{font-size:.875em}.ui.comments .comment .actions a{cursor:pointer;display:inline-block;margin:0 .75em 0 0;color:rgba(0,0,0,.4)}.ui.comments .comment .actions a:last-child{margin-right:0}.ui.comments .comment .actions a.active,.ui.comments .comment .actions a:hover{color:rgba(0,0,0,.8)}.ui.comments>.reply.form{margin-top:1em}.ui.comments .comment .reply.form{width:100%;margin-top:1em}.ui.comments .reply.form textarea{font-size:1em;height:12em}.ui.collapsed.comments,.ui.comments .collapsed.comment,.ui.comments .collapsed.comments{display:none}.ui.threaded.comments .comment .comments{margin:-1.5em 0 -1em 1.25em;padding:3em 0 2em 2.25em;-webkit-box-shadow:-1px 0 0 rgba(34,36,38,.15);box-shadow:-1px 0 0 rgba(34,36,38,.15)}.ui.minimal.comments .comment .actions{opacity:0;position:absolute;top:0;right:0;left:auto;-webkit-transition:opacity .2s ease;transition:opacity .2s ease;-webkit-transition-delay:.1s;transition-delay:.1s}.ui.minimal.comments .comment>.content:hover>.actions{opacity:1}.ui.mini.comments{font-size:.78571429rem}.ui.tiny.comments{font-size:.85714286rem}.ui.small.comments{font-size:.92857143rem}.ui.comments{font-size:1rem}.ui.large.comments{font-size:1.14285714rem}.ui.big.comments{font-size:1.28571429rem}.ui.huge.comments{font-size:1.42857143rem}.ui.massive.comments{font-size:1.71428571rem}/*!
- * # Semantic UI 2.4.0 - Feed
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.feed{margin:1em 0}.ui.feed:first-child{margin-top:0}.ui.feed:last-child{margin-bottom:0}.ui.feed>.event{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;width:100%;padding:.21428571rem 0;margin:0;background:0 0;border-top:none}.ui.feed>.event:first-child{border-top:0;padding-top:0}.ui.feed>.event:last-child{padding-bottom:0}.ui.feed>.event>.label{display:block;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:2.5em;height:auto;-ms-flex-item-align:stretch;align-self:stretch;text-align:left}.ui.feed>.event>.label .icon{opacity:1;font-size:1.5em;width:100%;padding:.25em;background:0 0;border:none;border-radius:none;color:rgba(0,0,0,.6)}.ui.feed>.event>.label img{width:100%;height:auto;border-radius:500rem}.ui.feed>.event>.label+.content{margin:.5em 0 .35714286em 1.14285714em}.ui.feed>.event>.content{display:block;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;-ms-flex-item-align:stretch;align-self:stretch;text-align:left;word-wrap:break-word}.ui.feed>.event:last-child>.content{padding-bottom:0}.ui.feed>.event>.content a{cursor:pointer}.ui.feed>.event>.content .date{margin:-.5rem 0 0;padding:0;font-weight:400;font-size:1em;font-style:normal;color:rgba(0,0,0,.4)}.ui.feed>.event>.content .summary{margin:0;font-size:1em;font-weight:700;color:rgba(0,0,0,.87)}.ui.feed>.event>.content .summary img{display:inline-block;width:auto;height:10em;margin:-.25em .25em 0 0;border-radius:.25em;vertical-align:middle}.ui.feed>.event>.content .user{display:inline-block;font-weight:700;margin-right:0;vertical-align:baseline}.ui.feed>.event>.content .user img{margin:-.25em .25em 0 0;width:auto;height:10em;vertical-align:middle}.ui.feed>.event>.content .summary>.date{display:inline-block;float:none;font-weight:400;font-size:.85714286em;font-style:normal;margin:0 0 0 .5em;padding:0;color:rgba(0,0,0,.4)}.ui.feed>.event>.content .extra{margin:.5em 0 0;background:0 0;padding:0;color:rgba(0,0,0,.87)}.ui.feed>.event>.content .extra.images img{display:inline-block;margin:0 .25em 0 0;width:6em}.ui.feed>.event>.content .extra.text{padding:0;border-left:none;font-size:1em;max-width:500px;line-height:1.4285em}.ui.feed>.event>.content .meta{display:inline-block;font-size:.85714286em;margin:.5em 0 0;background:0 0;border:none;border-radius:0;-webkit-box-shadow:none;box-shadow:none;padding:0;color:rgba(0,0,0,.6)}.ui.feed>.event>.content .meta>*{position:relative;margin-left:.75em}.ui.feed>.event>.content .meta>:after{content:'';color:rgba(0,0,0,.2);top:0;left:-1em;opacity:1;position:absolute;vertical-align:top}.ui.feed>.event>.content .meta .like{color:'';-webkit-transition:.2s color ease;transition:.2s color ease}.ui.feed>.event>.content .meta .like:hover .icon{color:#ff2733}.ui.feed>.event>.content .meta .active.like .icon{color:#ef404a}.ui.feed>.event>.content .meta>:first-child{margin-left:0}.ui.feed>.event>.content .meta>:first-child::after{display:none}.ui.feed>.event>.content .meta a,.ui.feed>.event>.content .meta>.icon{cursor:pointer;opacity:1;color:rgba(0,0,0,.5);-webkit-transition:color .1s ease;transition:color .1s ease}.ui.feed>.event>.content .meta a:hover,.ui.feed>.event>.content .meta a:hover .icon,.ui.feed>.event>.content .meta>.icon:hover{color:rgba(0,0,0,.95)}.ui.small.feed{font-size:.92857143rem}.ui.feed{font-size:1rem}.ui.large.feed{font-size:1.14285714rem}/*!
- * # Semantic UI 2.4.0 - Item
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.items>.item{display:-webkit-box;display:-ms-flexbox;display:flex;margin:1em 0;width:100%;min-height:0;background:0 0;padding:0;border:none;border-radius:0;-webkit-box-shadow:none;box-shadow:none;-webkit-transition:-webkit-box-shadow .1s ease;transition:-webkit-box-shadow .1s ease;transition:box-shadow .1s ease;transition:box-shadow .1s ease,-webkit-box-shadow .1s ease;z-index:''}.ui.items>.item a{cursor:pointer}.ui.items{margin:1.5em 0}.ui.items:first-child{margin-top:0!important}.ui.items:last-child{margin-bottom:0!important}.ui.items>.item:after{display:block;content:' ';height:0;clear:both;overflow:hidden;visibility:hidden}.ui.items>.item:first-child{margin-top:0}.ui.items>.item:last-child{margin-bottom:0}.ui.items>.item>.image{position:relative;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;display:block;float:none;margin:0;padding:0;max-height:'';-ms-flex-item-align:top;align-self:top}.ui.items>.item>.image>img{display:block;width:100%;height:auto;border-radius:.125rem;border:none}.ui.items>.item>.image:only-child>img{border-radius:0}.ui.items>.item>.content{display:block;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;background:0 0;margin:0;padding:0;-webkit-box-shadow:none;box-shadow:none;font-size:1em;border:none;border-radius:0}.ui.items>.item>.content:after{display:block;content:' ';height:0;clear:both;overflow:hidden;visibility:hidden}.ui.items>.item>.image+.content{min-width:0;width:auto;display:block;margin-left:0;-ms-flex-item-align:top;align-self:top;padding-left:1.5em}.ui.items>.item>.content>.header{display:inline-block;margin:-.21425em 0 0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-weight:700;color:rgba(0,0,0,.85)}.ui.items>.item>.content>.header:not(.ui){font-size:1.28571429em}.ui.items>.item [class*="left floated"]{float:left}.ui.items>.item [class*="right floated"]{float:right}.ui.items>.item .content img{-ms-flex-item-align:middle;align-self:middle;width:''}.ui.items>.item .avatar img,.ui.items>.item img.avatar{width:'';height:'';border-radius:500rem}.ui.items>.item>.content>.description{margin-top:.6em;max-width:auto;font-size:1em;line-height:1.4285em;color:rgba(0,0,0,.87)}.ui.items>.item>.content p{margin:0 0 .5em}.ui.items>.item>.content p:last-child{margin-bottom:0}.ui.items>.item .meta{margin:.5em 0 .5em;font-size:1em;line-height:1em;color:rgba(0,0,0,.6)}.ui.items>.item .meta *{margin-right:.3em}.ui.items>.item .meta :last-child{margin-right:0}.ui.items>.item .meta [class*="right floated"]{margin-right:0;margin-left:.3em}.ui.items>.item>.content a:not(.ui){color:'';-webkit-transition:color .1s ease;transition:color .1s ease}.ui.items>.item>.content a:not(.ui):hover{color:''}.ui.items>.item>.content>a.header{color:rgba(0,0,0,.85)}.ui.items>.item>.content>a.header:hover{color:#1e70bf}.ui.items>.item .meta>a:not(.ui){color:rgba(0,0,0,.4)}.ui.items>.item .meta>a:not(.ui):hover{color:rgba(0,0,0,.87)}.ui.items>.item>.content .favorite.icon{cursor:pointer;opacity:.75;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.items>.item>.content .favorite.icon:hover{opacity:1;color:#ffb70a}.ui.items>.item>.content .active.favorite.icon{color:#ffe623}.ui.items>.item>.content .like.icon{cursor:pointer;opacity:.75;-webkit-transition:color .1s ease;transition:color .1s ease}.ui.items>.item>.content .like.icon:hover{opacity:1;color:#ff2733}.ui.items>.item>.content .active.like.icon{color:#ff2733}.ui.items>.item .extra{display:block;position:relative;background:0 0;margin:.5rem 0 0;width:100%;padding:0 0 0;top:0;left:0;color:rgba(0,0,0,.4);-webkit-box-shadow:none;box-shadow:none;-webkit-transition:color .1s ease;transition:color .1s ease;border-top:none}.ui.items>.item .extra>*{margin:.25rem .5rem .25rem 0}.ui.items>.item .extra>[class*="right floated"]{margin:.25rem 0 .25rem .5rem}.ui.items>.item .extra:after{display:block;content:' ';height:0;clear:both;overflow:hidden;visibility:hidden}.ui.items>.item>.image:not(.ui){width:175px}@media only screen and (min-width:768px) and (max-width:991px){.ui.items>.item{margin:1em 0}.ui.items>.item>.image:not(.ui){width:150px}.ui.items>.item>.image+.content{display:block;padding:0 0 0 1em}}@media only screen and (max-width:767px){.ui.items:not(.unstackable)>.item{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;margin:2em 0}.ui.items:not(.unstackable)>.item>.image{display:block;margin-left:auto;margin-right:auto}.ui.items:not(.unstackable)>.item>.image,.ui.items:not(.unstackable)>.item>.image>img{max-width:100%!important;width:auto!important;max-height:250px!important}.ui.items:not(.unstackable)>.item>.image+.content{display:block;padding:1.5em 0 0}}.ui.items>.item>.image+[class*="top aligned"].content{-ms-flex-item-align:start;align-self:flex-start}.ui.items>.item>.image+[class*="middle aligned"].content{-ms-flex-item-align:center;align-self:center}.ui.items>.item>.image+[class*="bottom aligned"].content{-ms-flex-item-align:end;align-self:flex-end}.ui.relaxed.items>.item{margin:1.5em 0}.ui[class*="very relaxed"].items>.item{margin:2em 0}.ui.divided.items>.item{border-top:1px solid rgba(34,36,38,.15);margin:0;padding:1em 0}.ui.divided.items>.item:first-child{border-top:none;margin-top:0!important;padding-top:0!important}.ui.divided.items>.item:last-child{margin-bottom:0!important;padding-bottom:0!important}.ui.relaxed.divided.items>.item{margin:0;padding:1.5em 0}.ui[class*="very relaxed"].divided.items>.item{margin:0;padding:2em 0}.ui.items a.item:hover,.ui.link.items>.item:hover{cursor:pointer}.ui.items a.item:hover .content .header,.ui.link.items>.item:hover .content .header{color:#1e70bf}.ui.items>.item{font-size:1em}@media only screen and (max-width:767px){.ui.unstackable.items>.item>.image,.ui.unstackable.items>.item>.image>img{width:125px!important}}/*!
- * # Semantic UI 2.4.0 - Statistic
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.statistic{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;margin:1em 0;max-width:auto}.ui.statistic+.ui.statistic{margin:0 0 0 1.5em}.ui.statistic:first-child{margin-top:0}.ui.statistic:last-child{margin-bottom:0}.ui.statistics{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-ms-flex-wrap:wrap;flex-wrap:wrap}.ui.statistics>.statistic{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;margin:0 1.5em 1em;max-width:auto}.ui.statistics{display:-webkit-box;display:-ms-flexbox;display:flex;margin:1em -1.5em -1em}.ui.statistics:after{display:block;content:' ';height:0;clear:both;overflow:hidden;visibility:hidden}.ui.statistics:first-child{margin-top:0}.ui.statistic>.value,.ui.statistics .statistic>.value{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:4rem;font-weight:400;line-height:1em;color:#1b1c1d;text-transform:uppercase;text-align:center}.ui.statistic>.label,.ui.statistics .statistic>.label{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:1em;font-weight:700;color:rgba(0,0,0,.87);text-transform:uppercase;text-align:center}.ui.statistic>.label~.value,.ui.statistics .statistic>.label~.value{margin-top:0}.ui.statistic>.value~.label,.ui.statistics .statistic>.value~.label{margin-top:0}.ui.statistic>.value .icon,.ui.statistics .statistic>.value .icon{opacity:1;width:auto;margin:0}.ui.statistic>.text.value,.ui.statistics .statistic>.text.value{line-height:1em;min-height:2em;font-weight:700;text-align:center}.ui.statistic>.text.value+.label,.ui.statistics .statistic>.text.value+.label{text-align:center}.ui.statistic>.value img,.ui.statistics .statistic>.value img{max-height:3rem;vertical-align:baseline}.ui.ten.statistics{margin:0 0 -1em}.ui.ten.statistics .statistic{min-width:10%;margin:0 0 1em}.ui.nine.statistics{margin:0 0 -1em}.ui.nine.statistics .statistic{min-width:11.11111111%;margin:0 0 1em}.ui.eight.statistics{margin:0 0 -1em}.ui.eight.statistics .statistic{min-width:12.5%;margin:0 0 1em}.ui.seven.statistics{margin:0 0 -1em}.ui.seven.statistics .statistic{min-width:14.28571429%;margin:0 0 1em}.ui.six.statistics{margin:0 0 -1em}.ui.six.statistics .statistic{min-width:16.66666667%;margin:0 0 1em}.ui.five.statistics{margin:0 0 -1em}.ui.five.statistics .statistic{min-width:20%;margin:0 0 1em}.ui.four.statistics{margin:0 0 -1em}.ui.four.statistics .statistic{min-width:25%;margin:0 0 1em}.ui.three.statistics{margin:0 0 -1em}.ui.three.statistics .statistic{min-width:33.33333333%;margin:0 0 1em}.ui.two.statistics{margin:0 0 -1em}.ui.two.statistics .statistic{min-width:50%;margin:0 0 1em}.ui.one.statistics{margin:0 0 -1em}.ui.one.statistics .statistic{min-width:100%;margin:0 0 1em}.ui.horizontal.statistic{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.ui.horizontal.statistics{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;margin:0;max-width:none}.ui.horizontal.statistics .statistic{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;-webkit-box-align:center;-ms-flex-align:center;align-items:center;max-width:none;margin:1em 0}.ui.horizontal.statistic>.text.value,.ui.horizontal.statistics>.statistic>.text.value{min-height:0!important}.ui.horizontal.statistic>.value .icon,.ui.horizontal.statistics .statistic>.value .icon{width:1.18em}.ui.horizontal.statistic>.value,.ui.horizontal.statistics .statistic>.value{display:inline-block;vertical-align:middle}.ui.horizontal.statistic>.label,.ui.horizontal.statistics .statistic>.label{display:inline-block;vertical-align:middle;margin:0 0 0 .75em}.ui.red.statistic>.value,.ui.red.statistics .statistic>.value,.ui.statistics .red.statistic>.value{color:#db2828}.ui.orange.statistic>.value,.ui.orange.statistics .statistic>.value,.ui.statistics .orange.statistic>.value{color:#f2711c}.ui.statistics .yellow.statistic>.value,.ui.yellow.statistic>.value,.ui.yellow.statistics .statistic>.value{color:#fbbd08}.ui.olive.statistic>.value,.ui.olive.statistics .statistic>.value,.ui.statistics .olive.statistic>.value{color:#b5cc18}.ui.green.statistic>.value,.ui.green.statistics .statistic>.value,.ui.statistics .green.statistic>.value{color:#21ba45}.ui.statistics .teal.statistic>.value,.ui.teal.statistic>.value,.ui.teal.statistics .statistic>.value{color:#00b5ad}.ui.blue.statistic>.value,.ui.blue.statistics .statistic>.value,.ui.statistics .blue.statistic>.value{color:#2185d0}.ui.statistics .violet.statistic>.value,.ui.violet.statistic>.value,.ui.violet.statistics .statistic>.value{color:#6435c9}.ui.purple.statistic>.value,.ui.purple.statistics .statistic>.value,.ui.statistics .purple.statistic>.value{color:#a333c8}.ui.pink.statistic>.value,.ui.pink.statistics .statistic>.value,.ui.statistics .pink.statistic>.value{color:#e03997}.ui.brown.statistic>.value,.ui.brown.statistics .statistic>.value,.ui.statistics .brown.statistic>.value{color:#a5673f}.ui.grey.statistic>.value,.ui.grey.statistics .statistic>.value,.ui.statistics .grey.statistic>.value{color:#767676}.ui.inverted.statistic .value,.ui.inverted.statistics .statistic>.value{color:#fff}.ui.inverted.statistic .label,.ui.inverted.statistics .statistic>.label{color:rgba(255,255,255,.9)}.ui.inverted.red.statistic>.value,.ui.inverted.red.statistics .statistic>.value,.ui.statistics .inverted.red.statistic>.value{color:#ff695e}.ui.inverted.orange.statistic>.value,.ui.inverted.orange.statistics .statistic>.value,.ui.statistics .inverted.orange.statistic>.value{color:#ff851b}.ui.inverted.yellow.statistic>.value,.ui.inverted.yellow.statistics .statistic>.value,.ui.statistics .inverted.yellow.statistic>.value{color:#ffe21f}.ui.inverted.olive.statistic>.value,.ui.inverted.olive.statistics .statistic>.value,.ui.statistics .inverted.olive.statistic>.value{color:#d9e778}.ui.inverted.green.statistic>.value,.ui.inverted.green.statistics .statistic>.value,.ui.statistics .inverted.green.statistic>.value{color:#2ecc40}.ui.inverted.teal.statistic>.value,.ui.inverted.teal.statistics .statistic>.value,.ui.statistics .inverted.teal.statistic>.value{color:#6dffff}.ui.inverted.blue.statistic>.value,.ui.inverted.blue.statistics .statistic>.value,.ui.statistics .inverted.blue.statistic>.value{color:#54c8ff}.ui.inverted.violet.statistic>.value,.ui.inverted.violet.statistics .statistic>.value,.ui.statistics .inverted.violet.statistic>.value{color:#a291fb}.ui.inverted.purple.statistic>.value,.ui.inverted.purple.statistics .statistic>.value,.ui.statistics .inverted.purple.statistic>.value{color:#dc73ff}.ui.inverted.pink.statistic>.value,.ui.inverted.pink.statistics .statistic>.value,.ui.statistics .inverted.pink.statistic>.value{color:#ff8edf}.ui.inverted.brown.statistic>.value,.ui.inverted.brown.statistics .statistic>.value,.ui.statistics .inverted.brown.statistic>.value{color:#d67c1c}.ui.inverted.grey.statistic>.value,.ui.inverted.grey.statistics .statistic>.value,.ui.statistics .inverted.grey.statistic>.value{color:#dcddde}.ui[class*="left floated"].statistic{float:left;margin:0 2em 1em 0}.ui[class*="right floated"].statistic{float:right;margin:0 0 1em 2em}.ui.floated.statistic:last-child{margin-bottom:0}.ui.mini.statistic>.value,.ui.mini.statistics .statistic>.value{font-size:1.5rem!important}.ui.mini.horizontal.statistic>.value,.ui.mini.horizontal.statistics .statistic>.value{font-size:1.5rem!important}.ui.mini.statistic>.text.value,.ui.mini.statistics .statistic>.text.value{font-size:1rem!important}.ui.tiny.statistic>.value,.ui.tiny.statistics .statistic>.value{font-size:2rem!important}.ui.tiny.horizontal.statistic>.value,.ui.tiny.horizontal.statistics .statistic>.value{font-size:2rem!important}.ui.tiny.statistic>.text.value,.ui.tiny.statistics .statistic>.text.value{font-size:1rem!important}.ui.small.statistic>.value,.ui.small.statistics .statistic>.value{font-size:3rem!important}.ui.small.horizontal.statistic>.value,.ui.small.horizontal.statistics .statistic>.value{font-size:2rem!important}.ui.small.statistic>.text.value,.ui.small.statistics .statistic>.text.value{font-size:1rem!important}.ui.statistic>.value,.ui.statistics .statistic>.value{font-size:4rem!important}.ui.horizontal.statistic>.value,.ui.horizontal.statistics .statistic>.value{font-size:3rem!important}.ui.statistic>.text.value,.ui.statistics .statistic>.text.value{font-size:2rem!important}.ui.large.statistic>.value,.ui.large.statistics .statistic>.value{font-size:5rem!important}.ui.large.horizontal.statistic>.value,.ui.large.horizontal.statistics .statistic>.value{font-size:4rem!important}.ui.large.statistic>.text.value,.ui.large.statistics .statistic>.text.value{font-size:2.5rem!important}.ui.huge.statistic>.value,.ui.huge.statistics .statistic>.value{font-size:6rem!important}.ui.huge.horizontal.statistic>.value,.ui.huge.horizontal.statistics .statistic>.value{font-size:5rem!important}.ui.huge.statistic>.text.value,.ui.huge.statistics .statistic>.text.value{font-size:2.5rem!important}/*!
- * # Semantic UI 2.4.0 - Accordion
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.accordion,.ui.accordion .accordion{max-width:100%}.ui.accordion .accordion{margin:1em 0 0;padding:0}.ui.accordion .accordion .title,.ui.accordion .title{cursor:pointer}.ui.accordion .title:not(.ui){padding:.5em 0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:1em;color:rgba(0,0,0,.87)}.ui.accordion .accordion .title~.content,.ui.accordion .title~.content{display:none}.ui.accordion:not(.styled) .accordion .title~.content:not(.ui),.ui.accordion:not(.styled) .title~.content:not(.ui){margin:'';padding:.5em 0 1em}.ui.accordion:not(.styled) .title~.content:not(.ui):last-child{padding-bottom:0}.ui.accordion .accordion .title .dropdown.icon,.ui.accordion .title .dropdown.icon{display:inline-block;float:none;opacity:1;width:1.25em;height:1em;margin:0 .25rem 0 0;padding:0;font-size:1em;-webkit-transition:opacity .1s ease,-webkit-transform .1s ease;transition:opacity .1s ease,-webkit-transform .1s ease;transition:transform .1s ease,opacity .1s ease;transition:transform .1s ease,opacity .1s ease,-webkit-transform .1s ease;vertical-align:baseline;-webkit-transform:none;transform:none}.ui.accordion.menu .item .title{display:block;padding:0}.ui.accordion.menu .item .title>.dropdown.icon{float:right;margin:.21425em 0 0 1em;-webkit-transform:rotate(180deg);transform:rotate(180deg)}.ui.accordion .ui.header .dropdown.icon{font-size:1em;margin:0 .25rem 0 0}.ui.accordion .accordion .active.title .dropdown.icon,.ui.accordion .active.title .dropdown.icon{-webkit-transform:rotate(90deg);transform:rotate(90deg)}.ui.accordion.menu .item .active.title>.dropdown.icon{-webkit-transform:rotate(90deg);transform:rotate(90deg)}.ui.styled.accordion{width:600px}.ui.styled.accordion,.ui.styled.accordion .accordion{border-radius:.28571429rem;background:#fff;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15);box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15)}.ui.styled.accordion .accordion .title,.ui.styled.accordion .title{margin:0;padding:.75em 1em;color:rgba(0,0,0,.4);font-weight:700;border-top:1px solid rgba(34,36,38,.15);-webkit-transition:background .1s ease,color .1s ease;transition:background .1s ease,color .1s ease}.ui.styled.accordion .accordion .title:first-child,.ui.styled.accordion>.title:first-child{border-top:none}.ui.styled.accordion .accordion .content,.ui.styled.accordion .content{margin:0;padding:.5em 1em 1.5em}.ui.styled.accordion .accordion .content{padding:0;padding:.5em 1em 1.5em}.ui.styled.accordion .accordion .active.title,.ui.styled.accordion .accordion .title:hover,.ui.styled.accordion .active.title,.ui.styled.accordion .title:hover{background:0 0;color:rgba(0,0,0,.87)}.ui.styled.accordion .accordion .active.title,.ui.styled.accordion .accordion .title:hover{background:0 0;color:rgba(0,0,0,.87)}.ui.styled.accordion .active.title{background:0 0;color:rgba(0,0,0,.95)}.ui.styled.accordion .accordion .active.title{background:0 0;color:rgba(0,0,0,.95)}.ui.accordion .accordion .active.content,.ui.accordion .active.content{display:block}.ui.fluid.accordion,.ui.fluid.accordion .accordion{width:100%}.ui.inverted.accordion .title:not(.ui){color:rgba(255,255,255,.9)}@font-face{font-family:Accordion;src:url(data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMggjB5AAAAC8AAAAYGNtYXAPfOIKAAABHAAAAExnYXNwAAAAEAAAAWgAAAAIZ2x5Zryj6HgAAAFwAAAAyGhlYWT/0IhHAAACOAAAADZoaGVhApkB5wAAAnAAAAAkaG10eAJuABIAAAKUAAAAGGxvY2EAjABWAAACrAAAAA5tYXhwAAgAFgAAArwAAAAgbmFtZfC1n04AAALcAAABPHBvc3QAAwAAAAAEGAAAACAAAwIAAZAABQAAAUwBZgAAAEcBTAFmAAAA9QAZAIQAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADw2gHg/+D/4AHgACAAAAABAAAAAAAAAAAAAAAgAAAAAAACAAAAAwAAABQAAwABAAAAFAAEADgAAAAKAAgAAgACAAEAIPDa//3//wAAAAAAIPDZ//3//wAB/+MPKwADAAEAAAAAAAAAAAAAAAEAAf//AA8AAQAAAAAAAAAAAAIAADc5AQAAAAABAAAAAAAAAAAAAgAANzkBAAAAAAEAAAAAAAAAAAACAAA3OQEAAAAAAQASAEkAtwFuABMAADc0PwE2FzYXFh0BFAcGJwYvASY1EgaABQgHBQYGBQcIBYAG2wcGfwcBAQcECf8IBAcBAQd/BgYAAAAAAQAAAEkApQFuABMAADcRNDc2MzIfARYVFA8BBiMiJyY1AAUGBwgFgAYGgAUIBwYFWwEACAUGBoAFCAcFgAYGBQcAAAABAAAAAQAAqWYls18PPPUACwIAAAAAAM/9o+4AAAAAz/2j7gAAAAAAtwFuAAAACAACAAAAAAAAAAEAAAHg/+AAAAIAAAAAAAC3AAEAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAQAAAAC3ABIAtwAAAAAAAAAKABQAHgBCAGQAAAABAAAABgAUAAEAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAADgCuAAEAAAAAAAEADAAAAAEAAAAAAAIADgBAAAEAAAAAAAMADAAiAAEAAAAAAAQADABOAAEAAAAAAAUAFgAMAAEAAAAAAAYABgAuAAEAAAAAAAoANABaAAMAAQQJAAEADAAAAAMAAQQJAAIADgBAAAMAAQQJAAMADAAiAAMAAQQJAAQADABOAAMAAQQJAAUAFgAMAAMAAQQJAAYADAA0AAMAAQQJAAoANABaAHIAYQB0AGkAbgBnAFYAZQByAHMAaQBvAG4AIAAxAC4AMAByAGEAdABpAG4AZ3JhdGluZwByAGEAdABpAG4AZwBSAGUAZwB1AGwAYQByAHIAYQB0AGkAbgBnAEYAbwBuAHQAIABnAGUAbgBlAHIAYQB0AGUAZAAgAGIAeQAgAEkAYwBvAE0AbwBvAG4ALgADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA) format('truetype'),url(data:application/font-woff;charset=utf-8;base64,d09GRk9UVE8AAASwAAoAAAAABGgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABDRkYgAAAA9AAAAS0AAAEtFpovuE9TLzIAAAIkAAAAYAAAAGAIIweQY21hcAAAAoQAAABMAAAATA984gpnYXNwAAAC0AAAAAgAAAAIAAAAEGhlYWQAAALYAAAANgAAADb/0IhHaGhlYQAAAxAAAAAkAAAAJAKZAedobXR4AAADNAAAABgAAAAYAm4AEm1heHAAAANMAAAABgAAAAYABlAAbmFtZQAAA1QAAAE8AAABPPC1n05wb3N0AAAEkAAAACAAAAAgAAMAAAEABAQAAQEBB3JhdGluZwABAgABADr4HAL4GwP4GAQeCgAZU/+Lix4KABlT/4uLDAeLa/iU+HQFHQAAAHkPHQAAAH4RHQAAAAkdAAABJBIABwEBBw0PERQZHnJhdGluZ3JhdGluZ3UwdTF1MjB1RjBEOXVGMERBAAACAYkABAAGAQEEBwoNVp38lA78lA78lA77lA773Z33bxWLkI2Qj44I9xT3FAWOj5CNkIuQi4+JjoePiI2Gi4YIi/uUBYuGiYeHiIiHh4mGi4aLho2Ijwj7FPcUBYeOiY+LkAgO+92L5hWL95QFi5CNkI6Oj4+PjZCLkIuQiY6HCPcU+xQFj4iNhouGi4aJh4eICPsU+xQFiIeGiYaLhouHjYePiI6Jj4uQCA74lBT4lBWLDAoAAAAAAwIAAZAABQAAAUwBZgAAAEcBTAFmAAAA9QAZAIQAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADw2gHg/+D/4AHgACAAAAABAAAAAAAAAAAAAAAgAAAAAAACAAAAAwAAABQAAwABAAAAFAAEADgAAAAKAAgAAgACAAEAIPDa//3//wAAAAAAIPDZ//3//wAB/+MPKwADAAEAAAAAAAAAAAAAAAEAAf//AA8AAQAAAAEAADfYOJZfDzz1AAsCAAAAAADP/aPuAAAAAM/9o+4AAAAAALcBbgAAAAgAAgAAAAAAAAABAAAB4P/gAAACAAAAAAAAtwABAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAEAAAAAtwASALcAAAAAUAAABgAAAAAADgCuAAEAAAAAAAEADAAAAAEAAAAAAAIADgBAAAEAAAAAAAMADAAiAAEAAAAAAAQADABOAAEAAAAAAAUAFgAMAAEAAAAAAAYABgAuAAEAAAAAAAoANABaAAMAAQQJAAEADAAAAAMAAQQJAAIADgBAAAMAAQQJAAMADAAiAAMAAQQJAAQADABOAAMAAQQJAAUAFgAMAAMAAQQJAAYADAA0AAMAAQQJAAoANABaAHIAYQB0AGkAbgBnAFYAZQByAHMAaQBvAG4AIAAxAC4AMAByAGEAdABpAG4AZ3JhdGluZwByAGEAdABpAG4AZwBSAGUAZwB1AGwAYQByAHIAYQB0AGkAbgBnAEYAbwBuAHQAIABnAGUAbgBlAHIAYQB0AGUAZAAgAGIAeQAgAEkAYwBvAE0AbwBvAG4ALgADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA) format('woff');font-weight:400;font-style:normal}.ui.accordion .accordion .title .dropdown.icon,.ui.accordion .title .dropdown.icon{font-family:Accordion;line-height:1;-webkit-backface-visibility:hidden;backface-visibility:hidden;font-weight:400;font-style:normal;text-align:center}.ui.accordion .accordion .title .dropdown.icon:before,.ui.accordion .title .dropdown.icon:before{content:'\f0da'}/*!
- * # Semantic UI 2.4.0 - Checkbox
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.checkbox{position:relative;display:inline-block;-webkit-backface-visibility:hidden;backface-visibility:hidden;outline:0;vertical-align:baseline;font-style:normal;min-height:17px;font-size:1rem;line-height:17px;min-width:17px}.ui.checkbox input[type=checkbox],.ui.checkbox input[type=radio]{cursor:pointer;position:absolute;top:0;left:0;opacity:0!important;outline:0;z-index:3;width:17px;height:17px}.ui.checkbox .box,.ui.checkbox label{cursor:auto;position:relative;display:block;padding-left:1.85714em;outline:0;font-size:1em}.ui.checkbox .box:before,.ui.checkbox label:before{position:absolute;top:0;left:0;width:17px;height:17px;content:'';background:#fff;border-radius:.21428571rem;-webkit-transition:border .1s ease,opacity .1s ease,-webkit-transform .1s ease,-webkit-box-shadow .1s ease;transition:border .1s ease,opacity .1s ease,-webkit-transform .1s ease,-webkit-box-shadow .1s ease;transition:border .1s ease,opacity .1s ease,transform .1s ease,box-shadow .1s ease;transition:border .1s ease,opacity .1s ease,transform .1s ease,box-shadow .1s ease,-webkit-transform .1s ease,-webkit-box-shadow .1s ease;border:1px solid #d4d4d5}.ui.checkbox .box:after,.ui.checkbox label:after{position:absolute;font-size:14px;top:0;left:0;width:17px;height:17px;text-align:center;opacity:0;color:rgba(0,0,0,.87);-webkit-transition:border .1s ease,opacity .1s ease,-webkit-transform .1s ease,-webkit-box-shadow .1s ease;transition:border .1s ease,opacity .1s ease,-webkit-transform .1s ease,-webkit-box-shadow .1s ease;transition:border .1s ease,opacity .1s ease,transform .1s ease,box-shadow .1s ease;transition:border .1s ease,opacity .1s ease,transform .1s ease,box-shadow .1s ease,-webkit-transform .1s ease,-webkit-box-shadow .1s ease}.ui.checkbox label,.ui.checkbox+label{color:rgba(0,0,0,.87);-webkit-transition:color .1s ease;transition:color .1s ease}.ui.checkbox+label{vertical-align:middle}.ui.checkbox .box:hover::before,.ui.checkbox label:hover::before{background:#fff;border-color:rgba(34,36,38,.35)}.ui.checkbox label:hover,.ui.checkbox+label:hover{color:rgba(0,0,0,.8)}.ui.checkbox .box:active::before,.ui.checkbox label:active::before{background:#f9fafb;border-color:rgba(34,36,38,.35)}.ui.checkbox .box:active::after,.ui.checkbox label:active::after{color:rgba(0,0,0,.95)}.ui.checkbox input:active~label{color:rgba(0,0,0,.95)}.ui.checkbox input:focus~.box:before,.ui.checkbox input:focus~label:before{background:#fff;border-color:#96c8da}.ui.checkbox input:focus~.box:after,.ui.checkbox input:focus~label:after{color:rgba(0,0,0,.95)}.ui.checkbox input:focus~label{color:rgba(0,0,0,.95)}.ui.checkbox input:checked~.box:before,.ui.checkbox input:checked~label:before{background:#fff;border-color:rgba(34,36,38,.35)}.ui.checkbox input:checked~.box:after,.ui.checkbox input:checked~label:after{opacity:1;color:rgba(0,0,0,.95)}.ui.checkbox input:not([type=radio]):indeterminate~.box:before,.ui.checkbox input:not([type=radio]):indeterminate~label:before{background:#fff;border-color:rgba(34,36,38,.35)}.ui.checkbox input:not([type=radio]):indeterminate~.box:after,.ui.checkbox input:not([type=radio]):indeterminate~label:after{opacity:1;color:rgba(0,0,0,.95)}.ui.checkbox input:checked:focus~.box:before,.ui.checkbox input:checked:focus~label:before,.ui.checkbox input:not([type=radio]):indeterminate:focus~.box:before,.ui.checkbox input:not([type=radio]):indeterminate:focus~label:before{background:#fff;border-color:#96c8da}.ui.checkbox input:checked:focus~.box:after,.ui.checkbox input:checked:focus~label:after,.ui.checkbox input:not([type=radio]):indeterminate:focus~.box:after,.ui.checkbox input:not([type=radio]):indeterminate:focus~label:after{color:rgba(0,0,0,.95)}.ui.read-only.checkbox,.ui.read-only.checkbox label{cursor:default}.ui.checkbox input[disabled]~.box:after,.ui.checkbox input[disabled]~label,.ui.disabled.checkbox .box:after,.ui.disabled.checkbox label{cursor:default!important;opacity:.5;color:#000}.ui.checkbox input.hidden{z-index:-1}.ui.checkbox input.hidden+label{cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.ui.radio.checkbox{min-height:15px}.ui.radio.checkbox .box,.ui.radio.checkbox label{padding-left:1.85714em}.ui.radio.checkbox .box:before,.ui.radio.checkbox label:before{content:'';-webkit-transform:none;transform:none;width:15px;height:15px;border-radius:500rem;top:1px;left:0}.ui.radio.checkbox .box:after,.ui.radio.checkbox label:after{border:none;content:''!important;width:15px;height:15px;line-height:15px}.ui.radio.checkbox .box:after,.ui.radio.checkbox label:after{top:1px;left:0;width:15px;height:15px;border-radius:500rem;-webkit-transform:scale(.46666667);transform:scale(.46666667);background-color:rgba(0,0,0,.87)}.ui.radio.checkbox input:focus~.box:before,.ui.radio.checkbox input:focus~label:before{background-color:#fff}.ui.radio.checkbox input:focus~.box:after,.ui.radio.checkbox input:focus~label:after{background-color:rgba(0,0,0,.95)}.ui.radio.checkbox input:indeterminate~.box:after,.ui.radio.checkbox input:indeterminate~label:after{opacity:0}.ui.radio.checkbox input:checked~.box:before,.ui.radio.checkbox input:checked~label:before{background-color:#fff}.ui.radio.checkbox input:checked~.box:after,.ui.radio.checkbox input:checked~label:after{background-color:rgba(0,0,0,.95)}.ui.radio.checkbox input:focus:checked~.box:before,.ui.radio.checkbox input:focus:checked~label:before{background-color:#fff}.ui.radio.checkbox input:focus:checked~.box:after,.ui.radio.checkbox input:focus:checked~label:after{background-color:rgba(0,0,0,.95)}.ui.slider.checkbox{min-height:1.25rem}.ui.slider.checkbox input{width:3.5rem;height:1.25rem}.ui.slider.checkbox .box,.ui.slider.checkbox label{padding-left:4.5rem;line-height:1rem;color:rgba(0,0,0,.4)}.ui.slider.checkbox .box:before,.ui.slider.checkbox label:before{display:block;position:absolute;content:'';border:none!important;left:0;z-index:1;top:.4rem;background-color:rgba(0,0,0,.05);width:3.5rem;height:.21428571rem;-webkit-transform:none;transform:none;border-radius:500rem;-webkit-transition:background .3s ease;transition:background .3s ease}.ui.slider.checkbox .box:after,.ui.slider.checkbox label:after{background:#fff -webkit-gradient(linear,left top,left bottom,from(transparent),to(rgba(0,0,0,.05)));background:#fff -webkit-linear-gradient(transparent,rgba(0,0,0,.05));background:#fff linear-gradient(transparent,rgba(0,0,0,.05));position:absolute;content:''!important;opacity:1;z-index:2;border:none;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset;width:1.5rem;height:1.5rem;top:-.25rem;left:0;-webkit-transform:none;transform:none;border-radius:500rem;-webkit-transition:left .3s ease;transition:left .3s ease}.ui.slider.checkbox input:focus~.box:before,.ui.slider.checkbox input:focus~label:before{background-color:rgba(0,0,0,.15);border:none}.ui.slider.checkbox .box:hover,.ui.slider.checkbox label:hover{color:rgba(0,0,0,.8)}.ui.slider.checkbox .box:hover::before,.ui.slider.checkbox label:hover::before{background:rgba(0,0,0,.15)}.ui.slider.checkbox input:checked~.box,.ui.slider.checkbox input:checked~label{color:rgba(0,0,0,.95)!important}.ui.slider.checkbox input:checked~.box:before,.ui.slider.checkbox input:checked~label:before{background-color:#545454!important}.ui.slider.checkbox input:checked~.box:after,.ui.slider.checkbox input:checked~label:after{left:2rem}.ui.slider.checkbox input:focus:checked~.box,.ui.slider.checkbox input:focus:checked~label{color:rgba(0,0,0,.95)!important}.ui.slider.checkbox input:focus:checked~.box:before,.ui.slider.checkbox input:focus:checked~label:before{background-color:#000!important}.ui.toggle.checkbox{min-height:1.5rem}.ui.toggle.checkbox input{width:3.5rem;height:1.5rem}.ui.toggle.checkbox .box,.ui.toggle.checkbox label{min-height:1.5rem;padding-left:4.5rem;color:rgba(0,0,0,.87)}.ui.toggle.checkbox label{padding-top:.15em}.ui.toggle.checkbox .box:before,.ui.toggle.checkbox label:before{display:block;position:absolute;content:'';z-index:1;-webkit-transform:none;transform:none;border:none;top:0;background:rgba(0,0,0,.05);-webkit-box-shadow:none;box-shadow:none;width:3.5rem;height:1.5rem;border-radius:500rem}.ui.toggle.checkbox .box:after,.ui.toggle.checkbox label:after{background:#fff -webkit-gradient(linear,left top,left bottom,from(transparent),to(rgba(0,0,0,.05)));background:#fff -webkit-linear-gradient(transparent,rgba(0,0,0,.05));background:#fff linear-gradient(transparent,rgba(0,0,0,.05));position:absolute;content:''!important;opacity:1;z-index:2;border:none;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset;width:1.5rem;height:1.5rem;top:0;left:0;border-radius:500rem;-webkit-transition:background .3s ease,left .3s ease;transition:background .3s ease,left .3s ease}.ui.toggle.checkbox input~.box:after,.ui.toggle.checkbox input~label:after{left:-.05rem;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset}.ui.toggle.checkbox input:focus~.box:before,.ui.toggle.checkbox input:focus~label:before{background-color:rgba(0,0,0,.15);border:none}.ui.toggle.checkbox .box:hover::before,.ui.toggle.checkbox label:hover::before{background-color:rgba(0,0,0,.15);border:none}.ui.toggle.checkbox input:checked~.box,.ui.toggle.checkbox input:checked~label{color:rgba(0,0,0,.95)!important}.ui.toggle.checkbox input:checked~.box:before,.ui.toggle.checkbox input:checked~label:before{background-color:#2185d0!important}.ui.toggle.checkbox input:checked~.box:after,.ui.toggle.checkbox input:checked~label:after{left:2.15rem;-webkit-box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 1px 2px 0 rgba(34,36,38,.15),0 0 0 1px rgba(34,36,38,.15) inset}.ui.toggle.checkbox input:focus:checked~.box,.ui.toggle.checkbox input:focus:checked~label{color:rgba(0,0,0,.95)!important}.ui.toggle.checkbox input:focus:checked~.box:before,.ui.toggle.checkbox input:focus:checked~label:before{background-color:#0d71bb!important}.ui.fitted.checkbox .box,.ui.fitted.checkbox label{padding-left:0!important}.ui.fitted.toggle.checkbox{width:3.5rem}.ui.fitted.slider.checkbox{width:3.5rem}@font-face{font-family:Checkbox;src:url(data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMg8SBD8AAAC8AAAAYGNtYXAYVtCJAAABHAAAAFRnYXNwAAAAEAAAAXAAAAAIZ2x5Zn4huwUAAAF4AAABYGhlYWQGPe1ZAAAC2AAAADZoaGVhB30DyAAAAxAAAAAkaG10eBBKAEUAAAM0AAAAHGxvY2EAmgESAAADUAAAABBtYXhwAAkALwAAA2AAAAAgbmFtZSC8IugAAAOAAAABknBvc3QAAwAAAAAFFAAAACAAAwMTAZAABQAAApkCzAAAAI8CmQLMAAAB6wAzAQkAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADoAgPA/8AAQAPAAEAAAAABAAAAAAAAAAAAAAAgAAAAAAADAAAAAwAAABwAAQADAAAAHAADAAEAAAAcAAQAOAAAAAoACAACAAIAAQAg6AL//f//AAAAAAAg6AD//f//AAH/4xgEAAMAAQAAAAAAAAAAAAAAAQAB//8ADwABAAAAAAAAAAAAAgAANzkBAAAAAAEAAAAAAAAAAAACAAA3OQEAAAAAAQAAAAAAAAAAAAIAADc5AQAAAAABAEUAUQO7AvgAGgAAARQHAQYjIicBJjU0PwE2MzIfAQE2MzIfARYVA7sQ/hQQFhcQ/uMQEE4QFxcQqAF2EBcXEE4QAnMWEP4UEBABHRAXFhBOEBCoAXcQEE4QFwAAAAABAAABbgMlAkkAFAAAARUUBwYjISInJj0BNDc2MyEyFxYVAyUQEBf9SRcQEBAQFwK3FxAQAhJtFxAQEBAXbRcQEBAQFwAAAAABAAAASQMlA24ALAAAARUUBwYrARUUBwYrASInJj0BIyInJj0BNDc2OwE1NDc2OwEyFxYdATMyFxYVAyUQEBfuEBAXbhYQEO4XEBAQEBfuEBAWbhcQEO4XEBACEm0XEBDuFxAQEBAX7hAQF20XEBDuFxAQEBAX7hAQFwAAAQAAAAIAAHRSzT9fDzz1AAsEAAAAAADRsdR3AAAAANGx1HcAAAAAA7sDbgAAAAgAAgAAAAAAAAABAAADwP/AAAAEAAAAAAADuwABAAAAAAAAAAAAAAAAAAAABwQAAAAAAAAAAAAAAAIAAAAEAABFAyUAAAMlAAAAAAAAAAoAFAAeAE4AcgCwAAEAAAAHAC0AAQAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAOAK4AAQAAAAAAAQAIAAAAAQAAAAAAAgAHAGkAAQAAAAAAAwAIADkAAQAAAAAABAAIAH4AAQAAAAAABQALABgAAQAAAAAABgAIAFEAAQAAAAAACgAaAJYAAwABBAkAAQAQAAgAAwABBAkAAgAOAHAAAwABBAkAAwAQAEEAAwABBAkABAAQAIYAAwABBAkABQAWACMAAwABBAkABgAQAFkAAwABBAkACgA0ALBDaGVja2JveABDAGgAZQBjAGsAYgBvAHhWZXJzaW9uIDIuMABWAGUAcgBzAGkAbwBuACAAMgAuADBDaGVja2JveABDAGgAZQBjAGsAYgBvAHhDaGVja2JveABDAGgAZQBjAGsAYgBvAHhSZWd1bGFyAFIAZQBnAHUAbABhAHJDaGVja2JveABDAGgAZQBjAGsAYgBvAHhGb250IGdlbmVyYXRlZCBieSBJY29Nb29uLgBGAG8AbgB0ACAAZwBlAG4AZQByAGEAdABlAGQAIABiAHkAIABJAGMAbwBNAG8AbwBuAC4AAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA) format('truetype')}.ui.checkbox .box:after,.ui.checkbox label:after{font-family:Checkbox}.ui.checkbox input:checked~.box:after,.ui.checkbox input:checked~label:after{content:'\e800'}.ui.checkbox input:indeterminate~.box:after,.ui.checkbox input:indeterminate~label:after{font-size:12px;content:'\e801'}/*!
- * # Semantic UI 2.4.0 - Dimmer
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.dimmable:not(body){position:relative}.ui.dimmer{display:none;position:absolute;top:0!important;left:0!important;width:100%;height:100%;text-align:center;vertical-align:middle;padding:1em;background-color:rgba(0,0,0,.85);opacity:0;line-height:1;-webkit-animation-fill-mode:both;animation-fill-mode:both;-webkit-animation-duration:.5s;animation-duration:.5s;-webkit-transition:background-color .5s linear;transition:background-color .5s linear;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;will-change:opacity;z-index:1000}.ui.dimmer>.content{-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text;color:#fff}.ui.segment>.ui.dimmer{border-radius:inherit!important}.ui.dimmer:not(.inverted)::-webkit-scrollbar-track{background:rgba(255,255,255,.1)}.ui.dimmer:not(.inverted)::-webkit-scrollbar-thumb{background:rgba(255,255,255,.25)}.ui.dimmer:not(.inverted)::-webkit-scrollbar-thumb:window-inactive{background:rgba(255,255,255,.15)}.ui.dimmer:not(.inverted)::-webkit-scrollbar-thumb:hover{background:rgba(255,255,255,.35)}.animating.dimmable:not(body),.dimmed.dimmable:not(body){overflow:hidden}.dimmed.dimmable>.ui.animating.dimmer,.dimmed.dimmable>.ui.visible.dimmer,.ui.active.dimmer{display:-webkit-box;display:-ms-flexbox;display:flex;opacity:1}.ui.disabled.dimmer{width:0!important;height:0!important}.dimmed.dimmable>.ui.animating.legacy.dimmer,.dimmed.dimmable>.ui.visible.legacy.dimmer,.ui.active.legacy.dimmer{display:block}.ui[class*="top aligned"].dimmer{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.ui[class*="bottom aligned"].dimmer{-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end}.ui.page.dimmer{position:fixed;-webkit-transform-style:'';transform-style:'';-webkit-perspective:2000px;perspective:2000px;-webkit-transform-origin:center center;transform-origin:center center}body.animating.in.dimmable,body.dimmed.dimmable{overflow:hidden}body.dimmable>.dimmer{position:fixed}.blurring.dimmable>:not(.dimmer){-webkit-filter:blur(0) grayscale(0);filter:blur(0) grayscale(0);-webkit-transition:.8s -webkit-filter ease;transition:.8s -webkit-filter ease;transition:.8s filter ease;transition:.8s filter ease,.8s -webkit-filter ease}.blurring.dimmed.dimmable>:not(.dimmer){-webkit-filter:blur(5px) grayscale(.7);filter:blur(5px) grayscale(.7)}.blurring.dimmable>.dimmer{background-color:rgba(0,0,0,.6)}.blurring.dimmable>.inverted.dimmer{background-color:rgba(255,255,255,.6)}.ui.dimmer>.top.aligned.content>*{vertical-align:top}.ui.dimmer>.bottom.aligned.content>*{vertical-align:bottom}.ui.inverted.dimmer{background-color:rgba(255,255,255,.85)}.ui.inverted.dimmer>.content>*{color:#fff}.ui.simple.dimmer{display:block;overflow:hidden;opacity:1;width:0%;height:0%;z-index:-100;background-color:rgba(0,0,0,0)}.dimmed.dimmable>.ui.simple.dimmer{overflow:visible;opacity:1;width:100%;height:100%;background-color:rgba(0,0,0,.85);z-index:1}.ui.simple.inverted.dimmer{background-color:rgba(255,255,255,0)}.dimmed.dimmable>.ui.simple.inverted.dimmer{background-color:rgba(255,255,255,.85)}/*!
- * # Semantic UI 2.4.0 - Dropdown
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.dropdown{cursor:pointer;position:relative;display:inline-block;outline:0;text-align:left;-webkit-transition:width .1s ease,-webkit-box-shadow .1s ease;transition:width .1s ease,-webkit-box-shadow .1s ease;transition:box-shadow .1s ease,width .1s ease;transition:box-shadow .1s ease,width .1s ease,-webkit-box-shadow .1s ease;-webkit-tap-highlight-color:transparent}.ui.dropdown .menu{cursor:auto;position:absolute;display:none;outline:0;top:100%;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;margin:0;padding:0 0;background:#fff;font-size:1em;text-shadow:none;text-align:left;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15);border:1px solid rgba(34,36,38,.15);border-radius:.28571429rem;-webkit-transition:opacity .1s ease;transition:opacity .1s ease;z-index:11;will-change:transform,opacity}.ui.dropdown .menu>*{white-space:nowrap}.ui.dropdown>input:not(.search):first-child,.ui.dropdown>select{display:none!important}.ui.dropdown>.dropdown.icon{position:relative;width:auto;font-size:.85714286em;margin:0 0 0 1em}.ui.dropdown .menu>.item .dropdown.icon{width:auto;float:right;margin:0 0 0 1em}.ui.dropdown .menu>.item .dropdown.icon+.text{margin-right:1em}.ui.dropdown>.text{display:inline-block;-webkit-transition:none;transition:none}.ui.dropdown .menu>.item{position:relative;cursor:pointer;display:block;border:none;height:auto;text-align:left;border-top:none;line-height:1em;color:rgba(0,0,0,.87);padding:.78571429rem 1.14285714rem!important;font-size:1rem;text-transform:none;font-weight:400;-webkit-box-shadow:none;box-shadow:none;-webkit-touch-callout:none}.ui.dropdown .menu>.item:first-child{border-top-width:0}.ui.dropdown .menu .item>[class*="right floated"],.ui.dropdown>.text>[class*="right floated"]{float:right!important;margin-right:0!important;margin-left:1em!important}.ui.dropdown .menu .item>[class*="left floated"],.ui.dropdown>.text>[class*="left floated"]{float:left!important;margin-left:0!important;margin-right:1em!important}.ui.dropdown .menu .item>.flag.floated,.ui.dropdown .menu .item>.icon.floated,.ui.dropdown .menu .item>.image.floated,.ui.dropdown .menu .item>img.floated{margin-top:0}.ui.dropdown .menu>.header{margin:1rem 0 .75rem;padding:0 1.14285714rem;color:rgba(0,0,0,.85);font-size:.78571429em;font-weight:700;text-transform:uppercase}.ui.dropdown .menu>.divider{border-top:1px solid rgba(34,36,38,.1);height:0;margin:.5em 0}.ui.dropdown.dropdown .menu>.input{width:auto;display:-webkit-box;display:-ms-flexbox;display:flex;margin:1.14285714rem .78571429rem;min-width:10rem}.ui.dropdown .menu>.header+.input{margin-top:0}.ui.dropdown .menu>.input:not(.transparent) input{padding:.5em 1em}.ui.dropdown .menu>.input:not(.transparent) .button,.ui.dropdown .menu>.input:not(.transparent) .icon,.ui.dropdown .menu>.input:not(.transparent) .label{padding-top:.5em;padding-bottom:.5em}.ui.dropdown .menu>.item>.description,.ui.dropdown>.text>.description{float:right;margin:0 0 0 1em;color:rgba(0,0,0,.4)}.ui.dropdown .menu>.message{padding:.78571429rem 1.14285714rem;font-weight:400}.ui.dropdown .menu>.message:not(.ui){color:rgba(0,0,0,.4)}.ui.dropdown .menu .menu{top:0!important;left:100%;right:auto;margin:0 0 0 -.5em!important;border-radius:.28571429rem!important;z-index:21!important}.ui.dropdown .menu .menu:after{display:none}.ui.dropdown>.text>.flag,.ui.dropdown>.text>.icon,.ui.dropdown>.text>.image,.ui.dropdown>.text>.label,.ui.dropdown>.text>img{margin-top:0}.ui.dropdown .menu>.item>.flag,.ui.dropdown .menu>.item>.icon,.ui.dropdown .menu>.item>.image,.ui.dropdown .menu>.item>.label,.ui.dropdown .menu>.item>img{margin-top:0}.ui.dropdown .menu>.item>.flag,.ui.dropdown .menu>.item>.icon,.ui.dropdown .menu>.item>.image,.ui.dropdown .menu>.item>.label,.ui.dropdown .menu>.item>img,.ui.dropdown>.text>.flag,.ui.dropdown>.text>.icon,.ui.dropdown>.text>.image,.ui.dropdown>.text>.label,.ui.dropdown>.text>img{margin-left:0;float:none;margin-right:.78571429rem}.ui.dropdown .menu>.item>.image,.ui.dropdown .menu>.item>img,.ui.dropdown>.text>.image,.ui.dropdown>.text>img{display:inline-block;vertical-align:top;width:auto;margin-top:-.5em;margin-bottom:-.5em;max-height:2em}.ui.dropdown .ui.menu>.item:before,.ui.menu .ui.dropdown .menu>.item:before{display:none}.ui.menu .ui.dropdown .menu .active.item{border-left:none}.ui.buttons>.ui.dropdown:last-child .menu,.ui.menu .right.dropdown.item .menu,.ui.menu .right.menu .dropdown:last-child .menu{left:auto;right:0}.ui.label.dropdown .menu{min-width:100%}.ui.dropdown.icon.button>.dropdown.icon{margin:0}.ui.button.dropdown .menu{min-width:100%}.ui.selection.dropdown{cursor:pointer;word-wrap:break-word;line-height:1em;white-space:normal;outline:0;-webkit-transform:rotateZ(0);transform:rotateZ(0);min-width:14em;min-height:2.71428571em;background:#fff;display:inline-block;padding:.78571429em 2.1em .78571429em 1em;color:rgba(0,0,0,.87);-webkit-box-shadow:none;box-shadow:none;border:1px solid rgba(34,36,38,.15);border-radius:.28571429rem;-webkit-transition:width .1s ease,-webkit-box-shadow .1s ease;transition:width .1s ease,-webkit-box-shadow .1s ease;transition:box-shadow .1s ease,width .1s ease;transition:box-shadow .1s ease,width .1s ease,-webkit-box-shadow .1s ease}.ui.selection.dropdown.active,.ui.selection.dropdown.visible{z-index:10}select.ui.dropdown{height:38px;padding:.5em;border:1px solid rgba(34,36,38,.15);visibility:visible}.ui.selection.dropdown>.delete.icon,.ui.selection.dropdown>.dropdown.icon,.ui.selection.dropdown>.search.icon{cursor:pointer;position:absolute;width:auto;height:auto;line-height:1.21428571em;top:.78571429em;right:1em;z-index:3;margin:-.78571429em;padding:.91666667em;opacity:.8;-webkit-transition:opacity .1s ease;transition:opacity .1s ease}.ui.compact.selection.dropdown{min-width:0}.ui.selection.dropdown .menu{overflow-x:hidden;overflow-y:auto;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-overflow-scrolling:touch;border-top-width:0!important;width:auto;outline:0;margin:0 -1px;min-width:calc(100% + 2px);width:calc(100% + 2px);border-radius:0 0 .28571429rem .28571429rem;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15);-webkit-transition:opacity .1s ease;transition:opacity .1s ease}.ui.selection.dropdown .menu:after,.ui.selection.dropdown .menu:before{display:none}.ui.selection.dropdown .menu>.message{padding:.78571429rem 1.14285714rem}@media only screen and (max-width:767px){.ui.selection.dropdown .menu{max-height:8.01428571rem}}@media only screen and (min-width:768px){.ui.selection.dropdown .menu{max-height:10.68571429rem}}@media only screen and (min-width:992px){.ui.selection.dropdown .menu{max-height:16.02857143rem}}@media only screen and (min-width:1920px){.ui.selection.dropdown .menu{max-height:21.37142857rem}}.ui.selection.dropdown .menu>.item{border-top:1px solid #fafafa;padding:.78571429rem 1.14285714rem!important;white-space:normal;word-wrap:normal}.ui.selection.dropdown .menu>.hidden.addition.item{display:none}.ui.selection.dropdown:hover{border-color:rgba(34,36,38,.35);-webkit-box-shadow:none;box-shadow:none}.ui.selection.active.dropdown{border-color:#96c8da;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15)}.ui.selection.active.dropdown .menu{border-color:#96c8da;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15)}.ui.selection.dropdown:focus{border-color:#96c8da;-webkit-box-shadow:none;box-shadow:none}.ui.selection.dropdown:focus .menu{border-color:#96c8da;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15)}.ui.selection.visible.dropdown>.text:not(.default){font-weight:400;color:rgba(0,0,0,.8)}.ui.selection.active.dropdown:hover{border-color:#96c8da;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15)}.ui.selection.active.dropdown:hover .menu{border-color:#96c8da;-webkit-box-shadow:0 2px 3px 0 rgba(34,36,38,.15);box-shadow:0 2px 3px 0 rgba(34,36,38,.15)}.ui.active.selection.dropdown>.dropdown.icon,.ui.visible.selection.dropdown>.dropdown.icon{opacity:'';z-index:3}.ui.active.selection.dropdown{border-bottom-left-radius:0!important;border-bottom-right-radius:0!important}.ui.active.empty.selection.dropdown{border-radius:.28571429rem!important;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.active.empty.selection.dropdown .menu{border:none!important;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.search.dropdown{min-width:''}.ui.search.dropdown>input.search{background:none transparent!important;border:none!important;-webkit-box-shadow:none!important;box-shadow:none!important;cursor:text;top:0;left:1px;width:100%;outline:0;-webkit-tap-highlight-color:rgba(255,255,255,0);padding:inherit}.ui.search.dropdown>input.search{position:absolute;z-index:2}.ui.search.dropdown>.text{cursor:text;position:relative;left:1px;z-index:3}.ui.search.selection.dropdown>input.search{line-height:1.21428571em;padding:.67857143em 2.1em .67857143em 1em}.ui.search.selection.dropdown>span.sizer{line-height:1.21428571em;padding:.67857143em 2.1em .67857143em 1em;display:none;white-space:pre}.ui.search.dropdown.active>input.search,.ui.search.dropdown.visible>input.search{cursor:auto}.ui.search.dropdown.active>.text,.ui.search.dropdown.visible>.text{pointer-events:none}.ui.active.search.dropdown input.search:focus+.text .flag,.ui.active.search.dropdown input.search:focus+.text .icon{opacity:.45}.ui.active.search.dropdown input.search:focus+.text{color:rgba(115,115,115,.87)!important}.ui.search.dropdown .menu{overflow-x:hidden;overflow-y:auto;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-overflow-scrolling:touch}@media only screen and (max-width:767px){.ui.search.dropdown .menu{max-height:8.01428571rem}}@media only screen and (min-width:768px){.ui.search.dropdown .menu{max-height:10.68571429rem}}@media only screen and (min-width:992px){.ui.search.dropdown .menu{max-height:16.02857143rem}}@media only screen and (min-width:1920px){.ui.search.dropdown .menu{max-height:21.37142857rem}}.ui.multiple.dropdown{padding:.22619048em 2.1em .22619048em .35714286em}.ui.multiple.dropdown .menu{cursor:auto}.ui.multiple.search.dropdown,.ui.multiple.search.dropdown>input.search{cursor:text}.ui.multiple.dropdown>.label{-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;display:inline-block;vertical-align:top;white-space:normal;font-size:1em;padding:.35714286em .78571429em;margin:.14285714rem .28571429rem .14285714rem 0;-webkit-box-shadow:0 0 0 1px rgba(34,36,38,.15) inset;box-shadow:0 0 0 1px rgba(34,36,38,.15) inset}.ui.multiple.dropdown .dropdown.icon{margin:'';padding:''}.ui.multiple.dropdown>.text{position:static;padding:0;max-width:100%;margin:.45238095em 0 .45238095em .64285714em;line-height:1.21428571em}.ui.multiple.dropdown>.label~input.search{margin-left:.14285714em!important}.ui.multiple.dropdown>.label~.text{display:none}.ui.multiple.search.dropdown>.text{display:inline-block;position:absolute;top:0;left:0;padding:inherit;margin:.45238095em 0 .45238095em .64285714em;line-height:1.21428571em}.ui.multiple.search.dropdown>.label~.text{display:none}.ui.multiple.search.dropdown>input.search{position:static;padding:0;max-width:100%;margin:.45238095em 0 .45238095em .64285714em;width:2.2em;line-height:1.21428571em}.ui.inline.dropdown{cursor:pointer;display:inline-block;color:inherit}.ui.inline.dropdown .dropdown.icon{margin:0 .21428571em 0 .21428571em;vertical-align:baseline}.ui.inline.dropdown>.text{font-weight:700}.ui.inline.dropdown .menu{cursor:auto;margin-top:.21428571em;border-radius:.28571429rem}.ui.dropdown .menu .active.item{background:0 0;font-weight:700;color:rgba(0,0,0,.95);-webkit-box-shadow:none;box-shadow:none;z-index:12}.ui.dropdown .menu>.item:hover{background:rgba(0,0,0,.05);color:rgba(0,0,0,.95);z-index:13}.ui.loading.dropdown>i.icon{height:1em!important}.ui.loading.selection.dropdown>i.icon{padding:1.5em 1.28571429em!important}.ui.loading.dropdown>i.icon:before{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;border-radius:500rem;border:.2em solid rgba(0,0,0,.1)}.ui.loading.dropdown>i.icon:after{position:absolute;content:'';top:50%;left:50%;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;-webkit-animation:dropdown-spin .6s linear;animation:dropdown-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 transparent transparent;border-style:solid;border-width:.2em}.ui.loading.dropdown.button>i.icon:after,.ui.loading.dropdown.button>i.icon:before{display:none}@-webkit-keyframes dropdown-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes dropdown-spin{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.ui.default.dropdown:not(.button)>.text,.ui.dropdown:not(.button)>.default.text{color:rgba(191,191,191,.87)}.ui.default.dropdown:not(.button)>input:focus~.text,.ui.dropdown:not(.button)>input:focus~.default.text{color:rgba(115,115,115,.87)}.ui.loading.dropdown>.text{-webkit-transition:none;transition:none}.ui.dropdown .loading.menu{display:block;visibility:hidden;z-index:-1}.ui.dropdown>.loading.menu{left:0!important;right:auto!important}.ui.dropdown>.menu .loading.menu{left:100%!important;right:auto!important}.ui.dropdown .menu .selected.item,.ui.dropdown.selected{background:rgba(0,0,0,.03);color:rgba(0,0,0,.95)}.ui.dropdown>.filtered.text{visibility:hidden}.ui.dropdown .filtered.item{display:none!important}.ui.dropdown.error,.ui.dropdown.error>.default.text,.ui.dropdown.error>.text{color:#9f3a38}.ui.selection.dropdown.error{background:#fff6f6;border-color:#e0b4b4}.ui.selection.dropdown.error:hover{border-color:#e0b4b4}.ui.dropdown.error>.menu,.ui.dropdown.error>.menu .menu{border-color:#e0b4b4}.ui.dropdown.error>.menu>.item{color:#9f3a38}.ui.multiple.selection.error.dropdown>.label{border-color:#e0b4b4}.ui.dropdown.error>.menu>.item:hover{background-color:#fff2f2}.ui.dropdown.error>.menu .active.item{background-color:#fdcfcf}.ui.dropdown>.clear.dropdown.icon{opacity:.8;-webkit-transition:opacity .1s ease;transition:opacity .1s ease}.ui.dropdown>.clear.dropdown.icon:hover{opacity:1}.ui.disabled.dropdown,.ui.dropdown .menu>.disabled.item{cursor:default;pointer-events:none;opacity:.45}.ui.dropdown .menu{left:0}.ui.dropdown .menu .right.menu,.ui.dropdown .right.menu>.menu{left:100%!important;right:auto!important;border-radius:.28571429rem!important}.ui.dropdown>.left.menu{left:auto!important;right:0!important}.ui.dropdown .menu .left.menu,.ui.dropdown>.left.menu .menu{left:auto;right:100%;margin:0 -.5em 0 0!important;border-radius:.28571429rem!important}.ui.dropdown .item .left.dropdown.icon,.ui.dropdown .left.menu .item .dropdown.icon{width:auto;float:left;margin:0}.ui.dropdown .item .left.dropdown.icon,.ui.dropdown .left.menu .item .dropdown.icon{width:auto;float:left;margin:0}.ui.dropdown .item .left.dropdown.icon+.text,.ui.dropdown .left.menu .item .dropdown.icon+.text{margin-left:1em;margin-right:0}.ui.upward.dropdown>.menu{top:auto;bottom:100%;-webkit-box-shadow:0 0 3px 0 rgba(0,0,0,.08);box-shadow:0 0 3px 0 rgba(0,0,0,.08);border-radius:.28571429rem .28571429rem 0 0}.ui.dropdown .upward.menu{top:auto!important;bottom:0!important}.ui.simple.upward.active.dropdown,.ui.simple.upward.dropdown:hover{border-radius:.28571429rem .28571429rem 0 0!important}.ui.upward.dropdown.button:not(.pointing):not(.floating).active{border-radius:.28571429rem .28571429rem 0 0}.ui.upward.selection.dropdown .menu{border-top-width:1px!important;border-bottom-width:0!important;-webkit-box-shadow:0 -2px 3px 0 rgba(0,0,0,.08);box-shadow:0 -2px 3px 0 rgba(0,0,0,.08)}.ui.upward.selection.dropdown:hover{-webkit-box-shadow:0 0 2px 0 rgba(0,0,0,.05);box-shadow:0 0 2px 0 rgba(0,0,0,.05)}.ui.active.upward.selection.dropdown{border-radius:0 0 .28571429rem .28571429rem!important}.ui.upward.selection.dropdown.visible{-webkit-box-shadow:0 0 3px 0 rgba(0,0,0,.08);box-shadow:0 0 3px 0 rgba(0,0,0,.08);border-radius:0 0 .28571429rem .28571429rem!important}.ui.upward.active.selection.dropdown:hover{-webkit-box-shadow:0 0 3px 0 rgba(0,0,0,.05);box-shadow:0 0 3px 0 rgba(0,0,0,.05)}.ui.upward.active.selection.dropdown:hover .menu{-webkit-box-shadow:0 -2px 3px 0 rgba(0,0,0,.08);box-shadow:0 -2px 3px 0 rgba(0,0,0,.08)}.ui.dropdown .scrolling.menu,.ui.scrolling.dropdown .menu{overflow-x:hidden;overflow-y:auto}.ui.scrolling.dropdown .menu{overflow-x:hidden;overflow-y:auto;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-overflow-scrolling:touch;min-width:100%!important;width:auto!important}.ui.dropdown .scrolling.menu{position:static;overflow-y:auto;border:none;-webkit-box-shadow:none!important;box-shadow:none!important;border-radius:0!important;margin:0!important;min-width:100%!important;width:auto!important;border-top:1px solid rgba(34,36,38,.15)}.ui.dropdown .scrolling.menu>.item.item.item,.ui.scrolling.dropdown .menu .item.item.item{border-top:none}.ui.dropdown .scrolling.menu .item:first-child,.ui.scrolling.dropdown .menu .item:first-child{border-top:none}.ui.dropdown>.animating.menu .scrolling.menu,.ui.dropdown>.visible.menu .scrolling.menu{display:block}@media all and (-ms-high-contrast:none){.ui.dropdown .scrolling.menu,.ui.scrolling.dropdown .menu{min-width:calc(100% - 17px)}}@media only screen and (max-width:767px){.ui.dropdown .scrolling.menu,.ui.scrolling.dropdown .menu{max-height:10.28571429rem}}@media only screen and (min-width:768px){.ui.dropdown .scrolling.menu,.ui.scrolling.dropdown .menu{max-height:15.42857143rem}}@media only screen and (min-width:992px){.ui.dropdown .scrolling.menu,.ui.scrolling.dropdown .menu{max-height:20.57142857rem}}@media only screen and (min-width:1920px){.ui.dropdown .scrolling.menu,.ui.scrolling.dropdown .menu{max-height:20.57142857rem}}.ui.simple.dropdown .menu:after,.ui.simple.dropdown .menu:before{display:none}.ui.simple.dropdown .menu{position:absolute;display:block;overflow:hidden;top:-9999px!important;opacity:0;width:0;height:0;-webkit-transition:opacity .1s ease;transition:opacity .1s ease}.ui.simple.active.dropdown,.ui.simple.dropdown:hover{border-bottom-left-radius:0!important;border-bottom-right-radius:0!important}.ui.simple.active.dropdown>.menu,.ui.simple.dropdown:hover>.menu{overflow:visible;width:auto;height:auto;top:100%!important;opacity:1}.ui.simple.dropdown:hover>.menu>.item:hover>.menu,.ui.simple.dropdown>.menu>.item:active>.menu{overflow:visible;width:auto;height:auto;top:0!important;left:100%!important;opacity:1}.ui.simple.disabled.dropdown:hover .menu{display:none;height:0;width:0;overflow:hidden}.ui.simple.visible.dropdown>.menu{display:block}.ui.fluid.dropdown{display:block;width:100%;min-width:0}.ui.fluid.dropdown>.dropdown.icon{float:right}.ui.floating.dropdown .menu{left:0;right:auto;-webkit-box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)!important;box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)!important;border-radius:.28571429rem!important}.ui.floating.dropdown>.menu{margin-top:.5em!important;border-radius:.28571429rem!important}.ui.pointing.dropdown>.menu{top:100%;margin-top:.78571429rem;border-radius:.28571429rem}.ui.pointing.dropdown>.menu:after{display:block;position:absolute;pointer-events:none;content:'';visibility:visible;-webkit-transform:rotate(45deg);transform:rotate(45deg);width:.5em;height:.5em;-webkit-box-shadow:-1px -1px 0 0 rgba(34,36,38,.15);box-shadow:-1px -1px 0 0 rgba(34,36,38,.15);background:#fff;z-index:2}.ui.pointing.dropdown>.menu:after{top:-.25em;left:50%;margin:0 0 0 -.25em}.ui.top.left.pointing.dropdown>.menu{top:100%;bottom:auto;left:0;right:auto;margin:1em 0 0}.ui.top.left.pointing.dropdown>.menu{top:100%;bottom:auto;left:0;right:auto;margin:1em 0 0}.ui.top.left.pointing.dropdown>.menu:after{top:-.25em;left:1em;right:auto;margin:0;-webkit-transform:rotate(45deg);transform:rotate(45deg)}.ui.top.right.pointing.dropdown>.menu{top:100%;bottom:auto;right:0;left:auto;margin:1em 0 0}.ui.top.pointing.dropdown>.left.menu:after,.ui.top.right.pointing.dropdown>.menu:after{top:-.25em;left:auto!important;right:1em!important;margin:0;-webkit-transform:rotate(45deg);transform:rotate(45deg)}.ui.left.pointing.dropdown>.menu{top:0;left:100%;right:auto;margin:0 0 0 1em}.ui.left.pointing.dropdown>.menu:after{top:1em;left:-.25em;margin:0;-webkit-transform:rotate(-45deg);transform:rotate(-45deg)}.ui.left:not(.top):not(.bottom).pointing.dropdown>.left.menu{left:auto!important;right:100%!important;margin:0 1em 0 0}.ui.left:not(.top):not(.bottom).pointing.dropdown>.left.menu:after{top:1em;left:auto;right:-.25em;margin:0;-webkit-transform:rotate(135deg);transform:rotate(135deg)}.ui.right.pointing.dropdown>.menu{top:0;left:auto;right:100%;margin:0 1em 0 0}.ui.right.pointing.dropdown>.menu:after{top:1em;left:auto;right:-.25em;margin:0;-webkit-transform:rotate(135deg);transform:rotate(135deg)}.ui.bottom.pointing.dropdown>.menu{top:auto;bottom:100%;left:0;right:auto;margin:0 0 1em}.ui.bottom.pointing.dropdown>.menu:after{top:auto;bottom:-.25em;right:auto;margin:0;-webkit-transform:rotate(-135deg);transform:rotate(-135deg)}.ui.bottom.pointing.dropdown>.menu .menu{top:auto!important;bottom:0!important}.ui.bottom.left.pointing.dropdown>.menu{left:0;right:auto}.ui.bottom.left.pointing.dropdown>.menu:after{left:1em;right:auto}.ui.bottom.right.pointing.dropdown>.menu{right:0;left:auto}.ui.bottom.right.pointing.dropdown>.menu:after{left:auto;right:1em}.ui.pointing.upward.dropdown .menu,.ui.top.pointing.upward.dropdown .menu{top:auto!important;bottom:100%!important;margin:0 0 .78571429rem;border-radius:.28571429rem}.ui.pointing.upward.dropdown .menu:after,.ui.top.pointing.upward.dropdown .menu:after{top:100%!important;bottom:auto!important;-webkit-box-shadow:1px 1px 0 0 rgba(34,36,38,.15);box-shadow:1px 1px 0 0 rgba(34,36,38,.15);margin:-.25em 0 0}.ui.right.pointing.upward.dropdown:not(.top):not(.bottom) .menu{top:auto!important;bottom:0!important;margin:0 1em 0 0}.ui.right.pointing.upward.dropdown:not(.top):not(.bottom) .menu:after{top:auto!important;bottom:0!important;margin:0 0 1em 0;-webkit-box-shadow:-1px -1px 0 0 rgba(34,36,38,.15);box-shadow:-1px -1px 0 0 rgba(34,36,38,.15)}.ui.left.pointing.upward.dropdown:not(.top):not(.bottom) .menu{top:auto!important;bottom:0!important;margin:0 0 0 1em}.ui.left.pointing.upward.dropdown:not(.top):not(.bottom) .menu:after{top:auto!important;bottom:0!important;margin:0 0 1em 0;-webkit-box-shadow:-1px -1px 0 0 rgba(34,36,38,.15);box-shadow:-1px -1px 0 0 rgba(34,36,38,.15)}@font-face{font-family:Dropdown;src:url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAAVgAA8AAAAACFAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABWAAAABwAAAAchGgaq0dERUYAAAF0AAAAHAAAAB4AJwAPT1MvMgAAAZAAAABDAAAAVnW4TJdjbWFwAAAB1AAAAEsAAAFS8CcaqmN2dCAAAAIgAAAABAAAAAQAEQFEZ2FzcAAAAiQAAAAIAAAACP//AANnbHlmAAACLAAAAQoAAAGkrRHP9WhlYWQAAAM4AAAAMAAAADYPK8YyaGhlYQAAA2gAAAAdAAAAJANCAb1obXR4AAADiAAAACIAAAAiCBkAOGxvY2EAAAOsAAAAFAAAABQBnAIybWF4cAAAA8AAAAAfAAAAIAEVAF5uYW1lAAAD4AAAATAAAAKMFGlj5HBvc3QAAAUQAAAARgAAAHJoedjqd2ViZgAABVgAAAAGAAAABrO7W5UAAAABAAAAANXulPUAAAAA1r4hgAAAAADXu2Q1eNpjYGRgYOABYjEgZmJgBEIOIGYB8xgAA/YAN3jaY2BktGOcwMDKwMI4jTGNgYHBHUp/ZZBkaGFgYGJgZWbACgLSXFMYHFT/fLjFeOD/AQY9xjMMbkBhRpAcAN48DQYAeNpjYGBgZoBgGQZGBhDwAfIYwXwWBgMgzQGETAwMqn8+8H649f8/lHX9//9b7Pzf+fWgusCAkY0BzmUE6gHpQwGMDMMeAACbxg7SAAARAUQAAAAB//8AAnjadZBPSsNAGMXfS+yMqYgOhpSuSlKadmUhiVEhEMQzFF22m17BbbvzCh5BXCUn6EG8gjeQ4DepwYo4i+/ffL95j4EDA+CFC7jQuKyIeVHrI3wkleq9F7XrSInKteOeHdda8bOoaeepSc00NWPz/LRec9G8GabyGtEdF7h19z033GAMTK7zbM42xNEZpzYof0RtQ5CUHAQJ73OtVyutc+3b7Ou//b8XNlsPx3jgjUifABdhEohKJJL5iM5p39uqc7X1+sRQSqmGrUVhlsJ4lpmEUVwyT8SUYtg0P9DyNzPADDs+tjrGV6KRCRfsui3eHcL4/p8ZXvfMlcnEU+CLv7hDykOP+AKTPTxbAAB42mNgZGBgAGKuf5KP4vltvjLIMzGAwLV9ig0g+vruFFMQzdjACOJzMIClARh0CTJ42mNgZGBgPPD/AJD8wgAEjA0MjAyogAMAbOQEAQAAAAC7ABEAAAAAAKoAAAH0AAABgAAAAUAACAFAAAgAwAAXAAAAAAAAACoAKgAqADIAbACGAKAAugDSeNpjYGRgYOBkUGFgYgABEMkFhAwM/xn0QAIADdUBdAB42qWQvUoDQRSFv3GjaISUQaymSmGxJoGAsRC0iPYLsU50Y6IxrvlRtPCJJKUPIBb+PIHv4EN4djKuKAqCDHfmu+feOdwZoMCUAJNbAlYUMzaUlM14jjxbngOq7HnOia89z1Pk1vMCa9x7ztPkzfMyJbPj+ZGi6Xp+omxuPD+zaD7meaFg7mb8GrBqHmhwxoAxlm0uiRkpP9X5m26pKRoMxTGR1D49Dv/Yb/91o6l8qL6eu5n2hZQzn68utR9m3FU2cB4t9cdSLG2utI+44Eh/P9bqKO+oJ/WxmXssj77YkrjasZQD6SFddythk3Wtzrf+UF2p076Udla1VNzsERP3kkjVRKel7mp1udXYcHtZSlV7RfmJe1GiFWveluaeKD5/MuJcSk8Tpm/vvwPIbmJleNpjYGKAAFYG7ICTgYGRiZGZkYWRlZGNkZ2Rg5GTLT2nsiDDEEIZsZfmZRqZujmDaDcDAxcI7WIOpS2gtCWUdgQAZkcSmQAAAAFblbO6AAA=) format('woff');font-weight:400;font-style:normal}.ui.dropdown>.dropdown.icon{font-family:Dropdown;line-height:1;height:1em;width:1.23em;-webkit-backface-visibility:hidden;backface-visibility:hidden;font-weight:400;font-style:normal;text-align:center}.ui.dropdown>.dropdown.icon{width:auto}.ui.dropdown>.dropdown.icon:before{content:'\f0d7'}.ui.dropdown .menu .item .dropdown.icon:before{content:'\f0da'}.ui.dropdown .item .left.dropdown.icon:before,.ui.dropdown .left.menu .item .dropdown.icon:before{content:"\f0d9"}.ui.vertical.menu .dropdown.item>.dropdown.icon:before{content:"\f0da"}.ui.dropdown>.clear.icon:before{content:"\f00d"}/*!
- * # Semantic UI 2.4.0 - Video
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.embed{position:relative;max-width:100%;height:0;overflow:hidden;background:#dcddde;padding-bottom:56.25%}.ui.embed embed,.ui.embed iframe,.ui.embed object{position:absolute;border:none;width:100%;height:100%;top:0;left:0;margin:0;padding:0}.ui.embed>.embed{display:none}.ui.embed>.placeholder{position:absolute;cursor:pointer;top:0;left:0;display:block;width:100%;height:100%;background-color:radial-gradient(transparent 45%,rgba(0,0,0,.3))}.ui.embed>.icon{cursor:pointer;position:absolute;top:0;left:0;width:100%;height:100%;z-index:2}.ui.embed>.icon:after{position:absolute;top:0;left:0;width:100%;height:100%;z-index:3;content:'';background:-webkit-radial-gradient(transparent 45%,rgba(0,0,0,.3));background:radial-gradient(transparent 45%,rgba(0,0,0,.3));opacity:.5;-webkit-transition:opacity .5s ease;transition:opacity .5s ease}.ui.embed>.icon:before{position:absolute;top:50%;left:50%;z-index:4;-webkit-transform:translateX(-50%) translateY(-50%);transform:translateX(-50%) translateY(-50%);color:#fff;font-size:6rem;text-shadow:0 2px 10px rgba(34,36,38,.2);-webkit-transition:opacity .5s ease,color .5s ease;transition:opacity .5s ease,color .5s ease;z-index:10}.ui.embed .icon:hover:after{background:-webkit-radial-gradient(transparent 45%,rgba(0,0,0,.3));background:radial-gradient(transparent 45%,rgba(0,0,0,.3));opacity:1}.ui.embed .icon:hover:before{color:#fff}.ui.active.embed>.icon,.ui.active.embed>.placeholder{display:none}.ui.active.embed>.embed{display:block}.ui.square.embed{padding-bottom:100%}.ui[class*="4:3"].embed{padding-bottom:75%}.ui[class*="16:9"].embed{padding-bottom:56.25%}.ui[class*="21:9"].embed{padding-bottom:42.85714286%}/*!
- * # Semantic UI 2.4.0 - Modal
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.modal{position:absolute;display:none;z-index:1001;text-align:left;background:#fff;border:none;-webkit-box-shadow:1px 3px 3px 0 rgba(0,0,0,.2),1px 3px 15px 2px rgba(0,0,0,.2);box-shadow:1px 3px 3px 0 rgba(0,0,0,.2),1px 3px 15px 2px rgba(0,0,0,.2);-webkit-transform-origin:50% 25%;transform-origin:50% 25%;-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;border-radius:.28571429rem;-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text;will-change:top,left,margin,transform,opacity}.ui.modal>.icon:first-child+*,.ui.modal>:first-child:not(.icon){border-top-left-radius:.28571429rem;border-top-right-radius:.28571429rem}.ui.modal>:last-child{border-bottom-left-radius:.28571429rem;border-bottom-right-radius:.28571429rem}.ui.modal>.close{cursor:pointer;position:absolute;top:-2.5rem;right:-2.5rem;z-index:1;opacity:.8;font-size:1.25em;color:#fff;width:2.25rem;height:2.25rem;padding:.625rem 0 0 0}.ui.modal>.close:hover{opacity:1}.ui.modal>.header{display:block;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;background:#fff;margin:0;padding:1.25rem 1.5rem;-webkit-box-shadow:none;box-shadow:none;color:rgba(0,0,0,.85);border-bottom:1px solid rgba(34,36,38,.15)}.ui.modal>.header:not(.ui){font-size:1.42857143rem;line-height:1.28571429em;font-weight:700}.ui.modal>.content{display:block;width:100%;font-size:1em;line-height:1.4;padding:1.5rem;background:#fff}.ui.modal>.image.content{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.ui.modal>.content>.image{display:block;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;width:'';-ms-flex-item-align:top;align-self:top}.ui.modal>[class*="top aligned"]{-ms-flex-item-align:top;align-self:top}.ui.modal>[class*="middle aligned"]{-ms-flex-item-align:middle;align-self:middle}.ui.modal>[class*=stretched]{-ms-flex-item-align:stretch;align-self:stretch}.ui.modal>.content>.description{display:block;-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto;min-width:0;-ms-flex-item-align:top;align-self:top}.ui.modal>.content>.icon+.description,.ui.modal>.content>.image+.description{-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;min-width:'';width:auto;padding-left:2em}.ui.modal>.content>.image>i.icon{margin:0;opacity:1;width:auto;line-height:1;font-size:8rem}.ui.modal>.actions{background:#f9fafb;padding:1rem 1rem;border-top:1px solid rgba(34,36,38,.15);text-align:right}.ui.modal .actions>.button{margin-left:.75em}@media only screen and (max-width:767px){.ui.modal{width:95%;margin:0}}@media only screen and (min-width:768px){.ui.modal{width:88%;margin:0}}@media only screen and (min-width:992px){.ui.modal{width:850px;margin:0}}@media only screen and (min-width:1200px){.ui.modal{width:900px;margin:0}}@media only screen and (min-width:1920px){.ui.modal{width:950px;margin:0}}@media only screen and (max-width:991px){.ui.modal>.header{padding-right:2.25rem}.ui.modal>.close{top:1.0535rem;right:1rem;color:rgba(0,0,0,.87)}}@media only screen and (max-width:767px){.ui.modal>.header{padding:.75rem 1rem!important;padding-right:2.25rem!important}.ui.modal>.content{display:block;padding:1rem!important}.ui.modal>.close{top:.5rem!important;right:.5rem!important}.ui.modal .image.content{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ui.modal .content>.image{display:block;max-width:100%;margin:0 auto!important;text-align:center;padding:0 0 1rem!important}.ui.modal>.content>.image>i.icon{font-size:5rem;text-align:center}.ui.modal .content>.description{display:block;width:100%!important;margin:0!important;padding:1rem 0!important;-webkit-box-shadow:none;box-shadow:none}.ui.modal>.actions{padding:1rem 1rem 0!important}.ui.modal .actions>.button,.ui.modal .actions>.buttons{margin-bottom:1rem}}.ui.inverted.dimmer>.ui.modal{-webkit-box-shadow:1px 3px 10px 2px rgba(0,0,0,.2);box-shadow:1px 3px 10px 2px rgba(0,0,0,.2)}.ui.basic.modal{background-color:transparent;border:none;border-radius:0;-webkit-box-shadow:none!important;box-shadow:none!important;color:#fff}.ui.basic.modal>.actions,.ui.basic.modal>.content,.ui.basic.modal>.header{background-color:transparent}.ui.basic.modal>.header{color:#fff}.ui.basic.modal>.close{top:1rem;right:1.5rem}.ui.inverted.dimmer>.basic.modal{color:rgba(0,0,0,.87)}.ui.inverted.dimmer>.ui.basic.modal>.header{color:rgba(0,0,0,.85)}.ui.legacy.modal,.ui.legacy.page.dimmer>.ui.modal{top:50%;left:50%}.ui.legacy.page.dimmer>.ui.scrolling.modal,.ui.page.dimmer>.ui.scrolling.legacy.modal,.ui.top.aligned.dimmer>.ui.legacy.modal,.ui.top.aligned.legacy.page.dimmer>.ui.modal{top:auto}@media only screen and (max-width:991px){.ui.basic.modal>.close{color:#fff}}.ui.loading.modal{display:block;visibility:hidden;z-index:-1}.ui.active.modal{display:block}.modals.dimmer[class*="top aligned"] .modal{margin:5vh auto}@media only screen and (max-width:767px){.modals.dimmer[class*="top aligned"] .modal{margin:1rem auto}}.legacy.modals.dimmer[class*="top aligned"]{padding-top:5vh}@media only screen and (max-width:767px){.legacy.modals.dimmer[class*="top aligned"]{padding-top:1rem}}.scrolling.dimmable.dimmed{overflow:hidden}.scrolling.dimmable>.dimmer{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.scrolling.dimmable.dimmed>.dimmer{overflow:auto;-webkit-overflow-scrolling:touch}.scrolling.dimmable>.dimmer{position:fixed}.modals.dimmer .ui.scrolling.modal{margin:1rem auto}.scrolling.undetached.dimmable.dimmed{overflow:auto;-webkit-overflow-scrolling:touch}.scrolling.undetached.dimmable.dimmed>.dimmer{overflow:hidden}.scrolling.undetached.dimmable .ui.scrolling.modal{position:absolute;left:50%;margin-top:1rem!important}.ui.modal .scrolling.content{max-height:calc(70vh);overflow:auto}.ui.fullscreen.modal{width:95%!important;left:0!important;margin:1em auto}.ui.fullscreen.scrolling.modal{left:0!important}.ui.fullscreen.modal>.header{padding-right:2.25rem}.ui.fullscreen.modal>.close{top:1.0535rem;right:1rem;color:rgba(0,0,0,.87)}.ui.modal{font-size:1rem}.ui.mini.modal>.header:not(.ui){font-size:1.3em}@media only screen and (max-width:767px){.ui.mini.modal{width:95%;margin:0}}@media only screen and (min-width:768px){.ui.mini.modal{width:35.2%;margin:0}}@media only screen and (min-width:992px){.ui.mini.modal{width:340px;margin:0}}@media only screen and (min-width:1200px){.ui.mini.modal{width:360px;margin:0}}@media only screen and (min-width:1920px){.ui.mini.modal{width:380px;margin:0}}.ui.small.modal>.header:not(.ui){font-size:1.3em}@media only screen and (max-width:767px){.ui.tiny.modal{width:95%;margin:0}}@media only screen and (min-width:768px){.ui.tiny.modal{width:52.8%;margin:0}}@media only screen and (min-width:992px){.ui.tiny.modal{width:510px;margin:0}}@media only screen and (min-width:1200px){.ui.tiny.modal{width:540px;margin:0}}@media only screen and (min-width:1920px){.ui.tiny.modal{width:570px;margin:0}}.ui.small.modal>.header:not(.ui){font-size:1.3em}@media only screen and (max-width:767px){.ui.small.modal{width:95%;margin:0}}@media only screen and (min-width:768px){.ui.small.modal{width:70.4%;margin:0}}@media only screen and (min-width:992px){.ui.small.modal{width:680px;margin:0}}@media only screen and (min-width:1200px){.ui.small.modal{width:720px;margin:0}}@media only screen and (min-width:1920px){.ui.small.modal{width:760px;margin:0}}.ui.large.modal>.header{font-size:1.6em}@media only screen and (max-width:767px){.ui.large.modal{width:95%;margin:0}}@media only screen and (min-width:768px){.ui.large.modal{width:88%;margin:0}}@media only screen and (min-width:992px){.ui.large.modal{width:1020px;margin:0}}@media only screen and (min-width:1200px){.ui.large.modal{width:1080px;margin:0}}@media only screen and (min-width:1920px){.ui.large.modal{width:1140px;margin:0}}/*!
- * # Semantic UI 2.4.0 - Nag
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.nag{display:none;opacity:.95;position:relative;top:0;left:0;z-index:999;min-height:0;width:100%;margin:0;padding:.75em 1em;background:#555;-webkit-box-shadow:0 1px 2px 0 rgba(0,0,0,.2);box-shadow:0 1px 2px 0 rgba(0,0,0,.2);font-size:1rem;text-align:center;color:rgba(0,0,0,.87);border-radius:0 0 .28571429rem .28571429rem;-webkit-transition:.2s background ease;transition:.2s background ease}a.ui.nag{cursor:pointer}.ui.nag>.title{display:inline-block;margin:0 .5em;color:#fff}.ui.nag>.close.icon{cursor:pointer;opacity:.4;position:absolute;top:50%;right:1em;font-size:1em;margin:-.5em 0 0;color:#fff;-webkit-transition:opacity .2s ease;transition:opacity .2s ease}.ui.nag:hover{background:#555;opacity:1}.ui.nag .close:hover{opacity:1}.ui.overlay.nag{position:absolute;display:block}.ui.fixed.nag{position:fixed}.ui.bottom.nag,.ui.bottom.nags{border-radius:.28571429rem .28571429rem 0 0;top:auto;bottom:0}.ui.inverted.nag,.ui.inverted.nags .nag{background-color:#f3f4f5;color:rgba(0,0,0,.85)}.ui.inverted.nag .close,.ui.inverted.nag .title,.ui.inverted.nags .nag .close,.ui.inverted.nags .nag .title{color:rgba(0,0,0,.4)}.ui.nags .nag{border-radius:0!important}.ui.nags .nag:last-child{border-radius:0 0 .28571429rem .28571429rem}.ui.bottom.nags .nag:last-child{border-radius:.28571429rem .28571429rem 0 0}/*!
- * # Semantic UI 2.4.0 - Popup
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.popup{display:none;position:absolute;top:0;right:0;min-width:-webkit-min-content;min-width:-moz-min-content;min-width:min-content;z-index:1900;border:1px solid #d4d4d5;line-height:1.4285em;max-width:250px;background:#fff;padding:.833em 1em;font-weight:400;font-style:normal;color:rgba(0,0,0,.87);border-radius:.28571429rem;-webkit-box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15)}.ui.popup>.header{padding:0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:1.14285714em;line-height:1.2;font-weight:700}.ui.popup>.header+.content{padding-top:.5em}.ui.popup:before{position:absolute;content:'';width:.71428571em;height:.71428571em;background:#fff;-webkit-transform:rotate(45deg);transform:rotate(45deg);z-index:2;-webkit-box-shadow:1px 1px 0 0 #bababc;box-shadow:1px 1px 0 0 #bababc}[data-tooltip]{position:relative}[data-tooltip]:before{pointer-events:none;position:absolute;content:'';font-size:1rem;width:.71428571em;height:.71428571em;background:#fff;-webkit-transform:rotate(45deg);transform:rotate(45deg);z-index:2;-webkit-box-shadow:1px 1px 0 0 #bababc;box-shadow:1px 1px 0 0 #bababc}[data-tooltip]:after{pointer-events:none;content:attr(data-tooltip);position:absolute;text-transform:none;text-align:left;white-space:nowrap;font-size:1rem;border:1px solid #d4d4d5;line-height:1.4285em;max-width:none;background:#fff;padding:.833em 1em;font-weight:400;font-style:normal;color:rgba(0,0,0,.87);border-radius:.28571429rem;-webkit-box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);z-index:1}[data-tooltip]:not([data-position]):before{top:auto;right:auto;bottom:100%;left:50%;background:#fff;margin-left:-.07142857rem;margin-bottom:.14285714rem}[data-tooltip]:not([data-position]):after{left:50%;-webkit-transform:translateX(-50%);transform:translateX(-50%);bottom:100%;margin-bottom:.5em}[data-tooltip]:after,[data-tooltip]:before{pointer-events:none;visibility:hidden}[data-tooltip]:before{opacity:0;-webkit-transform:rotate(45deg) scale(0)!important;transform:rotate(45deg) scale(0)!important;-webkit-transform-origin:center top;transform-origin:center top;-webkit-transition:all .1s ease;transition:all .1s ease}[data-tooltip]:after{opacity:1;-webkit-transform-origin:center bottom;transform-origin:center bottom;-webkit-transition:all .1s ease;transition:all .1s ease}[data-tooltip]:hover:after,[data-tooltip]:hover:before{visibility:visible;pointer-events:auto}[data-tooltip]:hover:before{-webkit-transform:rotate(45deg) scale(1)!important;transform:rotate(45deg) scale(1)!important;opacity:1}[data-tooltip]:after,[data-tooltip][data-position="bottom center"]:after,[data-tooltip][data-position="top center"]:after{-webkit-transform:translateX(-50%) scale(0)!important;transform:translateX(-50%) scale(0)!important}[data-tooltip]:hover:after,[data-tooltip][data-position="bottom center"]:hover:after{-webkit-transform:translateX(-50%) scale(1)!important;transform:translateX(-50%) scale(1)!important}[data-tooltip][data-position="left center"]:after,[data-tooltip][data-position="right center"]:after{-webkit-transform:translateY(-50%) scale(0)!important;transform:translateY(-50%) scale(0)!important}[data-tooltip][data-position="left center"]:hover:after,[data-tooltip][data-position="right center"]:hover:after{-webkit-transform:translateY(-50%) scale(1)!important;transform:translateY(-50%) scale(1)!important}[data-tooltip][data-position="bottom left"]:after,[data-tooltip][data-position="bottom right"]:after,[data-tooltip][data-position="top left"]:after,[data-tooltip][data-position="top right"]:after{-webkit-transform:scale(0)!important;transform:scale(0)!important}[data-tooltip][data-position="bottom left"]:hover:after,[data-tooltip][data-position="bottom right"]:hover:after,[data-tooltip][data-position="top left"]:hover:after,[data-tooltip][data-position="top right"]:hover:after{-webkit-transform:scale(1)!important;transform:scale(1)!important}[data-tooltip][data-inverted]:before{-webkit-box-shadow:none!important;box-shadow:none!important}[data-tooltip][data-inverted]:before{background:#1b1c1d}[data-tooltip][data-inverted]:after{background:#1b1c1d;color:#fff;border:none;-webkit-box-shadow:none;box-shadow:none}[data-tooltip][data-inverted]:after .header{background-color:none;color:#fff}[data-position="top center"][data-tooltip]:after{top:auto;right:auto;left:50%;bottom:100%;-webkit-transform:translateX(-50%);transform:translateX(-50%);margin-bottom:.5em}[data-position="top center"][data-tooltip]:before{top:auto;right:auto;bottom:100%;left:50%;background:#fff;margin-left:-.07142857rem;margin-bottom:.14285714rem}[data-position="top left"][data-tooltip]:after{top:auto;right:auto;left:0;bottom:100%;margin-bottom:.5em}[data-position="top left"][data-tooltip]:before{top:auto;right:auto;bottom:100%;left:1em;margin-left:-.07142857rem;margin-bottom:.14285714rem}[data-position="top right"][data-tooltip]:after{top:auto;left:auto;right:0;bottom:100%;margin-bottom:.5em}[data-position="top right"][data-tooltip]:before{top:auto;left:auto;bottom:100%;right:1em;margin-left:-.07142857rem;margin-bottom:.14285714rem}[data-position="bottom center"][data-tooltip]:after{bottom:auto;right:auto;left:50%;top:100%;-webkit-transform:translateX(-50%);transform:translateX(-50%);margin-top:.5em}[data-position="bottom center"][data-tooltip]:before{bottom:auto;right:auto;top:100%;left:50%;margin-left:-.07142857rem;margin-top:.14285714rem}[data-position="bottom left"][data-tooltip]:after{left:0;top:100%;margin-top:.5em}[data-position="bottom left"][data-tooltip]:before{bottom:auto;right:auto;top:100%;left:1em;margin-left:-.07142857rem;margin-top:.14285714rem}[data-position="bottom right"][data-tooltip]:after{right:0;top:100%;margin-top:.5em}[data-position="bottom right"][data-tooltip]:before{bottom:auto;left:auto;top:100%;right:1em;margin-left:-.14285714rem;margin-top:.07142857rem}[data-position="left center"][data-tooltip]:after{right:100%;top:50%;margin-right:.5em;-webkit-transform:translateY(-50%);transform:translateY(-50%)}[data-position="left center"][data-tooltip]:before{right:100%;top:50%;margin-top:-.14285714rem;margin-right:-.07142857rem}[data-position="right center"][data-tooltip]:after{left:100%;top:50%;margin-left:.5em;-webkit-transform:translateY(-50%);transform:translateY(-50%)}[data-position="right center"][data-tooltip]:before{left:100%;top:50%;margin-top:-.07142857rem;margin-left:.14285714rem}[data-position~=bottom][data-tooltip]:before{background:#fff;-webkit-box-shadow:-1px -1px 0 0 #bababc;box-shadow:-1px -1px 0 0 #bababc}[data-position="left center"][data-tooltip]:before{background:#fff;-webkit-box-shadow:1px -1px 0 0 #bababc;box-shadow:1px -1px 0 0 #bababc}[data-position="right center"][data-tooltip]:before{background:#fff;-webkit-box-shadow:-1px 1px 0 0 #bababc;box-shadow:-1px 1px 0 0 #bababc}[data-position~=top][data-tooltip]:before{background:#fff}[data-inverted][data-position~=bottom][data-tooltip]:before{background:#1b1c1d;-webkit-box-shadow:-1px -1px 0 0 #bababc;box-shadow:-1px -1px 0 0 #bababc}[data-inverted][data-position="left center"][data-tooltip]:before{background:#1b1c1d;-webkit-box-shadow:1px -1px 0 0 #bababc;box-shadow:1px -1px 0 0 #bababc}[data-inverted][data-position="right center"][data-tooltip]:before{background:#1b1c1d;-webkit-box-shadow:-1px 1px 0 0 #bababc;box-shadow:-1px 1px 0 0 #bababc}[data-inverted][data-position~=top][data-tooltip]:before{background:#1b1c1d}[data-position~=bottom][data-tooltip]:before{-webkit-transform-origin:center bottom;transform-origin:center bottom}[data-position~=bottom][data-tooltip]:after{-webkit-transform-origin:center top;transform-origin:center top}[data-position="left center"][data-tooltip]:before{-webkit-transform-origin:top center;transform-origin:top center}[data-position="left center"][data-tooltip]:after{-webkit-transform-origin:right center;transform-origin:right center}[data-position="right center"][data-tooltip]:before{-webkit-transform-origin:right center;transform-origin:right center}[data-position="right center"][data-tooltip]:after{-webkit-transform-origin:left center;transform-origin:left center}.ui.popup{margin:0}.ui.top.popup{margin:0 0 .71428571em}.ui.top.left.popup{-webkit-transform-origin:left bottom;transform-origin:left bottom}.ui.top.center.popup{-webkit-transform-origin:center bottom;transform-origin:center bottom}.ui.top.right.popup{-webkit-transform-origin:right bottom;transform-origin:right bottom}.ui.left.center.popup{margin:0 .71428571em 0 0;-webkit-transform-origin:right 50%;transform-origin:right 50%}.ui.right.center.popup{margin:0 0 0 .71428571em;-webkit-transform-origin:left 50%;transform-origin:left 50%}.ui.bottom.popup{margin:.71428571em 0 0}.ui.bottom.left.popup{-webkit-transform-origin:left top;transform-origin:left top}.ui.bottom.center.popup{-webkit-transform-origin:center top;transform-origin:center top}.ui.bottom.right.popup{-webkit-transform-origin:right top;transform-origin:right top}.ui.bottom.center.popup:before{margin-left:-.30714286em;top:-.30714286em;left:50%;right:auto;bottom:auto;-webkit-box-shadow:-1px -1px 0 0 #bababc;box-shadow:-1px -1px 0 0 #bababc}.ui.bottom.left.popup{margin-left:0}.ui.bottom.left.popup:before{top:-.30714286em;left:1em;right:auto;bottom:auto;margin-left:0;-webkit-box-shadow:-1px -1px 0 0 #bababc;box-shadow:-1px -1px 0 0 #bababc}.ui.bottom.right.popup{margin-right:0}.ui.bottom.right.popup:before{top:-.30714286em;right:1em;bottom:auto;left:auto;margin-left:0;-webkit-box-shadow:-1px -1px 0 0 #bababc;box-shadow:-1px -1px 0 0 #bababc}.ui.top.center.popup:before{top:auto;right:auto;bottom:-.30714286em;left:50%;margin-left:-.30714286em}.ui.top.left.popup{margin-left:0}.ui.top.left.popup:before{bottom:-.30714286em;left:1em;top:auto;right:auto;margin-left:0}.ui.top.right.popup{margin-right:0}.ui.top.right.popup:before{bottom:-.30714286em;right:1em;top:auto;left:auto;margin-left:0}.ui.left.center.popup:before{top:50%;right:-.30714286em;bottom:auto;left:auto;margin-top:-.30714286em;-webkit-box-shadow:1px -1px 0 0 #bababc;box-shadow:1px -1px 0 0 #bababc}.ui.right.center.popup:before{top:50%;left:-.30714286em;bottom:auto;right:auto;margin-top:-.30714286em;-webkit-box-shadow:-1px 1px 0 0 #bababc;box-shadow:-1px 1px 0 0 #bababc}.ui.bottom.popup:before{background:#fff}.ui.left.center.popup:before,.ui.right.center.popup:before{background:#fff}.ui.top.popup:before{background:#fff}.ui.inverted.bottom.popup:before{background:#1b1c1d}.ui.inverted.left.center.popup:before,.ui.inverted.right.center.popup:before{background:#1b1c1d}.ui.inverted.top.popup:before{background:#1b1c1d}.ui.popup>.ui.grid:not(.padded){width:calc(100% + 1.75rem);margin:-.7rem -.875rem}.ui.loading.popup{display:block;visibility:hidden;z-index:-1}.ui.animating.popup,.ui.visible.popup{display:block}.ui.visible.popup{-webkit-transform:translateZ(0);transform:translateZ(0);-webkit-backface-visibility:hidden;backface-visibility:hidden}.ui.basic.popup:before{display:none}.ui.wide.popup{max-width:350px}.ui[class*="very wide"].popup{max-width:550px}@media only screen and (max-width:767px){.ui.wide.popup,.ui[class*="very wide"].popup{max-width:250px}}.ui.fluid.popup{width:100%;max-width:none}.ui.inverted.popup{background:#1b1c1d;color:#fff;border:none;-webkit-box-shadow:none;box-shadow:none}.ui.inverted.popup .header{background-color:none;color:#fff}.ui.inverted.popup:before{background-color:#1b1c1d;-webkit-box-shadow:none!important;box-shadow:none!important}.ui.flowing.popup{max-width:none}.ui.mini.popup{font-size:.78571429rem}.ui.tiny.popup{font-size:.85714286rem}.ui.small.popup{font-size:.92857143rem}.ui.popup{font-size:1rem}.ui.large.popup{font-size:1.14285714rem}.ui.huge.popup{font-size:1.42857143rem}/*!
- * # Semantic UI 2.4.0 - Progress Bar
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.progress{position:relative;display:block;max-width:100%;border:none;margin:1em 0 2.5em;-webkit-box-shadow:none;box-shadow:none;background:rgba(0,0,0,.1);padding:0;border-radius:.28571429rem}.ui.progress:first-child{margin:0 0 2.5em}.ui.progress:last-child{margin:0 0 1.5em}.ui.progress .bar{display:block;line-height:1;position:relative;width:0%;min-width:2em;background:#888;border-radius:.28571429rem;-webkit-transition:width .1s ease,background-color .1s ease;transition:width .1s ease,background-color .1s ease}.ui.progress .bar>.progress{white-space:nowrap;position:absolute;width:auto;font-size:.92857143em;top:50%;right:.5em;left:auto;bottom:auto;color:rgba(255,255,255,.7);text-shadow:none;margin-top:-.5em;font-weight:700;text-align:left}.ui.progress>.label{position:absolute;width:100%;font-size:1em;top:100%;right:auto;left:0;bottom:auto;color:rgba(0,0,0,.87);font-weight:700;text-shadow:none;margin-top:.2em;text-align:center;-webkit-transition:color .4s ease;transition:color .4s ease}.ui.indicating.progress[data-percent^="1"] .bar,.ui.indicating.progress[data-percent^="2"] .bar{background-color:#d95c5c}.ui.indicating.progress[data-percent^="3"] .bar{background-color:#efbc72}.ui.indicating.progress[data-percent^="4"] .bar,.ui.indicating.progress[data-percent^="5"] .bar{background-color:#e6bb48}.ui.indicating.progress[data-percent^="6"] .bar{background-color:#ddc928}.ui.indicating.progress[data-percent^="7"] .bar,.ui.indicating.progress[data-percent^="8"] .bar{background-color:#b4d95c}.ui.indicating.progress[data-percent^="100"] .bar,.ui.indicating.progress[data-percent^="9"] .bar{background-color:#66da81}.ui.indicating.progress[data-percent^="1"] .label,.ui.indicating.progress[data-percent^="2"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress[data-percent^="3"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress[data-percent^="4"] .label,.ui.indicating.progress[data-percent^="5"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress[data-percent^="6"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress[data-percent^="7"] .label,.ui.indicating.progress[data-percent^="8"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress[data-percent^="100"] .label,.ui.indicating.progress[data-percent^="9"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress[data-percent="1"] .bar,.ui.indicating.progress[data-percent="2"] .bar,.ui.indicating.progress[data-percent="3"] .bar,.ui.indicating.progress[data-percent="4"] .bar,.ui.indicating.progress[data-percent="5"] .bar,.ui.indicating.progress[data-percent="6"] .bar,.ui.indicating.progress[data-percent="7"] .bar,.ui.indicating.progress[data-percent="8"] .bar,.ui.indicating.progress[data-percent="9"] .bar{background-color:#d95c5c}.ui.indicating.progress[data-percent="1"] .label,.ui.indicating.progress[data-percent="2"] .label,.ui.indicating.progress[data-percent="3"] .label,.ui.indicating.progress[data-percent="4"] .label,.ui.indicating.progress[data-percent="5"] .label,.ui.indicating.progress[data-percent="6"] .label,.ui.indicating.progress[data-percent="7"] .label,.ui.indicating.progress[data-percent="8"] .label,.ui.indicating.progress[data-percent="9"] .label{color:rgba(0,0,0,.87)}.ui.indicating.progress.success .label{color:#1a531b}.ui.progress.success .bar{background-color:#21ba45!important}.ui.progress.success .bar,.ui.progress.success .bar::after{-webkit-animation:none!important;animation:none!important}.ui.progress.success>.label{color:#1a531b}.ui.progress.warning .bar{background-color:#f2c037!important}.ui.progress.warning .bar,.ui.progress.warning .bar::after{-webkit-animation:none!important;animation:none!important}.ui.progress.warning>.label{color:#794b02}.ui.progress.error .bar{background-color:#db2828!important}.ui.progress.error .bar,.ui.progress.error .bar::after{-webkit-animation:none!important;animation:none!important}.ui.progress.error>.label{color:#912d2b}.ui.active.progress .bar{position:relative;min-width:2em}.ui.active.progress .bar::after{content:'';opacity:0;position:absolute;top:0;left:0;right:0;bottom:0;background:#fff;border-radius:.28571429rem;-webkit-animation:progress-active 2s ease infinite;animation:progress-active 2s ease infinite}@-webkit-keyframes progress-active{0%{opacity:.3;width:0}100%{opacity:0;width:100%}}@keyframes progress-active{0%{opacity:.3;width:0}100%{opacity:0;width:100%}}.ui.disabled.progress{opacity:.35}.ui.disabled.progress .bar,.ui.disabled.progress .bar::after{-webkit-animation:none!important;animation:none!important}.ui.inverted.progress{background:rgba(255,255,255,.08);border:none}.ui.inverted.progress .bar{background:#888}.ui.inverted.progress .bar>.progress{color:#f9fafb}.ui.inverted.progress>.label{color:#fff}.ui.inverted.progress.success>.label{color:#21ba45}.ui.inverted.progress.warning>.label{color:#f2c037}.ui.inverted.progress.error>.label{color:#db2828}.ui.progress.attached{background:0 0;position:relative;border:none;margin:0}.ui.progress.attached,.ui.progress.attached .bar{display:block;height:.2rem;padding:0;overflow:hidden;border-radius:0 0 .28571429rem .28571429rem}.ui.progress.attached .bar{border-radius:0}.ui.progress.top.attached,.ui.progress.top.attached .bar{top:0;border-radius:.28571429rem .28571429rem 0 0}.ui.progress.top.attached .bar{border-radius:0}.ui.card>.ui.attached.progress,.ui.segment>.ui.attached.progress{position:absolute;top:auto;left:0;bottom:100%;width:100%}.ui.card>.ui.bottom.attached.progress,.ui.segment>.ui.bottom.attached.progress{top:100%;bottom:auto}.ui.red.progress .bar{background-color:#db2828}.ui.red.inverted.progress .bar{background-color:#ff695e}.ui.orange.progress .bar{background-color:#f2711c}.ui.orange.inverted.progress .bar{background-color:#ff851b}.ui.yellow.progress .bar{background-color:#fbbd08}.ui.yellow.inverted.progress .bar{background-color:#ffe21f}.ui.olive.progress .bar{background-color:#b5cc18}.ui.olive.inverted.progress .bar{background-color:#d9e778}.ui.green.progress .bar{background-color:#21ba45}.ui.green.inverted.progress .bar{background-color:#2ecc40}.ui.teal.progress .bar{background-color:#00b5ad}.ui.teal.inverted.progress .bar{background-color:#6dffff}.ui.blue.progress .bar{background-color:#2185d0}.ui.blue.inverted.progress .bar{background-color:#54c8ff}.ui.violet.progress .bar{background-color:#6435c9}.ui.violet.inverted.progress .bar{background-color:#a291fb}.ui.purple.progress .bar{background-color:#a333c8}.ui.purple.inverted.progress .bar{background-color:#dc73ff}.ui.pink.progress .bar{background-color:#e03997}.ui.pink.inverted.progress .bar{background-color:#ff8edf}.ui.brown.progress .bar{background-color:#a5673f}.ui.brown.inverted.progress .bar{background-color:#d67c1c}.ui.grey.progress .bar{background-color:#767676}.ui.grey.inverted.progress .bar{background-color:#dcddde}.ui.black.progress .bar{background-color:#1b1c1d}.ui.black.inverted.progress .bar{background-color:#545454}.ui.tiny.progress{font-size:.85714286rem}.ui.tiny.progress .bar{height:.5em}.ui.small.progress{font-size:.92857143rem}.ui.small.progress .bar{height:1em}.ui.progress{font-size:1rem}.ui.progress .bar{height:1.75em}.ui.large.progress{font-size:1.14285714rem}.ui.large.progress .bar{height:2.5em}.ui.big.progress{font-size:1.28571429rem}.ui.big.progress .bar{height:3.5em}/*!
- * # Semantic UI 2.4.0 - Rating
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.rating{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;white-space:nowrap;vertical-align:baseline}.ui.rating:last-child{margin-right:0}.ui.rating .icon{padding:0;margin:0;text-align:center;font-weight:400;font-style:normal;-webkit-box-flex:1;-ms-flex:1 0 auto;flex:1 0 auto;cursor:pointer;width:1.25em;height:auto;-webkit-transition:opacity .1s ease,background .1s ease,text-shadow .1s ease,color .1s ease;transition:opacity .1s ease,background .1s ease,text-shadow .1s ease,color .1s ease}.ui.rating .icon{background:0 0;color:rgba(0,0,0,.15)}.ui.rating .active.icon{background:0 0;color:rgba(0,0,0,.85)}.ui.rating .icon.selected,.ui.rating .icon.selected.active{background:0 0;color:rgba(0,0,0,.87)}.ui.star.rating .icon{width:1.25em;height:auto;background:0 0;color:rgba(0,0,0,.15);text-shadow:none}.ui.star.rating .active.icon{background:0 0!important;color:#ffe623!important;text-shadow:0 -1px 0 #ddc507,-1px 0 0 #ddc507,0 1px 0 #ddc507,1px 0 0 #ddc507!important}.ui.star.rating .icon.selected,.ui.star.rating .icon.selected.active{background:0 0!important;color:#fc0!important;text-shadow:0 -1px 0 #e6a200,-1px 0 0 #e6a200,0 1px 0 #e6a200,1px 0 0 #e6a200!important}.ui.heart.rating .icon{width:1.4em;height:auto;background:0 0;color:rgba(0,0,0,.15);text-shadow:none!important}.ui.heart.rating .active.icon{background:0 0!important;color:#ff6d75!important;text-shadow:0 -1px 0 #cd0707,-1px 0 0 #cd0707,0 1px 0 #cd0707,1px 0 0 #cd0707!important}.ui.heart.rating .icon.selected,.ui.heart.rating .icon.selected.active{background:0 0!important;color:#ff3000!important;text-shadow:0 -1px 0 #aa0101,-1px 0 0 #aa0101,0 1px 0 #aa0101,1px 0 0 #aa0101!important}.ui.disabled.rating .icon{cursor:default}.ui.rating.selected .active.icon{opacity:1}.ui.rating .icon.selected,.ui.rating.selected .icon.selected{opacity:1}.ui.mini.rating{font-size:.78571429rem}.ui.tiny.rating{font-size:.85714286rem}.ui.small.rating{font-size:.92857143rem}.ui.rating{font-size:1rem}.ui.large.rating{font-size:1.14285714rem}.ui.huge.rating{font-size:1.42857143rem}.ui.massive.rating{font-size:2rem}@font-face{font-family:Rating;src:url(data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMggjCBsAAAC8AAAAYGNtYXCj2pm8AAABHAAAAKRnYXNwAAAAEAAAAcAAAAAIZ2x5ZlJbXMYAAAHIAAARnGhlYWQBGAe5AAATZAAAADZoaGVhA+IB/QAAE5wAAAAkaG10eCzgAEMAABPAAAAAcGxvY2EwXCxOAAAUMAAAADptYXhwACIAnAAAFGwAAAAgbmFtZfC1n04AABSMAAABPHBvc3QAAwAAAAAVyAAAACAAAwIAAZAABQAAAUwBZgAAAEcBTAFmAAAA9QAZAIQAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADxZQHg/+D/4AHgACAAAAABAAAAAAAAAAAAAAAgAAAAAAACAAAAAwAAABQAAwABAAAAFAAEAJAAAAAgACAABAAAAAEAIOYF8AbwDfAj8C7wbvBw8Irwl/Cc8SPxZf/9//8AAAAAACDmAPAE8AzwI/Au8G7wcPCH8JfwnPEj8WT//f//AAH/4xoEEAYQAQ/sD+IPow+iD4wPgA98DvYOtgADAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAH//wAPAAEAAAAAAAAAAAACAAA3OQEAAAAAAQAAAAAAAAAAAAIAADc5AQAAAAABAAAAAAAAAAAAAgAANzkBAAAAAAIAAP/tAgAB0wAKABUAAAEvAQ8BFwc3Fyc3BQc3Jz8BHwEHFycCALFPT7GAHp6eHoD/AHAWW304OH1bFnABGRqgoBp8sFNTsHyyOnxYEnFxElh8OgAAAAACAAD/7QIAAdMACgASAAABLwEPARcHNxcnNwUxER8BBxcnAgCxT0+xgB6enh6A/wA4fVsWcAEZGqCgGnywU1OwfLIBHXESWHw6AAAAAQAA/+0CAAHTAAoAAAEvAQ8BFwc3Fyc3AgCxT0+xgB6enh6AARkaoKAafLBTU7B8AAAAAAEAAAAAAgABwAArAAABFA4CBzEHDgMjIi4CLwEuAzU0PgIzMh4CFz4DMzIeAhUCAAcMEgugBgwMDAYGDAwMBqALEgwHFyg2HhAfGxkKChkbHxAeNigXAS0QHxsZCqAGCwkGBQkLBqAKGRsfEB42KBcHDBILCxIMBxcoNh4AAAAAAgAAAAACAAHAACsAWAAAATQuAiMiDgIHLgMjIg4CFRQeAhcxFx4DMzI+Aj8BPgM1DwEiFCIGMTAmIjQjJy4DNTQ+AjMyHgIfATc+AzMyHgIVFA4CBwIAFyg2HhAfGxkKChkbHxAeNigXBwwSC6AGDAwMBgYMDAwGoAsSDAdbogEBAQEBAaIGCgcEDRceEQkREA4GLy8GDhARCREeFw0EBwoGAS0eNigXBwwSCwsSDAcXKDYeEB8bGQqgBgsJBgUJCwagChkbHxA+ogEBAQGiBg4QEQkRHhcNBAcKBjQ0BgoHBA0XHhEJERAOBgABAAAAAAIAAcAAMQAAARQOAgcxBw4DIyIuAi8BLgM1ND4CMzIeAhcHFwc3Jzc+AzMyHgIVAgAHDBILoAYMDAwGBgwMDAagCxIMBxcoNh4KFRMSCC9wQLBwJwUJCgkFHjYoFwEtEB8bGQqgBgsJBgUJCwagChkbHxAeNigXAwUIBUtAoMBAOwECAQEXKDYeAAABAAAAAAIAAbcAKgAAEzQ3NjMyFxYXFhcWFzY3Njc2NzYzMhcWFRQPAQYjIi8BJicmJyYnJicmNQAkJUARExIQEAsMCgoMCxAQEhMRQCUkQbIGBwcGsgMFBQsKCQkGBwExPyMkBgYLCgkKCgoKCQoLBgYkIz8/QawFBawCBgUNDg4OFRQTAAAAAQAAAA0B2wHSACYAABM0PwI2FzYfAhYVFA8BFxQVFAcGByYvAQcGByYnJjU0PwEnJjUAEI9BBQkIBkCPEAdoGQMDBgUGgIEGBQYDAwEYaAcBIwsCFoEMAQEMgRYCCwYIZJABBQUFAwEBAkVFAgEBAwUFAwOQZAkFAAAAAAIAAAANAdsB0gAkAC4AABM0PwI2FzYfAhYVFA8BFxQVFAcmLwEHBgcmJyY1ND8BJyY1HwEHNxcnNy8BBwAQj0EFCQgGQI8QB2gZDAUGgIEGBQYDAwEYaAc/WBVsaxRXeDY2ASMLAhaBDAEBDIEWAgsGCGSQAQUNAQECRUUCAQEDBQUDA5BkCQURVXg4OHhVEW5uAAABACMAKQHdAXwAGgAANzQ/ATYXNh8BNzYXNh8BFhUUDwEGByYvASY1IwgmCAwLCFS8CAsMCCYICPUIDAsIjgjSCwkmCQEBCVS7CQEBCSYJCg0H9gcBAQePBwwAAAEAHwAfAXMBcwAsAAA3ND8BJyY1ND8BNjMyHwE3NjMyHwEWFRQPARcWFRQPAQYjIi8BBwYjIi8BJjUfCFRUCAgnCAwLCFRUCAwLCCcICFRUCAgnCAsMCFRUCAsMCCcIYgsIVFQIDAsIJwgIVFQICCcICwwIVFQICwwIJwgIVFQICCcIDAAAAAACAAAAJQFJAbcAHwArAAA3NTQ3NjsBNTQ3NjMyFxYdATMyFxYdARQHBiMhIicmNTczNTQnJiMiBwYdAQAICAsKJSY1NCYmCQsICAgIC/7tCwgIW5MWFR4fFRZApQsICDc0JiYmJjQ3CAgLpQsICAgIC8A3HhYVFRYeNwAAAQAAAAcBbgG3ACEAADcRNDc2NzYzITIXFhcWFREUBwYHBiMiLwEHBiMiJyYnJjUABgUKBgYBLAYGCgUGBgUKBQcOCn5+Cg4GBgoFBicBcAoICAMDAwMICAr+kAoICAQCCXl5CQIECAgKAAAAAwAAACUCAAFuABgAMQBKAAA3NDc2NzYzMhcWFxYVFAcGBwYjIicmJyY1MxYXFjMyNzY3JicWFRQHBiMiJyY1NDcGBzcUFxYzMjc2NTQ3NjMyNzY1NCcmIyIHBhUABihDREtLREMoBgYoQ0RLS0RDKAYlJjk5Q0M5OSYrQREmJTU1JSYRQSuEBAQGBgQEEREZBgQEBAQGJBkayQoKQSgoKChBCgoKCkEoJycoQQoKOiMjIyM6RCEeIjUmJSUmNSIeIUQlBgQEBAQGGBIRBAQGBgQEGhojAAAABQAAAAkCAAGJACwAOABRAGgAcAAANzQ3Njc2MzIXNzYzMhcWFxYXFhcWFxYVFDEGBwYPAQYjIicmNTQ3JicmJyY1MxYXNyYnJjU0NwYHNxQXFjMyNzY1NDc2MzI3NjU0JyYjIgcGFRc3Njc2NyYnNxYXFhcWFRQHBgcGBwYjPwEWFRQHBgcABitBQU0ZGhADBQEEBAUFBAUEBQEEHjw8Hg4DBQQiBQ0pIyIZBiUvSxYZDg4RQSuEBAQGBgQEEREZBgQEBAQGJBkaVxU9MzQiIDASGxkZEAYGCxQrODk/LlACFxYlyQsJQycnBRwEAgEDAwIDAwIBAwUCNmxsNhkFFAMFBBUTHh8nCQtKISgSHBsfIh4hRCUGBAQEBAYYEhEEBAYGBAQaGiPJJQUiIjYzISASGhkbCgoKChIXMRsbUZANCyghIA8AAAMAAAAAAbcB2wA5AEoAlAAANzU0NzY7ATY3Njc2NzY3Njc2MzIXFhcWFRQHMzIXFhUUBxYVFAcUFRQHFgcGKwEiJyYnJisBIicmNTcUFxYzMjc2NTQnJiMiBwYVFzMyFxYXFhcWFxYXFhcWOwEyNTQnNjc2NTQnNjU0JyYnNjc2NTQnJisBNDc2NTQnJiMGBwYHBgcGBwYHBgcGBwYHBgcGBwYrARUACwoQTgodEQ4GBAMFBgwLDxgTEwoKDjMdFhYOAgoRARkZKCUbGxsjIQZSEAoLJQUFCAcGBQUGBwgFBUkJBAUFBAQHBwMDBwcCPCUjNwIJBQUFDwMDBAkGBgsLDmUODgoJGwgDAwYFDAYQAQUGAwQGBgYFBgUGBgQJSbcPCwsGJhUPCBERExMMCgkJFBQhGxwWFR4ZFQoKFhMGBh0WKBcXBgcMDAoLDxIHBQYGBQcIBQYGBQgSAQEBAQICAQEDAgEULwgIBQoLCgsJDhQHCQkEAQ0NCg8LCxAdHREcDQ4IEBETEw0GFAEHBwUECAgFBQUFAgO3AAADAAD/2wG3AbcAPABNAJkAADc1NDc2OwEyNzY3NjsBMhcWBxUWFRQVFhUUBxYVFAcGKwEWFRQHBgcGIyInJicmJyYnJicmJyYnIyInJjU3FBcWMzI3NjU0JyYjIgcGFRczMhcWFxYXFhcWFxYXFhcWFxYXFhcWFzI3NjU0JyY1MzI3NjU0JyYjNjc2NTQnNjU0JyYnNjU0JyYrASIHIgcGBwYHBgcGIwYrARUACwoQUgYhJRsbHiAoGRkBEQoCDhYWHTMOCgoTExgPCwoFBgIBBAMFDhEdCk4QCgslBQUIBwYFBQYHCAUFSQkEBgYFBgUGBgYEAwYFARAGDAUGAwMIGwkKDg5lDgsLBgYJBAMDDwUFBQkCDg4ZJSU8AgcHAwMHBwQEBQUECbe3DwsKDAwHBhcWJwIWHQYGExYKChUZHhYVHRoiExQJCgsJDg4MDAwNBg4WJQcLCw+kBwUGBgUHCAUGBgUIpAMCBQYFBQcIBAUHBwITBwwTExERBw0OHBEdHRALCw8KDQ0FCQkHFA4JCwoLCgUICBgMCxUDAgEBAgMBAQG3AAAAAQAAAA0A7gHSABQAABM0PwI2FxEHBgcmJyY1ND8BJyY1ABCPQQUJgQYFBgMDARhoBwEjCwIWgQwB/oNFAgEBAwUFAwOQZAkFAAAAAAIAAAAAAgABtwAqAFkAABM0NzYzMhcWFxYXFhc2NzY3Njc2MzIXFhUUDwEGIyIvASYnJicmJyYnJjUzFB8BNzY1NCcmJyYnJicmIyIHBgcGBwYHBiMiJyYnJicmJyYjIgcGBwYHBgcGFQAkJUARExIQEAsMCgoMCxAQEhMRQCUkQbIGBwcGsgMFBQsKCQkGByU1pqY1BgYJCg4NDg0PDhIRDg8KCgcFCQkFBwoKDw4REg4PDQ4NDgoJBgYBMT8jJAYGCwoJCgoKCgkKCwYGJCM/P0GsBQWsAgYFDQ4ODhUUEzA1oJ82MBcSEgoLBgcCAgcHCwsKCQgHBwgJCgsLBwcCAgcGCwoSEhcAAAACAAAABwFuAbcAIQAoAAA3ETQ3Njc2MyEyFxYXFhURFAcGBwYjIi8BBwYjIicmJyY1PwEfAREhEQAGBQoGBgEsBgYKBQYGBQoFBw4Kfn4KDgYGCgUGJZIZef7cJwFwCggIAwMDAwgICv6QCggIBAIJeXkJAgQICAoIjRl0AWP+nQAAAAABAAAAJQHbAbcAMgAANzU0NzY7ATU0NzYzMhcWHQEUBwYrASInJj0BNCcmIyIHBh0BMzIXFh0BFAcGIyEiJyY1AAgIC8AmJjQ1JiUFBQgSCAUFFhUfHhUWHAsICAgIC/7tCwgIQKULCAg3NSUmJiU1SQgFBgYFCEkeFhUVFh43CAgLpQsICAgICwAAAAIAAQANAdsB0gAiAC0AABM2PwI2MzIfAhYXFg8BFxYHBiMiLwEHBiMiJyY/AScmNx8CLwE/AS8CEwEDDJBABggJBUGODgIDCmcYAgQCCAMIf4IFBgYEAgEZaQgC7hBbEgINSnkILgEBJggCFYILC4IVAggICWWPCgUFA0REAwUFCo9lCQipCTBmEw1HEhFc/u0AAAADAAAAAAHJAbcAFAAlAHkAADc1NDc2OwEyFxYdARQHBisBIicmNTcUFxYzMjc2NTQnJiMiBwYVFzU0NzYzNjc2NzY3Njc2NzY3Njc2NzY3NjMyFxYXFhcWFxYXFhUUFRQHBgcGBxQHBgcGBzMyFxYVFAcWFRYHFgcGBxYHBgcjIicmJyYnJiciJyY1AAUGB1MHBQYGBQdTBwYFJQUFCAcGBQUGBwgFBWQFBQgGDw8OFAkFBAQBAQMCAQIEBAYFBw4KCgcHBQQCAwEBAgMDAgYCAgIBAU8XEBAQBQEOBQUECwMREiYlExYXDAwWJAoHBQY3twcGBQUGB7cIBQUFBQgkBwYFBQYHCAUGBgUIJLcHBQYBEBATGQkFCQgGBQwLBgcICQUGAwMFBAcHBgYICQQEBwsLCwYGCgIDBAMCBBEQFhkSDAoVEhAREAsgFBUBBAUEBAcMAQUFCAAAAAADAAD/2wHJAZIAFAAlAHkAADcUFxYXNxY3Nj0BNCcmBycGBwYdATc0NzY3FhcWFRQHBicGJyY1FzU0NzY3Fjc2NzY3NjcXNhcWBxYXFgcWBxQHFhUUBwYHJxYXFhcWFRYXFhcWFRQVFAcGBwYHBgcGBwYnBicmJyYnJicmJyYnJicmJyYnJiciJyY1AAUGB1MHBQYGBQdTBwYFJQUFCAcGBQUGBwgFBWQGBQcKJBYMDBcWEyUmEhEDCwQFBQ4BBRAQEBdPAQECAgIGAgMDAgEBAwIEBQcHCgoOBwUGBAQCAQIDAQEEBAUJFA4PDwYIBQWlBwYFAQEBBwQJtQkEBwEBAQUGB7eTBwYEAQEEBgcJBAYBAQYECZS4BwYEAgENBwUCBgMBAQEXEyEJEhAREBcIDhAaFhEPAQEFAgQCBQELBQcKDAkIBAUHCgUGBwgDBgIEAQEHBQkIBwUMCwcECgcGCRoREQ8CBgQIAAAAAQAAAAEAAJth57dfDzz1AAsCAAAAAADP/GODAAAAAM/8Y4MAAP/bAgAB2wAAAAgAAgAAAAAAAAABAAAB4P/gAAACAAAAAAACAAABAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAEAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAdwAAAHcAAACAAAjAZMAHwFJAAABbgAAAgAAAAIAAAACAAAAAgAAAAEAAAACAAAAAW4AAAHcAAAB3AABAdwAAAHcAAAAAAAAAAoAFAAeAEoAcACKAMoBQAGIAcwCCgJUAoICxgMEAzoDpgRKBRgF7AYSBpgG2gcgB2oIGAjOAAAAAQAAABwAmgAFAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAA4ArgABAAAAAAABAAwAAAABAAAAAAACAA4AQAABAAAAAAADAAwAIgABAAAAAAAEAAwATgABAAAAAAAFABYADAABAAAAAAAGAAYALgABAAAAAAAKADQAWgADAAEECQABAAwAAAADAAEECQACAA4AQAADAAEECQADAAwAIgADAAEECQAEAAwATgADAAEECQAFABYADAADAAEECQAGAAwANAADAAEECQAKADQAWgByAGEAdABpAG4AZwBWAGUAcgBzAGkAbwBuACAAMQAuADAAcgBhAHQAaQBuAGdyYXRpbmcAcgBhAHQAaQBuAGcAUgBlAGcAdQBsAGEAcgByAGEAdABpAG4AZwBGAG8AbgB0ACAAZwBlAG4AZQByAGEAdABlAGQAIABiAHkAIABJAGMAbwBNAG8AbwBuAC4AAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==) format('truetype'),url(data:application/font-woff;charset=utf-8;base64,d09GRk9UVE8AABcUAAoAAAAAFswAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABDRkYgAAAA9AAAEuEAABLho6TvIE9TLzIAABPYAAAAYAAAAGAIIwgbY21hcAAAFDgAAACkAAAApKPambxnYXNwAAAU3AAAAAgAAAAIAAAAEGhlYWQAABTkAAAANgAAADYBGAe5aGhlYQAAFRwAAAAkAAAAJAPiAf1obXR4AAAVQAAAAHAAAABwLOAAQ21heHAAABWwAAAABgAAAAYAHFAAbmFtZQAAFbgAAAE8AAABPPC1n05wb3N0AAAW9AAAACAAAAAgAAMAAAEABAQAAQEBB3JhdGluZwABAgABADr4HAL4GwP4GAQeCgAZU/+Lix4KABlT/4uLDAeLZviU+HQFHQAAAP0PHQAAAQIRHQAAAAkdAAAS2BIAHQEBBw0PERQZHiMoLTI3PEFGS1BVWl9kaW5zeH2Ch4xyYXRpbmdyYXRpbmd1MHUxdTIwdUU2MDB1RTYwMXVFNjAydUU2MDN1RTYwNHVFNjA1dUYwMDR1RjAwNXVGMDA2dUYwMEN1RjAwRHVGMDIzdUYwMkV1RjA2RXVGMDcwdUYwODd1RjA4OHVGMDg5dUYwOEF1RjA5N3VGMDlDdUYxMjN1RjE2NHVGMTY1AAACAYkAGgAcAgABAAQABwAKAA0AVgCWAL0BAgGMAeQCbwLwA4cD5QR0BQMFdgZgB8MJkQtxC7oM2Q1jDggOmRAYEZr8lA78lA78lA77lA74lPetFftFpTz3NDz7NPtFcfcU+xBt+0T3Mt73Mjht90T3FPcQBfuU+0YV+wRRofcQMOP3EZ3D9wXD+wX3EXkwM6H7EPsExQUO+JT3rRX7RaU89zQ8+zT7RXH3FPsQbftE9zLe9zI4bfdE9xT3EAX7lPtGFYuLi/exw/sF9xF5MDOh+xD7BMUFDviU960V+0WlPPc0PPs0+0Vx9xT7EG37RPcy3vcyOG33RPcU9xAFDviU98EVi2B4ZG5wCIuL+zT7NAV7e3t7e4t7i3ube5sI+zT3NAVupniyi7aL3M3N3Iu2i7J4pm6mqLKetovci81JizoIDviU98EVi9xJzTqLYItkeHBucKhknmCLOotJSYs6i2CeZKhwCIuL9zT7NAWbe5t7m4ubi5ubm5sI9zT3NAWopp6yi7YIME0V+zb7NgWKioqKiouKi4qMiowI+zb3NgV6m4Ghi6OLubCwuYuji6GBm3oIule6vwWbnKGVo4u5i7Bmi12Lc4F1ensIDviU98EVi2B4ZG5wCIuL+zT7NAV7e3t7e4t7i3ube5sI+zT3NAVupniyi7aL3M3N3Iuni6WDoX4IXED3BEtL+zT3RPdU+wTLssYFl46YjZiL3IvNSYs6CA6L98UVi7WXrKOio6Otl7aLlouXiZiHl4eWhZaEloSUhZKFk4SShZKEkpKSkZOSkpGUkZaSCJaSlpGXj5iPl42Wi7aLrX+jc6N0l2qLYYthdWBgYAj7RvtABYeIh4mGi4aLh42Hjgj7RvdABYmNiY2Hj4iOhpGDlISUhZWFlIWVhpaHmYaYiZiLmAgOZ4v3txWLkpCPlo0I9yOgzPcWBY6SkI+Ri5CLkIePhAjL+xb3I3YFlomQh4uEi4aJh4aGCCMmpPsjBYuKi4mLiIuHioiJiImIiIqHi4iLh4yHjQj7FM/7FUcFh4mHioiLh4uIjImOiY6KjouPi4yLjYyOCKP3IyPwBYaQiZCLjwgOZ4v3txWLkpCPlo0I9yOgzPcWBY6SkI+Ri5CLkIePhAjL+xb3I3YFlomQh4uEi4aJh4aGCCMmpPsjBYuKi4mLiIuCh4aDi4iLh4yHjQj7FM/7FUcFh4mHioiLh4uIjImOiY6KjouPi4yLjYyOCKP3IyPwBYaQiZCLjwjKeRXjN3b7DfcAxPZSd/cN4t/7DJ1V9wFV+wEFDq73ZhWLk42RkZEIsbIFkZCRjpOLkouSiJCGCN8291D3UAWQkJKOkouTi5GIkYYIsWQFkYaNhIuEi4OJhYWFCPuJ+4kFhYWFiYOLhIuEjYaRCPsi9yIFhZCJkouSCA77AartFYuSjpKQkAjf3zffBYaQiJKLk4uSjpKQkAiysgWRkJGOk4uSi5KIkIYI3zff3wWQkJKOk4uSi5KIkIYIsmQFkIaOhIuEi4OIhIaGCDc33zcFkIaOhIuEi4OIhYaFCGRkBYaGhIiEi4OLhI6GkAg33zc3BYaGhIiEi4OLhY6FkAhksgWGkYiRi5MIDvtLi8sVi/c5BYuSjpKQkJCQko6SiwiVi4vCBYuul6mkpKSkqpiui66LqX6kcqRymG2LaAiLVJSLBZKLkoiQhpCGjoSLhAiL+zkFi4OIhYaGhoWEiYSLCPuniwWEi4SNhpGGkIiRi5MI5vdUFfcni4vCBYufhJx8mn2ZepJ3i3aLeoR9fX18g3qLdwiLVAUO+yaLshWL+AQFi5GNkY+RjpCQj5KNj42PjI+LCPfAiwWPi4+Kj4mRiZCHj4aPhY2Fi4UIi/wEBYuEiYWHhoeGhoeFiIiKhoqHi4GLhI6EkQj7EvcN+xL7DQWEhYOIgouHi4eLh42EjoaPiJCHkImRi5IIDov3XRWLko2Rj5Kltq+vuKW4pbuZvYu9i7t9uHG4ca9npWCPhI2Fi4SLhYmEh4RxYGdoXnAIXnFbflmLWYtbmF6lXqZnrnG2h5KJkouRCLCLFaRkq2yxdLF0tH+4i7iLtJexorGiq6qksm64Z61goZZ3kXaLdItnfm1ycnJybX9oiwhoi22XcqRypH6pi6+LopGglp9gdWdpbl4I9xiwFYuHjIiOiI6IjoqPi4+LjoyOjo2OjY6Lj4ubkJmXl5eWmZGbi4+LjoyOjo2OjY6LjwiLj4mOiY6IjYiNh4tzi3eCenp6eoJ3i3MIDov3XRWLko2Sj5GouK+utqW3pbqYvouci5yJnIgIm6cFjY6NjI+LjIuNi42JjYqOio+JjomOiY6KjomOiY6JjoqNioyKjomMiYuHi4qLiouLCHdnbVVjQ2NDbVV3Zwh9cgWJiIiJiIuJi36SdJiIjYmOi46LjY+UlJlvl3KcdJ90oHeie6WHkYmSi5IIsIsVqlq0Z711CKGzBXqXfpqCnoKdhp6LoIuikaCWn2B1Z2luXgj3GLAVi4eMiI6IjoiOio+Lj4uOjI6OjY6NjouPi5uQmZeXl5aZkZuLj4uOjI6OjY6NjouPCIuPiY6JjoiNiI2Hi3OLd4J6enp6gneLcwji+10VoLAFtI+wmK2hrqKnqKKvdq1wp2uhCJ2rBZ1/nHycepx6mHqWeY+EjYWLhIuEiYWHhIR/gH1+fG9qaXJmeWV5Y4Jhiwi53BXb9yQFjIKMg4uEi3CDc3x1fHV3fHOBCA6L1BWL90sFi5WPlJKSkpKTj5aLCNmLBZKPmJqepJaZlZeVlY+Qj5ONl42WjpeOmI+YkZWTk5OSk46Vi5uLmYiYhZiFlIGSfgiSfo55i3WLeYd5gXgIvosFn4uchJl8mn2Seot3i3qGfIJ9jYSLhYuEi3yIfoR+i4eLh4uHi3eGen99i3CDdnt8CHt8dYNwiwhmiwV5i3mNeY95kHeRc5N1k36Ph4sIOYsFgIuDjoSShJKHlIuVCLCdFYuGjIePiI+Hj4mQi5CLj42Pj46OjY+LkIuQiZCIjoePh42Gi4aLh4mHh4eIioaLhgjUeRWUiwWNi46Lj4qOi4+KjYqOi4+Kj4mQio6KjYqNio+Kj4mQio6KjIqzfquEpIsIrosFr4uemouri5CKkYqQkY6QkI6SjpKNkouSi5KJkoiRlZWQlouYi5CKkImRiZGJj4iOCJGMkI+PlI+UjZKLkouViJODk4SSgo+CiwgmiwWLlpCalJ6UnpCbi5aLnoiYhJSFlH+QeYuGhoeDiYCJf4h/h3+IfoWBg4KHh4SCgH4Ii4qIiYiGh4aIh4mIiIiIh4eGh4aHh4eHiIiHiIeHiIiHiIeKh4mIioiLCIKLi/tLBQ6L90sVi/dLBYuVj5OSk5KSk46WiwjdiwWPi5iPoZOkk6CRnZCdj56Nn4sIq4sFpougg5x8m3yTd4txCIuJBZd8kHuLd4uHi4eLh5J+jn6LfIuEi4SJhZR9kHyLeot3hHp8fH19eoR3iwhYiwWVeI95i3mLdIh6hH6EfoKBfoV+hX2He4uBi4OPg5KFkYaTh5SHlYiTipOKk4qTiJMIiZSIkYiPgZSBl4CaeKR+moSPCD2LBYCLg4+EkoSSh5SLlQiw9zgVi4aMh4+Ij4ePiZCLkIuPjY+Pjo6Nj4uQi5CJkIiOh4+HjYaLhouHiYeHh4iKhouGCNT7OBWUiwWOi46Kj4mPio+IjoiPh4+IjoePiI+Hj4aPho6HjoiNiI6Hj4aOho6Ii4qWfpKDj4YIk4ORgY5+j36OgI1/jYCPg5CGnYuXj5GUkpSOmYuei5aGmoKfgp6GmouWCPCLBZSLlI+SkpOTjpOLlYuSiZKHlIeUho+Fi46PjY+NkY2RjJCLkIuYhpaBlY6RjZKLkgiLkomSiJKIkoaQhY6MkIyRi5CLm4aXgpOBkn6Pe4sIZosFcotrhGN9iouIioaJh4qHiomKiYqIioaKh4mHioiKiYuHioiLh4qIi4mLCIKLi/tLBQ77lIv3txWLkpCPlo0I9yOgzPcWBY6SkI+RiwiL/BL7FUcFh4mHioiLh4uIjImOiY6KjouPi4yLjYyOCKP3IyPwBYaQiZCLjwgOi/fFFYu1l6yjoqOjrZe2i5aLl4mYh5eHloWWhJaElIWShZOEkoWShJKSkpGTkpKRlJGWkgiWkpaRl4+Yj5eNlou2i61/o3OjdJdqi2GLYXVgYGAI+0b7QAWHiIeJhouGi4eNh44I+0b3QAWJjYmNh4+IjoaRg5SElIWVhZSFlYaWh5mGmImYi5gIsIsVi2ucaa9oCPc6+zT3OvczBa+vnK2Lq4ubiZiHl4eXhpSFkoSSg5GCj4KQgo2CjYONgYuBi4KLgIl/hoCGgIWChAiBg4OFhISEhYaFhoaIhoaJhYuFi4aNiJCGkIaRhJGEkoORgZOCkoCRgJB/kICNgosIgYuBi4OJgomCiYKGgoeDhYSEhYSGgod/h3+Jfot7CA77JouyFYv4BAWLkY2Rj5GOkJCPko2PjY+Mj4sI98CLBY+Lj4qPiZGJkIePho+FjYWLhQiL/AQFi4SJhYeGh4aGh4WIiIqGioeLgYuEjoSRCPsS9w37EvsNBYSFg4iCi4eLh4uHjYSOho+IkIeQiZGLkgiwkxX3JvchpHL3DfsIi/f3+7iLi/v3BQ5ni8sVi/c5BYuSjpKQkJCQko6Siwj3VIuLwgWLrpippKSkpKmYrouvi6l+pHKkcpdti2gIi0IFi4aKhoeIh4eHiYaLCHmLBYaLh42Hj4eOipCLkAiL1AWLn4OcfZp9mXqSdot3i3qEfX18fIR6i3cIi1SniwWSi5KIkIaQho6Ei4QIi/s5BYuDiIWGhoaFhImEiwj7p4sFhIuEjYaRhpCIkYuTCA5njPe6FYyQkI6UjQj3I6DM9xYFj5KPj5GLkIuQh4+ECMv7FvcjdgWUiZCIjYaNhoiFhYUIIyak+yMFjIWKhomHiYiIiYaLiIuHjIeNCPsUz/sVRwWHiYeKiIuHi4eNiY6Jj4uQjJEIo/cjI/AFhZGJkY2QCPeB+z0VnILlW3rxiJ6ZmNTS+wydgpxe54v7pwUOZ4vCFYv3SwWLkI2Pjo+Pjo+NkIsI3osFkIuPiY6Ij4eNh4uGCIv7SwWLhomHh4eIh4eKhosIOIsFhouHjIePiI+Jj4uQCLCvFYuGjIePh46IkImQi5CLj42Pjo6PjY+LkIuQiZCIjoePh42Gi4aLhomIh4eIioaLhgjvZxWL90sFi5CNj46Oj4+PjZCLj4ySkJWWlZaVl5SXmJuVl5GRjo6OkI6RjZCNkIyPjI6MkY2TCIySjJGMj4yPjZCOkY6RjpCPjo6Pj42Qi5SLk4qSiZKJkYiPiJCIjoiPho6GjYeMhwiNh4yGjIaMhYuHi4iLiIuHi4eLg4uEiYSJhImFiYeJh4mFh4WLioqJiomJiIqJiokIi4qKiIqJCNqLBZqLmIWWgJaAkH+LfIt6hn2Af46DjYSLhIt9h36Cf4+Bi3+HgImAhYKEhI12hnmAfgh/fXiDcosIZosFfot+jHyOfI5/joOOg41/j32Qc5N8j4SMhouHjYiOh4+Jj4uQCA5ni/c5FYuGjYaOiI+Hj4mQiwjeiwWQi4+Njo+Pjo2Qi5AIi/dKBYuQiZCHjoiPh42Giwg4iwWGi4eJh4eIiImGi4YIi/tKBbD3JhWLkIyPj4+OjpCNkIuQi4+Jj4iOh42Hi4aLhomHiIeHh4eKhouGi4aMiI+Hj4qPi5AI7/snFYv3SwWLkI2Qj46Oj4+NkIuSi5qPo5OZkJePk46TjZeOmo6ajpiMmIsIsIsFpIueg5d9ln6Qeol1koSRgo2Aj4CLgIeAlH+Pfot9i4WJhIiCloCQfIt7i3yFfoGACICAfoZ8iwg8iwWMiIyJi4mMiYyJjYmMiIyKi4mPhI2GjYeNh42GjYOMhIyEi4SLhouHi4iLiYuGioYIioWKhomHioeJh4iGh4eIh4aIh4iFiISJhImDioKLhouHjYiPh4+Ij4iRiJGJkIqPCIqPipGKkomTipGKj4qOiZCJkYiQiJCIjoWSgZZ+nIKXgZaBloGWhJGHi4aLh42HjwiIjomQi48IDviUFPiUFYsMCgAAAAADAgABkAAFAAABTAFmAAAARwFMAWYAAAD1ABkAhAAAAAAAAAAAAAAAAAAAAAEQAAAAAAAAAAAAAAAAAAAAAEAAAPFlAeD/4P/gAeAAIAAAAAEAAAAAAAAAAAAAACAAAAAAAAIAAAADAAAAFAADAAEAAAAUAAQAkAAAACAAIAAEAAAAAQAg5gXwBvAN8CPwLvBu8HDwivCX8JzxI/Fl//3//wAAAAAAIOYA8ATwDPAj8C7wbvBw8Ifwl/Cc8SPxZP/9//8AAf/jGgQQBhABD+wP4g+jD6IPjA+AD3wO9g62AAMAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAf//AA8AAQAAAAEAAJrVlLJfDzz1AAsCAAAAAADP/GODAAAAAM/8Y4MAAP/bAgAB2wAAAAgAAgAAAAAAAAABAAAB4P/gAAACAAAAAAACAAABAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAEAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAdwAAAHcAAACAAAjAZMAHwFJAAABbgAAAgAAAAIAAAACAAAAAgAAAAEAAAACAAAAAW4AAAHcAAAB3AABAdwAAAHcAAAAAFAAABwAAAAAAA4ArgABAAAAAAABAAwAAAABAAAAAAACAA4AQAABAAAAAAADAAwAIgABAAAAAAAEAAwATgABAAAAAAAFABYADAABAAAAAAAGAAYALgABAAAAAAAKADQAWgADAAEECQABAAwAAAADAAEECQACAA4AQAADAAEECQADAAwAIgADAAEECQAEAAwATgADAAEECQAFABYADAADAAEECQAGAAwANAADAAEECQAKADQAWgByAGEAdABpAG4AZwBWAGUAcgBzAGkAbwBuACAAMQAuADAAcgBhAHQAaQBuAGdyYXRpbmcAcgBhAHQAaQBuAGcAUgBlAGcAdQBsAGEAcgByAGEAdABpAG4AZwBGAG8AbgB0ACAAZwBlAG4AZQByAGEAdABlAGQAIABiAHkAIABJAGMAbwBNAG8AbwBuAC4AAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==) format('woff');font-weight:400;font-style:normal}.ui.rating .icon{font-family:Rating;line-height:1;-webkit-backface-visibility:hidden;backface-visibility:hidden;font-weight:400;font-style:normal;text-align:center}.ui.rating .icon:before{content:'\f005'}.ui.rating .active.icon:before{content:'\f005'}.ui.star.rating .icon:before{content:'\f005'}.ui.star.rating .active.icon:before{content:'\f005'}.ui.star.rating .partial.icon:before{content:'\f006'}.ui.star.rating .partial.icon{content:'\f005'}.ui.heart.rating .icon:before{content:'\f004'}.ui.heart.rating .active.icon:before{content:'\f004'}/*!
- * # Semantic UI 2.4.0 - Search
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.search{position:relative}.ui.search>.prompt{margin:0;outline:0;-webkit-appearance:none;-webkit-tap-highlight-color:rgba(255,255,255,0);text-shadow:none;font-style:normal;font-weight:400;line-height:1.21428571em;padding:.67857143em 1em;font-size:1em;background:#fff;border:1px solid rgba(34,36,38,.15);color:rgba(0,0,0,.87);-webkit-box-shadow:0 0 0 0 transparent inset;box-shadow:0 0 0 0 transparent inset;-webkit-transition:background-color .1s ease,color .1s ease,border-color .1s ease,-webkit-box-shadow .1s ease;transition:background-color .1s ease,color .1s ease,border-color .1s ease,-webkit-box-shadow .1s ease;transition:background-color .1s ease,color .1s ease,box-shadow .1s ease,border-color .1s ease;transition:background-color .1s ease,color .1s ease,box-shadow .1s ease,border-color .1s ease,-webkit-box-shadow .1s ease}.ui.search .prompt{border-radius:500rem}.ui.search .prompt~.search.icon{cursor:pointer}.ui.search>.results{display:none;position:absolute;top:100%;left:0;-webkit-transform-origin:center top;transform-origin:center top;white-space:normal;text-align:left;text-transform:none;background:#fff;margin-top:.5em;width:18em;border-radius:.28571429rem;-webkit-box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);box-shadow:0 2px 4px 0 rgba(34,36,38,.12),0 2px 10px 0 rgba(34,36,38,.15);border:1px solid #d4d4d5;z-index:998}.ui.search>.results>:first-child{border-radius:.28571429rem .28571429rem 0 0}.ui.search>.results>:last-child{border-radius:0 0 .28571429rem .28571429rem}.ui.search>.results .result{cursor:pointer;display:block;overflow:hidden;font-size:1em;padding:.85714286em 1.14285714em;color:rgba(0,0,0,.87);line-height:1.33;border-bottom:1px solid rgba(34,36,38,.1)}.ui.search>.results .result:last-child{border-bottom:none!important}.ui.search>.results .result .image{float:right;overflow:hidden;background:0 0;width:5em;height:3em;border-radius:.25em}.ui.search>.results .result .image img{display:block;width:auto;height:100%}.ui.search>.results .result .image+.content{margin:0 6em 0 0}.ui.search>.results .result .title{margin:-.14285714em 0 0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-weight:700;font-size:1em;color:rgba(0,0,0,.85)}.ui.search>.results .result .description{margin-top:0;font-size:.92857143em;color:rgba(0,0,0,.4)}.ui.search>.results .result .price{float:right;color:#21ba45}.ui.search>.results>.message{padding:1em 1em}.ui.search>.results>.message .header{font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:1rem;font-weight:700;color:rgba(0,0,0,.87)}.ui.search>.results>.message .description{margin-top:.25rem;font-size:1em;color:rgba(0,0,0,.87)}.ui.search>.results>.action{display:block;border-top:none;background:#f3f4f5;padding:.92857143em 1em;color:rgba(0,0,0,.87);font-weight:700;text-align:center}.ui.search>.prompt:focus{border-color:rgba(34,36,38,.35);background:#fff;color:rgba(0,0,0,.95)}.ui.loading.search .input>i.icon:before{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;border-radius:500rem;border:.2em solid rgba(0,0,0,.1)}.ui.loading.search .input>i.icon:after{position:absolute;content:'';top:50%;left:50%;margin:-.64285714em 0 0 -.64285714em;width:1.28571429em;height:1.28571429em;-webkit-animation:button-spin .6s linear;animation:button-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 transparent transparent;border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent}.ui.category.search>.results .category .result:hover,.ui.search>.results .result:hover{background:#f9fafb}.ui.search .action:hover{background:#e0e0e0}.ui.category.search>.results .category.active{background:#f3f4f5}.ui.category.search>.results .category.active>.name{color:rgba(0,0,0,.87)}.ui.category.search>.results .category .result.active,.ui.search>.results .result.active{position:relative;border-left-color:rgba(34,36,38,.1);background:#f3f4f5;-webkit-box-shadow:none;box-shadow:none}.ui.search>.results .result.active .title{color:rgba(0,0,0,.85)}.ui.search>.results .result.active .description{color:rgba(0,0,0,.85)}.ui.disabled.search{cursor:default;pointer-events:none;opacity:.45}.ui.search.selection .prompt{border-radius:.28571429rem}.ui.search.selection>.icon.input>.remove.icon{pointer-events:none;position:absolute;left:auto;opacity:0;color:'';top:0;right:0;-webkit-transition:color .1s ease,opacity .1s ease;transition:color .1s ease,opacity .1s ease}.ui.search.selection>.icon.input>.active.remove.icon{cursor:pointer;opacity:.8;pointer-events:auto}.ui.search.selection>.icon.input:not([class*="left icon"])>.icon~.remove.icon{right:1.85714em}.ui.search.selection>.icon.input>.remove.icon:hover{opacity:1;color:#db2828}.ui.category.search .results{width:28em}.ui.category.search .results.animating,.ui.category.search .results.visible{display:table}.ui.category.search>.results .category{display:table-row;background:#f3f4f5;-webkit-box-shadow:none;box-shadow:none;-webkit-transition:background .1s ease,border-color .1s ease;transition:background .1s ease,border-color .1s ease}.ui.category.search>.results .category:last-child{border-bottom:none}.ui.category.search>.results .category:first-child .name+.result{border-radius:0 .28571429rem 0 0}.ui.category.search>.results .category:last-child .result:last-child{border-radius:0 0 .28571429rem 0}.ui.category.search>.results .category>.name{display:table-cell;text-overflow:ellipsis;width:100px;white-space:nowrap;background:0 0;font-family:Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;font-size:1em;padding:.4em 1em;font-weight:700;color:rgba(0,0,0,.4);border-bottom:1px solid rgba(34,36,38,.1)}.ui.category.search>.results .category .results{display:table-cell;background:#fff;border-left:1px solid rgba(34,36,38,.15);border-bottom:1px solid rgba(34,36,38,.1)}.ui.category.search>.results .category .result{border-bottom:1px solid rgba(34,36,38,.1);-webkit-transition:background .1s ease,border-color .1s ease;transition:background .1s ease,border-color .1s ease;padding:.85714286em 1.14285714em}.ui[class*="left aligned"].search>.results{right:auto;left:0}.ui[class*="right aligned"].search>.results{right:0;left:auto}.ui.fluid.search .results{width:100%}.ui.mini.search{font-size:.78571429em}.ui.small.search{font-size:.92857143em}.ui.search{font-size:1em}.ui.large.search{font-size:1.14285714em}.ui.big.search{font-size:1.28571429em}.ui.huge.search{font-size:1.42857143em}.ui.massive.search{font-size:1.71428571em}@media only screen and (max-width:767px){.ui.search .results{max-width:calc(100vw - 2rem)}}/*!
- * # Semantic UI 2.4.0 - Shape
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.shape{position:relative;vertical-align:top;display:inline-block;-webkit-perspective:2000px;perspective:2000px;-webkit-transition:left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out,-webkit-transform .6s ease-in-out;transition:left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out,-webkit-transform .6s ease-in-out;transition:transform .6s ease-in-out,left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out;transition:transform .6s ease-in-out,left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out,-webkit-transform .6s ease-in-out}.ui.shape .sides{-webkit-transform-style:preserve-3d;transform-style:preserve-3d}.ui.shape .side{opacity:1;width:100%;margin:0!important;-webkit-backface-visibility:hidden;backface-visibility:hidden}.ui.shape .side{display:none}.ui.shape .side *{-webkit-backface-visibility:visible!important;backface-visibility:visible!important}.ui.cube.shape .side{min-width:15em;height:15em;padding:2em;background-color:#e6e6e6;color:rgba(0,0,0,.87);-webkit-box-shadow:0 0 2px rgba(0,0,0,.3);box-shadow:0 0 2px rgba(0,0,0,.3)}.ui.cube.shape .side>.content{width:100%;height:100%;display:table;text-align:center;-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text}.ui.cube.shape .side>.content>div{display:table-cell;vertical-align:middle;font-size:2em}.ui.text.shape.animating .sides{position:static}.ui.text.shape .side{white-space:nowrap}.ui.text.shape .side>*{white-space:normal}.ui.loading.shape{position:absolute;top:-9999px;left:-9999px}.ui.shape .animating.side{position:absolute;top:0;left:0;display:block;z-index:100}.ui.shape .hidden.side{opacity:.6}.ui.shape.animating .sides{position:absolute}.ui.shape.animating .sides{-webkit-transition:left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out,-webkit-transform .6s ease-in-out;transition:left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out,-webkit-transform .6s ease-in-out;transition:transform .6s ease-in-out,left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out;transition:transform .6s ease-in-out,left .6s ease-in-out,width .6s ease-in-out,height .6s ease-in-out,-webkit-transform .6s ease-in-out}.ui.shape.animating .side{-webkit-transition:opacity .6s ease-in-out;transition:opacity .6s ease-in-out}.ui.shape .active.side{display:block}/*!
- * # Semantic UI 2.4.0 - Sidebar
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.sidebar{position:fixed;top:0;left:0;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transition:none;transition:none;will-change:transform;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);visibility:hidden;-webkit-overflow-scrolling:touch;height:100%!important;max-height:100%;border-radius:0!important;margin:0!important;overflow-y:auto!important;z-index:102}.ui.sidebar>*{-webkit-backface-visibility:hidden;backface-visibility:hidden}.ui.left.sidebar{right:auto;left:0;-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.ui.right.sidebar{right:0!important;left:auto!important;-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.ui.bottom.sidebar,.ui.top.sidebar{width:100%!important;height:auto!important}.ui.top.sidebar{top:0!important;bottom:auto!important;-webkit-transform:translate3d(0,-100%,0);transform:translate3d(0,-100%,0)}.ui.bottom.sidebar{top:auto!important;bottom:0!important;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}.pushable{height:100%;overflow-x:hidden;padding:0!important}body.pushable{background:#545454!important}.pushable:not(body){-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.pushable:not(body)>.fixed,.pushable:not(body)>.pusher:after,.pushable:not(body)>.ui.sidebar{position:absolute}.pushable>.fixed{position:fixed;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease;will-change:transform;z-index:101}.pushable>.pusher{position:relative;-webkit-backface-visibility:hidden;backface-visibility:hidden;overflow:hidden;min-height:100%;-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease;z-index:2}body.pushable>.pusher{background:#fff}.pushable>.pusher{background:inherit}.pushable>.pusher:after{position:fixed;top:0;right:0;content:'';background-color:rgba(0,0,0,.4);overflow:hidden;opacity:0;-webkit-transition:opacity .5s;transition:opacity .5s;will-change:opacity;z-index:1000}.ui.sidebar.menu .item{border-radius:0!important}.pushable>.pusher.dimmed:after{width:100%!important;height:100%!important;opacity:1!important}.ui.animating.sidebar{visibility:visible}.ui.visible.sidebar{visibility:visible;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.left.visible.sidebar,.ui.right.visible.sidebar{-webkit-box-shadow:0 0 20px rgba(34,36,38,.15);box-shadow:0 0 20px rgba(34,36,38,.15)}.ui.bottom.visible.sidebar,.ui.top.visible.sidebar{-webkit-box-shadow:0 0 20px rgba(34,36,38,.15);box-shadow:0 0 20px rgba(34,36,38,.15)}.ui.visible.left.sidebar~.fixed,.ui.visible.left.sidebar~.pusher{-webkit-transform:translate3d(260px,0,0);transform:translate3d(260px,0,0)}.ui.visible.right.sidebar~.fixed,.ui.visible.right.sidebar~.pusher{-webkit-transform:translate3d(-260px,0,0);transform:translate3d(-260px,0,0)}.ui.visible.top.sidebar~.fixed,.ui.visible.top.sidebar~.pusher{-webkit-transform:translate3d(0,36px,0);transform:translate3d(0,36px,0)}.ui.visible.bottom.sidebar~.fixed,.ui.visible.bottom.sidebar~.pusher{-webkit-transform:translate3d(0,-36px,0);transform:translate3d(0,-36px,0)}.ui.visible.left.sidebar~.ui.visible.right.sidebar~.fixed,.ui.visible.left.sidebar~.ui.visible.right.sidebar~.pusher,.ui.visible.right.sidebar~.ui.visible.left.sidebar~.fixed,.ui.visible.right.sidebar~.ui.visible.left.sidebar~.pusher{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.thin.left.sidebar,.ui.thin.right.sidebar{width:150px}.ui[class*="very thin"].left.sidebar,.ui[class*="very thin"].right.sidebar{width:60px}.ui.left.sidebar,.ui.right.sidebar{width:260px}.ui.wide.left.sidebar,.ui.wide.right.sidebar{width:350px}.ui[class*="very wide"].left.sidebar,.ui[class*="very wide"].right.sidebar{width:475px}.ui.visible.thin.left.sidebar~.fixed,.ui.visible.thin.left.sidebar~.pusher{-webkit-transform:translate3d(150px,0,0);transform:translate3d(150px,0,0)}.ui.visible[class*="very thin"].left.sidebar~.fixed,.ui.visible[class*="very thin"].left.sidebar~.pusher{-webkit-transform:translate3d(60px,0,0);transform:translate3d(60px,0,0)}.ui.visible.wide.left.sidebar~.fixed,.ui.visible.wide.left.sidebar~.pusher{-webkit-transform:translate3d(350px,0,0);transform:translate3d(350px,0,0)}.ui.visible[class*="very wide"].left.sidebar~.fixed,.ui.visible[class*="very wide"].left.sidebar~.pusher{-webkit-transform:translate3d(475px,0,0);transform:translate3d(475px,0,0)}.ui.visible.thin.right.sidebar~.fixed,.ui.visible.thin.right.sidebar~.pusher{-webkit-transform:translate3d(-150px,0,0);transform:translate3d(-150px,0,0)}.ui.visible[class*="very thin"].right.sidebar~.fixed,.ui.visible[class*="very thin"].right.sidebar~.pusher{-webkit-transform:translate3d(-60px,0,0);transform:translate3d(-60px,0,0)}.ui.visible.wide.right.sidebar~.fixed,.ui.visible.wide.right.sidebar~.pusher{-webkit-transform:translate3d(-350px,0,0);transform:translate3d(-350px,0,0)}.ui.visible[class*="very wide"].right.sidebar~.fixed,.ui.visible[class*="very wide"].right.sidebar~.pusher{-webkit-transform:translate3d(-475px,0,0);transform:translate3d(-475px,0,0)}.ui.overlay.sidebar{z-index:102}.ui.left.overlay.sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.ui.right.overlay.sidebar{-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.ui.top.overlay.sidebar{-webkit-transform:translate3d(0,-100%,0);transform:translate3d(0,-100%,0)}.ui.bottom.overlay.sidebar{-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}.animating.ui.overlay.sidebar,.ui.visible.overlay.sidebar{-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease}.ui.visible.left.overlay.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.visible.right.overlay.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.visible.top.overlay.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.visible.bottom.overlay.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.visible.overlay.sidebar~.fixed,.ui.visible.overlay.sidebar~.pusher{-webkit-transform:none!important;transform:none!important}.ui.push.sidebar{-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease;z-index:102}.ui.left.push.sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.ui.right.push.sidebar{-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.ui.top.push.sidebar{-webkit-transform:translate3d(0,-100%,0);transform:translate3d(0,-100%,0)}.ui.bottom.push.sidebar{-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}.ui.visible.push.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.uncover.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);z-index:1}.ui.visible.uncover.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease}.ui.slide.along.sidebar{z-index:1}.ui.left.slide.along.sidebar{-webkit-transform:translate3d(-50%,0,0);transform:translate3d(-50%,0,0)}.ui.right.slide.along.sidebar{-webkit-transform:translate3d(50%,0,0);transform:translate3d(50%,0,0)}.ui.top.slide.along.sidebar{-webkit-transform:translate3d(0,-50%,0);transform:translate3d(0,-50%,0)}.ui.bottom.slide.along.sidebar{-webkit-transform:translate3d(0,50%,0);transform:translate3d(0,50%,0)}.ui.animating.slide.along.sidebar{-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease}.ui.visible.slide.along.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.slide.out.sidebar{z-index:1}.ui.left.slide.out.sidebar{-webkit-transform:translate3d(50%,0,0);transform:translate3d(50%,0,0)}.ui.right.slide.out.sidebar{-webkit-transform:translate3d(-50%,0,0);transform:translate3d(-50%,0,0)}.ui.top.slide.out.sidebar{-webkit-transform:translate3d(0,50%,0);transform:translate3d(0,50%,0)}.ui.bottom.slide.out.sidebar{-webkit-transform:translate3d(0,-50%,0);transform:translate3d(0,-50%,0)}.ui.animating.slide.out.sidebar{-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease}.ui.visible.slide.out.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.scale.down.sidebar{-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease;z-index:102}.ui.left.scale.down.sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.ui.right.scale.down.sidebar{-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.ui.top.scale.down.sidebar{-webkit-transform:translate3d(0,-100%,0);transform:translate3d(0,-100%,0)}.ui.bottom.scale.down.sidebar{-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}.ui.scale.down.left.sidebar~.pusher{-webkit-transform-origin:75% 50%;transform-origin:75% 50%}.ui.scale.down.right.sidebar~.pusher{-webkit-transform-origin:25% 50%;transform-origin:25% 50%}.ui.scale.down.top.sidebar~.pusher{-webkit-transform-origin:50% 75%;transform-origin:50% 75%}.ui.scale.down.bottom.sidebar~.pusher{-webkit-transform-origin:50% 25%;transform-origin:50% 25%}.ui.animating.scale.down>.visible.ui.sidebar{-webkit-transition:-webkit-transform .5s ease;transition:-webkit-transform .5s ease;transition:transform .5s ease;transition:transform .5s ease,-webkit-transform .5s ease}.ui.animating.scale.down.sidebar~.pusher,.ui.visible.scale.down.sidebar~.pusher{display:block!important;width:100%;height:100%;overflow:hidden!important}.ui.visible.scale.down.sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.ui.visible.scale.down.sidebar~.pusher{-webkit-transform:scale(.75);transform:scale(.75)}/*!
- * # Semantic UI 2.4.0 - Sticky
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.sticky{position:static;-webkit-transition:none;transition:none;z-index:800}.ui.sticky.bound{position:absolute;left:auto;right:auto}.ui.sticky.fixed{position:fixed;left:auto;right:auto}.ui.sticky.bound.top,.ui.sticky.fixed.top{top:0;bottom:auto}.ui.sticky.bound.bottom,.ui.sticky.fixed.bottom{top:auto;bottom:0}.ui.native.sticky{position:-webkit-sticky;position:-moz-sticky;position:-ms-sticky;position:-o-sticky;position:sticky}/*!
- * # Semantic UI 2.4.0 - Tab
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.ui.tab{display:none}.ui.tab.active,.ui.tab.open{display:block}.ui.tab.loading{position:relative;overflow:hidden;display:block;min-height:250px}.ui.tab.loading *{position:relative!important;left:-10000px!important}.ui.tab.loading.segment:before,.ui.tab.loading:before{position:absolute;content:'';top:100px;left:50%;margin:-1.25em 0 0 -1.25em;width:2.5em;height:2.5em;border-radius:500rem;border:.2em solid rgba(0,0,0,.1)}.ui.tab.loading.segment:after,.ui.tab.loading:after{position:absolute;content:'';top:100px;left:50%;margin:-1.25em 0 0 -1.25em;width:2.5em;height:2.5em;-webkit-animation:button-spin .6s linear;animation:button-spin .6s linear;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite;border-radius:500rem;border-color:#767676 transparent transparent;border-style:solid;border-width:.2em;-webkit-box-shadow:0 0 0 1px transparent;box-shadow:0 0 0 1px transparent}/*!
- * # Semantic UI 2.4.0 - Transition
- * http://github.com/semantic-org/semantic-ui/
- *
- *
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */.transition{-webkit-animation-iteration-count:1;animation-iteration-count:1;-webkit-animation-duration:.3s;animation-duration:.3s;-webkit-animation-timing-function:ease;animation-timing-function:ease;-webkit-animation-fill-mode:both;animation-fill-mode:both}.animating.transition{-webkit-backface-visibility:hidden;backface-visibility:hidden;visibility:visible!important}.loading.transition{position:absolute;top:-99999px;left:-99999px}.hidden.transition{display:none;visibility:hidden}.visible.transition{display:block!important;visibility:visible!important}.disabled.transition{-webkit-animation-play-state:paused;animation-play-state:paused}.looping.transition{-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}.transition.browse{-webkit-animation-duration:.5s;animation-duration:.5s}.transition.browse.in{-webkit-animation-name:browseIn;animation-name:browseIn}.transition.browse.left.out,.transition.browse.out{-webkit-animation-name:browseOutLeft;animation-name:browseOutLeft}.transition.browse.right.out{-webkit-animation-name:browseOutRight;animation-name:browseOutRight}@-webkit-keyframes browseIn{0%{-webkit-transform:scale(.8) translateZ(0);transform:scale(.8) translateZ(0);z-index:-1}10%{-webkit-transform:scale(.8) translateZ(0);transform:scale(.8) translateZ(0);z-index:-1;opacity:.7}80%{-webkit-transform:scale(1.05) translateZ(0);transform:scale(1.05) translateZ(0);opacity:1;z-index:999}100%{-webkit-transform:scale(1) translateZ(0);transform:scale(1) translateZ(0);z-index:999}}@keyframes browseIn{0%{-webkit-transform:scale(.8) translateZ(0);transform:scale(.8) translateZ(0);z-index:-1}10%{-webkit-transform:scale(.8) translateZ(0);transform:scale(.8) translateZ(0);z-index:-1;opacity:.7}80%{-webkit-transform:scale(1.05) translateZ(0);transform:scale(1.05) translateZ(0);opacity:1;z-index:999}100%{-webkit-transform:scale(1) translateZ(0);transform:scale(1) translateZ(0);z-index:999}}@-webkit-keyframes browseOutLeft{0%{z-index:999;-webkit-transform:translateX(0) rotateY(0) rotateX(0);transform:translateX(0) rotateY(0) rotateX(0)}50%{z-index:-1;-webkit-transform:translateX(-105%) rotateY(35deg) rotateX(10deg) translateZ(-10px);transform:translateX(-105%) rotateY(35deg) rotateX(10deg) translateZ(-10px)}80%{opacity:1}100%{z-index:-1;-webkit-transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);opacity:0}}@keyframes browseOutLeft{0%{z-index:999;-webkit-transform:translateX(0) rotateY(0) rotateX(0);transform:translateX(0) rotateY(0) rotateX(0)}50%{z-index:-1;-webkit-transform:translateX(-105%) rotateY(35deg) rotateX(10deg) translateZ(-10px);transform:translateX(-105%) rotateY(35deg) rotateX(10deg) translateZ(-10px)}80%{opacity:1}100%{z-index:-1;-webkit-transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);opacity:0}}@-webkit-keyframes browseOutRight{0%{z-index:999;-webkit-transform:translateX(0) rotateY(0) rotateX(0);transform:translateX(0) rotateY(0) rotateX(0)}50%{z-index:1;-webkit-transform:translateX(105%) rotateY(35deg) rotateX(10deg) translateZ(-10px);transform:translateX(105%) rotateY(35deg) rotateX(10deg) translateZ(-10px)}80%{opacity:1}100%{z-index:1;-webkit-transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);opacity:0}}@keyframes browseOutRight{0%{z-index:999;-webkit-transform:translateX(0) rotateY(0) rotateX(0);transform:translateX(0) rotateY(0) rotateX(0)}50%{z-index:1;-webkit-transform:translateX(105%) rotateY(35deg) rotateX(10deg) translateZ(-10px);transform:translateX(105%) rotateY(35deg) rotateX(10deg) translateZ(-10px)}80%{opacity:1}100%{z-index:1;-webkit-transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);transform:translateX(0) rotateY(0) rotateX(0) translateZ(-10px);opacity:0}}.drop.transition{-webkit-transform-origin:top center;transform-origin:top center;-webkit-animation-duration:.4s;animation-duration:.4s;-webkit-animation-timing-function:cubic-bezier(.34,1.61,.7,1);animation-timing-function:cubic-bezier(.34,1.61,.7,1)}.drop.transition.in{-webkit-animation-name:dropIn;animation-name:dropIn}.drop.transition.out{-webkit-animation-name:dropOut;animation-name:dropOut}@-webkit-keyframes dropIn{0%{opacity:0;-webkit-transform:scale(0);transform:scale(0)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes dropIn{0%{opacity:0;-webkit-transform:scale(0);transform:scale(0)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes dropOut{0%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}100%{opacity:0;-webkit-transform:scale(0);transform:scale(0)}}@keyframes dropOut{0%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}100%{opacity:0;-webkit-transform:scale(0);transform:scale(0)}}.transition.fade.in{-webkit-animation-name:fadeIn;animation-name:fadeIn}.transition[class*="fade up"].in{-webkit-animation-name:fadeInUp;animation-name:fadeInUp}.transition[class*="fade down"].in{-webkit-animation-name:fadeInDown;animation-name:fadeInDown}.transition[class*="fade left"].in{-webkit-animation-name:fadeInLeft;animation-name:fadeInLeft}.transition[class*="fade right"].in{-webkit-animation-name:fadeInRight;animation-name:fadeInRight}.transition.fade.out{-webkit-animation-name:fadeOut;animation-name:fadeOut}.transition[class*="fade up"].out{-webkit-animation-name:fadeOutUp;animation-name:fadeOutUp}.transition[class*="fade down"].out{-webkit-animation-name:fadeOutDown;animation-name:fadeOutDown}.transition[class*="fade left"].out{-webkit-animation-name:fadeOutLeft;animation-name:fadeOutLeft}.transition[class*="fade right"].out{-webkit-animation-name:fadeOutRight;animation-name:fadeOutRight}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translateY(10%);transform:translateY(10%)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translateY(10%);transform:translateY(10%)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes fadeInDown{0%{opacity:0;-webkit-transform:translateY(-10%);transform:translateY(-10%)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInDown{0%{opacity:0;-webkit-transform:translateY(-10%);transform:translateY(-10%)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes fadeInLeft{0%{opacity:0;-webkit-transform:translateX(10%);transform:translateX(10%)}100%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}}@keyframes fadeInLeft{0%{opacity:0;-webkit-transform:translateX(10%);transform:translateX(10%)}100%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}}@-webkit-keyframes fadeInRight{0%{opacity:0;-webkit-transform:translateX(-10%);transform:translateX(-10%)}100%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}}@keyframes fadeInRight{0%{opacity:0;-webkit-transform:translateX(-10%);transform:translateX(-10%)}100%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}}@-webkit-keyframes fadeOut{0%{opacity:1}100%{opacity:0}}@keyframes fadeOut{0%{opacity:1}100%{opacity:0}}@-webkit-keyframes fadeOutUp{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}100%{opacity:0;-webkit-transform:translateY(5%);transform:translateY(5%)}}@keyframes fadeOutUp{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}100%{opacity:0;-webkit-transform:translateY(5%);transform:translateY(5%)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}100%{opacity:0;-webkit-transform:translateY(-5%);transform:translateY(-5%)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}100%{opacity:0;-webkit-transform:translateY(-5%);transform:translateY(-5%)}}@-webkit-keyframes fadeOutLeft{0%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}100%{opacity:0;-webkit-transform:translateX(5%);transform:translateX(5%)}}@keyframes fadeOutLeft{0%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}100%{opacity:0;-webkit-transform:translateX(5%);transform:translateX(5%)}}@-webkit-keyframes fadeOutRight{0%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}100%{opacity:0;-webkit-transform:translateX(-5%);transform:translateX(-5%)}}@keyframes fadeOutRight{0%{opacity:1;-webkit-transform:translateX(0);transform:translateX(0)}100%{opacity:0;-webkit-transform:translateX(-5%);transform:translateX(-5%)}}.flip.transition.in,.flip.transition.out{-webkit-animation-duration:.6s;animation-duration:.6s}.horizontal.flip.transition.in{-webkit-animation-name:horizontalFlipIn;animation-name:horizontalFlipIn}.horizontal.flip.transition.out{-webkit-animation-name:horizontalFlipOut;animation-name:horizontalFlipOut}.vertical.flip.transition.in{-webkit-animation-name:verticalFlipIn;animation-name:verticalFlipIn}.vertical.flip.transition.out{-webkit-animation-name:verticalFlipOut;animation-name:verticalFlipOut}@-webkit-keyframes horizontalFlipIn{0%{-webkit-transform:perspective(2000px) rotateY(-90deg);transform:perspective(2000px) rotateY(-90deg);opacity:0}100%{-webkit-transform:perspective(2000px) rotateY(0);transform:perspective(2000px) rotateY(0);opacity:1}}@keyframes horizontalFlipIn{0%{-webkit-transform:perspective(2000px) rotateY(-90deg);transform:perspective(2000px) rotateY(-90deg);opacity:0}100%{-webkit-transform:perspective(2000px) rotateY(0);transform:perspective(2000px) rotateY(0);opacity:1}}@-webkit-keyframes verticalFlipIn{0%{-webkit-transform:perspective(2000px) rotateX(-90deg);transform:perspective(2000px) rotateX(-90deg);opacity:0}100%{-webkit-transform:perspective(2000px) rotateX(0);transform:perspective(2000px) rotateX(0);opacity:1}}@keyframes verticalFlipIn{0%{-webkit-transform:perspective(2000px) rotateX(-90deg);transform:perspective(2000px) rotateX(-90deg);opacity:0}100%{-webkit-transform:perspective(2000px) rotateX(0);transform:perspective(2000px) rotateX(0);opacity:1}}@-webkit-keyframes horizontalFlipOut{0%{-webkit-transform:perspective(2000px) rotateY(0);transform:perspective(2000px) rotateY(0);opacity:1}100%{-webkit-transform:perspective(2000px) rotateY(90deg);transform:perspective(2000px) rotateY(90deg);opacity:0}}@keyframes horizontalFlipOut{0%{-webkit-transform:perspective(2000px) rotateY(0);transform:perspective(2000px) rotateY(0);opacity:1}100%{-webkit-transform:perspective(2000px) rotateY(90deg);transform:perspective(2000px) rotateY(90deg);opacity:0}}@-webkit-keyframes verticalFlipOut{0%{-webkit-transform:perspective(2000px) rotateX(0);transform:perspective(2000px) rotateX(0);opacity:1}100%{-webkit-transform:perspective(2000px) rotateX(-90deg);transform:perspective(2000px) rotateX(-90deg);opacity:0}}@keyframes verticalFlipOut{0%{-webkit-transform:perspective(2000px) rotateX(0);transform:perspective(2000px) rotateX(0);opacity:1}100%{-webkit-transform:perspective(2000px) rotateX(-90deg);transform:perspective(2000px) rotateX(-90deg);opacity:0}}.scale.transition.in{-webkit-animation-name:scaleIn;animation-name:scaleIn}.scale.transition.out{-webkit-animation-name:scaleOut;animation-name:scaleOut}@-webkit-keyframes scaleIn{0%{opacity:0;-webkit-transform:scale(.8);transform:scale(.8)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleIn{0%{opacity:0;-webkit-transform:scale(.8);transform:scale(.8)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes scaleOut{0%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}100%{opacity:0;-webkit-transform:scale(.9);transform:scale(.9)}}@keyframes scaleOut{0%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}100%{opacity:0;-webkit-transform:scale(.9);transform:scale(.9)}}.transition.fly{-webkit-animation-duration:.6s;animation-duration:.6s;-webkit-transition-timing-function:cubic-bezier(.215,.61,.355,1);transition-timing-function:cubic-bezier(.215,.61,.355,1)}.transition.fly.in{-webkit-animation-name:flyIn;animation-name:flyIn}.transition[class*="fly up"].in{-webkit-animation-name:flyInUp;animation-name:flyInUp}.transition[class*="fly down"].in{-webkit-animation-name:flyInDown;animation-name:flyInDown}.transition[class*="fly left"].in{-webkit-animation-name:flyInLeft;animation-name:flyInLeft}.transition[class*="fly right"].in{-webkit-animation-name:flyInRight;animation-name:flyInRight}.transition.fly.out{-webkit-animation-name:flyOut;animation-name:flyOut}.transition[class*="fly up"].out{-webkit-animation-name:flyOutUp;animation-name:flyOutUp}.transition[class*="fly down"].out{-webkit-animation-name:flyOutDown;animation-name:flyOutDown}.transition[class*="fly left"].out{-webkit-animation-name:flyOutLeft;animation-name:flyOutLeft}.transition[class*="fly right"].out{-webkit-animation-name:flyOutRight;animation-name:flyOutRight}@-webkit-keyframes flyIn{0%{opacity:0;-webkit-transform:scale3d(.3,.3,.3);transform:scale3d(.3,.3,.3)}20%{-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}40%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}60%{opacity:1;-webkit-transform:scale3d(1.03,1.03,1.03);transform:scale3d(1.03,1.03,1.03)}80%{-webkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}100%{opacity:1;-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@keyframes flyIn{0%{opacity:0;-webkit-transform:scale3d(.3,.3,.3);transform:scale3d(.3,.3,.3)}20%{-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}40%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}60%{opacity:1;-webkit-transform:scale3d(1.03,1.03,1.03);transform:scale3d(1.03,1.03,1.03)}80%{-webkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}100%{opacity:1;-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@-webkit-keyframes flyInUp{0%{opacity:0;-webkit-transform:translate3d(0,1500px,0);transform:translate3d(0,1500px,0)}60%{opacity:1;-webkit-transform:translate3d(0,-20px,0);transform:translate3d(0,-20px,0)}75%{-webkit-transform:translate3d(0,10px,0);transform:translate3d(0,10px,0)}90%{-webkit-transform:translate3d(0,-5px,0);transform:translate3d(0,-5px,0)}100%{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}@keyframes flyInUp{0%{opacity:0;-webkit-transform:translate3d(0,1500px,0);transform:translate3d(0,1500px,0)}60%{opacity:1;-webkit-transform:translate3d(0,-20px,0);transform:translate3d(0,-20px,0)}75%{-webkit-transform:translate3d(0,10px,0);transform:translate3d(0,10px,0)}90%{-webkit-transform:translate3d(0,-5px,0);transform:translate3d(0,-5px,0)}100%{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}@-webkit-keyframes flyInDown{0%{opacity:0;-webkit-transform:translate3d(0,-1500px,0);transform:translate3d(0,-1500px,0)}60%{opacity:1;-webkit-transform:translate3d(0,25px,0);transform:translate3d(0,25px,0)}75%{-webkit-transform:translate3d(0,-10px,0);transform:translate3d(0,-10px,0)}90%{-webkit-transform:translate3d(0,5px,0);transform:translate3d(0,5px,0)}100%{-webkit-transform:none;transform:none}}@keyframes flyInDown{0%{opacity:0;-webkit-transform:translate3d(0,-1500px,0);transform:translate3d(0,-1500px,0)}60%{opacity:1;-webkit-transform:translate3d(0,25px,0);transform:translate3d(0,25px,0)}75%{-webkit-transform:translate3d(0,-10px,0);transform:translate3d(0,-10px,0)}90%{-webkit-transform:translate3d(0,5px,0);transform:translate3d(0,5px,0)}100%{-webkit-transform:none;transform:none}}@-webkit-keyframes flyInLeft{0%{opacity:0;-webkit-transform:translate3d(1500px,0,0);transform:translate3d(1500px,0,0)}60%{opacity:1;-webkit-transform:translate3d(-25px,0,0);transform:translate3d(-25px,0,0)}75%{-webkit-transform:translate3d(10px,0,0);transform:translate3d(10px,0,0)}90%{-webkit-transform:translate3d(-5px,0,0);transform:translate3d(-5px,0,0)}100%{-webkit-transform:none;transform:none}}@keyframes flyInLeft{0%{opacity:0;-webkit-transform:translate3d(1500px,0,0);transform:translate3d(1500px,0,0)}60%{opacity:1;-webkit-transform:translate3d(-25px,0,0);transform:translate3d(-25px,0,0)}75%{-webkit-transform:translate3d(10px,0,0);transform:translate3d(10px,0,0)}90%{-webkit-transform:translate3d(-5px,0,0);transform:translate3d(-5px,0,0)}100%{-webkit-transform:none;transform:none}}@-webkit-keyframes flyInRight{0%{opacity:0;-webkit-transform:translate3d(-1500px,0,0);transform:translate3d(-1500px,0,0)}60%{opacity:1;-webkit-transform:translate3d(25px,0,0);transform:translate3d(25px,0,0)}75%{-webkit-transform:translate3d(-10px,0,0);transform:translate3d(-10px,0,0)}90%{-webkit-transform:translate3d(5px,0,0);transform:translate3d(5px,0,0)}100%{-webkit-transform:none;transform:none}}@keyframes flyInRight{0%{opacity:0;-webkit-transform:translate3d(-1500px,0,0);transform:translate3d(-1500px,0,0)}60%{opacity:1;-webkit-transform:translate3d(25px,0,0);transform:translate3d(25px,0,0)}75%{-webkit-transform:translate3d(-10px,0,0);transform:translate3d(-10px,0,0)}90%{-webkit-transform:translate3d(5px,0,0);transform:translate3d(5px,0,0)}100%{-webkit-transform:none;transform:none}}@-webkit-keyframes flyOut{20%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}50%,55%{opacity:1;-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}100%{opacity:0;-webkit-transform:scale3d(.3,.3,.3);transform:scale3d(.3,.3,.3)}}@keyframes flyOut{20%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}50%,55%{opacity:1;-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}100%{opacity:0;-webkit-transform:scale3d(.3,.3,.3);transform:scale3d(.3,.3,.3)}}@-webkit-keyframes flyOutUp{20%{-webkit-transform:translate3d(0,10px,0);transform:translate3d(0,10px,0)}40%,45%{opacity:1;-webkit-transform:translate3d(0,-20px,0);transform:translate3d(0,-20px,0)}100%{opacity:0;-webkit-transform:translate3d(0,2000px,0);transform:translate3d(0,2000px,0)}}@keyframes flyOutUp{20%{-webkit-transform:translate3d(0,10px,0);transform:translate3d(0,10px,0)}40%,45%{opacity:1;-webkit-transform:translate3d(0,-20px,0);transform:translate3d(0,-20px,0)}100%{opacity:0;-webkit-transform:translate3d(0,2000px,0);transform:translate3d(0,2000px,0)}}@-webkit-keyframes flyOutDown{20%{-webkit-transform:translate3d(0,-10px,0);transform:translate3d(0,-10px,0)}40%,45%{opacity:1;-webkit-transform:translate3d(0,20px,0);transform:translate3d(0,20px,0)}100%{opacity:0;-webkit-transform:translate3d(0,-2000px,0);transform:translate3d(0,-2000px,0)}}@keyframes flyOutDown{20%{-webkit-transform:translate3d(0,-10px,0);transform:translate3d(0,-10px,0)}40%,45%{opacity:1;-webkit-transform:translate3d(0,20px,0);transform:translate3d(0,20px,0)}100%{opacity:0;-webkit-transform:translate3d(0,-2000px,0);transform:translate3d(0,-2000px,0)}}@-webkit-keyframes flyOutRight{20%{opacity:1;-webkit-transform:translate3d(20px,0,0);transform:translate3d(20px,0,0)}100%{opacity:0;-webkit-transform:translate3d(-2000px,0,0);transform:translate3d(-2000px,0,0)}}@keyframes flyOutRight{20%{opacity:1;-webkit-transform:translate3d(20px,0,0);transform:translate3d(20px,0,0)}100%{opacity:0;-webkit-transform:translate3d(-2000px,0,0);transform:translate3d(-2000px,0,0)}}@-webkit-keyframes flyOutLeft{20%{opacity:1;-webkit-transform:translate3d(-20px,0,0);transform:translate3d(-20px,0,0)}100%{opacity:0;-webkit-transform:translate3d(2000px,0,0);transform:translate3d(2000px,0,0)}}@keyframes flyOutLeft{20%{opacity:1;-webkit-transform:translate3d(-20px,0,0);transform:translate3d(-20px,0,0)}100%{opacity:0;-webkit-transform:translate3d(2000px,0,0);transform:translate3d(2000px,0,0)}}.transition.slide.in,.transition[class*="slide down"].in{-webkit-animation-name:slideInY;animation-name:slideInY;-webkit-transform-origin:top center;transform-origin:top center}.transition[class*="slide up"].in{-webkit-animation-name:slideInY;animation-name:slideInY;-webkit-transform-origin:bottom center;transform-origin:bottom center}.transition[class*="slide left"].in{-webkit-animation-name:slideInX;animation-name:slideInX;-webkit-transform-origin:center right;transform-origin:center right}.transition[class*="slide right"].in{-webkit-animation-name:slideInX;animation-name:slideInX;-webkit-transform-origin:center left;transform-origin:center left}.transition.slide.out,.transition[class*="slide down"].out{-webkit-animation-name:slideOutY;animation-name:slideOutY;-webkit-transform-origin:top center;transform-origin:top center}.transition[class*="slide up"].out{-webkit-animation-name:slideOutY;animation-name:slideOutY;-webkit-transform-origin:bottom center;transform-origin:bottom center}.transition[class*="slide left"].out{-webkit-animation-name:slideOutX;animation-name:slideOutX;-webkit-transform-origin:center right;transform-origin:center right}.transition[class*="slide right"].out{-webkit-animation-name:slideOutX;animation-name:slideOutX;-webkit-transform-origin:center left;transform-origin:center left}@-webkit-keyframes slideInY{0%{opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}100%{opacity:1;-webkit-transform:scaleY(1);transform:scaleY(1)}}@keyframes slideInY{0%{opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}100%{opacity:1;-webkit-transform:scaleY(1);transform:scaleY(1)}}@-webkit-keyframes slideInX{0%{opacity:0;-webkit-transform:scaleX(0);transform:scaleX(0)}100%{opacity:1;-webkit-transform:scaleX(1);transform:scaleX(1)}}@keyframes slideInX{0%{opacity:0;-webkit-transform:scaleX(0);transform:scaleX(0)}100%{opacity:1;-webkit-transform:scaleX(1);transform:scaleX(1)}}@-webkit-keyframes slideOutY{0%{opacity:1;-webkit-transform:scaleY(1);transform:scaleY(1)}100%{opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes slideOutY{0%{opacity:1;-webkit-transform:scaleY(1);transform:scaleY(1)}100%{opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@-webkit-keyframes slideOutX{0%{opacity:1;-webkit-transform:scaleX(1);transform:scaleX(1)}100%{opacity:0;-webkit-transform:scaleX(0);transform:scaleX(0)}}@keyframes slideOutX{0%{opacity:1;-webkit-transform:scaleX(1);transform:scaleX(1)}100%{opacity:0;-webkit-transform:scaleX(0);transform:scaleX(0)}}.transition.swing{-webkit-animation-duration:.8s;animation-duration:.8s}.transition[class*="swing down"].in{-webkit-animation-name:swingInX;animation-name:swingInX;-webkit-transform-origin:top center;transform-origin:top center}.transition[class*="swing up"].in{-webkit-animation-name:swingInX;animation-name:swingInX;-webkit-transform-origin:bottom center;transform-origin:bottom center}.transition[class*="swing left"].in{-webkit-animation-name:swingInY;animation-name:swingInY;-webkit-transform-origin:center right;transform-origin:center right}.transition[class*="swing right"].in{-webkit-animation-name:swingInY;animation-name:swingInY;-webkit-transform-origin:center left;transform-origin:center left}.transition.swing.out,.transition[class*="swing down"].out{-webkit-animation-name:swingOutX;animation-name:swingOutX;-webkit-transform-origin:top center;transform-origin:top center}.transition[class*="swing up"].out{-webkit-animation-name:swingOutX;animation-name:swingOutX;-webkit-transform-origin:bottom center;transform-origin:bottom center}.transition[class*="swing left"].out{-webkit-animation-name:swingOutY;animation-name:swingOutY;-webkit-transform-origin:center right;transform-origin:center right}.transition[class*="swing right"].out{-webkit-animation-name:swingOutY;animation-name:swingOutY;-webkit-transform-origin:center left;transform-origin:center left}@-webkit-keyframes swingInX{0%{-webkit-transform:perspective(1000px) rotateX(90deg);transform:perspective(1000px) rotateX(90deg);opacity:0}40%{-webkit-transform:perspective(1000px) rotateX(-30deg);transform:perspective(1000px) rotateX(-30deg);opacity:1}60%{-webkit-transform:perspective(1000px) rotateX(15deg);transform:perspective(1000px) rotateX(15deg)}80%{-webkit-transform:perspective(1000px) rotateX(-7.5deg);transform:perspective(1000px) rotateX(-7.5deg)}100%{-webkit-transform:perspective(1000px) rotateX(0);transform:perspective(1000px) rotateX(0)}}@keyframes swingInX{0%{-webkit-transform:perspective(1000px) rotateX(90deg);transform:perspective(1000px) rotateX(90deg);opacity:0}40%{-webkit-transform:perspective(1000px) rotateX(-30deg);transform:perspective(1000px) rotateX(-30deg);opacity:1}60%{-webkit-transform:perspective(1000px) rotateX(15deg);transform:perspective(1000px) rotateX(15deg)}80%{-webkit-transform:perspective(1000px) rotateX(-7.5deg);transform:perspective(1000px) rotateX(-7.5deg)}100%{-webkit-transform:perspective(1000px) rotateX(0);transform:perspective(1000px) rotateX(0)}}@-webkit-keyframes swingInY{0%{-webkit-transform:perspective(1000px) rotateY(-90deg);transform:perspective(1000px) rotateY(-90deg);opacity:0}40%{-webkit-transform:perspective(1000px) rotateY(30deg);transform:perspective(1000px) rotateY(30deg);opacity:1}60%{-webkit-transform:perspective(1000px) rotateY(-17.5deg);transform:perspective(1000px) rotateY(-17.5deg)}80%{-webkit-transform:perspective(1000px) rotateY(7.5deg);transform:perspective(1000px) rotateY(7.5deg)}100%{-webkit-transform:perspective(1000px) rotateY(0);transform:perspective(1000px) rotateY(0)}}@keyframes swingInY{0%{-webkit-transform:perspective(1000px) rotateY(-90deg);transform:perspective(1000px) rotateY(-90deg);opacity:0}40%{-webkit-transform:perspective(1000px) rotateY(30deg);transform:perspective(1000px) rotateY(30deg);opacity:1}60%{-webkit-transform:perspective(1000px) rotateY(-17.5deg);transform:perspective(1000px) rotateY(-17.5deg)}80%{-webkit-transform:perspective(1000px) rotateY(7.5deg);transform:perspective(1000px) rotateY(7.5deg)}100%{-webkit-transform:perspective(1000px) rotateY(0);transform:perspective(1000px) rotateY(0)}}@-webkit-keyframes swingOutX{0%{-webkit-transform:perspective(1000px) rotateX(0);transform:perspective(1000px) rotateX(0)}40%{-webkit-transform:perspective(1000px) rotateX(-7.5deg);transform:perspective(1000px) rotateX(-7.5deg)}60%{-webkit-transform:perspective(1000px) rotateX(17.5deg);transform:perspective(1000px) rotateX(17.5deg)}80%{-webkit-transform:perspective(1000px) rotateX(-30deg);transform:perspective(1000px) rotateX(-30deg);opacity:1}100%{-webkit-transform:perspective(1000px) rotateX(90deg);transform:perspective(1000px) rotateX(90deg);opacity:0}}@keyframes swingOutX{0%{-webkit-transform:perspective(1000px) rotateX(0);transform:perspective(1000px) rotateX(0)}40%{-webkit-transform:perspective(1000px) rotateX(-7.5deg);transform:perspective(1000px) rotateX(-7.5deg)}60%{-webkit-transform:perspective(1000px) rotateX(17.5deg);transform:perspective(1000px) rotateX(17.5deg)}80%{-webkit-transform:perspective(1000px) rotateX(-30deg);transform:perspective(1000px) rotateX(-30deg);opacity:1}100%{-webkit-transform:perspective(1000px) rotateX(90deg);transform:perspective(1000px) rotateX(90deg);opacity:0}}@-webkit-keyframes swingOutY{0%{-webkit-transform:perspective(1000px) rotateY(0);transform:perspective(1000px) rotateY(0)}40%{-webkit-transform:perspective(1000px) rotateY(7.5deg);transform:perspective(1000px) rotateY(7.5deg)}60%{-webkit-transform:perspective(1000px) rotateY(-10deg);transform:perspective(1000px) rotateY(-10deg)}80%{-webkit-transform:perspective(1000px) rotateY(30deg);transform:perspective(1000px) rotateY(30deg);opacity:1}100%{-webkit-transform:perspective(1000px) rotateY(-90deg);transform:perspective(1000px) rotateY(-90deg);opacity:0}}@keyframes swingOutY{0%{-webkit-transform:perspective(1000px) rotateY(0);transform:perspective(1000px) rotateY(0)}40%{-webkit-transform:perspective(1000px) rotateY(7.5deg);transform:perspective(1000px) rotateY(7.5deg)}60%{-webkit-transform:perspective(1000px) rotateY(-10deg);transform:perspective(1000px) rotateY(-10deg)}80%{-webkit-transform:perspective(1000px) rotateY(30deg);transform:perspective(1000px) rotateY(30deg);opacity:1}100%{-webkit-transform:perspective(1000px) rotateY(-90deg);transform:perspective(1000px) rotateY(-90deg);opacity:0}}.transition.zoom.in{-webkit-animation-name:zoomIn;animation-name:zoomIn}.transition.zoom.out{-webkit-animation-name:zoomOut;animation-name:zoomOut}@-webkit-keyframes zoomIn{0%{opacity:1;-webkit-transform:scale(0);transform:scale(0)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes zoomIn{0%{opacity:1;-webkit-transform:scale(0);transform:scale(0)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomOut{0%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}100%{opacity:1;-webkit-transform:scale(0);transform:scale(0)}}@keyframes zoomOut{0%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}100%{opacity:1;-webkit-transform:scale(0);transform:scale(0)}}.flash.transition{-webkit-animation-duration:750ms;animation-duration:750ms;-webkit-animation-name:flash;animation-name:flash}.shake.transition{-webkit-animation-duration:750ms;animation-duration:750ms;-webkit-animation-name:shake;animation-name:shake}.bounce.transition{-webkit-animation-duration:750ms;animation-duration:750ms;-webkit-animation-name:bounce;animation-name:bounce}.tada.transition{-webkit-animation-duration:750ms;animation-duration:750ms;-webkit-animation-name:tada;animation-name:tada}.pulse.transition{-webkit-animation-duration:.5s;animation-duration:.5s;-webkit-animation-name:pulse;animation-name:pulse}.jiggle.transition{-webkit-animation-duration:750ms;animation-duration:750ms;-webkit-animation-name:jiggle;animation-name:jiggle}.transition.glow{-webkit-animation-duration:2s;animation-duration:2s;-webkit-animation-timing-function:cubic-bezier(.19,1,.22,1);animation-timing-function:cubic-bezier(.19,1,.22,1)}.transition.glow{-webkit-animation-name:glow;animation-name:glow}@-webkit-keyframes flash{0%,100%,50%{opacity:1}25%,75%{opacity:0}}@keyframes flash{0%,100%,50%{opacity:1}25%,75%{opacity:0}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes bounce{0%,100%,20%,50%,80%{-webkit-transform:translateY(0);transform:translateY(0)}40%{-webkit-transform:translateY(-30px);transform:translateY(-30px)}60%{-webkit-transform:translateY(-15px);transform:translateY(-15px)}}@keyframes bounce{0%,100%,20%,50%,80%{-webkit-transform:translateY(0);transform:translateY(0)}40%{-webkit-transform:translateY(-30px);transform:translateY(-30px)}60%{-webkit-transform:translateY(-15px);transform:translateY(-15px)}}@-webkit-keyframes tada{0%{-webkit-transform:scale(1);transform:scale(1)}10%,20%{-webkit-transform:scale(.9) rotate(-3deg);transform:scale(.9) rotate(-3deg)}30%,50%,70%,90%{-webkit-transform:scale(1.1) rotate(3deg);transform:scale(1.1) rotate(3deg)}40%,60%,80%{-webkit-transform:scale(1.1) rotate(-3deg);transform:scale(1.1) rotate(-3deg)}100%{-webkit-transform:scale(1) rotate(0);transform:scale(1) rotate(0)}}@keyframes tada{0%{-webkit-transform:scale(1);transform:scale(1)}10%,20%{-webkit-transform:scale(.9) rotate(-3deg);transform:scale(.9) rotate(-3deg)}30%,50%,70%,90%{-webkit-transform:scale(1.1) rotate(3deg);transform:scale(1.1) rotate(3deg)}40%,60%,80%{-webkit-transform:scale(1.1) rotate(-3deg);transform:scale(1.1) rotate(-3deg)}100%{-webkit-transform:scale(1) rotate(0);transform:scale(1) rotate(0)}}@-webkit-keyframes pulse{0%{-webkit-transform:scale(1);transform:scale(1);opacity:1}50%{-webkit-transform:scale(.9);transform:scale(.9);opacity:.7}100%{-webkit-transform:scale(1);transform:scale(1);opacity:1}}@keyframes pulse{0%{-webkit-transform:scale(1);transform:scale(1);opacity:1}50%{-webkit-transform:scale(.9);transform:scale(.9);opacity:.7}100%{-webkit-transform:scale(1);transform:scale(1);opacity:1}}@-webkit-keyframes jiggle{0%{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}30%{-webkit-transform:scale3d(1.25,.75,1);transform:scale3d(1.25,.75,1)}40%{-webkit-transform:scale3d(.75,1.25,1);transform:scale3d(.75,1.25,1)}50%{-webkit-transform:scale3d(1.15,.85,1);transform:scale3d(1.15,.85,1)}65%{-webkit-transform:scale3d(.95,1.05,1);transform:scale3d(.95,1.05,1)}75%{-webkit-transform:scale3d(1.05,.95,1);transform:scale3d(1.05,.95,1)}100%{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@keyframes jiggle{0%{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}30%{-webkit-transform:scale3d(1.25,.75,1);transform:scale3d(1.25,.75,1)}40%{-webkit-transform:scale3d(.75,1.25,1);transform:scale3d(.75,1.25,1)}50%{-webkit-transform:scale3d(1.15,.85,1);transform:scale3d(1.15,.85,1)}65%{-webkit-transform:scale3d(.95,1.05,1);transform:scale3d(.95,1.05,1)}75%{-webkit-transform:scale3d(1.05,.95,1);transform:scale3d(1.05,.95,1)}100%{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@-webkit-keyframes glow{0%{background-color:#fcfcfd}30%{background-color:#fff6cd}100%{background-color:#fcfcfd}}@keyframes glow{0%{background-color:#fcfcfd}30%{background-color:#fff6cd}100%{background-color:#fcfcfd}}
\ No newline at end of file
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.js b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.js
deleted file mode 100644
index b574823be..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/semantic.min.js
+++ /dev/null
@@ -1,11 +0,0 @@
- /*
- * # Semantic UI - 2.4.1
- * https://github.com/Semantic-Org/Semantic-UI
- * http://www.semantic-ui.com/
- *
- * Copyright 2014 Contributors
- * Released under the MIT license
- * http://opensource.org/licenses/MIT
- *
- */
-!function(p,h,v,b){p.site=p.fn.site=function(e){var s,l,i=(new Date).getTime(),o=[],t=e,n="string"==typeof t,c=[].slice.call(arguments,1),u=p.isPlainObject(e)?p.extend(!0,{},p.site.settings,e):p.extend({},p.site.settings),a=u.namespace,d=u.error,r="module-"+a,f=p(v),m=this,g=f.data(r);return s={initialize:function(){s.instantiate()},instantiate:function(){s.verbose("Storing instance of site",s),g=s,f.data(r,s)},normalize:function(){s.fix.console(),s.fix.requestAnimationFrame()},fix:{console:function(){s.debug("Normalizing window.console"),console!==b&&console.log!==b||(s.verbose("Console not available, normalizing events"),s.disable.console()),void 0!==console.group&&void 0!==console.groupEnd&&void 0!==console.groupCollapsed||(s.verbose("Console group not available, normalizing events"),h.console.group=function(){},h.console.groupEnd=function(){},h.console.groupCollapsed=function(){}),void 0===console.markTimeline&&(s.verbose("Mark timeline not available, normalizing events"),h.console.markTimeline=function(){})},consoleClear:function(){s.debug("Disabling programmatic console clearing"),h.console.clear=function(){}},requestAnimationFrame:function(){s.debug("Normalizing requestAnimationFrame"),h.requestAnimationFrame===b&&(s.debug("RequestAnimationFrame not available, normalizing event"),h.requestAnimationFrame=h.requestAnimationFrame||h.mozRequestAnimationFrame||h.webkitRequestAnimationFrame||h.msRequestAnimationFrame||function(e){setTimeout(e,0)})}},moduleExists:function(e){return p.fn[e]!==b&&p.fn[e].settings!==b},enabled:{modules:function(e){var n=[];return e=e||u.modules,p.each(e,function(e,t){s.moduleExists(t)&&n.push(t)}),n}},disabled:{modules:function(e){var n=[];return e=e||u.modules,p.each(e,function(e,t){s.moduleExists(t)||n.push(t)}),n}},change:{setting:function(o,a,e,r){e="string"==typeof e?"all"===e?u.modules:[e]:e||u.modules,r=r===b||r,p.each(e,function(e,t){var n,i=!s.moduleExists(t)||(p.fn[t].settings.namespace||!1);s.moduleExists(t)&&(s.verbose("Changing default setting",o,a,t),p.fn[t].settings[o]=a,r&&i&&0<(n=p(":data(module-"+i+")")).length&&(s.verbose("Modifying existing settings",n),n[t]("setting",o,a)))})},settings:function(i,e,o){e="string"==typeof e?[e]:e||u.modules,o=o===b||o,p.each(e,function(e,t){var n;s.moduleExists(t)&&(s.verbose("Changing default setting",i,t),p.extend(!0,p.fn[t].settings,i),o&&a&&0<(n=p(":data(module-"+a+")")).length&&(s.verbose("Modifying existing settings",n),n[t]("setting",i)))})}},enable:{console:function(){s.console(!0)},debug:function(e,t){e=e||u.modules,s.debug("Enabling debug for modules",e),s.change.setting("debug",!0,e,t)},verbose:function(e,t){e=e||u.modules,s.debug("Enabling verbose debug for modules",e),s.change.setting("verbose",!0,e,t)}},disable:{console:function(){s.console(!1)},debug:function(e,t){e=e||u.modules,s.debug("Disabling debug for modules",e),s.change.setting("debug",!1,e,t)},verbose:function(e,t){e=e||u.modules,s.debug("Disabling verbose debug for modules",e),s.change.setting("verbose",!1,e,t)}},console:function(e){if(e){if(g.cache.console===b)return void s.error(d.console);s.debug("Restoring console function"),h.console=g.cache.console}else s.debug("Disabling console function"),g.cache.console=h.console,h.console={clear:function(){},error:function(){},group:function(){},groupCollapsed:function(){},groupEnd:function(){},info:function(){},log:function(){},markTimeline:function(){},warn:function(){}}},destroy:function(){s.verbose("Destroying previous site for",f),f.removeData(r)},cache:{},setting:function(e,t){if(p.isPlainObject(e))p.extend(!0,u,e);else{if(t===b)return u[e];u[e]=t}},internal:function(e,t){if(p.isPlainObject(e))p.extend(!0,s,e);else{if(t===b)return s[e];s[e]=t}},debug:function(){u.debug&&(u.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,u.name+":"),s.debug.apply(console,arguments)))},verbose:function(){u.verbose&&u.debug&&(u.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,u.name+":"),s.verbose.apply(console,arguments)))},error:function(){s.error=Function.prototype.bind.call(console.error,console,u.name+":"),s.error.apply(console,arguments)},performance:{log:function(e){var t,n;u.performance&&(n=(t=(new Date).getTime())-(i||t),i=t,o.push({Element:m,Name:e[0],Arguments:[].slice.call(e,1)||"","Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=u.name+":",n=0;i=!1,clearTimeout(s.performance.timer),p.each(o,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",(console.group!==b||console.table!==b)&&0<o.length&&(console.groupCollapsed(e),console.table?console.table(o):p.each(o,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),o=[]}},invoke:function(i,e,t){var o,a,n,r=g;return e=e||c,t=m||t,"string"==typeof i&&r!==b&&(i=i.split(/[\. ]/),o=i.length-1,p.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(p.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==b)return a=r[n],!1;if(!p.isPlainObject(r[t])||e==o)return r[t]!==b?a=r[t]:s.error(d.method,i),!1;r=r[t]}})),p.isFunction(a)?n=a.apply(t,e):a!==b&&(n=a),p.isArray(l)?l.push(n):l!==b?l=[l,n]:n!==b&&(l=n),a}},n?(g===b&&s.initialize(),s.invoke(t)):(g!==b&&s.destroy(),s.initialize()),l!==b?l:this},p.site.settings={name:"Site",namespace:"site",error:{console:"Console cannot be restored, most likely it was overwritten outside of module",method:"The method you called is not defined."},debug:!1,verbose:!1,performance:!0,modules:["accordion","api","checkbox","dimmer","dropdown","embed","form","modal","nag","popup","rating","shape","sidebar","state","sticky","tab","transition","visit","visibility"],siteNamespace:"site",namespaceStub:{cache:{},config:{},sections:{},section:{},utilities:{}}},p.extend(p.expr[":"],{data:p.expr.createPseudo?p.expr.createPseudo(function(t){return function(e){return!!p.data(e,t)}}):function(e,t,n){return!!p.data(e,n[3])}})}(jQuery,window,document),function(F,e,O,D){"use strict";e=void 0!==e&&e.Math==Math?e:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),F.fn.form=function(x){var C,w=F(this),S=w.selector||"",k=(new Date).getTime(),T=[],A=x,R=arguments[1],P="string"==typeof A,E=[].slice.call(arguments,1);return w.each(function(){var n,l,t,e,d,c,u,f,m,i,s,o,a,g,p,h,r=F(this),v=this,b=[],y=!1;(h={initialize:function(){h.get.settings(),P?(p===D&&h.instantiate(),h.invoke(A)):(p!==D&&p.invoke("destroy"),h.verbose("Initializing form validation",r,d),h.bindEvents(),h.set.defaults(),h.instantiate())},instantiate:function(){h.verbose("Storing instance of module",h),p=h,r.data(a,h)},destroy:function(){h.verbose("Destroying previous module",p),h.removeEvents(),r.removeData(a)},refresh:function(){h.verbose("Refreshing selector cache"),n=r.find(f.field),l=r.find(f.group),t=r.find(f.message),r.find(f.prompt),e=r.find(f.submit),r.find(f.clear),r.find(f.reset)},submit:function(){h.verbose("Submitting form",r),r.submit()},attachEvents:function(e,t){t=t||"submit",F(e).on("click"+g,function(e){h[t](),e.preventDefault()})},bindEvents:function(){h.verbose("Attaching form events"),r.on("submit"+g,h.validate.form).on("blur"+g,f.field,h.event.field.blur).on("click"+g,f.submit,h.submit).on("click"+g,f.reset,h.reset).on("click"+g,f.clear,h.clear),d.keyboardShortcuts&&r.on("keydown"+g,f.field,h.event.field.keydown),n.each(function(){var e=F(this),t=e.prop("type"),n=h.get.changeEvent(t,e);F(this).on(n+g,h.event.field.change)})},clear:function(){n.each(function(){var e=F(this),t=e.parent(),n=e.closest(l),i=n.find(f.prompt),o=e.data(u.defaultValue)||"",a=t.is(f.uiCheckbox),r=t.is(f.uiDropdown);n.hasClass(m.error)&&(h.verbose("Resetting error on field",n),n.removeClass(m.error),i.remove()),r?(h.verbose("Resetting dropdown value",t,o),t.dropdown("clear")):a?e.prop("checked",!1):(h.verbose("Resetting field value",e,o),e.val(""))})},reset:function(){n.each(function(){var e=F(this),t=e.parent(),n=e.closest(l),i=n.find(f.prompt),o=e.data(u.defaultValue),a=t.is(f.uiCheckbox),r=t.is(f.uiDropdown),s=n.hasClass(m.error);o!==D&&(s&&(h.verbose("Resetting error on field",n),n.removeClass(m.error),i.remove()),r?(h.verbose("Resetting dropdown value",t,o),t.dropdown("restore defaults")):a?(h.verbose("Resetting checkbox value",t,o),e.prop("checked",o)):(h.verbose("Resetting field value",e,o),e.val(o)))})},determine:{isValid:function(){var n=!0;return F.each(c,function(e,t){h.validate.field(t,e,!0)||(n=!1)}),n}},is:{bracketedRule:function(e){return e.type&&e.type.match(d.regExp.bracket)},shorthandFields:function(e){var t=e[Object.keys(e)[0]];return h.is.shorthandRules(t)},shorthandRules:function(e){return"string"==typeof e||F.isArray(e)},empty:function(e){return!e||0===e.length||(e.is('input[type="checkbox"]')?!e.is(":checked"):h.is.blank(e))},blank:function(e){return""===F.trim(e.val())},valid:function(e){var n=!0;return e?(h.verbose("Checking if field is valid",e),h.validate.field(c[e],e,!1)):(h.verbose("Checking if form is valid"),F.each(c,function(e,t){h.is.valid(e)||(n=!1)}),n)}},removeEvents:function(){r.off(g),n.off(g),e.off(g),n.off(g)},event:{field:{keydown:function(e){var t=F(this),n=e.which,i=t.is(f.input),o=t.is(f.checkbox),a=0<t.closest(f.uiDropdown).length,r=13;n==27&&(h.verbose("Escape key pressed blurring field"),t.blur()),e.ctrlKey||n!=r||!i||a||o||(y||(t.one("keyup"+g,h.event.field.keyup),h.submit(),h.debug("Enter pressed on input submitting form")),y=!0)},keyup:function(){y=!1},blur:function(e){var t=F(this),n=t.closest(l),i=h.get.validation(t);n.hasClass(m.error)?(h.debug("Revalidating field",t,i),i&&h.validate.field(i)):"blur"==d.on&&i&&h.validate.field(i)},change:function(e){var t=F(this),n=t.closest(l),i=h.get.validation(t);i&&("change"==d.on||n.hasClass(m.error)&&d.revalidate)&&(clearTimeout(h.timer),h.timer=setTimeout(function(){h.debug("Revalidating field",t,h.get.validation(t)),h.validate.field(i)},d.delay))}}},get:{ancillaryValue:function(e){return!(!e.type||!e.value&&!h.is.bracketedRule(e))&&(e.value!==D?e.value:e.type.match(d.regExp.bracket)[1]+"")},ruleName:function(e){return h.is.bracketedRule(e)?e.type.replace(e.type.match(d.regExp.bracket)[0],""):e.type},changeEvent:function(e,t){return"checkbox"==e||"radio"==e||"hidden"==e||t.is("select")?"change":h.get.inputEvent()},inputEvent:function(){return O.createElement("input").oninput!==D?"input":O.createElement("input").onpropertychange!==D?"propertychange":"keyup"},fieldsFromShorthand:function(e){var i={};return F.each(e,function(n,e){"string"==typeof e&&(e=[e]),i[n]={rules:[]},F.each(e,function(e,t){i[n].rules.push({type:t})})}),i},prompt:function(e,t){var n,i,o=h.get.ruleName(e),a=h.get.ancillaryValue(e),r=h.get.field(t.identifier),s=r.val(),l=F.isFunction(e.prompt)?e.prompt(s):e.prompt||d.prompt[o]||d.text.unspecifiedRule,c=-1!==l.search("{value}"),u=-1!==l.search("{name}");return c&&(l=l.replace("{value}",r.val())),u&&(i=1==(n=r.closest(f.group).find("label").eq(0)).length?n.text():r.prop("placeholder")||d.text.unspecifiedField,l=l.replace("{name}",i)),l=(l=l.replace("{identifier}",t.identifier)).replace("{ruleValue}",a),e.prompt||h.verbose("Using default validation prompt for type",l,o),l},settings:function(){if(F.isPlainObject(x)){var e=Object.keys(x);0<e.length&&(x[e[0]].identifier!==D&&x[e[0]].rules!==D)?(d=F.extend(!0,{},F.fn.form.settings,R),c=F.extend({},F.fn.form.settings.defaults,x),h.error(d.error.oldSyntax,v),h.verbose("Extending settings from legacy parameters",c,d)):(x.fields&&h.is.shorthandFields(x.fields)&&(x.fields=h.get.fieldsFromShorthand(x.fields)),d=F.extend(!0,{},F.fn.form.settings,x),c=F.extend({},F.fn.form.settings.defaults,d.fields),h.verbose("Extending settings",c,d))}else d=F.fn.form.settings,c=F.fn.form.settings.defaults,h.verbose("Using default form validation",c,d);o=d.namespace,u=d.metadata,f=d.selector,m=d.className,i=d.regExp,s=d.error,a="module-"+o,g="."+o,p=r.data(a),h.refresh()},field:function(e){return h.verbose("Finding field with identifier",e),e=h.escape.string(e),0<n.filter("#"+e).length?n.filter("#"+e):0<n.filter('[name="'+e+'"]').length?n.filter('[name="'+e+'"]'):0<n.filter('[name="'+e+'[]"]').length?n.filter('[name="'+e+'[]"]'):0<n.filter("[data-"+u.validate+'="'+e+'"]').length?n.filter("[data-"+u.validate+'="'+e+'"]'):F("<input/>")},fields:function(e){var n=F();return F.each(e,function(e,t){n=n.add(h.get.field(t))}),n},validation:function(n){var i,o;return!!c&&(F.each(c,function(e,t){o=t.identifier||e,h.get.field(o)[0]==n[0]&&(t.identifier=o,i=t)}),i||!1)},value:function(e){var t=[];return t.push(e),h.get.values.call(v,t)[e]},values:function(e){var t=F.isArray(e)?h.get.fields(e):n,c={};return t.each(function(e,t){var n=F(t),i=(n.prop("type"),n.prop("name")),o=n.val(),a=n.is(f.checkbox),r=n.is(f.radio),s=-1!==i.indexOf("[]"),l=!!a&&n.is(":checked");i&&(s?(i=i.replace("[]",""),c[i]||(c[i]=[]),a?l?c[i].push(o||!0):c[i].push(!1):c[i].push(o)):r?c[i]!==D&&0!=c[i]||(c[i]=!!l&&(o||!0)):c[i]=a?!!l&&(o||!0):o)}),c}},has:{field:function(e){return h.verbose("Checking for existence of a field with identifier",e),"string"!=typeof(e=h.escape.string(e))&&h.error(s.identifier,e),0<n.filter("#"+e).length||(0<n.filter('[name="'+e+'"]').length||0<n.filter("[data-"+u.validate+'="'+e+'"]').length)}},escape:{string:function(e){return(e=String(e)).replace(i.escape,"\\$&")}},add:{rule:function(e,t){h.add.field(e,t)},field:function(n,e){var i={};h.is.shorthandRules(e)?(e=F.isArray(e)?e:[e],i[n]={rules:[]},F.each(e,function(e,t){i[n].rules.push({type:t})})):i[n]=e,c=F.extend({},c,i),h.debug("Adding rules",i,c)},fields:function(e){var t;t=e&&h.is.shorthandFields(e)?h.get.fieldsFromShorthand(e):e,c=F.extend({},c,t)},prompt:function(e,t){var n=h.get.field(e).closest(l),i=n.children(f.prompt),o=0!==i.length;t="string"==typeof t?[t]:t,h.verbose("Adding field error state",e),n.addClass(m.error),d.inline&&(o||(i=d.templates.prompt(t)).appendTo(n),i.html(t[0]),o?h.verbose("Inline errors are disabled, no inline error added",e):d.transition&&F.fn.transition!==D&&r.transition("is supported")?(h.verbose("Displaying error with css transition",d.transition),i.transition(d.transition+" in",d.duration)):(h.verbose("Displaying error with fallback javascript animation"),i.fadeIn(d.duration)))},errors:function(e){h.debug("Adding form error messages",e),h.set.error(),t.html(d.templates.error(e))}},remove:{rule:function(n,e){var i=F.isArray(e)?e:[e];if(e==D)return h.debug("Removed all rules"),void(c[n].rules=[]);c[n]!=D&&F.isArray(c[n].rules)&&F.each(c[n].rules,function(e,t){-1!==i.indexOf(t.type)&&(h.debug("Removed rule",t.type),c[n].rules.splice(e,1))})},field:function(e){var t=F.isArray(e)?e:[e];F.each(t,function(e,t){h.remove.rule(t)})},rules:function(e,n){F.isArray(e)?F.each(fields,function(e,t){h.remove.rule(t,n)}):h.remove.rule(e,n)},fields:function(e){h.remove.field(e)},prompt:function(e){var t=h.get.field(e).closest(l),n=t.children(f.prompt);t.removeClass(m.error),d.inline&&n.is(":visible")&&(h.verbose("Removing prompt for field",e),d.transition&&F.fn.transition!==D&&r.transition("is supported")?n.transition(d.transition+" out",d.duration,function(){n.remove()}):n.fadeOut(d.duration,function(){n.remove()}))}},set:{success:function(){r.removeClass(m.error).addClass(m.success)},defaults:function(){n.each(function(){var e=F(this),t=0<e.filter(f.checkbox).length?e.is(":checked"):e.val();e.data(u.defaultValue,t)})},error:function(){r.removeClass(m.success).addClass(m.error)},value:function(e,t){var n={};return n[e]=t,h.set.values.call(v,n)},values:function(e){F.isEmptyObject(e)||F.each(e,function(e,t){var n,i=h.get.field(e),o=i.parent(),a=F.isArray(t),r=o.is(f.uiCheckbox),s=o.is(f.uiDropdown),l=i.is(f.radio)&&r;0<i.length&&(a&&r?(h.verbose("Selecting multiple",t,i),o.checkbox("uncheck"),F.each(t,function(e,t){n=i.filter('[value="'+t+'"]'),o=n.parent(),0<n.length&&o.checkbox("check")})):l?(h.verbose("Selecting radio value",t,i),i.filter('[value="'+t+'"]').parent(f.uiCheckbox).checkbox("check")):r?(h.verbose("Setting checkbox value",t,o),!0===t?o.checkbox("check"):o.checkbox("uncheck")):s?(h.verbose("Setting dropdown value",t,o),o.dropdown("set selected",t)):(h.verbose("Setting field value",t,i),i.val(t)))})}},validate:{form:function(e,t){var n=h.get.values();if(y)return!1;if(b=[],h.determine.isValid()){if(h.debug("Form has no validation errors, submitting"),h.set.success(),!0!==t)return d.onSuccess.call(v,e,n)}else if(h.debug("Form has errors"),h.set.error(),d.inline||h.add.errors(b),r.data("moduleApi")!==D&&e.stopImmediatePropagation(),!0!==t)return d.onFailure.call(v,b,n)},field:function(n,e,t){t=t===D||t,"string"==typeof n&&(h.verbose("Validating field",n),n=c[e=n]);var i=n.identifier||e,o=h.get.field(i),a=!!n.depends&&h.get.field(n.depends),r=!0,s=[];return n.identifier||(h.debug("Using field name as identifier",i),n.identifier=i),o.prop("disabled")?(h.debug("Field is disabled. Skipping",i),r=!0):n.optional&&h.is.blank(o)?(h.debug("Field is optional and blank. Skipping",i),r=!0):n.depends&&h.is.empty(a)?(h.debug("Field depends on another value that is not present or empty. Skipping",a),r=!0):n.rules!==D&&F.each(n.rules,function(e,t){h.has.field(i)&&!h.validate.rule(n,t)&&(h.debug("Field is invalid",i,t.type),s.push(h.get.prompt(t,n)),r=!1)}),r?(t&&(h.remove.prompt(i,s),d.onValid.call(o)),!0):(t&&(b=b.concat(s),h.add.prompt(i,s),d.onInvalid.call(o,s)),!1)},rule:function(e,t){var n=h.get.field(e.identifier),i=(t.type,n.val()),o=h.get.ancillaryValue(t),a=h.get.ruleName(t),r=d.rules[a];if(F.isFunction(r))return i=i===D||""===i||null===i?"":F.trim(i+""),r.call(n,i,o);h.error(s.noRule,a)}},setting:function(e,t){if(F.isPlainObject(e))F.extend(!0,d,e);else{if(t===D)return d[e];d[e]=t}},internal:function(e,t){if(F.isPlainObject(e))F.extend(!0,h,e);else{if(t===D)return h[e];h[e]=t}},debug:function(){!d.silent&&d.debug&&(d.performance?h.performance.log(arguments):(h.debug=Function.prototype.bind.call(console.info,console,d.name+":"),h.debug.apply(console,arguments)))},verbose:function(){!d.silent&&d.verbose&&d.debug&&(d.performance?h.performance.log(arguments):(h.verbose=Function.prototype.bind.call(console.info,console,d.name+":"),h.verbose.apply(console,arguments)))},error:function(){d.silent||(h.error=Function.prototype.bind.call(console.error,console,d.name+":"),h.error.apply(console,arguments))},performance:{log:function(e){var t,n;d.performance&&(n=(t=(new Date).getTime())-(k||t),k=t,T.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:v,"Execution Time":n})),clearTimeout(h.performance.timer),h.performance.timer=setTimeout(h.performance.display,500)},display:function(){var e=d.name+":",n=0;k=!1,clearTimeout(h.performance.timer),F.each(T,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",S&&(e+=" '"+S+"'"),1<w.length&&(e+=" ("+w.length+")"),(console.group!==D||console.table!==D)&&0<T.length&&(console.groupCollapsed(e),console.table?console.table(T):F.each(T,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),T=[]}},invoke:function(i,e,t){var o,a,n,r=p;return e=e||E,t=v||t,"string"==typeof i&&r!==D&&(i=i.split(/[\. ]/),o=i.length-1,F.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(F.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==D)return a=r[n],!1;if(!F.isPlainObject(r[t])||e==o)return r[t]!==D&&(a=r[t]),!1;r=r[t]}})),F.isFunction(a)?n=a.apply(t,e):a!==D&&(n=a),F.isArray(C)?C.push(n):C!==D?C=[C,n]:n!==D&&(C=n),a}}).initialize()}),C!==D?C:this},F.fn.form.settings={name:"Form",namespace:"form",debug:!1,verbose:!1,performance:!0,fields:!1,keyboardShortcuts:!0,on:"submit",inline:!1,delay:200,revalidate:!0,transition:"scale",duration:200,onValid:function(){},onInvalid:function(){},onSuccess:function(){return!0},onFailure:function(){return!1},metadata:{defaultValue:"default",validate:"validate"},regExp:{htmlID:/^[a-zA-Z][\w:.-]*$/g,bracket:/\[(.*)\]/i,decimal:/^\d+\.?\d*$/,email:/^[a-z0-9!#$%&'*+\/=?^_`{|}~.-]+@[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$/i,escape:/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,flags:/^\/(.*)\/(.*)?/,integer:/^\-?\d+$/,number:/^\-?\d*(\.\d+)?$/,url:/(https?:\/\/(?:www\.|(?!www))[^\s\.]+\.[^\s]{2,}|www\.[^\s]+\.[^\s]{2,})/i},text:{unspecifiedRule:"Please enter a valid value",unspecifiedField:"This field"},prompt:{empty:"{name} must have a value",checked:"{name} must be checked",email:"{name} must be a valid e-mail",url:"{name} must be a valid url",regExp:"{name} is not formatted correctly",integer:"{name} must be an integer",decimal:"{name} must be a decimal number",number:"{name} must be set to a number",is:'{name} must be "{ruleValue}"',isExactly:'{name} must be exactly "{ruleValue}"',not:'{name} cannot be set to "{ruleValue}"',notExactly:'{name} cannot be set to exactly "{ruleValue}"',contain:'{name} must contain "{ruleValue}"',containExactly:'{name} must contain exactly "{ruleValue}"',doesntContain:'{name} cannot contain  "{ruleValue}"',doesntContainExactly:'{name} cannot contain exactly "{ruleValue}"',minLength:"{name} must be at least {ruleValue} characters",length:"{name} must be at least {ruleValue} characters",exactLength:"{name} must be exactly {ruleValue} characters",maxLength:"{name} cannot be longer than {ruleValue} characters",match:"{name} must match {ruleValue} field",different:"{name} must have a different value than {ruleValue} field",creditCard:"{name} must be a valid credit card number",minCount:"{name} must have at least {ruleValue} choices",exactCount:"{name} must have exactly {ruleValue} choices",maxCount:"{name} must have {ruleValue} or less choices"},selector:{checkbox:'input[type="checkbox"], input[type="radio"]',clear:".clear",field:"input, textarea, select",group:".field",input:"input",message:".error.message",prompt:".prompt.label",radio:'input[type="radio"]',reset:'.reset:not([type="reset"])',submit:'.submit:not([type="submit"])',uiCheckbox:".ui.checkbox",uiDropdown:".ui.dropdown"},className:{error:"error",label:"ui prompt label",pressed:"down",success:"success"},error:{identifier:"You must specify a string identifier for each field",method:"The method you called is not defined.",noRule:"There is no rule matching the one you specified",oldSyntax:"Starting in 2.0 forms now only take a single settings object. Validation settings converted to new syntax automatically."},templates:{error:function(e){var n='<ul class="list">';return F.each(e,function(e,t){n+="<li>"+t+"</li>"}),F(n+="</ul>")},prompt:function(e){return F("<div/>").addClass("ui basic red pointing prompt label").html(e[0])}},rules:{empty:function(e){return!(e===D||""===e||F.isArray(e)&&0===e.length)},checked:function(){return 0<F(this).filter(":checked").length},email:function(e){return F.fn.form.settings.regExp.email.test(e)},url:function(e){return F.fn.form.settings.regExp.url.test(e)},regExp:function(e,t){if(t instanceof RegExp)return e.match(t);var n,i=t.match(F.fn.form.settings.regExp.flags);return i&&(t=2<=i.length?i[1]:t,n=3<=i.length?i[2]:""),e.match(new RegExp(t,n))},integer:function(e,t){var n,i,o,a=F.fn.form.settings.regExp.integer;return t&&-1===["",".."].indexOf(t)&&(-1==t.indexOf("..")?a.test(t)&&(n=i=t-0):(o=t.split("..",2),a.test(o[0])&&(n=o[0]-0),a.test(o[1])&&(i=o[1]-0))),a.test(e)&&(n===D||n<=e)&&(i===D||e<=i)},decimal:function(e){return F.fn.form.settings.regExp.decimal.test(e)},number:function(e){return F.fn.form.settings.regExp.number.test(e)},is:function(e,t){return t="string"==typeof t?t.toLowerCase():t,(e="string"==typeof e?e.toLowerCase():e)==t},isExactly:function(e,t){return e==t},not:function(e,t){return(e="string"==typeof e?e.toLowerCase():e)!=(t="string"==typeof t?t.toLowerCase():t)},notExactly:function(e,t){return e!=t},contains:function(e,t){return t=t.replace(F.fn.form.settings.regExp.escape,"\\$&"),-1!==e.search(new RegExp(t,"i"))},containsExactly:function(e,t){return t=t.replace(F.fn.form.settings.regExp.escape,"\\$&"),-1!==e.search(new RegExp(t))},doesntContain:function(e,t){return t=t.replace(F.fn.form.settings.regExp.escape,"\\$&"),-1===e.search(new RegExp(t,"i"))},doesntContainExactly:function(e,t){return t=t.replace(F.fn.form.settings.regExp.escape,"\\$&"),-1===e.search(new RegExp(t))},minLength:function(e,t){return e!==D&&e.length>=t},length:function(e,t){return e!==D&&e.length>=t},exactLength:function(e,t){return e!==D&&e.length==t},maxLength:function(e,t){return e!==D&&e.length<=t},match:function(e,t){var n;F(this);return 0<F('[data-validate="'+t+'"]').length?n=F('[data-validate="'+t+'"]').val():0<F("#"+t).length?n=F("#"+t).val():0<F('[name="'+t+'"]').length?n=F('[name="'+t+'"]').val():0<F('[name="'+t+'[]"]').length&&(n=F('[name="'+t+'[]"]')),n!==D&&e.toString()==n.toString()},different:function(e,t){var n;F(this);return 0<F('[data-validate="'+t+'"]').length?n=F('[data-validate="'+t+'"]').val():0<F("#"+t).length?n=F("#"+t).val():0<F('[name="'+t+'"]').length?n=F('[name="'+t+'"]').val():0<F('[name="'+t+'[]"]').length&&(n=F('[name="'+t+'[]"]')),n!==D&&e.toString()!==n.toString()},creditCard:function(n,e){var t,i,o={visa:{pattern:/^4/,length:[16]},amex:{pattern:/^3[47]/,length:[15]},mastercard:{pattern:/^5[1-5]/,length:[16]},discover:{pattern:/^(6011|622(12[6-9]|1[3-9][0-9]|[2-8][0-9]{2}|9[0-1][0-9]|92[0-5]|64[4-9])|65)/,length:[16]},unionPay:{pattern:/^(62|88)/,length:[16,17,18,19]},jcb:{pattern:/^35(2[89]|[3-8][0-9])/,length:[16]},maestro:{pattern:/^(5018|5020|5038|6304|6759|676[1-3])/,length:[12,13,14,15,16,17,18,19]},dinersClub:{pattern:/^(30[0-5]|^36)/,length:[14]},laser:{pattern:/^(6304|670[69]|6771)/,length:[16,17,18,19]},visaElectron:{pattern:/^(4026|417500|4508|4844|491(3|7))/,length:[16]}},a={},r=!1,s="string"==typeof e&&e.split(",");if("string"==typeof n&&0!==n.length){if(n=n.replace(/[\-]/g,""),s&&(F.each(s,function(e,t){(i=o[t])&&(a={length:-1!==F.inArray(n.length,i.length),pattern:-1!==n.search(i.pattern)}).length&&a.pattern&&(r=!0)}),!r))return!1;if((t={number:-1!==F.inArray(n.length,o.unionPay.length),pattern:-1!==n.search(o.unionPay.pattern)}).number&&t.pattern)return!0;for(var l=n.length,c=0,u=[[0,1,2,3,4,5,6,7,8,9],[0,2,4,6,8,1,3,5,7,9]],d=0;l--;)d+=u[c][parseInt(n.charAt(l),10)],c^=1;return d%10==0&&0<d}},minCount:function(e,t){return 0==t||(1==t?""!==e:e.split(",").length>=t)},exactCount:function(e,t){return 0==t?""===e:1==t?""!==e&&-1===e.search(","):e.split(",").length==t},maxCount:function(e,t){return 0!=t&&(1==t?-1===e.search(","):e.split(",").length<=t)}}}}(jQuery,window,document),function(S,k,e,T){"use strict";k=void 0!==k&&k.Math==Math?k:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),S.fn.accordion=function(a){var v,r=S(this),b=(new Date).getTime(),y=[],x=a,C="string"==typeof x,w=[].slice.call(arguments,1);k.requestAnimationFrame||k.mozRequestAnimationFrame||k.webkitRequestAnimationFrame||k.msRequestAnimationFrame;return r.each(function(){var e,c,u=S.isPlainObject(a)?S.extend(!0,{},S.fn.accordion.settings,a):S.extend({},S.fn.accordion.settings),d=u.className,t=u.namespace,f=u.selector,s=u.error,n="."+t,i="module-"+t,o=r.selector||"",m=S(this),g=m.find(f.title),p=m.find(f.content),l=this,h=m.data(i);c={initialize:function(){c.debug("Initializing",m),c.bind.events(),u.observeChanges&&c.observeChanges(),c.instantiate()},instantiate:function(){h=c,m.data(i,c)},destroy:function(){c.debug("Destroying previous instance",m),m.off(n).removeData(i)},refresh:function(){g=m.find(f.title),p=m.find(f.content)},observeChanges:function(){"MutationObserver"in k&&((e=new MutationObserver(function(e){c.debug("DOM tree modified, updating selector cache"),c.refresh()})).observe(l,{childList:!0,subtree:!0}),c.debug("Setting up mutation observer",e))},bind:{events:function(){c.debug("Binding delegated events"),m.on(u.on+n,f.trigger,c.event.click)}},event:{click:function(){c.toggle.call(this)}},toggle:function(e){var t=e!==T?"number"==typeof e?g.eq(e):S(e).closest(f.title):S(this).closest(f.title),n=t.next(p),i=n.hasClass(d.animating),o=n.hasClass(d.active),a=o&&!i,r=!o&&i;c.debug("Toggling visibility of content",t),a||r?u.collapsible?c.close.call(t):c.debug("Cannot close accordion content collapsing is disabled"):c.open.call(t)},open:function(e){var t=e!==T?"number"==typeof e?g.eq(e):S(e).closest(f.title):S(this).closest(f.title),n=t.next(p),i=n.hasClass(d.animating);n.hasClass(d.active)||i?c.debug("Accordion already open, skipping",n):(c.debug("Opening accordion content",t),u.onOpening.call(n),u.onChanging.call(n),u.exclusive&&c.closeOthers.call(t),t.addClass(d.active),n.stop(!0,!0).addClass(d.animating),u.animateChildren&&(S.fn.transition!==T&&m.transition("is supported")?n.children().transition({animation:"fade in",queue:!1,useFailSafe:!0,debug:u.debug,verbose:u.verbose,duration:u.duration}):n.children().stop(!0,!0).animate({opacity:1},u.duration,c.resetOpacity)),n.slideDown(u.duration,u.easing,function(){n.removeClass(d.animating).addClass(d.active),c.reset.display.call(this),u.onOpen.call(this),u.onChange.call(this)}))},close:function(e){var t=e!==T?"number"==typeof e?g.eq(e):S(e).closest(f.title):S(this).closest(f.title),n=t.next(p),i=n.hasClass(d.animating),o=n.hasClass(d.active);!o&&!(!o&&i)||o&&i||(c.debug("Closing accordion content",n),u.onClosing.call(n),u.onChanging.call(n),t.removeClass(d.active),n.stop(!0,!0).addClass(d.animating),u.animateChildren&&(S.fn.transition!==T&&m.transition("is supported")?n.children().transition({animation:"fade out",queue:!1,useFailSafe:!0,debug:u.debug,verbose:u.verbose,duration:u.duration}):n.children().stop(!0,!0).animate({opacity:0},u.duration,c.resetOpacity)),n.slideUp(u.duration,u.easing,function(){n.removeClass(d.animating).removeClass(d.active),c.reset.display.call(this),u.onClose.call(this),u.onChange.call(this)}))},closeOthers:function(e){var t,n,i,o=e!==T?g.eq(e):S(this).closest(f.title),a=o.parents(f.content).prev(f.title),r=o.closest(f.accordion),s=f.title+"."+d.active+":visible",l=f.content+"."+d.active+":visible";i=u.closeNested?(t=r.find(s).not(a)).next(p):(t=r.find(s).not(a),n=r.find(l).find(s).not(a),(t=t.not(n)).next(p)),0<t.length&&(c.debug("Exclusive enabled, closing other content",t),t.removeClass(d.active),i.removeClass(d.animating).stop(!0,!0),u.animateChildren&&(S.fn.transition!==T&&m.transition("is supported")?i.children().transition({animation:"fade out",useFailSafe:!0,debug:u.debug,verbose:u.verbose,duration:u.duration}):i.children().stop(!0,!0).animate({opacity:0},u.duration,c.resetOpacity)),i.slideUp(u.duration,u.easing,function(){S(this).removeClass(d.active),c.reset.display.call(this)}))},reset:{display:function(){c.verbose("Removing inline display from element",this),S(this).css("display",""),""===S(this).attr("style")&&S(this).attr("style","").removeAttr("style")},opacity:function(){c.verbose("Removing inline opacity from element",this),S(this).css("opacity",""),""===S(this).attr("style")&&S(this).attr("style","").removeAttr("style")}},setting:function(e,t){if(c.debug("Changing setting",e,t),S.isPlainObject(e))S.extend(!0,u,e);else{if(t===T)return u[e];S.isPlainObject(u[e])?S.extend(!0,u[e],t):u[e]=t}},internal:function(e,t){if(c.debug("Changing internal",e,t),t===T)return c[e];S.isPlainObject(e)?S.extend(!0,c,e):c[e]=t},debug:function(){!u.silent&&u.debug&&(u.performance?c.performance.log(arguments):(c.debug=Function.prototype.bind.call(console.info,console,u.name+":"),c.debug.apply(console,arguments)))},verbose:function(){!u.silent&&u.verbose&&u.debug&&(u.performance?c.performance.log(arguments):(c.verbose=Function.prototype.bind.call(console.info,console,u.name+":"),c.verbose.apply(console,arguments)))},error:function(){u.silent||(c.error=Function.prototype.bind.call(console.error,console,u.name+":"),c.error.apply(console,arguments))},performance:{log:function(e){var t,n;u.performance&&(n=(t=(new Date).getTime())-(b||t),b=t,y.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:l,"Execution Time":n})),clearTimeout(c.performance.timer),c.performance.timer=setTimeout(c.performance.display,500)},display:function(){var e=u.name+":",n=0;b=!1,clearTimeout(c.performance.timer),S.each(y,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",o&&(e+=" '"+o+"'"),(console.group!==T||console.table!==T)&&0<y.length&&(console.groupCollapsed(e),console.table?console.table(y):S.each(y,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),y=[]}},invoke:function(i,e,t){var o,a,n,r=h;return e=e||w,t=l||t,"string"==typeof i&&r!==T&&(i=i.split(/[\. ]/),o=i.length-1,S.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(S.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==T)return a=r[n],!1;if(!S.isPlainObject(r[t])||e==o)return r[t]!==T?a=r[t]:c.error(s.method,i),!1;r=r[t]}})),S.isFunction(a)?n=a.apply(t,e):a!==T&&(n=a),S.isArray(v)?v.push(n):v!==T?v=[v,n]:n!==T&&(v=n),a}},C?(h===T&&c.initialize(),c.invoke(x)):(h!==T&&h.invoke("destroy"),c.initialize())}),v!==T?v:this},S.fn.accordion.settings={name:"Accordion",namespace:"accordion",silent:!1,debug:!1,verbose:!1,performance:!0,on:"click",observeChanges:!0,exclusive:!0,collapsible:!0,closeNested:!1,animateChildren:!0,duration:350,easing:"easeOutQuad",onOpening:function(){},onClosing:function(){},onChanging:function(){},onOpen:function(){},onClose:function(){},onChange:function(){},error:{method:"The method you called is not defined"},className:{active:"active",animating:"animating"},selector:{accordion:".accordion",title:".title",trigger:".title",content:".content"}},S.extend(S.easing,{easeOutQuad:function(e,t,n,i,o){return-i*(t/=o)*(t-2)+n}})}(jQuery,window,document),function(T,A,R,P){"use strict";A=void 0!==A&&A.Math==Math?A:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),T.fn.checkbox=function(v){var b,e=T(this),y=e.selector||"",x=(new Date).getTime(),C=[],w=v,S="string"==typeof w,k=[].slice.call(arguments,1);return e.each(function(){var e,s,i=T.extend(!0,{},T.fn.checkbox.settings,v),t=i.className,n=i.namespace,o=i.selector,l=i.error,a="."+n,r="module-"+n,c=T(this),u=T(this).children(o.label),d=T(this).children(o.input),f=d[0],m=!1,g=!1,p=c.data(r),h=this;s={initialize:function(){s.verbose("Initializing checkbox",i),s.create.label(),s.bind.events(),s.set.tabbable(),s.hide.input(),s.observeChanges(),s.instantiate(),s.setup()},instantiate:function(){s.verbose("Storing instance of module",s),p=s,c.data(r,s)},destroy:function(){s.verbose("Destroying module"),s.unbind.events(),s.show.input(),c.removeData(r)},fix:{reference:function(){c.is(o.input)&&(s.debug("Behavior called on <input> adjusting invoked element"),c=c.closest(o.checkbox),s.refresh())}},setup:function(){s.set.initialLoad(),s.is.indeterminate()?(s.debug("Initial value is indeterminate"),s.indeterminate()):s.is.checked()?(s.debug("Initial value is checked"),s.check()):(s.debug("Initial value is unchecked"),s.uncheck()),s.remove.initialLoad()},refresh:function(){u=c.children(o.label),d=c.children(o.input),f=d[0]},hide:{input:function(){s.verbose("Modifying <input> z-index to be unselectable"),d.addClass(t.hidden)}},show:{input:function(){s.verbose("Modifying <input> z-index to be selectable"),d.removeClass(t.hidden)}},observeChanges:function(){"MutationObserver"in A&&((e=new MutationObserver(function(e){s.debug("DOM tree modified, updating selector cache"),s.refresh()})).observe(h,{childList:!0,subtree:!0}),s.debug("Setting up mutation observer",e))},attachEvents:function(e,t){var n=T(e);t=T.isFunction(s[t])?s[t]:s.toggle,0<n.length?(s.debug("Attaching checkbox events to element",e,t),n.on("click"+a,t)):s.error(l.notFound)},event:{click:function(e){var t=T(e.target);t.is(o.input)?s.verbose("Using default check action on initialized checkbox"):t.is(o.link)?s.debug("Clicking link inside checkbox, skipping toggle"):(s.toggle(),d.focus(),e.preventDefault())},keydown:function(e){var t=e.which,n=13,i=32;g=t==27?(s.verbose("Escape key pressed blurring field"),d.blur(),!0):!(e.ctrlKey||t!=i&&t!=n)&&(s.verbose("Enter/space key pressed, toggling checkbox"),s.toggle(),!0)},keyup:function(e){g&&e.preventDefault()}},check:function(){s.should.allowCheck()&&(s.debug("Checking checkbox",d),s.set.checked(),s.should.ignoreCallbacks()||(i.onChecked.call(f),i.onChange.call(f)))},uncheck:function(){s.should.allowUncheck()&&(s.debug("Unchecking checkbox"),s.set.unchecked(),s.should.ignoreCallbacks()||(i.onUnchecked.call(f),i.onChange.call(f)))},indeterminate:function(){s.should.allowIndeterminate()?s.debug("Checkbox is already indeterminate"):(s.debug("Making checkbox indeterminate"),s.set.indeterminate(),s.should.ignoreCallbacks()||(i.onIndeterminate.call(f),i.onChange.call(f)))},determinate:function(){s.should.allowDeterminate()?s.debug("Checkbox is already determinate"):(s.debug("Making checkbox determinate"),s.set.determinate(),s.should.ignoreCallbacks()||(i.onDeterminate.call(f),i.onChange.call(f)))},enable:function(){s.is.enabled()?s.debug("Checkbox is already enabled"):(s.debug("Enabling checkbox"),s.set.enabled(),i.onEnable.call(f),i.onEnabled.call(f))},disable:function(){s.is.disabled()?s.debug("Checkbox is already disabled"):(s.debug("Disabling checkbox"),s.set.disabled(),i.onDisable.call(f),i.onDisabled.call(f))},get:{radios:function(){var e=s.get.name();return T('input[name="'+e+'"]').closest(o.checkbox)},otherRadios:function(){return s.get.radios().not(c)},name:function(){return d.attr("name")}},is:{initialLoad:function(){return m},radio:function(){return d.hasClass(t.radio)||"radio"==d.attr("type")},indeterminate:function(){return d.prop("indeterminate")!==P&&d.prop("indeterminate")},checked:function(){return d.prop("checked")!==P&&d.prop("checked")},disabled:function(){return d.prop("disabled")!==P&&d.prop("disabled")},enabled:function(){return!s.is.disabled()},determinate:function(){return!s.is.indeterminate()},unchecked:function(){return!s.is.checked()}},should:{allowCheck:function(){return s.is.determinate()&&s.is.checked()&&!s.should.forceCallbacks()?(s.debug("Should not allow check, checkbox is already checked"),!1):!1!==i.beforeChecked.apply(f)||(s.debug("Should not allow check, beforeChecked cancelled"),!1)},allowUncheck:function(){return s.is.determinate()&&s.is.unchecked()&&!s.should.forceCallbacks()?(s.debug("Should not allow uncheck, checkbox is already unchecked"),!1):!1!==i.beforeUnchecked.apply(f)||(s.debug("Should not allow uncheck, beforeUnchecked cancelled"),!1)},allowIndeterminate:function(){return s.is.indeterminate()&&!s.should.forceCallbacks()?(s.debug("Should not allow indeterminate, checkbox is already indeterminate"),!1):!1!==i.beforeIndeterminate.apply(f)||(s.debug("Should not allow indeterminate, beforeIndeterminate cancelled"),!1)},allowDeterminate:function(){return s.is.determinate()&&!s.should.forceCallbacks()?(s.debug("Should not allow determinate, checkbox is already determinate"),!1):!1!==i.beforeDeterminate.apply(f)||(s.debug("Should not allow determinate, beforeDeterminate cancelled"),!1)},forceCallbacks:function(){return s.is.initialLoad()&&i.fireOnInit},ignoreCallbacks:function(){return m&&!i.fireOnInit}},can:{change:function(){return!(c.hasClass(t.disabled)||c.hasClass(t.readOnly)||d.prop("disabled")||d.prop("readonly"))},uncheck:function(){return"boolean"==typeof i.uncheckable?i.uncheckable:!s.is.radio()}},set:{initialLoad:function(){m=!0},checked:function(){s.verbose("Setting class to checked"),c.removeClass(t.indeterminate).addClass(t.checked),s.is.radio()&&s.uncheckOthers(),s.is.indeterminate()||!s.is.checked()?(s.verbose("Setting state to checked",f),d.prop("indeterminate",!1).prop("checked",!0),s.trigger.change()):s.debug("Input is already checked, skipping input property change")},unchecked:function(){s.verbose("Removing checked class"),c.removeClass(t.indeterminate).removeClass(t.checked),s.is.indeterminate()||!s.is.unchecked()?(s.debug("Setting state to unchecked"),d.prop("indeterminate",!1).prop("checked",!1),s.trigger.change()):s.debug("Input is already unchecked")},indeterminate:function(){s.verbose("Setting class to indeterminate"),c.addClass(t.indeterminate),s.is.indeterminate()?s.debug("Input is already indeterminate, skipping input property change"):(s.debug("Setting state to indeterminate"),d.prop("indeterminate",!0),s.trigger.change())},determinate:function(){s.verbose("Removing indeterminate class"),c.removeClass(t.indeterminate),s.is.determinate()?s.debug("Input is already determinate, skipping input property change"):(s.debug("Setting state to determinate"),d.prop("indeterminate",!1))},disabled:function(){s.verbose("Setting class to disabled"),c.addClass(t.disabled),s.is.disabled()?s.debug("Input is already disabled, skipping input property change"):(s.debug("Setting state to disabled"),d.prop("disabled","disabled"),s.trigger.change())},enabled:function(){s.verbose("Removing disabled class"),c.removeClass(t.disabled),s.is.enabled()?s.debug("Input is already enabled, skipping input property change"):(s.debug("Setting state to enabled"),d.prop("disabled",!1),s.trigger.change())},tabbable:function(){s.verbose("Adding tabindex to checkbox"),d.attr("tabindex")===P&&d.attr("tabindex",0)}},remove:{initialLoad:function(){m=!1}},trigger:{change:function(){var e=R.createEvent("HTMLEvents"),t=d[0];t&&(s.verbose("Triggering native change event"),e.initEvent("change",!0,!1),t.dispatchEvent(e))}},create:{label:function(){0<d.prevAll(o.label).length?(d.prev(o.label).detach().insertAfter(d),s.debug("Moving existing label",u)):s.has.label()||(u=T("<label>").insertAfter(d),s.debug("Creating label",u))}},has:{label:function(){return 0<u.length}},bind:{events:function(){s.verbose("Attaching checkbox events"),c.on("click"+a,s.event.click).on("keydown"+a,o.input,s.event.keydown).on("keyup"+a,o.input,s.event.keyup)}},unbind:{events:function(){s.debug("Removing events"),c.off(a)}},uncheckOthers:function(){var e=s.get.otherRadios();s.debug("Unchecking other radios",e),e.removeClass(t.checked)},toggle:function(){s.can.change()?s.is.indeterminate()||s.is.unchecked()?(s.debug("Currently unchecked"),s.check()):s.is.checked()&&s.can.uncheck()&&(s.debug("Currently checked"),s.uncheck()):s.is.radio()||s.debug("Checkbox is read-only or disabled, ignoring toggle")},setting:function(e,t){if(s.debug("Changing setting",e,t),T.isPlainObject(e))T.extend(!0,i,e);else{if(t===P)return i[e];T.isPlainObject(i[e])?T.extend(!0,i[e],t):i[e]=t}},internal:function(e,t){if(T.isPlainObject(e))T.extend(!0,s,e);else{if(t===P)return s[e];s[e]=t}},debug:function(){!i.silent&&i.debug&&(i.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,i.name+":"),s.debug.apply(console,arguments)))},verbose:function(){!i.silent&&i.verbose&&i.debug&&(i.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,i.name+":"),s.verbose.apply(console,arguments)))},error:function(){i.silent||(s.error=Function.prototype.bind.call(console.error,console,i.name+":"),s.error.apply(console,arguments))},performance:{log:function(e){var t,n;i.performance&&(n=(t=(new Date).getTime())-(x||t),x=t,C.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:h,"Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=i.name+":",n=0;x=!1,clearTimeout(s.performance.timer),T.each(C,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",y&&(e+=" '"+y+"'"),(console.group!==P||console.table!==P)&&0<C.length&&(console.groupCollapsed(e),console.table?console.table(C):T.each(C,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),C=[]}},invoke:function(i,e,t){var o,a,n,r=p;return e=e||k,t=h||t,"string"==typeof i&&r!==P&&(i=i.split(/[\. ]/),o=i.length-1,T.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(T.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==P)return a=r[n],!1;if(!T.isPlainObject(r[t])||e==o)return r[t]!==P?a=r[t]:s.error(l.method,i),!1;r=r[t]}})),T.isFunction(a)?n=a.apply(t,e):a!==P&&(n=a),T.isArray(b)?b.push(n):b!==P?b=[b,n]:n!==P&&(b=n),a}},S?(p===P&&s.initialize(),s.invoke(w)):(p!==P&&p.invoke("destroy"),s.initialize())}),b!==P?b:this},T.fn.checkbox.settings={name:"Checkbox",namespace:"checkbox",silent:!1,debug:!1,verbose:!0,performance:!0,uncheckable:"auto",fireOnInit:!1,onChange:function(){},beforeChecked:function(){},beforeUnchecked:function(){},beforeDeterminate:function(){},beforeIndeterminate:function(){},onChecked:function(){},onUnchecked:function(){},onDeterminate:function(){},onIndeterminate:function(){},onEnable:function(){},onDisable:function(){},onEnabled:function(){},onDisabled:function(){},className:{checked:"checked",indeterminate:"indeterminate",disabled:"disabled",hidden:"hidden",radio:"radio",readOnly:"read-only"},error:{method:"The method you called is not defined"},selector:{checkbox:".ui.checkbox",label:"label, .box",input:'input[type="checkbox"], input[type="radio"]',link:"a[href]"}}}(jQuery,window,document),function(S,e,k,T){"use strict";e=void 0!==e&&e.Math==Math?e:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),S.fn.dimmer=function(p){var h,v=S(this),b=(new Date).getTime(),y=[],x=p,C="string"==typeof x,w=[].slice.call(arguments,1);return v.each(function(){var a,t,s,r=S.isPlainObject(p)?S.extend(!0,{},S.fn.dimmer.settings,p):S.extend({},S.fn.dimmer.settings),n=r.selector,e=r.namespace,i=r.className,l=r.error,o="."+e,c="module-"+e,u=v.selector||"",d="ontouchstart"in k.documentElement?"touchstart":"click",f=S(this),m=this,g=f.data(c);(s={preinitialize:function(){a=s.is.dimmer()?(t=f.parent(),f):(t=f,s.has.dimmer()?r.dimmerName?t.find(n.dimmer).filter("."+r.dimmerName):t.find(n.dimmer):s.create())},initialize:function(){s.debug("Initializing dimmer",r),s.bind.events(),s.set.dimmable(),s.instantiate()},instantiate:function(){s.verbose("Storing instance of module",s),g=s,f.data(c,g)},destroy:function(){s.verbose("Destroying previous module",a),s.unbind.events(),s.remove.variation(),t.off(o)},bind:{events:function(){"hover"==r.on?t.on("mouseenter"+o,s.show).on("mouseleave"+o,s.hide):"click"==r.on&&t.on(d+o,s.toggle),s.is.page()&&(s.debug("Setting as a page dimmer",t),s.set.pageDimmer()),s.is.closable()&&(s.verbose("Adding dimmer close event",a),t.on(d+o,n.dimmer,s.event.click))}},unbind:{events:function(){f.removeData(c),t.off(o)}},event:{click:function(e){s.verbose("Determining if event occured on dimmer",e),(0===a.find(e.target).length||S(e.target).is(n.content))&&(s.hide(),e.stopImmediatePropagation())}},addContent:function(e){var t=S(e);s.debug("Add content to dimmer",t),t.parent()[0]!==a[0]&&t.detach().appendTo(a)},create:function(){var e=S(r.template.dimmer());return r.dimmerName&&(s.debug("Creating named dimmer",r.dimmerName),e.addClass(r.dimmerName)),e.appendTo(t),e},show:function(e){e=S.isFunction(e)?e:function(){},s.debug("Showing dimmer",a,r),s.set.variation(),s.is.dimmed()&&!s.is.animating()||!s.is.enabled()?s.debug("Dimmer is already shown or disabled"):(s.animate.show(e),r.onShow.call(m),r.onChange.call(m))},hide:function(e){e=S.isFunction(e)?e:function(){},s.is.dimmed()||s.is.animating()?(s.debug("Hiding dimmer",a),s.animate.hide(e),r.onHide.call(m),r.onChange.call(m)):s.debug("Dimmer is not visible")},toggle:function(){s.verbose("Toggling dimmer visibility",a),s.is.dimmed()?s.hide():s.show()},animate:{show:function(e){e=S.isFunction(e)?e:function(){},r.useCSS&&S.fn.transition!==T&&a.transition("is supported")?(r.useFlex?(s.debug("Using flex dimmer"),s.remove.legacy()):(s.debug("Using legacy non-flex dimmer"),s.set.legacy()),"auto"!==r.opacity&&s.set.opacity(),a.transition({displayType:r.useFlex?"flex":"block",animation:r.transition+" in",queue:!1,duration:s.get.duration(),useFailSafe:!0,onStart:function(){s.set.dimmed()},onComplete:function(){s.set.active(),e()}})):(s.verbose("Showing dimmer animation with javascript"),s.set.dimmed(),"auto"==r.opacity&&(r.opacity=.8),a.stop().css({opacity:0,width:"100%",height:"100%"}).fadeTo(s.get.duration(),r.opacity,function(){a.removeAttr("style"),s.set.active(),e()}))},hide:function(e){e=S.isFunction(e)?e:function(){},r.useCSS&&S.fn.transition!==T&&a.transition("is supported")?(s.verbose("Hiding dimmer with css"),a.transition({displayType:r.useFlex?"flex":"block",animation:r.transition+" out",queue:!1,duration:s.get.duration(),useFailSafe:!0,onStart:function(){s.remove.dimmed()},onComplete:function(){s.remove.variation(),s.remove.active(),e()}})):(s.verbose("Hiding dimmer with javascript"),s.remove.dimmed(),a.stop().fadeOut(s.get.duration(),function(){s.remove.active(),a.removeAttr("style"),e()}))}},get:{dimmer:function(){return a},duration:function(){return"object"==typeof r.duration?s.is.active()?r.duration.hide:r.duration.show:r.duration}},has:{dimmer:function(){return r.dimmerName?0<f.find(n.dimmer).filter("."+r.dimmerName).length:0<f.find(n.dimmer).length}},is:{active:function(){return a.hasClass(i.active)},animating:function(){return a.is(":animated")||a.hasClass(i.animating)},closable:function(){return"auto"==r.closable?"hover"!=r.on:r.closable},dimmer:function(){return f.hasClass(i.dimmer)},dimmable:function(){return f.hasClass(i.dimmable)},dimmed:function(){return t.hasClass(i.dimmed)},disabled:function(){return t.hasClass(i.disabled)},enabled:function(){return!s.is.disabled()},page:function(){return t.is("body")},pageDimmer:function(){return a.hasClass(i.pageDimmer)}},can:{show:function(){return!a.hasClass(i.disabled)}},set:{opacity:function(e){var t=a.css("background-color"),n=t.split(","),i=n&&3==n.length,o=n&&4==n.length;e=0===r.opacity?0:r.opacity||e,t=i||o?(n[3]=e+")",n.join(",")):"rgba(0, 0, 0, "+e+")",s.debug("Setting opacity to",e),a.css("background-color",t)},legacy:function(){a.addClass(i.legacy)},active:function(){a.addClass(i.active)},dimmable:function(){t.addClass(i.dimmable)},dimmed:function(){t.addClass(i.dimmed)},pageDimmer:function(){a.addClass(i.pageDimmer)},disabled:function(){a.addClass(i.disabled)},variation:function(e){(e=e||r.variation)&&a.addClass(e)}},remove:{active:function(){a.removeClass(i.active)},legacy:function(){a.removeClass(i.legacy)},dimmed:function(){t.removeClass(i.dimmed)},disabled:function(){a.removeClass(i.disabled)},variation:function(e){(e=e||r.variation)&&a.removeClass(e)}},setting:function(e,t){if(s.debug("Changing setting",e,t),S.isPlainObject(e))S.extend(!0,r,e);else{if(t===T)return r[e];S.isPlainObject(r[e])?S.extend(!0,r[e],t):r[e]=t}},internal:function(e,t){if(S.isPlainObject(e))S.extend(!0,s,e);else{if(t===T)return s[e];s[e]=t}},debug:function(){!r.silent&&r.debug&&(r.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,r.name+":"),s.debug.apply(console,arguments)))},verbose:function(){!r.silent&&r.verbose&&r.debug&&(r.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,r.name+":"),s.verbose.apply(console,arguments)))},error:function(){r.silent||(s.error=Function.prototype.bind.call(console.error,console,r.name+":"),s.error.apply(console,arguments))},performance:{log:function(e){var t,n;r.performance&&(n=(t=(new Date).getTime())-(b||t),b=t,y.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:m,"Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=r.name+":",n=0;b=!1,clearTimeout(s.performance.timer),S.each(y,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",u&&(e+=" '"+u+"'"),1<v.length&&(e+=" ("+v.length+")"),(console.group!==T||console.table!==T)&&0<y.length&&(console.groupCollapsed(e),console.table?console.table(y):S.each(y,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),y=[]}},invoke:function(i,e,t){var o,a,n,r=g;return e=e||w,t=m||t,"string"==typeof i&&r!==T&&(i=i.split(/[\. ]/),o=i.length-1,S.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(S.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==T)return a=r[n],!1;if(!S.isPlainObject(r[t])||e==o)return r[t]!==T?a=r[t]:s.error(l.method,i),!1;r=r[t]}})),S.isFunction(a)?n=a.apply(t,e):a!==T&&(n=a),S.isArray(h)?h.push(n):h!==T?h=[h,n]:n!==T&&(h=n),a}}).preinitialize(),C?(g===T&&s.initialize(),s.invoke(x)):(g!==T&&g.invoke("destroy"),s.initialize())}),h!==T?h:this},S.fn.dimmer.settings={name:"Dimmer",namespace:"dimmer",silent:!1,debug:!1,verbose:!1,performance:!0,useFlex:!0,dimmerName:!1,variation:!1,closable:"auto",useCSS:!0,transition:"fade",on:!1,opacity:"auto",duration:{show:500,hide:500},onChange:function(){},onShow:function(){},onHide:function(){},error:{method:"The method you called is not defined."},className:{active:"active",animating:"animating",dimmable:"dimmable",dimmed:"dimmed",dimmer:"dimmer",disabled:"disabled",hide:"hide",legacy:"legacy",pageDimmer:"page",show:"show"},selector:{dimmer:"> .ui.dimmer",content:".ui.dimmer > .content, .ui.dimmer > .content > .center"},template:{dimmer:function(){return S("<div />").attr("class","ui dimmer")}}}}(jQuery,window,document),function(Y,Z,K,J){"use strict";Z=void 0!==Z&&Z.Math==Math?Z:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),Y.fn.dropdown=function(M){var L,V=Y(this),N=Y(K),H=V.selector||"",U="ontouchstart"in K.documentElement,W=(new Date).getTime(),B=[],Q=M,X="string"==typeof Q,$=[].slice.call(arguments,1);return V.each(function(n){var e,t,i,o,a,r,s,g,p=Y.isPlainObject(M)?Y.extend(!0,{},Y.fn.dropdown.settings,M):Y.extend({},Y.fn.dropdown.settings),h=p.className,c=p.message,l=p.fields,v=p.keys,b=p.metadata,u=p.namespace,d=p.regExp,y=p.selector,f=p.error,m=p.templates,x="."+u,C="module-"+u,w=Y(this),S=Y(p.context),k=w.find(y.text),T=w.find(y.search),A=w.find(y.sizer),R=w.find(y.input),P=w.find(y.icon),E=0<w.prev().find(y.text).length?w.prev().find(y.text):w.prev(),F=w.children(y.menu),O=F.find(y.item),D=!1,q=!1,j=!1,z=this,I=w.data(C);g={initialize:function(){g.debug("Initializing dropdown",p),g.is.alreadySetup()?g.setup.reference():(g.setup.layout(),p.values&&g.change.values(p.values),g.refreshData(),g.save.defaults(),g.restore.selected(),g.create.id(),g.bind.events(),g.observeChanges(),g.instantiate())},instantiate:function(){g.verbose("Storing instance of dropdown",g),I=g,w.data(C,g)},destroy:function(){g.verbose("Destroying previous dropdown",w),g.remove.tabbable(),w.off(x).removeData(C),F.off(x),N.off(o),g.disconnect.menuObserver(),g.disconnect.selectObserver()},observeChanges:function(){"MutationObserver"in Z&&(r=new MutationObserver(g.event.select.mutation),s=new MutationObserver(g.event.menu.mutation),g.debug("Setting up mutation observer",r,s),g.observe.select(),g.observe.menu())},disconnect:{menuObserver:function(){s&&s.disconnect()},selectObserver:function(){r&&r.disconnect()}},observe:{select:function(){g.has.input()&&r.observe(w[0],{childList:!0,subtree:!0})},menu:function(){g.has.menu()&&s.observe(F[0],{childList:!0,subtree:!0})}},create:{id:function(){a=(Math.random().toString(16)+"000000000").substr(2,8),o="."+a,g.verbose("Creating unique id for element",a)},userChoice:function(e){var n,i,o;return!!(e=e||g.get.userValues())&&(e=Y.isArray(e)?e:[e],Y.each(e,function(e,t){!1===g.get.item(t)&&(o=p.templates.addition(g.add.variables(c.addResult,t)),i=Y("<div />").html(o).attr("data-"+b.value,t).attr("data-"+b.text,t).addClass(h.addition).addClass(h.item),p.hideAdditions&&i.addClass(h.hidden),n=n===J?i:n.add(i),g.verbose("Creating user choices for value",t,i))}),n)},userLabels:function(e){var t=g.get.userValues();t&&(g.debug("Adding user labels",t),Y.each(t,function(e,t){g.verbose("Adding custom user value"),g.add.label(t,t)}))},menu:function(){F=Y("<div />").addClass(h.menu).appendTo(w)},sizer:function(){A=Y("<span />").addClass(h.sizer).insertAfter(T)}},search:function(e){e=e!==J?e:g.get.query(),g.verbose("Searching for query",e),g.has.minCharacters(e)?g.filter(e):g.hide()},select:{firstUnfiltered:function(){g.verbose("Selecting first non-filtered element"),g.remove.selectedItem(),O.not(y.unselectable).not(y.addition+y.hidden).eq(0).addClass(h.selected)},nextAvailable:function(e){var t=(e=e.eq(0)).nextAll(y.item).not(y.unselectable).eq(0),n=e.prevAll(y.item).not(y.unselectable).eq(0);0<t.length?(g.verbose("Moving selection to",t),t.addClass(h.selected)):(g.verbose("Moving selection to",n),n.addClass(h.selected))}},setup:{api:function(){var e={debug:p.debug,urlData:{value:g.get.value(),query:g.get.query()},on:!1};g.verbose("First request, initializing API"),w.api(e)},layout:function(){w.is("select")&&(g.setup.select(),g.setup.returnedObject()),g.has.menu()||g.create.menu(),g.is.search()&&!g.has.search()&&(g.verbose("Adding search input"),T=Y("<input />").addClass(h.search).prop("autocomplete","off").insertBefore(k)),g.is.multiple()&&g.is.searchSelection()&&!g.has.sizer()&&g.create.sizer(),p.allowTab&&g.set.tabbable()},select:function(){var e=g.get.selectValues();g.debug("Dropdown initialized on a select",e),w.is("select")&&(R=w),0<R.parent(y.dropdown).length?(g.debug("UI dropdown already exists. Creating dropdown menu only"),w=R.closest(y.dropdown),g.has.menu()||g.create.menu(),F=w.children(y.menu),g.setup.menu(e)):(g.debug("Creating entire dropdown from select"),w=Y("<div />").attr("class",R.attr("class")).addClass(h.selection).addClass(h.dropdown).html(m.dropdown(e)).insertBefore(R),R.hasClass(h.multiple)&&!1===R.prop("multiple")&&(g.error(f.missingMultiple),R.prop("multiple",!0)),R.is("[multiple]")&&g.set.multiple(),R.prop("disabled")&&(g.debug("Disabling dropdown"),w.addClass(h.disabled)),R.removeAttr("class").detach().prependTo(w)),g.refresh()},menu:function(e){F.html(m.menu(e,l)),O=F.find(y.item)},reference:function(){g.debug("Dropdown behavior was called on select, replacing with closest dropdown"),w=w.parent(y.dropdown),I=w.data(C),z=w.get(0),g.refresh(),g.setup.returnedObject()},returnedObject:function(){var e=V.slice(0,n),t=V.slice(n+1);V=e.add(w).add(t)}},refresh:function(){g.refreshSelectors(),g.refreshData()},refreshItems:function(){O=F.find(y.item)},refreshSelectors:function(){g.verbose("Refreshing selector cache"),k=w.find(y.text),T=w.find(y.search),R=w.find(y.input),P=w.find(y.icon),E=0<w.prev().find(y.text).length?w.prev().find(y.text):w.prev(),F=w.children(y.menu),O=F.find(y.item)},refreshData:function(){g.verbose("Refreshing cached metadata"),O.removeData(b.text).removeData(b.value)},clearData:function(){g.verbose("Clearing metadata"),O.removeData(b.text).removeData(b.value),w.removeData(b.defaultText).removeData(b.defaultValue).removeData(b.placeholderText)},toggle:function(){g.verbose("Toggling menu visibility"),g.is.active()?g.hide():g.show()},show:function(e){if(e=Y.isFunction(e)?e:function(){},!g.can.show()&&g.is.remote()&&(g.debug("No API results retrieved, searching before show"),g.queryRemote(g.get.query(),g.show)),g.can.show()&&!g.is.active()){if(g.debug("Showing dropdown"),!g.has.message()||g.has.maxSelections()||g.has.allResultsFiltered()||g.remove.message(),g.is.allFiltered())return!0;!1!==p.onShow.call(z)&&g.animate.show(function(){g.can.click()&&g.bind.intent(),g.has.menuSearch()&&g.focusSearch(),g.set.visible(),e.call(z)})}},hide:function(e){e=Y.isFunction(e)?e:function(){},g.is.active()&&!g.is.animatingOutward()&&(g.debug("Hiding dropdown"),!1!==p.onHide.call(z)&&g.animate.hide(function(){g.remove.visible(),e.call(z)}))},hideOthers:function(){g.verbose("Finding other dropdowns to hide"),V.not(w).has(y.menu+"."+h.visible).dropdown("hide")},hideMenu:function(){g.verbose("Hiding menu  instantaneously"),g.remove.active(),g.remove.visible(),F.transition("hide")},hideSubMenus:function(){var e=F.children(y.item).find(y.menu);g.verbose("Hiding sub menus",e),e.transition("hide")},bind:{events:function(){U&&g.bind.touchEvents(),g.bind.keyboardEvents(),g.bind.inputEvents(),g.bind.mouseEvents()},touchEvents:function(){g.debug("Touch device detected binding additional touch events"),g.is.searchSelection()||g.is.single()&&w.on("touchstart"+x,g.event.test.toggle),F.on("touchstart"+x,y.item,g.event.item.mouseenter)},keyboardEvents:function(){g.verbose("Binding keyboard events"),w.on("keydown"+x,g.event.keydown),g.has.search()&&w.on(g.get.inputEvent()+x,y.search,g.event.input),g.is.multiple()&&N.on("keydown"+o,g.event.document.keydown)},inputEvents:function(){g.verbose("Binding input change events"),w.on("change"+x,y.input,g.event.change)},mouseEvents:function(){g.verbose("Binding mouse events"),g.is.multiple()&&w.on("click"+x,y.label,g.event.label.click).on("click"+x,y.remove,g.event.remove.click),g.is.searchSelection()?(w.on("mousedown"+x,g.event.mousedown).on("mouseup"+x,g.event.mouseup).on("mousedown"+x,y.menu,g.event.menu.mousedown).on("mouseup"+x,y.menu,g.event.menu.mouseup).on("click"+x,y.icon,g.event.icon.click).on("focus"+x,y.search,g.event.search.focus).on("click"+x,y.search,g.event.search.focus).on("blur"+x,y.search,g.event.search.blur).on("click"+x,y.text,g.event.text.focus),g.is.multiple()&&w.on("click"+x,g.event.click)):("click"==p.on?w.on("click"+x,g.event.test.toggle):"hover"==p.on?w.on("mouseenter"+x,g.delay.show).on("mouseleave"+x,g.delay.hide):w.on(p.on+x,g.toggle),w.on("click"+x,y.icon,g.event.icon.click).on("mousedown"+x,g.event.mousedown).on("mouseup"+x,g.event.mouseup).on("focus"+x,g.event.focus),g.has.menuSearch()?w.on("blur"+x,y.search,g.event.search.blur):w.on("blur"+x,g.event.blur)),F.on("mouseenter"+x,y.item,g.event.item.mouseenter).on("mouseleave"+x,y.item,g.event.item.mouseleave).on("click"+x,y.item,g.event.item.click)},intent:function(){g.verbose("Binding hide intent event to document"),U&&N.on("touchstart"+o,g.event.test.touch).on("touchmove"+o,g.event.test.touch),N.on("click"+o,g.event.test.hide)}},unbind:{intent:function(){g.verbose("Removing hide intent event from document"),U&&N.off("touchstart"+o).off("touchmove"+o),N.off("click"+o)}},filter:function(e){var t=e!==J?e:g.get.query(),n=function(){g.is.multiple()&&g.filterActive(),(e||!e&&0==g.get.activeItem().length)&&g.select.firstUnfiltered(),g.has.allResultsFiltered()?p.onNoResults.call(z,t)?p.allowAdditions?p.hideAdditions&&(g.verbose("User addition with no menu, setting empty style"),g.set.empty(),g.hideMenu()):(g.verbose("All items filtered, showing message",t),g.add.message(c.noResults)):(g.verbose("All items filtered, hiding dropdown",t),g.hideMenu()):(g.remove.empty(),g.remove.message()),p.allowAdditions&&g.add.userSuggestion(e),g.is.searchSelection()&&g.can.show()&&g.is.focusedOnSearch()&&g.show()};p.useLabels&&g.has.maxSelections()||(p.apiSettings?g.can.useAPI()?g.queryRemote(t,function(){p.filterRemoteData&&g.filterItems(t),n()}):g.error(f.noAPI):(g.filterItems(t),n()))},queryRemote:function(e,n){var t={errorDuration:!1,cache:"local",throttle:p.throttle,urlData:{query:e},onError:function(){g.add.message(c.serverError),n()},onFailure:function(){g.add.message(c.serverError),n()},onSuccess:function(e){var t=e[l.remoteValues];Y.isArray(t)&&0<t.length?(g.remove.message(),g.setup.menu({values:e[l.remoteValues]})):g.add.message(c.noResults),n()}};w.api("get request")||g.setup.api(),t=Y.extend(!0,{},t,p.apiSettings),w.api("setting",t).api("query")},filterItems:function(e){var i=e!==J?e:g.get.query(),o=null,t=g.escape.string(i),a=new RegExp("^"+t,"igm");g.has.query()&&(o=[],g.verbose("Searching for matching values",i),O.each(function(){var e,t,n=Y(this);if("both"==p.match||"text"==p.match){if(-1!==(e=String(g.get.choiceText(n,!1))).search(a))return o.push(this),!0;if("exact"===p.fullTextSearch&&g.exactSearch(i,e))return o.push(this),!0;if(!0===p.fullTextSearch&&g.fuzzySearch(i,e))return o.push(this),!0}if("both"==p.match||"value"==p.match){if(-1!==(t=String(g.get.choiceValue(n,e))).search(a))return o.push(this),!0;if("exact"===p.fullTextSearch&&g.exactSearch(i,t))return o.push(this),!0;if(!0===p.fullTextSearch&&g.fuzzySearch(i,t))return o.push(this),!0}})),g.debug("Showing only matched items",i),g.remove.filteredItem(),o&&O.not(o).addClass(h.filtered)},fuzzySearch:function(e,t){var n=t.length,i=e.length;if(e=e.toLowerCase(),t=t.toLowerCase(),n<i)return!1;if(i===n)return e===t;e:for(var o=0,a=0;o<i;o++){for(var r=e.charCodeAt(o);a<n;)if(t.charCodeAt(a++)===r)continue e;return!1}return!0},exactSearch:function(e,t){return e=e.toLowerCase(),-1<(t=t.toLowerCase()).indexOf(e)},filterActive:function(){p.useLabels&&O.filter("."+h.active).addClass(h.filtered)},focusSearch:function(e){g.has.search()&&!g.is.focusedOnSearch()&&(e?(w.off("focus"+x,y.search),T.focus(),w.on("focus"+x,y.search,g.event.search.focus)):T.focus())},forceSelection:function(){var e=O.not(h.filtered).filter("."+h.selected).eq(0),t=O.not(h.filtered).filter("."+h.active).eq(0),n=0<e.length?e:t;if(0<n.length&&!g.is.multiple())return g.debug("Forcing partial selection to selected item",n),void g.event.item.click.call(n,{},!0);p.allowAdditions&&g.set.selected(g.get.query()),g.remove.searchTerm()},change:{values:function(e){p.allowAdditions||g.clear(),g.debug("Creating dropdown with specified values",e),g.setup.menu({values:e}),Y.each(e,function(e,t){if(1==t.selected)return g.debug("Setting initial selection to",t.value),g.set.selected(t.value),!0})}},event:{change:function(){j||(g.debug("Input changed, updating selection"),g.set.selected())},focus:function(){p.showOnFocus&&!D&&g.is.hidden()&&!t&&g.show()},blur:function(e){t=K.activeElement===this,D||t||(g.remove.activeLabel(),g.hide())},mousedown:function(){g.is.searchSelection()?i=!0:D=!0},mouseup:function(){g.is.searchSelection()?i=!1:D=!1},click:function(e){Y(e.target).is(w)&&(g.is.focusedOnSearch()?g.show():g.focusSearch())},search:{focus:function(){D=!0,g.is.multiple()&&g.remove.activeLabel(),p.showOnFocus&&g.search()},blur:function(e){t=K.activeElement===this,g.is.searchSelection()&&!i&&(q||t||(p.forceSelection&&g.forceSelection(),g.hide())),i=!1}},icon:{click:function(e){P.hasClass(h.clear)?g.clear():g.can.click()&&g.toggle()}},text:{focus:function(e){D=!0,g.focusSearch()}},input:function(e){(g.is.multiple()||g.is.searchSelection())&&g.set.filtered(),clearTimeout(g.timer),g.timer=setTimeout(g.search,p.delay.search)},label:{click:function(e){var t=Y(this),n=w.find(y.label),i=n.filter("."+h.active),o=t.nextAll("."+h.active),a=t.prevAll("."+h.active),r=0<o.length?t.nextUntil(o).add(i).add(t):t.prevUntil(a).add(i).add(t);e.shiftKey?(i.removeClass(h.active),r.addClass(h.active)):e.ctrlKey?t.toggleClass(h.active):(i.removeClass(h.active),t.addClass(h.active)),p.onLabelSelect.apply(this,n.filter("."+h.active))}},remove:{click:function(){var e=Y(this).parent();e.hasClass(h.active)?g.remove.activeLabels():g.remove.activeLabels(e)}},test:{toggle:function(e){var t=g.is.multiple()?g.show:g.toggle;g.is.bubbledLabelClick(e)||g.is.bubbledIconClick(e)||g.determine.eventOnElement(e,t)&&e.preventDefault()},touch:function(e){g.determine.eventOnElement(e,function(){"touchstart"==e.type?g.timer=setTimeout(function(){g.hide()},p.delay.touch):"touchmove"==e.type&&clearTimeout(g.timer)}),e.stopPropagation()},hide:function(e){g.determine.eventInModule(e,g.hide)}},select:{mutation:function(e){g.debug("<select> modified, recreating menu");var n=!1;Y.each(e,function(e,t){if(Y(t.target).is("select")||Y(t.addedNodes).is("select"))return n=!0}),n&&(g.disconnect.selectObserver(),g.refresh(),g.setup.select(),g.set.selected(),g.observe.select())}},menu:{mutation:function(e){var t=e[0],n=t.addedNodes?Y(t.addedNodes[0]):Y(!1),i=t.removedNodes?Y(t.removedNodes[0]):Y(!1),o=n.add(i),a=o.is(y.addition)||0<o.closest(y.addition).length,r=o.is(y.message)||0<o.closest(y.message).length;a||r?(g.debug("Updating item selector cache"),g.refreshItems()):(g.debug("Menu modified, updating selector cache"),g.refresh())},mousedown:function(){q=!0},mouseup:function(){q=!1}},item:{mouseenter:function(e){var t=Y(e.target),n=Y(this),i=n.children(y.menu),o=n.siblings(y.item).children(y.menu),a=0<i.length;!(0<i.find(t).length)&&a&&(clearTimeout(g.itemTimer),g.itemTimer=setTimeout(function(){g.verbose("Showing sub-menu",i),Y.each(o,function(){g.animate.hide(!1,Y(this))}),g.animate.show(!1,i)},p.delay.show),e.preventDefault())},mouseleave:function(e){var t=Y(this).children(y.menu);0<t.length&&(clearTimeout(g.itemTimer),g.itemTimer=setTimeout(function(){g.verbose("Hiding sub-menu",t),g.animate.hide(!1,t)},p.delay.hide))},click:function(e,t){var n=Y(this),i=Y(e?e.target:""),o=n.find(y.menu),a=g.get.choiceText(n),r=g.get.choiceValue(n,a),s=0<o.length,l=0<o.find(i).length;g.has.menuSearch()&&Y(K.activeElement).blur(),l||s&&!p.allowCategorySelection||(g.is.searchSelection()&&(p.allowAdditions&&g.remove.userAddition(),g.remove.searchTerm(),g.is.focusedOnSearch()||1==t||g.focusSearch(!0)),p.useLabels||(g.remove.filteredItem(),g.set.scrollPosition(n)),g.determine.selectAction.call(this,a,r))}},document:{keydown:function(e){var t=e.which;if(g.is.inObject(t,v)){var n=w.find(y.label),i=n.filter("."+h.active),o=(i.data(b.value),n.index(i)),a=n.length,r=0<i.length,s=1<i.length,l=0===o,c=o+1==a,u=g.is.searchSelection(),d=g.is.focusedOnSearch(),f=g.is.focused(),m=d&&0===g.get.caretPosition();if(u&&!r&&!d)return;t==v.leftArrow?!f&&!m||r?r&&(e.shiftKey?g.verbose("Adding previous label to selection"):(g.verbose("Selecting previous label"),n.removeClass(h.active)),l&&!s?i.addClass(h.active):i.prev(y.siblingLabel).addClass(h.active).end(),e.preventDefault()):(g.verbose("Selecting previous label"),n.last().addClass(h.active)):t==v.rightArrow?(f&&!r&&n.first().addClass(h.active),r&&(e.shiftKey?g.verbose("Adding next label to selection"):(g.verbose("Selecting next label"),n.removeClass(h.active)),c?u?d?n.removeClass(h.active):g.focusSearch():s?i.next(y.siblingLabel).addClass(h.active):i.addClass(h.active):i.next(y.siblingLabel).addClass(h.active),e.preventDefault())):t==v.deleteKey||t==v.backspace?r?(g.verbose("Removing active labels"),c&&u&&!d&&g.focusSearch(),i.last().next(y.siblingLabel).addClass(h.active),g.remove.activeLabels(i),e.preventDefault()):m&&!r&&t==v.backspace&&(g.verbose("Removing last label on input backspace"),i=n.last().addClass(h.active),g.remove.activeLabels(i)):i.removeClass(h.active)}}},keydown:function(e){var t=e.which;if(g.is.inObject(t,v)){var n,i=O.not(y.unselectable).filter("."+h.selected).eq(0),o=F.children("."+h.active).eq(0),a=0<i.length?i:o,r=0<a.length?a.siblings(":not(."+h.filtered+")").addBack():F.children(":not(."+h.filtered+")"),s=a.children(y.menu),l=a.closest(y.menu),c=l.hasClass(h.visible)||l.hasClass(h.animating)||0<l.parent(y.menu).length,u=0<s.length,d=0<a.length,f=0<a.not(y.unselectable).length,m=t==v.delimiter&&p.allowAdditions&&g.is.multiple();if(p.allowAdditions&&p.hideAdditions&&(t==v.enter||m)&&f&&(g.verbose("Selecting item from keyboard shortcut",a),g.event.item.click.call(a,e),g.is.searchSelection()&&g.remove.searchTerm()),g.is.visible()){if((t==v.enter||m)&&(t==v.enter&&d&&u&&!p.allowCategorySelection?(g.verbose("Pressed enter on unselectable category, opening sub menu"),t=v.rightArrow):f&&(g.verbose("Selecting item from keyboard shortcut",a),g.event.item.click.call(a,e),g.is.searchSelection()&&g.remove.searchTerm()),e.preventDefault()),d&&(t==v.leftArrow&&l[0]!==F[0]&&(g.verbose("Left key pressed, closing sub-menu"),g.animate.hide(!1,l),a.removeClass(h.selected),l.closest(y.item).addClass(h.selected),e.preventDefault()),t==v.rightArrow&&u&&(g.verbose("Right key pressed, opening sub-menu"),g.animate.show(!1,s),a.removeClass(h.selected),s.find(y.item).eq(0).addClass(h.selected),e.preventDefault())),t==v.upArrow){if(n=d&&c?a.prevAll(y.item+":not("+y.unselectable+")").eq(0):O.eq(0),r.index(n)<0)return g.verbose("Up key pressed but reached top of current menu"),void e.preventDefault();g.verbose("Up key pressed, changing active item"),a.removeClass(h.selected),n.addClass(h.selected),g.set.scrollPosition(n),p.selectOnKeydown&&g.is.single()&&g.set.selectedItem(n),e.preventDefault()}if(t==v.downArrow){if(0===(n=d&&c?n=a.nextAll(y.item+":not("+y.unselectable+")").eq(0):O.eq(0)).length)return g.verbose("Down key pressed but reached bottom of current menu"),void e.preventDefault();g.verbose("Down key pressed, changing active item"),O.removeClass(h.selected),n.addClass(h.selected),g.set.scrollPosition(n),p.selectOnKeydown&&g.is.single()&&g.set.selectedItem(n),e.preventDefault()}t==v.pageUp&&(g.scrollPage("up"),e.preventDefault()),t==v.pageDown&&(g.scrollPage("down"),e.preventDefault()),t==v.escape&&(g.verbose("Escape key pressed, closing dropdown"),g.hide())}else m&&e.preventDefault(),t!=v.downArrow||g.is.visible()||(g.verbose("Down key pressed, showing dropdown"),g.show(),e.preventDefault())}else g.has.search()||g.set.selectedLetter(String.fromCharCode(t))}},trigger:{change:function(){var e=K.createEvent("HTMLEvents"),t=R[0];t&&(g.verbose("Triggering native change event"),e.initEvent("change",!0,!1),t.dispatchEvent(e))}},determine:{selectAction:function(e,t){g.verbose("Determining action",p.action),Y.isFunction(g.action[p.action])?(g.verbose("Triggering preset action",p.action,e,t),g.action[p.action].call(z,e,t,this)):Y.isFunction(p.action)?(g.verbose("Triggering user action",p.action,e,t),p.action.call(z,e,t,this)):g.error(f.action,p.action)},eventInModule:function(e,t){var n=Y(e.target),i=0<n.closest(K.documentElement).length,o=0<n.closest(w).length;return t=Y.isFunction(t)?t:function(){},i&&!o?(g.verbose("Triggering event",t),t(),!0):(g.verbose("Event occurred in dropdown, canceling callback"),!1)},eventOnElement:function(e,t){var n=Y(e.target),i=n.closest(y.siblingLabel),o=K.body.contains(e.target),a=0===w.find(i).length,r=0===n.closest(F).length;return t=Y.isFunction(t)?t:function(){},o&&a&&r?(g.verbose("Triggering event",t),t(),!0):(g.verbose("Event occurred in dropdown menu, canceling callback"),!1)}},action:{nothing:function(){},activate:function(e,t,n){if(t=t!==J?t:e,g.can.activate(Y(n))){if(g.set.selected(t,Y(n)),g.is.multiple()&&!g.is.allFiltered())return;g.hideAndClear()}},select:function(e,t,n){if(t=t!==J?t:e,g.can.activate(Y(n))){if(g.set.value(t,e,Y(n)),g.is.multiple()&&!g.is.allFiltered())return;g.hideAndClear()}},combo:function(e,t,n){t=t!==J?t:e,g.set.selected(t,Y(n)),g.hideAndClear()},hide:function(e,t,n){g.set.value(t,e,Y(n)),g.hideAndClear()}},get:{id:function(){return a},defaultText:function(){return w.data(b.defaultText)},defaultValue:function(){return w.data(b.defaultValue)},placeholderText:function(){return"auto"!=p.placeholder&&"string"==typeof p.placeholder?p.placeholder:w.data(b.placeholderText)||""},text:function(){return k.text()},query:function(){return Y.trim(T.val())},searchWidth:function(e){return e=e!==J?e:T.val(),A.text(e),Math.ceil(A.width()+1)},selectionCount:function(){var e=g.get.values();return g.is.multiple()?Y.isArray(e)?e.length:0:""!==g.get.value()?1:0},transition:function(e){return"auto"==p.transition?g.is.upward(e)?"slide up":"slide down":p.transition},userValues:function(){var e=g.get.values();return!!e&&(e=Y.isArray(e)?e:[e],Y.grep(e,function(e){return!1===g.get.item(e)}))},uniqueArray:function(n){return Y.grep(n,function(e,t){return Y.inArray(e,n)===t})},caretPosition:function(){var e,t,n=T.get(0);return"selectionStart"in n?n.selectionStart:K.selection?(n.focus(),t=(e=K.selection.createRange()).text.length,e.moveStart("character",-n.value.length),e.text.length-t):void 0},value:function(){var e=0<R.length?R.val():w.data(b.value),t=Y.isArray(e)&&1===e.length&&""===e[0];return e===J||t?"":e},values:function(){var e=g.get.value();return""===e?"":!g.has.selectInput()&&g.is.multiple()?"string"==typeof e?e.split(p.delimiter):"":e},remoteValues:function(){var e=g.get.values(),i=!1;return e&&("string"==typeof e&&(e=[e]),Y.each(e,function(e,t){var n=g.read.remoteData(t);g.verbose("Restoring value from session data",n,t),n&&(i||(i={}),i[t]=n)})),i},choiceText:function(e,t){if(t=t!==J?t:p.preserveHTML,e)return 0<e.find(y.menu).length&&(g.verbose("Retrieving text of element with sub-menu"),(e=e.clone()).find(y.menu).remove(),e.find(y.menuIcon).remove()),e.data(b.text)!==J?e.data(b.text):t?Y.trim(e.html()):Y.trim(e.text())},choiceValue:function(e,t){return t=t||g.get.choiceText(e),!!e&&(e.data(b.value)!==J?String(e.data(b.value)):"string"==typeof t?Y.trim(t.toLowerCase()):String(t))},inputEvent:function(){var e=T[0];return!!e&&(e.oninput!==J?"input":e.onpropertychange!==J?"propertychange":"keyup")},selectValues:function(){var o={values:[]};return w.find("option").each(function(){var e=Y(this),t=e.html(),n=e.attr("disabled"),i=e.attr("value")!==J?e.attr("value"):t;"auto"===p.placeholder&&""===i?o.placeholder=t:o.values.push({name:t,value:i,disabled:n})}),p.placeholder&&"auto"!==p.placeholder&&(g.debug("Setting placeholder value to",p.placeholder),o.placeholder=p.placeholder),p.sortSelect?(o.values.sort(function(e,t){return e.name>t.name?1:-1}),g.debug("Retrieved and sorted values from select",o)):g.debug("Retrieved values from select",o),o},activeItem:function(){return O.filter("."+h.active)},selectedItem:function(){var e=O.not(y.unselectable).filter("."+h.selected);return 0<e.length?e:O.eq(0)},itemWithAdditions:function(e){var t=g.get.item(e),n=g.create.userChoice(e);return n&&0<n.length&&(t=0<t.length?t.add(n):n),t},item:function(i,o){var e,a,r=!1;return i=i!==J?i:g.get.values()!==J?g.get.values():g.get.text(),e=a?0<i.length:i!==J&&null!==i,a=g.is.multiple()&&Y.isArray(i),o=""===i||0===i||(o||!1),e&&O.each(function(){var e=Y(this),t=g.get.choiceText(e),n=g.get.choiceValue(e,t);if(null!==n&&n!==J)if(a)-1===Y.inArray(String(n),i)&&-1===Y.inArray(t,i)||(r=r?r.add(e):e);else if(o){if(g.verbose("Ambiguous dropdown value using strict type check",e,i),n===i||t===i)return r=e,!0}else if(String(n)==String(i)||t==i)return g.verbose("Found select item by value",n,i),r=e,!0}),r}},check:{maxSelections:function(e){return!p.maxSelections||((e=e!==J?e:g.get.selectionCount())>=p.maxSelections?(g.debug("Maximum selection count reached"),p.useLabels&&(O.addClass(h.filtered),g.add.message(c.maxSelections)),!0):(g.verbose("No longer at maximum selection count"),g.remove.message(),g.remove.filteredItem(),g.is.searchSelection()&&g.filterItems(),!1))}},restore:{defaults:function(){g.clear(),g.restore.defaultText(),g.restore.defaultValue()},defaultText:function(){var e=g.get.defaultText();e===g.get.placeholderText?(g.debug("Restoring default placeholder text",e),g.set.placeholderText(e)):(g.debug("Restoring default text",e),g.set.text(e))},placeholderText:function(){g.set.placeholderText()},defaultValue:function(){var e=g.get.defaultValue();e!==J&&(g.debug("Restoring default value",e),""!==e?(g.set.value(e),g.set.selected()):(g.remove.activeItem(),g.remove.selectedItem()))},labels:function(){p.allowAdditions&&(p.useLabels||(g.error(f.labels),p.useLabels=!0),g.debug("Restoring selected values"),g.create.userLabels()),g.check.maxSelections()},selected:function(){g.restore.values(),g.is.multiple()?(g.debug("Restoring previously selected values and labels"),g.restore.labels()):g.debug("Restoring previously selected values")},values:function(){g.set.initialLoad(),p.apiSettings&&p.saveRemoteData&&g.get.remoteValues()?g.restore.remoteValues():g.set.selected(),g.remove.initialLoad()},remoteValues:function(){var e=g.get.remoteValues();g.debug("Recreating selected from session data",e),e&&(g.is.single()?Y.each(e,function(e,t){g.set.text(t)}):Y.each(e,function(e,t){g.add.label(e,t)}))}},read:{remoteData:function(e){var t;if(Z.Storage!==J)return(t=sessionStorage.getItem(e))!==J&&t;g.error(f.noStorage)}},save:{defaults:function(){g.save.defaultText(),g.save.placeholderText(),g.save.defaultValue()},defaultValue:function(){var e=g.get.value();g.verbose("Saving default value as",e),w.data(b.defaultValue,e)},defaultText:function(){var e=g.get.text();g.verbose("Saving default text as",e),w.data(b.defaultText,e)},placeholderText:function(){var e;!1!==p.placeholder&&k.hasClass(h.placeholder)&&(e=g.get.text(),g.verbose("Saving placeholder text as",e),w.data(b.placeholderText,e))},remoteData:function(e,t){Z.Storage!==J?(g.verbose("Saving remote data to session storage",t,e),sessionStorage.setItem(t,e)):g.error(f.noStorage)}},clear:function(){g.is.multiple()&&p.useLabels?g.remove.labels():(g.remove.activeItem(),g.remove.selectedItem()),g.set.placeholderText(),g.clearValue()},clearValue:function(){g.set.value("")},scrollPage:function(e,t){var n,i,o=t||g.get.selectedItem(),a=o.closest(y.menu),r=a.outerHeight(),s=a.scrollTop(),l=O.eq(0).outerHeight(),c=Math.floor(r/l),u=(a.prop("scrollHeight"),"up"==e?s-l*c:s+l*c),d=O.not(y.unselectable);i="up"==e?d.index(o)-c:d.index(o)+c,0<(n=("up"==e?0<=i:i<d.length)?d.eq(i):"up"==e?d.first():d.last()).length&&(g.debug("Scrolling page",e,n),o.removeClass(h.selected),n.addClass(h.selected),p.selectOnKeydown&&g.is.single()&&g.set.selectedItem(n),a.scrollTop(u))},set:{filtered:function(){var e=g.is.multiple(),t=g.is.searchSelection(),n=e&&t,i=t?g.get.query():"",o="string"==typeof i&&0<i.length,a=g.get.searchWidth(),r=""!==i;e&&o&&(g.verbose("Adjusting input width",a,p.glyphWidth),T.css("width",a)),o||n&&r?(g.verbose("Hiding placeholder text"),k.addClass(h.filtered)):(!e||n&&!r)&&(g.verbose("Showing placeholder text"),k.removeClass(h.filtered))},empty:function(){w.addClass(h.empty)},loading:function(){w.addClass(h.loading)},placeholderText:function(e){e=e||g.get.placeholderText(),g.debug("Setting placeholder text",e),g.set.text(e),k.addClass(h.placeholder)},tabbable:function(){g.is.searchSelection()?(g.debug("Added tabindex to searchable dropdown"),T.val("").attr("tabindex",0),F.attr("tabindex",-1)):(g.debug("Added tabindex to dropdown"),w.attr("tabindex")===J&&(w.attr("tabindex",0),F.attr("tabindex",-1)))},initialLoad:function(){g.verbose("Setting initial load"),e=!0},activeItem:function(e){p.allowAdditions&&0<e.filter(y.addition).length?e.addClass(h.filtered):e.addClass(h.active)},partialSearch:function(e){var t=g.get.query().length;T.val(e.substr(0,t))},scrollPosition:function(e,t){var n,i,o,a,r,s;n=(e=e||g.get.selectedItem()).closest(y.menu),i=e&&0<e.length,t=t!==J&&t,e&&0<n.length&&i&&(e.position().top,n.addClass(h.loading),o=(a=n.scrollTop())-n.offset().top+e.offset().top,t||(s=a+n.height()<o+5,r=o-5<a),g.debug("Scrolling to active item",o),(t||r||s)&&n.scrollTop(o),n.removeClass(h.loading))},text:function(e){"select"!==p.action&&("combo"==p.action?(g.debug("Changing combo button text",e,E),p.preserveHTML?E.html(e):E.text(e)):(e!==g.get.placeholderText()&&k.removeClass(h.placeholder),g.debug("Changing text",e,k),k.removeClass(h.filtered),p.preserveHTML?k.html(e):k.text(e)))},selectedItem:function(e){var t=g.get.choiceValue(e),n=g.get.choiceText(e,!1),i=g.get.choiceText(e,!0);g.debug("Setting user selection to item",e),g.remove.activeItem(),g.set.partialSearch(n),g.set.activeItem(e),g.set.selected(t,e),g.set.text(i)},selectedLetter:function(e){var t,n=O.filter("."+h.selected),i=0<n.length&&g.has.firstLetter(n,e),o=!1;i&&(t=n.nextAll(O).eq(0),g.has.firstLetter(t,e)&&(o=t)),o||O.each(function(){if(g.has.firstLetter(Y(this),e))return o=Y(this),!1}),o&&(g.verbose("Scrolling to next value with letter",e),g.set.scrollPosition(o),n.removeClass(h.selected),o.addClass(h.selected),p.selectOnKeydown&&g.is.single()&&g.set.selectedItem(o))},direction:function(e){"auto"==p.direction?(g.remove.upward(),g.can.openDownward(e)?g.remove.upward(e):g.set.upward(e),g.is.leftward(e)||g.can.openRightward(e)||g.set.leftward(e)):"upward"==p.direction&&g.set.upward(e)},upward:function(e){(e||w).addClass(h.upward)},leftward:function(e){(e||F).addClass(h.leftward)},value:function(e,t,n){var i=g.escape.value(e),o=0<R.length,a=g.get.values(),r=e!==J?String(e):e;if(o){if(!p.allowReselection&&r==a&&(g.verbose("Skipping value update already same value",e,a),!g.is.initialLoad()))return;g.is.single()&&g.has.selectInput()&&g.can.extendSelect()&&(g.debug("Adding user option",e),g.add.optionValue(e)),g.debug("Updating input value",i,a),j=!0,R.val(i),!1===p.fireOnInit&&g.is.initialLoad()?g.debug("Input native change event ignored on initial load"):g.trigger.change(),j=!1}else g.verbose("Storing value in metadata",i,R),i!==a&&w.data(b.value,r);g.is.single()&&p.clearable&&(i?g.set.clearable():g.remove.clearable()),!1===p.fireOnInit&&g.is.initialLoad()?g.verbose("No callback on initial load",p.onChange):p.onChange.call(z,e,t,n)},active:function(){w.addClass(h.active)},multiple:function(){w.addClass(h.multiple)},visible:function(){w.addClass(h.visible)},exactly:function(e,t){g.debug("Setting selected to exact values"),g.clear(),g.set.selected(e,t)},selected:function(e,s){var l=g.is.multiple();(s=p.allowAdditions?s||g.get.itemWithAdditions(e):s||g.get.item(e))&&(g.debug("Setting selected menu item to",s),g.is.multiple()&&g.remove.searchWidth(),g.is.single()?(g.remove.activeItem(),g.remove.selectedItem()):p.useLabels&&g.remove.selectedItem(),s.each(function(){var e=Y(this),t=g.get.choiceText(e),n=g.get.choiceValue(e,t),i=e.hasClass(h.filtered),o=e.hasClass(h.active),a=e.hasClass(h.addition),r=l&&1==s.length;l?!o||a?(p.apiSettings&&p.saveRemoteData&&g.save.remoteData(t,n),p.useLabels?(g.add.label(n,t,r),g.add.value(n,t,e),g.set.activeItem(e),g.filterActive(),g.select.nextAvailable(s)):(g.add.value(n,t,e),g.set.text(g.add.variables(c.count)),g.set.activeItem(e))):i||(g.debug("Selected active value, removing label"),g.remove.selected(n)):(p.apiSettings&&p.saveRemoteData&&g.save.remoteData(t,n),g.set.text(t),g.set.value(n,t,e),e.addClass(h.active).addClass(h.selected))}))},clearable:function(){P.addClass(h.clear)}},add:{label:function(e,t,n){var i,o=g.is.searchSelection()?T:k,a=g.escape.value(e);p.ignoreCase&&(a=a.toLowerCase()),i=Y("<a />").addClass(h.label).attr("data-"+b.value,a).html(m.label(a,t)),i=p.onLabelCreate.call(i,a,t),g.has.label(e)?g.debug("User selection already exists, skipping",a):(p.label.variation&&i.addClass(p.label.variation),!0===n?(g.debug("Animating in label",i),i.addClass(h.hidden).insertBefore(o).transition(p.label.transition,p.label.duration)):(g.debug("Adding selection label",i),i.insertBefore(o)))},message:function(e){var t=F.children(y.message),n=p.templates.message(g.add.variables(e));0<t.length?t.html(n):t=Y("<div/>").html(n).addClass(h.message).appendTo(F)},optionValue:function(e){var t=g.escape.value(e);0<R.find('option[value="'+g.escape.string(t)+'"]').length||(g.disconnect.selectObserver(),g.is.single()&&(g.verbose("Removing previous user addition"),R.find("option."+h.addition).remove()),Y("<option/>").prop("value",t).addClass(h.addition).html(e).appendTo(R),g.verbose("Adding user addition as an <option>",e),g.observe.select())},userSuggestion:function(e){var t,n=F.children(y.addition),i=g.get.item(e),o=i&&i.not(y.addition).length,a=0<n.length;p.useLabels&&g.has.maxSelections()||(""===e||o?n.remove():(a?(n.data(b.value,e).data(b.text,e).attr("data-"+b.value,e).attr("data-"+b.text,e).removeClass(h.filtered),p.hideAdditions||(t=p.templates.addition(g.add.variables(c.addResult,e)),n.html(t)),g.verbose("Replacing user suggestion with new value",n)):((n=g.create.userChoice(e)).prependTo(F),g.verbose("Adding item choice to menu corresponding with user choice addition",n)),p.hideAdditions&&!g.is.allFiltered()||n.addClass(h.selected).siblings().removeClass(h.selected),g.refreshItems()))},variables:function(e,t){var n,i,o=-1!==e.search("{count}"),a=-1!==e.search("{maxCount}"),r=-1!==e.search("{term}");return g.verbose("Adding templated variables to message",e),o&&(n=g.get.selectionCount(),e=e.replace("{count}",n)),a&&(n=g.get.selectionCount(),e=e.replace("{maxCount}",p.maxSelections)),r&&(i=t||g.get.query(),e=e.replace("{term}",i)),e},value:function(e,t,n){var i,o=g.get.values();g.has.value(e)?g.debug("Value already selected"):""!==e?(i=Y.isArray(o)?(i=o.concat([e]),g.get.uniqueArray(i)):[e],g.has.selectInput()?g.can.extendSelect()&&(g.debug("Adding value to select",e,i,R),g.add.optionValue(e)):(i=i.join(p.delimiter),g.debug("Setting hidden input to delimited value",i,R)),!1===p.fireOnInit&&g.is.initialLoad()?g.verbose("Skipping onadd callback on initial load",p.onAdd):p.onAdd.call(z,e,t,n),g.set.value(i,e,t,n),g.check.maxSelections()):g.debug("Cannot select blank values from multiselect")}},remove:{active:function(){w.removeClass(h.active)},activeLabel:function(){w.find(y.label).removeClass(h.active)},empty:function(){w.removeClass(h.empty)},loading:function(){w.removeClass(h.loading)},initialLoad:function(){e=!1},upward:function(e){(e||w).removeClass(h.upward)},leftward:function(e){(e||F).removeClass(h.leftward)},visible:function(){w.removeClass(h.visible)},activeItem:function(){O.removeClass(h.active)},filteredItem:function(){p.useLabels&&g.has.maxSelections()||(p.useLabels&&g.is.multiple()?O.not("."+h.active).removeClass(h.filtered):O.removeClass(h.filtered),g.remove.empty())},optionValue:function(e){var t=g.escape.value(e),n=R.find('option[value="'+g.escape.string(t)+'"]');0<n.length&&n.hasClass(h.addition)&&(r&&(r.disconnect(),g.verbose("Temporarily disconnecting mutation observer")),n.remove(),g.verbose("Removing user addition as an <option>",t),r&&r.observe(R[0],{childList:!0,subtree:!0}))},message:function(){F.children(y.message).remove()},searchWidth:function(){T.css("width","")},searchTerm:function(){g.verbose("Cleared search term"),T.val(""),g.set.filtered()},userAddition:function(){O.filter(y.addition).remove()},selected:function(e,t){if(!(t=p.allowAdditions?t||g.get.itemWithAdditions(e):t||g.get.item(e)))return!1;t.each(function(){var e=Y(this),t=g.get.choiceText(e),n=g.get.choiceValue(e,t);g.is.multiple()?p.useLabels?(g.remove.value(n,t,e),g.remove.label(n)):(g.remove.value(n,t,e),0===g.get.selectionCount()?g.set.placeholderText():g.set.text(g.add.variables(c.count))):g.remove.value(n,t,e),e.removeClass(h.filtered).removeClass(h.active),p.useLabels&&e.removeClass(h.selected)})},selectedItem:function(){O.removeClass(h.selected)},value:function(e,t,n){var i,o=g.get.values();g.has.selectInput()?(g.verbose("Input is <select> removing selected option",e),i=g.remove.arrayValue(e,o),g.remove.optionValue(e)):(g.verbose("Removing from delimited values",e),i=(i=g.remove.arrayValue(e,o)).join(p.delimiter)),!1===p.fireOnInit&&g.is.initialLoad()?g.verbose("No callback on initial load",p.onRemove):p.onRemove.call(z,e,t,n),g.set.value(i,t,n),g.check.maxSelections()},arrayValue:function(t,e){return Y.isArray(e)||(e=[e]),e=Y.grep(e,function(e){return t!=e}),g.verbose("Removed value from delimited string",t,e),e},label:function(e,t){var n=w.find(y.label).filter("[data-"+b.value+'="'+g.escape.string(e)+'"]');g.verbose("Removing label",n),n.remove()},activeLabels:function(e){e=e||w.find(y.label).filter("."+h.active),g.verbose("Removing active label selections",e),g.remove.labels(e)},labels:function(e){e=e||w.find(y.label),g.verbose("Removing labels",e),e.each(function(){var e=Y(this),t=e.data(b.value),n=t!==J?String(t):t,i=g.is.userValue(n);!1!==p.onLabelRemove.call(e,t)?(g.remove.message(),i?(g.remove.value(n),g.remove.label(n)):g.remove.selected(n)):g.debug("Label remove callback cancelled removal")})},tabbable:function(){g.is.searchSelection()?(g.debug("Searchable dropdown initialized"),T.removeAttr("tabindex")):(g.debug("Simple selection dropdown initialized"),w.removeAttr("tabindex")),F.removeAttr("tabindex")},clearable:function(){P.removeClass(h.clear)}},has:{menuSearch:function(){return g.has.search()&&0<T.closest(F).length},search:function(){return 0<T.length},sizer:function(){return 0<A.length},selectInput:function(){return R.is("select")},minCharacters:function(e){return!p.minCharacters||(e=e!==J?String(e):String(g.get.query())).length>=p.minCharacters},firstLetter:function(e,t){var n;return!(!e||0===e.length||"string"!=typeof t)&&(n=g.get.choiceText(e,!1),(t=t.toLowerCase())==String(n).charAt(0).toLowerCase())},input:function(){return 0<R.length},items:function(){return 0<O.length},menu:function(){return 0<F.length},message:function(){return 0!==F.children(y.message).length},label:function(e){var t=g.escape.value(e),n=w.find(y.label);return p.ignoreCase&&(t=t.toLowerCase()),0<n.filter("[data-"+b.value+'="'+g.escape.string(t)+'"]').length},maxSelections:function(){return p.maxSelections&&g.get.selectionCount()>=p.maxSelections},allResultsFiltered:function(){var e=O.not(y.addition);return e.filter(y.unselectable).length===e.length},userSuggestion:function(){return 0<F.children(y.addition).length},query:function(){return""!==g.get.query()},value:function(e){return p.ignoreCase?g.has.valueIgnoringCase(e):g.has.valueMatchingCase(e)},valueMatchingCase:function(e){var t=g.get.values();return!!(Y.isArray(t)?t&&-1!==Y.inArray(e,t):t==e)},valueIgnoringCase:function(n){var e=g.get.values(),i=!1;return Y.isArray(e)||(e=[e]),Y.each(e,function(e,t){if(String(n).toLowerCase()==String(t).toLowerCase())return!(i=!0)}),i}},is:{active:function(){return w.hasClass(h.active)},animatingInward:function(){return F.transition("is inward")},animatingOutward:function(){return F.transition("is outward")},bubbledLabelClick:function(e){return Y(e.target).is("select, input")&&0<w.closest("label").length},bubbledIconClick:function(e){return 0<Y(e.target).closest(P).length},alreadySetup:function(){return w.is("select")&&w.parent(y.dropdown).data(C)!==J&&0===w.prev().length},animating:function(e){return e?e.transition&&e.transition("is animating"):F.transition&&F.transition("is animating")},leftward:function(e){return(e||F).hasClass(h.leftward)},disabled:function(){return w.hasClass(h.disabled)},focused:function(){return K.activeElement===w[0]},focusedOnSearch:function(){return K.activeElement===T[0]},allFiltered:function(){return(g.is.multiple()||g.has.search())&&!(0==p.hideAdditions&&g.has.userSuggestion())&&!g.has.message()&&g.has.allResultsFiltered()},hidden:function(e){return!g.is.visible(e)},initialLoad:function(){return e},inObject:function(n,e){var i=!1;return Y.each(e,function(e,t){if(t==n)return i=!0}),i},multiple:function(){return w.hasClass(h.multiple)},remote:function(){return p.apiSettings&&g.can.useAPI()},single:function(){return!g.is.multiple()},selectMutation:function(e){var n=!1;return Y.each(e,function(e,t){if(t.target&&Y(t.target).is("select"))return n=!0}),n},search:function(){return w.hasClass(h.search)},searchSelection:function(){return g.has.search()&&1===T.parent(y.dropdown).length},selection:function(){return w.hasClass(h.selection)},userValue:function(e){return-1!==Y.inArray(e,g.get.userValues())},upward:function(e){return(e||w).hasClass(h.upward)},visible:function(e){return e?e.hasClass(h.visible):F.hasClass(h.visible)},verticallyScrollableContext:function(){var e=S.get(0)!==Z&&S.css("overflow-y");return"auto"==e||"scroll"==e},horizontallyScrollableContext:function(){var e=S.get(0)!==Z&&S.css("overflow-X");return"auto"==e||"scroll"==e}},can:{activate:function(e){return!!p.useLabels||(!g.has.maxSelections()||!(!g.has.maxSelections()||!e.hasClass(h.active)))},openDownward:function(e){var t,n,i=e||F,o=!0;return i.addClass(h.loading),n={context:{offset:S.get(0)===Z?{top:0,left:0}:S.offset(),scrollTop:S.scrollTop(),height:S.outerHeight()},menu:{offset:i.offset(),height:i.outerHeight()}},g.is.verticallyScrollableContext()&&(n.menu.offset.top+=n.context.scrollTop),o=(t={above:n.context.scrollTop<=n.menu.offset.top-n.context.offset.top-n.menu.height,below:n.context.scrollTop+n.context.height>=n.menu.offset.top-n.context.offset.top+n.menu.height}).below?(g.verbose("Dropdown can fit in context downward",t),!0):t.below||t.above?(g.verbose("Dropdown cannot fit below, opening upward",t),!1):(g.verbose("Dropdown cannot fit in either direction, favoring downward",t),!0),i.removeClass(h.loading),o},openRightward:function(e){var t,n,i=e||F,o=!0;return i.addClass(h.loading),n={context:{offset:S.get(0)===Z?{top:0,left:0}:S.offset(),scrollLeft:S.scrollLeft(),width:S.outerWidth()},menu:{offset:i.offset(),width:i.outerWidth()}},g.is.horizontallyScrollableContext()&&(n.menu.offset.left+=n.context.scrollLeft),(t=n.menu.offset.left-n.context.offset.left+n.menu.width>=n.context.scrollLeft+n.context.width)&&(g.verbose("Dropdown cannot fit in context rightward",t),o=!1),i.removeClass(h.loading),o},click:function(){return U||"click"==p.on},extendSelect:function(){return p.allowAdditions||p.apiSettings},show:function(){return!g.is.disabled()&&(g.has.items()||g.has.message())},useAPI:function(){return Y.fn.api!==J}},animate:{show:function(e,t){var n,i=t||F,o=t?function(){}:function(){g.hideSubMenus(),g.hideOthers(),g.set.active()};e=Y.isFunction(e)?e:function(){},g.verbose("Doing menu show animation",i),g.set.direction(t),n=g.get.transition(t),g.is.selection()&&g.set.scrollPosition(g.get.selectedItem(),!0),(g.is.hidden(i)||g.is.animating(i))&&("none"==n?(o(),i.transition("show"),e.call(z)):Y.fn.transition!==J&&w.transition("is supported")?i.transition({animation:n+" in",debug:p.debug,verbose:p.verbose,duration:p.duration,queue:!0,onStart:o,onComplete:function(){e.call(z)}}):g.error(f.noTransition,n))},hide:function(e,t){var n=t||F,i=(t?p.duration:p.duration,t?function(){}:function(){g.can.click()&&g.unbind.intent(),g.remove.active()}),o=g.get.transition(t);e=Y.isFunction(e)?e:function(){},(g.is.visible(n)||g.is.animating(n))&&(g.verbose("Doing menu hide animation",n),"none"==o?(i(),n.transition("hide"),e.call(z)):Y.fn.transition!==J&&w.transition("is supported")?n.transition({animation:o+" out",duration:p.duration,debug:p.debug,verbose:p.verbose,queue:!1,onStart:i,onComplete:function(){e.call(z)}}):g.error(f.transition))}},hideAndClear:function(){g.remove.searchTerm(),g.has.maxSelections()||(g.has.search()?g.hide(function(){g.remove.filteredItem()}):g.hide())},delay:{show:function(){g.verbose("Delaying show event to ensure user intent"),clearTimeout(g.timer),g.timer=setTimeout(g.show,p.delay.show)},hide:function(){g.verbose("Delaying hide event to ensure user intent"),clearTimeout(g.timer),g.timer=setTimeout(g.hide,p.delay.hide)}},escape:{value:function(e){var t=Y.isArray(e),n="string"==typeof e,i=!n&&!t,o=n&&-1!==e.search(d.quote),a=[];return i||!o?e:(g.debug("Encoding quote values for use in select",e),t?(Y.each(e,function(e,t){a.push(t.replace(d.quote,"&quot;"))}),a):e.replace(d.quote,"&quot;"))},string:function(e){return(e=String(e)).replace(d.escape,"\\$&")}},setting:function(e,t){if(g.debug("Changing setting",e,t),Y.isPlainObject(e))Y.extend(!0,p,e);else{if(t===J)return p[e];Y.isPlainObject(p[e])?Y.extend(!0,p[e],t):p[e]=t}},internal:function(e,t){if(Y.isPlainObject(e))Y.extend(!0,g,e);else{if(t===J)return g[e];g[e]=t}},debug:function(){!p.silent&&p.debug&&(p.performance?g.performance.log(arguments):(g.debug=Function.prototype.bind.call(console.info,console,p.name+":"),g.debug.apply(console,arguments)))},verbose:function(){!p.silent&&p.verbose&&p.debug&&(p.performance?g.performance.log(arguments):(g.verbose=Function.prototype.bind.call(console.info,console,p.name+":"),g.verbose.apply(console,arguments)))},error:function(){p.silent||(g.error=Function.prototype.bind.call(console.error,console,p.name+":"),g.error.apply(console,arguments))},performance:{log:function(e){var t,n;p.performance&&(n=(t=(new Date).getTime())-(W||t),W=t,B.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:z,"Execution Time":n})),clearTimeout(g.performance.timer),g.performance.timer=setTimeout(g.performance.display,500)},display:function(){var e=p.name+":",n=0;W=!1,clearTimeout(g.performance.timer),Y.each(B,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",H&&(e+=" '"+H+"'"),(console.group!==J||console.table!==J)&&0<B.length&&(console.groupCollapsed(e),console.table?console.table(B):Y.each(B,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),B=[]}},invoke:function(i,e,t){var o,a,n,r=I;return e=e||$,t=z||t,"string"==typeof i&&r!==J&&(i=i.split(/[\. ]/),o=i.length-1,Y.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(Y.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==J)return a=r[n],!1;if(!Y.isPlainObject(r[t])||e==o)return r[t]!==J?a=r[t]:g.error(f.method,i),!1;r=r[t]}})),Y.isFunction(a)?n=a.apply(t,e):a!==J&&(n=a),Y.isArray(L)?L.push(n):L!==J?L=[L,n]:n!==J&&(L=n),a}},X?(I===J&&g.initialize(),g.invoke(Q)):(I!==J&&I.invoke("destroy"),g.initialize())}),L!==J?L:V},Y.fn.dropdown.settings={silent:!1,debug:!1,verbose:!1,performance:!0,on:"click",action:"activate",values:!1,clearable:!1,apiSettings:!1,selectOnKeydown:!0,minCharacters:0,filterRemoteData:!1,saveRemoteData:!0,throttle:200,context:Z,direction:"auto",keepOnScreen:!0,match:"both",fullTextSearch:!1,placeholder:"auto",preserveHTML:!0,sortSelect:!1,forceSelection:!0,allowAdditions:!1,ignoreCase:!1,hideAdditions:!0,maxSelections:!1,useLabels:!0,delimiter:",",showOnFocus:!0,allowReselection:!1,allowTab:!0,allowCategorySelection:!1,fireOnInit:!1,transition:"auto",duration:200,glyphWidth:1.037,label:{transition:"scale",duration:200,variation:!1},delay:{hide:300,show:200,search:20,touch:50},onChange:function(e,t,n){},onAdd:function(e,t,n){},onRemove:function(e,t,n){},onLabelSelect:function(e){},onLabelCreate:function(e,t){return Y(this)},onLabelRemove:function(e){return!0},onNoResults:function(e){return!0},onShow:function(){},onHide:function(){},name:"Dropdown",namespace:"dropdown",message:{addResult:"Add <b>{term}</b>",count:"{count} selected",maxSelections:"Max {maxCount} selections",noResults:"No results found.",serverError:"There was an error contacting the server"},error:{action:"You called a dropdown action that was not defined",alreadySetup:"Once a select has been initialized behaviors must be called on the created ui dropdown",labels:"Allowing user additions currently requires the use of labels.",missingMultiple:"<select> requires multiple property to be set to correctly preserve multiple values",method:"The method you called is not defined.",noAPI:"The API module is required to load resources remotely",noStorage:"Saving remote data requires session storage",noTransition:"This module requires ui transitions <https://github.com/Semantic-Org/UI-Transition>"},regExp:{escape:/[-[\]{}()*+?.,\\^$|#\s]/g,quote:/"/g},metadata:{defaultText:"defaultText",defaultValue:"defaultValue",placeholderText:"placeholder",text:"text",value:"value"},fields:{remoteValues:"results",values:"values",disabled:"disabled",name:"name",value:"value",text:"text"},keys:{backspace:8,delimiter:188,deleteKey:46,enter:13,escape:27,pageUp:33,pageDown:34,leftArrow:37,upArrow:38,rightArrow:39,downArrow:40},selector:{addition:".addition",dropdown:".ui.dropdown",hidden:".hidden",icon:"> .dropdown.icon",input:'> input[type="hidden"], > select',item:".item",label:"> .label",remove:"> .label > .delete.icon",siblingLabel:".label",menu:".menu",message:".message",menuIcon:".dropdown.icon",search:"input.search, .menu > .search > input, .menu input.search",sizer:"> input.sizer",text:"> .text:not(.icon)",unselectable:".disabled, .filtered"},className:{active:"active",addition:"addition",animating:"animating",clear:"clear",disabled:"disabled",empty:"empty",dropdown:"ui dropdown",filtered:"filtered",hidden:"hidden transition",item:"item",label:"ui label",loading:"loading",menu:"menu",message:"message",multiple:"multiple",placeholder:"default",sizer:"sizer",search:"search",selected:"selected",selection:"selection",upward:"upward",leftward:"left",visible:"visible"}},Y.fn.dropdown.settings.templates={dropdown:function(e){var t=e.placeholder||!1,n=(e.values,"");return n+='<i class="dropdown icon"></i>',e.placeholder?n+='<div class="default text">'+t+"</div>":n+='<div class="text"></div>',n+='<div class="menu">',Y.each(e.values,function(e,t){n+=t.disabled?'<div class="disabled item" data-value="'+t.value+'">'+t.name+"</div>":'<div class="item" data-value="'+t.value+'">'+t.name+"</div>"}),n+="</div>"},menu:function(e,o){var t=e[o.values]||{},a="";return Y.each(t,function(e,t){var n=t[o.text]?'data-text="'+t[o.text]+'"':"",i=t[o.disabled]?"disabled ":"";a+='<div class="'+i+'item" data-value="'+t[o.value]+'"'+n+">",a+=t[o.name],a+="</div>"}),a},label:function(e,t){return t+'<i class="delete icon"></i>'},message:function(e){return e},addition:function(e){return e}}}(jQuery,window,document),function(k,T,e,A){"use strict";T=void 0!==T&&T.Math==Math?T:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),k.fn.embed=function(p){var h,v=k(this),b=v.selector||"",y=(new Date).getTime(),x=[],C=p,w="string"==typeof C,S=[].slice.call(arguments,1);return v.each(function(){var s,i=k.isPlainObject(p)?k.extend(!0,{},k.fn.embed.settings,p):k.extend({},k.fn.embed.settings),e=i.selector,t=i.className,o=i.sources,l=i.error,a=i.metadata,n=i.namespace,r=i.templates,c="."+n,u="module-"+n,d=(k(T),k(this)),f=(d.find(e.placeholder),d.find(e.icon),d.find(e.embed)),m=this,g=d.data(u);s={initialize:function(){s.debug("Initializing embed"),s.determine.autoplay(),s.create(),s.bind.events(),s.instantiate()},instantiate:function(){s.verbose("Storing instance of module",s),g=s,d.data(u,s)},destroy:function(){s.verbose("Destroying previous instance of embed"),s.reset(),d.removeData(u).off(c)},refresh:function(){s.verbose("Refreshing selector cache"),d.find(e.placeholder),d.find(e.icon),f=d.find(e.embed)},bind:{events:function(){s.has.placeholder()&&(s.debug("Adding placeholder events"),d.on("click"+c,e.placeholder,s.createAndShow).on("click"+c,e.icon,s.createAndShow))}},create:function(){s.get.placeholder()?s.createPlaceholder():s.createAndShow()},createPlaceholder:function(e){var t=s.get.icon(),n=s.get.url();s.generate.embed(n);e=e||s.get.placeholder(),d.html(r.placeholder(e,t)),s.debug("Creating placeholder for embed",e,t)},createEmbed:function(e){s.refresh(),e=e||s.get.url(),f=k("<div/>").addClass(t.embed).html(s.generate.embed(e)).appendTo(d),i.onCreate.call(m,e),s.debug("Creating embed object",f)},changeEmbed:function(e){f.html(s.generate.embed(e))},createAndShow:function(){s.createEmbed(),s.show()},change:function(e,t,n){s.debug("Changing video to ",e,t,n),d.data(a.source,e).data(a.id,t),n?d.data(a.url,n):d.removeData(a.url),s.has.embed()?s.changeEmbed():s.create()},reset:function(){s.debug("Clearing embed and showing placeholder"),s.remove.data(),s.remove.active(),s.remove.embed(),s.showPlaceholder(),i.onReset.call(m)},show:function(){s.debug("Showing embed"),s.set.active(),i.onDisplay.call(m)},hide:function(){s.debug("Hiding embed"),s.showPlaceholder()},showPlaceholder:function(){s.debug("Showing placeholder image"),s.remove.active(),i.onPlaceholderDisplay.call(m)},get:{id:function(){return i.id||d.data(a.id)},placeholder:function(){return i.placeholder||d.data(a.placeholder)},icon:function(){return i.icon?i.icon:d.data(a.icon)!==A?d.data(a.icon):s.determine.icon()},source:function(e){return i.source?i.source:d.data(a.source)!==A?d.data(a.source):s.determine.source()},type:function(){var e=s.get.source();return o[e]!==A&&o[e].type},url:function(){return i.url?i.url:d.data(a.url)!==A?d.data(a.url):s.determine.url()}},determine:{autoplay:function(){s.should.autoplay()&&(i.autoplay=!0)},source:function(n){var i=!1;return(n=n||s.get.url())&&k.each(o,function(e,t){if(-1!==n.search(t.domain))return i=e,!1}),i},icon:function(){var e=s.get.source();return o[e]!==A&&o[e].icon},url:function(){var e,t=i.id||d.data(a.id),n=i.source||d.data(a.source);return(e=o[n]!==A&&o[n].url.replace("{id}",t))&&d.data(a.url,e),e}},set:{active:function(){d.addClass(t.active)}},remove:{data:function(){d.removeData(a.id).removeData(a.icon).removeData(a.placeholder).removeData(a.source).removeData(a.url)},active:function(){d.removeClass(t.active)},embed:function(){f.empty()}},encode:{parameters:function(e){var t,n=[];for(t in e)n.push(encodeURIComponent(t)+"="+encodeURIComponent(e[t]));return n.join("&amp;")}},generate:{embed:function(e){s.debug("Generating embed html");var t,n,i=s.get.source();return(e=s.get.url(e))?(n=s.generate.parameters(i),t=r.iframe(e,n)):s.error(l.noURL,d),t},parameters:function(e,t){var n=o[e]&&o[e].parameters!==A?o[e].parameters(i):{};return(t=t||i.parameters)&&(n=k.extend({},n,t)),n=i.onEmbed(n),s.encode.parameters(n)}},has:{embed:function(){return 0<f.length},placeholder:function(){return i.placeholder||d.data(a.placeholder)}},should:{autoplay:function(){return"auto"===i.autoplay?i.placeholder||d.data(a.placeholder)!==A:i.autoplay}},is:{video:function(){return"video"==s.get.type()}},setting:function(e,t){if(s.debug("Changing setting",e,t),k.isPlainObject(e))k.extend(!0,i,e);else{if(t===A)return i[e];k.isPlainObject(i[e])?k.extend(!0,i[e],t):i[e]=t}},internal:function(e,t){if(k.isPlainObject(e))k.extend(!0,s,e);else{if(t===A)return s[e];s[e]=t}},debug:function(){!i.silent&&i.debug&&(i.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,i.name+":"),s.debug.apply(console,arguments)))},verbose:function(){!i.silent&&i.verbose&&i.debug&&(i.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,i.name+":"),s.verbose.apply(console,arguments)))},error:function(){i.silent||(s.error=Function.prototype.bind.call(console.error,console,i.name+":"),s.error.apply(console,arguments))},performance:{log:function(e){var t,n;i.performance&&(n=(t=(new Date).getTime())-(y||t),y=t,x.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:m,"Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=i.name+":",n=0;y=!1,clearTimeout(s.performance.timer),k.each(x,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",b&&(e+=" '"+b+"'"),1<v.length&&(e+=" ("+v.length+")"),(console.group!==A||console.table!==A)&&0<x.length&&(console.groupCollapsed(e),console.table?console.table(x):k.each(x,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),x=[]}},invoke:function(i,e,t){var o,a,n,r=g;return e=e||S,t=m||t,"string"==typeof i&&r!==A&&(i=i.split(/[\. ]/),o=i.length-1,k.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(k.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==A)return a=r[n],!1;if(!k.isPlainObject(r[t])||e==o)return r[t]!==A?a=r[t]:s.error(l.method,i),!1;r=r[t]}})),k.isFunction(a)?n=a.apply(t,e):a!==A&&(n=a),k.isArray(h)?h.push(n):h!==A?h=[h,n]:n!==A&&(h=n),a}},w?(g===A&&s.initialize(),s.invoke(C)):(g!==A&&g.invoke("destroy"),s.initialize())}),h!==A?h:this},k.fn.embed.settings={name:"Embed",namespace:"embed",silent:!1,debug:!1,verbose:!1,performance:!0,icon:!1,source:!1,url:!1,id:!1,autoplay:"auto",color:"#444444",hd:!0,brandedUI:!1,parameters:!1,onDisplay:function(){},onPlaceholderDisplay:function(){},onReset:function(){},onCreate:function(e){},onEmbed:function(e){return e},metadata:{id:"id",icon:"icon",placeholder:"placeholder",source:"source",url:"url"},error:{noURL:"No URL specified",method:"The method you called is not defined"},className:{active:"active",embed:"embed"},selector:{embed:".embed",placeholder:".placeholder",icon:".icon"},sources:{youtube:{name:"youtube",type:"video",icon:"video play",domain:"youtube.com",url:"//www.youtube.com/embed/{id}",parameters:function(e){return{autohide:!e.brandedUI,autoplay:e.autoplay,color:e.color||A,hq:e.hd,jsapi:e.api,modestbranding:!e.brandedUI}}},vimeo:{name:"vimeo",type:"video",icon:"video play",domain:"vimeo.com",url:"//player.vimeo.com/video/{id}",parameters:function(e){return{api:e.api,autoplay:e.autoplay,byline:e.brandedUI,color:e.color||A,portrait:e.brandedUI,title:e.brandedUI}}}},templates:{iframe:function(e,t){var n=e;return t&&(n+="?"+t),'<iframe src="'+n+'" width="100%" height="100%" frameborder="0" scrolling="no" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>'},placeholder:function(e,t){var n="";return t&&(n+='<i class="'+t+' icon"></i>'),e&&(n+='<img class="placeholder" src="'+e+'">'),n}},api:!1,onPause:function(){},onPlay:function(){},onStop:function(){}}}(jQuery,window,document),function(j,z,I,M){"use strict";z=void 0!==z&&z.Math==Math?z:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),j.fn.modal=function(w){var S,e=j(this),k=j(z),T=j(I),A=j("body"),R=e.selector||"",P=(new Date).getTime(),E=[],F=w,O="string"==typeof F,D=[].slice.call(arguments,1),q=z.requestAnimationFrame||z.mozRequestAnimationFrame||z.webkitRequestAnimationFrame||z.msRequestAnimationFrame||function(e){setTimeout(e,0)};return e.each(function(){var n,i,e,o,a,t,r,s,l,c=j.isPlainObject(w)?j.extend(!0,{},j.fn.modal.settings,w):j.extend({},j.fn.modal.settings),u=c.selector,d=c.className,f=c.namespace,m=c.error,g="."+f,p="module-"+f,h=j(this),v=j(c.context),b=h.find(u.close),y=this,x=h.data(p),C=!1;l={initialize:function(){l.verbose("Initializing dimmer",v),l.create.id(),l.create.dimmer(),l.refreshModals(),l.bind.events(),c.observeChanges&&l.observeChanges(),l.instantiate()},instantiate:function(){l.verbose("Storing instance of modal"),x=l,h.data(p,x)},create:{dimmer:function(){var e={debug:c.debug,variation:!c.centered&&"top aligned",dimmerName:"modals"},t=j.extend(!0,e,c.dimmerSettings);j.fn.dimmer!==M?(l.debug("Creating dimmer"),o=v.dimmer(t),c.detachable?(l.verbose("Modal is detachable, moving content into dimmer"),o.dimmer("add content",h)):l.set.undetached(),a=o.dimmer("get dimmer")):l.error(m.dimmer)},id:function(){r=(Math.random().toString(16)+"000000000").substr(2,8),t="."+r,l.verbose("Creating unique id for element",r)}},destroy:function(){l.verbose("Destroying previous modal"),h.removeData(p).off(g),k.off(t),a.off(t),b.off(g),v.dimmer("destroy")},observeChanges:function(){"MutationObserver"in z&&((s=new MutationObserver(function(e){l.debug("DOM tree modified, refreshing"),l.refresh()})).observe(y,{childList:!0,subtree:!0}),l.debug("Setting up mutation observer",s))},refresh:function(){l.remove.scrolling(),l.cacheSizes(),l.can.useFlex()||l.set.modalOffset(),l.set.screenHeight(),l.set.type()},refreshModals:function(){i=h.siblings(u.modal),n=i.add(h)},attachEvents:function(e,t){var n=j(e);t=j.isFunction(l[t])?l[t]:l.toggle,0<n.length?(l.debug("Attaching modal events to element",e,t),n.off(g).on("click"+g,t)):l.error(m.notFound,e)},bind:{events:function(){l.verbose("Attaching events"),h.on("click"+g,u.close,l.event.close).on("click"+g,u.approve,l.event.approve).on("click"+g,u.deny,l.event.deny),k.on("resize"+t,l.event.resize)},scrollLock:function(){o.get(0).addEventListener("touchmove",l.event.preventScroll,{passive:!1})}},unbind:{scrollLock:function(){o.get(0).removeEventListener("touchmove",l.event.preventScroll,{passive:!1})}},get:{id:function(){return(Math.random().toString(16)+"000000000").substr(2,8)}},event:{approve:function(){C||!1===c.onApprove.call(y,j(this))?l.verbose("Approve callback returned false cancelling hide"):(C=!0,l.hide(function(){C=!1}))},preventScroll:function(e){e.preventDefault()},deny:function(){C||!1===c.onDeny.call(y,j(this))?l.verbose("Deny callback returned false cancelling hide"):(C=!0,l.hide(function(){C=!1}))},close:function(){l.hide()},click:function(e){if(c.closable){var t=0<j(e.target).closest(u.modal).length,n=j.contains(I.documentElement,e.target);!t&&n&&l.is.active()&&(l.debug("Dimmer clicked, hiding all modals"),l.remove.clickaway(),c.allowMultiple?l.hide():l.hideAll())}else l.verbose("Dimmer clicked but closable setting is disabled")},debounce:function(e,t){clearTimeout(l.timer),l.timer=setTimeout(e,t)},keyboard:function(e){27==e.which&&(c.closable?(l.debug("Escape key pressed hiding modal"),l.hide()):l.debug("Escape key pressed, but closable is set to false"),e.preventDefault())},resize:function(){o.dimmer("is active")&&(l.is.animating()||l.is.active())&&q(l.refresh)}},toggle:function(){l.is.active()||l.is.animating()?l.hide():l.show()},show:function(e){e=j.isFunction(e)?e:function(){},l.refreshModals(),l.set.dimmerSettings(),l.set.dimmerStyles(),l.showModal(e)},hide:function(e){e=j.isFunction(e)?e:function(){},l.refreshModals(),l.hideModal(e)},showModal:function(e){e=j.isFunction(e)?e:function(){},l.is.animating()||!l.is.active()?(l.showDimmer(),l.cacheSizes(),l.can.useFlex()?l.remove.legacy():(l.set.legacy(),l.set.modalOffset(),l.debug("Using non-flex legacy modal positioning.")),l.set.screenHeight(),l.set.type(),l.set.clickaway(),!c.allowMultiple&&l.others.active()?l.hideOthers(l.showModal):(c.allowMultiple&&c.detachable&&h.detach().appendTo(a),c.onShow.call(y),c.transition&&j.fn.transition!==M&&h.transition("is supported")?(l.debug("Showing modal with css animations"),h.transition({debug:c.debug,animation:c.transition+" in",queue:c.queue,duration:c.duration,useFailSafe:!0,onComplete:function(){c.onVisible.apply(y),c.keyboardShortcuts&&l.add.keyboardShortcuts(),l.save.focus(),l.set.active(),c.autofocus&&l.set.autofocus(),e()}})):l.error(m.noTransition))):l.debug("Modal is already visible")},hideModal:function(e,t){e=j.isFunction(e)?e:function(){},l.debug("Hiding modal"),!1!==c.onHide.call(y,j(this))?(l.is.animating()||l.is.active())&&(c.transition&&j.fn.transition!==M&&h.transition("is supported")?(l.remove.active(),h.transition({debug:c.debug,animation:c.transition+" out",queue:c.queue,duration:c.duration,useFailSafe:!0,onStart:function(){l.others.active()||t||l.hideDimmer(),c.keyboardShortcuts&&l.remove.keyboardShortcuts()},onComplete:function(){c.onHidden.call(y),l.remove.dimmerStyles(),l.restore.focus(),e()}})):l.error(m.noTransition)):l.verbose("Hide callback returned false cancelling hide")},showDimmer:function(){o.dimmer("is animating")||!o.dimmer("is active")?(l.debug("Showing dimmer"),o.dimmer("show")):l.debug("Dimmer already visible")},hideDimmer:function(){o.dimmer("is animating")||o.dimmer("is active")?(l.unbind.scrollLock(),o.dimmer("hide",function(){l.remove.clickaway(),l.remove.screenHeight()})):l.debug("Dimmer is not visible cannot hide")},hideAll:function(e){var t=n.filter("."+d.active+", ."+d.animating);e=j.isFunction(e)?e:function(){},0<t.length&&(l.debug("Hiding all visible modals"),l.hideDimmer(),t.modal("hide modal",e))},hideOthers:function(e){var t=i.filter("."+d.active+", ."+d.animating);e=j.isFunction(e)?e:function(){},0<t.length&&(l.debug("Hiding other modals",i),t.modal("hide modal",e,!0))},others:{active:function(){return 0<i.filter("."+d.active).length},animating:function(){return 0<i.filter("."+d.animating).length}},add:{keyboardShortcuts:function(){l.verbose("Adding keyboard shortcuts"),T.on("keyup"+g,l.event.keyboard)}},save:{focus:function(){0<j(I.activeElement).closest(h).length||(e=j(I.activeElement).blur())}},restore:{focus:function(){e&&0<e.length&&e.focus()}},remove:{active:function(){h.removeClass(d.active)},legacy:function(){h.removeClass(d.legacy)},clickaway:function(){a.off("click"+t)},dimmerStyles:function(){a.removeClass(d.inverted),o.removeClass(d.blurring)},bodyStyle:function(){""===A.attr("style")&&(l.verbose("Removing style attribute"),A.removeAttr("style"))},screenHeight:function(){l.debug("Removing page height"),A.css("height","")},keyboardShortcuts:function(){l.verbose("Removing keyboard shortcuts"),T.off("keyup"+g)},scrolling:function(){o.removeClass(d.scrolling),h.removeClass(d.scrolling)}},cacheSizes:function(){h.addClass(d.loading);var e=h.prop("scrollHeight"),t=h.outerWidth(),n=h.outerHeight();l.cache!==M&&0===n||(l.cache={pageHeight:j(I).outerHeight(),width:t,height:n+c.offset,scrollHeight:e+c.offset,contextHeight:"body"==c.context?j(z).height():o.height()},l.cache.topOffset=-l.cache.height/2),h.removeClass(d.loading),l.debug("Caching modal and container sizes",l.cache)},can:{useFlex:function(){return"auto"==c.useFlex?c.detachable&&!l.is.ie():c.useFlex},fit:function(){var e=l.cache.contextHeight,t=l.cache.contextHeight/2,n=l.cache.topOffset,i=l.cache.scrollHeight,o=l.cache.height,a=c.padding;return o<i?t+n+i+a<e:o+2*a<e}},is:{active:function(){return h.hasClass(d.active)},ie:function(){return!z.ActiveXObject&&"ActiveXObject"in z||"ActiveXObject"in z},animating:function(){return h.transition("is supported")?h.transition("is animating"):h.is(":visible")},scrolling:function(){return o.hasClass(d.scrolling)},modernBrowser:function(){return!(z.ActiveXObject||"ActiveXObject"in z)}},set:{autofocus:function(){var e=h.find("[tabindex], :input").filter(":visible"),t=e.filter("[autofocus]"),n=0<t.length?t.first():e.first();0<n.length&&n.focus()},clickaway:function(){a.on("click"+t,l.event.click)},dimmerSettings:function(){if(j.fn.dimmer!==M){var e={debug:c.debug,dimmerName:"modals",closable:"auto",useFlex:l.can.useFlex(),variation:!c.centered&&"top aligned",duration:{show:c.duration,hide:c.duration}},t=j.extend(!0,e,c.dimmerSettings);c.inverted&&(t.variation=t.variation!==M?t.variation+" inverted":"inverted"),v.dimmer("setting",t)}else l.error(m.dimmer)},dimmerStyles:function(){c.inverted?a.addClass(d.inverted):a.removeClass(d.inverted),c.blurring?o.addClass(d.blurring):o.removeClass(d.blurring)},modalOffset:function(){var e=l.cache.width,t=l.cache.height;h.css({marginTop:c.centered&&l.can.fit()?-t/2:0,marginLeft:-e/2}),l.verbose("Setting modal offset for legacy mode")},screenHeight:function(){l.can.fit()?A.css("height",""):(l.debug("Modal is taller than page content, resizing page height"),A.css("height",l.cache.height+2*c.padding))},active:function(){h.addClass(d.active)},scrolling:function(){o.addClass(d.scrolling),h.addClass(d.scrolling),l.unbind.scrollLock()},legacy:function(){h.addClass(d.legacy)},type:function(){l.can.fit()?(l.verbose("Modal fits on screen"),l.others.active()||l.others.animating()||(l.remove.scrolling(),l.bind.scrollLock())):(l.verbose("Modal cannot fit on screen setting to scrolling"),l.set.scrolling())},undetached:function(){o.addClass(d.undetached)}},setting:function(e,t){if(l.debug("Changing setting",e,t),j.isPlainObject(e))j.extend(!0,c,e);else{if(t===M)return c[e];j.isPlainObject(c[e])?j.extend(!0,c[e],t):c[e]=t}},internal:function(e,t){if(j.isPlainObject(e))j.extend(!0,l,e);else{if(t===M)return l[e];l[e]=t}},debug:function(){!c.silent&&c.debug&&(c.performance?l.performance.log(arguments):(l.debug=Function.prototype.bind.call(console.info,console,c.name+":"),l.debug.apply(console,arguments)))},verbose:function(){!c.silent&&c.verbose&&c.debug&&(c.performance?l.performance.log(arguments):(l.verbose=Function.prototype.bind.call(console.info,console,c.name+":"),l.verbose.apply(console,arguments)))},error:function(){c.silent||(l.error=Function.prototype.bind.call(console.error,console,c.name+":"),l.error.apply(console,arguments))},performance:{log:function(e){var t,n;c.performance&&(n=(t=(new Date).getTime())-(P||t),P=t,E.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:y,"Execution Time":n})),clearTimeout(l.performance.timer),l.performance.timer=setTimeout(l.performance.display,500)},display:function(){var e=c.name+":",n=0;P=!1,clearTimeout(l.performance.timer),j.each(E,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",R&&(e+=" '"+R+"'"),(console.group!==M||console.table!==M)&&0<E.length&&(console.groupCollapsed(e),console.table?console.table(E):j.each(E,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),E=[]}},invoke:function(i,e,t){var o,a,n,r=x;return e=e||D,t=y||t,"string"==typeof i&&r!==M&&(i=i.split(/[\. ]/),o=i.length-1,j.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(j.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==M)return a=r[n],!1;if(!j.isPlainObject(r[t])||e==o)return r[t]!==M&&(a=r[t]),!1;r=r[t]}})),j.isFunction(a)?n=a.apply(t,e):a!==M&&(n=a),j.isArray(S)?S.push(n):S!==M?S=[S,n]:n!==M&&(S=n),a}},O?(x===M&&l.initialize(),l.invoke(F)):(x!==M&&x.invoke("destroy"),l.initialize())}),S!==M?S:this},j.fn.modal.settings={name:"Modal",namespace:"modal",useFlex:"auto",offset:0,silent:!1,debug:!1,verbose:!1,performance:!0,observeChanges:!1,allowMultiple:!1,detachable:!0,closable:!0,autofocus:!0,inverted:!1,blurring:!1,centered:!0,dimmerSettings:{closable:!1,useCSS:!0},keyboardShortcuts:!0,context:"body",queue:!1,duration:500,transition:"scale",padding:50,onShow:function(){},onVisible:function(){},onHide:function(){return!0},onHidden:function(){},onApprove:function(){return!0},onDeny:function(){return!0},selector:{close:"> .close",approve:".actions .positive, .actions .approve, .actions .ok",deny:".actions .negative, .actions .deny, .actions .cancel",modal:".ui.modal"},error:{dimmer:"UI Dimmer, a required component is not included in this page",method:"The method you called is not defined.",notFound:"The element you specified could not be found"},className:{active:"active",animating:"animating",blurring:"blurring",inverted:"inverted",legacy:"legacy",loading:"loading",scrolling:"scrolling",undetached:"undetached"}}}(jQuery,window,document),function(y,x,e,C){"use strict";x=void 0!==x&&x.Math==Math?x:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),y.fn.nag=function(d){var f,e=y(this),m=e.selector||"",g=(new Date).getTime(),p=[],h=d,v="string"==typeof h,b=[].slice.call(arguments,1);return e.each(function(){var s,i=y.isPlainObject(d)?y.extend(!0,{},y.fn.nag.settings,d):y.extend({},y.fn.nag.settings),e=(i.className,i.selector),l=i.error,t=i.namespace,n="."+t,o=t+"-module",a=y(this),r=(a.find(e.close),i.context?y(i.context):y("body")),c=this,u=a.data(o);x.requestAnimationFrame||x.mozRequestAnimationFrame||x.webkitRequestAnimationFrame||x.msRequestAnimationFrame;s={initialize:function(){s.verbose("Initializing element"),a.on("click"+n,e.close,s.dismiss).data(o,s),i.detachable&&a.parent()[0]!==r[0]&&a.detach().prependTo(r),0<i.displayTime&&setTimeout(s.hide,i.displayTime),s.show()},destroy:function(){s.verbose("Destroying instance"),a.removeData(o).off(n)},show:function(){s.should.show()&&!a.is(":visible")&&(s.debug("Showing nag",i.animation.show),"fade"==i.animation.show?a.fadeIn(i.duration,i.easing):a.slideDown(i.duration,i.easing))},hide:function(){s.debug("Showing nag",i.animation.hide),"fade"==i.animation.show?a.fadeIn(i.duration,i.easing):a.slideUp(i.duration,i.easing)},onHide:function(){s.debug("Removing nag",i.animation.hide),a.remove(),i.onHide&&i.onHide()},dismiss:function(e){i.storageMethod&&s.storage.set(i.key,i.value),s.hide(),e.stopImmediatePropagation(),e.preventDefault()},should:{show:function(){return i.persist?(s.debug("Persistent nag is set, can show nag"),!0):s.storage.get(i.key)!=i.value.toString()?(s.debug("Stored value is not set, can show nag",s.storage.get(i.key)),!0):(s.debug("Stored value is set, cannot show nag",s.storage.get(i.key)),!1)}},get:{storageOptions:function(){var e={};return i.expires&&(e.expires=i.expires),i.domain&&(e.domain=i.domain),i.path&&(e.path=i.path),e}},clear:function(){s.storage.remove(i.key)},storage:{set:function(e,t){var n=s.get.storageOptions();if("localstorage"==i.storageMethod&&x.localStorage!==C)x.localStorage.setItem(e,t),s.debug("Value stored using local storage",e,t);else if("sessionstorage"==i.storageMethod&&x.sessionStorage!==C)x.sessionStorage.setItem(e,t),s.debug("Value stored using session storage",e,t);else{if(y.cookie===C)return void s.error(l.noCookieStorage);y.cookie(e,t,n),s.debug("Value stored using cookie",e,t,n)}},get:function(e,t){var n;return"localstorage"==i.storageMethod&&x.localStorage!==C?n=x.localStorage.getItem(e):"sessionstorage"==i.storageMethod&&x.sessionStorage!==C?n=x.sessionStorage.getItem(e):y.cookie!==C?n=y.cookie(e):s.error(l.noCookieStorage),"undefined"!=n&&"null"!=n&&n!==C&&null!==n||(n=C),n},remove:function(e){var t=s.get.storageOptions();"localstorage"==i.storageMethod&&x.localStorage!==C?x.localStorage.removeItem(e):"sessionstorage"==i.storageMethod&&x.sessionStorage!==C?x.sessionStorage.removeItem(e):y.cookie!==C?y.removeCookie(e,t):s.error(l.noStorage)}},setting:function(e,t){if(s.debug("Changing setting",e,t),y.isPlainObject(e))y.extend(!0,i,e);else{if(t===C)return i[e];y.isPlainObject(i[e])?y.extend(!0,i[e],t):i[e]=t}},internal:function(e,t){if(y.isPlainObject(e))y.extend(!0,s,e);else{if(t===C)return s[e];s[e]=t}},debug:function(){!i.silent&&i.debug&&(i.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,i.name+":"),s.debug.apply(console,arguments)))},verbose:function(){!i.silent&&i.verbose&&i.debug&&(i.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,i.name+":"),s.verbose.apply(console,arguments)))},error:function(){i.silent||(s.error=Function.prototype.bind.call(console.error,console,i.name+":"),s.error.apply(console,arguments))},performance:{log:function(e){var t,n;i.performance&&(n=(t=(new Date).getTime())-(g||t),g=t,p.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:c,"Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=i.name+":",n=0;g=!1,clearTimeout(s.performance.timer),y.each(p,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",m&&(e+=" '"+m+"'"),(console.group!==C||console.table!==C)&&0<p.length&&(console.groupCollapsed(e),console.table?console.table(p):y.each(p,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),p=[]}},invoke:function(i,e,t){var o,a,n,r=u;return e=e||b,t=c||t,"string"==typeof i&&r!==C&&(i=i.split(/[\. ]/),o=i.length-1,y.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(y.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==C)return a=r[n],!1;if(!y.isPlainObject(r[t])||e==o)return r[t]!==C?a=r[t]:s.error(l.method,i),!1;r=r[t]}})),y.isFunction(a)?n=a.apply(t,e):a!==C&&(n=a),y.isArray(f)?f.push(n):f!==C?f=[f,n]:n!==C&&(f=n),a}},v?(u===C&&s.initialize(),s.invoke(h)):(u!==C&&u.invoke("destroy"),s.initialize())}),f!==C?f:this},y.fn.nag.settings={name:"Nag",silent:!1,debug:!1,verbose:!1,performance:!0,namespace:"Nag",persist:!1,displayTime:0,animation:{show:"slide",hide:"slide"},context:!1,detachable:!1,expires:30,domain:!1,path:"/",storageMethod:"cookie",key:"nag",value:"dismiss",error:{noCookieStorage:"$.cookie is not included. A storage solution is required.",noStorage:"Neither $.cookie or store is defined. A storage solution is required for storing state",method:"The method you called is not defined."},className:{bottom:"bottom",fixed:"fixed"},selector:{close:".close.icon"},speed:500,easing:"easeOutQuad",onHide:function(){}},y.extend(y.easing,{easeOutQuad:function(e,t,n,i,o){return-i*(t/=o)*(t-2)+n}})}(jQuery,window,document),function(z,I,M,L){"use strict";I=void 0!==I&&I.Math==Math?I:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),z.fn.popup=function(k){var T,e=z(this),A=z(M),R=z(I),P=z("body"),E=e.selector||"",F=(new Date).getTime(),O=[],D=k,q="string"==typeof D,j=[].slice.call(arguments,1);return e.each(function(){var u,c,e,t,n,d,f=z.isPlainObject(k)?z.extend(!0,{},z.fn.popup.settings,k):z.extend({},z.fn.popup.settings),o=f.selector,m=f.className,g=f.error,p=f.metadata,i=f.namespace,a="."+f.namespace,r="module-"+i,h=z(this),s=z(f.context),l=z(f.scrollContext),v=z(f.boundary),b=f.target?z(f.target):h,y=0,x=!1,C=!1,w=this,S=h.data(r);d={initialize:function(){d.debug("Initializing",h),d.createID(),d.bind.events(),!d.exists()&&f.preserve&&d.create(),f.observeChanges&&d.observeChanges(),d.instantiate()},instantiate:function(){d.verbose("Storing instance",d),S=d,h.data(r,S)},observeChanges:function(){"MutationObserver"in I&&((e=new MutationObserver(d.event.documentChanged)).observe(M,{childList:!0,subtree:!0}),d.debug("Setting up mutation observer",e))},refresh:function(){f.popup?u=z(f.popup).eq(0):f.inline&&(u=b.nextAll(o.popup).eq(0),f.popup=u),f.popup?(u.addClass(m.loading),c=d.get.offsetParent(),u.removeClass(m.loading),f.movePopup&&d.has.popup()&&d.get.offsetParent(u)[0]!==c[0]&&(d.debug("Moving popup to the same offset parent as target"),u.detach().appendTo(c))):c=f.inline?d.get.offsetParent(b):d.has.popup()?d.get.offsetParent(u):P,c.is("html")&&c[0]!==P[0]&&(d.debug("Setting page as offset parent"),c=P),d.get.variation()&&d.set.variation()},reposition:function(){d.refresh(),d.set.position()},destroy:function(){d.debug("Destroying previous module"),e&&e.disconnect(),u&&!f.preserve&&d.removePopup(),clearTimeout(d.hideTimer),clearTimeout(d.showTimer),d.unbind.close(),d.unbind.events(),h.removeData(r)},event:{start:function(e){var t=z.isPlainObject(f.delay)?f.delay.show:f.delay;clearTimeout(d.hideTimer),C||(d.showTimer=setTimeout(d.show,t))},end:function(){var e=z.isPlainObject(f.delay)?f.delay.hide:f.delay;clearTimeout(d.showTimer),d.hideTimer=setTimeout(d.hide,e)},touchstart:function(e){C=!0,d.show()},resize:function(){d.is.visible()&&d.set.position()},documentChanged:function(e){[].forEach.call(e,function(e){e.removedNodes&&[].forEach.call(e.removedNodes,function(e){(e==w||0<z(e).find(w).length)&&(d.debug("Element removed from DOM, tearing down events"),d.destroy())})})},hideGracefully:function(e){var t=z(e.target),n=z.contains(M.documentElement,e.target),i=0<t.closest(o.popup).length;e&&!i&&n?(d.debug("Click occurred outside popup hiding popup"),d.hide()):d.debug("Click was inside popup, keeping popup open")}},create:function(){var e=d.get.html(),t=d.get.title(),n=d.get.content();e||n||t?(d.debug("Creating pop-up html"),e||(e=f.templates.popup({title:t,content:n})),u=z("<div/>").addClass(m.popup).data(p.activator,h).html(e),f.inline?(d.verbose("Inserting popup element inline",u),u.insertAfter(h)):(d.verbose("Appending popup element to body",u),u.appendTo(s)),d.refresh(),d.set.variation(),f.hoverable&&d.bind.popup(),f.onCreate.call(u,w)):0!==b.next(o.popup).length?(d.verbose("Pre-existing popup found"),f.inline=!0,f.popup=b.next(o.popup).data(p.activator,h),d.refresh(),f.hoverable&&d.bind.popup()):f.popup?(z(f.popup).data(p.activator,h),d.verbose("Used popup specified in settings"),d.refresh(),f.hoverable&&d.bind.popup()):d.debug("No content specified skipping display",w)},createID:function(){n=(Math.random().toString(16)+"000000000").substr(2,8),t="."+n,d.verbose("Creating unique id for element",n)},toggle:function(){d.debug("Toggling pop-up"),d.is.hidden()?(d.debug("Popup is hidden, showing pop-up"),d.unbind.close(),d.show()):(d.debug("Popup is visible, hiding pop-up"),d.hide())},show:function(e){if(e=e||function(){},d.debug("Showing pop-up",f.transition),d.is.hidden()&&(!d.is.active()||!d.is.dropdown())){if(d.exists()||d.create(),!1===f.onShow.call(u,w))return void d.debug("onShow callback returned false, cancelling popup animation");f.preserve||f.popup||d.refresh(),u&&d.set.position()&&(d.save.conditions(),f.exclusive&&d.hideAll(),d.animate.show(e))}},hide:function(e){if(e=e||function(){},d.is.visible()||d.is.animating()){if(!1===f.onHide.call(u,w))return void d.debug("onHide callback returned false, cancelling popup animation");d.remove.visible(),d.unbind.close(),d.restore.conditions(),d.animate.hide(e)}},hideAll:function(){z(o.popup).filter("."+m.popupVisible).each(function(){z(this).data(p.activator).popup("hide")})},exists:function(){return!!u&&(f.inline||f.popup?d.has.popup():1<=u.closest(s).length)},removePopup:function(){d.has.popup()&&!f.popup&&(d.debug("Removing popup",u),u.remove(),u=L,f.onRemove.call(u,w))},save:{conditions:function(){d.cache={title:h.attr("title")},d.cache.title&&h.removeAttr("title"),d.verbose("Saving original attributes",d.cache.title)}},restore:{conditions:function(){return d.cache&&d.cache.title&&(h.attr("title",d.cache.title),d.verbose("Restoring original attributes",d.cache.title)),!0}},supports:{svg:function(){return"undefined"==typeof SVGGraphicsElement}},animate:{show:function(e){e=z.isFunction(e)?e:function(){},f.transition&&z.fn.transition!==L&&h.transition("is supported")?(d.set.visible(),u.transition({animation:f.transition+" in",queue:!1,debug:f.debug,verbose:f.verbose,duration:f.duration,onComplete:function(){d.bind.close(),e.call(u,w),f.onVisible.call(u,w)}})):d.error(g.noTransition)},hide:function(e){e=z.isFunction(e)?e:function(){},d.debug("Hiding pop-up"),!1!==f.onHide.call(u,w)?f.transition&&z.fn.transition!==L&&h.transition("is supported")?u.transition({animation:f.transition+" out",queue:!1,duration:f.duration,debug:f.debug,verbose:f.verbose,onComplete:function(){d.reset(),e.call(u,w),f.onHidden.call(u,w)}}):d.error(g.noTransition):d.debug("onHide callback returned false, cancelling popup animation")}},change:{content:function(e){u.html(e)}},get:{html:function(){return h.removeData(p.html),h.data(p.html)||f.html},title:function(){return h.removeData(p.title),h.data(p.title)||f.title},content:function(){return h.removeData(p.content),h.data(p.content)||f.content||h.attr("title")},variation:function(){return h.removeData(p.variation),h.data(p.variation)||f.variation},popup:function(){return u},popupOffset:function(){return u.offset()},calculations:function(){var e,t=d.get.offsetParent(u),n=b[0],i=v[0]==I,o=f.inline||f.popup&&f.movePopup?b.position():b.offset(),a=i?{top:0,left:0}:v.offset(),r={},s=i?{top:R.scrollTop(),left:R.scrollLeft()}:{top:0,left:0};if(r={target:{element:b[0],width:b.outerWidth(),height:b.outerHeight(),top:o.top,left:o.left,margin:{}},popup:{width:u.outerWidth(),height:u.outerHeight()},parent:{width:c.outerWidth(),height:c.outerHeight()},screen:{top:a.top,left:a.left,scroll:{top:s.top,left:s.left},width:v.width(),height:v.height()}},t.get(0)!==c.get(0)){var l=t.offset();r.target.top-=l.top,r.target.left-=l.left,r.parent.width=t.outerWidth(),r.parent.height=t.outerHeight()}return f.setFluidWidth&&d.is.fluid()&&(r.container={width:u.parent().outerWidth()},r.popup.width=r.container.width),r.target.margin.top=f.inline?parseInt(I.getComputedStyle(n).getPropertyValue("margin-top"),10):0,r.target.margin.left=f.inline?d.is.rtl()?parseInt(I.getComputedStyle(n).getPropertyValue("margin-right"),10):parseInt(I.getComputedStyle(n).getPropertyValue("margin-left"),10):0,e=r.screen,r.boundary={top:e.top+e.scroll.top,bottom:e.top+e.scroll.top+e.height,left:e.left+e.scroll.left,right:e.left+e.scroll.left+e.width},r},id:function(){return n},startEvent:function(){return"hover"==f.on?"mouseenter":"focus"==f.on&&"focus"},scrollEvent:function(){return"scroll"},endEvent:function(){return"hover"==f.on?"mouseleave":"focus"==f.on&&"blur"},distanceFromBoundary:function(e,t){var n,i,o={};return n=(t=t||d.get.calculations()).popup,i=t.boundary,e&&(o={top:e.top-i.top,left:e.left-i.left,right:i.right-(e.left+n.width),bottom:i.bottom-(e.top+n.height)},d.verbose("Distance from boundaries determined",e,o)),o},offsetParent:function(e){var t=(e!==L?e[0]:b[0]).parentNode,n=z(t);if(t)for(var i="none"===n.css("transform"),o="static"===n.css("position"),a=n.is("body");t&&!a&&o&&i;)t=t.parentNode,i="none"===(n=z(t)).css("transform"),o="static"===n.css("position"),a=n.is("body");return n&&0<n.length?n:z()},positions:function(){return{"top left":!1,"top center":!1,"top right":!1,"bottom left":!1,"bottom center":!1,"bottom right":!1,"left center":!1,"right center":!1}},nextPosition:function(e){var t=e.split(" "),n=t[0],i=t[1],o="top"==n||"bottom"==n,a=!1,r=!1,s=!1;return x||(d.verbose("All available positions available"),x=d.get.positions()),d.debug("Recording last position tried",e),x[e]=!0,"opposite"===f.prefer&&(s=(s=[{top:"bottom",bottom:"top",left:"right",right:"left"}[n],i]).join(" "),a=!0===x[s],d.debug("Trying opposite strategy",s)),"adjacent"===f.prefer&&o&&(s=(s=[n,{left:"center",center:"right",right:"left"}[i]]).join(" "),r=!0===x[s],d.debug("Trying adjacent strategy",s)),(r||a)&&(d.debug("Using backup position",s),s={"top left":"top center","top center":"top right","top right":"right center","right center":"bottom right","bottom right":"bottom center","bottom center":"bottom left","bottom left":"left center","left center":"top left"}[e]),s}},set:{position:function(e,t){if(0!==b.length&&0!==u.length){var n,i,o,a,r,s,l,c;if(t=t||d.get.calculations(),e=e||h.data(p.position)||f.position,n=h.data(p.offset)||f.offset,i=f.distanceAway,o=t.target,a=t.popup,r=t.parent,d.should.centerArrow(t)&&(d.verbose("Adjusting offset to center arrow on small target element"),"top left"!=e&&"bottom left"!=e||(n+=o.width/2,n-=f.arrowPixelsFromEdge),"top right"!=e&&"bottom right"!=e||(n-=o.width/2,n+=f.arrowPixelsFromEdge)),0===o.width&&0===o.height&&!d.is.svg(o.element))return d.debug("Popup target is hidden, no action taken"),!1;switch(f.inline&&(d.debug("Adding margin to calculation",o.margin),"left center"==e||"right center"==e?(n+=o.margin.top,i+=-o.margin.left):"top left"==e||"top center"==e||"top right"==e?(n+=o.margin.left,i-=o.margin.top):(n+=o.margin.left,i+=o.margin.top)),d.debug("Determining popup position from calculations",e,t),d.is.rtl()&&(e=e.replace(/left|right/g,function(e){return"left"==e?"right":"left"}),d.debug("RTL: Popup position updated",e)),y==f.maxSearchDepth&&"string"==typeof f.lastResort&&(e=f.lastResort),e){case"top left":s={top:"auto",bottom:r.height-o.top+i,left:o.left+n,right:"auto"};break;case"top center":s={bottom:r.height-o.top+i,left:o.left+o.width/2-a.width/2+n,top:"auto",right:"auto"};break;case"top right":s={bottom:r.height-o.top+i,right:r.width-o.left-o.width-n,top:"auto",left:"auto"};break;case"left center":s={top:o.top+o.height/2-a.height/2+n,right:r.width-o.left+i,left:"auto",bottom:"auto"};break;case"right center":s={top:o.top+o.height/2-a.height/2+n,left:o.left+o.width+i,bottom:"auto",right:"auto"};break;case"bottom left":s={top:o.top+o.height+i,left:o.left+n,bottom:"auto",right:"auto"};break;case"bottom center":s={top:o.top+o.height+i,left:o.left+o.width/2-a.width/2+n,bottom:"auto",right:"auto"};break;case"bottom right":s={top:o.top+o.height+i,right:r.width-o.left-o.width-n,left:"auto",bottom:"auto"}}if(s===L&&d.error(g.invalidPosition,e),d.debug("Calculated popup positioning values",s),u.css(s).removeClass(m.position).addClass(e).addClass(m.loading),l=d.get.popupOffset(),c=d.get.distanceFromBoundary(l,t),d.is.offstage(c,e)){if(d.debug("Position is outside viewport",e),y<f.maxSearchDepth)return y++,e=d.get.nextPosition(e),d.debug("Trying new position",e),!!u&&d.set.position(e,t);if(!f.lastResort)return d.debug("Popup could not find a position to display",u),d.error(g.cannotPlace,w),d.remove.attempts(),d.remove.loading(),d.reset(),f.onUnplaceable.call(u,w),!1;d.debug("No position found, showing with last position")}return d.debug("Position is on stage",e),d.remove.attempts(),d.remove.loading(),f.setFluidWidth&&d.is.fluid()&&d.set.fluidWidth(t),!0}d.error(g.notFound)},fluidWidth:function(e){e=e||d.get.calculations(),d.debug("Automatically setting element width to parent width",e.parent.width),u.css("width",e.container.width)},variation:function(e){(e=e||d.get.variation())&&d.has.popup()&&(d.verbose("Adding variation to popup",e),u.addClass(e))},visible:function(){h.addClass(m.visible)}},remove:{loading:function(){u.removeClass(m.loading)},variation:function(e){(e=e||d.get.variation())&&(d.verbose("Removing variation",e),u.removeClass(e))},visible:function(){h.removeClass(m.visible)},attempts:function(){d.verbose("Resetting all searched positions"),y=0,x=!1}},bind:{events:function(){d.debug("Binding popup events to module"),"click"==f.on&&h.on("click"+a,d.toggle),"hover"==f.on&&h.on("touchstart"+a,d.event.touchstart),d.get.startEvent()&&h.on(d.get.startEvent()+a,d.event.start).on(d.get.endEvent()+a,d.event.end),f.target&&d.debug("Target set to element",b),R.on("resize"+t,d.event.resize)},popup:function(){d.verbose("Allowing hover events on popup to prevent closing"),u&&d.has.popup()&&u.on("mouseenter"+a,d.event.start).on("mouseleave"+a,d.event.end)},close:function(){(!0===f.hideOnScroll||"auto"==f.hideOnScroll&&"click"!=f.on)&&d.bind.closeOnScroll(),d.is.closable()?d.bind.clickaway():"hover"==f.on&&C&&d.bind.touchClose()},closeOnScroll:function(){d.verbose("Binding scroll close event to document"),l.one(d.get.scrollEvent()+t,d.event.hideGracefully)},touchClose:function(){d.verbose("Binding popup touchclose event to document"),A.on("touchstart"+t,function(e){d.verbose("Touched away from popup"),d.event.hideGracefully.call(w,e)})},clickaway:function(){d.verbose("Binding popup close event to document"),A.on("click"+t,function(e){d.verbose("Clicked away from popup"),d.event.hideGracefully.call(w,e)})}},unbind:{events:function(){R.off(t),h.off(a)},close:function(){A.off(t),l.off(t)}},has:{popup:function(){return u&&0<u.length}},should:{centerArrow:function(e){return!d.is.basic()&&e.target.width<=2*f.arrowPixelsFromEdge}},is:{closable:function(){return"auto"==f.closable?"hover"!=f.on:f.closable},offstage:function(e,n){var i=[];return z.each(e,function(e,t){t<-f.jitter&&(d.debug("Position exceeds allowable distance from edge",e,t,n),i.push(e))}),0<i.length},svg:function(e){return d.supports.svg()&&e instanceof SVGGraphicsElement},basic:function(){return h.hasClass(m.basic)},active:function(){return h.hasClass(m.active)},animating:function(){return u!==L&&u.hasClass(m.animating)},fluid:function(){return u!==L&&u.hasClass(m.fluid)},visible:function(){return u!==L&&u.hasClass(m.popupVisible)},dropdown:function(){return h.hasClass(m.dropdown)},hidden:function(){return!d.is.visible()},rtl:function(){return"rtl"==h.css("direction")}},reset:function(){d.remove.visible(),f.preserve?z.fn.transition!==L&&u.transition("remove transition"):d.removePopup()},setting:function(e,t){if(z.isPlainObject(e))z.extend(!0,f,e);else{if(t===L)return f[e];f[e]=t}},internal:function(e,t){if(z.isPlainObject(e))z.extend(!0,d,e);else{if(t===L)return d[e];d[e]=t}},debug:function(){!f.silent&&f.debug&&(f.performance?d.performance.log(arguments):(d.debug=Function.prototype.bind.call(console.info,console,f.name+":"),d.debug.apply(console,arguments)))},verbose:function(){!f.silent&&f.verbose&&f.debug&&(f.performance?d.performance.log(arguments):(d.verbose=Function.prototype.bind.call(console.info,console,f.name+":"),d.verbose.apply(console,arguments)))},error:function(){f.silent||(d.error=Function.prototype.bind.call(console.error,console,f.name+":"),d.error.apply(console,arguments))},performance:{log:function(e){var t,n;f.performance&&(n=(t=(new Date).getTime())-(F||t),F=t,O.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:w,"Execution Time":n})),clearTimeout(d.performance.timer),d.performance.timer=setTimeout(d.performance.display,500)},display:function(){var e=f.name+":",n=0;F=!1,clearTimeout(d.performance.timer),z.each(O,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",E&&(e+=" '"+E+"'"),(console.group!==L||console.table!==L)&&0<O.length&&(console.groupCollapsed(e),console.table?console.table(O):z.each(O,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),O=[]}},invoke:function(i,e,t){var o,a,n,r=S;return e=e||j,t=w||t,"string"==typeof i&&r!==L&&(i=i.split(/[\. ]/),o=i.length-1,z.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(z.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==L)return a=r[n],!1;if(!z.isPlainObject(r[t])||e==o)return r[t]!==L&&(a=r[t]),!1;r=r[t]}})),z.isFunction(a)?n=a.apply(t,e):a!==L&&(n=a),z.isArray(T)?T.push(n):T!==L?T=[T,n]:n!==L&&(T=n),a}},q?(S===L&&d.initialize(),d.invoke(D)):(S!==L&&S.invoke("destroy"),d.initialize())}),T!==L?T:this},z.fn.popup.settings={name:"Popup",silent:!1,debug:!1,verbose:!1,performance:!0,namespace:"popup",observeChanges:!0,onCreate:function(){},onRemove:function(){},onShow:function(){},onVisible:function(){},onHide:function(){},onUnplaceable:function(){},onHidden:function(){},on:"hover",boundary:I,addTouchEvents:!0,position:"top left",variation:"",movePopup:!0,target:!1,popup:!1,inline:!1,preserve:!1,hoverable:!1,content:!1,html:!1,title:!1,closable:!0,hideOnScroll:"auto",exclusive:!1,context:"body",scrollContext:I,prefer:"opposite",lastResort:!1,arrowPixelsFromEdge:20,delay:{show:50,hide:70},setFluidWidth:!0,duration:200,transition:"scale",distanceAway:0,jitter:2,offset:0,maxSearchDepth:15,error:{invalidPosition:"The position you specified is not a valid position",cannotPlace:"Popup does not fit within the boundaries of the viewport",method:"The method you called is not defined.",noTransition:"This module requires ui transitions <https://github.com/Semantic-Org/UI-Transition>",notFound:"The target or popup you specified does not exist on the page"},metadata:{activator:"activator",content:"content",html:"html",offset:"offset",position:"position",title:"title",variation:"variation"},className:{active:"active",basic:"basic",animating:"animating",dropdown:"dropdown",fluid:"fluid",loading:"loading",popup:"ui popup",position:"top left center bottom right",visible:"visible",popupVisible:"visible"},selector:{popup:".ui.popup"},templates:{escape:function(e){var t={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#x27;","`":"&#x60;"};return/[&<>"'`]/.test(e)?e.replace(/[&<>"'`]/g,function(e){return t[e]}):e},popup:function(e){var t="",n=z.fn.popup.settings.templates.escape;return typeof e!==L&&(typeof e.title!==L&&e.title&&(e.title=n(e.title),t+='<div class="header">'+e.title+"</div>"),typeof e.content!==L&&e.content&&(e.content=n(e.content),t+='<div class="content">'+e.content+"</div>")),t}}}}(jQuery,window,document),function(k,e,T,A){"use strict";void 0!==(e=void 0!==e&&e.Math==Math?e:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")())&&e.Math==Math||("undefined"!=typeof self&&self.Math==Math?self:Function("return this")());k.fn.progress=function(h){var v,e=k(this),b=e.selector||"",y=(new Date).getTime(),x=[],C=h,w="string"==typeof C,S=[].slice.call(arguments,1);return e.each(function(){var s,i=k.isPlainObject(h)?k.extend(!0,{},k.fn.progress.settings,h):k.extend({},k.fn.progress.settings),t=i.className,n=i.metadata,e=i.namespace,o=i.selector,l=i.error,a="."+e,r="module-"+e,c=k(this),u=k(this).find(o.bar),d=k(this).find(o.progress),f=k(this).find(o.label),m=this,g=c.data(r),p=!1;s={initialize:function(){s.debug("Initializing progress bar",i),s.set.duration(),s.set.transitionEvent(),s.read.metadata(),s.read.settings(),s.instantiate()},instantiate:function(){s.verbose("Storing instance of progress",s),g=s,c.data(r,s)},destroy:function(){s.verbose("Destroying previous progress for",c),clearInterval(g.interval),s.remove.state(),c.removeData(r),g=A},reset:function(){s.remove.nextValue(),s.update.progress(0)},complete:function(){(s.percent===A||s.percent<100)&&(s.remove.progressPoll(),s.set.percent(100))},read:{metadata:function(){var e={percent:c.data(n.percent),total:c.data(n.total),value:c.data(n.value)};e.percent&&(s.debug("Current percent value set from metadata",e.percent),s.set.percent(e.percent)),e.total&&(s.debug("Total value set from metadata",e.total),s.set.total(e.total)),e.value&&(s.debug("Current value set from metadata",e.value),s.set.value(e.value),s.set.progress(e.value))},settings:function(){!1!==i.total&&(s.debug("Current total set in settings",i.total),s.set.total(i.total)),!1!==i.value&&(s.debug("Current value set in settings",i.value),s.set.value(i.value),s.set.progress(s.value)),!1!==i.percent&&(s.debug("Current percent set in settings",i.percent),s.set.percent(i.percent))}},bind:{transitionEnd:function(t){var e=s.get.transitionEnd();u.one(e+a,function(e){clearTimeout(s.failSafeTimer),t.call(this,e)}),s.failSafeTimer=setTimeout(function(){u.triggerHandler(e)},i.duration+i.failSafeDelay),s.verbose("Adding fail safe timer",s.timer)}},increment:function(e){var t,n;s.has.total()?n=(t=s.get.value())+(e=e||1):(n=(t=s.get.percent())+(e=e||s.get.randomValue()),100,s.debug("Incrementing percentage by",t,n)),n=s.get.normalizedValue(n),s.set.progress(n)},decrement:function(e){var t,n;s.get.total()?(n=(t=s.get.value())-(e=e||1),s.debug("Decrementing value by",e,t)):(n=(t=s.get.percent())-(e=e||s.get.randomValue()),s.debug("Decrementing percentage by",e,t)),n=s.get.normalizedValue(n),s.set.progress(n)},has:{progressPoll:function(){return s.progressPoll},total:function(){return!1!==s.get.total()}},get:{text:function(e){var t=s.value||0,n=s.total||0,i=p?s.get.displayPercent():s.percent||0,o=0<s.total?n-t:100-i;return e=(e=e||"").replace("{value}",t).replace("{total}",n).replace("{left}",o).replace("{percent}",i),s.verbose("Adding variables to progress bar text",e),e},normalizedValue:function(e){if(e<0)return s.debug("Value cannot decrement below 0"),0;if(s.has.total()){if(e>s.total)return s.debug("Value cannot increment above total",s.total),s.total}else if(100<e)return s.debug("Value cannot increment above 100 percent"),100;return e},updateInterval:function(){return"auto"==i.updateInterval?i.duration:i.updateInterval},randomValue:function(){return s.debug("Generating random increment percentage"),Math.floor(Math.random()*i.random.max+i.random.min)},numericValue:function(e){return"string"==typeof e?""!==e.replace(/[^\d.]/g,"")&&+e.replace(/[^\d.]/g,""):e},transitionEnd:function(){var e,t=T.createElement("element"),n={transition:"transitionend",OTransition:"oTransitionEnd",MozTransition:"transitionend",WebkitTransition:"webkitTransitionEnd"};for(e in n)if(t.style[e]!==A)return n[e]},displayPercent:function(){var e=u.width(),t=c.width(),n=parseInt(u.css("min-width"),10)<e?e/t*100:s.percent;return 0<i.precision?Math.round(n*(10*i.precision))/(10*i.precision):Math.round(n)},percent:function(){return s.percent||0},value:function(){return s.nextValue||s.value||0},total:function(){return s.total||!1}},create:{progressPoll:function(){s.progressPoll=setTimeout(function(){s.update.toNextValue(),s.remove.progressPoll()},s.get.updateInterval())}},is:{complete:function(){return s.is.success()||s.is.warning()||s.is.error()},success:function(){return c.hasClass(t.success)},warning:function(){return c.hasClass(t.warning)},error:function(){return c.hasClass(t.error)},active:function(){return c.hasClass(t.active)},visible:function(){return c.is(":visible")}},remove:{progressPoll:function(){s.verbose("Removing progress poll timer"),s.progressPoll&&(clearTimeout(s.progressPoll),delete s.progressPoll)},nextValue:function(){s.verbose("Removing progress value stored for next update"),delete s.nextValue},state:function(){s.verbose("Removing stored state"),delete s.total,delete s.percent,delete s.value},active:function(){s.verbose("Removing active state"),c.removeClass(t.active)},success:function(){s.verbose("Removing success state"),c.removeClass(t.success)},warning:function(){s.verbose("Removing warning state"),c.removeClass(t.warning)},error:function(){s.verbose("Removing error state"),c.removeClass(t.error)}},set:{barWidth:function(e){100<e?s.error(l.tooHigh,e):e<0?s.error(l.tooLow,e):(u.css("width",e+"%"),c.attr("data-percent",parseInt(e,10)))},duration:function(e){e="number"==typeof(e=e||i.duration)?e+"ms":e,s.verbose("Setting progress bar transition duration",e),u.css({"transition-duration":e})},percent:function(e){e="string"==typeof e?+e.replace("%",""):e,e=0<i.precision?Math.round(e*(10*i.precision))/(10*i.precision):Math.round(e),s.percent=e,s.has.total()||(s.value=0<i.precision?Math.round(e/100*s.total*(10*i.precision))/(10*i.precision):Math.round(e/100*s.total*10)/10,i.limitValues&&(s.value=100<s.value?100:s.value<0?0:s.value)),s.set.barWidth(e),s.set.labelInterval(),s.set.labels(),i.onChange.call(m,e,s.value,s.total)},labelInterval:function(){clearInterval(s.interval),s.bind.transitionEnd(function(){s.verbose("Bar finished animating, removing continuous label updates"),clearInterval(s.interval),p=!1,s.set.labels()}),p=!0,s.interval=setInterval(function(){k.contains(T.documentElement,m)||(clearInterval(s.interval),p=!1),s.set.labels()},i.framerate)},labels:function(){s.verbose("Setting both bar progress and outer label text"),s.set.barLabel(),s.set.state()},label:function(e){(e=e||"")&&(e=s.get.text(e),s.verbose("Setting label to text",e),f.text(e))},state:function(e){100===(e=e!==A?e:s.percent)?i.autoSuccess&&!(s.is.warning()||s.is.error()||s.is.success())?(s.set.success(),s.debug("Automatically triggering success at 100%")):(s.verbose("Reached 100% removing active state"),s.remove.active(),s.remove.progressPoll()):0<e?(s.verbose("Adjusting active progress bar label",e),s.set.active()):(s.remove.active(),s.set.label(i.text.active))},barLabel:function(e){e!==A?d.text(s.get.text(e)):"ratio"==i.label&&s.total?(s.verbose("Adding ratio to bar label"),d.text(s.get.text(i.text.ratio))):"percent"==i.label&&(s.verbose("Adding percentage to bar label"),d.text(s.get.text(i.text.percent)))},active:function(e){e=e||i.text.active,s.debug("Setting active state"),i.showActivity&&!s.is.active()&&c.addClass(t.active),s.remove.warning(),s.remove.error(),s.remove.success(),(e=i.onLabelUpdate("active",e,s.value,s.total))&&s.set.label(e),s.bind.transitionEnd(function(){i.onActive.call(m,s.value,s.total)})},success:function(e){e=e||i.text.success||i.text.active,s.debug("Setting success state"),c.addClass(t.success),s.remove.active(),s.remove.warning(),s.remove.error(),s.complete(),e=i.text.success?i.onLabelUpdate("success",e,s.value,s.total):i.onLabelUpdate("active",e,s.value,s.total),s.set.label(e),s.bind.transitionEnd(function(){i.onSuccess.call(m,s.total)})},warning:function(e){e=e||i.text.warning,s.debug("Setting warning state"),c.addClass(t.warning),s.remove.active(),s.remove.success(),s.remove.error(),s.complete(),(e=i.onLabelUpdate("warning",e,s.value,s.total))&&s.set.label(e),s.bind.transitionEnd(function(){i.onWarning.call(m,s.value,s.total)})},error:function(e){e=e||i.text.error,s.debug("Setting error state"),c.addClass(t.error),s.remove.active(),s.remove.success(),s.remove.warning(),s.complete(),(e=i.onLabelUpdate("error",e,s.value,s.total))&&s.set.label(e),s.bind.transitionEnd(function(){i.onError.call(m,s.value,s.total)})},transitionEvent:function(){s.get.transitionEnd()},total:function(e){s.total=e},value:function(e){s.value=e},progress:function(e){s.has.progressPoll()?(s.debug("Updated within interval, setting next update to use new value",e),s.set.nextValue(e)):(s.debug("First update in progress update interval, immediately updating",e),s.update.progress(e),s.create.progressPoll())},nextValue:function(e){s.nextValue=e}},update:{toNextValue:function(){var e=s.nextValue;e&&(s.debug("Update interval complete using last updated value",e),s.update.progress(e),s.remove.nextValue())},progress:function(e){var t;!1===(e=s.get.numericValue(e))&&s.error(l.nonNumeric,e),e=s.get.normalizedValue(e),s.has.total()?(s.set.value(e),t=e/s.total*100,s.debug("Calculating percent complete from total",t)):(t=e,s.debug("Setting value to exact percentage value",t)),s.set.percent(t)}},setting:function(e,t){if(s.debug("Changing setting",e,t),k.isPlainObject(e))k.extend(!0,i,e);else{if(t===A)return i[e];k.isPlainObject(i[e])?k.extend(!0,i[e],t):i[e]=t}},internal:function(e,t){if(k.isPlainObject(e))k.extend(!0,s,e);else{if(t===A)return s[e];s[e]=t}},debug:function(){!i.silent&&i.debug&&(i.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,i.name+":"),s.debug.apply(console,arguments)))},verbose:function(){!i.silent&&i.verbose&&i.debug&&(i.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,i.name+":"),s.verbose.apply(console,arguments)))},error:function(){i.silent||(s.error=Function.prototype.bind.call(console.error,console,i.name+":"),s.error.apply(console,arguments))},performance:{log:function(e){var t,n;i.performance&&(n=(t=(new Date).getTime())-(y||t),y=t,x.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:m,"Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=i.name+":",n=0;y=!1,clearTimeout(s.performance.timer),k.each(x,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",b&&(e+=" '"+b+"'"),(console.group!==A||console.table!==A)&&0<x.length&&(console.groupCollapsed(e),console.table?console.table(x):k.each(x,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),x=[]}},invoke:function(i,e,t){var o,a,n,r=g;return e=e||S,t=m||t,"string"==typeof i&&r!==A&&(i=i.split(/[\. ]/),o=i.length-1,k.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(k.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==A)return a=r[n],!1;if(!k.isPlainObject(r[t])||e==o)return r[t]!==A?a=r[t]:s.error(l.method,i),!1;r=r[t]}})),k.isFunction(a)?n=a.apply(t,e):a!==A&&(n=a),k.isArray(v)?v.push(n):v!==A?v=[v,n]:n!==A&&(v=n),a}},w?(g===A&&s.initialize(),s.invoke(C)):(g!==A&&g.invoke("destroy"),s.initialize())}),v!==A?v:this},k.fn.progress.settings={name:"Progress",namespace:"progress",silent:!1,debug:!1,verbose:!1,performance:!0,random:{min:2,max:5},duration:300,updateInterval:"auto",autoSuccess:!0,showActivity:!0,limitValues:!0,label:"percent",precision:0,framerate:1e3/30,percent:!1,total:!1,value:!1,failSafeDelay:100,onLabelUpdate:function(e,t,n,i){return t},onChange:function(e,t,n){},onSuccess:function(e){},onActive:function(e,t){},onError:function(e,t){},onWarning:function(e,t){},error:{method:"The method you called is not defined.",nonNumeric:"Progress value is non numeric",tooHigh:"Value specified is above 100%",tooLow:"Value specified is below 0%"},regExp:{variable:/\{\$*[A-z0-9]+\}/g},metadata:{percent:"percent",total:"total",value:"value"},selector:{bar:"> .bar",label:"> .label",progress:".bar > .progress"},text:{active:!1,error:!1,success:!1,warning:!1,percent:"{percent}%",ratio:"{value} of {total}"},className:{active:"active",error:"error",success:"success",warning:"warning"}}}(jQuery,window,document),function(w,e,t,S){"use strict";e=void 0!==e&&e.Math==Math?e:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),w.fn.rating=function(m){var g,p=w(this),h=p.selector||"",v=(new Date).getTime(),b=[],y=m,x="string"==typeof y,C=[].slice.call(arguments,1);return p.each(function(){var e,i,o=w.isPlainObject(m)?w.extend(!0,{},w.fn.rating.settings,m):w.extend({},w.fn.rating.settings),t=o.namespace,a=o.className,n=o.metadata,r=o.selector,s=(o.error,"."+t),l="module-"+t,c=this,u=w(this).data(l),d=w(this),f=d.find(r.icon);i={initialize:function(){i.verbose("Initializing rating module",o),0===f.length&&i.setup.layout(),o.interactive?i.enable():i.disable(),i.set.initialLoad(),i.set.rating(i.get.initialRating()),i.remove.initialLoad(),i.instantiate()},instantiate:function(){i.verbose("Instantiating module",o),u=i,d.data(l,i)},destroy:function(){i.verbose("Destroying previous instance",u),i.remove.events(),d.removeData(l)},refresh:function(){f=d.find(r.icon)},setup:{layout:function(){var e=i.get.maxRating(),t=w.fn.rating.settings.templates.icon(e);i.debug("Generating icon html dynamically"),d.html(t),i.refresh()}},event:{mouseenter:function(){var e=w(this);e.nextAll().removeClass(a.selected),d.addClass(a.selected),e.addClass(a.selected).prevAll().addClass(a.selected)},mouseleave:function(){d.removeClass(a.selected),f.removeClass(a.selected)},click:function(){var e=w(this),t=i.get.rating(),n=f.index(e)+1;("auto"==o.clearable?1===f.length:o.clearable)&&t==n?i.clearRating():i.set.rating(n)}},clearRating:function(){i.debug("Clearing current rating"),i.set.rating(0)},bind:{events:function(){i.verbose("Binding events"),d.on("mouseenter"+s,r.icon,i.event.mouseenter).on("mouseleave"+s,r.icon,i.event.mouseleave).on("click"+s,r.icon,i.event.click)}},remove:{events:function(){i.verbose("Removing events"),d.off(s)},initialLoad:function(){e=!1}},enable:function(){i.debug("Setting rating to interactive mode"),i.bind.events(),d.removeClass(a.disabled)},disable:function(){i.debug("Setting rating to read-only mode"),i.remove.events(),d.addClass(a.disabled)},is:{initialLoad:function(){return e}},get:{initialRating:function(){return d.data(n.rating)!==S?(d.removeData(n.rating),d.data(n.rating)):o.initialRating},maxRating:function(){return d.data(n.maxRating)!==S?(d.removeData(n.maxRating),d.data(n.maxRating)):o.maxRating},rating:function(){var e=f.filter("."+a.active).length;return i.verbose("Current rating retrieved",e),e}},set:{rating:function(e){var t=0<=e-1?e-1:0,n=f.eq(t);d.removeClass(a.selected),f.removeClass(a.selected).removeClass(a.active),0<e&&(i.verbose("Setting current rating to",e),n.prevAll().addBack().addClass(a.active)),i.is.initialLoad()||o.onRate.call(c,e)},initialLoad:function(){e=!0}},setting:function(e,t){if(i.debug("Changing setting",e,t),w.isPlainObject(e))w.extend(!0,o,e);else{if(t===S)return o[e];w.isPlainObject(o[e])?w.extend(!0,o[e],t):o[e]=t}},internal:function(e,t){if(w.isPlainObject(e))w.extend(!0,i,e);else{if(t===S)return i[e];i[e]=t}},debug:function(){!o.silent&&o.debug&&(o.performance?i.performance.log(arguments):(i.debug=Function.prototype.bind.call(console.info,console,o.name+":"),i.debug.apply(console,arguments)))},verbose:function(){!o.silent&&o.verbose&&o.debug&&(o.performance?i.performance.log(arguments):(i.verbose=Function.prototype.bind.call(console.info,console,o.name+":"),i.verbose.apply(console,arguments)))},error:function(){o.silent||(i.error=Function.prototype.bind.call(console.error,console,o.name+":"),i.error.apply(console,arguments))},performance:{log:function(e){var t,n;o.performance&&(n=(t=(new Date).getTime())-(v||t),v=t,b.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:c,"Execution Time":n})),clearTimeout(i.performance.timer),i.performance.timer=setTimeout(i.performance.display,500)},display:function(){var e=o.name+":",n=0;v=!1,clearTimeout(i.performance.timer),w.each(b,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",h&&(e+=" '"+h+"'"),1<p.length&&(e+=" ("+p.length+")"),(console.group!==S||console.table!==S)&&0<b.length&&(console.groupCollapsed(e),console.table?console.table(b):w.each(b,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),b=[]}},invoke:function(i,e,t){var o,a,n,r=u;return e=e||C,t=c||t,"string"==typeof i&&r!==S&&(i=i.split(/[\. ]/),o=i.length-1,w.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(w.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==S)return a=r[n],!1;if(!w.isPlainObject(r[t])||e==o)return r[t]!==S&&(a=r[t]),!1;r=r[t]}})),w.isFunction(a)?n=a.apply(t,e):a!==S&&(n=a),w.isArray(g)?g.push(n):g!==S?g=[g,n]:n!==S&&(g=n),a}},x?(u===S&&i.initialize(),i.invoke(y)):(u!==S&&u.invoke("destroy"),i.initialize())}),g!==S?g:this},w.fn.rating.settings={name:"Rating",namespace:"rating",slent:!1,debug:!1,verbose:!1,performance:!0,initialRating:0,interactive:!0,maxRating:4,clearable:"auto",fireOnInit:!1,onRate:function(e){},error:{method:"The method you called is not defined",noMaximum:"No maximum rating specified. Cannot generate HTML automatically"},metadata:{rating:"rating",maxRating:"maxRating"},className:{active:"active",disabled:"disabled",selected:"selected",loading:"loading"},selector:{icon:".icon"},templates:{icon:function(e){for(var t=1,n="";t<=e;)n+='<i class="icon"></i>',t++;return n}}}}(jQuery,window,document),function(E,F,O,D){"use strict";F=void 0!==F&&F.Math==Math?F:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),E.fn.search=function(l){var C,w=E(this),S=w.selector||"",k=(new Date).getTime(),T=[],A=l,R="string"==typeof A,P=[].slice.call(arguments,1);return E(this).each(function(){var f,c=E.isPlainObject(l)?E.extend(!0,{},E.fn.search.settings,l):E.extend({},E.fn.search.settings),m=c.className,u=c.metadata,d=c.regExp,a=c.fields,g=c.selector,p=c.error,e=c.namespace,i="."+e,t=e+"-module",h=E(this),v=h.find(g.prompt),n=h.find(g.searchButton),o=h.find(g.results),r=h.find(g.result),b=(h.find(g.category),this),s=h.data(t),y=!1,x=!1;f={initialize:function(){f.verbose("Initializing module"),f.get.settings(),f.determine.searchFields(),f.bind.events(),f.set.type(),f.create.results(),f.instantiate()},instantiate:function(){f.verbose("Storing instance of module",f),s=f,h.data(t,f)},destroy:function(){f.verbose("Destroying instance"),h.off(i).removeData(t)},refresh:function(){f.debug("Refreshing selector cache"),v=h.find(g.prompt),n=h.find(g.searchButton),h.find(g.category),o=h.find(g.results),r=h.find(g.result)},refreshResults:function(){o=h.find(g.results),r=h.find(g.result)},bind:{events:function(){f.verbose("Binding events to search"),c.automatic&&(h.on(f.get.inputEvent()+i,g.prompt,f.event.input),v.attr("autocomplete","off")),h.on("focus"+i,g.prompt,f.event.focus).on("blur"+i,g.prompt,f.event.blur).on("keydown"+i,g.prompt,f.handleKeyboard).on("click"+i,g.searchButton,f.query).on("mousedown"+i,g.results,f.event.result.mousedown).on("mouseup"+i,g.results,f.event.result.mouseup).on("click"+i,g.result,f.event.result.click)}},determine:{searchFields:function(){l&&l.searchFields!==D&&(c.searchFields=l.searchFields)}},event:{input:function(){c.searchDelay?(clearTimeout(f.timer),f.timer=setTimeout(function(){f.is.focused()&&f.query()},c.searchDelay)):f.query()},focus:function(){f.set.focus(),c.searchOnFocus&&f.has.minimumCharacters()&&f.query(function(){f.can.show()&&f.showResults()})},blur:function(e){var t=O.activeElement===this,n=function(){f.cancel.query(),f.remove.focus(),f.timer=setTimeout(f.hideResults,c.hideDelay)};t||(x=!1,f.resultsClicked?(f.debug("Determining if user action caused search to close"),h.one("click.close"+i,g.results,function(e){f.is.inMessage(e)||y?v.focus():(y=!1,f.is.animating()||f.is.hidden()||n())})):(f.debug("Input blurred without user action, closing results"),n()))},result:{mousedown:function(){f.resultsClicked=!0},mouseup:function(){f.resultsClicked=!1},click:function(e){f.debug("Search result selected");var t=E(this),n=t.find(g.title).eq(0),i=t.is("a[href]")?t:t.find("a[href]").eq(0),o=i.attr("href")||!1,a=i.attr("target")||!1,r=(n.html(),0<n.length&&n.text()),s=f.get.results(),l=t.data(u.result)||f.get.result(r,s);if(E.isFunction(c.onSelect)&&!1===c.onSelect.call(b,l,s))return f.debug("Custom onSelect callback cancelled default select action"),void(y=!0);f.hideResults(),r&&f.set.value(r),o&&(f.verbose("Opening search link found in result",i),"_blank"==a||e.ctrlKey?F.open(o):F.location.href=o)}}},handleKeyboard:function(e){var t,n=h.find(g.result),i=h.find(g.category),o=n.filter("."+m.active),a=n.index(o),r=n.length,s=0<o.length,l=e.which,c=13,u=38,d=40;if(l==27&&(f.verbose("Escape key pressed, blurring search field"),f.hideResults(),x=!0),f.is.visible())if(l==c){if(f.verbose("Enter key pressed, selecting active result"),0<n.filter("."+m.active).length)return f.event.result.click.call(n.filter("."+m.active),e),e.preventDefault(),!1}else l==u&&s?(f.verbose("Up key pressed, changing active result"),t=a-1<0?a:a-1,i.removeClass(m.active),n.removeClass(m.active).eq(t).addClass(m.active).closest(i).addClass(m.active),e.preventDefault()):l==d&&(f.verbose("Down key pressed, changing active result"),t=r<=a+1?a:a+1,i.removeClass(m.active),n.removeClass(m.active).eq(t).addClass(m.active).closest(i).addClass(m.active),e.preventDefault());else l==c&&(f.verbose("Enter key pressed, executing query"),f.query(),f.set.buttonPressed(),v.one("keyup",f.remove.buttonFocus))},setup:{api:function(t,n){var e={debug:c.debug,on:!1,cache:c.cache,action:"search",urlData:{query:t},onSuccess:function(e){f.parse.response.call(b,e,t),n()},onFailure:function(){f.displayMessage(p.serverError),n()},onAbort:function(e){},onError:f.error};E.extend(!0,e,c.apiSettings),f.verbose("Setting up API request",e),h.api(e)}},can:{useAPI:function(){return E.fn.api!==D},show:function(){return f.is.focused()&&!f.is.visible()&&!f.is.empty()},transition:function(){return c.transition&&E.fn.transition!==D&&h.transition("is supported")}},is:{animating:function(){return o.hasClass(m.animating)},hidden:function(){return o.hasClass(m.hidden)},inMessage:function(e){if(e.target){var t=E(e.target);return E.contains(O.documentElement,e.target)&&0<t.closest(g.message).length}},empty:function(){return""===o.html()},visible:function(){return 0<o.filter(":visible").length},focused:function(){return 0<v.filter(":focus").length}},get:{settings:function(){E.isPlainObject(l)&&l.searchFullText&&(c.fullTextSearch=l.searchFullText,f.error(c.error.oldSearchSyntax,b))},inputEvent:function(){var e=v[0];return e!==D&&e.oninput!==D?"input":e!==D&&e.onpropertychange!==D?"propertychange":"keyup"},value:function(){return v.val()},results:function(){return h.data(u.results)},result:function(n,e){var i=["title","id"],o=!1;return n=n!==D?n:f.get.value(),e=e!==D?e:f.get.results(),"category"===c.type?(f.debug("Finding result that matches",n),E.each(e,function(e,t){if(E.isArray(t.results)&&(o=f.search.object(n,t.results,i)[0]))return!1})):(f.debug("Finding result in results object",n),o=f.search.object(n,e,i)[0]),o||!1}},select:{firstResult:function(){f.verbose("Selecting first result"),r.first().addClass(m.active)}},set:{focus:function(){h.addClass(m.focus)},loading:function(){h.addClass(m.loading)},value:function(e){f.verbose("Setting search input value",e),v.val(e)},type:function(e){e=e||c.type,"category"==c.type&&h.addClass(c.type)},buttonPressed:function(){n.addClass(m.pressed)}},remove:{loading:function(){h.removeClass(m.loading)},focus:function(){h.removeClass(m.focus)},buttonPressed:function(){n.removeClass(m.pressed)}},query:function(e){e=E.isFunction(e)?e:function(){};var t=f.get.value(),n=f.read.cache(t);e=e||function(){},f.has.minimumCharacters()?(n?(f.debug("Reading result from cache",t),f.save.results(n.results),f.addResults(n.html),f.inject.id(n.results),e()):(f.debug("Querying for",t),E.isPlainObject(c.source)||E.isArray(c.source)?(f.search.local(t),e()):f.can.useAPI()?f.search.remote(t,e):(f.error(p.source),e())),c.onSearchQuery.call(b,t)):f.hideResults()},search:{local:function(e){var t,n=f.search.object(e,c.content);f.set.loading(),f.save.results(n),f.debug("Returned full local search results",n),0<c.maxResults&&(f.debug("Using specified max results",n),n=n.slice(0,c.maxResults)),"category"==c.type&&(n=f.create.categoryResults(n)),t=f.generateResults({results:n}),f.remove.loading(),f.addResults(t),f.inject.id(n),f.write.cache(e,{html:t,results:n})},remote:function(e,t){t=E.isFunction(t)?t:function(){},h.api("is loading")&&h.api("abort"),f.setup.api(e,t),h.api("query")},object:function(i,t,e){var a=[],r=[],s=[],n=i.toString().replace(d.escape,"\\$&"),o=new RegExp(d.beginsWith+n,"i"),l=function(e,t){var n=-1==E.inArray(t,a),i=-1==E.inArray(t,s),o=-1==E.inArray(t,r);n&&i&&o&&e.push(t)};return t=t||c.source,e=e!==D?e:c.searchFields,E.isArray(e)||(e=[e]),t===D||!1===t?(f.error(p.source),[]):(E.each(e,function(e,n){E.each(t,function(e,t){"string"==typeof t[n]&&(-1!==t[n].search(o)?l(a,t):"exact"===c.fullTextSearch&&f.exactSearch(i,t[n])?l(r,t):1==c.fullTextSearch&&f.fuzzySearch(i,t[n])&&l(s,t))})}),E.merge(r,s),E.merge(a,r),a)}},exactSearch:function(e,t){return e=e.toLowerCase(),-1<(t=t.toLowerCase()).indexOf(e)},fuzzySearch:function(e,t){var n=t.length,i=e.length;if("string"!=typeof e)return!1;if(e=e.toLowerCase(),t=t.toLowerCase(),n<i)return!1;if(i===n)return e===t;e:for(var o=0,a=0;o<i;o++){for(var r=e.charCodeAt(o);a<n;)if(t.charCodeAt(a++)===r)continue e;return!1}return!0},parse:{response:function(e,t){var n=f.generateResults(e);f.verbose("Parsing server response",e),e!==D&&t!==D&&e[a.results]!==D&&(f.addResults(n),f.inject.id(e[a.results]),f.write.cache(t,{html:n,results:e[a.results]}),f.save.results(e[a.results]))}},cancel:{query:function(){f.can.useAPI()&&h.api("abort")}},has:{minimumCharacters:function(){return f.get.value().length>=c.minCharacters},results:function(){return 0!==o.length&&""!=o.html()}},clear:{cache:function(e){var t=h.data(u.cache);e?e&&t&&t[e]&&(f.debug("Removing value from cache",e),delete t[e],h.data(u.cache,t)):(f.debug("Clearing cache",e),h.removeData(u.cache))}},read:{cache:function(e){var t=h.data(u.cache);return!!c.cache&&(f.verbose("Checking cache for generated html for query",e),"object"==typeof t&&t[e]!==D&&t[e])}},create:{categoryResults:function(e){var n={};return E.each(e,function(e,t){t.category&&(n[t.category]===D?(f.verbose("Creating new category of results",t.category),n[t.category]={name:t.category,results:[t]}):n[t.category].results.push(t))}),n},id:function(e,t){var n,i=e+1;return t!==D?(n=String.fromCharCode(97+t)+i,f.verbose("Creating category result id",n)):(n=i,f.verbose("Creating result id",n)),n},results:function(){0===o.length&&(o=E("<div />").addClass(m.results).appendTo(h))}},inject:{result:function(e,t,n){f.verbose("Injecting result into results");var i=n!==D?o.children().eq(n).children(g.results).first().children(g.result).eq(t):o.children(g.result).eq(t);f.verbose("Injecting results metadata",i),i.data(u.result,e)},id:function(i){f.debug("Injecting unique ids into results");var o=0,a=0;return"category"===c.type?E.each(i,function(e,i){a=0,E.each(i.results,function(e,t){var n=i.results[e];n.id===D&&(n.id=f.create.id(a,o)),f.inject.result(n,a,o),a++}),o++}):E.each(i,function(e,t){var n=i[e];n.id===D&&(n.id=f.create.id(a)),f.inject.result(n,a),a++}),i}},save:{results:function(e){f.verbose("Saving current search results to metadata",e),h.data(u.results,e)}},write:{cache:function(e,t){var n=h.data(u.cache)!==D?h.data(u.cache):{};c.cache&&(f.verbose("Writing generated html to cache",e,t),n[e]=t,h.data(u.cache,n))}},addResults:function(e){if(E.isFunction(c.onResultsAdd)&&!1===c.onResultsAdd.call(o,e))return f.debug("onResultsAdd callback cancelled default action"),!1;e?(o.html(e),f.refreshResults(),c.selectFirstResult&&f.select.firstResult(),f.showResults()):f.hideResults(function(){o.empty()})},showResults:function(e){e=E.isFunction(e)?e:function(){},x||!f.is.visible()&&f.has.results()&&(f.can.transition()?(f.debug("Showing results with css animations"),o.transition({animation:c.transition+" in",debug:c.debug,verbose:c.verbose,duration:c.duration,onComplete:function(){e()},queue:!0})):(f.debug("Showing results with javascript"),o.stop().fadeIn(c.duration,c.easing)),c.onResultsOpen.call(o))},hideResults:function(e){e=E.isFunction(e)?e:function(){},f.is.visible()&&(f.can.transition()?(f.debug("Hiding results with css animations"),o.transition({animation:c.transition+" out",debug:c.debug,verbose:c.verbose,duration:c.duration,onComplete:function(){e()},queue:!0})):(f.debug("Hiding results with javascript"),o.stop().fadeOut(c.duration,c.easing)),c.onResultsClose.call(o))},generateResults:function(e){f.debug("Generating html from response",e);var t=c.templates[c.type],n=E.isPlainObject(e[a.results])&&!E.isEmptyObject(e[a.results]),i=E.isArray(e[a.results])&&0<e[a.results].length,o="";return n||i?(0<c.maxResults&&(n?"standard"==c.type&&f.error(p.maxResults):e[a.results]=e[a.results].slice(0,c.maxResults)),E.isFunction(t)?o=t(e,a):f.error(p.noTemplate,!1)):c.showNoResults&&(o=f.displayMessage(p.noResults,"empty")),c.onResults.call(b,e),o},displayMessage:function(e,t){return t=t||"standard",f.debug("Displaying message",e,t),f.addResults(c.templates.message(e,t)),c.templates.message(e,t)},setting:function(e,t){if(E.isPlainObject(e))E.extend(!0,c,e);else{if(t===D)return c[e];c[e]=t}},internal:function(e,t){if(E.isPlainObject(e))E.extend(!0,f,e);else{if(t===D)return f[e];f[e]=t}},debug:function(){!c.silent&&c.debug&&(c.performance?f.performance.log(arguments):(f.debug=Function.prototype.bind.call(console.info,console,c.name+":"),f.debug.apply(console,arguments)))},verbose:function(){!c.silent&&c.verbose&&c.debug&&(c.performance?f.performance.log(arguments):(f.verbose=Function.prototype.bind.call(console.info,console,c.name+":"),f.verbose.apply(console,arguments)))},error:function(){c.silent||(f.error=Function.prototype.bind.call(console.error,console,c.name+":"),f.error.apply(console,arguments))},performance:{log:function(e){var t,n;c.performance&&(n=(t=(new Date).getTime())-(k||t),k=t,T.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:b,"Execution Time":n})),clearTimeout(f.performance.timer),f.performance.timer=setTimeout(f.performance.display,500)},display:function(){var e=c.name+":",n=0;k=!1,clearTimeout(f.performance.timer),E.each(T,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",S&&(e+=" '"+S+"'"),1<w.length&&(e+=" ("+w.length+")"),(console.group!==D||console.table!==D)&&0<T.length&&(console.groupCollapsed(e),console.table?console.table(T):E.each(T,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),T=[]}},invoke:function(i,e,t){var o,a,n,r=s;return e=e||P,t=b||t,"string"==typeof i&&r!==D&&(i=i.split(/[\. ]/),o=i.length-1,E.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(E.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==D)return a=r[n],!1;if(!E.isPlainObject(r[t])||e==o)return r[t]!==D&&(a=r[t]),!1;r=r[t]}})),E.isFunction(a)?n=a.apply(t,e):a!==D&&(n=a),E.isArray(C)?C.push(n):C!==D?C=[C,n]:n!==D&&(C=n),a}},R?(s===D&&f.initialize(),f.invoke(A)):(s!==D&&s.invoke("destroy"),f.initialize())}),C!==D?C:this},E.fn.search.settings={name:"Search",namespace:"search",silent:!1,debug:!1,verbose:!1,performance:!0,type:"standard",minCharacters:1,selectFirstResult:!1,apiSettings:!1,source:!1,searchOnFocus:!0,searchFields:["title","description"],displayField:"",fullTextSearch:"exact",automatic:!0,hideDelay:0,searchDelay:200,maxResults:7,cache:!0,showNoResults:!0,transition:"scale",duration:200,easing:"easeOutExpo",onSelect:!1,onResultsAdd:!1,onSearchQuery:function(e){},onResults:function(e){},onResultsOpen:function(){},onResultsClose:function(){},className:{animating:"animating",active:"active",empty:"empty",focus:"focus",hidden:"hidden",loading:"loading",results:"results",pressed:"down"},error:{source:"Cannot search. No source used, and Semantic API module was not included",noResults:"Your search returned no results",logging:"Error in debug logging, exiting.",noEndpoint:"No search endpoint was specified",noTemplate:"A valid template name was not specified.",oldSearchSyntax:"searchFullText setting has been renamed fullTextSearch for consistency, please adjust your settings.",serverError:"There was an issue querying the server.",maxResults:"Results must be an array to use maxResults setting",method:"The method you called is not defined."},metadata:{cache:"cache",results:"results",result:"result"},regExp:{escape:/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,beginsWith:"(?:s|^)"},fields:{categories:"results",categoryName:"name",categoryResults:"results",description:"description",image:"image",price:"price",results:"results",title:"title",url:"url",action:"action",actionText:"text",actionURL:"url"},selector:{prompt:".prompt",searchButton:".search.button",results:".results",message:".results > .message",category:".category",result:".result",title:".title, .name"},templates:{escape:function(e){var t={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#x27;","`":"&#x60;"};return/[&<>"'`]/.test(e)?e.replace(/[&<>"'`]/g,function(e){return t[e]}):e},message:function(e,t){var n="";return e!==D&&t!==D&&(n+='<div class="message '+t+'">',n+="empty"==t?'<div class="header">No Results</div class="header"><div class="description">'+e+'</div class="description">':' <div class="description">'+e+"</div>",n+="</div>"),n},category:function(e,n){var i="";E.fn.search.settings.templates.escape;return e[n.categoryResults]!==D&&(E.each(e[n.categoryResults],function(e,t){t[n.results]!==D&&0<t.results.length&&(i+='<div class="category">',t[n.categoryName]!==D&&(i+='<div class="name">'+t[n.categoryName]+"</div>"),i+='<div class="results">',E.each(t.results,function(e,t){t[n.url]?i+='<a class="result" href="'+t[n.url]+'">':i+='<a class="result">',t[n.image]!==D&&(i+='<div class="image"> <img src="'+t[n.image]+'"></div>'),i+='<div class="content">',t[n.price]!==D&&(i+='<div class="price">'+t[n.price]+"</div>"),t[n.title]!==D&&(i+='<div class="title">'+t[n.title]+"</div>"),t[n.description]!==D&&(i+='<div class="description">'+t[n.description]+"</div>"),i+="</div>",i+="</a>"}),i+="</div>",i+="</div>")}),e[n.action]&&(i+='<a href="'+e[n.action][n.actionURL]+'" class="action">'+e[n.action][n.actionText]+"</a>"),i)},standard:function(e,n){var i="";return e[n.results]!==D&&(E.each(e[n.results],function(e,t){t[n.url]?i+='<a class="result" href="'+t[n.url]+'">':i+='<a class="result">',t[n.image]!==D&&(i+='<div class="image"> <img src="'+t[n.image]+'"></div>'),i+='<div class="content">',t[n.price]!==D&&(i+='<div class="price">'+t[n.price]+"</div>"),t[n.title]!==D&&(i+='<div class="title">'+t[n.title]+"</div>"),t[n.description]!==D&&(i+='<div class="description">'+t[n.description]+"</div>"),i+="</div>",i+="</a>"}),e[n.action]&&(i+='<a href="'+e[n.action][n.actionURL]+'" class="action">'+e[n.action][n.actionText]+"</a>"),i)}}}}(jQuery,window,document),function(A,e,R,P){"use strict";e=void 0!==e&&e.Math==Math?e:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),A.fn.shape=function(v){var b,y=A(this),x=(A("body"),(new Date).getTime()),C=[],w=v,S="string"==typeof w,k=[].slice.call(arguments,1),T=e.requestAnimationFrame||e.mozRequestAnimationFrame||e.webkitRequestAnimationFrame||e.msRequestAnimationFrame||function(e){setTimeout(e,0)};return y.each(function(){var i,o,a,t=y.selector||"",r=A.isPlainObject(v)?A.extend(!0,{},A.fn.shape.settings,v):A.extend({},A.fn.shape.settings),e=r.namespace,s=r.selector,n=r.error,l=r.className,c="."+e,u="module-"+e,d=A(this),f=d.find(s.sides),m=d.find(s.side),g=!1,p=this,h=d.data(u);a={initialize:function(){a.verbose("Initializing module for",p),a.set.defaultSide(),a.instantiate()},instantiate:function(){a.verbose("Storing instance of module",a),h=a,d.data(u,h)},destroy:function(){a.verbose("Destroying previous module for",p),d.removeData(u).off(c)},refresh:function(){a.verbose("Refreshing selector cache for",p),d=A(p),f=A(this).find(s.shape),m=A(this).find(s.side)},repaint:function(){a.verbose("Forcing repaint event");(f[0]||R.createElement("div")).offsetWidth},animate:function(e,t){a.verbose("Animating box with properties",e),t=t||function(e){a.verbose("Executing animation callback"),e!==P&&e.stopPropagation(),a.reset(),a.set.active()},r.beforeChange.call(o[0]),a.get.transitionEvent()?(a.verbose("Starting CSS animation"),d.addClass(l.animating),f.css(e).one(a.get.transitionEvent(),t),a.set.duration(r.duration),T(function(){d.addClass(l.animating),i.addClass(l.hidden)})):t()},queue:function(e){a.debug("Queueing animation of",e),f.one(a.get.transitionEvent(),function(){a.debug("Executing queued animation"),setTimeout(function(){d.shape(e)},0)})},reset:function(){a.verbose("Animating states reset"),d.removeClass(l.animating).attr("style","").removeAttr("style"),f.attr("style","").removeAttr("style"),m.attr("style","").removeAttr("style").removeClass(l.hidden),o.removeClass(l.animating).attr("style","").removeAttr("style")},is:{complete:function(){return m.filter("."+l.active)[0]==o[0]},animating:function(){return d.hasClass(l.animating)}},set:{defaultSide:function(){i=d.find("."+r.className.active),o=0<i.next(s.side).length?i.next(s.side):d.find(s.side).first(),g=!1,a.verbose("Active side set to",i),a.verbose("Next side set to",o)},duration:function(e){e="number"==typeof(e=e||r.duration)?e+"ms":e,a.verbose("Setting animation duration",e),(r.duration||0===r.duration)&&f.add(m).css({"-webkit-transition-duration":e,"-moz-transition-duration":e,"-ms-transition-duration":e,"-o-transition-duration":e,"transition-duration":e})},currentStageSize:function(){var e=d.find("."+r.className.active),t=e.outerWidth(!0),n=e.outerHeight(!0);d.css({width:t,height:n})},stageSize:function(){var e=d.clone().addClass(l.loading),t=e.find("."+r.className.active),n=g?e.find(s.side).eq(g):0<t.next(s.side).length?t.next(s.side):e.find(s.side).first(),i="next"==r.width?n.outerWidth(!0):"initial"==r.width?d.width():r.width,o="next"==r.height?n.outerHeight(!0):"initial"==r.height?d.height():r.height;t.removeClass(l.active),n.addClass(l.active),e.insertAfter(d),e.remove(),"auto"!=r.width&&(d.css("width",i+r.jitter),a.verbose("Specifying width during animation",i)),"auto"!=r.height&&(d.css("height",o+r.jitter),a.verbose("Specifying height during animation",o))},nextSide:function(e){g=e,o=m.filter(e),g=m.index(o),0===o.length&&(a.set.defaultSide(),a.error(n.side)),a.verbose("Next side manually set to",o)},active:function(){a.verbose("Setting new side to active",o),m.removeClass(l.active),o.addClass(l.active),r.onChange.call(o[0]),a.set.defaultSide()}},flip:{up:function(){if(!a.is.complete()||a.is.animating()||r.allowRepeats)if(a.is.animating())a.queue("flip up");else{a.debug("Flipping up",o);var e=a.get.transform.up();a.set.stageSize(),a.stage.above(),a.animate(e)}else a.debug("Side already visible",o)},down:function(){if(!a.is.complete()||a.is.animating()||r.allowRepeats)if(a.is.animating())a.queue("flip down");else{a.debug("Flipping down",o);var e=a.get.transform.down();a.set.stageSize(),a.stage.below(),a.animate(e)}else a.debug("Side already visible",o)},left:function(){if(!a.is.complete()||a.is.animating()||r.allowRepeats)if(a.is.animating())a.queue("flip left");else{a.debug("Flipping left",o);var e=a.get.transform.left();a.set.stageSize(),a.stage.left(),a.animate(e)}else a.debug("Side already visible",o)},right:function(){if(!a.is.complete()||a.is.animating()||r.allowRepeats)if(a.is.animating())a.queue("flip right");else{a.debug("Flipping right",o);var e=a.get.transform.right();a.set.stageSize(),a.stage.right(),a.animate(e)}else a.debug("Side already visible",o)},over:function(){!a.is.complete()||a.is.animating()||r.allowRepeats?a.is.animating()?a.queue("flip over"):(a.debug("Flipping over",o),a.set.stageSize(),a.stage.behind(),a.animate(a.get.transform.over())):a.debug("Side already visible",o)},back:function(){!a.is.complete()||a.is.animating()||r.allowRepeats?a.is.animating()?a.queue("flip back"):(a.debug("Flipping back",o),a.set.stageSize(),a.stage.behind(),a.animate(a.get.transform.back())):a.debug("Side already visible",o)}},get:{transform:{up:function(){return{transform:"translateY("+-(i.outerHeight(!0)-o.outerHeight(!0))/2+"px) translateZ("+-i.outerHeight(!0)/2+"px) rotateX(-90deg)"}},down:function(){return{transform:"translateY("+-(i.outerHeight(!0)-o.outerHeight(!0))/2+"px) translateZ("+-i.outerHeight(!0)/2+"px) rotateX(90deg)"}},left:function(){return{transform:"translateX("+-(i.outerWidth(!0)-o.outerWidth(!0))/2+"px) translateZ("+-i.outerWidth(!0)/2+"px) rotateY(90deg)"}},right:function(){return{transform:"translateX("+-(i.outerWidth(!0)-o.outerWidth(!0))/2+"px) translateZ("+-i.outerWidth(!0)/2+"px) rotateY(-90deg)"}},over:function(){return{transform:"translateX("+-(i.outerWidth(!0)-o.outerWidth(!0))/2+"px) rotateY(180deg)"}},back:function(){return{transform:"translateX("+-(i.outerWidth(!0)-o.outerWidth(!0))/2+"px) rotateY(-180deg)"}}},transitionEvent:function(){var e,t=R.createElement("element"),n={transition:"transitionend",OTransition:"oTransitionEnd",MozTransition:"transitionend",WebkitTransition:"webkitTransitionEnd"};for(e in n)if(t.style[e]!==P)return n[e]},nextSide:function(){return 0<i.next(s.side).length?i.next(s.side):d.find(s.side).first()}},stage:{above:function(){var e={origin:(i.outerHeight(!0)-o.outerHeight(!0))/2,depth:{active:o.outerHeight(!0)/2,next:i.outerHeight(!0)/2}};a.verbose("Setting the initial animation position as above",o,e),f.css({transform:"translateZ(-"+e.depth.active+"px)"}),i.css({transform:"rotateY(0deg) translateZ("+e.depth.active+"px)"}),o.addClass(l.animating).css({top:e.origin+"px",transform:"rotateX(90deg) translateZ("+e.depth.next+"px)"})},below:function(){var e={origin:(i.outerHeight(!0)-o.outerHeight(!0))/2,depth:{active:o.outerHeight(!0)/2,next:i.outerHeight(!0)/2}};a.verbose("Setting the initial animation position as below",o,e),f.css({transform:"translateZ(-"+e.depth.active+"px)"}),i.css({transform:"rotateY(0deg) translateZ("+e.depth.active+"px)"}),o.addClass(l.animating).css({top:e.origin+"px",transform:"rotateX(-90deg) translateZ("+e.depth.next+"px)"})},left:function(){var e=i.outerWidth(!0),t=o.outerWidth(!0),n={origin:(e-t)/2,depth:{active:t/2,next:e/2}};a.verbose("Setting the initial animation position as left",o,n),f.css({transform:"translateZ(-"+n.depth.active+"px)"}),i.css({transform:"rotateY(0deg) translateZ("+n.depth.active+"px)"}),o.addClass(l.animating).css({left:n.origin+"px",transform:"rotateY(-90deg) translateZ("+n.depth.next+"px)"})},right:function(){var e=i.outerWidth(!0),t=o.outerWidth(!0),n={origin:(e-t)/2,depth:{active:t/2,next:e/2}};a.verbose("Setting the initial animation position as left",o,n),f.css({transform:"translateZ(-"+n.depth.active+"px)"}),i.css({transform:"rotateY(0deg) translateZ("+n.depth.active+"px)"}),o.addClass(l.animating).css({left:n.origin+"px",transform:"rotateY(90deg) translateZ("+n.depth.next+"px)"})},behind:function(){var e=i.outerWidth(!0),t=o.outerWidth(!0),n={origin:(e-t)/2,depth:{active:t/2,next:e/2}};a.verbose("Setting the initial animation position as behind",o,n),i.css({transform:"rotateY(0deg)"}),o.addClass(l.animating).css({left:n.origin+"px",transform:"rotateY(-180deg)"})}},setting:function(e,t){if(a.debug("Changing setting",e,t),A.isPlainObject(e))A.extend(!0,r,e);else{if(t===P)return r[e];A.isPlainObject(r[e])?A.extend(!0,r[e],t):r[e]=t}},internal:function(e,t){if(A.isPlainObject(e))A.extend(!0,a,e);else{if(t===P)return a[e];a[e]=t}},debug:function(){!r.silent&&r.debug&&(r.performance?a.performance.log(arguments):(a.debug=Function.prototype.bind.call(console.info,console,r.name+":"),a.debug.apply(console,arguments)))},verbose:function(){!r.silent&&r.verbose&&r.debug&&(r.performance?a.performance.log(arguments):(a.verbose=Function.prototype.bind.call(console.info,console,r.name+":"),a.verbose.apply(console,arguments)))},error:function(){r.silent||(a.error=Function.prototype.bind.call(console.error,console,r.name+":"),a.error.apply(console,arguments))},performance:{log:function(e){var t,n;r.performance&&(n=(t=(new Date).getTime())-(x||t),x=t,C.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:p,"Execution Time":n})),clearTimeout(a.performance.timer),a.performance.timer=setTimeout(a.performance.display,500)},display:function(){var e=r.name+":",n=0;x=!1,clearTimeout(a.performance.timer),A.each(C,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",t&&(e+=" '"+t+"'"),1<y.length&&(e+=" ("+y.length+")"),(console.group!==P||console.table!==P)&&0<C.length&&(console.groupCollapsed(e),console.table?console.table(C):A.each(C,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),C=[]}},invoke:function(i,e,t){var o,a,n,r=h;return e=e||k,t=p||t,"string"==typeof i&&r!==P&&(i=i.split(/[\. ]/),o=i.length-1,A.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(A.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==P)return a=r[n],!1;if(!A.isPlainObject(r[t])||e==o)return r[t]!==P&&(a=r[t]),!1;r=r[t]}})),A.isFunction(a)?n=a.apply(t,e):a!==P&&(n=a),A.isArray(b)?b.push(n):b!==P?b=[b,n]:n!==P&&(b=n),a}},S?(h===P&&a.initialize(),a.invoke(w)):(h!==P&&h.invoke("destroy"),a.initialize())}),b!==P?b:this},A.fn.shape.settings={name:"Shape",silent:!1,debug:!1,verbose:!1,jitter:0,performance:!0,namespace:"shape",width:"initial",height:"initial",beforeChange:function(){},onChange:function(){},allowRepeats:!1,duration:!1,error:{side:"You tried to switch to a side that does not exist.",method:"The method you called is not defined"},className:{animating:"animating",hidden:"hidden",loading:"loading",active:"active"},selector:{sides:".sides",side:".side"}}}(jQuery,window,document),function(q,j,z,I){"use strict";j=void 0!==j&&j.Math==Math?j:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),q.fn.sidebar=function(x){var C,e=q(this),w=q(j),S=q(z),k=q("html"),T=q("head"),A=e.selector||"",R=(new Date).getTime(),P=[],E=x,F="string"==typeof E,O=[].slice.call(arguments,1),D=j.requestAnimationFrame||j.mozRequestAnimationFrame||j.webkitRequestAnimationFrame||j.msRequestAnimationFrame||function(e){setTimeout(e,0)};return e.each(function(){var r,s,e,t,l,c,u=q.isPlainObject(x)?q.extend(!0,{},q.fn.sidebar.settings,x):q.extend({},q.fn.sidebar.settings),n=u.selector,a=u.className,i=u.namespace,o=u.regExp,d=u.error,f="."+i,m="module-"+i,g=q(this),p=q(u.context),h=g.children(n.sidebar),v=(p.children(n.fixed),p.children(n.pusher)),b=this,y=g.data(m);c={initialize:function(){c.debug("Initializing sidebar",x),c.create.id(),l=c.get.transitionEvent(),u.delaySetup?D(c.setup.layout):c.setup.layout(),D(function(){c.setup.cache()}),c.instantiate()},instantiate:function(){c.verbose("Storing instance of module",c),y=c,g.data(m,c)},create:{id:function(){e=(Math.random().toString(16)+"000000000").substr(2,8),s="."+e,c.verbose("Creating unique id for element",e)}},destroy:function(){c.verbose("Destroying previous module for",g),g.off(f).removeData(m),c.is.ios()&&c.remove.ios(),p.off(s),w.off(s),S.off(s)},event:{clickaway:function(e){var t=0<v.find(e.target).length||v.is(e.target),n=p.is(e.target);t&&(c.verbose("User clicked on dimmed page"),c.hide()),n&&(c.verbose("User clicked on dimmable context (scaled out page)"),c.hide())},touch:function(e){},containScroll:function(e){b.scrollTop<=0&&(b.scrollTop=1),b.scrollTop+b.offsetHeight>=b.scrollHeight&&(b.scrollTop=b.scrollHeight-b.offsetHeight-1)},scroll:function(e){0===q(e.target).closest(n.sidebar).length&&e.preventDefault()}},bind:{clickaway:function(){c.verbose("Adding clickaway events to context",p),u.closable&&p.on("click"+s,c.event.clickaway).on("touchend"+s,c.event.clickaway)},scrollLock:function(){u.scrollLock&&(c.debug("Disabling page scroll"),w.on("DOMMouseScroll"+s,c.event.scroll)),c.verbose("Adding events to contain sidebar scroll"),S.on("touchmove"+s,c.event.touch),g.on("scroll"+f,c.event.containScroll)}},unbind:{clickaway:function(){c.verbose("Removing clickaway events from context",p),p.off(s)},scrollLock:function(){c.verbose("Removing scroll lock from page"),S.off(s),w.off(s),g.off("scroll"+f)}},add:{inlineCSS:function(){var e,t=c.cache.width||g.outerWidth(),n=c.cache.height||g.outerHeight(),i=c.is.rtl(),o=c.get.direction(),a={left:t,right:-t,top:n,bottom:-n};i&&(c.verbose("RTL detected, flipping widths"),a.left=-t,a.right=t),e="<style>","left"===o||"right"===o?(c.debug("Adding CSS rules for animation distance",t),e+=" .ui.visible."+o+".sidebar ~ .fixed, .ui.visible."+o+".sidebar ~ .pusher {   -webkit-transform: translate3d("+a[o]+"px, 0, 0);           transform: translate3d("+a[o]+"px, 0, 0); }"):"top"!==o&&"bottom"!=o||(e+=" .ui.visible."+o+".sidebar ~ .fixed, .ui.visible."+o+".sidebar ~ .pusher {   -webkit-transform: translate3d(0, "+a[o]+"px, 0);           transform: translate3d(0, "+a[o]+"px, 0); }"),c.is.ie()&&("left"===o||"right"===o?(c.debug("Adding CSS rules for animation distance",t),e+=" body.pushable > .ui.visible."+o+".sidebar ~ .pusher:after {   -webkit-transform: translate3d("+a[o]+"px, 0, 0);           transform: translate3d("+a[o]+"px, 0, 0); }"):"top"!==o&&"bottom"!=o||(e+=" body.pushable > .ui.visible."+o+".sidebar ~ .pusher:after {   -webkit-transform: translate3d(0, "+a[o]+"px, 0);           transform: translate3d(0, "+a[o]+"px, 0); }"),e+=" body.pushable > .ui.visible.left.sidebar ~ .ui.visible.right.sidebar ~ .pusher:after, body.pushable > .ui.visible.right.sidebar ~ .ui.visible.left.sidebar ~ .pusher:after {   -webkit-transform: translate3d(0px, 0, 0);           transform: translate3d(0px, 0, 0); }"),r=q(e+="</style>").appendTo(T),c.debug("Adding sizing css to head",r)}},refresh:function(){c.verbose("Refreshing selector cache"),p=q(u.context),h=p.children(n.sidebar),v=p.children(n.pusher),p.children(n.fixed),c.clear.cache()},refreshSidebars:function(){c.verbose("Refreshing other sidebars"),h=p.children(n.sidebar)},repaint:function(){c.verbose("Forcing repaint event"),b.style.display="none";b.offsetHeight;b.scrollTop=b.scrollTop,b.style.display=""},setup:{cache:function(){c.cache={width:g.outerWidth(),height:g.outerHeight(),rtl:"rtl"==g.css("direction")}},layout:function(){0===p.children(n.pusher).length&&(c.debug("Adding wrapper element for sidebar"),c.error(d.pusher),v=q('<div class="pusher" />'),p.children().not(n.omitted).not(h).wrapAll(v),c.refresh()),0!==g.nextAll(n.pusher).length&&g.nextAll(n.pusher)[0]===v[0]||(c.debug("Moved sidebar to correct parent element"),c.error(d.movedSidebar,b),g.detach().prependTo(p),c.refresh()),c.clear.cache(),c.set.pushable(),c.set.direction()}},attachEvents:function(e,t){var n=q(e);t=q.isFunction(c[t])?c[t]:c.toggle,0<n.length?(c.debug("Attaching sidebar events to element",e,t),n.on("click"+f,t)):c.error(d.notFound,e)},show:function(e){if(e=q.isFunction(e)?e:function(){},c.is.hidden()){if(c.refreshSidebars(),u.overlay&&(c.error(d.overlay),u.transition="overlay"),c.refresh(),c.othersActive())if(c.debug("Other sidebars currently visible"),u.exclusive){if("overlay"!=u.transition)return void c.hideOthers(c.show);c.hideOthers()}else u.transition="overlay";c.pushPage(function(){e.call(b),u.onShow.call(b)}),u.onChange.call(b),u.onVisible.call(b)}else c.debug("Sidebar is already visible")},hide:function(e){e=q.isFunction(e)?e:function(){},(c.is.visible()||c.is.animating())&&(c.debug("Hiding sidebar",e),c.refreshSidebars(),c.pullPage(function(){e.call(b),u.onHidden.call(b)}),u.onChange.call(b),u.onHide.call(b))},othersAnimating:function(){return 0<h.not(g).filter("."+a.animating).length},othersVisible:function(){return 0<h.not(g).filter("."+a.visible).length},othersActive:function(){return c.othersVisible()||c.othersAnimating()},hideOthers:function(e){var t=h.not(g).filter("."+a.visible),n=t.length,i=0;e=e||function(){},t.sidebar("hide",function(){++i==n&&e()})},toggle:function(){c.verbose("Determining toggled direction"),c.is.hidden()?c.show():c.hide()},pushPage:function(t){var e,n,i,o=c.get.transition(),a="overlay"===o||c.othersActive()?g:v;t=q.isFunction(t)?t:function(){},"scale down"==u.transition&&c.scrollToTop(),c.set.transition(o),c.repaint(),e=function(){c.bind.clickaway(),c.add.inlineCSS(),c.set.animating(),c.set.visible()},n=function(){c.set.dimmed()},i=function(e){e.target==a[0]&&(a.off(l+s,i),c.remove.animating(),c.bind.scrollLock(),t.call(b))},a.off(l+s),a.on(l+s,i),D(e),u.dimPage&&!c.othersVisible()&&D(n)},pullPage:function(t){var e,n,i=c.get.transition(),o="overlay"==i||c.othersActive()?g:v;t=q.isFunction(t)?t:function(){},c.verbose("Removing context push state",c.get.direction()),c.unbind.clickaway(),c.unbind.scrollLock(),e=function(){c.set.transition(i),c.set.animating(),c.remove.visible(),u.dimPage&&!c.othersVisible()&&v.removeClass(a.dimmed)},n=function(e){e.target==o[0]&&(o.off(l+s,n),c.remove.animating(),c.remove.transition(),c.remove.inlineCSS(),("scale down"==i||u.returnScroll&&c.is.mobile())&&c.scrollBack(),t.call(b))},o.off(l+s),o.on(l+s,n),D(e)},scrollToTop:function(){c.verbose("Scrolling to top of page to avoid animation issues"),t=q(j).scrollTop(),g.scrollTop(0),j.scrollTo(0,0)},scrollBack:function(){c.verbose("Scrolling back to original page position"),j.scrollTo(0,t)},clear:{cache:function(){c.verbose("Clearing cached dimensions"),c.cache={}}},set:{ios:function(){k.addClass(a.ios)},pushed:function(){p.addClass(a.pushed)},pushable:function(){p.addClass(a.pushable)},dimmed:function(){v.addClass(a.dimmed)},active:function(){g.addClass(a.active)},animating:function(){g.addClass(a.animating)},transition:function(e){e=e||c.get.transition(),g.addClass(e)},direction:function(e){e=e||c.get.direction(),g.addClass(a[e])},visible:function(){g.addClass(a.visible)},overlay:function(){g.addClass(a.overlay)}},remove:{inlineCSS:function(){c.debug("Removing inline css styles",r),r&&0<r.length&&r.remove()},ios:function(){k.removeClass(a.ios)},pushed:function(){p.removeClass(a.pushed)},pushable:function(){p.removeClass(a.pushable)},active:function(){g.removeClass(a.active)},animating:function(){g.removeClass(a.animating)},transition:function(e){e=e||c.get.transition(),g.removeClass(e)},direction:function(e){e=e||c.get.direction(),g.removeClass(a[e])},visible:function(){g.removeClass(a.visible)},overlay:function(){g.removeClass(a.overlay)}},get:{direction:function(){return g.hasClass(a.top)?a.top:g.hasClass(a.right)?a.right:g.hasClass(a.bottom)?a.bottom:a.left},transition:function(){var e,t=c.get.direction();return e=c.is.mobile()?"auto"==u.mobileTransition?u.defaultTransition.mobile[t]:u.mobileTransition:"auto"==u.transition?u.defaultTransition.computer[t]:u.transition,c.verbose("Determined transition",e),e},transitionEvent:function(){var e,t=z.createElement("element"),n={transition:"transitionend",OTransition:"oTransitionEnd",MozTransition:"transitionend",WebkitTransition:"webkitTransitionEnd"};for(e in n)if(t.style[e]!==I)return n[e]}},is:{ie:function(){return!j.ActiveXObject&&"ActiveXObject"in j||"ActiveXObject"in j},ios:function(){var e=navigator.userAgent,t=e.match(o.ios),n=e.match(o.mobileChrome);return!(!t||n)&&(c.verbose("Browser was found to be iOS",e),!0)},mobile:function(){var e=navigator.userAgent;return e.match(o.mobile)?(c.verbose("Browser was found to be mobile",e),!0):(c.verbose("Browser is not mobile, using regular transition",e),!1)},hidden:function(){return!c.is.visible()},visible:function(){return g.hasClass(a.visible)},open:function(){return c.is.visible()},closed:function(){return c.is.hidden()},vertical:function(){return g.hasClass(a.top)},animating:function(){return p.hasClass(a.animating)},rtl:function(){return c.cache.rtl===I&&(c.cache.rtl="rtl"==g.css("direction")),c.cache.rtl}},setting:function(e,t){if(c.debug("Changing setting",e,t),q.isPlainObject(e))q.extend(!0,u,e);else{if(t===I)return u[e];q.isPlainObject(u[e])?q.extend(!0,u[e],t):u[e]=t}},internal:function(e,t){if(q.isPlainObject(e))q.extend(!0,c,e);else{if(t===I)return c[e];c[e]=t}},debug:function(){!u.silent&&u.debug&&(u.performance?c.performance.log(arguments):(c.debug=Function.prototype.bind.call(console.info,console,u.name+":"),c.debug.apply(console,arguments)))},verbose:function(){!u.silent&&u.verbose&&u.debug&&(u.performance?c.performance.log(arguments):(c.verbose=Function.prototype.bind.call(console.info,console,u.name+":"),c.verbose.apply(console,arguments)))},error:function(){u.silent||(c.error=Function.prototype.bind.call(console.error,console,u.name+":"),c.error.apply(console,arguments))},performance:{log:function(e){var t,n;u.performance&&(n=(t=(new Date).getTime())-(R||t),R=t,P.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:b,"Execution Time":n})),clearTimeout(c.performance.timer),c.performance.timer=setTimeout(c.performance.display,500)},display:function(){var e=u.name+":",n=0;R=!1,clearTimeout(c.performance.timer),q.each(P,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",A&&(e+=" '"+A+"'"),(console.group!==I||console.table!==I)&&0<P.length&&(console.groupCollapsed(e),console.table?console.table(P):q.each(P,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),P=[]}},invoke:function(i,e,t){var o,a,n,r=y;return e=e||O,t=b||t,"string"==typeof i&&r!==I&&(i=i.split(/[\. ]/),o=i.length-1,q.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(q.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==I)return a=r[n],!1;if(!q.isPlainObject(r[t])||e==o)return r[t]!==I?a=r[t]:c.error(d.method,i),!1;r=r[t]}})),q.isFunction(a)?n=a.apply(t,e):a!==I&&(n=a),q.isArray(C)?C.push(n):C!==I?C=[C,n]:n!==I&&(C=n),a}},F?(y===I&&c.initialize(),c.invoke(E)):(y!==I&&c.invoke("destroy"),c.initialize())}),C!==I?C:this},q.fn.sidebar.settings={name:"Sidebar",namespace:"sidebar",silent:!1,debug:!1,verbose:!1,performance:!0,transition:"auto",mobileTransition:"auto",defaultTransition:{computer:{left:"uncover",right:"uncover",top:"overlay",bottom:"overlay"},mobile:{left:"uncover",right:"uncover",top:"overlay",bottom:"overlay"}},context:"body",exclusive:!1,closable:!0,dimPage:!0,scrollLock:!1,returnScroll:!1,delaySetup:!1,duration:500,onChange:function(){},onShow:function(){},onHide:function(){},onHidden:function(){},onVisible:function(){},className:{active:"active",animating:"animating",dimmed:"dimmed",ios:"ios",pushable:"pushable",pushed:"pushed",right:"right",top:"top",left:"left",bottom:"bottom",visible:"visible"},selector:{fixed:".fixed",omitted:"script, link, style, .ui.modal, .ui.dimmer, .ui.nag, .ui.fixed",pusher:".pusher",sidebar:".ui.sidebar"},regExp:{ios:/(iPad|iPhone|iPod)/g,mobileChrome:/(CriOS)/g,mobile:/Mobile|iP(hone|od|ad)|Android|BlackBerry|IEMobile|Kindle|NetFront|Silk-Accelerated|(hpw|web)OS|Fennec|Minimo|Opera M(obi|ini)|Blazer|Dolfin|Dolphin|Skyfire|Zune/g},error:{method:"The method you called is not defined.",pusher:"Had to add pusher element. For optimal performance make sure body content is inside a pusher element",movedSidebar:"Had to move sidebar. For optimal performance make sure sidebar and pusher are direct children of your body tag",overlay:"The overlay setting is no longer supported, use animation: overlay",notFound:"There were no elements that matched the specified selector"}}}(jQuery,window,document),function(T,A,R,P){"use strict";A=void 0!==A&&A.Math==Math?A:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),T.fn.sticky=function(v){var b,e=T(this),y=e.selector||"",x=(new Date).getTime(),C=[],w=v,S="string"==typeof w,k=[].slice.call(arguments,1);return e.each(function(){var i,o,e,t,d,f=T.isPlainObject(v)?T.extend(!0,{},T.fn.sticky.settings,v):T.extend({},T.fn.sticky.settings),n=f.className,a=f.namespace,r=f.error,s="."+a,l="module-"+a,c=T(this),u=T(A),m=T(f.scrollContext),g=(c.selector,c.data(l)),p=A.requestAnimationFrame||A.mozRequestAnimationFrame||A.webkitRequestAnimationFrame||A.msRequestAnimationFrame||function(e){setTimeout(e,0)},h=this;d={initialize:function(){d.determineContainer(),d.determineContext(),d.verbose("Initializing sticky",f,i),d.save.positions(),d.checkErrors(),d.bind.events(),f.observeChanges&&d.observeChanges(),d.instantiate()},instantiate:function(){d.verbose("Storing instance of module",d),g=d,c.data(l,d)},destroy:function(){d.verbose("Destroying previous instance"),d.reset(),e&&e.disconnect(),t&&t.disconnect(),u.off("load"+s,d.event.load).off("resize"+s,d.event.resize),m.off("scrollchange"+s,d.event.scrollchange),c.removeData(l)},observeChanges:function(){"MutationObserver"in A&&(e=new MutationObserver(d.event.documentChanged),t=new MutationObserver(d.event.changed),e.observe(R,{childList:!0,subtree:!0}),t.observe(h,{childList:!0,subtree:!0}),t.observe(o[0],{childList:!0,subtree:!0}),d.debug("Setting up mutation observer",t))},determineContainer:function(){i=f.container?T(f.container):c.offsetParent()},determineContext:function(){0!==(o=f.context?T(f.context):i).length||d.error(r.invalidContext,f.context,c)},checkErrors:function(){if(d.is.hidden()&&d.error(r.visible,c),d.cache.element.height>d.cache.context.height)return d.reset(),void d.error(r.elementSize,c)},bind:{events:function(){u.on("load"+s,d.event.load).on("resize"+s,d.event.resize),m.off("scroll"+s).on("scroll"+s,d.event.scroll).on("scrollchange"+s,d.event.scrollchange)}},event:{changed:function(e){clearTimeout(d.timer),d.timer=setTimeout(function(){d.verbose("DOM tree modified, updating sticky menu",e),d.refresh()},100)},documentChanged:function(e){[].forEach.call(e,function(e){e.removedNodes&&[].forEach.call(e.removedNodes,function(e){(e==h||0<T(e).find(h).length)&&(d.debug("Element removed from DOM, tearing down events"),d.destroy())})})},load:function(){d.verbose("Page contents finished loading"),p(d.refresh)},resize:function(){d.verbose("Window resized"),p(d.refresh)},scroll:function(){p(function(){m.triggerHandler("scrollchange"+s,m.scrollTop())})},scrollchange:function(e,t){d.stick(t),f.onScroll.call(h)}},refresh:function(e){d.reset(),f.context||d.determineContext(),e&&d.determineContainer(),d.save.positions(),d.stick(),f.onReposition.call(h)},supports:{sticky:function(){var e=T("<div/>");e[0];return e.addClass(n.supported),e.css("position").match("sticky")}},save:{lastScroll:function(e){d.lastScroll=e},elementScroll:function(e){d.elementScroll=e},positions:function(){var e={height:m.height()},t={margin:{top:parseInt(c.css("margin-top"),10),bottom:parseInt(c.css("margin-bottom"),10)},offset:c.offset(),width:c.outerWidth(),height:c.outerHeight()},n={offset:o.offset(),height:o.outerHeight()};i.outerHeight();d.is.standardScroll()||(d.debug("Non-standard scroll. Removing scroll offset from element offset"),e.top=m.scrollTop(),e.left=m.scrollLeft(),t.offset.top+=e.top,n.offset.top+=e.top,t.offset.left+=e.left,n.offset.left+=e.left),d.cache={fits:t.height+f.offset<=e.height,sameHeight:t.height==n.height,scrollContext:{height:e.height},element:{margin:t.margin,top:t.offset.top-t.margin.top,left:t.offset.left,width:t.width,height:t.height,bottom:t.offset.top+t.height},context:{top:n.offset.top,height:n.height,bottom:n.offset.top+n.height}},d.set.containerSize(),d.stick(),d.debug("Caching element positions",d.cache)}},get:{direction:function(e){var t="down";return e=e||m.scrollTop(),d.lastScroll!==P&&(d.lastScroll<e?t="down":d.lastScroll>e&&(t="up")),t},scrollChange:function(e){return e=e||m.scrollTop(),d.lastScroll?e-d.lastScroll:0},currentElementScroll:function(){return d.elementScroll?d.elementScroll:d.is.top()?Math.abs(parseInt(c.css("top"),10))||0:Math.abs(parseInt(c.css("bottom"),10))||0},elementScroll:function(e){e=e||m.scrollTop();var t=d.cache.element,n=d.cache.scrollContext,i=d.get.scrollChange(e),o=t.height-n.height+f.offset,a=d.get.currentElementScroll(),r=a+i;return a=d.cache.fits||r<0?0:o<r?o:r}},remove:{lastScroll:function(){delete d.lastScroll},elementScroll:function(e){delete d.elementScroll},minimumSize:function(){i.css("min-height","")},offset:function(){c.css("margin-top","")}},set:{offset:function(){d.verbose("Setting offset on element",f.offset),c.css("margin-top",f.offset)},containerSize:function(){var e=i.get(0).tagName;"HTML"===e||"body"==e?d.determineContainer():Math.abs(i.outerHeight()-d.cache.context.height)>f.jitter&&(d.debug("Context has padding, specifying exact height for container",d.cache.context.height),i.css({height:d.cache.context.height}))},minimumSize:function(){var e=d.cache.element;i.css("min-height",e.height)},scroll:function(e){d.debug("Setting scroll on element",e),d.elementScroll!=e&&(d.is.top()&&c.css("bottom","").css("top",-e),d.is.bottom()&&c.css("top","").css("bottom",e))},size:function(){0!==d.cache.element.height&&0!==d.cache.element.width&&(h.style.setProperty("width",d.cache.element.width+"px","important"),h.style.setProperty("height",d.cache.element.height+"px","important"))}},is:{standardScroll:function(){return m[0]==A},top:function(){return c.hasClass(n.top)},bottom:function(){return c.hasClass(n.bottom)},initialPosition:function(){return!d.is.fixed()&&!d.is.bound()},hidden:function(){return!c.is(":visible")},bound:function(){return c.hasClass(n.bound)},fixed:function(){return c.hasClass(n.fixed)}},stick:function(e){var t=e||m.scrollTop(),n=d.cache,i=n.fits,o=n.sameHeight,a=n.element,r=n.scrollContext,s=n.context,l=d.is.bottom()&&f.pushing?f.bottomOffset:f.offset,c=(e={top:t+l,bottom:t+l+r.height},d.get.direction(e.top),i?0:d.get.elementScroll(e.top)),u=!i;0!==a.height&&!o&&(d.is.initialPosition()?e.top>=s.bottom?(d.debug("Initial element position is bottom of container"),d.bindBottom()):e.top>a.top&&(a.height+e.top-c>=s.bottom?(d.debug("Initial element position is bottom of container"),d.bindBottom()):(d.debug("Initial element position is fixed"),d.fixTop())):d.is.fixed()?d.is.top()?e.top<=a.top?(d.debug("Fixed element reached top of container"),d.setInitialPosition()):a.height+e.top-c>=s.bottom?(d.debug("Fixed element reached bottom of container"),d.bindBottom()):u&&(d.set.scroll(c),d.save.lastScroll(e.top),d.save.elementScroll(c)):d.is.bottom()&&(e.bottom-a.height<=a.top?(d.debug("Bottom fixed rail has reached top of container"),d.setInitialPosition()):e.bottom>=s.bottom?(d.debug("Bottom fixed rail has reached bottom of container"),d.bindBottom()):u&&(d.set.scroll(c),d.save.lastScroll(e.top),d.save.elementScroll(c))):d.is.bottom()&&(e.top<=a.top?(d.debug("Jumped from bottom fixed to top fixed, most likely used home/end button"),d.setInitialPosition()):f.pushing?d.is.bound()&&e.bottom<=s.bottom&&(d.debug("Fixing bottom attached element to bottom of browser."),d.fixBottom()):d.is.bound()&&e.top<=s.bottom-a.height&&(d.debug("Fixing bottom attached element to top of browser."),d.fixTop())))},bindTop:function(){d.debug("Binding element to top of parent container"),d.remove.offset(),c.css({left:"",top:"",marginBottom:""}).removeClass(n.fixed).removeClass(n.bottom).addClass(n.bound).addClass(n.top),f.onTop.call(h),f.onUnstick.call(h)},bindBottom:function(){d.debug("Binding element to bottom of parent container"),d.remove.offset(),c.css({left:"",top:""}).removeClass(n.fixed).removeClass(n.top).addClass(n.bound).addClass(n.bottom),f.onBottom.call(h),f.onUnstick.call(h)},setInitialPosition:function(){d.debug("Returning to initial position"),d.unfix(),d.unbind()},fixTop:function(){d.debug("Fixing element to top of page"),f.setSize&&d.set.size(),d.set.minimumSize(),d.set.offset(),c.css({left:d.cache.element.left,bottom:"",marginBottom:""}).removeClass(n.bound).removeClass(n.bottom).addClass(n.fixed).addClass(n.top),f.onStick.call(h)},fixBottom:function(){d.debug("Sticking element to bottom of page"),f.setSize&&d.set.size(),d.set.minimumSize(),d.set.offset(),c.css({left:d.cache.element.left,bottom:"",marginBottom:""}).removeClass(n.bound).removeClass(n.top).addClass(n.fixed).addClass(n.bottom),f.onStick.call(h)},unbind:function(){d.is.bound()&&(d.debug("Removing container bound position on element"),d.remove.offset(),c.removeClass(n.bound).removeClass(n.top).removeClass(n.bottom))},unfix:function(){d.is.fixed()&&(d.debug("Removing fixed position on element"),d.remove.minimumSize(),d.remove.offset(),c.removeClass(n.fixed).removeClass(n.top).removeClass(n.bottom),f.onUnstick.call(h))},reset:function(){d.debug("Resetting elements position"),d.unbind(),d.unfix(),d.resetCSS(),d.remove.offset(),d.remove.lastScroll()},resetCSS:function(){c.css({width:"",height:""}),i.css({height:""})},setting:function(e,t){if(T.isPlainObject(e))T.extend(!0,f,e);else{if(t===P)return f[e];f[e]=t}},internal:function(e,t){if(T.isPlainObject(e))T.extend(!0,d,e);else{if(t===P)return d[e];d[e]=t}},debug:function(){!f.silent&&f.debug&&(f.performance?d.performance.log(arguments):(d.debug=Function.prototype.bind.call(console.info,console,f.name+":"),d.debug.apply(console,arguments)))},verbose:function(){!f.silent&&f.verbose&&f.debug&&(f.performance?d.performance.log(arguments):(d.verbose=Function.prototype.bind.call(console.info,console,f.name+":"),d.verbose.apply(console,arguments)))},error:function(){f.silent||(d.error=Function.prototype.bind.call(console.error,console,f.name+":"),d.error.apply(console,arguments))},performance:{log:function(e){var t,n;f.performance&&(n=(t=(new Date).getTime())-(x||t),x=t,C.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:h,"Execution Time":n})),clearTimeout(d.performance.timer),d.performance.timer=setTimeout(d.performance.display,0)},display:function(){var e=f.name+":",n=0;x=!1,clearTimeout(d.performance.timer),T.each(C,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",y&&(e+=" '"+y+"'"),(console.group!==P||console.table!==P)&&0<C.length&&(console.groupCollapsed(e),console.table?console.table(C):T.each(C,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),C=[]}},invoke:function(i,e,t){var o,a,n,r=g;return e=e||k,t=h||t,"string"==typeof i&&r!==P&&(i=i.split(/[\. ]/),o=i.length-1,T.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(T.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==P)return a=r[n],!1;if(!T.isPlainObject(r[t])||e==o)return r[t]!==P&&(a=r[t]),!1;r=r[t]}})),T.isFunction(a)?n=a.apply(t,e):a!==P&&(n=a),T.isArray(b)?b.push(n):b!==P?b=[b,n]:n!==P&&(b=n),a}},S?(g===P&&d.initialize(),d.invoke(w)):(g!==P&&g.invoke("destroy"),d.initialize())}),b!==P?b:this},T.fn.sticky.settings={name:"Sticky",namespace:"sticky",silent:!1,debug:!1,verbose:!0,performance:!0,pushing:!1,context:!1,container:!1,scrollContext:A,offset:0,bottomOffset:0,jitter:5,setSize:!0,observeChanges:!1,onReposition:function(){},onScroll:function(){},onStick:function(){},onUnstick:function(){},onTop:function(){},onBottom:function(){},error:{container:"Sticky element must be inside a relative container",visible:"Element is hidden, you must call refresh after element becomes visible. Use silent setting to surpress this warning in production.",method:"The method you called is not defined.",invalidContext:"Context specified does not exist",elementSize:"Sticky element is larger than its container, cannot create sticky."},className:{bound:"bound",fixed:"fixed",supported:"native",top:"top",bottom:"bottom"}}}(jQuery,window,document),function(E,F,O,D){"use strict";F=void 0!==F&&F.Math==Math?F:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),E.fn.tab=function(r){var c,u=E.isFunction(this)?E(F):E(this),d=u.selector||"",f=(new Date).getTime(),m=[],g=r,A="string"==typeof g,R=[].slice.call(arguments,1),P=!1;return u.each(function(){var p,a,h,v,b,y,x=E.isPlainObject(r)?E.extend(!0,{},E.fn.tab.settings,r):E.extend({},E.fn.tab.settings),C=x.className,w=x.metadata,t=x.selector,S=x.error,e="."+x.namespace,n="module-"+x.namespace,k=E(this),i={},T=!0,o=0,s=this,l=k.data(n);b={initialize:function(){b.debug("Initializing tab menu item",k),b.fix.callbacks(),b.determineTabs(),b.debug("Determining tabs",x.context,a),x.auto&&b.set.auto(),b.bind.events(),x.history&&!P&&(b.initializeHistory(),P=!0),b.instantiate()},instantiate:function(){b.verbose("Storing instance of module",b),l=b,k.data(n,b)},destroy:function(){b.debug("Destroying tabs",k),k.removeData(n).off(e)},bind:{events:function(){E.isWindow(s)||(b.debug("Attaching tab activation events to element",k),k.on("click"+e,b.event.click))}},determineTabs:function(){var e;"parent"===x.context?(0<k.closest(t.ui).length?(e=k.closest(t.ui),b.verbose("Using closest UI element as parent",e)):e=k,p=e.parent(),b.verbose("Determined parent element for creating context",p)):x.context?(p=E(x.context),b.verbose("Using selector for tab context",x.context,p)):p=E("body"),x.childrenOnly?(a=p.children(t.tabs),b.debug("Searching tab context children for tabs",p,a)):(a=p.find(t.tabs),b.debug("Searching tab context for tabs",p,a))},fix:{callbacks:function(){E.isPlainObject(r)&&(r.onTabLoad||r.onTabInit)&&(r.onTabLoad&&(r.onLoad=r.onTabLoad,delete r.onTabLoad,b.error(S.legacyLoad,r.onLoad)),r.onTabInit&&(r.onFirstLoad=r.onTabInit,delete r.onTabInit,b.error(S.legacyInit,r.onFirstLoad)),x=E.extend(!0,{},E.fn.tab.settings,r))}},initializeHistory:function(){if(b.debug("Initializing page state"),E.address===D)return b.error(S.state),!1;if("state"==x.historyType){if(b.debug("Using HTML5 to manage state"),!1===x.path)return b.error(S.path),!1;E.address.history(!0).state(x.path)}E.address.bind("change",b.event.history.change)},event:{click:function(e){var t=E(this).data(w.tab);t!==D?(x.history?(b.verbose("Updating page state",e),E.address.value(t)):(b.verbose("Changing tab",e),b.changeTab(t)),e.preventDefault()):b.debug("No tab specified")},history:{change:function(e){var t=e.pathNames.join("/")||b.get.initialPath(),n=x.templates.determineTitle(t)||!1;b.performance.display(),b.debug("History change event",t,e),y=e,t!==D&&b.changeTab(t),n&&E.address.title(n)}}},refresh:function(){h&&(b.debug("Refreshing tab",h),b.changeTab(h))},cache:{read:function(e){return e!==D&&i[e]},add:function(e,t){e=e||h,b.debug("Adding cached content for",e),i[e]=t},remove:function(e){e=e||h,b.debug("Removing cached content for",e),delete i[e]}},set:{auto:function(){var e="string"==typeof x.path?x.path.replace(/\/$/,"")+"/{$tab}":"/{$tab}";b.verbose("Setting up automatic tab retrieval from server",e),E.isPlainObject(x.apiSettings)?x.apiSettings.url=e:x.apiSettings={url:e}},loading:function(e){var t=b.get.tabElement(e);t.hasClass(C.loading)||(b.verbose("Setting loading state for",t),t.addClass(C.loading).siblings(a).removeClass(C.active+" "+C.loading),0<t.length&&x.onRequest.call(t[0],e))},state:function(e){E.address.value(e)}},changeTab:function(d){var f=F.history&&F.history.pushState&&x.ignoreFirstLoad&&T,m=x.auto||E.isPlainObject(x.apiSettings),g=m&&!f?b.utilities.pathToArray(d):b.get.defaultPathArray(d);d=b.utilities.arrayToPath(g),E.each(g,function(e,t){var n,i,o,a,r=g.slice(0,e+1),s=b.utilities.arrayToPath(r),l=b.is.tab(s),c=e+1==g.length,u=b.get.tabElement(s);if(b.verbose("Looking for tab",t),l){if(b.verbose("Tab was found",t),h=s,v=b.utilities.filterArray(g,r),c?a=!0:(i=g.slice(0,e+2),o=b.utilities.arrayToPath(i),(a=!b.is.tab(o))&&b.verbose("Tab parameters found",i)),a&&m)return f?(b.debug("Ignoring remote content on first tab load",s),T=!1,b.cache.add(d,u.html()),b.activate.all(s),x.onFirstLoad.call(u[0],s,v,y),x.onLoad.call(u[0],s,v,y)):(b.activate.navigation(s),b.fetch.content(s,d)),!1;b.debug("Opened local tab",s),b.activate.all(s),b.cache.read(s)||(b.cache.add(s,!0),b.debug("First time tab loaded calling tab init"),x.onFirstLoad.call(u[0],s,v,y)),x.onLoad.call(u[0],s,v,y)}else{if(-1!=d.search("/")||""===d)return b.error(S.missingTab,k,p,s),!1;if(s=(n=E("#"+d+', a[name="'+d+'"]')).closest("[data-tab]").data(w.tab),u=b.get.tabElement(s),n&&0<n.length&&s)return b.debug("Anchor link used, opening parent tab",u,n),u.hasClass(C.active)||setTimeout(function(){b.scrollTo(n)},0),b.activate.all(s),b.cache.read(s)||(b.cache.add(s,!0),b.debug("First time tab loaded calling tab init"),x.onFirstLoad.call(u[0],s,v,y)),x.onLoad.call(u[0],s,v,y),!1}})},scrollTo:function(e){var t=!!(e&&0<e.length)&&e.offset().top;!1!==t&&(b.debug("Forcing scroll to an in-page link in a hidden tab",t,e),E(O).scrollTop(t))},update:{content:function(e,t,n){var i=b.get.tabElement(e),o=i[0];n=n!==D?n:x.evaluateScripts,"string"==typeof x.cacheType&&"dom"==x.cacheType.toLowerCase()&&"string"!=typeof t?i.empty().append(E(t).clone(!0)):n?(b.debug("Updating HTML and evaluating inline scripts",e,t),i.html(t)):(b.debug("Updating HTML",e,t),o.innerHTML=t)}},fetch:{content:function(t,n){var e,i,o=b.get.tabElement(t),a={dataType:"html",encodeParameters:!1,on:"now",cache:x.alwaysRefresh,headers:{"X-Remote":!0},onSuccess:function(e){"response"==x.cacheType&&b.cache.add(n,e),b.update.content(t,e),t==h?(b.debug("Content loaded",t),b.activate.tab(t)):b.debug("Content loaded in background",t),x.onFirstLoad.call(o[0],t,v,y),x.onLoad.call(o[0],t,v,y),x.loadOnce?b.cache.add(n,!0):"string"==typeof x.cacheType&&"dom"==x.cacheType.toLowerCase()&&0<o.children().length?setTimeout(function(){var e=o.children().clone(!0);e=e.not("script"),b.cache.add(n,e)},0):b.cache.add(n,o.html())},urlData:{tab:n}},r=o.api("get request")||!1,s=r&&"pending"===r.state();n=n||t,i=b.cache.read(n),x.cache&&i?(b.activate.tab(t),b.debug("Adding cached content",n),x.loadOnce||("once"==x.evaluateScripts?b.update.content(t,i,!1):b.update.content(t,i)),x.onLoad.call(o[0],t,v,y)):s?(b.set.loading(t),b.debug("Content is already loading",n)):E.api!==D?(e=E.extend(!0,{},x.apiSettings,a),b.debug("Retrieving remote content",n,e),b.set.loading(t),o.api(e)):b.error(S.api)}},activate:{all:function(e){b.activate.tab(e),b.activate.navigation(e)},tab:function(e){var t=b.get.tabElement(e),n="siblings"==x.deactivate?t.siblings(a):a.not(t),i=t.hasClass(C.active);b.verbose("Showing tab content for",t),i||(t.addClass(C.active),n.removeClass(C.active+" "+C.loading),0<t.length&&x.onVisible.call(t[0],e))},navigation:function(e){var t=b.get.navElement(e),n="siblings"==x.deactivate?t.siblings(u):u.not(t),i=t.hasClass(C.active);b.verbose("Activating tab navigation for",t,e),i||(t.addClass(C.active),n.removeClass(C.active+" "+C.loading))}},deactivate:{all:function(){b.deactivate.navigation(),b.deactivate.tabs()},navigation:function(){u.removeClass(C.active)},tabs:function(){a.removeClass(C.active+" "+C.loading)}},is:{tab:function(e){return e!==D&&0<b.get.tabElement(e).length}},get:{initialPath:function(){return u.eq(0).data(w.tab)||a.eq(0).data(w.tab)},path:function(){return E.address.value()},defaultPathArray:function(e){return b.utilities.pathToArray(b.get.defaultPath(e))},defaultPath:function(e){var t=u.filter("[data-"+w.tab+'^="'+e+'/"]').eq(0).data(w.tab)||!1;if(t){if(b.debug("Found default tab",t),o<x.maxDepth)return o++,b.get.defaultPath(t);b.error(S.recursion)}else b.debug("No default tabs found for",e,a);return o=0,e},navElement:function(e){return e=e||h,u.filter("[data-"+w.tab+'="'+e+'"]')},tabElement:function(e){var t,n,i,o;return e=e||h,i=b.utilities.pathToArray(e),o=b.utilities.last(i),t=a.filter("[data-"+w.tab+'="'+e+'"]'),n=a.filter("[data-"+w.tab+'="'+o+'"]'),0<t.length?t:n},tab:function(){return h}},utilities:{filterArray:function(e,t){return E.grep(e,function(e){return-1==E.inArray(e,t)})},last:function(e){return!!E.isArray(e)&&e[e.length-1]},pathToArray:function(e){return e===D&&(e=h),"string"==typeof e?e.split("/"):[e]},arrayToPath:function(e){return!!E.isArray(e)&&e.join("/")}},setting:function(e,t){if(b.debug("Changing setting",e,t),E.isPlainObject(e))E.extend(!0,x,e);else{if(t===D)return x[e];E.isPlainObject(x[e])?E.extend(!0,x[e],t):x[e]=t}},internal:function(e,t){if(E.isPlainObject(e))E.extend(!0,b,e);else{if(t===D)return b[e];b[e]=t}},debug:function(){!x.silent&&x.debug&&(x.performance?b.performance.log(arguments):(b.debug=Function.prototype.bind.call(console.info,console,x.name+":"),b.debug.apply(console,arguments)))},verbose:function(){!x.silent&&x.verbose&&x.debug&&(x.performance?b.performance.log(arguments):(b.verbose=Function.prototype.bind.call(console.info,console,x.name+":"),b.verbose.apply(console,arguments)))},error:function(){x.silent||(b.error=Function.prototype.bind.call(console.error,console,x.name+":"),b.error.apply(console,arguments))},performance:{log:function(e){var t,n;x.performance&&(n=(t=(new Date).getTime())-(f||t),f=t,m.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:s,"Execution Time":n})),clearTimeout(b.performance.timer),b.performance.timer=setTimeout(b.performance.display,500)},display:function(){var e=x.name+":",n=0;f=!1,clearTimeout(b.performance.timer),E.each(m,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",d&&(e+=" '"+d+"'"),(console.group!==D||console.table!==D)&&0<m.length&&(console.groupCollapsed(e),console.table?console.table(m):E.each(m,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),m=[]}},invoke:function(i,e,t){var o,a,n,r=l;return e=e||R,t=s||t,"string"==typeof i&&r!==D&&(i=i.split(/[\. ]/),o=i.length-1,E.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(E.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==D)return a=r[n],!1;if(!E.isPlainObject(r[t])||e==o)return r[t]!==D?a=r[t]:b.error(S.method,i),!1;r=r[t]}})),E.isFunction(a)?n=a.apply(t,e):a!==D&&(n=a),E.isArray(c)?c.push(n):c!==D?c=[c,n]:n!==D&&(c=n),a}},A?(l===D&&b.initialize(),b.invoke(g)):(l!==D&&l.invoke("destroy"),b.initialize())}),c!==D?c:this},E.tab=function(){E(F).tab.apply(this,arguments)},E.fn.tab.settings={name:"Tab",namespace:"tab",silent:!1,debug:!1,verbose:!1,performance:!0,auto:!1,history:!1,historyType:"hash",path:!1,context:!1,childrenOnly:!1,maxDepth:25,deactivate:"siblings",alwaysRefresh:!1,cache:!0,loadOnce:!1,cacheType:"response",ignoreFirstLoad:!1,apiSettings:!1,evaluateScripts:"once",onFirstLoad:function(e,t,n){},onLoad:function(e,t,n){},onVisible:function(e,t,n){},onRequest:function(e,t,n){},templates:{determineTitle:function(e){}},error:{api:"You attempted to load content without API module",method:"The method you called is not defined",missingTab:"Activated tab cannot be found. Tabs are case-sensitive.",noContent:"The tab you specified is missing a content url.",path:"History enabled, but no path was specified",recursion:"Max recursive depth reached",legacyInit:"onTabInit has been renamed to onFirstLoad in 2.0, please adjust your code.",legacyLoad:"onTabLoad has been renamed to onLoad in 2.0. Please adjust your code",state:"History requires Asual's Address library <https://github.com/asual/jquery-address>"},metadata:{tab:"tab",loaded:"loaded",promise:"promise"},className:{loading:"loading",active:"active"},selector:{tabs:".ui.tab",ui:".ui"}}}(jQuery,window,document),function(C,e,w,S){"use strict";e=void 0!==e&&e.Math==Math?e:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),C.fn.transition=function(){var c,r=C(this),g=r.selector||"",p=(new Date).getTime(),h=[],v=arguments,b=v[0],y=[].slice.call(arguments,1),x="string"==typeof b;e.requestAnimationFrame||e.mozRequestAnimationFrame||e.webkitRequestAnimationFrame||e.msRequestAnimationFrame;return r.each(function(i){var u,s,t,d,n,o,e,a,f,m=C(this),l=this;(f={initialize:function(){u=f.get.settings.apply(l,v),d=u.className,t=u.error,n=u.metadata,a="."+u.namespace,e="module-"+u.namespace,s=m.data(e)||f,o=f.get.animationEndEvent(),x&&(x=f.invoke(b)),!1===x&&(f.verbose("Converted arguments into settings object",u),u.interval?f.delay(u.animate):f.animate(),f.instantiate())},instantiate:function(){f.verbose("Storing instance of module",f),s=f,m.data(e,s)},destroy:function(){f.verbose("Destroying previous module for",l),m.removeData(e)},refresh:function(){f.verbose("Refreshing display type on next animation"),delete f.displayType},forceRepaint:function(){f.verbose("Forcing element repaint");var e=m.parent(),t=m.next();0===t.length?m.detach().appendTo(e):m.detach().insertBefore(t)},repaint:function(){f.verbose("Repainting element");l.offsetWidth},delay:function(e){var t,n=f.get.animationDirection();n||(n=f.can.transition()?f.get.direction():"static"),e=e!==S?e:u.interval,t="auto"==u.reverse&&n==d.outward||1==u.reverse?(r.length-i)*u.interval:i*u.interval,f.debug("Delaying animation by",t),setTimeout(f.animate,t)},animate:function(e){if(u=e||u,!f.is.supported())return f.error(t.support),!1;if(f.debug("Preparing animation",u.animation),f.is.animating()){if(u.queue)return!u.allowRepeats&&f.has.direction()&&f.is.occurring()&&!0!==f.queuing?f.debug("Animation is currently occurring, preventing queueing same animation",u.animation):f.queue(u.animation),!1;if(!u.allowRepeats&&f.is.occurring())return f.debug("Animation is already occurring, will not execute repeated animation",u.animation),!1;f.debug("New animation started, completing previous early",u.animation),s.complete()}f.can.animate()?f.set.animating(u.animation):f.error(t.noAnimation,u.animation,l)},reset:function(){f.debug("Resetting animation to beginning conditions"),f.remove.animationCallbacks(),f.restore.conditions(),f.remove.animating()},queue:function(e){f.debug("Queueing animation of",e),f.queuing=!0,m.one(o+".queue"+a,function(){f.queuing=!1,f.repaint(),f.animate.apply(this,u)})},complete:function(e){f.debug("Animation complete",u.animation),f.remove.completeCallback(),f.remove.failSafe(),f.is.looping()||(f.is.outward()?(f.verbose("Animation is outward, hiding element"),f.restore.conditions(),f.hide()):f.is.inward()?(f.verbose("Animation is outward, showing element"),f.restore.conditions(),f.show()):(f.verbose("Static animation completed"),f.restore.conditions(),u.onComplete.call(l)))},force:{visible:function(){var e=m.attr("style"),t=f.get.userStyle(),n=f.get.displayType(),i=t+"display: "+n+" !important;",o=m.css("display"),a=e===S||""===e;o!==n?(f.verbose("Overriding default display to show element",n),m.attr("style",i)):a&&m.removeAttr("style")},hidden:function(){var e=m.attr("style"),t=m.css("display"),n=e===S||""===e;"none"===t||f.is.hidden()?n&&m.removeAttr("style"):(f.verbose("Overriding default display to hide element"),m.css("display","none"))}},has:{direction:function(e){var n=!1;return"string"==typeof(e=e||u.animation)&&(e=e.split(" "),C.each(e,function(e,t){t!==d.inward&&t!==d.outward||(n=!0)})),n},inlineDisplay:function(){var e=m.attr("style")||"";return C.isArray(e.match(/display.*?;/,""))}},set:{animating:function(e){var t;f.remove.completeCallback(),e=e||u.animation,t=f.get.animationClass(e),f.save.animation(t),f.force.visible(),f.remove.hidden(),f.remove.direction(),f.start.animation(t)},duration:function(e,t){((t="number"==typeof(t=t||u.duration)?t+"ms":t)||0===t)&&(f.verbose("Setting animation duration",t),m.css({"animation-duration":t}))},direction:function(e){(e=e||f.get.direction())==d.inward?f.set.inward():f.set.outward()},looping:function(){f.debug("Transition set to loop"),m.addClass(d.looping)},hidden:function(){m.addClass(d.transition).addClass(d.hidden)},inward:function(){f.debug("Setting direction to inward"),m.removeClass(d.outward).addClass(d.inward)},outward:function(){f.debug("Setting direction to outward"),m.removeClass(d.inward).addClass(d.outward)},visible:function(){m.addClass(d.transition).addClass(d.visible)}},start:{animation:function(e){e=e||f.get.animationClass(),f.debug("Starting tween",e),m.addClass(e).one(o+".complete"+a,f.complete),u.useFailSafe&&f.add.failSafe(),f.set.duration(u.duration),u.onStart.call(l)}},save:{animation:function(e){f.cache||(f.cache={}),f.cache.animation=e},displayType:function(e){"none"!==e&&m.data(n.displayType,e)},transitionExists:function(e,t){C.fn.transition.exists[e]=t,f.verbose("Saving existence of transition",e,t)}},restore:{conditions:function(){var e=f.get.currentAnimation();e&&(m.removeClass(e),f.verbose("Removing animation class",f.cache)),f.remove.duration()}},add:{failSafe:function(){var e=f.get.duration();f.timer=setTimeout(function(){m.triggerHandler(o)},e+u.failSafeDelay),f.verbose("Adding fail safe timer",f.timer)}},remove:{animating:function(){m.removeClass(d.animating)},animationCallbacks:function(){f.remove.queueCallback(),f.remove.completeCallback()},queueCallback:function(){m.off(".queue"+a)},completeCallback:function(){m.off(".complete"+a)},display:function(){m.css("display","")},direction:function(){m.removeClass(d.inward).removeClass(d.outward)},duration:function(){m.css("animation-duration","")},failSafe:function(){f.verbose("Removing fail safe timer",f.timer),f.timer&&clearTimeout(f.timer)},hidden:function(){m.removeClass(d.hidden)},visible:function(){m.removeClass(d.visible)},looping:function(){f.debug("Transitions are no longer looping"),f.is.looping()&&(f.reset(),m.removeClass(d.looping))},transition:function(){m.removeClass(d.visible).removeClass(d.hidden)}},get:{settings:function(e,t,n){return"object"==typeof e?C.extend(!0,{},C.fn.transition.settings,e):"function"==typeof n?C.extend({},C.fn.transition.settings,{animation:e,onComplete:n,duration:t}):"string"==typeof t||"number"==typeof t?C.extend({},C.fn.transition.settings,{animation:e,duration:t}):"object"==typeof t?C.extend({},C.fn.transition.settings,t,{animation:e}):"function"==typeof t?C.extend({},C.fn.transition.settings,{animation:e,onComplete:t}):C.extend({},C.fn.transition.settings,{animation:e})},animationClass:function(e){var t=e||u.animation,n=f.can.transition()&&!f.has.direction()?f.get.direction()+" ":"";return d.animating+" "+d.transition+" "+n+t},currentAnimation:function(){return!(!f.cache||f.cache.animation===S)&&f.cache.animation},currentDirection:function(){return f.is.inward()?d.inward:d.outward},direction:function(){return f.is.hidden()||!f.is.visible()?d.inward:d.outward},animationDirection:function(e){var n;return"string"==typeof(e=e||u.animation)&&(e=e.split(" "),C.each(e,function(e,t){t===d.inward?n=d.inward:t===d.outward&&(n=d.outward)})),n||!1},duration:function(e){return!1===(e=e||u.duration)&&(e=m.css("animation-duration")||0),"string"==typeof e?-1<e.indexOf("ms")?parseFloat(e):1e3*parseFloat(e):e},displayType:function(e){return e=e===S||e,u.displayType?u.displayType:(e&&m.data(n.displayType)===S&&f.can.transition(!0),m.data(n.displayType))},userStyle:function(e){return(e=e||m.attr("style")||"").replace(/display.*?;/,"")},transitionExists:function(e){return C.fn.transition.exists[e]},animationStartEvent:function(){var e,t=w.createElement("div"),n={animation:"animationstart",OAnimation:"oAnimationStart",MozAnimation:"mozAnimationStart",WebkitAnimation:"webkitAnimationStart"};for(e in n)if(t.style[e]!==S)return n[e];return!1},animationEndEvent:function(){var e,t=w.createElement("div"),n={animation:"animationend",OAnimation:"oAnimationEnd",MozAnimation:"mozAnimationEnd",WebkitAnimation:"webkitAnimationEnd"};for(e in n)if(t.style[e]!==S)return n[e];return!1}},can:{transition:function(e){var t,n,i,o,a,r,s=u.animation,l=f.get.transitionExists(s),c=f.get.displayType(!1);if(l===S||e){if(f.verbose("Determining whether animation exists"),t=m.attr("class"),n=m.prop("tagName"),o=(i=C("<"+n+" />").addClass(t).insertAfter(m)).addClass(s).removeClass(d.inward).removeClass(d.outward).addClass(d.animating).addClass(d.transition).css("animationName"),a=i.addClass(d.inward).css("animationName"),c||(c=i.attr("class",t).removeAttr("style").removeClass(d.hidden).removeClass(d.visible).show().css("display"),f.verbose("Determining final display state",c),f.save.displayType(c)),i.remove(),o!=a)f.debug("Direction exists for animation",s),r=!0;else{if("none"==o||!o)return void f.debug("No animation defined in css",s);f.debug("Static animation found",s,c),r=!1}f.save.transitionExists(s,r)}return l!==S?l:r},animate:function(){return f.can.transition()!==S}},is:{animating:function(){return m.hasClass(d.animating)},inward:function(){return m.hasClass(d.inward)},outward:function(){return m.hasClass(d.outward)},looping:function(){return m.hasClass(d.looping)},occurring:function(e){return e="."+(e=e||u.animation).replace(" ","."),0<m.filter(e).length},visible:function(){return m.is(":visible")},hidden:function(){return"hidden"===m.css("visibility")},supported:function(){return!1!==o}},hide:function(){f.verbose("Hiding element"),f.is.animating()&&f.reset(),l.blur(),f.remove.display(),f.remove.visible(),f.set.hidden(),f.force.hidden(),u.onHide.call(l),u.onComplete.call(l)},show:function(e){f.verbose("Showing element",e),f.remove.hidden(),f.set.visible(),f.force.visible(),u.onShow.call(l),u.onComplete.call(l)},toggle:function(){f.is.visible()?f.hide():f.show()},stop:function(){f.debug("Stopping current animation"),m.triggerHandler(o)},stopAll:function(){f.debug("Stopping all animation"),f.remove.queueCallback(),m.triggerHandler(o)},clear:{queue:function(){f.debug("Clearing animation queue"),f.remove.queueCallback()}},enable:function(){f.verbose("Starting animation"),m.removeClass(d.disabled)},disable:function(){f.debug("Stopping animation"),m.addClass(d.disabled)},setting:function(e,t){if(f.debug("Changing setting",e,t),C.isPlainObject(e))C.extend(!0,u,e);else{if(t===S)return u[e];C.isPlainObject(u[e])?C.extend(!0,u[e],t):u[e]=t}},internal:function(e,t){if(C.isPlainObject(e))C.extend(!0,f,e);else{if(t===S)return f[e];f[e]=t}},debug:function(){!u.silent&&u.debug&&(u.performance?f.performance.log(arguments):(f.debug=Function.prototype.bind.call(console.info,console,u.name+":"),f.debug.apply(console,arguments)))},verbose:function(){!u.silent&&u.verbose&&u.debug&&(u.performance?f.performance.log(arguments):(f.verbose=Function.prototype.bind.call(console.info,console,u.name+":"),f.verbose.apply(console,arguments)))},error:function(){u.silent||(f.error=Function.prototype.bind.call(console.error,console,u.name+":"),f.error.apply(console,arguments))},performance:{log:function(e){var t,n;u.performance&&(n=(t=(new Date).getTime())-(p||t),p=t,h.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:l,"Execution Time":n})),clearTimeout(f.performance.timer),f.performance.timer=setTimeout(f.performance.display,500)},display:function(){var e=u.name+":",n=0;p=!1,clearTimeout(f.performance.timer),C.each(h,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",g&&(e+=" '"+g+"'"),1<r.length&&(e+=" ("+r.length+")"),(console.group!==S||console.table!==S)&&0<h.length&&(console.groupCollapsed(e),console.table?console.table(h):C.each(h,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),h=[]}},invoke:function(i,e,t){var o,a,n,r=s;return e=e||y,t=l||t,"string"==typeof i&&r!==S&&(i=i.split(/[\. ]/),o=i.length-1,C.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(C.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==S)return a=r[n],!1;if(!C.isPlainObject(r[t])||e==o)return r[t]!==S&&(a=r[t]),!1;r=r[t]}})),C.isFunction(a)?n=a.apply(t,e):a!==S&&(n=a),C.isArray(c)?c.push(n):c!==S?c=[c,n]:n!==S&&(c=n),a!==S&&a}}).initialize()}),c!==S?c:this},C.fn.transition.exists={},C.fn.transition.settings={name:"Transition",silent:!1,debug:!1,verbose:!1,performance:!0,namespace:"transition",interval:0,reverse:"auto",onStart:function(){},onComplete:function(){},onShow:function(){},onHide:function(){},useFailSafe:!0,failSafeDelay:100,allowRepeats:!1,displayType:!1,animation:"fade",duration:!1,queue:!0,metadata:{displayType:"display"},className:{animating:"animating",disabled:"disabled",hidden:"hidden",inward:"in",loading:"loading",looping:"looping",outward:"out",transition:"transition",visible:"visible"},error:{noAnimation:"Element is no longer attached to DOM. Unable to animate.  Use silent setting to surpress this warning in production.",repeated:"That animation is already occurring, cancelling repeated animation",method:"The method you called is not defined",support:"This browser does not support CSS animations"}}}(jQuery,window,document),function(P,E,e,F){"use strict";E=void 0!==E&&E.Math==Math?E:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")();P.api=P.fn.api=function(x){var C,e=P.isFunction(this)?P(E):P(this),w=e.selector||"",S=(new Date).getTime(),k=[],T=x,A="string"==typeof T,R=[].slice.call(arguments,1);return e.each(function(){var a,r,n,e,s,l,c=P.isPlainObject(x)?P.extend(!0,{},P.fn.api.settings,x):P.extend({},P.fn.api.settings),t=c.namespace,i=c.metadata,o=c.selector,u=c.error,d=c.className,f="."+t,m="module-"+t,g=P(this),p=g.closest(o.form),h=c.stateContext?P(c.stateContext):g,v=this,b=h[0],y=g.data(m);l={initialize:function(){A||l.bind.events(),l.instantiate()},instantiate:function(){l.verbose("Storing instance of module",l),y=l,g.data(m,y)},destroy:function(){l.verbose("Destroying previous module for",v),g.removeData(m).off(f)},bind:{events:function(){var e=l.get.event();e?(l.verbose("Attaching API events to element",e),g.on(e+f,l.event.trigger)):"now"==c.on&&(l.debug("Querying API endpoint immediately"),l.query())}},decode:{json:function(e){if(e!==F&&"string"==typeof e)try{e=JSON.parse(e)}catch(e){}return e}},read:{cachedResponse:function(e){var t;if(E.Storage!==F)return t=sessionStorage.getItem(e),l.debug("Using cached response",e,t),t=l.decode.json(t);l.error(u.noStorage)}},write:{cachedResponse:function(e,t){t&&""===t?l.debug("Response empty, not caching",t):E.Storage!==F?(P.isPlainObject(t)&&(t=JSON.stringify(t)),sessionStorage.setItem(e,t),l.verbose("Storing cached response for url",e,t)):l.error(u.noStorage)}},query:function(){if(l.is.disabled())l.debug("Element is disabled API request aborted");else{if(l.is.loading()){if(!c.interruptRequests)return void l.debug("Cancelling request, previous request is still pending");l.debug("Interrupting previous request"),l.abort()}if(c.defaultData&&P.extend(!0,c.urlData,l.get.defaultData()),c.serializeForm&&(c.data=l.add.formData(c.data)),!1===(r=l.get.settings()))return l.cancelled=!0,void l.error(u.beforeSend);if(l.cancelled=!1,(n=l.get.templatedURL())||l.is.mocked()){if((n=l.add.urlData(n))||l.is.mocked()){if(r.url=c.base+n,a=P.extend(!0,{},c,{type:c.method||c.type,data:e,url:c.base+n,beforeSend:c.beforeXHR,success:function(){},failure:function(){},complete:function(){}}),l.debug("Querying URL",a.url),l.verbose("Using AJAX settings",a),"local"===c.cache&&l.read.cachedResponse(n))return l.debug("Response returned from local cache"),l.request=l.create.request(),void l.request.resolveWith(b,[l.read.cachedResponse(n)]);c.throttle?c.throttleFirstRequest||l.timer?(l.debug("Throttling request",c.throttle),clearTimeout(l.timer),l.timer=setTimeout(function(){l.timer&&delete l.timer,l.debug("Sending throttled request",e,a.method),l.send.request()},c.throttle)):(l.debug("Sending request",e,a.method),l.send.request(),l.timer=setTimeout(function(){},c.throttle)):(l.debug("Sending request",e,a.method),l.send.request())}}else l.error(u.missingURL)}},should:{removeError:function(){return!0===c.hideError||"auto"===c.hideError&&!l.is.form()}},is:{disabled:function(){return 0<g.filter(o.disabled).length},expectingJSON:function(){return"json"===c.dataType||"jsonp"===c.dataType},form:function(){return g.is("form")||h.is("form")},mocked:function(){return c.mockResponse||c.mockResponseAsync||c.response||c.responseAsync},input:function(){return g.is("input")},loading:function(){return!!l.request&&"pending"==l.request.state()},abortedRequest:function(e){return e&&e.readyState!==F&&0===e.readyState?(l.verbose("XHR request determined to be aborted"),!0):(l.verbose("XHR request was not aborted"),!1)},validResponse:function(e){return l.is.expectingJSON()&&P.isFunction(c.successTest)?(l.debug("Checking JSON returned success",c.successTest,e),c.successTest(e)?(l.debug("Response passed success test",e),!0):(l.debug("Response failed success test",e),!1)):(l.verbose("Response is not JSON, skipping validation",c.successTest,e),!0)}},was:{cancelled:function(){return l.cancelled||!1},succesful:function(){return l.request&&"resolved"==l.request.state()},failure:function(){return l.request&&"rejected"==l.request.state()},complete:function(){return l.request&&("resolved"==l.request.state()||"rejected"==l.request.state())}},add:{urlData:function(o,a){var e,t;return o&&(e=o.match(c.regExp.required),t=o.match(c.regExp.optional),a=a||c.urlData,e&&(l.debug("Looking for required URL variables",e),P.each(e,function(e,t){var n=-1!==t.indexOf("$")?t.substr(2,t.length-3):t.substr(1,t.length-2),i=P.isPlainObject(a)&&a[n]!==F?a[n]:g.data(n)!==F?g.data(n):h.data(n)!==F?h.data(n):a[n];if(i===F)return l.error(u.requiredParameter,n,o),o=!1;l.verbose("Found required variable",n,i),i=c.encodeParameters?l.get.urlEncodedValue(i):i,o=o.replace(t,i)})),t&&(l.debug("Looking for optional URL variables",e),P.each(t,function(e,t){var n=-1!==t.indexOf("$")?t.substr(3,t.length-4):t.substr(2,t.length-3),i=P.isPlainObject(a)&&a[n]!==F?a[n]:g.data(n)!==F?g.data(n):h.data(n)!==F?h.data(n):a[n];o=i!==F?(l.verbose("Optional variable Found",n,i),o.replace(t,i)):(l.verbose("Optional variable not found",n),-1!==o.indexOf("/"+t)?o.replace("/"+t,""):o.replace(t,""))}))),o},formData:function(e){var t=P.fn.serializeObject!==F,n=t?p.serializeObject():p.serialize();return e=e||c.data,e=P.isPlainObject(e)?t?(l.debug("Extending existing data with form data",e,n),P.extend(!0,{},e,n)):(l.error(u.missingSerialize),l.debug("Cant extend data. Replacing data with form data",e,n),n):(l.debug("Adding form data",n),n)}},send:{request:function(){l.set.loading(),l.request=l.create.request(),l.is.mocked()?l.mockedXHR=l.create.mockedXHR():l.xhr=l.create.xhr(),c.onRequest.call(b,l.request,l.xhr)}},event:{trigger:function(e){l.query(),"submit"!=e.type&&"click"!=e.type||e.preventDefault()},xhr:{always:function(){},done:function(e,t,n){var i=this,o=(new Date).getTime()-s,a=c.loadingDuration-o,r=!!P.isFunction(c.onResponse)&&(l.is.expectingJSON()?c.onResponse.call(i,P.extend(!0,{},e)):c.onResponse.call(i,e));a=0<a?a:0,r&&(l.debug("Modified API response in onResponse callback",c.onResponse,r,e),e=r),0<a&&l.debug("Response completed early delaying state change by",a),setTimeout(function(){l.is.validResponse(e)?l.request.resolveWith(i,[e,n]):l.request.rejectWith(i,[n,"invalid"])},a)},fail:function(e,t,n){var i=this,o=(new Date).getTime()-s,a=c.loadingDuration-o;0<(a=0<a?a:0)&&l.debug("Response completed early delaying state change by",a),setTimeout(function(){l.is.abortedRequest(e)?l.request.rejectWith(i,[e,"aborted",n]):l.request.rejectWith(i,[e,"error",t,n])},a)}},request:{done:function(e,t){l.debug("Successful API Response",e),"local"===c.cache&&n&&(l.write.cachedResponse(n,e),l.debug("Saving server response locally",l.cache)),c.onSuccess.call(b,e,g,t)},complete:function(e,t){var n,i;l.was.succesful()?(i=e,n=t):(n=e,i=l.get.responseFromXHR(n)),l.remove.loading(),c.onComplete.call(b,i,g,n)},fail:function(e,t,n){var i=l.get.responseFromXHR(e),o=l.get.errorFromRequest(i,t,n);if("aborted"==t)return l.debug("XHR Aborted (Most likely caused by page navigation or CORS Policy)",t,n),c.onAbort.call(b,t,g,e),!0;"invalid"==t?l.debug("JSON did not pass success test. A server-side error has most likely occurred",i):"error"==t&&e!==F&&(l.debug("XHR produced a server error",t,n),200!=e.status&&n!==F&&""!==n&&l.error(u.statusMessage+n,a.url),c.onError.call(b,o,g,e)),c.errorDuration&&"aborted"!==t&&(l.debug("Adding error state"),l.set.error(),l.should.removeError()&&setTimeout(l.remove.error,c.errorDuration)),l.debug("API Request failed",o,e),c.onFailure.call(b,i,g,e)}}},create:{request:function(){return P.Deferred().always(l.event.request.complete).done(l.event.request.done).fail(l.event.request.fail)},mockedXHR:function(){var e,t,n,i=c.mockResponse||c.response,o=c.mockResponseAsync||c.responseAsync;return n=P.Deferred().always(l.event.xhr.complete).done(l.event.xhr.done).fail(l.event.xhr.fail),i?(t=P.isFunction(i)?(l.debug("Using specified synchronous callback",i),i.call(b,r)):(l.debug("Using settings specified response",i),i),n.resolveWith(b,[t,!1,{responseText:t}])):P.isFunction(o)&&(e=function(e){l.debug("Async callback returned response",e),e?n.resolveWith(b,[e,!1,{responseText:e}]):n.rejectWith(b,[{responseText:e},!1,!1])},l.debug("Using specified async response callback",o),o.call(b,r,e)),n},xhr:function(){var e;return e=P.ajax(a).always(l.event.xhr.always).done(l.event.xhr.done).fail(l.event.xhr.fail),l.verbose("Created server request",e,a),e}},set:{error:function(){l.verbose("Adding error state to element",h),h.addClass(d.error)},loading:function(){l.verbose("Adding loading state to element",h),h.addClass(d.loading),s=(new Date).getTime()}},remove:{error:function(){l.verbose("Removing error state from element",h),h.removeClass(d.error)},loading:function(){l.verbose("Removing loading state from element",h),h.removeClass(d.loading)}},get:{responseFromXHR:function(e){return!!P.isPlainObject(e)&&(l.is.expectingJSON()?l.decode.json(e.responseText):e.responseText)},errorFromRequest:function(e,t,n){return P.isPlainObject(e)&&e.error!==F?e.error:c.error[t]!==F?c.error[t]:n},request:function(){return l.request||!1},xhr:function(){return l.xhr||!1},settings:function(){var e;return(e=c.beforeSend.call(b,c))&&(e.success!==F&&(l.debug("Legacy success callback detected",e),l.error(u.legacyParameters,e.success),e.onSuccess=e.success),e.failure!==F&&(l.debug("Legacy failure callback detected",e),l.error(u.legacyParameters,e.failure),e.onFailure=e.failure),e.complete!==F&&(l.debug("Legacy complete callback detected",e),l.error(u.legacyParameters,e.complete),e.onComplete=e.complete)),e===F&&l.error(u.noReturnedValue),!1===e?e:e!==F?P.extend(!0,{},e):P.extend(!0,{},c)},urlEncodedValue:function(e){var t=E.decodeURIComponent(e),n=E.encodeURIComponent(e);return t!==e?(l.debug("URL value is already encoded, avoiding double encoding",e),e):(l.verbose("Encoding value using encodeURIComponent",e,n),n)},defaultData:function(){var e={};return P.isWindow(v)||(l.is.input()?e.value=g.val():l.is.form()||(e.text=g.text())),e},event:function(){return P.isWindow(v)||"now"==c.on?(l.debug("API called without element, no events attached"),!1):"auto"==c.on?g.is("input")?v.oninput!==F?"input":v.onpropertychange!==F?"propertychange":"keyup":g.is("form")?"submit":"click":c.on},templatedURL:function(e){if(e=e||g.data(i.action)||c.action||!1,n=g.data(i.url)||c.url||!1)return l.debug("Using specified url",n),n;if(e){if(l.debug("Looking up url for action",e,c.api),c.api[e]===F&&!l.is.mocked())return void l.error(u.missingAction,c.action,c.api);n=c.api[e]}else l.is.form()&&(n=g.attr("action")||h.attr("action")||!1,l.debug("No url or action specified, defaulting to form action",n));return n}},abort:function(){var e=l.get.xhr();e&&"resolved"!==e.state()&&(l.debug("Cancelling API request"),e.abort())},reset:function(){l.remove.error(),l.remove.loading()},setting:function(e,t){if(l.debug("Changing setting",e,t),P.isPlainObject(e))P.extend(!0,c,e);else{if(t===F)return c[e];P.isPlainObject(c[e])?P.extend(!0,c[e],t):c[e]=t}},internal:function(e,t){if(P.isPlainObject(e))P.extend(!0,l,e);else{if(t===F)return l[e];l[e]=t}},debug:function(){!c.silent&&c.debug&&(c.performance?l.performance.log(arguments):(l.debug=Function.prototype.bind.call(console.info,console,c.name+":"),l.debug.apply(console,arguments)))},verbose:function(){!c.silent&&c.verbose&&c.debug&&(c.performance?l.performance.log(arguments):(l.verbose=Function.prototype.bind.call(console.info,console,c.name+":"),l.verbose.apply(console,arguments)))},error:function(){c.silent||(l.error=Function.prototype.bind.call(console.error,console,c.name+":"),l.error.apply(console,arguments))},performance:{log:function(e){var t,n;c.performance&&(n=(t=(new Date).getTime())-(S||t),S=t,k.push({Name:e[0],Arguments:[].slice.call(e,1)||"","Execution Time":n})),clearTimeout(l.performance.timer),l.performance.timer=setTimeout(l.performance.display,500)},display:function(){var e=c.name+":",n=0;S=!1,clearTimeout(l.performance.timer),P.each(k,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",w&&(e+=" '"+w+"'"),(console.group!==F||console.table!==F)&&0<k.length&&(console.groupCollapsed(e),console.table?console.table(k):P.each(k,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),k=[]}},invoke:function(i,e,t){var o,a,n,r=y;return e=e||R,t=v||t,"string"==typeof i&&r!==F&&(i=i.split(/[\. ]/),o=i.length-1,P.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(P.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==F)return a=r[n],!1;if(!P.isPlainObject(r[t])||e==o)return r[t]!==F?a=r[t]:l.error(u.method,i),!1;r=r[t]}})),P.isFunction(a)?n=a.apply(t,e):a!==F&&(n=a),P.isArray(C)?C.push(n):C!==F?C=[C,n]:n!==F&&(C=n),a}},A?(y===F&&l.initialize(),l.invoke(T)):(y!==F&&y.invoke("destroy"),l.initialize())}),C!==F?C:this},P.api.settings={name:"API",namespace:"api",debug:!1,verbose:!1,performance:!0,api:{},cache:!0,interruptRequests:!0,on:"auto",stateContext:!1,loadingDuration:0,hideError:"auto",errorDuration:2e3,encodeParameters:!0,action:!1,url:!1,base:"",urlData:{},defaultData:!0,serializeForm:!1,throttle:0,throttleFirstRequest:!0,method:"get",data:{},dataType:"json",mockResponse:!1,mockResponseAsync:!1,response:!1,responseAsync:!1,beforeSend:function(e){return e},beforeXHR:function(e){},onRequest:function(e,t){},onResponse:!1,onSuccess:function(e,t){},onComplete:function(e,t){},onFailure:function(e,t){},onError:function(e,t){},onAbort:function(e,t){},successTest:!1,error:{beforeSend:"The before send function has aborted the request",error:"There was an error with your request",exitConditions:"API Request Aborted. Exit conditions met",JSONParse:"JSON could not be parsed during error handling",legacyParameters:"You are using legacy API success callback names",method:"The method you called is not defined",missingAction:"API action used but no url was defined",missingSerialize:"jquery-serialize-object is required to add form data to an existing data object",missingURL:"No URL specified for api event",noReturnedValue:"The beforeSend callback must return a settings object, beforeSend ignored.",noStorage:"Caching responses locally requires session storage",parseError:"There was an error parsing your request",requiredParameter:"Missing a required URL parameter: ",statusMessage:"Server gave an error: ",timeout:"Your request timed out"},regExp:{required:/\{\$*[A-z0-9]+\}/g,optional:/\{\/\$*[A-z0-9]+\}/g},className:{loading:"loading",error:"error"},selector:{disabled:".disabled",form:"form"},metadata:{action:"action",url:"url"}}}(jQuery,window,document),function(P,E,F,O){"use strict";E=void 0!==E&&E.Math==Math?E:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")(),P.fn.visibility=function(b){var y,e=P(this),x=e.selector||"",C=(new Date).getTime(),w=[],S=b,k="string"==typeof S,T=[].slice.call(arguments,1),A=e.length,R=0;return e.each(function(){var e,t,n,s,o=P.isPlainObject(b)?P.extend(!0,{},P.fn.visibility.settings,b):P.extend({},P.fn.visibility.settings),i=o.className,a=o.namespace,l=o.error,r=o.metadata,c="."+a,u="module-"+a,d=P(E),f=P(this),m=P(o.context),g=(f.selector,f.data(u)),p=E.requestAnimationFrame||E.mozRequestAnimationFrame||E.webkitRequestAnimationFrame||E.msRequestAnimationFrame||function(e){setTimeout(e,0)},h=this,v=!1;s={initialize:function(){s.debug("Initializing",o),s.setup.cache(),s.should.trackChanges()&&("image"==o.type&&s.setup.image(),"fixed"==o.type&&s.setup.fixed(),o.observeChanges&&s.observeChanges(),s.bind.events()),s.save.position(),s.is.visible()||s.error(l.visible,f),o.initialCheck&&s.checkVisibility(),s.instantiate()},instantiate:function(){s.debug("Storing instance",s),f.data(u,s),g=s},destroy:function(){s.verbose("Destroying previous module"),n&&n.disconnect(),t&&t.disconnect(),d.off("load"+c,s.event.load).off("resize"+c,s.event.resize),m.off("scroll"+c,s.event.scroll).off("scrollchange"+c,s.event.scrollchange),"fixed"==o.type&&(s.resetFixed(),s.remove.placeholder()),f.off(c).removeData(u)},observeChanges:function(){"MutationObserver"in E&&(t=new MutationObserver(s.event.contextChanged),n=new MutationObserver(s.event.changed),t.observe(F,{childList:!0,subtree:!0}),n.observe(h,{childList:!0,subtree:!0}),s.debug("Setting up mutation observer",n))},bind:{events:function(){s.verbose("Binding visibility events to scroll and resize"),o.refreshOnLoad&&d.on("load"+c,s.event.load),d.on("resize"+c,s.event.resize),m.off("scroll"+c).on("scroll"+c,s.event.scroll).on("scrollchange"+c,s.event.scrollchange)}},event:{changed:function(e){s.verbose("DOM tree modified, updating visibility calculations"),s.timer=setTimeout(function(){s.verbose("DOM tree modified, updating sticky menu"),s.refresh()},100)},contextChanged:function(e){[].forEach.call(e,function(e){e.removedNodes&&[].forEach.call(e.removedNodes,function(e){(e==h||0<P(e).find(h).length)&&(s.debug("Element removed from DOM, tearing down events"),s.destroy())})})},resize:function(){s.debug("Window resized"),o.refreshOnResize&&p(s.refresh)},load:function(){s.debug("Page finished loading"),p(s.refresh)},scroll:function(){o.throttle?(clearTimeout(s.timer),s.timer=setTimeout(function(){m.triggerHandler("scrollchange"+c,[m.scrollTop()])},o.throttle)):p(function(){m.triggerHandler("scrollchange"+c,[m.scrollTop()])})},scrollchange:function(e,t){s.checkVisibility(t)}},precache:function(e,t){e instanceof Array||(e=[e]);for(var n=e.length,i=0,o=[],a=F.createElement("img"),r=function(){++i>=e.length&&P.isFunction(t)&&t()};n--;)(a=F.createElement("img")).onload=r,a.onerror=r,a.src=e[n],o.push(a)},enableCallbacks:function(){s.debug("Allowing callbacks to occur"),v=!1},disableCallbacks:function(){s.debug("Disabling all callbacks temporarily"),v=!0},should:{trackChanges:function(){return k?(s.debug("One time query, no need to bind events"),!1):(s.debug("Callbacks being attached"),!0)}},setup:{cache:function(){s.cache={occurred:{},screen:{},element:{}}},image:function(){var e=f.data(r.src);e&&(s.verbose("Lazy loading image",e),o.once=!0,o.observeChanges=!1,o.onOnScreen=function(){s.debug("Image on screen",h),s.precache(e,function(){s.set.image(e,function(){++R==A&&o.onAllLoaded.call(this),o.onLoad.call(this)})})})},fixed:function(){s.debug("Setting up fixed"),o.once=!1,o.observeChanges=!1,o.initialCheck=!0,o.refreshOnLoad=!0,b.transition||(o.transition=!1),s.create.placeholder(),s.debug("Added placeholder",e),o.onTopPassed=function(){s.debug("Element passed, adding fixed position",f),s.show.placeholder(),s.set.fixed(),o.transition&&P.fn.transition!==O&&f.transition(o.transition,o.duration)},o.onTopPassedReverse=function(){s.debug("Element returned to position, removing fixed",f),s.hide.placeholder(),s.remove.fixed()}}},create:{placeholder:function(){s.verbose("Creating fixed position placeholder"),e=f.clone(!1).css("display","none").addClass(i.placeholder).insertAfter(f)}},show:{placeholder:function(){s.verbose("Showing placeholder"),e.css("display","block").css("visibility","hidden")}},hide:{placeholder:function(){s.verbose("Hiding placeholder"),e.css("display","none").css("visibility","")}},set:{fixed:function(){s.verbose("Setting element to fixed position"),f.addClass(i.fixed).css({position:"fixed",top:o.offset+"px",left:"auto",zIndex:o.zIndex}),o.onFixed.call(h)},image:function(e,t){if(f.attr("src",e),o.transition)if(P.fn.transition!==O){if(f.hasClass(i.visible))return void s.debug("Transition already occurred on this image, skipping animation");f.transition(o.transition,o.duration,t)}else f.fadeIn(o.duration,t);else f.show()}},is:{onScreen:function(){return s.get.elementCalculations().onScreen},offScreen:function(){return s.get.elementCalculations().offScreen},visible:function(){return!(!s.cache||!s.cache.element)&&!(0===s.cache.element.width&&0===s.cache.element.offset.top)},verticallyScrollableContext:function(){var e=m.get(0)!==E&&m.css("overflow-y");return"auto"==e||"scroll"==e},horizontallyScrollableContext:function(){var e=m.get(0)!==E&&m.css("overflow-x");return"auto"==e||"scroll"==e}},refresh:function(){s.debug("Refreshing constants (width/height)"),"fixed"==o.type&&s.resetFixed(),s.reset(),s.save.position(),o.checkOnRefresh&&s.checkVisibility(),o.onRefresh.call(h)},resetFixed:function(){s.remove.fixed(),s.remove.occurred()},reset:function(){s.verbose("Resetting all cached values"),P.isPlainObject(s.cache)&&(s.cache.screen={},s.cache.element={})},checkVisibility:function(e){s.verbose("Checking visibility of element",s.cache.element),!v&&s.is.visible()&&(s.save.scroll(e),s.save.calculations(),s.passed(),s.passingReverse(),s.topVisibleReverse(),s.bottomVisibleReverse(),s.topPassedReverse(),s.bottomPassedReverse(),s.onScreen(),s.offScreen(),s.passing(),s.topVisible(),s.bottomVisible(),s.topPassed(),s.bottomPassed(),o.onUpdate&&o.onUpdate.call(h,s.get.elementCalculations()))},passed:function(e,t){var n=s.get.elementCalculations();if(e&&t)o.onPassed[e]=t;else{if(e!==O)return s.get.pixelsPassed(e)>n.pixelsPassed;n.passing&&P.each(o.onPassed,function(e,t){n.bottomVisible||n.pixelsPassed>s.get.pixelsPassed(e)?s.execute(t,e):o.once||s.remove.occurred(t)})}},onScreen:function(e){var t=s.get.elementCalculations(),n=e||o.onOnScreen,i="onScreen";if(e&&(s.debug("Adding callback for onScreen",e),o.onOnScreen=e),t.onScreen?s.execute(n,i):o.once||s.remove.occurred(i),e!==O)return t.onOnScreen},offScreen:function(e){var t=s.get.elementCalculations(),n=e||o.onOffScreen,i="offScreen";if(e&&(s.debug("Adding callback for offScreen",e),o.onOffScreen=e),t.offScreen?s.execute(n,i):o.once||s.remove.occurred(i),e!==O)return t.onOffScreen},passing:function(e){var t=s.get.elementCalculations(),n=e||o.onPassing,i="passing";if(e&&(s.debug("Adding callback for passing",e),o.onPassing=e),t.passing?s.execute(n,i):o.once||s.remove.occurred(i),e!==O)return t.passing},topVisible:function(e){var t=s.get.elementCalculations(),n=e||o.onTopVisible,i="topVisible";if(e&&(s.debug("Adding callback for top visible",e),o.onTopVisible=e),t.topVisible?s.execute(n,i):o.once||s.remove.occurred(i),e===O)return t.topVisible},bottomVisible:function(e){var t=s.get.elementCalculations(),n=e||o.onBottomVisible,i="bottomVisible";if(e&&(s.debug("Adding callback for bottom visible",e),o.onBottomVisible=e),t.bottomVisible?s.execute(n,i):o.once||s.remove.occurred(i),e===O)return t.bottomVisible},topPassed:function(e){var t=s.get.elementCalculations(),n=e||o.onTopPassed,i="topPassed";if(e&&(s.debug("Adding callback for top passed",e),o.onTopPassed=e),t.topPassed?s.execute(n,i):o.once||s.remove.occurred(i),e===O)return t.topPassed},bottomPassed:function(e){var t=s.get.elementCalculations(),n=e||o.onBottomPassed,i="bottomPassed";if(e&&(s.debug("Adding callback for bottom passed",e),o.onBottomPassed=e),t.bottomPassed?s.execute(n,i):o.once||s.remove.occurred(i),e===O)return t.bottomPassed},passingReverse:function(e){var t=s.get.elementCalculations(),n=e||o.onPassingReverse,i="passingReverse";if(e&&(s.debug("Adding callback for passing reverse",e),o.onPassingReverse=e),t.passing?o.once||s.remove.occurred(i):s.get.occurred("passing")&&s.execute(n,i),e!==O)return!t.passing},topVisibleReverse:function(e){var t=s.get.elementCalculations(),n=e||o.onTopVisibleReverse,i="topVisibleReverse";if(e&&(s.debug("Adding callback for top visible reverse",e),o.onTopVisibleReverse=e),t.topVisible?o.once||s.remove.occurred(i):s.get.occurred("topVisible")&&s.execute(n,i),e===O)return!t.topVisible},bottomVisibleReverse:function(e){var t=s.get.elementCalculations(),n=e||o.onBottomVisibleReverse,i="bottomVisibleReverse";if(e&&(s.debug("Adding callback for bottom visible reverse",e),o.onBottomVisibleReverse=e),t.bottomVisible?o.once||s.remove.occurred(i):s.get.occurred("bottomVisible")&&s.execute(n,i),e===O)return!t.bottomVisible},topPassedReverse:function(e){var t=s.get.elementCalculations(),n=e||o.onTopPassedReverse,i="topPassedReverse";if(e&&(s.debug("Adding callback for top passed reverse",e),o.onTopPassedReverse=e),t.topPassed?o.once||s.remove.occurred(i):s.get.occurred("topPassed")&&s.execute(n,i),e===O)return!t.onTopPassed},bottomPassedReverse:function(e){var t=s.get.elementCalculations(),n=e||o.onBottomPassedReverse,i="bottomPassedReverse";if(e&&(s.debug("Adding callback for bottom passed reverse",e),o.onBottomPassedReverse=e),t.bottomPassed?o.once||s.remove.occurred(i):s.get.occurred("bottomPassed")&&s.execute(n,i),e===O)return!t.bottomPassed},execute:function(e,t){var n=s.get.elementCalculations(),i=s.get.screenCalculations();(e=e||!1)&&(o.continuous?(s.debug("Callback being called continuously",t,n),e.call(h,n,i)):s.get.occurred(t)||(s.debug("Conditions met",t,n),e.call(h,n,i))),s.save.occurred(t)},remove:{fixed:function(){s.debug("Removing fixed position"),f.removeClass(i.fixed).css({position:"",top:"",left:"",zIndex:""}),o.onUnfixed.call(h)},placeholder:function(){s.debug("Removing placeholder content"),e&&e.remove()},occurred:function(e){if(e){var t=s.cache.occurred;t[e]!==O&&!0===t[e]&&(s.debug("Callback can now be called again",e),s.cache.occurred[e]=!1)}else s.cache.occurred={}}},save:{calculations:function(){s.verbose("Saving all calculations necessary to determine positioning"),s.save.direction(),s.save.screenCalculations(),s.save.elementCalculations()},occurred:function(e){e&&(s.cache.occurred[e]!==O&&!0===s.cache.occurred[e]||(s.verbose("Saving callback occurred",e),s.cache.occurred[e]=!0))},scroll:function(e){e=e+o.offset||m.scrollTop()+o.offset,s.cache.scroll=e},direction:function(){var e,t=s.get.scroll(),n=s.get.lastScroll();return e=n<t&&n?"down":t<n&&n?"up":"static",s.cache.direction=e,s.cache.direction},elementPosition:function(){var e=s.cache.element,t=s.get.screenSize();return s.verbose("Saving element position"),e.fits=e.height<t.height,e.offset=f.offset(),e.width=f.outerWidth(),e.height=f.outerHeight(),s.is.verticallyScrollableContext()&&(e.offset.top+=m.scrollTop()-m.offset().top),s.is.horizontallyScrollableContext()&&(e.offset.left+=m.scrollLeft-m.offset().left),s.cache.element=e},elementCalculations:function(){var e=s.get.screenCalculations(),t=s.get.elementPosition();return o.includeMargin?(t.margin={},t.margin.top=parseInt(f.css("margin-top"),10),t.margin.bottom=parseInt(f.css("margin-bottom"),10),t.top=t.offset.top-t.margin.top,t.bottom=t.offset.top+t.height+t.margin.bottom):(t.top=t.offset.top,t.bottom=t.offset.top+t.height),t.topPassed=e.top>=t.top,t.bottomPassed=e.top>=t.bottom,t.topVisible=e.bottom>=t.top&&!t.topPassed,t.bottomVisible=e.bottom>=t.bottom&&!t.bottomPassed,t.pixelsPassed=0,t.percentagePassed=0,t.onScreen=(t.topVisible||t.passing)&&!t.bottomPassed,t.passing=t.topPassed&&!t.bottomPassed,t.offScreen=!t.onScreen,t.passing&&(t.pixelsPassed=e.top-t.top,t.percentagePassed=(e.top-t.top)/t.height),s.cache.element=t,s.verbose("Updated element calculations",t),t},screenCalculations:function(){var e=s.get.scroll();return s.save.direction(),s.cache.screen.top=e,s.cache.screen.bottom=e+s.cache.screen.height,s.cache.screen},screenSize:function(){s.verbose("Saving window position"),s.cache.screen={height:m.height()}},position:function(){s.save.screenSize(),s.save.elementPosition()}},get:{pixelsPassed:function(e){var t=s.get.elementCalculations();return-1<e.search("%")?t.height*(parseInt(e,10)/100):parseInt(e,10)},occurred:function(e){return s.cache.occurred!==O&&s.cache.occurred[e]||!1},direction:function(){return s.cache.direction===O&&s.save.direction(),s.cache.direction},elementPosition:function(){return s.cache.element===O&&s.save.elementPosition(),s.cache.element},elementCalculations:function(){return s.cache.element===O&&s.save.elementCalculations(),s.cache.element},screenCalculations:function(){return s.cache.screen===O&&s.save.screenCalculations(),s.cache.screen},screenSize:function(){return s.cache.screen===O&&s.save.screenSize(),s.cache.screen},scroll:function(){return s.cache.scroll===O&&s.save.scroll(),s.cache.scroll},lastScroll:function(){return s.cache.screen===O?(s.debug("First scroll event, no last scroll could be found"),!1):s.cache.screen.top}},setting:function(e,t){if(P.isPlainObject(e))P.extend(!0,o,e);else{if(t===O)return o[e];o[e]=t}},internal:function(e,t){if(P.isPlainObject(e))P.extend(!0,s,e);else{if(t===O)return s[e];s[e]=t}},debug:function(){!o.silent&&o.debug&&(o.performance?s.performance.log(arguments):(s.debug=Function.prototype.bind.call(console.info,console,o.name+":"),s.debug.apply(console,arguments)))},verbose:function(){!o.silent&&o.verbose&&o.debug&&(o.performance?s.performance.log(arguments):(s.verbose=Function.prototype.bind.call(console.info,console,o.name+":"),s.verbose.apply(console,arguments)))},error:function(){o.silent||(s.error=Function.prototype.bind.call(console.error,console,o.name+":"),s.error.apply(console,arguments))},performance:{log:function(e){var t,n;o.performance&&(n=(t=(new Date).getTime())-(C||t),C=t,w.push({Name:e[0],Arguments:[].slice.call(e,1)||"",Element:h,"Execution Time":n})),clearTimeout(s.performance.timer),s.performance.timer=setTimeout(s.performance.display,500)},display:function(){var e=o.name+":",n=0;C=!1,clearTimeout(s.performance.timer),P.each(w,function(e,t){n+=t["Execution Time"]}),e+=" "+n+"ms",x&&(e+=" '"+x+"'"),(console.group!==O||console.table!==O)&&0<w.length&&(console.groupCollapsed(e),console.table?console.table(w):P.each(w,function(e,t){console.log(t.Name+": "+t["Execution Time"]+"ms")}),console.groupEnd()),w=[]}},invoke:function(i,e,t){var o,a,n,r=g;return e=e||T,t=h||t,"string"==typeof i&&r!==O&&(i=i.split(/[\. ]/),o=i.length-1,P.each(i,function(e,t){var n=e!=o?t+i[e+1].charAt(0).toUpperCase()+i[e+1].slice(1):i;if(P.isPlainObject(r[n])&&e!=o)r=r[n];else{if(r[n]!==O)return a=r[n],!1;if(!P.isPlainObject(r[t])||e==o)return r[t]!==O?a=r[t]:s.error(l.method,i),!1;r=r[t]}})),P.isFunction(a)?n=a.apply(t,e):a!==O&&(n=a),P.isArray(y)?y.push(n):y!==O?y=[y,n]:n!==O&&(y=n),a}},k?(g===O&&s.initialize(),g.save.scroll(),g.save.calculations(),s.invoke(S)):(g!==O&&g.invoke("destroy"),s.initialize())}),y!==O?y:this},P.fn.visibility.settings={name:"Visibility",namespace:"visibility",debug:!1,verbose:!1,performance:!0,observeChanges:!0,initialCheck:!0,refreshOnLoad:!0,refreshOnResize:!0,checkOnRefresh:!0,once:!0,continuous:!1,offset:0,includeMargin:!1,context:E,throttle:!1,type:!1,zIndex:"10",transition:"fade in",duration:1e3,onPassed:{},onOnScreen:!1,onOffScreen:!1,onPassing:!1,onTopVisible:!1,onBottomVisible:!1,onTopPassed:!1,onBottomPassed:!1,onPassingReverse:!1,onTopVisibleReverse:!1,onBottomVisibleReverse:!1,onTopPassedReverse:!1,onBottomPassedReverse:!1,onLoad:function(){},onAllLoaded:function(){},onFixed:function(){},onUnfixed:function(){},onUpdate:!1,onRefresh:function(){},metadata:{src:"src"},className:{fixed:"fixed",placeholder:"placeholder",visible:"visible"},error:{method:"The method you called is not defined.",visible:"Element is hidden, you must call refresh after element becomes visible"}}}(jQuery,window,document);
\ No newline at end of file
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/sessions.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/sessions.html
deleted file mode 100644
index 825d64b06..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/sessions.html
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>Session List</title>
-	<link rel="stylesheet" href="semantic.min.css">
-	<link rel="stylesheet" href="icon.min.css">
-	<script src="jquery-3.6.0.min.js"></script>
-	<script src="semantic.min.js"></script>
-	<script src="kyuubi.js"></script>
-</head>
-<body>
-
-<div class="ui page">
-	<div class="ui black inverted massive menu">
-		<div class="item">
-			<img src="icon.png" alt="">
-		</div>
-		<a class="item" href="./"><i class="home icon"></i>Home</a>
-		<a class="item" href="./environment.html" ><i class="settings icon"></i>Environment</a>
-		<a class="active item" href="./sessions.html" ><i class="envelope icon"></i>Sessions</a>
-		<a class="item" href="./operations.html" ><i class="tasks icon"></i>Operations</a>
-		<a class="item" href="./metrics.html" ><i class="bars icon"></i>Metrics</a>
-		<a class="item" href="./threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-		<a class="item" href="../swagger"><i class="h square icon"></i>REST API</a>
-		<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-		<a class="item server version right padded"><i class="flag icon"></i>En</a>
-	</div>
-</div>
-
-<div class="ui raised inverted segment">
-	<div class="ui icon message">
-		<i class="notched circle loading icon"></i>
-		<div class="content">
-			<div class="header">Hang on... </div>
-			<p>We are looking for developers to help us build the UI.</p>
-		</div>
-	</div>
-</div>
-
-</body>
-</html>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/threaddump.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/threaddump.html
deleted file mode 100644
index be344f421..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/static/threaddump.html
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>Kyuubi Server Thread Dump</title>
-	<link rel="stylesheet" href="semantic.min.css">
-	<link rel="stylesheet" href="icon.min.css">
-	<script src="jquery-3.6.0.min.js"></script>
-	<script src="semantic.min.js"></script>
-	<script src="kyuubi.js"></script>
-</head>
-<body>
-
-<div class="ui page">
-	<div class="ui black inverted massive menu">
-		<div class="item">
-			<img src="icon.png" alt="">
-		</div>
-		<a class="item" href="./"><i class="home icon"></i>Home</a>
-		<a class="item" href="./environment.html" ><i class="settings icon"></i>Environment</a>
-		<a class="item" href="./sessions.html" ><i class="envelope icon"></i>Sessions</a>
-		<a class="item" href="./operations.html" ><i class="tasks icon"></i>Operations</a>
-		<a class="item" href="./metrics.html" ><i class="bars icon"></i>Metrics</a>
-		<a class="active item" href="./threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-		<a class="item" href="../swagger"><i class="h square icon"></i>REST API</a>
-		<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-		<a class="item server version right padded"><i class="flag icon"></i>En</a>
-	</div>
-</div>
-
-<div class="ui raised inverted segment">
-	<div class="ui icon message">
-		<i class="notched circle loading icon"></i>
-		<div class="content">
-			<div class="header">Hang on... </div>
-			<p>We are looking for developers to help us build the UI.</p>
-		</div>
-	</div>
-</div>
-
-</body>
-</html>
diff --git a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/swagger/index.html b/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/swagger/index.html
deleted file mode 100644
index 61172b2af..000000000
--- a/kyuubi-server/src/main/resources/org/apache/kyuubi/ui/swagger/index.html
+++ /dev/null
@@ -1,94 +0,0 @@
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one or more
-  ~ contributor license agreements.  See the NOTICE file distributed with
-  ~ this work for additional information regarding copyright ownership.
-  ~ The ASF licenses this file to You under the Apache License, Version 2.0
-  ~ (the "License"); you may not use this file except in compliance with
-  ~ the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8">
-    <title>Apache Kyuubi REST API Documentation</title>
-		<link rel="stylesheet" type="text/css" href="../static/semantic.min.css">
-		<link rel="stylesheet" type="text/css" href="../swagger-static/swagger-ui.css" />
-		<link rel="stylesheet" type="text/css" href="../static/icon.min.css">
-		<link rel="icon" type="image/png" href="../swagger-static/favicon-32x32.png" sizes="32x32" />
-		<link rel="icon" type="image/png" href="../swagger-static/favicon-16x16.png" sizes="16x16" />
-		<script src="../static/jquery-3.6.0.min.js"></script>
-		<script src="../static/semantic.min.js"></script>
-    <style>
-      html
-      {
-        box-sizing: border-box;
-        overflow: -moz-scrollbars-vertical;
-        overflow-y: scroll;
-      }
-
-      *,
-      *:before,
-      *:after
-      {
-        box-sizing: inherit;
-      }
-
-      body
-      {
-        margin:0;
-        background: #fafafa;
-      }
-    </style>
-  </head>
-
-		<div class="ui page">
-			<div class="ui black inverted massive menu">
-				<div class="item">
-					<img src="../static/icon.png" alt="">
-				</div>
-				<a class="item" href="./"><i class="home icon"></i>Home</a>
-				<a class="item" href="../static/environment.html" ><i class="settings icon"></i>Environment</a>
-				<a class="item" href="../static/sessions.html" ><i class="envelope icon"></i>Sessions</a>
-				<a class="item" href="../static/operations.html" ><i class="tasks icon"></i>Operations</a>
-				<a class="item" href="../static/metrics.html" ><i class="bars icon"></i>Metrics</a>
-				<a class="item" href="../static/threaddump.html" ><i class="bars icon"></i>Thread Dump</a>
-				<a class="active item" href="./"><i class="h square icon"></i>REST API</a>
-				<a class="item" href="https://kyuubi.apache.org/docs/latest"><i class="book icon"></i>Documentation</a>
-				<a class="item server version right padded"><i class="flag icon"></i>En</a>
-			</div>
-		</div>
-
-		<div id="swagger-ui"></div>
-
-    <script src="../swagger-static/swagger-ui-bundle.js" charset="UTF-8"> </script>
-    <script src="../swagger-static/swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
-    <script>
-    window.onload = function() {
-      // Begin Swagger UI call region
-      window.ui = SwaggerUIBundle({
-				url: location.origin + "/api/openapi.json",
-				dom_id: '#swagger-ui',
-				deepLinking: true,
-				presets: [
-					SwaggerUIBundle.presets.apis,
-					SwaggerUIStandalonePreset
-				],
-				plugins: [
-					SwaggerUIBundle.plugins.DownloadUrl
-				],
-				layout: "StandaloneLayout"
-			});
-			// End Swagger UI call region
-		};
-  </script>
-  </body>
-</html>
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
index 28dfab731..c5d44213c 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala
@@ -98,19 +98,13 @@ class KyuubiRestFrontendService(override val serverable: Serverable)
     val proxyHandler = ApiRootResource.getEngineUIProxyHandler(this)
     server.addHandler(authenticationFactory.httpHandlerWrapperFactory.wrapHandler(proxyHandler))
 
-    server.addStaticHandler("org/apache/kyuubi/ui/static", "/static/")
-    server.addRedirectHandler("/", "/static/")
-    server.addRedirectHandler("/static", "/static/")
-    server.addStaticHandler("META-INF/resources/webjars/swagger-ui/4.9.1/", "/swagger-static/")
-    server.addStaticHandler("org/apache/kyuubi/ui/swagger", "/swagger/")
-    server.addRedirectHandler("/docs", "/swagger/")
-    server.addRedirectHandler("/docs/", "/swagger/")
-    server.addRedirectHandler("/swagger", "/swagger/")
-
     installWebUI()
   }
 
   private def installWebUI(): Unit = {
+    // redirect root path to Web UI home page
+    server.addRedirectHandler("/", "/ui")
+
     val servletHandler = JettyUtils.createStaticHandler("dist", "/ui")
     // HTML5 Web History Mode requires redirect any url path under Web UI Servlet to the main page.
     // See more details at https://router.vuejs.org/guide/essentials/history-mode.html#html5-mode
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiRestFrontendServiceSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiRestFrontendServiceSuite.scala
index 1f0f0642a..20dd863f9 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiRestFrontendServiceSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/KyuubiRestFrontendServiceSuite.scala
@@ -46,14 +46,6 @@ class KyuubiRestFrontendServiceSuite extends RestFrontendTestHelper {
     assert(response.getStatusInfo.getReasonPhrase.equalsIgnoreCase("Internal Server Error"))
   }
 
-  test("swagger ui") {
-    Seq("/docs", "/swagger").foreach { p =>
-      val resp = webTarget.path(p).request().get()
-      assert(resp.readEntity(classOf[String])
-        .contains("<title>Apache Kyuubi REST API Documentation</title>"))
-    }
-  }
-
   test("swagger ui json data") {
     val resp = webTarget.path("/openapi.json").request().get()
     assert(resp.getStatus === 200)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/ui/JettyUtilsSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/ui/JettyUtilsSuite.scala
index 1f5bdd16a..1e6c6725d 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/ui/JettyUtilsSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/ui/JettyUtilsSuite.scala
@@ -22,11 +22,11 @@ import org.apache.kyuubi.{KyuubiException, KyuubiFunSuite}
 class JettyUtilsSuite extends KyuubiFunSuite {
 
   test("create static resource handler") {
-    val contextPath = "/static"
-    val handler = JettyUtils.createStaticHandler("org/apache/kyuubi/ui/static", contextPath)
+    val contextPath = "/dist"
+    val handler = JettyUtils.createStaticHandler("dist", contextPath)
     assert(handler.getContextPath === contextPath)
     val e = intercept[KyuubiException](JettyUtils
-      .createStaticHandler("org/apache/kyuubi/ui/static/nonexists", contextPath))
+      .createStaticHandler("nonexists", contextPath))
     assert(e.getMessage.startsWith("Could not find resource path"))
   }
 }
diff --git a/pom.xml b/pom.xml
index 417800be1..059bc214b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -210,7 +210,6 @@
         <spark.archive.download.skip>false</spark.archive.download.skip>
         <sqlite.version>3.42.0.0</sqlite.version>
         <swagger.version>2.2.1</swagger.version>
-        <swagger-ui.version>4.9.1</swagger-ui.version>
         <testcontainers-scala.version>0.41.0</testcontainers-scala.version>
         <!-- https://github.com/ThreeTen/threeten-extra/issues/226 -->
         <threeten.version>1.7.0</threeten.version>
@@ -833,18 +832,6 @@
                 </exclusions>
             </dependency>
 
-            <!--
-              1. This library only contains swagger-ui static resource (.html/.css/.js/.png), for more detail, see
-                 https://github.com/swagger-api/swagger-ui/blob/master/dist/
-              2. Note that when trying to upgrade swagger-ui, we should also update the version in the file(
-                 kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiRestFrontendService.scala).
-            -->
-            <dependency>
-                <groupId>org.webjars</groupId>
-                <artifactId>swagger-ui</artifactId>
-                <version>${swagger-ui.version}</version>
-            </dependency>
-
             <dependency>
                 <groupId>io.netty</groupId>
                 <artifactId>netty-all</artifactId>

From 3646ae08bd064ac2aa53ba10a411b067d046e098 Mon Sep 17 00:00:00 2001
From: Xianxun Ye <yesorno828423@gmail.com>
Date: Wed, 25 Oct 2023 16:27:13 +0800
Subject: [PATCH 721/760] [KYUUBI #5405] [FLINK] Support Flink 1.18

### _Why are the changes needed?_

Resolve: #5405 Support the Flink 1.18

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5465 from YesOrNo828/flink-1.18.

Closes #5405

a0010ca14 [Xianxun Ye] [KYUUBI #5405] [FLINK] Remove flink1.18 rc repo
2a4ae365c [Xianxun Ye] Update .github/workflows/master.yml
d4d458dc7 [Xianxun Ye] [KYUUBI #5405] [FLINK] Update the flink1.18-rc3 repo
99172e3da [Xianxun Ye] [KYUUBI #5405] [FLINK] Using the staging repo during the RC stage
4c0cf887b [Xianxun Ye] [KYUUBI #5405] [FLINK] Using the staging repo during the RC stage
c74f5c31b [Xianxun Ye] [KYUUBI #5405] [FLINK] fixed Pan's comments.
1933ebadd [Xianxun Ye] [KYUUBI #5405] [FLINK] Support Flink 1.18

Authored-by: Xianxun Ye <yesorno828423@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .github/workflows/master.yml                               | 5 +++++
 .../org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala  | 4 ++--
 pom.xml                                                    | 7 +++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index c934c2d5e..1819c4850 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -183,6 +183,7 @@ jobs:
         flink:
           - '1.16'
           - '1.17'
+          - '1.18'
         flink-archive: [ "" ]
         comment: [ "normal" ]
         include:
@@ -190,6 +191,10 @@ jobs:
             flink: '1.17'
             flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.16.1 -Dflink.archive.name=flink-1.16.1-bin-scala_2.12.tgz'
             comment: 'verify-on-flink-1.16-binary'
+          - java: 8
+            flink: '1.17'
+            flink-archive: '-Dflink.archive.mirror=https://archive.apache.org/dist/flink/flink-1.18.0 -Dflink.archive.name=flink-1.18.0-bin-scala_2.12.tgz'
+            comment: 'verify-on-flink-1.18-binary'
     steps:
       - uses: actions/checkout@v3
       - name: Tune Runner VM
diff --git a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
index 7d42aae8c..06165272d 100644
--- a/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
+++ b/externals/kyuubi-flink-sql-engine/src/main/scala/org/apache/kyuubi/engine/flink/FlinkEngineUtils.scala
@@ -48,7 +48,7 @@ object FlinkEngineUtils extends Logging {
 
   val EMBEDDED_MODE_CLIENT_OPTIONS: Options = getEmbeddedModeClientOptions(new Options)
 
-  private def SUPPORTED_FLINK_VERSIONS = Set("1.16", "1.17").map(SemanticVersion.apply)
+  private def SUPPORTED_FLINK_VERSIONS = Set("1.16", "1.17", "1.18").map(SemanticVersion.apply)
 
   val FLINK_RUNTIME_VERSION: SemanticVersion = SemanticVersion(EnvironmentInformation.getVersion)
 
@@ -119,7 +119,7 @@ object FlinkEngineUtils extends Logging {
         .build()
         .newInstance(flinkConf, commandLines)
         .asInstanceOf[DefaultContext]
-    } else if (FLINK_RUNTIME_VERSION === "1.17") {
+    } else if (FLINK_RUNTIME_VERSION >= "1.17") {
       invokeAs[DefaultContext](
         classOf[DefaultContext],
         "load",
diff --git a/pom.xml b/pom.xml
index 059bc214b..f03770b9d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2304,6 +2304,13 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>flink-1.18</id>
+            <properties>
+                <flink.version>1.18.0</flink.version>
+            </properties>
+        </profile>
+
         <profile>
             <id>zookeeper-3.6</id>
             <properties>

From ed0d9976ae6250b1fce4fd8c44b01e6f7acbaf4c Mon Sep 17 00:00:00 2001
From: davidyuan <yuanfuyuan@mafengwo.com>
Date: Wed, 25 Oct 2023 19:08:01 +0800
Subject: [PATCH 722/760] [KYUUBI #4186] Spark showProgress with JobInfo

### _Why are the changes needed?_

current version, when set `kyuubi.session.engine.spark.showProgress=true`, it will show stage's progress info,but the info only show stage's detail, now we need to add job info in this, just like
```
[Stage 1:>                                   (0 + 1) / 2]
```
to
```
[Job 1 (0 / 1) Stages] [Stage 1:>                                   (0 + 1) / 2]
```
**this update is useful when user want know their sql execute detail**

closes #4186

### _How was this patch tested?_
- [x] Add screenshots for manual tests if appropriate
**The photo show match log**
![image](https://github.com/apache/kyuubi/assets/51512358/73e0e2c0-f223-4d36-a3a7-638fb7691437)

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5410 from davidyuan1223/improvement_add_job_log.

Closes #4186

d8d03c4c0 [Cheng Pan] Update externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
a06e9a17c [david yuan] Update SparkConsoleProgressBar.scala
854408416 [david yuan] Merge branch 'apache:master' into improvement_add_job_log
963ff18b9 [david yuan] Update SparkConsoleProgressBar.scala
9e4635653 [david yuan] Update SparkConsoleProgressBar.scala
8c04dca7d [david yuan] Update SQLOperationListener.scala
39751bffa [davidyuan] fix
4f657e728 [davidyuan] fix deleted files
86756eba7 [david yuan] Merge branch 'apache:master' into improvement_add_job_log
0c9ac27b5 [davidyuan] add showProgress with jobInfo Unit Test
d4434a0de [davidyuan] Revert "add showProgress with jobInfo Unit Test"
84b1aa005 [davidyuan] Revert "improvement_add_job_log fix"
66126f96e [davidyuan] Merge remote-tracking branch 'origin/improvement_add_job_log' into improvement_add_job_log
228fd9cf3 [davidyuan] add showProgress with jobInfo Unit Test
055e0ac96 [davidyuan] add showProgress with jobInfo Unit Test
e4aac34bd [davidyuan] Merge remote-tracking branch 'origin/improvement_add_job_log' into improvement_add_job_log
b226adad8 [davidyuan] Merge remote-tracking branch 'origin/improvement_add_job_log' into improvement_add_job_log
a08799ca0 [david yuan] Update externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
a991b68c4 [david yuan] Update externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
d12046dac [davidyuan] add showProgress with jobInfo Unit Test
10a56b159 [davidyuan] add showProgress with jobInfo Unit Test
a973cdde6 [davidyuan] improvement_add_job_log fix 1. provide Option[Int] with JobId
e8a510891 [davidyuan] improvement_add_job_log fix 1. provide Option[Int] with JobId
7b9e874f2 [davidyuan] improvement_add_job_log fix 1. provide Option[Int] with JobId
5b4aaa8b5 [davidyuan] improvement_add_job_log fix 1. fix new end line 2. provide Option[Int] with JobId
780f9d15e [davidyuan] improvement_add_job_log fix 1. remove duplicate synchronized 2. because the activeJobs is ConcurrentHashMap, so reduce synchronized 3. fix scala code style 4. change forEach to asScala code style 5. change conf str to KyuubiConf.XXX.key
59340b713 [davidyuan] add showProgress with jobInfo Unit Test
af05089d4 [davidyuan] add showProgress with jobInfo Unit Test
c07535a01 [davidyuan] [Improvement] spark showProgress can briefly output info of the job #4186
d4bdec798 [yuanfuyuan] fix_4186
9fa8e73fc [davidyuan] add showProgress with jobInfo Unit Test
49debfbe3 [davidyuan] improvement_add_job_log fix 1. provide Option[Int] with JobId
5cf8714e0 [davidyuan] improvement_add_job_log fix 1. provide Option[Int] with JobId
249a422b6 [davidyuan] improvement_add_job_log fix 1. provide Option[Int] with JobId
e15fc7195 [davidyuan] improvement_add_job_log fix 1. fix new end line 2. provide Option[Int] with JobId
4564ef98f [davidyuan] improvement_add_job_log fix 1. remove duplicate synchronized 2. because the activeJobs is ConcurrentHashMap, so reduce synchronized 3. fix scala code style 4. change forEach to asScala code style 5. change conf str to KyuubiConf.XXX.key
32ad0759b [davidyuan] add showProgress with jobInfo Unit Test
d30492e46 [davidyuan] add showProgress with jobInfo Unit Test
6209c344e [davidyuan] [Improvement] spark showProgress can briefly output info of the job #4186
56b91a321 [yuanfuyuan] fix_4186

Lead-authored-by: davidyuan <yuanfuyuan@mafengwo.com>
Co-authored-by: davidyuan <davidyuan1223@gmail.com>
Co-authored-by: david yuan <51512358+davidyuan1223@users.noreply.github.com>
Co-authored-by: yuanfuyuan <1406957364@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/kyuubi/SQLOperationListener.scala   | 25 +++++++++++++++----
 .../kyuubi/SparkConsoleProgressBar.scala      | 20 +++++++++++++--
 .../org/apache/spark/kyuubi/StageStatus.scala |  8 ++++--
 .../kyuubi/SQLOperationListenerSuite.scala    | 23 ++++++++++++++++-
 4 files changed, 66 insertions(+), 10 deletions(-)

diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
index 4e4a940d2..686cb1f35 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SQLOperationListener.scala
@@ -20,6 +20,8 @@ package org.apache.spark.kyuubi
 import java.util.Properties
 import java.util.concurrent.ConcurrentHashMap
 
+import scala.collection.JavaConverters._
+
 import org.apache.spark.scheduler._
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.execution.ui.SparkListenerSQLExecutionEnd
@@ -44,7 +46,7 @@ class SQLOperationListener(
     spark: SparkSession) extends StatsReportListener with Logging {
 
   private val operationId: String = operation.getHandle.identifier.toString
-  private lazy val activeJobs = new java.util.HashSet[Int]()
+  private lazy val activeJobs = new ConcurrentHashMap[Int, SparkJobInfo]()
   private lazy val activeStages = new ConcurrentHashMap[SparkStageAttempt, SparkStageInfo]()
   private var executionId: Option[Long] = None
 
@@ -53,6 +55,7 @@ class SQLOperationListener(
     if (conf.get(ENGINE_SPARK_SHOW_PROGRESS)) {
       Some(new SparkConsoleProgressBar(
         operation,
+        activeJobs,
         activeStages,
         conf.get(ENGINE_SPARK_SHOW_PROGRESS_UPDATE_INTERVAL),
         conf.get(ENGINE_SPARK_SHOW_PROGRESS_TIME_FORMAT)))
@@ -79,9 +82,10 @@ class SQLOperationListener(
     }
   }
 
-  override def onJobStart(jobStart: SparkListenerJobStart): Unit = activeJobs.synchronized {
+  override def onJobStart(jobStart: SparkListenerJobStart): Unit = {
     if (sameGroupId(jobStart.properties)) {
       val jobId = jobStart.jobId
+      val stageIds = jobStart.stageInfos.map(_.stageId).toSet
       val stageSize = jobStart.stageInfos.size
       if (executionId.isEmpty) {
         executionId = Option(jobStart.properties.getProperty(SPARK_SQL_EXECUTION_ID_KEY))
@@ -93,17 +97,19 @@ class SQLOperationListener(
           case _ =>
         }
       }
+      activeJobs.put(
+        jobId,
+        new SparkJobInfo(stageSize, stageIds))
       withOperationLog {
-        activeJobs.add(jobId)
         info(s"Query [$operationId]: Job $jobId started with $stageSize stages," +
           s" ${activeJobs.size()} active jobs running")
       }
     }
   }
 
-  override def onJobEnd(jobEnd: SparkListenerJobEnd): Unit = activeJobs.synchronized {
+  override def onJobEnd(jobEnd: SparkListenerJobEnd): Unit = {
     val jobId = jobEnd.jobId
-    if (activeJobs.remove(jobId)) {
+    if (activeJobs.remove(jobId) != null) {
       val hint = jobEnd.jobResult match {
         case JobSucceeded => "succeeded"
         case _ => "failed" // TODO: Handle JobFailed(exception: Exception)
@@ -134,9 +140,18 @@ class SQLOperationListener(
 
   override def onStageCompleted(stageCompleted: SparkListenerStageCompleted): Unit = {
     val stageInfo = stageCompleted.stageInfo
+    val stageId = stageInfo.stageId
     val stageAttempt = SparkStageAttempt(stageInfo.stageId, stageInfo.attemptNumber())
     activeStages.synchronized {
       if (activeStages.remove(stageAttempt) != null) {
+        stageInfo.getStatusString match {
+          case "succeeded" =>
+            activeJobs.asScala.foreach { case (_, jobInfo) =>
+              if (jobInfo.stageIds.contains(stageId)) {
+                jobInfo.numCompleteStages.getAndIncrement()
+              }
+            }
+        }
         withOperationLog(super.onStageCompleted(stageCompleted))
       }
     }
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala
index dc8b493cc..feb0d16a1 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/SparkConsoleProgressBar.scala
@@ -29,6 +29,7 @@ import org.apache.kyuubi.operation.Operation
 
 class SparkConsoleProgressBar(
     operation: Operation,
+    liveJobs: ConcurrentHashMap[Int, SparkJobInfo],
     liveStages: ConcurrentHashMap[SparkStageAttempt, SparkStageInfo],
     updatePeriodMSec: Long,
     timeFormat: String)
@@ -72,6 +73,17 @@ class SparkConsoleProgressBar(
     }
   }
 
+  /**
+   * Use stageId to find stage's jobId
+   * @param stageId
+   * @return jobId (Optional)
+   */
+  private def findJobId(stageId: Int): Option[Int] = {
+    liveJobs.asScala.collectFirst {
+      case (jobId, jobInfo) if jobInfo.stageIds.contains(stageId) => jobId
+    }
+  }
+
   /**
    * Show progress bar in console. The progress bar is displayed in the next line
    * after your last output, keeps overwriting itself to hold in one line. The logging will follow
@@ -81,9 +93,13 @@ class SparkConsoleProgressBar(
     val width = TerminalWidth / stages.size
     val bar = stages.map { s =>
       val total = s.numTasks
-      val header = s"[Stage ${s.stageId}:"
+      val jobHeader = findJobId(s.stageId).map(jobId =>
+        s"[Job $jobId (${liveJobs.get(jobId).numCompleteStages} " +
+          s"/ ${liveJobs.get(jobId).numStages}) Stages] ").getOrElse(
+        "[There is no job about this stage] ")
+      val header = jobHeader + s"[Stage ${s.stageId}:"
       val tailer = s"(${s.numCompleteTasks} + ${s.numActiveTasks}) / $total]"
-      val w = width - header.length - tailer.length
+      val w = width + jobHeader.length - header.length - tailer.length
       val bar =
         if (w > 0) {
           val percent = w * s.numCompleteTasks.get / total
diff --git a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
index 2ea9c3fda..29644f9f4 100644
--- a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
+++ b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/spark/kyuubi/StageStatus.scala
@@ -24,6 +24,10 @@ case class SparkStageAttempt(stageId: Int, stageAttemptId: Int) {
 }
 
 class SparkStageInfo(val stageId: Int, val numTasks: Int) {
-  var numActiveTasks = new AtomicInteger(0)
-  var numCompleteTasks = new AtomicInteger(0)
+  val numActiveTasks = new AtomicInteger(0)
+  val numCompleteTasks = new AtomicInteger(0)
+}
+
+class SparkJobInfo(val numStages: Int, val stageIds: Set[Int]) {
+  val numCompleteStages = new AtomicInteger(0)
 }
diff --git a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SQLOperationListenerSuite.scala b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SQLOperationListenerSuite.scala
index 04277fca4..f732f7c38 100644
--- a/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SQLOperationListenerSuite.scala
+++ b/externals/kyuubi-spark-sql-engine/src/test/scala/org/apache/spark/kyuubi/SQLOperationListenerSuite.scala
@@ -22,13 +22,16 @@ import scala.collection.JavaConverters.asScalaBufferConverter
 import org.apache.hive.service.rpc.thrift.{TExecuteStatementReq, TFetchOrientation, TFetchResultsReq, TOperationHandle}
 import org.scalatest.time.SpanSugar._
 
+import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.OPERATION_SPARK_LISTENER_ENABLED
 import org.apache.kyuubi.engine.spark.WithSparkSQLEngine
 import org.apache.kyuubi.operation.HiveJDBCTestHelper
 
 class SQLOperationListenerSuite extends WithSparkSQLEngine with HiveJDBCTestHelper {
 
-  override def withKyuubiConf: Map[String, String] = Map.empty
+  override def withKyuubiConf: Map[String, String] = Map(
+    KyuubiConf.ENGINE_SPARK_SHOW_PROGRESS.key -> "true",
+    KyuubiConf.ENGINE_SPARK_SHOW_PROGRESS_UPDATE_INTERVAL.key -> "200")
 
   override protected def jdbcUrl: String = getJdbcUrl
 
@@ -54,6 +57,24 @@ class SQLOperationListenerSuite extends WithSparkSQLEngine with HiveJDBCTestHelp
     }
   }
 
+  test("operation listener with progress job info") {
+    val sql = "SELECT java_method('java.lang.Thread', 'sleep', 10000l) FROM range(1, 3, 1, 2);"
+    withSessionHandle { (client, handle) =>
+      val req = new TExecuteStatementReq()
+      req.setSessionHandle(handle)
+      req.setStatement(sql)
+      val tExecuteStatementResp = client.ExecuteStatement(req)
+      val opHandle = tExecuteStatementResp.getOperationHandle
+      val fetchResultsReq = new TFetchResultsReq(opHandle, TFetchOrientation.FETCH_NEXT, 1000)
+      fetchResultsReq.setFetchType(1.toShort)
+      eventually(timeout(90.seconds), interval(500.milliseconds)) {
+        val resultsResp = client.FetchResults(fetchResultsReq)
+        val logs = resultsResp.getResults.getColumns.get(0).getStringVal.getValues.asScala
+        assert(logs.exists(_.matches(".*\\[Job .* Stages\\] \\[Stage .*\\]")))
+      }
+    }
+  }
+
   test("SQLOperationListener configurable") {
     val sql = "select /*+ REPARTITION(3, a) */ a from values(1) t(a);"
     withSessionHandle { (client, handle) =>

From ab4dfa36885a5a5c8be90b47eeca43df11150567 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Wed, 25 Oct 2023 20:15:30 +0800
Subject: [PATCH 723/760] [KYUUBI #5486] Bump Kafka client version from 3.4.0
 to 3.5.1

### _Why are the changes needed?_

- Bump Kafka client version from 3.4.0 to 3.5.1
- Bump Docker image for Kafka 3 to 3.5.0 (equivalent to Confluent Platform 7.5.x)
- https://docs.confluent.io/platform/current/installation/versions-interoperability.html#cp-and-apache-ak-compatibility

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5486 from bowenliang123/bump-kafka.

Closes #5486

017ea860d [Bowen Liang] update dependencyList
20ad988ed [liangbowen] bump kafka client version 3.5.1

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 dev/dependencyList                                          | 6 +++---
 .../handler/ServerKafkaLoggingEventHandlerSuite.scala       | 6 +++---
 pom.xml                                                     | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 2f67f86a0..ede67c961 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -106,7 +106,7 @@ jetty-util-ajax/9.4.52.v20230823//jetty-util-ajax-9.4.52.v20230823.jar
 jetty-util/9.4.52.v20230823//jetty-util-9.4.52.v20230823.jar
 jline/0.9.94//jline-0.9.94.jar
 jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
-kafka-clients/3.4.0//kafka-clients-3.4.0.jar
+kafka-clients/3.5.1//kafka-clients-3.5.1.jar
 kubernetes-client-api/6.8.1//kubernetes-client-api-6.8.1.jar
 kubernetes-client/6.8.1//kubernetes-client-6.8.1.jar
 kubernetes-httpclient-okhttp/6.8.1//kubernetes-httpclient-okhttp-6.8.1.jar
@@ -184,7 +184,7 @@ simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml-engine/2.6//snakeyaml-engine-2.6.jar
 snakeyaml/2.2//snakeyaml-2.2.jar
-snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
+snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar
 sqlite-jdbc/3.42.0.0//sqlite-jdbc-3.42.0.0.jar
 swagger-annotations/2.2.1//swagger-annotations-2.2.1.jar
 swagger-core/2.2.1//swagger-core-2.2.1.jar
@@ -196,4 +196,4 @@ units/1.6//units-1.6.jar
 vertx-core/4.3.2//vertx-core-4.3.2.jar
 vertx-grpc/4.3.2//vertx-grpc-4.3.2.jar
 zjsonpatch/0.3.0//zjsonpatch-0.3.0.jar
-zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
+zstd-jni/1.5.5-1//zstd-jni-1.5.5-1.jar
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala
index 461414f3f..967053f8f 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/events/handler/ServerKafkaLoggingEventHandlerSuite.scala
@@ -104,10 +104,10 @@ abstract class ServerKafkaLoggingEventHandlerSuite extends WithKyuubiServer with
 
 class ServerKafkaLoggingEventHandlerSuiteForKafka2 extends ServerKafkaLoggingEventHandlerSuite {
   // equivalent to Apache Kafka 2.8.x
-  override val imageTag = "6.2.10"
+  override val imageTag = "6.2.12"
 }
 
 class ServerKafkaLoggingEventHandlerSuiteForKafka3 extends ServerKafkaLoggingEventHandlerSuite {
-  // equivalent to Apache Kafka 3.3.x
-  override val imageTag = "7.3.3"
+  // equivalent to Apache Kafka 3.5.x
+  override val imageTag = "7.5.1"
 }
diff --git a/pom.xml b/pom.xml
index f03770b9d..b278d7be1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,7 +171,7 @@
         <jetty.version>9.4.52.v20230823</jetty.version>
         <jline.version>0.9.94</jline.version>
         <junit.version>4.13.2</junit.version>
-        <kafka.version>3.4.0</kafka.version>
+        <kafka.version>3.5.1</kafka.version>
         <kubernetes-client.version>6.8.1</kubernetes-client.version>
         <kyuubi-shaded-zookeeper.artifacts>kyuubi-shaded-zookeeper-34</kyuubi-shaded-zookeeper.artifacts>
         <kyuubi-shaded-zookeeper.version>0.1.0</kyuubi-shaded-zookeeper.version>

From 2b20f7b6268e30b4d4e719a1135cd521098cb7a0 Mon Sep 17 00:00:00 2001
From: labbomb <739955946@qq.com>
Date: Wed, 25 Oct 2023 21:17:44 +0800
Subject: [PATCH 724/760] [KYUUBI #5517] [UI] Initial implement the SQL Lab
 page

### _Why are the changes needed?_

1. New SQL Lab Page
2. New core editor functionality
<img width="1674" alt="image" src="https://github.com/apache/kyuubi/assets/15062456/00cc9194-f43b-422f-a3dd-7b4456d9eb5b">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5517 from labbomb/dev.

Closes #5517

7b9f6dcea [labbomb] fix: adjust keyword case
edd71d232 [labbomb] fix: delete some language configs
45d999b88 [labbomb] fix: update license-binary
70edf9f47 [labbomb] fix: fix some errors
becb4e3a6 [labbomb] fix: fix some errors
d47e7f5c7 [labbomb] feat: add editor component

Authored-by: labbomb <739955946@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 LICENSE-binary                                |  22 +++
 kyuubi-server/web-ui/package.json             |   2 +
 kyuubi-server/web-ui/pnpm-lock.yaml           |  72 ++++++++-
 .../src/components/monaco-editor/index.vue    | 149 ++++++++++++++++++
 .../src/components/monaco-editor/type.ts      |  81 ++++++++++
 .../src/layout/components/aside/types.ts      |   5 +
 .../web-ui/src/pinia/editor/index.ts          |  37 +++++
 kyuubi-server/web-ui/src/pinia/editor/type.ts |  18 +++
 kyuubi-server/web-ui/src/router/index.ts      |   4 +-
 kyuubi-server/web-ui/src/router/lab/index.ts  |  26 +++
 kyuubi-server/web-ui/src/views/lab/index.vue  |  64 ++++++++
 11 files changed, 474 insertions(+), 6 deletions(-)
 create mode 100644 kyuubi-server/web-ui/src/components/monaco-editor/index.vue
 create mode 100644 kyuubi-server/web-ui/src/components/monaco-editor/type.ts
 create mode 100644 kyuubi-server/web-ui/src/pinia/editor/index.ts
 create mode 100644 kyuubi-server/web-ui/src/pinia/editor/type.ts
 create mode 100644 kyuubi-server/web-ui/src/router/lab/index.ts
 create mode 100644 kyuubi-server/web-ui/src/views/lab/index.vue

diff --git a/LICENSE-binary b/LICENSE-binary
index b449a8344..748842a61 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -374,12 +374,16 @@ is auto-generated by `pnpm licenses list --prod`.
 ├────────────────────────────────────┼──────────────┤
 │ typescript                         │ Apache-2.0   │
 ├────────────────────────────────────┼──────────────┤
+│ moo                                │ BSD-3-Clause │
+├────────────────────────────────────┼──────────────┤
 │ normalize-wheel-es                 │ BSD-3-Clause │
 ├────────────────────────────────────┼──────────────┤
 │ source-map                         │ BSD-3-Clause │
 ├────────────────────────────────────┼──────────────┤
 │ source-map-js                      │ BSD-3-Clause │
 ├────────────────────────────────────┼──────────────┤
+│ railroad-diagrams                  │ CC0-1.0      │
+├────────────────────────────────────┼──────────────┤
 │ picocolors                         │ ISC          │
 ├────────────────────────────────────┼──────────────┤
 │ @babel/helper-string-parser        │ MIT          │
@@ -452,6 +456,8 @@ is auto-generated by `pnpm licenses list --prod`.
 ├────────────────────────────────────┼──────────────┤
 │ combined-stream                    │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ commander                          │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ csstype                            │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ date-fns                           │ MIT          │
@@ -460,6 +466,8 @@ is auto-generated by `pnpm licenses list --prod`.
 ├────────────────────────────────────┼──────────────┤
 │ delayed-stream                     │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ discontinuous-range                │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ element-plus                       │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ escape-html                        │ MIT          │
@@ -470,6 +478,8 @@ is auto-generated by `pnpm licenses list --prod`.
 ├────────────────────────────────────┼──────────────┤
 │ form-data                          │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ get-stdin                          │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ lodash                             │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ lodash-es                          │ MIT          │
@@ -484,16 +494,26 @@ is auto-generated by `pnpm licenses list --prod`.
 ├────────────────────────────────────┼──────────────┤
 │ mime-types                         │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ monaco-editor                      │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ nanoid                             │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ nearley                            │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ pinia                              │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ pinia-plugin-persistedstate        │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ postcss                            │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ randexp                            │ MIT          │
+├────────────────────────────────────┼──────────────┤
+│ ret                                │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ sourcemap-codec                    │ MIT          │
 ├────────────────────────────────────┼──────────────┤
+│ sql-formatter                      │ MIT          │
+├────────────────────────────────────┼──────────────┤
 │ to-fast-properties                 │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ vue                                │ MIT          │
@@ -503,4 +523,6 @@ is auto-generated by `pnpm licenses list --prod`.
 │ vue-i18n                           │ MIT          │
 ├────────────────────────────────────┼──────────────┤
 │ vue-router                         │ MIT          │
+├────────────────────────────────────┼──────────────┤
+│ argparse                           │ Python-2.0   │
 └────────────────────────────────────┴──────────────┘
diff --git a/kyuubi-server/web-ui/package.json b/kyuubi-server/web-ui/package.json
index f31b836dc..239c62706 100644
--- a/kyuubi-server/web-ui/package.json
+++ b/kyuubi-server/web-ui/package.json
@@ -19,8 +19,10 @@
     "axios": "^0.27.2",
     "date-fns": "^2.29.3",
     "element-plus": "^2.2.12",
+    "monaco-editor": "^0.44.0",
     "pinia": "^2.0.18",
     "pinia-plugin-persistedstate": "^2.1.1",
+    "sql-formatter": "^13.0.1",
     "swagger-ui-dist": "^4.9.1",
     "vue": "^3.2.37",
     "vue-i18n": "^9.2.2",
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index ffed6c6bd..a83d162ab 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -1,9 +1,5 @@
 lockfileVersion: '6.0'
 
-settings:
-  autoInstallPeers: true
-  excludeLinksFromLockfile: false
-
 dependencies:
   '@element-plus/icons-vue':
     specifier: ^2.0.9
@@ -17,12 +13,18 @@ dependencies:
   element-plus:
     specifier: ^2.2.12
     version: 2.2.13(vue@3.2.37)
+  monaco-editor:
+    specifier: ^0.44.0
+    version: 0.44.0
   pinia:
     specifier: ^2.0.18
     version: 2.0.18(typescript@4.7.4)(vue@3.2.37)
   pinia-plugin-persistedstate:
     specifier: ^2.1.1
     version: 2.1.1(pinia@2.0.18)
+  sql-formatter:
+    specifier: ^13.0.1
+    version: 13.0.1
   swagger-ui-dist:
     specifier: ^4.9.1
     version: 4.19.1
@@ -1019,7 +1021,6 @@ packages:
 
   /argparse@2.0.1:
     resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
-    dev: true
 
   /array-union@2.1.0:
     resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==}
@@ -1148,6 +1149,10 @@ packages:
     dependencies:
       delayed-stream: 1.0.0
 
+  /commander@2.20.3:
+    resolution: {integrity: sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==}
+    dev: false
+
   /concat-map@0.0.1:
     resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
     dev: true
@@ -1268,6 +1273,10 @@ packages:
       path-type: 4.0.0
     dev: true
 
+  /discontinuous-range@1.0.0:
+    resolution: {integrity: sha512-c68LpLbO+7kP/b1Hr1qs8/BJ09F5khZGTxqxZuhzxpmwJKOgRFHJWIb9/KmqnqHhLdO55aOxFH/EGBvUQbL/RQ==}
+    dev: false
+
   /doctrine@3.0.0:
     resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==}
     engines: {node: '>=6.0.0'}
@@ -1648,6 +1657,11 @@ packages:
     resolution: {integrity: sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==}
     dev: true
 
+  /get-stdin@8.0.0:
+    resolution: {integrity: sha512-sY22aA6xchAzprjyqmSEQv4UbAAzRN0L2dQB0NlN5acTTK9Don6nhoc3eAbUnpZiCANAMfd/+40kVdKfFygohg==}
+    engines: {node: '>=10'}
+    dev: false
+
   /glob-parent@5.1.2:
     resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
     engines: {node: '>= 6'}
@@ -2055,6 +2069,14 @@ packages:
       ufo: 1.1.2
     dev: true
 
+  /monaco-editor@0.44.0:
+    resolution: {integrity: sha512-5SmjNStN6bSuSE5WPT2ZV+iYn1/yI9sd4Igtk23ChvqB7kDk9lZbB9F5frsuvpB+2njdIeGGFf2G4gbE6rCC9Q==}
+    dev: false
+
+  /moo@0.5.2:
+    resolution: {integrity: sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q==}
+    dev: false
+
   /ms@2.1.2:
     resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==}
     dev: true
@@ -2068,6 +2090,16 @@ packages:
     resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
     dev: true
 
+  /nearley@2.20.1:
+    resolution: {integrity: sha512-+Mc8UaAebFzgV+KpI5n7DasuuQCHA89dmwm7JXw3TV43ukfNQ9DnBH3Mdb2g/I4Fdxc26pwimBWvjIw0UAILSQ==}
+    hasBin: true
+    dependencies:
+      commander: 2.20.3
+      moo: 0.5.2
+      railroad-diagrams: 1.0.0
+      randexp: 0.4.6
+    dev: false
+
   /normalize-path@3.0.0:
     resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
     engines: {node: '>=0.10.0'}
@@ -2293,6 +2325,18 @@ packages:
     resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
     dev: true
 
+  /railroad-diagrams@1.0.0:
+    resolution: {integrity: sha512-cz93DjNeLY0idrCNOH6PviZGRN9GJhsdm9hpn1YCS879fj4W+x5IFJhhkRZcwVgMmFF7R82UA/7Oh+R8lLZg6A==}
+    dev: false
+
+  /randexp@0.4.6:
+    resolution: {integrity: sha512-80WNmd9DA0tmZrw9qQa62GPPWfuXJknrmVmLcxvq4uZBdYqb1wYoKTmnlGUchvVWe0XiLupYkBoXVOxz3C8DYQ==}
+    engines: {node: '>=0.12'}
+    dependencies:
+      discontinuous-range: 1.0.0
+      ret: 0.1.15
+    dev: false
+
   /react-is@17.0.2:
     resolution: {integrity: sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==}
     dev: true
@@ -2327,6 +2371,11 @@ packages:
       supports-preserve-symlinks-flag: 1.0.0
     dev: true
 
+  /ret@0.1.15:
+    resolution: {integrity: sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==}
+    engines: {node: '>=0.12'}
+    dev: false
+
   /reusify@1.0.4:
     resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==}
     engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
@@ -2423,6 +2472,15 @@ packages:
   /sourcemap-codec@1.4.8:
     resolution: {integrity: sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA==}
 
+  /sql-formatter@13.0.1:
+    resolution: {integrity: sha512-/tM0H1O2kto6DKv1YuaZa75PMr1J9vTHj5aMu3GF0coKskWUNNcHCvtE1YBHpoFEuKnGUqxAwEpeAH+BAcZcEQ==}
+    hasBin: true
+    dependencies:
+      argparse: 2.0.1
+      get-stdin: 8.0.0
+      nearley: 2.20.1
+    dev: false
+
   /stackback@0.0.2:
     resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
     dev: true
@@ -2911,3 +2969,7 @@ packages:
     resolution: {integrity: sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==}
     engines: {node: '>=12.20'}
     dev: true
+
+settings:
+  autoInstallPeers: true
+  excludeLinksFromLockfile: false
diff --git a/kyuubi-server/web-ui/src/components/monaco-editor/index.vue b/kyuubi-server/web-ui/src/components/monaco-editor/index.vue
new file mode 100644
index 000000000..4c387172a
--- /dev/null
+++ b/kyuubi-server/web-ui/src/components/monaco-editor/index.vue
@@ -0,0 +1,149 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<template>
+  <div ref="codeEditBox" style="height: 100%" />
+</template>
+
+<script lang="ts" setup>
+  import * as monaco from 'monaco-editor'
+  import { format } from 'sql-formatter'
+  import EditorWorker from 'monaco-editor/esm/vs/editor/editor.worker?worker'
+  import { editorProps } from './type'
+  import { useEditorStore } from '@/pinia/editor'
+  import { ref, toRaw, watch, onBeforeUnmount, onMounted } from 'vue'
+
+  // @ts-ignore: worker
+  self.MonacoEnvironment = {
+    getWorker() {
+      return new EditorWorker()
+    }
+  }
+
+  const props = defineProps(editorProps)
+  const emit = defineEmits([
+    'update:modelValue',
+    'change',
+    'editorMounted',
+    'editorSave'
+  ])
+
+  const editorStore = useEditorStore()
+  const monacoEditorThemeRef = ref(
+    editorStore.getCurrentTheme === 'dark' ? 'vs-dark' : 'vs'
+  )
+  let editor: monaco.editor.IStandaloneCodeEditor
+  const codeEditBox = ref()
+  const init = () => {
+    monaco.languages.registerCompletionItemProvider('sql', {
+      provideCompletionItems: function (model: any, position: any) {
+        const word = model.getWordUntilPosition(position)
+        const range = {
+          startLineNumber: position.lineNumber,
+          endLineNumber: position.lineNumber,
+          startColumn: word.startColumn,
+          endColumn: word.endColumn
+        }
+        const suggestions = []
+        const keywords = [
+          'SELECT',
+          'FROM',
+          'WHERE',
+          'AND',
+          'OR',
+          'LIMIT',
+          'ORDER BY',
+          'GROUP BY'
+        ]
+        for (const i in keywords) {
+          suggestions.push({
+            label: keywords[i],
+            kind: monaco.languages.CompletionItemKind['Function'],
+            insertText: keywords[i],
+            detail: '',
+            range: range
+          })
+        }
+        return {
+          suggestions: suggestions
+        }
+      }
+    })
+
+    editor = monaco.editor.create(codeEditBox.value, {
+      value: props.modelValue,
+      language: props.language,
+      theme: monacoEditorThemeRef.value,
+      ...props.options
+    })
+
+    editor.addCommand(monaco.KeyMod.CtrlCmd | monaco.KeyCode.KeyS, function () {
+      emit('editorSave')
+    })
+
+    editor.setValue(format(toRaw(editor).getValue()))
+
+    editor.onDidChangeModelContent(() => {
+      const value = editor.getValue()
+      emit('update:modelValue', value)
+      emit('change', value)
+    })
+    emit('editorMounted', editor)
+  }
+  watch(
+    () => props.modelValue,
+    (newValue) => {
+      if (editor) {
+        const value = editor.getValue()
+        if (newValue !== value) {
+          editor.setValue(newValue)
+          editor.setValue(format(toRaw(editor).getValue()))
+        }
+      }
+    }
+  )
+  watch(
+    () => props.options,
+    (newValue) => {
+      editor.updateOptions(newValue)
+    },
+    { deep: true }
+  )
+  watch(
+    () => props.language,
+    (newValue) => {
+      monaco.editor.setModelLanguage(editor.getModel()!, newValue)
+    }
+  )
+  watch(
+    () => editorStore.getCurrentTheme,
+    () => {
+      editor?.dispose()
+      monacoEditorThemeRef.value =
+        editorStore.getCurrentTheme === 'dark' ? 'vs-dark' : 'vs'
+      init()
+    }
+  )
+
+  onBeforeUnmount(() => {
+    editor.dispose()
+  })
+  onMounted(() => {
+    init()
+  })
+</script>
diff --git a/kyuubi-server/web-ui/src/components/monaco-editor/type.ts b/kyuubi-server/web-ui/src/components/monaco-editor/type.ts
new file mode 100644
index 000000000..80400565e
--- /dev/null
+++ b/kyuubi-server/web-ui/src/components/monaco-editor/type.ts
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { PropType } from 'vue'
+
+export type Theme = 'vs' | 'vs-dark'
+export type FoldingStrategy = 'auto' | 'indentation'
+export type RenderLineHighlight = 'all' | 'line' | 'none' | 'gutter'
+export interface Options {
+  automaticLayout?: boolean
+  foldingStrategy?: FoldingStrategy
+  renderLineHighlight?: RenderLineHighlight
+  selectOnLineNumbers?: boolean
+  minimap?: {
+    enabled: boolean
+  }
+  readOnly: boolean
+  contextmenu: boolean
+  fontSize?: number
+  scrollBeyondLastLine?: boolean
+  overviewRulerBorder?: boolean
+}
+
+export const editorProps = {
+  modelValue: {
+    type: String as PropType<string>,
+    default: null
+  },
+  width: {
+    type: [String, Number] as PropType<string | number>,
+    default: '100%'
+  },
+  height: {
+    type: [String, Number] as PropType<string | number>,
+    default: '100%'
+  },
+  language: {
+    type: String as PropType<string>,
+    default: 'sql'
+  },
+  theme: {
+    type: String as PropType<Theme>,
+    validator(value: string): boolean {
+      return ['vs', 'vs-dark'].includes(value)
+    },
+    default: 'vs'
+  },
+  options: {
+    type: Object as PropType<Options>,
+    default() {
+      return {
+        automaticLayout: true,
+        foldingStrategy: 'indentation',
+        renderLineHighlight: 'line',
+        selectOnLineNumbers: true,
+        minimap: {
+          enabled: false
+        },
+        readOnly: false,
+        contextmenu: true,
+        fontSize: 16,
+        scrollBeyondLastLine: true,
+        overviewRulerBorder: false
+      }
+    }
+  }
+}
diff --git a/kyuubi-server/web-ui/src/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/layout/components/aside/types.ts
index 728ee326d..a7e495e18 100644
--- a/kyuubi-server/web-ui/src/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/layout/components/aside/types.ts
@@ -94,5 +94,10 @@ export const MENUS = [
     label: 'Contact Us',
     icon: 'PhoneFilled',
     router: '/contact'
+  },
+  {
+    label: 'SQL Lab',
+    icon: 'Cpu',
+    router: '/lab'
   }
 ]
diff --git a/kyuubi-server/web-ui/src/pinia/editor/index.ts b/kyuubi-server/web-ui/src/pinia/editor/index.ts
new file mode 100644
index 000000000..8902d172c
--- /dev/null
+++ b/kyuubi-server/web-ui/src/pinia/editor/index.ts
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { defineStore } from 'pinia'
+import { Theme } from './type'
+
+export const useEditorStore = defineStore({
+  id: 'editor',
+  state: (): { theme: Theme } => ({
+    theme: 'light'
+  }),
+  persist: true,
+  getters: {
+    getCurrentTheme(): Theme {
+      return this.theme
+    }
+  },
+  actions: {
+    setCurrentTheme(theme: Theme): void {
+      this.theme = theme
+    }
+  }
+})
diff --git a/kyuubi-server/web-ui/src/pinia/editor/type.ts b/kyuubi-server/web-ui/src/pinia/editor/type.ts
new file mode 100644
index 000000000..4155d60e0
--- /dev/null
+++ b/kyuubi-server/web-ui/src/pinia/editor/type.ts
@@ -0,0 +1,18 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export type Theme = 'dark' | 'light'
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index 423715661..c59c5f28c 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -23,6 +23,7 @@ import contactRoutes from './contact'
 import managementRoutes from './management'
 import detailRoutes from './detail'
 import swaggerRoutes from './swagger'
+import labRoutes from './lab'
 
 const routes = [
   {
@@ -44,7 +45,8 @@ const routes = [
       ...managementRoutes,
       ...detailRoutes,
       ...swaggerRoutes,
-      ...contactRoutes
+      ...contactRoutes,
+      ...labRoutes
     ]
   }
 ]
diff --git a/kyuubi-server/web-ui/src/router/lab/index.ts b/kyuubi-server/web-ui/src/router/lab/index.ts
new file mode 100644
index 000000000..d78838079
--- /dev/null
+++ b/kyuubi-server/web-ui/src/router/lab/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const routes = [
+  {
+    path: '/lab',
+    name: 'lab',
+    component: () => import('@/views/lab/index.vue')
+  }
+]
+
+export default routes
diff --git a/kyuubi-server/web-ui/src/views/lab/index.vue b/kyuubi-server/web-ui/src/views/lab/index.vue
new file mode 100644
index 000000000..26ecfac0d
--- /dev/null
+++ b/kyuubi-server/web-ui/src/views/lab/index.vue
@@ -0,0 +1,64 @@
+<!--
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements.  See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership.  The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<template>
+  <div class="container">
+    <MonacoEditor
+      v-model="editorVariables.content"
+      :language="editorVariables.language"
+      @editor-mounted="editorMounted"
+      @change="handleContentChange"
+      @editor-save="editorSave" />
+  </div>
+</template>
+
+<script lang="ts" setup>
+  import MonacoEditor from '@/components/monaco-editor/index.vue'
+  import { reactive, toRaw } from 'vue'
+  import * as monaco from 'monaco-editor'
+  import { format } from 'sql-formatter'
+
+  const editorVariables = reactive({
+    editor: {} as any,
+    language: 'sql',
+    content: ''
+  })
+
+  const editorMounted = (editor: monaco.editor.IStandaloneCodeEditor) => {
+    editorVariables.editor = editor
+  }
+  const handleFormat = () => {
+    toRaw(editorVariables.editor).setValue(
+      format(toRaw(editorVariables.editor).getValue())
+    )
+  }
+
+  const editorSave = () => {
+    handleFormat()
+  }
+
+  const handleContentChange = (value: string) => {
+    editorVariables.content = value
+  }
+</script>
+
+<style lang="scss" scoped>
+  .container {
+    height: 70%;
+  }
+</style>

From feb9d164f68875a178d7eaa993d7218b257c951a Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Wed, 25 Oct 2023 21:18:39 +0800
Subject: [PATCH 725/760] [KYUUBI #5513][BATCH] Always redirect delete batch
 request to Kyuubi instance that owns batch session

### _Why are the changes needed?_

Fixed an issue where spark submit(BatchJobSubmission) could not be closed when invoking the delete interface to delete a batch in the process of submission with batch v2 feature.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

- [x] Run exist unit test.

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5514 from zwangsheng/KYUUBI#5513.

Closes #5513

868c02638 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
1e44acf89 [Cheng Pan] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
f0b3a53db [Binjie Yang] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
a238e4520 [Binjie Yang] Update kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
565b93857 [zwangsheng] modify comments
86ef016bb [zwangsheng] add comment and catch spec case
4c4086327 [zwangsheng] fix comments
73f89f051 [zwangsheng] [KYUUBI #5513][Improvement][BATCH] Redirect delete batch request when enabled v2 and current kyuubi not submitted this batch

Lead-authored-by: zwangsheng <binjieyang@apache.org>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Co-authored-by: Binjie Yang <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../server/api/v1/BatchesResource.scala       | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index 76d913a98..c0a3b0ed9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -477,16 +477,15 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
         checkPermission(userName, metadata.username)
         if (OperationState.isTerminal(OperationState.withName(metadata.state))) {
           new CloseBatchResponse(false, s"The batch[$metadata] has been terminated.")
-        } else if (batchV2Enabled(metadata.requestConf) && metadata.state == "INITIALIZED") {
-          if (batchService.get.cancelUnscheduledBatch(batchId)) {
-            new CloseBatchResponse(true, s"Unscheduled batch $batchId is canceled.")
-          } else if (OperationState.isTerminal(OperationState.withName(metadata.state))) {
-            new CloseBatchResponse(false, s"The batch[$metadata] has been terminated.")
-          } else {
-            info(s"Cancel batch[$batchId] with state ${metadata.state} by killing application")
-            val (killed, msg) = forceKill(metadata.appMgrInfo, batchId, userName)
-            new CloseBatchResponse(killed, msg)
-          }
+        } else if (batchV2Enabled(metadata.requestConf) && metadata.state == "INITIALIZED" &&
+          // there is a chance that metadata is outdated, then `cancelUnscheduledBatch` fails
+          // and returns false
+          batchService.get.cancelUnscheduledBatch(batchId)) {
+          new CloseBatchResponse(true, s"Unscheduled batch $batchId is canceled.")
+        } else if (batchV2Enabled(metadata.requestConf) && metadata.kyuubiInstance == null) {
+          // code goes here indicates metadata is outdated, recursively calls itself to refresh
+          // the metadata
+          closeBatchSession(batchId, hs2ProxyUser)
         } else if (metadata.kyuubiInstance != fe.connectionUrl) {
           info(s"Redirecting delete batch[$batchId] to ${metadata.kyuubiInstance}")
           val internalRestClient = getInternalRestClient(metadata.kyuubiInstance)

From 603030fa8aec55c90b4e30282a57b1795df64a46 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 25 Oct 2023 22:03:45 +0800
Subject: [PATCH 726/760] [KYUUBI #5483] Release Spark TPC-H/DS Connectors with
 Scala 2.13

### _Why are the changes needed?_

Spark TPC-H/DS Connectors are mostly used for testing, we'd better provide both Scala 2.12 and 2.13 for next release

Close #5483

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5521 from pan3793/5483.

Closes #5483

49cd2a1ec [Cheng Pan] Update build/release/release.sh
13f3d8bb1 [Cheng Pan] Update build/release/release.sh
4a30b0829 [Cheng Pan] nit
ed388f995 [Cheng Pan] [KYUUBI #5483] Release Spark TPC-H/DS Connectors with Scala 2.13

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/build/release/release.sh b/build/release/release.sh
index 89ecd5230..047513dc5 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -109,15 +109,27 @@ upload_svn_staging() {
 }
 
 upload_nexus_staging() {
+  # Spark Extension Plugin for Spark 3.1
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.1 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-1 -am
+
+  # Spark Extension Plugin for Spark 3.2
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.2 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-2 -am
+
+  # Spark Extension Plugin for Spark 3.3
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.3 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-3 -am
+
+  # Spark TPC-DS/TPC-H Connector build with default Spark version (3.4) and Scala 2.13
+  ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4 \
+    -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
+    -pl extensions/spark/kyuubi-connector-tpcds,extensions/spark/kyuubi-connector-tpch
+
+  # All modules including Spark Extension Plugin and Connectors build with default Spark version (3.4) and default Scala version (2.12)
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml"
 }

From cb93d6fd1af42e5bafd2c25634a94186c2314f0c Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Wed, 25 Oct 2023 22:12:08 +0800
Subject: [PATCH 727/760] [KYUUBI #5523] [DOC] Update the Kyuubi supported
 components version

### _Why are the changes needed?_

Kyuubi 1.8 added the support for JDK 17 and Flink 1.18.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

<img width="1139" alt="image" src="https://github.com/apache/kyuubi/assets/26535726/2316fce3-20fc-49dc-a967-a40f9ea8f706">

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5523 from pan3793/doc-ver.

Closes #5523

d9024ccc7 [Cheng Pan] Update the Kyuubi supported components version

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/quick_start/quick_start.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/quick_start/quick_start.rst b/docs/quick_start/quick_start.rst
index 2cf5f567f..9d0a7d30c 100644
--- a/docs/quick_start/quick_start.rst
+++ b/docs/quick_start/quick_start.rst
@@ -34,17 +34,17 @@ For quick start deployment, we need to prepare the following stuffs:
   use Spark for demonstration.
 
 These essential components are JVM-based applications. So, the JRE needs to be
-pre-installed and the `JAVA_HOME` is correctly set to each component.
+pre-installed and the ``JAVA_HOME`` is correctly set to each component.
 
  ================ ============ =============== ===========================================
   Component        Role         Version         Remarks
  ================ ============ =============== ===========================================
-  **Java**         JRE          8/11            Officially released against JDK8
+  **Java**         JRE          8/11/17         Officially released against JDK8
   **Kyuubi**       Gateway      \ |release| \   - Kyuubi Server
                    Engine lib                   - Kyuubi Engine
                    Beeline                      - Kyuubi Hive Beeline
   **Spark**        Engine       >=3.1           A Spark distribution
-  **Flink**        Engine       1.16/1.17       A Flink distribution
+  **Flink**        Engine       1.16/1.17/1.18  A Flink distribution
   **Trino**        Engine       >=363           A Trino cluster
   **Doris**        Engine       N/A             A Doris cluster
   **Hive**         Engine       - 3.1.x         - A Hive distribution

From bf008de1e1b9831c1819cb5282148d04a7fba156 Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Thu, 26 Oct 2023 08:43:41 +0800
Subject: [PATCH 728/760] [KYUUBI #5522] [BATCH] Ignore main class for PySpark
 batch job submission

### _Why are the changes needed?_

For PySpark batch jobs, the main class is not required for spark submission and should be ignored.

- Spark submit doc: https://spark.apache.org/docs/latest/submitting-applications.html
- Also reported in : https://github.com/apache/kyuubi/pull/5498/files#diff-a215909f2588cb42eb307d1bdaa73eef9e05259bb0a99099f29859235bec19bbR30

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5522 from bowenliang123/pyspark-submit-ignore.

Closes #5522

c28ef86da [liangbowen] ignore main class for pyspark batch submission

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../kyuubi/operation/BatchJobSubmission.scala | 29 +++++++++----------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
index 779dc48ae..af6242ae1 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/operation/BatchJobSubmission.scala
@@ -84,22 +84,21 @@ class BatchJobSubmission(
 
   @VisibleForTesting
   private[kyuubi] val builder: ProcBuilder = {
-    Option(batchType).map(_.toUpperCase(Locale.ROOT)) match {
-      case Some("SPARK") | Some("PYSPARK") =>
-        new SparkBatchProcessBuilder(
-          session.user,
-          session.sessionConf,
-          batchId,
-          batchName,
-          Option(resource),
-          className,
-          batchConf,
-          batchArgs,
-          getOperationLog)
-
-      case _ =>
-        throw new UnsupportedOperationException(s"Batch type $batchType unsupported")
+    val mainClass = Option(batchType).map(_.toUpperCase(Locale.ROOT)) match {
+      case Some("SPARK") => className
+      case Some("PYSPARK") => null
+      case _ => throw new UnsupportedOperationException(s"Batch type $batchType unsupported")
     }
+    new SparkBatchProcessBuilder(
+      session.user,
+      session.sessionConf,
+      batchId,
+      batchName,
+      Option(resource),
+      mainClass,
+      batchConf,
+      batchArgs,
+      getOperationLog)
   }
 
   override def currentApplicationInfo(): Option[ApplicationInfo] = {

From 7517f8c0112dbc58570569a4db324fbfc15c1745 Mon Sep 17 00:00:00 2001
From: Rojin Raju <rojinraju7@gmail.com>
Date: Thu, 26 Oct 2023 13:57:40 +0800
Subject: [PATCH 729/760] [KYUUBI #5508] Upgrade download-maven-plugin from
 1.6.8 to 1.7.1

### _Why are the changes needed?_

Updated the download maven plugin from 1.6.8 to 1.7.1 to solve #5508

- release note: https://github.com/maven-download-plugin/maven-download-plugin/releases/tag/1.7.1

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

NO

Closes #5525 from rojin254/patch-1.

Closes #5508

2a628b40e [Rojin Raju] Update download maven plugin version to 1.7.1 in pom.xml

Lead-authored-by: Rojin Raju <rojinraju7@gmail.com>
Co-authored-by: Rojin Raju <46747837+rojin254@users.noreply.github.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b278d7be1..f6f698bcb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -233,7 +233,7 @@
         <jars.target.dir>${project.build.directory}/scala-${scala.binary.version}/jars</jars.target.dir>
 
         <maven.plugin.build.helper.version>3.3.0</maven.plugin.build.helper.version>
-        <maven.plugin.download.version>1.6.8</maven.plugin.download.version>
+        <maven.plugin.download.version>1.7.1</maven.plugin.download.version>
         <maven.plugin.download.cache.path></maven.plugin.download.cache.path>
         <maven.plugin.enforcer.mojo.rules.version>1.6.1</maven.plugin.enforcer.mojo.rules.version>
         <maven.plugin.frontend.version>1.12.1</maven.plugin.frontend.version>

From fbf395408f28a062f917d9132da95b516b9d4b98 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Thu, 26 Oct 2023 13:58:57 +0800
Subject: [PATCH 730/760] [KYUUBI #5528] Remove duplicate properties tag and
 respect KYUUBI_LOG_DIR

### _Why are the changes needed?_

Remove duplicate attribute tags to fix `k8sAuditLogPath` property not found.

![image](https://github.com/apache/kyuubi/assets/17894939/824cd211-db59-4d84-8b33-cd5619716b2f)

and set logDir to KYUUBI_LOG_DIR.

![image](https://github.com/apache/kyuubi/assets/17894939/0c435589-152b-4dca-8ce0-cc967ce9e3e6)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5528 from wForget/hotfix.

Closes #5528

060e39698 [wforget] Respect KYUUBI_LOG_DIR
a1a808b0a [wforget] Remove duplicate properties tag

Authored-by: wforget <643348094@qq.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 conf/log4j2.xml.template | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/conf/log4j2.xml.template b/conf/log4j2.xml.template
index 2601690eb..215fddf47 100644
--- a/conf/log4j2.xml.template
+++ b/conf/log4j2.xml.template
@@ -21,10 +21,9 @@
  Set to debug or trace if log4j initialization is failing. -->
 <Configuration status="INFO">
     <Properties>
+        <Property name="logDir">${env:KYUUBI_LOG_DIR}</Property>
         <Property name="restAuditLogPath">rest-audit.log</Property>
         <Property name="restAuditLogFilePattern">rest-audit-%d{yyyy-MM-dd}-%i.log</Property>
-    </Properties>
-    <Properties>
         <Property name="k8sAuditLogPath">k8s-audit.log</Property>
         <Property name="k8sAuditLogFilePattern">k8s-audit-%d{yyyy-MM-dd}-%i.log</Property>
     </Properties>
@@ -35,7 +34,7 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
-        <RollingFile name="restAudit" fileName="${sys:restAuditLogPath}"
+        <RollingFile name="restAudit" fileName="${sys:logDir}/${sys:restAuditLogPath}"
                      filePattern="${sys:restAuditLogFilePattern}">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n%ex"/>
             <Policies>
@@ -43,7 +42,7 @@
             </Policies>
             <DefaultRolloverStrategy max="10"/>
         </RollingFile>
-        <RollingFile name="k8sAudit" fileName="${sys:k8sAuditLogPath}"
+        <RollingFile name="k8sAudit" fileName="${sys:logDir}/${sys:k8sAuditLogPath}"
                      filePattern="${sys:k8sAuditLogFilePattern}">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n%ex"/>
             <Policies>

From ceb84537835b61776629d3f1f23dade862059e1e Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 26 Oct 2023 14:57:36 +0800
Subject: [PATCH 731/760] [KYUUBI #5501] Update codecov token and fix codecov
 reporting on PRs

### _Why are the changes needed?_

Update codecov token to fix stale code coverage action

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

no

Closes #5501 from yaooqinn/token.

Closes #5501

1f4053231 [Kent Yao] java-17
fcd8391e7 [Kent Yao] java-17
5ccead77d [Kent Yao] upgrade jacoco
5cb4a8374 [Kent Yao] Revert "rm"
45d7a2134 [Kent Yao] rm
0a3dd2f42 [Kent Yao] Update codecov token

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .github/workflows/master.yml |  2 +-
 codecov.yml                  |  9 +++++-
 dev/kyuubi-codecov/pom.xml   | 12 ++++++++
 pom.xml                      | 57 +++++++++++++++++++++++-------------
 4 files changed, 57 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 1819c4850..74c53ab08 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -108,7 +108,7 @@ jobs:
         run: |
           TEST_MODULES="dev/kyuubi-codecov"
           ./build/mvn clean install ${MVN_OPT} -pl ${TEST_MODULES} -am \
-          -Pspark-${{ matrix.spark }} -Pspark-authz-hudi-test ${{ matrix.spark-archive }} ${{ matrix.exclude-tags }}
+          -Pjava-${{ matrix.java }} -Pspark-${{ matrix.spark }} -Pspark-authz-hudi-test ${{ matrix.spark-archive }} ${{ matrix.exclude-tags }}
       - name: Code coverage
         if: |
           matrix.java == 8 &&
diff --git a/codecov.yml b/codecov.yml
index 6267ea380..1be776f58 100644
--- a/codecov.yml
+++ b/codecov.yml
@@ -16,4 +16,11 @@
 #
 
 codecov:
-  token: b624e642-b0c8-4d45-94a1-a370888435bb
+  token: 5115fd3e-2ef2-40ed-b012-376a2afdc382
+
+coverage:
+  status:
+    project:
+      default:
+        target: auto # auto compares coverage to the previous base commit
+        threshold: 2% #this allows a 2% drop from the previous base commit coverage
diff --git a/dev/kyuubi-codecov/pom.xml b/dev/kyuubi-codecov/pom.xml
index a5ec582f9..0f22c3316 100644
--- a/dev/kyuubi-codecov/pom.xml
+++ b/dev/kyuubi-codecov/pom.xml
@@ -31,6 +31,18 @@
     <url>https://kyuubi.apache.org/</url>
 
     <dependencies>
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kyuubi</groupId>
+            <artifactId>kyuubi-util-scala_${scala.binary.version}</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.kyuubi</groupId>
             <artifactId>kyuubi-common_${scala.binary.version}</artifactId>
diff --git a/pom.xml b/pom.xml
index f6f698bcb..75bfd8650 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,7 +243,9 @@
         <maven.plugin.scalatest.include.tags></maven.plugin.scalatest.include.tags>
         <maven.plugin.scalatest.debug.enabled>false</maven.plugin.scalatest.debug.enabled>
         <maven.plugin.spotless.version>2.30.0</maven.plugin.spotless.version>
-        <maven.plugin.jacoco.version>0.8.7</maven.plugin.jacoco.version>
+        <maven.plugin.surefire.version>3.2.1</maven.plugin.surefire.version>
+        <maven.plugin.surefire.argLine></maven.plugin.surefire.argLine>
+        <maven.plugin.jacoco.version>0.8.11</maven.plugin.jacoco.version>
         <maven.plugin.scalastyle.version>1.0.0</maven.plugin.scalastyle.version>
         <maven.plugin.shade.version>3.4.1</maven.plugin.shade.version>
         <maven.plugin.silencer.version>1.7.13</maven.plugin.silencer.version>
@@ -273,24 +275,6 @@
         <distMgmtSnapshotsName>Apache Development Snapshot Repository</distMgmtSnapshotsName>
         <distMgmtSnapshotsUrl>https://repository.apache.org/content/repositories/snapshots</distMgmtSnapshotsUrl>
 
-        <extraJavaTestArgs>-XX:+IgnoreUnrecognizedVMOptions
-            --add-opens=java.base/java.lang=ALL-UNNAMED
-            --add-opens=java.base/java.lang.invoke=ALL-UNNAMED
-            --add-opens=java.base/java.lang.reflect=ALL-UNNAMED
-            --add-opens=java.base/java.io=ALL-UNNAMED
-            --add-opens=java.base/java.net=ALL-UNNAMED
-            --add-opens=java.base/java.nio=ALL-UNNAMED
-            --add-opens=java.base/java.util=ALL-UNNAMED
-            --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
-            --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED
-            --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
-            --add-opens=java.base/sun.nio.cs=ALL-UNNAMED
-            --add-opens=java.base/sun.security.action=ALL-UNNAMED
-            --add-opens=java.base/sun.security.tools.keytool=ALL-UNNAMED
-            --add-opens=java.base/sun.security.x509=ALL-UNNAMED
-            --add-opens=java.base/sun.util.calendar=ALL-UNNAMED
-            -Djdk.reflect.useDirectMethodHandle=false
-            -Dio.netty.tryReflectionSetAccessible=true</extraJavaTestArgs>
         <debugArgLine>-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005</debugArgLine>
     </properties>
 
@@ -1697,7 +1681,7 @@
                     <configuration>
                         <skipTests>true</skipTests>
                         <failIfNoSpecifiedTests>false</failIfNoSpecifiedTests>
-                        <argLine>${extraJavaTestArgs}</argLine>
+                        <argLine>${maven.plugin.surefire.argLine}</argLine>
                     </configuration>
                 </plugin>
                 <!-- enable scalatest -->
@@ -1709,7 +1693,7 @@
                         <reportsDirectory>${project.build.directory}/surefire-reports</reportsDirectory>
                         <junitxml>.</junitxml>
                         <filereports>TestSuite.txt</filereports>
-                        <argLine>${extraJavaTestArgs}</argLine>
+                        <argLine>${maven.plugin.surefire.argLine}</argLine>
                         <environmentVariables>
                             <KYUUBI_WORK_DIR_ROOT>${project.build.directory}/work</KYUUBI_WORK_DIR_ROOT>
                         </environmentVariables>
@@ -2135,6 +2119,37 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>java-17</id>
+            <activation>
+                <jdk>17</jdk>
+            </activation>
+            <properties>
+                <java.version>17</java.version>
+                <maven.compiler.source></maven.compiler.source>
+                <maven.compiler.target></maven.compiler.target>
+                <maven.compiler.release>${java.version}</maven.compiler.release>
+                <maven.plugin.surefire.argLine>-XX:+IgnoreUnrecognizedVMOptions
+                    --add-opens=java.base/java.lang=ALL-UNNAMED
+                    --add-opens=java.base/java.lang.invoke=ALL-UNNAMED
+                    --add-opens=java.base/java.lang.reflect=ALL-UNNAMED
+                    --add-opens=java.base/java.io=ALL-UNNAMED
+                    --add-opens=java.base/java.net=ALL-UNNAMED
+                    --add-opens=java.base/java.nio=ALL-UNNAMED
+                    --add-opens=java.base/java.util=ALL-UNNAMED
+                    --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
+                    --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED
+                    --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
+                    --add-opens=java.base/sun.nio.cs=ALL-UNNAMED
+                    --add-opens=java.base/sun.security.action=ALL-UNNAMED
+                    --add-opens=java.base/sun.security.tools.keytool=ALL-UNNAMED
+                    --add-opens=java.base/sun.security.x509=ALL-UNNAMED
+                    --add-opens=java.base/sun.util.calendar=ALL-UNNAMED
+                    -Djdk.reflect.useDirectMethodHandle=false
+                    -Dio.netty.tryReflectionSetAccessible=true</maven.plugin.surefire.argLine>
+            </properties>
+        </profile>
+
         <!-- For development only, not generally applicable for all modules -->
         <profile>
             <id>scala-2.13</id>

From 4ade148061eef05fcf63f6b597ca3ed85682c920 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Thu, 26 Oct 2023 21:43:20 +0800
Subject: [PATCH 732/760] [KYUUBI #5506] [AUTHZ][MINOR] Reuse loaded table
 extractor in Hudi table extractors

### _Why are the changes needed?_

- Reuse loaded table extractor by using `lookupExtractor` in Hudi table extractors

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5506 from bowenliang123/authz-reuse-ext.

Closes #5506

552f1d504 [Bowen Liang] reuse loaded table extractor in hudi table extractors

Authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../kyuubi/plugin/spark/authz/serde/tableExtractors.scala | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
index 2c212cc5c..a54b58c33 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala
@@ -249,10 +249,10 @@ class HudiDataSourceV2RelationTableExtractor extends TableExtractor {
     invokeAs[LogicalPlan](v1, "table") match {
       // Match multipartIdentifier with tableAlias
       case SubqueryAlias(_, SubqueryAlias(identifier, _)) =>
-        new StringTableExtractor().apply(spark, identifier.toString())
+        lookupExtractor[StringTableExtractor].apply(spark, identifier.toString())
       // Match multipartIdentifier without tableAlias
       case SubqueryAlias(identifier, _) =>
-        new StringTableExtractor().apply(spark, identifier.toString())
+        lookupExtractor[StringTableExtractor].apply(spark, identifier.toString())
     }
   }
 }
@@ -262,10 +262,10 @@ class HudiMergeIntoTargetTableExtractor extends TableExtractor {
     invokeAs[LogicalPlan](v1, "targetTable") match {
       // Match multipartIdentifier with tableAlias
       case SubqueryAlias(_, SubqueryAlias(identifier, relation)) =>
-        new StringTableExtractor().apply(spark, identifier.toString())
+        lookupExtractor[StringTableExtractor].apply(spark, identifier.toString())
       // Match multipartIdentifier without tableAlias
       case SubqueryAlias(identifier, _) =>
-        new StringTableExtractor().apply(spark, identifier.toString())
+        lookupExtractor[StringTableExtractor].apply(spark, identifier.toString())
     }
   }
 }

From 5b9290a9141781f5c723722a76284cfb2028be0b Mon Sep 17 00:00:00 2001
From: Kent Yao <yao@apache.org>
Date: Thu, 26 Oct 2023 21:46:54 +0800
Subject: [PATCH 733/760] [KYUUBI #5537] [AuthZ] Order Command Spec by Command
 Class [group, classname]

### _Why are the changes needed?_

Settle Spark vanilla commands, iceberg, hudi in separate groups for code reviewing

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

no

Closes #5537 from yaooqinn/group.

Closes #5537

4f88b6405 [Kent Yao] [AuthZ] Order Command Spec by Command Class [group, classname]

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 .../main/resources/table_command_spec.json    | 184 +++++++++---------
 .../authz/gen/JsonSpecFileGenerator.scala     |  12 +-
 2 files changed, 98 insertions(+), 98 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index ea6e27576..af86ffd1c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -91,20 +91,6 @@
     "fieldName" : "plan",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.plans.logical.Call",
-  "tableDescs" : [ {
-    "fieldName" : "args",
-    "fieldExtractor" : "ExpressionSeqTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : null,
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  } ],
-  "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CommentOnTable",
   "tableDescs" : [ {
@@ -209,24 +195,6 @@
   } ],
   "opType" : "CREATETABLE",
   "queryDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.plans.logical.DeleteFromIcebergTable",
-  "tableDescs" : [ {
-    "fieldName" : "table",
-    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : {
-      "fieldName" : null,
-      "fieldExtractor" : null,
-      "actionType" : "UPDATE"
-    },
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  } ],
-  "opType" : "QUERY",
-  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DeleteFromTable",
   "tableDescs" : [ {
@@ -310,27 +278,6 @@
   } ],
   "opType" : "DROPTABLE",
   "queryDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.plans.logical.MergeIntoIcebergTable",
-  "tableDescs" : [ {
-    "fieldName" : "targetTable",
-    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : {
-      "fieldName" : null,
-      "fieldExtractor" : null,
-      "actionType" : "UPDATE"
-    },
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  } ],
-  "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "sourceTable",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.MergeIntoTable",
   "tableDescs" : [ {
@@ -614,45 +561,6 @@
   } ],
   "opType" : "TRUNCATETABLE",
   "queryDescs" : [ ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.plans.logical.UnresolvedMergeIntoIcebergTable",
-  "tableDescs" : [ {
-    "fieldName" : "targetTable",
-    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : {
-      "fieldName" : null,
-      "fieldExtractor" : null,
-      "actionType" : "UPDATE"
-    },
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  } ],
-  "opType" : "QUERY",
-  "queryDescs" : [ {
-    "fieldName" : "sourceTable",
-    "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
-}, {
-  "classname" : "org.apache.spark.sql.catalyst.plans.logical.UpdateIcebergTable",
-  "tableDescs" : [ {
-    "fieldName" : "table",
-    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : {
-      "fieldName" : null,
-      "fieldExtractor" : null,
-      "actionType" : "UPDATE"
-    },
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : false,
-    "setCurrentDatabaseIfMissing" : false
-  } ],
-  "opType" : "QUERY",
-  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.UpdateTable",
   "tableDescs" : [ {
@@ -1418,6 +1326,98 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.Call",
+  "tableDescs" : [ {
+    "fieldName" : "args",
+    "fieldExtractor" : "ExpressionSeqTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_PROPERTIES",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.DeleteFromIcebergTable",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.MergeIntoIcebergTable",
+  "tableDescs" : [ {
+    "fieldName" : "targetTable",
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "sourceTable",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.UnresolvedMergeIntoIcebergTable",
+  "tableDescs" : [ {
+    "fieldName" : "targetTable",
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ {
+    "fieldName" : "sourceTable",
+    "fieldExtractor" : "LogicalPlanQueryExtractor"
+  } ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.UpdateIcebergTable",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "DataSourceV2RelationTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : {
+      "fieldName" : null,
+      "fieldExtractor" : null,
+      "actionType" : "UPDATE"
+    },
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "QUERY",
+  "queryDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableAddColumnsCommand",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index 1b2d330d1..007850f68 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -42,22 +42,22 @@ import org.apache.kyuubi.util.AssertionUtils._
 class JsonSpecFileGenerator extends AnyFunSuite {
   // scalastyle:on
   test("check spec json files") {
-    writeCommandSpecJson("database", DatabaseCommands.data)
-    writeCommandSpecJson("table", TableCommands.data ++ IcebergCommands.data ++ HudiCommands.data)
-    writeCommandSpecJson("function", FunctionCommands.data)
-    writeCommandSpecJson("scan", Scans.data)
+    writeCommandSpecJson("database", Seq(DatabaseCommands.data))
+    writeCommandSpecJson("table", Seq(TableCommands.data, IcebergCommands.data, HudiCommands.data))
+    writeCommandSpecJson("function", Seq(FunctionCommands.data))
+    writeCommandSpecJson("scan", Seq(Scans.data))
   }
 
   def writeCommandSpecJson[T <: CommandSpec](
       commandType: String,
-      specArr: Array[T]): Unit = {
+      specArr: Seq[Array[T]]): Unit = {
     val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
       .split("target").head
     val filename = s"${commandType}_command_spec.json"
     val filePath = Paths.get(pluginHome, "src", "main", "resources", filename)
 
     val generatedStr = mapper.writerWithDefaultPrettyPrinter()
-      .writeValueAsString(specArr.sortBy(_.classname))
+      .writeValueAsString(specArr.flatMap(_.sortBy(_.classname)))
 
     if (sys.env.get("KYUUBI_UPDATE").contains("1")) {
       // scalastyle:off println

From 3fefc7d487ae9dce5a4fb802ff10d8fe2271b76b Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Fri, 27 Oct 2023 10:03:50 +0800
Subject: [PATCH 734/760] [KYUUBI #5472][AUTHZ][FOLLOWUP] Check permanent view
 also need support merge projection

### _Why are the changes needed?_
To close #5472 .
Check permanent view also need support merge projection

For case `SELECT count(id) FROM $db1.$view1 WHERE id > 10` we only need to check `id`, before this pr, we need to check `id`, `scope`.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5542 from AngersZhuuuu/KYUUBI-5472-FOLLOWUP.

Closes #5472

fd63c5ab2 [Bowen Liang] Update extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
41e487c95 [Angerszhuuuu] Update extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
4f688c4c1 [Angerszhuuuu] Update PrivilegesBuilder.scala
cb9322ce3 [Angerszhuuuu] [KYUUBI #5472][AUTHZ][FOLLOWUP] Check permanent view also need support merge projection

Lead-authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/authz/PrivilegesBuilder.scala       | 17 ++++--
 .../ranger/RuleApplyPermanentViewMarker.scala |  3 +-
 .../authz/util/PermanentViewMarker.scala      |  3 +-
 .../ranger/RangerSparkExtensionSuite.scala    | 59 +++++++++++--------
 4 files changed, 50 insertions(+), 32 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index a0ed5fb6a..0d4b53a5c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -63,9 +63,19 @@ object PrivilegesBuilder {
       conditionList: Seq[NamedExpression] = Nil,
       spark: SparkSession): Unit = {
 
+    def getOutputColumnNames(plan: LogicalPlan): Seq[String] = {
+      plan match {
+        case pvm: PermanentViewMarker
+            if pvm.isSubqueryExpressionPlaceHolder || pvm.output.isEmpty =>
+          pvm.visitColNames
+        case _ =>
+          plan.output.map(_.name)
+      }
+    }
+
     def mergeProjection(table: Table, plan: LogicalPlan): Unit = {
       if (projectionList.isEmpty) {
-        privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+        privilegeObjects += PrivilegeObject(table, getOutputColumnNames(plan))
       } else {
         val cols = (projectionList ++ conditionList).flatMap(collectLeaves)
           .filter(plan.outputSet.contains).map(_.name).distinct
@@ -103,11 +113,6 @@ object PrivilegesBuilder {
         val cols = conditionList ++ aggCols
         buildQuery(a.child, privilegeObjects, projectionList, cols, spark)
 
-      case pvm: PermanentViewMarker =>
-        getScanSpec(pvm).tables(pvm, spark).foreach { table =>
-          privilegeObjects += PrivilegeObject(table, pvm.visitColNames)
-        }
-
       case scan if isKnownScan(scan) && scan.resolved =>
         getScanSpec(scan).tables(scan, spark).foreach(mergeProjection(_, scan))
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
index 909cd9e93..f12088f5f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
@@ -43,7 +43,8 @@ class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
               PermanentViewMarker(
                 subquery.plan,
                 permanentView.desc,
-                permanentView.output.map(_.name)))
+                permanentView.output.map(_.name),
+                true))
         }
         PermanentViewMarker(
           resolvedSubquery,
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
index d19f7a923..e997e46f8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
@@ -24,7 +24,8 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 case class PermanentViewMarker(
     child: LogicalPlan,
     catalogTable: CatalogTable,
-    visitColNames: Seq[String]) extends UnaryNode
+    visitColNames: Seq[String],
+    isSubqueryExpressionPlaceHolder: Boolean = false) extends UnaryNode
   with WithInternalChild {
 
   override def output: Seq[Attribute] = child.output
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index c2e886f02..07c8efeda 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -913,31 +913,42 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
                |CREATE VIEW $db1.$view2
                |AS
                |SELECT count(*) as cnt, sum(id) as sum_id FROM $db1.$table1
-            """.stripMargin))
-        val e1 = intercept[AccessControlException](
-          doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))
-        assert(e1.getMessage.contains(
-          s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/scope]"))
+              """.stripMargin))
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))(
+          s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/scope]")
 
-        val e2 = intercept[AccessControlException](
-          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))
-        assert(e2.getMessage.contains(
-          s"does not have [select] privilege on [$db1/$view1/id,$db1/$view1/scope]"))
-
-        val e3 = intercept[AccessControlException](
-          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2").show()))
-        assert(e3.getMessage.contains(
-          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
-
-        val e4 = intercept[AccessControlException](
-          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2 WHERE cnt > 10").show()))
-        assert(e4.getMessage.contains(
-          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
-
-        val e5 = intercept[AccessControlException](
-          doAs(someone, sql(s"SELECT count(cnt) FROM $db1.$view2 WHERE cnt > 10").show()))
-        assert(e5.getMessage.contains(
-          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))(
+          s"does not have [select] privilege on [$db1/$view1/id,$db1/$view1/scope]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2").show()))(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(id) FROM $db1.$table1 WHERE id > 10").show()))(
+          s"does not have [select] privilege on [$db1/$table1/id]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(id) FROM $db1.$view1 WHERE id > 10").show()))(
+          s"does not have [select] privilege on [$db1/$view1/id]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(sum_id) FROM $db1.$view2 WHERE sum_id > 10").show()))(
+          s"does not have [select] privilege on [$db1/$view2/sum_id]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(scope) FROM $db1.$table1 WHERE id > 10").show()))(
+          s"does not have [select] privilege on [$db1/$table1/scope,$db1/$table1/id]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(scope) FROM $db1.$view1 WHERE id > 10").show()))(
+          s"does not have [select] privilege on [$db1/$view1/scope,$db1/$view1/id]")
+
+        interceptContains[AccessControlException](
+          doAs(someone, sql(s"SELECT count(cnt) FROM $db1.$view2 WHERE sum_id > 10").show()))(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]")
       }
     }
   }

From de5a68189be7ca2d432b64facb1c18e092700ed5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 27 Oct 2023 10:07:38 +0800
Subject: [PATCH 735/760] [KYUUBI #5483] Fix deploy command for Scala 2.13
 TPC-DS/H connectors

### _Why are the changes needed?_

As title, it fixes the command issue identified during the preparation of 1.8.0-rc0.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5536 from pan3793/5483-followup.

Closes #5483

b508b201b [Cheng Pan] [KYUUBI #5483] Fix deploy command for Scala 2.13 TPC-DS/H connectors

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build/release/release.sh b/build/release/release.sh
index 047513dc5..576cee266 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -124,12 +124,12 @@ upload_nexus_staging() {
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-3 -am
 
-  # Spark TPC-DS/TPC-H Connector build with default Spark version (3.4) and Scala 2.13
-  ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4 \
+  # Spark TPC-DS/TPC-H Connector built with default Spark version (3.4) and Scala 2.13
+  ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4,scala-2.13 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
-    -pl extensions/spark/kyuubi-connector-tpcds,extensions/spark/kyuubi-connector-tpch
+    -pl extensions/spark/kyuubi-spark-connector-tpcds,extensions/spark/kyuubi-spark-connector-tpch -am
 
-  # All modules including Spark Extension Plugin and Connectors build with default Spark version (3.4) and default Scala version (2.12)
+  # All modules including Spark Extension Plugin and Connectors built with default Spark version (3.4) and default Scala version (2.12)
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml"
 }

From 5c2abb8defbdb4b84e7d095b57a43d4aa3e45f7f Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Fri, 27 Oct 2023 10:46:18 +0800
Subject: [PATCH 736/760] [KYUUBI #5544] Release contains Spark 3.5 extension

### _Why are the changes needed?_

As we already added support for Spark 3.5, we should publish it to Maven Central in 1.8.0

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5544 from pan3793/sext-3.5.

Closes #5544

5d835f511 [Cheng Pan] Release contains Spark 3.5 extension

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 build/release/release.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/build/release/release.sh b/build/release/release.sh
index 576cee266..49fef9f8b 100755
--- a/build/release/release.sh
+++ b/build/release/release.sh
@@ -124,6 +124,11 @@ upload_nexus_staging() {
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
     -pl extensions/spark/kyuubi-extension-spark-3-3 -am
 
+  # Spark Extension Plugin for Spark 3.5
+  ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.5 \
+    -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \
+    -pl extensions/spark/kyuubi-extension-spark-3-5 -am
+
   # Spark TPC-DS/TPC-H Connector built with default Spark version (3.4) and Scala 2.13
   ${KYUUBI_DIR}/build/mvn clean deploy -DskipTests -Papache-release,flink-provided,spark-provided,hive-provided,spark-3.4,scala-2.13 \
     -s "${KYUUBI_DIR}/build/release/asf-settings.xml" \

From 30a127a1baf69f0b05063042b05f28e457c7fad1 Mon Sep 17 00:00:00 2001
From: lawulu <biangjuang@gmail.com>
Date: Fri, 27 Oct 2023 10:48:22 +0800
Subject: [PATCH 737/760] [KYUUBI #5412] Resolve the relative zk configuration
 dir based on KYUUBI_HOME

### _Why are the changes needed?_
Both   the default  value of `kyuubi.zookeeper.embedded.data.log.dir` and `kyuubi.zookeeper.embedded.data.dir` are `embedded_zookeeper`. It is used based on the current dir.
If the configuration dir is a relative path , it is resolved relative to `KYUUBI_HOME`.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5412 from biangjuang/master.

Closes #5412

17e502c03 [Cheng Pan] Update kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
e0aa01c82 [Cheng Pan] Update kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
bb6af93df [Cheng Pan] Update docs/deployment/migration-guide.md
53bd61bc3 [lawulu] Resolve the relative zk configuration dir based on KYUUBI_HOME

Lead-authored-by: lawulu <biangjuang@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/configuration/settings.md                | 26 +++++++++----------
 docs/deployment/migration-guide.md            |  4 ++-
 .../kyuubi/zookeeper/EmbeddedZookeeper.scala  | 14 +++++++---
 .../kyuubi/zookeeper/ZookeeperConf.scala      |  9 ++++---
 .../zookeeper/EmbeddedZookeeperSuite.scala    | 15 ++++++++++-
 5 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 66fa45578..1bf1230e1 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -470,19 +470,19 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 ### Zookeeper
 
-|                       Key                        |      Default       |                                                                                 Meaning                                                                                  |  Type   | Since |
-|--------------------------------------------------|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|-------|
-| kyuubi.zookeeper.embedded.client.port            | 2181               | clientPort for the embedded ZooKeeper server to listen for client connections, a client here could be Kyuubi server, engine, and JDBC client                             | int     | 1.2.0 |
-| kyuubi.zookeeper.embedded.client.port.address    | &lt;undefined&gt;  | clientPortAddress for the embedded ZooKeeper server to                                                                                                                   | string  | 1.2.0 |
-| kyuubi.zookeeper.embedded.client.use.hostname    | false              | When true, embedded Zookeeper prefer to bind hostname, otherwise, ip address.                                                                                            | boolean | 1.7.2 |
-| kyuubi.zookeeper.embedded.data.dir               | embedded_zookeeper | dataDir for the embedded zookeeper server where stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database. | string  | 1.2.0 |
-| kyuubi.zookeeper.embedded.data.log.dir           | embedded_zookeeper | dataLogDir for the embedded ZooKeeper server where writes the transaction log .                                                                                          | string  | 1.2.0 |
-| kyuubi.zookeeper.embedded.directory              | embedded_zookeeper | The temporary directory for the embedded ZooKeeper server                                                                                                                | string  | 1.0.0 |
-| kyuubi.zookeeper.embedded.max.client.connections | 120                | maxClientCnxns for the embedded ZooKeeper server to limit the number of concurrent connections of a single client identified by IP address                               | int     | 1.2.0 |
-| kyuubi.zookeeper.embedded.max.session.timeout    | 60000              | maxSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 20 times the tickTime                                | int     | 1.2.0 |
-| kyuubi.zookeeper.embedded.min.session.timeout    | 6000               | minSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 2 times the tickTime                                 | int     | 1.2.0 |
-| kyuubi.zookeeper.embedded.port                   | 2181               | The port of the embedded ZooKeeper server                                                                                                                                | int     | 1.0.0 |
-| kyuubi.zookeeper.embedded.tick.time              | 3000               | tickTime in milliseconds for the embedded ZooKeeper server                                                                                                               | int     | 1.2.0 |
+|                       Key                        |      Default       |                                                                                                                  Meaning                                                                                                                   |  Type   | Since |
+|--------------------------------------------------|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|-------|
+| kyuubi.zookeeper.embedded.client.port            | 2181               | clientPort for the embedded ZooKeeper server to listen for client connections, a client here could be Kyuubi server, engine, and JDBC client                                                                                               | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.client.port.address    | &lt;undefined&gt;  | clientPortAddress for the embedded ZooKeeper server to                                                                                                                                                                                     | string  | 1.2.0 |
+| kyuubi.zookeeper.embedded.client.use.hostname    | false              | When true, embedded Zookeeper prefer to bind hostname, otherwise, ip address.                                                                                                                                                              | boolean | 1.7.2 |
+| kyuubi.zookeeper.embedded.data.dir               | embedded_zookeeper | dataDir for the embedded zookeeper server where stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database. If it is a relative path, it is resolved relative to KYUUBI_HOME. | string  | 1.2.0 |
+| kyuubi.zookeeper.embedded.data.log.dir           | embedded_zookeeper | dataLogDir for the embedded ZooKeeper server where writes the transaction log. If it is a relative path, it is resolved relative to KYUUBI_HOME.                                                                                           | string  | 1.2.0 |
+| kyuubi.zookeeper.embedded.directory              | embedded_zookeeper | The temporary directory for the embedded ZooKeeper server. If it is a relative path, it is resolved relative to KYUUBI_HOME.                                                                                                               | string  | 1.0.0 |
+| kyuubi.zookeeper.embedded.max.client.connections | 120                | maxClientCnxns for the embedded ZooKeeper server to limit the number of concurrent connections of a single client identified by IP address                                                                                                 | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.max.session.timeout    | 60000              | maxSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 20 times the tickTime                                                                                                  | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.min.session.timeout    | 6000               | minSessionTimeout in milliseconds for the embedded ZooKeeper server will allow the client to negotiate. Defaults to 2 times the tickTime                                                                                                   | int     | 1.2.0 |
+| kyuubi.zookeeper.embedded.port                   | 2181               | The port of the embedded ZooKeeper server                                                                                                                                                                                                  | int     | 1.0.0 |
+| kyuubi.zookeeper.embedded.tick.time              | 3000               | tickTime in milliseconds for the embedded ZooKeeper server                                                                                                                                                                                 | int     | 1.2.0 |
 
 ## Spark Configurations
 
diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index 58df0fcc6..0430e8cff 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -23,7 +23,9 @@
   Both Derby and SQLite are mainly for testing purposes, and they're not supposed to be used in production.
   To restore previous behavior, set `kyuubi.metadata.store.jdbc.database.type=DERBY` and
   `kyuubi.metadata.store.jdbc.url=jdbc:derby:memory:kyuubi_state_store_db;create=true`.
-
+* Since Kyuubi 1.8, if the directory of the embedded zookeeper configuration (`kyuubi.zookeeper.embedded.directory`
+  & `kyuubi.zookeeper.embedded.data.dir` & `kyuubi.zookeeper.embedded.data.log.dir`) is a relative path, it is resolved
+  relative to `$KYUUBI_HOME` instead of `$PWD`.
 * Since Kyuubi 1.8, PROMETHEUS is changed as the default metrics reporter. To restore previous behavior,
   set `kyuubi.metrics.reporters=JSON`.
 
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
index 17caffedf..1592d9063 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeper.scala
@@ -19,9 +19,10 @@ package org.apache.kyuubi.zookeeper
 
 import java.io.File
 import java.net.InetSocketAddress
+import java.nio.file.Paths
 
 import org.apache.kyuubi.Utils._
-import org.apache.kyuubi.config.KyuubiConf
+import org.apache.kyuubi.config.{ConfigEntry, KyuubiConf}
 import org.apache.kyuubi.service.{AbstractService, ServiceState}
 import org.apache.kyuubi.shaded.zookeeper.server.{NIOServerCnxnFactory, ZooKeeperServer}
 import org.apache.kyuubi.zookeeper.ZookeeperConf._
@@ -37,8 +38,9 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
   private var host: String = _
 
   override def initialize(conf: KyuubiConf): Unit = synchronized {
-    dataDirectory = new File(conf.get(ZK_DATA_DIR))
-    dataLogDirectory = new File(conf.get(ZK_DATA_LOG_DIR))
+    dataDirectory = resolvePathIfRelative(conf, ZK_DATA_DIR)
+    dataLogDirectory = resolvePathIfRelative(conf, ZK_DATA_LOG_DIR)
+
     val clientPort = conf.get(ZK_CLIENT_PORT)
     val tickTime = conf.get(ZK_TICK_TIME)
     val maxClientCnxns = conf.get(ZK_MAX_CLIENT_CONNECTIONS)
@@ -93,4 +95,10 @@ class EmbeddedZookeeper extends AbstractService("EmbeddedZookeeper") {
     assert(zks != null, s"$getName is in $getServiceState")
     s"$host:${serverFactory.getLocalPort}"
   }
+
+  def resolvePathIfRelative(conf: KyuubiConf, configEntry: ConfigEntry[String]): File = {
+    val dirFromConfig = conf.get(configEntry)
+    Paths.get(sys.env.getOrElse(KyuubiConf.KYUUBI_HOME, ".")).resolve(dirFromConfig).toFile
+  }
+
 }
diff --git a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
index 6ef494896..9b0844e69 100644
--- a/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
+++ b/kyuubi-zookeeper/src/main/scala/org/apache/kyuubi/zookeeper/ZookeeperConf.scala
@@ -31,7 +31,8 @@ object ZookeeperConf {
 
   @deprecated("using kyuubi.zookeeper.embedded.data.dir instead", since = "1.2.0")
   val EMBEDDED_ZK_TEMP_DIR: ConfigEntry[String] = buildConf("kyuubi.zookeeper.embedded.directory")
-    .doc("The temporary directory for the embedded ZooKeeper server")
+    .doc("The temporary directory for the embedded ZooKeeper server. " +
+      "If it is a relative path, it is resolved relative to KYUUBI_HOME. ")
     .version("1.0.0")
     .stringConf
     .createWithDefault("embedded_zookeeper")
@@ -58,12 +59,14 @@ object ZookeeperConf {
 
   val ZK_DATA_DIR: ConfigEntry[String] = buildConf("kyuubi.zookeeper.embedded.data.dir")
     .doc("dataDir for the embedded zookeeper server where stores the in-memory database" +
-      " snapshots and, unless specified otherwise, the transaction log of updates to the database.")
+      " snapshots and, unless specified otherwise, the transaction log of updates to the" +
+      " database. If it is a relative path, it is resolved relative to KYUUBI_HOME.")
     .version("1.2.0")
     .fallbackConf(EMBEDDED_ZK_TEMP_DIR)
 
   val ZK_DATA_LOG_DIR: ConfigEntry[String] = buildConf("kyuubi.zookeeper.embedded.data.log.dir")
-    .doc("dataLogDir for the embedded ZooKeeper server where writes the transaction log .")
+    .doc("dataLogDir for the embedded ZooKeeper server where writes the transaction log. " +
+      "If it is a relative path, it is resolved relative to KYUUBI_HOME.")
     .version("1.2.0")
     .fallbackConf(ZK_DATA_DIR)
 
diff --git a/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala b/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala
index 69e798ac5..8e1abda4f 100644
--- a/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala
+++ b/kyuubi-zookeeper/src/test/scala/org/apache/kyuubi/zookeeper/EmbeddedZookeeperSuite.scala
@@ -22,7 +22,7 @@ import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.shaded.curator.framework.CuratorFrameworkFactory
 import org.apache.kyuubi.shaded.curator.framework.imps.CuratorFrameworkState
 import org.apache.kyuubi.shaded.curator.retry.ExponentialBackoffRetry
-import org.apache.kyuubi.zookeeper.ZookeeperConf.{ZK_CLIENT_PORT, ZK_CLIENT_PORT_ADDRESS}
+import org.apache.kyuubi.zookeeper.ZookeeperConf.{ZK_CLIENT_PORT, ZK_CLIENT_PORT_ADDRESS, ZK_DATA_DIR, ZK_DATA_LOG_DIR}
 
 class EmbeddedZookeeperSuite extends KyuubiFunSuite {
   private var zkServer: EmbeddedZookeeper = _
@@ -64,4 +64,17 @@ class EmbeddedZookeeperSuite extends KyuubiFunSuite {
     zkServer.initialize(conf)
     assert(zkServer.getConnectString.contains("127.0.0.1"))
   }
+
+  test("relative path from zookeeper config should be in kyuubi_home") {
+    zkServer = new EmbeddedZookeeper()
+    val conf = KyuubiConf()
+      .set(ZK_CLIENT_PORT, 0)
+      .set(ZK_DATA_LOG_DIR, "embedded_zookeeper_log")
+      .set(ZK_DATA_DIR, "/tmp/embedded_zookeeper_data")
+
+    val dataDir = zkServer.resolvePathIfRelative(conf, ZK_DATA_DIR)
+    val dataLogDir = zkServer.resolvePathIfRelative(conf, ZK_DATA_LOG_DIR)
+    assert(dataDir.getAbsolutePath.equals("/tmp/embedded_zookeeper_data"))
+    assert(dataLogDir.getAbsolutePath.contains("/embedded_zookeeper_log"))
+  }
 }

From 322cb48ff276f97571a14bca2ab69a8228f43172 Mon Sep 17 00:00:00 2001
From: yikaifei <yikaifei@apache.org>
Date: Fri, 27 Oct 2023 11:52:21 +0800
Subject: [PATCH 738/760] [KYUUBI #5496] [AUTHZ] Authz shaded include the
 transitive jackson libs

### _Why are the changes needed?_

As description https://github.com/apache/kyuubi/pull/5427#discussion_r1367907906. This PR aims to:

- Authz shaded include the transitive jackson libs
- Add LICENSE and NOTICE file to exactly match the content of jar
- Add scala-2.13 profile to make authz shade module support scala 2.13

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5496 from Yikf/jackson.

Closes #5496

6f442497c [yikaifei] trigger
8eeec2b21 [yikaifei] trigger
6a3cc0c8d [yikaifei] license
758d834b8 [yikaifei] shade jackson

Authored-by: yikaifei <yikaifei@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/kyuubi-spark-authz-shaded/pom.xml   |  40 +++-
 .../src/main/resources/META-INF/LICENSE       | 225 ++++++++++++++++++
 .../src/main/resources/META-INF/NOTICE        |  12 +
 3 files changed, 267 insertions(+), 10 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/LICENSE
 create mode 100644 extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/NOTICE

diff --git a/extensions/spark/kyuubi-spark-authz-shaded/pom.xml b/extensions/spark/kyuubi-spark-authz-shaded/pom.xml
index b135a1d7c..10edeb1fb 100644
--- a/extensions/spark/kyuubi-spark-authz-shaded/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz-shaded/pom.xml
@@ -93,14 +93,6 @@
                     <groupId>javax.ws.rs</groupId>
                     <artifactId>jsr311-api</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-core-asl</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-mapper-asl</artifactId>
-                </exclusion>
                 <exclusion>
                     <groupId>com.kstruct</groupId>
                     <artifactId>gethostname4j</artifactId>
@@ -246,6 +238,8 @@
                             <include>org.apache.ranger:ranger-plugins-common</include>
                             <include>org.apache.ranger:ranger-plugins-audit</include>
                             <include>org.codehaus.jackson:jackson-jaxrs</include>
+                            <include>org.codehaus.jackson:jackson-core-asl</include>
+                            <include>org.codehaus.jackson:jackson-mapper-asl</include>
                             <include>com.sun.jersey:jersey-client</include>
                             <include>com.sun.jersey:jersey-core</include>
                             <include>com.kstruct:gethostname4j</include>
@@ -259,6 +253,9 @@
                             <excludes>
                                 <exclude>**/*.proto</exclude>
                                 <exclude>META-INF/*.SF</exclude>
+                                <exclude>META-INF/LGPL2.1</exclude>
+                                <exclude>META-INF/AL2.0</exclude>
+                                <exclude>META-INF/ASL2.0</exclude>
                                 <exclude>META-INF/*.DSA</exclude>
                                 <exclude>META-INF/*.RSA</exclude>
                                 <exclude>META-INF/DEPENDENCIES</exclude>
@@ -274,8 +271,8 @@
                     </filters>
                     <relocations>
                         <relocation>
-                            <pattern>org.codehaus.jackson.jaxrs</pattern>
-                            <shadedPattern>${kyuubi.shade.packageName}.org.codehaus.jackson.jaxrs</shadedPattern>
+                            <pattern>org.codehaus.jackson</pattern>
+                            <shadedPattern>${kyuubi.shade.packageName}.org.codehaus.jackson</shadedPattern>
                         </relocation>
                         <relocation>
                             <pattern>com.sun.jersey</pattern>
@@ -314,4 +311,27 @@
             </plugin>
         </plugins>
     </build>
+
+    <profiles>
+        <!-- Add profile here to exclude jna when enable scala-2.13. -->
+        <profile>
+            <id>scala-2.13</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-shade-plugin</artifactId>
+                        <configuration>
+                            <artifactSet>
+                                <excludes>
+                                    <exclude>net.java.dev.jna:jna</exclude>
+                                    <exclude>net.java.dev.jna:jna-platform</exclude>
+                                </excludes>
+                            </artifactSet>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>
diff --git a/extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/LICENSE b/extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/LICENSE
new file mode 100644
index 000000000..1e6d25e88
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/LICENSE
@@ -0,0 +1,225 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+------------------------------------------------------------------------------------
+
+This project bundles some components that are licensed under the
+
+Apache License Version 2.0
+--------------------------
+org.apache.ranger:ranger-plugins-common
+org.apache.ranger:ranger-plugins-audit
+org.codehaus.jackson:jackson-jaxrs
+org.codehaus.jackson:jackson-core-asl
+org.codehaus.jackson:jackson-mapper-asl
+net.java.dev.jna:jna
+net.java.dev.jna:jna-platform
+
+Common Development and Distribution License (CDDL) 1.1
+------------------------------------------------------
+com.sun.jersey:jersey-client
+com.sun.jersey:jersey-core
+
+MIT license
+-----------
+com.kstruct:gethostname4j
diff --git a/extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/NOTICE b/extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/NOTICE
new file mode 100644
index 000000000..9afa0f86d
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz-shaded/src/main/resources/META-INF/NOTICE
@@ -0,0 +1,12 @@
+Apache Kyuubi
+Copyright 2021-2023 The Apache Software Foundation.
+
+This product includes software developed at
+The Apache Software Foundation (https://www.apache.org/).
+
+--------------------------------------------------------------------------------
+
+This binary artifact contains
+
+Apache Ranger
+Copyright 2014-2022 The Apache Software Foundation

From 3e8d80f3dd0bd4678c1e22e10f27afdf4b45488a Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 27 Oct 2023 13:17:51 +0800
Subject: [PATCH 739/760] [KYUUBI #5543] [AUTHZ] Generalize command specs and
 check duplicated class names of command spec

### _Why are the changes needed?_

- Generalizing command specs for the commands of tables (including lakehouse tables), functions, db, scans
- Checking duplicated class names of command spes, to prevent breaking the serde design
- Fix the output message for spec count written to file

Error message when there are duplicated class names in command specs:
<img width="651" alt="image" src="https://github.com/apache/kyuubi/assets/1935105/315aed81-066e-4cfb-a110-89504e0eac0f">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5543 from bowenliang123/authz-command-specs.

Closes #5543

85f1e1bf7 [liangbowen] nit
1d0b8578c [liangbowen] command specs

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../spark/authz/serde/CommandSpec.scala       |  4 ++++
 .../spark/authz/gen/DatabaseCommands.scala    |  4 ++--
 .../spark/authz/gen/FunctionCommands.scala    |  6 +++---
 .../plugin/spark/authz/gen/HudiCommands.scala |  4 ++--
 .../spark/authz/gen/IcebergCommands.scala     |  4 ++--
 .../authz/gen/JsonSpecFileGenerator.scala     | 21 ++++++++++++-------
 .../kyuubi/plugin/spark/authz/gen/Scans.scala |  4 ++--
 .../spark/authz/gen/TableCommands.scala       |  4 ++--
 8 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
index 32ad30e21..22bf07bfa 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
@@ -43,6 +43,10 @@ trait CommandSpec extends {
   final def operationType: OperationType = OperationType.withName(opType)
 }
 
+trait CommandSpecs[T <: CommandSpec] {
+  def specs: Seq[T]
+}
+
 /**
  * A specification describe a database command
  *
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala
index a61c142ed..4436d9566 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DatabaseCommands.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.plugin.spark.authz.gen
 import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
-object DatabaseCommands {
+object DatabaseCommands extends CommandSpecs[DatabaseCommandSpec] {
 
   val AlterDatabaseProperties = {
     DatabaseCommandSpec(
@@ -141,7 +141,7 @@ object DatabaseCommands {
     DatabaseCommandSpec(cmd, Seq(databaseDesc), DESCDATABASE)
   }
 
-  val data: Array[DatabaseCommandSpec] = Array(
+  override def specs: Seq[DatabaseCommandSpec] = Seq(
     AlterDatabaseProperties,
     AlterDatabaseProperties.copy(
       classname = "org.apache.spark.sql.execution.command.AlterDatabaseSetLocationCommand",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala
index 1822e80fc..d5c849dd6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/FunctionCommands.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType.{SYSTEM, TEMP}
 
-object FunctionCommands {
+object FunctionCommands extends CommandSpecs[FunctionCommandSpec] {
 
   val CreateFunction = {
     val cmd = "org.apache.spark.sql.execution.command.CreateFunctionCommand"
@@ -83,9 +83,9 @@ object FunctionCommands {
     FunctionCommandSpec(cmd, Seq(functionDesc), RELOADFUNCTION)
   }
 
-  val data: Array[FunctionCommandSpec] = Array(
+  override def specs: Seq[FunctionCommandSpec] = Seq(
     CreateFunction,
     DropFunction,
     DescribeFunction,
-    RefreshFunction).sortBy(_.classname)
+    RefreshFunction)
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 9b843b1f6..9d80ee0f4 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -22,7 +22,7 @@ import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.serde.TableType._
 
-object HudiCommands {
+object HudiCommands extends CommandSpecs[TableCommandSpec] {
   val AlterHoodieTableAddColumnsCommand = {
     val cmd = "org.apache.spark.sql.hudi.command.AlterHoodieTableAddColumnsCommand"
     val columnDesc = ColumnDesc("colsToAdd", classOf[StructFieldSeqColumnExtractor])
@@ -242,7 +242,7 @@ object HudiCommands {
           setCurrentDatabaseIfMissing = true)))
   }
 
-  val data: Array[TableCommandSpec] = Array(
+  override def specs: Seq[TableCommandSpec] = Seq(
     AlterHoodieTableAddColumnsCommand,
     AlterHoodieTableChangeColumnCommand,
     AlterHoodieTableDropPartitionCommand,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
index fb195b455..59f8eb7a6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/IcebergCommands.scala
@@ -21,7 +21,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
-object IcebergCommands {
+object IcebergCommands extends CommandSpecs[TableCommandSpec] {
 
   val DeleteFromIcebergTable = {
     val cmd = "org.apache.spark.sql.catalyst.plans.logical.DeleteFromIcebergTable"
@@ -56,7 +56,7 @@ object IcebergCommands {
     TableCommandSpec(cmd, Seq(td), opType = OperationType.ALTERTABLE_PROPERTIES)
   }
 
-  val data: Array[TableCommandSpec] = Array(
+  override def specs: Seq[TableCommandSpec] = Seq(
     CallProcedure,
     DeleteFromIcebergTable,
     UpdateIcebergTable,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index 007850f68..07a8e2852 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -24,6 +24,7 @@ import java.nio.file.{Files, Paths, StandardOpenOption}
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.serde.{mapper, CommandSpec}
+import org.apache.kyuubi.plugin.spark.authz.serde.CommandSpecs
 import org.apache.kyuubi.util.AssertionUtils._
 
 /**
@@ -42,26 +43,30 @@ import org.apache.kyuubi.util.AssertionUtils._
 class JsonSpecFileGenerator extends AnyFunSuite {
   // scalastyle:on
   test("check spec json files") {
-    writeCommandSpecJson("database", Seq(DatabaseCommands.data))
-    writeCommandSpecJson("table", Seq(TableCommands.data, IcebergCommands.data, HudiCommands.data))
-    writeCommandSpecJson("function", Seq(FunctionCommands.data))
-    writeCommandSpecJson("scan", Seq(Scans.data))
+    writeCommandSpecJson("database", Seq(DatabaseCommands))
+    writeCommandSpecJson("table", Seq(TableCommands, IcebergCommands, HudiCommands))
+    writeCommandSpecJson("function", Seq(FunctionCommands))
+    writeCommandSpecJson("scan", Seq(Scans))
   }
 
   def writeCommandSpecJson[T <: CommandSpec](
       commandType: String,
-      specArr: Seq[Array[T]]): Unit = {
+      specsArr: Seq[CommandSpecs[T]]): Unit = {
     val pluginHome = getClass.getProtectionDomain.getCodeSource.getLocation.getPath
       .split("target").head
     val filename = s"${commandType}_command_spec.json"
     val filePath = Paths.get(pluginHome, "src", "main", "resources", filename)
 
-    val generatedStr = mapper.writerWithDefaultPrettyPrinter()
-      .writeValueAsString(specArr.flatMap(_.sortBy(_.classname)))
+    val allSpecs = specsArr.flatMap(_.specs.sortBy(_.classname))
+    val duplicatedClassnames = allSpecs.groupBy(_.classname).values
+      .filter(_.size > 1).flatMap(specs => specs.map(_.classname)).toSet
+    withClue(s"Unexpected duplicated classnames: $duplicatedClassnames")(
+      assertResult(0)(duplicatedClassnames.size))
+    val generatedStr = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(allSpecs)
 
     if (sys.env.get("KYUUBI_UPDATE").contains("1")) {
       // scalastyle:off println
-      println(s"writing ${specArr.length} specs to $filename")
+      println(s"writing ${allSpecs.length} specs to $filename")
       // scalastyle:on println
       Files.write(
         filePath,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index b2c1868a2..d61e2606d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -20,7 +20,7 @@ package org.apache.kyuubi.plugin.spark.authz.gen
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.serde.FunctionType._
 
-object Scans {
+object Scans extends CommandSpecs[ScanSpec] {
 
   val HiveTableRelation = {
     val r = "org.apache.spark.sql.catalyst.catalog.HiveTableRelation"
@@ -79,7 +79,7 @@ object Scans {
 
   val HiveGenericUDTF = HiveSimpleUDF.copy(classname = "org.apache.spark.sql.hive.HiveGenericUDTF")
 
-  val data: Array[ScanSpec] = Array(
+  override def specs: Seq[ScanSpec] = Seq(
     HiveTableRelation,
     LogicalRelation,
     DataSourceV2Relation,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 9893953af..3abf336cd 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -22,7 +22,7 @@ import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.serde.TableType._
 
-object TableCommands {
+object TableCommands extends CommandSpecs[TableCommandSpec] {
   // table extractors
   val tite = classOf[TableIdentifierTableExtractor]
   val tableNameDesc = TableDesc("tableName", tite)
@@ -594,7 +594,7 @@ object TableCommands {
     TableCommandSpec(cmd, Seq(tableIdentDesc.copy(isInput = true)))
   }
 
-  val data: Array[TableCommandSpec] = Array(
+  override def specs: Seq[TableCommandSpec] = Seq(
     AddPartitions,
     DropPartitions,
     RenamePartitions,

From b99a21658a58139eea9a3f3e7a5e38a2c2695718 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Fri, 27 Oct 2023 13:42:25 +0800
Subject: [PATCH 740/760] [KYUUBI #5455][AUTHZ] Support hudi
 CompactionHoodiePathCommand & CompactionShowHoodiePathCommand

### _Why are the changes needed?_
To close #5455. Kyuubi authz support hudi  CompactionHoodiePathCommand & CompactionShowHoodiePathCommand

- CompactionHoodiePathCommand: https://github.com/apache/hudi/blob/release-0.12.0/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/CompactionHoodiePathCommand.scala
- CompactionShowHoodiePathCommand : https://github.com/apache/hudi/blob/release-0.12.0/hudi-spark-datasource/hudi-spark/src/main/scala/org/apache/spark/sql/hudi/command/CompactionShowHoodiePathCommand.scala

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5527 from AngersZhuuuu/KYUUBi-5455.

Closes #5455

7179e2e54 [Angerszhuuuu] Update PrivilegeObject.scala
a72c9e76f [Angerszhuuuu] Update table_command_spec.json
3dd6bcc14 [Angerszhuuuu] Merge branch 'master' into KYUUBi-5455
b2f41b560 [Angerszhuuuu] done
26477bc33 [Angerszhuuuu] follow comment
bc9c99e3b [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
894c692be [Angerszhuuuu] follow comment
4831ae5d7 [Angerszhuuuu] Delete uri_command_spec.json
674ca2177 [Angerszhuuuu] follow comment
1755b6c23 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
07c69524e [Angerszhuuuu] Revert "Update style.yml"
ce80bec39 [Angerszhuuuu] Update style.yml
5aca29a0a [Angerszhuuuu] Update PrivilegeObject.scala
e70458f30 [Angerszhuuuu] update
0e185b031 [Angerszhuuuu] Update PrivilegesBuilder.scala
3b4c5d899 [Angerszhuuuu] Update HudiCatalogRangerSparkExtensionSuite.scala
60d191a45 [Angerszhuuuu] [KYUUBI #5455][AUTHZ] Support hudi CompactionHoodiePathCommand & CompactionShowHoodiePathCommand

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 ...uubi.plugin.spark.authz.serde.URIExtractor |  18 +
 .../main/resources/table_command_spec.json    | 344 ++++++++++++------
 .../plugin/spark/authz/ObjectType.scala       |   3 +-
 .../plugin/spark/authz/PrivilegeObject.scala  |  18 +-
 .../spark/authz/PrivilegeObjectType.scala     |   2 +-
 .../spark/authz/PrivilegesBuilder.scala       |  17 +
 .../spark/authz/ranger/AccessResource.scala   |  14 +
 .../spark/authz/ranger/AccessType.scala       |   3 +
 .../spark/authz/serde/CommandSpec.scala       |   3 +-
 .../plugin/spark/authz/serde/Descriptor.scala |  18 +
 .../kyuubi/plugin/spark/authz/serde/Uri.scala |  26 ++
 .../plugin/spark/authz/serde/package.scala    |   2 +
 .../spark/authz/serde/pathExtractors.scala    |  35 ++
 .../plugin/spark/authz/gen/HudiCommands.scala |  20 +-
 ...HudiCatalogRangerSparkExtensionSuite.scala |  41 ++-
 15 files changed, 444 insertions(+), 120 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.URIExtractor
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Uri.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/pathExtractors.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.URIExtractor b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.URIExtractor
new file mode 100644
index 000000000..0b77fa26e
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/META-INF/services/org.apache.kyuubi.plugin.spark.authz.serde.URIExtractor
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+org.apache.kyuubi.plugin.spark.authz.serde.StringURIExtractor
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index af86ffd1c..9677e2298 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -11,7 +11,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDCOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.AddPartitions",
   "tableDescs" : [ {
@@ -25,7 +26,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDPARTS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.AlterColumn",
   "tableDescs" : [ {
@@ -39,7 +41,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDCOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.AlterTable",
   "tableDescs" : [ {
@@ -53,7 +56,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.AppendData",
   "tableDescs" : [ {
@@ -74,7 +78,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CacheTable",
   "tableDescs" : [ ],
@@ -82,7 +87,8 @@
   "queryDescs" : [ {
     "fieldName" : "table",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CacheTableAsSelect",
   "tableDescs" : [ ],
@@ -90,7 +96,8 @@
   "queryDescs" : [ {
     "fieldName" : "plan",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CommentOnTable",
   "tableDescs" : [ {
@@ -104,7 +111,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CreateTable",
   "tableDescs" : [ {
@@ -139,7 +147,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CreateTableAsSelect",
   "tableDescs" : [ {
@@ -177,7 +186,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.CreateV2Table",
   "tableDescs" : [ {
@@ -194,7 +204,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DeleteFromTable",
   "tableDescs" : [ {
@@ -212,7 +223,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DescribeRelation",
   "tableDescs" : [ {
@@ -226,7 +238,8 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "DESCTABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropColumns",
   "tableDescs" : [ {
@@ -240,7 +253,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDCOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropPartitions",
   "tableDescs" : [ {
@@ -254,7 +268,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_DROPPARTS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DropTable",
   "tableDescs" : [ {
@@ -277,7 +292,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "DROPTABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.MergeIntoTable",
   "tableDescs" : [ {
@@ -298,7 +314,8 @@
   "queryDescs" : [ {
     "fieldName" : "sourceTable",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.OverwriteByExpression",
   "tableDescs" : [ {
@@ -319,7 +336,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.OverwritePartitionsDynamic",
   "tableDescs" : [ {
@@ -340,7 +358,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.RefreshTable",
   "tableDescs" : [ {
@@ -354,7 +373,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.RenameColumn",
   "tableDescs" : [ {
@@ -368,7 +388,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_RENAMECOL",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.RenamePartitions",
   "tableDescs" : [ {
@@ -382,7 +403,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_RENAMEPART",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.RepairTable",
   "tableDescs" : [ {
@@ -396,7 +418,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "MSCK",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceColumns",
   "tableDescs" : [ {
@@ -410,7 +433,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_REPLACECOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceData",
   "tableDescs" : [ {
@@ -431,7 +455,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceTable",
   "tableDescs" : [ {
@@ -466,7 +491,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ReplaceTableAsSelect",
   "tableDescs" : [ {
@@ -504,7 +530,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ShowCreateTable",
   "tableDescs" : [ {
@@ -518,7 +545,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOW_CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ShowTableProperties",
   "tableDescs" : [ {
@@ -532,7 +560,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOW_TBLPROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.TruncatePartition",
   "tableDescs" : [ {
@@ -546,7 +575,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_DROPPARTS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.TruncateTable",
   "tableDescs" : [ {
@@ -560,7 +590,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "TRUNCATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.UpdateTable",
   "tableDescs" : [ {
@@ -578,7 +609,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableAddColumnsCommand",
   "tableDescs" : [ {
@@ -595,7 +627,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDCOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableAddPartitionCommand",
   "tableDescs" : [ {
@@ -612,7 +645,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDPARTS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableChangeColumnCommand",
   "tableDescs" : [ {
@@ -629,7 +663,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_REPLACECOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableDropPartitionCommand",
   "tableDescs" : [ {
@@ -646,7 +681,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_DROPPARTS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableRecoverPartitionsCommand",
   "tableDescs" : [ {
@@ -660,7 +696,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "MSCK",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableRenameCommand",
   "tableDescs" : [ {
@@ -678,7 +715,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_RENAME",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableRenamePartitionCommand",
   "tableDescs" : [ {
@@ -695,7 +733,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_RENAMEPART",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableSerDePropertiesCommand",
   "tableDescs" : [ {
@@ -712,7 +751,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_SERDEPROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableSetLocationCommand",
   "tableDescs" : [ {
@@ -729,7 +769,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_LOCATION",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableSetPropertiesCommand",
   "tableDescs" : [ {
@@ -743,7 +784,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterTableUnsetPropertiesCommand",
   "tableDescs" : [ {
@@ -757,7 +799,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AlterViewAsCommand",
   "tableDescs" : [ {
@@ -778,7 +821,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AnalyzeColumnCommand",
   "tableDescs" : [ {
@@ -816,7 +860,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AnalyzePartitionCommand",
   "tableDescs" : [ {
@@ -842,7 +887,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.AnalyzeTableCommand",
   "tableDescs" : [ {
@@ -865,7 +911,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CacheTableCommand",
   "tableDescs" : [ ],
@@ -873,7 +920,8 @@
   "queryDescs" : [ {
     "fieldName" : "plan",
     "fieldExtractor" : "LogicalPlanOptionQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CreateDataSourceTableAsSelectCommand",
   "tableDescs" : [ {
@@ -890,7 +938,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CreateDataSourceTableCommand",
   "tableDescs" : [ {
@@ -904,7 +953,8 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CreateTableCommand",
   "tableDescs" : [ {
@@ -918,7 +968,8 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CreateTableLikeCommand",
   "tableDescs" : [ {
@@ -941,7 +992,8 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.CreateViewCommand",
   "tableDescs" : [ {
@@ -965,7 +1017,8 @@
   }, {
     "fieldName" : "child",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.DescribeColumnCommand",
   "tableDescs" : [ {
@@ -982,7 +1035,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "DESCTABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.DescribeTableCommand",
   "tableDescs" : [ {
@@ -999,7 +1053,8 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "DESCTABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.DropTableCommand",
   "tableDescs" : [ {
@@ -1017,7 +1072,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "DROPTABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.InsertIntoDataSourceDirCommand",
   "tableDescs" : [ ],
@@ -1025,7 +1081,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.LoadDataCommand",
   "tableDescs" : [ {
@@ -1046,7 +1103,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "LOAD",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.RefreshTableCommand",
   "tableDescs" : [ {
@@ -1060,7 +1118,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.RepairTableCommand",
   "tableDescs" : [ {
@@ -1074,7 +1133,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "MSCK",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.ShowColumnsCommand",
   "tableDescs" : [ {
@@ -1088,7 +1148,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOWCOLUMNS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.ShowCreateTableAsSerdeCommand",
   "tableDescs" : [ {
@@ -1102,7 +1163,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOW_CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.ShowCreateTableCommand",
   "tableDescs" : [ {
@@ -1116,7 +1178,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOW_CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.ShowPartitionsCommand",
   "tableDescs" : [ {
@@ -1133,7 +1196,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOWPARTITIONS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.ShowTablePropertiesCommand",
   "tableDescs" : [ {
@@ -1147,7 +1211,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOW_TBLPROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.command.TruncateTableCommand",
   "tableDescs" : [ {
@@ -1164,7 +1229,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "TRUNCATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.CreateTable",
   "tableDescs" : [ {
@@ -1181,12 +1247,14 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanOptionQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.CreateTempViewUsing",
   "tableDescs" : [ ],
   "opType" : "CREATEVIEW",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.InsertIntoDataSourceCommand",
   "tableDescs" : [ {
@@ -1207,7 +1275,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand",
   "tableDescs" : [ {
@@ -1231,7 +1300,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.RefreshTable",
   "tableDescs" : [ {
@@ -1245,7 +1315,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.execution.datasources.SaveIntoDataSourceCommand",
   "tableDescs" : [ ],
@@ -1253,7 +1324,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.CreateHiveTableAsSelectCommand",
   "tableDescs" : [ {
@@ -1273,7 +1345,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveDirCommand",
   "tableDescs" : [ ],
@@ -1281,7 +1354,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.InsertIntoHiveTable",
   "tableDescs" : [ {
@@ -1305,7 +1379,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hive.execution.OptimizedCreateHiveTableAsSelectCommand",
   "tableDescs" : [ {
@@ -1325,7 +1400,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.Call",
   "tableDescs" : [ {
@@ -1339,7 +1415,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.DeleteFromIcebergTable",
   "tableDescs" : [ {
@@ -1357,7 +1434,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.MergeIntoIcebergTable",
   "tableDescs" : [ {
@@ -1378,7 +1456,8 @@
   "queryDescs" : [ {
     "fieldName" : "sourceTable",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.UnresolvedMergeIntoIcebergTable",
   "tableDescs" : [ {
@@ -1399,7 +1478,8 @@
   "queryDescs" : [ {
     "fieldName" : "sourceTable",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.UpdateIcebergTable",
   "tableDescs" : [ {
@@ -1417,7 +1497,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableAddColumnsCommand",
   "tableDescs" : [ {
@@ -1434,7 +1515,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_ADDCOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableChangeColumnCommand",
   "tableDescs" : [ {
@@ -1451,7 +1533,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_REPLACECOLS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableDropPartitionCommand",
   "tableDescs" : [ {
@@ -1468,7 +1551,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_DROPPARTS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.AlterHoodieTableRenameCommand",
   "tableDescs" : [ {
@@ -1486,7 +1570,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_RENAME",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.AlterTableCommand",
   "tableDescs" : [ {
@@ -1500,7 +1585,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CallProcedureHoodieCommand",
   "tableDescs" : [ {
@@ -1531,7 +1617,18 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CompactionHoodiePathCommand",
+  "tableDescs" : [ ],
+  "opType" : "CREATETABLE",
+  "queryDescs" : [ ],
+  "uriDescs" : [ {
+    "fieldName" : "path",
+    "fieldExtractor" : "StringURIExtractor",
+    "isInput" : false
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CompactionHoodieTableCommand",
   "tableDescs" : [ {
@@ -1543,18 +1640,20 @@
     "catalogDesc" : null,
     "isInput" : false,
     "setCurrentDatabaseIfMissing" : false
-  }, {
-    "fieldName" : "table",
-    "fieldExtractor" : "CatalogTableTableExtractor",
-    "columnDesc" : null,
-    "actionTypeDesc" : null,
-    "tableTypeDesc" : null,
-    "catalogDesc" : null,
-    "isInput" : true,
-    "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.hudi.command.CompactionShowHoodiePathCommand",
+  "tableDescs" : [ ],
+  "opType" : "SHOW_TBLPROPERTIES",
+  "queryDescs" : [ ],
+  "uriDescs" : [ {
+    "fieldName" : "path",
+    "fieldExtractor" : "StringURIExtractor",
+    "isInput" : true
+  } ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CompactionShowHoodieTableCommand",
   "tableDescs" : [ {
@@ -1568,7 +1667,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOW_TBLPROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableAsSelectCommand",
   "tableDescs" : [ {
@@ -1585,7 +1685,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableCommand",
   "tableDescs" : [ {
@@ -1599,7 +1700,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CreateHoodieTableLikeCommand",
   "tableDescs" : [ {
@@ -1622,7 +1724,8 @@
     "setCurrentDatabaseIfMissing" : true
   } ],
   "opType" : "CREATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.CreateIndexCommand",
   "tableDescs" : [ {
@@ -1636,7 +1739,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "CREATEINDEX",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.DeleteHoodieTableCommand",
   "tableDescs" : [ {
@@ -1654,7 +1758,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.DropHoodieTableCommand",
   "tableDescs" : [ {
@@ -1672,7 +1777,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "DROPTABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.DropIndexCommand",
   "tableDescs" : [ {
@@ -1686,7 +1792,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "DROPINDEX",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.InsertIntoHoodieTableCommand",
   "tableDescs" : [ {
@@ -1707,7 +1814,8 @@
   "queryDescs" : [ {
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.MergeIntoHoodieTableCommand",
   "tableDescs" : [ {
@@ -1728,7 +1836,8 @@
   "queryDescs" : [ {
     "fieldName" : "mergeInto",
     "fieldExtractor" : "HudiMergeIntoSourceTableExtractor"
-  } ]
+  } ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.RefreshIndexCommand",
   "tableDescs" : [ {
@@ -1742,7 +1851,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERINDEX_REBUILD",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.RepairHoodieTableCommand",
   "tableDescs" : [ {
@@ -1756,7 +1866,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "MSCK",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.ShowHoodieTablePartitionsCommand",
   "tableDescs" : [ {
@@ -1773,7 +1884,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOWPARTITIONS",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.ShowIndexesCommand",
   "tableDescs" : [ {
@@ -1787,7 +1899,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "SHOWINDEXES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand",
   "tableDescs" : [ {
@@ -1801,7 +1914,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "ALTERTABLE_PROPERTIES",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.TruncateHoodieTableCommand",
   "tableDescs" : [ {
@@ -1818,7 +1932,8 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "TRUNCATETABLE",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.hudi.command.UpdateHoodieTableCommand",
   "tableDescs" : [ {
@@ -1836,5 +1951,6 @@
     "setCurrentDatabaseIfMissing" : false
   } ],
   "opType" : "QUERY",
-  "queryDescs" : [ ]
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala
index c94bf4f8d..fe53440c1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ObjectType.scala
@@ -23,7 +23,7 @@ object ObjectType extends Enumeration {
 
   type ObjectType = Value
 
-  val DATABASE, TABLE, VIEW, COLUMN, FUNCTION, INDEX = Value
+  val DATABASE, TABLE, VIEW, COLUMN, FUNCTION, INDEX, URI = Value
 
   def apply(obj: PrivilegeObject, opType: OperationType): ObjectType = {
     obj.privilegeObjectType match {
@@ -33,6 +33,7 @@ object ObjectType extends Enumeration {
       case PrivilegeObjectType.TABLE_OR_VIEW if opType.toString.contains("VIEW") => VIEW
       case PrivilegeObjectType.TABLE_OR_VIEW => TABLE
       case PrivilegeObjectType.FUNCTION => FUNCTION
+      case PrivilegeObjectType.DFS_URL | PrivilegeObjectType.LOCAL_URI => URI
     }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObject.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObject.scala
index 195aa7989..0fe145b4a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObject.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObject.scala
@@ -17,11 +17,12 @@
 
 package org.apache.kyuubi.plugin.spark.authz
 
+import java.net.URI
 import javax.annotation.Nonnull
 
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType.PrivilegeObjectActionType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectType._
-import org.apache.kyuubi.plugin.spark.authz.serde.{Database, Function, Table}
+import org.apache.kyuubi.plugin.spark.authz.serde.{Database, Function, Table, Uri}
 
 /**
  * Build a Spark logical plan to different `PrivilegeObject`s
@@ -86,4 +87,19 @@ object PrivilegeObject {
       None
     ) // TODO: Support catalog for function
   }
+
+  def apply(uri: Uri): PrivilegeObject = {
+    val privilegeObjectType = Option(new URI(uri.path).getScheme) match {
+      case Some("file") => LOCAL_URI
+      case _ => DFS_URL
+    }
+    new PrivilegeObject(
+      privilegeObjectType,
+      PrivilegeObjectActionType.OTHER,
+      uri.path,
+      null,
+      Nil,
+      None,
+      None)
+  }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObjectType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObjectType.scala
index f514fcb82..4020392f2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObjectType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegeObjectType.scala
@@ -20,5 +20,5 @@ package org.apache.kyuubi.plugin.spark.authz
 object PrivilegeObjectType extends Enumeration {
   type PrivilegeObjectType = Value
 
-  val DATABASE, TABLE_OR_VIEW, FUNCTION = Value
+  val DATABASE, TABLE_OR_VIEW, FUNCTION, LOCAL_URI, DFS_URL = Value
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 0d4b53a5c..7d6d791ad 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -194,6 +194,23 @@ object PrivilegesBuilder {
             outputObjs ++= getTablePriv(td)
           }
         }
+        spec.uriDescs.foreach { ud =>
+          try {
+            val uri = ud.extract(plan)
+            uri match {
+              case Some(uri) =>
+                if (ud.isInput) {
+                  inputObjs += PrivilegeObject(uri)
+                } else {
+                  outputObjs += PrivilegeObject(uri)
+                }
+              case None =>
+            }
+          } catch {
+            case e: Exception =>
+              LOG.debug(ud.error(plan, e))
+          }
+        }
         spec.queries(plan).foreach(buildQuery(_, inputObjs, spark = spark))
         spec.operationType
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala
index 23cd87b27..858dc1c37 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessResource.scala
@@ -17,6 +17,9 @@
 
 package org.apache.kyuubi.plugin.spark.authz.ranger
 
+import java.io.File
+import java.util
+
 import scala.language.implicitConversions
 
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl
@@ -35,6 +38,7 @@ class AccessResource private (val objectType: ObjectType, val catalog: Option[St
     val columnStr = getColumn
     if (columnStr == null) Nil else columnStr.split(",").filter(_.nonEmpty)
   }
+  def getUrl: String = getValue("url")
 }
 
 object AccessResource {
@@ -60,6 +64,16 @@ object AccessResource {
       case TABLE | VIEW | INDEX =>
         resource.setValue("database", firstLevelResource)
         resource.setValue("table", secondLevelResource)
+      case URI =>
+        val objectList = new util.ArrayList[String]
+        Option(firstLevelResource)
+          .filter(_.nonEmpty)
+          .foreach { path =>
+            val s = path.stripSuffix(File.separator)
+            objectList.add(s)
+            objectList.add(s + File.separator)
+          }
+        resource.setValue("url", objectList)
     }
     resource.setServiceDef(SparkRangerAdminPlugin.getServiceDef)
     owner.foreach(resource.setOwnerUser)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
index d533d638b..7f1ddb68e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
@@ -35,6 +35,9 @@ object AccessType extends Enumeration {
           case CREATETABLE | CREATEVIEW | CREATETABLE_AS_SELECT
               if obj.privilegeObjectType == TABLE_OR_VIEW =>
             if (isInput) SELECT else CREATE
+          case CREATETABLE
+              if obj.privilegeObjectType == DFS_URL || obj.privilegeObjectType == LOCAL_URI =>
+            if (isInput) SELECT else CREATE
           case ALTERDATABASE |
               ALTERDATABASE_LOCATION |
               ALTERTABLE_ADDCOLS |
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
index 22bf07bfa..7b306551c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/CommandSpec.scala
@@ -83,7 +83,8 @@ case class TableCommandSpec(
     classname: String,
     tableDescs: Seq[TableDesc],
     opType: String = OperationType.QUERY.toString,
-    queryDescs: Seq[QueryDesc] = Nil) extends CommandSpec {
+    queryDescs: Seq[QueryDesc] = Nil,
+    uriDescs: Seq[UriDesc] = Nil) extends CommandSpec {
   def queries: LogicalPlan => Seq[LogicalPlan] = plan => {
     queryDescs.flatMap { qd =>
       try {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
index fc660ce14..4869fc1da 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Descriptor.scala
@@ -306,3 +306,21 @@ case class ScanDesc(
     }
   }
 }
+
+/**
+ * Function Descriptor
+ *
+ * @param fieldName the field name or method name of this function field
+ * @param fieldExtractor the key of a [[FunctionExtractor]] instance
+ * @param isInput read or write
+ */
+case class UriDesc(
+    fieldName: String,
+    fieldExtractor: String,
+    isInput: Boolean = false) extends Descriptor {
+  override def extract(v: AnyRef): Option[Uri] = {
+    val uriVal = invokeAs[AnyRef](v, fieldName)
+    val uriExtractor = lookupExtractor[URIExtractor](fieldExtractor)
+    uriExtractor(uriVal)
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Uri.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Uri.scala
new file mode 100644
index 000000000..aa9af8732
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/Uri.scala
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.serde
+
+/**
+ * :: Developer API ::
+ *
+ * Represents a URI identity
+ * @param path
+ */
+case class Uri(path: String)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
index 6863516b6..1c5ffb629 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/package.scala
@@ -34,6 +34,7 @@ import org.apache.kyuubi.plugin.spark.authz.serde.FunctionTypeExtractor.function
 import org.apache.kyuubi.plugin.spark.authz.serde.QueryExtractor.queryExtractors
 import org.apache.kyuubi.plugin.spark.authz.serde.TableExtractor.tableExtractors
 import org.apache.kyuubi.plugin.spark.authz.serde.TableTypeExtractor.tableTypeExtractors
+import org.apache.kyuubi.plugin.spark.authz.serde.URIExtractor.uriExtractors
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 package object serde {
@@ -129,6 +130,7 @@ package object serde {
       case c if classOf[FunctionExtractor].isAssignableFrom(c) => functionExtractors
       case c if classOf[FunctionTypeExtractor].isAssignableFrom(c) => functionTypeExtractors
       case c if classOf[ActionTypeExtractor].isAssignableFrom(c) => actionTypeExtractors
+      case c if classOf[URIExtractor].isAssignableFrom(c) => uriExtractors
       case _ => throw new IllegalArgumentException(s"Unknown extractor type: $ct")
     }
     extractors(extractorKey).asInstanceOf[T]
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/pathExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/pathExtractors.scala
new file mode 100644
index 000000000..81fa8411b
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/pathExtractors.scala
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.serde
+
+trait URIExtractor extends (AnyRef => Option[Uri]) with Extractor
+
+object URIExtractor {
+  val uriExtractors: Map[String, URIExtractor] = {
+    loadExtractorsToMap[URIExtractor]
+  }
+}
+
+/**
+ * String
+ */
+class StringURIExtractor extends URIExtractor {
+  override def apply(v1: AnyRef): Option[Uri] = {
+    Some(Uri(v1.asInstanceOf[String]))
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
index 9d80ee0f4..381f8081a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala
@@ -136,7 +136,7 @@ object HudiCommands extends CommandSpecs[TableCommandSpec] {
   val CompactionHoodieTableCommand = {
     val cmd = "org.apache.spark.sql.hudi.command.CompactionHoodieTableCommand"
     val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
-    TableCommandSpec(cmd, Seq(tableDesc, tableDesc.copy(isInput = true)), CREATETABLE)
+    TableCommandSpec(cmd, Seq(tableDesc), CREATETABLE)
   }
 
   val CompactionShowHoodieTableCommand = {
@@ -145,6 +145,22 @@ object HudiCommands extends CommandSpecs[TableCommandSpec] {
     TableCommandSpec(cmd, Seq(tableDesc), SHOW_TBLPROPERTIES)
   }
 
+  val CompactionHoodiePathCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CompactionHoodiePathCommand"
+    val uriDesc = UriDesc("path", classOf[StringURIExtractor])
+    TableCommandSpec(
+      cmd,
+      Seq.empty,
+      CREATETABLE,
+      uriDescs = Seq(uriDesc))
+  }
+
+  val CompactionShowHoodiePathCommand = {
+    val cmd = "org.apache.spark.sql.hudi.command.CompactionShowHoodiePathCommand"
+    val uriDesc = UriDesc("path", classOf[StringURIExtractor], isInput = true)
+    TableCommandSpec(cmd, Seq.empty, SHOW_TBLPROPERTIES, uriDescs = Seq(uriDesc))
+  }
+
   val CreateIndexCommand = {
     val cmd = "org.apache.spark.sql.hudi.command.CreateIndexCommand"
     val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
@@ -253,7 +269,9 @@ object HudiCommands extends CommandSpecs[TableCommandSpec] {
     CreateHoodieTableCommand,
     CreateHoodieTableLikeCommand,
     CreateIndexCommand,
+    CompactionHoodiePathCommand,
     CompactionHoodieTableCommand,
+    CompactionShowHoodiePathCommand,
     CompactionShowHoodieTableCommand,
     DeleteHoodieTableCommand,
     DropHoodieTableCommand,
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
index 042072910..8cff1698d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala
@@ -315,7 +315,7 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       val compactionTable = s"RUN COMPACTION ON $namespace1.$table1"
       interceptContains[AccessControlException] {
         doAs(someone, sql(compactionTable))
-      }(s"does not have [select] privilege on [$namespace1/$table1]")
+      }(s"does not have [create] privilege on [$namespace1/$table1]")
       doAs(admin, sql(compactionTable))
 
       val showCompactionTable = s"SHOW COMPACTION ON  $namespace1.$table1"
@@ -326,6 +326,45 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
     }
   }
 
+  test("CompactionHoodiePathCommand / CompactionShowHoodiePathCommand") {
+    withSingleCallEnabled {
+      withCleanTmpResources(Seq.empty) {
+        val path1 = "hdfs://demo/test/hudi/path"
+        val compactOnPath = s"RUN COMPACTION ON '$path1'"
+        interceptContains[AccessControlException](
+          doAs(someone, sql(compactOnPath)))(
+          s"does not have [create] privilege on [[$path1, $path1/]]")
+
+        val showCompactOnPath = s"SHOW COMPACTION ON '$path1'"
+        interceptContains[AccessControlException](
+          doAs(someone, sql(showCompactOnPath)))(
+          s"does not have [select] privilege on [[$path1, $path1/]]")
+
+        val path2 = "file:///demo/test/hudi/path"
+        val compactOnPath2 = s"RUN COMPACTION ON '$path2'"
+        interceptContains[AccessControlException](
+          doAs(someone, sql(compactOnPath2)))(
+          s"does not have [create] privilege on [[$path2, $path2/]]")
+
+        val showCompactOnPath2 = s"SHOW COMPACTION ON '$path2'"
+        interceptContains[AccessControlException](
+          doAs(someone, sql(showCompactOnPath2)))(
+          s"does not have [select] privilege on [[$path2, $path2/]]")
+
+        val path3 = "hdfs://demo/test/hudi/path"
+        val compactOnPath3 = s"RUN COMPACTION ON '$path3'"
+        interceptContains[AccessControlException](
+          doAs(someone, sql(compactOnPath3)))(
+          s"does not have [create] privilege on [[$path3, $path3/]]")
+
+        val showCompactOnPath3 = s"SHOW COMPACTION ON '$path3/'"
+        interceptContains[AccessControlException](
+          doAs(someone, sql(showCompactOnPath3)))(
+          s"does not have [select] privilege on [[$path3, $path3/]]")
+      }
+    }
+  }
+
   test("InsertIntoHoodieTableCommand") {
     withSingleCallEnabled {
       withCleanTmpResources(Seq(

From cfd90e0e2f6762467dc5218e4f3dceb2d854f961 Mon Sep 17 00:00:00 2001
From: zml1206 <zhuml1206@gmail.com>
Date: Fri, 27 Oct 2023 16:39:48 +0800
Subject: [PATCH 741/760] [KYUUBI #5529][AUTHZ] Support create table command
 for Delta Lake

### _Why are the changes needed?_
To close #5529.
Support create table command for Delta Lake in Authz.
https://docs.delta.io/latest/delta-batch.html#create-a-table

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5530 from zml1206/KYUUBI-5529.

Closes #5529

b8ed2a464 [zml1206] update
f12ff8ff5 [zml1206] Merge branch 'master' into KYUUBI-5529
c02523062 [Bowen Liang] resolve conflicts
036154b04 [Bowen Liang] Merge branch 'master' into KYUUBI-5529
fb4223b2c [zml1206] fix check spec json files
10138d83a [zml1206] Merge branch 'master' into KYUUBI-5529
facd8f7c6 [zml1206] fix show databases ut
b2a9543ec [zml1206] update ut
23f6b8172 [zml1206] Support create table command for Delta Lake

Lead-authored-by: zml1206 <zhuml1206@gmail.com>
Co-authored-by: Bowen Liang <bowenliang@apache.org>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Fu Chen <cfmcgrady@gmail.com>
---
 extensions/spark/kyuubi-spark-authz/pom.xml   |   6 +
 .../main/resources/table_command_spec.json    |  15 +++
 .../spark/authz/RangerTestResources.scala     |   1 +
 .../spark/authz/gen/DeltaCommands.scala       |  33 +++++
 .../authz/gen/JsonSpecFileGenerator.scala     |   2 +-
 ...eltaCatalogRangerSparkExtensionSuite.scala | 127 ++++++++++++++++++
 6 files changed, 183 insertions(+), 1 deletion(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala

diff --git a/extensions/spark/kyuubi-spark-authz/pom.xml b/extensions/spark/kyuubi-spark-authz/pom.xml
index 1b8655612..c2d9f7595 100644
--- a/extensions/spark/kyuubi-spark-authz/pom.xml
+++ b/extensions/spark/kyuubi-spark-authz/pom.xml
@@ -329,6 +329,12 @@
             <artifactId>paimon-spark-${paimon.spark.binary.version}</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>io.delta</groupId>
+            <artifactId>${delta.artifact}_${scala.binary.version}</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 9677e2298..6782fccb5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1953,4 +1953,19 @@
   "opType" : "QUERY",
   "queryDescs" : [ ],
   "uriDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.delta.commands.CreateDeltaTableCommand",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "CatalogTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "CREATETABLE",
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 } ]
\ No newline at end of file
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
index 0b1df64da..468c2c50b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
@@ -41,6 +41,7 @@ object RangerTestNamespace {
   val sparkCatalog = "spark_catalog"
   val icebergNamespace = "iceberg_ns"
   val hudiNamespace = "hudi_ns"
+  val deltaNamespace = "delta_ns"
   val namespace1 = "ns1"
   val namespace2 = "ns2"
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala
new file mode 100644
index 000000000..6435a64f5
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.gen
+
+import org.apache.kyuubi.plugin.spark.authz.OperationType._
+import org.apache.kyuubi.plugin.spark.authz.serde._
+
+object DeltaCommands extends CommandSpecs[TableCommandSpec] {
+
+  val CreateDeltaTableCommand = {
+    val cmd = "org.apache.spark.sql.delta.commands.CreateDeltaTableCommand"
+    val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), CREATETABLE)
+  }
+
+  override def specs: Seq[TableCommandSpec] = Seq(
+    CreateDeltaTableCommand)
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
index 07a8e2852..5fb4ace10 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/JsonSpecFileGenerator.scala
@@ -44,7 +44,7 @@ class JsonSpecFileGenerator extends AnyFunSuite {
   // scalastyle:on
   test("check spec json files") {
     writeCommandSpecJson("database", Seq(DatabaseCommands))
-    writeCommandSpecJson("table", Seq(TableCommands, IcebergCommands, HudiCommands))
+    writeCommandSpecJson("table", Seq(TableCommands, IcebergCommands, HudiCommands, DeltaCommands))
     writeCommandSpecJson("function", Seq(FunctionCommands))
     writeCommandSpecJson("scan", Seq(Scans))
   }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
new file mode 100644
index 000000000..48bb5c879
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.plugin.spark.authz.ranger
+
+import org.scalatest.Outcome
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.tags.DeltaTest
+import org.apache.kyuubi.util.AssertionUtils._
+
+/**
+ * Tests for RangerSparkExtensionSuite on Delta Lake
+ */
+@DeltaTest
+class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
+  override protected val catalogImpl: String = "hive"
+
+  val namespace1 = deltaNamespace
+  val table1 = "table1_delta"
+  val table2 = "table2_delta"
+
+  override def withFixture(test: NoArgTest): Outcome = {
+    test()
+  }
+
+  override def beforeAll(): Unit = {
+    spark.conf.set(
+      s"spark.sql.catalog.$sparkCatalog",
+      "org.apache.spark.sql.delta.catalog.DeltaCatalog")
+    spark.conf.set(
+      s"spark.sql.catalog.$sparkCatalog.warehouse",
+      Utils.createTempDir("delta-hadoop").toString)
+    super.beforeAll()
+  }
+
+  override def afterAll(): Unit = {
+    super.afterAll()
+    spark.sessionState.catalog.reset()
+    spark.sessionState.conf.clear()
+  }
+
+  test("create table") {
+    withCleanTmpResources(Seq(
+      (s"$namespace1.$table1", "table"),
+      (s"$namespace1.$table2", "table"),
+      (s"$namespace1", "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      val createNonPartitionTableSql =
+        s"""
+           |CREATE TABLE IF NOT EXISTS $namespace1.$table1 (
+           |  id INT,
+           |  firstName STRING,
+           |  middleName STRING,
+           |  lastName STRING,
+           |  gender STRING,
+           |  birthDate TIMESTAMP,
+           |  ssn STRING,
+           |  salary INT
+           |) USING DELTA
+           |""".stripMargin
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(createNonPartitionTableSql))
+      }(s"does not have [create] privilege on [$namespace1/$table1]")
+      doAs(admin, createNonPartitionTableSql)
+
+      val createPartitionTableSql =
+        s"""
+           |CREATE TABLE IF NOT EXISTS $namespace1.$table2 (
+           |  id INT,
+           |  firstName STRING,
+           |  middleName STRING,
+           |  lastName STRING,
+           |  gender STRING,
+           |  birthDate TIMESTAMP,
+           |  ssn STRING,
+           |  salary INT
+           |)
+           |USING DELTA
+           |PARTITIONED BY (gender)
+           |""".stripMargin
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(createPartitionTableSql))
+      }(s"does not have [create] privilege on [$namespace1/$table2]")
+      doAs(admin, createPartitionTableSql)
+    }
+  }
+
+  test("create or replace table") {
+    withCleanTmpResources(
+      Seq((s"$namespace1.$table1", "table"), (s"$namespace1", "database"))) {
+      val createOrReplaceTableSql =
+        s"""
+           |CREATE OR REPLACE TABLE $namespace1.$table1 (
+           |  id INT,
+           |  firstName STRING,
+           |  middleName STRING,
+           |  lastName STRING,
+           |  gender STRING,
+           |  birthDate TIMESTAMP,
+           |  ssn STRING,
+           |  salary INT
+           |) USING DELTA
+           |""".stripMargin
+      interceptContains[AccessControlException] {
+        doAs(someone, sql(createOrReplaceTableSql))
+      }(s"does not have [create] privilege on [$namespace1/$table1]")
+      doAs(admin, createOrReplaceTableSql)
+    }
+  }
+}

From 7a0534f6bf4cea936135dc854e392297428ba52e Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Sun, 29 Oct 2023 15:44:14 +0800
Subject: [PATCH 742/760] [KYUUBI #5546][AUTHZ] Reorgnize the package names for
 rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
To close #5546
Refactor the code path of authz

- Rule is not specify for ranger, extract to a independent path `rule`
- Collect each. rule's class together
- Move RangerConfigProvider to `ranger` package

The output is
<img width="417" alt="截屏2023-10-27 下午2 46 53" src="https://github.com/apache/kyuubi/assets/46485123/111ee474-c1df-4748-9307-2f49953f1a32">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5547 from AngersZhuuuu/KYUUBI-5546.

Closes #5546

41cc8305d [Angerszhuuuu] followcomment
7c449b472 [Angerszhuuuu] follow comment
16f087834 [Angerszhuuuu] update
0a3265f6c [Angerszhuuuu] Update RuleApplyPermanentViewMarker.scala
4ed26a3e1 [Angerszhuuuu] follow comment
ce94bf80d [Angerszhuuuu] Update AuthzConfigurationCheckerSuite.scala
3bc9d2f53 [Angerszhuuuu] Update AuthzConfigurationCheckerSuite.scala
dbee53152 [Angerszhuuuu] update
6a9b94cf3 [Angerszhuuuu] Update PrivilegesBuilder.scala
ed9e9dc93 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
50ac9bc8a [Angerszhuuuu] update
0faed7f02 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5546
ef2198973 [Angerszhuuuu] [KYUUBI #5546][AUTHZ] Refactor the code path of authz

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/resources/scan_command_spec.json          |  2 +-
 .../kyuubi/plugin/spark/authz/PrivilegesBuilder.scala  |  2 +-
 .../authz/{util => ranger}/RangerConfigProvider.scala  |  6 +++---
 .../spark/authz/ranger/RangerSparkExtension.scala      | 10 ++++++----
 .../spark/authz/ranger/SparkRangerAdminPlugin.scala    |  1 -
 .../authz/{util => rule}/RuleEliminateMarker.scala     |  6 +++---
 .../RuleEliminatePermanentViewMarker.scala}            |  8 +++++---
 .../spark/authz/{ranger => rule}/RuleHelper.scala      |  2 +-
 .../config}/AuthzConfigurationChecker.scala            |  2 +-
 .../datamasking/DataMaskingStage0Marker.scala          |  2 +-
 .../datamasking/DataMaskingStage1Marker.scala          |  2 +-
 .../datamasking/RuleApplyDataMaskingStage0.scala       |  3 ++-
 .../datamasking/RuleApplyDataMaskingStage1.scala       |  4 ++--
 .../permanentview}/PermanentViewMarker.scala           |  4 +++-
 .../permanentview}/RuleApplyPermanentViewMarker.scala  |  9 ++++-----
 .../rowfilter}/FilterDataSourceV2Strategy.scala        |  4 +---
 .../rowfilter}/FilteredShowObjectsExec.scala           |  3 ++-
 .../rowfilter}/ObjectFilterPlaceHolder.scala           |  4 +++-
 .../{ranger => rule}/rowfilter/RowFilterMarker.scala   |  2 +-
 .../rowfilter/RuleApplyRowFilter.scala                 |  3 ++-
 .../rowfilter}/RuleReplaceShowObjectCommands.scala     |  8 +++++---
 .../apache/kyuubi/plugin/spark/authz/gen/Scans.scala   |  2 +-
 .../AuthzConfigurationCheckerSuite.scala               |  4 +++-
 23 files changed, 52 insertions(+), 41 deletions(-)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => ranger}/RangerConfigProvider.scala (88%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => rule}/RuleEliminateMarker.scala (85%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util/RuleEliminateViewMarker.scala => rule/RuleEliminatePermanentViewMarker.scala} (83%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/RuleHelper.scala (97%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/config}/AuthzConfigurationChecker.scala (97%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/DataMaskingStage0Marker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/DataMaskingStage1Marker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/RuleApplyDataMaskingStage0.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/RuleApplyDataMaskingStage1.scala (96%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => rule/permanentview}/PermanentViewMarker.scala (91%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/permanentview}/RuleApplyPermanentViewMarker.scala (83%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/rowfilter}/FilterDataSourceV2Strategy.scala (93%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/rowfilter}/FilteredShowObjectsExec.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => rule/rowfilter}/ObjectFilterPlaceHolder.scala (91%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/rowfilter/RowFilterMarker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/rowfilter/RuleApplyRowFilter.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/rowfilter}/RuleReplaceShowObjectCommands.scala (92%)
 rename extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/AuthzConfigurationCheckerSuite.scala (92%)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
index 3273ccbea..d0bd139a2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
@@ -1,5 +1,5 @@
 [ {
-  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
+  "classname" : "org.apache.kyuubi.plugin.spark.authz.rule.permanetview.PermanentViewMarker",
   "scanDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableTableExtractor",
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 7d6d791ad..73b80fc3b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -26,9 +26,9 @@ import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object PrivilegesBuilder {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
similarity index 88%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
index a61d94a8f..05d8cc64f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
@@ -15,12 +15,12 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.conf.Configuration
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.util.reflect.ReflectUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isRanger21orGreater
+import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
 
 trait RangerConfigProvider {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
index f8e941d9d..01645ff97 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
@@ -19,9 +19,11 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSessionExtensions
 
-import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
-import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RuleApplyRowFilter
-import org.apache.kyuubi.plugin.spark.authz.util.{RuleEliminateMarker, RuleEliminateViewMarker}
+import org.apache.kyuubi.plugin.spark.authz.rule.{RuleEliminateMarker, RuleEliminatePermanentViewMarker}
+import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
+import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.RuleApplyPermanentViewMarker
+import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.{FilterDataSourceV2Strategy, RuleApplyRowFilter, RuleReplaceShowObjectCommands}
 
 /**
  * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
@@ -49,7 +51,7 @@ class RangerSparkExtension extends (SparkSessionExtensions => Unit) {
     v1.injectResolutionRule(RuleApplyDataMaskingStage1)
     v1.injectOptimizerRule(_ => new RuleEliminateMarker())
     v1.injectOptimizerRule(new RuleAuthorization(_))
-    v1.injectOptimizerRule(_ => new RuleEliminateViewMarker())
+    v1.injectOptimizerRule(_ => new RuleEliminatePermanentViewMarker())
     v1.injectPlannerStrategy(new FilterDataSourceV2Strategy(_))
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index d3059ef2d..66f34db91 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -26,7 +26,6 @@ import org.apache.ranger.plugin.service.RangerBasePlugin
 import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
-import org.apache.kyuubi.plugin.spark.authz.util.RangerConfigProvider
 
 object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
   with RangerConfigProvider {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
similarity index 85%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
index 448439b84..3da11ad05 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
@@ -15,14 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
-import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
-import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RowFilterMarker
+import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
+import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.RowFilterMarker
 
 class RuleEliminateMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
similarity index 83%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
index 8044f1283..864ada55f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
@@ -15,16 +15,18 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
+
 /**
- * Transforming up [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]]
+ * Transforming up [[PermanentViewMarker]]
  */
-class RuleEliminateViewMarker extends Rule[LogicalPlan] {
+class RuleEliminatePermanentViewMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
     plan.transformUp {
       case pvm: PermanentViewMarker => pvm.child.transformAllExpressions {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
index 3cfe2b940..c163cafe9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.SparkSession
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
index 56ab27d22..3ab2c3fd6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.config
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
index b43149383..c1d3a7532 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.{Attribute, ExprId}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
index aed0ac693..1c30879e4 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
index de125550a..27cde1621 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.Alias
@@ -24,6 +24,7 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
+import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
similarity index 96%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
index 9589be2e9..b0069c9a5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
@@ -15,13 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.NamedExpression
 import org.apache.spark.sql.catalyst.plans.logical.{Command, LogicalPlan}
 
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleHelper
+import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
similarity index 91%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
index e997e46f8..d58f8ac29 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
@@ -15,12 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
 
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+
 case class PermanentViewMarker(
     child: LogicalPlan,
     catalogTable: CatalogTable,
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
similarity index 83%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
index f12088f5f..09d31f43f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
@@ -15,21 +15,20 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 
 /**
- * Adding [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] for permanent views
+ * Adding [[PermanentViewMarker]] for permanent views
  * for marking catalogTable of views used by privilege checking
  * in [[org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization]].
- * [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] must be transformed up later
- * in [[org.apache.kyuubi.plugin.spark.authz.util.RuleEliminateViewMarker]] optimizer.
+ * [[PermanentViewMarker]] must be transformed up later
+ * in [[org.apache.kyuubi.plugin.spark.authz.rule.RuleEliminatePermanentViewMarker]] optimizer.
  */
 class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
similarity index 93%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
index cbf79581e..17c766555 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
@@ -14,14 +14,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.{SparkSession, Strategy}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.spark.sql.execution.SparkPlan
 
-import org.apache.kyuubi.plugin.spark.authz.util.ObjectFilterPlaceHolder
-
 class FilterDataSourceV2Strategy(spark: SparkSession) extends Strategy {
   override def apply(plan: LogicalPlan): Seq[SparkPlan] = plan match {
     // For Spark 3.1 and below, `ColumnPruning` rule will set `ObjectFilterPlaceHolder#child` to
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
index 67519118e..0bb421356 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SparkContext
@@ -24,6 +24,7 @@ import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.execution.{LeafExecNode, SparkPlan}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
+import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
 
 trait FilteredShowObjectsExec extends LeafExecNode {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
similarity index 91%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
index 0d3c39adb..6a7f1beab 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
@@ -15,11 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+
 case class ObjectFilterPlaceHolder(child: LogicalPlan) extends UnaryNode
   with WithInternalChild {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
index 8817958b5..f4295a094 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
index 22bcfae49..defee4005 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
@@ -23,6 +23,7 @@ import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
+import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 case class RuleApplyRowFilter(spark: SparkSession) extends RuleHelper {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
similarity index 92%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
index bf762109c..990201655 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.{Row, SparkSession}
@@ -25,7 +25,9 @@ import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.command.{RunnableCommand, ShowColumnsCommand}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
-import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, ObjectFilterPlaceHolder, WithInternalChildren}
+import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
+import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, WithInternalChildren}
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
@@ -34,7 +36,7 @@ class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
     case n: LogicalPlan if n.nodeName == "ShowTables" =>
       ObjectFilterPlaceHolder(n)
     case n: LogicalPlan if n.nodeName == "ShowNamespaces" =>
-      ObjectFilterPlaceHolder(n)
+      rowfilter.ObjectFilterPlaceHolder(n)
     case r: RunnableCommand if r.nodeName == "ShowFunctionsCommand" =>
       FilteredShowFunctionsCommand(r)
     case r: RunnableCommand if r.nodeName == "ShowColumnsCommand" =>
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index d61e2606d..a691549d5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -50,7 +50,7 @@ object Scans extends CommandSpecs[ScanSpec] {
   }
 
   val PermanentViewMarker = {
-    val r = "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker"
+    val r = "org.apache.kyuubi.plugin.spark.authz.rule.permanetview.PermanentViewMarker"
     val tableDesc =
       ScanDesc(
         "catalogTable",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
similarity index 92%
rename from extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
rename to extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
index cd5757e54..10fa0af9e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
@@ -15,13 +15,15 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.scalatest.BeforeAndAfterAll
 // scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessionProvider}
+import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization
+import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
 
 class AuthzConfigurationCheckerSuite extends AnyFunSuite with SparkSessionProvider
   with BeforeAndAfterAll {

From 8da1801268c87ecfa39e5730e705b669a118d22b Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Sun, 29 Oct 2023 15:45:03 +0800
Subject: [PATCH 743/760] [KYUUBI #5503][AUTHZ] Check plan auth checked should
 not set tag to all child nodes

### _Why are the changes needed?_
To close #5503

For lateral sql won't check table2's privilege
```
test("xxx") {
    val db1 = defaultDb
    val table1 = "table1"
    val table2 = "table2"
    val view1 = "view1"
    withCleanTmpResources(
      Seq((s"$db1.$table1", "table"), (s"$db1.$table2", "table"), (s"$db1.$view1", "view"))) {
      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
      doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table2 (id int, age int)"))
      doAs(admin, sql(
        s"""
           |SELECT t1.id, age
           |FROM $db1.$table1 t1,
           |LATERAL (
           |  SELECT *
           |  FROM $db1.$table2 t2
           |  WHERE t1.id = t2.id
           |)
           |""".stripMargin).explain(true))
    }
  }
```

It was caused by  https://github.com/apache/kyuubi/pull/4529
![image](https://github.com/apache/kyuubi/assets/46485123/28cdc061-2c2a-44d3-a8d2-a07f5f6f058c)

But after we fix #5417 and #5415, we didn't need this change. We should remove it.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5540 from AngersZhuuuu/TEST_REVERT_4504.

Closes #5503

63fa03771 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
f3118d293 [Angerszhuuuu] Update RuleAuthorization.scala
f6b6dcccc [Angerszhuuuu] follow comment
2c7ae5d50 [Angerszhuuuu] Update RuleAuthorization.scala
bddc11733 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
6bb0c39b4 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
42c924f45 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
bbb2c3170 [Angerszhuuuu] [KYUUBI #5503][AUTHZ] Check plan auth checked should not set tag to all child nodes

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../authz/ranger/RuleAuthorization.scala      | 18 +++++--
 .../ranger/RangerSparkExtensionSuite.scala    | 54 +++++++++++++++++--
 2 files changed, 62 insertions(+), 10 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
index 3203108df..91221c522 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
@@ -30,6 +30,8 @@ import org.apache.kyuubi.plugin.spark.authz.ObjectType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization._
 import org.apache.kyuubi.plugin.spark.authz.ranger.SparkRangerAdminPlugin._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
+
 class RuleAuthorization(spark: SparkSession) extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
     plan match {
@@ -41,7 +43,7 @@ class RuleAuthorization(spark: SparkSession) extends Rule[LogicalPlan] {
 
 object RuleAuthorization {
 
-  val KYUUBI_AUTHZ_TAG = TreeNodeTag[Boolean]("__KYUUBI_AUTHZ_TAG")
+  val KYUUBI_AUTHZ_TAG = TreeNodeTag[Unit]("__KYUUBI_AUTHZ_TAG")
 
   private def checkPrivileges(spark: SparkSession, plan: LogicalPlan): LogicalPlan = {
     val auditHandler = new SparkRangerAuditHandler
@@ -97,13 +99,19 @@ object RuleAuthorization {
   }
 
   private def markAuthChecked(plan: LogicalPlan): LogicalPlan = {
-    plan.transformUp { case p =>
-      p.setTagValue(KYUUBI_AUTHZ_TAG, true)
-      p
+    plan match {
+      case _: PermanentViewMarker =>
+        plan.transformUp { case p =>
+          p.setTagValue(KYUUBI_AUTHZ_TAG, ())
+          p
+        }
+      case _ =>
+        plan.setTagValue(KYUUBI_AUTHZ_TAG, ())
     }
+    plan
   }
 
   private def isAuthChecked(plan: LogicalPlan): Boolean = {
-    plan.find(_.getTagValue(KYUUBI_AUTHZ_TAG).contains(true)).nonEmpty
+    plan.find(_.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty).nonEmpty
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 07c8efeda..8923819c3 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -113,12 +113,12 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
       if (i == 1) {
         assert(logicalPlan.getTagValue(KYUUBI_AUTHZ_TAG).isEmpty)
       } else {
-        assert(logicalPlan.getTagValue(KYUUBI_AUTHZ_TAG).getOrElse(false))
+        assert(logicalPlan.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty)
       }
       rule.apply(logicalPlan)
     }
 
-    assert(logicalPlan.getTagValue(KYUUBI_AUTHZ_TAG).getOrElse(false))
+    assert(logicalPlan.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty)
   }
 
   test("[KYUUBI #3226]: Another session should also check even if the plan is cached.") {
@@ -140,7 +140,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
           // session1: first query, should auth once.[LogicalRelation]
           val df = sql(select)
           val plan1 = df.queryExecution.optimizedPlan
-          assert(plan1.getTagValue(KYUUBI_AUTHZ_TAG).getOrElse(false))
+          assert(plan1.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty)
 
           // cache
           df.cache()
@@ -148,7 +148,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
           // session1: second query, should auth once.[InMemoryRelation]
           // (don't need to check in again, but it's okay to check in once)
           val plan2 = sql(select).queryExecution.optimizedPlan
-          assert(plan1 != plan2 && plan2.getTagValue(KYUUBI_AUTHZ_TAG).getOrElse(false))
+          assert(plan1 != plan2 && plan2.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty)
 
           // session2: should auth once.
           val otherSessionDf = spark.newSession().sql(select)
@@ -159,7 +159,7 @@ abstract class RangerSparkExtensionSuite extends AnyFunSuite
           // make sure it use cache.
           assert(plan3.isInstanceOf[InMemoryRelation])
           // auth once only.
-          assert(plan3.getTagValue(KYUUBI_AUTHZ_TAG).getOrElse(false))
+          assert(plan3.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty)
         })
     }
   }
@@ -952,4 +952,48 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       }
     }
   }
+
+  test("[KYUUBI #5503][AUTHZ] Check plan auth checked should not set tag to all child nodes") {
+    assume(isSparkV32OrGreater, "Spark 3.1 not support lateral subquery.")
+    val db1 = defaultDb
+    val table1 = "table1"
+    val perm_view = "perm_view"
+    withSingleCallEnabled {
+      withCleanTmpResources(
+        Seq((s"$db1.$table1", "table"), (s"$db1.$perm_view", "view"))) {
+        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
+        doAs(admin, sql(s"CREATE VIEW $db1.$perm_view AS SELECT * FROM $db1.$table1"))
+        interceptContains[AccessControlException](
+          doAs(
+            someone,
+            sql(
+              s"""
+                 |SELECT t1.id
+                 |FROM $db1.$table1 t1,
+                 |LATERAL (
+                 |  SELECT *
+                 |  FROM $db1.$perm_view t2
+                 |  WHERE t1.id = t2.id
+                 |)
+                 |""".stripMargin).show()))(
+          s"does not have [select] privilege on " +
+            s"[$db1/$perm_view/id,$db1/$perm_view/scope]")
+        interceptContains[AccessControlException](
+          doAs(
+            permViewOnlyUser,
+            sql(
+              s"""
+                 |SELECT t1.id
+                 |FROM $db1.$table1 t1,
+                 |LATERAL (
+                 |  SELECT *
+                 |  FROM $db1.$perm_view t2
+                 |  WHERE t1.id = t2.id
+                 |)
+                 |""".stripMargin).show()))(
+          s"does not have [select] privilege on " +
+            s"[$db1/$table1/id,$db1/$table1/scope]")
+      }
+    }
+  }
 }

From 67b61df30a09fe280038ae899b24887760f5237e Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Sun, 29 Oct 2023 20:33:39 +0800
Subject: [PATCH 744/760] Revert "[KYUUBI #5546][AUTHZ] Reorgnize the package
 names for rules"

This reverts commit 7a0534f6bf4cea936135dc854e392297428ba52e.
---
 .../src/main/resources/scan_command_spec.json          |  2 +-
 .../kyuubi/plugin/spark/authz/PrivilegesBuilder.scala  |  2 +-
 .../config => ranger}/AuthzConfigurationChecker.scala  |  2 +-
 .../FilterDataSourceV2Strategy.scala                   |  4 +++-
 .../rowfilter => ranger}/FilteredShowObjectsExec.scala |  3 +--
 .../spark/authz/ranger/RangerSparkExtension.scala      | 10 ++++------
 .../RuleApplyPermanentViewMarker.scala                 |  9 +++++----
 .../spark/authz/{rule => ranger}/RuleHelper.scala      |  2 +-
 .../RuleReplaceShowObjectCommands.scala                |  8 +++-----
 .../spark/authz/ranger/SparkRangerAdminPlugin.scala    |  1 +
 .../datamasking/DataMaskingStage0Marker.scala          |  2 +-
 .../datamasking/DataMaskingStage1Marker.scala          |  2 +-
 .../datamasking/RuleApplyDataMaskingStage0.scala       |  3 +--
 .../datamasking/RuleApplyDataMaskingStage1.scala       |  4 ++--
 .../{rule => ranger}/rowfilter/RowFilterMarker.scala   |  2 +-
 .../rowfilter/RuleApplyRowFilter.scala                 |  3 +--
 .../rowfilter => util}/ObjectFilterPlaceHolder.scala   |  4 +---
 .../permanentview => util}/PermanentViewMarker.scala   |  4 +---
 .../authz/{ranger => util}/RangerConfigProvider.scala  |  6 +++---
 .../authz/{rule => util}/RuleEliminateMarker.scala     |  6 +++---
 .../RuleEliminateViewMarker.scala}                     |  8 +++-----
 .../apache/kyuubi/plugin/spark/authz/gen/Scans.scala   |  2 +-
 .../AuthzConfigurationCheckerSuite.scala               |  4 +---
 23 files changed, 41 insertions(+), 52 deletions(-)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/config => ranger}/AuthzConfigurationChecker.scala (97%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/rowfilter => ranger}/FilterDataSourceV2Strategy.scala (93%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/rowfilter => ranger}/FilteredShowObjectsExec.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/permanentview => ranger}/RuleApplyPermanentViewMarker.scala (83%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/RuleHelper.scala (97%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/rowfilter => ranger}/RuleReplaceShowObjectCommands.scala (92%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/datamasking/DataMaskingStage0Marker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/datamasking/DataMaskingStage1Marker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/datamasking/RuleApplyDataMaskingStage0.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/datamasking/RuleApplyDataMaskingStage1.scala (96%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/rowfilter/RowFilterMarker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/rowfilter/RuleApplyRowFilter.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/rowfilter => util}/ObjectFilterPlaceHolder.scala (91%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/permanentview => util}/PermanentViewMarker.scala (91%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => util}/RangerConfigProvider.scala (88%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule => util}/RuleEliminateMarker.scala (85%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{rule/RuleEliminatePermanentViewMarker.scala => util/RuleEliminateViewMarker.scala} (83%)
 rename extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/{rule => ranger}/AuthzConfigurationCheckerSuite.scala (92%)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
index d0bd139a2..3273ccbea 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
@@ -1,5 +1,5 @@
 [ {
-  "classname" : "org.apache.kyuubi.plugin.spark.authz.rule.permanetview.PermanentViewMarker",
+  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
   "scanDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableTableExtractor",
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 73b80fc3b..7d6d791ad 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -26,9 +26,9 @@ import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object PrivilegesBuilder {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
index 3ab2c3fd6..56ab27d22 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.config
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
similarity index 93%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
index 17c766555..cbf79581e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
@@ -14,12 +14,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.{SparkSession, Strategy}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.spark.sql.execution.SparkPlan
 
+import org.apache.kyuubi.plugin.spark.authz.util.ObjectFilterPlaceHolder
+
 class FilterDataSourceV2Strategy(spark: SparkSession) extends Strategy {
   override def apply(plan: LogicalPlan): Seq[SparkPlan] = plan match {
     // For Spark 3.1 and below, `ColumnPruning` rule will set `ObjectFilterPlaceHolder#child` to
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
index 0bb421356..67519118e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SparkContext
@@ -24,7 +24,6 @@ import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.execution.{LeafExecNode, SparkPlan}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
-import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
 
 trait FilteredShowObjectsExec extends LeafExecNode {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
index 01645ff97..f8e941d9d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
@@ -19,11 +19,9 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSessionExtensions
 
-import org.apache.kyuubi.plugin.spark.authz.rule.{RuleEliminateMarker, RuleEliminatePermanentViewMarker}
-import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
-import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.RuleApplyPermanentViewMarker
-import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.{FilterDataSourceV2Strategy, RuleApplyRowFilter, RuleReplaceShowObjectCommands}
+import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
+import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RuleApplyRowFilter
+import org.apache.kyuubi.plugin.spark.authz.util.{RuleEliminateMarker, RuleEliminateViewMarker}
 
 /**
  * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
@@ -51,7 +49,7 @@ class RangerSparkExtension extends (SparkSessionExtensions => Unit) {
     v1.injectResolutionRule(RuleApplyDataMaskingStage1)
     v1.injectOptimizerRule(_ => new RuleEliminateMarker())
     v1.injectOptimizerRule(new RuleAuthorization(_))
-    v1.injectOptimizerRule(_ => new RuleEliminatePermanentViewMarker())
+    v1.injectOptimizerRule(_ => new RuleEliminateViewMarker())
     v1.injectPlannerStrategy(new FilterDataSourceV2Strategy(_))
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
similarity index 83%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
index 09d31f43f..f12088f5f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
@@ -15,20 +15,21 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 
 /**
- * Adding [[PermanentViewMarker]] for permanent views
+ * Adding [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] for permanent views
  * for marking catalogTable of views used by privilege checking
  * in [[org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization]].
- * [[PermanentViewMarker]] must be transformed up later
- * in [[org.apache.kyuubi.plugin.spark.authz.rule.RuleEliminatePermanentViewMarker]] optimizer.
+ * [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] must be transformed up later
+ * in [[org.apache.kyuubi.plugin.spark.authz.util.RuleEliminateViewMarker]] optimizer.
  */
 class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
index c163cafe9..3cfe2b940 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.SparkSession
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
similarity index 92%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
index 990201655..bf762109c 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.{Row, SparkSession}
@@ -25,9 +25,7 @@ import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.command.{RunnableCommand, ShowColumnsCommand}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
-import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
-import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
-import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, WithInternalChildren}
+import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, ObjectFilterPlaceHolder, WithInternalChildren}
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
@@ -36,7 +34,7 @@ class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
     case n: LogicalPlan if n.nodeName == "ShowTables" =>
       ObjectFilterPlaceHolder(n)
     case n: LogicalPlan if n.nodeName == "ShowNamespaces" =>
-      rowfilter.ObjectFilterPlaceHolder(n)
+      ObjectFilterPlaceHolder(n)
     case r: RunnableCommand if r.nodeName == "ShowFunctionsCommand" =>
       FilteredShowFunctionsCommand(r)
     case r: RunnableCommand if r.nodeName == "ShowColumnsCommand" =>
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index 66f34db91..d3059ef2d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -26,6 +26,7 @@ import org.apache.ranger.plugin.service.RangerBasePlugin
 import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.util.RangerConfigProvider
 
 object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
   with RangerConfigProvider {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
index c1d3a7532..b43149383 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.{Attribute, ExprId}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
index 1c30879e4..aed0ac693 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
index 27cde1621..de125550a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.Alias
@@ -24,7 +24,6 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
-import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
similarity index 96%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
index b0069c9a5..9589be2e9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
@@ -15,13 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.NamedExpression
 import org.apache.spark.sql.catalyst.plans.logical.{Command, LogicalPlan}
 
-import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
+import org.apache.kyuubi.plugin.spark.authz.ranger.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
index f4295a094..8817958b5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
index defee4005..22bcfae49 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
@@ -23,7 +23,6 @@ import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
-import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 case class RuleApplyRowFilter(spark: SparkSession) extends RuleHelper {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
similarity index 91%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
index 6a7f1beab..0d3c39adb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
@@ -15,13 +15,11 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
-
 case class ObjectFilterPlaceHolder(child: LogicalPlan) extends UnaryNode
   with WithInternalChild {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
similarity index 91%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
index d58f8ac29..e997e46f8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
@@ -15,14 +15,12 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
-
 case class PermanentViewMarker(
     child: LogicalPlan,
     catalogTable: CatalogTable,
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
similarity index 88%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
index 05d8cc64f..a61d94a8f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
@@ -15,12 +15,12 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.hadoop.conf.Configuration
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isRanger21orGreater
-import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait RangerConfigProvider {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
similarity index 85%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
index 3da11ad05..448439b84 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
@@ -15,14 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
-import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
-import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.RowFilterMarker
+import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
+import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RowFilterMarker
 
 class RuleEliminateMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
similarity index 83%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
index 864ada55f..8044f1283 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
@@ -15,18 +15,16 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
-
 /**
- * Transforming up [[PermanentViewMarker]]
+ * Transforming up [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]]
  */
-class RuleEliminatePermanentViewMarker extends Rule[LogicalPlan] {
+class RuleEliminateViewMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
     plan.transformUp {
       case pvm: PermanentViewMarker => pvm.child.transformAllExpressions {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index a691549d5..d61e2606d 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -50,7 +50,7 @@ object Scans extends CommandSpecs[ScanSpec] {
   }
 
   val PermanentViewMarker = {
-    val r = "org.apache.kyuubi.plugin.spark.authz.rule.permanetview.PermanentViewMarker"
+    val r = "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker"
     val tableDesc =
       ScanDesc(
         "catalogTable",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
similarity index 92%
rename from extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
rename to extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
index 10fa0af9e..cd5757e54 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
@@ -15,15 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.scalatest.BeforeAndAfterAll
 // scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessionProvider}
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization
-import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
 
 class AuthzConfigurationCheckerSuite extends AnyFunSuite with SparkSessionProvider
   with BeforeAndAfterAll {

From c24e984a3e8a41ad20bc4a5517e51a856e3e5452 Mon Sep 17 00:00:00 2001
From: senmiaoliu <senmiaoliu@trip.com>
Date: Mon, 30 Oct 2023 09:48:25 +0800
Subject: [PATCH 745/760] [KYUUBI #5423] Support chaining SessionConfAdvisors

### _Why are the changes needed?_

close #5423

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

NO

Closes #5485 from lsm1/branch-5423.

Closes #5423

0bd3b0233 [senmiaoliu] mention in the migration guide
dddafeb9b [senmiaoliu] support multi session conf advisor

Authored-by: senmiaoliu <senmiaoliu@trip.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 docs/configuration/settings.md                |  2 +-
 docs/deployment/migration-guide.md            |  4 ++
 .../org/apache/kyuubi/config/KyuubiConf.scala |  5 ++-
 .../apache/kyuubi/plugin/PluginLoader.scala   | 24 ++++++-----
 .../kyuubi/session/KyuubiBatchSession.scala   |  6 +--
 .../kyuubi/session/KyuubiSessionImpl.scala    |  6 +--
 .../kyuubi/session/KyuubiSessionManager.scala |  2 +-
 .../kyuubi/plugin/PluginLoaderSuite.scala     | 43 +++++++++++++++----
 8 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 1bf1230e1..5e00d0b75 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -410,7 +410,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 |------------------------------------------------------|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
 | kyuubi.session.check.interval                        | PT5M                    | The check interval for session timeout.                                                                                                                                                                                                                                                                                                                                                                                  | duration | 1.0.0 |
 | kyuubi.session.close.on.disconnect                   | true                    | Session will be closed when client disconnects from kyuubi gateway. Set this to false to have session outlive its parent connection.                                                                                                                                                                                                                                                                                     | boolean  | 1.8.0 |
-| kyuubi.session.conf.advisor                          | &lt;undefined&gt;       | A config advisor plugin for Kyuubi Server. This plugin can provide some custom configs for different users or session configs and overwrite the session configs before opening a new session. This config value should be a subclass of `org.apache.kyuubi.plugin.SessionConfAdvisor` which has a zero-arg constructor.                                                                                                  | string   | 1.5.0 |
+| kyuubi.session.conf.advisor                          | &lt;undefined&gt;       | A config advisor plugin for Kyuubi Server. This plugin can provide a list of custom configs for different users or session configs and overwrite the session configs before opening a new session. This config value should be a subclass of `org.apache.kyuubi.plugin.SessionConfAdvisor` which has a zero-arg constructor.                                                                                             | seq      | 1.5.0 |
 | kyuubi.session.conf.file.reload.interval             | PT10M                   | When `FileSessionConfAdvisor` is used, this configuration defines the expired time of `$KYUUBI_CONF_DIR/kyuubi-session-<profile>.conf` in the cache. After exceeding this value, the file will be reloaded.                                                                                                                                                                                                              | duration | 1.7.0 |
 | kyuubi.session.conf.ignore.list                                               || A comma-separated list of ignored keys. If the client connection contains any of them, the key and the corresponding value will be removed silently during engine bootstrap and connection setup. Note that this rule is for server-side protection defined via administrators to prevent some essential configs from tampering but will not forbid users to set dynamic configurations via SET syntax.                  | set      | 1.2.0 |
 | kyuubi.session.conf.profile                          | &lt;undefined&gt;       | Specify a profile to load session-level configurations from `$KYUUBI_CONF_DIR/kyuubi-session-<profile>.conf`. This configuration will be ignored if the file does not exist. This configuration only takes effect when `kyuubi.session.conf.advisor` is set as `org.apache.kyuubi.session.FileSessionConfAdvisor`.                                                                                                       | string   | 1.7.0 |
diff --git a/docs/deployment/migration-guide.md b/docs/deployment/migration-guide.md
index 0430e8cff..bf5b184cd 100644
--- a/docs/deployment/migration-guide.md
+++ b/docs/deployment/migration-guide.md
@@ -17,6 +17,10 @@
 
 # Kyuubi Migration Guide
 
+## Upgrading from Kyuubi 1.8 to 1.9
+
+* Since Kyuubi 1.9.0, `kyuubi.session.conf.advisor` can be set as a sequence, Kyuubi supported chaining SessionConfAdvisors.
+
 ## Upgrading from Kyuubi 1.7 to 1.8
 
 * Since Kyuubi 1.8, SQLite is added and becomes the default database type of Kyuubi metastore, as Derby has been deprecated.
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index a5c0aee0a..981db1720 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2468,14 +2468,15 @@ object KyuubiConf {
       .checkValues(OperationLanguages)
       .createWithDefault(OperationLanguages.SQL.toString)
 
-  val SESSION_CONF_ADVISOR: OptionalConfigEntry[String] =
+  val SESSION_CONF_ADVISOR: OptionalConfigEntry[Seq[String]] =
     buildConf("kyuubi.session.conf.advisor")
-      .doc("A config advisor plugin for Kyuubi Server. This plugin can provide some custom " +
+      .doc("A config advisor plugin for Kyuubi Server. This plugin can provide a list of custom " +
         "configs for different users or session configs and overwrite the session configs before " +
         "opening a new session. This config value should be a subclass of " +
         "`org.apache.kyuubi.plugin.SessionConfAdvisor` which has a zero-arg constructor.")
       .version("1.5.0")
       .stringConf
+      .toSequence()
       .createOptional
 
   val GROUP_PROVIDER: ConfigEntry[String] =
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala
index da4c8e4a9..1bc80dc7d 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/plugin/PluginLoader.scala
@@ -25,20 +25,22 @@ import org.apache.kyuubi.util.reflect.DynConstructors
 
 private[kyuubi] object PluginLoader {
 
-  def loadSessionConfAdvisor(conf: KyuubiConf): SessionConfAdvisor = {
+  def loadSessionConfAdvisor(conf: KyuubiConf): Seq[SessionConfAdvisor] = {
     val advisorClass = conf.get(KyuubiConf.SESSION_CONF_ADVISOR)
     if (advisorClass.isEmpty) {
-      return new DefaultSessionConfAdvisor()
+      return new DefaultSessionConfAdvisor() :: Nil
     }
-
-    try {
-      DynConstructors.builder.impl(advisorClass.get).buildChecked[SessionConfAdvisor].newInstance()
-    } catch {
-      case _: ClassCastException =>
-        throw new KyuubiException(
-          s"Class ${advisorClass.get} is not a child of '${classOf[SessionConfAdvisor].getName}'.")
-      case NonFatal(e) =>
-        throw new IllegalArgumentException(s"Error while instantiating '${advisorClass.get}': ", e)
+    advisorClass.get.map { advisorClassName =>
+      try {
+        DynConstructors.builder.impl(advisorClassName)
+          .buildChecked[SessionConfAdvisor].newInstance()
+      } catch {
+        case _: ClassCastException =>
+          throw new KyuubiException(
+            s"Class $advisorClassName is not a child of '${classOf[SessionConfAdvisor].getName}'.")
+        case NonFatal(e) =>
+          throw new IllegalArgumentException(s"Error while instantiating '$advisorClassName': ", e)
+      }
     }
   }
 
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
index 8489e6d30..ccba65594 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiBatchSession.scala
@@ -81,12 +81,12 @@ class KyuubiBatchSession(
     sessionConf.getBatchConf(batchType) ++ sessionManager.validateBatchConf(conf)
 
   val optimizedConf: Map[String, String] = {
-    val confOverlay = sessionManager.sessionConfAdvisor.getConfOverlay(
+    val confOverlay = sessionManager.sessionConfAdvisor.map(_.getConfOverlay(
       user,
-      normalizedConf.asJava)
+      normalizedConf.asJava).asScala).reduce(_ ++ _)
     if (confOverlay != null) {
       val overlayConf = new KyuubiConf(false)
-      confOverlay.asScala.foreach { case (k, v) => overlayConf.set(k, v) }
+      confOverlay.foreach { case (k, v) => overlayConf.set(k, v) }
       normalizedConf ++ overlayConf.getBatchConf(batchType)
     } else {
       warn(s"the server plugin return null value for user: $user, ignore it")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 6dd1810a8..ca411d71f 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -53,11 +53,11 @@ class KyuubiSessionImpl(
   override val sessionType: SessionType = SessionType.INTERACTIVE
 
   private[kyuubi] val optimizedConf: Map[String, String] = {
-    val confOverlay = sessionManager.sessionConfAdvisor.getConfOverlay(
+    val confOverlay = sessionManager.sessionConfAdvisor.map(_.getConfOverlay(
       user,
-      normalizedConf.asJava)
+      normalizedConf.asJava).asScala).reduce(_ ++ _)
     if (confOverlay != null) {
-      normalizedConf ++ confOverlay.asScala
+      normalizedConf ++ confOverlay
     } else {
       warn(s"the server plugin return null value for user: $user, ignore it")
       normalizedConf
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
index 02a3ee32c..4c625ce67 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala
@@ -58,7 +58,7 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
     if (conf.isRESTEnabled) Some(new MetadataManager()) else None
 
   // lazy is required for plugins since the conf is null when this class initialization
-  lazy val sessionConfAdvisor: SessionConfAdvisor = PluginLoader.loadSessionConfAdvisor(conf)
+  lazy val sessionConfAdvisor: Seq[SessionConfAdvisor] = PluginLoader.loadSessionConfAdvisor(conf)
   lazy val groupProvider: GroupProvider = PluginLoader.loadGroupProvider(conf)
 
   private var limiter: Option[SessionLimiter] = None
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/plugin/PluginLoaderSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/plugin/PluginLoaderSuite.scala
index e24b79c2c..bd7f78e24 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/plugin/PluginLoaderSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/plugin/PluginLoaderSuite.scala
@@ -27,15 +27,15 @@ class PluginLoaderSuite extends KyuubiFunSuite {
 
   test("SessionConfAdvisor - wrong class") {
     val conf = new KyuubiConf(false)
-    assert(PluginLoader.loadSessionConfAdvisor(conf).isInstanceOf[DefaultSessionConfAdvisor])
+    assert(PluginLoader.loadSessionConfAdvisor(conf).head.isInstanceOf[DefaultSessionConfAdvisor])
 
-    conf.set(KyuubiConf.SESSION_CONF_ADVISOR, classOf[InvalidSessionConfAdvisor].getName)
+    conf.set(KyuubiConf.SESSION_CONF_ADVISOR, Seq(classOf[InvalidSessionConfAdvisor].getName))
     val msg1 = intercept[KyuubiException] {
       PluginLoader.loadSessionConfAdvisor(conf)
     }.getMessage
     assert(msg1.contains(s"is not a child of '${classOf[SessionConfAdvisor].getName}'"))
 
-    conf.set(KyuubiConf.SESSION_CONF_ADVISOR, "non.exists")
+    conf.set(KyuubiConf.SESSION_CONF_ADVISOR, Seq("non.exists"))
     val msg2 = intercept[IllegalArgumentException] {
       PluginLoader.loadSessionConfAdvisor(conf)
     }.getMessage
@@ -44,27 +44,46 @@ class PluginLoaderSuite extends KyuubiFunSuite {
 
   test("FileSessionConfAdvisor") {
     val conf = new KyuubiConf(false)
-    conf.set(KyuubiConf.SESSION_CONF_ADVISOR, classOf[FileSessionConfAdvisor].getName)
+    conf.set(KyuubiConf.SESSION_CONF_ADVISOR, Seq(classOf[FileSessionConfAdvisor].getName))
     val advisor = PluginLoader.loadSessionConfAdvisor(conf)
-    val emptyConfig = advisor.getConfOverlay("chris", conf.getAll.asJava)
+    val emptyConfig =
+      advisor.map(_.getConfOverlay("chris", conf.getAll.asJava).asScala).reduce(_ ++ _).asJava
     assert(emptyConfig.isEmpty)
 
     conf.set(KyuubiConf.SESSION_CONF_PROFILE, "non.exists")
-    val nonExistsConfig = advisor.getConfOverlay("chris", conf.getAll.asJava)
+    val nonExistsConfig =
+      advisor.map(_.getConfOverlay("chris", conf.getAll.asJava).asScala).reduce(_ ++ _).asJava
     assert(nonExistsConfig.isEmpty)
 
     conf.set(KyuubiConf.SESSION_CONF_PROFILE, "cluster-a")
-    val clusterAConf = advisor.getConfOverlay("chris", conf.getAll.asJava)
+    val clusterAConf =
+      advisor.map(_.getConfOverlay("chris", conf.getAll.asJava).asScala).reduce(_ ++ _).asJava
     assert(clusterAConf.get("kyuubi.ha.namespace") == "kyuubi-ns-a")
     assert(clusterAConf.get("kyuubi.zk.ha.namespace") == null)
     assert(clusterAConf.size() == 5)
 
-    val clusterAConfFromCache = advisor.getConfOverlay("chris", conf.getAll.asJava)
+    val clusterAConfFromCache =
+      advisor.map(_.getConfOverlay("chris", conf.getAll.asJava).asScala).reduce(_ ++ _).asJava
     assert(clusterAConfFromCache.get("kyuubi.ha.namespace") == "kyuubi-ns-a")
     assert(clusterAConfFromCache.get("kyuubi.zk.ha.namespace") == null)
     assert(clusterAConfFromCache.size() == 5)
   }
 
+  test("SessionConfAdvisor - multi class") {
+    val conf = new KyuubiConf(false)
+    conf.set(
+      KyuubiConf.SESSION_CONF_ADVISOR,
+      Seq(classOf[FileSessionConfAdvisor].getName, classOf[TestSessionConfAdvisor].getName))
+    val advisor = PluginLoader.loadSessionConfAdvisor(conf)
+    conf.set(KyuubiConf.SESSION_CONF_PROFILE, "cluster-a")
+    val clusterAConf =
+      advisor.map(_.getConfOverlay("chris", conf.getAll.asJava).asScala).reduce(_ ++ _).asJava
+    assert(clusterAConf.get("kyuubi.ha.namespace") == "kyuubi-ns-a")
+    assert(clusterAConf.get("kyuubi.zk.ha.namespace") == null)
+    assert(clusterAConf.get("spark.k3") == "v3")
+    assert(clusterAConf.size() == 7)
+  }
+
   test("GroupProvider - wrong class") {
     val conf = new KyuubiConf(false)
     conf.set(KyuubiConf.GROUP_PROVIDER, "hadoop")
@@ -99,3 +118,11 @@ class PluginLoaderSuite extends KyuubiFunSuite {
 
 class InvalidSessionConfAdvisor
 class InvalidGroupProvider
+
+class TestSessionConfAdvisor extends SessionConfAdvisor {
+  override def getConfOverlay(
+      user: String,
+      sessionConf: java.util.Map[String, String]): java.util.Map[String, String] = {
+    Map("spark.k3" -> "v3", "spark.k4" -> "v4").asJava
+  }
+}

From 0e85702648404310acf7e2f0703138e2b9e12925 Mon Sep 17 00:00:00 2001
From: zml1206 <zhuml1206@gmail.com>
Date: Mon, 30 Oct 2023 10:33:10 +0800
Subject: [PATCH 746/760] [KYUUBI #5532][AUTHZ] Support Alter table commands of
 updating table schema for Delta Lake

### _Why are the changes needed?_
To close #5532.
Support alter table command for Delta Lake in Authz.
https://docs.delta.io/latest/delta-batch.html#explicitly-update-schema

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5552 from zml1206/KYUUBI-5532.

Closes #5532

e0c384d55 [zml1206] Delta Lake not support purge table
c8cef4cf2 [zml1206] Support alter table command for Delta Lake

Authored-by: zml1206 <zhuml1206@gmail.com>
Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
---
 .../spark/authz/SparkSessionProvider.scala    |  3 +-
 ...eltaCatalogRangerSparkExtensionSuite.scala | 70 +++++++++++++++++--
 2 files changed, 67 insertions(+), 6 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
index c7e541ef5..7aa4d99e4 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/SparkSessionProvider.scala
@@ -28,6 +28,7 @@ import org.scalatest.Assertions._
 import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
 import org.apache.kyuubi.plugin.spark.authz.V2JdbcTableCatalogPrivilegesBuilderSuite._
+import org.apache.kyuubi.plugin.spark.authz.ranger.DeltaCatalogRangerSparkExtensionSuite._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
 trait SparkSessionProvider {
@@ -106,7 +107,7 @@ trait SparkSessionProvider {
   }
 
   private def isCatalogSupportPurge(catalogName: String): Boolean = {
-    val unsupportedCatalogs = Set(v2JdbcTableCatalogClassName)
+    val unsupportedCatalogs = Set(v2JdbcTableCatalogClassName, deltaCatalogClassName)
     spark.conf.getOption(s"spark.sql.catalog.$catalogName") match {
       case Some(catalog) if !unsupportedCatalogs.contains(catalog) => true
       case _ => false
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
index 48bb5c879..59ced3eb1 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
@@ -22,6 +22,7 @@ import org.apache.kyuubi.Utils
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.ranger.DeltaCatalogRangerSparkExtensionSuite._
 import org.apache.kyuubi.tags.DeltaTest
 import org.apache.kyuubi.util.AssertionUtils._
 
@@ -31,6 +32,7 @@ import org.apache.kyuubi.util.AssertionUtils._
 @DeltaTest
 class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   override protected val catalogImpl: String = "hive"
+  override protected val sqlExtensions: String = "io.delta.sql.DeltaSparkSessionExtension"
 
   val namespace1 = deltaNamespace
   val table1 = "table1_delta"
@@ -41,9 +43,7 @@ class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   override def beforeAll(): Unit = {
-    spark.conf.set(
-      s"spark.sql.catalog.$sparkCatalog",
-      "org.apache.spark.sql.delta.catalog.DeltaCatalog")
+    spark.conf.set(s"spark.sql.catalog.$sparkCatalog", deltaCatalogClassName)
     spark.conf.set(
       s"spark.sql.catalog.$sparkCatalog.warehouse",
       Utils.createTempDir("delta-hadoop").toString)
@@ -103,8 +103,7 @@ class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
   }
 
   test("create or replace table") {
-    withCleanTmpResources(
-      Seq((s"$namespace1.$table1", "table"), (s"$namespace1", "database"))) {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (s"$namespace1", "database"))) {
       val createOrReplaceTableSql =
         s"""
            |CREATE OR REPLACE TABLE $namespace1.$table1 (
@@ -124,4 +123,65 @@ class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       doAs(admin, createOrReplaceTableSql)
     }
   }
+
+  test("alter table") {
+    withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (s"$namespace1", "database"))) {
+      doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+      doAs(
+        admin,
+        sql(
+          s"""
+             |CREATE TABLE IF NOT EXISTS $namespace1.$table1 (
+             |  id INT,
+             |  firstName STRING,
+             |  middleName STRING,
+             |  lastName STRING,
+             |  gender STRING,
+             |  birthDate TIMESTAMP,
+             |  ssn STRING,
+             |  salary INT
+             |)
+             |USING DELTA
+             |PARTITIONED BY (gender)
+             |""".stripMargin))
+
+      // add columns
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS (age int)")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
+
+      // change column
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(s"ALTER TABLE $namespace1.$table1" +
+            s" CHANGE COLUMN gender gender STRING AFTER birthDate")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
+
+      // replace columns
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(s"ALTER TABLE $namespace1.$table1" +
+            s" REPLACE COLUMNS (id INT, firstName STRING)")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
+
+      // rename column
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(s"ALTER TABLE $namespace1.$table1" +
+            s" RENAME COLUMN birthDate TO dateOfBirth")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
+
+      // drop column
+      interceptContains[AccessControlException](
+        doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 DROP COLUMN birthDate")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
+    }
+  }
+}
+
+object DeltaCatalogRangerSparkExtensionSuite {
+  val deltaCatalogClassName: String = "org.apache.spark.sql.delta.catalog.DeltaCatalog"
 }

From 22f6ef1af59cb12b2f8aca1c4885815f8bd5b36d Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Mon, 30 Oct 2023 13:09:55 +0800
Subject: [PATCH 747/760] [KYUUBI #5546][AUTHZ] Reorgnize the package names for
 rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_
To close #5546
Refactor the code path of authz

- Rule is not specify for ranger, extract to a independent path `rule`
- Collect each. rule's class together
- Move RangerConfigProvider to `ranger` package

The output is
<img width="449" alt="截屏2023-10-30 上午10 52 35" src="https://github.com/apache/kyuubi/assets/46485123/6db12dc8-7318-4b18-9ed2-4d66d40d4773">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

Closes #5553 from AngersZhuuuu/KYUUBI-5546.

Closes #5546

877f01703 [Angerszhuuuu] update
099d09306 [Angerszhuuuu] Update RuleReplaceShowObjectCommands.scala
afbfd9264 [Angerszhuuuu] Update RuleReplaceShowObjectCommands.scala
72f24bd6b [Angerszhuuuu] Merge branch 'master' into KYUUBI-5546
cc8f493ca [Angerszhuuuu] Update RuleAuthorization.scala
8db7bb8a7 [Angerszhuuuu] Update RuleAuthorization.scala
8dd49bbdc [Angerszhuuuu] Merge branch 'master' into KYUUBI-5546
41cc8305d [Angerszhuuuu] followcomment
7c449b472 [Angerszhuuuu] follow comment
16f087834 [Angerszhuuuu] update
0a3265f6c [Angerszhuuuu] Update RuleApplyPermanentViewMarker.scala
4ed26a3e1 [Angerszhuuuu] follow comment
ce94bf80d [Angerszhuuuu] Update AuthzConfigurationCheckerSuite.scala
3bc9d2f53 [Angerszhuuuu] Update AuthzConfigurationCheckerSuite.scala
dbee53152 [Angerszhuuuu] update
6a9b94cf3 [Angerszhuuuu] Update PrivilegesBuilder.scala
ed9e9dc93 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
50ac9bc8a [Angerszhuuuu] update
0faed7f02 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5546
ef2198973 [Angerszhuuuu] [KYUUBI #5546][AUTHZ] Refactor the code path of authz

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/main/resources/scan_command_spec.json          |  2 +-
 .../kyuubi/plugin/spark/authz/PrivilegesBuilder.scala  |  2 +-
 .../authz/{util => ranger}/RangerConfigProvider.scala  |  6 +++---
 .../spark/authz/ranger/RangerSparkExtension.scala      | 10 ++++++----
 .../plugin/spark/authz/ranger/RuleAuthorization.scala  |  2 +-
 .../spark/authz/ranger/SparkRangerAdminPlugin.scala    |  1 -
 .../authz/{util => rule}/RuleEliminateMarker.scala     |  6 +++---
 .../RuleEliminatePermanentViewMarker.scala}            |  8 +++++---
 .../spark/authz/{ranger => rule}/RuleHelper.scala      |  2 +-
 .../config}/AuthzConfigurationChecker.scala            |  2 +-
 .../datamasking/DataMaskingStage0Marker.scala          |  2 +-
 .../datamasking/DataMaskingStage1Marker.scala          |  2 +-
 .../datamasking/RuleApplyDataMaskingStage0.scala       |  3 ++-
 .../datamasking/RuleApplyDataMaskingStage1.scala       |  4 ++--
 .../permanentview}/PermanentViewMarker.scala           |  4 +++-
 .../permanentview}/RuleApplyPermanentViewMarker.scala  |  9 ++++-----
 .../rowfilter}/FilterDataSourceV2Strategy.scala        |  4 +---
 .../rowfilter}/FilteredShowObjectsExec.scala           |  3 ++-
 .../rowfilter}/ObjectFilterPlaceHolder.scala           |  4 +++-
 .../{ranger => rule}/rowfilter/RowFilterMarker.scala   |  2 +-
 .../rowfilter/RuleApplyRowFilter.scala                 |  3 ++-
 .../rowfilter}/RuleReplaceShowObjectCommands.scala     |  5 +++--
 .../apache/kyuubi/plugin/spark/authz/gen/Scans.scala   |  2 +-
 .../AuthzConfigurationCheckerSuite.scala               |  4 +++-
 24 files changed, 51 insertions(+), 41 deletions(-)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => ranger}/RangerConfigProvider.scala (88%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => rule}/RuleEliminateMarker.scala (85%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util/RuleEliminateViewMarker.scala => rule/RuleEliminatePermanentViewMarker.scala} (83%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/RuleHelper.scala (97%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/config}/AuthzConfigurationChecker.scala (97%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/DataMaskingStage0Marker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/DataMaskingStage1Marker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/RuleApplyDataMaskingStage0.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/datamasking/RuleApplyDataMaskingStage1.scala (96%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => rule/permanentview}/PermanentViewMarker.scala (91%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/permanentview}/RuleApplyPermanentViewMarker.scala (83%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/rowfilter}/FilterDataSourceV2Strategy.scala (93%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/rowfilter}/FilteredShowObjectsExec.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{util => rule/rowfilter}/ObjectFilterPlaceHolder.scala (91%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/rowfilter/RowFilterMarker.scala (95%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/rowfilter/RuleApplyRowFilter.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule/rowfilter}/RuleReplaceShowObjectCommands.scala (94%)
 rename extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/{ranger => rule}/AuthzConfigurationCheckerSuite.scala (92%)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
index 3273ccbea..40a0d81c2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
@@ -1,5 +1,5 @@
 [ {
-  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
+  "classname" : "org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker",
   "scanDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableTableExtractor",
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 7d6d791ad..73b80fc3b 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -26,9 +26,9 @@ import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object PrivilegesBuilder {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
similarity index 88%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
index a61d94a8f..05d8cc64f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RangerConfigProvider.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerConfigProvider.scala
@@ -15,12 +15,12 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.conf.Configuration
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.util.reflect.ReflectUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isRanger21orGreater
+import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
 
 trait RangerConfigProvider {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
index f8e941d9d..01645ff97 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
@@ -19,9 +19,11 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSessionExtensions
 
-import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
-import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RuleApplyRowFilter
-import org.apache.kyuubi.plugin.spark.authz.util.{RuleEliminateMarker, RuleEliminateViewMarker}
+import org.apache.kyuubi.plugin.spark.authz.rule.{RuleEliminateMarker, RuleEliminatePermanentViewMarker}
+import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
+import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.RuleApplyPermanentViewMarker
+import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.{FilterDataSourceV2Strategy, RuleApplyRowFilter, RuleReplaceShowObjectCommands}
 
 /**
  * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
@@ -49,7 +51,7 @@ class RangerSparkExtension extends (SparkSessionExtensions => Unit) {
     v1.injectResolutionRule(RuleApplyDataMaskingStage1)
     v1.injectOptimizerRule(_ => new RuleEliminateMarker())
     v1.injectOptimizerRule(new RuleAuthorization(_))
-    v1.injectOptimizerRule(_ => new RuleEliminateViewMarker())
+    v1.injectOptimizerRule(_ => new RuleEliminatePermanentViewMarker())
     v1.injectPlannerStrategy(new FilterDataSourceV2Strategy(_))
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
index 91221c522..43574d0ad 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
@@ -29,8 +29,8 @@ import org.apache.kyuubi.plugin.spark.authz._
 import org.apache.kyuubi.plugin.spark.authz.ObjectType._
 import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization._
 import org.apache.kyuubi.plugin.spark.authz.ranger.SparkRangerAdminPlugin._
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 
 class RuleAuthorization(spark: SparkSession) extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
index d3059ef2d..66f34db91 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -26,7 +26,6 @@ import org.apache.ranger.plugin.service.RangerBasePlugin
 import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
-import org.apache.kyuubi.plugin.spark.authz.util.RangerConfigProvider
 
 object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
   with RangerConfigProvider {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
similarity index 85%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
index 448439b84..3da11ad05 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateMarker.scala
@@ -15,14 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
-import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
-import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RowFilterMarker
+import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
+import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.RowFilterMarker
 
 class RuleEliminateMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
similarity index 83%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
index 8044f1283..864ada55f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/RuleEliminateViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminatePermanentViewMarker.scala
@@ -15,16 +15,18 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
+
 /**
- * Transforming up [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]]
+ * Transforming up [[PermanentViewMarker]]
  */
-class RuleEliminateViewMarker extends Rule[LogicalPlan] {
+class RuleEliminatePermanentViewMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
     plan.transformUp {
       case pvm: PermanentViewMarker => pvm.child.transformAllExpressions {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
index 3cfe2b940..c163cafe9 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleHelper.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleHelper.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.SparkSession
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
similarity index 97%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
index 56ab27d22..3ab2c3fd6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationChecker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/config/AuthzConfigurationChecker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.config
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
index b43149383..c1d3a7532 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage0Marker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage0Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.{Attribute, ExprId}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
index aed0ac693..1c30879e4 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/DataMaskingStage1Marker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/DataMaskingStage1Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
index de125550a..27cde1621 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage0.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage0.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.Alias
@@ -24,6 +24,7 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
+import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
similarity index 96%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
index 9589be2e9..b0069c9a5 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/datamasking/RuleApplyDataMaskingStage1.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/datamasking/RuleApplyDataMaskingStage1.scala
@@ -15,13 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
+package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.NamedExpression
 import org.apache.spark.sql.catalyst.plans.logical.{Command, LogicalPlan}
 
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleHelper
+import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
similarity index 91%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
index e997e46f8..d58f8ac29 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/PermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
@@ -15,12 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
 
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+
 case class PermanentViewMarker(
     child: LogicalPlan,
     catalogTable: CatalogTable,
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
similarity index 83%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
index f12088f5f..09d31f43f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
@@ -15,21 +15,20 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
-import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 
 /**
- * Adding [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] for permanent views
+ * Adding [[PermanentViewMarker]] for permanent views
  * for marking catalogTable of views used by privilege checking
  * in [[org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization]].
- * [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] must be transformed up later
- * in [[org.apache.kyuubi.plugin.spark.authz.util.RuleEliminateViewMarker]] optimizer.
+ * [[PermanentViewMarker]] must be transformed up later
+ * in [[org.apache.kyuubi.plugin.spark.authz.rule.RuleEliminatePermanentViewMarker]] optimizer.
  */
 class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
similarity index 93%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
index cbf79581e..17c766555 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilterDataSourceV2Strategy.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilterDataSourceV2Strategy.scala
@@ -14,14 +14,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.{SparkSession, Strategy}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.spark.sql.execution.SparkPlan
 
-import org.apache.kyuubi.plugin.spark.authz.util.ObjectFilterPlaceHolder
-
 class FilterDataSourceV2Strategy(spark: SparkSession) extends Strategy {
   override def apply(plan: LogicalPlan): Seq[SparkPlan] = plan match {
     // For Spark 3.1 and below, `ColumnPruning` rule will set `ObjectFilterPlaceHolder#child` to
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
index 67519118e..0bb421356 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/FilteredShowObjectsExec.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/FilteredShowObjectsExec.scala
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SparkContext
@@ -24,6 +24,7 @@ import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.execution.{LeafExecNode, SparkPlan}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
+import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
 
 trait FilteredShowObjectsExec extends LeafExecNode {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
similarity index 91%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
index 0d3c39adb..6a7f1beab 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/ObjectFilterPlaceHolder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/ObjectFilterPlaceHolder.scala
@@ -15,11 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.util
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
+import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
+
 case class ObjectFilterPlaceHolder(child: LogicalPlan) extends UnaryNode
   with WithInternalChild {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
similarity index 95%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
index 8817958b5..f4295a094 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RowFilterMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RowFilterMarker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
index 22bcfae49..defee4005 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/rowfilter/RuleApplyRowFilter.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleApplyRowFilter.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
@@ -23,6 +23,7 @@ import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
+import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 case class RuleApplyRowFilter(spark: SparkSession) extends RuleHelper {
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
similarity index 94%
rename from extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
rename to extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
index bf762109c..1728234a8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleReplaceShowObjectCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/rowfilter/RuleReplaceShowObjectCommands.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.{Row, SparkSession}
@@ -25,7 +25,8 @@ import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.command.{RunnableCommand, ShowColumnsCommand}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
-import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, ObjectFilterPlaceHolder, WithInternalChildren}
+import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
+import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, WithInternalChildren}
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
index d61e2606d..7771a2dd2 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -50,7 +50,7 @@ object Scans extends CommandSpecs[ScanSpec] {
   }
 
   val PermanentViewMarker = {
-    val r = "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker"
+    val r = "org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker"
     val tableDesc =
       ScanDesc(
         "catalogTable",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
similarity index 92%
rename from extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
rename to extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
index cd5757e54..10fa0af9e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AuthzConfigurationCheckerSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/rule/AuthzConfigurationCheckerSuite.scala
@@ -15,13 +15,15 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.scalatest.BeforeAndAfterAll
 // scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessionProvider}
+import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization
+import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
 
 class AuthzConfigurationCheckerSuite extends AnyFunSuite with SparkSessionProvider
   with BeforeAndAfterAll {

From 26f614a504584e18cc8493cb213f7ec5ec9c2ea6 Mon Sep 17 00:00:00 2001
From: davidyuan <yuanfuyuan@mafengwo.com>
Date: Mon, 30 Oct 2023 13:12:43 +0800
Subject: [PATCH 748/760] [KYUUBI #5531][TEST] Fix flaky
 FlinkOperationOnYarnSuite by enlarging the max rows setting
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

#### 1. know about this pr
When we execute flink(1.17+) test case, it may throw exception when the test case is `show/stop job`, the exception desc like this
```
- execute statement - show/stop jobs *** FAILED ***
  org.apache.kyuubi.jdbc.hive.KyuubiSQLException: Error operating ExecuteStatement: org.apache.flink.table.gateway.service.utils.SqlExecutionException: Could not stop job 4dece26857fab91d63fad1abd8c6bdd0 with savepoint for operation 9ed8247a-b7bd-4004-875b-61ba654ab3dd.
	at org.apache.flink.table.gateway.service.operation.OperationExecutor.lambda$callStopJobOperation$11(OperationExecutor.java:628)
	at org.apache.flink.table.gateway.service.operation.OperationExecutor.runClusterAction(OperationExecutor.java:716)
	at org.apache.flink.table.gateway.service.operation.OperationExecutor.callStopJobOperation(OperationExecutor.java:601)
	at org.apache.flink.table.gateway.service.operation.OperationExecutor.executeOperation(OperationExecutor.java:434)
	at org.apache.flink.table.gateway.service.operation.OperationExecutor.executeStatement(OperationExecutor.java:195)
	at org.apache.kyuubi.engine.flink.operation.ExecuteStatement.executeStatement(ExecuteStatement.scala:64)
	at org.apache.kyuubi.engine.flink.operation.ExecuteStatement.runInternal(ExecuteStatement.scala:56)
	at org.apache.kyuubi.operation.AbstractOperation.run(AbstractOperation.scala:171)
	at org.apache.kyuubi.session.AbstractSession.runOperation(AbstractSession.scala:101)
	at org.apache.kyuubi.session.AbstractSession.$anonfun$executeStatement$1(AbstractSession.scala:131)
	at org.apache.kyuubi.session.AbstractSession.withAcquireRelease(AbstractSession.scala:82)
	at org.apache.kyuubi.session.AbstractSession.executeStatement(AbstractSession.scala:128)
	at org.apache.kyuubi.service.AbstractBackendService.executeStatement(AbstractBackendService.scala:67)
	at org.apache.kyuubi.service.TFrontendService.ExecuteStatement(TFrontendService.scala:252)
	at org.apache.kyuubi.shade.org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1557)
	at org.apache.kyuubi.shade.org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1542)
	at org.apache.kyuubi.shade.org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
	at org.apache.kyuubi.shade.org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
	at org.apache.kyuubi.service.authentication.TSetIpAddressProcessor.process(TSetIpAddressProcessor.scala:36)
	at org.apache.kyuubi.shade.org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1[149](https://github.com/apache/kyuubi/actions/runs/6649714451/job/18068699087?pr=5501#step:8:150))
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:750)
Caused by: java.util.concurrent.ExecutionException: java.util.concurrent.CompletionException: java.util.concurrent.CompletionException: org.apache.flink.runtime.checkpoint.CheckpointException: Checkpoint triggering task Source: tbl_a[6] -> Sink: tbl_b[7] (1/1) of job 4dece26857fab91d63fad1abd8c6bdd0 is not being executed at the moment. Aborting checkpoint. Failure reason: Not all required tasks are currently running.
	at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357)
	at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1928)
	at org.apache.flink.table.gateway.service.operation.OperationExecutor.lambda$callStopJobOperation$11(OperationExecutor.java:617)
	... 22 more
Caused by: java.util.concurrent.CompletionException: java.util.concurrent.CompletionException: org.apache.flink.runtime.checkpoint.CheckpointException: Checkpoint triggering task Source: tbl_a[6] -> Sink: tbl_b[7] (1/1) of job 4dece26857fab91d63fad1abd8c6bdd0 is not being executed at the moment. Aborting checkpoint. Failure reason: Not all required tasks are currently running.
	at java.util.concurrent.CompletableFuture.encodeRelay(CompletableFuture.java:326)
	at java.util.concurrent.CompletableFuture.completeRelay(CompletableFuture.java:338)
	at java.util.concurrent.CompletableFuture.uniRelay(CompletableFuture.java:925)
	at java.util.concurrent.CompletableFuture$UniRelay.tryFire(CompletableFuture.java:913)
	at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488)
	at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990)
	at org.apache.flink.runtime.rpc.akka.AkkaInvocationHandler.lambda$invokeRpc$1(AkkaInvocationHandler.java:260)
	at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:774)
	at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:750)
	at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488)
	at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990)
	at org.apache.flink.util.concurrent.FutureUtils.doForward(FutureUtils.java:1298)
	at org.apache.flink.runtime.concurrent.akka.ClassLoadingUtils.lambda$null$1(ClassLoadingUtils.java:93)
	at org.apache.flink.runtime.concurrent.akka.ClassLoadingUtils.runWithContextClassLoader(ClassLoadingUtils.java:68)
	at org.apache.flink.runtime.concurrent.akka.ClassLoadingUtils.lambda$guardCompletionWithContextClassLoader$2(ClassLoadingUtils.java:92)
	at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:774)
	at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:750)
	at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488)
	at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990)
	at org.apache.flink.runtime.concurrent.akka.AkkaFutureUtils$1.onComplete(AkkaFutureUtils.java:45)
	at akka.dispatch.OnComplete.internal(Future.scala:299)
	at akka.dispatch.OnComplete.internal(Future.scala:297)
	at akka.dispatch.japi$CallbackBridge.apply(Future.scala:224)
	at akka.dispatch.japi$CallbackBridge.apply(Future.scala:221)
  at org.apache.kyuubi.operation.AbstractOperation.run(AbstractOperation.scala:171)
  ...
  Cause: java.lang.RuntimeException: org.apache.flink.util.SerializedThrowable:java.util.concurrent.CompletionException: org.apache.flink.runtime.checkpoint.CheckpointException: Checkpoint triggering task Source: tbl_a[6] -> Sink: tbl_b[7] (1/1) of job 4dece26857fab91d63fad1abd8c6bdd0 is not being executed at the moment. Aborting checkpoint. Failure reason: Not all required tasks are currently running.
  at java.util.concurrent.CompletableFuture.encodeRelay(CompletableFuture.java:326)
  at java.util.concurrent.CompletableFuture.completeRelay(CompletableFuture.java:338)
  at java.util.concurrent.CompletableFuture.uniRelay(CompletableFuture.java:925)
  at java.util.concurrent.CompletableFuture$UniRelay.tryFire(CompletableFuture.java:913)
  at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488)
  at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990)
  at org.apache.flink.runtime.rpc.akka.AkkaInvocationHandler.lambda$invokeRpc$1(AkkaInvocationHandler.java:260)
  at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:774)
  at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:750)
  at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488)
  ...
  Cause: java.lang.RuntimeException: org.apache.flink.util.SerializedThrowable:org.apache.flink.runtime.checkpoint.CheckpointException: Checkpoint triggering task Source: tbl_a[6] -> Sink: tbl_b[7] (1/1) of job 4dece26857fab91d63fad1abd8c6bdd0 is not being executed at the moment. Aborting checkpoint. Failure reason: Not all required tasks are currently running.
  at org.apache.flink.runtime.checkpoint.DefaultCheckpointPlanCalculator.checkTasksStarted(DefaultCheckpointPlanCalculator.java:143)
  at org.apache.flink.runtime.checkpoint.DefaultCheckpointPlanCalculator.lambda$calculateCheckpointPlan$1(DefaultCheckpointPlanCalculator.java:105)
  at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:[160](https://github.com/apache/kyuubi/actions/runs/6649714451/job/18068699087?pr=5501#step:8:161)4)
  at org.apache.flink.runtime.rpc.akka.AkkaRpcActor.lambda$handleRunAsync$4(AkkaRpcActor.java:453)
  at org.apache.flink.runtime.concurrent.akka.ClassLoadingUtils.runWithContextClassLoader(ClassLoadingUtils.java:68)
  at org.apache.flink.runtime.rpc.akka.AkkaRpcActor.handleRunAsync(AkkaRpcActor.java:453)
  at org.apache.flink.runtime.rpc.akka.AkkaRpcActor.handleRpcMessage(AkkaRpcActor.java:218)
  at org.apache.flink.runtime.rpc.akka.FencedAkkaRpcActor.handleRpcMessage(FencedAkkaRpcActor.java:84)
  at org.apache.flink.runtime.rpc.akka.AkkaRpcActor.handleMessage(AkkaRpcActor.java:[168](https://github.com/apache/kyuubi/actions/runs/6649714451/job/18068699087?pr=5501#step:8:169))
  at akka.japi.pf.UnitCaseStatement.apply(CaseStatements.scala:24)
  ...
```
#### 2. what make the test case failed?
If we want know the reason about the exception, we need to understand the process of flink executing stop job, the process line like this code space show(it's source is our bad test case, we can use this test case to solve similar problems)
```
1. sql
   1.1 create table tbl_a (a int) with ('connector' = 'datagen','rows-per-second'='10')
   1.2 create table tbl_b (a int) with ('connector' = 'blackhole')
   1.3 insert into tbl_b select * from tbl_a
2. start job: it will get 2 tasks abount source sink
3. show job: we can get job info
4. stop job(the main error):
   4.1 stop job need checkpoint
   4.2 start checkpoint, it need all task state is running
   4.3 checkpoint can not get all task state is running, then throw the exception
```
Actually, in a normal process, it should not throw the exception, if this happens to your job, please check your kyuubi conf `kyuubi.session.engine.flink.max.rows`, it's default value is 1000000. But in the test case, we only the the conf's value is 10.
It's the reason to make the error, this conf makes when we execute a stream query, it will cancel the when the limit is reached. Because flink's datagen is a streamconnector, so we can imagine, when we execute those sql, because our conf, it will make the sink task be canceled because the query reached 10. So when we execute stop job, flink checkpoint cannot get the tasks about this job is all in running state, then flink throw this exception.
#### 3. how can we solve this problem?
When your job makes the same exception, please make sure your kyuubi conf `kyuubi.session.engine.flink.max.rows`'s value can it meet your streaming query needs? Then changes the conf's value.

close #5531

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5549 from davidyuan1223/fix_flink_test_bug.

Closes #5531

ce7fd7961 [david yuan] Update externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
dc3a4b9ba [davidyuan] fix flink on yarn test bug
86a647ad9 [davidyuan] fix flink on yarn test bug
cbd4c0c3d [davidyuan] fix flink on yarn test bug
8b51840bc [davidyuan] add common method to get session level config
bcb0cf372 [davidyuan] Merge remote-tracking branch 'origin/master'
72e7aea3c [david yuan] Merge branch 'apache:master' into master
57ec746e9 [david yuan] Merge pull request #13 from davidyuan1223/fix
56b91a321 [yuanfuyuan] fix_4186
c8eb9a2c7 [david yuan] Merge branch 'apache:master' into master
2beccb6ca [david yuan] Merge branch 'apache:master' into master
0925a4b6f [david yuan] Merge pull request #12 from davidyuan1223/revert-11-fix_4186
40e80d9a8 [david yuan] Revert "fix_4186"
c83836b43 [david yuan] Merge pull request #11 from davidyuan1223/fix_4186
360d183b0 [david yuan] Merge branch 'master' into fix_4186
b61604442 [yuanfuyuan] fix_4186
e244029b8 [david yuan] Merge branch 'apache:master' into master
bfa6cbf97 [davidyuan1223] Merge branch 'apache:master' into master
16237c2a9 [davidyuan1223] Merge branch 'apache:master' into master
c48ad38c7 [yuanfuyuan] remove the used blank lines
55a0a43c5 [xiaoyuandajian] Merge pull request #10 from xiaoyuandajian/fix-#4057
cb1193576 [yuan] Merge remote-tracking branch 'origin/fix-#4057' into fix-#4057
86e4e1ce0 [yuan] fix-#4057 info: modify the shellcheck errors file in ./bin 1. "$@" is a array, we want use string to compare. so update "$@" => "$*" 2. `tty` mean execute the command, we can use $(tty) replace it 3. param $# is a number, compare number should use -gt/-lt,not >/< 4. not sure the /bin/kyuubi line 63 'exit -1' need modify? so the directory bin only have a shellcheck note in /bin/kyuubi
dd39efdeb [袁福元] fix-#4057 info: 1. "$@" is a array, we want use string to compare. so update "$@" => "$*" 2. `tty` mean execute the command, we can use $(tty) replace it 3. param $# is a number, compare number should use -gt/-lt,not >/<

Lead-authored-by: davidyuan <yuanfuyuan@mafengwo.com>
Co-authored-by: david yuan <51512358+davidyuan1223@users.noreply.github.com>
Co-authored-by: yuanfuyuan <1406957364@qq.com>
Co-authored-by: yuan <yuanfuyuan@mafengwo.com>
Co-authored-by: davidyuan1223 <51512358+davidyuan1223@users.noreply.github.com>
Co-authored-by: xiaoyuandajian <51512358+xiaoyuandajian@users.noreply.github.com>
Co-authored-by: 袁福元 <yuanfuyuan@mafengwo.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/engine/flink/operation/FlinkOperationSuite.scala   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
index 8e7c35a95..9469cf286 100644
--- a/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
+++ b/externals/kyuubi-flink-sql-engine/src/test/scala/org/apache/kyuubi/engine/flink/operation/FlinkOperationSuite.scala
@@ -637,7 +637,9 @@ abstract class FlinkOperationSuite extends HiveJDBCTestHelper with WithFlinkTest
 
   test("execute statement - show/stop jobs") {
     if (FLINK_RUNTIME_VERSION >= "1.17") {
-      withSessionConf()(Map(ENGINE_FLINK_MAX_ROWS.key -> "10"))(Map.empty) {
+      // use a bigger value to ensure all tasks of the streaming query run until
+      // we explicitly stop the job.
+      withSessionConf()(Map(ENGINE_FLINK_MAX_ROWS.key -> "10000"))(Map.empty) {
         withMultipleConnectionJdbcStatement()({ statement =>
           statement.executeQuery(
             "create table tbl_a (a int) with (" +

From c290f20dea54a04dd36fc7f1359965686e65dc77 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Mon, 30 Oct 2023 16:35:27 +0800
Subject: [PATCH 749/760] [KYUUBI #5555][AUTHZ] Extractor common authorization
 rule class

### _Why are the changes needed?_
To close #5555
Extractor common authorization rule class

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5559 from AngersZhuuuu/KYUUBI-5555.

Closes #5555

85d0fa9fe [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
623b3514e [Angerszhuuuu] [KYUUBI #5555][AUTHZ] Extractor common authorization rule class

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../authz/ranger/RuleAuthorization.scala      | 39 +-----------
 .../spark/authz/rule/Authorization.scala      | 61 +++++++++++++++++++
 .../ranger/RangerSparkExtensionSuite.scala    |  2 +-
 3 files changed, 65 insertions(+), 37 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
index 43574d0ad..afb4f7c54 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleAuthorization.scala
@@ -22,30 +22,15 @@ import scala.collection.mutable.ArrayBuffer
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
-import org.apache.spark.sql.catalyst.rules.Rule
-import org.apache.spark.sql.catalyst.trees.TreeNodeTag
 
 import org.apache.kyuubi.plugin.spark.authz._
 import org.apache.kyuubi.plugin.spark.authz.ObjectType._
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization._
 import org.apache.kyuubi.plugin.spark.authz.ranger.SparkRangerAdminPlugin._
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
+import org.apache.kyuubi.plugin.spark.authz.rule.Authorization
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 
-class RuleAuthorization(spark: SparkSession) extends Rule[LogicalPlan] {
-  override def apply(plan: LogicalPlan): LogicalPlan = {
-    plan match {
-      case plan if isAuthChecked(plan) => plan // do nothing if checked privileges already.
-      case p => checkPrivileges(spark, p)
-    }
-  }
-}
-
-object RuleAuthorization {
-
-  val KYUUBI_AUTHZ_TAG = TreeNodeTag[Unit]("__KYUUBI_AUTHZ_TAG")
-
-  private def checkPrivileges(spark: SparkSession, plan: LogicalPlan): LogicalPlan = {
+class RuleAuthorization(spark: SparkSession) extends Authorization(spark) {
+  override def checkPrivileges(spark: SparkSession, plan: LogicalPlan): Unit = {
     val auditHandler = new SparkRangerAuditHandler
     val ugi = getAuthzUgi(spark.sparkContext)
     val (inputs, outputs, opType) = PrivilegesBuilder.build(plan, spark)
@@ -95,23 +80,5 @@ object RuleAuthorization {
         verify(Seq(req), auditHandler)
       }
     }
-    markAuthChecked(plan)
-  }
-
-  private def markAuthChecked(plan: LogicalPlan): LogicalPlan = {
-    plan match {
-      case _: PermanentViewMarker =>
-        plan.transformUp { case p =>
-          p.setTagValue(KYUUBI_AUTHZ_TAG, ())
-          p
-        }
-      case _ =>
-        plan.setTagValue(KYUUBI_AUTHZ_TAG, ())
-    }
-    plan
-  }
-
-  private def isAuthChecked(plan: LogicalPlan): Boolean = {
-    plan.find(_.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty).nonEmpty
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala
new file mode 100644
index 000000000..db50873b3
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.plugin.spark.authz.rule
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.catalyst.trees.TreeNodeTag
+
+import org.apache.kyuubi.plugin.spark.authz.rule.Authorization._
+import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
+
+abstract class Authorization(spark: SparkSession) extends Rule[LogicalPlan] {
+  override def apply(plan: LogicalPlan): LogicalPlan = {
+    plan match {
+      case plan if isAuthChecked(plan) => plan // do nothing if checked privileges already.
+      case p =>
+        checkPrivileges(spark, p)
+        markAuthChecked(p)
+    }
+  }
+
+  def checkPrivileges(spark: SparkSession, plan: LogicalPlan): Unit
+}
+
+object Authorization {
+
+  val KYUUBI_AUTHZ_TAG = TreeNodeTag[Unit]("__KYUUBI_AUTHZ_TAG")
+
+  protected def markAuthChecked(plan: LogicalPlan): LogicalPlan = {
+    plan match {
+      case _: PermanentViewMarker =>
+        plan.transformUp { case p =>
+          p.setTagValue(KYUUBI_AUTHZ_TAG, ())
+          p
+        }
+      case _ =>
+        plan.setTagValue(KYUUBI_AUTHZ_TAG, ())
+    }
+    plan
+  }
+
+  protected def isAuthChecked(plan: LogicalPlan): Boolean = {
+    plan.find(_.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty).nonEmpty
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 8923819c3..672d7208f 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -33,7 +33,7 @@ import org.scalatest.funsuite.AnyFunSuite
 import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessionProvider}
 import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
 import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
+import org.apache.kyuubi.plugin.spark.authz.rule.Authorization.KYUUBI_AUTHZ_TAG
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.util.AssertionUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._

From e707bbccc5b411f0c23e76bfa4a1618fdfd886f7 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Mon, 30 Oct 2023 16:37:16 +0800
Subject: [PATCH 750/760] [KYUUBI #5557][AUTHZ] Refactor code about handle
 PermanentViewMarker

### _Why are the changes needed?_
To close #5557
Refactor code about handle PermanentViewMarker

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5558 from AngersZhuuuu/KYUUBI-5557.

Closes #5557

ff55e50e8 [Angerszhuuuu] [KYUUBI #5557][AUTHZ] Refactor code about handle PermanentViewMarker

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../plugin/spark/authz/PrivilegesBuilder.scala | 18 +++++++-----------
 .../permanentview/PermanentViewMarker.scala    |  2 +-
 .../RuleApplyPermanentViewMarker.scala         |  7 ++-----
 3 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 73b80fc3b..07ed71011 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -63,19 +63,15 @@ object PrivilegesBuilder {
       conditionList: Seq[NamedExpression] = Nil,
       spark: SparkSession): Unit = {
 
-    def getOutputColumnNames(plan: LogicalPlan): Seq[String] = {
-      plan match {
-        case pvm: PermanentViewMarker
-            if pvm.isSubqueryExpressionPlaceHolder || pvm.output.isEmpty =>
-          pvm.visitColNames
-        case _ =>
-          plan.output.map(_.name)
-      }
-    }
-
     def mergeProjection(table: Table, plan: LogicalPlan): Unit = {
       if (projectionList.isEmpty) {
-        privilegeObjects += PrivilegeObject(table, getOutputColumnNames(plan))
+        plan match {
+          case pvm: PermanentViewMarker
+              if pvm.isSubqueryExpressionPlaceHolder || pvm.output.isEmpty =>
+            privilegeObjects += PrivilegeObject(table, pvm.outputColNames)
+          case _ =>
+            privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+        }
       } else {
         val cols = (projectionList ++ conditionList).flatMap(collectLeaves)
           .filter(plan.outputSet.contains).map(_.name).distinct
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
index d58f8ac29..18b58e4d8 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/PermanentViewMarker.scala
@@ -26,7 +26,7 @@ import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
 case class PermanentViewMarker(
     child: LogicalPlan,
     catalogTable: CatalogTable,
-    visitColNames: Seq[String],
+    outputColNames: Seq[String],
     isSubqueryExpressionPlaceHolder: Boolean = false) extends UnaryNode
   with WithInternalChild {
 
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
index 09d31f43f..1a0024abb 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
@@ -36,7 +36,7 @@ class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
     plan mapChildren {
       case p: PermanentViewMarker => p
       case permanentView: View if hasResolvedPermanentView(permanentView) =>
-        val resolvedSubquery = permanentView.transformAllExpressions {
+        val resolved = permanentView.transformAllExpressions {
           case subquery: SubqueryExpression =>
             subquery.withNewPlan(plan =
               PermanentViewMarker(
@@ -45,10 +45,7 @@ class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
                 permanentView.output.map(_.name),
                 true))
         }
-        PermanentViewMarker(
-          resolvedSubquery,
-          resolvedSubquery.desc,
-          resolvedSubquery.output.map(_.name))
+        PermanentViewMarker(resolved, resolved.desc, resolved.output.map(_.name))
       case other => apply(other)
     }
   }

From f654e6bad9bf1973d3d22d12f322267ff03dba08 Mon Sep 17 00:00:00 2001
From: zml1206 <zhuml1206@gmail.com>
Date: Mon, 30 Oct 2023 20:32:07 +0800
Subject: [PATCH 751/760] [KYUUBI #5556][AUTHZ] Support Alter table commands of
 set table properties

### _Why are the changes needed?_
To close #5556.
Support Alter table commands of set table properties for Delta Lake in Authz.
https://docs.delta.io/latest/delta-batch.html#table-properties

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5560 from zml1206/KYUUBI-5556.

Closes #5556

3d1f476c7 [zml1206] Support Alter table commands of set table properties for Delta Lake

Authored-by: zml1206 <zhuml1206@gmail.com>
Signed-off-by: Kent Yao <yao@apache.org>
---
 .../src/main/resources/table_command_spec.json    | 15 +++++++++++++++
 .../plugin/spark/authz/gen/TableCommands.scala    |  7 +++++++
 .../DeltaCatalogRangerSparkExtensionSuite.scala   |  8 ++++++++
 3 files changed, 30 insertions(+)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 6782fccb5..67e027c6e 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -532,6 +532,21 @@
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ],
   "uriDescs" : [ ]
+}, {
+  "classname" : "org.apache.spark.sql.catalyst.plans.logical.SetTableProperties",
+  "tableDescs" : [ {
+    "fieldName" : "table",
+    "fieldExtractor" : "ResolvedTableTableExtractor",
+    "columnDesc" : null,
+    "actionTypeDesc" : null,
+    "tableTypeDesc" : null,
+    "catalogDesc" : null,
+    "isInput" : false,
+    "setCurrentDatabaseIfMissing" : false
+  } ],
+  "opType" : "ALTERTABLE_PROPERTIES",
+  "queryDescs" : [ ],
+  "uriDescs" : [ ]
 }, {
   "classname" : "org.apache.spark.sql.catalyst.plans.logical.ShowCreateTable",
   "tableDescs" : [ {
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index 3abf336cd..e397ba487 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -594,6 +594,12 @@ object TableCommands extends CommandSpecs[TableCommandSpec] {
     TableCommandSpec(cmd, Seq(tableIdentDesc.copy(isInput = true)))
   }
 
+  val SetTableProperties = {
+    val cmd = "org.apache.spark.sql.catalyst.plans.logical.SetTableProperties"
+    val tableDesc = TableDesc("table", classOf[ResolvedTableTableExtractor])
+    TableCommandSpec(cmd, Seq(tableDesc), ALTERTABLE_PROPERTIES)
+  }
+
   override def specs: Seq[TableCommandSpec] = Seq(
     AddPartitions,
     DropPartitions,
@@ -668,6 +674,7 @@ object TableCommands extends CommandSpecs[TableCommandSpec] {
     RefreshTableV2,
     RefreshTable3d0,
     ReplaceData,
+    SetTableProperties,
     ShowColumns,
     ShowCreateTable,
     ShowCreateTable.copy(classname =
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
index 59ced3eb1..e833f03cd 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala
@@ -178,6 +178,14 @@ class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
       interceptContains[AccessControlException](
         doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 DROP COLUMN birthDate")))(
         s"does not have [alter] privilege on [$namespace1/$table1]")
+
+      // set properties
+      interceptContains[AccessControlException](
+        doAs(
+          someone,
+          sql(s"ALTER TABLE $namespace1.$table1" +
+            s" SET TBLPROPERTIES ('delta.appendOnly' = 'true')")))(
+        s"does not have [alter] privilege on [$namespace1/$table1]")
     }
   }
 }

From d9a26c3b09e7f3cd1394a222928d9c3b07ac6dff Mon Sep 17 00:00:00 2001
From: zhouyifan279 <zhouyifan279@gmail.com>
Date: Mon, 30 Oct 2023 23:51:54 +0800
Subject: [PATCH 752/760] [KYUUBI #5480] Support setting kyuubi hive jdbc
 client protocol version

### _Why are the changes needed?_
When using Kyuubi Hive JDBC to Hive Server2, TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 is used and can not be changed.

When we connected to Hive Server2 with version lower than 2.2.0, we got the following error:
```
org.apache.kyuubi.shade.org.apache.thrift.TApplicationException:
Required field 'client_protocol' is unset!
Struct:TOpenSessionReq(client_protocol:null, configuration:{kyuubi.client.version=1.7.3, set:hiveconf:hive.server2.thrift.resultset.default.fetch.size=1000, kyuubi.client.ipAddress=172.16.19.113, use:database=default})
```

In this PR, we introduced a session conf `clientProtocolVersion`.
By adding `clientProtocolVersion=8` to jdbc url, the error got fixed.

Changes of `kyuubi_jdbc.rst`

<img width="867" alt="image" src="https://github.com/apache/kyuubi/assets/88070094/8f98edf9-15c4-4d1b-9299-83b24136352b">

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Manual tests against Hive Server2 version 2.1.1-cdh6.3.0

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No.

Closes #5480 from zhouyifan279/protocol-version.

Closes #5480

0ee7b1f68 [zhouyifan279] Support setting kyuubi hive jdbc client protocol version
61b8038d3 [zhouyifan279] Support setting kyuubi hive jdbc client protocol version
ed4c29f2b [Cheng Pan] Update docs/deployment/migration-guide.md
dc16a05fc [zhouyifan279] Support setting kyuubi hive jdbc client protocol version
1a6bfd88c [zhouyifan279] Support setting kyuubi hive jdbc client protocol version
cb00edc37 [zhouyifan279] Support setting kyuubi hive jdbc client protocol version
c99fc4802 [zhouyifan279] Support setting kyuubi hive jdbc client protocol version

Lead-authored-by: zhouyifan279 <zhouyifan279@gmail.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 docs/client/jdbc/kyuubi_jdbc.rst              | 25 ++++++++++++++++++-
 .../jdbc/hive/JdbcConnectionParams.java       |  1 +
 .../kyuubi/jdbc/hive/KyuubiConnection.java    | 12 +++++++++
 .../org/apache/kyuubi/jdbc/hive/Utils.java    |  7 ++++++
 4 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/docs/client/jdbc/kyuubi_jdbc.rst b/docs/client/jdbc/kyuubi_jdbc.rst
index d4270ea8a..7a63dbd98 100644
--- a/docs/client/jdbc/kyuubi_jdbc.rst
+++ b/docs/client/jdbc/kyuubi_jdbc.rst
@@ -147,6 +147,28 @@ Connection URL over Service Discovery
 - zookeeper quorum is the corresponding zookeeper cluster configured by `kyuubi.ha.addresses` at the server side.
 - zooKeeperNamespace is  the corresponding namespace configured by `kyuubi.ha.namespace` at the server side.
 
+HiveServer2 Compatibility
+*************************
+
+.. versionadded:: 1.8.0
+
+JDBC Drivers need to negotiate a protocol version with Kyuubi Server/HiveServer2 when connecting.
+
+Kyuubi Hive JDBC Driver offers protocol version v10 (`clientProtocolVersion=9`, supported since Hive 2.3.0)
+to server by default.
+
+If you need to connect to HiveServer2 before 2.3.0,
+please set client property `clientProtocolVersion` to a lower number.
+
+.. code-block:: jdbc
+
+   jdbc:subprotocol://host:port[/catalog]/[schema];clientProtocolVersion=9;
+
+
+.. tip::
+    All supported protocol versions and corresponding Hive versions can be found in `TProtocolVersion.java`_
+    and its git commits.
+
 Kerberos Authentication
 -----------------------
 Since 1.6.0, Kyuubi JDBC driver implements the Kerberos authentication based on JAAS framework instead of `Hadoop UserGroupInformation`_,
@@ -218,4 +240,5 @@ Authentication by Subject (programing only)
 .. _JDBC Applications: ../bi_tools/index.html
 .. _java.sql.DriverManager: https://docs.oracle.com/javase/8/docs/api/java/sql/DriverManager.html
 .. _Hadoop UserGroupInformation: https://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/UserGroupInformation.html
-.. _krb5.conf instruction: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html
\ No newline at end of file
+.. _krb5.conf instruction: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html
+.. _TProtocolVersion.java: https://github.com/apache/hive/blob/master/service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TProtocolVersion.java
\ No newline at end of file
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
index 71949b9df..bcc94e083 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
@@ -33,6 +33,7 @@ public class JdbcConnectionParams {
 
   // Client param names:
 
+  static final String CLIENT_PROTOCOL_VERSION = "clientProtocolVersion";
   // Retry setting
   static final String RETRIES = "retries";
 
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index c23985328..d3fbbeb6d 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -733,6 +733,18 @@ private void openSession() throws SQLException {
     if (sessVars.containsKey(HS2_PROXY_USER)) {
       openConf.put(HS2_PROXY_USER, sessVars.get(HS2_PROXY_USER));
     }
+    String clientProtocolStr =
+        sessVars.getOrDefault(
+            CLIENT_PROTOCOL_VERSION, openReq.getClient_protocol().getValue() + "");
+    TProtocolVersion clientProtocol =
+        TProtocolVersion.findByValue(Integer.parseInt(clientProtocolStr));
+    if (clientProtocol == null) {
+      throw new IllegalArgumentException(
+          String.format(
+              "Unsupported Hive2 protocol version %s specified by session conf key %s",
+              clientProtocolStr, CLIENT_PROTOCOL_VERSION));
+    }
+    openReq.setClient_protocol(clientProtocol);
     try {
       openConf.put("kyuubi.client.ipAddress", InetAddress.getLocalHost().getHostAddress());
     } catch (UnknownHostException e) {
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
index d0167e3e4..135c38d8e 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/Utils.java
@@ -292,6 +292,13 @@ public static JdbcConnectionParams extractURLComponents(String uri, Properties i
         }
       }
     }
+    if (!connParams.getSessionVars().containsKey(CLIENT_PROTOCOL_VERSION)) {
+      if (info.containsKey(CLIENT_PROTOCOL_VERSION)) {
+        connParams
+            .getSessionVars()
+            .put(CLIENT_PROTOCOL_VERSION, info.getProperty(CLIENT_PROTOCOL_VERSION));
+      }
+    }
     // Extract user/password from JDBC connection properties if its not supplied
     // in the connection URL
     if (!connParams.getSessionVars().containsKey(AUTH_USER)) {

From 543bdd3eaf99f80d3601adf6117424e9543c71d5 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 31 Oct 2023 12:09:39 +0800
Subject: [PATCH 753/760] [KYUUBI #5569] Fix pnpm-lock file version

### _Why are the changes needed?_

After performing binary distribution artifacts packaging during 1.8.0-rc0

```patch
diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index 83754291b..f25c02de7 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
 -1,4 +1,4
-lockfileVersion: '6.0'
+lockfileVersion: '6.1'

 settings:
   autoInstallPeers: true
```

The inconsistency may be caused by different version install in the local environment and defined in `pom.xml`, I'm not sure if there is a version management system for pnpm

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5569 from pan3793/pnpm-lock.

Closes #5569

8a09870fd [Cheng Pan] Fix pnpm-lock file version

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 kyuubi-server/web-ui/pnpm-lock.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/web-ui/pnpm-lock.yaml b/kyuubi-server/web-ui/pnpm-lock.yaml
index a83d162ab..632c1a179 100644
--- a/kyuubi-server/web-ui/pnpm-lock.yaml
+++ b/kyuubi-server/web-ui/pnpm-lock.yaml
@@ -1,4 +1,4 @@
-lockfileVersion: '6.0'
+lockfileVersion: '6.1'
 
 dependencies:
   '@element-plus/icons-vue':

From 5f530735a024ee45ccf32e1551c2c855a07b4898 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@apache.org>
Date: Tue, 31 Oct 2023 12:10:44 +0800
Subject: [PATCH 754/760] [KYUUBI #5566] InternalRestClient respects
 `kyuubi.engine.security.enabled` to add HTTP auth header

### _Why are the changes needed?_

`kyuubi.engine.security.enabled` aims to control whether enabled security mechanism internal communication, but the current implementation is not symmetrical, the auth generator ignores the conf and always produces the auth header, but the auth header handler is only activated when conf is enabled, that causes authentication failure when `kyuubi.engine.security.enabled=false`(default value)

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No.

Closes #5566 from pan3793/none-auth.

Closes #5566

d42a4c3f4 [Cheng Pan] Revert "Extract AnonymousAuthenticationHandler from BasicAuthenticationHandler"
b544343bc [Cheng Pan] Extract AnonymousAuthenticationHandler from BasicAuthenticationHandler
75c4b7dc3 [Cheng Pan] InternalRestClient respects `kyuubi.engine.security.enabled` to add HTTP auth header

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/server/api/v1/BatchesResource.scala   |  9 ++++++++-
 .../server/api/v1/InternalRestClient.scala       | 16 +++++++++++-----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
index c0a3b0ed9..bc6a177e4 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/BatchesResource.scala
@@ -58,6 +58,8 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
     fe.getConf.get(BATCH_INTERNAL_REST_CLIENT_SOCKET_TIMEOUT).toInt
   private lazy val internalConnectTimeout =
     fe.getConf.get(BATCH_INTERNAL_REST_CLIENT_CONNECT_TIMEOUT).toInt
+  private lazy val internalSecurityEnabled =
+    fe.getConf.get(ENGINE_SECURITY_ENABLED)
 
   private def batchV2Enabled(reqConf: Map[String, String]): Boolean = {
     KyuubiServer.kyuubiServer.getConf.get(BATCH_SUBMITTER_ENABLED) &&
@@ -67,7 +69,12 @@ private[v1] class BatchesResource extends ApiRequestContext with Logging {
   private def getInternalRestClient(kyuubiInstance: String): InternalRestClient = {
     internalRestClients.computeIfAbsent(
       kyuubiInstance,
-      k => new InternalRestClient(k, internalSocketTimeout, internalConnectTimeout))
+      kyuubiInstance =>
+        new InternalRestClient(
+          kyuubiInstance,
+          internalSocketTimeout,
+          internalConnectTimeout,
+          internalSecurityEnabled))
   }
 
   private def sessionManager = fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
index 8b8a61513..a0a4bb21e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
@@ -33,7 +33,11 @@ import org.apache.kyuubi.service.authentication.InternalSecurityAccessor
  * @param socketTimeout the socket timeout for http client.
  * @param connectTimeout the connect timeout for http client.
  */
-class InternalRestClient(kyuubiInstance: String, socketTimeout: Int, connectTimeout: Int) {
+class InternalRestClient(
+    kyuubiInstance: String,
+    socketTimeout: Int,
+    connectTimeout: Int,
+    securityEnabled: Boolean) {
   require(
     InternalSecurityAccessor.get() != null,
     "Internal secure access across Kyuubi instances is not enabled")
@@ -59,12 +63,14 @@ class InternalRestClient(kyuubiInstance: String, socketTimeout: Int, connectTime
   }
 
   private def initKyuubiRestClient(): KyuubiRestClient = {
-    KyuubiRestClient.builder(s"http://$kyuubiInstance")
+    val builder = KyuubiRestClient.builder(s"http://$kyuubiInstance")
       .apiVersion(KyuubiRestClient.ApiVersion.V1)
       .socketTimeout(socketTimeout)
       .connectionTimeout(connectTimeout)
-      .authHeaderGenerator(InternalRestClient.internalAuthHeaderGenerator)
-      .build()
+    if (securityEnabled) {
+      builder.authHeaderGenerator(InternalRestClient.internalAuthHeaderGenerator)
+    }
+    builder.build()
   }
 
   private def withAuthUser[T](user: String)(f: => T): T = {
@@ -82,7 +88,7 @@ object InternalRestClient {
     override def initialValue(): String = null
   }
 
-  final val internalAuthHeaderGenerator = new AuthHeaderGenerator {
+  final lazy val internalAuthHeaderGenerator = new AuthHeaderGenerator {
     override def generateAuthHeader(): String = {
       val authUser = AUTH_USER.get()
       require(authUser != null, "The auth user shall be not null")

From 4c915b7a887f51190d6cd9d1ca65c4f585ea0cad Mon Sep 17 00:00:00 2001
From: Fu Chen <cfmcgrady@gmail.com>
Date: Tue, 31 Oct 2023 13:19:17 +0800
Subject: [PATCH 755/760] [KYUUBI #5550] Optimizing TPC-DS dataset generation
 for 10x speedup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

1. This PR fixes the precision loss issue in `xx_gmt_offset`. Please note that since `xx_gmt_offset` is of integer type, there is no actual loss of precision.

```
trino:tiny> select cc_gmt_offset from call_center ;
 cc_gmt_offset
---------------
         -5.00
         -5.00
```

Before this PR:

```scala
scala> spark.sql("select cc_gmt_offset from tpcds.tiny.call_center").show
+-------------+
|cc_gmt_offset|
+-------------+
|           -5|
|           -5|
+-------------+
```

After this PR:
```scala
scala> spark.sql("select cc_gmt_offset from tpcds.tiny.call_center").show
+-------------+
|cc_gmt_offset|
+-------------+
|        -5.00|
|        -5.00|
+-------------+
```

2. This PR accelerates the generation of the TPC-DS dataset by optimizing the way Rows are generated.

Before this PR, The previous process involved converting **Trino TableRow** into **String Row** and then further into **Spark InternalRow**.

After this PR, we have streamlined the process by directly converting **Trino TableRow** into **Spark InternalRow**, eliminating unnecessary toString operations. This change significantly improves the speed of TPC-DS dataset generation.

```scala
spark.table("tpcds.sf1000.catalog_sales").foreach(r => ())
```

Task Duration before this PR:

![截屏2023-10-30 下午4 04 12](https://github.com/apache/kyuubi/assets/8537877/69bd9938-2886-4044-99b8-79ed20d4791c)

Task Duration after this PR:

![截屏2023-10-30 下午4 02 08](https://github.com/apache/kyuubi/assets/8537877/ddfe01a9-081c-41b5-b82c-a0934dd8686c)

### _How was this patch tested?_

- New UT `tpcds.tiny count and checksum`
- Compare checksum values before and after this PR on the 1TB dataset

| table_name             | count           | checksum                  |
|------------------------|-----------------|---------------------------|
| call_center            | 42              | 95607401475               |
| catalog_page           | 30000           | 64470199469085            |
| catalog_returns        | 143996756       | 309202327050775220        |
| catalog_sales          | 1439980416      | 3092267266923848000       |
| customer               | 12000000        | 25769069905636795         |
| customer_address       | 6000000         | 12889423380880973         |
| customer_demographics  | 1920800         | 4124183189708148          |
| date_dim               | 73049           | 156926081012862           |
| household_demographics | 7200            | 15494873325812            |
| income_band            | 20              | 41180951007               |
| inventory              | 783000000       | 1681487454682584456       |
| item                   | 300000          | 643000708260945           |
| promotion              | 1500            | 3270935493709             |
| reason                 | 65              | 118806664977              |
| ship_mode              | 20              | 52349078860               |
| store                  | 1002            | 2096408105720             |
| store_returns          | 287999764       | 618451374856897114        |
| store_sales            | 2879987999      | 6184670571185100839       |
| time_dim               | 86400           | 186045071019485           |
| warehouse              | 20              | 31374161844               |
| web_page               | 3000            | 6502456139647             |
| web_returns            | 71997522        | 154614570845312413        |
| web_sales              | 720000376       | 1546188452223821591       |
| web_site               | 54              | 107485781738              |

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5562 from cfmcgrady/tpcds-perf.

Closes #5550

a789b9e70 [Fu Chen] maxPartitionBytes=384m
659e20912 [Fu Chen] style
916f6d276 [Fu Chen] unnecessary change
75981af8b [Fu Chen] tpcds perf

Authored-by: Fu Chen <cfmcgrady@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../connector/tpcds/KyuubiTPCDSResults.scala  |  167 ++
 .../connector/tpcds/TPCDSBatchScan.scala      |   40 +-
 .../spark/connector/tpcds/TPCDSConf.scala     |    2 +-
 .../connector/tpcds/row/KyuubiTableRows.scala | 1549 +++++++++++++++++
 .../connector/tpcds/TPCDSCatalogSuite.scala   |  103 +-
 5 files changed, 1790 insertions(+), 71 deletions(-)
 create mode 100644 extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/KyuubiTPCDSResults.scala
 create mode 100644 extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/row/KyuubiTableRows.scala

diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/KyuubiTPCDSResults.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/KyuubiTPCDSResults.scala
new file mode 100644
index 000000000..b11919009
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/KyuubiTPCDSResults.scala
@@ -0,0 +1,167 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.spark.connector.tpcds
+
+import java.lang.{Iterable => JIterable}
+import java.lang.reflect.InvocationTargetException
+import java.util.{Iterator => JIterator}
+
+import com.google.common.collect.AbstractIterator
+import io.trino.tpcds._
+import io.trino.tpcds.`type`.{Decimal => TPCDSDecimal}
+import io.trino.tpcds.row.generator.RowGenerator
+import org.apache.spark.sql.catalyst.InternalRow
+import org.apache.spark.sql.catalyst.expressions.GenericInternalRow
+import org.apache.spark.sql.catalyst.util.{DateTimeUtils, RebaseDateTime}
+import org.apache.spark.sql.types.{CharType, DateType, Decimal, DecimalType, IntegerType, LongType, StringType, StructType, VarcharType}
+import org.apache.spark.unsafe.types.UTF8String
+
+import org.apache.kyuubi.spark.connector.tpcds.KyuubiResultsIterator.{FALSE_STRING, TRUE_STRING}
+import org.apache.kyuubi.spark.connector.tpcds.row.KyuubiTableRows
+
+class KyuubiTPCDSResults(
+    val table: Table,
+    val startingRowNumber: Long,
+    val rowCount: Long,
+    val session: Session,
+    val schema: StructType) extends JIterable[InternalRow] {
+
+  override def iterator: JIterator[InternalRow] =
+    new KyuubiResultsIterator(table, startingRowNumber, rowCount, session, schema)
+}
+
+object KyuubiTPCDSResults {
+  def constructResults(table: Table, session: Session, schema: StructType): KyuubiTPCDSResults = {
+    val chunkBoundaries = io.trino.tpcds.Parallel.splitWork(table, session)
+    new KyuubiTPCDSResults(
+      table,
+      chunkBoundaries.getFirstRow(),
+      chunkBoundaries.getLastRow(),
+      session,
+      schema)
+  }
+}
+
+class KyuubiResultsIterator(
+    val table: Table,
+    val startingRowNumber: Long,
+    val endingRowNumber: Long,
+    val session: Session,
+    val sparkSchema: StructType) extends AbstractIterator[InternalRow] {
+  private var rowNumber: Long = 0L
+  private var rowGenerator: RowGenerator = _
+  private var parentRowGenerator: Option[RowGenerator] = None
+  private var childRowGenerator: Option[RowGenerator] = None
+
+  try {
+    require(table != null, "table is null")
+    require(session != null, "session is null")
+    require(startingRowNumber >= 1, s"starting row number is less than 1: $startingRowNumber")
+    require(
+      endingRowNumber <= session.getScaling.getRowCount(table),
+      s"starting row number is greater than the total rows in $table: $endingRowNumber")
+    rowNumber = startingRowNumber
+    rowGenerator = table.getRowGeneratorClass().getDeclaredConstructor().newInstance()
+    parentRowGenerator = if (table.isChild()) {
+      Some(table.getParent().getRowGeneratorClass().getDeclaredConstructor().newInstance())
+    } else None
+    childRowGenerator = if (table.hasChild()) {
+      Some(table.getChild().getRowGeneratorClass().getDeclaredConstructor().newInstance())
+    } else None
+  } catch {
+    case e @ (_: NoSuchMethodException |
+        _: InstantiationException |
+        _: InvocationTargetException |
+        _: IllegalAccessException) =>
+      throw new TpcdsException(e.toString());
+  }
+  skipRowsUntilStartingRowNumber(startingRowNumber)
+
+  private def skipRowsUntilStartingRowNumber(startingRowNumber: Long): Unit = {
+    rowGenerator.skipRowsUntilStartingRowNumber(startingRowNumber)
+    parentRowGenerator.foreach(_.skipRowsUntilStartingRowNumber(startingRowNumber))
+    childRowGenerator.foreach(_.skipRowsUntilStartingRowNumber(startingRowNumber))
+  }
+
+  override protected def computeNext(): InternalRow = {
+    if (rowNumber > endingRowNumber) {
+      return endOfData
+    }
+    val result = rowGenerator.generateRowAndChildRows(
+      rowNumber,
+      session,
+      parentRowGenerator.orNull,
+      childRowGenerator.orNull)
+    var row: InternalRow = null
+    if (!result.getRowAndChildRows.isEmpty) {
+      row = toInternalRow(KyuubiTableRows.getValues(result.getRowAndChildRows.get(0)))
+    }
+
+    if (result.shouldEndRow) {
+      rowStop()
+      rowNumber += 1
+    }
+    if (result.getRowAndChildRows().isEmpty()) {
+      row = computeNext()
+    }
+    row
+  }
+
+  private def rowStop(): Unit = {
+    rowGenerator.consumeRemainingSeedsForRow()
+    parentRowGenerator.foreach(_.consumeRemainingSeedsForRow())
+    childRowGenerator.foreach(_.consumeRemainingSeedsForRow())
+  }
+
+  private val reusedRow = new Array[Any](sparkSchema.length)
+
+  def toInternalRow(values: Array[Any]): InternalRow = {
+    var i = 0
+    while (i < values.length) {
+      reusedRow(i) = (values(i), sparkSchema(i).dataType) match {
+        case (None | null, _) => null
+        case (Some(Options.DEFAULT_NULL_STRING), _) => null
+        case (Some(v: Boolean), _) => if (v) TRUE_STRING else FALSE_STRING
+        case (Some(v: Int), IntegerType) => v
+        case (Some(v: Long), IntegerType) => v.toInt
+        case (Some(v: Int), LongType) => v.toLong
+        case (Some(v: Long), LongType) => v
+        case (Some(v: Long), DateType) =>
+          RebaseDateTime.rebaseJulianToGregorianDays(v.toInt) - DateTimeUtils.JULIAN_DAY_OF_EPOCH
+        case (Some(v), StringType) => UTF8String.fromString(v.toString)
+        case (Some(v), CharType(_)) => UTF8String.fromString(v.toString)
+        case (Some(v), VarcharType(_)) => UTF8String.fromString(v.toString)
+        case (Some(v: TPCDSDecimal), t: DecimalType) =>
+          Decimal(v.getNumber, t.precision, t.scale)
+        case (Some(v: Int), t: DecimalType) =>
+          val decimal = Decimal(v)
+          decimal.changePrecision(t.precision, t.scale)
+          decimal
+        case (Some(v), dt) => throw new IllegalArgumentException(
+            s"value: $v, value class: ${v.getClass.getName} type: $dt")
+      }
+      i += 1
+    }
+    new GenericInternalRow(reusedRow)
+  }
+}
+
+object KyuubiResultsIterator {
+  private val TRUE_STRING = UTF8String.fromString("Y")
+  private val FALSE_STRING = UTF8String.fromString("N")
+}
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSBatchScan.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSBatchScan.scala
index 291031c53..919e43342 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSBatchScan.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSBatchScan.scala
@@ -17,20 +17,15 @@
 
 package org.apache.kyuubi.spark.connector.tpcds
 
-import java.time.LocalDate
-import java.time.format.DateTimeFormatter
 import java.util.OptionalLong
 
-import scala.collection.JavaConverters._
-
 import io.trino.tpcds._
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.InternalRow
 import org.apache.spark.sql.connector.read._
 import org.apache.spark.sql.types._
-import org.apache.spark.unsafe.types.UTF8String
 
-case class TPCDSTableChuck(table: String, scale: Double, parallelism: Int, index: Int)
+case class TPCDSTableChunk(table: String, scale: Double, parallelism: Int, index: Int)
   extends InputPartition
 
 class TPCDSBatchScan(
@@ -62,10 +57,10 @@ class TPCDSBatchScan(
   override def readSchema: StructType = schema
 
   override def planInputPartitions: Array[InputPartition] =
-    (1 to parallelism).map { i => TPCDSTableChuck(table.getName, scale, parallelism, i) }.toArray
+    (1 to parallelism).map { i => TPCDSTableChunk(table.getName, scale, parallelism, i) }.toArray
 
   def createReaderFactory: PartitionReaderFactory = (partition: InputPartition) => {
-    val chuck = partition.asInstanceOf[TPCDSTableChuck]
+    val chuck = partition.asInstanceOf[TPCDSTableChunk]
     new TPCDSPartitionReader(chuck.table, chuck.scale, chuck.parallelism, chuck.index, schema)
   }
 
@@ -90,32 +85,9 @@ class TPCDSPartitionReader(
     opt.toSession.withChunkNumber(index)
   }
 
-  private lazy val dateFmt: DateTimeFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd")
-
-  private val reusedRow = new Array[Any](schema.length)
-  private val iterator = Results
-    .constructResults(chuckInfo.getOnlyTableToGenerate, chuckInfo)
-    .iterator.asScala
-    .map { _.get(0).asScala } // the 1st row is specific table row
-    .map { stringRow =>
-      var i = 0
-      while (i < stringRow.length) {
-        reusedRow(i) = (stringRow(i), schema(i).dataType) match {
-          case (null, _) => null
-          case (Options.DEFAULT_NULL_STRING, _) => null
-          case (v, IntegerType) => v.toInt
-          case (v, LongType) => v.toLong
-          case (v, DateType) => LocalDate.parse(v, dateFmt).toEpochDay.toInt
-          case (v, StringType) => UTF8String.fromString(v)
-          case (v, CharType(_)) => UTF8String.fromString(v)
-          case (v, VarcharType(_)) => UTF8String.fromString(v)
-          case (v, DecimalType()) => Decimal(v)
-          case (v, dt) => throw new IllegalArgumentException(s"value: $v, type: $dt")
-        }
-        i += 1
-      }
-      InternalRow(reusedRow: _*)
-    }
+  private val iterator = KyuubiTPCDSResults
+    .constructResults(chuckInfo.getOnlyTableToGenerate, chuckInfo, schema)
+    .iterator
 
   private var currentRow: InternalRow = _
 
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSConf.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSConf.scala
index dbd22dc1a..3edbfaebf 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSConf.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSConf.scala
@@ -81,5 +81,5 @@ object TPCDSConf {
 
   val TPCDS_CONNECTOR_READ_CONF_PREFIX = s"$TPCDS_CONNECTOR_CONF_PREFIX.read"
   val MAX_PARTITION_BYTES_CONF = "maxPartitionBytes"
-  val MAX_PARTITION_BYTES_DEFAULT = "128m"
+  val MAX_PARTITION_BYTES_DEFAULT = "384m"
 }
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/row/KyuubiTableRows.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/row/KyuubiTableRows.scala
new file mode 100644
index 000000000..544498d6e
--- /dev/null
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/main/scala/org/apache/kyuubi/spark/connector/tpcds/row/KyuubiTableRows.scala
@@ -0,0 +1,1549 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.spark.connector.tpcds.row
+
+import io.trino.tpcds.`type`.{Address, Decimal => TPCDSDecimal, Pricing}
+import io.trino.tpcds.generator.CallCenterGeneratorColumn._
+import io.trino.tpcds.generator.CatalogPageGeneratorColumn._
+import io.trino.tpcds.generator.CatalogReturnsGeneratorColumn._
+import io.trino.tpcds.generator.CatalogSalesGeneratorColumn._
+import io.trino.tpcds.generator.CustomerAddressGeneratorColumn._
+import io.trino.tpcds.generator.CustomerDemographicsGeneratorColumn._
+import io.trino.tpcds.generator.CustomerGeneratorColumn._
+import io.trino.tpcds.generator.DateDimGeneratorColumn._
+import io.trino.tpcds.generator.DbgenVersionGeneratorColumn._
+import io.trino.tpcds.generator.GeneratorColumn
+import io.trino.tpcds.generator.HouseholdDemographicsGeneratorColumn._
+import io.trino.tpcds.generator.IncomeBandGeneratorColumn._
+import io.trino.tpcds.generator.InventoryGeneratorColumn._
+import io.trino.tpcds.generator.ItemGeneratorColumn._
+import io.trino.tpcds.generator.PromotionGeneratorColumn._
+import io.trino.tpcds.generator.ReasonGeneratorColumn._
+import io.trino.tpcds.generator.ShipModeGeneratorColumn._
+import io.trino.tpcds.generator.StoreGeneratorColumn._
+import io.trino.tpcds.generator.StoreReturnsGeneratorColumn._
+import io.trino.tpcds.generator.StoreSalesGeneratorColumn._
+import io.trino.tpcds.generator.TimeDimGeneratorColumn._
+import io.trino.tpcds.generator.WarehouseGeneratorColumn._
+import io.trino.tpcds.generator.WebPageGeneratorColumn._
+import io.trino.tpcds.generator.WebReturnsGeneratorColumn._
+import io.trino.tpcds.generator.WebSalesGeneratorColumn._
+import io.trino.tpcds.generator.WebSiteGeneratorColumn._
+import io.trino.tpcds.row.{CallCenterRow, CatalogPageRow, CatalogReturnsRow, CatalogSalesRow, CustomerAddressRow, CustomerDemographicsRow, CustomerRow, DateDimRow, DbgenVersionRow, HouseholdDemographicsRow, IncomeBandRow, InventoryRow, ItemRow, PromotionRow, ReasonRow, ShipModeRow, StoreReturnsRow, StoreRow, StoreSalesRow, TableRow, TableRowWithNulls, TimeDimRow, WarehouseRow, WebPageRow, WebReturnsRow, WebSalesRow, WebSiteRow}
+
+import org.apache.kyuubi.spark.connector.tpcds.row.KyuubiTPCDSTableRowWithNullsUtils._
+import org.apache.kyuubi.util.reflect.{DynFields, DynMethods}
+
+object KyuubiTableRows {
+
+  implicit class StoreRowImplicits(storeRow: StoreRow) {
+    def getStoreSk: Long = StoreRowImplicits.storeSk.get(storeRow)
+    def getStoreId: String = StoreRowImplicits.storeId.get(storeRow)
+    def getRecStartDateId: Long = StoreRowImplicits.recStartDateId.get(storeRow)
+    def getRecEndDateId: Long = StoreRowImplicits.recEndDateId.get(storeRow)
+    def getClosedDateId: Long = StoreRowImplicits.closedDateId.get(storeRow)
+    def getStoreName: String = StoreRowImplicits.storeName.get(storeRow)
+    def getEmployees: Int = StoreRowImplicits.employees.get(storeRow)
+    def getFloorSpace: Int = StoreRowImplicits.floorSpace.get(storeRow)
+    def getHours: String = StoreRowImplicits.hours.get(storeRow)
+    def getStoreManager: String = StoreRowImplicits.storeManager.get(storeRow)
+    def getMarketId: Int = StoreRowImplicits.marketId.get(storeRow)
+    def getDTaxPercentage: TPCDSDecimal = StoreRowImplicits.dTaxPercentage.get(storeRow)
+    def getGeographyClass: String = StoreRowImplicits.geographyClass.get(storeRow)
+    def getMarketDesc: String = StoreRowImplicits.marketDesc.get(storeRow)
+    def getMarketManager: String = StoreRowImplicits.marketManager.get(storeRow)
+    def getDivisionId: Long = StoreRowImplicits.divisionId.get(storeRow)
+    def getDivisionName: String = StoreRowImplicits.divisionName.get(storeRow)
+    def getCompanyId: Long = StoreRowImplicits.companyId.get(storeRow)
+    def getCompanyName: String = StoreRowImplicits.companyName.get(storeRow)
+    def getAddress: Address = StoreRowImplicits.address.get(storeRow)
+  }
+  object StoreRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[StoreRow], field)
+        .buildChecked[T]()
+
+    lazy val storeSk = invoke[Long]("storeSk")
+    lazy val storeId = invoke[String]("storeId")
+    lazy val recStartDateId = invoke[Long]("recStartDateId")
+    lazy val recEndDateId = invoke[Long]("recEndDateId")
+    lazy val closedDateId = invoke[Long]("closedDateId")
+    lazy val storeName = invoke[String]("storeName")
+    lazy val employees = invoke[Int]("employees")
+    lazy val floorSpace = invoke[Int]("floorSpace")
+    lazy val hours = invoke[String]("hours")
+    lazy val storeManager = invoke[String]("storeManager")
+    lazy val marketId = invoke[Int]("marketId")
+    lazy val dTaxPercentage = invoke[TPCDSDecimal]("dTaxPercentage")
+    lazy val geographyClass = invoke[String]("geographyClass")
+    lazy val marketDesc = invoke[String]("marketDesc")
+    lazy val marketManager = invoke[String]("marketManager")
+    lazy val divisionId = invoke[Long]("divisionId")
+    lazy val divisionName = invoke[String]("divisionName")
+    lazy val companyId = invoke[Long]("companyId")
+    lazy val companyName = invoke[String]("companyName")
+    lazy val address = invoke[Address]("address")
+
+    def values(row: StoreRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getStoreSk, W_STORE_SK),
+      getOrNull(row, row.getStoreId, W_STORE_ID),
+      getDateOrNullFromJulianDays(row, row.getRecStartDateId, W_STORE_REC_START_DATE_ID),
+      getDateOrNullFromJulianDays(row, row.getRecEndDateId, W_STORE_REC_END_DATE_ID),
+      getOrNullForKey(row, row.getClosedDateId, W_STORE_CLOSED_DATE_ID),
+      getOrNull(row, row.getStoreName, W_STORE_NAME),
+      getOrNull(row, row.getEmployees, W_STORE_EMPLOYEES),
+      getOrNull(row, row.getFloorSpace, W_STORE_FLOOR_SPACE),
+      getOrNull(row, row.getHours, W_STORE_HOURS),
+      getOrNull(row, row.getStoreManager, W_STORE_MANAGER),
+      getOrNull(row, row.getMarketId, W_STORE_MARKET_ID),
+      getOrNull(row, row.getGeographyClass, W_STORE_GEOGRAPHY_CLASS),
+      getOrNull(row, row.getMarketDesc, W_STORE_MARKET_DESC),
+      getOrNull(row, row.getMarketManager, W_STORE_MARKET_MANAGER),
+      getOrNullForKey(row, row.getDivisionId, W_STORE_DIVISION_ID),
+      getOrNull(row, row.getDivisionName, W_STORE_DIVISION_NAME),
+      getOrNullForKey(row, row.getCompanyId, W_STORE_COMPANY_ID),
+      getOrNull(row, row.getCompanyName, W_STORE_COMPANY_NAME),
+      getOrNull(row, row.getAddress.getStreetNumber, W_STORE_ADDRESS_STREET_NUM),
+      getOrNull(row, row.getAddress.getStreetName, W_STORE_ADDRESS_STREET_NAME1),
+      getOrNull(row, row.getAddress.getStreetType, W_STORE_ADDRESS_STREET_TYPE),
+      getOrNull(row, row.getAddress.getSuiteNumber, W_STORE_ADDRESS_SUITE_NUM),
+      getOrNull(row, row.getAddress.getCity, W_STORE_ADDRESS_CITY),
+      getOrNull(row, row.getAddress.getCounty, W_STORE_ADDRESS_COUNTY),
+      getOrNull(row, row.getAddress.getState, W_STORE_ADDRESS_STATE),
+      getOrNull(
+        row,
+        java.lang.String.format("%05d", row.getAddress.getZip.asInstanceOf[Object]),
+        W_STORE_ADDRESS_ZIP),
+      getOrNull(row, row.getAddress.getCountry, W_STORE_ADDRESS_COUNTRY),
+      getOrNull(row, row.getAddress.getGmtOffset, W_STORE_ADDRESS_GMT_OFFSET),
+      getOrNull(row, row.getDTaxPercentage, W_STORE_TAX_PERCENTAGE))
+  }
+
+  implicit class ReasonRowImplicits(reasonRow: ReasonRow) {
+    def getRReasonSk: Long = ReasonRowImplicits.rReasonSk.get(reasonRow)
+    def getRReasonId: String = ReasonRowImplicits.rReasonId.get(reasonRow)
+    def getRReasonDescription: String = ReasonRowImplicits.rReasonDescription.get(reasonRow)
+  }
+
+  object ReasonRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[ReasonRow], field)
+        .buildChecked[T]()
+    lazy val rReasonSk = invoke[Long]("rReasonSk")
+    lazy val rReasonId = invoke[String]("rReasonId")
+    lazy val rReasonDescription = invoke[String]("rReasonDescription")
+
+    def values(row: ReasonRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getRReasonSk, R_REASON_SK),
+      getOrNull(row, row.getRReasonId, R_REASON_ID),
+      getOrNull(row, row.getRReasonDescription, R_REASON_DESCRIPTION))
+  }
+
+  implicit class DbgenVersionRowImplicits(dbgenVersionRow: DbgenVersionRow) {
+    def getDvVersion: String = DbgenVersionRowImplicits.dvVersion.get(dbgenVersionRow)
+    def getDvCreateDate: String = DbgenVersionRowImplicits.dvCreateDate.get(dbgenVersionRow)
+    def getDvCreateTime: String = DbgenVersionRowImplicits.dvCreateTime.get(dbgenVersionRow)
+    def getDvCmdlineArgs: String = DbgenVersionRowImplicits.dvCmdlineArgs.get(dbgenVersionRow)
+  }
+
+  object DbgenVersionRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[DbgenVersionRow], field)
+        .buildChecked[T]()
+
+    lazy val dvVersion = invoke[String]("dvVersion")
+    lazy val dvCreateDate = invoke[String]("dvCreateDate")
+    lazy val dvCreateTime = invoke[String]("dvCreateTime")
+    lazy val dvCmdlineArgs = invoke[String]("dvCmdlineArgs")
+
+    def values(row: DbgenVersionRow): Array[Any] = Array(
+      getOrNull(row, row.getDvVersion, DV_VERSION),
+      getOrNull(row, row.getDvCreateDate, DV_CREATE_DATE),
+      getOrNull(row, row.getDvCreateTime, DV_CREATE_TIME),
+      getOrNull(row, row.getDvCmdlineArgs, DV_CMDLINE_ARGS))
+  }
+
+  implicit class ShipModeRowImplicits(shipModeRow: ShipModeRow) {
+    def getSmShipModeSk: Long = ShipModeRowImplicits.smShipModeSk.get(shipModeRow)
+    def getSmShipModeId: String = ShipModeRowImplicits.smShipModeId.get(shipModeRow)
+    def getSmType: String = ShipModeRowImplicits.smType.get(shipModeRow)
+    def getSmCode: String = ShipModeRowImplicits.smCode.get(shipModeRow)
+    def getSmCarrier: String = ShipModeRowImplicits.smCarrier.get(shipModeRow)
+    def getSmContract: String = ShipModeRowImplicits.smContract.get(shipModeRow)
+  }
+
+  object ShipModeRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[ShipModeRow], field)
+        .buildChecked[T]()
+
+    lazy val smShipModeSk = invoke[Long]("smShipModeSk")
+    lazy val smShipModeId = invoke[String]("smShipModeId")
+    lazy val smType = invoke[String]("smType")
+    lazy val smCode = invoke[String]("smCode")
+    lazy val smCarrier = invoke[String]("smCarrier")
+    lazy val smContract = invoke[String]("smContract")
+
+    def values(row: ShipModeRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getSmShipModeSk, SM_SHIP_MODE_SK),
+      getOrNull(row, row.getSmShipModeId, SM_SHIP_MODE_ID),
+      getOrNull(row, row.getSmType, SM_TYPE),
+      getOrNull(row, row.getSmCode, SM_CODE),
+      getOrNull(row, row.getSmCarrier, SM_CARRIER),
+      getOrNull(row, row.getSmContract, SM_CONTRACT))
+  }
+
+  implicit class IncomeBandRowImplicits(incomeBandRow: IncomeBandRow) {
+    def getIbIncomeBandId: Int = IncomeBandRowImplicits.ibIncomeBandId.get(incomeBandRow)
+    def getIbLowerBound: Int = IncomeBandRowImplicits.ibLowerBound.get(incomeBandRow)
+    def getIbUpperBound: Int = IncomeBandRowImplicits.ibUpperBound.get(incomeBandRow)
+  }
+
+  object IncomeBandRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[IncomeBandRow], field)
+        .buildChecked[T]()
+
+    lazy val ibIncomeBandId = invoke[Int]("ibIncomeBandId")
+    lazy val ibLowerBound = invoke[Int]("ibLowerBound")
+    lazy val ibUpperBound = invoke[Int]("ibUpperBound")
+
+    def values(row: IncomeBandRow): Array[Any] = Array(
+      getOrNull(row, row.getIbIncomeBandId, IB_INCOME_BAND_ID),
+      getOrNull(row, row.getIbLowerBound, IB_LOWER_BOUND),
+      getOrNull(row, row.getIbUpperBound, IB_UPPER_BOUND))
+  }
+
+  implicit class ItemRowImplicits(itemRow: ItemRow) {
+    def getIItemSk: Long = ItemRowImplicits.iItemSk.get(itemRow)
+    def getIItemId: String = ItemRowImplicits.iItemId.get(itemRow)
+    def getIRecStartDateId: Long = ItemRowImplicits.iRecStartDateId.get(itemRow)
+    def getIRecEndDateId: Long = ItemRowImplicits.iRecEndDateId.get(itemRow)
+    def getIItemDesc: String = ItemRowImplicits.iItemDesc.get(itemRow)
+    def getICurrentPrice: TPCDSDecimal = ItemRowImplicits.iCurrentPrice.get(itemRow)
+    def getIWholesaleCost: TPCDSDecimal = ItemRowImplicits.iWholesaleCost.get(itemRow)
+    def getIBrandId: Long = ItemRowImplicits.iBrandId.get(itemRow)
+    def getIBrand: String = ItemRowImplicits.iBrand.get(itemRow)
+    def getIClassId: Long = ItemRowImplicits.iClassId.get(itemRow)
+    def getIClass: String = ItemRowImplicits.iClass.get(itemRow)
+    def getICategoryId: Long = ItemRowImplicits.iCategoryId.get(itemRow)
+    def getICategory: String = ItemRowImplicits.iCategory.get(itemRow)
+    def getIManufactId: Long = ItemRowImplicits.iManufactId.get(itemRow)
+    def getIManufact: String = ItemRowImplicits.iManufact.get(itemRow)
+    def getISize: String = ItemRowImplicits.iSize.get(itemRow)
+    def getIFormulation: String = ItemRowImplicits.iFormulation.get(itemRow)
+    def getIColor: String = ItemRowImplicits.iColor.get(itemRow)
+    def getIUnits: String = ItemRowImplicits.iUnits.get(itemRow)
+    def getIContainer: String = ItemRowImplicits.iContainer.get(itemRow)
+    def getIManagerId: Long = ItemRowImplicits.iManagerId.get(itemRow)
+    def getIProductName: String = ItemRowImplicits.iProductName.get(itemRow)
+    def getIPromoSk: Long = ItemRowImplicits.iPromoSk.get(itemRow)
+  }
+
+  object ItemRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[ItemRow], field)
+        .buildChecked[T]()
+
+    lazy val iItemSk = invoke[Long]("iItemSk")
+    lazy val iItemId = invoke[String]("iItemId")
+    lazy val iRecStartDateId = invoke[Long]("iRecStartDateId")
+    lazy val iRecEndDateId = invoke[Long]("iRecEndDateId")
+    lazy val iItemDesc = invoke[String]("iItemDesc")
+    lazy val iCurrentPrice = invoke[TPCDSDecimal]("iCurrentPrice")
+    lazy val iWholesaleCost = invoke[TPCDSDecimal]("iWholesaleCost")
+    lazy val iBrandId = invoke[Long]("iBrandId")
+    lazy val iBrand = invoke[String]("iBrand")
+    lazy val iClassId = invoke[Long]("iClassId")
+    lazy val iClass = invoke[String]("iClass")
+    lazy val iCategoryId = invoke[Long]("iCategoryId")
+    lazy val iCategory = invoke[String]("iCategory")
+    lazy val iManufactId = invoke[Long]("iManufactId")
+    lazy val iManufact = invoke[String]("iManufact")
+    lazy val iSize = invoke[String]("iSize")
+    lazy val iFormulation = invoke[String]("iFormulation")
+    lazy val iColor = invoke[String]("iColor")
+    lazy val iUnits = invoke[String]("iUnits")
+    lazy val iContainer = invoke[String]("iContainer")
+    lazy val iManagerId = invoke[Long]("iManagerId")
+    lazy val iProductName = invoke[String]("iProductName")
+    lazy val iPromoSk = invoke[Long]("iPromoSk")
+
+    def values(row: ItemRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getIItemSk, I_ITEM_SK),
+      getOrNull(row, row.getIItemId, I_ITEM_ID),
+      getDateOrNullFromJulianDays(row, row.getIRecStartDateId, I_REC_START_DATE_ID),
+      getDateOrNullFromJulianDays(row, row.getIRecEndDateId, I_REC_END_DATE_ID),
+      getOrNull(row, row.getIItemDesc, I_ITEM_DESC),
+      getOrNull(row, row.getICurrentPrice, I_CURRENT_PRICE),
+      getOrNull(row, row.getIWholesaleCost, I_WHOLESALE_COST),
+      getOrNullForKey(row, row.getIBrandId, I_BRAND_ID),
+      getOrNull(row, row.getIBrand, I_BRAND),
+      getOrNullForKey(row, row.getIClassId, I_CLASS_ID),
+      getOrNull(row, row.getIClass, I_CLASS),
+      getOrNullForKey(row, row.getICategoryId, I_CATEGORY_ID),
+      getOrNull(row, row.getICategory, I_CATEGORY),
+      getOrNullForKey(row, row.getIManufactId, I_MANUFACT_ID),
+      getOrNull(row, row.getIManufact, I_MANUFACT),
+      getOrNull(row, row.getISize, I_SIZE),
+      getOrNull(row, row.getIFormulation, I_FORMULATION),
+      getOrNull(row, row.getIColor, I_COLOR),
+      getOrNull(row, row.getIUnits, I_UNITS),
+      getOrNull(row, row.getIContainer, I_CONTAINER),
+      getOrNullForKey(row, row.getIManagerId, I_MANAGER_ID),
+      getOrNull(row, row.getIProductName, I_PRODUCT_NAME))
+  }
+
+  implicit class CustomerDemographicsRowImplicits(
+      customerDemographicsRow: CustomerDemographicsRow) {
+    def getCdDemoSk: Long = CustomerDemographicsRowImplicits.cdDemoSk.get(customerDemographicsRow)
+    def getCdGender: String = CustomerDemographicsRowImplicits.cdGender.get(customerDemographicsRow)
+    def getCdMaritalStatus: String =
+      CustomerDemographicsRowImplicits.cdMaritalStatus.get(customerDemographicsRow)
+    def getCdEducationStatus: String =
+      CustomerDemographicsRowImplicits.cdEducationStatus.get(customerDemographicsRow)
+    def getCdPurchaseEstimate: Int =
+      CustomerDemographicsRowImplicits.cdPurchaseEstimate.get(customerDemographicsRow)
+    def getCdCreditRating: String =
+      CustomerDemographicsRowImplicits.cdCreditRating.get(customerDemographicsRow)
+    def getCdDepCount: Int =
+      CustomerDemographicsRowImplicits.cdDepCount.get(customerDemographicsRow)
+    def getCdDepEmployedCount: Int =
+      CustomerDemographicsRowImplicits.cdDepEmployedCount.get(customerDemographicsRow)
+    def getCdDepCollegeCount: Int =
+      CustomerDemographicsRowImplicits.cdDepCollegeCount.get(customerDemographicsRow)
+  }
+
+  object CustomerDemographicsRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CustomerDemographicsRow], field)
+        .buildChecked[T]()
+
+    lazy val cdDemoSk = invoke[Long]("cdDemoSk")
+    lazy val cdGender = invoke[String]("cdGender")
+    lazy val cdMaritalStatus = invoke[String]("cdMaritalStatus")
+    lazy val cdEducationStatus = invoke[String]("cdEducationStatus")
+    lazy val cdPurchaseEstimate = invoke[Int]("cdPurchaseEstimate")
+    lazy val cdCreditRating = invoke[String]("cdCreditRating")
+    lazy val cdDepCount = invoke[Int]("cdDepCount")
+    lazy val cdDepEmployedCount = invoke[Int]("cdDepEmployedCount")
+    lazy val cdDepCollegeCount = invoke[Int]("cdDepCollegeCount")
+
+    def values(row: CustomerDemographicsRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCdDemoSk, CD_DEMO_SK),
+      getOrNull(row, row.getCdGender, CD_GENDER),
+      getOrNull(row, row.getCdMaritalStatus, CD_MARITAL_STATUS),
+      getOrNull(row, row.getCdEducationStatus, CD_EDUCATION_STATUS),
+      getOrNull(row, row.getCdPurchaseEstimate, CD_PURCHASE_ESTIMATE),
+      getOrNull(row, row.getCdCreditRating, CD_CREDIT_RATING),
+      getOrNull(row, row.getCdDepCount, CD_DEP_COUNT),
+      getOrNull(row, row.getCdDepEmployedCount, CD_DEP_EMPLOYED_COUNT),
+      getOrNull(row, row.getCdDepCollegeCount, CD_DEP_COLLEGE_COUNT))
+  }
+
+  implicit class TimeDimRowImplicits(timeDimRow: TimeDimRow) {
+    def getTTimeSk: Long = TimeDimRowImplicits.tTimeSk.get(timeDimRow)
+    def getTTimeId: String = TimeDimRowImplicits.tTimeId.get(timeDimRow)
+    def getTTime: Int = TimeDimRowImplicits.tTime.get(timeDimRow)
+    def getTHour: Int = TimeDimRowImplicits.tHour.get(timeDimRow)
+    def getTMinute: Int = TimeDimRowImplicits.tMinute.get(timeDimRow)
+    def getTSecond: Int = TimeDimRowImplicits.tSecond.get(timeDimRow)
+    def getTAmPm: String = TimeDimRowImplicits.tAmPm.get(timeDimRow)
+    def getTShift: String = TimeDimRowImplicits.tShift.get(timeDimRow)
+    def getTSubShift: String = TimeDimRowImplicits.tSubShift.get(timeDimRow)
+    def getTMealTime: String = TimeDimRowImplicits.tMealTime.get(timeDimRow)
+  }
+
+  object TimeDimRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[TimeDimRow], field)
+        .buildChecked[T]()
+
+    lazy val tTimeSk = invoke[Long]("tTimeSk")
+    lazy val tTimeId = invoke[String]("tTimeId")
+    lazy val tTime = invoke[Int]("tTime")
+    lazy val tHour = invoke[Int]("tHour")
+    lazy val tMinute = invoke[Int]("tMinute")
+    lazy val tSecond = invoke[Int]("tSecond")
+    lazy val tAmPm = invoke[String]("tAmPm")
+    lazy val tShift = invoke[String]("tShift")
+    lazy val tSubShift = invoke[String]("tSubShift")
+    lazy val tMealTime = invoke[String]("tMealTime")
+
+    def values(row: TimeDimRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getTTimeSk, T_TIME_SK),
+      getOrNull(row, row.getTTimeId, T_TIME_ID),
+      getOrNull(row, row.getTTime, T_TIME),
+      getOrNull(row, row.getTHour, T_HOUR),
+      getOrNull(row, row.getTMinute, T_MINUTE),
+      getOrNull(row, row.getTSecond, T_SECOND),
+      getOrNull(row, row.getTAmPm, T_AM_PM),
+      getOrNull(row, row.getTShift, T_SHIFT),
+      getOrNull(row, row.getTSubShift, T_SUB_SHIFT),
+      getOrNull(row, row.getTMealTime, T_MEAL_TIME))
+  }
+
+  implicit class WebSiteRowImplicits(webSiteRow: WebSiteRow) {
+    def getWebSiteSk: Long = WebSiteRowImplicits.webSiteSk.get(webSiteRow)
+    def getWebSiteId: String = WebSiteRowImplicits.webSiteId.get(webSiteRow)
+    def getWebRecStartDateId: Long = WebSiteRowImplicits.webRecStartDateId.get(webSiteRow)
+    def getWebRecEndDateId: Long = WebSiteRowImplicits.webRecEndDateId.get(webSiteRow)
+    def getWebName: String = WebSiteRowImplicits.webName.get(webSiteRow)
+    def getWebOpenDate: Long = WebSiteRowImplicits.webOpenDate.get(webSiteRow)
+    def getWebCloseDate: Long = WebSiteRowImplicits.webCloseDate.get(webSiteRow)
+    def getWebClass: String = WebSiteRowImplicits.webClass.get(webSiteRow)
+    def getWebManager: String = WebSiteRowImplicits.webManager.get(webSiteRow)
+    def getWebMarketId: Int = WebSiteRowImplicits.webMarketId.get(webSiteRow)
+    def getWebMarketClass: String = WebSiteRowImplicits.webMarketClass.get(webSiteRow)
+    def getWebMarketDesc: String = WebSiteRowImplicits.webMarketDesc.get(webSiteRow)
+    def getWebMarketManager: String = WebSiteRowImplicits.webMarketManager.get(webSiteRow)
+    def getWebCompanyId: Int = WebSiteRowImplicits.webCompanyId.get(webSiteRow)
+    def getWebCompanyName: String = WebSiteRowImplicits.webCompanyName.get(webSiteRow)
+    def getWebAddress: Address = WebSiteRowImplicits.webAddress.get(webSiteRow)
+    def getWebTaxPercentage: TPCDSDecimal = WebSiteRowImplicits.webTaxPercentage.get(webSiteRow)
+  }
+
+  object WebSiteRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[WebSiteRow], field)
+        .buildChecked[T]()
+
+    lazy val webSiteSk = invoke[Long]("webSiteSk")
+    lazy val webSiteId = invoke[String]("webSiteId")
+    lazy val webRecStartDateId = invoke[Long]("webRecStartDateId")
+    lazy val webRecEndDateId = invoke[Long]("webRecEndDateId")
+    lazy val webName = invoke[String]("webName")
+    lazy val webOpenDate = invoke[Long]("webOpenDate")
+    lazy val webCloseDate = invoke[Long]("webCloseDate")
+    lazy val webClass = invoke[String]("webClass")
+    lazy val webManager = invoke[String]("webManager")
+    lazy val webMarketId = invoke[Int]("webMarketId")
+    lazy val webMarketClass = invoke[String]("webMarketClass")
+    lazy val webMarketDesc = invoke[String]("webMarketDesc")
+    lazy val webMarketManager = invoke[String]("webMarketManager")
+    lazy val webCompanyId = invoke[Int]("webCompanyId")
+    lazy val webCompanyName = invoke[String]("webCompanyName")
+    lazy val webAddress = invoke[Address]("webAddress")
+    lazy val webTaxPercentage = invoke[TPCDSDecimal]("webTaxPercentage")
+
+    def values(row: WebSiteRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getWebSiteSk, WEB_SITE_SK),
+      getOrNull(row, row.getWebSiteId, WEB_SITE_ID),
+      getDateOrNullFromJulianDays(row, row.getWebRecStartDateId, WEB_REC_START_DATE_ID),
+      getDateOrNullFromJulianDays(row, row.getWebRecEndDateId, WEB_REC_END_DATE_ID),
+      getOrNull(row, row.getWebName, WEB_NAME),
+      getOrNullForKey(row, row.getWebOpenDate, WEB_OPEN_DATE),
+      getOrNullForKey(row, row.getWebCloseDate, WEB_CLOSE_DATE),
+      getOrNull(row, row.getWebClass, WEB_CLASS),
+      getOrNull(row, row.getWebManager, WEB_MANAGER),
+      getOrNull(row, row.getWebMarketId, WEB_MARKET_ID),
+      getOrNull(row, row.getWebMarketClass, WEB_MARKET_CLASS),
+      getOrNull(row, row.getWebMarketDesc, WEB_MARKET_DESC),
+      getOrNull(row, row.getWebMarketManager, WEB_MARKET_MANAGER),
+      getOrNull(row, row.getWebCompanyId, WEB_COMPANY_ID),
+      getOrNull(row, row.getWebCompanyName, WEB_COMPANY_NAME),
+      getOrNull(row, row.getWebAddress.getStreetNumber(), WEB_ADDRESS_STREET_NUM),
+      getOrNull(row, row.getWebAddress.getStreetName(), WEB_ADDRESS_STREET_NAME1),
+      getOrNull(row, row.getWebAddress.getStreetType(), WEB_ADDRESS_STREET_TYPE),
+      getOrNull(row, row.getWebAddress.getSuiteNumber(), WEB_ADDRESS_SUITE_NUM),
+      getOrNull(row, row.getWebAddress.getCity(), WEB_ADDRESS_CITY),
+      getOrNull(row, row.getWebAddress.getCounty(), WEB_ADDRESS_COUNTY),
+      getOrNull(row, row.getWebAddress.getState(), WEB_ADDRESS_STATE),
+      getOrNull(
+        row,
+        java.lang.String.format("%05d", row.getWebAddress.getZip().asInstanceOf[Object]),
+        WEB_ADDRESS_ZIP),
+      getOrNull(row, row.getWebAddress.getCountry(), WEB_ADDRESS_COUNTRY),
+      getOrNull(row, row.getWebAddress.getGmtOffset(), WEB_ADDRESS_GMT_OFFSET),
+      getOrNull(row, row.getWebTaxPercentage, WEB_TAX_PERCENTAGE))
+  }
+
+  implicit class HouseholdDemographicsRowImplicits(
+      householdDemographicsRow: HouseholdDemographicsRow) {
+    def getHdDemoSk: Long = HouseholdDemographicsRowImplicits.hdDemoSk.get(householdDemographicsRow)
+    def getHdIncomeBandId: Long =
+      HouseholdDemographicsRowImplicits.hdIncomeBandId.get(householdDemographicsRow)
+    def getHdBuyPotential: String =
+      HouseholdDemographicsRowImplicits.hdBuyPotential.get(householdDemographicsRow)
+    def getHdDepCount: Int =
+      HouseholdDemographicsRowImplicits.hdDepCount.get(householdDemographicsRow)
+    def getHdVehicleCount: Int =
+      HouseholdDemographicsRowImplicits.hdVehicleCount.get(householdDemographicsRow)
+  }
+
+  object HouseholdDemographicsRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[HouseholdDemographicsRow], field)
+        .buildChecked[T]()
+
+    lazy val hdDemoSk = invoke[Long]("hdDemoSk")
+    lazy val hdIncomeBandId = invoke[Long]("hdIncomeBandId")
+    lazy val hdBuyPotential = invoke[String]("hdBuyPotential")
+    lazy val hdDepCount = invoke[Int]("hdDepCount")
+    lazy val hdVehicleCount = invoke[Int]("hdVehicleCount")
+
+    def values(row: HouseholdDemographicsRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getHdDemoSk, HD_DEMO_SK),
+      getOrNullForKey(row, row.getHdIncomeBandId, HD_INCOME_BAND_ID),
+      getOrNull(row, row.getHdBuyPotential, HD_BUY_POTENTIAL),
+      getOrNull(row, row.getHdDepCount, HD_DEP_COUNT),
+      getOrNull(row, row.getHdVehicleCount, HD_VEHICLE_COUNT))
+  }
+
+  implicit class PromotionRowImplicits(promotionRow: PromotionRow) {
+    def getPPromoSk: Long = PromotionRowImplicits.pPromoSk.get(promotionRow)
+    def getPPromoId: String = PromotionRowImplicits.pPromoId.get(promotionRow)
+    def getPStartDateId: Long = PromotionRowImplicits.pStartDateId.get(promotionRow)
+    def getPEndDateId: Long = PromotionRowImplicits.pEndDateId.get(promotionRow)
+    def getPItemSk: Long = PromotionRowImplicits.pItemSk.get(promotionRow)
+    def getPCost: TPCDSDecimal = PromotionRowImplicits.pCost.get(promotionRow)
+    def getPResponseTarget: Int = PromotionRowImplicits.pResponseTarget.get(promotionRow)
+    def getPPromoName: String = PromotionRowImplicits.pPromoName.get(promotionRow)
+    def isPChannelDmail: Boolean = PromotionRowImplicits.pChannelDmail.get(promotionRow)
+    def isPChannelEmail: Boolean = PromotionRowImplicits.pChannelEmail.get(promotionRow)
+    def isPChannelCatalog: Boolean = PromotionRowImplicits.pChannelCatalog.get(promotionRow)
+    def isPChannelTv: Boolean = PromotionRowImplicits.pChannelTv.get(promotionRow)
+    def isPChannelRadio: Boolean = PromotionRowImplicits.pChannelRadio.get(promotionRow)
+    def isPChannelPress: Boolean = PromotionRowImplicits.pChannelPress.get(promotionRow)
+    def isPChannelEvent: Boolean = PromotionRowImplicits.pChannelEvent.get(promotionRow)
+    def isPChannelDemo: Boolean = PromotionRowImplicits.pChannelDemo.get(promotionRow)
+    def getPChannelDetails: String = PromotionRowImplicits.pChannelDetails.get(promotionRow)
+    def getPPurpose: String = PromotionRowImplicits.pPurpose.get(promotionRow)
+    def isPDiscountActive: Boolean = PromotionRowImplicits.pDiscountActive.get(promotionRow)
+  }
+
+  object PromotionRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[PromotionRow], field)
+        .buildChecked[T]()
+
+    lazy val pPromoSk = invoke[Long]("pPromoSk")
+    lazy val pPromoId = invoke[String]("pPromoId")
+    lazy val pStartDateId = invoke[Long]("pStartDateId")
+    lazy val pEndDateId = invoke[Long]("pEndDateId")
+    lazy val pItemSk = invoke[Long]("pItemSk")
+    lazy val pCost = invoke[TPCDSDecimal]("pCost")
+    lazy val pResponseTarget = invoke[Int]("pResponseTarget")
+    lazy val pPromoName = invoke[String]("pPromoName")
+    lazy val pChannelDmail = invoke[Boolean]("pChannelDmail")
+    lazy val pChannelEmail = invoke[Boolean]("pChannelEmail")
+    lazy val pChannelCatalog = invoke[Boolean]("pChannelCatalog")
+    lazy val pChannelTv = invoke[Boolean]("pChannelTv")
+    lazy val pChannelRadio = invoke[Boolean]("pChannelRadio")
+    lazy val pChannelPress = invoke[Boolean]("pChannelPress")
+    lazy val pChannelEvent = invoke[Boolean]("pChannelEvent")
+    lazy val pChannelDemo = invoke[Boolean]("pChannelDemo")
+    lazy val pChannelDetails = invoke[String]("pChannelDetails")
+    lazy val pPurpose = invoke[String]("pPurpose")
+    lazy val pDiscountActive = invoke[Boolean]("pDiscountActive")
+
+    def values(row: PromotionRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getPPromoSk, P_PROMO_SK),
+      getOrNull(row, row.getPPromoId, P_PROMO_ID),
+      getOrNullForKey(row, row.getPStartDateId, P_START_DATE_ID),
+      getOrNullForKey(row, row.getPEndDateId, P_END_DATE_ID),
+      getOrNullForKey(row, row.getPItemSk, P_ITEM_SK),
+      getOrNull(row, row.getPCost, P_COST),
+      getOrNull(row, row.getPResponseTarget, P_RESPONSE_TARGET),
+      getOrNull(row, row.getPPromoName, P_PROMO_NAME),
+      getOrNullForBoolean(row, row.isPChannelDmail, P_CHANNEL_DMAIL),
+      getOrNullForBoolean(row, row.isPChannelEmail, P_CHANNEL_EMAIL),
+      getOrNullForBoolean(row, row.isPChannelCatalog, P_CHANNEL_CATALOG),
+      getOrNullForBoolean(row, row.isPChannelTv, P_CHANNEL_TV),
+      getOrNullForBoolean(row, row.isPChannelRadio, P_CHANNEL_RADIO),
+      getOrNullForBoolean(row, row.isPChannelPress, P_CHANNEL_PRESS),
+      getOrNullForBoolean(row, row.isPChannelEvent, P_CHANNEL_EVENT),
+      getOrNullForBoolean(row, row.isPChannelDemo, P_CHANNEL_DEMO),
+      getOrNull(row, row.getPChannelDetails, P_CHANNEL_DETAILS),
+      getOrNull(row, row.getPPurpose, P_PURPOSE),
+      getOrNullForBoolean(row, row.isPDiscountActive, P_DISCOUNT_ACTIVE))
+  }
+
+  implicit class CatalogPageRowImplicits(catalogPageRow: CatalogPageRow) {
+    def getCpCatalogPageSk: Long = CatalogPageRowImplicits.cpCatalogPageSk.get(catalogPageRow)
+    def getCpCatalogPageId: String = CatalogPageRowImplicits.cpCatalogPageId.get(catalogPageRow)
+    def getCpStartDateId: Long = CatalogPageRowImplicits.cpStartDateId.get(catalogPageRow)
+    def getCpEndDateId: Long = CatalogPageRowImplicits.cpEndDateId.get(catalogPageRow)
+    def getCpDepartment: String = CatalogPageRowImplicits.cpDepartment.get(catalogPageRow)
+    def getCpCatalogNumber: Int = CatalogPageRowImplicits.cpCatalogNumber.get(catalogPageRow)
+    def getCpCatalogPageNumber: Int =
+      CatalogPageRowImplicits.cpCatalogPageNumber.get(catalogPageRow)
+    def getCpDescription: String = CatalogPageRowImplicits.cpDescription.get(catalogPageRow)
+    def getCpType: String = CatalogPageRowImplicits.cpType.get(catalogPageRow)
+  }
+
+  object CatalogPageRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CatalogPageRow], field)
+        .buildChecked[T]()
+
+    lazy val cpCatalogPageSk = invoke[Long]("cpCatalogPageSk")
+    lazy val cpCatalogPageId = invoke[String]("cpCatalogPageId")
+    lazy val cpStartDateId = invoke[Long]("cpStartDateId")
+    lazy val cpEndDateId = invoke[Long]("cpEndDateId")
+    lazy val cpDepartment = invoke[String]("cpDepartment")
+    lazy val cpCatalogNumber = invoke[Int]("cpCatalogNumber")
+    lazy val cpCatalogPageNumber = invoke[Int]("cpCatalogPageNumber")
+    lazy val cpDescription = invoke[String]("cpDescription")
+    lazy val cpType = invoke[String]("cpType")
+
+    def values(row: CatalogPageRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCpCatalogPageSk, CP_CATALOG_PAGE_SK),
+      getOrNull(row, row.getCpCatalogPageId, CP_CATALOG_PAGE_ID),
+      getOrNullForKey(row, row.getCpStartDateId, CP_START_DATE_ID),
+      getOrNullForKey(row, row.getCpEndDateId, CP_END_DATE_ID),
+      getOrNull(row, row.getCpDepartment, CP_DEPARTMENT),
+      getOrNull(row, row.getCpCatalogNumber, CP_CATALOG_NUMBER),
+      getOrNull(row, row.getCpCatalogPageNumber, CP_CATALOG_PAGE_NUMBER),
+      getOrNull(row, row.getCpDescription, CP_DESCRIPTION),
+      getOrNull(row, row.getCpType, CP_TYPE))
+  }
+
+  implicit class WebSalesRowImplicits(webSalesRow: WebSalesRow) {
+    def getWsSoldDateSk: Long = WebSalesRowImplicits.wsSoldDateSk.get(webSalesRow)
+    def getWsSoldTimeSk: Long = WebSalesRowImplicits.wsSoldTimeSk.get(webSalesRow)
+    def getWsShipDateSk: Long = WebSalesRowImplicits.wsShipDateSk.get(webSalesRow)
+    def getWsItemSk: Long = WebSalesRowImplicits.wsItemSk.get(webSalesRow)
+    def getWsBillCustomerSk: Long = WebSalesRowImplicits.wsBillCustomerSk.get(webSalesRow)
+    def getWsBillCdemoSk: Long = WebSalesRowImplicits.wsBillCdemoSk.get(webSalesRow)
+    def getWsBillHdemoSk: Long = WebSalesRowImplicits.wsBillHdemoSk.get(webSalesRow)
+    def getWsBillAddrSk: Long = WebSalesRowImplicits.wsBillAddrSk.get(webSalesRow)
+    def getWsShipCustomerSk: Long = WebSalesRowImplicits.wsShipCustomerSk.get(webSalesRow)
+    def getWsShipCdemoSk: Long = WebSalesRowImplicits.wsShipCdemoSk.get(webSalesRow)
+    def getWsShipHdemoSk: Long = WebSalesRowImplicits.wsShipHdemoSk.get(webSalesRow)
+    def getWsShipAddrSk: Long = WebSalesRowImplicits.wsShipAddrSk.get(webSalesRow)
+    def getWsWebPageSk: Long = WebSalesRowImplicits.wsWebPageSk.get(webSalesRow)
+    def getWsWebSiteSk: Long = WebSalesRowImplicits.wsWebSiteSk.get(webSalesRow)
+    def getWsShipModeSk: Long = WebSalesRowImplicits.wsShipModeSk.get(webSalesRow)
+    def getWsWarehouseSk: Long = WebSalesRowImplicits.wsWarehouseSk.get(webSalesRow)
+    def getWsPromoSk: Long = WebSalesRowImplicits.wsPromoSk.get(webSalesRow)
+    def getWsOrderNumber: Long = WebSalesRowImplicits.wsOrderNumber.get(webSalesRow)
+    def getWsPricing: Pricing = WebSalesRowImplicits.wsPricing.get(webSalesRow)
+  }
+
+  object WebSalesRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[WebSalesRow], field)
+        .buildChecked[T]()
+
+    lazy val wsSoldDateSk = invoke[Long]("wsSoldDateSk")
+    lazy val wsSoldTimeSk = invoke[Long]("wsSoldTimeSk")
+    lazy val wsShipDateSk = invoke[Long]("wsShipDateSk")
+    lazy val wsItemSk = invoke[Long]("wsItemSk")
+    lazy val wsBillCustomerSk = invoke[Long]("wsBillCustomerSk")
+    lazy val wsBillCdemoSk = invoke[Long]("wsBillCdemoSk")
+    lazy val wsBillHdemoSk = invoke[Long]("wsBillHdemoSk")
+    lazy val wsBillAddrSk = invoke[Long]("wsBillAddrSk")
+    lazy val wsShipCustomerSk = invoke[Long]("wsShipCustomerSk")
+    lazy val wsShipCdemoSk = invoke[Long]("wsShipCdemoSk")
+    lazy val wsShipHdemoSk = invoke[Long]("wsShipHdemoSk")
+    lazy val wsShipAddrSk = invoke[Long]("wsShipAddrSk")
+    lazy val wsWebPageSk = invoke[Long]("wsWebPageSk")
+    lazy val wsWebSiteSk = invoke[Long]("wsWebSiteSk")
+    lazy val wsShipModeSk = invoke[Long]("wsShipModeSk")
+    lazy val wsWarehouseSk = invoke[Long]("wsWarehouseSk")
+    lazy val wsPromoSk = invoke[Long]("wsPromoSk")
+    lazy val wsOrderNumber = invoke[Long]("wsOrderNumber")
+    lazy val wsPricing = invoke[Pricing]("wsPricing")
+
+    def values(row: WebSalesRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getWsSoldDateSk, WS_SOLD_DATE_SK),
+      getOrNullForKey(row, row.getWsSoldTimeSk, WS_SOLD_TIME_SK),
+      getOrNullForKey(row, row.getWsShipDateSk, WS_SHIP_DATE_SK),
+      getOrNullForKey(row, row.getWsItemSk, WS_ITEM_SK),
+      getOrNullForKey(row, row.getWsBillCustomerSk, WS_BILL_CUSTOMER_SK),
+      getOrNullForKey(row, row.getWsBillCdemoSk, WS_BILL_CDEMO_SK),
+      getOrNullForKey(row, row.getWsBillHdemoSk, WS_BILL_HDEMO_SK),
+      getOrNullForKey(row, row.getWsBillAddrSk, WS_BILL_ADDR_SK),
+      getOrNullForKey(row, row.getWsShipCustomerSk, WS_SHIP_CUSTOMER_SK),
+      getOrNullForKey(row, row.getWsShipCdemoSk, WS_SHIP_CDEMO_SK),
+      getOrNullForKey(row, row.getWsShipHdemoSk, WS_SHIP_HDEMO_SK),
+      getOrNullForKey(row, row.getWsShipAddrSk, WS_SHIP_ADDR_SK),
+      getOrNullForKey(row, row.getWsWebPageSk, WS_WEB_PAGE_SK),
+      getOrNullForKey(row, row.getWsWebSiteSk, WS_WEB_SITE_SK),
+      getOrNullForKey(row, row.getWsShipModeSk, WS_SHIP_MODE_SK),
+      getOrNullForKey(row, row.getWsWarehouseSk, WS_WAREHOUSE_SK),
+      getOrNullForKey(row, row.getWsPromoSk, WS_PROMO_SK),
+      getOrNullForKey(row, row.getWsOrderNumber, WS_ORDER_NUMBER),
+      getOrNull(row, row.getWsPricing.getQuantity(), WS_PRICING_QUANTITY),
+      getOrNull(row, row.getWsPricing.getWholesaleCost(), WS_PRICING_WHOLESALE_COST),
+      getOrNull(row, row.getWsPricing.getListPrice(), WS_PRICING_LIST_PRICE),
+      getOrNull(row, row.getWsPricing.getSalesPrice(), WS_PRICING_SALES_PRICE),
+      getOrNull(row, row.getWsPricing.getExtDiscountAmount(), WS_PRICING_EXT_DISCOUNT_AMT),
+      getOrNull(row, row.getWsPricing.getExtSalesPrice(), WS_PRICING_EXT_SALES_PRICE),
+      getOrNull(row, row.getWsPricing.getExtWholesaleCost(), WS_PRICING_EXT_WHOLESALE_COST),
+      getOrNull(row, row.getWsPricing.getExtListPrice(), WS_PRICING_EXT_LIST_PRICE),
+      getOrNull(row, row.getWsPricing.getExtTax(), WS_PRICING_EXT_TAX),
+      getOrNull(row, row.getWsPricing.getCouponAmount(), WS_PRICING_COUPON_AMT),
+      getOrNull(row, row.getWsPricing.getExtShipCost(), WS_PRICING_EXT_SHIP_COST),
+      getOrNull(row, row.getWsPricing.getNetPaid(), WS_PRICING_NET_PAID),
+      getOrNull(row, row.getWsPricing.getNetPaidIncludingTax(), WS_PRICING_NET_PAID_INC_TAX),
+      getOrNull(row, row.getWsPricing.getNetPaidIncludingShipping(), WS_PRICING_NET_PAID_INC_SHIP),
+      getOrNull(
+        row,
+        row.getWsPricing.getNetPaidIncludingShippingAndTax(),
+        WS_PRICING_NET_PAID_INC_SHIP_TAX),
+      getOrNull(row, row.getWsPricing.getNetProfit(), WS_PRICING_NET_PROFIT))
+  }
+
+  implicit class StoreSalesRowImplicits(storeSalesRow: StoreSalesRow) {
+    def getSsSoldDateSk: Long = StoreSalesRowImplicits.ssSoldDateSk.get(storeSalesRow)
+    def getSsSoldTimeSk: Long = StoreSalesRowImplicits.ssSoldTimeSk.get(storeSalesRow)
+    def getSsSoldItemSk: Long = StoreSalesRowImplicits.ssSoldItemSk.get(storeSalesRow)
+    def getSsSoldCustomerSk: Long = StoreSalesRowImplicits.ssSoldCustomerSk.get(storeSalesRow)
+    def getSsSoldCdemoSk: Long = StoreSalesRowImplicits.ssSoldCdemoSk.get(storeSalesRow)
+    def getSsSoldHdemoSk: Long = StoreSalesRowImplicits.ssSoldHdemoSk.get(storeSalesRow)
+    def getSsSoldAddrSk: Long = StoreSalesRowImplicits.ssSoldAddrSk.get(storeSalesRow)
+    def getSsSoldStoreSk: Long = StoreSalesRowImplicits.ssSoldStoreSk.get(storeSalesRow)
+    def getSsSoldPromoSk: Long = StoreSalesRowImplicits.ssSoldPromoSk.get(storeSalesRow)
+    def getSsTicketNumber: Long = StoreSalesRowImplicits.ssTicketNumber.get(storeSalesRow)
+    def getSsPricing: Pricing = StoreSalesRowImplicits.ssPricing.get(storeSalesRow)
+  }
+
+  object StoreSalesRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[StoreSalesRow], field)
+        .buildChecked[T]()
+
+    lazy val ssSoldDateSk = invoke[Long]("ssSoldDateSk")
+    lazy val ssSoldTimeSk = invoke[Long]("ssSoldTimeSk")
+    lazy val ssSoldItemSk = invoke[Long]("ssSoldItemSk")
+    lazy val ssSoldCustomerSk = invoke[Long]("ssSoldCustomerSk")
+    lazy val ssSoldCdemoSk = invoke[Long]("ssSoldCdemoSk")
+    lazy val ssSoldHdemoSk = invoke[Long]("ssSoldHdemoSk")
+    lazy val ssSoldAddrSk = invoke[Long]("ssSoldAddrSk")
+    lazy val ssSoldStoreSk = invoke[Long]("ssSoldStoreSk")
+    lazy val ssSoldPromoSk = invoke[Long]("ssSoldPromoSk")
+    lazy val ssTicketNumber = invoke[Long]("ssTicketNumber")
+    lazy val ssPricing = invoke[Pricing]("ssPricing")
+
+    def values(row: StoreSalesRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getSsSoldDateSk, SS_SOLD_DATE_SK),
+      getOrNullForKey(row, row.getSsSoldTimeSk, SS_SOLD_TIME_SK),
+      getOrNullForKey(row, row.getSsSoldItemSk, SS_SOLD_ITEM_SK),
+      getOrNullForKey(row, row.getSsSoldCustomerSk, SS_SOLD_CUSTOMER_SK),
+      getOrNullForKey(row, row.getSsSoldCdemoSk, SS_SOLD_CDEMO_SK),
+      getOrNullForKey(row, row.getSsSoldHdemoSk, SS_SOLD_HDEMO_SK),
+      getOrNullForKey(row, row.getSsSoldAddrSk, SS_SOLD_ADDR_SK),
+      getOrNullForKey(row, row.getSsSoldStoreSk, SS_SOLD_STORE_SK),
+      getOrNullForKey(row, row.getSsSoldPromoSk, SS_SOLD_PROMO_SK),
+      getOrNullForKey(row, row.getSsTicketNumber, SS_TICKET_NUMBER),
+      getOrNull(row, row.getSsPricing.getQuantity(), SS_PRICING_QUANTITY),
+      getOrNull(row, row.getSsPricing.getWholesaleCost(), SS_PRICING_WHOLESALE_COST),
+      getOrNull(row, row.getSsPricing.getListPrice(), SS_PRICING_LIST_PRICE),
+      getOrNull(row, row.getSsPricing.getSalesPrice(), SS_PRICING_SALES_PRICE),
+      getOrNull(row, row.getSsPricing.getCouponAmount(), SS_PRICING_COUPON_AMT),
+      getOrNull(row, row.getSsPricing.getExtSalesPrice(), SS_PRICING_EXT_SALES_PRICE),
+      getOrNull(row, row.getSsPricing.getExtWholesaleCost(), SS_PRICING_EXT_WHOLESALE_COST),
+      getOrNull(row, row.getSsPricing.getExtListPrice(), SS_PRICING_EXT_LIST_PRICE),
+      getOrNull(row, row.getSsPricing.getExtTax(), SS_PRICING_EXT_TAX),
+      getOrNull(row, row.getSsPricing.getCouponAmount(), SS_PRICING_COUPON_AMT),
+      getOrNull(row, row.getSsPricing.getNetPaid(), SS_PRICING_NET_PAID),
+      getOrNull(row, row.getSsPricing.getNetPaidIncludingTax(), SS_PRICING_NET_PAID_INC_TAX),
+      getOrNull(row, row.getSsPricing.getNetProfit(), SS_PRICING_NET_PROFIT))
+  }
+
+  implicit class InventoryRowImplicits(inventoryRow: InventoryRow) {
+    def getInvDateSk: Long = InventoryRowImplicits.invDateSk.get(inventoryRow)
+    def getInvItemSk: Long = InventoryRowImplicits.invItemSk.get(inventoryRow)
+    def getInvWarehouseSk: Long = InventoryRowImplicits.invWarehouseSk.get(inventoryRow)
+    def getInvQuantityOnHand: Int = InventoryRowImplicits.invQuantityOnHand.get(inventoryRow)
+  }
+
+  object InventoryRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[InventoryRow], field)
+        .buildChecked[T]()
+
+    lazy val invDateSk = invoke[Long]("invDateSk")
+    lazy val invItemSk = invoke[Long]("invItemSk")
+    lazy val invWarehouseSk = invoke[Long]("invWarehouseSk")
+    lazy val invQuantityOnHand = invoke[Int]("invQuantityOnHand")
+
+    def values(row: InventoryRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getInvDateSk, INV_DATE_SK),
+      getOrNullForKey(row, row.getInvItemSk, INV_ITEM_SK),
+      getOrNullForKey(row, row.getInvWarehouseSk, INV_WAREHOUSE_SK),
+      getOrNull(row, row.getInvQuantityOnHand, INV_QUANTITY_ON_HAND))
+  }
+
+  implicit class WebReturnsRowImplicits(webReturnsRow: WebReturnsRow) {
+    def getWrReturnedDateSk: Long = WebReturnsRowImplicits.wrReturnedDateSk.get(webReturnsRow)
+    def getWrReturnedTimeSk: Long = WebReturnsRowImplicits.wrReturnedTimeSk.get(webReturnsRow)
+    def getWrItemSk: Long = WebReturnsRowImplicits.wrItemSk.get(webReturnsRow)
+    def getWrRefundedCustomerSk: Long =
+      WebReturnsRowImplicits.wrRefundedCustomerSk.get(webReturnsRow)
+    def getWrRefundedCdemoSk: Long = WebReturnsRowImplicits.wrRefundedCdemoSk.get(webReturnsRow)
+    def getWrRefundedHdemoSk: Long = WebReturnsRowImplicits.wrRefundedHdemoSk.get(webReturnsRow)
+    def getWrRefundedAddrSk: Long = WebReturnsRowImplicits.wrRefundedAddrSk.get(webReturnsRow)
+    def getWrReturningCustomerSk: Long =
+      WebReturnsRowImplicits.wrReturningCustomerSk.get(webReturnsRow)
+    def getWrReturningCdemoSk: Long = WebReturnsRowImplicits.wrReturningCdemoSk.get(webReturnsRow)
+    def getWrReturningHdemoSk: Long = WebReturnsRowImplicits.wrReturningHdemoSk.get(webReturnsRow)
+    def getWrReturningAddrSk: Long = WebReturnsRowImplicits.wrReturningAddrSk.get(webReturnsRow)
+    def getWrWebPageSk: Long = WebReturnsRowImplicits.wrWebPageSk.get(webReturnsRow)
+    def getWrReasonSk: Long = WebReturnsRowImplicits.wrReasonSk.get(webReturnsRow)
+    def getWrOrderNumber: Long = WebReturnsRowImplicits.wrOrderNumber.get(webReturnsRow)
+    def getWrPricing: Pricing = WebReturnsRowImplicits.wrPricing.get(webReturnsRow)
+  }
+
+  object WebReturnsRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[WebReturnsRow], field)
+        .buildChecked[T]()
+
+    lazy val wrReturnedDateSk = invoke[Long]("wrReturnedDateSk")
+    lazy val wrReturnedTimeSk = invoke[Long]("wrReturnedTimeSk")
+    lazy val wrItemSk = invoke[Long]("wrItemSk")
+    lazy val wrRefundedCustomerSk = invoke[Long]("wrRefundedCustomerSk")
+    lazy val wrRefundedCdemoSk = invoke[Long]("wrRefundedCdemoSk")
+    lazy val wrRefundedHdemoSk = invoke[Long]("wrRefundedHdemoSk")
+    lazy val wrRefundedAddrSk = invoke[Long]("wrRefundedAddrSk")
+    lazy val wrReturningCustomerSk = invoke[Long]("wrReturningCustomerSk")
+    lazy val wrReturningCdemoSk = invoke[Long]("wrReturningCdemoSk")
+    lazy val wrReturningHdemoSk = invoke[Long]("wrReturningHdemoSk")
+    lazy val wrReturningAddrSk = invoke[Long]("wrReturningAddrSk")
+    lazy val wrWebPageSk = invoke[Long]("wrWebPageSk")
+    lazy val wrReasonSk = invoke[Long]("wrReasonSk")
+    lazy val wrOrderNumber = invoke[Long]("wrOrderNumber")
+    lazy val wrPricing = invoke[Pricing]("wrPricing")
+
+    def values(row: WebReturnsRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getWrReturnedDateSk, WR_RETURNED_DATE_SK),
+      getOrNullForKey(row, row.getWrReturnedTimeSk, WR_RETURNED_TIME_SK),
+      getOrNullForKey(row, row.getWrItemSk, WR_ITEM_SK),
+      getOrNullForKey(row, row.getWrRefundedCustomerSk, WR_REFUNDED_CUSTOMER_SK),
+      getOrNullForKey(row, row.getWrRefundedCdemoSk, WR_REFUNDED_CDEMO_SK),
+      getOrNullForKey(row, row.getWrRefundedHdemoSk, WR_REFUNDED_HDEMO_SK),
+      getOrNullForKey(row, row.getWrRefundedAddrSk, WR_REFUNDED_ADDR_SK),
+      getOrNullForKey(row, row.getWrReturningCustomerSk, WR_RETURNING_CUSTOMER_SK),
+      getOrNullForKey(row, row.getWrReturningCdemoSk, WR_RETURNING_CDEMO_SK),
+      getOrNullForKey(row, row.getWrReturningHdemoSk, WR_RETURNING_HDEMO_SK),
+      getOrNullForKey(row, row.getWrReturningAddrSk, WR_RETURNING_ADDR_SK),
+      getOrNullForKey(row, row.getWrWebPageSk, WR_WEB_PAGE_SK),
+      getOrNullForKey(row, row.getWrReasonSk, WR_REASON_SK),
+      getOrNullForKey(row, row.getWrOrderNumber, WR_ORDER_NUMBER),
+      getOrNull(row, row.getWrPricing.getQuantity(), WR_PRICING_QUANTITY),
+      getOrNull(row, row.getWrPricing.getNetPaid(), WR_PRICING_NET_PAID),
+      getOrNull(row, row.getWrPricing.getExtTax(), WR_PRICING_EXT_TAX),
+      getOrNull(row, row.getWrPricing.getNetPaidIncludingTax(), WR_PRICING_NET_PAID_INC_TAX),
+      getOrNull(row, row.getWrPricing.getFee(), WR_PRICING_FEE),
+      getOrNull(row, row.getWrPricing.getExtShipCost(), WR_PRICING_EXT_SHIP_COST),
+      getOrNull(row, row.getWrPricing.getRefundedCash(), WR_PRICING_REFUNDED_CASH),
+      getOrNull(row, row.getWrPricing.getReversedCharge(), WR_PRICING_REVERSED_CHARGE),
+      getOrNull(row, row.getWrPricing.getStoreCredit(), WR_PRICING_STORE_CREDIT),
+      getOrNull(row, row.getWrPricing.getNetLoss(), WR_PRICING_NET_LOSS))
+  }
+
+  implicit class WarehouseRowImplicits(warehouseRow: WarehouseRow) {
+    def getWWarehouseSk: Long = WarehouseRowImplicits.wWarehouseSk.get(warehouseRow)
+    def getWWarehouseId: String = WarehouseRowImplicits.wWarehouseId.get(warehouseRow)
+    def getWWarehouseName: String = WarehouseRowImplicits.wWarehouseName.get(warehouseRow)
+    def getWWarehouseSqFt: Int = WarehouseRowImplicits.wWarehouseSqFt.get(warehouseRow)
+    def getWAddress: Address = WarehouseRowImplicits.wAddress.get(warehouseRow)
+  }
+
+  object WarehouseRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[WarehouseRow], field)
+        .buildChecked[T]()
+
+    lazy val wWarehouseSk = invoke[Long]("wWarehouseSk")
+    lazy val wWarehouseId = invoke[String]("wWarehouseId")
+    lazy val wWarehouseName = invoke[String]("wWarehouseName")
+    lazy val wWarehouseSqFt = invoke[Int]("wWarehouseSqFt")
+    lazy val wAddress = invoke[Address]("wAddress")
+
+    def values(row: WarehouseRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getWWarehouseSk, W_WAREHOUSE_SK),
+      getOrNull(row, row.getWWarehouseId, W_WAREHOUSE_ID),
+      getOrNull(row, row.getWWarehouseName, W_WAREHOUSE_NAME),
+      getOrNull(row, row.getWWarehouseSqFt, W_WAREHOUSE_SQ_FT),
+      getOrNull(row, row.getWAddress.getStreetNumber(), W_ADDRESS_STREET_NUM),
+      getOrNull(row, row.getWAddress.getStreetName(), W_ADDRESS_STREET_NAME1),
+      getOrNull(row, row.getWAddress.getStreetType(), W_ADDRESS_STREET_TYPE),
+      getOrNull(row, row.getWAddress.getSuiteNumber(), W_ADDRESS_SUITE_NUM),
+      getOrNull(row, row.getWAddress.getCity(), W_ADDRESS_CITY),
+      getOrNull(row, row.getWAddress.getCounty(), W_ADDRESS_COUNTY),
+      getOrNull(row, row.getWAddress.getState(), W_ADDRESS_STATE),
+      getOrNull(
+        row,
+        java.lang.String.format("%05d", row.getWAddress.getZip.asInstanceOf[Object]),
+        W_ADDRESS_ZIP),
+      getOrNull(row, row.getWAddress.getCountry(), W_ADDRESS_COUNTRY),
+      getOrNull(row, row.getWAddress.getGmtOffset(), W_ADDRESS_GMT_OFFSET))
+  }
+
+  implicit class CustomerRowImplicits(customerRow: CustomerRow) {
+    def getCCustomerSk: Long = CustomerRowImplicits.cCustomerSk.get(customerRow)
+    def getCCustomerId: String = CustomerRowImplicits.cCustomerId.get(customerRow)
+    def getCCurrentCdemoSk: Long = CustomerRowImplicits.cCurrentCdemoSk.get(customerRow)
+    def getCCurrentHdemoSk: Long = CustomerRowImplicits.cCurrentHdemoSk.get(customerRow)
+    def getCCurrentAddrSk: Long = CustomerRowImplicits.cCurrentAddrSk.get(customerRow)
+    def getCFirstShiptoDateId: Int = CustomerRowImplicits.cFirstShiptoDateId.get(customerRow)
+    def getCFirstSalesDateId: Int = CustomerRowImplicits.cFirstSalesDateId.get(customerRow)
+    def getCSalutation: String = CustomerRowImplicits.cSalutation.get(customerRow)
+    def getCFirstName: String = CustomerRowImplicits.cFirstName.get(customerRow)
+    def getCLastName: String = CustomerRowImplicits.cLastName.get(customerRow)
+    def isCPreferredCustFlag: Boolean = CustomerRowImplicits.cPreferredCustFlag.get(customerRow)
+    def getCBirthDay: Int = CustomerRowImplicits.cBirthDay.get(customerRow)
+    def getCBirthMonth: Int = CustomerRowImplicits.cBirthMonth.get(customerRow)
+    def getCBirthYear: Int = CustomerRowImplicits.cBirthYear.get(customerRow)
+    def getCBirthCountry: String = CustomerRowImplicits.cBirthCountry.get(customerRow)
+    def getCLogin: String = CustomerRowImplicits.cLogin.get(customerRow)
+    def getCEmailAddress: String = CustomerRowImplicits.cEmailAddress.get(customerRow)
+    def getCLastReviewDate: Int = CustomerRowImplicits.cLastReviewDate.get(customerRow)
+  }
+
+  object CustomerRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CustomerRow], field)
+        .buildChecked[T]()
+
+    lazy val cCustomerSk = invoke[Long]("cCustomerSk")
+    lazy val cCustomerId = invoke[String]("cCustomerId")
+    lazy val cCurrentCdemoSk = invoke[Long]("cCurrentCdemoSk")
+    lazy val cCurrentHdemoSk = invoke[Long]("cCurrentHdemoSk")
+    lazy val cCurrentAddrSk = invoke[Long]("cCurrentAddrSk")
+    lazy val cFirstShiptoDateId = invoke[Int]("cFirstShiptoDateId")
+    lazy val cFirstSalesDateId = invoke[Int]("cFirstSalesDateId")
+    lazy val cSalutation = invoke[String]("cSalutation")
+    lazy val cFirstName = invoke[String]("cFirstName")
+    lazy val cLastName = invoke[String]("cLastName")
+    lazy val cPreferredCustFlag = invoke[Boolean]("cPreferredCustFlag")
+    lazy val cBirthDay = invoke[Int]("cBirthDay")
+    lazy val cBirthMonth = invoke[Int]("cBirthMonth")
+    lazy val cBirthYear = invoke[Int]("cBirthYear")
+    lazy val cBirthCountry = invoke[String]("cBirthCountry")
+    lazy val cLogin = invoke[String]("cLogin")
+    lazy val cEmailAddress = invoke[String]("cEmailAddress")
+    lazy val cLastReviewDate = invoke[Int]("cLastReviewDate")
+
+    def values(row: CustomerRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCCustomerSk, C_CUSTOMER_SK),
+      getOrNull(row, row.getCCustomerId, C_CUSTOMER_ID),
+      getOrNullForKey(row, row.getCCurrentCdemoSk, C_CURRENT_CDEMO_SK),
+      getOrNullForKey(row, row.getCCurrentHdemoSk, C_CURRENT_HDEMO_SK),
+      getOrNullForKey(row, row.getCCurrentAddrSk, C_CURRENT_ADDR_SK),
+      getOrNull(row, row.getCFirstShiptoDateId, C_FIRST_SHIPTO_DATE_ID),
+      getOrNull(row, row.getCFirstSalesDateId, C_FIRST_SALES_DATE_ID),
+      getOrNull(row, row.getCSalutation, C_SALUTATION),
+      getOrNull(row, row.getCFirstName, C_FIRST_NAME),
+      getOrNull(row, row.getCLastName, C_LAST_NAME),
+      getOrNullForBoolean(row, row.isCPreferredCustFlag, C_PREFERRED_CUST_FLAG),
+      getOrNull(row, row.getCBirthDay, C_BIRTH_DAY),
+      getOrNull(row, row.getCBirthMonth, C_BIRTH_MONTH),
+      getOrNull(row, row.getCBirthYear, C_BIRTH_YEAR),
+      getOrNull(row, row.getCBirthCountry, C_BIRTH_COUNTRY),
+      row.getCLogin,
+      getOrNull(row, row.getCEmailAddress, C_EMAIL_ADDRESS),
+      getOrNull(row, row.getCLastReviewDate, C_LAST_REVIEW_DATE))
+  }
+
+  implicit class StoreReturnsRowImplicits(storeReturnsRow: StoreReturnsRow) {
+    def getSrReturnedDateSk: Long = StoreReturnsRowImplicits.srReturnedDateSk.get(storeReturnsRow)
+    def getSrReturnedTimeSk: Long = StoreReturnsRowImplicits.srReturnedTimeSk.get(storeReturnsRow)
+    def getSrItemSk: Long = StoreReturnsRowImplicits.srItemSk.get(storeReturnsRow)
+    def getSrCustomerSk: Long = StoreReturnsRowImplicits.srCustomerSk.get(storeReturnsRow)
+    def getSrCdemoSk: Long = StoreReturnsRowImplicits.srCdemoSk.get(storeReturnsRow)
+    def getSrHdemoSk: Long = StoreReturnsRowImplicits.srHdemoSk.get(storeReturnsRow)
+    def getSrAddrSk: Long = StoreReturnsRowImplicits.srAddrSk.get(storeReturnsRow)
+    def getSrStoreSk: Long = StoreReturnsRowImplicits.srStoreSk.get(storeReturnsRow)
+    def getSrReasonSk: Long = StoreReturnsRowImplicits.srReasonSk.get(storeReturnsRow)
+    def getSrTicketNumber: Long = StoreReturnsRowImplicits.srTicketNumber.get(storeReturnsRow)
+    def getSrPricing: Pricing = StoreReturnsRowImplicits.srPricing.get(storeReturnsRow)
+  }
+
+  object StoreReturnsRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[StoreReturnsRow], field)
+        .buildChecked[T]()
+
+    lazy val srReturnedDateSk = invoke[Long]("srReturnedDateSk")
+    lazy val srReturnedTimeSk = invoke[Long]("srReturnedTimeSk")
+    lazy val srItemSk = invoke[Long]("srItemSk")
+    lazy val srCustomerSk = invoke[Long]("srCustomerSk")
+    lazy val srCdemoSk = invoke[Long]("srCdemoSk")
+    lazy val srHdemoSk = invoke[Long]("srHdemoSk")
+    lazy val srAddrSk = invoke[Long]("srAddrSk")
+    lazy val srStoreSk = invoke[Long]("srStoreSk")
+    lazy val srReasonSk = invoke[Long]("srReasonSk")
+    lazy val srTicketNumber = invoke[Long]("srTicketNumber")
+    lazy val srPricing = invoke[Pricing]("srPricing")
+
+    def values(row: StoreReturnsRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getSrReturnedDateSk, SR_RETURNED_DATE_SK),
+      getOrNullForKey(row, row.getSrReturnedTimeSk, SR_RETURNED_TIME_SK),
+      getOrNullForKey(row, row.getSrItemSk, SR_ITEM_SK),
+      getOrNullForKey(row, row.getSrCustomerSk, SR_CUSTOMER_SK),
+      getOrNullForKey(row, row.getSrCdemoSk, SR_CDEMO_SK),
+      getOrNullForKey(row, row.getSrHdemoSk, SR_HDEMO_SK),
+      getOrNullForKey(row, row.getSrAddrSk, SR_ADDR_SK),
+      getOrNullForKey(row, row.getSrStoreSk, SR_STORE_SK),
+      getOrNullForKey(row, row.getSrReasonSk, SR_REASON_SK),
+      getOrNullForKey(row, row.getSrTicketNumber, SR_TICKET_NUMBER),
+      getOrNull(row, row.getSrPricing.getQuantity(), SR_PRICING_QUANTITY),
+      getOrNull(row, row.getSrPricing.getNetPaid(), SR_PRICING_NET_PAID),
+      getOrNull(row, row.getSrPricing.getExtTax(), SR_PRICING_EXT_TAX),
+      getOrNull(row, row.getSrPricing.getNetPaidIncludingTax(), SR_PRICING_NET_PAID_INC_TAX),
+      getOrNull(row, row.getSrPricing.getFee(), SR_PRICING_FEE),
+      getOrNull(row, row.getSrPricing.getExtShipCost(), SR_PRICING_EXT_SHIP_COST),
+      getOrNull(row, row.getSrPricing.getRefundedCash(), SR_PRICING_REFUNDED_CASH),
+      getOrNull(row, row.getSrPricing.getReversedCharge(), SR_PRICING_REVERSED_CHARGE),
+      getOrNull(row, row.getSrPricing.getStoreCredit(), SR_PRICING_STORE_CREDIT),
+      getOrNull(row, row.getSrPricing.getNetLoss(), SR_PRICING_NET_LOSS))
+  }
+
+  implicit class CatalogReturnsRowImplicits(catalogReturnsRow: CatalogReturnsRow) {
+    def getCrReturnedDateSk: Long =
+      CatalogReturnsRowImplicits.crReturnedDateSk.get(catalogReturnsRow)
+    def getCrReturnedTimeSk: Long =
+      CatalogReturnsRowImplicits.crReturnedTimeSk.get(catalogReturnsRow)
+    def getCrItemSk: Long = CatalogReturnsRowImplicits.crItemSk.get(catalogReturnsRow)
+    def getCrRefundedCustomerSk: Long =
+      CatalogReturnsRowImplicits.crRefundedCustomerSk.get(catalogReturnsRow)
+    def getCrRefundedCdemoSk: Long =
+      CatalogReturnsRowImplicits.crRefundedCdemoSk.get(catalogReturnsRow)
+    def getCrRefundedHdemoSk: Long =
+      CatalogReturnsRowImplicits.crRefundedHdemoSk.get(catalogReturnsRow)
+    def getCrRefundedAddrSk: Long =
+      CatalogReturnsRowImplicits.crRefundedAddrSk.get(catalogReturnsRow)
+    def getCrReturningCustomerSk: Long =
+      CatalogReturnsRowImplicits.crReturningCustomerSk.get(catalogReturnsRow)
+    def getCrReturningCdemoSk: Long =
+      CatalogReturnsRowImplicits.crReturningCdemoSk.get(catalogReturnsRow)
+    def getCrReturningHdemoSk: Long =
+      CatalogReturnsRowImplicits.crReturningHdemoSk.get(catalogReturnsRow)
+    def getCrReturningAddrSk: Long =
+      CatalogReturnsRowImplicits.crReturningAddrSk.get(catalogReturnsRow)
+    def getCrCallCenterSk: Long = CatalogReturnsRowImplicits.crCallCenterSk.get(catalogReturnsRow)
+    def getCrCatalogPageSk: Long = CatalogReturnsRowImplicits.crCatalogPageSk.get(catalogReturnsRow)
+    def getCrShipModeSk: Long = CatalogReturnsRowImplicits.crShipModeSk.get(catalogReturnsRow)
+    def getCrWarehouseSk: Long = CatalogReturnsRowImplicits.crWarehouseSk.get(catalogReturnsRow)
+    def getCrReasonSk: Long = CatalogReturnsRowImplicits.crReasonSk.get(catalogReturnsRow)
+    def getCrOrderNumber: Long = CatalogReturnsRowImplicits.crOrderNumber.get(catalogReturnsRow)
+    def getCrPricing: Pricing = CatalogReturnsRowImplicits.crPricing.get(catalogReturnsRow)
+  }
+
+  object CatalogReturnsRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CatalogReturnsRow], field)
+        .buildChecked[T]()
+
+    lazy val crReturnedDateSk = invoke[Long]("crReturnedDateSk")
+    lazy val crReturnedTimeSk = invoke[Long]("crReturnedTimeSk")
+    lazy val crItemSk = invoke[Long]("crItemSk")
+    lazy val crRefundedCustomerSk = invoke[Long]("crRefundedCustomerSk")
+    lazy val crRefundedCdemoSk = invoke[Long]("crRefundedCdemoSk")
+    lazy val crRefundedHdemoSk = invoke[Long]("crRefundedHdemoSk")
+    lazy val crRefundedAddrSk = invoke[Long]("crRefundedAddrSk")
+    lazy val crReturningCustomerSk = invoke[Long]("crReturningCustomerSk")
+    lazy val crReturningCdemoSk = invoke[Long]("crReturningCdemoSk")
+    lazy val crReturningHdemoSk = invoke[Long]("crReturningHdemoSk")
+    lazy val crReturningAddrSk = invoke[Long]("crReturningAddrSk")
+    lazy val crCallCenterSk = invoke[Long]("crCallCenterSk")
+    lazy val crCatalogPageSk = invoke[Long]("crCatalogPageSk")
+    lazy val crShipModeSk = invoke[Long]("crShipModeSk")
+    lazy val crWarehouseSk = invoke[Long]("crWarehouseSk")
+    lazy val crReasonSk = invoke[Long]("crReasonSk")
+    lazy val crOrderNumber = invoke[Long]("crOrderNumber")
+    lazy val crPricing = invoke[Pricing]("crPricing")
+
+    def values(row: CatalogReturnsRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCrReturnedDateSk, CR_RETURNED_DATE_SK),
+      getOrNullForKey(row, row.getCrReturnedTimeSk, CR_RETURNED_TIME_SK),
+      getOrNullForKey(row, row.getCrItemSk, CR_ITEM_SK),
+      getOrNullForKey(row, row.getCrRefundedCustomerSk, CR_REFUNDED_CUSTOMER_SK),
+      getOrNullForKey(row, row.getCrRefundedCdemoSk, CR_REFUNDED_CDEMO_SK),
+      getOrNullForKey(row, row.getCrRefundedHdemoSk, CR_REFUNDED_HDEMO_SK),
+      getOrNullForKey(row, row.getCrRefundedAddrSk, CR_REFUNDED_ADDR_SK),
+      getOrNullForKey(row, row.getCrReturningCustomerSk, CR_RETURNING_CUSTOMER_SK),
+      getOrNullForKey(row, row.getCrReturningCdemoSk, CR_RETURNING_CDEMO_SK),
+      getOrNullForKey(row, row.getCrReturningHdemoSk, CR_RETURNING_HDEMO_SK),
+      getOrNullForKey(row, row.getCrReturningAddrSk, CR_RETURNING_ADDR_SK),
+      getOrNullForKey(row, row.getCrCallCenterSk, CR_CALL_CENTER_SK),
+      getOrNullForKey(row, row.getCrCatalogPageSk, CR_CATALOG_PAGE_SK),
+      getOrNullForKey(row, row.getCrShipModeSk, CR_SHIP_MODE_SK),
+      getOrNullForKey(row, row.getCrWarehouseSk, CR_WAREHOUSE_SK),
+      getOrNullForKey(row, row.getCrReasonSk, CR_REASON_SK),
+      getOrNull(row, row.getCrOrderNumber, CR_ORDER_NUMBER),
+      getOrNull(row, row.getCrPricing.getQuantity(), CR_PRICING_QUANTITY),
+      getOrNull(row, row.getCrPricing.getNetPaid(), CR_PRICING_NET_PAID),
+      getOrNull(row, row.getCrPricing.getExtTax(), CR_PRICING_EXT_TAX),
+      getOrNull(row, row.getCrPricing.getNetPaidIncludingTax(), CR_PRICING_NET_PAID_INC_TAX),
+      getOrNull(row, row.getCrPricing.getFee(), CR_PRICING_FEE),
+      getOrNull(row, row.getCrPricing.getExtShipCost(), CR_PRICING_EXT_SHIP_COST),
+      getOrNull(row, row.getCrPricing.getRefundedCash(), CR_PRICING_REFUNDED_CASH),
+      getOrNull(row, row.getCrPricing.getReversedCharge(), CR_PRICING_REVERSED_CHARGE),
+      getOrNull(row, row.getCrPricing.getStoreCredit(), CR_PRICING_STORE_CREDIT),
+      getOrNull(row, row.getCrPricing.getNetLoss(), CR_PRICING_NET_LOSS))
+  }
+
+  implicit class CatalogSalesRowImplicits(catalogSalesRow: CatalogSalesRow) {
+    def getCsSoldDateSk: Long = CatalogSalesRowImplicits.csSoldDateSk.get(catalogSalesRow)
+    def getCsSoldTimeSk: Long = CatalogSalesRowImplicits.csSoldTimeSk.get(catalogSalesRow)
+    def getCsShipDateSk: Long = CatalogSalesRowImplicits.csShipDateSk.get(catalogSalesRow)
+    def getCsBillCustomerSk: Long = CatalogSalesRowImplicits.csBillCustomerSk.get(catalogSalesRow)
+    def getCsBillCdemoSk: Long = CatalogSalesRowImplicits.csBillCdemoSk.get(catalogSalesRow)
+    def getCsBillHdemoSk: Long = CatalogSalesRowImplicits.csBillHdemoSk.get(catalogSalesRow)
+    def getCsBillAddrSk: Long = CatalogSalesRowImplicits.csBillAddrSk.get(catalogSalesRow)
+    def getCsShipCustomerSk: Long = CatalogSalesRowImplicits.csShipCustomerSk.get(catalogSalesRow)
+    def getCsShipCdemoSk: Long = CatalogSalesRowImplicits.csShipCdemoSk.get(catalogSalesRow)
+    def getCsShipHdemoSk: Long = CatalogSalesRowImplicits.csShipHdemoSk.get(catalogSalesRow)
+    def getCsShipAddrSk: Long = CatalogSalesRowImplicits.csShipAddrSk.get(catalogSalesRow)
+    def getCsCallCenterSk: Long = CatalogSalesRowImplicits.csCallCenterSk.get(catalogSalesRow)
+    def getCsCatalogPageSk: Long = CatalogSalesRowImplicits.csCatalogPageSk.get(catalogSalesRow)
+    def getCsShipModeSk: Long = CatalogSalesRowImplicits.csShipModeSk.get(catalogSalesRow)
+    def getCsWarehouseSk: Long = CatalogSalesRowImplicits.csWarehouseSk.get(catalogSalesRow)
+    def getCsSoldItemSk: Long = CatalogSalesRowImplicits.csSoldItemSk.get(catalogSalesRow)
+    def getCsPromoSk: Long = CatalogSalesRowImplicits.csPromoSk.get(catalogSalesRow)
+    def getCsOrderNumber: Long = CatalogSalesRowImplicits.csOrderNumber.get(catalogSalesRow)
+    def getCsPricing: Pricing = CatalogSalesRowImplicits.csPricing.get(catalogSalesRow)
+  }
+
+  object CatalogSalesRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CatalogSalesRow], field)
+        .buildChecked[T]()
+
+    lazy val csSoldDateSk = invoke[Long]("csSoldDateSk")
+    lazy val csSoldTimeSk = invoke[Long]("csSoldTimeSk")
+    lazy val csShipDateSk = invoke[Long]("csShipDateSk")
+    lazy val csBillCustomerSk = invoke[Long]("csBillCustomerSk")
+    lazy val csBillCdemoSk = invoke[Long]("csBillCdemoSk")
+    lazy val csBillHdemoSk = invoke[Long]("csBillHdemoSk")
+    lazy val csBillAddrSk = invoke[Long]("csBillAddrSk")
+    lazy val csShipCustomerSk = invoke[Long]("csShipCustomerSk")
+    lazy val csShipCdemoSk = invoke[Long]("csShipCdemoSk")
+    lazy val csShipHdemoSk = invoke[Long]("csShipHdemoSk")
+    lazy val csShipAddrSk = invoke[Long]("csShipAddrSk")
+    lazy val csCallCenterSk = invoke[Long]("csCallCenterSk")
+    lazy val csCatalogPageSk = invoke[Long]("csCatalogPageSk")
+    lazy val csShipModeSk = invoke[Long]("csShipModeSk")
+    lazy val csWarehouseSk = invoke[Long]("csWarehouseSk")
+    lazy val csSoldItemSk = invoke[Long]("csSoldItemSk")
+    lazy val csPromoSk = invoke[Long]("csPromoSk")
+    lazy val csOrderNumber = invoke[Long]("csOrderNumber")
+    lazy val csPricing = invoke[Pricing]("csPricing")
+
+    def values(row: CatalogSalesRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCsSoldDateSk, CS_SOLD_DATE_SK),
+      getOrNullForKey(row, row.getCsSoldTimeSk, CS_SOLD_TIME_SK),
+      getOrNullForKey(row, row.getCsShipDateSk, CS_SHIP_DATE_SK),
+      getOrNullForKey(row, row.getCsBillCustomerSk, CS_BILL_CUSTOMER_SK),
+      getOrNullForKey(row, row.getCsBillCdemoSk, CS_BILL_CDEMO_SK),
+      getOrNullForKey(row, row.getCsBillHdemoSk, CS_BILL_HDEMO_SK),
+      getOrNullForKey(row, row.getCsBillAddrSk, CS_BILL_ADDR_SK),
+      getOrNullForKey(row, row.getCsShipCustomerSk, CS_SHIP_CUSTOMER_SK),
+      getOrNullForKey(row, row.getCsShipCdemoSk, CS_SHIP_CDEMO_SK),
+      getOrNullForKey(row, row.getCsShipHdemoSk, CS_SHIP_HDEMO_SK),
+      getOrNullForKey(row, row.getCsShipAddrSk, CS_SHIP_ADDR_SK),
+      getOrNullForKey(row, row.getCsCallCenterSk, CS_CALL_CENTER_SK),
+      getOrNullForKey(row, row.getCsCatalogPageSk, CS_CATALOG_PAGE_SK),
+      getOrNullForKey(row, row.getCsShipModeSk, CS_SHIP_MODE_SK),
+      getOrNull(row, row.getCsWarehouseSk, CS_WAREHOUSE_SK),
+      getOrNullForKey(row, row.getCsSoldItemSk, CS_SOLD_ITEM_SK),
+      getOrNullForKey(row, row.getCsPromoSk, CS_PROMO_SK),
+      getOrNull(row, row.getCsOrderNumber, CS_ORDER_NUMBER),
+      getOrNull(row, row.getCsPricing.getQuantity(), CS_PRICING_QUANTITY),
+      getOrNull(row, row.getCsPricing.getWholesaleCost(), CS_PRICING_WHOLESALE_COST),
+      getOrNull(row, row.getCsPricing.getListPrice(), CS_PRICING_LIST_PRICE),
+      getOrNull(row, row.getCsPricing.getSalesPrice(), CS_PRICING_SALES_PRICE),
+      getOrNull(row, row.getCsPricing.getExtDiscountAmount(), CS_PRICING_EXT_DISCOUNT_AMOUNT),
+      getOrNull(row, row.getCsPricing.getExtSalesPrice(), CS_PRICING_EXT_SALES_PRICE),
+      getOrNull(row, row.getCsPricing.getExtWholesaleCost(), CS_PRICING_EXT_WHOLESALE_COST),
+      getOrNull(row, row.getCsPricing.getExtListPrice(), CS_PRICING_EXT_LIST_PRICE),
+      getOrNull(row, row.getCsPricing.getExtTax(), CS_PRICING_EXT_TAX),
+      getOrNull(row, row.getCsPricing.getCouponAmount(), CS_PRICING_COUPON_AMT),
+      getOrNull(row, row.getCsPricing.getExtShipCost(), CS_PRICING_EXT_SHIP_COST),
+      getOrNull(row, row.getCsPricing.getNetPaid(), CS_PRICING_NET_PAID),
+      getOrNull(row, row.getCsPricing.getNetPaidIncludingTax(), CS_PRICING_NET_PAID_INC_TAX),
+      getOrNull(row, row.getCsPricing.getNetPaidIncludingShipping(), CS_PRICING_NET_PAID_INC_SHIP),
+      getOrNull(
+        row,
+        row.getCsPricing.getNetPaidIncludingShippingAndTax(),
+        CS_PRICING_NET_PAID_INC_SHIP_TAX),
+      getOrNull(row, row.getCsPricing.getNetProfit(), CS_PRICING_NET_PROFIT))
+  }
+
+  implicit class WebPageRowImplicits(webPageRow: WebPageRow) {
+    def getWpPageSk: Long = WebPageRowImplicits.wpPageSk.get(webPageRow)
+    def getWpPageId: String = WebPageRowImplicits.wpPageId.get(webPageRow)
+    def getWpRecStartDateId: Long = WebPageRowImplicits.wpRecStartDateId.get(webPageRow)
+    def getWpRecEndDateId: Long = WebPageRowImplicits.wpRecEndDateId.get(webPageRow)
+    def getWpCreationDateSk: Long = WebPageRowImplicits.wpCreationDateSk.get(webPageRow)
+    def getWpAccessDateSk: Long = WebPageRowImplicits.wpAccessDateSk.get(webPageRow)
+    def isWpAutogenFlag: Boolean = WebPageRowImplicits.wpAutogenFlag.get(webPageRow)
+    def getWpCustomerSk: Long = WebPageRowImplicits.wpCustomerSk.get(webPageRow)
+    def getWpUrl: String = WebPageRowImplicits.wpUrl.get(webPageRow)
+    def getWpType: String = WebPageRowImplicits.wpType.get(webPageRow)
+    def getWpCharCount: Int = WebPageRowImplicits.wpCharCount.get(webPageRow)
+    def getWpLinkCount: Int = WebPageRowImplicits.wpLinkCount.get(webPageRow)
+    def getWpImageCount: Int = WebPageRowImplicits.wpImageCount.get(webPageRow)
+    def getWpMaxAdCount: Int = WebPageRowImplicits.wpMaxAdCount.get(webPageRow)
+  }
+
+  object WebPageRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[WebPageRow], field)
+        .buildChecked[T]()
+
+    lazy val wpPageSk = invoke[Long]("wpPageSk")
+    lazy val wpPageId = invoke[String]("wpPageId")
+    lazy val wpRecStartDateId = invoke[Long]("wpRecStartDateId")
+    lazy val wpRecEndDateId = invoke[Long]("wpRecEndDateId")
+    lazy val wpCreationDateSk = invoke[Long]("wpCreationDateSk")
+    lazy val wpAccessDateSk = invoke[Long]("wpAccessDateSk")
+    lazy val wpAutogenFlag = invoke[Boolean]("wpAutogenFlag")
+    lazy val wpCustomerSk = invoke[Long]("wpCustomerSk")
+    lazy val wpUrl = invoke[String]("wpUrl")
+    lazy val wpType = invoke[String]("wpType")
+    lazy val wpCharCount = invoke[Int]("wpCharCount")
+    lazy val wpLinkCount = invoke[Int]("wpLinkCount")
+    lazy val wpImageCount = invoke[Int]("wpImageCount")
+    lazy val wpMaxAdCount = invoke[Int]("wpMaxAdCount")
+
+    def values(row: WebPageRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getWpPageSk, WP_PAGE_SK),
+      getOrNull(row, row.getWpPageId, WP_PAGE_ID),
+      getDateOrNullFromJulianDays(row, row.getWpRecStartDateId, WP_REC_START_DATE_ID),
+      getDateOrNullFromJulianDays(row, row.getWpRecEndDateId, WP_REC_END_DATE_ID),
+      getOrNullForKey(row, row.getWpCreationDateSk, WP_CREATION_DATE_SK),
+      getOrNullForKey(row, row.getWpAccessDateSk, WP_ACCESS_DATE_SK),
+      getOrNullForBoolean(row, row.isWpAutogenFlag, WP_AUTOGEN_FLAG),
+      getOrNullForKey(row, row.getWpCustomerSk, WP_CUSTOMER_SK),
+      getOrNull(row, row.getWpUrl, WP_URL),
+      getOrNull(row, row.getWpType, WP_TYPE),
+      getOrNull(row, row.getWpCharCount, WP_CHAR_COUNT),
+      getOrNull(row, row.getWpLinkCount, WP_LINK_COUNT),
+      getOrNull(row, row.getWpImageCount, WP_IMAGE_COUNT),
+      getOrNull(row, row.getWpMaxAdCount, WP_MAX_AD_COUNT))
+  }
+
+  implicit class CallCenterRowImplicits(callCenterRow: CallCenterRow) {
+    def getCcCallCenterSk: Long = CallCenterRowImplicits.ccCallCenterSk.get(callCenterRow)
+    def getCcCallCenterId: String = CallCenterRowImplicits.ccCallCenterId.get(callCenterRow)
+    def getCcRecStartDateId: Long = CallCenterRowImplicits.ccRecStartDateId.get(callCenterRow)
+    def getCcRecEndDateId: Long = CallCenterRowImplicits.ccRecEndDateId.get(callCenterRow)
+    def getCcClosedDateId: Long = CallCenterRowImplicits.ccClosedDateId.get(callCenterRow)
+    def getCcOpenDateId: Long = CallCenterRowImplicits.ccOpenDateId.get(callCenterRow)
+    def getCcName: String = CallCenterRowImplicits.ccName.get(callCenterRow)
+    def getCcClass: String = CallCenterRowImplicits.ccClass.get(callCenterRow)
+    def getCcEmployees: Int = CallCenterRowImplicits.ccEmployees.get(callCenterRow)
+    def getCcSqFt: Int = CallCenterRowImplicits.ccSqFt.get(callCenterRow)
+    def getCcHours: String = CallCenterRowImplicits.ccHours.get(callCenterRow)
+    def getCcManager: String = CallCenterRowImplicits.ccManager.get(callCenterRow)
+    def getCcMarketId: Int = CallCenterRowImplicits.ccMarketId.get(callCenterRow)
+    def getCcMarketClass: String = CallCenterRowImplicits.ccMarketClass.get(callCenterRow)
+    def getCcMarketDesc: String = CallCenterRowImplicits.ccMarketDesc.get(callCenterRow)
+    def getCcMarketManager: String = CallCenterRowImplicits.ccMarketManager.get(callCenterRow)
+    def getCcDivisionId: Int = CallCenterRowImplicits.ccDivisionId.get(callCenterRow)
+    def getCcDivisionName: String = CallCenterRowImplicits.ccDivisionName.get(callCenterRow)
+    def getCcCompany: Int = CallCenterRowImplicits.ccCompany.get(callCenterRow)
+    def getCcCompanyName: String = CallCenterRowImplicits.ccCompanyName.get(callCenterRow)
+    def getCcAddress: Address = CallCenterRowImplicits.ccAddress.get(callCenterRow)
+    def getCcTaxPercentage: TPCDSDecimal = CallCenterRowImplicits.ccTaxPercentage.get(callCenterRow)
+  }
+
+  object CallCenterRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CallCenterRow], field)
+        .buildChecked[T]()
+
+    lazy val ccCallCenterSk = invoke[Long]("ccCallCenterSk")
+    lazy val ccCallCenterId = invoke[String]("ccCallCenterId")
+    lazy val ccRecStartDateId = invoke[Long]("ccRecStartDateId")
+    lazy val ccRecEndDateId = invoke[Long]("ccRecEndDateId")
+    lazy val ccClosedDateId = invoke[Long]("ccClosedDateId")
+    lazy val ccOpenDateId = invoke[Long]("ccOpenDateId")
+    lazy val ccName = invoke[String]("ccName")
+    lazy val ccClass = invoke[String]("ccClass")
+    lazy val ccEmployees = invoke[Int]("ccEmployees")
+    lazy val ccSqFt = invoke[Int]("ccSqFt")
+    lazy val ccHours = invoke[String]("ccHours")
+    lazy val ccManager = invoke[String]("ccManager")
+    lazy val ccMarketId = invoke[Int]("ccMarketId")
+    lazy val ccMarketClass = invoke[String]("ccMarketClass")
+    lazy val ccMarketDesc = invoke[String]("ccMarketDesc")
+    lazy val ccMarketManager = invoke[String]("ccMarketManager")
+    lazy val ccDivisionId = invoke[Int]("ccDivisionId")
+    lazy val ccDivisionName = invoke[String]("ccDivisionName")
+    lazy val ccCompany = invoke[Int]("ccCompany")
+    lazy val ccCompanyName = invoke[String]("ccCompanyName")
+    lazy val ccAddress = invoke[Address]("ccAddress")
+    lazy val ccTaxPercentage = invoke[TPCDSDecimal]("ccTaxPercentage")
+
+    def values(row: CallCenterRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCcCallCenterSk, CC_CALL_CENTER_SK),
+      getOrNull(row, row.getCcCallCenterId, CC_CALL_CENTER_ID),
+      getDateOrNullFromJulianDays(row, row.getCcRecStartDateId, CC_REC_START_DATE_ID),
+      getDateOrNullFromJulianDays(row, row.getCcRecEndDateId, CC_REC_END_DATE_ID),
+      getOrNullForKey(row, row.getCcClosedDateId, CC_CLOSED_DATE_ID),
+      getOrNullForKey(row, row.getCcOpenDateId, CC_OPEN_DATE_ID),
+      getOrNull(row, row.getCcName, CC_NAME),
+      getOrNull(row, row.getCcClass, CC_CLASS),
+      getOrNull(row, row.getCcEmployees, CC_EMPLOYEES),
+      getOrNull(row, row.getCcSqFt, CC_SQ_FT),
+      getOrNull(row, row.getCcHours, CC_HOURS),
+      getOrNull(row, row.getCcManager, CC_MANAGER),
+      getOrNull(row, row.getCcMarketId, CC_MARKET_ID),
+      getOrNull(row, row.getCcMarketClass, CC_MARKET_CLASS),
+      getOrNull(row, row.getCcMarketDesc, CC_MARKET_DESC),
+      getOrNull(row, row.getCcMarketManager, CC_MARKET_MANAGER),
+      getOrNull(row, row.getCcDivisionId, CC_DIVISION),
+      getOrNull(row, row.getCcDivisionName, CC_DIVISION_NAME),
+      getOrNull(row, row.getCcCompany, CC_COMPANY),
+      getOrNull(row, row.getCcCompanyName, CC_COMPANY_NAME),
+      getOrNull(row, row.getCcAddress.getStreetNumber, CC_STREET_NUMBER),
+      getOrNull(row, row.getCcAddress.getStreetName, CC_STREET_NAME),
+      getOrNull(row, row.getCcAddress.getStreetType, CC_STREET_TYPE),
+      getOrNull(row, row.getCcAddress.getSuiteNumber, CC_SUITE_NUMBER),
+      getOrNull(row, row.getCcAddress.getCity, CC_CITY),
+      getOrNull(row, row.getCcAddress.getCounty, CC_ADDRESS),
+      getOrNull(row, row.getCcAddress.getState, CC_STATE),
+      getOrNull(
+        row,
+        java.lang.String.format("%05d", row.getCcAddress.getZip.asInstanceOf[Object]),
+        CC_ZIP),
+      getOrNull(row, row.getCcAddress.getCountry, CC_COUNTRY),
+      getOrNull(row, row.getCcAddress.getGmtOffset, CC_GMT_OFFSET),
+      getOrNull(row, row.getCcTaxPercentage, CC_TAX_PERCENTAGE))
+  }
+
+  implicit class CustomerAddressRowImplicits(customerAddressRow: CustomerAddressRow) {
+    def getCaAddrSk: Long = CustomerAddressRowImplicits.caAddrSk.get(customerAddressRow)
+    def getCaAddrId: String = CustomerAddressRowImplicits.caAddrId.get(customerAddressRow)
+    def getCaAddress: Address = CustomerAddressRowImplicits.caAddress.get(customerAddressRow)
+    def getCaLocationType: String =
+      CustomerAddressRowImplicits.caLocationType.get(customerAddressRow)
+  }
+
+  object CustomerAddressRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[CustomerAddressRow], field)
+        .buildChecked[T]()
+
+    lazy val caAddrSk = invoke[Long]("caAddrSk")
+    lazy val caAddrId = invoke[String]("caAddrId")
+    lazy val caAddress = invoke[Address]("caAddress")
+    lazy val caLocationType = invoke[String]("caLocationType")
+
+    def values(row: CustomerAddressRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getCaAddrSk, CA_ADDRESS_SK),
+      getOrNull(row, row.getCaAddrId, CA_ADDRESS_ID),
+      getOrNull(row, row.getCaAddress.getStreetNumber(), CA_ADDRESS_STREET_NUM),
+      getOrNull(row, row.getCaAddress.getStreetName(), CA_ADDRESS_STREET_NAME),
+      getOrNull(row, row.getCaAddress.getStreetType(), CA_ADDRESS_STREET_TYPE),
+      getOrNull(row, row.getCaAddress.getSuiteNumber(), CA_ADDRESS_SUITE_NUM),
+      getOrNull(row, row.getCaAddress.getCity(), CA_ADDRESS_CITY),
+      getOrNull(row, row.getCaAddress.getCounty(), CA_ADDRESS_COUNTY),
+      getOrNull(row, row.getCaAddress.getState(), CA_ADDRESS_STATE),
+      getOrNull(
+        row,
+        java.lang.String.format("%05d", row.getCaAddress.getZip.asInstanceOf[Object]),
+        CA_ADDRESS_ZIP),
+      getOrNull(row, row.getCaAddress.getCountry(), CA_ADDRESS_COUNTRY),
+      getOrNull(row, row.getCaAddress.getGmtOffset(), CA_ADDRESS_GMT_OFFSET),
+      getOrNull(row, row.getCaLocationType, CA_LOCATION_TYPE))
+  }
+
+  implicit class DateDimRowImplicits(dateDimRow: DateDimRow) {
+    def getDDateSk: Long = DateDimRowImplicits.dDateSk.get(dateDimRow)
+    def getDDateId: String = DateDimRowImplicits.dDateId.get(dateDimRow)
+    def getDMonthSeq: Int = DateDimRowImplicits.dMonthSeq.get(dateDimRow)
+    def getDWeekSeq: Int = DateDimRowImplicits.dWeekSeq.get(dateDimRow)
+    def getDQuarterSeq: Int = DateDimRowImplicits.dQuarterSeq.get(dateDimRow)
+    def getDYear: Int = DateDimRowImplicits.dYear.get(dateDimRow)
+    def getDDow: Int = DateDimRowImplicits.dDow.get(dateDimRow)
+    def getDMoy: Int = DateDimRowImplicits.dMoy.get(dateDimRow)
+    def getDDom: Int = DateDimRowImplicits.dDom.get(dateDimRow)
+    def getDQoy: Int = DateDimRowImplicits.dQoy.get(dateDimRow)
+    def getDFyYear: Int = DateDimRowImplicits.dFyYear.get(dateDimRow)
+    def getDFyQuarterSeq: Int = DateDimRowImplicits.dFyQuarterSeq.get(dateDimRow)
+    def getDFyWeekSeq: Int = DateDimRowImplicits.dFyWeekSeq.get(dateDimRow)
+    def getDDayName: String = DateDimRowImplicits.dDayName.get(dateDimRow)
+    def isDHoliday: Boolean = DateDimRowImplicits.dHoliday.get(dateDimRow)
+    def isDWeekend: Boolean = DateDimRowImplicits.dWeekend.get(dateDimRow)
+    def isDFollowingHoliday: Boolean = DateDimRowImplicits.dFollowingHoliday.get(dateDimRow)
+    def getDFirstDom: Int = DateDimRowImplicits.dFirstDom.get(dateDimRow)
+    def getDLastDom: Int = DateDimRowImplicits.dLastDom.get(dateDimRow)
+    def getDSameDayLy: Int = DateDimRowImplicits.dSameDayLy.get(dateDimRow)
+    def getDSameDayLq: Int = DateDimRowImplicits.dSameDayLq.get(dateDimRow)
+    def isDCurrentDay: Boolean = DateDimRowImplicits.dCurrentDay.get(dateDimRow)
+    def isDCurrentWeek: Boolean = DateDimRowImplicits.dCurrentWeek.get(dateDimRow)
+    def isDCurrentMonth: Boolean = DateDimRowImplicits.dCurrentMonth.get(dateDimRow)
+    def isDCurrentQuarter: Boolean = DateDimRowImplicits.dCurrentQuarter.get(dateDimRow)
+    def isDCurrentYear: Boolean = DateDimRowImplicits.dCurrentYear.get(dateDimRow)
+  }
+
+  object DateDimRowImplicits {
+    def invoke[T](field: String): DynFields.UnboundField[T] =
+      DynFields.builder()
+        .hiddenImpl(classOf[DateDimRow], field)
+        .buildChecked[T]()
+
+    lazy val dDateSk = invoke[Long]("dDateSk")
+    lazy val dDateId = invoke[String]("dDateId")
+    lazy val dMonthSeq = invoke[Int]("dMonthSeq")
+    lazy val dWeekSeq = invoke[Int]("dWeekSeq")
+    lazy val dQuarterSeq = invoke[Int]("dQuarterSeq")
+    lazy val dYear = invoke[Int]("dYear")
+    lazy val dDow = invoke[Int]("dDow")
+    lazy val dMoy = invoke[Int]("dMoy")
+    lazy val dDom = invoke[Int]("dDom")
+    lazy val dQoy = invoke[Int]("dQoy")
+    lazy val dFyYear = invoke[Int]("dFyYear")
+    lazy val dFyQuarterSeq = invoke[Int]("dFyQuarterSeq")
+    lazy val dFyWeekSeq = invoke[Int]("dFyWeekSeq")
+    lazy val dDayName = invoke[String]("dDayName")
+    lazy val dHoliday = invoke[Boolean]("dHoliday")
+    lazy val dWeekend = invoke[Boolean]("dWeekend")
+    lazy val dFollowingHoliday = invoke[Boolean]("dFollowingHoliday")
+    lazy val dFirstDom = invoke[Int]("dFirstDom")
+    lazy val dLastDom = invoke[Int]("dLastDom")
+    lazy val dSameDayLy = invoke[Int]("dSameDayLy")
+    lazy val dSameDayLq = invoke[Int]("dSameDayLq")
+    lazy val dCurrentDay = invoke[Boolean]("dCurrentDay")
+    lazy val dCurrentWeek = invoke[Boolean]("dCurrentWeek")
+    lazy val dCurrentMonth = invoke[Boolean]("dCurrentMonth")
+    lazy val dCurrentQuarter = invoke[Boolean]("dCurrentQuarter")
+    lazy val dCurrentYear = invoke[Boolean]("dCurrentYear")
+
+    def values(row: DateDimRow): Array[Any] = Array(
+      getOrNullForKey(row, row.getDDateSk, D_DATE_SK),
+      getOrNull(row, row.getDDateId, D_DATE_ID),
+      getDateOrNullFromJulianDays(row, row.getDDateSk, D_DATE_SK),
+      getOrNull(row, row.getDMonthSeq, D_MONTH_SEQ),
+      getOrNull(row, row.getDWeekSeq, D_WEEK_SEQ),
+      getOrNull(row, row.getDQuarterSeq, D_QUARTER_SEQ),
+      getOrNull(row, row.getDYear, D_YEAR),
+      getOrNull(row, row.getDDow, D_DOW),
+      getOrNull(row, row.getDMoy, D_MOY),
+      getOrNull(row, row.getDDom, D_DOM),
+      getOrNull(row, row.getDQoy, D_QOY),
+      getOrNull(row, row.getDFyYear, D_FY_YEAR),
+      getOrNull(row, row.getDFyQuarterSeq, D_FY_QUARTER_SEQ),
+      getOrNull(row, row.getDFyWeekSeq, D_FY_WEEK_SEQ),
+      getOrNull(row, row.getDDayName, D_DAY_NAME),
+      getOrNull(
+        row,
+        java.lang.String.format(
+          "%4dQ%d",
+          row.getDYear.asInstanceOf[Object],
+          row.getDQoy.asInstanceOf[Object]),
+        D_QUARTER_NAME),
+      getOrNullForBoolean(row, row.isDHoliday, D_HOLIDAY),
+      getOrNullForBoolean(row, row.isDWeekend, D_WEEKEND),
+      getOrNullForBoolean(row, row.isDFollowingHoliday, D_FOLLOWING_HOLIDAY),
+      getOrNull(row, row.getDFirstDom, D_FIRST_DOM),
+      getOrNull(row, row.getDLastDom, D_LAST_DOM),
+      getOrNull(row, row.getDSameDayLy, D_SAME_DAY_LY),
+      getOrNull(row, row.getDSameDayLq, D_SAME_DAY_LQ),
+      getOrNullForBoolean(row, row.isDCurrentDay, D_CURRENT_DAY),
+      getOrNullForBoolean(row, row.isDCurrentWeek, D_CURRENT_WEEK),
+      getOrNullForBoolean(row, row.isDCurrentMonth, D_CURRENT_MONTH),
+      getOrNullForBoolean(row, row.isDCurrentQuarter, D_CURRENT_QUARTER),
+      getOrNullForBoolean(row, row.isDCurrentYear, D_CURRENT_YEAR))
+  }
+
+  def getValues: TableRow => Array[Any] = {
+    case row: StoreRow => StoreRowImplicits.values(row)
+    case row: ReasonRow => ReasonRowImplicits.values(row)
+    case row: DbgenVersionRow => DbgenVersionRowImplicits.values(row)
+    case row: ShipModeRow => ShipModeRowImplicits.values(row)
+    case row: IncomeBandRow => IncomeBandRowImplicits.values(row)
+    case row: ItemRow => ItemRowImplicits.values(row)
+    case row: CustomerDemographicsRow => CustomerDemographicsRowImplicits.values(row)
+    case row: TimeDimRow => TimeDimRowImplicits.values(row)
+    case row: WebSiteRow => WebSiteRowImplicits.values(row)
+    case row: HouseholdDemographicsRow => HouseholdDemographicsRowImplicits.values(row)
+    case row: PromotionRow => PromotionRowImplicits.values(row)
+    case row: CatalogPageRow => CatalogPageRowImplicits.values(row)
+    case row: WebSalesRow => WebSalesRowImplicits.values(row)
+    case row: StoreSalesRow => StoreSalesRowImplicits.values(row)
+    case row: InventoryRow => InventoryRowImplicits.values(row)
+    case row: WebReturnsRow => WebReturnsRowImplicits.values(row)
+    case row: WarehouseRow => WarehouseRowImplicits.values(row)
+    case row: CustomerRow => CustomerRowImplicits.values(row)
+    case row: StoreReturnsRow => StoreReturnsRowImplicits.values(row)
+    case row: CatalogReturnsRow => CatalogReturnsRowImplicits.values(row)
+    case row: CatalogSalesRow => CatalogSalesRowImplicits.values(row)
+    case row: WebPageRow => WebPageRowImplicits.values(row)
+    case row: CallCenterRow => CallCenterRowImplicits.values(row)
+    case row: CustomerAddressRow => CustomerAddressRowImplicits.values(row)
+    case row: DateDimRow => DateDimRowImplicits.values(row)
+  }
+}
+
+object KyuubiTPCDSTableRowWithNullsUtils {
+  private lazy val isNullMethod = DynMethods.builder("isNull")
+    .hiddenImpl(
+      classOf[TableRowWithNulls],
+      classOf[GeneratorColumn])
+    .build()
+
+  private def isNull(
+      row: TableRow,
+      column: GeneratorColumn): Boolean = isNullMethod.invoke[Boolean](row, column)
+
+  def getDateOrNullFromJulianDays(
+      row: TableRow,
+      value: Long,
+      column: GeneratorColumn): Option[Long] = {
+    if (isNull(row, column) || value < 0) None else Some(value)
+  }
+
+  def getOrNullForKey(row: TableRow, value: Long, column: GeneratorColumn): Option[Long] = {
+    if (isNull(row, column) || value == -1) None else Some(value)
+  }
+
+  def getOrNull[T](row: TableRow, value: T, column: GeneratorColumn): Option[T] = {
+    if (isNull(row, column)) None else Some(value)
+  }
+
+  def getOrNullForBoolean(
+      row: TableRow,
+      value: Boolean,
+      column: GeneratorColumn): Option[Boolean] = {
+    if (isNull(row, column)) None else Some(value)
+  }
+}
diff --git a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
index f5c6563e7..0eed970a4 100644
--- a/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
+++ b/extensions/spark/kyuubi-spark-connector-tpcds/src/test/scala/org/apache/kyuubi/spark/connector/tpcds/TPCDSCatalogSuite.scala
@@ -19,6 +19,8 @@ package org.apache.kyuubi.spark.connector.tpcds
 
 import org.apache.spark.SparkConf
 import org.apache.spark.sql.{AnalysisException, SparkSession}
+import org.apache.spark.sql.functions._
+import org.apache.spark.sql.types.DataTypes
 import org.apache.spark.sql.util.CaseInsensitiveStringMap
 
 import org.apache.kyuubi.KyuubiFunSuite
@@ -77,42 +79,6 @@ class TPCDSCatalogSuite extends KyuubiFunSuite {
     }
   }
 
-  test("tpcds.tiny count") {
-    val sparkConf = new SparkConf()
-      .setMaster("local[*]")
-      .set("spark.ui.enabled", "false")
-      .set("spark.sql.catalogImplementation", "in-memory")
-      .set("spark.sql.catalog.tpcds", classOf[TPCDSCatalog].getName)
-      .set("spark.sql.cbo.enabled", "true")
-      .set("spark.sql.cbo.planStats.enabled", "true")
-    withSparkSession(SparkSession.builder.config(sparkConf).getOrCreate()) { spark =>
-      assert(spark.table("tpcds.tiny.call_center").count === 2)
-      assert(spark.table("tpcds.tiny.catalog_page").count === 11718)
-      assert(spark.table("tpcds.tiny.catalog_returns").count === 8923)
-      assert(spark.table("tpcds.tiny.catalog_sales").count === 89807)
-      assert(spark.table("tpcds.tiny.customer").count === 1000)
-      assert(spark.table("tpcds.tiny.customer_address").count === 1000)
-      assert(spark.table("tpcds.tiny.customer_demographics").count === 1920800)
-      assert(spark.table("tpcds.tiny.date_dim").count === 73049)
-      assert(spark.table("tpcds.tiny.household_demographics").count === 7200)
-      assert(spark.table("tpcds.tiny.income_band").count === 20)
-      assert(spark.table("tpcds.tiny.inventory").count === 261261)
-      assert(spark.table("tpcds.tiny.item").count === 2000)
-      assert(spark.table("tpcds.tiny.promotion").count === 3)
-      assert(spark.table("tpcds.tiny.reason").count === 1)
-      assert(spark.table("tpcds.tiny.ship_mode").count === 20)
-      assert(spark.table("tpcds.tiny.store").count === 2)
-      assert(spark.table("tpcds.tiny.store_returns").count === 11925)
-      assert(spark.table("tpcds.tiny.store_sales").count === 120527)
-      assert(spark.table("tpcds.tiny.time_dim").count === 86400)
-      assert(spark.table("tpcds.tiny.warehouse").count === 1)
-      assert(spark.table("tpcds.tiny.web_page").count === 2)
-      assert(spark.table("tpcds.tiny.web_returns").count === 1152)
-      assert(spark.table("tpcds.tiny.web_sales").count === 11876)
-      assert(spark.table("tpcds.tiny.web_site").count === 2)
-    }
-  }
-
   test("tpcds.sf1 stats") {
     val sparkConf = new SparkConf()
       .setMaster("local[*]")
@@ -174,4 +140,69 @@ class TPCDSCatalogSuite extends KyuubiFunSuite {
         || exception.message.contains("TABLE_OR_VIEW_NOT_FOUND"))
     }
   }
+
+  test("tpcds.tiny count and checksum") {
+    val sparkConf = new SparkConf()
+      .setMaster("local[*]")
+      .set("spark.ui.enabled", "false")
+      .set("spark.sql.catalogImplementation", "in-memory")
+      .set("spark.sql.catalog.tpcds", classOf[TPCDSCatalog].getName)
+      .set("spark.sql.cbo.enabled", "true")
+      .set("spark.sql.cbo.planStats.enabled", "true")
+    withSparkSession(SparkSession.builder.config(sparkConf).getOrCreate()) { spark =>
+      tableInfo.foreach {
+        case (table, (expectCount, expectChecksum)) =>
+          val (count, checksum) = countAndchecksum(spark, table)
+          assert(count == expectCount)
+          assert(checksum == expectChecksum, s"table $table")
+      }
+    }
+  }
+
+  def countAndchecksum(spark: SparkSession, tableName: String): (String, String) = {
+    val df = spark.table(tableName)
+    val cols = df.schema.map { field =>
+      concat(
+        when(col(field.name).isNull, lit('\u0000').cast("string"))
+          .otherwise(col(field.name).cast("string")),
+        lit('\u0001').cast("string"))
+    }
+
+    df.select(
+      crc32(concat(cols: _*))
+        .cast(DataTypes.createDecimalType(38, 0))
+        .as("row_checksum"))
+      .agg(
+        count("*").cast("string").as("count"),
+        sum("row_checksum").cast("string").as("checksum"))
+      .collect()
+      .map(r => (r.getString(0), r.getString(1)))
+      .head
+  }
+
+  private val tableInfo = Seq(
+    ("tpcds.tiny.call_center", ("2", "4584365911")),
+    ("tpcds.tiny.catalog_page", ("11718", "25416854987711")),
+    ("tpcds.tiny.catalog_returns", ("8923", "19045021547122")),
+    ("tpcds.tiny.catalog_sales", ("89807", "192355655243815")),
+    ("tpcds.tiny.customer", ("1000", "2120827330356")),
+    ("tpcds.tiny.customer_address", ("1000", "2161077976693")),
+    ("tpcds.tiny.customer_demographics", ("1920800", "4124183189708148")),
+    ("tpcds.tiny.date_dim", ("73049", "156926081012862")),
+    ("tpcds.tiny.household_demographics", ("7200", "15494873325812")),
+    ("tpcds.tiny.income_band", ("20", "41180951007")),
+    ("tpcds.tiny.inventory", ("261261", "561290989772724")),
+    ("tpcds.tiny.item", ("2000", "4254103006936")),
+    ("tpcds.tiny.promotion", ("3", "4984911899")),
+    ("tpcds.tiny.reason", ("1", "365440741")),
+    ("tpcds.tiny.ship_mode", ("20", "52349078860")),
+    ("tpcds.tiny.store", ("2", "2964682289")),
+    ("tpcds.tiny.store_returns", ("11925", "25400972943896")),
+    ("tpcds.tiny.store_sales", ("120527", "259296406856838")),
+    ("tpcds.tiny.time_dim", ("86400", "186045071019485")),
+    ("tpcds.tiny.warehouse", ("1", "2956768503")),
+    ("tpcds.tiny.web_page", ("2", "3215766118")),
+    ("tpcds.tiny.web_returns", ("1152", "2464383243098")),
+    ("tpcds.tiny.web_sales", ("11876", "25458905770096")),
+    ("tpcds.tiny.web_site", ("2", "3798438288")))
 }

From 90e8cf8337fa1ba357caf17376bb0b8045d26f89 Mon Sep 17 00:00:00 2001
From: wforget <643348094@qq.com>
Date: Tue, 31 Oct 2023 16:29:08 +0800
Subject: [PATCH 756/760] [KYUUBI #5489] Adjust shuffle partitions dynamically

### _Why are the changes needed?_

Usually, we can use `spark.sql.shuffle.partitions` to configure the number of shuffle partitions (or `spark.sql.adaptive.coalescePartitions.initialPartitionNum` for AQE). However, it seems difficult to find a universal value for all SQL jobs.

Although Spark AQE can dynamically merge and split partitions based on partition size, inappropriate shuffle partitions may still cause some problems:

+ When there are too few shuffle partitions, the join skew optimization threshold is large and the skew partitions will not be split.
+ When using RemoteShuffleService, an inappropriate number of shuffle partitions may result in too large partitions or too many partitions, which will lead to high pressure on the shuffle server.

So I want to provide an optimization rule to dynamically adjust the number of partitions based on the size of the input data.

Calculate the number of partitions based on input data size:

```
targetShufflePartitions = sum(scanSize|shuffleReadSize) / advisoryPartitionSizeInBytes
```

then replace the number of partitions for all `ShuffleExchangeExec` nodes.

### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5489 from wForget/dynamic_shuffle_partitions.

Closes #5489

5a2bb6c25 [wforget] only takes effect when aqe is enabled
038b7bb45 [wforget] moved behind InsertShuffleNodeBeforeJoin
7ca87d8e8 [wforget] comment
d65047fda [wforget] sum scanSizes
e4d8f33af [wforget] comments
4f0f25d8e [wforget] configurable
f77d1d648 [wforget] code style
0bf572f27 [wforget] use partition stats
8d251c3fd [wforget] Adjust shuffle partitions dynamically

Authored-by: wforget <643348094@qq.com>
Signed-off-by: ulyssesyou <ulyssesyou@apache.org>
---
 .../kyuubi/sql/DynamicShufflePartitions.scala |  98 ++++++++++++
 .../org/apache/kyuubi/sql/KyuubiSQLConf.scala |  16 ++
 .../sql/KyuubiSparkSQLCommonExtension.scala   |   1 +
 .../spark/sql/hive/HiveSparkPlanHelper.scala  |  21 +++
 .../sql/DynamicShufflePartitionsSuite.scala   | 140 ++++++++++++++++++
 5 files changed, 276 insertions(+)
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DynamicShufflePartitions.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/hive/HiveSparkPlanHelper.scala
 create mode 100644 extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DynamicShufflePartitionsSuite.scala

diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DynamicShufflePartitions.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DynamicShufflePartitions.scala
new file mode 100644
index 000000000..03d93d076
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/DynamicShufflePartitions.scala
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.sql
+
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.catalyst.plans.physical.{HashPartitioning, RangePartitioning, RoundRobinPartitioning}
+import org.apache.spark.sql.catalyst.rules.Rule
+import org.apache.spark.sql.execution.{FileSourceScanExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive.ShuffleQueryStageExec
+import org.apache.spark.sql.execution.exchange.{REPARTITION_BY_NUM, ShuffleExchangeExec, ValidateRequirements}
+import org.apache.spark.sql.hive.HiveSparkPlanHelper.HiveTableScanExec
+import org.apache.spark.sql.internal.SQLConf._
+
+import org.apache.kyuubi.sql.KyuubiSQLConf.{DYNAMIC_SHUFFLE_PARTITIONS, DYNAMIC_SHUFFLE_PARTITIONS_MAX_NUM}
+
+/**
+ * Dynamically adjust the number of shuffle partitions according to the input data size
+ */
+case class DynamicShufflePartitions(spark: SparkSession) extends Rule[SparkPlan] {
+
+  override def apply(plan: SparkPlan): SparkPlan = {
+    if (!conf.getConf(DYNAMIC_SHUFFLE_PARTITIONS) || !conf.getConf(ADAPTIVE_EXECUTION_ENABLED)) {
+      plan
+    } else {
+      val maxDynamicShufflePartitions = conf.getConf(DYNAMIC_SHUFFLE_PARTITIONS_MAX_NUM)
+
+      def collectScanSizes(plan: SparkPlan): Seq[Long] = plan match {
+        case FileSourceScanExec(relation, _, _, _, _, _, _, _, _) =>
+          Seq(relation.location.sizeInBytes)
+        case t: HiveTableScanExec =>
+          t.relation.prunedPartitions match {
+            case Some(partitions) => Seq(partitions.flatMap(_.stats).map(_.sizeInBytes.toLong).sum)
+            case None => Seq(t.relation.computeStats().sizeInBytes.toLong)
+                .filter(_ != conf.defaultSizeInBytes)
+          }
+        case stage: ShuffleQueryStageExec if stage.isMaterialized && stage.mapStats.isDefined =>
+          Seq(stage.mapStats.get.bytesByPartitionId.sum)
+        case p =>
+          p.children.flatMap(collectScanSizes)
+      }
+
+      val scanSizes = collectScanSizes(plan)
+      if (scanSizes.isEmpty) {
+        return plan
+      }
+
+      val targetSize = conf.getConf(ADVISORY_PARTITION_SIZE_IN_BYTES)
+      val targetShufflePartitions = Math.min(
+        Math.max(scanSizes.sum / targetSize + 1, conf.numShufflePartitions).toInt,
+        maxDynamicShufflePartitions)
+
+      val newPlan = plan transformUp {
+        case exchange @ ShuffleExchangeExec(outputPartitioning, _, shuffleOrigin, _)
+            if shuffleOrigin != REPARTITION_BY_NUM =>
+          val newOutPartitioning = outputPartitioning match {
+            case RoundRobinPartitioning(numPartitions)
+                if targetShufflePartitions != numPartitions =>
+              Some(RoundRobinPartitioning(targetShufflePartitions))
+            case HashPartitioning(expressions, numPartitions)
+                if targetShufflePartitions != numPartitions =>
+              Some(HashPartitioning(expressions, targetShufflePartitions))
+            case RangePartitioning(ordering, numPartitions)
+                if targetShufflePartitions != numPartitions =>
+              Some(RangePartitioning(ordering, targetShufflePartitions))
+            case _ => None
+          }
+          if (newOutPartitioning.isDefined) {
+            exchange.copy(outputPartitioning = newOutPartitioning.get)
+          } else {
+            exchange
+          }
+      }
+
+      if (ValidateRequirements.validate(newPlan)) {
+        newPlan
+      } else {
+        logInfo("DynamicShufflePartitions rule generated an invalid plan. " +
+          "Falling back to the original plan.")
+        plan
+      }
+    }
+  }
+
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
index 6f45dae12..597cb250b 100644
--- a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSQLConf.scala
@@ -273,4 +273,20 @@ object KyuubiSQLConf {
       .version("1.8.0")
       .stringConf
       .createOptional
+
+  val DYNAMIC_SHUFFLE_PARTITIONS =
+    buildConf("spark.sql.optimizer.dynamicShufflePartitions")
+      .doc("If true, adjust the number of shuffle partitions dynamically based on the job" +
+        " input size. The new number of partitions is the maximum input size" +
+        " divided by `spark.sql.adaptive.advisoryPartitionSizeInBytes`.")
+      .version("1.9.0")
+      .booleanConf
+      .createWithDefault(false)
+
+  val DYNAMIC_SHUFFLE_PARTITIONS_MAX_NUM =
+    buildConf("spark.sql.optimizer.dynamicShufflePartitions.maxNum")
+      .doc("The maximum partition number of DynamicShufflePartitions.")
+      .version("1.9.0")
+      .intConf
+      .createWithDefault(2000)
 }
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
index f39ad3cc3..ad95ac429 100644
--- a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/kyuubi/sql/KyuubiSparkSQLCommonExtension.scala
@@ -43,6 +43,7 @@ object KyuubiSparkSQLCommonExtension {
     extensions.injectPostHocResolutionRule(FinalStageConfigIsolationCleanRule)
 
     extensions.injectQueryStagePrepRule(_ => InsertShuffleNodeBeforeJoin)
+    extensions.injectQueryStagePrepRule(DynamicShufflePartitions)
 
     extensions.injectQueryStagePrepRule(FinalStageConfigIsolation(_))
   }
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/hive/HiveSparkPlanHelper.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/hive/HiveSparkPlanHelper.scala
new file mode 100644
index 000000000..aa9a04596
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/main/scala/org/apache/spark/sql/hive/HiveSparkPlanHelper.scala
@@ -0,0 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql.hive
+
+object HiveSparkPlanHelper {
+  type HiveTableScanExec = org.apache.spark.sql.hive.execution.HiveTableScanExec
+}
diff --git a/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DynamicShufflePartitionsSuite.scala b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DynamicShufflePartitionsSuite.scala
new file mode 100644
index 000000000..6668675a5
--- /dev/null
+++ b/extensions/spark/kyuubi-extension-spark-3-5/src/test/scala/org/apache/spark/sql/DynamicShufflePartitionsSuite.scala
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.sql
+
+import org.apache.spark.sql.execution.{CommandResultExec, SparkPlan}
+import org.apache.spark.sql.execution.adaptive.{AdaptiveSparkPlanExec, ShuffleQueryStageExec}
+import org.apache.spark.sql.execution.exchange.{ENSURE_REQUIREMENTS, ShuffleExchangeExec}
+import org.apache.spark.sql.hive.HiveUtils.CONVERT_METASTORE_PARQUET
+import org.apache.spark.sql.internal.SQLConf._
+
+import org.apache.kyuubi.sql.KyuubiSQLConf.{DYNAMIC_SHUFFLE_PARTITIONS, DYNAMIC_SHUFFLE_PARTITIONS_MAX_NUM}
+
+class DynamicShufflePartitionsSuite extends KyuubiSparkSQLExtensionTest {
+
+  override protected def beforeAll(): Unit = {
+    super.beforeAll()
+    setupData()
+  }
+
+  test("test dynamic shuffle partitions") {
+    def collectExchanges(plan: SparkPlan): Seq[ShuffleExchangeExec] = {
+      plan match {
+        case p: CommandResultExec => collectExchanges(p.commandPhysicalPlan)
+        case p: AdaptiveSparkPlanExec => collectExchanges(p.finalPhysicalPlan)
+        case p: ShuffleQueryStageExec => collectExchanges(p.plan)
+        case p: ShuffleExchangeExec => p +: collectExchanges(p.child)
+        case p => p.children.flatMap(collectExchanges)
+      }
+    }
+
+    // datasource scan
+    withTable("table1", "table2", "table3") {
+      sql("create table table1 stored as parquet as select c1, c2 from t1")
+      sql("create table table2 stored as parquet as select c1, c2 from t2")
+      sql("create table table3 (c1 int, c2 string) stored as parquet")
+      sql("ANALYZE TABLE table1 COMPUTE STATISTICS")
+      sql("ANALYZE TABLE table2 COMPUTE STATISTICS")
+
+      val initialPartitionNum: Int = 2
+      Seq(false, true).foreach { dynamicShufflePartitions =>
+        val maxDynamicShufflePartitions = if (dynamicShufflePartitions) {
+          Seq(8, 2000)
+        } else {
+          Seq(2000)
+        }
+        maxDynamicShufflePartitions.foreach { maxDynamicShufflePartitionNum =>
+          withSQLConf(
+            DYNAMIC_SHUFFLE_PARTITIONS.key -> dynamicShufflePartitions.toString,
+            DYNAMIC_SHUFFLE_PARTITIONS_MAX_NUM.key -> maxDynamicShufflePartitionNum.toString,
+            AUTO_BROADCASTJOIN_THRESHOLD.key -> "-1",
+            COALESCE_PARTITIONS_INITIAL_PARTITION_NUM.key -> initialPartitionNum.toString,
+            ADVISORY_PARTITION_SIZE_IN_BYTES.key -> "500") {
+            val df = sql("insert overwrite table3 " +
+              " select a.c1 as c1, b.c2 as c2 from table1 a join table2 b on a.c1 = b.c1")
+
+            val exchanges = collectExchanges(df.queryExecution.executedPlan)
+            val (joinExchanges, rebalanceExchanges) = exchanges
+              .partition(_.shuffleOrigin == ENSURE_REQUIREMENTS)
+            // table scan size: 7369 3287
+            assert(joinExchanges.size == 2)
+            if (dynamicShufflePartitions) {
+              joinExchanges.foreach(e =>
+                assert(e.outputPartitioning.numPartitions
+                  == Math.min(22, maxDynamicShufflePartitionNum)))
+            } else {
+              joinExchanges.foreach(e =>
+                assert(e.outputPartitioning.numPartitions == initialPartitionNum))
+            }
+
+            assert(rebalanceExchanges.size == 1)
+            if (dynamicShufflePartitions) {
+              if (maxDynamicShufflePartitionNum == 8) {
+                // shuffle query size: 1424 451
+                assert(rebalanceExchanges.head.outputPartitioning.numPartitions ==
+                  Math.min(4, maxDynamicShufflePartitionNum))
+              } else {
+                // shuffle query size: 2057 664
+                assert(rebalanceExchanges.head.outputPartitioning.numPartitions ==
+                  Math.min(6, maxDynamicShufflePartitionNum))
+              }
+            } else {
+              assert(
+                rebalanceExchanges.head.outputPartitioning.numPartitions == initialPartitionNum)
+            }
+          }
+
+          // hive table scan
+          withSQLConf(
+            DYNAMIC_SHUFFLE_PARTITIONS.key -> dynamicShufflePartitions.toString,
+            DYNAMIC_SHUFFLE_PARTITIONS_MAX_NUM.key -> maxDynamicShufflePartitionNum.toString,
+            AUTO_BROADCASTJOIN_THRESHOLD.key -> "-1",
+            COALESCE_PARTITIONS_INITIAL_PARTITION_NUM.key -> initialPartitionNum.toString,
+            ADVISORY_PARTITION_SIZE_IN_BYTES.key -> "500",
+            CONVERT_METASTORE_PARQUET.key -> "false") {
+            val df = sql("insert overwrite table3 " +
+              " select a.c1 as c1, b.c2 as c2 from table1 a join table2 b on a.c1 = b.c1")
+
+            val exchanges = collectExchanges(df.queryExecution.executedPlan)
+            val (joinExchanges, rebalanceExchanges) = exchanges
+              .partition(_.shuffleOrigin == ENSURE_REQUIREMENTS)
+            // table scan size: 7369 3287
+            assert(joinExchanges.size == 2)
+            if (dynamicShufflePartitions) {
+              joinExchanges.foreach(e =>
+                assert(e.outputPartitioning.numPartitions ==
+                  Math.min(22, maxDynamicShufflePartitionNum)))
+            } else {
+              joinExchanges.foreach(e =>
+                assert(e.outputPartitioning.numPartitions == initialPartitionNum))
+            }
+            // shuffle query size: 5154 720
+            assert(rebalanceExchanges.size == 1)
+            if (dynamicShufflePartitions) {
+              assert(rebalanceExchanges.head.outputPartitioning.numPartitions
+                == Math.min(12, maxDynamicShufflePartitionNum))
+            } else {
+              assert(rebalanceExchanges.head.outputPartitioning.numPartitions ==
+                initialPartitionNum)
+            }
+          }
+        }
+      }
+    }
+  }
+
+}

From 9be2a9c508882d81d99e736a814bce457f2082b5 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 31 Oct 2023 16:35:31 +0800
Subject: [PATCH 757/760] [KYUUBI #5503][FOLLOWUP][AUTHZ] Authz should skip
 inner plan that have been verified

### _Why are the changes needed?_
To close #5503
For sql such as lateral join in test `[KYUUBI #5503][AUTHZ] Check plan auth checked should not set tag to all child nodes`, it will first verify subquery in `lateral` then verify whole plan, if there is a view, when verify the whole plan, the `PermanentViewMarker` will be remove by spark's optimizer.
Then it will verify both source table `table1` and `table2`.
So I think we need to do 3 things:

1. Mark all PermanentViewMarker's children's all nodes as checked and Subquery's all child marks as checked.
2. `isAuthChecked` should only check the first level of the plan to avoid skipping the check of the whole plan in the demo test
3. in `buildQuery`, if the current node has the tag, we just skip it.

Without this pr, the SQL in test will both check `table1` and `table2`

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5563 from AngersZhuuuu/KYUUBI-5503-FOLLOWUP.

Closes #5503

c1a427f58 [Angerszhuuuu] Update Authorization.scala
d6b2899db [Angerszhuuuu] update
633bc91e0 [Angerszhuuuu] Update Authorization.scala
7a006b136 [Angerszhuuuu] [KYUUBI #5503][FOLLOWUP][AUTHZ] Authz should skip inner plan that have been verified

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../spark/authz/PrivilegesBuilder.scala       |  3 +
 .../spark/authz/rule/Authorization.scala      | 29 ++++---
 .../authz/gen/PolicyJsonFileGenerator.scala   | 13 ++++
 .../test/resources/sparkSql_hive_jenkins.json | 77 +++++++++++++++----
 .../spark/authz/RangerTestResources.scala     |  1 +
 .../ranger/RangerSparkExtensionSuite.scala    | 42 +++++++++-
 6 files changed, 137 insertions(+), 28 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 07ed71011..833499280 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -26,6 +26,7 @@ import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
+import org.apache.kyuubi.plugin.spark.authz.rule.Authorization.KYUUBI_AUTHZ_TAG
 import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
@@ -80,6 +81,8 @@ object PrivilegesBuilder {
     }
 
     plan match {
+      case p if p.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty =>
+
       case p: Project => buildQuery(p.child, privilegeObjects, p.projectList, conditionList, spark)
 
       case j: Join =>
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala
index db50873b3..6c7d0afa6 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/Authorization.scala
@@ -18,7 +18,7 @@
 package org.apache.kyuubi.plugin.spark.authz.rule
 
 import org.apache.spark.sql.SparkSession
-import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Subquery}
 import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.catalyst.trees.TreeNodeTag
 
@@ -42,20 +42,27 @@ object Authorization {
 
   val KYUUBI_AUTHZ_TAG = TreeNodeTag[Unit]("__KYUUBI_AUTHZ_TAG")
 
+  private def markAllNodesAuthChecked(plan: LogicalPlan): LogicalPlan = {
+    plan.transformDown { case p =>
+      p.setTagValue(KYUUBI_AUTHZ_TAG, ())
+      p
+    }
+  }
+
   protected def markAuthChecked(plan: LogicalPlan): LogicalPlan = {
-    plan match {
-      case _: PermanentViewMarker =>
-        plan.transformUp { case p =>
-          p.setTagValue(KYUUBI_AUTHZ_TAG, ())
-          p
-        }
-      case _ =>
-        plan.setTagValue(KYUUBI_AUTHZ_TAG, ())
+    plan.setTagValue(KYUUBI_AUTHZ_TAG, ())
+    plan transformDown {
+      case pvm: PermanentViewMarker =>
+        markAllNodesAuthChecked(pvm)
+      case subquery: Subquery =>
+        markAllNodesAuthChecked(subquery)
     }
-    plan
   }
 
   protected def isAuthChecked(plan: LogicalPlan): Boolean = {
-    plan.find(_.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty).nonEmpty
+    plan match {
+      case subquery: Subquery => isAuthChecked(subquery.child)
+      case p => p.getTagValue(KYUUBI_AUTHZ_TAG).nonEmpty
+    }
   }
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
index 7faddd0c7..7996c8ecc 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/gen/scala/org/apache/kyuubi/plugin/spark/authz/gen/PolicyJsonFileGenerator.scala
@@ -108,6 +108,7 @@ class PolicyJsonFileGenerator extends AnyFunSuite {
       policyAccessForDefaultBobUse,
       policyAccessForDefaultBobSelect,
       policyAccessForPermViewAccessOnly,
+      policyAccessForTable2AccessOnly,
       // row filter
       policyFilterForSrcTableKeyLessThan20,
       policyFilterForPermViewKeyLessThan20,
@@ -345,4 +346,16 @@ class PolicyJsonFileGenerator extends AnyFunSuite {
         users = List(permViewOnlyUser),
         accesses = allowTypes(select),
         delegateAdmin = true)))
+
+  private val policyAccessForTable2AccessOnly = KRangerPolicy(
+    name = "someone_access_table2",
+    resources = Map(
+      databaseRes(defaultDb),
+      tableRes("table2"),
+      allColumnRes),
+    policyItems = List(
+      KRangerPolicyItem(
+        users = List(table2OnlyUser),
+        accesses = allowTypes(select),
+        delegateAdmin = true)))
 }
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
index 6c160d321..76d8c788a 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
+++ b/extensions/spark/kyuubi-spark-authz/src/test/resources/sparkSql_hive_jenkins.json
@@ -544,6 +544,55 @@
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
+    "name" : "someone_access_table2",
+    "policyType" : 0,
+    "policyPriority" : 0,
+    "description" : "",
+    "isAuditEnabled" : true,
+    "resources" : {
+      "database" : {
+        "values" : [ "default" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      },
+      "column" : {
+        "values" : [ "*" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      },
+      "table" : {
+        "values" : [ "table2" ],
+        "isExcludes" : false,
+        "isRecursive" : false
+      }
+    },
+    "conditions" : [ ],
+    "policyItems" : [ {
+      "accesses" : [ {
+        "type" : "select",
+        "isAllowed" : true
+      } ],
+      "users" : [ "user_table2_only" ],
+      "groups" : [ ],
+      "roles" : [ ],
+      "conditions" : [ ],
+      "delegateAdmin" : true
+    } ],
+    "denyPolicyItems" : [ ],
+    "allowExceptions" : [ ],
+    "denyExceptions" : [ ],
+    "dataMaskPolicyItems" : [ ],
+    "rowFilterPolicyItems" : [ ],
+    "options" : { },
+    "validitySchedules" : [ ],
+    "policyLabels" : [ ],
+    "isDenyAllElse" : false
+  }, {
+    "id" : 9,
+    "guid" : "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26",
+    "isEnabled" : true,
+    "version" : 1,
+    "service" : "hive_jenkins",
     "name" : "src_key_less_than_20",
     "policyType" : 2,
     "policyPriority" : 0,
@@ -586,8 +635,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 9,
-    "guid" : "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26",
+    "id" : 10,
+    "guid" : "d3d94468-02a4-3259-b55d-38e6d163e820",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -633,8 +682,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 10,
-    "guid" : "d3d94468-02a4-3259-b55d-38e6d163e820",
+    "id" : 11,
+    "guid" : "6512bd43-d9ca-36e0-ac99-0b0a82652dca",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -685,8 +734,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 11,
-    "guid" : "6512bd43-d9ca-36e0-ac99-0b0a82652dca",
+    "id" : 12,
+    "guid" : "c20ad4d7-6fe9-3759-aa27-a0c99bff6710",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -737,8 +786,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 12,
-    "guid" : "c20ad4d7-6fe9-3759-aa27-a0c99bff6710",
+    "id" : 13,
+    "guid" : "c51ce410-c124-310e-8db5-e4b97fc2af39",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -789,8 +838,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 13,
-    "guid" : "c51ce410-c124-310e-8db5-e4b97fc2af39",
+    "id" : 14,
+    "guid" : "aab32389-22bc-325a-af60-6eb525ffdc56",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -841,8 +890,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 14,
-    "guid" : "aab32389-22bc-325a-af60-6eb525ffdc56",
+    "id" : 15,
+    "guid" : "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
@@ -893,8 +942,8 @@
     "policyLabels" : [ ],
     "isDenyAllElse" : false
   }, {
-    "id" : 15,
-    "guid" : "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3",
+    "id" : 16,
+    "guid" : "c74d97b0-1eae-357e-84aa-9d5bade97baf",
     "isEnabled" : true,
     "version" : 1,
     "service" : "hive_jenkins",
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
index 468c2c50b..4f870d504 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/RangerTestResources.scala
@@ -28,6 +28,7 @@ object RangerTestUsers {
   val createOnlyUser = "create_only_user"
   val defaultTableOwner = "default_table_owner"
   val permViewOnlyUser = "user_perm_view_only"
+  val table2OnlyUser = "user_table2_only"
 
   // non-authorized users
   val invisibleUser = "i_am_invisible"
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 672d7208f..d3f190687 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -957,12 +957,17 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
     assume(isSparkV32OrGreater, "Spark 3.1 not support lateral subquery.")
     val db1 = defaultDb
     val table1 = "table1"
+    val table2 = "table2"
     val perm_view = "perm_view"
     withSingleCallEnabled {
       withCleanTmpResources(
-        Seq((s"$db1.$table1", "table"), (s"$db1.$perm_view", "view"))) {
+        Seq(
+          (s"$db1.$table1", "table"),
+          (s"$db1.$table2", "table"),
+          (s"$db1.$perm_view", "view"))) {
         doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
-        doAs(admin, sql(s"CREATE VIEW $db1.$perm_view AS SELECT * FROM $db1.$table1"))
+        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table2 (id int, scope int)"))
+        doAs(admin, sql(s"CREATE VIEW $db1.$perm_view AS SELECT * FROM $db1.$table2"))
         interceptContains[AccessControlException](
           doAs(
             someone,
@@ -992,7 +997,38 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
                  |)
                  |""".stripMargin).show()))(
           s"does not have [select] privilege on " +
-            s"[$db1/$table1/id,$db1/$table1/scope]")
+            s"[$db1/$table1/id]")
+
+        interceptContains[AccessControlException](
+          doAs(
+            someone,
+            sql(
+              s"""
+                 |SELECT t1.id
+                 |FROM $db1.$table1 t1,
+                 |LATERAL (
+                 |  SELECT *
+                 |  FROM $db1.$table2 t2
+                 |  WHERE t1.id = t2.id
+                 |)
+                 |""".stripMargin).show()))(
+          s"does not have [select] privilege on " +
+            s"[$db1/$table2/id,$db1/$table2/scope]")
+        interceptContains[AccessControlException](
+          doAs(
+            table2OnlyUser,
+            sql(
+              s"""
+                 |SELECT t1.id
+                 |FROM $db1.$table1 t1,
+                 |LATERAL (
+                 |  SELECT *
+                 |  FROM $db1.$table2 t2
+                 |  WHERE t1.id = t2.id
+                 |)
+                 |""".stripMargin).show()))(
+          s"does not have [select] privilege on " +
+            s"[$db1/$table1/id]")
       }
     }
   }

From 058d3ee08427fd4c57c088b92124d245c1dd85d5 Mon Sep 17 00:00:00 2001
From: Angerszhuuuu <angers.zhu@gmail.com>
Date: Tue, 31 Oct 2023 17:09:08 +0800
Subject: [PATCH 758/760] [KYUUBI #5576][Bug] Fix wrong code in test case of
 dir command

### _Why are the changes needed?_
To close #5575
 Fix wrong code in test case of dir command

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

### _Was this patch authored or co-authored using generative AI tooling?_
No

Closes #5577 from AngersZhuuuu/KYUUBI-5576.

Closes #5576

60e2cb817 [Angerszhuuuu] [KYUUBI #5576][Bug] Fix wrong code in test case of dir command

Authored-by: Angerszhuuuu <angers.zhu@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 54b91eb28..696777441 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -1450,7 +1450,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val directory = File(tableDirectory).createDirectory()
     val plan = sql(
       s"""
-         |INSERT OVERWRITE DIRECTORY '$directory.path'
+         |INSERT OVERWRITE DIRECTORY '${directory.path}'
          |USING parquet
          |SELECT * FROM $reusedPartTable""".stripMargin)
       .queryExecution.analyzed
@@ -1574,7 +1574,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val directory = File(tableDirectory).createDirectory()
     val plan = sql(
       s"""
-         |INSERT OVERWRITE DIRECTORY '$directory.path'
+         |INSERT OVERWRITE DIRECTORY '${directory.path}'
          |USING parquet
          |SELECT * FROM $reusedPartTable""".stripMargin)
       .queryExecution.analyzed
@@ -1599,7 +1599,7 @@ class HiveCatalogPrivilegeBuilderSuite extends PrivilegesBuilderSuite {
     val directory = File(tableDirectory).createDirectory()
     val plan = sql(
       s"""
-         |INSERT OVERWRITE DIRECTORY '$directory.path'
+         |INSERT OVERWRITE DIRECTORY '${directory.path}'
          |ROW FORMAT DELIMITED FIELDS TERMINATED BY ','
          |SELECT * FROM $reusedPartTable""".stripMargin)
       .queryExecution.analyzed

From 591250c8ff47af8e2a665cc4086cb0fa4c29b609 Mon Sep 17 00:00:00 2001
From: zwangsheng <binjieyang@apache.org>
Date: Tue, 31 Oct 2023 17:48:30 +0800
Subject: [PATCH 759/760] [KYUUBI #5573] Delete parts of the Kyuubi Web UI that
 are not useful
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

As title and make Web UI more clean.

And as Contact Us page and Overview page will do refactor later, so remain these.

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

![截屏2023-10-31 15 30 37](https://github.com/apache/kyuubi/assets/52876270/443feaf5-2d9a-4683-9214-6b7f5b5769cd)

### _Was this patch authored or co-authored using generative AI tooling?_

No

Closes #5574 from zwangsheng/KYUUBI#5573.

Closes #5573

462f9f662 [zwangsheng] fix comments
d32101055 [zwangsheng] [KYUUBI #5573][Improvement] Delete parts of the Kyuubi Web UI that are not useful

Authored-by: zwangsheng <binjieyang@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
---
 .../src/layout/components/aside/types.ts      | 47 -------------------
 .../web-ui/src/router/contact/index.ts        | 26 ----------
 kyuubi-server/web-ui/src/router/index.ts      |  6 ---
 .../web-ui/src/router/operation/index.ts      | 31 ------------
 .../web-ui/src/router/workload/index.ts       | 41 ----------------
 .../views/operation/completedJobs/index.vue   | 29 ------------
 .../src/views/operation/runningJobs/index.vue | 29 ------------
 .../src/views/workload/analysis/index.vue     | 29 ------------
 .../web-ui/src/views/workload/query/index.vue | 29 ------------
 .../web-ui/src/views/workload/queue/index.vue | 29 ------------
 .../src/views/workload/session/index.vue      | 29 ------------
 11 files changed, 325 deletions(-)
 delete mode 100644 kyuubi-server/web-ui/src/router/contact/index.ts
 delete mode 100644 kyuubi-server/web-ui/src/router/operation/index.ts
 delete mode 100644 kyuubi-server/web-ui/src/router/workload/index.ts
 delete mode 100644 kyuubi-server/web-ui/src/views/operation/completedJobs/index.vue
 delete mode 100644 kyuubi-server/web-ui/src/views/operation/runningJobs/index.vue
 delete mode 100644 kyuubi-server/web-ui/src/views/workload/analysis/index.vue
 delete mode 100644 kyuubi-server/web-ui/src/views/workload/query/index.vue
 delete mode 100644 kyuubi-server/web-ui/src/views/workload/queue/index.vue
 delete mode 100644 kyuubi-server/web-ui/src/views/workload/session/index.vue

diff --git a/kyuubi-server/web-ui/src/layout/components/aside/types.ts b/kyuubi-server/web-ui/src/layout/components/aside/types.ts
index a7e495e18..1a6461634 100644
--- a/kyuubi-server/web-ui/src/layout/components/aside/types.ts
+++ b/kyuubi-server/web-ui/src/layout/components/aside/types.ts
@@ -43,58 +43,11 @@ export const MENUS = [
       }
     ]
   },
-  {
-    label: 'Workload',
-    icon: 'List',
-    children: [
-      {
-        label: 'Analysis',
-        icon: 'VideoPlay',
-        router: '/workload/analysis'
-      },
-      {
-        label: 'Queue',
-        icon: 'Select',
-        router: '/workload/queue'
-      },
-      {
-        label: 'Session',
-        icon: 'Select',
-        router: '/workload/session'
-      },
-      {
-        label: 'Query',
-        icon: 'Select',
-        router: '/workload/query'
-      }
-    ]
-  },
-  {
-    label: 'Operation',
-    icon: 'List',
-    children: [
-      {
-        label: 'Running Jobs',
-        icon: 'VideoPlay',
-        router: '/operation/runningJobs'
-      },
-      {
-        label: 'Completed Jobs',
-        icon: 'Select',
-        router: '/operation/completedJobs'
-      }
-    ]
-  },
   {
     label: 'Swagger',
     icon: 'List',
     router: '/swagger'
   },
-  {
-    label: 'Contact Us',
-    icon: 'PhoneFilled',
-    router: '/contact'
-  },
   {
     label: 'SQL Lab',
     icon: 'Cpu',
diff --git a/kyuubi-server/web-ui/src/router/contact/index.ts b/kyuubi-server/web-ui/src/router/contact/index.ts
deleted file mode 100644
index a83c653ec..000000000
--- a/kyuubi-server/web-ui/src/router/contact/index.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-const routes = [
-  {
-    path: '/contact',
-    name: 'contact',
-    component: () => import('@/views/contact/index.vue')
-  }
-]
-
-export default routes
diff --git a/kyuubi-server/web-ui/src/router/index.ts b/kyuubi-server/web-ui/src/router/index.ts
index c59c5f28c..9df39574f 100644
--- a/kyuubi-server/web-ui/src/router/index.ts
+++ b/kyuubi-server/web-ui/src/router/index.ts
@@ -17,9 +17,6 @@
 
 import { createRouter, createWebHistory } from 'vue-router'
 import overviewRoutes from './overview'
-import workloadRoutes from './workload'
-import operationRoutes from './operation'
-import contactRoutes from './contact'
 import managementRoutes from './management'
 import detailRoutes from './detail'
 import swaggerRoutes from './swagger'
@@ -40,12 +37,9 @@ const routes = [
     redirect: 'overview',
     children: [
       ...overviewRoutes,
-      ...workloadRoutes,
-      ...operationRoutes,
       ...managementRoutes,
       ...detailRoutes,
       ...swaggerRoutes,
-      ...contactRoutes,
       ...labRoutes
     ]
   }
diff --git a/kyuubi-server/web-ui/src/router/operation/index.ts b/kyuubi-server/web-ui/src/router/operation/index.ts
deleted file mode 100644
index 03ba4c285..000000000
--- a/kyuubi-server/web-ui/src/router/operation/index.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-const routes = [
-  {
-    path: '/operation/runningJobs',
-    name: 'operation-runningJobs',
-    component: () => import('@/views/operation/runningJobs/index.vue')
-  },
-  {
-    path: '/operation/completedJobs',
-    name: 'operation-completedJobs',
-    component: () => import('@/views/operation/completedJobs/index.vue')
-  }
-]
-
-export default routes
diff --git a/kyuubi-server/web-ui/src/router/workload/index.ts b/kyuubi-server/web-ui/src/router/workload/index.ts
deleted file mode 100644
index 7d7b91a47..000000000
--- a/kyuubi-server/web-ui/src/router/workload/index.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-const routes = [
-  {
-    path: '/workload/analysis',
-    name: 'workload-analysis',
-    component: () => import('@/views/workload/analysis/index.vue')
-  },
-  {
-    path: '/workload/queue',
-    name: 'workload-queue',
-    component: () => import('@/views/workload/queue/index.vue')
-  },
-  {
-    path: '/workload/session',
-    name: 'workload-session',
-    component: () => import('@/views/workload/session/index.vue')
-  },
-  {
-    path: '/workload/query',
-    name: 'workload-query',
-    component: () => import('@/views/workload/query/index.vue')
-  }
-]
-
-export default routes
diff --git a/kyuubi-server/web-ui/src/views/operation/completedJobs/index.vue b/kyuubi-server/web-ui/src/views/operation/completedJobs/index.vue
deleted file mode 100644
index 7b587c4fa..000000000
--- a/kyuubi-server/web-ui/src/views/operation/completedJobs/index.vue
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements.  See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership.  The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License.  You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
--->
-
-<template>
-  <main>Completed jobs page</main>
-</template>
-
-<script lang="ts">
-  export default {
-    name: 'OperationCompletedJobsIndex'
-  }
-</script>
-
-<style scoped></style>
diff --git a/kyuubi-server/web-ui/src/views/operation/runningJobs/index.vue b/kyuubi-server/web-ui/src/views/operation/runningJobs/index.vue
deleted file mode 100644
index 030b48ae9..000000000
--- a/kyuubi-server/web-ui/src/views/operation/runningJobs/index.vue
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements.  See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership.  The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License.  You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
--->
-
-<template>
-  <main>Running jobs page</main>
-</template>
-
-<script lang="ts">
-  export default {
-    name: 'OperationRunningJobsIndex'
-  }
-</script>
-
-<style scoped></style>
diff --git a/kyuubi-server/web-ui/src/views/workload/analysis/index.vue b/kyuubi-server/web-ui/src/views/workload/analysis/index.vue
deleted file mode 100644
index 31b42d46e..000000000
--- a/kyuubi-server/web-ui/src/views/workload/analysis/index.vue
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements.  See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership.  The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License.  You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
--->
-
-<template>
-  <main>Analysis page</main>
-</template>
-
-<script lang="ts">
-  export default {
-    name: 'WorkloadAnalysisIndex'
-  }
-</script>
-
-<style scoped></style>
diff --git a/kyuubi-server/web-ui/src/views/workload/query/index.vue b/kyuubi-server/web-ui/src/views/workload/query/index.vue
deleted file mode 100644
index 45d0cd91b..000000000
--- a/kyuubi-server/web-ui/src/views/workload/query/index.vue
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements.  See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership.  The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License.  You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
--->
-
-<template>
-  <main>Query page</main>
-</template>
-
-<script lang="ts">
-  export default {
-    name: 'WorkloadQueryIndex'
-  }
-</script>
-
-<style scoped></style>
diff --git a/kyuubi-server/web-ui/src/views/workload/queue/index.vue b/kyuubi-server/web-ui/src/views/workload/queue/index.vue
deleted file mode 100644
index bbeb8e985..000000000
--- a/kyuubi-server/web-ui/src/views/workload/queue/index.vue
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements.  See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership.  The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License.  You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
--->
-
-<template>
-  <main>Queue page</main>
-</template>
-
-<script lang="ts">
-  export default {
-    name: 'WorkloadQueueIndex'
-  }
-</script>
-
-<style scoped></style>
diff --git a/kyuubi-server/web-ui/src/views/workload/session/index.vue b/kyuubi-server/web-ui/src/views/workload/session/index.vue
deleted file mode 100644
index bd4ec51d5..000000000
--- a/kyuubi-server/web-ui/src/views/workload/session/index.vue
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements.  See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership.  The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License.  You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
--->
-
-<template>
-  <main>Session page</main>
-</template>
-
-<script lang="ts">
-  export default {
-    name: 'WorkloadSessionIndex'
-  }
-</script>
-
-<style scoped></style>

From d92f0196c4fb7a2342abc9aa12684302292a8890 Mon Sep 17 00:00:00 2001
From: Alex Wiss-Wolferding <alex@nousot.com>
Date: Tue, 31 Oct 2023 12:43:39 -0500
Subject: [PATCH 760/760] Updating version to 1.9.0.

---
 .github/workflows/publish-snapshot-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish-snapshot-docker.yml b/.github/workflows/publish-snapshot-docker.yml
index e05555609..44197d92b 100644
--- a/.github/workflows/publish-snapshot-docker.yml
+++ b/.github/workflows/publish-snapshot-docker.yml
@@ -61,4 +61,4 @@ jobs:
             REPO_NAME: ndap/kyuubi
         run: |
           aws ecr describe-repositories --repository-names ${REPO_NAME} || aws ecr create-repository --repository-name ${REPO_NAME}
-          docker push $ECR_REGISTRY/$REPO_NAME:1.7.0-spark${{ matrix.spark-version }}
+          docker push $ECR_REGISTRY/$REPO_NAME:1.9.0-spark${{ matrix.spark-version }}